linux-toradex.git/drivers/net/wireless, branch v2.6.24.4 Linux kernel for Apalis and Colibri modules b43: Backport bcm4311 fix 2008-03-24T18:47:31+00:00 Michael Buesch mb@bu3sch.de 2008-02-29T11:55:41+00:00 061e98a971b62ce4ee25c6cbd88b46d9870d5d9f This is a backport of upstream commit 013978b6 ("b43: Changes to enable BCM4311 rev 02 with wireless core revision 13") and the changes include the following: (1) Add the 802.11 rev 13 device to the ssb_device_id table to load b43. (2) Add PHY revision 9 to the supported list. (3) Change the 2-bit routing code for address extensions to 0b10 rather than the 0b01 used for the 32-bit case. (4) Remove some magic numbers in the DMA setup. The DMA implementation for this chip supports full 64-bit addressing with one exception. Whenever the Descriptor Ring Buffer is in high memory, a fatal DMA error occurs. This problem was not present in 2.6.24-rc2 due to code to "Bias the placement of kernel pages at lower PFNs". When commit 44048d70 reverted that code, the DMA error appeared. As a "fix", use the GFP_DMA flag when allocating the buffer for 64-bit DMA. At present, this problem is thought to arise from a hardware error. Signed-off-by: Michael Buesch <mb@bu3sch.de> Cc: Larry Finger <Larry.Finger@lwfinger.net> Cc: John W. Linville <linville@tuxdriver.com> Cc: Alexey Zaytsev <alexey.zaytsev@gmail.com> Signed-off-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
This is a backport of upstream commit 013978b6 ("b43: Changes to enable
BCM4311 rev 02 with wireless core revision 13") and the changes include
the following:

(1) Add the 802.11 rev 13 device to the ssb_device_id table to load b43.
(2) Add PHY revision 9 to the supported list.
(3) Change the 2-bit routing code for address extensions to 0b10 rather
    than the 0b01 used for the 32-bit case.
(4) Remove some magic numbers in the DMA setup.

The DMA implementation for this chip supports full 64-bit addressing with
one exception. Whenever the Descriptor Ring Buffer is in high memory, a
fatal DMA error occurs. This problem was not present in 2.6.24-rc2 due
to code to "Bias the placement of kernel pages at lower PFNs". When
commit 44048d70 reverted that code, the DMA error appeared. As a "fix",
use the GFP_DMA flag when allocating the buffer for 64-bit DMA. At present,
this problem is thought to arise from a hardware error.

Signed-off-by: Michael Buesch <mb@bu3sch.de>
Cc: Larry Finger <Larry.Finger@lwfinger.net>
Cc: John W. Linville <linville@tuxdriver.com>
Cc: Alexey Zaytsev <alexey.zaytsev@gmail.com>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
b43: Reject new firmware early 2008-02-08T19:46:29+00:00 Michael Buesch mb@bu3sch.de 2008-01-26T12:54:52+00:00 5df1d0f87854e9bcd6b32ad0d2e1f8676dbe9ea6 (not in mainline, as it is not applicable.) We must reject new incompatible firmware early to avoid running into strange transmission failures. The current development tree supports newer firmware revisions. These revisions cause strange failures on the stable 2.6.24 kernel. Add a check to avoid confusing users a lot. Signed-off-by: Michael Buesch <mb@bu3sch.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
(not in mainline, as it is not applicable.)

We must reject new incompatible firmware early to avoid
running into strange transmission failures.

The current development tree supports newer firmware revisions.
These revisions cause strange failures on the stable 2.6.24 kernel.
Add a check to avoid confusing users a lot.

