more .23 patches added

diff --git a/queue-2.6.23/alsa-hdsp-fix-zero-division.patch b/queue-2.6.23/alsa-hdsp-fix-zero-division.patch
new file mode 100644 (file)
index 0000000..db64914
--- /dev/null
+++ b/queue-2.6.23/alsa-hdsp-fix-zero-division.patch
@@ -0,0 +1,34 @@
+From 2a3988f6d2c5be9d02463097775d1c66a8290527 Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Tue, 16 Oct 2007 14:26:32 +0200
+Subject: ALSA: hdsp - Fix zero division
+Message-ID: <b28811ef0711061446q3eb7330cm31a4c57a9ed00cc3@mail.gmail.com>
+
+From: Takashi Iwai <tiwai@suse.de>
+
+patch 2a3988f6d2c5be9d02463097775d1c66a8290527 in mainline.
+
+Fix zero-division bug in the calculation dds offset.
+
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Jaroslav Kysela <perex@perex.cz>
+Cc: Maarten Bressers <mbressers@gmail.com>
+Cc: gentoo kernel <kernel@gentoo.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ sound/pci/rme9652/hdsp.c |    3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/sound/pci/rme9652/hdsp.c
++++ b/sound/pci/rme9652/hdsp.c
+@@ -3108,6 +3108,9 @@ static int hdsp_dds_offset(struct hdsp *
+       unsigned int dds_value = hdsp->dds_value;
+       int system_sample_rate = hdsp->system_sample_rate;
+ 
++      if (!dds_value)
++              return 0;
++
+       n = DDS_NUMERATOR;
+       /*
+        * dds_value = n / rate

diff --git a/queue-2.6.23/ieee80211-fix-tkip-qos-bug.patch b/queue-2.6.23/ieee80211-fix-tkip-qos-bug.patch
new file mode 100644 (file)
index 0000000..c39f5e5
--- /dev/null
+++ b/queue-2.6.23/ieee80211-fix-tkip-qos-bug.patch
@@ -0,0 +1,35 @@
+From stable-bounces@linux.kernel.org Fri Oct 26 14:06:50 2007
+From: Johannes Berg <johannes@sipsolutions.net>
+Date: Fri, 26 Oct 2007 17:04:29 -0400
+Subject: ieee80211: fix TKIP QoS bug
+To: stable@kernel.org
+Cc: Johannes Berg <johannes@sipsolutions.net>, linux-wireless@vger.kernel.org, "John W. Linville" <linville@tuxdriver.com>
+Message-ID: <11934326813508-git-send-email-linville@tuxdriver.com>
+
+
+From: Johannes Berg <johannes@sipsolutions.net>
+
+patch e797aa1b7da6bfcb2e19a10ae5ead9aa7aea732b in mainline.
+
+The commit 65b6a277 titled "ieee80211: Fix header->qos_ctl endian issue"
+*introduced* an endianness bug. Partially revert it.
+
+Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
+Signed-off-by: John W. Linville <linville@tuxdriver.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/ieee80211/ieee80211_crypt_tkip.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/ieee80211/ieee80211_crypt_tkip.c
++++ b/net/ieee80211/ieee80211_crypt_tkip.c
+@@ -584,7 +584,7 @@ static void michael_mic_hdr(struct sk_bu
+       if (stype & IEEE80211_STYPE_QOS_DATA) {
+               const struct ieee80211_hdr_3addrqos *qoshdr =
+                       (struct ieee80211_hdr_3addrqos *)skb->data;
+-              hdr[12] = qoshdr->qos_ctl & cpu_to_le16(IEEE80211_QCTL_TID);
++              hdr[12] = le16_to_cpu(qoshdr->qos_ctl) & IEEE80211_QCTL_TID;
+       } else
+               hdr[12] = 0;            /* priority */
+ 

diff --git a/queue-2.6.23/ipw2100-send-wext-scan-events.patch b/queue-2.6.23/ipw2100-send-wext-scan-events.patch
new file mode 100644 (file)
index 0000000..13a5b1a
--- /dev/null
+++ b/queue-2.6.23/ipw2100-send-wext-scan-events.patch
@@ -0,0 +1,115 @@
+From stable-bounces@linux.kernel.org Fri Oct 26 14:07:23 2007
+From: Dan Williams <dcbw@redhat.com>
+Date: Fri, 26 Oct 2007 17:04:37 -0400
+Subject: ipw2100: send WEXT scan events
+To: stable@kernel.org
+Cc: Dan Williams <dcbw@redhat.com>, linux-wireless@vger.kernel.org, "John W. Linville" <linville@tuxdriver.com>
+Message-ID: <11934326831029-git-send-email-linville@tuxdriver.com>
+
+
+From: Dan Williams <dcbw@redhat.com>
+
+patch d20c678a450a25c1c12925f60c1b4cc040acc17d in mainline
+
+ipw2100 wasn't sending WEXT scan events at all on scan completion.  And
+like ipw2200, the driver aggressively auto-scans, requiring
+non-user-requested scan events to be batched together and sent at
+specific intervals instead of many times per seconds.
+
+Signed-off-by: Dan Williams <dcbw@redhat.com>
+Signed-off-by: John W. Linville <linville@tuxdriver.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/net/wireless/ipw2100.c |   39 +++++++++++++++++++++++++++++++++++++++
+ drivers/net/wireless/ipw2100.h |    4 ++++
+ 2 files changed, 43 insertions(+)
+
+--- a/drivers/net/wireless/ipw2100.c
++++ b/drivers/net/wireless/ipw2100.c
+@@ -2102,12 +2102,46 @@ static void isr_indicate_rf_kill(struct 
+       queue_delayed_work(priv->workqueue, &priv->rf_kill, round_jiffies(HZ));
+ }
+ 
++static void send_scan_event(void *data)
++{
++      struct ipw2100_priv *priv = data;
++      union iwreq_data wrqu;
++
++      wrqu.data.length = 0;
++      wrqu.data.flags = 0;
++      wireless_send_event(priv->net_dev, SIOCGIWSCAN, &wrqu, NULL);
++}
++
++static void ipw2100_scan_event_later(struct work_struct *work)
++{
++      send_scan_event(container_of(work, struct ipw2100_priv,
++                                      scan_event_later.work));
++}
++
++static void ipw2100_scan_event_now(struct work_struct *work)
++{
++      send_scan_event(container_of(work, struct ipw2100_priv,
++                                      scan_event_now));
++}
++
+ static void isr_scan_complete(struct ipw2100_priv *priv, u32 status)
+ {
+       IPW_DEBUG_SCAN("scan complete\n");
+       /* Age the scan results... */
+       priv->ieee->scans++;
+       priv->status &= ~STATUS_SCANNING;
++
++      /* Only userspace-requested scan completion events go out immediately */
++      if (!priv->user_requested_scan) {
++              if (!delayed_work_pending(&priv->scan_event_later))
++                      queue_delayed_work(priv->workqueue,
++                                      &priv->scan_event_later,
++                                      round_jiffies(msecs_to_jiffies(4000)));
++      } else {
++              priv->user_requested_scan = 0;
++              cancel_delayed_work(&priv->scan_event_later);
++              queue_work(priv->workqueue, &priv->scan_event_now);
++      }
+ }
+ 
+ #ifdef CONFIG_IPW2100_DEBUG
+@@ -4376,6 +4410,7 @@ static void ipw2100_kill_workqueue(struc
+               cancel_delayed_work(&priv->wx_event_work);
+               cancel_delayed_work(&priv->hang_check);
+               cancel_delayed_work(&priv->rf_kill);
++              cancel_delayed_work(&priv->scan_event_later);
+               destroy_workqueue(priv->workqueue);
+               priv->workqueue = NULL;
+       }
+@@ -6118,6 +6153,8 @@ static struct net_device *ipw2100_alloc_
+       INIT_DELAYED_WORK(&priv->wx_event_work, ipw2100_wx_event_work);
+       INIT_DELAYED_WORK(&priv->hang_check, ipw2100_hang_check);
+       INIT_DELAYED_WORK(&priv->rf_kill, ipw2100_rf_kill);
++      INIT_WORK(&priv->scan_event_now, ipw2100_scan_event_now);
++      INIT_DELAYED_WORK(&priv->scan_event_later, ipw2100_scan_event_later);
+ 
+       tasklet_init(&priv->irq_tasklet, (void (*)(unsigned long))
+                    ipw2100_irq_tasklet, (unsigned long)priv);
+@@ -7427,6 +7464,8 @@ static int ipw2100_wx_set_scan(struct ne
+       }
+ 
+       IPW_DEBUG_WX("Initiating scan...\n");
++
++      priv->user_requested_scan = 1;
+       if (ipw2100_set_scan_options(priv) || ipw2100_start_scan(priv)) {
+               IPW_DEBUG_WX("Start scan failed.\n");
+ 
+--- a/drivers/net/wireless/ipw2100.h
++++ b/drivers/net/wireless/ipw2100.h
+@@ -588,6 +588,10 @@ struct ipw2100_priv {
+       struct delayed_work wx_event_work;
+       struct delayed_work hang_check;
+       struct delayed_work rf_kill;
++      struct work_struct scan_event_now;
++      struct delayed_work scan_event_later;
++
++      int user_requested_scan;
+ 
+       u32 interrupts;
+       int tx_interrupts;

diff --git a/queue-2.6.23/mac80211-honor-iw_scan_this_essid-in-siwscan-ioctl.patch b/queue-2.6.23/mac80211-honor-iw_scan_this_essid-in-siwscan-ioctl.patch
new file mode 100644 (file)
index 0000000..c6f8965
--- /dev/null
+++ b/queue-2.6.23/mac80211-honor-iw_scan_this_essid-in-siwscan-ioctl.patch
@@ -0,0 +1,85 @@
+From stable-bounces@linux.kernel.org Fri Oct 26 14:08:18 2007
+From: Bill Moss <bmoss@clemson.edu>
+Date: Fri, 26 Oct 2007 17:04:33 -0400
+Subject: mac80211: honor IW_SCAN_THIS_ESSID in siwscan ioctl
+To: stable@kernel.org
+Cc: Abhijeet Kolekar <abhijeet.kolekar@intel.com>, linux-wireless@vger.kernel.org, "John W. Linville" <linville@tuxdriver.com>, Bill Moss <bmoss@clemson.edu>
+Message-ID: <11934326823646-git-send-email-linville@tuxdriver.com>
+
+
+From: Bill Moss <bmoss@clemson.edu>
+
+patch 107acb23ba763197d390ae9ffd347f3e2a524d39 in mainline.
+
+This patch fixes the problem of associating with wpa_secured hidden
+AP.  Please try out.
+
+The original author of this patch is Bill Moss <bmoss@clemson.edu>
+
+Signed-off-by: Abhijeet Kolekar <abhijeet.kolekar@intel.com>
+Signed-off-by: John W. Linville <linville@tuxdriver.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/mac80211/ieee80211_ioctl.c |   40 ++++++++++++++++++++++++----------------
+ 1 file changed, 24 insertions(+), 16 deletions(-)
+
+--- a/net/mac80211/ieee80211_ioctl.c
++++ b/net/mac80211/ieee80211_ioctl.c
+@@ -687,32 +687,40 @@ static int ieee80211_ioctl_giwap(struct 
+ 
+ static int ieee80211_ioctl_siwscan(struct net_device *dev,
+                                  struct iw_request_info *info,
+-                                 struct iw_point *data, char *extra)
++                                 union iwreq_data *wrqu, char *extra)
+ {
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
++      struct iw_scan_req *req = NULL;
+       u8 *ssid = NULL;
+       size_t ssid_len = 0;
+ 
+       if (!netif_running(dev))
+               return -ENETDOWN;
+ 
+-      switch (sdata->type) {
+-      case IEEE80211_IF_TYPE_STA:
+-      case IEEE80211_IF_TYPE_IBSS:
+-              if (local->scan_flags & IEEE80211_SCAN_MATCH_SSID) {
+-                      ssid = sdata->u.sta.ssid;
+-                      ssid_len = sdata->u.sta.ssid_len;
+-              }
+-              break;
+-      case IEEE80211_IF_TYPE_AP:
+-              if (local->scan_flags & IEEE80211_SCAN_MATCH_SSID) {
+-                      ssid = sdata->u.ap.ssid;
+-                      ssid_len = sdata->u.ap.ssid_len;
++      if (wrqu->data.length == sizeof(struct iw_scan_req) &&
++          wrqu->data.flags & IW_SCAN_THIS_ESSID) {
++              req = (struct iw_scan_req *)extra;
++              ssid = req->essid;
++              ssid_len = req->essid_len;
++      } else {
++              switch (sdata->type) {
++              case IEEE80211_IF_TYPE_STA:
++              case IEEE80211_IF_TYPE_IBSS:
++                      if (local->scan_flags & IEEE80211_SCAN_MATCH_SSID) {
++                              ssid = sdata->u.sta.ssid;
++                              ssid_len = sdata->u.sta.ssid_len;
++                      }
++                      break;
++              case IEEE80211_IF_TYPE_AP:
++                      if (local->scan_flags & IEEE80211_SCAN_MATCH_SSID) {
++                              ssid = sdata->u.ap.ssid;
++                              ssid_len = sdata->u.ap.ssid_len;
++                      }
++                      break;
++              default:
++                      return -EOPNOTSUPP;
+               }
+-              break;
+-      default:
+-              return -EOPNOTSUPP;
+       }
+ 
+       return ieee80211_sta_req_scan(dev, ssid, ssid_len);

diff --git a/queue-2.6.23/mac80211-make-ieee802_11_parse_elems-return-void.patch b/queue-2.6.23/mac80211-make-ieee802_11_parse_elems-return-void.patch
new file mode 100644 (file)
index 0000000..e1bf84b
--- /dev/null
+++ b/queue-2.6.23/mac80211-make-ieee802_11_parse_elems-return-void.patch
@@ -0,0 +1,164 @@
+From stable-bounces@linux.kernel.org Fri Oct 26 14:07:45 2007
+From: "John W. Linville" <linville@tuxdriver.com>
+Date: Fri, 26 Oct 2007 17:04:35 -0400
+Subject: mac80211: make ieee802_11_parse_elems return void
+To: stable@kernel.org
+Cc: linux-wireless@vger.kernel.org, "John W. Linville" <linville@tuxdriver.com>
+Message-ID: <11934326823109-git-send-email-linville@tuxdriver.com>
+
+
+From: John W. Linville <linville@tuxdriver.com>
+
+patch 67a4cce4a89718d252b61aaf58882c69c0e2f6e3 in mainline.
+
+Some APs send management frames with junk padding after the last IE.
+We already account for a similar problem with some Apple Airport
+devices, but at least one device is known to send more than a single
+extra byte.  The device in question is the Draytek Vigor2900:
+
+       http://www.draytek.com.au/products/Vigor2900.php
+
+The junk in question looks like an IE that runs off the end of the
+frame.  This cause us to return ParseFailed.  Since the frame in
+question is an association response, this causes us to fail to associate
+with this AP.
+
+The return code from ieee802_11_parse_elems is superfluous.
+All callers still check for the presence of the specific IEs that
+interest them anyway.  So, remove the return code so the parse never
+"fails".
+
+Acked-by: Michael Wu <flamingice@sourmilk.net>
+Signed-off-by: John W. Linville <linville@tuxdriver.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/mac80211/ieee80211_sta.c |   56 ++++++-------------------------------------
+ 1 file changed, 9 insertions(+), 47 deletions(-)
+
+--- a/net/mac80211/ieee80211_sta.c
++++ b/net/mac80211/ieee80211_sta.c
+@@ -108,15 +108,11 @@ struct ieee802_11_elems {
+       u8 wmm_param_len;
+ };
+ 
+-typedef enum { ParseOK = 0, ParseUnknown = 1, ParseFailed = -1 } ParseRes;
+-
+-
+-static ParseRes ieee802_11_parse_elems(u8 *start, size_t len,
+-                                     struct ieee802_11_elems *elems)
++static void ieee802_11_parse_elems(u8 *start, size_t len,
++                                 struct ieee802_11_elems *elems)
+ {
+       size_t left = len;
+       u8 *pos = start;
+-      int unknown = 0;
+ 
+       memset(elems, 0, sizeof(*elems));
+ 
+@@ -127,15 +123,8 @@ static ParseRes ieee802_11_parse_elems(u
+               elen = *pos++;
+               left -= 2;
+ 
+-              if (elen > left) {
+-#if 0
+-                      if (net_ratelimit())
+-                              printk(KERN_DEBUG "IEEE 802.11 element parse "
+-                                     "failed (id=%d elen=%d left=%d)\n",
+-                                     id, elen, left);
+-#endif
+-                      return ParseFailed;
+-              }
++              if (elen > left)
++                      return;
+ 
+               switch (id) {
+               case WLAN_EID_SSID:
+@@ -202,28 +191,15 @@ static ParseRes ieee802_11_parse_elems(u
+                       elems->ext_supp_rates_len = elen;
+                       break;
+               default:
+-#if 0
+-                      printk(KERN_DEBUG "IEEE 802.11 element parse ignored "
+-                                    "unknown element (id=%d elen=%d)\n",
+-                                    id, elen);
+-#endif
+-                      unknown++;
+                       break;
+               }
+ 
+               left -= elen;
+               pos += elen;
+       }
+-
+-      /* Do not trigger error if left == 1 as Apple Airport base stations
+-       * send AssocResps that are one spurious byte too long. */
+-
+-      return unknown ? ParseUnknown : ParseOK;
+ }
+ 
+ 
+-
+-
+ static int ecw2cw(int ecw)
+ {
+       int cw = 1;
+@@ -907,12 +883,7 @@ static void ieee80211_auth_challenge(str
+ 
+       printk(KERN_DEBUG "%s: replying to auth challenge\n", dev->name);
+       pos = mgmt->u.auth.variable;
+-      if (ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems)
+-          == ParseFailed) {
+-              printk(KERN_DEBUG "%s: failed to parse Auth(challenge)\n",
+-                     dev->name);
+-              return;
+-      }
++      ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems);
+       if (!elems.challenge) {
+               printk(KERN_DEBUG "%s: no challenge IE in shared key auth "
+                      "frame\n", dev->name);
+@@ -1200,12 +1171,7 @@ static void ieee80211_rx_mgmt_assoc_resp
+       aid &= ~(BIT(15) | BIT(14));
+ 
+       pos = mgmt->u.assoc_resp.variable;
+-      if (ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems)
+-          == ParseFailed) {
+-              printk(KERN_DEBUG "%s: failed to parse AssocResp\n",
+-                     dev->name);
+-              return;
+-      }
++      ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems);
+ 
+       if (!elems.supp_rates) {
+               printk(KERN_DEBUG "%s: no SuppRates element in AssocResp\n",
+@@ -1434,7 +1400,7 @@ static void ieee80211_rx_bss_info(struct
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct ieee802_11_elems elems;
+       size_t baselen;
+-      int channel, invalid = 0, clen;
++      int channel, clen;
+       struct ieee80211_sta_bss *bss;
+       struct sta_info *sta;
+       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+@@ -1478,9 +1444,7 @@ static void ieee80211_rx_bss_info(struct
+ #endif /* CONFIG_MAC80211_IBSS_DEBUG */
+       }
+ 
+-      if (ieee802_11_parse_elems(mgmt->u.beacon.variable, len - baselen,
+-                                 &elems) == ParseFailed)
+-              invalid = 1;
++      ieee802_11_parse_elems(mgmt->u.beacon.variable, len - baselen, &elems);
+ 
+       if (sdata->type == IEEE80211_IF_TYPE_IBSS && elems.supp_rates &&
+           memcmp(mgmt->bssid, sdata->u.sta.bssid, ETH_ALEN) == 0 &&
+@@ -1699,9 +1663,7 @@ static void ieee80211_rx_mgmt_beacon(str
+       if (baselen > len)
+               return;
+ 
+-      if (ieee802_11_parse_elems(mgmt->u.beacon.variable, len - baselen,
+-                                 &elems) == ParseFailed)
+-              return;
++      ieee802_11_parse_elems(mgmt->u.beacon.variable, len - baselen, &elems);
+ 
+       if (elems.erp_info && elems.erp_info_len >= 1)
+               ieee80211_handle_erp_ie(dev, elems.erp_info[0]);

diff --git a/queue-2.6.23/mac80211-only-honor-iw_scan_this_essid-in-sta-ibss-and-ap-modes.patch b/queue-2.6.23/mac80211-only-honor-iw_scan_this_essid-in-sta-ibss-and-ap-modes.patch
new file mode 100644 (file)
index 0000000..814988d
--- /dev/null
+++ b/queue-2.6.23/mac80211-only-honor-iw_scan_this_essid-in-sta-ibss-and-ap-modes.patch
@@ -0,0 +1,75 @@
+From stable-bounces@linux.kernel.org Fri Oct 26 14:07:34 2007
+From: "John W. Linville" <linville@tuxdriver.com>
+Date: Fri, 26 Oct 2007 17:04:34 -0400
+Subject: mac80211: only honor IW_SCAN_THIS_ESSID in STA, IBSS, and AP modes
+To: stable@kernel.org
+Cc: linux-wireless@vger.kernel.org, "John W. Linville" <linville@tuxdriver.com>
+Message-ID: <11934326821301-git-send-email-linville@tuxdriver.com>
+
+
+From: John W. Linville <linville@tuxdriver.com>
+
+patch d114f399b4da6fa7f9da3bbf1fb841370c11e788 in mainline.
+
+The previous IW_SCAN_THIS_ESSID patch left a hole allowing scan
+requests on interfaces in inappropriate modes.
+
+Signed-off-by: John W. Linville <linville@tuxdriver.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/mac80211/ieee80211_ioctl.c |   37 +++++++++++++++++++------------------
+ 1 file changed, 19 insertions(+), 18 deletions(-)
+
+--- a/net/mac80211/ieee80211_ioctl.c
++++ b/net/mac80211/ieee80211_ioctl.c
+@@ -698,29 +698,30 @@ static int ieee80211_ioctl_siwscan(struc
+       if (!netif_running(dev))
+               return -ENETDOWN;
+ 
++      switch (sdata->type) {
++      case IEEE80211_IF_TYPE_STA:
++      case IEEE80211_IF_TYPE_IBSS:
++              if (local->scan_flags & IEEE80211_SCAN_MATCH_SSID) {
++                      ssid = sdata->u.sta.ssid;
++                      ssid_len = sdata->u.sta.ssid_len;
++              }
++              break;
++      case IEEE80211_IF_TYPE_AP:
++              if (local->scan_flags & IEEE80211_SCAN_MATCH_SSID) {
++                      ssid = sdata->u.ap.ssid;
++                      ssid_len = sdata->u.ap.ssid_len;
++              }
++              break;
++      default:
++              return -EOPNOTSUPP;
++      }
++
++      /* if SSID was specified explicitly then use that */
+       if (wrqu->data.length == sizeof(struct iw_scan_req) &&
+           wrqu->data.flags & IW_SCAN_THIS_ESSID) {
+               req = (struct iw_scan_req *)extra;
+               ssid = req->essid;
+               ssid_len = req->essid_len;
+-      } else {
+-              switch (sdata->type) {
+-              case IEEE80211_IF_TYPE_STA:
+-              case IEEE80211_IF_TYPE_IBSS:
+-                      if (local->scan_flags & IEEE80211_SCAN_MATCH_SSID) {
+-                              ssid = sdata->u.sta.ssid;
+-                              ssid_len = sdata->u.sta.ssid_len;
+-                      }
+-                      break;
+-              case IEEE80211_IF_TYPE_AP:
+-                      if (local->scan_flags & IEEE80211_SCAN_MATCH_SSID) {
+-                              ssid = sdata->u.ap.ssid;
+-                              ssid_len = sdata->u.ap.ssid_len;
+-                      }
+-                      break;
+-              default:
+-                      return -EOPNOTSUPP;
+-              }
+       }
+ 
+       return ieee80211_sta_req_scan(dev, ssid, ssid_len);

diff --git a/queue-2.6.23/mac80211-reorder-association-debug-output.patch b/queue-2.6.23/mac80211-reorder-association-debug-output.patch
new file mode 100644 (file)
index 0000000..c0296f4
--- /dev/null
+++ b/queue-2.6.23/mac80211-reorder-association-debug-output.patch
@@ -0,0 +1,56 @@
+From stable-bounces@linux.kernel.org Fri Oct 26 14:07:12 2007
+From: Johannes Berg <johannes@sipsolutions.net>
+Date: Fri, 26 Oct 2007 17:04:30 -0400
+Subject: mac80211: reorder association debug output
+To: stable@kernel.org
+Cc: Johannes Berg <johannes@sipsolutions.net>, linux-wireless@vger.kernel.org, "John W. Linville" <linville@tuxdriver.com>
+Message-ID: <1193432681145-git-send-email-linville@tuxdriver.com>
+
+
+From: Johannes Berg <johannes@sipsolutions.net>
+
+patch 1dd84aa213d0f98a91a1ec9be2f750f5f48e75a0 in mainline.
+
+There's no reason to warn about an invalid AID field when the
+association was denied.
+
+Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
+Acked-by: Michael Wu <flamingice@sourmilk.net>
+Signed-off-by: John W. Linville <linville@tuxdriver.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/mac80211/ieee80211_sta.c |   11 ++++++-----
+ 1 file changed, 6 insertions(+), 5 deletions(-)
+
+--- a/net/mac80211/ieee80211_sta.c
++++ b/net/mac80211/ieee80211_sta.c
+@@ -1174,15 +1174,11 @@ static void ieee80211_rx_mgmt_assoc_resp
+       capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
+       status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code);
+       aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
+-      if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14)))
+-              printk(KERN_DEBUG "%s: invalid aid value %d; bits 15:14 not "
+-                     "set\n", dev->name, aid);
+-      aid &= ~(BIT(15) | BIT(14));
+ 
+       printk(KERN_DEBUG "%s: RX %sssocResp from " MAC_FMT " (capab=0x%x "
+              "status=%d aid=%d)\n",
+              dev->name, reassoc ? "Rea" : "A", MAC_ARG(mgmt->sa),
+-             capab_info, status_code, aid);
++             capab_info, status_code, aid & ~(BIT(15) | BIT(14)));
+ 
+       if (status_code != WLAN_STATUS_SUCCESS) {
+               printk(KERN_DEBUG "%s: AP denied association (code=%d)\n",
+@@ -1192,6 +1188,11 @@ static void ieee80211_rx_mgmt_assoc_resp
+               return;
+       }
+ 
++      if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14)))
++              printk(KERN_DEBUG "%s: invalid aid value %d; bits 15:14 not "
++                     "set\n", dev->name, aid);
++      aid &= ~(BIT(15) | BIT(14));
++
+       pos = mgmt->u.assoc_resp.variable;
+       if (ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems)
+           == ParseFailed) {

