diff options
Diffstat (limited to 'net')
| -rw-r--r-- | net/bluetooth/hci_conn.c | 8 | ||||
| -rw-r--r-- | net/bluetooth/hci_core.c | 14 | ||||
| -rw-r--r-- | net/bluetooth/hci_event.c | 17 | ||||
| -rw-r--r-- | net/ieee802154/6lowpan_rtnl.c | 4 | ||||
| -rw-r--r-- | net/ieee802154/reassembly.c | 15 | ||||
| -rw-r--r-- | net/mac80211/chan.c | 2 | ||||
| -rw-r--r-- | net/mac80211/debugfs_sta.c | 2 | ||||
| -rw-r--r-- | net/mac80211/iface.c | 4 | ||||
| -rw-r--r-- | net/mac80211/mesh_plink.c | 7 | ||||
| -rw-r--r-- | net/mac80211/mlme.c | 3 | ||||
| -rw-r--r-- | net/mac80211/sta_info.c | 7 | ||||
| -rw-r--r-- | net/mac802154/wpan.c | 6 |
12 files changed, 62 insertions, 27 deletions
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c index b50dabb3f86a..faff6247ac8f 100644 --- a/net/bluetooth/hci_conn.c +++ b/net/bluetooth/hci_conn.c | |||
| @@ -589,6 +589,14 @@ EXPORT_SYMBOL(hci_get_route); | |||
| 589 | void hci_le_conn_failed(struct hci_conn *conn, u8 status) | 589 | void hci_le_conn_failed(struct hci_conn *conn, u8 status) |
| 590 | { | 590 | { |
| 591 | struct hci_dev *hdev = conn->hdev; | 591 | struct hci_dev *hdev = conn->hdev; |
| 592 | struct hci_conn_params *params; | ||
| 593 | |||
| 594 | params = hci_pend_le_action_lookup(&hdev->pend_le_conns, &conn->dst, | ||
| 595 | conn->dst_type); | ||
| 596 | if (params && params->conn) { | ||
| 597 | hci_conn_drop(params->conn); | ||
| 598 | params->conn = NULL; | ||
| 599 | } | ||
| 592 | 600 | ||
| 593 | conn->state = BT_CLOSED; | 601 | conn->state = BT_CLOSED; |
| 594 | 602 | ||
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c index abeb5e47311e..9b7145959a49 100644 --- a/net/bluetooth/hci_core.c +++ b/net/bluetooth/hci_core.c | |||
| @@ -2538,8 +2538,13 @@ static void hci_pend_le_actions_clear(struct hci_dev *hdev) | |||
| 2538 | { | 2538 | { |
| 2539 | struct hci_conn_params *p; | 2539 | struct hci_conn_params *p; |
| 2540 | 2540 | ||
| 2541 | list_for_each_entry(p, &hdev->le_conn_params, list) | 2541 | list_for_each_entry(p, &hdev->le_conn_params, list) { |
| 2542 | if (p->conn) { | ||
| 2543 | hci_conn_drop(p->conn); | ||
| 2544 | p->conn = NULL; | ||
| 2545 | } | ||
| 2542 | list_del_init(&p->action); | 2546 | list_del_init(&p->action); |
| 2547 | } | ||
| 2543 | 2548 | ||
| 2544 | BT_DBG("All LE pending actions cleared"); | 2549 | BT_DBG("All LE pending actions cleared"); |
| 2545 | } | 2550 | } |
| @@ -2580,8 +2585,8 @@ static int hci_dev_do_close(struct hci_dev *hdev) | |||
| 2580 | 2585 | ||
| 2581 | hci_dev_lock(hdev); | 2586 | hci_dev_lock(hdev); |
| 2582 | hci_inquiry_cache_flush(hdev); | 2587 | hci_inquiry_cache_flush(hdev); |
| 2583 | hci_conn_hash_flush(hdev); | ||
| 2584 | hci_pend_le_actions_clear(hdev); | 2588 | hci_pend_le_actions_clear(hdev); |
| 2589 | hci_conn_hash_flush(hdev); | ||
| 2585 | hci_dev_unlock(hdev); | 2590 | hci_dev_unlock(hdev); |
| 2586 | 2591 | ||
