Commit Graph

107034 Commits

Author SHA1 Message Date
Miao Xie
4a36702e01 IPv6: datagram_send_ctl() should exit immediately when an error occured
When an error occured, datagram_send_ctl() should exit immediately rather than
continue to run the for loop. Otherwise, the variable err might be changed and
the error might be hidden.

Fix this bug by using "goto" instead of "break".

Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-07-29 23:57:58 -07:00
David S. Miller
e93dc4891d Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6 2008-07-29 21:51:00 -07:00
Luis Carlos Cobo
56a6d13dfd mac80211: fix mesh beaconing
This patch fixes mesh beaconing, which was broken by "mac80211: revamp
beacon configuration".

Signed-off-by: Luis Carlos Cobo <luisca@cozybit.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-07-29 16:55:09 -04:00
Vegard Nossum
77bbadd5ea PS3: gelic: use unsigned long for irqflags
The semantic patch I used was this:

@@
expression lock;
identifier flags;
expression subclass;
@@

- unsigned int flags;
+ unsigned long flags;

...

<+...

(
 spin_lock_irqsave(lock, flags)
|
 _spin_lock_irqsave(lock)
|
 spin_unlock_irqrestore(lock, flags)
|
 _spin_unlock_irqrestore(lock, flags)
|
 read_lock_irqsave(lock, flags)
|
 _read_lock_irqsave(lock)
|
 read_unlock_irqrestore(lock, flags)
|
 _read_unlock_irqrestore(lock, flags)
|
 write_lock_irqsave(lock, flags)
|
 _write_lock_irqsave(lock)
|
 write_unlock_irqrestore(lock, flags)
|
 _write_unlock_irqrestore(lock, flags)
|
 spin_lock_irqsave_nested(lock, flags, subclass)
|
 _spin_lock_irqsave_nested(lock, subclass)
|
 spin_unlock_irqrestore(lock, flags)
|
 _spin_unlock_irqrestore(lock, flags)
|
 _raw_spin_lock_flags(lock, flags)
|
 __raw_spin_lock_flags(lock, flags)
)

...+>

This patch was generated using the Coccinelle framework.

Cc: Masakazu Mokuno <mokuno@sm.sony.co.jp>
Cc: Julia Lawall <julia@diku.dk>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Vegard Nossum <vegard.nossum@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-07-29 16:55:08 -04:00
Johannes Berg
14db74bcc3 mac80211: fix cfg80211 hooks for master interface
The master interface is a virtual interface that is registered
to mac80211, changing that does not seem like a good idea at
the moment. However, since it has no sdata, we cannot accept
any configuration for it. This patch makes the cfg80211 hooks
reject any such attempt.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-07-29 16:55:08 -04:00
Johannes Berg
bba95fefb8 nl80211: fix dump callbacks
Julius Volz pointed out that the dump callbacks in nl80211 were
broken and fixed one of them. This patch fixes the other three
and also addresses the TODOs there.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Cc: Julius Volz <juliusv@google.com>
Cc: Thomas Graf <tgraf@suug.ch>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-07-29 16:55:08 -04:00
Johannes Berg
d0f0980414 mac80211: partially fix skb->cb use
This patch fixes mac80211 to not use the skb->cb over the queue step
from virtual interfaces to the master. The patch also, for now,
disables aggregation because that would still require requeuing,
will fix that in a separate patch. There are two other places (software
requeue and powersaving stations) where requeue can happen, but that is
not currently used by any drivers/not possible to use respectively.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-07-29 16:55:08 -04:00
Larry Finger
0ccd58fc03 rtl8187: Improve wireless statistics for RTL8187B
Wireless statistics produced by the RTL8187B driver are not particularly
informative about the strength of the received signal. From the data sheet
provided by Realtek, I discovered that certain parts of the RX header
should have the information necessary to calculate signal quality and
strength. With testing, it became clear that most of these quantities were
very jittery - only the AGC correlated with the signals expected from nearby
AP's. As a result, the quality and strength are derived from the agc value.
The scaling has been determined so that the numbers are close to those
obtained by b43 under the same conditions. The results are qualitatively
correct.

Statistics derived for the RTL8187 have not been changed.

The RX header variables have been renamed to match the quantites described
in the Realtek data sheet.

Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-07-29 16:55:08 -04:00
Larry Finger
1f690d7b54 rtl8187: Fix for TX sequence number problem
"mac80211: fix TX sequence numbers" broke rtl8187. This
patch makes the same kind of fix that was done for rt2x00. Note that
this code will have to be reworked for proper sequence numbers on beacons.
In addition, the sequence number has been placed in the hardware state,
not the vif state.

Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-07-29 16:55:08 -04:00
Rami Rosen
5422399518 mac80211: append CONFIG_ to MAC80211_VERBOSE_PS_DEBUG in net/mac80211/tx.c.
In net/mac80211/tx.c, there are some #ifdef which checks
MAC80211_VERBOSE_PS_DEBUG
(which in fact is never set) instead of
CONFIG_MAC80211_VERBOSE_PS_DEBUG, as should be.

This patch replaces MAC80211_VERBOSE_PS_DEBUG with
CONFIG_MAC80211_VERBOSE_PS_DEBUG in these #ifdef commands in
net/mac80211/tx.c.

Signed-off-by: Rami Rosen <ramirose@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-07-29 16:55:07 -04:00
Harvey Harrison
0b06b2ae0e mac80211: fix sparse integer as NULL pointer warning
drivers/net/wireless/mac80211_hwsim.c:503:20: warning: Using plain integer as NULL pointer

Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-07-29 16:55:07 -04:00
Andrew Morton
031211049b drivers/net/wireless/iwlwifi/iwl-led.c: printk fix
ia64:

drivers/net/wireless/iwlwifi/iwl-led.c: In function `iwl_get_blink_rate':
drivers/net/wireless/iwlwifi/iwl-led.c:271: warning: long long int format, s64 arg (arg 6)
drivers/net/wireless/iwlwifi/iwl-led.c:271: warning: long long int format, u64 arg (arg 7)

We do not know what type the architecture uses to impement u64 and s64,
hence we must cast the variables for printing.

Cc: Tomas Winkler <tomas.winkler@intel.com>
Cc: John W. Linville <linville@tuxdriver.com>
Cc: Zhu Yi <yi.zhu@intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-07-29 16:55:07 -04:00
Jeremy Fitzhardinge
023a04bebe mac80211: return correct error return from ieee80211_wep_init
Return the proper error code rather than a hard-coded ENOMEM from
ieee80211_wep_init.  Also, print the error code on failure.

Signed-off-by: Jeremy Fitzhardinge <jeremy@goop.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-07-29 16:55:07 -04:00
Jiri Slaby
1b0241656b mac80211: tx, use dev_kfree_skb_any for beacon_get
Use dev_kfree_skb_any(); instead of dev_kfree_skb();, since
ieee80211_beacon_get function might be called from atomic.
(It's in a fail path.)

Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Cc: Johannes Berg <johannes@sipsolutions.net>
Cc: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-07-29 16:55:07 -04:00
Ivo van Doorn
9c0ab712c7 rt2x00: Clear queue entry flags during initialization
When the queues are being initialized the entry flags fields must be
reset to 0. When this does not happen some entries might still be
marked as "occupied" after an ifdown & ifup cycle which would trigger
errors when the entry is being accessed:

	phy0 -> rt2x00queue_write_tx_frame: Error - Arrived at non-free entry in the non-full queue 0.
	Please file bug report to http://rt2x00.serialmonkey.com.

This also fixes the mac80211 warning:

	------------[ cut here ]------------
	WARNING: at net/mac80211/tx.c:1238 ieee80211_master_start_xmit+0x30a/0x350 [mac80211]()

which was triggered by the queue error.

Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-07-29 16:55:06 -04:00
Ivo van Doorn
74c0ee9b59 rt2x00: Force full register config after start()
rt2x00 will only perform configuration changes from
mac80211 when the configuration option has changed.
This means it keeps track of the current active configuration
and will check these values when the config() callback function
is used.

However this causes breakage when the interface has been
brought down and up again, since all stored active values
aren't reset while the registers might have.
This is for example the case with rt61pci antenna registers which
will jump to invalid values when the interface has been started.

To make sure a full configuration takes place after the start()
callback function, a new flag is added which will be checked
during config() and skips the "what's changed" phase.

Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-07-29 16:55:06 -04:00
Julia Lawall
4104863fb4 b43legacy: Release mutex in error handling code
The mutex is released on a successful return, so it would seem that it
should be released on an error return as well.

The semantic patch finds this problem is as follows:
(http://www.emn.fr/x-info/coccinelle/)

// <smpl>
@@
expression l;
@@

mutex_lock(l);
... when != mutex_unlock(l)
    when any
    when strict
(
if (...) { ... when != mutex_unlock(l)
+   mutex_unlock(l);
    return ...;
}
|
mutex_unlock(l);
)
// </smpl>

Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Michael Buesch <mb@bu3sch.de>
Cc: stable <stable@kernel.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-07-29 16:55:05 -04:00
Julia Lawall
80c42affad drivers/net/wireless/ipw2100.c: Release mutex in error handling code
The mutex is released on a successful return, so it would seem that it
should be released on an error return as well.

The semantic patch finds this problem is as follows:
(http://www.emn.fr/x-info/coccinelle/)

// <smpl>
@@
expression l;
@@

mutex_lock(l);
... when != mutex_unlock(l)
    when any
    when strict
(
if (...) { ... when != mutex_unlock(l)
+   mutex_unlock(l);
    return ...;
}
|
mutex_unlock(l);
)
// </smpl>

Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-07-29 16:55:05 -04:00
Ivo van Doorn
e7087a828f rt2x00: Fix memleak when RTS/CTS fails
When sending the RTS/CTS frame fails, we should
free the skb buffer which was created.

Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-07-29 16:55:05 -04:00
Ivo van Doorn
5adf6d63c1 rt2x00: Fix QOS sequence counting
When IEEE80211_TX_CTL_ASSIGN_SEQ is not set,
the driver should disable hardware sequence counting
to make sure the mac80211 provided counter is used.
This fixes QOS sequence counting, since that is one
of the cases where mac80211 provides a seperate
sequence counter.

By moving the sequence counting code to rt2x00queue
we make sure that _all_ frames get the sequence counter,
including RTS/CTS and Beacon frames.

Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-07-29 16:55:05 -04:00
Iwo Mergler
b93ce437eb rt2x00: Fix the beacon length bug
When setting up a beacon template, the length of the beacon is
calculated with the assumption that the SKB already contains
the Tx descriptor. In the case of beacons it doesn't.

This patch undoes the damage by adding the Tx descriptor length
to the beacon length. This is safe, because the shortest possible
beacon is longer than the Tx header.

Signed-off-by: Iwo Mergler <Iwo@call-direct.com.au>
Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-07-29 16:55:05 -04:00
Iwo Mergler
3e0c1abe74 rt2x00: Large vendor requests for rt73usb firmware upload and beacons
Switches rt73usb to use large vendor requests for firmware
and beacons. This also fixes the garbled beacon bug.

Signed-off-by: Iwo Mergler <Iwo@call-direct.com.au>
Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-07-29 16:55:05 -04:00
Iwo Mergler
ed0dbeeb92 rt2x00: Support for large vendor requests
Adds an extra rt2x00 vendor request function to support register
transfers beyond the CSR_CACHE_SIZE / USB packet size limit. This
is useful for firmware uploads, beacon templates and keys, all
of which are to large to do with a single USB request.

Signed-off-by: Iwo Mergler <Iwo@call-direct.com.au>
Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-07-29 16:55:04 -04:00
Ivo van Doorn
f2fdbc4847 rt2x00: Fix EIFS timing value
Olivier reported a difference between the EIFS
values used in the legacy driver and the one in
the rt2x00 drivers.

In rt2x00 the value was
	( SIFS + (8 * (IEEE80211_HEADER + ACK_SIZE)) )
which comes down to 314us while the legacy driver uses the value 364us

This was caused because EIFS is: SIFS + DIFS + AckTime
This patch will fix this by adding the DIFS by the above value,
and creating a SHORT_EIFS define which uses the SHORT_DIFS.

Reported-by: Olivier Cornu <o.cornu@gmail.com>
Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-07-29 16:55:04 -04:00
Ivo van Doorn
ed06387b44 rt2x00: Remove duplicate declaration
rt2x00queue_free_skb() was declared twice.

Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-07-29 16:55:04 -04:00
Pavel Roskin
256b152b00 ath5k: don't enable MSI, we cannot handle it yet
MSI is a nice thing, but we cannot enable it without changing the
interrupt handler.  If we do it, we break MSI capable hardware,
specifically AR5006 chipset.

Signed-off-by: Pavel Roskin <proski@gnu.org>
Acked-by: Nick Kossifidis <mickflemm@gmail.com>
Cc: stable <stable@kernel.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-07-29 16:55:04 -04:00
Bob Copeland
bc05116ab3 ath5k: fix recursive locking in ath5k_beacon_update
ath5k_beacon_update takes sc->lock upon entry.  However, it is only
called from within ath5k_config_interface, which already holds the lock.
Remove the unnecessary locking from ath5k_beacon_update.

Signed-off-by: Bob Copeland <me@bobcopeland.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-07-29 16:55:04 -04:00
Denis V. Lunev
cb9289cb79 iwlwifi: small compile warnings without CONFIG_IWLWIFI_DEBUG
CC [M]  drivers/net/wireless/iwlwifi/iwl-scan.o
drivers/net/wireless/iwlwifi/iwl-scan.c: In function 'iwl_rx_scan_complete_notif':
drivers/net/wireless/iwlwifi/iwl-scan.c:274: warning: unused variable 'scan_notif'

Signed-off-by: Denis V. Lunev <den@openvz.org>
Acked-by: Tomas Winkler <tomasw@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-07-29 16:55:03 -04:00
Denis V. Lunev
c0b6a1c9be iwlwifi: compilation error when CONFIG_IWLWIFI_DEBUG is not set
CC [M]  drivers/net/wireless/iwlwifi/iwl-rfkill.o
drivers/net/wireless/iwlwifi/iwl-led.c: In function 'iwl_led_brightness_set':
drivers/net/wireless/iwlwifi/iwl-led.c:198: error: 'led_type_str' undeclared (first use in this function)
drivers/net/wireless/iwlwifi/iwl-led.c:198: error: (Each undeclared identifier is reported only once
drivers/net/wireless/iwlwifi/iwl-led.c:198: error: for each function it appears in.)

The problem is that led_type_str is defined under CONFIG_IWLWIFI_DEBUG
while IWL_DEBUG is a static inline function in this case. Replace it
with macro.

Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-07-29 16:55:03 -04:00
Brian Cavagnolo
fb904907fb libertas: check bounds and only use decimal for sysfs persistent features.
Some persistent settings were using hex and others decimal.  In some cases,
values were set in hex but reported in decimal.  Confusing.

Signed-off-by: Brian Cavagnolo <brian@cozybit.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-07-29 16:55:03 -04:00
Rami Rosen
699669f331 iwl-3945: add #ifdef CONFIG_IWL3945_LEDS to avoid compile warning.
When building the wireless-next-2.6 tree with CONFIG_IWL3945 (for building
iwl-3945 driver) and where CONFIG_IWL3945_LEDS is not set,
we get this warning:
drivers/net/wireless/iwlwifi/iwl-3945.c: In function
'iwl3945_pass_packet_to_mac80211':
drivers/net/wireless/iwlwifi/iwl-3945.c:633: warning: unused variable 'hdr'

This patch adds #ifdef to iwl3945_pass_packet_to_mac80211() to avoid this
warning. (The variable 'hdr' is used only if CONFIG_IWL3945_LEDS is set)

Signed-off-by: Rami Rosen <ramirose@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-07-29 16:55:03 -04:00
Henrique de Moraes Holschuh
435307a365 rfkill: yet more minor kernel-doc fixes
For some stupid reason, I sent and old version of the patch minor kernel
doc-fix patch, and it got merged before I noticed the problem. This is an
incremental fix on top.

Signed-off-by: Henrique de Moraes Holschuh <hmh@hmh.eng.br>
Acked-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-07-29 16:55:03 -04:00
Henrique de Moraes Holschuh
064af1117b rfkill: mutex fixes
There are two mutexes in rfkill:

rfkill->mutex, which protects some of the fields of a rfkill struct, and is
also used for callback serialization.

rfkill_mutex, which protects the global state, the list of registered
rfkill structs and rfkill->claim.

Make sure to use the correct mutex, and to not miss locking rfkill->mutex
even when we already took rfkill_mutex.

