linux-2.6-microblaze.git
14 years agoBluetooth: Remove l2cap_sk_list
Gustavo F. Padovan [Wed, 27 Apr 2011 21:26:32 +0000 (18:26 -0300)]
Bluetooth: Remove l2cap_sk_list

A new list was added to replace the socket based one. This new list
doesn't depent on sock and then fits better inside l2cap_core.c code.

It also rename l2cap_chan_alloc() to l2cap_chan_create() and
l2cap_chan_free() to l2cap_chan_destroy)

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Handle psm == 0 case inside l2cap_add_psm()
Gustavo F. Padovan [Mon, 18 Apr 2011 22:36:44 +0000 (19:36 -0300)]
Bluetooth: Handle psm == 0 case inside l2cap_add_psm()

When the user doesn't specify a psm we have the choose one for the
channel. Now we do this inside l2cap_add_psm().

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Add l2cap_add_psm() and l2cap_add_scid()
Gustavo F. Padovan [Mon, 18 Apr 2011 21:38:43 +0000 (18:38 -0300)]
Bluetooth: Add l2cap_add_psm() and l2cap_add_scid()

The intention is to get rid of the l2cap_sk_list usage inside
l2cap_core.c. l2cap_sk_list will soon be replaced by a list that does not
depend on socket usage.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Fix updating conn->auth_type in hci_io_capa_request_evt
Johan Hedberg [Thu, 28 Apr 2011 18:29:04 +0000 (11:29 -0700)]
Bluetooth: Fix updating conn->auth_type in hci_io_capa_request_evt

In some circumstances hci_get_auth_req will return a value different
from the current conn->auth_type. In these cases update conn->auth_type
so that when a user confirm request comes it doesn't falsely trigger
auto-accept.

Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Add store_hint parameter to mgmt_new_key
Johan Hedberg [Thu, 28 Apr 2011 18:29:03 +0000 (11:29 -0700)]
Bluetooth: Add store_hint parameter to mgmt_new_key

Even for keys that shouldn't be stored some use cases require the
knowledge of a new key having been created so that the conclusion of a
successful pairing can be made. Therefore, always send the mgmt_new_key
event but add a store_hint parameter to it to indicate to user space
whether the key should be stored or not.

Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Remove old_key_type from mgmt_ev_new_key
Johan Hedberg [Thu, 28 Apr 2011 18:29:02 +0000 (11:29 -0700)]
Bluetooth: Remove old_key_type from mgmt_ev_new_key

User space shouldn't have any need for the old key type so remove it
from the corresponding Management interface event.

Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Fix connection key type updating for buggy controllers
Johan Hedberg [Thu, 28 Apr 2011 18:29:01 +0000 (11:29 -0700)]
Bluetooth: Fix connection key type updating for buggy controllers

If a controller generates a changed combination key as its first key the
connection key type will not be correctly set. In these situations make
sure the update the connection key type when such a buggy controller is
detected.

Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Fix old_key_type logic for non-persistent keys
Johan Hedberg [Thu, 28 Apr 2011 18:29:00 +0000 (11:29 -0700)]
Bluetooth: Fix old_key_type logic for non-persistent keys

Even if there's no previous key stored the connection might still be
secured with a non-persistent key and in that case the key type in the
hci_conn struct should be checked.

Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Fix link key persistent storage criteria
Johan Hedberg [Thu, 28 Apr 2011 18:28:59 +0000 (11:28 -0700)]
Bluetooth: Fix link key persistent storage criteria

Link keys should only be stored if very specific criteria of the
authentication process are fulfilled. This patch essentially copies the
criteria that user space has so far been using to the kernel side so
that the management interface works properly.

Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Fix logic in hci_pin_code_request_evt
Johan Hedberg [Thu, 28 Apr 2011 18:28:58 +0000 (11:28 -0700)]
Bluetooth: Fix logic in hci_pin_code_request_evt

The mgmt_ev_pin_code_request event should not be sent to user space if
the request gets rejected by the kernel due to the pairable flag not
being set.

Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Fix reason code for pairing rejection
Johan Hedberg [Thu, 28 Apr 2011 18:28:57 +0000 (11:28 -0700)]
Bluetooth: Fix reason code for pairing rejection

"Pairing not allowed" is 0x18 and not 0x16.

Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Add confirm_hint parameter to user confirmation requests
Johan Hedberg [Thu, 28 Apr 2011 18:28:56 +0000 (11:28 -0700)]
Bluetooth: Add confirm_hint parameter to user confirmation requests

When accepting a pairing request which fulfills the SSP auto-accept
criteria we need to push the request all the way to the user for
confirmation. This patch adds a new hint to the user_confirm_request
management event so user space can know when to show a numeric
comparison dialog and when to show a simple yes/no confirmation dialog.

Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Fix HCI_CONN_AUTH_PEND flag for all authentication requests
Johan Hedberg [Thu, 28 Apr 2011 18:28:55 +0000 (11:28 -0700)]
Bluetooth: Fix HCI_CONN_AUTH_PEND flag for all authentication requests

The HCI_CONN_AUTH_PEND flag should be set whenever requesting
authentication so that multiple pending requests can't occur.

Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Add variable SSP auto-accept delay support
Johan Hedberg [Thu, 28 Apr 2011 18:28:54 +0000 (11:28 -0700)]
Bluetooth: Add variable SSP auto-accept delay support

Some test systems require an arbitrary delay to the auto-accept test
cases for Secure Simple Pairing in order for the tests to pass.
Previously when this was handled in user space it was worked around by
code modifications and recompilation, but now that it's on the kernel
side it's more convenient if there's a debugfs interface for it.

Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Add automated SSP user confirmation responses
Johan Hedberg [Thu, 28 Apr 2011 18:28:53 +0000 (11:28 -0700)]
Bluetooth: Add automated SSP user confirmation responses

This patch adds automated negative and positive (auto-accept) responses
for Secure Simple Pairing user confirmation requests. The responses are
only sent if the HCI_MGMT flag is set in order not to confuse older user
space versions (without management interface support).

Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Add secure flag for mgmt_pin_code_req
Waldemar Rymarkiewicz [Thu, 28 Apr 2011 10:07:59 +0000 (12:07 +0200)]
Bluetooth: Add secure flag for mgmt_pin_code_req

Extend the mgmt_pin_code_request interface to require secure
pin code (16 digit) for authentication.

This is a kernel part of the secure pin code requirement notification
to user space agent.

Code styling fix by Johan Hedberg.

Signed-off-by: Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com>
Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Respect local MITM req in io_cap reply
Waldemar Rymarkiewicz [Thu, 28 Apr 2011 10:07:58 +0000 (12:07 +0200)]
Bluetooth: Respect local MITM req in io_cap reply

If host requires MITM protection notify that to controller in
io capabilities reply even if the remote device requires no bonding.

If it is not respected, host can get an unauthenticated link key while
it expects authenticated one.

Signed-off-by: Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Ignore key unauthenticated for high security
Waldemar Rymarkiewicz [Thu, 28 Apr 2011 10:07:56 +0000 (12:07 +0200)]
Bluetooth: Ignore key unauthenticated for high security

High security level for pre v2.1 devices requires combination link key
authenticated by at least 16 digit PIN code.

It's also necessary to update key_type and pin_length when the key
exists and is sufficently secured for the connection as there will be
no link key notify event in that case.

Signed-off-by: Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Map sec_level to link key requirements
Waldemar Rymarkiewicz [Thu, 28 Apr 2011 10:07:55 +0000 (12:07 +0200)]
Bluetooth: Map sec_level to link key requirements

Keep the link key type together with connection and use it to
map security level to link key requirements. Authenticate and/or
encrypt connection if the link is insufficiently secure.

Signed-off-by: Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Don't modify sec_level if auth failed
Waldemar Rymarkiewicz [Thu, 28 Apr 2011 10:07:54 +0000 (12:07 +0200)]
Bluetooth: Don't modify sec_level if auth failed

If authentication fails the security level should stay as it was set
before the process has started. Setting BT_SECURITY_LOW can hide real
security level on a link eg. having BT_SECURITY_MEDIUM on the link,
re-authenticate with failure to get BT_SECURITY_HIGH, as  a result we
get BT_SECURITY_LOW on the link while the real security is still medium.

Signed-off-by: Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Add definitions for link key types
Waldemar Rymarkiewicz [Thu, 28 Apr 2011 10:07:53 +0000 (12:07 +0200)]
Bluetooth: Add definitions for link key types

Introduce the link key types defs and use them instead of magic numbers.

Signed-off-by: Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Add discovering event to the Management interface
Johan Hedberg [Wed, 27 Apr 2011 14:29:57 +0000 (10:29 -0400)]
Bluetooth: Add discovering event to the Management interface

This patch adds a new event to the Management interface to track when
local adapters are discovering remote devices. For now this only tracks
BR/EDR discovery procedures.

Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com>
Signed-off-by: Anderson Briglia <anderson.briglia@openbossa.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Add basic discovery commands to the management interface
Johan Hedberg [Wed, 27 Apr 2011 14:29:56 +0000 (10:29 -0400)]
Bluetooth: Add basic discovery commands to the management interface

This patch adds start_discovery and stop_discovery commands to the
management interface. Right now their implementation is fairly
simplistic and the parameters are fixed to what user space has
defaulted to so far.
This is the very initial phase for discovery implementation into
the kernel. Next steps include name resolution, LE scanning and
bdaddr type handling.

Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com>
Signed-off-by: Anderson Briglia <anderson.briglia@openbossa.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Don't export l2cap_sock_ops
Gustavo F. Padovan [Wed, 27 Apr 2011 21:40:39 +0000 (18:40 -0300)]
Bluetooth: Don't export l2cap_sock_ops

l2cap_sk_ops can be static, it's not used outside l2cap_sock.c

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Fix memory leak with L2CAP channels
Gustavo F. Padovan [Mon, 25 Apr 2011 18:10:41 +0000 (15:10 -0300)]
Bluetooth: Fix memory leak with L2CAP channels

A new l2cap_chan_free() is added to free the channels.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Move conn to struct l2cap_chan
Gustavo F. Padovan [Wed, 13 Apr 2011 23:23:55 +0000 (20:23 -0300)]
Bluetooth: Move conn to struct l2cap_chan

There is no need to the socket deal directly with the channel, most of the
time it cares about the channel only.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Move more vars to struct l2cap_chan
Gustavo F. Padovan [Wed, 13 Apr 2011 22:50:45 +0000 (19:50 -0300)]
Bluetooth: Move more vars to struct l2cap_chan

In this commit, psm, scid and dcid.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Move more channel info to struct l2cap_chan
Gustavo F. Padovan [Wed, 13 Apr 2011 20:20:49 +0000 (17:20 -0300)]
Bluetooth: Move more channel info to struct l2cap_chan

In this commit, omtu, imtu, flush_to, mode and sport. It also remove the
pi var from l2cap_sock_sendmsg().