diff --git a/queue-2.6.23/mac80211-store-channel-info-in-sta_bss_list.patch b/queue-2.6.23/mac80211-store-channel-info-in-sta_bss_list.patch
new file mode 100644 (file)
index 0000000..28e7b9c
--- /dev/null
+++ b/queue-2.6.23/mac80211-store-channel-info-in-sta_bss_list.patch
@@ -0,0 +1,181 @@
+From stable-bounces@linux.kernel.org Fri Oct 26 14:08:07 2007
+From: "John W. Linville" <linville@tuxdriver.com>
+Date: Fri, 26 Oct 2007 17:04:31 -0400
+Subject: mac80211: store channel info in sta_bss_list
+To: stable@kernel.org
+Cc: linux-wireless@vger.kernel.org, "John W. Linville" <linville@tuxdriver.com>
+Message-ID: <11934326812028-git-send-email-linville@tuxdriver.com>
+
+From: John W. Linville <linville@tuxdriver.com>
+
+patch 65c107ab3befc37b21d1c970a6159525bc0121b8 in mainline.
+
+Some AP equipment "in the wild" uses the same BSSID on multiple channels
+(particularly "a" vs. "b/g").  This patch changes the key of sta_bss_list
+to include both the BSSID and the channel so as to prevent a BSSID on
+one channel from eclipsing the same BSSID on another channel.
+
+Signed-off-by: John W. Linville <linville@tuxdriver.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/mac80211/ieee80211_sta.c |   35 ++++++++++++++++++++---------------
+ 1 file changed, 20 insertions(+), 15 deletions(-)
+
+--- a/net/mac80211/ieee80211_sta.c
++++ b/net/mac80211/ieee80211_sta.c
+@@ -61,7 +61,7 @@
+ static void ieee80211_send_probe_req(struct net_device *dev, u8 *dst,
+                                    u8 *ssid, size_t ssid_len);
+ static struct ieee80211_sta_bss *
+-ieee80211_rx_bss_get(struct net_device *dev, u8 *bssid);
++ieee80211_rx_bss_get(struct net_device *dev, u8 *bssid, int channel);
+ static void ieee80211_rx_bss_put(struct net_device *dev,
+                                struct ieee80211_sta_bss *bss);
+ static int ieee80211_sta_find_ibss(struct net_device *dev,
+@@ -387,6 +387,7 @@ static void ieee80211_set_associated(str
+                                    struct ieee80211_if_sta *ifsta, int assoc)
+ {
+       union iwreq_data wrqu;
++      struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+ 
+       if (ifsta->associated == assoc)
+@@ -401,7 +402,8 @@ static void ieee80211_set_associated(str
+               if (sdata->type != IEEE80211_IF_TYPE_STA)
+                       return;
+ 
+-              bss = ieee80211_rx_bss_get(dev, ifsta->bssid);
++              bss = ieee80211_rx_bss_get(dev, ifsta->bssid,
++                                         local->hw.conf.channel);
+               if (bss) {
+                       if (bss->has_erp_value)
+                               ieee80211_handle_erp_ie(dev, bss->erp_value);
+@@ -543,7 +545,7 @@ static void ieee80211_send_assoc(struct 
+               capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME |
+                       WLAN_CAPABILITY_SHORT_PREAMBLE;
+       }
+-      bss = ieee80211_rx_bss_get(dev, ifsta->bssid);
++      bss = ieee80211_rx_bss_get(dev, ifsta->bssid, local->hw.conf.channel);
+       if (bss) {
+               if (bss->capability & WLAN_CAPABILITY_PRIVACY)
+                       capab |= WLAN_CAPABILITY_PRIVACY;
+@@ -695,6 +697,7 @@ static void ieee80211_send_disassoc(stru
+ static int ieee80211_privacy_mismatch(struct net_device *dev,
+                                     struct ieee80211_if_sta *ifsta)
+ {
++      struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct ieee80211_sta_bss *bss;
+       int res = 0;
+ 
+@@ -702,7 +705,7 @@ static int ieee80211_privacy_mismatch(st
+           ifsta->key_mgmt != IEEE80211_KEY_MGMT_NONE)
+               return 0;
+ 
+-      bss = ieee80211_rx_bss_get(dev, ifsta->bssid);
++      bss = ieee80211_rx_bss_get(dev, ifsta->bssid, local->hw.conf.channel);
+       if (!bss)
+               return 0;
+ 
+@@ -1211,7 +1214,8 @@ static void ieee80211_rx_mgmt_assoc_resp
+        * update our stored copy */
+       if (elems.erp_info && elems.erp_info_len >= 1) {
+               struct ieee80211_sta_bss *bss
+-                      = ieee80211_rx_bss_get(dev, ifsta->bssid);
++                      = ieee80211_rx_bss_get(dev, ifsta->bssid,
++                                             local->hw.conf.channel);
+               if (bss) {
+                       bss->erp_value = elems.erp_info[0];
+                       bss->has_erp_value = 1;
+@@ -1241,7 +1245,8 @@ static void ieee80211_rx_mgmt_assoc_resp
+                              " AP\n", dev->name);
+                       return;
+               }
+-              bss = ieee80211_rx_bss_get(dev, ifsta->bssid);
++              bss = ieee80211_rx_bss_get(dev, ifsta->bssid,
++                                         local->hw.conf.channel);
+               if (bss) {
+                       sta->last_rssi = bss->rssi;
+                       sta->last_signal = bss->signal;
+@@ -1322,7 +1327,7 @@ static void __ieee80211_rx_bss_hash_del(
+ 
+ 
+ static struct ieee80211_sta_bss *
+-ieee80211_rx_bss_add(struct net_device *dev, u8 *bssid)
++ieee80211_rx_bss_add(struct net_device *dev, u8 *bssid, int channel)
+ {
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct ieee80211_sta_bss *bss;
+@@ -1333,6 +1338,7 @@ ieee80211_rx_bss_add(struct net_device *
+       atomic_inc(&bss->users);
+       atomic_inc(&bss->users);
+       memcpy(bss->bssid, bssid, ETH_ALEN);
++      bss->channel = channel;
+ 
+       spin_lock_bh(&local->sta_bss_lock);
+       /* TODO: order by RSSI? */
+@@ -1344,7 +1350,7 @@ ieee80211_rx_bss_add(struct net_device *
+ 
+ 
+ static struct ieee80211_sta_bss *
+-ieee80211_rx_bss_get(struct net_device *dev, u8 *bssid)
++ieee80211_rx_bss_get(struct net_device *dev, u8 *bssid, int channel)
+ {
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct ieee80211_sta_bss *bss;
+@@ -1352,7 +1358,8 @@ ieee80211_rx_bss_get(struct net_device *
+       spin_lock_bh(&local->sta_bss_lock);
+       bss = local->sta_bss_hash[STA_HASH(bssid)];
+       while (bss) {
+-              if (memcmp(bss->bssid, bssid, ETH_ALEN) == 0) {
++              if (memcmp(bss->bssid, bssid, ETH_ALEN) == 0 &&
++                  bss->channel == channel) {
+                       atomic_inc(&bss->users);
+                       break;
+               }
+@@ -1520,9 +1527,9 @@ static void ieee80211_rx_bss_info(struct
+       else
+               channel = rx_status->channel;
+ 
+-      bss = ieee80211_rx_bss_get(dev, mgmt->bssid);
++      bss = ieee80211_rx_bss_get(dev, mgmt->bssid, channel);
+       if (!bss) {
+-              bss = ieee80211_rx_bss_add(dev, mgmt->bssid);
++              bss = ieee80211_rx_bss_add(dev, mgmt->bssid, channel);
+               if (!bss)
+                       return;
+       } else {
+@@ -1622,7 +1629,6 @@ static void ieee80211_rx_bss_info(struct
+ 
+ 
+       bss->hw_mode = rx_status->phymode;
+-      bss->channel = channel;
+       bss->freq = rx_status->freq;
+       if (channel != rx_status->channel &&
+           (bss->hw_mode == MODE_IEEE80211G ||
+@@ -2355,7 +2361,7 @@ static int ieee80211_sta_create_ibss(str
+       printk(KERN_DEBUG "%s: Creating new IBSS network, BSSID " MAC_FMT "\n",
+              dev->name, MAC_ARG(bssid));
+ 
+-      bss = ieee80211_rx_bss_add(dev, bssid);
++      bss = ieee80211_rx_bss_add(dev, bssid, local->hw.conf.channel);
+       if (!bss)
+               return -ENOMEM;
+ 
+@@ -2366,7 +2372,6 @@ static int ieee80211_sta_create_ibss(str
+               local->hw.conf.beacon_int = 100;
+       bss->beacon_int = local->hw.conf.beacon_int;
+       bss->hw_mode = local->hw.conf.phymode;
+-      bss->channel = local->hw.conf.channel;
+       bss->freq = local->hw.conf.freq;
+       bss->last_update = jiffies;
+       bss->capability = WLAN_CAPABILITY_IBSS;
+@@ -2426,7 +2431,7 @@ static int ieee80211_sta_find_ibss(struc
+              MAC_FMT "\n", MAC_ARG(bssid), MAC_ARG(ifsta->bssid));
+ #endif /* CONFIG_MAC80211_IBSS_DEBUG */
+       if (found && memcmp(ifsta->bssid, bssid, ETH_ALEN) != 0 &&
+-          (bss = ieee80211_rx_bss_get(dev, bssid))) {
++          (bss = ieee80211_rx_bss_get(dev, bssid, local->hw.conf.channel))) {
+               printk(KERN_DEBUG "%s: Selected IBSS BSSID " MAC_FMT
+                      " based on configured SSID\n",
+                      dev->name, MAC_ARG(bssid));

diff --git a/queue-2.6.23/mac80211-store-ssid-in-sta_bss_list.patch b/queue-2.6.23/mac80211-store-ssid-in-sta_bss_list.patch
new file mode 100644 (file)
index 0000000..5f6b1c1
--- /dev/null
+++ b/queue-2.6.23/mac80211-store-ssid-in-sta_bss_list.patch
@@ -0,0 +1,197 @@
+From stable-bounces@linux.kernel.org Fri Oct 26 14:06:06 2007
+From: "John W. Linville" <linville@tuxdriver.com>
+Date: Fri, 26 Oct 2007 17:04:32 -0400
+Subject: mac80211: store SSID in sta_bss_list
+To: stable@kernel.org
+Cc: linux-wireless@vger.kernel.org, "John W. Linville" <linville@tuxdriver.com>
+Message-ID: <11934326813245-git-send-email-linville@tuxdriver.com>
+
+
+From: John W. Linville <linville@tuxdriver.com>
+
+patch cffdd30d20d163343b1c6de25bcb0cc978a1ebf9 in mainline.
+
+Some AP equipment "in the wild" services multiple SSIDs using the
+same BSSID.  This patch changes the key of sta_bss_list to include
+the SSID as well as the BSSID and the channel so as to prevent one
+SSID from eclipsing another SSID with the same BSSID.
+
+Signed-off-by: John W. Linville <linville@tuxdriver.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/mac80211/ieee80211_sta.c |   54 ++++++++++++++++++++++++++-----------------
+ 1 file changed, 33 insertions(+), 21 deletions(-)
+
+--- a/net/mac80211/ieee80211_sta.c
++++ b/net/mac80211/ieee80211_sta.c
+@@ -12,7 +12,6 @@
+  */
+ 
+ /* TODO:
+- * BSS table: use <BSSID,SSID> as the key to support multi-SSID APs
+  * order BSS list by RSSI(?) ("quality of AP")
+  * scan result table filtering (by capability (privacy, IBSS/BSS, WPA/RSN IE,
+  *    SSID)
+@@ -61,7 +60,8 @@
+ static void ieee80211_send_probe_req(struct net_device *dev, u8 *dst,
+                                    u8 *ssid, size_t ssid_len);
+ static struct ieee80211_sta_bss *
+-ieee80211_rx_bss_get(struct net_device *dev, u8 *bssid, int channel);
++ieee80211_rx_bss_get(struct net_device *dev, u8 *bssid, int channel,
++                   u8 *ssid, u8 ssid_len);
+ static void ieee80211_rx_bss_put(struct net_device *dev,
+                                struct ieee80211_sta_bss *bss);
+ static int ieee80211_sta_find_ibss(struct net_device *dev,
+@@ -403,7 +403,8 @@ static void ieee80211_set_associated(str
+                       return;
+ 
+               bss = ieee80211_rx_bss_get(dev, ifsta->bssid,
+-                                         local->hw.conf.channel);
++                                         local->hw.conf.channel,
++                                         ifsta->ssid, ifsta->ssid_len);
+               if (bss) {
+                       if (bss->has_erp_value)
+                               ieee80211_handle_erp_ie(dev, bss->erp_value);
+@@ -545,7 +546,8 @@ static void ieee80211_send_assoc(struct 
+               capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME |
+                       WLAN_CAPABILITY_SHORT_PREAMBLE;
+       }
+-      bss = ieee80211_rx_bss_get(dev, ifsta->bssid, local->hw.conf.channel);
++      bss = ieee80211_rx_bss_get(dev, ifsta->bssid, local->hw.conf.channel,
++                                 ifsta->ssid, ifsta->ssid_len);
+       if (bss) {
+               if (bss->capability & WLAN_CAPABILITY_PRIVACY)
+                       capab |= WLAN_CAPABILITY_PRIVACY;
+@@ -705,7 +707,8 @@ static int ieee80211_privacy_mismatch(st
+           ifsta->key_mgmt != IEEE80211_KEY_MGMT_NONE)
+               return 0;
+ 
+-      bss = ieee80211_rx_bss_get(dev, ifsta->bssid, local->hw.conf.channel);
++      bss = ieee80211_rx_bss_get(dev, ifsta->bssid, local->hw.conf.channel,
++                                 ifsta->ssid, ifsta->ssid_len);
+       if (!bss)
+               return 0;
+ 
+@@ -1215,7 +1218,8 @@ static void ieee80211_rx_mgmt_assoc_resp
+       if (elems.erp_info && elems.erp_info_len >= 1) {
+               struct ieee80211_sta_bss *bss
+                       = ieee80211_rx_bss_get(dev, ifsta->bssid,
+-                                             local->hw.conf.channel);
++                                             local->hw.conf.channel,
++                                             ifsta->ssid, ifsta->ssid_len);
+               if (bss) {
+                       bss->erp_value = elems.erp_info[0];
+                       bss->has_erp_value = 1;
+@@ -1246,7 +1250,8 @@ static void ieee80211_rx_mgmt_assoc_resp
+                       return;
+               }
+               bss = ieee80211_rx_bss_get(dev, ifsta->bssid,
+-                                         local->hw.conf.channel);
++                                         local->hw.conf.channel,
++                                         ifsta->ssid, ifsta->ssid_len);
+               if (bss) {
+                       sta->last_rssi = bss->rssi;
+                       sta->last_signal = bss->signal;
+@@ -1327,7 +1332,8 @@ static void __ieee80211_rx_bss_hash_del(
+ 
+ 
+ static struct ieee80211_sta_bss *
+-ieee80211_rx_bss_add(struct net_device *dev, u8 *bssid, int channel)
++ieee80211_rx_bss_add(struct net_device *dev, u8 *bssid, int channel,
++                   u8 *ssid, u8 ssid_len)
+ {
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct ieee80211_sta_bss *bss;
+@@ -1339,6 +1345,10 @@ ieee80211_rx_bss_add(struct net_device *
+       atomic_inc(&bss->users);
+       memcpy(bss->bssid, bssid, ETH_ALEN);
+       bss->channel = channel;
++      if (ssid && ssid_len <= IEEE80211_MAX_SSID_LEN) {
++              memcpy(bss->ssid, ssid, ssid_len);
++              bss->ssid_len = ssid_len;
++      }
+ 
+       spin_lock_bh(&local->sta_bss_lock);
+       /* TODO: order by RSSI? */
+@@ -1350,7 +1360,8 @@ ieee80211_rx_bss_add(struct net_device *
+ 
+ 
+ static struct ieee80211_sta_bss *
+-ieee80211_rx_bss_get(struct net_device *dev, u8 *bssid, int channel)
++ieee80211_rx_bss_get(struct net_device *dev, u8 *bssid, int channel,
++                   u8 *ssid, u8 ssid_len)
+ {
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct ieee80211_sta_bss *bss;
+@@ -1358,8 +1369,10 @@ ieee80211_rx_bss_get(struct net_device *
+       spin_lock_bh(&local->sta_bss_lock);
+       bss = local->sta_bss_hash[STA_HASH(bssid)];
+       while (bss) {
+-              if (memcmp(bss->bssid, bssid, ETH_ALEN) == 0 &&
+-                  bss->channel == channel) {
++              if (!memcmp(bss->bssid, bssid, ETH_ALEN) &&
++                  bss->channel == channel &&
++                  bss->ssid_len == ssid_len &&
++                  (ssid_len == 0 || !memcmp(bss->ssid, ssid, ssid_len))) {
+                       atomic_inc(&bss->users);
+                       break;
+               }
+@@ -1527,9 +1540,11 @@ static void ieee80211_rx_bss_info(struct
+       else
+               channel = rx_status->channel;
+ 
+-      bss = ieee80211_rx_bss_get(dev, mgmt->bssid, channel);
++      bss = ieee80211_rx_bss_get(dev, mgmt->bssid, channel,
++                                 elems.ssid, elems.ssid_len);
+       if (!bss) {
+-              bss = ieee80211_rx_bss_add(dev, mgmt->bssid, channel);
++              bss = ieee80211_rx_bss_add(dev, mgmt->bssid, channel,
++                                         elems.ssid, elems.ssid_len);
+               if (!bss)
+                       return;
+       } else {
+@@ -1555,10 +1570,6 @@ static void ieee80211_rx_bss_info(struct
+ 
+       bss->beacon_int = le16_to_cpu(mgmt->u.beacon.beacon_int);
+       bss->capability = le16_to_cpu(mgmt->u.beacon.capab_info);
+-      if (elems.ssid && elems.ssid_len <= IEEE80211_MAX_SSID_LEN) {
+-              memcpy(bss->ssid, elems.ssid, elems.ssid_len);
+-              bss->ssid_len = elems.ssid_len;
+-      }
+ 
+       bss->supp_rates_len = 0;
+       if (elems.supp_rates) {
+@@ -2339,7 +2350,7 @@ static int ieee80211_sta_create_ibss(str
+ {
+       struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+       struct ieee80211_sta_bss *bss;
+-      struct ieee80211_sub_if_data *sdata;
++      struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+       struct ieee80211_hw_mode *mode;
+       u8 bssid[ETH_ALEN], *pos;
+       int i;
+@@ -2361,11 +2372,11 @@ static int ieee80211_sta_create_ibss(str
+       printk(KERN_DEBUG "%s: Creating new IBSS network, BSSID " MAC_FMT "\n",
+              dev->name, MAC_ARG(bssid));
+ 
+-      bss = ieee80211_rx_bss_add(dev, bssid, local->hw.conf.channel);
++      bss = ieee80211_rx_bss_add(dev, bssid, local->hw.conf.channel,
++                                 sdata->u.sta.ssid, sdata->u.sta.ssid_len);
+       if (!bss)
+               return -ENOMEM;
+ 
+-      sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+       mode = local->oper_hw_mode;
+ 
+       if (local->hw.conf.beacon_int == 0)
+@@ -2431,7 +2442,8 @@ static int ieee80211_sta_find_ibss(struc
+              MAC_FMT "\n", MAC_ARG(bssid), MAC_ARG(ifsta->bssid));
+ #endif /* CONFIG_MAC80211_IBSS_DEBUG */
+       if (found && memcmp(ifsta->bssid, bssid, ETH_ALEN) != 0 &&
+-          (bss = ieee80211_rx_bss_get(dev, bssid, local->hw.conf.channel))) {
++          (bss = ieee80211_rx_bss_get(dev, bssid, local->hw.conf.channel,
++                                      ifsta->ssid, ifsta->ssid_len))) {
+               printk(KERN_DEBUG "%s: Selected IBSS BSSID " MAC_FMT
+                      " based on configured SSID\n",
+                      dev->name, MAC_ARG(bssid));

