Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (42 commits)
netpoll: fix incorrect access to skb data in __netpoll_rx
cassini: init before use in cas_interruptN.
can: ti_hecc: Fix uninitialized spinlock in probe
can: ti_hecc: Fix unintialized variable
net: sh_eth: fix the compile error
net/phy: fix DP83865 phy interrupt handler
sendmmsg/sendmsg: fix unsafe user pointer access
ibmveth: Fix leak when recycling skb and hypervisor returns error
arp: fix rcu lockdep splat in arp_process()
bridge: fix a possible use after free
bridge: Pseudo-header required for the checksum of ICMPv6
mcast: Fix source address selection for multicast listener report
MAINTAINERS: Update GIT trees for network development
ath9k: Fix PS wrappers in ath9k_set_coverage_class
carl9170: Fix mismatch in carl9170_op_set_key mutex lock-unlock
wl12xx: add max_sched_scan_ssids value to the hw description
wl12xx: Fix validation of pm_runtime_get_sync return value
wl12xx: Remove obsolete testmode NVS push command
bcma: add uevent to the bus, to autoload drivers
ath9k_hw: Fix STA (AR9485) bringup issue due to incorrect MAC address
...
+203
-186
+2
-2
MAINTAINERS
+2
-2
MAINTAINERS
···
4450
4450
L: netdev@vger.kernel.org
4451
4451
W: http://www.linuxfoundation.org/en/Net
4452
4452
W: http://patchwork.ozlabs.org/project/netdev/list/
4453
-
T: git git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6.git
4454
-
T: git git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6.git
4453
+
T: git git://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git
4454
+
T: git git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git
4455
4455
S: Maintained
4456
4456
F: net/
4457
4457
F: include/net/
+12
drivers/bcma/main.c
+12
drivers/bcma/main.c
···
15
15
static int bcma_bus_match(struct device *dev, struct device_driver *drv);
16
16
static int bcma_device_probe(struct device *dev);
17
17
static int bcma_device_remove(struct device *dev);
18
+
static int bcma_device_uevent(struct device *dev, struct kobj_uevent_env *env);
18
19
19
20
static ssize_t manuf_show(struct device *dev, struct device_attribute *attr, char *buf)
20
21
{
···
50
49
.match = bcma_bus_match,
51
50
.probe = bcma_device_probe,
52
51
.remove = bcma_device_remove,
52
+
.uevent = bcma_device_uevent,
53
53
.dev_attrs = bcma_device_attrs,
54
54
};
55
55
···
227
225
adrv->remove(core);
228
226
229
227
return 0;
228
+
}
229
+
230
+
static int bcma_device_uevent(struct device *dev, struct kobj_uevent_env *env)
231
+
{
232
+
struct bcma_device *core = container_of(dev, struct bcma_device, dev);
233
+
234
+
return add_uevent_var(env,
235
+
"MODALIAS=bcma:m%04Xid%04Xrev%02Xcl%02X",
236
+
core->id.manuf, core->id.id,
237
+
core->id.rev, core->id.class);
230
238
}
231
239
232
240
static int __init bcma_modinit(void)
+1
drivers/bluetooth/ath3k.c
+1
drivers/bluetooth/ath3k.c
+10
-3
drivers/bluetooth/btusb.c
+10
-3
drivers/bluetooth/btusb.c
···
106
106
/* Atheros 3011 with sflash firmware */
107
107
{ USB_DEVICE(0x0cf3, 0x3002), .driver_info = BTUSB_IGNORE },
108
108
{ USB_DEVICE(0x13d3, 0x3304), .driver_info = BTUSB_IGNORE },
109
+
{ USB_DEVICE(0x0930, 0x0215), .driver_info = BTUSB_IGNORE },
109
110
110
111
/* Atheros AR9285 Malbec with sflash firmware */
111
112
{ USB_DEVICE(0x03f0, 0x311d), .driver_info = BTUSB_IGNORE },
···
257
256
258
257
err = usb_submit_urb(urb, GFP_ATOMIC);
259
258
if (err < 0) {
260
-
if (err != -EPERM)
259
+
/* -EPERM: urb is being killed;
260
+
* -ENODEV: device got disconnected */
261
+
if (err != -EPERM && err != -ENODEV)
261
262
BT_ERR("%s urb %p failed to resubmit (%d)",
262
263
hdev->name, urb, -err);
263
264
usb_unanchor_urb(urb);
···
344
341
345
342
err = usb_submit_urb(urb, GFP_ATOMIC);
346
343
if (err < 0) {
347
-
if (err != -EPERM)
