diff options
| author | David S. Miller <davem@davemloft.net> | 2013-04-04 17:39:06 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2013-04-04 17:39:06 -0400 |
| commit | 518314ffe4ab5d7ffae0607d0c56ba57e0279732 (patch) | |
| tree | 9dc61e5b2701f1bf3856c8eec809164b3d90ba45 | |
| parent | da241efcd9c3da2af6ba20055c7e158ec725005c (diff) | |
| parent | 407ad2b7efebe42f8331fd42c4576ed3a6117e29 (diff) | |
Merge branch 'for-davem' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless into wireless
John W. Linville says:
====================
Here are some more fixes intended for the 3.9 stream...
Regarding the mac80211 bits, Johannes says:
"I had changed the idle handling to simplify it, but broken the
sequencing of commands, at least for ath9k-htc, one patch restores the
sequence. The other patch fixes a crash Jouni found while stress-testing
the remain-on-channel code, when an item is deleted the work struct can
run twice and crash the second time."
As for the iwlwifi bits, Johannes says:
"The only fix here is to the passive-no-RX firmware regulatory
enforcement driver support code to not drop auth frames in quick
succession, leading to not being able to connect to APs on passive
channels in certain circumstances."
Don't forget the NFC bits, about which Samuel says:
"This time we have:
- A crash fix for when a DGRAM LLCP socket is listening while the NFC adapter
is physically removed.
- A potential double skb free when the LLCP socket receive queue is full.
- A fix for properly handling multiple and consecutive LLCP connections, and
not trash the socket ack log.
- A build failure for the MEI microread physical layer, now that the MEI bus
APIs have been merged into char-misc-next."
On top of that, Stone Piao provides an mwifiex fix to avoid accessing
beyond the end of a buffer.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
| -rw-r--r-- | drivers/net/wireless/iwlwifi/dvm/rxon.c | 18 | ||||
| -rw-r--r-- | drivers/net/wireless/iwlwifi/dvm/tx.c | 2 | ||||
| -rw-r--r-- | drivers/net/wireless/mwifiex/cfg80211.c | 3 | ||||
| -rw-r--r-- | drivers/nfc/microread/mei.c | 38 | ||||
| -rw-r--r-- | net/mac80211/cfg.c | 6 | ||||
| -rw-r--r-- | net/mac80211/chan.c | 17 | ||||
| -rw-r--r-- | net/mac80211/ieee80211_i.h | 4 | ||||
| -rw-r--r-- | net/mac80211/iface.c | 2 | ||||
| -rw-r--r-- | net/mac80211/offchannel.c | 23 | ||||
| -rw-r--r-- | net/nfc/llcp/llcp.c | 8 | ||||
| -rw-r--r-- | net/nfc/llcp/sock.c | 6 |
11 files changed, 70 insertions, 57 deletions
diff --git a/drivers/net/wireless/iwlwifi/dvm/rxon.c b/drivers/net/wireless/iwlwifi/dvm/rxon.c index 23be948cf162..a82b6b39d4ff 100644 --- a/drivers/net/wireless/iwlwifi/dvm/rxon.c +++ b/drivers/net/wireless/iwlwifi/dvm/rxon.c | |||
| @@ -1419,6 +1419,14 @@ void iwlagn_bss_info_changed(struct ieee80211_hw *hw, | |||
| 1419 | 1419 | ||
| 1420 | mutex_lock(&priv->mutex); | 1420 | mutex_lock(&priv->mutex); |
| 1421 | 1421 | ||
| 1422 | if (changes & BSS_CHANGED_IDLE && bss_conf->idle) { | ||
| 1423 | /* | ||
| 1424 | * If we go idle, then clearly no "passive-no-rx" | ||
| 1425 | * workaround is needed any more, this is a reset. | ||
| 1426 | */ | ||
| 1427 | iwlagn_lift_passive_no_rx(priv); | ||
| 1428 | } | ||
| 1429 | |||
| 1422 | if (unlikely(!iwl_is_ready(priv))) { | 1430 | if (unlikely(!iwl_is_ready(priv))) { |
| 1423 | IWL_DEBUG_MAC80211(priv, "leave - not ready\n"); | 1431 | IWL_DEBUG_MAC80211(priv, "leave - not ready\n"); |
