16 files changed, 68 insertions, 36 deletions
diff --git a/drivers/bluetooth/ath3k.c b/drivers/bluetooth/ath3k.c
index 10308cd8a7ed..11f36e502136 100644
--- a/drivers/bluetooth/ath3k.c
+++ b/drivers/bluetooth/ath3k.c
@@ -79,6 +79,7 @@ static struct usb_device_id ath3k_table[] = {
        { USB_DEVICE(0x13d3, 0x3362) },
        { USB_DEVICE(0x0CF3, 0xE004) },
        { USB_DEVICE(0x0930, 0x0219) },
+        { USB_DEVICE(0x0489, 0xe057) },
        /* Atheros AR5BBU12 with sflash firmware */
        { USB_DEVICE(0x0489, 0xE02C) },
@@ -104,6 +105,7 @@ static struct usb_device_id ath3k_blist_tbl[] = {
        { USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 },
        { USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 },
        { USB_DEVICE(0x0930, 0x0219), .driver_info = BTUSB_ATH3012 },
+        { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 },
        /* Atheros AR5BBU22 with sflash firmware */
        { USB_DEVICE(0x0489, 0xE03C), .driver_info = BTUSB_ATH3012 },
diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c
index e27221411036..cef3bac1a543 100644
--- a/drivers/bluetooth/btusb.c
+++ b/drivers/bluetooth/btusb.c
@@ -98,6 +98,7 @@ static struct usb_device_id btusb_table[] = {
        { USB_DEVICE(0x0a5c, 0x21e6) },
        { USB_DEVICE(0x0a5c, 0x21e8) },
        { USB_DEVICE(0x0a5c, 0x21f3) },
+        { USB_DEVICE(0x0a5c, 0x21f4) },
        { USB_DEVICE(0x413c, 0x8197) },
        /* Foxconn - Hon Hai */
@@ -133,6 +134,7 @@ static struct usb_device_id blacklist_table[] = {
        { USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 },
        { USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 },
        { USB_DEVICE(0x0930, 0x0219), .driver_info = BTUSB_ATH3012 },
+        { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 },
        /* Atheros AR5BBU12 with sflash firmware */
        { USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE },
diff --git a/drivers/net/wireless/at76c50x-usb.c b/drivers/net/wireless/at76c50x-usb.c
index efc162e0b511..88b8d64c90f1 100644
--- a/drivers/net/wireless/at76c50x-usb.c
+++ b/drivers/net/wireless/at76c50x-usb.c
@@ -342,7 +342,7 @@ static int at76_dfu_get_status(struct usb_device *udev,
        return ret;
 }
-static u8 at76_dfu_get_state(struct usb_device *udev, u8 *state)
+static int at76_dfu_get_state(struct usb_device *udev, u8 *state)
 {
        int ret;
diff --git a/drivers/net/wireless/ath/ath5k/base.c b/drivers/net/wireless/ath/ath5k/base.c
index 8c4c040a47b8..2aab20ee9f38 100644
--- a/drivers/net/wireless/ath/ath5k/base.c
+++ b/drivers/net/wireless/ath/ath5k/base.c
@@ -2056,9 +2056,7 @@ ath5k_beacon_update_timers(struct ath5k_hw *ah, u64 bc_tsf)
 void
 ath5k_beacon_config(struct ath5k_hw *ah)
 {
-        unsigned long flags;
+        spin_lock_bh(&ah->block);
-        spin_lock_irqsave(&ah->block, flags);
        ah->bmisscount = 0;
        ah->imask &= ~(AR5K_INT_BMISS | AR5K_INT_SWBA);
@@ -2085,7 +2083,7 @@ ath5k_beacon_config(struct ath5k_hw *ah)
        ath5k_hw_set_imr(ah, ah->imask);
        mmiowb();
-        spin_unlock_irqrestore(&ah->block, flags);
+        spin_unlock_bh(&ah->block);
 }
 static void ath5k_tasklet_beacon(unsigned long data)
diff --git a/drivers/net/wireless/ath/ath5k/mac80211-ops.c b/drivers/net/wireless/ath/ath5k/mac80211-ops.c
index 260e7dc7f751..d56453e43d7e 100644
--- a/drivers/net/wireless/ath/ath5k/mac80211-ops.c
+++ b/drivers/net/wireless/ath/ath5k/mac80211-ops.c
@@ -254,7 +254,6 @@ ath5k_bss_info_changed(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
        struct ath5k_vif *avf = (void *)vif->drv_priv;
        struct ath5k_hw *ah = hw->priv;
        struct ath_common *common = ath5k_hw_common(ah);
-        unsigned long flags;
        mutex_lock(&ah->lock);
@@ -300,9 +299,9 @@ ath5k_bss_info_changed(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
        }
        if (changes & BSS_CHANGED_BEACON) {
-                spin_lock_irqsave(&ah->block, flags);
+                spin_lock_bh(&ah->block);
                ath5k_beacon_update(hw, vif);
-                spin_unlock_irqrestore(&ah->block, flags);
+                spin_unlock_bh(&ah->block);
        }
        if (changes & BSS_CHANGED_BEACON_ENABLED)
diff --git a/drivers/net/wireless/ath/ath9k/mac.c b/drivers/net/wireless/ath/ath9k/mac.c
index 7990cd55599c..b42be910a83d 100644
--- a/drivers/net/wireless/ath/ath9k/mac.c
+++ b/drivers/net/wireless/ath/ath9k/mac.c
@@ -773,15 +773,10 @@ bool ath9k_hw_intrpend(struct ath_hw *ah)
 }
 EXPORT_SYMBOL(ath9k_hw_intrpend);
-void ath9k_hw_disable_interrupts(struct ath_hw *ah)
+void ath9k_hw_kill_interrupts(struct ath_hw *ah)
 {
        struct ath_common *common = ath9k_hw_common(ah);
-        if (!(ah->imask & ATH9K_INT_GLOBAL))
-                atomic_set(&ah->intr_ref_cnt, -1);
-        else
-                atomic_dec(&ah->intr_ref_cnt);
        ath_dbg(common, INTERRUPT, "disable IER\n");
        REG_WRITE(ah, AR_IER, AR_IER_DISABLE);
        (void) REG_READ(ah, AR_IER);
@@ -793,6 +788,17 @@ void ath9k_hw_disable_interrupts(struct ath_hw *ah)
                (void) REG_READ(ah, AR_INTR_SYNC_ENABLE);
        }
 }
+EXPORT_SYMBOL(ath9k_hw_kill_interrupts);
+void ath9k_hw_disable_interrupts(struct ath_hw *ah)
+{
+        if (!(ah->imask & ATH9K_INT_GLOBAL))
+                atomic_set(&ah->intr_ref_cnt, -1);
+        else
+                atomic_dec(&ah->intr_ref_cnt);
+        ath9k_hw_kill_interrupts(ah);
+}
 EXPORT_SYMBOL(ath9k_hw_disable_interrupts);
 void ath9k_hw_enable_interrupts(struct ath_hw *ah)
diff --git a/drivers/net/wireless/ath/ath9k/mac.h b/drivers/net/wireless/ath/ath9k/mac.h
index 0eba36dca6f8..4a745e68dd94 100644
--- a/drivers/net/wireless/ath/ath9k/mac.h
+++ b/drivers/net/wireless/ath/ath9k/mac.h
@@ -738,6 +738,7 @@ bool ath9k_hw_intrpend(struct ath_hw *ah);
 void ath9k_hw_set_interrupts(struct ath_hw *ah);
 void ath9k_hw_enable_interrupts(struct ath_hw *ah);
 void ath9k_hw_disable_interrupts(struct ath_hw *ah);
+void ath9k_hw_kill_interrupts(struct ath_hw *ah);
 void ar9002_hw_attach_mac_ops(struct ath_hw *ah);
diff --git a/drivers/net/wireless/ath/ath9k/main.c b/drivers/net/wireless/ath/ath9k/main.c
index 6049d8b82855..a22df749b8db 100644
--- a/drivers/net/wireless/ath/ath9k/main.c
+++ b/drivers/net/wireless/ath/ath9k/main.c
@@ -462,8 +462,10 @@ irqreturn_t ath_isr(int irq, void *dev)
        if (!ath9k_hw_intrpend(ah))
                return IRQ_NONE;
-        if(test_bit(SC_OP_HW_RESET, &sc->sc_flags))
+        if (test_bit(SC_OP_HW_RESET, &sc->sc_flags)) {
+                ath9k_hw_kill_interrupts(ah);
                return IRQ_HANDLED;
+        }
        /*
         * Figure out the reason(s) for the interrupt.  Note
diff --git a/drivers/net/wireless/ath/ath9k/pci.c b/drivers/net/wireless/ath/ath9k/pci.c
index d455de9162ec..a978984d78a5 100644
--- a/drivers/net/wireless/ath/ath9k/pci.c
+++ b/drivers/net/wireless/ath/ath9k/pci.c
@@ -321,6 +321,7 @@ static int ath_pci_suspend(struct device *device)
         * Otherwise the chip never moved to full sleep,
