Commit Graph

11360 Commits

Author SHA1 Message Date
Johannes Berg
6c80c39d9a iwlagn: fix dangling scan request
If iwl_scan_initiate() fails for any reason,
priv->scan_request and priv->scan_vif are left
dangling. This can lead to a crash later when
iwl_bg_scan_completed() tries to run a pending
scan request.

In practice, this seems to be very rare due to
the STATUS_SCANNING check earlier. That check,
however, is wrong -- it should allow a scan to
be queued when a reset/roc scan is going on.
When a normal scan is already going on, a new
one can't be issued by mac80211, so that code
can be removed completely. I introduced this
bug when adding off-channel support in commit
266af4c745.

Cc: stable@kernel.org [3.0]
Reported-by: Peng Yan <peng.yan@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-09-26 14:55:50 -04:00
Stanislaw Gruszka
65d0f19e58 iwlegacy: do not use interruptible waits
iwlegacy version of fix:

commit effd4d9aec
Author: Johannes Berg <johannes.berg@intel.com>
Date:   Thu Sep 15 11:46:52 2011 -0700

    iwlagn: do not use interruptible waits

    Since the dawn of its time, iwlwifi has used
    interruptible waits to wait for synchronous
    commands and firmware loading.

    This leads to "interesting" bugs, because it
    can't actually handle the interruptions; for
    example when a command sending is interrupted
    it will assume the command completed fully,
    and then leave it pending, which leads to all
    kinds of trouble when the command finishes
    later.

    Since there's no easy way to gracefully deal
    with interruptions, fix the driver to not use
    interruptible waits.

    This at least fixes the error
    iwlagn 0000:02:00.0: Error: Response NULL in  'REPLY_SCAN_ABORT_CMD'

    I have seen in P2P testing, but it is likely
    that there are other errors caused by this.

Cc: stable@kernel.org # 2.6.39+
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-09-21 15:58:24 -04:00
Stanislaw Gruszka
2e2a41d6ca iwlegacy: fix command queue timeout
iwlegacy version of fix:

commit 282cdb325a
Author: Johannes Berg <johannes.berg@intel.com>
Date:   Mon Sep 12 12:09:10 2011 -0700

    iwlagn: fix command queue timeout

    If the command queue is constantly busy,
    which can happen in P2P, the hangcheck
    timer will frequently find a command in
    it and will eventually reset the device
    because nothing sets the timestamp for
    this queue when commands are processed.

    Fix this by setting the timestamp when
    a command completes.

iwlegacy does not support P2P, but this patch fix possible
unneeded hardware resets, hence is needed.

Cc: stable@kernel.org  # 2.6.39+
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-09-21 15:58:23 -04:00
Rajkumar Manoharan
e9f9530bb6 ath9k_hw: Fix Rx DMA stuck for AR9003 chips
During the endurance testing, rx frames are not getting DMAd from
MAC whereas pcu rx frame counters are getting updated properly.
As per systems team input updated the initval to fix rx dma stuck
issue.

Cc: stable@kernel.org
Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-09-21 15:58:22 -04:00
Manual Munz
8c23516fbb b43: Fix beacon problem in ad-hoc mode
In ad-hoc mode, driver b43 does not issue beacons.

Signed-off-by: Manual Munz <freifunk@somakoma.de>
Tested-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Cc: Stable <stable@kernel.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-09-19 14:51:51 -04:00
Don Fry
2249b01143 iwlagn: workaround bug crashing some APs
This patch reverts commit 9b76883284 which
was introduced in 2.6.38-rc1.  It works around a problem where the iwlagn
driver stimulates a bug crashing (requiring power cycle to recover) some
APs under heavy traffic.

CC: stable@kernel.org #2.6.39, #3.0.0 #3.1.0
Signed-off-by: Don Fry <donald.h.fry@intel.com>
SIgned-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-09-16 15:32:12 -04:00
Larry Finger
daabead1c3 rtl2800usb: Fix incorrect storage of MAC address on big-endian platforms
The eeprom data is stored in little-endian order in the rt2x00 library.
As it was converted to cpu order in the read routines, the data need to
be converted to LE on a big-endian platform.

Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Cc: Stable <stable@kernel.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-09-16 15:32:10 -04:00
Larry Finger
d331eb51e4 rt2800pci: Fix compiler error on PowerPC
Using gcc 4.4.5 on a Powerbook G4 with a PPC cpu, a complicated
if statement results in incorrect flow, whereas the equivalent switch
statement works correctly.

Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Cc: stable <stable@kernel.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-09-16 15:32:09 -04:00
Stanislaw Gruszka
7cabafcea7 ipw2x00: fix rtnl mutex deadlock
This fix regression introduced by:

commit: ecb4433550
Author: Stanislaw Gruszka <sgruszka@redhat.com>
Date:   Fri Aug 12 14:00:59 2011 +0200

    mac80211: fix suspend/resume races with unregister hw

Above commit add rtnl_lock() into wiphy_register(), what cause deadlock
when initializing ipw2x00 driver, which itself call wiphy_register()
from register_netdev() internal callback with rtnl mutex taken.

To fix move wiphy_register() outside register_netdev(). This solution
have side effect of not creating /sys/class/net/wlanX/phy80211 link,
but that's a minor issue we can live with.

Bisected-by: Witold Baryluk <baryluk@smp.if.uj.edu.pl>
Bisected-by: Michael Witten <mfwitten@gmail.com>
Tested-by: Witold Baryluk <baryluk@smp.if.uj.edu.pl>
Tested-by: Michael Witten <mfwitten@gmail.com>
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-09-16 15:32:09 -04:00
Johannes Berg
282cdb325a iwlagn: fix command queue timeout
If the command queue is constantly busy,
which can happen in P2P, the hangcheck
timer will frequently find a command in
it and will eventually reset the device
because nothing sets the timestamp for
this queue when commands are processed.

Fix this by setting the timestamp when
a command completes.

Cc: stable@kernel.org #2.6.39, #3.0.0 #3.1.0
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
SIgned-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-09-13 14:32:02 -04:00
Johannes Berg
456fc37e45 iwlagn: fix stack corruption
Alexander reported a strange crash in iwlagn that
Meenakshi and Wey couldn't reproduce. I just ran
into the same issue and tracked it down to stack
corruption. This fixes it.

The problem was introduced in
commit 4b8b99b6e650d0527f3a123744b7459976581d14
Author: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Date:   Fri Jul 8 14:29:48 2011 -0700

    iwlagn: radio sensor offset in le16 format

Cc: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Cc: Meenakshi Venkataraman <meenakshi.venkataraman@intel.com>
Reported-by: Alexander Diewald <alex@diewald.cc>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-09-13 14:18:39 -04:00
Mohammed Shafi Shajakhan
6a6b3f3e13 ath9k: Fix kernel panic on unplugging the device
when the device is yanked out ath_pci_remove starts doing the cleanups,
unregistering the hardware etc. so we should bail out immediately when
we get drv_flush callback from mac80211 when the card is being unplugged.
the panic occurs after we had associated to an AP.

	EIP: 0060:[<fb315b00>] EFLAGS: 00010246 CPU: 0
	EIP is at ath_reset+0xa0/0x1c0 [ath9k]
	EAX: 00000000 EBX: 000697c0 ECX: 00000002 EDX: f3c3ccf0
	ESI: 00000000 EDI: 00000000 EBP: f43e7b78 ESP: f43e7b50
 	DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
 	Process kworker/u:2 (pid: 182, ti=f43e6000 task=f3c3c7c0
	task.ti=f43e6000)
 	Stack:
 	0000002a 00000000 00000000 003e7b78 0000000f eaaa8500
	ffffffea eaaa97c0
 	eaaaa000 00000001 f43e7ba8 fb315d23 f99e7721 ecece680
	eaaac738 eaaa8500
 	eaaaa020 000000c8 000000c8 00000000 eaaa8d58 eaaa8500
	f43e7bd0 fb080b29
 	Call Trace:
	[<fb315d23>] ath9k_flush+0x103/0x170 [ath9k]
	[<fb080b29>] __ieee80211_recalc_idle+0x2c9/0x400
	[mac80211]
	[<fb080c8e>] ieee80211_recalc_idle+0x2e/0x60 [mac80211]
	[<fb07aa73>] ieee80211_mgd_deauth+0x173/0x210 [mac80211]
	[<fb084559>] ieee80211_deauth+0x19/0x20 [mac80211]
	[<f99dda53>] __cfg80211_mlme_deauth+0xf3/0x140
	[cfg80211]
	[<c0633d00>] ? __mutex_lock_common+0x1f0/0x380
	[<f99e1b5d>] __cfg80211_disconnect+0x18d/0x1f0
	[cfg80211]
	[<f99c8199>] cfg80211_netdev_notifier_call+0x159/0x5c0
	[cfg80211]
	[<c0608a64>] ? packet_notifier+0x174/0x1f0
	[<c0639202>] notifier_call_chain+0x82/0xb0
	[<c0170d8f>] raw_notifier_call_chain+0x1f/0x30
	[<c053b86c>] call_netdevice_notifiers+0x2c/0x60
	[<c0182184>] ? trace_hardirqs_on_caller+0xf4/0x180
	[<c053b8ec>] __dev_close_many+0x4c/0xd0
	[<c053ba2d>] dev_close_many+0x6d/0xc0
	[<c053bb53>] rollback_registered_many+0x93/0x1c0
	[<c018221b>] ? trace_hardirqs_on+0xb/0x10
	[<c053bc95>] unregister_netdevice_many+0x15/0x50
	[<fb07f83b>] ieee80211_remove_interfaces+0x7b/0xb0
	[mac80211]
	[<fb06a14b>] ieee80211_unregister_hw+0x4b/0x110
	[mac80211]
	[<fb311a4a>] ath9k_deinit_device+0x3a/0x60 [ath9k]
	[<fb31eed6>] ath_pci_remove+0x46/0x90 [ath9k]
	[<c03b4ac4>] pci_device_remove+0x44/0x100
	[<c043eb54>] __device_release_driver+0x64/0xb0
	[<c043ec67>] device_release_driver+0x27/0x40
	[<c043deeb>] bus_remove_device+0x7b/0xa0
	[<c043c491>] device_del+0xf1/0x180
	[<c043c530>] device_unregister+0x10/0x20
	[<c03afafe>] pci_stop_bus_device+0x6e/0x80
	[<c03afb72>] pci_remove_bus_device+0x12/0xa0
	[<c03c2f29>] pciehp_unconfigure_device+0x89/0x180
	[<c0181e54>] ? mark_held_locks+0x64/0x100
	[<c063390f>] ? __mutex_unlock_slowpath+0xaf/0x140
	[<c03c1f84>] pciehp_disable_slot+0x64/0x1b0
	[<c03c2850>] pciehp_power_thread+0xd0/0x100
	[<c0164ad0>] ? process_one_work+0x100/0x4d0
	[<c0164b4c>] process_one_work+0x17c/0x4d0
	[<c0164ad0>] ? process_one_work+0x100/0x4d0
	[<c03c2780>] ? queue_interrupt_event+0xa0/0xa0
	[<c01662bb>] worker_thread+0x13b/0x320
	[<c018221b>] ? trace_hardirqs_on+0xb/0x10
	[<c0166180>] ? manage_workers+0x1e0/0x1e0
	[<c016a654>] kthread+0x84/0x90
	[<c016a5d0>] ? __init_kthread_worker+0x60/0x60
	[<c063d106>] kernel_thread_helper+0x6/0x10

