Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless into for-davem

17 files changed, 69 insertions, 43 deletions

diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c
index f00f596c1029..789c9b579aea 100644
--- a/drivers/bluetooth/btusb.c
+++ b/drivers/bluetooth/btusb.c
@@ -102,6 +102,7 @@ static struct usb_device_id btusb_table[] = {
 
         /* Broadcom BCM20702A0 */
         { USB_DEVICE(0x0a5c, 0x21e3) },
+        { USB_DEVICE(0x0a5c, 0x21f3) },
         { USB_DEVICE(0x413c, 0x8197) },
 
         { }     /* Terminating entry */
@@ -726,9 +727,6 @@ static int btusb_send_frame(struct sk_buff *skb)
                 usb_fill_bulk_urb(urb, data->udev, pipe,
                                 skb->data, skb->len, btusb_tx_complete, skb);
 
-                if (skb->priority >= HCI_PRIO_MAX - 1)
-                        urb->transfer_flags  = URB_ISO_ASAP;
-
                 hdev->stat.acl_tx++;
                 break;
 
diff --git a/drivers/net/wireless/ath/ath9k/rc.c b/drivers/net/wireless/ath/ath9k/rc.c
index 635b592ad961..a427a16bb739 100644
--- a/drivers/net/wireless/ath/ath9k/rc.c
+++ b/drivers/net/wireless/ath/ath9k/rc.c
@@ -1346,7 +1346,7 @@ static void ath_tx_status(void *priv, struct ieee80211_supported_band *sband,
         fc = hdr->frame_control;
         for (i = 0; i < sc->hw->max_rates; i++) {
                 struct ieee80211_tx_rate *rate = &tx_info->status.rates[i];
-                if (!rate->count)
+                if (rate->idx < 0 || !rate->count)
                         break;
 
                 final_ts_idx = i;
diff --git a/drivers/net/wireless/mwifiex/cfg80211.c b/drivers/net/wireless/mwifiex/cfg80211.c
index c3b6c4652cd6..5b2972b43b0e 100644
--- a/drivers/net/wireless/mwifiex/cfg80211.c
+++ b/drivers/net/wireless/mwifiex/cfg80211.c
@@ -841,7 +841,12 @@ mwifiex_cfg80211_assoc(struct mwifiex_private *priv, size_t ssid_len, u8 *ssid,
                 ret = mwifiex_set_rf_channel(priv, channel,
                                                 priv->adapter->channel_type);
 
-        ret = mwifiex_set_encode(priv, NULL, 0, 0, 1);  /* Disable keys */
+        /* As this is new association, clear locally stored
+         * keys and security related flags */
+        priv->sec_info.wpa_enabled = false;
+        priv->sec_info.wpa2_enabled = false;
+        priv->wep_key_curr_index = 0;
+        ret = mwifiex_set_encode(priv, NULL, 0, 0, 1);
 
         if (mode == NL80211_IFTYPE_ADHOC) {
                 /* "privacy" is set only for ad-hoc mode */
@@ -886,6 +891,7 @@ mwifiex_cfg80211_assoc(struct mwifiex_private *priv, size_t ssid_len, u8 *ssid,
                         dev_dbg(priv->adapter->dev,
                                 "info: setting wep encryption"
                                 " with key len %d\n", sme->key_len);
+                        priv->wep_key_curr_index = sme->key_idx;
                         ret = mwifiex_set_encode(priv, sme->key, sme->key_len,
                                                         sme->key_idx, 0);
                 }
diff --git a/include/net/bluetooth/bluetooth.h b/include/net/bluetooth/bluetooth.h
index abaad6ed9b83..4a82ca0bb0b2 100644
--- a/include/net/bluetooth/bluetooth.h
+++ b/include/net/bluetooth/bluetooth.h
@@ -256,4 +256,6 @@ void l2cap_exit(void);
 int sco_init(void);
 void sco_exit(void);
 
+void bt_sock_reclassify_lock(struct sock *sk, int proto);
+
 #endif /* __BLUETOOTH_H */
diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h
index ea9231f4935f..453893b3120e 100644
--- a/include/net/bluetooth/hci_core.h
+++ b/include/net/bluetooth/hci_core.h
@@ -540,7 +540,7 @@ void hci_conn_put_device(struct hci_conn *conn);
 static inline void hci_conn_hold(struct hci_conn *conn)
 {
         atomic_inc(&conn->refcnt);
-        cancel_delayed_work_sync(&conn->disc_work);
+        cancel_delayed_work(&conn->disc_work);
 }
 
 static inline void hci_conn_put(struct hci_conn *conn)
@@ -559,9 +559,9 @@ static inline void hci_conn_put(struct hci_conn *conn)
                 } else {
                         timeo = msecs_to_jiffies(10);
                 }
-                cancel_delayed_work_sync(&conn->disc_work);
+                cancel_delayed_work(&conn->disc_work);
                 queue_delayed_work(conn->hdev->workqueue,
-                                        &conn->disc_work, jiffies + timeo);
+                                        &conn->disc_work, timeo);
         }
 }
 
diff --git a/include/net/bluetooth/l2cap.h b/include/net/bluetooth/l2cap.h
index 68f589150692..b1664ed884e6 100644
--- a/include/net/bluetooth/l2cap.h
+++ b/include/net/bluetooth/l2cap.h
@@ -611,7 +611,7 @@ static inline void l2cap_set_timer(struct l2cap_chan *chan,
 {
         BT_DBG("chan %p state %d timeout %ld", chan, chan->state, timeout);
 
-        if (!__cancel_delayed_work(work))
+        if (!cancel_delayed_work(work))
                 l2cap_chan_hold(chan);
         schedule_delayed_work(work, timeout);
 }
@@ -619,20 +619,20 @@ static inline void l2cap_set_timer(struct l2cap_chan *chan,
 static inline void l2cap_clear_timer(struct l2cap_chan *chan,
                                         struct delayed_work *work)
 {
-        if (__cancel_delayed_work(work))
+        if (cancel_delayed_work(work))
                 l2cap_chan_put(chan);
 }
 
 #define __set_chan_timer(c, t) l2cap_set_timer(c, &c->chan_timer, (t))
 #define __clear_chan_timer(c) l2cap_clear_timer(c, &c->chan_timer)
 #define __set_retrans_timer(c) l2cap_set_timer(c, &c->retrans_timer, \
-                L2CAP_DEFAULT_RETRANS_TO);
+                msecs_to_jiffies(L2CAP_DEFAULT_RETRANS_TO));
 #define __clear_retrans_timer(c) l2cap_clear_timer(c, &c->retrans_timer)
 #define __set_monitor_timer(c) l2cap_set_timer(c, &c->monitor_timer, \
-                L2CAP_DEFAULT_MONITOR_TO);
+                msecs_to_jiffies(L2CAP_DEFAULT_MONITOR_TO));
 #define __clear_monitor_timer(c) l2cap_clear_timer(c, &c->monitor_timer)
 #define __set_ack_timer(c) l2cap_set_timer(c, &chan->ack_timer, \
-                L2CAP_DEFAULT_ACK_TO);
+                msecs_to_jiffies(L2CAP_DEFAULT_ACK_TO));
 #define __clear_ack_timer(c) l2cap_clear_timer(c, &c->ack_timer)
 
 static inline int __seq_offset(struct l2cap_chan *chan, __u16 seq1, __u16 seq2)
@@ -834,7 +834,7 @@ int l2cap_add_scid(struct l2cap_chan *chan,  __u16 scid);
 struct l2cap_chan *l2cap_chan_create(struct sock *sk);
 void l2cap_chan_close(struct l2cap_chan *chan, int reason);
 void l2cap_chan_destroy(struct l2cap_chan *chan);
-inline int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid,
+int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid,
                                                                 bdaddr_t *dst);
 int l2cap_chan_send(struct l2cap_chan *chan, struct msghdr *msg, size_t len,
                                                                 u32 priority);
diff --git a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c
index ef92864ac625..72eb187a5f60 100644
--- a/net/bluetooth/af_bluetooth.c
+++ b/net/bluetooth/af_bluetooth.c
@@ -71,19 +71,16 @@ static const char *const bt_slock_key_strings[BT_MAX_PROTO] = {
         "slock-AF_BLUETOOTH-BTPROTO_AVDTP",
 };
 
