aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorJohn W. Linville <linville@tuxdriver.com>2012-07-20 12:30:48 -0400
committerJohn W. Linville <linville@tuxdriver.com>2012-07-20 12:30:48 -0400
commit90b90f60c4f8e3a8525dfeb4aec46a9c7a29c857 (patch)
tree9b1d8ca6084012a02b302520bc26e5be65ba7b2a /net
parent769162e38b91e1d300752e666260fa6c7b203fbc (diff)
parent36eb22e97a2b621fb707eead58ef915ab0f46e9e (diff)
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next into for-davem
Diffstat (limited to 'net')
-rw-r--r--net/bluetooth/a2mp.c4
-rw-r--r--net/bluetooth/hci_conn.c47
-rw-r--r--net/bluetooth/hci_core.c77
-rw-r--r--net/bluetooth/hci_event.c170
-rw-r--r--net/bluetooth/l2cap_core.c151
-rw-r--r--net/bluetooth/mgmt.c60
-rw-r--r--net/mac80211/agg-tx.c3
-rw-r--r--net/mac80211/cfg.c62
-rw-r--r--net/mac80211/debugfs.c2
-rw-r--r--net/mac80211/ieee80211_i.h24
-rw-r--r--net/mac80211/iface.c60
-rw-r--r--net/mac80211/key.c20
-rw-r--r--net/mac80211/main.c3
-rw-r--r--net/mac80211/mlme.c62
-rw-r--r--net/mac80211/offchannel.c12
-rw-r--r--net/mac80211/rc80211_minstrel_ht.c8
-rw-r--r--net/mac80211/rx.c49
-rw-r--r--net/mac80211/scan.c116
-rw-r--r--net/mac80211/status.c9
-rw-r--r--net/mac80211/trace.h6
-rw-r--r--net/mac80211/tx.c30
-rw-r--r--net/mac80211/util.c11
-rw-r--r--net/nfc/hci/core.c20
-rw-r--r--net/nfc/hci/hcp.c2
-rw-r--r--net/nfc/nci/core.c3
-rw-r--r--net/wireless/Kconfig21
-rw-r--r--net/wireless/chan.c24
-rw-r--r--net/wireless/core.c79
-rw-r--r--net/wireless/core.h14
-rw-r--r--net/wireless/mlme.c47
-rw-r--r--net/wireless/nl80211.c537
-rw-r--r--net/wireless/nl80211.h21
-rw-r--r--net/wireless/reg.c132
-rw-r--r--net/wireless/reg.h8
-rw-r--r--net/wireless/scan.c24
-rw-r--r--net/wireless/sme.c10
-rw-r--r--net/wireless/util.c17
-rw-r--r--net/wireless/wext-compat.c9
38 files changed, 1184 insertions, 770 deletions
diff --git a/net/bluetooth/a2mp.c b/net/bluetooth/a2mp.c
index fb93250b393..4ff0bf3ba9a 100644
--- a/net/bluetooth/a2mp.c
+++ b/net/bluetooth/a2mp.c
@@ -501,7 +501,7 @@ static struct l2cap_chan *a2mp_chan_open(struct l2cap_conn *conn)
501/* AMP Manager functions */ 501/* AMP Manager functions */
502void amp_mgr_get(struct amp_mgr *mgr) 502void amp_mgr_get(struct amp_mgr *mgr)
503{ 503{
504 BT_DBG("mgr %p", mgr); 504 BT_DBG("mgr %p orig refcnt %d", mgr, atomic_read(&mgr->kref.refcount));
505 505
506 kref_get(&mgr->kref); 506 kref_get(&mgr->kref);
507} 507}
@@ -517,7 +517,7 @@ static void amp_mgr_destroy(struct kref *kref)
517 517
518int amp_mgr_put(struct amp_mgr *mgr) 518int amp_mgr_put(struct amp_mgr *mgr)
519{ 519{
520 BT_DBG("mgr %p", mgr); 520 BT_DBG("mgr %p orig refcnt %d", mgr, atomic_read(&mgr->kref.refcount));
521 521
522 return kref_put(&mgr->kref, &amp_mgr_destroy); 522 return kref_put(&mgr->kref, &amp_mgr_destroy);
523} 523}
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index 2fcced377e5..5ad7da21747 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -107,7 +107,7 @@ static void hci_acl_connect_cancel(struct hci_conn *conn)
107{ 107{
108 struct hci_cp_create_conn_cancel cp; 108 struct hci_cp_create_conn_cancel cp;
109 109
110 BT_DBG("%p", conn); 110 BT_DBG("hcon %p", conn);
111 111
112 if (conn->hdev->hci_ver < BLUETOOTH_VER_1_2) 112 if (conn->hdev->hci_ver < BLUETOOTH_VER_1_2)
113 return; 113 return;
@@ -120,7 +120,7 @@ void hci_acl_disconn(struct hci_conn *conn, __u8 reason)
120{ 120{
121 struct hci_cp_disconnect cp; 121 struct hci_cp_disconnect cp;
122 122
123 BT_DBG("%p", conn); 123 BT_DBG("hcon %p", conn);
124 124
125 conn->state = BT_DISCONN; 125 conn->state = BT_DISCONN;
126 126
@@ -134,7 +134,7 @@ void hci_add_sco(struct hci_conn *conn, __u16 handle)
134 struct hci_dev *hdev = conn->hdev; 134 struct hci_dev *hdev = conn->hdev;
135 struct hci_cp_add_sco cp; 135 struct hci_cp_add_sco cp;
136 136
137 BT_DBG("%p", conn); 137 BT_DBG("hcon %p", conn);
138 138
139 conn->state = BT_CONNECT; 139 conn->state = BT_CONNECT;
140 conn->out = true; 140 conn->out = true;
@@ -152,7 +152,7 @@ void hci_setup_sync(struct hci_conn *conn, __u16 handle)
152 struct hci_dev *hdev = conn->hdev; 152 struct hci_dev *hdev = conn->hdev;
153 struct hci_cp_setup_sync_conn cp; 153 struct hci_cp_setup_sync_conn cp;
154 154
155 BT_DBG("%p", conn); 155 BT_DBG("hcon %p", conn);
156 156
157 conn->state = BT_CONNECT; 157 conn->state = BT_CONNECT;
158 conn->out = true; 158 conn->out = true;
@@ -196,7 +196,7 @@ void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __u8 rand[8],
196 struct hci_dev *hdev = conn->hdev; 196 struct hci_dev *hdev = conn->hdev;
197 struct hci_cp_le_start_enc cp; 197 struct hci_cp_le_start_enc cp;
198 198
199 BT_DBG("%p", conn); 199 BT_DBG("hcon %p", conn);
200 200
201 memset(&cp, 0, sizeof(cp)); 201 memset(&cp, 0, sizeof(cp));
202 202
@@ -213,11 +213,11 @@ void hci_sco_setup(struct hci_conn *conn, __u8 status)
213{ 213{
214 struct hci_conn *sco = conn->link; 214 struct hci_conn *sco = conn->link;
215 215
216 BT_DBG("%p", conn);
217
218 if (!sco) 216 if (!sco)
219 return; 217 return;
220 218
219 BT_DBG("hcon %p", conn);
220
221 if (!status) { 221 if (!status) {
222 if (lmp_esco_capable(conn->hdev)) 222 if (lmp_esco_capable(conn->hdev))
223 hci_setup_sync(sco, conn->handle); 223 hci_setup_sync(sco, conn->handle);
@@ -235,7 +235,7 @@ static void hci_conn_timeout(struct work_struct *work)
235 disc_work.work); 235 disc_work.work);
236 __u8 reason; 236 __u8 reason;
237 237
238 BT_DBG("conn %p state %s", conn, state_to_string(conn->state)); 238 BT_DBG("hcon %p state %s", conn, state_to_string(conn->state));
239 239
240 if (atomic_read(&conn->refcnt)) 240 if (atomic_read(&conn->refcnt))
241 return; 241 return;
@@ -266,7 +266,7 @@ static void hci_conn_enter_sniff_mode(struct hci_conn *conn)
266{ 266{
267 struct hci_dev *hdev = conn->hdev; 267 struct hci_dev *hdev = conn->hdev;
268 268
269 BT_DBG("conn %p mode %d", conn, conn->mode); 269 BT_DBG("hcon %p mode %d", conn, conn->mode);
270 270
271 if (test_bit(HCI_RAW, &hdev->flags)) 271 if (test_bit(HCI_RAW, &hdev->flags))
272 return; 272 return;
@@ -301,7 +301,7 @@ static void hci_conn_idle(unsigned long arg)
301{ 301{
302 struct hci_conn *conn = (void *) arg; 302 struct hci_conn *conn = (void *) arg;
303 303
304 BT_DBG("conn %p mode %d", conn, conn->mode); 304 BT_DBG("hcon %p mode %d", conn, conn->mode);
305 305
306 hci_conn_enter_sniff_mode(conn); 306 hci_conn_enter_sniff_mode(conn);
307} 307}
@@ -382,7 +382,7 @@ int hci_conn_del(struct hci_conn *conn)
382{ 382{
383 struct hci_dev *hdev = conn->hdev; 383 struct hci_dev *hdev = conn->hdev;
384 384
385 BT_DBG("%s conn %p handle %d", hdev->name, conn, conn->handle); 385 BT_DBG("%s hcon %p handle %d", hdev->name, conn, conn->handle);
386 386
387 del_timer(&conn->idle_timer); 387 del_timer(&conn->idle_timer);
388 388
@@ -442,7 +442,8 @@ struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
442 442
443 list_for_each_entry(d, &hci_dev_list, list) { 443 list_for_each_entry(d, &hci_dev_list, list) {
444 if (!test_bit(HCI_UP, &d->flags) || 444 if (!test_bit(HCI_UP, &d->flags) ||
445 test_bit(HCI_RAW, &d->flags)) 445 test_bit(HCI_RAW, &d->flags) ||
446 d->dev_type != HCI_BREDR)
446 continue; 447 continue;
447 448
448 /* Simple routing: 449 /* Simple routing:
@@ -557,7 +558,7 @@ struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst,
557/* Check link security requirement */ 558/* Check link security requirement */
558int hci_conn_check_link_mode(struct hci_conn *conn) 559int hci_conn_check_link_mode(struct hci_conn *conn)
559{ 560{
560 BT_DBG("conn %p", conn); 561 BT_DBG("hcon %p", conn);
561 562
562 if (hci_conn_ssp_enabled(conn) && !(conn->link_mode & HCI_LM_ENCRYPT)) 563 if (hci_conn_ssp_enabled(conn) && !(conn->link_mode & HCI_LM_ENCRYPT))
563 return 0; 564 return 0;
@@ -568,7 +569,7 @@ int hci_conn_check_link_mode(struct hci_conn *conn)
568/* Authenticate remote device */ 569/* Authenticate remote device */
569static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type) 570static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
570{ 571{
571 BT_DBG("conn %p", conn); 572 BT_DBG("hcon %p", conn);
572 573
573 if (conn->pending_sec_level > sec_level) 574 if (conn->pending_sec_level > sec_level)
574 sec_level = conn->pending_sec_level; 575 sec_level = conn->pending_sec_level;
@@ -602,7 +603,7 @@ static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
602/* Encrypt the the link */ 603/* Encrypt the the link */
603static void hci_conn_encrypt(struct hci_conn *conn) 604static void hci_conn_encrypt(struct hci_conn *conn)
604{ 605{
605 BT_DBG("conn %p", conn); 606 BT_DBG("hcon %p", conn);
606 607
607 if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) { 608 if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
608 struct hci_cp_set_conn_encrypt cp; 609 struct hci_cp_set_conn_encrypt cp;
@@ -616,7 +617,7 @@ static void hci_conn_encrypt(struct hci_conn *conn)
616/* Enable security */ 617/* Enable security */
617int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type) 618int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
618{ 619{
619 BT_DBG("conn %p", conn); 620 BT_DBG("hcon %p", conn);
620 621
621 /* For sdp we don't need the link key. */ 622 /* For sdp we don't need the link key. */
622 if (sec_level == BT_SECURITY_SDP) 623 if (sec_level == BT_SECURITY_SDP)
@@ -669,7 +670,7 @@ EXPORT_SYMBOL(hci_conn_security);
669/* Check secure link requirement */ 670/* Check secure link requirement */
670int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level) 671int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level)
671{ 672{
672 BT_DBG("conn %p", conn); 673 BT_DBG("hcon %p", conn);
673 674
674 if (sec_level != BT_SECURITY_HIGH) 675 if (sec_level != BT_SECURITY_HIGH)
675 return 1; /* Accept if non-secure is required */ 676 return 1; /* Accept if non-secure is required */
@@ -684,7 +685,7 @@ EXPORT_SYMBOL(hci_conn_check_secure);
684/* Change link key */ 685/* Change link key */
685int hci_conn_change_link_key(struct hci_conn *conn) 686int hci_conn_change_link_key(struct hci_conn *conn)
686{ 687{
687 BT_DBG("conn %p", conn); 688 BT_DBG("hcon %p", conn);
688 689
689 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) { 690 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
690 struct hci_cp_change_conn_link_key cp; 691 struct hci_cp_change_conn_link_key cp;
@@ -699,7 +700,7 @@ int hci_conn_change_link_key(struct hci_conn *conn)
699/* Switch role */ 700/* Switch role */
700int hci_conn_switch_role(struct hci_conn *conn, __u8 role) 701int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
701{ 702{
702 BT_DBG("conn %p", conn); 703 BT_DBG("hcon %p", conn);
703 704
704 if (!role && conn->link_mode & HCI_LM_MASTER) 705 if (!role && conn->link_mode & HCI_LM_MASTER)
705 return 1; 706 return 1;
@@ -720,7 +721,7 @@ void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active)
720{ 721{
721 struct hci_dev *hdev = conn->hdev; 722 struct hci_dev *hdev = conn->hdev;
722 723
723 BT_DBG("conn %p mode %d", conn, conn->mode); 724 BT_DBG("hcon %p mode %d", conn, conn->mode);
724 725
725 if (test_bit(HCI_RAW, &hdev->flags)) 726 if (test_bit(HCI_RAW, &hdev->flags))
726 return; 727 return;
@@ -894,7 +895,7 @@ struct hci_chan *hci_chan_create(struct hci_conn *conn)
894 struct hci_dev *hdev = conn->hdev; 895 struct hci_dev *hdev = conn->hdev;
895 struct hci_chan *chan; 896 struct hci_chan *chan;
896 897
897 BT_DBG("%s conn %p", hdev->name, conn); 898 BT_DBG("%s hcon %p", hdev->name, conn);
898 899
899 chan = kzalloc(sizeof(struct hci_chan), GFP_KERNEL); 900 chan = kzalloc(sizeof(struct hci_chan), GFP_KERNEL);
900 if (!chan) 901 if (!chan)
@@ -913,7 +914,7 @@ int hci_chan_del(struct hci_chan *chan)
913 struct hci_conn *conn = chan->conn; 914 struct hci_conn *conn = chan->conn;
914 struct hci_dev *hdev = conn->hdev; 915 struct hci_dev *hdev = conn->hdev;
915 916
916 BT_DBG("%s conn %p chan %p", hdev->name, conn, chan); 917 BT_DBG("%s hcon %p chan %p", hdev->name, conn, chan);
917 918
918 list_del_rcu(&chan->list); 919 list_del_rcu(&chan->list);
919 920
@@ -929,7 +930,7 @@ void hci_chan_list_flush(struct hci_conn *conn)
929{ 930{
930 struct hci_chan *chan, *n; 931 struct hci_chan *chan, *n;
931 932
932 BT_DBG("conn %p", conn); 933 BT_DBG("hcon %p", conn);
933 934
934 list_for_each_entry_safe(chan, n, &conn->chan_list, list) 935 list_for_each_entry_safe(chan, n, &conn->chan_list, list)
935 hci_chan_del(chan); 936 hci_chan_del(chan);
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index 08994ecc3b6..d4de5db18d5 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -33,8 +33,6 @@
33#include <net/bluetooth/bluetooth.h> 33#include <net/bluetooth/bluetooth.h>
34#include <net/bluetooth/hci_core.h> 34#include <net/bluetooth/hci_core.h>
35 35
36#define AUTO_OFF_TIMEOUT 2000
37
38static void hci_rx_work(struct work_struct *work); 36static void hci_rx_work(struct work_struct *work);
39static void hci_cmd_work(struct work_struct *work); 37static void hci_cmd_work(struct work_struct *work);
40static void hci_tx_work(struct work_struct *work); 38static void hci_tx_work(struct work_struct *work);
@@ -61,7 +59,7 @@ static void hci_notify(struct hci_dev *hdev, int event)
61 59
62void hci_req_complete(struct hci_dev *hdev, __u16 cmd, int result) 60void hci_req_complete(struct hci_dev *hdev, __u16 cmd, int result)
63{ 61{
64 BT_DBG("%s command 0x%04x result 0x%2.2x", hdev->name, cmd, result); 62 BT_DBG("%s command 0x%4.4x result 0x%2.2x", hdev->name, cmd, result);
65 63
66 /* If this is the init phase check if the completed command matches 64 /* If this is the init phase check if the completed command matches
67 * the last init command, and if not just return. 65 * the last init command, and if not just return.
@@ -188,12 +186,6 @@ static void bredr_init(struct hci_dev *hdev)
188 186
189 /* Mandatory initialization */ 187 /* Mandatory initialization */
190 188
191 /* Reset */
192 if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks)) {
193 set_bit(HCI_RESET, &hdev->flags);
194 hci_send_cmd(hdev, HCI_OP_RESET, 0, NULL);
195 }
196
197 /* Read Local Supported Features */ 189 /* Read Local Supported Features */
198 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_FEATURES, 0, NULL); 190 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
199 191
@@ -234,9 +226,6 @@ static void amp_init(struct hci_dev *hdev)
234{ 226{
235 hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_BLOCK_BASED; 227 hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_BLOCK_BASED;
236 228
237 /* Reset */
238 hci_send_cmd(hdev, HCI_OP_RESET, 0, NULL);
239
240 /* Read Local Version */ 229 /* Read Local Version */
241 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL); 230 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
242 231
@@ -262,6 +251,10 @@ static void hci_init_req(struct hci_dev *hdev, unsigned long opt)
262 } 251 }
263 skb_queue_purge(&hdev->driver_init); 252 skb_queue_purge(&hdev->driver_init);
264 253
254 /* Reset */
255 if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks))
256 hci_reset_req(hdev, 0);
257
265 switch (hdev->dev_type) { 258 switch (hdev->dev_type) {
266 case HCI_BREDR: 259 case HCI_BREDR:
267 bredr_init(hdev); 260 bredr_init(hdev);
@@ -690,12 +683,11 @@ int hci_dev_open(__u16 dev)
690 set_bit(HCI_INIT, &hdev->flags); 683 set_bit(HCI_INIT, &hdev->flags);
691 hdev->init_last_cmd = 0; 684 hdev->init_last_cmd = 0;
692 685
693 ret = __hci_request(hdev, hci_init_req, 0, 686 ret = __hci_request(hdev, hci_init_req, 0, HCI_INIT_TIMEOUT);
694 msecs_to_jiffies(HCI_INIT_TIMEOUT));
695 687
696 if (lmp_host_le_capable(hdev)) 688 if (lmp_host_le_capable(hdev))
697 ret = __hci_request(hdev, hci_le_init_req, 0, 689 ret = __hci_request(hdev, hci_le_init_req, 0,
698 msecs_to_jiffies(HCI_INIT_TIMEOUT)); 690 HCI_INIT_TIMEOUT);
699 691
700 clear_bit(HCI_INIT, &hdev->flags); 692 clear_bit(HCI_INIT, &hdev->flags);
701 } 693 }
@@ -782,8 +774,7 @@ static int hci_dev_do_close(struct hci_dev *hdev)
782 if (!test_bit(HCI_RAW, &hdev->flags) && 774 if (!test_bit(HCI_RAW, &hdev->flags) &&
783 test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks)) { 775 test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks)) {
784 set_bit(HCI_INIT, &hdev->flags); 776 set_bit(HCI_INIT, &hdev->flags);
785 __hci_request(hdev, hci_reset_req, 0, 777 __hci_request(hdev, hci_reset_req, 0, HCI_CMD_TIMEOUT);
786 msecs_to_jiffies(250));
787 clear_bit(HCI_INIT, &hdev->flags); 778 clear_bit(HCI_INIT, &hdev->flags);
788 } 779 }
789 780
@@ -872,8 +863,7 @@ int hci_dev_reset(__u16 dev)
872 hdev->acl_cnt = 0; hdev->sco_cnt = 0; hdev->le_cnt = 0; 863 hdev->acl_cnt = 0; hdev->sco_cnt = 0; hdev->le_cnt = 0;
873 864
874 if (!test_bit(HCI_RAW, &hdev->flags)) 865 if (!test_bit(HCI_RAW, &hdev->flags))
875 ret = __hci_request(hdev, hci_reset_req, 0, 866 ret = __hci_request(hdev, hci_reset_req, 0, HCI_INIT_TIMEOUT);
876 msecs_to_jiffies(HCI_INIT_TIMEOUT));
877 867
878done: 868done:
879 hci_req_unlock(hdev); 869 hci_req_unlock(hdev);
@@ -913,7 +903,7 @@ int hci_dev_cmd(unsigned int cmd, void __user *arg)
913 switch (cmd) { 903 switch (cmd) {
914 case HCISETAUTH: 904 case HCISETAUTH:
915 err = hci_request(hdev, hci_auth_req, dr.dev_opt, 905 err = hci_request(hdev, hci_auth_req, dr.dev_opt,
916 msecs_to_jiffies(HCI_INIT_TIMEOUT)); 906 HCI_INIT_TIMEOUT);
917 break; 907 break;
918 908
919 case HCISETENCRYPT: 909 case HCISETENCRYPT:
@@ -925,23 +915,23 @@ int hci_dev_cmd(unsigned int cmd, void __user *arg)
925 if (!test_bit(HCI_AUTH, &hdev->flags)) { 915 if (!test_bit(HCI_AUTH, &hdev->flags)) {
926 /* Auth must be enabled first */ 916 /* Auth must be enabled first */
927 err = hci_request(hdev, hci_auth_req, dr.dev_opt, 917 err = hci_request(hdev, hci_auth_req, dr.dev_opt,
928 msecs_to_jiffies(HCI_INIT_TIMEOUT)); 918 HCI_INIT_TIMEOUT);
929 if (err) 919 if (err)
930 break; 920 break;
931 } 921 }
932 922
933 err = hci_request(hdev, hci_encrypt_req, dr.dev_opt, 923 err = hci_request(hdev, hci_encrypt_req, dr.dev_opt,
934 msecs_to_jiffies(HCI_INIT_TIMEOUT)); 924 HCI_INIT_TIMEOUT);
935 break; 925 break;
936 926
937 case HCISETSCAN: 927 case HCISETSCAN:
938 err = hci_request(hdev, hci_scan_req, dr.dev_opt, 928 err = hci_request(hdev, hci_scan_req, dr.dev_opt,
939 msecs_to_jiffies(HCI_INIT_TIMEOUT)); 929 HCI_INIT_TIMEOUT);
940 break; 930 break;
941 931
942 case HCISETLINKPOL: 932 case HCISETLINKPOL:
943 err = hci_request(hdev, hci_linkpol_req, dr.dev_opt, 933 err = hci_request(hdev, hci_linkpol_req, dr.dev_opt,
944 msecs_to_jiffies(HCI_INIT_TIMEOUT)); 934 HCI_INIT_TIMEOUT);
945 break; 935 break;
946 936
947 case HCISETLINKMODE: 937 case HCISETLINKMODE:
@@ -1091,8 +1081,7 @@ static void hci_power_on(struct work_struct *work)
1091 return; 1081 return;
1092 1082
1093 if (test_bit(HCI_AUTO_OFF, &hdev->dev_flags)) 1083 if (test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
1094 schedule_delayed_work(&hdev->power_off, 1084 schedule_delayed_work(&hdev->power_off, HCI_AUTO_OFF_TIMEOUT);
1095 msecs_to_jiffies(AUTO_OFF_TIMEOUT));
1096 1085
1097 if (test_and_clear_bit(HCI_SETUP, &hdev->dev_flags)) 1086 if (test_and_clear_bit(HCI_SETUP, &hdev->dev_flags))
1098 mgmt_index_added(hdev); 1087 mgmt_index_added(hdev);
@@ -1369,11 +1358,19 @@ int hci_remove_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr)
1369} 1358}
1370 1359
1371/* HCI command timer function */ 1360/* HCI command timer function */
1372static void hci_cmd_timer(unsigned long arg) 1361static void hci_cmd_timeout(unsigned long arg)
1373{ 1362{
1374 struct hci_dev *hdev = (void *) arg; 1363 struct hci_dev *hdev = (void *) arg;
1375 1364
1376 BT_ERR("%s command tx timeout", hdev->name); 1365 if (hdev->sent_cmd) {
1366 struct hci_command_hdr *sent = (void *) hdev->sent_cmd->data;
1367 u16 opcode = __le16_to_cpu(sent->opcode);
1368
1369 BT_ERR("%s command 0x%4.4x tx timeout", hdev->name, opcode);
1370 } else {
1371 BT_ERR("%s command tx timeout", hdev->name);
1372 }
1373
1377 atomic_set(&hdev->cmd_cnt, 1); 1374 atomic_set(&hdev->cmd_cnt, 1);
1378 queue_work(hdev->workqueue, &hdev->cmd_work); 1375 queue_work(hdev->workqueue, &hdev->cmd_work);
1379} 1376}
@@ -1671,7 +1668,7 @@ struct hci_dev *hci_alloc_dev(void)
1671 1668
1672 init_waitqueue_head(&hdev->req_wait_q); 1669 init_waitqueue_head(&hdev->req_wait_q);
1673 1670
1674 setup_timer(&hdev->cmd_timer, hci_cmd_timer, (unsigned long) hdev); 1671 setup_timer(&hdev->cmd_timer, hci_cmd_timeout, (unsigned long) hdev);
1675 1672
1676 hci_init_sysfs(hdev); 1673 hci_init_sysfs(hdev);
1677 discovery_init(hdev); 1674 discovery_init(hdev);
@@ -1746,8 +1743,11 @@ int hci_register_dev(struct hci_dev *hdev)
1746 } 1743 }
1747 } 1744 }
1748 1745
1749 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
1750 set_bit(HCI_SETUP, &hdev->dev_flags); 1746 set_bit(HCI_SETUP, &hdev->dev_flags);
1747
1748 if (hdev->dev_type != HCI_AMP)
1749 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
1750
1751 schedule_work(&hdev->power_on); 1751 schedule_work(&hdev->power_on);
1752 1752
1753 hci_notify(hdev, HCI_DEV_REG); 1753 hci_notify(hdev, HCI_DEV_REG);
@@ -2087,7 +2087,7 @@ int hci_send_cmd(struct hci_dev *hdev, __u16 opcode, __u32 plen, void *param)
2087 struct hci_command_hdr *hdr; 2087 struct hci_command_hdr *hdr;
2088 struct sk_buff *skb; 2088 struct sk_buff *skb;
2089 2089
2090 BT_DBG("%s opcode 0x%x plen %d", hdev->name, opcode, plen); 2090 BT_DBG("%s opcode 0x%4.4x plen %d", hdev->name, opcode, plen);
2091 2091
2092 skb = bt_skb_alloc(len, GFP_ATOMIC); 2092 skb = bt_skb_alloc(len, GFP_ATOMIC);
2093 if (!skb) { 2093 if (!skb) {
@@ -2129,7 +2129,7 @@ void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 opcode)
2129 if (hdr->opcode != cpu_to_le16(opcode)) 2129 if (hdr->opcode != cpu_to_le16(opcode))
2130 return NULL; 2130 return NULL;
2131 2131
2132 BT_DBG("%s opcode 0x%x", hdev->name, opcode); 2132 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2133 2133
2134 return hdev->sent_cmd->data + HCI_COMMAND_HDR_SIZE; 2134 return hdev->sent_cmd->data + HCI_COMMAND_HDR_SIZE;
2135} 2135}
@@ -2199,7 +2199,7 @@ void hci_send_acl(struct hci_chan *chan, struct sk_buff *skb, __u16 flags)
2199 struct hci_conn *conn = chan->conn; 2199 struct hci_conn *conn = chan->conn;
2200 struct hci_dev *hdev = conn->hdev; 2200 struct hci_dev *hdev = conn->hdev;
2201 2201
2202 BT_DBG("%s chan %p flags 0x%x", hdev->name, chan, flags); 2202 BT_DBG("%s chan %p flags 0x%4.4x", hdev->name, chan, flags);
2203 2203
2204 skb->dev = (void *) hdev; 2204 skb->dev = (void *) hdev;
2205 2205
@@ -2455,7 +2455,7 @@ static void __check_timeout(struct hci_dev *hdev, unsigned int cnt)
2455 /* ACL tx timeout must be longer than maximum 2455 /* ACL tx timeout must be longer than maximum
2456 * link supervision timeout (40.9 seconds) */ 2456 * link supervision timeout (40.9 seconds) */
2457 if (!cnt && time_after(jiffies, hdev->acl_last_tx + 2457 if (!cnt && time_after(jiffies, hdev->acl_last_tx +
2458 msecs_to_jiffies(HCI_ACL_TX_TIMEOUT))) 2458 HCI_ACL_TX_TIMEOUT))
2459 hci_link_tx_to(hdev, ACL_LINK); 2459 hci_link_tx_to(hdev, ACL_LINK);
2460 } 2460 }
2461} 2461}
@@ -2699,7 +2699,7 @@ static void hci_acldata_packet(struct hci_dev *hdev, struct sk_buff *skb)
2699 flags = hci_flags(handle); 2699 flags = hci_flags(handle);
2700 handle = hci_handle(handle); 2700 handle = hci_handle(handle);
2701 2701
2702 BT_DBG("%s len %d handle 0x%x flags 0x%x", hdev->name, skb->len, 2702 BT_DBG("%s len %d handle 0x%4.4x flags 0x%4.4x", hdev->name, skb->len,
2703 handle, flags); 2703 handle, flags);
2704 2704
2705 hdev->stat.acl_rx++; 2705 hdev->stat.acl_rx++;
@@ -2741,7 +2741,7 @@ static void hci_scodata_packet(struct hci_dev *hdev, struct sk_buff *skb)
2741 2741
2742 handle = __le16_to_cpu(hdr->handle); 2742 handle = __le16_to_cpu(hdr->handle);
2743 2743
2744 BT_DBG("%s len %d handle 0x%x", hdev->name, skb->len, handle); 2744 BT_DBG("%s len %d handle 0x%4.4x", hdev->name, skb->len, handle);
2745 2745
2746 hdev->stat.sco_rx++; 2746 hdev->stat.sco_rx++;
2747 2747
@@ -2821,7 +2821,8 @@ static void hci_cmd_work(struct work_struct *work)
2821 struct hci_dev *hdev = container_of(work, struct hci_dev, cmd_work); 2821 struct hci_dev *hdev = container_of(work, struct hci_dev, cmd_work);
2822 struct sk_buff *skb; 2822 struct sk_buff *skb;
2823 2823
2824 BT_DBG("%s cmd %d", hdev->name, atomic_read(&hdev->cmd_cnt)); 2824 BT_DBG("%s cmd_cnt %d cmd queued %d", hdev->name,
2825 atomic_read(&hdev->cmd_cnt), skb_queue_len(&hdev->cmd_q));
2825 2826
2826 /* Send queued commands */ 2827 /* Send queued commands */
2827 if (atomic_read(&hdev->cmd_cnt)) { 2828 if (atomic_read(&hdev->cmd_cnt)) {
@@ -2839,7 +2840,7 @@ static void hci_cmd_work(struct work_struct *work)
2839 del_timer(&hdev->cmd_timer); 2840 del_timer(&hdev->cmd_timer);
2840 else 2841 else
2841 mod_timer(&hdev->cmd_timer, 2842 mod_timer(&hdev->cmd_timer,
2842 jiffies + msecs_to_jiffies(HCI_CMD_TIMEOUT)); 2843 jiffies + HCI_CMD_TIMEOUT);
2843 } else { 2844 } else {
2844 skb_queue_head(&hdev->cmd_q, skb); 2845 skb_queue_head(&hdev->cmd_q, skb);
2845 queue_work(hdev->workqueue, &hdev->cmd_work); 2846 queue_work(hdev->workqueue, &hdev->cmd_work);
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 1ba929c05d0..41ff978a33f 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -36,7 +36,7 @@ static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
36{ 36{
37 __u8 status = *((__u8 *) skb->data); 37 __u8 status = *((__u8 *) skb->data);
38 38
39 BT_DBG("%s status 0x%x", hdev->name, status); 39 BT_DBG("%s status 0x%2.2x", hdev->name, status);
40 40
41 if (status) { 41 if (status) {
42 hci_dev_lock(hdev); 42 hci_dev_lock(hdev);
@@ -60,7 +60,7 @@ static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
60{ 60{
61 __u8 status = *((__u8 *) skb->data); 61 __u8 status = *((__u8 *) skb->data);
62 62
63 BT_DBG("%s status 0x%x", hdev->name, status); 63 BT_DBG("%s status 0x%2.2x", hdev->name, status);
64 64
65 if (status) 65 if (status)
66 return; 66 return;
@@ -72,7 +72,7 @@ static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
72{ 72{
73 __u8 status = *((__u8 *) skb->data); 73 __u8 status = *((__u8 *) skb->data);
74 74
75 BT_DBG("%s status 0x%x", hdev->name, status); 75 BT_DBG("%s status 0x%2.2x", hdev->name, status);
76 76
77 if (status) 77 if (status)
78 return; 78 return;
@@ -93,7 +93,7 @@ static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
93 struct hci_rp_role_discovery *rp = (void *) skb->data; 93 struct hci_rp_role_discovery *rp = (void *) skb->data;
94 struct hci_conn *conn; 94 struct hci_conn *conn;
95 95
96 BT_DBG("%s status 0x%x", hdev->name, rp->status); 96 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
97 97
98 if (rp->status) 98 if (rp->status)
99 return; 99 return;
@@ -116,7 +116,7 @@ static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
116 struct hci_rp_read_link_policy *rp = (void *) skb->data; 116 struct hci_rp_read_link_policy *rp = (void *) skb->data;
117 struct hci_conn *conn; 117 struct hci_conn *conn;
118 118
119 BT_DBG("%s status 0x%x", hdev->name, rp->status); 119 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
120 120
121 if (rp->status) 121 if (rp->status)
122 return; 122 return;
@@ -136,7 +136,7 @@ static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
136 struct hci_conn *conn; 136 struct hci_conn *conn;
137 void *sent; 137 void *sent;
138 138
139 BT_DBG("%s status 0x%x", hdev->name, rp->status); 139 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
140 140
141 if (rp->status) 141 if (rp->status)
142 return; 142 return;
@@ -159,7 +159,7 @@ static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
159{ 159{
160 struct hci_rp_read_def_link_policy *rp = (void *) skb->data; 160 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
161 161
162 BT_DBG("%s status 0x%x", hdev->name, rp->status); 162 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
163 163
164 if (rp->status) 164 if (rp->status)
165 return; 165 return;
@@ -173,7 +173,7 @@ static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
173 __u8 status = *((__u8 *) skb->data); 173 __u8 status = *((__u8 *) skb->data);
174 void *sent; 174 void *sent;
175 175
176 BT_DBG("%s status 0x%x", hdev->name, status); 176 BT_DBG("%s status 0x%2.2x", hdev->name, status);
177 177
178 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY); 178 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
179 if (!sent) 179 if (!sent)
@@ -189,7 +189,7 @@ static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
189{ 189{
190 __u8 status = *((__u8 *) skb->data); 190 __u8 status = *((__u8 *) skb->data);
191 191
192 BT_DBG("%s status 0x%x", hdev->name, status); 192 BT_DBG("%s status 0x%2.2x", hdev->name, status);
193 193
194 clear_bit(HCI_RESET, &hdev->flags); 194 clear_bit(HCI_RESET, &hdev->flags);
195 195
@@ -207,7 +207,7 @@ static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
207 __u8 status = *((__u8 *) skb->data); 207 __u8 status = *((__u8 *) skb->data);
208 void *sent; 208 void *sent;
209 209
210 BT_DBG("%s status 0x%x", hdev->name, status); 210 BT_DBG("%s status 0x%2.2x", hdev->name, status);
211 211
212 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME); 212 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
213 if (!sent) 213 if (!sent)
@@ -229,7 +229,7 @@ static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
229{ 229{
230 struct hci_rp_read_local_name *rp = (void *) skb->data; 230 struct hci_rp_read_local_name *rp = (void *) skb->data;
231 231
232 BT_DBG("%s status 0x%x", hdev->name, rp->status); 232 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
233 233
234 if (rp->status) 234 if (rp->status)
235 return; 235 return;
@@ -243,7 +243,7 @@ static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
243 __u8 status = *((__u8 *) skb->data); 243 __u8 status = *((__u8 *) skb->data);
244 void *sent; 244 void *sent;
245 245
246 BT_DBG("%s status 0x%x", hdev->name, status); 246 BT_DBG("%s status 0x%2.2x", hdev->name, status);
247 247
248 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE); 248 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
249 if (!sent) 249 if (!sent)
@@ -269,7 +269,7 @@ static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
269 __u8 status = *((__u8 *) skb->data); 269 __u8 status = *((__u8 *) skb->data);
270 void *sent; 270 void *sent;
271 271
272 BT_DBG("%s status 0x%x", hdev->name, status); 272 BT_DBG("%s status 0x%2.2x", hdev->name, status);
273 273
274 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE); 274 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
275 if (!sent) 275 if (!sent)
@@ -293,7 +293,7 @@ static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
293 int old_pscan, old_iscan; 293 int old_pscan, old_iscan;
294 void *sent; 294 void *sent;
295 295
296 BT_DBG("%s status 0x%x", hdev->name, status); 296 BT_DBG("%s status 0x%2.2x", hdev->name, status);
297 297
298 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE); 298 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
299 if (!sent) 299 if (!sent)
@@ -340,7 +340,7 @@ static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
340{ 340{
341 struct hci_rp_read_class_of_dev *rp = (void *) skb->data; 341 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
342 342
343 BT_DBG("%s status 0x%x", hdev->name, rp->status); 343 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
344 344
345 if (rp->status) 345 if (rp->status)
346 return; 346 return;
@@ -356,7 +356,7 @@ static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
356 __u8 status = *((__u8 *) skb->data); 356 __u8 status = *((__u8 *) skb->data);
357 void *sent; 357 void *sent;
358 358
359 BT_DBG("%s status 0x%x", hdev->name, status); 359 BT_DBG("%s status 0x%2.2x", hdev->name, status);
360 360
361 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV); 361 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
362 if (!sent) 362 if (!sent)
@@ -378,7 +378,7 @@ static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
