aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--drivers/net/wireless/ath/ath.h1
-rw-r--r--drivers/net/wireless/ath/ath9k/hw.c2
-rw-r--r--drivers/net/wireless/ath/ath9k/recv.c7
-rw-r--r--drivers/net/wireless/ath/key.c4
-rw-r--r--drivers/net/wireless/iwlwifi/iwl-mac80211.c12
-rw-r--r--drivers/net/wireless/mwifiex/11n_rxreorder.c5
-rw-r--r--drivers/net/wireless/mwifiex/11n_rxreorder.h7
-rw-r--r--drivers/net/wireless/mwifiex/ie.c1
-rw-r--r--drivers/net/wireless/mwifiex/sdio.c6
-rw-r--r--drivers/net/wireless/mwifiex/sta_event.c9
-rw-r--r--drivers/net/wireless/mwifiex/usb.c28
-rw-r--r--drivers/net/wireless/mwifiex/wmm.c3
-rw-r--r--drivers/net/wireless/rtlwifi/rtl8192cu/sw.c3
-rw-r--r--drivers/net/wireless/ti/wlcore/Kconfig1
-rw-r--r--net/mac80211/mlme.c13
-rw-r--r--net/mac80211/rx.c5
-rw-r--r--net/nfc/nci/ntf.c10
-rw-r--r--net/nfc/rawsock.c5
18 files changed, 85 insertions, 37 deletions
diff --git a/drivers/net/wireless/ath/ath.h b/drivers/net/wireless/ath/ath.h
index c54b7d37bff1..420d69b2674c 100644
--- a/drivers/net/wireless/ath/ath.h
+++ b/drivers/net/wireless/ath/ath.h
@@ -143,6 +143,7 @@ struct ath_common {
143 u32 keymax; 143 u32 keymax;
144 DECLARE_BITMAP(keymap, ATH_KEYMAX); 144 DECLARE_BITMAP(keymap, ATH_KEYMAX);
145 DECLARE_BITMAP(tkip_keymap, ATH_KEYMAX); 145 DECLARE_BITMAP(tkip_keymap, ATH_KEYMAX);
146 DECLARE_BITMAP(ccmp_keymap, ATH_KEYMAX);
146 enum ath_crypt_caps crypt_caps; 147 enum ath_crypt_caps crypt_caps;
147 148
148 unsigned int clockrate; 149 unsigned int clockrate;
diff --git a/drivers/net/wireless/ath/ath9k/hw.c b/drivers/net/wireless/ath/ath9k/hw.c
index 1c68e564f503..995ca8e1302e 100644
--- a/drivers/net/wireless/ath/ath9k/hw.c
+++ b/drivers/net/wireless/ath/ath9k/hw.c
@@ -622,7 +622,7 @@ static int __ath9k_hw_init(struct ath_hw *ah)
622 622
623 if (NR_CPUS > 1 && ah->config.serialize_regmode == SER_REG_MODE_AUTO) { 623 if (NR_CPUS > 1 && ah->config.serialize_regmode == SER_REG_MODE_AUTO) {
624 if (ah->hw_version.macVersion == AR_SREV_VERSION_5416_PCI || 624 if (ah->hw_version.macVersion == AR_SREV_VERSION_5416_PCI ||
625 ((AR_SREV_9160(ah) || AR_SREV_9280(ah)) && 625 ((AR_SREV_9160(ah) || AR_SREV_9280(ah) || AR_SREV_9287(ah)) &&
626 !ah->is_pciexpress)) { 626 !ah->is_pciexpress)) {
627 ah->config.serialize_regmode = 627 ah->config.serialize_regmode =
628 SER_REG_MODE_ON; 628 SER_REG_MODE_ON;
diff --git a/drivers/net/wireless/ath/ath9k/recv.c b/drivers/net/wireless/ath/ath9k/recv.c
index e1fcc68124dc..0735aeb3b26c 100644
--- a/drivers/net/wireless/ath/ath9k/recv.c
+++ b/drivers/net/wireless/ath/ath9k/recv.c
@@ -695,9 +695,9 @@ static bool ath_edma_get_buffers(struct ath_softc *sc,
695 __skb_unlink(skb, &rx_edma->rx_fifo); 695 __skb_unlink(skb, &rx_edma->rx_fifo);
696 list_add_tail(&bf->list, &sc->rx.rxbuf); 696 list_add_tail(&bf->list, &sc->rx.rxbuf);
697 ath_rx_edma_buf_link(sc, qtype); 697 ath_rx_edma_buf_link(sc, qtype);
698 } else {
699 bf = NULL;
700 } 698 }
699
700 bf = NULL;
701 } 701 }
702 702
703 *dest = bf; 703 *dest = bf;
@@ -822,7 +822,8 @@ static bool ath9k_rx_accept(struct ath_common *common,
822 * descriptor does contain a valid key index. This has been observed 822 * descriptor does contain a valid key index. This has been observed
823 * mostly with CCMP encryption. 823 * mostly with CCMP encryption.
824 */ 824 */
825 if (rx_stats->rs_keyix == ATH9K_RXKEYIX_INVALID) 825 if (rx_stats->rs_keyix == ATH9K_RXKEYIX_INVALID ||
826 !test_bit(rx_stats->rs_keyix, common->ccmp_keymap))
826 rx_stats->rs_status &= ~ATH9K_RXERR_KEYMISS; 827 rx_stats->rs_status &= ~ATH9K_RXERR_KEYMISS;
827 828
828 if (!rx_stats->rs_datalen) { 829 if (!rx_stats->rs_datalen) {
diff --git a/drivers/net/wireless/ath/key.c b/drivers/net/wireless/ath/key.c
index 0e81904956cf..5c54aa43ca2d 100644
--- a/drivers/net/wireless/ath/key.c
+++ b/drivers/net/wireless/ath/key.c
@@ -556,6 +556,9 @@ int ath_key_config(struct ath_common *common,
556 return -EIO; 556 return -EIO;
557 557
558 set_bit(idx, common->keymap); 558 set_bit(idx, common->keymap);
559 if (key->cipher == WLAN_CIPHER_SUITE_CCMP)
560 set_bit(idx, common->ccmp_keymap);
561
559 if (key->cipher == WLAN_CIPHER_SUITE_TKIP) { 562 if (key->cipher == WLAN_CIPHER_SUITE_TKIP) {
560 set_bit(idx + 64, common->keymap); 563 set_bit(idx + 64, common->keymap);
561 set_bit(idx, common->tkip_keymap); 564 set_bit(idx, common->tkip_keymap);
@@ -582,6 +585,7 @@ void ath_key_delete(struct ath_common *common, struct ieee80211_key_conf *key)
582 return; 585 return;
583 586
584 clear_bit(key->hw_key_idx, common->keymap); 587 clear_bit(key->hw_key_idx, common->keymap);
588 clear_bit(key->hw_key_idx, common->ccmp_keymap);
585 if (key->cipher != WLAN_CIPHER_SUITE_TKIP) 589 if (key->cipher != WLAN_CIPHER_SUITE_TKIP)
586 return; 590 return;
587 591
diff --git a/drivers/net/wireless/iwlwifi/iwl-mac80211.c b/drivers/net/wireless/iwlwifi/iwl-mac80211.c
index 3ee23134c02b..013680332f07 100644
--- a/drivers/net/wireless/iwlwifi/iwl-mac80211.c
+++ b/drivers/net/wireless/iwlwifi/iwl-mac80211.c
@@ -796,6 +796,18 @@ int iwlagn_mac_sta_state(struct ieee80211_hw *hw,
796 switch (op) { 796 switch (op) {
797 case ADD: 797 case ADD:
798 ret = iwlagn_mac_sta_add(hw, vif, sta); 798 ret = iwlagn_mac_sta_add(hw, vif, sta);
799 if (ret)
800 break;
801 /*
802 * Clear the in-progress flag, the AP station entry was added
803 * but we'll initialize LQ only when we've associated (which
804 * would also clear the in-progress flag). This is necessary
805 * in case we never initialize LQ because association fails.
806 */
807 spin_lock_bh(&priv->sta_lock);
808 priv->stations[iwl_sta_id(sta)].used &=
809 ~IWL_STA_UCODE_INPROGRESS;
810 spin_unlock_bh(&priv->sta_lock);
799 break; 811 break;
800 case REMOVE: 812 case REMOVE:
801 ret = iwlagn_mac_sta_remove(hw, vif, sta); 813 ret = iwlagn_mac_sta_remove(hw, vif, sta);
diff --git a/drivers/net/wireless/mwifiex/11n_rxreorder.c b/drivers/net/wireless/mwifiex/11n_rxreorder.c
index 9c44088054dd..900ee129e825 100644
--- a/drivers/net/wireless/mwifiex/11n_rxreorder.c
+++ b/drivers/net/wireless/mwifiex/11n_rxreorder.c
@@ -256,7 +256,8 @@ mwifiex_11n_create_rx_reorder_tbl(struct mwifiex_private *priv, u8 *ta,
256 else 256 else
257 last_seq = priv->rx_seq[tid]; 257 last_seq = priv->rx_seq[tid];
258 258
259 if (last_seq >= new_node->start_win) 259 if (last_seq != MWIFIEX_DEF_11N_RX_SEQ_NUM &&
260 last_seq >= new_node->start_win)
260 new_node->start_win = last_seq + 1; 261 new_node->start_win = last_seq + 1;
261 262
262 new_node->win_size = win_size; 263 new_node->win_size = win_size;
@@ -596,5 +597,5 @@ void mwifiex_11n_cleanup_reorder_tbl(struct mwifiex_private *priv)
596 spin_unlock_irqrestore(&priv->rx_reorder_tbl_lock, flags); 597 spin_unlock_irqrestore(&priv->rx_reorder_tbl_lock, flags);
597 598
598 INIT_LIST_HEAD(&priv->rx_reorder_tbl_ptr); 599 INIT_LIST_HEAD(&priv->rx_reorder_tbl_ptr);
599 memset(priv->rx_seq, 0, sizeof(priv->rx_seq)); 600 mwifiex_reset_11n_rx_seq_num(priv);
600} 601}
diff --git a/drivers/net/wireless/mwifiex/11n_rxreorder.h b/drivers/net/wireless/mwifiex/11n_rxreorder.h
index f1bffebabc60..6c9815a0f5d8 100644
--- a/drivers/net/wireless/mwifiex/11n_rxreorder.h
+++ b/drivers/net/wireless/mwifiex/11n_rxreorder.h
@@ -37,6 +37,13 @@
37 37
38#define ADDBA_RSP_STATUS_ACCEPT 0 38#define ADDBA_RSP_STATUS_ACCEPT 0
39 39
40#define MWIFIEX_DEF_11N_RX_SEQ_NUM 0xffff
41
42static inline void mwifiex_reset_11n_rx_seq_num(struct mwifiex_private *priv)
43{
44 memset(priv->rx_seq, 0xff, sizeof(priv->rx_seq));
45}
46
40int mwifiex_11n_rx_reorder_pkt(struct mwifiex_private *, 47int mwifiex_11n_rx_reorder_pkt(struct mwifiex_private *,
41 u16 seqNum, 48 u16 seqNum,
42 u16 tid, u8 *ta, 49 u16 tid, u8 *ta,
diff --git a/drivers/net/wireless/mwifiex/ie.c b/drivers/net/wireless/mwifiex/ie.c
index ceb82cd749cc..383820a52beb 100644
--- a/drivers/net/wireless/mwifiex/ie.c
+++ b/drivers/net/wireless/mwifiex/ie.c
@@ -213,6 +213,7 @@ mwifiex_update_uap_custom_ie(struct mwifiex_private *priv,
213 /* save assoc resp ie index after auto-indexing */ 213 /* save assoc resp ie index after auto-indexing */
214 *assoc_idx = *((u16 *)pos); 214 *assoc_idx = *((u16 *)pos);
215 215
216 kfree(ap_custom_ie);
216 return ret; 217 return ret;
217} 218}
218 219
diff --git a/drivers/net/wireless/mwifiex/sdio.c b/drivers/net/wireless/mwifiex/sdio.c
index e0377473282f..fc8a9bfa1248 100644
--- a/drivers/net/wireless/mwifiex/sdio.c
+++ b/drivers/net/wireless/mwifiex/sdio.c
@@ -978,10 +978,10 @@ static int mwifiex_decode_rx_packet(struct mwifiex_adapter *adapter,
978 dev_dbg(adapter->dev, "info: --- Rx: Event ---\n"); 978 dev_dbg(adapter->dev, "info: --- Rx: Event ---\n");
979 adapter->event_cause = *(u32 *) skb->data; 979 adapter->event_cause = *(u32 *) skb->data;
980 980
981 skb_pull(skb, MWIFIEX_EVENT_HEADER_LEN);
982
983 if ((skb->len > 0) && (skb->len < MAX_EVENT_SIZE)) 981 if ((skb->len > 0) && (skb->len < MAX_EVENT_SIZE))
984 memcpy(adapter->event_body, skb->data, skb->len); 982 memcpy(adapter->event_body,
983 skb->data + MWIFIEX_EVENT_HEADER_LEN,
984 skb->len);
985 985
986 /* event cause has been saved to adapter->event_cause */ 986 /* event cause has been saved to adapter->event_cause */
987 adapter->event_received = true; 987 adapter->event_received = true;
diff --git a/drivers/net/wireless/mwifiex/sta_event.c b/drivers/net/wireless/mwifiex/sta_event.c
index 4ace5a3dcd23..11e731f3581c 100644
--- a/drivers/net/wireless/mwifiex/sta_event.c
+++ b/drivers/net/wireless/mwifiex/sta_event.c
@@ -406,9 +406,9 @@ int mwifiex_process_sta_event(struct mwifiex_private *priv)
406 break; 406 break;
407 407
408 case EVENT_UAP_STA_ASSOC: 408 case EVENT_UAP_STA_ASSOC:
409 skb_pull(adapter->event_skb, MWIFIEX_UAP_EVENT_EXTRA_HEADER);
410 memset(&sinfo, 0, sizeof(sinfo)); 409 memset(&sinfo, 0, sizeof(sinfo));
411 event = (struct mwifiex_assoc_event *)adapter->event_skb->data; 410 event = (struct mwifiex_assoc_event *)
411 (adapter->event_body + MWIFIEX_UAP_EVENT_EXTRA_HEADER);
412 if (le16_to_cpu(event->type) == TLV_TYPE_UAP_MGMT_FRAME) { 412 if (le16_to_cpu(event->type) == TLV_TYPE_UAP_MGMT_FRAME) {
413 len = -1; 413 len = -1;
414 414
@@ -433,9 +433,8 @@ int mwifiex_process_sta_event(struct mwifiex_private *priv)
433 GFP_KERNEL); 433 GFP_KERNEL);
434 break; 434 break;
435 case EVENT_UAP_STA_DEAUTH: 435 case EVENT_UAP_STA_DEAUTH:
436 skb_pull(adapter->event_skb, MWIFIEX_UAP_EVENT_EXTRA_HEADER); 436 cfg80211_del_sta(priv->netdev, adapter->event_body +
437 cfg80211_del_sta(priv->netdev, adapter->event_skb->data, 437 MWIFIEX_UAP_EVENT_EXTRA_HEADER, GFP_KERNEL);
438 GFP_KERNEL);
439 break; 438 break;
440 case EVENT_UAP_BSS_IDLE: 439 case EVENT_UAP_BSS_IDLE:
441 priv->media_connected = false; 440 priv->media_connected = false;
diff --git a/drivers/net/wireless/mwifiex/usb.c b/drivers/net/wireless/mwifiex/usb.c
index 49ebf20c56eb..22a5916564b8 100644
--- a/drivers/net/wireless/mwifiex/usb.c
+++ b/drivers/net/wireless/mwifiex/usb.c
@@ -49,6 +49,7 @@ static int mwifiex_usb_recv(struct mwifiex_adapter *adapter,
49 struct device *dev = adapter->dev; 49 struct device *dev = adapter->dev;
50 u32 recv_type; 50 u32 recv_type;
51 __le32 tmp; 51 __le32 tmp;
52 int ret;
52 53
53 if (adapter->hs_activated) 54 if (adapter->hs_activated)
54 mwifiex_process_hs_config(adapter); 55 mwifiex_process_hs_config(adapter);
@@ -69,16 +70,19 @@ static int mwifiex_usb_recv(struct mwifiex_adapter *adapter,
69 case MWIFIEX_USB_TYPE_CMD: 70 case MWIFIEX_USB_TYPE_CMD:
70 if (skb->len > MWIFIEX_SIZE_OF_CMD_BUFFER) { 71 if (skb->len > MWIFIEX_SIZE_OF_CMD_BUFFER) {
71 dev_err(dev, "CMD: skb->len too large\n"); 72 dev_err(dev, "CMD: skb->len too large\n");
72 return -1; 73 ret = -1;
74 goto exit_restore_skb;
73 } else if (!adapter->curr_cmd) { 75 } else if (!adapter->curr_cmd) {
74 dev_dbg(dev, "CMD: no curr_cmd\n"); 76 dev_dbg(dev, "CMD: no curr_cmd\n");
75 if (adapter->ps_state == PS_STATE_SLEEP_CFM) { 77 if (adapter->ps_state == PS_STATE_SLEEP_CFM) {
76 mwifiex_process_sleep_confirm_resp( 78 mwifiex_process_sleep_confirm_resp(
77 adapter, skb->data, 79 adapter, skb->data,
78 skb->len); 80 skb->len);
79 return 0; 81 ret = 0;
82 goto exit_restore_skb;
80 } 83 }
81 return -1; 84 ret = -1;
85 goto exit_restore_skb;
82 } 86 }
83 87
84 adapter->curr_cmd->resp_skb = skb; 88 adapter->curr_cmd->resp_skb = skb;
@@ -87,20 +91,22 @@ static int mwifiex_usb_recv(struct mwifiex_adapter *adapter,
87 case MWIFIEX_USB_TYPE_EVENT: 91 case MWIFIEX_USB_TYPE_EVENT:
88 if (skb->len < sizeof(u32)) { 92 if (skb->len < sizeof(u32)) {
89 dev_err(dev, "EVENT: skb->len too small\n"); 93 dev_err(dev, "EVENT: skb->len too small\n");
90 return -1; 94 ret = -1;
95 goto exit_restore_skb;
91 } 96 }
92 skb_copy_from_linear_data(skb, &tmp, sizeof(u32)); 97 skb_copy_from_linear_data(skb, &tmp, sizeof(u32));
93 adapter->event_cause = le32_to_cpu(tmp); 98 adapter->event_cause = le32_to_cpu(tmp);
94 skb_pull(skb, sizeof(u32));
95 dev_dbg(dev, "event_cause %#x\n", adapter->event_cause); 99 dev_dbg(dev, "event_cause %#x\n", adapter->event_cause);
96 100
97 if (skb->len > MAX_EVENT_SIZE) { 101 if (skb->len > MAX_EVENT_SIZE) {
98 dev_err(dev, "EVENT: event body too large\n"); 102 dev_err(dev, "EVENT: event body too large\n");
