openwrt/staging/blogic.git
13 years agoBluetooth: Add variable SSP auto-accept delay support
Johan Hedberg [Thu, 28 Apr 2011 18:28:54 +0000 (11:28 -0700)]
Bluetooth: Add variable SSP auto-accept delay support

Some test systems require an arbitrary delay to the auto-accept test
cases for Secure Simple Pairing in order for the tests to pass.
Previously when this was handled in user space it was worked around by
code modifications and recompilation, but now that it's on the kernel
side it's more convenient if there's a debugfs interface for it.

Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoBluetooth: Add automated SSP user confirmation responses
Johan Hedberg [Thu, 28 Apr 2011 18:28:53 +0000 (11:28 -0700)]
Bluetooth: Add automated SSP user confirmation responses

This patch adds automated negative and positive (auto-accept) responses
for Secure Simple Pairing user confirmation requests. The responses are
only sent if the HCI_MGMT flag is set in order not to confuse older user
space versions (without management interface support).

Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoBluetooth: Add secure flag for mgmt_pin_code_req
Waldemar Rymarkiewicz [Thu, 28 Apr 2011 10:07:59 +0000 (12:07 +0200)]
Bluetooth: Add secure flag for mgmt_pin_code_req

Extend the mgmt_pin_code_request interface to require secure
pin code (16 digit) for authentication.

This is a kernel part of the secure pin code requirement notification
to user space agent.

Code styling fix by Johan Hedberg.

Signed-off-by: Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com>
Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoBluetooth: Respect local MITM req in io_cap reply
Waldemar Rymarkiewicz [Thu, 28 Apr 2011 10:07:58 +0000 (12:07 +0200)]
Bluetooth: Respect local MITM req in io_cap reply

If host requires MITM protection notify that to controller in
io capabilities reply even if the remote device requires no bonding.

If it is not respected, host can get an unauthenticated link key while
it expects authenticated one.

Signed-off-by: Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoBluetooth: Ignore key unauthenticated for high security
Waldemar Rymarkiewicz [Thu, 28 Apr 2011 10:07:56 +0000 (12:07 +0200)]
Bluetooth: Ignore key unauthenticated for high security

High security level for pre v2.1 devices requires combination link key
authenticated by at least 16 digit PIN code.

It's also necessary to update key_type and pin_length when the key
exists and is sufficently secured for the connection as there will be
no link key notify event in that case.

Signed-off-by: Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoBluetooth: Map sec_level to link key requirements
Waldemar Rymarkiewicz [Thu, 28 Apr 2011 10:07:55 +0000 (12:07 +0200)]
Bluetooth: Map sec_level to link key requirements

Keep the link key type together with connection and use it to
map security level to link key requirements. Authenticate and/or
encrypt connection if the link is insufficiently secure.

Signed-off-by: Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoBluetooth: Don't modify sec_level if auth failed
Waldemar Rymarkiewicz [Thu, 28 Apr 2011 10:07:54 +0000 (12:07 +0200)]
Bluetooth: Don't modify sec_level if auth failed

If authentication fails the security level should stay as it was set
before the process has started. Setting BT_SECURITY_LOW can hide real
security level on a link eg. having BT_SECURITY_MEDIUM on the link,
re-authenticate with failure to get BT_SECURITY_HIGH, as  a result we
get BT_SECURITY_LOW on the link while the real security is still medium.

Signed-off-by: Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoBluetooth: Add definitions for link key types
Waldemar Rymarkiewicz [Thu, 28 Apr 2011 10:07:53 +0000 (12:07 +0200)]
Bluetooth: Add definitions for link key types

Introduce the link key types defs and use them instead of magic numbers.

Signed-off-by: Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoBluetooth: Add discovering event to the Management interface
Johan Hedberg [Wed, 27 Apr 2011 14:29:57 +0000 (10:29 -0400)]
Bluetooth: Add discovering event to the Management interface

This patch adds a new event to the Management interface to track when
local adapters are discovering remote devices. For now this only tracks
BR/EDR discovery procedures.

Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com>
Signed-off-by: Anderson Briglia <anderson.briglia@openbossa.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoBluetooth: Add basic discovery commands to the management interface
Johan Hedberg [Wed, 27 Apr 2011 14:29:56 +0000 (10:29 -0400)]
Bluetooth: Add basic discovery commands to the management interface

This patch adds start_discovery and stop_discovery commands to the
management interface. Right now their implementation is fairly
simplistic and the parameters are fixed to what user space has
defaulted to so far.
This is the very initial phase for discovery implementation into
the kernel. Next steps include name resolution, LE scanning and
bdaddr type handling.

Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com>
Signed-off-by: Anderson Briglia <anderson.briglia@openbossa.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoBluetooth: Don't export l2cap_sock_ops
Gustavo F. Padovan [Wed, 27 Apr 2011 21:40:39 +0000 (18:40 -0300)]
Bluetooth: Don't export l2cap_sock_ops

l2cap_sk_ops can be static, it's not used outside l2cap_sock.c

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoBluetooth: Fix memory leak with L2CAP channels
Gustavo F. Padovan [Mon, 25 Apr 2011 18:10:41 +0000 (15:10 -0300)]
Bluetooth: Fix memory leak with L2CAP channels

A new l2cap_chan_free() is added to free the channels.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoBluetooth: Move conn to struct l2cap_chan
Gustavo F. Padovan [Wed, 13 Apr 2011 23:23:55 +0000 (20:23 -0300)]
Bluetooth: Move conn to struct l2cap_chan

There is no need to the socket deal directly with the channel, most of the
time it cares about the channel only.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoBluetooth: Move more vars to struct l2cap_chan
Gustavo F. Padovan [Wed, 13 Apr 2011 22:50:45 +0000 (19:50 -0300)]
Bluetooth: Move more vars to struct l2cap_chan

In this commit, psm, scid and dcid.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoBluetooth: Move more channel info to struct l2cap_chan
Gustavo F. Padovan [Wed, 13 Apr 2011 20:20:49 +0000 (17:20 -0300)]
Bluetooth: Move more channel info to struct l2cap_chan

In this commit, omtu, imtu, flush_to, mode and sport. It also remove the
pi var from l2cap_sock_sendmsg().

