aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid S. Miller <davem@davemloft.net>2011-01-26 14:49:49 -0500
committerDavid S. Miller <davem@davemloft.net>2011-01-26 14:49:49 -0500
commit9b6941d8b103fe95d1a90b7996046be9ee0e55e4 (patch)
tree03c4e26abb8d6212741c3821061f2f40f2b5c8ec
parentde221bd5eb5e754806fcc39c40bb12b96515d9c5 (diff)
parentacd9f9cc305ca2e5da2a39f6f6160cd4b476e38b (diff)
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6
Diffstat
-rw-r--r--MAINTAINERS1
-rw-r--r--drivers/bluetooth/ath3k.c75
-rw-r--r--drivers/net/wireless/ath/ath9k/hw.c6
-rw-r--r--drivers/net/wireless/ath/ath9k/hw.h1
-rw-r--r--drivers/net/wireless/ath/ath9k/main.c8
-rw-r--r--drivers/net/wireless/ath/ath9k/xmit.c2
-rw-r--r--drivers/net/wireless/iwlwifi/iwl-4965.c1
-rw-r--r--drivers/net/wireless/iwlwifi/iwl-agn-eeprom.c11
-rw-r--r--drivers/net/wireless/rt2x00/rt73usb.c1
-rw-r--r--drivers/net/wireless/rtlwifi/pci.c11
-rw-r--r--include/net/bluetooth/hci_core.h1
-rw-r--r--net/bluetooth/hci_conn.c16
-rw-r--r--net/bluetooth/hci_core.c4
-rw-r--r--net/bluetooth/hci_event.c9
-rw-r--r--net/bluetooth/l2cap.c84
-rw-r--r--net/bluetooth/rfcomm/core.c3
-rw-r--r--net/mac80211/tx.c3
17 files changed, 105 insertions, 132 deletions
diff --git a/MAINTAINERS b/MAINTAINERS
index cf0f3a5c09cc..9d12977b6baf 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -3327,7 +3327,6 @@ F: drivers/net/wimax/i2400m/
3327F: include/linux/wimax/i2400m.h 3327F: include/linux/wimax/i2400m.h
3328 3328
3329INTEL WIRELESS WIFI LINK (iwlwifi) 3329INTEL WIRELESS WIFI LINK (iwlwifi)
3330M: Reinette Chatre <reinette.chatre@intel.com>
3331M: Wey-Yi Guy <wey-yi.w.guy@intel.com> 3330M: Wey-Yi Guy <wey-yi.w.guy@intel.com>
3332M: Intel Linux Wireless <ilw@linux.intel.com> 3331M: Intel Linux Wireless <ilw@linux.intel.com>
3333L: linux-wireless@vger.kernel.org 3332L: linux-wireless@vger.kernel.org
diff --git a/drivers/bluetooth/ath3k.c b/drivers/bluetooth/ath3k.c
index 949ed09c6361..a126e614601f 100644
--- a/drivers/bluetooth/ath3k.c
+++ b/drivers/bluetooth/ath3k.c
@@ -47,46 +47,40 @@ MODULE_DEVICE_TABLE(usb, ath3k_table);
47#define USB_REQ_DFU_DNLOAD 1 47#define USB_REQ_DFU_DNLOAD 1
48#define BULK_SIZE 4096 48#define BULK_SIZE 4096
49 49
50struct ath3k_data { 50static int ath3k_load_firmware(struct usb_device *udev,
51 struct usb_device *udev; 51 const struct firmware *firmware)
52 u8 *fw_data;
53 u32 fw_size;
54 u32 fw_sent;
55};
56
57static int ath3k_load_firmware(struct ath3k_data *data,
58 unsigned char *firmware,
59 int count)
60{ 52{
61 u8 *send_buf; 53 u8 *send_buf;
62 int err, pipe, len, size, sent = 0; 54 int err, pipe, len, size, sent = 0;
55 int count = firmware->size;
63 56
64 BT_DBG("ath3k %p udev %p", data, data->udev); 57 BT_DBG("udev %p", udev);
65 58
66 pipe = usb_sndctrlpipe(data->udev, 0); 59 pipe = usb_sndctrlpipe(udev, 0);
67 60
68 if ((usb_control_msg(data->udev, pipe, 61 send_buf = kmalloc(BULK_SIZE, GFP_ATOMIC);
62 if (!send_buf) {
63 BT_ERR("Can't allocate memory chunk for firmware");
64 return -ENOMEM;
65 }
66
67 memcpy(send_buf, firmware->data, 20);
68 if ((err = usb_control_msg(udev, pipe,
69 USB_REQ_DFU_DNLOAD, 69 USB_REQ_DFU_DNLOAD,
70 USB_TYPE_VENDOR, 0, 0, 70 USB_TYPE_VENDOR, 0, 0,