| 2587 | hci_notify(hdev, HCI_DEV_DOWN); | 2592 | hci_notify(hdev, HCI_DEV_DOWN); |
| @@ -3729,6 +3734,9 @@ void hci_conn_params_del(struct hci_dev *hdev, bdaddr_t *addr, u8 addr_type) | |||
| 3729 | if (!params) | 3734 | if (!params) |
| 3730 | return; | 3735 | return; |
| 3731 | 3736 | ||
| 3737 | if (params->conn) | ||
| 3738 | hci_conn_drop(params->conn); | ||
| 3739 | |||
| 3732 | list_del(¶ms->action); | 3740 | list_del(¶ms->action); |
| 3733 | list_del(¶ms->list); | 3741 | list_del(¶ms->list); |
| 3734 | kfree(params); | 3742 | kfree(params); |
| @@ -3759,6 +3767,8 @@ void hci_conn_params_clear_all(struct hci_dev *hdev) | |||
| 3759 | struct hci_conn_params *params, *tmp; | 3767 | struct hci_conn_params *params, *tmp; |
| 3760 | 3768 | ||
| 3761 | list_for_each_entry_safe(params, tmp, &hdev->le_conn_params, list) { | 3769 | list_for_each_entry_safe(params, tmp, &hdev->le_conn_params, list) { |
| 3770 | if (params->conn) | ||
| 3771 | hci_conn_drop(params->conn); | ||
| 3762 | list_del(¶ms->action); | 3772 | list_del(¶ms->action); |
| 3763 | list_del(¶ms->list); | 3773 | list_del(¶ms->list); |
| 3764 | kfree(params); | 3774 | kfree(params); |
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index da7ab6b9bb69..3a99f30a3317 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c | |||
| @@ -4226,8 +4226,13 @@ static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) | |||
| 4226 | hci_proto_connect_cfm(conn, ev->status); | 4226 | hci_proto_connect_cfm(conn, ev->status); |
| 4227 | 4227 | ||
| 4228 | params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type); | 4228 | params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type); |
| 4229 | if (params) | 4229 | if (params) { |
| 4230 | list_del_init(¶ms->action); | 4230 | list_del_init(¶ms->action); |
| 4231 | if (params->conn) { | ||
| 4232 | hci_conn_drop(params->conn); | ||
| 4233 | params->conn = NULL; | ||
| 4234 | } | ||
| 4235 | } | ||
| 4231 | 4236 | ||
| 4232 | unlock: | 4237 | unlock: |
| 4233 | hci_update_background_scan(hdev); | 4238 | hci_update_background_scan(hdev); |
| @@ -4309,8 +4314,16 @@ static void check_pending_le_conn(struct hci_dev *hdev, bdaddr_t *addr, | |||
| 4309 | 4314 | ||
| 4310 | conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW, | 4315 | conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW, |
| 4311 | HCI_LE_AUTOCONN_TIMEOUT, HCI_ROLE_MASTER); | 4316 | HCI_LE_AUTOCONN_TIMEOUT, HCI_ROLE_MASTER); |
| 4312 | if (!IS_ERR(conn)) | 4317 | if (!IS_ERR(conn)) { |
| 4318 | /* Store the pointer since we don't really have any | ||
| 4319 | * other owner of the object besides the params that | ||
| 4320 | * triggered it. This way we can abort the connection if | ||
| 4321 | * the parameters get removed and keep the reference | ||
| 4322 | * count consistent once the connection is established. | ||
| 4323 | */ | ||
| 4324 | params->conn = conn; | ||
