summaryrefslogtreecommitdiffstats
path: root/net (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Merge ssh://master.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6John W. Linville2011-02-187-3/+20
|\ | | | | | | | | | | Conflicts: drivers/bluetooth/ath3k.c drivers/bluetooth/btusb.c
| * mac80211: fix conn_mon_timer running after disassociateStanislaw Gruszka2011-02-181-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Low level driver could pass rx frames to us after disassociate, what can lead to run conn_mon_timer by ieee80211_sta_rx_notify(). That is obviously wrong, but nothing happens until we unload modules and resources are used after free. If kernel debugging is enabled following warning could be observed: WARNING: at lib/debugobjects.c:259 debug_print_object+0x65/0x70() Hardware name: HP xw8600 Workstation ODEBUG: free active (active state 0) object type: timer_list Modules linked in: iwlagn(-) iwlcore mac80211 cfg80211 aes_x86_64 aes_generic fuse cpufreq_ondemand acpi_cpufreq freq_table mperf xt_physdev ipt_REJECT nf_conntrack_ipv4 nf_defrag_ipv4 iptable_filter ip_tables ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 xt_state nf_conntrack ip6table_filter ip6_tables ipv6 ext3 jbd dm_mirror dm_region_hash dm_log dm_mod uinput hp_wmi sparse_keymap sg wmi arc4 microcode serio_raw ecb tg3 shpchp rfkill ext4 mbcache jbd2 sr_mod cdrom sd_mod crc_t10dif firewire_ohci firewire_core crc_itu_t mptsas mptscsih mptbase scsi_transport_sas ahci libahci pata_acpi ata_generic ata_piix floppy nouveau ttm drm_kms_helper drm i2c_algo_bit i2c_core video [last unloaded: cfg80211] Pid: 13827, comm: rmmod Tainted: G W 2.6.38-rc4-wl+ #22 Call Trace: [<ffffffff810649cf>] ? warn_slowpath_common+0x7f/0xc0 [<ffffffff81064ac6>] ? warn_slowpath_fmt+0x46/0x50 [<ffffffff81226fc5>] ? debug_print_object+0x65/0x70 [<ffffffff81227625>] ? debug_check_no_obj_freed+0x125/0x210 [<ffffffff8109ebd7>] ? debug_check_no_locks_freed+0xf7/0x170 [<ffffffff81156092>] ? kfree+0xc2/0x2f0 [<ffffffff813ec5c5>] ? netdev_release+0x45/0x60 [<ffffffff812f1067>] ? device_release+0x27/0xa0 [<ffffffff81216ddd>] ? kobject_release+0x8d/0x1a0 [<ffffffff81216d50>] ? kobject_release+0x0/0x1a0 [<ffffffff812183b7>] ? kref_put+0x37/0x70 [<ffffffff81216c57>] ? kobject_put+0x27/0x60 [<ffffffff813d5d1b>] ? netdev_run_todo+0x1ab/0x270 [<ffffffff813e771e>] ? rtnl_unlock+0xe/0x10 [<ffffffffa0581188>] ? ieee80211_unregister_hw+0x58/0x120 [mac80211] [<ffffffffa0377ed7>] ? iwl_pci_remove+0xdb/0x22a [iwlagn] [<ffffffff8123cde2>] ? pci_device_remove+0x52/0x120 [<ffffffff812f5205>] ? __device_release_driver+0x75/0xe0 [<ffffffff812f5348>] ? driver_detach+0xd8/0xe0 [<ffffffff812f4111>] ? bus_remove_driver+0x91/0x100 [<ffffffff812f5b62>] ? driver_unregister+0x62/0xa0 [<ffffffff8123d194>] ? pci_unregister_driver+0x44/0xa0 [<ffffffffa0377df5>] ? iwl_exit+0x15/0x1c [iwlagn] [<ffffffff810ab492>] ? sys_delete_module+0x1a2/0x270 [<ffffffff81498889>] ? trace_hardirqs_on_thunk+0x3a/0x3f [<ffffffff8100bf42>] ? system_call_fastpath+0x16/0x1b Acked-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * Bluetooth: Release BTM while sleeping to avoid deadlockVladislav P2011-02-161-0/+2
| | | | | | | | | | Signed-off-by: Vladislav P <vladisslav@inbox.ru> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
