aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJohn W. Linville <linville@tuxdriver.com>2012-07-09 16:34:34 -0400
committerJohn W. Linville <linville@tuxdriver.com>2012-07-09 16:34:34 -0400
commit635d999fd3b9f0ddc899eaf45fc49bec65c0b8e2 (patch)
tree0456542caa85aff0f4edf91707e36850f76d585f
parent34202e28fe7fc8551313f9a035a8857db83de757 (diff)
parentb48d96652626b315229b1b82c6270eead6a77a6d (diff)
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless
Conflicts: net/mac80211/mlme.c
Diffstat
-rw-r--r--drivers/bluetooth/ath3k.c3
-rw-r--r--drivers/bluetooth/btmrvl_drv.h2
-rw-r--r--drivers/bluetooth/btmrvl_main.c14
-rw-r--r--drivers/bluetooth/btmrvl_sdio.c8
-rw-r--r--drivers/bluetooth/btusb.c2
-rw-r--r--drivers/net/wireless/airo.c4
-rw-r--r--drivers/net/wireless/ath/ath.h1
-rw-r--r--drivers/net/wireless/ath/ath5k/base.c4
-rw-r--r--drivers/net/wireless/ath/ath9k/ath9k.h1
-rw-r--r--drivers/net/wireless/ath/ath9k/htc_drv_main.c5
-rw-r--r--drivers/net/wireless/ath/ath9k/hw.c16
-rw-r--r--drivers/net/wireless/ath/ath9k/recv.c7
-rw-r--r--drivers/net/wireless/ath/ath9k/xmit.c31
-rw-r--r--drivers/net/wireless/ath/key.c4
-rw-r--r--drivers/net/wireless/iwlegacy/4965-mac.c4
-rw-r--r--drivers/net/wireless/iwlegacy/common.c14
-rw-r--r--drivers/net/wireless/iwlwifi/dvm/debugfs.c6
-rw-r--r--drivers/net/wireless/iwlwifi/dvm/mac80211.c12
-rw-r--r--drivers/net/wireless/mwifiex/11n_rxreorder.c5
-rw-r--r--drivers/net/wireless/mwifiex/11n_rxreorder.h7
-rw-r--r--drivers/net/wireless/mwifiex/cfg80211.c26
-rw-r--r--drivers/net/wireless/mwifiex/ie.c1
-rw-r--r--drivers/net/wireless/mwifiex/sdio.c6
-rw-r--r--drivers/net/wireless/mwifiex/sta_event.c9
-rw-r--r--drivers/net/wireless/mwifiex/txrx.c10
-rw-r--r--drivers/net/wireless/mwifiex/usb.c28
-rw-r--r--drivers/net/wireless/mwifiex/wmm.c3
-rw-r--r--drivers/net/wireless/rt2x00/rt2x00usb.c2
-rw-r--r--drivers/net/wireless/rtlwifi/rtl8192cu/sw.c3
-rw-r--r--drivers/net/wireless/ti/wl1251/acx.c2
-rw-r--r--drivers/net/wireless/ti/wl1251/event.c3
-rw-r--r--drivers/net/wireless/ti/wl1251/spi.c4
-rw-r--r--drivers/net/wireless/ti/wlcore/Kconfig1
-rw-r--r--net/bluetooth/l2cap_core.c14
-rw-r--r--net/bluetooth/mgmt.c2
-rw-r--r--net/mac80211/mlme.c19
-rw-r--r--net/mac80211/rc80211_minstrel_ht.c2
-rw-r--r--net/mac80211/rx.c5
-rw-r--r--net/nfc/llcp/sock.c2
-rw-r--r--net/nfc/nci/ntf.c10
-rw-r--r--net/nfc/rawsock.c5
41 files changed, 195 insertions, 112 deletions
diff --git a/drivers/bluetooth/ath3k.c b/drivers/bluetooth/ath3k.c
index ad591bd240ec..10308cd8a7ed 100644
--- a/drivers/bluetooth/ath3k.c
+++ b/drivers/bluetooth/ath3k.c
@@ -63,6 +63,7 @@ static struct usb_device_id ath3k_table[] = {
63 63
64 /* Atheros AR3011 with sflash firmware*/ 64 /* Atheros AR3011 with sflash firmware*/
65 { USB_DEVICE(0x0CF3, 0x3002) }, 65 { USB_DEVICE(0x0CF3, 0x3002) },
66 { USB_DEVICE(0x0CF3, 0xE019) },
66 { USB_DEVICE(0x13d3, 0x3304) }, 67 { USB_DEVICE(0x13d3, 0x3304) },
67 { USB_DEVICE(0x0930, 0x0215) }, 68 { USB_DEVICE(0x0930, 0x0215) },
68 { USB_DEVICE(0x0489, 0xE03D) }, 69 { USB_DEVICE(0x0489, 0xE03D) },
@@ -77,6 +78,7 @@ static struct usb_device_id ath3k_table[] = {
77 { USB_DEVICE(0x04CA, 0x3005) }, 78 { USB_DEVICE(0x04CA, 0x3005) },
78 { USB_DEVICE(0x13d3, 0x3362) }, 79 { USB_DEVICE(0x13d3, 0x3362) },
79 { USB_DEVICE(0x0CF3, 0xE004) }, 80 { USB_DEVICE(0x0CF3, 0xE004) },
81 { USB_DEVICE(0x0930, 0x0219) },
80 82
81 /* Atheros AR5BBU12 with sflash firmware */ 83 /* Atheros AR5BBU12 with sflash firmware */
82 { USB_DEVICE(0x0489, 0xE02C) }, 84 { USB_DEVICE(0x0489, 0xE02C) },
@@ -101,6 +103,7 @@ static struct usb_device_id ath3k_blist_tbl[] = {
101 { USB_DEVICE(0x04ca, 0x3005), .driver_info = BTUSB_ATH3012 }, 103 { USB_DEVICE(0x04ca, 0x3005), .driver_info = BTUSB_ATH3012 },
102 { USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 }, 104 { USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 },
103 { USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 }, 105 { USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 },
106 { USB_DEVICE(0x0930, 0x0219), .driver_info = BTUSB_ATH3012 },
104 107
105 /* Atheros AR5BBU22 with sflash firmware */ 108 /* Atheros AR5BBU22 with sflash firmware */
106 { USB_DEVICE(0x0489, 0xE03C), .driver_info = BTUSB_ATH3012 }, 109 { USB_DEVICE(0x0489, 0xE03C), .driver_info = BTUSB_ATH3012 },
diff --git a/drivers/bluetooth/btmrvl_drv.h b/drivers/bluetooth/btmrvl_drv.h
index 94f2d65131c4..27068d149380 100644
--- a/drivers/bluetooth/btmrvl_drv.h
+++ b/drivers/bluetooth/btmrvl_drv.h
@@ -136,7 +136,7 @@ int btmrvl_remove_card(struct btmrvl_private *priv);
136 136
137void btmrvl_interrupt(struct btmrvl_private *priv); 137void btmrvl_interrupt(struct btmrvl_private *priv);
138 138
139void btmrvl_check_evtpkt(struct btmrvl_private *priv, struct sk_buff *skb); 139bool btmrvl_check_evtpkt(struct btmrvl_private *priv, struct sk_buff *skb);
140int btmrvl_process_event(struct btmrvl_private *priv, struct sk_buff *skb); 140int btmrvl_process_event(struct btmrvl_private *priv, struct sk_buff *skb);
141 141
142int btmrvl_send_module_cfg_cmd(struct btmrvl_private *priv, int subcmd); 142int btmrvl_send_module_cfg_cmd(struct btmrvl_private *priv, int subcmd);
diff --git a/drivers/bluetooth/btmrvl_main.c b/drivers/bluetooth/btmrvl_main.c
index 681ca9d18e12..dc304def8400 100644
--- a/drivers/bluetooth/btmrvl_main.c
+++ b/drivers/bluetooth/btmrvl_main.c
@@ -44,23 +44,33 @@ void btmrvl_interrupt(struct btmrvl_private *priv)
44} 44}
45EXPORT_SYMBOL_GPL(btmrvl_interrupt); 45EXPORT_SYMBOL_GPL(btmrvl_interrupt);
46 46
47void btmrvl_check_evtpkt(struct btmrvl_private *priv, struct sk_buff *skb) 47bool btmrvl_check_evtpkt(struct btmrvl_private *priv, struct sk_buff *skb)
48{ 48{
49 struct hci_event_hdr *hdr = (void *) skb->data; 49 struct hci_event_hdr *hdr = (void *) skb->data;
50 struct hci_ev_cmd_complete *ec; 50 struct hci_ev_cmd_complete *ec;
51 u16 opcode, ocf; 51 u16 opcode, ocf, ogf;
52 52
53 if (hdr->evt == HCI_EV_CMD_COMPLETE) { 53 if (hdr->evt == HCI_EV_CMD_COMPLETE) {
54 ec = (void *) (skb->data + HCI_EVENT_HDR_SIZE); 54 ec = (void *) (skb->data + HCI_EVENT_HDR_SIZE);
55 opcode = __le16_to_cpu(ec->opcode); 55 opcode = __le16_to_cpu(ec->opcode);
56 ocf = hci_opcode_ocf(opcode); 56 ocf = hci_opcode_ocf(opcode);
57 ogf = hci_opcode_ogf(opcode);
58
57 if (ocf == BT_CMD_MODULE_CFG_REQ && 59 if (ocf == BT_CMD_MODULE_CFG_REQ &&
58 priv->btmrvl_dev.sendcmdflag) { 60 priv->btmrvl_dev.sendcmdflag) {
59 priv->btmrvl_dev.sendcmdflag = false; 61 priv->btmrvl_dev.sendcmdflag = false;
60 priv->adapter->cmd_complete = true; 62 priv->adapter->cmd_complete = true;
61 wake_up_interruptible(&priv->adapter->cmd_wait_q); 63 wake_up_interruptible(&priv->adapter->cmd_wait_q);
62 } 64 }
65
66 if (ogf == OGF) {
67 BT_DBG("vendor event skipped: ogf 0x%4.4x", ogf);
68 kfree_skb(skb);
69 return false;
70 }
63 } 71 }
72
73 return true;
64} 74}
65EXPORT_SYMBOL_GPL(btmrvl_check_evtpkt); 75EXPORT_SYMBOL_GPL(btmrvl_check_evtpkt);
66 76
diff --git a/drivers/bluetooth/btmrvl_sdio.c b/drivers/bluetooth/btmrvl_sdio.c
index 2867499f7256..cf7588edba0d 100644
--- a/drivers/bluetooth/btmrvl_sdio.c
+++ b/drivers/bluetooth/btmrvl_sdio.c
@@ -565,10 +565,12 @@ static int btmrvl_sdio_card_to_host(struct btmrvl_private *priv)
565 skb_put(skb, buf_len); 565 skb_put(skb, buf_len);
566 skb_pull(skb, SDIO_HEADER_LEN); 566 skb_pull(skb, SDIO_HEADER_LEN);
567 567
568 if (type == HCI_EVENT_PKT) 568 if (type == HCI_EVENT_PKT) {
569 btmrvl_check_evtpkt(priv, skb); 569 if (btmrvl_check_evtpkt(priv, skb))
570 hci_recv_frame(skb);
571 } else
572 hci_recv_frame(skb);
570 573
571 hci_recv_frame(skb);
572 hdev->stat.byte_rx += buf_len; 574 hdev->stat.byte_rx += buf_len;
573 break; 575 break;
574 576
diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c
index a45e717f5f84..e27221411036 100644
--- a/drivers/bluetooth/btusb.c
+++ b/drivers/bluetooth/btusb.c
@@ -117,6 +117,7 @@ static struct usb_device_id blacklist_table[] = {
117 117
118 /* Atheros 3011 with sflash firmware */ 118 /* Atheros 3011 with sflash firmware */
119 { USB_DEVICE(0x0cf3, 0x3002), .driver_info = BTUSB_IGNORE }, 119 { USB_DEVICE(0x0cf3, 0x3002), .driver_info = BTUSB_IGNORE },
