<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux.git/drivers/net/wireless/ath, branch v4.13</title>
<subtitle>Linux kernel source tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/'/>
<entry>
<title>ath9k: remove useless variable assignment in ath_mci_intr()</title>
<updated>2017-06-28T16:56:36+00:00</updated>
<author>
<name>Gustavo A. R. Silva</name>
<email>garsilva@embeddedor.com</email>
</author>
<published>2017-06-26T23:26:58+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=6788a3832c706c541d8a8227076eddde47446c8a'/>
<id>6788a3832c706c541d8a8227076eddde47446c8a</id>
<content type='text'>
Value assigned to variable offset at line 551 is overwritten at line 562,
before it can be used. This makes such variable assignment useless.

Addresses-Coverity-ID: 1226941
Signed-off-by: Gustavo A. R. Silva &lt;garsilva@embeddedor.com&gt;
Signed-off-by: Kalle Valo &lt;kvalo@qca.qualcomm.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Value assigned to variable offset at line 551 is overwritten at line 562,
before it can be used. This makes such variable assignment useless.

Addresses-Coverity-ID: 1226941
Signed-off-by: Gustavo A. R. Silva &lt;garsilva@embeddedor.com&gt;
Signed-off-by: Kalle Valo &lt;kvalo@qca.qualcomm.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ath10k: fix a bunch of spelling mistakes in messages</title>
<updated>2017-06-28T16:55:44+00:00</updated>
<author>
<name>Colin Ian King</name>
<email>colin.king@canonical.com</email>
</author>
<published>2017-06-25T21:29:32+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=23de57975f1467ec1987a716a27b20c1bc665309'/>
<id>23de57975f1467ec1987a716a27b20c1bc665309</id>
<content type='text'>
Fix the following spelling mistakes in messages:
  syncronise -&gt; synchronize
  unusally -&gt; unusually
  addrress -&gt; address
  inverval -&gt; interval

Signed-off-by: Colin Ian King &lt;colin.king@canonical.com&gt;
Signed-off-by: Kalle Valo &lt;kvalo@qca.qualcomm.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Fix the following spelling mistakes in messages:
  syncronise -&gt; synchronize
  unusally -&gt; unusually
  addrress -&gt; address
  inverval -&gt; interval

Signed-off-by: Colin Ian King &lt;colin.king@canonical.com&gt;
Signed-off-by: Kalle Valo &lt;kvalo@qca.qualcomm.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ath9k: Use mutex_lock to avoid potential race in start/stop rng</title>
<updated>2017-06-28T16:54:43+00:00</updated>
<author>
<name>Miaoqing Pan</name>
<email>miaoqing@codeaurora.org</email>
</author>
<published>2017-06-27T14:31:55+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=f23cdfb3fe8f6e3502b8aebb819edf5669c1d802'/>
<id>f23cdfb3fe8f6e3502b8aebb819edf5669c1d802</id>
<content type='text'>
Move ath9k_rng_stop/ath9k_rng_start pair into critical section,
use mutex_lock to void potential race accessing.

Signed-off-by: Miaoqing Pan &lt;miaoqing@codeaurora.org&gt;
Signed-off-by: Kalle Valo &lt;kvalo@qca.qualcomm.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Move ath9k_rng_stop/ath9k_rng_start pair into critical section,
use mutex_lock to void potential race accessing.

Signed-off-by: Miaoqing Pan &lt;miaoqing@codeaurora.org&gt;
Signed-off-by: Kalle Valo &lt;kvalo@qca.qualcomm.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ath9k: avoid potential freezing during random generator read</title>
<updated>2017-06-28T16:54:38+00:00</updated>
<author>
<name>Miaoqing Pan</name>
<email>miaoqing@codeaurora.org</email>
</author>
<published>2017-06-27T14:31:54+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=473becac4b310dd720a0f5e07ce149a09467f1a4'/>
<id>473becac4b310dd720a0f5e07ce149a09467f1a4</id>
<content type='text'>
In the worst case, ath9k_rng_stop() may take 10s to stop rng kthread.
The time is too long for users, use wait_event_interruptible_timeout()
instead of msleep_interruptible(), wakup immediately once
kthread_should_stop() is true.

