Christian Lamparter [Thu, 30 Jun 2011 19:06:17 +0000 (21:06 +0200)]
carl9170: add NEC WL300NU-AG usbid
Cc: stable@kernel.org
Reported-by: Mark Davis
Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Luciano Coelho [Thu, 30 Jun 2011 05:32:41 +0000 (08:32 +0300)]
cfg80211: fix deadlock with rfkill/sched_scan by adding new mutex
There was a deadlock when rfkill-blocking a wireless interface,
because we were locking the rdev mutex on NETDEV_GOING_DOWN to stop
sched_scans that were eventually running. The rfkill block code was
already holding a mutex under rdev:
kernel: =======================================================
kernel: [ INFO: possible circular locking dependency detected ]
kernel:
3.0.0-rc1-00049-g1fa7b6a #57
kernel: -------------------------------------------------------
kernel: kworker/0:1/4525 is trying to acquire lock:
kernel: (&rdev->mtx){+.+.+.}, at: [<
ffffffff8164c831>] cfg80211_netdev_notifier_call+0x131/0x5b0
kernel:
kernel: but task is already holding lock:
kernel: (&rdev->devlist_mtx){+.+.+.}, at: [<
ffffffff8164dcef>] cfg80211_rfkill_set_block+0x4f/0xa0
kernel:
kernel: which lock already depends on the new lock.
To fix this, add a new mutex specifically for sched_scan, to protect
the sched_scan_req element in the rdev struct, instead of using the
global rdev mutex.
Reported-by: Duane Griffin <duaneg@dghda.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Pavel Roskin [Wed, 29 Jun 2011 19:39:43 +0000 (15:39 -0400)]
ath5k: fix incorrect use of drvdata in PCI suspend/resume code
Signed-off-by: Pavel Roskin <proski@gnu.org>
Cc: <stable@kernel.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Pavel Roskin [Wed, 29 Jun 2011 19:39:37 +0000 (15:39 -0400)]
ath5k: fix incorrect use of drvdata in sysfs code
Signed-off-by: Pavel Roskin <proski@gnu.org>
Cc: <stable@kernel.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
John W. Linville [Tue, 5 Jul 2011 18:33:09 +0000 (14:33 -0400)]
Merge branch 'master' of /linux/kernel/git/padovan/bluetooth-2.6
Tomas Targownik [Thu, 30 Jun 2011 19:30:44 +0000 (16:30 -0300)]
Bluetooth: Fix memory leak under page timeouts
If the remote device is not present, the connections attemp fails and
the struct hci_conn was not freed
Signed-off-by: Tomas Targownik <ttargownik@geicp.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Gustavo F. Padovan [Thu, 30 Jun 2011 19:11:30 +0000 (16:11 -0300)]
Bluetooth: Fix regression with incoming L2CAP connections
PTS test A2DP/SRC/SRC_SET/TC_SRC_SET_BV_02_I revealed that
( probably after the
df3c3931e commit ) the l2cap connection
could not be established in case when the "Auth Complete" HCI
event does not arive before the initiator send "Configuration
request", in which case l2cap replies with "Command rejected"
since the channel is still in BT_CONNECT2 state.
Based on patch from: Ilia Kolomisnky <iliak@ti.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Peter Hurley [Thu, 30 Jun 2011 17:53:53 +0000 (13:53 -0400)]
Bluetooth: Fix hidp disconnect deadlocks and lost wakeup
Partial revert of commit
aabf6f89. When the hidp session thread
was converted from kernel_thread to kthread, the atomic/wakeups
were replaced with kthread_stop. kthread_stop has blocking semantics
which are inappropriate for the hidp session kthread. In addition,
the kthread signals itself to terminate in hidp_process_hid_control()
- it cannot do this with kthread_stop().
Lastly, a wakeup can be lost if the wakeup happens between checking
for the loop exit condition and setting the current state to
TASK_INTERRUPTIBLE. (Without appropriate synchronization mechanisms,
the task state should not be changed between the condition test and
the yield - via schedule() - as this creates a race between the
wakeup and resetting the state back to interruptible.)
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Eugene A. Shatokhin [Wed, 29 Jun 2011 03:04:51 +0000 (23:04 -0400)]
ath5k: fix memory leak when fewer than N_PD_CURVES are in use
We would free the proper number of curves, but in the wrong
slots, due to a missing level of indirection through
the pdgain_idx table.
It's simpler just to try to free all four slots, so do that.
Cc: stable@kernel.org
Signed-off-by: Bob Copeland <me@bobcopeland.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Rajkumar Manoharan [Tue, 28 Jun 2011 12:51:19 +0000 (18:21 +0530)]
ath9k: Fix suspend/resume when no interface is UP
When no interface has been brought up, the chip's power
state continued as AWAKE. So during resume, the chip never
been powered up.
Cc: stable@kernel.org
Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Dan Rosenberg [Fri, 24 Jun 2011 12:38:05 +0000 (08:38 -0400)]
Bluetooth: Prevent buffer overflow in l2cap config request
A remote user can provide a small value for the command size field in
the command header of an l2cap configuration request, resulting in an
integer underflow when subtracting the size of the configuration request
header. This results in copying a very large amount of data via
memcpy() and destroying the kernel heap. Check for underflow.
Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com>
Cc: stable <stable@kernel.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
John W. Linville [Mon, 27 Jun 2011 19:38:05 +0000 (15:38 -0400)]
iwlagn: use PCI_DMA_* for pci_* operations
"iwlagn: map command buffers BIDI" uses the DMA_* enumerations for DMA
directions, even though the pci_* DMA API is still in use. That patch
was undoubtedly developed on top of "iwlagn: don't use the PCI wrappers
for DMA operation", which is due in the next release.
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Arik Nemtsov [Wed, 22 Jun 2011 21:00:24 +0000 (00:00 +0300)]
mac80211: fix rx->key NULL dereference during mic failure
Sometimes when reporting a MIC failure rx->key may be unset. This
code path is hit when receiving a packet meant for a multicast
address, and decryption is performed in HW.
Fortunately, the failing key_idx is not used for anything up to
(and including) usermode, so we allow ourselves to drop it on the
way up when a key cannot be retrieved.
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Cc: stable@kernel.org
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Evgeni Golov [Sun, 12 Jun 2011 12:34:31 +0000 (05:34 -0700)]
iwlagn: fix *_UCODE_API_MAX output in the firmware field
Currently (3.0-rc2), modinfo iwlagn shows:
firmware: iwlwifi-5150-IWL5150_UCODE_API_MAX.ucode
firmware: iwlwifi-5000-IWL5000_UCODE_API_MAX.ucode
firmware: iwlwifi-6000g2b-IWL6000G2_UCODE_API_MAX.ucode
firmware: iwlwifi-6000g2a-IWL6000G2_UCODE_API_MAX.ucode
firmware: iwlwifi-6050-IWL6050_UCODE_API_MAX.ucode
firmware: iwlwifi-6000-IWL6000_UCODE_API_MAX.ucode
firmware: iwlwifi-100-IWL100_UCODE_API_MAX.ucode
firmware: iwlwifi-1000-IWL1000_UCODE_API_MAX.ucode
firmware: iwlwifi-105-IWL105_UCODE_API_MAX.ucode
firmware: iwlwifi-2030-IWL2030_UCODE_API_MAX.ucode
firmware: iwlwifi-2000-IWL2000_UCODE_API_MAX.ucode
which is obviously wrong, the user should not see the *_UCODE_API_MAX
macros but the actual ucode API versions here.
