1. 28 Sep, 2009 8 commits
    • Arjan van de Ven's avatar
      wext: Add bound checks for copy_from_user · 8503bd8c
      Arjan van de Ven authored
      The wireless extensions have a copy_from_user to a local stack
      array "essid", but both me and gcc have failed to find where
      the bounds for this copy are located in the code.
      
      This patch adds some basic sanity checks for the copy length
      to make sure that we don't overflow the stack buffer.
      Signed-off-by: default avatarArjan van de Ven <arjan@linux.intel.com>
      Cc: linux-wireless@vger.kernel.org
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      8503bd8c
    • Johannes Berg's avatar
      mac80211: improve/fix mlme messages · 0ff71613
      Johannes Berg authored
      It's useful to know the MAC address when being
      disassociated; fix a typo (missing colon) and
      move some messages so we get them only when they
      are actually taking effect.
      Signed-off-by: default avatarJohannes Berg <johannes@sipsolutions.net>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      0ff71613
    • Johannes Berg's avatar
      cfg80211: always get BSS · 8bb89485
      Johannes Berg authored
      Multiple problems were reported due to interaction
      between wpa_supplicant and the wext compat code in
      cfg80211, which appear to be due to it not getting
      any bss pointer here when wpa_supplicant sets all
      parameters -- do that now. We should still get the
      bss after doing an extra scan, but that appears to
      increase the time we need for connecting enough to
      sometimes cause timeouts.
      Signed-off-by: default avatarJohannes Berg <johannes@sipsolutions.net>
      Tested-by: Hin-Tak Leung <hintak.leung@gmail.com>,
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      8bb89485
    • Reinette Chatre's avatar
      iwlwifi: fix 3945 ucode info retrieval after failure · b7a79404
      Reinette Chatre authored
      When hardware or uCode problem occurs driver captures significant
      information from device to enable debugging. The format of this information
      is different between 3945 and 4965 and later devices, yet currently the
      3945 uses the 4965 and later format. Fix this by adding a new library call
      that is initialized to the correct formatting routine based on device.
      
      This moves the iwlagn event and error log handling back to iwl-agn.c to
      make it part of iwlagn module.
      
      Also remove the 3945 sysfs file that triggers dump of event log - there is
      already a debugfs file that can do it for all drivers.
      Signed-off-by: default avatarReinette Chatre <reinette.chatre@intel.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      b7a79404
    • Reinette Chatre's avatar
      iwlwifi: fix memory leak in command queue handling · 28142986
      Reinette Chatre authored
      Also free the array of command pointers and meta data of each
      command buffer when command queue is freed.
      Signed-off-by: default avatarReinette Chatre <reinette.chatre@intel.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      28142986
    • Reinette Chatre's avatar
      iwlwifi: fix debugfs buffer handling · 2fac9717
      Reinette Chatre authored
      We keep track of where to write into a buffer by keeping a count of how
      much has been written so far. When writing to the buffer we thus take the
      buffer pointer and adding the count of what has been written so far.
      Keeping track of what has been written so far is done by incrementing
      this number every time something is written to the buffer with how much has
      been written at that time.
      
      Currently this number is incremented incorrectly when using the
      "hex_dump_to_buffer" call to add data to the buffer. Fix this by only
      adding what has been added to the buffer in that call instead of what has
      been added since beginning of buffer.
      
      Issue was discovered and discussed during testing of
      https://bugzilla.redhat.com/show_bug.cgi?id=464598 .
      
      When a user views any of these files they will see something like:
      
      [  179.355202] ------------[ cut here ]------------
      [  179.355209] WARNING: at ../lib/vsprintf.c:989 vsnprintf+0x5ec/0x5f0()
      [  179.355212] Hardware name: VGN-Z540N
      [  179.355213] Modules linked in: i915 drm i2c_algo_bit i2c_core ipv6 acpi_cpufreq cpufreq_userspace cpufreq_powersave cpufreq_ondemand cpufreq_conservative cpufreq_stats freq_table container sbs sbshc arc4 ecb iwlagn iwlcore joydev led_class mac80211 af_packet pcmcia psmouse sony_laptop cfg80211 iTCO_wdt iTCO_vendor_support pcspkr serio_raw rfkill intel_agp video output tpm_infineon tpm tpm_bios button battery yenta_socket rsrc_nonstatic pcmcia_core processor ac evdev ext3 jbd mbcache sr_mod sg cdrom sd_mod ahci libata scsi_mod ehci_hcd uhci_hcd usbcore thermal fan thermal_sys
      [  179.355262] Pid: 5449, comm: cat Not tainted 2.6.31-wl-54419-ge881071 #62
      [  179.355264] Call Trace:
      [  179.355267]  [<ffffffff811ad14c>] ? vsnprintf+0x5ec/0x5f0
      [  179.355271]  [<ffffffff81041348>] warn_slowpath_common+0x78/0xd0
      [  179.355275]  [<ffffffff810413af>] warn_slowpath_null+0xf/0x20
      [  179.355277]  [<ffffffff811ad14c>] vsnprintf+0x5ec/0x5f0
      [  179.355280]  [<ffffffff811ad23d>] ? scnprintf+0x5d/0x80
      [  179.355283]  [<ffffffff811ad23d>] scnprintf+0x5d/0x80
      [  179.355286]  [<ffffffff811aed29>] ? hex_dump_to_buffer+0x189/0x340
      [  179.355290]  [<ffffffff810e91d7>] ? __kmalloc+0x207/0x260
      [  179.355303]  [<ffffffffa02a02f8>] iwl_dbgfs_nvm_read+0xe8/0x220 [iwlcore]
      [  179.355306]  [<ffffffff811a9b62>] ? __up_read+0x92/0xb0
      [  179.355310]  [<ffffffff810f0988>] vfs_read+0xc8/0x1a0
      [  179.355313]  [<ffffffff810f0b50>] sys_read+0x50/0x90
      [  179.355316]  [<ffffffff8100bd6b>] system_call_fastpath+0x16/0x1b
      [  179.355319] ---[ end trace 2383d0d5e0752ca0 ]---
      Signed-off-by: default avatarReinette Chatre <reinette.chatre@intel.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      2fac9717
    • Johannes Berg's avatar
      cfg80211: don't set privacy w/o key · 4be3bd8c
      Johannes Berg authored
      When wpa_supplicant is used to connect to open networks,
      it causes the wdev->wext.keys to point to key memory, but
      that key memory is all empty. Only use privacy when there
      is a default key to be used.
      Signed-off-by: default avatarJohannes Berg <johannes@sipsolutions.net>
      Tested-by: default avatarLuis R. Rodriguez <lrodriguez@atheros.com>
      Tested-by: default avatarKalle Valo <kalle.valo@iki.fi>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      4be3bd8c
    • Johannes Berg's avatar
      cfg80211: wext: don't display BSSID unless associated · 33de4f9d
      Johannes Berg authored
      Currently, cfg80211's SIOCGIWAP implementation returns
      the BSSID that the user set, even if the connection has
      since been dropped due to other changes. It only should
      return the current BSSID when actually connected.
      
      Also do a small code cleanup.
      Reported-by: default avatarThomas H. Guenther <thomas.h.guenther@intel.com>
      Signed-off-by: default avatarJohannes Berg <johannes@sipsolutions.net>
      Tested-by: default avatarThomas H. Guenther <thomas.h.guenther@intel.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      33de4f9d
  2. 27 Sep, 2009 17 commits
  3. 25 Sep, 2009 4 commits
  4. 24 Sep, 2009 11 commits