120 { USB_DEVICE(0x0cf3, 0xe019), .driver_info = BTUSB_IGNORE },
120 { USB_DEVICE(0x13d3, 0x3304), .driver_info = BTUSB_IGNORE }, 121 { USB_DEVICE(0x13d3, 0x3304), .driver_info = BTUSB_IGNORE },
121 { USB_DEVICE(0x0930, 0x0215), .driver_info = BTUSB_IGNORE }, 122 { USB_DEVICE(0x0930, 0x0215), .driver_info = BTUSB_IGNORE },
122 { USB_DEVICE(0x0489, 0xe03d), .driver_info = BTUSB_IGNORE }, 123 { USB_DEVICE(0x0489, 0xe03d), .driver_info = BTUSB_IGNORE },
@@ -131,6 +132,7 @@ static struct usb_device_id blacklist_table[] = {
131 { USB_DEVICE(0x04ca, 0x3005), .driver_info = BTUSB_ATH3012 }, 132 { USB_DEVICE(0x04ca, 0x3005), .driver_info = BTUSB_ATH3012 },
132 { USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 }, 133 { USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 },
133 { USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 }, 134 { USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 },
135 { USB_DEVICE(0x0930, 0x0219), .driver_info = BTUSB_ATH3012 },
134 136
135 /* Atheros AR5BBU12 with sflash firmware */ 137 /* Atheros AR5BBU12 with sflash firmware */
136 { USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE }, 138 { USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE },
diff --git a/drivers/net/wireless/airo.c b/drivers/net/wireless/airo.c
index 520a4b2eb9cc..a747c632597a 100644
--- a/drivers/net/wireless/airo.c
+++ b/drivers/net/wireless/airo.c
@@ -7233,8 +7233,8 @@ static int airo_get_aplist(struct net_device *dev,
7233 } 7233 }
7234 } else { 7234 } else {
7235 dwrq->flags = 1; /* Should be define'd */ 7235 dwrq->flags = 1; /* Should be define'd */
7236 memcpy(extra + sizeof(struct sockaddr)*i, 7236 memcpy(extra + sizeof(struct sockaddr) * i, qual,
7237 &qual, sizeof(struct iw_quality)*i); 7237 sizeof(struct iw_quality) * i);
7238 } 7238 }
7239 dwrq->length = i; 7239 dwrq->length = i;
7240 7240
diff --git a/drivers/net/wireless/ath/ath.h b/drivers/net/wireless/ath/ath.h
index c54b7d37bff1..420d69b2674c 100644
--- a/drivers/net/wireless/ath/ath.h
+++ b/drivers/net/wireless/ath/ath.h
@@ -143,6 +143,7 @@ struct ath_common {
143 u32 keymax; 143 u32 keymax;
144 DECLARE_BITMAP(keymap, ATH_KEYMAX); 144 DECLARE_BITMAP(keymap, ATH_KEYMAX);
145 DECLARE_BITMAP(tkip_keymap, ATH_KEYMAX); 145 DECLARE_BITMAP(tkip_keymap, ATH_KEYMAX);
146 DECLARE_BITMAP(ccmp_keymap, ATH_KEYMAX);
146 enum ath_crypt_caps crypt_caps; 147 enum ath_crypt_caps crypt_caps;
147 148
148 unsigned int clockrate; 149 unsigned int clockrate;
diff --git a/drivers/net/wireless/ath/ath5k/base.c b/drivers/net/wireless/ath/ath5k/base.c
index fbaa30930076..44ad6fe0278f 100644
--- a/drivers/net/wireless/ath/ath5k/base.c
+++ b/drivers/net/wireless/ath/ath5k/base.c
@@ -1045,11 +1045,11 @@ ath5k_drain_tx_buffs(struct ath5k_hw *ah)
1045 1045
1046 ath5k_txbuf_free_skb(ah, bf); 1046 ath5k_txbuf_free_skb(ah, bf);
1047 1047
1048 spin_lock_bh(&ah->txbuflock); 1048 spin_lock(&ah->txbuflock);
1049 list_move_tail(&bf->list, &ah->txbuf); 1049 list_move_tail(&bf->list, &ah->txbuf);
1050 ah->txbuf_len++; 1050 ah->txbuf_len++;
1051 txq->txq_len--; 1051 txq->txq_len--;
1052 spin_unlock_bh(&ah->txbuflock); 1052 spin_unlock(&ah->txbuflock);
1053 } 1053 }
1054 txq->link = NULL; 1054 txq->link = NULL;
1055 txq->txq_poll_mark = false; 1055 txq->txq_poll_mark = false;
diff --git a/drivers/net/wireless/ath/ath9k/ath9k.h b/drivers/net/wireless/ath/ath9k/ath9k.h
index 4473278efc5e..fe39eb4c42a1 100644
--- a/drivers/net/wireless/ath/ath9k/ath9k.h
+++ b/drivers/net/wireless/ath/ath9k/ath9k.h
@@ -214,6 +214,7 @@ struct ath_frame_info {
214 enum ath9k_key_type keytype; 214 enum ath9k_key_type keytype;
215 u8 keyix; 215 u8 keyix;
216 u8 retries; 216 u8 retries;
217 u8 rtscts_rate;
217}; 218};
218 219
219struct ath_buf_state { 220struct ath_buf_state {
diff --git a/drivers/net/wireless/ath/ath9k/htc_drv_main.c b/drivers/net/wireless/ath/ath9k/htc_drv_main.c
index fc8cd8284108..374c32ed905a 100644
--- a/drivers/net/wireless/ath/ath9k/htc_drv_main.c
+++ b/drivers/net/wireless/ath/ath9k/htc_drv_main.c
@@ -1486,6 +1486,7 @@ static void ath9k_htc_bss_info_changed(struct ieee80211_hw *hw,
1486 priv->num_sta_assoc_vif++ : priv->num_sta_assoc_vif--; 1486 priv->num_sta_assoc_vif++ : priv->num_sta_assoc_vif--;
1487 1487
1488 if (priv->ah->opmode == NL80211_IFTYPE_STATION) { 1488 if (priv->ah->opmode == NL80211_IFTYPE_STATION) {
1489 ath9k_htc_choose_set_bssid(priv);
1489 if (bss_conf->assoc && (priv->num_sta_assoc_vif == 1)) 1490 if (bss_conf->assoc && (priv->num_sta_assoc_vif == 1))
1490 ath9k_htc_start_ani(priv); 1491 ath9k_htc_start_ani(priv);
1491 else if (priv->num_sta_assoc_vif == 0) 1492 else if (priv->num_sta_assoc_vif == 0)
@@ -1493,13 +1494,11 @@ static void ath9k_htc_bss_info_changed(struct ieee80211_hw *hw,
1493 } 1494 }
1494 } 1495 }
1495 1496
1496 if (changed & BSS_CHANGED_BSSID) { 1497 if (changed & BSS_CHANGED_IBSS) {
1497 if (priv->ah->opmode == NL80211_IFTYPE_ADHOC) { 1498 if (priv->ah->opmode == NL80211_IFTYPE_ADHOC) {
1498 common->curaid = bss_conf->aid; 1499 common->curaid = bss_conf->aid;
1499 memcpy(common->curbssid, bss_conf->bssid, ETH_ALEN); 1500 memcpy(common->curbssid, bss_conf->bssid, ETH_ALEN);
1500 ath9k_htc_set_bssid(priv); 1501 ath9k_htc_set_bssid(priv);
1501 } else if (priv->ah->opmode == NL80211_IFTYPE_STATION) {
1502 ath9k_htc_choose_set_bssid(priv);
1503 } 1502 }
1504 } 1503 }
1505 1504
diff --git a/drivers/net/wireless/ath/ath9k/hw.c b/drivers/net/wireless/ath/ath9k/hw.c
index 784baee5db84..ebfb2a3c645c 100644
--- a/drivers/net/wireless/ath/ath9k/hw.c
+++ b/drivers/net/wireless/ath/ath9k/hw.c
@@ -614,7 +614,7 @@ static int __ath9k_hw_init(struct ath_hw *ah)
614 614
615 if (NR_CPUS > 1 && ah->config.serialize_regmode == SER_REG_MODE_AUTO) { 615 if (NR_CPUS > 1 && ah->config.serialize_regmode == SER_REG_MODE_AUTO) {
616 if (ah->hw_version.macVersion == AR_SREV_VERSION_5416_PCI || 616 if (ah->hw_version.macVersion == AR_SREV_VERSION_5416_PCI ||
617 ((AR_SREV_9160(ah) || AR_SREV_9280(ah)) && 617 ((AR_SREV_9160(ah) || AR_SREV_9280(ah) || AR_SREV_9287(ah)) &&
618 !ah->is_pciexpress)) { 618 !ah->is_pciexpress)) {
619 ah->config.serialize_regmode = 619 ah->config.serialize_regmode =
620 SER_REG_MODE_ON; 620 SER_REG_MODE_ON;
@@ -773,13 +773,25 @@ static void ath9k_hw_init_qos(struct ath_hw *ah)
773 773
774u32 ar9003_get_pll_sqsum_dvc(struct ath_hw *ah) 774u32 ar9003_get_pll_sqsum_dvc(struct ath_hw *ah)
775{ 775{
776 struct ath_common *common = ath9k_hw_common(ah);
777 int i = 0;
778
776 REG_CLR_BIT(ah, PLL3, PLL3_DO_MEAS_MASK); 779 REG_CLR_BIT(ah, PLL3, PLL3_DO_MEAS_MASK);
777 udelay(100); 780 udelay(100);
778 REG_SET_BIT(ah, PLL3, PLL3_DO_MEAS_MASK); 781 REG_SET_BIT(ah, PLL3, PLL3_DO_MEAS_MASK);
779 782
780 while ((REG_READ(ah, PLL4) & PLL4_MEAS_DONE) == 0) 783 while ((REG_READ(ah, PLL4) & PLL4_MEAS_DONE) == 0) {
784
781 udelay(100); 785 udelay(100);
782 786
787 if (WARN_ON_ONCE(i >= 100)) {
788 ath_err(common, "PLL4 meaurement not done\n");
789 break;
790 }
791
792 i++;
793 }
794
783 return (REG_READ(ah, PLL3) & SQSUM_DVC_MASK) >> 3; 795 return (REG_READ(ah, PLL3) & SQSUM_DVC_MASK) >> 3;
784} 796}
785EXPORT_SYMBOL(ar9003_get_pll_sqsum_dvc); 797EXPORT_SYMBOL(ar9003_get_pll_sqsum_dvc);
diff --git a/drivers/net/wireless/ath/ath9k/recv.c b/drivers/net/wireless/ath/ath9k/recv.c
index fbdcc80437fe..6a7dd26f2a13 100644
--- a/drivers/net/wireless/ath/ath9k/recv.c
+++ b/drivers/net/wireless/ath/ath9k/recv.c
@@ -658,9 +658,9 @@ static bool ath_edma_get_buffers(struct ath_softc *sc,
658 __skb_unlink(skb, &rx_edma->rx_fifo); 658 __skb_unlink(skb, &rx_edma->rx_fifo);
659 list_add_tail(&bf->list, &sc->rx.rxbuf); 659 list_add_tail(&bf->list, &sc->rx.rxbuf);
660 ath_rx_edma_buf_link(sc, qtype); 660 ath_rx_edma_buf_link(sc, qtype);
661 } else {
662 bf = NULL;
663 } 661 }
662
663 bf = NULL;
664 } 664 }
665 665
666 *dest = bf; 666 *dest = bf;
@@ -785,7 +785,8 @@ static bool ath9k_rx_accept(struct ath_common *common,
785 * descriptor does contain a valid key index. This has been observed 785 * descriptor does contain a valid key index. This has been observed
786 * mostly with CCMP encryption. 786 * mostly with CCMP encryption.
