Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next into for-davem

author: John W. Linville <linville@tuxdriver.com> 2014-06-02 11:20:17 -0400
committer: John W. Linville <linville@tuxdriver.com> 2014-06-02 11:20:17 -0400
commit: fcb2c0d6cf75750e2912b09a3d0a782c90e2b1a0 (patch)
tree: a17982638b066ae29f8ab1a6e37f18e6dddb5272 /net
parent: 96b2e73c5471542cb9c622c4360716684f8797ed (diff)
parent: a715c7ddd65a1a3b2839b8ebd759bb2d361f7675 (diff)
23 files changed, 645 insertions, 157 deletions
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index 095943c02d6e..8671bc79a35b 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -28,6 +28,7 @@
 #include <net/bluetooth/bluetooth.h>
 #include <net/bluetooth/hci_core.h>
+#include <net/bluetooth/l2cap.h>
 #include "smp.h"
 #include "a2mp.h"
@@ -407,6 +408,8 @@ struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
        conn->io_capability = hdev->io_capability;
        conn->remote_auth = 0xff;
        conn->key_type = 0xff;
+        conn->tx_power = HCI_TX_POWER_INVALID;
+        conn->max_tx_power = HCI_TX_POWER_INVALID;
        set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
        conn->disc_timeout = HCI_DISCONN_TIMEOUT;
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index d31f144860d1..0a43cce9a914 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -34,6 +34,7 @@
 #include <net/bluetooth/bluetooth.h>
 #include <net/bluetooth/hci_core.h>
+#include <net/bluetooth/l2cap.h>
 #include "smp.h"
@@ -579,6 +580,62 @@ static int sniff_max_interval_get(void *data, u64 *val)
 DEFINE_SIMPLE_ATTRIBUTE(sniff_max_interval_fops, sniff_max_interval_get,
                        sniff_max_interval_set, "%llu\n");
+static int conn_info_min_age_set(void *data, u64 val)
+{
+        struct hci_dev *hdev = data;
+        if (val == 0 || val > hdev->conn_info_max_age)
+                return -EINVAL;
+        hci_dev_lock(hdev);
+        hdev->conn_info_min_age = val;
+        hci_dev_unlock(hdev);
+        return 0;
+}
+static int conn_info_min_age_get(void *data, u64 *val)
+{
+        struct hci_dev *hdev = data;
+        hci_dev_lock(hdev);
+        *val = hdev->conn_info_min_age;
+        hci_dev_unlock(hdev);
+        return 0;
+}
+DEFINE_SIMPLE_ATTRIBUTE(conn_info_min_age_fops, conn_info_min_age_get,
+                        conn_info_min_age_set, "%llu\n");
+static int conn_info_max_age_set(void *data, u64 val)
+{
+        struct hci_dev *hdev = data;
+        if (val == 0 || val < hdev->conn_info_min_age)
+                return -EINVAL;
+        hci_dev_lock(hdev);
+        hdev->conn_info_max_age = val;
+        hci_dev_unlock(hdev);
+        return 0;
+}
+static int conn_info_max_age_get(void *data, u64 *val)
+{
+        struct hci_dev *hdev = data;
+        hci_dev_lock(hdev);
+        *val = hdev->conn_info_max_age;
+        hci_dev_unlock(hdev);
+        return 0;
+}
+DEFINE_SIMPLE_ATTRIBUTE(conn_info_max_age_fops, conn_info_max_age_get,
+                        conn_info_max_age_set, "%llu\n");
 static int identity_show(struct seq_file *f, void *p)
 {
        struct hci_dev *hdev = f->private;
@@ -1754,6 +1811,11 @@ static int __hci_init(struct hci_dev *hdev)
                            &blacklist_fops);
        debugfs_create_file("uuids", 0444, hdev->debugfs, hdev, &uuids_fops);
+        debugfs_create_file("conn_info_min_age", 0644, hdev->debugfs, hdev,
+                            &conn_info_min_age_fops);
+        debugfs_create_file("conn_info_max_age", 0644, hdev->debugfs, hdev,
+                            &conn_info_max_age_fops);
        if (lmp_bredr_capable(hdev)) {
                debugfs_create_file("inquiry_cache", 0444, hdev->debugfs,
                                    hdev, &inquiry_cache_fops);
@@ -3789,6 +3851,8 @@ struct hci_dev *hci_alloc_dev(void)
        hdev->rpa_timeout = HCI_DEFAULT_RPA_TIMEOUT;
        hdev->discov_interleaved_timeout = DISCOV_INTERLEAVED_TIMEOUT;
+        hdev->conn_info_min_age = DEFAULT_CONN_INFO_MIN_AGE;
+        hdev->conn_info_max_age = DEFAULT_CONN_INFO_MAX_AGE;
        mutex_init(&hdev->lock);
        mutex_init(&hdev->req_lock);
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index ca19fd4bbb8f..3454807a40c5 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -1245,6 +1245,59 @@ static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
        amp_write_rem_assoc_continue(hdev, rp->phy_handle);
 }
+static void hci_cc_read_rssi(struct hci_dev *hdev, struct sk_buff *skb)
+{
+        struct hci_rp_read_rssi *rp = (void *) skb->data;
+        struct hci_conn *conn;
+        BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
+        if (rp->status)
+                return;
+        hci_dev_lock(hdev);
+        conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
+        if (conn)
+                conn->rssi = rp->rssi;
+        hci_dev_unlock(hdev);
+}
+static void hci_cc_read_tx_power(struct hci_dev *hdev, struct sk_buff *skb)
+{
+        struct hci_cp_read_tx_power *sent;
+        struct hci_rp_read_tx_power *rp = (void *) skb->data;
+        struct hci_conn *conn;
+        BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
+        if (rp->status)
+                return;
+        sent = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
+        if (!sent)
+                return;
+        hci_dev_lock(hdev);
+        conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
+        if (!conn)
+                goto unlock;
+        switch (sent->type) {
+        case 0x00:
+                conn->tx_power = rp->tx_power;
+                break;
+        case 0x01:
+                conn->max_tx_power = rp->tx_power;
+                break;
+        }
+unlock:
+        hci_dev_unlock(hdev);
+}
 static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
 {
        BT_DBG("%s status 0x%2.2x", hdev->name, status);
@@ -2637,6 +2690,14 @@ static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
                hci_cc_write_remote_amp_assoc(hdev, skb);
                break;
+        case HCI_OP_READ_RSSI:
+                hci_cc_read_rssi(hdev, skb);
+                break;
+        case HCI_OP_READ_TX_POWER:
+                hci_cc_read_tx_power(hdev, skb);
+                break;
        default:
                BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
                break;
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index 54abbce3a39e..5e9c21a5525f 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -29,12 +29,13 @@
 #include <net/bluetooth/bluetooth.h>
 #include <net/bluetooth/hci_core.h>
+#include <net/bluetooth/l2cap.h>
 #include <net/bluetooth/mgmt.h>
 #include "smp.h"
 #define MGMT_VERSION    1
-#define MGMT_REVISION   5
+#define MGMT_REVISION   6
 static const u16 mgmt_commands[] = {
        MGMT_OP_READ_INDEX_LIST,
@@ -83,6 +84,7 @@ static const u16 mgmt_commands[] = {
        MGMT_OP_SET_DEBUG_KEYS,
        MGMT_OP_SET_PRIVACY,
        MGMT_OP_LOAD_IRKS,
+        MGMT_OP_GET_CONN_INFO,
 };
 static const u16 mgmt_events[] = {
