Re: pull request: wireless 2012-07-09

From: John W. Linville
Date: Mon Jul 09 2012 - 15:48:26 EST

Forgot to sign -- hopefully this is sufficient? :-)

On Mon, Jul 09, 2012 at 03:28:18PM -0400, John W. Linville wrote:
> commit c1109736bcdd14b590392e9a96d66e7e823f9e67
>
> Dave,
>
> Please accept these fixes for the 3.5 stream...
>
> Bing Zhao provides an mwifiex fix for a memory leak uncovered by
> Coverity.
>
> Eliad Peller provides a mac80211 fix to properly clean-up after an
> association failure.
>
> Emmanuel Grumbach gives us an iwlegacy fix to avoid some on-device
> memory corruption that leads to a stuck queue.
>
> Sasha Levin offers an NFC fix to prevent a NULL pointer dereference
> in llcp_sock_getname.
>
> Stanislaw Gruszka offers an rt2x00usb fix for an RX queue stall that
> results from using the wrong argument order in a macro call. He also
> gives us an iwlegacy fix that corresponds to an already merged iwlwifi
> fix, the effect of which is to avoid stuck queue detection failure.
>
> Finally, Thomas Huehn provides a mac80211 fix to correct some kzalloc
> arguments. This was originally two patches, but I consolidated them.
>
> Please let me know if there are problems!
>
> Thanks,
>
> John
>
> ---
>
> The following changes since commit bb3bb3a5b839fa5c0a2c386640e865320a1fb64c:
>
> Merge branch 'master' of git://1984.lsi.us.es/nf (2012-07-09 02:47:59 -0700)
>
> are available in the git repository at:
>
>
> git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless.git for-davem
>
> for you to fetch changes up to c1109736bcdd14b590392e9a96d66e7e823f9e67:
>
> Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless into for-davem (2012-07-09 15:09:08 -0400)
>
> ----------------------------------------------------------------
>
> Bing Zhao (1):
> mwifiex: fix Coverity SCAN CID 709078: Resource leak (RESOURCE_LEAK)
>
> Eliad Peller (1):
> mac80211: destroy assoc_data correctly if assoc fails
>
> Emmanuel Grumbach (1):
> iwlegacy: don't mess up the SCD when removing a key
>
> John W. Linville (1):
> Merge branch 'master' of git://git.kernel.org/.../linville/wireless into for-davem
>
> Sasha Levin (1):
> NFC: Prevent NULL deref when getting socket name
>
> Stanislaw Gruszka (2):
> rt2x00usb: fix indexes ordering on RX queue kick
> iwlegacy: always monitor for stuck queues
>
> Thomas Huehn (1):
> mac80211: correct size the argument to kzalloc in minstrel_ht
>
> drivers/net/wireless/iwlegacy/4965-mac.c | 4 ++--
> drivers/net/wireless/iwlegacy/common.c | 14 ++++++--------
> drivers/net/wireless/mwifiex/cfg80211.c | 1 +
> drivers/net/wireless/rt2x00/rt2x00usb.c | 2 +-
> net/mac80211/mlme.c | 6 ++----
> net/mac80211/rc80211_minstrel_ht.c | 2 +-
> net/nfc/llcp/sock.c | 2 +-
> 7 files changed, 14 insertions(+), 17 deletions(-)
>
> diff --git a/drivers/net/wireless/iwlegacy/4965-mac.c b/drivers/net/wireless/iwlegacy/4965-mac.c
> index 509301a..ff5d689 100644
> --- a/drivers/net/wireless/iwlegacy/4965-mac.c
> +++ b/drivers/net/wireless/iwlegacy/4965-mac.c
> @@ -3405,7 +3405,7 @@ il4965_remove_dynamic_key(struct il_priv *il,
> return 0;
> }
>
> - if (il->stations[sta_id].sta.key.key_offset == WEP_INVALID_OFFSET) {
> + if (il->stations[sta_id].sta.key.key_flags & STA_KEY_FLG_INVALID) {
> IL_WARN("Removing wrong key %d 0x%x\n", keyconf->keyidx,
> key_flags);
> spin_unlock_irqrestore(&il->sta_lock, flags);
> @@ -3420,7 +3420,7 @@ il4965_remove_dynamic_key(struct il_priv *il,
> memset(&il->stations[sta_id].sta.key, 0, sizeof(struct il4965_keyinfo));
> il->stations[sta_id].sta.key.key_flags =
> STA_KEY_FLG_NO_ENC | STA_KEY_FLG_INVALID;
> - il->stations[sta_id].sta.key.key_offset = WEP_INVALID_OFFSET;
> + il->stations[sta_id].sta.key.key_offset = keyconf->hw_key_idx;
> il->stations[sta_id].sta.sta.modify_mask = STA_MODIFY_KEY_MASK;