The problem are the
#define *_MODULE_FIRMWARE(api) *_FW_PRE #api ".ucode"
which do not expand api correctly (because this is a macro itself).
Fixed by using __stringify() from linux/stringify.h.
Further information about macro stringification can be found here:
http://gcc.gnu.org/onlinedocs/cpp/Stringification.html
Signed-off-by: Evgeni Golov <sargentd@die-welt.net>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
John W. Linville [Mon, 27 Jun 2011 18:26:04 +0000 (14:26 -0400)]
Merge branch 'wireless-2.6' of git://git./linux/kernel/git/iwlwifi/iwlwifi-2.6
Johannes Berg [Mon, 27 Jun 2011 14:54:49 +0000 (07:54 -0700)]
iwlagn: map command buffers BIDI
Evidently, the device sometimes wants to write back
to command buffers, even if I see no reason why it
should. Allow it to do that.
Tested-by: Andy Lutomirski <luto@mit.edu>
Tested-by: Kyle McMartin <kyle@redhat.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Johannes Berg [Mon, 27 Jun 2011 14:48:52 +0000 (07:48 -0700)]
iwlagn: fix cmd queue unmap
When we stop the device while a command is in
flight that uses multiple TBs, we can leak the
DMA buffers for the second and higher TBs. Fix
this by using iwlagn_unmap_tfd() as we do when
we normally recover the entry.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Johannes Berg [Tue, 21 Jun 2011 15:28:31 +0000 (08:28 -0700)]
iwlagn: fix change_interface for P2P types
When an interface changes type to a P2P type,
iwlagn will erroneously set vif->type to the
P2P type and not the reduced/split type. Fix
this by keeping "newtype" in another variable
for the assignment to vif->type.
Cc: stable@kernel.org [2.6.38+]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Emmanuel Grumbach [Tue, 21 Jun 2011 18:03:01 +0000 (11:03 -0700)]
iwlagn: Fix a bug introduced by the HUGE command removal
Since we don't have HUGE command any more, there is no point in adding 1
to the num of slots in the command queue. Doing so is buggy and might corrupt
memory.
Bug introduced by
4ce7cc2b09553a91d4aea014c39674685715173a
iwlagn: support multiple TBs per command
Cc: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Larry Finger [Tue, 21 Jun 2011 15:48:31 +0000 (10:48 -0500)]
rtl8192cu: Fix missing firmware load
In commit
3ac5e26a1e935469a8bdae1d624bc3b59d1fcdc5 entitled
"rtlwifi: rtl8192c-common: Change common firmware routines for addition
of rtl8192se and rtl8192de", the firmware loading code was moved.
Unfortunately, some necessary code was dropped for rtl8192cu.
The dmesg output shows the following:
rtl8192c: Loading firmware file rtlwifi/rtl8192cufw.bin
rtl8192c_common:_rtl92c_fw_free_to_go():<0-0> Polling FW ready fail!! REG_MCUFWDL:0x00000006 .
rtl8192c_common:rtl92c_download_fw():<0-0> Firmware is not ready to run!
In addition, the interface will authenticate and associate, but cannot
transfer data.
This is reported as Kernel Bug #38012.
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Larry Finger [Sun, 19 Jun 2011 03:49:53 +0000 (22:49 -0500)]
rtlwifi: rtl8192se: Handle duplicate PCI ID 0x10ec:0x8192 conflict with r8192e_pci
There are two devices with PCI ID 0x10ec:0x8192, namely RTL8192E and
RTL8192SE. The method of distinguishing them is by the revision ID
at offset 0x8 of the PCI configuration space. If the value is 0x10,
then the device uses rtl8192se for a driver.
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
John W. Linville [Mon, 20 Jun 2011 18:54:20 +0000 (14:54 -0400)]
Merge branch 'master' of /linux/kernel/git/padovan/bluetooth-2.6
Ilia Kolomisnky [Wed, 15 Jun 2011 03:52:26 +0000 (06:52 +0300)]
Bluetooth: Fix L2CAP connection establishment
In hci_conn_security ( which is used during L2CAP connection
establishment ) test for HCI_CONN_ENCRYPT_PEND state also
sets this state, which is bogus and leads to connection time-out
on L2CAP sockets in certain situations (especially when
using non-ssp devices )
Signed-off-by: Ilia Kolomisnky <iliak@ti.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Nishant Sarmukadam [Mon, 13 Jun 2011 10:56:15 +0000 (16:26 +0530)]
mwl8k: Tell firmware to generate CCMP header
Post commit
e4eefec73ea0a740bfe8736e3ac30dfe92fe392b, the stack is
not generating the CCMP header for us anymore. This broke the CCMP
functionality since firmware was not doing this either. Set a flag
to tell the firmware to generate the CCMP header
Signed-off-by: Nishant Sarmukadam <nishants@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Yogesh Ashok Powar [Mon, 13 Jun 2011 04:19:27 +0000 (09:49 +0530)]
mwifiex: Fixing NULL pointer dereference
Following OOPS was seen when booting with card inserted
BUG: unable to handle kernel NULL pointer dereference at
0000004c
IP: [<
f8b7718c>] cfg80211_get_drvinfo+0x21/0x115 [cfg80211]
*pde =
00000000
Oops: 0000 [#1] SMP
Modules linked in: iwl3945 iwl_legacy mwifiex_sdio mac80211 11 sdhci_pci sdhci pl2303
'ethtool' on the mwifiex device returned this OOPS as
wiphy_dev() returned NULL.
Adding missing set_wiphy_dev() call to fix the problem.
Signed-off-by: Yogesh Ashok Powar <yogeshp@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Johan Hedberg [Tue, 14 Jun 2011 09:48:19 +0000 (12:48 +0300)]
Bluetooth: Fix accepting connect requests for defer_setup
When authentication completes we shouldn't blindly accept any pending
L2CAP connect requests. If the socket has the defer_setup feature
enabled it should still wait for user space acceptance of the connect
request. The issue only happens for non-SSP connections since with SSP
the L2CAP Connect request may not be sent for non-SDP PSMs before
authentication has completed successfully.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Luiz Augusto von Dentz [Mon, 13 Jun 2011 12:37:35 +0000 (15:37 +0300)]
Bluetooth: Fix L2CAP security check
With older userspace versions (using hciops) it might not have the
key type to check if the key has sufficient security for any security
level so it is necessary to check the return of hci_conn_auth to make
sure the connection is authenticated
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Acked-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
John W. Linville [Fri, 10 Jun 2011 19:05:34 +0000 (15:05 -0400)]
Merge branch 'master' of /linux/kernel/git/padovan/bluetooth-2.6
Ville Tervo [Fri, 27 May 2011 08:16:21 +0000 (11:16 +0300)]
Bluetooth: Do not send SET_EVENT_MASK for 1.1 and earlier devices
Some old hci controllers do not accept any mask so leave the
default mask on for these devices.