         * when no interface is up.
         */
+        ath9k_stop_btcoex(sc);
        ath9k_hw_disable(sc->sc_ah);
        ath9k_hw_setpower(sc->sc_ah, ATH9K_PM_FULL_SLEEP);
diff --git a/drivers/net/wireless/ath/ath9k/recv.c b/drivers/net/wireless/ath/ath9k/recv.c
index 12aca02228c2..4480c0cc655f 100644
--- a/drivers/net/wireless/ath/ath9k/recv.c
+++ b/drivers/net/wireless/ath/ath9k/recv.c
@@ -1044,7 +1044,6 @@ int ath_rx_tasklet(struct ath_softc *sc, int flush, bool hp)
        struct ieee80211_hw *hw = sc->hw;
        struct ieee80211_hdr *hdr;
        int retval;
-        bool decrypt_error = false;
        struct ath_rx_status rs;
        enum ath9k_rx_qtype qtype;
        bool edma = !!(ah->caps.hw_caps & ATH9K_HW_CAP_EDMA);
@@ -1066,6 +1065,7 @@ int ath_rx_tasklet(struct ath_softc *sc, int flush, bool hp)
        tsf_lower = tsf & 0xffffffff;
        do {
+                bool decrypt_error = false;
                /* If handling rx interrupt and flush is in progress => exit */
                if (test_bit(SC_OP_RXFLUSH, &sc->sc_flags) && (flush == 0))
                        break;
diff --git a/drivers/net/wireless/rndis_wlan.c b/drivers/net/wireless/rndis_wlan.c
index 241162e8111d..7a4ae9ee1c63 100644
--- a/drivers/net/wireless/rndis_wlan.c
+++ b/drivers/net/wireless/rndis_wlan.c
@@ -1803,6 +1803,7 @@ static struct ndis_80211_pmkid *update_pmkid(struct usbnet *usbdev,
                                                struct cfg80211_pmksa *pmksa,
                                                int max_pmkids)
 {
+        struct ndis_80211_pmkid *new_pmkids;
        int i, err, newlen;
        unsigned int count;
@@ -1833,11 +1834,12 @@ static struct ndis_80211_pmkid *update_pmkid(struct usbnet *usbdev,
        /* add new pmkid */
        newlen = sizeof(*pmkids) + (count + 1) * sizeof(pmkids->bssid_info[0]);
-        pmkids = krealloc(pmkids, newlen, GFP_KERNEL);
+        new_pmkids = krealloc(pmkids, newlen, GFP_KERNEL);
-        if (!pmkids) {
+        if (!new_pmkids) {
                err = -ENOMEM;
                goto error;
        }
+        pmkids = new_pmkids;
        pmkids->length = cpu_to_le32(newlen);
        pmkids->bssid_info_count = cpu_to_le32(count + 1);
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 41ff978a33f9..715d7e33fba0 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -1365,6 +1365,9 @@ static bool hci_resolve_next_name(struct hci_dev *hdev)
                return false;
        e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
+        if (!e)
+                return false;
        if (hci_resolve_name(hdev, e) == 0) {
                e->name_state = NAME_PENDING;
                return true;
@@ -1393,12 +1396,20 @@ static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
                return;
        e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
-        if (e) {
+        /* If the device was not found in a list of found devices names of which
+         * are pending. there is no need to continue resolving a next name as it
+         * will be done upon receiving another Remote Name Request Complete
+         * Event */
+        if (!e)
+                return;
+        list_del(&e->list);
+        if (name) {
                e->name_state = NAME_KNOWN;
-                list_del(&e->list);
+                mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
-                if (name)
+                                 e->data.rssi, name, name_len);
-                        mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
+        } else {
-                                         e->data.rssi, name, name_len);
+                e->name_state = NAME_NOT_KNOWN;
        }
        if (hci_resolve_next_name(hdev))
@@ -1762,7 +1773,12 @@ static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
                if (conn->type == ACL_LINK) {
                        conn->state = BT_CONFIG;
                        hci_conn_hold(conn);
-                        conn->disc_timeout = HCI_DISCONN_TIMEOUT;
+                        if (!conn->out && !hci_conn_ssp_enabled(conn) &&
+                            !hci_find_link_key(hdev, &ev->bdaddr))
+                                conn->disc_timeout = HCI_PAIRING_TIMEOUT;
+                        else
+                                conn->disc_timeout = HCI_DISCONN_TIMEOUT;
                } else
                        conn->state = BT_CONNECTED;
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index a8964db04bfb..daa149b7003c 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -1181,6 +1181,7 @@ static void l2cap_le_conn_ready(struct l2cap_conn *conn)
        sk = chan->sk;
        hci_conn_hold(conn->hcon);
+        conn->hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
        bacpy(&bt_sk(sk)->src, conn->src);
        bacpy(&bt_sk(sk)->dst, conn->dst);
diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c
index a4bb27e8427e..b94abd30e6f9 100644
--- a/net/bluetooth/l2cap_sock.c
+++ b/net/bluetooth/l2cap_sock.c
@@ -1174,7 +1174,7 @@ static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int p
        chan = l2cap_chan_create();
        if (!chan) {
-                l2cap_sock_kill(sk);
+                sk_free(sk);
                return NULL;
        }
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index 40bbe25dcff7..3589e21edb09 100644
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -131,6 +131,15 @@ static int sco_conn_del(struct hci_conn *hcon, int err)
                sco_sock_clear_timer(sk);
                sco_chan_del(sk, err);
                bh_unlock_sock(sk);
+                sco_conn_lock(conn);
+                conn->sk = NULL;
+                sco_pi(sk)->conn = NULL;
+                sco_conn_unlock(conn);
+                if (conn->hcon)
+                        hci_conn_put(conn->hcon);
                sco_sock_kill(sk);
        }
@@ -821,16 +830,6 @@ static void sco_chan_del(struct sock *sk, int err)
        BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
-        if (conn) {
-                sco_conn_lock(conn);
-                conn->sk = NULL;
-                sco_pi(sk)->conn = NULL;
-                sco_conn_unlock(conn);
-                if (conn->hcon)
-                        hci_conn_put(conn->hcon);
-        }
        sk->sk_state = BT_CLOSED;
        sk->sk_err   = err;
        sk->sk_state_change(sk);
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index 16ef0dc85a0a..901a616c8083 100644
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -579,8 +579,11 @@ static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
        if (!test_and_set_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags))
                smp = smp_chan_create(conn);
+        else
+                smp = conn->smp_chan;
-        smp = conn->smp_chan;
+        if (!smp)
+                return SMP_UNSPECIFIED;
        smp->preq[0] = SMP_CMD_PAIRING_REQ;
        memcpy(&smp->preq[1], req, sizeof(*req));

diff --git a/drivers/bluetooth/ath3k.c b/drivers/bluetooth/ath3k.c index 10308cd8a7ed..11f36e502136 100644 --- a/drivers/bluetooth/ath3k.c +++ b/drivers/bluetooth/ath3k.c
@@ -79,6 +79,7 @@ static struct usb_device_id ath3k_table[] = {
79	{ USB_DEVICE(0x13d3, 0x3362) },	79	{ USB_DEVICE(0x13d3, 0x3362) },
80	{ USB_DEVICE(0x0CF3, 0xE004) },	80	{ USB_DEVICE(0x0CF3, 0xE004) },
81	{ USB_DEVICE(0x0930, 0x0219) },	81	{ USB_DEVICE(0x0930, 0x0219) },
		82	{ USB_DEVICE(0x0489, 0xe057) },
82		83
83	/* Atheros AR5BBU12 with sflash firmware */	84	/* Atheros AR5BBU12 with sflash firmware */
84	{ USB_DEVICE(0x0489, 0xE02C) },	85	{ USB_DEVICE(0x0489, 0xE02C) },
@@ -104,6 +105,7 @@ static struct usb_device_id ath3k_blist_tbl[] = {
104	{ USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 },	105	{ USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 },
105	{ USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 },	106	{ USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 },
106	{ USB_DEVICE(0x0930, 0x0219), .driver_info = BTUSB_ATH3012 },	107	{ USB_DEVICE(0x0930, 0x0219), .driver_info = BTUSB_ATH3012 },
		108	{ USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 },
107		109
108	/* Atheros AR5BBU22 with sflash firmware */	110	/* Atheros AR5BBU22 with sflash firmware */
109	{ USB_DEVICE(0x0489, 0xE03C), .driver_info = BTUSB_ATH3012 },	111	{ USB_DEVICE(0x0489, 0xE03C), .driver_info = BTUSB_ATH3012 },


diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c index e27221411036..cef3bac1a543 100644 --- a/drivers/bluetooth/btusb.c +++ b/drivers/bluetooth/btusb.c
@@ -98,6 +98,7 @@ static struct usb_device_id btusb_table[] = {
98	{ USB_DEVICE(0x0a5c, 0x21e6) },	98	{ USB_DEVICE(0x0a5c, 0x21e6) },
99	{ USB_DEVICE(0x0a5c, 0x21e8) },	99	{ USB_DEVICE(0x0a5c, 0x21e8) },
100	{ USB_DEVICE(0x0a5c, 0x21f3) },	100	{ USB_DEVICE(0x0a5c, 0x21f3) },
		101	{ USB_DEVICE(0x0a5c, 0x21f4) },
101	{ USB_DEVICE(0x413c, 0x8197) },	102	{ USB_DEVICE(0x413c, 0x8197) },
102		103
103	/* Foxconn - Hon Hai */	104	/* Foxconn - Hon Hai */
@@ -133,6 +134,7 @@ static struct usb_device_id blacklist_table[] = {
133	{ USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 },	134	{ USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 },
134	{ USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 },	135	{ USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 },
135	{ USB_DEVICE(0x0930, 0x0219), .driver_info = BTUSB_ATH3012 },	136	{ USB_DEVICE(0x0930, 0x0219), .driver_info = BTUSB_ATH3012 },
		137	{ USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 },
136		138
137	/* Atheros AR5BBU12 with sflash firmware */	139	/* Atheros AR5BBU12 with sflash firmware */
138	{ USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE },	140	{ USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE },


diff --git a/drivers/net/wireless/at76c50x-usb.c b/drivers/net/wireless/at76c50x-usb.c index efc162e0b511..88b8d64c90f1 100644 --- a/drivers/net/wireless/at76c50x-usb.c +++ b/drivers/net/wireless/at76c50x-usb.c
@@ -342,7 +342,7 @@ static int at76_dfu_get_status(struct usb_device *udev,
342	return ret;	342	return ret;
343	}	343	}
344		344
345	static u8 at76_dfu_get_state(struct usb_device udev, u8 state)	345	static int at76_dfu_get_state(struct usb_device udev, u8 state)
346	{	346	{
347	int ret;	347	int ret;
348		348


diff --git a/drivers/net/wireless/ath/ath5k/base.c b/drivers/net/wireless/ath/ath5k/base.c index 8c4c040a47b8..2aab20ee9f38 100644 --- a/drivers/net/wireless/ath/ath5k/base.c +++ b/drivers/net/wireless/ath/ath5k/base.c
@@ -2056,9 +2056,7 @@ ath5k_beacon_update_timers(struct ath5k_hw *ah, u64 bc_tsf)
2056	void	2056	void
2057	ath5k_beacon_config(struct ath5k_hw *ah)	2057	ath5k_beacon_config(struct ath5k_hw *ah)
2058	{	2058	{
2059	unsigned long flags;	2059	spin_lock_bh(&ah->block);
2060
2061	spin_lock_irqsave(&ah->block, flags);
2062	ah->bmisscount = 0;	2060	ah->bmisscount = 0;
2063	ah->imask &= ~(AR5K_INT_BMISS \| AR5K_INT_SWBA);	2061	ah->imask &= ~(AR5K_INT_BMISS \| AR5K_INT_SWBA);
2064		2062
@@ -2085,7 +2083,7 @@ ath5k_beacon_config(struct ath5k_hw *ah)
2085		2083
2086	ath5k_hw_set_imr(ah, ah->imask);	2084	ath5k_hw_set_imr(ah, ah->imask);
2087	mmiowb();	2085	mmiowb();
2088	spin_unlock_irqrestore(&ah->block, flags);	2086	spin_unlock_bh(&ah->block);
2089	}	2087	}
2090		2088
2091	static void ath5k_tasklet_beacon(unsigned long data)	2089	static void ath5k_tasklet_beacon(unsigned long data)


diff --git a/drivers/net/wireless/ath/ath5k/mac80211-ops.c b/drivers/net/wireless/ath/ath5k/mac80211-ops.c index 260e7dc7f751..d56453e43d7e 100644 --- a/drivers/net/wireless/ath/ath5k/mac80211-ops.c +++ b/drivers/net/wireless/ath/ath5k/mac80211-ops.c
@@ -254,7 +254,6 @@ ath5k_bss_info_changed(struct ieee80211_hw hw, struct ieee80211_vif vif,
254	struct ath5k_vif avf = (void )vif->drv_priv;	254	struct ath5k_vif avf = (void )vif->drv_priv;
255	struct ath5k_hw *ah = hw->priv;	255	struct ath5k_hw *ah = hw->priv;
256	struct ath_common *common = ath5k_hw_common(ah);	256	struct ath_common *common = ath5k_hw_common(ah);
257	unsigned long flags;
258		257
259	mutex_lock(&ah->lock);	258	mutex_lock(&ah->lock);
260		259
@@ -300,9 +299,9 @@ ath5k_bss_info_changed(struct ieee80211_hw hw, struct ieee80211_vif vif,
300	}	299	}
301		300
302	if (changes & BSS_CHANGED_BEACON) {	301	if (changes & BSS_CHANGED_BEACON) {
303	spin_lock_irqsave(&ah->block, flags);	302	spin_lock_bh(&ah->block);
304	ath5k_beacon_update(hw, vif);	303	ath5k_beacon_update(hw, vif);
305	spin_unlock_irqrestore(&ah->block, flags);	304	spin_unlock_bh(&ah->block);
306	}	305	}
307		306
308	if (changes & BSS_CHANGED_BEACON_ENABLED)	307	if (changes & BSS_CHANGED_BEACON_ENABLED)


diff --git a/drivers/net/wireless/ath/ath9k/mac.c b/drivers/net/wireless/ath/ath9k/mac.c index 7990cd55599c..b42be910a83d 100644 --- a/drivers/net/wireless/ath/ath9k/mac.c +++ b/drivers/net/wireless/ath/ath9k/mac.c
@@ -773,15 +773,10 @@ bool ath9k_hw_intrpend(struct ath_hw *ah)
773	}	773	}
774	EXPORT_SYMBOL(ath9k_hw_intrpend);	774	EXPORT_SYMBOL(ath9k_hw_intrpend);
775		775
776	void ath9k_hw_disable_interrupts(struct ath_hw *ah)	776	void ath9k_hw_kill_interrupts(struct ath_hw *ah)
777	{	777	{
778	struct ath_common *common = ath9k_hw_common(ah);	778	struct ath_common *common = ath9k_hw_common(ah);
779		779
780	if (!(ah->imask & ATH9K_INT_GLOBAL))
781	atomic_set(&ah->intr_ref_cnt, -1);
782	else
783	atomic_dec(&ah->intr_ref_cnt);
784
785	ath_dbg(common, INTERRUPT, "disable IER\n");	780	ath_dbg(common, INTERRUPT, "disable IER\n");
786	REG_WRITE(ah, AR_IER, AR_IER_DISABLE);	781	REG_WRITE(ah, AR_IER, AR_IER_DISABLE);
787	(void) REG_READ(ah, AR_IER);	782	(void) REG_READ(ah, AR_IER);
@@ -793,6 +788,17 @@ void ath9k_hw_disable_interrupts(struct ath_hw *ah)
793	(void) REG_READ(ah, AR_INTR_SYNC_ENABLE);	788	(void) REG_READ(ah, AR_INTR_SYNC_ENABLE);
794	}	789	}
795	}	790	}
		791	EXPORT_SYMBOL(ath9k_hw_kill_interrupts);
		792
		793	void ath9k_hw_disable_interrupts(struct ath_hw *ah)
		794	{
		795	if (!(ah->imask & ATH9K_INT_GLOBAL))
		796	atomic_set(&ah->intr_ref_cnt, -1);
		797	else
		798	atomic_dec(&ah->intr_ref_cnt);
		799
		800	ath9k_hw_kill_interrupts(ah);
		801	}
796	EXPORT_SYMBOL(ath9k_hw_disable_interrupts);	802	EXPORT_SYMBOL(ath9k_hw_disable_interrupts);
797		803
798	void ath9k_hw_enable_interrupts(struct ath_hw *ah)	804	void ath9k_hw_enable_interrupts(struct ath_hw *ah)


diff --git a/drivers/net/wireless/ath/ath9k/mac.h b/drivers/net/wireless/ath/ath9k/mac.h index 0eba36dca6f8..4a745e68dd94 100644 --- a/drivers/net/wireless/ath/ath9k/mac.h +++ b/drivers/net/wireless/ath/ath9k/mac.h
@@ -738,6 +738,7 @@ bool ath9k_hw_intrpend(struct ath_hw *ah);
738	void ath9k_hw_set_interrupts(struct ath_hw *ah);	738	void ath9k_hw_set_interrupts(struct ath_hw *ah);
739	void ath9k_hw_enable_interrupts(struct ath_hw *ah);	739	void ath9k_hw_enable_interrupts(struct ath_hw *ah);
740	void ath9k_hw_disable_interrupts(struct ath_hw *ah);	740	void ath9k_hw_disable_interrupts(struct ath_hw *ah);
		741	void ath9k_hw_kill_interrupts(struct ath_hw *ah);
741		742
742	void ar9002_hw_attach_mac_ops(struct ath_hw *ah);	743	void ar9002_hw_attach_mac_ops(struct ath_hw *ah);
743		744


diff --git a/drivers/net/wireless/ath/ath9k/main.c b/drivers/net/wireless/ath/ath9k/main.c index 6049d8b82855..a22df749b8db 100644 --- a/drivers/net/wireless/ath/ath9k/main.c +++ b/drivers/net/wireless/ath/ath9k/main.c
@@ -462,8 +462,10 @@ irqreturn_t ath_isr(int irq, void *dev)
462	if (!ath9k_hw_intrpend(ah))	462	if (!ath9k_hw_intrpend(ah))
463	return IRQ_NONE;	463	return IRQ_NONE;
464		464
465	if(test_bit(SC_OP_HW_RESET, &sc->sc_flags))	465	if (test_bit(SC_OP_HW_RESET, &sc->sc_flags)) {
		466	ath9k_hw_kill_interrupts(ah);
466	return IRQ_HANDLED;	467	return IRQ_HANDLED;
		468	}
467		469
468	/*	470	/*
469	* Figure out the reason(s) for the interrupt. Note	471	* Figure out the reason(s) for the interrupt. Note


diff --git a/drivers/net/wireless/ath/ath9k/pci.c b/drivers/net/wireless/ath/ath9k/pci.c index d455de9162ec..a978984d78a5 100644 --- a/drivers/net/wireless/ath/ath9k/pci.c +++ b/drivers/net/wireless/ath/ath9k/pci.c
@@ -321,6 +321,7 @@ static int ath_pci_suspend(struct device *device)
321	* Otherwise the chip never moved to full sleep,	321	* Otherwise the chip never moved to full sleep,
322	* when no interface is up.	322	* when no interface is up.
323	*/	323	*/
		324	ath9k_stop_btcoex(sc);
324	ath9k_hw_disable(sc->sc_ah);	325	ath9k_hw_disable(sc->sc_ah);
325	ath9k_hw_setpower(sc->sc_ah, ATH9K_PM_FULL_SLEEP);	326	ath9k_hw_setpower(sc->sc_ah, ATH9K_PM_FULL_SLEEP);
326		327


diff --git a/drivers/net/wireless/ath/ath9k/recv.c b/drivers/net/wireless/ath/ath9k/recv.c index 12aca02228c2..4480c0cc655f 100644 --- a/drivers/net/wireless/ath/ath9k/recv.c +++ b/drivers/net/wireless/ath/ath9k/recv.c
@@ -1044,7 +1044,6 @@ int ath_rx_tasklet(struct ath_softc *sc, int flush, bool hp)
1044	struct ieee80211_hw *hw = sc->hw;	1044	struct ieee80211_hw *hw = sc->hw;
1045	struct ieee80211_hdr *hdr;	1045	struct ieee80211_hdr *hdr;
1046	int retval;	1046	int retval;
1047	bool decrypt_error = false;
1048	struct ath_rx_status rs;	1047	struct ath_rx_status rs;
1049	enum ath9k_rx_qtype qtype;	1048	enum ath9k_rx_qtype qtype;
1050	bool edma = !!(ah->caps.hw_caps & ATH9K_HW_CAP_EDMA);	1049	bool edma = !!(ah->caps.hw_caps & ATH9K_HW_CAP_EDMA);
@@ -1066,6 +1065,7 @@ int ath_rx_tasklet(struct ath_softc *sc, int flush, bool hp)
1066	tsf_lower = tsf & 0xffffffff;	1065	tsf_lower = tsf & 0xffffffff;
1067		1066
1068	do {	1067	do {
		1068	bool decrypt_error = false;
1069	/* If handling rx interrupt and flush is in progress => exit */	1069	/* If handling rx interrupt and flush is in progress => exit */
1070	if (test_bit(SC_OP_RXFLUSH, &sc->sc_flags) && (flush == 0))	1070	if (test_bit(SC_OP_RXFLUSH, &sc->sc_flags) && (flush == 0))
1071	break;	1071	break;


diff --git a/drivers/net/wireless/rndis_wlan.c b/drivers/net/wireless/rndis_wlan.c index 241162e8111d..7a4ae9ee1c63 100644 --- a/drivers/net/wireless/rndis_wlan.c +++ b/drivers/net/wireless/rndis_wlan.c
@@ -1803,6 +1803,7 @@ static struct ndis_80211_pmkid update_pmkid(struct usbnet usbdev,
1803	struct cfg80211_pmksa *pmksa,	1803	struct cfg80211_pmksa *pmksa,
1804	int max_pmkids)	1804	int max_pmkids)
1805	{	1805	{
		1806	struct ndis_80211_pmkid *new_pmkids;
1806	int i, err, newlen;	1807	int i, err, newlen;
1807	unsigned int count;	1808	unsigned int count;
1808		1809
@@ -1833,11 +1834,12 @@ static struct ndis_80211_pmkid update_pmkid(struct usbnet usbdev,
1833	/* add new pmkid */	1834	/* add new pmkid */
1834	newlen = sizeof(pmkids) + (count + 1) sizeof(pmkids->bssid_info[0]);	1835	newlen = sizeof(pmkids) + (count + 1) sizeof(pmkids->bssid_info[0]);
1835		1836
1836	pmkids = krealloc(pmkids, newlen, GFP_KERNEL);	1837	new_pmkids = krealloc(pmkids, newlen, GFP_KERNEL);
1837	if (!pmkids) {	1838	if (!new_pmkids) {
1838	err = -ENOMEM;	1839	err = -ENOMEM;
1839	goto error;	1840	goto error;
1840	}	1841	}
		1842	pmkids = new_pmkids;
1841		1843
1842	pmkids->length = cpu_to_le32(newlen);	1844	pmkids->length = cpu_to_le32(newlen);
1843	pmkids->bssid_info_count = cpu_to_le32(count + 1);	1845	pmkids->bssid_info_count = cpu_to_le32(count + 1);


diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index 41ff978a33f9..715d7e33fba0 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c
@@ -1365,6 +1365,9 @@ static bool hci_resolve_next_name(struct hci_dev *hdev)
1365	return false;	1365	return false;
1366		1366
1367	e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);	1367	e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
		1368	if (!e)
		1369	return false;
		1370
1368	if (hci_resolve_name(hdev, e) == 0) {	1371	if (hci_resolve_name(hdev, e) == 0) {
1369	e->name_state = NAME_PENDING;	1372	e->name_state = NAME_PENDING;
1370	return true;	1373	return true;
@@ -1393,12 +1396,20 @@ static void hci_check_pending_name(struct hci_dev hdev, struct hci_conn conn,
1393	return;	1396	return;
1394		1397
1395	e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);	1398	e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1396	if (e) {	1399	/* If the device was not found in a list of found devices names of which
		1400	* are pending. there is no need to continue resolving a next name as it
		1401	* will be done upon receiving another Remote Name Request Complete
		1402	* Event */
		1403	if (!e)
		1404	return;
		1405
		1406	list_del(&e->list);
		1407	if (name) {
1397	e->name_state = NAME_KNOWN;	1408	e->name_state = NAME_KNOWN;
1398	list_del(&e->list);	1409	mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1399	if (name)	1410	e->data.rssi, name, name_len);
1400	mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,	1411	} else {
1401	e->data.rssi, name, name_len);	1412	e->name_state = NAME_NOT_KNOWN;
1402	}	1413	}
1403		1414
1404	if (hci_resolve_next_name(hdev))	1415	if (hci_resolve_next_name(hdev))
@@ -1762,7 +1773,12 @@ static void hci_conn_complete_evt(struct hci_dev hdev, struct sk_buff skb)
1762	if (conn->type == ACL_LINK) {	1773	if (conn->type == ACL_LINK) {
1763	conn->state = BT_CONFIG;	1774	conn->state = BT_CONFIG;
1764	hci_conn_hold(conn);	1775	hci_conn_hold(conn);
1765	conn->disc_timeout = HCI_DISCONN_TIMEOUT;	1776
		1777	if (!conn->out && !hci_conn_ssp_enabled(conn) &&
		1778	!hci_find_link_key(hdev, &ev->bdaddr))
		1779	conn->disc_timeout = HCI_PAIRING_TIMEOUT;
		1780	else
		1781	conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1766	} else	1782	} else
1767	conn->state = BT_CONNECTED;	1783	conn->state = BT_CONNECTED;
1768		1784


diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c index a8964db04bfb..daa149b7003c 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c
@@ -1181,6 +1181,7 @@ static void l2cap_le_conn_ready(struct l2cap_conn *conn)
1181	sk = chan->sk;	1181	sk = chan->sk;
1182		1182
1183	hci_conn_hold(conn->hcon);	1183	hci_conn_hold(conn->hcon);
		1184	conn->hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
1184		1185
1185	bacpy(&bt_sk(sk)->src, conn->src);	1186	bacpy(&bt_sk(sk)->src, conn->src);
1186	bacpy(&bt_sk(sk)->dst, conn->dst);	1187	bacpy(&bt_sk(sk)->dst, conn->dst);


diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c index a4bb27e8427e..b94abd30e6f9 100644 --- a/net/bluetooth/l2cap_sock.c +++ b/net/bluetooth/l2cap_sock.c
@@ -1174,7 +1174,7 @@ static struct sock l2cap_sock_alloc(struct net net, struct socket *sock, int p
1174		1174
1175	chan = l2cap_chan_create();	1175	chan = l2cap_chan_create();
1176	if (!chan) {	1176	if (!chan) {
1177	l2cap_sock_kill(sk);	1177	sk_free(sk);
1178	return NULL;	1178	return NULL;
1179	}	1179	}
1180		1180


diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c index 40bbe25dcff7..3589e21edb09 100644 --- a/net/bluetooth/sco.c +++ b/net/bluetooth/sco.c
@@ -131,6 +131,15 @@ static int sco_conn_del(struct hci_conn *hcon, int err)
131	sco_sock_clear_timer(sk);	131	sco_sock_clear_timer(sk);
132	sco_chan_del(sk, err);	132	sco_chan_del(sk, err);
133	bh_unlock_sock(sk);	133	bh_unlock_sock(sk);
		134
		135	sco_conn_lock(conn);
		136	conn->sk = NULL;
		137	sco_pi(sk)->conn = NULL;
		138	sco_conn_unlock(conn);
		139
		140	if (conn->hcon)
		141	hci_conn_put(conn->hcon);
		142
134	sco_sock_kill(sk);	143	sco_sock_kill(sk);
135	}	144	}
136		145
@@ -821,16 +830,6 @@ static void sco_chan_del(struct sock *sk, int err)
821		830
822	BT_DBG("sk %p, conn %p, err %d", sk, conn, err);	831	BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
823		832
824	if (conn) {
825	sco_conn_lock(conn);
826	conn->sk = NULL;
827	sco_pi(sk)->conn = NULL;
828	sco_conn_unlock(conn);
829
830	if (conn->hcon)
831	hci_conn_put(conn->hcon);
832	}
833
834	sk->sk_state = BT_CLOSED;	833	sk->sk_state = BT_CLOSED;
835	sk->sk_err = err;	834	sk->sk_err = err;
836	sk->sk_state_change(sk);	835	sk->sk_state_change(sk);


diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c index 16ef0dc85a0a..901a616c8083 100644 --- a/net/bluetooth/smp.c +++ b/net/bluetooth/smp.c
@@ -579,8 +579,11 @@ static u8 smp_cmd_pairing_req(struct l2cap_conn conn, struct sk_buff skb)
579		579
580	if (!test_and_set_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags))	580	if (!test_and_set_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags))
581	smp = smp_chan_create(conn);	581	smp = smp_chan_create(conn);
		582	else
		583	smp = conn->smp_chan;
582		584
583	smp = conn->smp_chan;	585	if (!smp)
		586	return SMP_UNSPECIFIED;
584		587
585	smp->preq[0] = SMP_CMD_PAIRING_REQ;	588	smp->preq[0] = SMP_CMD_PAIRING_REQ;
586	memcpy(&smp->preq[1], req, sizeof(*req));	589	memcpy(&smp->preq[1], req, sizeof(*req));