A regression was added through patch a4ed90d6:
"cfg80211: respect API on orig_flags on channel for beacon hint"
We did indeed respect _orig flags but the intention was not clearly
stated in the commit log. This patch fixes firmware issues picked
up by iwlwifi when we lift passive scan of beaconing restrictions
on channels its EEPROM has been configured to always enable.
By doing so though we also disallowed beacon hints on devices
registering their wiphy with custom world regulatory domains
enabled, this happens to be currently ath5k, ath9k and ar9170.
The passive scan and beacon restrictions on those devices would
never be lifted even if we did find a beacon and the hardware did
support such enhancements when world roaming.
Since Johannes indicates iwlwifi firmware cannot be changed to
allow beacon hinting we set up a flag now to specifically allow
drivers to disable beacon hints for devices which cannot use them.
We enable the flag on iwlwifi to disable beacon hints and by default
enable it for all other drivers. It should be noted beacon hints lift
passive scan flags and beacon restrictions when we receive a beacon from
an AP on any 5 GHz non-DFS channels, and channels 12-14 on the 2.4 GHz
band. We don't bother with channels 1-11 as those channels are allowed
world wide.
This should fix world roaming for ath5k, ath9k and ar9170, thereby
improving scan time when we receive the first beacon from any AP,
and also enabling beaconing operation (AP/IBSS/Mesh) on cards which
would otherwise not be allowed to do so. Drivers not using custom
regulatory stuff (wiphy_apply_custom_regulatory()) were not affected
by this as the orig_flags for the channels would have been cleared
upon wiphy registration.
I tested this with a world roaming ath5k card.
Cc: Jouni Malinen <jouni.malinen@atheros.com>
Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com>
Reviewed-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
In cases of fragmented skb, with the data pointers being wrapped around
the TX buffer, the completion handling code would not forward the data
pointer and the firs fragment was unmapped several times, while others
were not unmapped at all.
Signed-off-by: Yevgeny Petrilin <yevgenyp@mellanox.co.il>
Signed-off-by: David S. Miller <davem@davemloft.net>
The size of receive buffer pointer was used to get size of
receive buffer instead of recvbuf_size itself, so only 4/8
bytes could be transfered.
This is a regression to 2.6.30 introduced by commit 8c90e11e35
mISDN: Use kernel_{send,recv}msg instead of open coding
Signed-off-by: Andreas Eversberg <andreas@eversberg.eu>
Signed-off-by: Karsten Keil <keil@b1-systems.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
VLB support has been broken since at least 2004-2005 period as some
changes introduced back then assumed that ->pci_dev is always valid,
lets try to fix it:
- remove duplicated SET_NETDEV_DEV() call
- call SET_NETDEV_DEV() only for PCI devices
- check for ->pci_dev validity in pcnet32_open()
[ Alternatively we may consider removing VLB support but there would not
be much gain in it since an extra driver code needed for VLB support is
minimal and quite simple. ]
This takes care of the following entry from Dan's list:
drivers/net/pcnet32.c +1889 pcnet32_probe1(298) warning: variable derefenced before check 'pdev'
Reported-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Acked-by: Don Fry <pcnet32@verizon.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Move the debug printk() into the proper place and remove superfluous
NULL pointer check in pcnet32_probe1().
This takes care of the following entry from Dan's list:
drivers/net/pcnet32.c +1889 pcnet32_probe1(298) warning: variable derefenced before check 'pdev'
Reported-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Acked-by: Don Fry <pcnet32@verizon.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Change default dma mask for NX3031 to 39 bit with ability
to update it to 64-bit (if firmware indicates support). Old
code was restricting it under 4GB (32-bit), sometimes causing
failure to allocate descriptor rings on heavily populated
system. NX2031 based NICs will still get 32-bit coherent mask.
Signed-off-by: Dhananjay Phadke <dhananjay@netxen.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Check whether index is within bounds before testing the element.
In the last iteration i is PHY_MAX_ADDR. the condition
`!(p = pd->mii.bus->phy_map[PHY_MAX_ADDR])' is undefined and may
evaluate to false, which leads to a dereference of this invalid
phy_map in the phy_connect() below.