-static inline void bt_sock_reclassify_lock(struct socket *sock, int proto)
+void bt_sock_reclassify_lock(struct sock *sk, int proto)
 {
-        struct sock *sk = sock->sk;
-
-        if (!sk)
-                return;
-
+        BUG_ON(!sk);
         BUG_ON(sock_owned_by_user(sk));
 
         sock_lock_init_class_and_name(sk,
                         bt_slock_key_strings[proto], &bt_slock_key[proto],
                                 bt_key_strings[proto], &bt_lock_key[proto]);
 }
+EXPORT_SYMBOL(bt_sock_reclassify_lock);
 
 int bt_sock_register(int proto, const struct net_proto_family *ops)
 {
@@ -145,7 +142,8 @@ static int bt_sock_create(struct net *net, struct socket *sock, int proto,
 
         if (bt_proto[proto] && try_module_get(bt_proto[proto]->owner)) {
                 err = bt_proto[proto]->create(net, sock, proto, kern);
-                bt_sock_reclassify_lock(sock, proto);
+                if (!err)
+                        bt_sock_reclassify_lock(sock->sk, proto);
                 module_put(bt_proto[proto]->owner);
         }
 
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index 3db432473ad5..07bc69ed9498 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -635,6 +635,10 @@ static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
 
         if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
                 struct hci_cp_auth_requested cp;
+
+                /* encrypt must be pending if auth is also pending */
+                set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
+
                 cp.handle = cpu_to_le16(conn->handle);
                 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
                                                         sizeof(cp), &cp);
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index 9de93714213a..5aeb62491198 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -640,7 +640,8 @@ static int hci_dev_do_close(struct hci_dev *hdev)
         /* Reset device */
         skb_queue_purge(&hdev->cmd_q);
         atomic_set(&hdev->cmd_cnt, 1);
-        if (!test_bit(HCI_RAW, &hdev->flags)) {
+        if (!test_bit(HCI_RAW, &hdev->flags) &&
+                                test_bit(HCI_QUIRK_NO_RESET, &hdev->quirks)) {
                 set_bit(HCI_INIT, &hdev->flags);
                 __hci_request(hdev, hci_reset_req, 0,
                                         msecs_to_jiffies(250));
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index faf0b11ac1d3..32d338c30e65 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -1018,10 +1018,10 @@ static void l2cap_conn_del(struct hci_conn *hcon, int err)
         hci_chan_del(conn->hchan);
 
         if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)
-                __cancel_delayed_work(&conn->info_timer);
+                cancel_delayed_work_sync(&conn->info_timer);
 
         if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->pend)) {
-                __cancel_delayed_work(&conn->security_timer);
+                cancel_delayed_work_sync(&conn->security_timer);
                 smp_chan_destroy(conn);
         }
 
@@ -1120,7 +1120,7 @@ static struct l2cap_chan *l2cap_global_chan_by_psm(int state, __le16 psm, bdaddr
         return c1;
 }
 
-inline int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid, bdaddr_t *dst)
+int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid, bdaddr_t *dst)
 {
         struct sock *sk = chan->sk;
         bdaddr_t *src = &bt_sk(sk)->src;
@@ -2574,7 +2574,7 @@ static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hd
 
         if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) &&
                                         cmd->ident == conn->info_ident) {
-                __cancel_delayed_work(&conn->info_timer);
+                cancel_delayed_work(&conn->info_timer);
 
                 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
                 conn->info_ident = 0;
@@ -2970,7 +2970,8 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
 
         default:
                 sk->sk_err = ECONNRESET;
-                __set_chan_timer(chan, L2CAP_DISC_REJ_TIMEOUT);
+                __set_chan_timer(chan,
+                                msecs_to_jiffies(L2CAP_DISC_REJ_TIMEOUT));
                 l2cap_send_disconn_req(conn, chan, ECONNRESET);
                 goto done;
         }
@@ -3120,7 +3121,7 @@ static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cm
                         conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE)
                 return 0;
 
