diff options
| author | Jeff Garzik <jeff@garzik.org> | 2007-03-28 02:21:18 -0400 |
|---|---|---|
| committer | Jeff Garzik <jeff@garzik.org> | 2007-03-28 02:21:18 -0400 |
| commit | a9c87a10db08f53c5220f273d518390cbaeb55c8 (patch) | |
| tree | 02c62caea88ffae0c4ad945df0d60996d8e5d2f1 | |
| parent | c14bac628b9fad6fd4dad8fbb9e864c61a8924c9 (diff) | |
| parent | c2805fbb8630abb95d94ce7adc3f97976f7e0367 (diff) | |
Merge branch 'upstream-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6 into upstream-fixes
| -rw-r--r-- | drivers/net/wireless/bcm43xx/bcm43xx_phy.c | 4 | ||||
| -rw-r--r-- | drivers/net/wireless/bcm43xx/bcm43xx_radio.c | 12 | ||||
| -rw-r--r-- | fs/compat_ioctl.c | 9 | ||||
| -rw-r--r-- | include/linux/wireless.h | 21 | ||||
| -rw-r--r-- | include/net/iw_handler.h | 30 | ||||
| -rw-r--r-- | net/core/rtnetlink.c | 3 | ||||
| -rw-r--r-- | net/core/wireless.c | 82 |
7 files changed, 108 insertions, 53 deletions
diff --git a/drivers/net/wireless/bcm43xx/bcm43xx_phy.c b/drivers/net/wireless/bcm43xx/bcm43xx_phy.c index cae89258a640..d1e89be965cd 100644 --- a/drivers/net/wireless/bcm43xx/bcm43xx_phy.c +++ b/drivers/net/wireless/bcm43xx/bcm43xx_phy.c | |||
| @@ -757,7 +757,7 @@ static void bcm43xx_phy_initb5(struct bcm43xx_private *bcm) | |||
| 757 | if (radio->version == 0x2050) | 757 | if (radio->version == 0x2050) |
| 758 | bcm43xx_phy_write(bcm, 0x0038, 0x0667); | 758 | bcm43xx_phy_write(bcm, 0x0038, 0x0667); |
| 759 | 759 | ||
| 760 | if (phy->type == BCM43xx_PHYTYPE_G) { | 760 | if (phy->connected) { |
| 761 | if (radio->version == 0x2050) { | 761 | if (radio->version == 0x2050) { |
| 762 | bcm43xx_radio_write16(bcm, 0x007A, | 762 | bcm43xx_radio_write16(bcm, 0x007A, |
| 763 | bcm43xx_radio_read16(bcm, 0x007A) | 763 | bcm43xx_radio_read16(bcm, 0x007A) |
| @@ -1192,7 +1192,7 @@ static void bcm43xx_phy_initg(struct bcm43xx_private *bcm) | |||
| 1192 | bcm43xx_phy_write(bcm, 0x0811, 0x0400); | 1192 | bcm43xx_phy_write(bcm, 0x0811, 0x0400); |
| 1193 | bcm43xx_phy_write(bcm, 0x0015, 0x00C0); | 1193 | bcm43xx_phy_write(bcm, 0x0015, 0x00C0); |
| 1194 | } | 1194 | } |
| 1195 | if (phy->connected) { | 1195 | if (phy->rev >= 2 && phy->connected) { |
| 1196 | tmp = bcm43xx_phy_read(bcm, 0x0400) & 0xFF; | 1196 | tmp = bcm43xx_phy_read(bcm, 0x0400) & 0xFF; |
| 1197 | if (tmp < 6) { | 1197 | if (tmp < 6) { |
| 1198 | bcm43xx_phy_write(bcm, 0x04C2, 0x1816); | 1198 | bcm43xx_phy_write(bcm, 0x04C2, 0x1816); |
diff --git a/drivers/net/wireless/bcm43xx/bcm43xx_radio.c b/drivers/net/wireless/bcm43xx/bcm43xx_radio.c index ee1e7a2afc08..4025dd0089d2 100644 --- a/drivers/net/wireless/bcm43xx/bcm43xx_radio.c +++ b/drivers/net/wireless/bcm43xx/bcm43xx_radio.c | |||
| @@ -458,7 +458,7 @@ static void bcm43xx_calc_nrssi_offset(struct bcm43xx_private *bcm) | |||
| 458 | bcm43xx_phy_write(bcm, 0x005A, 0x0480); | 458 | bcm43xx_phy_write(bcm, 0x005A, 0x0480); |
| 459 | bcm43xx_phy_write(bcm, 0x0059, 0x0810); | 459 | bcm43xx_phy_write(bcm, 0x0059, 0x0810); |
| 460 | bcm43xx_phy_write(bcm, 0x0058, 0x000D); | 460 | bcm43xx_phy_write(bcm, 0x0058, 0x000D); |
| 461 | if (phy->rev == 0) { | 461 | if (phy->analog == 0) { |
| 462 | bcm43xx_phy_write(bcm, 0x0003, 0x0122); | 462 | bcm43xx_phy_write(bcm, 0x0003, 0x0122); |
| 463 | } else { | 463 | } else { |
| 464 | bcm43xx_phy_write(bcm, 0x000A, | 464 | bcm43xx_phy_write(bcm, 0x000A, |
| @@ -570,9 +570,9 @@ void bcm43xx_calc_nrssi_slope(struct bcm43xx_private *bcm) | |||
| 570 | nrssi0 = (s16)bcm43xx_phy_read(bcm, 0x0027); | 570 | nrssi0 = (s16)bcm43xx_phy_read(bcm, 0x0027); |
| 571 | bcm43xx_radio_write16(bcm, 0x007A, | 571 | bcm43xx_radio_write16(bcm, 0x007A, |
| 572 | bcm43xx_radio_read16(bcm, 0x007A) & 0x007F); | 572 | bcm43xx_radio_read16(bcm, 0x007A) & 0x007F); |
| 573 | if (phy->rev >= 2) { | 573 | if (phy->analog >= 2) { |
| 574 | bcm43xx_write16(bcm, 0x03E6, 0x0040); | 574 | bcm43xx_write16(bcm, 0x03E6, 0x0040); |
| 575 | } else if (phy->rev == 0) { | 575 | } else if (phy->analog == 0) { |
| 576 | bcm43xx_write16(bcm, 0x03E6, 0x0122); | 576 | bcm43xx_write16(bcm, 0x03E6, 0x0122); |
| 577 | } else { | 577 | } else { |
| 578 | bcm43xx_write16(bcm, BCM43xx_MMIO_CHANNEL_EXT, | 578 | bcm43xx_write16(bcm, BCM43xx_MMIO_CHANNEL_EXT, |
| @@ -596,7 +596,7 @@ void bcm43xx_calc_nrssi_slope(struct bcm43xx_private *bcm) | |||
