Commit 9ee6045f authored by David S. Miller's avatar David S. Miller
parents 3b09c84c 1140afa8
...@@ -46,7 +46,7 @@ static const int m2ThreshExt_off = 127; ...@@ -46,7 +46,7 @@ static const int m2ThreshExt_off = 127;
* @chan: * @chan:
* *
* This is the function to change channel on single-chip devices, that is * This is the function to change channel on single-chip devices, that is
* all devices after ar9280. * for AR9300 family of chipsets.
* *
* This function takes the channel value in MHz and sets * This function takes the channel value in MHz and sets
* hardware channel value. Assumes writes have been enabled to analog bus. * hardware channel value. Assumes writes have been enabled to analog bus.
......
...@@ -679,7 +679,6 @@ void ath9k_deinit_device(struct ath_softc *sc); ...@@ -679,7 +679,6 @@ void ath9k_deinit_device(struct ath_softc *sc);
void ath9k_set_hw_capab(struct ath_softc *sc, struct ieee80211_hw *hw); void ath9k_set_hw_capab(struct ath_softc *sc, struct ieee80211_hw *hw);
void ath9k_reload_chainmask_settings(struct ath_softc *sc); void ath9k_reload_chainmask_settings(struct ath_softc *sc);
void ath_radio_disable(struct ath_softc *sc, struct ieee80211_hw *hw);
bool ath9k_uses_beacons(int type); bool ath9k_uses_beacons(int type);
#ifdef CONFIG_ATH9K_PCI #ifdef CONFIG_ATH9K_PCI
......
...@@ -400,6 +400,7 @@ bool ath9k_hw_getnf(struct ath_hw *ah, struct ath9k_channel *chan) ...@@ -400,6 +400,7 @@ bool ath9k_hw_getnf(struct ath_hw *ah, struct ath9k_channel *chan)
ah->noise = ath9k_hw_getchan_noise(ah, chan); ah->noise = ath9k_hw_getchan_noise(ah, chan);
return true; return true;
} }
EXPORT_SYMBOL(ath9k_hw_getnf);
void ath9k_init_nfcal_hist_buffer(struct ath_hw *ah, void ath9k_init_nfcal_hist_buffer(struct ath_hw *ah,
struct ath9k_channel *chan) struct ath9k_channel *chan)
......
...@@ -19,7 +19,6 @@ ...@@ -19,7 +19,6 @@
#include "hw.h" #include "hw.h"
#define AR_PHY_CCA_FILTERWINDOW_LENGTH_INIT 3
#define AR_PHY_CCA_FILTERWINDOW_LENGTH 5 #define AR_PHY_CCA_FILTERWINDOW_LENGTH 5
#define NUM_NF_READINGS 6 #define NUM_NF_READINGS 6
......
...@@ -1629,7 +1629,6 @@ static int ath9k_config(struct ieee80211_hw *hw, u32 changed) ...@@ -1629,7 +1629,6 @@ static int ath9k_config(struct ieee80211_hw *hw, u32 changed)
if (changed & IEEE80211_CONF_CHANGE_CHANNEL) { if (changed & IEEE80211_CONF_CHANGE_CHANNEL) {
struct ieee80211_channel *curchan = hw->conf.channel; struct ieee80211_channel *curchan = hw->conf.channel;
struct ath9k_channel old_chan;
int pos = curchan->hw_value; int pos = curchan->hw_value;
int old_pos = -1; int old_pos = -1;
unsigned long flags; unsigned long flags;
...@@ -1654,11 +1653,8 @@ static int ath9k_config(struct ieee80211_hw *hw, u32 changed) ...@@ -1654,11 +1653,8 @@ static int ath9k_config(struct ieee80211_hw *hw, u32 changed)
* Preserve the current channel values, before updating * Preserve the current channel values, before updating
* the same channel * the same channel
*/ */
if (old_pos == pos) { if (ah->curchan && (old_pos == pos))
memcpy(&old_chan, &sc->sc_ah->channels[pos], ath9k_hw_getnf(ah, ah->curchan);
sizeof(struct ath9k_channel));
ah->curchan = &old_chan;
}
ath9k_cmn_update_ichannel(&sc->sc_ah->channels[pos], ath9k_cmn_update_ichannel(&sc->sc_ah->channels[pos],
curchan, conf->channel_type); curchan, conf->channel_type);
......
