Emmanuel Grumbach [Tue, 18 Sep 2012 17:48:59 +0000 (19:48 +0200)]
iwlwifi: don't double free the interrupt in failure path
When the driver can't get the HW ready, we would release
the interrupt twice which made the kernel complain loudly.
Cc: stable@vger.kernel.org
Reported-by: Brian Cockrell <brian.cockrell@intel.com>
Tested-by: Brian Cockrell <brian.cockrell@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Luis R. Rodriguez [Fri, 14 Sep 2012 22:36:57 +0000 (15:36 -0700)]
cfg80211: fix possible circular lock on reg_regdb_search()
When call_crda() is called we kick off a witch hunt search
for the same regulatory domain on our internal regulatory
database and that work gets kicked off on a workqueue, this
is done while the cfg80211_mutex is held. If that workqueue
kicks off it will first lock reg_regdb_search_mutex and
later cfg80211_mutex but to ensure two CPUs will not contend
against cfg80211_mutex the right thing to do is to have the
reg_regdb_search() wait until the cfg80211_mutex is let go.
The lockdep report is pasted below.
cfg80211: Calling CRDA to update world regulatory domain
======================================================
[ INFO: possible circular locking dependency detected ]
3.3.8 #3 Tainted: G O
-------------------------------------------------------
kworker/0:1/235 is trying to acquire lock:
(cfg80211_mutex){+.+...}, at: [<
816468a4>] set_regdom+0x78c/0x808 [cfg80211]
but task is already holding lock:
(reg_regdb_search_mutex){+.+...}, at: [<
81646828>] set_regdom+0x710/0x808 [cfg80211]
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #2 (reg_regdb_search_mutex){+.+...}:
[<
800a8384>] lock_acquire+0x60/0x88
[<
802950a8>] mutex_lock_nested+0x54/0x31c
[<
81645778>] is_world_regdom+0x9f8/0xc74 [cfg80211]
-> #1 (reg_mutex#2){+.+...}:
[<
800a8384>] lock_acquire+0x60/0x88
[<
802950a8>] mutex_lock_nested+0x54/0x31c
[<
8164539c>] is_world_regdom+0x61c/0xc74 [cfg80211]
-> #0 (cfg80211_mutex){+.+...}:
[<
800a77b8>] __lock_acquire+0x10d4/0x17bc
[<
800a8384>] lock_acquire+0x60/0x88
[<
802950a8>] mutex_lock_nested+0x54/0x31c
[<
816468a4>] set_regdom+0x78c/0x808 [cfg80211]
other info that might help us debug this:
Chain exists of:
cfg80211_mutex --> reg_mutex#2 --> reg_regdb_search_mutex
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(reg_regdb_search_mutex);
lock(reg_mutex#2);
lock(reg_regdb_search_mutex);
lock(cfg80211_mutex);
*** DEADLOCK ***
3 locks held by kworker/0:1/235:
#0: (events){.+.+..}, at: [<
80089a00>] process_one_work+0x230/0x460
#1: (reg_regdb_work){+.+...}, at: [<
80089a00>] process_one_work+0x230/0x460
#2: (reg_regdb_search_mutex){+.+...}, at: [<
81646828>] set_regdom+0x710/0x808 [cfg80211]
stack backtrace:
Call Trace:
[<
80290fd4>] dump_stack+0x8/0x34
[<
80291bc4>] print_circular_bug+0x2ac/0x2d8
[<
800a77b8>] __lock_acquire+0x10d4/0x17bc
[<
800a8384>] lock_acquire+0x60/0x88
[<
802950a8>] mutex_lock_nested+0x54/0x31c
[<
816468a4>] set_regdom+0x78c/0x808 [cfg80211]
Reported-by: Felix Fietkau <nbd@openwrt.org>
Tested-by: Felix Fietkau <nbd@openwrt.org>
Cc: stable@vger.kernel.org
Signed-off-by: Luis R. Rodriguez <mcgrof@do-not-panic.com>
Reviewed-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Vinicius Costa Gomes [Fri, 14 Sep 2012 19:34:46 +0000 (16:34 -0300)]
Bluetooth: Fix not removing power_off delayed work
For example, when a usb reset is received (I could reproduce it
running something very similar to this[1] in a loop) it could be
that the device is unregistered while the power_off delayed work
is still scheduled to run.
Backtrace:
WARNING: at lib/debugobjects.c:261 debug_print_object+0x7c/0x8d()
Hardware name: To Be Filled By O.E.M.
ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x26
Modules linked in: nouveau mxm_wmi btusb wmi bluetooth ttm coretemp drm_kms_helper
Pid: 2114, comm: usb-reset Not tainted 3.5.0bt-next #2
Call Trace:
[<
ffffffff8124cc00>] ? free_obj_work+0x57/0x91
[<
ffffffff81058f88>] warn_slowpath_common+0x7e/0x97
[<
ffffffff81059035>] warn_slowpath_fmt+0x41/0x43
[<
ffffffff8124ccb6>] debug_print_object+0x7c/0x8d
[<
ffffffff8106e3ec>] ? __queue_work+0x259/0x259
[<
ffffffff8124d63e>] ? debug_check_no_obj_freed+0x6f/0x1b5
[<
ffffffff8124d667>] debug_check_no_obj_freed+0x98/0x1b5
[<
ffffffffa00aa031>] ? bt_host_release+0x10/0x1e [bluetooth]
[<
ffffffff810fc035>] kfree+0x90/0xe6
[<
ffffffffa00aa031>] bt_host_release+0x10/0x1e [bluetooth]
[<
ffffffff812ec2f9>] device_release+0x4a/0x7e
[<
ffffffff8123ef57>] kobject_release+0x11d/0x154
[<
ffffffff8123ed98>] kobject_put+0x4a/0x4f
[<
ffffffff812ec0d9>] put_device+0x12/0x14
[<
ffffffffa009472b>] hci_free_dev+0x22/0x26 [bluetooth]
[<
ffffffffa0280dd0>] btusb_disconnect+0x96/0x9f [btusb]
[<
ffffffff813581b4>] usb_unbind_interface+0x57/0x106
[<
ffffffff812ef988>] __device_release_driver+0x83/0xd6
[<
ffffffff812ef9fb>] device_release_driver+0x20/0x2d
[<
ffffffff813582a7>] usb_driver_release_interface+0x44/0x7b
[<
ffffffff81358795>] usb_forced_unbind_intf+0x45/0x4e
[<
ffffffff8134f959>] usb_reset_device+0xa6/0x12e
[<
ffffffff8135df86>] usbdev_do_ioctl+0x319/0xe20
[<
ffffffff81203244>] ? avc_has_perm_flags+0xc9/0x12e
[<
ffffffff812031a0>] ? avc_has_perm_flags+0x25/0x12e
[<
ffffffff81050101>] ? do_page_fault+0x31e/0x3a1
[<
ffffffff8135eaa6>] usbdev_ioctl+0x9/0xd
[<
ffffffff811126b1>] vfs_ioctl+0x21/0x34
[<
ffffffff81112f7b>] do_vfs_ioctl+0x408/0x44b
[<
ffffffff81208d45>] ? file_has_perm+0x76/0x81
[<
ffffffff8111300f>] sys_ioctl+0x51/0x76
[<
ffffffff8158db22>] system_call_fastpath+0x16/0x1b
[1] http://cpansearch.perl.org/src/DPAVLIN/Biblio-RFID-0.03/examples/usbreset.c
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Cc: stable@vger.kernel.org
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Andrei Emeltchenko [Thu, 6 Sep 2012 12:05:42 +0000 (15:05 +0300)]
Bluetooth: Fix freeing uninitialized delayed works
When releasing L2CAP socket which is in BT_CONFIG state l2cap_chan_close
invokes l2cap_send_disconn_req which cancel delayed works which are only
set in BT_CONNECTED state with l2cap_ertm_init. Add state check before
cancelling those works.
...
[ 9668.574372] [21085] l2cap_sock_release: sock
cd065200, sk
f073e800
[ 9668.574399] [21085] l2cap_sock_shutdown: sock
cd065200, sk
f073e800
[ 9668.574411] [21085] l2cap_chan_close: chan
f073ec00 state BT_CONFIG sk
f073e800
[ 9668.574421] [21085] l2cap_send_disconn_req: chan
f073ec00 conn
ecc16600
[ 9668.574441] INFO: trying to register non-static key.
[ 9668.574443] the code is fine but needs lockdep annotation.
[ 9668.574446] turning off the locking correctness validator.
[ 9668.574450] Pid: 21085, comm: obex-client Tainted: G O 3.5.0+ #57
[ 9668.574452] Call Trace:
[ 9668.574463] [<
c10a64b3>] __lock_acquire+0x12e3/0x1700
[ 9668.574468] [<
c10a44fb>] ? trace_hardirqs_on+0xb/0x10
[ 9668.574476] [<
c15e4f60>] ? printk+0x4d/0x4f
[ 9668.574479] [<
c10a6e38>] lock_acquire+0x88/0x130
[ 9668.574487] [<
c1059740>] ? try_to_del_timer_sync+0x60/0x60
[ 9668.574491] [<
c1059790>] del_timer_sync+0x50/0xc0
[ 9668.574495] [<
c1059740>] ? try_to_del_timer_sync+0x60/0x60
[ 9668.574515] [<
f8aa1c23>] l2cap_send_disconn_req+0xe3/0x160 [bluetooth]
...
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Andrzej Kaczmarek [Wed, 29 Aug 2012 08:02:09 +0000 (10:02 +0200)]
Bluetooth: mgmt: Fix enabling LE while powered off
When new BT USB adapter is plugged in it's configured while still being powered
off (HCI_AUTO_OFF flag is set), thus Set LE will only set dev_flags but won't
write changes to controller. As a result it's not possible to start device
discovery session on LE controller as it uses interleaved discovery which
requires LE Supported Host flag in extended features.
This patch ensures HCI Write LE Host Supported is sent when Set Powered is
called to power on controller and clear HCI_AUTO_OFF flag.
Signed-off-by: Andrzej Kaczmarek <andrzej.kaczmarek@tieto.com>
Cc: stable@vger.kernel.org
Acked-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Andrzej Kaczmarek [Wed, 29 Aug 2012 08:02:08 +0000 (10:02 +0200)]
Bluetooth: mgmt: Fix enabling SSP while powered off
When new BT USB adapter is plugged in it's configured while still being powered
off (HCI_AUTO_OFF flag is set), thus Set SSP will only set dev_flags but won't
write changes to controller. As a result remote devices won't use Secure Simple
Pairing with our device due to SSP Host Support flag disabled in extended
features and may also reject SSP attempt from our side (with possible fallback
to legacy pairing).
This patch ensures HCI Write Simple Pairing Mode is sent when Set Powered is
called to power on controller and clear HCI_AUTO_OFF flag.
Signed-off-by: Andrzej Kaczmarek <andrzej.kaczmarek@tieto.com>
Cc: stable@vger.kernel.org
Acked-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Hante Meuleman [Tue, 11 Sep 2012 19:16:48 +0000 (21:16 +0200)]
brcmfmac: Fix big endian host configuration data.
Fixes big endian host configuration parameters.
Cc: stable <stable@vger.kernel.org>
Reviewed-by: Arend Van Spriel <arend@broadcom.com>
Signed-off-by: Hante Meuleman <meuleman@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Hante Meuleman [Tue, 11 Sep 2012 19:16:47 +0000 (21:16 +0200)]
brcmfmac: fix big endian bug in i-scan.
ssid len is 32 bit and needs endian conversion for big endian systems.
