Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v4.4.8 2016-04-20T06:42:03+00:00 2016-04-20T06:42:03+00:00 Arnd Bergmann arnd@arndb.de 2016-03-14T14:18:36+00:00 urn:sha1:a317579bb62ec6c1cb6bd7e5d0d8a25a746832f2 [ Upstream commit 83d6f1f15f8cce844b0a131cbc63e444620e48b5 ] Code that was added back in 2.6.38 has an obvious overflow when accessing a static array, and at the time it was added only a code comment was put in front of it as a reminder to have it reviewed properly. This has not happened, but gcc-6 now points to the specific overflow: drivers/net/wireless/ath/ath9k/eeprom.c: In function 'ath9k_hw_get_gain_boundaries_pdadcs': drivers/net/wireless/ath/ath9k/eeprom.c:483:44: error: array subscript is above array bounds [-Werror=array-bounds] maxPwrT4[i] = data_9287[idxL].pwrPdg[i][4]; ~~~~~~~~~~~~~~~~~~~~~~~~~^~~ It turns out that the correct array length exists in the local 'intercepts' variable of this function, so we can just use that instead of hardcoding '4', so this patch changes all three instances to use that variable. The other two instances were already correct, but it's more consistent this way. Signed-off-by: Arnd Bergmann <arnd@arndb.de> Fixes: 940cd2c12ebf ("ath9k_hw: merge the ar9287 version of ath9k_hw_get_gain_boundaries_pdadcs") Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2016-04-12T16:08:58+00:00 Matti Gottlieb matti.gottlieb@intel.com 2016-02-14T15:05:39+00:00 urn:sha1:0ae6554c2bbfa89218cf3a6e8d8d10581334f551 commit 905e36ae172c83a30894a3adefab7d4f850fcf54 upstream. If the opmode is stopped and started again we did not free the paging buffers. Fix that. In addition when freeing the firmware's paging download buffer, set the pointer to NULL. Signed-off-by: Matti Gottlieb <matti.gottlieb@intel.com> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2016-03-16T15:42:59+00:00 Liad Kaufman liad.kaufman@intel.com 2016-02-14T13:32:58+00:00 urn:sha1:8c904a4498dd61a5c58e7c38edc042268603202c commit fb896c44f88a75843a072cd6961b1615732f7811 upstream. Until this patch, when TXing non-sta the pending_frames counter wasn't increased, but it WAS decreased in iwl_mvm_rx_tx_cmd_single(), what makes it negative in certain conditions. This in turn caused much trouble when we need to remove the station since we won't be waiting forever until pending_frames gets 0. In certain cases, we were exhausting the station table even in BSS mode, because we had a lot of stale stations. Increase the counter also in iwl_mvm_tx_skb_non_sta() after a successful TX to avoid this outcome. Signed-off-by: Liad Kaufman <liad.kaufman@intel.com> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2016-03-03T23:07:32+00:00 Luca Coelho luciano.coelho@intel.com 2016-02-02T13:11:15+00:00 urn:sha1:74e579764007b3ef63d791116c7d252e0032cc1e commit 5e56276e7555b34550d51459a801ff75eca8b907 upstream. The firmware can perform a scheduled scan with not matchsets passed, but it can't send notification that results were found. Since the userspace then cannot know when we got new results and the firmware wouldn't trigger a wake in case we are sleeping, it's better not to allow scans without matchsets. This fixes https://bugzilla.kernel.org/show_bug.cgi?id=110831 Signed-off-by: Luca Coelho <luciano.coelho@intel.com> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2016-03-03T23:07:32+00:00 Oren Givon oren.givon@intel.com 2015-12-17T12:17:00+00:00 urn:sha1:3beb469074ec66079f3fcbed1c6cf06ca8bbc873 commit 006bda75d81fd27a583a3b310e9444fea2aa6ef2 upstream. Update and fix some 7265 PCI IDs entries. Signed-off-by: Oren Givon <oren.givon@intel.com> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2016-03-03T23:07:32+00:00 Emmanuel Grumbach emmanuel.grumbach@intel.com 2016-01-05T13:25:43+00:00 urn:sha1:8a55831546e7d558e7cb14e1c40c6d403d779c10 commit 62d7476d958ce06d7a10b02bdb30006870286fe2 upstream. 8000 device family has a new debug engine that needs to be configured differently than 7000's. The debug engine's DMA works in chunks of memory and the size of the buffer really means the start of the last chunk. Since one chunk is 256-byte long, we should configure the device to write to buffer_size - 256. This fixes a situation were the device would write to memory it is not allowed to access. Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2016-03-03T23:07:32+00:00 Emmanuel Grumbach emmanuel.grumbach@intel.com 2015-12-20T06:45:40+00:00 urn:sha1:d19573e8499198a75c2f7a0b22053bdd8eb48050 commit a1cdb1c59c8c203de2731fc6910598ed19c97e41 upstream. My commit below introduced a mutex in the transport to prevent concurrent operations. To do so, it added a flag (is_down) to make sure the transport is in the right state. This uncoverred an bug that didn't cause any harm until now: iwldvm calls stop_device and then starts the firmware without calling start_hw in between. While this flow is fine from the device configuration point of view (register, etc...), it is now forbidden by the new is_down flag. This led to this error to appear: iwlwifi 0000:05:00.0: Can't start_fw since the HW hasn't been started and the suspend would fail. This fixes: https://bugzilla.kernel.org/show_bug.cgi?id=109591 Reported-by: Bogdan Bogush <bogdan.s.bogush@gmail.com> Fixes=fa9f3281cbb1 ("iwlwifi: pcie: lock start_hw / start_fw / stop_device") Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2016-03-03T23:07:13+00:00 Larry Finger Larry.Finger@lwfinger.net 2015-12-14T22:34:31+00:00 urn:sha1:f037c35161f04459ff804eaa197a81f66f973379 commit 7079604ddb83f428359feace3aeaf8a9f435be4a upstream. This driver has a number of errors in the module initialization. These include the following: Parameter msi_support is stored in two places - one is removed. Paramters sw_crypto and disable_watchdog were never stored in the final locations, nor were they initialized properly. Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2016-03-03T23:07:13+00:00 Larry Finger Larry.Finger@lwfinger.net 2015-12-14T22:34:34+00:00 urn:sha1:e1b08009fb532a2785b8b38adec825488abc46fa commit 06f34572c6110e2e2d5e653a957f1d74db9e3f2b upstream. In this driver, parameters disable_watchdog and sw_crypto are never copied into the locations used in the main code. While modifying the parameter handling, the copying of parameter msi_support is moved to be with the rest. Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2016-03-03T23:07:13+00:00 Larry Finger Larry.Finger@lwfinger.net 2015-12-14T22:34:36+00:00 urn:sha1:da5c2c01da0cfccde6f2cedf35d8074d2bc19d10 commit 7503efbd82c15c4070adffff1344e5169d3634b4 upstream. Two of the module parameter descriptions show incorrect default values. In addition the value for software encryption is not transferred to the locations used by the driver. Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>