- 28 Mar, 2011 1 commit
-
-
Felix Fietkau authored
When a client connects in HT mode but does not provide any valid MCS rates, the function that finds the next sample rate gets stuck in an infinite loop. Fix this by falling back to legacy rates if no usable MCS rates are found. Signed-off-by: Felix Fietkau <nbd@openwrt.org> Cc: stable@kernel.org Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
- 24 Mar, 2011 7 commits
-
-
Thomas Gleixner authored
After we made debugobjects working again, we got the following: WARNING: at lib/debugobjects.c:262 debug_print_object+0x8e/0xb0() Hardware name: System Product Name ODEBUG: free active (active state 0) object type: timer_list hint: hci_cmd_timer+0x0/0x60 Pid: 2125, comm: dmsetup Tainted: G W 2.6.38-06707-gc62b3898 #110375 Call Trace: [<ffffffff8104700a>] warn_slowpath_common+0x7a/0xb0 [<ffffffff810470b6>] warn_slowpath_fmt+0x46/0x50 [<ffffffff812d3a5e>] debug_print_object+0x8e/0xb0 [<ffffffff81bd8810>] ? hci_cmd_timer+0x0/0x60 [<ffffffff812d4685>] debug_check_no_obj_freed+0x125/0x230 [<ffffffff810f1063>] ? check_object+0xb3/0x2b0 [<ffffffff810f3630>] kfree+0x150/0x190 [<ffffffff81be4d06>] ? bt_host_release+0x16/0x20 [<ffffffff81be4d06>] bt_host_release+0x16/0x20 [<ffffffff813a1907>] device_release+0x27/0xa0 [<ffffffff812c519c>] kobject_release+0x4c/0xa0 [<ffffffff812c5150>] ? kobject_release+0x0/0xa0 [<ffffffff812c61f6>] kref_put+0x36/0x70 [<ffffffff812c4d37>] kobject_put+0x27/0x60 [<ffffffff813a21f7>] put_device+0x17/0x20 [<ffffffff81bda4f9>] hci_free_dev+0x29/0x30 [<ffffffff81928be6>] vhci_release+0x36/0x70 [<ffffffff810fb366>] fput+0xd6/0x1f0 [<ffffffff810f8fe6>] filp_close+0x66/0x90 [<ffffffff810f90a9>] sys_close+0x99/0xf0 [<ffffffff81d4c96b>] system_call_fastpath+0x16/0x1b That timer was introduced with commit 6bd32326(Bluetooth: Use proper timer for hci command timout) Timer seems to be running when the thing is closed. Removing the timer unconditionally fixes the problem. And yes, it needs to be fixed before the HCI_UP check. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Tested-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
-
Andrei Emeltchenko authored
Sometimes L2CAP connection remains hanging. Make sure that L2CAP channel is deleted. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@nokia.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
-
Johan Hedberg authored
The code was correctly calling _unlock at the end of the function but there was no actual _lock call anywhere. Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
-
Vinicius Costa Gomes authored
Now that we have support for LE connections, before discarding a frame we must check if there's a LE connection over that transport. Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org> Acked-by: Ville Tervo <ville.tervo@nokia.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
-
Gustavo F. Padovan authored
We can't send new commands before a cmd_complete for the HCI_RESET command shows up. Reported-by: Mikko Vinni <mmvinni@yahoo.com> Reported-by: Justin P. Mattock <justinmattock@gmail.com> Reported-by: Ed Tomlinson <edt@aei.ca> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi> Tested-by: Justin P. Mattock <justinmattock@gmail.com> Tested-by: Mikko Vinni <mmvinni@yahoo.com> Tested-by: Ed Tomlinson <edt@aei.ca>
-
Suraj Sumangala authored