344
+
/* -EPERM: urb is being killed;
345
+
* -ENODEV: device got disconnected */
346
+
if (err != -EPERM && err != -ENODEV)
348
347
BT_ERR("%s urb %p failed to resubmit (%d)",
349
348
hdev->name, urb, -err);
350
349
usb_unanchor_urb(urb);
···
436
431
437
432
err = usb_submit_urb(urb, GFP_ATOMIC);
438
433
if (err < 0) {
439
-
if (err != -EPERM)
434
+
/* -EPERM: urb is being killed;
435
+
* -ENODEV: device got disconnected */
436
+
if (err != -EPERM && err != -ENODEV)
440
437
BT_ERR("%s urb %p failed to resubmit (%d)",
441
438
hdev->name, urb, -err);
442
439
usb_unanchor_urb(urb);
+2
-1
drivers/net/can/ti_hecc.c
+2
-1
drivers/net/can/ti_hecc.c
···
503
503
spin_unlock_irqrestore(&priv->mbx_lock, flags);
504
504
505
505
/* Prepare mailbox for transmission */
506
+
data = cf->can_dlc | (get_tx_head_prio(priv) << 8);
506
507
if (cf->can_id & CAN_RTR_FLAG) /* Remote transmission request */
507
508
data |= HECC_CANMCF_RTR;
508
-
data |= get_tx_head_prio(priv) << 8;
509
509
hecc_write_mbx(priv, mbxno, HECC_CANMCF, data);
510
510
511
511
if (cf->can_id & CAN_EFF_FLAG) /* Extended frame format */
···
923
923
priv->can.do_get_state = ti_hecc_get_state;
924
924
priv->can.ctrlmode_supported = CAN_CTRLMODE_3_SAMPLES;
925
925
926
+
spin_lock_init(&priv->mbx_lock);
926
927
ndev->irq = irq->start;
927
928
ndev->flags |= IFF_ECHO;
928
929
platform_set_drvdata(pdev, ndev);
+1
-2
drivers/net/cassini.c
+1
-2
drivers/net/cassini.c
···
2452
2452
struct net_device *dev = dev_id;
2453
2453
struct cas *cp = netdev_priv(dev);
2454
2454
unsigned long flags;
2455
-
int ring;
2455
+
int ring = (irq == cp->pci_irq_INTC) ? 2 : 3;
2456
2456
u32 status = readl(cp->regs + REG_PLUS_INTRN_STATUS(ring));
2457
2457
2458
2458
/* check for shared irq */
2459
2459
if (status == 0)
2460
2460
return IRQ_NONE;
2461
2461
2462
-
ring = (irq == cp->pci_irq_INTC) ? 2 : 3;
2463
2462
spin_lock_irqsave(&cp->lock, flags);
2464
2463
if (status & INTR_RX_DONE_ALT) { /* handle rx separately */
2465
2464
#ifdef USE_NAPI
+9
-3
drivers/net/ibmveth.c
+9
-3
drivers/net/ibmveth.c
···
395
395
}
396
396
397
397
/* recycle the current buffer on the rx queue */
398
-
static void ibmveth_rxq_recycle_buffer(struct ibmveth_adapter *adapter)
398
+
static int ibmveth_rxq_recycle_buffer(struct ibmveth_adapter *adapter)
399
399
{
400
400
u32 q_index = adapter->rx_queue.index;
401
401
u64 correlator = adapter->rx_queue.queue_addr[q_index].correlator;
···
403
403
unsigned int index = correlator & 0xffffffffUL;
404
404
union ibmveth_buf_desc desc;
405
405
unsigned long lpar_rc;
406
+
int ret = 1;
406
407
407
408
BUG_ON(pool >= IBMVETH_NUM_BUFF_POOLS);
408
409
BUG_ON(index >= adapter->rx_buff_pool[pool].size);
···
411
410
if (!adapter->rx_buff_pool[pool].active) {
412
411
ibmveth_rxq_harvest_buffer(adapter);
413
412
ibmveth_free_buffer_pool(adapter, &adapter->rx_buff_pool[pool]);
414
-
return;
413
+
goto out;
415
414
}
416
415
417
416
desc.fields.flags_len = IBMVETH_BUF_VALID |
···
424
423
netdev_dbg(adapter->netdev, "h_add_logical_lan_buffer failed "
425
424
"during recycle rc=%ld", lpar_rc);
426
425
ibmveth_remove_buffer_from_pool(adapter, adapter->rx_queue.queue_addr[adapter->rx_queue.index].correlator);
426
+
ret = 0;
427
427
}
428
428
429
429
if (++adapter->rx_queue.index == adapter->rx_queue.num_slots) {
430
430
adapter->rx_queue.index = 0;
431
431
adapter->rx_queue.toggle = !adapter->rx_queue.toggle;
432
432
}
433
+
434
+
out:
435
+
return ret;
433
436
}
434
437
435
438
static void ibmveth_rxq_harvest_buffer(struct ibmveth_adapter *adapter)
···
1089
1084
if (rx_flush)
1090
1085
ibmveth_flush_buffer(skb->data,
1091
1086
length + offset);
1087
+
if (!ibmveth_rxq_recycle_buffer(adapter))
1088
+
kfree_skb(skb);
1092
1089
skb = new_skb;
1093
-
