- 01 Oct, 2009 2 commits
-
-
Peter P Waskiewicz Jr authored
Backplane flow control autonegotiation is currently broken for ixgbe devices. This patch fixes the flow control issues with clause 37 autoneg. Signed-off-by: Peter P Waskiewicz Jr <peter.p.waskiewicz.jr@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Peter P Waskiewicz Jr authored
82599 has a different register offset for the Tx DCA control registers. We disable relaxed ordering of the descriptor writebacks for Tx head writeback, but didn't disable it properly for 82599. However, this shouldn't be a visible issue, since ixgbe doesn't use Tx head writeback. This patch just makes sure we're not doing blind writes to offsets we don't expect. Signed-off-by: Peter P Waskiewicz Jr <peter.p.waskiewicz.jr@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
- 30 Sep, 2009 6 commits
-
-
Jarek Poplawski authored
In ax25_make_new, if kmemdup of digipeat returns an error, there would be an oops in sk_free while calling sk_destruct, because sk_protinfo is NULL at the moment; move sk->sk_destruct initialization after this. BTW of reported-by: Bernard Pidoux F6BVP <f6bvp@free.fr> Signed-off-by: Jarek Poplawski <jarkao2@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Eric Dumazet authored
Since commit 9b22ea56 ( net: fix packet socket delivery in rx irq handler ) We lost rx timestamping of packets received on accelerated vlans. Effect is that tcpdump on real dev can show strange timings, since it gets rx timestamps too late (ie at skb dequeueing time, not at skb queueing time) 14:47:26.986871 IP 192.168.20.110 > 192.168.20.141: icmp 64: echo request seq 1 14:47:26.986786 IP 192.168.20.141 > 192.168.20.110: icmp 64: echo reply seq 1 14:47:27.986888 IP 192.168.20.110 > 192.168.20.141: icmp 64: echo request seq 2 14:47:27.986781 IP 192.168.20.141 > 192.168.20.110: icmp 64: echo reply seq 2 14:47:28.986896 IP 192.168.20.110 > 192.168.20.141: icmp 64: echo request seq 3 14:47:28.986780 IP 192.168.20.141 > 192.168.20.110: icmp 64: echo reply seq 3 Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Rémi Denis-Courmont authored
From: Rémi Denis-Courmont <remi.denis-courmont@nokia.com> port_mutex was unlocked twice. Signed-off-by: Rémi Denis-Courmont <remi.denis-courmont@nokia.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Sascha Hlusiak authored
When requesting all prl entries (kprl.addr == INADDR_ANY) and there are more prl entries than there is space passed from userspace, the existing code would always copy cmax+1 entries, which is more than can be handled. This patch makes the kernel copy only exactly cmax entries. Signed-off-by: Sascha Hlusiak <contact@saschahlusiak.de> Acked-By: Fred L. Templin <Fred.L.Templin@boeing.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Eric Dumazet authored
Commit 2b85a34e (net: No more expensive sock_hold()/sock_put() on each tx) opens a window in sock_wfree() where another cpu might free the socket we are working on. A fix is to call sk->sk_write_space(sk) while still holding a reference on sk. Reported-by: Jike Song <albcamus@gmail.com> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
This provides safety against negative optlen at the type level instead of depending upon (sometimes non-trivial) checks against this sprinkled all over the the place, in each and every implementation. Based upon work done by Arjan van de Ven and feedback from Linus Torvalds. Signed-off-by: David S. Miller <davem@davemloft.net>
-
- 28 Sep, 2009 17 commits
-
-
Alan Jenkins authored
Without this, the hard-blocked state will be reported incorrectly if the hardware switch is changed while the laptop is suspended. Signed-off-by: Alan Jenkins <alan-jenkins@tuffmail.co.uk> Tested-by: Norbert Preining <preining@logic.at> Acked-by: Mattia Dongili <malattia@linux.it> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Alan Jenkins authored
"I recently (on a flight) I found out that when I boot with the hard-switch activated, so turning off all wireless activity on my laptop, the state is not correctly announced in /dev/rfkill (reading it with rfkill command, or my own gnome applet)... After turning off and on again the hard-switch the events were right." We can fix this by querying the firmware at load time and calling rfkill_set_hw_state(). Signed-off-by: Alan Jenkins <alan-jenkins@tuffmail.co.uk> Tested-by: Norbert Preining <preining@logic.at> Acked-by: Johannes Berg <johannes@sipsolutions.net> Acked-by: Mattia Dongili <malattia@linux.it> CC: stable@kernel.org Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Johannes Berg authored
