diff options
Diffstat (limited to 'net')
-rw-r--r-- | net/bluetooth/af_bluetooth.c | 8 | ||||
-rw-r--r-- | net/bluetooth/hci_event.c | 22 | ||||
-rw-r--r-- | net/bluetooth/hci_sock.c | 2 | ||||
-rw-r--r-- | net/bluetooth/l2cap_core.c | 26 | ||||
-rw-r--r-- | net/bluetooth/l2cap_sock.c | 2 | ||||
-rw-r--r-- | net/bluetooth/mgmt.c | 4 | ||||
-rw-r--r-- | net/bluetooth/rfcomm/sock.c | 12 | ||||
-rw-r--r-- | net/bluetooth/rfcomm/tty.c | 22 | ||||
-rw-r--r-- | net/bluetooth/sco.c | 8 | ||||
-rw-r--r-- | net/mac80211/wpa.c | 2 | ||||
-rw-r--r-- | net/wireless/nl80211.c | 34 |
11 files changed, 86 insertions, 56 deletions
diff --git a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c index cdcfcabb34ab..ef92864ac625 100644 --- a/net/bluetooth/af_bluetooth.c +++ b/net/bluetooth/af_bluetooth.c | |||
@@ -156,17 +156,17 @@ static int bt_sock_create(struct net *net, struct socket *sock, int proto, | |||
156 | 156 | ||
157 | void bt_sock_link(struct bt_sock_list *l, struct sock *sk) | 157 | void bt_sock_link(struct bt_sock_list *l, struct sock *sk) |
158 | { | 158 | { |
159 | write_lock_bh(&l->lock); | 159 | write_lock(&l->lock); |
160 | sk_add_node(sk, &l->head); | 160 | sk_add_node(sk, &l->head); |
161 | write_unlock_bh(&l->lock); | 161 | write_unlock(&l->lock); |
162 | } | 162 | } |
163 | EXPORT_SYMBOL(bt_sock_link); | 163 | EXPORT_SYMBOL(bt_sock_link); |
164 | 164 | ||
165 | void bt_sock_unlink(struct bt_sock_list *l, struct sock *sk) | 165 | void bt_sock_unlink(struct bt_sock_list *l, struct sock *sk) |
166 | { | 166 | { |
167 | write_lock_bh(&l->lock); | 167 | write_lock(&l->lock); |
168 | sk_del_node_init(sk); | 168 | sk_del_node_init(sk); |
169 | write_unlock_bh(&l->lock); | 169 | write_unlock(&l->lock); |
170 | } | 170 | } |
171 | EXPORT_SYMBOL(bt_sock_unlink); | 171 | EXPORT_SYMBOL(bt_sock_unlink); |
172 | 172 | ||
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index 4221bd256bdd..001307f81057 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c | |||
@@ -711,7 +711,14 @@ static void hci_cc_read_local_ext_features(struct hci_dev *hdev, | |||
711 | if (rp->status) | 711 | if (rp->status) |
712 | return; | 712 | return; |
713 | 713 | ||
714 | memcpy(hdev->extfeatures, rp->features, 8); | 714 | switch (rp->page) { |
715 | case 0: | ||
716 | memcpy(hdev->features, rp->features, 8); | ||
717 | break; | ||
718 | case 1: | ||
719 | memcpy(hdev->host_features, rp->features, 8); | ||
720 | break; | ||
721 | } | ||
715 | 722 | ||
716 | hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status); | 723 | hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status); |
717 | } | 724 | } |
@@ -1047,9 +1054,7 @@ static void hci_cc_le_set_scan_enable(struct hci_dev *hdev, | |||
1047 | case LE_SCANNING_DISABLED: | 1054 | case LE_SCANNING_DISABLED: |
1048 | clear_bit(HCI_LE_SCAN, &hdev->dev_flags); | 1055 | clear_bit(HCI_LE_SCAN, &hdev->dev_flags); |
1049 | 1056 | ||
1050 | cancel_delayed_work_sync(&hdev->adv_work); | 1057 | schedule_delayed_work(&hdev->adv_work, ADV_CLEAR_TIMEOUT); |
1051 | queue_delayed_work(hdev->workqueue, &hdev->adv_work, | ||
1052 | jiffies + ADV_CLEAR_TIMEOUT); | ||
1053 | break; | 1058 | break; |
1054 | 1059 | ||