787 */ 787 */
788 if (rx_stats->rs_keyix == ATH9K_RXKEYIX_INVALID) 788 if (rx_stats->rs_keyix == ATH9K_RXKEYIX_INVALID ||
789 !test_bit(rx_stats->rs_keyix, common->ccmp_keymap))
789 rx_stats->rs_status &= ~ATH9K_RXERR_KEYMISS; 790 rx_stats->rs_status &= ~ATH9K_RXERR_KEYMISS;
790 791
791 if (!rx_stats->rs_datalen) { 792 if (!rx_stats->rs_datalen) {
diff --git a/drivers/net/wireless/ath/ath9k/xmit.c b/drivers/net/wireless/ath/ath9k/xmit.c
index 2afc5e289df5..cafb4a09729a 100644
--- a/drivers/net/wireless/ath/ath9k/xmit.c
+++ b/drivers/net/wireless/ath/ath9k/xmit.c
@@ -938,6 +938,7 @@ static void ath_buf_set_rate(struct ath_softc *sc, struct ath_buf *bf,
938 struct ieee80211_tx_rate *rates; 938 struct ieee80211_tx_rate *rates;
939 const struct ieee80211_rate *rate; 939 const struct ieee80211_rate *rate;
940 struct ieee80211_hdr *hdr; 940 struct ieee80211_hdr *hdr;
941 struct ath_frame_info *fi = get_frame_info(bf->bf_mpdu);
941 int i; 942 int i;
942 u8 rix = 0; 943 u8 rix = 0;
943 944
@@ -948,18 +949,7 @@ static void ath_buf_set_rate(struct ath_softc *sc, struct ath_buf *bf,
948 949
949 /* set dur_update_en for l-sig computation except for PS-Poll frames */ 950 /* set dur_update_en for l-sig computation except for PS-Poll frames */
950 info->dur_update = !ieee80211_is_pspoll(hdr->frame_control); 951 info->dur_update = !ieee80211_is_pspoll(hdr->frame_control);
951 952 info->rtscts_rate = fi->rtscts_rate;
952 /*
953 * We check if Short Preamble is needed for the CTS rate by
954 * checking the BSS's global flag.
955 * But for the rate series, IEEE80211_TX_RC_USE_SHORT_PREAMBLE is used.
956 */
957 rate = ieee80211_get_rts_cts_rate(sc->hw, tx_info);
958 info->rtscts_rate = rate->hw_value;
959
960 if (tx_info->control.vif &&
961 tx_info->control.vif->bss_conf.use_short_preamble)
962 info->rtscts_rate |= rate->hw_value_short;
963 953
964 for (i = 0; i < 4; i++) { 954 for (i = 0; i < 4; i++) {
965 bool is_40, is_sgi, is_sp; 955 bool is_40, is_sgi, is_sp;
@@ -1001,13 +991,13 @@ static void ath_buf_set_rate(struct ath_softc *sc, struct ath_buf *bf,
1001 } 991 }
1002 992
1003 /* legacy rates */ 993 /* legacy rates */
994 rate = &sc->sbands[tx_info->band].bitrates[rates[i].idx];
1004 if ((tx_info->band == IEEE80211_BAND_2GHZ) && 995 if ((tx_info->band == IEEE80211_BAND_2GHZ) &&
1005 !(rate->flags & IEEE80211_RATE_ERP_G)) 996 !(rate->flags & IEEE80211_RATE_ERP_G))
1006 phy = WLAN_RC_PHY_CCK; 997 phy = WLAN_RC_PHY_CCK;
1007 else 998 else
1008 phy = WLAN_RC_PHY_OFDM; 999 phy = WLAN_RC_PHY_OFDM;
1009 1000
1010 rate = &sc->sbands[tx_info->band].bitrates[rates[i].idx];
1011 info->rates[i].Rate = rate->hw_value; 1001 info->rates[i].Rate = rate->hw_value;
1012 if (rate->hw_value_short) { 1002 if (rate->hw_value_short) {
1013 if (rates[i].flags & IEEE80211_TX_RC_USE_SHORT_PREAMBLE) 1003 if (rates[i].flags & IEEE80211_TX_RC_USE_SHORT_PREAMBLE)
@@ -1788,10 +1778,22 @@ static void setup_frame_info(struct ieee80211_hw *hw, struct sk_buff *skb,
1788 struct ieee80211_sta *sta = tx_info->control.sta; 1778 struct ieee80211_sta *sta = tx_info->control.sta;
1789 struct ieee80211_key_conf *hw_key = tx_info->control.hw_key; 1779 struct ieee80211_key_conf *hw_key = tx_info->control.hw_key;
1790 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; 1780 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
1781 const struct ieee80211_rate *rate;
1791 struct ath_frame_info *fi = get_frame_info(skb); 1782 struct ath_frame_info *fi = get_frame_info(skb);
1792 struct ath_node *an = NULL; 1783 struct ath_node *an = NULL;
1793 enum ath9k_key_type keytype; 1784 enum ath9k_key_type keytype;
1785 bool short_preamble = false;
1786
1787 /*
1788 * We check if Short Preamble is needed for the CTS rate by
1789 * checking the BSS's global flag.
1790 * But for the rate series, IEEE80211_TX_RC_USE_SHORT_PREAMBLE is used.
1791 */
1792 if (tx_info->control.vif &&
1793 tx_info->control.vif->bss_conf.use_short_preamble)
1794 short_preamble = true;
1794 1795
1796 rate = ieee80211_get_rts_cts_rate(hw, tx_info);
1795 keytype = ath9k_cmn_get_hw_crypto_keytype(skb); 1797 keytype = ath9k_cmn_get_hw_crypto_keytype(skb);
1796 1798
1797 if (sta) 1799 if (sta)
@@ -1806,6 +1808,9 @@ static void setup_frame_info(struct ieee80211_hw *hw, struct sk_buff *skb,
1806 fi->keyix = ATH9K_TXKEYIX_INVALID; 1808 fi->keyix = ATH9K_TXKEYIX_INVALID;
1807 fi->keytype = keytype; 1809 fi->keytype = keytype;
1808 fi->framelen = framelen; 1810 fi->framelen = framelen;
1811 fi->rtscts_rate = rate->hw_value;
1812 if (short_preamble)
1813 fi->rtscts_rate |= rate->hw_value_short;
1809} 1814}
1810 1815
1811u8 ath_txchainmask_reduction(struct ath_softc *sc, u8 chainmask, u32 rate) 1816u8 ath_txchainmask_reduction(struct ath_softc *sc, u8 chainmask, u32 rate)
diff --git a/drivers/net/wireless/ath/key.c b/drivers/net/wireless/ath/key.c
index 0e81904956cf..5c54aa43ca2d 100644
--- a/drivers/net/wireless/ath/key.c
+++ b/drivers/net/wireless/ath/key.c
@@ -556,6 +556,9 @@ int ath_key_config(struct ath_common *common,
556 return -EIO; 556 return -EIO;
557 557
558 set_bit(idx, common->keymap); 558 set_bit(idx, common->keymap);
559 if (key->cipher == WLAN_CIPHER_SUITE_CCMP)
560 set_bit(idx, common->ccmp_keymap);
561
559 if (key->cipher == WLAN_CIPHER_SUITE_TKIP) { 562 if (key->cipher == WLAN_CIPHER_SUITE_TKIP) {
560 set_bit(idx + 64, common->keymap); 563 set_bit(idx + 64, common->keymap);
561 set_bit(idx, common->tkip_keymap); 564 set_bit(idx, common->tkip_keymap);
@@ -582,6 +585,7 @@ void ath_key_delete(struct ath_common *common, struct ieee80211_key_conf *key)
582 return; 585 return;
583 586
584 clear_bit(key->hw_key_idx, common->keymap); 587 clear_bit(key->hw_key_idx, common->keymap);
588 clear_bit(key->hw_key_idx, common->ccmp_keymap);