378 struct hci_rp_read_voice_setting *rp = (void *) skb->data; 378 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
379 __u16 setting; 379 __u16 setting;
380 380
381 BT_DBG("%s status 0x%x", hdev->name, rp->status); 381 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
382 382
383 if (rp->status) 383 if (rp->status)
384 return; 384 return;
@@ -390,7 +390,7 @@ static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
390 390
391 hdev->voice_setting = setting; 391 hdev->voice_setting = setting;
392 392
393 BT_DBG("%s voice setting 0x%04x", hdev->name, setting); 393 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
394 394
395 if (hdev->notify) 395 if (hdev->notify)
396 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING); 396 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
@@ -403,7 +403,7 @@ static void hci_cc_write_voice_setting(struct hci_dev *hdev,
403 __u16 setting; 403 __u16 setting;
404 void *sent; 404 void *sent;
405 405
406 BT_DBG("%s status 0x%x", hdev->name, status); 406 BT_DBG("%s status 0x%2.2x", hdev->name, status);
407 407
408 if (status) 408 if (status)
409 return; 409 return;
@@ -419,7 +419,7 @@ static void hci_cc_write_voice_setting(struct hci_dev *hdev,
419 419
420 hdev->voice_setting = setting; 420 hdev->voice_setting = setting;
421 421
422 BT_DBG("%s voice setting 0x%04x", hdev->name, setting); 422 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
423 423
424 if (hdev->notify) 424 if (hdev->notify)
425 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING); 425 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
@@ -429,7 +429,7 @@ static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
429{ 429{
430 __u8 status = *((__u8 *) skb->data); 430 __u8 status = *((__u8 *) skb->data);
431 431
432 BT_DBG("%s status 0x%x", hdev->name, status); 432 BT_DBG("%s status 0x%2.2x", hdev->name, status);
433 433
434 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status); 434 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
435} 435}
@@ -439,7 +439,7 @@ static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
439 __u8 status = *((__u8 *) skb->data); 439 __u8 status = *((__u8 *) skb->data);
440 void *sent; 440 void *sent;
441 441
442 BT_DBG("%s status 0x%x", hdev->name, status); 442 BT_DBG("%s status 0x%2.2x", hdev->name, status);
443 443
444 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE); 444 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
445 if (!sent) 445 if (!sent)
@@ -597,7 +597,7 @@ static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
597{ 597{
598 struct hci_rp_read_local_version *rp = (void *) skb->data; 598 struct hci_rp_read_local_version *rp = (void *) skb->data;
599 599
600 BT_DBG("%s status 0x%x", hdev->name, rp->status); 600 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
601 601
602 if (rp->status) 602 if (rp->status)
603 goto done; 603 goto done;
@@ -608,7 +608,7 @@ static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
608 hdev->manufacturer = __le16_to_cpu(rp->manufacturer); 608 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
609 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver); 609 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
610 610
611 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name, 611 BT_DBG("%s manufacturer 0x%4.4x hci ver %d:%d", hdev->name,
612 hdev->manufacturer, hdev->hci_ver, hdev->hci_rev); 612 hdev->manufacturer, hdev->hci_ver, hdev->hci_rev);
613 613
614 if (test_bit(HCI_INIT, &hdev->flags)) 614 if (test_bit(HCI_INIT, &hdev->flags))
@@ -641,7 +641,7 @@ static void hci_cc_read_local_commands(struct hci_dev *hdev,
641{ 641{
642 struct hci_rp_read_local_commands *rp = (void *) skb->data; 642 struct hci_rp_read_local_commands *rp = (void *) skb->data;
643 643
644 BT_DBG("%s status 0x%x", hdev->name, rp->status); 644 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
645 645
646 if (rp->status) 646 if (rp->status)
647 goto done; 647 goto done;
@@ -660,7 +660,7 @@ static void hci_cc_read_local_features(struct hci_dev *hdev,
660{ 660{
661 struct hci_rp_read_local_features *rp = (void *) skb->data; 661 struct hci_rp_read_local_features *rp = (void *) skb->data;
662 662
663 BT_DBG("%s status 0x%x", hdev->name, rp->status); 663 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
664 664
665 if (rp->status) 665 if (rp->status)
666 return; 666 return;
@@ -732,7 +732,7 @@ static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
732{ 732{
733 struct hci_rp_read_local_ext_features *rp = (void *) skb->data; 733 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
734 734
735 BT_DBG("%s status 0x%x", hdev->name, rp->status); 735 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
736 736
737 if (rp->status) 737 if (rp->status)
738 goto done; 738 goto done;
@@ -758,7 +758,7 @@ static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
758{ 758{
759 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data; 759 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
760 760
761 BT_DBG("%s status 0x%x", hdev->name, rp->status); 761 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
762 762
763 if (rp->status) 763 if (rp->status)
764 return; 764 return;
@@ -772,7 +772,7 @@ static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
772{ 772{
773 struct hci_rp_read_buffer_size *rp = (void *) skb->data; 773 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
774 774
775 BT_DBG("%s status 0x%x", hdev->name, rp->status); 775 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
776 776
777 if (rp->status) 777 if (rp->status)
778 return; 778 return;
@@ -798,7 +798,7 @@ static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
798{ 798{
799 struct hci_rp_read_bd_addr *rp = (void *) skb->data; 799 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
800 800
801 BT_DBG("%s status 0x%x", hdev->name, rp->status); 801 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
802 802
803 if (!rp->status) 803 if (!rp->status)
804 bacpy(&hdev->bdaddr, &rp->bdaddr); 804 bacpy(&hdev->bdaddr, &rp->bdaddr);
@@ -811,7 +811,7 @@ static void hci_cc_read_data_block_size(struct hci_dev *hdev,
811{ 811{
812 struct hci_rp_read_data_block_size *rp = (void *) skb->data; 812 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
813 813
814 BT_DBG("%s status 0x%x", hdev->name, rp->status); 814 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
815 815
816 if (rp->status) 816 if (rp->status)
817 return; 817 return;
@@ -832,7 +832,7 @@ static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
832{ 832{
833 __u8 status = *((__u8 *) skb->data); 833 __u8 status = *((__u8 *) skb->data);
834 834
835 BT_DBG("%s status 0x%x", hdev->name, status); 835 BT_DBG("%s status 0x%2.2x", hdev->name, status);
836 836
837 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status); 837 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
838} 838}
@@ -842,7 +842,7 @@ static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
842{ 842{
843 struct hci_rp_read_local_amp_info *rp = (void *) skb->data; 843 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
844 844
845 BT_DBG("%s status 0x%x", hdev->name, rp->status); 845 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
846 846
847 if (rp->status) 847 if (rp->status)
848 return; 848 return;
@@ -866,7 +866,7 @@ static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
866{ 866{
867 __u8 status = *((__u8 *) skb->data); 867 __u8 status = *((__u8 *) skb->data);
868 868
869 BT_DBG("%s status 0x%x", hdev->name, status); 869 BT_DBG("%s status 0x%2.2x", hdev->name, status);
870 870
871 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status); 871 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
872} 872}
@@ -875,7 +875,7 @@ static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
875{ 875{
876 __u8 status = *((__u8 *) skb->data); 876 __u8 status = *((__u8 *) skb->data);
877 877
878 BT_DBG("%s status 0x%x", hdev->name, status); 878 BT_DBG("%s status 0x%2.2x", hdev->name, status);
879 879
880 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status); 880 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
881} 881}
@@ -885,7 +885,7 @@ static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
885{ 885{
886 __u8 status = *((__u8 *) skb->data); 886 __u8 status = *((__u8 *) skb->data);
887 887
888 BT_DBG("%s status 0x%x", hdev->name, status); 888 BT_DBG("%s status 0x%2.2x", hdev->name, status);
889 889
890 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status); 890 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
891} 891}
@@ -895,7 +895,7 @@ static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
895{ 895{
896 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data; 896 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
897 897
898 BT_DBG("%s status 0x%x", hdev->name, rp->status); 898 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
899 899
900 if (!rp->status) 900 if (!rp->status)
901 hdev->inq_tx_power = rp->tx_power; 901 hdev->inq_tx_power = rp->tx_power;
@@ -907,7 +907,7 @@ static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
907{ 907{
908 __u8 status = *((__u8 *) skb->data); 908 __u8 status = *((__u8 *) skb->data);
909 909
910 BT_DBG("%s status 0x%x", hdev->name, status); 910 BT_DBG("%s status 0x%2.2x", hdev->name, status);
911 911
912 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status); 912 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
913} 913}
@@ -918,7 +918,7 @@ static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
918 struct hci_cp_pin_code_reply *cp; 918 struct hci_cp_pin_code_reply *cp;
919 struct hci_conn *conn; 919 struct hci_conn *conn;
920 920
921 BT_DBG("%s status 0x%x", hdev->name, rp->status); 921 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
922 922
923 hci_dev_lock(hdev); 923 hci_dev_lock(hdev);
924 924
@@ -944,7 +944,7 @@ static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
944{ 944{
945 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data; 945 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
946 946
947 BT_DBG("%s status 0x%x", hdev->name, rp->status); 947 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
948 948
949 hci_dev_lock(hdev); 949 hci_dev_lock(hdev);
950 950
@@ -960,7 +960,7 @@ static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
960{ 960{
961 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data; 961 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
962 962
963 BT_DBG("%s status 0x%x", hdev->name, rp->status); 963 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
964 964
965 if (rp->status) 965 if (rp->status)
966 return; 966 return;
@@ -979,7 +979,7 @@ static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
979{ 979{
980 struct hci_rp_user_confirm_reply *rp = (void *) skb->data; 980 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
981 981
982 BT_DBG("%s status 0x%x", hdev->name, rp->status); 982 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
983 983
984 hci_dev_lock(hdev); 984 hci_dev_lock(hdev);
985 985
@@ -995,7 +995,7 @@ static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
995{ 995{
996 struct hci_rp_user_confirm_reply *rp = (void *) skb->data; 996 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
997 997
998 BT_DBG("%s status 0x%x", hdev->name, rp->status); 998 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
999 999
1000 hci_dev_lock(hdev); 1000 hci_dev_lock(hdev);
1001 1001
@@ -1010,7 +1010,7 @@ static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
1010{ 1010{
1011 struct hci_rp_user_confirm_reply *rp = (void *) skb->data; 1011 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1012 1012
1013 BT_DBG("%s status 0x%x", hdev->name, rp->status); 1013 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1014 1014
1015 hci_dev_lock(hdev); 1015 hci_dev_lock(hdev);
1016 1016
@@ -1026,7 +1026,7 @@ static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
1026{ 1026{
1027 struct hci_rp_user_confirm_reply *rp = (void *) skb->data; 1027 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1028 1028
1029 BT_DBG("%s status 0x%x", hdev->name, rp->status); 1029 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1030 1030
1031 hci_dev_lock(hdev); 1031 hci_dev_lock(hdev);
1032 1032
@@ -1042,7 +1042,7 @@ static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
1042{ 1042{
1043 struct hci_rp_read_local_oob_data *rp = (void *) skb->data; 1043 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1044 1044
1045 BT_DBG("%s status 0x%x", hdev->name, rp->status); 1045 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1046 1046
1047 hci_dev_lock(hdev); 1047 hci_dev_lock(hdev);
1048 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash, 1048 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
@@ -1054,7 +1054,7 @@ static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1054{ 1054{
1055 __u8 status = *((__u8 *) skb->data); 1055 __u8 status = *((__u8 *) skb->data);
1056 1056
1057 BT_DBG("%s status 0x%x", hdev->name, status); 1057 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1058 1058
1059 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_PARAM, status); 1059 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_PARAM, status);
1060 1060
@@ -1072,7 +1072,7 @@ static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1072 struct hci_cp_le_set_scan_enable *cp; 1072 struct hci_cp_le_set_scan_enable *cp;
1073 __u8 status = *((__u8 *) skb->data); 1073 __u8 status = *((__u8 *) skb->data);
1074 1074
1075 BT_DBG("%s status 0x%x", hdev->name, status); 1075 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1076 1076
1077 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE); 1077 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1078 if (!cp) 1078 if (!cp)
@@ -1127,7 +1127,7 @@ static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1127{ 1127{
1128 struct hci_rp_le_ltk_reply *rp = (void *) skb->data; 1128 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1129 1129
1130 BT_DBG("%s status 0x%x", hdev->name, rp->status); 1130 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1131 1131
1132 if (rp->status) 1132 if (rp->status)
1133 return; 1133 return;
@@ -1139,7 +1139,7 @@ static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1139{ 1139{
1140 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data; 1140 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1141 1141
1142 BT_DBG("%s status 0x%x", hdev->name, rp->status); 1142 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143 1143
1144 if (rp->status) 1144 if (rp->status)
1145 return; 1145 return;
@@ -1153,7 +1153,7 @@ static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1153 struct hci_cp_write_le_host_supported *sent; 1153 struct hci_cp_write_le_host_supported *sent;
1154 __u8 status = *((__u8 *) skb->data); 1154 __u8 status = *((__u8 *) skb->data);
1155 1155
1156 BT_DBG("%s status 0x%x", hdev->name, status); 1156 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1157 1157
1158 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED); 1158 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1159 if (!sent) 1159 if (!sent)
@@ -1175,7 +1175,7 @@ static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1175 1175
1176static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status) 1176static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1177{ 1177{
1178 BT_DBG("%s status 0x%x", hdev->name, status); 1178 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1179 1179
1180 if (status) { 1180 if (status) {
1181 hci_req_complete(hdev, HCI_OP_INQUIRY, status); 1181 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
@@ -1199,7 +1199,7 @@ static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1199 struct hci_cp_create_conn *cp; 1199 struct hci_cp_create_conn *cp;
1200 struct hci_conn *conn; 1200 struct hci_conn *conn;
1201 1201
1202 BT_DBG("%s status 0x%x", hdev->name, status); 1202 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1203 1203
1204 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN); 1204 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1205 if (!cp) 1205 if (!cp)
@@ -1209,7 +1209,7 @@ static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1209 1209
1210 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); 1210 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1211 1211
1212 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn); 1212 BT_DBG("%s bdaddr %s hcon %p", hdev->name, batostr(&cp->bdaddr), conn);
1213 1213
1214 if (status) { 1214 if (status) {
1215 if (conn && conn->state == BT_CONNECT) { 1215 if (conn && conn->state == BT_CONNECT) {
@@ -1240,7 +1240,7 @@ static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1240 struct hci_conn *acl, *sco; 1240 struct hci_conn *acl, *sco;
1241 __u16 handle; 1241 __u16 handle;
1242 1242
1243 BT_DBG("%s status 0x%x", hdev->name, status); 1243 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1244 1244
1245 if (!status) 1245 if (!status)
1246 return; 1246 return;
@@ -1251,7 +1251,7 @@ static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1251 1251
1252 handle = __le16_to_cpu(cp->handle); 1252 handle = __le16_to_cpu(cp->handle);
1253 1253
1254 BT_DBG("%s handle %d", hdev->name, handle); 1254 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1255 1255
1256 hci_dev_lock(hdev); 1256 hci_dev_lock(hdev);
1257 1257
@@ -1274,7 +1274,7 @@ static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1274 struct hci_cp_auth_requested *cp; 1274 struct hci_cp_auth_requested *cp;
1275 struct hci_conn *conn; 1275 struct hci_conn *conn;
1276 1276
1277 BT_DBG("%s status 0x%x", hdev->name, status); 1277 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1278 1278
1279 if (!status) 1279 if (!status)
1280 return; 1280 return;
@@ -1301,7 +1301,7 @@ static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1301 struct hci_cp_set_conn_encrypt *cp; 1301 struct hci_cp_set_conn_encrypt *cp;
1302 struct hci_conn *conn; 1302 struct hci_conn *conn;
1303 1303
1304 BT_DBG("%s status 0x%x", hdev->name, status); 1304 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1305 1305
1306 if (!status) 1306 if (!status)
1307 return; 1307 return;
@@ -1413,7 +1413,7 @@ static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1413 struct hci_cp_remote_name_req *cp; 1413 struct hci_cp_remote_name_req *cp;
1414 struct hci_conn *conn; 1414 struct hci_conn *conn;
1415 1415
1416 BT_DBG("%s status 0x%x", hdev->name, status); 1416 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1417 1417
1418 /* If successful wait for the name req complete event before 1418 /* If successful wait for the name req complete event before
1419 * checking for the need to do authentication */ 1419 * checking for the need to do authentication */
@@ -1452,7 +1452,7 @@ static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1452 struct hci_cp_read_remote_features *cp; 1452 struct hci_cp_read_remote_features *cp;
1453 struct hci_conn *conn; 1453 struct hci_conn *conn;
1454 1454
1455 BT_DBG("%s status 0x%x", hdev->name, status); 1455 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1456 1456
1457 if (!status) 1457 if (!status)
1458 return; 1458 return;
@@ -1479,7 +1479,7 @@ static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1479 struct hci_cp_read_remote_ext_features *cp; 1479 struct hci_cp_read_remote_ext_features *cp;
1480 struct hci_conn *conn; 1480 struct hci_conn *conn;
1481 1481
1482 BT_DBG("%s status 0x%x", hdev->name, status); 1482 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1483 1483
1484 if (!status) 1484 if (!status)
1485 return; 1485 return;
@@ -1507,7 +1507,7 @@ static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1507 struct hci_conn *acl, *sco; 1507 struct hci_conn *acl, *sco;
1508 __u16 handle; 1508 __u16 handle;
1509 1509
1510 BT_DBG("%s status 0x%x", hdev->name, status); 1510 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1511 1511
1512 if (!status) 1512 if (!status)
1513 return; 1513 return;
@@ -1518,7 +1518,7 @@ static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1518 1518
1519 handle = __le16_to_cpu(cp->handle); 1519 handle = __le16_to_cpu(cp->handle);
1520 1520
1521 BT_DBG("%s handle %d", hdev->name, handle); 1521 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1522 1522
1523 hci_dev_lock(hdev); 1523 hci_dev_lock(hdev);
1524 1524
@@ -1541,7 +1541,7 @@ static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1541 struct hci_cp_sniff_mode *cp; 1541 struct hci_cp_sniff_mode *cp;
1542 struct hci_conn *conn; 1542 struct hci_conn *conn;
1543 1543
1544 BT_DBG("%s status 0x%x", hdev->name, status); 1544 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1545 1545
1546 if (!status) 1546 if (!status)
1547 return; 1547 return;
@@ -1568,7 +1568,7 @@ static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1568 struct hci_cp_exit_sniff_mode *cp; 1568 struct hci_cp_exit_sniff_mode *cp;
1569 struct hci_conn *conn; 1569 struct hci_conn *conn;
1570 1570
1571 BT_DBG("%s status 0x%x", hdev->name, status); 1571 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1572 1572
1573 if (!status) 1573 if (!status)
1574 return; 1574 return;
@@ -1617,7 +1617,7 @@ static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1617 struct hci_cp_le_create_conn *cp; 1617 struct hci_cp_le_create_conn *cp;
1618 struct hci_conn *conn; 1618 struct hci_conn *conn;
1619 1619
1620 BT_DBG("%s status 0x%x", hdev->name, status); 1620 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1621 1621
1622 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN); 1622 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1623 if (!cp) 1623 if (!cp)
@@ -1655,7 +1655,7 @@ static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1655 1655
1656static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status) 1656static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1657{ 1657{
1658 BT_DBG("%s status 0x%x", hdev->name, status); 1658 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1659} 1659}
1660 1660
1661static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1661static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
@@ -1664,7 +1664,7 @@ static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1664 struct discovery_state *discov = &hdev->discovery; 1664 struct discovery_state *discov = &hdev->discovery;
1665 struct inquiry_entry *e; 1665 struct inquiry_entry *e;
1666 1666
1667 BT_DBG("%s status %d", hdev->name, status); 1667 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1668 1668
1669 hci_req_complete(hdev, HCI_OP_INQUIRY, status); 1669 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1670 1670
@@ -1893,7 +1893,7 @@ static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1893 struct hci_ev_disconn_complete *ev = (void *) skb->data; 1893 struct hci_ev_disconn_complete *ev = (void *) skb->data;
1894 struct hci_conn *conn; 1894 struct hci_conn *conn;
1895 1895
1896 BT_DBG("%s status %d", hdev->name, ev->status); 1896 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1897 1897
1898 hci_dev_lock(hdev); 1898 hci_dev_lock(hdev);
1899 1899
@@ -1930,7 +1930,7 @@ static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1930 struct hci_ev_auth_complete *ev = (void *) skb->data; 1930 struct hci_ev_auth_complete *ev = (void *) skb->data;
1931 struct hci_conn *conn; 1931 struct hci_conn *conn;
1932 1932
1933 BT_DBG("%s status %d", hdev->name, ev->status); 1933 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1934 1934
1935 hci_dev_lock(hdev); 1935 hci_dev_lock(hdev);
1936 1936
@@ -2035,7 +2035,7 @@ static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2035 struct hci_ev_encrypt_change *ev = (void *) skb->data; 2035 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2036 struct hci_conn *conn; 2036 struct hci_conn *conn;
2037 2037
2038 BT_DBG("%s status %d", hdev->name, ev->status); 2038 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2039 2039
2040 hci_dev_lock(hdev); 2040 hci_dev_lock(hdev);
2041 2041
@@ -2079,7 +2079,7 @@ static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2079 struct hci_ev_change_link_key_complete *ev = (void *) skb->data; 2079 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
2080 struct hci_conn *conn; 2080 struct hci_conn *conn;
2081 2081
2082 BT_DBG("%s status %d", hdev->name, ev->status); 2082 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2083 2083
2084 hci_dev_lock(hdev); 2084 hci_dev_lock(hdev);
2085 2085
@@ -2102,7 +2102,7 @@ static void hci_remote_features_evt(struct hci_dev *hdev,
2102 struct hci_ev_remote_features *ev = (void *) skb->data; 2102 struct hci_ev_remote_features *ev = (void *) skb->data;
2103 struct hci_conn *conn; 2103 struct hci_conn *conn;
2104 2104
2105 BT_DBG("%s status %d", hdev->name, ev->status); 2105 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2106 2106
2107 hci_dev_lock(hdev); 2107 hci_dev_lock(hdev);
2108 2108
@@ -2364,7 +2364,7 @@ static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2364 break; 2364 break;
2365 2365
2366 default: 2366 default:
2367 BT_DBG("%s opcode 0x%x", hdev->name, opcode); 2367 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2368 break; 2368 break;
2369 } 2369 }
2370 2370
@@ -2445,7 +2445,7 @@ static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2445 break; 2445 break;
2446 2446
2447 default: 2447 default:
2448 BT_DBG("%s opcode 0x%x", hdev->name, opcode); 2448 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2449 break; 2449 break;
2450 } 2450 }
2451 2451
@@ -2464,7 +2464,7 @@ static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2464 struct hci_ev_role_change *ev = (void *) skb->data; 2464 struct hci_ev_role_change *ev = (void *) skb->data;
2465 struct hci_conn *conn; 2465 struct hci_conn *conn;
2466 2466
2467 BT_DBG("%s status %d", hdev->name, ev->status); 2467 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2468 2468
2469 hci_dev_lock(hdev); 2469 hci_dev_lock(hdev);
2470 2470
@@ -2605,7 +2605,7 @@ static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2605 struct hci_ev_mode_change *ev = (void *) skb->data; 2605 struct hci_ev_mode_change *ev = (void *) skb->data;
2606 struct hci_conn *conn; 2606 struct hci_conn *conn;
2607 2607
2608 BT_DBG("%s status %d", hdev->name, ev->status); 2608 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2609 2609
2610 hci_dev_lock(hdev); 2610 hci_dev_lock(hdev);
2611 2611
@@ -2763,7 +2763,7 @@ static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2763 struct hci_ev_clock_offset *ev = (void *) skb->data; 2763 struct hci_ev_clock_offset *ev = (void *) skb->data;
2764 struct hci_conn *conn; 2764 struct hci_conn *conn;
2765 2765
2766 BT_DBG("%s status %d", hdev->name, ev->status); 2766 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2767 2767
2768 hci_dev_lock(hdev); 2768 hci_dev_lock(hdev);
2769 2769
@@ -2786,7 +2786,7 @@ static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2786 struct hci_ev_pkt_type_change *ev = (void *) skb->data; 2786 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2787 struct hci_conn *conn; 2787 struct hci_conn *conn;
2788 2788
2789 BT_DBG("%s status %d", hdev->name, ev->status); 2789 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2790 2790
2791 hci_dev_lock(hdev); 2791 hci_dev_lock(hdev);
2792 2792
@@ -2930,7 +2930,7 @@ static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
2930 struct hci_ev_sync_conn_complete *ev = (void *) skb->data; 2930 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2931 struct hci_conn *conn; 2931 struct hci_conn *conn;
2932 2932
2933 BT_DBG("%s status %d", hdev->name, ev->status); 2933 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2934 2934
2935 hci_dev_lock(hdev); 2935 hci_dev_lock(hdev);
2936 2936
@@ -2989,7 +2989,7 @@ static void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2989{ 2989{
2990 struct hci_ev_sniff_subrate *ev = (void *) skb->data; 2990 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
2991 2991
2992 BT_DBG("%s status %d", hdev->name, ev->status); 2992 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2993} 2993}
2994 2994
2995static void hci_extended_inquiry_result_evt(struct hci_dev *hdev, 2995static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
@@ -3046,7 +3046,7 @@ static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3046 struct hci_ev_key_refresh_complete *ev = (void *) skb->data; 3046 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3047 struct hci_conn *conn; 3047 struct hci_conn *conn;
3048 3048
3049 BT_DBG("%s status %u handle %u", hdev->name, ev->status, 3049 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
3050 __le16_to_cpu(ev->handle)); 3050 __le16_to_cpu(ev->handle));
3051 3051
3052 hci_dev_lock(hdev); 3052 hci_dev_lock(hdev);
@@ -3346,7 +3346,7 @@ static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3346 struct hci_ev_le_conn_complete *ev = (void *) skb->data; 3346 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3347 struct hci_conn *conn; 3347 struct hci_conn *conn;
3348 3348
3349 BT_DBG("%s status %d", hdev->name, ev->status); 3349 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3350 3350
3351 hci_dev_lock(hdev); 3351 hci_dev_lock(hdev);
3352 3352
@@ -3421,7 +3421,7 @@ static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3421 struct hci_conn *conn; 3421 struct hci_conn *conn;
3422 struct smp_ltk *ltk; 3422 struct smp_ltk *ltk;
3423 3423
3424 BT_DBG("%s handle %d", hdev->name, __le16_to_cpu(ev->handle)); 3424 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
3425 3425
3426 hci_dev_lock(hdev); 3426 hci_dev_lock(hdev);
3427 3427
@@ -3645,7 +3645,7 @@ void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3645 break; 3645 break;
3646 3646
3647 default: 3647 default:
3648 BT_DBG("%s event 0x%x", hdev->name, event); 3648 BT_DBG("%s event 0x%2.2x", hdev->name, event);
3649 break; 3649 break;
3650 } 3650 }
3651 3651
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index d42dfdc83eb..a8964db04bf 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -431,6 +431,7 @@ void l2cap_chan_set_defaults(struct l2cap_chan *chan)
431 chan->max_tx = L2CAP_DEFAULT_MAX_TX; 431 chan->max_tx = L2CAP_DEFAULT_MAX_TX;
432 chan->tx_win = L2CAP_DEFAULT_TX_WINDOW; 432 chan->tx_win = L2CAP_DEFAULT_TX_WINDOW;
433 chan->tx_win_max = L2CAP_DEFAULT_TX_WINDOW; 433 chan->tx_win_max = L2CAP_DEFAULT_TX_WINDOW;
434 chan->ack_win = L2CAP_DEFAULT_TX_WINDOW;
434 chan->sec_level = BT_SECURITY_LOW; 435 chan->sec_level = BT_SECURITY_LOW;
435 436
436 set_bit(FLAG_FORCE_ACTIVE, &chan->flags); 437 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
@@ -1657,7 +1658,7 @@ static void l2cap_streaming_send(struct l2cap_chan *chan,
1657 1658
1658 l2cap_do_send(chan, skb); 1659 l2cap_do_send(chan, skb);
1659 1660
1660 BT_DBG("Sent txseq %d", (int)control->txseq); 1661 BT_DBG("Sent txseq %u", control->txseq);
1661 1662
1662 chan->next_tx_seq = __next_seq(chan, chan->next_tx_seq); 1663 chan->next_tx_seq = __next_seq(chan, chan->next_tx_seq);
1663 chan->frames_sent++; 1664 chan->frames_sent++;
@@ -1722,11 +1723,11 @@ static int l2cap_ertm_send(struct l2cap_chan *chan)
1722 chan->tx_send_head = skb_queue_next(&chan->tx_q, skb); 1723 chan->tx_send_head = skb_queue_next(&chan->tx_q, skb);
1723 1724
1724 l2cap_do_send(chan, tx_skb); 1725 l2cap_do_send(chan, tx_skb);
1725 BT_DBG("Sent txseq %d", (int)control->txseq); 1726 BT_DBG("Sent txseq %u", control->txseq);
1726 } 1727 }
1727 1728
1728 BT_DBG("Sent %d, %d unacked, %d in ERTM queue", sent, 1729 BT_DBG("Sent %d, %u unacked, %u in ERTM queue", sent,
1729 (int) chan->unacked_frames, skb_queue_len(&chan->tx_q)); 1730 chan->unacked_frames, skb_queue_len(&chan->tx_q));
1730 1731
1731 return sent; 1732 return sent;
1732} 1733}
@@ -1877,14 +1878,14 @@ static void l2cap_send_ack(struct l2cap_chan *chan)
1877 frames_to_ack = 0; 1878 frames_to_ack = 0;
1878 } 1879 }
1879 1880
1880 /* Ack now if the tx window is 3/4ths full. 1881 /* Ack now if the window is 3/4ths full.