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Move more vars to struct l2cap_chan
Gustavo F. Padovan [Wed, 13 Apr 2011 18:57:03 +0000 (15:57 -0300)]
Bluetooth: Move more vars to struct l2cap_chan

In this commit all ERTM and Streaming Mode specific vars.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Move some more elements to struct l2cap_chan
Gustavo F. Padovan [Tue, 12 Apr 2011 21:31:57 +0000 (18:31 -0300)]
Bluetooth: Move some more elements to struct l2cap_chan

In this commit sec_level, force_reliable, role_switch and flushable.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Rename l2cap_do_connect() to l2cap_chan_connect()
Gustavo F. Padovan [Tue, 12 Apr 2011 21:17:14 +0000 (18:17 -0300)]
Bluetooth: Rename l2cap_do_connect() to l2cap_chan_connect()

l2cap_chan_connect() is a much better name and reflects what this
functions is doing (or will do once socket dependence is removed from the
core).

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Move conf_state to struct l2cap_chan
Gustavo F. Padovan [Tue, 12 Apr 2011 21:15:09 +0000 (18:15 -0300)]
Bluetooth: Move conf_state to struct l2cap_chan

First move of elements depending on user data.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Refactor L2CAP channel allocation
Gustavo F. Padovan [Fri, 8 Apr 2011 18:40:02 +0000 (15:40 -0300)]
Bluetooth: Refactor L2CAP channel allocation

If the allocation happens at l2cap_sock_create() will be able to use the
struct l2cap_chan to store channel info that comes from the user via
setsockopt.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoMerge master.kernel.org:/pub/scm/linux/kernel/git/padovan/bluetooth-2.6
Gustavo F. Padovan [Thu, 21 Apr 2011 00:47:07 +0000 (21:47 -0300)]
Merge /linux/kernel/git/padovan/bluetooth-2.6

Conflicts:
net/bluetooth/l2cap_core.c
net/bluetooth/l2cap_sock.c
net/bluetooth/mgmt.c

14 years agoiwl4965: fix skb usage after free
Stanislaw Gruszka [Wed, 20 Apr 2011 14:01:46 +0000 (16:01 +0200)]
iwl4965: fix skb usage after free

Since

commit a120e912eb51e347f36c71b60a1d13af74d30e83
Author: Stanislaw Gruszka <sgruszka@redhat.com>
Date:   Fri Feb 19 15:47:33 2010 -0800

    iwlwifi: sanity check before counting number of tfds can be free

we use skb->data after calling ieee80211_tx_status_irqsafe(), which
could free skb instantly.

On current kernels I do not observe practical problems related with
bug, but on 2.6.35.y it cause random system hangs when stressing
wireless link, making bisection of other problems impossible.

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
14 years agoiwlwifi: fix skb usage after free
Stanislaw Gruszka [Wed, 20 Apr 2011 13:57:14 +0000 (15:57 +0200)]
iwlwifi: fix skb usage after free

Since

commit a120e912eb51e347f36c71b60a1d13af74d30e83
Author: Stanislaw Gruszka <sgruszka@redhat.com>
Date:   Fri Feb 19 15:47:33 2010 -0800

    iwlwifi: sanity check before counting number of tfds can be free

we use skb->data after calling ieee80211_tx_status_irqsafe(), which
could free skb instantly.

On current kernels I do not observe practical problems related with
bug, but on 2.6.35.y it cause random system hangs when stressing
wireless link.

Cc: stable@kernel.org # 2.6.32+
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Acked-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
14 years agomac80211: fix SMPS debugfs locking
Johannes Berg [Tue, 19 Apr 2011 18:44:04 +0000 (20:44 +0200)]
mac80211: fix SMPS debugfs locking

The locking with SMPS requests means that the
debugs file should lock the mgd mutex, not the
iflist mutex. Calls to __ieee80211_request_smps()
need to hold that mutex, so add an assertion.

This has always been wrong, but for some reason
never been noticed, probably because the locking
error only happens while unassociated.

Cc: stable@kernel.org [2.6.34+]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
14 years agoMerge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/padovan/blueto...
John W. Linville [Wed, 20 Apr 2011 19:56:44 +0000 (15:56 -0400)]
Merge branch 'master' of git://git./linux/kernel/git/padovan/bluetooth-2.6

14 years agoath9k: fix the return value of ath_stoprecv
Felix Fietkau [Thu, 14 Apr 2011 22:41:43 +0000 (00:41 +0200)]
ath9k: fix the return value of ath_stoprecv

The patch 'ath9k_hw: fix stopping rx DMA during resets' added code to detect
a condition where rx DMA was stopped, but the MAC failed to enter the idle
state. This condition requires a hardware reset, however the return value
of ath_stoprecv was 'true' in that case, which allowed it to skip the reset
when issuing a fast channel change.

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Reported-by: Paul Stewart <pstew@google.com>
Cc: stable@kernel.org
Signed-off-by: John W. Linville <linville@tuxdriver.com>
14 years agoBluetooth: Only keeping SAR bits when retransmitting one frame.
Ruiyi Zhang [Mon, 18 Apr 2011 03:04:30 +0000 (11:04 +0800)]
Bluetooth: Only keeping SAR bits when retransmitting one frame.

When retrasmitting one frame, only SAR bits in control field should
be kept.

Signed-off-by: Ruiyi Zhang <Ruiyi.zhang@atheros.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: fix shutdown on SCO sockets
Luiz Augusto von Dentz [Fri, 8 Apr 2011 14:10:41 +0000 (17:10 +0300)]
Bluetooth: fix shutdown on SCO sockets

shutdown should wait for SCO link to be properly disconnected before
detroying the socket, otherwise an application using the socket may
assume link is properly disconnected before it really happens which
can be a problem when e.g synchronizing profile switch.

Signed-off-by: Luiz Augusto von Dentz <luiz.dentz-von@nokia.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Fix keeping the command timer running
Vinicius Costa Gomes [Mon, 11 Apr 2011 21:46:55 +0000 (18:46 -0300)]
Bluetooth: Fix keeping the command timer running

In the teardown path the reset command is sent to the controller,
this event causes the command timer to be reactivated.

So the timer is removed in two situations, when the adapter isn't
marked as UP and when we know that some command has been sent.

Reported-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Fix refcount balance for hci connection
Ville Tervo [Thu, 7 Apr 2011 11:59:50 +0000 (14:59 +0300)]
Bluetooth: Fix refcount balance for hci connection

hci_io_capa_reply_evt() holds reference for hciconnection. It's useless since
hci_io_capa_request_evt()/hci_simple_pair_complete_evt() already protects the
connection. In addition it leaves connection open after failed SSP pairing.

Signed-off-by: Ville Tervo <ville.tervo@nokia.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoiwlwifi: fix frame injection for HT channels
Daniel Halperin [Wed, 6 Apr 2011 19:47:25 +0000 (12:47 -0700)]
iwlwifi: fix frame injection for HT channels

For some reason, sending QoS configuration causes transmission to stop
after a single frame on HT channels when not associated. Removing the
extra QoS configuration has no effect on station mode, and fixes
injection mode.

Signed-off-by: Daniel Halperin <dhalperi@cs.washington.edu>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
14 years agoBluetooth: Fix lockdep warning in L2CAP
Gustavo F. Padovan [Thu, 14 Apr 2011 20:57:26 +0000 (17:57 -0300)]
Bluetooth: Fix lockdep warning in L2CAP

Fix a regression from the L2CAP "rewrite" patches.
Purge the tx_q already happens on l2cap_chan_del() so we don't need it at
l2cap_disconnect_req().

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Fix another locking unbalance
Gustavo F. Padovan [Thu, 14 Apr 2011 21:34:34 +0000 (18:34 -0300)]
Bluetooth: Fix another locking unbalance

l2cap_get_sock_by_scid was changed to not lock the socket anymore, but I
forgot to change all the users of this function.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Don't lock sock inside l2cap_get_sock_by_scid()
Gustavo F. Padovan [Wed, 13 Apr 2011 22:01:22 +0000 (19:01 -0300)]
Bluetooth: Don't lock sock inside l2cap_get_sock_by_scid()

Fix an locking issue with the new l2cap_att_channel(). l2cap_att_channel()
was trying to lock a locked socket.

Reported-by: Anderson Lizardo <anderson.lizardo@openbossa.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoiwlegacy: fix tx_power initialization
Stanislaw Gruszka [Wed, 13 Apr 2011 08:56:51 +0000 (10:56 +0200)]
iwlegacy: fix tx_power initialization

priv->tx_power_next is not initialized to max supported power,
but instead default value is used, what cause errors like

[   58.597834] iwl3945 0000:03:00.0: Requested user TXPOWER 15 above upper limit 14.
[   58.597839] iwl3945 0000:03:00.0: Error setting Tx power (-22).

if maximum tx power read from the eeprom is smaller than default.
In consequence card is unable to initialize properly. Fix the problem
and cleanup tx power initialization.

Reported-and-tested-by: Robin Dong <hao.bigrat@gmail.com>
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
14 years agoBluetooth: btmrvl: support Marvell Bluetooth device SD8787
Kevin Gan [Sat, 9 Apr 2011 01:19:33 +0000 (18:19 -0700)]
Bluetooth: btmrvl: support Marvell Bluetooth device SD8787

The SD8787 firmware image is shared with mwifiex driver.
Whoever gets loaded first will be responsible for firmware
downloading.