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Hante Meuleman <meuleman@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Larry Finger [Tue, 11 Sep 2012 16:11:13 +0000 (11:11 -0500)]
rtlwifi: rtl8192ce: Log message that B_CUT device may not work
There are a number of problems that occur for the latest version
of the Realtek RTL8188CE device with the in-kernel driver. These
include selection of the wrong firmware, and system lockup. A full
fix is known, but is too invasive for inclusion in stable. This patch
fixes the problem with loading the wrong firmware, and logs a message
that the device may not work for kernels 3.6 and older.
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Cc: Stable <stable@vger.kernel.org>
Cc: Anisse Astier <anisse@astier.eu>
Cc: Li Chaoming <chaoming_li@realsil.com.cn>
Tested-by: Anisse Astier <anisse@astier.eu>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Colin Ian King [Mon, 10 Sep 2012 09:05:26 +0000 (10:05 +0100)]
brcm80211: fix missing allocation failure check
Check for oobirq_entry allocation failure to avoid
NULL pointer dereferencing.
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Acked-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Felix Fietkau [Sat, 8 Sep 2012 13:24:17 +0000 (15:24 +0200)]
ath9k: make PA linearization optional, disabled by default and fix checks
Some checks for PA linearization support checked ATH9K_HW_CAP_PAPRD and some
used the EEPROM ops, leading to issues in tx power handling, since those
two can be out of sync.
Disable the feature by default, since it has been reported that it can
cause damage to the rx path under some circumstances. It can now be enabled
for testing via debugfs.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Arend van Spriel [Wed, 5 Sep 2012 09:49:21 +0000 (11:49 +0200)]
brcmsmac: fix mismatch in number of custom regulatory rules
The driver provides the cfg80211 regulatory framework with a set of
custom rules. However, there was a mismatch in number of rules
and the actual rules provided. This resulted in setting an invalid
power level:
ieee80211 phy0: brcms_ops_config: change channel 13
ieee80211 phy0: brcms_ops_config: Error setting power_level (
8758364)
Closer look in cfg80211 regulatory blurb showed following bogus rule:
cfg80211: 0 KHz - -
60446948 KHz @
875836468 KHz), (
875836468 mBi,
875836468 mBm)
Cc: Seth Forshee <seth.forshee@canonical.com>
Reviewed-by: Piotr Haber <phaber@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Reviewed-by: Seth Forshee <seth.forshee@canonical.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Daniel Drake [Mon, 3 Sep 2012 19:49:09 +0000 (15:49 -0400)]
libertas sdio: fix suspend when interface is down
When the interface is down, the hardware is powered off.
However, the suspend handler currently tries to send host sleep commands
(when wakeup params are set) in this configuration, causing a system hang
when going into suspend (the commands will never complete).
Avoid this by detecting this situation and simply returning from
the suspend handler without doing anything special.
Signed-off-by: Daniel Drake <dsd@laptop.org>
Acked-by: Dan Williams <dcbw@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Sergei Poselenov [Sun, 2 Sep 2012 09:14:32 +0000 (13:14 +0400)]
rt2800usb: Added rx packet length validity check
On our system (ARM Cortex-M3 SOC running linux-2.6.33)
frequent crashes were observed in the rt2800usb module
because of the invalid length of the received packet (3392,
46920...). This patch adds the sanity check on the packet
legth. Also, changed WARNING to ERROR in rt2x00lib_rxdone()
so that the bad packet condition would be noticed.
The fix was tested on the latest compat-wireless-3.5.1-1-snpc.
Cc: stable@vger.kernel.org
Signed-off-by: Sergei Poselenov <sposelenov@emcraft.com>
Acked-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Gertjan van Wingerde [Fri, 31 Aug 2012 17:22:11 +0000 (19:22 +0200)]
rt2x00: Fix rfkill polling prior to interface start.
We need to program the rfkill switch GPIO pin direction to input at
device initialization time, not only when the interface is brought up.
Doing this only when the interface is brought up could lead to rfkill
detecting the switch is turned on erroneously and inability to create
the interface and bringing it up.
Reported-and-tested-by: Andreas Messer <andi@bastelmap.de>
Signed-off-by: Gertjan van Wingerde <gwingerde@gmail.com>
Cc: <stable@vger.kernel.org>
Acked-by: Ivo Van Doorn <ivdoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Gertjan van Wingerde [Fri, 31 Aug 2012 17:22:10 +0000 (19:22 +0200)]
rt2x00: Fix word size of rt2500usb MAC_CSR19 register.
The register is 16 bits wide, not 32.
Signed-off-by: Gertjan van Wingerde <gwingerde@gmail.com>
Cc: <stable@vger.kernel.org>
Acked-by: Ivo Van Doorn <ivdoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Gertjan van Wingerde [Fri, 31 Aug 2012 17:22:09 +0000 (19:22 +0200)]
rt2x00: Identify ASUS USB-N53 device.
This is an RT3572 based device.
Signed-off-by: Maximilian Engelhardt <maxi@daemonizer.de>
Signed-off-by: Gertjan van Wingerde <gwingerde@gmail.com>
Cc: <stable@vger.kernel.org>
Acked-by: Ivo Van Doorn <ivdoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Hante Meuleman [Thu, 30 Aug 2012 08:05:37 +0000 (10:05 +0200)]
brcmfmac: fix get rssi by clearing getvar struct.
The function brcmf_cfg80211_get_station requests the RSSI from
the device. The complete structure used needs to be cleared
before sending the request to firmware. Otherwise the request
fails filling the logs with "Could not get rssi (-2)" messages.
Reviewed-by: Arend Van Spriel <arend@broadcom.com>
Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Hante Meuleman <meuleman@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Hante Meuleman [Thu, 30 Aug 2012 08:05:36 +0000 (10:05 +0200)]
brcmfmac: fix race condition for rx and tx data.
On both rx and tx there is was a race condition on the queueing
of usb requests. When for example frame gets submitted it is
possible that complete function gets called even before
usb_submit_urb() returns. As a result it is possible that usb
requests get losts, which was noticed on OMAP4 pandaboard
platform. This patch fixes the race condition.
Reviewed-by: Arend Van Spriel <arend@broadcom.com>
Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Hante Meuleman <meuleman@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Hante Meuleman [Thu, 30 Aug 2012 08:05:35 +0000 (10:05 +0200)]
brcmfmac: dont use ZERO flag for usb IN
URB_ZERO_PACKET should only be set or bulk OUT and this condition
is checked with a WARN_ON in usb_submit_urb(). This patch fixes
brcmfmac to get rid of this warning filling the logs.
Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Hante Meuleman <meuleman@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Arend van Spriel [Thu, 30 Aug 2012 08:05:34 +0000 (10:05 +0200)]
brcmfmac: fix use of dev_kfree_skb() in irq context
The USB part of the brcmfmac did a dev_kfree_skb() that resulted
in a warning in net/core/skbuff.c:
Jul 11 04:53:33 lb-bun-10 kernel: [53282.667745] WARNING: at
net/core/skbuff.c:490 skb_release_head_state+0xcc/0xe0()
The brcmutil modules provides brcmu_pkt_buf_free_skb() which takes
the context into account. This patch makes use of this function
instead of dev_kfree_skb().
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Mohammed Shafi Shajakhan [Tue, 28 Aug 2012 06:44:48 +0000 (12:14 +0530)]
ath9k: Fix a crash in 2 WIRE btcoex chipsets
Generic timers for BTCOEX functionality is applicable
only for 3 WIRE BTCOEX (and MCI) chipsets.
Hence btcoex->no_stomp_timer is allocated only 3 WIRE
btcoex chipsets and in all the other cases its NULL.
Make sure we stop the generic timer only if
'btcoex->hw_timer_enabled' is true(only if its up and
running)
Fixes the following crash
[68757.020454] BUG: unable to handle kernel NULL pointer dereference at
0000000c
[68757.020916] IP: [<
f9b055c3>] ath9k_hw_gen_timer_stop+0x13/0x80 [ath9k_hw]
[68757.021251] *pde =
00000000
[68757.024384] EIP: 0060:[<
f9b055c3>] EFLAGS:
00010082 CPU: 0
[68757.024384] EIP is at ath9k_hw_gen_timer_stop+0x13/0x80 [ath9k_hw]
[68757.024384] EAX:
d32d0000 EBX:
d32d0000 ECX:
00000000 EDX:
00000000
[68757.024384] ESI:
e67c24c0 EDI:
00000296 EBP:
e137be2c ESP:
e137be20
[68757.024384] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
[68757.024384] CR0:
8005003b CR2:
0000000c CR3:
00b99000 CR4:
000407d0
[68757.024384] DR0:
00000000 DR1:
00000000 DR2:
00000000 DR3:
00000000
[68757.024384] DR6:
ffff0ff0 DR7:
00000400
[68757.024384] Process kworker/u:2 (pid: 8917, ti=
e137a000 task=
ea7a6860 task.ti=
e137a000)
[68757.024384] Stack:
[68757.024384]
c06c4676 d32d0000 e67c24c0 e137be38 f81c9590 e67c1ca0 e137be40 f81c95d9
[68757.024384]
e137be64 f81cd1c5 00000246 00000002 d32d0000 e67c05e0 e67c1ca0 e67c05e0
[68757.024384]
00000000 e137beac f81cdfa0 e137be84 00000246 00000246 e67c1ca0 e67c1ca0
[68757.024384] Call Trace:
[68757.024384] [<
c06c4676>] ? _raw_spin_lock_irqsave+0x86/0xa0
[68757.024384] [<
f81c9590>] ath9k_gen_timer_stop+0x10/0x40 [ath9k]
[68757.024384] [<
f81c95d9>] ath9k_btcoex_stop_gen_timer+0x19/0x20 [ath9k]
[68757.024384] [<
f81cd1c5>] ath9k_ps_restore+0x85/0x110 [ath9k]
[68757.024384] [<
f81cdfa0>] ath9k_config+0x220/0x520 [ath9k]
[68757.024384] [<
f81cd47d>] ? ath9k_flush+0x15d/0x1b0 [ath9k]
[68757.024384] [<
f85c7ca5>] ieee80211_hw_config+0x135/0x2c0 [mac80211]
[68757.024384] [<
f860e3c8>] ieee80211_dynamic_ps_enable_work+0x198/0x5f0 [mac80211]
Cc: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
Cc: Bala Shanmugam <bkamatch@qca.qualcomm.com>
Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Felix Fietkau [Mon, 27 Aug 2012 15:00:08 +0000 (17:00 +0200)]
ath9k_hw: enable PA linearization
This feature had been disabled in ath9k because the code to support
it was incomplete, but now the code is in sync with the internal QCA
codebase, so it's time to enable it.
On many newer devices, the calibration is assumed to be done with PA
linearization enabled.
Tests with a particular AR933x device showed that the signal emitted
at full power was highly distorted and unreliable with PA linearization
disabled. With this patch, the signal becomes clear and stability
is improved.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Felix Fietkau [Mon, 27 Aug 2012 15:00:07 +0000 (17:00 +0200)]
ath9k: fix PA linearization calibration related crash
Before PAPRD training can run, the card needs to have sent a packet for
thermal calibration. Sending a dummy packet with the PAPRD training flag
set causes a crash under some circumstance.
