aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAge
* dccp: Empty the write queue when disconnectingGerrit Renker2008-09-04
| | | | | | | | | | | | | | | | | | | | dccp_disconnect() can be called due to several reasons: 1. when the connection setup failed (inet_stream_connect()); 2. when shutting down (inet_shutdown(), inet_csk_listen_stop()); 3. when aborting the connection (dccp_close() with 0 linger time). In case (1) the write queue is empty. This patch empties the write queue, if in case (2) or (3) it was not yet empty. This avoids triggering the write-queue BUG_TRAP in sk_stream_kill_queues() later on. It also seems natural to do: when breaking an association, to delete all packets that were originally intended for the soon-disconnected end (compare with call to tcp_write_queue_purge in tcp_disconnect()). Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
* dccp: Fill in the Data fields for "Option Error" ResetsGerrit Renker2008-09-04
| | | | | | | | This updates the use of the `out_invalid_option' label, which produces a Reset (code 5, "Option Error"), to fill in the Data1...Data3 fields as specified in RFC 4340, 5.6. Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
* dccp: Silently ignore options with nonsensical lengthsGerrit Renker2008-09-04
| | | | | | | | | | | | | | | | | | | This updates the option-parsing code with regard to RFC 4340, 5.8: "[..] options with nonsensical lengths (length byte less than two or more than the remaining space in the options portion of the header) MUST be ignored, and any option space following an option with nonsensical length MUST likewise be ignored." Hence in the following cases erratic options will be ignored: 1. The type byte of a multi-byte option is the last byte of the header options (i.e. effective option length of 1). 2. The value of the length byte is less than the minimum 2. This has been changed from previously 3: although no multi-byte option with a length less than 3 yet exists (cf. table 3 in 5.8), a length of 2 is valid. (The switch-statement in dccp_parse has further per-option length checks.) 3. The option length exceeds the length of the remaining option space. Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
* dccp: Always generate a Reset in response to option errorsWei Yongjun2008-09-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | RFC4340 states that if a packet is received with an option error (such as a Mandatory Option as the last byte of the option list), the endpoint should repond with a Reset. In the LISTEN and RESPOND states, the endpoint correctly reponds with Reset, while in the REQUEST/OPEN states, packets with option errors are just ignored. The packet sequence is as follows: Case 1: Endpoint A Endpoint B (CLOSED) (CLOSED) <---------------- REQUEST RESPONSE -----------------> (*1) (with invalid option) <---------------- RESET (with Reset Code 5, "Option Error") (*1) currently just ignored, no Reset is sent Case 2: Endpoint A Endpoint B (OPEN) (OPEN) DATA-ACK -----------------> (*2) (with invalid option) <---------------- RESET (with Reset Code 5, "Option Error") (*2) currently just ignored, no Reset is sent This patch fixes the problem, by generating a Reset instead of silently ignoring option errors. Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> Acked-by: Arnaldo Carvalho de Melo <acme@redhat.com> Acked-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
* Merge branch 'davem-fixes' of ↵David S. Miller2008-09-03
|\ | | | | | | master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/netdev-2.6
| * netxen: Remove workaround for chipset quirkDhananjay Phadke2008-09-03
| | | | | | | | | | | | | | | | | | | | Remove chipset-specific quirk workaround; the workaround caused unrecoverable DMA lockups when the driver was loaded following a PXE boot. Signed-off-by: Dhananjay Phadke <dhananjay@netxen.com> Signed-off-by: Michael Brown <mbrown@fensystems.co.uk> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
| * pcnet-cs, axnet_cs: add new IDs, remove dup ID with less infoKomuro2008-09-03
| | | | | | | | | | | | | | | | | | | | | | | | pcnet_cs: add new ID: "corega Ether PCC-TD". remove duplicate ID: "IC-CARD". axnet_cs: add new ID: "IO DATA ETXPCM". Signed-off-by: Komuro <komurojun-mbn@nifty.com> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
