- 11 Nov, 2013 29 commits
-
-
Dan Carpenter authored
There are several places which are missing unlocks. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Wei Yongjun authored
Add the missing unlock before return from function wcn36xx_smd_update_proberesp_tmpl() in the error handling case. Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Sujith Manoharan authored
Currently, the PLL is turned off for AR9485 when switching to a low power state, but AR9485 has an issue where the card will become unresponsive if left idle for a long time without any traffic. To fix this, force the PLL to always be on using a different initval array, ar9485_1_1_pll_on_cdr_on_clkreq_disable_L1. This is done for most of the AR9485 based cards like HB125, WB225 etc. but certain models require the feature to be turned off. Identify such cards and use default values for them. Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Dan Carpenter authored
On 64 bit systems we write past the end of the arg[] array. Fixes: 8e84c258 ('wcn36xx: mac80211 driver for Qualcomm WCN3660/WCN3680 hardware') Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Ujjal Roy authored
The eth_hdr is never defined in this driver but it gets compiled without any warning/error because kernel has defined eth_hdr. Fix it by defining our own p_ethhdr and use it instead of eth_hdr. Cc: <stable@vger.kernel.org> # 3.7+ Signed-off-by: Ujjal Roy <royujjal@gmail.com> Signed-off-by: Amitkumar Karwar <akarwar@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Avinash Patil authored
While receiving a packet on SDIO interface, we allocate skb with size multiple of SDIO block size. We need to resize this skb after RX using packet length from RX header. Cc: <stable@vger.kernel.org> Signed-off-by: Avinash Patil <patila@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Larry Finger authored
The routine that processes received frames was returning the RSSI value for the signal strength; however, that value is available only for associated APs. As a result, the strength was the absurd value of 10 dBm. As a result, scans return incorrect values for the strength, which causes unwanted attempts to roam. Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Cc: Stable <stable@vger.kernel.org> [3.1+] Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Larry Finger authored
The routine that processes received frames was returning the RSSI value for the signal strength; however, that value is available only for associated APs. As a result, the strength was the absurd value of 10 dBm. As a result, scans return incorrect values for the strength, which causes unwanted attempts to roam. Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Cc: Stable <stable@vger.kernel.org> [2.6.39+] Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Larry Finger authored
The routine that processes received frames was returning the RSSI value for the signal strength; however, that value is available only for associated APs. As a result, the strength was the absurd value of 10 dBm. As a result, scans return incorrect values for the strength, which causes unwanted attempts to roam. This patch fixes https://bugzilla.kernel.org/show_bug.cgi?id=63881. Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Reported-by: Matthieu Baerts <matttbe@gmail.com> Cc: Stable <stable@vger.kernel.org> [3.0 +] Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Mark Cave-Ayland authored
All of the rtlwifi drivers have an error in the routine that tests if the data is "special". If it is, the subsequant transmission will be at the lowest rate to enhance reliability. The 16-bit quantity is big-endian, but was being extracted in native CPU mode. One of the effects of this bug is to inhibit association under some conditions as the TX rate is too high. Based on suggestions by Joe Perches, the entire routine is rewritten. One of the local headers contained duplicates of some of the ETH_P_XXX definitions. These are deleted. Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Cc: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Cc: Stable <stable@vger.kernel.org> [2.6.38+] Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Janusz Dziedzic authored
Fix possible NULL (sc->dfs_detector) pointer dereference. Detected by Smatch: drivers/net/wireless/ath/ath9k/dfs_debug.c:67 read_file_dfs() error: we previously assumed 'sc->dfs_detector' could be null (see line 47) Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Janusz Dziedzic authored
