sysmocom
/
openwrt
11
0
Fork 0
Code Pull Requests Releases Activity

mac80211: merge a few pending upstream fixes 

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

Backport of r43208

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@43209 3c298f89-4303-0410-b956-a3cf2f4a3e73
This commit is contained in:
nbd 2014-11-07 11:17:41 +00:00
parent d82bd85656
commit 2a003f0bbb
10 changed files with 161 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

145
package/kernel/mac80211/patches/300-pending_work.patch
View File

@ -1,3 +1,64 @@
commit 77980bee5f1f743b46f8749185aca28b8ec69741
Author: Johannes Berg <johannes.berg@intel.com>
Date: Mon Nov 3 14:29:09 2014 +0100
mac80211: fix use-after-free in defragmentation
Upon receiving the last fragment, all but the first fragment
are freed, but the multicast check for statistics at the end
of the function refers to the current skb (the last fragment)
causing a use-after-free bug.
Since multicast frames cannot be fragmented and we check for
this early in the function, just modify that check to also
do the accounting to fix the issue.
Cc: stable@vger.kernel.org
Reported-by: Yosef Khyal <yosefx.khyal@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
commit e252be2d718dada0abd72208a44b9f1b63919883
Author: Hauke Mehrtens <hauke@hauke-m.de>
Date: Wed Nov 5 23:31:07 2014 +0100
b43: fix NULL pointer dereference in b43_phy_copy()
phy_read and phy_write are not set for every phy any more sine this:
commit d342b95dd735014a590f9051b1ba227eb54ca8f6
Author: RafaÅ MiÅecki <zajec5@gmail.com>
Date: Thu Jul 31 21:59:43 2014 +0200
b43: don't duplicate common PHY read/write ops
b43_phy_copy() accesses phy_read and phy_write directly and will fail
with some phys. This patch fixes the regression by using the
b43_phy_read() and b43_phy_write() functions which should be used for
read and write access.
This should fix this bug report:
https://bugzilla.kernel.org/show_bug.cgi?id=87731
Reported-by: Volker Kempter <v.kempter@pe.tu-clausthal.de>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
commit ddf93ad61cb009ed05ff2547923fb269a3604408
Author: Miaoqing Pan <miaoqing@qca.qualcomm.com>
Date: Thu Nov 6 10:52:23 2014 +0530
ath9k: Fix RTC_DERIVED_CLK usage
Based on the reference clock, which could be 25MHz or 40MHz,
AR_RTC_DERIVED_CLK is programmed differently for AR9340 and AR9550.
But, when a chip reset is done, processing the initvals
sets the register back to the default value.
Fix this by moving the code in ath9k_hw_init_pll() to
ar9003_hw_override_ini(). Also, do this override for AR9531.
Cc: stable@vger.kernel.org
Signed-off-by: Miaoqing Pan <miaoqing@qca.qualcomm.com>
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
commit 536b05e91ac2715942f792184c26beb43dbaa522
Author: Felix Fietkau <nbd@openwrt.org>
Date: Mon Oct 27 11:50:28 2014 +0100
@ -1000,6 +1061,36 @@ Date: Mon May 19 21:20:49 2014 +0200
ieee80211_sta_ps_deliver_wakeup(sta);
}
@@ -1646,11 +1648,14 @@ ieee80211_rx_h_defragment(struct ieee802
sc = le16_to_cpu(hdr->seq_ctrl);
frag = sc & IEEE80211_SCTL_FRAG;
- if (likely((!ieee80211_has_morefrags(fc) && frag == 0) ||
