struct sco_conninfo has one padding byte in the end. Local variable
cinfo of type sco_conninfo is copied to userspace with this uninizialized
one byte, leading to old stack contents leak.
Signed-off-by: Vasiliy Kulikov <segoon@openwall.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Struct ca is copied from userspace. It is not checked whether the "device"
field is NULL terminated. This potentially leads to BUG() inside of
alloc_netdev_mqs() and/or information leak by creating a device with a name
made of contents of kernel stack.
Signed-off-by: Vasiliy Kulikov <segoon@openwall.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Make the phy.c codes for rtl8192ce and rtl8192cu be as alike as possible.
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Make rtlwifi/rtl8192ce/fw.{h,c} match what will be needed for
rtlwifi/rtl8192cu.{h,c}.
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
To reuse as much code as possible when adding additional drivers to the
rtlwifi tree, the common parts of various routines are moved to
drivers/net/wireless/rtlwifi. This patch does that for the version of
dm.{h,c} used by rtl8192ce.
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: George <george0505@realtek.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
The rtlwifi core needs some changes before inclusion of a driver
for the RTL8192CU USB device.
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: <chaoming_li@realsil.com.cn>
Signed-off-by: <george0505@realtek.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Blacklisted AR3012 PID in btusb and added the same
in ath3k to load patch and sysconfig files.
Signed-off-by: Bala Shanmugam <sbalashanmugam@atheros.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Structure l2cap_options has one padding byte between max_tx and
txwin_size fields. This byte in "opts" is copied to userspace
uninitialized.
Signed-off-by: Vasiliy Kulikov <segoon@openwall.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Combo devices have TX statistics on different place, because
struct statistics_rx_bt and struct statistics_rx have different
size. User proper values on combo devices instead of random data.
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Acked-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Make ack health code easies to read. Compared to previous
code, we do not print debug messages when expected_ack_cnt_delta == 0
and also do check against negative deltas.
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Acked-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
No functional change, make recover from statistics code
easies to read.
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Acked-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
The variable appears in both ath_softc and ath_beacon_config.
The struct ath_beacon_config is embedded in ath_softc. The redundant
variable was added by commit id 57c4d7b4c4.
Signed-off-by: Steve Brown <sbrown@cortland.com>
Reviewed-by: Mohammed Shafi <shafi.ath9k@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
My previous patch to optimize scanning on operating channel
accidentally removed the code that would ensure power was
set to maximum for scanning.
This patch re-adds that functionality.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Narrow channel types can function within larger channel types.
So, use existing channel type for work items when possible.
This decreases hardware channel changes significantly when
using non NO_HT channel types on the operating channel.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Previous code set the channel type to NO_HT, but it
appears that NO_HT packets can be sent on any channel
type, so we do not need to change the channel type
as long as the channel is correct.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Some were indirectly set to NO_HT (zero), but I think
it's better to explicitly set it in case the enum ever
changes. In cfg.c, it seems the channel-type was just
ignored (and thus always set to NO_HT).
Signed-off-by: Ben Greear <greearb@candelatech.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Instead of looking for supported_rates change on every tx packet,
just extract the supported_rates after association completes (station only).
Remove wl1271.sta_rate_set and WL1271_FLAG_STA_RATES_CHANGED which are
not used anymore.
Signed-off-by: Eliad Peller <eliad@wizery.com>
Reviewed-by: Juuso Oikarinen <juuso.oikarinen@nokia.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
make the configuration management more flexible by using the
conf struct, rather than predefined macros.
Signed-off-by: Eliad Peller <eliad@wizery.com>
Reviewed-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
This patch adds support for the new wl12xx firmware (Rev 6.1.3.50.49)
Since this fw is not backward compatible with previous fw versions,
a new fw (with different name) is being fetched.
(the patch is big because it contains all the required fw api changes.
splitting it into multiple patches will result in corrupted intermediate
commits)
Signed-off-by: Eliad Peller <eliad@wizery.com>
Reviewed-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
mcp2.5 uses this acx to configure the fw only once, rather than
passing the params in every enter psm command.