Signed-off-by: Henrique de Moraes Holschuh <hmh@hmh.eng.br>
Acked-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-07-29 16:36:35 -04:00
Henrique de Moraes Holschuh
f1b23361a0 rfkill: document the rfkill struct locking (v2)
Reorder fields in struct rfkill and add comments to make it clear
which fields are protected by rfkill->mutex.

Signed-off-by: Henrique de Moraes Holschuh <hmh@hmh.eng.br>
Acked-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-07-29 16:36:33 -04:00
Henrique de Moraes Holschuh
37f55e9d78 rfkill: fix led-trigger unregister order in error unwind
rfkill needs to unregister the led trigger AFTER a call to
rfkill_remove_switch(), otherwise it will not update the LED state,
possibly leaving it ON when it should be OFF.

To make led-trigger unregistering safer, guard against unregistering a
trigger twice, and also against issuing trigger events to a led trigger
that was unregistered.  This makes the error unwind paths more resilient.

Refer to "rfkill: Register LED triggers before registering switch".

Signed-off-by: Henrique de Moraes Holschuh <hmh@hmh.eng.br>
Acked-by: Ivo van Doorn <IvDoorn@gmail.com>
Cc: Michael Buesch <mb@bu3sch.de>
Cc: Dmitry Baryshkov <dbaryshkov@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-07-29 16:36:32 -04:00
Henrique de Moraes Holschuh
2fd9b2212e rfkill: document rfkill_force_state as required (v2)
While the rfkill class does work with just get_state(), it doesn't work
well on devices that are subject to external events that cause rfkill state
changes.

Document that rfkill_force_state() is required in those cases.

Signed-off-by: Henrique de Moraes Holschuh <hmh@hmh.eng.br>
Acked-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-07-29 16:36:32 -04:00
Bob Copeland
734b5aa911 ath5k: use positive logic for HP laptop LEDs
Helge Deller reports that HP laptops (NC4010 and NC6000) use active-
high signals to turn on the LEDs.  Previous code used active-low for
all devices.

Signed-off-by: Bob Copeland <me@bobcopeland.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-07-29 16:36:30 -04:00
Jiri Slaby
3e4242b99c Ath5k: suspend/resume fixes
- free and re-request irq since it might have changed during suspend
- disable and enable msi
- don't set D0 state of the device, it's already done by the PCI layer
- do restore_state before enable_device, it's safer
- check ath5k_init return value

Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Acked-by: Nick Kossifidis <mickflemm@gmail.com>
Cc: Luis R. Rodriguez <mcgrof@gmail.com>
Cc: Jesse Barnes <jbarnes@virtuousgeek.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-07-29 16:36:29 -04:00
Jiri Slaby
e86600c7b4 Ath5k: fix dma operation
Don't sync
- coherent mapping (descriptors)
- before unmap, it's useless
- (wrongly anyway -- for_cpu) beacon skb, it's just mapped,
  so by the device yet

Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Acked-by: Nick Kossifidis <mickflemm@gmail.com>
Cc: Luis R. Rodriguez <mcgrof@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-07-29 16:36:28 -04:00
Jiri Slaby
274c7c3638 Ath5k: flush work
Make sure that the irq is not in progress after stop. This means
two things:
- ensure the intr setting register is set by flushing posted values
- call synchronize_irq() after that

Also flush stop tx write, inform callers of the tx stop about still
pending transfers (unsuccessful stop) and finally don't wait another
3ms in ath5k_rx_stop, since ath5k_hw_stop_rx_dma ensures transfer to
be finished.

Make sure all writes will be ordered in respect to locks by mmiowb().

Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Acked-by: Nick Kossifidis <mickflemm@gmail.com>
Cc: Luis R. Rodriguez <mcgrof@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-07-29 16:36:27 -04:00
Jiri Slaby
10488f8ad6 Ath5k: kill tasklets on shutdown
Don't forget to kill tasklets on stop to not panic if they
fire after freeing some structures.

Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Acked-by: Nick Kossifidis <mickflemm@gmail.com>
Cc: Luis R. Rodriguez <mcgrof@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-07-29 16:36:26 -04:00
Jiri Slaby
3a0f2c8718 Ath5k: fix memory corruption
When signal is noisy, hardware can use all RX buffers and since the last
entry in the list is self-linked, it overwrites the entry until we link
new buffers.

