Merge remote branch 'rmk/for-linus' into for-linus

* rmk/for-linus: (1557 commits)
  ARM: 6806/1: irq: introduce entry and exit functions for chained handlers
  ARM: 6781/1: Thumb-2: Work around buggy Thumb-2 short branch relocations in gas
  ARM: 6747/1: P2V: Thumb2 support
  ARM: 6798/1: aout-core: zero thread debug registers in a.out core dump
  ARM: 6796/1: Footbridge: Fix I/O mappings for NOMMU mode
  ARM: 6784/1: errata: no automatic Store Buffer drain on Cortex-A9
  ARM: 6772/1: errata: possible fault MMU translations following an ASID switch
  ARM: 6776/1: mach-ux500: activate fix for errata 753970
  ARM: 6794/1: SPEAr: Append UL to device address macros.
  ARM: 6793/1: SPEAr: Remove unused *_SIZE macros from spear*.h files
  ARM: 6792/1: SPEAr: Replace SIZE macro's with SZ_4K macros
  ARM: 6791/1: SPEAr3xx: Declare device structures after shirq code
  ARM: 6790/1: SPEAr: Clock Framework: Rename usbd clock and align apb_clk entry
  ARM: 6789/1: SPEAr3xx: Rename sdio to sdhci
  ARM: 6788/1: SPEAr: Include mach/hardware.h instead of mach/spear.h
  ARM: 6787/1: SPEAr: Reorder #includes in .h & .c files.
  ARM: 6681/1: SPEAr: add debugfs support to clk API
  ARM: 6703/1: SPEAr: update clk API support
  ARM: 6679/1: SPEAr: make clk API functions more generic
  ARM: 6737/1: SPEAr: formalized timer support
  ...

Conflicts:
	arch/arm/mach-msm/board-msm7x27.c
	arch/arm/mach-msm/board-msm7x30.c
	arch/arm/mach-msm/board-qsd8x50.c
	arch/arm/mach-msm/board-sapphire.c
	arch/arm/mach-msm/include/mach/memory.h

6 files changed, 55 insertions, 64 deletions

diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index 6b90a4191734..99cd8d9d891b 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -379,14 +379,10 @@ struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, __u8
         hci_conn_hold(acl);
 
         if (acl->state == BT_OPEN || acl->state == BT_CLOSED) {
-                acl->sec_level = sec_level;
+                acl->sec_level = BT_SECURITY_LOW;
+                acl->pending_sec_level = sec_level;
                 acl->auth_type = auth_type;
                 hci_acl_connect(acl);
-        } else {
-                if (acl->sec_level < sec_level)
-                        acl->sec_level = sec_level;
-                if (acl->auth_type < auth_type)
-                        acl->auth_type = auth_type;
         }
 
         if (type == ACL_LINK)
@@ -442,11 +438,17 @@ static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
 {
         BT_DBG("conn %p", conn);
 
+        if (conn->pending_sec_level > sec_level)
+                sec_level = conn->pending_sec_level;
+
         if (sec_level > conn->sec_level)
-                conn->sec_level = sec_level;
+                conn->pending_sec_level = sec_level;
         else if (conn->link_mode & HCI_LM_AUTH)
                 return 1;
 
+        /* Make sure we preserve an existing MITM requirement*/
+        auth_type |= (conn->auth_type & 0x01);
+
         conn->auth_type = auth_type;
 
         if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index 8b602d881fd7..9c4541bc488a 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -1011,6 +1011,10 @@ int hci_unregister_dev(struct hci_dev *hdev)
 
         destroy_workqueue(hdev->workqueue);
 
+        hci_dev_lock_bh(hdev);
+        hci_blacklist_clear(hdev);
+        hci_dev_unlock_bh(hdev);
+
         __hci_dev_put(hdev);
 
         return 0;
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 38100170d380..a290854fdaa6 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -692,13 +692,13 @@ static int hci_outgoing_auth_needed(struct hci_dev *hdev,
         if (conn->state != BT_CONFIG || !conn->out)
                 return 0;
 
-        if (conn->sec_level == BT_SECURITY_SDP)
+        if (conn->pending_sec_level == BT_SECURITY_SDP)
                 return 0;
 
         /* Only request authentication for SSP connections or non-SSP
          * devices with sec_level HIGH */
         if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) &&
-                                        conn->sec_level != BT_SECURITY_HIGH)
+                                conn->pending_sec_level != BT_SECURITY_HIGH)
                 return 0;
 
         return 1;
@@ -1095,9 +1095,10 @@ static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *s
 
         conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
         if (conn) {
-                if (!ev->status)
+                if (!ev->status) {
                         conn->link_mode |= HCI_LM_AUTH;
-                else
+                        conn->sec_level = conn->pending_sec_level;
+                } else
                         conn->sec_level = BT_SECURITY_LOW;
 
                 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index c791fcda7b2d..675614e38e14 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -305,33 +305,44 @@ static void l2cap_chan_del(struct sock *sk, int err)
         }
 }
 
-/* Service level security */
-static inline int l2cap_check_security(struct sock *sk)
+static inline u8 l2cap_get_auth_type(struct sock *sk)
 {
-        struct l2cap_conn *conn = l2cap_pi(sk)->conn;
-        __u8 auth_type;
+        if (sk->sk_type == SOCK_RAW) {
+                switch (l2cap_pi(sk)->sec_level) {
+                case BT_SECURITY_HIGH:
+                        return HCI_AT_DEDICATED_BONDING_MITM;
+                case BT_SECURITY_MEDIUM:
+                        return HCI_AT_DEDICATED_BONDING;
+                default:
+                        return HCI_AT_NO_BONDING;
+                }
+        } else if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {
+                if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW)
+                        l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
 
-        if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {
                 if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
-                        auth_type = HCI_AT_NO_BONDING_MITM;
+                        return HCI_AT_NO_BONDING_MITM;
                 else
-                        auth_type = HCI_AT_NO_BONDING;
-
-                if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW)
-                        l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
+                        return HCI_AT_NO_BONDING;
         } else {
                 switch (l2cap_pi(sk)->sec_level) {
                 case BT_SECURITY_HIGH:
-                        auth_type = HCI_AT_GENERAL_BONDING_MITM;
-                        break;
+                        return HCI_AT_GENERAL_BONDING_MITM;
                 case BT_SECURITY_MEDIUM:
-                        auth_type = HCI_AT_GENERAL_BONDING;
-                        break;
+                        return HCI_AT_GENERAL_BONDING;
                 default:
-                        auth_type = HCI_AT_NO_BONDING;
-                        break;
+                        return HCI_AT_NO_BONDING;
                 }
         }
+}
+
+/* Service level security */
+static inline int l2cap_check_security(struct sock *sk)
+{
+        struct l2cap_conn *conn = l2cap_pi(sk)->conn;
+        __u8 auth_type;
+
+        auth_type = l2cap_get_auth_type(sk);
 
         return hci_conn_security(conn->hcon, l2cap_pi(sk)->sec_level,
                                                                 auth_type);
@@ -848,6 +859,7 @@ static void __l2cap_sock_close(struct sock *sk, int reason)
                                 result = L2CAP_CR_SEC_BLOCK;
                         else
                                 result = L2CAP_CR_BAD_PSM;
+                        sk->sk_state = BT_DISCONN;
 
                         rsp.scid   = cpu_to_le16(l2cap_pi(sk)->dcid);
                         rsp.dcid   = cpu_to_le16(l2cap_pi(sk)->scid);
@@ -1068,39 +1080,7 @@ static int l2cap_do_connect(struct sock *sk)
 
         err = -ENOMEM;
 
-        if (sk->sk_type == SOCK_RAW) {
-                switch (l2cap_pi(sk)->sec_level) {
-                case BT_SECURITY_HIGH:
-                        auth_type = HCI_AT_DEDICATED_BONDING_MITM;
-                        break;
-                case BT_SECURITY_MEDIUM:
-                        auth_type = HCI_AT_DEDICATED_BONDING;
-                        break;
-                default:
-                        auth_type = HCI_AT_NO_BONDING;
-                        break;
-                }
-        } else if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {
-                if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
-                        auth_type = HCI_AT_NO_BONDING_MITM;
-                else
-                        auth_type = HCI_AT_NO_BONDING;
-
-                if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW)
-                        l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
-        } else {
-                switch (l2cap_pi(sk)->sec_level) {
-                case BT_SECURITY_HIGH:
-                        auth_type = HCI_AT_GENERAL_BONDING_MITM;
-                        break;
-                case BT_SECURITY_MEDIUM:
-                        auth_type = HCI_AT_GENERAL_BONDING;
-                        break;
-                default:
-                        auth_type = HCI_AT_NO_BONDING;
-                        break;
-                }
-        }
+        auth_type = l2cap_get_auth_type(sk);
 
         hcon = hci_connect(hdev, ACL_LINK, dst,
                                         l2cap_pi(sk)->sec_level, auth_type);
@@ -1127,7 +1107,8 @@ static int l2cap_do_connect(struct sock *sk)
                 if (sk->sk_type != SOCK_SEQPACKET &&
                                 sk->sk_type != SOCK_STREAM) {
                         l2cap_sock_clear_timer(sk);
-                        sk->sk_state = BT_CONNECTED;
+                        if (l2cap_check_security(sk))
+                                sk->sk_state = BT_CONNECTED;
                 } else
                         l2cap_do_start(sk);
         }
@@ -1893,8 +1874,8 @@ static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct ms
                 if (pi->mode == L2CAP_MODE_STREAMING) {
                         l2cap_streaming_send(sk);
                 } else {
-                        if (pi->conn_state & L2CAP_CONN_REMOTE_BUSY &&
-                                        pi->conn_state && L2CAP_CONN_WAIT_F) {
+                        if ((pi->conn_state & L2CAP_CONN_REMOTE_BUSY) &&
+                                        (pi->conn_state & L2CAP_CONN_WAIT_F)) {
                                 err = len;
                                 break;
                         }
diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c
index ff8aaa736650..6b83776534fb 100644
--- a/net/bluetooth/rfcomm/core.c
+++ b/net/bluetooth/rfcomm/core.c
@@ -1164,7 +1164,8 @@ static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
                          * initiator rfcomm_process_rx already calls
                          * rfcomm_session_put() */
                         if (s->sock->sk->sk_state != BT_CLOSED)
-                                rfcomm_session_put(s);
+                                if (list_empty(&s->dlcs))
+                                        rfcomm_session_put(s);
                         break;
                 }
         }
diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c
index 2575c2db6404..d7b9af4703d0 100644
--- a/net/bluetooth/rfcomm/tty.c
+++ b/net/bluetooth/rfcomm/tty.c
@@ -727,7 +727,9 @@ static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp)
                         break;
                 }
 
+                tty_unlock();
                 schedule();
+                tty_lock();
         }
         set_current_state(TASK_RUNNING);
         remove_wait_queue(&dev->wait, &wait);