diff options
| author | David S. Miller <davem@davemloft.net> | 2013-11-21 12:58:51 -0500 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2013-11-21 12:58:51 -0500 |
| commit | 78ef359cb6211f590298451cb0c62a9d5ba3d12a (patch) | |
| tree | 159e3c6ed082d91f1b5336397364b3e4e01062e2 /net | |
| parent | cd2cc01b675007c3ce235c1f172511c6b2a3ecfa (diff) | |
| parent | 7acd71879ce408af2d2ca3cd3ec3a86d0667ceae (diff) | |
Merge branch 'for-davem' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless
John W. Linville says:
====================
pull request: wireless 2013-11-21
Please pull this batch of fixes intended for the 3.13 stream!
For the Bluetooth bits, Gustavo says:
"A few fixes for 3.13. There is 3 fixes to the RFCOMM protocol. One
crash fix to L2CAP. A simple fix to a bad behaviour in the SMP
protocol."
On top of that...
Amitkumar Karwar sends a quintet of mwifiex fixes -- two fixes related
to failure handling, two memory leak fixes, and a NULL pointer fix.
Felix Fietkau corrects and earlier rt2x00 HT descriptor handling fix
to address a crash.
Geyslan G. Bem fixes a memory leak in brcmfmac.
Larry Finger address more pointer arithmetic errors in rtlwifi.
Luis R. Rodriguez provides a regulatory fix in the shared ath code.
Sujith Manoharan brings a couple ath9k initialization fixes.
Ujjal Roy offers one more mwifiex fix to avoid invalid memory accesses
when unloading the USB driver.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
| -rw-r--r-- | net/bluetooth/l2cap_core.c | 3 | ||||
| -rw-r--r-- | net/bluetooth/rfcomm/core.c | 3 | ||||
| -rw-r--r-- | net/bluetooth/rfcomm/sock.c | 6 | ||||
| -rw-r--r-- | net/bluetooth/smp.c | 3 |
4 files changed, 14 insertions, 1 deletions
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c index 0cef67707838..4af3821df880 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c | |||
| @@ -2439,6 +2439,9 @@ int l2cap_chan_send(struct l2cap_chan *chan, struct msghdr *msg, size_t len, | |||
| 2439 | int err; | 2439 | int err; |
| 2440 | struct sk_buff_head seg_queue; | 2440 | struct sk_buff_head seg_queue; |
| 2441 | 2441 | ||
| 2442 | if (!chan->conn) | ||
| 2443 | return -ENOTCONN; | ||
| 2444 | |||
| 2442 | /* Connectionless channel */ | 2445 | /* Connectionless channel */ |
| 2443 | if (chan->chan_type == L2CAP_CHAN_CONN_LESS) { | 2446 | if (chan->chan_type == L2CAP_CHAN_CONN_LESS) { |
| 2444 | skb = l2cap_create_connless_pdu(chan, msg, len, priority); | 2447 | skb = l2cap_create_connless_pdu(chan, msg, len, priority); |
diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c index 94d06cbfbc18..facd8a79c038 100644 --- a/net/bluetooth/rfcomm/core.c +++ b/net/bluetooth/rfcomm/core.c | |||
| @@ -694,6 +694,7 @@ static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, | |||
| 694 | addr.l2_family = AF_BLUETOOTH; | 694 | addr.l2_family = AF_BLUETOOTH; |
| 695 | addr.l2_psm = 0; | 695 | addr.l2_psm = 0; |
| 696 | addr.l2_cid = 0; | 696 | addr.l2_cid = 0; |
| 697 | addr.l2_bdaddr_type = BDADDR_BREDR; | ||
| 697 | *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr)); | 698 | *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr)); |
| 698 | if (*err < 0) | 699 | if (*err < 0) |
| 699 | goto failed; | 700 | goto failed; |
| @@ -719,6 +720,7 @@ static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, | |||
