Brian Foley [Mon, 24 Sep 2012 13:33:42 +0000 (14:33 +0100)]
virtio_mmio: Don't attempt to create empty virtqueues
If a virtio device reports a QueueNumMax of 0, vring_new_virtqueue()
doesn't check this, and thanks to an unsigned (i < num - 1) loop
guard, scribbles over memory when initialising the free list.
Avoid by not trying to create zero-descriptor queues, as there's no
way to do any I/O with one.
Signed-off-by: Brian Foley <brian.foley@arm.com> Signed-off-by: Pawel Moll <pawel.moll@arm.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Brian Foley [Mon, 24 Sep 2012 13:33:41 +0000 (14:33 +0100)]
virtio_mmio: fix off by one error allocating queue
vm_setup_vq fails to allow VirtQueues needing only 2 pages of
storage, as it should. Found with a kernel using 64kB pages, but
can be provoked if a virtio device reports QueueNumMax where the
descriptor table and available ring fit in one page, and the used
ring on the second (<= 227 descriptors with 4kB pages and <= 3640
with 64kB pages.)
Signed-off-by: Brian Foley <brian.foley@arm.com> Signed-off-by: Pawel Moll <pawel.moll@arm.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Max Filippov [Mon, 17 Sep 2012 01:44:31 +0000 (05:44 +0400)]
xtensa: fix linker script transformation for .text.unlikely
Now that binutils generate *.unlikely sections which don't follow
documented (info as) literal section naming rules, section name
transformation script doesn't work well resulting in the following
errors at vmlinux link time:
main.c:(.text.unlikely+0x3): dangerous relocation: l32r: literal
placed after use: .literal.unlikely
Fix section name transformation script by adding specific rule for
.text.unlikely sections.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com> Signed-off-by: Chris Zankel <chris@zankel.net>
1) Eric Dumazet discovered and fixed what turned out to be a family of
bugs. These functions were using pskb_may_pull() which might need
to reallocate the linear SKB data buffer, but the callers were not
expecting this possibility. The callers have cached pointers to the
packet header areas, and would need to reload them if we were to
continue using pskb_may_pull().
So they could end up reading garbage.
It's easier to just change these RAW4/RAW6/MIP6 routines to use
skb_header_pointer() instead of pskb_may_pull(), which won't modify
the linear SKB data area.
2) Dave Jone's syscall spammer caught a case where a non-TCP socket can
call down into the TCP keepalive code. The case basically involves
creating a raw socket with sk_protocol == IPPROTO_TCP, then calling
setsockopt(sock_fd, SO_KEEPALIVE, ...)
Fixed by Eric Dumazet.
3) Bluetooth devices do not get configured properly while being powered
on, resulting in always using legacy pairing instead of SSP. Fix
from Andrzej Kaczmarek.
4) Bluetooth cancels delayed work erroneously, put stricter checks in
place. From Andrei Emeltchenko.
5) Fix deadlock between cfg80211_mutex and reg_regdb_search_mutex in
cfg80211, from Luis R. Rodriguez.
6) Fix interrupt double release in iwlwifi, from Emmanuel Grumbach.
7) Missing module license in bcm87xx driver, from Peter Huewe.
8) Team driver can lose port changed events when adding devices to a
team, fix from Jiri Pirko.
9) Fix endless loop when trying ot unregister PPPOE device in zombie
state, from Xiaodong Xu.
10) batman-adv layer needs to set MAC address of software device
earlier, otherwise we call tt_local_add with it uninitialized.
11) Fix handling of KSZ8021 PHYs, it's matched currently by KS8051 but
that doesn't program the device properly. From Marek Vasut.
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net:
ipv6: mip6: fix mip6_mh_filter()
ipv6: raw: fix icmpv6_filter()
net: guard tcp_set_keepalive() to tcp sockets
phy/micrel: Add missing header to micrel_phy.h
phy/micrel: Rename KS80xx to KSZ80xx
phy/micrel: Implement support for KSZ8021
batman-adv: Fix symmetry check / route flapping in multi interface setups
batman-adv: Fix change mac address of soft iface.
pppoe: drop PPPOX_ZOMBIEs in pppoe_release
team: send port changed when added
ipv4: raw: fix icmp_filter()
net/phy/bcm87xx: Add MODULE_LICENSE("GPL") to GPL driver
iwlwifi: don't double free the interrupt in failure path
cfg80211: fix possible circular lock on reg_regdb_search()
Bluetooth: Fix not removing power_off delayed work
Bluetooth: Fix freeing uninitialized delayed works
Bluetooth: mgmt: Fix enabling LE while powered off
Bluetooth: mgmt: Fix enabling SSP while powered off
Whenever both WLAN and BT in/out sleep mode, sometimes WLAN
is not able to take back the shared LNA control after resumes
from sleep mode. The idea is that for WLAN to check if BT owns
LNA control and BT is in sleep mode when WLAN just resumes from
sleep mode. If the condition is true, do a BTCOEX_RC_WARM_RESET
for WLAN to take back the control of shared LNA.
Now the issue is the BT sleep value read from MCI register is
overlooked by assigning u32 into u8. Hence the above condition never
be met so that WLAN used to report beacon losses and frequent
connection drops.
Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com> Tested-by: Paul Stewart <pstew@chromium.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
rt2x00: Replace open coded interface checking with interface combinations.
Mac80211 has formal infrastructure to specify which interface combinations
are supported. Make use of this facility in favor of open coding it
ourselves.
So far we only have to specify we can support multiple AP interfaces,
no other combinations are supported.
Inspired by an earlier patch from Paul Fertser.
Signed-off-by: Gertjan van Wingerde <gwingerde@gmail.com> Cc: Paul Fertser <fercerpav@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
rt2x00: Deprecate max_sta_intf field of struct rt2x00_ops.
All drivers set this value to 1, so there is no need (currently) to let
drivers set this.
Therefor, remove the field; we can always add it back when it is needed.
Inspired by an earlier patch from Paul Fertser.
Signed-off-by: Gertjan van Wingerde <gwingerde@gmail.com> Cc: Paul Fertser <fercerpav@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Dan Carpenter [Sun, 23 Sep 2012 16:33:00 +0000 (19:33 +0300)]
mwifiex: potential corruption in mwifiex_update_uap_custom_ie()
ap_custom_ie is a struct mwifiex_ie_list which is quite different and
also larger than struct mwifiex_ie. It's a difference between 4196
bytes and 262.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Tested-by: Stone Piao <piaoyun@marvell.com> Acked-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Currently, ASPM is disabled for all WLAN+BT combo chipsets
when BTCOEX is enabled. This is incorrect since the workaround
is required only for WB195, which is a AR9285+AR3011 combo
solution. Fix this by checking for the HW version when enabling
the workaround.
Cc: stable@vger.kernel.org Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com> Tested-by: Paul Stewart <pstew@chromium.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>