| 596 | bcm43xx_phy_write(bcm, 0x0015, backup[5]); | 596 | bcm43xx_phy_write(bcm, 0x0015, backup[5]); |
| 597 | bcm43xx_phy_write(bcm, 0x002A, backup[6]); | 597 | bcm43xx_phy_write(bcm, 0x002A, backup[6]); |
| 598 | bcm43xx_synth_pu_workaround(bcm, radio->channel); | 598 | bcm43xx_synth_pu_workaround(bcm, radio->channel); |
| 599 | if (phy->rev != 0) | 599 | if (phy->analog != 0) |
| 600 | bcm43xx_write16(bcm, 0x03F4, backup[13]); | 600 | bcm43xx_write16(bcm, 0x03F4, backup[13]); |
| 601 | 601 | ||
| 602 | bcm43xx_phy_write(bcm, 0x0020, backup[7]); | 602 | bcm43xx_phy_write(bcm, 0x0020, backup[7]); |
| @@ -692,7 +692,7 @@ void bcm43xx_calc_nrssi_slope(struct bcm43xx_private *bcm) | |||
| 692 | 692 | ||
| 693 | bcm43xx_radio_write16(bcm, 0x007A, | 693 | bcm43xx_radio_write16(bcm, 0x007A, |
| 694 | bcm43xx_radio_read16(bcm, 0x007A) & 0x007F); | 694 | bcm43xx_radio_read16(bcm, 0x007A) & 0x007F); |
| 695 | if (phy->rev >= 2) { | 695 | if (phy->analog >= 2) { |
| 696 | bcm43xx_phy_write(bcm, 0x0003, | 696 | bcm43xx_phy_write(bcm, 0x0003, |
| 697 | (bcm43xx_phy_read(bcm, 0x0003) | 697 | (bcm43xx_phy_read(bcm, 0x0003) |
| 698 | & 0xFF9F) | 0x0040); | 698 | & 0xFF9F) | 0x0040); |
| @@ -1579,7 +1579,7 @@ void bcm43xx_radio_set_tx_iq(struct bcm43xx_private *bcm) | |||
| 1579 | 1579 | ||
| 1580 | for (i = 0; i < 5; i++) { | 1580 | for (i = 0; i < 5; i++) { |
| 1581 | for (j = 0; j < 5; j++) { | 1581 | for (j = 0; j < 5; j++) { |
| 1582 | if (tmp == (data_high[i] << 4 | data_low[j])) { | 1582 | if (tmp == (data_high[i] | data_low[j])) { |
| 1583 | bcm43xx_phy_write(bcm, 0x0069, (i - j) << 8 | 0x00C0); | 1583 | bcm43xx_phy_write(bcm, 0x0069, (i - j) << 8 | 0x00C0); |
| 1584 | return; | 1584 | return; |
| 1585 | } | 1585 | } |
diff --git a/fs/compat_ioctl.c b/fs/compat_ioctl.c index c81c958b3e1d..8b1c5d8bf4ef 100644 --- a/fs/compat_ioctl.c +++ b/fs/compat_ioctl.c | |||
| @@ -2553,11 +2553,15 @@ HANDLE_IOCTL(I2C_RDWR, do_i2c_rdwr_ioctl) | |||
| 2553 | HANDLE_IOCTL(I2C_SMBUS, do_i2c_smbus_ioctl) | 2553 | HANDLE_IOCTL(I2C_SMBUS, do_i2c_smbus_ioctl) |
| 2554 | /* wireless */ | 2554 | /* wireless */ |
| 2555 | HANDLE_IOCTL(SIOCGIWRANGE, do_wireless_ioctl) | 2555 | HANDLE_IOCTL(SIOCGIWRANGE, do_wireless_ioctl) |
| 2556 | HANDLE_IOCTL(SIOCGIWPRIV, do_wireless_ioctl) | ||
| 2557 | HANDLE_IOCTL(SIOCGIWSTATS, do_wireless_ioctl) | ||
| 2556 | HANDLE_IOCTL(SIOCSIWSPY, do_wireless_ioctl) | 2558 | HANDLE_IOCTL(SIOCSIWSPY, do_wireless_ioctl) |
| 2557 | HANDLE_IOCTL(SIOCGIWSPY, do_wireless_ioctl) | 2559 | HANDLE_IOCTL(SIOCGIWSPY, do_wireless_ioctl) |
| 2558 | HANDLE_IOCTL(SIOCSIWTHRSPY, do_wireless_ioctl) | 2560 | HANDLE_IOCTL(SIOCSIWTHRSPY, do_wireless_ioctl) |
| 2559 | HANDLE_IOCTL(SIOCGIWTHRSPY, do_wireless_ioctl) | 2561 | HANDLE_IOCTL(SIOCGIWTHRSPY, do_wireless_ioctl) |
| 2562 | HANDLE_IOCTL(SIOCSIWMLME, do_wireless_ioctl) | ||
| 2560 | HANDLE_IOCTL(SIOCGIWAPLIST, do_wireless_ioctl) | 2563 | HANDLE_IOCTL(SIOCGIWAPLIST, do_wireless_ioctl) |
| 2564 | HANDLE_IOCTL(SIOCSIWSCAN, do_wireless_ioctl) | ||
| 2561 | HANDLE_IOCTL(SIOCGIWSCAN, do_wireless_ioctl) | 2565 | HANDLE_IOCTL(SIOCGIWSCAN, do_wireless_ioctl) |
| 2562 | HANDLE_IOCTL(SIOCSIWESSID, do_wireless_ioctl) | 2566 | HANDLE_IOCTL(SIOCSIWESSID, do_wireless_ioctl) |
| 2563 | HANDLE_IOCTL(SIOCGIWESSID, do_wireless_ioctl) | 2567 | HANDLE_IOCTL(SIOCGIWESSID, do_wireless_ioctl) |
| @@ -2565,6 +2569,11 @@ HANDLE_IOCTL(SIOCSIWNICKN, do_wireless_ioctl) | |||
| 2565 | HANDLE_IOCTL(SIOCGIWNICKN, do_wireless_ioctl) | 2569 | HANDLE_IOCTL(SIOCGIWNICKN, do_wireless_ioctl) |
| 2566 | HANDLE_IOCTL(SIOCSIWENCODE, do_wireless_ioctl) | 2570 | HANDLE_IOCTL(SIOCSIWENCODE, do_wireless_ioctl) |
| 2567 | HANDLE_IOCTL(SIOCGIWENCODE, do_wireless_ioctl) | 2571 | HANDLE_IOCTL(SIOCGIWENCODE, do_wireless_ioctl) |
| 2572 | HANDLE_IOCTL(SIOCSIWGENIE, do_wireless_ioctl) | ||
| 2573 | HANDLE_IOCTL(SIOCGIWGENIE, do_wireless_ioctl) | ||
| 2574 | HANDLE_IOCTL(SIOCSIWENCODEEXT, do_wireless_ioctl) | ||
| 2575 | HANDLE_IOCTL(SIOCGIWENCODEEXT, do_wireless_ioctl) | ||
| 2576 | HANDLE_IOCTL(SIOCSIWPMKSA, do_wireless_ioctl) | ||
| 2568 | HANDLE_IOCTL(SIOCSIFBR, old_bridge_ioctl) | 2577 | HANDLE_IOCTL(SIOCSIFBR, old_bridge_ioctl) |
| 2569 | HANDLE_IOCTL(SIOCGIFBR, old_bridge_ioctl) | 2578 | HANDLE_IOCTL(SIOCGIFBR, old_bridge_ioctl) |
| 2570 | HANDLE_IOCTL(RTC_IRQP_READ32, rtc_ioctl) | 2579 | HANDLE_IOCTL(RTC_IRQP_READ32, rtc_ioctl) |
