On our hardware (050d:7050 Belkin Components F5D7050 Wireless G Adapter),
setting any WEP key with non zero index, cause rx frames corruption.
Note: perhaps (I did not check) this can be fixed differently - by using
hw_key_idx the same as true MAC key index. But according to the comment in
rt2x00mac_set_key():
"the hardware requires keys to be assigned in correct order (When key 1
is provided but key 0 is not, then the key is not found by the hardware
during RX)"
this will be quite problematic. Since WEP should not be used, disabling
hardware crypto offload for it will not hurt much. Beside static
one key WEP will still be offloaded.
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Acked-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Without cipher part nullify of TXRX_CSR0 register we can receive
corrupted frames (removed IV or IVC), after reloading rt2500usb module
with nohwcrypt=1 option, if previous some keys were configured into
the hardware.
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Acked-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Fix rt2500usb hardware encryption broken by commit
96b61bafe2
"rt2x00: Clean up USB vendor request buffer functions"
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Acked-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
base index is not used anymore and so remove it.
Signed-off-by: Senthil Balasubramanian <senthilkumar@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
The user ratekbs of MCS15 ShortGI is incorrect and can not be lesser
than MCS15 rate. This incorrect rate may affect switching to higher
rates as the rate control algorithm always finds MCS15 is better
than MCS15 ShortGI and results in lower throughput. Fix this by
feeding the correct user ratekbs for MCS15 ShortGI rate.
This issue affects 3 stream case very badly as the 3 stream rates are
not used at all once we scale down to MCS15 from 3 stream rates.
Signed-off-by: Senthil Balasubramanian <senthilkumar@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This patch adds 3 stream rate control support for AR938X family
chipsets which supports 3 streams.
Signed-off-by: Senthil Balasubramanian <senthilkumar@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
replace valid and valid_single_stream in rate table with bit masks
and reorganize the code so adding 3x3 rate control would be easier.
Signed-off-by: Senthil Balasubramanian <senthilkumar@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Key locking simplification removed key->sdata != NULL verification from
ieee80211_key_free(). While that is fine for most use cases, there is one
path where this function can be called with an unlinked key (i.e.,
key->sdata == NULL && key->local == NULL). This results in a NULL pointer
dereference with the current implementation. This is known to happen at
least with FT protocol when wpa_supplicant tries to configure the key
before association.
Avoid the issue by passing in the local pointer to
ieee80211_key_free(). In addition, do not clear the key from hw_accel
or debugfs if it has not yet been added. At least the hw_accel one could
trigger another NULL pointer dereference.
Signed-off-by: Jouni Malinen <j@w1.fi>
Reviewed-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Since commit:
commit f1aa4c541e
Author: Ivo van Doorn <ivdoorn@gmail.com>
Date: Tue Jun 29 21:38:55 2010 +0200
rt2x00: Write the BSSID to register when interface is added
mananged mode in rt2500pci was broken, due to intf->bssid containing
random data rather then the expected 00:00:00:00:00:00
This is corrected by sending the BSSID to rt2x00lib_config_intf
only in AP mode where the bssid is set to a valid value.
Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com>
Acked-by: Helmut Schaa <helmut.schaa@googlemail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
In AP mode, there is no need to notify the driver about QoS
changes for the monitor interface that is created. The warning
in ieee80211_bss_info_change_notify() would be hit otherwise.
Signed-off-by: Sujith <Sujith.Manoharan@atheros.com>
Acked-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
The noisefloor array index always corresponds to the rx chain number it
belongs to (with an offset of 3 for the extension chain).
It's much simpler (and actually more correct) to directly use the
chainmask to calculate the bitmask for the noisefloor array, instead of
using these weird chip revision checks and hardcoded mask values.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
In the noisefloor array, the extension channel values start at index 3
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
When the hardware is configured in HT20 mode, noise floor readings for
the extension channel often return invalid values, which keep the
values in the NF history buffer at the hardware-specific maximum limit.
Fix this by discarding the extension channel values when in HT20 mode.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
When an aggregation session is being cleaned up, while the tx status
for some frames is being processed, the TID is flushed and its buffers
are sent out.