Use correct width enums when setup radar_detect_widths for DFS. Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Stanislaw Gruszka authored
Since: commit 36323f81 Author: Thomas Huehn <thomas@net.t-labs.tu-berlin.de> Date: Mon Jul 23 21:33:42 2012 +0200 mac80211: move TX station pointer and restructure TX we do not pass sta pointer to rt2x00queue_create_tx_descriptor_ht(), hence we do not correctly set station WCID and AMPDU density parameters. Cc: stable@vger.kernel.org # 3.7+ Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com> Acked-by: Gertjan van Wingerde <gwingerde@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Wei Yongjun authored
Fix to return -ENODEV in the unknown model error handling case instead of 0, as done elsewhere in this function. Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn> Acked-by: Dan Williams <dcbw@redhat.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Dan Carpenter authored
If we do a zero size allocation then it will oops. Also we can't be sure the user passes us a NUL terminated string so I've added a terminator. This code can only be triggered by root. Reported-by: Nico Golde <nico@ngolde.de> Reported-by: Fabian Yamaguchi <fabs@goesec.de> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Acked-by: Dan Williams <dcbw@redhat.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Colin Ian King authored
kmalloc on efuse_word can return null, leading to free'ing of elements in efuse_word on the error exit path even though it has not been allocated. Instead, don't free the elements of efuse_word if kmalloc failed. Also, kmalloc of any of the arrays in efuse_word[] can also fail, leading to undefined contents in the remaining elements leading to problems when free'ing these elements later on. So kzalloc efuse_word to ensure the kfree on the remaining elements won't cause breakage. Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Amitkumar Karwar authored
While parsing TLVs, return failure if number of remaining bytes are less than current tlv length. This avoids invalid memory access. Signed-off-by: Amitkumar Karwar <akarwar@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Amitkumar Karwar authored
As tlv_buf_len is decremented at the end of the loop, we may have accessed invalid memory in the last iteration. Modify the while condition and add a break statement at the begining of the loop to fix the problem. Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Amitkumar Karwar <akarwar@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Amitkumar Karwar authored
With "while (length)" check we may end up in accessing invalid memory in last iteration. This patch makes sure that tlv length is not less than the length of structure mwifiex_power_group when min/max power is calculated. Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Amitkumar Karwar <akarwar@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Amitkumar Karwar authored
__le16 to u16 conversion is missing for "pg_tlv_hdr->length" in mwifiex_get_power_level(). This creates a problem on big endian machines. It is resolved by changing definition of the structure and making required endianness changes. Signed-off-by: Amitkumar Karwar <akarwar@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Dan Carpenter authored
Before we loop for next iteration we adjust the buffer pointer and "resp_len": curr += (tlv_len + sizeof(tlv_hdr->header)); resp_len -= (tlv_len + sizeof(tlv_hdr->header)); If "resp_len" gets set to negative then it counts as a high positive value. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Amitkumar Karwar <akarwar@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Felipe Pena authored
There is a typo in the struct member name on assignment when checking rtlphy->current_chan_bw == HT_CHANNEL_WIDTH_20_40, the check uses pwrgroup_ht40 for bound limit and uses pwrgroup_ht20 when assigning instead. Signed-off-by: Felipe Pena <felipensp@gmail.com> Acked-by: Larry Finger <Larry.Finger@lwfinger.net> Cc: stable@vger.kernel.org [3.0+] Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Felipe Pena authored
On rt2800_config_channel_rf53xx function the member default_power1 is checked for bound limit, but default_power2 is used instead. Signed-off-by: Felipe Pena <felipensp@gmail.com> Acked-by: Gertjan van Wingerde <gwingerde@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Hannes Frederic Sowa authored
Fixes a suspicious rcu derference warning. Cc: Florent Fourcot <florent.fourcot@enst-bretagne.fr> Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
