Commit Graph

18462 Commits

Author SHA1 Message Date
Amitkumar Karwar 3c59e328eb mwifiex: fix memory leak issue for sdio and pcie cards
When driver is failed to load, card pointer doesn't get
freed. We will free it in cleanup handler which is called
in failure as well as unload path.
Also, update drvdata in init/cleanup handlers instead of
register/unregister handlers.

Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-11-15 14:29:32 -05:00
Amitkumar Karwar 98a4635bba mwifiex: fix potential mem leak in .del_virtual_intf
1) Currently we freeing wdev for each interface in driver unload
path. We may leak memory if user have already deleted an interface.
mwifiex_add_virtual_intf() allocates wdev structure. So it should
be freed in mwifiex_del_virtual_intf().
This will make sure that wdev will be freed when user deletes an
interface and also in unload path.
2) "priv->netdev->ieee80211_ptr" should also be cleared in
mwifiex_del_virtual_intf.

Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-11-15 14:29:31 -05:00
Amitkumar Karwar d1af2943da mwifiex: fix NULL pointer dereference in mwifiex_fw_dpc
We don't need to free/unregister wiphy when
mwifiex_register_cfg80211() fails. The routine internally takes
care of it. This redundant code can cause NULL pointer dereference,
for adapter->wiphy.

Reported-by: Ujjal Roy <royujjal@gmail.com>
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-11-15 14:29:31 -05:00
Amitkumar Karwar bec568ff51 mwifiex: failure path handling in mwifiex_add_virtual_intf()
1) If register_netdevice() is failed, we are freeing netdev
pointer, but priv->netdev is not cleared. This gives kernel
paging request error when driver is unloaded or interface is
deleted. Fix the problem by clearing the pointer.
2) Fix memory leak issue by freeing 'wdev' in failure paths.
Also, clear priv->wdev pointer.

As mwifiex_add_virtual_intf() successfully handles the
failure conditions, redundant code under err_add_intf label
is removed in this patch.

Reported-by: Ujjal Roy <royujjal@gmail.com>
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-11-15 14:29:31 -05:00
Amitkumar Karwar 68b76e99d1 mwifiex: use return value of mwifiex_add_virtual_intf() correctly
mwifiex_add_virtual_intf() returns ERR_PTR values. So use IS_ERR()
macro instead of checking for NULL pointer.

Reported-by: Ujjal Roy <royujjal@gmail.com>
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-11-15 14:29:30 -05:00
Felix Fietkau b4089d6d8e rt2x00: fix a crash bug in the HT descriptor handling fix
Commit "rt2x00: fix HT TX descriptor settings regression"
assumes that the control parameter to rt2x00mac_tx is always non-NULL.
There is an internal call in rt2x00lib_bc_buffer_iter where NULL is
passed. Fix the resulting crash by adding an initialized dummy on-stack
ieee80211_tx_control struct.

Cc: stable@vger.kernel.org # 3.7+
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Acked-by: Gertjan van Wingerde <gwingerde@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-11-15 14:29:30 -05:00
Sujith Manoharan 6fcbe538be ath9k: Fix issue with MCS15
On some boards which are based on AR9300, AR9580 or
AR9550, MCS15 usage is problematic.

This is because these boards use a "frequency doubler",
which doubles the refclk to get better EVM, but causes
spurs. Handle this properly in the driver to recover
throughput.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-11-15 14:27:26 -05:00
Sujith Manoharan c7ce155bf8 ath9k: Update AR9462 2.1 initvals
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-11-15 14:27:26 -05:00
Luis R. Rodriguez 3e850edd58 ath: fix dynamic user regulatory settings
A world regulatory domain check was in place that
prevents user dynamic regulatory hints from being
processed. This was there for historical reasons
as this was only possible previously for world
roaming cards and dynamic regulatory settings was
only possible for country IEs. Fix this by enforcing
the world regulatory domain check only for when the
initiator is a country IE. Support for dynamic user
regulatory support is already checked.

