From b6855772f4a22c4fbdd4fcaceff5c8a527035123 Mon Sep 17 00:00:00 2001 From: Bob Copeland Date: Fri, 18 Jun 2010 13:15:23 -0400 Subject: ath5k: initialize ah->ah_current_channel ath5k assumes ah_current_channel is always a valid pointer in several places, but a newly created interface may not have a channel. To avoid null pointer dereferences, set it up to point to the first available channel until later reconfigured. This fixes the following oops: $ rmmod ath5k $ insmod ath5k $ iw phy0 set distance 11000 BUG: unable to handle kernel NULL pointer dereference at 00000006 IP: [] ath5k_hw_set_coverage_class+0x74/0x1b0 [ath5k] *pde = 00000000 Oops: 0000 [#1] last sysfs file: /sys/devices/pci0000:00/0000:00:0e.0/ieee80211/phy0/index Modules linked in: usbhid option usb_storage usbserial usblp evdev lm90 scx200_acb i2c_algo_bit i2c_dev i2c_core via_rhine ohci_hcd ne2k_pci 8390 leds_alix2 xt_IMQ imq nf_nat_tftp nf_conntrack_tftp nf_nat_irc nf_cc Pid: 1597, comm: iw Not tainted (2.6.32.14 #8) EIP: 0060:[] EFLAGS: 00010296 CPU: 0 EIP is at ath5k_hw_set_coverage_class+0x74/0x1b0 [ath5k] EAX: 000000c2 EBX: 00000000 ECX: ffffffff EDX: c12d2080 ESI: 00000019 EDI: cf8c0000 EBP: d0a30edc ESP: cfa09bf4 DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068 Process iw (pid: 1597, ti=cfa09000 task=cf88a000 task.ti=cfa09000) Stack: d0a34f35 d0a353f8 d0a30edc 000000fe cf8c0000 00000000 1900063d cfa8c9e0 <0> cfa8c9e8 cfa8c0c0 cfa8c000 d0a27f0c 199d84b4 cfa8c200 00000010 d09bfdc7 <0> 00000000 00000000 ffffffff d08e0d28 cf9263c0 00000001 cfa09cc4 00000000 Call Trace: [] ? ath5k_hw_attach+0xc8c/0x3c10 [ath5k] [] ? __ieee80211_request_smps+0x1347/0x1580 [mac80211] [] ? nl80211_send_scan_start+0x7b8/0x4520 [cfg80211] [] ? nla_parse+0x59/0xc0 [] ? genl_rcv_msg+0x169/0x1a0 [] ? genl_rcv_msg+0x0/0x1a0 [] ? netlink_rcv_skb+0x38/0x90 [] ? genl_rcv+0x19/0x30 [] ? netlink_unicast+0x1b3/0x220 [] ? netlink_sendmsg+0x26e/0x290 [] ? sock_sendmsg+0xbe/0xf0 [] ? autoremove_wake_function+0x0/0x50 [] ? __alloc_pages_nodemask+0x106/0x530 [] ? do_lookup+0x53/0x1b0 [] ? __link_path_walk+0x9b9/0x9e0 [] ? verify_iovec+0x50/0x90 [] ? sys_sendmsg+0x1e1/0x270 [] ? find_get_page+0x10/0x50 [] ? filemap_fault+0x5f/0x370 [] ? __do_fault+0x319/0x370 [] ? sys_socketcall+0x244/0x290 [] ? do_page_fault+0x1ec/0x270 [] ? do_page_fault+0x0/0x270 [] ? syscall_call+0x7/0xb Code: 00 b8 fe 00 00 00 b9 f8 53 a3 d0 89 5c 24 14 89 7c 24 10 89 44 24 0c 89 6c 24 08 89 4c 24 04 c7 04 24 35 4f a3 d0 e8 7c 30 60 f0 <0f> b7 43 06 ba 06 00 00 00 a8 10 75 0e 83 e0 20 83 f8 01 19 d2 EIP: [] ath5k_hw_set_coverage_class+0x74/0x1b0 [ath5k] SS:ESP 0068:cfa09bf4 CR2: 0000000000000006 ---[ end trace 54f73d6b10ceb87b ]--- Cc: stable@kernel.org Reported-by: Steve Brown Signed-off-by: Bob Copeland Signed-off-by: John W. Linville --- drivers/net/wireless/ath/ath5k/attach.c | 1 + 1 file changed, 1 insertion(+) (limited to 'drivers/net') diff --git a/drivers/net/wireless/ath/ath5k/attach.c b/drivers/net/wireless/ath/ath5k/attach.c index e0c244b..31c0080 100644 --- a/drivers/net/wireless/ath/ath5k/attach.c +++ b/drivers/net/wireless/ath/ath5k/attach.c @@ -126,6 +126,7 @@ int ath5k_hw_attach(struct ath5k_softc *sc) ah->ah_ant_mode = AR5K_ANTMODE_DEFAULT; ah->ah_noise_floor = -95; /* until first NF calibration is run */ sc->ani_state.ani_mode = ATH5K_ANI_MODE_AUTO; + ah->ah_current_channel = &sc->channels[0]; /* * Find the mac version -- cgit v1.1 From 6c3118e2305326743acb52250bcfd0d52389d9dc Mon Sep 17 00:00:00 2001 From: Vasanthakumar Thiagarajan Date: Wed, 23 Jun 2010 06:49:21 -0700 Subject: ath9k: Fix bug in starting ani There are few places where ANI is started without checking if it is right to start. This might lead to a case where ani timer would be left undeleted and