Commit Graph

243488 Commits

Author SHA1 Message Date
Luciano Coelho
09b661b332 wl12xx: fix potential buffer overflow in testmode nvs push
We were allocating the size of the NVS file struct and not checking
whether the length of the buffer passed was correct before copying it
into the allocated memory.  This is a security hole because buffer
overflows can occur if the userspace passes a bigger file than what is
expected.

With this patch, we check if the size of the data passed from
userspace matches the size required.

This bug was introduced in 2.6.36.

Cc: stable@kernel.org
Reported-by: Ido Yariv <ido@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-04-04 15:22:12 -04:00
Jussi Kivilinna
023535732f zd1211rw: reset rx idle timer from tasklet
2.6.38 added WARN_ON(in_irq) in del_timer_sync that triggers on zd1211rw when
reseting rx idle timer in urb completion handler.

Move timer reseting to tasklet.

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-04-04 15:22:12 -04:00
Jussi Kivilinna
2fc713b204 zd1211rw: remove URB_SHORT_NOT_OK flag in zd_usb_iowrite16v_async()
Patch removes the bogus flag introduced by upstream commit
eefdbec1ea. Old code had buffer length check
that new code tried to handle with URB_SHORT_NOT_OK flag. With USB debugging
enabled bogus flag caused usb_submit_urb fail.

Remove URB_SHORT_NOT_OK flag and add buffer length check to urb completion
handler.

Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=32092
Reported-by: Jonathan Callen <abcd@gentoo.org>
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-04-04 15:22:12 -04:00
Helmut Schaa
fcf8bd3ba5 mac80211: Fix duplicate frames on cooked monitor
Cleaning the ieee80211_rx_data.flags field here is wrong, instead the
flags should be valid accross processing the frame on different
interfaces. Fix this by removing the incorrect flags=0 assignment.

Introduced in commit 554891e63a
(mac80211: move packet flags into packet).

Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-04-04 15:22:11 -04:00
Johannes Berg
5312c3f60b mac80211: fix comment regarding aggregation buf_size
The description for buf_size was misleading and
just said you couldn't TX larger aggregates, but
of course you can't TX aggregates in a way that
would exceed the window either, which is possible
even if the aggregates are shorter than that.

Expand the description, thanks to Emmanuel for
explaining this to me.

Cc: Emmanuel Grumbach <egrumbach@gmail.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-04-04 15:22:11 -04:00
Senthil Balasubramanian
8f06ca2c83 ath9k: Fix phy info print message with AR9485 chipset.
The phy information print during driver init time doesn't show
the numeric part of the chip name properly for AR9485. This patch
addresses this issue by adding the string to the respective array.

Signed-off-by: Senthil Balasubramanian <senthilkumar@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-04-04 15:22:11 -04:00
Luciano Coelho
5245e3a9f7 wl12xx: fix module author's email address in the spi and sdio modules
The MODULE_AUTHOR() macro in the main module (wl12xx) has been updated
to reflect one of the author's new email address, but the wl12xx_spi
and wl12xx_sdio modules haven't been updated.  This patches updates
them.

Signed-off-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-04-04 15:22:11 -04:00
John W. Linville
c85ce65eca b43: allocate receive buffers big enough for max frame len + offset
Otherwise, skb_put inside of dma_rx can fail...

	https://bugzilla.kernel.org/show_bug.cgi?id=32042

Signed-off-by: John W. Linville <linville@tuxdriver.com>
Acked-by: Larry Finger <Larry.Finger@lwfinger.net>
Cc: stable@kernel.org
2011-04-04 15:22:11 -04:00
Mariusz Kozlowski
a14b289d46 mlx4: fix kfree on error path in new_steering_entry()
On error path kfree() should get pointer to memory allocated by
kmalloc() not the address of variable holding it (which is on stack).