1881 * Calculate without mul or div 1882 * Calculate without mul or div
1882 */ 1883 */
1883 threshold = chan->tx_win; 1884 threshold = chan->ack_win;
1884 threshold += threshold << 1; 1885 threshold += threshold << 1;
1885 threshold >>= 2; 1886 threshold >>= 2;
1886 1887
1887 BT_DBG("frames_to_ack %d, threshold %d", (int)frames_to_ack, 1888 BT_DBG("frames_to_ack %u, threshold %d", frames_to_ack,
1888 threshold); 1889 threshold);
1889 1890
1890 if (frames_to_ack >= threshold) { 1891 if (frames_to_ack >= threshold) {
@@ -1946,15 +1947,15 @@ static inline int l2cap_skbuff_fromiovec(struct l2cap_chan *chan,
1946} 1947}
1947 1948
1948static struct sk_buff *l2cap_create_connless_pdu(struct l2cap_chan *chan, 1949static struct sk_buff *l2cap_create_connless_pdu(struct l2cap_chan *chan,
1949 struct msghdr *msg, size_t len, 1950 struct msghdr *msg, size_t len,
1950 u32 priority) 1951 u32 priority)
1951{ 1952{
1952 struct l2cap_conn *conn = chan->conn; 1953 struct l2cap_conn *conn = chan->conn;
1953 struct sk_buff *skb; 1954 struct sk_buff *skb;
1954 int err, count, hlen = L2CAP_HDR_SIZE + L2CAP_PSMLEN_SIZE; 1955 int err, count, hlen = L2CAP_HDR_SIZE + L2CAP_PSMLEN_SIZE;
1955 struct l2cap_hdr *lh; 1956 struct l2cap_hdr *lh;
1956 1957
1957 BT_DBG("chan %p len %d priority %u", chan, (int)len, priority); 1958 BT_DBG("chan %p len %zu priority %u", chan, len, priority);
1958 1959
1959 count = min_t(unsigned int, (conn->mtu - hlen), len); 1960 count = min_t(unsigned int, (conn->mtu - hlen), len);
1960 1961
@@ -1980,15 +1981,15 @@ static struct sk_buff *l2cap_create_connless_pdu(struct l2cap_chan *chan,
1980} 1981}
1981 1982
1982static struct sk_buff *l2cap_create_basic_pdu(struct l2cap_chan *chan, 1983static struct sk_buff *l2cap_create_basic_pdu(struct l2cap_chan *chan,
1983 struct msghdr *msg, size_t len, 1984 struct msghdr *msg, size_t len,
1984 u32 priority) 1985 u32 priority)
1985{ 1986{
1986 struct l2cap_conn *conn = chan->conn; 1987 struct l2cap_conn *conn = chan->conn;
1987 struct sk_buff *skb; 1988 struct sk_buff *skb;
1988 int err, count; 1989 int err, count;
1989 struct l2cap_hdr *lh; 1990 struct l2cap_hdr *lh;
1990 1991
1991 BT_DBG("chan %p len %d", chan, (int)len); 1992 BT_DBG("chan %p len %zu", chan, len);
1992 1993
1993 count = min_t(unsigned int, (conn->mtu - L2CAP_HDR_SIZE), len); 1994 count = min_t(unsigned int, (conn->mtu - L2CAP_HDR_SIZE), len);
1994 1995
@@ -2013,15 +2014,15 @@ static struct sk_buff *l2cap_create_basic_pdu(struct l2cap_chan *chan,
2013} 2014}
2014 2015
2015static struct sk_buff *l2cap_create_iframe_pdu(struct l2cap_chan *chan, 2016static struct sk_buff *l2cap_create_iframe_pdu(struct l2cap_chan *chan,
2016 struct msghdr *msg, size_t len, 2017 struct msghdr *msg, size_t len,
2017 u16 sdulen) 2018 u16 sdulen)
2018{ 2019{
2019 struct l2cap_conn *conn = chan->conn; 2020 struct l2cap_conn *conn = chan->conn;
2020 struct sk_buff *skb; 2021 struct sk_buff *skb;
2021 int err, count, hlen; 2022 int err, count, hlen;
2022 struct l2cap_hdr *lh; 2023 struct l2cap_hdr *lh;
2023 2024
2024 BT_DBG("chan %p len %d", chan, (int)len); 2025 BT_DBG("chan %p len %zu", chan, len);
2025 2026
2026 if (!conn) 2027 if (!conn)
2027 return ERR_PTR(-ENOTCONN); 2028 return ERR_PTR(-ENOTCONN);
@@ -2075,7 +2076,7 @@ static int l2cap_segment_sdu(struct l2cap_chan *chan,
2075 size_t pdu_len; 2076 size_t pdu_len;
2076 u8 sar; 2077 u8 sar;
2077 2078
2078 BT_DBG("chan %p, msg %p, len %d", chan, msg, (int)len); 2079 BT_DBG("chan %p, msg %p, len %zu", chan, msg, len);
2079 2080
2080 /* It is critical that ERTM PDUs fit in a single HCI fragment, 2081 /* It is critical that ERTM PDUs fit in a single HCI fragment,
2081 * so fragmented skbs are not used. The HCI layer's handling 2082 * so fragmented skbs are not used. The HCI layer's handling
@@ -2219,7 +2220,7 @@ static void l2cap_send_srej(struct l2cap_chan *chan, u16 txseq)
2219 struct l2cap_ctrl control; 2220 struct l2cap_ctrl control;
2220 u16 seq; 2221 u16 seq;
2221 2222
2222 BT_DBG("chan %p, txseq %d", chan, txseq); 2223 BT_DBG("chan %p, txseq %u", chan, txseq);
2223 2224
2224 memset(&control, 0, sizeof(control)); 2225 memset(&control, 0, sizeof(control));
2225 control.sframe = 1; 2226 control.sframe = 1;
@@ -2259,7 +2260,7 @@ static void l2cap_send_srej_list(struct l2cap_chan *chan, u16 txseq)
2259 u16 initial_head; 2260 u16 initial_head;
2260 u16 seq; 2261 u16 seq;
2261 2262
2262 BT_DBG("chan %p, txseq %d", chan, txseq); 2263 BT_DBG("chan %p, txseq %u", chan, txseq);
2263 2264
2264 memset(&control, 0, sizeof(control)); 2265 memset(&control, 0, sizeof(control));
2265 control.sframe = 1; 2266 control.sframe = 1;
@@ -2284,12 +2285,12 @@ static void l2cap_process_reqseq(struct l2cap_chan *chan, u16 reqseq)
2284 struct sk_buff *acked_skb; 2285 struct sk_buff *acked_skb;
2285 u16 ackseq; 2286 u16 ackseq;
2286 2287
2287 BT_DBG("chan %p, reqseq %d", chan, reqseq); 2288 BT_DBG("chan %p, reqseq %u", chan, reqseq);
2288 2289
2289 if (chan->unacked_frames == 0 || reqseq == chan->expected_ack_seq) 2290 if (chan->unacked_frames == 0 || reqseq == chan->expected_ack_seq)
2290 return; 2291 return;
2291 2292
2292 BT_DBG("expected_ack_seq %d, unacked_frames %d", 2293 BT_DBG("expected_ack_seq %u, unacked_frames %u",
2293 chan->expected_ack_seq, chan->unacked_frames); 2294 chan->expected_ack_seq, chan->unacked_frames);
2294 2295
2295 for (ackseq = chan->expected_ack_seq; ackseq != reqseq; 2296 for (ackseq = chan->expected_ack_seq; ackseq != reqseq;
@@ -2308,7 +2309,7 @@ static void l2cap_process_reqseq(struct l2cap_chan *chan, u16 reqseq)
2308 if (chan->unacked_frames == 0) 2309 if (chan->unacked_frames == 0)
2309 __clear_retrans_timer(chan); 2310 __clear_retrans_timer(chan);
2310 2311
2311 BT_DBG("unacked_frames %d", (int) chan->unacked_frames); 2312 BT_DBG("unacked_frames %u", chan->unacked_frames);
2312} 2313}
2313 2314
2314static void l2cap_abort_rx_srej_sent(struct l2cap_chan *chan) 2315static void l2cap_abort_rx_srej_sent(struct l2cap_chan *chan)
@@ -2534,16 +2535,16 @@ static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
2534} 2535}
2535 2536
2536/* ---- L2CAP signalling commands ---- */ 2537/* ---- L2CAP signalling commands ---- */
2537static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn, 2538static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn, u8 code,
2538 u8 code, u8 ident, u16 dlen, void *data) 2539 u8 ident, u16 dlen, void *data)
2539{ 2540{
2540 struct sk_buff *skb, **frag; 2541 struct sk_buff *skb, **frag;
2541 struct l2cap_cmd_hdr *cmd; 2542 struct l2cap_cmd_hdr *cmd;
2542 struct l2cap_hdr *lh; 2543 struct l2cap_hdr *lh;
2543 int len, count; 2544 int len, count;
2544 2545
2545 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d", 2546 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %u",
2546 conn, code, ident, dlen); 2547 conn, code, ident, dlen);
2547 2548
2548 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen; 2549 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
2549 count = min_t(unsigned int, conn->mtu, len); 2550 count = min_t(unsigned int, conn->mtu, len);
@@ -2626,7 +2627,7 @@ static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned
2626 break; 2627 break;
2627 } 2628 }
2628 2629
2629 BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val); 2630 BT_DBG("type 0x%2.2x len %u val 0x%lx", *type, opt->len, *val);
2630 return len; 2631 return len;
2631} 2632}
2632 2633
@@ -2634,7 +2635,7 @@ static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
2634{ 2635{
2635 struct l2cap_conf_opt *opt = *ptr; 2636 struct l2cap_conf_opt *opt = *ptr;
2636 2637
2637 BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val); 2638 BT_DBG("type 0x%2.2x len %u val 0x%lx", type, len, val);
2638 2639
2639 opt->type = type; 2640 opt->type = type;
2640 opt->len = len; 2641 opt->len = len;
@@ -2786,6 +2787,7 @@ static inline void l2cap_txwin_setup(struct l2cap_chan *chan)
2786 L2CAP_DEFAULT_TX_WINDOW); 2787 L2CAP_DEFAULT_TX_WINDOW);
2787 chan->tx_win_max = L2CAP_DEFAULT_TX_WINDOW; 2788 chan->tx_win_max = L2CAP_DEFAULT_TX_WINDOW;
2788 } 2789 }
2790 chan->ack_win = chan->tx_win;
2789} 2791}
2790 2792
2791static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data) 2793static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data)
@@ -3175,10 +3177,9 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, voi
3175 break; 3177 break;
3176 3178
3177 case L2CAP_CONF_EWS: 3179 case L2CAP_CONF_EWS:
3178 chan->tx_win = min_t(u16, val, 3180 chan->ack_win = min_t(u16, val, chan->ack_win);
3179 L2CAP_DEFAULT_EXT_WINDOW);
3180 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EWS, 2, 3181 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EWS, 2,
3181 chan->tx_win); 3182 chan->tx_win);
3182 break; 3183 break;
3183 3184
3184 case L2CAP_CONF_EFS: 3185 case L2CAP_CONF_EFS:
@@ -3207,6 +3208,9 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, voi
3207 chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout); 3208 chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
3208 chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout); 3209 chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
3209 chan->mps = le16_to_cpu(rfc.max_pdu_size); 3210 chan->mps = le16_to_cpu(rfc.max_pdu_size);
3211 if (!test_bit(FLAG_EXT_CTRL, &chan->flags))
3212 chan->ack_win = min_t(u16, chan->ack_win,
3213 rfc.txwin_size);
3210 3214
3211 if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) { 3215 if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) {
3212 chan->local_msdu = le16_to_cpu(efs.msdu); 3216 chan->local_msdu = le16_to_cpu(efs.msdu);
@@ -3268,7 +3272,17 @@ static void l2cap_conf_rfc_get(struct l2cap_chan *chan, void *rsp, int len)
3268{ 3272{
3269 int type, olen; 3273 int type, olen;
3270 unsigned long val; 3274 unsigned long val;
3271 struct l2cap_conf_rfc rfc; 3275 /* Use sane default values in case a misbehaving remote device
3276 * did not send an RFC or extended window size option.
3277 */
3278 u16 txwin_ext = chan->ack_win;
3279 struct l2cap_conf_rfc rfc = {
3280 .mode = chan->mode,
3281 .retrans_timeout = __constant_cpu_to_le16(L2CAP_DEFAULT_RETRANS_TO),
3282 .monitor_timeout = __constant_cpu_to_le16(L2CAP_DEFAULT_MONITOR_TO),
3283 .max_pdu_size = cpu_to_le16(chan->imtu),
3284 .txwin_size = min_t(u16, chan->ack_win, L2CAP_DEFAULT_TX_WINDOW),
3285 };
3272 3286
3273 BT_DBG("chan %p, rsp %p, len %d", chan, rsp, len); 3287 BT_DBG("chan %p, rsp %p, len %d", chan, rsp, len);
3274 3288
@@ -3278,32 +3292,27 @@ static void l2cap_conf_rfc_get(struct l2cap_chan *chan, void *rsp, int len)
3278 while (len >= L2CAP_CONF_OPT_SIZE) { 3292 while (len >= L2CAP_CONF_OPT_SIZE) {
3279 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val); 3293 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
3280 3294
3281 if (type != L2CAP_CONF_RFC) 3295 switch (type) {
3282 continue; 3296 case L2CAP_CONF_RFC:
3283 3297 if (olen == sizeof(rfc))
3284 if (olen != sizeof(rfc)) 3298 memcpy(&rfc, (void *)val, olen);
3285 break; 3299 break;
3286 3300 case L2CAP_CONF_EWS:
3287 memcpy(&rfc, (void *)val, olen); 3301 txwin_ext = val;
3288 goto done; 3302 break;
3303 }
3289 } 3304 }
3290 3305
3291 /* Use sane default values in case a misbehaving remote device
3292 * did not send an RFC option.
3293 */
3294 rfc.mode = chan->mode;
3295 rfc.retrans_timeout = __constant_cpu_to_le16(L2CAP_DEFAULT_RETRANS_TO);
3296 rfc.monitor_timeout = __constant_cpu_to_le16(L2CAP_DEFAULT_MONITOR_TO);
3297 rfc.max_pdu_size = cpu_to_le16(chan->imtu);
3298
3299 BT_ERR("Expected RFC option was not found, using defaults");
3300
3301done:
3302 switch (rfc.mode) { 3306 switch (rfc.mode) {
3303 case L2CAP_MODE_ERTM: 3307 case L2CAP_MODE_ERTM:
3304 chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout); 3308 chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
3305 chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout); 3309 chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
3306 chan->mps = le16_to_cpu(rfc.max_pdu_size); 3310 chan->mps = le16_to_cpu(rfc.max_pdu_size);
3311 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
3312 chan->ack_win = min_t(u16, chan->ack_win, txwin_ext);
3313 else
3314 chan->ack_win = min_t(u16, chan->ack_win,
3315 rfc.txwin_size);
3307 break; 3316 break;
3308 case L2CAP_MODE_STREAMING: 3317 case L2CAP_MODE_STREAMING:
3309 chan->mps = le16_to_cpu(rfc.max_pdu_size); 3318 chan->mps = le16_to_cpu(rfc.max_pdu_size);
@@ -3949,7 +3958,7 @@ static inline int l2cap_create_channel_req(struct l2cap_conn *conn,
3949 psm = le16_to_cpu(req->psm); 3958 psm = le16_to_cpu(req->psm);
3950 scid = le16_to_cpu(req->scid); 3959 scid = le16_to_cpu(req->scid);
3951 3960
3952 BT_DBG("psm %d, scid %d, amp_id %d", psm, scid, req->amp_id); 3961 BT_DBG("psm 0x%2.2x, scid 0x%4.4x, amp_id %d", psm, scid, req->amp_id);
3953 3962
3954 /* Placeholder: Always reject */ 3963 /* Placeholder: Always reject */
3955 rsp.dcid = 0; 3964 rsp.dcid = 0;
@@ -3972,11 +3981,11 @@ static inline int l2cap_create_channel_rsp(struct l2cap_conn *conn,
3972} 3981}
3973 3982
3974static void l2cap_send_move_chan_rsp(struct l2cap_conn *conn, u8 ident, 3983static void l2cap_send_move_chan_rsp(struct l2cap_conn *conn, u8 ident,
3975 u16 icid, u16 result) 3984 u16 icid, u16 result)
3976{ 3985{
3977 struct l2cap_move_chan_rsp rsp; 3986 struct l2cap_move_chan_rsp rsp;
3978 3987
3979 BT_DBG("icid %d, result %d", icid, result); 3988 BT_DBG("icid 0x%4.4x, result 0x%4.4x", icid, result);
3980 3989
3981 rsp.icid = cpu_to_le16(icid); 3990 rsp.icid = cpu_to_le16(icid);
3982 rsp.result = cpu_to_le16(result); 3991 rsp.result = cpu_to_le16(result);
@@ -3985,12 +3994,13 @@ static void l2cap_send_move_chan_rsp(struct l2cap_conn *conn, u8 ident,
3985} 3994}
3986 3995
3987static void l2cap_send_move_chan_cfm(struct l2cap_conn *conn, 3996static void l2cap_send_move_chan_cfm(struct l2cap_conn *conn,
3988 struct l2cap_chan *chan, u16 icid, u16 result) 3997 struct l2cap_chan *chan,
3998 u16 icid, u16 result)
3989{ 3999{
3990 struct l2cap_move_chan_cfm cfm; 4000 struct l2cap_move_chan_cfm cfm;
3991 u8 ident; 4001 u8 ident;
3992 4002
3993 BT_DBG("icid %d, result %d", icid, result); 4003 BT_DBG("icid 0x%4.4x, result 0x%4.4x", icid, result);
3994 4004
3995 ident = l2cap_get_ident(conn); 4005 ident = l2cap_get_ident(conn);
3996 if (chan) 4006 if (chan)
@@ -4003,18 +4013,19 @@ static void l2cap_send_move_chan_cfm(struct l2cap_conn *conn,
4003} 4013}
4004 4014
4005static void l2cap_send_move_chan_cfm_rsp(struct l2cap_conn *conn, u8 ident, 4015static void l2cap_send_move_chan_cfm_rsp(struct l2cap_conn *conn, u8 ident,
4006 u16 icid) 4016 u16 icid)
4007{ 4017{
4008 struct l2cap_move_chan_cfm_rsp rsp; 4018 struct l2cap_move_chan_cfm_rsp rsp;
4009 4019
4010 BT_DBG("icid %d", icid); 4020 BT_DBG("icid 0x%4.4x", icid);
4011 4021
4012 rsp.icid = cpu_to_le16(icid); 4022 rsp.icid = cpu_to_le16(icid);
4013 l2cap_send_cmd(conn, ident, L2CAP_MOVE_CHAN_CFM_RSP, sizeof(rsp), &rsp); 4023 l2cap_send_cmd(conn, ident, L2CAP_MOVE_CHAN_CFM_RSP, sizeof(rsp), &rsp);
4014} 4024}
4015 4025
4016static inline int l2cap_move_channel_req(struct l2cap_conn *conn, 4026static inline int l2cap_move_channel_req(struct l2cap_conn *conn,
4017 struct l2cap_cmd_hdr *cmd, u16 cmd_len, void *data) 4027 struct l2cap_cmd_hdr *cmd,
4028 u16 cmd_len, void *data)
4018{ 4029{
4019 struct l2cap_move_chan_req *req = data; 4030 struct l2cap_move_chan_req *req = data;
4020 u16 icid = 0; 4031 u16 icid = 0;
@@ -4025,7 +4036,7 @@ static inline int l2cap_move_channel_req(struct l2cap_conn *conn,
4025 4036
4026 icid = le16_to_cpu(req->icid); 4037 icid = le16_to_cpu(req->icid);
4027 4038
4028 BT_DBG("icid %d, dest_amp_id %d", icid, req->dest_amp_id); 4039 BT_DBG("icid 0x%4.4x, dest_amp_id %d", icid, req->dest_amp_id);
4029 4040
4030 if (!enable_hs) 4041 if (!enable_hs)
4031 return -EINVAL; 4042 return -EINVAL;
@@ -4037,7 +4048,8 @@ static inline int l2cap_move_channel_req(struct l2cap_conn *conn,
4037} 4048}
4038 4049
4039static inline int l2cap_move_channel_rsp(struct l2cap_conn *conn, 4050static inline int l2cap_move_channel_rsp(struct l2cap_conn *conn,
4040 struct l2cap_cmd_hdr *cmd, u16 cmd_len, void *data) 4051 struct l2cap_cmd_hdr *cmd,
4052 u16 cmd_len, void *data)
4041{ 4053{
4042 struct l2cap_move_chan_rsp *rsp = data; 4054 struct l2cap_move_chan_rsp *rsp = data;
4043 u16 icid, result; 4055 u16 icid, result;
@@ -4048,7 +4060,7 @@ static inline int l2cap_move_channel_rsp(struct l2cap_conn *conn,
4048 icid = le16_to_cpu(rsp->icid); 4060 icid = le16_to_cpu(rsp->icid);
4049 result = le16_to_cpu(rsp->result); 4061 result = le16_to_cpu(rsp->result);
4050 4062
4051 BT_DBG("icid %d, result %d", icid, result); 4063 BT_DBG("icid 0x%4.4x, result 0x%4.4x", icid, result);
4052 4064
4053 /* Placeholder: Always unconfirmed */ 4065 /* Placeholder: Always unconfirmed */
4054 l2cap_send_move_chan_cfm(conn, NULL, icid, L2CAP_MC_UNCONFIRMED); 4066 l2cap_send_move_chan_cfm(conn, NULL, icid, L2CAP_MC_UNCONFIRMED);
@@ -4057,7 +4069,8 @@ static inline int l2cap_move_channel_rsp(struct l2cap_conn *conn,
4057} 4069}
4058 4070
4059static inline int l2cap_move_channel_confirm(struct l2cap_conn *conn, 4071static inline int l2cap_move_channel_confirm(struct l2cap_conn *conn,
4060 struct l2cap_cmd_hdr *cmd, u16 cmd_len, void *data) 4072 struct l2cap_cmd_hdr *cmd,
4073 u16 cmd_len, void *data)
4061{ 4074{
4062 struct l2cap_move_chan_cfm *cfm = data; 4075 struct l2cap_move_chan_cfm *cfm = data;
4063 u16 icid, result; 4076 u16 icid, result;
@@ -4068,7 +4081,7 @@ static inline int l2cap_move_channel_confirm(struct l2cap_conn *conn,
4068 icid = le16_to_cpu(cfm->icid); 4081 icid = le16_to_cpu(cfm->icid);
4069 result = le16_to_cpu(cfm->result); 4082 result = le16_to_cpu(cfm->result);
4070 4083
4071 BT_DBG("icid %d, result %d", icid, result); 4084 BT_DBG("icid 0x%4.4x, result 0x%4.4x", icid, result);
4072 4085
4073 l2cap_send_move_chan_cfm_rsp(conn, cmd->ident, icid); 4086 l2cap_send_move_chan_cfm_rsp(conn, cmd->ident, icid);
4074 4087
@@ -4076,7 +4089,8 @@ static inline int l2cap_move_channel_confirm(struct l2cap_conn *conn,
4076} 4089}
4077 4090
4078static inline int l2cap_move_channel_confirm_rsp(struct l2cap_conn *conn, 4091static inline int l2cap_move_channel_confirm_rsp(struct l2cap_conn *conn,
4079 struct l2cap_cmd_hdr *cmd, u16 cmd_len, void *data) 4092 struct l2cap_cmd_hdr *cmd,
4093 u16 cmd_len, void *data)
4080{ 4094{
4081 struct l2cap_move_chan_cfm_rsp *rsp = data; 4095 struct l2cap_move_chan_cfm_rsp *rsp = data;
4082 u16 icid; 4096 u16 icid;
@@ -4086,7 +4100,7 @@ static inline int l2cap_move_channel_confirm_rsp(struct l2cap_conn *conn,
4086 4100
4087 icid = le16_to_cpu(rsp->icid); 4101 icid = le16_to_cpu(rsp->icid);
4088 4102
4089 BT_DBG("icid %d", icid); 4103 BT_DBG("icid 0x%4.4x", icid);
4090 4104
4091 return 0; 4105 return 0;
4092} 4106}
@@ -5374,7 +5388,7 @@ int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
5374 if (!conn) 5388 if (!conn)
5375 return 0; 5389 return 0;
5376 5390
5377 BT_DBG("conn %p", conn); 5391 BT_DBG("conn %p status 0x%2.2x encrypt %u", conn, status, encrypt);
5378 5392
5379 if (hcon->type == LE_LINK) { 5393 if (hcon->type == LE_LINK) {
5380 if (!status && encrypt) 5394 if (!status && encrypt)
@@ -5387,7 +5401,8 @@ int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
5387 list_for_each_entry(chan, &conn->chan_l, list) { 5401 list_for_each_entry(chan, &conn->chan_l, list) {
5388 l2cap_chan_lock(chan); 5402 l2cap_chan_lock(chan);
5389 5403
5390 BT_DBG("chan->scid %d", chan->scid); 5404 BT_DBG("chan %p scid 0x%4.4x state %s", chan, chan->scid,
5405 state_to_string(chan->state));
5391 5406
5392 if (chan->scid == L2CAP_CID_LE_DATA) { 5407 if (chan->scid == L2CAP_CID_LE_DATA) {
5393 if (!status && encrypt) { 5408 if (!status && encrypt) {
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index a6e0f3d8da6..ad6613d17ca 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -210,7 +210,7 @@ static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
210 210
211 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status); 211 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
212 212
213 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC); 213 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
214 if (!skb) 214 if (!skb)
215 return -ENOMEM; 215 return -ENOMEM;
216 216
@@ -241,7 +241,7 @@ static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
241 241
242 BT_DBG("sock %p", sk); 242 BT_DBG("sock %p", sk);
243 243
244 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC); 244 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
245 if (!skb) 245 if (!skb)
246 return -ENOMEM; 246 return -ENOMEM;
247 247
@@ -687,14 +687,14 @@ static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
687{ 687{
688 struct pending_cmd *cmd; 688 struct pending_cmd *cmd;
689 689
690 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC); 690 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
691 if (!cmd) 691 if (!cmd)
692 return NULL; 692 return NULL;
693 693
694 cmd->opcode = opcode; 694 cmd->opcode = opcode;
695 cmd->index = hdev->id; 695 cmd->index = hdev->id;
696 696
697 cmd->param = kmalloc(len, GFP_ATOMIC); 697 cmd->param = kmalloc(len, GFP_KERNEL);
698 if (!cmd->param) { 698 if (!cmd->param) {
699 kfree(cmd); 699 kfree(cmd);
700 return NULL; 700 return NULL;
@@ -812,7 +812,7 @@ static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
812 struct sk_buff *skb; 812 struct sk_buff *skb;
813 struct mgmt_hdr *hdr; 813 struct mgmt_hdr *hdr;
814 814
815 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC); 815 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
816 if (!skb) 816 if (!skb)
817 return -ENOMEM; 817 return -ENOMEM;
818 818
@@ -1268,7 +1268,7 @@ static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1268 goto failed; 1268 goto failed;
1269 } 1269 }
1270 1270
1271 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC); 1271 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
1272 if (!uuid) { 1272 if (!uuid) {
1273 err = -ENOMEM; 1273 err = -ENOMEM;
1274 goto failed; 1274 goto failed;
@@ -1611,7 +1611,7 @@ static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
1611 } 1611 }
1612 1612
1613 dc.handle = cpu_to_le16(conn->handle); 1613 dc.handle = cpu_to_le16(conn->handle);
1614 dc.reason = 0x13; /* Remote User Terminated Connection */ 1614 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
1615 1615
1616 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc); 1616 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1617 if (err < 0) 1617 if (err < 0)
@@ -1667,7 +1667,7 @@ static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
1667 } 1667 }
1668 1668
1669 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info)); 1669 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1670 rp = kmalloc(rp_len, GFP_ATOMIC); 1670 rp = kmalloc(rp_len, GFP_KERNEL);
1671 if (!rp) { 1671 if (!rp) {
1672 err = -ENOMEM; 1672 err = -ENOMEM;
1673 goto unlock; 1673 goto unlock;
@@ -1778,29 +1778,6 @@ failed:
1778 return err; 1778 return err;
1779} 1779}
1780 1780
1781static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
1782 void *data, u16 len)
1783{
1784 struct mgmt_cp_pin_code_neg_reply *cp = data;
1785 int err;
1786
1787 BT_DBG("");
1788
1789 hci_dev_lock(hdev);
1790
1791 if (!hdev_is_powered(hdev)) {
1792 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
1793 MGMT_STATUS_NOT_POWERED);
1794 goto failed;
1795 }
1796
1797 err = send_pin_code_neg_reply(sk, hdev, cp);
1798
1799failed:
1800 hci_dev_unlock(hdev);
1801 return err;
1802}
1803
1804static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data, 1781static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
1805 u16 len) 1782 u16 len)
1806{ 1783{
@@ -2083,6 +2060,18 @@ done:
2083 return err; 2060 return err;
2084} 2061}
2085 2062
2063static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2064 void *data, u16 len)
2065{
2066 struct mgmt_cp_pin_code_neg_reply *cp = data;
2067
2068 BT_DBG("");
2069
2070 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2071 MGMT_OP_PIN_CODE_NEG_REPLY,
2072 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2073}
2074
2086static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data, 2075static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2087 u16 len) 2076 u16 len)
2088{ 2077{
@@ -2607,8 +2596,8 @@ static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
2607 if (cp->val) { 2596 if (cp->val) {
2608 type = PAGE_SCAN_TYPE_INTERLACED; 2597 type = PAGE_SCAN_TYPE_INTERLACED;
2609 2598
2610 /* 22.5 msec page scan interval */ 2599 /* 160 msec page scan interval */
2611 acp.interval = __constant_cpu_to_le16(0x0024); 2600 acp.interval = __constant_cpu_to_le16(0x0100);
2612 } else { 2601 } else {
2613 type = PAGE_SCAN_TYPE_STANDARD; /* default */ 2602 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2614 2603
@@ -3546,9 +3535,9 @@ int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3546 ev->addr.type = link_to_bdaddr(link_type, addr_type); 3535 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3547 ev->rssi = rssi; 3536 ev->rssi = rssi;
3548 if (cfm_name) 3537 if (cfm_name)
3549 ev->flags[0] |= MGMT_DEV_FOUND_CONFIRM_NAME; 3538 ev->flags |= cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
3550 if (!ssp) 3539 if (!ssp)
3551 ev->flags[0] |= MGMT_DEV_FOUND_LEGACY_PAIRING; 3540 ev->flags |= cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
3552 3541
3553 if (eir_len > 0) 3542 if (eir_len > 0)
3554 memcpy(ev->eir, eir, eir_len); 3543 memcpy(ev->eir, eir, eir_len);
@@ -3558,7 +3547,6 @@ int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3558 dev_class, 3); 3547 dev_class, 3);
3559 3548
3560 ev->eir_len = cpu_to_le16(eir_len); 3549 ev->eir_len = cpu_to_le16(eir_len);
3561
3562 ev_size = sizeof(*ev) + eir_len; 3550 ev_size = sizeof(*ev) + eir_len;
3563 3551
3564 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL); 3552 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
diff --git a/net/mac80211/agg-tx.c b/net/mac80211/agg-tx.c
index 5cc1bf7d803..d0deb3edae2 100644
--- a/net/mac80211/agg-tx.c
+++ b/net/mac80211/agg-tx.c
@@ -135,7 +135,8 @@ void ieee80211_send_bar(struct ieee80211_vif *vif, u8 *ra, u16 tid, u16 ssn)
135 bar->control = cpu_to_le16(bar_control); 135 bar->control = cpu_to_le16(bar_control);
136 bar->start_seq_num = cpu_to_le16(ssn); 136 bar->start_seq_num = cpu_to_le16(ssn);
137 137
138 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 138 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT |
139 IEEE80211_TX_CTL_REQ_TX_STATUS;
139 ieee80211_tx_skb_tid(sdata, skb, tid); 140 ieee80211_tx_skb_tid(sdata, skb, tid);
140} 141}
141EXPORT_SYMBOL(ieee80211_send_bar); 142EXPORT_SYMBOL(ieee80211_send_bar);
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index ccbe2413142..d41974aacf5 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -20,31 +20,31 @@
20#include "rate.h" 20#include "rate.h"
21#include "mesh.h" 21#include "mesh.h"
22 22
23static struct net_device *ieee80211_add_iface(struct wiphy *wiphy, char *name, 23static struct wireless_dev *ieee80211_add_iface(struct wiphy *wiphy, char *name,
24 enum nl80211_iftype type, 24 enum nl80211_iftype type,
25 u32 *flags, 25 u32 *flags,
26 struct vif_params *params) 26 struct vif_params *params)
27{ 27{
28 struct ieee80211_local *local = wiphy_priv(wiphy); 28 struct ieee80211_local *local = wiphy_priv(wiphy);
29 struct net_device *dev; 29 struct wireless_dev *wdev;
30 struct ieee80211_sub_if_data *sdata; 30 struct ieee80211_sub_if_data *sdata;
31 int err; 31 int err;
32 32
33 err = ieee80211_if_add(local, name, &dev, type, params); 33 err = ieee80211_if_add(local, name, &wdev, type, params);
34 if (err) 34 if (err)
35 return ERR_PTR(err); 35 return ERR_PTR(err);
36 36
37 if (type == NL80211_IFTYPE_MONITOR && flags) { 37 if (type == NL80211_IFTYPE_MONITOR && flags) {
38 sdata = IEEE80211_DEV_TO_SUB_IF(dev); 38 sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
39 sdata->u.mntr_flags = *flags; 39 sdata->u.mntr_flags = *flags;
40 } 40 }
41 41
42 return dev; 42 return wdev;
43} 43}
44 44
45static int ieee80211_del_iface(struct wiphy *wiphy, struct net_device *dev) 45static int ieee80211_del_iface(struct wiphy *wiphy, struct wireless_dev *wdev)
46{ 46{
47 ieee80211_if_remove(IEEE80211_DEV_TO_SUB_IF(dev)); 47 ieee80211_if_remove(IEEE80211_WDEV_TO_SUB_IF(wdev));
48 48
49 return 0; 49 return 0;
50} 50}
@@ -917,6 +917,7 @@ static int ieee80211_stop_ap(struct wiphy *wiphy, struct net_device *dev)
917 917
918 kfree_rcu(old, rcu_head); 918 kfree_rcu(old, rcu_head);
919 919
920 sta_info_flush(sdata->local, sdata);
920 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON_ENABLED); 921 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON_ENABLED);
921 922
922 return 0; 923 return 0;
@@ -1741,6 +1742,8 @@ static int ieee80211_set_txq_params(struct wiphy *wiphy,
1741 return -EINVAL; 1742 return -EINVAL;
1742 } 1743 }
1743 1744
1745 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_QOS);
1746
1744 return 0; 1747 return 0;
1745} 1748}
1746 1749
@@ -1761,10 +1764,11 @@ static int ieee80211_resume(struct wiphy *wiphy)
1761#endif 1764#endif
1762 1765
1763static int ieee80211_scan(struct wiphy *wiphy, 1766static int ieee80211_scan(struct wiphy *wiphy,
1764 struct net_device *dev,
1765 struct cfg80211_scan_request *req) 1767 struct cfg80211_scan_request *req)
1766{ 1768{
1767 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1769 struct ieee80211_sub_if_data *sdata;
1770
1771 sdata = IEEE80211_WDEV_TO_SUB_IF(req->wdev);
1768 1772
1769 switch (ieee80211_vif_type_p2p(&sdata->vif)) { 1773 switch (ieee80211_vif_type_p2p(&sdata->vif)) {
1770 case NL80211_IFTYPE_STATION: 1774 case NL80211_IFTYPE_STATION:
@@ -2297,13 +2301,13 @@ static int ieee80211_start_roc_work(struct ieee80211_local *local,
2297} 2301}
2298 2302
2299static int ieee80211_remain_on_channel(struct wiphy *wiphy, 2303static int ieee80211_remain_on_channel(struct wiphy *wiphy,
2300 struct net_device *dev, 2304 struct wireless_dev *wdev,
2301 struct ieee80211_channel *chan, 2305 struct ieee80211_channel *chan,
2302 enum nl80211_channel_type channel_type, 2306 enum nl80211_channel_type channel_type,
2303 unsigned int duration, 2307 unsigned int duration,
2304 u64 *cookie) 2308 u64 *cookie)
2305{ 2309{
2306 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 2310 struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
2307 struct ieee80211_local *local = sdata->local; 2311 struct ieee80211_local *local = sdata->local;
2308 int ret; 2312 int ret;
2309 2313
@@ -2390,23 +2394,23 @@ static int ieee80211_cancel_roc(struct ieee80211_local *local,
2390} 2394}
2391 2395
2392static int ieee80211_cancel_remain_on_channel(struct wiphy *wiphy, 2396static int ieee80211_cancel_remain_on_channel(struct wiphy *wiphy,
2393 struct net_device *dev, 2397 struct wireless_dev *wdev,
2394 u64 cookie) 2398 u64 cookie)
2395{ 2399{
2396 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 2400 struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
2397 struct ieee80211_local *local = sdata->local; 2401 struct ieee80211_local *local = sdata->local;
2398 2402
2399 return ieee80211_cancel_roc(local, cookie, false); 2403 return ieee80211_cancel_roc(local, cookie, false);
2400} 2404}
2401 2405
2402static int ieee80211_mgmt_tx(struct wiphy *wiphy, struct net_device *dev, 2406static int ieee80211_mgmt_tx(struct wiphy *wiphy, struct wireless_dev *wdev,
2403 struct ieee80211_channel *chan, bool offchan, 2407 struct ieee80211_channel *chan, bool offchan,
2404 enum nl80211_channel_type channel_type, 2408 enum nl80211_channel_type channel_type,
2405 bool channel_type_valid, unsigned int wait, 2409 bool channel_type_valid, unsigned int wait,
2406 const u8 *buf, size_t len, bool no_cck, 2410 const u8 *buf, size_t len, bool no_cck,
2407 bool dont_wait_for_ack, u64 *cookie) 2411 bool dont_wait_for_ack, u64 *cookie)
2408{ 2412{
2409 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 2413 struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
2410 struct ieee80211_local *local = sdata->local; 2414 struct ieee80211_local *local = sdata->local;
2411 struct sk_buff *skb; 2415 struct sk_buff *skb;
2412 struct sta_info *sta; 2416 struct sta_info *sta;
@@ -2490,6 +2494,7 @@ static int ieee80211_mgmt_tx(struct wiphy *wiphy, struct net_device *dev,
2490 skb->dev = sdata->dev; 2494 skb->dev = sdata->dev;
2491 2495
2492 if (!need_offchan) { 2496 if (!need_offchan) {
2497 *cookie = (unsigned long) skb;
2493 ieee80211_tx_skb(sdata, skb); 2498 ieee80211_tx_skb(sdata, skb);
2494 ret = 0; 2499 ret = 0;
2495 goto out_unlock; 2500 goto out_unlock;
@@ -2511,21 +2516,20 @@ static int ieee80211_mgmt_tx(struct wiphy *wiphy, struct net_device *dev,
2511} 2516}
2512 2517
2513static int ieee80211_mgmt_tx_cancel_wait(struct wiphy *wiphy, 2518static int ieee80211_mgmt_tx_cancel_wait(struct wiphy *wiphy,
2514 struct net_device *dev, 2519 struct wireless_dev *wdev,
2515 u64 cookie) 2520 u64 cookie)
2516{ 2521{
2517 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 2522 struct ieee80211_local *local = wiphy_priv(wiphy);
2518 struct ieee80211_local *local = sdata->local;
2519 2523
2520 return ieee80211_cancel_roc(local, cookie, true); 2524 return ieee80211_cancel_roc(local, cookie, true);
2521} 2525}
2522 2526
2523static void ieee80211_mgmt_frame_register(struct wiphy *wiphy, 2527static void ieee80211_mgmt_frame_register(struct wiphy *wiphy,
2524 struct net_device *dev, 2528 struct wireless_dev *wdev,
2525 u16 frame_type, bool reg) 2529 u16 frame_type, bool reg)
2526{ 2530{
2527 struct ieee80211_local *local = wiphy_priv(wiphy); 2531 struct ieee80211_local *local = wiphy_priv(wiphy);
2528 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 2532 struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
2529 2533
2530 switch (frame_type) { 2534 switch (frame_type) {
2531 case IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_AUTH: 2535 case IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_AUTH:
@@ -2980,14 +2984,14 @@ static int ieee80211_probe_client(struct wiphy *wiphy, struct net_device *dev,
2980 return 0; 2984 return 0;
2981} 2985}
2982 2986
2983static void ieee80211_set_monitor_enabled(struct wiphy *wiphy, bool enabled) 2987static struct ieee80211_channel *
2988ieee80211_cfg_get_channel(struct wiphy *wiphy, struct wireless_dev *wdev,
2989 enum nl80211_channel_type *type)
2984{ 2990{
2985 struct ieee80211_local *local = wiphy_priv(wiphy); 2991 struct ieee80211_local *local = wiphy_priv(wiphy);
2986 2992
2987 if (enabled) 2993 *type = local->_oper_channel_type;
2988 WARN_ON(ieee80211_add_virtual_monitor(local)); 2994 return local->oper_channel;
2989 else
2990 ieee80211_del_virtual_monitor(local);
2991} 2995}
2992 2996
2993#ifdef CONFIG_PM 2997#ifdef CONFIG_PM
@@ -3064,11 +3068,11 @@ struct cfg80211_ops mac80211_config_ops = {
3064 .tdls_mgmt = ieee80211_tdls_mgmt, 3068 .tdls_mgmt = ieee80211_tdls_mgmt,
3065 .probe_client = ieee80211_probe_client, 3069 .probe_client = ieee80211_probe_client,
3066 .set_noack_map = ieee80211_set_noack_map, 3070 .set_noack_map = ieee80211_set_noack_map,
3067 .set_monitor_enabled = ieee80211_set_monitor_enabled,
3068#ifdef CONFIG_PM 3071#ifdef CONFIG_PM
3069 .set_wakeup = ieee80211_set_wakeup, 3072 .set_wakeup = ieee80211_set_wakeup,
3070#endif 3073#endif
3071 .get_et_sset_count = ieee80211_get_et_sset_count, 3074 .get_et_sset_count = ieee80211_get_et_sset_count,
3072 .get_et_stats = ieee80211_get_et_stats, 3075 .get_et_stats = ieee80211_get_et_stats,
3073 .get_et_strings = ieee80211_get_et_strings, 3076 .get_et_strings = ieee80211_get_et_strings,
3077 .get_channel = ieee80211_cfg_get_channel,
3074}; 3078};
diff --git a/net/mac80211/debugfs.c b/net/mac80211/debugfs.c
index 778e5916d7c..b8dfb440c8e 100644
--- a/net/mac80211/debugfs.c
+++ b/net/mac80211/debugfs.c
@@ -325,8 +325,6 @@ void debugfs_hw_add(struct ieee80211_local *local)
325 local->rx_handlers_drop_defrag); 325 local->rx_handlers_drop_defrag);
326 DEBUGFS_STATS_ADD(rx_handlers_drop_short, 326 DEBUGFS_STATS_ADD(rx_handlers_drop_short,
327 local->rx_handlers_drop_short); 327 local->rx_handlers_drop_short);
328 DEBUGFS_STATS_ADD(rx_handlers_drop_passive_scan,
329 local->rx_handlers_drop_passive_scan);
330 DEBUGFS_STATS_ADD(tx_expand_skb_head, 328 DEBUGFS_STATS_ADD(tx_expand_skb_head,
331 local->tx_expand_skb_head); 329 local->tx_expand_skb_head);
332 DEBUGFS_STATS_ADD(tx_expand_skb_head_cloned, 330 DEBUGFS_STATS_ADD(tx_expand_skb_head_cloned,
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index e0423f8c0ce..bb61f7718c4 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -85,6 +85,8 @@ struct ieee80211_bss {
85 size_t ssid_len; 85 size_t ssid_len;
86 u8 ssid[IEEE80211_MAX_SSID_LEN]; 86 u8 ssid[IEEE80211_MAX_SSID_LEN];
87 87
88 u32 device_ts;
89
88 u8 dtim_period; 90 u8 dtim_period;
89 91
90 bool wmm_used; 92 bool wmm_used;
@@ -207,7 +209,6 @@ typedef unsigned __bitwise__ ieee80211_rx_result;
207 * enum ieee80211_packet_rx_flags - packet RX flags 209 * enum ieee80211_packet_rx_flags - packet RX flags
208 * @IEEE80211_RX_RA_MATCH: frame is destined to interface currently processed 210 * @IEEE80211_RX_RA_MATCH: frame is destined to interface currently processed
209 * (incl. multicast frames) 211 * (incl. multicast frames)
210 * @IEEE80211_RX_IN_SCAN: received while scanning
211 * @IEEE80211_RX_FRAGMENTED: fragmented frame 212 * @IEEE80211_RX_FRAGMENTED: fragmented frame
212 * @IEEE80211_RX_AMSDU: a-MSDU packet 213 * @IEEE80211_RX_AMSDU: a-MSDU packet
213 * @IEEE80211_RX_MALFORMED_ACTION_FRM: action frame is malformed 214 * @IEEE80211_RX_MALFORMED_ACTION_FRM: action frame is malformed
@@ -217,7 +218,6 @@ typedef unsigned __bitwise__ ieee80211_rx_result;
217 * @rx_flags field of &struct ieee80211_rx_status. 218 * @rx_flags field of &struct ieee80211_rx_status.