| 4313 | return; | 4325 | return; |
| 4326 | } | ||
| 4314 | 4327 | ||
| 4315 | switch (PTR_ERR(conn)) { | 4328 | switch (PTR_ERR(conn)) { |
| 4316 | case -EBUSY: | 4329 | case -EBUSY: |
diff --git a/net/ieee802154/6lowpan_rtnl.c b/net/ieee802154/6lowpan_rtnl.c index 509d7a625a4b..5e788cdc499a 100644 --- a/net/ieee802154/6lowpan_rtnl.c +++ b/net/ieee802154/6lowpan_rtnl.c | |||
| @@ -238,7 +238,7 @@ lowpan_alloc_frag(struct sk_buff *skb, int size, | |||
| 238 | return ERR_PTR(-rc); | 238 | return ERR_PTR(-rc); |
| 239 | } | 239 | } |
| 240 | } else { | 240 | } else { |
| 241 | frag = ERR_PTR(ENOMEM); | 241 | frag = ERR_PTR(-ENOMEM); |
| 242 | } | 242 | } |
| 243 | 243 | ||
| 244 | return frag; | 244 | return frag; |
| @@ -429,7 +429,7 @@ static void lowpan_setup(struct net_device *dev) | |||
| 429 | /* Frame Control + Sequence Number + Address fields + Security Header */ | 429 | /* Frame Control + Sequence Number + Address fields + Security Header */ |
| 430 | dev->hard_header_len = 2 + 1 + 20 + 14; | 430 | dev->hard_header_len = 2 + 1 + 20 + 14; |
| 431 | dev->needed_tailroom = 2; /* FCS */ | 431 | dev->needed_tailroom = 2; /* FCS */ |
| 432 | dev->mtu = 1281; | 432 | dev->mtu = IPV6_MIN_MTU; |
| 433 | dev->tx_queue_len = 0; | 433 | dev->tx_queue_len = 0; |
| 434 | dev->flags = IFF_BROADCAST | IFF_MULTICAST; | 434 | dev->flags = IFF_BROADCAST | IFF_MULTICAST; |
| 435 | dev->watchdog_timeo = 0; | 435 | dev->watchdog_timeo = 0; |
diff --git a/net/ieee802154/reassembly.c b/net/ieee802154/reassembly.c index ffec6ce51005..32755cb7e64e 100644 --- a/net/ieee802154/reassembly.c +++ b/net/ieee802154/reassembly.c | |||
| @@ -355,8 +355,6 @@ int lowpan_frag_rcv(struct sk_buff *skb, const u8 frag_type) | |||
| 355 | struct net *net = dev_net(skb->dev); | 355 | struct net *net = dev_net(skb->dev); |
| 356 | struct lowpan_frag_info *frag_info = lowpan_cb(skb); | 356 | struct lowpan_frag_info *frag_info = lowpan_cb(skb); |
| 357 | struct ieee802154_addr source, dest; | 357 | struct ieee802154_addr source, dest; |
| 358 | struct netns_ieee802154_lowpan *ieee802154_lowpan = | ||
| 359 | net_ieee802154_lowpan(net); | ||
| 360 | int err; | 358 | int err; |
| 361 | 359 | ||
| 362 | source = mac_cb(skb)->source; | 360 | source = mac_cb(skb)->source; |
| @@ -366,8 +364,10 @@ int lowpan_frag_rcv(struct sk_buff *skb, const u8 frag_type) | |||
| 366 | if (err < 0) | 364 | if (err < 0) |
| 367 | goto err; | 365 | goto err; |
| 368 | 366 | ||
| 369 | if (frag_info->d_size > ieee802154_lowpan->max_dsize) | 367 | if (frag_info->d_size > IPV6_MIN_MTU) { |
| 368 | net_warn_ratelimited("lowpan_frag_rcv: datagram size exceeds MTU\n"); | ||
| 370 | goto err; | 369 | goto err; |
| 370 | } | ||
| 371 | 371 | ||
| 372 | fq = fq_find(net, frag_info, &source, &dest); | 372 | fq = fq_find(net, frag_info, &source, &dest); |
| 373 | if (fq != NULL) { | 373 | if (fq != NULL) { |