1055 | default: | 1060 | default: |
@@ -2266,20 +2271,19 @@ static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *s | |||
2266 | struct hci_ev_num_comp_pkts *ev = (void *) skb->data; | 2271 | struct hci_ev_num_comp_pkts *ev = (void *) skb->data; |
2267 | int i; | 2272 | int i; |
2268 | 2273 | ||
2269 | skb_pull(skb, sizeof(*ev)); | ||
2270 | |||
2271 | BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl); | ||
2272 | |||
2273 | if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) { | 2274 | if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) { |
2274 | BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode); | 2275 | BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode); |
2275 | return; | 2276 | return; |
2276 | } | 2277 | } |
2277 | 2278 | ||
2278 | if (skb->len < ev->num_hndl * 4) { | 2279 | if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) + |
2280 | ev->num_hndl * sizeof(struct hci_comp_pkts_info)) { | ||
2279 | BT_DBG("%s bad parameters", hdev->name); | 2281 | BT_DBG("%s bad parameters", hdev->name); |
2280 | return; | 2282 | return; |
2281 | } | 2283 | } |
2282 | 2284 | ||
2285 | BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl); | ||
2286 | |||
2283 | for (i = 0; i < ev->num_hndl; i++) { | 2287 | for (i = 0; i < ev->num_hndl; i++) { |
2284 | struct hci_comp_pkts_info *info = &ev->handles[i]; | 2288 | struct hci_comp_pkts_info *info = &ev->handles[i]; |
2285 | struct hci_conn *conn; | 2289 | struct hci_conn *conn; |
diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c index 6d94616af312..0dcc96266779 100644 --- a/net/bluetooth/hci_sock.c +++ b/net/bluetooth/hci_sock.c | |||
@@ -767,7 +767,6 @@ static int hci_sock_dev_event(struct notifier_block *this, unsigned long event, | |||
767 | /* Detach sockets from device */ | 767 | /* Detach sockets from device */ |
768 | read_lock(&hci_sk_list.lock); | 768 | read_lock(&hci_sk_list.lock); |
769 | sk_for_each(sk, node, &hci_sk_list.head) { | 769 | sk_for_each(sk, node, &hci_sk_list.head) { |
770 | local_bh_disable(); | ||
771 | bh_lock_sock_nested(sk); | 770 | bh_lock_sock_nested(sk); |
772 | if (hci_pi(sk)->hdev == hdev) { | 771 | if (hci_pi(sk)->hdev == hdev) { |
773 | hci_pi(sk)->hdev = NULL; | 772 | hci_pi(sk)->hdev = NULL; |
@@ -778,7 +777,6 @@ static int hci_sock_dev_event(struct notifier_block *this, unsigned long event, | |||
778 | hci_dev_put(hdev); | 777 | hci_dev_put(hdev); |
779 | } | 778 | } |
780 | bh_unlock_sock(sk); | 779 | bh_unlock_sock(sk); |
781 | local_bh_enable(); | ||
782 | } | 780 | } |
783 | read_unlock(&hci_sk_list.lock); | 781 | read_unlock(&hci_sk_list.lock); |
784 | } | 782 | } |
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c index aa78d8c4b93b..faf0b11ac1d3 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c | |||
@@ -165,7 +165,7 @@ int l2cap_add_psm(struct l2cap_chan *chan, bdaddr_t *src, __le16 psm) | |||
165 | { | 165 | { |
166 | int err; | 166 | int err; |
167 | 167 | ||
168 | write_lock_bh(&chan_list_lock); | 168 | write_lock(&chan_list_lock); |
169 | 169 | ||
170 | if (psm && __l2cap_global_chan_by_addr(psm, src)) { | 170 | if (psm && __l2cap_global_chan_by_addr(psm, src)) { |