-        __cancel_delayed_work(&conn->info_timer);
+        cancel_delayed_work(&conn->info_timer);
 
         if (result != L2CAP_IR_SUCCESS) {
                 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
@@ -4478,7 +4479,8 @@ static inline void l2cap_check_encryption(struct l2cap_chan *chan, u8 encrypt)
         if (encrypt == 0x00) {
                 if (chan->sec_level == BT_SECURITY_MEDIUM) {
                         __clear_chan_timer(chan);
-                        __set_chan_timer(chan, L2CAP_ENC_TIMEOUT);
+                        __set_chan_timer(chan,
+                                        msecs_to_jiffies(L2CAP_ENC_TIMEOUT));
                 } else if (chan->sec_level == BT_SECURITY_HIGH)
                         l2cap_chan_close(chan, ECONNREFUSED);
         } else {
@@ -4499,7 +4501,7 @@ int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
 
         if (hcon->type == LE_LINK) {
                 smp_distribute_keys(conn, 0);
-                __cancel_delayed_work(&conn->security_timer);
+                cancel_delayed_work(&conn->security_timer);
         }
 
         rcu_read_lock();
@@ -4546,7 +4548,8 @@ int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
                                         L2CAP_CONN_REQ, sizeof(req), &req);
                         } else {
                                 __clear_chan_timer(chan);
-                                __set_chan_timer(chan, L2CAP_DISC_TIMEOUT);
+                                __set_chan_timer(chan,
+                                        msecs_to_jiffies(L2CAP_DISC_TIMEOUT));
                         }
                 } else if (chan->state == BT_CONNECT2) {
                         struct l2cap_conn_rsp rsp;
@@ -4566,7 +4569,8 @@ int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
                                 }
                         } else {
                                 l2cap_state_change(chan, BT_DISCONN);
-                                __set_chan_timer(chan, L2CAP_DISC_TIMEOUT);
+                                __set_chan_timer(chan,
+                                        msecs_to_jiffies(L2CAP_DISC_TIMEOUT));
                                 res = L2CAP_CR_SEC_BLOCK;
                                 stat = L2CAP_CS_NO_INFO;
                         }
diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c
index c61d967012b2..401d9428ae4c 100644
--- a/net/bluetooth/l2cap_sock.c
+++ b/net/bluetooth/l2cap_sock.c
@@ -849,6 +849,8 @@ static struct l2cap_chan *l2cap_sock_new_connection_cb(void *data)
         if (!sk)
                 return NULL;
 
+        bt_sock_reclassify_lock(sk, BTPROTO_L2CAP);
+
         l2cap_sock_init(sk, parent);
 
         return l2cap_pi(sk)->chan;
@@ -1002,7 +1004,7 @@ static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int p
         INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
 
         sk->sk_destruct = l2cap_sock_destruct;
-        sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
+        sk->sk_sndtimeo = msecs_to_jiffies(L2CAP_CONN_TIMEOUT);
 
         sock_reset_flag(sk, SOCK_ZAPPED);
 
diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c
index 501649bf5596..8a602388f1e7 100644
--- a/net/bluetooth/rfcomm/core.c
+++ b/net/bluetooth/rfcomm/core.c
@@ -1164,12 +1164,18 @@ static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
                         break;
 
                 case BT_DISCONN:
-                        /* When socket is closed and we are not RFCOMM
-                         * initiator rfcomm_process_rx already calls
-                         * rfcomm_session_put() */
-                        if (s->sock->sk->sk_state != BT_CLOSED)
-                                if (list_empty(&s->dlcs))
-                                        rfcomm_session_put(s);
+                        /* rfcomm_session_put is called later so don't do
+                         * anything here otherwise we will mess up the session
+                         * reference counter:
+                         *
+                         * (a) when we are the initiator dlc_unlink will drive
+                         * the reference counter to 0 (there is no initial put
+                         * after session_add)
+                         *
+                         * (b) when we are not the initiator rfcomm_rx_process
+                         * will explicitly call put to balance the initial hold
+                         * done after session add.
+                         */
                         break;
                 }
         }
diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c
index f066678faeee..22169c3f1482 100644
--- a/net/bluetooth/rfcomm/sock.c
+++ b/net/bluetooth/rfcomm/sock.c
@@ -956,6 +956,8 @@ int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc *
         if (!sk)
                 goto done;
 