diff --git a/queue-2.6.23/netfilter-nf_conntrack_tcp-fix-connection-reopening.patch b/queue-2.6.23/netfilter-nf_conntrack_tcp-fix-connection-reopening.patch
new file mode 100644 (file)
index 0000000..49e8a95
--- /dev/null
+++ b/queue-2.6.23/netfilter-nf_conntrack_tcp-fix-connection-reopening.patch
@@ -0,0 +1,101 @@
+From stable-bounces@linux.kernel.org Mon Nov  5 03:38:25 2007
+From: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
+Date: Mon, 05 Nov 2007 12:37:55 +0100
+Subject: NETFILTER: nf_conntrack_tcp: fix connection reopening
+To: stable@kernel.org
+Cc: Netfilter Development Mailinglist <netfilter-devel@vger.kernel.org>, "David S. Miller" <davem@davemloft.net>, Krzysztof Piotr Oledzki <ole@ans.pl>, Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
+Message-ID: <472F0093.6040508@trash.net>
+
+From: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
+
+Upstream commits: 17311393 + bc34b841 merged together.  Merge done by
+Patrick McHardy <kaber@trash.net>
+
+[NETFILTER]: nf_conntrack_tcp: fix connection reopening
+
+With your description I could reproduce the bug and actually you were
+completely right: the code above is incorrect. Somehow I was able to
+misread RFC1122 and mixed the roles :-(:
+
+   When a connection is >>closed actively<<, it MUST linger in
+   TIME-WAIT state for a time 2xMSL (Maximum Segment Lifetime).
+   However, it MAY >>accept<< a new SYN from the remote TCP to
+   reopen the connection directly from TIME-WAIT state, if it:
+   [...]
+
+The fix is as follows: if the receiver initiated an active close, then the
+sender may reopen the connection - otherwise try to figure out if we hold
+a dead connection.
+
+Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
+Tested-by: Krzysztof Piotr Oledzki <ole@ans.pl>
+Signed-off-by: Patrick McHardy <kaber@trash.net>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+
+---
+ net/netfilter/nf_conntrack_proto_tcp.c |   38 ++++++++++++++-------------------
+ 1 file changed, 17 insertions(+), 21 deletions(-)
+
+--- a/net/netfilter/nf_conntrack_proto_tcp.c
++++ b/net/netfilter/nf_conntrack_proto_tcp.c
+@@ -831,6 +831,22 @@ static int tcp_packet(struct nf_conn *co
+       tuple = &conntrack->tuplehash[dir].tuple;
+ 
+       switch (new_state) {
++      case TCP_CONNTRACK_SYN_SENT:
++              if (old_state < TCP_CONNTRACK_TIME_WAIT)
++                      break;
++              if ((conntrack->proto.tcp.seen[!dir].flags &
++                      IP_CT_TCP_FLAG_CLOSE_INIT)
++                  || (conntrack->proto.tcp.last_dir == dir
++                      && conntrack->proto.tcp.last_index == TCP_RST_SET)) {
++                      /* Attempt to reopen a closed/aborted connection.
++                       * Delete this connection and look up again. */
++                      write_unlock_bh(&tcp_lock);
++                      if (del_timer(&conntrack->timeout))
++                              conntrack->timeout.function((unsigned long)
++                                                          conntrack);
++                      return -NF_REPEAT;
++              }
++              /* Fall through */
+       case TCP_CONNTRACK_IGNORE:
+               /* Ignored packets:
+                *
+@@ -879,27 +895,6 @@ static int tcp_packet(struct nf_conn *co
+                       nf_log_packet(pf, 0, skb, NULL, NULL, NULL,
+                                 "nf_ct_tcp: invalid state ");
+               return -NF_ACCEPT;
+-      case TCP_CONNTRACK_SYN_SENT:
+-              if (old_state < TCP_CONNTRACK_TIME_WAIT)
+-                      break;
+-              if ((conntrack->proto.tcp.seen[dir].flags &
+-                      IP_CT_TCP_FLAG_CLOSE_INIT)
+-                  || after(ntohl(th->seq),
+-                           conntrack->proto.tcp.seen[dir].td_end)) {
+-                      /* Attempt to reopen a closed connection.
+-                      * Delete this connection and look up again. */
+-                      write_unlock_bh(&tcp_lock);
+-                      if (del_timer(&conntrack->timeout))
+-                              conntrack->timeout.function((unsigned long)
+-                                                          conntrack);
+-                      return -NF_REPEAT;
+-              } else {
+-                      write_unlock_bh(&tcp_lock);
+-                      if (LOG_INVALID(IPPROTO_TCP))
+-                              nf_log_packet(pf, 0, skb, NULL, NULL,
+-                                            NULL, "nf_ct_tcp: invalid SYN");
+-                      return -NF_ACCEPT;
+-              }
+       case TCP_CONNTRACK_CLOSE:
+               if (index == TCP_RST_SET
+                   && ((test_bit(IPS_SEEN_REPLY_BIT, &conntrack->status)
+@@ -932,6 +927,7 @@ static int tcp_packet(struct nf_conn *co
+      in_window:
+       /* From now on we have got in-window packets */
+       conntrack->proto.tcp.last_index = index;
++      conntrack->proto.tcp.last_dir = dir;
+ 
+       pr_debug("tcp_conntracks: ");
+       NF_CT_DUMP_TUPLE(tuple);