Signed-off-by: Miaoqing Pan &lt;miaoqing@codeaurora.org&gt;
Signed-off-by: Kalle Valo &lt;kvalo@qca.qualcomm.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
In the worst case, ath9k_rng_stop() may take 10s to stop rng kthread.
The time is too long for users, use wait_event_interruptible_timeout()
instead of msleep_interruptible(), wakup immediately once
kthread_should_stop() is true.

Signed-off-by: Miaoqing Pan &lt;miaoqing@codeaurora.org&gt;
Signed-off-by: Kalle Valo &lt;kvalo@qca.qualcomm.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ath9k: fix an invalid pointer dereference in ath9k_rng_stop()</title>
<updated>2017-06-28T16:54:33+00:00</updated>
<author>
<name>Miaoqing Pan</name>
<email>miaoqing@codeaurora.org</email>
</author>
<published>2017-06-27T14:31:53+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=07246c115801c27652700e3679bb58661ef7ed65'/>
<id>07246c115801c27652700e3679bb58661ef7ed65</id>
<content type='text'>
The bug was triggered when do suspend/resuming continuously
on Dell XPS L322X/0PJHXN version 9333 (2013) with kernel
4.12.0-041200rc4-generic. But can't reproduce on DELL
E5440 + AR9300 PCIE chips.

The warning is caused by accessing invalid pointer sc-&gt;rng_task.
sc-&gt;rng_task is not be cleared after kthread_stop(sc-&gt;rng_task)
be called in ath9k_rng_stop(). Because the kthread is stopped
before ath9k_rng_kthread() be scheduled.

So set sc-&gt;rng_task to null after kthread_stop(sc-&gt;rng_task) to
resolve this issue.

WARNING: CPU: 0 PID: 984 at linux/kernel/kthread.c:71 kthread_stop+0xf1/0x100
CPU: 0 PID: 984 Comm: NetworkManager Not tainted 4.12.0-041200rc4-generic #201706042031
Hardware name: Dell Inc.          Dell System XPS L322X/0PJHXN, BIOS A09 05/15/2013
task: ffff950170fdda00 task.stack: ffffa22c01538000
RIP: 0010:kthread_stop+0xf1/0x100
RSP: 0018:ffffa22c0153b5b0 EFLAGS: 00010246
RAX: ffffffffa6257800 RBX: ffff950171b79560 RCX: 0000000000000000
RDX: 0000000080000000 RSI: 000000007fffffff RDI: ffff9500ac9a9680
RBP: ffffa22c0153b5c8 R08: 0000000000000000 R09: 0000000000000000
R10: ffffa22c0153b648 R11: ffff9501768004b8 R12: ffff9500ac9a9680
R13: ffff950171b79f70 R14: ffff950171b78780 R15: ffff9501749dc018
FS:  00007f0d6bfd5540(0000) GS:ffff95017f200000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fc190161a08 CR3: 0000000232906000 CR4: 00000000001406f0
Call Trace:
  ath9k_rng_stop+0x1a/0x20 [ath9k]
  ath9k_stop+0x3b/0x1d0 [ath9k]
  drv_stop+0x33/0xf0 [mac80211]
  ieee80211_stop_device+0x43/0x50 [mac80211]
  ieee80211_do_stop+0x4f2/0x810 [mac80211]

Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=196043
Reported-by: Giulio Genovese &lt;giulio.genovese@gmail.com&gt;
Tested-by: Giulio Genovese &lt;giulio.genovese@gmail.com&gt;
Cc: &lt;stable@vger.kernel.org&gt;
Signed-off-by: Miaoqing Pan &lt;miaoqing@codeaurora.org&gt;
Signed-off-by: Kalle Valo &lt;kvalo@qca.qualcomm.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The bug was triggered when do suspend/resuming continuously
on Dell XPS L322X/0PJHXN version 9333 (2013) with kernel
4.12.0-041200rc4-generic. But can't reproduce on DELL
E5440 + AR9300 PCIE chips.

