- 16 Mar, 2010 2 commits
-
-
Felix Fietkau authored
When I initially stumbled upon sequence number problems with PAE frames in ath9k, I submitted a patch to remove all special cases for PAE frames and let them go through the normal transmit path. Out of concern about crypto incompatibility issues, this change was merged instead: commit 6c8afef5 Author: Sujith <Sujith.Manoharan@atheros.com> Date: Tue Feb 9 10:07:00 2010 +0530 ath9k: Fix sequence numbers for PAE frames After a lot of testing, I'm able to reliably trigger a driver crash on rekeying with current versions with this change in place. It seems that the driver does not support sending out regular MPDUs with the same TID while an A-MPDU session is active. This leads to duplicate entries in the TID Tx buffer, which hits the following BUG_ON in ath_tx_addto_baw(): index = ATH_BA_INDEX(tid->seq_start, bf->bf_seqno); cindex = (tid->baw_head + index) & (ATH_TID_MAX_BUFS - 1); BUG_ON(tid->tx_buf[cindex] != NULL); I believe until we actually have a reproducible case of an incompatibility with another AP using no PAE special cases, we should simply get rid of this mess. This patch completely fixes my crash issues in STA mode and makes it stay connected without throughput drops or connectivity issues even when the AP is configured to a very short group rekey interval. Signed-off-by:
Felix Fietkau <nbd@openwrt.org> Cc: stable@kernel.org Signed-off-by:
John W. Linville <linville@tuxdriver.com>
-
Grazvydas Ignotas authored
In case debugfs does not init for some reason (or is disabled on older kernels) driver does not allocate stats.fw_stats structure, but tries to clear it later and trips on a NULL pointer: Unable to handle kernel NULL pointer dereference at virtual address 00000000 PC is at __memzero+0x24/0x80 Backtrace: [<bf0ddb88>] (wl1251_debugfs_reset+0x0/0x30 [wl1251]) [<bf0d6a2c>] (wl1251_op_stop+0x0/0x12c [wl1251]) [<bf0bc228>] (ieee80211_stop_device+0x0/0x74 [mac80211]) [<bf0b0d10>] (ieee80211_stop+0x0/0x4ac [mac80211]) [<c02deeac>] (dev_close+0x0/0xb4) [<c02deac0>] (dev_change_flags+0x0/0x184) [<c031f478>] (devinet_ioctl+0x0/0x704) [<c0320720>] (inet_ioctl+0x0/0x100) Add a NULL pointer check to fix this. Signed-off-by:
Grazvydas Ignotas <notasas@gmail.com> Acked-by:
Kalle Valo <kalle.valo@iki.fi> Cc: stable@kernel.org Signed-off-by:
-
- 10 Mar, 2010 13 commits
-
-
-
Eric Dumazet authored
Fix memory leak and use kmalloc() instead of kzalloc() as we are going to overwrite the allocated buffer. Signed-off-by:
Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by:
-
Juuso Oikarinen authored
Currently hardware with !IEEE80211_HW_PS_NULLFUNC_STACK and IEEE80211_HW_REPORTS_TX_ACK_STATUS will never enter PSM due to the conditions in the power save entry functions. Fix those conditions. Signed-off-by:
Juuso Oikarinen <juuso.oikarinen@nokia.com> Cc: stable@kernel.org Signed-off-by:
-
Zhu Yi authored
Fixed below compiler warning: drivers/net/wireless/ipw2x00/ipw2200.c: In function ‘ipw_load_firmware’: drivers/net/wireless/ipw2x00/ipw2200.c:3260: warning: the frame size of 1168 bytes is larger than 1024 bytes Signed-off-by:
Zhu Yi <yi.zhu@intel.com> Signed-off-by:
-
Bruno Randolf authored
we read the IQ correction values (i_cal and q_cal) for G mode from a wrong location (the same shifts as for A mode is applied which is incorrect). use correct locations, matching the docs and HAL sources. also we should write IQ correction only when we have that information in the EEPROM, starting from version 4. also write it in the same way as we do in the periodic recalibration (enable last), just to be sure. Signed-off-by:
Bruno Randolf <br1@einfach.org> Acked-by:
Nick Kossifidis <mickflemm@gmail.com> Signed-off-by:
-
Bruno Randolf authored
I/Q calibration was completely broken, resulting in a high number of CRC errors on received packets. before i could see around 10% to 20% CRC errors, with this patch they are between 0% and 3%. 1.) the removal of the mask in commit "ath5k: Fix I/Q calibration (f1cf2dbd)" resulted in no mask beeing used when writing the I/Q values into the register. additional errors in the calculation of the values (see 2.) resulted too high numbers, exceeding the masks, so wrong values like 0xfffffffe were written. to be safe we should always use the bitmask when writing parts of a register. 2.) using a (s32) cast for q_coff is a wrong conversion to signed, since we convert to a signed value later by substracting 128. this resulted in too low numbers for Q many times, which were limited to -16 by the boundary check later on. 3.) checked everything against the HAL sources and took over comments and minor optimizations from there. 4.) we can't use ENABLE_BITS when we want to write a number (the number can contain zeros). also always write the correction values first and set ENABLE bit last, like the HAL does. Signed-off-by:
