aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAge
* genetlink: pass family to functions using groupsJohannes Berg2013-11-19
| | | | | | | | | This doesn't really change anything, but prepares for the next patch that will change the APIs to pass the group ID within the family, rather than the global group ID. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* genetlink: add and use genl_set_err()Johannes Berg2013-11-19
| | | | | | | | | Add a static inline to generic netlink to wrap netlink_set_err() to make it easier to use here - use it in openvswitch (the only generic netlink user of netlink_set_err()). Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* genetlink: remove family pointer from genl_multicast_groupJohannes Berg2013-11-19
| | | | | | | | There's no reason to have the family pointer there since it can just be passed internally where needed, so remove it. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* genetlink: remove genl_unregister_mc_group()Johannes Berg2013-11-19
| | | | | | | | There are no users of this API remaining, and we'll soon change group registration to be static (like ops are now) Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* hsr: don't call genl_unregister_mc_group()Johannes Berg2013-11-19
| | | | | | | | There's no need to unregister the multicast group if the generic netlink family is registered immediately after. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* quota/genetlink: use proper genetlink multicast APIsJohannes Berg2013-11-19
| | | | | | | | | | | | | | | The quota code is abusing the genetlink API and is using its family ID as the multicast group ID, which is invalid and may belong to somebody else (and likely will.) Make the quota code use the correct API, but since this is already used as-is by userspace, reserve a family ID for this code and also reserve that group ID to not break userspace assumptions. Acked-by: Jan Kara <jack@suse.cz> Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* drop_monitor/genetlink: use proper genetlink multicast APIsJohannes Berg2013-11-19
| | | | | | | | | | | | | | | | The drop monitor code is abusing the genetlink API and is statically using the generic netlink multicast group 1, even if that group belongs to somebody else (which it invariably will, since it's not reserved.) Make the drop monitor code use the proper APIs to reserve a group ID, but also reserve the group id 1 in generic netlink code to preserve the userspace API. Since drop monitor can be a module, don't clear the bit for it on unregistration. Acked-by: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* genetlink: only pass array to genl_register_family_with_ops()Johannes Berg2013-11-19
| | | | | | | | | | | | | | As suggested by David Miller, make genl_register_family_with_ops() a macro and pass only the array, evaluating ARRAY_SIZE() in the macro, this is a little safer. The openvswitch has some indirection, assing ops/n_ops directly in that code. This might ultimately just assign the pointers in the family initializations, saving the struct genl_family_and_ops and code (once mcast groups are handled differently.) Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* tcp: don't update snd_nxt, when a socket is switched from repair modeAndrey Vagin2013-11-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | snd_nxt must be updated synchronously with sk_send_head. Otherwise tp->packets_out may be updated incorrectly, what may bring a kernel panic. Here is a kernel panic from my host. [ 103.043194] BUG: unable to handle kernel NULL pointer dereference at 0000000000000048 [ 103.044025] IP: [<ffffffff815aaaaf>] tcp_rearm_rto+0xcf/0x150 ... [ 146.301158] Call Trace: [ 146.301158] [<ffffffff815ab7f0>] tcp_ack+0xcc0/0x12c0 Before this panic a tcp socket was restored. This socket had sent and unsent data in the write queue. Sent data was restored in repair mode, then the socket was switched from reapair mode and unsent data was restored. After that the socket was switched back into repair mode. In that moment we had a socket where write queue looks like this: snd_una snd_nxt write_seq |_________|________| | sk_send_head After a second switching from repair mode the state of socket was changed: snd_una snd_nxt, write_seq |_________ ________| | sk_send_head This state is inconsistent, because snd_nxt and sk_send_head are not synchronized. Bellow you can find a call trace, how packets_out can be incremented twice for one skb, if snd_nxt and sk_send_head are not synchronized. In this case packets_out will be always positive, even when sk_write_queue