< HCI Command: Set Event Mask (0x03|0x0001) plen 8
Mask: 0xfffffbff00000000
> HCI Event: Command Complete (0x0e) plen 4
Set Event Mask (0x03|0x0001) ncmd 1
status 0x12
Error: Invalid HCI Command Parameters
Signed-off-by: Ville Tervo <ville.tervo@nokia.com>
Tested-by: Corey Boyle <corey@kansanian.com>
Tested-by: Ed Tomlinson <edt@aei.ca>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
David Miller [Thu, 19 May 2011 21:37:45 +0000 (17:37 -0400)]
Bluetooth: Do not ignore errors returned from strict_strtol()
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Luiz Augusto von Dentz [Thu, 12 May 2011 08:13:15 +0000 (11:13 +0300)]
Bluetooth: fix shutdown on SCO sockets
shutdown should wait for SCO link to be properly disconnected before
detroying the socket, otherwise an application using the socket may
assume link is properly disconnected before it really happens which
can be a problem when e.g synchronizing profile switch.
Signed-off-by: Luiz Augusto von Dentz <luiz.dentz-von@nokia.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Filip Palian [Thu, 12 May 2011 17:32:46 +0000 (19:32 +0200)]
Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace.
Structures "l2cap_conninfo" and "rfcomm_conninfo" have one padding
byte each. This byte in "cinfo" is copied to userspace uninitialized.
Signed-off-by: Filip Palian <filip.palian@pjwstk.edu.pl>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Stanislaw Gruszka [Wed, 8 Jun 2011 13:26:31 +0000 (15:26 +0200)]
iwlegacy: fix channel switch locking
We use priv->mutex to avoid race conditions between chswitch_done()
and mac_channel_switch(), when marking channel switch in
progress. But chswitch_done() can be called in atomic context
from rx_csa() or with mutex already taken from commit_rxon().
To fix remove mutex from chswitch_done() and use atomic bitops
for marking channel switch pending.
Cc: stable@kernel.org # 2.6.39+
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Johannes Berg [Wed, 8 Jun 2011 11:27:29 +0000 (13:27 +0200)]
mac80211: fix IBSS teardown race
Ignacy reports that sometimes after leaving an IBSS
joining a new one didn't work because there still
were stations on the list. He fixed it by flushing
stations when attempting to join a new IBSS, but
this shouldn't be happening in the first case. When
I looked into it I saw a race condition in teardown
that could cause stations to be added after flush,
and thus cause this situation. Ignacy confirms that
after applying my patch he hasn't seen this happen
again.
Reported-by: Ignacy Gawedzki <i@lri.fr>
Debugged-by: Ignacy Gawedzki <i@lri.fr>
Tested-by: Ignacy Gawedzki <i@lri.fr>
Cc: stable@kernel.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Wey-Yi Guy [Fri, 27 May 2011 15:40:24 +0000 (08:40 -0700)]
iwlagn: send tx power command if defer cause by RXON not match
During channge channel, tx power will not send to uCode, the tx power command
should send after scan complete. but should also can send after RXON command.
Stable fix identified by Stanislaw Gruszka <sgruszka@redhat.com>.
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Cc: stable@kernel.org [2.6.38+]
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Luciano Coelho [Tue, 7 Jun 2011 17:42:26 +0000 (20:42 +0300)]
nl80211: fix overflow in ssid_len
When one of the SSID's length passed in a scan or sched_scan request
is larger than 255, there will be an overflow in the u8 that is used
to store the length before checking. This causes the check to fail
and we overrun the buffer when copying the SSID.
Fix this by checking the nl80211 attribute length before copying it to
the struct.
This is a follow up for the previous commit
208c72f4fe44fe09577e7975ba0e7fa0278f3d03, which didn't fix the problem
entirely.
Reported-by: Ido Yariv <ido@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Mike McCormack [Mon, 6 Jun 2011 23:58:31 +0000 (08:58 +0900)]
rtlwifi: Avoid modifying skbs that are resubmitted
In the case we fail to allocate a new skb, the old skb should
be resubmitted unmodified.
Fixes bug introduced in
a9e12869758430424804.
Signed-off-by: Mike McCormack <mikem@ring3k.org>
Acked-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Mike McCormack [Mon, 30 May 2011 23:50:24 +0000 (08:50 +0900)]
rtlwifi: Fix logic in rx_interrupt
Should pass along packet if there's no CRC and no hardware error.
Signed-off-by: Mike McCormack <mikem@ring3k.org>
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
John W. Linville [Tue, 7 Jun 2011 18:03:08 +0000 (14:03 -0400)]
Revert "mac80211: stop queues before rate control updation"
This reverts commit
1d38c16ce4156f63b45abbd09dd28ca2ef5172b4.
The mac80211 maintainer raised complaints about abuse of the CSA stop
reason, and about whether this patch actually serves its intended
purpose at all.
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Stanislaw Gruszka [Mon, 6 Jun 2011 13:11:30 +0000 (15:11 +0200)]
iwl4965: set tx power after rxon_assoc
Setting tx power can be deferred during scan or changing channel.
If after that correct tx power settings will not be sent to device,
we can observe transmission problems and timeouts. Force to send
tx power settings also after partial rxon change, to assure device
always be configured with up-to-date settings.
Resolves:
https://bugzilla.kernel.org/show_bug.cgi?id=36492
Cc: stable@kernel.org # 2.6.39+
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Stanislaw Gruszka [Sat, 4 Jun 2011 14:48:54 +0000 (16:48 +0200)]
rt2x00: fix rmmod crash
Avoid queue and run autowakeup_work when device is not present anymore.
That prevent rmmod and device remove crash introduced by:
commit
1c0bcf89d85cc97a0d9ce4cd909351a81fa4fdde
Author: Ivo van Doorn <ivdoorn@gmail.com>
Date: Sat Apr 30 17:18:18 2011 +0200
rt2x00: Add autowake support for USB hardware
Signed-off-by: Stanislaw Gruszka <stf_xl@wp.pl>
Acked-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Stanislaw Gruszka [Thu, 26 May 2011 15:14:22 +0000 (17:14 +0200)]
iwlagn: use cts-to-self protection on 5000 adapters series
This patch fixes 802.11n stability and performance regression we have
since 2.6.35. It boost performance on my 5GHz N-only network from about
5MB/s to 8MB/s. Similar percentage boost can be observed on 2.4 GHz.
These are test results of 5x downloading of approximately 700MB iso
image:
vanilla: 5.27 5.22 4.94 4.47 5.31 ; avr 5.0420 std 0.35110
patched: 8.07 7.95 8.06 7.99 7.96 ; avr 8.0060 std 0.055946
This was achieved with NetworkManager configured to do not perform
periodical scans, by configuring constant BSSID. With periodical scans,
after some time, performance downgrade to unpatched driver level, like
in example below:
patched: 7.40 7.61 4.28 4.37 4.80 avr 5.6920 std 1.6683
However patch still make better here, since similar test on unpatched
driver make link disconnects with below messages after some time:
wlan1: authenticate with 00:23:69:35:d1:3f (try 1)
wlan1: authenticate with 00:23:69:35:d1:3f (try 2)
wlan1: authenticate with 00:23:69:35:d1:3f (try 3)
wlan1: authentication with 00:23:69:35:d1:3f timed out
On 2.6.35 kernel patch helps against connection hangs with messages:
iwlagn 0000:20:00.0: queue 10 stuck 3 time. Fw reload.
iwlagn 0000:20:00.0: On demand firmware reload
iwlagn 0000:20:00.0: Stopping AGG while state not ON or starting
Cc: stable@kernel.org # 2.6.35+
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Acked-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
John W. Linville [Mon, 6 Jun 2011 18:35:27 +0000 (14:35 -0400)]
Revert "mac80211: Skip tailroom reservation for full HW-crypto devices"
This reverts commit
aac6af5534fade2b18682a0b9efad1a6c04c34c6.
