Changeset 43209


Ignore:
Timestamp:
2014-11-07T12:17:41+01:00 (3 years ago)
Author:
nbd
Message:

mac80211: merge a few pending upstream fixes

Signed-off-by: Felix Fietkau <nbd@…>

Backport of r43208

Location:
branches/barrier_breaker/package/kernel/mac80211/patches
Files:
10 edited

Legend:

Unmodified
Added
Removed
  • branches/barrier_breaker/package/kernel/mac80211/patches/300-pending_work.patch

    r43081 r43209  
     1commit 77980bee5f1f743b46f8749185aca28b8ec69741 
     2Author: Johannes Berg <johannes.berg@intel.com> 
     3Date:   Mon Nov 3 14:29:09 2014 +0100 
     4 
     5    mac80211: fix use-after-free in defragmentation 
     6     
     7    Upon receiving the last fragment, all but the first fragment 
     8    are freed, but the multicast check for statistics at the end 
     9    of the function refers to the current skb (the last fragment) 
     10    causing a use-after-free bug. 
     11     
     12    Since multicast frames cannot be fragmented and we check for 
     13    this early in the function, just modify that check to also 
     14    do the accounting to fix the issue. 
     15     
     16    Cc: stable@vger.kernel.org 
     17    Reported-by: Yosef Khyal <yosefx.khyal@intel.com> 
     18    Signed-off-by: Johannes Berg <johannes.berg@intel.com> 
     19 
     20commit e252be2d718dada0abd72208a44b9f1b63919883 
     21Author: Hauke Mehrtens <hauke@hauke-m.de> 
     22Date:   Wed Nov 5 23:31:07 2014 +0100 
     23 
     24    b43: fix NULL pointer dereference in b43_phy_copy() 
     25     
     26    phy_read and phy_write are not set for every phy any more sine this: 
     27    commit d342b95dd735014a590f9051b1ba227eb54ca8f6 
     28    Author: Rafaà
     29‚ Mià
     30‚ecki <zajec5@gmail.com> 
     31    Date:   Thu Jul 31 21:59:43 2014 +0200 
     32     
     33        b43: don't duplicate common PHY read/write ops 
     34     
     35    b43_phy_copy() accesses phy_read and phy_write directly and will fail 
     36    with some phys. This patch fixes the regression by using the 
     37    b43_phy_read() and b43_phy_write() functions which should be used for 
     38    read and write access. 
     39     
     40    This should fix this bug report: 
     41    https://bugzilla.kernel.org/show_bug.cgi?id=87731 
     42     
     43    Reported-by: Volker Kempter <v.kempter@pe.tu-clausthal.de> 
     44    Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> 
     45 
     46commit ddf93ad61cb009ed05ff2547923fb269a3604408 
     47Author: Miaoqing Pan <miaoqing@qca.qualcomm.com> 
     48Date:   Thu Nov 6 10:52:23 2014 +0530 
     49 
     50    ath9k: Fix RTC_DERIVED_CLK usage 
     51     
     52    Based on the reference clock, which could be 25MHz or 40MHz, 
     53    AR_RTC_DERIVED_CLK is programmed differently for AR9340 and AR9550. 
     54    But, when a chip reset is done, processing the initvals 
     55    sets the register back to the default value. 
     56     
     57    Fix this by moving the code in ath9k_hw_init_pll() to 
     58    ar9003_hw_override_ini(). Also, do this override for AR9531. 
     59     
     60    Cc: stable@vger.kernel.org 
     61    Signed-off-by: Miaoqing Pan <miaoqing@qca.qualcomm.com> 
     62    Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com> 
     63 
    164commit 536b05e91ac2715942f792184c26beb43dbaa522 
    265Author: Felix Fietkau <nbd@openwrt.org> 
     
