10 Dec, 2011
1 commit
-
…wireless into for-davem
08 Dec, 2011
1 commit
-
Emmanuel noticed that when mac80211 stops the queues
for aggregation that can leave a packet pending. This
packet will be given to the driver after the AMPDU
callback, but as a non-aggregated packet which messes
up the sequence number etc.I also noticed by looking at the code that if packets
are being processed while we clear the WANT_START bit,
they might see it cleared already and queue up on
tid_tx->pending. If the driver then rejects the new
aggregation session we leak the packet.Fix both of these issues by changing this code to not
stop the queues at all. Instead, let packets queue up
on the tid_tx->pending queue instead of letting them
get to the driver, and add code to recover properly
in case the driver rejects the session.(The patch looks large because it has to move two
functions to before their new use.)Cc: stable@vger.kernel.org
Reported-by: Emmanuel Grumbach
Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville
06 Dec, 2011
1 commit
-
…wireless into for-davem
01 Dec, 2011
3 commits
-
This reverts commit f785d83a19bca326f79d127a413e35769afc0105.
This was provoking WARNINGs from the iwlegacy drivers.
Signed-off-by: John W. Linville
-
The rates bitmap for internal scan requests shoud be filled,
otherwise there will be probe requests with zero rates supported.Signed-off-by: Simon Wunderlich
Signed-off-by: Mathias Kretschmer
Cc: stable@vger.kernel.org
Signed-off-by: John W. Linville -
…wireless into for-davem
29 Nov, 2011
3 commits
-
When a packet is supposed to sent be as an a-MPDU, mac80211 sets
IEEE80211_TX_CTL_AMPDU to let the driver know. On the other
hand, mac80211 configures the driver for aggregration with the
ampdu_action callback.
There is race between these two mechanisms since the following
scenario can occur when the BA agreement is torn down:Tx softIRQ drv configuration
========== =================check OPERATIONAL bit
Set the TX_CTL_AMPDU bit in the packetclear OPERATIONAL bit
stop Tx AGG
Pass Tx packet to the driver.In that case the driver would get a packet with TX_CTL_AMPDU set
although it has already been notified that the BA session has been
torn down.To fix this, we need to synchronize all the Qdisc activity after we
cleared the OPERATIONAL bit. After that step, all the following
packets will be buffered until the driver reports it is ready to get
new packets for this RA / TID. This buffering allows not to run into
another race that would send packets with TX_CTL_AMPDU unset while
the driver hasn't been requested to tear down the BA session yet.This race occurs in practice and iwlwifi complains with a WARN_ON
when it happens.Cc: stable@kernel.org
Signed-off-by: Emmanuel Grumbach
Reviewed-by: Johannes Berg
Signed-off-by: John W. Linville -
If addBA responses comes in just after addba_resp_timer has
expired mac80211 will still accept it and try to open the
aggregation session. This causes drivers to be confused and
in some cases even crash.This patch fixes the race condition and makes sure that if
addba_resp_timer has expired addBA response is not longer
accepted and we do not try to open half-closed session.Cc: stable@vger.kernel.org
Signed-off-by: Nikolay Martynov
[some adjustments]
Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville -
Nikolay noticed (by code review) that mac80211 can
attempt to stop an aggregation session while it is
already being stopped. So to fix it, check whether
stop is already being done and bail out if so.Also move setting the STOPPING state into the lock
so things are properly atomic.Cc: stable@vger.kernel.org
Reported-by: Nikolay Martynov
Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville
23 Nov, 2011
1 commit
-
…wireless into for-davem
22 Nov, 2011
2 commits
-
I intoduced this bug in commit a2fe81667410723d941a688e1958a49d67ca3346
"mac80211: Build TX radiotap header dynamically"Signed-off-by: Helmut Schaa
Acked-by: Johannes Berg
Signed-off-by: John W. Linville -
It was flipped. See section 7.3.2.56 of the 802.11n
spec for details.Signed-off-by: Ben Greear
Acked-by: Johannes Berg
Signed-off-by: John W. Linville
12 Nov, 2011
1 commit
-
…wireless into for-davem
10 Nov, 2011
4 commits
-
When the connection monitor timer fires right before
suspend, the following will happen:
timer fires -> monitor_work gets queued
suspend calls ieee80211_sta_quiesce
ieee80211_sta_quiesce:
- deletes timer
- cancels monitor_work synchronously, running it
[note wrong order of these steps]
monitor_work runs, re-arming the timer
later, timer fires while system should be quiescedThis causes a warning:
WARNING: at net/mac80211/util.c:540 ieee80211_can_queue_work+0x35/0x40 [mac80211]()
but is otherwise harmless. I'm not completely sure
this is the scenario Thomas stumbled across, but it
is the only way I can right now see the warning in
a scenario like the one he reported.Reported-by: Thomas Meyer
Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville -
ieee80211_probereq_get() can return NULL in
which case we should clean up & return NULL
in ieee80211_build_probe_req() as well.Cc: stable@vger.kernel.org
Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville -
When receiving failed PLCP frames is enabled, there
won't be a rate pointer when we add the radiotap
header and thus the kernel will crash. Fix this by
not assuming the rate pointer is always valid. It's
still always valid for frames that have good PLCP
though, and that is checked & enforced.This was broken by my
commit fc88518916793af8ad6a02e05ff254d95c36d875
Author: Johannes Berg
Date: Fri Jul 30 13:23:12 2010 +0200mac80211: don't check rates on PLCP error frames
where I removed the check in this case but didn't
take into account that the rate info would be used.Reported-by: Xiaokang Qin
Cc: stable@vger.kernel.org
Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville
08 Nov, 2011
3 commits
-
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (47 commits)
forcedeth: fix a few sparse warnings (variable shadowing)
forcedeth: Improve stats counters
forcedeth: remove unneeded stats updates
forcedeth: Acknowledge only interrupts that are being processed
forcedeth: fix race when unloading module
MAINTAINERS/rds: update maintainer
wanrouter: Remove kernel_lock annotations
usbnet: fix oops in usbnet_start_xmit
ixgbe: Fix compile for kernel without CONFIG_PCI_IOV defined
etherh: Add MAINTAINERS entry for etherh
bonding: comparing a u8 with -1 is always false
sky2: fix regression on Yukon Optima
netlink: clarify attribute length check documentation
netlink: validate NLA_MSECS length
i825xx:xscale:8390:freescale: Fix Kconfig dependancies
macvlan: receive multicast with local address
tg3: Update version to 3.121
tg3: Eliminate timer race with reset_task
tg3: Schedule at most one tg3_reset_task run
tg3: Obtain PCI function number from device
... -
Set IEEE80211_FCTL_MOREDATA bit also in case we have buffered
frames (more than one) only for one AC.Signed-off-by: Janusz Dziedzic
Reviewed-by: Johannes Berg
Signed-off-by: John W. Linville -
Some buggy APs (and even P2P_GO) don't advertise their
basic rates in the association response.In such case, use the min supported rate as the
basic rate.Reported-by: Pontus Fuchs
Signed-off-by: Eliad Peller
Signed-off-by: John W. Linville
03 Nov, 2011
4 commits
-
Only AID values 1-2007 are valid, but some APs have been
found to send random bogus values, in the reported case an
AP that was sending the AID field value 0xffff, an AID of
0x3fff (16383).There isn't much we can do but disable powersave since
there's no way it can work properly in this case.Cc: stable@vger.kernel.org
Reported-by: Bill C Riemers
Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville -
We need to verify whether the command is successful before allocating
the station entry to avoid extra processing. This also fixes a memory
leak on the error path.Signed-off-by: Jouni Malinen
Signed-off-by: John W. Linville -
When going back on-channel, we should reconfigure
the hw iff the hardware is not already configured
to the operational channel.Signed-off-by: Eliad Peller
Cc: stable@kernel.org # 2.6.39+
Signed-off-by: John W. Linville -
The offchannel code is currently broken - we should
remain_off_channel if the work was started, and
the work's channel and channel_type are the same
as local->tmp_channel and local->tmp_channel_type.However, if wk->chan_type and local->tmp_channel_type
coexist (e.g. have the same channel type), we won't
remain_off_channel.This behavior was introduced by commit da2fd1f
("mac80211: Allow work items to use existing
channel type.")Tested-by: Ben Greear
Signed-off-by: Eliad Peller
Cc: stable@kernel.org # 2.6.39+
Signed-off-by: John W. Linville
01 Nov, 2011
3 commits
-
These files are non modular, but need to export symbols using
the macros now living in export.h -- call out the include so
that things won't break when we remove the implicit presence
of module.h from everywhere.Signed-off-by: Paul Gortmaker
-
These files were getting access to these two via the implicit
presence of module.h everywhere. They aren't modules, so they
don't need the full module.h inclusion though.Signed-off-by: Paul Gortmaker
-
With calls to modular infrastructure, these files really
needs the full module.h header. Call it out so some of the
cleanups of implicit and unrequired includes elsewhere can be
cleaned up.Signed-off-by: Paul Gortmaker
25 Oct, 2011
1 commit
-
* 'pm-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: (63 commits)
PM / Clocks: Remove redundant NULL checks before kfree()
PM / Documentation: Update docs about suspend and CPU hotplug
ACPI / PM: Add Sony VGN-FW21E to nonvs blacklist.
ARM: mach-shmobile: sh7372 A4R support (v4)
ARM: mach-shmobile: sh7372 A3SP support (v4)
PM / Sleep: Mark devices involved in wakeup signaling during suspend
PM / Hibernate: Improve performance of LZO/plain hibernation, checksum image
PM / Hibernate: Do not initialize static and extern variables to 0
PM / Freezer: Make fake_signal_wake_up() wake TASK_KILLABLE tasks too
PM / Hibernate: Add resumedelay kernel param in addition to resumewait
MAINTAINERS: Update linux-pm list address
PM / ACPI: Blacklist Vaio VGN-FW520F machine known to require acpi_sleep=nonvs
PM / ACPI: Blacklist Sony Vaio known to require acpi_sleep=nonvs
PM / Hibernate: Add resumewait param to support MMC-like devices as resume file
PM / Hibernate: Fix typo in a kerneldoc comment
PM / Hibernate: Freeze kernel threads after preallocating memory
PM: Update the policy on default wakeup settings
PM / VT: Cleanup #if defined uglyness and fix compile error
PM / Suspend: Off by one in pm_suspend()
PM / Hibernate: Include storage keys in hibernation image on s390
...
18 Oct, 2011
1 commit
15 Oct, 2011
5 commits
-
Only station flags that are already defined in nl80211 are added for
now.Signed-off-by: Helmut Schaa
Signed-off-by: John W. Linville -
The queue mapping/TID for non-QoS null data
responses to is never set, making it default
to BK. Fix that.Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville -
Reformat the check, the indentation is completely strange.
Also change the last part of the condition to make the
code shorter.Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville -
mac80211 already filled in the MCS rate info for rx'ed frames but tx'ed
frames that are sent to a monitor interface during the status callback
lack this information.Add the radiotap fields for MCS info to ieee80211_tx_status_rtap_hdr
and populate them when sending tx'ed frames to the monitors.The needed headroom is only extended by one byte since we don't include
legacy rate information in the rtap header for HT frames.Signed-off-by: Helmut Schaa
Signed-off-by: John W. Linville -
Get rid of the ieee80211_tx_status_rtap_hdr struct and instead build the
rtap header dynamically. This makes it easier to extend the rtap header
generation in the future.Add ieee80211_tx_radiotap_len to calculate the expected size of the
rtap header before generating it. Since we can't check if the rtap
header fits into the requested headroom during compile time anymore
add a WARN_ON_ONCE.Also move the actual rtap header generation into its own function.
Signed-off-by: Helmut Schaa
Signed-off-by: John W. Linville
12 Oct, 2011
6 commits
-
This was another workaround for truesize "bugs".
The reason we did this was that when we orphaned
the SKB it wouldn't be truesize-checked later.
Now that the check is gone (and we just charge
the former smaller size to the socket) there's
no longer a reason to orphan the skb here.Keep the skb charged to the socket until it is
really freed (or orphaned in TX status). This
helps flow control and allows us to get at the
socket later for other purposes.Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville -
There's no need to adjust truesize.
The history of this was that we always ran into
skb_truesize_bug (via skb_truesize_check) which
has since been removed in commit 92a0acce186cd.
skb_truesize_check() checked that truesize was
bigger or equal to the actual allocation, which
would trigger in mac80211 due to header adding.
The check no longer exists and we shouldn't be
messing with the truesize anwyay.Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville -
We can now move the radiotap header parsing into
ieee80211_monitor_start_xmit(). This moves it out of
the hotpath, and also helps the code since now the
radiotap header will no longer be present in
ieee80211_xmit() etc. which is easier to understand.Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville -
The purpose of this is two-fold:
1) by moving it out of tx_data.flags, we can in
another patch move the radiotap parsing so it
no longer is in the hotpath
2) if a device implements fragmentation but can
optionally skip it, the radiotap request for
not doing fragmentation may be honouredSigned-off-by: Johannes Berg
Signed-off-by: John W. Linville -
It's set, but never used, so kill it.
Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville -
Since the only way the interface can be a monitor
interface in ieee80211_xmit() is because the frame
came from ieee80211_monitor_start_xmit() we can
move all the code there.Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville