| Age | Commit message (Collapse) | Author |
|---|
|
The controller device attributes are not used and expose no valuable
information.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
|
The connection link attributes are not used and expose no valuable
information.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
|
When we introduced GSO support, if using auth the auth chunk was being
left queued on the packet even after the final segment was generated.
Later on sctp_transmit_packet it calls sctp_packet_reset, which zeroed
the packet len while not accounting for this left-over. This caused more
space to be used the next packet due to the chunk still being queued,
but space which wasn't allocated as its size wasn't accounted.
The fix is to only queue it back when we know that we are going to
generate another segment.
Fixes: 90017accff61 ("sctp: Add GSO support")
Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
This code generates as static checker warning because htons(ETH_P_IPV6)
is always true. From the context it looks like the && was intended to
be !=.
Fixes: 94758f8de037 ('bnxt_en: Add GRO logic for BCM5731X chips.')
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
over time there were multiple requests to access different data
structures and fields of task_struct current, so finally add
the helper to access 'current' as-is. Tracing bpf programs will do
the rest of walking the pointers via bpf_probe_read().
Note that current can be null and bpf program has to deal it with,
but even dumb passing null into bpf_probe_read() is still safe.
Suggested-by: Brendan Gregg <brendan.d.gregg@gmail.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
The routing table of every switch in a tree is currently initialized to
all zeros. This is an issue since 0 is a valid port number.
Add a DSA_RTABLE_NONE=-1 constant to initialize the signed values of the
routing table pointing to other switches.
This fixes the device mapping of the mv88e6xxx driver where the port
pointing to the switch itself and to non-existent switches was wrongly
configured to be 0. It is now set to the expected 0xf value.
Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
The referenced change added a netlink notifier for processing
device queue size events. These events are fired for all devices
but the registered callback assumed they only occurred for tun
devices. This fix adds a check (borrowed from macvtap.c) to discard
non-tun device events.
For reference, this fixes the following splat:
[ 71.505935] BUG: unable to handle kernel NULL pointer dereference at 0000000000000010
[ 71.513870] IP: [<ffffffff8153c1a0>] tun_device_event+0x110/0x340
[ 71.519906] PGD 3f41f56067 PUD 3f264b7067 PMD 0
[ 71.524497] Oops: 0002 [#1] SMP DEBUG_PAGEALLOC
[ 71.529374] gsmi: Log Shutdown Reason 0x03
[ 71.533417] Modules linked in:[ 71.533826] mlx4_en: eth1: Link Up
[ 71.539616] bonding w1_therm wire cdc_acm ehci_pci ehci_hcd mlx4_en ib_uverbs mlx4_ib ib_core mlx4_core
[ 71.549282] CPU: 12 PID: 7915 Comm: set.ixion-haswe Not tainted 4.7.0-dbx-DEV #8
[ 71.556586] Hardware name: Intel Grantley,Wellsburg/Ixion_IT_15, BIOS 2.58.0 05/03/2016
[ 71.564495] task: ffff887f00bb20c0 ti: ffff887f00798000 task.ti: ffff887f00798000
[ 71.571894] RIP: 0010:[<ffffffff8153c1a0>] [<ffffffff8153c1a0>] tun_device_event+0x110/0x340
[ 71.580327] RSP: 0018:ffff887f0079bbd8 EFLAGS: 00010202
[ 71.585576] RAX: fffffffffffffae8 RBX: ffff887ef6d03378 RCX: 0000000000000000
[ 71.592624] RDX: 0000000000000000 RSI: 0000000000000028 RDI: 0000000000000000
[ 71.599675] RBP: ffff887f0079bc48 R08: 0000000000000000 R09: 0000000000000001
[ 71.606730] R10: 0000000000000004 R11: 0000000000000000 R12: 0000000000000010
[ 71.613780] R13: 0000000000000000 R14: 0000000000000001 R15: ffff887f0079bd00
[ 71.620832] FS: 00007f5cdc581700(0000) GS:ffff883f7f700000(0000) knlGS:0000000000000000
[ 71.628826] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 71.634500] CR2: 0000000000000010 CR3: 0000003f3eb62000 CR4: 00000000001406e0
[ 71.641549] Stack:
[ 71.643533] ffff887f0079bc08 0000000000000246 000000000000001e ffff887ef6d00000
[ 71.650871] ffff887f0079bd00 0000000000000000 0000000000000000 ffffffff00000000
[ 71.658210] ffff887f0079bc48 ffffffff81d24070 00000000fffffff9 ffffffff81cec7a0
[ 71.665549] Call Trace:
[ 71.667975] [<ffffffff810eeb0d>] notifier_call_chain+0x5d/0x80
[ 71.673823] [<ffffffff816365d0>] ? show_tx_maxrate+0x30/0x30
[ 71.679502] [<ffffffff810eeb3e>] __raw_notifier_call_chain+0xe/0x10
[ 71.685778] [<ffffffff810eeb56>] raw_notifier_call_chain+0x16/0x20
[ 71.691976] [<ffffffff8160eb30>] call_netdevice_notifiers_info+0x40/0x70
[ 71.698681] [<ffffffff8160ec36>] call_netdevice_notifiers+0x16/0x20
[ 71.704956] [<ffffffff81636636>] change_tx_queue_len+0x66/0x90
[ 71.710807] [<ffffffff816381ef>] netdev_store.isra.5+0xbf/0xd0
[ 71.716658] [<ffffffff81638350>] tx_queue_len_store+0x50/0x60
[ 71.722431] [<ffffffff814a6798>] dev_attr_store+0x18/0x30
[ 71.727857] [<ffffffff812ea3ff>] sysfs_kf_write+0x4f/0x70
[ 71.733274] [<ffffffff812e9507>] kernfs_fop_write+0x147/0x1d0
[ 71.739045] [<ffffffff81134a4f>] ? rcu_read_lock_sched_held+0x8f/0xa0
[ 71.745499] [<ffffffff8125a108>] __vfs_write+0x28/0x120
[ 71.750748] [<ffffffff8111b137>] ? percpu_down_read+0x57/0x90
[ 71.756516] [<ffffffff8125d7d8>] ? __sb_start_write+0xc8/0xe0
[ 71.762278] [<ffffffff8125d7d8>] ? __sb_start_write+0xc8/0xe0
[ 71.768038] [<ffffffff8125bd5e>] vfs_write+0xbe/0x1b0
[ 71.773113] [<ffffffff8125c092>] SyS_write+0x52/0xa0
[ 71.778110] [<ffffffff817528e5>] entry_SYSCALL_64_fastpath+0x18/0xa8
[ 71.784472] Code: 45 31 f6 48 8b 93 78 33 00 00 48 81 c3 78 33 00 00 48 39 d3 48 8d 82 e8 fa ff ff 74 25 48 8d b0 40 05 00 00 49 63 d6 41 83 c6 01 <49> 89 34 d4 48 8b 90 18 05 00 00 48 39 d3 48 8d 82 e8 fa ff ff
[ 71.803655] RIP [<ffffffff8153c1a0>] tun_device_event+0x110/0x340
[ 71.809769] RSP <ffff887f0079bbd8>
[ 71.813213] CR2: 0000000000000010
[ 71.816512] ---[ end trace 4db6449606319f73 ]---
Fixes: 1576d9860599 ("tun: switch to use skb array for tx")
Signed-off-by: Craig Gallek <kraig@google.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs
David Howells says:
====================
rxrpc: Improve conn/call lookup and fix call number generation [ver #3]
I've fixed a couple of patch descriptions and excised the patch that
duplicated the connections list for reconsideration at a later date.
For reference, the excised patch is sitting on the rxrpc-experimental
branch of my git tree, based on top of the rxrpc-rewrite branch. Diffing
it against yesterday's tag shows no differences.
Would you prefer the patch set to be emailed afresh instead of a git-pull
request?
David
---
Here's the next part of the AF_RXRPC rewrite. The two main purposes of
this set are to fix the call number handling and to make use of RCU when
looking up the connection or call to pass a received packet to.
Important changes in this set include:
(1) Avoidance of placing stack data into SG lists in rxkad so that kernel
stacks can become vmalloc'd (Herbert Xu).
(2) Calls cease pinning the connection they used as soon as possible,
which allows the connection to be discarded sooner and allows the call
channel on that connection to be reused earlier.
(3) Make each call channel on a connection have a separate and independent
call number space rather than having a shared number space for the
connection. Call numbers should increment monotonically per channel
on the client, and the server should ignore a call with a lower call
number for that channel than the latest it has seen. The RESPONSE
packet sets the minimum values of each call ID counter on a
connection.
(4) Look up calls by indexing the channel array on a connection rather
than by keeping calls in an rbtree on that connection. Also look up
calls using the channel array rather than using a hashtable.
The call hashtable can then be removed.
(5) Call terminal statuses are cached in the channel array for the last
call. It is assumed that if we the server have seen call N, then the
client no longer cares about call N-1 on the same channel.
This will allow retransmission of the terminal status in future
without the need to keep the rxrpc_call struct around.
(6) Peer lookups are moved out of common connection handling code and into
service connection handling code as client connections (a) must point
to a peer before they can be used and (b) are looked up by a
machine-unique connection ID directly, so we only need to look up the
peer first if we're going to deal with a service call.
(7) The reference count on a connection is held elevated by 1 whilst it is
alive (ie. idle unused connections have a refcount of 1). The reaper
will attempt to change the refcount from 1->0 and skip if this cannot
be done, whilst look ups only increment the refcount if it's non-zero.
This makes the implementation of RCU lookups easier as we don't have
to get a ref on the connection or a lock on the connection list to
prevent a connection being reaped whilst we're contemplating queueing
a packet that initiates a new service call upon it.
If we need to get a connection, but there's a dead connection in the
tree, we use rb_replace_node() to replace the dead one with a new one.
(8) Use a seqlock to validate the walk over the service connection rbtree
attached to a peer when it's being walked in RCU mode.
(9) Make the incoming call/connection packet handling code use RCU mode
and locks and make it only take a reference if the call/connection
gets queued on a workqueue.
The intention is that the next set will introduce the connection lifetime
management and capacity limits to prevent clients from overloading the
server.
There are some fixes too:
(1) Verifying that a packet coming in to a client connection came from the
expected source.
(2) Fix handling of connection failure in client call creation where we
don't reinitialise the list linkage block and a second attempt to
unlink the failed connection oopses and also we don't set the state
correctly, which causes an assertion failure.
(3) New service calls were being added to the socket's accept queue under
the wrong lock.
Changes:
(V2) In rxrpc_find_service_conn_rcu() initialised the sequence number to 0.
Fixed the RCU handling in conn_service.c by introducing and using
rb_replace_node_rcu() as an RCU-safe alternative in
rxrpc_publish_service_conn().
Modified and used rcu_dereference_raw() to avoid RCU sparse warnings
in rxrpc_find_service_conn_rcu().
Added in some missing RCU dereference wrappers. It seems to be
necessary to turn on CONFIG_PROVE_RCU_REPEATEDLY as well as
CONFIG_SPARSE_RCU_POINTER to get the static __rcu annotation checking
to happen.
Fixed some other sparse warnings, including a missing ntohs() in
jumbo packet processing.
(V3) Fixed some commit descriptions.
Excised the patch that duplicated the connection list to separate out
the procfs list for reconsideration at a later date.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Use the new APIs for eliminating a copy on the receive path. These new APIs also
help in minimizing the number of memory barriers we end up issuing (in the
ringbuffer code) since we can better control when we want to expose the ring
state to the host.
The patch is being resent to address earlier email issues.
Signed-off-by: K. Y. Srinivasan <kys@microsoft.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
hfsc_sched is huge (size: 920, cachelines: 15), but we can get it to 14
cachelines by placing level after filter_cnt (covering 4 byte hole) and
reducing period/nactive/flags to u32 (period is just a counter,
incremented when class becomes active -- 2**32 is plenty for this
purpose, also, long is only 32bit wide on 32bit platforms anyway).
cl_vtperiod is exported to userspace via tc_hfsc_stats, but its period
member is already u32, so no precision is lost there either.
Cc: Michal Soltys <soltys@ziu.info>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
This driver contains some complicated if ... else if ... else constructions.
These are replaced by switch statements to improve readability.
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
|
The driver for RTL8192DE chips is converted to use the common routine
for getting the hardware information.
Reported-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Cc: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
|
The driver for RTL8821AE chips is converted to use the common routine
for getting the hardware information.
Reported-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Cc: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
|
The driver for RTL8723BE chips is converted to use the common routine
for getting the hardware information.
Reported-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Cc: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
|
The driver for RTL8723AE chips is converted to use the common routine
for getting the hardware information.
Reported-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Cc: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
|
The driver for RTL8192EE chips is converted to use the common routine
for getting the hardware information.
Reported-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Cc: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
|
The driver for RTL8188EE chips is converted to use the common routine
for getting the hardware information.
Reported-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Cc: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
|
The driver for RTL8192CU chips is converted to use the common routine
for getting the hardware information.
Reported-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Cc: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
|
The driver for RTL8192CE chips is converted to use the common routine
for getting the hardware information.
Reported-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Cc: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
|
All of the rtlwifi family of drivers have a similar routine that acquires
the hardware info from efuse and initializes a number of variables in the
driver's private area. A common routine is created for all drivers to use.
Reported-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Cc: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
|
As interrupt is read in interrupt handler as well as interrupt processing
thread, we observed a corner case issue for MSI in which interrupt gets
processed twice.
This patch moves interrupt reading code for MSI mode from
mwifiex_interrupt_status() to mwifiex_pcie_process_int() to avoid the
issue.
Signed-off-by: Shengzhen Li <szli@marvell.com>
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
|
The PCIe driver didn't mask the host interrupts before trying to tear
down. This causes lockups at reboot or rmmod when using MSI-X on 8997,
since the MSI handler gets confused and locks up the system.
Also tested on 8897, which does not support MSI-X (and wasn't
experiencing this same bug). No regressions seen there.
Signed-off-by: Brian Norris <briannorris@chromium.org>
Tested-by: Douglas Anderson <dianders@chromium.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
|
PCIe-USB8997 variant is being used in the product. Let's change default
firmware from PCIe-UART to PCIe-USB. So by default PCIe-USB firmware would
be downloaded if version register doesn't give any information.
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
|
The two members min_scan_time and max_scan_time of structure
"mwifiex_ie_types_btcoex_scan_time" are of two bytes each. The values
are assigned directtly from firmware without endian conversion handling.
So, wrong datas will get saved in big-endian systems.
This patch converts the values into cpu's byte order before assigning them
into the local members.
Signed-off-by: Prasun Maiti <prasunmaiti87@gmail.com>
Acked-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
|
New firmwares (e.g. 10.10.69.36 for BCM4366) support "interface_remove"
for removing interfaces. Try to use this method on cfg80211 request. In
case of older firmwares (e.g. 7.35.177.56 for BCM43602 as I tested) this
will just result in firmware rejecting command and this won't change any
behavior.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
|
So far when receiving event about in-firmware-interface removal our
event worker was notifying listener and afterwards it was removing Linux
interface.
First of all it was resulting in slightly unexpected order. The listener
(del_virtual_intf callback) was (usually) returning with success before
we even called unregister_netdev(ice).
Please note this couldn't be simply fixed by changing order of calls in
brcmf_fweh_handle_if_event as unregistering interface earlier could free
struct brcmf_if.
Another problem of current implementation are possible lockups. Focus on
the time slot between calling event handler and removing Linux
interface. During that time original caller may leave (unlocking rtnl
semaphore) *and* another call to the same code may be done (locking it
again). If that happens our event handler will stuck at removing Linux
interface, it won't handle another event and will block process holding
rtnl lock.
This can be simply solved by unregistering interface in a proper
callback, right after receiving confirmation event from firmware. This
only required modifying worker to don't unregister on its own if there
is someone waiting for the event.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
|
scan_block flag is used to block scan operation when 4 way handshake
is in progress. Sometimes it doesn't get cleared due to incomplete
association. An example is assoc request/response is done, but add key
operation get canceled in some corner cases. As a result, further
association/scan operations are blocked.
This patch fixes the problem by clearing scan_block flag.
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Xinming Hu <huxm@marvell.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
|
This patch fix spelling typos found in drivers/net/wireless/realtek.
Signed-off-by: Masanari Iida <standby24x7@gmail.com>
Reviewed-by: Julian Calaby <julian.calaby@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
|
This allows the user to specify DMA aggregation timout and block
count. Blocks are presumably always 512 bytes, so the minimum block
count is 6 for 802.11 packets.
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
|
gen2 chips as well as 8188eu seems to use this register for setting
DMA timeout threshold values, however the 8192cu is using
REG_USB_DMA_AGG_TO. Set both to be on the safe side.
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
|
Let the default to off until we have more data on the right default
tuning values.
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
|
This enables aggregation on rtl8192cu and derivative parts. This uses
the same parameters as for rtl8723au.
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
|
Implement rtl8xxxu_gen1_init_aggregation(). Aggregation should be the
same for all gen1 parts. We may want to allow for tuning parameters in
the fileopes struct. For now this is based allocating 16KB RX buffers,
leaving 16000 bytes for actual packets, and the rest for the skb
overhead.
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
|
The old allocation didn't leave space for phystats in the buffer,
allowing the packet to be rejected if a frame size of size
IEEE80211_MAX_FRAME_LEN was received.
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
|
This adds support for allocating larger skbs for devices which
indicate they support it.
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
|
This implements support for demuxing aggregated RX packets on gen1
devices, using the rxdesc16 format.
So far this has only been tested with rtl8723au devices.
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
|
This corrects the definition of rxdesc16 to correctly specify pkt_cnt
for aggregated packets. This is based on the code of the vendor
rtl8723au driver, as opposed to the struct definitions they use.
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
|
When handling aggregated packets, we'll get a new ieee80211_rx_status
for each cloned skb, so passing in the pointer from the outside
doesn't make sense.
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
|
This is another prepatory patch to be able to handle aggregated RX
packets.
In order to avoid adding a prototype, this also moves the
rtl8723bu_handle_c2h() function.
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
|
This needs to be handled locally in the parse_rx_desc() function in
order to be able to handle aggregated packets in the future.
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
|
For my RIOT-OS in userspace experiments I need to create a fakelb
monitor interface. The fakelb doesn't filter anything on L2 and is a
purely raw interface. Because nl802154 checks on promiscuous mode which
need to supported by creating monitors this patch adds some no-op
promiscuous mode setting and the promiscuous flag.
Signed-off-by: Alexander Aring <aar@pengutronix.de>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
|
This patch cleanups the WARN_ON which occurs when the sk buffer has
insufficient buffer space by moving the WARN_ON into if condition.
Signed-off-by: Alexander Aring <aar@pengutronix.de>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
|
This patch fixes the behaviour to not overwrite csma settings when
set channel afterwards.
Cc: Stefan Schmidt <stefan@osg.samsung.com>
Acked-by: Stefan Schmidt <stefan@osg.samsung.com>
Signed-off-by: Alexander Aring <aar@pengutronix.de>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
|
When receiving neighbour information with short address option field we
should check the complete range of invalid short addresses and set it to
one invalid address setting which is the unspecified address. This
address is also used when by creating at first a new neighbour entry to
indicate no short address is set.
Signed-off-by: Alexander Aring <aar@pengutronix.de>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
|
This patch fixes ieee802154_get_fc_from_skb function on big endian
machines. The function get_unaligned_le16 converts the byte order to
host byte order but we want to keep the byte order like in mac header.
Signed-off-by: Alexander Aring <aar@pengutronix.de>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
|
The RIOT-OS stack does send intra-pan frames but don't set the intra pan
flag inside the mac header. It seems this is valid frame addressing but
inefficient. Anyway this patch adds a new function for intra pan
addressing, doesn't matter if intra pan flag or source and destination
are the same. The newly introduction function will be used to check on
intra pan addressing for 6lowpan.
Signed-off-by: Alexander Aring <aar@pengutronix.de>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
|
This patch adds ieee802154_skb_src_pan function to get the pointer
address of the source pan id at skb mac pointer.
Signed-off-by: Alexander Aring <aar@pengutronix.de>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
|
This patch adds ieee802154_skb_dst_pan function to get the pointer
address of the destination pan id at skb mac pointer.
Signed-off-by: Alexander Aring <aar@pengutronix.de>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
|
With current btusb.ko kernel module, Bluetooth pretends to be active
but there is no real activity.
I'm using an Acer Aspire VN7-791.