Signed-off-by: Mariusz Kozlowski <mk@lab.zgora.pl>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-04-03 22:04:01 -07:00
Ilpo Järvinen
2fceec1337 tcp: len check is unnecessarily devastating, change to WARN_ON
All callers are prepared for alloc failures anyway, so this error
can safely be boomeranged to the callers domain without super
bad consequences. ...At worst the connection might go into a state
where each RTO tries to (unsuccessfully) re-fragment with such
a mis-sized value and eventually dies.

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-04-01 21:47:41 -07:00
Wei Yongjun
2cab86bee8 sctp: malloc enough room for asconf-ack chunk
Sometime the ASCONF_ACK parameters can equal to the fourfold of
ASCONF parameters, this only happend in some special case:

  ASCONF parameter is :
    Unrecognized Parameter (4 bytes)
  ASCONF_ACK parameter should be:
    Error Cause Indication parameter (8 bytes header)
     + Error Cause (4 bytes header)
       + Unrecognized Parameter (4bytes)

Four 4bytes Unrecognized Parameters in ASCONF chunk will cause panic.

Pid: 0, comm: swapper Not tainted 2.6.38-next+ #22 Bochs Bochs
EIP: 0060:[<c0717eae>] EFLAGS: 00010246 CPU: 0
EIP is at skb_put+0x60/0x70
EAX: 00000077 EBX: c09060e2 ECX: dec1dc30 EDX: c09469c0
ESI: 00000000 EDI: de3c8d40 EBP: dec1dc58 ESP: dec1dc2c
 DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
Process swapper (pid: 0, ti=dec1c000 task=c09aef20 task.ti=c0980000)
Stack:
 c09469c0 e1894fa4 00000044 00000004 de3c8d00 de3c8d00 de3c8d44 de3c8d40
 c09060e2 de25dd80 de3c8d40 dec1dc7c e1894fa4 dec1dcb0 00000040 00000004
 00000000 00000800 00000004 00000004 dec1dce0 e1895a2b dec1dcb4 de25d960
Call Trace:
 [<e1894fa4>] ? sctp_addto_chunk+0x4e/0x89 [sctp]
 [<e1894fa4>] sctp_addto_chunk+0x4e/0x89 [sctp]
 [<e1895a2b>] sctp_process_asconf+0x32f/0x3d1 [sctp]
 [<e188d554>] sctp_sf_do_asconf+0xf8/0x173 [sctp]
 [<e1890b02>] sctp_do_sm+0xb8/0x159 [sctp]
 [<e18a2248>] ? sctp_cname+0x0/0x52 [sctp]
 [<e189392d>] sctp_assoc_bh_rcv+0xac/0xe3 [sctp]
 [<e1897d76>] sctp_inq_push+0x2d/0x30 [sctp]
 [<e18a21b2>] sctp_rcv+0x7a7/0x83d [sctp]
 [<c077a95c>] ? ipv4_confirm+0x118/0x125
 [<c073a970>] ? nf_iterate+0x34/0x62
 [<c074789d>] ? ip_local_deliver_finish+0x0/0x194
 [<c074789d>] ? ip_local_deliver_finish+0x0/0x194
 [<c0747992>] ip_local_deliver_finish+0xf5/0x194
 [<c074789d>] ? ip_local_deliver_finish+0x0/0x194
 [<c0747a6e>] NF_HOOK.clone.1+0x3d/0x44
 [<c0747ab3>] ip_local_deliver+0x3e/0x44
 [<c074789d>] ? ip_local_deliver_finish+0x0/0x194
 [<c074775c>] ip_rcv_finish+0x29f/0x2c7
 [<c07474bd>] ? ip_rcv_finish+0x0/0x2c7
 [<c0747a6e>] NF_HOOK.clone.1+0x3d/0x44
 [<c0747cae>] ip_rcv+0x1f5/0x233
 [<c07474bd>] ? ip_rcv_finish+0x0/0x2c7
 [<c071dce3>] __netif_receive_skb+0x310/0x336
 [<c07221f3>] netif_receive_skb+0x4b/0x51
 [<e0a4ed3d>] cp_rx_poll+0x1e7/0x29c [8139cp]
 [<c072275e>] net_rx_action+0x65/0x13a
 [<c0445a54>] __do_softirq+0xa1/0x149
 [<c04459b3>] ? __do_softirq+0x0/0x149
 <IRQ>
 [<c0445891>] ? irq_exit+0x37/0x72
 [<c040a7e9>] ? do_IRQ+0x81/0x95
 [<c07b3670>] ? common_interrupt+0x30/0x38
 [<c0428058>] ? native_safe_halt+0xa/0xc
 [<c040f5d7>] ? default_idle+0x58/0x92
 [<c0408fb0>] ? cpu_idle+0x96/0xb2
 [<c0797989>] ? rest_init+0x5d/0x5f
 [<c09fd90c>] ? start_kernel+0x34b/0x350
 [<c09fd0cb>] ? i386_start_kernel+0xba/0xc1

Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-04-01 21:45:51 -07:00
Wei Yongjun
028dba0ac3 sctp: fix auth_hmacs field's length of struct sctp_cookie
auth_hmacs field of struct sctp_cookie is used for store
Requested HMAC Algorithm Parameter, and each HMAC Identifier
is 2 bytes, so the length should be:
  SCTP_AUTH_NUM_HMACS * sizeof(__u16) + 2

Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-04-01 21:45:50 -07:00
Michał Mirosław
4dd5ffe4fc net: Fix dev dev_ethtool_get_rx_csum() for forced NETIF_F_RXCSUM
dev_ethtool_get_rx_csum() won't report rx checksumming when it's not
changeable and driver is converted to hw_features and friends. Fix this.

(dev->hw_features & NETIF_F_RXCSUM) check is dropped - if the
ethtool_ops->get_rx_csum is set, then driver is not coverted, yet.

Signed-off-by: Michał Mirosław <mirq-linux@rere.qmqm.pl>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-04-01 20:23:25 -07:00
Arnd Bergmann
c261344d3c usbnet: use eth%d name for known ethernet devices
The documentation for the USB ethernet devices suggests that
only some devices are supposed to use usb0 as the network interface
name instead of eth0. The logic used there, and documented in
Kconfig for CDC is that eth0 will be used when the mac address
is a globally assigned one, but usb0 is used for the locally
managed range that is typically used on point-to-point links.

Unfortunately, this has caused a lot of pain on the smsc95xx
device that is used on the popular pandaboard without an
EEPROM to store the MAC address, which causes the driver to
call random_ether_address().

Obviously, there should be a proper MAC addressed assigned to
the device, and discussions are ongoing about how to solve
this, but this patch at least makes sure that the default
interface naming gets a little saner and matches what the
user can expect based on the documentation, including for
new devices.

The approach taken here is to flag whether a device might be a
point-to-point link with the new FLAG_POINTTOPOINT setting in
the usbnet driver_info. A driver can set both FLAG_POINTTOPOINT
and FLAG_ETHER if it is not sure (e.g. cdc_ether), or just one
of the two.  The usbnet framework only looks at the MAC address
for device naming if both flags are set, otherwise it trusts the
flag.

Signed-off-by: Arnd Bergmann <arnd.bergmann@linaro.org>
Tested-by: Andy Green <andy.green@linaro.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-04-01 20:12:02 -07:00
FUJITA Tomonori
1591cb6083 starfire: clean up dma_addr_t size test
Now we have CONFIG_ARCH_DMA_ADDR_T_64BIT. We can fix the hacky
dma_addr_t size test cleanly.

Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-04-01 20:10:08 -07:00
David S. Miller
5e58e5283a Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6 2011-04-01 17:15:25 -07:00
David S. Miller
c100c8f4c3 appletalk: Fix OOPS in atalk_release().
Commit 60d9f461a2 ("appletalk: remove
the BKL") added a dereference of "sk" before checking for NULL in
atalk_release().

Guard the code block completely, rather than partially, with the
NULL check.

Reported-by: Dave Jones <davej@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-03-31 18:59:10 -07:00
Yevgeny Petrilin
c379474591 mlx4: Fixing bad size of event queue buffer
We should reduce the number of reserved completion queues from the total
number of entries. Since the queue size is power of two, not reducing the
reserved entries, caused a double queue size, which may lead to allocation
failures in some cases.

Signed-off-by: Yevgeny Petrilin <yevgenyp@mellanox.co.il>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-03-31 02:52:18 -07:00
Yevgeny Petrilin
53020092bd mlx4: Fixing use after free
In case of allocation failure, tried to use the promiscuous QP
entry that was previously freed.
Now freeing this entry only in case we will not put it back to the list
of promiscuous entries.

Reported-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Yevgeny Petrilin <yevgenyp@mellanox.co.il>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-03-31 02:52:17 -07:00
Peter Pan(潘卫平)
5e8996e728 bonding:typo in comment
use accumulates instead of acumulates.

Signed-off-by: Pan Weiping <panweiping3@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-03-31 01:54:22 -07:00
David S. Miller
a84b50ceb7 sctp: Pass __GFP_NOWARN to hash table allocation attempts.
Like DCCP and other similar pieces of code, there are mechanisms
here to try allocating smaller hash tables if the allocation
fails.  So pass in __GFP_NOWARN like the others do instead of
emitting a scary message.

Reported-by: Dave Jones <davej@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-03-30 17:51:36 -07:00
Patrick McHardy
04f482faf5 connector: convert to synchronous netlink message processing
Commits 01a16b21 (netlink: kill eff_cap from struct netlink_skb_parms)
and c53fa1ed (netlink: kill loginuid/sessionid/sid members from struct
netlink_skb_parms) removed some members from struct netlink_skb_parms
that depend on the current context, all netlink users are now required
to do synchronous message processing.

connector however queues received messages and processes them in a work
queue, which is not valid anymore. This patch converts connector to do
synchronous message processing by invoking the registered callback handler
directly from the netlink receive function.

In order to avoid invoking the callback with connector locks held, a
reference count is added to struct cn_callback_entry, the reference
is taken when finding a matching callback entry on the device's queue_list
and released after the callback handler has been invoked.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Acked-by: Evgeniy Polyakov <zbr@ioremap.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-03-30 17:14:33 -07:00
Eric Dumazet
e2666f8495 fib: add rtnl locking in ip_fib_net_exit
Daniel J Blueman reported a lockdep splat in trie_firstleaf(), caused by
RTNL being not locked before a call to fib_table_flush()

Reported-by: Daniel J Blueman <daniel.blueman@gmail.com>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-03-30 16:57:46 -07:00
Philip A. Prindeville
c031235b39 atm/solos-pci: Don't flap VCs when carrier state changes
Don't flap VCs when carrier state changes; higher-level protocols
can detect loss of connectivity and act accordingly. This is more
consistent with how other network interfaces work.

We no longer use release_vccs() so we can delete it.

release_vccs() was duplicated from net/atm/common.c; make the
corresponding function exported, since other code duplicates it
and could leverage it if it were public.

Signed-off-by: Philip A. Prindeville <philipp@redfish-solutions.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-03-30 16:53:38 -07:00
Philip A. Prindeville
18b429e74e atm/solos-pci: Don't include frame pseudo-header on transmit hex-dump
Omit pkt_hdr preamble when dumping transmitted packet as hex-dump;
we can pull this up because the frame has already been sent, and
dumping it is the last thing we do with it before freeing it.

Also include the size, vpi, and vci in the debug as is done on
receive.