Signed-off-by: Michael Buesch <mb@bu3sch.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
b43legacy: fix DMA slot resource leakage 2008-02-08T19:46:28+00:00 Stefano Brivio stefano.brivio@polimi.it 2008-01-25T13:32:00+00:00 3ecd7e88c999f6c73694c30359c4d084c5ab90be patch 8dd0100ce9511e52614ecd0a6587c13ce5769c8b in mainline. This fixes four resource leakages. In any error path we must deallocate the DMA frame slots we previously allocated by request_slot(). This is done by storing the ring pointers before doing any ring allocation and restoring the old pointers in case of an error. This patch by Michael Buesch has been ported to b43legacy. Cc: Michael Buesch <mb@bu3sch.de> Signed-off-by: Stefano Brivio <stefano.brivio@polimi.it> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
patch 8dd0100ce9511e52614ecd0a6587c13ce5769c8b in mainline.

This fixes four resource leakages.
In any error path we must deallocate the DMA frame slots we
previously allocated by request_slot().
This is done by storing the ring pointers before doing any ring
allocation and restoring the old pointers in case of an error.

This patch by Michael Buesch has been ported to b43legacy.

Cc: Michael Buesch <mb@bu3sch.de>
Signed-off-by: Stefano Brivio <stefano.brivio@polimi.it>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
b43legacy: drop packets we are not able to encrypt 2008-02-08T19:46:28+00:00 Stefano Brivio stefano.brivio@polimi.it 2008-01-25T13:29:50+00:00 9c5149b9f241dcae61b9a20653b26d10b4738f24 patch 9eca9a8e81928685b4de00ecef83a7c13c340fc9 in mainline. We must drop any packets we are not able to encrypt. We must not send them unencrypted or with an all-zero-key (which basically is the same as unencrypted, from a security point of view). This might only trigger shortly after resume before mac80211 reassociated and reconfigured the keys. It is safe to drop these packets, as the association they belong to is not guaranteed anymore anyway. This is a security fix in the sense that it prevents information leakage. This patch by Michael Buesch has been ported to b43legacy. Cc: Michael Buesch <mb@bu3sch.de> Signed-off-by: Stefano Brivio <stefano.brivio@polimi.it> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
patch 9eca9a8e81928685b4de00ecef83a7c13c340fc9 in mainline.

We must drop any packets we are not able to encrypt.
We must not send them unencrypted or with an all-zero-key (which
basically is the same as unencrypted, from a security point of view).

This might only trigger shortly after resume before mac80211 reassociated
and reconfigured the keys.

It is safe to drop these packets, as the association they belong to
is not guaranteed anymore anyway.
This is a security fix in the sense that it prevents information leakage.

This patch by Michael Buesch has been ported to b43legacy.

Cc: Michael Buesch <mb@bu3sch.de>
Signed-off-by: Stefano Brivio <stefano.brivio@polimi.it>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
b43legacy: fix suspend/resume 2008-02-08T19:46:28+00:00 Stefano Brivio stefano.brivio@polimi.it 2008-01-25T13:26:21+00:00 bee7e28170165cb0503dc04bc2b9b6a5cb1593f9 patch ada50731c0346bf900dc387edd3a6961297bf2d3 in mainline. This patch makes suspend/resume work with the b43legacy driver. We must not overwrite the MAC addresses in the init function, as this would also overwrite the MAC on resume. With an all-zero MAC the device firmware is not able to ACK any received packets anymore. Fix this by moving the initializion stuff that must be done on init but not on resume to the start function. Also zero out filter_flags to make sure we don't have some flags from a previous instance for a tiny timeframe until mac80211 reconfigures them. This patch by Michael Buesch has been ported to b43legacy. Cc: Michael Buesch <mb@bu3sch.de> Signed-off-by: Stefano Brivio <stefano.brivio@polimi.it> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
patch ada50731c0346bf900dc387edd3a6961297bf2d3 in mainline.

This patch makes suspend/resume work with the b43legacy driver.
We must not overwrite the MAC addresses in the init function, as this
would also overwrite the MAC on resume. With an all-zero MAC the device
firmware is not able to ACK any received packets anymore.
Fix this by moving the initializion stuff that must be done on init but
not on resume to the start function.
Also zero out filter_flags to make sure we don't have some flags
from a previous instance for a tiny timeframe until mac80211 reconfigures
them.