ibmveth_rxq_recycle_buffer(adapter);
1094
1090
} else {
1095
1091
ibmveth_rxq_harvest_buffer(adapter);
1096
1092
skb_reserve(skb, offset);
+11
-6
drivers/net/phy/national.c
+11
-6
drivers/net/phy/national.c
···
25
25
/* DP83865 phy identifier values */
26
26
#define DP83865_PHY_ID 0x20005c7a
27
27
28
-
#define DP83865_INT_MASK_REG 0x15
29
-
#define DP83865_INT_MASK_STATUS 0x14
28
+
#define DP83865_INT_STATUS 0x14
29
+
#define DP83865_INT_MASK 0x15
30
+
#define DP83865_INT_CLEAR 0x17
30
31
31
32
#define DP83865_INT_REMOTE_FAULT 0x0008
32
33
#define DP83865_INT_ANE_COMPLETED 0x0010
···
69
68
int err;
70
69
71
70
if (phydev->interrupts == PHY_INTERRUPT_ENABLED)
72
-
err = phy_write(phydev, DP83865_INT_MASK_REG,
71
+
err = phy_write(phydev, DP83865_INT_MASK,
73
72
DP83865_INT_MASK_DEFAULT);
74
73
else
75
-
err = phy_write(phydev, DP83865_INT_MASK_REG, 0);
74
+
err = phy_write(phydev, DP83865_INT_MASK, 0);
76
75
77
76
return err;
78
77
}
79
78
80
79
static int ns_ack_interrupt(struct phy_device *phydev)
81
80
{
82
-
int ret = phy_read(phydev, DP83865_INT_MASK_STATUS);
81
+
int ret = phy_read(phydev, DP83865_INT_STATUS);
83
82
if (ret < 0)
84
83
return ret;
85
84
86
-
return 0;
85
+
/* Clear the interrupt status bit by writing a “1”
86
+
* to the corresponding bit in INT_CLEAR (2:0 are reserved) */
87
+
ret = phy_write(phydev, DP83865_INT_CLEAR, ret & ~0x7);
88
+
89
+
return ret;
87
90
}
88
91
89
92
static void ns_giga_speed_fallback(struct phy_device *phydev, int mode)
+1
drivers/net/sh_eth.c
+1
drivers/net/sh_eth.c
+1
-1
drivers/net/wireless/ath/ath9k/ar9003_eeprom.c
+1
-1
drivers/net/wireless/ath/ath9k/ar9003_eeprom.c
+4
drivers/net/wireless/ath/ath9k/main.c
+4
drivers/net/wireless/ath/ath9k/main.c
+3
-1
drivers/net/wireless/ath/carl9170/main.c
+3
-1
drivers/net/wireless/ath/carl9170/main.c
···
1066
1066
* the high througput speed in 802.11n networks.
1067
1067
*/
1068
1068
1069
-
if (!is_main_vif(ar, vif))
1069
+
if (!is_main_vif(ar, vif)) {
1070
+
mutex_lock(&ar->mutex);
1070
1071
goto err_softw;
1072
+
}
1071
1073
1072
1074
/*
1073
1075
* While the hardware supports *catch-all* key, for offloading
+1
-13
drivers/net/wireless/rt2x00/rt2x00usb.c
+1
-13
drivers/net/wireless/rt2x00/rt2x00usb.c
···
871
871
{
872
872
struct ieee80211_hw *hw = usb_get_intfdata(usb_intf);
873
873
struct rt2x00_dev *rt2x00dev = hw->priv;
874
-
int retval;
875
874
876
-
retval = rt2x00lib_suspend(rt2x00dev, state);
877
-
if (retval)
878
-
return retval;
879
-
880
-
/*
881
-
* Decrease usbdev refcount.
882
-
*/
883
-
usb_put_dev(interface_to_usbdev(usb_intf));
884
-
885
-
return 0;
875
+
return rt2x00lib_suspend(rt2x00dev, state);
886
876
}
887
877
EXPORT_SYMBOL_GPL(rt2x00usb_suspend);
888
878
···
880
890
{
881
891
struct ieee80211_hw *hw = usb_get_intfdata(usb_intf);
882
892
struct rt2x00_dev *rt2x00dev = hw->priv;
883
-
884
-
usb_get_dev(interface_to_usbdev(usb_intf));
885
893
886
894
return rt2x00lib_resume(rt2x00dev);
887
895
}
+1
drivers/net/wireless/wl12xx/main.c
+1
drivers/net/wireless/wl12xx/main.c
···
4283
4283
wl->hw->wiphy->interface_modes = BIT(NL80211_IFTYPE_STATION) |
4284
4284
BIT(NL80211_IFTYPE_ADHOC) | BIT(NL80211_IFTYPE_AP);
4285
4285
wl->hw->wiphy->max_scan_ssids = 1;
4286
+
wl->hw->wiphy->max_sched_scan_ssids = 1;
4286
4287
/*
4287
4288
* Maximum length of elements in scanning probe request templates
4288
4289
* should be the maximum length possible for a template, without
+1
-1
drivers/net/wireless/wl12xx/sdio.c
+1
-1
drivers/net/wireless/wl12xx/sdio.c
-45
drivers/net/wireless/wl12xx/testmode.c
-45
drivers/net/wireless/wl12xx/testmode.c
···
36
36
WL1271_TM_CMD_TEST,
37
37
WL1271_TM_CMD_INTERROGATE,
38
38
WL1271_TM_CMD_CONFIGURE,
39
-
WL1271_TM_CMD_NVS_PUSH,
40
39
WL1271_TM_CMD_SET_PLT_MODE,
41
40
WL1271_TM_CMD_RECOVER,