This is to avoid very silly Kconfig dependencies for modules using this routine. Signed-off-by: David S. Miller <davem@davemloft.net>
-
Jacob Keller authored
The max_vfs parameter has a limit of 63 and silently fails (adding 0 vfs) when it is out of range. This patch adds a warning so that the user knows something went wrong. Also, this patch moves the warning in ixgbe_enable_sriov() to where max_vfs is checked, so that even an out of range value will show the deprecated warning. Previously, an out of range parameter didn't even warn the user to use the new sysfs interface instead. Signed-off-by: Jacob Keller <jacob.e.keller@intel.com> Tested-by: Phil Schmitt <phillip.j.schmitt@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Carolyn Wyborny authored
This patch fixes multiple problems in the link modes display in ethtool. Newer parts have more complicated methods to determine actual link capabilities. Older parts cannot communicate with their SFP modules. Finally, all the available defines are not displayed by ethtool. This updates the link modes to be as accurate as possible depending on what data is available to the driver at any given time. Signed-off-by: Carolyn Wyborny <carolyn.wyborny@intel.com> Tested-by: Jeff Pieper <jeffrey.e.pieper@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Jiri Pirko authored
Pushing original fragments through causes several problems. For example for matching, frags may not be matched correctly. Take following example: <example> On HOSTA do: ip6tables -I INPUT -p icmpv6 -j DROP ip6tables -I INPUT -p icmpv6 -m icmp6 --icmpv6-type 128 -j ACCEPT and on HOSTB you do: ping6 HOSTA -s2000 (MTU is 1500) Incoming echo requests will be filtered out on HOSTA. This issue does not occur with smaller packets than MTU (where fragmentation does not happen) </example> As was discussed previously, the only correct solution seems to be to use reassembled skb instead of separete frags. Doing this has positive side effects in reducing sk_buff by one pointer (nfct_reasm) and also the reams dances in ipvs and conntrack can be removed. Future plan is to remove net/ipv6/netfilter/nf_conntrack_reasm.c entirely and use code in net/ipv6/reassembly.c instead. Signed-off-by: Jiri Pirko <jiri@resnulli.us> Acked-by: Julian Anastasov <ja@ssi.bg> Signed-off-by: Marcelo Ricardo Leitner <mleitner@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Jiri Pirko authored
If reassembled packet would fit into outdev MTU, it is not fragmented according the original frag size and it is send as single big packet. The second case is if skb is gso. In that case fragmentation does not happen according to the original frag size. This patch fixes these. Signed-off-by: Jiri Pirko <jiri@resnulli.us> Signed-off-by: David S. Miller <davem@davemloft.net>
-
- 09 Nov, 2013 2 commits
-
-
Sebastian Hesselbarth authored
Lennart says: "I haven't been able to spend time on mv643xx_eth for a while now, so if you want to take over maintainership, I'd be fine with that." Signed-off-by: Sebastian Hesselbarth <sebastian.hesselbarth@gmail.com> Acked-by: Lennert Buytenhek <buytenh@wantstofly.org> Acked-by: Jason Cooper <jason@lakedaemon.net> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Yang Yingliang authored
With psched_ratecfg_precompute(), tbf can deal with 64bit rates. Add two new attributes so that tc can use them to break the 32bit limit. Signed-off-by: Yang Yingliang <yangyingliang@huawei.com> Suggested-by: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com> Acked-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
- 08 Nov, 2013 9 commits
-
-
John Fastabend authored
The number of stations in use is kept in the num_rx_pools counter in the ixgbe_adapter structure. This is in turn used by the queue allocation scheme to determine how many queues are needed to support the number of pools in use with the current feature set. This works as long as the pools are added and destroyed in order because (num_rx_pools * queues_per_pool) is equal to the last queue in use by a pool. But as soon as you delete a pool out of order this is no longer the case. So the above multiplication allocates to few queues and a pool may reference a ring that has not been allocated/initialized. To resolve use the bit mask of in use pools to determine the final pool being used and allocate enough queues so that we don't inadvertently remove its queues. # ip link add link eth2 \ numtxqueues 4 numrxqueues 4 txqueuelen 50 type macvlan # ip link set dev macvlan0 up # ip link add link eth2 \ numtxqueues 4 numrxqueues 4 txqueuelen 50 type macvlan # ip link set dev macvlan1 up # for i in {0..100}; do ip link set dev macvlan0 down; ip link set dev macvlan0 up; done; Signed-off-by: John Fastabend <john.r.fastabend@intel.com> Acked-by: Neil Horman <nhorman@tuxdriver.com> Acked-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