diff --git a/include/linux/wireless.h b/include/linux/wireless.h index 447c52beb691..48759b2f57d7 100644 --- a/include/linux/wireless.h +++ b/include/linux/wireless.h | |||
| @@ -1,10 +1,10 @@ | |||
| 1 | /* | 1 | /* |
| 2 | * This file define a set of standard wireless extensions | 2 | * This file define a set of standard wireless extensions |
| 3 | * | 3 | * |
| 4 | * Version : 21 14.3.06 | 4 | * Version : 22 16.3.07 |
| 5 | * | 5 | * |
| 6 | * Authors : Jean Tourrilhes - HPL - <jt@hpl.hp.com> | 6 | * Authors : Jean Tourrilhes - HPL - <jt@hpl.hp.com> |
| 7 | * Copyright (c) 1997-2006 Jean Tourrilhes, All Rights Reserved. | 7 | * Copyright (c) 1997-2007 Jean Tourrilhes, All Rights Reserved. |
| 8 | */ | 8 | */ |
| 9 | 9 | ||
| 10 | #ifndef _LINUX_WIRELESS_H | 10 | #ifndef _LINUX_WIRELESS_H |
| @@ -85,7 +85,7 @@ | |||
| 85 | * (there is some stuff that will be added in the future...) | 85 | * (there is some stuff that will be added in the future...) |
| 86 | * I just plan to increment with each new version. | 86 | * I just plan to increment with each new version. |
| 87 | */ | 87 | */ |
| 88 | #define WIRELESS_EXT 21 | 88 | #define WIRELESS_EXT 22 |
| 89 | 89 | ||
| 90 | /* | 90 | /* |
| 91 | * Changes : | 91 | * Changes : |
| @@ -221,6 +221,10 @@ | |||
| 221 | * - Add IW_RETRY_SHORT/IW_RETRY_LONG retry modifiers | 221 | * - Add IW_RETRY_SHORT/IW_RETRY_LONG retry modifiers |
| 222 | * - Power/Retry relative values no longer * 100000 | 222 | * - Power/Retry relative values no longer * 100000 |
| 223 | * - Add explicit flag to tell stats are in 802.11k RCPI : IW_QUAL_RCPI | 223 | * - Add explicit flag to tell stats are in 802.11k RCPI : IW_QUAL_RCPI |
| 224 | * | ||
| 225 | * V21 to V22 | ||
| 226 | * ---------- | ||
| 227 | * - Prevent leaking of kernel space in stream on 64 bits. | ||
| 224 | */ | 228 | */ |
| 225 | 229 | ||
| 226 | /**************************** CONSTANTS ****************************/ | 230 | /**************************** CONSTANTS ****************************/ |
| @@ -1085,4 +1089,15 @@ struct iw_event | |||
| 1085 | #define IW_EV_POINT_LEN (IW_EV_LCP_LEN + sizeof(struct iw_point) - \ | 1089 | #define IW_EV_POINT_LEN (IW_EV_LCP_LEN + sizeof(struct iw_point) - \ |
| 1086 | IW_EV_POINT_OFF) | 1090 | IW_EV_POINT_OFF) |
| 1087 | 1091 | ||
| 1092 | /* Size of the Event prefix when packed in stream */ | ||
| 1093 | #define IW_EV_LCP_PK_LEN (4) | ||
| 1094 | /* Size of the various events when packed in stream */ | ||
| 1095 | #define IW_EV_CHAR_PK_LEN (IW_EV_LCP_PK_LEN + IFNAMSIZ) | ||
| 1096 | #define IW_EV_UINT_PK_LEN (IW_EV_LCP_PK_LEN + sizeof(__u32)) | ||
| 1097 | #define IW_EV_FREQ_PK_LEN (IW_EV_LCP_PK_LEN + sizeof(struct iw_freq)) | ||
| 1098 | #define IW_EV_PARAM_PK_LEN (IW_EV_LCP_PK_LEN + sizeof(struct iw_param)) | ||
| 1099 | #define IW_EV_ADDR_PK_LEN (IW_EV_LCP_PK_LEN + sizeof(struct sockaddr)) | ||
| 1100 | #define IW_EV_QUAL_PK_LEN (IW_EV_LCP_PK_LEN + sizeof(struct iw_quality)) | ||
| 1101 | #define IW_EV_POINT_PK_LEN (IW_EV_LCP_LEN + 4) | ||
| 1102 | |||
| 1088 | #endif /* _LINUX_WIRELESS_H */ | 1103 | #endif /* _LINUX_WIRELESS_H */ |
diff --git a/include/net/iw_handler.h b/include/net/iw_handler.h index 10559e937d27..8a830188354d 100644 --- a/include/net/iw_handler.h +++ b/include/net/iw_handler.h | |||
| @@ -1,10 +1,10 @@ | |||
| 1 | /* | 1 | /* |
| 2 | * This file define the new driver API for Wireless Extensions | 2 | * This file define the new driver API for Wireless Extensions |
| 3 | * | 3 | * |
| 4 | * Version : 7 18.3.05 | 4 | * Version : 8 16.3.07 |
| 5 | * | 5 | * |
| 6 | * Authors : Jean Tourrilhes - HPL - <jt@hpl.hp.com> | 6 | * Authors : Jean Tourrilhes - HPL - <jt@hpl.hp.com> |
| 7 | * Copyright (c) 2001-2006 Jean Tourrilhes, All Rights Reserved. | 7 | * Copyright (c) 2001-2007 Jean Tourrilhes, All Rights Reserved. |
| 8 | */ | 8 | */ |
| 9 | 9 | ||
| 10 | #ifndef _IW_HANDLER_H | 10 | #ifndef _IW_HANDLER_H |
| @@ -207,7 +207,7 @@ | |||
| 207 | * will be needed... | 207 | * will be needed... |
| 208 | * I just plan to increment with each new version. | 208 | * I just plan to increment with each new version. |
| 209 | */ | 209 | */ |
| 210 | #define IW_HANDLER_VERSION 7 | 210 | #define IW_HANDLER_VERSION 8 |
| 211 | 211 | ||
| 212 | /* | 212 | /* |