Output of lsusb:
Bus 003 Device 007: ID 0489:e092 Foxconn / Hon Hai
On my laptop, this device is actually used as a combo with wifi chipset
Atheros Qualcomm Killer N1525 Wireless-AC [168c:003e],
* Fix by adding a declaration in kernel sources drivers/bluetooth/btusb.c
{ USB_DEVICE(0x0489, 0xe092), .driver_info = BTUSB_QCA_ROME },
* Compiled extra module /lib/modules/4.4.0-22-generic/extra/btusb.ko
* Successfully tested against my phone (obex file transfer)
Signed-off-by: Yvain THONNART <yvain.thonnart@m4x.org>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
|
Kasan reported slab-out-of-bounds access in btmrvl_sdio:
[ 33.055400] ==================================================================
[ 33.062585] BUG: KASAN: slab-out-of-bounds in memcpy+0x24/0x50 at addr ffffffc0d89b4a00
[ 33.070529] Read of size 256 by task btmrvl_main_ser/3576
[ 33.075885] =============================================================================
[ 33.084002] BUG kmalloc-256 (Tainted: G B ): kasan: bad access detected
[ 33.091511] -----------------------------------------------------------------------------
<snip...>
[ 33.413498] Call trace:
[ 33.415928] [<ffffffc00020a440>] dump_backtrace+0x0/0x190
[ 33.421288] [<ffffffc00020a5ec>] show_stack+0x1c/0x28
[ 33.426305] [<ffffffc000b3288c>] dump_stack+0xa0/0xf8
[ 33.431320] [<ffffffc000396130>] print_trailer+0x158/0x16c
[ 33.436765] [<ffffffc0003962cc>] object_err+0x48/0x5c
[ 33.441780] [<ffffffc00039be24>] kasan_report+0x344/0x510
[ 33.447141] [<ffffffc00039afd8>] __asan_loadN+0x20/0x150
[ 33.452413] [<ffffffc00039b60c>] memcpy+0x20/0x50
[ 33.457084] [<ffffffc000595fcc>] swiotlb_tbl_map_single+0x2ec/0x310
[ 33.463305] [<ffffffc000596b54>] map_single+0x24/0x30
[ 33.468320] [<ffffffc0005970c8>] swiotlb_map_sg_attrs+0xec/0x21c
[ 33.474286] [<ffffffc000219d4c>] __swiotlb_map_sg_attrs+0x48/0xec
[ 33.480339] [<ffffffc0008ea610>] msdc_prepare_data.isra.11+0xf0/0x11c
[ 33.486733] [<ffffffc0008ecbd0>] msdc_ops_request+0x74/0xf0
[ 33.492266] [<ffffffc0008c6b38>] __mmc_start_request+0x78/0x8c
[ 33.498057] [<ffffffc0008c6d6c>] mmc_start_request+0x220/0x240
[ 33.503848] [<ffffffc0008c6e04>] mmc_wait_for_req+0x78/0x250
[ 33.509468] [<ffffffc0008d70fc>] mmc_io_rw_extended+0x2ec/0x388
[ 33.515347] [<ffffffc0008d8fc0>] sdio_io_rw_ext_helper+0x160/0x268
[ 33.521483] [<ffffffc0008d93fc>] sdio_writesb+0x40/0x50
[ 33.526677] [<ffffffbffc338b38>] btmrvl_sdio_host_to_card+0x124/0x1bc [btmrvl_sdio]
[ 33.534283] [<ffffffbffc3290a0>] btmrvl_service_main_thread+0x384/0x428 [btmrvl]
[ 33.541626] [<ffffffc0002518e8>] kthread+0x140/0x158
[ 33.546550] Memory state around the buggy address:
[ 33.551305] ffffffc0d89b4980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 33.558474] ffffffc0d89b4a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 33.565643] >ffffffc0d89b4a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[ 33.572809] ^
[ 33.579889] ffffffc0d89b4b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 33.587055] ffffffc0d89b4b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 33.594221] ==================================================================
The cause of this is that btmrvl_sdio_host_to_card can access memory region
out of its allocated space due to:
1. the requested block size is smaller than SDIO_BLOCK_SIZE, and/or
2. the allocated memory is not BTSDIO_DMA_ALIGN-aligned.
This patch fixes the issue by allocating a buffer which is big enough for
SDIO_BLOCK_SIZE transfer and/or BTSDIO_DMA_ALIGN address relocation.
Signed-off-by: Ricky Liang <jcliang@chromium.org>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
