- 27 Aug, 2008 6 commits
-
-
Jouni Malinen authored
The previous code was using IWEVCUSTOM to report IEs from AssocReq and AssocResp frames into user space. This can easily hit the 256 byte limit (IW_CUSTOM_MAX) with APs that include number of vendor IEs in AssocResp. This results in the event message not being sent and dmesg showing "wlan0 (WE) : Wireless Event too big (366)" type of errors. Convert mac80211 to use IWEVASSOCREQIE/IWEVASSOCRESPIE to avoid the issue of being unable to send association IEs as wireless events. These newer event types use binary encoding and larger maximum size (IW_GENERIC_IE_MAX = 1024), so the likelyhood of not being able to send the IEs is much smaller than with IWEVCUSTOM. As an extra benefit, the code is also quite a bit simpler since there is no need to allocate an extra buffer for hex encoding. Signed-off-by:
Jouni Malinen <jouni.malinen@atheros.com> Signed-off-by:
John W. Linville <linville@tuxdriver.com>
-
Felipe Balbi authored
Trivial patch adding a missing line break on rfkill_claim_show(). Signed-off-by:
Felipe Balbi <felipe.balbi@nokia.com> Acked-by:
Ivo van Doorn <IvDoorn@gmail.co> Signed-off-by:
-
Jiri Slaby authored
bintval is set to the initial value at .config_interface which is too late, since it overwrites previously set value from .config. Move the initialization to the .add_interface. Signed-off-by:
Jiri Slaby <jirislaby@gmail.com> Cc: Nick Kossifidis <mickflemm@gmail.com> Cc: Luis R. Rodriguez <mcgrof@gmail.com> Signed-off-by:
-
Jiri Slaby authored
Beacons setup and config was racy with beacon send. Ensure that ISR and reset functions see consistent state of bbuf. Use also dev_kfree_skb_any in ath5k_txbuf_free since we call it from atomic now. Signed-off-by:
-
Dan Williams authored
When the AP rejects a Shared Key authentication request, try Open System auth too. Signed-off-by:
Dan Williams <dcbw@redhat.com> Signed-off-by:
-
Dan Williams authored
Return errors from request_firmware() (like other drivers that do firmware load on device open) and make up plausible codes for other error conditions. Gives userspace tools like NetworkManager a clue that firmware may be missing when the result of setting IFF_UP is ENOENT. Signed-off-by:
-
- 25 Aug, 2008 12 commits
-
-
Eilon Greenstein authored
Version update Signed-off-by:
Eilon Greenstein <eilong@broadcom.com> Signed-off-by:
David S. Miller <davem@davemloft.net>
-
Yitchak Gertner authored
The multi queue support is still disabled by default for the bnx2x (needs some more testing and validation), but there are 2 obvious bug in it which are fixed in this patch Signed-off-by:
Yitchak Gertner <gertner@broadcom.com> Signed-off-by:
-
Yitchak Gertner authored
Fixing the order of enabling and disabling NAPI and the interrupts Signed-off-by:
-
Yitchak Gertner authored
Load failures were not handled correctly Signed-off-by:
-
Yitchak Gertner authored
The TPA initialization is part of the FW internal memory initialization and so it is moved to the appropriate function Signed-off-by:
-
Eilon Greenstein authored
Increasing the lock timeout to 5 seconds instead of 1 second to minimize the chance of failures due to timeout Signed-off-by:
-
Eilon Greenstein authored
After iSCSI boot, the HW lock should only protect the flag so only the first function will reset the chip and not then entire chip reset process Signed-off-by:
-
Eilon Greenstein authored
The A1021G board is also using the fan failure mechanism in the same way the A1022G board does Signed-off-by:
-
Eilon Greenstein authored
