Johan Hedberg [Thu, 28 Apr 2011 18:29:04 +0000 (11:29 -0700)]
Bluetooth: Fix updating conn->auth_type in hci_io_capa_request_evt
In some circumstances hci_get_auth_req will return a value different
from the current conn->auth_type. In these cases update conn->auth_type
so that when a user confirm request comes it doesn't falsely trigger
auto-accept.
Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Johan Hedberg [Thu, 28 Apr 2011 18:29:03 +0000 (11:29 -0700)]
Bluetooth: Add store_hint parameter to mgmt_new_key
Even for keys that shouldn't be stored some use cases require the
knowledge of a new key having been created so that the conclusion of a
successful pairing can be made. Therefore, always send the mgmt_new_key
event but add a store_hint parameter to it to indicate to user space
whether the key should be stored or not.
Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Johan Hedberg [Thu, 28 Apr 2011 18:29:01 +0000 (11:29 -0700)]
Bluetooth: Fix connection key type updating for buggy controllers
If a controller generates a changed combination key as its first key the
connection key type will not be correctly set. In these situations make
sure the update the connection key type when such a buggy controller is
detected.
Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Johan Hedberg [Thu, 28 Apr 2011 18:29:00 +0000 (11:29 -0700)]
Bluetooth: Fix old_key_type logic for non-persistent keys
Even if there's no previous key stored the connection might still be
secured with a non-persistent key and in that case the key type in the
hci_conn struct should be checked.
Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Johan Hedberg [Thu, 28 Apr 2011 18:28:59 +0000 (11:28 -0700)]
Bluetooth: Fix link key persistent storage criteria
Link keys should only be stored if very specific criteria of the
authentication process are fulfilled. This patch essentially copies the
criteria that user space has so far been using to the kernel side so
that the management interface works properly.
Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Johan Hedberg [Thu, 28 Apr 2011 18:28:56 +0000 (11:28 -0700)]
Bluetooth: Add confirm_hint parameter to user confirmation requests
When accepting a pairing request which fulfills the SSP auto-accept
criteria we need to push the request all the way to the user for
confirmation. This patch adds a new hint to the user_confirm_request
management event so user space can know when to show a numeric
comparison dialog and when to show a simple yes/no confirmation dialog.
Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Johan Hedberg [Thu, 28 Apr 2011 18:28:54 +0000 (11:28 -0700)]
Bluetooth: Add variable SSP auto-accept delay support
Some test systems require an arbitrary delay to the auto-accept test
cases for Secure Simple Pairing in order for the tests to pass.
Previously when this was handled in user space it was worked around by
code modifications and recompilation, but now that it's on the kernel
side it's more convenient if there's a debugfs interface for it.
Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Johan Hedberg [Thu, 28 Apr 2011 18:28:53 +0000 (11:28 -0700)]
Bluetooth: Add automated SSP user confirmation responses
This patch adds automated negative and positive (auto-accept) responses
for Secure Simple Pairing user confirmation requests. The responses are
only sent if the HCI_MGMT flag is set in order not to confuse older user
space versions (without management interface support).
Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Bluetooth: Ignore key unauthenticated for high security
High security level for pre v2.1 devices requires combination link key
authenticated by at least 16 digit PIN code.
It's also necessary to update key_type and pin_length when the key
exists and is sufficently secured for the connection as there will be
no link key notify event in that case.
Signed-off-by: Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Keep the link key type together with connection and use it to
map security level to link key requirements. Authenticate and/or
encrypt connection if the link is insufficiently secure.
Signed-off-by: Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
If authentication fails the security level should stay as it was set
before the process has started. Setting BT_SECURITY_LOW can hide real
security level on a link eg. having BT_SECURITY_MEDIUM on the link,
re-authenticate with failure to get BT_SECURITY_HIGH, as a result we
get BT_SECURITY_LOW on the link while the real security is still medium.
Signed-off-by: Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Johan Hedberg [Wed, 27 Apr 2011 14:29:57 +0000 (10:29 -0400)]
Bluetooth: Add discovering event to the Management interface
This patch adds a new event to the Management interface to track when
local adapters are discovering remote devices. For now this only tracks
BR/EDR discovery procedures.
Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com> Signed-off-by: Anderson Briglia <anderson.briglia@openbossa.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Johan Hedberg [Wed, 27 Apr 2011 14:29:56 +0000 (10:29 -0400)]
Bluetooth: Add basic discovery commands to the management interface
This patch adds start_discovery and stop_discovery commands to the
management interface. Right now their implementation is fairly
simplistic and the parameters are fixed to what user space has
defaulted to so far.
This is the very initial phase for discovery implementation into
the kernel. Next steps include name resolution, LE scanning and
bdaddr type handling.
Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com> Signed-off-by: Anderson Briglia <anderson.briglia@openbossa.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
If the allocation happens at l2cap_sock_create() will be able to use the
struct l2cap_chan to store channel info that comes from the user via
setsockopt.
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
iwlwifi: sanity check before counting number of tfds can be free
we use skb->data after calling ieee80211_tx_status_irqsafe(), which
could free skb instantly.
On current kernels I do not observe practical problems related with
bug, but on 2.6.35.y it cause random system hangs when stressing
wireless link, making bisection of other problems impossible.
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Johannes Berg [Tue, 19 Apr 2011 18:44:04 +0000 (20:44 +0200)]
mac80211: fix SMPS debugfs locking
The locking with SMPS requests means that the
debugs file should lock the mgd mutex, not the
iflist mutex. Calls to __ieee80211_request_smps()
need to hold that mutex, so add an assertion.
This has always been wrong, but for some reason
never been noticed, probably because the locking
error only happens while unassociated.
Cc: stable@kernel.org [2.6.34+] Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Felix Fietkau [Thu, 14 Apr 2011 22:41:43 +0000 (00:41 +0200)]
ath9k: fix the return value of ath_stoprecv
The patch 'ath9k_hw: fix stopping rx DMA during resets' added code to detect
a condition where rx DMA was stopped, but the MAC failed to enter the idle
state. This condition requires a hardware reset, however the return value
of ath_stoprecv was 'true' in that case, which allowed it to skip the reset
when issuing a fast channel change.
Signed-off-by: Felix Fietkau <nbd@openwrt.org> Reported-by: Paul Stewart <pstew@google.com> Cc: stable@kernel.org Signed-off-by: John W. Linville <linville@tuxdriver.com>
shutdown should wait for SCO link to be properly disconnected before
detroying the socket, otherwise an application using the socket may
assume link is properly disconnected before it really happens which
can be a problem when e.g synchronizing profile switch.
Signed-off-by: Luiz Augusto von Dentz <luiz.dentz-von@nokia.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
In the teardown path the reset command is sent to the controller,
this event causes the command timer to be reactivated.
So the timer is removed in two situations, when the adapter isn't
marked as UP and when we know that some command has been sent.
Reported-by: Keith Packard <keithp@keithp.com> Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Ville Tervo [Thu, 7 Apr 2011 11:59:50 +0000 (14:59 +0300)]
Bluetooth: Fix refcount balance for hci connection
hci_io_capa_reply_evt() holds reference for hciconnection. It's useless since
hci_io_capa_request_evt()/hci_simple_pair_complete_evt() already protects the
connection. In addition it leaves connection open after failed SSP pairing.
Signed-off-by: Ville Tervo <ville.tervo@nokia.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Daniel Halperin [Wed, 6 Apr 2011 19:47:25 +0000 (12:47 -0700)]
iwlwifi: fix frame injection for HT channels
For some reason, sending QoS configuration causes transmission to stop
after a single frame on HT channels when not associated. Removing the
extra QoS configuration has no effect on station mode, and fixes
injection mode.
Signed-off-by: Daniel Halperin <dhalperi@cs.washington.edu> Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
if maximum tx power read from the eeprom is smaller than default.
In consequence card is unable to initialize properly. Fix the problem
and cleanup tx power initialization.
Reported-and-tested-by: Robin Dong <hao.bigrat@gmail.com> Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Bluetooth: Fix Out Of Band pairing when mgmt interface is disabled
Use kernel stored remote Out Of Band data only if management interface
is enabled. Otherwise HCI_OP_REMOTE_OOB_DATA_NEG_REPLY was sent to
controller even if remote Out Of Band data was present in bluetoothd.
Signed-off-by: Szymon Janc <szymon.janc@tieto.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Pass the correct module name and device interface so that
ethtool can display the proper values.