@@ -4532,7 +4534,7 @@ static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
        for (i = 0; i < key_count; i++) {
                struct mgmt_ltk_info *key = &cp->keys[i];
-                u8 type, addr_type;
+                u8 type, addr_type, authenticated;
                if (key->addr.type == BDADDR_LE_PUBLIC)
                        addr_type = ADDR_LE_DEV_PUBLIC;
@@ -4544,8 +4546,13 @@ static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
                else
                        type = HCI_SMP_LTK_SLAVE;
+                if (key->type == MGMT_LTK_UNAUTHENTICATED)
+                        authenticated = 0x00;
+                else
+                        authenticated = 0x01;
                hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
-                            key->type, key->val, key->enc_size, key->ediv,
+                            authenticated, key->val, key->enc_size, key->ediv,
                            key->rand);
        }
@@ -4557,6 +4564,218 @@ static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
        return err;
 }
+struct cmd_conn_lookup {
+        struct hci_conn *conn;
+        bool valid_tx_power;
+        u8 mgmt_status;
+};
+static void get_conn_info_complete(struct pending_cmd *cmd, void *data)
+{
+        struct cmd_conn_lookup *match = data;
+        struct mgmt_cp_get_conn_info *cp;
+        struct mgmt_rp_get_conn_info rp;
+        struct hci_conn *conn = cmd->user_data;
+        if (conn != match->conn)
+                return;
+        cp = (struct mgmt_cp_get_conn_info *) cmd->param;
+        memset(&rp, 0, sizeof(rp));
+        bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
+        rp.addr.type = cp->addr.type;
+        if (!match->mgmt_status) {
+                rp.rssi = conn->rssi;
+                if (match->valid_tx_power) {
+                        rp.tx_power = conn->tx_power;
+                        rp.max_tx_power = conn->max_tx_power;
+                } else {
+                        rp.tx_power = HCI_TX_POWER_INVALID;
+                        rp.max_tx_power = HCI_TX_POWER_INVALID;
+                }
+        }
+        cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
+                     match->mgmt_status, &rp, sizeof(rp));
+        hci_conn_drop(conn);
+        mgmt_pending_remove(cmd);
+}
+static void conn_info_refresh_complete(struct hci_dev *hdev, u8 status)
+{
+        struct hci_cp_read_rssi *cp;
+        struct hci_conn *conn;
+        struct cmd_conn_lookup match;
+        u16 handle;
+        BT_DBG("status 0x%02x", status);
+        hci_dev_lock(hdev);
+        /* TX power data is valid in case request completed successfully,
+         * otherwise we assume it's not valid. At the moment we assume that
+         * either both or none of current and max values are valid to keep code
+         * simple.
+         */
+        match.valid_tx_power = !status;
+        /* Commands sent in request are either Read RSSI or Read Transmit Power
+         * Level so we check which one was last sent to retrieve connection
+         * handle.  Both commands have handle as first parameter so it's safe to
+         * cast data on the same command struct.
+         *
+         * First command sent is always Read RSSI and we fail only if it fails.
+         * In other case we simply override error to indicate success as we
+         * already remembered if TX power value is actually valid.
+         */
+        cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
+        if (!cp) {
+                cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
+                status = 0;
+        }
+        if (!cp) {
+                BT_ERR("invalid sent_cmd in response");
+                goto unlock;
+        }
+        handle = __le16_to_cpu(cp->handle);
+        conn = hci_conn_hash_lookup_handle(hdev, handle);
+        if (!conn) {
+                BT_ERR("unknown handle (%d) in response", handle);
+                goto unlock;
+        }
+        match.conn = conn;
+        match.mgmt_status = mgmt_status(status);
+        /* Cache refresh is complete, now reply for mgmt request for given
+         * connection only.
+         */
+        mgmt_pending_foreach(MGMT_OP_GET_CONN_INFO, hdev,
+                             get_conn_info_complete, &match);
+unlock:
+        hci_dev_unlock(hdev);
+}
+static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
+                         u16 len)
+{
+        struct mgmt_cp_get_conn_info *cp = data;
+        struct mgmt_rp_get_conn_info rp;
+        struct hci_conn *conn;
+        unsigned long conn_info_age;
+        int err = 0;
+        BT_DBG("%s", hdev->name);
+        memset(&rp, 0, sizeof(rp));
+        bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
+        rp.addr.type = cp->addr.type;
+        if (!bdaddr_type_is_valid(cp->addr.type))
+                return cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
+                                    MGMT_STATUS_INVALID_PARAMS,
+                                    &rp, sizeof(rp));
+        hci_dev_lock(hdev);
+        if (!hdev_is_powered(hdev)) {
+                err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
+                                   MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
+                goto unlock;
+        }
+        if (cp->addr.type == BDADDR_BREDR)
+                conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
+                                               &cp->addr.bdaddr);
+        else
+                conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
+        if (!conn || conn->state != BT_CONNECTED) {
+                err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
+                                   MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
+                goto unlock;
+        }
+        /* To avoid client trying to guess when to poll again for information we
+         * calculate conn info age as random value between min/max set in hdev.
+         */
+        conn_info_age = hdev->conn_info_min_age +
+                        prandom_u32_max(hdev->conn_info_max_age -
+                                        hdev->conn_info_min_age);
+        /* Query controller to refresh cached values if they are too old or were
+         * never read.
+         */
+        if (time_after(jiffies, conn->conn_info_timestamp +
+                       msecs_to_jiffies(conn_info_age)) ||
+            !conn->conn_info_timestamp) {
+                struct hci_request req;
+                struct hci_cp_read_tx_power req_txp_cp;
+                struct hci_cp_read_rssi req_rssi_cp;
+                struct pending_cmd *cmd;
+                hci_req_init(&req, hdev);
+                req_rssi_cp.handle = cpu_to_le16(conn->handle);
+                hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
+                            &req_rssi_cp);
+                /* For LE links TX power does not change thus we don't need to
+                 * query for it once value is known.