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoBluetooth: Move more vars to struct l2cap_chan
Gustavo F. Padovan [Wed, 13 Apr 2011 18:57:03 +0000 (15:57 -0300)]
Bluetooth: Move more vars to struct l2cap_chan

In this commit all ERTM and Streaming Mode specific vars.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoBluetooth: Move some more elements to struct l2cap_chan
Gustavo F. Padovan [Tue, 12 Apr 2011 21:31:57 +0000 (18:31 -0300)]
Bluetooth: Move some more elements to struct l2cap_chan

In this commit sec_level, force_reliable, role_switch and flushable.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoBluetooth: Rename l2cap_do_connect() to l2cap_chan_connect()
Gustavo F. Padovan [Tue, 12 Apr 2011 21:17:14 +0000 (18:17 -0300)]
Bluetooth: Rename l2cap_do_connect() to l2cap_chan_connect()

l2cap_chan_connect() is a much better name and reflects what this
functions is doing (or will do once socket dependence is removed from the
core).

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoBluetooth: Move conf_state to struct l2cap_chan
Gustavo F. Padovan [Tue, 12 Apr 2011 21:15:09 +0000 (18:15 -0300)]
Bluetooth: Move conf_state to struct l2cap_chan

First move of elements depending on user data.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoBluetooth: Refactor L2CAP channel allocation
Gustavo F. Padovan [Fri, 8 Apr 2011 18:40:02 +0000 (15:40 -0300)]
Bluetooth: Refactor L2CAP channel allocation

If the allocation happens at l2cap_sock_create() will be able to use the
struct l2cap_chan to store channel info that comes from the user via
setsockopt.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoMerge master.kernel.org:/pub/scm/linux/kernel/git/padovan/bluetooth-2.6
Gustavo F. Padovan [Thu, 21 Apr 2011 00:47:07 +0000 (21:47 -0300)]
Merge /linux/kernel/git/padovan/bluetooth-2.6

Conflicts:
net/bluetooth/l2cap_core.c
net/bluetooth/l2cap_sock.c
net/bluetooth/mgmt.c

13 years agoiwl4965: fix skb usage after free
Stanislaw Gruszka [Wed, 20 Apr 2011 14:01:46 +0000 (16:01 +0200)]
iwl4965: fix skb usage after free

Since

commit a120e912eb51e347f36c71b60a1d13af74d30e83
Author: Stanislaw Gruszka <sgruszka@redhat.com>
Date:   Fri Feb 19 15:47:33 2010 -0800

    iwlwifi: sanity check before counting number of tfds can be free

we use skb->data after calling ieee80211_tx_status_irqsafe(), which
could free skb instantly.

On current kernels I do not observe practical problems related with
bug, but on 2.6.35.y it cause random system hangs when stressing
wireless link, making bisection of other problems impossible.

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
13 years agoiwlwifi: fix skb usage after free
Stanislaw Gruszka [Wed, 20 Apr 2011 13:57:14 +0000 (15:57 +0200)]
iwlwifi: fix skb usage after free

Since

commit a120e912eb51e347f36c71b60a1d13af74d30e83
Author: Stanislaw Gruszka <sgruszka@redhat.com>
Date:   Fri Feb 19 15:47:33 2010 -0800

    iwlwifi: sanity check before counting number of tfds can be free

we use skb->data after calling ieee80211_tx_status_irqsafe(), which
could free skb instantly.

On current kernels I do not observe practical problems related with
bug, but on 2.6.35.y it cause random system hangs when stressing
wireless link.

Cc: stable@kernel.org # 2.6.32+
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Acked-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
13 years agomac80211: fix SMPS debugfs locking
Johannes Berg [Tue, 19 Apr 2011 18:44:04 +0000 (20:44 +0200)]
mac80211: fix SMPS debugfs locking

The locking with SMPS requests means that the
debugs file should lock the mgd mutex, not the
iflist mutex. Calls to __ieee80211_request_smps()
need to hold that mutex, so add an assertion.

This has always been wrong, but for some reason
never been noticed, probably because the locking
error only happens while unassociated.

Cc: stable@kernel.org [2.6.34+]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
13 years agoMerge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/padovan/blueto...
John W. Linville [Wed, 20 Apr 2011 19:56:44 +0000 (15:56 -0400)]
Merge branch 'master' of git://git./linux/kernel/git/padovan/bluetooth-2.6

13 years agoath9k: fix the return value of ath_stoprecv
Felix Fietkau [Thu, 14 Apr 2011 22:41:43 +0000 (00:41 +0200)]
ath9k: fix the return value of ath_stoprecv

The patch 'ath9k_hw: fix stopping rx DMA during resets' added code to detect
a condition where rx DMA was stopped, but the MAC failed to enter the idle
state. This condition requires a hardware reset, however the return value
of ath_stoprecv was 'true' in that case, which allowed it to skip the reset
when issuing a fast channel change.

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Reported-by: Paul Stewart <pstew@google.com>
Cc: stable@kernel.org
Signed-off-by: John W. Linville <linville@tuxdriver.com>
13 years agoBluetooth: Only keeping SAR bits when retransmitting one frame.
Ruiyi Zhang [Mon, 18 Apr 2011 03:04:30 +0000 (11:04 +0800)]
Bluetooth: Only keeping SAR bits when retransmitting one frame.

When retrasmitting one frame, only SAR bits in control field should
be kept.

Signed-off-by: Ruiyi Zhang <Ruiyi.zhang@atheros.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoBluetooth: fix shutdown on SCO sockets
Luiz Augusto von Dentz [Fri, 8 Apr 2011 14:10:41 +0000 (17:10 +0300)]
Bluetooth: fix shutdown on SCO sockets

shutdown should wait for SCO link to be properly disconnected before
detroying the socket, otherwise an application using the socket may
assume link is properly disconnected before it really happens which
can be a problem when e.g synchronizing profile switch.