| 719 | addr.l2_family = AF_BLUETOOTH; | 720 | addr.l2_family = AF_BLUETOOTH; |
| 720 | addr.l2_psm = __constant_cpu_to_le16(RFCOMM_PSM); | 721 | addr.l2_psm = __constant_cpu_to_le16(RFCOMM_PSM); |
| 721 | addr.l2_cid = 0; | 722 | addr.l2_cid = 0; |
| 723 | addr.l2_bdaddr_type = BDADDR_BREDR; | ||
| 722 | *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK); | 724 | *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK); |
| 723 | if (*err == 0 || *err == -EINPROGRESS) | 725 | if (*err == 0 || *err == -EINPROGRESS) |
| 724 | return s; | 726 | return s; |
| @@ -1983,6 +1985,7 @@ static int rfcomm_add_listener(bdaddr_t *ba) | |||
| 1983 | addr.l2_family = AF_BLUETOOTH; | 1985 | addr.l2_family = AF_BLUETOOTH; |
| 1984 | addr.l2_psm = __constant_cpu_to_le16(RFCOMM_PSM); | 1986 | addr.l2_psm = __constant_cpu_to_le16(RFCOMM_PSM); |
| 1985 | addr.l2_cid = 0; | 1987 | addr.l2_cid = 0; |
| 1988 | addr.l2_bdaddr_type = BDADDR_BREDR; | ||
| 1986 | err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr)); | 1989 | err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr)); |
| 1987 | if (err < 0) { | 1990 | if (err < 0) { |
| 1988 | BT_ERR("Bind failed %d", err); | 1991 | BT_ERR("Bind failed %d", err); |
diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c index c80766f892c3..3c2d3e4aa2f5 100644 --- a/net/bluetooth/rfcomm/sock.c +++ b/net/bluetooth/rfcomm/sock.c | |||
| @@ -738,8 +738,9 @@ static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, c | |||
| 738 | static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) | 738 | static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) |
| 739 | { | 739 | { |
| 740 | struct sock *sk = sock->sk; | 740 | struct sock *sk = sock->sk; |
| 741 | struct sock *l2cap_sk; | ||
| 742 | struct l2cap_conn *conn; | ||
| 741 | struct rfcomm_conninfo cinfo; | 743 | struct rfcomm_conninfo cinfo; |
| 742 | struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn; | ||
| 743 | int len, err = 0; | 744 | int len, err = 0; |
| 744 | u32 opt; | 745 | u32 opt; |
| 745 | 746 | ||
| @@ -782,6 +783,9 @@ static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __u | |||
| 782 | break; | 783 | break; |
| 783 | } | 784 | } |
| 784 | 785 | ||
| 786 | l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk; | ||
| 787 | conn = l2cap_pi(l2cap_sk)->chan->conn; | ||
| 788 | |||
| 785 | memset(&cinfo, 0, sizeof(cinfo)); | 789 | memset(&cinfo, 0, sizeof(cinfo)); |
| 786 | cinfo.hci_handle = conn->hcon->handle; | 790 | cinfo.hci_handle = conn->hcon->handle; |
| 787 | memcpy(cinfo.dev_class, conn->hcon->dev_class, 3); | 791 | memcpy(cinfo.dev_class, conn->hcon->dev_class, 3); |
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c index 85a2796cac61..4b07acb8293c 100644 --- a/net/bluetooth/smp.c +++ b/net/bluetooth/smp.c | |||
| @@ -742,6 +742,9 @@ static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb) | |||
| 742 | 742 | ||
| 743 | BT_DBG("conn %p", conn); | 743 | BT_DBG("conn %p", conn); |
| 744 | 744 | ||
| 745 | if (!(conn->hcon->link_mode & HCI_LM_MASTER)) | ||
| 746 | return SMP_CMD_NOTSUPP; | ||
| 747 | |||
| 745 | hcon->pending_sec_level = authreq_to_seclevel(rp->auth_req); | 748 | hcon->pending_sec_level = authreq_to_seclevel(rp->auth_req); |
| 746 | 749 | ||
| 747 | if (smp_ltk_encrypt(conn, hcon->pending_sec_level)) | 750 | if (smp_ltk_encrypt(conn, hcon->pending_sec_level)) |