171 | err = -EADDRINUSE; | 171 | err = -EADDRINUSE; |
@@ -190,17 +190,17 @@ int l2cap_add_psm(struct l2cap_chan *chan, bdaddr_t *src, __le16 psm) | |||
190 | } | 190 | } |
191 | 191 | ||
192 | done: | 192 | done: |
193 | write_unlock_bh(&chan_list_lock); | 193 | write_unlock(&chan_list_lock); |
194 | return err; | 194 | return err; |
195 | } | 195 | } |
196 | 196 | ||
197 | int l2cap_add_scid(struct l2cap_chan *chan, __u16 scid) | 197 | int l2cap_add_scid(struct l2cap_chan *chan, __u16 scid) |
198 | { | 198 | { |
199 | write_lock_bh(&chan_list_lock); | 199 | write_lock(&chan_list_lock); |
200 | 200 | ||
201 | chan->scid = scid; | 201 | chan->scid = scid; |
202 | 202 | ||
203 | write_unlock_bh(&chan_list_lock); | 203 | write_unlock(&chan_list_lock); |
204 | 204 | ||
205 | return 0; | 205 | return 0; |
206 | } | 206 | } |
@@ -289,9 +289,9 @@ struct l2cap_chan *l2cap_chan_create(struct sock *sk) | |||
289 | 289 | ||
290 | chan->sk = sk; | 290 | chan->sk = sk; |
291 | 291 | ||
292 | write_lock_bh(&chan_list_lock); | 292 | write_lock(&chan_list_lock); |
293 | list_add(&chan->global_l, &chan_list); | 293 | list_add(&chan->global_l, &chan_list); |
294 | write_unlock_bh(&chan_list_lock); | 294 | write_unlock(&chan_list_lock); |
295 | 295 | ||
296 | INIT_DELAYED_WORK(&chan->chan_timer, l2cap_chan_timeout); | 296 | INIT_DELAYED_WORK(&chan->chan_timer, l2cap_chan_timeout); |
297 | 297 | ||
@@ -306,9 +306,9 @@ struct l2cap_chan *l2cap_chan_create(struct sock *sk) | |||
306 | 306 | ||
307 | void l2cap_chan_destroy(struct l2cap_chan *chan) | 307 | void l2cap_chan_destroy(struct l2cap_chan *chan) |
308 | { | 308 | { |
309 | write_lock_bh(&chan_list_lock); | 309 | write_lock(&chan_list_lock); |
310 | list_del(&chan->global_l); | 310 | list_del(&chan->global_l); |
311 | write_unlock_bh(&chan_list_lock); | 311 | write_unlock(&chan_list_lock); |
312 | 312 | ||
313 | l2cap_chan_put(chan); | 313 | l2cap_chan_put(chan); |
314 | } | 314 | } |
@@ -543,14 +543,14 @@ static u8 l2cap_get_ident(struct l2cap_conn *conn) | |||
543 | * 200 - 254 are used by utilities like l2ping, etc. | 543 | * 200 - 254 are used by utilities like l2ping, etc. |
544 | */ | 544 | */ |
545 | 545 | ||
546 | spin_lock_bh(&conn->lock); | 546 | spin_lock(&conn->lock); |
547 | 547 | ||
548 | if (++conn->tx_ident > 128) | 548 | if (++conn->tx_ident > 128) |
549 | conn->tx_ident = 1; | 549 | conn->tx_ident = 1; |
550 | 550 | ||
551 | id = conn->tx_ident; | 551 | id = conn->tx_ident; |
552 | 552 | ||
553 | spin_unlock_bh(&conn->lock); | 553 | spin_unlock(&conn->lock); |
554 | 554 | ||
555 | return id; | 555 | return id; |
556 | } | 556 | } |
@@ -1190,7 +1190,7 @@ inline int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid, bdad | |||
1190 | } | 1190 | } |
1191 | 1191 | ||
1192 | /* Set destination address and psm */ | 1192 | /* Set destination address and psm */ |
1193 | bacpy(&bt_sk(sk)->dst, src); | 1193 | bacpy(&bt_sk(sk)->dst, dst); |
1194 | chan->psm = psm; | 1194 | chan->psm = psm; |
1195 | chan->dcid = cid; | 1195 | chan->dcid = cid; |
1196 | 1196 | ||
@@ -4702,7 +4702,7 @@ static int l2cap_debugfs_show(struct seq_file *f, void *p) | |||
4702 | { | 4702 | { |
4703 | struct l2cap_chan *c; | 4703 | struct l2cap_chan *c; |
4704 | 4704 | ||
4705 | read_lock_bh(&chan_list_lock); | 4705 | read_lock(&chan_list_lock); |
4706 | 4706 | ||
4707 | list_for_each_entry(c, &chan_list, global_l) { | 4707 | list_for_each_entry(c, &chan_list, global_l) { |
4708 | struct sock *sk = c->sk; | 4708 | struct sock *sk = c->sk; |
@@ -4715,7 +4715,7 @@ static int l2cap_debugfs_show(struct seq_file *f, void *p) | |||
4715 | c->sec_level, c->mode); | 4715 | c->sec_level, c->mode); |
4716 | } | 4716 | } |
4717 | 4717 | ||
4718 | read_unlock_bh(&chan_list_lock); | 4718 | read_unlock(&chan_list_lock); |
4719 | 4719 | ||
4720 | return 0; | 4720 | return 0; |
4721 | } | 4721 | } |
diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c index 9ca5616166f7..c61d967012b2 100644 --- a/net/bluetooth/l2cap_sock.c +++ b/net/bluetooth/l2cap_sock.c | |||
@@ -587,6 +587,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, ch | |||
587 | if (smp_conn_security(conn, sec.level)) | 587 | if (smp_conn_security(conn, sec.level)) |
588 | break; | 588 | break; |
589 | sk->sk_state = BT_CONFIG; | 589 | sk->sk_state = BT_CONFIG; |
590 | chan->state = BT_CONFIG; | ||
590 | 591 | ||
591 | /* or for ACL link, under defer_setup time */ | 592 | /* or for ACL link, under defer_setup time */ |
592 | } else if (sk->sk_state == BT_CONNECT2 && | 593 | } else if (sk->sk_state == BT_CONNECT2 && |
@@ -731,6 +732,7 @@ static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct ms | |||
731 | 732 | ||
732 | if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) { | 733 | if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) { |
733 | sk->sk_state = BT_CONFIG; | 734 | sk->sk_state = BT_CONFIG; |
735 | pi->chan->state = BT_CONFIG; | ||
734 | 736 | ||
735 | __l2cap_connect_rsp_defer(pi->chan); | 737 | __l2cap_connect_rsp_defer(pi->chan); |
736 | release_sock(sk); | 738 | release_sock(sk); |
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c index 2540944d871f..bc8e59dda78e 100644 --- a/net/bluetooth/mgmt.c +++ b/net/bluetooth/mgmt.c | |||
@@ -291,7 +291,7 @@ static u32 get_current_settings(struct hci_dev *hdev) | |||
291 | if (!(hdev->features[4] & LMP_NO_BREDR)) | 291 | if (!(hdev->features[4] & LMP_NO_BREDR)) |
292 | settings |= MGMT_SETTING_BREDR; | 292 | settings |= MGMT_SETTING_BREDR; |
293 | 293 | ||
294 | if (hdev->extfeatures[0] & LMP_HOST_LE) | 294 | if (hdev->host_features[0] & LMP_HOST_LE) |
295 | settings |= MGMT_SETTING_LE; | 295 | settings |= MGMT_SETTING_LE; |
296 | 296 | ||
297 | if (test_bit(HCI_AUTH, &hdev->flags)) | 297 | if (test_bit(HCI_AUTH, &hdev->flags)) |
@@ -2756,7 +2756,7 @@ int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status) | |||
2756 | if (!cmd) | 2756 | if (!cmd) |
2757 | return -ENOENT; | 2757 | return -ENOENT; |
2758 | 2758 | ||
2759 | err = cmd_status(cmd->sk, hdev->id, cmd->opcode, status); | 2759 | err = cmd_status(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status)); |
2760 | mgmt_pending_remove(cmd); | 2760 | mgmt_pending_remove(cmd); |
2761 | 2761 | ||
2762 | return err; | 2762 | return err; |
diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c index aea2bdd1510f..f066678faeee 100644 --- a/net/bluetooth/rfcomm/sock.c +++ b/net/bluetooth/rfcomm/sock.c | |||