Fix the code by replacing the dummy tx with a delay that waits for a
real packet tx to have occurred.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Felix Fietkau [Mon, 27 Aug 2012 15:00:06 +0000 (17:00 +0200)]
ath9k_hw: disable PA linearization for AR9462
Support for it is incomplete
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Felix Fietkau [Mon, 27 Aug 2012 15:00:05 +0000 (17:00 +0200)]
ath9k_hw: calibrate PA input for PA predistortion
Re-train if the calibrated PA linearization curve is out of bounds
(affects AR933x and AR9485).
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Felix Fietkau [Mon, 27 Aug 2012 15:00:04 +0000 (17:00 +0200)]
ath9k_hw: clear the AM2PM predistortion mask on AR933x
That predistortion type is not supported
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Felix Fietkau [Mon, 27 Aug 2012 15:00:03 +0000 (17:00 +0200)]
ath9k_hw: do not enable the MIB interrupt in the interrupt mask register
The interrupt is no longer handling it. While it shouldn't fire (wraparound
is highly unlikely), the consequences would be fatal (interrupt storm).
Disable the interrupt to prevent that from happening.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Marc Kleine-Budde [Sun, 26 Aug 2012 22:26:37 +0000 (00:26 +0200)]
rt2x00: fix voltage setting for RT3572/RT3592
According to the vendor driver v2.6.0.1, during the rf register init the SRAM
voltage should be increased to 1.35V and after 1ms decreased back to 1.2V. This
patch adds the field setting of LDO_CFG0_LDO_CORE_VLEVEL accordingly.
Cc: Gertjan van Wingerde <gwingerde@gmail.com>
Signed-off-by: Marc Kleine-Budde <mkl@blackshift.org>
Acked-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Stone Piao [Thu, 23 Aug 2012 03:26:31 +0000 (20:26 -0700)]
mwifiex: fix skb length issue when send a command to firmware
When we send a command to firmware, we assumed that cmd_size
will be always less than or equal to the structure size of
host_cmd_ds_command. However, this is no longer true after
we added AP support. There are some AP commands that Custom
IE TLVs are included in command buffer, hence the cmd_size
gets enlarged by the TLV data. We need to increase the skb
length for the extra data.
Signed-off-by: Stone Piao <piaoyun@marvell.com>
Signed-off-by: Avinash Patil <patila@marvell.com>
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
John W. Linville [Wed, 5 Sep 2012 18:48:15 +0000 (14:48 -0400)]
Merge branch 'for-john' of git://git./linux/kernel/git/jberg/mac80211
John W. Linville [Wed, 5 Sep 2012 18:46:30 +0000 (14:46 -0400)]
Merge branch 'master' of git://git./linux/kernel/git/bluetooth/bluetooth
LEO Airwarosu Yoichi Shinoda [Mon, 27 Aug 2012 13:28:16 +0000 (22:28 +0900)]
mac80211: Various small fixes for cfg.c: mpath_set_pinfo()
Various small fixes for net/mac80211/cfg.c:mpath_set_pinfo():
Initialize *pinfo before filling members in, handle MESH_PATH_RESOLVED
correctly, and remove bogus assignment; result in correct display
of FLAGS values and meaningful EXPTIME for expired paths in iw utility.
Signed-off-by: Yoichi Shinoda <shinoda@jaist.ac.jp>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Wei Yongjun [Sun, 2 Sep 2012 13:41:04 +0000 (21:41 +0800)]
nl80211: fix possible memory leak nl80211_connect()
connkeys is malloced in nl80211_parse_connkeys() and should
be freed in the error handling case, otherwise it will cause
memory leak.
spatch with a semantic match is used to found this problem.
(http://coccinelle.lip6.fr/)
Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Eliad Peller [Tue, 4 Sep 2012 14:44:45 +0000 (17:44 +0300)]
mac80211: clear bssid on auth/assoc failure
ifmgd->bssid wasn't cleared properly in some
auth/assoc failure cases, causing mac80211 and
the low-level driver to go out of sync.
Clear ifmgd->bssid on failure, and notify the driver.
Cc: stable@kernel.org # 3.4+
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Vinicius Costa Gomes [Fri, 24 Aug 2012 00:32:44 +0000 (21:32 -0300)]
Bluetooth: Fix sending a HCI Authorization Request over LE links
In the case that the link is already in the connected state and a
Pairing request arrives from the mgmt interface, hci_conn_security()
would be called but it was not considering LE links.
Reported-by: João Paulo Rechi Vita <jprvita@openbossa.org>
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Vinicius Costa Gomes [Fri, 24 Aug 2012 00:32:43 +0000 (21:32 -0300)]
Bluetooth: Change signature of smp_conn_security()
To make it clear that it may be called from contexts that may not have
any knowledge of L2CAP, we change the connection parameter, to receive
a hci_conn.
This also makes it clear that it is checking the security of the link.
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Henrik Rydberg [Sat, 25 Aug 2012 17:28:06 +0000 (19:28 +0200)]
Bluetooth: Add support for Apple vendor-specific devices
As pointed out by Gustavo and Marcel, all Apple-specific Broadcom
devices seen so far have the same interface class, subclass and
protocol numbers. This patch adds an entry which matches all of them,
using the new USB_VENDOR_AND_INTERFACE_INFO() macro.
In particular, this patch adds support for the MacBook Pro Retina
(05ac:8286), which is not in the present list.
Signed-off-by: Henrik Rydberg <rydberg@euromail.se>
Tested-by: Shea Levy <shea@shealevy.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
John W. Linville [Thu, 23 Aug 2012 13:51:15 +0000 (09:51 -0400)]
Merge branch 'for-john' of git://git./linux/kernel/git/jberg/mac80211
Vladimir Zapolskiy [Sat, 4 Aug 2012 21:29:07 +0000 (00:29 +0300)]
brcm80211: smac: set interface down on reset
This change marks interface as down on reset, otherwise the driver can't
reinitialize itself properly.
Without the change a transient problem turns out to be critical and leads
to inavailability to reset the driver without brcmsmac module unload/load
cycle:
ieee80211 phy0: wl0: PSM microcode watchdog fired at 5993 (seconds). Resetting.
brcms_c_dpc : PSM Watchdog, chipid 0xa8d9, chiprev 0x1
ieee80211 phy0: wl0: fatal error, reinitializing
ieee80211 phy0: Hardware restart was requested
ieee80211 phy0: brcms_ops_start: brcms_up() returned -19
Signed-off-by: Vladimir Zapolskiy <vz@mleia.com>
Cc: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Thomas Pedersen [Mon, 20 Aug 2012 18:28:25 +0000 (11:28 -0700)]
mac80211: fix DS to MBSS address translation
The destination address of unicast frames forwarded through a mesh gate
was being replaced with the broadcast address. Instead leave the
original destination address as the mesh DA. If the nexthop address is
not in the mpath table it will be resolved. If that fails, the frame
will be forwarded to known mesh gates.
Reported-by: Cedric Voncken <cedric.voncken@acksys.fr>
Signed-off-by: Thomas Pedersen <thomas@cozybit.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Tue, 21 Aug 2012 16:57:11 +0000 (18:57 +0200)]
iwlwifi: protect SRAM debugfs
If the device is not started, we can't read its
SRAM and attempting to do so will cause issues.
Protect the debugfs read.
Cc: stable@vger.kernel.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Johannes Berg [Tue, 21 Aug 2012 16:57:10 +0000 (18:57 +0200)]
iwlwifi: fix flow handler debug code
iwl_dbgfs_fh_reg_read() can cause crashes and/or
BUG_ON in slub because the ifdefs are wrong, the
code in iwl_dump_fh() should use DEBUGFS, not
DEBUG to protect the buffer writing code.
Also, while at it, clean up the arguments to the
function, some code and make it generally safer.
Cc: stable@vger.kernel.org
Reported-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Julia Lawall [Sun, 19 Aug 2012 09:49:58 +0000 (11:49 +0200)]
drivers/net/wireless/ipw2x00/ipw2100.c: introduce missing initialization
The result of one call to a function is tested, and then at the second call
to the same function, the previous result, and not the current result, is
tested again.
Also changed &bssid to bssid, at the suggestion of Stanislav Yakovlev.
The semantic match that finds the first problem is as follows:
(http://coccinelle.lip6.fr/)
// <smpl>
@@
expression ret;
identifier f;
statement S1,S2;
@@
*ret = f(...);
if (\(ret != 0\|ret < 0\|ret == NULL\)) S1
... when any
*f(...);
if (\(ret != 0\|ret < 0\|ret == NULL\)) S2
// </smpl>
Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Thomas Huehn [Wed, 15 Aug 2012 20:48:35 +0000 (22:48 +0200)]
ath5k: fix wrong max power per rate eeprom reads for 802.11a
This patch reduces the per rate target power eeprom reads for
AR5K_EEPROM_MODE_11A from 10 to 8, as there are only 8 valid
power curve entries on the eeprom. The former 10 reads lead to
equal max power limits per rate and this causes an increasing
distortion for all rates above 24 MBit and leads to a needless
poor performance in 802.11a mode.
Signed-off-by: Thomas Huehn <thomas@net.t-labs.tu-berlin.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Gustavo Padovan [Mon, 6 Aug 2012 18:36:49 +0000 (15:36 -0300)]
Bluetooth: Use USB_VENDOR_AND_INTERFACE() for Broadcom devices
Many Broadcom devices has a vendor specific devices class, with this rule
we match all existent and future controllers with this behavior.
We also remove old rules to that matches product id for Broadcom devices.
Tested-by: John Hommel <john.hommel@hp.com>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Yevgeniy Melnichuk [Tue, 7 Aug 2012 14:18:10 +0000 (19:48 +0530)]
Bluetooth: Add support for Sony Vaio T-Series
Add Sony Vaio T-Series Bluetooth Module( 0x489:0xE036) to
the blacklist of btusb module and add it to the ath3k module.
output of cat /sys/kernel/debug/usb/devices
T: Bus=01 Lev=02 Prnt=02 Port=01 Cnt=01 Dev#= 5 Spd=12 MxCh= 0
D: Ver= 1.10 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1
P: Vendor=0489 ProdID=e036 Rev= 0.02
S: Manufacturer=Atheros Communications
S: Product=Bluetooth USB Host Controller
S: SerialNumber=Alaska Day 2006
C:* #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=100mA
I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E: Ad=81(I) Atr=03(Int.) MxPS= 16 Ivl=1ms
E: Ad=82(I) Atr=02(Bulk) MxPS= 64 Ivl=0ms
E: Ad=02(O) Atr=02(Bulk) MxPS= 64 Ivl=0ms
I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E: Ad=83(I) Atr=01(Isoc) MxPS= 0 Ivl=1ms
E: Ad=03(O) Atr=01(Isoc) MxPS= 0 Ivl=1ms
I: If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E: Ad=83(I) Atr=01(Isoc) MxPS= 9 Ivl=1ms
E: Ad=03(O) Atr=01(Isoc) MxPS= 9 Ivl=1ms
I: If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E: Ad=83(I) Atr=01(Isoc) MxPS= 17 Ivl=1ms
E: Ad=03(O) Atr=01(Isoc) MxPS= 17 Ivl=1ms
I: If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E: Ad=83(I) Atr=01(Isoc) MxPS= 25 Ivl=1ms
E: Ad=03(O) Atr=01(Isoc) MxPS= 25 Ivl=1ms
I: If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E: Ad=83(I) Atr=01(Isoc) MxPS= 33 Ivl=1ms
E: Ad=03(O) Atr=01(Isoc) MxPS= 33 Ivl=1ms
I: If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E: Ad=83(I) Atr=01(Isoc) MxPS= 49 Ivl=1ms
E: Ad=03(O) Atr=01(Isoc) MxPS= 49 Ivl=1ms
Signed-off-by: Yevgeniy Melnichuk <yevgeniy.melnichuk@googlemail.com>
Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Andre Guedes [Wed, 1 Aug 2012 23:34:15 +0000 (20:34 -0300)]
Bluetooth: Fix use-after-free bug in SMP
If SMP fails, we should always cancel security_timer delayed work.