Signed-off-by: Luiz Augusto von Dentz <luiz.dentz-von@nokia.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoBluetooth: Fix keeping the command timer running
Vinicius Costa Gomes [Mon, 11 Apr 2011 21:46:55 +0000 (18:46 -0300)]
Bluetooth: Fix keeping the command timer running

In the teardown path the reset command is sent to the controller,
this event causes the command timer to be reactivated.

So the timer is removed in two situations, when the adapter isn't
marked as UP and when we know that some command has been sent.

Reported-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoBluetooth: Fix refcount balance for hci connection
Ville Tervo [Thu, 7 Apr 2011 11:59:50 +0000 (14:59 +0300)]
Bluetooth: Fix refcount balance for hci connection

hci_io_capa_reply_evt() holds reference for hciconnection. It's useless since
hci_io_capa_request_evt()/hci_simple_pair_complete_evt() already protects the
connection. In addition it leaves connection open after failed SSP pairing.

Signed-off-by: Ville Tervo <ville.tervo@nokia.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoiwlwifi: fix frame injection for HT channels
Daniel Halperin [Wed, 6 Apr 2011 19:47:25 +0000 (12:47 -0700)]
iwlwifi: fix frame injection for HT channels

For some reason, sending QoS configuration causes transmission to stop
after a single frame on HT channels when not associated. Removing the
extra QoS configuration has no effect on station mode, and fixes
injection mode.

Signed-off-by: Daniel Halperin <dhalperi@cs.washington.edu>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
13 years agoBluetooth: Fix lockdep warning in L2CAP
Gustavo F. Padovan [Thu, 14 Apr 2011 20:57:26 +0000 (17:57 -0300)]
Bluetooth: Fix lockdep warning in L2CAP

Fix a regression from the L2CAP "rewrite" patches.
Purge the tx_q already happens on l2cap_chan_del() so we don't need it at
l2cap_disconnect_req().

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoBluetooth: Fix another locking unbalance
Gustavo F. Padovan [Thu, 14 Apr 2011 21:34:34 +0000 (18:34 -0300)]
Bluetooth: Fix another locking unbalance

l2cap_get_sock_by_scid was changed to not lock the socket anymore, but I
forgot to change all the users of this function.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoBluetooth: Don't lock sock inside l2cap_get_sock_by_scid()
Gustavo F. Padovan [Wed, 13 Apr 2011 22:01:22 +0000 (19:01 -0300)]
Bluetooth: Don't lock sock inside l2cap_get_sock_by_scid()

Fix an locking issue with the new l2cap_att_channel(). l2cap_att_channel()
was trying to lock a locked socket.

Reported-by: Anderson Lizardo <anderson.lizardo@openbossa.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoiwlegacy: fix tx_power initialization
Stanislaw Gruszka [Wed, 13 Apr 2011 08:56:51 +0000 (10:56 +0200)]
iwlegacy: fix tx_power initialization

priv->tx_power_next is not initialized to max supported power,
but instead default value is used, what cause errors like

[   58.597834] iwl3945 0000:03:00.0: Requested user TXPOWER 15 above upper limit 14.
[   58.597839] iwl3945 0000:03:00.0: Error setting Tx power (-22).

if maximum tx power read from the eeprom is smaller than default.
In consequence card is unable to initialize properly. Fix the problem
and cleanup tx power initialization.

Reported-and-tested-by: Robin Dong <hao.bigrat@gmail.com>
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
13 years agoBluetooth: btmrvl: support Marvell Bluetooth device SD8787
Kevin Gan [Sat, 9 Apr 2011 01:19:33 +0000 (18:19 -0700)]
Bluetooth: btmrvl: support Marvell Bluetooth device SD8787

The SD8787 firmware image is shared with mwifiex driver.
Whoever gets loaded first will be responsible for firmware
downloading.

Signed-off-by: Kevin Gan <ganhy@marvell.com>
Signed-off-by: Tristan Xu <xurf@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoBluetooth: Check return value of hci_recv_stream_fragment()
Gustavo F. Padovan [Thu, 7 Apr 2011 21:53:45 +0000 (18:53 -0300)]
Bluetooth: Check return value of hci_recv_stream_fragment()

It may return error and in this case we do add to the stats.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoBluetooth: hci_uart: check the return value of recv()
Jiejing Zhang [Thu, 7 Apr 2011 12:37:06 +0000 (20:37 +0800)]
Bluetooth: hci_uart: check the return value of recv()

Check the return value of hu->proto->recv() in hci_uart_tty_receive()
the recv() may return error, check it, not add this to statistics.

Signed-off-by: Jiejing Zhang <jiejing.zhang@freescale.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoBluetooth: Fix Out Of Band pairing when mgmt interface is disabled
Szymon Janc [Wed, 6 Apr 2011 11:01:59 +0000 (13:01 +0200)]
Bluetooth: Fix Out Of Band pairing when mgmt interface is disabled

Use kernel stored remote Out Of Band data only if management interface
is enabled. Otherwise HCI_OP_REMOTE_OOB_DATA_NEG_REPLY was sent to
controller even if remote Out Of Band data was present in bluetoothd.

Signed-off-by: Szymon Janc <szymon.janc@tieto.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoBluetooth: Add proper handling of received LE data
Gustavo F. Padovan [Thu, 7 Apr 2011 19:40:25 +0000 (16:40 -0300)]
Bluetooth: Add proper handling of received LE data

Despite it works, handling through l2cap_data_channel() is wrongs.
That function should handle only connection oriented data.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoBluetooth: Clean up ath3k_load_firmware()
Gustavo F. Padovan [Wed, 6 Apr 2011 01:29:31 +0000 (22:29 -0300)]
Bluetooth: Clean up ath3k_load_firmware()

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoBluetooth: Fix wrong comparison in listen()
Gustavo F. Padovan [Tue, 5 Apr 2011 18:24:40 +0000 (15:24 -0300)]
Bluetooth: Fix wrong comparison in listen()