Unfortunately that left the pending un-acked frames unprocessed, thus
leaking buffers. Fix this by reordering the code so that those frames
are processed first, before the TID is flushed.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Cc: stable@kernel.org
Signed-off-by: John W. Linville <linville@tuxdriver.com>
I just had the following:
WARNING: at drivers/net/wireless/iwlwifi/iwl-agn-tx.c:574 iwlagn_tx_skb+0x1576/0x15f0 [iwlagn]()
Call Trace:
<IRQ> [<ffffffff8105c5df>] warn_slowpath_common+0x7f/0xc0
[<ffffffff8105c63a>] warn_slowpath_null+0x1a/0x20
[<ffffffffa0290b46>] iwlagn_tx_skb+0x1576/0x15f0 [iwlagn]
[<ffffffffa027076c>] iwl_mac_tx+0x5c/0x260 [iwlagn]
[<ffffffffa01bdf5b>] __ieee80211_tx+0x10b/0x1a0 [mac80211]
[<ffffffffa01bfb86>] ieee80211_tx_pending+0x186/0x2d0 [mac80211]
[<ffffffff81062ea5>] tasklet_action+0x125/0x130
[<ffffffff810634a6>] __do_softirq+0x106/0x270
[<ffffffff8100c09c>] call_softirq+0x1c/0x30
iwlagn 0000:02:00.0: Attempting to modify non-existing station 107
Note that 107 == 0x6b which is slab poison.
The reason is that mac80211 passed a freed station
pointer to mac80211, because as it happened iwlwifi
reset itself while mac80211 was disconnecting from
the network.
It turns out that we do take care to look up the
station pointer in ieee80211_tx_pending_skb, but
then don't use it, which obviously is a bug. Fix
this by removing the ieee80211_tx_h_sta handler
and assigning the station pointer directly.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Negate has precedence over comparison so the original test was always
false. (Neither 0 nor 1 are equal to NL80211_IFTYPE_MONITOR).
Signed-off-by: Dan Carpenter <error27@gmail.com>
Acked-by: Dan Williams <dcbw@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
When wireless extensions are used to control
an encrypted IBSS, we erroneously can try to
set the default management key. Fix this.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Another remnant of the previous key locking scheme
needs to be removed -- this causes a warning
otherwise as ieee80211_set_default_mgmt_key will
acquire a mutex.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
The "rd" variable isn't needed any more since 4f366c5dab
"wireless: only use alpha2 regulatory information from country IE"
Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
The intent was to free "msp->ratelist" here. "msp->sample_table" is
always NULL at this point.
Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Sometimes txq state(txq->stopped) can be marked as started but the actual
queue may not be started (in ATH_WIPHY_SCAN state, for example). Fix this.
Signed-off-by: Vasanthakumar Thiagarajan <vasanth@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
snprintf() returns the number of characters that would have been written
(not counting the NUL character). So we can't use it as the limiter to
simple_read_from_buffer() without capping it first at sizeof(buf).
Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
The snprintf() function returns the number of characters that would have
been written (not counting the NUL character on the end). It could
potentially be larger than the size of the buffer.
Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Use kmemdup when some other buffer is immediately copied into the
allocated region.
A simplified version of the semantic patch that makes this change is as
follows: (http://coccinelle.lip6.fr/)
// <smpl>
@@
expression from,to,size,flag;
statement S;
@@
- to = \(kmalloc\|kzalloc\)(size,flag);
+ to = kmemdup(from,size,flag);
if (to==NULL || ...) S
- memcpy(to, from, size);
// </smpl>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
"It's not problematic if minstrel gets feedback for rates that it
doesn't have in its list, it should just ignore it. - Felix"
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Cc: Felix Fietkau <nbd@openwrt.org>
If sta is NULL, we will have problems long before we get here...
Reported-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Cc: Felix Fietkau <nbd@openwrt.org>
The current practice of checking vif for NULL in one place but not
another seems to confuse some static checkers, smatch in particular.
Since vif will only be NULL in the case of internal scans, adjust the
checks accordingly.
Reported-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
The driver is already removed from drivers/staging. The wireless
extensions part is not really valid anymore either, since wext got moved
and refactored, etc.