Otherwise, security_timer function may run after l2cap_conn object
has been freed.
This patch fixes the following warning reported by ODEBUG:
WARNING: at lib/debugobjects.c:261 debug_print_object+0x7c/0x8d()
Hardware name: Bochs
ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x27
Modules linked in: btusb bluetooth
Pid: 440, comm: kworker/u:2 Not tainted 3.5.0-rc1+ #4
Call Trace:
[<
ffffffff81174600>] ? free_obj_work+0x4a/0x7f
[<
ffffffff81023eb8>] warn_slowpath_common+0x7e/0x97
[<
ffffffff81023f65>] warn_slowpath_fmt+0x41/0x43
[<
ffffffff811746b1>] debug_print_object+0x7c/0x8d
[<
ffffffff810394f0>] ? __queue_work+0x241/0x241
[<
ffffffff81174fdd>] debug_check_no_obj_freed+0x92/0x159
[<
ffffffff810ac08e>] slab_free_hook+0x6f/0x77
[<
ffffffffa0019145>] ? l2cap_conn_del+0x148/0x157 [bluetooth]
[<
ffffffff810ae408>] kfree+0x59/0xac
[<
ffffffffa0019145>] l2cap_conn_del+0x148/0x157 [bluetooth]
[<
ffffffffa001b9a2>] l2cap_recv_frame+0xa77/0xfa4 [bluetooth]
[<
ffffffff810592f9>] ? trace_hardirqs_on_caller+0x112/0x1ad
[<
ffffffffa001c86c>] l2cap_recv_acldata+0xe2/0x264 [bluetooth]
[<
ffffffffa0002b2f>] hci_rx_work+0x235/0x33c [bluetooth]
[<
ffffffff81038dc3>] ? process_one_work+0x126/0x2fe
[<
ffffffff81038e22>] process_one_work+0x185/0x2fe
[<
ffffffff81038dc3>] ? process_one_work+0x126/0x2fe
[<
ffffffff81059f2e>] ? lock_acquired+0x1b5/0x1cf
[<
ffffffffa00028fa>] ? le_scan_work+0x11d/0x11d [bluetooth]
[<
ffffffff81036fb6>] ? spin_lock_irq+0x9/0xb
[<
ffffffff81039209>] worker_thread+0xcf/0x175
[<
ffffffff8103913a>] ? rescuer_thread+0x175/0x175
[<
ffffffff8103cfe0>] kthread+0x95/0x9d
[<
ffffffff812c5054>] kernel_threadi_helper+0x4/0x10
[<
ffffffff812c36b0>] ? retint_restore_args+0x13/0x13
[<
ffffffff8103cf4b>] ? flush_kthread_worker+0xdb/0xdb
[<
ffffffff812c5050>] ? gs_change+0x13/0x13
This bug can be reproduced using hctool lecc or l2test tools and
bluetoothd not running.
Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Bob Copeland [Mon, 13 Aug 2012 01:18:33 +0000 (21:18 -0400)]
ath5k: fix spin_lock_irqsave/spin_lock_bh nesting in mesh
Lockdep found an inconsistent lock state when joining a mesh with
ath5k. The problem is that ath5k takes the lock for its beacon state,
ah->block, with spin_lock_irqsave(), while mesh internally takes the
sync_offset_lock with spin_lock_bh() in mesh_sync_offset_adjust_tbtt(),
which in turn is called under ah->block.
This could deadlock if the beacon tasklet was run on the processor
that held the beacon lock during the do_softirq() in spin_unlock_bh().
We probably shouldn't hold the lock around the callbacks, but the
easiest fix is to switch to spin_lock_bh for ah->block: it doesn't
need interrupts disabled anyway as the data in question is only accessed
in softirq or process context.
Fixes the following lockdep warning:
[ 446.892304] WARNING: at kernel/softirq.c:159 _local_bh_enable_ip+0x38/0xa6()
[ 446.892306] Hardware name: MacBook1,1
[ 446.892309] Modules linked in: tcp_lp fuse sunrpc cpufreq_ondemand acpi_cpufreq mperf ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 nf_conntrack_ipv4 ip6table_filter nf_defrag_ipv4 xt_state nf_conntrack ip6_tables ext2 arc4 btusb bluetooth snd_hda_codec_idt snd_hda_intel carl9170 snd_hda_codec coretemp joydev ath5k snd_hwdep snd_seq isight_firmware ath snd_seq_device snd_pcm applesmc appletouch mac80211 input_polldev snd_timer microcode cfg80211 snd lpc_ich pcspkr i2c_i801 mfd_core soundcore rfkill snd_page_alloc sky2 tpm_infineon virtio_net kvm_intel kvm i915 drm_kms_helper drm i2c_algo_bit i2c_core video
[ 446.892385] Pid: 1892, comm: iw Not tainted 3.6.0-rc1-wl+ #296
[ 446.892387] Call Trace:
[ 446.892394] [<
c0432958>] warn_slowpath_common+0x7c/0x91
[ 446.892398] [<
c04399d7>] ? _local_bh_enable_ip+0x38/0xa6
[ 446.892403] [<
c04399d7>] ? _local_bh_enable_ip+0x38/0xa6
[ 446.892459] [<
f7f9ae3b>] ? mesh_sync_offset_adjust_tbtt+0x95/0x99 [mac80211]
[ 446.892464] [<
c043298f>] warn_slowpath_null+0x22/0x24
[ 446.892468] [<
c04399d7>] _local_bh_enable_ip+0x38/0xa6
[ 446.892473] [<
c0439a52>] local_bh_enable_ip+0xd/0xf
[ 446.892479] [<
c088004f>] _raw_spin_unlock_bh+0x34/0x37
[ 446.892527] [<
f7f9ae3b>] mesh_sync_offset_adjust_tbtt+0x95/0x99 [mac80211]
[ 446.892569] [<
f7f7650f>] ieee80211_beacon_get_tim+0x28f/0x4e0 [mac80211]
[ 446.892575] [<
c047ceeb>] ? trace_hardirqs_on_caller+0x10e/0x13f
[ 446.892591] [<
f7fdc541>] ath5k_beacon_update+0x40/0x26b [ath5k]
[ 446.892597] [<
c047ad67>] ? lock_acquired+0x1f5/0x21e
[ 446.892612] [<
f7fdf9fb>] ? ath5k_bss_info_changed+0x167/0x1b2 [ath5k]
[ 446.892617] [<
c087f9ea>] ? _raw_spin_lock_irqsave+0x78/0x82
[ 446.892632] [<
f7fdf9fb>] ? ath5k_bss_info_changed+0x167/0x1b2 [ath5k]
[ 446.892647] [<
f7fdfa09>] ath5k_bss_info_changed+0x175/0x1b2 [ath5k]
[ 446.892651] [<
c0479dd4>] ? lock_is_held+0x73/0x7b
[ 446.892662] [<
c0458fd5>] ? __might_sleep+0xa7/0x17a
[ 446.892698] [<
f7f5d8f7>] ieee80211_bss_info_change_notify+0x1ed/0x21a [mac80211]
[ 446.892703] [<
c0449875>] ? queue_work+0x24/0x32
[ 446.892718] [<
f7fdf894>] ? ath5k_configure_filter+0x163/0x163 [ath5k]
[ 446.892766] [<
f7f95fa4>] ieee80211_start_mesh+0xb9/0xbd [mac80211]
[ 446.892806] [<
f7f6e610>] ieee80211_join_mesh+0x10c/0x116 [mac80211]
[ 446.892834] [<
f7a96b90>] __cfg80211_join_mesh+0x176/0x1b3 [cfg80211]
[ 446.892855] [<
f7a96c1c>] cfg80211_join_mesh+0x4f/0x6a [cfg80211]
[ 446.892875] [<
f7a89891>] nl80211_join_mesh+0x1de/0x1ed [cfg80211]
[ 446.892908] [<
f7a8db99>] ? nl80211_set_wiphy+0x4cf/0x4cf [cfg80211]
[ 446.892919] [<
c07cfa36>] genl_rcv_msg+0x1d5/0x1f3
[ 446.892940] [<
c07cf861>] ? genl_rcv+0x25/0x25
[ 446.892946] [<
c07cf009>] netlink_rcv_skb+0x37/0x78
[ 446.892950] [<
c07cf85a>] genl_rcv+0x1e/0x25
[ 446.892955] [<
c07cebf3>] netlink_unicast+0xc3/0x12d
[ 446.892959] [<
c07cee46>] netlink_sendmsg+0x1e9/0x213
[ 446.892966] [<
c079f282>] sock_sendmsg+0x79/0x96
[ 446.892972] [<
c04eb90d>] ? might_fault+0x9d/0xa3
[ 446.892978] [<
c07a81d8>] ? copy_from_user+0x8/0xa
[ 446.892983] [<
c07a852c>] ? verify_iovec+0x43/0x77
[ 446.892987] [<
c079f4d8>] __sys_sendmsg+0x180/0x215
[ 446.892993] [<
c045f107>] ? sched_clock_cpu+0x134/0x144
[ 446.892997] [<
c047992f>] ? trace_hardirqs_off+0xb/0xd
[ 446.893002] [<
c047bf88>] ? __lock_acquire+0x46b/0xb6e
[ 446.893006] [<
c047992f>] ? trace_hardirqs_off+0xb/0xd
[ 446.893010] [<
c045f149>] ? local_clock+0x32/0x49
[ 446.893015] [<
c0479ec1>] ? lock_release_holdtime.part.9+0x4b/0x51
[ 446.893020] [<
c0479dd4>] ? lock_is_held+0x73/0x7b
[ 446.893025] [<
c050d127>] ? fcheck_files+0x97/0xcd
[ 446.893029] [<
c050d4df>] ? fget_light+0x2d/0x81
[ 446.893034] [<
c07a01f3>] sys_sendmsg+0x3b/0x52
[ 446.893038] [<
c07a07b4>] sys_socketcall+0x238/0x2a2
[ 446.893044] [<
c0885edf>] sysenter_do_call+0x12/0x38
[ 446.893047] ---[ end trace
a9af5998f929270f ]---
[ 447.627222]
[ 447.627232] =================================
[ 447.627237] [ INFO: inconsistent lock state ]
[ 447.627244] 3.6.0-rc1-wl+ #296 Tainted: G W
[ 447.627248] ---------------------------------
[ 447.627253] inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
[ 447.627260] swapper/0/0 [HC0[0]:SC1[1]:HE1:SE0] takes:
[ 447.627264] (&(&ah->block)->rlock){+.?...}, at: [<
f7fdd2d1>] ath5k_tasklet_beacon+0x91/0xa7 [ath5k]
[ 447.627299] {SOFTIRQ-ON-W} state was registered at:
[ 447.627304] [<
c047cdbf>] mark_held_locks+0x59/0x77
[ 447.627316] [<
c047ceeb>] trace_hardirqs_on_caller+0x10e/0x13f
[ 447.627324] [<
c047cf27>] trace_hardirqs_on+0xb/0xd
[ 447.627332] [<
c0439a3d>] _local_bh_enable_ip+0x9e/0xa6
[ 447.627342] [<
c0439a52>] local_bh_enable_ip+0xd/0xf
[ 447.627349] [<
c088004f>] _raw_spin_unlock_bh+0x34/0x37
[ 447.627359] [<
f7f9ae3b>] mesh_sync_offset_adjust_tbtt+0x95/0x99 [mac80211]
[ 447.627451] [<
f7f7650f>] ieee80211_beacon_get_tim+0x28f/0x4e0 [mac80211]
[ 447.627526] [<
f7fdc541>] ath5k_beacon_update+0x40/0x26b [ath5k]
[ 447.627547] [<
f7fdfa09>] ath5k_bss_info_changed+0x175/0x1b2 [ath5k]
[ 447.627569] [<
f7f5d8f7>] ieee80211_bss_info_change_notify+0x1ed/0x21a [mac80211]
[ 447.627628] [<
f7f95fa4>] ieee80211_start_mesh+0xb9/0xbd [mac80211]
[ 447.627712] [<
f7f6e610>] ieee80211_join_mesh+0x10c/0x116 [mac80211]
[ 447.627782] [<
f7a96b90>] __cfg80211_join_mesh+0x176/0x1b3 [cfg80211]
[ 447.627816] [<
f7a96c1c>] cfg80211_join_mesh+0x4f/0x6a [cfg80211]
[ 447.627845] [<
f7a89891>] nl80211_join_mesh+0x1de/0x1ed [cfg80211]
[ 447.627872] [<
c07cfa36>] genl_rcv_msg+0x1d5/0x1f3
[ 447.627881] [<
c07cf009>] netlink_rcv_skb+0x37/0x78
[ 447.627891] [<
c07cf85a>] genl_rcv+0x1e/0x25
[ 447.627898] [<
c07cebf3>] netlink_unicast+0xc3/0x12d
[ 447.627907] [<
c07cee46>] netlink_sendmsg+0x1e9/0x213
[ 447.627915] [<
c079f282>] sock_sendmsg+0x79/0x96
[ 447.627926] [<