| * ixgbe: initialize interrupt throttle rateAndy Gospodarek2008-09-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit dropped the setting of the default interrupt throttle rate. commit 021230d40ae0e6508d6c717b6e0d6d81cd77ac25 Author: Ayyappan Veeraiyan <ayyappan.veeraiyan@intel.com> Date: Mon Mar 3 15:03:45 2008 -0800 ixgbe: Introduce MSI-X queue vector code The following patch adds it back. Without this the default value of 0 causes the performance of this card to be awful. Restoring these to the default values yields much better performance. This regression has been around since 2.6.25. Signed-off-by: Andy Gospodarek <andy@greyhouse.net> Acked-by: Jesse Brandeburg <jesse.brandeburg@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com> CC: stable@kernel.org [2.6.25 and later] Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
| * net/usb/pegasus: avoid hundreds of diagnosticsDavid Brownell2008-09-03
| | | | | | | | | | | | | | | | | | | | | | | | | | Make the "pegasus" driver scream less loudly in the face of problems as it initializes, avoiding hundreds of messages: - ratelimit some key error messages - avoid some spurious diagnostics caused by strange codeflow And fix one instance of goofy indentation. Signed-off-by: David Brownell <dbrownell@users.sourceforge.net> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
* | bnx2x: Accessing un-mapped pageEilon Greenstein2008-09-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The allocated RX buffer size was 64 bytes bigger than the PCI mapped size with no good reason. If the packet was actually using the buffer up to its limit and if the last 64 bytes of the buffer crossed 4KB boundary then an unmapped PCI page was accessed. The fix is to use only one parameter for the buffer size - there is no need to differentiate between the buffer size and the PCI mapping size since the extra 64 bytes can actually be used by the FW to align the Ethernet payload to 64 bytes. Also updating the driver version and date Signed-off-by: Eilon Greenstein <eilong@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | Merge branch 'master' of ↵David S. Miller2008-09-03
|\ \ | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6
| * | ath9k: Fix TX control flag use for no ACK and RTS/CTSJouni Malinen2008-09-03
| | | | | | | | | | | | | | | Signed-off-by: Jouni Malinen <jouni.malinen@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * | ath9k: Fix TX status reportingJouni Malinen2008-09-03
| | | | | | | | | | | | | | | Signed-off-by: Jouni Malinen <jouni.malinen@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * | iwlwifi: fix STATUS_EXIT_PENDING is not set on pci_removeGregory Greenman2008-09-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch sets STATUS_EXIT_PENDING on pci_remove. Otherwise iwl4965_down may fail to uninitialize the driver. Signed-off-by: Gregory Greenman <gregory.greenman@intel.com> Signed-off-by: Mohamed Abbas <mohamed.abbas@intel.com> Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Signed-off-by: Zhu Yi <yi.zhu@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * | iwlwifi: call apm stop on exitGregory Greenman2008-09-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch calls apm stop on exit and suspend. Without this patch hardware consumes power even after driver is removed or suspended. Signed-off-by: Gregory Greenman <gregory.greenman@intel.com> Signed-off-by: Mohamed Abbas <mohamed.abbas@intel.com> Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Signed-off-by: Zhu Yi <yi.zhu@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * | iwlwifi: fix Tx cmd memory allocation failure handlingTomas Winkler2008-09-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch "iwlwifi: do not use GFP_DMA in iwl_tx_queue_init" removes GFP_DMA from allocation tx command buffers. GFP_DMA allows allocation only for memory under 16M which causes allocation problems suspend/resume flows. Using kmalloc is temporal solution and some consistent/coherent allocation schema will be more correct. Since iwlwifi hardware supports 64bit address this solution should work on x86 (32 and 64bit) for now. This patch fixes memory freeing problem in the previous patch. Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Signed-off-by: Ian Schram <ischram@telenet.be> Signed-off-by: Zhu Yi <yi.zhu@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * | iwlwifi: fix rx_chain computationTomas Winkler2008-09-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch fixes rx_chain computation. The code that adjusts number of rx chains to number supported by HW was missing. Miss configuration causes firmware error. Note: iwlwifi supports HW with up to 3 RX chains (2x2, 2x3, 1x2, and 3x3 MIMO). This patch also simplifies the whole RX chain computation. Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Signed-off-by: Mohamed Abbas <mohamed.abbas@intel.com> Signed-off-by: Zhu Yi <yi.zhu@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * | iwlwifi: fix station mimo power save valuesRon Rindjunsky2008-09-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch fixes the wrong use MIMO power save values. Our TX was configured with our MIMO power save values instead of peer's MIMO power save values, this may affect connectivity. The peer STA/AP may not sense our traffic at all as it doesn't have all RX chains opened. Signed-off-by: Ron Rindjunsky <ron.rindjunsky@intel.com> Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Signed-off-by: Zhu Yi <yi.zhu@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * | iwlwifi: remove false rxon if rx chain changesMohamed Abbas2008-09-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Rx chain might change during power save transitions but it doesn't require sending Full-ROXN command to the firmware. Full-RXON requires reconnection to an AP and thus affects user experience. The patch avoids the Full-RXON by removing the rx_chain modification check in iwl_full_rxon_required function. Signed-off-by: Mohamed Abbas <mohamed.abbas@intel.com Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Signed-off-by: Zhu Yi <yi.zhu@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * | iwlwifi: fix hidden ssid discovery in passive channelsRon Rindjunsky2008-09-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This enables sending of direct probes on passive channels, as long as traffic was detected on that channel. This enables connectivity to hidden/non broadcasting SSIDs APs on passive channels. Note 5000 HW declares all 5.2 spectrum as passive. Signed-off-by: Cahill Ben <ben.m.cahill@intel.com> Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Signed-off-by: Ron Rindjunsky <ron.rindjunsky@intel.com> Signed-off-by: Zhu Yi <yi.zhu@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * | iwlwifi: W/A for the TSF correction in IBSSAssaf Krauss2008-09-03
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | This patch is a W/A for the TSF sync issue in IBSS merging. HW is not capable to sync TSF (it's constantly little behind). This creates constant IBSS merging upon reception of each beacon, adding and removing station which in turn creates above 50% packet loss and thus dramatically degrade the throughput. The W/A simply stops the driver from declaring it has a reliable TSF value and thus eliminates IBSS merging. Signed-off-by: Assaf Krauss <assaf.krauss@intel.com> Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Signed-off-by: Zhu Yi <yi.zhu@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* / tipc: Don't use structure names which easily globally conflict.David S. Miller2008-09-03
|/ | | | | | | | | | | Andrew Morton reported a build failure on sparc32, because TIPC uses names like "struct node" and there is a like named data structure defined in linux/node.h This just regexp replaces "struct node*" to "struct tipc_node*" to avoid this and any future similar problems. Signed-off-by: David S. Miller <davem@davemloft.net>
* ipsec: Fix deadlock in xfrm_state management.David S. Miller2008-09-02
| | | | | | | | | | | | | | Ever since commit 4c563f7669c10a12354b72b518c2287ffc6ebfb3 ("[XFRM]: Speed up xfrm_policy and xfrm_state walking") it is illegal to call __xfrm_state_destroy (and thus xfrm_state_put()) with xfrm_state_lock held. If we do, we'll deadlock since we have the lock already and __xfrm_state_destroy() tries to take it again. Fix this by pushing the xfrm_state_put() calls after the lock is dropped. Signed-off-by: David S. Miller <davem@davemloft.net>