Cc: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-09-13 14:18:39 -04:00
George
bac2555c6d rtlwifi: Fix problem when switching connections
The driver fails to clear encryption keys making it impossible
to switch connections.

Signed-off-by: George <george0505@realtek.com>
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Cc: Stable <stable@kernel.org>        [2.6.39+]
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-09-13 14:18:38 -04:00
George
3401dc6eba rtlwifi: rtl8192su: Fix problem connecting to HT-enabled AP
The driver fails to connect to 802.11n-enabled APs. The patch fixes
Bug #42262.

Signed-off-by: George <george0505@realtek.com>
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Cc: Stable <stable@kernel.org>        [2.6.39+]
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-09-13 14:18:38 -04:00
Felix Fietkau
0e4660cbe5 ath9k_hw: fix calibration on 5 ghz
ADC calibrations cannot run on 5 GHz with fast clock enabled. They
need to be disabled, otherwise they'll hang and IQ mismatch calibration
will not be run either.

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Reported-by: Adrian Chadd <adrian@freebsd.org>
Cc: stable@kernel.org
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-08-30 15:26:16 -04:00
Stanislaw Gruszka
7c2510120e iwlegacy: fix BUG_ON(info->control.rates[0].idx < 0)
When trying to connect to 5GHz we can provide negative index to
mac80211 what trigger BUG_ON. Reason of iwl-3945-rs malfunction
on 5GHz is unknown and needs further investigation. For now, to
do not trigger a bug, correct value and just print WARNING.

Address bug:
https://bugzilla.redhat.com/show_bug.cgi?id=730653

Reported-and-tested-by: Jan Teichmann <jan.teichmann@gmail.com>
Cc: stable@kernel.org
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-08-29 14:26:32 -04:00
Rajkumar Manoharan
1c1bdd324c ath9k_hw: Fix init mode register regression
The commit 172805ad46
overwirtes additional clock settings of AR9330 to
all AR9300 chips.

Cc: stable@kernel.org
Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-08-29 14:26:31 -04:00
Mohammed Shafi Shajakhan
8b2a3827bb ath9k: Fix PS wrappers in ath9k_set_coverage_class
this callback is called during suspend/resume and also via iw command.
it configures parameters like sifs, slottime, acktimeout in
ath9k_hw_init_global_settings where few REG_READ, REG_RMW are also done
and hence the need for PS wrappers

Cc: stable@kernel.org
Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-08-24 13:52:28 -04:00
Alexey Khoroshilov
66cb54bd24 carl9170: Fix mismatch in carl9170_op_set_key mutex lock-unlock
If is_main_vif(ar, vif) reports that we have to fall back
to software encryption, we goto err_softw; before locking ar->mutex.
As a result, we have unprotected call to carl9170_set_operating_mode
and unmatched mutex_unlock.

