- 01 Dec, 2010 10 commits
-
-
Andrei Emeltchenko authored
Check that socket sk is not locked in user process before removing l2cap connection handler. lock_sock and release_sock do not hold a normal spinlock directly but instead hold the owner field. This means bh_lock_sock can still execute even if the socket is "locked". More info can be found here: http://www.linuxfoundation.org/collaborate/workgroups/networking/socketlocks krfcommd kernel thread may be preempted with l2cap tasklet which remove l2cap_conn structure. If krfcommd is in process of sending of RFCOMM reply (like "RFCOMM UA" reply to "RFCOMM DISC") then kernel crash happens. ... [ 694.175933] Unable to handle kernel NULL pointer dereference at virtual address 00000000 [ 694.184936] pgd = c0004000 [ 694.187683] [00000000] *pgd=00000000 [ 694.191711] Internal error: Oops: 5 [#1] PREEMPT [ 694.196350] last sysfs file: /sys/devices/platform/hci_h4p/firmware/hci_h4p/loading [ 694.260375] CPU: 0 Not tainted (2.6.32.10 #1) [ 694.265106] PC is at l2cap_sock_sendmsg+0x43c/0x73c [l2cap] [ 694.270721] LR is at 0xd7017303 ... [ 694.525085] Backtrace: [ 694.527587] [<bf266be0>] (l2cap_sock_sendmsg+0x0/0x73c [l2cap]) from [<c02f2cc8>] (sock_sendmsg+0xb8/0xd8) [ 694.537292] [<c02f2c10>] (sock_sendmsg+0x0/0xd8) from [<c02f3044>] (kernel_sendmsg+0x48/0x80) Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@nokia.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
-
Vasiliy Kulikov authored
Structure hidp_conninfo is copied to userland with version, product, vendor and name fields unitialized if both session->input and session->hid are NULL. It leads to leaking of contents of kernel stack memory. Signed-off-by: Vasiliy Kulikov <segooon@gmail.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
-
Vasiliy Kulikov authored
Structure cmtp_conninfo is copied to userland with some padding fields unitialized. It leads to leaking of contents of kernel stack memory. Signed-off-by: Vasiliy Kulikov <segooon@gmail.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
-
Vasiliy Kulikov authored
Structure bnep_conninfo is copied to userland with the field "device" that has the last elements unitialized. It leads to leaking of contents of kernel stack memory. Signed-off-by: Vasiliy Kulikov <segooon@gmail.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
-
Johan Hedberg authored
In Bluetooth there are no automatic updates of remote device names when they get changed on the remote side. Instead, it is a good idea to do a manual name request when a new connection gets created (for whatever reason) since at this point it is very cheap (no costly baseband connection creation needed just for the sake of the name request). So far userspace has been responsible for this extra name request but tighter control is needed in order not to flood Bluetooth controllers with two many commands during connection creation. It has been shown that some controllers simply fail to function correctly if they get too many (almost) simultaneous commands during connection creation. The simplest way to acheive better control of these commands is to move their sending completely to the kernel side. This patch inserts name requests into the sequence of events that the kernel performs during connection creation. It does this after the remote features have been successfully requested and before any pending authentication requests are performed. The code will work sub-optimally with userspace versions that still do the name requesting themselves (it shouldn't break anything though) so it is recommended to combine this with a userspace software version that doesn't have automated name requests. Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
-
Johan Hedberg authored
This patch adds a single function that's responsible for requesting authentication for outgoing connections. This is preparation for the next patch which will add automated name requests and thereby move the authentication requests to a different location. Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
-
Johan Hedberg authored
The current remote and remote extended features event callbacks logic can be made simpler by using a label and goto statements instead of the current multiple levels of nested if statements. Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
-
Bala Shanmugam authored
Atheros 3011 has small sflash firmware and needs to be blacklisted in transport driver to load actual firmware in DFU driver. Signed-off-by: Bala Shanmugam <sbalashanmugam@atheros.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
-
Stefan Seyfried authored
If a device is autosuspended an inability to resubmit URBs is to be expected. Check the error code and only log real errors. (Now that autosuspend is default enabled for btusb, those log messages were happening all the time e.g. with a BT mouse) Signed-off-by: Stefan Seyfried <seife+kernel@b1-systems.com> Signed-off-by: Oliver Neukum <oneukum@suse.de> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
-
- 30 Nov, 2010 30 commits
-
-
Stanislaw Gruszka authored