Ensure that we don't free this last one until we are 100% sure that it
is not used by the hardware anymore to not cause memory curruption as
can be seen below.

This is done by checking next buffer in the list. Even after that we
know that the hardware refetched the new link and proceeded further
(the next buffer is ready) we can finally free the overwritten buffer.

We discard it since the status in its descriptor is overwritten (OR-ed
by new status) too.

=============================================================================
BUG kmalloc-4096: Poison overwritten
-----------------------------------------------------------------------------

INFO: 0xffff810067419060-0xffff810067419667. First byte 0x8 instead of 0x6b
INFO: Allocated in dev_alloc_skb+0x18/0x30 age=1118 cpu=1 pid=0
INFO: Freed in skb_release_data+0x85/0xd0 age=1105 cpu=1 pid=3718
INFO: Slab 0xffffe200019d0600 objects=7 used=0 fp=0xffff810067419048 flags=0x40000000000020c3
INFO: Object 0xffff810067419048 @offset=4168 fp=0xffff81006741c120

Bytes b4 0xffff810067419038:  4f 0b 02 00 01 00 00 00 5a 5a 5a 5a 5a 5a 5a 5a O.......ZZZZZZZZ
  Object 0xffff810067419048:  6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
  Object 0xffff810067419058:  6b 6b 6b 6b 6b 6b 6b 6b 08 42 30 00 00 0b 6b 80 kkkkkkkk.B0...k.
  Object 0xffff810067419068:  f0 5d 00 4f 62 08 a3 64 00 0c 42 16 52 e4 f0 5a 360].Ob.243d..B.R344360Z
  Object 0xffff810067419078:  68 81 00 00 7b a5 b4 be 7d 3b 8f 53 cd d5 de 12 h...{245264276};.S315325336.
  Object 0xffff810067419088:  96 10 0b 89 48 54 23 41 0f 4e 2d b9 37 c3 cb 29 ....HT#A.N-2717303313)
  Object 0xffff810067419098:  d1 e0 de 14 8a 57 2a cc 3b 44 0d 78 7a 19 12 15 321340336..W*314;D.xz...
  Object 0xffff8100674190a8:  a9 ec d4 35 a8 10 ec 8c 40 a7 06 0a 51 a7 48 bb 2513543245250.354.@247..Q247H273
  Object 0xffff8100674190b8:  3e cf a1 c7 38 60 63 3f 51 15 c7 20 eb ba 65 30 >ϡ3078`c?Q.307.353272e0
 Redzone 0xffff81006741a048:  bb bb bb bb bb bb bb bb                         273273273273273273273273
 Padding 0xffff81006741a088:  5a 5a 5a 5a 5a 5a 5a 5a                         ZZZZZZZZ
Pid: 3297, comm: ath5k_pci Not tainted 2.6.26-rc8-mm1_64 #427

Call Trace:
 [<ffffffff802a7306>] print_trailer+0xf6/0x150
 [<ffffffff802a7485>] check_bytes_and_report+0x125/0x180
 [<ffffffff802a75dc>] check_object+0xac/0x260
 [<ffffffff802a9308>] __slab_alloc+0x368/0x6d0
 [<ffffffff80544f82>] ? wireless_send_event+0x142/0x310
 [<ffffffff804b1bd4>] ? __alloc_skb+0x44/0x150
 [<ffffffff80544f82>] ? wireless_send_event+0x142/0x310
 [<ffffffff802aa853>] __kmalloc_track_caller+0xc3/0xf0
 [<ffffffff804b1bfe>] __alloc_skb+0x6e/0x150
[... stack snipped]