218 */ 219 */
219enum ieee80211_packet_rx_flags { 220enum ieee80211_packet_rx_flags {
220 IEEE80211_RX_IN_SCAN = BIT(0),
221 IEEE80211_RX_RA_MATCH = BIT(1), 221 IEEE80211_RX_RA_MATCH = BIT(1),
222 IEEE80211_RX_FRAGMENTED = BIT(2), 222 IEEE80211_RX_FRAGMENTED = BIT(2),
223 IEEE80211_RX_AMSDU = BIT(3), 223 IEEE80211_RX_AMSDU = BIT(3),
@@ -965,14 +965,14 @@ struct ieee80211_local {
965 int scan_channel_idx; 965 int scan_channel_idx;
966 int scan_ies_len; 966 int scan_ies_len;
967 967
968 bool sched_scanning;
969 struct ieee80211_sched_scan_ies sched_scan_ies; 968 struct ieee80211_sched_scan_ies sched_scan_ies;
970 struct work_struct sched_scan_stopped_work; 969 struct work_struct sched_scan_stopped_work;
970 struct ieee80211_sub_if_data __rcu *sched_scan_sdata;
971 971
972 unsigned long leave_oper_channel_time; 972 unsigned long leave_oper_channel_time;
973 enum mac80211_scan_state next_scan_state; 973 enum mac80211_scan_state next_scan_state;
974 struct delayed_work scan_work; 974 struct delayed_work scan_work;
975 struct ieee80211_sub_if_data *scan_sdata; 975 struct ieee80211_sub_if_data __rcu *scan_sdata;
976 enum nl80211_channel_type _oper_channel_type; 976 enum nl80211_channel_type _oper_channel_type;
977 struct ieee80211_channel *oper_channel, *csa_channel; 977 struct ieee80211_channel *oper_channel, *csa_channel;
978 978
@@ -1014,7 +1014,6 @@ struct ieee80211_local {
1014 unsigned int rx_handlers_drop_nullfunc; 1014 unsigned int rx_handlers_drop_nullfunc;
1015 unsigned int rx_handlers_drop_defrag; 1015 unsigned int rx_handlers_drop_defrag;
1016 unsigned int rx_handlers_drop_short; 1016 unsigned int rx_handlers_drop_short;
1017 unsigned int rx_handlers_drop_passive_scan;
1018 unsigned int tx_expand_skb_head; 1017 unsigned int tx_expand_skb_head;
1019 unsigned int tx_expand_skb_head_cloned; 1018 unsigned int tx_expand_skb_head_cloned;
1020 unsigned int rx_expand_skb_head; 1019 unsigned int rx_expand_skb_head;
@@ -1091,6 +1090,12 @@ IEEE80211_DEV_TO_SUB_IF(struct net_device *dev)
1091 return netdev_priv(dev); 1090 return netdev_priv(dev);
1092} 1091}
1093 1092
1093static inline struct ieee80211_sub_if_data *
1094IEEE80211_WDEV_TO_SUB_IF(struct wireless_dev *wdev)
1095{
1096 return container_of(wdev, struct ieee80211_sub_if_data, wdev);
1097}
1098
1094/* this struct represents 802.11n's RA/TID combination */ 1099/* this struct represents 802.11n's RA/TID combination */
1095struct ieee80211_ra_tid { 1100struct ieee80211_ra_tid {
1096 u8 ra[ETH_ALEN]; 1101 u8 ra[ETH_ALEN];
@@ -1241,8 +1246,7 @@ int ieee80211_request_scan(struct ieee80211_sub_if_data *sdata,
1241 struct cfg80211_scan_request *req); 1246 struct cfg80211_scan_request *req);
1242void ieee80211_scan_cancel(struct ieee80211_local *local); 1247void ieee80211_scan_cancel(struct ieee80211_local *local);
1243void ieee80211_run_deferred_scan(struct ieee80211_local *local); 1248void ieee80211_run_deferred_scan(struct ieee80211_local *local);
1244ieee80211_rx_result 1249void ieee80211_scan_rx(struct ieee80211_local *local, struct sk_buff *skb);
1245ieee80211_scan_rx(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb);
1246 1250
1247void ieee80211_mlme_notify_scan_completed(struct ieee80211_local *local); 1251void ieee80211_mlme_notify_scan_completed(struct ieee80211_local *local);
1248struct ieee80211_bss * 1252struct ieee80211_bss *
@@ -1278,7 +1282,7 @@ void ieee80211_handle_roc_started(struct ieee80211_roc_work *roc);
1278int ieee80211_iface_init(void); 1282int ieee80211_iface_init(void);
1279void ieee80211_iface_exit(void); 1283void ieee80211_iface_exit(void);
1280int ieee80211_if_add(struct ieee80211_local *local, const char *name, 1284int ieee80211_if_add(struct ieee80211_local *local, const char *name,
1281 struct net_device **new_dev, enum nl80211_iftype type, 1285 struct wireless_dev **new_wdev, enum nl80211_iftype type,
1282 struct vif_params *params); 1286 struct vif_params *params);
1283int ieee80211_if_change_type(struct ieee80211_sub_if_data *sdata, 1287int ieee80211_if_change_type(struct ieee80211_sub_if_data *sdata,
1284 enum nl80211_iftype type); 1288 enum nl80211_iftype type);
@@ -1487,10 +1491,6 @@ int ieee80211_add_srates_ie(struct ieee80211_sub_if_data *sdata,
1487int ieee80211_add_ext_srates_ie(struct ieee80211_sub_if_data *sdata, 1491int ieee80211_add_ext_srates_ie(struct ieee80211_sub_if_data *sdata,
1488 struct sk_buff *skb, bool need_basic); 1492 struct sk_buff *skb, bool need_basic);
1489 1493
1490/* virtual monitor */
1491int ieee80211_add_virtual_monitor(struct ieee80211_local *local);
1492void ieee80211_del_virtual_monitor(struct ieee80211_local *local);
1493
1494/* channel management */ 1494/* channel management */
1495enum ieee80211_chan_mode { 1495enum ieee80211_chan_mode {
1496 CHAN_MODE_UNDEFINED, 1496 CHAN_MODE_UNDEFINED,
diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
index fbef7a1ada7..bfb57dcc153 100644
--- a/net/mac80211/iface.c
+++ b/net/mac80211/iface.c
@@ -112,10 +112,11 @@ static u32 __ieee80211_recalc_idle(struct ieee80211_local *local)
112 } 112 }
113 } 113 }
114 114
115 if (local->scan_sdata && 115 sdata = rcu_dereference_protected(local->scan_sdata,
116 !(local->hw.flags & IEEE80211_HW_SCAN_WHILE_IDLE)) { 116 lockdep_is_held(&local->mtx));
117 if (sdata && !(local->hw.flags & IEEE80211_HW_SCAN_WHILE_IDLE)) {
117 scanning = true; 118 scanning = true;
118 local->scan_sdata->vif.bss_conf.idle = false; 119 sdata->vif.bss_conf.idle = false;
119 } 120 }
120 121
121 list_for_each_entry(sdata, &local->interfaces, list) { 122 list_for_each_entry(sdata, &local->interfaces, list) {
@@ -330,20 +331,24 @@ static void ieee80211_set_default_queues(struct ieee80211_sub_if_data *sdata)
330 sdata->vif.cab_queue = IEEE80211_INVAL_HW_QUEUE; 331 sdata->vif.cab_queue = IEEE80211_INVAL_HW_QUEUE;
331} 332}
332 333
333int ieee80211_add_virtual_monitor(struct ieee80211_local *local) 334static int ieee80211_add_virtual_monitor(struct ieee80211_local *local)
334{ 335{
335 struct ieee80211_sub_if_data *sdata; 336 struct ieee80211_sub_if_data *sdata;
336 int ret; 337 int ret = 0;
337 338
338 if (!(local->hw.flags & IEEE80211_HW_WANT_MONITOR_VIF)) 339 if (!(local->hw.flags & IEEE80211_HW_WANT_MONITOR_VIF))
339 return 0; 340 return 0;
340 341
342 mutex_lock(&local->iflist_mtx);
343
341 if (local->monitor_sdata) 344 if (local->monitor_sdata)
342 return 0; 345 goto out_unlock;
343 346
344 sdata = kzalloc(sizeof(*sdata) + local->hw.vif_data_size, GFP_KERNEL); 347 sdata = kzalloc(sizeof(*sdata) + local->hw.vif_data_size, GFP_KERNEL);
345 if (!sdata) 348 if (!sdata) {
346 return -ENOMEM; 349 ret = -ENOMEM;
350 goto out_unlock;
351 }
347 352
348 /* set up data */ 353 /* set up data */
349 sdata->local = local; 354 sdata->local = local;
@@ -357,31 +362,34 @@ int ieee80211_add_virtual_monitor(struct ieee80211_local *local)
357 if (WARN_ON(ret)) { 362 if (WARN_ON(ret)) {
358 /* ok .. stupid driver, it asked for this! */ 363 /* ok .. stupid driver, it asked for this! */
359 kfree(sdata); 364 kfree(sdata);
360 return ret; 365 goto out_unlock;
361 } 366 }
362 367
363 ret = ieee80211_check_queues(sdata); 368 ret = ieee80211_check_queues(sdata);
364 if (ret) { 369 if (ret) {
365 kfree(sdata); 370 kfree(sdata);
366 return ret; 371 goto out_unlock;
367 } 372 }
368 373
369 rcu_assign_pointer(local->monitor_sdata, sdata); 374 rcu_assign_pointer(local->monitor_sdata, sdata);
370 375 out_unlock:
371 return 0; 376 mutex_unlock(&local->iflist_mtx);
377 return ret;
372} 378}
373 379
374void ieee80211_del_virtual_monitor(struct ieee80211_local *local) 380static void ieee80211_del_virtual_monitor(struct ieee80211_local *local)
375{ 381{
376 struct ieee80211_sub_if_data *sdata; 382 struct ieee80211_sub_if_data *sdata;
377 383
378 if (!(local->hw.flags & IEEE80211_HW_WANT_MONITOR_VIF)) 384 if (!(local->hw.flags & IEEE80211_HW_WANT_MONITOR_VIF))
379 return; 385 return;
380 386
381 sdata = rtnl_dereference(local->monitor_sdata); 387 mutex_lock(&local->iflist_mtx);
382 388
389 sdata = rcu_dereference_protected(local->monitor_sdata,
390 lockdep_is_held(&local->iflist_mtx));
383 if (!sdata) 391 if (!sdata)
384 return; 392 goto out_unlock;
385 393
386 rcu_assign_pointer(local->monitor_sdata, NULL); 394 rcu_assign_pointer(local->monitor_sdata, NULL);
387 synchronize_net(); 395 synchronize_net();
@@ -389,6 +397,8 @@ void ieee80211_del_virtual_monitor(struct ieee80211_local *local)
389 drv_remove_interface(local, sdata); 397 drv_remove_interface(local, sdata);
390 398
391 kfree(sdata); 399 kfree(sdata);
400 out_unlock:
401 mutex_unlock(&local->iflist_mtx);
392} 402}
393 403
394/* 404/*
@@ -487,6 +497,12 @@ static int ieee80211_do_open(struct net_device *dev, bool coming_up)
487 break; 497 break;
488 } 498 }
489 499
500 if (local->monitors == 0 && local->open_count == 0) {
501 res = ieee80211_add_virtual_monitor(local);
502 if (res)
503 goto err_stop;
504 }
505
490 /* must be before the call to ieee80211_configure_filter */ 506 /* must be before the call to ieee80211_configure_filter */
491 local->monitors++; 507 local->monitors++;
492 if (local->monitors == 1) { 508 if (local->monitors == 1) {
@@ -501,6 +517,8 @@ static int ieee80211_do_open(struct net_device *dev, bool coming_up)
501 break; 517 break;
502 default: 518 default:
503 if (coming_up) { 519 if (coming_up) {
520 ieee80211_del_virtual_monitor(local);
521
504 res = drv_add_interface(local, sdata); 522 res = drv_add_interface(local, sdata);
505 if (res) 523 if (res)
506 goto err_stop; 524 goto err_stop;
@@ -628,7 +646,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
628 646
629 clear_bit(SDATA_STATE_RUNNING, &sdata->state); 647 clear_bit(SDATA_STATE_RUNNING, &sdata->state);
630 648
631 if (local->scan_sdata == sdata) 649 if (rcu_access_pointer(local->scan_sdata) == sdata)
632 ieee80211_scan_cancel(local); 650 ieee80211_scan_cancel(local);
633 651
634 /* 652 /*
@@ -735,6 +753,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
735 if (local->monitors == 0) { 753 if (local->monitors == 0) {
736 local->hw.conf.flags &= ~IEEE80211_CONF_MONITOR; 754 local->hw.conf.flags &= ~IEEE80211_CONF_MONITOR;
737 hw_reconf_flags |= IEEE80211_CONF_CHANGE_MONITOR; 755 hw_reconf_flags |= IEEE80211_CONF_CHANGE_MONITOR;
756 ieee80211_del_virtual_monitor(local);
738 } 757 }
739 758
740 ieee80211_adjust_monitor_flags(sdata, -1); 759 ieee80211_adjust_monitor_flags(sdata, -1);
@@ -808,6 +827,9 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
808 } 827 }
809 } 828 }
810 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); 829 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
830
831 if (local->monitors == local->open_count && local->monitors > 0)
832 ieee80211_add_virtual_monitor(local);
811} 833}
812 834
813static int ieee80211_stop(struct net_device *dev) 835static int ieee80211_stop(struct net_device *dev)
@@ -1373,7 +1395,7 @@ static void ieee80211_assign_perm_addr(struct ieee80211_local *local,
1373} 1395}
1374 1396
1375int ieee80211_if_add(struct ieee80211_local *local, const char *name, 1397int ieee80211_if_add(struct ieee80211_local *local, const char *name,
1376 struct net_device **new_dev, enum nl80211_iftype type, 1398 struct wireless_dev **new_wdev, enum nl80211_iftype type,
1377 struct vif_params *params) 1399 struct vif_params *params)
1378{ 1400{
1379 struct net_device *ndev; 1401 struct net_device *ndev;
@@ -1463,8 +1485,8 @@ int ieee80211_if_add(struct ieee80211_local *local, const char *name,
1463 list_add_tail_rcu(&sdata->list, &local->interfaces); 1485 list_add_tail_rcu(&sdata->list, &local->interfaces);
1464 mutex_unlock(&local->iflist_mtx); 1486 mutex_unlock(&local->iflist_mtx);
1465 1487
1466 if (new_dev) 1488 if (new_wdev)
1467 *new_dev = ndev; 1489 *new_wdev = &sdata->wdev;
1468 1490
1469 return 0; 1491 return 0;
1470 1492
diff --git a/net/mac80211/key.c b/net/mac80211/key.c
index b3b7e526e24..7ae678ba5d6 100644
--- a/net/mac80211/key.c
+++ b/net/mac80211/key.c
@@ -194,26 +194,6 @@ static void ieee80211_key_disable_hw_accel(struct ieee80211_key *key)
194 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE; 194 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
195} 195}
196 196
197void ieee80211_key_removed(struct ieee80211_key_conf *key_conf)
198{
199 struct ieee80211_key *key;
200
201 key = container_of(key_conf, struct ieee80211_key, conf);
202
203 might_sleep();
204 assert_key_lock(key->local);
205
206 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
207
208 /*
209 * Flush TX path to avoid attempts to use this key
210 * after this function returns. Until then, drivers
211 * must be prepared to handle the key.
212 */
213 synchronize_rcu();
214}
215EXPORT_SYMBOL_GPL(ieee80211_key_removed);
216
217static void __ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata, 197static void __ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata,
218 int idx, bool uni, bool multi) 198 int idx, bool uni, bool multi)
219{ 199{
diff --git a/net/mac80211/main.c b/net/mac80211/main.c
index c794101f898..c26e231c733 100644
--- a/net/mac80211/main.c
+++ b/net/mac80211/main.c
@@ -322,7 +322,8 @@ static void ieee80211_restart_work(struct work_struct *work)
322 322
323 mutex_lock(&local->mtx); 323 mutex_lock(&local->mtx);
324 WARN(test_bit(SCAN_HW_SCANNING, &local->scanning) || 324 WARN(test_bit(SCAN_HW_SCANNING, &local->scanning) ||
325 local->sched_scanning, 325 rcu_dereference_protected(local->sched_scan_sdata,
326 lockdep_is_held(&local->mtx)),
326 "%s called with hardware scan in progress\n", __func__); 327 "%s called with hardware scan in progress\n", __func__);
327 mutex_unlock(&local->mtx); 328 mutex_unlock(&local->mtx);
328 329
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index f49f14f8ba8..cef0c9e79ab 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -1108,7 +1108,7 @@ void ieee80211_dynamic_ps_timer(unsigned long data)
1108} 1108}
1109 1109
1110/* MLME */ 1110/* MLME */
1111static void ieee80211_sta_wmm_params(struct ieee80211_local *local, 1111static bool ieee80211_sta_wmm_params(struct ieee80211_local *local,
1112 struct ieee80211_sub_if_data *sdata, 1112 struct ieee80211_sub_if_data *sdata,
1113 u8 *wmm_param, size_t wmm_param_len) 1113 u8 *wmm_param, size_t wmm_param_len)
1114{ 1114{
@@ -1119,23 +1119,23 @@ static void ieee80211_sta_wmm_params(struct ieee80211_local *local,
1119 u8 *pos, uapsd_queues = 0; 1119 u8 *pos, uapsd_queues = 0;
1120 1120
1121 if (!local->ops->conf_tx) 1121 if (!local->ops->conf_tx)
1122 return; 1122 return false;
1123 1123
1124 if (local->hw.queues < IEEE80211_NUM_ACS) 1124 if (local->hw.queues < IEEE80211_NUM_ACS)
1125 return; 1125 return false;
1126 1126
1127 if (!wmm_param) 1127 if (!wmm_param)
1128 return; 1128 return false;
1129 1129
1130 if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1) 1130 if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1)
1131 return; 1131 return false;
1132 1132
1133 if (ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED) 1133 if (ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED)
1134 uapsd_queues = ifmgd->uapsd_queues; 1134 uapsd_queues = ifmgd->uapsd_queues;
1135 1135
1136 count = wmm_param[6] & 0x0f; 1136 count = wmm_param[6] & 0x0f;
1137 if (count == ifmgd->wmm_last_param_set) 1137 if (count == ifmgd->wmm_last_param_set)
1138 return; 1138 return false;
1139 ifmgd->wmm_last_param_set = count; 1139 ifmgd->wmm_last_param_set = count;
1140 1140
1141 pos = wmm_param + 8; 1141 pos = wmm_param + 8;
@@ -1202,6 +1202,7 @@ static void ieee80211_sta_wmm_params(struct ieee80211_local *local,
1202 1202
1203 /* enable WMM or activate new settings */ 1203 /* enable WMM or activate new settings */
1204 sdata->vif.bss_conf.qos = true; 1204 sdata->vif.bss_conf.qos = true;
1205 return true;
1205} 1206}
1206 1207
1207static void __ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata) 1208static void __ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata)
@@ -1268,11 +1269,6 @@ static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata,
1268 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 1269 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
1269 1270
1270 bss_info_changed |= BSS_CHANGED_ASSOC; 1271 bss_info_changed |= BSS_CHANGED_ASSOC;
1271 /* set timing information */
1272 bss_conf->beacon_int = cbss->beacon_interval;
1273 bss_conf->last_tsf = cbss->tsf;
1274
1275 bss_info_changed |= BSS_CHANGED_BEACON_INT;
1276 bss_info_changed |= ieee80211_handle_bss_capability(sdata, 1272 bss_info_changed |= ieee80211_handle_bss_capability(sdata,
1277 bss_conf->assoc_capability, bss->has_erp_value, bss->erp_value); 1273 bss_conf->assoc_capability, bss->has_erp_value, bss->erp_value);
1278 1274
@@ -1364,6 +1360,17 @@ static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
1364 } 1360 }
1365 mutex_unlock(&local->sta_mtx); 1361 mutex_unlock(&local->sta_mtx);
1366 1362
1363 /*
1364 * if we want to get out of ps before disassoc (why?) we have
1365 * to do it before sending disassoc, as otherwise the null-packet
1366 * won't be valid.
1367 */
1368 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
1369 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
1370 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1371 }
1372 local->ps_sdata = NULL;
1373
1367 /* flush out any pending frame (e.g. DELBA) before deauth/disassoc */ 1374 /* flush out any pending frame (e.g. DELBA) before deauth/disassoc */
1368 if (tx) 1375 if (tx)
1369 drv_flush(local, false); 1376 drv_flush(local, false);
@@ -1399,12 +1406,6 @@ static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
1399 del_timer_sync(&local->dynamic_ps_timer); 1406 del_timer_sync(&local->dynamic_ps_timer);
1400 cancel_work_sync(&local->dynamic_ps_enable_work); 1407 cancel_work_sync(&local->dynamic_ps_enable_work);
1401 1408
1402 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
1403 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
1404 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1405 }
1406 local->ps_sdata = NULL;
1407
1408 /* Disable ARP filtering */ 1409 /* Disable ARP filtering */
1409 if (sdata->vif.bss_conf.arp_filter_enabled) { 1410 if (sdata->vif.bss_conf.arp_filter_enabled) {
1410 sdata->vif.bss_conf.arp_filter_enabled = false; 1411 sdata->vif.bss_conf.arp_filter_enabled = false;
@@ -2435,14 +2436,6 @@ static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata,
2435 directed_tim = ieee80211_check_tim(elems.tim, elems.tim_len, 2436 directed_tim = ieee80211_check_tim(elems.tim, elems.tim_len,
2436 ifmgd->aid); 2437 ifmgd->aid);
2437 2438
2438 if (ncrc != ifmgd->beacon_crc || !ifmgd->beacon_crc_valid) {
2439 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems,
2440 true);
2441
2442 ieee80211_sta_wmm_params(local, sdata, elems.wmm_param,
2443 elems.wmm_param_len);
2444 }
2445
2446 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) { 2439 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) {
2447 if (directed_tim) { 2440 if (directed_tim) {
2448 if (local->hw.conf.dynamic_ps_timeout > 0) { 2441 if (local->hw.conf.dynamic_ps_timeout > 0) {
@@ -2473,6 +2466,13 @@ static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata,
2473 ifmgd->beacon_crc = ncrc; 2466 ifmgd->beacon_crc = ncrc;
2474 ifmgd->beacon_crc_valid = true; 2467 ifmgd->beacon_crc_valid = true;
2475 2468
2469 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems,
2470 true);
2471
2472 if (ieee80211_sta_wmm_params(local, sdata, elems.wmm_param,
2473 elems.wmm_param_len))
2474 changed |= BSS_CHANGED_QOS;
2475
2476 if (elems.erp_info && elems.erp_info_len >= 1) { 2476 if (elems.erp_info && elems.erp_info_len >= 1) {
2477 erp_valid = true; 2477 erp_valid = true;
2478 erp_value = elems.erp_info[0]; 2478 erp_value = elems.erp_info[0];
@@ -2974,7 +2974,7 @@ void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata)
2974/* scan finished notification */ 2974/* scan finished notification */
2975void ieee80211_mlme_notify_scan_completed(struct ieee80211_local *local) 2975void ieee80211_mlme_notify_scan_completed(struct ieee80211_local *local)
2976{ 2976{
2977 struct ieee80211_sub_if_data *sdata = local->scan_sdata; 2977 struct ieee80211_sub_if_data *sdata;
2978 2978
2979 /* Restart STA timers */ 2979 /* Restart STA timers */
2980 rcu_read_lock(); 2980 rcu_read_lock();
@@ -3132,9 +3132,15 @@ static int ieee80211_prep_connection(struct ieee80211_sub_if_data *sdata,
3132 3132
3133 memcpy(ifmgd->bssid, cbss->bssid, ETH_ALEN); 3133 memcpy(ifmgd->bssid, cbss->bssid, ETH_ALEN);
3134 3134
3135 /* tell driver about BSSID and basic rates */ 3135 /* set timing information */
3136 sdata->vif.bss_conf.beacon_int = cbss->beacon_interval;
3137 sdata->vif.bss_conf.sync_tsf = cbss->tsf;
3138 sdata->vif.bss_conf.sync_device_ts = bss->device_ts;
3139
3140 /* tell driver about BSSID, basic rates and timing */
3136 ieee80211_bss_info_change_notify(sdata, 3141 ieee80211_bss_info_change_notify(sdata,
3137 BSS_CHANGED_BSSID | BSS_CHANGED_BASIC_RATES); 3142 BSS_CHANGED_BSSID | BSS_CHANGED_BASIC_RATES |
3143 BSS_CHANGED_BEACON_INT);
3138 3144
3139 if (assoc) 3145 if (assoc)
3140 sta_info_pre_move_state(sta, IEEE80211_STA_AUTH); 3146 sta_info_pre_move_state(sta, IEEE80211_STA_AUTH);
diff --git a/net/mac80211/offchannel.c b/net/mac80211/offchannel.c
index b0fb6a2b89a..635c3250c66 100644
--- a/net/mac80211/offchannel.c
+++ b/net/mac80211/offchannel.c
@@ -191,7 +191,7 @@ void ieee80211_handle_roc_started(struct ieee80211_roc_work *roc)
191 roc->frame = NULL; 191 roc->frame = NULL;
192 } 192 }
193 } else { 193 } else {
194 cfg80211_ready_on_channel(roc->sdata->dev, (unsigned long)roc, 194 cfg80211_ready_on_channel(&roc->sdata->wdev, (unsigned long)roc,
195 roc->chan, roc->chan_type, 195 roc->chan, roc->chan_type,
196 roc->req_duration, GFP_KERNEL); 196 roc->req_duration, GFP_KERNEL);
197 } 197 }
@@ -299,7 +299,7 @@ void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc)
299 299
300 /* was never transmitted */ 300 /* was never transmitted */
301 if (roc->frame) { 301 if (roc->frame) {
302 cfg80211_mgmt_tx_status(roc->sdata->dev, 302 cfg80211_mgmt_tx_status(&roc->sdata->wdev,
303 (unsigned long)roc->frame, 303 (unsigned long)roc->frame,
304 roc->frame->data, roc->frame->len, 304 roc->frame->data, roc->frame->len,
305 false, GFP_KERNEL); 305 false, GFP_KERNEL);
@@ -307,7 +307,7 @@ void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc)
307 } 307 }
308 308
309 if (!roc->mgmt_tx_cookie) 309 if (!roc->mgmt_tx_cookie)
310 cfg80211_remain_on_channel_expired(roc->sdata->dev, 310 cfg80211_remain_on_channel_expired(&roc->sdata->wdev,
311 (unsigned long)roc, 311 (unsigned long)roc,
312 roc->chan, roc->chan_type, 312 roc->chan, roc->chan_type,
313 GFP_KERNEL); 313 GFP_KERNEL);
@@ -324,6 +324,7 @@ void ieee80211_sw_roc_work(struct work_struct *work)
324 container_of(work, struct ieee80211_roc_work, work.work); 324 container_of(work, struct ieee80211_roc_work, work.work);
325 struct ieee80211_sub_if_data *sdata = roc->sdata; 325 struct ieee80211_sub_if_data *sdata = roc->sdata;
326 struct ieee80211_local *local = sdata->local; 326 struct ieee80211_local *local = sdata->local;
327 bool started;
327 328
328 mutex_lock(&local->mtx); 329 mutex_lock(&local->mtx);
329 330
@@ -366,9 +367,10 @@ void ieee80211_sw_roc_work(struct work_struct *work)
366 /* finish this ROC */ 367 /* finish this ROC */
367 finish: 368 finish:
368 list_del(&roc->list); 369 list_del(&roc->list);
370 started = roc->started;
369 ieee80211_roc_notify_destroy(roc); 371 ieee80211_roc_notify_destroy(roc);
370 372
371 if (roc->started) { 373 if (started) {
372 drv_flush(local, false); 374 drv_flush(local, false);
373 375
374 local->tmp_channel = NULL; 376 local->tmp_channel = NULL;
@@ -379,7 +381,7 @@ void ieee80211_sw_roc_work(struct work_struct *work)
379 381
380 ieee80211_recalc_idle(local); 382 ieee80211_recalc_idle(local);
381 383
382 if (roc->started) 384 if (started)
383 ieee80211_start_next_roc(local); 385 ieee80211_start_next_roc(local);
384 } 386 }
385 387
diff --git a/net/mac80211/rc80211_minstrel_ht.c b/net/mac80211/rc80211_minstrel_ht.c
index f9e51ef8dfa..fb1d4aa65e8 100644
--- a/net/mac80211/rc80211_minstrel_ht.c
+++ b/net/mac80211/rc80211_minstrel_ht.c
@@ -626,8 +626,12 @@ minstrel_ht_get_rate(void *priv, struct ieee80211_sta *sta, void *priv_sta,
626 626
627#ifdef CONFIG_MAC80211_DEBUGFS 627#ifdef CONFIG_MAC80211_DEBUGFS
628 /* use fixed index if set */ 628 /* use fixed index if set */
629 if (mp->fixed_rate_idx != -1) 629 if (mp->fixed_rate_idx != -1) {
630 sample_idx = mp->fixed_rate_idx; 630 mi->max_tp_rate = mp->fixed_rate_idx;
631 mi->max_tp_rate2 = mp->fixed_rate_idx;
632 mi->max_prob_rate = mp->fixed_rate_idx;
633 sample_idx = -1;
634 }
631#endif 635#endif
632 636
633 if (sample_idx >= 0) { 637 if (sample_idx >= 0) {
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 67edd69e842..0cb4edee6af 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -413,29 +413,6 @@ static void ieee80211_verify_alignment(struct ieee80211_rx_data *rx)
413 413
414/* rx handlers */ 414/* rx handlers */
415 415
416static ieee80211_rx_result debug_noinline
417ieee80211_rx_h_passive_scan(struct ieee80211_rx_data *rx)
418{
419 struct ieee80211_local *local = rx->local;
420 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb);
421 struct sk_buff *skb = rx->skb;
422
423 if (likely(!(status->rx_flags & IEEE80211_RX_IN_SCAN) &&
424 !local->sched_scanning))
425 return RX_CONTINUE;
426
427 if (test_bit(SCAN_HW_SCANNING, &local->scanning) ||
428 test_bit(SCAN_SW_SCANNING, &local->scanning) ||
429 test_bit(SCAN_ONCHANNEL_SCANNING, &local->scanning) ||
430 local->sched_scanning)
431 return ieee80211_scan_rx(rx->sdata, skb);
432
433 /* scanning finished during invoking of handlers */
434 I802_DEBUG_INC(local->rx_handlers_drop_passive_scan);
435 return RX_DROP_UNUSABLE;
436}
437
438
439static int ieee80211_is_unicast_robust_mgmt_frame(struct sk_buff *skb) 416static int ieee80211_is_unicast_robust_mgmt_frame(struct sk_buff *skb)
440{ 417{
441 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 418 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
@@ -2404,7 +2381,7 @@ ieee80211_rx_h_userspace_mgmt(struct ieee80211_rx_data *rx)
2404 if (rx->local->hw.flags & IEEE80211_HW_SIGNAL_DBM) 2381 if (rx->local->hw.flags & IEEE80211_HW_SIGNAL_DBM)
2405 sig = status->signal; 2382 sig = status->signal;
2406 2383
2407 if (cfg80211_rx_mgmt(rx->sdata->dev, status->freq, sig, 2384 if (cfg80211_rx_mgmt(&rx->sdata->wdev, status->freq, sig,
2408 rx->skb->data, rx->skb->len, 2385 rx->skb->data, rx->skb->len,
2409 GFP_ATOMIC)) { 2386 GFP_ATOMIC)) {
2410 if (rx->sta) 2387 if (rx->sta)
@@ -2695,7 +2672,6 @@ static void ieee80211_invoke_rx_handlers(struct ieee80211_rx_data *rx)
2695 goto rxh_next; \ 2672 goto rxh_next; \
2696 } while (0); 2673 } while (0);
2697 2674
2698 CALL_RXH(ieee80211_rx_h_passive_scan)
2699 CALL_RXH(ieee80211_rx_h_check) 2675 CALL_RXH(ieee80211_rx_h_check)
2700 2676
2701 ieee80211_rx_reorder_ampdu(rx); 2677 ieee80211_rx_reorder_ampdu(rx);
@@ -2765,11 +2741,8 @@ static int prepare_for_handlers(struct ieee80211_rx_data *rx,
2765 return 0; 2741 return 0;
2766 if (ieee80211_is_beacon(hdr->frame_control)) { 2742 if (ieee80211_is_beacon(hdr->frame_control)) {
2767 return 1; 2743 return 1;
2768 } 2744 } else if (!ieee80211_bssid_match(bssid, sdata->u.ibss.bssid)) {
2769 else if (!ieee80211_bssid_match(bssid, sdata->u.ibss.bssid)) { 2745 return 0;
2770 if (!(status->rx_flags & IEEE80211_RX_IN_SCAN))
2771 return 0;
2772 status->rx_flags &= ~IEEE80211_RX_RA_MATCH;
2773 } else if (!multicast && 2746 } else if (!multicast &&
2774 !ether_addr_equal(sdata->vif.addr, hdr->addr1)) { 2747 !ether_addr_equal(sdata->vif.addr, hdr->addr1)) {
2775 if (!(sdata->dev->flags & IFF_PROMISC)) 2748 if (!(sdata->dev->flags & IFF_PROMISC))
@@ -2807,11 +2780,9 @@ static int prepare_for_handlers(struct ieee80211_rx_data *rx,
2807 * and location updates. Note that mac80211 2780 * and location updates. Note that mac80211
2808 * itself never looks at these frames. 2781 * itself never looks at these frames.