* ipv: Re-enable IP when MTU > 68Breno Leitao2008-09-02
| | | | | | | | | | | | Re-enable IP when the MTU gets back to a valid size. This patch just checks if the in_dev is NULL on a NETDEV_CHANGEMTU event and if MTU is valid (bigger than 68), then re-enable in_dev. Also a function that checks valid MTU size was created. Signed-off-by: Breno Leitao <leitao@linux.vnet.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* net/xfrm: Use an IS_ERR test rather than a NULL testJulien Brunel2008-09-02
| | | | | | | | | | | | | | | | | | | | | | | | In case of error, the function xfrm_bundle_create returns an ERR pointer, but never returns a NULL pointer. So a NULL test that comes after an IS_ERR test should be deleted. The semantic match that finds this problem is as follows: (http://www.emn.fr/x-info/coccinelle/) // <smpl> @match_bad_null_test@ expression x, E; statement S1,S2; @@ x = xfrm_bundle_create(...) ... when != x = E * if (x != NULL) S1 else S2 // </smpl> Signed-off-by: Julien Brunel <brunel@diku.dk> Signed-off-by: Julia Lawall <julia@diku.dk> Signed-off-by: David S. Miller <davem@davemloft.net>
* ath9: Fix ath_rx_flush_tid() for IRQs disabled kernel warning message.Senthil Balasubramanian2008-09-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch addresses an issue with the locking order. ath_rx_flush_tid() uses spin_lock/unlock_bh when IRQs are disabled in sta_notify by mac80211. As node clean up is still pending with ath9k and this problematic portion of the code is expected to change anyway, thinking of a proper fix may not be worthwhile. So having this interim fix helps the users to get rid of the kernel warning message. Pasted the kernel warning message for reference. kernel: ath0: No ProbeResp from current AP 00:1b:11:60:7a:3d - assume out of range kernel: ------------[ cut here ]------------ kernel: WARNING: at kernel/softirq.c:136 local_bh_enable+0x3c/0xab() kernel: Pid: 1029, comm: ath9k Not tainted 2.6.27-rc4-wt-w1fi-wl kernel: kernel: Call Trace: kernel: [<ffffffff802278d8>] warn_on_slowpath+0x51/0x77 kernel: [<ffffffff80224c51>] check_preempt_wakeup+0xf3/0x123 kernel: [<ffffffff80239658>] autoremove_wake_function+0x9/0x2e kernel: [<ffffffff8022c281>] local_bh_enable+0x3c/0xab kernel: [<ffffffffa01ab75a>] ath_rx_node_cleanup+0x38/0x6e [ath9k] kernel: [<ffffffffa01b2280>] ath_node_detach+0x3b/0xb6 [ath9k] kernel: [<ffffffffa01ab09f>] ath9k_sta_notify+0x12b/0x165 [ath9k] kernel: [<ffffffff802366cf>] queue_work+0x1d/0x49 kernel: [<ffffffffa018c3fc>] add_todo+0x70/0x99 [mac80211] kernel: [<ffffffffa017de76>] __sta_info_unlink+0x16b/0x19e [mac80211] kernel: [<ffffffffa017e6ed>] sta_info_unlink+0x18/0x43 [mac80211] kernel: [<ffffffffa0182732>] ieee80211_associated+0xaa/0x16d [mac80211] kernel: [<ffffffffa0184a1a>] ieee80211_sta_work+0x4fb/0x6b4 [mac80211] kernel: [<ffffffff80469c58>] thread_return+0x30/0xa9 kernel: [<ffffffffa018451f>] ieee80211_sta_work+0x0/0x6b4 [mac80211] kernel: [<ffffffff802362c2>] run_workqueue+0xb1/0x17a kernel: [<ffffffff80236be9>] worker_thread+0xd0/0xdb kernel: [<ffffffff8023964f>] autoremove_wake_function+0x0/0x2e kernel: [<ffffffff80236b19>] worker_thread+0x0/0xdb kernel: [<ffffffff8023954a>] kthread+0x47/0x75 kernel: [<ffffffff80223121>] schedule_tail+0x18/0x50 kernel: [<ffffffff8020bc49>] child_rip+0xa/0x11 kernel: [<ffffffff80239503>] kthread+0x0/0x75 kernel: [<ffffffff8020bc3f>] child_rip+0x0/0x11 kernel: kernel: ---[ end trace e9bb5da661055827 ]--- Signed-off-by: Senthil Balasubramanian <senthilkumar@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* ath9k: Incorrect key used when group and pairwise ciphers are different.Senthil Balasubramanian2008-09-02
| | | | | | | | | | | | Updating sc_keytype multiple times when groupwise and pairwise ciphers are different results in incorrect pairwise key type assumed for TX control and normal ping fails. This works fine for cases where both groupwise and pairwise ciphers are same. Also use mac80211 provided enums for key length calculation. Signed-off-by: Senthil Balasubramanian <senthilkumar@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* rt2x00: Compiler warning unmasked by fix of BUILD_BUG_ONBoaz Harrosh2008-09-02