The warning is caused by accessing invalid pointer sc-&gt;rng_task.
sc-&gt;rng_task is not be cleared after kthread_stop(sc-&gt;rng_task)
be called in ath9k_rng_stop(). Because the kthread is stopped
before ath9k_rng_kthread() be scheduled.

So set sc-&gt;rng_task to null after kthread_stop(sc-&gt;rng_task) to
resolve this issue.

WARNING: CPU: 0 PID: 984 at linux/kernel/kthread.c:71 kthread_stop+0xf1/0x100
CPU: 0 PID: 984 Comm: NetworkManager Not tainted 4.12.0-041200rc4-generic #201706042031
Hardware name: Dell Inc.          Dell System XPS L322X/0PJHXN, BIOS A09 05/15/2013
task: ffff950170fdda00 task.stack: ffffa22c01538000
RIP: 0010:kthread_stop+0xf1/0x100
RSP: 0018:ffffa22c0153b5b0 EFLAGS: 00010246
RAX: ffffffffa6257800 RBX: ffff950171b79560 RCX: 0000000000000000
RDX: 0000000080000000 RSI: 000000007fffffff RDI: ffff9500ac9a9680
RBP: ffffa22c0153b5c8 R08: 0000000000000000 R09: 0000000000000000
R10: ffffa22c0153b648 R11: ffff9501768004b8 R12: ffff9500ac9a9680
R13: ffff950171b79f70 R14: ffff950171b78780 R15: ffff9501749dc018
FS:  00007f0d6bfd5540(0000) GS:ffff95017f200000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fc190161a08 CR3: 0000000232906000 CR4: 00000000001406f0
Call Trace:
  ath9k_rng_stop+0x1a/0x20 [ath9k]
  ath9k_stop+0x3b/0x1d0 [ath9k]
  drv_stop+0x33/0xf0 [mac80211]
  ieee80211_stop_device+0x43/0x50 [mac80211]
  ieee80211_do_stop+0x4f2/0x810 [mac80211]

Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=196043
Reported-by: Giulio Genovese &lt;giulio.genovese@gmail.com&gt;
Tested-by: Giulio Genovese &lt;giulio.genovese@gmail.com&gt;
Cc: &lt;stable@vger.kernel.org&gt;
Signed-off-by: Miaoqing Pan &lt;miaoqing@codeaurora.org&gt;
Signed-off-by: Kalle Valo &lt;kvalo@qca.qualcomm.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ath10k: add const to thermal_cooling_device_ops structure</title>
<updated>2017-06-28T16:53:40+00:00</updated>
<author>
<name>Bhumika Goyal</name>
<email>bhumirks@gmail.com</email>
</author>
<published>2017-06-27T14:31:52+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=1cdb6c9fd43366413f928531a03fc07a8c14429a'/>
<id>1cdb6c9fd43366413f928531a03fc07a8c14429a</id>
<content type='text'>
Declare thermal_cooling_device_ops structure as const as it is only passed
as an argument to the function thermal_cooling_device_register and this
argument is of type const. So, declare the structure as const.

Signed-off-by: Bhumika Goyal &lt;bhumirks@gmail.com&gt;
Signed-off-by: Kalle Valo &lt;kvalo@qca.qualcomm.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Declare thermal_cooling_device_ops structure as const as it is only passed
as an argument to the function thermal_cooling_device_register and this
argument is of type const. So, declare the structure as const.