2809 */ 2782 */
2810 if (!(status->rx_flags & IEEE80211_RX_IN_SCAN) && 2783 if (ieee80211_is_public_action(hdr, skb->len))
2811 ieee80211_is_public_action(hdr, skb->len))
2812 return 1; 2784 return 1;
2813 if (!(status->rx_flags & IEEE80211_RX_IN_SCAN) && 2785 if (!ieee80211_is_beacon(hdr->frame_control))
2814 !ieee80211_is_beacon(hdr->frame_control))
2815 return 0; 2786 return 0;
2816 status->rx_flags &= ~IEEE80211_RX_RA_MATCH; 2787 status->rx_flags &= ~IEEE80211_RX_RA_MATCH;
2817 } 2788 }
@@ -2877,7 +2848,6 @@ static bool ieee80211_prepare_and_rx_handle(struct ieee80211_rx_data *rx,
2877static void __ieee80211_rx_handle_packet(struct ieee80211_hw *hw, 2848static void __ieee80211_rx_handle_packet(struct ieee80211_hw *hw,
2878 struct sk_buff *skb) 2849 struct sk_buff *skb)
2879{ 2850{
2880 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
2881 struct ieee80211_local *local = hw_to_local(hw); 2851 struct ieee80211_local *local = hw_to_local(hw);
2882 struct ieee80211_sub_if_data *sdata; 2852 struct ieee80211_sub_if_data *sdata;
2883 struct ieee80211_hdr *hdr; 2853 struct ieee80211_hdr *hdr;
@@ -2895,11 +2865,6 @@ static void __ieee80211_rx_handle_packet(struct ieee80211_hw *hw,
2895 if (ieee80211_is_data(fc) || ieee80211_is_mgmt(fc)) 2865 if (ieee80211_is_data(fc) || ieee80211_is_mgmt(fc))
2896 local->dot11ReceivedFragmentCount++; 2866 local->dot11ReceivedFragmentCount++;
2897 2867
2898 if (unlikely(test_bit(SCAN_HW_SCANNING, &local->scanning) ||
2899 test_bit(SCAN_ONCHANNEL_SCANNING, &local->scanning) ||
2900 test_bit(SCAN_SW_SCANNING, &local->scanning)))
2901 status->rx_flags |= IEEE80211_RX_IN_SCAN;
2902
2903 if (ieee80211_is_mgmt(fc)) 2868 if (ieee80211_is_mgmt(fc))
2904 err = skb_linearize(skb); 2869 err = skb_linearize(skb);
2905 else 2870 else
@@ -2914,6 +2879,10 @@ static void __ieee80211_rx_handle_packet(struct ieee80211_hw *hw,
2914 ieee80211_parse_qos(&rx); 2879 ieee80211_parse_qos(&rx);
2915 ieee80211_verify_alignment(&rx); 2880 ieee80211_verify_alignment(&rx);
2916 2881
2882 if (unlikely(ieee80211_is_probe_resp(hdr->frame_control) ||
2883 ieee80211_is_beacon(hdr->frame_control)))
2884 ieee80211_scan_rx(local, skb);
2885
2917 if (ieee80211_is_data(fc)) { 2886 if (ieee80211_is_data(fc)) {
2918 prev_sta = NULL; 2887 prev_sta = NULL;
2919 2888
diff --git a/net/mac80211/scan.c b/net/mac80211/scan.c
index 267b2940fad..bcaee5d1283 100644
--- a/net/mac80211/scan.c
+++ b/net/mac80211/scan.c
@@ -83,13 +83,14 @@ ieee80211_bss_info_update(struct ieee80211_local *local,
83 83
84 cbss = cfg80211_inform_bss_frame(local->hw.wiphy, channel, 84 cbss = cfg80211_inform_bss_frame(local->hw.wiphy, channel,
85 mgmt, len, signal, GFP_ATOMIC); 85 mgmt, len, signal, GFP_ATOMIC);
86
87 if (!cbss) 86 if (!cbss)
88 return NULL; 87 return NULL;
89 88
90 cbss->free_priv = ieee80211_rx_bss_free; 89 cbss->free_priv = ieee80211_rx_bss_free;
91 bss = (void *)cbss->priv; 90 bss = (void *)cbss->priv;
92 91
92 bss->device_ts = rx_status->device_timestamp;
93
93 if (elems->parse_error) { 94 if (elems->parse_error) {
94 if (beacon) 95 if (beacon)
95 bss->corrupt_data |= IEEE80211_BSS_CORRUPT_BEACON; 96 bss->corrupt_data |= IEEE80211_BSS_CORRUPT_BEACON;
@@ -164,52 +165,47 @@ ieee80211_bss_info_update(struct ieee80211_local *local,
164 return bss; 165 return bss;
165} 166}
166 167
167ieee80211_rx_result 168void ieee80211_scan_rx(struct ieee80211_local *local, struct sk_buff *skb)
168ieee80211_scan_rx(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb)
169{ 169{
170 struct ieee80211_rx_status *rx_status = IEEE80211_SKB_RXCB(skb); 170 struct ieee80211_rx_status *rx_status = IEEE80211_SKB_RXCB(skb);
171 struct ieee80211_mgmt *mgmt; 171 struct ieee80211_sub_if_data *sdata1, *sdata2;
172 struct ieee80211_mgmt *mgmt = (void *)skb->data;
172 struct ieee80211_bss *bss; 173 struct ieee80211_bss *bss;
173 u8 *elements; 174 u8 *elements;
174 struct ieee80211_channel *channel; 175 struct ieee80211_channel *channel;
175 size_t baselen; 176 size_t baselen;
176 int freq; 177 int freq;
177 __le16 fc; 178 bool beacon;
178 bool presp, beacon = false;
179 struct ieee802_11_elems elems; 179 struct ieee802_11_elems elems;
180 180
181 if (skb->len < 2) 181 if (skb->len < 24 ||
182 return RX_DROP_UNUSABLE; 182 (!ieee80211_is_probe_resp(mgmt->frame_control) &&
183 183 !ieee80211_is_beacon(mgmt->frame_control)))
184 mgmt = (struct ieee80211_mgmt *) skb->data; 184 return;
185 fc = mgmt->frame_control;
186 185
187 if (ieee80211_is_ctl(fc)) 186 sdata1 = rcu_dereference(local->scan_sdata);
188 return RX_CONTINUE; 187 sdata2 = rcu_dereference(local->sched_scan_sdata);
189 188
190 if (skb->len < 24) 189 if (likely(!sdata1 && !sdata2))
191 return RX_CONTINUE; 190 return;
192 191
193 presp = ieee80211_is_probe_resp(fc); 192 if (ieee80211_is_probe_resp(mgmt->frame_control)) {
194 if (presp) {
195 /* ignore ProbeResp to foreign address */ 193 /* ignore ProbeResp to foreign address */
196 if (!ether_addr_equal(mgmt->da, sdata->vif.addr)) 194 if ((!sdata1 || !ether_addr_equal(mgmt->da, sdata1->vif.addr)) &&
197 return RX_DROP_MONITOR; 195 (!sdata2 || !ether_addr_equal(mgmt->da, sdata2->vif.addr)))
196 return;
198 197
199 presp = true;
200 elements = mgmt->u.probe_resp.variable; 198 elements = mgmt->u.probe_resp.variable;
201 baselen = offsetof(struct ieee80211_mgmt, u.probe_resp.variable); 199 baselen = offsetof(struct ieee80211_mgmt, u.probe_resp.variable);
200 beacon = false;
202 } else { 201 } else {
203 beacon = ieee80211_is_beacon(fc);
204 baselen = offsetof(struct ieee80211_mgmt, u.beacon.variable); 202 baselen = offsetof(struct ieee80211_mgmt, u.beacon.variable);
205 elements = mgmt->u.beacon.variable; 203 elements = mgmt->u.beacon.variable;
204 beacon = true;
206 } 205 }
207 206
208 if (!presp && !beacon)
209 return RX_CONTINUE;
210
211 if (baselen > skb->len) 207 if (baselen > skb->len)
212 return RX_DROP_MONITOR; 208 return;
213 209
214 ieee802_11_parse_elems(elements, skb->len - baselen, &elems); 210 ieee802_11_parse_elems(elements, skb->len - baselen, &elems);
215 211
@@ -219,22 +215,16 @@ ieee80211_scan_rx(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb)
219 else 215 else
220 freq = rx_status->freq; 216 freq = rx_status->freq;
221 217
222 channel = ieee80211_get_channel(sdata->local->hw.wiphy, freq); 218 channel = ieee80211_get_channel(local->hw.wiphy, freq);
223 219
224 if (!channel || channel->flags & IEEE80211_CHAN_DISABLED) 220 if (!channel || channel->flags & IEEE80211_CHAN_DISABLED)
225 return RX_DROP_MONITOR; 221 return;
226 222
227 bss = ieee80211_bss_info_update(sdata->local, rx_status, 223 bss = ieee80211_bss_info_update(local, rx_status,
228 mgmt, skb->len, &elems, 224 mgmt, skb->len, &elems,
229 channel, beacon); 225 channel, beacon);
230 if (bss) 226 if (bss)
231 ieee80211_rx_bss_put(sdata->local, bss); 227 ieee80211_rx_bss_put(local, bss);
232
233 if (channel == sdata->local->oper_channel)
234 return RX_CONTINUE;
235
236 dev_kfree_skb(skb);
237 return RX_QUEUED;
238} 228}
239 229
240/* return false if no more work */ 230/* return false if no more work */
@@ -292,7 +282,13 @@ static void __ieee80211_scan_completed(struct ieee80211_hw *hw, bool aborted,
292 return; 282 return;
293 283
294 if (was_hw_scan && !aborted && ieee80211_prep_hw_scan(local)) { 284 if (was_hw_scan && !aborted && ieee80211_prep_hw_scan(local)) {
295 int rc = drv_hw_scan(local, local->scan_sdata, local->hw_scan_req); 285 int rc;
286
287 rc = drv_hw_scan(local,
288 rcu_dereference_protected(local->scan_sdata,
289 lockdep_is_held(&local->mtx)),
290 local->hw_scan_req);
291
296 if (rc == 0) 292 if (rc == 0)
297 return; 293 return;
298 } 294 }
@@ -393,7 +389,10 @@ void ieee80211_run_deferred_scan(struct ieee80211_local *local)
393 if (!local->scan_req || local->scanning) 389 if (!local->scan_req || local->scanning)
394 return; 390 return;
395 391
396 if (!ieee80211_can_scan(local, local->scan_sdata)) 392 if (!ieee80211_can_scan(local,
393 rcu_dereference_protected(
394 local->scan_sdata,
395 lockdep_is_held(&local->mtx))))
397 return; 396 return;
398 397
399 ieee80211_queue_delayed_work(&local->hw, &local->scan_work, 398 ieee80211_queue_delayed_work(&local->hw, &local->scan_work,
@@ -404,9 +403,12 @@ static void ieee80211_scan_state_send_probe(struct ieee80211_local *local,
404 unsigned long *next_delay) 403 unsigned long *next_delay)
405{ 404{
406 int i; 405 int i;
407 struct ieee80211_sub_if_data *sdata = local->scan_sdata; 406 struct ieee80211_sub_if_data *sdata;
408 enum ieee80211_band band = local->hw.conf.channel->band; 407 enum ieee80211_band band = local->hw.conf.channel->band;
409 408
409 sdata = rcu_dereference_protected(local->scan_sdata,
410 lockdep_is_held(&local->mtx));;
411
410 for (i = 0; i < local->scan_req->n_ssids; i++) 412 for (i = 0; i < local->scan_req->n_ssids; i++)
411 ieee80211_send_probe_req( 413 ieee80211_send_probe_req(
412 sdata, NULL, 414 sdata, NULL,
@@ -438,7 +440,7 @@ static int __ieee80211_start_scan(struct ieee80211_sub_if_data *sdata,
438 if (!ieee80211_can_scan(local, sdata)) { 440 if (!ieee80211_can_scan(local, sdata)) {
439 /* wait for the work to finish/time out */ 441 /* wait for the work to finish/time out */
440 local->scan_req = req; 442 local->scan_req = req;
441 local->scan_sdata = sdata; 443 rcu_assign_pointer(local->scan_sdata, sdata);
442 return 0; 444 return 0;
443 } 445 }
444 446
@@ -472,7 +474,7 @@ static int __ieee80211_start_scan(struct ieee80211_sub_if_data *sdata,
472 } 474 }
473 475
474 local->scan_req = req; 476 local->scan_req = req;
475 local->scan_sdata = sdata; 477 rcu_assign_pointer(local->scan_sdata, sdata);
476 478
477 if (local->ops->hw_scan) { 479 if (local->ops->hw_scan) {
478 __set_bit(SCAN_HW_SCANNING, &local->scanning); 480 __set_bit(SCAN_HW_SCANNING, &local->scanning);
@@ -532,7 +534,7 @@ static int __ieee80211_start_scan(struct ieee80211_sub_if_data *sdata,
532 ieee80211_recalc_idle(local); 534 ieee80211_recalc_idle(local);
533 535
534 local->scan_req = NULL; 536 local->scan_req = NULL;
535 local->scan_sdata = NULL; 537 rcu_assign_pointer(local->scan_sdata, NULL);
536 } 538 }
537 539
538 return rc; 540 return rc;
@@ -719,7 +721,8 @@ void ieee80211_scan_work(struct work_struct *work)
719 721
720 mutex_lock(&local->mtx); 722 mutex_lock(&local->mtx);
721 723
722 sdata = local->scan_sdata; 724 sdata = rcu_dereference_protected(local->scan_sdata,
725 lockdep_is_held(&local->mtx));
723 726
724 /* When scanning on-channel, the first-callback means completed. */ 727 /* When scanning on-channel, the first-callback means completed. */
725 if (test_bit(SCAN_ONCHANNEL_SCANNING, &local->scanning)) { 728 if (test_bit(SCAN_ONCHANNEL_SCANNING, &local->scanning)) {
@@ -740,7 +743,7 @@ void ieee80211_scan_work(struct work_struct *work)
740 int rc; 743 int rc;
741 744
742 local->scan_req = NULL; 745 local->scan_req = NULL;
743 local->scan_sdata = NULL; 746 rcu_assign_pointer(local->scan_sdata, NULL);
744 747
745 rc = __ieee80211_start_scan(sdata, req); 748 rc = __ieee80211_start_scan(sdata, req);
746 if (rc) { 749 if (rc) {
@@ -892,7 +895,9 @@ void ieee80211_scan_cancel(struct ieee80211_local *local)
892 895
893 if (test_bit(SCAN_HW_SCANNING, &local->scanning)) { 896 if (test_bit(SCAN_HW_SCANNING, &local->scanning)) {
894 if (local->ops->cancel_hw_scan) 897 if (local->ops->cancel_hw_scan)
895 drv_cancel_hw_scan(local, local->scan_sdata); 898 drv_cancel_hw_scan(local,
899 rcu_dereference_protected(local->scan_sdata,
900 lockdep_is_held(&local->mtx)));
896 goto out; 901 goto out;
897 } 902 }
898 903
@@ -914,9 +919,9 @@ int ieee80211_request_sched_scan_start(struct ieee80211_sub_if_data *sdata,
914 struct ieee80211_local *local = sdata->local; 919 struct ieee80211_local *local = sdata->local;
915 int ret, i; 920 int ret, i;
916 921
917 mutex_lock(&sdata->local->mtx); 922 mutex_lock(&local->mtx);
918 923
919 if (local->sched_scanning) { 924 if (rcu_access_pointer(local->sched_scan_sdata)) {
920 ret = -EBUSY; 925 ret = -EBUSY;
921 goto out; 926 goto out;
922 } 927 }
@@ -927,6 +932,9 @@ int ieee80211_request_sched_scan_start(struct ieee80211_sub_if_data *sdata,
927 } 932 }
928 933
929 for (i = 0; i < IEEE80211_NUM_BANDS; i++) { 934 for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
935 if (!local->hw.wiphy->bands[i])
936 continue;
937
930 local->sched_scan_ies.ie[i] = kzalloc(2 + 938 local->sched_scan_ies.ie[i] = kzalloc(2 +
931 IEEE80211_MAX_SSID_LEN + 939 IEEE80211_MAX_SSID_LEN +
932 local->scan_ies_len + 940 local->scan_ies_len +
@@ -947,7 +955,7 @@ int ieee80211_request_sched_scan_start(struct ieee80211_sub_if_data *sdata,
947 ret = drv_sched_scan_start(local, sdata, req, 955 ret = drv_sched_scan_start(local, sdata, req,
948 &local->sched_scan_ies); 956 &local->sched_scan_ies);
949 if (ret == 0) { 957 if (ret == 0) {
950 local->sched_scanning = true; 958 rcu_assign_pointer(local->sched_scan_sdata, sdata);
951 goto out; 959 goto out;
952 } 960 }
953 961
@@ -955,7 +963,7 @@ out_free:
955 while (i > 0) 963 while (i > 0)
956 kfree(local->sched_scan_ies.ie[--i]); 964 kfree(local->sched_scan_ies.ie[--i]);
957out: 965out:
958 mutex_unlock(&sdata->local->mtx); 966 mutex_unlock(&local->mtx);
959 return ret; 967 return ret;
960} 968}
961 969
@@ -964,22 +972,22 @@ int ieee80211_request_sched_scan_stop(struct ieee80211_sub_if_data *sdata)
964 struct ieee80211_local *local = sdata->local; 972 struct ieee80211_local *local = sdata->local;
965 int ret = 0, i; 973 int ret = 0, i;
966 974
967 mutex_lock(&sdata->local->mtx); 975 mutex_lock(&local->mtx);
968 976
969 if (!local->ops->sched_scan_stop) { 977 if (!local->ops->sched_scan_stop) {
970 ret = -ENOTSUPP; 978 ret = -ENOTSUPP;
971 goto out; 979 goto out;
972 } 980 }
973 981
974 if (local->sched_scanning) { 982 if (rcu_access_pointer(local->sched_scan_sdata)) {
975 for (i = 0; i < IEEE80211_NUM_BANDS; i++) 983 for (i = 0; i < IEEE80211_NUM_BANDS; i++)
976 kfree(local->sched_scan_ies.ie[i]); 984 kfree(local->sched_scan_ies.ie[i]);
977 985
978 drv_sched_scan_stop(local, sdata); 986 drv_sched_scan_stop(local, sdata);
979 local->sched_scanning = false; 987 rcu_assign_pointer(local->sched_scan_sdata, NULL);
980 } 988 }
981out: 989out:
982 mutex_unlock(&sdata->local->mtx); 990 mutex_unlock(&local->mtx);
983 991
984 return ret; 992 return ret;
985} 993}
@@ -1003,7 +1011,7 @@ void ieee80211_sched_scan_stopped_work(struct work_struct *work)
1003 1011
1004 mutex_lock(&local->mtx); 1012 mutex_lock(&local->mtx);
1005 1013
1006 if (!local->sched_scanning) { 1014 if (!rcu_access_pointer(local->sched_scan_sdata)) {
1007 mutex_unlock(&local->mtx); 1015 mutex_unlock(&local->mtx);
1008 return; 1016 return;
1009 } 1017 }
@@ -1011,7 +1019,7 @@ void ieee80211_sched_scan_stopped_work(struct work_struct *work)
1011 for (i = 0; i < IEEE80211_NUM_BANDS; i++) 1019 for (i = 0; i < IEEE80211_NUM_BANDS; i++)
1012 kfree(local->sched_scan_ies.ie[i]); 1020 kfree(local->sched_scan_ies.ie[i]);
1013 1021
1014 local->sched_scanning = false; 1022 rcu_assign_pointer(local->sched_scan_sdata, NULL);
1015 1023
1016 mutex_unlock(&local->mtx); 1024 mutex_unlock(&local->mtx);
1017 1025
diff --git a/net/mac80211/status.c b/net/mac80211/status.c
index 2ed2f27fe8a..8cd72914cda 100644
--- a/net/mac80211/status.c
+++ b/net/mac80211/status.c
@@ -519,14 +519,19 @@ void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb)
519 u64 cookie = (unsigned long)skb; 519 u64 cookie = (unsigned long)skb;
520 acked = info->flags & IEEE80211_TX_STAT_ACK; 520 acked = info->flags & IEEE80211_TX_STAT_ACK;
521 521
522 /*
523 * TODO: When we have non-netdev frame TX,
524 * we cannot use skb->dev->ieee80211_ptr
525 */
526
522 if (ieee80211_is_nullfunc(hdr->frame_control) || 527 if (ieee80211_is_nullfunc(hdr->frame_control) ||
523 ieee80211_is_qos_nullfunc(hdr->frame_control)) 528 ieee80211_is_qos_nullfunc(hdr->frame_control))
524 cfg80211_probe_status(skb->dev, hdr->addr1, 529 cfg80211_probe_status(skb->dev, hdr->addr1,
525 cookie, acked, GFP_ATOMIC); 530 cookie, acked, GFP_ATOMIC);
526 else 531 else
527 cfg80211_mgmt_tx_status( 532 cfg80211_mgmt_tx_status(
528 skb->dev, cookie, skb->data, skb->len, 533 skb->dev->ieee80211_ptr, cookie, skb->data,
529 acked, GFP_ATOMIC); 534 skb->len, acked, GFP_ATOMIC);
530 } 535 }
531 536
532 if (unlikely(info->ack_frame_id)) { 537 if (unlikely(info->ack_frame_id)) {
diff --git a/net/mac80211/trace.h b/net/mac80211/trace.h
index e1e9d10ec2e..c6d33b55b2d 100644
--- a/net/mac80211/trace.h
+++ b/net/mac80211/trace.h
@@ -306,7 +306,8 @@ TRACE_EVENT(drv_bss_info_changed,
306 __field(u8, dtimper) 306 __field(u8, dtimper)
307 __field(u16, bcnint) 307 __field(u16, bcnint)
308 __field(u16, assoc_cap) 308 __field(u16, assoc_cap)
309 __field(u64, timestamp) 309 __field(u64, sync_tsf)
310 __field(u32, sync_device_ts)
310 __field(u32, basic_rates) 311 __field(u32, basic_rates)
311 __field(u32, changed) 312 __field(u32, changed)
312 __field(bool, enable_beacon) 313 __field(bool, enable_beacon)
@@ -325,7 +326,8 @@ TRACE_EVENT(drv_bss_info_changed,
325 __entry->dtimper = info->dtim_period; 326 __entry->dtimper = info->dtim_period;
326 __entry->bcnint = info->beacon_int; 327 __entry->bcnint = info->beacon_int;
327 __entry->assoc_cap = info->assoc_capability; 328 __entry->assoc_cap = info->assoc_capability;
328 __entry->timestamp = info->last_tsf; 329 __entry->sync_tsf = info->sync_tsf;
330 __entry->sync_device_ts = info->sync_device_ts;
329 __entry->basic_rates = info->basic_rates; 331 __entry->basic_rates = info->basic_rates;
330 __entry->enable_beacon = info->enable_beacon; 332 __entry->enable_beacon = info->enable_beacon;
331 __entry->ht_operation_mode = info->ht_operation_mode; 333 __entry->ht_operation_mode = info->ht_operation_mode;
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index c9d2175d15c..acf712ffb5e 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -523,7 +523,7 @@ ieee80211_tx_h_check_control_port_protocol(struct ieee80211_tx_data *tx)
523static ieee80211_tx_result debug_noinline 523static ieee80211_tx_result debug_noinline
524ieee80211_tx_h_select_key(struct ieee80211_tx_data *tx) 524ieee80211_tx_h_select_key(struct ieee80211_tx_data *tx)
525{ 525{
526 struct ieee80211_key *key = NULL; 526 struct ieee80211_key *key;
527 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb); 527 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
528 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data; 528 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
529 529
@@ -542,16 +542,23 @@ ieee80211_tx_h_select_key(struct ieee80211_tx_data *tx)
542 else if (!is_multicast_ether_addr(hdr->addr1) && 542 else if (!is_multicast_ether_addr(hdr->addr1) &&
543 (key = rcu_dereference(tx->sdata->default_unicast_key))) 543 (key = rcu_dereference(tx->sdata->default_unicast_key)))
544 tx->key = key; 544 tx->key = key;
545 else if (tx->sdata->drop_unencrypted && 545 else if (info->flags & IEEE80211_TX_CTL_INJECTED)
546 (tx->skb->protocol != tx->sdata->control_port_protocol) && 546 tx->key = NULL;
547 !(info->flags & IEEE80211_TX_CTL_INJECTED) && 547 else if (!tx->sdata->drop_unencrypted)
548 (!ieee80211_is_robust_mgmt_frame(hdr) || 548 tx->key = NULL;
549 (ieee80211_is_action(hdr->frame_control) && 549 else if (tx->skb->protocol == tx->sdata->control_port_protocol)
550 tx->sta && test_sta_flag(tx->sta, WLAN_STA_MFP)))) { 550 tx->key = NULL;
551 else if (ieee80211_is_robust_mgmt_frame(hdr) &&
552 !(ieee80211_is_action(hdr->frame_control) &&
553 tx->sta && test_sta_flag(tx->sta, WLAN_STA_MFP)))
554 tx->key = NULL;
555 else if (ieee80211_is_mgmt(hdr->frame_control) &&
556 !ieee80211_is_robust_mgmt_frame(hdr))
557 tx->key = NULL;
558 else {
551 I802_DEBUG_INC(tx->local->tx_handlers_drop_unencrypted); 559 I802_DEBUG_INC(tx->local->tx_handlers_drop_unencrypted);
552 return TX_DROP; 560 return TX_DROP;
553 } else 561 }
554 tx->key = NULL;
555 562
556 if (tx->key) { 563 if (tx->key) {
557 bool skip_hw = false; 564 bool skip_hw = false;
@@ -1817,6 +1824,9 @@ netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb,
1817 /* RA TA mDA mSA AE:DA SA */ 1824 /* RA TA mDA mSA AE:DA SA */
1818 mesh_da = mppath->mpp; 1825 mesh_da = mppath->mpp;
1819 is_mesh_mcast = 0; 1826 is_mesh_mcast = 0;
1827 } else if (mpath) {
1828 mesh_da = mpath->dst;
1829 is_mesh_mcast = 0;
1820 } else { 1830 } else {
1821 /* DA TA mSA AE:SA */ 1831 /* DA TA mSA AE:SA */
1822 mesh_da = bcast; 1832 mesh_da = bcast;
@@ -2714,7 +2724,7 @@ EXPORT_SYMBOL(ieee80211_get_buffered_bc);
2714void ieee80211_tx_skb_tid(struct ieee80211_sub_if_data *sdata, 2724void ieee80211_tx_skb_tid(struct ieee80211_sub_if_data *sdata,
2715 struct sk_buff *skb, int tid) 2725 struct sk_buff *skb, int tid)
2716{ 2726{
2717 int ac = ieee802_1d_to_ac[tid]; 2727 int ac = ieee802_1d_to_ac[tid & 7];
2718 2728
2719 skb_set_mac_header(skb, 0); 2729 skb_set_mac_header(skb, 0);
2720 skb_set_network_header(skb, 0); 2730 skb_set_network_header(skb, 0);
diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index 64493a7bef1..39b82fee490 100644
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -529,6 +529,11 @@ void ieee80211_iterate_active_interfaces(
529 &sdata->vif); 529 &sdata->vif);
530 } 530 }
531 531
532 sdata = rcu_dereference_protected(local->monitor_sdata,
533 lockdep_is_held(&local->iflist_mtx));
534 if (sdata)
535 iterator(data, sdata->vif.addr, &sdata->vif);
536
532 mutex_unlock(&local->iflist_mtx); 537 mutex_unlock(&local->iflist_mtx);
533} 538}
534EXPORT_SYMBOL_GPL(ieee80211_iterate_active_interfaces); 539EXPORT_SYMBOL_GPL(ieee80211_iterate_active_interfaces);
@@ -557,6 +562,10 @@ void ieee80211_iterate_active_interfaces_atomic(
557 &sdata->vif); 562 &sdata->vif);
558 } 563 }
559 564
565 sdata = rcu_dereference(local->monitor_sdata);
566 if (sdata)
567 iterator(data, sdata->vif.addr, &sdata->vif);
568
560 rcu_read_unlock(); 569 rcu_read_unlock();
561} 570}
562EXPORT_SYMBOL_GPL(ieee80211_iterate_active_interfaces_atomic); 571EXPORT_SYMBOL_GPL(ieee80211_iterate_active_interfaces_atomic);
@@ -999,6 +1008,8 @@ int ieee80211_build_preq_ies(struct ieee80211_local *local, u8 *buffer,
999 int ext_rates_len; 1008 int ext_rates_len;
1000 1009
1001 sband = local->hw.wiphy->bands[band]; 1010 sband = local->hw.wiphy->bands[band];
1011 if (WARN_ON_ONCE(!sband))
1012 return 0;
1002 1013
1003 pos = buffer; 1014 pos = buffer;
1004 1015
diff --git a/net/nfc/hci/core.c b/net/nfc/hci/core.c
index 36717cebfbb..1ac7b3fac6c 100644
--- a/net/nfc/hci/core.c
+++ b/net/nfc/hci/core.c
@@ -187,6 +187,7 @@ static int nfc_hci_target_discovered(struct nfc_hci_dev *hdev, u8 gate)
187 struct nfc_target *targets; 187 struct nfc_target *targets;
188 struct sk_buff *atqa_skb = NULL; 188 struct sk_buff *atqa_skb = NULL;
189 struct sk_buff *sak_skb = NULL; 189 struct sk_buff *sak_skb = NULL;
190 struct sk_buff *uid_skb = NULL;
190 int r; 191 int r;
191 192
192 pr_debug("from gate %d\n", gate); 193 pr_debug("from gate %d\n", gate);
@@ -222,6 +223,19 @@ static int nfc_hci_target_discovered(struct nfc_hci_dev *hdev, u8 gate)
222 targets->sens_res = be16_to_cpu(*(u16 *)atqa_skb->data); 223 targets->sens_res = be16_to_cpu(*(u16 *)atqa_skb->data);
223 targets->sel_res = sak_skb->data[0]; 224 targets->sel_res = sak_skb->data[0];
224 225
226 r = nfc_hci_get_param(hdev, NFC_HCI_RF_READER_A_GATE,
227 NFC_HCI_RF_READER_A_UID, &uid_skb);
228 if (r < 0)
229 goto exit;
230
231 if (uid_skb->len == 0 || uid_skb->len > NFC_NFCID1_MAXSIZE) {
232 r = -EPROTO;
233 goto exit;
234 }
235
236 memcpy(targets->nfcid1, uid_skb->data, uid_skb->len);
237 targets->nfcid1_len = uid_skb->len;
238
225 if (hdev->ops->complete_target_discovered) { 239 if (hdev->ops->complete_target_discovered) {
226 r = hdev->ops->complete_target_discovered(hdev, gate, 240 r = hdev->ops->complete_target_discovered(hdev, gate,
227 targets); 241 targets);
@@ -257,6 +271,7 @@ exit:
257 kfree(targets); 271 kfree(targets);
258 kfree_skb(atqa_skb); 272 kfree_skb(atqa_skb);
259 kfree_skb(sak_skb); 273 kfree_skb(sak_skb);
274 kfree_skb(uid_skb);
260 275
261 return r; 276 return r;
262} 277}
@@ -695,13 +710,12 @@ EXPORT_SYMBOL(nfc_hci_register_device);
695 710
696void nfc_hci_unregister_device(struct nfc_hci_dev *hdev) 711void nfc_hci_unregister_device(struct nfc_hci_dev *hdev)
697{ 712{
698 struct hci_msg *msg; 713 struct hci_msg *msg, *n;
699 714
700 skb_queue_purge(&hdev->rx_hcp_frags); 715 skb_queue_purge(&hdev->rx_hcp_frags);
701 skb_queue_purge(&hdev->msg_rx_queue); 716 skb_queue_purge(&hdev->msg_rx_queue);
702 717
703 while ((msg = list_first_entry(&hdev->msg_tx_queue, struct hci_msg, 718 list_for_each_entry_safe(msg, n, &hdev->msg_tx_queue, msg_l) {
704 msg_l)) != NULL) {
705 list_del(&msg->msg_l); 719 list_del(&msg->msg_l);
706 skb_queue_purge(&msg->msg_frags); 720 skb_queue_purge(&msg->msg_frags);
707 kfree(msg); 721 kfree(msg);
diff --git a/net/nfc/hci/hcp.c b/net/nfc/hci/hcp.c
index 7212cf2c578..f4dad1a8974 100644
--- a/net/nfc/hci/hcp.c
+++ b/net/nfc/hci/hcp.c
@@ -105,7 +105,7 @@ int nfc_hci_hcp_message_tx(struct nfc_hci_dev *hdev, u8 pipe,
105 } 105 }
106 106
107 mutex_lock(&hdev->msg_tx_mutex); 107 mutex_lock(&hdev->msg_tx_mutex);
108 list_add_tail(&hdev->msg_tx_queue, &cmd->msg_l); 108 list_add_tail(&cmd->msg_l, &hdev->msg_tx_queue);
109 mutex_unlock(&hdev->msg_tx_mutex); 109 mutex_unlock(&hdev->msg_tx_mutex);
110 110
111 queue_work(hdev->msg_tx_wq, &hdev->msg_tx_work); 111 queue_work(hdev->msg_tx_wq, &hdev->msg_tx_work);
diff --git a/net/nfc/nci/core.c b/net/nfc/nci/core.c
index 5bb4da68042..f81efe13985 100644
--- a/net/nfc/nci/core.c
+++ b/net/nfc/nci/core.c
@@ -27,6 +27,7 @@
27 27
28#define pr_fmt(fmt) KBUILD_MODNAME ": %s: " fmt, __func__ 28#define pr_fmt(fmt) KBUILD_MODNAME ": %s: " fmt, __func__
29 29
30#include <linux/module.h>
30#include <linux/types.h> 31#include <linux/types.h>
31#include <linux/workqueue.h> 32#include <linux/workqueue.h>
32#include <linux/completion.h> 33#include <linux/completion.h>
@@ -880,3 +881,5 @@ static void nci_cmd_work(struct work_struct *work)
880 jiffies + msecs_to_jiffies(NCI_CMD_TIMEOUT)); 881 jiffies + msecs_to_jiffies(NCI_CMD_TIMEOUT));
881 } 882 }
882} 883}
884
885MODULE_LICENSE("GPL");
diff --git a/net/wireless/Kconfig b/net/wireless/Kconfig
index 4d2b1ec6516..fe4adb12b3e 100644
--- a/net/wireless/Kconfig
+++ b/net/wireless/Kconfig
@@ -74,6 +74,27 @@ config CFG80211_REG_DEBUG
74 74
75 If unsure, say N. 75 If unsure, say N.
76 76
77config CFG80211_CERTIFICATION_ONUS
78 bool "cfg80211 certification onus"
79 depends on CFG80211 && EXPERT
80 default n
81 ---help---
82 You should disable this option unless you are both capable
83 and willing to ensure your system will remain regulatory
84 compliant with the features available under this option.