...@@ -3119,8 +3119,10 @@ static int brcmf_sdbrcm_write_vars(struct brcmf_sdio *bus) ...@@ -3119,8 +3119,10 @@ static int brcmf_sdbrcm_write_vars(struct brcmf_sdio *bus)
/* Verify NVRAM bytes */ /* Verify NVRAM bytes */
brcmf_dbg(INFO, "Compare NVRAM dl & ul; varsize=%d\n", varsize); brcmf_dbg(INFO, "Compare NVRAM dl & ul; varsize=%d\n", varsize);
nvram_ularray = kmalloc(varsize, GFP_ATOMIC); nvram_ularray = kmalloc(varsize, GFP_ATOMIC);
if (!nvram_ularray) if (!nvram_ularray) {
kfree(vbuffer);
return -ENOMEM; return -ENOMEM;
}
/* Upload image to verify downloaded contents. */ /* Upload image to verify downloaded contents. */
memset(nvram_ularray, 0xaa, varsize); memset(nvram_ularray, 0xaa, varsize);
......
...@@ -196,6 +196,8 @@ static bool _rtl92s_firmware_downloadcode(struct ieee80211_hw *hw, ...@@ -196,6 +196,8 @@ static bool _rtl92s_firmware_downloadcode(struct ieee80211_hw *hw,
/* Allocate skb buffer to contain firmware */ /* Allocate skb buffer to contain firmware */
/* info and tx descriptor info. */ /* info and tx descriptor info. */
skb = dev_alloc_skb(frag_length); skb = dev_alloc_skb(frag_length);
if (!skb)
return false;
skb_reserve(skb, extra_descoffset); skb_reserve(skb, extra_descoffset);
seg_ptr = (u8 *)skb_put(skb, (u32)(frag_length - seg_ptr = (u8 *)skb_put(skb, (u32)(frag_length -
extra_descoffset)); extra_descoffset));
...@@ -573,6 +575,8 @@ static bool _rtl92s_firmware_set_h2c_cmd(struct ieee80211_hw *hw, u8 h2c_cmd, ...@@ -573,6 +575,8 @@ static bool _rtl92s_firmware_set_h2c_cmd(struct ieee80211_hw *hw, u8 h2c_cmd,
len = _rtl92s_get_h2c_cmdlen(MAX_TRANSMIT_BUFFER_SIZE, 1, &cmd_len); len = _rtl92s_get_h2c_cmdlen(MAX_TRANSMIT_BUFFER_SIZE, 1, &cmd_len);
skb = dev_alloc_skb(len); skb = dev_alloc_skb(len);
if (!skb)
return false;
cb_desc = (struct rtl_tcb_desc *)(skb->cb); cb_desc = (struct rtl_tcb_desc *)(skb->cb);
cb_desc->queue_index = TXCMD_QUEUE; cb_desc->queue_index = TXCMD_QUEUE;
cb_desc->cmd_or_init = DESC_PACKET_TYPE_NORMAL; cb_desc->cmd_or_init = DESC_PACKET_TYPE_NORMAL;
......
...@@ -127,7 +127,7 @@ struct hci_dev { ...@@ -127,7 +127,7 @@ struct hci_dev {
__u8 major_class; __u8 major_class;
__u8 minor_class; __u8 minor_class;
__u8 features[8]; __u8 features[8];
__u8 extfeatures[8]; __u8 host_features[8];
__u8 commands[64]; __u8 commands[64];
__u8 ssp_mode; __u8 ssp_mode;
__u8 hci_ver; __u8 hci_ver;
...@@ -676,7 +676,7 @@ void hci_conn_del_sysfs(struct hci_conn *conn); ...@@ -676,7 +676,7 @@ void hci_conn_del_sysfs(struct hci_conn *conn);
#define lmp_le_capable(dev) ((dev)->features[4] & LMP_LE) #define lmp_le_capable(dev) ((dev)->features[4] & LMP_LE)
/* ----- Extended LMP capabilities ----- */ /* ----- Extended LMP capabilities ----- */
#define lmp_host_le_capable(dev) ((dev)->extfeatures[0] & LMP_HOST_LE) #define lmp_host_le_capable(dev) ((dev)->host_features[0] & LMP_HOST_LE)
/* ----- HCI protocols ----- */ /* ----- HCI protocols ----- */
static inline int hci_proto_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, static inline int hci_proto_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr,
......
...@@ -156,17 +156,17 @@ static int bt_sock_create(struct net *net, struct socket *sock, int proto, ...@@ -156,17 +156,17 @@ static int bt_sock_create(struct net *net, struct socket *sock, int proto,
void bt_sock_link(struct bt_sock_list *l, struct sock *sk) void bt_sock_link(struct bt_sock_list *l, struct sock *sk)
{ {
write_lock_bh(&l->lock); write_lock(&l->lock);
sk_add_node(sk, &l->head); sk_add_node(sk, &l->head);
write_unlock_bh(&l->lock); write_unlock(&l->lock);
} }
EXPORT_SYMBOL(bt_sock_link); EXPORT_SYMBOL(bt_sock_link);
void bt_sock_unlink(struct bt_sock_list *l, struct sock *sk) void bt_sock_unlink(struct bt_sock_list *l, struct sock *sk)
{ {
write_lock_bh(&l->lock); write_lock(&l->lock);
sk_del_node_init(sk); sk_del_node_init(sk);
write_unlock_bh(&l->lock); write_unlock(&l->lock);
} }
EXPORT_SYMBOL(bt_sock_unlink); EXPORT_SYMBOL(bt_sock_unlink);
......
...@@ -711,7 +711,14 @@ static void hci_cc_read_local_ext_features(struct hci_dev *hdev, ...@@ -711,7 +711,14 @@ static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
if (rp->status) if (rp->status)
return; return;
memcpy(hdev->extfeatures, rp->features, 8); switch (rp->page) {
case 0:
memcpy(hdev->features, rp->features, 8);
break;
case 1:
memcpy(hdev->host_features, rp->features, 8);
break;
}
hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status); hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
} }
...@@ -1047,9 +1054,7 @@ static void hci_cc_le_set_scan_enable(struct hci_dev *hdev, ...@@ -1047,9 +1054,7 @@ static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
case LE_SCANNING_DISABLED: case LE_SCANNING_DISABLED:
clear_bit(HCI_LE_SCAN, &hdev->dev_flags); clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
cancel_delayed_work_sync(&hdev->adv_work); schedule_delayed_work(&hdev->adv_work, ADV_CLEAR_TIMEOUT);
queue_delayed_work(hdev->workqueue, &hdev->adv_work,
jiffies + ADV_CLEAR_TIMEOUT);
break; break;
default: default:
...@@ -2266,20 +2271,19 @@ static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *s ...@@ -2266,20 +2271,19 @@ static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *s
struct hci_ev_num_comp_pkts *ev = (void *) skb->data; struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
int i; int i;
skb_pull(skb, sizeof(*ev));
BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) { if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode); BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
return; return;
} }
if (skb->len < ev->num_hndl * 4) { if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
BT_DBG("%s bad parameters", hdev->name); BT_DBG("%s bad parameters", hdev->name);
return; return;
} }
BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
for (i = 0; i < ev->num_hndl; i++) { for (i = 0; i < ev->num_hndl; i++) {
struct hci_comp_pkts_info *info = &ev->handles[i]; struct hci_comp_pkts_info *info = &ev->handles[i];
struct hci_conn *conn; struct hci_conn *conn;
......
...@@ -767,7 +767,6 @@ static int hci_sock_dev_event(struct notifier_block *this, unsigned long event, ...@@ -767,7 +767,6 @@ static int hci_sock_dev_event(struct notifier_block *this, unsigned long event,
/* Detach sockets from device */ /* Detach sockets from device */
read_lock(&hci_sk_list.lock); read_lock(&hci_sk_list.lock);
sk_for_each(sk, node, &hci_sk_list.head) { sk_for_each(sk, node, &hci_sk_list.head) {
local_bh_disable();
bh_lock_sock_nested(sk); bh_lock_sock_nested(sk);
if (hci_pi(sk)->hdev == hdev) { if (hci_pi(sk)->hdev == hdev) {
hci_pi(sk)->hdev = NULL; hci_pi(sk)->hdev = NULL;
...@@ -778,7 +777,6 @@ static int hci_sock_dev_event(struct notifier_block *this, unsigned long event, ...@@ -778,7 +777,6 @@ static int hci_sock_dev_event(struct notifier_block *this, unsigned long event,
hci_dev_put(hdev); hci_dev_put(hdev);
} }
bh_unlock_sock(sk); bh_unlock_sock(sk);
local_bh_enable();
} }
read_unlock(&hci_sk_list.lock); read_unlock(&hci_sk_list.lock);
} }
......
...@@ -165,7 +165,7 @@ int l2cap_add_psm(struct l2cap_chan *chan, bdaddr_t *src, __le16 psm) ...@@ -165,7 +165,7 @@ int l2cap_add_psm(struct l2cap_chan *chan, bdaddr_t *src, __le16 psm)
{ {
int err; int err;
write_lock_bh(&chan_list_lock); write_lock(&chan_list_lock);
if (psm && __l2cap_global_chan_by_addr(psm, src)) { if (psm && __l2cap_global_chan_by_addr(psm, src)) {
err = -EADDRINUSE; err = -EADDRINUSE;
...@@ -190,17 +190,17 @@ int l2cap_add_psm(struct l2cap_chan *chan, bdaddr_t *src, __le16 psm) ...@@ -190,17 +190,17 @@ int l2cap_add_psm(struct l2cap_chan *chan, bdaddr_t *src, __le16 psm)
} }
done: done:
write_unlock_bh(&chan_list_lock); write_unlock(&chan_list_lock);
return err; return err;
} }
int l2cap_add_scid(struct l2cap_chan *chan, __u16 scid) int l2cap_add_scid(struct l2cap_chan *chan, __u16 scid)
{ {
write_lock_bh(&chan_list_lock); write_lock(&chan_list_lock);
chan->scid = scid; chan->scid = scid;
write_unlock_bh(&chan_list_lock); write_unlock(&chan_list_lock);
return 0; return 0;
} }
...@@ -289,9 +289,9 @@ struct l2cap_chan *l2cap_chan_create(struct sock *sk) ...@@ -289,9 +289,9 @@ struct l2cap_chan *l2cap_chan_create(struct sock *sk)
chan->sk = sk; chan->sk = sk;
write_lock_bh(&chan_list_lock); write_lock(&chan_list_lock);
list_add(&chan->global_l, &chan_list); list_add(&chan->global_l, &chan_list);
write_unlock_bh(&chan_list_lock); write_unlock(&chan_list_lock);
INIT_DELAYED_WORK(&chan->chan_timer, l2cap_chan_timeout); INIT_DELAYED_WORK(&chan->chan_timer, l2cap_chan_timeout);
...@@ -306,9 +306,9 @@ struct l2cap_chan *l2cap_chan_create(struct sock *sk) ...@@ -306,9 +306,9 @@ struct l2cap_chan *l2cap_chan_create(struct sock *sk)
void l2cap_chan_destroy(struct l2cap_chan *chan) void l2cap_chan_destroy(struct l2cap_chan *chan)
{ {
write_lock_bh(&chan_list_lock); write_lock(&chan_list_lock);
list_del(&chan->global_l); list_del(&chan->global_l);
write_unlock_bh(&chan_list_lock); write_unlock(&chan_list_lock);
l2cap_chan_put(chan); l2cap_chan_put(chan);
} }
...@@ -543,14 +543,14 @@ static u8 l2cap_get_ident(struct l2cap_conn *conn) ...@@ -543,14 +543,14 @@ static u8 l2cap_get_ident(struct l2cap_conn *conn)
* 200 - 254 are used by utilities like l2ping, etc. * 200 - 254 are used by utilities like l2ping, etc.
*/ */
spin_lock_bh(&conn->lock); spin_lock(&conn->lock);
if (++conn->tx_ident > 128) if (++conn->tx_ident > 128)
conn->tx_ident = 1; conn->tx_ident = 1;
id = conn->tx_ident; id = conn->tx_ident;
spin_unlock_bh(&conn->lock); spin_unlock(&conn->lock);
return id; return id;
} }
...@@ -1190,7 +1190,7 @@ inline int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid, bdad ...@@ -1190,7 +1190,7 @@ inline int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid, bdad
} }
/* Set destination address and psm */ /* Set destination address and psm */
bacpy(&bt_sk(sk)->dst, src); bacpy(&bt_sk(sk)->dst, dst);
chan->psm = psm; chan->psm = psm;
chan->dcid = cid; chan->dcid = cid;
...@@ -4702,7 +4702,7 @@ static int l2cap_debugfs_show(struct seq_file *f, void *p) ...@@ -4702,7 +4702,7 @@ static int l2cap_debugfs_show(struct seq_file *f, void *p)
{ {
struct l2cap_chan *c; struct l2cap_chan *c;
read_lock_bh(&chan_list_lock); read_lock(&chan_list_lock);
list_for_each_entry(c, &chan_list, global_l) { list_for_each_entry(c, &chan_list, global_l) {
struct sock *sk = c->sk; struct sock *sk = c->sk;
...@@ -4715,7 +4715,7 @@ static int l2cap_debugfs_show(struct seq_file *f, void *p) ...@@ -4715,7 +4715,7 @@ static int l2cap_debugfs_show(struct seq_file *f, void *p)
c->sec_level, c->mode); c->sec_level, c->mode);
} }
read_unlock_bh(&chan_list_lock); read_unlock(&chan_list_lock);
return 0; return 0;
} }
......
...@@ -587,6 +587,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, ch ...@@ -587,6 +587,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, ch
if (smp_conn_security(conn, sec.level)) if (smp_conn_security(conn, sec.level))
break; break;
sk->sk_state = BT_CONFIG; sk->sk_state = BT_CONFIG;
chan->state = BT_CONFIG;
/* or for ACL link, under defer_setup time */ /* or for ACL link, under defer_setup time */
} else if (sk->sk_state == BT_CONNECT2 && } else if (sk->sk_state == BT_CONNECT2 &&
...@@ -731,6 +732,7 @@ static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct ms ...@@ -731,6 +732,7 @@ static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct ms
if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) { if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) {
sk->sk_state = BT_CONFIG; sk->sk_state = BT_CONFIG;
pi->chan->state = BT_CONFIG;
__l2cap_connect_rsp_defer(pi->chan); __l2cap_connect_rsp_defer(pi->chan);
release_sock(sk); release_sock(sk);
......
...@@ -291,7 +291,7 @@ static u32 get_current_settings(struct hci_dev *hdev) ...@@ -291,7 +291,7 @@ static u32 get_current_settings(struct hci_dev *hdev)
if (!(hdev->features[4] & LMP_NO_BREDR)) if (!(hdev->features[4] & LMP_NO_BREDR))
settings |= MGMT_SETTING_BREDR; settings |= MGMT_SETTING_BREDR;
if (hdev->extfeatures[0] & LMP_HOST_LE) if (hdev->host_features[0] & LMP_HOST_LE)
settings |= MGMT_SETTING_LE; settings |= MGMT_SETTING_LE;
if (test_bit(HCI_AUTH, &hdev->flags)) if (test_bit(HCI_AUTH, &hdev->flags))
...@@ -2756,7 +2756,7 @@ int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status) ...@@ -2756,7 +2756,7 @@ int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
if (!cmd) if (!cmd)
return -ENOENT; return -ENOENT;
err = cmd_status(cmd->sk, hdev->id, cmd->opcode, status); err = cmd_status(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status));
mgmt_pending_remove(cmd); mgmt_pending_remove(cmd);
return err; return err;
......