| 213 | * Changes : | 213 | * Changes : |
| @@ -239,6 +239,10 @@ | |||
| 239 | * - Remove (struct iw_point *)->pointer from events and streams | 239 | * - Remove (struct iw_point *)->pointer from events and streams |
| 240 | * - Remove spy_offset from struct iw_handler_def | 240 | * - Remove spy_offset from struct iw_handler_def |
| 241 | * - Add "check" version of event macros for ieee802.11 stack | 241 | * - Add "check" version of event macros for ieee802.11 stack |
| 242 | * | ||
| 243 | * V7 to V8 | ||
| 244 | * ---------- | ||
| 245 | * - Prevent leaking of kernel space in stream on 64 bits. | ||
| 242 | */ | 246 | */ |
| 243 | 247 | ||
| 244 | /**************************** CONSTANTS ****************************/ | 248 | /**************************** CONSTANTS ****************************/ |
| @@ -500,7 +504,11 @@ iwe_stream_add_event(char * stream, /* Stream of events */ | |||
| 500 | /* Check if it's possible */ | 504 | /* Check if it's possible */ |
| 501 | if(likely((stream + event_len) < ends)) { | 505 | if(likely((stream + event_len) < ends)) { |
| 502 | iwe->len = event_len; | 506 | iwe->len = event_len; |
| 503 | memcpy(stream, (char *) iwe, event_len); | 507 | /* Beware of alignement issues on 64 bits */ |
| 508 | memcpy(stream, (char *) iwe, IW_EV_LCP_PK_LEN); | ||
| 509 | memcpy(stream + IW_EV_LCP_LEN, | ||
| 510 | ((char *) iwe) + IW_EV_LCP_LEN, | ||
| 511 | event_len - IW_EV_LCP_LEN); | ||
| 504 | stream += event_len; | 512 | stream += event_len; |
| 505 | } | 513 | } |
| 506 | return stream; | 514 | return stream; |
| @@ -521,10 +529,10 @@ iwe_stream_add_point(char * stream, /* Stream of events */ | |||
| 521 | /* Check if it's possible */ | 529 | /* Check if it's possible */ |
| 522 | if(likely((stream + event_len) < ends)) { | 530 | if(likely((stream + event_len) < ends)) { |
| 523 | iwe->len = event_len; | 531 | iwe->len = event_len; |
| 524 | memcpy(stream, (char *) iwe, IW_EV_LCP_LEN); | 532 | memcpy(stream, (char *) iwe, IW_EV_LCP_PK_LEN); |
| 525 | memcpy(stream + IW_EV_LCP_LEN, | 533 | memcpy(stream + IW_EV_LCP_LEN, |
| 526 | ((char *) iwe) + IW_EV_LCP_LEN + IW_EV_POINT_OFF, | 534 | ((char *) iwe) + IW_EV_LCP_LEN + IW_EV_POINT_OFF, |
| 527 | IW_EV_POINT_LEN - IW_EV_LCP_LEN); | 535 | IW_EV_POINT_PK_LEN - IW_EV_LCP_PK_LEN); |
| 528 | memcpy(stream + IW_EV_POINT_LEN, extra, iwe->u.data.length); | 536 | memcpy(stream + IW_EV_POINT_LEN, extra, iwe->u.data.length); |
| 529 | stream += event_len; | 537 | stream += event_len; |
| 530 | } | 538 | } |
| @@ -574,7 +582,11 @@ iwe_stream_check_add_event(char * stream, /* Stream of events */ | |||
| 574 | /* Check if it's possible, set error if not */ | 582 | /* Check if it's possible, set error if not */ |
| 575 | if(likely((stream + event_len) < ends)) { | 583 | if(likely((stream + event_len) < ends)) { |
| 576 | iwe->len = event_len; | 584 | iwe->len = event_len; |
| 577 | memcpy(stream, (char *) iwe, event_len); | 585 | /* Beware of alignement issues on 64 bits */ |
| 586 | memcpy(stream, (char *) iwe, IW_EV_LCP_PK_LEN); | ||
| 587 | memcpy(stream + IW_EV_LCP_LEN, | ||
| 588 | ((char *) iwe) + IW_EV_LCP_LEN, | ||
| 589 | event_len - IW_EV_LCP_LEN); | ||
| 578 | stream += event_len; | 590 | stream += event_len; |
| 579 | } else | 591 | } else |
| 580 | *perr = -E2BIG; | 592 | *perr = -E2BIG; |
| @@ -598,10 +610,10 @@ iwe_stream_check_add_point(char * stream, /* Stream of events */ | |||
| 598 | /* Check if it's possible */ | 610 | /* Check if it's possible */ |
| 599 | if(likely((stream + event_len) < ends)) { | 611 | if(likely((stream + event_len) < ends)) { |
| 600 | iwe->len = event_len; | 612 | iwe->len = event_len; |
| 601 | memcpy(stream, (char *) iwe, IW_EV_LCP_LEN); | 613 | memcpy(stream, (char *) iwe, IW_EV_LCP_PK_LEN); |
| 602 | memcpy(stream + IW_EV_LCP_LEN, | 614 | memcpy(stream + IW_EV_LCP_LEN, |
| 603 | ((char *) iwe) + IW_EV_LCP_LEN + IW_EV_POINT_OFF, | 615 | ((char *) iwe) + IW_EV_LCP_LEN + IW_EV_POINT_OFF, |
| 604 | IW_EV_POINT_LEN - IW_EV_LCP_LEN); | 616 | IW_EV_POINT_PK_LEN - IW_EV_LCP_PK_LEN); |
| 605 | memcpy(stream + IW_EV_POINT_LEN, extra, iwe->u.data.length); | 617 | memcpy(stream + IW_EV_POINT_LEN, extra, iwe->u.data.length); |
| 606 | stream += event_len; | 618 | stream += event_len; |
| 607 | } else | 619 | } else |