    9991062+       clear_sta_flag(sta, WLAN_STA_PS_STA); 
    10001063        ieee80211_sta_ps_deliver_wakeup(sta); 
     1064 } 
     1065  
     1066@@ -1646,11 +1648,14 @@ ieee80211_rx_h_defragment(struct ieee802 
     1067        sc = le16_to_cpu(hdr->seq_ctrl); 
     1068        frag = sc & IEEE80211_SCTL_FRAG; 
     1069  
     1070-       if (likely((!ieee80211_has_morefrags(fc) && frag == 0) || 
     1071-                  is_multicast_ether_addr(hdr->addr1))) { 
     1072-               /* not fragmented */ 
     1073+       if (likely(!ieee80211_has_morefrags(fc) && frag == 0)) 
     1074+               goto out; 
     1075+ 
     1076+       if (is_multicast_ether_addr(hdr->addr1)) { 
     1077+               rx->local->dot11MulticastReceivedFrameCount++; 
     1078                goto out; 
     1079        } 
     1080+ 
     1081        I802_DEBUG_INC(rx->local->rx_handlers_fragments); 
     1082  
     1083        if (skb_linearize(rx->skb)) 
     1084@@ -1743,10 +1748,7 @@ ieee80211_rx_h_defragment(struct ieee802 
     1085  out: 
     1086        if (rx->sta) 
     1087                rx->sta->rx_packets++; 
     1088-       if (is_multicast_ether_addr(hdr->addr1)) 
     1089-               rx->local->dot11MulticastReceivedFrameCount++; 
     1090-       else 
     1091-               ieee80211_led_rx(rx->local); 
     1092+       ieee80211_led_rx(rx->local); 
     1093        return RX_CONTINUE; 
    10011094 } 
    10021095  
     
    32563349                                         struct ath9k_channel *chan) 
    32573350 { 
    3258 @@ -1779,7 +1796,12 @@ void ar9003_hw_attach_phy_ops(struct ath 
     3351@@ -647,6 +664,19 @@ static void ar9003_hw_override_ini(struc 
     3352                ah->enabled_cals |= TX_CL_CAL; 
     3353        else 
     3354                ah->enabled_cals &= ~TX_CL_CAL; 
     3355+ 
     3356+       if (AR_SREV_9340(ah) || AR_SREV_9531(ah) || AR_SREV_9550(ah)) { 
     3357+               if (ah->is_clk_25mhz) { 
     3358+                       REG_WRITE(ah, AR_RTC_DERIVED_CLK, 0x17c << 1); 
     3359+                       REG_WRITE(ah, AR_SLP32_MODE, 0x0010f3d7); 
     3360+                       REG_WRITE(ah, AR_SLP32_INC, 0x0001e7ae); 
     3361+               } else { 
     3362+                       REG_WRITE(ah, AR_RTC_DERIVED_CLK, 0x261 << 1); 
     3363+                       REG_WRITE(ah, AR_SLP32_MODE, 0x0010f400); 
     3364+                       REG_WRITE(ah, AR_SLP32_INC, 0x0001e800); 
     3365+               } 
     3366+               udelay(100); 
     3367+       } 
     3368 } 
     3369  
     3370 static void ar9003_hw_prog_ini(struct ath_hw *ah, 
     3371@@ -1779,7 +1809,12 @@ void ar9003_hw_attach_phy_ops(struct ath 
    32593372  
    32603373        priv_ops->rf_set_freq = ar9003_hw_set_channel; 
     
    33093422                pll |= 0x40000; 
    33103423        REG_WRITE(ah, AR_RTC_PLL_CONTROL, pll); 
     3424@@ -858,19 +861,6 @@ static void ath9k_hw_init_pll(struct ath 
     3425        udelay(RTC_PLL_SETTLE_DELAY); 
     3426  
     3427        REG_WRITE(ah, AR_RTC_SLEEP_CLK, AR_RTC_FORCE_DERIVED_CLK); 
     3428- 
     3429-       if (AR_SREV_9340(ah) || AR_SREV_9550(ah)) { 
     3430-               if (ah->is_clk_25mhz) { 
     3431-                       REG_WRITE(ah, AR_RTC_DERIVED_CLK, 0x17c << 1); 
     3432-                       REG_WRITE(ah, AR_SLP32_MODE, 0x0010f3d7); 
     3433-                       REG_WRITE(ah,  AR_SLP32_INC, 0x0001e7ae); 
     3434-               } else { 
     3435-                       REG_WRITE(ah, AR_RTC_DERIVED_CLK, 0x261 << 1); 
     3436-                       REG_WRITE(ah, AR_SLP32_MODE, 0x0010f400); 
     3437-                       REG_WRITE(ah,  AR_SLP32_INC, 0x0001e800); 
     3438-               } 
     3439-               udelay(100); 
     3440-       } 
     3441 } 
     3442  
     3443 static void ath9k_hw_init_interrupt_masks(struct ath_hw *ah, 
    33113444--- a/drivers/net/wireless/ath/ath9k/reg.h 
    33123445+++ b/drivers/net/wireless/ath/ath9k/reg.h 
     