c079f4d8>] __sys_sendmsg+0x180/0x215
[ 447.627934] [<
c07a01f3>] sys_sendmsg+0x3b/0x52
[ 447.627941] [<
c07a07b4>] sys_socketcall+0x238/0x2a2
[ 447.627949] [<
c0885edf>] sysenter_do_call+0x12/0x38
[ 447.627959] irq event stamp:
1929200
[ 447.627963] hardirqs last enabled at (
1929200): [<
c043a0e9>] tasklet_hi_action+0x3e/0xbf
[ 447.627972] hardirqs last disabled at (
1929199): [<
c043a0c0>] tasklet_hi_action+0x15/0xbf
[ 447.627981] softirqs last enabled at (
1929196): [<
c043999d>] _local_bh_enable+0x12/0x14
[ 447.627989] softirqs last disabled at (
1929197): [<
c040443b>] do_softirq+0x63/0xb8
[ 447.627999]
[ 447.627999] other info that might help us debug this:
[ 447.628004] Possible unsafe locking scenario:
[ 447.628004]
[ 447.628009] CPU0
[ 447.628012] ----
[ 447.628016] lock(&(&ah->block)->rlock);
[ 447.628023] <Interrupt>
[ 447.628027] lock(&(&ah->block)->rlock);
[ 447.628034]
[ 447.628034] *** DEADLOCK ***
Signed-off-by: Bob Copeland <me@bobcopeland.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Lorenzo Bianconi [Fri, 10 Aug 2012 09:00:24 +0000 (11:00 +0200)]
ath9k: fix decrypt_error initialization in ath_rx_tasklet()
ath_rx_tasklet() calls ath9k_rx_skb_preprocess() and ath9k_rx_skb_postprocess()
in a loop over the received frames. The decrypt_error flag is
initialized to false
just outside ath_rx_tasklet() loop. ath9k_rx_accept(), called by
ath9k_rx_skb_preprocess(),
only sets decrypt_error to true and never to false.
Then ath_rx_tasklet() calls ath9k_rx_skb_postprocess() and passes
decrypt_error to it.
So, after a decryption error, in ath9k_rx_skb_postprocess(), we can
have a leftover value
from another processed frame. In that case, the frame will not be marked with
RX_FLAG_DECRYPTED even if it is decrypted correctly.
When using CCMP encryption this issue can lead to connection stuck
because of CCMP
PN corruption and a waste of CPU time since mac80211 tries to decrypt an already
deciphered frame with ieee80211_aes_ccm_decrypt.
Fix the issue initializing decrypt_error flag at the begging of the
ath_rx_tasklet() loop.
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi83@gmail.com>
Cc: <stable@kernel.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Rajkumar Manoharan [Thu, 9 Aug 2012 07:07:26 +0000 (12:37 +0530)]
ath9k: stop btcoex on device suspend
During suspend, the device will be moved to FULLSLEEP state.
As btcoex is never been stopped, the btcoex timer is running
and tries to access hw on fullsleep state. Fix that.
Cc: stable@vger.kernel.org
Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Dan Carpenter [Thu, 9 Aug 2012 06:57:30 +0000 (09:57 +0300)]
wireless: at76c50x: signedness bug in at76_dfu_get_state()
This return holds the number of bytes transfered (1 byte) or a negative
error code. The type should be int instead of u8.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Pavel Roskin <proski@gnu.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Alexey Khoroshilov [Wed, 8 Aug 2012 15:44:21 +0000 (19:44 +0400)]
rndis_wlan: Fix potential memory leak in update_pmkid()
Do not leak memory by updating pointer with potentially NULL realloc return value.
Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
Acked-by: Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Felix Fietkau [Wed, 8 Aug 2012 14:25:03 +0000 (16:25 +0200)]
ath9k: fix interrupt storms on queued hardware reset
commit
b74713d04effbacd3d126ce94cec18742187b6ce
"ath9k: Handle fatal interrupts properly" introduced a race condition, where
IRQs are being left enabled, however the irq handler returns IRQ_HANDLED
while the reset is still queued without addressing the IRQ cause.
This leads to an IRQ storm that prevents the system from even getting to
the reset code.
Fix this by disabling IRQs in the handler without touching intr_ref_cnt.
Cc: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
Cc: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
John W. Linville [Fri, 10 Aug 2012 18:41:38 +0000 (14:41 -0400)]
Merge branch 'master' of git://git./linux/kernel/git/bluetooth/bluetooth
Peng Chen [Wed, 1 Aug 2012 02:11:59 +0000 (10:11 +0800)]
Bluetooth: add support for atheros 0489:e057
Add support for the AR3012 chip found on Fioxconn.
usb-devices shows:
T: Bus=06 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 44 Spd=12 MxCh= 0
D: Ver= 1.10 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1
P: Vendor=0489 ProdID=e057 Rev= 0.02
C:* #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=100mA
I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E: Ad=81(I) Atr=03(Int.) MxPS= 16 Ivl=1ms
E: Ad=82(I) Atr=02(Bulk) MxPS= 64 Ivl=0ms
E: Ad=02(O) Atr=02(Bulk) MxPS= 64 Ivl=0ms
I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E: Ad=83(I) Atr=01(Isoc) MxPS= 0 Ivl=1ms
E: Ad=03(O) Atr=01(Isoc) MxPS= 0 Ivl=1ms
I: If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E: Ad=83(I) Atr=01(Isoc) MxPS= 9 Ivl=1ms
E: Ad=03(O) Atr=01(Isoc) MxPS= 9 Ivl=1ms
I: If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E: Ad=83(I) Atr=01(Isoc) MxPS= 17 Ivl=1ms
E: Ad=03(O) Atr=01(Isoc) MxPS= 17 Ivl=1ms
I: If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E: Ad=83(I) Atr=01(Isoc) MxPS= 25 Ivl=1ms
E: Ad=03(O) Atr=01(Isoc) MxPS= 25 Ivl=1ms
I: If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E: Ad=83(I) Atr=01(Isoc) MxPS= 33 Ivl=1ms
E: Ad=03(O) Atr=01(Isoc) MxPS= 33 Ivl=1ms
I: If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E: Ad=83(I) Atr=01(Isoc) MxPS= 49 Ivl=1ms
E: Ad=03(O) Atr=01(Isoc) MxPS= 49 Ivl=1ms
Signed-off-by: Peng Chen <pengchen@qca.qualcomm.com>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Johannes Berg [Sun, 5 Aug 2012 16:31:46 +0000 (18:31 +0200)]
iwlwifi: disable greenfield transmissions as a workaround
There's a bug that causes the rate scaling to get stuck
when it has to use single-stream rates with a peer that
can do GF and SGI; the two are incompatible so we can't
use them together, but that causes the algorithm to not
work at all, it always rejects updates.
Disable greenfield for now to prevent that problem.
Cc: stable@vger.kernel.org
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Tested-by: Cesar Eduardo Barros <cesarb@cesarb.net>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Stanislaw Gruszka [Fri, 3 Aug 2012 10:49:14 +0000 (12:49 +0200)]
rt61pci: fix NULL pointer dereference in config_lna_gain
We can not pass NULL libconf->conf->channel to rt61pci_config() as it
is dereferenced unconditionally in rt61pci_config_lna_gain() subroutine.
Resolves:
https://bugzilla.kernel.org/show_bug.cgi?id=44361
Cc: stable@vger.kernel.org
Reported-and-tested-by: <dolohow@gmail.com>
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Daniel Drake [Thu, 2 Aug 2012 17:41:48 +0000 (18:41 +0100)]
cfg80211: process pending events when unregistering net device
libertas currently calls cfg80211_disconnected() when it is being
brought down. This causes an event to be allocated, but since the
wdev is already removed from the rdev by the time that the event
processing work executes, the event is never processed or freed.
http://article.gmane.org/gmane.linux.kernel.wireless.general/95666
Fix this leak, and other possible situations, by processing the event
queue when a device is being unregistered. Thanks to Johannes Berg for
the suggestion.
Signed-off-by: Daniel Drake <dsd@laptop.org>
Cc: stable@vger.kernel.org
Reviewed-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Jaganath Kanakkassery [Thu, 19 Jul 2012 07:24:04 +0000 (12:54 +0530)]
Bluetooth: Fix socket not getting freed if l2cap channel create fails
If l2cap_chan_create() fails then it will return from l2cap_sock_kill
since zapped flag of sk is reset.
Signed-off-by: Jaganath Kanakkassery <jaganath.k@samsung.com>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Andrei Emeltchenko [Thu, 19 Jul 2012 14:03:43 +0000 (17:03 +0300)]
Bluetooth: smp: Fix possible NULL dereference
smp_chan_create might return NULL so we need to check before
dereferencing smp.
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Ram Malovany [Thu, 19 Jul 2012 07:26:11 +0000 (10:26 +0300)]
Bluetooth: Set name_state to unknown when entry name is empty
When the name of the given entry is empty , the state needs to be
updated accordingly.
Cc: stable@vger.kernel.org
Signed-off-by: Ram Malovany <ramm@ti.com>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Ram Malovany [Thu, 19 Jul 2012 07:26:10 +0000 (10:26 +0300)]
Bluetooth: Fix using a NULL inquiry cache entry
If the device was not found in a list of found devices names of which
are pending.This may happen in a case when HCI Remote Name Request
was sent as a part of incoming connection establishment procedure.