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c index 6055074c4b81..33ea8eac7fe0 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c | |||
| @@ -621,7 +621,8 @@ static int rtnl_getlink(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg) | |||
| 621 | if (err < 0) | 621 | if (err < 0) |
| 622 | goto errout; | 622 | goto errout; |
| 623 | 623 | ||
| 624 | iw += IW_EV_POINT_OFF; | 624 | /* Payload is at an offset in buffer */ |
| 625 | iw = iw_buf + IW_EV_POINT_OFF; | ||
| 625 | } | 626 | } |
| 626 | #endif /* CONFIG_NET_WIRELESS_RTNETLINK */ | 627 | #endif /* CONFIG_NET_WIRELESS_RTNETLINK */ |
| 627 | 628 | ||
diff --git a/net/core/wireless.c b/net/core/wireless.c index 9936ab11e6e0..b07fe270a508 100644 --- a/net/core/wireless.c +++ b/net/core/wireless.c | |||
| @@ -2,7 +2,7 @@ | |||
| 2 | * This file implement the Wireless Extensions APIs. | 2 | * This file implement the Wireless Extensions APIs. |
| 3 | * | 3 | * |
| 4 | * Authors : Jean Tourrilhes - HPL - <jt@hpl.hp.com> | 4 | * Authors : Jean Tourrilhes - HPL - <jt@hpl.hp.com> |
| 5 | * Copyright (c) 1997-2006 Jean Tourrilhes, All Rights Reserved. | 5 | * Copyright (c) 1997-2007 Jean Tourrilhes, All Rights Reserved. |
| 6 | * | 6 | * |
| 7 | * (As all part of the Linux kernel, this file is GPL) | 7 | * (As all part of the Linux kernel, this file is GPL) |
| 8 | */ | 8 | */ |
| @@ -76,6 +76,9 @@ | |||
| 76 | * o Change length in ESSID and NICK to strlen() instead of strlen()+1 | 76 | * o Change length in ESSID and NICK to strlen() instead of strlen()+1 |
| 77 | * o Make standard_ioctl_num and standard_event_num unsigned | 77 | * o Make standard_ioctl_num and standard_event_num unsigned |
| 78 | * o Remove (struct net_device *)->get_wireless_stats() | 78 | * o Remove (struct net_device *)->get_wireless_stats() |
| 79 | * | ||
| 80 | * v10 - 16.3.07 - Jean II | ||
| 81 | * o Prevent leaking of kernel space in stream on 64 bits. | ||
| 79 | */ | 82 | */ |
| 80 | 83 | ||
| 81 | /***************************** INCLUDES *****************************/ | 84 | /***************************** INCLUDES *****************************/ |
| @@ -427,6 +430,21 @@ static const int event_type_size[] = { | |||
| 427 | IW_EV_QUAL_LEN, /* IW_HEADER_TYPE_QUAL */ | 430 | IW_EV_QUAL_LEN, /* IW_HEADER_TYPE_QUAL */ |
| 428 | }; | 431 | }; |
| 429 | 432 | ||
| 433 | /* Size (in bytes) of various events, as packed */ | ||
| 434 | static const int event_type_pk_size[] = { | ||
| 435 | IW_EV_LCP_PK_LEN, /* IW_HEADER_TYPE_NULL */ | ||
| 436 | 0, | ||
| 437 | IW_EV_CHAR_PK_LEN, /* IW_HEADER_TYPE_CHAR */ | ||
| 438 | 0, | ||
| 439 | IW_EV_UINT_PK_LEN, /* IW_HEADER_TYPE_UINT */ | ||
| 440 | IW_EV_FREQ_PK_LEN, /* IW_HEADER_TYPE_FREQ */ | ||
| 441 | IW_EV_ADDR_PK_LEN, /* IW_HEADER_TYPE_ADDR */ | ||
| 442 | 0, | ||
| 443 | IW_EV_POINT_PK_LEN, /* Without variable payload */ | ||
| 444 | IW_EV_PARAM_PK_LEN, /* IW_HEADER_TYPE_PARAM */ | ||
| 445 | IW_EV_QUAL_PK_LEN, /* IW_HEADER_TYPE_QUAL */ | ||
| 446 | }; | ||
| 447 | |||
| 430 | /************************ COMMON SUBROUTINES ************************/ | 448 | /************************ COMMON SUBROUTINES ************************/ |
| 431 | /* | 449 | /* |
| 432 | * Stuff that may be used in various place or doesn't fit in one | 450 | * Stuff that may be used in various place or doesn't fit in one |
| @@ -1217,7 +1235,7 @@ static int rtnetlink_standard_get(struct net_device * dev, | |||
| 1217 | memcpy(buffer + IW_EV_POINT_OFF, request, request_len); | 1235 | memcpy(buffer + IW_EV_POINT_OFF, request, request_len); |
| 1218 | /* Use our own copy of wrqu */ | 1236 | /* Use our own copy of wrqu */ |
| 1219 | wrqu = (union iwreq_data *) (buffer + IW_EV_POINT_OFF | 1237 | wrqu = (union iwreq_data *) (buffer + IW_EV_POINT_OFF |
| 1220 | + IW_EV_LCP_LEN); | 1238 | + IW_EV_LCP_PK_LEN); |
| 1221 | 1239 | ||
| 1222 | /* No extra arguments. Trivial to handle */ | 1240 | /* No extra arguments. Trivial to handle */ |
| 1223 | ret = handler(dev, &info, wrqu, NULL); | 1241 | ret = handler(dev, &info, wrqu, NULL); |
| @@ -1229,8 +1247,8 @@ static int rtnetlink_standard_get(struct net_device * dev, | |||
| 1229 | 1247 | ||
| 1230 | /* Get a temp copy of wrqu (skip pointer) */ | 1248 | /* Get a temp copy of wrqu (skip pointer) */ |
| 1231 | memcpy(((char *) &wrqu_point) + IW_EV_POINT_OFF, | 1249 | memcpy(((char *) &wrqu_point) + IW_EV_POINT_OFF, |