This patch by Michael Buesch has been ported to b43legacy.

Cc: Michael Buesch <mb@bu3sch.de>
Signed-off-by: Stefano Brivio <stefano.brivio@polimi.it>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
b43legacy: fix PIO crash 2008-02-08T19:46:28+00:00 Stefano Brivio stefano.brivio@polimi.it 2008-01-25T13:24:05+00:00 c6ca9ee045051774b8e5035e5ffadbb53d5a3ad6 patch 0cd67d48b519c3d8d89d238fab1cf68a5289638a in mainline. Fix the crash reported below, which seems to happen on bcm4306 rev. 2 devices only while using PIO: Oops: 0000 [#1] PREEMPT Modules linked in: b43(F) rfkill(F) led_class(F) input_polldev(F) arc4 b43legacy mac80211 cfg80211 i915 drm snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device ohci1394 ieee1394 ssb pcmcia snd_intel8x0m ehci_hcd uhci_hcd evdev Pid: 0, comm: swapper Tainted: GF (2.6.24st3 #2) EIP: 0060:[<f90f667b>] EFLAGS: 00010002 CPU: 0 EIP is at b43legacy_pio_handle_txstatus+0xbb/0x210 [b43legacy] EAX: 0000049b EBX: f11f8044 ECX: 00000001 EDX: 00000000 ESI: f1ff8000 EDI: 00000000 EBP: f11f8040 ESP: c04f4ef4 DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068 Process swapper (pid: 0, ti=c04f4000 task=c0488300 task.ti=c04b8000) Stack: f90f2788 c05009f0 c0500900 000010f7 f1053823 c04f4f24 dfb8e800 00000003 f1368000 00000007 00000296 f90f1975 00001000 010c0800 01000000 00000007 f90f6391 f11f8000 00000082 c04f4f4a 00000000 00004fd0 10f70000 8c061000 Call Trace: [<f90f2788>] b43legacy_debugfs_log_txstat+0x48/0xb0 [b43legacy] [<f90f1975>] b43legacy_handle_hwtxstatus+0x75/0x80 [b43legacy] [<f90f6391>] b43legacy_pio_rx+0x201/0x280 [b43legacy] [<f90e4fa3>] b43legacy_interrupt_tasklet+0x2e3/0x870 [b43legacy] [<c0123567>] tasklet_action+0x27/0x60 [<c01237b4>] __do_softirq+0x54/0xb0 [<c010686b>] do_softirq+0x7b/0xe0 [<c01457c0>] handle_level_irq+0x0/0x110 [<c01457c0>] handle_level_irq+0x0/0x110 [<c0123758>] irq_exit+0x38/0x40 [<c0106953>] do_IRQ+0x83/0xd0 [<c011812f>] __update_rq_clock+0x4f/0x180 [<c0104b4f>] common_interrupt+0x23/0x28 [<c011007b>] wakeup_code+0x7b/0xde [<c02b1039>] acpi_processor_idle+0x24a/0x3c9 [<c01025c7>] cpu_idle+0x47/0x80 [<c04b9ad5>] start_kernel+0x205/0x290 [<c04b9360>] unknown_bootoption+0x0/0x1f0 ======================= Code: 0f 00 00 81 fb ff 00 00 00 0f 87 36 01 00 00 8d 04 db 85 ff 8d 6c c6 40 8d 5d 04 0f 85 ef 00 00 00 fe 4e 0e 0f b7 46 0c 8b 53 04 <8b> 4a 50 29 c8 83 e8 52 66 89 46 0c 8b 54 24 14 80 7a 0b 00 74 EIP: [<f90f667b>] b43legacy_pio_handle_txstatus+0xbb/0x210 [b43legacy] SS:ESP 0068:c04f4ef4 Kernel panic - not syncing: Fatal exception in interrupt Signed-off-by: Stefano Brivio <stefano.brivio@polimi.it> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
patch 0cd67d48b519c3d8d89d238fab1cf68a5289638a in mainline.