This patch lets 'l2cap_pinfo.unacked_frames' be incremented only the first time a frame is transmitted. Previously it was being incremented for retransmitted packets too resulting the value to cross the transmit window size. Signed-off-by: Suraj Sumangala <suraj@atheros.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
-
Marc-Antoine Perennou authored
Just adding the vendor details makes it work fine. Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
-
- 23 Mar, 2011 4 commits
-
-
Senthil Balasubramanian authored
commit 86271e46 introduced a regression that caused mac80211 queues in stopped state. ath_drain_all_txq is called in driver flush which would reset the stopped flag and the mac80211 queues were never started after that. iperf traffic is completely stalled due to this issue. Restart the mac80211 queues in driver flush only if the txqs were drained. Signed-off-by: Senthil Balasubramanian <senthilkumar@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Senthil Balasubramanian authored
With the recent tx status optimization in mac80211, we bail out as and and when invalid rate index is found. So the behavior of resetting rate idx to -1 and count to 0 has changed for the rate indexes that were not part of the driver's retry series. This has resulted in ath9k using incorrect rate table index which caused the system to panic. Ideally ath9k need to loop only for the indexes that were part of the retry series and so simply use hw->max_rates as the loop counter. Pasted the stack trace of the panic issue for reference. [ 754.093192] BUG: unable to handle kernel paging request at ffff88046a9025b0 [ 754.093256] IP: [<ffffffffa02eac49>] ath_tx_status+0x209/0x2f0 [ath9k] [ 754.094888] Call Trace: [ 754.094903] <IRQ> [ 754.094928] [<ffffffffa051f883>] ieee80211_tx_status+0x203/0x9e0 [mac80211] [ 754.094975] [<ffffffffa053e305>] ? __ieee80211_wake_queue+0x125/0x140 [mac80211] [ 754.095017] [<ffffffffa02e66c9>] ath_tx_complete_buf+0x1b9/0x370 [ath9k] [ 754.095054] [<ffffffffa02e6fcf>] ath_tx_complete_aggr+0x51f/0xb50 [ath9k] [ 754.095098] [<ffffffffa05382a3>] ? ieee80211_prepare_and_rx_handle+0x173/0xab0 [mac80211] [ 754.095148] [<ffffffff81350e62>] ? _raw_spin_unlock_irqrestore+0x32/0x40 [ 754.095186] [<ffffffffa02e9735>] ath_tx_tasklet+0x365/0x4b0 [ath9k] [ 754.095224] [<ffffffff8107a2a2>] ? clockevents_program_event+0x62/0xa0 [ 754.095261] [<ffffffffa02e2628>] ath9k_tasklet+0x168/0x1c0 [ath9k] [ 754.095298] [<ffffffff8105599b>] tasklet_action+0x6b/0xe0 [ 754.095331] [<ffffffff81056278>] __do_softirq+0x98/0x120 [ 754.095361] [<ffffffff8100cd5c>] call_softirq+0x1c/0x30 [ 754.095393] [<ffffffff8100efb5>] do_softirq+0x65/0xa0 [ 754.095423] [<ffffffff810563fd>] irq_exit+0x8d/0x90 [ 754.095453] [<ffffffff8100ebc1>] do_IRQ+0x61/0xe0 [ 754.095482] [<ffffffff81351413>] ret_from_intr+0x0/0x15 [ 754.095513] <EOI> [ 754.095531] [<ffffffff81014375>] ? native_sched_clock+0x15/0x70 [ 754.096475] [<ffffffffa02bcfa6>] ? acpi_idle_enter_bm+0x24d/0x285 [processor] [ 754.096475] [<ffffffffa02bcf9f>] ? acpi_idle_enter_bm+0x246/0x285 [processor] [ 754.096475] [<ffffffff8127fab2>] cpuidle_idle_call+0x82/0x100 [ 754.096475] [<ffffffff8100a236>] cpu_idle+0xa6/0xf0 [ 754.096475] [<ffffffff81339bc1>] rest_init+0x91/0xa0 [ 754.096475] [<ffffffff814efccd>] start_kernel+0x3fd/0x408 [ 754.096475] [<ffffffff814ef347>] x86_64_start_reservations+0x132/0x136 [ 754.096475] [<ffffffff814ef451>] x86_64_start_kernel+0x106/0x115 [ 754.096475] RIP [<ffffffffa02eac49>] ath_tx_status+0x209/0x2f0 [ath9k] Signed-off-by: Senthil Balasubramanian <senthilkumar@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