The patch fix the issue by adding mutex_lock before goto.

Found by Linux Driver Verification project (linuxtesting.org).

Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
Cc: <stable@kernel.org>
Acked-By: Christian Lamparter <chunkeey@googlemail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-08-24 13:52:27 -04:00
Luciano Coelho
7a5e4877c1 wl12xx: add max_sched_scan_ssids value to the hw description
After commit 5a865ba, we require a separate value to indicate the
number of supported SSIDs in scheduled scans.  This patch adds a
proper value to the wl12xx driver.

This fixes a regression in 3.1-rc3 where scheduled scans were not
working properly with the wl12xx driver.

Signed-off-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-08-23 15:54:20 -04:00
Ido Yariv
a15f1c45f3 wl12xx: Fix validation of pm_runtime_get_sync return value
wl1271_sdio_power_on checks if the return value of pm_runtime_get_sync
is non-zero, and if so bails out.
However, pm_runtime_get_sync can return a positive number which does not
suggest an error has occurred. This is problematic for two reasons:

1. The function will needlessly bail out without decrementing back the
   runtime PM reference counter.
2. wl1271_power_on only checks if wl1271_power_on return value is
   negative. This means that wl1271_power_on will continue even if
   wl1271_sdio_power_on bailed out. As a result, sdio transactions will
   be initiated without properly enabling the sdio function and claiming
   the host. This could even lead to a kernel panic.

Fix this by only checking that the return value of pm_runtime_get_sync
is non-negative.

Signed-off-by: Ido Yariv <ido@wizery.com>
Acked-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-08-23 15:54:20 -04:00
Ido Yariv
80900d0140 wl12xx: Remove obsolete testmode NVS push command
The testmode NVS push command is no longer in use. In addition, it has
several implementation issues that prevent it from working correctly:

1. wl1271_tm_cmd_configure relies on wl->chip.id being set. However,
   since the device was not necessarily booted by the time the function
   is called, wl->chip.id will be initialized to 0.
2. The NVS file is fetched by calling request_firmware() before it is
   possible to push an NVS file.
3. The maximum allowed size of nl binary payloads is not sufficient for
   pushing NVS files.
4. Pushing 128x NVS files will always fail due to a bug in the
   validation code.
5. In case the pushed NVS file is found invalid, the mutex will be kept
   locked and the nvs member will become a dangling pointer.

Since this feature is not being used, remove it completely instead of
fixing it.

Signed-off-by: Ido Yariv <ido@wizery.com>
Acked-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-08-23 15:54:19 -04:00
Senthil Balasubramanian
b503c7a273 ath9k_hw: Fix STA (AR9485) bringup issue due to incorrect MAC address
Due to some recent optimization done in the way the mac address
bytes are written into the OTP memory, some AR9485 chipsets were
forced to use the first byte from the eeprom template and the
remaining bytes are read from OTP.

AR9485 happens to use generic eeprom template which has 0x1 as
the first byte causes issues in bringing up the card.

So fixed the eeprom template accordingly to address the issue.

Cc: stable@kernel.org
Cc: Paul Stewart <pstew@google.com>
Signed-off-by: Senthil Balasubramanian <senthilb@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-08-22 14:21:41 -04:00
Stanislaw Gruszka
543cc38c8f rt2x00: do not drop usb dev reference counter on suspend
When hibernating ->resume may not be called by usb core, but disconnect
and probe instead, so we do not increase the counter after decreasing
it in ->supend. As a result we free memory early, and get crash when
unplugging usb dongle.

BUG: unable to handle kernel paging request at 6b6b6b9f
IP: [<c06909b0>] driver_sysfs_remove+0x10/0x30
*pdpt = 0000000034f21001 *pde = 0000000000000000
Pid: 20, comm: khubd Not tainted 3.1.0-rc1-wl+ #20 LENOVO 6369CTO/6369CTO
EIP: 0060:[<c06909b0>] EFLAGS: 00010202 CPU: 1
EIP is at driver_sysfs_remove+0x10/0x30
EAX: 6b6b6b6b EBX: f52bba34 ECX: 00000000 EDX: 6b6b6b6b
ESI: 6b6b6b6b EDI: c0a0ea20 EBP: f61c9e68 ESP: f61c9e64
 DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
Process khubd (pid: 20, ti=f61c8000 task=f6138270 task.ti=f61c8000)
Call Trace:
 [<c06909ef>] __device_release_driver+0x1f/0xa0
 [<c0690b20>] device_release_driver+0x20/0x40
 [<c068fd64>] bus_remove_device+0x84/0xe0
 [<c068e12a>] ? device_remove_attrs+0x2a/0x80
 [<c068e267>] device_del+0xe7/0x170
 [<c06d93d4>] usb_disconnect+0xd4/0x180
 [<c06d9d61>] hub_thread+0x691/0x1600
 [<c0473260>] ? wake_up_bit+0x30/0x30
 [<c0442a39>] ? complete+0x49/0x60
 [<c06d96d0>] ? hub_disconnect+0xd0/0xd0
 [<c06d96d0>] ? hub_disconnect+0xd0/0xd0
 [<c0472eb4>] kthread+0x74/0x80
 [<c0472e40>] ? kthread_worker_fn+0x150/0x150
 [<c0809b3e>] kernel_thread_helper+0x6/0x10