The has Rx work check was wrong: when the FW was at the end of the page, the driver was already at the beginning of the next page. Since the check only validated that both driver and FW are pointing to the same place, it concluded that there is still work to be done. This caused some serious issues including long latency results on ping-pong test and lockups while unloading the driver in that condition. Signed-off-by:
-
Al Viro authored
Braino: net.ipv6 in ipv6 skeleton has no business in rotable class Signed-off-by:
Al Viro <viro@zeniv.linux.org.uk> Signed-off-by:
-
Al Viro authored
net.ipv4.neigh should be a part of skeleton to avoid ordering problems Signed-off-by:
-
Vlad Yasevich authored
The structure used for SCTP_AUTH_KEY option contains a length that needs to be verfied to prevent buffer overflow conditions. Spoted by Eugene Teo <eteo@redhat.com>. Signed-off-by:
Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by:
-
- 23 Aug, 2008 2 commits
-
-
Stephen Hemminger authored
This fixes a problem spotted with zebra, but not sure if it is necessary a kernel problem. With IPV6 when an address is added to an interface, Zebra creates a duplicate RIB entry, one as a connected route, and other as a kernel route. When an address is added to an interface the RTN_NEWADDR message causes Zebra to create a connected route. In IPV4 when an address is added to an interface a RTN_NEWROUTE message is set to user space with the protocol RTPROT_KERNEL. Zebra ignores these messages, because it already has the connected route. The problem is that route created in IPV6 has route protocol == RTPROT_BOOT. Was this a design decision or a bug? This fixes it. Same patch applies to both net-2.6 and stable. Signed-off-by:
Stephen Hemminger <shemminger@vyatta.com> Signed-off-by:
-
Denis V. Lunev authored
Pass namespace into icmp_xmit_lock, obtain socket inside and return it as a result for caller. Thanks Alexey Dobryan for this report: Steps to reproduce: CONFIG_PREEMPT=y CONFIG_DEBUG_PREEMPT=y tracepath <something> BUG: using smp_processor_id() in preemptible [00000000] code: tracepath/3205 caller is icmp_sk+0x15/0x30 Pid: 3205, comm: tracepath Not tainted 2.6.27-rc4 #1 Call Trace: [<ffffffff8031af14>] debug_smp_processor_id+0xe4/0xf0 [<ffffffff80409405>] icmp_sk+0x15/0x30 [<ffffffff8040a17b>] icmp_send+0x4b/0x3f0 [<ffffffff8025a415>] ? trace_hardirqs_on_caller+0xd5/0x160 [<ffffffff8025a4ad>] ? trace_hardirqs_on+0xd/0x10 [<ffffffff8023a475>] ? local_bh_enable_ip+0x95/0x110 [<ffffffff804285b9>] ? _spin_unlock_bh+0x39/0x40 [<ffffffff8025a26c>] ? mark_held_locks+0x4c/0x90 [<ffffffff8025a4ad>] ? trace_hardirqs_on+0xd/0x10 [<ffffffff8025a415>] ? trace_hardirqs_on_caller+0xd5/0x160 [<ffffffff803e91b4>] ip_fragment+0x8d4/0x900 [<ffffffff803e7030>] ? ip_finish_output2+0x0/0x290 [<ffffffff803e91e0>] ? ip_finish_output+0x0/0x60 [<ffffffff803e6650>] ? dst_output+0x0/0x10 [<ffffffff803e922c>] ip_finish_output+0x4c/0x60 [<ffffffff803e92e3>] ip_output+0xa3/0xf0 [<ffffffff803e68d0>] ip_local_out+0x20/0x30 [<ffffffff803e753f>] ip_push_pending_frames+0x27f/0x400 [<ffffffff80406313>] udp_push_pending_frames+0x233/0x3d0 [<ffffffff804067d1>] udp_sendmsg+0x321/0x6f0 [<ffffffff8040d155>] inet_sendmsg+0x45/0x80 [<ffffffff803b967f>] sock_sendmsg+0xdf/0x110 [<ffffffff8024a100>] ? autoremove_wake_function+0x0/0x40 [<ffffffff80257ce5>] ? validate_chain+0x415/0x1010 [<ffffffff8027dc10>] ? __do_fault+0x140/0x450 [<ffffffff802597d0>] ? __lock_acquire+0x260/0x590 [<ffffffff803b9e55>] ? sockfd_lookup_light+0x45/0x80 [<ffffffff803ba50a>] sys_sendto+0xea/0x120 [<ffffffff80428e42>] ? _spin_unlock_irqrestore+0x42/0x80 [<ffffffff803134bc>] ? __up_read+0x4c/0xb0 [<ffffffff8024e0c6>] ? up_read+0x26/0x30 [<ffffffff8020b8bb>] system_call_fastpath+0x16/0x1b icmp6_sk() is similar. Signed-off-by:
Denis V. Lunev <den@openvz.org> Signed-off-by:
-
- 22 Aug, 2008 1 commit
-
-
Jarek Poplawski authored