Signed-off-by: Roel Kluin <roel.kluin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Check whether index is within bounds before testing the element.
Signed-off-by: Roel Kluin <roel.kluin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Failure to call unregister_pernet_gen_device() can exhaust memory
if module is loaded/unloaded many times.
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Acked-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
This patch fixes the corner cases where the sum of MTU of the free
channels (adjusted for fragmentation overheads) is less than the MTU
of PPP link. There are at least 3 situations where this case might
arise:
- some of the channels are busy
- the multilink session is running in a degraded state (i.e. with less
than its full complement of active channels)
- by design, where multilink protocol is being used to artificially
increase the effective link MTU of a single link.
Without this patch, at most 1 fragment is ever sent per free channel
for a given PPP frame and any remaining part of the PPP frame that
does not fit into those fragments is silently discarded.
This patch restores the original behaviour which was broken by commit
9c705260fe 'ppp:ppp_mp_explode()
redesign'. Once all 'free' channels have been given a fragment, an
additional fragment is queued to each available channel in turn, as many
times as necessary, until the entire PPP frame has been consumed.
Signed-off-by: Ben McKeegan <ben@netservers.co.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
When a user disables interrupt throttling with ethtool on 82599 devices,
the interrupt timer may not be re-enabled if hardware RSC is running. The
RSC completions in hardware don't complete before the next ITR event tries
to fire, so the ITR timer never gets re-armed. This patch increases the
amount of time between interrupts when throttling is disabled (rx-usecs =
0) when the hardware RSC deature is enabled.
Signed-off-by: Peter P Waskiewicz Jr <peter.p.waskiewicz.jr@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Parameter order for using mk_ic_value(count, time) was reversed,
the patch fixes this.
Signed-off-by: Jiajun Wu <b06378@freescale.com>
Signed-off-by: Li Yang <leoli@freescale.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
If a socket is hashed in last slot of pppoe hash table (PPPOE_HASH_SIZE-1)
we report it many times (up to filling seq buffer)
(Only the last socket of last slot)
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
start_code is 69 words, but the code always writes a multiple of 16 words,
so the last 11 words written are outside the array.
Signed-off-by: Roel Kluin <roel.kluin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
if dev_alloc_skb() fails on the first iteration, a write to
cp->rx_ring[-1] occurs.
Signed-off-by: Roel Kluin <roel.kluin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Changing to GFP_ATOMIC because the only caller in cnic/bnx2i may
be calling this function while holding spin_lock.
This problem was discovered by Mike Christie.
Signed-off-by: Michael Chan <mchan@broadcom.com>
Acked-by: Mike Christie <michaelc@cs.wisc.edu>
Signed-off-by: David S. Miller <davem@davemloft.net>
Several arrays were read before checking whether the index was within
bounds. ARRAY_SIZE() should be used to determine the size of arrays.
rates->rates has an arraysize of 1, so calling get_common_rates()
with a rates_size of MAX_RATES (14) was causing reads out of bounds.
tmp_size can increment at most to (ARRAY_SIZE(lbs_bg_rates) - 1) *
(*rates_size - 1), so that should be the number of elements of tmp[].
A goto can be eliminated: ret was already set upon its declaration.
Signed-off-by: Roel Kluin <roel.kluin@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
tid is bounded (above) by the size of default_tid_to_tx_fifo (17 elements), but
the size of priv->stations[].tid[] is MAX_TID_COUNT (9) elements.
Signed-off-by: Roel Kluin <roel.kluin@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
SSID_rid has space for only 3 ssids.
txPowerLevels[i] is read before the bounds check for i
Signed-off-by: Roel Kluin <roel.kluin@gmail.com>
Acked-by: Dan Williams <dcbw@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Luis R. Rodriguez
Yevgeny Petrilin
Andreas Eversberg
Don Fry
Dhananjay Phadke
roel kluin
Eric Dumazet
Ben McKeegan
Peter P Waskiewicz Jr
Jiajun Wu
Michael Chan
David S. Miller