+                 */
+                if (!bdaddr_type_is_le(cp->addr.type) ||
+                    conn->tx_power == HCI_TX_POWER_INVALID) {
+                        req_txp_cp.handle = cpu_to_le16(conn->handle);
+                        req_txp_cp.type = 0x00;
+                        hci_req_add(&req, HCI_OP_READ_TX_POWER,
+                                    sizeof(req_txp_cp), &req_txp_cp);
+                }
+                /* Max TX power needs to be read only once per connection */
+                if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
+                        req_txp_cp.handle = cpu_to_le16(conn->handle);
+                        req_txp_cp.type = 0x01;
+                        hci_req_add(&req, HCI_OP_READ_TX_POWER,
+                                    sizeof(req_txp_cp), &req_txp_cp);
+                }
+                err = hci_req_run(&req, conn_info_refresh_complete);
+                if (err < 0)
+                        goto unlock;
+                cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
+                                       data, len);
+                if (!cmd) {
+                        err = -ENOMEM;
+                        goto unlock;
+                }
+                hci_conn_hold(conn);
+                cmd->user_data = conn;
+                conn->conn_info_timestamp = jiffies;
+        } else {
+                /* Cache is valid, just reply with values cached in hci_conn */
+                rp.rssi = conn->rssi;
+                rp.tx_power = conn->tx_power;
+                rp.max_tx_power = conn->max_tx_power;
+                err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
+                                   MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
+        }
+unlock:
+        hci_dev_unlock(hdev);
+        return err;
+}
 static const struct mgmt_handler {
        int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
                     u16 data_len);
@@ -4612,6 +4831,7 @@ static const struct mgmt_handler {
        { set_debug_keys,         false, MGMT_SETTING_SIZE },
        { set_privacy,            false, MGMT_SET_PRIVACY_SIZE },
        { load_irks,              true,  MGMT_LOAD_IRKS_SIZE },
+        { get_conn_info,          false, MGMT_GET_CONN_INFO_SIZE },
 };
@@ -5007,6 +5227,14 @@ void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
        mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
 }
+static u8 mgmt_ltk_type(struct smp_ltk *ltk)
+{
+        if (ltk->authenticated)
+                return MGMT_LTK_AUTHENTICATED;
+        return MGMT_LTK_UNAUTHENTICATED;
+}
 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
 {
        struct mgmt_ev_new_long_term_key ev;
@@ -5032,7 +5260,7 @@ void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
        bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
        ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
-        ev.key.type = key->authenticated;
+        ev.key.type = mgmt_ltk_type(key);
        ev.key.enc_size = key->enc_size;
        ev.key.ediv = key->ediv;
        ev.key.rand = key->rand;
diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c
index cf620260affa..754b6fe4f742 100644
--- a/net/bluetooth/rfcomm/core.c
+++ b/net/bluetooth/rfcomm/core.c
@@ -307,7 +307,7 @@ struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
        setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d);
        skb_queue_head_init(&d->tx_queue);
-        spin_lock_init(&d->lock);
+        mutex_init(&d->lock);
        atomic_set(&d->refcnt, 1);
        rfcomm_dlc_clear_state(d);
diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c
index 403ec09f480a..8e385a0ae60e 100644
--- a/net/bluetooth/rfcomm/tty.c
+++ b/net/bluetooth/rfcomm/tty.c
@@ -70,7 +70,7 @@ struct rfcomm_dev {
 };
 static LIST_HEAD(rfcomm_dev_list);
-static DEFINE_SPINLOCK(rfcomm_dev_lock);
+static DEFINE_MUTEX(rfcomm_dev_lock);
 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb);
 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err);
@@ -96,9 +96,9 @@ static void rfcomm_dev_destruct(struct tty_port *port)
        if (dev->tty_dev)
                tty_unregister_device(rfcomm_tty_driver, dev->id);
-        spin_lock(&rfcomm_dev_lock);
+        mutex_lock(&rfcomm_dev_lock);
        list_del(&dev->list);
-        spin_unlock(&rfcomm_dev_lock);
+        mutex_unlock(&rfcomm_dev_lock);
        kfree(dev);
@@ -161,14 +161,14 @@ static struct rfcomm_dev *rfcomm_dev_get(int id)
 {
        struct rfcomm_dev *dev;
-        spin_lock(&rfcomm_dev_lock);
+        mutex_lock(&rfcomm_dev_lock);
        dev = __rfcomm_dev_lookup(id);
        if (dev && !tty_port_get(&dev->port))
                dev = NULL;
-        spin_unlock(&rfcomm_dev_lock);
+        mutex_unlock(&rfcomm_dev_lock);
        return dev;
 }
@@ -224,7 +224,7 @@ static struct rfcomm_dev *__rfcomm_dev_add(struct rfcomm_dev_req *req,
        if (!dev)
                return ERR_PTR(-ENOMEM);
-        spin_lock(&rfcomm_dev_lock);
+        mutex_lock(&rfcomm_dev_lock);
        if (req->dev_id < 0) {
                dev->id = 0;
@@ -305,11 +305,11 @@ static struct rfcomm_dev *__rfcomm_dev_add(struct rfcomm_dev_req *req,
           holds reference to this module. */
        __module_get(THIS_MODULE);
-        spin_unlock(&rfcomm_dev_lock);
+        mutex_unlock(&rfcomm_dev_lock);
        return dev;
 out:
-        spin_unlock(&rfcomm_dev_lock);
+        mutex_unlock(&rfcomm_dev_lock);
        kfree(dev);
        return ERR_PTR(err);
 }
@@ -524,7 +524,7 @@ static int rfcomm_get_dev_list(void __user *arg)
        di = dl->dev_info;
-        spin_lock(&rfcomm_dev_lock);
+        mutex_lock(&rfcomm_dev_lock);
        list_for_each_entry(dev, &rfcomm_dev_list, list) {
                if (!tty_port_get(&dev->port))
@@ -540,7 +540,7 @@ static int rfcomm_get_dev_list(void __user *arg)
                        break;
        }
-        spin_unlock(&rfcomm_dev_lock);
+        mutex_unlock(&rfcomm_dev_lock);
        dl->dev_num = n;
        size = sizeof(*dl) + n * sizeof(*di);
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index dfb4e1161c10..4f9662d0fd81 100644
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -35,6 +35,33 @@
 #define AUTH_REQ_MASK   0x07
+#define SMP_FLAG_TK_VALID       1
+#define SMP_FLAG_CFM_PENDING    2
+#define SMP_FLAG_MITM_AUTH      3
+#define SMP_FLAG_COMPLETE       4
+#define SMP_FLAG_INITIATOR      5
+struct smp_chan {
+        struct l2cap_conn *conn;
+        u8              preq[7]; /* SMP Pairing Request */
+        u8              prsp[7]; /* SMP Pairing Response */
+        u8              prnd[16]; /* SMP Pairing Random (local) */
+        u8              rrnd[16]; /* SMP Pairing Random (remote) */
+        u8              pcnf[16]; /* SMP Pairing Confirm */
+        u8              tk[16]; /* SMP Temporary Key */
+        u8              enc_key_size;
+        u8              remote_key_dist;
+        bdaddr_t        id_addr;
+        u8              id_addr_type;
+        u8              irk[16];
+        struct smp_csrk *csrk;
+        struct smp_csrk *slave_csrk;
+        struct smp_ltk  *ltk;
+        struct smp_ltk  *slave_ltk;
+        struct smp_irk  *remote_irk;
+        unsigned long   flags;
+};
 static inline void swap128(const u8 src[16], u8 dst[16])
 {
        int i;
@@ -369,7 +396,7 @@ static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
        /* Initialize key for JUST WORKS */
        memset(smp->tk, 0, sizeof(smp->tk));
-        clear_bit(SMP_FLAG_TK_VALID, &smp->smp_flags);
+        clear_bit(SMP_FLAG_TK_VALID, &smp->flags);
        BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
@@ -388,19 +415,18 @@ static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
                method = JUST_WORKS;
        /* Don't confirm locally initiated pairing attempts */
-        if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR,
+        if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags))
-                                           &smp->smp_flags))
                method = JUST_WORKS;
        /* If Just Works, Continue with Zero TK */
        if (method == JUST_WORKS) {
-                set_bit(SMP_FLAG_TK_VALID, &smp->smp_flags);
+                set_bit(SMP_FLAG_TK_VALID, &smp->flags);
                return 0;
        }
        /* Not Just Works/Confirm results in MITM Authentication */
        if (method != JUST_CFM)
-                set_bit(SMP_FLAG_MITM_AUTH, &smp->smp_flags);
+                set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
        /* If both devices have Keyoard-Display I/O, the master
         * Confirms and the slave Enters the passkey.