...@@ -370,7 +370,7 @@ static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr ...@@ -370,7 +370,7 @@ static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr
goto done; goto done;
} }
write_lock_bh(&rfcomm_sk_list.lock); write_lock(&rfcomm_sk_list.lock);
if (sa->rc_channel && __rfcomm_get_sock_by_addr(sa->rc_channel, &sa->rc_bdaddr)) { if (sa->rc_channel && __rfcomm_get_sock_by_addr(sa->rc_channel, &sa->rc_bdaddr)) {
err = -EADDRINUSE; err = -EADDRINUSE;
...@@ -381,7 +381,7 @@ static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr ...@@ -381,7 +381,7 @@ static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr
sk->sk_state = BT_BOUND; sk->sk_state = BT_BOUND;
} }
write_unlock_bh(&rfcomm_sk_list.lock); write_unlock(&rfcomm_sk_list.lock);
done: done:
release_sock(sk); release_sock(sk);
...@@ -455,7 +455,7 @@ static int rfcomm_sock_listen(struct socket *sock, int backlog) ...@@ -455,7 +455,7 @@ static int rfcomm_sock_listen(struct socket *sock, int backlog)
err = -EINVAL; err = -EINVAL;
write_lock_bh(&rfcomm_sk_list.lock); write_lock(&rfcomm_sk_list.lock);
for (channel = 1; channel < 31; channel++) for (channel = 1; channel < 31; channel++)
if (!__rfcomm_get_sock_by_addr(channel, src)) { if (!__rfcomm_get_sock_by_addr(channel, src)) {
...@@ -464,7 +464,7 @@ static int rfcomm_sock_listen(struct socket *sock, int backlog) ...@@ -464,7 +464,7 @@ static int rfcomm_sock_listen(struct socket *sock, int backlog)
break; break;
} }
write_unlock_bh(&rfcomm_sk_list.lock); write_unlock(&rfcomm_sk_list.lock);
if (err < 0) if (err < 0)
goto done; goto done;
...@@ -982,7 +982,7 @@ static int rfcomm_sock_debugfs_show(struct seq_file *f, void *p) ...@@ -982,7 +982,7 @@ static int rfcomm_sock_debugfs_show(struct seq_file *f, void *p)
struct sock *sk; struct sock *sk;
struct hlist_node *node; struct hlist_node *node;
read_lock_bh(&rfcomm_sk_list.lock); read_lock(&rfcomm_sk_list.lock);
sk_for_each(sk, node, &rfcomm_sk_list.head) { sk_for_each(sk, node, &rfcomm_sk_list.head) {
seq_printf(f, "%s %s %d %d\n", seq_printf(f, "%s %s %d %d\n",
...@@ -991,7 +991,7 @@ static int rfcomm_sock_debugfs_show(struct seq_file *f, void *p) ...@@ -991,7 +991,7 @@ static int rfcomm_sock_debugfs_show(struct seq_file *f, void *p)
sk->sk_state, rfcomm_pi(sk)->channel); sk->sk_state, rfcomm_pi(sk)->channel);
} }
read_unlock_bh(&rfcomm_sk_list.lock); read_unlock(&rfcomm_sk_list.lock);
return 0; return 0;
} }
......
...@@ -76,7 +76,7 @@ struct rfcomm_dev { ...@@ -76,7 +76,7 @@ struct rfcomm_dev {
}; };
static LIST_HEAD(rfcomm_dev_list); static LIST_HEAD(rfcomm_dev_list);
static DEFINE_RWLOCK(rfcomm_dev_lock); static DEFINE_SPINLOCK(rfcomm_dev_lock);
static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb); static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb);
static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err); static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err);
...@@ -146,7 +146,7 @@ static inline struct rfcomm_dev *rfcomm_dev_get(int id) ...@@ -146,7 +146,7 @@ static inline struct rfcomm_dev *rfcomm_dev_get(int id)
{ {
struct rfcomm_dev *dev; struct rfcomm_dev *dev;
read_lock(&rfcomm_dev_lock); spin_lock(&rfcomm_dev_lock);
dev = __rfcomm_dev_get(id); dev = __rfcomm_dev_get(id);
...@@ -157,7 +157,7 @@ static inline struct rfcomm_dev *rfcomm_dev_get(int id) ...@@ -157,7 +157,7 @@ static inline struct rfcomm_dev *rfcomm_dev_get(int id)
rfcomm_dev_hold(dev); rfcomm_dev_hold(dev);
} }
read_unlock(&rfcomm_dev_lock); spin_unlock(&rfcomm_dev_lock);
return dev; return dev;
} }
...@@ -205,7 +205,7 @@ static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc) ...@@ -205,7 +205,7 @@ static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc)
if (!dev) if (!dev)
return -ENOMEM; return -ENOMEM;