armadefuego@gmail.com authored
On hardware busy the scan request pointer should be cleared, as higher levels will release. This avoids a crash when that pointer is erroneously used later. Signed-off-by: Joseph J. Gunn <armadefuego@yahoo.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Johannes Berg authored
Clearly a mistake, since pointers won't suddenly change their value... Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
- 21 Mar, 2011 11 commits
-
-
Felix Fietkau authored
This field is used to determine the inactivity time. When in AP mode, hostapd uses it for kicking out inactive clients after a while. Without this patch, hostapd immediately deauthenticates a new client if it checks the inactivity time before the client sends its first data frame. Signed-off-by: Felix Fietkau <nbd@openwrt.org> Cc: stable@kernel.org Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Mohammed Shafi Shajakhan authored
Kernel panic occurs just after AR2427 establishes connection with AP. Unless aggregation is enabled we don't initialize the TID structure. Thus accesing the elements of the TID structure when aggregation is disabled, leads to NULL pointer dereferencing. [ 191.320358] Call Trace: [ 191.320364] [<fd250ea7>] ? ath9k_tx+0xa7/0x200 [ath9k] [ 191.320376] [<fd1ec7fc>] ? __ieee80211_tx+0x5c/0x1e0 [mac80211] [ 191.320386] [<fd1edd2b>] ? ieee80211_tx+0x7b/0x90 [mac80211] [ 191.320395] [<fd1edddd>] ? ieee80211_xmit+0x9d/0x1d0 [mac80211] [ 191.320401] [<c014218f>] ? wake_up_state+0xf/0x20 [ 191.320405] [<c015dbc8>] ? signal_wake_up+0x28/0x40 [ 191.320410] [<c012a578>] ? default_spin_lock_flags+0x8/0x10 [ 191.320420] [<fd1ee308>] ? ieee80211_subif_start_xmit+0x2e8/0x7c0 [mac80211] [ 191.320425] [<c058f905>] ? do_page_fault+0x295/0x3a0 [ 191.320431] [<c04c4a3d>] ? dev_hard_start_xmit+0x1ad/0x210 [ 191.320436] [<c04d96b5>] ? sch_direct_xmit+0x105/0x170 [ 191.320445] [<fd1f161a>] ? get_sta_flags+0x2a/0x40 [mac80211] [ 191.320449] [<c04c780f>] ? dev_queue_xmit+0x37f/0x4b0 [ 191.320452] [<c04d75b0>] ? eth_header+0x0/0xb0 [ 191.320456] [<c04cc479>] ? neigh_resolve_output+0xe9/0x310 [ 191.320461] [<c053d295>] ? ip6_output_finish+0xa5/0x110 [ 191.320464] [<c053e354>] ? ip6_output2+0x134/0x250 [ 191.320468] [<c053f7dd>] ? ip6_output+0x6d/0x100 [ 191.320471] [<c0559665>] ? mld_sendpack+0x395/0x3e0 [ 191.320475] [<c0557f81>] ? add_grhead+0x31/0xa0 [ 191.320478] [<c055a83c>] ? mld_send_cr+0x1bc/0x2b0 [ 191.320482] [<c01535d9>] ? irq_exit+0x39/0x70 [ 191.320485] [<c055a940>] ? mld_ifc_timer_expire+0x10/0x40 [ 191.320489] [<c015b92e>] ? run_timer_softirq+0x13e/0x2c0 [ 191.320493] [<c0103a30>] ? common_interrupt+0x30/0x40 [ 191.320498] [<c055a930>] ? mld_ifc_timer_expire+0x0/0x40 [ 191.320502] [<c0153358>] ? __do_softirq+0x98/0x1b0 [ 191.320506] [<c01534b5>] ? do_softirq+0x45/0x50 [ 191.320509] [<c0153605>] ? irq_exit+0x65/0x70 [ 191.320513] [<c05917dc>] ? smp_apic_timer_interrupt+0x5c/0x8b [ 191.320516] [<c0103df1>] ? apic_timer_interrupt+0x31/0x40 [ 191.320521] [<c016007b>] ? k_getrusage+0x12b/0x2f0 [ 191.320525] [<c039e384>] ? acpi_idle_enter_simple+0x117/0x148 [ 191.320529] [<c04a20da>] ? cpuidle_idle_call+0x7a/0x100 [ 191.320532] [<c01021d4>] ? cpu_idle+0x94/0xd0 [ 191.320536] [<c057ab88>] ? rest_init+0x58/0x60 [ 191.320541] [<c07a58ec>] ? start_kernel+0x351/0x357 [ 191.320544] [<c07a53c7>] ? unknown_bootoption+0x0/0x19e [ 