| 1424 | mutex_unlock(&priv->mutex); | 1432 | mutex_unlock(&priv->mutex); |
| @@ -1450,16 +1458,6 @@ void iwlagn_bss_info_changed(struct ieee80211_hw *hw, | |||
| 1450 | priv->timestamp = bss_conf->sync_tsf; | 1458 | priv->timestamp = bss_conf->sync_tsf; |
| 1451 | ctx->staging.filter_flags |= RXON_FILTER_ASSOC_MSK; | 1459 | ctx->staging.filter_flags |= RXON_FILTER_ASSOC_MSK; |
| 1452 | } else { | 1460 | } else { |
| 1453 | /* | ||
| 1454 | * If we disassociate while there are pending | ||
| 1455 | * frames, just wake up the queues and let the | ||
| 1456 | * frames "escape" ... This shouldn't really | ||
| 1457 | * be happening to start with, but we should | ||
| 1458 | * not get stuck in this case either since it | ||
| 1459 | * can happen if userspace gets confused. | ||
| 1460 | */ | ||
| 1461 | iwlagn_lift_passive_no_rx(priv); | ||
| 1462 | |||
| 1463 | ctx->staging.filter_flags &= ~RXON_FILTER_ASSOC_MSK; | 1461 | ctx->staging.filter_flags &= ~RXON_FILTER_ASSOC_MSK; |
| 1464 | 1462 | ||
| 1465 | if (ctx->ctxid == IWL_RXON_CTX_BSS) | 1463 | if (ctx->ctxid == IWL_RXON_CTX_BSS) |
diff --git a/drivers/net/wireless/iwlwifi/dvm/tx.c b/drivers/net/wireless/iwlwifi/dvm/tx.c index 6aec2df3bb27..d1a670d7b10c 100644 --- a/drivers/net/wireless/iwlwifi/dvm/tx.c +++ b/drivers/net/wireless/iwlwifi/dvm/tx.c | |||
| @@ -1192,7 +1192,7 @@ int iwlagn_rx_reply_tx(struct iwl_priv *priv, struct iwl_rx_cmd_buffer *rxb, | |||
| 1192 | memset(&info->status, 0, sizeof(info->status)); | 1192 | memset(&info->status, 0, sizeof(info->status)); |
| 1193 | 1193 | ||
| 1194 | if (status == TX_STATUS_FAIL_PASSIVE_NO_RX && | 1194 | if (status == TX_STATUS_FAIL_PASSIVE_NO_RX && |
| 1195 | iwl_is_associated_ctx(ctx) && ctx->vif && | 1195 | ctx->vif && |
| 1196 | ctx->vif->type == NL80211_IFTYPE_STATION) { | 1196 | ctx->vif->type == NL80211_IFTYPE_STATION) { |
| 1197 | /* block and stop all queues */ | 1197 | /* block and stop all queues */ |
| 1198 | priv->passive_no_rx = true; | 1198 | priv->passive_no_rx = true; |
diff --git a/drivers/net/wireless/mwifiex/cfg80211.c b/drivers/net/wireless/mwifiex/cfg80211.c index a44023a7bd57..8aaf56ade4d9 100644 --- a/drivers/net/wireless/mwifiex/cfg80211.c +++ b/drivers/net/wireless/mwifiex/cfg80211.c | |||
| @@ -1892,7 +1892,8 @@ mwifiex_cfg80211_scan(struct wiphy *wiphy, | |||
| 1892 | } | 1892 | } |
| 1893 | } | 1893 | } |
| 1894 | 1894 | ||
| 1895 | for (i = 0; i < request->n_channels; i++) { | 1895 | for (i = 0; i < min_t(u32, request->n_channels, |
| 1896 | MWIFIEX_USER_SCAN_CHAN_MAX); i++) { | ||
| 1896 | chan = request->channels[i]; | 1897 | chan = request->channels[i]; |
| 1897 | priv->user_scan_cfg->chan_list[i].chan_number = chan->hw_value; | 1898 | priv->user_scan_cfg->chan_list[i].chan_number = chan->hw_value; |
| 1898 | priv->user_scan_cfg->chan_list[i].radio_type = chan->band; | 1899 | priv->user_scan_cfg->chan_list[i].radio_type = chan->band; |
diff --git a/drivers/nfc/microread/mei.c b/drivers/nfc/microread/mei.c index eef38cfd812e..ca33ae193935 100644 --- a/drivers/nfc/microread/mei.c +++ b/drivers/nfc/microread/mei.c | |||
| @@ -22,7 +22,7 @@ | |||
| 22 | #include <linux/slab.h> | 22 | #include <linux/slab.h> |
| 23 | #include <linux/interrupt.h> | 23 | #include <linux/interrupt.h> |
| 24 | #include <linux/gpio.h> | 24 | #include <linux/gpio.h> |