| | | | | | | | | | | | | | | | A "Set" to a sign-bit in an "&" operation causes a compiler warning. Make calculations unsigned. [ The warning was masked by the old definition of BUILD_BUG_ON() ] Also remove __builtin_constant_p from FIELD_CHECK since BUILD_BUG_ON no longer permits non-const values. Signed-off-by: Boaz Harrosh <bharrosh@panasas.com> CC: Ingo Molnar <mingo@elte.hu> CC: Rusty Russell <rusty@rustcorp.com.au> Acked-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* mac80211: Fix debugfs union misuse and pointer corruptionJouni Malinen2008-09-02
| | | | | | | | | | | | | | | | | | | | debugfs union in struct ieee80211_sub_if_data is misused by including a common default_key dentry as a union member. This ends occupying the same memory area with the first dentry in other union members (structures; usually drop_unencrypted). Consequently, debugfs operations on default_key symlinks and drop_unencrypted entry are using the same dentry pointer even though they are supposed to be separate ones. This can lead to removing entries incorrectly or potentially leaving something behind since one of the dentry pointers gets lost. Fix this by moving the default_key dentry to a new struct (common_debugfs) that contains dentries (more to be added in future) that are shared by all vif types. The debugfs union must only be used for vif type-specific entries to avoid this type of pointer corruption. Signed-off-by: Jouni Malinen <jouni.malinen@atheros.com> Acked-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* wireless/libertas/if_cs.c: fix memory leaksAdrian Bunk2008-09-02
| | | | | | | | | | | | The leak in if_cs_prog_helper() is obvious. It looks a bit as if not freeing "fw" in if_cs_prog_real() was done intentionally, but I'm not seeing why it shouldn't be freed. Reported-by: Adrian Bunk <bunk@kernel.org> Signed-off-by: Adrian Bunk <bunk@kernel.org> Acked-by: Holger Schurig <hs4233@mail.mn-solutions.de> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* orinoco: Multicast to the specified addressesDavid Kilroy2008-09-02
| | | | | | | | | | | | | | | | When multicasting the driver sets the number of group addresses using the count from the previous set multicast command. In general this means you have to set the multicast addresses twice to get the behaviour you want. If we were multicasting, and reduce the number of addresses we are multicasting to, then the driver would write uninitialised data from the stack into the group addresses to multicast to. Only write the multicast addresses we have specifically set. Signed-off-by: David Kilroy <kilroyd@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* iwlwifi: fix 64bit platform firmware loadingTomas Winkler2008-09-02
| | | | | | | | | | This patch fixes loading firmware from memory above 32bit. Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Zhu Yi <yi.zhu@intel.com> Acked-by: Marcel Holtmann <holtmann@linux.intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* iwlwifi: fix apm_stop (wrong bit polarity for FLAG_INIT_DONE)Mohamed Abbas2008-09-02
| | | | | | | | | | The patch fixes CSR_GP_CNTRL_REG_FLAG_INIT_DONE was set instead of cleared which disabled moving device to D0U state. Signed-off-by: Mohamed Abbas <mohamed.abbas@intel.com> Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Signed-off-by: Zhu Yi <yi.zhu@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* iwlwifi: workaround interrupt handling no some platformsTomas Winkler2008-09-02
| | | | | | | | | | This patch adds workaround for an interrupt related hardware bug on some platforms. (Apparently these platforms boot-up w/ INTX_DISABLED set. -- JWL) Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Signed-off-by: Zhu Yi <yi.zhu@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* iwlwifi: do not use GFP_DMA in iwl_tx_queue_initJohn W. Linville2008-09-02
| | | | | | | | | | | GFP_DMA is not necessary for the iwlwifi hardware and it can cause allocation failures and/or invoke the OOM killer on lots of systems. For reference: https://bugzilla.redhat.com/show_bug.cgi?id=459709 Signed-off-by: John W. Linville <linville@tuxdriver.com>
* net/wireless/Kconfig: clarify the description for CONFIG_WIRELESS_EXT_SYSFSFlorian Mickler2008-09-02