| * mac80211: add missing locking in ieee80211_reconfigEliad Peller2011-02-091-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When suspending an associated system, and then resuming, the station vif is being reconfigured without taking the sdata->u.mgd.mtx lock, which results in the following warning: WARNING: at net/mac80211/mlme.c:101 ieee80211_ap_probereq_get+0x58/0xb8 [mac80211]() Modules linked in: wl12xx_sdio wl12xx firmware_class crc7 mac80211 cfg80211 [last unloaded: crc7] Backtrace: [<c005432c>] (dump_backtrace+0x0/0x118) from [<c0376e28>] (dump_stack+0x20/0x24) r7:00000000 r6:bf12d6ec r5:bf154aac r4:00000065 [<c0376e08>] (dump_stack+0x0/0x24) from [<c0079104>] (warn_slowpath_common+0x5c/0x74) [<c00790a8>] (warn_slowpath_common+0x0/0x74) from [<c0079148>] (warn_slowpath_null+0x2c/0x34) r9:000024ff r8:cd006460 r7:00000001 r6:00000000 r5:00000000 r4:cf1394a0 [<c007911c>] (warn_slowpath_null+0x0/0x34) from [<bf12d6ec>] (ieee80211_ap_probereq_get+0x58/0xb8 [mac80211]) [<bf12d694>] (ieee80211_ap_probereq_get+0x0/0xb8 [mac80211]) from [<bf19cd04>] (wl1271_cmd_build_ap_probe_req+0x30/0xf8 [wl12xx]) r4:cd007440 [<bf19ccd4>] (wl1271_cmd_build_ap_probe_req+0x0/0xf8 [wl12xx]) from [<bf1995f4>] (wl1271_op_bss_info_changed+0x4c4/0x808 [wl12xx]) r5:cd007440 r4:000003b4 [<bf199130>] (wl1271_op_bss_info_changed+0x0/0x808 [wl12xx]) from [<bf122168>] (ieee80211_bss_info_change_notify+0x1a4/0x1f8 [mac80211]) [<bf121fc4>] (ieee80211_bss_info_change_notify+0x0/0x1f8 [mac80211]) from [<bf141e80>] (ieee80211_reconfig+0x4d0/0x668 [mac80211]) r8:cf0eeea4 r7:cd00671c r6:00000000 r5:cd006460 r4:cf1394a0 [<bf1419b0>] (ieee80211_reconfig+0x0/0x668 [mac80211]) from [<bf137dd4>] (ieee80211_resume+0x60/0x70 [mac80211]) [<bf137d74>] (ieee80211_resume+0x0/0x70 [mac80211]) from [<bf0eb930>] (wiphy_resume+0x6c/0x7c [cfg80211]) r5:cd006248 r4:cd006110 [<bf0eb8c4>] (wiphy_resume+0x0/0x7c [cfg80211]) from [<c0241024>] (legacy_resume+0x38/0x70) r7:00000000 r6:00000000 r5:cd006248 r4:cd0062fc [<c0240fec>] (legacy_resume+0x0/0x70) from [<c0241478>] (device_resume+0x168/0x1a0) r8:c04ca8d8 r7:cd00627c r6:00000010 r5:cd006248 r4:cd0062fc [<c0241310>] (device_resume+0x0/0x1a0) from [<c0241600>] (dpm_resume_end+0xf8/0x3bc) r7:00000000 r6:00000005 r5:cd006248 r4:cd0062fc [<c0241508>] (dpm_resume_end+0x0/0x3bc) from [<c00b2a24>] (suspend_devices_and_enter+0x1b0/0x204) [<c00b2874>] (suspend_devices_and_enter+0x0/0x204) from [<c00b2b68>] (enter_state+0xf0/0x148) r7:c037e978 r6:00000003 r5:c043d807 r4:00000000 [<c00b2a78>] (enter_state+0x0/0x148) from [<c00b20a4>] (state_store+0xa4/0xcc) r7:c037e978 r6:00000003 r5:00000003 r4:c043d807 [<c00b2000>] (state_store+0x0/0xcc) from [<c01fc90c>] (kobj_attr_store+0x20/0x24) [<c01fc8ec>] (kobj_attr_store+0x0/0x24) from [<c0157120>] (sysfs_write_file+0x11c/0x150) [<c0157004>] (sysfs_write_file+0x0/0x150) from [<c0100f84>] (vfs_write+0xc0/0x14c) [<c0100ec4>] (vfs_write+0x0/0x14c) from [<c01010e4>] (sys_write+0x4c/0x78) r8:40126000 r7:00000004 r6:cf1a7c80 r5:00000000 r4:00000000 [<c0101098>] (sys_write+0x0/0x78) from [<c00500c0>] (ret_fast_syscall+0x0/0x30) r8:c00502c8 r7:00000004 r6:403525e8 r5:40126000 r4:00000004 Signed-off-by: Eliad Peller <eliad@wizery.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * Merge branch 'master' of ↵John W. Linville2011-02-091-0/+1
| |\ | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/padovan/bluetooth-2.6
| * | mac80211: fix the skb cloned check in the tx pathFelix Fietkau2011-02-071-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Using skb_header_cloned to check if it's safe to write to the skb is not enough - mac80211 also touches the tailroom of the skb. Initially this check was only used to increase a counter, however this commit changed the code to also skip skb data reallocation if no extra head/tailroom was needed: commit 4cd06a344db752f513437138953af191cbe9a691 mac80211: skip unnecessary pskb_expand_head calls It added a regression at least with iwl3945, which is fixed by this patch. Reported-by: Dmitry Torokhov <dmitry.torokhov@gmail.com> Signed-off-by: Felix Fietkau <nbd@openwrt.org> Tested-by: Dmitry Torokhov <dmitry.torokhov@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * | mac80211: fix TX status cookie in HW offload caseJohannes Berg2011-02-023-2/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When the off-channel TX is done with remain-on-channel offloaded to hardware, the reported cookie is wrong as in that case we shouldn't use the SKB as the cookie but need to instead use the corresponding r-o-c cookie (XOR'ed with 2 to prevent API mismatches). Fix this by keeping track of the hw_roc_skb pointer just for the status processing and use the correct cookie to report in this case. We can't use the hw_roc_skb pointer itself because it is NULL'ed when the frame is transmitted to prevent it being used twice. This fixes a bug where the P2P state machine in the supplicant gets stuck because it never gets a correct result for its transmitted frame. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | | mac80211: Clear PS related flag on disabling power save.Vivek Natarajan2011-02-181-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | Clear IEEE80211_STA_NULLFUNC_ACKED flag on disabling power save. Without this fix, there is a chance of setting CONF_PS before sending nullfunc frame. Signed-off-by: Vivek Natarajan <vnatarajan@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | | small adjustment to net/mac80211/KconfigJan Beulich2011-02-181-1/+1
| | | | | | | | | | | | | | | | | | | | | "def_bool n" without prompt is pointless, this should be just "bool". Signed-off-by: Jan Beulich <jbeulich@novell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | | mac80211: fix 2.4 GHz 40 MHz disablingJohannes Berg2011-02-184-15/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The module parameter ieee80211_disable_40mhz_24ghz was meant to allow disabling 40 MHz operation in the 2.4 GHz band by default. However, it is buggy as implemented because while it advertises to the AP that the device doesn't support 40 MHz, it will itself still use 40 MHz configurations. To fix this, clear the 40 MHz bits from the sband completely instead of overriding where used. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | | mac80211: Add power to debugfs.Ben Greear2011-02-181-0/+6
| | | | | | | | | | | | | | | Signed-off-by: Ben Greear <greearb@candelatech.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | | Merge branch 'master' of ↵John W. Linville2011-02-1816-193/+662
|\ \ \ | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/padovan/bluetooth-next-2.6
| * | | Bluetooth: fix checkpatch errors in af_bluetooth.cGustavo F. Padovan2011-02-171-1/+1
| | | | | | | | | | | | | | | | Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
| * | | Bluetooth: Fix errors reported by checkpatch.plGustavo F. Padovan2011-02-171-3/+3
| | | | | | | | | | | | | | | | Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
| * | | Bluetooth: fix errors reported by checkpatch.plGustavo F. Padovan2011-02-172-22/+18
| | | | | | | | | | | | | | | | Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
| * | | Bluetooth: Fix some code style issues in hci_event.cSzymon Janc2011-02-171-8/+10
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Szymon Janc <szymon.janc@tieto.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
| * | | Bluetooth: Fix some code style issues in hci_core.cSzymon Janc2011-02-171-4/+3
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Szymon Janc <szymon.janc@tieto.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
| * | | Bluetooth: Clean up hci_sniff_subrate_evt functionSzymon Janc2011-02-171-9/+0
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Szymon Janc <szymon.janc@tieto.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
| * | | Bluetooth: Use #include <linux/uaccess.h> instead of <asm/uaccess.h>Szymon Janc2011-02-171-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As warned by checkpatch.pl, use #include <linux/uaccess.h> instead of <asm/uaccess.h>. Signed-off-by: Szymon Janc <szymon.janc@tieto.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
