diff --git a/bes2600/queue.c b/bes2600/queue.c index cc606c1..4016b76 100644 --- a/bes2600/queue.c +++ b/bes2600/queue.c @@ -829,19 +829,19 @@ int bes2600_queue_get_skb(struct bes2600_queue *queue, u32 packetID, bes2600_queue_parse_id(packetID, &queue_generation, &queue_id, &item_generation, &item_id, &if_id, &link_id); - spin_lock(&queue->stats->hw_priv->tx_loop.pending_record_lock); + spin_lock_bh(&queue->stats->hw_priv->tx_loop.pending_record_lock); if (!list_empty(&queue->stats->hw_priv->tx_loop.pending_record_list)) { list_for_each_entry_safe(record_item, temp_record_item, &queue->stats->hw_priv->tx_loop.pending_record_list, head) { if (record_item->packetID == packetID) { list_del(&record_item->head); dev_kfree_skb(record_item->skb); kfree(record_item); - spin_unlock(&queue->stats->hw_priv->tx_loop.pending_record_lock); + spin_unlock_bh(&queue->stats->hw_priv->tx_loop.pending_record_lock); return -EINVAL; } } } - spin_unlock(&queue->stats->hw_priv->tx_loop.pending_record_lock); + spin_unlock_bh(&queue->stats->hw_priv->tx_loop.pending_record_lock); item = &queue->pool[item_id]; diff --git a/bes2600/scan.c b/bes2600/scan.c index fb1d298..497523b 100644 --- a/bes2600/scan.c +++ b/bes2600/scan.c @@ -238,6 +238,36 @@ int bes2600_hw_scan(struct ieee80211_hw *hw, /* Scan when P2P_GO corrupt firmware MiniAP mode */ if (priv->join_status == BES2600_JOIN_STATUS_AP) return -EOPNOTSUPP; + + /* + * Firmware refuses WSM start-scan for 5 GHz with status 2 ("rejected + * by policy"); see besser issue #1. mac80211 splits multi-band + * hw_scan requests per-band when the driver does not set + * IEEE80211_HW_SINGLE_SCAN_ON_ALL_BANDS (we don't -- see + * ieee80211_hw_set() calls in bes2600_main.c), so each per-band call + * has req->channels[] from one band only (see ieee80211_prep_hw_scan + * in net/mac80211/scan.c). Refuse the 5 GHz iteration at the driver + * boundary so userspace gets a clean aborted-scan for that portion + * rather than waiting for the firmware reject to cascade up. + * + * Only the multi-channel case is refused (n_channels > 1): that's + * the per-band-sweep pattern mac80211 issues internally and the + * one that triggers the firmware storm at the per-band loop + * boundary. Single-channel 5 GHz scans (BSS verification, NM's + * per-freq iteration when 802-11-wireless.band=a is set) pass + * through to firmware, which generally accepts them since the + * storm is the back-to-back per-band issue, not a blanket 5 GHz + * reject. This preserves 5 GHz association via the + * "wpa_supplicant iterates freq_list per channel" path. + * + * Contract: per include/net/mac80211.h struct ieee80211_ops.hw_scan + * documentation, a negative return aborts the scan without requiring + * ieee80211_scan_completed(). + */ + if (req->n_channels > 1 && + req->channels[0]->band == NL80211_BAND_5GHZ) + return -EOPNOTSUPP; + #if 0 if (work_pending(&priv->offchannel_work) || (hw_priv->roc_if_id != -1)) { diff --git a/bes2600/tx_loop.c b/bes2600/tx_loop.c index e6cf072..0cf7ce1 100644 --- a/bes2600/tx_loop.c +++ b/bes2600/tx_loop.c @@ -109,9 +109,9 @@ void bes2600_tx_loop_set_enable(struct bes2600_common *hw_priv, bool need_warn) bes2600_queue_iterate_pending_packet(&hw_priv->tx_queue[i], bes2600_tx_loop_item_pending_item); } - spin_lock(&hw_priv->tx_loop.pending_record_lock); + spin_lock_bh(&hw_priv->tx_loop.pending_record_lock); bes2600_queue_iterate_record_pending_packet(hw_priv, bes2600_tx_loop_item_pending_item); - spin_unlock(&hw_priv->tx_loop.pending_record_lock); + spin_unlock_bh(&hw_priv->tx_loop.pending_record_lock); if (atomic_read(&hw_priv->bh_rx) > 0) wake_up(&hw_priv->bh_wq);