99 return -1; 103 ret = -1;
104 goto exit_restore_skb;
100 } 105 }
101 106
102 skb_copy_from_linear_data(skb, adapter->event_body, 107 memcpy(adapter->event_body, skb->data +
103 skb->len); 108 MWIFIEX_EVENT_HEADER_LEN, skb->len);
109
104 adapter->event_received = true; 110 adapter->event_received = true;
105 adapter->event_skb = skb; 111 adapter->event_skb = skb;
106 break; 112 break;
@@ -124,6 +130,12 @@ static int mwifiex_usb_recv(struct mwifiex_adapter *adapter,
124 } 130 }
125 131
126 return -EINPROGRESS; 132 return -EINPROGRESS;
133
134exit_restore_skb:
135 /* The buffer will be reused for further cmds/events */
136 skb_push(skb, INTF_HEADER_LEN);
137
138 return ret;
127} 139}
128 140
129static void mwifiex_usb_rx_complete(struct urb *urb) 141static void mwifiex_usb_rx_complete(struct urb *urb)
diff --git a/drivers/net/wireless/mwifiex/wmm.c b/drivers/net/wireless/mwifiex/wmm.c
index f3fc65515857..3fa4d4176993 100644
--- a/drivers/net/wireless/mwifiex/wmm.c
+++ b/drivers/net/wireless/mwifiex/wmm.c
@@ -404,6 +404,8 @@ mwifiex_wmm_init(struct mwifiex_adapter *adapter)
404 priv->add_ba_param.tx_win_size = MWIFIEX_AMPDU_DEF_TXWINSIZE; 404 priv->add_ba_param.tx_win_size = MWIFIEX_AMPDU_DEF_TXWINSIZE;
405 priv->add_ba_param.rx_win_size = MWIFIEX_AMPDU_DEF_RXWINSIZE; 405 priv->add_ba_param.rx_win_size = MWIFIEX_AMPDU_DEF_RXWINSIZE;
406 406
407 mwifiex_reset_11n_rx_seq_num(priv);
408
407 atomic_set(&priv->wmm.tx_pkts_queued, 0); 409 atomic_set(&priv->wmm.tx_pkts_queued, 0);
408 atomic_set(&priv->wmm.highest_queued_prio, HIGH_PRIO_TID); 410 atomic_set(&priv->wmm.highest_queued_prio, HIGH_PRIO_TID);
409 } 411 }
@@ -1221,6 +1223,7 @@ mwifiex_dequeue_tx_packet(struct mwifiex_adapter *adapter)
1221 1223
1222 if (!ptr->is_11n_enabled || 1224 if (!ptr->is_11n_enabled ||
1223 mwifiex_is_ba_stream_setup(priv, ptr, tid) || 1225 mwifiex_is_ba_stream_setup(priv, ptr, tid) ||
1226 priv->wps.session_enable ||
1224 ((priv->sec_info.wpa_enabled || 1227 ((priv->sec_info.wpa_enabled ||
1225 priv->sec_info.wpa2_enabled) && 1228 priv->sec_info.wpa2_enabled) &&
1226 !priv->wpa_is_gtk_set)) { 1229 !priv->wpa_is_gtk_set)) {
diff --git a/drivers/net/wireless/rtlwifi/rtl8192cu/sw.c b/drivers/net/wireless/rtlwifi/rtl8192cu/sw.c
index d228358e6a40..9970c2b1b199 100644
--- a/drivers/net/wireless/rtlwifi/rtl8192cu/sw.c
+++ b/drivers/net/wireless/rtlwifi/rtl8192cu/sw.c
@@ -301,9 +301,11 @@ static struct usb_device_id rtl8192c_usb_ids[] = {
301 {RTL_USB_DEVICE(0x07b8, 0x8188, rtl92cu_hal_cfg)}, /*Abocom - Abocom*/ 301 {RTL_USB_DEVICE(0x07b8, 0x8188, rtl92cu_hal_cfg)}, /*Abocom - Abocom*/
302 {RTL_USB_DEVICE(0x07b8, 0x8189, rtl92cu_hal_cfg)}, /*Funai - Abocom*/ 302 {RTL_USB_DEVICE(0x07b8, 0x8189, rtl92cu_hal_cfg)}, /*Funai - Abocom*/
303 {RTL_USB_DEVICE(0x0846, 0x9041, rtl92cu_hal_cfg)}, /*NetGear WNA1000M*/ 303 {RTL_USB_DEVICE(0x0846, 0x9041, rtl92cu_hal_cfg)}, /*NetGear WNA1000M*/
304 {RTL_USB_DEVICE(0x0bda, 0x5088, rtl92cu_hal_cfg)}, /*Thinkware-CC&C*/
304 {RTL_USB_DEVICE(0x0df6, 0x0052, rtl92cu_hal_cfg)}, /*Sitecom - Edimax*/ 305 {RTL_USB_DEVICE(0x0df6, 0x0052, rtl92cu_hal_cfg)}, /*Sitecom - Edimax*/
305 {RTL_USB_DEVICE(0x0df6, 0x005c, rtl92cu_hal_cfg)}, /*Sitecom - Edimax*/ 306 {RTL_USB_DEVICE(0x0df6, 0x005c, rtl92cu_hal_cfg)}, /*Sitecom - Edimax*/