The firmware version will be fixed later on when the FW
can actually report a version. :)
Reported-by: Richard Farina <sidhayn@gmail.com> Signed-off-by: Sujith Manoharan <Sujith.Manoharan@atheros.com> Tested-by: Richard Farina <sidhayn@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Felix Fietkau [Fri, 8 Apr 2011 18:13:18 +0000 (20:13 +0200)]
ath9k_hw: fix stopping rx DMA during resets
During PHY errors, the MAC can sometimes fail to enter an idle state on older
hardware (before AR9380) after an rx stop has been requested.
This typically shows up in the kernel log with messages like these:
ath: Could not stop RX, we could be confusing the DMA engine when we start RX up
------------[ cut here ]------------
WARNING: at drivers/net/wireless/ath/ath9k/recv.c:504 ath_stoprecv+0xcc/0xf0 [ath9k]()
Call Trace:
[<8023f0e8>] dump_stack+0x8/0x34
[<80075050>] warn_slowpath_common+0x78/0xa4
[<80075094>] warn_slowpath_null+0x18/0x24
[<80d66d60>] ath_stoprecv+0xcc/0xf0 [ath9k]
[<80d642cc>] ath_set_channel+0xbc/0x270 [ath9k]
[<80d65254>] ath_radio_disable+0x4a4/0x7fc [ath9k]
When this happens, the state that the MAC enters is easy to identify and
does not result in bogus DMA traffic, however to ensure a working state
after a channel change, the hardware should still be reset.
This patch adds detection for this specific MAC state, after which the above
warnings completely disappear in my tests.
Signed-off-by: Felix Fietkau <nbd@openwrt.org> Cc: stable@kernel.org Cc: Kyungwan Nam <Kyungwan.Nam@Atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
John W. Linville [Mon, 11 Apr 2011 17:02:06 +0000 (13:02 -0400)]
iwlegacy: make iwl3945 and iwl4965 select IWLWIFI_LEGACY
Otherwise, IWLWIFI_LEGACY has to be selected independently before the
drivers are made available.
Reported-by: Dave Airlie <airlied@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com> Cc: Stanislaw Gruszka <sgruszka@redhat.com> Cc: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Jason Conti [Thu, 7 Apr 2011 19:09:57 +0000 (21:09 +0200)]
p54: Initialize extra_len in p54_tx_80211
This patch fixes a very serious off-by-one bug in
the driver, which could leave the device in an
unresponsive state.
The problem was that the extra_len variable [used to
reserve extra scratch buffer space for the firmware]
was left uninitialized. Because p54_assign_address
later needs the value to reserve additional space,
the resulting frame could be to big for the small
device's memory window and everything would
immediately come to a grinding halt.
Reference: https://bugs.launchpad.net/bugs/722185
Cc: <stable@kernel.org> Acked-by: Christian Lamparter <chunkeey@googlemail.com> Signed-off-by: Jason Conti <jason.conti@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
This is part of "moving things to l2cap_chan". As one the first move it
triggered a big number of changes in the funcions parameters, basically
changing the struct sock param to struct l2cap_chan.
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
struct l2cap_chan cames to create a clear separation between what
properties and data belongs to the L2CAP channel and what belongs to the
socket. By now we just fold the struct sock * in struct l2cap_chan as all
the channel info is struct l2cap_pinfo today.
In the next commits we will see a move of channel stuff to struct
l2cap_chan.
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Joe Culler reported a problem with his AR9170 device:
> ath: EEPROM regdomain: 0x5c
> ath: EEPROM indicates we should expect a direct regpair map
> ath: invalid regulatory domain/country code 0x5c
> ath: Invalid EEPROM contents
It turned out that the regdomain 'APL7_FCCA' was not mapped yet.
According to Luis R. Rodriguez [Atheros' engineer] APL7 maps to
FCC_CTL and FCCA maps to FCC_CTL as well, so the attached patch
should be correct.
Cc: <stable@kernel.org> Reported-by: Joe Culler <joe.culler@gmail.com> Acked-by: Luis R. Rodriguez <lrodriguez@atheros.com> Signed-off-by: Christian Lamparter <chunkeey@googlemail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Brian Cavagnolo [Wed, 6 Apr 2011 08:48:46 +0000 (14:18 +0530)]
mwl8k: do not free unrequested irq
When the mwl8k driver attempts and fails to switch from sta to ap
firmware (or vice-versa) in the mwl8k_add_interface routine, the
mwl8k_stop routine will be called. This routine must not attempt
to free the irq if it was not requested.
Signed-off-by: Brian Cavagnolo <brian@cozybit.com> Signed-off-by: Nishant Sarmukadam <nishants@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Johannes Berg [Tue, 5 Apr 2011 15:55:05 +0000 (08:55 -0700)]
iwlagn: override 5300 EEPROM # of chains
At least EEPROM version 0x11A has the wrong
number of chains programmed into it for some
reason, so we need to override in the driver.
Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Johan Hedberg [Wed, 30 Mar 2011 20:57:16 +0000 (23:57 +0300)]
Bluetooth: Add mgmt_device_found event
This patch adds a device_found event to the Management interface. For
now the event only maps to BR/EDR inquiry result HCI events, but in the
future the plan is to also use it for the LE device discovery process.
Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
{rx,tx}done_work's are only initialized for usb devices.
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com> Cc: stable@kernel.org Acked-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Larry Finger [Sat, 2 Apr 2011 23:10:22 +0000 (18:10 -0500)]
rtlwifi: Fix some warnings/bugs
Some compiler/architecture combinations generate some warnings that are
not seen on my main system. Two of the "warnings" about unitialized variables
are really bugs.
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Cc: <stable@kernel.org> Reported-by: Mark Davis [via p54/devices wiki] Signed-off-by: Christian Lamparter <chunkeey@googlemail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
wl12xx: fix potential buffer overflow in testmode nvs push
We were allocating the size of the NVS file struct and not checking
whether the length of the buffer passed was correct before copying it
into the allocated memory. This is a security hole because buffer
overflows can occur if the userspace passes a bigger file than what is
expected.
With this patch, we check if the size of the data passed from
userspace matches the size required.
This bug was introduced in 2.6.36.
Cc: stable@kernel.org Reported-by: Ido Yariv <ido@wizery.com> Signed-off-by: Luciano Coelho <coelho@ti.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Jussi Kivilinna [Fri, 1 Apr 2011 16:34:08 +0000 (19:34 +0300)]
zd1211rw: remove URB_SHORT_NOT_OK flag in zd_usb_iowrite16v_async()
Patch removes the bogus flag introduced by upstream commit eefdbec1ea8b7093d2c09d1825f68438701723cf. Old code had buffer length check
that new code tried to handle with URB_SHORT_NOT_OK flag. With USB debugging
enabled bogus flag caused usb_submit_urb fail.
Remove URB_SHORT_NOT_OK flag and add buffer length check to urb completion
handler.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=32092 Reported-by: Jonathan Callen <abcd@gentoo.org> Signed-off-by: Jussi Kivilinna <jussi.kivilinna@mbnet.fi> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Helmut Schaa [Fri, 1 Apr 2011 13:46:05 +0000 (15:46 +0200)]
mac80211: Fix duplicate frames on cooked monitor
Cleaning the ieee80211_rx_data.flags field here is wrong, instead the
flags should be valid accross processing the frame on different
interfaces. Fix this by removing the incorrect flags=0 assignment.
The description for buf_size was misleading and
just said you couldn't TX larger aggregates, but
of course you can't TX aggregates in a way that
would exceed the window either, which is possible
even if the aggregates are shorter than that.
Expand the description, thanks to Emmanuel for
explaining this to me.
Cc: Emmanuel Grumbach <egrumbach@gmail.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
ath9k: Fix phy info print message with AR9485 chipset.
The phy information print during driver init time doesn't show
the numeric part of the chip name properly for AR9485. This patch
addresses this issue by adding the string to the respective array.
Signed-off-by: Senthil Balasubramanian <senthilkumar@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Luciano Coelho [Wed, 30 Mar 2011 18:31:39 +0000 (21:31 +0300)]
wl12xx: fix module author's email address in the spi and sdio modules
The MODULE_AUTHOR() macro in the main module (wl12xx) has been updated
to reflect one of the author's new email address, but the wl12xx_spi
and wl12xx_sdio modules haven't been updated. This patches updates
them.
Signed-off-by: Luciano Coelho <coelho@ti.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
projects / mirror_ubuntu-bionic-kernel.git / log