585 if (key->cipher != WLAN_CIPHER_SUITE_TKIP) 589 if (key->cipher != WLAN_CIPHER_SUITE_TKIP)
586 return; 590 return;
587 591
diff --git a/drivers/net/wireless/iwlegacy/4965-mac.c b/drivers/net/wireless/iwlegacy/4965-mac.c
index d24eaf89ffb5..34f61a0581a2 100644
--- a/drivers/net/wireless/iwlegacy/4965-mac.c
+++ b/drivers/net/wireless/iwlegacy/4965-mac.c
@@ -3405,7 +3405,7 @@ il4965_remove_dynamic_key(struct il_priv *il,
3405 return 0; 3405 return 0;
3406 } 3406 }
3407 3407
3408 if (il->stations[sta_id].sta.key.key_offset == WEP_INVALID_OFFSET) { 3408 if (il->stations[sta_id].sta.key.key_flags & STA_KEY_FLG_INVALID) {
3409 IL_WARN("Removing wrong key %d 0x%x\n", keyconf->keyidx, 3409 IL_WARN("Removing wrong key %d 0x%x\n", keyconf->keyidx,
3410 key_flags); 3410 key_flags);
3411 spin_unlock_irqrestore(&il->sta_lock, flags); 3411 spin_unlock_irqrestore(&il->sta_lock, flags);
@@ -3420,7 +3420,7 @@ il4965_remove_dynamic_key(struct il_priv *il,
3420 memset(&il->stations[sta_id].sta.key, 0, sizeof(struct il4965_keyinfo)); 3420 memset(&il->stations[sta_id].sta.key, 0, sizeof(struct il4965_keyinfo));
3421 il->stations[sta_id].sta.key.key_flags = 3421 il->stations[sta_id].sta.key.key_flags =
3422 STA_KEY_FLG_NO_ENC | STA_KEY_FLG_INVALID; 3422 STA_KEY_FLG_NO_ENC | STA_KEY_FLG_INVALID;
3423 il->stations[sta_id].sta.key.key_offset = WEP_INVALID_OFFSET; 3423 il->stations[sta_id].sta.key.key_offset = keyconf->hw_key_idx;
3424 il->stations[sta_id].sta.sta.modify_mask = STA_MODIFY_KEY_MASK; 3424 il->stations[sta_id].sta.sta.modify_mask = STA_MODIFY_KEY_MASK;
3425 il->stations[sta_id].sta.mode = STA_CONTROL_MODIFY_MSK; 3425 il->stations[sta_id].sta.mode = STA_CONTROL_MODIFY_MSK;
3426 3426
diff --git a/drivers/net/wireless/iwlegacy/common.c b/drivers/net/wireless/iwlegacy/common.c
index 763c7529921b..0f8a7703eea3 100644
--- a/drivers/net/wireless/iwlegacy/common.c
+++ b/drivers/net/wireless/iwlegacy/common.c
@@ -4768,14 +4768,12 @@ il_bg_watchdog(unsigned long data)
4768 return; 4768 return;
4769 4769
4770 /* monitor and check for other stuck queues */ 4770 /* monitor and check for other stuck queues */
4771 if (il_is_any_associated(il)) { 4771 for (cnt = 0; cnt < il->hw_params.max_txq_num; cnt++) {
4772 for (cnt = 0; cnt < il->hw_params.max_txq_num; cnt++) { 4772 /* skip as we already checked the command queue */
4773 /* skip as we already checked the command queue */ 4773 if (cnt == il->cmd_queue)
4774 if (cnt == il->cmd_queue) 4774 continue;
4775 continue; 4775 if (il_check_stuck_queue(il, cnt))
4776 if (il_check_stuck_queue(il, cnt)) 4776 return;
4777 return;
4778 }
4779 } 4777 }
4780 4778
4781 mod_timer(&il->watchdog, 4779 mod_timer(&il->watchdog,
diff --git a/drivers/net/wireless/iwlwifi/dvm/debugfs.c b/drivers/net/wireless/iwlwifi/dvm/debugfs.c
index 8a2d9e643b14..b0eff1c340c7 100644
--- a/drivers/net/wireless/iwlwifi/dvm/debugfs.c
+++ b/drivers/net/wireless/iwlwifi/dvm/debugfs.c
@@ -2228,6 +2228,7 @@ static ssize_t iwl_dbgfs_echo_test_write(struct file *file,
2228 return count; 2228 return count;
2229} 2229}
2230 2230
2231#ifdef CONFIG_IWLWIFI_DEBUG
2231static ssize_t iwl_dbgfs_log_event_read(struct file *file, 2232static ssize_t iwl_dbgfs_log_event_read(struct file *file,
2232 char __user *user_buf, 2233 char __user *user_buf,
2233 size_t count, loff_t *ppos) 2234 size_t count, loff_t *ppos)
@@ -2265,6 +2266,7 @@ static ssize_t iwl_dbgfs_log_event_write(struct file *file,
2265 2266
2266 return count; 2267 return count;
2267} 2268}
2269#endif
2268 2270
2269static ssize_t iwl_dbgfs_calib_disabled_read(struct file *file, 2271static ssize_t iwl_dbgfs_calib_disabled_read(struct file *file,
2270 char __user *user_buf, 2272 char __user *user_buf,
@@ -2334,7 +2336,9 @@ DEBUGFS_READ_FILE_OPS(bt_traffic);
2334DEBUGFS_READ_WRITE_FILE_OPS(protection_mode); 2336DEBUGFS_READ_WRITE_FILE_OPS(protection_mode);
2335DEBUGFS_READ_FILE_OPS(reply_tx_error); 2337DEBUGFS_READ_FILE_OPS(reply_tx_error);
2336DEBUGFS_WRITE_FILE_OPS(echo_test); 2338DEBUGFS_WRITE_FILE_OPS(echo_test);
2339#ifdef CONFIG_IWLWIFI_DEBUG
2337DEBUGFS_READ_WRITE_FILE_OPS(log_event); 2340DEBUGFS_READ_WRITE_FILE_OPS(log_event);
2341#endif
2338DEBUGFS_READ_WRITE_FILE_OPS(calib_disabled); 2342DEBUGFS_READ_WRITE_FILE_OPS(calib_disabled);
2339 2343
2340/* 2344/*
@@ -2394,7 +2398,9 @@ int iwl_dbgfs_register(struct iwl_priv *priv, const char *name)
2394 DEBUGFS_ADD_FILE(rxon_flags, dir_debug, S_IWUSR); 2398 DEBUGFS_ADD_FILE(rxon_flags, dir_debug, S_IWUSR);
2395 DEBUGFS_ADD_FILE(rxon_filter_flags, dir_debug, S_IWUSR); 2399 DEBUGFS_ADD_FILE(rxon_filter_flags, dir_debug, S_IWUSR);
2396 DEBUGFS_ADD_FILE(echo_test, dir_debug, S_IWUSR); 2400 DEBUGFS_ADD_FILE(echo_test, dir_debug, S_IWUSR);
2401#ifdef CONFIG_IWLWIFI_DEBUG
2397 DEBUGFS_ADD_FILE(log_event, dir_debug, S_IWUSR | S_IRUSR); 2402 DEBUGFS_ADD_FILE(log_event, dir_debug, S_IWUSR | S_IRUSR);
2403#endif
2398 2404
2399 if (iwl_advanced_bt_coexist(priv)) 2405 if (iwl_advanced_bt_coexist(priv))
2400 DEBUGFS_ADD_FILE(bt_traffic, dir_debug, S_IRUSR); 2406 DEBUGFS_ADD_FILE(bt_traffic, dir_debug, S_IRUSR);
diff --git a/drivers/net/wireless/iwlwifi/dvm/mac80211.c b/drivers/net/wireless/iwlwifi/dvm/mac80211.c
index b83ca358eb18..a5f7bce96325 100644
--- a/drivers/net/wireless/iwlwifi/dvm/mac80211.c
+++ b/drivers/net/wireless/iwlwifi/dvm/mac80211.c
@@ -801,6 +801,18 @@ static int iwlagn_mac_sta_state(struct ieee80211_hw *hw,
801 switch (op) { 801 switch (op) {
802 case ADD: 802 case ADD:
803 ret = iwlagn_mac_sta_add(hw, vif, sta); 803 ret = iwlagn_mac_sta_add(hw, vif, sta);
804 if (ret)
805 break;
806 /*
807 * Clear the in-progress flag, the AP station entry was added
808 * but we'll initialize LQ only when we've associated (which
809 * would also clear the in-progress flag). This is necessary
810 * in case we never initialize LQ because association fails.
