* [PATCH 5/6] mwifiex: fix invalid memory access in mwifiex_update_autoindex_ies()
From: Bing Zhao @ 2013-10-22 22:24 UTC (permalink / raw)
To: linux-wireless
Cc: John W. Linville, Dan Carpenter, Amitkumar Karwar, Avinash Patil,
Nishant Sarmukadam, Frank Huang, Bing Zhao
In-Reply-To: <1382480687-12720-1-git-send-email-bzhao@marvell.com>
From: Amitkumar Karwar <akarwar@marvell.com>
While parsing TLVs, return failure if number of remaining bytes
are less than current tlv length. This avoids invalid memory
access.
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
---
drivers/net/wireless/mwifiex/ie.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/drivers/net/wireless/mwifiex/ie.c b/drivers/net/wireless/mwifiex/ie.c
index 220af4f..81ac001 100644
--- a/drivers/net/wireless/mwifiex/ie.c
+++ b/drivers/net/wireless/mwifiex/ie.c
@@ -82,7 +82,7 @@ mwifiex_update_autoindex_ies(struct mwifiex_private *priv,
struct mwifiex_ie_list *ie_list)
{
u16 travel_len, index, mask;
- s16 input_len;
+ s16 input_len, tlv_len;
struct mwifiex_ie *ie;
u8 *tmp;
@@ -91,11 +91,13 @@ mwifiex_update_autoindex_ies(struct mwifiex_private *priv,
ie_list->len = 0;
- while (input_len > 0) {
+ while (input_len >= sizeof(struct mwifiex_ie_types_header)) {
ie = (struct mwifiex_ie *)(((u8 *)ie_list) + travel_len);
- input_len -= le16_to_cpu(ie->ie_length) + MWIFIEX_IE_HDR_SIZE;
- travel_len += le16_to_cpu(ie->ie_length) + MWIFIEX_IE_HDR_SIZE;
+ tlv_len = le16_to_cpu(ie->ie_length);
+ travel_len += tlv_len + MWIFIEX_IE_HDR_SIZE;
+ if (input_len < tlv_len + MWIFIEX_IE_HDR_SIZE)
+ return -1;
index = le16_to_cpu(ie->ie_index);
mask = le16_to_cpu(ie->mgmt_subtype_mask);
@@ -132,6 +134,7 @@ mwifiex_update_autoindex_ies(struct mwifiex_private *priv,
le16_add_cpu(&ie_list->len,
le16_to_cpu(priv->mgmt_ie[index].ie_length) +
MWIFIEX_IE_HDR_SIZE);
+ input_len -= tlv_len + MWIFIEX_IE_HDR_SIZE;
}
if (GET_BSS_ROLE(priv) == MWIFIEX_BSS_ROLE_UAP)
--
1.8.2.3
^ permalink raw reply related
* [PATCH 6/6] mwifiex: improvements in mwifiex_ret_tx_power_cfg()
From: Bing Zhao @ 2013-10-22 22:24 UTC (permalink / raw)
To: linux-wireless
Cc: John W. Linville, Dan Carpenter, Amitkumar Karwar, Avinash Patil,
Nishant Sarmukadam, Frank Huang, Bing Zhao
In-Reply-To: <1382480687-12720-1-git-send-email-bzhao@marvell.com>
From: Amitkumar Karwar <akarwar@marvell.com>
1) Move common code out of switch case handling
2) Return from the function if number of bytes left in response buffer
are less than tlv size
3) Pass pg_tlv_hdr directly instead of txp_cfg to mwifiex_get_power_level()
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
---
drivers/net/wireless/mwifiex/sta_cmdresp.c | 35 ++++++++++++++----------------
1 file changed, 16 insertions(+), 19 deletions(-)
diff --git a/drivers/net/wireless/mwifiex/sta_cmdresp.c b/drivers/net/wireless/mwifiex/sta_cmdresp.c
index 2675ca7..5511946 100644
--- a/drivers/net/wireless/mwifiex/sta_cmdresp.c
+++ b/drivers/net/wireless/mwifiex/sta_cmdresp.c
@@ -338,8 +338,7 @@ static int mwifiex_get_power_level(struct mwifiex_private *priv, void *data_buf)
if (!data_buf)
return -1;
- pg_tlv_hdr = (struct mwifiex_types_power_group *)
- ((u8 *) data_buf + sizeof(struct host_cmd_ds_txpwr_cfg));
+ pg_tlv_hdr = (struct mwifiex_types_power_group *)((u8 *)data_buf);
pg = (struct mwifiex_power_group *)
((u8 *) pg_tlv_hdr + sizeof(struct mwifiex_types_power_group));
length = le16_to_cpu(pg_tlv_hdr->length);
@@ -383,19 +382,25 @@ static int mwifiex_ret_tx_power_cfg(struct mwifiex_private *priv,
struct mwifiex_types_power_group *pg_tlv_hdr;
struct mwifiex_power_group *pg;
u16 action = le16_to_cpu(txp_cfg->action);
+ u16 tlv_buf_left;
- switch (action) {
- case HostCmd_ACT_GEN_GET:
- pg_tlv_hdr = (struct mwifiex_types_power_group *)
- ((u8 *) txp_cfg +
- sizeof(struct host_cmd_ds_txpwr_cfg));
+ pg_tlv_hdr = (struct mwifiex_types_power_group *)
+ ((u8 *)txp_cfg +
+ sizeof(struct host_cmd_ds_txpwr_cfg));
- pg = (struct mwifiex_power_group *)
- ((u8 *) pg_tlv_hdr +
- sizeof(struct mwifiex_types_power_group));
+ pg = (struct mwifiex_power_group *)
+ ((u8 *)pg_tlv_hdr +
+ sizeof(struct mwifiex_types_power_group));
+ tlv_buf_left = le16_to_cpu(resp->size) - S_DS_GEN - sizeof(*txp_cfg);
+ if (tlv_buf_left <
+ le16_to_cpu(pg_tlv_hdr->length) + sizeof(*pg_tlv_hdr))
+ return 0;
+
+ switch (action) {
+ case HostCmd_ACT_GEN_GET:
if (adapter->hw_status == MWIFIEX_HW_STATUS_INITIALIZING)
- mwifiex_get_power_level(priv, txp_cfg);
+ mwifiex_get_power_level(priv, pg_tlv_hdr);
priv->tx_power_level = (u16) pg->power_min;
break;
@@ -404,14 +409,6 @@ static int mwifiex_ret_tx_power_cfg(struct mwifiex_private *priv,
if (!le32_to_cpu(txp_cfg->mode))
break;
- pg_tlv_hdr = (struct mwifiex_types_power_group *)
- ((u8 *) txp_cfg +
- sizeof(struct host_cmd_ds_txpwr_cfg));
-
- pg = (struct mwifiex_power_group *)
- ((u8 *) pg_tlv_hdr +
- sizeof(struct mwifiex_types_power_group));
-
if (pg->power_max == pg->power_min)
priv->tx_power_level = (u16) pg->power_min;
break;
--
1.8.2.3
^ permalink raw reply related
* [PATCH 0/6] mwifiex: potential integer underflow and invalid mem access
From: Bing Zhao @ 2013-10-22 22:24 UTC (permalink / raw)
To: linux-wireless
Cc: John W. Linville, Dan Carpenter, Amitkumar Karwar, Avinash Patil,
Nishant Sarmukadam, Frank Huang, Bing Zhao
This patch series fixes potential integer underflow and invalid memory access issues reported by Dan Carpenter.
Amitkumar Karwar (5):
mwifiex: replace u16 with __le16 in struct mwifiex_types_power_group
mwifiex: fix invalid memory access in mwifiex_get_power_level()
mwifiex: fix invalid memory access in mwifiex_ret_tx_rate_cfg()
mwifiex: fix invalid memory access in mwifiex_update_autoindex_ies()
mwifiex: improvements in mwifiex_ret_tx_power_cfg()
Dan Carpenter (1):
mwifiex: potential integer underflow in mwifiex_ret_wmm_get_status()
drivers/net/wireless/mwifiex/fw.h | 4 +-
drivers/net/wireless/mwifiex/ie.c | 11 ++--
drivers/net/wireless/mwifiex/sta_cmd.c | 4 +-
drivers/net/wireless/mwifiex/sta_cmdresp.c | 81 +++++++++++++++---------------
drivers/net/wireless/mwifiex/sta_ioctl.c | 5 +-
drivers/net/wireless/mwifiex/wmm.c | 3 ++
6 files changed, 58 insertions(+), 50 deletions(-)
--
1.8.2.3
^ permalink raw reply
* [PATCH 2/6] mwifiex: replace u16 with __le16 in struct mwifiex_types_power_group
From: Bing Zhao @ 2013-10-22 22:24 UTC (permalink / raw)
To: linux-wireless
Cc: John W. Linville, Dan Carpenter, Amitkumar Karwar, Avinash Patil,
Nishant Sarmukadam, Frank Huang, Bing Zhao
In-Reply-To: <1382480687-12720-1-git-send-email-bzhao@marvell.com>
From: Amitkumar Karwar <akarwar@marvell.com>
__le16 to u16 conversion is missing for "pg_tlv_hdr->length"
in mwifiex_get_power_level(). This creates a problem on big
endian machines.
It is resolved by changing definition of the structure
and making required endianness changes.
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
---
drivers/net/wireless/mwifiex/fw.h | 4 ++--
drivers/net/wireless/mwifiex/sta_cmd.c | 4 ++--
drivers/net/wireless/mwifiex/sta_cmdresp.c | 4 ++--
drivers/net/wireless/mwifiex/sta_ioctl.c | 5 +++--
4 files changed, 9 insertions(+), 8 deletions(-)
diff --git a/drivers/net/wireless/mwifiex/fw.h b/drivers/net/wireless/mwifiex/fw.h
index f80f30b..c8385ec 100644
--- a/drivers/net/wireless/mwifiex/fw.h
+++ b/drivers/net/wireless/mwifiex/fw.h
@@ -1020,8 +1020,8 @@ struct mwifiex_power_group {
} __packed;
struct mwifiex_types_power_group {
- u16 type;
- u16 length;
+ __le16 type;
+ __le16 length;
} __packed;
struct host_cmd_ds_txpwr_cfg {
diff --git a/drivers/net/wireless/mwifiex/sta_cmd.c b/drivers/net/wireless/mwifiex/sta_cmd.c
index 7d66018..2181ee2 100644
--- a/drivers/net/wireless/mwifiex/sta_cmd.c
+++ b/drivers/net/wireless/mwifiex/sta_cmd.c
@@ -239,14 +239,14 @@ static int mwifiex_cmd_tx_power_cfg(struct host_cmd_ds_command *cmd,
memmove(cmd_txp_cfg, txp,
sizeof(struct host_cmd_ds_txpwr_cfg) +
sizeof(struct mwifiex_types_power_group) +
- pg_tlv->length);
+ le16_to_cpu(pg_tlv->length));
pg_tlv = (struct mwifiex_types_power_group *) ((u8 *)
cmd_txp_cfg +
sizeof(struct host_cmd_ds_txpwr_cfg));
cmd->size = cpu_to_le16(le16_to_cpu(cmd->size) +
sizeof(struct mwifiex_types_power_group) +
- pg_tlv->length);
+ le16_to_cpu(pg_tlv->length));
} else {
memmove(cmd_txp_cfg, txp, sizeof(*txp));
}
diff --git a/drivers/net/wireless/mwifiex/sta_cmdresp.c b/drivers/net/wireless/mwifiex/sta_cmdresp.c
index 58a6013..bdf50fd 100644
--- a/drivers/net/wireless/mwifiex/sta_cmdresp.c
+++ b/drivers/net/wireless/mwifiex/sta_cmdresp.c
@@ -340,7 +340,7 @@ static int mwifiex_get_power_level(struct mwifiex_private *priv, void *data_buf)
((u8 *) data_buf + sizeof(struct host_cmd_ds_txpwr_cfg));
pg = (struct mwifiex_power_group *)
((u8 *) pg_tlv_hdr + sizeof(struct mwifiex_types_power_group));
- length = pg_tlv_hdr->length;
+ length = le16_to_cpu(pg_tlv_hdr->length);
if (length > 0) {
max_power = pg->power_max;
min_power = pg->power_min;
@@ -356,7 +356,7 @@ static int mwifiex_get_power_level(struct mwifiex_private *priv, void *data_buf)
length -= sizeof(struct mwifiex_power_group);
}
- if (pg_tlv_hdr->length > 0) {
+ if (le16_to_cpu(pg_tlv_hdr->length) > 0) {
priv->min_tx_power_level = (u8) min_power;
priv->max_tx_power_level = (u8) max_power;
}
diff --git a/drivers/net/wireless/mwifiex/sta_ioctl.c b/drivers/net/wireless/mwifiex/sta_ioctl.c
index f084412..c8e029d 100644
--- a/drivers/net/wireless/mwifiex/sta_ioctl.c
+++ b/drivers/net/wireless/mwifiex/sta_ioctl.c
@@ -638,8 +638,9 @@ int mwifiex_set_tx_power(struct mwifiex_private *priv,
txp_cfg->mode = cpu_to_le32(1);
pg_tlv = (struct mwifiex_types_power_group *)
(buf + sizeof(struct host_cmd_ds_txpwr_cfg));
- pg_tlv->type = TLV_TYPE_POWER_GROUP;
- pg_tlv->length = 4 * sizeof(struct mwifiex_power_group);
+ pg_tlv->type = cpu_to_le16(TLV_TYPE_POWER_GROUP);
+ pg_tlv->length =
+ cpu_to_le16(4 * sizeof(struct mwifiex_power_group));
pg = (struct mwifiex_power_group *)
(buf + sizeof(struct host_cmd_ds_txpwr_cfg)
+ sizeof(struct mwifiex_types_power_group));
--
1.8.2.3
^ permalink raw reply related
* [PATCH 4/6] mwifiex: fix invalid memory access in mwifiex_ret_tx_rate_cfg()
From: Bing Zhao @ 2013-10-22 22:24 UTC (permalink / raw)
To: linux-wireless
Cc: John W. Linville, Dan Carpenter, Amitkumar Karwar, Avinash Patil,
Nishant Sarmukadam, Frank Huang, Bing Zhao
In-Reply-To: <1382480687-12720-1-git-send-email-bzhao@marvell.com>
From: Amitkumar Karwar <akarwar@marvell.com>
As tlv_buf_len is decremented at the end of the loop, we may have
accessed invalid memory in the last iteration.
Modify the while condition and add a break statement at the
begining of the loop to fix the problem.