    33533486 EXPORT_SYMBOL(ath9k_cmn_update_txpow); 
    33543487  
     3488--- a/drivers/net/wireless/b43/phy_common.c 
     3489+++ b/drivers/net/wireless/b43/phy_common.c 
     3490@@ -276,8 +276,7 @@ void b43_phy_write(struct b43_wldev *dev 
     3491 void b43_phy_copy(struct b43_wldev *dev, u16 destreg, u16 srcreg) 
     3492 { 
     3493        assert_mac_suspended(dev); 
     3494-       dev->phy.ops->phy_write(dev, destreg, 
     3495-               dev->phy.ops->phy_read(dev, srcreg)); 
     3496+       b43_phy_write(dev, destreg, b43_phy_read(dev, srcreg)); 
     3497 } 
     3498  
     3499 void b43_phy_mask(struct b43_wldev *dev, u16 offset, u16 mask) 
  • branches/barrier_breaker/package/kernel/mac80211/patches/310-ap_scan.patch

    r41018 r43209  
    11--- a/net/mac80211/cfg.c 
    22+++ b/net/mac80211/cfg.c 
    3 @@ -1903,7 +1903,7 @@ static int ieee80211_scan(struct wiphy * 
     3@@ -1902,7 +1902,7 @@ static int ieee80211_scan(struct wiphy * 
    44                 * the  frames sent while scanning on other channel will be 
    55                 * lost) 
  • branches/barrier_breaker/package/kernel/mac80211/patches/523-ath9k_use_configured_antenna_gain.patch

    r42454 r43209  
    1111--- a/drivers/net/wireless/ath/ath9k/hw.c 
    1212+++ b/drivers/net/wireless/ath/ath9k/hw.c 
    13 @@ -2724,7 +2724,7 @@ void ath9k_hw_apply_txpower(struct ath_h 
     13@@ -2711,7 +2711,7 @@ void ath9k_hw_apply_txpower(struct ath_h 
    1414        channel = chan->chan; 
    1515        chan_pwr = min_t(int, channel->max_power * 2, MAX_RATE_POWER); 
  • branches/barrier_breaker/package/kernel/mac80211/patches/542-ath9k_debugfs_diag.patch

    r42454 r43209  
    9595--- a/drivers/net/wireless/ath/ath9k/hw.c 
    9696+++ b/drivers/net/wireless/ath/ath9k/hw.c 
    97 @@ -1738,6 +1738,20 @@ fail: 
     97@@ -1725,6 +1725,20 @@ fail: 
    9898        return -EINVAL; 
    9999 } 
     
    116116                   struct ath9k_hw_cal_data *caldata, bool fastcc) 
    117117 { 
    118 @@ -1943,6 +1957,7 @@ int ath9k_hw_reset(struct ath_hw *ah, st 
     118@@ -1930,6 +1944,7 @@ int ath9k_hw_reset(struct ath_hw *ah, st 
    119119                ar9003_hw_disable_phy_restart(ah); 
    120120  
  • branches/barrier_breaker/package/kernel/mac80211/patches/543-ath9k-allow-to-disable-bands-via-platform-data.patch

    r42454 r43209  
    1212--- a/drivers/net/wireless/ath/ath9k/hw.c 
    1313+++ b/drivers/net/wireless/ath/ath9k/hw.c 
    14 @@ -2331,17 +2331,25 @@ int ath9k_hw_fill_cap_info(struct ath_hw 
     14@@ -2318,17 +2318,25 @@ int ath9k_hw_fill_cap_info(struct ath_hw 
    1515        } 
    1616  
  • branches/barrier_breaker/package/kernel/mac80211/patches/550-ath9k_entropy_from_adc.patch

    r42454 r43209  
    1919--- a/drivers/net/wireless/ath/ath9k/ar9003_phy.c 
    2020+++ b/drivers/net/wireless/ath/ath9k/ar9003_phy.c 
    21 @@ -1781,6 +1781,26 @@ static void ar9003_hw_tx99_set_txpower(s 
     21@@ -1794,6 +1794,26 @@ static void ar9003_hw_tx99_set_txpower(s 
    2222                  ATH9K_POW_SM(p_pwr_array[ALL_TARGET_HT40_14],  0)); 
    2323 } 
     
