This doesn't fix any problem that I'm aware of, but should
make it harder to add use-after-free type bugs in the
future.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
The bf_dmacontext seems to be totally useless and duplicated
by bf_buf_addr. Remove it entirely, use bf_buf_addr in its
place.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
These chipsets will not hit the market, all customers will be
on >= AR9003 2.2. This shaves down the ath9k_hw size by
24161 bytes (24 KB) on my system.
Before:
$ size drivers/net/wireless/ath/ath9k/ath9k_hw.ko
text data bss dec hex filename
292328 616 1824 294768 47f70 drivers/net/wireless/ath/ath9k/ath9k_hw.ko
$ du -b drivers/net/wireless/ath/ath9k/ath9k_hw.ko
5987825 drivers/net/wireless/ath/ath9k/ath9k_hw.ko
After:
$ size drivers/net/wireless/ath/ath9k/ath9k_hw.ko
text data bss dec hex filename
277192 616 1824 279632 44450 drivers/net/wireless/ath/ath9k/ath9k_hw.ko
$ du -b drivers/net/wireless/ath/ath9k/ath9k_hw.ko
5963664 drivers/net/wireless/ath/ath9k/ath9k_hw.ko
Cc: Yixiang Li <yixiang.li@atheros.com>
Cc: Don Breslin <don.breslin@atheros.com>
Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
There's a bug with radiotap vendor namespace
parsing if you don't register for the given
namespace extensions. Fix this by passing
only the unknown vendor namespaces and the
registered data to frontends, but not both.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This patch enables to receive probe request frames on p2p
client mode.
Signed-off-by: Rajkumar Manoharan <rmanoharan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
The return code was being overwritten with -1.
Useful for debugging.
Signed-off-by: Paul Fox <pgf@laptop.org>
Signed-off-by: Daniel Drake <dsd@laptop.org>
Acked-by: Dan Williams <dcbw@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
The wireless mode bitfield was only used to detect 2.4 and 5 GHz support,
which can be simplified by using ATH9K_HW_CAP_* capabilities.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Set the rate table in the rc module properly based on band and
HT capabilities instead, which was already partially done, but
not for every mode.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Move them to the same debugfs file that the other rc modules use.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
ath9k_hw_proc_mib_event updates the cycle counters, so it common->cc_lock
must be acquired.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
PHY counter overflows need to be checked for the old ANI version,
because of its use of interrupt based counter overflow reports when
the counters exceed the configured thresholds.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
The commit "ath9k_hw: remove code duplication in phy error counter handling"
split off some duplicate code into a separate function, but did not have a
return code for aborting ANI processing based on counter values.
This introduced a divide by zero issue.
This patch adds the missing return code check in ath9k_hw_ani_monitor
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
While the chip is in powersave mode, the cycle counter updates do not
contain useful values. While the chip is in full sleep, the rx_clear
signal stays high, indicating a busy medium.
To ensure sane values, update cycle counters before going into
powersave, and clear them right after switching back to awake.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Some of the functions in iwl-eeprom.c file are for agn devices only,
Those functions do not have to be part of iwlcore.ko, so move those
to iwl-agn-eeprom.c file.
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
When the beacon_skb is NULL, we might still
attempt to use it in this code path (if we
ever get here) -- make the code a bit more
defensive and check the return value of
iwl_fill_beacon_frame() against zero.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
We recently found that contrary to expectations,
the LED is not blinking in IBSS mode. Fix this.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
The RXON checking is a bit magical, and prints
out too much information if something goes wrong.
Make it less magical and print out only the items
that were actually wrong.
Also remove the comment about removing it -- the
driver is constantly changing so these checks are
useful.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
For 6050 series of devices, 6050 ops should be used;
One of the 6050 config still use 6000 ops, fix it.
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
There's no need to check for NULL before
calling dev_kfree_skb() since it is valid
to call it on NULL -- it becomes a no-op.
There's also no need to initialise the
beacon_skb variable to NULL just after
the memory it is in has been kzalloc'ed.
Some minor whitespace cleanups, and a
lock assertion in a function that needs
the mutex (to access the beacon_skb var)
complete the patch.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Since we're also going to support AP (GO) mode,
the variable isn't used for just IBSS beacons
any more -- rename it to not mislead readers.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
There are two passive 2.4 GHz channels: 12 and 13.
If you have a hidden SSID on those, you will not
be able to connect to it because we don't send out
probe requests there. We can allow this by using
the firmware's probe-after-rx functionality on
those channels as well.
This fixes
https://bugzilla.kernel.org/show_bug.cgi?id=16462
Reported-by: Daniel J Blueman <daniel.blueman@gmail.com>
Tested-by: Daniel J Blueman <daniel.blueman@gmail.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
For BT/WiFi combo devices, need longer tx stuck queue
timer, so those devices won't reload firmware too often.
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
The ath_debug_stat_tx references bf->bf_mpdu, which
is the skb consumed by ath_tx_complete. So, call
the ath_debug_stat_tx method first.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
It looks like I submitted a different patch
than I tested, because clearly the code in
mac80211 is missing actually propagating the
requested SMPS mode. Fix that!
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This allows mac80211 to enable receiving of Probe Request frames in
station mode which is needed for P2P.
Signed-off-by: Jouni Malinen <jouni.malinen@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Using the frame registration notification, we
can see when probe requests are requested and
notify the low-level driver via filtering. The
flag is also set in AP and IBSS modes.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Drivers may need to adjust their filters according
to frame registrations, so notify them about them.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This fix updates the documenation in Rate Control Table structure
Signed-off-by: Mohammed Shafi Shajakhan <mshajakhan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This automatically keeps things proper when wiphy
is renamed.