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
---
drivers/net/wireless/mwifiex/sta_cmdresp.c | 22 ++++++++++++----------
1 file changed, 12 insertions(+), 10 deletions(-)
diff --git a/drivers/net/wireless/mwifiex/sta_cmdresp.c b/drivers/net/wireless/mwifiex/sta_cmdresp.c
index 5edea4d..2675ca7 100644
--- a/drivers/net/wireless/mwifiex/sta_cmdresp.c
+++ b/drivers/net/wireless/mwifiex/sta_cmdresp.c
@@ -274,17 +274,20 @@ static int mwifiex_ret_tx_rate_cfg(struct mwifiex_private *priv,
struct host_cmd_ds_tx_rate_cfg *rate_cfg = &resp->params.tx_rate_cfg;
struct mwifiex_rate_scope *rate_scope;
struct mwifiex_ie_types_header *head;
- u16 tlv, tlv_buf_len;
+ u16 tlv, tlv_buf_len, tlv_buf_left;
u8 *tlv_buf;
u32 i;
- tlv_buf = ((u8 *)rate_cfg) +
- sizeof(struct host_cmd_ds_tx_rate_cfg);
- tlv_buf_len = le16_to_cpu(*(__le16 *) (tlv_buf + sizeof(u16)));
+ tlv_buf = ((u8 *)rate_cfg) + sizeof(struct host_cmd_ds_tx_rate_cfg);
+ tlv_buf_left = le16_to_cpu(resp->size) - S_DS_GEN - sizeof(*rate_cfg);
- while (tlv_buf && tlv_buf_len > 0) {
- tlv = (*tlv_buf);
- tlv = tlv | (*(tlv_buf + 1) << 8);
+ while (tlv_buf_left >= sizeof(*head)) {
+ head = (struct mwifiex_ie_types_header *)tlv_buf;
+ tlv = le16_to_cpu(head->type);
+ tlv_buf_len = le16_to_cpu(head->len);
+
+ if (tlv_buf_left < (sizeof(*head) + tlv_buf_len))
+ break;
switch (tlv) {
case TLV_TYPE_RATE_SCOPE:
@@ -304,9 +307,8 @@ static int mwifiex_ret_tx_rate_cfg(struct mwifiex_private *priv,
/* Add RATE_DROP tlv here */
}
- head = (struct mwifiex_ie_types_header *) tlv_buf;
- tlv_buf += le16_to_cpu(head->len) + sizeof(*head);
- tlv_buf_len -= le16_to_cpu(head->len);
+ tlv_buf += (sizeof(*head) + tlv_buf_len);
+ tlv_buf_left -= (sizeof(*head) + tlv_buf_len);
}
priv->is_data_rate_auto = mwifiex_is_rate_auto(priv);
--
1.8.2.3
^ permalink raw reply related
* [PATCH 3/6] mwifiex: fix invalid memory access in mwifiex_get_power_level()
From: Bing Zhao @ 2013-10-22 22:24 UTC (permalink / raw)
To: linux-wireless
Cc: John W. Linville, Dan Carpenter, Amitkumar Karwar, Avinash Patil,
Nishant Sarmukadam, Frank Huang, Bing Zhao
In-Reply-To: <1382480687-12720-1-git-send-email-bzhao@marvell.com>
From: Amitkumar Karwar <akarwar@marvell.com>
With "while (length)" check we may end up in accessing invalid
memory in last iteration.
This patch makes sure that tlv length is not less than the length
of structure mwifiex_power_group when min/max power is calculated.
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
---
drivers/net/wireless/mwifiex/sta_cmdresp.c | 22 ++++++++++++----------
1 file changed, 12 insertions(+), 10 deletions(-)
diff --git a/drivers/net/wireless/mwifiex/sta_cmdresp.c b/drivers/net/wireless/mwifiex/sta_cmdresp.c
index bdf50fd..5edea4d 100644
--- a/drivers/net/wireless/mwifiex/sta_cmdresp.c
+++ b/drivers/net/wireless/mwifiex/sta_cmdresp.c
@@ -341,12 +341,16 @@ static int mwifiex_get_power_level(struct mwifiex_private *priv, void *data_buf)
pg = (struct mwifiex_power_group *)
((u8 *) pg_tlv_hdr + sizeof(struct mwifiex_types_power_group));
length = le16_to_cpu(pg_tlv_hdr->length);
- if (length > 0) {
- max_power = pg->power_max;
- min_power = pg->power_min;
- length -= sizeof(struct mwifiex_power_group);
- }
- while (length) {
+
+ /* At least one structure required to update power */
+ if (length < sizeof(struct mwifiex_power_group))
+ return 0;
+
+ max_power = pg->power_max;
+ min_power = pg->power_min;
+ length -= sizeof(struct mwifiex_power_group);
+
+ while (length >= sizeof(struct mwifiex_power_group)) {
pg++;
if (max_power < pg->power_max)
max_power = pg->power_max;
@@ -356,10 +360,8 @@ static int mwifiex_get_power_level(struct mwifiex_private *priv, void *data_buf)
length -= sizeof(struct mwifiex_power_group);
}
- if (le16_to_cpu(pg_tlv_hdr->length) > 0) {
- priv->min_tx_power_level = (u8) min_power;
- priv->max_tx_power_level = (u8) max_power;
- }
+ priv->min_tx_power_level = (u8) min_power;
+ priv->max_tx_power_level = (u8) max_power;
return 0;
}
--
1.8.2.3
^ permalink raw reply related
* Re: ath10k hits warning in sta_info.c:839.
From: Ben Greear @ 2013-10-22 22:22 UTC (permalink / raw)
To: ath10k, linux-wireless@vger.kernel.org
In-Reply-To: <5266C321.7000103@candelatech.com>
On 10/22/2013 11:25 AM, Ben Greear wrote:
> Kernel is stock 'ath' tree, with small printk to debug an ath10k
> crash.
>
> This is FYI for now...will be looking at other ath10k crash bugs
> before digging into this tone.
>
> Setup is 2 stations trying to associate to same AP, which causes
> endless failures and firmware crashes. Good for chasing bugs :)
>
>
> DMAR:[fault reason 05] PTE Write access is not set
> dmar: DRHD: handling fault status reg 3
> dmar: DMAR:[DMA Write] Request device [05:00.0] fault addr ffd52000
> DMAR:[fault reason 05] PTE Write access is not set
> dmar: DRHD: handling fault status reg 3
> dmar: DMAR:[DMA Write] Request device [05:00.0] fault addr ffd52000
> DMAR:[fault reason 05] PTE Write access is not set
>
> sta300: authentication with 00:03:83:3d:30:aa timed out
> [root@ct523-9292 ~]# ath10k: Failed to delete peer: 00:03:83:3d:30:aa for VDEV: 1
> ath10k: WMI vdev stop failed: ret -108
> ------------[ cut here ]------------
> WARNING: CPU: 1 PID: 6 at /mnt/sda/home/greearb/git/ath/net/mac80211/sta_info.c:839 __sta_info_destroy+0x12)
> Modules linked in: nf_nat_ipv4 nf_nat veth 8021q garp stp mrp llc macvlan pktgen lockd f71882fg coretemp hw]
I think this may be a result of whatever bug or limitation
caused the firmware to error and/or crash when adding a second
station VIF and trying to associate it to the same AP.
Probably not a problem with the rest of the wifi stacks.
Thanks,
Ben
--
Ben Greear <greearb@candelatech.com>
Candela Technologies Inc http://www.candelatech.com
^ permalink raw reply
* RE: [PATCH 07/14] mwifiex: consolidate no-ibss and passive scan to no-ir
From: Bing Zhao @ 2013-10-22 22:21 UTC (permalink / raw)
To: Luis R. Rodriguez, linville@tuxdriver.com,
johannes@sipsolutions.net
Cc: linux-wireless@vger.kernel.org, janusz.dziedzic@tieto.com,
smihir@qti.qualcomm.com, tushnimb@qca.qualcomm.com,
Amitkumar Karwar
In-Reply-To: <1382376158-25586-8-git-send-email-mcgrof@do-not-panic.com>
Hi Luis,
> Subject: [PATCH 07/14] mwifiex: consolidate no-ibss and passive scan to no-ir
>
> Cc: Amitkumar Karwar <akarwar@marvell.com>
> Cc: Bing Zhao <bzhao@marvell.com>
> Signed-off-by: Luis R. Rodriguez <mcgrof@do-not-panic.com>
Acked-by: Bing Zhao <bzhao@marvell.com>
Thanks,
Bing
^ permalink raw reply
* [PATCH 3.12] cfg80211: fix ibss wext chandef creation
From: Simon Wunderlich @ 2013-10-22 20:02 UTC (permalink / raw)
To: linux-wireless
Cc: Mathias Kretschmer, Dirk Gouders, Linux Kernel, Johannes Berg,
Simon Wunderlich
The wext internal chandefs for ibss should be created using the
cfg80211_chandef_create() functions. Otherwise the center_freq1 field
will not be set and cfg80211_chandef_valid() will spit a warning and
report the chandef as invalid when it should be used.
Reported-by: Dirk Gouders <dirk@gouders.net>
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
Cc: Johannes Berg <johannes.berg@intel.com>
---
net/wireless/ibss.c | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/net/wireless/ibss.c b/net/wireless/ibss.c
index 39bff7d..a710019 100644
--- a/net/wireless/ibss.c
+++ b/net/wireless/ibss.c
@@ -246,7 +246,7 @@ int cfg80211_ibss_wext_join(struct cfg80211_registered_device *rdev,
/* try to find an IBSS channel if none requested ... */
if (!wdev->wext.ibss.chandef.chan) {
- wdev->wext.ibss.chandef.width = NL80211_CHAN_WIDTH_20_NOHT;
+ struct ieee80211_channel *new_chan = NULL;
for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
struct ieee80211_supported_band *sband;
@@ -262,16 +262,19 @@ int cfg80211_ibss_wext_join(struct cfg80211_registered_device *rdev,
continue;
if (chan->flags & IEEE80211_CHAN_DISABLED)
continue;
- wdev->wext.ibss.chandef.chan = chan;
+ new_chan = chan;
break;
}
- if (wdev->wext.ibss.chandef.chan)
+ if (new_chan)
break;
}
- if (!wdev->wext.ibss.chandef.chan)
+ if (!new_chan)
return -EINVAL;
+
+ cfg80211_chandef_create(&wdev->wext.ibss.chandef, new_chan,
+ NL80211_CHAN_NO_HT);
}
/* don't join -- SSID is not there */
@@ -345,8 +348,8 @@ int cfg80211_ibss_wext_siwfreq(struct net_device *dev,
return err;
if (chan) {
- wdev->wext.ibss.chandef.chan = chan;
- wdev->wext.ibss.chandef.width = NL80211_CHAN_WIDTH_20_NOHT;
+ cfg80211_chandef_create(&wdev->wext.ibss.chandef, chan,
+ NL80211_CHAN_NO_HT);
wdev->wext.ibss.channel_fixed = true;
} else {
/* cfg80211_ibss_wext_join will pick one if needed */
--
1.7.10.4
^ permalink raw reply related
* Re: RTL8187B is racy
From: Alexandre Oliva @ 2013-10-22 19:30 UTC (permalink / raw)
To: Larry Finger; +Cc: linux-wireless
In-Reply-To: <52669A94.3070600@lwfinger.net>
On Oct 22, 2013, Larry Finger <Larry.Finger@lwfinger.net> wrote:
> After inspecting the code in rtl8187b_status_cb, I did notice that it
> does a lot of things that should be done by mac80211. As you have been
> testing code modifications, I assume that you will be able to test any
> patches that I generate.
Yeah, I can easily build and test patches here, at my workplace at home.
The only catch is that the module already works here; it seems to fail
only at busier environments, which I only get into once a month or so.
As long as we're not in much of a hurry, I can have things set up so
that, whenever I hit the problem with the module as it is now, I have a
patched module handy to test. So, I'm looking forward to your patches
and/or suggestions on what else to try. Just please make sure you Cc:
me, so that I won't miss it.
Thanks a lot!
--
Alexandre Oliva, freedom fighter http://FSFLA.org/~lxoliva/
You must be the change you wish to see in the world. -- Gandhi
Be Free! -- http://FSFLA.org/ FSF Latin America board member
Free Software Evangelist Red Hat Brazil Compiler Engineer
^ permalink raw reply
* [PATCH] staging: vt6656: device.h Remove typedef enum __device_init_type.
From: Malcolm Priestley @ 2013-10-22 19:26 UTC (permalink / raw)
To: gregkh; +Cc: linux-wireless
Since typedef enum __device_init_type is only ever called
in one state.
Remove the typedef from main_usb.c:device_init_registers
and if braces and just apply the enum value to sInitCmd.byInitClass.
Signed-off-by: Malcolm Priestley <tvboxspy@gmail.com>
---
drivers/staging/vt6656/device.h | 4 ++--
drivers/staging/vt6656/main_usb.c | 31 ++++++++++++++-----------------
2 files changed, 16 insertions(+), 19 deletions(-)
diff --git a/drivers/staging/vt6656/device.h b/drivers/staging/vt6656/device.h
index 62b7de1..8921305 100644
--- a/drivers/staging/vt6656/device.h
+++ b/drivers/staging/vt6656/device.h
@@ -149,11 +149,11 @@ typedef enum __device_msg_level {
MSG_LEVEL_DEBUG = 4 /* Only for debug purpose. */
} DEVICE_MSG_LEVEL, *PDEVICE_MSG_LEVEL;
-typedef enum __device_init_type {
+enum vnt_init_type {
DEVICE_INIT_COLD = 0, /* cold init */
DEVICE_INIT_RESET, /* reset init or Dx to D0 power remain */
DEVICE_INIT_DXPL /* Dx to D0 power lost init */
-} DEVICE_INIT_TYPE, *PDEVICE_INIT_TYPE;
+};
/* USB */
diff --git a/drivers/staging/vt6656/main_usb.c b/drivers/staging/vt6656/main_usb.c
index aae228c..3a2beaa 100644
--- a/drivers/staging/vt6656/main_usb.c
+++ b/drivers/staging/vt6656/main_usb.c
@@ -215,8 +215,7 @@ static void device_set_multi(struct net_device *dev);
static int device_close(struct net_device *dev);
static int device_ioctl(struct net_device *dev, struct ifreq *rq, int cmd);
-static int device_init_registers(struct vnt_private *pDevice,
- DEVICE_INIT_TYPE InitType);
+static int device_init_registers(struct vnt_private *pDevice);
static bool device_init_defrag_cb(struct vnt_private *pDevice);
static void device_init_diversity_timer(struct vnt_private *pDevice);
static int device_dma0_tx_80211(struct sk_buff *skb, struct net_device *dev);
@@ -297,8 +296,7 @@ static void device_init_diversity_timer(struct vnt_private *pDevice)
* initialization of MAC & BBP registers
*/
-static int device_init_registers(struct vnt_private *pDevice,
- DEVICE_INIT_TYPE InitType)
+static int device_init_registers(struct vnt_private *pDevice)
{
struct vnt_manager *pMgmt = &pDevice->vnt_mgmt;
u8 abyBroadcastAddr[ETH_ALEN] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
@@ -313,12 +311,14 @@ static int device_init_registers(struct vnt_private *pDevice,
u8 byTmp;
u8 byCalibTXIQ = 0, byCalibTXDC = 0, byCalibRXIQ = 0;
- DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "---->INIbInitAdapter. [%d][%d]\n", InitType, pDevice->byPacketType);
+ DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "---->INIbInitAdapter. [%d][%d]\n",
+ DEVICE_INIT_COLD, pDevice->byPacketType);
+
spin_lock_irq(&pDevice->lock);
- if (InitType == DEVICE_INIT_COLD) {
- memcpy(pDevice->abyBroadcastAddr, abyBroadcastAddr, ETH_ALEN);
- memcpy(pDevice->abySNAP_RFC1042, abySNAP_RFC1042, ETH_ALEN);
- memcpy(pDevice->abySNAP_Bridgetunnel,
+
+ memcpy(pDevice->abyBroadcastAddr, abyBroadcastAddr, ETH_ALEN);
+ memcpy(pDevice->abySNAP_RFC1042, abySNAP_RFC1042, ETH_ALEN);
+ memcpy(pDevice->abySNAP_Bridgetunnel,
abySNAP_Bridgetunnel,
ETH_ALEN);
@@ -342,9 +342,8 @@ static int device_init_registers(struct vnt_private *pDevice,
spin_unlock_irq(&pDevice->lock);
return false;
}
- }
- sInitCmd.byInitClass = (u8)InitType;
+ sInitCmd.byInitClass = DEVICE_INIT_COLD;
sInitCmd.bExistSWNetAddr = (u8) pDevice->bExistSWNetAddr;
for (ii = 0; ii < 6; ii++)
sInitCmd.bySWNetAddr[ii] = pDevice->abyCurrentNetAddr[ii];
@@ -364,7 +363,6 @@ static int device_init_registers(struct vnt_private *pDevice,
spin_unlock_irq(&pDevice->lock);
return false;
}
- if (InitType == DEVICE_INIT_COLD) {
ntStatus = CONTROLnsRequestIn(pDevice,MESSAGE_TYPE_INIT_RSP,0,0,sizeof(RSP_CARD_INIT), (u8 *) &(sInitRsp));
@@ -574,7 +572,6 @@ static int device_init_registers(struct vnt_private *pDevice,
/* if exist SW network address, use it */
DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Network address = %pM\n",
pDevice->abyCurrentNetAddr);
- }
/*
* set BB and packet type at the same time
@@ -962,10 +959,10 @@ static int device_open(struct net_device *dev)
/* read config file */
Read_config_file(pDevice);
- if (device_init_registers(pDevice, DEVICE_INIT_COLD) == false) {
- DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO " init register fail\n");
- goto free_all;
- }
+ if (device_init_registers(pDevice) == false) {
+ DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO " init register fail\n");
+ goto free_all;
+ }
device_set_multi(pDevice->dev);
--
1.8.3.2
^ permalink raw reply related
* [PATCH] staging: vt6656: call usb_device_reset before netdev registration
From: Malcolm Priestley @ 2013-10-22 19:00 UTC (permalink / raw)
To: gregkh@linuxfoundation.org; +Cc: linux-wireless@vger.kernel.org
The USB reset occurs after netdev registration if network manager
calls device_open too fast causing USB fails in main_usb.c: device_init_registers.