71 firmware, 20, USB_CTRL_SET_TIMEOUT)) < 0) { 71 send_buf, 20, USB_CTRL_SET_TIMEOUT)) < 0) {
72 BT_ERR("Can't change to loading configuration err"); 72 BT_ERR("Can't change to loading configuration err");
73 return -EBUSY; 73 goto error;
74 } 74 }
75 sent += 20; 75 sent += 20;
76 count -= 20; 76 count -= 20;
77 77
78 send_buf = kmalloc(BULK_SIZE, GFP_ATOMIC);
79 if (!send_buf) {
80 BT_ERR("Can't allocate memory chunk for firmware");
81 return -ENOMEM;
82 }
83
84 while (count) { 78 while (count) {
85 size = min_t(uint, count, BULK_SIZE); 79 size = min_t(uint, count, BULK_SIZE);
86 pipe = usb_sndbulkpipe(data->udev, 0x02); 80 pipe = usb_sndbulkpipe(udev, 0x02);
87 memcpy(send_buf, firmware + sent, size); 81 memcpy(send_buf, firmware->data + sent, size);
88 82
89 err = usb_bulk_msg(data->udev, pipe, send_buf, size, 83 err = usb_bulk_msg(udev, pipe, send_buf, size,
90 &len, 3000); 84 &len, 3000);
91 85
92 if (err || (len != size)) { 86 if (err || (len != size)) {
@@ -112,57 +106,28 @@ static int ath3k_probe(struct usb_interface *intf,
112{ 106{
113 const struct firmware *firmware; 107 const struct firmware *firmware;
114 struct usb_device *udev = interface_to_usbdev(intf); 108 struct usb_device *udev = interface_to_usbdev(intf);
115 struct ath3k_data *data;
116 int size;
117 109
118 BT_DBG("intf %p id %p", intf, id); 110 BT_DBG("intf %p id %p", intf, id);
119 111
120 if (intf->cur_altsetting->desc.bInterfaceNumber != 0) 112 if (intf->cur_altsetting->desc.bInterfaceNumber != 0)
121 return -ENODEV; 113 return -ENODEV;
122 114
123 data = kzalloc(sizeof(*data), GFP_KERNEL);
124 if (!data)
125 return -ENOMEM;
126
127 data->udev = udev;
128
129 if (request_firmware(&firmware, "ath3k-1.fw", &udev->dev) < 0) { 115 if (request_firmware(&firmware, "ath3k-1.fw", &udev->dev) < 0) {
130 kfree(data);
131 return -EIO; 116 return -EIO;
132 } 117 }
133 118
134 size = max_t(uint, firmware->size, 4096); 119 if (ath3k_load_firmware(udev, firmware)) {
135 data->fw_data = kmalloc(size, GFP_KERNEL);
136 if (!data->fw_data) {
137 release_firmware(firmware); 120 release_firmware(firmware);
138 kfree(data);
139 return -ENOMEM;
140 }
141
142 memcpy(data->fw_data, firmware->data, firmware->size);
143 data->fw_size = firmware->size;
144 data->fw_sent = 0;
145 release_firmware(firmware);
146
147 usb_set_intfdata(intf, data);
148 if (ath3k_load_firmware(data, data->fw_data, data->fw_size)) {
149 usb_set_intfdata(intf, NULL);
150 kfree(data->fw_data);
151 kfree(data);
152 return -EIO; 121 return -EIO;
153 } 122 }
123 release_firmware(firmware);
154 124
155 return 0; 125 return 0;
156} 126}
157 127
158static void ath3k_disconnect(struct usb_interface *intf) 128static void ath3k_disconnect(struct usb_interface *intf)
159{ 129{
160 struct ath3k_data *data = usb_get_intfdata(intf);
161
162 BT_DBG("ath3k_disconnect intf %p", intf); 130 BT_DBG("ath3k_disconnect intf %p", intf);
163
164 kfree(data->fw_data);
165 kfree(data);
166} 131}
167 132
168static struct usb_driver ath3k_driver = { 133static struct usb_driver ath3k_driver = {
diff --git a/drivers/net/wireless/ath/ath9k/hw.c b/drivers/net/wireless/ath/ath9k/hw.c
index 1afb8bb85756..9f01e50d5cda 100644