| | | | | | | | | | | | Current setup with hal and NetworkManager will fail to work without newest hal version with this config option disabled. Although this will solve itself by time, at the moment it is dishonest to say that we don't know any software that uses it, if there are many many people relying on old hal versions. Signed-off-by: Florian Mickler <florian@mickler.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* net: Unbreak userspace usage of linux/mroute.hDavid S. Miller2008-08-29
| | | | | | | | | | | | | | | | | Nothing in linux/pim.h should be exported to userspace. This should fix the XORP build failure reported by Jose Calhariz, the debain package maintainer. Nothing originally in linux/mroute.h was exported to userspace ever, but some of this stuff started to be when it was moved into this new linux/pim.h, and that was wrong. If we didn't provide these definitions for 10 years we can reasonably expect that applications defined this stuff locally or used GLIBC headers providing the protocol definitions. And as such the only result of this can be conflict and userland build breakage. Signed-off-by: David S. Miller <davem@davemloft.net>
* pkt_sched: Fix locking of qdisc_root with qdisc_root_sleeping_lock()Jarek Poplawski2008-08-29
| | | | | | | | | | | Use qdisc_root_sleeping_lock() instead of qdisc_root_lock() where appropriate. The only difference is while dev is deactivated, when currently we can use a sleeping qdisc with the lock of noop_qdisc. This shouldn't be dangerous since after deactivation root lock could be used only by gen_estimator code, but looks wrong anyway. Signed-off-by: Jarek Poplawski <jarkao2@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* ipv6: When we droped a packet, we should return NET_RX_DROP instead of 0Yang Hongyang2008-08-29
| | | | | Signed-off-by: Yang Hongyang <yanghy@cn.fujitsu.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* sctp: fix random memory dereference with SCTP_HMAC_IDENT option.Vlad Yasevich2008-08-27
| | | | | | | | | The number of identifiers needs to be checked against the option length. Also, the identifier index provided needs to be verified to make sure that it doesn't exceed the bounds of the array. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* sctp: correct bounds check in sctp_setsockopt_auth_keyVlad Yasevich2008-08-27
| | | | | | | | | | | | The bonds check to prevent buffer overlflow was not exactly right. It still allowed overflow of up to 8 bytes which is sizeof(struct sctp_authkey). Since optlen is already checked against the size of that struct, we are guaranteed not to cause interger overflow either. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* wan: Missing capability checks in sbni_ioctl()Eugene Teo2008-08-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are missing capability checks in the following code: 1300 static int 1301 sbni_ioctl( struct net_device *dev, struct ifreq *ifr, int cmd) 1302 { [...] 1319 case SIOCDEVRESINSTATS : 1320 if( current->euid != 0 ) /* root only */ 1321 return -EPERM; [...] 1336 case SIOCDEVSHWSTATE : 1337 if( current->euid != 0 ) /* root only */ 1338 return -EPERM; [...] 1357 case SIOCDEVENSLAVE : 1358 if( current->euid != 0 ) /* root only */ 1359 return -EPERM; [...] 1372 case SIOCDEVEMANSIPATE : 1373 if( current->euid != 0 ) /* root only */ 1374 return -EPERM; Here's my proposed fix: Missing capability checks. Signed-off-by: Eugene Teo <eugeneteo@kernel.sg> Signed-off-by: David S. Miller <davem@davemloft.net>
* Merge branch 'no-iwlwifi' of ↵David S. Miller2008-08-27
|\ | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6
| * mac80211: quiet chatty IBSS merge messageJohn W. Linville2008-08-26