85 Some options may still be under heavy development and
86 for whatever reason regulatory compliance has not or
87 cannot yet be verified. Regulatory verification may at
88 times only be possible until you have the final system
89 in place.
90
91 This option should only be enabled by system integrators
92 or distributions that have done work necessary to ensure
93 regulatory certification on the system with the enabled
94 features. Alternatively you can enable this option if
95 you are a wireless researcher and are working in a controlled
96 and approved environment by your local regulatory agency.
97
77config CFG80211_DEFAULT_PS 98config CFG80211_DEFAULT_PS
78 bool "enable powersave by default" 99 bool "enable powersave by default"
79 depends on CFG80211 100 depends on CFG80211
diff --git a/net/wireless/chan.c b/net/wireless/chan.c
index 434c56b92c3..d355f67d0cd 100644
--- a/net/wireless/chan.c
+++ b/net/wireless/chan.c
@@ -82,7 +82,6 @@ int cfg80211_set_monitor_channel(struct cfg80211_registered_device *rdev,
82 int freq, enum nl80211_channel_type chantype) 82 int freq, enum nl80211_channel_type chantype)
83{ 83{
84 struct ieee80211_channel *chan; 84 struct ieee80211_channel *chan;
85 int err;
86 85
87 if (!rdev->ops->set_monitor_channel) 86 if (!rdev->ops->set_monitor_channel)
88 return -EOPNOTSUPP; 87 return -EOPNOTSUPP;
@@ -93,25 +92,17 @@ int cfg80211_set_monitor_channel(struct cfg80211_registered_device *rdev,
93 if (!chan) 92 if (!chan)
94 return -EINVAL; 93 return -EINVAL;
95 94
96 err = rdev->ops->set_monitor_channel(&rdev->wiphy, chan, chantype); 95 return rdev->ops->set_monitor_channel(&rdev->wiphy, chan, chantype);
97 if (!err) {
98 rdev->monitor_channel = chan;
99 rdev->monitor_channel_type = chantype;
100 }
101
102 return err;
103} 96}
104 97
105void 98void
106cfg80211_get_chan_state(struct cfg80211_registered_device *rdev, 99cfg80211_get_chan_state(struct wireless_dev *wdev,
107 struct wireless_dev *wdev,
108 struct ieee80211_channel **chan, 100 struct ieee80211_channel **chan,
109 enum cfg80211_chan_mode *chanmode) 101 enum cfg80211_chan_mode *chanmode)
110{ 102{
111 *chan = NULL; 103 *chan = NULL;
112 *chanmode = CHAN_MODE_UNDEFINED; 104 *chanmode = CHAN_MODE_UNDEFINED;
113 105
114 ASSERT_RDEV_LOCK(rdev);
115 ASSERT_WDEV_LOCK(wdev); 106 ASSERT_WDEV_LOCK(wdev);
116 107
117 if (!netif_running(wdev->netdev)) 108 if (!netif_running(wdev->netdev))
@@ -136,9 +127,16 @@ cfg80211_get_chan_state(struct cfg80211_registered_device *rdev,
136 break; 127 break;
137 case NL80211_IFTYPE_AP: 128 case NL80211_IFTYPE_AP:
138 case NL80211_IFTYPE_P2P_GO: 129 case NL80211_IFTYPE_P2P_GO:
130 if (wdev->beacon_interval) {
131 *chan = wdev->channel;
132 *chanmode = CHAN_MODE_SHARED;
133 }
134 return;
139 case NL80211_IFTYPE_MESH_POINT: 135 case NL80211_IFTYPE_MESH_POINT:
140 *chan = wdev->channel; 136 if (wdev->mesh_id_len) {
141 *chanmode = CHAN_MODE_SHARED; 137 *chan = wdev->channel;
138 *chanmode = CHAN_MODE_SHARED;
139 }
142 return; 140 return;
143 case NL80211_IFTYPE_MONITOR: 141 case NL80211_IFTYPE_MONITOR:
144 case NL80211_IFTYPE_AP_VLAN: 142 case NL80211_IFTYPE_AP_VLAN:
diff --git a/net/wireless/core.c b/net/wireless/core.c
index eb60410ae58..31b40cc4a9c 100644
--- a/net/wireless/core.c
+++ b/net/wireless/core.c
@@ -176,7 +176,9 @@ int cfg80211_switch_netns(struct cfg80211_registered_device *rdev,
176 if (!(rdev->wiphy.flags & WIPHY_FLAG_NETNS_OK)) 176 if (!(rdev->wiphy.flags & WIPHY_FLAG_NETNS_OK))
177 return -EOPNOTSUPP; 177 return -EOPNOTSUPP;
178 178
179 list_for_each_entry(wdev, &rdev->netdev_list, list) { 179 list_for_each_entry(wdev, &rdev->wdev_list, list) {
180 if (!wdev->netdev)
181 continue;
180 wdev->netdev->features &= ~NETIF_F_NETNS_LOCAL; 182 wdev->netdev->features &= ~NETIF_F_NETNS_LOCAL;
181 err = dev_change_net_namespace(wdev->netdev, net, "wlan%d"); 183 err = dev_change_net_namespace(wdev->netdev, net, "wlan%d");
182 if (err) 184 if (err)
@@ -188,8 +190,10 @@ int cfg80211_switch_netns(struct cfg80211_registered_device *rdev,
188 /* failed -- clean up to old netns */ 190 /* failed -- clean up to old netns */
189 net = wiphy_net(&rdev->wiphy); 191 net = wiphy_net(&rdev->wiphy);
190 192
191 list_for_each_entry_continue_reverse(wdev, &rdev->netdev_list, 193 list_for_each_entry_continue_reverse(wdev, &rdev->wdev_list,
192 list) { 194 list) {
195 if (!wdev->netdev)
196 continue;
193 wdev->netdev->features &= ~NETIF_F_NETNS_LOCAL; 197 wdev->netdev->features &= ~NETIF_F_NETNS_LOCAL;
194 err = dev_change_net_namespace(wdev->netdev, net, 198 err = dev_change_net_namespace(wdev->netdev, net,
195 "wlan%d"); 199 "wlan%d");
@@ -226,8 +230,9 @@ static int cfg80211_rfkill_set_block(void *data, bool blocked)
226 rtnl_lock(); 230 rtnl_lock();
227 mutex_lock(&rdev->devlist_mtx); 231 mutex_lock(&rdev->devlist_mtx);
228 232
229 list_for_each_entry(wdev, &rdev->netdev_list, list) 233 list_for_each_entry(wdev, &rdev->wdev_list, list)
230 dev_close(wdev->netdev); 234 if (wdev->netdev)
235 dev_close(wdev->netdev);
231 236
232 mutex_unlock(&rdev->devlist_mtx); 237 mutex_unlock(&rdev->devlist_mtx);
233 rtnl_unlock(); 238 rtnl_unlock();
@@ -304,7 +309,7 @@ struct wiphy *wiphy_new(const struct cfg80211_ops *ops, int sizeof_priv)
304 mutex_init(&rdev->mtx); 309 mutex_init(&rdev->mtx);
305 mutex_init(&rdev->devlist_mtx); 310 mutex_init(&rdev->devlist_mtx);
306 mutex_init(&rdev->sched_scan_mtx); 311 mutex_init(&rdev->sched_scan_mtx);
307 INIT_LIST_HEAD(&rdev->netdev_list); 312 INIT_LIST_HEAD(&rdev->wdev_list);
308 spin_lock_init(&rdev->bss_lock); 313 spin_lock_init(&rdev->bss_lock);
309 INIT_LIST_HEAD(&rdev->bss_list); 314 INIT_LIST_HEAD(&rdev->bss_list);
310 INIT_WORK(&rdev->scan_done_wk, __cfg80211_scan_done); 315 INIT_WORK(&rdev->scan_done_wk, __cfg80211_scan_done);
@@ -537,7 +542,7 @@ int wiphy_register(struct wiphy *wiphy)
537 } 542 }
538 543
539 /* set up regulatory info */ 544 /* set up regulatory info */
540 regulatory_update(wiphy, NL80211_REGDOM_SET_BY_CORE); 545 wiphy_regulatory_register(wiphy);
541 546
542 list_add_rcu(&rdev->list, &cfg80211_rdev_list); 547 list_add_rcu(&rdev->list, &cfg80211_rdev_list);
543 cfg80211_rdev_list_generation++; 548 cfg80211_rdev_list_generation++;
@@ -622,7 +627,7 @@ void wiphy_unregister(struct wiphy *wiphy)
622 __count == 0; })); 627 __count == 0; }));
623 628
624 mutex_lock(&rdev->devlist_mtx); 629 mutex_lock(&rdev->devlist_mtx);
625 BUG_ON(!list_empty(&rdev->netdev_list)); 630 BUG_ON(!list_empty(&rdev->wdev_list));
626 mutex_unlock(&rdev->devlist_mtx); 631 mutex_unlock(&rdev->devlist_mtx);
627 632
628 /* 633 /*
@@ -647,9 +652,11 @@ void wiphy_unregister(struct wiphy *wiphy)
647 /* nothing */ 652 /* nothing */
648 cfg80211_unlock_rdev(rdev); 653 cfg80211_unlock_rdev(rdev);
649 654
650 /* If this device got a regulatory hint tell core its 655 /*
651 * free to listen now to a new shiny device regulatory hint */ 656 * If this device got a regulatory hint tell core its
652 reg_device_remove(wiphy); 657 * free to listen now to a new shiny device regulatory hint
658 */
659 wiphy_regulatory_deregister(wiphy);
653 660
654 cfg80211_rdev_list_generation++; 661 cfg80211_rdev_list_generation++;
655 device_del(&rdev->wiphy.dev); 662 device_del(&rdev->wiphy.dev);
@@ -703,7 +710,7 @@ static void wdev_cleanup_work(struct work_struct *work)
703 710
704 cfg80211_lock_rdev(rdev); 711 cfg80211_lock_rdev(rdev);
705 712
706 if (WARN_ON(rdev->scan_req && rdev->scan_req->dev == wdev->netdev)) { 713 if (WARN_ON(rdev->scan_req && rdev->scan_req->wdev == wdev)) {
707 rdev->scan_req->aborted = true; 714 rdev->scan_req->aborted = true;
708 ___cfg80211_scan_done(rdev, true); 715 ___cfg80211_scan_done(rdev, true);
709 } 716 }
@@ -731,59 +738,14 @@ static struct device_type wiphy_type = {
731 .name = "wlan", 738 .name = "wlan",
732}; 739};
733 740
734static struct ieee80211_channel *
735cfg80211_get_any_chan(struct cfg80211_registered_device *rdev)
736{
737 struct ieee80211_supported_band *sband;
738 int i;
739
740 for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
741 sband = rdev->wiphy.bands[i];
742 if (sband && sband->n_channels > 0)
743 return &sband->channels[0];
744 }
745
746 return NULL;
747}
748
749static void cfg80211_init_mon_chan(struct cfg80211_registered_device *rdev)
750{
751 struct ieee80211_channel *chan;
752
753 chan = cfg80211_get_any_chan(rdev);
754 if (WARN_ON(!chan))
755 return;
756
757 mutex_lock(&rdev->devlist_mtx);
758 WARN_ON(cfg80211_set_monitor_channel(rdev, chan->center_freq,
759 NL80211_CHAN_NO_HT));
760 mutex_unlock(&rdev->devlist_mtx);
761}
762
763void cfg80211_update_iface_num(struct cfg80211_registered_device *rdev, 741void cfg80211_update_iface_num(struct cfg80211_registered_device *rdev,
764 enum nl80211_iftype iftype, int num) 742 enum nl80211_iftype iftype, int num)
765{ 743{
766 bool has_monitors_only_old = cfg80211_has_monitors_only(rdev);
767 bool has_monitors_only_new;
768
769 ASSERT_RTNL(); 744 ASSERT_RTNL();
770 745
771 rdev->num_running_ifaces += num; 746 rdev->num_running_ifaces += num;
772 if (iftype == NL80211_IFTYPE_MONITOR) 747 if (iftype == NL80211_IFTYPE_MONITOR)
773 rdev->num_running_monitor_ifaces += num; 748 rdev->num_running_monitor_ifaces += num;
774
775 has_monitors_only_new = cfg80211_has_monitors_only(rdev);
776 if (has_monitors_only_new != has_monitors_only_old) {
777 rdev->ops->set_monitor_enabled(&rdev->wiphy,
778 has_monitors_only_new);
779
780 if (!has_monitors_only_new) {
781 rdev->monitor_channel = NULL;
782 rdev->monitor_channel_type = NL80211_CHAN_NO_HT;
783 } else {
784 cfg80211_init_mon_chan(rdev);
785 }
786 }
787} 749}
788 750
789static int cfg80211_netdev_notifier_call(struct notifier_block *nb, 751static int cfg80211_netdev_notifier_call(struct notifier_block *nb,
@@ -820,7 +782,8 @@ static int cfg80211_netdev_notifier_call(struct notifier_block *nb,
820 spin_lock_init(&wdev->mgmt_registrations_lock); 782 spin_lock_init(&wdev->mgmt_registrations_lock);
821 783
822 mutex_lock(&rdev->devlist_mtx); 784 mutex_lock(&rdev->devlist_mtx);
823 list_add_rcu(&wdev->list, &rdev->netdev_list); 785 wdev->identifier = ++rdev->wdev_id;
786 list_add_rcu(&wdev->list, &rdev->wdev_list);
824 rdev->devlist_generation++; 787 rdev->devlist_generation++;
825 /* can only change netns with wiphy */ 788 /* can only change netns with wiphy */
826 dev->features |= NETIF_F_NETNS_LOCAL; 789 dev->features |= NETIF_F_NETNS_LOCAL;
@@ -905,6 +868,7 @@ static int cfg80211_netdev_notifier_call(struct notifier_block *nb,
905 mutex_unlock(&rdev->devlist_mtx); 868 mutex_unlock(&rdev->devlist_mtx);
906 dev_put(dev); 869 dev_put(dev);
907 } 870 }
871 cfg80211_update_iface_num(rdev, wdev->iftype, 1);
908 cfg80211_lock_rdev(rdev); 872 cfg80211_lock_rdev(rdev);
909 mutex_lock(&rdev->devlist_mtx); 873 mutex_lock(&rdev->devlist_mtx);
910 wdev_lock(wdev); 874 wdev_lock(wdev);
@@ -999,7 +963,6 @@ static int cfg80211_netdev_notifier_call(struct notifier_block *nb,
999 mutex_unlock(&rdev->devlist_mtx); 963 mutex_unlock(&rdev->devlist_mtx);
1000 if (ret) 964 if (ret)
1001 return notifier_from_errno(ret); 965 return notifier_from_errno(ret);
1002 cfg80211_update_iface_num(rdev, wdev->iftype, 1);
1003 break; 966 break;
1004 } 967 }
1005 968
diff --git a/net/wireless/core.h b/net/wireless/core.h
index 377dc394f48..5206c6844fd 100644
--- a/net/wireless/core.h
+++ b/net/wireless/core.h
@@ -47,11 +47,11 @@ struct cfg80211_registered_device {
47 /* wiphy index, internal only */ 47 /* wiphy index, internal only */
48 int wiphy_idx; 48 int wiphy_idx;
49 49
50 /* associate netdev list */ 50 /* associated wireless interfaces */
51 struct mutex devlist_mtx; 51 struct mutex devlist_mtx;
52 /* protected by devlist_mtx or RCU */ 52 /* protected by devlist_mtx or RCU */
53 struct list_head netdev_list; 53 struct list_head wdev_list;
54 int devlist_generation; 54 int devlist_generation, wdev_id;
55 int opencount; /* also protected by devlist_mtx */ 55 int opencount; /* also protected by devlist_mtx */
56 wait_queue_head_t dev_wait; 56 wait_queue_head_t dev_wait;
57 57
@@ -61,9 +61,6 @@ struct cfg80211_registered_device {
61 int num_running_ifaces; 61 int num_running_ifaces;
62 int num_running_monitor_ifaces; 62 int num_running_monitor_ifaces;
63 63
64 struct ieee80211_channel *monitor_channel;
65 enum nl80211_channel_type monitor_channel_type;
66
67 /* BSSes/scanning */ 64 /* BSSes/scanning */
68 spinlock_t bss_lock; 65 spinlock_t bss_lock;
69 struct list_head bss_list; 66 struct list_head bss_list;
@@ -372,7 +369,7 @@ int cfg80211_mlme_register_mgmt(struct wireless_dev *wdev, u32 snd_pid,
372void cfg80211_mlme_unregister_socket(struct wireless_dev *wdev, u32 nlpid); 369void cfg80211_mlme_unregister_socket(struct wireless_dev *wdev, u32 nlpid);
373void cfg80211_mlme_purge_registrations(struct wireless_dev *wdev); 370void cfg80211_mlme_purge_registrations(struct wireless_dev *wdev);
374int cfg80211_mlme_mgmt_tx(struct cfg80211_registered_device *rdev, 371int cfg80211_mlme_mgmt_tx(struct cfg80211_registered_device *rdev,
375 struct net_device *dev, 372 struct wireless_dev *wdev,
376 struct ieee80211_channel *chan, bool offchan, 373 struct ieee80211_channel *chan, bool offchan,
377 enum nl80211_channel_type channel_type, 374 enum nl80211_channel_type channel_type,
378 bool channel_type_valid, unsigned int wait, 375 bool channel_type_valid, unsigned int wait,
@@ -463,8 +460,7 @@ cfg80211_can_use_chan(struct cfg80211_registered_device *rdev,
463} 460}
464 461
465void 462void
466cfg80211_get_chan_state(struct cfg80211_registered_device *rdev, 463cfg80211_get_chan_state(struct wireless_dev *wdev,
467 struct wireless_dev *wdev,
468 struct ieee80211_channel **chan, 464 struct ieee80211_channel **chan,
469 enum cfg80211_chan_mode *chanmode); 465 enum cfg80211_chan_mode *chanmode);
470 466
diff --git a/net/wireless/mlme.c b/net/wireless/mlme.c
index d4fece3bb18..1cdb1d5e6b0 100644
--- a/net/wireless/mlme.c
+++ b/net/wireless/mlme.c
@@ -567,29 +567,28 @@ void cfg80211_mlme_down(struct cfg80211_registered_device *rdev,
567 } 567 }
568} 568}
569 569
570void cfg80211_ready_on_channel(struct net_device *dev, u64 cookie, 570void cfg80211_ready_on_channel(struct wireless_dev *wdev, u64 cookie,
571 struct ieee80211_channel *chan, 571 struct ieee80211_channel *chan,
572 enum nl80211_channel_type channel_type, 572 enum nl80211_channel_type channel_type,
573 unsigned int duration, gfp_t gfp) 573 unsigned int duration, gfp_t gfp)
574{ 574{
575 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy; 575 struct wiphy *wiphy = wdev->wiphy;
576 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 576 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
577 577
578 nl80211_send_remain_on_channel(rdev, dev, cookie, chan, channel_type, 578 nl80211_send_remain_on_channel(rdev, wdev, cookie, chan, channel_type,
579 duration, gfp); 579 duration, gfp);
580} 580}
581EXPORT_SYMBOL(cfg80211_ready_on_channel); 581EXPORT_SYMBOL(cfg80211_ready_on_channel);
582 582
583void cfg80211_remain_on_channel_expired(struct net_device *dev, 583void cfg80211_remain_on_channel_expired(struct wireless_dev *wdev, u64 cookie,
584 u64 cookie,
585 struct ieee80211_channel *chan, 584 struct ieee80211_channel *chan,
586 enum nl80211_channel_type channel_type, 585 enum nl80211_channel_type channel_type,
587 gfp_t gfp) 586 gfp_t gfp)
588{ 587{
589 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy; 588 struct wiphy *wiphy = wdev->wiphy;
590 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 589 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
591 590
592 nl80211_send_remain_on_channel_cancel(rdev, dev, cookie, chan, 591 nl80211_send_remain_on_channel_cancel(rdev, wdev, cookie, chan,
593 channel_type, gfp); 592 channel_type, gfp);
594} 593}
595EXPORT_SYMBOL(cfg80211_remain_on_channel_expired); 594EXPORT_SYMBOL(cfg80211_remain_on_channel_expired);
@@ -678,8 +677,7 @@ int cfg80211_mlme_register_mgmt(struct wireless_dev *wdev, u32 snd_pid,
678 list_add(&nreg->list, &wdev->mgmt_registrations); 677 list_add(&nreg->list, &wdev->mgmt_registrations);
679 678
680 if (rdev->ops->mgmt_frame_register) 679 if (rdev->ops->mgmt_frame_register)
681 rdev->ops->mgmt_frame_register(wiphy, wdev->netdev, 680 rdev->ops->mgmt_frame_register(wiphy, wdev, frame_type, true);
682 frame_type, true);
683 681
684 out: 682 out:
685 spin_unlock_bh(&wdev->mgmt_registrations_lock); 683 spin_unlock_bh(&wdev->mgmt_registrations_lock);
@@ -702,7 +700,7 @@ void cfg80211_mlme_unregister_socket(struct wireless_dev *wdev, u32 nlpid)
702 if (rdev->ops->mgmt_frame_register) { 700 if (rdev->ops->mgmt_frame_register) {
703 u16 frame_type = le16_to_cpu(reg->frame_type); 701 u16 frame_type = le16_to_cpu(reg->frame_type);
704 702
705 rdev->ops->mgmt_frame_register(wiphy, wdev->netdev, 703 rdev->ops->mgmt_frame_register(wiphy, wdev,
706 frame_type, false); 704 frame_type, false);
707 } 705 }
708 706
@@ -731,14 +729,14 @@ void cfg80211_mlme_purge_registrations(struct wireless_dev *wdev)
731} 729}
732 730
733int cfg80211_mlme_mgmt_tx(struct cfg80211_registered_device *rdev, 731int cfg80211_mlme_mgmt_tx(struct cfg80211_registered_device *rdev,
734 struct net_device *dev, 732 struct wireless_dev *wdev,
735 struct ieee80211_channel *chan, bool offchan, 733 struct ieee80211_channel *chan, bool offchan,
736 enum nl80211_channel_type channel_type, 734 enum nl80211_channel_type channel_type,
737 bool channel_type_valid, unsigned int wait, 735 bool channel_type_valid, unsigned int wait,
738 const u8 *buf, size_t len, bool no_cck, 736 const u8 *buf, size_t len, bool no_cck,
739 bool dont_wait_for_ack, u64 *cookie) 737 bool dont_wait_for_ack, u64 *cookie)
740{ 738{
741 struct wireless_dev *wdev = dev->ieee80211_ptr; 739 struct net_device *dev = wdev->netdev;
742 const struct ieee80211_mgmt *mgmt; 740 const struct ieee80211_mgmt *mgmt;
743 u16 stype; 741 u16 stype;
744 742
@@ -825,16 +823,15 @@ int cfg80211_mlme_mgmt_tx(struct cfg80211_registered_device *rdev,
825 return -EINVAL; 823 return -EINVAL;
826 824
827 /* Transmit the Action frame as requested by user space */ 825 /* Transmit the Action frame as requested by user space */
828 return rdev->ops->mgmt_tx(&rdev->wiphy, dev, chan, offchan, 826 return rdev->ops->mgmt_tx(&rdev->wiphy, wdev, chan, offchan,
829 channel_type, channel_type_valid, 827 channel_type, channel_type_valid,
830 wait, buf, len, no_cck, dont_wait_for_ack, 828 wait, buf, len, no_cck, dont_wait_for_ack,
831 cookie); 829 cookie);
832} 830}
833 831
834bool cfg80211_rx_mgmt(struct net_device *dev, int freq, int sig_mbm, 832bool cfg80211_rx_mgmt(struct wireless_dev *wdev, int freq, int sig_mbm,
835 const u8 *buf, size_t len, gfp_t gfp) 833 const u8 *buf, size_t len, gfp_t gfp)
836{ 834{
837 struct wireless_dev *wdev = dev->ieee80211_ptr;
838 struct wiphy *wiphy = wdev->wiphy; 835 struct wiphy *wiphy = wdev->wiphy;
839 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 836 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
840 struct cfg80211_mgmt_registration *reg; 837 struct cfg80211_mgmt_registration *reg;
@@ -871,7 +868,7 @@ bool cfg80211_rx_mgmt(struct net_device *dev, int freq, int sig_mbm,
871 /* found match! */ 868 /* found match! */
872 869
873 /* Indicate the received Action frame to user space */ 870 /* Indicate the received Action frame to user space */
874 if (nl80211_send_mgmt(rdev, dev, reg->nlpid, 871 if (nl80211_send_mgmt(rdev, wdev, reg->nlpid,
875 freq, sig_mbm, 872 freq, sig_mbm,
876 buf, len, gfp)) 873 buf, len, gfp))
877 continue; 874 continue;
@@ -886,15 +883,14 @@ bool cfg80211_rx_mgmt(struct net_device *dev, int freq, int sig_mbm,
886} 883}
887EXPORT_SYMBOL(cfg80211_rx_mgmt); 884EXPORT_SYMBOL(cfg80211_rx_mgmt);
888 885
889void cfg80211_mgmt_tx_status(struct net_device *dev, u64 cookie, 886void cfg80211_mgmt_tx_status(struct wireless_dev *wdev, u64 cookie,
890 const u8 *buf, size_t len, bool ack, gfp_t gfp) 887 const u8 *buf, size_t len, bool ack, gfp_t gfp)
891{ 888{
892 struct wireless_dev *wdev = dev->ieee80211_ptr;
893 struct wiphy *wiphy = wdev->wiphy; 889 struct wiphy *wiphy = wdev->wiphy;
894 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 890 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
895 891
896 /* Indicate TX status of the Action frame to user space */ 892 /* Indicate TX status of the Action frame to user space */
897 nl80211_send_mgmt_tx_status(rdev, dev, cookie, buf, len, ack, gfp); 893 nl80211_send_mgmt_tx_status(rdev, wdev, cookie, buf, len, ack, gfp);
898} 894}
899EXPORT_SYMBOL(cfg80211_mgmt_tx_status); 895EXPORT_SYMBOL(cfg80211_mgmt_tx_status);
900 896
@@ -923,6 +919,19 @@ void cfg80211_cqm_pktloss_notify(struct net_device *dev,
923} 919}
924EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify); 920EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify);
925 921
922void cfg80211_cqm_txe_notify(struct net_device *dev,
923 const u8 *peer, u32 num_packets,
924 u32 rate, u32 intvl, gfp_t gfp)
925{
926 struct wireless_dev *wdev = dev->ieee80211_ptr;
927 struct wiphy *wiphy = wdev->wiphy;
928 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
929
930 nl80211_send_cqm_txe_notify(rdev, dev, peer, num_packets,
931 rate, intvl, gfp);
932}
933EXPORT_SYMBOL(cfg80211_cqm_txe_notify);
934
926void cfg80211_gtk_rekey_notify(struct net_device *dev, const u8 *bssid, 935void cfg80211_gtk_rekey_notify(struct net_device *dev, const u8 *bssid,
927 const u8 *replay_ctr, gfp_t gfp) 936 const u8 *replay_ctr, gfp_t gfp)
928{ 937{
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 0249cea5385..97026f3b215 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -46,28 +46,60 @@ static struct genl_family nl80211_fam = {
46 .post_doit = nl80211_post_doit, 46 .post_doit = nl80211_post_doit,
47}; 47};
48 48
49/* internal helper: get rdev and dev */ 49/* returns ERR_PTR values */
50static int get_rdev_dev_by_ifindex(struct net *netns, struct nlattr **attrs, 50static struct wireless_dev *
51 struct cfg80211_registered_device **rdev, 51__cfg80211_wdev_from_attrs(struct net *netns, struct nlattr **attrs)
52 struct net_device **dev)
53{ 52{
54 int ifindex; 53 struct cfg80211_registered_device *rdev;
54 struct wireless_dev *result = NULL;
55 bool have_ifidx = attrs[NL80211_ATTR_IFINDEX];
56 bool have_wdev_id = attrs[NL80211_ATTR_WDEV];
57 u64 wdev_id;
58 int wiphy_idx = -1;
59 int ifidx = -1;
55 60
56 if (!attrs[NL80211_ATTR_IFINDEX]) 61 assert_cfg80211_lock();
57 return -EINVAL;
58 62
59 ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]); 63 if (!have_ifidx && !have_wdev_id)
60 *dev = dev_get_by_index(netns, ifindex); 64 return ERR_PTR(-EINVAL);
61 if (!*dev)
62 return -ENODEV;
63 65
64 *rdev = cfg80211_get_dev_from_ifindex(netns, ifindex); 66 if (have_ifidx)
65 if (IS_ERR(*rdev)) { 67 ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
66 dev_put(*dev); 68 if (have_wdev_id) {
67 return PTR_ERR(*rdev); 69 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
70 wiphy_idx = wdev_id >> 32;
68 } 71 }
69 72
70 return 0; 73 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
74 struct wireless_dev *wdev;
75
76 if (wiphy_net(&rdev->wiphy) != netns)
77 continue;
78
79 if (have_wdev_id && rdev->wiphy_idx != wiphy_idx)
80 continue;
81
82 mutex_lock(&rdev->devlist_mtx);
83 list_for_each_entry(wdev, &rdev->wdev_list, list) {
84 if (have_ifidx && wdev->netdev &&
85 wdev->netdev->ifindex == ifidx) {
86 result = wdev;
87 break;
88 }
89 if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
90 result = wdev;
91 break;
92 }
93 }
94 mutex_unlock(&rdev->devlist_mtx);
95
96 if (result)
97 break;
98 }
99
100 if (result)
101 return result;
102 return ERR_PTR(-ENODEV);
71} 103}
72 104
73static struct cfg80211_registered_device * 105static struct cfg80211_registered_device *
@@ -79,13 +111,40 @@ __cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
79 assert_cfg80211_lock(); 111 assert_cfg80211_lock();
80 112
81 if (!attrs[NL80211_ATTR_WIPHY] && 113 if (!attrs[NL80211_ATTR_WIPHY] &&
82 !attrs[NL80211_ATTR_IFINDEX]) 114 !attrs[NL80211_ATTR_IFINDEX] &&
115 !attrs[NL80211_ATTR_WDEV])
83 return ERR_PTR(-EINVAL); 116 return ERR_PTR(-EINVAL);
84 117
85 if (attrs[NL80211_ATTR_WIPHY]) 118 if (attrs[NL80211_ATTR_WIPHY])
86 rdev = cfg80211_rdev_by_wiphy_idx( 119 rdev = cfg80211_rdev_by_wiphy_idx(
87 nla_get_u32(attrs[NL80211_ATTR_WIPHY])); 120 nla_get_u32(attrs[NL80211_ATTR_WIPHY]));
88 121
122 if (attrs[NL80211_ATTR_WDEV]) {
123 u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
124 struct wireless_dev *wdev;
125 bool found = false;
126
127 tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32);
128 if (tmp) {
129 /* make sure wdev exists */
130 mutex_lock(&tmp->devlist_mtx);
131 list_for_each_entry(wdev, &tmp->wdev_list, list) {
132 if (wdev->identifier != (u32)wdev_id)
133 continue;
134 found = true;
135 break;
136 }
137 mutex_unlock(&tmp->devlist_mtx);
138
139 if (!found)
140 tmp = NULL;
141
142 if (rdev && tmp != rdev)
143 return ERR_PTR(-EINVAL);
144 rdev = tmp;
145 }
146 }
147
89 if (attrs[NL80211_ATTR_IFINDEX]) { 148 if (attrs[NL80211_ATTR_IFINDEX]) {
90 int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]); 149 int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
91 netdev = dev_get_by_index(netns, ifindex); 150 netdev = dev_get_by_index(netns, ifindex);
@@ -294,6 +353,8 @@ static const struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] = {
294 [NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 }, 353 [NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
295 [NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 }, 354 [NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 },
296 [NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 }, 355 [NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
356 [NL80211_ATTR_WDEV] = { .type = NLA_U64 },
357 [NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 },
297}; 358};
298 359
299/* policy for the key attributes */ 360/* policy for the key attributes */
@@ -1668,32 +1729,48 @@ static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
1668 return result; 1729 return result;
1669} 1730}
1670 1731
1732static inline u64 wdev_id(struct wireless_dev *wdev)
1733{
1734 return (u64)wdev->identifier |
1735 ((u64)wiphy_to_dev(wdev->wiphy)->wiphy_idx << 32);
1736}
1671 1737
1672static int nl80211_send_iface(struct sk_buff *msg, u32 pid, u32 seq, int flags, 1738static int nl80211_send_iface(struct sk_buff *msg, u32 pid, u32 seq, int flags,
1673 struct cfg80211_registered_device *rdev, 1739 struct cfg80211_registered_device *rdev,
1674 struct net_device *dev) 1740 struct wireless_dev *wdev)
1675{ 1741{
1742 struct net_device *dev = wdev->netdev;
1676 void *hdr; 1743 void *hdr;
1677 1744
1678 hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_INTERFACE); 1745 hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_INTERFACE);
1679 if (!hdr) 1746 if (!hdr)
1680 return -1; 1747 return -1;
1681 1748
1682 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 1749 if (dev &&
1683 nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 1750 (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
1684 nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name) || 1751 nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name) ||
1685 nla_put_u32(msg, NL80211_ATTR_IFTYPE, 1752 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dev->dev_addr)))
1686 dev->ieee80211_ptr->iftype) || 1753 goto nla_put_failure;
1754
1755 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
1756 nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) ||
1757 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
1687 nla_put_u32(msg, NL80211_ATTR_GENERATION, 1758 nla_put_u32(msg, NL80211_ATTR_GENERATION,
1688 rdev->devlist_generation ^ 1759 rdev->devlist_generation ^
1689 (cfg80211_rdev_list_generation << 2))) 1760 (cfg80211_rdev_list_generation << 2)))
1690 goto nla_put_failure; 1761 goto nla_put_failure;
1691 1762
1692 if (rdev->monitor_channel) { 1763 if (rdev->ops->get_channel) {
1693 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, 1764 struct ieee80211_channel *chan;
1694 rdev->monitor_channel->center_freq) || 1765 enum nl80211_channel_type channel_type;
1695 nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 1766
1696 rdev->monitor_channel_type)) 1767 chan = rdev->ops->get_channel(&rdev->wiphy, wdev,
1768 &channel_type);
1769 if (chan &&
1770 (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
1771 chan->center_freq) ||
1772 nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
1773 channel_type)))
1697 goto nla_put_failure; 1774 goto nla_put_failure;
1698 } 1775 }
1699 1776
@@ -1724,14 +1801,14 @@ static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *
1724 if_idx = 0; 1801 if_idx = 0;
1725 1802
1726 mutex_lock(&rdev->devlist_mtx); 1803 mutex_lock(&rdev->devlist_mtx);
1727 list_for_each_entry(wdev, &rdev->netdev_list, list) { 1804 list_for_each_entry(wdev, &rdev->wdev_list, list) {
1728 if (if_idx < if_start) { 1805 if (if_idx < if_start) {
1729 if_idx++; 1806 if_idx++;
1730 continue; 1807 continue;
1731 } 1808 }
1732 if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).pid, 1809 if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).pid,
1733 cb->nlh->nlmsg_seq, NLM_F_MULTI, 1810 cb->nlh->nlmsg_seq, NLM_F_MULTI,
1734 rdev, wdev->netdev) < 0) { 1811 rdev, wdev) < 0) {
1735 mutex_unlock(&rdev->devlist_mtx); 1812 mutex_unlock(&rdev->devlist_mtx);
1736 goto out; 1813 goto out;
1737 } 1814 }
@@ -1754,14 +1831,14 @@ static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
1754{ 1831{
1755 struct sk_buff *msg; 1832 struct sk_buff *msg;
1756 struct cfg80211_registered_device *dev = info->user_ptr[0]; 1833 struct cfg80211_registered_device *dev = info->user_ptr[0];
1757 struct net_device *netdev = info->user_ptr[1]; 1834 struct wireless_dev *wdev = info->user_ptr[1];
1758 1835
1759 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 1836 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1760 if (!msg) 1837 if (!msg)
1761 return -ENOMEM; 1838 return -ENOMEM;
1762 1839
1763 if (nl80211_send_iface(msg, info->snd_pid, info->snd_seq, 0, 1840 if (nl80211_send_iface(msg, info->snd_pid, info->snd_seq, 0,
1764 dev, netdev) < 0) { 1841 dev, wdev) < 0) {
1765 nlmsg_free(msg); 1842 nlmsg_free(msg);
1766 return -ENOBUFS; 1843 return -ENOBUFS;
1767 } 1844 }
@@ -1901,7 +1978,8 @@ static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
1901{ 1978{
1902 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 1979 struct cfg80211_registered_device *rdev = info->user_ptr[0];
1903 struct vif_params params; 1980 struct vif_params params;
1904 struct net_device *dev; 1981 struct wireless_dev *wdev;
1982 struct sk_buff *msg;
1905 int err; 1983 int err;
1906 enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED; 1984 enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
1907 u32 flags; 1985 u32 flags;
@@ -1928,19 +2006,23 @@ static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
1928 return err; 2006 return err;
1929 } 2007 }
1930 2008
2009 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2010 if (!msg)
2011 return -ENOMEM;
2012
1931 err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ? 2013 err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ?