The move away from having drivers assign wireless handlers, in favour of making cfg80211 assign them, broke the sysfs registration (the wireless/ dir went missing) because the handlers are now assigned only after registration, which is too late. Fix this by special-casing cfg80211-based devices, all of which are required to have an ieee80211_ptr, in the sysfs code, and also using get_wireless_stats() to have the same values reported as in procfs. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Reported-by: Hugh Dickins <hugh.dickins@tiscali.co.uk> Tested-by: Hugh Dickins <hugh.dickins@tiscali.co.uk> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Arjan van de Ven authored
The wireless extensions have a copy_from_user to a local stack array "essid", but both me and gcc have failed to find where the bounds for this copy are located in the code. This patch adds some basic sanity checks for the copy length to make sure that we don't overflow the stack buffer. Signed-off-by: Arjan van de Ven <arjan@linux.intel.com> Cc: linux-wireless@vger.kernel.org Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Johannes Berg authored
It's useful to know the MAC address when being disassociated; fix a typo (missing colon) and move some messages so we get them only when they are actually taking effect. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Johannes Berg authored
Multiple problems were reported due to interaction between wpa_supplicant and the wext compat code in cfg80211, which appear to be due to it not getting any bss pointer here when wpa_supplicant sets all parameters -- do that now. We should still get the bss after doing an extra scan, but that appears to increase the time we need for connecting enough to sometimes cause timeouts. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Tested-by: Hin-Tak Leung <hintak.leung@gmail.com>, Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Reinette Chatre authored
When hardware or uCode problem occurs driver captures significant information from device to enable debugging. The format of this information is different between 3945 and 4965 and later devices, yet currently the 3945 uses the 4965 and later format. Fix this by adding a new library call that is initialized to the correct formatting routine based on device. This moves the iwlagn event and error log handling back to iwl-agn.c to make it part of iwlagn module. Also remove the 3945 sysfs file that triggers dump of event log - there is already a debugfs file that can do it for all drivers. Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Reinette Chatre authored
Also free the array of command pointers and meta data of each command buffer when command queue is freed. Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Reinette Chatre authored
We keep track of where to write into a buffer by keeping a count of how much has been written so far. When writing to the buffer we thus take the buffer pointer and adding the count of what has been written so far. Keeping track of what has been written so far is done by incrementing this number every time something is written to the buffer with how much has been written at that time. Currently this number is incremented incorrectly when using the "hex_dump_to_buffer" call to add data to the buffer. Fix this by only adding what has been added to the buffer in that call instead of what has been added since beginning of buffer. Issue was discovered and discussed during testing of https://bugzilla.redhat.com/show_bug.cgi?id=464598 . When a user views any of these files they will see something like: [ 179.355202] ------------[ cut here ]------------ [ 179.355209] WARNING: at ../lib/vsprintf.c:989 vsnprintf+0x5ec/0x5f0() [ 179.355212] Hardware name: VGN-Z540N [ 179.355213] Modules linked in: i915 drm i2c_algo_bit i2c_core ipv6 acpi_cpufreq cpufreq_userspace cpufreq_powersave cpufreq_ondemand cpufreq_conservative cpufreq_stats freq_table container sbs sbshc arc4 ecb iwlagn iwlcore joydev led_class mac80211 af_packet pcmcia psmouse sony_laptop cfg80211 iTCO_wdt iTCO_vendor_support pcspkr serio_raw rfkill intel_agp video output tpm_infineon tpm tpm_bios button battery yenta_socket rsrc_nonstatic pcmcia_core processor ac evdev ext3 jbd mbcache sr_mod sg cdrom sd_mod ahci libata scsi_mod ehci_hcd uhci_hcd usbcore thermal fan thermal_sys [ 179.355262] Pid: 5449, comm: cat Not tainted 2.6.31-wl-54419-ge881071 #62 [ 179.355264] Call Trace: [ 179.355267] [<ffffffff811ad14c>] ? vsnprintf+0x5ec/0x5f0 [ 179.355271] [<ffffffff81041348>] warn_slowpath_common+0x78/0xd0 [ 179.355275] [<ffffffff810413af>] warn_slowpath_null+0xf/0x20 [ 