Cc: stable@kernel.org
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Acked-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-08-22 14:21:40 -04:00
Emmanuel Grumbach
16a9d06c75 iwlagn: sysfs couldn't find the priv pointer
This bug has been introduced by:
d593411084
Author: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Date:   Mon Jul 11 10:48:51 2011 +0300

    iwlagn: simplify the bus architecture

Revert part of the buggy patch: dev_get_drvdata will now return
iwl_priv as it did before the patch.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-08-13 14:40:46 -04:00
Emmanuel Grumbach
4eb60d869f Revert "iwlagn: sysfs couldn't find the priv pointer"
This reverts commit cc1a93e68f.

This fix introduced a bug: bad pointer in unload.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-08-13 14:40:46 -04:00
Julia Lawall
f8afdf481f drivers/net/wireless/wl12xx: add missing kfree
In each case, the freed data should be freed in the error handling code
as
well.

A simplified version of the semantic match that finds this problem is as
follows: (http://coccinelle.lip6.fr/)

// <smpl>
@exists@
local idexpression x;
statement S,S1;
expression E;
identifier fl;
expression *ptr != NULL;
@@

x = \(kmalloc\|kzalloc\|kcalloc\)(...);
...
if (x == NULL) S
<... when != x
     when != if (...) { <+...kfree(x)...+> }
     when any
     when != true x == NULL
x->fl
...>
(
if (x == NULL) S1
|
if (...) { ... when != x
               when forall
(
 return \(0\|<+...x...+>\|ptr\);
|
* return ...;
)
}
)
// </smpl>

Signed-off-by: Julia Lawall <julia@diku.dk>
Acked-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-08-12 13:33:31 -04:00
Stanislaw Gruszka
674db13444 rt2x00: fix crash in rt2800usb_get_txwi
Patch should fix this oops:

BUG: unable to handle kernel NULL pointer dereference at 000000a0
IP: [<f81b30c9>] rt2800usb_get_txwi+0x19/0x70 [rt2800usb]
*pdpt = 0000000000000000 *pde = f000ff53f000ff53
Oops: 0000 [#1] SMP
Pid: 198, comm: kworker/u:3 Tainted: G        W   3.0.0-wl+ #9 LENOVO 6369CTO/6369CTO
EIP: 0060:[<f81b30c9>] EFLAGS: 00010283 CPU: 1
EIP is at rt2800usb_get_txwi+0x19/0x70 [rt2800usb]
EAX: 00000000 EBX: f465e140 ECX: f4494960 EDX: ef24c5f8
ESI: 810f21f5 EDI: f1da9960 EBP: f4581e80 ESP: f4581e70
 DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
Process kworker/u:3 (pid: 198, ti=f4580000 task=f4494960 task.ti=f4580000)
Call Trace:
 [<f804790f>] rt2800_txdone_entry+0x2f/0xf0 [rt2800lib]
 [<c045110d>] ? warn_slowpath_common+0x7d/0xa0
 [<f81b3a38>] ? rt2800usb_work_txdone+0x288/0x360 [rt2800usb]
 [<f81b3a38>] ? rt2800usb_work_txdone+0x288/0x360 [rt2800usb]
 [<f81b3a13>] rt2800usb_work_txdone+0x263/0x360 [rt2800usb]
 [<c046a8d6>] process_one_work+0x186/0x440
 [<c046a85a>] ? process_one_work+0x10a/0x440
 [<f81b37b0>] ? rt2800usb_probe_hw+0x120/0x120 [rt2800usb]
 [<c046c283>] worker_thread+0x133/0x310
 [<c04885db>] ? trace_hardirqs_on+0xb/0x10
 [<c046c150>] ? manage_workers+0x1e0/0x1e0
 [<c047054c>] kthread+0x7c/0x90
 [<c04704d0>] ? __init_kthread_worker+0x60/0x60
 [<c0826b42>] kernel_thread_helper+0x6/0x1

Oops might happen because we check rt2x00queue_empty(queue) twice,
but this condition can change and we can process entry in
rt2800_txdone_entry(), which was already processed by
rt2800usb_txdone_entry_check() -> rt2x00lib_txdone_noinfo() and
has nullify entry->skb .