Fix the crash reported below, which seems to happen on bcm4306 rev. 2 devices
only while using PIO:

Oops: 0000 [#1] PREEMPT
Modules linked in: b43(F) rfkill(F) led_class(F) input_polldev(F) arc4 b43legacy mac80211 cfg80211 i915 drm snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device ohci1394 ieee1394 ssb pcmcia snd_intel8x0m ehci_hcd uhci_hcd evdev

Pid: 0, comm: swapper Tainted: GF	(2.6.24st3 #2)
EIP: 0060:[<f90f667b>] EFLAGS: 00010002 CPU: 0
EIP is at b43legacy_pio_handle_txstatus+0xbb/0x210 [b43legacy]
EAX: 0000049b EBX: f11f8044 ECX: 00000001 EDX: 00000000
ESI: f1ff8000 EDI: 00000000 EBP: f11f8040 ESP: c04f4ef4
 DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068
Process swapper (pid: 0, ti=c04f4000 task=c0488300 task.ti=c04b8000)
Stack: f90f2788 c05009f0 c0500900 000010f7 f1053823 c04f4f24 dfb8e800 00000003
       f1368000 00000007 00000296 f90f1975 00001000 010c0800 01000000 00000007
       f90f6391 f11f8000 00000082 c04f4f4a 00000000 00004fd0 10f70000 8c061000
Call Trace:
 [<f90f2788>] b43legacy_debugfs_log_txstat+0x48/0xb0 [b43legacy]
 [<f90f1975>] b43legacy_handle_hwtxstatus+0x75/0x80 [b43legacy]
 [<f90f6391>] b43legacy_pio_rx+0x201/0x280 [b43legacy]
 [<f90e4fa3>] b43legacy_interrupt_tasklet+0x2e3/0x870 [b43legacy]
 [<c0123567>] tasklet_action+0x27/0x60
 [<c01237b4>] __do_softirq+0x54/0xb0
 [<c010686b>] do_softirq+0x7b/0xe0
 [<c01457c0>] handle_level_irq+0x0/0x110
 [<c01457c0>] handle_level_irq+0x0/0x110
 [<c0123758>] irq_exit+0x38/0x40
 [<c0106953>] do_IRQ+0x83/0xd0
 [<c011812f>] __update_rq_clock+0x4f/0x180
 [<c0104b4f>] common_interrupt+0x23/0x28
 [<c011007b>] wakeup_code+0x7b/0xde
 [<c02b1039>] acpi_processor_idle+0x24a/0x3c9
 [<c01025c7>] cpu_idle+0x47/0x80
 [<c04b9ad5>] start_kernel+0x205/0x290
 [<c04b9360>] unknown_bootoption+0x0/0x1f0
 =======================
Code: 0f 00 00 81 fb ff 00 00 00 0f 87 36 01 00 00 8d 04 db 85 ff 8d 6c c6 40 8d 5d 04 0f 85 ef 00 00 00 fe 4e 0e 0f b7 46 0c 8b 53 04 <8b> 4a 50 29 c8 83 e8 52 66 89 46 0c 8b 54 24 14 80 7a 0b 00 74
EIP: [<f90f667b>] b43legacy_pio_handle_txstatus+0xbb/0x210 [b43legacy] SS:ESP 0068:c04f4ef4
Kernel panic - not syncing: Fatal exception in interrupt

Signed-off-by: Stefano Brivio <stefano.brivio@polimi.it>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
b43: Fix dma-slot resource leakage 2008-02-08T19:46:28+00:00 Michael Buesch mb@bu3sch.de 2008-01-25T11:20:20+00:00 a30954e2544519c8920c04b46f8300ec6179618f patch 8dd0100ce9511e52614ecd0a6587c13ce5769c8b in mainline. This fixes four resource leakages. In any error path we must deallocate the DMA frame slots we previously allocated by request_slot(). This is done by storing the ring pointers before doing any ring allocation and restoring the old pointers in case of an error. Signed-off-by: Michael Buesch <mb@bu3sch.de> Signed-off-by: Stefano Brivio <stefano.brivio@polimi.it> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
patch 8dd0100ce9511e52614ecd0a6587c13ce5769c8b in mainline.