--- a/drivers/net/wireless/ath/ath9k/hw.c
+++ b/drivers/net/wireless/ath/ath9k/hw.c
@@ -369,6 +369,9 @@ static void ath9k_hw_init_config(struct ath_hw *ah)
369 else 369 else
370 ah->config.ht_enable = 0; 370 ah->config.ht_enable = 0;
371 371
372 /* PAPRD needs some more work to be enabled */
373 ah->config.paprd_disable = 1;
374
372 ah->config.rx_intr_mitigation = true; 375 ah->config.rx_intr_mitigation = true;
373 ah->config.pcieSerDesWrite = true; 376 ah->config.pcieSerDesWrite = true;
374 377
@@ -1933,7 +1936,8 @@ int ath9k_hw_fill_cap_info(struct ath_hw *ah)
1933 pCap->rx_status_len = sizeof(struct ar9003_rxs); 1936 pCap->rx_status_len = sizeof(struct ar9003_rxs);
1934 pCap->tx_desc_len = sizeof(struct ar9003_txc); 1937 pCap->tx_desc_len = sizeof(struct ar9003_txc);
1935 pCap->txs_len = sizeof(struct ar9003_txs); 1938 pCap->txs_len = sizeof(struct ar9003_txs);
1936 if (ah->eep_ops->get_eeprom(ah, EEP_PAPRD)) 1939 if (!ah->config.paprd_disable &&
1940 ah->eep_ops->get_eeprom(ah, EEP_PAPRD))
1937 pCap->hw_caps |= ATH9K_HW_CAP_PAPRD; 1941 pCap->hw_caps |= ATH9K_HW_CAP_PAPRD;
1938 } else { 1942 } else {
1939 pCap->tx_desc_len = sizeof(struct ath_desc); 1943 pCap->tx_desc_len = sizeof(struct ath_desc);
diff --git a/drivers/net/wireless/ath/ath9k/hw.h b/drivers/net/wireless/ath/ath9k/hw.h
index 5a3dfec45e96..ea9fde670646 100644
--- a/drivers/net/wireless/ath/ath9k/hw.h
+++ b/drivers/net/wireless/ath/ath9k/hw.h
@@ -225,6 +225,7 @@ struct ath9k_ops_config {
225 u32 pcie_waen; 225 u32 pcie_waen;
226 u8 analog_shiftreg; 226 u8 analog_shiftreg;
227 u8 ht_enable; 227 u8 ht_enable;
228 u8 paprd_disable;
228 u32 ofdm_trig_low; 229 u32 ofdm_trig_low;
229 u32 ofdm_trig_high; 230 u32 ofdm_trig_high;
230 u32 cck_trig_high; 231 u32 cck_trig_high;
diff --git a/drivers/net/wireless/ath/ath9k/main.c b/drivers/net/wireless/ath/ath9k/main.c
index f90a6ca94a76..c79c97be6cd4 100644
--- a/drivers/net/wireless/ath/ath9k/main.c
+++ b/drivers/net/wireless/ath/ath9k/main.c
@@ -592,14 +592,12 @@ void ath9k_tasklet(unsigned long data)
592 u32 status = sc->intrstatus; 592 u32 status = sc->intrstatus;
593 u32 rxmask; 593 u32 rxmask;
594 594
595 ath9k_ps_wakeup(sc);
596
597 if (status & ATH9K_INT_FATAL) { 595 if (status & ATH9K_INT_FATAL) {
598 ath_reset(sc, true); 596 ath_reset(sc, true);
599 ath9k_ps_restore(sc);
600 return; 597 return;
601 } 598 }
602 599
600 ath9k_ps_wakeup(sc);
603 spin_lock(&sc->sc_pcu_lock); 601 spin_lock(&sc->sc_pcu_lock);
604 602
605 if (!ath9k_hw_check_alive(ah)) 603 if (!ath9k_hw_check_alive(ah))
@@ -969,6 +967,7 @@ int ath_reset(struct ath_softc *sc, bool retry_tx)
969 /* Stop ANI */ 967 /* Stop ANI */
970 del_timer_sync(&common->ani.timer); 968 del_timer_sync(&common->ani.timer);
971 969
970 ath9k_ps_wakeup(sc);
972 spin_lock_bh(&sc->sc_pcu_lock); 971 spin_lock_bh(&sc->sc_pcu_lock);
973 972
974 ieee80211_stop_queues(hw); 973 ieee80211_stop_queues(hw);
@@ -1015,6 +1014,7 @@ int ath_reset(struct ath_softc *sc, bool retry_tx)
1015 1014
1016 /* Start ANI */ 1015 /* Start ANI */
1017 ath_start_ani(common); 1016 ath_start_ani(common);
1017 ath9k_ps_restore(sc);
1018 1018
1019 return r; 1019 return r;
1020} 1020}
@@ -1701,7 +1701,9 @@ static int ath9k_config(struct ieee80211_hw *hw, u32 changed)
1701skip_chan_change: 1701skip_chan_change:
1702 if (changed & IEEE80211_CONF_CHANGE_POWER) { 1702 if (changed & IEEE80211_CONF_CHANGE_POWER) {
1703 sc->config.txpowlimit = 2 * conf->power_level; 1703 sc->config.txpowlimit = 2 * conf->power_level;
1704 ath9k_ps_wakeup(sc);
1704 ath_update_txpow(sc); 1705 ath_update_txpow(sc);
1706 ath9k_ps_restore(sc);
1705 } 1707 }
1706 1708
1707 spin_lock_bh(&sc->wiphy_lock); 1709 spin_lock_bh(&sc->wiphy_lock);
diff --git a/drivers/net/wireless/ath/ath9k/xmit.c b/drivers/net/wireless/ath/ath9k/xmit.c
index 332d1feb5c18..33a37edbaf79 100644
--- a/drivers/net/wireless/ath/ath9k/xmit.c
+++ b/drivers/net/wireless/ath/ath9k/xmit.c
@@ -2113,9 +2113,7 @@ static void ath_tx_complete_poll_work(struct work_struct *work)
2113 if (needreset) { 2113 if (needreset) {
2114 ath_dbg(ath9k_hw_common(sc->sc_ah), ATH_DBG_RESET, 2114 ath_dbg(ath9k_hw_common(sc->sc_ah), ATH_DBG_RESET,
2115 "tx hung, resetting the chip\n"); 2115 "tx hung, resetting the chip\n");
2116 ath9k_ps_wakeup(sc);
2117 ath_reset(sc, true); 2116 ath_reset(sc, true);
2118 ath9k_ps_restore(sc);
2119 } 2117 }
2120 2118
2121 ieee80211_queue_delayed_work(sc->hw, &sc->tx_complete_work, 2119 ieee80211_queue_delayed_work(sc->hw, &sc->tx_complete_work,
diff --git a/drivers/net/wireless/iwlwifi/iwl-4965.c b/drivers/net/wireless/iwlwifi/iwl-4965.c
index 3f1e5f1bf847..91a9f5253469 100644
--- a/drivers/net/wireless/iwlwifi/iwl-4965.c
+++ b/drivers/net/wireless/iwlwifi/iwl-4965.c
@@ -2624,6 +2624,7 @@ struct iwl_cfg iwl4965_agn_cfg = {
2624 .fw_name_pre = IWL4965_FW_PRE, 2624 .fw_name_pre = IWL4965_FW_PRE,
2625 .ucode_api_max = IWL4965_UCODE_API_MAX, 2625 .ucode_api_max = IWL4965_UCODE_API_MAX,
2626 .ucode_api_min = IWL4965_UCODE_API_MIN, 2626 .ucode_api_min = IWL4965_UCODE_API_MIN,
2627 .sku = IWL_SKU_A|IWL_SKU_G|IWL_SKU_N,
2627 .valid_tx_ant = ANT_AB, 2628 .valid_tx_ant = ANT_AB,
2628 .valid_rx_ant = ANT_ABC, 2629 .valid_rx_ant = ANT_ABC,
2629 .eeprom_ver = EEPROM_4965_EEPROM_VERSION, 2630 .eeprom_ver = EEPROM_4965_EEPROM_VERSION,
diff --git a/drivers/net/wireless/iwlwifi/iwl-agn-eeprom.c b/drivers/net/wireless/iwlwifi/iwl-agn-eeprom.c
index 14ceb4df72f6..27b5a3eec9dc 100644
--- a/drivers/net/wireless/iwlwifi/iwl-agn-eeprom.c
+++ b/drivers/net/wireless/iwlwifi/iwl-agn-eeprom.c
@@ -152,11 +152,14 @@ int iwl_eeprom_check_sku(struct iwl_priv *priv)
152 152
153 eeprom_sku = iwl_eeprom_query16(priv, EEPROM_SKU_CAP); 153 eeprom_sku = iwl_eeprom_query16(priv, EEPROM_SKU_CAP);
154 154
155 priv->cfg->sku = ((eeprom_sku & EEPROM_SKU_CAP_BAND_SELECTION) >> 155 if (!priv->cfg->sku) {
156 /* not using sku overwrite */
157 priv->cfg->sku =
158 ((eeprom_sku & EEPROM_SKU_CAP_BAND_SELECTION) >>
156 EEPROM_SKU_CAP_BAND_POS); 159 EEPROM_SKU_CAP_BAND_POS);
157 if (eeprom_sku & EEPROM_SKU_CAP_11N_ENABLE) 160 if (eeprom_sku & EEPROM_SKU_CAP_11N_ENABLE)
158 priv->cfg->sku |= IWL_SKU_N; 161 priv->cfg->sku |= IWL_SKU_N;
159 162 }
160 if (!priv->cfg->sku) { 163 if (!priv->cfg->sku) {
161 IWL_ERR(priv, "Invalid device sku\n"); 164 IWL_ERR(priv, "Invalid device sku\n");
162 return -EINVAL; 165 return -EINVAL;