42
41
···
189
190
return 0;
190
191
}
191
192
192
-
static int wl1271_tm_cmd_nvs_push(struct wl1271 *wl, struct nlattr *tb[])
193
-
{
194
-
int ret = 0;
195
-
size_t len;
196
-
void *buf;
197
-
198
-
wl1271_debug(DEBUG_TESTMODE, "testmode cmd nvs push");
199
-
200
-
if (!tb[WL1271_TM_ATTR_DATA])
201
-
return -EINVAL;
202
-
203
-
buf = nla_data(tb[WL1271_TM_ATTR_DATA]);
204
-
len = nla_len(tb[WL1271_TM_ATTR_DATA]);
205
-
206
-
mutex_lock(&wl->mutex);
207
-
208
-
kfree(wl->nvs);
209
-
210
-
if ((wl->chip.id == CHIP_ID_1283_PG20) &&
211
-
(len != sizeof(struct wl128x_nvs_file)))
212
-
return -EINVAL;
213
-
else if (len != sizeof(struct wl1271_nvs_file))
214
-
return -EINVAL;
215
-
216
-
wl->nvs = kzalloc(len, GFP_KERNEL);
217
-
if (!wl->nvs) {
218
-
wl1271_error("could not allocate memory for the nvs file");
219
-
ret = -ENOMEM;
220
-
goto out;
221
-
}
222
-
223
-
memcpy(wl->nvs, buf, len);
224
-
wl->nvs_len = len;
225
-
226
-
wl1271_debug(DEBUG_TESTMODE, "testmode pushed nvs");
227
-
228
-
out:
229
-
mutex_unlock(&wl->mutex);
230
-
231
-
return ret;
232
-
}
233
-
234
193
static int wl1271_tm_cmd_set_plt_mode(struct wl1271 *wl, struct nlattr *tb[])
235
194
{
236
195
u32 val;
···
245
288
return wl1271_tm_cmd_interrogate(wl, tb);
246
289
case WL1271_TM_CMD_CONFIGURE:
247
290
return wl1271_tm_cmd_configure(wl, tb);
248
-
case WL1271_TM_CMD_NVS_PUSH:
249
-
return wl1271_tm_cmd_nvs_push(wl, tb);
250
291
case WL1271_TM_CMD_SET_PLT_MODE:
251
292
return wl1271_tm_cmd_set_plt_mode(wl, tb);
252
293
case WL1271_TM_CMD_RECOVER:
+3
include/net/cfg80211.h
+3
include/net/cfg80211.h
···
1865
1865
* you need use set_wiphy_dev() (see below) */
1866
1866
struct device dev;
1867
1867
1868
+
/* protects ->resume, ->suspend sysfs callbacks against unregister hw */
1869
+
bool registered;
1870
+
1868
1871
/* dir in debugfs: ieee80211/<wiphyname> */
1869
1872
struct dentry *debugfsdir;
1870
1873
+3
-3
net/bluetooth/af_bluetooth.c
+3
-3
net/bluetooth/af_bluetooth.c
···
494
494
BT_DBG("sk %p", sk);
495
495
496
496
add_wait_queue(sk_sleep(sk), &wait);
497
+
set_current_state(TASK_INTERRUPTIBLE);
497
498
while (sk->sk_state != state) {
498
-
set_current_state(TASK_INTERRUPTIBLE);
499
-
500
499
if (!timeo) {
501
500
err = -EINPROGRESS;
502
501
break;
···
509
510
release_sock(sk);
510
511
timeo = schedule_timeout(timeo);
511
512
lock_sock(sk);
513
+
set_current_state(TASK_INTERRUPTIBLE);
512
514
513
515
err = sock_error(sk);
514
516
if (err)
515
517
break;
516
518
}
517
-
set_current_state(TASK_RUNNING);
519
+
__set_current_state(TASK_RUNNING);
518
520
remove_wait_queue(sk_sleep(sk), &wait);
519
521
return err;
520
522
}
+1
net/bluetooth/bnep/bnep.h
+1
net/bluetooth/bnep/bnep.h
+8
-5
net/bluetooth/bnep/core.c
+8
-5
net/bluetooth/bnep/core.c
···
484
484
485
485
init_waitqueue_entry(&wait, current);
486
486
add_wait_queue(sk_sleep(sk), &wait);
487
-
while (!kthread_should_stop()) {
487
+
while (1) {
488
488
set_current_state(TASK_INTERRUPTIBLE);
489
489
490
+
if (atomic_read(&s->terminate))
491
+
break;
490
492
/* RX */
491
493
while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
492
494
skb_orphan(skb);
···
506
504
507
505
schedule();
508
506
}
509
-
set_current_state(TASK_RUNNING);
507
+
__set_current_state(TASK_RUNNING);
510
508
remove_wait_queue(sk_sleep(sk), &wait);
511
509
512
510
/* Cleanup session */
···
642
640
down_read(&bnep_session_sem);
643
641
644
642
s = __bnep_get_session(req->dst);
645
-
if (s)
646
-
kthread_stop(s->task);
647
-
else
643
+
if (s) {
644
+
atomic_inc(&s->terminate);
645
+
wake_up_process(s->task);
646
+
} else
648
647
err = -ENOENT;
649
648
650
649
up_read(&bnep_session_sem);
+2
-1
net/bluetooth/cmtp/capi.c
+2
-1
net/bluetooth/cmtp/capi.c
+1
net/bluetooth/cmtp/cmtp.h
+1
net/bluetooth/cmtp/cmtp.h
+12
-8
net/bluetooth/cmtp/core.c
+12
-8
net/bluetooth/cmtp/core.c
···
292
292
293
293
init_waitqueue_entry(&wait, current);
294
294
add_wait_queue(sk_sleep(sk), &wait);
295
-
while (!kthread_should_stop()) {
295
+
while (1) {
296
296
set_current_state(TASK_INTERRUPTIBLE);
297
297
298
+
if (atomic_read(&session->terminate))
299
+
break;
298
300
if (sk->sk_state != BT_CONNECTED)
299
301
break;
300
302
···
309
307
310
308
schedule();
311
309
}
312
-
set_current_state(TASK_RUNNING);
310
+
__set_current_state(TASK_RUNNING);
313
311
remove_wait_queue(sk_sleep(sk), &wait);
314
312
315
313
down_write(&cmtp_session_sem);
···
382
380
383
381
if (!(session->flags & (1 << CMTP_LOOPBACK))) {
384
382
err = cmtp_attach_device(session);
385
-
if (err < 0)
386
-
goto detach;
383
+
if (err < 0) {
384
+
atomic_inc(&session->terminate);
385
+
wake_up_process(session->task);
386
+
up_write(&cmtp_session_sem);
387
+
return err;
388
+
}
387
389
}
388
390
389
391
up_write(&cmtp_session_sem);
390
392
return 0;
391
-
392
-
detach:
393
-
cmtp_detach_device(session);
394
393
395
394
unlink:
396
395
__cmtp_unlink_session(session);
···
417
414
skb_queue_purge(&session->transmit);
418
415
419
416
/* Stop session thread */
420
-
kthread_stop(session->task);
417
+
atomic_inc(&session->terminate);
418
+
wake_up_process(session->task);
421
419
} else
422
420
err = -ENOENT;
423
421
+5
-3
net/bluetooth/hci_core.c
+5
-3
net/bluetooth/hci_core.c
···
1209
1209
1210
1210
BT_ERR("%s command tx timeout", hdev->name);
1211
1211
atomic_set(&hdev->cmd_cnt, 1);
1212
-
clear_bit(HCI_RESET, &hdev->flags);
1213
1212
tasklet_schedule(&hdev->cmd_task);
1214
1213
}
1215
1214
···
1326
1327
1327
1328
entry = kzalloc(sizeof(struct bdaddr_list), GFP_KERNEL);
1328
1329
if (!entry) {
1329
-
return -ENOMEM;
1330
+
err = -ENOMEM;
1330
1331
goto err;
1331
1332
}
1332
1333
···
2407
2408
if (hdev->sent_cmd) {
2408
2409
atomic_dec(&hdev->cmd_cnt);
2409
2410
hci_send_frame(skb);
2410
-
mod_timer(&hdev->cmd_timer,
2411
+
if (test_bit(HCI_RESET, &hdev->flags))
2412
+
del_timer(&hdev->cmd_timer);
2413
+
else
2414
+
mod_timer(&hdev->cmd_timer,
2411
2415
jiffies + msecs_to_jiffies(HCI_CMD_TIMEOUT));
2412
2416
} else {
2413
2417
skb_queue_head(&hdev->cmd_q, skb);
+9
-10
net/bluetooth/hidp/core.c
+9
-10
net/bluetooth/hidp/core.c
···
764
764
765
765
up_write(&hidp_session_sem);
766
766
767
+
kfree(session->rd_data);
767
768
kfree(session);
768
769
return 0;
769
770
}
···
842
841
843
842
err = input_register_device(input);
844
843
if (err < 0) {
845
-
hci_conn_put_device(session->conn);
844
+
input_free_device(input);
845
+
session->input = NULL;
846
846
return err;
847
847
}
848
848
···
1046
1044
}
1047
1045
1048
1046
err = hid_add_device(session->hid);
1049
-
if (err < 0)
1050
-
goto err_add_device;
1047
+
if (err < 0) {
1048
+
atomic_inc(&session->terminate);
1049
+
wake_up_process(session->task);
1050
+
up_write(&hidp_session_sem);
1051
+
return err;
1052
+
}
1051
1053
1052
1054
if (session->input) {
1053
1055
hidp_send_ctrl_message(session,
···
1064
1058
1065
1059
up_write(&hidp_session_sem);
1066
1060
return 0;
1067
-
1068
-
err_add_device:
1069
-
hid_destroy_device(session->hid);
1070
-
session->hid = NULL;
1071
-
atomic_inc(&session->terminate);
1072
-
wake_up_process(session->task);
1073
1061
1074
1062
unlink:
1075
1063
hidp_del_timer(session);
···
1090
1090
failed:
1091
1091
up_write(&hidp_session_sem);
1092
1092
1093
-
input_free_device(session->input);
1094
1093
kfree(session);
1095
1094
return err;
1096
1095
}
+3
-3
net/bluetooth/l2cap_core.c
+3
-3
net/bluetooth/l2cap_core.c
···
1159
1159
int timeo = HZ/5;
1160
1160
1161
1161
add_wait_queue(sk_sleep(sk), &wait);
1162
-
while ((chan->unacked_frames > 0 && chan->conn)) {
1163