We should check for the pi->scid there.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoBluetooth: Move tx queue to struct l2cap_chan
Gustavo F. Padovan [Mon, 4 Apr 2011 19:16:44 +0000 (16:16 -0300)]
Bluetooth: Move tx queue to struct l2cap_chan

tx_q is the queue used by ERTM mode.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoBluetooth: Remove unneeded uninitialized_vars()
Gustavo F. Padovan [Mon, 4 Apr 2011 19:00:55 +0000 (16:00 -0300)]
Bluetooth: Remove unneeded uninitialized_vars()

That was unnecessary use of it.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoBluetooth: Remove some sk references from l2cap_core.c
Gustavo F. Padovan [Mon, 4 Apr 2011 18:59:54 +0000 (15:59 -0300)]
Bluetooth: Remove some sk references from l2cap_core.c

Change some BT_DBG messages and consequently remove some struct sock
declarations.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoBluetooth: Move SREJ list to struct l2cap_chan
Gustavo F. Padovan [Mon, 4 Apr 2011 18:40:12 +0000 (15:40 -0300)]
Bluetooth: Move SREJ list to struct l2cap_chan

As part of moving all the Channel related operation to struct l2cap_chan.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoath9k_htc: Fix ethtool reporting
Sujith Manoharan [Mon, 11 Apr 2011 17:26:55 +0000 (22:56 +0530)]
ath9k_htc: Fix ethtool reporting

Pass the correct module name and device interface so that
ethtool can display the proper values.

The firmware version will be fixed later on when the FW
can actually report a version. :)

Reported-by: Richard Farina <sidhayn@gmail.com>
Signed-off-by: Sujith Manoharan <Sujith.Manoharan@atheros.com>
Tested-by: Richard Farina <sidhayn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
13 years agoath9k_hw: fix stopping rx DMA during resets
Felix Fietkau [Fri, 8 Apr 2011 18:13:18 +0000 (20:13 +0200)]
ath9k_hw: fix stopping rx DMA during resets

During PHY errors, the MAC can sometimes fail to enter an idle state on older
hardware (before AR9380) after an rx stop has been requested.

This typically shows up in the kernel log with messages like these:

ath: Could not stop RX, we could be confusing the DMA engine when we start RX up
------------[ cut here ]------------
WARNING: at drivers/net/wireless/ath/ath9k/recv.c:504 ath_stoprecv+0xcc/0xf0 [ath9k]()
Call Trace:
[<8023f0e8>] dump_stack+0x8/0x34
[<80075050>] warn_slowpath_common+0x78/0xa4
[<80075094>] warn_slowpath_null+0x18/0x24
[<80d66d60>] ath_stoprecv+0xcc/0xf0 [ath9k]
[<80d642cc>] ath_set_channel+0xbc/0x270 [ath9k]
[<80d65254>] ath_radio_disable+0x4a4/0x7fc [ath9k]

When this happens, the state that the MAC enters is easy to identify and
does not result in bogus DMA traffic, however to ensure a working state
after a channel change, the hardware should still be reset.

This patch adds detection for this specific MAC state, after which the above
warnings completely disappear in my tests.

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Cc: stable@kernel.org
Cc: Kyungwan Nam <Kyungwan.Nam@Atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
13 years agoiwlegacy: make iwl3945 and iwl4965 select IWLWIFI_LEGACY
John W. Linville [Mon, 11 Apr 2011 17:02:06 +0000 (13:02 -0400)]
iwlegacy: make iwl3945 and iwl4965 select IWLWIFI_LEGACY

Otherwise, IWLWIFI_LEGACY has to be selected independently before the
drivers are made available.

Reported-by: Dave Airlie <airlied@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Cc: Stanislaw Gruszka <sgruszka@redhat.com>
Cc: Wey-Yi Guy <wey-yi.w.guy@intel.com>
13 years agop54: Initialize extra_len in p54_tx_80211
Jason Conti [Thu, 7 Apr 2011 19:09:57 +0000 (21:09 +0200)]
p54: Initialize extra_len in p54_tx_80211

This patch fixes a very serious off-by-one bug in
the driver, which could leave the device in an
unresponsive state.

The problem was that the extra_len variable [used to
reserve extra scratch buffer space for the firmware]
was left uninitialized. Because p54_assign_address
later needs the value to reserve additional space,
the resulting frame could be to big for the small
device's memory window and everything would
immediately come to a grinding halt.

Reference: https://bugs.launchpad.net/bugs/722185

Cc: <stable@kernel.org>
Acked-by: Christian Lamparter <chunkeey@googlemail.com>
Signed-off-by: Jason Conti <jason.conti@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
13 years agoath9k: fix missing ath9k_ps_wakeup/ath9k_ps_restore calls
Felix Fietkau [Thu, 7 Apr 2011 17:07:17 +0000 (19:07 +0200)]
ath9k: fix missing ath9k_ps_wakeup/ath9k_ps_restore calls

These missing chip wakeups mainly cause crashes on AR5416 cards in MIPS
boards, but have also been reported to cause radio stability issues on
AR9285.

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Cc: stable@kernel.org
Signed-off-by: John W. Linville <linville@tuxdriver.com>
13 years agoBluetooth: Fix lockdep warning with skb list lock
Gustavo F. Padovan [Fri, 1 Apr 2011 18:13:36 +0000 (15:13 -0300)]
Bluetooth: Fix lockdep warning with skb list lock

This is a regression acctually, caused by the first patch series for
creating a formal strcut l2cap_chan.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoBluetooth: Move busy workqueue to struct l2cap_chan
Gustavo F. Padovan [Fri, 25 Mar 2011 23:41:00 +0000 (20:41 -0300)]
Bluetooth: Move busy workqueue to struct l2cap_chan

As part of the moving channel stuff to l2cap_chan.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoBluetooth: Move srej and busy queues to struct l2cap_chan
Gustavo F. Padovan [Fri, 25 Mar 2011 23:36:10 +0000 (20:36 -0300)]
Bluetooth: Move srej and busy queues to struct l2cap_chan

As part of the moving channel stuff to l2cap_chan.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoBluetooth: Move ERTM timers to struct l2cap_chan
Gustavo F. Padovan [Fri, 1 Apr 2011 03:53:45 +0000 (00:53 -0300)]
Bluetooth: Move ERTM timers to struct l2cap_chan