diff --git a/drivers/net/wireless/rt2x00/rt73usb.c b/drivers/net/wireless/rt2x00/rt73usb.c
index 0b4e8590cbb7..029be3c6c030 100644
--- a/drivers/net/wireless/rt2x00/rt73usb.c
+++ b/drivers/net/wireless/rt2x00/rt73usb.c
@@ -2446,6 +2446,7 @@ static struct usb_device_id rt73usb_device_table[] = {
2446 { USB_DEVICE(0x04bb, 0x093d), USB_DEVICE_DATA(&rt73usb_ops) }, 2446 { USB_DEVICE(0x04bb, 0x093d), USB_DEVICE_DATA(&rt73usb_ops) },
2447 { USB_DEVICE(0x148f, 0x2573), USB_DEVICE_DATA(&rt73usb_ops) }, 2447 { USB_DEVICE(0x148f, 0x2573), USB_DEVICE_DATA(&rt73usb_ops) },
2448 { USB_DEVICE(0x148f, 0x2671), USB_DEVICE_DATA(&rt73usb_ops) }, 2448 { USB_DEVICE(0x148f, 0x2671), USB_DEVICE_DATA(&rt73usb_ops) },
2449 { USB_DEVICE(0x0812, 0x3101), USB_DEVICE_DATA(&rt73usb_ops) },
2449 /* Qcom */ 2450 /* Qcom */
2450 { USB_DEVICE(0x18e8, 0x6196), USB_DEVICE_DATA(&rt73usb_ops) }, 2451 { USB_DEVICE(0x18e8, 0x6196), USB_DEVICE_DATA(&rt73usb_ops) },
2451 { USB_DEVICE(0x18e8, 0x6229), USB_DEVICE_DATA(&rt73usb_ops) }, 2452 { USB_DEVICE(0x18e8, 0x6229), USB_DEVICE_DATA(&rt73usb_ops) },
diff --git a/drivers/net/wireless/rtlwifi/pci.c b/drivers/net/wireless/rtlwifi/pci.c
index 0fa36aa6701a..1758d4463247 100644
--- a/drivers/net/wireless/rtlwifi/pci.c
+++ b/drivers/net/wireless/rtlwifi/pci.c
@@ -619,6 +619,13 @@ static void _rtl_pci_rx_interrupt(struct ieee80211_hw *hw)
619 struct sk_buff *uskb = NULL; 619 struct sk_buff *uskb = NULL;
620 u8 *pdata; 620 u8 *pdata;
621 uskb = dev_alloc_skb(skb->len + 128); 621 uskb = dev_alloc_skb(skb->len + 128);
622 if (!uskb) {
623 RT_TRACE(rtlpriv,
624 (COMP_INTR | COMP_RECV),
625 DBG_EMERG,
626 ("can't alloc rx skb\n"));
627 goto done;
628 }
622 memcpy(IEEE80211_SKB_RXCB(uskb), 629 memcpy(IEEE80211_SKB_RXCB(uskb),
623 &rx_status, 630 &rx_status,
624 sizeof(rx_status)); 631 sizeof(rx_status));
@@ -641,7 +648,7 @@ static void _rtl_pci_rx_interrupt(struct ieee80211_hw *hw)
641 new_skb = dev_alloc_skb(rtlpci->rxbuffersize); 648 new_skb = dev_alloc_skb(rtlpci->rxbuffersize);
642 if (unlikely(!new_skb)) { 649 if (unlikely(!new_skb)) {
643 RT_TRACE(rtlpriv, (COMP_INTR | COMP_RECV), 650 RT_TRACE(rtlpriv, (COMP_INTR | COMP_RECV),
644 DBG_DMESG, 651 DBG_EMERG,
645 ("can't alloc skb for rx\n")); 652 ("can't alloc skb for rx\n"));
646 goto done; 653 goto done;
647 } 654 }
@@ -1066,9 +1073,9 @@ static int _rtl_pci_init_rx_ring(struct ieee80211_hw *hw)
1066 struct sk_buff *skb = 1073 struct sk_buff *skb =
1067 dev_alloc_skb(rtlpci->rxbuffersize); 1074 dev_alloc_skb(rtlpci->rxbuffersize);
1068 u32 bufferaddress; 1075 u32 bufferaddress;
1069 entry = &rtlpci->rx_ring[rx_queue_idx].desc[i];
1070 if (!skb) 1076 if (!skb)
1071 return 0; 1077 return 0;
1078 entry = &rtlpci->rx_ring[rx_queue_idx].desc[i];
1072 1079
1073 /*skb->dev = dev; */ 1080 /*skb->dev = dev; */
1074 1081
diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h
index a29feb01854e..d2cf88407690 100644
--- a/include/net/bluetooth/hci_core.h
+++ b/include/net/bluetooth/hci_core.h
@@ -184,6 +184,7 @@ struct hci_conn {
184 __u32 link_mode; 184 __u32 link_mode;
185 __u8 auth_type; 185 __u8 auth_type;
186 __u8 sec_level; 186 __u8 sec_level;
187 __u8 pending_sec_level;
187 __u8 power_save; 188 __u8 power_save;