Signed-off-by: Bhumika Goyal &lt;bhumirks@gmail.com&gt;
Signed-off-by: Kalle Valo &lt;kvalo@qca.qualcomm.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ath9k: fix tx99 bus error</title>
<updated>2017-06-28T16:52:26+00:00</updated>
<author>
<name>Miaoqing Pan</name>
<email>miaoqing@codeaurora.org</email>
</author>
<published>2017-06-27T14:31:51+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=bde717ab473668377fc65872398a102d40cb2d58'/>
<id>bde717ab473668377fc65872398a102d40cb2d58</id>
<content type='text'>
The hard coded register 0x9864 and 0x9924 are invalid
for ar9300 chips.

Cc: &lt;stable@vger.kernel.org&gt;
Signed-off-by: Miaoqing Pan &lt;miaoqing@codeaurora.org&gt;
Signed-off-by: Kalle Valo &lt;kvalo@qca.qualcomm.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The hard coded register 0x9864 and 0x9924 are invalid
for ar9300 chips.

Cc: &lt;stable@vger.kernel.org&gt;
Signed-off-by: Miaoqing Pan &lt;miaoqing@codeaurora.org&gt;
Signed-off-by: Kalle Valo &lt;kvalo@qca.qualcomm.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ath9k: fix tx99 use after free</title>
<updated>2017-06-28T16:52:21+00:00</updated>
<author>
<name>Miaoqing Pan</name>
<email>miaoqing@codeaurora.org</email>
</author>
<published>2017-06-27T14:31:49+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=cf8ce1ea61b75712a154c93e40f2a5af2e4dd997'/>
<id>cf8ce1ea61b75712a154c93e40f2a5af2e4dd997</id>
<content type='text'>
One scenario that could lead to UAF is two threads writing
simultaneously to the "tx99" debug file. One of them would
set the "start" value to true and follow to ath9k_tx99_init().
Inside the function it would set the sc-&gt;tx99_state to true
after allocating sc-&gt;tx99skb. Then, the other thread would
execute write_file_tx99() and call ath9k_tx99_deinit().
sc-&gt;tx99_state would be freed. After that, the first thread
would continue inside ath9k_tx99_init() and call
r = ath9k_tx99_send(sc, sc-&gt;tx99_skb, &amp;txctl);
that would make use of the freed sc-&gt;tx99_skb memory.

Cc: &lt;stable@vger.kernel.org&gt;
Signed-off-by: Miaoqing Pan &lt;miaoqing@codeaurora.org&gt;
Signed-off-by: Kalle Valo &lt;kvalo@qca.qualcomm.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
One scenario that could lead to UAF is two threads writing
simultaneously to the "tx99" debug file. One of them would
set the "start" value to true and follow to ath9k_tx99_init().
Inside the function it would set the sc-&gt;tx99_state to true
after allocating sc-&gt;tx99skb. Then, the other thread would
execute write_file_tx99() and call ath9k_tx99_deinit().
sc-&gt;tx99_state would be freed. After that, the first thread
would continue inside ath9k_tx99_init() and call
r = ath9k_tx99_send(sc, sc-&gt;tx99_skb, &amp;txctl);
that would make use of the freed sc-&gt;tx99_skb memory.

Cc: &lt;stable@vger.kernel.org&gt;
Signed-off-by: Miaoqing Pan &lt;miaoqing@codeaurora.org&gt;
Signed-off-by: Kalle Valo &lt;kvalo@qca.qualcomm.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge tag 'wireless-drivers-next-for-davem-2017-06-25' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next</title>
<updated>2017-06-25T18:45:34+00:00</updated>
<author>
<name>David S. Miller</name>
<email>davem@davemloft.net</email>
</author>
<published>2017-06-25T18:45:34+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=24a72b77f3407a9ac173aa6978f44106ed0742d7'/>
<id>24a72b77f3407a9ac173aa6978f44106ed0742d7</id>
<content type='text'>
Kalle Valo says:

====================
wireless-drivers-next patches for 4.13

New features and bug fixes to quite a few different drivers, but
nothing really special standing out.

What makes me happy that we have now more vendors actively
contributing to upstream drivers. In this pull request we have patches
from Broadcom, Intel, Qualcomm, Realtek and Redpine Signals, and I
still have patches from Marvell and Quantenna pending in patchwork. Now
that's something comparing to how things looked 11 years ago in Jeff
Garzik's "State of the Union: Wireless" email:

https://lkml.org/lkml/2006/1/5/671

Major changes:

wil6210

* add low level RF sector interface via nl80211 vendor commands

* add module parameter ftm_mode to load separate firmware for factory
  testing

* support devices with different PCIe bar size

* add support for PCIe D3hot in system suspend

* remove ioctl interface which should not be in a wireless driver

ath10k

* go back to using dma_alloc_coherent() for firmware scratch memory

* add per chain RSSI reporting

brcmfmac

* add support multi-scheduled scan

* add scheduled scan support for specified BSSIDs

* add support for brcm43430 revision 0

wlcore

* add wil1285 compatible

rsi

* add RS9113 USB support

iwlwifi

* FW API documentation improvements (for tools and htmldoc)

* continuing work for the new A000 family

* bump the maximum supported FW API to 31

* improve the differentiation between 8000, 9000 and A000 families
====================

Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Kalle Valo says:

====================
wireless-drivers-next patches for 4.13

New features and bug fixes to quite a few different drivers, but
nothing really special standing out.

What makes me happy that we have now more vendors actively
contributing to upstream drivers. In this pull request we have patches
from Broadcom, Intel, Qualcomm, Realtek and Redpine Signals, and I
still have patches from Marvell and Quantenna pending in patchwork. Now
that's something comparing to how things looked 11 years ago in Jeff
Garzik's "State of the Union: Wireless" email:

https://lkml.org/lkml/2006/1/5/671

Major changes:

wil6210

* add low level RF sector interface via nl80211 vendor commands

* add module parameter ftm_mode to load separate firmware for factory
  testing

* support devices with different PCIe bar size

* add support for PCIe D3hot in system suspend

* remove ioctl interface which should not be in a wireless driver

ath10k

* go back to using dma_alloc_coherent() for firmware scratch memory

* add per chain RSSI reporting

brcmfmac

* add support multi-scheduled scan

* add scheduled scan support for specified BSSIDs

* add support for brcm43430 revision 0

wlcore

* add wil1285 compatible

rsi

* add RS9113 USB support

iwlwifi

* FW API documentation improvements (for tools and htmldoc)

* continuing work for the new A000 family

* bump the maximum supported FW API to 31

* improve the differentiation between 8000, 9000 and A000 families
====================

Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge ath-next from git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/ath.git</title>
<updated>2017-06-22T13:29:52+00:00</updated>
<author>
<name>Kalle Valo</name>
<email>kvalo@codeaurora.org</email>
</author>
<published>2017-06-22T13:29:52+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=52f8c9380f2eb051581628782a4917f2c3f9751f'/>
<id>52f8c9380f2eb051581628782a4917f2c3f9751f</id>
<content type='text'>
ath.git patches for 4.13. Major changes:

wil6210

* add low level RF sector interface via nl80211 vendor commands

* add module parameter ftm_mode to load separate firmware for factory
  testing

* support devices with different PCIe bar size

* add support for PCIe D3hot in system suspend

* remove ioctl interface which should not be in a wireless driver

ath10k

* go back to using dma_alloc_coherent() for firmware scratch memory

* add per chain RSSI reporting
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
ath.git patches for 4.13. Major changes:

wil6210

* add low level RF sector interface via nl80211 vendor commands

* add module parameter ftm_mode to load separate firmware for factory
  testing

* support devices with different PCIe bar size

* add support for PCIe D3hot in system suspend

* remove ioctl interface which should not be in a wireless driver

ath10k

* go back to using dma_alloc_coherent() for firmware scratch memory

* add per chain RSSI reporting
</pre>
</div>
</content>
</entry>
</feed>
