1. 10 8月, 2010 4 次提交
    • J
      iwlagn: fix rts cts protection · 94597ab2
      Johannes Berg 提交于
      Currently the driver will try to protect all frames,
      which leads to a lot of odd things like sending an
      RTS with a zeroed RA before multicast frames, which
      is clearly bogus.
      
      In order to fix all of this, we need to take a step
      back and see what we need to achieve:
       * we need RTS/CTS protection if requested by
         the AP for the BSS, mac80211 tells us this
       * in that case, CTS-to-self should only be
         enabled when mac80211 tells us
       * additionally, as a hardware workaround, on
         some devices we have to protect aggregated
         frames with RTS
      
      To achieve the first two items, set up the RXON
      accordingly and set the protection required flag
      in the transmit command when mac80211 requests
      protection for the frame.
      
      To achieve the last item, set the rate-control
      RTS-requested flag for all stations that we have
      aggregation sessions with, and set the protection
      required flag when sending aggregated frames (on
      those devices where this is required).
      
      Since otherwise bugs can occur, do not allow the
      user to override the RTS-for-aggregation setting
      from sysfs any more.
      
      Finally, also clean up the way all these flags get
      set in the driver and move everything into the
      device-specific functions.
      
      Cc: stable@kernel.org [2.6.35]
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: NWey-Yi Guy <wey-yi.w.guy@intel.com>
      Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
      94597ab2
    • J
      cfg80211: fix locking in action frame TX · fe100acd
      Johannes Berg 提交于
      Accesses to "wdev->current_bss" must be
      locked with the wdev lock, which action
      frame transmission is missing.
      
      Cc: stable@kernel.org [2.6.33+]
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
      fe100acd
    • J
      libertas: fix build break by including linux/sched.h · a9fda88b
      John W. Linville 提交于
        CC [M]  drivers/net/wireless/libertas/cfg.o
      /home/greearb/git/wireless-testing/drivers/net/wireless/libertas/cfg.c: In function ‘lbs_scan_worker’:
      /home/greearb/git/wireless-testing/drivers/net/wireless/libertas/cfg.c:722: error: ‘TASK_NORMAL’ undeclared (first use in this function)
      /home/greearb/git/wireless-testing/drivers/net/wireless/libertas/cfg.c:722: error: (Each undeclared identifier is reported only once
      /home/greearb/git/wireless-testing/drivers/net/wireless/libertas/cfg.c:722: error: for each function it appears in.)
      /home/greearb/git/wireless-testing/drivers/net/wireless/libertas/cfg.c: In function ‘lbs_cfg_connect’:
      /home/greearb/git/wireless-testing/drivers/net/wireless/libertas/cfg.c:1267: error: ‘TASK_INTERRUPTIBLE’ undeclared (first use in this function)
      /home/greearb/git/wireless-testing/drivers/net/wireless/libertas/cfg.c:1267: error: implicit declaration of function ‘signal_pending’
      /home/greearb/git/wireless-testing/drivers/net/wireless/libertas/cfg.c:1267: error: implicit declaration of function ‘schedule_timeout’
      Reported-by: NBen Greear <greearb@candelatech.com>
      Reported-by: NRandy Dunlap <randy.dunlap@oracle.com>
      Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
      a9fda88b
    • J
      Revert "p54pci: Add PCI ID for SMC2802W" · 2f2f8f2a
      John W. Linville 提交于
      This reverts commit 5f7aebd8.
      
      Apparently, that PCI ID data was incorrectly taken from the subsystem
      information.  The actual ID matches another already known ID.
      Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
      2f2f8f2a
  2. 09 8月, 2010 4 次提交
  3. 08 8月, 2010 7 次提交
  4. 07 8月, 2010 3 次提交
  5. 06 8月, 2010 9 次提交
  6. 05 8月, 2010 13 次提交
    • R
      virtio_net: implements ethtool_ops.get_drvinfo · a767bde4
      Rusty Russell 提交于
      I often use "ethtool -i" command to check what driver controls the
      ehternet device.  But because current virtio_net driver doesn't
      support "ethtool -i", it becomes the following:
      
              # ethtool -i eth3
              Cannot get driver information: Operation not supported
      
      This patch simply adds the "ethtool -i" support. The following is the
      result when using the virtio_net driver with my patch applied to.
      
              # ethtool -i eth3
              driver: virtio_net
              version: N/A
              firmware-version: N/A
              bus-info: virtio0
      
      Personally, "-i" is one of the most frequently-used option, and most
      network drivers support "ethtool -i", so I think virtio_net also
      should do.
      Signed-off-by: NTaku Izumi <izumi.taku@jp.fujitsu.com>
      Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (use ARRAY_SIZE)
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      a767bde4
    • S
      ppp: make channel_ops const · d7100da0
      stephen hemminger 提交于
      The PPP channel ops structure should be const.
      Cleanup the declarations to use standard C99 format.
      Signed-off-by: NStephen Hemminger <shemminger@vyatta.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      d7100da0
    • D
      RxRPC: Fix a potential deadlock between the call resend_timer and state_lock · 3b5bac2b
      David Howells 提交于
      RxRPC can potentially deadlock as rxrpc_resend_time_expired() wants to get
      call->state_lock so that it can alter the state of an RxRPC call.  However, its
      caller (call_timer_fn()) has an apparent lock on the timer struct.
      
      The problem is that rxrpc_resend_time_expired() isn't permitted to lock
      call->state_lock as this could cause a deadlock against rxrpc_send_abort() as
      that takes state_lock and then attempts to delete the resend timer by calling
      del_timer_sync().
      
      The deadlock can occur because del_timer_sync() will sit there forever waiting
      for rxrpc_resend_time_expired() to return, but the latter may then wait for
      call->state_lock, which rxrpc_send_abort() holds around del_timer_sync()...
      
      This leads to a warning appearing in the kernel log that looks something like
      the attached.
      
      It should be sufficient to simply dispense with the locks.  It doesn't matter
      if we set the resend timer expired event bit and queue the event processor
      whilst we're changing state to one where the resend timer is irrelevant as the
      event can just be ignored by the processor thereafter.
      
      =======================================================
      [ INFO: possible circular locking dependency detected ]
      2.6.35-rc3-cachefs+ #115
      -------------------------------------------------------
      swapper/0 is trying to acquire lock:
       (&call->state_lock){++--..}, at: [<ffffffffa00200d4>] rxrpc_resend_time_expired+0x56/0x96 [af_rxrpc]
      
      but task is already holding lock:
       (&call->resend_timer){+.-...}, at: [<ffffffff8103b675>] run_timer_softirq+0x182/0x2a5
      
      which lock already depends on the new lock.
      
      the existing dependency chain (in reverse order) is:
      
      -> #1 (&call->resend_timer){+.-...}:
             [<ffffffff810560bc>] __lock_acquire+0x889/0x8fa
             [<ffffffff81056184>] lock_acquire+0x57/0x6d
             [<ffffffff8103bb9c>] del_timer_sync+0x3c/0x86
             [<ffffffffa002bb7a>] rxrpc_send_abort+0x50/0x97 [af_rxrpc]
             [<ffffffffa002bdd9>] rxrpc_kernel_abort_call+0xa1/0xdd [af_rxrpc]
             [<ffffffffa0061588>] afs_deliver_to_call+0x129/0x368 [kafs]
             [<ffffffffa006181b>] afs_process_async_call+0x54/0xff [kafs]
             [<ffffffff8104261d>] worker_thread+0x1ef/0x2e2
             [<ffffffff81045f47>] kthread+0x7a/0x82
             [<ffffffff81002cd4>] kernel_thread_helper+0x4/0x10
      
      -> #0 (&call->state_lock){++--..}:
             [<ffffffff81055237>] validate_chain+0x727/0xd23
             [<ffffffff810560bc>] __lock_acquire+0x889/0x8fa
             [<ffffffff81056184>] lock_acquire+0x57/0x6d
             [<ffffffff813e6b69>] _raw_read_lock_bh+0x34/0x43
             [<ffffffffa00200d4>] rxrpc_resend_time_expired+0x56/0x96 [af_rxrpc]
             [<ffffffff8103b6e6>] run_timer_softirq+0x1f3/0x2a5
             [<ffffffff81036828>] __do_softirq+0xa2/0x13e
             [<ffffffff81002dcc>] call_softirq+0x1c/0x28
             [<ffffffff810049f0>] do_softirq+0x38/0x80
             [<ffffffff810361a2>] irq_exit+0x45/0x47
             [<ffffffff81018fb3>] smp_apic_timer_interrupt+0x88/0x96
             [<ffffffff81002893>] apic_timer_interrupt+0x13/0x20
             [<ffffffff810011ac>] cpu_idle+0x4d/0x83
             [<ffffffff813e06f3>] start_secondary+0x1bd/0x1c1
      
      other info that might help us debug this:
      
      1 lock held by swapper/0:
       #0:  (&call->resend_timer){+.-...}, at: [<ffffffff8103b675>] run_timer_softirq+0x182/0x2a5
      
      stack backtrace:
      Pid: 0, comm: swapper Not tainted 2.6.35-rc3-cachefs+ #115
      Call Trace:
       <IRQ>  [<ffffffff81054414>] print_circular_bug+0xae/0xbd
       [<ffffffff81055237>] validate_chain+0x727/0xd23
       [<ffffffff810560bc>] __lock_acquire+0x889/0x8fa
       [<ffffffff810539a7>] ? mark_lock+0x42f/0x51f
       [<ffffffff81056184>] lock_acquire+0x57/0x6d
       [<ffffffffa00200d4>] ? rxrpc_resend_time_expired+0x56/0x96 [af_rxrpc]
       [<ffffffff813e6b69>] _raw_read_lock_bh+0x34/0x43
       [<ffffffffa00200d4>] ? rxrpc_resend_time_expired+0x56/0x96 [af_rxrpc]
       [<ffffffffa00200d4>] rxrpc_resend_time_expired+0x56/0x96 [af_rxrpc]
       [<ffffffff8103b6e6>] run_timer_softirq+0x1f3/0x2a5
       [<ffffffff8103b675>] ? run_timer_softirq+0x182/0x2a5
       [<ffffffffa002007e>] ? rxrpc_resend_time_expired+0x0/0x96 [af_rxrpc]
       [<ffffffff810367ef>] ? __do_softirq+0x69/0x13e
       [<ffffffff81036828>] __do_softirq+0xa2/0x13e
       [<ffffffff81002dcc>] call_softirq+0x1c/0x28
       [<ffffffff810049f0>] do_softirq+0x38/0x80
       [<ffffffff810361a2>] irq_exit+0x45/0x47
       [<ffffffff81018fb3>] smp_apic_timer_interrupt+0x88/0x96
       [<ffffffff81002893>] apic_timer_interrupt+0x13/0x20
       <EOI>  [<ffffffff81049de1>] ? __atomic_notifier_call_chain+0x0/0x86
       [<ffffffff8100955b>] ? mwait_idle+0x6e/0x78
       [<ffffffff81009552>] ? mwait_idle+0x65/0x78
       [<ffffffff810011ac>] cpu_idle+0x4d/0x83
       [<ffffffff813e06f3>] start_secondary+0x1bd/0x1c1
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      3b5bac2b
    • C
      sch_sfq: add sanity check for the packet length · f2f00981
      Changli Gao 提交于
      The packet length should be checked before the packet data is dereferenced.
      Signed-off-by: NChangli Gao <xiaosuo@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      f2f00981
    • C
      cls_rsvp: add sanity check for the packet length · 12dc96d1
      Changli Gao 提交于
      The packet length should be checked before the packet data is dereferenced.
      Signed-off-by: NChangli Gao <xiaosuo@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      12dc96d1
    • C
      cls_flow: add sanity check for the packet length · 4b95c3d4
      Changli Gao 提交于
      The packet length should be checked before the packet data is dereferenced.
      Signed-off-by: NChangli Gao <xiaosuo@gmail.com>
      Acked-by: NPatrick McHardy <kaber@trash.net>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      4b95c3d4
    • C
      sk_buff: introduce pskb_network_may_pull() · f9599ce1
      Changli Gao 提交于
      Signed-off-by: NChangli Gao <xiaosuo@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      f9599ce1
    • C
      act_nat: fix on the TX path · 36d12690
      Changli Gao 提交于
      On the TX path, skb->data points to the ethernet header, not the network
      header. So when validating the packet length for accessing we should
      take the ethernet header into account.
      Signed-off-by: NChangli Gao <xiaosuo@gmail.com>
      Acked-by: NHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      36d12690
    • J
      drivers/net/enic: Use %pUB to format a UUID · c33788b4
      Joe Perches 提交于
      Signed-off-by: NJoe Perches <joe@perches.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      c33788b4
    • S
      davinci_emac: Fix use after free in davinci_emac_remove · 2a1bc0d5
      Stefan Weil 提交于
      free_netdev finally calls kfree which makes the contents
      of ndev and priv (private data contained in ndev) invalid.
      
      So iounmap should be called before free_netdev.
      
      Cc: David S. Miller <davem@davemloft.net>
      Cc: Chaithrika U S <chaithrika@ti.com>
      Cc: Sriramakrishnan <srk@ti.com>
      Cc: Kevin Hilman <khilman@deeprootsystems.com>
      Cc: netdev@vger.kernel.org
      Cc: linux-kernel@vger.kernel.org
      Signed-off-by: NStefan Weil <weil@mail.berlios.de>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      2a1bc0d5
    • K
      via-velocity: do not use PCI resources before pci_enable_device() · 889635fd
      Kulikov Vasiliy 提交于
      IRQ and resource[] may not have correct values until
      after PCI hotplug setup occurs at pci_enable_device() time.
      
      The semantic match that finds this problem is as follows:
      
      // <smpl>
      @@
      identifier x;
      identifier request ~= "pci_request.*|pci_resource.*";
      @@
      
      (
      * x->irq
      |
      * x->resource
      |
      * request(x, ...)
      )
       ...
      *pci_enable_device(x)
      // </smpl>
      Signed-off-by: NKulikov Vasiliy <segooon@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      889635fd
    • K
      cxgb4vf: do not use PCI resources before pci_enable_device() · 7a0c2029
      Kulikov Vasiliy 提交于
      IRQ and resource[] may not have correct values until
      after PCI hotplug setup occurs at pci_enable_device() time.
      
      The semantic match that finds this problem is as follows:
      
      // <smpl>
      @@
      identifier x;
      identifier request ~= "pci_request.*|pci_resource.*";
      @@
      
      (
      * x->irq
      |
      * x->resource
      |
      * request(x, ...)
      )
       ...
      *pci_enable_device(x)
      // </smpl>
      Signed-off-by: NKulikov Vasiliy <segooon@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      7a0c2029
    • K
      cxgb3: do not use PCI resources before pci_enable_device() · 7aaaaa1e
      Kulikov Vasiliy 提交于
      IRQ and resource[] may not have correct values until
      after PCI hotplug setup occurs at pci_enable_device() time.
      
      The semantic match that finds this problem is as follows:
      
      // <smpl>
      @@
      identifier x;
      identifier request ~= "pci_request.*|pci_resource.*";
      @@
      
      (
      * x->irq
      |
      * x->resource
      |
      * request(x, ...)
      )
       ...
      *pci_enable_device(x)
      // </smpl>
      Signed-off-by: NKulikov Vasiliy <segooon@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      7aaaaa1e