Signed-off-by: Kevin Gan <ganhy@marvell.com>
Signed-off-by: Tristan Xu <xurf@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Check return value of hci_recv_stream_fragment()
Gustavo F. Padovan [Thu, 7 Apr 2011 21:53:45 +0000 (18:53 -0300)]
Bluetooth: Check return value of hci_recv_stream_fragment()

It may return error and in this case we do add to the stats.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: hci_uart: check the return value of recv()
Jiejing Zhang [Thu, 7 Apr 2011 12:37:06 +0000 (20:37 +0800)]
Bluetooth: hci_uart: check the return value of recv()

Check the return value of hu->proto->recv() in hci_uart_tty_receive()
the recv() may return error, check it, not add this to statistics.

Signed-off-by: Jiejing Zhang <jiejing.zhang@freescale.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Fix Out Of Band pairing when mgmt interface is disabled
Szymon Janc [Wed, 6 Apr 2011 11:01:59 +0000 (13:01 +0200)]
Bluetooth: Fix Out Of Band pairing when mgmt interface is disabled

Use kernel stored remote Out Of Band data only if management interface
is enabled. Otherwise HCI_OP_REMOTE_OOB_DATA_NEG_REPLY was sent to
controller even if remote Out Of Band data was present in bluetoothd.

Signed-off-by: Szymon Janc <szymon.janc@tieto.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Add proper handling of received LE data
Gustavo F. Padovan [Thu, 7 Apr 2011 19:40:25 +0000 (16:40 -0300)]
Bluetooth: Add proper handling of received LE data

Despite it works, handling through l2cap_data_channel() is wrongs.
That function should handle only connection oriented data.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Clean up ath3k_load_firmware()
Gustavo F. Padovan [Wed, 6 Apr 2011 01:29:31 +0000 (22:29 -0300)]
Bluetooth: Clean up ath3k_load_firmware()

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Fix wrong comparison in listen()
Gustavo F. Padovan [Tue, 5 Apr 2011 18:24:40 +0000 (15:24 -0300)]
Bluetooth: Fix wrong comparison in listen()

We should check for the pi->scid there.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Move tx queue to struct l2cap_chan
Gustavo F. Padovan [Mon, 4 Apr 2011 19:16:44 +0000 (16:16 -0300)]
Bluetooth: Move tx queue to struct l2cap_chan

tx_q is the queue used by ERTM mode.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Remove unneeded uninitialized_vars()
Gustavo F. Padovan [Mon, 4 Apr 2011 19:00:55 +0000 (16:00 -0300)]
Bluetooth: Remove unneeded uninitialized_vars()

That was unnecessary use of it.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Remove some sk references from l2cap_core.c
Gustavo F. Padovan [Mon, 4 Apr 2011 18:59:54 +0000 (15:59 -0300)]
Bluetooth: Remove some sk references from l2cap_core.c

Change some BT_DBG messages and consequently remove some struct sock
declarations.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Move SREJ list to struct l2cap_chan
Gustavo F. Padovan [Mon, 4 Apr 2011 18:40:12 +0000 (15:40 -0300)]
Bluetooth: Move SREJ list to struct l2cap_chan

As part of moving all the Channel related operation to struct l2cap_chan.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoath9k_htc: Fix ethtool reporting
Sujith Manoharan [Mon, 11 Apr 2011 17:26:55 +0000 (22:56 +0530)]
ath9k_htc: Fix ethtool reporting

Pass the correct module name and device interface so that
ethtool can display the proper values.

The firmware version will be fixed later on when the FW
can actually report a version. :)

Reported-by: Richard Farina <sidhayn@gmail.com>
Signed-off-by: Sujith Manoharan <Sujith.Manoharan@atheros.com>
Tested-by: Richard Farina <sidhayn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
14 years agoath9k_hw: fix stopping rx DMA during resets
Felix Fietkau [Fri, 8 Apr 2011 18:13:18 +0000 (20:13 +0200)]
ath9k_hw: fix stopping rx DMA during resets

During PHY errors, the MAC can sometimes fail to enter an idle state on older
hardware (before AR9380) after an rx stop has been requested.

This typically shows up in the kernel log with messages like these:

ath: Could not stop RX, we could be confusing the DMA engine when we start RX up
------------[ cut here ]------------
WARNING: at drivers/net/wireless/ath/ath9k/recv.c:504 ath_stoprecv+0xcc/0xf0 [ath9k]()
Call Trace:
[<8023f0e8>] dump_stack+0x8/0x34
[<80075050>] warn_slowpath_common+0x78/0xa4
[<80075094>] warn_slowpath_null+0x18/0x24
[<80d66d60>] ath_stoprecv+0xcc/0xf0 [ath9k]
[<80d642cc>] ath_set_channel+0xbc/0x270 [ath9k]
[<80d65254>] ath_radio_disable+0x4a4/0x7fc [ath9k]

When this happens, the state that the MAC enters is easy to identify and
does not result in bogus DMA traffic, however to ensure a working state
after a channel change, the hardware should still be reset.

This patch adds detection for this specific MAC state, after which the above
warnings completely disappear in my tests.

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Cc: stable@kernel.org
Cc: Kyungwan Nam <Kyungwan.Nam@Atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
14 years agoiwlegacy: make iwl3945 and iwl4965 select IWLWIFI_LEGACY
John W. Linville [Mon, 11 Apr 2011 17:02:06 +0000 (13:02 -0400)]
iwlegacy: make iwl3945 and iwl4965 select IWLWIFI_LEGACY

Otherwise, IWLWIFI_LEGACY has to be selected independently before the
drivers are made available.