Signed-off-by: John W. Linville <linville@tuxdriver.com>
The prism54 driver had an entry in feature-removal-schedule.txt and it
sees very little activity other than API-change "bombing runs". The
mac80211-based p54 driver should be used instead.
Signed-off-by: John W. Linville <linville@tuxdriver.com>
CHECK drivers/net/wireless/rtl818x/rtl8180_rtl8225.c
drivers/net/wireless/rtl818x/rtl8180_rtl8225.c:53:33: warning: dubious: x | !y
The existing code is clever and works fine, but it's not worth even a
single line of Sparse warning SPAM...
Signed-off-by: John W. Linville <linville@tuxdriver.com>
CHECK drivers/net/wireless/wl12xx/wl1251_tx.c
drivers/net/wireless/wl12xx/wl1251_tx.c:118:32: warning: incorrect type in assignment (different base types)
drivers/net/wireless/wl12xx/wl1251_tx.c:118:32: expected unsigned short [unsigned] [usertype] frag_threshold
drivers/net/wireless/wl12xx/wl1251_tx.c:118:32: got restricted __le16 [usertype] <noident>
drivers/net/wireless/wl12xx/wl1251_tx.c:164:24: warning: incorrect type in assignment (different base types)
drivers/net/wireless/wl12xx/wl1251_tx.c:164:24: expected unsigned short [unsigned] [usertype] length
drivers/net/wireless/wl12xx/wl1251_tx.c:164:24: got restricted __le16 [usertype] <noident>
drivers/net/wireless/wl12xx/wl1251_tx.c:166:22: warning: incorrect type in assignment (different base types)
drivers/net/wireless/wl12xx/wl1251_tx.c:166:22: expected unsigned short [unsigned] [usertype] rate
drivers/net/wireless/wl12xx/wl1251_tx.c:166:22: got restricted __le16 [usertype] <noident>
drivers/net/wireless/wl12xx/wl1251_tx.c:167:29: warning: incorrect type in assignment (different base types)
drivers/net/wireless/wl12xx/wl1251_tx.c:167:29: expected unsigned int [unsigned] [usertype] expiry_time
drivers/net/wireless/wl12xx/wl1251_tx.c:167:29: got restricted __le32 [usertype] <noident>
drivers/net/wireless/wl12xx/wl1251_tx.c:200:43: warning: incorrect type in argument 1 (different base types)
drivers/net/wireless/wl12xx/wl1251_tx.c:200:43: expected restricted __le16 [usertype] fc
drivers/net/wireless/wl12xx/wl1251_tx.c:200:43: got unsigned short [unsigned] [assigned] [usertype] fc
CHECK drivers/net/wireless/wl12xx/wl1251_cmd.c
drivers/net/wireless/wl12xx/wl1251_cmd.c:428:39: warning: incorrect type in assignment (different base types)
drivers/net/wireless/wl12xx/wl1251_cmd.c:428:39: expected unsigned int [unsigned] [usertype] rx_config_options
drivers/net/wireless/wl12xx/wl1251_cmd.c:428:39: got restricted __le32 [usertype] <noident>
drivers/net/wireless/wl12xx/wl1251_cmd.c:429:39: warning: incorrect type in assignment (different base types)
drivers/net/wireless/wl12xx/wl1251_cmd.c:429:39: expected unsigned int [unsigned] [usertype] rx_filter_options
drivers/net/wireless/wl12xx/wl1251_cmd.c:429:39: got restricted __le32 [usertype] <noident>
drivers/net/wireless/wl12xx/wl1251_cmd.c:435:29: warning: incorrect type in assignment (different base types)
drivers/net/wireless/wl12xx/wl1251_cmd.c:435:29: expected unsigned short [unsigned] [usertype] tx_rate
drivers/net/wireless/wl12xx/wl1251_cmd.c:435:29: got restricted __le16 [usertype] <noident>
drivers/net/wireless/wl12xx/wl1251_cmd.c:439:47: warning: incorrect type in assignment (different base types)
drivers/net/wireless/wl12xx/wl1251_cmd.c:439:47: expected unsigned int [unsigned] [usertype] min_duration
drivers/net/wireless/wl12xx/wl1251_cmd.c:439:47: got restricted __le32 [usertype] <noident>
drivers/net/wireless/wl12xx/wl1251_cmd.c:441:47: warning: incorrect type in assignment (different base types)
drivers/net/wireless/wl12xx/wl1251_cmd.c:441:47: expected unsigned int [unsigned] [usertype] max_duration
drivers/net/wireless/wl12xx/wl1251_cmd.c:441:47: got restricted __le32 [usertype] <noident>
CHECK drivers/net/wireless/wl12xx/wl1251_boot.c
drivers/net/wireless/wl12xx/wl1251_boot.c:228:22: warning: symbol 'interrupt' shadows an earlier one
/home/linville/git/wireless-next-2.6/arch/x86/include/asm/hw_irq.h:132:13: originally declared here
Signed-off-by: John W. Linville <linville@tuxdriver.com>
"iwlagn: add statistic notification structure for WiFi/BT devices" added
several new '__attribute__ ((packed))' lines. Change them to the
generic __packed.