- is_multicast_ether_addr(hdr->addr1))) {
- /* not fragmented */
+ if (likely(!ieee80211_has_morefrags(fc) && frag == 0))
+ goto out;
+
+ if (is_multicast_ether_addr(hdr->addr1)) {
+ rx->local->dot11MulticastReceivedFrameCount++;
goto out;
}
+
I802_DEBUG_INC(rx->local->rx_handlers_fragments);
if (skb_linearize(rx->skb))
@@ -1743,10 +1748,7 @@ ieee80211_rx_h_defragment(struct ieee802
out:
if (rx->sta)
rx->sta->rx_packets++;
- if (is_multicast_ether_addr(hdr->addr1))
- rx->local->dot11MulticastReceivedFrameCount++;
- else
- ieee80211_led_rx(rx->local);
+ ieee80211_led_rx(rx->local);
return RX_CONTINUE;
}
--- a/net/mac80211/sta_info.h
+++ b/net/mac80211/sta_info.h
@@ -82,6 +82,7 @@ enum ieee80211_sta_info_flags {
@ -3255,7 +3346,27 @@ Date: Mon May 19 21:20:49 2014 +0200
static u32 ar9003_hw_compute_pll_control(struct ath_hw *ah,
struct ath9k_channel *chan)
{
@@ -1779,7 +1796,12 @@ void ar9003_hw_attach_phy_ops(struct ath
@@ -647,6 +664,19 @@ static void ar9003_hw_override_ini(struc
ah->enabled_cals |= TX_CL_CAL;
else
ah->enabled_cals &= ~TX_CL_CAL;
+
+ if (AR_SREV_9340(ah) || AR_SREV_9531(ah) || AR_SREV_9550(ah)) {
+ if (ah->is_clk_25mhz) {
+ REG_WRITE(ah, AR_RTC_DERIVED_CLK, 0x17c << 1);
+ REG_WRITE(ah, AR_SLP32_MODE, 0x0010f3d7);
+ REG_WRITE(ah, AR_SLP32_INC, 0x0001e7ae);
+ } else {
+ REG_WRITE(ah, AR_RTC_DERIVED_CLK, 0x261 << 1);
+ REG_WRITE(ah, AR_SLP32_MODE, 0x0010f400);
+ REG_WRITE(ah, AR_SLP32_INC, 0x0001e800);
+ }
+ udelay(100);
+ }
}
static void ar9003_hw_prog_ini(struct ath_hw *ah,
@@ -1779,7 +1809,12 @@ void ar9003_hw_attach_phy_ops(struct ath
priv_ops->rf_set_freq = ar9003_hw_set_channel;
priv_ops->spur_mitigate_freq = ar9003_hw_spur_mitigate;
@ -3308,6 +3419,26 @@ Date: Mon May 19 21:20:49 2014 +0200
if (AR_SREV_9565(ah))
pll |= 0x40000;
REG_WRITE(ah, AR_RTC_PLL_CONTROL, pll);
@@ -858,19 +861,6 @@ static void ath9k_hw_init_pll(struct ath
udelay(RTC_PLL_SETTLE_DELAY);
REG_WRITE(ah, AR_RTC_SLEEP_CLK, AR_RTC_FORCE_DERIVED_CLK);
-
- if (AR_SREV_9340(ah) || AR_SREV_9550(ah)) {
- if (ah->is_clk_25mhz) {
- REG_WRITE(ah, AR_RTC_DERIVED_CLK, 0x17c << 1);
- REG_WRITE(ah, AR_SLP32_MODE, 0x0010f3d7);
- REG_WRITE(ah, AR_SLP32_INC, 0x0001e7ae);
- } else {
- REG_WRITE(ah, AR_RTC_DERIVED_CLK, 0x261 << 1);
- REG_WRITE(ah, AR_SLP32_MODE, 0x0010f400);
- REG_WRITE(ah, AR_SLP32_INC, 0x0001e800);
- }
- udelay(100);
- }
}
static void ath9k_hw_init_interrupt_masks(struct ath_hw *ah,
--- a/drivers/net/wireless/ath/ath9k/reg.h
+++ b/drivers/net/wireless/ath/ath9k/reg.h
@@ -1236,12 +1236,23 @@ enum {
@ -3352,3 +3483,15 @@ Date: Mon May 19 21:20:49 2014 +0200
}
EXPORT_SYMBOL(ath9k_cmn_update_txpow);
--- a/drivers/net/wireless/b43/phy_common.c
+++ b/drivers/net/wireless/b43/phy_common.c
@@ -276,8 +276,7 @@ void b43_phy_write(struct b43_wldev *dev
void b43_phy_copy(struct b43_wldev *dev, u16 destreg, u16 srcreg)
{
assert_mac_suspended(dev);
- dev->phy.ops->phy_write(dev, destreg,
- dev->phy.ops->phy_read(dev, srcreg));
+ b43_phy_write(dev, destreg, b43_phy_read(dev, srcreg));
}
void b43_phy_mask(struct b43_wldev *dev, u16 offset, u16 mask)