Use "port" consistently instead of "device" intermittently.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-03-30 16:53:37 -07:00
Philip A. Prindeville
1e19e65856 atm/solos-pci: Use VPI.VCI notation uniformly.
Use VPI.VCI notation consistently throughout the module. This is the
one remaining place where the VCI is used before the VPI in any output.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-03-30 16:53:37 -07:00
Jesper Juhl
ad19031b5f Atheros, atl2: Fix mem leaks in error paths of atl2_set_eeprom
We leak in some error paths of drivers/net/atlx/atl2.c:atl2_set_eeprom().
The memory allocated to 'eeprom_buff' is not freed when we return -EIO.
This patch fixes that up and also removes a pointless explicit cast.

Signed-off-by: Jesper Juhl <jj@chaosbits.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-03-30 02:42:25 -07:00
Daniel Lezcano
79b569f0ec netdev: fix mtu check when TSO is enabled
In case the device where is coming from the packet has TSO enabled,
we should not check the mtu size value as this one could be bigger
than the expected value.

This is the case for the macvlan driver when the lower device has
TSO enabled. The macvlan inherit this feature and forward the packets
without fragmenting them. Then the packets go through dev_forward_skb
and are dropped. This patch fix this by checking TSO is not enabled
when we want to check the mtu size.

Signed-off-by: Daniel Lezcano <daniel.lezcano@free.fr>
Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-03-30 02:42:17 -07:00
Andrzej Zaborowski
7a635ea989 net/usb: Ethernet quirks for the LG-VL600 4G modem
This adds a driver for the CDC Ethernet part of this modem.  The
device's ID is blacklisted in cdc_ether.c and is white-listed in
this new driver because of the quirks needed to make it useful.
The modem's firmware exposes a CDC ACM port for modem control and a
CDC Ethernet port for network data.  The descriptors look fine but
both ports actually are some sort of multiplexers requiring non-
standard headers added/removed from every packet or they get
ignored.  All information is based on a usb traffic log from a
Windows machine.

On the Verizon 4G network I've seen speeds up to 1.1MB/s so far with
this driver, a speed-o-meter site reports 16.2Mbps/10.5Mbps.
Userspace scripts are required to talk to the CDC ACM port.

Signed-off-by: Andrzej Zaborowski <balrogg@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-03-30 02:35:08 -07:00
Marc Kleine-Budde
d005a09edf phylib: phy_attach_direct: phy_init_hw can fail, add cleanup
The function phy_attach_direct attaches the phy and calls phy_init_hw.
phy_init_hw can fail, but the phy is still marked as attached. Successive
calls to phy_attach_direct will fail because the phy is busy.

[    1.020000] eth0: Freescale FEC PHY driver [Generic PHY] (mii_bus:phy_addr=1:00, irq=-1)
[    1.030000] eth1: Freescale FEC PHY driver [Generic PHY] (mii_bus:phy_addr=1:01, irq=-1)
[    2.050000] Sending DHCP requests .
[    3.020000] PHY: 1:00 - Link is Up - 100/Full
[    5.110000] ..... timed out!
[   87.660000] IP-Config: Reopening network devices...
[   88.190000] FEC: MDIO read timeout
[   88.190000] eth0: could not attach to PHY
[   88.190000] IP-Config: Failed to open eth0
[   88.210000] FEC: MDIO read timeout
[   88.210000] eth1: could not attach to PHY
[   88.210000] IP-Config: Failed to open eth1
[   88.220000] IP-Config: No network devices available.
[   88.220000] Freeing init memory: 6968K

[...]

starting network interfaces...
ip: RTNETLINK answers: File exists
[   94.000000] net eth0: PHY already attached
[   94.010000] eth0: could not attach to PHY
ip: SIOCSIFFLAGS: Device or resource busy

This patch adds phy_detach to clean up if phy_init_hw fails.

Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-03-30 02:31:36 -07:00
Linus Lüssing
ff9a57a62a bridge: mcast snooping, fix length check of snooped MLDv1/2
"len = ntohs(ip6h->payload_len)" does not include the length of the ipv6
header itself, which the rest of this function assumes, though.

This leads to a length check less restrictive as it should be in the
following line for one thing. For another, it very likely leads to an
integer underrun when substracting the offset and therefore to a very
high new value of 'len' due to its unsignedness. This will ultimately
lead to the pskb_trim_rcsum() practically never being called, even in
the cases where it should.

Signed-off-by: Linus Lüssing <linus.luessing@web.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-03-30 02:28:20 -07:00
Ben Hutchings
fd1d9188f2 via-ircc: Pass PCI device pointer to dma_{alloc, free}_coherent()
via-ircc has been passing a NULL pointer to DMA allocation functions,
which is completely invalid and results in a BUG on PowerPC.  Now
that we always have the device pointer available, pass it in.

Reference: http://bugs.debian.org/619450
Reported-by: Andrew Buckeridge <andrewb@bgc.com.au>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Tested-by: Andrew Buckeridge <andrewb@bgc.com.au> [against 2.6.32]
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-03-30 00:12:33 -07:00
Ben Hutchings
abc45592bc via-ircc: Use pci_{get, set}_drvdata() instead of static pointer variable
via-ircc still maintains its own array of device pointers in Linux 2.4
style.  Worse, it always uses index 0, so it will crash if there are
multiple suitable devices in the system.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-03-30 00:12:32 -07:00
Timo Teräs
93ca3bb5df net: gre: provide multicast mappings for ipv4 and ipv6
My commit 6d55cb91a0 (gre: fix hard header destination
address checking) broke multicast.

The reason is that ip_gre used to get ipgre_header() calls with
zero destination if we have NOARP or multicast destination. Instead
the actual target was decided at ipgre_tunnel_xmit() time based on
per-protocol dissection.

Instead of allowing the "abuse" of ->header() calls with invalid
destination, this creates multicast mappings for ip_gre. This also
fixes "ip neigh show nud noarp" to display the proper multicast
mappings used by the gre device.

Reported-by: Doug Kehn <rdkehn@yahoo.com>
Signed-off-by: Timo Teräs <timo.teras@iki.fi>
Acked-by: Doug Kehn <rdkehn@yahoo.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-03-30 00:10:47 -07:00
Balaji G
1459a3cc51 bridge: Fix compilation warning in function br_stp_recalculate_bridge_id()
net/bridge/br_stp_if.c: In function ‘br_stp_recalculate_bridge_id’:
net/bridge/br_stp_if.c:216:3: warning: ‘return’ with no value, in function returning non-void

Signed-off-by: G.Balaji <balajig81@gmail.com>
Acked-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-03-29 23:37:23 -07:00
David S. Miller
eec009548e net: Fix warnings caused by MAX_SKB_FRAGS change.
After commit a715dea3c8 ("net: Always
allocate at least 16 skb frags regardless of page size"), the value
of MAX_SKB_FRAGS can now take on either an "unsigned long" or an
"int" value.

This causes warnings like:

net/packet/af_packet.c: In function ‘tpacket_fill_skb’:
net/packet/af_packet.c:948: warning: format ‘%lu’ expects type ‘long unsigned int’, but argument 2 has type ‘int’

Fix by forcing the constant to be unsigned long, otherwise we have
a situation where the type of a system wide constant is variable.

Signed-off-by: David S. Miller <davem@davemloft.net>
2011-03-29 23:34:08 -07:00
Johannes Berg
ffd8c746fb iwlegacy: fix bugs in change_interface
If change_interface gets invoked during a firmware
restart, it may crash; prevent that from happening
by checking if ctx->vif is assigned.

Additionally, in my initial commit I forgot to set
the vif->p2p variable correctly, so fix that too.

Cc: stable@kernel.org [2.6.38+]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-03-29 15:45:14 -04:00
Christian Lamparter
24047e2c4f carl9170: Fix tx aggregation problems with some clients
Some clients seem to rely upon the reception of BlockAckReqs to flush
their rx reorder buffer. In order to fix aggregation for these clients
carl9170 should set IEEE80211_TX_STAT_AMPDU_NO_BACK to generate a
BlockAckReq if the transmission of an AMPDU subframe fails.

This fixes aggregation problems with Intel 5100 Windows STAs (and maybe
others as well).

Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-03-29 15:45:14 -04:00
Stanislaw Gruszka
0263aa4529 iwl3945: disable hw scan by default
After new NetworkManager 0.8.996 changes, hardware scanning is causing
microcode errors as reported here:
https://bugzilla.redhat.com/show_bug.cgi?id=683571
and sometimes kernel crashes:
https://bugzilla.redhat.com/show_bug.cgi?id=688252

Also with hw scan there are very bad performance on some systems
as reported here:
https://bugzilla.redhat.com/show_bug.cgi?id=671366

Since Intel no longer supports 3945, there is no chance to get proper
firmware fixes, we need workaround problems by disable hardware scanning
by default.

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-03-29 15:45:14 -04:00
Xose Vazquez Perez
8d4ca61a10 wireless: rt2x00: rt2800usb.c add and identify ids
taken from staging/rt2860
0x0411,0x016f de37cd49b5 MelCo(Buffalo) WLI-UC-G301N
0x050d,0x825b 12840c63b0 Belkin F5D8055
0x050d,0x935a 705059a670 Belkin F6D4050 v1
0x050d,0x935b 5d92fe3387 Belkin F6D4050 v2

identifed from ralink driverss
0x0930,0x0a07 RT35xx TOSHIBA 2010_1215_RT3572_Linux_STA_v2.5.0.0.DPO
0x1d4d,0x0011 3072 Pegatron 2011_0107_RT3070_RT3370_Linux_STA_v2.5.0.1_DPO

Signed-off-by: Xose Vazquez Perez <xose.vazquez@gmail.com>
Acked-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-03-29 15:45:14 -04:00
Stanislaw Gruszka
3bda50e3ea iwl3945: do not deprecate software scan
Software scanning can be used for workaround some performance problems,
so do not deprecate it.