This fixes four resource leakages.
In any error path we must deallocate the DMA frame slots we
previously allocated by request_slot().
This is done by storing the ring pointers before doing any ring
allocation and restoring the old pointers in case of an error.

Signed-off-by: Michael Buesch <mb@bu3sch.de>
Signed-off-by: Stefano Brivio <stefano.brivio@polimi.it>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
b43: Drop packets we are not able to encrypt 2008-02-08T19:46:26+00:00 Michael Buesch mb@bu3sch.de 2008-01-25T11:15:07+00:00 2e892f92fe8b48824cf647e812d7fac1c289a854 patch 09552ccd8277e6382097e93a40f7311a09449367 in mainline We must drop any packets we are not able to encrypt. We must not send them unencrypted or with an all-zero-key (which basically is the same as unencrypted, from a security point of view). This might only trigger shortly after resume before mac80211 reassociated and reconfigured the keys. It is safe to drop these packets, as the association they belong to is not guaranteed anymore anyway. This is a security fix in the sense that it prevents information leakage. Signed-off-by: Michael Buesch <mb@bu3sch.de> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
patch 09552ccd8277e6382097e93a40f7311a09449367 in mainline

We must drop any packets we are not able to encrypt.
We must not send them unencrypted or with an all-zero-key (which
basically is the same as unencrypted, from a security point of view).

This might only trigger shortly after resume before mac80211 reassociated
and reconfigured the keys.

It is safe to drop these packets, as the association they belong to
is not guaranteed anymore anyway.
This is a security fix in the sense that it prevents information leakage.

Signed-off-by: Michael Buesch <mb@bu3sch.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
b43: Fix suspend/resume 2008-02-08T19:46:26+00:00 Michael Buesch mb@bu3sch.de 2008-01-25T11:11:45+00:00 b3b222ff9374f16ed55aad252b1817980699b9b7 patch 7be1bb6b798d506693d2d8668e801951996b5a4a in mainline. This patch makes suspend/resume work with the b43 driver. We must not overwrite the MAC addresses in the init function, as this would also overwrite the MAC on resume. With an all-zero MAC the device firmware is not able to ACK any received packets anymore. Fix this by moving the initializion stuff that must be done on init but not on resume to the start function. Also zero out filter_flags to make sure we don't have some flags from a previous instance for a tiny timeframe until mac80211 reconfigures them. Signed-off-by: Michael Buesch <mb@bu3sch.de> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
patch 7be1bb6b798d506693d2d8668e801951996b5a4a in mainline.

This patch makes suspend/resume work with the b43 driver.
We must not overwrite the MAC addresses in the init function, as this
would also overwrite the MAC on resume. With an all-zero MAC the device
firmware is not able to ACK any received packets anymore.
Fix this by moving the initializion stuff that must be done on init but
not on resume to the start function.
Also zero out filter_flags to make sure we don't have some flags
from a previous instance for a tiny timeframe until mac80211 reconfigures
them.

Signed-off-by: Michael Buesch <mb@bu3sch.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
iwlwifi: fix possible read attempt on ucode that is not available 2008-01-23T11:11:41+00:00 Reinette Chatre reinette.chatre@intel.com 2008-01-21T18:08:31+00:00 a781cf94e6dcc09bf13e548298185d916d9ff3c8 This fixes a NULL pointer dereference that can occur when the ucode is not loaded at the time __iwl_up is called. The problem was reported at http://kerneloops.org/raw.php?rawid=2765&msgid= Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com> 
This fixes a NULL pointer dereference that can occur when the
ucode is not loaded at the time __iwl_up is called.

The problem was reported at http://kerneloops.org/raw.php?rawid=2765&msgid=

Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>