Hence there is no need to continue resolving a next name as it will
be done upon receiving another Remote Name Request Complete Event.
This will fix a kernel crash when trying to use this entry to resolve
the next name.
Cc: stable@vger.kernel.org
Signed-off-by: Ram Malovany <ramm@ti.com>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Ram Malovany [Thu, 19 Jul 2012 07:26:09 +0000 (10:26 +0300)]
Bluetooth: Fix using NULL inquiry entry
If entry wasn't found in the hci_inquiry_cache_lookup_resolve do not
resolve the name.This will fix a kernel crash when trying to use NULL
pointer.
Cc: stable@vger.kernel.org
Signed-off-by: Ram Malovany <ramm@ti.com>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Szymon Janc [Thu, 19 Jul 2012 12:46:08 +0000 (14:46 +0200)]
Bluetooth: Fix legacy pairing with some devices
Some devices e.g. some Android based phones don't do SDP search before
pairing and cancel legacy pairing when ACL is disconnected.
PIN Code Request event which changes ACL timeout to HCI_PAIRING_TIMEOUT
is only received after remote user entered PIN.
In that case no L2CAP is connected so default HCI_DISCONN_TIMEOUT
(2 seconds) is being used to timeout ACL connection. This results in
problems with legacy pairing as remote user has only few seconds to
enter PIN before ACL is disconnected.
Increase disconnect timeout for incomming connection to
HCI_PAIRING_TIMEOUT if SSP is disabled and no linkey exists.
To avoid keeping ACL alive for too long after SDP search set ACL
timeout back to HCI_DISCONN_TIMEOUT when L2CAP is connected.
2012-07-19 13:24:43.413521 < HCI Command: Create Connection (0x01|0x0005) plen 13
bdaddr 00:02:72:D6:6A:3F ptype 0xcc18 rswitch 0x01 clkoffset 0x0000
Packet type: DM1 DM3 DM5 DH1 DH3 DH5
2012-07-19 13:24:43.425224 > HCI Event: Command Status (0x0f) plen 4
Create Connection (0x01|0x0005) status 0x00 ncmd 1
2012-07-19 13:24:43.885222 > HCI Event: Role Change (0x12) plen 8
status 0x00 bdaddr 00:02:72:D6:6A:3F role 0x01
Role: Slave
2012-07-19 13:24:44.054221 > HCI Event: Connect Complete (0x03) plen 11
status 0x00 handle 42 bdaddr 00:02:72:D6:6A:3F type ACL encrypt 0x00
2012-07-19 13:24:44.054313 < HCI Command: Read Remote Supported Features (0x01|0x001b) plen 2
handle 42
2012-07-19 13:24:44.055176 > HCI Event: Page Scan Repetition Mode Change (0x20) plen 7
bdaddr 00:02:72:D6:6A:3F mode 0
2012-07-19 13:24:44.056217 > HCI Event: Max Slots Change (0x1b) plen 3
handle 42 slots 5
2012-07-19 13:24:44.059218 > HCI Event: Command Status (0x0f) plen 4
Read Remote Supported Features (0x01|0x001b) status 0x00 ncmd 0
2012-07-19 13:24:44.062192 > HCI Event: Command Status (0x0f) plen 4
Unknown (0x00|0x0000) status 0x00 ncmd 1
2012-07-19 13:24:44.067219 > HCI Event: Read Remote Supported Features (0x0b) plen 11
status 0x00 handle 42
Features: 0xbf 0xfe 0xcf 0xfe 0xdb 0xff 0x7b 0x87
2012-07-19 13:24:44.067248 < HCI Command: Read Remote Extended Features (0x01|0x001c) plen 3
handle 42 page 1
2012-07-19 13:24:44.071217 > HCI Event: Command Status (0x0f) plen 4
Read Remote Extended Features (0x01|0x001c) status 0x00 ncmd 1
2012-07-19 13:24:44.076218 > HCI Event: Read Remote Extended Features (0x23) plen 13
status 0x00 handle 42 page 1 max 1
Features: 0x01 0x00 0x00 0x00 0x00 0x00 0x00 0x00
2012-07-19 13:24:44.076249 < HCI Command: Remote Name Request (0x01|0x0019) plen 10
bdaddr 00:02:72:D6:6A:3F mode 2 clkoffset 0x0000
2012-07-19 13:24:44.081218 > HCI Event: Command Status (0x0f) plen 4
Remote Name Request (0x01|0x0019) status 0x00 ncmd 1
2012-07-19 13:24:44.105214 > HCI Event: Remote Name Req Complete (0x07) plen 255
status 0x00 bdaddr 00:02:72:D6:6A:3F name 'uw000951-0'
2012-07-19 13:24:44.105284 < HCI Command: Authentication Requested (0x01|0x0011) plen 2
handle 42
2012-07-19 13:24:44.111207 > HCI Event: Command Status (0x0f) plen 4
Authentication Requested (0x01|0x0011) status 0x00 ncmd 1
2012-07-19 13:24:44.112220 > HCI Event: Link Key Request (0x17) plen 6
bdaddr 00:02:72:D6:6A:3F
2012-07-19 13:24:44.112249 < HCI Command: Link Key Request Negative Reply (0x01|0x000c) plen 6
bdaddr 00:02:72:D6:6A:3F
2012-07-19 13:24:44.115215 > HCI Event: Command Complete (0x0e) plen 10
Link Key Request Negative Reply (0x01|0x000c) ncmd 1
status 0x00 bdaddr 00:02:72:D6:6A:3F
2012-07-19 13:24:44.116215 > HCI Event: PIN Code Request (0x16) plen 6
bdaddr 00:02:72:D6:6A:3F
2012-07-19 13:24:48.099184 > HCI Event: Auth Complete (0x06) plen 3
status 0x13 handle 42
Error: Remote User Terminated Connection
2012-07-19 13:24:48.179182 > HCI Event: Disconn Complete (0x05) plen 4
status 0x00 handle 42 reason 0x13
Reason: Remote User Terminated Connection
Cc: stable@vger.kernel.org
Signed-off-by: Szymon Janc <szymon.janc@tieto.com>
Acked-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Gustavo Padovan [Fri, 15 Jun 2012 05:30:20 +0000 (02:30 -0300)]
Bluetooth: Fix possible deadlock in SCO code
sco_chan_del() only has conn != NULL when called from sco_conn_del() so
just move the code from it that deal with conn to sco_conn_del().
[ 120.765529]
[ 120.765529] ======================================================
[ 120.766529] [ INFO: possible circular locking dependency detected ]
[ 120.766529]
3.5.0-rc1-10292-g3701f94-dirty #70 Tainted: G W
[ 120.766529] -------------------------------------------------------
[ 120.766529] kworker/u:3/1497 is trying to acquire lock:
[ 120.766529] (&(&conn->lock)->rlock#2){+.+...}, at:
[<
ffffffffa00b7ecc>] sco_chan_del+0x4c/0x170 [bluetooth]
[ 120.766529]
[ 120.766529] but task is already holding lock:
[ 120.766529] (slock-AF_BLUETOOTH-BTPROTO_SCO){+.+...}, at:
[<
ffffffffa00b8401>] sco_conn_del+0x61/0xe0 [bluetooth]
[ 120.766529]
[ 120.766529] which lock already depends on the new lock.
[ 120.766529]
[ 120.766529]
[ 120.766529] the existing dependency chain (in reverse order) is:
[ 120.766529]
[ 120.766529] -> #1 (slock-AF_BLUETOOTH-BTPROTO_SCO){+.+...}:
[ 120.766529] [<
ffffffff8107980e>] lock_acquire+0x8e/0xb0
[ 120.766529] [<
ffffffff813c19e0>] _raw_spin_lock+0x40/0x80
[ 120.766529] [<
ffffffffa00b85e9>] sco_connect_cfm+0x79/0x300
[bluetooth]
[ 120.766529] [<
ffffffffa0094b13>]
hci_sync_conn_complete_evt.isra.90+0x343/0x400 [bluetooth]
[ 120.766529] [<
ffffffffa009d447>] hci_event_packet+0x317/0xfb0
[bluetooth]
[ 120.766529] [<
ffffffffa008aa68>] hci_rx_work+0x2c8/0x890
[bluetooth]
[ 120.766529] [<
ffffffff81047db7>] process_one_work+0x197/0x460
[ 120.766529] [<
ffffffff810489d6>] worker_thread+0x126/0x2d0
[ 120.766529] [<
ffffffff8104ee4d>] kthread+0x9d/0xb0
[ 120.766529] [<
ffffffff813c4294>] kernel_thread_helper+0x4/0x10
[ 120.766529]
[ 120.766529] -> #0 (&(&conn->lock)->rlock#2){+.+...}:
[ 120.766529] [<
ffffffff81078a8a>] __lock_acquire+0x154a/0x1d30
[ 120.766529] [<
ffffffff8107980e>] lock_acquire+0x8e/0xb0
[ 120.766529] [<
ffffffff813c19e0>] _raw_spin_lock+0x40/0x80
[ 120.766529] [<
ffffffffa00b7ecc>] sco_chan_del+0x4c/0x170
[bluetooth]
[ 120.766529] [<
ffffffffa00b8414>] sco_conn_del+0x74/0xe0
[bluetooth]
[ 120.766529] [<
ffffffffa00b88a2>] sco_disconn_cfm+0x32/0x60
[bluetooth]
[ 120.766529] [<
ffffffffa0093a82>]
hci_disconn_complete_evt.isra.53+0x242/0x390 [bluetooth]
[ 120.766529] [<
ffffffffa009d747>] hci_event_packet+0x617/0xfb0
[bluetooth]
[ 120.766529] [<
ffffffffa008aa68>] hci_rx_work+0x2c8/0x890
[bluetooth]
[ 120.766529] [<
ffffffff81047db7>] process_one_work+0x197/0x460
[ 120.766529] [<
ffffffff810489d6>] worker_thread+0x126/0x2d0
[ 120.766529] [<
ffffffff8104ee4d>] kthread+0x9d/0xb0
[ 120.766529] [<
ffffffff813c4294>] kernel_thread_helper+0x4/0x10
[ 120.766529]
[ 120.766529] other info that might help us debug this:
[ 120.766529]
[ 120.766529] Possible unsafe locking scenario:
[ 120.766529]
[ 120.766529] CPU0 CPU1
[ 120.766529] ---- ----
[ 120.766529] lock(slock-AF_BLUETOOTH-BTPROTO_SCO);
[ 120.766529]
lock(&(&conn->lock)->rlock#2);
[ 120.766529]
lock(slock-AF_BLUETOOTH-BTPROTO_SCO);
[ 120.766529] lock(&(&conn->lock)->rlock#2);
[ 120.766529]
[ 120.766529] *** DEADLOCK ***
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Manoj Iyer [Tue, 10 Jul 2012 19:07:38 +0000 (14:07 -0500)]
Bluetooth: btusb: Add vendor specific ID (0a5c:21f4) BCM20702A0
Patch adds support for BCM20702A0 device id (0a5c:21f4).
usb-devices after patch was applied:
T: Bus=03 Lev=01 Prnt=01 Port=01 Cnt=01 Dev#= 2 Spd=12 MxCh= 0
D: Ver= 2.00 Cls=ff(vend.) Sub=01 Prot=01 MxPS=64 #Cfgs= 1
P: Vendor=0a5c ProdID=21f4 Rev=01.12
S: Manufacturer=Broadcom Corp
S: Product=BCM20702A0
S: SerialNumber=
E4D53DF154D6
C: #Ifs= 4 Cfg#= 1 Atr=e0 MxPwr=0mA
I: If#= 0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=01 Prot=01 Driver=btusb
I: If#= 1 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=01 Prot=01 Driver=btusb
I: If#= 2 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none)
I: If#= 3 Alt= 0 #EPs= 0 Cls=fe(app. ) Sub=01 Prot=01 Driver=(none)
usb-devices before patch was applied:
T: Bus=03 Lev=01 Prnt=01 Port=01 Cnt=01 Dev#= 2 Spd=12 MxCh= 0
D: Ver= 2.00 Cls=ff(vend.) Sub=01 Prot=01 MxPS=64 #Cfgs= 1
P: Vendor=0a5c ProdID=21f4 Rev=01.12
S: Manufacturer=Broadcom Corp
S: Product=BCM20702A0
S: SerialNumber=
E4D53DF154D6
C: #Ifs= 4 Cfg#= 1 Atr=e0 MxPwr=0mA
I: If#= 0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=01 Prot=01 Driver=(none)
I: If#= 1 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=01 Prot=01 Driver=(none)
I: If#= 2 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none)
I: If#= 3 Alt= 0 #EPs= 0 Cls=fe(app. ) Sub=01 Prot=01 Driver=(none)
Signed-off-by: Manoj Iyer <manoj.iyer@canonical.com>
Tested-by: Chris Gagnon <chris.gagnon@canonical.com>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Mohammed Shafi Shajakhan [Thu, 2 Aug 2012 06:28:50 +0000 (11:58 +0530)]
ath9k: Add PID/VID support for AR1111
AR1111 is same as AR9485. The h/w
difference between them is quite insignificant,
Felix suggests only very few baseband features
may not be available in AR1111. The h/w code for
AR9485 is already present, so AR1111 should
work fine with the addition of its PID/VID.
Cc: stable@vger.kernel.org [2.6.39+]
Cc: Felix Bitterli <felixb@qca.qualcomm.com>
Reported-by: Tim Bentley <Tim.Bentley@Gmail.com>
Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
Tested-by: Tim Bentley <Tim.Bentley@Gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Seth Forshee [Wed, 1 Aug 2012 20:58:43 +0000 (15:58 -0500)]
brcmsmac: use channel flags to restrict OFDM
brcmsmac cannot call freq_reg_info() during channel changes as it does
not hold cfg80211_lock, and as a result it generates a lockdep warning.
freq_reg_info() is being used to determine whether OFDM is allowed on
the current channel, so we can avoid the errant call by using the new
IEEE80211_CHAN_NO_OFDM for this purpose instead.
Reported-by: Josh Boyer <jwboyer@redhat.com>
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Daniel Drake [Wed, 1 Aug 2012 20:35:36 +0000 (21:35 +0100)]
libertas: fix two memory leaks
The if_sdio_card structure was never being freed, and neither
was the command structure used for association.
Signed-off-by: Daniel Drake <dsd@laptop.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Woody Hung [Tue, 31 Jul 2012 13:53:33 +0000 (21:53 +0800)]
rt2x00 : fix rt3290 resuming failed.
This patch is going to fix the resuming failed from S3/S4
for rt3290 chip.
Signed-off-by: Woody Hung <Woody.Hung@mediatek.com>
Cc: Kevin Chou <kevin.chou@mediatek.com>
Signed-off-by: Chen, Chien-Chia <machen@suse.com>
Reviewed-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Daniel Drake [Mon, 30 Jul 2012 21:58:04 +0000 (22:58 +0100)]
libertas: don't reset card on error when it is being removed
On an OLPC XO-1.5 we have seen the following situation:
- the system starts going into suspend
- no wake params are set, so the mmc layer removes the card
- during remove, we send a command to the card
- that command fails, causing if_sdio's reset method to try and remove
the mmc card in attempt to reset it
- the mmc layer is not happy about being asked to remove a card that
it is already removing, and the kernel crashes
While the MMC layer could possibly be taught to behave better here,
it also seems sensible for libertas not to try and reset a card if
we're in the process of removing it anyway.
Signed-off-by: Daniel Drake <dsd@laptop.org>
Acked-by: Dan Williams <dcbw@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Rafał Miłecki [Mon, 23 Jul 2012 20:57:01 +0000 (22:57 +0200)]
b43: fix logic in GPIO init
Add some comments by the way
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Rafał Miłecki [Mon, 23 Jul 2012 16:20:12 +0000 (18:20 +0200)]
bcma: BCM43228 support
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
John W. Linville [Thu, 2 Aug 2012 17:49:38 +0000 (13:49 -0400)]
Merge branch 'for-john' of git://git./linux/kernel/git/jberg/mac80211
Paul Stewart [Wed, 1 Aug 2012 23:54:42 +0000 (16:54 -0700)]
cfg80211: Clear "beacon_found" on regulatory restore
Restore the default state to the "beacon_found" flag when
the channel flags are restored. Otherwise, we can end up
with a channel that we can no longer transmit on even when
we can see beacons on that channel.
Signed-off-by: Paul Stewart <pstew@chromium.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Seth Forshee [Wed, 1 Aug 2012 20:58:42 +0000 (15:58 -0500)]
cfg80211: add channel flag to prohibit OFDM operation
Currently the only way for wireless drivers to tell whether or not OFDM
is allowed on the current channel is to check the regulatory
information. However, this requires hodling cfg80211_mutex, which is not
visible to the drivers.
Other regulatory restrictions are provided as flags in the channel
definition, so let's do similarly with OFDM. This patch adds a new flag,
IEEE80211_CHAN_NO_OFDM, to tell drivers that OFDM on a channel is not
allowed. This flag is set on any channels for which regulatory indicates
that OFDM is prohibited.
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Tested-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Eric Dumazet [Wed, 1 Aug 2012 23:23:40 +0000 (23:23 +0000)]
ipv4: route.c cleanup
Remove unused includes after IP cache removal
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jesper Juhl [Tue, 31 Jul 2012 11:39:37 +0000 (11:39 +0000)]
bnx2x: fix mem leak when command is unknown
In bnx2x_mcast_enqueue_cmd() we'll leak the memory allocated to
'new_cmd' if we hit the deafault case of the 'switch (cmd)'.
Add a 'kfree(new_cmd)' to that case to avoid the leak.
Signed-off-by: Jesper Juhl <jj@chaosbits.net>
Acked-by: Dmitry Kravkov <dmitry@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Fan Du [Mon, 30 Jul 2012 21:43:54 +0000 (21:43 +0000)]
Fix unexpected SA hard expiration after changing date
After SA is setup, one timer is armed to detect soft/hard expiration,
however the timer handler uses xtime to do the math. This makes hard
expiration occurs first before soft expiration after setting new date
with big interval. As a result new child SA is deleted before rekeying
the new one.
Signed-off-by: Fan Du <fdu@windriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Ben Hutchings [Mon, 30 Jul 2012 16:11:42 +0000 (16:11 +0000)]
tcp: Apply device TSO segment limit earlier
Cache the device gso_max_segs in sock::sk_gso_max_segs and use it to
limit the size of TSO skbs. This avoids the need to fall back to
software GSO for local TCP senders.
Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Ben Hutchings [Mon, 30 Jul 2012 15:57:44 +0000 (15:57 +0000)]
sfc: Fix maximum number of TSO segments and minimum TX queue size
Currently an skb requiring TSO may not fit within a minimum-size TX
queue. The TX queue selected for the skb may stall and trigger the TX
watchdog repeatedly (since the problem skb will be retried after the
TX reset). This issue is designated as CVE-2012-3412.
Set the maximum number of TSO segments for our devices to 100. This
should make no difference to behaviour unless the actual MSS is less
than about 700. Increase the minimum TX queue size accordingly to
allow for 2 worst-case skbs, so that there will definitely be space
to add an skb after we wake a queue.
To avoid invalidating existing configurations, change
efx_ethtool_set_ringparam() to fix up values that are too small rather
than returning -EINVAL.
Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Ben Hutchings [Mon, 30 Jul 2012 15:57:00 +0000 (15:57 +0000)]
net: Allow driver to limit number of GSO segments per skb
A peer (or local user) may cause TCP to use a nominal MSS of as little
as 88 (actual MSS of 76 with timestamps). Given that we have a
sufficiently prodigious local sender and the peer ACKs quickly enough,
it is nevertheless possible to grow the window for such a connection
to the point that we will try to send just under 64K at once. This
results in a single skb that expands to 861 segments.
In some drivers with TSO support, such an skb will require hundreds of
DMA descriptors; a substantial fraction of a TX ring or even more than
a full ring. The TX queue selected for the skb may stall and trigger
the TX watchdog repeatedly (since the problem skb will be retried
after the TX reset). This particularly affects sfc, for which the
issue is designated as CVE-2012-3412.
Therefore:
1. Add the field net_device::gso_max_segs holding the device-specific
limit.
2. In netif_skb_features(), if the number of segments is too high then
mask out GSO features to force fall back to software GSO.
Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Torvalds [Wed, 1 Aug 2012 23:47:15 +0000 (16:47 -0700)]
Merge branch 'upstream' of git://git.linux-mips.org/ralf/upstream-linus
Pull MIPS updates from Ralf Baechle:
"The lion share of this pull request are fixes for clk-related breakage
caused by other changes during this merge window. For some platforms
the fix was as simple as selecting HAVE_CLK, for others like the
Loongson 2 significant restructuring was required.
The remainder are changes required to get the Lantiq code to work
again."
* 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus:
MIPS: Loongson 2: Sort out clock managment.
MIPS: Loongson 1: more clk support and add select HAVE_CLK
MIPS: txx9: Fix redefinition of clk_* by adding select HAVE_CLK
MIPS: BCM63xx: Fix redefinition of clk_* by adding select HAVE_CLK
MIPS: AR7: Fix redefinition of clk_* by adding select HAVE_CLK
MIPS: Lantiq: Platform specific CLK fixup
MIPS: Lantiq: Add device_tree_init function
MIPS: Lantiq: Fix interface clock and PCI control register offset
Linus Torvalds [Wed, 1 Aug 2012 23:45:02 +0000 (16:45 -0700)]
Merge branch 'for-linus-3.6-rc1' of git://git./linux/kernel/git/rw/uml
Pull UML fixes from Richard Weinberger:
"This patch set contains mostly fixes and cleanups. The UML tty driver
uses now tty_port and is no longer broken like hell :-)"
* 'for-linus-3.6-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/uml:
um: Add arch/x86/um to MAINTAINERS
um: pass siginfo to guest process
um: fix ubd_file_size for read-only files
um: pull interrupt_end() into userspace()
um: split syscall_trace(), pass pt_regs to it
um: switch UPT_SET_RETURN_VALUE and regs_return_value to pt_regs
um: set BLK_CGROUP=y in defconfig
um: remove count_lock
um: fully use tty_port
um: Remove dead code
um: remove line_ioctl()
TTY: um/line, use tty from tty_port
TTY: um/line, add tty_port
Linus Torvalds [Wed, 1 Aug 2012 23:41:07 +0000 (16:41 -0700)]
Merge branch 'dmaengine' of git://git.linaro.org/people/rmk/linux-arm
Pull ARM DMA engine updates from Russell King:
"This looks scary at first glance, but what it is is:
- a rework of the sa11x0 DMA engine driver merged during the previous
cycle, to extract a common set of helper functions for DMA engine
implementations.
- conversion of amba-pl08x.c to use these helper functions.
- addition of OMAP DMA engine driver (using these helper functions),
and conversion of some of the OMAP DMA users to use DMA engine.
Nothing in the helper functions is ARM specific, so I hope that other
implementations can consolidate some of their code by making use of
these helpers.
This has been sitting in linux-next most of the merge cycle, and has
been tested by several OMAP folk. I've tested it on sa11x0 platforms,
and given it my best shot on my broken platforms which have the
amba-pl08x controller.
The last point is the addition to feature-removal-schedule.txt, which
will have a merge conflict. Between myself and TI, we're planning to
remove the old TI DMA implementation next year."
Fix up trivial add/add conflicts in Documentation/feature-removal-schedule.txt
and drivers/dma/{Kconfig,Makefile}
* 'dmaengine' of git://git.linaro.org/people/rmk/linux-arm: (53 commits)
ARM: 7481/1: OMAP2+: omap2plus_defconfig: enable OMAP DMA engine
ARM: 7464/1: mmc: omap_hsmmc: ensure probe returns error if DMA channel request fails
Add feature removal of old OMAP private DMA implementation
mtd: omap2: remove private DMA API implementation
mtd: omap2: add DMA engine support
spi: omap2-mcspi: remove private DMA API implementation
spi: omap2-mcspi: add DMA engine support
ARM: omap: remove mmc platform data dma_mask and initialization
mmc: omap: remove private DMA API implementation
mmc: omap: add DMA engine support
mmc: omap_hsmmc: remove private DMA API implementation
mmc: omap_hsmmc: add DMA engine support
dmaengine: omap: add support for cyclic DMA
dmaengine: omap: add support for setting fi
dmaengine: omap: add support for returning residue in tx_state method
dmaengine: add OMAP DMA engine driver
dmaengine: sa11x0-dma: add cyclic DMA support
dmaengine: sa11x0-dma: fix DMA residue support
dmaengine: PL08x: ensure all descriptors are freed when channel is released
dmaengine: PL08x: get rid of write only pool_ctr and free_txd locking
...
Linus Torvalds [Wed, 1 Aug 2012 23:35:37 +0000 (16:35 -0700)]
Merge branch 'audit' of git://git.linaro.org/people/rmk/linux-arm
Pull ARM audit/signal updates from Russell King:
"ARM audit/signal handling updates from Al and Will. This improves on
the work Viro did last merge window, and sorts out some of the issues
found with that work."
* 'audit' of git://git.linaro.org/people/rmk/linux-arm:
ARM: 7475/1: sys_trace: allow all syscall arguments to be updated via ptrace
ARM: 7474/1: get rid of TIF_SYSCALL_RESTARTSYS
ARM: 7473/1: deal with handlerless restarts without leaving the kernel
ARM: 7472/1: pull all work_pending logics into C function
ARM: 7471/1: Revert "7442/1: Revert "remove unused restart trampoline""
ARM: 7470/1: Revert "7443/1: Revert "new way of handling ERESTART_RESTARTBLOCK""
Linus Torvalds [Wed, 1 Aug 2012 23:30:45 +0000 (16:30 -0700)]
Merge branch 'fixes' of git://git.linaro.org/people/rmk/linux-arm
Pull ARM fixes from Russell King:
"This fixes various issues found during July"
* 'fixes' of git://git.linaro.org/people/rmk/linux-arm:
ARM: 7479/1: mm: avoid NULL dereference when flushing gate_vma with VIVT caches
ARM: Fix undefined instruction exception handling
ARM: 7480/1: only call smp_send_stop() on SMP
ARM: 7478/1: errata: extend workaround for erratum #720789
ARM: 7477/1: vfp: Always save VFP state in vfp_pm_suspend on UP
ARM: 7476/1: vfp: only clear vfp state for current cpu in vfp_pm_suspend
ARM: 7468/1: ftrace: Trace function entry before updating index
ARM: 7467/1: mutex: use generic xchg-based implementation for ARMv6+
ARM: 7466/1: disable interrupt before spinning endlessly
ARM: 7465/1: Handle >4GB memory sizes in device tree and mem=size@start option
Richard Weinberger [Wed, 1 Aug 2012 23:00:47 +0000 (01:00 +0200)]
um: Add arch/x86/um to MAINTAINERS
Signed-off-by: Richard Weinberger <richard@nod.at>
Martin Pärtel [Wed, 1 Aug 2012 22:49:17 +0000 (00:49 +0200)]
um: pass siginfo to guest process
UML guest processes now get correct siginfo_t for SIGTRAP, SIGFPE,
SIGILL and SIGBUS. Specifically, si_addr and si_code are now correct
where previously they were si_addr = NULL and si_code = 128.
Signed-off-by: Martin Pärtel <martin.partel@gmail.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Martin Pärtel [Wed, 1 Aug 2012 22:44:22 +0000 (00:44 +0200)]
um: fix ubd_file_size for read-only files
Made ubd_file_size not request write access. Fixes use of read-only images.
Signed-off-by: Martin Pärtel <martin.partel@gmail.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Al Viro [Wed, 23 May 2012 04:25:15 +0000 (00:25 -0400)]
um: pull interrupt_end() into userspace()
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Richard Weinberger <richard@nod.at>
Al Viro [Wed, 23 May 2012 04:18:33 +0000 (00:18 -0400)]
um: split syscall_trace(), pass pt_regs to it
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
[richard@nod.at: Fixed some minor build issues]
Signed-off-by: Richard Weinberger <richard@nod.at>
Al Viro [Wed, 23 May 2012 01:16:35 +0000 (21:16 -0400)]
um: switch UPT_SET_RETURN_VALUE and regs_return_value to pt_regs
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Richard Weinberger <richard@nod.at>
Johannes Berg [Wed, 1 Aug 2012 19:03:21 +0000 (21:03 +0200)]
mac80211: cancel mesh path timer
The mesh path timer needs to be canceled when
leaving the mesh as otherwise it could fire
after the interface has been removed already.
Cc: stable@vger.kernel.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Wed, 1 Aug 2012 18:54:52 +0000 (20:54 +0200)]
mac80211: clear timer bits when disconnecting
There's a corner case that can happen when we
suspend with a timer running, then resume and
disconnect. If we connect again, suspend and
resume we might start timers that shouldn't be
running. Reset the timer flags to avoid this.
This affects both mesh and managed modes.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Linus Torvalds [Wed, 1 Aug 2012 17:45:12 +0000 (10:45 -0700)]
Merge tag 'fbdev-updates-for-3.6' of git://github.com/schandinat/linux-2.6
Pull fbdev updates from Florian Tobias Schandinat:
- large updates for OMAP
- support for LCD3 overlay manager (omap5)
- omapdss output cleanup
- removal of passive matrix LCD support as there are no drivers for
such panels for DSS or DSS2 and nobody complained (cleanup)
- large updates for SH Mobile
- overlay support
- separating MERAM (cache) from framebuffer driver
- some updates for Exynos and da8xx-fb
- various other small patches
* tag 'fbdev-updates-for-3.6' of git://github.com/schandinat/linux-2.6: (78 commits)
da8xx-fb: fix compile issue due to missing include
fbdev: Make pixel_to_pat() failure mode more friendly
da8xx-fb: do not turn ON LCD backlight unless LCDC is enabled
fbdev: sh_mobile_lcdc: Fix vertical panning step
video: exynos mipi dsi: Fix mipi dsi regulators handling issue
video: da8xx-fb: do clock reset of revision 2 LCDC before enabling
arm: da850: configure LCDC fifo threshold
video: da8xx-fb: configure FIFO threshold to reduce underflow errors
video: da8xx-fb: fix flicker due to 1 frame delay in updated frame
video: da8xx-fb rev2: fix disabling of palette completion interrupt
da8xx-fb: add missing FB_BLANK operations
video: exynos_dp: use usleep_range instead of delay
video: exynos_dp: check the only INTERLANE_ALIGN_DONE bit during Link Training
fb: epson1355fb: Fix section mismatch
video: exynos_dp: fix wrong DPCD address during Link Training
video/smscufx: fix line counting in fb_write
aty128fb: Fix coding style issues
fbdev: sh_mobile_lcdc: Fix pan offset computation in YUV mode
fbdev: sh_mobile_lcdc: Fix overlay registers update during pan operation
fbdev: sh_mobile_lcdc: Support horizontal panning
...
Linus Torvalds [Wed, 1 Aug 2012 17:42:26 +0000 (10:42 -0700)]
Merge tag 'sound-3.6' of git://git./linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
"A collection of small fixes that have been found recently. Most of
the commits are regression fixes in HD-audio and some other random
drivers."
* tag 'sound-3.6' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ALSA: snd-usb: fix clock source validity index
ALSA: hda - Fix mute-LED GPIO initialization for IDT codecs
ALSA: hda - Add descriptions for missing IDT 92HD83x models
ALSA: hda - Fix polarity of mute LED on HP Mini 210
ALSA: es1688 - freeup resources on init failure
ALSA: hda - Workaround for silent output on VAIO Z with ALC889
ALSA: hda - Fix WARNING from HDMI/DP parser
ALSA: hda - Detach from converter at closing in patch_hdmi.c
ALSA: hda - Fix mute-LED GPIO setup for HP Mini 210
ALSA: mpu401: Fix missing initialization of irq field
ALSA: hda - Fix invalid D3 of headphone DAC on VT202x codecs
Linus Torvalds [Wed, 1 Aug 2012 17:26:23 +0000 (10:26 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/viro/vfs
Pull second vfs pile from Al Viro:
"The stuff in there: fsfreeze deadlock fixes by Jan (essentially, the
deadlock reproduced by xfstests 068), symlink and hardlink restriction
patches, plus assorted cleanups and fixes.
Note that another fsfreeze deadlock (emergency thaw one) is *not*
dealt with - the series by Fernando conflicts a lot with Jan's, breaks
userland ABI (FIFREEZE semantics gets changed) and trades the deadlock
for massive vfsmount leak; this is going to be handled next cycle.
There probably will be another pull request, but that stuff won't be
in it."
Fix up trivial conflicts due to unrelated changes next to each other in
drivers/{staging/gdm72xx/usb_boot.c, usb/gadget/storage_common.c}
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (54 commits)
delousing target_core_file a bit
Documentation: Correct s_umount state for freeze_fs/unfreeze_fs
fs: Remove old freezing mechanism
ext2: Implement freezing
btrfs: Convert to new freezing mechanism
nilfs2: Convert to new freezing mechanism
ntfs: Convert to new freezing mechanism
fuse: Convert to new freezing mechanism
gfs2: Convert to new freezing mechanism
ocfs2: Convert to new freezing mechanism
xfs: Convert to new freezing code
ext4: Convert to new freezing mechanism
fs: Protect write paths by sb_start_write - sb_end_write
fs: Skip atime update on frozen filesystem
fs: Add freezing handling to mnt_want_write() / mnt_drop_write()
fs: Improve filesystem freezing handling
switch the protection of percpu_counter list to spinlock
nfsd: Push mnt_want_write() outside of i_mutex
btrfs: Push mnt_want_write() outside of i_mutex
fat: Push mnt_want_write() outside of i_mutex
...
Ralf Baechle [Wed, 1 Aug 2012 15:15:32 +0000 (17:15 +0200)]
MIPS: Loongson 2: Sort out clock managment.
For unexplainable reasons the Loongson 2 clock API was implemented in a
module so fixing this involved shifting large amounts of code around.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>