-
set_current_state(TASK_INTERRUPTIBLE);
1164
-
1162
+
set_current_state(TASK_INTERRUPTIBLE);
1163
+
while (chan->unacked_frames > 0 && chan->conn) {
1165
1164
if (!timeo)
1166
1165
timeo = HZ/5;
1167
1166
···
1172
1173
release_sock(sk);
1173
1174
timeo = schedule_timeout(timeo);
1174
1175
lock_sock(sk);
1176
+
set_current_state(TASK_INTERRUPTIBLE);
1175
1177
1176
1178
err = sock_error(sk);
1177
1179
if (err)
+16
-16
net/bluetooth/l2cap_sock.c
+16
-16
net/bluetooth/l2cap_sock.c
···
235
235
236
236
lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
237
237
238
-
if (sk->sk_state != BT_LISTEN) {
239
-
err = -EBADFD;
240
-
goto done;
241
-
}
242
-
243
238
timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
244
239
245
240
BT_DBG("sk %p timeo %ld", sk, timeo);
246
241
247
242
/* Wait for an incoming connection. (wake-one). */
248
243
add_wait_queue_exclusive(sk_sleep(sk), &wait);
249
-
while (!(nsk = bt_accept_dequeue(sk, newsock))) {
244
+
while (1) {
250
245
set_current_state(TASK_INTERRUPTIBLE);
251
-
if (!timeo) {
252
-
err = -EAGAIN;
253
-
break;
254
-
}
255
-
256
-
release_sock(sk);
257
-
timeo = schedule_timeout(timeo);
258
-
lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
259
246
260
247
if (sk->sk_state != BT_LISTEN) {
261
248
err = -EBADFD;
249
+
break;
250
+
}
251
+
252
+
nsk = bt_accept_dequeue(sk, newsock);
253
+
if (nsk)
254
+
break;
255
+
256
+
if (!timeo) {
257
+
err = -EAGAIN;
262
258
break;
263
259
}
264
260
···
262
266
err = sock_intr_errno(timeo);
263
267
break;
264
268
}
269
+
270
+
release_sock(sk);
271
+
timeo = schedule_timeout(timeo);
272
+
lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
265
273
}
266
-
set_current_state(TASK_RUNNING);
274
+
__set_current_state(TASK_RUNNING);
267
275
remove_wait_queue(sk_sleep(sk), &wait);
268
276
269
277
if (err)
···
993
993
INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
994
994
995
995
sk->sk_destruct = l2cap_sock_destruct;
996
-
sk->sk_sndtimeo = msecs_to_jiffies(L2CAP_CONN_TIMEOUT);
996
+
sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
997
997
998
998
sock_reset_flag(sk, SOCK_ZAPPED);
999
999
+7
-10
net/bluetooth/rfcomm/core.c
+7
-10
net/bluetooth/rfcomm/core.c
···
62
62
#define rfcomm_lock() mutex_lock(&rfcomm_mutex)
63
63
#define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
64
64
65
-
static unsigned long rfcomm_event;
66
65
67
66
static LIST_HEAD(session_list);
68
67
···
119
120
{
120
121
if (!rfcomm_thread)
121
122
return;
122
-
set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
123
123
wake_up_process(rfcomm_thread);
124
124
}
125
125
···
2036
2038
2037
2039
rfcomm_add_listener(BDADDR_ANY);
2038
2040
2039
-
while (!kthread_should_stop()) {
2041
+
while (1) {
2040
2042
set_current_state(TASK_INTERRUPTIBLE);
2041
-
if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) {
2042
-
/* No pending events. Let's sleep.
2043
-
* Incoming connections and data will wake us up. */
2044
-
schedule();
2045
-
}
2046
-
set_current_state(TASK_RUNNING);
2043
+
2044
+
if (kthread_should_stop())
2045
+
break;
2047
2046
2048
2047
/* Process stuff */
2049
-
clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
2050
2048
rfcomm_process_sessions();
2049
+
2050
+
schedule();
2051
2051
}
2052
+
__set_current_state(TASK_RUNNING);
2052
2053
2053
2054
rfcomm_kill_listener();
2054
2055
+15
-15
net/bluetooth/rfcomm/sock.c
+15
-15
net/bluetooth/rfcomm/sock.c
···
485
485
486
486
lock_sock(sk);
487
487
488
-
if (sk->sk_state != BT_LISTEN) {
489
-
err = -EBADFD;
490
-
goto done;
491
-
}
492
-
493
488
if (sk->sk_type != SOCK_STREAM) {
494
489
err = -EINVAL;
495
490
goto done;
···
496
501
497
502
/* Wait for an incoming connection. (wake-one). */
498
503
add_wait_queue_exclusive(sk_sleep(sk), &wait);
499
-
while (!(nsk = bt_accept_dequeue(sk, newsock))) {
504
+
while (1) {
500
505
set_current_state(TASK_INTERRUPTIBLE);
501
-
if (!timeo) {
502
-
err = -EAGAIN;
503
-
break;
504
-
}
505
-
506
-
release_sock(sk);
507
-
timeo = schedule_timeout(timeo);
508
-
lock_sock(sk);
509
506
510
507
if (sk->sk_state != BT_LISTEN) {
511
508
err = -EBADFD;
509
+
break;
510
+
}
511
+
512
+
nsk = bt_accept_dequeue(sk, newsock);
513
+
if (nsk)
514
+
break;
515
+
516
+
if (!timeo) {
517
+
err = -EAGAIN;
512
518
break;
513
519
}
514
520
···
517
521
err = sock_intr_errno(timeo);
518
522
break;
519
523
}
524
+
525
+
release_sock(sk);
526
+
timeo = schedule_timeout(timeo);
527
+
lock_sock(sk);
520
528
}
521
-
set_current_state(TASK_RUNNING);
529
+
__set_current_state(TASK_RUNNING);
522
530
remove_wait_queue(sk_sleep(sk), &wait);
523
531
524
532
if (err)
+15
-15
net/bluetooth/sco.c
+15
-15
net/bluetooth/sco.c
···
564
564
565
565
lock_sock(sk);
566
566
567
-
if (sk->sk_state != BT_LISTEN) {
568
-
err = -EBADFD;
569
-
goto done;
570
-
}
571
-
572
567
timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
573
568
574
569
BT_DBG("sk %p timeo %ld", sk, timeo);
575
570
576
571
/* Wait for an incoming connection. (wake-one). */
577
572
add_wait_queue_exclusive(sk_sleep(sk), &wait);
578
-
while (!(ch = bt_accept_dequeue(sk, newsock))) {
573
+
while (1) {
579
574
set_current_state(TASK_INTERRUPTIBLE);
580
-
if (!timeo) {
581
-
err = -EAGAIN;
582
-
break;
583
-
}
584
-
585
-
release_sock(sk);
586
-
timeo = schedule_timeout(timeo);
587
-
lock_sock(sk);
588
575
589
576
if (sk->sk_state != BT_LISTEN) {
590
577
err = -EBADFD;
578
+
break;
579
+
}
580
+
581
+
ch = bt_accept_dequeue(sk, newsock);
582
+
if (ch)
583
+
break;
584
+
585
+
if (!timeo) {
586
+
err = -EAGAIN;
591
587
break;
592
588
}
593
589
···
591
595
err = sock_intr_errno(timeo);
592
596
break;
593
597
}
598
+
599
+
release_sock(sk);
600
+
timeo = schedule_timeout(timeo);
601
+
lock_sock(sk);
594
602
}
595
-
set_current_state(TASK_RUNNING);
603
+
__set_current_state(TASK_RUNNING);
596
604
remove_wait_queue(sk_sleep(sk), &wait);
597
605
598
606
if (err)
+14
-7
net/bridge/br_multicast.c
+14
-7
net/bridge/br_multicast.c
···
1456
1456
{
1457
1457
struct sk_buff *skb2;
1458
1458
const struct ipv6hdr *ip6h;
1459
-
struct icmp6hdr *icmp6h;
1459
+
u8 icmp6_type;
1460
1460
u8 nexthdr;
1461
1461
unsigned len;
1462
1462
int offset;
···
1502
1502
__skb_pull(skb2, offset);
1503
1503
skb_reset_transport_header(skb2);
1504
1504
1505
-
icmp6h = icmp6_hdr(skb2);
1505
+
icmp6_type = icmp6_hdr(skb2)->icmp6_type;
1506
1506
1507
-
switch (icmp6h->icmp6_type) {
1507
+
switch (icmp6_type) {
1508
1508
case ICMPV6_MGM_QUERY:
1509
1509
case ICMPV6_MGM_REPORT:
1510
1510
case ICMPV6_MGM_REDUCTION:
···
1520
1520
err = pskb_trim_rcsum(skb2, len);
1521
1521
if (err)
1522
1522
goto out;
1523
+
err = -EINVAL;
1523
1524
}
1525
+
1526
+
ip6h = ipv6_hdr(skb2);
1524
1527
1525
1528
switch (skb2->ip_summed) {
1526
1529
case CHECKSUM_COMPLETE:
1527
-
if (!csum_fold(skb2->csum))
1530
+
if (!csum_ipv6_magic(&ip6h->saddr, &ip6h->daddr, skb2->len,
1531
+
IPPROTO_ICMPV6, skb2->csum))
1528
1532
break;
1529
1533
/*FALLTHROUGH*/
1530
1534
case CHECKSUM_NONE:
1531
-
skb2->csum = 0;
1532
-
if (skb_checksum_complete(skb2))
1535
+
skb2->csum = ~csum_unfold(csum_ipv6_magic(&ip6h->saddr,
1536
+
&ip6h->daddr,
1537
+
skb2->len,
1538
+
IPPROTO_ICMPV6, 0));
1539
+
if (__skb_checksum_complete(skb2))
1533
1540
goto out;
1534
1541
}
1535
1542
···
1544
1537
1545
1538
BR_INPUT_SKB_CB(skb)->igmp = 1;
1546
1539
1547
-
switch (icmp6h->icmp6_type) {
1540
+
switch (icmp6_type) {
1548
1541
case ICMPV6_MGM_REPORT:
1549
1542
{
1550
1543
struct mld_msg *mld;
+6
-2
net/core/neighbour.c
+6
-2
net/core/neighbour.c
···
1319
1319
1320
1320
if (tdif <= 0) {
1321
1321
struct net_device *dev = skb->dev;
1322
+
1322
1323
__skb_unlink(skb, &tbl->proxy_queue);
1323
-
if (tbl->proxy_redo && netif_running(dev))
1324
+
if (tbl->proxy_redo && netif_running(dev)) {
1325
+
rcu_read_lock();
1324
1326
tbl->proxy_redo(skb);
1325
-
else
1327
+
rcu_read_unlock();
1328
+
} else {
1326
1329
kfree_skb(skb);
1330
+
}
1327
1331
1328
1332
dev_put(dev);
1329
1333
} else if (!sched_next || tdif < sched_next)
+3
-1
net/core/netpoll.c
+3
-1
net/core/netpoll.c
···
558
558
if (skb_shared(skb))
559
559
goto out;
560
560
561
-
iph = (struct iphdr *)skb->data;
562
561
if (!pskb_may_pull(skb, sizeof(struct iphdr)))
563
562
goto out;
563
+
iph = (struct iphdr *)skb->data;
564
564
if (iph->ihl < 5 || iph->version != 4)
565
565
goto out;
566
566
if (!pskb_may_pull(skb, iph->ihl*4))
567
567
goto out;
568
+
iph = (struct iphdr *)skb->data;
568
569
if (ip_fast_csum((u8 *)iph, iph->ihl) != 0)
569
570
goto out;
570
571
···
580
579
if (pskb_trim_rcsum(skb, len))
581
580
goto out;
582
581
582
+
iph = (struct iphdr *)skb->data;
583
583
if (iph->protocol != IPPROTO_UDP)
584
584
goto out;
585
585
+1
-1
net/ipv4/igmp.c
+1
-1
net/ipv4/igmp.c
+1
-1
net/ipv6/mcast.c
+1
-1
net/ipv6/mcast.c
+1
-1
net/mac80211/main.c
+1
-1
net/mac80211/main.c
···
1012
1012
cancel_work_sync(&local->reconfig_filter);
1013
1013
1014
1014
ieee80211_clear_tx_pending(local);
1015
-
sta_info_stop(local);
1016
1015
rate_control_deinitialize(local);
1017
1016
1018
1017
if (skb_queue_len(&local->skb_queue) ||
···
1023
1024
1024
1025
destroy_workqueue(local->workqueue);
1025
1026
wiphy_unregister(local->hw.wiphy);
1027
+
sta_info_stop(local);
1026
1028
ieee80211_wep_free(local);
1027
1029
ieee80211_led_exit(local);
1028
1030
kfree(local->int_scan_req);
+6
-4
net/socket.c
+6
-4
net/socket.c
···
1965
1965
* used_address->name_len is initialized to UINT_MAX so that the first
1966
1966
* destination address never matches.
1967
1967
*/
1968
-
if (used_address && used_address->name_len == msg_sys->msg_namelen &&
1969
-
!memcmp(&used_address->name, msg->msg_name,
1968
+
if (used_address && msg_sys->msg_name &&
1969
+
used_address->name_len == msg_sys->msg_namelen &&
1970
+
!memcmp(&used_address->name, msg_sys->msg_name,
1970
1971
used_address->name_len)) {
1971
1972
err = sock_sendmsg_nosec(sock, msg_sys, total_len);
1972
1973
goto out_freectl;
···
1979
1978
*/
1980
1979
if (used_address && err >= 0) {
1981
1980
used_address->name_len = msg_sys->msg_namelen;
1982
-
memcpy(&used_address->name, msg->msg_name,
1983
-
used_address->name_len);
1981
+
if (msg_sys->msg_name)
1982
+
memcpy(&used_address->name, msg_sys->msg_name,
1983
+
used_address->name_len);
1984
1984
}
1985
1985
1986
1986
out_freectl:
+7
net/wireless/core.c
+7
net/wireless/core.c
···
616
616
if (res)
617
617
goto out_rm_dev;
618
618
619
+
rtnl_lock();
620
+
rdev->wiphy.registered = true;
621
+
rtnl_unlock();
619
622
return 0;
620
623
621
624
out_rm_dev:
···
649
646
void wiphy_unregister(struct wiphy *wiphy)
650
647
{
651
648
struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
649
+
650
+
rtnl_lock();
651
+
rdev->wiphy.registered = false;
652
+
rtnl_unlock();
652
653
653
654
rfkill_unregister(rdev->rfkill);
654
655
+4
-2
net/wireless/sysfs.c
+4
-2
net/wireless/sysfs.c
···
93
93
94
94
if (rdev->ops->suspend) {
95
95
rtnl_lock();
96
-
ret = rdev->ops->suspend(&rdev->wiphy, rdev->wowlan);
96
+
if (rdev->wiphy.registered)
97
+
ret = rdev->ops->suspend(&rdev->wiphy, rdev->wowlan);
97
98
rtnl_unlock();
98
99
}
99
100
···
113
112
114
113
if (rdev->ops->resume) {
115
114
rtnl_lock();
116
-
ret = rdev->ops->resume(&rdev->wiphy);
115
+
if (rdev->wiphy.registered)
116
+
ret = rdev->ops->resume(&rdev->wiphy);
117
117
rtnl_unlock();
118
118
}
119
119