is empty. tcp_write_wakeup skb = tcp_send_head(sk); tcp_fragment if (!before(tp->snd_nxt, TCP_SKB_CB(buff)->end_seq)) tcp_adjust_pcount(sk, skb, diff); tcp_event_new_data_sent tp->packets_out += tcp_skb_pcount(skb); I think update of snd_nxt isn't required, when a socket is switched from repair mode. Because it's initialized in tcp_connect_init. Then when a write queue is restored, snd_nxt is incremented in tcp_event_new_data_sent, so it's always is in consistent state. I have checked, that the bug is not reproduced with this patch and all tests about restoring tcp connections work fine. Cc: Pavel Emelyanov <xemul@parallels.com> Cc: Eric Dumazet <edumazet@google.com> Cc: "David S. Miller" <davem@davemloft.net> Cc: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> Cc: James Morris <jmorris@namei.org> Cc: Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org> Cc: Patrick McHardy <kaber@trash.net> Signed-off-by: Andrey Vagin <avagin@openvz.org> Acked-by: Pavel Emelyanov <xemul@parallels.com> Acked-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* atm: idt77252: fix dev refcnt leakYing Xue2013-11-19
| | | | | | | | | init_card() calls dev_get_by_name() to get a network deceive. But it doesn't decrease network device reference count after the device is used. Signed-off-by: Ying Xue <ying.xue@windriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* xfrm: Release dst if this dst is improper for vti tunnelfan.du2013-11-19
| | | | | | | | | | | | After searching rt by the vti tunnel dst/src parameter, if this rt has neither attached to any transformation nor the transformation is not tunnel oriented, this rt should be released back to ip layer. otherwise causing dst memory leakage. Signed-off-by: Fan Du <fan.du@windriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* netlink: fix documentation typo in netlink_set_err()Johannes Berg2013-11-19
| | | | | | | The parameter is just 'group', not 'groups', fix the documentation typo. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* be2net: Delete secondary unicast MAC addresses during be_closeAjit Khaparde2013-11-18
| | | | | | | | | | | | | | Secondary unicast MAC addresses will get deleted only when the interface is UP. When the interface is DOWN, though these secondary MAC addresses are unusable and awaiting to be deleted, cause the firmware to believe that they are being used. If the user intends to set a MAC address as primary MAC from one of these secondary MAC addresses, the firmware returns a MAC address Collision error. Delete these secondary MAC addresses during be_close. The secondary MAC addresses list will be refreshed during interface open anyway. Signed-off-by: Ajit Khaparde <ajit.khaparde@emulex.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* be2net: Fix unconditional enabling of Rx interface optionsAjit Khaparde2013-11-18
| | | | | | | | | | | | The driver currently requests the firmware to enable rx_interface options without considering if the interface was created with that capability. This could cause commands to firmware to fail. To avoid this, enable only those options on an interface if the interface was created with that capability. Signed-off-by: Ajit Khaparde <ajit.khaparde@emulex.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* net, virtio_net: replace the magic valueZhi Yong Wu2013-11-18
| | | | | | | | | It is more appropriate to use # of queue pairs currently used by the driver instead of a magic value. Signed-off-by: Zhi Yong Wu <wuzhy@linux.vnet.ibm.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* ping: prevent NULL pointer dereference on write to msg_nameHannes Frederic Sowa2013-11-18
| | | | | | | | A plain read() on a socket does set msg->msg_name to NULL. So check for NULL pointer first. Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* Merge branch 'bnx2x'David S. Miller2013-11-18
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | Yuval Mintz says: ==================== bnx2x: Bug fixes patch series This series contains several fixes, relating either to SR-IOV flows or to critical sections protected by the rtnl lock. Please consider applying these patches to `net'. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
| * bnx2x: Prevent "timeout waiting for state X"Dmitry Kravkov2013-11-18