write_lock_bh(&rfcomm_dev_lock); spin_lock(&rfcomm_dev_lock);
if (req->dev_id < 0) { if (req->dev_id < 0) {
dev->id = 0; dev->id = 0;
...@@ -290,7 +290,7 @@ static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc) ...@@ -290,7 +290,7 @@ static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc)
__module_get(THIS_MODULE); __module_get(THIS_MODULE);
out: out:
write_unlock_bh(&rfcomm_dev_lock); spin_unlock(&rfcomm_dev_lock);
if (err < 0) if (err < 0)
goto free; goto free;
...@@ -327,9 +327,9 @@ static void rfcomm_dev_del(struct rfcomm_dev *dev) ...@@ -327,9 +327,9 @@ static void rfcomm_dev_del(struct rfcomm_dev *dev)
if (atomic_read(&dev->opened) > 0) if (atomic_read(&dev->opened) > 0)
return; return;
write_lock_bh(&rfcomm_dev_lock); spin_lock(&rfcomm_dev_lock);
list_del_init(&dev->list); list_del_init(&dev->list);
write_unlock_bh(&rfcomm_dev_lock); spin_unlock(&rfcomm_dev_lock);
rfcomm_dev_put(dev); rfcomm_dev_put(dev);
} }
...@@ -473,7 +473,7 @@ static int rfcomm_get_dev_list(void __user *arg) ...@@ -473,7 +473,7 @@ static int rfcomm_get_dev_list(void __user *arg)
di = dl->dev_info; di = dl->dev_info;
read_lock_bh(&rfcomm_dev_lock); spin_lock(&rfcomm_dev_lock);
list_for_each_entry(dev, &rfcomm_dev_list, list) { list_for_each_entry(dev, &rfcomm_dev_list, list) {
if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags)) if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags))
...@@ -488,7 +488,7 @@ static int rfcomm_get_dev_list(void __user *arg) ...@@ -488,7 +488,7 @@ static int rfcomm_get_dev_list(void __user *arg)
break; break;
} }
read_unlock_bh(&rfcomm_dev_lock); spin_unlock(&rfcomm_dev_lock);
dl->dev_num = n; dl->dev_num = n;
size = sizeof(*dl) + n * sizeof(*di); size = sizeof(*dl) + n * sizeof(*di);
...@@ -766,9 +766,9 @@ static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp) ...@@ -766,9 +766,9 @@ static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp)
rfcomm_dlc_unlock(dev->dlc); rfcomm_dlc_unlock(dev->dlc);
if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags)) { if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags)) {
write_lock_bh(&rfcomm_dev_lock); spin_lock(&rfcomm_dev_lock);
list_del_init(&dev->list); list_del_init(&dev->list);
write_unlock_bh(&rfcomm_dev_lock); spin_unlock(&rfcomm_dev_lock);
rfcomm_dev_put(dev); rfcomm_dev_put(dev);
} }
......
...@@ -482,7 +482,7 @@ static int sco_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_le ...@@ -482,7 +482,7 @@ static int sco_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_le
goto done; goto done;
} }
write_lock_bh(&sco_sk_list.lock); write_lock(&sco_sk_list.lock);
if (bacmp(src, BDADDR_ANY) && __sco_get_sock_by_addr(src)) { if (bacmp(src, BDADDR_ANY) && __sco_get_sock_by_addr(src)) {
err = -EADDRINUSE; err = -EADDRINUSE;
...@@ -492,7 +492,7 @@ static int sco_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_le ...@@ -492,7 +492,7 @@ static int sco_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_le
sk->sk_state = BT_BOUND; sk->sk_state = BT_BOUND;
} }
write_unlock_bh(&sco_sk_list.lock); write_unlock(&sco_sk_list.lock);
done: done:
release_sock(sk); release_sock(sk);
...@@ -965,14 +965,14 @@ static int sco_debugfs_show(struct seq_file *f, void *p) ...@@ -965,14 +965,14 @@ static int sco_debugfs_show(struct seq_file *f, void *p)
struct sock *sk; struct sock *sk;
struct hlist_node *node; struct hlist_node *node;
read_lock_bh(&sco_sk_list.lock); read_lock(&sco_sk_list.lock);
sk_for_each(sk, node, &sco_sk_list.head) { sk_for_each(sk, node, &sco_sk_list.head) {
seq_printf(f, "%s %s %d\n", batostr(&bt_sk(sk)->src), seq_printf(f, "%s %s %d\n", batostr(&bt_sk(sk)->src),
batostr(&bt_sk(sk)->dst), sk->sk_state); batostr(&bt_sk(sk)->dst), sk->sk_state);
} }
read_unlock_bh(&sco_sk_list.lock); read_unlock(&sco_sk_list.lock);
return 0; return 0;
} }
......