188 __u16 disc_timeout; 189 __u16 disc_timeout;
189 unsigned long pend; 190 unsigned long pend;
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index 6b90a4191734..99cd8d9d891b 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -379,14 +379,10 @@ struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, __u8
379 hci_conn_hold(acl); 379 hci_conn_hold(acl);
380 380
381 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) { 381 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) {
382 acl->sec_level = sec_level; 382 acl->sec_level = BT_SECURITY_LOW;
383 acl->pending_sec_level = sec_level;
383 acl->auth_type = auth_type; 384 acl->auth_type = auth_type;
384 hci_acl_connect(acl); 385 hci_acl_connect(acl);
385 } else {
386 if (acl->sec_level < sec_level)
387 acl->sec_level = sec_level;
388 if (acl->auth_type < auth_type)
389 acl->auth_type = auth_type;
390 } 386 }
391 387
392 if (type == ACL_LINK) 388 if (type == ACL_LINK)
@@ -442,11 +438,17 @@ static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
442{ 438{
443 BT_DBG("conn %p", conn); 439 BT_DBG("conn %p", conn);
444 440
441 if (conn->pending_sec_level > sec_level)
442 sec_level = conn->pending_sec_level;
443
445 if (sec_level > conn->sec_level) 444 if (sec_level > conn->sec_level)
446 conn->sec_level = sec_level; 445 conn->pending_sec_level = sec_level;
447 else if (conn->link_mode & HCI_LM_AUTH) 446 else if (conn->link_mode & HCI_LM_AUTH)
448 return 1; 447 return 1;
449 448
449 /* Make sure we preserve an existing MITM requirement*/
450 auth_type |= (conn->auth_type & 0x01);
451
450 conn->auth_type = auth_type; 452 conn->auth_type = auth_type;
451 453
452 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) { 454 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index 8b602d881fd7..9c4541bc488a 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -1011,6 +1011,10 @@ int hci_unregister_dev(struct hci_dev *hdev)
1011 1011
1012 destroy_workqueue(hdev->workqueue); 1012 destroy_workqueue(hdev->workqueue);
1013 1013
1014 hci_dev_lock_bh(hdev);
1015 hci_blacklist_clear(hdev);
1016 hci_dev_unlock_bh(hdev);
1017
1014 __hci_dev_put(hdev); 1018 __hci_dev_put(hdev);
1015 1019
1016 return 0; 1020 return 0;
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 38100170d380..a290854fdaa6 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -692,13 +692,13 @@ static int hci_outgoing_auth_needed(struct hci_dev *hdev,
692 if (conn->state != BT_CONFIG || !conn->out) 692 if (conn->state != BT_CONFIG || !conn->out)
693 return 0; 693 return 0;
694 694
695 if (conn->sec_level == BT_SECURITY_SDP) 695 if (conn->pending_sec_level == BT_SECURITY_SDP)
696 return 0; 696 return 0;
697 697
698 /* Only request authentication for SSP connections or non-SSP 698 /* Only request authentication for SSP connections or non-SSP
699 * devices with sec_level HIGH */ 699 * devices with sec_level HIGH */
700 if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) && 700 if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) &&
701 conn->sec_level != BT_SECURITY_HIGH) 701 conn->pending_sec_level != BT_SECURITY_HIGH)
702 return 0; 702 return 0;
703 703
704 return 1; 704 return 1;
@@ -1095,9 +1095,10 @@ static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *s