| | | | | | | | | | | | It seems obvious that this #ifndef should be the opposite polarity... Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * mac80211: don't send empty extended rates IEJan-Espen Pettersen2008-08-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The association request includes a list of supported data rates. 802.11b: 4 supported rates. 802.11g: 12 (8 + 4) supported rates. 802.11a: 8 supported rates. The rates tag of the assoc request has room for only 8 rates. In case of 802.11g an extended rate tag is appended. However in net/wireless/mlme.c an extended (empty) rate tag is also appended if the number of rates is exact 8. This empty (length=0) extended rates tag causes some APs to deny association with code 18 (unsupported rates). These APs include my ZyXEL G-570U, and according to Tomas Winkler som Cisco APs. 'If count == 8' has been used to check for the need for an extended rates tag. But count would also be equal to 8 if the for loop exited because of no more supported rates. Therefore a check for count being less than rates_len would seem more correct. Thanks to: * Dan Williams for newbie guidance * Tomas Winkler for confirming the problem Signed-off-by: Jan-Espen Pettersen <sigsegv@radiotube.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * mac80211: Fix debugfs file add/del for netdevJouni Malinen2008-08-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previous version was using incorrect union structures for non-AP interfaces when adding and removing max_ratectrl_rateidx and force_unicast_rateidx entries. Depending on the vif type, this ended up in corrupting debugfs entries since the dentries inside different union structures ended up going being on top of eachother.. As the end result, debugfs files were being left behind with references to freed data (instant kernel oops on access) and directories were not removed properly when unloading mac80211 drivers. This patch fixes those issues by using only a single union structure based on the vif type. Signed-off-by: Jouni Malinen <jouni.malinen@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * net/mac80211/mesh.c: correct the argument to __mesh_table_freeJulia Lawall2008-08-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In the function mesh_table_grow, it is the new table not the argument table that should be freed if the function fails (cf commit bd9b448f4c0a514559bdae4ca18ca3e8cd999c6d) The semantic match that detects this problem is as follows: (http://www.emn.fr/x-info/coccinelle/) // <smpl> @r exists@ local idexpression x; expression E,f; position p1,p2,p3; identifier l; statement S; @@ x = mesh_table_alloc@p1(...) ... if (x == NULL) S ... when != E = x when != mesh_table_free(x) goto@p2 l; ... when != E = x when != f(...,x,...) when any ( return \(0\|x\); | return@p3 ...; ) @script:python@ p1 << r.p1; p2 << r.p2; p3 << r.p3; @@ print "%s: call on line %s not freed or saved before return on line %s via line %s" % (p1[0].file,p1[0].line,p3[0].line,p2[0].line) // </smpl> Signed-off-by: Julia Lawall <julia@diku.dk> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * mac80211: Use IWEVASSOCREQIE instead of IWEVCUSTOMJouni Malinen2008-08-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The previous code was using IWEVCUSTOM to report IEs from AssocReq and AssocResp frames into user space. This can easily hit the 256 byte limit (IW_CUSTOM_MAX) with APs that include number of vendor IEs in AssocResp. This results in the event message not being sent and dmesg showing "wlan0 (WE) : Wireless Event too big (366)" type of errors. Convert mac80211 to use IWEVASSOCREQIE/IWEVASSOCRESPIE to avoid the issue of being unable to send association IEs as wireless events. These newer event types use binary encoding and larger maximum size (IW_GENERIC_IE_MAX = 1024), so the likelyhood of not being able to send the IEs is much smaller than with IWEVCUSTOM. As an extra benefit, the code is also quite a bit simpler since there is no need to allocate an extra buffer for hex encoding. Signed-off-by: Jouni Malinen <jouni.malinen@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * net: rfkill: add missing line breakFelipe Balbi2008-08-26
| | | | | | | | | | | | | | | | | | Trivial patch adding a missing line break on rfkill_claim_show(). Signed-off-by: Felipe Balbi <felipe.balbi@nokia.com> Acked-by: Ivo van Doorn <IvDoorn@gmail.co> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * Ath5k: fix bintval setupJiri Slaby2008-08-26
| | | | | | | | | | | | | | | | | | | | | | bintval is set to the initial value at .config_interface which is too late, since it overwrites previously set value from .config. Move the initialization to the .add_interface. Signed-off-by: Jiri Slaby <jirislaby@gmail.com> Cc: Nick Kossifidis <mickflemm@gmail.com> Cc: Luis R. Rodriguez <mcgrof@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>