191.320548] [<c07a50aa>] ? i386_start_kernel+0xaa/0xb1 [ 191.320550] Code: 03 66 3d 00 03 0f 84 7c 02 00 00 83 c3 18 0f b6 03 8b 4d e0 89 c3 83 e3 0f 6b c3 48 89 5d d8 8d 04 06 8d 50 0c 89 55 d0 8b 40 20 <8b> 00 3b 01 0f 85 8e 02 00 00 f6 47 20 40 0f 84 29 ff ff ff 8b [ 191.320634] EIP: [<fd2586d4>] ath_tx_start+0x474/0x770 [ath9k] SS:ESP 0068:c0761a90 [ 191.320642] CR2: 0000000000000000 [ 191.320647] ---[ end trace 9296ef23b9076ece ]--- [ 191.320650] Kernel panic - not syncing: Fatal exception in interrupt Cc: stable@kernel.org Signed-off-by: Mohammed Shafi Shajakhan <mshajakhan@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Randy Dunlap authored
Fix many of each of these warnings: Warning(include/net/cfg80211.h:519): No description found for parameter 'rxrate' Warning(include/net/mac80211.h:1163): bad line: Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com> Cc: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Ilia Mirkin authored
These were found using the following semantic match: // <smpl> @@expression E1; type T;@@ * memset(E1, ... * sizeof(T) * ..., ...); // </smpl> Also take this opportunity to remove the unnecessary void* casts. Signed-off-by: Ilia Mirkin <imirkin@alum.mit.edu> Tested-by: Larry Finger <Larry.Finger@lwfinger.net> Acked-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Peter Lemenkov authored
Add unknown Toshiba device, mentioned in rt3572sta sources, under CONFIG_RT2800USB_UNKNOWN Signed-off-by: Peter Lemenkov <lemenkov@gmail.com> Acked-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Peter Lemenkov authored
Add 2L Central Europe BV 8070 under CONFIG_RT2800USB_UNKNOWN Signed-off-by: Peter Lemenkov <lemenkov@gmail.com> Acked-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Peter Lemenkov authored
Add Planex Communications, Inc. RT8070 under CONFIG_RT2800USB_UNKNOWN Signed-off-by: Peter Lemenkov <lemenkov@gmail.com> Acked-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Peter Lemenkov authored
Add ID for Asus USB-N11 Wi-FI adapter. Tested by me. Signed-off-by: Peter Lemenkov <lemenkov@gmail.com> Acked-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Joe Gunn authored
Removing an entry from the scan_list should be performed while holding the lock. Signed-off-by: Joseph J. Gunn <armadefuego@yahoo.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Dan Carpenter authored
We should unlock here instead of returning -EINVAL directly. Signed-off-by: Dan Carpenter <error27@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Tõnu Samuel authored
Signed-off-by: Tõnu Samuel <tonu@jes.ee> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
- 20 Mar, 2011 7 commits
-
-
-
-
Vasiliy Kulikov authored
'buffer' string is copied from userspace. It is not checked whether it is zero terminated. This may lead to overflow inside of simple_strtoul(). Changli Gao suggested to copy not more than user supplied 'size' bytes. It was introduced before the git epoch. Files "ipt_CLUSTERIP/*" are root writable only by default, however, on some setups permissions might be relaxed to e.g. network admin user. Signed-off-by: Vasiliy Kulikov <segoon@openwall.com> Acked-by: Changli Gao <xiaosuo@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
-
Eric Dumazet authored