-
Bruno Randolf authored
to reset the TSF, AR5K_BEACON_RESET_TSF has to be 1, not 0. also we have a function for that so use it. Signed-off-by:
-
Bruno Randolf authored
when using a fixed antenna we should use the antenna number in all tx descriptors, otherwise the hardware will sometimes send the frame out on the other antenna. it seems like the hardware does not always respect the default antenna and diversity settings (esp. AR5K_STA_ID1_DEFAULT_ANTENNA). also i would like to note that antenna diversity does not always work correctly on 5414 (at least) when only one antenna is connected: for example all frames might be received on antenna A but still the HW tries to send on antenna B some times, causing packet loss. this is both verified with the antenna statistics output of the previous patch and a spectrum analyzer. Signed-off-by:
-
Zhu Yi authored
The ieee->networks consists of 128 struct libipw_network entries. If we allocate this chunk of memory altogether, it ends up with an order 4 page allocation. High order page allocation is likely to fail on system high load. This patch splits the big chunk memory allocation into small pieces, each is 344 bytes, allocates them with 128 times. The patch fixed bug http://bugzilla.kernel.org/show_bug.cgi?id=14989Signed-off-by:
-
Jouni Malinen authored
Commit 34e89507 introduced sta_mtx locking into sta_info_insert() (now sta_info_insert_rcu), but forgot to unlock this mutex on one of the error paths. Fix this by adding the missing mutex_unlock() call for the case where STA insert fails due to an entry existing already. This may happen at least in AP mode when a STA roams between two BSSes (vifs). Signed-off-by:
Jouni Malinen <j@w1.fi> Signed-off-by:
-
Helmut Schaa authored
Remove the KSEG1ADDR define from rt2x00soc.h as it redefines and covers the correct one from the arch/mips/include/asm/addrspace.h. Otherwise the driver oopses on the target platform (Ralink rt3050 board). Signed-off-by:
Helmut Schaa <helmut.schaa@googlemail.com> Acked-by:
Ivo van Doorn <IvDoorn@gmail.com> Acked-by:
Gertjan van Wingerde <gwingerde@gmail.com> Signed-off-by:
-
Reinette Chatre authored
This reverts commit 21b2d8bd. As explained by Johannes: When we build a probe request frame in the buffer with the SSID, we could arrive over the limit of 200 bytes. When we build it in the buffer without the SSID (wildcard) we don't arrive over 200 bytes, but the ucode still allows direct probe in addition because it has an internal buffer that is larger when it inserts the SSID... Signed-off-by:
Reinette Chatre <reinette.chatre@intel.com>
-
Reinette Chatre authored
Recent patch "iwlwifi: move 3945 clip groups to 3945 data" exposed a memory corruption problem. When initializing the clip groups the code was mistakenly using the iwlagn rate count, not the 3945 rate count. This resulted in more memory being written than was allocated. "iwlwifi: move 3945 clip groups to 3945 data" moved the location where the clip groups are stored and the impact is now severe in that the number of configured TX queues is modified. Previously the "temperature" field was overwritten, which did not seem to affect the operation. Fix this one instance where wrong rate count was used. I also noticed one more location where the iwlagn rate count was used to index an iwl3945 array, fix this. I also modified one location that modified the iwlagn rate count to obtain the iwl3945 rate count ... just use the iwl3945 rate count directly. This fixes http://bugzilla.intellinuxwireless.org/show_bug.cgi?id=2165 and http://bugzilla.intellinuxwireless.org/show_bug.cgi?id=2168Signed-off-by:
-
- 08 Mar, 2010 19 commits
-
-
Wolfgang Grandegger authored
Signed-off-by:
Wolfgang Grandegger <wg@grandegger.com> Signed-off-by:
David S. Miller <davem@davemloft.net>
-
Neil Horman authored
