@@ -776,9 +776,23 @@ int iwlagn_mac_sta_state(struct ieee80211_hw *hw,
mutex_lock(&priv->mutex);
if (vif->type == NL80211_IFTYPE_STATION) {
if (old_state == IEEE80211_STA_NOTEXIST &&
- new_state == IEEE80211_STA_NONE)
+ new_state == IEEE80211_STA_NONE) {
+ /*
+ * Firmware bug - it'll crash if the beacon interval is less
+ * than 16. We can't avoid connecting at all, so refuse the
+ * station state change, this will cause mac80211 to abandon
+ * attempts to connect to this AP, and eventually wpa_s will
+ * blacklist the AP...
+ */
+ if (vif->bss_conf.beacon_int < 16) {
+ IWL_ERR(priv,
+ "AP %pM beacon interval is %d, refusing due to firmware bug!\n",
+ sta->addr, vif->bss_conf.beacon_int);
+ ret = -EINVAL;
+ goto out_unlock;
+ }
op = ADD;
- else if (old_state == IEEE80211_STA_NONE &&
+ } else if (old_state == IEEE80211_STA_NONE &&
new_state == IEEE80211_STA_NOTEXIST)
op = REMOVE;
else if (old_state == IEEE80211_STA_AUTH &&
@@ -846,6 +860,7 @@ int iwlagn_mac_sta_state(struct ieee80211_hw *hw,
if (iwl_is_rfkill(priv))
ret = 0;
+out_unlock:
mutex_unlock(&priv->mutex);
IWL_DEBUG_MAC80211(priv, "leave\n");