179.355277] [<ffffffff811ad14c>] vsnprintf+0x5ec/0x5f0 [ 179.355280] [<ffffffff811ad23d>] ? scnprintf+0x5d/0x80 [ 179.355283] [<ffffffff811ad23d>] scnprintf+0x5d/0x80 [ 179.355286] [<ffffffff811aed29>] ? hex_dump_to_buffer+0x189/0x340 [ 179.355290] [<ffffffff810e91d7>] ? __kmalloc+0x207/0x260 [ 179.355303] [<ffffffffa02a02f8>] iwl_dbgfs_nvm_read+0xe8/0x220 [iwlcore] [ 179.355306] [<ffffffff811a9b62>] ? __up_read+0x92/0xb0 [ 179.355310] [<ffffffff810f0988>] vfs_read+0xc8/0x1a0 [ 179.355313] [<ffffffff810f0b50>] sys_read+0x50/0x90 [ 179.355316] [<ffffffff8100bd6b>] system_call_fastpath+0x16/0x1b [ 179.355319] ---[ end trace 2383d0d5e0752ca0 ]--- Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Johannes Berg authored
When wpa_supplicant is used to connect to open networks, it causes the wdev->wext.keys to point to key memory, but that key memory is all empty. Only use privacy when there is a default key to be used. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Tested-by: Luis R. Rodriguez <lrodriguez@atheros.com> Tested-by: Kalle Valo <kalle.valo@iki.fi> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Johannes Berg authored
Currently, cfg80211's SIOCGIWAP implementation returns the BSSID that the user set, even if the connection has since been dropped due to other changes. It only should return the current BSSID when actually connected. Also do a small code cleanup. Reported-by: Thomas H. Guenther <thomas.h.guenther@intel.com> Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Tested-by: Thomas H. Guenther <thomas.h.guenther@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Arjan van de Ven authored
The sys_socketcall() function has a very clever system for the copy size of its arguments. Unfortunately, gcc cannot deal with this in terms of proving that the copy_from_user() is then always in bounds. This is the last (well 9th of this series, but last in the kernel) such case around. With this patch, we can turn on code to make having the boundary provably right for the whole kernel, and detect introduction of new security accidents of this type early on. Signed-off-by: Arjan van de Ven <arjan@linux.intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Jeff Hansen authored
There is a potential double-kfree in net/bridge/br_if.c. If br_fdb_insert fails, then the kobject is put back (which calls kfree due to the kobject release), and then kfree is called again on the net_bridge_port. This patch fixes the crash. Thanks to Stephen Hemminger for the one-line fix. Signed-off-by: Jeff Hansen <x@jeffhansen.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Randy Dunlap authored
Commit cb3824ba didn't fix this problem. Fix build errors in netjet, using isdnhdlc module: drivers/built-in.o: In function `mode_tiger': netjet.c:(.text+0x1ca0c7): undefined reference to `isdnhdlc_rcv_init' netjet.c:(.text+0x1ca0d4): undefined reference to `isdnhdlc_out_init' drivers/built-in.o: In function `fill_dma': netjet.c:(.text+0x1ca2bd): undefined reference to `isdnhdlc_encode' drivers/built-in.o: In function `read_dma': netjet.c:(.text+0x1ca614): undefined reference to `isdnhdlc_decode' drivers/built-in.o: In function `nj_irq': netjet.c:(.text+0x1cb07a): undefined reference to `isdnhdlc_encode' drivers/built-in.o: In function `isdnhdlc_decode': (.text+0x1c2088): undefined reference to `crc_ccitt_table' drivers/built-in.o: In function `isdnhdlc_encode': (.text+0x1c2339): undefined reference to `crc_ccitt_table' Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Juha Leppanen authored
The prefix decrement causes a very long loop if pci_pool_alloc() failed in the first iteration. Also I swapped rbps and rbpl arguments. Reported-by: Juha Leppanen <juha_motorsportcom@luukku.com> Signed-off-by: Roel Kluin <roel.kluin@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Ralf Baechle authored
ax25_setsockopt SO_BINDTODEVICE is missing a dev_put call in case of success. Re-order code to fix this bug. While at it also reformat two lines of code to comply with the Linux coding style. Initial patch by Jarek Poplawski <jarkao2@gmail.com>. Reported-by: Bernard Pidoux F6BVP <f6bvp@free.fr> Signed-off-by: Ralf Baechle <ralf@linux-mips.org> Signed-off-by: David S. Miller <davem@davemloft.net>
- 27 Sep, 2009 15 commits
-
-
Sascha Hlusiak authored
This reverts commit 64506929. While the code does not actually break anything, it does not completely follow RFC5214 yet. After talking back with Fred L. Templin, I agree that completing the ISATAP specific RS/RA code, would pollute the kernel a lot with code that is better implemented in userspace. The kernel should not send RS packages for ISATAP at all. Signed-off-by: Sascha Hlusiak <contact@saschahlusiak.de> Acked-by: Fred L. Templin <Fred.L.Templin@boeing.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