Signed-off-by: John W. Linville <linville@tuxdriver.com>
defines shouldn't be terminated with a
semicolon, the code using them should
supply it. Luckily these are not used
in a context where it matters.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Since the ibss_beacon variable will only be
filled in the appropriate modes, there's no
reason to be checking the mode again.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Some devices may have multiple MAC
addresses in their EEPROM, read them
and advertise them to cfg80211.
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This function is only needed in the same
file it is defined in, i.e. iwl-core.c
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
gcc complains about the firmware loading:
iwl-agn.c: In function ‘iwlagn_load_firmware’:
iwl-agn.c:1860: warning: ‘tlv_len’ may be used uninitialized in this function
iwl-agn.c:1861: warning: ‘tlv_type’ may be used uninitialized in this function
iwl-agn.c:1862: warning: ‘tlv_data’ may be used uninitialized in this function
This is almost correct but we do do break out of the TLV
parsing loop when setting ret. However, the code is hard
to follow, and clearly even the compiler is having issues
with it too.
Additionally, however, the current code is wrong. If there
is a TLV length check error, the code will report
invalid TLV after parsing: ...
because "len" will still be non-zero as we broke out of
the loop.
So to remove the warning and fix that issue, make the code
easier to read by doing length checking with an error label.
As a result, we can completely remove the "ret" variable.
Also, while at it, remove the "fixed_tlv_size" variable
since each TLV type has its own specified length, it just
happens that we have only variable length, flags (0 length)
and u32 TLVs right now. It should still be checked with more
explicit length checks to make it easier to understand.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Different devices have different size of phy calibration table; add
new TLV to specify the size. If the TLV is not part of uCode header, the
default table size will be used to make sure the backward
compatibilities.
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
WiFi/BT combo devices has different statistics notification
structure, adding the support here to make sure the structure
align correctly.
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Only WiFi/BT combo devices need to use bluetooth version of statistics
notification; adding the flag in .cfg file to indicate the need for
using different data structure.
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
If its WiFi/BT combo device, the statistics notification sent by
uCode will include the additional BT related statistics counters.
Adding new data structure to support the new layout.
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
IBSS has never had locking, instead relying on some
memory barriers etc. That's hard to get right, and
I think we had it wrong too until the previous patch.
Since this is not performance sensitive, it doesn't
make sense to have the maintenance overhead of that,
so add proper locking.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Bob reported a lockdep complaint originating in
the mac80211 IBSS code due to the common work
struct patch. The reason is that the IBSS and
station mode code have different locking orders
for the cfg80211 wdev lock and the work struct
(where "locking" implies running/canceling).
Fix this by simply not canceling the work in
the IBSS code, it is not necessary since when
the REQ_RUN bit is cleared, the work will run
without effect if it runs. When the interface
is set down, it is flushed anyway, so there's
no concern about it running after memory has
been invalidated either.
This fixes
https://bugzilla.kernel.org/show_bug.cgi?id=16419
Additionally, looking into this I noticed that
there's a small window while the IBSS is torn
down in which the work may be rescheduled and
the REQ_RUN bit be set again after leave() has
cleared it when a scan finishes at exactly the
same time. Avoid that by setting the ssid_len
to zero before clearing REQ_RUN which signals
to the scan finish code that this interface is
not active.
Reported-by: Bob Copeland <me@bobcopeland.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>