1932 info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL, 2014 info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL,
1933 &flags); 2015 &flags);
1934 dev = rdev->ops->add_virtual_intf(&rdev->wiphy, 2016 wdev = rdev->ops->add_virtual_intf(&rdev->wiphy,
1935 nla_data(info->attrs[NL80211_ATTR_IFNAME]), 2017 nla_data(info->attrs[NL80211_ATTR_IFNAME]),
1936 type, err ? NULL : &flags, &params); 2018 type, err ? NULL : &flags, &params);
1937 if (IS_ERR(dev)) 2019 if (IS_ERR(wdev)) {
1938 return PTR_ERR(dev); 2020 nlmsg_free(msg);
2021 return PTR_ERR(wdev);
2022 }
1939 2023
1940 if (type == NL80211_IFTYPE_MESH_POINT && 2024 if (type == NL80211_IFTYPE_MESH_POINT &&
1941 info->attrs[NL80211_ATTR_MESH_ID]) { 2025 info->attrs[NL80211_ATTR_MESH_ID]) {
1942 struct wireless_dev *wdev = dev->ieee80211_ptr;
1943
1944 wdev_lock(wdev); 2026 wdev_lock(wdev);
1945 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN != 2027 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
1946 IEEE80211_MAX_MESH_ID_LEN); 2028 IEEE80211_MAX_MESH_ID_LEN);
@@ -1951,18 +2033,34 @@ static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
1951 wdev_unlock(wdev); 2033 wdev_unlock(wdev);
1952 } 2034 }
1953 2035
1954 return 0; 2036 if (nl80211_send_iface(msg, info->snd_pid, info->snd_seq, 0,
2037 rdev, wdev) < 0) {
2038 nlmsg_free(msg);
2039 return -ENOBUFS;
2040 }
2041
2042 return genlmsg_reply(msg, info);
1955} 2043}
1956 2044
1957static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info) 2045static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
1958{ 2046{
1959 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2047 struct cfg80211_registered_device *rdev = info->user_ptr[0];
1960 struct net_device *dev = info->user_ptr[1]; 2048 struct wireless_dev *wdev = info->user_ptr[1];
1961 2049
1962 if (!rdev->ops->del_virtual_intf) 2050 if (!rdev->ops->del_virtual_intf)
1963 return -EOPNOTSUPP; 2051 return -EOPNOTSUPP;
1964 2052
1965 return rdev->ops->del_virtual_intf(&rdev->wiphy, dev); 2053 /*
2054 * If we remove a wireless device without a netdev then clear
2055 * user_ptr[1] so that nl80211_post_doit won't dereference it
2056 * to check if it needs to do dev_put(). Otherwise it crashes
2057 * since the wdev has been freed, unlike with a netdev where
2058 * we need the dev_put() for the netdev to really be freed.
2059 */
2060 if (!wdev->netdev)
2061 info->user_ptr[1] = NULL;
2062
2063 return rdev->ops->del_virtual_intf(&rdev->wiphy, wdev);
1966} 2064}
1967 2065
1968static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info) 2066static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
@@ -2350,7 +2448,7 @@ static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev,
2350 2448
2351 mutex_lock(&rdev->devlist_mtx); 2449 mutex_lock(&rdev->devlist_mtx);
2352 2450
2353 list_for_each_entry(wdev, &rdev->netdev_list, list) { 2451 list_for_each_entry(wdev, &rdev->wdev_list, list) {
2354 if (wdev->iftype != NL80211_IFTYPE_AP && 2452 if (wdev->iftype != NL80211_IFTYPE_AP &&
2355 wdev->iftype != NL80211_IFTYPE_P2P_GO) 2453 wdev->iftype != NL80211_IFTYPE_P2P_GO)
2356 continue; 2454 continue;
@@ -3485,6 +3583,7 @@ static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
3485{ 3583{
3486 int r; 3584 int r;
3487 char *data = NULL; 3585 char *data = NULL;
3586 enum nl80211_user_reg_hint_type user_reg_hint_type;
3488 3587
3489 /* 3588 /*
3490 * You should only get this when cfg80211 hasn't yet initialized 3589 * You should only get this when cfg80211 hasn't yet initialized
@@ -3504,7 +3603,21 @@ static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
3504 3603
3505 data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]); 3604 data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
3506 3605
3507 r = regulatory_hint_user(data); 3606 if (info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE])
3607 user_reg_hint_type =
3608 nla_get_u32(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]);
3609 else
3610 user_reg_hint_type = NL80211_USER_REG_HINT_USER;
3611
3612 switch (user_reg_hint_type) {
3613 case NL80211_USER_REG_HINT_USER:
3614 case NL80211_USER_REG_HINT_CELL_BASE:
3615 break;
3616 default:
3617 return -EINVAL;
3618 }
3619
3620 r = regulatory_hint_user(data, user_reg_hint_type);
3508 3621
3509 return r; 3622 return r;
3510} 3623}
@@ -3874,6 +3987,11 @@ static int nl80211_get_reg(struct sk_buff *skb, struct genl_info *info)
3874 cfg80211_regdomain->dfs_region))) 3987 cfg80211_regdomain->dfs_region)))
3875 goto nla_put_failure; 3988 goto nla_put_failure;
3876 3989
3990 if (reg_last_request_cell_base() &&
3991 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
3992 NL80211_USER_REG_HINT_CELL_BASE))
3993 goto nla_put_failure;
3994
3877 nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES); 3995 nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES);
3878 if (!nl_reg_rules) 3996 if (!nl_reg_rules)
3879 goto nla_put_failure; 3997 goto nla_put_failure;
@@ -4039,7 +4157,7 @@ static int validate_scan_freqs(struct nlattr *freqs)
4039static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info) 4157static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
4040{ 4158{
4041 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4159 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4042 struct net_device *dev = info->user_ptr[1]; 4160 struct wireless_dev *wdev = info->user_ptr[1];
4043 struct cfg80211_scan_request *request; 4161 struct cfg80211_scan_request *request;
4044 struct nlattr *attr; 4162 struct nlattr *attr;
4045 struct wiphy *wiphy; 4163 struct wiphy *wiphy;
@@ -4199,15 +4317,16 @@ static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
4199 request->no_cck = 4317 request->no_cck =
4200 nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]); 4318 nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
4201 4319
4202 request->dev = dev; 4320 request->wdev = wdev;
4203 request->wiphy = &rdev->wiphy; 4321 request->wiphy = &rdev->wiphy;
4204 4322
4205 rdev->scan_req = request; 4323 rdev->scan_req = request;
4206 err = rdev->ops->scan(&rdev->wiphy, dev, request); 4324 err = rdev->ops->scan(&rdev->wiphy, request);
4207 4325
4208 if (!err) { 4326 if (!err) {
4209 nl80211_send_scan_start(rdev, dev); 4327 nl80211_send_scan_start(rdev, wdev);
4210 dev_hold(dev); 4328 if (wdev->netdev)
4329 dev_hold(wdev->netdev);
4211 } else { 4330 } else {
4212 out_free: 4331 out_free:
4213 rdev->scan_req = NULL; 4332 rdev->scan_req = NULL;
@@ -5685,7 +5804,7 @@ static int nl80211_remain_on_channel(struct sk_buff *skb,
5685 struct genl_info *info) 5804 struct genl_info *info)
5686{ 5805{
5687 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5806 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5688 struct net_device *dev = info->user_ptr[1]; 5807 struct wireless_dev *wdev = info->user_ptr[1];
5689 struct ieee80211_channel *chan; 5808 struct ieee80211_channel *chan;
5690 struct sk_buff *msg; 5809 struct sk_buff *msg;
5691 void *hdr; 5810 void *hdr;
@@ -5733,7 +5852,7 @@ static int nl80211_remain_on_channel(struct sk_buff *skb,
5733 goto free_msg; 5852 goto free_msg;
5734 } 5853 }
5735 5854
5736 err = rdev->ops->remain_on_channel(&rdev->wiphy, dev, chan, 5855 err = rdev->ops->remain_on_channel(&rdev->wiphy, wdev, chan,
5737 channel_type, duration, &cookie); 5856 channel_type, duration, &cookie);
5738 5857
5739 if (err) 5858 if (err)
@@ -5757,7 +5876,7 @@ static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
5757 struct genl_info *info) 5876 struct genl_info *info)
5758{ 5877{
5759 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5878 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5760 struct net_device *dev = info->user_ptr[1]; 5879 struct wireless_dev *wdev = info->user_ptr[1];
5761 u64 cookie; 5880 u64 cookie;
5762 5881
5763 if (!info->attrs[NL80211_ATTR_COOKIE]) 5882 if (!info->attrs[NL80211_ATTR_COOKIE])
@@ -5768,7 +5887,7 @@ static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
5768 5887
5769 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]); 5888 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
5770 5889
5771 return rdev->ops->cancel_remain_on_channel(&rdev->wiphy, dev, cookie); 5890 return rdev->ops->cancel_remain_on_channel(&rdev->wiphy, wdev, cookie);
5772} 5891}
5773 5892
5774static u32 rateset_to_mask(struct ieee80211_supported_band *sband, 5893static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
@@ -5917,7 +6036,7 @@ static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
5917static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info) 6036static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
5918{ 6037{
5919 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6038 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5920 struct net_device *dev = info->user_ptr[1]; 6039 struct wireless_dev *wdev = info->user_ptr[1];
5921 u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION; 6040 u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
5922 6041
5923 if (!info->attrs[NL80211_ATTR_FRAME_MATCH]) 6042 if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
@@ -5926,21 +6045,24 @@ static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
5926 if (info->attrs[NL80211_ATTR_FRAME_TYPE]) 6045 if (info->attrs[NL80211_ATTR_FRAME_TYPE])
5927 frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]); 6046 frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
5928 6047
5929 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 6048 switch (wdev->iftype) {
5930 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC && 6049 case NL80211_IFTYPE_STATION:
5931 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT && 6050 case NL80211_IFTYPE_ADHOC:
5932 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 6051 case NL80211_IFTYPE_P2P_CLIENT:
5933 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN && 6052 case NL80211_IFTYPE_AP:
5934 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT && 6053 case NL80211_IFTYPE_AP_VLAN:
5935 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 6054 case NL80211_IFTYPE_MESH_POINT:
6055 case NL80211_IFTYPE_P2P_GO:
6056 break;
6057 default:
5936 return -EOPNOTSUPP; 6058 return -EOPNOTSUPP;
6059 }
5937 6060
5938 /* not much point in registering if we can't reply */ 6061 /* not much point in registering if we can't reply */
5939 if (!rdev->ops->mgmt_tx) 6062 if (!rdev->ops->mgmt_tx)
5940 return -EOPNOTSUPP; 6063 return -EOPNOTSUPP;
5941 6064
5942 return cfg80211_mlme_register_mgmt(dev->ieee80211_ptr, info->snd_pid, 6065 return cfg80211_mlme_register_mgmt(wdev, info->snd_pid, frame_type,
5943 frame_type,
5944 nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]), 6066 nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
5945 nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH])); 6067 nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]));
5946} 6068}
@@ -5948,7 +6070,7 @@ static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
5948static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info) 6070static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
5949{ 6071{
5950 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6072 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5951 struct net_device *dev = info->user_ptr[1]; 6073 struct wireless_dev *wdev = info->user_ptr[1];
5952 struct ieee80211_channel *chan; 6074 struct ieee80211_channel *chan;
5953 enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT; 6075 enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT;
5954 bool channel_type_valid = false; 6076 bool channel_type_valid = false;
@@ -5969,14 +6091,18 @@ static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
5969 if (!rdev->ops->mgmt_tx) 6091 if (!rdev->ops->mgmt_tx)
5970 return -EOPNOTSUPP; 6092 return -EOPNOTSUPP;
5971 6093
5972 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 6094 switch (wdev->iftype) {
5973 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC && 6095 case NL80211_IFTYPE_STATION:
5974 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT && 6096 case NL80211_IFTYPE_ADHOC:
5975 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 6097 case NL80211_IFTYPE_P2P_CLIENT:
5976 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN && 6098 case NL80211_IFTYPE_AP:
5977 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT && 6099 case NL80211_IFTYPE_AP_VLAN:
5978 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 6100 case NL80211_IFTYPE_MESH_POINT:
6101 case NL80211_IFTYPE_P2P_GO:
6102 break;
6103 default:
5979 return -EOPNOTSUPP; 6104 return -EOPNOTSUPP;
6105 }
5980 6106
5981 if (info->attrs[NL80211_ATTR_DURATION]) { 6107 if (info->attrs[NL80211_ATTR_DURATION]) {
5982 if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX)) 6108 if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
@@ -6025,7 +6151,7 @@ static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
6025 } 6151 }
6026 } 6152 }
6027 6153
6028 err = cfg80211_mlme_mgmt_tx(rdev, dev, chan, offchan, channel_type, 6154 err = cfg80211_mlme_mgmt_tx(rdev, wdev, chan, offchan, channel_type,
6029 channel_type_valid, wait, 6155 channel_type_valid, wait,
6030 nla_data(info->attrs[NL80211_ATTR_FRAME]), 6156 nla_data(info->attrs[NL80211_ATTR_FRAME]),
6031 nla_len(info->attrs[NL80211_ATTR_FRAME]), 6157 nla_len(info->attrs[NL80211_ATTR_FRAME]),
@@ -6053,7 +6179,7 @@ static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
6053static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info) 6179static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info)
6054{ 6180{
6055 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6181 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6056 struct net_device *dev = info->user_ptr[1]; 6182 struct wireless_dev *wdev = info->user_ptr[1];
6057 u64 cookie; 6183 u64 cookie;
6058 6184
6059 if (!info->attrs[NL80211_ATTR_COOKIE]) 6185 if (!info->attrs[NL80211_ATTR_COOKIE])
@@ -6062,17 +6188,21 @@ static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *in
6062 if (!rdev->ops->mgmt_tx_cancel_wait) 6188 if (!rdev->ops->mgmt_tx_cancel_wait)
6063 return -EOPNOTSUPP; 6189 return -EOPNOTSUPP;
6064 6190
6065 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 6191 switch (wdev->iftype) {
6066 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC && 6192 case NL80211_IFTYPE_STATION:
6067 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT && 6193 case NL80211_IFTYPE_ADHOC:
6068 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 6194 case NL80211_IFTYPE_P2P_CLIENT:
6069 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN && 6195 case NL80211_IFTYPE_AP:
6070 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 6196 case NL80211_IFTYPE_AP_VLAN:
6197 case NL80211_IFTYPE_P2P_GO:
6198 break;
6199 default:
6071 return -EOPNOTSUPP; 6200 return -EOPNOTSUPP;
6201 }
6072 6202
6073 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]); 6203 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
6074 6204
6075 return rdev->ops->mgmt_tx_cancel_wait(&rdev->wiphy, dev, cookie); 6205 return rdev->ops->mgmt_tx_cancel_wait(&rdev->wiphy, wdev, cookie);
6076} 6206}
6077 6207
6078static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info) 6208static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
@@ -6158,8 +6288,35 @@ nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] __read_mostly = {
6158 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 }, 6288 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 },
6159 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 }, 6289 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
6160 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 }, 6290 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
6291 [NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 },
6292 [NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 },
6293 [NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 },
6161}; 6294};
6162 6295
6296static int nl80211_set_cqm_txe(struct genl_info *info,
6297 u32 rate, u32 pkts, u32 intvl)
6298{
6299 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6300 struct wireless_dev *wdev;
6301 struct net_device *dev = info->user_ptr[1];
6302
6303 if ((rate < 0 || rate > 100) ||
6304 (intvl < 0 || intvl > NL80211_CQM_TXE_MAX_INTVL))
6305 return -EINVAL;
6306
6307 wdev = dev->ieee80211_ptr;
6308
6309 if (!rdev->ops->set_cqm_txe_config)
6310 return -EOPNOTSUPP;
6311
6312 if (wdev->iftype != NL80211_IFTYPE_STATION &&
6313 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
6314 return -EOPNOTSUPP;
6315
6316 return rdev->ops->set_cqm_txe_config(wdev->wiphy, dev,
6317 rate, pkts, intvl);
6318}
6319
6163static int nl80211_set_cqm_rssi(struct genl_info *info, 6320static int nl80211_set_cqm_rssi(struct genl_info *info,
6164 s32 threshold, u32 hysteresis) 6321 s32 threshold, u32 hysteresis)
6165{ 6322{
@@ -6207,6 +6364,14 @@ static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
6207 threshold = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_THOLD]); 6364 threshold = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
6208 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]); 6365 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
6209 err = nl80211_set_cqm_rssi(info, threshold, hysteresis); 6366 err = nl80211_set_cqm_rssi(info, threshold, hysteresis);
6367 } else if (attrs[NL80211_ATTR_CQM_TXE_RATE] &&
6368 attrs[NL80211_ATTR_CQM_TXE_PKTS] &&
6369 attrs[NL80211_ATTR_CQM_TXE_INTVL]) {
6370 u32 rate, pkts, intvl;
6371 rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]);
6372 pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]);
6373 intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]);
6374 err = nl80211_set_cqm_txe(info, rate, pkts, intvl);
6210 } else 6375 } else
6211 err = -EINVAL; 6376 err = -EINVAL;
6212 6377
@@ -6363,8 +6528,8 @@ static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
6363{ 6528{
6364 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6529 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6365 struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG]; 6530 struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG];
6366 struct cfg80211_wowlan no_triggers = {};
6367 struct cfg80211_wowlan new_triggers = {}; 6531 struct cfg80211_wowlan new_triggers = {};
6532 struct cfg80211_wowlan *ntrig;
6368 struct wiphy_wowlan_support *wowlan = &rdev->wiphy.wowlan; 6533 struct wiphy_wowlan_support *wowlan = &rdev->wiphy.wowlan;
6369 int err, i; 6534 int err, i;
6370 bool prev_enabled = rdev->wowlan; 6535 bool prev_enabled = rdev->wowlan;
@@ -6372,8 +6537,11 @@ static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
6372 if (!rdev->wiphy.wowlan.flags && !rdev->wiphy.wowlan.n_patterns) 6537 if (!rdev->wiphy.wowlan.flags && !rdev->wiphy.wowlan.n_patterns)
6373 return -EOPNOTSUPP; 6538 return -EOPNOTSUPP;
6374 6539
6375 if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) 6540 if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) {
6376 goto no_triggers; 6541 cfg80211_rdev_free_wowlan(rdev);
6542 rdev->wowlan = NULL;
6543 goto set_wakeup;
6544 }
6377 6545
6378 err = nla_parse(tb, MAX_NL80211_WOWLAN_TRIG, 6546 err = nla_parse(tb, MAX_NL80211_WOWLAN_TRIG,
6379 nla_data(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]), 6547 nla_data(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]),
@@ -6484,22 +6652,15 @@ static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
6484 } 6652 }
6485 } 6653 }
6486 6654
6487 if (memcmp(&new_triggers, &no_triggers, sizeof(new_triggers))) { 6655 ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL);
6488 struct cfg80211_wowlan *ntrig; 6656 if (!ntrig) {
6489 ntrig = kmemdup(&new_triggers, sizeof(new_triggers), 6657 err = -ENOMEM;
6490 GFP_KERNEL); 6658 goto error;
6491 if (!ntrig) {
6492 err = -ENOMEM;
6493 goto error;
6494 }
6495 cfg80211_rdev_free_wowlan(rdev);
6496 rdev->wowlan = ntrig;
6497 } else {
6498 no_triggers:
6499 cfg80211_rdev_free_wowlan(rdev);
6500 rdev->wowlan = NULL;
6501 } 6659 }
6660 cfg80211_rdev_free_wowlan(rdev);
6661 rdev->wowlan = ntrig;
6502 6662
6663 set_wakeup:
6503 if (rdev->ops->set_wakeup && prev_enabled != !!rdev->wowlan) 6664 if (rdev->ops->set_wakeup && prev_enabled != !!rdev->wowlan)
6504 rdev->ops->set_wakeup(&rdev->wiphy, rdev->wowlan); 6665 rdev->ops->set_wakeup(&rdev->wiphy, rdev->wowlan);
6505 6666
@@ -6655,13 +6816,17 @@ static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info)
6655#define NL80211_FLAG_CHECK_NETDEV_UP 0x08 6816#define NL80211_FLAG_CHECK_NETDEV_UP 0x08
6656#define NL80211_FLAG_NEED_NETDEV_UP (NL80211_FLAG_NEED_NETDEV |\ 6817#define NL80211_FLAG_NEED_NETDEV_UP (NL80211_FLAG_NEED_NETDEV |\
6657 NL80211_FLAG_CHECK_NETDEV_UP) 6818 NL80211_FLAG_CHECK_NETDEV_UP)
6819#define NL80211_FLAG_NEED_WDEV 0x10
6820/* If a netdev is associated, it must be UP */
6821#define NL80211_FLAG_NEED_WDEV_UP (NL80211_FLAG_NEED_WDEV |\
6822 NL80211_FLAG_CHECK_NETDEV_UP)
6658 6823
6659static int nl80211_pre_doit(struct genl_ops *ops, struct sk_buff *skb, 6824static int nl80211_pre_doit(struct genl_ops *ops, struct sk_buff *skb,
6660 struct genl_info *info) 6825 struct genl_info *info)
6661{ 6826{
6662 struct cfg80211_registered_device *rdev; 6827 struct cfg80211_registered_device *rdev;
6828 struct wireless_dev *wdev;
6663 struct net_device *dev; 6829 struct net_device *dev;
6664 int err;
6665 bool rtnl = ops->internal_flags & NL80211_FLAG_NEED_RTNL; 6830 bool rtnl = ops->internal_flags & NL80211_FLAG_NEED_RTNL;
6666 6831
6667 if (rtnl) 6832 if (rtnl)
@@ -6675,24 +6840,51 @@ static int nl80211_pre_doit(struct genl_ops *ops, struct sk_buff *skb,
6675 return PTR_ERR(rdev); 6840 return PTR_ERR(rdev);
6676 } 6841 }
6677 info->user_ptr[0] = rdev; 6842 info->user_ptr[0] = rdev;
6678 } else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) { 6843 } else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV ||
6679 err = get_rdev_dev_by_ifindex(genl_info_net(info), info->attrs, 6844 ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
6680 &rdev, &dev); 6845 mutex_lock(&cfg80211_mutex);
6681 if (err) { 6846 wdev = __cfg80211_wdev_from_attrs(genl_info_net(info),
6847 info->attrs);
6848 if (IS_ERR(wdev)) {
6849 mutex_unlock(&cfg80211_mutex);
6682 if (rtnl) 6850 if (rtnl)
6683 rtnl_unlock(); 6851 rtnl_unlock();
6684 return err; 6852 return PTR_ERR(wdev);
6685 } 6853 }
6686 if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP && 6854
6687 !netif_running(dev)) { 6855 dev = wdev->netdev;
6688 cfg80211_unlock_rdev(rdev); 6856 rdev = wiphy_to_dev(wdev->wiphy);
6689 dev_put(dev); 6857
6690 if (rtnl) 6858 if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) {
6691 rtnl_unlock(); 6859 if (!dev) {
6692 return -ENETDOWN; 6860 mutex_unlock(&cfg80211_mutex);
6861 if (rtnl)
6862 rtnl_unlock();
6863 return -EINVAL;
6864 }
6865
6866 info->user_ptr[1] = dev;
6867 } else {
6868 info->user_ptr[1] = wdev;
6693 } 6869 }
6870
6871 if (dev) {
6872 if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP &&
6873 !netif_running(dev)) {
6874 mutex_unlock(&cfg80211_mutex);
6875 if (rtnl)
6876 rtnl_unlock();
6877 return -ENETDOWN;
6878 }
6879
6880 dev_hold(dev);
6881 }
6882
6883 cfg80211_lock_rdev(rdev);
6884
6885 mutex_unlock(&cfg80211_mutex);
6886
6694 info->user_ptr[0] = rdev; 6887 info->user_ptr[0] = rdev;
6695 info->user_ptr[1] = dev;
6696 } 6888 }
6697 6889
6698 return 0; 6890 return 0;
@@ -6703,8 +6895,16 @@ static void nl80211_post_doit(struct genl_ops *ops, struct sk_buff *skb,
6703{ 6895{
6704 if (info->user_ptr[0]) 6896 if (info->user_ptr[0])
6705 cfg80211_unlock_rdev(info->user_ptr[0]); 6897 cfg80211_unlock_rdev(info->user_ptr[0]);
6706 if (info->user_ptr[1]) 6898 if (info->user_ptr[1]) {
6707 dev_put(info->user_ptr[1]); 6899 if (ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
6900 struct wireless_dev *wdev = info->user_ptr[1];
6901
6902 if (wdev->netdev)
6903 dev_put(wdev->netdev);
6904 } else {
6905 dev_put(info->user_ptr[1]);
6906 }
6907 }
6708 if (ops->internal_flags & NL80211_FLAG_NEED_RTNL) 6908 if (ops->internal_flags & NL80211_FLAG_NEED_RTNL)
6709 rtnl_unlock(); 6909 rtnl_unlock();
6710} 6910}
@@ -6731,7 +6931,7 @@ static struct genl_ops nl80211_ops[] = {
6731 .dumpit = nl80211_dump_interface, 6931 .dumpit = nl80211_dump_interface,
6732 .policy = nl80211_policy, 6932 .policy = nl80211_policy,
6733 /* can be retrieved by unprivileged users */ 6933 /* can be retrieved by unprivileged users */
6734 .internal_flags = NL80211_FLAG_NEED_NETDEV, 6934 .internal_flags = NL80211_FLAG_NEED_WDEV,
6735 }, 6935 },
6736 { 6936 {
6737 .cmd = NL80211_CMD_SET_INTERFACE, 6937 .cmd = NL80211_CMD_SET_INTERFACE,
@@ -6754,7 +6954,7 @@ static struct genl_ops nl80211_ops[] = {
6754 .doit = nl80211_del_interface, 6954 .doit = nl80211_del_interface,
6755 .policy = nl80211_policy, 6955 .policy = nl80211_policy,
6756 .flags = GENL_ADMIN_PERM, 6956 .flags = GENL_ADMIN_PERM,
6757 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6957 .internal_flags = NL80211_FLAG_NEED_WDEV |
6758 NL80211_FLAG_NEED_RTNL, 6958 NL80211_FLAG_NEED_RTNL,
6759 }, 6959 },
6760 { 6960 {
@@ -6925,7 +7125,7 @@ static struct genl_ops nl80211_ops[] = {
6925 .doit = nl80211_trigger_scan, 7125 .doit = nl80211_trigger_scan,
6926 .policy = nl80211_policy, 7126 .policy = nl80211_policy,
6927 .flags = GENL_ADMIN_PERM, 7127 .flags = GENL_ADMIN_PERM,
6928 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7128 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
6929 NL80211_FLAG_NEED_RTNL, 7129 NL80211_FLAG_NEED_RTNL,
6930 }, 7130 },
6931 { 7131 {
@@ -7066,7 +7266,7 @@ static struct genl_ops nl80211_ops[] = {
7066 .doit = nl80211_remain_on_channel, 7266 .doit = nl80211_remain_on_channel,
7067 .policy = nl80211_policy, 7267 .policy = nl80211_policy,
7068 .flags = GENL_ADMIN_PERM, 7268 .flags = GENL_ADMIN_PERM,
7069 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7269 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
7070 NL80211_FLAG_NEED_RTNL, 7270 NL80211_FLAG_NEED_RTNL,
7071 }, 7271 },
7072 { 7272 {
@@ -7074,7 +7274,7 @@ static struct genl_ops nl80211_ops[] = {
7074 .doit = nl80211_cancel_remain_on_channel, 7274 .doit = nl80211_cancel_remain_on_channel,
7075 .policy = nl80211_policy, 7275 .policy = nl80211_policy,
7076 .flags = GENL_ADMIN_PERM, 7276 .flags = GENL_ADMIN_PERM,
7077 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7277 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
7078 NL80211_FLAG_NEED_RTNL, 7278 NL80211_FLAG_NEED_RTNL,
7079 }, 7279 },
7080 { 7280 {
@@ -7090,7 +7290,7 @@ static struct genl_ops nl80211_ops[] = {
7090 .doit = nl80211_register_mgmt, 7290 .doit = nl80211_register_mgmt,
7091 .policy = nl80211_policy, 7291 .policy = nl80211_policy,
7092 .flags = GENL_ADMIN_PERM, 7292 .flags = GENL_ADMIN_PERM,
7093 .internal_flags = NL80211_FLAG_NEED_NETDEV | 7293 .internal_flags = NL80211_FLAG_NEED_WDEV |
7094 NL80211_FLAG_NEED_RTNL, 7294 NL80211_FLAG_NEED_RTNL,
7095 }, 7295 },
7096 { 7296 {
@@ -7098,7 +7298,7 @@ static struct genl_ops nl80211_ops[] = {
7098 .doit = nl80211_tx_mgmt, 7298 .doit = nl80211_tx_mgmt,
7099 .policy = nl80211_policy, 7299 .policy = nl80211_policy,
7100 .flags = GENL_ADMIN_PERM, 7300 .flags = GENL_ADMIN_PERM,
7101 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7301 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
7102 NL80211_FLAG_NEED_RTNL, 7302 NL80211_FLAG_NEED_RTNL,
7103 }, 7303 },
7104 { 7304 {
@@ -7106,7 +7306,7 @@ static struct genl_ops nl80211_ops[] = {
7106 .doit = nl80211_tx_mgmt_cancel_wait, 7306 .doit = nl80211_tx_mgmt_cancel_wait,
7107 .policy = nl80211_policy, 7307 .policy = nl80211_policy,
7108 .flags = GENL_ADMIN_PERM, 7308 .flags = GENL_ADMIN_PERM,
7109 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7309 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
7110 NL80211_FLAG_NEED_RTNL, 7310 NL80211_FLAG_NEED_RTNL,
7111 }, 7311 },
7112 { 7312 {
@@ -7317,7 +7517,7 @@ static int nl80211_add_scan_req(struct sk_buff *msg,
7317 7517
7318static int nl80211_send_scan_msg(struct sk_buff *msg, 7518static int nl80211_send_scan_msg(struct sk_buff *msg,
7319 struct cfg80211_registered_device *rdev, 7519 struct cfg80211_registered_device *rdev,
7320 struct net_device *netdev, 7520 struct wireless_dev *wdev,
7321 u32 pid, u32 seq, int flags, 7521 u32 pid, u32 seq, int flags,
7322 u32 cmd) 7522 u32 cmd)
7323{ 7523{
@@ -7328,7 +7528,9 @@ static int nl80211_send_scan_msg(struct sk_buff *msg,
7328 return -1; 7528 return -1;
7329 7529
7330 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 7530 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
7331 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex)) 7531 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
7532 wdev->netdev->ifindex)) ||
7533 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
7332 goto nla_put_failure; 7534 goto nla_put_failure;
7333 7535
7334 /* ignore errors and send incomplete event anyway */ 7536 /* ignore errors and send incomplete event anyway */
@@ -7365,7 +7567,7 @@ nl80211_send_sched_scan_msg(struct sk_buff *msg,
7365} 7567}
7366 7568
7367void nl80211_send_scan_start(struct cfg80211_registered_device *rdev, 7569void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
7368 struct net_device *netdev) 7570 struct wireless_dev *wdev)
7369{ 7571{
7370 struct sk_buff *msg; 7572 struct sk_buff *msg;
7371 7573
@@ -7373,7 +7575,7 @@ void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
7373 if (!msg) 7575 if (!msg)
7374 return; 7576 return;
7375 7577
7376 if (nl80211_send_scan_msg(msg, rdev, netdev, 0, 0, 0, 7578 if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0,
7377 NL80211_CMD_TRIGGER_SCAN) < 0) { 7579 NL80211_CMD_TRIGGER_SCAN) < 0) {
7378 nlmsg_free(msg); 7580 nlmsg_free(msg);
7379 return; 7581 return;
@@ -7384,7 +7586,7 @@ void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
7384} 7586}
7385 7587
7386void nl80211_send_scan_done(struct cfg80211_registered_device *rdev, 7588void nl80211_send_scan_done(struct cfg80211_registered_device *rdev,
7387 struct net_device *netdev) 7589 struct wireless_dev *wdev)
7388{ 7590{
7389 struct sk_buff *msg; 7591 struct sk_buff *msg;
7390 7592
@@ -7392,7 +7594,7 @@ void nl80211_send_scan_done(struct cfg80211_registered_device *rdev,
7392 if (!msg) 7594 if (!msg)
7393 return; 7595 return;
7394 7596
7395 if (nl80211_send_scan_msg(msg, rdev, netdev, 0, 0, 0, 7597 if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0,
7396 NL80211_CMD_NEW_SCAN_RESULTS) < 0) { 7598 NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
7397 nlmsg_free(msg); 7599 nlmsg_free(msg);
7398 return; 7600 return;
@@ -7403,7 +7605,7 @@ void nl80211_send_scan_done(struct cfg80211_registered_device *rdev,
7403} 7605}
7404 7606
7405void nl80211_send_scan_aborted(struct cfg80211_registered_device *rdev, 7607void nl80211_send_scan_aborted(struct cfg80211_registered_device *rdev,
7406 struct net_device *netdev) 7608 struct wireless_dev *wdev)
7407{ 7609{
7408 struct sk_buff *msg; 7610 struct sk_buff *msg;
7409 7611
@@ -7411,7 +7613,7 @@ void nl80211_send_scan_aborted(struct cfg80211_registered_device *rdev,
7411 if (!msg) 7613 if (!msg)
7412 return; 7614 return;
7413 7615
7414 if (nl80211_send_scan_msg(msg, rdev, netdev, 0, 0, 0, 7616 if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0,
7415 NL80211_CMD_SCAN_ABORTED) < 0) { 7617 NL80211_CMD_SCAN_ABORTED) < 0) {
7416 nlmsg_free(msg); 7618 nlmsg_free(msg);
7417 return; 7619 return;
@@ -7934,7 +8136,7 @@ nla_put_failure:
7934 8136
7935static void nl80211_send_remain_on_chan_event( 8137static void nl80211_send_remain_on_chan_event(
7936 int cmd, struct cfg80211_registered_device *rdev, 8138 int cmd, struct cfg80211_registered_device *rdev,
7937 struct net_device *netdev, u64 cookie, 8139 struct wireless_dev *wdev, u64 cookie,