Based on patch by Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Ben Greear <greearb@candelatech.com>
Acked-by: Bruno Randolf <br1@einfach.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
wext: fix alignment problem in serializing 'struct iw_point'
This fixes a typo in the definition of the serialized length of struct iw_point:
a) wireless.h is exported to userspace, the typo causes IW_EV_POINT_PK_LEN
to be 12 on 64-bit, and 8 on 32-bit systems (causing misalignment);
b) in compat-64 mode iwe_stream_add_point() memcpys overlap (see below).
The second case in in compat-64 mode looks like (variable names are as in
include/net/iw_handler.h:iwe_stream_add_point()):
point_len = IW_EV_COMPAT_POINT_LEN = 8
lcp_len = IW_EV_COMPAT_LCP_LEN = 4
2nd memcpy: IW_EV_POINT_PK_LEN - IW_EV_LCP_PK_LEN = 12 - 4 = 8
IW_EV_LCP_PK_LEN
<--------------> *---> 'extra' data area
+-------+-------+-------+-------+---------------+------- ...-+
| len | cmd |length | flags | (empty) -> extra ... |
+-------+-------+-------+-------+---------------+------- ...-+
2 2 2 2 4
lcp_len
<--------------> <-!! OVERLAP !!>
<--1st memcpy--><------- 2nd memcpy ----------->
<---- 3rd memcpy ------- ... >
<--------- point_len ---------->
This case could cause overrun whenever iw_point.length < 4.
The other two cases are -
* 32-bit systems: IW_EV_POINT_PK_LEN - IW_EV_LCP_PK_LEN = 8 - 4 = 4,
the second memcpy copies exactly the 4 required bytes;
* 64-bit systems: IW_EV_POINT_PK_LEN - IW_EV_LCP_PK_LEN = 12 - 4 = 8,
the second memcpy copies a superfluous (but non overlapping) 4 bytes.
The patch changes IW_EV_POINT_PK_LEN to be 8, so that in all 3 cases always only
the requested iw_point.{length,flags} (both __u16) are copied, avoiding overrrun
(compat-64) and superfluous copy (64-bit). In addition, the userspace header is
sanitized (in agreement with version 30 of the wireless tools).
Many thanks to Johannes Berg for help and review with this patch.
Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Also improve ath_opmode_to_string usage by having it return UNKNOWN
rather than NULL in the event of failure to map the opmode value to a
representative string.
Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
The index cannot be used to reliably reconstruct a phy
name, so explicitly add the phy name to sysfs so that scripts
can figure out the parent phy device for a particular
wireless interface.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
commit 6f98613258b966ffe0e6def18129b386514d10e0
Author: Jay Sternberg <jay.e.sternberg@intel.com>
Date: Sat Sep 18 09:07:04 2010 -0700
iwlagn: reduce redundant parameter definitions
broke 3945 because Jay accidentally removed the
num_of_queues parameter for 3945, so that we now
attempt to allocate a zero-sized queue array,
which leads to SLUB returning ZERO_SIZE_PTR (0x10)
which we then try to dereference thus crashing the
system. Restore the necessary num_of_queues param.
This fixes
http://bugzilla.intellinuxwireless.org/show_bug.cgi?id=2254
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
For WiFi/BT combo devices, priority table always need to download
before perform any calibration operation.
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
kill_urb guarentees that when the function returns, the URB has
been fully killed. This means we don't need the extra sleeping
after the call to kill_urb.
kill_urb can however also guarentee the submit_urb to fail, as
a result, we must catch the return value from submit_urb an
correctly mark the entry as owned by the driver, and the
status as broken.
Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
The currently used watchdog functions cannot be applied
to empty queues.
Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com>
Acked-by: Helmut Schaa <helmut.schaa@googlemail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
All access to the queue_entry->flags can be done concurrently,
so all flags must use the atomic operators. On most locations
this was already done, so just fix the last few non-atomic
versions.
Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com>
Acked-by: Helmut Schaa <helmut.schaa@googlemail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
When the RX skb allocation failed, we should recycle
the previously allocated skbuffer. By calling return
we would kill the RX queue completely since the
entry would be invalidated.
Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com>
Acked-by: Helmut Schaa <helmut.schaa@googlemail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Similar to the PLCP signal and bitrates values,
we should validate the MCS value from the RX descriptor
before sending it to mac80211.
Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com>
Acked-by: Helmut Schaa <helmut.schaa@googlemail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
The watchdog function must run on a work_queue
which is independent of any other work inside rt2x00.
The main reasons, being that a broken work on the mac80211
work_queue can otherwise prevent the watchdog to run (while
in fact the watchdog could fix the issue). And on the other
hand because the watchdog relies on the completion of the
completion handlers for RX/TX which for the USB case, occur
on the mac80211 workqueue.
This fixes some "Queue %d failed to flush" errors, which were
caused by the watchdog function waiting on the completion
handler which was scheduled to run right after the watchdog.
Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com>
Acked-by: Helmut Schaa <helmut.schaa@googlemail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
A lot of functions accept a struct rt2x00_dev combined with
either a struct queue_entry or struct data_queue argument.
This can be simplified by only passing on the queue/entry
argument.
In cases where rt2x00_dev and a sk_buff are send together,
we can send the queue_entry instead.
rt2x00usb_alloc_urb and rt2x00usb_free_urb have a bit
of vague naming. Instead they allocate all the data which
belongs to a rt2x00 data queue entry.
Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com>
Acked-by: Helmut Schaa <helmut.schaa@googlemail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Stanse found that urb cannot be NULL in at76_rx_tasklet because it is
dereferenced earlier, so remove the unneeded check.
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Signed-off-by: John W. Linville <linville@tuxdriver.com>