| 25 | #include <linux/mei_bus.h> | 25 | #include <linux/mei_cl_bus.h> |
| 26 | 26 | ||
| 27 | #include <linux/nfc.h> | 27 | #include <linux/nfc.h> |
| 28 | #include <net/nfc/hci.h> | 28 | #include <net/nfc/hci.h> |
| @@ -32,9 +32,6 @@ | |||
| 32 | 32 | ||
| 33 | #define MICROREAD_DRIVER_NAME "microread" | 33 | #define MICROREAD_DRIVER_NAME "microread" |
| 34 | 34 | ||
| 35 | #define MICROREAD_UUID UUID_LE(0x0bb17a78, 0x2a8e, 0x4c50, 0x94, \ | ||
| 36 | 0xd4, 0x50, 0x26, 0x67, 0x23, 0x77, 0x5c) | ||
| 37 | |||
| 38 | struct mei_nfc_hdr { | 35 | struct mei_nfc_hdr { |
| 39 | u8 cmd; | 36 | u8 cmd; |
| 40 | u8 status; | 37 | u8 status; |
| @@ -48,7 +45,7 @@ struct mei_nfc_hdr { | |||
| 48 | #define MEI_NFC_MAX_READ (MEI_NFC_HEADER_SIZE + MEI_NFC_MAX_HCI_PAYLOAD) | 45 | #define MEI_NFC_MAX_READ (MEI_NFC_HEADER_SIZE + MEI_NFC_MAX_HCI_PAYLOAD) |
| 49 | 46 | ||
| 50 | struct microread_mei_phy { | 47 | struct microread_mei_phy { |
| 51 | struct mei_device *mei_device; | 48 | struct mei_cl_device *device; |
| 52 | struct nfc_hci_dev *hdev; | 49 | struct nfc_hci_dev *hdev; |
| 53 | 50 | ||
| 54 | int powered; | 51 | int powered; |
| @@ -105,14 +102,14 @@ static int microread_mei_write(void *phy_id, struct sk_buff *skb) | |||
| 105 | 102 | ||
| 106 | MEI_DUMP_SKB_OUT("mei frame sent", skb); | 103 | MEI_DUMP_SKB_OUT("mei frame sent", skb); |
| 107 | 104 | ||
| 108 | r = mei_send(phy->device, skb->data, skb->len); | 105 | r = mei_cl_send(phy->device, skb->data, skb->len); |
| 109 | if (r > 0) | 106 | if (r > 0) |
| 110 | r = 0; | 107 | r = 0; |
| 111 | 108 | ||
| 112 | return r; | 109 | return r; |
| 113 | } | 110 | } |
| 114 | 111 | ||
| 115 | static void microread_event_cb(struct mei_device *device, u32 events, | 112 | static void microread_event_cb(struct mei_cl_device *device, u32 events, |
| 116 | void *context) | 113 | void *context) |
| 117 | { | 114 | { |
| 118 | struct microread_mei_phy *phy = context; | 115 | struct microread_mei_phy *phy = context; |
| @@ -120,7 +117,7 @@ static void microread_event_cb(struct mei_device *device, u32 events, | |||
| 120 | if (phy->hard_fault != 0) | 117 | if (phy->hard_fault != 0) |
| 121 | return; | 118 | return; |
| 122 | 119 | ||
| 123 | if (events & BIT(MEI_EVENT_RX)) { | 120 | if (events & BIT(MEI_CL_EVENT_RX)) { |
| 124 | struct sk_buff *skb; | 121 | struct sk_buff *skb; |
| 125 | int reply_size; | 122 | int reply_size; |
| 126 | 123 | ||
| @@ -128,7 +125,7 @@ static void microread_event_cb(struct mei_device *device, u32 events, | |||
| 128 | if (!skb) | 125 | if (!skb) |
| 129 | return; | 126 | return; |
| 130 | 127 | ||
| 131 | reply_size = mei_recv(device, skb->data, MEI_NFC_MAX_READ); | 128 | reply_size = mei_cl_recv(device, skb->data, MEI_NFC_MAX_READ); |
| 132 | if (reply_size < MEI_NFC_HEADER_SIZE) { | 129 | if (reply_size < MEI_NFC_HEADER_SIZE) { |
| 133 | kfree(skb); | 130 | kfree(skb); |
| 134 | return; | 131 | return; |
| @@ -149,8 +146,8 @@ static struct nfc_phy_ops mei_phy_ops = { | |||
| 149 | .disable = microread_mei_disable, | 146 | .disable = microread_mei_disable, |
| 150 | }; | 147 | }; |
| 151 | 148 | ||
| 152 | static int microread_mei_probe(struct mei_device *device, | 149 | static int microread_mei_probe(struct mei_cl_device *device, |
| 153 | const struct mei_id *id) | 150 | const struct mei_cl_device_id *id) |
| 154 | { | 151 | { |
| 155 | struct microread_mei_phy *phy; | 152 | struct microread_mei_phy *phy; |
