- 13 11月, 2010 7 次提交
-
-
由 Hao Zheng 提交于
Depending on how a packet is vlan tagged (i.e. hardware accelerated or not), the encapsulated protocol is stored in different locations. This provides a consistent method of accessing that protocol, which is needed by drivers, security checks, etc. Signed-off-by: NHao Zheng <hzheng@nicira.com> Signed-off-by: NJesse Gross <jesse@nicira.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Jason Wang 提交于
For device that supports VIRTIO_NET_F_STATUS, there's no need to assume the link is up and we need to call nerif_carrier_off() before querying device status, otherwise we may get wrong operstate after diver was loaded because the link watch event was not fired as expected. For device that does not support VIRITO_NET_F_STATUS, we could not get its status through virtnet_update_status() and what we can only do is always assuming the link is up. Acked-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NJason Wang <jasowang@redhat.com> Signed-off-by: NRusty Russell <rusty@rustcorp.com.au> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Joakim Tjernlund 提交于
This script: while [ 1==1 ] ; do ifconfig eth0 up; usleep 1950000 ;ifconfig eth0 down; dmesg -c ;done causes in just a second or two: INFO: task ifconfig:572 blocked for more than 120 seconds. "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. ifconfig D 0ff65760 0 572 369 0x00000000 Call Trace: [c6157be0] [c6008460] 0xc6008460 (unreliable) [c6157ca0] [c0008608] __switch_to+0x4c/0x6c [c6157cb0] [c028fecc] schedule+0x184/0x310 [c6157ce0] [c0290e54] __mutex_lock_slowpath+0xa4/0x150 [c6157d20] [c0290c48] mutex_lock+0x44/0x48 [c6157d30] [c01aba74] phy_stop+0x20/0x70 [c6157d40] [c01aef40] ucc_geth_stop+0x30/0x98 [c6157d60] [c01b18fc] ucc_geth_close+0x9c/0xdc [c6157d80] [c01db0cc] __dev_close+0xa0/0xd0 [c6157d90] [c01deddc] __dev_change_flags+0x8c/0x148 [c6157db0] [c01def54] dev_change_flags+0x1c/0x64 [c6157dd0] [c0237ac8] devinet_ioctl+0x678/0x784 [c6157e50] [c0239a58] inet_ioctl+0xb0/0xbc [c6157e60] [c01cafa8] sock_ioctl+0x174/0x2a0 [c6157e80] [c009a16c] vfs_ioctl+0xcc/0xe0 [c6157ea0] [c009a998] do_vfs_ioctl+0xc4/0x79c [c6157f10] [c009b0b0] sys_ioctl+0x40/0x74 [c6157f40] [c00117c4] ret_from_syscall+0x0/0x38 The reason appears to be ucc_geth_stop meets adjust_link as the PHY reports PHY changes. I belive adjust_link hangs somewhere, holding the PHY lock, because ucc_geth_stop disabled the controller HW. Fix is to stop the PHY before disabling the controller. Signed-off-by: NJoakim Tjernlund <Joakim.Tjernlund@transmode.se> Reviewed-by: NAnton Vorontsov <cbouatmailru@gmail.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Joakim Tjernlund 提交于
ucc_geth_close lacks a cancel_work_sync(&ugeth->timeout_work) to stop any outstanding processing of TX fail. However, one can not call cancel_work_sync without fixing the timeout function otherwise it will deadlock. This patch brings ucc_geth in line with gianfar: Don't bring the interface down and up, just reinit controller HW and PHY. Signed-off-by: NJoakim Tjernlund <Joakim.Tjernlund@transmode.se> Reviewed-by: NAnton Vorontsov <cbouatmailru@gmail.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Mariusz Kozlowski 提交于
Parameter 'len' is size_t type so it will never get negative. Signed-off-by: NMariusz Kozlowski <mk@lab.zgora.pl> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Thomas Graf 提交于
nlmsg_total_size() calculates the length of a netlink message including header and alignment. nla_total_size() calculates the space an individual attribute consumes which was meant to be used in this context. Also, ensure to account for the attribute header for the IFLA_INFO_XSTATS attribute as implementations of get_xstats_size() seem to assume that we do so. The addition of two message headers minus the missing attribute header resulted in a calculated message size that was larger than required. Therefore we never risked running out of skb tailroom. Signed-off-by: NThomas Graf <tgraf@infradead.org> Acked-by: NPatrick McHardy <kaber@trash.net> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 12 11月, 2010 2 次提交
-
-
由 Shan Wei 提交于
The type of FRAG6_CB(prev)->offset is int, skb->len is *unsigned* int, and offset is int. Without this patch, type conversion occurred to this expression, when (FRAG6_CB(prev)->offset + prev->len) is less than offset. Signed-off-by: NShan Wei <shanwei@cn.fujitsu.com> Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Eric Paris 提交于
The NF_HOOK_COND returns 0 when it shouldn't due to what I believe to be an error in the code as the order of operations is not what was intended. C will evalutate == before =. Which means ret is getting set to the bool result, rather than the return value of the function call. The code says if (ret = function() == 1) when it meant to say: if ((ret = function()) == 1) Normally the compiler would warn, but it doesn't notice it because its a actually complex conditional and so the wrong code is wrapped in an explict set of () [exactly what the compiler wants you to do if this was intentional]. Fixing this means that errors when netfilter denies a packet get propagated back up the stack rather than lost. Problem introduced by commit 2249065f (netfilter: get rid of the grossness in netfilter.h). Signed-off-by: NEric Paris <eparis@redhat.com> Cc: stable@kernel.org Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
- 11 11月, 2010 6 次提交
-
-
由 David S. Miller 提交于
As noted by Steve Chen, since commit f5fff5dc ("tcp: advertise MSS requested by user") we can end up with a situation where tcp_select_initial_window() does a divide by a zero (or even negative) mss value. The problem is that sometimes we effectively subtract TCPOLEN_TSTAMP_ALIGNED and/or TCPOLEN_MD5SIG_ALIGNED from the mss. Fix this by increasing the minimum from 8 to 64. Reported-by: NSteve Chen <schen@mvista.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Eric Dumazet 提交于
Robin Holt tried to boot a 16TB machine and found some limits were reached : sysctl_tcp_mem[2], sysctl_udp_mem[2] We can switch infrastructure to use long "instead" of "int", now atomic_long_t primitives are available for free. Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com> Reported-by: NRobin Holt <holt@sgi.com> Reviewed-by: NRobin Holt <holt@sgi.com> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Vasiliy Kulikov 提交于
packet_getname_spkt() doesn't initialize all members of sa_data field of sockaddr struct if strlen(dev->name) < 13. This structure is then copied to userland. It leads to leaking of contents of kernel stack memory. We have to fully fill sa_data with strncpy() instead of strlcpy(). The same with packet_getname(): it doesn't initialize sll_pkttype field of sockaddr_ll. Set it to zero. Signed-off-by: NVasiliy Kulikov <segooon@gmail.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 David S. Miller 提交于
There is a possibility malicious users can get limited information about uninitialized stack mem array. Even if sk_run_filter() result is bound to packet length (0 .. 65535), we could imagine this can be used by hostile user. Initializing mem[] array, like Dan Rosenberg suggested in his patch is expensive since most filters dont even use this array. Its hard to make the filter validation in sk_chk_filter(), because of the jumps. This might be done later. In this patch, I use a bitmap (a single long var) so that only filters using mem[] loads/stores pay the price of added security checks. For other filters, additional cost is a single instruction. [ Since we access fentry->k a lot now, cache it in a local variable and mark filter entry pointer as const. -DaveM ] Reported-by: NDan Rosenberg <drosenberg@vsecurity.com> Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Vasiliy Kulikov 提交于
Sometimes ax25_getname() doesn't initialize all members of fsa_digipeater field of fsa struct, also the struct has padding bytes between sax25_call and sax25_ndigis fields. This structure is then copied to userland. It leads to leaking of contents of kernel stack memory. Signed-off-by: NVasiliy Kulikov <segooon@gmail.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
- 10 11月, 2010 6 次提交
-
-
由 Eric Dumazet 提交于
Followup of commit ef885afb (net: use rcu_barrier() in rollback_registered_many) dst_dev_event() scans a garbage dst list that might be feeded by various network notifiers at device dismantle time. Its important to call dst_dev_event() after other notifiers, or we might enter the infamous msleep(250) in netdev_wait_allrefs(), and wait one second before calling again call_netdevice_notifiers(NETDEV_UNREGISTER, dev) to properly remove last device references. Use priority -10 to let dst_dev_notifier be called after other network notifiers (they have the default 0 priority) Reported-by: NBen Greear <greearb@candelatech.com> Reported-by: NNicolas Dichtel <nicolas.dichtel@6wind.com> Reported-by: NOctavian Purdila <opurdila@ixiacom.com> Reported-by: NBenjamin LaHaise <bcrl@kvack.org> Tested-by: NBen Greear <greearb@candelatech.com> Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Wey-Yi Guy 提交于
In order to use build-in debugging macro, pci_dev in priv need to be assigned first. This fix iwl3945 driver oopsed at boot with 2.6.37-rc1 Signed-off-by: NWey-Yi Guy <wey-yi.w.guy@intel.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Kulikov Vasiliy 提交于
Structure sockaddr_tipc is copied to userland with padding bytes after "id" field in union field "name" unitialized. It leads to leaking of contents of kernel stack memory. We have to initialize them to zero. Signed-off-by: NVasiliy Kulikov <segooon@gmail.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 françois romieu 提交于
As device_set_wakeup_enable can now sleep, move the call to outside the critical section. Signed-off-by: NDaniel J Blueman <daniel.blueman@gmail.com> Acked-by: NRafael J. Wysocki <rjw@sisk.pl> Acked-by: NAndrew Hendry <andrew.hendry@gmail.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 françois romieu 提交于
The original patch helps under obscure conditions (no pun) but some 8168 do not like it. The change needs to be tightened with a specific 8168 version. This reverts commit 801e147c ("r8169: Handle rxfifo errors on 8168 chips"). Regression at https://bugzilla.kernel.org/show_bug.cgi?id=20882Signed-off-by: NFrancois Romieu <romieu@fr.zoreil.com> Tested-by: NAndreas Radke <a.radke@arcor.de> Cc: Matthew Garrett <mjg@redhat.com> Cc: Daniel J Blueman <daniel.blueman@gmail.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Eric Dumazet 提交于
commit 8723e1b4 (inet: RCU changes in inetdev_by_index()) forgot one call site in ip_mc_drop_socket() We should not decrease idev refcount after inetdev_by_index() call, since refcount is not increased anymore. Reported-by: NMarkus Trippelsdorf <markus@trippelsdorf.de> Reported-by: NMiles Lane <miles.lane@gmail.com> Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 09 11月, 2010 19 次提交
-
-
由 Edgar (gimli) Hucek 提交于
Adding the new MacBookAir3,1(2) to btusb. Output without the patch and btusb loaded : T: Bus=03 Lev=02 Prnt=03 Port=02 Cnt=01 Dev#= 6 Spd=12 MxCh= 0 D: Ver= 2.00 Cls=ff(vend.) Sub=01 Prot=01 MxPS=64 #Cfgs= 1 P: Vendor=05ac ProdID=821b Rev= 0.34 S: Manufacturer=Apple Inc. S: Product=Bluetooth USB Host Controller C:* #Ifs= 4 Cfg#= 1 Atr=e0 MxPwr= 0mA I:* If#= 0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=01 Prot=01 Driver=(none) E: Ad=81(I) Atr=03(Int.) MxPS= 16 Ivl=1ms E: Ad=82(I) Atr=02(Bulk) MxPS= 64 Ivl=0ms E: Ad=02(O) Atr=02(Bulk) MxPS= 64 Ivl=0ms I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=(none) E: Ad=83(I) Atr=01(Isoc) MxPS= 0 Ivl=1ms E: Ad=03(O) Atr=01(Isoc) MxPS= 0 Ivl=1ms I: If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=(none) E: Ad=83(I) Atr=01(Isoc) MxPS= 9 Ivl=1ms E: Ad=03(O) Atr=01(Isoc) MxPS= 9 Ivl=1ms I: If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=(none) E: Ad=83(I) Atr=01(Isoc) MxPS= 17 Ivl=1ms E: Ad=03(O) Atr=01(Isoc) MxPS= 17 Ivl=1ms I: If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=(none) E: Ad=83(I) Atr=01(Isoc) MxPS= 32 Ivl=1ms E: Ad=03(O) Atr=01(Isoc) MxPS= 32 Ivl=1ms I: If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=(none) E: Ad=83(I) Atr=01(Isoc) MxPS= 64 Ivl=1ms E: Ad=03(O) Atr=01(Isoc) MxPS= 64 Ivl=1ms I: If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=(none) E: Ad=83(I) Atr=01(Isoc) MxPS= 64 Ivl=1ms E: Ad=03(O) Atr=01(Isoc) MxPS= 64 Ivl=1ms I:* If#= 2 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none) E: Ad=84(I) Atr=02(Bulk) MxPS= 32 Ivl=0ms E: Ad=04(O) Atr=02(Bulk) MxPS= 32 Ivl=0ms I:* If#= 3 Alt= 0 #EPs= 0 Cls=fe(app. ) Sub=01 Prot=01 Driver=(none) Output with the patch and btusb loaded : T: Bus=03 Lev=02 Prnt=03 Port=02 Cnt=01 Dev#= 6 Spd=12 MxCh= 0 D: Ver= 2.00 Cls=ff(vend.) Sub=01 Prot=01 MxPS=64 #Cfgs= 1 P: Vendor=05ac ProdID=821b Rev= 0.34 S: Manufacturer=Apple Inc. S: Product=Bluetooth USB Host Controller C:* #Ifs= 4 Cfg#= 1 Atr=e0 MxPwr= 0mA I:* If#= 0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=01 Prot=01 Driver=btusb E: Ad=81(I) Atr=03(Int.) MxPS= 16 Ivl=1ms E: Ad=82(I) Atr=02(Bulk) MxPS= 64 Ivl=0ms E: Ad=02(O) Atr=02(Bulk) MxPS= 64 Ivl=0ms I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=83(I) Atr=01(Isoc) MxPS= 0 Ivl=1ms E: Ad=03(O) Atr=01(Isoc) MxPS= 0 Ivl=1ms I: If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=83(I) Atr=01(Isoc) MxPS= 9 Ivl=1ms E: Ad=03(O) Atr=01(Isoc) MxPS= 9 Ivl=1ms I: If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=83(I) Atr=01(Isoc) MxPS= 17 Ivl=1ms E: Ad=03(O) Atr=01(Isoc) MxPS= 17 Ivl=1ms I: If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=83(I) Atr=01(Isoc) MxPS= 32 Ivl=1ms E: Ad=03(O) Atr=01(Isoc) MxPS= 32 Ivl=1ms I: If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=83(I) Atr=01(Isoc) MxPS= 64 Ivl=1ms E: Ad=03(O) Atr=01(Isoc) MxPS= 64 Ivl=1ms I: If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=83(I) Atr=01(Isoc) MxPS= 64 Ivl=1ms E: Ad=03(O) Atr=01(Isoc) MxPS= 64 Ivl=1ms I:* If#= 2 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none) E: Ad=84(I) Atr=02(Bulk) MxPS= 32 Ivl=0ms E: Ad=04(O) Atr=02(Bulk) MxPS= 32 Ivl=0ms I:* If#= 3 Alt= 0 #EPs= 0 Cls=fe(app. ) Sub=01 Prot=01 Driver=(none) Signed-off-by: NEdgar (gimli) Hucek <gimli@dark-green.com> Acked-by: NMarcel Holtmann <marcel@holtmann.org> Signed-off-by: NGustavo F. Padovan <padovan@profusion.mobi>
-
由 Luiz Augusto von Dentz 提交于
This cause 'No Bonding' to be used if userspace has not yet been paired with remote device since the l2cap socket used to create the rfcomm session does not have any security level set. Signed-off-by: NLuiz Augusto von Dentz <luiz.dentz-von@nokia.com> Acked-by: NVille Tervo <ville.tervo@nokia.com> Acked-by: NMarcel Holtmann <marcel@holtmann.org> Signed-off-by: NGustavo F. Padovan <padovan@profusion.mobi>
-
由 Gustavo F. Padovan 提交于
Last commit added a wrong endianness conversion. Fixing that. Reported-by: NHarvey Harrison <harvey.harrison@gmail.com> Signed-off-by: NGustavo F. Padovan <padovan@profusion.mobi>
-
由 steven miao 提交于
In function l2cap_get_conf_opt() and l2cap_add_conf_opt() the address of opt->val sometimes is not at the edge of 2-bytes/4-bytes, so 2-bytes/4 bytes access will cause data misalignment exeception. Use get_unaligned_le16/32 and put_unaligned_le16/32 function to avoid data misalignment execption. Signed-off-by: Nsteven miao <realmz6@gmail.com> Signed-off-by: NMike Frysinger <vapier@gentoo.org> Acked-by: NMarcel Holtmann <marcel@holtmann.org> Signed-off-by: NGustavo F. Padovan <padovan@profusion.mobi>
-
由 Matthew Garrett 提交于
We've done this for a while in Fedora without any obvious problems other than some interaction with input devices. Those should be fixed now, so let's try this in mainline. Signed-off-by: NMatthew Garrett <mjg@redhat.com> Acked-by: NMarcel Holtmann <marcel@holtmann.org> Signed-off-by: NGustavo F. Padovan <padovan@profusion.mobi>
-
由 Johan Hedberg 提交于
When initiating dedicated bonding a L2CAP raw socket with HIGH security level is used. The kernel is supposed to trigger the authentication request in this case but this doesn't happen currently for non-SSP (pre-2.1) devices. The reason is that the authentication request happens in the remote extended features callback which never gets called for non-SSP devices. This patch fixes the issue by requesting also authentiation in the (normal) remote features callback in the case of non-SSP devices. This rule is applied only for HIGH security level which might at first seem unintuitive since on the server socket side MEDIUM is already enough for authentication. However, for the clients we really want to prefer the server side to decide the authentication requrement in most cases, and since most client sockets use MEDIUM it's better to be avoided on the kernel side for these sockets. The important socket to request it for is the dedicated bonding one and that socket uses HIGH security level. The patch is based on the initial investigation and patch proposal from Andrei Emeltchenko <endrei.emeltchenko@nokia.com>. Signed-off-by: NJohan Hedberg <johan.hedberg@nokia.com> Acked-by: NMarcel Holtmann <marcel@holtmann.org> Signed-off-by: NGustavo F. Padovan <padovan@profusion.mobi>
-
由 Randy Dunlap 提交于
Fix kconfig dependency warning to satisfy dependencies: warning: (BT_HIDP && NET && BT && BT_L2CAP && INPUT || USB_HID && HID_SUPPORT && USB && INPUT) selects HID which has unmet direct dependencies (HID_SUPPORT && INPUT) Signed-off-by: NRandy Dunlap <randy.dunlap@oracle.com> Acked-by: NMarcel Holtmann <marcel@holtmann.org> Signed-off-by: NGustavo F. Padovan <padovan@profusion.mobi>
-
由 Rajkumar Manoharan 提交于
The allocated externel radio banks have to be freed in case of ath9k_hw_rf_alloc_ext_banks failure. Cc: stable@kernel.org Signed-off-by: NRajkumar Manoharan <rmanoharan@atheros.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Rajkumar Manoharan 提交于
Since the endpoint descriptors (EP3 & EP4) were changed from Interrupt to Bulk type by firmware, the urb submission done on Bulk pipes. And the recent commit "check the endpoint type against the pipe type" added aditional error checking against pipe types under CONFIG_USB_DEBUG. So bmAttribute has to be updated for both EP3 & EP4 before submitting urbs on that pipe. This patch resolves the following failure. [ 2215.710936] usb 1-1: usb_probe_device [ 2215.710945] usb 1-1: configuration #1 chosen from 1 choice [ 2215.711152] usb 1-1: adding 1-1:1.0 (config #1, interface 0) [ 2215.711252] ath9k_hif_usb 1-1:1.0: usb_probe_interface [ 2215.711255] ath9k_hif_usb 1-1:1.0: usb_probe_interface - got id [ 2215.712780] usb 1-1: BOGUS urb xfer, pipe 3 != type 1 [ 2215.713782] usb 1-1: ath9k_htc: Unable to allocate URBs [ 2215.713801] ath9k_hif_usb: probe of 1-1:1.0 failed with error -22 Reported-by: NMing Lei <tom.leiming@gmail.com> Signed-off-by: NRajkumar Manoharan <rmanoharan@atheros.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Haitao Zhang 提交于
This patch adds support for USB dongle with device ID 3346 from IMC Networks. Signed-off-by: NHaitao Zhang <minipanda@linuxrobot.org> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
Bit 22 of AR_WA should be set to fix the situation where chip reset is asynchronous to clock of analog shift registers, such that when reset is released, it could mess up the values of analog shift registers and cause some hw issue on AR9280. This bit is write only, but the driver does a read-modify-write on AR_WA without setting bit 22 in ar9002_hw_configpcipowersave() during radio disable. This causes surprise removal of hw. It can never recover from this state and the hw will become usable only after a power on/off cycle, and sometimes only during a cold reboot. This issue can be triggered by doing frequent roaming with the simple/test-roam script available from the wifi-test project [1] when roaming between APs quickly. When roaming there is a is a high possibility that the device being put into idle (radio disable) state by mac80211 during AUTH->ASSOC. A device hardware reset would fail and the kernel would output: [40251.363799] ath: AWAKE -> FULL-SLEEP [40251.363815] ieee80211 phy17: device no longer idle - working [40251.363817] ath: Marking phy17 as not-idle [40251.363819] ath: FULL-SLEEP -> AWAKE [40251.415978] pciehp 0000:00:1c.3:pcie04: Card not present on Slot(3) [40251.419896] ath: ah->misc_mode 0x4 [40251.428138] pciehp 0000:00:1c.3:pcie04: Card present on Slot(3) [40251.532247] ath: timeout (100000 us) on reg 0x9860: 0xffffffff & 0x00000001 != 0x00000000 [40251.532250] ath: Unable to reset channel (2462 MHz), reset status -5 [40251.532422] ath: Set channel: 5745 MHz [40251.540639] ath: Failed to stop TX DMA in 100 msec after killing last frame [40251.548826] ath: Failed to stop TX DMA in 100 msec after killing last frame [40251.557023] ath: Failed to stop TX DMA in 100 msec after killing last frame [40251.565211] ath: Failed to stop TX DMA in 100 msec after killing last frame [40251.573415] ath: Failed to stop TX DMA in 100 msec after killing last frame [40251.581603] ath: Failed to stop TX DMA in 100 msec after killing last frame [40251.581606] ath: Failed to stop TX DMA. Resetting hardware! [40251.592679] ath: DMA failed to stop in 10 ms AR_CR=0xffffffff AR_DIAG_SW=0xffffffff [40251.703330] ath: timeout (100000 us) on reg 0x7000: 0xffffffff & 0x00000003 != 0x00000000 [40251.703333] ath: RTC stuck in MAC reset [40251.703334] ath: Chip reset failed [40251.703335] ath: Unable to reset hardware; reset status -22 This is currently only reproducible with some HB92 (Half Mini-PCIE) cards but the fix applies to all AR9280 cards. This patch fixes this issue by setting bit 22 during radio disable. This patch has fixes for all kernels that has ath9k. [1] http://wireless.kernel.org/en/developers/Testing/wifi-test Cc: kyungwan.nam@atheros.com Cc: amod.bodas@atheros.com Cc: david.quan@atheros.com Cc: stable@kernel.org Signed-off-by: NVasanthakumar Thiagarajan <vasanth@atheros.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Daniel Drake 提交于
There are currently no provisions in place to ensure that the scanning task has been stopped when the interface is stopped or removed. This can result in a WARNING at net/wireless/core.c:643 and other badness when you remove the module while a scan is happening. Terminate the scanning task during interface stop. Signed-off-by: NDaniel Drake <dsd@laptop.org> Acked-by: NDan Williams <dcbw@redhat.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Brian Cavagnolo 提交于
For client STA interfaces, ieee80211_do_stop unsets the relevant interface's SDATA_STATE_RUNNING state bit prior to cancelling an interrupted scan. When ieee80211_offchannel_return is invoked as part of cancelling the scan, it doesn't bother unsetting the SDATA_STATE_OFFCHANNEL bit because it sees that the interface is down. Normally this doesn't matter because when the client STA interface is brought back up, it will probably issue a scan. But in some cases (e.g., the user changes the interface type while it is down), the SDATA_STATE_OFFCHANNEL bit will remain set. This prevents the interface queues from being started. So we cancel the scan before unsetting the SDATA_STATE_RUNNING bit. Signed-off-by: NBrian Cavagnolo <brian@cozybit.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Felix Fietkau 提交于
ath9k_ps_wakeup() clears the cycle counters after waking up the hardware using ath9k_hw_setpower, however if power save is disabled, then the counters will contain useful data, which then gets discarded. Fix this by checking the old power mode before discarding any data. Signed-off-by: NFelix Fietkau <nbd@openwrt.org> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Felix Fietkau 提交于
IS_ERR and PTR_ERR were called with the wrong pointer, leading to a crash when cfg80211_get_dev_from_ifindex fails. Signed-off-by: NFelix Fietkau <nbd@openwrt.org> Acked-by: NJohannes Berg <johannes@sipsolutions.net> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Christian Lamparter 提交于
This patch includes the following updates: * add D-Link DWA-130 Rev D * Netgear has three WNDA3100 versions. the original WNDA3100 is now called WNDA3100v1. Signed-off-by: NChristian Lamparter <chunkeey@googlemail.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Vivek Natarajan 提交于
Throughput was severely affected in Intel Pinetrail platforms because of a DMA problem in C3 state. This patch fixes this issue. Signed-off-by: NVivek Natarajan <vnatarajan@atheros.com> CC: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Rajkumar Manoharan 提交于
The HW opmode is blindly set to monitor type on monitor mode change notification. This overrides the opmode when one of the interfaces is still running as non-monitor iftype. So the monitoring information needs to be maintained seperately. Signed-off-by: NRajkumar Manoharan <rmanoharan@atheros.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Linus Torvalds 提交于
This bug seems to be due to commit 27ae60f8 ("ipw2x00: replace "ieee80211" with "libipw" where appropriate"), where Pavel did this: - libipw_proc = proc_mkdir(DRV_NAME, init_net.proc_net); + libipw_proc = proc_mkdir("ieee80211", init_net.proc_net); but then the cleanup was kept as remove_proc_entry(DRV_NAME, init_net.proc_net); in both places (both in the failure case and in the unload case). The error string is also total crap, and says "Unable to create " DRV_NAME " proc directory\n"); Even though it doesn't actually create a proc directory named DRV_NAME at all. So that patch looks like total and utter crap to me. The commit message says "Keep /proc/net/ieee80211 under the original name to avoid breaking user interface." but the thing is, it really didn't fix anything but that one create thing. It needs to fix all the other cases too. Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org> Tested-by: NRandy Dunlap <randy.dunlap@oracle.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-