This also triggered a change in l2cap_send_disconn_req() parameters.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoBluetooth: Move remote info to struct l2cap_chan
Gustavo F. Padovan [Fri, 25 Mar 2011 23:15:28 +0000 (20:15 -0300)]
Bluetooth: Move remote info to struct l2cap_chan

As part of the moving channel stuff to l2cap_chan.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoBluetooth: Move SDU related vars to struct l2cap_chan
Gustavo F. Padovan [Fri, 25 Mar 2011 23:09:37 +0000 (20:09 -0300)]
Bluetooth: Move SDU related vars to struct l2cap_chan

As part of the moving channel stuff to l2cap_chan.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoBluetooth: Move more ERTM stuff to struct l2cap_chan
Gustavo F. Padovan [Fri, 1 Apr 2011 03:38:50 +0000 (00:38 -0300)]
Bluetooth: Move more ERTM stuff to struct l2cap_chan

As part of the moving channel stuff to l2cap_chan.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoBluetooth: Move of ERTM *_seq vars to struct l2cap_chan
Gustavo F. Padovan [Fri, 25 Mar 2011 22:58:34 +0000 (19:58 -0300)]
Bluetooth: Move of ERTM *_seq vars to struct l2cap_chan

As part of the moving channel to stuff to struct l2cap_chan.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoBluetooth: Move conn_state to struct l2cap_chan
Gustavo F. Padovan [Fri, 25 Mar 2011 22:43:39 +0000 (19:43 -0300)]
Bluetooth: Move conn_state to struct l2cap_chan

This is part of "moving things to l2cap_chan". As one the first move it
triggered a big number of changes in the funcions parameters, basically
changing the struct sock param to struct l2cap_chan.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoBluetooth: clean up l2cap_sock_recvmsg()
Gustavo F. Padovan [Fri, 25 Mar 2011 17:30:37 +0000 (14:30 -0300)]
Bluetooth: clean up l2cap_sock_recvmsg()

Move some channel specific stuff to l2cap_core.c, this will make things
more clear.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoBluetooth: Move conf_{req,rsp} stuff to struct l2cap_chan
Gustavo F. Padovan [Fri, 25 Mar 2011 17:16:54 +0000 (14:16 -0300)]
Bluetooth: Move conf_{req,rsp} stuff to struct l2cap_chan

They are also l2cap_chan specific.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoBluetooth: Move ident to struct l2cap_chan
Gustavo F. Padovan [Fri, 25 Mar 2011 16:59:37 +0000 (13:59 -0300)]
Bluetooth: Move ident to struct l2cap_chan

ident is chan property, no need to reside on socket.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoBluetooth: Remove struct del_list
Gustavo F. Padovan [Fri, 1 Apr 2011 03:35:21 +0000 (00:35 -0300)]
Bluetooth: Remove struct del_list

As we use struct list_head to keep L2CAP channels list the workaround with
del_list is not needed anymore.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoBluetooth: Use struct list_head for L2CAP channels list
Gustavo F. Padovan [Thu, 31 Mar 2011 19:17:41 +0000 (16:17 -0300)]
Bluetooth: Use struct list_head for L2CAP channels list

Use a well known Kernel API is always a good idea than implement your own
list.
In the future we might use RCU on this list.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoBluetooth: Create struct l2cap_chan
Gustavo F. Padovan [Fri, 25 Mar 2011 03:22:30 +0000 (00:22 -0300)]
Bluetooth: Create struct l2cap_chan

struct l2cap_chan cames to create a clear separation between what
properties and data belongs to the L2CAP channel and what belongs to the
socket. By now we just fold the struct sock * in struct l2cap_chan as all
the channel info is struct l2cap_pinfo today.

In the next commits we will see a move of channel stuff to struct
l2cap_chan.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoath: add missing regdomain pair 0x5c mapping
Christian Lamparter [Wed, 6 Apr 2011 18:40:31 +0000 (20:40 +0200)]
ath: add missing regdomain pair 0x5c mapping

Joe Culler reported a problem with his AR9170 device:

> ath: EEPROM regdomain: 0x5c
> ath: EEPROM indicates we should expect a direct regpair map
> ath: invalid regulatory domain/country code 0x5c
> ath: Invalid EEPROM contents

It turned out that the regdomain 'APL7_FCCA' was not mapped yet.
According to Luis R. Rodriguez [Atheros' engineer] APL7 maps to
FCC_CTL and FCCA maps to FCC_CTL as well, so the attached patch
should be correct.

Cc: <stable@kernel.org>
Reported-by: Joe Culler <joe.culler@gmail.com>
Acked-by: Luis R. Rodriguez <lrodriguez@atheros.com>
Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
13 years agomwl8k: do not free unrequested irq
Brian Cavagnolo [Wed, 6 Apr 2011 08:48:46 +0000 (14:18 +0530)]
mwl8k: do not free unrequested irq

When the mwl8k driver attempts and fails to switch from sta to ap
firmware (or vice-versa) in the mwl8k_add_interface routine, the
mwl8k_stop routine will be called. This routine must not attempt
to free the irq if it was not requested.

Signed-off-by: Brian Cavagnolo <brian@cozybit.com>
Signed-off-by: Nishant Sarmukadam <nishants@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
13 years agoiwlagn: override 5300 EEPROM # of chains
Johannes Berg [Tue, 5 Apr 2011 15:55:05 +0000 (08:55 -0700)]
iwlagn: override 5300 EEPROM # of chains

At least EEPROM version 0x11A has the wrong
number of chains programmed into it for some
reason, so we need to override in the driver.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
13 years agoBluetooth: convert net/bluetooth/ to kstrtox
Alexey Dobriyan [Sat, 2 Apr 2011 11:19:41 +0000 (14:19 +0300)]
Bluetooth: convert net/bluetooth/ to kstrtox

Convert from strict_strto*() interfaces to kstrto*() interfaces.

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoBluetooth: Use GFP_KERNEL in user context
Gustavo F. Padovan [Mon, 4 Apr 2011 21:56:53 +0000 (18:56 -0300)]
Bluetooth: Use GFP_KERNEL in user context

The allocation in mgmt_control() code are in user context and not locked
by any spinlock, so it's not recommended the use of GFP_ATOMIC there.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoBluetooth: Don't use spin_lock_bh in user context
Gustavo F. Padovan [Mon, 4 Apr 2011 22:06:05 +0000 (19:06 -0300)]
Bluetooth: Don't use spin_lock_bh in user context

spin_lock() and spin_unlock() are more apropiated for user context.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoBluetooth: Use kthread API in cmtp
Szymon Janc [Mon, 21 Mar 2011 13:20:06 +0000 (14:20 +0100)]
Bluetooth: Use kthread API in cmtp

kernel_thread() is a low-level implementation detail and
EXPORT_SYMBOL(kernel_thread) is scheduled for removal.
Use the <linux/kthread.h> API instead.

Signed-off-by: Szymon Janc <szymon.janc@tieto.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoBluetooth: Use kthread API in bnep
Szymon Janc [Mon, 21 Mar 2011 13:20:00 +0000 (14:20 +0100)]
Bluetooth: Use kthread API in bnep

kernel_thread() is a low-level implementation detail and
EXPORT_SYMBOL(kernel_thread) is scheduled for removal.
Use the <linux/kthread.h> API instead.

Signed-off-by: Szymon Janc <szymon.janc@tieto.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoBluetooth: Use kthread API in hidp
Szymon Janc [Tue, 5 Apr 2011 13:37:45 +0000 (15:37 +0200)]
Bluetooth: Use kthread API in hidp

kernel_thread() is a low-level implementation detail and
EXPORT_SYMBOL(kernel_thread) is scheduled for removal.
Use the <linux/kthread.h> API instead.

Signed-off-by: Szymon Janc <szymon.janc@tieto.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoBluetooth: Add mgmt_remote_name event
Johan Hedberg [Wed, 30 Mar 2011 10:18:12 +0000 (13:18 +0300)]
Bluetooth: Add mgmt_remote_name event

This patch adds a new remote_name event to the Management interface
which is sent every time the name of a remote device is resolved (over
BR/EDR).

Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoBluetooth: Add mgmt_device_found event
Johan Hedberg [Wed, 30 Mar 2011 20:57:16 +0000 (23:57 +0300)]
Bluetooth: Add mgmt_device_found event

This patch adds a device_found event to the Management interface. For
now the event only maps to BR/EDR inquiry result HCI events, but in the
future the plan is to also use it for the LE device discovery process.

Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoBluetooth: Remove gfp_mask param from hci_reassembly()
Gustavo F. Padovan [Mon, 4 Apr 2011 21:25:14 +0000 (18:25 -0300)]
Bluetooth: Remove gfp_mask param from hci_reassembly()

It is unnecessary, once we are always in interrupt context.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
13 years agoiwlwifi: accept EEPROM version 0x423 for iwl6000
John W. Linville [Mon, 4 Apr 2011 17:18:44 +0000 (13:18 -0400)]
iwlwifi: accept EEPROM version 0x423 for iwl6000

A number of these devices have appeared "in the wild", and apparently
the Windows driver is perfectly happy to support this EEPROM version.

Signed-off-by: John W. Linville <linville@tuxdriver.com>
Cc: stable@kernel.org
Acked-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
13 years agort2x00: fix cancelling uninitialized work
Stanislaw Gruszka [Mon, 4 Apr 2011 11:50:32 +0000 (13:50 +0200)]
rt2x00: fix cancelling uninitialized work

{rx,tx}done_work's are only initialized for usb devices.

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Cc: stable@kernel.org
Acked-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
13 years agortlwifi: Fix some warnings/bugs
Larry Finger [Sat, 2 Apr 2011 23:10:22 +0000 (18:10 -0500)]
rtlwifi: Fix some warnings/bugs

Some compiler/architecture combinations generate some warnings that are
not seen on my main system. Two of the "warnings" about unitialized variables
are really bugs.

Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
13 years agop54usb: IDs for two new devices
Christian Lamparter [Sat, 2 Apr 2011 09:31:29 +0000 (11:31 +0200)]
p54usb: IDs for two new devices

Cc: <stable@kernel.org>
Reported-by: Mark Davis [via p54/devices wiki]
Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
13 years agowl12xx: fix potential buffer overflow in testmode nvs push
Luciano Coelho [Fri, 1 Apr 2011 16:42:02 +0000 (19:42 +0300)]
wl12xx: fix potential buffer overflow in testmode nvs push

We were allocating the size of the NVS file struct and not checking
whether the length of the buffer passed was correct before copying it
into the allocated memory.  This is a security hole because buffer
overflows can occur if the userspace passes a bigger file than what is
expected.

With this patch, we check if the size of the data passed from
userspace matches the size required.

This bug was introduced in 2.6.36.

Cc: stable@kernel.org
Reported-by: Ido Yariv <ido@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
13 years agozd1211rw: reset rx idle timer from tasklet
Jussi Kivilinna [Fri, 1 Apr 2011 16:34:16 +0000 (19:34 +0300)]
zd1211rw: reset rx idle timer from tasklet

2.6.38 added WARN_ON(in_irq) in del_timer_sync that triggers on zd1211rw when
reseting rx idle timer in urb completion handler.

Move timer reseting to tasklet.

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
13 years agozd1211rw: remove URB_SHORT_NOT_OK flag in zd_usb_iowrite16v_async()
Jussi Kivilinna [Fri, 1 Apr 2011 16:34:08 +0000 (19:34 +0300)]
zd1211rw: remove URB_SHORT_NOT_OK flag in zd_usb_iowrite16v_async()

Patch removes the bogus flag introduced by upstream commit
eefdbec1ea8b7093d2c09d1825f68438701723cf. Old code had buffer length check
that new code tried to handle with URB_SHORT_NOT_OK flag. With USB debugging
enabled bogus flag caused usb_submit_urb fail.

Remove URB_SHORT_NOT_OK flag and add buffer length check to urb completion
handler.

Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=32092
Reported-by: Jonathan Callen <abcd@gentoo.org>
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
13 years agomac80211: Fix duplicate frames on cooked monitor
Helmut Schaa [Fri, 1 Apr 2011 13:46:05 +0000 (15:46 +0200)]
mac80211: Fix duplicate frames on cooked monitor

Cleaning the ieee80211_rx_data.flags field here is wrong, instead the
flags should be valid accross processing the frame on different
interfaces. Fix this by removing the incorrect flags=0 assignment.

Introduced in commit 554891e63a29af35cc6bb403ef34e319518114d0
(mac80211: move packet flags into packet).

Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
13 years agomac80211: fix comment regarding aggregation buf_size
Johannes Berg [Fri, 1 Apr 2011 11:52:34 +0000 (13:52 +0200)]
mac80211: fix comment regarding aggregation buf_size

The description for buf_size was misleading and
just said you couldn't TX larger aggregates, but
of course you can't TX aggregates in a way that
would exceed the window either, which is possible
even if the aggregates are shorter than that.

Expand the description, thanks to Emmanuel for
explaining this to me.

Cc: Emmanuel Grumbach <egrumbach@gmail.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
13 years agoath9k: Fix phy info print message with AR9485 chipset.
Senthil Balasubramanian [Fri, 1 Apr 2011 11:46:33 +0000 (17:16 +0530)]
ath9k: Fix phy info print message with AR9485 chipset.

The phy information print during driver init time doesn't show
the numeric part of the chip name properly for AR9485. This patch
addresses this issue by adding the string to the respective array.

Signed-off-by: Senthil Balasubramanian <senthilkumar@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
13 years agowl12xx: fix module author's email address in the spi and sdio modules
Luciano Coelho [Wed, 30 Mar 2011 18:31:39 +0000 (21:31 +0300)]
wl12xx: fix module author's email address in the spi and sdio modules

The MODULE_AUTHOR() macro in the main module (wl12xx) has been updated
to reflect one of the author's new email address, but the wl12xx_spi
and wl12xx_sdio modules haven't been updated.  This patches updates
them.

Signed-off-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
13 years agob43: allocate receive buffers big enough for max frame len + offset
John W. Linville [Wed, 30 Mar 2011 18:02:46 +0000 (14:02 -0400)]
b43: allocate receive buffers big enough for max frame len + offset

Otherwise, skb_put inside of dma_rx can fail...

https://bugzilla.kernel.org/show_bug.cgi?id=32042

Signed-off-by: John W. Linville <linville@tuxdriver.com>
Acked-by: Larry Finger <Larry.Finger@lwfinger.net>
Cc: stable@kernel.org
13 years agomlx4: fix kfree on error path in new_steering_entry()
Mariusz Kozlowski [Mon, 4 Apr 2011 05:04:01 +0000 (22:04 -0700)]
mlx4: fix kfree on error path in new_steering_entry()

On error path kfree() should get pointer to memory allocated by
kmalloc() not the address of variable holding it (which is on stack).

Signed-off-by: Mariusz Kozlowski <mk@lab.zgora.pl>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agotcp: len check is unnecessarily devastating, change to WARN_ON
Ilpo Järvinen [Sat, 2 Apr 2011 04:47:41 +0000 (21:47 -0700)]
tcp: len check is unnecessarily devastating, change to WARN_ON

All callers are prepared for alloc failures anyway, so this error
can safely be boomeranged to the callers domain without super
bad consequences. ...At worst the connection might go into a state
where each RTO tries to (unsuccessfully) re-fragment with such
a mis-sized value and eventually dies.

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agosctp: malloc enough room for asconf-ack chunk
Wei Yongjun [Thu, 31 Mar 2011 23:42:55 +0000 (23:42 +0000)]
sctp: malloc enough room for asconf-ack chunk

Sometime the ASCONF_ACK parameters can equal to the fourfold of
ASCONF parameters, this only happend in some special case:

  ASCONF parameter is :
    Unrecognized Parameter (4 bytes)
  ASCONF_ACK parameter should be:
    Error Cause Indication parameter (8 bytes header)
     + Error Cause (4 bytes header)
       + Unrecognized Parameter (4bytes)

Four 4bytes Unrecognized Parameters in ASCONF chunk will cause panic.