| 156 | int r; | 153 | int r; |
| @@ -164,9 +161,9 @@ static int microread_mei_probe(struct mei_device *device, | |||
| 164 | } | 161 | } |
| 165 | 162 | ||
| 166 | phy->device = device; | 163 | phy->device = device; |
| 167 | mei_set_clientdata(device, phy); | 164 | mei_cl_set_drvdata(device, phy); |
| 168 | 165 | ||
| 169 | r = mei_register_event_cb(device, microread_event_cb, phy); | 166 | r = mei_cl_register_event_cb(device, microread_event_cb, phy); |
| 170 | if (r) { | 167 | if (r) { |
| 171 | pr_err(MICROREAD_DRIVER_NAME ": event cb registration failed\n"); | 168 | pr_err(MICROREAD_DRIVER_NAME ": event cb registration failed\n"); |
| 172 | goto err_out; | 169 | goto err_out; |
| @@ -186,9 +183,9 @@ err_out: | |||
| 186 | return r; | 183 | return r; |
| 187 | } | 184 | } |
| 188 | 185 | ||
| 189 | static int microread_mei_remove(struct mei_device *device) | 186 | static int microread_mei_remove(struct mei_cl_device *device) |
| 190 | { | 187 | { |
| 191 | struct microread_mei_phy *phy = mei_get_clientdata(device); | 188 | struct microread_mei_phy *phy = mei_cl_get_drvdata(device); |
| 192 | 189 | ||
| 193 | pr_info("Removing microread\n"); | 190 | pr_info("Removing microread\n"); |
| 194 | 191 | ||
| @@ -202,16 +199,15 @@ static int microread_mei_remove(struct mei_device *device) | |||
| 202 | return 0; | 199 | return 0; |
| 203 | } | 200 | } |
| 204 | 201 | ||
| 205 | static struct mei_id microread_mei_tbl[] = { | 202 | static struct mei_cl_device_id microread_mei_tbl[] = { |
| 206 | { MICROREAD_DRIVER_NAME, MICROREAD_UUID }, | 203 | { MICROREAD_DRIVER_NAME }, |
| 207 | 204 | ||
| 208 | /* required last entry */ | 205 | /* required last entry */ |
| 209 | { } | 206 | { } |
| 210 | }; | 207 | }; |
| 211 | |||
| 212 | MODULE_DEVICE_TABLE(mei, microread_mei_tbl); | 208 | MODULE_DEVICE_TABLE(mei, microread_mei_tbl); |
| 213 | 209 | ||
| 214 | static struct mei_driver microread_driver = { | 210 | static struct mei_cl_driver microread_driver = { |
| 215 | .id_table = microread_mei_tbl, | 211 | .id_table = microread_mei_tbl, |
| 216 | .name = MICROREAD_DRIVER_NAME, | 212 | .name = MICROREAD_DRIVER_NAME, |
| 217 | 213 | ||
| @@ -225,7 +221,7 @@ static int microread_mei_init(void) | |||
| 225 | 221 | ||
| 226 | pr_debug(DRIVER_DESC ": %s\n", __func__); | 222 | pr_debug(DRIVER_DESC ": %s\n", __func__); |
| 227 | 223 | ||
| 228 | r = mei_driver_register(µread_driver); | 224 | r = mei_cl_driver_register(µread_driver); |
| 229 | if (r) { | 225 | if (r) { |
| 230 | pr_err(MICROREAD_DRIVER_NAME ": driver registration failed\n"); | 226 | pr_err(MICROREAD_DRIVER_NAME ": driver registration failed\n"); |
| 231 | return r; | 227 | return r; |
| @@ -236,7 +232,7 @@ static int microread_mei_init(void) | |||
| 236 | 232 | ||
| 237 | static void microread_mei_exit(void) | 233 | static void microread_mei_exit(void) |
| 238 | { | 234 | { |
| 239 | mei_driver_unregister(µread_driver); | 235 | mei_cl_driver_unregister(µread_driver); |
| 240 | } | 236 | } |
| 241 | 237 | ||
| 242 | module_init(microread_mei_init); | 238 | module_init(microread_mei_init); |
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c index fb306814576a..a6893602f87a 100644 --- a/net/mac80211/cfg.c +++ b/net/mac80211/cfg.c | |||
| @@ -2582,7 +2582,7 @@ static int ieee80211_cancel_roc(struct ieee80211_local *local, | |||
| 2582 | list_del(&dep->list); | 2582 | list_del(&dep->list); |
| 2583 | mutex_unlock(&local->mtx); | 2583 | mutex_unlock(&local->mtx); |
| 2584 | 2584 | ||
| 2585 | ieee80211_roc_notify_destroy(dep); | 2585 | ieee80211_roc_notify_destroy(dep, true); |
| 2586 | return 0; | 2586 | return 0; |
| 2587 | } | 2587 | } |
| 2588 | 2588 | ||
| @@ -2622,7 +2622,7 @@ static int ieee80211_cancel_roc(struct ieee80211_local *local, | |||
| 2622 | ieee80211_start_next_roc(local); | 2622 | ieee80211_start_next_roc(local); |
| 2623 | mutex_unlock(&local->mtx); | 2623 | mutex_unlock(&local->mtx); |
| 2624 | 2624 | ||
| 2625 | ieee80211_roc_notify_destroy(found); | 2625 | ieee80211_roc_notify_destroy(found, true); |
| 2626 | } else { | 2626 | } else { |
| 2627 | /* work may be pending so use it all the time */ | 2627 | /* work may be pending so use it all the time */ |
| 2628 | found->abort = true; | 2628 | found->abort = true; |
| @@ -2632,6 +2632,8 @@ static int ieee80211_cancel_roc(struct ieee80211_local *local, | |||
| 2632 | 2632 | ||
| 2633 | /* work will clean up etc */ | 2633 | /* work will clean up etc */ |
| 2634 | flush_delayed_work(&found->work); | 2634 | flush_delayed_work(&found->work); |
| 2635 | WARN_ON(!found->to_be_freed); | ||
| 2636 | kfree(found); | ||
| 2635 | } | 2637 | } |
| 2636 | 2638 | ||
| 2637 | return 0; | 2639 | return 0; |
diff --git a/net/mac80211/chan.c b/net/mac80211/chan.c index 78c0d90dd641..931be419ab5a 100644 --- a/net/mac80211/chan.c +++ b/net/mac80211/chan.c | |||
| @@ -63,6 +63,7 @@ ieee80211_new_chanctx(struct ieee80211_local *local, | |||
| 63 | enum ieee80211_chanctx_mode mode) | 63 | enum ieee80211_chanctx_mode mode) |
| 64 | { | 64 | { |
| 65 | struct ieee80211_chanctx *ctx; | 65 | struct ieee80211_chanctx *ctx; |
| 66 | u32 changed; | ||
| 66 | int err; | 67 | int err; |
| 67 | 68 | ||
| 68 | lockdep_assert_held(&local->chanctx_mtx); | 69 | lockdep_assert_held(&local->chanctx_mtx); |
| @@ -76,6 +77,13 @@ ieee80211_new_chanctx(struct ieee80211_local *local, | |||
| 76 | ctx->conf.rx_chains_dynamic = 1; | 77 | ctx->conf.rx_chains_dynamic = 1; |
| 77 | ctx->mode = mode; | 78 | ctx->mode = mode; |
| 78 | 79 | ||
| 80 | /* acquire mutex to prevent idle from changing */ | ||
| 81 | mutex_lock(&local->mtx); | ||
| 82 | /* turn idle off *before* setting channel -- some drivers need that */ | ||
| 83 | changed = ieee80211_idle_off(local); | ||
| 84 | if (changed) | ||
| 85 | ieee80211_hw_config(local, changed); | ||
| 86 | |||
| 79 | if (!local->use_chanctx) { | 87 | if (!local->use_chanctx) { |
| 80 | local->_oper_channel_type = | 88 | local->_oper_channel_type = |
| 81 | cfg80211_get_chandef_type(chandef); | 89 | cfg80211_get_chandef_type(chandef); |
| @@ -85,14 +93,17 @@ ieee80211_new_chanctx(struct ieee80211_local *local, | |||
| 85 | err = drv_add_chanctx(local, ctx); | 93 | err = drv_add_chanctx(local, ctx); |
| 86 | if (err) { | 94 | if (err) { |
| 87 | kfree(ctx); | 95 | kfree(ctx); |
| 88 | return ERR_PTR(err); | 96 | ctx = ERR_PTR(err); |
| 97 | |||
| 98 | ieee80211_recalc_idle(local); | ||
| 99 | goto out; | ||
| 89 | } | 100 | } |
| 90 | } | 101 | } |
| 91 | 102 | ||
| 103 | /* and keep the mutex held until the new chanctx is on the list */ | ||
| 92 | list_add_rcu(&ctx->list, &local->chanctx_list); | 104 | list_add_rcu(&ctx->list, &local->chanctx_list); |
| 93 | 105 | ||
| 94 | mutex_lock(&local->mtx); | 106 | out: |
| 95 | ieee80211_recalc_idle(local); | ||
| 96 | mutex_unlock(&local->mtx); | 107 | mutex_unlock(&local->mtx); |
| 97 | 108 | ||
| 98 | return ctx; | 109 | return ctx; |
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h index 388580a1bada..5672533a0832 100644 --- a/net/mac80211/ieee80211_i.h +++ b/net/mac80211/ieee80211_i.h | |||
| @@ -309,6 +309,7 @@ struct ieee80211_roc_work { | |||
| 309 | struct ieee80211_channel *chan; | 309 | struct ieee80211_channel *chan; |
| 310 | 310 | ||
| 311 | bool started, abort, hw_begun, notified; | 311 | bool started, abort, hw_begun, notified; |
| 312 | bool to_be_freed; | ||
| 312 | 313 | ||
| 313 | unsigned long hw_start_time; | 314 | unsigned long hw_start_time; |
| 314 | 315 | ||
| @@ -1347,7 +1348,7 @@ void ieee80211_offchannel_return(struct ieee80211_local *local); | |||
| 1347 | void ieee80211_roc_setup(struct ieee80211_local *local); | 1348 | void ieee80211_roc_setup(struct ieee80211_local *local); |
| 1348 | void ieee80211_start_next_roc(struct ieee80211_local *local); | 1349 | void ieee80211_start_next_roc(struct ieee80211_local *local); |
| 1349 | void ieee80211_roc_purge(struct ieee80211_sub_if_data *sdata); | 1350 | void ieee80211_roc_purge(struct ieee80211_sub_if_data *sdata); |
| 1350 | void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc); | 1351 | void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc, bool free); |
| 1351 | void ieee80211_sw_roc_work(struct work_struct *work); | 1352 | void ieee80211_sw_roc_work(struct work_struct *work); |
| 1352 | void ieee80211_handle_roc_started(struct ieee80211_roc_work *roc); | 1353 | void ieee80211_handle_roc_started(struct ieee80211_roc_work *roc); |
| 1353 | 1354 | ||
| @@ -1361,6 +1362,7 @@ int ieee80211_if_change_type(struct ieee80211_sub_if_data *sdata, | |||
| 1361 | enum nl80211_iftype type); | 1362 | enum nl80211_iftype type); |
| 1362 | void ieee80211_if_remove(struct ieee80211_sub_if_data *sdata); | 1363 | void ieee80211_if_remove(struct ieee80211_sub_if_data *sdata); |
| 1363 | void ieee80211_remove_interfaces(struct ieee80211_local *local); | 1364 | void ieee80211_remove_interfaces(struct ieee80211_local *local); |
| 1365 | u32 ieee80211_idle_off(struct ieee80211_local *local); | ||
| 1364 | void ieee80211_recalc_idle(struct ieee80211_local *local); | 1366 | void ieee80211_recalc_idle(struct ieee80211_local *local); |
| 1365 | void ieee80211_adjust_monitor_flags(struct ieee80211_sub_if_data *sdata, | 1367 | void ieee80211_adjust_monitor_flags(struct ieee80211_sub_if_data *sdata, |
| 1366 | const int offset); | 1368 | const int offset); |
diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c index 3bfe2612c8c2..58150f877ec3 100644 --- a/net/mac80211/iface.c +++ b/net/mac80211/iface.c | |||
| @@ -78,7 +78,7 @@ void ieee80211_recalc_txpower(struct ieee80211_sub_if_data *sdata) | |||
| 78 | ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_TXPOWER); | 78 | ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_TXPOWER); |
| 79 | } | 79 | } |
| 80 | 80 | ||
| 81 | static u32 ieee80211_idle_off(struct ieee80211_local *local) | 81 | u32 ieee80211_idle_off(struct ieee80211_local *local) |
| 82 | { | 82 | { |
| 83 | if (!(local->hw.conf.flags & IEEE80211_CONF_IDLE)) | 83 | if (!(local->hw.conf.flags & IEEE80211_CONF_IDLE)) |
| 84 | return 0; | 84 | return 0; |
diff --git a/net/mac80211/offchannel.c b/net/mac80211/offchannel.c index cc79b4a2e821..430bd254e496 100644 --- a/net/mac80211/offchannel.c +++ b/net/mac80211/offchannel.c | |||