diff --git a/queue-2.6.23/revert-x86_64-allocate-sparsemem-memmap-above-4g.patch b/queue-2.6.23/revert-x86_64-allocate-sparsemem-memmap-above-4g.patch
new file mode 100644 (file)
index 0000000..447db07
--- /dev/null
+++ b/queue-2.6.23/revert-x86_64-allocate-sparsemem-memmap-above-4g.patch
@@ -0,0 +1,100 @@
+From stable-bounces@linux.kernel.org Thu Nov  1 16:08:33 2007
+From: Linus Torvalds <torvalds@linux-foundation.org>
+Date: Thu, 01 Nov 2007 19:07:35 -0400
+Subject: revert "x86_64: allocate sparsemem memmap above 4G"
+To: linux-stable <stable@kernel.org>
+Cc: Zou Nan hai <nanhai.zou@intel.com>
+Message-ID: <472A5C37.7050602@redhat.com>
+
+From: Linus Torvalds <torvalds@linux-foundation.org>
+
+Reverted upstream by commit 6a22c57b8d2a62dea7280a6b2ac807a539ef0716
+
+Revert this commit:
+
+       commit 2e1c49db4c640b35df13889b86b9d62215ade4b6
+       Author: Zou Nan hai <nanhai.zou@intel.com>
+       Date:   Fri Jun 1 00:46:28 2007 -0700
+       
+       x86_64: allocate sparsemem memmap above 4G
+
+This reverts commit 2e1c49db4c640b35df13889b86b9d62215ade4b6.
+
+First off, testing in Fedora has shown it to cause boot failures,
+bisected down by Martin Ebourne, and reported by Dave Jobes.  So the
+commit will likely be reverted in the 2.6.23 stable kernels.
+
+Secondly, in the 2.6.24 model, x86-64 has now grown support for
+SPARSEMEM_VMEMMAP, which disables the relevant code anyway, so while the
+bug is not visible any more, it's become invisible due to the code just
+being irrelevant and no longer enabled on the only architecture that
+this ever affected.
+
+Reported-by: Dave Jones <davej@redhat.com>
+Tested-by: Martin Ebourne <fedora@ebourne.me.uk>
+Cc: Zou Nan hai <nanhai.zou@intel.com>
+Cc: Suresh Siddha <suresh.b.siddha@intel.com>
+Cc: Andrew Morton <akpm@linux-foundation.org>
+Acked-by: Andy Whitcroft <apw@shadowen.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Chuck Ebbert <cebbert@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/x86_64/mm/init.c   |    6 ------
+ include/linux/bootmem.h |    1 -
+ mm/sparse.c             |   11 -----------
+ 3 files changed, 18 deletions(-)
+
+--- a/arch/x86_64/mm/init.c
++++ b/arch/x86_64/mm/init.c
+@@ -734,12 +734,6 @@ int in_gate_area_no_task(unsigned long a
+       return (addr >= VSYSCALL_START) && (addr < VSYSCALL_END);
+ }
+ 
+-void * __init alloc_bootmem_high_node(pg_data_t *pgdat, unsigned long size)
+-{
+-      return __alloc_bootmem_core(pgdat->bdata, size,
+-                      SMP_CACHE_BYTES, (4UL*1024*1024*1024), 0);
+-}
+-
+ const char *arch_vma_name(struct vm_area_struct *vma)
+ {
+       if (vma->vm_mm && vma->vm_start == (long)vma->vm_mm->context.vdso)
+--- a/include/linux/bootmem.h
++++ b/include/linux/bootmem.h
+@@ -59,7 +59,6 @@ extern void *__alloc_bootmem_core(struct
+                                 unsigned long align,
+                                 unsigned long goal,
+                                 unsigned long limit);
+-extern void *alloc_bootmem_high_node(pg_data_t *pgdat, unsigned long size);
+ 
+ #ifndef CONFIG_HAVE_ARCH_BOOTMEM_NODE
+ extern void reserve_bootmem(unsigned long addr, unsigned long size);
+--- a/mm/sparse.c
++++ b/mm/sparse.c
+@@ -215,12 +215,6 @@ static int __meminit sparse_init_one_sec
+       return 1;
+ }
+ 
+-__attribute__((weak)) __init
+-void *alloc_bootmem_high_node(pg_data_t *pgdat, unsigned long size)
+-{
+-      return NULL;
+-}
+-
+ static struct page __init *sparse_early_mem_map_alloc(unsigned long pnum)
+ {
+       struct page *map;
+@@ -231,11 +225,6 @@ static struct page __init *sparse_early_
+       if (map)
+               return map;
+ 
+-      map = alloc_bootmem_high_node(NODE_DATA(nid),
+-                       sizeof(struct page) * PAGES_PER_SECTION);
+-      if (map)
+-              return map;
+-
+       map = alloc_bootmem_node(NODE_DATA(nid),
+                       sizeof(struct page) * PAGES_PER_SECTION);
+       if (map)

diff --git a/queue-2.6.23/rtl8187-fix-more-frag-bit-checking-rts-duration-calc.patch b/queue-2.6.23/rtl8187-fix-more-frag-bit-checking-rts-duration-calc.patch
new file mode 100644 (file)
index 0000000..6570ab0
--- /dev/null
+++ b/queue-2.6.23/rtl8187-fix-more-frag-bit-checking-rts-duration-calc.patch
@@ -0,0 +1,79 @@
+From stable-bounces@linux.kernel.org Fri Oct 26 14:07:56 2007
+From: Michael Wu <flamingice@sourmilk.net>
+Date: Fri, 26 Oct 2007 17:04:38 -0400
+Subject: rtl8187: Fix more frag bit checking, rts duration calc
+To: stable@kernel.org
+Cc: Michael Wu <flamingice@sourmilk.net>, linux-wireless@vger.kernel.org, "John W. Linville" <linville@tuxdriver.com>
+Message-ID: <11934326831563-git-send-email-linville@tuxdriver.com>
+
+
+From: Michael Wu <flamingice@sourmilk.net>
+
+patch 98798f4875b7149db4eb7d0a126fc6dcd9637821 in mainline.
+
+The wrong pointer is passed to ieee80211_get_morefrag. Fix this.
+
+While we're at it, reorder things so they look better and the rts duration
+calculation is done with the right length.
+
+Thanks to Christoph Hellwig for finding the ieee80211_get_morefrag issue.
+
+Signed-off-by: Michael Wu <flamingice@sourmilk.net>
+Signed-off-by: John W. Linville <linville@tuxdriver.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/net/wireless/rtl8187_dev.c |   31 ++++++++++++++++---------------
+ 1 file changed, 16 insertions(+), 15 deletions(-)
+
+--- a/drivers/net/wireless/rtl8187_dev.c
++++ b/drivers/net/wireless/rtl8187_dev.c
+@@ -78,7 +78,8 @@ static int rtl8187_tx(struct ieee80211_h
+       struct rtl8187_tx_hdr *hdr;
+       struct rtl8187_tx_info *info;
+       struct urb *urb;
+-      u32 tmp;
++      __le16 rts_dur = 0;
++      u32 flags;
+ 
+       urb = usb_alloc_urb(0, GFP_ATOMIC);
+       if (!urb) {
+@@ -86,24 +87,24 @@ static int rtl8187_tx(struct ieee80211_h
+               return 0;
+       }
+ 
+-      hdr = (struct rtl8187_tx_hdr *)skb_push(skb, sizeof(*hdr));
+-      tmp = skb->len - sizeof(*hdr);
+-      tmp |= RTL8187_TX_FLAG_NO_ENCRYPT;
+-      tmp |= control->rts_cts_rate << 19;
+-      tmp |= control->tx_rate << 24;
+-      if (ieee80211_get_morefrag((struct ieee80211_hdr *)skb))
+-              tmp |= RTL8187_TX_FLAG_MORE_FRAG;
++      flags = skb->len;
++      flags |= RTL8187_TX_FLAG_NO_ENCRYPT;
++      flags |= control->rts_cts_rate << 19;
++      flags |= control->tx_rate << 24;
++      if (ieee80211_get_morefrag((struct ieee80211_hdr *)skb->data))
++              flags |= RTL8187_TX_FLAG_MORE_FRAG;
+       if (control->flags & IEEE80211_TXCTL_USE_RTS_CTS) {
+-              tmp |= RTL8187_TX_FLAG_RTS;
+-              hdr->rts_duration =
+-                      ieee80211_rts_duration(dev, skb->len, control);
++              flags |= RTL8187_TX_FLAG_RTS;
++              rts_dur = ieee80211_rts_duration(dev, skb->len, control);
+       }
+       if (control->flags & IEEE80211_TXCTL_USE_CTS_PROTECT)
+-              tmp |= RTL8187_TX_FLAG_CTS;
+-      hdr->flags = cpu_to_le32(tmp);
++              flags |= RTL8187_TX_FLAG_CTS;
++
++      hdr = (struct rtl8187_tx_hdr *)skb_push(skb, sizeof(*hdr));
++      hdr->flags = cpu_to_le32(flags);
+       hdr->len = 0;
+-      tmp = control->retry_limit << 8;
+-      hdr->retry = cpu_to_le32(tmp);
++      hdr->rts_duration = rts_dur;
++      hdr->retry = cpu_to_le32(control->retry_limit << 8);
+ 
+       info = (struct rtl8187_tx_info *)skb->cb;
+       info->control = kmemdup(control, sizeof(*control), GFP_ATOMIC);