| @@ -415,13 +415,6 @@ static struct ctl_table lowpan_frags_ns_ctl_table[] = { | |||
| 415 | .mode = 0644, | 415 | .mode = 0644, |
| 416 | .proc_handler = proc_dointvec_jiffies, | 416 | .proc_handler = proc_dointvec_jiffies, |
| 417 | }, | 417 | }, |
| 418 | { | ||
| 419 | .procname = "6lowpanfrag_max_datagram_size", | ||
| 420 | .data = &init_net.ieee802154_lowpan.max_dsize, | ||
| 421 | .maxlen = sizeof(int), | ||
| 422 | .mode = 0644, | ||
| 423 | .proc_handler = proc_dointvec | ||
| 424 | }, | ||
| 425 | { } | 418 | { } |
| 426 | }; | 419 | }; |
| 427 | 420 | ||
| @@ -458,7 +451,6 @@ static int __net_init lowpan_frags_ns_sysctl_register(struct net *net) | |||
| 458 | table[1].data = &ieee802154_lowpan->frags.low_thresh; | 451 | table[1].data = &ieee802154_lowpan->frags.low_thresh; |
| 459 | table[1].extra2 = &ieee802154_lowpan->frags.high_thresh; | 452 | table[1].extra2 = &ieee802154_lowpan->frags.high_thresh; |
| 460 | table[2].data = &ieee802154_lowpan->frags.timeout; | 453 | table[2].data = &ieee802154_lowpan->frags.timeout; |
| 461 | table[3].data = &ieee802154_lowpan->max_dsize; | ||
| 462 | 454 | ||
| 463 | /* Don't export sysctls to unprivileged users */ | 455 | /* Don't export sysctls to unprivileged users */ |
| 464 | if (net->user_ns != &init_user_ns) | 456 | if (net->user_ns != &init_user_ns) |
| @@ -533,7 +525,6 @@ static int __net_init lowpan_frags_init_net(struct net *net) | |||
| 533 | ieee802154_lowpan->frags.high_thresh = IPV6_FRAG_HIGH_THRESH; | 525 | ieee802154_lowpan->frags.high_thresh = IPV6_FRAG_HIGH_THRESH; |
| 534 | ieee802154_lowpan->frags.low_thresh = IPV6_FRAG_LOW_THRESH; | 526 | ieee802154_lowpan->frags.low_thresh = IPV6_FRAG_LOW_THRESH; |
| 535 | ieee802154_lowpan->frags.timeout = IPV6_FRAG_TIMEOUT; | 527 | ieee802154_lowpan->frags.timeout = IPV6_FRAG_TIMEOUT; |
| 536 | ieee802154_lowpan->max_dsize = 0xFFFF; | ||
| 537 | 528 | ||
| 538 | inet_frags_init_net(&ieee802154_lowpan->frags); | 529 | inet_frags_init_net(&ieee802154_lowpan->frags); |
| 539 | 530 | ||
diff --git a/net/mac80211/chan.c b/net/mac80211/chan.c index 0da6f3a027e7..4c74e8da64b9 100644 --- a/net/mac80211/chan.c +++ b/net/mac80211/chan.c | |||
| @@ -541,6 +541,8 @@ static void ieee80211_recalc_chanctx_chantype(struct ieee80211_local *local, | |||
| 541 | continue; | 541 | continue; |
| 542 | if (rcu_access_pointer(sdata->vif.chanctx_conf) != conf) | 542 | if (rcu_access_pointer(sdata->vif.chanctx_conf) != conf) |
| 543 | continue; | 543 | continue; |
| 544 | if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) | ||
| 545 | continue; | ||
| 544 | 546 | ||
| 545 | if (!compat) | 547 | if (!compat) |
| 546 | compat = &sdata->vif.bss_conf.chandef; | 548 | compat = &sdata->vif.bss_conf.chandef; |
diff --git a/net/mac80211/debugfs_sta.c b/net/mac80211/debugfs_sta.c index 4a20fb8f1e23..33eb4a43a2f3 100644 --- a/net/mac80211/debugfs_sta.c +++ b/net/mac80211/debugfs_sta.c | |||
| @@ -168,7 +168,7 @@ static ssize_t sta_agg_status_read(struct file *file, char __user *userbuf, | |||
| 168 | p += scnprintf(p, sizeof(buf) + buf - p, "next dialog_token: %#02x\n", | 168 | p += scnprintf(p, sizeof(buf) + buf - p, "next dialog_token: %#02x\n", |
| 169 | sta->ampdu_mlme.dialog_token_allocator + 1); | 169 | sta->ampdu_mlme.dialog_token_allocator + 1); |
| 170 | p += scnprintf(p, sizeof(buf) + buf - p, | 170 | p += scnprintf(p, sizeof(buf) + buf - p, |
| 171 | "TID\t\tRX active\tDTKN\tSSN\t\tTX\tDTKN\tpending\n"); | 171 | "TID\t\tRX\tDTKN\tSSN\t\tTX\tDTKN\tpending\n"); |
| 172 | 172 | ||
| 173 | for (i = 0; i < IEEE80211_NUM_TIDS; i++) { | 173 | for (i = 0; i < IEEE80211_NUM_TIDS; i++) { |
| 174 | tid_rx = rcu_dereference(sta->ampdu_mlme.tid_rx[i]); | 174 | tid_rx = rcu_dereference(sta->ampdu_mlme.tid_rx[i]); |
diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c index 01eede7406a5..f75e5f132c5a 100644 --- a/net/mac80211/iface.c +++ b/net/mac80211/iface.c | |||
| @@ -1175,8 +1175,8 @@ static void ieee80211_iface_work(struct work_struct *work) | |||
| 1175 | if (sta) { | 1175 | if (sta) { |
| 1176 | u16 last_seq; | 1176 | u16 last_seq; |
| 1177 | 1177 | ||
| 1178 | last_seq = le16_to_cpu( | 1178 | last_seq = IEEE80211_SEQ_TO_SN(le16_to_cpu( |
| 1179 | sta->last_seq_ctrl[rx_agg->tid]); | 1179 | sta->last_seq_ctrl[rx_agg->tid])); |
| 1180 | 1180 | ||
| 1181 | __ieee80211_start_rx_ba_session(sta, | 1181 | __ieee80211_start_rx_ba_session(sta, |
| 1182 | 0, 0, | 1182 | 0, 0, |
diff --git a/net/mac80211/mesh_plink.c b/net/mac80211/mesh_plink.c index 8f0887fc7128..b488e1859b18 100644 --- a/net/mac80211/mesh_plink.c +++ b/net/mac80211/mesh_plink.c | |||
| @@ -957,7 +957,8 @@ mesh_plink_get_event(struct ieee80211_sub_if_data *sdata, | |||
| 957 | if (!matches_local) | 957 | if (!matches_local) |
| 958 | event = CNF_RJCT; | 958 | event = CNF_RJCT; |
| 959 | if (!mesh_plink_free_count(sdata) || | 959 | if (!mesh_plink_free_count(sdata) || |
| 960 | (sta->llid != llid || sta->plid != plid)) | 960 | sta->llid != llid || |
| 961 | (sta->plid && sta->plid != plid)) | ||
| 961 | event = CNF_IGNR; | 962 | event = CNF_IGNR; |
| 962 | else | 963 | else |
| 963 | event = CNF_ACPT; | 964 | event = CNF_ACPT; |
| @@ -1074,6 +1075,10 @@ mesh_process_plink_frame(struct ieee80211_sub_if_data *sdata, | |||
| 1074 | goto unlock_rcu; | 1075 | goto unlock_rcu; |
| 1075 | } | 1076 | } |
| 1076 | 1077 | ||
| 1078 | /* 802.11-2012 13.3.7.2 - update plid on CNF if not set */ | ||
| 1079 | if (!sta->plid && event == CNF_ACPT) | ||
| 1080 | sta->plid = plid; | ||
| 1081 | |||
| 1077 | changed |= mesh_plink_fsm(sdata, sta, event); | 1082 | changed |= mesh_plink_fsm(sdata, sta, event); |
| 1078 | 1083 | ||
| 1079 | unlock_rcu: | 1084 | unlock_rcu: |
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c index 29fe91d6a094..8a73de6a5f5b 100644 --- a/net/mac80211/mlme.c +++ b/net/mac80211/mlme.c | |||
| @@ -4389,8 +4389,7 @@ int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata, | |||
| 4389 | rcu_read_unlock(); | 4389 | rcu_read_unlock(); |
| 4390 | 4390 | ||
| 4391 | if (bss->wmm_used && bss->uapsd_supported && | 4391 | if (bss->wmm_used && bss->uapsd_supported && |
| 4392 | (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_UAPSD) && | 4392 | (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_UAPSD)) { |
| 4393 | sdata->wmm_acm != 0xff) { | ||
| 4394 | assoc_data->uapsd = true; | 4393 | assoc_data->uapsd = true; |
| 4395 | ifmgd->flags |= IEEE80211_STA_UAPSD_ENABLED; | 4394 | ifmgd->flags |= IEEE80211_STA_UAPSD_ENABLED; |
| 4396 | } else { | 4395 | } else { |
diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c index e1f957d5935e..730030542024 100644 --- a/net/mac80211/sta_info.c +++ b/net/mac80211/sta_info.c | |||
| @@ -1094,8 +1094,11 @@ void ieee80211_sta_ps_deliver_wakeup(struct sta_info *sta) | |||
| 1094 | unsigned long flags; | 1094 | unsigned long flags; |
| 1095 | struct ps_data *ps; | 1095 | struct ps_data *ps; |
| 1096 | 1096 | ||
| 1097 | if (sdata->vif.type == NL80211_IFTYPE_AP || | 1097 | if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) |
| 1098 | sdata->vif.type == NL80211_IFTYPE_AP_VLAN) | 1098 | sdata = container_of(sdata->bss, struct ieee80211_sub_if_data, |
| 1099 | u.ap); | ||
| 1100 | |||
| 1101 | if (sdata->vif.type == NL80211_IFTYPE_AP) | ||
| 1099 | ps = &sdata->bss->ps; | 1102 | ps = &sdata->bss->ps; |
| 1100 | else if (ieee80211_vif_is_mesh(&sdata->vif)) | 1103 | else if (ieee80211_vif_is_mesh(&sdata->vif)) |
| 1101 | ps = &sdata->u.mesh.ps; | 1104 | ps = &sdata->u.mesh.ps; |
diff --git a/net/mac802154/wpan.c b/net/mac802154/wpan.c index ce1757001917..b7961129ce4d 100644 --- a/net/mac802154/wpan.c +++ b/net/mac802154/wpan.c | |||
| @@ -462,7 +462,10 @@ mac802154_subif_frame(struct mac802154_sub_if_data *sdata, struct sk_buff *skb, | |||
| 462 | skb->pkt_type = PACKET_OTHERHOST; | 462 | skb->pkt_type = PACKET_OTHERHOST; |
| 463 | break; | 463 | break; |
| 464 | default: | 464 | default: |
| 465 | break; | 465 | spin_unlock_bh(&sdata->mib_lock); |
| 466 | pr_debug("invalid dest mode\n"); | ||
| 467 | kfree_skb(skb); | ||
| 468 | return NET_RX_DROP; | ||
| 466 | } | 469 | } |
| 467 | 470 | ||
| 468 | spin_unlock_bh(&sdata->mib_lock); | 471 | spin_unlock_bh(&sdata->mib_lock); |
| @@ -575,6 +578,7 @@ void mac802154_wpans_rx(struct mac802154_priv *priv, struct sk_buff *skb) | |||
| 575 | ret = mac802154_parse_frame_start(skb, &hdr); | 578 | ret = mac802154_parse_frame_start(skb, &hdr); |
| 576 | if (ret) { | 579 | if (ret) { |
| 577 | pr_debug("got invalid frame\n"); | 580 | pr_debug("got invalid frame\n"); |
| 581 | kfree_skb(skb); | ||
| 578 | return; | 582 | return; |
| 579 | } | 583 | } |
| 580 | 584 | ||