Reported-by: Justin Piszcz <jpiszcz@lucidpixels.com>
Cc: stable@kernel.org
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Acked-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-08-11 14:34:37 -04:00
Stanislaw Gruszka
df71c9cfce rt2x00: fix order of entry flags modification
In rt2800usb_work_txdone we check flags in order:

- ENTRY_OWNER_DEVICE_DATA
- ENTRY_DATA_STATUS_PENDING
- ENTRY_DATA_IO_FAILED

Modify flags in separate order in rt2x00usb_interrupt_txdone, to avoid
processing entries in _txdone with wrong flags or skip processing
ready entries.

Reported-by: Justin Piszcz <jpiszcz@lucidpixels.com>
Cc: stable@kernel.org
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Acked-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-08-11 14:34:36 -04:00
Stanislaw Gruszka
4b1bfb7d2d rt2x00: fix crash in rt2800usb_write_tx_desc
Patch should fix this oops:

BUG: unable to handle kernel NULL pointer dereference at 000000a0
IP: [<f8e06078>] rt2800usb_write_tx_desc+0x18/0xc0 [rt2800usb]
*pdpt = 000000002408c001 *pde = 0000000024079067 *pte = 0000000000000000
Oops: 0000 [#1] SMP
EIP: 0060:[<f8e06078>] EFLAGS: 00010282 CPU: 0
EIP is at rt2800usb_write_tx_desc+0x18/0xc0 [rt2800usb]
EAX: 00000035 EBX: ef2bef10 ECX: 00000000 EDX: d40958a0
ESI: ef1865f8 EDI: ef1865f8 EBP: d4095878 ESP: d409585c
 DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
Call Trace:
 [<f8da5e85>] rt2x00queue_write_tx_frame+0x155/0x300 [rt2x00lib]
 [<f8da424c>] rt2x00mac_tx+0x7c/0x370 [rt2x00lib]
 [<c04882b2>] ? mark_held_locks+0x62/0x90
 [<c081f645>] ? _raw_spin_unlock_irqrestore+0x35/0x60
 [<c04884ba>] ? trace_hardirqs_on_caller+0x5a/0x170
 [<c04885db>] ? trace_hardirqs_on+0xb/0x10
 [<f8d618ac>] __ieee80211_tx+0x5c/0x1e0 [mac80211]
 [<f8d631fc>] ieee80211_tx+0xbc/0xe0 [mac80211]
 [<f8d63163>] ? ieee80211_tx+0x23/0xe0 [mac80211]
 [<f8d632e1>] ieee80211_xmit+0xc1/0x200 [mac80211]
 [<f8d63220>] ? ieee80211_tx+0xe0/0xe0 [mac80211]
 [<c0487d45>] ? lock_release_holdtime+0x35/0x1b0
 [<f8d63986>] ? ieee80211_subif_start_xmit+0x446/0x5f0 [mac80211]
 [<f8d637dd>] ieee80211_subif_start_xmit+0x29d/0x5f0 [mac80211]
 [<f8d63924>] ? ieee80211_subif_start_xmit+0x3e4/0x5f0 [mac80211]
 [<c0760188>] ? sock_setsockopt+0x6a8/0x6f0
 [<c0760000>] ? sock_setsockopt+0x520/0x6f0
 [<c076daef>] dev_hard_start_xmit+0x2ef/0x650

Oops might happen because we perform parallel putting new entries in a
queue (rt2x00queue_write_tx_frame()) and removing entries after
finishing transmitting (rt2800usb_work_txdone()). There are cases when
_txdone may process an entry that was not fully send and nullify
entry->skb .

To fix check in _txdone if entry has flags that indicate pending
transmission and wait until flags get cleared.

Reported-by: Justin Piszcz <jpiszcz@lucidpixels.com>
Cc: stable@kernel.org
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Acked-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-08-11 14:34:36 -04:00
Julia Lawall
059c438355 drivers/net/wireless/wl1251: add missing kfree
In each case, the kfree already at the end of the function is also needed
in the error case.