1095 1095
1096 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1096 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1097 if (conn) { 1097 if (conn) {
1098 if (!ev->status) 1098 if (!ev->status) {
1099 conn->link_mode |= HCI_LM_AUTH; 1099 conn->link_mode |= HCI_LM_AUTH;
1100 else 1100 conn->sec_level = conn->pending_sec_level;
1101 } else
1101 conn->sec_level = BT_SECURITY_LOW; 1102 conn->sec_level = BT_SECURITY_LOW;
1102 1103
1103 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend); 1104 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index c791fcda7b2d..7550abb0c96a 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -305,33 +305,44 @@ static void l2cap_chan_del(struct sock *sk, int err)
305 } 305 }
306} 306}
307 307
308/* Service level security */ 308static inline u8 l2cap_get_auth_type(struct sock *sk)
309static inline int l2cap_check_security(struct sock *sk)
310{ 309{
311 struct l2cap_conn *conn = l2cap_pi(sk)->conn; 310 if (sk->sk_type == SOCK_RAW) {
312 __u8 auth_type; 311 switch (l2cap_pi(sk)->sec_level) {
312 case BT_SECURITY_HIGH:
313 return HCI_AT_DEDICATED_BONDING_MITM;
314 case BT_SECURITY_MEDIUM:
315 return HCI_AT_DEDICATED_BONDING;
316 default:
317 return HCI_AT_NO_BONDING;
318 }
319 } else if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {
320 if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW)
321 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
313 322
314 if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {
315 if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH) 323 if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
316 auth_type = HCI_AT_NO_BONDING_MITM; 324 return HCI_AT_NO_BONDING_MITM;
317 else 325 else
318 auth_type = HCI_AT_NO_BONDING; 326 return HCI_AT_NO_BONDING;
319
320 if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW)
321 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
322 } else { 327 } else {
323 switch (l2cap_pi(sk)->sec_level) { 328 switch (l2cap_pi(sk)->sec_level) {
324 case BT_SECURITY_HIGH: 329 case BT_SECURITY_HIGH:
325 auth_type = HCI_AT_GENERAL_BONDING_MITM; 330 return HCI_AT_GENERAL_BONDING_MITM;
326 break;
327 case BT_SECURITY_MEDIUM: 331 case BT_SECURITY_MEDIUM:
328 auth_type = HCI_AT_GENERAL_BONDING; 332 return HCI_AT_GENERAL_BONDING;
329 break;
330 default: 333 default:
331 auth_type = HCI_AT_NO_BONDING; 334 return HCI_AT_NO_BONDING;
332 break;
333 } 335 }
334 } 336 }
337}
338
339/* Service level security */
340static inline int l2cap_check_security(struct sock *sk)
341{
342 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
343 __u8 auth_type;
344
345 auth_type = l2cap_get_auth_type(sk);
335 346
336 return hci_conn_security(conn->hcon, l2cap_pi(sk)->sec_level, 347 return hci_conn_security(conn->hcon, l2cap_pi(sk)->sec_level,
337 auth_type); 348 auth_type);
@@ -1068,39 +1079,7 @@ static int l2cap_do_connect(struct sock *sk)
1068 1079
1069 err = -ENOMEM; 1080 err = -ENOMEM;
1070 1081
1071 if (sk->sk_type == SOCK_RAW) { 1082 auth_type = l2cap_get_auth_type(sk);
1072 switch (l2cap_pi(sk)->sec_level) {
1073 case BT_SECURITY_HIGH:
1074 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1075 break;