| 1232 | ((char *) request) + IW_EV_LCP_LEN, | 1250 | ((char *) request) + IW_EV_LCP_PK_LEN, |
| 1233 | IW_EV_POINT_LEN - IW_EV_LCP_LEN); | 1251 | IW_EV_POINT_LEN - IW_EV_LCP_PK_LEN); |
| 1234 | 1252 | ||
| 1235 | /* Calculate space needed by arguments. Always allocate | 1253 | /* Calculate space needed by arguments. Always allocate |
| 1236 | * for max space. Easier, and won't last long... */ | 1254 | * for max space. Easier, and won't last long... */ |
| @@ -1240,7 +1258,7 @@ static int rtnetlink_standard_get(struct net_device * dev, | |||
| 1240 | (wrqu_point.data.length > descr->max_tokens)) | 1258 | (wrqu_point.data.length > descr->max_tokens)) |
| 1241 | extra_size = (wrqu_point.data.length | 1259 | extra_size = (wrqu_point.data.length |
| 1242 | * descr->token_size); | 1260 | * descr->token_size); |
| 1243 | buffer_size = extra_size + IW_EV_POINT_LEN + IW_EV_POINT_OFF; | 1261 | buffer_size = extra_size + IW_EV_POINT_PK_LEN + IW_EV_POINT_OFF; |
| 1244 | #ifdef WE_RTNETLINK_DEBUG | 1262 | #ifdef WE_RTNETLINK_DEBUG |
| 1245 | printk(KERN_DEBUG "%s (WE.r) : Malloc %d bytes (%d bytes)\n", | 1263 | printk(KERN_DEBUG "%s (WE.r) : Malloc %d bytes (%d bytes)\n", |
| 1246 | dev->name, extra_size, buffer_size); | 1264 | dev->name, extra_size, buffer_size); |
| @@ -1254,15 +1272,15 @@ static int rtnetlink_standard_get(struct net_device * dev, | |||
| 1254 | 1272 | ||
| 1255 | /* Put wrqu in the right place (just before extra). | 1273 | /* Put wrqu in the right place (just before extra). |
| 1256 | * Leave space for IWE header and dummy pointer... | 1274 | * Leave space for IWE header and dummy pointer... |
| 1257 | * Note that IW_EV_LCP_LEN==4 bytes, so it's still aligned... | 1275 | * Note that IW_EV_LCP_PK_LEN==4 bytes, so it's still aligned. |
| 1258 | */ | 1276 | */ |
| 1259 | memcpy(buffer + IW_EV_LCP_LEN + IW_EV_POINT_OFF, | 1277 | memcpy(buffer + IW_EV_LCP_PK_LEN + IW_EV_POINT_OFF, |
| 1260 | ((char *) &wrqu_point) + IW_EV_POINT_OFF, | 1278 | ((char *) &wrqu_point) + IW_EV_POINT_OFF, |
| 1261 | IW_EV_POINT_LEN - IW_EV_LCP_LEN); | 1279 | IW_EV_POINT_PK_LEN - IW_EV_LCP_PK_LEN); |
| 1262 | wrqu = (union iwreq_data *) (buffer + IW_EV_LCP_LEN); | 1280 | wrqu = (union iwreq_data *) (buffer + IW_EV_LCP_PK_LEN); |
| 1263 | 1281 | ||
| 1264 | /* Extra comes logically after that. Offset +12 bytes. */ | 1282 | /* Extra comes logically after that. Offset +12 bytes. */ |
| 1265 | extra = buffer + IW_EV_POINT_OFF + IW_EV_POINT_LEN; | 1283 | extra = buffer + IW_EV_POINT_OFF + IW_EV_POINT_PK_LEN; |
| 1266 | 1284 | ||
| 1267 | /* Call the handler */ | 1285 | /* Call the handler */ |
| 1268 | ret = handler(dev, &info, wrqu, extra); | 1286 | ret = handler(dev, &info, wrqu, extra); |
| @@ -1270,11 +1288,11 @@ static int rtnetlink_standard_get(struct net_device * dev, | |||
| 1270 | /* Calculate real returned length */ | 1288 | /* Calculate real returned length */ |
| 1271 | extra_size = (wrqu->data.length * descr->token_size); | 1289 | extra_size = (wrqu->data.length * descr->token_size); |
| 1272 | /* Re-adjust reply size */ | 1290 | /* Re-adjust reply size */ |
| 1273 | request->len = extra_size + IW_EV_POINT_LEN; | 1291 | request->len = extra_size + IW_EV_POINT_PK_LEN; |
| 1274 | 1292 | ||
| 1275 | /* Put the iwe header where it should, i.e. scrap the | 1293 | /* Put the iwe header where it should, i.e. scrap the |
| 1276 | * dummy pointer. */ | 1294 | * dummy pointer. */ |
| 1277 | memcpy(buffer + IW_EV_POINT_OFF, request, IW_EV_LCP_LEN); | 1295 | memcpy(buffer + IW_EV_POINT_OFF, request, IW_EV_LCP_PK_LEN); |
| 1278 | 1296 | ||
| 1279 | #ifdef WE_RTNETLINK_DEBUG | 1297 | #ifdef WE_RTNETLINK_DEBUG |
| 1280 | printk(KERN_DEBUG "%s (WE.r) : Reply 0x%04X, hdr_len %d, tokens %d, extra_size %d, buffer_size %d\n", dev->name, cmd, hdr_len, wrqu->data.length, extra_size, buffer_size); | 1298 | printk(KERN_DEBUG "%s (WE.r) : Reply 0x%04X, hdr_len %d, tokens %d, extra_size %d, buffer_size %d\n", dev->name, cmd, hdr_len, wrqu->data.length, extra_size, buffer_size); |
| @@ -1331,10 +1349,10 @@ static inline int rtnetlink_standard_set(struct net_device * dev, | |||
| 1331 | #endif /* WE_RTNETLINK_DEBUG */ | 1349 | #endif /* WE_RTNETLINK_DEBUG */ |
| 1332 | 1350 | ||
| 1333 | /* Extract fixed header from request. This is properly aligned. */ | 1351 | /* Extract fixed header from request. This is properly aligned. */ |