John Fastabend authored
In the recent support for layer 2 hardware acceleration, I added a few references to real_num_rx_queues and num_rx_queues which are only available with CONFIG_RPS. The fix is first to remove unnecessary references to num_rx_queues. Because the hardware offload case is limited to cases where RX queues and TX queues are equal we only need a single check. Then wrap the single case in an ifdef. The patch that introduce this is here, commit a6cc0cfa Author: John Fastabend <john.r.fastabend@intel.com> Date: Wed Nov 6 09:54:46 2013 -0800 net: Add layer 2 hardware acceleration operations for macvlan devices Reported-by: kbuild test robot <fengguang.wu@intel.com> Signed-off-by: John Fastabend <john.r.fastabend@intel.com> Acked-by: Neil Horman <nhorman@tuxdriver.com> Acked-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Duan Jiong authored
As the rfc 4191 said, the Router Preference and Lifetime values in a ::/0 Route Information Option should override the preference and lifetime values in the Router Advertisement header. But when the kernel deals with a ::/0 Route Information Option, the rt6_get_route_info() always return NULL, that means that overriding will not happen, because those default routers were added without flag RTF_ROUTEINFO in rt6_add_dflt_router(). In order to deal with that condition, we should call rt6_get_dflt_router when the prefix length is 0. Signed-off-by: Duan Jiong <duanj.fnst@cn.fujitsu.com> Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Jiri Benc authored
Commit 0628b123 ("netfilter: nfnetlink: add batch support and use it from nf_tables") introduced a bug leading to various crashes in netlink_ack when netlink message with invalid nlmsg_len was sent by an unprivileged user. Signed-off-by: Jiri Benc <jbenc@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Andreas Henriksson authored
When trying to delete a table >= 256 using iproute2 the local table will be deleted. The table id is specified as a netlink attribute when it needs more then 8 bits and iproute2 then sets the table field to RT_TABLE_UNSPEC (0). Preconditions to matching the table id in the rule delete code doesn't seem to take the "table id in netlink attribute" into condition so the frh_get_table helper function never gets to do its job when matching against current rule. Use the helper function twice instead of peaking at the table value directly. Originally reported at: http://bugs.debian.org/724783Reported-by: Nicolas HICHER <nhicher@avencall.com> Signed-off-by: Andreas Henriksson <andreas@fatal.se> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Florent Fourcot authored
Take ip6_fl_lock before to read and update a label. v2: protect only the relevant code Reported-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: Florent Fourcot <florent.fourcot@enst-bretagne.fr> Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Florent Fourcot authored
If the last RFC 6437 does not give any constraints for lifetime of flow labels, the previous RFC 3697 spoke of a minimum of 120 seconds between reattribution of a flow label. The maximum linger is currently set to 60 seconds and does not allow this configuration without CAP_NET_ADMIN right. This patch increase the maximum linger to 150 seconds, allowing more flexibility to standard users. Signed-off-by: Florent Fourcot <florent.fourcot@enst-bretagne.fr> Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Florent Fourcot authored
It is already possible to set/put/renew a label with IPV6_FLOWLABEL_MGR and setsockopt. This patch add the possibility to get information about this label (current value, time before expiration, etc). It helps application to take decision for a renew or a release of the label. v2: * Add spin_lock to prevent race condition * return -ENOENT if no result found * check if flr_action is GET v3: * move the spin_lock to protect only the relevant code Signed-off-by: Florent Fourcot <florent.fourcot@enst-bretagne.fr> Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Eric Dumazet authored
By moving code around, we avoid : 1) A reload of iph->ihl (bit field, so needs a mask) 2) A conditional test (replaced by a conditional mov on x86) Fast path loads iph->protocol anyway. Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-