commit f3c5c1bf (make ip_tables reentrant) introduced a race in handling the stackptr restore, at the end of ipt_do_table() We should do it before the call to xt_info_rdunlock_bh(), or we allow cpu preemption and another cpu overwrites stackptr of original one. A second fix is to change the underflow test to check the origptr value instead of 0 to detect underflow, or else we allow a jump from different hooks. Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Cc: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
-
Jozsef Kadlecsik authored
The revision of the set type was not checked at the create command: if the userspace sent a valid set type but with not supported revision number, it'd create a loop. Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Patrick McHardy <kaber@trash.net>
-
Jozsef Kadlecsik authored
The hash:*port* types with IPv4 silently ignored when address ranges with non TCP/UDP were added/deleted from the set and used the first address from the range only. Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Patrick McHardy <kaber@trash.net>
-
David S. Miller authored
When the OF device driver bits were converted over to the platform device infrastructure in commit 74888760 ("dt/net: Eliminate users of of_platform_{,un}register_driver") we inadvertantly created probing problems in the OF case. The NIU driver creates a dummy platform device to represent the board that contains one or more child NIU devices. Unfortunately we use the same name, "niu", as the OF device driver itself uses. The result is that we try to probe the dummy "niu" parent device we create, and since it has a NULL ofdevice pointer etc. everything explodes: [783019.128243] niu: niu.c:v1.1 (Apr 22, 2010) [783019.128810] Unable to handle kernel NULL pointer dereference [783019.128949] tsk->{mm,active_mm}->context = 000000000000039e [783019.129078] tsk->{mm,active_mm}->pgd = fffff803afc5a000 [783019.129206] \|/ ____ \|/ [783019.129213] "@'/ .. \`@" [783019.129220] /_| \__/ |_\ [783019.129226] \__U_/ [783019.129378] modprobe(2004): Oops [#1] [783019.129423] TSTATE: 0000000011001602 TPC: 0000000010052ff8 TNPC: 000000000061bbb4 Y: 00000000 Not tainted [783019.129542] TPC: <niu_of_probe+0x3c/0x2dc [niu]> [783019.129624] g0: 8080000000000000 g1: 0000000000000000 g2: 0000000010056000 g3: 0000000000000002 [783019.129733] g4: fffff803fc1da0c0 g5: fffff800441e2000 g6: fffff803fba84000 g7: 0000000000000000 [783019.129842] o0: fffff803fe7df010 o1: 0000000010055700 o2: 0000000000000000 o3: fffff803fbacaca0 [783019.129951] o4: 0000000000000080 o5: 0000000000777908 sp: fffff803fba866e1 ret_pc: 0000000010052ff4 [783019.130083] RPC: <niu_of_probe+0x38/0x2dc [niu]> [783019.130165] l0: fffff803fe7df010 l1: fffff803fbacafc0 l2: fffff803fbacaca0 l3: ffffffffffffffed [783019.130273] l4: 0000000000000000 l5: 000000007fffffff l6: fffff803fba86f40 l7: 0000000000000001 [783019.130382] i0: fffff803fe7df000 i1: fffff803fc20aba0 i2: 0000000000000000 i3: 0000000000000001 [783019.130490] i4: 0000000000000000 i5: 0000000000000000 i6: fffff803fba867a1 i7: 000000000062038c [783019.130614] I7: <platform_drv_probe+0xc/0x20> Fix by simply renaming the parent device to "niu-board". Signed-off-by: David S. Miller <davem@davemloft.net>
-
- 19 Mar, 2011 3 commits
-
-
Eric Dumazet authored
commit 54405cde (r8169: support control of advertising.) introduced a bug in rtl8169_init_phy() Reported-by: Piotr Hosowicz <piotr@hosowicz.com> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Cc: Oliver Neukum <oliver@neukum.org> Cc: Francois Romieu <romieu@fr.zoreil.com> Tested-by: Anca Emanuel <anca.emanuel@gmail.com> Tested-by: Piotr Hosowicz <piotr@hosowicz.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Nicolas de Pesloüan authored