    4646 { 
    4747        struct ath_hw_private_ops *priv_ops = ath9k_hw_private_ops(ah); 
    48 @@ -1816,6 +1836,7 @@ void ar9003_hw_attach_phy_ops(struct ath 
     48@@ -1829,6 +1849,7 @@ void ar9003_hw_attach_phy_ops(struct ath 
    4949        priv_ops->set_radar_params = ar9003_hw_set_radar_params; 
    5050        priv_ops->fast_chan_change = ar9003_hw_fast_chan_change; 
  • branches/barrier_breaker/package/kernel/mac80211/patches/551-ath9k-ar933x-usb-hang-workaround.patch

    r42454 r43209  
    2121 /* Chip Revisions */ 
    2222 /******************/ 
    23 @@ -1340,6 +1353,9 @@ static bool ath9k_hw_set_reset(struct at 
     23@@ -1327,6 +1340,9 @@ static bool ath9k_hw_set_reset(struct at 
    2424        if (AR_SREV_9100(ah)) 
    2525                udelay(50); 
     
    3131 } 
    3232  
    33 @@ -1439,6 +1455,9 @@ static bool ath9k_hw_chip_reset(struct a 
     33@@ -1426,6 +1442,9 @@ static bool ath9k_hw_chip_reset(struct a 
    3434                ar9003_hw_internal_regulator_apply(ah); 
    3535        ath9k_hw_init_pll(ah, chan); 
     
    4141 } 
    4242  
    43 @@ -1733,8 +1752,14 @@ static int ath9k_hw_do_fastcc(struct ath 
     43@@ -1720,8 +1739,14 @@ static int ath9k_hw_do_fastcc(struct ath 
    4444        if (AR_SREV_9271(ah)) 
    4545                ar9002_hw_load_ani_reg(ah, chan); 
     
    5656 } 
    5757  
    58 @@ -1962,6 +1987,9 @@ int ath9k_hw_reset(struct ath_hw *ah, st 
     58@@ -1949,6 +1974,9 @@ int ath9k_hw_reset(struct ath_hw *ah, st 
    5959        if (AR_SREV_9565(ah) && common->bt_ant_diversity) 
    6060                REG_SET_BIT(ah, AR_BTCOEX_WL_LNADIV, AR_BTCOEX_WL_LNADIV_FORCE_ON); 
  • branches/barrier_breaker/package/kernel/mac80211/patches/562-ath9k_ani_ws_detect.patch

    r42454 r43209  
    8080  * ar9003_hw_set_channel - set channel on single-chip device 
    8181  * @ah: atheros hardware structure 
    82 @@ -971,11 +957,6 @@ static bool ar9003_hw_ani_control(struct 
     82@@ -984,11 +970,6 @@ static bool ar9003_hw_ani_control(struct 
    8383        struct ath_common *common = ath9k_hw_common(ah); 
    8484        struct ath9k_channel *chan = ah->curchan; 
     
    9292  
    9393        switch (cmd & ah->ani_function) { 
    94 @@ -989,61 +970,6 @@ static bool ar9003_hw_ani_control(struct 
     94@@ -1002,61 +983,6 @@ static bool ar9003_hw_ani_control(struct 
    9595                 */ 
    9696                u32 on = param ? 1 : 0; 
  • branches/barrier_breaker/package/kernel/mac80211/patches/567-ath9k_fix_init_nfcal.patch

    r42454 r43209  
    1111--- a/drivers/net/wireless/ath/ath9k/hw.c 
    1212+++ b/drivers/net/wireless/ath/ath9k/hw.c 
    13 @@ -1972,8 +1972,10 @@ int ath9k_hw_reset(struct ath_hw *ah, st 
     13@@ -1959,8 +1959,10 @@ int ath9k_hw_reset(struct ath_hw *ah, st 
    1414        if (ath9k_hw_mci_is_enabled(ah)) 
    1515                ar9003_mci_check_bt(ah); 
  • branches/barrier_breaker/package/kernel/mac80211/patches/800-b43-backports-form-wireless-testing-master-master-20.patch

    r43054 r43209  
    818818                ops->exit(dev); 
    819819 } 
    820 @@ -403,9 +411,6 @@ int b43_switch_channel(struct b43_wldev  
     820@@ -402,9 +410,6 @@ int b43_switch_channel(struct b43_wldev  
    821821        u16 channelcookie, savedcookie; 
    822822        int err; 
     
    828828         * firmware from sending ghost packets. 
    829829         */ 
    830 @@ -423,7 +428,6 @@ int b43_switch_channel(struct b43_wldev  
     830@@ -422,7 +427,6 @@ int b43_switch_channel(struct b43_wldev  
    831831        if (err) 
    832832                goto err_restore_cookie; 
     
    836836        msleep(8); 
    837837  
    838 @@ -542,10 +546,9 @@ void b43_phyop_switch_analog_generic(str 
     838@@ -541,10 +545,9 @@ void b43_phyop_switch_analog_generic(str 
    839839 } 
    840840  
Note: See TracChangeset for help on using the changeset viewer.