| @@ -297,10 +297,13 @@ void ieee80211_start_next_roc(struct ieee80211_local *local) | |||
| 297 | } | 297 | } |
| 298 | } | 298 | } |
| 299 | 299 | ||
| 300 | void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc) | 300 | void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc, bool free) |
| 301 | { | 301 | { |
| 302 | struct ieee80211_roc_work *dep, *tmp; | 302 | struct ieee80211_roc_work *dep, *tmp; |
| 303 | 303 | ||
| 304 | if (WARN_ON(roc->to_be_freed)) | ||
| 305 | return; | ||
| 306 | |||
| 304 | /* was never transmitted */ | 307 | /* was never transmitted */ |
| 305 | if (roc->frame) { | 308 | if (roc->frame) { |
| 306 | cfg80211_mgmt_tx_status(&roc->sdata->wdev, | 309 | cfg80211_mgmt_tx_status(&roc->sdata->wdev, |
| @@ -316,9 +319,12 @@ void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc) | |||
| 316 | GFP_KERNEL); | 319 | GFP_KERNEL); |
| 317 | 320 | ||
| 318 | list_for_each_entry_safe(dep, tmp, &roc->dependents, list) | 321 | list_for_each_entry_safe(dep, tmp, &roc->dependents, list) |
| 319 | ieee80211_roc_notify_destroy(dep); | 322 | ieee80211_roc_notify_destroy(dep, true); |
| 320 | 323 | ||
| 321 | kfree(roc); | 324 | if (free) |
| 325 | kfree(roc); | ||
| 326 | else | ||
| 327 | roc->to_be_freed = true; | ||
| 322 | } | 328 | } |
| 323 | 329 | ||
| 324 | void ieee80211_sw_roc_work(struct work_struct *work) | 330 | void ieee80211_sw_roc_work(struct work_struct *work) |
| @@ -331,6 +337,9 @@ void ieee80211_sw_roc_work(struct work_struct *work) | |||
| 331 | 337 | ||
| 332 | mutex_lock(&local->mtx); | 338 | mutex_lock(&local->mtx); |
| 333 | 339 | ||
| 340 | if (roc->to_be_freed) | ||
| 341 | goto out_unlock; | ||
| 342 | |||
| 334 | if (roc->abort) | 343 | if (roc->abort) |
| 335 | goto finish; | 344 | goto finish; |
| 336 | 345 | ||
| @@ -370,7 +379,7 @@ void ieee80211_sw_roc_work(struct work_struct *work) | |||
| 370 | finish: | 379 | finish: |
| 371 | list_del(&roc->list); | 380 | list_del(&roc->list); |
| 372 | started = roc->started; | 381 | started = roc->started; |
| 373 | ieee80211_roc_notify_destroy(roc); | 382 | ieee80211_roc_notify_destroy(roc, !roc->abort); |
| 374 | 383 | ||
| 375 | if (started) { | 384 | if (started) { |
| 376 | drv_flush(local, false); | 385 | drv_flush(local, false); |
| @@ -410,7 +419,7 @@ static void ieee80211_hw_roc_done(struct work_struct *work) | |||
| 410 | 419 | ||
| 411 | list_del(&roc->list); | 420 | list_del(&roc->list); |
| 412 | 421 | ||
| 413 | ieee80211_roc_notify_destroy(roc); | 422 | ieee80211_roc_notify_destroy(roc, true); |
| 414 | 423 | ||
| 415 | /* if there's another roc, start it now */ | 424 | /* if there's another roc, start it now */ |
| 416 | ieee80211_start_next_roc(local); | 425 | ieee80211_start_next_roc(local); |
| @@ -460,12 +469,14 @@ void ieee80211_roc_purge(struct ieee80211_sub_if_data *sdata) | |||
| 460 | list_for_each_entry_safe(roc, tmp, &tmp_list, list) { | 469 | list_for_each_entry_safe(roc, tmp, &tmp_list, list) { |
| 461 | if (local->ops->remain_on_channel) { | 470 | if (local->ops->remain_on_channel) { |
| 462 | list_del(&roc->list); | 471 | list_del(&roc->list); |
| 463 | ieee80211_roc_notify_destroy(roc); | 472 | ieee80211_roc_notify_destroy(roc, true); |
| 464 | } else { | 473 | } else { |
| 465 | ieee80211_queue_delayed_work(&local->hw, &roc->work, 0); | 474 | ieee80211_queue_delayed_work(&local->hw, &roc->work, 0); |