John Fastabend authored
netlink_unicast() calls kfree_skb even in the error case. dcbnl calls netlink_unicast() which when it fails free's the skb and returns an error value. dcbnl is free'ing the skb again when this error occurs. This patch removes the double free. Signed-off-by: John Fastabend <john.r.fastabend@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
John Fastabend authored
Currently, the nlmsg->len field is not set correctly in netlink_ack() for ack messages that include the nlmsg of the error frame. This corrects the length field passed to __nlmsg_put to use the correct payload size. Signed-off-by: John Fastabend <john.r.fastabend@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
John Fastabend authored
Fix vlan_get_size to include vlan->flags. Currently, the size of the vlan flags is not included in the nlmsg size. Signed-off-by: John Fastabend <john.r.fastabend@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Don Skidmore authored
The function e1000_enable_tx_pkt_filtering() was removed in a previous cleanup patch. this removes the no longer used prototype. Signed-off-by: Don Skidmore <donald.c.skidmore@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Jesse Brandeburg authored
a couple of functions needed to be removed/declared static Signed-off-by: Jesse Brandeburg <jesse.brandeburg@intel.com> Signed-off-by: Don Skidmore <donald.c.skidmore@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Jesse Brandeburg authored
eerd and eewr don't exist on pre PCIe devices Signed-off-by: Jesse Brandeburg <jesse.brandeburg@intel.com> Signed-off-by: Don Skidmore <donald.c.skidmore@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Jesse Brandeburg authored
A large whitespace change to e1000_hw.[ch] in order to update it to kernel coding style (by running lindent). Updated function header comments into kdoc style. Signed-off-by: Jesse Brandeburg <jesse.brandeburg@intel.com> Signed-off-by: Don Skidmore <donald.c.skidmore@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Jesse Brandeburg authored
adapter was being assigned twice, also clarified variable name and unwrapped line. Signed-off-by: Jesse Brandeburg <jesse.brandeburg@intel.com> Signed-off-by: Don Skidmore <donald.c.skidmore@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Jesse Brandeburg authored
this patch fixes a bug that occurs when routing packets and simultaneously changing the mtu. the rx_buffer_len variable is used during the rx cleanup and if that changes on the fly without stopping traffic bad things happen Signed-off-by: Jesse Brandeburg <jesse.brandeburg@intel.com> Signed-off-by: Don Skidmore <donald.c.skidmore@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Jesse Brandeburg authored
1) 82544 does not need last_tx_tso workaround, it interferes with the 82544 workaround too 2) 82544 hang workaround was using the address of the page struct instead of the physical address as its "workaround decider" not sure how that ever worked Signed-off-by: Jesse Brandeburg <jesse.brandeburg@intel.com> Signed-off-by: Don Skidmore <donald.c.skidmore@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Jesse Brandeburg authored
This fix closes a race where the adapter can be shutting down while hard_start_xmit is being called and interrupts are being handled. Signed-off-by: Jesse Brandeburg <jesse.brandeburg@intel.com> Signed-off-by: Don Skidmore <donald.c.skidmore@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Jesse Brandeburg authored
e1000 was using one particular way to detect link, but with the advent of some of the newer hardware designs using SERDES connections, tests for link must completely cover all cases. Signed-off-by: Jesse Brandeburg <jesse.brandeburg@intel.com> Signed-off-by: Don Skidmore <donald.c.skidmore@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Jesse Brandeburg authored
there were some hotplug cases that made timers still run after the driver had been removed, make sure to stop all the timers and not allow racy reschedules. Signed-off-by: Jesse Brandeburg <jesse.brandeburg@intel.com> Signed-off-by: Don Skidmore <donald.c.skidmore@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Jesse Brandeburg authored
we can use netif_tx_disable now because LLTX has been removed. Signed-off-by: Jesse Brandeburg <jesse.brandeburg@intel.com> Signed-off-by: Don Skidmore <donald.c.skidmore@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-