cause improper memory acccess during module unload. This bug is clearly exposed with paprd support where the driver detects tx hang and does a chip reset. During this reset ani is (re)started without checking if it needs to be started. This would leave a timer scheduled even after all the resources are freed and cause a panic. This patch introduces a bit in sc_flags to indicate if ani needs to be started in sw_scan_start() and ath_reset(). This would fix the following panic. This issue is easily seen with ar9003 + paprd. BUG: unable to handle kernel paging request at 0000000000003f38 [] ? __queue_work+0x41/0x50 [] run_timer_softirq+0x17a/0x370 [] ? tick_dev_program_event+0x48/0x110 [] __do_softirq+0xb9/0x1f0 [] ? handle_IRQ_event+0x50/0x160 [] call_softirq+0x1c/0x30 [] do_softirq+0x65/0xa0 [] irq_exit+0x85/0x90 [] do_IRQ+0x75/0xf0 [] ret_from_intr+0x0/0x11 [] ? acpi_idle_enter_simple+0xe4/0x119 [] ? acpi_idle_enter_simple+0xdd/0x119 [] cpuidle_idle_call+0xa7/0x140 [] cpu_idle+0xb3/0x110 [] start_secondary+0x1ee/0x1f5 Signed-off-by: Vasanthakumar Thiagarajan Signed-off-by: John W. Linville --- drivers/net/wireless/ath/ath9k/ath9k.h | 1 + drivers/net/wireless/ath/ath9k/main.c | 11 ++++++++++- 2 files changed, 11 insertions(+), 1 deletion(-) (limited to 'drivers/net') diff --git a/drivers/net/wireless/ath/ath9k/ath9k.h b/drivers/net/wireless/ath/ath9k/ath9k.h index fbb7dec..5ea8773 100644 --- a/drivers/net/wireless/ath/ath9k/ath9k.h +++ b/drivers/net/wireless/ath/ath9k/ath9k.h @@ -445,6 +445,7 @@ void ath_deinit_leds(struct ath_softc *sc); #define SC_OP_TSF_RESET BIT(11) #define SC_OP_BT_PRIORITY_DETECTED BIT(12) #define SC_OP_BT_SCAN BIT(13) +#define SC_OP_ANI_RUN BIT(14) /* Powersave flags */ #define PS_WAIT_FOR_BEACON BIT(0) diff --git a/drivers/net/wireless/ath/ath9k/main.c b/drivers/net/wireless/ath/ath9k/main.c index abfa049..1e2a68e 100644 --- a/drivers/net/wireless/ath/ath9k/main.c +++ b/drivers/net/wireless/ath/ath9k/main.c @@ -336,6 +336,10 @@ set_timer: static void ath_start_ani(struct ath_common *common) { unsigned long timestamp = jiffies_to_msecs(jiffies); + struct ath_softc *sc = (struct ath_softc *) common->priv; + + if (!(sc->sc_flags & SC_OP_ANI_RUN)) + return; common->ani.longcal_timer = timestamp; common->ani.shortcal_timer = timestamp; @@ -872,11 +876,13 @@ static void ath9k_bss_assoc_info(struct ath_softc *sc, /* Reset rssi stats */ sc->sc_ah->stats.avgbrssi = ATH_RSSI_DUMMY_MARKER; + sc->sc_flags |= SC_OP_ANI_RUN; ath_start_ani(common); } else { ath_print(common, ATH_DBG_CONFIG, "Bss Info DISASSOC\n"); common->curaid = 0; /* Stop ANI */ + sc->sc_flags &= ~SC_OP_ANI_RUN; del_timer_sync(&common->ani.timer); } } @@ -1478,8 +1484,10 @@ static int ath9k_add_interface(struct ieee80211_hw *hw, if (vif->type == NL80211_IFTYPE_AP || vif->type == NL80211_IFTYPE_ADHOC || - vif->type == NL80211_IFTYPE_MONITOR) + vif->type == NL80211_IFTYPE_MONITOR) { + sc->sc_flags |= SC_OP_ANI_RUN; ath_start_ani(common); + } out: mutex_unlock(&sc->mutex); @@ -1500,6 +1508,7 @@ static void ath9k_remove_interface(struct ieee80211_hw *hw, mutex_lock(&sc->mutex); /* Stop ANI */ + sc->sc_flags &= ~SC_OP_ANI_RUN; del_timer_sync(&common->ani.timer); /* Reclaim beacon resources */ -- cgit v1.1 From d1e89f37de2845db364ef6d67586cd882f86b557 Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Fri, 18 Jun 2010 03:41:25 -0700 Subject: iwlwifi: fix multicast commit 3474ad635db371b0d8d0ee40086f15d223d5b6a4 Author: Johannes Berg Date: Thu Apr 29 04:43:05 2010 -0700 iwlwifi: apply filter flags directly broke multicast. The reason, it turns out, is that the code previously checked if ALLMULTI _changed_, which the new code no longer did, and normally it _never_ changes. Had somebody changed it manually, the code