Signed-off-by: Luis R. Rodriguez <mcgrof@do-not-panic.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-11-15 14:27:25 -05:00
Dan Williams 8e3ffa4710 prism54: set netdev type to "wlan"
Userspace uses the netdev devtype for stuff like device naming and type
detection.  Be nice and set it.  Remove the pointless #if/#endif around
SET_NETDEV_DEV too.

Signed-off-by: Dan Williams <dcbw@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-11-11 14:47:46 -05:00
Dan Carpenter 95b48c2cda wcn36xx: missing unlocks on error paths
There are several places which are missing unlocks.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-11-11 14:47:46 -05:00
Wei Yongjun 1221c25a33 wcn36xx: Add missing unlock before return
Add the missing unlock before return from function
wcn36xx_smd_update_proberesp_tmpl() in the error handling case.

Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-11-11 14:47:45 -05:00
Sujith Manoharan 2d22c7dded ath9k: Use correct PCIE initvals for AR9485
Currently, the PLL is turned off for AR9485 when
switching to a low power state, but AR9485 has an issue
where the card will become unresponsive if left idle
for a long time without any traffic. To fix this,
force the PLL to always be on using a different initval
array, ar9485_1_1_pll_on_cdr_on_clkreq_disable_L1.

This is done for most of the AR9485 based cards
like HB125, WB225 etc. but certain models require the
feature to be turned off. Identify such cards and use
default values for them.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-11-11 14:47:45 -05:00
Dan Carpenter 876efcf05c wcn36xx: harmless memory corruption bug in debugfs
On 64 bit systems we write past the end of the arg[] array.

Fixes: 8e84c25821 ('wcn36xx: mac80211 driver for Qualcomm WCN3660/WCN3680 hardware')
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-11-11 14:42:46 -05:00
Ujjal Roy 8d93f1f309 mwifiex: fix wrong eth_hdr usage for bridged packets in AP mode
The eth_hdr is never defined in this driver but it gets compiled
without any warning/error because kernel has defined eth_hdr.

Fix it by defining our own p_ethhdr and use it instead of eth_hdr.

Cc: <stable@vger.kernel.org> # 3.7+
Signed-off-by: Ujjal Roy <royujjal@gmail.com>
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-11-11 14:42:45 -05:00
Avinash Patil d03b4aa77e mwifiex: correct packet length for packets from SDIO interface
While receiving a packet on SDIO interface, we allocate skb with
size multiple of SDIO block size. We need to resize this skb
after RX using packet length from RX header.

Cc: <stable@vger.kernel.org>
Signed-off-by: Avinash Patil <patila@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-11-11 14:42:45 -05:00
Larry Finger 3545f3d5f4 rtlwifi: rtl8192de: Fix incorrect signal strength for unassociated AP
The routine that processes received frames was returning the RSSI value for the
signal strength; however, that value is available only for associated APs. As
a result, the strength was the absurd value of 10 dBm. As a result, scans
return incorrect values for the strength, which causes unwanted attempts to roam.

Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Cc: Stable <stable@vger.kernel.org> [3.1+]
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-11-11 14:42:44 -05:00
Larry Finger 78dbfecb95 rtlwifi: rtl8192cu: Fix incorrect signal strength for unassociated AP
The routine that processes received frames was returning the RSSI value for the
signal strength; however, that value is available only for associated APs. As
a result, the strength was the absurd value of 10 dBm. As a result, scans
return incorrect values for the strength, which causes unwanted attempts to roam.

Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Cc: Stable <stable@vger.kernel.org> [2.6.39+]
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-11-11 14:42:44 -05:00
Larry Finger b4ade79766 rtlwifi: rtl8192se: Fix incorrect signal strength for unassociated AP
The routine that processes received frames was returning the RSSI value for the
signal strength; however, that value is available only for associated APs. As
a result, the strength was the absurd value of 10 dBm. As a result, scans
return incorrect values for the strength, which causes unwanted attempts to roam.

This patch fixes https://bugzilla.kernel.org/show_bug.cgi?id=63881.

Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Reported-by: Matthieu Baerts <matttbe@gmail.com>
Cc: Stable <stable@vger.kernel.org> [3.0 +]
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-11-11 14:42:44 -05:00
Mark Cave-Ayland 0c5d63f0ab rtlwifi: Fix endian error in extracting packet type
All of the rtlwifi drivers have an error in the routine that tests if
the data is "special". If it is, the subsequant transmission will be
at the lowest rate to enhance reliability. The 16-bit quantity is
big-endian, but was being extracted in native CPU mode. One of the
effects of this bug is to inhibit association under some conditions
as the TX rate is too high.

Based on suggestions by Joe Perches, the entire routine is rewritten.

One of the local headers contained duplicates of some of the ETH_P_XXX
definitions. These are deleted.

Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Cc: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Cc: Stable <stable@vger.kernel.org> [2.6.38+]
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-11-11 14:42:43 -05:00
Janusz Dziedzic 4be6718c66 ath9k: dfs_debug fix possible NULL dereference
Fix possible NULL (sc->dfs_detector) pointer dereference.

Detected by Smatch:
drivers/net/wireless/ath/ath9k/dfs_debug.c:67 read_file_dfs()
error: we previously assumed 'sc->dfs_detector' could be null (see line 47)

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-11-11 14:42:43 -05:00
Janusz Dziedzic 87eb01679a ath9k: DFS radar use correct width enum
Use correct width enums when setup
radar_detect_widths for DFS.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-11-11 14:38:59 -05:00
Stanislaw Gruszka 3d8bfe141b rt2x00: fix HT TX descriptor settings regression
Since:

commit 36323f817a
Author: Thomas Huehn <thomas@net.t-labs.tu-berlin.de>
Date:   Mon Jul 23 21:33:42 2012 +0200

    mac80211: move TX station pointer and restructure TX

we do not pass sta pointer to rt2x00queue_create_tx_descriptor_ht(),
hence we do not correctly set station WCID and AMPDU density parameters.

Cc: stable@vger.kernel.org # 3.7+
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Acked-by: Gertjan van Wingerde <gwingerde@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-11-11 14:38:59 -05:00
Wei Yongjun 7777bd458e libertas: fix error return code in if_cs_probe()
Fix to return -ENODEV in the unknown model error handling
case instead of 0, as done elsewhere in this function.

Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Acked-by: Dan Williams <dcbw@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-11-11 14:38:58 -05:00
Dan Carpenter a497e47d4a libertas: potential oops in debugfs
If we do a zero size allocation then it will oops.  Also we can't be
sure the user passes us a NUL terminated string so I've added a
terminator.

This code can only be triggered by root.

Reported-by: Nico Golde <nico@ngolde.de>
Reported-by: Fabian Yamaguchi <fabs@goesec.de>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Dan Williams <dcbw@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-11-11 14:38:58 -05:00
Colin Ian King 450991fd2f rtlwifi: fix null dereference on efuse_word on kmalloc fail returns NULL
kmalloc on efuse_word can return null, leading to free'ing of
elements in efuse_word on the error exit path even though it has not
been allocated.  Instead, don't free the elements of efuse_word if
kmalloc failed.

Also, kmalloc of any of the arrays in efuse_word[] can also fail,
leading to undefined contents in the remaining elements leading to
problems when free'ing these elements later on.  So kzalloc efuse_word
to ensure the kfree on the remaining elements won't cause breakage.

Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-11-11 14:38:58 -05:00
Amitkumar Karwar 01c85adfff mwifiex: fix invalid memory access in mwifiex_update_autoindex_ies()
While parsing TLVs, return failure if number of remaining bytes
are less than current tlv length. This avoids invalid memory
access.

Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-11-11 14:38:57 -05:00
Amitkumar Karwar 2636c308fd mwifiex: fix invalid memory access in mwifiex_ret_tx_rate_cfg()
As tlv_buf_len is decremented at the end of the loop, we may have
accessed invalid memory in the last iteration.
Modify the while condition and add a break statement at the
begining of the loop to fix the problem.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-11-11 14:38:57 -05:00
Amitkumar Karwar fe1c9a443e mwifiex: fix invalid memory access in mwifiex_get_power_level()
With "while (length)" check we may end up in accessing invalid
memory in last iteration.
This patch makes sure that tlv length is not less than the length
of structure mwifiex_power_group when min/max power is calculated.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-11-11 14:38:56 -05:00
Amitkumar Karwar 930fd35c8d mwifiex: replace u16 with __le16 in struct mwifiex_types_power_group
__le16 to u16 conversion is missing for "pg_tlv_hdr->length"
in mwifiex_get_power_level(). This creates a problem on big
endian machines.
It is resolved by changing definition of the structure
and making required endianness changes.

Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-11-11 14:38:56 -05:00
Dan Carpenter 95edbc30db mwifiex: potential integer underflow in mwifiex_ret_wmm_get_status()
Before we loop for next iteration we adjust the buffer pointer and
"resp_len":

		curr += (tlv_len + sizeof(tlv_hdr->header));
		resp_len -= (tlv_len + sizeof(tlv_hdr->header));

If "resp_len" gets set to negative then it counts as a high positive
value.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-11-11 14:38:56 -05:00
Felipe Pena 3aef7dde8d rtlwifi: rtl8192se: Fix wrong assignment
There is a typo in the struct member name on assignment when checking
rtlphy->current_chan_bw == HT_CHANNEL_WIDTH_20_40, the check uses pwrgroup_ht40
for bound limit and uses pwrgroup_ht20 when assigning instead.

Signed-off-by: Felipe Pena <felipensp@gmail.com>
Acked-by: Larry Finger <Larry.Finger@lwfinger.net>
Cc: stable@vger.kernel.org [3.0+]
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-11-11 14:38:55 -05:00
Felipe Pena 6264995f86 wireless: rt2800lib: Fix typo on checking
On rt2800_config_channel_rf53xx function the member default_power1 is checked
for bound limit, but default_power2 is used instead.

Signed-off-by: Felipe Pena <felipensp@gmail.com>
Acked-by: Gertjan van Wingerde <gwingerde@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-11-11 14:38:55 -05:00
John W. Linville c1f3bb6bd3 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next into for-davem 2013-11-08 09:03:10 -05:00
Simon Wunderlich 3c57e865cf ath9k: enable DFS for IBSS mode
Signed-off-by: Simon Wunderlich <siwu@hrz.tu-chemnitz.de>
Signed-off-by: Mathias Kretschmer <mathias.kretschmer@fokus.fraunhofer.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-11-07 16:28:51 -05:00
John W. Linville c046555966 Merge branch 'for-john' of git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/iwlwifi-next 2013-11-05 15:53:10 -05:00
John W. Linville dce1ebabcb Merge branch 'for-linville' of git://git.kernel.org/pub/scm/linux/kernel/git/luca/wl12xx 2013-11-05 15:51:34 -05:00
John W. Linville 353c78152c Merge branch 'for-john' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next
Conflicts:
	net/wireless/reg.c
2013-11-05 15:49:02 -05:00
John W. Linville 87bc0728d4 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next into for-davem
Conflicts:
	drivers/net/wireless/brcm80211/brcmfmac/sdio_host.h
2013-11-04 14:51:28 -05:00
John W. Linville 01925efdf7 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless
Conflicts:
	drivers/net/wireless/iwlwifi/pcie/drv.c
2013-11-04 14:45:14 -05:00
Emmanuel Grumbach c92f06a1de iwlwifi: mvm: BT Coex - fix copy paste issue
Putting the context id of the primary phy context in
the placeholder of the secondary is obviously a bad
idea.
Spotted by smatch.

Fixes: dac94da8db ("iwlwifi: mvm: new BT Coex API")
Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
2013-10-30 19:20:48 +02:00
Michael Opdenacker 16f00762a7 iwlwifi: remove duplicate includes
Reported by "make includecheck"

Tested that the corresponding sources still compile well on x86

Signed-off-by: Michael Opdenacker <michael.opdenacker@free-electrons.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
2013-10-29 19:42:36 +02:00
Johannes Berg befe9b6fd8 iwlwifi: warn if firmware image doesn't exist
If the firmware image that we attempt to load doesn't
actually exist we have a broken firmware file or other
code not checking things correctly, so warn in such a
case. Also avoid assigning cur_ucode/ucode_loaded then.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
2013-10-29 14:53:50 +01:00
Johannes Berg cbb346f2fc iwlwifi: mvm: add missing break in debugfs
When writing the disable_power_off value, the LPRX
enable value also gets written unintentionally, so
fix that by adding the missing break statement.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
2013-10-29 14:52:45 +01:00
Johannes Berg fb8b8ee10e iwlwifi: mvm: capture the FCS in monitor mode
This can be useful when using the device as a sniffer.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
2013-10-29 14:52:25 +01:00
Johannes Berg bcbb8c9c7d iwlwifi: pcie: move warning message into warning
Having a WARN_ON() followed by a printed message is
less useful than having the message in the warning
so move the message.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
2013-10-29 14:51:50 +01:00
Emmanuel Grumbach 22cba0c085 iwlwifi: mvm: BT Coex fix NULL pointer dereference
When we disassociate, mac80211 removes the station and
then, it sets the bss it unsets the assoc bool in bss_info.

Since the firwmware wants it the opposite (first set the
MAC context as unassoc, and only then, remove the STA of
the API), we have a small period of time in which the STA
in firmware doesn't have a valid ieee80211_sta pointer.
During that time, iwl_mvm_vif->ap_sta_id, is still set
to the STA in firmware that represent the AP.

This avoids:

[ 4481.476246] BUG: unable to handle kernel NULL pointer dereference at 00000045
[ 4481.479521] IP: [<f8416a6a>] iwl_mvm_bt_coex_reduced_txp+0x7a/0x190 [iwlmvm]
[ 4481.482023] *pde = 00000000
[ 4481.484332] Oops: 0000 [#1] SMP DEBUG_PAGEALLOC
[ 4481.486897] Modules linked in: netconsole configfs autofs4 rfcomm(O) bnep(O) nfsd nfs_acl auth_rpcgss exportfs nfs lockd binfmt_misc sunrpc fscache arc4 iwlmvm(O) mac80211(O) btusb(O) iwlwifi(O) bluetooth(O) cfg80211(O) snd_hda_codec_hdmi coretemp dell_wmi snd_hda_codec_idt compat(O) dell_laptop aesni_intel i915 sparse_keymap dcdbas cryptd psmouse serio_raw aes_i586 microcode snd_hda_intel drm_kms_helper snd_hda_codec drm snd_pcm snd_timer i2c_algo_bit video intel_agp intel_gtt snd soundcore snd_page_alloc crc32c_intel ahci sdhci_pci libahci sdhci mmc_core e1000e xhci_hcd [last unloaded: configfs]
[ 4481.502983]
[ 4481.505599] Pid: 6507, comm: kworker/0:1 Tainted: G           O 3.4.43-dev #1 Dell Inc. Latitude E6430/0CMDYV
[ 4481.508575] EIP: 0060:[<f8416a6a>] EFLAGS: 00010246 CPU: 0
[ 4481.511248] EIP is at iwl_mvm_bt_coex_reduced_txp+0x7a/0x190 [iwlmvm]
[ 4481.513947] EAX: ffffffea EBX: 00000002 ECX: 00000001 EDX: 00000001
[ 4481.516710] ESI: ec6f0f28 EDI: 00000000 EBP: e8175dfc ESP: e8175d9c
[ 4481.519445]  DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
[ 4481.522185] CR0: 8005003b CR2: 00000045 CR3: 01a5e000 CR4: 001407d0
[ 4481.524950] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[ 4481.527768] DR6: ffff0ff0 DR7: 00000400
[ 4481.530565] Process kworker/0:1 (pid: 6507, ti=e8174000 task=e8032b20 task.ti=e8174000)
[ 4481.533447] Stack:
[ 4481.536379]  e472439f 00003a12 e8032b20 e8033048 00000001 e8175ddc 00000246 e8033040
[ 4481.540132]  00000002 01814990 ec4d1ddc e8175dcc 00000000 00000000 00000000 00000000
[ 4481.543867]  00000000 00000000 00000001 000001c8 009b0002 ec4d1ddc ec6f0f28 00000000
[ 4481.547633] Call Trace:
[ 4481.550578]  [<f8418027>] iwl_mvm_bt_rssi_event+0x197/0x220 [iwlmvm]
[ 4481.553537]  [<f840919c>] iwl_mvm_stat_iterator+0xdc/0x240 [iwlmvm]
[ 4481.556582]  [<f8d129c2>] __iterate_active_interfaces+0xe2/0x1f0 [mac80211]
[ 4481.559544]  [<f84090c0>] ? iwl_mvm_update_smps+0x90/0x90 [iwlmvm]
[ 4481.562519]  [<f84090c0>] ? iwl_mvm_update_smps+0x90/0x90 [iwlmvm]
[ 4481.565498]  [<f8d12b0c>] ieee80211_iterate_active_interfaces+0x3c/0x50 [mac80211]
[ 4481.568421]  [<f8409b43>] iwl_mvm_rx_statistics+0xb3/0x130 [iwlmvm]
[ 4481.571349]  [<f8405431>] iwl_mvm_async_handlers_wk+0xc1/0xf0 [iwlmvm]
[ 4481.574251]  [<c1052915>] ? process_one_work+0x105/0x5c0
[ 4481.577162]  [<c1052991>] process_one_work+0x181/0x5c0
[ 4481.580025]  [<c1052915>] ? process_one_work+0x105/0x5c0
[ 4481.582861]  [<f8405370>] ? iwl_mvm_rx_fw_logs+0x20/0x20 [iwlmvm]
[ 4481.585722]  [<c10530f1>] worker_thread+0x121/0x2c0
[ 4481.588536]  [<c1052fd0>] ? rescuer_thread+0x1d0/0x1d0
[ 4481.591323]  [<c105af0d>] kthread+0x7d/0x90
[ 4481.594059]  [<c105ae90>] ? flush_kthread_worker+0x120/0x120
[ 4481.596868]  [<c15b7cc2>] kernel_thread_helper+0x6/0x10
[ 4481.599605] Code: 9d de c3 c8 85 c0 74 0d 80 3d f8 ae 42 f8 00 0f 84 dc 00 00 00 8b 45 c8 0f b6 d3 31 ff 89 55 c0 8b 84 90 d8 03 00 00 0f b6 55 c7 <38> 50 5b 89 45 bc 0f 84 a8 00 00 00 a1 e4 d2 04 c2 85 c0 0f 84
[ 4481.611782] EIP: [<f8416a6a>] iwl_mvm_bt_coex_reduced_txp+0x7a/0x190 [iwlmvm] SS:ESP 0068:e8175d9c
[ 4481.614985] CR2: 0000000000000045
[ 4481.687441] ---[ end trace b11bc915fbac4412 ]---

Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
2013-10-29 14:51:01 +01:00
Johannes Berg 84cf0e6207 iwlwifi: transport config n_no_reclaim_cmds should be unsigned
The number of commands can never be negative, so it should
be using an unsigned type. This also shuts up an smatch
warning elsewhere in the code.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
2013-10-29 14:50:11 +01:00
Alexander Bondar e8e626ad0c iwlwifi: mvm: update UAPSD support TLV bits
Change old UAPSD bit to PM_CMD_SUPPORT, and add a new bit to indicate
real UAPSD support.
Don't use UAPSD when the firmware doesn't support it.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
2013-10-29 14:45:23 +01:00
Jouni Malinen 0bb861e6be mac80211_hwsim: Fix tracking of beaconing for multi-vif
mac80211_hwsim canceled beacon_timer on any vif changing from enabled
to disabled beaconing. This breaks cases where there are multiple
beaconing vifs and only one of them is removed. Fix this by tracking
beaconing status per vif and disable beacon_timer only if no active vif
remain with beaconing enabled.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2013-10-28 15:11:07 +01:00