@@ -370,7 +370,7 @@ static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr | |||
370 | goto done; | 370 | goto done; |
371 | } | 371 | } |
372 | 372 | ||
373 | write_lock_bh(&rfcomm_sk_list.lock); | 373 | write_lock(&rfcomm_sk_list.lock); |
374 | 374 | ||
375 | if (sa->rc_channel && __rfcomm_get_sock_by_addr(sa->rc_channel, &sa->rc_bdaddr)) { | 375 | if (sa->rc_channel && __rfcomm_get_sock_by_addr(sa->rc_channel, &sa->rc_bdaddr)) { |
376 | err = -EADDRINUSE; | 376 | err = -EADDRINUSE; |
@@ -381,7 +381,7 @@ static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr | |||
381 | sk->sk_state = BT_BOUND; | 381 | sk->sk_state = BT_BOUND; |
382 | } | 382 | } |
383 | 383 | ||
384 | write_unlock_bh(&rfcomm_sk_list.lock); | 384 | write_unlock(&rfcomm_sk_list.lock); |
385 | 385 | ||
386 | done: | 386 | done: |
387 | release_sock(sk); | 387 | release_sock(sk); |
@@ -455,7 +455,7 @@ static int rfcomm_sock_listen(struct socket *sock, int backlog) | |||
455 | 455 | ||
456 | err = -EINVAL; | 456 | err = -EINVAL; |
457 | 457 | ||
458 | write_lock_bh(&rfcomm_sk_list.lock); | 458 | write_lock(&rfcomm_sk_list.lock); |
459 | 459 | ||
460 | for (channel = 1; channel < 31; channel++) | 460 | for (channel = 1; channel < 31; channel++) |
461 | if (!__rfcomm_get_sock_by_addr(channel, src)) { | 461 | if (!__rfcomm_get_sock_by_addr(channel, src)) { |
@@ -464,7 +464,7 @@ static int rfcomm_sock_listen(struct socket *sock, int backlog) | |||
464 | break; | 464 | break; |
465 | } | 465 | } |
466 | 466 | ||
467 | write_unlock_bh(&rfcomm_sk_list.lock); | 467 | write_unlock(&rfcomm_sk_list.lock); |
468 | 468 | ||
469 | if (err < 0) | 469 | if (err < 0) |
470 | goto done; | 470 | goto done; |
@@ -982,7 +982,7 @@ static int rfcomm_sock_debugfs_show(struct seq_file *f, void *p) | |||
982 | struct sock *sk; | 982 | struct sock *sk; |
983 | struct hlist_node *node; | 983 | struct hlist_node *node; |
984 | 984 | ||
985 | read_lock_bh(&rfcomm_sk_list.lock); | 985 | read_lock(&rfcomm_sk_list.lock); |
986 | 986 | ||
987 | sk_for_each(sk, node, &rfcomm_sk_list.head) { | 987 | sk_for_each(sk, node, &rfcomm_sk_list.head) { |
988 | seq_printf(f, "%s %s %d %d\n", | 988 | seq_printf(f, "%s %s %d %d\n", |
@@ -991,7 +991,7 @@ static int rfcomm_sock_debugfs_show(struct seq_file *f, void *p) | |||
991 | sk->sk_state, rfcomm_pi(sk)->channel); | 991 | sk->sk_state, rfcomm_pi(sk)->channel); |
992 | } | 992 | } |
993 | 993 | ||
994 | read_unlock_bh(&rfcomm_sk_list.lock); | 994 | read_unlock(&rfcomm_sk_list.lock); |
995 | 995 | ||
996 | return 0; | 996 | return 0; |
997 | } | 997 | } |
diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c index fa8f4de53b99..a2d4f5122a6a 100644 --- a/net/bluetooth/rfcomm/tty.c +++ b/net/bluetooth/rfcomm/tty.c | |||
@@ -76,7 +76,7 @@ struct rfcomm_dev { | |||
76 | }; | 76 | }; |
77 | 77 | ||
78 | static LIST_HEAD(rfcomm_dev_list); | 78 | static LIST_HEAD(rfcomm_dev_list); |
79 | static DEFINE_RWLOCK(rfcomm_dev_lock); | 79 | static DEFINE_SPINLOCK(rfcomm_dev_lock); |
80 | 80 | ||
81 | static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb); | 81 | static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb); |
82 | static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err); | 82 | static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err); |
@@ -146,7 +146,7 @@ static inline struct rfcomm_dev *rfcomm_dev_get(int id) | |||
146 | { | 146 | { |
147 | struct rfcomm_dev *dev; | 147 | struct rfcomm_dev *dev; |
148 | 148 | ||
149 | read_lock(&rfcomm_dev_lock); | 149 | spin_lock(&rfcomm_dev_lock); |
150 | 150 | ||
151 | dev = __rfcomm_dev_get(id); | 151 | dev = __rfcomm_dev_get(id); |
152 | 152 | ||
@@ -157,7 +157,7 @@ static inline struct rfcomm_dev *rfcomm_dev_get(int id) | |||
157 | rfcomm_dev_hold(dev); | 157 | rfcomm_dev_hold(dev); |
158 | } | 158 | } |
159 | 159 | ||
160 | read_unlock(&rfcomm_dev_lock); | 160 | spin_unlock(&rfcomm_dev_lock); |
161 | 161 | ||
162 | return dev; | 162 | return dev; |
163 | } | 163 | } |
@@ -205,7 +205,7 @@ static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc) | |||
205 | if (!dev) | 205 | if (!dev) |
206 | return -ENOMEM; | 206 | return -ENOMEM; |
207 | 207 | ||
208 | write_lock_bh(&rfcomm_dev_lock); | 208 | spin_lock(&rfcomm_dev_lock); |
209 | 209 | ||
210 | if (req->dev_id < 0) { | 210 | if (req->dev_id < 0) { |
211 | dev->id = 0; | 211 | dev->id = 0; |
@@ -290,7 +290,7 @@ static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc) | |||
290 | __module_get(THIS_MODULE); | 290 | __module_get(THIS_MODULE); |
291 | 291 | ||
292 | out: | 292 | out: |
293 | write_unlock_bh(&rfcomm_dev_lock); | 293 | spin_unlock(&rfcomm_dev_lock); |
294 | 294 | ||
295 | if (err < 0) | 295 | if (err < 0) |
296 | goto free; | 296 | goto free; |
@@ -327,9 +327,9 @@ static void rfcomm_dev_del(struct rfcomm_dev *dev) | |||
327 | if (atomic_read(&dev->opened) > 0) | 327 | if (atomic_read(&dev->opened) > 0) |
328 | return; | 328 | return; |
329 | 329 | ||
330 | write_lock_bh(&rfcomm_dev_lock); | 330 | spin_lock(&rfcomm_dev_lock); |
331 | list_del_init(&dev->list); | 331 | list_del_init(&dev->list); |
332 | write_unlock_bh(&rfcomm_dev_lock); | 332 | spin_unlock(&rfcomm_dev_lock); |
333 | 333 | ||
334 | rfcomm_dev_put(dev); | 334 | rfcomm_dev_put(dev); |
335 | } | 335 | } |
@@ -473,7 +473,7 @@ static int rfcomm_get_dev_list(void __user *arg) | |||
473 | 473 | ||
474 | di = dl->dev_info; | 474 | di = dl->dev_info; |
475 | 475 | ||
476 | read_lock_bh(&rfcomm_dev_lock); | 476 | spin_lock(&rfcomm_dev_lock); |
477 | 477 | ||
478 | list_for_each_entry(dev, &rfcomm_dev_list, list) { | 478 | list_for_each_entry(dev, &rfcomm_dev_list, list) { |
479 | if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags)) | 479 | if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags)) |
@@ -488,7 +488,7 @@ static int rfcomm_get_dev_list(void __user *arg) | |||
488 | break; | 488 | break; |
489 | } | 489 | } |
490 | 490 | ||
491 | read_unlock_bh(&rfcomm_dev_lock); | 491 | spin_unlock(&rfcomm_dev_lock); |
492 | 492 | ||
493 | dl->dev_num = n; | 493 | dl->dev_num = n; |
494 | size = sizeof(*dl) + n * sizeof(*di); | 494 | size = sizeof(*dl) + n * sizeof(*di); |
@@ -766,9 +766,9 @@ static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp) | |||
766 | rfcomm_dlc_unlock(dev->dlc); | 766 | rfcomm_dlc_unlock(dev->dlc); |
767 | 767 | ||
768 | if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags)) { | 768 | if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags)) { |
769 | write_lock_bh(&rfcomm_dev_lock); | 769 | spin_lock(&rfcomm_dev_lock); |
770 | list_del_init(&dev->list); | 770 | list_del_init(&dev->list); |
771 | write_unlock_bh(&rfcomm_dev_lock); | 771 | spin_unlock(&rfcomm_dev_lock); |
772 | 772 | ||
773 | rfcomm_dev_put(dev); | 773 | rfcomm_dev_put(dev); |
774 | } | 774 | } |
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c index 5dc2f2126fac..8bf26d1bc5c1 100644 --- a/net/bluetooth/sco.c +++ b/net/bluetooth/sco.c | |||
@@ -482,7 +482,7 @@ static int sco_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_le | |||
482 | goto done; | 482 | goto done; |
483 | } | 483 | } |
484 | 484 | ||
485 | write_lock_bh(&sco_sk_list.lock); | 485 | write_lock(&sco_sk_list.lock); |
486 | 486 | ||
487 | if (bacmp(src, BDADDR_ANY) && __sco_get_sock_by_addr(src)) { | 487 | if (bacmp(src, BDADDR_ANY) && __sco_get_sock_by_addr(src)) { |
488 | err = -EADDRINUSE; | 488 | err = -EADDRINUSE; |
@@ -492,7 +492,7 @@ static int sco_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_le | |||
492 | sk->sk_state = BT_BOUND; | 492 | sk->sk_state = BT_BOUND; |
493 | } | 493 | } |
494 | 494 | ||
495 | write_unlock_bh(&sco_sk_list.lock); | 495 | write_unlock(&sco_sk_list.lock); |
496 | 496 | ||
497 | done: | 497 | done: |
498 | release_sock(sk); | 498 | release_sock(sk); |
@@ -965,14 +965,14 @@ static int sco_debugfs_show(struct seq_file *f, void *p) | |||
965 | struct sock *sk; | 965 | struct sock *sk; |
966 | struct hlist_node *node; | 966 | struct hlist_node *node; |
967 | 967 | ||
968 | read_lock_bh(&sco_sk_list.lock); | 968 | read_lock(&sco_sk_list.lock); |
969 | 969 | ||
970 | sk_for_each(sk, node, &sco_sk_list.head) { | 970 | sk_for_each(sk, node, &sco_sk_list.head) { |
971 | seq_printf(f, "%s %s %d\n", batostr(&bt_sk(sk)->src), | 971 | seq_printf(f, "%s %s %d\n", batostr(&bt_sk(sk)->src), |
972 | batostr(&bt_sk(sk)->dst), sk->sk_state); | 972 | batostr(&bt_sk(sk)->dst), sk->sk_state); |
973 | } | 973 | } |
974 | 974 | ||
975 | read_unlock_bh(&sco_sk_list.lock); | 975 | read_unlock(&sco_sk_list.lock); |
976 | 976 | ||
977 | return 0; | 977 | return 0; |
978 | } | 978 | } |
diff --git a/net/mac80211/wpa.c b/net/mac80211/wpa.c index 93aab0715e8a..422b79851ec5 100644 --- a/net/mac80211/wpa.c +++ b/net/mac80211/wpa.c | |||
@@ -106,7 +106,7 @@ ieee80211_rx_h_michael_mic_verify(struct ieee80211_rx_data *rx) | |||
106 | if (status->flag & RX_FLAG_MMIC_ERROR) | 106 | if (status->flag & RX_FLAG_MMIC_ERROR) |
107 | goto mic_fail; | 107 | goto mic_fail; |
108 | 108 | ||
109 | if (!(status->flag & RX_FLAG_IV_STRIPPED)) | 109 | if (!(status->flag & RX_FLAG_IV_STRIPPED) && rx->key) |
110 | goto update_iv; | 110 | goto update_iv; |
111 | 111 | ||
112 | return RX_CONTINUE; | 112 | return RX_CONTINUE; |
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index b3d3cf8931cb..afeea32e04ad 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c | |||
@@ -2250,6 +2250,7 @@ static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = { | |||
2250 | }; | 2250 | }; |