Pid: 0, comm: swapper Not tainted 2.6.38-next+ #22 Bochs Bochs
EIP: 0060:[<c0717eae>] EFLAGS: 00010246 CPU: 0
EIP is at skb_put+0x60/0x70
EAX: 00000077 EBX: c09060e2 ECX: dec1dc30 EDX: c09469c0
ESI: 00000000 EDI: de3c8d40 EBP: dec1dc58 ESP: dec1dc2c
 DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
Process swapper (pid: 0, ti=dec1c000 task=c09aef20 task.ti=c0980000)
Stack:
 c09469c0 e1894fa4 00000044 00000004 de3c8d00 de3c8d00 de3c8d44 de3c8d40
 c09060e2 de25dd80 de3c8d40 dec1dc7c e1894fa4 dec1dcb0 00000040 00000004
 00000000 00000800 00000004 00000004 dec1dce0 e1895a2b dec1dcb4 de25d960
Call Trace:
 [<e1894fa4>] ? sctp_addto_chunk+0x4e/0x89 [sctp]
 [<e1894fa4>] sctp_addto_chunk+0x4e/0x89 [sctp]
 [<e1895a2b>] sctp_process_asconf+0x32f/0x3d1 [sctp]
 [<e188d554>] sctp_sf_do_asconf+0xf8/0x173 [sctp]
 [<e1890b02>] sctp_do_sm+0xb8/0x159 [sctp]
 [<e18a2248>] ? sctp_cname+0x0/0x52 [sctp]
 [<e189392d>] sctp_assoc_bh_rcv+0xac/0xe3 [sctp]
 [<e1897d76>] sctp_inq_push+0x2d/0x30 [sctp]
 [<e18a21b2>] sctp_rcv+0x7a7/0x83d [sctp]
 [<c077a95c>] ? ipv4_confirm+0x118/0x125
 [<c073a970>] ? nf_iterate+0x34/0x62
 [<c074789d>] ? ip_local_deliver_finish+0x0/0x194
 [<c074789d>] ? ip_local_deliver_finish+0x0/0x194
 [<c0747992>] ip_local_deliver_finish+0xf5/0x194
 [<c074789d>] ? ip_local_deliver_finish+0x0/0x194
 [<c0747a6e>] NF_HOOK.clone.1+0x3d/0x44
 [<c0747ab3>] ip_local_deliver+0x3e/0x44
 [<c074789d>] ? ip_local_deliver_finish+0x0/0x194
 [<c074775c>] ip_rcv_finish+0x29f/0x2c7
 [<c07474bd>] ? ip_rcv_finish+0x0/0x2c7
 [<c0747a6e>] NF_HOOK.clone.1+0x3d/0x44
 [<c0747cae>] ip_rcv+0x1f5/0x233
 [<c07474bd>] ? ip_rcv_finish+0x0/0x2c7
 [<c071dce3>] __netif_receive_skb+0x310/0x336
 [<c07221f3>] netif_receive_skb+0x4b/0x51
 [<e0a4ed3d>] cp_rx_poll+0x1e7/0x29c [8139cp]
 [<c072275e>] net_rx_action+0x65/0x13a
 [<c0445a54>] __do_softirq+0xa1/0x149
 [<c04459b3>] ? __do_softirq+0x0/0x149
 <IRQ>
 [<c0445891>] ? irq_exit+0x37/0x72
 [<c040a7e9>] ? do_IRQ+0x81/0x95
 [<c07b3670>] ? common_interrupt+0x30/0x38
 [<c0428058>] ? native_safe_halt+0xa/0xc
 [<c040f5d7>] ? default_idle+0x58/0x92
 [<c0408fb0>] ? cpu_idle+0x96/0xb2
 [<c0797989>] ? rest_init+0x5d/0x5f
 [<c09fd90c>] ? start_kernel+0x34b/0x350
 [<c09fd0cb>] ? i386_start_kernel+0xba/0xc1

Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agosctp: fix auth_hmacs field's length of struct sctp_cookie
Wei Yongjun [Thu, 31 Mar 2011 23:38:54 +0000 (23:38 +0000)]
sctp: fix auth_hmacs field's length of struct sctp_cookie

auth_hmacs field of struct sctp_cookie is used for store
Requested HMAC Algorithm Parameter, and each HMAC Identifier
is 2 bytes, so the length should be:
  SCTP_AUTH_NUM_HMACS * sizeof(__u16) + 2

Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agonet: Fix dev dev_ethtool_get_rx_csum() for forced NETIF_F_RXCSUM
Michał Mirosław [Wed, 30 Mar 2011 23:58:08 +0000 (23:58 +0000)]
net: Fix dev dev_ethtool_get_rx_csum() for forced NETIF_F_RXCSUM

dev_ethtool_get_rx_csum() won't report rx checksumming when it's not
changeable and driver is converted to hw_features and friends. Fix this.

(dev->hw_features & NETIF_F_RXCSUM) check is dropped - if the
ethtool_ops->get_rx_csum is set, then driver is not coverted, yet.

Signed-off-by: Michał Mirosław <mirq-linux@rere.qmqm.pl>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agousbnet: use eth%d name for known ethernet devices
Arnd Bergmann [Sat, 2 Apr 2011 03:12:02 +0000 (20:12 -0700)]
usbnet: use eth%d name for known ethernet devices

The documentation for the USB ethernet devices suggests that
only some devices are supposed to use usb0 as the network interface
name instead of eth0. The logic used there, and documented in
Kconfig for CDC is that eth0 will be used when the mac address
is a globally assigned one, but usb0 is used for the locally
managed range that is typically used on point-to-point links.

Unfortunately, this has caused a lot of pain on the smsc95xx
device that is used on the popular pandaboard without an
EEPROM to store the MAC address, which causes the driver to
call random_ether_address().

Obviously, there should be a proper MAC addressed assigned to
the device, and discussions are ongoing about how to solve
this, but this patch at least makes sure that the default
interface naming gets a little saner and matches what the
user can expect based on the documentation, including for
new devices.

The approach taken here is to flag whether a device might be a
point-to-point link with the new FLAG_POINTTOPOINT setting in
the usbnet driver_info. A driver can set both FLAG_POINTTOPOINT
and FLAG_ETHER if it is not sure (e.g. cdc_ether), or just one
of the two.  The usbnet framework only looks at the MAC address
for device naming if both flags are set, otherwise it trusts the
flag.

Signed-off-by: Arnd Bergmann <arnd.bergmann@linaro.org>
Tested-by: Andy Green <andy.green@linaro.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agostarfire: clean up dma_addr_t size test
FUJITA Tomonori [Fri, 1 Apr 2011 05:27:51 +0000 (05:27 +0000)]
starfire: clean up dma_addr_t size test

Now we have CONFIG_ARCH_DMA_ADDR_T_64BIT. We can fix the hacky
dma_addr_t size test cleanly.

Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoMerge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wirel...
David S. Miller [Sat, 2 Apr 2011 00:15:25 +0000 (17:15 -0700)]
Merge branch 'master' of git://git./linux/kernel/git/linville/wireless-2.6

13 years agoappletalk: Fix OOPS in atalk_release().
David S. Miller [Fri, 1 Apr 2011 01:59:10 +0000 (18:59 -0700)]
appletalk: Fix OOPS in atalk_release().

Commit 60d9f461a20ba59219fdcdc30cbf8e3a4ad3f625 ("appletalk: remove
the BKL") added a dereference of "sk" before checking for NULL in
atalk_release().

Guard the code block completely, rather than partially, with the
NULL check.

Reported-by: Dave Jones <davej@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoMerge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/padovan/blueto...
Gustavo F. Padovan [Thu, 31 Mar 2011 19:26:01 +0000 (16:26 -0300)]
Merge branch 'master' of git://git./linux/kernel/git/padovan/bluetooth-2.6