Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ https://git.shady.money/linux/atom?h=v3.5 2012-06-28T18:20:31Z 2012-06-28T18:20:31Z Linus Torvalds torvalds@linux-foundation.org 2012-06-28T18:20:31Z urn:sha1:f3747e2f2cea74264e1f8031b94d413b426d0436 Pull networking update from David Miller: 1) Pairing and deadlock fixes in bluetooth from Johan Hedberg. 2) Add device IDs for AR3011 and AR3012 bluetooth chips. From Giancarlo Formicuccia and Marek Vasut. 3) Fix wireless regulatory deadlock, from Eliad Peller. 4) Fix full TX ring panic in bnx2x driver, from Eric Dumazet. 5) Revert the two commits that added skb_orphan_try(), it causes erratic bonding behavior with UDP clients and the gains it used to give are mostly no longer happening due to how BQL works. From Eric Dumazet. 6) It took two tries, but Thomas Graf fixed a problem wherein we registered ipv6 routing procfs files before their backend data were initialized properly. 7) Fix max GSO size setting in be2net, from Sarveshwar Bandi. 8) PHY device id mask is wrong for KSZ9021 and KS8001 chips, fix from Jason Wang. 9) Fix use of stale SKB data pointer after skb_linearize() call in batman-adv, from Antonio Quartulli. 10) Fix memory leak in IXGBE due to missing __GFP_COMP, from Alexander Duyck. 11) Fix probing of Gobi devices in qmi_wwan usbnet driver, from Bjørn Mork. 12) Fix suspend/resume and open failure handling in usbnet from Ming Lei. 13) Attempt to fix device r8169 hangs for certain chips, from Francois Romieu. 14) Fix advancement of RX dirty pointer in some situations in sh_eth driver, from Yoshihiro Shimoda. 15) Attempt to fix restart of IPV6 routing table dumps when there is an intervening table update. From Eric Dumazet. 16) Respect security_inet_conn_request() return value in ipv6 TCP. From Neal Cardwell. 17) Add another iPAD device ID to ipheth driver, from Davide Gerhard. 18) Fix access to freed SKB in l2tp_eth_dev_xmit(), and fix l2tp lockdep splats, from Eric Dumazet. 19) Make sure all bridge devices, regardless of whether they were created via netlink or ioctls, have their rtnetlink ops hooked up. From Thomas Graf and Stephen Hemminger. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (81 commits) 9p: fix min_t() casting in p9pdu_vwritef() can: flexcan: use be32_to_cpup to handle the value of dt entry xen/netfront: teardown the device before unregistering it. bridge: Assign rtnl_link_ops to bridge devices created via ioctl (v2) vhost: use USER_DS in vhost_worker thread ixgbe: Do not pad FCoE frames as this can cause issues with FCoE DDP net: l2tp_eth: use LLTX to avoid LOCKDEP splats mac802154: add missed braces net: l2tp_eth: fix l2tp_eth_dev_xmit race net/mlx4_en: Release QP range in free_resources net/mlx4: Use single completion vector after NOP failure net/mlx4_en: Set correct port parameters during device initialization ipheth: add support for iPad caif-hsi: Add missing return in error path caif-hsi: Bugfix - Piggyback'ed embedded CAIF frame lost caif: Clear shutdown mask to zero at reconnect. tcp: heed result of security_inet_conn_request() in tcp_v6_conn_request() ipv6: fib: fix fib dump restart batman-adv: fix race condition in TT full-table replacement batman-adv: only drop packets of known wifi clients ... 2012-06-26T18:23:41Z Linus Torvalds torvalds@linux-foundation.org 2012-06-26T18:23:41Z urn:sha1:60d2c25251cac20d8c142a03e230237528b68430 Pull HID fixes from Jiri Kosina: "The most important one is a purification of Kconfig for CONFIG_HID; the inclusion of HID groups and autoloading didn't leave the Kconfig in a really consistent state. Henrik's patch fixes that. In addition to that, there are two small fixes for logitech and magicmouse drivers." * 'upstream-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid: HID: Fix the generic Kconfig options HID: magicmouse: Correct report range of major / minor axes HID: logitech: don't use stack based dj_report structures 2012-06-25T15:25:00Z Henrik Rydberg rydberg@euromail.se 2012-06-25T14:55:41Z urn:sha1:1f41a6a9947615dca37d80b044ab81616e956a67 The generic HID driver is obviously not a special driver, so move it outside of the special drivers menu. Explain the usage and make the default follow the HID setting. This should simplify migration from older kernels. While at it, remove the redundant HID_SUPPORT option and modify the HID and USB_HID entries to better explain the bus structure. Reported-by: Jan Beulich <jbeulich@suse.com> Signed-off-by: Henrik Rydberg <rydberg@euromail.se> Signed-off-by: Jiri Kosina <jkosina@suse.cz> 2012-06-14T15:19:39Z Vishal Agarwal vishal.agarwal@stericsson.com 2012-06-13T00:02:43Z urn:sha1:f960727e6c98a36018029c0512aa03f1c5faa914 HCI_Disconnect should