Reported-by: Dave Airlie <airlied@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Cc: Stanislaw Gruszka <sgruszka@redhat.com>
Cc: Wey-Yi Guy <wey-yi.w.guy@intel.com>
14 years agop54: Initialize extra_len in p54_tx_80211
Jason Conti [Thu, 7 Apr 2011 19:09:57 +0000 (21:09 +0200)]
p54: Initialize extra_len in p54_tx_80211

This patch fixes a very serious off-by-one bug in
the driver, which could leave the device in an
unresponsive state.

The problem was that the extra_len variable [used to
reserve extra scratch buffer space for the firmware]
was left uninitialized. Because p54_assign_address
later needs the value to reserve additional space,
the resulting frame could be to big for the small
device's memory window and everything would
immediately come to a grinding halt.

Reference: https://bugs.launchpad.net/bugs/722185

Cc: <stable@kernel.org>
Acked-by: Christian Lamparter <chunkeey@googlemail.com>
Signed-off-by: Jason Conti <jason.conti@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
14 years agoath9k: fix missing ath9k_ps_wakeup/ath9k_ps_restore calls
Felix Fietkau [Thu, 7 Apr 2011 17:07:17 +0000 (19:07 +0200)]
ath9k: fix missing ath9k_ps_wakeup/ath9k_ps_restore calls

These missing chip wakeups mainly cause crashes on AR5416 cards in MIPS
boards, but have also been reported to cause radio stability issues on
AR9285.

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Cc: stable@kernel.org
Signed-off-by: John W. Linville <linville@tuxdriver.com>
14 years agoBluetooth: Fix lockdep warning with skb list lock
Gustavo F. Padovan [Fri, 1 Apr 2011 18:13:36 +0000 (15:13 -0300)]
Bluetooth: Fix lockdep warning with skb list lock

This is a regression acctually, caused by the first patch series for
creating a formal strcut l2cap_chan.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Move busy workqueue to struct l2cap_chan
Gustavo F. Padovan [Fri, 25 Mar 2011 23:41:00 +0000 (20:41 -0300)]
Bluetooth: Move busy workqueue to struct l2cap_chan

As part of the moving channel stuff to l2cap_chan.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Move srej and busy queues to struct l2cap_chan
Gustavo F. Padovan [Fri, 25 Mar 2011 23:36:10 +0000 (20:36 -0300)]
Bluetooth: Move srej and busy queues to struct l2cap_chan

As part of the moving channel stuff to l2cap_chan.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Move ERTM timers to struct l2cap_chan
Gustavo F. Padovan [Fri, 1 Apr 2011 03:53:45 +0000 (00:53 -0300)]
Bluetooth: Move ERTM timers to struct l2cap_chan

This also triggered a change in l2cap_send_disconn_req() parameters.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Move remote info to struct l2cap_chan
Gustavo F. Padovan [Fri, 25 Mar 2011 23:15:28 +0000 (20:15 -0300)]
Bluetooth: Move remote info to struct l2cap_chan

As part of the moving channel stuff to l2cap_chan.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Move SDU related vars to struct l2cap_chan
Gustavo F. Padovan [Fri, 25 Mar 2011 23:09:37 +0000 (20:09 -0300)]
Bluetooth: Move SDU related vars to struct l2cap_chan

As part of the moving channel stuff to l2cap_chan.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Move more ERTM stuff to struct l2cap_chan
Gustavo F. Padovan [Fri, 1 Apr 2011 03:38:50 +0000 (00:38 -0300)]
Bluetooth: Move more ERTM stuff to struct l2cap_chan

As part of the moving channel stuff to l2cap_chan.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Move of ERTM *_seq vars to struct l2cap_chan
Gustavo F. Padovan [Fri, 25 Mar 2011 22:58:34 +0000 (19:58 -0300)]
Bluetooth: Move of ERTM *_seq vars to struct l2cap_chan

As part of the moving channel to stuff to struct l2cap_chan.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Move conn_state to struct l2cap_chan
Gustavo F. Padovan [Fri, 25 Mar 2011 22:43:39 +0000 (19:43 -0300)]
Bluetooth: Move conn_state to struct l2cap_chan

This is part of "moving things to l2cap_chan". As one the first move it
triggered a big number of changes in the funcions parameters, basically
changing the struct sock param to struct l2cap_chan.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: clean up l2cap_sock_recvmsg()
Gustavo F. Padovan [Fri, 25 Mar 2011 17:30:37 +0000 (14:30 -0300)]
Bluetooth: clean up l2cap_sock_recvmsg()

Move some channel specific stuff to l2cap_core.c, this will make things
more clear.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Move conf_{req,rsp} stuff to struct l2cap_chan
Gustavo F. Padovan [Fri, 25 Mar 2011 17:16:54 +0000 (14:16 -0300)]
Bluetooth: Move conf_{req,rsp} stuff to struct l2cap_chan

They are also l2cap_chan specific.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Move ident to struct l2cap_chan
Gustavo F. Padovan [Fri, 25 Mar 2011 16:59:37 +0000 (13:59 -0300)]
Bluetooth: Move ident to struct l2cap_chan

ident is chan property, no need to reside on socket.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Remove struct del_list
Gustavo F. Padovan [Fri, 1 Apr 2011 03:35:21 +0000 (00:35 -0300)]
Bluetooth: Remove struct del_list