FIX kmalloc-4096: Restoring 0xffff810067419060-0xffff810067419667=0x6b

FIX kmalloc-4096: Marking all objects used

Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Acked-by: Nick Kossifidis <mickflemm@gmail.com>
Cc: Luis R. Rodriguez <mcgrof@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-07-29 16:36:25 -04:00
Johannes Berg
605a0bd66d mac80211: remove IEEE80211_HW_HOST_GEN_BEACON_TEMPLATE flag
I forgot this in the previous patch that made it unused.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-07-29 16:36:24 -04:00
Linus Torvalds
6e86841d05 Linux 2.6.27-rc1 2008-07-28 19:40:31 -07:00
Linus Torvalds
7874d35173 Merge git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux-2.6-for-linus
* git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux-2.6-for-linus:
  lguest: turn Waker into a thread, not a process
  lguest: Enlarge virtio rings
  lguest: Use GSO/IFF_VNET_HDR extensions on tun/tap
  lguest: Remove 'network: no dma buffer!' warning
  lguest: Adaptive timeout
  lguest: Tell Guest net not to notify us on every packet xmit
  lguest: net block unneeded receive queue update notifications
  lguest: wrap last_avail accesses.
  lguest: use cpu capability accessors
  lguest: virtio-rng support
  lguest: Support assigning a MAC address
  lguest: Don't leak /dev/zero fd
  lguest: fix verbose printing of device features.
  lguest: fix switcher_page leak on unload
  lguest: Guest int3 fix
  lguest: set max_pfn_mapped, growl loudly at Yinghai Lu
2008-07-28 18:16:26 -07:00
Linus Torvalds
5dfb66ba8c Merge branch 'for-linus' of git://git.o-hand.com/linux-mfd
* 'for-linus' of git://git.o-hand.com/linux-mfd:
  mfd: accept pure device as a parent, not only platform_device
  mfd: add platform_data to mfd_cell
  mfd: Coding style fixes
  mfd: Use to_platform_device instead of container_of
2008-07-28 18:15:41 -07:00
Linus Torvalds
1d9b9f6a53 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jbarnes/pci-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jbarnes/pci-2.6: (21 commits)
  x86/PCI: use dev_printk when possible
  PCI: add D3 power state avoidance quirk
  PCI: fix bogus "'device' may be used uninitialized" warning in pci_slot
  PCI: add an option to allow ASPM enabled forcibly
  PCI: disable ASPM on pre-1.1 PCIe devices
  PCI: disable ASPM per ACPI FADT setting
  PCI MSI: Don't disable MSIs if the mask bit isn't supported
  PCI: handle 64-bit resources better on 32-bit machines
  PCI: rewrite PCI BAR reading code
  PCI: document pci_target_state
  PCI hotplug: fix typo in pcie hotplug output
  x86 gart: replace to_pages macro with iommu_num_pages
  x86, AMD IOMMU: replace to_pages macro with iommu_num_pages
  iommu: add iommu_num_pages helper function
  dma-coherent: add documentation to new interfaces
  Cris: convert to using generic dma-coherent mem allocator
  Sh: use generic per-device coherent dma allocator
  ARM: support generic per-device coherent dma mem
  Generic dma-coherent: fix DMA_MEMORY_EXCLUSIVE
  x86: use generic per-device dma coherent allocator
  ...
2008-07-28 18:14:24 -07:00
Linus Torvalds
a3ad7f128c Merge git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6:
  [SCSI] qla2xxx: fix msleep compile error
2008-07-28 18:13:48 -07:00
Linus Torvalds
9b79022ca9 Fix 'get_user_pages_fast()' with non-page-aligned start address
Alexey Dobriyan reported trouble with LTP with the new fast-gup code,
and Johannes Weiner debugged it to non-page-aligned addresses, where the
new get_user_pages_fast() code would do all the wrong things, including
just traversing past the end of the requested area due to 'addr' never
matching 'end' exactly.

This is not a pretty fix, and we may actually want to move the alignment
into generic code, leaving just the core code per-arch, but Alexey
verified that the vmsplice01 LTP test doesn't crash with this.

Reported-and-tested-by: Alexey Dobriyan <adobriyan@gmail.com>
Debugged-by: Johannes Weiner <hannes@saeurebad.de>
Cc: Nick Piggin <npiggin@suse.de>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-07-28 17:54:21 -07:00
Rusty Russell
8c79873da0 lguest: turn Waker into a thread, not a process
lguest uses a Waker process to break it out of the kernel (ie.
actually running the guest) when file descriptor needs attention.

Changing this from a process to a thread somewhat simplifies things:
it can directly access the fd_set of things to watch.  More
importantly, it means that the Waker can see Guest memory correctly,
so /dev/vring file descriptors will work as anticipated (the
alternative is to actually mmap MAP_SHARED, but you can't do that with
/dev/zero).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2008-07-29 09:58:39 +10:00