Conflicts:
net/mac80211/key.c
That commit has a race that causes a warning, as documented in the thread
here:
http://marc.info/?l=linux-wireless&m=
130717684914101&w=2
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Daniel Drake [Thu, 2 Jun 2011 23:13:26 +0000 (00:13 +0100)]
libertas_sdio: handle spurious interrupts
Commit
06e8935febe687e2a561707d4c7ca4245d261dbe adds an IRQ handling
optimization for single-function SDIO cards like this one, but at the
same time exposes a small hardware bug.
During hardware init, an interrupt is generated with (apparently) no
source. Previously, mmc threw this interrupt away, but now (due to the
optimization), the mmc layer passes this onto libertas, before it is ready
(and before it has enabled interrupts), causing a crash.
Work around this hardware bug by registering the IRQ handler later and
making it capable of handling interrupts with no cause. The change that
makes the IRQ handler registration happen later actually eliminates
the spurious interrupt as well.
Signed-off-by: Daniel Drake <dsd@laptop.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Thadeu Lima de Souza Cascardo [Thu, 2 Jun 2011 20:28:37 +0000 (17:28 -0300)]
mac80211: call dev_alloc_name before copying name to sdata
This partially reverts
1c5cae815d19ffe02bdfda1260949ef2b1806171, because
the netdev name is copied into sdata->name, which is used for debugging
messages, for example. Otherwise, we get messages like this:
wlan%d: authenticated
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@holoscopio.com>
Cc: Jiri Pirko <jpirko@redhat.com>
Cc: David S. Miller <davem@davemloft.net>
Cc: Johannes Berg <johannes@sipsolutions.net>
Cc: "John W. Linville" <linville@tuxdriver.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Stanislaw Gruszka [Thu, 2 Jun 2011 16:17:15 +0000 (18:17 +0200)]
iwlagn: fix channel switch locking
We use priv->mutex to avoid race conditions between iwl_chswitch_done()
and iwlagn_mac_channel_switch(), when marking channel switch in
progress. But iwl_chswitch_done() can be called in atomic context
from iwl_rx_csa() or with mutex already taken from iwlagn_commit_rxon().
These bugs were introduced by:
commit
79d07325502e73508f917475bc1617b60979dd94
Author: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Date: Thu May 6 08:54:11 2010 -0700
iwlwifi: support channel switch offload in driver
To fix remove mutex from iwl_chswitch_done() and use atomic bitops for
marking channel switch pending.
Also remove iwl2030_hw_channel_switch() since 2000 series adapters are
2.4GHz only devices.
Cc: stable@kernel.org # 2.6.36+
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Acked-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Nick Kossifidis [Thu, 2 Jun 2011 00:09:48 +0000 (03:09 +0300)]
ath5k: Disable fast channel switching by default
Disable fast channel change by default on AR2413/AR5413 due to
some bug reports (it still works for me but it's better to be safe).
Add a module parameter "fastchanswitch" in case anyone wants to enable
it and play with it.
Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>
Tested-by: Sedat Dilek <sedat.dilek@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Rafał Miłecki [Wed, 1 Jun 2011 09:01:11 +0000 (11:01 +0200)]
ssb: fix PCI(e) driver regression causing oops on PCI cards
We were incorrectly executing PCIe specific workarounds on PCI cards.
This resulted in:
Machine check in kernel mode.
Caused by (from SRR1=149030): Transfer error ack signal
Oops: Machine check, sig: 7 [#1]
Reported-by: Andreas Schwab <schwab@linux-m68k.org>
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Stanislaw Gruszka [Wed, 1 Jun 2011 15:17:57 +0000 (17:17 +0200)]
iwl4965: correctly validate temperature value
In some cases we can read wrong temperature value. If after that
temperature value will not be updated to good one, we badly configure
tx power parameters and device is unable to send a data.
Resolves:
https://bugzilla.kernel.org/show_bug.cgi?id=35932
Cc: stable@kernel.org # 2.6.39+
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Johannes Berg [Wed, 1 Jun 2011 06:29:54 +0000 (08:29 +0200)]
bluetooth l2cap: fix locking in l2cap_global_chan_by_psm
read_lock() ... read_unlock_bh() is clearly bogus.
This was broken by
commit
23691d75cdc69c3b285211b4d77746aa20a17d18
Author: Gustavo F. Padovan <padovan@profusion.mobi>
Date: Wed Apr 27 18:26:32 2011 -0300
Bluetooth: Remove l2cap_sk_list
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Daniel Halperin [Tue, 31 May 2011 18:59:30 +0000 (11:59 -0700)]
ath9k: fix two more bugs in tx power
This is the same fix as
commit
841051602e3fa18ea468fe5a177aa92b6eb44b56
Author: Matteo Croce <technoboy85@gmail.com>
Date: Fri Dec 3 02:25:08 2010 +0100
The ath9k driver subtracts 3 dBm to the txpower as with two radios the
signal power is doubled.
The resulting value is assigned in an u16 which overflows and makes
the card work at full power.
in two more places. I grepped the ath tree and didn't find any others.
Cc: stable@kernel.org
Signed-off-by: Daniel Halperin <dhalperi@cs.washington.edu>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Eliad Peller [Sun, 29 May 2011 12:53:20 +0000 (15:53 +0300)]
cfg80211: don't drop p2p probe responses
Commit
0a35d36 ("cfg80211: Use capability info to detect mesh beacons")
assumed that probe response with both ESS and IBSS bits cleared
means that the frame was sent by a mesh sta.
However, these capabilities are also being used in the p2p_find phase,
and the mesh-validation broke it.
Rename the WLAN_CAPABILITY_IS_MBSS macro, and verify that mesh ies
exist before assuming this frame was sent by a mesh sta.
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Wey-Yi Guy [Mon, 30 May 2011 16:32:52 +0000 (09:32 -0700)]
iwlagn: fix incorrect PCI subsystem id for 6150 devices
For 6150 devices, modify the supported PCI subsystem ID.
Cc: stable@kernel.org
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Jussi Kivilinna [Mon, 30 May 2011 07:15:47 +0000 (10:15 +0300)]
zd1211rw: fix to work on OHCI
zd1211 devices register 'EP 4 OUT' endpoint as Interrupt type on USB 2.0:
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x04 EP 4 OUT
bmAttributes 3
Transfer Type Interrupt
Synch Type None
Usage Type Data
wMaxPacketSize 0x0040 1x 64 bytes
bInterval 1
However on USB 1.1 endpoint becomes Bulk:
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x04 EP 4 OUT
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0040 1x 64 bytes
bInterval 0
Commit
37939810b937aba830dd751291fcdc51cae1a6cb assumed that endpoint is
always interrupt type and changed usb_bulk_msg() calls to usb_interrupt_msg().