306 {RTL_USB_DEVICE(0x0eb0, 0x9071, rtl92cu_hal_cfg)}, /*NO Brand - Etop*/ 307 {RTL_USB_DEVICE(0x0eb0, 0x9071, rtl92cu_hal_cfg)}, /*NO Brand - Etop*/
308 {RTL_USB_DEVICE(0x4856, 0x0091, rtl92cu_hal_cfg)}, /*NetweeN - Feixun*/
307 /* HP - Lite-On ,8188CUS Slim Combo */ 309 /* HP - Lite-On ,8188CUS Slim Combo */
308 {RTL_USB_DEVICE(0x103c, 0x1629, rtl92cu_hal_cfg)}, 310 {RTL_USB_DEVICE(0x103c, 0x1629, rtl92cu_hal_cfg)},
309 {RTL_USB_DEVICE(0x13d3, 0x3357, rtl92cu_hal_cfg)}, /* AzureWave */ 311 {RTL_USB_DEVICE(0x13d3, 0x3357, rtl92cu_hal_cfg)}, /* AzureWave */
@@ -346,6 +348,7 @@ static struct usb_device_id rtl8192c_usb_ids[] = {
346 {RTL_USB_DEVICE(0x07b8, 0x8178, rtl92cu_hal_cfg)}, /*Funai -Abocom*/ 348 {RTL_USB_DEVICE(0x07b8, 0x8178, rtl92cu_hal_cfg)}, /*Funai -Abocom*/
347 {RTL_USB_DEVICE(0x0846, 0x9021, rtl92cu_hal_cfg)}, /*Netgear-Sercomm*/ 349 {RTL_USB_DEVICE(0x0846, 0x9021, rtl92cu_hal_cfg)}, /*Netgear-Sercomm*/
348 {RTL_USB_DEVICE(0x0b05, 0x17ab, rtl92cu_hal_cfg)}, /*ASUS-Edimax*/ 350 {RTL_USB_DEVICE(0x0b05, 0x17ab, rtl92cu_hal_cfg)}, /*ASUS-Edimax*/
351 {RTL_USB_DEVICE(0x0bda, 0x8186, rtl92cu_hal_cfg)}, /*Realtek 92CE-VAU*/
349 {RTL_USB_DEVICE(0x0df6, 0x0061, rtl92cu_hal_cfg)}, /*Sitecom-Edimax*/ 352 {RTL_USB_DEVICE(0x0df6, 0x0061, rtl92cu_hal_cfg)}, /*Sitecom-Edimax*/
350 {RTL_USB_DEVICE(0x0e66, 0x0019, rtl92cu_hal_cfg)}, /*Hawking-Edimax*/ 353 {RTL_USB_DEVICE(0x0e66, 0x0019, rtl92cu_hal_cfg)}, /*Hawking-Edimax*/
351 {RTL_USB_DEVICE(0x2001, 0x3307, rtl92cu_hal_cfg)}, /*D-Link-Cameo*/ 354 {RTL_USB_DEVICE(0x2001, 0x3307, rtl92cu_hal_cfg)}, /*D-Link-Cameo*/
diff --git a/drivers/net/wireless/ti/wlcore/Kconfig b/drivers/net/wireless/ti/wlcore/Kconfig
index 54156b0b5c2d..d7b907e67170 100644
--- a/drivers/net/wireless/ti/wlcore/Kconfig
+++ b/drivers/net/wireless/ti/wlcore/Kconfig
@@ -1,7 +1,6 @@
1config WLCORE 1config WLCORE
2 tristate "TI wlcore support" 2 tristate "TI wlcore support"
3 depends on WL_TI && GENERIC_HARDIRQS && MAC80211 3 depends on WL_TI && GENERIC_HARDIRQS && MAC80211
4 depends on INET
5 select FW_LOADER 4 select FW_LOADER
6 ---help--- 5 ---help---
7 This module contains the main code for TI WLAN chips. It abstracts 6 This module contains the main code for TI WLAN chips. It abstracts
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index 66e4fcdd1c6b..a4bb856de08f 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -1342,7 +1342,6 @@ static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
1342 struct ieee80211_local *local = sdata->local; 1342 struct ieee80211_local *local = sdata->local;
1343 struct sta_info *sta; 1343 struct sta_info *sta;
1344 u32 changed = 0; 1344 u32 changed = 0;
1345 u8 bssid[ETH_ALEN];
1346 1345
1347 ASSERT_MGD_MTX(ifmgd); 1346 ASSERT_MGD_MTX(ifmgd);
1348 1347
@@ -1354,10 +1353,7 @@ static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
1354 1353
1355 ieee80211_stop_poll(sdata); 1354 ieee80211_stop_poll(sdata);
1356 1355
1357 memcpy(bssid, ifmgd->associated->bssid, ETH_ALEN);
1358
1359 ifmgd->associated = NULL; 1356 ifmgd->associated = NULL;
1360 memset(ifmgd->bssid, 0, ETH_ALEN);
1361 1357
1362 /* 1358 /*
1363 * we need to commit the associated = NULL change because the 1359 * we need to commit the associated = NULL change because the
@@ -1377,7 +1373,7 @@ static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
1377 netif_carrier_off(sdata->dev); 1373 netif_carrier_off(sdata->dev);
1378 1374
1379 mutex_lock(&local->sta_mtx); 1375 mutex_lock(&local->sta_mtx);
1380 sta = sta_info_get(sdata, bssid); 1376 sta = sta_info_get(sdata, ifmgd->bssid);
1381 if (sta) { 1377 if (sta) {
1382 set_sta_flag(sta, WLAN_STA_BLOCK_BA); 1378 set_sta_flag(sta, WLAN_STA_BLOCK_BA);
1383 ieee80211_sta_tear_down_BA_sessions(sta, tx); 1379 ieee80211_sta_tear_down_BA_sessions(sta, tx);
@@ -1386,13 +1382,16 @@ static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
1386 1382
1387 /* deauthenticate/disassociate now */ 1383 /* deauthenticate/disassociate now */
1388 if (tx || frame_buf) 1384 if (tx || frame_buf)
1389 ieee80211_send_deauth_disassoc(sdata, bssid, stype, reason, 1385 ieee80211_send_deauth_disassoc(sdata, ifmgd->bssid, stype,
1390 tx, frame_buf); 1386 reason, tx, frame_buf);
1391 1387
1392 /* flush out frame */ 1388 /* flush out frame */
1393 if (tx) 1389 if (tx)
1394 drv_flush(local, false); 1390 drv_flush(local, false);
1395 1391
1392 /* clear bssid only after building the needed mgmt frames */
1393 memset(ifmgd->bssid, 0, ETH_ALEN);
1394
1396 /* remove AP and TDLS peers */ 1395 /* remove AP and TDLS peers */
1397 sta_info_flush(local, sdata); 1396 sta_info_flush(local, sdata);
1398 1397
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 7bcecf73aafb..965e6ec0adb6 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -2455,7 +2455,7 @@ ieee80211_rx_h_action_return(struct ieee80211_rx_data *rx)
2455 * frames that we didn't handle, including returning unknown 2455 * frames that we didn't handle, including returning unknown
2456 * ones. For all other modes we will return them to the sender, 2456 * ones. For all other modes we will return them to the sender,
2457 * setting the 0x80 bit in the action category, as required by 2457 * setting the 0x80 bit in the action category, as required by
2458 * 802.11-2007 7.3.1.11. 2458 * 802.11-2012 9.24.4.
2459 * Newer versions of hostapd shall also use the management frame 2459 * Newer versions of hostapd shall also use the management frame
2460 * registration mechanisms, but older ones still use cooked 2460 * registration mechanisms, but older ones still use cooked
2461 * monitor interfaces so push all frames there. 2461 * monitor interfaces so push all frames there.
@@ -2465,6 +2465,9 @@ ieee80211_rx_h_action_return(struct ieee80211_rx_data *rx)
2465 sdata->vif.type == NL80211_IFTYPE_AP_VLAN)) 2465 sdata->vif.type == NL80211_IFTYPE_AP_VLAN))
2466 return RX_DROP_MONITOR; 2466 return RX_DROP_MONITOR;
2467 2467
2468 if (is_multicast_ether_addr(mgmt->da))
2469 return RX_DROP_MONITOR;
2470
2468 /* do not return rejected action frames */ 2471 /* do not return rejected action frames */
2469 if (mgmt->u.action.category & 0x80) 2472 if (mgmt->u.action.category & 0x80)
2470 return RX_DROP_UNUSABLE; 2473 return RX_DROP_UNUSABLE;
diff --git a/net/nfc/nci/ntf.c b/net/nfc/nci/ntf.c
index cb2646179e5f..2ab196a9f228 100644
--- a/net/nfc/nci/ntf.c
+++ b/net/nfc/nci/ntf.c
@@ -106,7 +106,7 @@ static __u8 *nci_extract_rf_params_nfca_passive_poll(struct nci_dev *ndev,
106 nfca_poll->sens_res = __le16_to_cpu(*((__u16 *)data)); 106 nfca_poll->sens_res = __le16_to_cpu(*((__u16 *)data));
107 data += 2; 107 data += 2;
108 108
109 nfca_poll->nfcid1_len = *data++; 109 nfca_poll->nfcid1_len = min_t(__u8, *data++, NFC_NFCID1_MAXSIZE);
110 110
111 pr_debug("sens_res 0x%x, nfcid1_len %d\n", 111 pr_debug("sens_res 0x%x, nfcid1_len %d\n",
112 nfca_poll->sens_res, nfca_poll->nfcid1_len); 112 nfca_poll->sens_res, nfca_poll->nfcid1_len);
@@ -130,7 +130,7 @@ static __u8 *nci_extract_rf_params_nfcb_passive_poll(struct nci_dev *ndev,
130 struct rf_tech_specific_params_nfcb_poll *nfcb_poll, 130 struct rf_tech_specific_params_nfcb_poll *nfcb_poll,
131 __u8 *data) 131 __u8 *data)
132{ 132{
133 nfcb_poll->sensb_res_len = *data++; 133 nfcb_poll->sensb_res_len = min_t(__u8, *data++, NFC_SENSB_RES_MAXSIZE);
134 134
135 pr_debug("sensb_res_len %d\n", nfcb_poll->sensb_res_len); 135 pr_debug("sensb_res_len %d\n", nfcb_poll->sensb_res_len);
136 136
@@ -145,7 +145,7 @@ static __u8 *nci_extract_rf_params_nfcf_passive_poll(struct nci_dev *ndev,
145 __u8 *data) 145 __u8 *data)
146{ 146{
147 nfcf_poll->bit_rate = *data++; 147 nfcf_poll->bit_rate = *data++;
148 nfcf_poll->sensf_res_len = *data++; 148 nfcf_poll->sensf_res_len = min_t(__u8, *data++, NFC_SENSF_RES_MAXSIZE);
149 149
150 pr_debug("bit_rate %d, sensf_res_len %d\n", 150 pr_debug("bit_rate %d, sensf_res_len %d\n",
151 nfcf_poll->bit_rate, nfcf_poll->sensf_res_len); 151 nfcf_poll->bit_rate, nfcf_poll->sensf_res_len);
@@ -331,7 +331,7 @@ static int nci_extract_activation_params_iso_dep(struct nci_dev *ndev,
331 switch (ntf->activation_rf_tech_and_mode) { 331 switch (ntf->activation_rf_tech_and_mode) {
332 case NCI_NFC_A_PASSIVE_POLL_MODE: 332 case NCI_NFC_A_PASSIVE_POLL_MODE:
333 nfca_poll = &ntf->activation_params.nfca_poll_iso_dep; 333 nfca_poll = &ntf->activation_params.nfca_poll_iso_dep;
334 nfca_poll->rats_res_len = *data++; 334 nfca_poll->rats_res_len = min_t(__u8, *data++, 20);
335 pr_debug("rats_res_len %d\n", nfca_poll->rats_res_len); 335 pr_debug("rats_res_len %d\n", nfca_poll->rats_res_len);
336 if (nfca_poll->rats_res_len > 0) { 336 if (nfca_poll->rats_res_len > 0) {
337 memcpy(nfca_poll->rats_res, 337 memcpy(nfca_poll->rats_res,
@@ -341,7 +341,7 @@ static int nci_extract_activation_params_iso_dep(struct nci_dev *ndev,
341 341
342 case NCI_NFC_B_PASSIVE_POLL_MODE: 342 case NCI_NFC_B_PASSIVE_POLL_MODE:
343 nfcb_poll = &ntf->activation_params.nfcb_poll_iso_dep; 343 nfcb_poll = &ntf->activation_params.nfcb_poll_iso_dep;
344 nfcb_poll->attrib_res_len = *data++; 344 nfcb_poll->attrib_res_len = min_t(__u8, *data++, 50);
345 pr_debug("attrib_res_len %d\n", nfcb_poll->attrib_res_len); 345 pr_debug("attrib_res_len %d\n", nfcb_poll->attrib_res_len);
346 if (nfcb_poll->attrib_res_len > 0) { 346 if (nfcb_poll->attrib_res_len > 0) {
347 memcpy(nfcb_poll->attrib_res, 347 memcpy(nfcb_poll->attrib_res,
diff --git a/net/nfc/rawsock.c b/net/nfc/rawsock.c
index ec1134c9e07f..8b8a6a2b2bad 100644
--- a/net/nfc/rawsock.c
+++ b/net/nfc/rawsock.c
@@ -54,7 +54,10 @@ static int rawsock_release(struct socket *sock)
54{ 54{
55 struct sock *sk = sock->sk; 55 struct sock *sk = sock->sk;
56 56
57 pr_debug("sock=%p\n", sock); 57 pr_debug("sock=%p sk=%p\n", sock, sk);
58
59 if (!sk)
60 return 0;
58 61
59 sock_orphan(sk); 62 sock_orphan(sk);
60 sock_put(sk); 63 sock_put(sk);
generated by cgit v1.2.2 (git 2.25.0) at 2025-01-19 02:04:42 -0500