Port commit 20deb48d16fdd07ce2fdc8d03ea317362217e085 from git://tipc.cslab.ericsson.net/pub/git/people/allan/tipc.git Part of the large effort I'm trying to help with getting all the downstreamed code from windriver forward ported to the upstream tree Origional commit message Restore check to filter out inadverdently received messages This patch reimplements a check that allows TIPC to discard messages that are not intended for it. This check was present in TIPC 1.5/1.6, but was removed by accident during the development of TIPC 1.7; it has now been updated to account for new features present in TIPC 1.7 and reinserted into TIPC. The main benefit of this check is to filter out messages arriving from orphaned link endpoints, which can arise when a node exits the network and then re-enters it with a different TIPC network address (i.e. <Z.C.N> value). Signed-off-by:
Neil Horman <nhorman@tuxdriver.com> Origionally-authored-by:
Allan Stephens <allan.stephens@windriver.com> Signed-off-by:
-
Neil Horman authored
Remove htohl implementation from tipc I was working on forward porting the downstream commits for TIPC and ran accross this one: http://tipc.cslab.ericsson.net/cgi-bin/gitweb.cgi?p=people/allan/tipc.git;a=commitdiff;h=894279b9437b63cbb02405ad5b8e033b51e4e31e I was going to just take it, when I looked closer and noted what it was doing. This is basically a routine to byte swap fields of data in sent/received packets for tipc, dependent upon the receivers guessed endianness of the peer when a connection is established. Asside from just seeming silly to me, it appears to violate the latest RFC draft for tipc: http://tipc.sourceforge.net/doc/draft-spec-tipc-02.txt Which, according to section 4.2 and 4.3.3, requires that all fields of all commands be sent in network byte order. So instead of just taking this patch, instead I'm removing the htohl function and replacing the calls with calls to ntohl in the rx path and htonl in the send path. As part of this fix, I'm also changing the subscr_cancel function, which searches the list of subscribers, using a memcmp of the entire subscriber list, for the entry to tear down. unfortunately it memcmps the entire tipc_subscr structure which has several bits that are private to the local side, so nothing will ever match. section 5.2 of the draft spec indicates the <type,upper,lower> tuple should uniquely identify a subscriber, so convert subscr_cancel to just match on those fields (properly endian swapped). I've tested this using the tipc test suite, and its passed without issue. Signed-off-by:
-
Eric Dumazet authored
Use self documenting noinline_for_stack instead of duplicated comments. Signed-off-by:
-
Joe Perches authored
(Applies on top of "Remove uses of NIPQUAD, use %pI4") Casts to void of snprintf are most uncommon in kernel source. 9 use casts, 1301 do not. Remove the remaining uses in net/sunrpc/ Signed-off-by:
Joe Perches <joe@perches.com> Signed-off-by:
-
Joe Perches authored
Originally submitted Jan 1, 2010 http://patchwork.kernel.org/patch/71221/ Convert NIPQUAD to the %pI4 format extension where possible Convert %02x%02x%02x%02x/NIPQUAD to %08x/ntohl Signed-off-by:
-
Barry Song authored
Looks like commit a6e4bc53 didn't include updates to drivers so the Blackfin CAN driver fails to build now. Signed-off-by:
Barry Song <barry.song@analog.com> Signed-off-by:
Mike Frysinger <vapier@gentoo.org> Acked-by:
-
Eric Dumazet authored
Commit 4957faad (TCPCT part 1g: Responder Cookie => Initiator), part of TCP_COOKIE_TRANSACTION implementation, forgot to correctly size synack skb in case user data must be included. Many thanks to Mika Pentillä for spotting this error. Reported-by:
Penttillä Mika <mika.penttila@ixonos.com> Signed-off-by:
-
Eric Dumazet authored
We added an automatic route cache rebuilding in commit 1080d709 but had to correct few bugs. One of the assumption of original patch, was that entries where kept sorted in a given way. This assumption is known to be wrong (commit 1ddbcb00 gave an explanation of this and corrected a leak) and expensive to respect. Paweł Staszewski reported to me one of his machine got its routing cache disabled after few messages like : [ 2677.850065] Route hash chain too long! [ 2677.850080] Adjust your secret_interval! [82839.662993] Route hash chain too long! [82839.662996] Adjust your secret_interval! [155843.731650] Route hash chain too long! [155843.731664] Adjust your secret_interval! [155843.811881] Route hash chain too long! [155843.811891] Adjust your secret_interval! [155843.858209] vlan0811: 5 rebuilds is over limit, route caching disabled [155843.858212] Route hash chain too long! [155843.858213] Adjust your secret_interval! This is because rt_intern_hash() might be fooled when computing a chain length, because multiple entries with same keys can differ because of TOS (or mark/oif) bits. In the rare case the fast algorithm see a too long chain, and before taking expensive path, we call a helper function in order to not count duplicates of same routes, that only differ with tos/mark/oif bits. This helper works with data already in cpu cache and is not be very expensive, despite its O(N^2) implementation. Paweł Staszewski sucessfully tested this patch on his loaded router. Reported-and-tested-by:
Paweł Staszewski <pstaszewski@itcare.pl> Signed-off-by:
-
Amit Kumar Salecha authored
Signed-off-by:
Amit Kumar Salecha <amit.salecha@qlogic.com> Signed-off-by:
-
Amit Kumar Salecha authored
Bios sub version from unified fw image is calculated incorrect. Signed-off-by:
-
Sucheta Chakraborty authored
Validate all sections of unified fw image, before accessing them, to avoid seg fault. Signed-off-by:
Sucheta Chakraborty <sucheta@dut6195.unminc.com> Signed-off-by:
-
Sucheta Chakraborty authored
For promiscuous mode, driver send request to device for deleting multicast addresses and again it send request for adding them back while exiting from this mode, this is bad for performance. Just setting device in promiscuous mode is enough, no need to del/add multicast addresses. Signed-off-by:
Sucheta Chakraborty <sucheta.chakraborty@qlogic.com> Signed-off-by:
-
Sucheta Chakraborty authored
Statistics added for lro/lso bytes, count for tx stop queue and wake queue and skb alloc failure count. Signed-off-by:
-
Sucheta Chakraborty authored
Kernel default tx csum function (ethtool_op_get_tx_csum) doesn't show correct csum status. It takes various FLAGS (NETIF_F_ALL_CSUM) in account to show tx csum status, which driver doesn't set while disabling tx csum. Signed-off-by:
-
Ajit Khaparde authored
This patch cleans up some unused code from be_load_fw(). Signed-off-by:
Ajit Khaparde <ajitk@serverengines.com> Signed-off-by:
-
Ajit Khaparde authored
When PCI functions are virtuialized in applications by assigning PCI functions to VM (PCI passthrough), the be2net driver in the VM sees a different function number. So, use of PCI function number in any calculation will break existing code. This patch takes care of it. Signed-off-by:
-
Eric Dumazet authored
Commit 6b03a53a (tcp: use limited socket backlog) added the possibility of dropping frames when backlog queue is full. Commit d218d111 (tcp: Generalized TTL Security Mechanism) added the possibility of dropping frames when TTL is under a given limit. This patch adds new SNMP MIB entries, named TCPBacklogDrop and TCPMinTTLDrop, published in /proc/net/netstat in TcpExt: line netstat -s | egrep "TCPBacklogDrop|TCPMinTTLDrop" TCPBacklogDrop: 0 TCPMinTTLDrop: 0 Signed-off-by:
-
Zhu Yi authored
Add the "__must_check" tag to sk_add_backlog() so that any failure to check and drop packets will be warned about. Signed-off-by:
-
- 07 Mar, 2010 6 commits
-
-
Herbert Xu authored
Thanks to Paul McKenny for pointing out that it is incorrect to use synchronize_rcu_bh to ensure that pending callbacks have completed. Instead we should use rcu_barrier_bh. Reported-by:
Paul E. McKenney <paulmck@linux.vnet.ibm.com> Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by:
-
Herbert Xu authored
As Paul McKenney correctly pointed out, __br_mdb_ip_get needs to use the RCU list walking primitive in order to work correctly on platforms where data-dependency ordering is not guaranteed. Reported-by:
-
YOSHIFUJI Hideaki / 吉藤英明 authored
IPV6_PREFER_SRC_xxx definitions: | #define IPV6_PREFER_SRC_TMP 0x0001 | #define IPV6_PREFER_SRC_PUBLIC 0x0002 | #define IPV6_PREFER_SRC_COA 0x0004 RT6_LOOKUP_F_xxx definitions: | #define RT6_LOOKUP_F_SRCPREF_TMP 0x00000008 | #define RT6_LOOKUP_F_SRCPREF_PUBLIC 0x00000010 | #define RT6_LOOKUP_F_SRCPREF_COA 0x00000020 So, we can translate between these two groups by shift operation instead of multiple 'if's. Signed-off-by:
YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by:
-
Florian Fainelli authored
Signed-off-by:
Florian Fainelli <florian@openwrt.org> Signed-off-by:
-
Florian Fainelli authored
If we were unable to detect a PHY on any of the MDIO bus id we tried instead of bailing out with -ENODEV, assume the MAC is connected to a switch and use MDIO bus 0. This unbreaks quite a lot of devices out there whose switch cannot be detected. Signed-off-by:
-
Florian Fainelli authored
Despite what the comment above CPMAC_SKB_SIZE says, the hardware also needs to account for the FCS length in a received frame. This patch fix the receiving of 802.1q frames which have 4 more bytes. While at it unhardcode the definition and use the one from if_vlan.h. Signed-off-by:
-