As we use struct list_head to keep L2CAP channels list the workaround with
del_list is not needed anymore.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Use struct list_head for L2CAP channels list
Gustavo F. Padovan [Thu, 31 Mar 2011 19:17:41 +0000 (16:17 -0300)]
Bluetooth: Use struct list_head for L2CAP channels list

Use a well known Kernel API is always a good idea than implement your own
list.
In the future we might use RCU on this list.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Create struct l2cap_chan
Gustavo F. Padovan [Fri, 25 Mar 2011 03:22:30 +0000 (00:22 -0300)]
Bluetooth: Create struct l2cap_chan

struct l2cap_chan cames to create a clear separation between what
properties and data belongs to the L2CAP channel and what belongs to the
socket. By now we just fold the struct sock * in struct l2cap_chan as all
the channel info is struct l2cap_pinfo today.

In the next commits we will see a move of channel stuff to struct
l2cap_chan.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoath: add missing regdomain pair 0x5c mapping
Christian Lamparter [Wed, 6 Apr 2011 18:40:31 +0000 (20:40 +0200)]
ath: add missing regdomain pair 0x5c mapping

Joe Culler reported a problem with his AR9170 device:

> ath: EEPROM regdomain: 0x5c
> ath: EEPROM indicates we should expect a direct regpair map
> ath: invalid regulatory domain/country code 0x5c
> ath: Invalid EEPROM contents

It turned out that the regdomain 'APL7_FCCA' was not mapped yet.
According to Luis R. Rodriguez [Atheros' engineer] APL7 maps to
FCC_CTL and FCCA maps to FCC_CTL as well, so the attached patch
should be correct.

Cc: <stable@kernel.org>
Reported-by: Joe Culler <joe.culler@gmail.com>
Acked-by: Luis R. Rodriguez <lrodriguez@atheros.com>
Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
14 years agomwl8k: do not free unrequested irq
Brian Cavagnolo [Wed, 6 Apr 2011 08:48:46 +0000 (14:18 +0530)]
mwl8k: do not free unrequested irq

When the mwl8k driver attempts and fails to switch from sta to ap
firmware (or vice-versa) in the mwl8k_add_interface routine, the
mwl8k_stop routine will be called. This routine must not attempt
to free the irq if it was not requested.

Signed-off-by: Brian Cavagnolo <brian@cozybit.com>
Signed-off-by: Nishant Sarmukadam <nishants@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
14 years agoiwlagn: override 5300 EEPROM # of chains
Johannes Berg [Tue, 5 Apr 2011 15:55:05 +0000 (08:55 -0700)]
iwlagn: override 5300 EEPROM # of chains

At least EEPROM version 0x11A has the wrong
number of chains programmed into it for some
reason, so we need to override in the driver.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
14 years agoBluetooth: convert net/bluetooth/ to kstrtox
Alexey Dobriyan [Sat, 2 Apr 2011 11:19:41 +0000 (14:19 +0300)]
Bluetooth: convert net/bluetooth/ to kstrtox

Convert from strict_strto*() interfaces to kstrto*() interfaces.

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Use GFP_KERNEL in user context
Gustavo F. Padovan [Mon, 4 Apr 2011 21:56:53 +0000 (18:56 -0300)]
Bluetooth: Use GFP_KERNEL in user context

The allocation in mgmt_control() code are in user context and not locked
by any spinlock, so it's not recommended the use of GFP_ATOMIC there.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Don't use spin_lock_bh in user context
Gustavo F. Padovan [Mon, 4 Apr 2011 22:06:05 +0000 (19:06 -0300)]
Bluetooth: Don't use spin_lock_bh in user context

spin_lock() and spin_unlock() are more apropiated for user context.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Use kthread API in cmtp
Szymon Janc [Mon, 21 Mar 2011 13:20:06 +0000 (14:20 +0100)]
Bluetooth: Use kthread API in cmtp

kernel_thread() is a low-level implementation detail and
EXPORT_SYMBOL(kernel_thread) is scheduled for removal.
Use the <linux/kthread.h> API instead.

Signed-off-by: Szymon Janc <szymon.janc@tieto.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Use kthread API in bnep
Szymon Janc [Mon, 21 Mar 2011 13:20:00 +0000 (14:20 +0100)]
Bluetooth: Use kthread API in bnep

kernel_thread() is a low-level implementation detail and
EXPORT_SYMBOL(kernel_thread) is scheduled for removal.
Use the <linux/kthread.h> API instead.

Signed-off-by: Szymon Janc <szymon.janc@tieto.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Use kthread API in hidp
Szymon Janc [Tue, 5 Apr 2011 13:37:45 +0000 (15:37 +0200)]
Bluetooth: Use kthread API in hidp

kernel_thread() is a low-level implementation detail and
EXPORT_SYMBOL(kernel_thread) is scheduled for removal.
Use the <linux/kthread.h> API instead.

Signed-off-by: Szymon Janc <szymon.janc@tieto.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Add mgmt_remote_name event
Johan Hedberg [Wed, 30 Mar 2011 10:18:12 +0000 (13:18 +0300)]
Bluetooth: Add mgmt_remote_name event

This patch adds a new remote_name event to the Management interface
which is sent every time the name of a remote device is resolved (over
BR/EDR).

Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Add mgmt_device_found event
Johan Hedberg [Wed, 30 Mar 2011 20:57:16 +0000 (23:57 +0300)]
Bluetooth: Add mgmt_device_found event

This patch adds a device_found event to the Management interface. For
now the event only maps to BR/EDR inquiry result HCI events, but in the
future the plan is to also use it for the LE device discovery process.

Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoBluetooth: Remove gfp_mask param from hci_reassembly()
Gustavo F. Padovan [Mon, 4 Apr 2011 21:25:14 +0000 (18:25 -0300)]
Bluetooth: Remove gfp_mask param from hci_reassembly()

It is unnecessary, once we are always in interrupt context.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14 years agoiwlwifi: accept EEPROM version 0x423 for iwl6000
John W. Linville [Mon, 4 Apr 2011 17:18:44 +0000 (13:18 -0400)]
iwlwifi: accept EEPROM version 0x423 for iwl6000

A number of these devices have appeared "in the wild", and apparently
the Windows driver is perfectly happy to support this EEPROM version.

Signed-off-by: John W. Linville <linville@tuxdriver.com>
Cc: stable@kernel.org
Acked-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
14 years agort2x00: fix cancelling uninitialized work
Stanislaw Gruszka [Mon, 4 Apr 2011 11:50:32 +0000 (13:50 +0200)]
rt2x00: fix cancelling uninitialized work

{rx,tx}done_work's are only initialized for usb devices.

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Cc: stable@kernel.org
Acked-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
14 years agortlwifi: Fix some warnings/bugs
Larry Finger [Sat, 2 Apr 2011 23:10:22 +0000 (18:10 -0500)]
rtlwifi: Fix some warnings/bugs

Some compiler/architecture combinations generate some warnings that are
not seen on my main system. Two of the "warnings" about unitialized variables
are really bugs.

Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
14 years agop54usb: IDs for two new devices
Christian Lamparter [Sat, 2 Apr 2011 09:31:29 +0000 (11:31 +0200)]
p54usb: IDs for two new devices

Cc: <stable@kernel.org>
Reported-by: Mark Davis [via p54/devices wiki]
Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
14 years agowl12xx: fix potential buffer overflow in testmode nvs push
Luciano Coelho [Fri, 1 Apr 2011 16:42:02 +0000 (19:42 +0300)]
wl12xx: fix potential buffer overflow in testmode nvs push

We were allocating the size of the NVS file struct and not checking
whether the length of the buffer passed was correct before copying it
into the allocated memory.  This is a security hole because buffer
overflows can occur if the userspace passes a bigger file than what is
expected.

With this patch, we check if the size of the data passed from
userspace matches the size required.

This bug was introduced in 2.6.36.

Cc: stable@kernel.org
Reported-by: Ido Yariv <ido@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
14 years agozd1211rw: reset rx idle timer from tasklet
Jussi Kivilinna [Fri, 1 Apr 2011 16:34:16 +0000 (19:34 +0300)]
zd1211rw: reset rx idle timer from tasklet

2.6.38 added WARN_ON(in_irq) in del_timer_sync that triggers on zd1211rw when
reseting rx idle timer in urb completion handler.

Move timer reseting to tasklet.

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
14 years agozd1211rw: remove URB_SHORT_NOT_OK flag in zd_usb_iowrite16v_async()
Jussi Kivilinna [Fri, 1 Apr 2011 16:34:08 +0000 (19:34 +0300)]
zd1211rw: remove URB_SHORT_NOT_OK flag in zd_usb_iowrite16v_async()

Patch removes the bogus flag introduced by upstream commit
eefdbec1ea8b7093d2c09d1825f68438701723cf. Old code had buffer length check
that new code tried to handle with URB_SHORT_NOT_OK flag. With USB debugging
enabled bogus flag caused usb_submit_urb fail.

Remove URB_SHORT_NOT_OK flag and add buffer length check to urb completion
handler.

Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=32092
Reported-by: Jonathan Callen <abcd@gentoo.org>
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
14 years agomac80211: Fix duplicate frames on cooked monitor
Helmut Schaa [Fri, 1 Apr 2011 13:46:05 +0000 (15:46 +0200)]
mac80211: Fix duplicate frames on cooked monitor

Cleaning the ieee80211_rx_data.flags field here is wrong, instead the
flags should be valid accross processing the frame on different
interfaces. Fix this by removing the incorrect flags=0 assignment.

Introduced in commit 554891e63a29af35cc6bb403ef34e319518114d0
(mac80211: move packet flags into packet).

Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
14 years agomac80211: fix comment regarding aggregation buf_size
Johannes Berg [Fri, 1 Apr 2011 11:52:34 +0000 (13:52 +0200)]
mac80211: fix comment regarding aggregation buf_size

The description for buf_size was misleading and
just said you couldn't TX larger aggregates, but
of course you can't TX aggregates in a way that
would exceed the window either, which is possible
even if the aggregates are shorter than that.

Expand the description, thanks to Emmanuel for
explaining this to me.

Cc: Emmanuel Grumbach <egrumbach@gmail.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>