Since some qdiscs call qdisc_tree_decrease_qlen() (so qdisc_lookup()) without rtnl_lock(), adding and deleting from a qdisc list needs additional locking. This patch adds global spinlock qdisc_list_lock and wrapper functions for modifying the list. It is considered as a temporary solution until hfsc_dequeue(), netem_dequeue() and tbf_dequeue() (or qdisc_tree_decrease_qlen()) are redone. With feedback from Herbert Xu and David S. Miller. Signed-off-by:
Jarek Poplawski <jarkao2@gmail.com> Acked-by:
Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by:
-
- 21 Aug, 2008 3 commits
-
-
Jarek Poplawski authored
dev_deactivate() can skip rescheduling of a qdisc by qdisc_watchdog() or other timer calling netif_schedule() after dev_queue_deactivate(). We prevent this checking aliveness before scheduling the timer. Since during deactivation the root qdisc is available only as qdisc_sleeping additional accessor qdisc_root_sleeping() is created. With feedback from Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by:
-
Vlad Yasevich authored
All of the SCTP-AUTH socket options could cause a panic if the extension is disabled and the API is envoked. Additionally, there were some additional assumptions that certain pointers would always be valid which may not always be the case. This patch hardens the API and address all of the crash scenarios. Signed-off-by:
-
Linus Torvalds authored
-
- 20 Aug, 2008 16 commits
-
-
Al Viro authored
After commit a97c9bf3 (fix cramfs making duplicate entries in inode cache) in kernel 2.6.14, named-pipe on cramfs does not work properly. It seems the commit make all named-pipe on cramfs share their inode (and named-pipe buffer). Make ..._test() refuse to merge inodes with ->i_ino == 1, take inode setup back to get_cramfs_inode() and make ->drop_inode() evict ones with ->i_ino == 1 immediately. Reported-by:
Atsushi Nemoto <anemo@mba.ocn.ne.jp> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: <stable@kernel.org> [2.6.14 and later] Signed-off-by:
Andrew Morton <akpm@linux-foundation.org> Signed-off-by:
Linus Torvalds <torvalds@linux-foundation.org>
-
Ian Campbell authored
Fixes kernel BUG at lib/radix-tree.c:473. Previously the handler was incidentally provided by tmpfs but this was removed with: commit 14fcc23f Author: Hugh Dickins <hugh@veritas.com> Date: Mon Jul 28 15:46:19 2008 -0700 tmpfs: fix kernel BUG in shmem_delete_inode relying on this behaviour was incorrect in any case and the BUG also appeared when the device node was on an ext3 filesystem. v2: override a_ops at open() time rather than mmap() time to minimise races per AKPM's concerns. Signed-off-by:
Ian Campbell <ijc@hellion.org.uk> Cc: Jaya Kumar <jayakumar.lkml@gmail.com> Cc: Nick Piggin <npiggin@suse.de> Cc: Peter Zijlstra <a.p.zijlstra@chello.nl> Cc: Hugh Dickins <hugh@veritas.com> Cc: Johannes Weiner <hannes@saeurebad.de> Cc: Jeremy Fitzhardinge <jeremy@goop.org> Cc: Kel Modderman <kel@otaku42.de> Cc: Markus Armbruster <armbru@redhat.com> Cc: Krzysztof Helt <krzysztof.h1@poczta.fm> Cc: <stable@kernel.org> [14fcc23f is in 2.6.25.14 and 2.6.26.1] Signed-off-by:
-
Anton Vorontsov authored
On a PowerPC board with ds1374 RTC I'm getting this error while RTC tries to probe: rtc-ds1374 0-0068: unable to request IRQ This happens because I2C probing code (drivers/of/of_i2c.c) is specifying IRQ0 for 'no irq' case, which is correct. The driver handles this incorrectly, though. This patch fixes it. Signed-off-by:
Anton Vorontsov <avorontsov@ru.mvista.com> Cc: David Brownell <david-b@pacbell.net> Cc: Alessandro Zummo <a.zummo@towertech.it> Acked-by:
Peter Korsgaard <jacmet@sunsite.dk> Signed-off-by:
-
Nick Piggin authored