Problem here is that usb_bulk_msg() on interrupt endpoint selfcorrects the
call and changes requested pipe to interrupt type (see usb_bulk_msg).
However with usb_interrupt_msg() on bulk endpoint does not correct the
pipe type to bulk, but instead URB is submitted with interrupt type pipe.
So pre-2.6.39 used usb_bulk_msg() and therefore worked with both endpoint
types, however in 2.6.39 usb_interrupt_msg() with bulk endpoint causes
ohci_hcd to fail submitted URB instantly with -ENOSPC and preventing zd1211rw
from working with OHCI.
Fix this by detecting endpoint type and using correct endpoint/pipe types
for URB. Also fix asynchronous zd_usb_iowrite16v_async() to use right
URB type on 'EP 4 OUT'.
Cc: stable@kernel.org
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Luciano Coelho [Fri, 27 May 2011 12:34:48 +0000 (15:34 +0300)]
wl12xx: fix oops in sched_scan when forcing a passive scan
Fix kernel oops when trying to use passive scheduled scans. The
reason was that in passive scans there are no SSIDs, so there was a
NULL pointer dereference.
To solve the problem, we now check the number of SSIDs provided in the
sched_scan request and only access the list if there's one or more
(ie. passive scan is not forced). We also force all the channels to
be passive by adding the IEEE80211_CHAN_PASSIVE_SCAN flag locally
before the checks in the wl1271_scan_get_sched_scan_channels()
function.
Signed-off-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Luciano Coelho [Fri, 27 May 2011 12:34:47 +0000 (15:34 +0300)]
wl12xx: add separate config value for DFS dwell time on sched scan
Use a different value for DFS dwell time when performing a scheduled
scan. Previously we were using the same value as for normal passive
scans. This adds some flexibility between these two different types
of passive scan.
For now we use 150 TUs for DFS channel dwell time. This may need to
be fine-tuned in the future.
Signed-off-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Luciano Coelho [Fri, 27 May 2011 12:34:46 +0000 (15:34 +0300)]
wl12xx: fix DFS channels handling in scheduled scan
DFS channels were never getting included in the scheduled scans,
because they always contain the passive flag as well and the call was
asking for DFS and active channels.
Fix this by ignoring the passive flag when collecting DFS channels.
Also, move the DFS channels in the channel list before the 5GHz active
channels (this was implemented in the FW differently than specified).
Signed-off-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Luciano Coelho [Fri, 27 May 2011 12:34:45 +0000 (15:34 +0300)]
wl12xx: fix passive and radar channel generation for scheduled scan
We were comparing bitwise AND results with a boolean, so when the
boolean was set to true, it was not matching as it should.
Fix this by booleanizing the bitwise AND results with !!.
Signed-off-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Daniel Drake [Thu, 26 May 2011 20:31:08 +0000 (21:31 +0100)]
libertas: Set command sequence number later to ensure consistency
Before this patch, the command sequence number is being set before
lbs_queue_cmd() adds the command to the queue. However, lbs_queue_cmd()
sometimes forces commands to queue-jump (e.g. CMD_802_11_WAKEUP_CONFIRM).
It currently does this without considering that sequence numbers might need
adjusting to keep things running in order.
Fix this by setting the sequence number at a later stage, just before
we're actually submitting the command to the hardware. Also fixes a
possible race where seqnum was being modified outside of the driver
lock.
Signed-off-by: Daniel Drake <dsd@laptop.org>
Acked-by: Dan Williams <dcbw@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
John W. Linville [Fri, 27 May 2011 19:18:35 +0000 (15:18 -0400)]
Merge git://git./linux/kernel/git/linville/wireless-next-2.6 into for-davem
David S. Miller [Fri, 27 May 2011 17:41:33 +0000 (13:41 -0400)]
net: Kill ratelimit.h dependency in linux/net.h
Ingo Molnar noticed that we have this unnecessary ratelimit.h
dependency in linux/net.h, which hid compilation problems from
people doing builds only with CONFIG_NET enabled.
Move this stuff out to a seperate net/net_ratelimit.h file and
include that in the only two places where this thing is needed.
Signed-off-by: David S. Miller <davem@davemloft.net>
Acked-by: Ingo Molnar <mingo@elte.hu>
David S. Miller [Thu, 26 May 2011 20:40:37 +0000 (16:40 -0400)]
net: Add linux/sysctl.h includes where needed.
Several networking headers were depending upon the implicit
linux/sysctl.h include they get when including linux/net.h
Add explicit includes.
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Thu, 26 May 2011 20:30:57 +0000 (16:30 -0400)]
net: Kill ether_table[] declaration.
This got missed back in 2006 when Jes Sorensen deleted
net/ethernet/sysctl_net_ether.c
Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Dumazet [Thu, 26 May 2011 17:27:11 +0000 (17:27 +0000)]
inetpeer: fix race in unused_list manipulations
Several crashes in cleanup_once() were reported in recent kernels.
Commit
d6cc1d642de9 (inetpeer: various changes) added a race in
unlink_from_unused().
One way to avoid taking unused_peers.lock before doing the list_empty()
test is to catch 0->1 refcnt transitions, using full barrier atomic
operations variants (atomic_cmpxchg() and atomic_inc_return()) instead
of previous atomic_inc() and atomic_add_unless() variants.
We then call unlink_from_unused() only for the owner of the 0->1
transition.
Add a new atomic_add_unless_return() static helper
With help from Arun Sharma.
Refs: https://bugzilla.kernel.org/show_bug.cgi?id=32772
Reported-by: Arun Sharma <asharma@fb.com>
Reported-by: Maximilian Engelhardt <maxi@daemonizer.de>
Reported-by: Yann Dupont <Yann.Dupont@univ-nantes.fr>
Reported-by: Denys Fedoryshchenko <denys@visp.net.lb>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Dan Williams [Fri, 27 May 2011 04:51:54 +0000 (04:51 +0000)]
atm: expose ATM device index in sysfs
It's currently exposed only through /proc which, besides requiring
screen-scraping, doesn't allow userspace to distinguish between two
identical ATM adapters with different ATM indexes. The ATM device index
is required when using PPPoATM on a system with multiple ATM adapters.
Signed-off-by: Dan Williams <dcbw@redhat.com>
Reviewed-by: Eric Dumazet <eric.dumazet@gmail.com>
Tested-by: David Woodhouse <dwmw2@infradead.org>
Cc: stable@kernel.org
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Fri, 27 May 2011 17:04:40 +0000 (13:04 -0400)]
Merge branch 'pablo/nf-2.6-updates' of git://1984.lsi.us.es/net-2.6
Adrian Chadd [Thu, 26 May 2011 17:08:04 +0000 (01:08 +0800)]
ath9k: Fix AR9287 calibration
The AR9287 calibration code was not being called because of an
incorrect MAC revision check.
This forced the AR9287 to use the AR9285 initial calibration code and
bypass the AR9287 code entirely.