| 466 | 475 | ||
| 467 | /* work will clean up etc */ | 476 | /* work will clean up etc */ |
| 468 | flush_delayed_work(&roc->work); | 477 | flush_delayed_work(&roc->work); |
| 478 | WARN_ON(!roc->to_be_freed); | ||
| 479 | kfree(roc); | ||
| 469 | } | 480 | } |
| 470 | } | 481 | } |
| 471 | 482 | ||
diff --git a/net/nfc/llcp/llcp.c b/net/nfc/llcp/llcp.c index b530afadd76c..ee25f25f0cd6 100644 --- a/net/nfc/llcp/llcp.c +++ b/net/nfc/llcp/llcp.c | |||
| @@ -107,8 +107,6 @@ static void nfc_llcp_socket_release(struct nfc_llcp_local *local, bool listen, | |||
| 107 | accept_sk->sk_state_change(sk); | 107 | accept_sk->sk_state_change(sk); |
| 108 | 108 | ||
| 109 | bh_unlock_sock(accept_sk); | 109 | bh_unlock_sock(accept_sk); |
| 110 | |||
| 111 | sock_orphan(accept_sk); | ||
| 112 | } | 110 | } |
| 113 | 111 | ||
| 114 | if (listen == true) { | 112 | if (listen == true) { |
| @@ -134,8 +132,6 @@ static void nfc_llcp_socket_release(struct nfc_llcp_local *local, bool listen, | |||
| 134 | 132 | ||
| 135 | bh_unlock_sock(sk); | 133 | bh_unlock_sock(sk); |
| 136 | 134 | ||
| 137 | sock_orphan(sk); | ||
| 138 | |||
| 139 | sk_del_node_init(sk); | 135 | sk_del_node_init(sk); |
| 140 | } | 136 | } |
| 141 | 137 | ||
| @@ -164,8 +160,6 @@ static void nfc_llcp_socket_release(struct nfc_llcp_local *local, bool listen, | |||
| 164 | 160 | ||
| 165 | bh_unlock_sock(sk); | 161 | bh_unlock_sock(sk); |
| 166 | 162 | ||
| 167 | sock_orphan(sk); | ||
| 168 | |||
| 169 | sk_del_node_init(sk); | 163 | sk_del_node_init(sk); |
| 170 | } | 164 | } |
| 171 | 165 | ||
| @@ -827,7 +821,6 @@ static void nfc_llcp_recv_ui(struct nfc_llcp_local *local, | |||
| 827 | skb_get(skb); | 821 | skb_get(skb); |
| 828 | } else { | 822 | } else { |
| 829 | pr_err("Receive queue is full\n"); | 823 | pr_err("Receive queue is full\n"); |
| 830 | kfree_skb(skb); | ||
| 831 | } | 824 | } |
| 832 | 825 | ||
| 833 | nfc_llcp_sock_put(llcp_sock); | 826 | nfc_llcp_sock_put(llcp_sock); |
| @@ -1028,7 +1021,6 @@ static void nfc_llcp_recv_hdlc(struct nfc_llcp_local *local, | |||
| 1028 | skb_get(skb); | 1021 | skb_get(skb); |
| 1029 | } else { | 1022 | } else { |
| 1030 | pr_err("Receive queue is full\n"); | 1023 | pr_err("Receive queue is full\n"); |
| 1031 | kfree_skb(skb); | ||
| 1032 | } | 1024 | } |
| 1033 | } | 1025 | } |
| 1034 | 1026 | ||
diff --git a/net/nfc/llcp/sock.c b/net/nfc/llcp/sock.c index 5c7cdf3f2a83..8f025746f337 100644 --- a/net/nfc/llcp/sock.c +++ b/net/nfc/llcp/sock.c | |||
| @@ -270,7 +270,9 @@ struct sock *nfc_llcp_accept_dequeue(struct sock *parent, | |||
| 270 | } | 270 | } |
| 271 | 271 | ||
| 272 | if (sk->sk_state == LLCP_CONNECTED || !newsock) { | 272 | if (sk->sk_state == LLCP_CONNECTED || !newsock) { |
| 273 | nfc_llcp_accept_unlink(sk); | 273 | list_del_init(&lsk->accept_queue); |
| 274 | sock_put(sk); | ||
| 275 | |||
| 274 | if (newsock) | 276 | if (newsock) |
| 275 | sock_graft(sk, newsock); | 277 | sock_graft(sk, newsock); |
| 276 | 278 | ||
| @@ -464,8 +466,6 @@ static int llcp_sock_release(struct socket *sock) | |||
| 464 | nfc_llcp_accept_unlink(accept_sk); | 466 | nfc_llcp_accept_unlink(accept_sk); |
| 465 | 467 | ||
| 466 | release_sock(accept_sk); | 468 | release_sock(accept_sk); |
| 467 | |||
| 468 | sock_orphan(accept_sk); | ||
| 469 | } | 469 | } |
| 470 | } | 470 | } |
| 471 | 471 | ||