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Acked-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-03-29 15:45:14 -04:00
Linus Torvalds
0ce790e7d7 Linux 2.6.39-rc1 2011-03-29 12:09:47 -07:00
Linus Torvalds
6b2a4f7a5b Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/cjb/mmc
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/cjb/mmc: (26 commits)
  mmc: SDHI should depend on SUPERH || ARCH_SHMOBILE
  mmc: tmio_mmc: Move some defines into a shared header
  mmc: tmio: support aggressive clock gating
  mmc: tmio: fix power-mode interpretation
  mmc: tmio: remove work-around for unmasked SDIO interrupts
  sh: fix SDHI IO address-range
  ARM: mach-shmobile: fix SDHI IO address-range
  mmc: tmio: only access registers above 0xff, if available
  mfd: remove now redundant sh_mobile_sdhi.h header
  sh: convert boards to use linux/mmc/sh_mobile_sdhi.h
  ARM: mach-shmobile: convert boards to use linux/mmc/sh_mobile_sdhi.h
  mmc: tmio: convert the SDHI MMC driver from MFD to a platform driver
  sh: ecovec: use the CONFIG_MMC_TMIO symbols instead of MFD
  mmc: tmio: split core functionality, DMA and MFD glue
  mmc: tmio: use PIO for short transfers
  mmc: tmio-mmc: Improve DMA stability on sh-mobile
  mmc: fix mmc_app_send_scr() for dma transfer
  mmc: sdhci-esdhc: enable esdhc on imx53
  mmc: sdhci-esdhc: use writel/readl as general APIs
  mmc: sdhci: add the abort CMDTYPE bits definition
  ...
2011-03-29 12:09:30 -07:00
Linus Torvalds
eefbab5995 Merge branch 'frv' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-2.6-frv
* 'frv' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-2.6-frv:
  FRV: Use generic show_interrupts()
  FRV: Convert genirq namespace
  frv: Select GENERIC_HARDIRQS_NO_DEPRECATED
  frv: Convert cpu irq_chip to new functions
  frv: Convert mb93493 irq_chip to new functions
  frv: Convert mb93093 irq_chip to new function
  frv: Convert mb93091 irq_chip to new functions
  frv: Fix typo from __do_IRQ overhaul
  frv: Remove stale irq_chip.end
  FRV: Do some cleanups
  FRV: Missing node arg in alloc_thread_info_node() macro
  NOMMU: implement access_remote_vm
  NOMMU: support SMP dynamic percpu_alloc
  NOMMU: percpu should use is_vmalloc_addr().
2011-03-29 11:43:30 -07:00
Linus Torvalds
90f1e7481e Merge branch 'stable/bug-fixes-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen
* 'stable/bug-fixes-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen:
  xen: Use new irq_move functions
  xen: Convert genirq namespace
  xen: fix p2m section mismatches
  xen/p2m: Allocate p2m tracking pages on override
  xen-gntdev: unlock on error path in gntdev_mmap()
  xen-gntdev: return -EFAULT on copy_to_user failure
2011-03-29 11:36:52 -07:00
Linus Torvalds
d6ae0c63f0 Merge git://git.kernel.org/pub/scm/linux/kernel/git/wim/linux-2.6-watchdog
* git://git.kernel.org/pub/scm/linux/kernel/git/wim/linux-2.6-watchdog:
  watchdog: softdog.c: enhancement to optionally invoke panic instead of reboot on timer expiry
  watchdog: fix nv_tco section mismatch
  watchdog: sp5100_tco.c: Check if firmware has set correct value in tcobase.
  watchdog: Convert release_resource to release_region/release_mem_region
  watchdog: s3c2410_wdt.c: Convert release_resource to release_region/release_mem_region
2011-03-29 11:20:09 -07:00
Linus Torvalds
8c82840e54 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/bp/bp
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/bp/bp:
  amd64_edac: Fix potential memleak
2011-03-29 11:11:18 -07:00
Linus Torvalds
c86defc82c Merge branch 'irq-final-for-linus-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip
* 'irq-final-for-linus-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip: (111 commits)
  gpio: ab8500: Mark broken
  genirq: Remove move_*irq leftovers
  genirq: Remove compat code
  drivers: Final irq namespace conversion
  mn10300: Use generic show_interrupts()
  mn10300: Cleanup irq_desc access
  mn10300: Convert genirq namespace
  frv: Use generic show_interrupts()
  frv: Convert genirq namespace
  frv: Select GENERIC_HARDIRQS_NO_DEPRECATED
  frv: Convert cpu irq_chip to new functions
  frv: Convert mb93493 irq_chip to new functions
  frv: Convert mb93093 irq_chip to new function
  frv: Convert mb93091 irq_chip to new functions
  frv: Fix typo from __do_IRQ overhaul
  frv: Remove stale irq_chip.end
  m68k: Convert irq function namespace
  xen: Use new irq_move functions
  xen: Cleanup genirq namespace
  unicore32: Use generic show_interrupts()
  ...
2011-03-29 10:46:15 -07:00
Peter Huewe
1309d7afbe char/tpm: Fix unitialized usage of data buffer
This patch fixes information leakage to the userspace by initializing
the data buffer to zero.

Reported-by: Peter Huewe <huewe.external@infineon.com>
Signed-off-by: Peter Huewe <huewe.external@infineon.com>
Signed-off-by: Marcel Selhorst <m.selhorst@sirrix.com>
[ Also removed the silly "* sizeof(u8)".  If that isn't 1, we have way
  deeper problems than a simple multiplication can fix.   - Linus ]
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2011-03-29 09:45:34 -07:00
Borislav Petkov
a9f0fbe2bb amd64_edac: Fix potential memleak
We check the pointers together but at least one of them could be invalid
due to failed allocation. Since we cannot continue if either of the two
allocations has failed, exit early by freeing them both.

Cc: <stable@kernel.org> # 38.x
Reported-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Signed-off-by: Borislav Petkov <borislav.petkov@amd.com>
2011-03-29 18:19:06 +02:00