only be sent after connection is established. If connection is not yet established and HCI_Disconnect is called then disconnection complete will be received with a handle which does not exist and hence this event will be ignored. But as mgmt.c will not receive this event, its variable for pending command is not cleared.This will result in future Disconnect commands for that BD Address to be blocked with error busy. Signed-off-by: Vishal Agarwal <vishal.agarwal@stericsson.com> Acked-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk> 2012-06-12T02:50:28Z Szymon Janc szymon.janc@tieto.com 2012-06-08T09:33:33Z urn:sha1:8f321f853ea33330c7141977cd34804476e2e07e If remote device sends bogus RFC option with invalid length, undefined options values are used. Fix this by using defaults when remote misbehaves. This also fixes the following warning reported by gcc 4.7.0: net/bluetooth/l2cap_core.c: In function 'l2cap_config_rsp': net/bluetooth/l2cap_core.c:3302:13: warning: 'rfc.max_pdu_size' may be used uninitialized in this function [-Wmaybe-uninitialized] net/bluetooth/l2cap_core.c:3266:24: note: 'rfc.max_pdu_size' was declared here net/bluetooth/l2cap_core.c:3298:25: warning: 'rfc.monitor_timeout' may be used uninitialized in this function [-Wmaybe-uninitialized] net/bluetooth/l2cap_core.c:3266:24: note: 'rfc.monitor_timeout' was declared here net/bluetooth/l2cap_core.c:3297:25: warning: 'rfc.retrans_timeout' may be used uninitialized in this function [-Wmaybe-uninitialized] net/bluetooth/l2cap_core.c:3266:24: note: 'rfc.retrans_timeout' was declared here net/bluetooth/l2cap_core.c:3295:2: warning: 'rfc.mode' may be used uninitialized in this function [-Wmaybe-uninitialized] net/bluetooth/l2cap_core.c:3266:24: note: 'rfc.mode' was declared here Signed-off-by: Szymon Janc <szymon.janc@tieto.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk> 2012-06-09T00:00:40Z Johan Hedberg johan.hedberg@intel.com 2012-06-08T15:31:13Z urn:sha1:1c2e004183178e1947882cd2e74f37826f45230e With LE/SMP the completion of a security level elavation from medium to high is indicated by a HCI Encryption Key Refresh Complete event. The necessary behavior upon receiving this event is a mix of what's done for auth_complete and encryption_change, which is also where most of the event handling code has been copied from. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk> 2012-06-08T06:58:34Z Johan Hedberg johan.hedberg@intel.com 2012-06-07T06:58:37Z urn:sha1:4dab786482d706a2a41cd16cf174671d640a9870 If we have an unauthenticated key it is not sufficient to acheive high security. Therefore, when deciding whether to encrypt the link or request pairing, it is essential to in addition to checking the existence of a key to also check whether it is authenticated or not. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk> 2012-06-08T06:23:56Z Johan Hedberg johan.hedberg@intel.com 2012-06-06T10:44:11Z urn:sha1:d06cc416f517a25713dedd9e2a9ccf4f3086c09a The l2cap_conn_del function tries to cancel_sync the security timer, but when it's called from the timeout function itself a deadlock occurs. Subsequently the "hcon->l2cap_data = NULL" that's supposed to protect multiple calls to l2cap_conn_del never gets cleared and when the connection finally drops we double free's etc which will crash the kernel. This patch fixes the issue by using the HCI_CONN_LE_SMP_PEND for protecting against this. The same flag is also used for the same purpose in other places in the SMP code. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk> 2012-06-08T05:50:57Z Vishal Agarwal vishal.agarwal@stericsson.com 2012-06-07T14:57:35Z urn:sha1:4c47d7396420160d27209f578680141874c0110b For BR/EDR pairing is assumed to be finished when connection is done. For LE if connection is successful it did not necessarily mean that pairing is also done but if the connection is unsuccessful it should be assumed that pairing procedure is also finished. This patch registers a new function with connect_cfm_cb callback for LE link which sends the pairing complete signal to user space if connection is unsuccessful. Signed-off-by: Vishal Agarwal <vishal.agarwal@stericsson.com> Acked-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk> 2012-06-08T04:50:15Z Johan Hedberg johan.hedberg@intel.com 2012-06-06T10:54:15Z urn:sha1:476585ecf08067ac4e81d1a4cb19e2caf2093471 The tk_request function takes the local IO capability as the second last parameter and the remote IO capability as the last parameter. They were previously swapped: when we receive a pairing response req->io_capability contains the local one and rsp->io_capability the remote one. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>