Commit dbbf1755 "iwlwifi: use antenna information in EEPROM" caused 4965 device breakage with "Microcode SW error detected. Restarting 0x82000000." message. This patch reverts 4965 part of that commit. Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com> Acked-by: Johannes Berg <johannes@sipsolutions.net> Acked-by: Wey-Yi Guy <wey-yi.w.guy@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Helmut Schaa authored
Remove a superfluous ieee80211_is_data check as that was checked a few lines before already and we wont't get here for non-data frames at all. Second, the frame was already converted to 802.3 header format and reading the fc and addr1 fields was only possible because the 802.3 header is short enough and didn't overwrite the relevant parts of the 802.11 header. Make the code more obvious by checking the ethernet header's h_dest field. Furthermore reorder the conditions to reduce the number of checks when dynamic powersave is not needed (AP mode for example). Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com> Reviewed-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Johannes Stezenbach authored
All rt2x00 drivers except rt2800pci call ieee80211_tx_status() from a workqueue, which causes "NOHZ: local_softirq_pending 08" messages. To fix it, add ieee80211_tx_status_ni() similar to ieee80211_rx_ni() which can be called from process context, and call it from rt2x00lib_txdone(). For the rt2800pci special case a driver flag is introduced. Signed-off-by: Johannes Stezenbach <js@sig21.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Nick Kossifidis authored
* A diff between rfbuffer settings of turbo and non-turbo modes indicates there is a bit on bank 2 related to turbo operation (it's set on turbo modes). This bit is present on all radios except RF5413 that seems to have a completely different bank 2. Also since 2317 has the same rf-registers locations with 2425 and since the bit exists on 2317 I assume it also exists on 2425/2417). So in case we use turbo mode (40MHz) enable it on bank modification. Signed-off-by: Nick Kossifidis <mickflemm@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Nick Kossifidis authored
* Clean up what's left of turbo mode, since we handle all register modifications (rfbuffer comes next) on code there is no need to have duplicated arrays. * Rename change_channel to skip_pcu on initvals.c as we did on reset.c Signed-off-by: Nick Kossifidis <micklfemm@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Nick Kossifidis authored
* Clean up CHANNEL_T(URBO), use AR5K_BWMODE_40MHZ instead Signed-off-by: Nick Kossifidis <mickflemm@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Nick Kossifidis authored
* Use correct clock value when setting OFDM timings on non-default bwmodes. Signed-off-by: Nick Kossifidis <mickflemm@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Nick Kossifidis authored
* Don't return -EINVAL when trying to set tx power on RF5110 because AR5210 reset will fail. We need to add support for RF5110 and AR5210 eeprom in the future but for now just skip it. Signed-off-by: Nick Kossifidis <mickflemm@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Nick Kossifidis authored
* Tweak phy activation -> rx delay for different bwmodes Signed-off-by: Nick Kossifidis <mickflemm@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Nick Kossifidis authored
* Since we set antenna flags on phy init and ack bitrate mode on pcu init, there is no need to save/restore sta_id flags on ath5k_hw_reset. Also we don't need to re-set our mac address because it's not affected by resets. Signed-off-by: Nick Kossifidis <mickflemm@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Nick Kossifidis authored
* Add synth-only channel change for AR2413/5413. When we call ath5k_reset with a channel ath5k_hw_reset will first try to set channel on PHY while PHY is running instead of doing a normal full reset. To do this phy_init has to change to implement this functionality. * Clean up change_channel flag, what it really did was skip PCU registers when setting initvals. This is done because on reset PCU registers are not affected (except the registers we set in pcu init and -due to hw problems- TSF). Use a new skip_pcu flag that's not misleading instead. In the future we might use that to also skip PCU reset and save us the TSF etc problems (needs testing because standard practice is to reset everything). * Use fast channel change only when setting channel, and set skip_pcu to false only on init. When we reset the card due to DMA or PHY problems skip pcu but never do a fast channel change. Signed-off-by: Nick Kossifidis <mickflemm@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Nick Kossifidis authored
* Only set power table if we are changing channel/mode there is no need to recalculate and reset the power table all the time. Signed-off-by: Nick Kossifidis <mickflemm@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Nick Kossifidis authored
* Set correct PLL settings for each bwmode Signed-off-by: Nick Kossifidis <mickflemm@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Nick Kossifidis authored
* Add spur mitigation filter support for half/quarter and turbo. Signed-off-by: Nick Kossifidis <mickflemm@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Nick Kossifidis authored