prior to my patch there would have been broken already. The reason is that we always, unconditionally, ask the device to pass up all multicast frames, but the new code made it depend on ALLMULTI which broke it since now we'd pass up multicast frames depending on the default filter in the device, which isn't necessarily what we want (since we don't program it right now). Fix this by simply not checking allmulti as we have allmulti behaviour enabled already anyway. Reported-by: Maxim Levitsky Tested-by: Maxim Levitsky Signed-off-by: Johannes Berg --- drivers/net/wireless/iwlwifi/iwl-core.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'drivers/net') diff --git a/drivers/net/wireless/iwlwifi/iwl-core.c b/drivers/net/wireless/iwlwifi/iwl-core.c index 426e955..5bbc529 100644 --- a/drivers/net/wireless/iwlwifi/iwl-core.c +++ b/drivers/net/wireless/iwlwifi/iwl-core.c @@ -1314,7 +1314,6 @@ void iwl_configure_filter(struct ieee80211_hw *hw, changed_flags, *total_flags); CHK(FIF_OTHER_BSS | FIF_PROMISC_IN_BSS, RXON_FILTER_PROMISC_MSK); - CHK(FIF_ALLMULTI, RXON_FILTER_ACCEPT_GRP_MSK); CHK(FIF_CONTROL, RXON_FILTER_CTL2HOST_MSK); CHK(FIF_BCN_PRBRESP_PROMISC, RXON_FILTER_BCON_AWARE_MSK); @@ -1329,6 +1328,12 @@ void iwl_configure_filter(struct ieee80211_hw *hw, mutex_unlock(&priv->mutex); + /* + * Receiving all multicast frames is always enabled by the + * default flags setup in iwl_connection_init_rx_config() + * since we currently do not support programming multicast + * filters into the device. + */ *total_flags &= FIF_OTHER_BSS | FIF_ALLMULTI | FIF_PROMISC_IN_BSS | FIF_BCN_PRBRESP_PROMISC | FIF_CONTROL; } -- cgit v1.1 From 062bee448bd539580ef9f64efe50fdfe04eeb103 Mon Sep 17 00:00:00 2001 From: Wey-Yi Guy Date: Fri, 18 Jun 2010 11:33:17 -0700 Subject: iwlwifi: set TX_CMD_FLAG_PROT_REQUIRE_MSK in tx_flag When building tx command, always set TX_CMD_FLAG_PROT_REQUIRE_MSK for 5000 series and up. Without setting this bit the firmware will not examine the RTS/CTS setting and thus not send traffic with the appropriate protection. RTS/CTS is is required for HT traffic in a noisy environment where, without this setting, connections will stall on some hardware as documented in the patch that initially attempted to address this: commit 1152dcc28c66a74b5b3f1a3ede0aa6729bfd48e4 Author: Wey-Yi Guy Date: Fri Jan 15 13:42:58 2010 -0800 iwlwifi: Fix throughput stall issue in HT mode for 5000 Similar to 6000 and 1000 series, RTS/CTS is the recommended protection mechanism for 5000 series in HT mode based on the HW design. Using RTS/CTS will better protect the inner exchange from interference, especially in highly-congested environment, it also prevent uCode encounter TX FIFO underrun and other HT mode related performance issues. For 3945 and 4965, different flags are used for RTS/CTS or CTS-to-Self protection. Signed-off-by: Wey-Yi Guy Signed-off-by: Reinette Chatre --- drivers/net/wireless/iwlwifi/iwl-agn-hcmd.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) (limited to 'drivers/net') diff --git a/drivers/net/wireless/iwlwifi/iwl-agn-hcmd.c b/drivers/net/wireless/iwlwifi/iwl-agn-hcmd.c index 44ef5d9..01658cf 100644 --- a/drivers/net/wireless/iwlwifi/iwl-agn-hcmd.c +++ b/drivers/net/wireless/iwlwifi/iwl-agn-hcmd.c @@ -212,11 +212,7 @@ static void iwlagn_chain_noise_reset(struct iwl_priv *priv) static void iwlagn_rts_tx_cmd_flag(struct ieee80211_tx_info *info, __le32 *tx_flags) { - if ((info->control.rates[0].flags & IEEE80211_TX_RC_USE_RTS_CTS) || - (info->control.rates[0].flags & IEEE80211_TX_RC_USE_CTS_PROTECT)) - *tx_flags |= TX_CMD_FLG_RTS_CTS_MSK; - else - *tx_flags &= ~TX_CMD_FLG_RTS_CTS_MSK; + *tx_flags |= TX_CMD_FLG_RTS_CTS_MSK; } /* Calc max signal level (dBm) among 3 possible receivers */ -- cgit v1.1