2
package/kernel/mac80211/patches/310-ap_scan.patch
View File

@ -1,6 +1,6 @@
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -1903,7 +1903,7 @@ static int ieee80211_scan(struct wiphy *
@@ -1902,7 +1902,7 @@ static int ieee80211_scan(struct wiphy *
* the frames sent while scanning on other channel will be
* lost)
*/

2
package/kernel/mac80211/patches/523-ath9k_use_configured_antenna_gain.patch
View File

@ -10,7 +10,7 @@
--- a/drivers/net/wireless/ath/ath9k/hw.c
+++ b/drivers/net/wireless/ath/ath9k/hw.c
@@ -2724,7 +2724,7 @@ void ath9k_hw_apply_txpower(struct ath_h
@@ -2711,7 +2711,7 @@ void ath9k_hw_apply_txpower(struct ath_h
channel = chan->chan;
chan_pwr = min_t(int, channel->max_power * 2, MAX_RATE_POWER);
new_pwr = min_t(int, chan_pwr, reg->power_limit);

4
package/kernel/mac80211/patches/542-ath9k_debugfs_diag.patch
View File

@ -94,7 +94,7 @@
struct ath_gen_timer *ath_gen_timer_alloc(struct ath_hw *ah,
--- a/drivers/net/wireless/ath/ath9k/hw.c
+++ b/drivers/net/wireless/ath/ath9k/hw.c
@@ -1738,6 +1738,20 @@ fail:
@@ -1725,6 +1725,20 @@ fail:
return -EINVAL;
}
@ -115,7 +115,7 @@
int ath9k_hw_reset(struct ath_hw *ah, struct ath9k_channel *chan,
struct ath9k_hw_cal_data *caldata, bool fastcc)
{
@@ -1943,6 +1957,7 @@ int ath9k_hw_reset(struct ath_hw *ah, st
@@ -1930,6 +1944,7 @@ int ath9k_hw_reset(struct ath_hw *ah, st
ar9003_hw_disable_phy_restart(ah);
ath9k_hw_apply_gpio_override(ah);

2
package/kernel/mac80211/patches/543-ath9k-allow-to-disable-bands-via-platform-data.patch
View File

@ -11,7 +11,7 @@
int (*external_reset)(void);
--- a/drivers/net/wireless/ath/ath9k/hw.c
+++ b/drivers/net/wireless/ath/ath9k/hw.c
@@ -2331,17 +2331,25 @@ int ath9k_hw_fill_cap_info(struct ath_hw
@@ -2318,17 +2318,25 @@ int ath9k_hw_fill_cap_info(struct ath_hw
}
eeval = ah->eep_ops->get_eeprom(ah, EEP_OP_MODE);

4
package/kernel/mac80211/patches/550-ath9k_entropy_from_adc.patch
View File

@ -18,7 +18,7 @@
void (*spectral_scan_trigger)(struct ath_hw *ah);
--- a/drivers/net/wireless/ath/ath9k/ar9003_phy.c
+++ b/drivers/net/wireless/ath/ath9k/ar9003_phy.c
@@ -1781,6 +1781,26 @@ static void ar9003_hw_tx99_set_txpower(s
@@ -1794,6 +1794,26 @@ static void ar9003_hw_tx99_set_txpower(s
ATH9K_POW_SM(p_pwr_array[ALL_TARGET_HT40_14], 0));
}
@ -45,7 +45,7 @@
void ar9003_hw_attach_phy_ops(struct ath_hw *ah)
{
struct ath_hw_private_ops *priv_ops = ath9k_hw_private_ops(ah);
@@ -1816,6 +1836,7 @@ void ar9003_hw_attach_phy_ops(struct ath
@@ -1829,6 +1849,7 @@ void ar9003_hw_attach_phy_ops(struct ath
priv_ops->set_radar_params = ar9003_hw_set_radar_params;
priv_ops->fast_chan_change = ar9003_hw_fast_chan_change;

8
package/kernel/mac80211/patches/551-ath9k-ar933x-usb-hang-workaround.patch
View File