| 1334 | wrqu = &request->u; | 1352 | wrqu = (union iwreq_data *) (((char *) request) + IW_EV_LCP_PK_LEN); |
| 1335 | 1353 | ||
| 1336 | /* Check if wrqu is complete */ | 1354 | /* Check if wrqu is complete */ |
| 1337 | hdr_len = event_type_size[descr->header_type]; | 1355 | hdr_len = event_type_pk_size[descr->header_type]; |
| 1338 | if(request_len < hdr_len) { | 1356 | if(request_len < hdr_len) { |
| 1339 | #ifdef WE_RTNETLINK_DEBUG | 1357 | #ifdef WE_RTNETLINK_DEBUG |
| 1340 | printk(KERN_DEBUG | 1358 | printk(KERN_DEBUG |
| @@ -1359,7 +1377,7 @@ static inline int rtnetlink_standard_set(struct net_device * dev, | |||
| 1359 | 1377 | ||
| 1360 | /* Put wrqu in the right place (skip pointer) */ | 1378 | /* Put wrqu in the right place (skip pointer) */ |
| 1361 | memcpy(((char *) &wrqu_point) + IW_EV_POINT_OFF, | 1379 | memcpy(((char *) &wrqu_point) + IW_EV_POINT_OFF, |
| 1362 | wrqu, IW_EV_POINT_LEN - IW_EV_LCP_LEN); | 1380 | wrqu, IW_EV_POINT_PK_LEN - IW_EV_LCP_PK_LEN); |
| 1363 | /* Don't forget about the event code... */ | 1381 | /* Don't forget about the event code... */ |
| 1364 | wrqu = &wrqu_point; | 1382 | wrqu = &wrqu_point; |
| 1365 | 1383 | ||
| @@ -1483,7 +1501,7 @@ static inline int rtnetlink_private_get(struct net_device * dev, | |||
| 1483 | hdr_len = extra_size; | 1501 | hdr_len = extra_size; |
| 1484 | extra_size = 0; | 1502 | extra_size = 0; |
| 1485 | } else { | 1503 | } else { |
| 1486 | hdr_len = IW_EV_POINT_LEN; | 1504 | hdr_len = IW_EV_POINT_PK_LEN; |
| 1487 | } | 1505 | } |
| 1488 | 1506 | ||
| 1489 | /* Check if wrqu is complete */ | 1507 | /* Check if wrqu is complete */ |
| @@ -1514,7 +1532,7 @@ static inline int rtnetlink_private_get(struct net_device * dev, | |||
| 1514 | memcpy(buffer + IW_EV_POINT_OFF, request, request_len); | 1532 | memcpy(buffer + IW_EV_POINT_OFF, request, request_len); |
| 1515 | /* Use our own copy of wrqu */ | 1533 | /* Use our own copy of wrqu */ |
| 1516 | wrqu = (union iwreq_data *) (buffer + IW_EV_POINT_OFF | 1534 | wrqu = (union iwreq_data *) (buffer + IW_EV_POINT_OFF |
| 1517 | + IW_EV_LCP_LEN); | 1535 | + IW_EV_LCP_PK_LEN); |
| 1518 | 1536 | ||
| 1519 | /* No extra arguments. Trivial to handle */ | 1537 | /* No extra arguments. Trivial to handle */ |
| 1520 | ret = handler(dev, &info, wrqu, (char *) wrqu); | 1538 | ret = handler(dev, &info, wrqu, (char *) wrqu); |
| @@ -1523,7 +1541,7 @@ static inline int rtnetlink_private_get(struct net_device * dev, | |||
| 1523 | char * extra; | 1541 | char * extra; |
| 1524 | 1542 | ||
| 1525 | /* Buffer for full reply */ | 1543 | /* Buffer for full reply */ |
| 1526 | buffer_size = extra_size + IW_EV_POINT_LEN + IW_EV_POINT_OFF; | 1544 | buffer_size = extra_size + IW_EV_POINT_PK_LEN + IW_EV_POINT_OFF; |
| 1527 | 1545 | ||
| 1528 | #ifdef WE_RTNETLINK_DEBUG | 1546 | #ifdef WE_RTNETLINK_DEBUG |
| 1529 | printk(KERN_DEBUG "%s (WE.r) : Malloc %d bytes (%d bytes)\n", | 1547 | printk(KERN_DEBUG "%s (WE.r) : Malloc %d bytes (%d bytes)\n", |
| @@ -1538,15 +1556,15 @@ static inline int rtnetlink_private_get(struct net_device * dev, | |||
| 1538 | 1556 | ||
| 1539 | /* Put wrqu in the right place (just before extra). | 1557 | /* Put wrqu in the right place (just before extra). |
| 1540 | * Leave space for IWE header and dummy pointer... | 1558 | * Leave space for IWE header and dummy pointer... |
| 1541 | * Note that IW_EV_LCP_LEN==4 bytes, so it's still aligned... | 1559 | * Note that IW_EV_LCP_PK_LEN==4 bytes, so it's still aligned. |
| 1542 | */ | 1560 | */ |
| 1543 | memcpy(buffer + IW_EV_LCP_LEN + IW_EV_POINT_OFF, | 1561 | memcpy(buffer + IW_EV_LCP_PK_LEN + IW_EV_POINT_OFF, |
| 1544 | ((char *) request) + IW_EV_LCP_LEN, | 1562 | ((char *) request) + IW_EV_LCP_PK_LEN, |
| 1545 | IW_EV_POINT_LEN - IW_EV_LCP_LEN); | 1563 | IW_EV_POINT_PK_LEN - IW_EV_LCP_PK_LEN); |
| 1546 | wrqu = (union iwreq_data *) (buffer + IW_EV_LCP_LEN); | 1564 | wrqu = (union iwreq_data *) (buffer + IW_EV_LCP_PK_LEN); |
| 1547 | 1565 | ||
| 1548 | /* Extra comes logically after that. Offset +12 bytes. */ | 1566 | /* Extra comes logically after that. Offset +12 bytes. */ |
| 1549 | extra = buffer + IW_EV_POINT_OFF + IW_EV_POINT_LEN; | 1567 | extra = buffer + IW_EV_POINT_OFF + IW_EV_POINT_PK_LEN; |
| 1550 | 1568 | ||
| 1551 | /* Call the handler */ | 1569 | /* Call the handler */ |