Move the usb reset to before register_netdev.
Signed-off-by: Malcolm Priestley <tvboxspy@gmail.com>
---
drivers/staging/vt6656/main_usb.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/staging/vt6656/main_usb.c b/drivers/staging/vt6656/main_usb.c
index 5e4a5d0..aae228c 100644
--- a/drivers/staging/vt6656/main_usb.c
+++ b/drivers/staging/vt6656/main_usb.c
@@ -723,14 +723,15 @@ vt6656_probe(struct usb_interface *intf, const struct usb_device_id *id)
usb_set_intfdata(intf, pDevice);
SET_NETDEV_DEV(netdev, &intf->dev);
memcpy(pDevice->dev->dev_addr, fake_mac, ETH_ALEN);
+
+ usb_device_reset(pDevice);
+
rc = register_netdev(netdev);
if (rc) {
printk(KERN_ERR DEVICE_NAME " Failed to register netdev\n");
goto err_netdev;
}
- usb_device_reset(pDevice);
-
return 0;
err_netdev:
--
1.8.3.2
^ permalink raw reply related
* Re: ar5523 Gigaset USB Adapter 108 issue
From: Oleksij Rempel @ 2013-10-22 18:45 UTC (permalink / raw)
To: Yannik Völker, linux-wireless@vger.kernel.org, pontus.fuchs
In-Reply-To: <5266C4C1.80408@yahoo.de>
Am 22.10.2013 20:32, schrieb Yannik Völker:
> Am 19.10.2013 18:59, schrieb Oleksij Rempel:
>> Am 19.10.2013 14:18, schrieb Yannik Völker:
>>> Am 18.10.2013 19:16, schrieb Oleksij Rempel:
>>>> Am 18.10.2013 18:33, schrieb Yannik Völker:
>>>>> Am 18.10.2013 18:16, schrieb Oleksij Rempel:
>>>>>> Am 18.10.2013 17:38, schrieb Yannik Völker:
>>>>>>> Am 18.10.2013 17:07, schrieb Oleksij Rempel:
>>>>>>>> Am 18.10.2013 16:49, schrieb Alan Stern:
>>>>>>>>> Yannik, you should always use Reply-To-All so that
>>>>>>>>> your messages get sent to the mailing list and not
>>>>>>>>> just to me.
>>>>>>>>>
>>>>>>>>> On Thu, 17 Oct 2013, Yannik Völker wrote:
>>>>>>>>>
>>>>>>>>>> Am 07.08.2013 19:34, schrieb Alan Stern:
>>>>>>>>>>> Please post two usbmon traces, one showing the
>>>>>>>>>>> failure on your current system and the other
>>>>>>>>>>> showing the adapter running correctly under a
>>>>>>>>>>> 32-bit kernel. Instructions for usbmon are in
>>>>>>>>>>> the kernel source file
>>>>>>>>>>> Documentation/usb/usbmon.txt.
>>>>>>>>>> I never got it to work under a 32-bit kernel, i
>>>>>>>>>> was just able to utilize a windows32 driver using
>>>>>>>>>> ndiswrapper.
>>>>>>>>>>
>>>>>>>>>> Now i got it to "work". I randomly found out
>>>>>>>>>> that the ar5523 driver actually works when you
>>>>>>>>>> load it after you unload ndiswrapper so the
>>>>>>>>>> following steps make it work: 1. modprobe
>>>>>>>>>> ndiswrapper 2. plug in device 3. connect to wlan
>>>>>>>>>> using ndiswrapper and disconnect again (might be
>>>>>>>>>> optional) 4. modprobe -r ndiswrapper 5. modprobe
>>>>>>>>>> ar5523 6. connect to wlan log for that is
>>>>>>>>>> attatched as wlanthennative2.log
>>>>>>>
>>>>>>>
>>>>>>>> It sounds like linux driver didn't recognised usb id
>>>>>>>> and didn't uploaded firmware, or there was no
>>>>>>>> firmware to upload.
>>>>>>> there is firmware (/lib/firmware/ar5523.bin exists)
>>>>>>> but it does not even get touched (i renamed the file
>>>>>>> and the error did not change at all)
>>>>>
>>>>>> find first usbid of your adapter (it will be changed
>>>>>> after firmware upload). And try to force driver to use
>>>>>> this id: modprobe -v ar5523 echo 07d1 3a0d >
>>>>>> /sys/bus/usb/drivers/ar5523/new_id
>>>>>
>>>>>> instead of "07d1 3a0d" use your id.
>>>>>
>>>>>
>>>>> # lsusb … Bus 003 Device 011: ID 129b:160c CyberTAN
>>>>> Technology Siemens S30853-S1038-R351 802.11g Wireless
>>>>> Adapter [Atheros AR5523] …
>>>>>
>>>>> # modprobe ar5523 # echo 129b 160c >
>>>>> /sys/bus/usb/drivers/ar5523/new_id <plugging device in>
>>>>> syslog: Oct 18 18:27:47 yannik-desktop kernel: [
>>>>> 8751.447784] usbcore: registered new interface driver
>>>>> ar5523 Oct 18 18:28:25 yannik-desktop kernel: [
>>>>> 8789.036912] usb 3-14: new high-speed USB device number 12
>>>>> using xhci_hcd Oct 18 18:28:25 yannik-desktop kernel: [
>>>>> 8789.053995] usb 3-14: New USB device found, idVendor=129b,
>>>>> idProduct=160c Oct 18 18:28:25 yannik-desktop kernel: [
>>>>> 8789.054005] usb 3-14: New USB device strings: Mfr=1,
>>>>> Product=2, SerialNumber=3 Oct 18 18:28:25 yannik-desktop
>>>>> kernel: [ 8789.054010] usb 3-14: Product: AR5523 Oct 18
>>>>> 18:28:25 yannik-desktop kernel: [ 8789.054015] usb 3-14:
>>>>> Manufacturer: Atheros Communications Inc Oct 18 18:28:25
>>>>> yannik-desktop kernel: [ 8789.054019] usb 3-14:
>>>>> SerialNumber: 1.0 Oct 18 18:28:27 yannik-desktop kernel: [
>>>>> 8791.052313] usb 3-14: timeout waiting for command 01 reply
>>>>> Oct 18 18:28:27 yannik-desktop kernel: [ 8791.052323] usb
>>>>> 3-14: could not initialize adapter Oct 18 18:28:27
>>>>> yannik-desktop kernel: [ 8791.052359] usb 3-14: RX USB
>>>>> error -2. Oct 18 18:28:27 yannik-desktop kernel: [
>>>>> 8791.052378] usb 3-14: error -1 when submitting rx urb Oct
>>>>> 18 18:28:27 yannik-desktop kernel: [ 8791.052504] ar5523:
>>>>> probe of 3-14:1.0 failed with error -110
>>>>>
>>>>>> Besidy, what kernel version are you using? May be it is
>>>>>> too old..
>>>>>
>>>>> 3.11.0-12-generic it is my understanding that the ar5523
>>>>> driver was included from 3.8 on.
>>>
>>>> please test attached patch.
>>> Stopped the error from appearing but it looks like it would
>>> not even try to upload the firmware to me:
>
>> Hi Yannik,
>
>> please use this patch instead of previous. It will provide some
>> more info. And send me complete dmesg.
>
> I have to correct myself: I got the sources via apt-get source (as
> opposed to git) this time. applied patch, worked.
Thank you for update. Can you please send us dmesg with working result.
--
Regards,
Oleksij
^ permalink raw reply
* ath10k hits warning in sta_info.c:839.
From: Ben Greear @ 2013-10-22 18:25 UTC (permalink / raw)
To: ath10k, linux-wireless@vger.kernel.org
Kernel is stock 'ath' tree, with small printk to debug an ath10k
crash.
This is FYI for now...will be looking at other ath10k crash bugs
before digging into this tone.
Setup is 2 stations trying to associate to same AP, which causes
endless failures and firmware crashes. Good for chasing bugs :)
DMAR:[fault reason 05] PTE Write access is not set
dmar: DRHD: handling fault status reg 3
dmar: DMAR:[DMA Write] Request device [05:00.0] fault addr ffd52000
DMAR:[fault reason 05] PTE Write access is not set
dmar: DRHD: handling fault status reg 3
dmar: DMAR:[DMA Write] Request device [05:00.0] fault addr ffd52000
DMAR:[fault reason 05] PTE Write access is not set
sta300: authentication with 00:03:83:3d:30:aa timed out
[root@ct523-9292 ~]# ath10k: Failed to delete peer: 00:03:83:3d:30:aa for VDEV: 1
ath10k: WMI vdev stop failed: ret -108
------------[ cut here ]------------
WARNING: CPU: 1 PID: 6 at /mnt/sda/home/greearb/git/ath/net/mac80211/sta_info.c:839 __sta_info_destroy+0x12)
Modules linked in: nf_nat_ipv4 nf_nat veth 8021q garp stp mrp llc macvlan pktgen lockd f71882fg coretemp hw]
CPU: 1 PID: 6 Comm: kworker/u8:0 Tainted: G WC 3.12.0-rc5-wl+ #1
Hardware name: To be filled by O.E.M. To be filled by O.E.M./HURONRIVER, BIOS 4.6.5 05/02/2012
Workqueue: phy0 ieee80211_iface_work [mac80211]
0000000000000009 ffff8802160d3c28 ffffffff81566b46 ffff88021fa8ec78
0000000000000000 ffff8802160d3c68 ffffffff8109e0a2 ffff8802160d3c78
ffffffffa03ceff2 ffff880215b63800 ffff8800d81505c0 ffff88020dc647c0
Call Trace:
[<ffffffff81566b46>] dump_stack+0x55/0x86
[<ffffffff8109e0a2>] warn_slowpath_common+0x77/0x91
[<ffffffffa03ceff2>] ? __sta_info_destroy+0x122/0x1d6 [mac80211]
[<ffffffff8109e0d1>] warn_slowpath_null+0x15/0x17
dmar: DRHD: handling fault status reg 3
dmar: DMAR:[DMA Write] Request device [05:00.0] fault addr ffd51000
DMAR:[fault reason 05] PTE Write access is not set
dmar: DRHD: handling fault status reg 3
dmar: DMAR:[DMA Write] Request device [05:00.0] fault addr ffd51000
DMAR:[fault reason 05] PTE Write access is not set
[<ffffffffa03ceff2>] __sta_info_destroy+0x122/0x1d6 [mac80211]
[<ffffffffa03cf27a>] sta_info_destroy_addr+0x37/0x59 [mac80211]
[<ffffffffa03edbcc>] ieee80211_destroy_auth_data+0x2a/0x8c [mac80211]
[<ffffffffa03f1543>] ieee80211_sta_work+0x159/0xb2c [mac80211]
[<ffffffffa03ea936>] ? ieee80211_wake_queues_by_reason+0x78/0x87 [mac80211]
[<ffffffff8156cc88>] ? _raw_spin_unlock_irqrestore+0x27/0x32
[<ffffffffa03d86bf>] ieee80211_iface_work+0x29f/0x2c2 [mac80211]
[<ffffffffa03edc3b>] ? sdata_unlock+0xd/0xf [mac80211]
[<ffffffff810afdc1>] ? pwq_activate_delayed_work+0x23/0x31
[<ffffffff810b1846>] process_one_work+0x162/0x217
[<ffffffff810b1cbb>] worker_thread+0x12e/0x1fb
[<ffffffff810b1b8d>] ? rescuer_thread+0x268/0x268
[<ffffffff810b6a8e>] kthread+0x88/0x90
[<ffffffff810b6a06>] ? __kthread_parkme+0x60/0x60
[<ffffffff8157160c>] ret_from_fork+0x7c/0xb0
[<ffffffff810b6a06>] ? __kthread_parkme+0x60/0x60
---[ end trace 402f96cbcf4a3d3e ]---
sta300: deauthenticating from 00:03:83:3d:30:aa by local choice (reason=3)
ath10k: MSI-X interrupt handling (8 intrs)
ath10k: UART prints disabled
ath10k: firmware 999.999.0.636 booted
ath10k: htt target version 2.1
ath10k: device successfully recovered
ath10k: firmware crashed!
--
Ben Greear <greearb@candelatech.com>
Candela Technologies Inc http://www.candelatech.com
^ permalink raw reply
* Re: RTL8187B is racy
From: Larry Finger @ 2013-10-22 15:32 UTC (permalink / raw)
To: Alexandre Oliva, linux-wireless
In-Reply-To: <or61sq3q4e.fsf@livre.home>
On 10/21/2013 11:07 PM, Alexandre Oliva wrote:
> It's been at least a year since I first noticed that, on WiFi-busy
> environments such as airports, hotels and Free Software conferences, my
> Yeeloong laptop with a RTL8187B WiFi card will freeze or oops shortly
> after I enable WiFi. This problem doesn't seem to happen when I'm at
> home, probably because of the low WiFi traffic. The problem occurs
> while running 3.11.* and 3.10.* kernels, but not 3.4.* or 3.0.*.