+        bt_sock_reclassify_lock(sk, BTPROTO_RFCOMM);
+
         rfcomm_sock_init(sk, parent);
         bacpy(&bt_sk(sk)->src, &src);
         bacpy(&bt_sk(sk)->dst, &dst);
diff --git a/net/mac80211/debugfs_sta.c b/net/mac80211/debugfs_sta.c
index 2406b3e7393f..d86217d56bd7 100644
--- a/net/mac80211/debugfs_sta.c
+++ b/net/mac80211/debugfs_sta.c
@@ -63,14 +63,14 @@ static ssize_t sta_flags_read(struct file *file, char __user *userbuf,
         test_sta_flag(sta, WLAN_STA_##flg) ? #flg "\n" : ""
 
         int res = scnprintf(buf, sizeof(buf),
-                            "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s",
+                            "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s",
                             TEST(AUTH), TEST(ASSOC), TEST(PS_STA),
                             TEST(PS_DRIVER), TEST(AUTHORIZED),
                             TEST(SHORT_PREAMBLE),
                             TEST(WME), TEST(WDS), TEST(CLEAR_PS_FILT),
                             TEST(MFP), TEST(BLOCK_BA), TEST(PSPOLL),
                             TEST(UAPSD), TEST(SP), TEST(TDLS_PEER),
-                            TEST(TDLS_PEER_AUTH));
+                            TEST(TDLS_PEER_AUTH), TEST(RATE_CONTROL));
 #undef TEST
         return simple_read_from_buffer(userbuf, count, ppos, buf, res);
 }
diff --git a/net/mac80211/rate.c b/net/mac80211/rate.c
index 5a5a7767d541..ad64f4d5271a 100644
--- a/net/mac80211/rate.c
+++ b/net/mac80211/rate.c
@@ -336,7 +336,7 @@ void rate_control_get_rate(struct ieee80211_sub_if_data *sdata,
         int i;
         u32 mask;
 
-        if (sta) {
+        if (sta && test_sta_flag(sta, WLAN_STA_RATE_CONTROL)) {
                 ista = &sta->sta;
                 priv_sta = sta->rate_ctrl_priv;
         }
diff --git a/net/mac80211/rate.h b/net/mac80211/rate.h
index 168427b0ffdc..80cfc006dd74 100644
--- a/net/mac80211/rate.h
+++ b/net/mac80211/rate.h
@@ -41,7 +41,7 @@ static inline void rate_control_tx_status(struct ieee80211_local *local,
         struct ieee80211_sta *ista = &sta->sta;
         void *priv_sta = sta->rate_ctrl_priv;
 
-        if (!ref)
+        if (!ref || !test_sta_flag(sta, WLAN_STA_RATE_CONTROL))
                 return;
 
         ref->ops->tx_status(ref->priv, sband, ista, priv_sta, skb);
@@ -62,6 +62,7 @@ static inline void rate_control_rate_init(struct sta_info *sta)
         sband = local->hw.wiphy->bands[local->hw.conf.channel->band];
 
         ref->ops->rate_init(ref->priv, sband, ista, priv_sta);
+        set_sta_flag(sta, WLAN_STA_RATE_CONTROL);
 }
 
 static inline void rate_control_rate_update(struct ieee80211_local *local,
diff --git a/net/mac80211/sta_info.h b/net/mac80211/sta_info.h
index 6f77f12dc3fc..bfed851d0d36 100644
--- a/net/mac80211/sta_info.h
+++ b/net/mac80211/sta_info.h
@@ -52,6 +52,7 @@
  * @WLAN_STA_SP: Station is in a service period, so don't try to
  *      reply to other uAPSD trigger frames or PS-Poll.
  * @WLAN_STA_4ADDR_EVENT: 4-addr event was already sent for this frame.
+ * @WLAN_STA_RATE_CONTROL: rate control was initialized for this station.
  */
 enum ieee80211_sta_info_flags {
         WLAN_STA_AUTH,
@@ -71,6 +72,7 @@ enum ieee80211_sta_info_flags {
         WLAN_STA_UAPSD,
         WLAN_STA_SP,
         WLAN_STA_4ADDR_EVENT,
+        WLAN_STA_RATE_CONTROL,
 };
 
 enum ieee80211_sta_state {