@@ -419,7 +445,7 @@ static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
                passkey %= 1000000;
                put_unaligned_le32(passkey, smp->tk);
                BT_DBG("PassKey: %d", passkey);
-                set_bit(SMP_FLAG_TK_VALID, &smp->smp_flags);
+                set_bit(SMP_FLAG_TK_VALID, &smp->flags);
        }
        hci_dev_lock(hcon->hdev);
@@ -441,15 +467,13 @@ static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
        return ret;
 }
-static void confirm_work(struct work_struct *work)
+static u8 smp_confirm(struct smp_chan *smp)
 {
-        struct smp_chan *smp = container_of(work, struct smp_chan, confirm);
        struct l2cap_conn *conn = smp->conn;
        struct hci_dev *hdev = conn->hcon->hdev;
        struct crypto_blkcipher *tfm = hdev->tfm_aes;
        struct smp_cmd_pairing_confirm cp;
        int ret;
-        u8 reason;
        BT_DBG("conn %p", conn);
@@ -463,35 +487,27 @@ static void confirm_work(struct work_struct *work)
        hci_dev_unlock(hdev);
-        if (ret) {
+        if (ret)
-                reason = SMP_UNSPECIFIED;
+                return SMP_UNSPECIFIED;
-                goto error;
-        }
-        clear_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags);
+        clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
        smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
-        return;
+        return 0;
-error:
-        smp_failure(conn, reason);
 }
-static void random_work(struct work_struct *work)
+static u8 smp_random(struct smp_chan *smp)
 {
-        struct smp_chan *smp = container_of(work, struct smp_chan, random);
        struct l2cap_conn *conn = smp->conn;
        struct hci_conn *hcon = conn->hcon;
        struct hci_dev *hdev = hcon->hdev;
        struct crypto_blkcipher *tfm = hdev->tfm_aes;
-        u8 reason, confirm[16];
+        u8 confirm[16];
        int ret;
-        if (IS_ERR_OR_NULL(tfm)) {
+        if (IS_ERR_OR_NULL(tfm))
-                reason = SMP_UNSPECIFIED;
+                return SMP_UNSPECIFIED;
-                goto error;
-        }
        BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
@@ -504,15 +520,12 @@ static void random_work(struct work_struct *work)
        hci_dev_unlock(hdev);
-        if (ret) {
+        if (ret)
-                reason = SMP_UNSPECIFIED;
+                return SMP_UNSPECIFIED;
-                goto error;
-        }
        if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
                BT_ERR("Pairing failed (confirmation values mismatch)");
-                reason = SMP_CONFIRM_FAILED;
+                return SMP_CONFIRM_FAILED;
-                goto error;
        }
        if (hcon->out) {
@@ -525,10 +538,8 @@ static void random_work(struct work_struct *work)
                memset(stk + smp->enc_key_size, 0,
                       SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
-                if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags)) {
+                if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
-                        reason = SMP_UNSPECIFIED;
+                        return SMP_UNSPECIFIED;
-                        goto error;
-                }
                hci_le_start_enc(hcon, ediv, rand, stk);
                hcon->enc_key_size = smp->enc_key_size;
@@ -550,10 +561,7 @@ static void random_work(struct work_struct *work)
                            ediv, rand);
        }
-        return;
+        return 0;
-error:
-        smp_failure(conn, reason);
 }
 static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
@@ -564,9 +572,6 @@ static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
        if (!smp)
                return NULL;
-        INIT_WORK(&smp->confirm, confirm_work);
-        INIT_WORK(&smp->random, random_work);
        smp->conn = conn;
        conn->smp_chan = smp;
        conn->hcon->smp_conn = conn;
@@ -583,7 +588,7 @@ void smp_chan_destroy(struct l2cap_conn *conn)
        BUG_ON(!smp);
-        complete = test_bit(SMP_FLAG_COMPLETE, &smp->smp_flags);
+        complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
        mgmt_smp_complete(conn->hcon, complete);
        kfree(smp->csrk);
@@ -634,7 +639,7 @@ int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
                put_unaligned_le32(value, smp->tk);
                /* Fall Through */
        case MGMT_OP_USER_CONFIRM_REPLY:
-                set_bit(SMP_FLAG_TK_VALID, &smp->smp_flags);
+                set_bit(SMP_FLAG_TK_VALID, &smp->flags);
                break;
        case MGMT_OP_USER_PASSKEY_NEG_REPLY:
        case MGMT_OP_USER_CONFIRM_NEG_REPLY:
@@ -646,8 +651,11 @@ int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
        }
        /* If it is our turn to send Pairing Confirm, do so now */
-        if (test_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags))
+        if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) {
-                queue_work(hcon->hdev->workqueue, &smp->confirm);
+                u8 rsp = smp_confirm(smp);
+                if (rsp)
+                        smp_failure(conn, rsp);
+        }
        return 0;
 }
@@ -656,14 +664,13 @@ static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
 {
        struct smp_cmd_pairing rsp, *req = (void *) skb->data;
        struct smp_chan *smp;
-        u8 key_size;
+        u8 key_size, auth;
-        u8 auth = SMP_AUTH_NONE;
        int ret;
        BT_DBG("conn %p", conn);
        if (skb->len < sizeof(*req))
-                return SMP_UNSPECIFIED;
+                return SMP_INVALID_PARAMS;
        if (conn->hcon->link_mode & HCI_LM_MASTER)
                return SMP_CMD_NOTSUPP;
@@ -681,8 +688,7 @@ static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
        skb_pull(skb, sizeof(*req));
        /* We didn't start the pairing, so match remote */
-        if (req->auth_req & SMP_AUTH_BONDING)
+        auth = req->auth_req;
-                auth = req->auth_req;
        conn->hcon->pending_sec_level = authreq_to_seclevel(auth);
@@ -704,7 +710,7 @@ static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
        if (ret)
                return SMP_UNSPECIFIED;
-        clear_bit(SMP_FLAG_INITIATOR, &smp->smp_flags);
+        clear_bit(SMP_FLAG_INITIATOR, &smp->flags);
        return 0;
 }
@@ -713,14 +719,13 @@ static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
 {
        struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
        struct smp_chan *smp = conn->smp_chan;
-        struct hci_dev *hdev = conn->hcon->hdev;
        u8 key_size, auth = SMP_AUTH_NONE;
        int ret;
        BT_DBG("conn %p", conn);
        if (skb->len < sizeof(*rsp))
-                return SMP_UNSPECIFIED;
+                return SMP_INVALID_PARAMS;
        if (!(conn->hcon->link_mode & HCI_LM_MASTER))
                return SMP_CMD_NOTSUPP;
@@ -753,11 +758,11 @@ static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
        if (ret)
                return SMP_UNSPECIFIED;
-        set_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags);
+        set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
        /* Can't compose response until we have been confirmed */
-        if (test_bit(SMP_FLAG_TK_VALID, &smp->smp_flags))
+        if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
-                queue_work(hdev->workqueue, &smp->confirm);
+                return smp_confirm(smp);
        return 0;
 }
@@ -765,12 +770,11 @@ static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
 static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
 {
        struct smp_chan *smp = conn->smp_chan;
-        struct hci_dev *hdev = conn->hcon->hdev;
        BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
        if (skb->len < sizeof(smp->pcnf))
-                return SMP_UNSPECIFIED;
+                return SMP_INVALID_PARAMS;
        memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
        skb_pull(skb, sizeof(smp->pcnf));
@@ -778,10 +782,10 @@ static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
        if (conn->hcon->out)
                smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
                             smp->prnd);
-        else if (test_bit(SMP_FLAG_TK_VALID, &smp->smp_flags))
+        else if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
-                queue_work(hdev->workqueue, &smp->confirm);
+                return smp_confirm(smp);
        else
-                set_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags);
+                set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
        return 0;
 }
@@ -789,19 +793,16 @@ static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
 static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
 {
        struct smp_chan *smp = conn->smp_chan;
-        struct hci_dev *hdev = conn->hcon->hdev;
        BT_DBG("conn %p", conn);
        if (skb->len < sizeof(smp->rrnd))
-                return SMP_UNSPECIFIED;
+                return SMP_INVALID_PARAMS;
        memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
        skb_pull(skb, sizeof(smp->rrnd));
-        queue_work(hdev->workqueue, &smp->random);
+        return smp_random(smp);
-        return 0;
 }
 static u8 smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
@@ -836,7 +837,7 @@ static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
        BT_DBG("conn %p", conn);
        if (skb->len < sizeof(*rp))
-                return SMP_UNSPECIFIED;
+                return SMP_INVALID_PARAMS;
        if (!(conn->hcon->link_mode & HCI_LM_MASTER))
                return SMP_CMD_NOTSUPP;
@@ -861,7 +862,7 @@ static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
        smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
-        clear_bit(SMP_FLAG_INITIATOR, &smp->smp_flags);
+        clear_bit(SMP_FLAG_INITIATOR, &smp->flags);
        return 0;
 }
@@ -928,7 +929,7 @@ int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
                smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
        }
-        set_bit(SMP_FLAG_INITIATOR, &smp->smp_flags);
+        set_bit(SMP_FLAG_INITIATOR, &smp->flags);
 done:
        hcon->pending_sec_level = sec_level;
@@ -944,7 +945,7 @@ static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb)
        BT_DBG("conn %p", conn);
        if (skb->len < sizeof(*rp))
-                return SMP_UNSPECIFIED;
+                return SMP_INVALID_PARAMS;
        /* Ignore this PDU if it wasn't requested */
        if (!(smp->remote_key_dist & SMP_DIST_ENC_KEY))
@@ -969,7 +970,7 @@ static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
        BT_DBG("conn %p", conn);
        if (skb->len < sizeof(*rp))
-                return SMP_UNSPECIFIED;
+                return SMP_INVALID_PARAMS;
        /* Ignore this PDU if it wasn't requested */
        if (!(smp->remote_key_dist & SMP_DIST_ENC_KEY))
@@ -1001,7 +1002,7 @@ static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb)
        BT_DBG("");
        if (skb->len < sizeof(*info))
-                return SMP_UNSPECIFIED;
+                return SMP_INVALID_PARAMS;
        /* Ignore this PDU if it wasn't requested */
        if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
@@ -1025,7 +1026,7 @@ static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
        BT_DBG("");
        if (skb->len < sizeof(*info))
-                return SMP_UNSPECIFIED;
+                return SMP_INVALID_PARAMS;
        /* Ignore this PDU if it wasn't requested */
        if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
@@ -1075,7 +1076,7 @@ static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
        BT_DBG("conn %p", conn);
        if (skb->len < sizeof(*rp))
-                return SMP_UNSPECIFIED;
+                return SMP_INVALID_PARAMS;
        /* Ignore this PDU if it wasn't requested */
        if (!(smp->remote_key_dist & SMP_DIST_SIGN))
@@ -1358,7 +1359,7 @@ int smp_distribute_keys(struct l2cap_conn *conn)
        clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags);
        cancel_delayed_work_sync(&conn->security_timer);
-        set_bit(SMP_FLAG_COMPLETE, &smp->smp_flags);
+        set_bit(SMP_FLAG_COMPLETE, &smp->flags);
        smp_notify_keys(conn);
        smp_chan_destroy(conn);
diff --git a/net/bluetooth/smp.h b/net/bluetooth/smp.h
index 1277147a9150..5a8dc36460a1 100644
--- a/net/bluetooth/smp.h
+++ b/net/bluetooth/smp.h
@@ -111,39 +111,11 @@ struct smp_cmd_security_req {
 #define SMP_CMD_NOTSUPP                 0x07
 #define SMP_UNSPECIFIED                 0x08
 #define SMP_REPEATED_ATTEMPTS           0x09
+#define SMP_INVALID_PARAMS              0x0a
 #define SMP_MIN_ENC_KEY_SIZE            7
 #define SMP_MAX_ENC_KEY_SIZE            16
-#define SMP_FLAG_TK_VALID       1
-#define SMP_FLAG_CFM_PENDING    2
-#define SMP_FLAG_MITM_AUTH      3
-#define SMP_FLAG_COMPLETE       4
-#define SMP_FLAG_INITIATOR      5
-struct smp_chan {
-        struct l2cap_conn *conn;
-        u8              preq[7]; /* SMP Pairing Request */
-        u8              prsp[7]; /* SMP Pairing Response */
-        u8              prnd[16]; /* SMP Pairing Random (local) */
-        u8              rrnd[16]; /* SMP Pairing Random (remote) */
-        u8              pcnf[16]; /* SMP Pairing Confirm */
-        u8              tk[16]; /* SMP Temporary Key */
-        u8              enc_key_size;
-        u8              remote_key_dist;
-        bdaddr_t        id_addr;
-        u8              id_addr_type;
-        u8              irk[16];
-        struct smp_csrk *csrk;
-        struct smp_csrk *slave_csrk;
-        struct smp_ltk  *ltk;
-        struct smp_ltk  *slave_ltk;
-        struct smp_irk  *remote_irk;
-        unsigned long   smp_flags;
-        struct work_struct confirm;
-        struct work_struct random;
-};
 /* SMP Commands */
 bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level);
 int smp_conn_security(struct hci_conn *hcon, __u8 sec_level);
diff --git a/net/mac80211/debugfs_netdev.c b/net/mac80211/debugfs_netdev.c
index 40a648938985..e205ebabfa50 100644
--- a/net/mac80211/debugfs_netdev.c
+++ b/net/mac80211/debugfs_netdev.c
@@ -34,8 +34,7 @@ static ssize_t ieee80211_if_read(
        ssize_t ret = -EINVAL;
        read_lock(&dev_base_lock);
-        if (sdata->dev->reg_state == NETREG_REGISTERED)
+        ret = (*format)(sdata, buf, sizeof(buf));
-                ret = (*format)(sdata, buf, sizeof(buf));
        read_unlock(&dev_base_lock);
        if (ret >= 0)
@@ -62,8 +61,7 @@ static ssize_t ieee80211_if_write(
        ret = -ENODEV;
        rtnl_lock();
-        if (sdata->dev->reg_state == NETREG_REGISTERED)
+        ret = (*write)(sdata, buf, count);
-                ret = (*write)(sdata, buf, count);
        rtnl_unlock();
        return ret;
diff --git a/net/mac80211/driver-ops.h b/net/mac80211/driver-ops.h
index 696ef78b1fb7..bd782dcffcc7 100644
--- a/net/mac80211/driver-ops.h
+++ b/net/mac80211/driver-ops.h
@@ -1048,6 +1048,59 @@ static inline void drv_unassign_vif_chanctx(struct ieee80211_local *local,
        trace_drv_return_void(local);
 }
+static inline int
+drv_switch_vif_chanctx(struct ieee80211_local *local,
+                       struct ieee80211_vif_chanctx_switch *vifs,
+                       int n_vifs,
+                       enum ieee80211_chanctx_switch_mode mode)
+{
+        int ret = 0;
+        int i;
+        if (!local->ops->switch_vif_chanctx)
+                return -EOPNOTSUPP;
+        for (i = 0; i < n_vifs; i++) {
+                struct ieee80211_chanctx *new_ctx =
+                        container_of(vifs[i].new_ctx,
+                                     struct ieee80211_chanctx,
+                                     conf);
+                struct ieee80211_chanctx *old_ctx =
+                        container_of(vifs[i].old_ctx,
+                                     struct ieee80211_chanctx,
+                                     conf);
+                WARN_ON_ONCE(!old_ctx->driver_present);
+                WARN_ON_ONCE((mode == CHANCTX_SWMODE_SWAP_CONTEXTS &&
+                              new_ctx->driver_present) ||
+                             (mode == CHANCTX_SWMODE_REASSIGN_VIF &&
+                              !new_ctx->driver_present));
+        }
+        trace_drv_switch_vif_chanctx(local, vifs, n_vifs, mode);
+        ret = local->ops->switch_vif_chanctx(&local->hw,
+                                             vifs, n_vifs, mode);
+        trace_drv_return_int(local, ret);
+        if (!ret && mode == CHANCTX_SWMODE_SWAP_CONTEXTS) {
+                for (i = 0; i < n_vifs; i++) {
+                        struct ieee80211_chanctx *new_ctx =
+                                container_of(vifs[i].new_ctx,
+                                             struct ieee80211_chanctx,
+                                             conf);
+                        struct ieee80211_chanctx *old_ctx =
+                                container_of(vifs[i].old_ctx,
+                                             struct ieee80211_chanctx,
+                                             conf);
+                        new_ctx->driver_present = true;
+                        old_ctx->driver_present = false;
+                }
+        }
+        return ret;
+}
 static inline int drv_start_ap(struct ieee80211_local *local,
                               struct ieee80211_sub_if_data *sdata)
 {
diff --git a/net/mac80211/ibss.c b/net/mac80211/ibss.c
index 1bbac94da58d..18ee0a256b1e 100644
--- a/net/mac80211/ibss.c
+++ b/net/mac80211/ibss.c
@@ -1677,6 +1677,7 @@ int ieee80211_ibss_join(struct ieee80211_sub_if_data *sdata,
        sdata->u.ibss.control_port = params->control_port;
        sdata->u.ibss.userspace_handles_dfs = params->userspace_handles_dfs;
        sdata->u.ibss.basic_rates = params->basic_rates;
+        sdata->u.ibss.last_scan_completed = jiffies;
        /* fix basic_rates if channel does not support these rates */
        rate_flags = ieee80211_chandef_rate_flags(&params->chandef);
diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
index 79fc98815da8..81a8e2a0b6aa 100644
--- a/net/mac80211/iface.c
+++ b/net/mac80211/iface.c
@@ -399,6 +399,7 @@ int ieee80211_add_virtual_monitor(struct ieee80211_local *local)
        sdata->vif.type = NL80211_IFTYPE_MONITOR;
        snprintf(sdata->name, IFNAMSIZ, "%s-monitor",
                 wiphy_name(local->hw.wiphy));
+        sdata->wdev.iftype = NL80211_IFTYPE_MONITOR;
        sdata->encrypt_headroom = IEEE80211_ENCRYPT_HEADROOM;
@@ -1285,6 +1286,7 @@ static void ieee80211_setup_sdata(struct ieee80211_sub_if_data *sdata,
        sdata->control_port_protocol = cpu_to_be16(ETH_P_PAE);
        sdata->control_port_no_encrypt = false;
        sdata->encrypt_headroom = IEEE80211_ENCRYPT_HEADROOM;
+        sdata->vif.bss_conf.idle = true;
        sdata->noack_map = 0;
diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c
index 632d372bb511..a9b46d8ea22f 100644
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -240,6 +240,7 @@ void sta_info_free(struct ieee80211_local *local, struct sta_info *sta)
        sta_dbg(sta->sdata, "Destroyed STA %pM\n", sta->sta.addr);
+        kfree(rcu_dereference_raw(sta->sta.rates));
        kfree(sta);
 }
diff --git a/net/mac80211/status.c b/net/mac80211/status.c
index 60cb7a665976..ba29ebc86141 100644
--- a/net/mac80211/status.c
+++ b/net/mac80211/status.c
@@ -541,6 +541,23 @@ static void ieee80211_tx_latency_end_msrmnt(struct ieee80211_local *local,
 */
 #define STA_LOST_PKT_THRESHOLD  50
+static void ieee80211_lost_packet(struct sta_info *sta, struct sk_buff *skb)
+{
+        struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
+        /* This packet was aggregated but doesn't carry status info */
+        if ((info->flags & IEEE80211_TX_CTL_AMPDU) &&
+            !(info->flags & IEEE80211_TX_STAT_AMPDU))
+                return;
+        if (++sta->lost_packets < STA_LOST_PKT_THRESHOLD)
+                return;
+        cfg80211_cqm_pktloss_notify(sta->sdata->dev, sta->sta.addr,
+                                    sta->lost_packets, GFP_ATOMIC);
+        sta->lost_packets = 0;
+}
 void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb)
 {
        struct sk_buff *skb2;
@@ -680,12 +697,8 @@ void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb)
                        if (info->flags & IEEE80211_TX_STAT_ACK) {
                                if (sta->lost_packets)
                                        sta->lost_packets = 0;
-                        } else if (++sta->lost_packets >= STA_LOST_PKT_THRESHOLD) {
+                        } else {
-                                cfg80211_cqm_pktloss_notify(sta->sdata->dev,
+                                ieee80211_lost_packet(sta, skb);
-                                                            sta->sta.addr,
-                                                            sta->lost_packets,
-                                                            GFP_ATOMIC);
-                                sta->lost_packets = 0;
                        }
                }
diff --git a/net/mac80211/trace.h b/net/mac80211/trace.h
index 762e4cd16386..cfe1a0688b5c 100644
--- a/net/mac80211/trace.h
+++ b/net/mac80211/trace.h
@@ -1389,6 +1389,91 @@ TRACE_EVENT(drv_change_chanctx,
        )
 );
+#if !defined(__TRACE_VIF_ENTRY)
+#define __TRACE_VIF_ENTRY
+struct trace_vif_entry {
+        enum nl80211_iftype vif_type;
+        bool p2p;
+        char vif_name[IFNAMSIZ];
+} __packed;
+struct trace_chandef_entry {
+        u32 control_freq;
+        u32 chan_width;
+        u32 center_freq1;
+        u32 center_freq2;
+} __packed;
+struct trace_switch_entry {
+        struct trace_vif_entry vif;
+        struct trace_chandef_entry old_chandef;
+        struct trace_chandef_entry new_chandef;
+} __packed;
+#define SWITCH_ENTRY_ASSIGN(to, from) local_vifs[i].to = vifs[i].from
+#endif
+TRACE_EVENT(drv_switch_vif_chanctx,
+        TP_PROTO(struct ieee80211_local *local,
+                 struct ieee80211_vif_chanctx_switch *vifs,
+                 int n_vifs, enum ieee80211_chanctx_switch_mode mode),
+            TP_ARGS(local, vifs, n_vifs, mode),
+        TP_STRUCT__entry(
+                LOCAL_ENTRY
+                __field(int, n_vifs)
+                __field(u32, mode)
+                __dynamic_array(u8, vifs,
+                                sizeof(struct trace_switch_entry) * n_vifs)
+        ),
+        TP_fast_assign(
+                LOCAL_ASSIGN;
+                __entry->n_vifs = n_vifs;
+                __entry->mode = mode;
+                {
+                        struct trace_switch_entry *local_vifs =
+                                __get_dynamic_array(vifs);
+                        int i;
+                        for (i = 0; i < n_vifs; i++) {
+                                struct ieee80211_sub_if_data *sdata;
+                                sdata = container_of(vifs[i].vif,
+                                                struct ieee80211_sub_if_data,
+                                                vif);
+                                SWITCH_ENTRY_ASSIGN(vif.vif_type, vif->type);
+                                SWITCH_ENTRY_ASSIGN(vif.p2p, vif->p2p);
+                                strncpy(local_vifs[i].vif.vif_name,
+                                        sdata->name,
+                                        sizeof(local_vifs[i].vif.vif_name));
+                                SWITCH_ENTRY_ASSIGN(old_chandef.control_freq,
+                                                old_ctx->def.chan->center_freq);
+                                SWITCH_ENTRY_ASSIGN(old_chandef.chan_width,
+                                                    old_ctx->def.width);
+                                SWITCH_ENTRY_ASSIGN(old_chandef.center_freq1,
+                                                    old_ctx->def.center_freq1);
+                                SWITCH_ENTRY_ASSIGN(old_chandef.center_freq2,
+                                                    old_ctx->def.center_freq2);
+                                SWITCH_ENTRY_ASSIGN(new_chandef.control_freq,
+                                                new_ctx->def.chan->center_freq);
+                                SWITCH_ENTRY_ASSIGN(new_chandef.chan_width,
+                                                    new_ctx->def.width);
+                                SWITCH_ENTRY_ASSIGN(new_chandef.center_freq1,
+                                                    new_ctx->def.center_freq1);
+                                SWITCH_ENTRY_ASSIGN(new_chandef.center_freq2,
+                                                    new_ctx->def.center_freq2);
+                        }
+                }
+        ),
+        TP_printk(
+                LOCAL_PR_FMT " n_vifs:%d mode:%d",
+                LOCAL_PR_ARG, __entry->n_vifs, __entry->mode
+        )
+);
 DECLARE_EVENT_CLASS(local_sdata_chanctx,
        TP_PROTO(struct ieee80211_local *local,
                 struct ieee80211_sub_if_data *sdata,
diff --git a/net/nfc/digital_core.c b/net/nfc/digital_core.c
index b105cfb00e76..a6ce3c627e4e 100644
--- a/net/nfc/digital_core.c
+++ b/net/nfc/digital_core.c
@@ -386,6 +386,8 @@ int digital_target_found(struct nfc_digital_dev *ddev,
 void digital_poll_next_tech(struct nfc_digital_dev *ddev)
 {
+        u8 rand_mod;
        digital_switch_rf(ddev, 0);
        mutex_lock(&ddev->poll_lock);
@@ -395,8 +397,8 @@ void digital_poll_next_tech(struct nfc_digital_dev *ddev)
                return;
        }
-        ddev->poll_tech_index = (ddev->poll_tech_index + 1) %
+        get_random_bytes(&rand_mod, sizeof(rand_mod));
-                                ddev->poll_tech_count;
+        ddev->poll_tech_index = rand_mod % ddev->poll_tech_count;
        mutex_unlock(&ddev->poll_lock);
diff --git a/net/nfc/digital_dep.c b/net/nfc/digital_dep.c
index d4ed25ff723f..171cb9949ab5 100644
--- a/net/nfc/digital_dep.c
+++ b/net/nfc/digital_dep.c
@@ -224,9 +224,8 @@ int digital_in_send_atr_req(struct nfc_digital_dev *ddev,
        ddev->skb_add_crc(skb);
-        digital_in_send_cmd(ddev, skb, 500, digital_in_recv_atr_res, target);
+        return digital_in_send_cmd(ddev, skb, 500, digital_in_recv_atr_res,
+                                   target);
-        return 0;
 }
 static int digital_in_send_rtox(struct nfc_digital_dev *ddev,
diff --git a/net/nfc/digital_technology.c b/net/nfc/digital_technology.c
index 12a233e9ece5..c2c1c0189b7c 100644
--- a/net/nfc/digital_technology.c
+++ b/net/nfc/digital_technology.c
@@ -613,7 +613,7 @@ exit:
                digital_poll_next_tech(ddev);
 }
-int digital_in_send_attrib_req(struct nfc_digital_dev *ddev,
+static int digital_in_send_attrib_req(struct nfc_digital_dev *ddev,
                               struct nfc_target *target,
                               struct digital_sensb_res *sensb_res)
 {
diff --git a/net/nfc/rawsock.c b/net/nfc/rawsock.c
index 8627c75063e2..55eefee311eb 100644
--- a/net/nfc/rawsock.c
+++ b/net/nfc/rawsock.c
@@ -31,14 +31,14 @@ static struct nfc_sock_list raw_sk_list = {
        .lock = __RW_LOCK_UNLOCKED(raw_sk_list.lock)
 };
-void nfc_sock_link(struct nfc_sock_list *l, struct sock *sk)
+static void nfc_sock_link(struct nfc_sock_list *l, struct sock *sk)
 {
        write_lock(&l->lock);
        sk_add_node(sk, &l->head);
        write_unlock(&l->lock);
 }
-void nfc_sock_unlink(struct nfc_sock_list *l, struct sock *sk)
+static void nfc_sock_unlink(struct nfc_sock_list *l, struct sock *sk)
 {
        write_lock(&l->lock);
        sk_del_node_init(sk);
diff --git a/net/wireless/core.c b/net/wireless/core.c
index d03d8bdb29ca..a1c40654dd9b 100644
--- a/net/wireless/core.c
+++ b/net/wireless/core.c
@@ -130,7 +130,7 @@ int cfg80211_dev_rename(struct cfg80211_registered_device *rdev,
                            newname))
                pr_err("failed to rename debugfs dir to %s!\n", newname);
-        nl80211_notify_dev_rename(rdev);
+        nl80211_notify_wiphy(rdev, NL80211_CMD_NEW_WIPHY);
        return 0;
 }
@@ -660,6 +660,8 @@ int wiphy_register(struct wiphy *wiphy)
                return res;
        }
+        nl80211_notify_wiphy(rdev, NL80211_CMD_NEW_WIPHY);
        return 0;
 }
 EXPORT_SYMBOL(wiphy_register);
@@ -698,6 +700,7 @@ void wiphy_unregister(struct wiphy *wiphy)
                rfkill_unregister(rdev->rfkill);
        rtnl_lock();
+        nl80211_notify_wiphy(rdev, NL80211_CMD_DEL_WIPHY);
        rdev->wiphy.registered = false;
        WARN_ON(!list_empty(&rdev->wdev_list));
diff --git a/net/wireless/genregdb.awk b/net/wireless/genregdb.awk
index b35da8dc85de..40c37fc5b67c 100644
--- a/net/wireless/genregdb.awk
+++ b/net/wireless/genregdb.awk
@@ -68,17 +68,7 @@ function parse_reg_rule()
        sub(/,/, "", units)
        dfs_cac = $9
        if (units == "mW") {
-                if (power == 100) {
+                power = 10 * log(power)/log(10)
-                        power = 20
-                } else if (power == 200) {
-                        power = 23
-                } else if (power == 500) {
-                        power = 27
-                } else if (power == 1000) {
-                        power = 30
-                } else {
-                        print "Unknown power value in database!"
-                }
        } else {
                dfs_cac = $8
        }
@@ -117,7 +107,7 @@ function parse_reg_rule()
        }
        flags = flags "0"
-        printf "\t\tREG_RULE_EXT(%d, %d, %d, %d, %d, %d, %s),\n", start, end, bw, gain, power, dfs_cac, flags
+        printf "\t\tREG_RULE_EXT(%d, %d, %d, %d, %.0f, %d, %s),\n", start, end, bw, gain, power, dfs_cac, flags
        rules++
 }
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 62bdb1adaa4d..ba4f1723c83a 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -1226,6 +1226,7 @@ struct nl80211_dump_wiphy_state {
 };
 static int nl80211_send_wiphy(struct cfg80211_registered_device *rdev,
+                              enum nl80211_commands cmd,
                              struct sk_buff *msg, u32 portid, u32 seq,
                              int flags, struct nl80211_dump_wiphy_state *state)
 {
@@ -1240,7 +1241,7 @@ static int nl80211_send_wiphy(struct cfg80211_registered_device *rdev,
                                rdev->wiphy.mgmt_stypes;
        u32 features;
-        hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_WIPHY);
+        hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
        if (!hdr)
                return -ENOBUFS;
@@ -1254,6 +1255,9 @@ static int nl80211_send_wiphy(struct cfg80211_registered_device *rdev,
                        cfg80211_rdev_list_generation))
                goto nla_put_failure;
+        if (cmd != NL80211_CMD_NEW_WIPHY)
+                goto finish;
        switch (state->split_start) {
        case 0:
                if (nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
@@ -1682,6 +1686,7 @@ static int nl80211_send_wiphy(struct cfg80211_registered_device *rdev,
                state->split_start = 0;
                break;
        }
+ finish:
        return genlmsg_end(msg, hdr);
 nla_put_failure:
@@ -1756,7 +1761,8 @@ static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
                        continue;
                /* attempt to fit multiple wiphy data chunks into the skb */
                do {
-                        ret = nl80211_send_wiphy(rdev, skb,
+                        ret = nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY,
+                                                 skb,
                                                 NETLINK_CB(cb->skb).portid,
                                                 cb->nlh->nlmsg_seq,
                                                 NLM_F_MULTI, state);
@@ -1811,7 +1817,8 @@ static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
        if (!msg)
                return -ENOMEM;
-        if (nl80211_send_wiphy(rdev, msg, info->snd_portid, info->snd_seq, 0,
+        if (nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY, msg,
+                               info->snd_portid, info->snd_seq, 0,
                               &state) < 0) {
                nlmsg_free(msg);
                return -ENOBUFS;
@@ -10101,16 +10108,20 @@ static const struct genl_ops nl80211_ops[] = {
 /* notification functions */
-void nl80211_notify_dev_rename(struct cfg80211_registered_device *rdev)
+void nl80211_notify_wiphy(struct cfg80211_registered_device *rdev,
+                          enum nl80211_commands cmd)
 {
        struct sk_buff *msg;
        struct nl80211_dump_wiphy_state state = {};
+        WARN_ON(cmd != NL80211_CMD_NEW_WIPHY &&
+                cmd != NL80211_CMD_DEL_WIPHY);
        msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
        if (!msg)
                return;
-        if (nl80211_send_wiphy(rdev, msg, 0, 0, 0, &state) < 0) {
+        if (nl80211_send_wiphy(rdev, cmd, msg, 0, 0, 0, &state) < 0) {
                nlmsg_free(msg);
                return;
        }
diff --git a/net/wireless/nl80211.h b/net/wireless/nl80211.h
index 1e6df9630f42..49c9a482dd12 100644
--- a/net/wireless/nl80211.h
+++ b/net/wireless/nl80211.h
@@ -5,7 +5,8 @@
 int nl80211_init(void);
 void nl80211_exit(void);
-void nl80211_notify_dev_rename(struct cfg80211_registered_device *rdev);
+void nl80211_notify_wiphy(struct cfg80211_registered_device *rdev,
+                          enum nl80211_commands cmd);
 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
                             struct wireless_dev *wdev);
 struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev,
author	John W. Linville <linville@tuxdriver.com>	2014-06-02 11:20:17 -0400
committer	John W. Linville <linville@tuxdriver.com>	2014-06-02 11:20:17 -0400
commit	fcb2c0d6cf75750e2912b09a3d0a782c90e2b1a0 (patch)
tree	a17982638b066ae29f8ab1a6e37f18e6dddb5272 /net
parent	96b2e73c5471542cb9c622c4360716684f8797ed (diff)
parent	a715c7ddd65a1a3b2839b8ebd759bb2d361f7675 (diff)