>
> I couldn't find any changes to the rtl8187 module that explain this
> misbehavior, so I suspect it's some new source of parallelism in the
> mac80211 layer that has exposed the lack of synchronization in uses of
> rx_queue and b_tx_status.queue. Indeed, I found many uses of these
> queues that don't take locks to ensure consistency. Unfortunately,
> adding spin locks around all uses causes harder freezes and/or complains
> about scheduling in atomic contexts, depending on which race I hit
> first. Without any changes, the problem I get most often is a crash
> within rtl8187b_status_cb, when skb_unlink attempts to dereference a
> NULL pointer. Testing skb->prev and skb->next before entering the
> branch where the skb is removed seemed to make the error a little bit
> less frequent, but surely not enough for the machine to remain up for
> very long while WiFi is enabled.
>
> Is this a known problem? Any suggestions on what I could try next to
> fix the problem?
No, the problem has not previously been reported. From your description of the
situation where it happens, the problem requires a lot of same channel, same AP
traffic. I will try to duplicate that condition here. Although I have an
RTL8187B device, I seldom use it as the case on the USB stick is falling apart.
I will need to do some repair on it so that it holds together.
After inspecting the code in rtl8187b_status_cb, I did notice that it does a lot
of things that should be done by mac80211. As you have been testing code
modifications, I assume that you will be able to test any patches that I generate.
Larry
^ permalink raw reply
* RE: Intel(R) Centrino(R) Advanced-N 6235 - iwlwifi-6000g2b-6.ucode not reconnecting issue
From: Bastiaan de Groot @ 2013-10-22 11:17 UTC (permalink / raw)
To: Emmanuel Grumbach; +Cc: linux-wireless@vger.kernel.org, ilw@linux.intel.com
In-Reply-To: <CANUX_P0yTq2v5jWyeHob_QnES878Zw-aZDhWFSmBcxg=CYMHgA@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 787 bytes --]
Attached you find the "demsg |grep -i iwl" full output.
It gives a:
83668.896034] iwlwifi 0000:05:00.0: Failed to start RT ucode: -110
[83668.904290] iwlwifi 0000:05:00.0: Unable to initialize device.
And then stops trying for a while.
On Tue, Oct 22, 2013 at 11:31 AM, Bastiaan de Groot <bastiaan.de.groot@telexis.nl> wrote:
> Dear community,
>
> I have a "Intel(r) Centrino(r) Advanced-N 6235" wificard.
> Running Debian 7.0 "wheezy"
>
> Firmware: Iwlwifi-6000g2b-6.ucode
>
> Using:
> Kernel 3.2.0-4-686-pae
>
> It connects but when wpa_supplicant is trying to re-connect I get:
>
> [83667.904059] iwlwifi 0000:05:00.0: iwl_hcmd_queue_reclaim: Read index for DMA queue txq id (9), index 157 is out of range [0-256] 0 0.
Did you have anything before that?
[-- Attachment #2: iwl_error.txt --]
[-- Type: text/plain, Size: 13156 bytes --]
[ 4.671506] iwlwifi 0000:05:00.0: setting latency timer to 64
[ 4.671548] iwlwifi 0000:05:00.0: pci_resource_len = 0x00002000
[ 4.671555] iwlwifi 0000:05:00.0: pci_resource_base = f8330000
[ 4.671562] iwlwifi 0000:05:00.0: HW Revision ID = 0x24
[ 4.671661] iwlwifi 0000:05:00.0: irq 55 for MSI/MSI-X
[ 4.671755] iwlwifi 0000:05:00.0: Detected 6035 Series 2x2 AGN/BT, REV=0xB0
[ 4.671851] iwlwifi 0000:05:00.0: L1 Disabled; Enabling L0S
[ 4.686706] iwlwifi 0000:05:00.0: device EEPROM VER=0x756, CALIB=0x6
[ 4.686714] iwlwifi 0000:05:00.0: Device SKU: 0X1f0
[ 4.686722] iwlwifi 0000:05:00.0: Valid Tx ant: 0X3, Valid Rx ant: 0X3
[ 4.692133] iwlwifi 0000:05:00.0: Tunable channels: 13 802.11bg, 24 802.11a channels
[ 4.865663] iwlwifi 0000:05:00.0: firmware: agent loaded iwlwifi-6000g2b-6.ucode into memory
[ 4.865680] iwlwifi 0000:05:00.0: loaded firmware version 18.168.6.1
[ 4.874362] ieee80211 phy0: Selected rate control algorithm 'iwl-agn-rs'
[ 7.751226] iwlwifi 0000:05:00.0: L1 Disabled; Enabling L0S
[ 7.758248] iwlwifi 0000:05:00.0: Radio type=0x2-0x1-0x0
[ 8.046021] iwlwifi 0000:05:00.0: L1 Disabled; Enabling L0S
[ 8.053041] iwlwifi 0000:05:00.0: Radio type=0x2-0x1-0x0
[ 2251.842216] iwlwifi 0000:05:00.0: L1 Disabled; Enabling L0S
[ 2251.849304] iwlwifi 0000:05:00.0: Radio type=0x2-0x1-0x0
[17702.289593] iwlwifi 0000:05:00.0: L1 Disabled; Enabling L0S
[17702.296662] iwlwifi 0000:05:00.0: Radio type=0x2-0x1-0x0
[30257.442028] iwlwifi 0000:05:00.0: L1 Disabled; Enabling L0S
[30257.449098] iwlwifi 0000:05:00.0: Radio type=0x2-0x1-0x0
[43218.459480] iwlwifi 0000:05:00.0: L1 Disabled; Enabling L0S
[43218.466554] iwlwifi 0000:05:00.0: Radio type=0x2-0x1-0x0
[47486.831629] iwlwifi 0000:05:00.0: L1 Disabled; Enabling L0S
[47486.838711] iwlwifi 0000:05:00.0: Radio type=0x2-0x1-0x0
[48035.823057] iwlwifi 0000:05:00.0: L1 Disabled; Enabling L0S
[48035.830129] iwlwifi 0000:05:00.0: Radio type=0x2-0x1-0x0
[52537.796883] iwlwifi 0000:05:00.0: L1 Disabled; Enabling L0S
[52537.803965] iwlwifi 0000:05:00.0: Radio type=0x2-0x1-0x0
[62140.806165] iwlwifi 0000:05:00.0: L1 Disabled; Enabling L0S
[62140.813245] iwlwifi 0000:05:00.0: Radio type=0x2-0x1-0x0
[69403.774804] iwlwifi 0000:05:00.0: L1 Disabled; Enabling L0S
[69403.781872] iwlwifi 0000:05:00.0: Radio type=0x2-0x1-0x0
[70844.856679] iwlwifi 0000:05:00.0: L1 Disabled; Enabling L0S
[70844.863749] iwlwifi 0000:05:00.0: Radio type=0x2-0x1-0x0
[73468.448984] iwlwifi 0000:05:00.0: L1 Disabled; Enabling L0S
[73468.456060] iwlwifi 0000:05:00.0: Radio type=0x2-0x1-0x0
[74805.753484] iwlwifi 0000:05:00.0: L1 Disabled; Enabling L0S
[74805.760571] iwlwifi 0000:05:00.0: Radio type=0x2-0x1-0x0
[83667.860874] iwlwifi 0000:05:00.0: iwl_hcmd_queue_reclaim: Read index for DMA queue txq id (9), index 172 is out of range [0-256] 173 173.
[83667.882081] iwlwifi 0000:05:00.0: L1 Disabled; Enabling L0S
[83667.889149] iwlwifi 0000:05:00.0: Radio type=0x2-0x1-0x0
[83667.898065] iwlwifi 0000:05:00.0: iwl_hcmd_queue_reclaim: Read index for DMA queue txq id (9), index 150 is out of range [0-256] 0 0.
[83667.898278] iwlwifi 0000:05:00.0: HCMD_ACTIVE already clear for command REPLY_RXON
[83667.898287] iwlwifi 0000:05:00.0: iwl_hcmd_queue_reclaim: Read index for DMA queue txq id (9), index 167 is out of range [0-256] 0 0.
[83667.898490] iwlwifi 0000:05:00.0: HCMD_ACTIVE already clear for command REPLY_SCAN_CMD
[83667.898500] iwlwifi 0000:05:00.0: iwl_hcmd_queue_reclaim: Read index for DMA queue txq id (9), index 160 is out of range [0-256] 0 0.
[83667.898702] iwlwifi 0000:05:00.0: HCMD_ACTIVE already clear for command REPLY_TX_LINK_QUALITY_CMD
[83667.898746] iwlwifi 0000:05:00.0: iwl_hcmd_queue_reclaim: Read index for DMA queue txq id (9), index 154 is out of range [0-256] 0 0.
[83667.898948] iwlwifi 0000:05:00.0: HCMD_ACTIVE already clear for command SENSITIVITY_CMD
[83667.898966] iwlwifi 0000:05:00.0: iwl_hcmd_queue_reclaim: Read index for DMA queue txq id (9), index 148 is out of range [0-256] 0 0.
[83667.899174] iwlwifi 0000:05:00.0: HCMD_ACTIVE already clear for command REPLY_RXON_TIMING
[83667.899193] iwlwifi 0000:05:00.0: iwl_hcmd_queue_reclaim: Read index for DMA queue txq id (9), index 140 is out of range [0-256] 0 0.
[83667.899395] iwlwifi 0000:05:00.0: HCMD_ACTIVE already clear for command REPLY_LEDS_CMD
[83667.899403] iwlwifi 0000:05:00.0: iwl_hcmd_queue_reclaim: Read index for DMA queue txq id (9), index 142 is out of range [0-256] 0 0.
[83667.899605] iwlwifi 0000:05:00.0: HCMD_ACTIVE already clear for command REPLY_QOS_PARAM
[83667.899616] iwlwifi 0000:05:00.0: iwl_tx_queue_reclaim: Read index for DMA queue txq id (0), last_to_free 179 is out of range [0-256] 0 0.
[83667.899849] WARNING: at /build/linux-n2St39/linux-3.2.51/drivers/net/wireless/iwlwifi/iwl-agn-tx.c:835 iwlagn_rx_reply_tx+0x558/0x5b7 [iwlwifi]()
[83667.899859] Modules linked in: cryptd aes_i586 aes_generic nfsd nfs nfs_acl auth_rpcgss fscache lockd sunrpc loop arc4 i2c_i801 coretemp psmouse serio_raw pcspkr iwlwifi snd_hda_codec_realtek btusb mac80211 iTCO_wdt bluetooth iTCO_vendor_support evdev i915 cfg80211 option usb_wwan usbserial rfkill snd_hda_intel video snd_hda_codec drm_kms_helper snd_hwdep drm snd_pcm snd_page_alloc snd_timer snd i2c_algo_bit soundcore i2c_core processor button thermal_sys ext4 crc16 jbd2 mbcache sg sd_mod crc_t10dif usbhid hid ata_generic ata_piix libata scsi_mod uhci_hcd e1000e ehci_hcd usbcore usb_common [last unloaded: scsi_wait_scan]
[83667.899996] [<f86370ce>] ? iwlagn_rx_reply_tx+0x558/0x5b7 [iwlwifi]
[83667.900026] [<f86370ce>] ? iwlagn_rx_reply_tx+0x558/0x5b7 [iwlwifi]
[83667.900046] [<f863bb25>] ? iwlagn_rx_reply_rx+0x135/0x353 [iwlwifi]
[83667.900064] [<f863bf73>] ? iwl_rx_dispatch+0xbb/0xc4 [iwlwifi]
[83667.900082] [<f86446eb>] ? iwl_irq_tasklet+0x3b7/0x627 [iwlwifi]
[83667.900219] iwlwifi 0000:05:00.0: iwl_tx_queue_reclaim: Read index for DMA queue txq id (0), last_to_free 180 is out of range [0-256] 0 0.
[83667.900462] WARNING: at /build/linux-n2St39/linux-3.2.51/drivers/net/wireless/iwlwifi/iwl-agn-tx.c:835 iwlagn_rx_reply_tx+0x558/0x5b7 [iwlwifi]()
[83667.900489] Modules linked in: cryptd aes_i586 aes_generic nfsd nfs nfs_acl auth_rpcgss fscache lockd sunrpc loop arc4 i2c_i801 coretemp psmouse serio_raw pcspkr iwlwifi snd_hda_codec_realtek btusb mac80211 iTCO_wdt bluetooth iTCO_vendor_support evdev i915 cfg80211 option usb_wwan usbserial rfkill snd_hda_intel video snd_hda_codec drm_kms_helper snd_hwdep drm snd_pcm snd_page_alloc snd_timer snd i2c_algo_bit soundcore i2c_core processor button thermal_sys ext4 crc16 jbd2 mbcache sg sd_mod crc_t10dif usbhid hid ata_generic ata_piix libata scsi_mod uhci_hcd e1000e ehci_hcd usbcore usb_common [last unloaded: scsi_wait_scan]
[83667.900773] [<f86370ce>] ? iwlagn_rx_reply_tx+0x558/0x5b7 [iwlwifi]
[83667.900812] [<f86370ce>] ? iwlagn_rx_reply_tx+0x558/0x5b7 [iwlwifi]
[83667.900835] [<f863bb25>] ? iwlagn_rx_reply_rx+0x135/0x353 [iwlwifi]
[83667.900853] [<f863bf73>] ? iwl_rx_dispatch+0xbb/0xc4 [iwlwifi]
[83667.900871] [<f86446eb>] ? iwl_irq_tasklet+0x3b7/0x627 [iwlwifi]
[83667.900998] iwlwifi 0000:05:00.0: iwl_hcmd_queue_reclaim: Read index for DMA queue txq id (9), index 166 is out of range [0-256] 0 0.
[83667.901204] iwlwifi 0000:05:00.0: HCMD_ACTIVE already clear for command POWER_TABLE_CMD
[83667.901257] iwlwifi 0000:05:00.0: iwl_hcmd_queue_reclaim: Read index for DMA queue txq id (9), index 155 is out of range [0-256] 0 0.
[83667.901464] iwlwifi 0000:05:00.0: HCMD_ACTIVE already clear for command REPLY_TX_POWER_DBM_CMD
[83667.901560] iwlwifi 0000:05:00.0: iwl_hcmd_queue_reclaim: Read index for DMA queue txq id (9), index 147 is out of range [0-256] 0 0.
[83667.901774] iwlwifi 0000:05:00.0: HCMD_ACTIVE already clear for command REPLY_TX_LINK_QUALITY_CMD
[83667.901807] iwlwifi 0000:05:00.0: iwl_hcmd_queue_reclaim: Read index for DMA queue txq id (9), index 169 is out of range [0-256] 0 0.
[83667.902012] iwlwifi 0000:05:00.0: HCMD_ACTIVE already clear for command REPLY_RXON
[83667.902037] iwlwifi 0000:05:00.0: iwl_tx_queue_reclaim: Read index for DMA queue txq id (0), last_to_free 178 is out of range [0-256] 0 0.