7938 struct ieee80211_channel *chan, 8140 struct ieee80211_channel *chan,
7939 enum nl80211_channel_type channel_type, 8141 enum nl80211_channel_type channel_type,
7940 unsigned int duration, gfp_t gfp) 8142 unsigned int duration, gfp_t gfp)
@@ -7953,7 +8155,9 @@ static void nl80211_send_remain_on_chan_event(
7953 } 8155 }
7954 8156
7955 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8157 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
7956 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 8158 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
8159 wdev->netdev->ifindex)) ||
8160 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
7957 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) || 8161 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) ||
7958 nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, channel_type) || 8162 nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, channel_type) ||
7959 nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie)) 8163 nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
@@ -7975,23 +8179,24 @@ static void nl80211_send_remain_on_chan_event(
7975} 8179}
7976 8180
7977void nl80211_send_remain_on_channel(struct cfg80211_registered_device *rdev, 8181void nl80211_send_remain_on_channel(struct cfg80211_registered_device *rdev,
7978 struct net_device *netdev, u64 cookie, 8182 struct wireless_dev *wdev, u64 cookie,
7979 struct ieee80211_channel *chan, 8183 struct ieee80211_channel *chan,
7980 enum nl80211_channel_type channel_type, 8184 enum nl80211_channel_type channel_type,
7981 unsigned int duration, gfp_t gfp) 8185 unsigned int duration, gfp_t gfp)
7982{ 8186{
7983 nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL, 8187 nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL,
7984 rdev, netdev, cookie, chan, 8188 rdev, wdev, cookie, chan,
7985 channel_type, duration, gfp); 8189 channel_type, duration, gfp);
7986} 8190}
7987 8191
7988void nl80211_send_remain_on_channel_cancel( 8192void nl80211_send_remain_on_channel_cancel(
7989 struct cfg80211_registered_device *rdev, struct net_device *netdev, 8193 struct cfg80211_registered_device *rdev,
8194 struct wireless_dev *wdev,
7990 u64 cookie, struct ieee80211_channel *chan, 8195 u64 cookie, struct ieee80211_channel *chan,
7991 enum nl80211_channel_type channel_type, gfp_t gfp) 8196 enum nl80211_channel_type channel_type, gfp_t gfp)
7992{ 8197{
7993 nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL, 8198 nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
7994 rdev, netdev, cookie, chan, 8199 rdev, wdev, cookie, chan,
7995 channel_type, 0, gfp); 8200 channel_type, 0, gfp);
7996} 8201}
7997 8202
@@ -8105,10 +8310,11 @@ bool nl80211_unexpected_4addr_frame(struct net_device *dev,
8105} 8310}
8106 8311
8107int nl80211_send_mgmt(struct cfg80211_registered_device *rdev, 8312int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
8108 struct net_device *netdev, u32 nlpid, 8313 struct wireless_dev *wdev, u32 nlpid,
8109 int freq, int sig_dbm, 8314 int freq, int sig_dbm,
8110 const u8 *buf, size_t len, gfp_t gfp) 8315 const u8 *buf, size_t len, gfp_t gfp)
8111{ 8316{
8317 struct net_device *netdev = wdev->netdev;
8112 struct sk_buff *msg; 8318 struct sk_buff *msg;
8113 void *hdr; 8319 void *hdr;
8114 8320
@@ -8123,7 +8329,8 @@ int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
8123 } 8329 }
8124 8330
8125 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8331 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
8126 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 8332 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
8333 netdev->ifindex)) ||
8127 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) || 8334 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) ||
8128 (sig_dbm && 8335 (sig_dbm &&
8129 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) || 8336 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
@@ -8141,10 +8348,11 @@ int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
8141} 8348}
8142 8349
8143void nl80211_send_mgmt_tx_status(struct cfg80211_registered_device *rdev, 8350void nl80211_send_mgmt_tx_status(struct cfg80211_registered_device *rdev,
8144 struct net_device *netdev, u64 cookie, 8351 struct wireless_dev *wdev, u64 cookie,
8145 const u8 *buf, size_t len, bool ack, 8352 const u8 *buf, size_t len, bool ack,
8146 gfp_t gfp) 8353 gfp_t gfp)
8147{ 8354{
8355 struct net_device *netdev = wdev->netdev;
8148 struct sk_buff *msg; 8356 struct sk_buff *msg;
8149 void *hdr; 8357 void *hdr;
8150 8358
@@ -8159,7 +8367,8 @@ void nl80211_send_mgmt_tx_status(struct cfg80211_registered_device *rdev,
8159 } 8367 }
8160 8368
8161 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8369 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
8162 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 8370 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
8371 netdev->ifindex)) ||
8163 nla_put(msg, NL80211_ATTR_FRAME, len, buf) || 8372 nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
8164 nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie) || 8373 nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie) ||
8165 (ack && nla_put_flag(msg, NL80211_ATTR_ACK))) 8374 (ack && nla_put_flag(msg, NL80211_ATTR_ACK)))
@@ -8343,6 +8552,56 @@ void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev,
8343} 8552}
8344 8553
8345void 8554void
8555nl80211_send_cqm_txe_notify(struct cfg80211_registered_device *rdev,
8556 struct net_device *netdev, const u8 *peer,
8557 u32 num_packets, u32 rate, u32 intvl, gfp_t gfp)
8558{
8559 struct sk_buff *msg;
8560 struct nlattr *pinfoattr;
8561 void *hdr;
8562
8563 msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
8564 if (!msg)
8565 return;
8566
8567 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
8568 if (!hdr) {
8569 nlmsg_free(msg);
8570 return;
8571 }
8572
8573 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
8574 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
8575 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer))
8576 goto nla_put_failure;
8577
8578 pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM);
8579 if (!pinfoattr)
8580 goto nla_put_failure;
8581
8582 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets))
8583 goto nla_put_failure;
8584
8585 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate))
8586 goto nla_put_failure;
8587
8588 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl))
8589 goto nla_put_failure;
8590
8591 nla_nest_end(msg, pinfoattr);
8592
8593 genlmsg_end(msg, hdr);
8594
8595 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
8596 nl80211_mlme_mcgrp.id, gfp);
8597 return;
8598
8599 nla_put_failure:
8600 genlmsg_cancel(msg, hdr);
8601 nlmsg_free(msg);
8602}
8603
8604void
8346nl80211_send_cqm_pktloss_notify(struct cfg80211_registered_device *rdev, 8605nl80211_send_cqm_pktloss_notify(struct cfg80211_registered_device *rdev,
8347 struct net_device *netdev, const u8 *peer, 8606 struct net_device *netdev, const u8 *peer,
8348 u32 num_packets, gfp_t gfp) 8607 u32 num_packets, gfp_t gfp)
@@ -8483,7 +8742,7 @@ static int nl80211_netlink_notify(struct notifier_block * nb,
8483 rcu_read_lock(); 8742 rcu_read_lock();
8484 8743
8485 list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) { 8744 list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
8486 list_for_each_entry_rcu(wdev, &rdev->netdev_list, list) 8745 list_for_each_entry_rcu(wdev, &rdev->wdev_list, list)
8487 cfg80211_mlme_unregister_socket(wdev, notify->pid); 8746 cfg80211_mlme_unregister_socket(wdev, notify->pid);
8488 if (rdev->ap_beacons_nlpid == notify->pid) 8747 if (rdev->ap_beacons_nlpid == notify->pid)
8489 rdev->ap_beacons_nlpid = 0; 8748 rdev->ap_beacons_nlpid = 0;
diff --git a/net/wireless/nl80211.h b/net/wireless/nl80211.h
index 01a1122c3b3..9f2616fffb4 100644
--- a/net/wireless/nl80211.h
+++ b/net/wireless/nl80211.h
@@ -7,11 +7,11 @@ int nl80211_init(void);
7void nl80211_exit(void); 7void nl80211_exit(void);
8void nl80211_notify_dev_rename(struct cfg80211_registered_device *rdev); 8void nl80211_notify_dev_rename(struct cfg80211_registered_device *rdev);
9void nl80211_send_scan_start(struct cfg80211_registered_device *rdev, 9void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
10 struct net_device *netdev); 10 struct wireless_dev *wdev);
11void nl80211_send_scan_done(struct cfg80211_registered_device *rdev, 11void nl80211_send_scan_done(struct cfg80211_registered_device *rdev,
12 struct net_device *netdev); 12 struct wireless_dev *wdev);
13void nl80211_send_scan_aborted(struct cfg80211_registered_device *rdev, 13void nl80211_send_scan_aborted(struct cfg80211_registered_device *rdev,
14 struct net_device *netdev); 14 struct wireless_dev *wdev);
15void nl80211_send_sched_scan(struct cfg80211_registered_device *rdev, 15void nl80211_send_sched_scan(struct cfg80211_registered_device *rdev,
16 struct net_device *netdev, u32 cmd); 16 struct net_device *netdev, u32 cmd);
17void nl80211_send_sched_scan_results(struct cfg80211_registered_device *rdev, 17void nl80211_send_sched_scan_results(struct cfg80211_registered_device *rdev,
@@ -74,13 +74,13 @@ void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
74 gfp_t gfp); 74 gfp_t gfp);
75 75
76void nl80211_send_remain_on_channel(struct cfg80211_registered_device *rdev, 76void nl80211_send_remain_on_channel(struct cfg80211_registered_device *rdev,
77 struct net_device *netdev, 77 struct wireless_dev *wdev, u64 cookie,
78 u64 cookie,
79 struct ieee80211_channel *chan, 78 struct ieee80211_channel *chan,
80 enum nl80211_channel_type channel_type, 79 enum nl80211_channel_type channel_type,
81 unsigned int duration, gfp_t gfp); 80 unsigned int duration, gfp_t gfp);
82void nl80211_send_remain_on_channel_cancel( 81void nl80211_send_remain_on_channel_cancel(
83 struct cfg80211_registered_device *rdev, struct net_device *netdev, 82 struct cfg80211_registered_device *rdev,
83 struct wireless_dev *wdev,
84 u64 cookie, struct ieee80211_channel *chan, 84 u64 cookie, struct ieee80211_channel *chan,
85 enum nl80211_channel_type channel_type, gfp_t gfp); 85 enum nl80211_channel_type channel_type, gfp_t gfp);
86 86
@@ -92,11 +92,11 @@ void nl80211_send_sta_del_event(struct cfg80211_registered_device *rdev,
92 gfp_t gfp); 92 gfp_t gfp);
93 93
94int nl80211_send_mgmt(struct cfg80211_registered_device *rdev, 94int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
95 struct net_device *netdev, u32 nlpid, 95 struct wireless_dev *wdev, u32 nlpid,
96 int freq, int sig_dbm, 96 int freq, int sig_dbm,
97 const u8 *buf, size_t len, gfp_t gfp); 97 const u8 *buf, size_t len, gfp_t gfp);
98void nl80211_send_mgmt_tx_status(struct cfg80211_registered_device *rdev, 98void nl80211_send_mgmt_tx_status(struct cfg80211_registered_device *rdev,
99 struct net_device *netdev, u64 cookie, 99 struct wireless_dev *wdev, u64 cookie,
100 const u8 *buf, size_t len, bool ack, 100 const u8 *buf, size_t len, bool ack,
101 gfp_t gfp); 101 gfp_t gfp);
102 102
@@ -110,6 +110,11 @@ nl80211_send_cqm_pktloss_notify(struct cfg80211_registered_device *rdev,
110 struct net_device *netdev, const u8 *peer, 110 struct net_device *netdev, const u8 *peer,
111 u32 num_packets, gfp_t gfp); 111 u32 num_packets, gfp_t gfp);
112 112
113void
114nl80211_send_cqm_txe_notify(struct cfg80211_registered_device *rdev,
115 struct net_device *netdev, const u8 *peer,
116 u32 num_packets, u32 rate, u32 intvl, gfp_t gfp);
117
113void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev, 118void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev,
114 struct net_device *netdev, const u8 *bssid, 119 struct net_device *netdev, const u8 *bssid,
115 const u8 *replay_ctr, gfp_t gfp); 120 const u8 *replay_ctr, gfp_t gfp);
diff --git a/net/wireless/reg.c b/net/wireless/reg.c
index b2b32229b60..2303ee73b50 100644
--- a/net/wireless/reg.c
+++ b/net/wireless/reg.c
@@ -97,9 +97,16 @@ const struct ieee80211_regdomain *cfg80211_regdomain;
97 * - cfg80211_world_regdom 97 * - cfg80211_world_regdom
98 * - cfg80211_regdom 98 * - cfg80211_regdom
99 * - last_request 99 * - last_request
100 * - reg_num_devs_support_basehint
100 */ 101 */
101static DEFINE_MUTEX(reg_mutex); 102static DEFINE_MUTEX(reg_mutex);
102 103
104/*
105 * Number of devices that registered to the core
106 * that support cellular base station regulatory hints
107 */
108static int reg_num_devs_support_basehint;
109
103static inline void assert_reg_lock(void) 110static inline void assert_reg_lock(void)
104{ 111{
105 lockdep_assert_held(&reg_mutex); 112 lockdep_assert_held(&reg_mutex);
@@ -911,6 +918,61 @@ static void handle_band(struct wiphy *wiphy,
911 handle_channel(wiphy, initiator, band, i); 918 handle_channel(wiphy, initiator, band, i);
912} 919}
913 920
921static bool reg_request_cell_base(struct regulatory_request *request)
922{
923 if (request->initiator != NL80211_REGDOM_SET_BY_USER)
924 return false;
925 if (request->user_reg_hint_type != NL80211_USER_REG_HINT_CELL_BASE)
926 return false;
927 return true;
928}
929
930bool reg_last_request_cell_base(void)
931{
932 bool val;
933 assert_cfg80211_lock();
934
935 mutex_lock(&reg_mutex);
936 val = reg_request_cell_base(last_request);
937 mutex_unlock(&reg_mutex);
938 return val;
939}
940
941#ifdef CONFIG_CFG80211_CERTIFICATION_ONUS
942
943/* Core specific check */
944static int reg_ignore_cell_hint(struct regulatory_request *pending_request)
945{
946 if (!reg_num_devs_support_basehint)
947 return -EOPNOTSUPP;
948
949 if (reg_request_cell_base(last_request)) {
950 if (!regdom_changes(pending_request->alpha2))
951 return -EALREADY;
952 return 0;
953 }
954 return 0;
955}
956
957/* Device specific check */
958static bool reg_dev_ignore_cell_hint(struct wiphy *wiphy)
959{
960 if (!(wiphy->features & NL80211_FEATURE_CELL_BASE_REG_HINTS))
961 return true;
962 return false;
963}
964#else
965static int reg_ignore_cell_hint(struct regulatory_request *pending_request)
966{
967 return -EOPNOTSUPP;
968}
969static int reg_dev_ignore_cell_hint(struct wiphy *wiphy)
970{
971 return true;
972}
973#endif
974
975
914static bool ignore_reg_update(struct wiphy *wiphy, 976static bool ignore_reg_update(struct wiphy *wiphy,
915 enum nl80211_reg_initiator initiator) 977 enum nl80211_reg_initiator initiator)
916{ 978{
@@ -944,6 +1006,9 @@ static bool ignore_reg_update(struct wiphy *wiphy,
944 return true; 1006 return true;
945 } 1007 }
946 1008
1009 if (reg_request_cell_base(last_request))
1010 return reg_dev_ignore_cell_hint(wiphy);
1011
947 return false; 1012 return false;
948} 1013}
949 1014
@@ -1169,14 +1234,6 @@ static void wiphy_update_regulatory(struct wiphy *wiphy,
1169 wiphy->reg_notifier(wiphy, last_request); 1234 wiphy->reg_notifier(wiphy, last_request);
1170} 1235}
1171 1236
1172void regulatory_update(struct wiphy *wiphy,
1173 enum nl80211_reg_initiator setby)
1174{
1175 mutex_lock(&reg_mutex);
1176 wiphy_update_regulatory(wiphy, setby);
1177 mutex_unlock(&reg_mutex);
1178}
1179
1180static void update_all_wiphy_regulatory(enum nl80211_reg_initiator initiator) 1237static void update_all_wiphy_regulatory(enum nl80211_reg_initiator initiator)
1181{ 1238{
1182 struct cfg80211_registered_device *rdev; 1239 struct cfg80211_registered_device *rdev;
@@ -1307,6 +1364,13 @@ static int ignore_request(struct wiphy *wiphy,
1307 return 0; 1364 return 0;
1308 case NL80211_REGDOM_SET_BY_COUNTRY_IE: 1365 case NL80211_REGDOM_SET_BY_COUNTRY_IE:
1309 1366
1367 if (reg_request_cell_base(last_request)) {
1368 /* Trust a Cell base station over the AP's country IE */
1369 if (regdom_changes(pending_request->alpha2))
1370 return -EOPNOTSUPP;
1371 return -EALREADY;
1372 }
1373
1310 last_wiphy = wiphy_idx_to_wiphy(last_request->wiphy_idx); 1374 last_wiphy = wiphy_idx_to_wiphy(last_request->wiphy_idx);
1311 1375
1312 if (unlikely(!is_an_alpha2(pending_request->alpha2))) 1376 if (unlikely(!is_an_alpha2(pending_request->alpha2)))
@@ -1351,6 +1415,12 @@ static int ignore_request(struct wiphy *wiphy,
1351 1415
1352 return REG_INTERSECT; 1416 return REG_INTERSECT;
1353 case NL80211_REGDOM_SET_BY_USER: 1417 case NL80211_REGDOM_SET_BY_USER:
1418 if (reg_request_cell_base(pending_request))
1419 return reg_ignore_cell_hint(pending_request);
1420
1421 if (reg_request_cell_base(last_request))
1422 return -EOPNOTSUPP;
1423
1354 if (last_request->initiator == NL80211_REGDOM_SET_BY_COUNTRY_IE) 1424 if (last_request->initiator == NL80211_REGDOM_SET_BY_COUNTRY_IE)
1355 return REG_INTERSECT; 1425 return REG_INTERSECT;
1356 /* 1426 /*
@@ -1640,7 +1710,8 @@ static int regulatory_hint_core(const char *alpha2)
1640} 1710}
1641 1711
1642/* User hints */ 1712/* User hints */
1643int regulatory_hint_user(const char *alpha2) 1713int regulatory_hint_user(const char *alpha2,
1714 enum nl80211_user_reg_hint_type user_reg_hint_type)
1644{ 1715{
1645 struct regulatory_request *request; 1716 struct regulatory_request *request;
1646 1717
@@ -1654,6 +1725,7 @@ int regulatory_hint_user(const char *alpha2)
1654 request->alpha2[0] = alpha2[0]; 1725 request->alpha2[0] = alpha2[0];
1655 request->alpha2[1] = alpha2[1]; 1726 request->alpha2[1] = alpha2[1];
1656 request->initiator = NL80211_REGDOM_SET_BY_USER; 1727 request->initiator = NL80211_REGDOM_SET_BY_USER;
1728 request->user_reg_hint_type = user_reg_hint_type;
1657 1729
1658 queue_regulatory_request(request); 1730 queue_regulatory_request(request);
1659 1731
@@ -1906,7 +1978,7 @@ static void restore_regulatory_settings(bool reset_user)
1906 * settings, user regulatory settings takes precedence. 1978 * settings, user regulatory settings takes precedence.
1907 */ 1979 */
1908 if (is_an_alpha2(alpha2)) 1980 if (is_an_alpha2(alpha2))
1909 regulatory_hint_user(user_alpha2); 1981 regulatory_hint_user(user_alpha2, NL80211_USER_REG_HINT_USER);
1910 1982
1911 if (list_empty(&tmp_reg_req_list)) 1983 if (list_empty(&tmp_reg_req_list))
1912 return; 1984 return;
@@ -2081,9 +2153,16 @@ static void print_regdomain(const struct ieee80211_regdomain *rd)
2081 else { 2153 else {
2082 if (is_unknown_alpha2(rd->alpha2)) 2154 if (is_unknown_alpha2(rd->alpha2))
2083 pr_info("Regulatory domain changed to driver built-in settings (unknown country)\n"); 2155 pr_info("Regulatory domain changed to driver built-in settings (unknown country)\n");
2084 else 2156 else {
2085 pr_info("Regulatory domain changed to country: %c%c\n", 2157 if (reg_request_cell_base(last_request))
2086 rd->alpha2[0], rd->alpha2[1]); 2158 pr_info("Regulatory domain changed "
2159 "to country: %c%c by Cell Station\n",
2160 rd->alpha2[0], rd->alpha2[1]);
2161 else
2162 pr_info("Regulatory domain changed "
2163 "to country: %c%c\n",
2164 rd->alpha2[0], rd->alpha2[1]);
2165 }
2087 } 2166 }
2088 print_dfs_region(rd->dfs_region); 2167 print_dfs_region(rd->dfs_region);
2089 print_rd_rules(rd); 2168 print_rd_rules(rd);
@@ -2128,7 +2207,7 @@ static int __set_regdom(const struct ieee80211_regdomain *rd)
2128 * checking if the alpha2 changes if CRDA was already called 2207 * checking if the alpha2 changes if CRDA was already called
2129 */ 2208 */
2130 if (!regdom_changes(rd->alpha2)) 2209 if (!regdom_changes(rd->alpha2))
2131 return -EINVAL; 2210 return -EALREADY;
2132 } 2211 }
2133 2212
2134 /* 2213 /*
@@ -2248,6 +2327,9 @@ int set_regdom(const struct ieee80211_regdomain *rd)
2248 /* Note that this doesn't update the wiphys, this is done below */ 2327 /* Note that this doesn't update the wiphys, this is done below */
2249 r = __set_regdom(rd); 2328 r = __set_regdom(rd);
2250 if (r) { 2329 if (r) {
2330 if (r == -EALREADY)
2331 reg_set_request_processed();
2332
2251 kfree(rd); 2333 kfree(rd);
2252 mutex_unlock(&reg_mutex); 2334 mutex_unlock(&reg_mutex);
2253 return r; 2335 return r;
@@ -2290,8 +2372,22 @@ int reg_device_uevent(struct device *dev, struct kobj_uevent_env *env)
2290} 2372}
2291#endif /* CONFIG_HOTPLUG */ 2373#endif /* CONFIG_HOTPLUG */
2292 2374
2375void wiphy_regulatory_register(struct wiphy *wiphy)
2376{
2377 assert_cfg80211_lock();
2378
2379 mutex_lock(&reg_mutex);
2380
2381 if (!reg_dev_ignore_cell_hint(wiphy))
2382 reg_num_devs_support_basehint++;
2383
2384 wiphy_update_regulatory(wiphy, NL80211_REGDOM_SET_BY_CORE);
2385
2386 mutex_unlock(&reg_mutex);
2387}
2388
2293/* Caller must hold cfg80211_mutex */ 2389/* Caller must hold cfg80211_mutex */
2294void reg_device_remove(struct wiphy *wiphy) 2390void wiphy_regulatory_deregister(struct wiphy *wiphy)
2295{ 2391{
2296 struct wiphy *request_wiphy = NULL; 2392 struct wiphy *request_wiphy = NULL;
2297 2393
@@ -2299,6 +2395,9 @@ void reg_device_remove(struct wiphy *wiphy)
2299 2395
2300 mutex_lock(&reg_mutex); 2396 mutex_lock(&reg_mutex);
2301 2397
2398 if (!reg_dev_ignore_cell_hint(wiphy))
2399 reg_num_devs_support_basehint--;
2400
2302 kfree(wiphy->regd); 2401 kfree(wiphy->regd);
2303 2402
2304 if (last_request) 2403 if (last_request)
@@ -2364,7 +2463,8 @@ int __init regulatory_init(void)
2364 * as a user hint. 2463 * as a user hint.
2365 */ 2464 */
2366 if (!is_world_regdom(ieee80211_regdom)) 2465 if (!is_world_regdom(ieee80211_regdom))
2367 regulatory_hint_user(ieee80211_regdom); 2466 regulatory_hint_user(ieee80211_regdom,
2467 NL80211_USER_REG_HINT_USER);
2368 2468
2369 return 0; 2469 return 0;
2370} 2470}
diff --git a/net/wireless/reg.h b/net/wireless/reg.h
index e2aaaf525a2..f023c8a31c6 100644
--- a/net/wireless/reg.h
+++ b/net/wireless/reg.h
@@ -22,17 +22,19 @@ bool is_world_regdom(const char *alpha2);
22bool reg_is_valid_request(const char *alpha2); 22bool reg_is_valid_request(const char *alpha2);
23bool reg_supported_dfs_region(u8 dfs_region); 23bool reg_supported_dfs_region(u8 dfs_region);
24 24
25int regulatory_hint_user(const char *alpha2); 25int regulatory_hint_user(const char *alpha2,
26 enum nl80211_user_reg_hint_type user_reg_hint_type);
26 27
27int reg_device_uevent(struct device *dev, struct kobj_uevent_env *env); 28int reg_device_uevent(struct device *dev, struct kobj_uevent_env *env);
28void reg_device_remove(struct wiphy *wiphy); 29void wiphy_regulatory_register(struct wiphy *wiphy);
30void wiphy_regulatory_deregister(struct wiphy *wiphy);
29 31
30int __init regulatory_init(void); 32int __init regulatory_init(void);
31void regulatory_exit(void); 33void regulatory_exit(void);
32 34
33int set_regdom(const struct ieee80211_regdomain *rd); 35int set_regdom(const struct ieee80211_regdomain *rd);
34 36
35void regulatory_update(struct wiphy *wiphy, enum nl80211_reg_initiator setby); 37bool reg_last_request_cell_base(void);
36 38
37/** 39/**
38 * regulatory_hint_found_beacon - hints a beacon was found on a channel 40 * regulatory_hint_found_beacon - hints a beacon was found on a channel
diff --git a/net/wireless/scan.c b/net/wireless/scan.c
index af2b1caa37f..848523a2b22 100644
--- a/net/wireless/scan.c
+++ b/net/wireless/scan.c
@@ -23,7 +23,7 @@
23void ___cfg80211_scan_done(struct cfg80211_registered_device *rdev, bool leak) 23void ___cfg80211_scan_done(struct cfg80211_registered_device *rdev, bool leak)
24{ 24{
25 struct cfg80211_scan_request *request; 25 struct cfg80211_scan_request *request;
26 struct net_device *dev; 26 struct wireless_dev *wdev;
27#ifdef CONFIG_CFG80211_WEXT 27#ifdef CONFIG_CFG80211_WEXT
28 union iwreq_data wrqu; 28 union iwreq_data wrqu;
29#endif 29#endif
@@ -35,29 +35,31 @@ void ___cfg80211_scan_done(struct cfg80211_registered_device *rdev, bool leak)
35 if (!request) 35 if (!request)
36 return; 36 return;
37 37
38 dev = request->dev; 38 wdev = request->wdev;
39 39
40 /* 40 /*
41 * This must be before sending the other events! 41 * This must be before sending the other events!
42 * Otherwise, wpa_supplicant gets completely confused with 42 * Otherwise, wpa_supplicant gets completely confused with
43 * wext events. 43 * wext events.
44 */ 44 */
45 cfg80211_sme_scan_done(dev); 45 if (wdev->netdev)
46 cfg80211_sme_scan_done(wdev->netdev);
46 47
47 if (request->aborted) 48 if (request->aborted)
48 nl80211_send_scan_aborted(rdev, dev); 49 nl80211_send_scan_aborted(rdev, wdev);
49 else 50 else
50 nl80211_send_scan_done(rdev, dev); 51 nl80211_send_scan_done(rdev, wdev);
51 52
52#ifdef CONFIG_CFG80211_WEXT 53#ifdef CONFIG_CFG80211_WEXT
53 if (!request->aborted) { 54 if (wdev->netdev && !request->aborted) {
54 memset(&wrqu, 0, sizeof(wrqu)); 55 memset(&wrqu, 0, sizeof(wrqu));
55 56
56 wireless_send_event(dev, SIOCGIWSCAN, &wrqu, NULL); 57 wireless_send_event(wdev->netdev, SIOCGIWSCAN, &wrqu, NULL);
57 } 58 }
58#endif 59#endif
59 60
60 dev_put(dev); 61 if (wdev->netdev)
62 dev_put(wdev->netdev);
61 63
62 rdev->scan_req = NULL; 64 rdev->scan_req = NULL;
63 65
@@ -955,7 +957,7 @@ int cfg80211_wext_siwscan(struct net_device *dev,
955 } 957 }
956 958
957 creq->wiphy = wiphy; 959 creq->wiphy = wiphy;
958 creq->dev = dev; 960 creq->wdev = dev->ieee80211_ptr;
959 /* SSIDs come after channels */ 961 /* SSIDs come after channels */
960 creq->ssids = (void *)&creq->channels[n_channels]; 962 creq->ssids = (void *)&creq->channels[n_channels];
961 creq->n_channels = n_channels; 963 creq->n_channels = n_channels;
@@ -1024,12 +1026,12 @@ int cfg80211_wext_siwscan(struct net_device *dev,
1024 creq->rates[i] = (1 << wiphy->bands[i]->n_bitrates) - 1; 1026 creq->rates[i] = (1 << wiphy->bands[i]->n_bitrates) - 1;
1025 1027
1026 rdev->scan_req = creq; 1028 rdev->scan_req = creq;
1027 err = rdev->ops->scan(wiphy, dev, creq); 1029 err = rdev->ops->scan(wiphy, creq);
1028 if (err) { 1030 if (err) {
1029 rdev->scan_req = NULL; 1031 rdev->scan_req = NULL;
1030 /* creq will be freed below */ 1032 /* creq will be freed below */
1031 } else { 1033 } else {
1032 nl80211_send_scan_start(rdev, dev); 1034 nl80211_send_scan_start(rdev, dev->ieee80211_ptr);
1033 /* creq now owned by driver */ 1035 /* creq now owned by driver */
1034 creq = NULL; 1036 creq = NULL;
1035 dev_hold(dev); 1037 dev_hold(dev);
diff --git a/net/wireless/sme.c b/net/wireless/sme.c
index f7e937ff897..6f39cb80830 100644
--- a/net/wireless/sme.c
+++ b/net/wireless/sme.c
@@ -51,7 +51,7 @@ static bool cfg80211_is_all_idle(void)
51 */ 51 */
52 list_for_each_entry(rdev, &cfg80211_rdev_list, list) { 52 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
53 cfg80211_lock_rdev(rdev); 53 cfg80211_lock_rdev(rdev);
54 list_for_each_entry(wdev, &rdev->netdev_list, list) { 54 list_for_each_entry(wdev, &rdev->wdev_list, list) {
55 wdev_lock(wdev); 55 wdev_lock(wdev);
56 if (wdev->sme_state != CFG80211_SME_IDLE) 56 if (wdev->sme_state != CFG80211_SME_IDLE)
57 is_all_idle = false; 57 is_all_idle = false;
@@ -136,15 +136,15 @@ static int cfg80211_conn_scan(struct wireless_dev *wdev)
136 wdev->conn->params.ssid_len); 136 wdev->conn->params.ssid_len);
137 request->ssids[0].ssid_len = wdev->conn->params.ssid_len; 137 request->ssids[0].ssid_len = wdev->conn->params.ssid_len;
138 138
139 request->dev = wdev->netdev; 139 request->wdev = wdev;
140 request->wiphy = &rdev->wiphy; 140 request->wiphy = &rdev->wiphy;
141 141
142 rdev->scan_req = request; 142 rdev->scan_req = request;
143 143
144 err = rdev->ops->scan(wdev->wiphy, wdev->netdev, request); 144 err = rdev->ops->scan(wdev->wiphy, request);
145 if (!err) { 145 if (!err) {
146 wdev->conn->state = CFG80211_CONN_SCANNING; 146 wdev->conn->state = CFG80211_CONN_SCANNING;
147 nl80211_send_scan_start(rdev, wdev->netdev); 147 nl80211_send_scan_start(rdev, wdev);
148 dev_hold(wdev->netdev); 148 dev_hold(wdev->netdev);
149 } else { 149 } else {
150 rdev->scan_req = NULL; 150 rdev->scan_req = NULL;
@@ -221,7 +221,7 @@ void cfg80211_conn_work(struct work_struct *work)
221 cfg80211_lock_rdev(rdev); 221 cfg80211_lock_rdev(rdev);
222 mutex_lock(&rdev->devlist_mtx); 222 mutex_lock(&rdev->devlist_mtx);
223 223
224 list_for_each_entry(wdev, &rdev->netdev_list, list) { 224 list_for_each_entry(wdev, &rdev->wdev_list, list) {
225 wdev_lock(wdev); 225 wdev_lock(wdev);
226 if (!netif_running(wdev->netdev)) { 226 if (!netif_running(wdev->netdev)) {
227 wdev_unlock(wdev); 227 wdev_unlock(wdev);
diff --git a/net/wireless/util.c b/net/wireless/util.c
index e31f1dba79e..26f8cd30f71 100644
--- a/net/wireless/util.c
+++ b/net/wireless/util.c
@@ -793,7 +793,7 @@ void cfg80211_process_rdev_events(struct cfg80211_registered_device *rdev)
793 793
794 mutex_lock(&rdev->devlist_mtx); 794 mutex_lock(&rdev->devlist_mtx);
795 795
796 list_for_each_entry(wdev, &rdev->netdev_list, list) 796 list_for_each_entry(wdev, &rdev->wdev_list, list)
797 cfg80211_process_wdev_events(wdev); 797 cfg80211_process_wdev_events(wdev);
798 798
799 mutex_unlock(&rdev->devlist_mtx); 799 mutex_unlock(&rdev->devlist_mtx);
@@ -994,7 +994,7 @@ int cfg80211_validate_beacon_int(struct cfg80211_registered_device *rdev,
994 994
995 mutex_lock(&rdev->devlist_mtx); 995 mutex_lock(&rdev->devlist_mtx);
996 996
997 list_for_each_entry(wdev, &rdev->netdev_list, list) { 997 list_for_each_entry(wdev, &rdev->wdev_list, list) {
998 if (!wdev->beacon_interval) 998 if (!wdev->beacon_interval)
999 continue; 999 continue;
1000 if (wdev->beacon_interval != beacon_int) { 1000 if (wdev->beacon_interval != beacon_int) {
@@ -1050,7 +1050,7 @@ int cfg80211_can_use_iftype_chan(struct cfg80211_registered_device *rdev,
1050 break; 1050 break;
1051 } 1051 }
1052 1052
1053 list_for_each_entry(wdev_iter, &rdev->netdev_list, list) { 1053 list_for_each_entry(wdev_iter, &rdev->wdev_list, list) {
1054 if (wdev_iter == wdev) 1054 if (wdev_iter == wdev)
1055 continue; 1055 continue;
1056 if (!netif_running(wdev_iter->netdev)) 1056 if (!netif_running(wdev_iter->netdev))
@@ -1059,7 +1059,16 @@ int cfg80211_can_use_iftype_chan(struct cfg80211_registered_device *rdev,
1059 if (rdev->wiphy.software_iftypes & BIT(wdev_iter->iftype)) 1059 if (rdev->wiphy.software_iftypes & BIT(wdev_iter->iftype))
1060 continue; 1060 continue;
1061 1061
1062 cfg80211_get_chan_state(rdev, wdev_iter, &ch, &chmode); 1062 /*
1063 * We may be holding the "wdev" mutex, but now need to lock
1064 * wdev_iter. This is OK because once we get here wdev_iter
1065 * is not wdev (tested above), but we need to use the nested
1066 * locking for lockdep.
1067 */
1068 mutex_lock_nested(&wdev_iter->mtx, 1);
1069 __acquire(wdev_iter->mtx);
1070 cfg80211_get_chan_state(wdev_iter, &ch, &chmode);
1071 wdev_unlock(wdev_iter);
1063 1072
1064 switch (chmode) { 1073 switch (chmode) {
1065 case CHAN_MODE_UNDEFINED: 1074 case CHAN_MODE_UNDEFINED:
diff --git a/net/wireless/wext-compat.c b/net/wireless/wext-compat.c
index 7df42f54187..494379eb464 100644
--- a/net/wireless/wext-compat.c
+++ b/net/wireless/wext-compat.c
@@ -827,6 +827,8 @@ static int cfg80211_wext_giwfreq(struct net_device *dev,
827{ 827{
828 struct wireless_dev *wdev = dev->ieee80211_ptr; 828 struct wireless_dev *wdev = dev->ieee80211_ptr;
829 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); 829 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
830 struct ieee80211_channel *chan;
831 enum nl80211_channel_type channel_type;
830 832
831 switch (wdev->iftype) { 833 switch (wdev->iftype) {
832 case NL80211_IFTYPE_STATION: 834 case NL80211_IFTYPE_STATION:
@@ -834,10 +836,13 @@ static int cfg80211_wext_giwfreq(struct net_device *dev,
834 case NL80211_IFTYPE_ADHOC: 836 case NL80211_IFTYPE_ADHOC:
835 return cfg80211_ibss_wext_giwfreq(dev, info, freq, extra); 837 return cfg80211_ibss_wext_giwfreq(dev, info, freq, extra);
836 case NL80211_IFTYPE_MONITOR: 838 case NL80211_IFTYPE_MONITOR:
837 if (!rdev->monitor_channel) 839 if (!rdev->ops->get_channel)
838 return -EINVAL; 840 return -EINVAL;
839 841
840 freq->m = rdev->monitor_channel->center_freq; 842 chan = rdev->ops->get_channel(wdev->wiphy, wdev, &channel_type);
843 if (!chan)
844 return -EINVAL;
845 freq->m = chan->center_freq;
841 freq->e = 6; 846 freq->e = 6;
842 return 0; 847 return 0;
843 default: 848 default:
generated by cgit v1.2.2 (git 2.25.0) at 2025-01-18 00:21:17 -0500