Signed-off-by: Adrian Chadd <adrian@freebsd.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Jesper Juhl [Thu, 26 May 2011 08:53:17 +0000 (10:53 +0200)]
mac80211: Remove duplicate linux/slab.h include from net/mac80211/scan.c
Commit
79f460ca49d8d5700756ab7071c951311c7f29cc add a duplicate
linux/slab.h include to net/mac80211/scan.c - remove it.
Signed-off-by: Jesper Juhl <jj@chaosbits.net>
Acked-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Eliad Peller [Thu, 26 May 2011 08:46:37 +0000 (11:46 +0300)]
mac80211: clear local->ps_data on disassoc
local->ps_data wasn't cleared on disassociation, which
(in some corner cases) caused reconnections to enter
psm before association completed.
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Tao Ma [Wed, 25 May 2011 01:44:05 +0000 (09:44 +0800)]
wireless: Default to 'n' for 2 new added devices in Kconfig.
We make oldconfig every time when a new kernel arrives, but
if we don't have such a device(I guess this is the most common
case for a new device), the default value should be 'n' so
that the kernel size we build doesn't grow up too much quickly.
For anyone who has the device, it is OK for them to turn it on
by themselves.
Cc: "John W. Linville" <linville@tuxdriver.com>
Cc: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Tao Ma <boyu.mt@taobao.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Stanislaw Gruszka [Tue, 24 May 2011 14:28:55 +0000 (16:28 +0200)]
iwl4965: fix 5GHz operation
rx_status.band is used uninitialized, what disallow to work on 5GHz .
Cc: stable@kernel.org # 2.6.39+
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Hans Schillstrom [Tue, 24 May 2011 12:11:05 +0000 (14:11 +0200)]
IPVS: bug in ip_vs_ftp, same list heaad used in all netns.
When ip_vs was adapted to netns the ftp application was not adapted
in a correct way.
However this is a fix to avoid kernel errors. In the long term another solution
might be chosen. I.e the ports that the ftp appl, uses should be per netns.
Signed-off-by: Hans Schillstrom <hans.schillstrom@ericsson.com>
Acked-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Rajkumar Manoharan [Fri, 20 May 2011 12:22:15 +0000 (17:52 +0530)]
mac80211: stop queues before rate control updation
Stop tx queues before updating rate control to ensure
proper rate selection. Otherwise packets can be transmitted
in 40 Mhz whereas hw is configured in HT20.
Signed-off-by: Rajkumar Manoharan <rmanoharan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Rajkumar Manoharan [Fri, 20 May 2011 12:22:14 +0000 (17:52 +0530)]
ath9k: set 40 Mhz rate only if hw is configured in ht40
Whenever there is a channel width change from 40 Mhz to 20 Mhz,
the hardware is reconfigured to ht20. Meantime before doing
the rate control updation, the packets are being transmitted are
selected rate with IEEE80211_TX_RC_40_MHZ_WIDTH.
While transmitting ht40 rate packets in ht20 mode is causing
baseband panic with AR9003 based chips.
==== BB update: BB status=0x02001109 ====
ath: ** BB state: wd=1 det=1 rdar=0 rOFDM=1 rCCK=1 tOFDM=0 tCCK=0 agc=2
src=0 **
ath: ** BB WD cntl: cntl1=0xffff0085 cntl2=0x00000004 **
ath: ** BB mode: BB_gen_controls=0x000033c0 **
ath: ** BB busy times: rx_clear=99%, rx_frame=0%, tx_frame=0% **
ath: ==== BB update: done ====
Cc: stable@kernel.org
Signed-off-by: Rajkumar Manoharan <rmanoharan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Rajkumar Manoharan [Fri, 20 May 2011 12:22:13 +0000 (17:52 +0530)]
ath9k_hw: disable phy restart on baseband panic caused by RXSM
While receiving unsupported rate frame rx state machine
gets into a state 0xb and if phy_restart happens in that
state, BB would go hang. If RXSM is in 0xb state after
first bb panic, ensure to disable the phy_restart.
Signed-off-by: Rajkumar Manoharan <rmanoharan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Rajkumar Manoharan [Fri, 20 May 2011 12:22:10 +0000 (17:52 +0530)]
ath9k: Reset chip on baseband hang
Resetting hardware helps to recover from baseband
hang/panic for AR9003 based chips.
Cc: stable@kernel.org
Signed-off-by: Rajkumar Manoharan <rmanoharan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Rafał Miłecki [Thu, 19 May 2011 23:04:46 +0000 (01:04 +0200)]
b43: N-PHY: initialize last var in calibration function
Reported-by: Larry Finger <larry.finger@lwfinger.net>
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Larry Finger [Thu, 19 May 2011 16:48:45 +0000 (11:48 -0500)]
rtlwifi: Use order 2 RX buffer allocation only if necessary
Although a previous fix handles the kernel panics that result from
failure to allocate a new RX buffer, memory fragmentation can be
reduced if the amsdu_8k capability is disabled as new buffers need only
be of O(0), not O(2).
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Larry Finger [Thu, 19 May 2011 15:17:04 +0000 (10:17 -0500)]
rtlwifi: Fix kernel panic resulting from RX buffer allocation failure
To handle amsdu_8k capability, the PCI routine of this driver must
allocate receive buffers of order 2. Under heavy load, this causes
fragmentation of memory. The present code releases the current buffer
before checking to see if a new one is availble. Recovery from
allocation failures is not possible, which results in kernel panics.
The fix is to reorder the code to check that a new buffer can be
allocated before the old one is released. If not possible, the
received frame is dropped and the old one is reused. Without this
change, it is impossible to transfer a 2 GB file without a kernel panic.
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Cc: Stable <stable@vger.kernel.org> [2.6.{37,38,39}]
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Luciano Coelho [Wed, 18 May 2011 21:43:38 +0000 (00:43 +0300)]
nl80211: fix check for valid SSID size in scan operations
In both trigger_scan and sched_scan operations, we were checking for
the SSID length before assigning the value correctly. Since the
memory was just kzalloc'ed, the check was always failing and SSID with
over 32 characters were allowed to go through.
This was causing a buffer overflow when copying the actual SSID to the
proper place.
This bug has been there since 2.6.29-rc4.
Cc: stable@kernel.org
Signed-off-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Yogesh Ashok Powar [Wed, 18 May 2011 19:02:03 +0000 (12:02 -0700)]
mwifiex: correct event header length
While decoding received event packet from firmware, 4 bytes
of interface header are already removed unconditionally.
So for handling event only 4 more bytes needs to be pulled.
This is achieved by changing event header length to 4.
Almost all the events, except BA stream related and AMSDU
aggregation control events, do not have the payload in their
event skb. Such events handling depends only on the event ID.
This event ID is the first four bytes of the event skb, which
is copied to a separate variable before pulling the skb header.
Hence event handling worked only for those events that didn't
have payload in event skb.
This patch fixes the broken event path of the events with
payload in their event skb without harming existing working
event path for the events without payload.