Signed-off-by: Nicolas de Pesloüan <nicolas.2p.debian@free.fr> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Dan Carpenter authored
The calculation is off-by-one. It should be "end - start + 1". This patch fixes it to use resource_size() instead. Oddly, the code already uses resource size correctly a couple lines earlier when it calls request_mem_region() for this memory. Signed-off-by: Dan Carpenter <error27@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
- 18 Mar, 2011 7 commits
-
-
Mike Frysinger authored
Now that we finally have __aligned_xx exported to userspace, convert the headers that get exported over to the proper type. Signed-off-by: Mike Frysinger <vapier@gentoo.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Herbert Xu authored
Whenever we enter the IP stack proper from bridge netfilter we need to ensure that the skb is in a form the IP stack expects it to be in. The entry point on NF_FORWARD did not meet the requirements of the IP stack, therefore leading to potential crashes/panics. This patch fixes the problem. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Acked-by: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Eric Dumazet authored
Commit c95b819a (gre: Use needed_headroom) made gre use needed_headroom instead of hard_header_len This uncover a bug in vlan code. We should make sure vlan devices take into account their real_dev->needed_headroom or we risk a crash in ipgre_header(), because we dont have enough room to push IP header in skb. Reported-by: Diddi Oscarsson <diddi@diddi.se> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Cc: Patrick McHardy <kaber@trash.net> Cc: Herbert Xu <herbert@gondor.apana.org.au> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Ben Hutchings authored
This structure was accidentally defined such that its layout can differ between 32-bit and 64-bit processes. Add compat structure definitions and an ioctl wrapper function. Signed-off-by: Ben Hutchings <bhutchings@solarflare.com> Acked-by: Alexander Duyck <alexander.h.duyck@intel.com> Cc: stable@kernel.org [2.6.30+] Signed-off-by: David S. Miller <davem@davemloft.net>
-
Roger Luethi authored
__ethtool_set_sg does not check if dev->ethtool_ops->set_sg is defined which can result in a NULL pointer dereference when ethtool is used to change SG settings for drivers without SG support. Signed-off-by: Roger Luethi <rl@hellgate.ch> Reviewed-by: Ben Hutchings <bhutchings@solarflare.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Vasiliy Kulikov authored
struct aunhdr has 4 padding bytes between 'pad' and 'handle' fields on x86_64. These bytes are not initialized in the variable 'ah' before sending 'ah' to the network. This leads to 4 bytes kernel stack infoleak. This bug was introduced before the git epoch. Signed-off-by: Vasiliy Kulikov <segoon@openwall.com> Acked-by: Phil Blundell <philb@gnu.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Alex Dubov authored
As specified by errata eTSEC49 of MPC8548 and errata eTSEC12 of MPC83xx, older revisions of gianfar controllers will be unable to calculate a TCP/UDP packet checksum for some alignments of the appropriate FCB. This patch checks for FCB alignment on such controllers and falls back to software checksumming if the alignment is known to be bad. Signed-off-by: Alex Dubov <oakad@yahoo.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-