| * | | Bluetooth: Send LE Connection Update CommandClaudio Takahasi2011-02-172-1/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If the new connection update parameter are accepted, the LE master host sends the LE Connection Update Command to its controller informing the new requested parameters. Signed-off-by: Claudio Takahasi <claudio.takahasi@openbossa.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
| * | | Bluetooth: Use proper timer for hci command timoutVille Tervo2011-02-162-6/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Use proper timer instead of hci command flow control to timeout failed hci commands. Otherwise stack ends up sending commands when flow control is used to block new commands. 2010-09-01 18:29:41.592132 < HCI Command: Remote Name Request (0x01|0x0019) plen 10 bdaddr 00:16:CF:E1:C7:D7 mode 2 clkoffset 0x0000 2010-09-01 18:29:41.592681 > HCI Event: Command Status (0x0f) plen 4 Remote Name Request (0x01|0x0019) status 0x00 ncmd 0 2010-09-01 18:29:51.022033 < HCI Command: Remote Name Request Cancel (0x01|0x001a) plen 6 bdaddr 00:16:CF:E1:C7:D7 Signed-off-by: Ville Tervo <ville.tervo@nokia.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
| * | | Bluetooth: Fix crash when ioctl(HCIUARTSETPROTO) failsGustavo F. Padovan2011-02-161-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If the fail happens the HCI del_timer may timeout after the the hci dev unregister. This lead to a kernel crash. Reported-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
| * | | Bluetooth: Add connection parameter update responseClaudio Takahasi2011-02-161-1/+58
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Implements L2CAP Connection Parameter Update Response defined in the Bluetooth Core Specification, Volume 3, Part A, section 4.21. Address the LE Connection Parameter Procedure initiated by the slave. Connection Interval Minimum and Maximum have the same range: 6 to 3200. Time = N * 1.25ms. Minimum shall be less or equal to Maximum. The Slave Latency field shall have a value in the range of 0 to ((connSupervisionTimeout / connIntervalMax) - 1). Latency field shall be less than 500. connSupervisionTimeout = Timeout Multiplier * 10 ms. Multiplier field shall have a value in the range of 10 to 3200. Signed-off-by: Claudio Takahasi <claudio.takahasi@openbossa.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
| * | | Bluetooth: Add LE signaling commands handlingClaudio Takahasi2011-02-161-52/+90
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch splits the L2CAP command handling function in order to have a clear separation between the commands related to BR/EDR and LE. Commands and responses in the LE signaling channel are not being handled yet, command reject is sent to all received requests. Bluetooth Core Specification, Volume 3, Part A, section 4 defines the signaling packets formats and allowed commands/responses over the LE signaling channel. Signed-off-by: Claudio Takahasi <claudio.takahasi@openbossa.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
| * | | Bluetooth: Treat LE and ACL links separately on timeoutVille Tervo2011-02-161-7/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Separate LE and ACL timeouts. Othervise ACL connections on non LE hw will time out after 45 secs. Signed-off-by: Ville Tervo <ville.tervo@nokia.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
| * | | Bluetooth: Fix initiated LE connectionsVinicius Costa Gomes2011-02-161-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix LE connections not being marked as master. Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
| * | | Bluetooth: Do not send disconn comand over LE linksVille Tervo2011-02-161-7/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | l2cap over LE links can be disconnected without sending disconnect command first. Signed-off-by: Ville Tervo <ville.tervo@nokia.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
| * | | Bluetooth: Add server socket support for LE connectionVille Tervo2011-02-163-7/+104
