1. 26 May, 2011 3 commits
    • Larry Finger's avatar
      rtlwifi: Fix kernel panic resulting from RX buffer allocation failure · a9e12869
      Larry Finger authored
      
      
      To handle amsdu_8k capability, the PCI routine of this driver must
      allocate receive buffers of order 2. Under heavy load, this causes
      fragmentation of memory. The present code releases the current buffer
      before checking to see if a new one is availble. Recovery from
      allocation failures is not possible, which results in kernel panics.
      
      The fix is to reorder the code to check that a new buffer can be
      allocated before the old one is released. If not possible, the
      received frame is dropped and the old one is reused. Without this
      change, it is impossible to transfer a 2 GB file without a kernel panic.
      Signed-off-by: default avatarLarry Finger <Larry.Finger@lwfinger.net>
      Cc: Stable <stable@vger.kernel.org>              [2.6.{37,38,39}]
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      a9e12869
    • Luciano Coelho's avatar
      nl80211: fix check for valid SSID size in scan operations · 208c72f4
      Luciano Coelho authored
      
      
      In both trigger_scan and sched_scan operations, we were checking for
      the SSID length before assigning the value correctly.  Since the
      memory was just kzalloc'ed, the check was always failing and SSID with
      over 32 characters were allowed to go through.
      
      This was causing a buffer overflow when copying the actual SSID to the
      proper place.
      
      This bug has been there since 2.6.29-rc4.
      
      Cc: stable@kernel.org
      Signed-off-by: default avatarLuciano Coelho <coelho@ti.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      208c72f4
    • Yogesh Ashok Powar's avatar
      mwifiex: correct event header length · 21bc7af6
      Yogesh Ashok Powar authored
      
      
      While decoding received event packet from firmware, 4 bytes
      of interface header are already removed unconditionally.
      So for handling event only 4 more bytes needs to be pulled.
      This is achieved by changing event header length to 4.
      
      Almost all the events, except BA stream related and AMSDU
      aggregation control events, do not have the payload in their
      event skb. Such events handling depends only on the event ID.
      This event ID is the first four bytes of the event skb, which
      is copied to a separate variable before pulling the skb header.
      Hence event handling worked only for those events that didn't
      have payload in event skb.
      
      This patch fixes the broken event path of the events with
      payload in their event skb without harming existing working
      event path for the events without payload.
      Signed-off-by: default avatarYogesh Ashok Powar <yogeshp@marvell.com>
      Signed-off-by: default avatarKiran Divekar <dkiran@marvell.com>
      Signed-off-by: default avatarBing Zhao <bzhao@marvell.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      21bc7af6
  2. 24 May, 2011 3 commits
  3. 19 May, 2011 31 commits
  4. 16 May, 2011 3 commits