1076 case BT_SECURITY_MEDIUM:
1077 auth_type = HCI_AT_DEDICATED_BONDING;
1078 break;
1079 default:
1080 auth_type = HCI_AT_NO_BONDING;
1081 break;
1082 }
1083 } else if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {
1084 if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
1085 auth_type = HCI_AT_NO_BONDING_MITM;
1086 else
1087 auth_type = HCI_AT_NO_BONDING;
1088
1089 if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW)
1090 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
1091 } else {
1092 switch (l2cap_pi(sk)->sec_level) {
1093 case BT_SECURITY_HIGH:
1094 auth_type = HCI_AT_GENERAL_BONDING_MITM;
1095 break;
1096 case BT_SECURITY_MEDIUM:
1097 auth_type = HCI_AT_GENERAL_BONDING;
1098 break;
1099 default:
1100 auth_type = HCI_AT_NO_BONDING;
1101 break;
1102 }
1103 }
1104 1083
1105 hcon = hci_connect(hdev, ACL_LINK, dst, 1084 hcon = hci_connect(hdev, ACL_LINK, dst,
1106 l2cap_pi(sk)->sec_level, auth_type); 1085 l2cap_pi(sk)->sec_level, auth_type);
@@ -1127,7 +1106,8 @@ static int l2cap_do_connect(struct sock *sk)
1127 if (sk->sk_type != SOCK_SEQPACKET && 1106 if (sk->sk_type != SOCK_SEQPACKET &&
1128 sk->sk_type != SOCK_STREAM) { 1107 sk->sk_type != SOCK_STREAM) {
1129 l2cap_sock_clear_timer(sk); 1108 l2cap_sock_clear_timer(sk);
1130 sk->sk_state = BT_CONNECTED; 1109 if (l2cap_check_security(sk))
1110 sk->sk_state = BT_CONNECTED;
1131 } else 1111 } else
1132 l2cap_do_start(sk); 1112 l2cap_do_start(sk);
1133 } 1113 }
@@ -1893,8 +1873,8 @@ static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct ms
1893 if (pi->mode == L2CAP_MODE_STREAMING) { 1873 if (pi->mode == L2CAP_MODE_STREAMING) {
1894 l2cap_streaming_send(sk); 1874 l2cap_streaming_send(sk);
1895 } else { 1875 } else {
1896 if (pi->conn_state & L2CAP_CONN_REMOTE_BUSY && 1876 if ((pi->conn_state & L2CAP_CONN_REMOTE_BUSY) &&
1897 pi->conn_state && L2CAP_CONN_WAIT_F) { 1877 (pi->conn_state & L2CAP_CONN_WAIT_F)) {
1898 err = len; 1878 err = len;
1899 break; 1879 break;
1900 } 1880 }
diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c
index ff8aaa736650..6b83776534fb 100644
--- a/net/bluetooth/rfcomm/core.c
+++ b/net/bluetooth/rfcomm/core.c
@@ -1164,7 +1164,8 @@ static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1164 * initiator rfcomm_process_rx already calls 1164 * initiator rfcomm_process_rx already calls
1165 * rfcomm_session_put() */ 1165 * rfcomm_session_put() */
1166 if (s->sock->sk->sk_state != BT_CLOSED) 1166 if (s->sock->sk->sk_state != BT_CLOSED)
1167 rfcomm_session_put(s); 1167 if (list_empty(&s->dlcs))
1168 rfcomm_session_put(s);
1168 break; 1169 break;
1169 } 1170 }
1170 } 1171 }
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index 5950e3abead9..b64b42bc774b 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -2230,6 +2230,9 @@ struct sk_buff *ieee80211_beacon_get_tim(struct ieee80211_hw *hw,
2230 2230
2231 sdata = vif_to_sdata(vif); 2231 sdata = vif_to_sdata(vif);
2232 2232
2233 if (!ieee80211_sdata_running(sdata))
2234 goto out;
2235
2233 if (tim_offset) 2236 if (tim_offset)
2234 *tim_offset = 0; 2237 *tim_offset = 0;
2235 if (tim_length) 2238 if (tim_length)
generated by cgit v1.2.2 (git 2.25.0) at 2025-01-22 07:45:52 -0500