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add support for LE server sockets. Signed-off-by: Ville Tervo <ville.tervo@nokia.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
| * | | Bluetooth: Add LE connection support to L2CAPVille Tervo2011-02-162-7/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add basic LE connection support to L2CAP. LE connection can be created by specifying cid in struct sockaddr_l2 Signed-off-by: Ville Tervo <ville.tervo@nokia.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
| * | | Bluetooth: Use LE buffers for LE trafficVille Tervo2011-02-163-4/+108
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bluetooth chips may have separate buffers for LE traffic. This patch add support to use LE buffers provided by the chip. Signed-off-by: Ville Tervo <ville.tervo@nokia.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
| * | | Bluetooth: Add LE connect supportVille Tervo2011-02-162-3/+141
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bluetooth V4.0 adds support for Low Energy (LE) connections. Specification introduces new set of hci commands to control LE connection. This patch adds logic to create, cancel and disconnect LE connections. Signed-off-by: Ville Tervo <ville.tervo@nokia.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
| * | | Bluetooth: Add L2CAP mode to debugfs outputGustavo F. Padovan2011-02-151-2/+3
| | | | | | | | | | | | | | | | Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
| * | | Bluetooth: remove l2cap_load() hackGustavo F. Padovan2011-02-155-16/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | l2cap_load() was added to trigger l2cap.ko module loading from the RFCOMM and BNEP modules. Now that L2CAP module is gone, we don't need it anymore. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
| * | | Bluetooth: Merge L2CAP and SCO modules into bluetooth.koGustavo F. Padovan2011-02-145-41/+38
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Actually doesn't make sense have these modules built separately. The L2CAP layer is needed by almost all Bluetooth protocols and profiles. There isn't any real use case without having L2CAP loaded. SCO is only essential for Audio transfers, but it is so small that we can have it loaded always in bluetooth.ko without problems. If you really doesn't want it you can disable SCO in the kernel config. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
| * | | Bluetooth: sco: fix information leak to userspaceVasiliy Kulikov2011-02-141-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | struct sco_conninfo has one padding byte in the end. Local variable cinfo of type sco_conninfo is copied to userspace with this uninizialized one byte, leading to old stack contents leak. Signed-off-by: Vasiliy Kulikov <segoon@openwall.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
| * | | Bluetooth: bnep: fix buffer overflowVasiliy Kulikov2011-02-141-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Struct ca is copied from userspace. It is not checked whether the "device" field is NULL terminated. This potentially leads to BUG() inside of alloc_netdev_mqs() and/or information leak by creating a device with a name made of contents of kernel stack. Signed-off-by: Vasiliy Kulikov <segoon@openwall.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
| * | | Bluetooth: l2cap: fix 1 byte infoleak to userspaceVasiliy Kulikov2011-02-111-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Structure l2cap_options has one padding byte between max_tx and txwin_size fields. This byte in "opts" is copied to userspace uninitialized. Signed-off-by: Vasiliy Kulikov <segoon@openwall.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