[83667.902272] WARNING: at /build/linux-n2St39/linux-3.2.51/drivers/net/wireless/iwlwifi/iwl-agn-tx.c:835 iwlagn_rx_reply_tx+0x558/0x5b7 [iwlwifi]()
[83667.902300] Modules linked in: cryptd aes_i586 aes_generic nfsd nfs nfs_acl auth_rpcgss fscache lockd sunrpc loop arc4 i2c_i801 coretemp psmouse serio_raw pcspkr iwlwifi snd_hda_codec_realtek btusb mac80211 iTCO_wdt bluetooth iTCO_vendor_support evdev i915 cfg80211 option usb_wwan usbserial rfkill snd_hda_intel video snd_hda_codec drm_kms_helper snd_hwdep drm snd_pcm snd_page_alloc snd_timer snd i2c_algo_bit soundcore i2c_core processor button thermal_sys ext4 crc16 jbd2 mbcache sg sd_mod crc_t10dif usbhid hid ata_generic ata_piix libata scsi_mod uhci_hcd e1000e ehci_hcd usbcore usb_common [last unloaded: scsi_wait_scan]
[83667.902590] [<f86370ce>] ? iwlagn_rx_reply_tx+0x558/0x5b7 [iwlwifi]
[83667.902628] [<f86370ce>] ? iwlagn_rx_reply_tx+0x558/0x5b7 [iwlwifi]
[83667.902653] [<f863bb25>] ? iwlagn_rx_reply_rx+0x135/0x353 [iwlwifi]
[83667.902679] [<f863bf73>] ? iwl_rx_dispatch+0xbb/0xc4 [iwlwifi]
[83667.902721] [<f86446eb>] ? iwl_irq_tasklet+0x3b7/0x627 [iwlwifi]
[83667.902960] iwlwifi 0000:05:00.0: iwl_hcmd_queue_reclaim: Read index for DMA queue txq id (9), index 149 is out of range [0-256] 0 0.
[83667.903181] iwlwifi 0000:05:00.0: HCMD_ACTIVE already clear for command REPLY_QOS_PARAM
[83667.903209] iwlwifi 0000:05:00.0: iwl_tx_queue_reclaim: Read index for DMA queue txq id (0), last_to_free 181 is out of range [0-256] 0 0.
[83667.903437] WARNING: at /build/linux-n2St39/linux-3.2.51/drivers/net/wireless/iwlwifi/iwl-agn-tx.c:835 iwlagn_rx_reply_tx+0x558/0x5b7 [iwlwifi]()
[83667.903447] Modules linked in: cryptd aes_i586 aes_generic nfsd nfs nfs_acl auth_rpcgss fscache lockd sunrpc loop arc4 i2c_i801 coretemp psmouse serio_raw pcspkr iwlwifi snd_hda_codec_realtek btusb mac80211 iTCO_wdt bluetooth iTCO_vendor_support evdev i915 cfg80211 option usb_wwan usbserial rfkill snd_hda_intel video snd_hda_codec drm_kms_helper snd_hwdep drm snd_pcm snd_page_alloc snd_timer snd i2c_algo_bit soundcore i2c_core processor button thermal_sys ext4 crc16 jbd2 mbcache sg sd_mod crc_t10dif usbhid hid ata_generic ata_piix libata scsi_mod uhci_hcd e1000e ehci_hcd usbcore usb_common [last unloaded: scsi_wait_scan]
[83667.903668] [<f86370ce>] ? iwlagn_rx_reply_tx+0x558/0x5b7 [iwlwifi]
[83667.903707] [<f86370ce>] ? iwlagn_rx_reply_tx+0x558/0x5b7 [iwlwifi]
[83667.903732] [<f863bb25>] ? iwlagn_rx_reply_rx+0x135/0x353 [iwlwifi]
[83667.903758] [<f863bf73>] ? iwl_rx_dispatch+0xbb/0xc4 [iwlwifi]
[83667.903783] [<f86446eb>] ? iwl_irq_tasklet+0x3b7/0x627 [iwlwifi]
[83667.904059] iwlwifi 0000:05:00.0: iwl_hcmd_queue_reclaim: Read index for DMA queue txq id (9), index 157 is out of range [0-256] 0 0.
[83667.904276] iwlwifi 0000:05:00.0: HCMD_ACTIVE already clear for command POWER_TABLE_CMD
[83667.904289] iwlwifi 0000:05:00.0: iwl_hcmd_queue_reclaim: Read index for DMA queue txq id (9), index 156 is out of range [0-256] 0 0.
[83667.904493] iwlwifi 0000:05:00.0: HCMD_ACTIVE already clear for command REPLY_RXON_ASSOC
[83667.904516] iwlwifi 0000:05:00.0: iwl_hcmd_queue_reclaim: Read index for DMA queue txq id (9), index 143 is out of range [0-256] 0 0.
[83667.904722] iwlwifi 0000:05:00.0: HCMD_ACTIVE already clear for command REPLY_RXON
[83667.904732] iwlwifi 0000:05:00.0: iwl_hcmd_queue_reclaim: Read index for DMA queue txq id (9), index 139 is out of range [0-256] 0 0.
[83667.904935] iwlwifi 0000:05:00.0: HCMD_ACTIVE already clear for command REPLY_TX_LINK_QUALITY_CMD
[83667.904998] iwlwifi 0000:05:00.0: iwl_hcmd_queue_reclaim: Read index for DMA queue txq id (9), index 172 is out of range [0-256] 0 0.
[83667.905200] iwlwifi 0000:05:00.0: HCMD_ACTIVE already clear for command REPLY_LEDS_CMD
[83667.905212] iwlwifi 0000:05:00.0: iwl_hcmd_queue_reclaim: Read index for DMA queue txq id (9), index 165 is out of range [0-256] 0 0.
[83667.908013] iwlwifi 0000:05:00.0: HCMD_ACTIVE already clear for command POWER_TABLE_CMD
[83667.920999] iwlwifi 0000:05:00.0: iwl_hcmd_queue_reclaim: Read index for DMA queue txq id (9), index 162 is out of range [0-256] 0 0.
[83667.924978] iwlwifi 0000:05:00.0: HCMD_ACTIVE already clear for command REPLY_TX_LINK_QUALITY_CMD
[83667.937183] iwlwifi 0000:05:00.0: iwl_hcmd_queue_reclaim: Read index for DMA queue txq id (9), index 158 is out of range [0-256] 0 0.
[83667.941157] iwlwifi 0000:05:00.0: HCMD_ACTIVE already clear for command REPLY_RXON
[83667.953377] iwlwifi 0000:05:00.0: iwl_hcmd_queue_reclaim: Read index for DMA queue txq id (9), index 171 is out of range [0-256] 0 0.
[83667.957319] iwlwifi 0000:05:00.0: HCMD_ACTIVE already clear for command REPLY_TX_LINK_QUALITY_CMD
[83668.896034] iwlwifi 0000:05:00.0: Failed to start RT ucode: -110
[83668.904290] iwlwifi 0000:05:00.0: Unable to initialize device.
^ permalink raw reply
* [PATCH] mac80211_hwsim: Fix tracking of beaconing for multi-vif
From: Jouni Malinen @ 2013-10-22 11:11 UTC (permalink / raw)
To: John W. Linville; +Cc: linux-wireless
mac80211_hwsim canceled beacon_timer on any vif changing from enabled
to disabled beaconing. This breaks cases where there are multiple
beaconing vifs and only one of them is removed. Fix this by tracking
beaconing status per vif and disable beacon_timer only if no active vif
remain with beaconing enabled.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
---
drivers/net/wireless/mac80211_hwsim.c | 27 ++++++++++++++++++++++++---
1 file changed, 24 insertions(+), 3 deletions(-)
diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c
index 2cd3f54..de0df86 100644
--- a/drivers/net/wireless/mac80211_hwsim.c
+++ b/drivers/net/wireless/mac80211_hwsim.c
@@ -167,6 +167,7 @@ struct hwsim_vif_priv {
u32 magic;
u8 bssid[ETH_ALEN];
bool assoc;
+ bool bcn_en;
u16 aid;
};
@@ -1170,6 +1171,16 @@ static void mac80211_hwsim_configure_filter(struct ieee80211_hw *hw,
*total_flags = data->rx_filter;
}
+static void mac80211_hwsim_bcn_en_iter(void *data, u8 *mac,
+ struct ieee80211_vif *vif)
+{
+ unsigned int *count = data;
+ struct hwsim_vif_priv *vp = (void *)vif->drv_priv;
+
+ if (vp->bcn_en)
+ (*count)++;
+}
+
static void mac80211_hwsim_bss_info_changed(struct ieee80211_hw *hw,
struct ieee80211_vif *vif,
struct ieee80211_bss_conf *info,
@@ -1180,7 +1191,8 @@ static void mac80211_hwsim_bss_info_changed(struct ieee80211_hw *hw,
hwsim_check_magic(vif);
- wiphy_debug(hw->wiphy, "%s(changed=0x%x)\n", __func__, changed);
+ wiphy_debug(hw->wiphy, "%s(changed=0x%x vif->addr=%pM)\n",
+ __func__, changed, vif->addr);
if (changed & BSS_CHANGED_BSSID) {
wiphy_debug(hw->wiphy, "%s: BSSID changed: %pM\n",
@@ -1202,6 +1214,7 @@ static void mac80211_hwsim_bss_info_changed(struct ieee80211_hw *hw,
if (changed & BSS_CHANGED_BEACON_ENABLED) {
wiphy_debug(hw->wiphy, " BCN EN: %d\n", info->enable_beacon);
+ vp->bcn_en = info->enable_beacon;
if (data->started &&
!hrtimer_is_queued(&data->beacon_timer.timer) &&
info->enable_beacon) {
@@ -1215,8 +1228,16 @@ static void mac80211_hwsim_bss_info_changed(struct ieee80211_hw *hw,
tasklet_hrtimer_start(&data->beacon_timer,
ns_to_ktime(until_tbtt * 1000),
HRTIMER_MODE_REL);
- } else if (!info->enable_beacon)
- tasklet_hrtimer_cancel(&data->beacon_timer);
+ } else if (!info->enable_beacon) {
+ unsigned int count = 0;
+ ieee80211_iterate_active_interfaces(
+ data->hw, IEEE80211_IFACE_ITER_NORMAL,
+ mac80211_hwsim_bcn_en_iter, &count);
+ wiphy_debug(hw->wiphy, " beaconing vifs remaining: %u",
+ count);
+ if (count == 0)
+ tasklet_hrtimer_cancel(&data->beacon_timer);
+ }
}
if (changed & BSS_CHANGED_ERP_CTS_PROT) {
--
1.7.9.5
--
Jouni Malinen PGP id EFC895FA
^ permalink raw reply related
* Re: Intel(R) Centrino(R) Advanced-N 6235 - iwlwifi-6000g2b-6.ucode not reconnecting issue
From: Emmanuel Grumbach @ 2013-10-22 10:51 UTC (permalink / raw)
To: Bastiaan de Groot; +Cc: linux-wireless@vger.kernel.org, ilw@linux.intel.com
On Tue, Oct 22, 2013 at 11:31 AM, Bastiaan de Groot
<bastiaan.de.groot@telexis.nl> wrote:
> Dear community,
>
> I have a "Intel® Centrino® Advanced-N 6235" wificard.
> Running Debian 7.0 "wheezy"
>
> Firmware: Iwlwifi-6000g2b-6.ucode
>
> Using:
> Kernel 3.2.0-4-686-pae
>
> It connects but when wpa_supplicant is trying to re-connect I get:
>
> [83667.904059] iwlwifi 0000:05:00.0: iwl_hcmd_queue_reclaim: Read index for DMA queue txq id (9), index 157 is out of range [0-256] 0 0.
Did you have anything before that?
^ permalink raw reply
* RE: Intel® Centrino® Advanced-N 6235 - iwlwifi-6000g2b-6.ucode not reconnecting issue
From: Bastiaan de Groot @ 2013-10-22 8:31 UTC (permalink / raw)
To: linux-wireless@vger.kernel.org, ilw@linux.intel.com
Dear community,
I have a "Intel® Centrino® Advanced-N 6235" wificard.
Running Debian 7.0 "wheezy"
Firmware: Iwlwifi-6000g2b-6.ucode
Using:
Kernel 3.2.0-4-686-pae
It connects but when wpa_supplicant is trying to re-connect I get:
[83667.904059] iwlwifi 0000:05:00.0: iwl_hcmd_queue_reclaim: Read index for DMA queue txq id (9), index 157 is out of range [0-256] 0 0.
[83667.904276] iwlwifi 0000:05:00.0: HCMD_ACTIVE already clear for command POWER_TABLE_CMD
[83667.904289] iwlwifi 0000:05:00.0: iwl_hcmd_queue_reclaim: Read index for DMA queue txq id (9), index 156 is out of range [0-256] 0 0.
[83667.904493] iwlwifi 0000:05:00.0: HCMD_ACTIVE already clear for command REPLY_RXON_ASSOC
[83667.904516] iwlwifi 0000:05:00.0: iwl_hcmd_queue_reclaim: Read index for DMA queue txq id (9), index 143 is out of range [0-256] 0 0.
[83667.904722] iwlwifi 0000:05:00.0: HCMD_ACTIVE already clear for command REPLY_RXON
[83667.904732] iwlwifi 0000:05:00.0: iwl_hcmd_queue_reclaim: Read index for DMA queue txq id (9), index 139 is out of range [0-256] 0 0.
[83667.904935] iwlwifi 0000:05:00.0: HCMD_ACTIVE already clear for command REPLY_TX_LINK_QUALITY_CMD
[83667.904998] iwlwifi 0000:05:00.0: iwl_hcmd_queue_reclaim: Read index for DMA queue txq id (9), index 172 is out of range [0-256] 0 0.
[83667.905200] iwlwifi 0000:05:00.0: HCMD_ACTIVE already clear for command REPLY_LEDS_CMD
[83667.905212] iwlwifi 0000:05:00.0: iwl_hcmd_queue_reclaim: Read index for DMA queue txq id (9), index 165 is out of range [0-256] 0 0.
[83667.908013] iwlwifi 0000:05:00.0: HCMD_ACTIVE already clear for command POWER_TABLE_CMD
[83667.920999] iwlwifi 0000:05:00.0: iwl_hcmd_queue_reclaim: Read index for DMA queue txq id (9), index 162 is out of range [0-256] 0 0.
[83667.924978] iwlwifi 0000:05:00.0: HCMD_ACTIVE already clear for command REPLY_TX_LINK_QUALITY_CMD
[83667.937183] iwlwifi 0000:05:00.0: iwl_hcmd_queue_reclaim: Read index for DMA queue txq id (9), index 158 is out of range [0-256] 0 0.
[83667.941157] iwlwifi 0000:05:00.0: HCMD_ACTIVE already clear for command REPLY_RXON
[83667.953377] iwlwifi 0000:05:00.0: iwl_hcmd_queue_reclaim: Read index for DMA queue txq id (9), index 171 is out of range [0-256] 0 0.
[83667.957319] iwlwifi 0000:05:00.0: HCMD_ACTIVE already clear for command REPLY_TX_LINK_QUALITY_CMD
[83668.896034] iwlwifi 0000:05:00.0: Failed to start RT ucode: -110
[83668.904290] iwlwifi 0000:05:00.0: Unable to initialize device.
The issue looks similar like this one:
http://ubuntuforums.org/showthread.php?t=2178006&s=9157c353cd4a322c2a3b2a6dc693d243
Can you please give me advice on how to resolve this issue?
Thanks in advance!
Bastiaan
Met vriendelijke groet,
Bastiaan de Groot
Laan van Zuid Hoorn 55
2289 DC Rijswijk
The Netherlands
Telephone +31 (0)70 319 39 38
Operations +31 (0)70 319 23 47
Fax +31 (0)70 319 17 59
Mobile +31 (0)6 211 92 911
E-mail bastiaan.de.groot@telexis.nl
Website www.telexis.nl
^ permalink raw reply
* RTL8187B is racy
From: Alexandre Oliva @ 2013-10-22 4:07 UTC (permalink / raw)
To: linux-wireless
It's been at least a year since I first noticed that, on WiFi-busy
environments such as airports, hotels and Free Software conferences, my
Yeeloong laptop with a RTL8187B WiFi card will freeze or oops shortly
after I enable WiFi. This problem doesn't seem to happen when I'm at
home, probably because of the low WiFi traffic. The problem occurs
while running 3.11.* and 3.10.* kernels, but not 3.4.* or 3.0.*.
I couldn't find any changes to the rtl8187 module that explain this
misbehavior, so I suspect it's some new source of parallelism in the
mac80211 layer that has exposed the lack of synchronization in uses of
rx_queue and b_tx_status.queue. Indeed, I found many uses of these
queues that don't take locks to ensure consistency. Unfortunately,
adding spin locks around all uses causes harder freezes and/or complains
about scheduling in atomic contexts, depending on which race I hit
first. Without any changes, the problem I get most often is a crash
within rtl8187b_status_cb, when skb_unlink attempts to dereference a
NULL pointer. Testing skb->prev and skb->next before entering the
branch where the skb is removed seemed to make the error a little bit
less frequent, but surely not enough for the machine to remain up for
very long while WiFi is enabled.
Is this a known problem? Any suggestions on what I could try next to
fix the problem?
Thanks in advance,
--
Alexandre Oliva, freedom fighter http://FSFLA.org/~lxoliva/
You must be the change you wish to see in the world. -- Gandhi
Be Free! -- http://FSFLA.org/ FSF Latin America board member
Free Software Evangelist Red Hat Brazil Compiler Engineer
^ permalink raw reply
* Splat in 3.12.0-rc5 (ath tree)
From: Ben Greear @ 2013-10-22 0:06 UTC (permalink / raw)
To: linux-wireless@vger.kernel.org
I'm not sure how important this is...but here it be.
------------[ cut here ]------------
WARNING: CPU: 2 PID: 1523 at /mnt/sda/home/greearb/git/ath/net/wireless/util.c:1066 cfg80211_calculate_bitr)
Modules linked in: nf_nat_ipv4 nf_nat veth 8021q garp stp mrp llc macvlan pktgen lockd f71882fg coretemp hw]
CPU: 0 PID: 1523 Comm: btserver Tainted: G C 3.12.0-rc5-wl+ #1
Hardware name: To be filled by O.E.M. To be filled by O.E.M./HURONRIVER, BIOS 4.6.5 05/02/2012
0000000000000009 ffff8800d9ea1b48 ffffffff81566b46 ffff88021fa0ec78
0000000000000000 ffff8800d9ea1b88 ffffffff8109e0a2 ffff8802156367c0
ffffffffa0213471 ffff8800cf479e40 ffff880215636000 ffff8802155785c0
Call Trace:
[<ffffffff81566b46>] dump_stack+0x55/0x86
[<ffffffff8109e0a2>] warn_slowpath_common+0x77/0x91
[<ffffffffa0213471>] ? cfg80211_calculate_bitrate+0xfa/0x18e [cfg80211]
[<ffffffff8109e0d1>] warn_slowpath_null+0x15/0x17
[<ffffffffa0213471>] cfg80211_calculate_bitrate+0xfa/0x18e [cfg80211]
[<ffffffffa03a8e87>] ieee80211_get_et_stats+0xa7/0x44e [mac80211]
[<ffffffff812170d3>] ? find_revoke_record+0x82/0x8e
[<ffffffff812175e8>] ? jbd2_journal_cancel_revoke+0x118/0x160
[<ffffffffa022bb14>] cfg80211_get_stats+0x44/0x4c [cfg80211]
[<ffffffff814c3382>] dev_ethtool+0xbb1/0x1463
[<ffffffff814bb91c>] ? dev_name_hash.isra.66+0x24/0x3a
[<ffffffff814bba30>] ? dev_get_by_name_rcu+0x34/0x56
[<ffffffff814cef6c>] dev_ioctl+0x487/0x5a3
[<ffffffff814aa442>] sock_do_ioctl+0x36/0x41
[<ffffffff814aa859>] sock_ioctl+0x1fe/0x20b
[<ffffffff8117481d>] vfs_ioctl+0x21/0x34
[<ffffffff81175076>] do_vfs_ioctl+0x3b8/0x3fb
[<ffffffff810bee73>] ? should_resched+0x9/0x28
[<ffffffff8156b960>] ? _cond_resched+0x9/0x1d
[<ffffffff8117cb0b>] ? fget_light+0x39/0x99
[<ffffffff8117510b>] SyS_ioctl+0x52/0x7f
[<ffffffff810e070e>] ? current_kernel_time+0xd/0x31
[<ffffffff815716bd>] system_call_fastpath+0x1a/0x1f
---[ end trace b61c38f55596de59 ]---
Thanks,
Ben
--
Ben Greear <greearb@candelatech.com>
Candela Technologies Inc http://www.candelatech.com
^ permalink raw reply
* pull request: bluetooth-next 2013-10-21
From: Gustavo Padovan @ 2013-10-21 22:37 UTC (permalink / raw)
To: linville; +Cc: linux-wireless, linux-bluetooth, linux-kernel
[-- Attachment #1: Type: text/plain, Size: 8588 bytes --]
Hi John,
One more big pull request for 3.13. These are the patches we queued during
last week. Here you will find a lot of improvements to the HCI and L2CAP and
MGMT layers with the main ones being a better debugfs support and end of work
of splitting L2CAP into Core and Socket parts.
Please pull!
Gustavo
---
The following changes since commit 4b836f393bd8ed111857a6ee1865e44627266ec6:
Bluetooth: Read current IAC LAP on controller setup (2013-10-14 19:31:18 -0300)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next for-upstream
for you to fetch changes up to d78a32a8fcf775111ccc9ba611a08ca5c29784b6:
Bluetooth: Remove sk member from struct l2cap_chan (2013-10-21 13:50:56 -0700)
----------------------------------------------------------------
Gustavo Padovan (14):
Bluetooth: Extend state_change() call to report errors too
Bluetooth: Add l2cap_state_change_and_error()
Bluetooth: Access sk_sndtimeo indirectly in l2cap_core.c
Bluetooth: Add chan->ops->set_shutdown()
Bluetooth: Move l2cap_wait_ack() to l2cap_sock.c
Bluetooth: use l2cap_chan_ready() instead of duplicate code
Bluetooth: Remove not used struct sock
Bluetooth: Do not access chan->sk directly
Bluetooth: Hold socket in defer callback in L2CAP socket
Bluetooth: Remove socket lock from l2cap_state_change()
Bluetooth: Remove parent socket usage from l2cap_core.c
Bluetooth: Add L2CAP channel to skb private data
Bluetooth: Use bt_cb(skb)->chan to send raw data back
Bluetooth: Remove sk member from struct l2cap_chan
Johan Hedberg (20):
Bluetooth: Fix L2CAP "Command Reject: Invalid CID" response
Bluetooth: Remove unused command reject mapping for EMSGSIZE
Bluetooth: Remove useless l2cap_err_to_reason function
Bluetooth: Ignore A2MP data on non-BR/EDR links
Bluetooth: Ignore SMP data on non-LE links
Bluetooth: Fix updating the right variable in update_scan_rsp_data()
Bluetooth: Reintroduce socket restrictions for LE sockets
Bluetooth: Convert auto accept timer to use delayed work
Bluetooth: Convert idle timer to use delayed work
Bluetooth: Fix ATT socket backwards compatibility with user space
Bluetooth: Check for flag instead of features in update_scan_rsp_data()
Bluetooth: Check for flag instead of features in update_adv_data()
Bluetooth: Add missing check for BREDR_ENABLED flag in update_class()
Bluetooth: Refactor set_connectable settings update to separate function
Bluetooth: Fix updating settings when there are no HCI commands to send
Bluetooth: Move mgmt_pending_find to avoid forward declarations
Bluetooth: Fix sending write_scan_enable when BR/EDR is disabled
Bluetooth: Move HCI_LIMITED_DISCOVERABLE changes to a general place
Bluetooth: Update Set Discoverable to support LE
Bluetooth: Fix enabling fast connectable on LE-only controllers
Marcel Holtmann (71):
Bluetooth: Fix minor coding style issue in set_connectable()
Bluetooth: Use hci_request for discoverable timeout handling
Bluetooth: Update advertising data based on management commands
Bluetooth: Introduce flag for limited discoverable mode
Bluetooth: Make mgmt_discoverable() return void
Bluetooth: Make mgmt_connectable() return void
Bluetooth: Make mgmt_write_scan_failed() return void
Bluetooth: Update class of device after changing discoverable mode
Bluetooth: Move arming of discoverable timeout to complete handler
Bluetooth: Simplify the code for re-arming discoverable timeout
Bluetooth: Add HCI command structure for writing current IAC LAP
Bluetooth: Add support for entering limited discoverable mode
Bluetooth: Make mgmt_new_link_key() return void
Bluetooth: Move eir_append_data() function into mgmt.c
Bluetooth: Move eir_get_length() function into hci_event.c
Bluetooth: Update class of device on discoverable timeout
Bluetooth: Add l2cap_chan_no_resume stub for A2MP
Bluetooth: Make mgmt_pin_code_request() return void
Bluetooth: Make mgmt_pin_code_reply_complete() return void
Bluetooth: Make mgmt_pin_code_neg_reply_complete() return void
Bluetooth: Make mgmt_auth_failed() return void
Bluetooth: Make mgmt_auth_enable_complete() return void
Bluetooth: Make mgmt_ssp_enable_complete() return void
Bluetooth: Make mgmt_set_class_of_dev_complete() return void
Bluetooth: Make mgmt_set_local_name_complete() return void
Bluetooth: Make mgmt_read_local_oob_data_reply_complete() return void
Bluetooth: Make mgmt_new_ltk() return void
Bluetooth: Rename create_ad into create_adv_data
Bluetooth: Store scan response data in HCI device
Bluetooth: Set the scan response data when needed
Bluetooth: Store device name in scan response data
Bluetooth: Rename update_ad into update_adv_data
Bluetooth: Remove duplicate definitions for advertising event types
Bluetooth: Remove enable_hs declaration
Bluetooth: Socket address parameter for CID is in little endian
Bluetooth: Expose inquiry_cache debugfs only on BR/EDR controllers
Bluetooth: Expose auto_accept_delay debugfs only when SSP is supported
Bluetooth: Expose static address value for LE capable controllers
Bluetooth: Expose current voice setting in debugfs
Bluetooth: Add address type to device blacklist table
Bluetooth: Move blacklist debugfs entry creation into hci_core.c
Bluetooth: Move uuids debugfs entry creation into hci_core.c
Bluetooth: Use IS_ERR_OR_NULL for checking bt_debugfs
Bluetooth: Create HCI device debugfs directory in hci_register_dev
Bluetooth: Create root debugfs directory during module init
Bluetooth: Move device_add handling into hci_register_dev
Bluetooth: Include address type in blacklist debugfs data
Bluetooth: Move idle_timeout and sniff_{min,max}_interval to hci_core.c
Bluetooth: Use BDADDR_BREDR type for old blacklist ioctl interface
Bluetooth: Use hcon directly instead of conn->hcon where possible
Bluetooth: Block ATT connection on LE when device is blocked
Bluetooth: Move HCI device features into hci_core.c
Bluetooth: Add workaround for buggy max_page features page value
Bluetooth: Remove debug entry for connection features
Bluetooth: Move manufacturer, hci_ver and hci_rev into hci_core.c
Bluetooth: Store local version information only during setup phase
Bluetooth: Move export of class of device information into hci_core.c
Bluetooth: Expose current list of link keys via debugfs
Bluetooth: Remove bus attribute in favor of hierarchy
Bluetooth: Expose white list size information in debugfs
Bluetooth: Expose current list of long term keys via debugfs
Bluetooth: Select the own address type during initial setup phase
Bluetooth: Expose debugfs entry read/write own address type
Bluetooth: Expose setting if debug keys are used or not
Bluetooth: Add LE features to debugfs if available
Bluetooth: Remove interval parameter from HCI connection
Bluetooth: Add support for setting SSP debug mode
Bluetooth: Expose debugfs settings for LE connection interval
Bluetooth: Add support for setting DUT mode
Bluetooth: Fix UUID values in debugfs file
Bluetooth: Fix minor coding style issue in hci_core.c
include/net/bluetooth/bluetooth.h | 1 +
include/net/bluetooth/hci.h | 35 ++-
include/net/bluetooth/hci_core.h | 89 +++----
include/net/bluetooth/l2cap.h | 20 +-
net/bluetooth/a2mp.c | 9 +-
net/bluetooth/af_bluetooth.c | 9 +-
net/bluetooth/hci_conn.c | 48 ++--
net/bluetooth/hci_core.c | 803 +++++++++++++++++++++++++++++++++++++++++++++++++--------
net/bluetooth/hci_event.c | 59 +++--
net/bluetooth/hci_sock.c | 4 +-
net/bluetooth/hci_sysfs.c | 373 ---------------------------
net/bluetooth/l2cap_core.c | 227 ++++++----------
net/bluetooth/l2cap_sock.c | 120 ++++++++-
net/bluetooth/mgmt.c | 637 ++++++++++++++++++++++++++++++++-------------
net/bluetooth/rfcomm/core.c | 14 +-
net/bluetooth/rfcomm/sock.c | 14 +-
net/bluetooth/sco.c | 13 +-
net/bluetooth/smp.c | 4 +-
18 files changed, 1506 insertions(+), 973 deletions(-)
[-- Attachment #2: Type: application/pgp-signature, Size: 836 bytes --]
^ permalink raw reply
* Re: NetworkManager not listing access points
From: Will Hawkins @ 2013-10-21 20:20 UTC (permalink / raw)
To: Johannes Berg
Cc: Detlev Casanova, Dan Williams, linux-wireless, laurent.pinchart
In-Reply-To: <1382360786.14310.47.camel@jlt4.sipsolutions.net>
[-- Attachment #1: Type: text/plain, Size: 979 bytes --]
On 10/21/2013 09:06 AM, Johannes Berg wrote:
> On Thu, 2013-10-17 at 12:19 -0400, Will Hawkins wrote:
>
>> Not to clog up the channel, but I was running into exactly the same
>> problem. I expected to see the problem somewhere in the kernel, etc. I
>> turned on debugging and kernel tracing and saw nothing. The fix for me
>> is almost identical to the fix that Detlev first described.
>>
>> However, the problem for me was somewhere else entirely. The access
>> point was sending out malformed beacon messages that kept it from
>> showing up.
>
> Any idea how they were malformed? Was there a bad DS IE or so?
I'm not enough of an expert to answer your question definitively.
However, I've included the malformed packet as an attachment. I've
stripped identifying information (hopefully), but think that this will
still give you information to answer the question.
If this is not sufficient, please let me know! I'm glad to help however
I can.
Will
>
> johannes
>
>
[-- Attachment #2: malformed-beacon (filtered).txt --]
[-- Type: text/plain, Size: 26060 bytes --]
No. Time Source Destination Protocol Length Info
22955 54.834442 xxxxxxxxxxxxxxxxx Broadcast 802.11 295 Beacon frame, SN=382, FN=0, Flags=........, BI=100, SSID=xxxx[Malformed Packet]
Frame 22955: 295 bytes on wire (2360 bits), 295 bytes captured (2360 bits)
Arrival Time: Oct 7, 2013 11:18:42.842426000 EDT
Epoch Time: 1381159122.842426000 seconds
[Time delta from previous captured frame: 0.009828000 seconds]
[Time delta from previous displayed frame: 0.009828000 seconds]
[Time since reference or first frame: 54.834442000 seconds]
Frame Number: 22955
Frame Length: 295 bytes (2360 bits)
Capture Length: 295 bytes (2360 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: radiotap:wlan]
Radiotap Header v0, Length 18
Header revision: 0
Header pad: 0
Header length: 18
Present flags
.... .... .... .... .... .... .... ...0 = TSFT: False
.... .... .... .... .... .... .... ..1. = Flags: True
.... .... .... .... .... .... .... .1.. = Rate: True
.... .... .... .... .... .... .... 1... = Channel: True
.... .... .... .... .... .... ...0 .... = FHSS: False
.... .... .... .... .... .... ..1. .... = dBm Antenna Signal: True
.... .... .... .... .... .... .0.. .... = dBm Antenna Noise: False
.... .... .... .... .... .... 0... .... = Lock Quality: False
.... .... .... .... .... ...0 .... .... = TX Attenuation: False
.... .... .... .... .... ..0. .... .... = dB TX Attenuation: False
.... .... .... .... .... .0.. .... .... = dBm TX Power: False
.... .... .... .... .... 1... .... .... = Antenna: True
.... .... .... .... ...0 .... .... .... = dB Antenna Signal: False
.... .... .... .... ..0. .... .... .... = dB Antenna Noise: False
.... .... .... .... .1.. .... .... .... = RX flags: True
.... .... .... .0.. .... .... .... .... = Channel+: False
.... .... .... 0... .... .... .... .... = HT information: False
..0. .... .... .... .... .... .... .... = Radiotap NS next: False
.0.. .... .... .... .... .... .... .... = Vendor NS next: False
0... .... .... .... .... .... .... .... = Ext: False
Flags: 0x00
.... ...0 = CFP: False
.... ..0. = Preamble: Long
.... .0.. = WEP: False
.... 0... = Fragmentation: False
...0 .... = FCS at end: False
..0. .... = Data Pad: False
.0.. .... = Bad FCS: False
0... .... = Short GI: False
Data Rate: 1.0 Mb/s
Channel frequency: 2437 [BG 6]
Channel type: 802.11b (0x00a0)
.... .... ...0 .... = Turbo: False
.... .... ..1. .... = Complementary Code Keying (CCK): True
.... .... .0.. .... = Orthogonal Frequency-Division Multiplexing (OFDM): False
.... .... 1... .... = 2 GHz spectrum: True
.... ...0 .... .... = 5 GHz spectrum: False
.... ..0. .... .... = Passive: False
.... .0.. .... .... = Dynamic CCK-OFDM: False
.... 0... .... .... = Gaussian Frequency Shift Keying (GFSK): False
...0 .... .... .... = GSM (900MHz): False
..0. .... .... .... = Static Turbo: False
.0.. .... .... .... = Half Rate Channel (10MHz Channel Width): False
0... .... .... .... = Quarter Rate Channel (5MHz Channel Width): False
SSI Signal: -48 dBm
Antenna: 3
RX flags: 0x0000
.... .... .... .... .... ..0. = Bad PLCP: False
IEEE 802.11 Beacon frame, Flags: ........
Type/Subtype: Beacon frame (0x08)
Frame Control: 0x0080 (Normal)
Version: 0
Type: Management frame (0)
Subtype: 8
Flags: 0x0
.... ..00 = DS status: Not leaving DS or network is operating in AD-HOC mode (To DS: 0 From DS: 0) (0x00)
.... .0.. = More Fragments: This is the last fragment
.... 0... = Retry: Frame is not being retransmitted
...0 .... = PWR MGT: STA will stay up
..0. .... = More Data: No data buffered
.0.. .... = Protected flag: Data is not protected
0... .... = Order flag: Not strictly ordered
Duration: 0
Destination address: Broadcast (ff:ff:ff:ff:ff:ff)
Source address: xxxx
BSS Id: xxxx
Fragment number: 0
Sequence number: 382
IEEE 802.11 wireless LAN management frame
Fixed parameters (12 bytes)
Timestamp: 0x00000314d3051180
Beacon Interval: 0.102400 [Seconds]
Capabilities Information: 0x0131
.... .... .... ...1 = ESS capabilities: Transmitter is an AP
.... .... .... ..0. = IBSS status: Transmitter belongs to a BSS
.... ..0. .... 00.. = CFP participation capabilities: No point coordinator at AP (0x0000)
.... .... ...1 .... = Privacy: AP/STA can support WEP
.... .... ..1. .... = Short Preamble: Short preamble allowed
.... .... .0.. .... = PBCC: PBCC modulation not allowed
.... .... 0... .... = Channel Agility: Channel agility not in use
.... ...1 .... .... = Spectrum Management: dot11SpectrumManagementRequired TRUE
.... .0.. .... .... = Short Slot Time: Short slot time not in use
.... 0... .... .... = Automatic Power Save Delivery: apsd not implemented
..0. .... .... .... = DSSS-OFDM: DSSS-OFDM modulation not allowed
.0.. .... .... .... = Delayed Block Ack: delayed block ack not implemented
0... .... .... .... = Immediate Block Ack: immediate block ack not implemented
Tagged parameters (241 bytes)
Tag: SSID parameter set: xxxx
Tag Number: SSID parameter set (0)
Tag length: 14
SSID: xxxx
Tag: Supported Rates 1(B), 2(B), 5.5(B), 11(B), 6, 9, 12, 18, [Mbit/sec]
Tag Number: Supported Rates (1)
Tag length: 8
Supported Rates: 1(B)
Supported Rates: 2(B)
Supported Rates: 5.5(B)
Supported Rates: 11(B)
Supported Rates: 6
Supported Rates: 9
Supported Rates: 12
Supported Rates: 18
Tag: DS Parameter set : Current Channel: 6
Tag Number: DS Parameter set (3)
Tag length: 1
Current Channel: 6
Tag: Traffic Indication Map (TIM): DTIM 0 of 0 bitmap
Tag Number: Traffic Indication Map (TIM) (5)
Tag length: 4
DTIM count: 0
DTIM period: 1
Bitmap control: 0x00
.... ...0 = Multicast: False
0000 000. = Bitmap Offset: 0x00
Partial Virtual Bitmap: 00
Tag: Country Information: Country Code AU, Environment Any
Tag Number: Country Information (7)
Tag length: 6
Code: AU
Environment: Any (0x20)
Country Info: First Channel Number: 1, Number of Channels: 13, Maximum Transmit Power Level: 22 dBm
First Channel Number: 1
Number of Channels: 13
Maximum Transmit Power Level (in dBm): 22
Tag: Power Constraint :0
Tag Number: Power Constraint (32)
Tag length: 1
Local Power Constraint: 0x00
Tag: ERP Information
Tag Number: ERP Information (42)
Tag length: 1
ERP Information: 0x02
.... ...0 = Non ERP Present: Not set
.... ..1. = Use Protection: Set
.... .0.. = Barker Preamble Mode: Not set
0000 0... = Reserved: 0x00
Tag: RSN Information
Tag Number: RSN Information (48)
Tag length: 24
RSN Version: 24
Group Cipher Suite: 00-0f-ac (Ieee8021) TKIP
Group Cipher Suite OUI: 00-0f-ac (Ieee8021)
Group Cipher Suite type: TKIP (2)
Pairwise Cipher Suite Count: 2
Pairwise Cipher Suite List 00-0f-ac (Ieee8021) AES (CCM) 00-0f-ac (Ieee8021) TKIP
Pairwise Cipher Suite: 00-0f-ac (Ieee8021) AES (CCM)
Pairwise Cipher Suite OUI: 00-0f-ac (Ieee8021)
Pairwise Cipher Suite type: AES (CCM) (4)
Pairwise Cipher Suite: 00-0f-ac (Ieee8021) TKIP
Pairwise Cipher Suite OUI: 00-0f-ac (Ieee8021)
Pairwise Cipher Suite type: TKIP (2)
Auth Key Management (AKM) Suite Count: 2
Auth Key Management (AKM) List 00-0f-ac (Ieee8021) PSK
Auth Key Management (AKM) Suite: 00-0f-ac (Ieee8021) PSK
Auth Key Management (AKM) OUI: 00-0f-ac (Ieee8021)
Auth Key Management (AKM) type: PSK (2)
Auth Key Management (AKM) Suite: 00-00-32 (Marconi) FT using PSK
Auth Key Management (AKM) OUI: 00-00-32 (Marconi)
Auth Key Management (AKM) type: 4
RSN Capabilities: 0x4830
.... .... .... ...0 = RSN Pre-Auth capabilities: Transmitter does not support pre-authentication
.... .... .... ..0. = RSN No Pairwise capabilities: Transmitter can support WEP default key 0 simultaneously with Pairwise key
.... .... .... 00.. = RSN PTKSA Replay Counter capabilities: 1 replay counter per PTKSA/GTKSA/STAKeySA (0x0000)
.... .... ..11 .... = RSN GTKSA Replay Counter capabilities: 16 replay counters per PTKSA/GTKSA/STAKeySA (0x0003)
.... .... .0.. .... = Management Frame Protection Required: False
.... .... 0... .... = Management Frame Protection Capable: False
.... ..0. .... .... = PeerKey Enabled: False
Tag: Extended Supported Rates 24, 36, 48, 54, [Mbit/sec]
Tag Number: Extended Supported Rates (50)
Tag length: 4
Extented Supported Rates: 24
Extented Supported Rates: 36
Extented Supported Rates: 48
Extented Supported Rates: 54
Tag: HT Capabilities (802.11n D1.10)
Tag Number: HT Capabilities (802.11n D1.10) (45)
Tag length: 26
HT Capabilities Info: 0x018c
.... .... .... ...0 = HT LDPC coding capability: Transmitter does not support receiving LDPC coded packets
.... .... .... ..0. = HT Support channel width: Transmitter only supports 20MHz operation
.... .... .... 11.. = HT SM Power Save: SM Power Save disabled (0x0003)
.... .... ...0 .... = HT Green Field: Transmitter is not able to receive PPDUs with Green Field (GF) preamble
.... .... ..0. .... = HT Short GI for 20MHz: Not supported
.... .... .0.. .... = HT Short GI for 40MHz: Not supported
.... .... 1... .... = HT Tx STBC: Supported
.... ..01 .... .... = HT Rx STBC: Rx support of one spatial stream (0x0001)
.... .0.. .... .... = HT Delayed Block ACK: Transmitter does not support HT-Delayed BlockAck
.... 0... .... .... = HT Max A-MSDU length: 3839 bytes
...0 .... .... .... = HT DSSS/CCK mode in 40MHz: Won't/Can't use of DSSS/CCK in 40 MHz
..0. .... .... .... = HT PSMP Support: Won't/Can't support PSMP operation
.0.. .... .... .... = HT Forty MHz Intolerant: Use of 40 MHz transmissions unrestricted/allowed
0... .... .... .... = HT L-SIG TXOP Protection support: Not supported
A-MPDU Parameters: 0x001b
.... ..11 = Maximum Rx A-MPDU Length: 65535 [Bytes]
...1 10.. = MPDU Density: 8 [usec] (0x06)
000. .... = Reserved: 0x00
Rx Supported Modulation and Coding Scheme Set: MCS Set
Tag interpretation: Rx Modulation and Coding Scheme (One bit per modulation)
.... .... .... .... .... .... 1111 1111 = Rx Bitmask Bits 0-7: 0x000000ff
.... .... .... .... 0111 1111 .... .... = Rx Bitmask Bits 8-15: 0x0000007f
.... .... 0000 0000 .... .... .... .... = Rx Bitmask Bits 16-23: 0x00000000
0000 0000 .... .... .... .... .... .... = Rx Bitmask Bits 24-31: 0x00000000
.... .... .... .... .... .... .... ...0 = Rx Bitmask Bit 32: 0x00000000
.... .... .... .... .... .... .000 000. = Rx Bitmask Bits 33-38: 0x00000000
.... .... ...0 0000 0000 0000 0... .... = Rx Bitmask Bits 39-52: 0x00000000
...0 0000 0000 0000 0000 0000 000. .... = Rx Bitmask Bits 53-76: 0x00000000
Highest Supported Data Rate: 0x0000
.... .... .... ...0 = Tx Supported MCS Set: Not Defined
.... .... .... ..0. = Tx and Rx MCS Set: Equal
.... .... .... 00.. = Tx Maximum Number of Spatial Streams Supported: 1 spatial stream (0x0000)
.... .... ...0 .... = Unequal Modulation: Not supported
HT Extended Capabilities: 0x0000
.... .... .... ...0 = Transmitter supports PCO: Not supported
.... .... .... .00. = Time needed to transition between 20MHz and 40MHz: No Transition (0x0000)
.... ..00 .... .... = MCS Feedback capability: STA does not provide MCS feedback (0x0000)
.... .0.. .... .... = High Throughput: Not supported
.... 0... .... .... = Reverse Direction Responder: Not supported
Transmit Beam Forming (TxBF) Capabilities: 0x0000
.... .... .... .... .... .... .... ...0 = Transmit Beamforming: Not supported
.... .... .... .... .... .... .... ..0. = Receive Staggered Sounding: Not supported
.... .... .... .... .... .... .... .0.. = Transmit Staggered Sounding: Not supported
.... .... .... .... .... .... .... 0... = Receive Null Data packet (NDP): Not supported
.... .... .... .... .... .... ...0 .... = Transmit Null Data packet (NDP): Not supported
.... .... .... .... .... .... ..0. .... = Implicit TxBF capable: Not supported
.... .... .... .... .... .... 00.. .... = Calibration: incapable (0x00000000)
.... .... .... .... .... ...0 .... .... = STA can apply TxBF using CSI explicit feedback: Not supported
.... .... .... .... .... ..0. .... .... = STA can apply TxBF using uncompressed beamforming feedback matrix: Not supported