XIP can call into get_xip_mem concurrently with the same file,offset with create=1. This usually maps down to get_block, which expects the page lock to prevent such a situation. This causes ext2 to explode for one reason or another. Serialise those calls for the moment. For common usages today, I suspect get_xip_mem rarely is called to create new blocks. In future as XIP technologies evolve we might need to look at which operations require scalability, and rework the locking to suit. Signed-off-by:
Nick Piggin <npiggin@suse.de> Cc: Jared Hulbert <jaredeh@gmail.com> Acked-by:
Carsten Otte <cotte@freenet.de> Cc: Hugh Dickins <hugh@veritas.com> Signed-off-by:
-
Nick Piggin authored
XIP has a race between sparse pages being inserted into page tables, and sparse pages being zapped when its time to put a non-sparse page in. What can happen is that a process can be left with a dangling sparse page in a MAP_SHARED mapping, while the rest of the world sees the non-sparse version. Ie. data corruption. Guard these operations with a seqlock, making fault-in-sparse-pages the slowpath, and try-to-unmap-sparse-pages the fastpath. Signed-off-by:
-
Nick Piggin authored
There is a race with dirty page accounting where a page may not properly be accounted for. clear_page_dirty_for_io() calls page_mkclean; then TestClearPageDirty. page_mkclean walks the rmaps for that page, and for each one it cleans and write protects the pte if it was dirty. It uses page_check_address to find the pte. That function has a shortcut to avoid the ptl if the pte is not present. Unfortunately, the pte can be switched to not-present then back to present by other code while holding the page table lock -- this should not be a signal for page_mkclean to ignore that pte, because it may be dirty. For example, powerpc64's set_pte_at will clear a previously present pte before setting it to the desired value. There may also be other code in core mm or in arch which do similar things. The consequence of the bug is loss of data integrity due to msync, and loss of dirty page accounting accuracy. XIP's __xip_unmap could easily also be unreliable (depending on the exact XIP locking scheme), which can lead to data corruption. Fix this by having an option to always take ptl to check the pte in page_check_address. It's possible to retain this optimization for page_referenced and try_to_unmap. Signed-off-by:
Peter Zijlstra <a.p.zijlstra@chello.nl> Signed-off-by:
-
Ken Chen authored
When user calls sys_setpriority(PRIO_PGRP ...) on a NPTL style multi-LWP process, only the task leader of the process is affected, all other sibling LWP threads didn't receive the setting. The problem was that the iterator used in sys_setpriority() only iteartes over one task for each process, ignoring all other sibling thread. Introduce a new macro do_each_pid_thread / while_each_pid_thread to walk each thread of a process. Convert 4 call sites in {set/get}priority and ioprio_{set/get}. Signed-off-by:Ken Chen <kenchen@google.com> Cc: Oleg Nesterov <oleg@tv-sign.ru> Cc: Roland McGrath <roland@redhat.com> Cc: Ingo Molnar <mingo@elte.hu> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Jens Axboe <jens.axboe@oracle.com> Signed-off-by:
-
Michael Hennerich authored
Video/Framebuffer: add fuctional power management support to Blackfin BF54x LQ043 framebuffer driver Fix bug: does nor properply resume after suspend mem Fix for PM_SUSPEND_MEM: Save and restore peripheral base and DMA registers Signed-off-by:
Michael Hennerich <michael.hennerich@analog.com> Signed-off-by:
Bryan Wu <cooloney@kernel.org> Acked-by:
Krzysztof Helt <krzysztof.h1@wp.pl> Signed-off-by:
-
Johannes Weiner authored