| | | | | | | | | | | | | | | | | | | | | | Current driver release rtnl lock in between DCB re-configuration. As a result, other flows (e.g., mtu config) may enter in between and fail due to halted tx path for dcb configuration. Signed-off-by: Dmitry Kravkov <dmitry@broadcom.com> Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com> Signed-off-by: Ariel Elior <ariele@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * bnx2x: prevent CFC attentionDmitry Kravkov2013-11-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | During VF load, prior to sending messages on HW channel to PF the VF checks its bulletin board to see whether the PF indicated it has closed; If a closed PF is encountered, the VF skips sending the message. Due to incorrect return values, there's a possible scenario in which the VF finishes loading "successfully", while the PF hasn't actually fully configured FW/HW for the VFs supposed configuration. Once VF tries to send Tx packets, HW will raise an attention (and FW possibly will start treat the VF as malicious). The patch fails the loading process in such a scenario. Signed-off-by: Dmitry Kravkov <dmitry@broadcom.com> Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com> Signed-off-by: Ariel Elior <ariele@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * bnx2x: Prevent panic during DMAE timeoutDmitry Kravkov2013-11-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If chip enters a recovery flow just after the driver issues a DMAE request the DMAE will timeout. Current code will cause a bnx2x_panic() as a result, which means interface will no longer be usable (regardless of the recovery results), as bnx2x_panic() is irreversible for the driver. As this is a possible flow, the panic should be reached only when driver is compiled with STOP_ON_ERROR. Signed-off-by: Dmitry Kravkov <dmitry@broadcom.com> Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com> Signed-off-by: Ariel Elior <ariele@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * bnx2x: Clean the sp rtnl task upon unloadDmitry Kravkov2013-11-18
|/ | | | | | | | | | | While unloading, bnx2x needs to clean the sp_rtnl_state to prevent configuration made before the unload to be applied afterwards with stale values. Signed-off-by: Dmitry Kravkov <dmitry@broadcom.com> Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com> Signed-off-by: Ariel Elior <ariele@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* ipv6: Fix inet6_init() cleanup orderVlad Yasevich2013-11-18
| | | | | | | | | | | | | | | | Commit 6d0bfe22611602f36617bc7aa2ffa1bbb2f54c67 net: ipv6: Add IPv6 support to the ping socket introduced a change in the cleanup logic of inet6_init and has a bug in that ipv6_packet_cleanup() may not be called. Fix the cleanup ordering. CC: Hannes Frederic Sowa <hannes@stressinduktion.org> CC: Lorenzo Colitti <lorenzo@google.com> CC: Fabio Estevam <fabio.estevam@freescale.com> Signed-off-by: Vlad Yasevich <vyasevich@gmail.com> Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* genetlink: rename shadowed variableJohannes Berg2013-11-18
| | | | | | | | | Sparse pointed out that the new flags variable I had added shadowed an existing one, rename the new one to avoid that, making the code clearer. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* inet: prevent leakage of uninitialized memory to user in recv syscallsHannes Frederic Sowa2013-11-18
| | | | | | | | | | | | | | | | Only update *addr_len when we actually fill in sockaddr, otherwise we can return uninitialized memory from the stack to the caller in the recvfrom, recvmmsg and recvmsg syscalls. Drop the the (addr_len == NULL) checks because we only get called with a valid addr_len pointer either from sock_common_recvmsg or inet_recvmsg. If a blocking read waits on a socket which is concurrently shut down we now return zero and set msg_msgnamelen to 0. Reported-by: mpb <mpb.mail@gmail.com> Suggested-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* net: ipv6: ndisc: Fix warning when CONFIG_SYSCTL=nFabio Estevam2013-11-18
| | | | | | | | | | | | When CONFIG_SYSCTL=n the following build warning happens: net/ipv6/ndisc.c:1730:1: warning: label 'out' defined but not used [-Wunused-label] The 'out' label is only used when CONFIG_SYSCTL=y, so move it inside the 'ifdef CONFIG_SYSCTL' block. Signed-off-by: Fabio Estevam <fabio.estevam@freescale.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* xen-netfront: fix missing rx_refill_timer when allocate memory failedMa JieYue2013-11-18
| | | | | | | | | | | | | | | | | | There was a bug in xennet_alloc_rx_buffers, when allocating page or sk_buff failed, and at the same time rx_batch queue not empty, the rx_refill_timer timer won't be scheduled. If finally the remaining request buffers in rx ring less than what backend driver expected, the backend driver would think of rx ring as full and start dropping packets. In such situation, there is no way for the netfront driver to recover automatically, so that the device can not work properly. The patch fixes the problem by always scheduling rx_refill_timer timer when alloc_page or __netdev_alloc_skb fails, no matter whether rx_batch queue is empty or not. It ensures that the rx ring request buffers will finally meet the backend needs. Signed-off-by: Ma JieYue <jieyue.majy@alibaba-inc.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* net: Handle CHECKSUM_COMPLETE more adequately in pskb_trim_rcsum().David S. Miller2013-11-15
| | | | | | | | | | | | | | | | Currently pskb_trim_rcsum() just balks on CHECKSUM_COMPLETE packets and remarks them as CHECKSUM_NONE, forcing a software checksum validation later. We have all of the mechanics available to fixup the skb->csum value, even for complicated fragmented packets, via the helpers skb_checksum() and csum_sub(). So just use them. Based upon a suggestion by Herbert Xu. Signed-off-by: David S. Miller <davem@davemloft.net>
* pkt_sched: fq: fix pacing for small framesEric Dumazet2013-11-15
| | | | | | | | | | | | | | | | | | | | | | | For performance reasons, sch_fq tried hard to not setup timers for every sent packet, using a quantum based heuristic : A delay is setup only if the flow exhausted its credit. Problem is that application limited flows can refill their credit for every queued packet, and they can evade pacing. This problem can also be triggered when TCP flows use small MSS values, as TSO auto sizing builds packets that are smaller than the default fq quantum (3028 bytes) This patch adds a 40 ms delay to guard flow credit refill. Fixes: afe4fd062416 ("pkt_sched: fq: Fair Queue packet scheduler") Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Maciej Żenczykowski <maze@google.com> Cc: Willem de Bruijn <willemb@google.com> Cc: Yuchung Cheng <ycheng@google.com> Cc: Neal Cardwell <ncardwell@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* pkt_sched: fq: warn users using defrateEric Dumazet2013-11-15
| | | | | | | | | | Commit 7eec4174ff29 ("pkt_sched: fq: fix non TCP flows pacing") obsoleted TCA_FQ_FLOW_DEFAULT_RATE without notice for the users. Suggested by David Miller Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* genetlink: unify registration functionsJohannes Berg2013-11-15
| | | | | | | | | | | | Now that the ops assignment is just two variables rather than a long list iteration etc., there's no reason to separately export __genl_register_family() and __genl_register_family_with_ops(). Unify the two functions into __genl_register_family() and make genl_register_family_with_ops() call it after assigning the ops. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* MAINTAINERS: Update Pegasus and RTL8150 repositories;Petko Manolov2013-11-15
| | | | | | | The diff is against latest 'net' repository; Signed-off-by: Petko Manolov <petkan@nucleusys.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* net: ethernet: ti/cpsw: do not crash on single-MAC machines during resumeDaniel Mack2013-11-15
| | | | | | | | | | During resume, use for_each_slave to walk the slaves of the cpsw, and soft-reset each of them. This prevents oopses if there is only one slave configured. Signed-off-by: Daniel Mack <zonque@gmail.com> Acked-by: Mugunthan V N <mugunthanvnm@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* Merge branch 'macvlan'David S. Miller2013-11-15
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Michal Kubecek says: ==================== macvlan: disable LRO on lowerdev instead of a macvlan A customer of ours encountered a problem with LRO on an ixgbe network card. Analysis showed that it was a known conflict of forwarding and LRO but the forwarding was enabled in an LXC container where only a macvlan was, not the ethernet device itself. I believe the solution is exactly the same as what we do for "normal" (802.1q) VLAN devices: if dev_disable_lro() is called for such device, LRO is disabled on the underlying "real" device instead. v2: adapt to changes merged from net-next v3: use BUG() in macvlan_dev_real_dev() if compiled without macvlan ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
| * macvlan: disable LRO on lower device instead of macvlanMichal Kubeček2013-11-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A macvlan device has always LRO disabled so that calling dev_disable_lro() on it does nothing. If we need to disable LRO e.g. because - the macvlan device is inserted into a bridge - IPv6 forwarding is enabled for it - it is in a different namespace than lowerdev and IPv4 forwarding is enabled in it we need to disable LRO on its underlying device instead (as we do for 802.1q VLAN devices). v2: use newly introduced netif_is_macvlan() Signed-off-by: Michal Kubecek <mkubecek@suse.cz> Signed-off-by: David S. Miller <davem@davemloft.net>
| * macvlan: introduce macvlan_dev_real_dev() helper functionMichal Kubeček2013-11-15
|/ | | | | | | | | | | | | | Introduce helper function macvlan_dev_real_dev which returns the underlying device of a macvlan device, similar to vlan_dev_real_dev() for 802.1q VLAN devices. v2: IFF_MACVLAN flag and equivalent of is_macvlan_dev() were introduced in the meantime v3: do BUG() if compiled without macvlan support Signed-off-by: Michal Kubecek <mkubecek@suse.cz> Signed-off-by: David S. Miller <davem@davemloft.net>
* bonding: add ip checks when store ip targetWang Weidong2013-11-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | I met a Bug when I add ip target with the wrong ip address: echo +500.500.500.500 > /sys/class/net/bond0/bonding/arp_ip_target the wrong ip address will transfor to 245.245.245.244 and add to the ip target success, it is uncorrect, so I add checks to avoid adding wrong address. The in4_pton() will set wrong ip address to 0.0.0.0, it will return by the next check and will not add to ip target. v2 According Veaceslav's opinion, simplify the code. v3 According Veaceslav's opinion, add broadcast check and make a micro definition to package it. v4 Solve the problem of the format which David point out. Suggested-by: Veaceslav Falico <vfalico@redhat.com> Suggested-by: David S. Miller <davem@davemloft.net> Signed-off-by: Ding Tianhong <dingtianhong@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* 6lowpan: Uncompression of traffic class field was incorrectJukka Rissanen2013-11-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If priority/traffic class field in IPv6 header is set (seen when using ssh), the uncompression sets the TC and Flow fields incorrectly. Example: This is IPv6 header of a sent packet. Note the priority/TC (=1) in the first byte. 00000000: 61 00 00 00 00 2c 06 40 fe 80 00 00 00 00 00 00 00000010: 02 02 72 ff fe c6 42 10 fe 80 00 00 00 00 00 00 00000020: 02 1e ab ff fe 4c 52 57 This gets compressed like this in the sending side 00000000: 72 31 04 06 02 1e ab ff fe 4c 52 57 ec c2 00 16 00000010: aa 2d fe 92 86 4e be c6 .... In the receiving end, the packet gets uncompressed to this IPv6 header 00000000: 60 06 06 02 00 2a 1e 40 fe 80 00 00 00 00 00 00 00000010: 02 02 72 ff fe c6 42 10 fe 80 00 00 00 00 00 00 00000020: ab ff fe 4c 52 57 ec c2 First four bytes are set incorrectly and we have also lost two bytes from destination address. The fix is to switch the case values in switch statement when checking the TC field. Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* tipc: fix dereference before check warningErik Hugne2013-11-15
| | | | | | | | | | | | This fixes the following Smatch warning: net/tipc/link.c:2364 tipc_link_recv_fragment() warn: variable dereferenced before check '*head' (see line 2361) A null pointer might be passed to skb_try_coalesce if a malicious sender injects orphan fragments on a link. Signed-off-by: Erik Hugne <erik.hugne@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* ipv4: fix possible seqlock deadlockEric Dumazet2013-11-14
| | | | | | | | | | | | ip4_datagram_connect() being called from process context, it should use IP_INC_STATS() instead of IP_INC_STATS_BH() otherwise we can deadlock on 32bit arches, or get corruptions of SNMP counters. Fixes: 584bdf8cbdf6 ("[IPV4]: Fix "ipOutNoRoutes" counter error for TCP and UDP") Signed-off-by: Eric Dumazet <edumazet@google.com> Reported-by: Dave Jones <davej@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* net/hsr: Fix possible leak in 'hsr_get_node_status()'Geyslan G. Bem2013-11-14
| | | | | | | | If 'hsr_get_node_data()' returns error, going directly to 'fail' label doesn't free the memory pointed by 'skb_out'. Signed-off-by: Geyslan G. Bem <geyslan@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* Merge branch 'for-davem' of ↵David S. Miller2013-11-14
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless John W. Linville says: ==================== pull request: wireless 2013-11-14 Please pull this batch of fixes intended for the 3.13 stream! Amitkumar Karwar offers a quartet of mwifiex fixes, including an endian fix and three fixes for invalid memory access. Avinash Patil trims the packet length value for packets received from an SDIO interface. Colin Ian King fixes a NULL pointer dereference in the rtlwifi efuse code. Dan Carpenter cleans-up an mwifiex integer underflow, a potential libertas oops, a memory corrupion bug in wcn36xx, and a locking issue also in wcn36xx. Dan Williams helps prism54 devices to avoid being misclassified as Ethernet devices. Felipe Pena fixes a couple of typo errors, one in rt2x00 and the other in rtlwifi. Janusz Dziedzic corrects a pair of DFS-related problems in ath9k. Larry Finger patches three rtlwifi drivers to correctly report signal strength even for an unassociated AP. Mark Cave-Ayland rewrites some endian-illiterate packet type extraction code in rtlwifi. Stanislaw Gruszka addresses an rt2x00 regression related to setting HT station WCID and AMPDU density parameters. Sujith Manoharan corrects the initvals settings for AR9485. Ujjal Roy patches an obscure bit of code in mwifiex that was using the wrong definition of eth_hdr when briding patches in AP mode. Wei Yongjun fixes a couple of bugs: one is a return code handling bug in libertas; and, the other is a locking issue in wcn36xx. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
| * Merge branch 'master' of ↵John W. Linville2013-11-14
| |\ | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless into for-davem
| | * prism54: set netdev type to "wlan"Dan Williams2013-11-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Userspace uses the netdev devtype for stuff like device naming and type detection. Be nice and set it. Remove the pointless #if/#endif around SET_NETDEV_DEV too. Signed-off-by: Dan Williams <dcbw@redhat.com> Cc: stable@vger.kernel.org Signed-off-by: John W. Linville <linville@tuxdriver.com>
| | * wcn36xx: missing unlocks on error pathsDan Carpenter2013-11-11
| | | | | | | | | | | | | | | | | | | | | There are several places which are missing unlocks. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| | * wcn36xx: Add missing unlock before returnWei Yongjun2013-11-11
| | | | | | | | | | | | | | | | | | | | | | | | Add the missing unlock before return from function wcn36xx_smd_update_proberesp_tmpl() in the error handling case. Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| | * ath9k: Use correct PCIE initvals for AR9485Sujith Manoharan2013-11-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, the PLL is turned off for AR9485 when switching to a low power state, but AR9485 has an issue where the card will become unresponsive if left idle for a long time without any traffic. To fix this, force the PLL to always be on using a different initval array, ar9485_1_1_pll_on_cdr_on_clkreq_disable_L1. This is done for most of the AR9485 based cards like HB125, WB225 etc. but certain models require the feature to be turned off. Identify such cards and use default values for them. Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| | * wcn36xx: harmless memory corruption bug in debugfsDan Carpenter2013-11-11
| | | | | | | | | | | | | | | | | | | | | | | | On 64 bit systems we write past the end of the arg[] array. Fixes: 8e84c2582169 ('wcn36xx: mac80211 driver for Qualcomm WCN3660/WCN3680 hardware') Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| | * mwifiex: fix wrong eth_hdr usage for bridged packets in AP modeUjjal Roy2013-11-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The eth_hdr is never defined in this driver but it gets compiled without any warning/error because kernel has defined eth_hdr. Fix it by defining our own p_ethhdr and use it instead of eth_hdr. Cc: <stable@vger.kernel.org> # 3.7+ Signed-off-by: Ujjal Roy <royujjal@gmail.com> Signed-off-by: Amitkumar Karwar <akarwar@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| | * mwifiex: correct packet length for packets from SDIO interfaceAvinash Patil2013-11-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | While receiving a packet on SDIO interface, we allocate skb with size multiple of SDIO block size. We need to resize this skb after RX using packet length from RX header. Cc: <stable@vger.kernel.org> Signed-off-by: Avinash Patil <patila@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| | * rtlwifi: rtl8192de: Fix incorrect signal strength for unassociated APLarry Finger2013-11-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The routine that processes received frames was returning the RSSI value for the signal strength; however, that value is available only for associated APs. As a result, the strength was the absurd value of 10 dBm. As a result, scans return incorrect values for the strength, which causes unwanted attempts to roam. Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Cc: Stable <stable@vger.kernel.org> [3.1+] Signed-off-by: John W. Linville <linville@tuxdriver.com>