A simplified version of the semantic match that finds this problem is as
follows: (http://coccinelle.lip6.fr/)

// <smpl>
@exists@
local idexpression x;
statement S,S1;
expression E;
identifier fl;
expression *ptr != NULL;
@@

x = \(kmalloc\|kzalloc\|kcalloc\)(...);
...
if (x == NULL) S
<... when != x
     when != if (...) { <+...kfree(x)...+> }
     when any
     when != true x == NULL
x->fl
...>
(
if (x == NULL) S1
|
if (...) { ... when != x
               when forall
(
 return \(0\|<+...x...+>\|ptr\);
|
* return ...;
)
}
)
// </smpl>

Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-08-10 14:07:10 -04:00
Bob Copeland
bdc71bc592 ath5k: fix error handling in ath5k_beacon_send
This cleans up error handling for the beacon in case of dma mapping
failure.  We need to free the skb when dma mapping fails instead of
nulling and leaking the pointer, and we should bail out to avoid
giving the hardware the bad descriptor.

Finally, we need to perform the null check after trying to update
the beacon, or else beacons will never be sent after a single
mapping failure.

Cc: stable@kernel.org
Signed-off-by: Bob Copeland <me@bobcopeland.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-08-09 16:11:33 -04:00
Anthony Bourguignon
276b02e2a0 rt2x00: Add rt2870 device id for Dvico usb key
This patch add a device id for the wifi usb keys shiped by DVICO with
some of their tvix hardware.

Signed-off-by: Anthony Bourguignon <contact+kernel@toniob.net>
Acked-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-08-09 16:11:33 -04:00
Alex Hacker
118c9db51e ath9k: fix a misprint which leads to incorrect calibration
This patch addresses an issue with incorrect HW register
AR_PHY_TX_IQCAL_CORR_COEFF_B1 definition which leads to incorrect clibration.

Cc: stable@kernel.org
Signed-off-by: Alex Hacker <hacker@epn.ru>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-08-09 16:11:33 -04:00
Ivo van Doorn
b8b1ec61c0 rt2x00: Add new rt73 buffalo USB id
Reported-by: Maik-Holger Freudenberg <hhfeuer@gmx.de>
Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-08-09 16:11:32 -04:00
Larry Finger
03f18fa16c rtlwifi: rtl892cu: New USB IDs
This patch fixes several problems in the USB_DEVICE table, including missing IDs,
reversed vendor/product codes, and a duplicate ID.

Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-08-09 16:11:32 -04:00
Rajkumar Manoharan
1fa707aa3e ath9k_hw: update PMU to improve ripple issue for AR9485
The commit ebefce3d13 failed
to set proper PMU value to address ripple issue for AR9485.

Cc: stable@kernel.org
Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-08-09 16:11:32 -04:00
Rajkumar Manoharan
15052f81d2 ath9k_hw: Fix incorrect Tx control power in AR9003 template
CTL power data incorrect in ctlPowerData_2G field of ar9300_eeprom.
Setting incorrect CTL power in calibration is causing lower tx power.
Tx power was reported as 3dBm while operating in channel 6 HT40+/
in channel 11 HT40- due to CTL powers in the calibration is set to
zero.

Cc: stable@kernel.org
Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-08-09 16:11:32 -04:00
Hauke Mehrtens
5b36c9b4a9 b43: read correct register on bcma bus.
This causes an databus error on a Broadcom SoC using bcma.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-08-09 16:11:31 -04:00
John W. Linville
a5d5a91477 Merge git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next into for-davem 2011-08-03 09:18:21 -04:00
Wey-Yi Guy
f352910822 iwlagn: 5000 do not support idle mode
5000 series has issue supporting power save idle mode:

commit	9dc2153315

iwlwifi: always support idle mode for agn devices

For agn devices, always support idle mode which help power
consumption in idle unassociated state.

the above changes cause 5000 become not stable when power management is "on"

http://bugzilla.intellinuxwireless.org/show_bug.cgi?id=2312

Cc: stable@kernel.org #2.6.39, #3.0.0
Reported-by: Devin J Pohly <djpohly+iwl@gmail.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-08-02 13:50:56 -04:00
Stanislaw Gruszka
00898a4726 rt2x00: fix usage of NULL queue
We may call rt2x00queue_pause_queue(queue) with queue == NULL. Bug
was introduced by commit 62fe778412
"rt2x00: Fix stuck queue in tx failure case" .

Cc: stable@kernel.org # 3.0+
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Acked-by: Ivo van Doorn <IvDoorn@gmail.com>
Acked-by: Gertjan van Wingerde <gwingerde@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-08-02 13:48:14 -04:00
Helmut Schaa
449f94eadc rt2x00: Fix compilation without CONFIG_RT2X00_LIB_CRYPTO
This was introduced by commit
77b5621bac (rt2x00: Don't use queue entry
as parameter when creating TX descriptor.)

Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
Acked-by: Gertjan van Wingerde <gwingerde@gmail.com>
Acked-by: Ivo van Doorn <IvDoorn@gmail.com>
Reported-by: Randy Dunlap <rdunlap@xenotime.net>
Acked-by: Randy Dunlap <rdunlap@xenotime.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-08-02 13:48:14 -04:00
Emmanuel Grumbach
cc1a93e68f iwlagn: sysfs couldn't find the priv pointer
This bug has been introduced by:
d593411084
Author: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Date:   Mon Jul 11 10:48:51 2011 +0300

    iwlagn: simplify the bus architecture

Revert part of the buggy patch: dev_get_drvdata will now return
iwl_priv as it did before the patch.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Tested-by: Daniel Halperin <dhalperi@cs.washington.edu>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-08-02 13:46:43 -04:00
Stanislaw Gruszka
b52398b6e4 rt2x00: rt2800: fix zeroing skb structure
We should clear skb->data not skb itself. Bug was introduced by:
commit 0b8004aa12 "rt2x00: Properly
reserve room for descriptors in skbs".

Cc: stable@kernel.org # 2.6.36+
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Acked-by: Gertjan van Wingerde <gwingerde@gmail.com>
Acked-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-08-01 13:46:48 -04:00
Larry Finger
b6b67df3f2 rtlwifi: Fix kernel oops on ARM SOC
This driver uses information from the self member of the pci_bus struct to
get information regarding the bridge to which the PCIe device is attached.
Unfortunately, this member is not established on all architectures, which
leads to a kernel oops.

Skipping the entire block that uses the self member to determine the bridge
vendor will only affect RTL8192DE devices as that driver sets the ASPM support
flag differently when the bridge vendor is Intel. If the self member is
available, there is no functional change.

This patch fixes Bugzilla No. 40212.

Reported-by: Hubert Liao <liao.hubertt@gmail.com>
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Cc: Stable <stable@kernel.org> [back to 2.6.38]
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-08-01 13:46:47 -04:00
Stanislaw Gruszka
d4930086bd ath9k: skip ->config_pci_powersave() if PCIe port has ASPM disabled
We receive many bug reports about system hang during suspend/resume
when ath9k driver is in use. Adrian Chadd remarked that this problem
happens on systems that have ASPM disabled.

To do not hit the bug, skip doing ->config_pci_powersave magic if PCIe
downstream port device, which ath9k device is connected to, has ASPM
disabled.

Bug was introduced by:

commit 53bc7aa08b
Author: Vivek Natarajan <vnatarajan@atheros.com>
Date:   Mon Apr 5 14:48:04 2010 +0530

    ath9k: Add support for newer AR9285 chipsets.

Patch should address:
https://bugzilla.kernel.org/show_bug.cgi?id=37462
https://bugzilla.kernel.org/show_bug.cgi?id=37082
https://bugzilla.redhat.com/show_bug.cgi?id=697157

however I did not receive confirmation about that, except from Camilo
Mesias, whose system stops hang regularly with this patch (but still
hangs from time to time, but this is probably some other bug).

Tested-by: Camilo Mesias <camilo@mesias.co.uk>
Cc: stable@kernel.org # 2.6.35+
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-08-01 13:46:46 -04:00
Stanislaw Gruszka
17e859a899 iwlegacy: set tx power after rxon_assoc
If settings of tx power was deferred during scan or changing channel we
have to setup them during commit rxon. Fix problem on 3945 (4965 already
has this fix).

Optimize code to apply tx settings only when tx power was actually
changed.

Cc: stable@kernel.org # 2.6.39+
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-08-01 13:46:45 -04:00
Felix Fietkau
c1227340ca ath9k: initialize tx chainmask before testing channel tx power values
With an uninitialized chainmask, the per-channel power will only contain
the power limits for a single chain instead of the combined tx power.

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Cc: stable@kernel.org
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-08-01 13:46:44 -04:00
Linus Torvalds
d5eab9152a Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (32 commits)
  tg3: Remove 5719 jumbo frames and TSO blocks
  tg3: Break larger frags into 4k chunks for 5719
  tg3: Add tx BD budgeting code
  tg3: Consolidate code that calls tg3_tx_set_bd()
  tg3: Add partial fragment unmapping code
  tg3: Generalize tg3_skb_error_unmap()
  tg3: Remove short DMA check for 1st fragment
  tg3: Simplify tx bd assignments
  tg3: Reintroduce tg3_tx_ring_info
  ASIX: Use only 11 bits of header for data size
  ASIX: Simplify condition in rx_fixup()
  Fix cdc-phonet build
  bonding: reduce noise during init
  bonding: fix string comparison errors
  net: Audit drivers to identify those needing IFF_TX_SKB_SHARING cleared
  net: add IFF_SKB_TX_SHARED flag to priv_flags
  net: sock_sendmsg_nosec() is static
  forcedeth: fix vlans
  gianfar: fix bug caused by 87c288c6e9
  gro: Only reset frag0 when skb can be pulled
  ...
2011-07-28 05:58:19 -07:00