* | | | mac80211: reply to directed probes in IBSSJohannes Berg2011-02-141-5/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | WFA certification and the WMM spec require that we always reply to unicast probe requests, so do that. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | | | mac80211: Remove superfluous if clauseHelmut Schaa2011-02-141-11/+1
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | ieee80211_rx_h_check returned RX_DROP_MONITOR in case the if statement in question was true but the same return value is also used directly after the if clause. Hence, we can just drop the whole if clause and as such simplify the code. Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | | mac80211: Ensure power-level set properly for scanning.Ben Greear2011-02-092-2/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | My previous patch to optimize scanning on operating channel accidentally removed the code that would ensure power was set to maximum for scanning. This patch re-adds that functionality. Signed-off-by: Ben Greear <greearb@candelatech.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | | mac80211: Allow work items to use existing channel type.Ben Greear2011-02-091-3/+50
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Narrow channel types can function within larger channel types. So, use existing channel type for work items when possible. This decreases hardware channel changes significantly when using non NO_HT channel types on the operating channel. Signed-off-by: Ben Greear <greearb@candelatech.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | | mac80211: Allow scanning on existing channel-type.Ben Greear2011-02-092-6/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previous code set the channel type to NO_HT, but it appears that NO_HT packets can be sent on any channel type, so we do not need to change the channel type as long as the channel is correct. Signed-off-by: Ben Greear <greearb@candelatech.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | | mac80211: Properly set work-item channel-type.Ben Greear2011-02-092-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some were indirectly set to NO_HT (zero), but I think it's better to explicitly set it in case the enum ever changes. In cfg.c, it seems the channel-type was just ignored (and thus always set to NO_HT). Signed-off-by: Ben Greear <greearb@candelatech.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | | Bluetooth: update Bluetooth daemon name in Kconfig helpGustavo F. Padovan2011-02-081-3/+3
| | | | | | | | | | | | | | | | | | Change hcid to bluetoothd. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
* | | Bluetooth: move __l2cap_sock_close() to l2cap_sock.cGustavo F. Padovan2011-02-082-83/+80
| | | | | | | | | | | | Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
* | | Bluetooth: move l2cap_sock_kill() to l2cap_sock.cGustavo F. Padovan2011-02-082-16/+16
| | | | | | | | | | | | Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
* | | Bluetooth: move L2CAP sock timers function to l2cap_sock.cGustavo F. Padovan2011-02-082-13/+13
| | | | | | | | | | | | Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
* | | Bluetooth: move l2cap_sock_sendmsg() to l2cap_sock.cGustavo F. Padovan2011-02-082-109/+109
| | | | | | | | | | | | | | | | | | Also moves some L2CAP sending functions declaration to l2cap.h Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
* | | Bluetooth: move l2cap_sock_shutdown() to l2cap_sock.cGustavo F. Padovan2011-02-082-33/+33
| | | | | | | | | | | | | | | | | | Declare __l2cap_wait_ack() and l2cap_sock_clear_timer() in l2cap.h Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
* | | Bluetooth: move l2cap_sock_recvmsg() to l2cap_sock.cGustavo F. Padovan2011-02-082-46/+45
| | | | | | | | | | | | | | | | | | | | | It causes the move of the declaration of 3 functions to l2cap.h: l2cap_get_ident(), l2cap_send_cmd(), l2cap_build_conf_req() Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>