811 */
812 spin_lock_bh(&priv->sta_lock);
813 priv->stations[iwl_sta_id(sta)].used &=
814 ~IWL_STA_UCODE_INPROGRESS;
815 spin_unlock_bh(&priv->sta_lock);
804 break; 816 break;
805 case REMOVE: 817 case REMOVE:
806 ret = iwlagn_mac_sta_remove(hw, vif, sta); 818 ret = iwlagn_mac_sta_remove(hw, vif, sta);
diff --git a/drivers/net/wireless/mwifiex/11n_rxreorder.c b/drivers/net/wireless/mwifiex/11n_rxreorder.c
index 9c44088054dd..900ee129e825 100644
--- a/drivers/net/wireless/mwifiex/11n_rxreorder.c
+++ b/drivers/net/wireless/mwifiex/11n_rxreorder.c
@@ -256,7 +256,8 @@ mwifiex_11n_create_rx_reorder_tbl(struct mwifiex_private *priv, u8 *ta,
256 else 256 else
257 last_seq = priv->rx_seq[tid]; 257 last_seq = priv->rx_seq[tid];
258 258
259 if (last_seq >= new_node->start_win) 259 if (last_seq != MWIFIEX_DEF_11N_RX_SEQ_NUM &&
260 last_seq >= new_node->start_win)
260 new_node->start_win = last_seq + 1; 261 new_node->start_win = last_seq + 1;
261 262
262 new_node->win_size = win_size; 263 new_node->win_size = win_size;
@@ -596,5 +597,5 @@ void mwifiex_11n_cleanup_reorder_tbl(struct mwifiex_private *priv)
596 spin_unlock_irqrestore(&priv->rx_reorder_tbl_lock, flags); 597 spin_unlock_irqrestore(&priv->rx_reorder_tbl_lock, flags);
597 598
598 INIT_LIST_HEAD(&priv->rx_reorder_tbl_ptr); 599 INIT_LIST_HEAD(&priv->rx_reorder_tbl_ptr);
599 memset(priv->rx_seq, 0, sizeof(priv->rx_seq)); 600 mwifiex_reset_11n_rx_seq_num(priv);
600} 601}
diff --git a/drivers/net/wireless/mwifiex/11n_rxreorder.h b/drivers/net/wireless/mwifiex/11n_rxreorder.h
index f1bffebabc60..6c9815a0f5d8 100644
--- a/drivers/net/wireless/mwifiex/11n_rxreorder.h
+++ b/drivers/net/wireless/mwifiex/11n_rxreorder.h
@@ -37,6 +37,13 @@
37 37
38#define ADDBA_RSP_STATUS_ACCEPT 0 38#define ADDBA_RSP_STATUS_ACCEPT 0
39 39
40#define MWIFIEX_DEF_11N_RX_SEQ_NUM 0xffff
41
42static inline void mwifiex_reset_11n_rx_seq_num(struct mwifiex_private *priv)
43{
44 memset(priv->rx_seq, 0xff, sizeof(priv->rx_seq));
45}
46
40int mwifiex_11n_rx_reorder_pkt(struct mwifiex_private *, 47int mwifiex_11n_rx_reorder_pkt(struct mwifiex_private *,
41 u16 seqNum, 48 u16 seqNum,
42 u16 tid, u8 *ta, 49 u16 tid, u8 *ta,
diff --git a/drivers/net/wireless/mwifiex/cfg80211.c b/drivers/net/wireless/mwifiex/cfg80211.c
index bb06d2e3274a..75843fddbad4 100644
--- a/drivers/net/wireless/mwifiex/cfg80211.c
+++ b/drivers/net/wireless/mwifiex/cfg80211.c
@@ -976,6 +976,7 @@ static int mwifiex_cfg80211_start_ap(struct wiphy *wiphy,
976 case NL80211_HIDDEN_SSID_ZERO_CONTENTS: 976 case NL80211_HIDDEN_SSID_ZERO_CONTENTS:
977 /* firmware doesn't support this type of hidden SSID */ 977 /* firmware doesn't support this type of hidden SSID */
978 default: 978 default:
979 kfree(bss_cfg);
979 return -EINVAL; 980 return -EINVAL;
980 } 981 }
981 982
@@ -1525,7 +1526,7 @@ struct net_device *mwifiex_add_virtual_intf(struct wiphy *wiphy,
1525 struct wireless_dev *wdev; 1526 struct wireless_dev *wdev;
1526 1527
1527 if (!adapter) 1528 if (!adapter)
1528 return NULL; 1529 return ERR_PTR(-EFAULT);
1529 1530
1530 switch (type) { 1531 switch (type) {
1531 case NL80211_IFTYPE_UNSPECIFIED: 1532 case NL80211_IFTYPE_UNSPECIFIED:
@@ -1535,12 +1536,12 @@ struct net_device *mwifiex_add_virtual_intf(struct wiphy *wiphy,
1535 if (priv->bss_mode) { 1536 if (priv->bss_mode) {
1536 wiphy_err(wiphy, 1537 wiphy_err(wiphy,
1537 "cannot create multiple sta/adhoc ifaces\n"); 1538 "cannot create multiple sta/adhoc ifaces\n");
1538 return NULL; 1539 return ERR_PTR(-EINVAL);
1539 } 1540 }
1540 1541
1541 wdev = kzalloc(sizeof(struct wireless_dev), GFP_KERNEL); 1542 wdev = kzalloc(sizeof(struct wireless_dev), GFP_KERNEL);
1542 if (!wdev) 1543 if (!wdev)
1543 return NULL; 1544 return ERR_PTR(-ENOMEM);
1544 1545
1545 wdev->wiphy = wiphy; 1546 wdev->wiphy = wiphy;
1546 priv->wdev = wdev; 1547 priv->wdev = wdev;
@@ -1563,12 +1564,12 @@ struct net_device *mwifiex_add_virtual_intf(struct wiphy *wiphy,
1563 1564
1564 if (priv->bss_mode) { 1565 if (priv->bss_mode) {
1565 wiphy_err(wiphy, "Can't create multiple AP interfaces"); 1566 wiphy_err(wiphy, "Can't create multiple AP interfaces");
1566 return NULL; 1567 return ERR_PTR(-EINVAL);
1567 } 1568 }
1568 1569
1569 wdev = kzalloc(sizeof(struct wireless_dev), GFP_KERNEL); 1570 wdev = kzalloc(sizeof(struct wireless_dev), GFP_KERNEL);
1570 if (!wdev) 1571 if (!wdev)
1571 return NULL; 1572 return ERR_PTR(-ENOMEM);
1572 1573
1573 priv->wdev = wdev; 1574 priv->wdev = wdev;
1574 wdev->wiphy = wiphy; 1575 wdev->wiphy = wiphy;
@@ -1585,14 +1586,15 @@ struct net_device *mwifiex_add_virtual_intf(struct wiphy *wiphy,
1585 break; 1586 break;
1586 default: 1587 default:
1587 wiphy_err(wiphy, "type not supported\n"); 1588 wiphy_err(wiphy, "type not supported\n");
1588 return NULL; 1589 return ERR_PTR(-EINVAL);
1589 } 1590 }
1590 1591
1591 dev = alloc_netdev_mq(sizeof(struct mwifiex_private *), name, 1592 dev = alloc_netdev_mq(sizeof(struct mwifiex_private *), name,
1592 ether_setup, 1); 1593 ether_setup, 1);
1593 if (!dev) { 1594 if (!dev) {
1594 wiphy_err(wiphy, "no memory available for netdevice\n"); 1595 wiphy_err(wiphy, "no memory available for netdevice\n");
1595 goto error; 1596 priv->bss_mode = NL80211_IFTYPE_UNSPECIFIED;
1597 return ERR_PTR(-ENOMEM);
1596 } 1598 }
1597 1599
1598 mwifiex_init_priv_params(priv, dev); 1600 mwifiex_init_priv_params(priv, dev);
@@ -1623,7 +1625,9 @@ struct net_device *mwifiex_add_virtual_intf(struct wiphy *wiphy,
1623 /* Register network device */ 1625 /* Register network device */
1624 if (register_netdevice(dev)) { 1626 if (register_netdevice(dev)) {
1625 wiphy_err(wiphy, "cannot register virtual network device\n"); 1627 wiphy_err(wiphy, "cannot register virtual network device\n");
1626 goto error; 1628 free_netdev(dev);
1629 priv->bss_mode = NL80211_IFTYPE_UNSPECIFIED;
1630 return ERR_PTR(-EFAULT);
1627 } 1631 }
1628 1632
1629 sema_init(&priv->async_sem, 1); 1633 sema_init(&priv->async_sem, 1);
@@ -1635,12 +1639,6 @@ struct net_device *mwifiex_add_virtual_intf(struct wiphy *wiphy,
1635 mwifiex_dev_debugfs_init(priv); 1639 mwifiex_dev_debugfs_init(priv);
1636#endif 1640#endif
1637 return dev; 1641 return dev;
1638error:
1639 if (dev && (dev->reg_state == NETREG_UNREGISTERED))
1640 free_netdev(dev);
1641 priv->bss_mode = NL80211_IFTYPE_UNSPECIFIED;
1642
1643 return NULL;
1644} 1642}
1645EXPORT_SYMBOL_GPL(mwifiex_add_virtual_intf); 1643EXPORT_SYMBOL_GPL(mwifiex_add_virtual_intf);
1646 1644
diff --git a/drivers/net/wireless/mwifiex/ie.c b/drivers/net/wireless/mwifiex/ie.c
index 328fb14d9e14..8374e33f195a 100644
--- a/drivers/net/wireless/mwifiex/ie.c
+++ b/drivers/net/wireless/mwifiex/ie.c
@@ -213,6 +213,7 @@ mwifiex_update_uap_custom_ie(struct mwifiex_private *priv,
213 /* save assoc resp ie index after auto-indexing */ 213 /* save assoc resp ie index after auto-indexing */
214 *assoc_idx = *((u16 *)pos); 214 *assoc_idx = *((u16 *)pos);
215 215
216 kfree(ap_custom_ie);
216 return ret; 217 return ret;
217} 218}
218 219
diff --git a/drivers/net/wireless/mwifiex/sdio.c b/drivers/net/wireless/mwifiex/sdio.c
index e0377473282f..fc8a9bfa1248 100644
--- a/drivers/net/wireless/mwifiex/sdio.c
+++ b/drivers/net/wireless/mwifiex/sdio.c
@@ -978,10 +978,10 @@ static int mwifiex_decode_rx_packet(struct mwifiex_adapter *adapter,
978 dev_dbg(adapter->dev, "info: --- Rx: Event ---\n"); 978 dev_dbg(adapter->dev, "info: --- Rx: Event ---\n");
979 adapter->event_cause = *(u32 *) skb->data; 979 adapter->event_cause = *(u32 *) skb->data;
980 980
981 skb_pull(skb, MWIFIEX_EVENT_HEADER_LEN);
982
983 if ((skb->len > 0) && (skb->len < MAX_EVENT_SIZE)) 981 if ((skb->len > 0) && (skb->len < MAX_EVENT_SIZE))
984 memcpy(adapter->event_body, skb->data, skb->len); 982 memcpy(adapter->event_body,
983 skb->data + MWIFIEX_EVENT_HEADER_LEN,
984 skb->len);
985 985
986 /* event cause has been saved to adapter->event_cause */ 986 /* event cause has been saved to adapter->event_cause */
987 adapter->event_received = true; 987 adapter->event_received = true;
diff --git a/drivers/net/wireless/mwifiex/sta_event.c b/drivers/net/wireless/mwifiex/sta_event.c
index 4ace5a3dcd23..11e731f3581c 100644
--- a/drivers/net/wireless/mwifiex/sta_event.c
+++ b/drivers/net/wireless/mwifiex/sta_event.c
@@ -406,9 +406,9 @@ int mwifiex_process_sta_event(struct mwifiex_private *priv)
406 break; 406 break;
407 407
408 case EVENT_UAP_STA_ASSOC: 408 case EVENT_UAP_STA_ASSOC:
409 skb_pull(adapter->event_skb, MWIFIEX_UAP_EVENT_EXTRA_HEADER);
410 memset(&sinfo, 0, sizeof(sinfo)); 409 memset(&sinfo, 0, sizeof(sinfo));
411 event = (struct mwifiex_assoc_event *)adapter->event_skb->data; 410 event = (struct mwifiex_assoc_event *)
411 (adapter->event_body + MWIFIEX_UAP_EVENT_EXTRA_HEADER);
412 if (le16_to_cpu(event->type) == TLV_TYPE_UAP_MGMT_FRAME) { 412 if (le16_to_cpu(event->type) == TLV_TYPE_UAP_MGMT_FRAME) {
413 len = -1; 413 len = -1;
414 414
@@ -433,9 +433,8 @@ int mwifiex_process_sta_event(struct mwifiex_private *priv)
433 GFP_KERNEL); 433 GFP_KERNEL);
434 break; 434 break;
435 case EVENT_UAP_STA_DEAUTH: 435 case EVENT_UAP_STA_DEAUTH:
436 skb_pull(adapter->event_skb, MWIFIEX_UAP_EVENT_EXTRA_HEADER); 436 cfg80211_del_sta(priv->netdev, adapter->event_body +
437 cfg80211_del_sta(priv->netdev, adapter->event_skb->data, 437 MWIFIEX_UAP_EVENT_EXTRA_HEADER, GFP_KERNEL);
438 GFP_KERNEL);
439 break; 438 break;
440 case EVENT_UAP_BSS_IDLE: 439 case EVENT_UAP_BSS_IDLE:
441 priv->media_connected = false; 440 priv->media_connected = false;
diff --git a/drivers/net/wireless/mwifiex/txrx.c b/drivers/net/wireless/mwifiex/txrx.c
index e2faec4db108..cecb27283196 100644
--- a/drivers/net/wireless/mwifiex/txrx.c
+++ b/drivers/net/wireless/mwifiex/txrx.c
@@ -161,15 +161,11 @@ int mwifiex_write_data_complete(struct mwifiex_adapter *adapter,
161 goto done; 161 goto done;
162 162
163 for (i = 0; i < adapter->priv_num; i++) { 163 for (i = 0; i < adapter->priv_num; i++) {
164
165 tpriv = adapter->priv[i]; 164 tpriv = adapter->priv[i];
166 165
167 if ((GET_BSS_ROLE(tpriv) == MWIFIEX_BSS_ROLE_STA) && 166 if (tpriv->media_connected &&
168 (tpriv->media_connected)) { 167 netif_queue_stopped(tpriv->netdev))
169 if (netif_queue_stopped(tpriv->netdev)) 168 mwifiex_wake_up_net_dev_queue(tpriv->netdev, adapter);
170 mwifiex_wake_up_net_dev_queue(tpriv->netdev,
171 adapter);
172 }
173 } 169 }
174done: 170done:
175 dev_kfree_skb_any(skb); 171 dev_kfree_skb_any(skb);
diff --git a/drivers/net/wireless/mwifiex/usb.c b/drivers/net/wireless/mwifiex/usb.c
index 49ebf20c56eb..22a5916564b8 100644
--- a/drivers/net/wireless/mwifiex/usb.c
+++ b/drivers/net/wireless/mwifiex/usb.c
@@ -49,6 +49,7 @@ static int mwifiex_usb_recv(struct mwifiex_adapter *adapter,
49 struct device *dev = adapter->dev; 49 struct device *dev = adapter->dev;
50 u32 recv_type; 50 u32 recv_type;
51 __le32 tmp; 51 __le32 tmp;
52 int ret;
52 53
53 if (adapter->hs_activated) 54 if (adapter->hs_activated)
54 mwifiex_process_hs_config(adapter); 55 mwifiex_process_hs_config(adapter);
@@ -69,16 +70,19 @@ static int mwifiex_usb_recv(struct mwifiex_adapter *adapter,
69 case MWIFIEX_USB_TYPE_CMD: 70 case MWIFIEX_USB_TYPE_CMD:
70 if (skb->len > MWIFIEX_SIZE_OF_CMD_BUFFER) { 71 if (skb->len > MWIFIEX_SIZE_OF_CMD_BUFFER) {
71 dev_err(dev, "CMD: skb->len too large\n"); 72 dev_err(dev, "CMD: skb->len too large\n");
72 return -1; 73 ret = -1;
74 goto exit_restore_skb;
73 } else if (!adapter->curr_cmd) { 75 } else if (!adapter->curr_cmd) {
74 dev_dbg(dev, "CMD: no curr_cmd\n"); 76 dev_dbg(dev, "CMD: no curr_cmd\n");
75 if (adapter->ps_state == PS_STATE_SLEEP_CFM) { 77 if (adapter->ps_state == PS_STATE_SLEEP_CFM) {
76 mwifiex_process_sleep_confirm_resp( 78 mwifiex_process_sleep_confirm_resp(
77 adapter, skb->data, 79 adapter, skb->data,
78 skb->len); 80 skb->len);
79 return 0; 81 ret = 0;
82 goto exit_restore_skb;
80 } 83 }
81 return -1; 84 ret = -1;
85 goto exit_restore_skb;
82 } 86 }
83 87
84 adapter->curr_cmd->resp_skb = skb; 88 adapter->curr_cmd->resp_skb = skb;
@@ -87,20 +91,22 @@ static int mwifiex_usb_recv(struct mwifiex_adapter *adapter,
87 case MWIFIEX_USB_TYPE_EVENT: 91 case MWIFIEX_USB_TYPE_EVENT:
88 if (skb->len < sizeof(u32)) { 92 if (skb->len < sizeof(u32)) {
89 dev_err(dev, "EVENT: skb->len too small\n"); 93 dev_err(dev, "EVENT: skb->len too small\n");
90 return -1; 94 ret = -1;
95 goto exit_restore_skb;
91 } 96 }
92 skb_copy_from_linear_data(skb, &tmp, sizeof(u32)); 97 skb_copy_from_linear_data(skb, &tmp, sizeof(u32));
93 adapter->event_cause = le32_to_cpu(tmp); 98 adapter->event_cause = le32_to_cpu(tmp);
94 skb_pull(skb, sizeof(u32));
95 dev_dbg(dev, "event_cause %#x\n", adapter->event_cause); 99 dev_dbg(dev, "event_cause %#x\n", adapter->event_cause);
96 100
97 if (skb->len > MAX_EVENT_SIZE) { 101 if (skb->len > MAX_EVENT_SIZE) {
98 dev_err(dev, "EVENT: event body too large\n"); 102 dev_err(dev, "EVENT: event body too large\n");
99 return -1; 103 ret = -1;
104 goto exit_restore_skb;
100 } 105 }
101 106
102 skb_copy_from_linear_data(skb, adapter->event_body, 107 memcpy(adapter->event_body, skb->data +
103 skb->len); 108 MWIFIEX_EVENT_HEADER_LEN, skb->len);
109
104 adapter->event_received = true; 110 adapter->event_received = true;
105 adapter->event_skb = skb; 111 adapter->event_skb = skb;
106 break; 112 break;
@@ -124,6 +130,12 @@ static int mwifiex_usb_recv(struct mwifiex_adapter *adapter,
124 } 130 }
125 131
126 return -EINPROGRESS; 132 return -EINPROGRESS;
133
134exit_restore_skb:
135 /* The buffer will be reused for further cmds/events */
136 skb_push(skb, INTF_HEADER_LEN);
137
138 return ret;
127} 139}
128 140
129static void mwifiex_usb_rx_complete(struct urb *urb) 141static void mwifiex_usb_rx_complete(struct urb *urb)
diff --git a/drivers/net/wireless/mwifiex/wmm.c b/drivers/net/wireless/mwifiex/wmm.c
index f3fc65515857..3fa4d4176993 100644
--- a/drivers/net/wireless/mwifiex/wmm.c
+++ b/drivers/net/wireless/mwifiex/wmm.c
@@ -404,6 +404,8 @@ mwifiex_wmm_init(struct mwifiex_adapter *adapter)
404 priv->add_ba_param.tx_win_size = MWIFIEX_AMPDU_DEF_TXWINSIZE; 404 priv->add_ba_param.tx_win_size = MWIFIEX_AMPDU_DEF_TXWINSIZE;
405 priv->add_ba_param.rx_win_size = MWIFIEX_AMPDU_DEF_RXWINSIZE; 405 priv->add_ba_param.rx_win_size = MWIFIEX_AMPDU_DEF_RXWINSIZE;
406 406
407 mwifiex_reset_11n_rx_seq_num(priv);
408
407 atomic_set(&priv->wmm.tx_pkts_queued, 0); 409 atomic_set(&priv->wmm.tx_pkts_queued, 0);
408 atomic_set(&priv->wmm.highest_queued_prio, HIGH_PRIO_TID); 410 atomic_set(&priv->wmm.highest_queued_prio, HIGH_PRIO_TID);
409 } 411 }
@@ -1221,6 +1223,7 @@ mwifiex_dequeue_tx_packet(struct mwifiex_adapter *adapter)
1221 1223
1222 if (!ptr->is_11n_enabled || 1224 if (!ptr->is_11n_enabled ||
1223 mwifiex_is_ba_stream_setup(priv, ptr, tid) || 1225 mwifiex_is_ba_stream_setup(priv, ptr, tid) ||
1226 priv->wps.session_enable ||
1224 ((priv->sec_info.wpa_enabled || 1227 ((priv->sec_info.wpa_enabled ||
1225 priv->sec_info.wpa2_enabled) && 1228 priv->sec_info.wpa2_enabled) &&
1226 !priv->wpa_is_gtk_set)) { 1229 !priv->wpa_is_gtk_set)) {
diff --git a/drivers/net/wireless/rt2x00/rt2x00usb.c b/drivers/net/wireless/rt2x00/rt2x00usb.c
index d357d1ed92f6..74ecc33fdd90 100644
--- a/drivers/net/wireless/rt2x00/rt2x00usb.c
+++ b/drivers/net/wireless/rt2x00/rt2x00usb.c
@@ -436,8 +436,8 @@ void rt2x00usb_kick_queue(struct data_queue *queue)
436 case QID_RX: 436 case QID_RX:
437 if (!rt2x00queue_full(queue)) 437 if (!rt2x00queue_full(queue))
438 rt2x00queue_for_each_entry(queue, 438 rt2x00queue_for_each_entry(queue,
439 Q_INDEX_DONE,
440 Q_INDEX, 439 Q_INDEX,
440 Q_INDEX_DONE,
441 NULL, 441 NULL,
442 rt2x00usb_kick_rx_entry); 442 rt2x00usb_kick_rx_entry);
443 break; 443 break;
diff --git a/drivers/net/wireless/rtlwifi/rtl8192cu/sw.c b/drivers/net/wireless/rtlwifi/rtl8192cu/sw.c
index d228358e6a40..9970c2b1b199 100644
--- a/drivers/net/wireless/rtlwifi/rtl8192cu/sw.c
+++ b/drivers/net/wireless/rtlwifi/rtl8192cu/sw.c
@@ -301,9 +301,11 @@ static struct usb_device_id rtl8192c_usb_ids[] = {
301 {RTL_USB_DEVICE(0x07b8, 0x8188, rtl92cu_hal_cfg)}, /*Abocom - Abocom*/ 301 {RTL_USB_DEVICE(0x07b8, 0x8188, rtl92cu_hal_cfg)}, /*Abocom - Abocom*/
302 {RTL_USB_DEVICE(0x07b8, 0x8189, rtl92cu_hal_cfg)}, /*Funai - Abocom*/ 302 {RTL_USB_DEVICE(0x07b8, 0x8189, rtl92cu_hal_cfg)}, /*Funai - Abocom*/
303 {RTL_USB_DEVICE(0x0846, 0x9041, rtl92cu_hal_cfg)}, /*NetGear WNA1000M*/ 303 {RTL_USB_DEVICE(0x0846, 0x9041, rtl92cu_hal_cfg)}, /*NetGear WNA1000M*/
304 {RTL_USB_DEVICE(0x0bda, 0x5088, rtl92cu_hal_cfg)}, /*Thinkware-CC&C*/
304 {RTL_USB_DEVICE(0x0df6, 0x0052, rtl92cu_hal_cfg)}, /*Sitecom - Edimax*/ 305 {RTL_USB_DEVICE(0x0df6, 0x0052, rtl92cu_hal_cfg)}, /*Sitecom - Edimax*/
305 {RTL_USB_DEVICE(0x0df6, 0x005c, rtl92cu_hal_cfg)}, /*Sitecom - Edimax*/ 306 {RTL_USB_DEVICE(0x0df6, 0x005c, rtl92cu_hal_cfg)}, /*Sitecom - Edimax*/
306 {RTL_USB_DEVICE(0x0eb0, 0x9071, rtl92cu_hal_cfg)}, /*NO Brand - Etop*/ 307 {RTL_USB_DEVICE(0x0eb0, 0x9071, rtl92cu_hal_cfg)}, /*NO Brand - Etop*/
308 {RTL_USB_DEVICE(0x4856, 0x0091, rtl92cu_hal_cfg)}, /*NetweeN - Feixun*/
307 /* HP - Lite-On ,8188CUS Slim Combo */ 309 /* HP - Lite-On ,8188CUS Slim Combo */
308 {RTL_USB_DEVICE(0x103c, 0x1629, rtl92cu_hal_cfg)}, 310 {RTL_USB_DEVICE(0x103c, 0x1629, rtl92cu_hal_cfg)},
309 {RTL_USB_DEVICE(0x13d3, 0x3357, rtl92cu_hal_cfg)}, /* AzureWave */ 311 {RTL_USB_DEVICE(0x13d3, 0x3357, rtl92cu_hal_cfg)}, /* AzureWave */
@@ -346,6 +348,7 @@ static struct usb_device_id rtl8192c_usb_ids[] = {
346 {RTL_USB_DEVICE(0x07b8, 0x8178, rtl92cu_hal_cfg)}, /*Funai -Abocom*/ 348 {RTL_USB_DEVICE(0x07b8, 0x8178, rtl92cu_hal_cfg)}, /*Funai -Abocom*/
347 {RTL_USB_DEVICE(0x0846, 0x9021, rtl92cu_hal_cfg)}, /*Netgear-Sercomm*/ 349 {RTL_USB_DEVICE(0x0846, 0x9021, rtl92cu_hal_cfg)}, /*Netgear-Sercomm*/
348 {RTL_USB_DEVICE(0x0b05, 0x17ab, rtl92cu_hal_cfg)}, /*ASUS-Edimax*/ 350 {RTL_USB_DEVICE(0x0b05, 0x17ab, rtl92cu_hal_cfg)}, /*ASUS-Edimax*/
351 {RTL_USB_DEVICE(0x0bda, 0x8186, rtl92cu_hal_cfg)}, /*Realtek 92CE-VAU*/
349 {RTL_USB_DEVICE(0x0df6, 0x0061, rtl92cu_hal_cfg)}, /*Sitecom-Edimax*/ 352 {RTL_USB_DEVICE(0x0df6, 0x0061, rtl92cu_hal_cfg)}, /*Sitecom-Edimax*/
350 {RTL_USB_DEVICE(0x0e66, 0x0019, rtl92cu_hal_cfg)}, /*Hawking-Edimax*/ 353 {RTL_USB_DEVICE(0x0e66, 0x0019, rtl92cu_hal_cfg)}, /*Hawking-Edimax*/
351 {RTL_USB_DEVICE(0x2001, 0x3307, rtl92cu_hal_cfg)}, /*D-Link-Cameo*/ 354 {RTL_USB_DEVICE(0x2001, 0x3307, rtl92cu_hal_cfg)}, /*D-Link-Cameo*/
diff --git a/drivers/net/wireless/ti/wl1251/acx.c b/drivers/net/wireless/ti/wl1251/acx.c
index ad87a1ac6462..db6430c1a084 100644
--- a/drivers/net/wireless/ti/wl1251/acx.c
+++ b/drivers/net/wireless/ti/wl1251/acx.c
@@ -869,7 +869,7 @@ int wl1251_acx_tsf_info(struct wl1251 *wl, u64 *mactime)
869 } 869 }
870 870
871 *mactime = tsf_info->current_tsf_lsb | 871 *mactime = tsf_info->current_tsf_lsb |
872 (tsf_info->current_tsf_msb << 31); 872 ((u64)tsf_info->current_tsf_msb << 32);
873 873
874out: 874out:
875 kfree(tsf_info); 875 kfree(tsf_info);
diff --git a/drivers/net/wireless/ti/wl1251/event.c b/drivers/net/wireless/ti/wl1251/event.c
index 9f15ccaf8f05..5ec50a476a69 100644
--- a/drivers/net/wireless/ti/wl1251/event.c
+++ b/drivers/net/wireless/ti/wl1251/event.c
@@ -76,8 +76,7 @@ static int wl1251_event_process(struct wl1251 *wl, struct event_mailbox *mbox)
76 } 76 }
77 } 77 }
78 78
79 if (vector & SYNCHRONIZATION_TIMEOUT_EVENT_ID && 79 if (vector & SYNCHRONIZATION_TIMEOUT_EVENT_ID) {
80 wl->station_mode != STATION_ACTIVE_MODE) {
81 wl1251_debug(DEBUG_EVENT, "SYNCHRONIZATION_TIMEOUT_EVENT"); 80 wl1251_debug(DEBUG_EVENT, "SYNCHRONIZATION_TIMEOUT_EVENT");
82 81
83 /* indicate to the stack, that beacons have been lost */ 82 /* indicate to the stack, that beacons have been lost */
diff --git a/drivers/net/wireless/ti/wl1251/spi.c b/drivers/net/wireless/ti/wl1251/spi.c
index 87f6305bda2c..567660cd2fcd 100644
--- a/drivers/net/wireless/ti/wl1251/spi.c
+++ b/drivers/net/wireless/ti/wl1251/spi.c
@@ -73,6 +73,8 @@ static void wl1251_spi_reset(struct wl1251 *wl)
73 spi_sync(wl_to_spi(wl), &m); 73 spi_sync(wl_to_spi(wl), &m);
74 74
75 wl1251_dump(DEBUG_SPI, "spi reset -> ", cmd, WSPI_INIT_CMD_LEN); 75 wl1251_dump(DEBUG_SPI, "spi reset -> ", cmd, WSPI_INIT_CMD_LEN);
76
77 kfree(cmd);
76} 78}
77 79
78static void wl1251_spi_wake(struct wl1251 *wl) 80static void wl1251_spi_wake(struct wl1251 *wl)
@@ -127,6 +129,8 @@ static void wl1251_spi_wake(struct wl1251 *wl)
127 spi_sync(wl_to_spi(wl), &m); 129 spi_sync(wl_to_spi(wl), &m);
128 130
129 wl1251_dump(DEBUG_SPI, "spi init -> ", cmd, WSPI_INIT_CMD_LEN); 131 wl1251_dump(DEBUG_SPI, "spi init -> ", cmd, WSPI_INIT_CMD_LEN);
132
133 kfree(cmd);
130} 134}
131 135
132static void wl1251_spi_reset_wake(struct wl1251 *wl) 136static void wl1251_spi_reset_wake(struct wl1251 *wl)
diff --git a/drivers/net/wireless/ti/wlcore/Kconfig b/drivers/net/wireless/ti/wlcore/Kconfig
index 54156b0b5c2d..d7b907e67170 100644
--- a/drivers/net/wireless/ti/wlcore/Kconfig
+++ b/drivers/net/wireless/ti/wlcore/Kconfig
@@ -1,7 +1,6 @@
1config WLCORE 1config WLCORE
2 tristate "TI wlcore support" 2 tristate "TI wlcore support"
3 depends on WL_TI && GENERIC_HARDIRQS && MAC80211 3 depends on WL_TI && GENERIC_HARDIRQS && MAC80211
4 depends on INET
5 select FW_LOADER 4 select FW_LOADER
6 ---help--- 5 ---help---
7 This module contains the main code for TI WLAN chips. It abstracts 6 This module contains the main code for TI WLAN chips. It abstracts
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index 4ca88247b7c2..d42dfdc83ebb 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -3278,12 +3278,14 @@ static void l2cap_conf_rfc_get(struct l2cap_chan *chan, void *rsp, int len)
3278 while (len >= L2CAP_CONF_OPT_SIZE) { 3278 while (len >= L2CAP_CONF_OPT_SIZE) {
3279 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val); 3279 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
3280 3280
3281 switch (type) { 3281 if (type != L2CAP_CONF_RFC)
3282 case L2CAP_CONF_RFC: 3282 continue;
3283 if (olen == sizeof(rfc)) 3283
3284 memcpy(&rfc, (void *)val, olen); 3284 if (olen != sizeof(rfc))
3285 goto done; 3285 break;
3286 } 3286
3287 memcpy(&rfc, (void *)val, olen);
3288 goto done;
3287 } 3289 }
3288 3290
3289 /* Use sane default values in case a misbehaving remote device 3291 /* Use sane default values in case a misbehaving remote device
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index c72307cc25fc..a6e0f3d8da6c 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -1598,7 +1598,7 @@ static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
1598 else 1598 else
1599 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr); 1599 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
1600 1600
1601 if (!conn) { 1601 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
1602 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT, 1602 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1603 MGMT_STATUS_NOT_CONNECTED); 1603 MGMT_STATUS_NOT_CONNECTED);
1604 goto failed; 1604 goto failed;
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index f1a80da4e56a..aa69a331f374 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -1324,7 +1324,6 @@ static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
1324 struct ieee80211_local *local = sdata->local; 1324 struct ieee80211_local *local = sdata->local;
1325 struct sta_info *sta; 1325 struct sta_info *sta;
1326 u32 changed = 0; 1326 u32 changed = 0;
1327 u8 bssid[ETH_ALEN];
1328 1327
1329 ASSERT_MGD_MTX(ifmgd); 1328 ASSERT_MGD_MTX(ifmgd);
1330 1329
@@ -1336,10 +1335,7 @@ static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
1336 1335
1337 ieee80211_stop_poll(sdata); 1336 ieee80211_stop_poll(sdata);
1338 1337
1339 memcpy(bssid, ifmgd->associated->bssid, ETH_ALEN);
1340
1341 ifmgd->associated = NULL; 1338 ifmgd->associated = NULL;
1342 memset(ifmgd->bssid, 0, ETH_ALEN);
1343 1339
1344 /* 1340 /*
1345 * we need to commit the associated = NULL change because the 1341 * we need to commit the associated = NULL change because the
@@ -1359,7 +1355,7 @@ static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
1359 netif_carrier_off(sdata->dev); 1355 netif_carrier_off(sdata->dev);
1360 1356
1361 mutex_lock(&local->sta_mtx); 1357 mutex_lock(&local->sta_mtx);
1362 sta = sta_info_get(sdata, bssid); 1358 sta = sta_info_get(sdata, ifmgd->bssid);
1363 if (sta) { 1359 if (sta) {
1364 set_sta_flag(sta, WLAN_STA_BLOCK_BA); 1360 set_sta_flag(sta, WLAN_STA_BLOCK_BA);
1365 ieee80211_sta_tear_down_BA_sessions(sta, tx); 1361 ieee80211_sta_tear_down_BA_sessions(sta, tx);
@@ -1368,13 +1364,16 @@ static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
1368 1364
1369 /* deauthenticate/disassociate now */ 1365 /* deauthenticate/disassociate now */
1370 if (tx || frame_buf) 1366 if (tx || frame_buf)
1371 ieee80211_send_deauth_disassoc(sdata, bssid, stype, reason, 1367 ieee80211_send_deauth_disassoc(sdata, ifmgd->bssid, stype,
1372 tx, frame_buf); 1368 reason, tx, frame_buf);
1373 1369
1374 /* flush out frame */ 1370 /* flush out frame */
1375 if (tx) 1371 if (tx)
1376 drv_flush(local, false); 1372 drv_flush(local, false);
1377 1373
1374 /* clear bssid only after building the needed mgmt frames */
1375 memset(ifmgd->bssid, 0, ETH_ALEN);
1376
1378 /* remove AP and TDLS peers */ 1377 /* remove AP and TDLS peers */
1379 sta_info_flush(local, sdata); 1378 sta_info_flush(local, sdata);
1380 1379
@@ -2153,15 +2152,13 @@ ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata,
2153 mgmt->sa, status_code); 2152 mgmt->sa, status_code);
2154 ieee80211_destroy_assoc_data(sdata, false); 2153 ieee80211_destroy_assoc_data(sdata, false);
2155 } else { 2154 } else {
2156 sdata_info(sdata, "associated\n");
2157
2158 if (!ieee80211_assoc_success(sdata, *bss, mgmt, len)) { 2155 if (!ieee80211_assoc_success(sdata, *bss, mgmt, len)) {
2159 /* oops -- internal error -- send timeout for now */ 2156 /* oops -- internal error -- send timeout for now */
2160 ieee80211_destroy_assoc_data(sdata, true); 2157 ieee80211_destroy_assoc_data(sdata, false);
2161 sta_info_destroy_addr(sdata, mgmt->bssid);
2162 cfg80211_put_bss(*bss); 2158 cfg80211_put_bss(*bss);
2163 return RX_MGMT_CFG80211_ASSOC_TIMEOUT; 2159 return RX_MGMT_CFG80211_ASSOC_TIMEOUT;
2164 } 2160 }
2161 sdata_info(sdata, "associated\n");
2165 2162
2166 /* 2163 /*
2167 * destroy assoc_data afterwards, as otherwise an idle 2164 * destroy assoc_data afterwards, as otherwise an idle
diff --git a/net/mac80211/rc80211_minstrel_ht.c b/net/mac80211/rc80211_minstrel_ht.c
index 2d1acc6c5445..f9e51ef8dfa2 100644
--- a/net/mac80211/rc80211_minstrel_ht.c
+++ b/net/mac80211/rc80211_minstrel_ht.c
@@ -809,7 +809,7 @@ minstrel_ht_alloc_sta(void *priv, struct ieee80211_sta *sta, gfp_t gfp)
809 max_rates = sband->n_bitrates; 809 max_rates = sband->n_bitrates;
810 } 810 }
811 811
812 msp = kzalloc(sizeof(struct minstrel_ht_sta), gfp); 812 msp = kzalloc(sizeof(*msp), gfp);
813 if (!msp) 813 if (!msp)
814 return NULL; 814 return NULL;
815 815
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index ab5185054e6c..839cac8fab57 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -2434,7 +2434,7 @@ ieee80211_rx_h_action_return(struct ieee80211_rx_data *rx)
2434 * frames that we didn't handle, including returning unknown 2434 * frames that we didn't handle, including returning unknown
2435 * ones. For all other modes we will return them to the sender, 2435 * ones. For all other modes we will return them to the sender,
2436 * setting the 0x80 bit in the action category, as required by 2436 * setting the 0x80 bit in the action category, as required by
2437 * 802.11-2007 7.3.1.11. 2437 * 802.11-2012 9.24.4.
2438 * Newer versions of hostapd shall also use the management frame 2438 * Newer versions of hostapd shall also use the management frame
2439 * registration mechanisms, but older ones still use cooked 2439 * registration mechanisms, but older ones still use cooked
2440 * monitor interfaces so push all frames there. 2440 * monitor interfaces so push all frames there.
@@ -2444,6 +2444,9 @@ ieee80211_rx_h_action_return(struct ieee80211_rx_data *rx)
2444 sdata->vif.type == NL80211_IFTYPE_AP_VLAN)) 2444 sdata->vif.type == NL80211_IFTYPE_AP_VLAN))
2445 return RX_DROP_MONITOR; 2445 return RX_DROP_MONITOR;
2446 2446
2447 if (is_multicast_ether_addr(mgmt->da))
2448 return RX_DROP_MONITOR;
2449
2447 /* do not return rejected action frames */ 2450 /* do not return rejected action frames */
2448 if (mgmt->u.action.category & 0x80) 2451 if (mgmt->u.action.category & 0x80)
2449 return RX_DROP_UNUSABLE; 2452 return RX_DROP_UNUSABLE;
diff --git a/net/nfc/llcp/sock.c b/net/nfc/llcp/sock.c
index 2c0b317344b7..05ca5a680071 100644
--- a/net/nfc/llcp/sock.c
+++ b/net/nfc/llcp/sock.c
@@ -292,7 +292,7 @@ static int llcp_sock_getname(struct socket *sock, struct sockaddr *addr,
292 292
293 pr_debug("%p\n", sk); 293 pr_debug("%p\n", sk);
294 294
295 if (llcp_sock == NULL) 295 if (llcp_sock == NULL || llcp_sock->dev == NULL)
296 return -EBADFD; 296 return -EBADFD;
297 297
298 addr->sa_family = AF_NFC; 298 addr->sa_family = AF_NFC;
diff --git a/net/nfc/nci/ntf.c b/net/nfc/nci/ntf.c
index cb2646179e5f..2ab196a9f228 100644
--- a/net/nfc/nci/ntf.c
+++ b/net/nfc/nci/ntf.c
@@ -106,7 +106,7 @@ static __u8 *nci_extract_rf_params_nfca_passive_poll(struct nci_dev *ndev,
106 nfca_poll->sens_res = __le16_to_cpu(*((__u16 *)data)); 106 nfca_poll->sens_res = __le16_to_cpu(*((__u16 *)data));
107 data += 2; 107 data += 2;
108 108
109 nfca_poll->nfcid1_len = *data++; 109 nfca_poll->nfcid1_len = min_t(__u8, *data++, NFC_NFCID1_MAXSIZE);
110 110
111 pr_debug("sens_res 0x%x, nfcid1_len %d\n", 111 pr_debug("sens_res 0x%x, nfcid1_len %d\n",
112 nfca_poll->sens_res, nfca_poll->nfcid1_len); 112 nfca_poll->sens_res, nfca_poll->nfcid1_len);
@@ -130,7 +130,7 @@ static __u8 *nci_extract_rf_params_nfcb_passive_poll(struct nci_dev *ndev,
130 struct rf_tech_specific_params_nfcb_poll *nfcb_poll, 130 struct rf_tech_specific_params_nfcb_poll *nfcb_poll,
131 __u8 *data) 131 __u8 *data)
132{ 132{
133 nfcb_poll->sensb_res_len = *data++; 133 nfcb_poll->sensb_res_len = min_t(__u8, *data++, NFC_SENSB_RES_MAXSIZE);
134 134
135 pr_debug("sensb_res_len %d\n", nfcb_poll->sensb_res_len); 135 pr_debug("sensb_res_len %d\n", nfcb_poll->sensb_res_len);
136 136
@@ -145,7 +145,7 @@ static __u8 *nci_extract_rf_params_nfcf_passive_poll(struct nci_dev *ndev,
145 __u8 *data) 145 __u8 *data)
146{ 146{
147 nfcf_poll->bit_rate = *data++; 147 nfcf_poll->bit_rate = *data++;
148 nfcf_poll->sensf_res_len = *data++; 148 nfcf_poll->sensf_res_len = min_t(__u8, *data++, NFC_SENSF_RES_MAXSIZE);
149 149
150 pr_debug("bit_rate %d, sensf_res_len %d\n", 150 pr_debug("bit_rate %d, sensf_res_len %d\n",
151 nfcf_poll->bit_rate, nfcf_poll->sensf_res_len); 151 nfcf_poll->bit_rate, nfcf_poll->sensf_res_len);
@@ -331,7 +331,7 @@ static int nci_extract_activation_params_iso_dep(struct nci_dev *ndev,
331 switch (ntf->activation_rf_tech_and_mode) { 331 switch (ntf->activation_rf_tech_and_mode) {
332 case NCI_NFC_A_PASSIVE_POLL_MODE: 332 case NCI_NFC_A_PASSIVE_POLL_MODE:
333 nfca_poll = &ntf->activation_params.nfca_poll_iso_dep; 333 nfca_poll = &ntf->activation_params.nfca_poll_iso_dep;
334 nfca_poll->rats_res_len = *data++; 334 nfca_poll->rats_res_len = min_t(__u8, *data++, 20);
335 pr_debug("rats_res_len %d\n", nfca_poll->rats_res_len); 335 pr_debug("rats_res_len %d\n", nfca_poll->rats_res_len);
336 if (nfca_poll->rats_res_len > 0) { 336 if (nfca_poll->rats_res_len > 0) {
337 memcpy(nfca_poll->rats_res, 337 memcpy(nfca_poll->rats_res,
@@ -341,7 +341,7 @@ static int nci_extract_activation_params_iso_dep(struct nci_dev *ndev,
341 341
342 case NCI_NFC_B_PASSIVE_POLL_MODE: 342 case NCI_NFC_B_PASSIVE_POLL_MODE:
343 nfcb_poll = &ntf->activation_params.nfcb_poll_iso_dep; 343 nfcb_poll = &ntf->activation_params.nfcb_poll_iso_dep;
344 nfcb_poll->attrib_res_len = *data++; 344 nfcb_poll->attrib_res_len = min_t(__u8, *data++, 50);
345 pr_debug("attrib_res_len %d\n", nfcb_poll->attrib_res_len); 345 pr_debug("attrib_res_len %d\n", nfcb_poll->attrib_res_len);
346 if (nfcb_poll->attrib_res_len > 0) { 346 if (nfcb_poll->attrib_res_len > 0) {
347 memcpy(nfcb_poll->attrib_res, 347 memcpy(nfcb_poll->attrib_res,
diff --git a/net/nfc/rawsock.c b/net/nfc/rawsock.c
index ec1134c9e07f..8b8a6a2b2bad 100644
--- a/net/nfc/rawsock.c
+++ b/net/nfc/rawsock.c
@@ -54,7 +54,10 @@ static int rawsock_release(struct socket *sock)
54{ 54{
55 struct sock *sk = sock->sk; 55 struct sock *sk = sock->sk;
56 56
57 pr_debug("sock=%p\n", sock); 57 pr_debug("sock=%p sk=%p\n", sock, sk);
58
59 if (!sk)
60 return 0;
58 61
59 sock_orphan(sk); 62 sock_orphan(sk);
60 sock_put(sk); 63 sock_put(sk);
generated by cgit v1.2.2 (git 2.25.0) at 2024-10-14 06:17:55 -0400