Signed-off-by: Yogesh Ashok Powar <yogeshp@marvell.com>
Signed-off-by: Kiran Divekar <dkiran@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
David S. Miller [Thu, 26 May 2011 19:00:31 +0000 (15:00 -0400)]
bug.h: Move ratelimit warn interfaces to ratelimit.h
As reported by Ingo Molnar, we still have configuration combinations
where use of the WARN_RATELIMIT interfaces break the build because
dependencies don't get met.
Instead of going down the long road of trying to make it so that
ratelimit.h can get included by kernel.h or asm-generic/bug.h,
just move the interface into ratelimit.h and make users have
to include that.
Reported-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: David S. Miller <davem@davemloft.net>
Acked-by: Randy Dunlap <randy.dunlap@oracle.com>
Andy Gospodarek [Wed, 25 May 2011 04:41:59 +0000 (04:41 +0000)]
bonding: cleanup module option descriptions
Weiping Pan noticed that the module option description for
xmit_hash_policy was incorrect and was nice enough to post a patch to
fix it. The text was correct, but created a line over 80 characters and
I would rather not add those. I realized I could take a few minutes and
clean up all the descriptions and things would look much better. This
is the result.
Based on patch from Weiping Pan <panweiping3@gmail.com>.
Signed-off-by: Andy Gospodarek <andy@greyhouse.net>
CC: Weiping Pan <panweiping3@gmail.com>
Reviewed-by: Weiping Pan <panweiping3@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Justin Mattock [Mon, 23 May 2011 20:43:48 +0000 (20:43 +0000)]
net:8021q:vlan.c Fix pr_info to just give the vlan fullname and version.
The below patch removes vlan_buggyright and vlan_copyright from vlan_proto_init,
so that it prints out just the fullname of vlan and the version number.
before:
[ 30.438203] 802.1Q VLAN Support v1.8 Ben Greear <greearb@candelatech.com>
[ 30.441542] All bugs added by David S. Miller <davem@redhat.com>
after:
[ 31.513910] 802.1Q VLAN Support v1.8
Signed-off-by: Justin P. Mattock <justinmattock@gmail.com>
CC: Joe Perches <joe@perches.com>
CC: David S. Miller <davem@davemloft.net>
CC: Ben Greear <greearb@candelatech.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Johan Hovold [Thu, 26 May 2011 04:37:32 +0000 (04:37 +0000)]
net: davinci_emac: fix dev_err use at probe
Use platform device rather than net device in dev_err calls before net
device has been registered to avoid messages such as
(null): DaVinci EMAC: Failed to get EMAC clock
Also replace remaining printks in probe with dev_{err,warn}.
Signed-off-by: Johan Hovold <jhovold@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Oliver Hartkopp [Thu, 26 May 2011 04:57:53 +0000 (04:57 +0000)]
can: convert to %pK for kptr_restrict support
As these pointers have been printed without using %p they were missed in the
big network kptr_restrict conversion patch %p -> %pK from Dan Rosenberg.
Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Michał Mirosław [Thu, 26 May 2011 00:42:57 +0000 (00:42 +0000)]
net: fix ETHTOOL_SFEATURES compatibility with old ethtool_ops.set_flags
Current code squashes flags to bool - this makes set_flags fail whenever
some ETH_FLAG_* equivalent features are set. Fix this.
Signed-off-by: Michał Mirosław <mirq-linux@rere.qmqm.pl>
Signed-off-by: David S. Miller <davem@davemloft.net>
David Miller [Thu, 19 May 2011 22:14:39 +0000 (18:14 -0400)]
netfilter: Fix several warnings in compat_mtw_from_user().
Kill set but not used 'entry_offset'.
Add a default case to the switch statement so the compiler
can see that we always initialize off and size_kern before
using them.
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Jozsef Kadlecsik [Tue, 24 May 2011 08:20:19 +0000 (10:20 +0200)]
netfilter: ipset: fix ip_set_flush return code
ip_set_flush returned -EPROTO instead of -IPSET_ERR_PROTOCOL, fixed
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Jozsef Kadlecsik [Tue, 24 May 2011 08:20:18 +0000 (10:20 +0200)]
netfilter: ipset: remove unused variable from type_pf_tdel()
Variable 'ret' is set in type_pf_tdel() but not used, remove.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Jozsef Kadlecsik [Tue, 24 May 2011 08:20:17 +0000 (10:20 +0200)]
netfilter: ipset: Use proper timeout value to jiffies conversion
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Flavio Leitner [Wed, 25 May 2011 08:38:58 +0000 (08:38 +0000)]
bonding: documentation and code cleanup for resend_igmp
Improves the documentation about how IGMP resend parameter
works, fix two missing checks and coding style issues.
Signed-off-by: Flavio Leitner <fbl@redhat.com>
Acked-by: Rick Jones <rick.jones2@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Neil Horman [Wed, 25 May 2011 08:13:01 +0000 (08:13 +0000)]
bonding: prevent deadlock on slave store with alb mode (v3)
This soft lockup was recently reported:
[root@dell-per715-01 ~]# echo +bond5 > /sys/class/net/bonding_masters
[root@dell-per715-01 ~]# echo +eth1 > /sys/class/net/bond5/bonding/slaves
bonding: bond5: doing slave updates when interface is down.
bonding bond5: master_dev is not up in bond_enslave
[root@dell-per715-01 ~]# echo -eth1 > /sys/class/net/bond5/bonding/slaves
bonding: bond5: doing slave updates when interface is down.
BUG: soft lockup - CPU#12 stuck for 60s! [bash:6444]
CPU 12:
Modules linked in: bonding autofs4 hidp rfcomm l2cap bluetooth lockd sunrpc
be2d
Pid: 6444, comm: bash Not tainted 2.6.18-262.el5 #1
RIP: 0010:[<
ffffffff80064bf0>] [<
ffffffff80064bf0>]
.text.lock.spinlock+0x26/00
RSP: 0018:
ffff810113167da8 EFLAGS:
00000286
RAX:
ffff810113167fd8 RBX:
ffff810123a47800 RCX:
0000000000ff1025
RDX:
0000000000000000 RSI:
ffff810123a47800 RDI:
ffff81021b57f6f8
RBP:
ffff81021b57f500 R08:
0000000000000000 R09:
000000000000000c
R10:
00000000ffffffff R11:
ffff81011d41c000 R12:
ffff81021b57f000
R13:
0000000000000000 R14:
0000000000000282 R15:
0000000000000282
FS:
00002b3b41ef3f50(0000) GS:
ffff810123b27940(0000) knlGS:
0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0:
000000008005003b
CR2:
00002b3b456dd000 CR3:
000000031fc60000 CR4:
00000000000006e0
Call Trace:
[<
ffffffff80064af9>] _spin_lock_bh+0x9/0x14
[<
ffffffff886937d7>] :bonding:tlb_clear_slave+0x22/0xa1
[<
ffffffff8869423c>] :bonding:bond_alb_deinit_slave+0xba/0xf0
[<
ffffffff8868dda6>] :bonding:bond_release+0x1b4/0x450
[<
ffffffff8006457b>] __down_write_nested+0x12/0x92
[<
ffffffff88696ae4>] :bonding:bonding_store_slaves+0x25c/0x2f7
[<
ffffffff801106f7>] sysfs_write_file+0xb9/0xe8
[<
ffffffff80016b87>] vfs_write+0xce/0x174
[<
ffffffff80017450>] sys_write+0x45/0x6e
[<
ffffffff8005d28d>] tracesys+0xd5/0xe0
It occurs because we are able to change the slave configuarion of a bond while
the bond interface is down. The bonding driver initializes some data structures
only after its ndo_open routine is called. Among them is the initalization of
the alb tx and rx hash locks. So if we add or remove a slave without first
opening the bond master device, we run the risk of trying to lock/unlock a
spinlock that has garbage for data in it, which results in our above softlock.