...@@ -106,7 +106,7 @@ ieee80211_rx_h_michael_mic_verify(struct ieee80211_rx_data *rx) ...@@ -106,7 +106,7 @@ ieee80211_rx_h_michael_mic_verify(struct ieee80211_rx_data *rx)
if (status->flag & RX_FLAG_MMIC_ERROR) if (status->flag & RX_FLAG_MMIC_ERROR)
goto mic_fail; goto mic_fail;
if (!(status->flag & RX_FLAG_IV_STRIPPED)) if (!(status->flag & RX_FLAG_IV_STRIPPED) && rx->key)
goto update_iv; goto update_iv;
return RX_CONTINUE; return RX_CONTINUE;
......
...@@ -2250,6 +2250,7 @@ static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = { ...@@ -2250,6 +2250,7 @@ static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
}; };
static int parse_station_flags(struct genl_info *info, static int parse_station_flags(struct genl_info *info,
enum nl80211_iftype iftype,
struct station_parameters *params) struct station_parameters *params)
{ {
struct nlattr *flags[NL80211_STA_FLAG_MAX + 1]; struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
...@@ -2283,8 +2284,33 @@ static int parse_station_flags(struct genl_info *info, ...@@ -2283,8 +2284,33 @@ static int parse_station_flags(struct genl_info *info,
nla, sta_flags_policy)) nla, sta_flags_policy))
return -EINVAL; return -EINVAL;
params->sta_flags_mask = (1 << __NL80211_STA_FLAG_AFTER_LAST) - 1; /*
params->sta_flags_mask &= ~1; * Only allow certain flags for interface types so that
* other attributes are silently ignored. Remember that
* this is backward compatibility code with old userspace
* and shouldn't be hit in other cases anyway.
*/
switch (iftype) {
case NL80211_IFTYPE_AP:
case NL80211_IFTYPE_AP_VLAN:
case NL80211_IFTYPE_P2P_GO:
params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
BIT(NL80211_STA_FLAG_WME) |
BIT(NL80211_STA_FLAG_MFP);
break;
case NL80211_IFTYPE_P2P_CLIENT:
case NL80211_IFTYPE_STATION:
params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
BIT(NL80211_STA_FLAG_TDLS_PEER);
break;
case NL80211_IFTYPE_MESH_POINT:
params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
BIT(NL80211_STA_FLAG_MFP) |
BIT(NL80211_STA_FLAG_AUTHORIZED);
default:
return -EINVAL;
}
for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++)
if (flags[flag]) if (flags[flag])
...@@ -2585,7 +2611,7 @@ static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info) ...@@ -2585,7 +2611,7 @@ static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
if (!rdev->ops->change_station) if (!rdev->ops->change_station)
return -EOPNOTSUPP; return -EOPNOTSUPP;
if (parse_station_flags(info, &params)) if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
return -EINVAL; return -EINVAL;
if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
...@@ -2731,7 +2757,7 @@ static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info) ...@@ -2731,7 +2757,7 @@ static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
if (!rdev->ops->add_station) if (!rdev->ops->add_station)
return -EOPNOTSUPP; return -EOPNOTSUPP;
if (parse_station_flags(info, &params)) if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
return -EINVAL; return -EINVAL;
switch (dev->ieee80211_ptr->iftype) { switch (dev->ieee80211_ptr->iftype) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment