Merge branch 'for-davem' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next

John W. Linville says: ==================== pull request: wireless-next 2014-06-02 Please pull this remaining batch of updates intended for the 3.16 stream... For the mac80211 bits, Johannes says: "The remainder for -next right now is mostly fixes, and a handful of small new things like some CSA infrastructure, the regdb script mW/dBm conversion change and sending wiphy notifications." For the bluetooth bits, Gustavo says: "Some more patches for 3.16. There is nothing really special here, just a bunch of clean ups, fixes plus some small improvements. Please pull." For the nfc bits, Samuel says: "We have: - Felica (Type3) tags support for trf7970a - Type 4b tags support for port100 - st21nfca DTS typo fix - A few sparse warning fixes" For the atheros bits, Kalle says: "Ben added support for setting antenna configurations. Michal improved warm reset so that we would not need to fall back to cold reset that often, an issue where ath10k stripped protected flag while in monitor mode and made module initialisation asynchronous to fix the problems with firmware loading when the driver is linked to the kernel. Luca removed unused channel_switch_beacon callbacks both from ath9k and ath10k. Marek fixed Protected Management Frames (PMF) when using Action Frames. Also we had other small fixes everywhere in the driver." Along with that, there are a handful of updates to a variety of drivers. This includes updates to at76c50x-usb, ath9k, b43, brcmfmac, mwifiex, rsi, rtlwifi, and wil6210. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
author: David S. Miller <davem@davemloft.net> 2014-06-02 14:17:35 -0400
committer: David S. Miller <davem@davemloft.net> 2014-06-02 14:17:35 -0400
commit: 31595de219e8a1a2ed7aeccbe4f18e44f2d2db00 (patch)
tree: 7fde4fc831867b18e384953a18f50919ccc9245f /net
parent: 73f156a6e8c1074ac6327e0abd1169e95eb66463 (diff)
parent: fcb2c0d6cf75750e2912b09a3d0a782c90e2b1a0 (diff)
23 files changed, 645 insertions, 157 deletions
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index 095943c02d6e..8671bc79a35b 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -28,6 +28,7 @@
 #include <net/bluetooth/bluetooth.h>
 #include <net/bluetooth/hci_core.h>
+#include <net/bluetooth/l2cap.h>
 #include "smp.h"
 #include "a2mp.h"
@@ -407,6 +408,8 @@ struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
        conn->io_capability = hdev->io_capability;
        conn->remote_auth = 0xff;
        conn->key_type = 0xff;
+        conn->tx_power = HCI_TX_POWER_INVALID;
+        conn->max_tx_power = HCI_TX_POWER_INVALID;
        set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
        conn->disc_timeout = HCI_DISCONN_TIMEOUT;
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index d31f144860d1..0a43cce9a914 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -34,6 +34,7 @@
 #include <net/bluetooth/bluetooth.h>
 #include <net/bluetooth/hci_core.h>
+#include <net/bluetooth/l2cap.h>
 #include "smp.h"
@@ -579,6 +580,62 @@ static int sniff_max_interval_get(void *data, u64 *val)
 DEFINE_SIMPLE_ATTRIBUTE(sniff_max_interval_fops, sniff_max_interval_get,
                        sniff_max_interval_set, "%llu\n");
+static int conn_info_min_age_set(void *data, u64 val)
+{
+        struct hci_dev *hdev = data;
+        if (val == 0 || val > hdev->conn_info_max_age)
+                return -EINVAL;
+        hci_dev_lock(hdev);
+        hdev->conn_info_min_age = val;
+        hci_dev_unlock(hdev);
+        return 0;
+}
+static int conn_info_min_age_get(void *data, u64 *val)
+{
+        struct hci_dev *hdev = data;
+        hci_dev_lock(hdev);
+        *val = hdev->conn_info_min_age;
+        hci_dev_unlock(hdev);
+        return 0;
+}
+DEFINE_SIMPLE_ATTRIBUTE(conn_info_min_age_fops, conn_info_min_age_get,
+                        conn_info_min_age_set, "%llu\n");
+static int conn_info_max_age_set(void *data, u64 val)
+{
+        struct hci_dev *hdev = data;
+        if (val == 0 || val < hdev->conn_info_min_age)
+                return -EINVAL;
+        hci_dev_lock(hdev);
+        hdev->conn_info_max_age = val;
+        hci_dev_unlock(hdev);
+        return 0;
+}
+static int conn_info_max_age_get(void *data, u64 *val)
+{
+        struct hci_dev *hdev = data;
+        hci_dev_lock(hdev);
+        *val = hdev->conn_info_max_age;
+        hci_dev_unlock(hdev);
+        return 0;
+}
+DEFINE_SIMPLE_ATTRIBUTE(conn_info_max_age_fops, conn_info_max_age_get,
+                        conn_info_max_age_set, "%llu\n");
 static int identity_show(struct seq_file *f, void *p)
 {
        struct hci_dev *hdev = f->private;
@@ -1754,6 +1811,11 @@ static int __hci_init(struct hci_dev *hdev)
                            &blacklist_fops);
        debugfs_create_file("uuids", 0444, hdev->debugfs, hdev, &uuids_fops);
+        debugfs_create_file("conn_info_min_age", 0644, hdev->debugfs, hdev,
+                            &conn_info_min_age_fops);
+        debugfs_create_file("conn_info_max_age", 0644, hdev->debugfs, hdev,
+                            &conn_info_max_age_fops);
        if (lmp_bredr_capable(hdev)) {
                debugfs_create_file("inquiry_cache", 0444, hdev->debugfs,
                                    hdev, &inquiry_cache_fops);
@@ -3789,6 +3851,8 @@ struct hci_dev *hci_alloc_dev(void)
        hdev->rpa_timeout = HCI_DEFAULT_RPA_TIMEOUT;
        hdev->discov_interleaved_timeout = DISCOV_INTERLEAVED_TIMEOUT;
+        hdev->conn_info_min_age = DEFAULT_CONN_INFO_MIN_AGE;
+        hdev->conn_info_max_age = DEFAULT_CONN_INFO_MAX_AGE;
        mutex_init(&hdev->lock);
        mutex_init(&hdev->req_lock);
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index ca19fd4bbb8f..3454807a40c5 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -1245,6 +1245,59 @@ static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
        amp_write_rem_assoc_continue(hdev, rp->phy_handle);
 }
+static void hci_cc_read_rssi(struct hci_dev *hdev, struct sk_buff *skb)
+{
+        struct hci_rp_read_rssi *rp = (void *) skb->data;
+        struct hci_conn *conn;
+        BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
+        if (rp->status)
+                return;
+        hci_dev_lock(hdev);
+        conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
+        if (conn)
+                conn->rssi = rp->rssi;
+        hci_dev_unlock(hdev);
+}
+static void hci_cc_read_tx_power(struct hci_dev *hdev, struct sk_buff *skb)
+{
+        struct hci_cp_read_tx_power *sent;
+        struct hci_rp_read_tx_power *rp = (void *) skb->data;
+        struct hci_conn *conn;
+        BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
+        if (rp->status)
+                return;
+        sent = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
+        if (!sent)
+                return;
+        hci_dev_lock(hdev);
+        conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
+        if (!conn)
+                goto unlock;
+        switch (sent->type) {
+        case 0x00:
+                conn->tx_power = rp->tx_power;
+                break;
+        case 0x01:
+                conn->max_tx_power = rp->tx_power;
+                break;
+        }
+unlock:
+        hci_dev_unlock(hdev);
+}
 static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
 {
        BT_DBG("%s status 0x%2.2x", hdev->name, status);
@@ -2637,6 +2690,14 @@ static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
                hci_cc_write_remote_amp_assoc(hdev, skb);
                break;
+        case HCI_OP_READ_RSSI:
+                hci_cc_read_rssi(hdev, skb);
+                break;
+        case HCI_OP_READ_TX_POWER:
+                hci_cc_read_tx_power(hdev, skb);
+                break;
        default:
                BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
                break;
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index 54abbce3a39e..5e9c21a5525f 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -29,12 +29,13 @@
 #include <net/bluetooth/bluetooth.h>
 #include <net/bluetooth/hci_core.h>
+#include <net/bluetooth/l2cap.h>
 #include <net/bluetooth/mgmt.h>
 #include "smp.h"
 #define MGMT_VERSION    1
-#define MGMT_REVISION   5
+#define MGMT_REVISION   6
 static const u16 mgmt_commands[] = {
        MGMT_OP_READ_INDEX_LIST,
@@ -83,6 +84,7 @@ static const u16 mgmt_commands[] = {
        MGMT_OP_SET_DEBUG_KEYS,
        MGMT_OP_SET_PRIVACY,
        MGMT_OP_LOAD_IRKS,
+        MGMT_OP_GET_CONN_INFO,
 };
 static const u16 mgmt_events[] = {
@@ -4532,7 +4534,7 @@ static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
        for (i = 0; i < key_count; i++) {
                struct mgmt_ltk_info *key = &cp->keys[i];
-                u8 type, addr_type;
+                u8 type, addr_type, authenticated;
                if (key->addr.type == BDADDR_LE_PUBLIC)
                        addr_type = ADDR_LE_DEV_PUBLIC;
@@ -4544,8 +4546,13 @@ static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
                else
                        type = HCI_SMP_LTK_SLAVE;
+                if (key->type == MGMT_LTK_UNAUTHENTICATED)
+                        authenticated = 0x00;
+                else
+                        authenticated = 0x01;
                hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
-                            key->type, key->val, key->enc_size, key->ediv,
+                            authenticated, key->val, key->enc_size, key->ediv,
                            key->rand);
        }
@@ -4557,6 +4564,218 @@ static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
        return err;
 }
+struct cmd_conn_lookup {
+        struct hci_conn *conn;
+        bool valid_tx_power;
+        u8 mgmt_status;
+};
+static void get_conn_info_complete(struct pending_cmd *cmd, void *data)
+{
+        struct cmd_conn_lookup *match = data;
+        struct mgmt_cp_get_conn_info *cp;
+        struct mgmt_rp_get_conn_info rp;
+        struct hci_conn *conn = cmd->user_data;
+        if (conn != match->conn)
+                return;
+        cp = (struct mgmt_cp_get_conn_info *) cmd->param;
+        memset(&rp, 0, sizeof(rp));
+        bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
+        rp.addr.type = cp->addr.type;
+        if (!match->mgmt_status) {
+                rp.rssi = conn->rssi;
+                if (match->valid_tx_power) {
+                        rp.tx_power = conn->tx_power;
+                        rp.max_tx_power = conn->max_tx_power;
+                } else {
+                        rp.tx_power = HCI_TX_POWER_INVALID;
+                        rp.max_tx_power = HCI_TX_POWER_INVALID;
+                }
+        }
+        cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
+                     match->mgmt_status, &rp, sizeof(rp));
+        hci_conn_drop(conn);
+        mgmt_pending_remove(cmd);
+}
+static void conn_info_refresh_complete(struct hci_dev *hdev, u8 status)
+{
+        struct hci_cp_read_rssi *cp;
+        struct hci_conn *conn;
+        struct cmd_conn_lookup match;
+        u16 handle;
+        BT_DBG("status 0x%02x", status);
+        hci_dev_lock(hdev);
+        /* TX power data is valid in case request completed successfully,
+         * otherwise we assume it's not valid. At the moment we assume that
+         * either both or none of current and max values are valid to keep code
+         * simple.
+         */
+        match.valid_tx_power = !status;
+        /* Commands sent in request are either Read RSSI or Read Transmit Power
+         * Level so we check which one was last sent to retrieve connection
+         * handle.  Both commands have handle as first parameter so it's safe to
+         * cast data on the same command struct.
+         *
+         * First command sent is always Read RSSI and we fail only if it fails.
+         * In other case we simply override error to indicate success as we
+         * already remembered if TX power value is actually valid.
+         */
+        cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
+        if (!cp) {
+                cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
+                status = 0;
+        }
+        if (!cp) {
+                BT_ERR("invalid sent_cmd in response");
+                goto unlock;
+        }
+        handle = __le16_to_cpu(cp->handle);
+        conn = hci_conn_hash_lookup_handle(hdev, handle);
+        if (!conn) {
+                BT_ERR("unknown handle (%d) in response", handle);
+                goto unlock;
+        }
+        match.conn = conn;
+        match.mgmt_status = mgmt_status(status);
+        /* Cache refresh is complete, now reply for mgmt request for given
+         * connection only.
+         */
+        mgmt_pending_foreach(MGMT_OP_GET_CONN_INFO, hdev,
+                             get_conn_info_complete, &match);
+unlock:
+        hci_dev_unlock(hdev);
+}
+static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
+                         u16 len)
+{
+        struct mgmt_cp_get_conn_info *cp = data;
+        struct mgmt_rp_get_conn_info rp;
+        struct hci_conn *conn;
+        unsigned long conn_info_age;
+        int err = 0;
+        BT_DBG("%s", hdev->name);
+        memset(&rp, 0, sizeof(rp));
+        bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
+        rp.addr.type = cp->addr.type;
+        if (!bdaddr_type_is_valid(cp->addr.type))
+                return cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
+                                    MGMT_STATUS_INVALID_PARAMS,
+                                    &rp, sizeof(rp));
+        hci_dev_lock(hdev);
+        if (!hdev_is_powered(hdev)) {
+                err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
+                                   MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
+                goto unlock;
+        }
+        if (cp->addr.type == BDADDR_BREDR)
+                conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
+                                               &cp->addr.bdaddr);
+        else
+                conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
+        if (!conn || conn->state != BT_CONNECTED) {
+                err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
+                                   MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
+                goto unlock;
+        }
+        /* To avoid client trying to guess when to poll again for information we
+         * calculate conn info age as random value between min/max set in hdev.
+         */
+        conn_info_age = hdev->conn_info_min_age +
+                        prandom_u32_max(hdev->conn_info_max_age -
+                                        hdev->conn_info_min_age);
+        /* Query controller to refresh cached values if they are too old or were
+         * never read.
+         */
+        if (time_after(jiffies, conn->conn_info_timestamp +
+                       msecs_to_jiffies(conn_info_age)) ||
+            !conn->conn_info_timestamp) {
+                struct hci_request req;
+                struct hci_cp_read_tx_power req_txp_cp;
+                struct hci_cp_read_rssi req_rssi_cp;
+                struct pending_cmd *cmd;
+                hci_req_init(&req, hdev);
+                req_rssi_cp.handle = cpu_to_le16(conn->handle);
+                hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
+                            &req_rssi_cp);
+                /* For LE links TX power does not change thus we don't need to
+                 * query for it once value is known.
+                 */
+                if (!bdaddr_type_is_le(cp->addr.type) ||
+                    conn->tx_power == HCI_TX_POWER_INVALID) {
+                        req_txp_cp.handle = cpu_to_le16(conn->handle);
+                        req_txp_cp.type = 0x00;
+                        hci_req_add(&req, HCI_OP_READ_TX_POWER,
+                                    sizeof(req_txp_cp), &req_txp_cp);
+                }
+                /* Max TX power needs to be read only once per connection */
+                if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
+                        req_txp_cp.handle = cpu_to_le16(conn->handle);
+                        req_txp_cp.type = 0x01;
+                        hci_req_add(&req, HCI_OP_READ_TX_POWER,
+                                    sizeof(req_txp_cp), &req_txp_cp);
+                }
+                err = hci_req_run(&req, conn_info_refresh_complete);
+                if (err < 0)
+                        goto unlock;
+                cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
+                                       data, len);
+                if (!cmd) {
+                        err = -ENOMEM;
+                        goto unlock;
+                }
+                hci_conn_hold(conn);
+                cmd->user_data = conn;
+                conn->conn_info_timestamp = jiffies;
+        } else {
+                /* Cache is valid, just reply with values cached in hci_conn */
+                rp.rssi = conn->rssi;
+                rp.tx_power = conn->tx_power;
+                rp.max_tx_power = conn->max_tx_power;
+                err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
+                                   MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
+        }
+unlock:
+        hci_dev_unlock(hdev);
+        return err;
+}
 static const struct mgmt_handler {
        int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
                     u16 data_len);
@@ -4612,6 +4831,7 @@ static const struct mgmt_handler {
        { set_debug_keys,         false, MGMT_SETTING_SIZE },
        { set_privacy,            false, MGMT_SET_PRIVACY_SIZE },
        { load_irks,              true,  MGMT_LOAD_IRKS_SIZE },
+        { get_conn_info,          false, MGMT_GET_CONN_INFO_SIZE },
 };
@@ -5007,6 +5227,14 @@ void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
        mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
 }
+static u8 mgmt_ltk_type(struct smp_ltk *ltk)
+{
+        if (ltk->authenticated)
+                return MGMT_LTK_AUTHENTICATED;
+        return MGMT_LTK_UNAUTHENTICATED;
+}
 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
 {
        struct mgmt_ev_new_long_term_key ev;
@@ -5032,7 +5260,7 @@ void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
        bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
        ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
-        ev.key.type = key->authenticated;
+        ev.key.type = mgmt_ltk_type(key);
        ev.key.enc_size = key->enc_size;
        ev.key.ediv = key->ediv;
        ev.key.rand = key->rand;
diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c
index cf620260affa..754b6fe4f742 100644
--- a/net/bluetooth/rfcomm/core.c
+++ b/net/bluetooth/rfcomm/core.c
@@ -307,7 +307,7 @@ struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
        setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d);
        skb_queue_head_init(&d->tx_queue);
-        spin_lock_init(&d->lock);
+        mutex_init(&d->lock);
        atomic_set(&d->refcnt, 1);
        rfcomm_dlc_clear_state(d);
diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c
index 403ec09f480a..8e385a0ae60e 100644
--- a/net/bluetooth/rfcomm/tty.c
+++ b/net/bluetooth/rfcomm/tty.c
@@ -70,7 +70,7 @@ struct rfcomm_dev {
 };
 static LIST_HEAD(rfcomm_dev_list);
-static DEFINE_SPINLOCK(rfcomm_dev_lock);
+static DEFINE_MUTEX(rfcomm_dev_lock);
 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb);
 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err);
@@ -96,9 +96,9 @@ static void rfcomm_dev_destruct(struct tty_port *port)
        if (dev->tty_dev)
                tty_unregister_device(rfcomm_tty_driver, dev->id);
-        spin_lock(&rfcomm_dev_lock);
+        mutex_lock(&rfcomm_dev_lock);
        list_del(&dev->list);
-        spin_unlock(&rfcomm_dev_lock);
+        mutex_unlock(&rfcomm_dev_lock);
        kfree(dev);
@@ -161,14 +161,14 @@ static struct rfcomm_dev *rfcomm_dev_get(int id)
 {
        struct rfcomm_dev *dev;
-        spin_lock(&rfcomm_dev_lock);
+        mutex_lock(&rfcomm_dev_lock);
        dev = __rfcomm_dev_lookup(id);
        if (dev && !tty_port_get(&dev->port))
                dev = NULL;
-        spin_unlock(&rfcomm_dev_lock);
+        mutex_unlock(&rfcomm_dev_lock);
        return dev;
 }
@@ -224,7 +224,7 @@ static struct rfcomm_dev *__rfcomm_dev_add(struct rfcomm_dev_req *req,
        if (!dev)
                return ERR_PTR(-ENOMEM);
-        spin_lock(&rfcomm_dev_lock);
+        mutex_lock(&rfcomm_dev_lock);
        if (req->dev_id < 0) {
                dev->id = 0;
@@ -305,11 +305,11 @@ static struct rfcomm_dev *__rfcomm_dev_add(struct rfcomm_dev_req *req,
           holds reference to this module. */
        __module_get(THIS_MODULE);
-        spin_unlock(&rfcomm_dev_lock);
+        mutex_unlock(&rfcomm_dev_lock);
        return dev;
 out:
-        spin_unlock(&rfcomm_dev_lock);
+        mutex_unlock(&rfcomm_dev_lock);
        kfree(dev);
        return ERR_PTR(err);
 }
@@ -524,7 +524,7 @@ static int rfcomm_get_dev_list(void __user *arg)
        di = dl->dev_info;
-        spin_lock(&rfcomm_dev_lock);
+        mutex_lock(&rfcomm_dev_lock);
        list_for_each_entry(dev, &rfcomm_dev_list, list) {
                if (!tty_port_get(&dev->port))
@@ -540,7 +540,7 @@ static int rfcomm_get_dev_list(void __user *arg)
                        break;
        }
-        spin_unlock(&rfcomm_dev_lock);
+        mutex_unlock(&rfcomm_dev_lock);
        dl->dev_num = n;
        size = sizeof(*dl) + n * sizeof(*di);
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index dfb4e1161c10..4f9662d0fd81 100644
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -35,6 +35,33 @@
 #define AUTH_REQ_MASK   0x07
+#define SMP_FLAG_TK_VALID       1
+#define SMP_FLAG_CFM_PENDING    2
+#define SMP_FLAG_MITM_AUTH      3
+#define SMP_FLAG_COMPLETE       4
+#define SMP_FLAG_INITIATOR      5
+struct smp_chan {
+        struct l2cap_conn *conn;
+        u8              preq[7]; /* SMP Pairing Request */
+        u8              prsp[7]; /* SMP Pairing Response */
+        u8              prnd[16]; /* SMP Pairing Random (local) */
+        u8              rrnd[16]; /* SMP Pairing Random (remote) */
+        u8              pcnf[16]; /* SMP Pairing Confirm */
+        u8              tk[16]; /* SMP Temporary Key */
+        u8              enc_key_size;
+        u8              remote_key_dist;
+        bdaddr_t        id_addr;
+        u8              id_addr_type;
+        u8              irk[16];
+        struct smp_csrk *csrk;
+        struct smp_csrk *slave_csrk;
+        struct smp_ltk  *ltk;
+        struct smp_ltk  *slave_ltk;
+        struct smp_irk  *remote_irk;
+        unsigned long   flags;
+};
 static inline void swap128(const u8 src[16], u8 dst[16])
 {
        int i;
@@ -369,7 +396,7 @@ static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
        /* Initialize key for JUST WORKS */
        memset(smp->tk, 0, sizeof(smp->tk));
-        clear_bit(SMP_FLAG_TK_VALID, &smp->smp_flags);
+        clear_bit(SMP_FLAG_TK_VALID, &smp->flags);
        BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
@@ -388,19 +415,18 @@ static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
                method = JUST_WORKS;
        /* Don't confirm locally initiated pairing attempts */
-        if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR,
+        if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags))
-                                           &smp->smp_flags))
                method = JUST_WORKS;
        /* If Just Works, Continue with Zero TK */
        if (method == JUST_WORKS) {
-                set_bit(SMP_FLAG_TK_VALID, &smp->smp_flags);
+                set_bit(SMP_FLAG_TK_VALID, &smp->flags);
                return 0;
        }
        /* Not Just Works/Confirm results in MITM Authentication */
        if (method != JUST_CFM)
-                set_bit(SMP_FLAG_MITM_AUTH, &smp->smp_flags);
+                set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
        /* If both devices have Keyoard-Display I/O, the master
         * Confirms and the slave Enters the passkey.
@@ -419,7 +445,7 @@ static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
                passkey %= 1000000;
                put_unaligned_le32(passkey, smp->tk);
                BT_DBG("PassKey: %d", passkey);
-                set_bit(SMP_FLAG_TK_VALID, &smp->smp_flags);
+                set_bit(SMP_FLAG_TK_VALID, &smp->flags);
        }
        hci_dev_lock(hcon->hdev);
@@ -441,15 +467,13 @@ static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
        return ret;
 }
-static void confirm_work(struct work_struct *work)
+static u8 smp_confirm(struct smp_chan *smp)
 {
-        struct smp_chan *smp = container_of(work, struct smp_chan, confirm);
        struct l2cap_conn *conn = smp->conn;
        struct hci_dev *hdev = conn->hcon->hdev;
        struct crypto_blkcipher *tfm = hdev->tfm_aes;
        struct smp_cmd_pairing_confirm cp;
        int ret;
-        u8 reason;
        BT_DBG("conn %p", conn);
@@ -463,35 +487,27 @@ static void confirm_work(struct work_struct *work)
        hci_dev_unlock(hdev);
-        if (ret) {
+        if (ret)
-                reason = SMP_UNSPECIFIED;
+                return SMP_UNSPECIFIED;
-                goto error;
-        }
-        clear_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags);
+        clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
        smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
-        return;
+        return 0;
-error:
-        smp_failure(conn, reason);
 }
-static void random_work(struct work_struct *work)
+static u8 smp_random(struct smp_chan *smp)
 {
-        struct smp_chan *smp = container_of(work, struct smp_chan, random);
        struct l2cap_conn *conn = smp->conn;
        struct hci_conn *hcon = conn->hcon;
        struct hci_dev *hdev = hcon->hdev;
        struct crypto_blkcipher *tfm = hdev->tfm_aes;
-        u8 reason, confirm[16];
+        u8 confirm[16];
        int ret;
-        if (IS_ERR_OR_NULL(tfm)) {
+        if (IS_ERR_OR_NULL(tfm))
-                reason = SMP_UNSPECIFIED;
+                return SMP_UNSPECIFIED;
-                goto error;
-        }
        BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
@@ -504,15 +520,12 @@ static void random_work(struct work_struct *work)
        hci_dev_unlock(hdev);
-        if (ret) {
+        if (ret)
-                reason = SMP_UNSPECIFIED;
+                return SMP_UNSPECIFIED;
-                goto error;
-        }
        if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
                BT_ERR("Pairing failed (confirmation values mismatch)");
-                reason = SMP_CONFIRM_FAILED;
+                return SMP_CONFIRM_FAILED;
-                goto error;
        }
        if (hcon->out) {
@@ -525,10 +538,8 @@ static void random_work(struct work_struct *work)
                memset(stk + smp->enc_key_size, 0,
                       SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
-                if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags)) {
+                if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
-                        reason = SMP_UNSPECIFIED;
+                        return SMP_UNSPECIFIED;
-                        goto error;
-                }
                hci_le_start_enc(hcon, ediv, rand, stk);
                hcon->enc_key_size = smp->enc_key_size;
@@ -550,10 +561,7 @@ static void random_work(struct work_struct *work)
                            ediv, rand);
        }
-        return;
+        return 0;
-error:
-        smp_failure(conn, reason);
 }
 static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
@@ -564,9 +572,6 @@ static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
        if (!smp)
                return NULL;
-        INIT_WORK(&smp->confirm, confirm_work);
-        INIT_WORK(&smp->random, random_work);
        smp->conn = conn;
        conn->smp_chan = smp;
        conn->hcon->smp_conn = conn;
@@ -583,7 +588,7 @@ void smp_chan_destroy(struct l2cap_conn *conn)
        BUG_ON(!smp);
-        complete = test_bit(SMP_FLAG_COMPLETE, &smp->smp_flags);
+        complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
        mgmt_smp_complete(conn->hcon, complete);
        kfree(smp->csrk);
@@ -634,7 +639,7 @@ int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
                put_unaligned_le32(value, smp->tk);
                /* Fall Through */
        case MGMT_OP_USER_CONFIRM_REPLY:
-                set_bit(SMP_FLAG_TK_VALID, &smp->smp_flags);
+                set_bit(SMP_FLAG_TK_VALID, &smp->flags);
                break;
        case MGMT_OP_USER_PASSKEY_NEG_REPLY:
        case MGMT_OP_USER_CONFIRM_NEG_REPLY:
@@ -646,8 +651,11 @@ int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
        }
        /* If it is our turn to send Pairing Confirm, do so now */
-        if (test_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags))
+        if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) {
-                queue_work(hcon->hdev->workqueue, &smp->confirm);
+                u8 rsp = smp_confirm(smp);
+                if (rsp)
+                        smp_failure(conn, rsp);
+        }
        return 0;
 }
@@ -656,14 +664,13 @@ static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
 {
        struct smp_cmd_pairing rsp, *req = (void *) skb->data;
        struct smp_chan *smp;
-        u8 key_size;
+        u8 key_size, auth;
-        u8 auth = SMP_AUTH_NONE;
        int ret;
        BT_DBG("conn %p", conn);
        if (skb->len < sizeof(*req))
-                return SMP_UNSPECIFIED;
+                return SMP_INVALID_PARAMS;
        if (conn->hcon->link_mode & HCI_LM_MASTER)
                return SMP_CMD_NOTSUPP;
@@ -681,8 +688,7 @@ static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
        skb_pull(skb, sizeof(*req));
        /* We didn't start the pairing, so match remote */
-        if (req->auth_req & SMP_AUTH_BONDING)
+        auth = req->auth_req;
-                auth = req->auth_req;
        conn->hcon->pending_sec_level = authreq_to_seclevel(auth);
@@ -704,7 +710,7 @@ static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
        if (ret)
                return SMP_UNSPECIFIED;
-        clear_bit(SMP_FLAG_INITIATOR, &smp->smp_flags);
+        clear_bit(SMP_FLAG_INITIATOR, &smp->flags);
        return 0;
 }
@@ -713,14 +719,13 @@ static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
 {
        struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
        struct smp_chan *smp = conn->smp_chan;
-        struct hci_dev *hdev = conn->hcon->hdev;
        u8 key_size, auth = SMP_AUTH_NONE;
        int ret;
        BT_DBG("conn %p", conn);
        if (skb->len < sizeof(*rsp))
-                return SMP_UNSPECIFIED;
+                return SMP_INVALID_PARAMS;
        if (!(conn->hcon->link_mode & HCI_LM_MASTER))
                return SMP_CMD_NOTSUPP;
@@ -753,11 +758,11 @@ static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
        if (ret)
                return SMP_UNSPECIFIED;
-        set_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags);
+        set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
        /* Can't compose response until we have been confirmed */
-        if (test_bit(SMP_FLAG_TK_VALID, &smp->smp_flags))
+        if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
-                queue_work(hdev->workqueue, &smp->confirm);
+                return smp_confirm(smp);
        return 0;
 }
@@ -765,12 +770,11 @@ static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
 static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
 {
        struct smp_chan *smp = conn->smp_chan;
-        struct hci_dev *hdev = conn->hcon->hdev;
        BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
        if (skb->len < sizeof(smp->pcnf))
-                return SMP_UNSPECIFIED;
+                return SMP_INVALID_PARAMS;
        memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
        skb_pull(skb, sizeof(smp->pcnf));
@@ -778,10 +782,10 @@ static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
        if (conn->hcon->out)
                smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
                             smp->prnd);
-        else if (test_bit(SMP_FLAG_TK_VALID, &smp->smp_flags))
+        else if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
-                queue_work(hdev->workqueue, &smp->confirm);
+                return smp_confirm(smp);
        else
-                set_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags);
+                set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
        return 0;
 }
@@ -789,19 +793,16 @@ static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
 static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
 {
        struct smp_chan *smp = conn->smp_chan;
-        struct hci_dev *hdev = conn->hcon->hdev;
        BT_DBG("conn %p", conn);
        if (skb->len < sizeof(smp->rrnd))
-                return SMP_UNSPECIFIED;
+                return SMP_INVALID_PARAMS;
        memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
        skb_pull(skb, sizeof(smp->rrnd));
-        queue_work(hdev->workqueue, &smp->random);
+        return smp_random(smp);
-        return 0;
 }
 static u8 smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
@@ -836,7 +837,7 @@ static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
        BT_DBG("conn %p", conn);
        if (skb->len < sizeof(*rp))
-                return SMP_UNSPECIFIED;
+                return SMP_INVALID_PARAMS;
        if (!(conn->hcon->link_mode & HCI_LM_MASTER))
                return SMP_CMD_NOTSUPP;
@@ -861,7 +862,7 @@ static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
        smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
-        clear_bit(SMP_FLAG_INITIATOR, &smp->smp_flags);
+        clear_bit(SMP_FLAG_INITIATOR, &smp->flags);
        return 0;
 }
@@ -928,7 +929,7 @@ int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
                smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
        }
-        set_bit(SMP_FLAG_INITIATOR, &smp->smp_flags);
+        set_bit(SMP_FLAG_INITIATOR, &smp->flags);
 done:
        hcon->pending_sec_level = sec_level;
@@ -944,7 +945,7 @@ static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
        BT_DBG("conn %p", conn);
        if (skb->len < sizeof(*rp))
-                return SMP_UNSPECIFIED;
+                return SMP_INVALID_PARAMS;
        /* Ignore this PDU if it wasn't requested */
        if (!(smp->remote_key_dist & SMP_DIST_ENC_KEY))
@@ -969,7 +970,7 @@ static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
        BT_DBG("conn %p", conn);
        if (skb->len < sizeof(*rp))
-                return SMP_UNSPECIFIED;
+                return SMP_INVALID_PARAMS;
        /* Ignore this PDU if it wasn't requested */
        if (!(smp->remote_key_dist & SMP_DIST_ENC_KEY))
@@ -1001,7 +1002,7 @@ static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
        BT_DBG("");
        if (skb->len < sizeof(*info))
-                return SMP_UNSPECIFIED;
+                return SMP_INVALID_PARAMS;
        /* Ignore this PDU if it wasn't requested */
        if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
@@ -1025,7 +1026,7 @@ static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
        BT_DBG("");
        if (skb->len < sizeof(*info))
-                return SMP_UNSPECIFIED;
+                return SMP_INVALID_PARAMS;
        /* Ignore this PDU if it wasn't requested */
        if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
@@ -1075,7 +1076,7 @@ static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
        BT_DBG("conn %p", conn);
        if (skb->len < sizeof(*rp))
-                return SMP_UNSPECIFIED;
+                return SMP_INVALID_PARAMS;
        /* Ignore this PDU if it wasn't requested */
        if (!(smp->remote_key_dist & SMP_DIST_SIGN))
@@ -1358,7 +1359,7 @@ int smp_distribute_keys(struct l2cap_conn *conn)
        clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags);
        cancel_delayed_work_sync(&conn->security_timer);
-        set_bit(SMP_FLAG_COMPLETE, &smp->smp_flags);
+        set_bit(SMP_FLAG_COMPLETE, &smp->flags);
        smp_notify_keys(conn);
        smp_chan_destroy(conn);
diff --git a/net/bluetooth/smp.h b/net/bluetooth/smp.h
index 1277147a9150..5a8dc36460a1 100644
--- a/net/bluetooth/smp.h
+++ b/net/bluetooth/smp.h
@@ -111,39 +111,11 @@ struct smp_cmd_security_req {
 #define SMP_CMD_NOTSUPP                 0x07
 #define SMP_UNSPECIFIED                 0x08
 #define SMP_REPEATED_ATTEMPTS           0x09
+#define SMP_INVALID_PARAMS              0x0a
 #define SMP_MIN_ENC_KEY_SIZE            7
 #define SMP_MAX_ENC_KEY_SIZE            16
-#define SMP_FLAG_TK_VALID       1
-#define SMP_FLAG_CFM_PENDING    2
-#define SMP_FLAG_MITM_AUTH      3
-#define SMP_FLAG_COMPLETE       4
-#define SMP_FLAG_INITIATOR      5
-struct smp_chan {
-        struct l2cap_conn *conn;
-        u8              preq[7]; /* SMP Pairing Request */
-        u8              prsp[7]; /* SMP Pairing Response */
-        u8              prnd[16]; /* SMP Pairing Random (local) */
-        u8              rrnd[16]; /* SMP Pairing Random (remote) */
-        u8              pcnf[16]; /* SMP Pairing Confirm */
-        u8              tk[16]; /* SMP Temporary Key */
-        u8              enc_key_size;
-        u8              remote_key_dist;
-        bdaddr_t        id_addr;
-        u8              id_addr_type;
-        u8              irk[16];
-        struct smp_csrk *csrk;
-        struct smp_csrk *slave_csrk;
-        struct smp_ltk  *ltk;
-        struct smp_ltk  *slave_ltk;
-        struct smp_irk  *remote_irk;
-        unsigned long   smp_flags;
-        struct work_struct confirm;
-        struct work_struct random;
-};
 /* SMP Commands */
 bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level);
 int smp_conn_security(struct hci_conn *hcon, __u8 sec_level);
diff --git a/net/mac80211/debugfs_netdev.c b/net/mac80211/debugfs_netdev.c
index 40a648938985..e205ebabfa50 100644
--- a/net/mac80211/debugfs_netdev.c
+++ b/net/mac80211/debugfs_netdev.c
@@ -34,8 +34,7 @@ static ssize_t ieee80211_if_read(
        ssize_t ret = -EINVAL;
        read_lock(&dev_base_lock);
-        if (sdata->dev->reg_state == NETREG_REGISTERED)
+        ret = (*format)(sdata, buf, sizeof(buf));
-                ret = (*format)(sdata, buf, sizeof(buf));
        read_unlock(&dev_base_lock);
        if (ret >= 0)
@@ -62,8 +61,7 @@ static ssize_t ieee80211_if_write(
        ret = -ENODEV;
        rtnl_lock();
-        if (sdata->dev->reg_state == NETREG_REGISTERED)
+        ret = (*write)(sdata, buf, count);
-                ret = (*write)(sdata, buf, count);
        rtnl_unlock();
        return ret;
diff --git a/net/mac80211/driver-ops.h b/net/mac80211/driver-ops.h
index 696ef78b1fb7..bd782dcffcc7 100644
--- a/net/mac80211/driver-ops.h
+++ b/net/mac80211/driver-ops.h
@@ -1048,6 +1048,59 @@ static inline void drv_unassign_vif_chanctx(struct ieee80211_local *local,
        trace_drv_return_void(local);
 }
+static inline int
+drv_switch_vif_chanctx(struct ieee80211_local *local,
+                       struct ieee80211_vif_chanctx_switch *vifs,
+                       int n_vifs,
+                       enum ieee80211_chanctx_switch_mode mode)
+{
+        int ret = 0;
+        int i;
+        if (!local->ops->switch_vif_chanctx)
+                return -EOPNOTSUPP;
+        for (i = 0; i < n_vifs; i++) {
+                struct ieee80211_chanctx *new_ctx =
+                        container_of(vifs[i].new_ctx,
+                                     struct ieee80211_chanctx,
+                                     conf);
+                struct ieee80211_chanctx *old_ctx =
+                        container_of(vifs[i].old_ctx,
+                                     struct ieee80211_chanctx,
+                                     conf);
+                WARN_ON_ONCE(!old_ctx->driver_present);
+                WARN_ON_ONCE((mode == CHANCTX_SWMODE_SWAP_CONTEXTS &&
+                              new_ctx->driver_present) ||
+                             (mode == CHANCTX_SWMODE_REASSIGN_VIF &&
+                              !new_ctx->driver_present));
+        }
+        trace_drv_switch_vif_chanctx(local, vifs, n_vifs, mode);
+        ret = local->ops->switch_vif_chanctx(&local->hw,
+                                             vifs, n_vifs, mode);
+        trace_drv_return_int(local, ret);
+        if (!ret && mode == CHANCTX_SWMODE_SWAP_CONTEXTS) {
+                for (i = 0; i < n_vifs; i++) {
+                        struct ieee80211_chanctx *new_ctx =
+                                container_of(vifs[i].new_ctx,
+                                             struct ieee80211_chanctx,
+                                             conf);
+                        struct ieee80211_chanctx *old_ctx =
+                                container_of(vifs[i].old_ctx,
+                                             struct ieee80211_chanctx,
+                                             conf);
+                        new_ctx->driver_present = true;
+                        old_ctx->driver_present = false;
+                }
+        }
+        return ret;
+}
 static inline int drv_start_ap(struct ieee80211_local *local,
                               struct ieee80211_sub_if_data *sdata)
 {
diff --git a/net/mac80211/ibss.c b/net/mac80211/ibss.c
index 1bbac94da58d..18ee0a256b1e 100644
--- a/net/mac80211/ibss.c
+++ b/net/mac80211/ibss.c
@@ -1677,6 +1677,7 @@ int ieee80211_ibss_join(struct ieee80211_sub_if_data *sdata,
        sdata->u.ibss.control_port = params->control_port;
        sdata->u.ibss.userspace_handles_dfs = params->userspace_handles_dfs;
        sdata->u.ibss.basic_rates = params->basic_rates;
+        sdata->u.ibss.last_scan_completed = jiffies;
        /* fix basic_rates if channel does not support these rates */
        rate_flags = ieee80211_chandef_rate_flags(&params->chandef);
diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
index 79fc98815da8..81a8e2a0b6aa 100644
--- a/net/mac80211/iface.c
+++ b/net/mac80211/iface.c
@@ -399,6 +399,7 @@ int ieee80211_add_virtual_monitor(struct ieee80211_local *local)
        sdata->vif.type = NL80211_IFTYPE_MONITOR;
        snprintf(sdata->name, IFNAMSIZ, "%s-monitor",
                 wiphy_name(local->hw.wiphy));
+        sdata->wdev.iftype = NL80211_IFTYPE_MONITOR;
        sdata->encrypt_headroom = IEEE80211_ENCRYPT_HEADROOM;
@@ -1285,6 +1286,7 @@ static void ieee80211_setup_sdata(struct ieee80211_sub_if_data *sdata,
        sdata->control_port_protocol = cpu_to_be16(ETH_P_PAE);
        sdata->control_port_no_encrypt = false;
        sdata->encrypt_headroom = IEEE80211_ENCRYPT_HEADROOM;
+        sdata->vif.bss_conf.idle = true;
        sdata->noack_map = 0;
diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c
index 632d372bb511..a9b46d8ea22f 100644
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -240,6 +240,7 @@ void sta_info_free(struct ieee80211_local *local, struct sta_info *sta)
        sta_dbg(sta->sdata, "Destroyed STA %pM\n", sta->sta.addr);
+        kfree(rcu_dereference_raw(sta->sta.rates));
        kfree(sta);
 }
diff --git a/net/mac80211/status.c b/net/mac80211/status.c
index 60cb7a665976..ba29ebc86141 100644
--- a/net/mac80211/status.c
+++ b/net/mac80211/status.c
@@ -541,6 +541,23 @@ static void ieee80211_tx_latency_end_msrmnt(struct ieee80211_local *local,
 */
 #define STA_LOST_PKT_THRESHOLD  50
+static void ieee80211_lost_packet(struct sta_info *sta, struct sk_buff *skb)
+{
+        struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
+        /* This packet was aggregated but doesn't carry status info */
+        if ((info->flags & IEEE80211_TX_CTL_AMPDU) &&
+            !(info->flags & IEEE80211_TX_STAT_AMPDU))
+                return;
+        if (++sta->lost_packets < STA_LOST_PKT_THRESHOLD)
+                return;
+        cfg80211_cqm_pktloss_notify(sta->sdata->dev, sta->sta.addr,
+                                    sta->lost_packets, GFP_ATOMIC);
+        sta->lost_packets = 0;
+}
 void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb)
 {
        struct sk_buff *skb2;
@@ -680,12 +697,8 @@ void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb)
                        if (info->flags & IEEE80211_TX_STAT_ACK) {
                                if (sta->lost_packets)
                                        sta->lost_packets = 0;
-                        } else if (++sta->lost_packets >= STA_LOST_PKT_THRESHOLD) {
+                        } else {
-                                cfg80211_cqm_pktloss_notify(sta->sdata->dev,
+                                ieee80211_lost_packet(sta, skb);
-                                                            sta->sta.addr,
-                                                            sta->lost_packets,
-                                                            GFP_ATOMIC);
-                                sta->lost_packets = 0;
                        }
                }
diff --git a/net/mac80211/trace.h b/net/mac80211/trace.h
index 762e4cd16386..cfe1a0688b5c 100644
--- a/net/mac80211/trace.h
+++ b/net/mac80211/trace.h
@@ -1389,6 +1389,91 @@ TRACE_EVENT(drv_change_chanctx,
        )
 );
+#if !defined(__TRACE_VIF_ENTRY)
+#define __TRACE_VIF_ENTRY
+struct trace_vif_entry {
+        enum nl80211_iftype vif_type;
+        bool p2p;
+        char vif_name[IFNAMSIZ];
+} __packed;
+struct trace_chandef_entry {
+        u32 control_freq;
+        u32 chan_width;
+        u32 center_freq1;
+        u32 center_freq2;
+} __packed;
+struct trace_switch_entry {
+        struct trace_vif_entry vif;
+        struct trace_chandef_entry old_chandef;
+        struct trace_chandef_entry new_chandef;
+} __packed;
+#define SWITCH_ENTRY_ASSIGN(to, from) local_vifs[i].to = vifs[i].from
+#endif
+TRACE_EVENT(drv_switch_vif_chanctx,
+        TP_PROTO(struct ieee80211_local *local,
+                 struct ieee80211_vif_chanctx_switch *vifs,
+                 int n_vifs, enum ieee80211_chanctx_switch_mode mode),
+            TP_ARGS(local, vifs, n_vifs, mode),
+        TP_STRUCT__entry(
+                LOCAL_ENTRY
+                __field(int, n_vifs)
+                __field(u32, mode)
+                __dynamic_array(u8, vifs,
+                                sizeof(struct trace_switch_entry) * n_vifs)
+        ),
+        TP_fast_assign(
+                LOCAL_ASSIGN;
+                __entry->n_vifs = n_vifs;
+                __entry->mode = mode;
+                {
+                        struct trace_switch_entry *local_vifs =
+                                __get_dynamic_array(vifs);
+                        int i;
+                        for (i = 0; i < n_vifs; i++) {
+                                struct ieee80211_sub_if_data *sdata;
+                                sdata = container_of(vifs[i].vif,
+                                                struct ieee80211_sub_if_data,
+                                                vif);
+                                SWITCH_ENTRY_ASSIGN(vif.vif_type, vif->type);
+                                SWITCH_ENTRY_ASSIGN(vif.p2p, vif->p2p);
+                                strncpy(local_vifs[i].vif.vif_name,
+                                        sdata->name,
+                                        sizeof(local_vifs[i].vif.vif_name));
+                                SWITCH_ENTRY_ASSIGN(old_chandef.control_freq,
+                                                old_ctx->def.chan->center_freq);
+                                SWITCH_ENTRY_ASSIGN(old_chandef.chan_width,
+                                                    old_ctx->def.width);
+                                SWITCH_ENTRY_ASSIGN(old_chandef.center_freq1,
+                                                    old_ctx->def.center_freq1);
+                                SWITCH_ENTRY_ASSIGN(old_chandef.center_freq2,
+                                                    old_ctx->def.center_freq2);
+                                SWITCH_ENTRY_ASSIGN(new_chandef.control_freq,
+                                                new_ctx->def.chan->center_freq);
+                                SWITCH_ENTRY_ASSIGN(new_chandef.chan_width,
+                                                    new_ctx->def.width);
+                                SWITCH_ENTRY_ASSIGN(new_chandef.center_freq1,
+                                                    new_ctx->def.center_freq1);
+                                SWITCH_ENTRY_ASSIGN(new_chandef.center_freq2,
+                                                    new_ctx->def.center_freq2);
+                        }
+                }
+        ),
+        TP_printk(
+                LOCAL_PR_FMT " n_vifs:%d mode:%d",
+                LOCAL_PR_ARG, __entry->n_vifs, __entry->mode
+        )
+);
 DECLARE_EVENT_CLASS(local_sdata_chanctx,
        TP_PROTO(struct ieee80211_local *local,
                 struct ieee80211_sub_if_data *sdata,
diff --git a/net/nfc/digital_core.c b/net/nfc/digital_core.c
index b105cfb00e76..a6ce3c627e4e 100644
--- a/net/nfc/digital_core.c
+++ b/net/nfc/digital_core.c
@@ -386,6 +386,8 @@ int digital_target_found(struct nfc_digital_dev *ddev,
 void digital_poll_next_tech(struct nfc_digital_dev *ddev)
 {
+        u8 rand_mod;
        digital_switch_rf(ddev, 0);
        mutex_lock(&ddev->poll_lock);
@@ -395,8 +397,8 @@ void digital_poll_next_tech(struct nfc_digital_dev *ddev)
                return;
        }
-        ddev->poll_tech_index = (ddev->poll_tech_index + 1) %
+        get_random_bytes(&rand_mod, sizeof(rand_mod));
-                                ddev->poll_tech_count;
+        ddev->poll_tech_index = rand_mod % ddev->poll_tech_count;
        mutex_unlock(&ddev->poll_lock);
diff --git a/net/nfc/digital_dep.c b/net/nfc/digital_dep.c
index d4ed25ff723f..171cb9949ab5 100644
--- a/net/nfc/digital_dep.c
+++ b/net/nfc/digital_dep.c
@@ -224,9 +224,8 @@ int digital_in_send_atr_req(struct nfc_digital_dev *ddev,
        ddev->skb_add_crc(skb);
-        digital_in_send_cmd(ddev, skb, 500, digital_in_recv_atr_res, target);
+        return digital_in_send_cmd(ddev, skb, 500, digital_in_recv_atr_res,
+                                   target);
-        return 0;
 }
 static int digital_in_send_rtox(struct nfc_digital_dev *ddev,
diff --git a/net/nfc/digital_technology.c b/net/nfc/digital_technology.c
index 12a233e9ece5..c2c1c0189b7c 100644
--- a/net/nfc/digital_technology.c
+++ b/net/nfc/digital_technology.c
@@ -613,7 +613,7 @@ exit:
                digital_poll_next_tech(ddev);
 }
-int digital_in_send_attrib_req(struct nfc_digital_dev *ddev,
+static int digital_in_send_attrib_req(struct nfc_digital_dev *ddev,
                               struct nfc_target *target,
                               struct digital_sensb_res *sensb_res)
 {
diff --git a/net/nfc/rawsock.c b/net/nfc/rawsock.c
index 8627c75063e2..55eefee311eb 100644
--- a/net/nfc/rawsock.c
+++ b/net/nfc/rawsock.c
@@ -31,14 +31,14 @@ static struct nfc_sock_list raw_sk_list = {
        .lock = __RW_LOCK_UNLOCKED(raw_sk_list.lock)
 };
-void nfc_sock_link(struct nfc_sock_list *l, struct sock *sk)
+static void nfc_sock_link(struct nfc_sock_list *l, struct sock *sk)
 {
        write_lock(&l->lock);
        sk_add_node(sk, &l->head);
        write_unlock(&l->lock);
 }
-void nfc_sock_unlink(struct nfc_sock_list *l, struct sock *sk)
+static void nfc_sock_unlink(struct nfc_sock_list *l, struct sock *sk)
 {
        write_lock(&l->lock);
        sk_del_node_init(sk);
diff --git a/net/wireless/core.c b/net/wireless/core.c
index d03d8bdb29ca..a1c40654dd9b 100644
--- a/net/wireless/core.c
+++ b/net/wireless/core.c
@@ -130,7 +130,7 @@ int cfg80211_dev_rename(struct cfg80211_registered_device *rdev,
                            newname))
                pr_err("failed to rename debugfs dir to %s!\n", newname);
-        nl80211_notify_dev_rename(rdev);
+        nl80211_notify_wiphy(rdev, NL80211_CMD_NEW_WIPHY);
        return 0;
 }
@@ -660,6 +660,8 @@ int wiphy_register(struct wiphy *wiphy)
                return res;
        }
+        nl80211_notify_wiphy(rdev, NL80211_CMD_NEW_WIPHY);
        return 0;
 }
 EXPORT_SYMBOL(wiphy_register);
@@ -698,6 +700,7 @@ void wiphy_unregister(struct wiphy *wiphy)
                rfkill_unregister(rdev->rfkill);
        rtnl_lock();
+        nl80211_notify_wiphy(rdev, NL80211_CMD_DEL_WIPHY);
        rdev->wiphy.registered = false;
        WARN_ON(!list_empty(&rdev->wdev_list));
diff --git a/net/wireless/genregdb.awk b/net/wireless/genregdb.awk
index b35da8dc85de..40c37fc5b67c 100644
--- a/net/wireless/genregdb.awk
+++ b/net/wireless/genregdb.awk
@@ -68,17 +68,7 @@ function parse_reg_rule()
        sub(/,/, "", units)
        dfs_cac = $9
        if (units == "mW") {
-                if (power == 100) {
+                power = 10 * log(power)/log(10)
-                        power = 20
-                } else if (power == 200) {
-                        power = 23
-                } else if (power == 500) {
-                        power = 27
-                } else if (power == 1000) {
-                        power = 30
-                } else {
-                        print "Unknown power value in database!"
-                }
        } else {
                dfs_cac = $8
        }
@@ -117,7 +107,7 @@ function parse_reg_rule()
        }
        flags = flags "0"
-        printf "\t\tREG_RULE_EXT(%d, %d, %d, %d, %d, %d, %s),\n", start, end, bw, gain, power, dfs_cac, flags
+        printf "\t\tREG_RULE_EXT(%d, %d, %d, %d, %.0f, %d, %s),\n", start, end, bw, gain, power, dfs_cac, flags
        rules++
 }
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 62bdb1adaa4d..ba4f1723c83a 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -1226,6 +1226,7 @@ struct nl80211_dump_wiphy_state {
 };
 static int nl80211_send_wiphy(struct cfg80211_registered_device *rdev,
+                              enum nl80211_commands cmd,
                              struct sk_buff *msg, u32 portid, u32 seq,
                              int flags, struct nl80211_dump_wiphy_state *state)
 {
@@ -1240,7 +1241,7 @@ static int nl80211_send_wiphy(struct cfg80211_registered_device *rdev,
                                rdev->wiphy.mgmt_stypes;
        u32 features;
-        hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_WIPHY);
+        hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
        if (!hdr)
                return -ENOBUFS;
@@ -1254,6 +1255,9 @@ static int nl80211_send_wiphy(struct cfg80211_registered_device *rdev,
                        cfg80211_rdev_list_generation))
                goto nla_put_failure;
+        if (cmd != NL80211_CMD_NEW_WIPHY)
+                goto finish;
        switch (state->split_start) {
        case 0:
                if (nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
@@ -1682,6 +1686,7 @@ static int nl80211_send_wiphy(struct cfg80211_registered_device *rdev,
                state->split_start = 0;
                break;
        }
+ finish:
        return genlmsg_end(msg, hdr);
 nla_put_failure:
@@ -1756,7 +1761,8 @@ static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
                        continue;
                /* attempt to fit multiple wiphy data chunks into the skb */
                do {
-                        ret = nl80211_send_wiphy(rdev, skb,
+                        ret = nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY,
+                                                 skb,
                                                 NETLINK_CB(cb->skb).portid,
                                                 cb->nlh->nlmsg_seq,
                                                 NLM_F_MULTI, state);
@@ -1811,7 +1817,8 @@ static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
        if (!msg)
                return -ENOMEM;
-        if (nl80211_send_wiphy(rdev, msg, info->snd_portid, info->snd_seq, 0,
+        if (nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY, msg,
+                               info->snd_portid, info->snd_seq, 0,
                               &state) < 0) {
                nlmsg_free(msg);
                return -ENOBUFS;
@@ -10101,16 +10108,20 @@ static const struct genl_ops nl80211_ops[] = {
 /* notification functions */
-void nl80211_notify_dev_rename(struct cfg80211_registered_device *rdev)
+void nl80211_notify_wiphy(struct cfg80211_registered_device *rdev,
+                          enum nl80211_commands cmd)
 {
        struct sk_buff *msg;
        struct nl80211_dump_wiphy_state state = {};
+        WARN_ON(cmd != NL80211_CMD_NEW_WIPHY &&
+                cmd != NL80211_CMD_DEL_WIPHY);
        msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
        if (!msg)
                return;
-        if (nl80211_send_wiphy(rdev, msg, 0, 0, 0, &state) < 0) {
+        if (nl80211_send_wiphy(rdev, cmd, msg, 0, 0, 0, &state) < 0) {
                nlmsg_free(msg);
                return;
        }
diff --git a/net/wireless/nl80211.h b/net/wireless/nl80211.h
index 1e6df9630f42..49c9a482dd12 100644
--- a/net/wireless/nl80211.h
+++ b/net/wireless/nl80211.h
@@ -5,7 +5,8 @@
 int nl80211_init(void);
 void nl80211_exit(void);
-void nl80211_notify_dev_rename(struct cfg80211_registered_device *rdev);
+void nl80211_notify_wiphy(struct cfg80211_registered_device *rdev,
+                          enum nl80211_commands cmd);
 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
                             struct wireless_dev *wdev);
 struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev,
author	David S. Miller <davem@davemloft.net>	2014-06-02 14:17:35 -0400
committer	David S. Miller <davem@davemloft.net>	2014-06-02 14:17:35 -0400
commit	31595de219e8a1a2ed7aeccbe4f18e44f2d2db00 (patch)
tree	7fde4fc831867b18e384953a18f50919ccc9245f /net
parent	73f156a6e8c1074ac6327e0abd1169e95eb66463 (diff)
parent	fcb2c0d6cf75750e2912b09a3d0a782c90e2b1a0 (diff)