diff --git a/queue-2.6.23/series b/queue-2.6.23/series
index a580635a60c9d8f0776aa6fdc5882c0df58d957f..958b66f59e0ec5172752ea755a9522d184bdd461 100644 (file)
--- a/queue-2.6.23/series
+++ b/queue-2.6.23/series
@@ -96,3 +96,17 @@ fix-set_vlan_ingress_priority_cmd-error-return.patch
 fix-crypto_alloc_comp-error-checking.patch
 fix-netlink-timeouts.patch
 fix-compat-futex-hangs.patch
+alsa-hdsp-fix-zero-division.patch
+revert-x86_64-allocate-sparsemem-memmap-above-4g.patch
+netfilter-nf_conntrack_tcp-fix-connection-reopening.patch
+ieee80211-fix-tkip-qos-bug.patch
+mac80211-reorder-association-debug-output.patch
+mac80211-store-channel-info-in-sta_bss_list.patch
+mac80211-store-ssid-in-sta_bss_list.patch
+mac80211-honor-iw_scan_this_essid-in-siwscan-ioctl.patch
+mac80211-only-honor-iw_scan_this_essid-in-sta-ibss-and-ap-modes.patch
+mac80211-make-ieee802_11_parse_elems-return-void.patch
+zd1201-avoid-null-ptr-access-of-skb-dev.patch
+ipw2100-send-wext-scan-events.patch
+rtl8187-fix-more-frag-bit-checking-rts-duration-calc.patch
+zd1211rw-fix-oops-when-ejecting-install-media.patch

diff --git a/queue-2.6.23/zd1201-avoid-null-ptr-access-of-skb-dev.patch b/queue-2.6.23/zd1201-avoid-null-ptr-access-of-skb-dev.patch
new file mode 100644 (file)
index 0000000..a2defd6
--- /dev/null
+++ b/queue-2.6.23/zd1201-avoid-null-ptr-access-of-skb-dev.patch
@@ -0,0 +1,44 @@
+From stable-bounces@linux.kernel.org Fri Oct 26 14:07:23 2007
+From: "John W. Linville" <linville@tuxdriver.com>
+Date: Fri, 26 Oct 2007 17:04:36 -0400
+Subject: zd1201: avoid null ptr access of skb->dev
+To: stable@kernel.org
+Cc: linux-wireless@vger.kernel.org, "John W. Linville" <linville@tuxdriver.com>
+Message-ID: <11934326821662-git-send-email-linville@tuxdriver.com>
+
+
+From: John W. Linville <linville@tuxdriver.com>
+
+patch 3ba72b25211217de195e3f528dd36132b38a205b in mainline.
+
+skb->dev is not set until eth_type_trans is called...
+
+Signed-off-by: John W. Linville <linville@tuxdriver.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/net/wireless/zd1201.c |    4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/net/wireless/zd1201.c
++++ b/drivers/net/wireless/zd1201.c
+@@ -327,8 +327,8 @@ static void zd1201_usbrx(struct urb *urb
+                       memcpy(skb_put(skb, 6), &data[datalen-8], 6);
+                       memcpy(skb_put(skb, 2), &data[datalen-24], 2);
+                       memcpy(skb_put(skb, len), data, len);
+-                      skb->dev->last_rx = jiffies;
+                       skb->protocol = eth_type_trans(skb, zd->dev);
++                      skb->dev->last_rx = jiffies;
+                       zd->stats.rx_packets++;
+                       zd->stats.rx_bytes += skb->len;
+                       netif_rx(skb);
+@@ -384,8 +384,8 @@ static void zd1201_usbrx(struct urb *urb
+                       memcpy(skb_put(skb, 2), &data[6], 2);
+                       memcpy(skb_put(skb, len), data+8, len);
+               }
+-              skb->dev->last_rx = jiffies;
+               skb->protocol = eth_type_trans(skb, zd->dev);
++              skb->dev->last_rx = jiffies;
+               zd->stats.rx_packets++;
+               zd->stats.rx_bytes += skb->len;
+               netif_rx(skb);

diff --git a/queue-2.6.23/zd1211rw-fix-oops-when-ejecting-install-media.patch b/queue-2.6.23/zd1211rw-fix-oops-when-ejecting-install-media.patch
new file mode 100644 (file)
index 0000000..9de5ce1
--- /dev/null
+++ b/queue-2.6.23/zd1211rw-fix-oops-when-ejecting-install-media.patch
@@ -0,0 +1,47 @@
+From stable-bounces@linux.kernel.org Fri Oct 26 14:06:06 2007
+From: Marc Pignat <marc.pignat@hevs.ch>
+Date: Fri, 26 Oct 2007 17:04:39 -0400
+Subject: zd1211rw, fix oops when ejecting install media
+To: stable@kernel.org
+Cc: linux-wireless@vger.kernel.org, "John W. Linville" <linville@tuxdriver.com>, Marc Pignat <marc.pignat@hevs.ch>
+Message-ID: <11934326832747-git-send-email-linville@tuxdriver.com>
+
+
+From: Marc Pignat <marc.pignat@hevs.ch>
+
+patch e0579d576cb894a4cf3c5af04fbf38e8c1281738 in mainline.
+
+The disconnect function can dereference the net_device structure when it
+is never allocated. This is the case when ejecting the device installer.
+
+Signed-off-by: Marc Pignat <marc.pignat@hevs.ch>
+Acked-by: Daniel Drake <dsd@gentoo.org>
+Signed-off-by: John W. Linville <linville@tuxdriver.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/net/wireless/zd1211rw/zd_usb.c |    7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+--- a/drivers/net/wireless/zd1211rw/zd_usb.c
++++ b/drivers/net/wireless/zd1211rw/zd_usb.c
+@@ -1041,14 +1041,17 @@ error:
+ static void disconnect(struct usb_interface *intf)
+ {
+       struct net_device *netdev = zd_intf_to_netdev(intf);
+-      struct zd_mac *mac = zd_netdev_mac(netdev);
+-      struct zd_usb *usb = &mac->chip.usb;
++      struct zd_mac *mac;
++      struct zd_usb *usb;
+ 
+       /* Either something really bad happened, or we're just dealing with
+        * a DEVICE_INSTALLER. */
+       if (netdev == NULL)
+               return;
+ 
++      mac = zd_netdev_mac(netdev);
++      usb = &mac->chip.usb;
++
+       dev_dbg_f(zd_usb_dev(usb), "\n");
+ 
+       zd_netdev_disconnect(netdev);