Absolute alignment requirements may never be applied to node-relative offsets. Andreas Herrmann spotted this flaw when a bootmem allocation on an unaligned node was itself not aligned because the combination of an unaligned node with an aligned offset into that node is not garuanteed to be aligned itself. This patch introduces two helper functions that align a node-relative index or offset with respect to the node's starting address so that the absolute PFN or virtual address that results from combining the two satisfies the requested alignment. Then all the broken ALIGN()s in alloc_bootmem_core() are replaced by these helpers. Signed-off-by:
Johannes Weiner <hannes@saeurebad.de> Reported-by:
Andreas Herrmann <andreas.herrmann3@amd.com> Debugged-by:
-
Andrew Morton authored
If check_legacy_ioport() returns true, we leak *info. Addresses http://bugzilla.kernel.org/show_bug.cgi?id=11362Reported-by:
Daniel Marjamki <danielm77@spray.se> Cc: Christian Krafft <krafft@de.ibm.com> Cc: Michael Ellerman <michael@ellerman.id.au> Cc: Corey Minyard <minyard@acm.org> Cc: Paul Mackerras <paulus@samba.org> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by:
-
Krzysztof Helt authored
Release cmap memory allocated in the probe function. Signed-off-by:
-
Atsushi Nemoto authored
With commit 5ad31a57 ("rtc: remove BKL for ioctl()"), RTC_UIE_ON ioctl cause double lock on rtc->ops_lock. The ops_lock must not be held while set_uie() calls rtc_read_time() which takes the lock. Also clear_uie() does not need ops_lock. This patch fixes return value of RTC_UIE_OFF ioctl too. Signed-off-by:
-
Pavel Emelyanov authored
In case the binfmt_misc binary handler is registered *before* the e.g. script one (when for example being compiled as a module) the following situation may occur: 1. user launches a script, whose interpreter is a misc binary; 2. the load_misc_binary sets the misc_bang and returns -ENOEVEC, since the binary is a script; 3. the load_script_binary loads one and calls for search_binary_hander to run the interpreter; 4. the load_misc_binary is called again, but refuses to load the binary due to misc_bang bit set. The fix is to move the misc_bang setting lower - prior to the actual call to the search_binary_handler. Caused by the commit 3a2e7f47 (binfmt_misc.c: avoid potential kernel stack overflow) Signed-off-by:
Pavel Emelyanov <xemul@openvz.org> Reported-by:
Kirill A. Shutemov <kirill@shutemov.name> Tested-by:
-
Akinobu Mita authored
The name of brd block device is "ramdisk", it's not "brd". (The block device is registered by register_blkdev(RAMDISK_MAJOR, "ramdisk") So it should be unregistered by unregister_blkdev(RAMDISK_MAJOR, "ramdisk") Signed-off-by:
Akinobu Mita <akinobu.mita@gmail.com> Acked-by:
-
Sven Wegener authored
We leak the memory allocated for the nbd_dev array at multiple places. Fix them by either adding a kfree() or by rearranging code to return before we allocate the memory. Signed-off-by:
Sven Wegener <sven.wegener@stealer.net> Cc: Paul Clements <paul.clements@steeleye.com> Signed-off-by:
-
Marcin Slusarz authored
mminit_loglevel is now used from mminit_verify_zonelist <- build_all_zonelists <- 1. online_pages <- memory_block_action <- memory_block_change_state <- store_mem_state (sys handler) 2. numa_zonelist_order_handler (proc handler) so it cannot be annotated __meminit - drop it fixes following section mismatch warning: WARNING: vmlinux.o(.text+0x71628): Section mismatch in reference from the function mminit_verify_zonelist() to the variable .meminit.data:mminit_loglevel The function mminit_verify_zonelist() references the variable __meminitdata mminit_loglevel. This is often because mminit_verify_zonelist lacks a __meminitdata annotation or the annotation of mminit_loglevel is wrong. Signed-off-by:
Marcin Slusarz <marcin.slusarz@gmail.com> Acked-by:
Mel Gorman <mel@csn.ul.ie> Signed-off-by:
-