.... .... .... .... .... .0.. .... .... = STA can apply TxBF using compressed beamforming feedback matrix: Not supported
.... .... .... .... ...0 0... .... .... = Receiver can return explicit CSI feedback: not supported (0x00000000)
.... .... .... .... .00. .... .... .... = Receiver can return explicit uncompressed Beamforming Feedback Matrix: not supported (0x00000000)
.... .... .... ...0 0... .... .... .... = STA can compress and use compressed Beamforming Feedback Matrix: not supported (0x00000000)
.... .... .... .00. .... .... .... .... = Minimal grouping used for explicit feedback reports: No grouping supported (0x00000000)
.... .... ...0 0... .... .... .... .... = Max antennae STA can support when CSI feedback required: 1 TX antenna sounding (0x00000000)
.... .... .00. .... .... .... .... .... = Max antennae STA can support when uncompressed Beamforming feedback required: 1 TX antenna sounding (0x00000000)
.... ...0 0... .... .... .... .... .... = Max antennae STA can support when compressed Beamforming feedback required: 1 TX antenna sounding (0x00000000)
.... .00. .... .... .... .... .... .... = Maximum number of rows of CSI explicit feedback: 1 row of CSI (0x00000000)
...0 0... .... .... .... .... .... .... = Maximum number of space time streams for which channel dimensions can be simultaneously estimated: 1 space time stream (0x00000000)
000. .... .... .... .... .... .... .... = Reserved: 0x00000000
Antenna Selection (ASEL) Capabilities: 0x00
.... ...0 = Antenna Selection Capable: Not supported
.... ..0. = Explicit CSI Feedback Based Tx ASEL: Not supported
.... .0.. = Antenna Indices Feedback Based Tx ASEL: Not supported
.... 0... = Explicit CSI Feedback: Not supported
...0 .... = Antenna Indices Feedback: Not supported
..0. .... = Rx ASEL: Not supported
.0.. .... = Tx Sounding PPDUs: Not supported
0... .... = Reserved: 0x00
Tag: AP Channel Report: Tag 51 Len 26
Tag Number: AP Channel Report (51)
Tag length: 26
Tag interpretation: Not interpreted
Tag: HT Information (802.11n D1.10)
Tag Number: HT Information (802.11n D1.10) (61)
Tag length: 22
Primary Channel: 6
HT Information Subset (1 of 3): 0x00
.... ..00 = Secondary channel offset: No secondary channel (0x00)
.... .0.. = Supported channel width: 20 MHz channel width only
.... 0... = Reduced Interframe Spacing (RIFS): Prohibited
...0 .... = Power Save Multi-Poll (PSMP) stations only: Association requests are accepted regardless of PSMP capability
000. .... = Shortest service interval: 5 ms (0x00)
HT Information Subset (2 of 3): 0x0013
.... .... .... ..11 = Operating mode of BSS: HT mixed mode (0x0003)
.... .... .... .0.. = Non-greenfield STAs present: All associated STAs are greenfield capable
.... .... .... 0... = Transmit burst limit: No limit
.... .... ...1 .... = OBSS non-HT STAs present: Use of protection for non-HT STAs by overlapping BSSs is needed
0000 0000 000. .... = Reserved: 0x0000
HT Information Subset (3 of 3): 0x0000
.... .... ..00 0000 = Reserved: 0x0000
.... .... .0.. .... = Dual beacon: No second beacon is transmitted
.... .... 0... .... = Dual Clear To Send (CTS) protection: Not required
.... ...0 .... .... = Beacon ID: Primary beacon
.... ..0. .... .... = L-SIG TXOP Protection Full Support: One or more HT STAs in the BSS do not support L-SIG TXOP protection
.... .0.. .... .... = Phased Coexistence Operation (PCO): Inactive
.... 0... .... .... = Phased Coexistence Operation (PCO) Phase: Switch to or continue 20 MHz phase
0000 .... .... .... = Reserved: 0x0000
Rx Supported Modulation and Coding Scheme Set: Basic MCS Set
Tag interpretation: Rx Modulation and Coding Scheme (One bit per modulation)
.... .... .... .... .... .... 0000 0000 = Rx Bitmask Bits 0-7: 0x00000000
.... .... .... .... 0000 0000 .... .... = Rx Bitmask Bits 8-15: 0x00000000
.... .... 0000 0000 .... .... .... .... = Rx Bitmask Bits 16-23: 0x00000000
0000 0000 .... .... .... .... .... .... = Rx Bitmask Bits 24-31: 0x00000000
.... .... .... .... .... .... .... ...0 = Rx Bitmask Bit 32: 0x00000000
.... .... .... .... .... .... .000 000. = Rx Bitmask Bits 33-38: 0x00000000
.... .... ...0 0000 0000 0000 0... .... = Rx Bitmask Bits 39-52: 0x00000000
...0 0000 0000 0000 0000 0000 000. .... = Rx Bitmask Bits 53-76: 0x00000000
Highest Supported Data Rate: 0x0000
.... .... .... ...0 = Tx Supported MCS Set: Not Defined
.... .... .... ..0. = Tx and Rx MCS Set: Equal
.... .... .... 00.. = Tx Maximum Number of Spatial Streams Supported: 1 spatial stream (0x0000)
.... .... ...0 .... = Unequal Modulation: Not supported
Tag: Neighbor Report
Tag Number: Neighbor Report (52)
Tag length: 22
BSSID: 16:00:13:00:00:00 (16:00:13:00:00:00)
BSSID Information: 0x00000000
.... .... .... ..00 = AP Reachability: 0x0000
.... .... .... .0.. = Security: 0x0000
.... .... .... 0... = Key Scope: 0x0000
.... .... ...0 .... = Capability: Spectrum Management: 0x0000
.... .... ..0. .... = Capability: QoS: 0x0000
.... .... .0.. .... = Capability: APSD: 0x0000
.... .... 0... .... = Capability: Radio Measurement: 0x0000
.... ...0 .... .... = Capability: Delayed Block Ack: 0x0000
.... ..0. .... .... = Capability: Immediate Block Ack: 0x0000
.... .0.. .... .... = Mobility Domain: 0x0000
.... 0... .... .... = High Throughput: 0x0000
Reserved: 0x00000000
Regulatory Class: 0x00
Channel Number: 0x00
PHY Type: 0x00
Unknown Data
Tag: Overlapping BSS Scan Parameters: Tag 74 Len 14
Tag Number: Overlapping BSS Scan Parameters (74)
Tag length: 14
Tag interpretation: Not interpreted
Tag: Extended Capabilities
Tag Number: Extended Capabilities (127)
Tag length: 1
Extended Capabilities: 0x01 (octet 0)
.... ...1 = 20/40 BSS Coexistence Management Support: Supported
.... ..0. = On-demand beacon: Not supported
.... .0.. = Extended Channel Switching: Not supported
.... 0... = WAVE indication: Not supported
...0 .... = PSMP Capability: Not supported
.0.. .... = S-PSMP Support: Not supported
Tag: Vendor Specific: Microsof: WMM/WME: Parameter Element
Tag Number: Vendor Specific (221)
Tag length: 24
OUI: 00-50-f2 (Microsof)
Vendor Specific OUI Type: 2
Type: WMM/WME (0x02)
WME Subtype: Parameter Element (1)
WME Version: 1
WME QoS Info: 0x81
1... .... = U-APSD: Enabled
.... 0001 = Parameter Set Count: 0x01
.000 .... = Reserved: 0x00
Reserved: 00
Ac Parameters ACI 0 (Best Effort), ACM no , AIFSN 3, ECWmin 4 ,ECWmax 10, TXOP 0
ACI / AIFSN Field: 0x03
.00. .... = ACI: Best Effort (0)
...0 .... = Admission Control Mandatory: No
.... 0011 = AIFSN: 3
0... .... = Reserved: 0
ECW: 0xa4
1010 .... = ECW Max: 10
.... 0100 = ECW Min: 4
TXOP Limit: 0
Ac Parameters ACI 1 (Background), ACM no , AIFSN 7, ECWmin 4 ,ECWmax 10, TXOP 0
ACI / AIFSN Field: 0x27
.01. .... = ACI: Background (1)
...0 .... = Admission Control Mandatory: No
.... 0111 = AIFSN: 7
0... .... = Reserved: 0
ECW: 0xa4
1010 .... = ECW Max: 10
.... 0100 = ECW Min: 4
TXOP Limit: 0
Ac Parameters ACI 2 (Video), ACM no , AIFSN 2, ECWmin 3 ,ECWmax 4, TXOP 94
ACI / AIFSN Field: 0x42
.10. .... = ACI: Video (2)
...0 .... = Admission Control Mandatory: No
.... 0010 = AIFSN: 2
0... .... = Reserved: 0
ECW: 0x43
0100 .... = ECW Max: 4
.... 0011 = ECW Min: 3
TXOP Limit: 94
Ac Parameters ACI 3 (Voice), ACM no , AIFSN 2, ECWmin 2 ,ECWmax 6, TXOP 47
ACI / AIFSN Field: 0x62
.11. .... = ACI: Voice (3)
...0 .... = Admission Control Mandatory: No
.... 0010 = AIFSN: 2
0... .... = Reserved: 0
ECW: 0x62
0110 .... = ECW Max: 6
.... 0010 = ECW Min: 2
TXOP Limit: 47
Tag: Vendor Specific
Tag Number: Vendor Specific (221)
Tag length: 221
[Malformed Packet: IEEE 802.11]
[Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]
[Message: Malformed Packet (Exception occurred)]
[Severity level: Error]
[Group: Malformed]
0000 00 00 12 00 2e 48 00 00 00 02 85 09 a0 00 d0 03 .....H..........
0010 00 00 80 00 00 00 ff ff ff ff ff ff xx xx xx xx ................
0020 xx xx xx xx xx xx xx xx e0 17 80 11 05 d3 14 03 ................
0030 00 00 64 00 31 01 00 0e xx xx xx xx xx xx xx xx ..d.1...........
0040 xx xx xx xx xx xx 01 08 82 84 8b 96 0c 12 18 24 ...............$
0050 03 01 06 05 04 00 01 00 00 07 06 41 55 20 01 0d ...........AU ..
0060 16 20 01 00 2a 01 02 30 18 18 00 00 0f ac 02 02 . ..*..0........
0070 00 00 0f ac 04 00 0f ac 02 02 00 00 0f ac 02 00 ................
0080 00 32 04 30 48 60 6c 2d 1a 8c 01 1b ff 7f 00 00 .2.0H`l-........
0090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00a0 00 00 00 33 1a 8c 01 1b ff ff 00 00 00 00 00 00 ...3............
00b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3d ...............=
00c0 16 06 00 13 00 00 00 00 00 00 00 00 00 00 00 00 ................
00d0 00 00 00 00 00 00 00 34 16 16 00 13 00 00 00 00 .......4........
00e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4a ...............J
00f0 0e 14 00 0a 00 2c 01 c8 00 00 00 05 00 19 00 7f .....,..........
0100 01 01 dd 18 00 50 f2 02 01 01 81 00 03 a4 00 00 .....P..........
0110 27 a4 00 00 42 43 5e 00 62 62 2f 00 dd dd 00 03 '...BC^.bb/.....
0120 7f 7f 01 00 00 00 00 .......
^ permalink raw reply
* Re: Updates to 3.8 kernel break b43 Wireless with 4331 chipset
From: Larry Finger @ 2013-10-21 18:31 UTC (permalink / raw)
To: andrewl733, linux-wireless
In-Reply-To: <8D09C98149E95D8-27D8-2CD34@Webmail-d105.sysops.aol.com>
It may just be me, but I kept getting a "deja vu" feeling when I read your
report. Please minimize the repetition of material.
Unfortunately, I do not have a 4331 device, and I cannot duplicate your result.
Ideally, the best approach would be for you to clone the Linux mainline git repo
and verify that the latest 3.12-rc6 has the problem. If so, then you could
bisect between that version and 3.8 to determine the commit that caused the
failures. As I have no idea of your facility with kernel builds, that may be
beyond your ability.
If you can locate an on-line list of the kernel changes between 3.8.13-1 and
3.8.13.4-1 and post a URL, it might be possible for us to spot the faulty
change. I do not even know how to interpret those versions. To me, it seems that
both are based on 3.8.13. As 3.8 is EOL and not being updated by any of the
kernel developers, all changes are now being done by Mageia. Thus, only they
know what was done.
Larry
^ permalink raw reply
* [PATCH] crda: consolidate passive-scan and no-ibss flags
From: Luis R. Rodriguez @ 2013-10-21 17:42 UTC (permalink / raw)
To: linville, johannes
Cc: linux-wireless, janusz.dziedzic, smihir, tushnimb,
Luis R. Rodriguez
We consolidate these two flags into one flag to indicate
initiating radiation is not allowed.
For parsing we'll treat the no-ibss flag moving forward
as also passive-scan as well, newer kernels will always
treat these equally, older kernels will use the still
use them separately even though in practice they are
used together interchangably.
Signed-off-by: Luis R. Rodriguez <mcgrof@do-not-panic.com>
---
regdb.h | 6 ++++--
reglib.c | 9 +++++----
2 files changed, 9 insertions(+), 6 deletions(-)
diff --git a/regdb.h b/regdb.h
index 4508621..20f29e9 100644
--- a/regdb.h
+++ b/regdb.h
@@ -79,10 +79,12 @@ enum reg_rule_flags {
* links */
RRF_PTMP_ONLY = 1<<6, /* this is only for Point To Multi
* Point links */
- RRF_PASSIVE_SCAN = 1<<7, /* passive scan is required */
- RRF_NO_IBSS = 1<<8, /* IBSS is not allowed */
+ RRF_NO_IR = 1<<7, /* do not initiate radiation */
+ __RRF_NO_IBSS = 1<<8, /* old no-IBSS rule, maps to no-ir */
};
+#define RRF_NO_IR_ALL (RRF_NO_IR | __RRF_NO_IBSS)
+
/**
* enum regdb_dfs_regions - regulatory DFS regions
*
diff --git a/reglib.c b/reglib.c
index 64584f4..fa6efe0 100644
--- a/reglib.c
+++ b/reglib.c
@@ -313,6 +313,9 @@ static void reg_rule2rd(uint8_t *db, size_t dblen,
rd_power_rule->max_eirp = ntohl(power->max_eirp);
rd_reg_rule->flags = ntohl(rule->flags);
+
+ if (rd_reg_rule->flags & RRF_NO_IR_ALL)
+ rd_reg_rule->flags |= RRF_NO_IR_ALL;
}
/* Converts a file regdomain to ieee80211_regdomain, easier to manage */
@@ -694,10 +697,8 @@ static void print_reg_rule(const struct ieee80211_reg_rule *rule)
printf(", PTP-ONLY");
if (rule->flags & RRF_PTMP_ONLY)
printf(", PTMP-ONLY");
- if (rule->flags & RRF_PASSIVE_SCAN)
- printf(", PASSIVE-SCAN");
- if (rule->flags & RRF_NO_IBSS)
- printf(", NO-IBSS");
+ if (rule->flags & RRF_NO_IR_ALL)
+ printf(", NO-IR");
printf("\n");
}
--
1.8.4.rc3
^ permalink raw reply related
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox