1. 12 8月, 2010 2 次提交
    • R
      ath9k_htc: fix panic on packet injection using airbase-ng tool. · da93f106
      Rajkumar Manoharan 提交于
      This should fix the oops which occurs during the packet injection
      on monitor interface.
      
      EIP is at ath9k_htc_tx_start+0x69/0x220 [ath9k_htc]
       [<f84dc8ea>] ? invoke_tx_handlers+0xa5a/0xee0 [mac80211]
       [<f82c84f4>] ? ath9k_htc_tx+0x44/0xe0 [ath9k_htc]
       [<f84db7b8>] ? __ieee80211_tx+0xf8/0x190 [mac80211]
       [<f84dce0d>] ? ieee80211_tx+0x9d/0x1a0 [mac80211]
       [<f84dcfac>] ? ieee80211_xmit+0x9c/0x1c0 [mac80211]
       [<f84dd1b5>] ? ieee80211_monitor_start_xmit+0x85/0xb0 [mac80211]
       [<c04c30cd>] ? dev_hard_start_xmit+0x1ad/0x210
       [<c04b97c2>] ? __alloc_skb+0x52/0x130
       [<c04d7cd5>] ? sch_direct_xmit+0x105/0x170
       [<c04c5e9f>] ? dev_queue_xmit+0x37f/0x4b0
       [<c0567e1e>] ? packet_snd+0x21e/0x250
       [<c05684a2>] ? packet_sendmsg+0x32/0x40
       [<c04b4c63>] ? sock_aio_write+0x113/0x130
       [<c0207934>] ? do_sync_write+0xc4/0x100
       [<c0167740>] ? autoremove_wake_function+0x0/0x50
       [<c02f4414>] ? security_file_permission+0x14/0x20
       [<c0207ad4>] ? rw_verify_area+0x64/0xe0
       [<c01e6458>] ? handle_mm_fault+0x338/0x390
       [<c0207cd5>] ? vfs_write+0x185/0x1a0
       [<c058db20>] ? do_page_fault+0x160/0x3a0
       [<c0208512>] ? sys_write+0x42/0x70
       [<c01033ec>] ? syscall_call+0x7/0xb
      Signed-off-by: NRajkumar Manoharan <rmanoharan@atheros.com>
      Cc: stable@kernel.org
      Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
      da93f106
    • J
      ipw2100: register pm_qos request before registering pci driver · 2f81b471
      John W. Linville 提交于
      It is necessary to call pm_qos_add_request prior to calling
      pm_qos_update_request.  It was revealed that ipw2100 has been
      doing this wrong since "pm_qos: Get rid of the allocation in
      pm_qos_add_request()" (commit 82f68251)
      added a WARN that results in the following backtrace:
      
      WARNING: at kernel/pm_qos_params.c:264 pm_qos_update_request+0x5e/0x70()
      pm_qos_update_request() called for unknown object
      Call Trace:
      [<c1024088>] ? warn_slowpath_common+0x78/0xb0
      [<c1041c9e>] ? pm_qos_update_request+0x5e/0x70
      [<c1041c9e>] ? pm_qos_update_request+0x5e/0x70
      [<c1024153>] ? warn_slowpath_fmt+0x33/0x40
      [<c1041c9e>] ? pm_qos_update_request+0x5e/0x70
      [<f89fe15f>] ? ipw2100_up+0x3f/0xf10 [ipw2100]
      [<c11961c9>] ? vsnprintf+0xc9/0x530
      [<f89ff36c>] ? ipw2100_net_init+0x2c/0x1c0 [ipw2100]
      [<c12f542d>] ? register_netdevice+0x7d/0x3c0
      [<f89f9b00>] ? ipw2100_irq_tasklet+0x910/0x9a0 [ipw2100]
      [<c12f579f>] ? register_netdev+0x2f/0x40
      [<f89fd471>] ? ipw2100_pci_init_one+0xd21/0x1060 [ipw2100]
      [<c11a5ebb>] ? local_pci_probe+0xb/0x10
      [<c11a6d49>] ? pci_device_probe+0x69/0x90
      [<c1224704>] ? driver_probe_device+0x74/0x180
      [<c10dd15a>] ? sysfs_create_dir+0x6a/0xb0
      [<c1224889>] ? __driver_attach+0x79/0x80
      [<c1224810>] ? __driver_attach+0x0/0x80
      [<c1223fa2>] ? bus_for_each_dev+0x52/0x80
      [<c1224586>] ? driver_attach+0x16/0x20
      [<c1224810>] ? __driver_attach+0x0/0x80
      [<c122395f>] ? bus_add_driver+0x17f/0x250
      [<c11a5ec0>] ? pci_device_shutdown+0x0/0x20
      [<c11a6c80>] ? pci_device_remove+0x0/0x40
      [<c1224b13>] ? driver_register+0x63/0x120
      [<c11a6f96>] ? __pci_register_driver+0x36/0xa0
      [<f84f9048>] ? ipw2100_init+0x48/0x67 [ipw2100]
      [<c1001122>] ? do_one_initcall+0x32/0x170
      [<c1087078>] ? __vunmap+0xb8/0xf0
      [<f84f9000>] ? ipw2100_init+0x0/0x67 [ipw2100]
      [<c10510c1>] ? sys_init_module+0x161/0x1000
      [<c108f847>] ? sys_close+0x67/0xe0
      [<c13647c1>] ? syscall_call+0x7/0xb
      
      This patch moves pm_qos_add_request prior to pci_register_driver in
      ipw2100 in order to avoid this problem.
      Reported-by: NChristoph Fritz <chf.fritz@googlemail.com>
      Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
      2f81b471
  2. 11 8月, 2010 1 次提交
  3. 10 8月, 2010 8 次提交
    • M
      Bluetooth: Use 3-DH5 payload size for default ERTM max PDU size · db12d647
      Mat Martineau 提交于
      The previous value of 672 for L2CAP_DEFAULT_MAX_PDU_SIZE is based on
      the default L2CAP MTU.  That default MTU is calculated from the size
      of two DH5 packets, minus ACL and L2CAP b-frame header overhead.
      
      ERTM is used with newer basebands that typically support larger 3-DH5
      packets, and i-frames and s-frames have more header overhead.  With
      clean RF conditions, basebands will typically attempt to use 1021-byte
      3-DH5 packets for maximum throughput.  Adjusting for 2 bytes of ACL
      headers plus 10 bytes of worst-case L2CAP headers yields 1009 bytes
      of payload.
      
      This PDU size imposes less overhead for header bytes and gives the
      baseband the option to choose 3-DH5 packets, but is small enough for
      ERTM traffic to interleave well with other L2CAP or SCO data.
      672-byte payloads do not allow the most efficient over-the-air
      packet choice, and cannot achieve maximum throughput over BR/EDR.
      Signed-off-by: NMat Martineau <mathewm@codeaurora.org>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      db12d647
    • M
      Bluetooth: Fix incorrect setting of remote_tx_win for L2CAP ERTM · cff70fae
      Mat Martineau 提交于
      remote_tx_win is intended to be set on receipt of an L2CAP
      configuration request.  The value is used to determine the size of the
      transmit window on the remote side of an ERTM connection, so L2CAP
      can stop sending frames when that remote window is full.
      
      An incorrect remote_tx_win value will cause the stack to not fully
      utilize the tx window (performance impact), or to overfill the remote
      tx window (causing dropped frames or a disconnect).
      
      This patch removes an extra setting of remote_tx_win when a
      configuration response is received.  The transmit window has a
      different meaning in a response - it is an informational value
      less than or equal to the local tx_win.
      Signed-off-by: NMat Martineau <mathewm@codeaurora.org>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      cff70fae
    • M
      Bluetooth: Change default L2CAP ERTM retransmit timeout · fa235562
      Mat Martineau 提交于
      The L2CAP specification requires that the ERTM retransmit timeout be at
      least 2 seconds for BR/EDR connections.
      Signed-off-by: NMat Martineau <mathewm@codeaurora.org>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      fa235562
    • M
      Bluetooth: Fix endianness issue with L2CAP MPS configuration · 86b1b263
      Mat Martineau 提交于
      Incoming configuration values must be converted to native CPU order
      before use.  This fixes a bug where a little-endian MPS value is
      compared to a native CPU value.  On big-endian processors, this
      can cause ERTM and streaming mode segmentation to produce PDUs
      that are larger than the remote stack is expecting, or that would
      produce fragmented skbs that the current FCS code cannot handle.
      Signed-off-by: NMat Martineau <mathewm@codeaurora.org>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      86b1b263
    • J
      iwlagn: fix rts cts protection · 94597ab2
      Johannes Berg 提交于
      Currently the driver will try to protect all frames,
      which leads to a lot of odd things like sending an
      RTS with a zeroed RA before multicast frames, which
      is clearly bogus.
      
      In order to fix all of this, we need to take a step
      back and see what we need to achieve:
       * we need RTS/CTS protection if requested by
         the AP for the BSS, mac80211 tells us this
       * in that case, CTS-to-self should only be
         enabled when mac80211 tells us
       * additionally, as a hardware workaround, on
         some devices we have to protect aggregated
         frames with RTS
      
      To achieve the first two items, set up the RXON
      accordingly and set the protection required flag
      in the transmit command when mac80211 requests
      protection for the frame.
      
      To achieve the last item, set the rate-control
      RTS-requested flag for all stations that we have
      aggregation sessions with, and set the protection
      required flag when sending aggregated frames (on
      those devices where this is required).
      
      Since otherwise bugs can occur, do not allow the
      user to override the RTS-for-aggregation setting
      from sysfs any more.
      
      Finally, also clean up the way all these flags get
      set in the driver and move everything into the
      device-specific functions.
      
      Cc: stable@kernel.org [2.6.35]
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: NWey-Yi Guy <wey-yi.w.guy@intel.com>
      Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
      94597ab2
    • J
      cfg80211: fix locking in action frame TX · fe100acd
      Johannes Berg 提交于
      Accesses to "wdev->current_bss" must be
      locked with the wdev lock, which action
      frame transmission is missing.
      
      Cc: stable@kernel.org [2.6.33+]
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
      fe100acd
    • J
      libertas: fix build break by including linux/sched.h · a9fda88b
      John W. Linville 提交于
        CC [M]  drivers/net/wireless/libertas/cfg.o
      /home/greearb/git/wireless-testing/drivers/net/wireless/libertas/cfg.c: In function ‘lbs_scan_worker’:
      /home/greearb/git/wireless-testing/drivers/net/wireless/libertas/cfg.c:722: error: ‘TASK_NORMAL’ undeclared (first use in this function)
      /home/greearb/git/wireless-testing/drivers/net/wireless/libertas/cfg.c:722: error: (Each undeclared identifier is reported only once
      /home/greearb/git/wireless-testing/drivers/net/wireless/libertas/cfg.c:722: error: for each function it appears in.)
      /home/greearb/git/wireless-testing/drivers/net/wireless/libertas/cfg.c: In function ‘lbs_cfg_connect’:
      /home/greearb/git/wireless-testing/drivers/net/wireless/libertas/cfg.c:1267: error: ‘TASK_INTERRUPTIBLE’ undeclared (first use in this function)
      /home/greearb/git/wireless-testing/drivers/net/wireless/libertas/cfg.c:1267: error: implicit declaration of function ‘signal_pending’
      /home/greearb/git/wireless-testing/drivers/net/wireless/libertas/cfg.c:1267: error: implicit declaration of function ‘schedule_timeout’
      Reported-by: NBen Greear <greearb@candelatech.com>
      Reported-by: NRandy Dunlap <randy.dunlap@oracle.com>
      Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
      a9fda88b
    • J
      Revert "p54pci: Add PCI ID for SMC2802W" · 2f2f8f2a
      John W. Linville 提交于
      This reverts commit 5f7aebd8.
      
      Apparently, that PCI ID data was incorrectly taken from the subsystem
      information.  The actual ID matches another already known ID.
      Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
      2f2f8f2a
  4. 09 8月, 2010 4 次提交
  5. 08 8月, 2010 7 次提交
  6. 07 8月, 2010 3 次提交
  7. 06 8月, 2010 9 次提交
  8. 05 8月, 2010 6 次提交
    • R
      virtio_net: implements ethtool_ops.get_drvinfo · a767bde4
      Rusty Russell 提交于
      I often use "ethtool -i" command to check what driver controls the
      ehternet device.  But because current virtio_net driver doesn't
      support "ethtool -i", it becomes the following:
      
              # ethtool -i eth3
              Cannot get driver information: Operation not supported
      
      This patch simply adds the "ethtool -i" support. The following is the
      result when using the virtio_net driver with my patch applied to.
      
              # ethtool -i eth3
              driver: virtio_net
              version: N/A
              firmware-version: N/A
              bus-info: virtio0
      
      Personally, "-i" is one of the most frequently-used option, and most
      network drivers support "ethtool -i", so I think virtio_net also
      should do.
      Signed-off-by: NTaku Izumi <izumi.taku@jp.fujitsu.com>
      Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (use ARRAY_SIZE)
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      a767bde4
    • S
      ppp: make channel_ops const · d7100da0
      stephen hemminger 提交于
      The PPP channel ops structure should be const.
      Cleanup the declarations to use standard C99 format.
      Signed-off-by: NStephen Hemminger <shemminger@vyatta.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      d7100da0
    • D
      RxRPC: Fix a potential deadlock between the call resend_timer and state_lock · 3b5bac2b
      David Howells 提交于
      RxRPC can potentially deadlock as rxrpc_resend_time_expired() wants to get
      call->state_lock so that it can alter the state of an RxRPC call.  However, its
      caller (call_timer_fn()) has an apparent lock on the timer struct.
      
      The problem is that rxrpc_resend_time_expired() isn't permitted to lock
      call->state_lock as this could cause a deadlock against rxrpc_send_abort() as
      that takes state_lock and then attempts to delete the resend timer by calling
      del_timer_sync().
      
      The deadlock can occur because del_timer_sync() will sit there forever waiting
      for rxrpc_resend_time_expired() to return, but the latter may then wait for
      call->state_lock, which rxrpc_send_abort() holds around del_timer_sync()...
      
      This leads to a warning appearing in the kernel log that looks something like
      the attached.
      
      It should be sufficient to simply dispense with the locks.  It doesn't matter
      if we set the resend timer expired event bit and queue the event processor
      whilst we're changing state to one where the resend timer is irrelevant as the
      event can just be ignored by the processor thereafter.
      
      =======================================================
      [ INFO: possible circular locking dependency detected ]
      2.6.35-rc3-cachefs+ #115
      -------------------------------------------------------
      swapper/0 is trying to acquire lock:
       (&call->state_lock){++--..}, at: [<ffffffffa00200d4>] rxrpc_resend_time_expired+0x56/0x96 [af_rxrpc]
      
      but task is already holding lock:
       (&call->resend_timer){+.-...}, at: [<ffffffff8103b675>] run_timer_softirq+0x182/0x2a5
      
      which lock already depends on the new lock.
      
      the existing dependency chain (in reverse order) is:
      
      -> #1 (&call->resend_timer){+.-...}:
             [<ffffffff810560bc>] __lock_acquire+0x889/0x8fa
             [<ffffffff81056184>] lock_acquire+0x57/0x6d
             [<ffffffff8103bb9c>] del_timer_sync+0x3c/0x86
             [<ffffffffa002bb7a>] rxrpc_send_abort+0x50/0x97 [af_rxrpc]
             [<ffffffffa002bdd9>] rxrpc_kernel_abort_call+0xa1/0xdd [af_rxrpc]
             [<ffffffffa0061588>] afs_deliver_to_call+0x129/0x368 [kafs]
             [<ffffffffa006181b>] afs_process_async_call+0x54/0xff [kafs]
             [<ffffffff8104261d>] worker_thread+0x1ef/0x2e2
             [<ffffffff81045f47>] kthread+0x7a/0x82
             [<ffffffff81002cd4>] kernel_thread_helper+0x4/0x10
      
      -> #0 (&call->state_lock){++--..}:
             [<ffffffff81055237>] validate_chain+0x727/0xd23
             [<ffffffff810560bc>] __lock_acquire+0x889/0x8fa
             [<ffffffff81056184>] lock_acquire+0x57/0x6d
             [<ffffffff813e6b69>] _raw_read_lock_bh+0x34/0x43
             [<ffffffffa00200d4>] rxrpc_resend_time_expired+0x56/0x96 [af_rxrpc]
             [<ffffffff8103b6e6>] run_timer_softirq+0x1f3/0x2a5
             [<ffffffff81036828>] __do_softirq+0xa2/0x13e
             [<ffffffff81002dcc>] call_softirq+0x1c/0x28
             [<ffffffff810049f0>] do_softirq+0x38/0x80
             [<ffffffff810361a2>] irq_exit+0x45/0x47
             [<ffffffff81018fb3>] smp_apic_timer_interrupt+0x88/0x96
             [<ffffffff81002893>] apic_timer_interrupt+0x13/0x20
             [<ffffffff810011ac>] cpu_idle+0x4d/0x83
             [<ffffffff813e06f3>] start_secondary+0x1bd/0x1c1
      
      other info that might help us debug this:
      
      1 lock held by swapper/0:
       #0:  (&call->resend_timer){+.-...}, at: [<ffffffff8103b675>] run_timer_softirq+0x182/0x2a5
      
      stack backtrace:
      Pid: 0, comm: swapper Not tainted 2.6.35-rc3-cachefs+ #115
      Call Trace:
       <IRQ>  [<ffffffff81054414>] print_circular_bug+0xae/0xbd
       [<ffffffff81055237>] validate_chain+0x727/0xd23
       [<ffffffff810560bc>] __lock_acquire+0x889/0x8fa
       [<ffffffff810539a7>] ? mark_lock+0x42f/0x51f
       [<ffffffff81056184>] lock_acquire+0x57/0x6d
       [<ffffffffa00200d4>] ? rxrpc_resend_time_expired+0x56/0x96 [af_rxrpc]
       [<ffffffff813e6b69>] _raw_read_lock_bh+0x34/0x43
       [<ffffffffa00200d4>] ? rxrpc_resend_time_expired+0x56/0x96 [af_rxrpc]
       [<ffffffffa00200d4>] rxrpc_resend_time_expired+0x56/0x96 [af_rxrpc]
       [<ffffffff8103b6e6>] run_timer_softirq+0x1f3/0x2a5
       [<ffffffff8103b675>] ? run_timer_softirq+0x182/0x2a5
       [<ffffffffa002007e>] ? rxrpc_resend_time_expired+0x0/0x96 [af_rxrpc]
       [<ffffffff810367ef>] ? __do_softirq+0x69/0x13e
       [<ffffffff81036828>] __do_softirq+0xa2/0x13e
       [<ffffffff81002dcc>] call_softirq+0x1c/0x28
       [<ffffffff810049f0>] do_softirq+0x38/0x80
       [<ffffffff810361a2>] irq_exit+0x45/0x47
       [<ffffffff81018fb3>] smp_apic_timer_interrupt+0x88/0x96
       [<ffffffff81002893>] apic_timer_interrupt+0x13/0x20
       <EOI>  [<ffffffff81049de1>] ? __atomic_notifier_call_chain+0x0/0x86
       [<ffffffff8100955b>] ? mwait_idle+0x6e/0x78
       [<ffffffff81009552>] ? mwait_idle+0x65/0x78
       [<ffffffff810011ac>] cpu_idle+0x4d/0x83
       [<ffffffff813e06f3>] start_secondary+0x1bd/0x1c1
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      3b5bac2b
    • C
      sch_sfq: add sanity check for the packet length · f2f00981
      Changli Gao 提交于
      The packet length should be checked before the packet data is dereferenced.
      Signed-off-by: NChangli Gao <xiaosuo@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      f2f00981
    • C
      cls_rsvp: add sanity check for the packet length · 12dc96d1
      Changli Gao 提交于
      The packet length should be checked before the packet data is dereferenced.
      Signed-off-by: NChangli Gao <xiaosuo@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      12dc96d1
    • C
      cls_flow: add sanity check for the packet length · 4b95c3d4
      Changli Gao 提交于
      The packet length should be checked before the packet data is dereferenced.
      Signed-off-by: NChangli Gao <xiaosuo@gmail.com>
      Acked-by: NPatrick McHardy <kaber@trash.net>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      4b95c3d4