Signed-off-by: Eliad Peller <eliad@wizery.com>
Reviewed-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
It causes the move of the declaration of 3 functions to l2cap.h:
l2cap_get_ident(), l2cap_send_cmd(), l2cap_build_conf_req()
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
This patch tries to do the minimal to move l2cap_sock_create() and its
dependencies to l2cap_sock.c. It create a API to initialize and cleanup
the L2CAP sockets from l2cap_core.c through l2cap_init_sockets() and
l2cap_cleanup_sockets().
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
In commit 86e09287e4, to reduce memory
usage, the functions of the ath3k module were rewritten to release the
firmware blob after it has been loaded (successfully or not).
The resuting code has some redundancy and the compiler can potentially
produce better code if we omit a function call that is unconditionally
executed in
,----
| if (ath3k_load_firmware(udev, firmware)) {
| release_firmware(firmware);
| return -EIO;
| }
| release_firmware(firmware);
|
| return 0;
| }
`----
It may also be argued that the rewritten code becomes easier to read,
and also to see the code coverage of the snippet in question.
Signed-off-by: Rogério Brito <rbrito@ime.usp.br>
Cc: Alexander Holler <holler@ahsoftware.de>
Cc: "Gustavo F. Padovan" <padovan@profusion.mobi>
Cc: Miguel Ojeda <miguel.ojeda.sandonis@gmail.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Crash can happen when tasklet handling connect/disconnect requests
preempts socket accept. Can be reproduced with "l2test -r" on one
side and several "l2test -c -b 1000 -i hci0 -P 10 <bdaddr>" on the
other side.
disable taskets in socket accept and change lock_sock and release_sock
to bh_lock_sock and bh_unlock_sock since we have to use spinlocks and
there is no need to mark sock as owned by user.
...
[ 3555.897247] Unable to handle kernel NULL pointer dereference at virtual
address 000000bc
[ 3555.915039] pgd = cab9c000
[ 3555.917785] [000000bc] *pgd=8bf3d031, *pte=00000000, *ppte=00000000
[ 3555.928314] Internal error: Oops: 17 [#1] PREEMPT
[ 3555.999786] CPU: 0 Not tainted (2.6.32.21-13874-g67918ef #65)
...
[ 3556.005981] PC is at bt_accept_unlink+0x20/0x58 [bluetooth]
[ 3556.011627] LR is at bt_accept_dequeue+0x3c/0xe8 [bluetooth]
...
[ 3556.161285] [<bf0007fc>] (bt_accept_unlink+0x20/0x58 [bluetooth]) from
[<bf000870>] (bt_accept_dequeue+0x3c/0xe8 [bluetooth])
[ 3556.172729] [<bf000870>] (bt_accept_dequeue+0x3c/0xe8 [bluetooth]) from
[<bf324df8>] (l2cap_sock_accept+0x100/0x15c [l2cap])
[ 3556.184082] [<bf324df8>] (l2cap_sock_accept+0x100/0x15c [l2cap]) from
[<c026a0a8>] (sys_accept4+0x120/0x1e0)
[ 3556.193969] [<c026a0a8>] (sys_accept4+0x120/0x1e0) from [<c002c9a0>]
(ret_fast_syscall+0x0/0x2c)
[ 3556.202819] Code: e5813000 e5901164 e580c160 e580c15c (e1d13bbc)
...
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@nokia.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Fix checkpatch warnings concerning assignments in if conditions.
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@nokia.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
This patch adds a new set_io_capability management command which is used
to set the IO capability for Secure Simple Pairing (SSP) as well as the
Security Manager Protocol (SMP). The value is per hci_dev and each
hci_conn object inherits it upon creation.
Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
This patch adds the necessary commands and events needed to communicate
PIN code related actions between the kernel and userspace. This includes
a pin_code_request event as well as pin_code_reply and
pin_code_negative_reply commands.
Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
A lot of management code needs to generate command complete events so it
makes sense to have a helper function for this.
Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Vasiliy Kulikov