| 1552 | ret = handler(dev, &info, wrqu, extra); | 1570 | ret = handler(dev, &info, wrqu, extra); |
| @@ -1556,11 +1574,11 @@ static inline int rtnetlink_private_get(struct net_device * dev, | |||
| 1556 | if (!(descr->get_args & IW_PRIV_SIZE_FIXED)) | 1574 | if (!(descr->get_args & IW_PRIV_SIZE_FIXED)) |
| 1557 | extra_size = adjust_priv_size(descr->get_args, wrqu); | 1575 | extra_size = adjust_priv_size(descr->get_args, wrqu); |
| 1558 | /* Re-adjust reply size */ | 1576 | /* Re-adjust reply size */ |
| 1559 | request->len = extra_size + IW_EV_POINT_LEN; | 1577 | request->len = extra_size + IW_EV_POINT_PK_LEN; |
| 1560 | 1578 | ||
| 1561 | /* Put the iwe header where it should, i.e. scrap the | 1579 | /* Put the iwe header where it should, i.e. scrap the |
| 1562 | * dummy pointer. */ | 1580 | * dummy pointer. */ |
| 1563 | memcpy(buffer + IW_EV_POINT_OFF, request, IW_EV_LCP_LEN); | 1581 | memcpy(buffer + IW_EV_POINT_OFF, request, IW_EV_LCP_PK_LEN); |
| 1564 | 1582 | ||
| 1565 | #ifdef WE_RTNETLINK_DEBUG | 1583 | #ifdef WE_RTNETLINK_DEBUG |
| 1566 | printk(KERN_DEBUG "%s (WE.r) : Reply 0x%04X, hdr_len %d, tokens %d, extra_size %d, buffer_size %d\n", dev->name, cmd, hdr_len, wrqu->data.length, extra_size, buffer_size); | 1584 | printk(KERN_DEBUG "%s (WE.r) : Reply 0x%04X, hdr_len %d, tokens %d, extra_size %d, buffer_size %d\n", dev->name, cmd, hdr_len, wrqu->data.length, extra_size, buffer_size); |
| @@ -1641,14 +1659,14 @@ static inline int rtnetlink_private_set(struct net_device * dev, | |||
| 1641 | /* Does it fits in wrqu ? */ | 1659 | /* Does it fits in wrqu ? */ |
| 1642 | if((descr->set_args & IW_PRIV_SIZE_FIXED) && | 1660 | if((descr->set_args & IW_PRIV_SIZE_FIXED) && |
| 1643 | (extra_size <= IFNAMSIZ)) { | 1661 | (extra_size <= IFNAMSIZ)) { |
| 1644 | hdr_len = IW_EV_LCP_LEN + extra_size; | 1662 | hdr_len = IW_EV_LCP_PK_LEN + extra_size; |
| 1645 | extra_size = 0; | 1663 | extra_size = 0; |
| 1646 | } else { | 1664 | } else { |
| 1647 | hdr_len = IW_EV_POINT_LEN; | 1665 | hdr_len = IW_EV_POINT_PK_LEN; |
| 1648 | } | 1666 | } |
| 1649 | 1667 | ||
| 1650 | /* Extract fixed header from request. This is properly aligned. */ | 1668 | /* Extract fixed header from request. This is properly aligned. */ |
| 1651 | wrqu = &request->u; | 1669 | wrqu = (union iwreq_data *) (((char *) request) + IW_EV_LCP_PK_LEN); |
| 1652 | 1670 | ||
| 1653 | /* Check if wrqu is complete */ | 1671 | /* Check if wrqu is complete */ |
| 1654 | if(request_len < hdr_len) { | 1672 | if(request_len < hdr_len) { |
| @@ -1675,7 +1693,7 @@ static inline int rtnetlink_private_set(struct net_device * dev, | |||
| 1675 | 1693 | ||
| 1676 | /* Put wrqu in the right place (skip pointer) */ | 1694 | /* Put wrqu in the right place (skip pointer) */ |
| 1677 | memcpy(((char *) &wrqu_point) + IW_EV_POINT_OFF, | 1695 | memcpy(((char *) &wrqu_point) + IW_EV_POINT_OFF, |
| 1678 | wrqu, IW_EV_POINT_LEN - IW_EV_LCP_LEN); | 1696 | wrqu, IW_EV_POINT_PK_LEN - IW_EV_LCP_PK_LEN); |
| 1679 | 1697 | ||
| 1680 | /* Does it fits within bounds ? */ | 1698 | /* Does it fits within bounds ? */ |
| 1681 | if(wrqu_point.data.length > (descr->set_args & | 1699 | if(wrqu_point.data.length > (descr->set_args & |
| @@ -1738,7 +1756,7 @@ int wireless_rtnetlink_get(struct net_device * dev, | |||
| 1738 | iw_handler handler; | 1756 | iw_handler handler; |
| 1739 | 1757 | ||
| 1740 | /* Check length */ | 1758 | /* Check length */ |
| 1741 | if(len < IW_EV_LCP_LEN) { | 1759 | if(len < IW_EV_LCP_PK_LEN) { |
| 1742 | printk(KERN_DEBUG "%s (WE.r) : RtNetlink request too short (%d)\n", | 1760 | printk(KERN_DEBUG "%s (WE.r) : RtNetlink request too short (%d)\n", |
| 1743 | dev->name, len); | 1761 | dev->name, len); |
| 1744 | return -EINVAL; | 1762 | return -EINVAL; |
| @@ -1822,7 +1840,7 @@ int wireless_rtnetlink_set(struct net_device * dev, | |||
| 1822 | iw_handler handler; | 1840 | iw_handler handler; |
| 1823 | 1841 | ||
| 1824 | /* Check length */ | 1842 | /* Check length */ |
| 1825 | if(len < IW_EV_LCP_LEN) { | 1843 | if(len < IW_EV_LCP_PK_LEN) { |
| 1826 | printk(KERN_DEBUG "%s (WE.r) : RtNetlink request too short (%d)\n", | 1844 | printk(KERN_DEBUG "%s (WE.r) : RtNetlink request too short (%d)\n", |
| 1827 | dev->name, len); | 1845 | dev->name, len); |
| 1828 | return -EINVAL; | 1846 | return -EINVAL; |