> il->stations[sta_id].sta.mode = STA_CONTROL_MODIFY_MSK;
>
> diff --git a/drivers/net/wireless/iwlegacy/common.c b/drivers/net/wireless/iwlegacy/common.c
> index cbf2dc1..5d4807c 100644
> --- a/drivers/net/wireless/iwlegacy/common.c
> +++ b/drivers/net/wireless/iwlegacy/common.c
> @@ -4767,14 +4767,12 @@ il_bg_watchdog(unsigned long data)
> return;
>
> /* monitor and check for other stuck queues */
> - if (il_is_any_associated(il)) {
> - for (cnt = 0; cnt < il->hw_params.max_txq_num; cnt++) {
> - /* skip as we already checked the command queue */
> - if (cnt == il->cmd_queue)
> - continue;
> - if (il_check_stuck_queue(il, cnt))
> - return;
> - }
> + for (cnt = 0; cnt < il->hw_params.max_txq_num; cnt++) {
> + /* skip as we already checked the command queue */
> + if (cnt == il->cmd_queue)
> + continue;
> + if (il_check_stuck_queue(il, cnt))
> + return;
> }
>
> mod_timer(&il->watchdog,
> diff --git a/drivers/net/wireless/mwifiex/cfg80211.c b/drivers/net/wireless/mwifiex/cfg80211.c
> index ce61b6f..5c7fd18 100644
> --- a/drivers/net/wireless/mwifiex/cfg80211.c
> +++ b/drivers/net/wireless/mwifiex/cfg80211.c
> @@ -958,6 +958,7 @@ static int mwifiex_cfg80211_start_ap(struct wiphy *wiphy,
> case NL80211_HIDDEN_SSID_ZERO_CONTENTS:
> /* firmware doesn't support this type of hidden SSID */
> default:
> + kfree(bss_cfg);
> return -EINVAL;
> }
>
> diff --git a/drivers/net/wireless/rt2x00/rt2x00usb.c b/drivers/net/wireless/rt2x00/rt2x00usb.c
> index d357d1e..74ecc33 100644
> --- a/drivers/net/wireless/rt2x00/rt2x00usb.c
> +++ b/drivers/net/wireless/rt2x00/rt2x00usb.c
> @@ -436,8 +436,8 @@ void rt2x00usb_kick_queue(struct data_queue *queue)
> case QID_RX:
> if (!rt2x00queue_full(queue))
> rt2x00queue_for_each_entry(queue,
> - Q_INDEX_DONE,
> Q_INDEX,
> + Q_INDEX_DONE,
> NULL,
> rt2x00usb_kick_rx_entry);
> break;
> diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
> index a4bb856..0db5d34 100644
> --- a/net/mac80211/mlme.c
> +++ b/net/mac80211/mlme.c
> @@ -2174,15 +2174,13 @@ ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata,
> sdata->name, mgmt->sa, status_code);
> ieee80211_destroy_assoc_data(sdata, false);
> } else {
> - printk(KERN_DEBUG "%s: associated\n", sdata->name);
> -
> if (!ieee80211_assoc_success(sdata, *bss, mgmt, len)) {
> /* oops -- internal error -- send timeout for now */
> - ieee80211_destroy_assoc_data(sdata, true);
> - sta_info_destroy_addr(sdata, mgmt->bssid);
> + ieee80211_destroy_assoc_data(sdata, false);
> cfg80211_put_bss(*bss);
> return RX_MGMT_CFG80211_ASSOC_TIMEOUT;
> }
> + printk(KERN_DEBUG "%s: associated\n", sdata->name);
>
> /*
> * destroy assoc_data afterwards, as otherwise an idle
> diff --git a/net/mac80211/rc80211_minstrel_ht.c b/net/mac80211/rc80211_minstrel_ht.c
> index 2d1acc6..f9e51ef 100644
> --- a/net/mac80211/rc80211_minstrel_ht.c
> +++ b/net/mac80211/rc80211_minstrel_ht.c
> @@ -809,7 +809,7 @@ minstrel_ht_alloc_sta(void *priv, struct ieee80211_sta *sta, gfp_t gfp)
> max_rates = sband->n_bitrates;
> }
>
> - msp = kzalloc(sizeof(struct minstrel_ht_sta), gfp);
> + msp = kzalloc(sizeof(*msp), gfp);
> if (!msp)
> return NULL;
>
> diff --git a/net/nfc/llcp/sock.c b/net/nfc/llcp/sock.c
> index 17a707d..e06d458 100644
> --- a/net/nfc/llcp/sock.c
> +++ b/net/nfc/llcp/sock.c
> @@ -292,7 +292,7 @@ static int llcp_sock_getname(struct socket *sock, struct sockaddr *addr,
>
> pr_debug("%p\n", sk);
>
> - if (llcp_sock == NULL)
> + if (llcp_sock == NULL || llcp_sock->dev == NULL)
> return -EBADFD;
>
> addr->sa_family = AF_NFC;
> --
> John W. Linville Someday the world will need a hero, and you
> linville@xxxxxxxxxxxxx might be all we have. Be ready.

--
John W. Linville Someday the world will need a hero, and you
linville@xxxxxxxxxxxxx might be all we have. Be ready.

Attachment: pgp00000.pgp
Description: PGP signature