2251 | 2251 | ||
2252 | static int parse_station_flags(struct genl_info *info, | 2252 | static int parse_station_flags(struct genl_info *info, |
2253 | enum nl80211_iftype iftype, | ||
2253 | struct station_parameters *params) | 2254 | struct station_parameters *params) |
2254 | { | 2255 | { |
2255 | struct nlattr *flags[NL80211_STA_FLAG_MAX + 1]; | 2256 | struct nlattr *flags[NL80211_STA_FLAG_MAX + 1]; |
@@ -2283,8 +2284,33 @@ static int parse_station_flags(struct genl_info *info, | |||
2283 | nla, sta_flags_policy)) | 2284 | nla, sta_flags_policy)) |
2284 | return -EINVAL; | 2285 | return -EINVAL; |
2285 | 2286 | ||
2286 | params->sta_flags_mask = (1 << __NL80211_STA_FLAG_AFTER_LAST) - 1; | 2287 | /* |
2287 | params->sta_flags_mask &= ~1; | 2288 | * Only allow certain flags for interface types so that |
2289 | * other attributes are silently ignored. Remember that | ||
2290 | * this is backward compatibility code with old userspace | ||
2291 | * and shouldn't be hit in other cases anyway. | ||
2292 | */ | ||
2293 | switch (iftype) { | ||
2294 | case NL80211_IFTYPE_AP: | ||
2295 | case NL80211_IFTYPE_AP_VLAN: | ||
2296 | case NL80211_IFTYPE_P2P_GO: | ||
2297 | params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) | | ||
2298 | BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) | | ||
2299 | BIT(NL80211_STA_FLAG_WME) | | ||
2300 | BIT(NL80211_STA_FLAG_MFP); | ||
2301 | break; | ||
2302 | case NL80211_IFTYPE_P2P_CLIENT: | ||
2303 | case NL80211_IFTYPE_STATION: | ||
2304 | params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) | | ||
2305 | BIT(NL80211_STA_FLAG_TDLS_PEER); | ||
2306 | break; | ||
2307 | case NL80211_IFTYPE_MESH_POINT: | ||
2308 | params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) | | ||
2309 | BIT(NL80211_STA_FLAG_MFP) | | ||
2310 | BIT(NL80211_STA_FLAG_AUTHORIZED); | ||
2311 | default: | ||
2312 | return -EINVAL; | ||
2313 | } | ||
2288 | 2314 | ||
2289 | for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) | 2315 | for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) |
2290 | if (flags[flag]) | 2316 | if (flags[flag]) |
@@ -2585,7 +2611,7 @@ static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info) | |||
2585 | if (!rdev->ops->change_station) | 2611 | if (!rdev->ops->change_station) |
2586 | return -EOPNOTSUPP; | 2612 | return -EOPNOTSUPP; |
2587 | 2613 | ||
2588 | if (parse_station_flags(info, ¶ms)) | 2614 | if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms)) |
2589 | return -EINVAL; | 2615 | return -EINVAL; |
2590 | 2616 | ||
2591 | if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) | 2617 | if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) |
@@ -2731,7 +2757,7 @@ static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info) | |||
2731 | if (!rdev->ops->add_station) | 2757 | if (!rdev->ops->add_station) |
2732 | return -EOPNOTSUPP; | 2758 | return -EOPNOTSUPP; |
2733 | 2759 | ||
2734 | if (parse_station_flags(info, ¶ms)) | 2760 | if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms)) |
2735 | return -EINVAL; | 2761 | return -EINVAL; |
2736 | 2762 | ||
2737 | switch (dev->ieee80211_ptr->iftype) { | 2763 | switch (dev->ieee80211_ptr->iftype) { |