@ -20,7 +20,7 @@
/******************/
/* Chip Revisions */
/******************/
@@ -1340,6 +1353,9 @@ static bool ath9k_hw_set_reset(struct at
@@ -1327,6 +1340,9 @@ static bool ath9k_hw_set_reset(struct at
if (AR_SREV_9100(ah))
udelay(50);
@ -30,7 +30,7 @@
return true;
}
@@ -1439,6 +1455,9 @@ static bool ath9k_hw_chip_reset(struct a
@@ -1426,6 +1442,9 @@ static bool ath9k_hw_chip_reset(struct a
ar9003_hw_internal_regulator_apply(ah);
ath9k_hw_init_pll(ah, chan);
@ -40,7 +40,7 @@
return true;
}
@@ -1733,8 +1752,14 @@ static int ath9k_hw_do_fastcc(struct ath
@@ -1720,8 +1739,14 @@ static int ath9k_hw_do_fastcc(struct ath
if (AR_SREV_9271(ah))
ar9002_hw_load_ani_reg(ah, chan);
@ -55,7 +55,7 @@
return -EINVAL;
}
@@ -1962,6 +1987,9 @@ int ath9k_hw_reset(struct ath_hw *ah, st
@@ -1949,6 +1974,9 @@ int ath9k_hw_reset(struct ath_hw *ah, st
if (AR_SREV_9565(ah) && common->bt_ant_diversity)
REG_SET_BIT(ah, AR_BTCOEX_WL_LNADIV, AR_BTCOEX_WL_LNADIV_FORCE_ON);

4
package/kernel/mac80211/patches/562-ath9k_ani_ws_detect.patch
View File

@ -79,7 +79,7 @@
/**
* ar9003_hw_set_channel - set channel on single-chip device
* @ah: atheros hardware structure
@@ -971,11 +957,6 @@ static bool ar9003_hw_ani_control(struct
@@ -984,11 +970,6 @@ static bool ar9003_hw_ani_control(struct
struct ath_common *common = ath9k_hw_common(ah);
struct ath9k_channel *chan = ah->curchan;
struct ar5416AniState *aniState = &ah->ani;
@ -91,7 +91,7 @@
s32 value, value2;
switch (cmd & ah->ani_function) {
@@ -989,61 +970,6 @@ static bool ar9003_hw_ani_control(struct
@@ -1002,61 +983,6 @@ static bool ar9003_hw_ani_control(struct
*/
u32 on = param ? 1 : 0;

2
package/kernel/mac80211/patches/567-ath9k_fix_init_nfcal.patch
View File

@ -10,7 +10,7 @@
set_bit(NFCAL_PENDING, &ah->caldata->cal_flags);
--- a/drivers/net/wireless/ath/ath9k/hw.c
+++ b/drivers/net/wireless/ath/ath9k/hw.c
@@ -1972,8 +1972,10 @@ int ath9k_hw_reset(struct ath_hw *ah, st
@@ -1959,8 +1959,10 @@ int ath9k_hw_reset(struct ath_hw *ah, st
if (ath9k_hw_mci_is_enabled(ah))
ar9003_mci_check_bt(ah);

6
package/kernel/mac80211/patches/800-b43-backports-form-wireless-testing-master-master-20.patch
View File

@ -817,7 +817,7 @@ This brings b43 up to wireless-testing/master master-2014-07-29-1
if (ops->exit)
ops->exit(dev);
}
@@ -403,9 +411,6 @@ int b43_switch_channel(struct b43_wldev
@@ -402,9 +410,6 @@ int b43_switch_channel(struct b43_wldev
u16 channelcookie, savedcookie;
int err;
@ -827,7 +827,7 @@ This brings b43 up to wireless-testing/master master-2014-07-29-1
/* First we set the channel radio code to prevent the
* firmware from sending ghost packets.
*/
@@ -423,7 +428,6 @@ int b43_switch_channel(struct b43_wldev
@@ -422,7 +427,6 @@ int b43_switch_channel(struct b43_wldev
if (err)
goto err_restore_cookie;
@ -835,7 +835,7 @@ This brings b43 up to wireless-testing/master master-2014-07-29-1
/* Wait for the radio to tune to the channel and stabilize. */
msleep(8);
@@ -542,10 +546,9 @@ void b43_phyop_switch_analog_generic(str
@@ -541,10 +545,9 @@ void b43_phyop_switch_analog_generic(str
}