* Tweak power detector delays on AR5111/AR5112 when using half/quarter modes. Signed-off-by: Nick Kossifidis <mickflemm@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Nick Kossifidis authored
* Make sure we always set IFS timings even if no coverage class is set. If we don't we'll miss the needed changes for different bwmodes. Signed-off-by: Nick Kossifidis <mickflemm@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Nick Kossifidis authored
* Set AR5K_DCU_GBL_IFS_MISC_TURBO_MODE flag on DCU when operating on 40MHz Signed-off-by: Nick Kossifidis <mickflemm@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Nick Kossifidis authored
* Replace set_slot_time with set_ifs_intervals that also sets the various inter-frame space intervals based on current bwmode. * Clean up AR5210 mess from reset_tx_queue, AR5210 only has one data queue and we set IFS intervals for that queue on set_ifs_intervals so there is nothing left to do for 5210 on reset_tx_queue. Signed-off-by: Nick Kossifidis <mickflemm@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Nick Kossifidis authored
* Extend ieee80211_generic_frame_duration to support the various bwmodes. * Better document what's going on with ack bitrates and update write_rate_duration to support the standard ack bitrates (when we don't set the high bit). * Get rid of set_ack_bitrate_high and introduce a flag on ath5k_hw for this (we only called the function on init anyway so there is no difference). Signed-off-by: Nick Kossifidis <mickflemm@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Nick Kossifidis authored
* Extend get_default_sifs/slot_time to include timings for turbo half and quarter rate modes. * AR5210 code for now uses timings already on core clock units instead of usecs so rename them (we 'll clean it up later). Signed-off-by: Nick Kossifidis <mickflemm@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Nick Kossifidis authored
* Move setting of tx retry limits on a separate function (we 'll clean up this AR5210 mess later) Signed-off-by: Nick Kossifidis <mickflemm@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Nick Kossifidis authored
* On turbo mode increase PHY settling times, note that we only increase switch settling time on AR5212 as indicated by initvals. * A few cleanups: Move frame control settings for AR5210 from reset_tx_queue to tweak_initvals and remove phy_scal settings from tweak_initvals (we tweak them alread on set_sleep_clock). Signed-off-by: Nick Kossifidis <mickflemm@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Nick Kossifidis authored
* Now that we properly set rx/tx latencies for AR5311 remove that old buggy part of code left inside ath5k_hw_tweak_initval_settings that was never executed (you can't have an RF5112 radio on a mac older than AR5212). Also use a magic value for 5311 PHY_SCAL value. Signed-off-by: Nick Kossifidis <mickflemm@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Nick Kossifidis authored
* Handle all usec parameters in one function. It's much cleaner this way. Signed-off-by: Nick Kossifidis <mickflemm@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Nick Kossifidis authored
* Prepare for half/quarter/turbo support, introduce a new ah_bwmode parameter and get rid of ah_turbo. Bwmode stands for "bandwidth mode" and can have 4 values, default (20MHz), turbo (40MHz), half rate (10MHz), and quarter rate (5MHz). Signed-off-by: Nick Kossifidis <mickflemm@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Nick Kossifidis authored
* Since we only use ath5k_hw_stop_tx_dma to stop the beacon queue, introduce a new function ath5k_hw_stop_beacon_queue so that we can use that instead and have better control. In the future we can add more beacon queue specific stuff there (maybe tweak beacon timers or something), for now just call ath5k_hw_stop_tx_dma. * Also since we don't call ath5k_hw_stop_rx/tx_dma from outside dma.c, make them static. Signed-off-by: Nick Kossifidis <mickflemm@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Nick Kossifidis authored
* Make sure we are not trying to set RXDP while RX is active, for now ignore the return value. Signed-off-by: Nick Kossifidis <mickflemm@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Nick Kossifidis authored
* DCU early termination should be used to quickly flush QCU according to docs so don't enable it for all queues, enable it only when stopping each queue and disable it when we are done. Signed-off-by: Nick Kossifidis <mickflemm@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Nick Kossifidis authored
* Increase timeouts on ath5k_hw_stop_tx_dma and also wait for tx queue to stop before checking for pending frames * Add a new debug level to debug dma start/stop Signed-off-by: Nick Kossifidis <mickflemm@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Nick Kossifidis authored
* Since we stop rx/tx dma and pcu durring reset there is no need to call ath5k_hw_stop_rx/tx_dma before, also there is no need to call them durring stop_locked since we can use ath5k_hw_dma_stop for both. Signed-off-by: Nick Kossifidis <mickflemm@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-