Note that sometimes this works, because in many cases an unlocked spinlock has
the raw_lock parameter initialized to zero (meaning that the kzalloc of the
net_device private data is equivalent to calling spin_lock_init), but thats not
true in all cases, and we aren't guaranteed that condition, so we need to pass
the relevant spinlocks through the spin_lock_init function.
Fix it by moving the spin_lock_init calls for the tx and rx hashtable locks to
the ndo_init path, so they are ready for use by the bond_store_slaves path.
Change notes:
v2) Based on conversation with Jay and Nicolas it seems that the ability to
enslave devices while the bond master is down should be safe to do. As such
this is an outlier bug, and so instead we'll just initalize the errant spinlocks
in the init path rather than the open path, solving the problem. We'll also
remove the warnings about the bond being down during enslave operations, since
it should be safe
v3) Fix spelling error
Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
Reported-by: jtluka@redhat.com
CC: Jay Vosburgh <fubar@us.ibm.com>
CC: Andy Gospodarek <andy@greyhouse.net>
CC: nicolas.2p.debian@gmail.com
CC: "David S. Miller" <davem@davemloft.net>
Signed-off-by: Jay Vosburgh <fubar@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Dumazet [Wed, 25 May 2011 07:34:04 +0000 (07:34 +0000)]
net: hold rtnl again in dump callbacks
Commit
e67f88dd12f6 (dont hold rtnl mutex during netlink dump callbacks)
missed fact that rtnl_fill_ifinfo() must be called with rtnl held.
Because of possible deadlocks between two mutexes (cb_mutex and rtnl),
its not easy to solve this problem, so revert this part of the patch.
It also forgot one rcu_read_unlock() in FIB dump_rules()
Add one ASSERT_RTNL() in rtnl_fill_ifinfo() to remind us the rule.
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
CC: Patrick McHardy <kaber@trash.net>
CC: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Meelis Roos [Wed, 25 May 2011 05:43:47 +0000 (05:43 +0000)]
Add Fujitsu 1000base-SX PCI ID to tg3
This patch adds the PCI ID of Fujitsu 1000base-SX NIC to tg3 driver.
Tested to detect the card, MAC and serdes, not tested with link at the
moment since I have no fiber switch here. I did not add new constants to
the pci_ids.h header file since these constants are used only here.
Signed-off-by: Meelis Roos <mroos@linux.ee>
Signed-off-by: David S. Miller <davem@davemloft.net>
Dmitry Kravkov [Wed, 25 May 2011 04:55:51 +0000 (04:55 +0000)]
bnx2x: protect sequence increment with mutex
Signed-off-by: Dmitry Kravkov <dmitry@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Dumazet [Wed, 25 May 2011 04:40:11 +0000 (04:40 +0000)]
sch_sfq: fix peek() implementation
Since commit
eeaeb068f139 (sch_sfq: allow big packets and be fair),
sfq_peek() can return a different skb that would be normally dequeued by
sfq_dequeue() [ if current slot->allot is negative ]
Use generic qdisc_peek_dequeued() instead of custom implementation, to
get consistent result.
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
CC: Jarek Poplawski <jarkao2@gmail.com>
CC: Patrick McHardy <kaber@trash.net>
CC: Jesper Dangaard Brouer <hawk@diku.dk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Prarit Bhargava [Wed, 25 May 2011 02:12:23 +0000 (02:12 +0000)]
isdn: netjet - blacklist Digium TDM400P
[2nd try ... 1st attempt didn't make it to netdev mailing list]
A quick google search reveals that people with this card are blacklisting it
in the initramfs and in the module blacklist based on a statement that it
is unsupported. Since the older Digium is also unsupported I'm pretty
confident that this newer card is also not supported.
lspci -xxx -vv shows
04:07.0 Communication controller: Tiger Jet Network Inc. Tiger3XX Modem/ISDN interface
Subsystem: Device b100:0003
P.
----8<----
The Asterisk Voice Card, DIGIUM TDM400P is unsupported by the netjet driver.
Blacklist it like the Digium X100P/X101P card.
Signed-off-by: Prarit Bhargava <prarit@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Ulrich Hecht [Wed, 25 May 2011 01:07:22 +0000 (01:07 +0000)]
via-velocity: don't annotate MAC registers as packed
On ARM, memory accesses through packed pointers behave in unexpected
ways in GCC releases 4.3 and higher; see https://lkml.org/lkml/2011/2/2/163
for discussion.
In this particular case, 32-bit I/O registers are accessed bytewise,
causing incorrect setting of the DMA address registers which in turn
leads to an error interrupt storm that brings the system to a halt.
Since the mac_regs structure does not need any packing anyway, this patch
simply removes the attribute to fix the issue.
Signed-off-by: Ulrich Hecht <uli@suse.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Ian Campbell [Tue, 24 May 2011 21:56:02 +0000 (21:56 +0000)]
xen: netfront: hold RTNL when updating features.
Konrad reports:
[ 0.930811] RTNL: assertion failed at /home/konrad/ssd/linux/net/core/dev.c (5258)
[ 0.930821] Pid: 22, comm: xenwatch Not tainted
2.6.39-05193-gd762f43 #1
[ 0.930825] Call Trace:
[ 0.930834] [<
ffffffff8143bd0e>] __netdev_update_features+0xae/0xe0
[ 0.930840] [<
ffffffff8143dd41>] netdev_update_features+0x11/0x30
[ 0.930847] [<
ffffffffa0037105>] netback_changed+0x4e5/0x800 [xen_netfront]
[ 0.930854] [<
ffffffff8132a838>] xenbus_otherend_changed+0xa8/0xb0
[ 0.930860] [<
ffffffff8157ca99>] ? _raw_spin_unlock_irqrestore+0x19/0x20
[ 0.930866] [<
ffffffff8132adfe>] backend_changed+0xe/0x10
[ 0.930871] [<
ffffffff8132875a>] xenwatch_thread+0xba/0x180
[ 0.930876] [<
ffffffff810a8ba0>] ? wake_up_bit+0x40/0x40
[ 0.930881] [<
ffffffff813286a0>] ? split+0xf0/0xf0
[ 0.930886] [<
ffffffff810a8646>] kthread+0x96/0xa0
[ 0.930891] [<
ffffffff815855a4>] kernel_thread_helper+0x4/0x10
[ 0.930896] [<
ffffffff815846b3>] ? int_ret_from_sys_call+0x7/0x1b
[ 0.930901] [<
ffffffff8157cf61>] ? retint_restore_args+0x5/0x6
[ 0.930906] [<
ffffffff815855a0>] ? gs_change+0x13/0x13
This update happens in xenbus watch callback context and hence does not already
hold the rtnl. Take the lock as necessary.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Tested-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>