summaryrefslogtreecommitdiffstats
path: root/net/nfc
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch 'master' of ↵John W. Linville2012-07-203-4/+21
|\ | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next into for-davem
| * Merge branch 'master' of ↵John W. Linville2012-07-173-4/+21
| |\ | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless
| | * NFC: NCI module license 'unspecified' taints kernelDave Jones2012-07-121-0/+3
| | | | | | | | | | | | | | | | | | Signed-off-by: Dave Jones <davej@redhat.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| | * NFC: Set target nfcid1 for all HCI reader A targetsEric Lapuyade2012-07-121-0/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Without the discovered target nfcid1 and its length set properly, type 2 tags detection fails with the pn544 as it checks for them from pn544_hci_complete_target_discovered(). Signed-off-by: Eric Lapuyade <eric.lapuyade@intel.com> Reported-by: Mathias Jeppsson <mathias.jeppsson@sonymobile.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| | * NFC: Fix order of arguments to list_add_tail() when queueing HCP framesMathias Jeppsson2012-07-101-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | The HCP message should be added to transmit queue, not the other way around. Signed-off-by: Mathias Jeppsson <mathias.jeppsson@sonymobile.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| | * NFC: Fix empty HCI message list checkMathias Jeppsson2012-07-101-3/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | list_first_entry() will never return NULL. Instead use list_for_each_entry_safe() to iterate through the list. Signed-off-by: Mathias Jeppsson <mathias.jeppsson@sonymobile.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | | Merge branch 'master' of ↵John W. Linville2012-07-1211-223/+392
|\| | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next into for-davem
| * | NFC: Check for llcp_sock and its device from llcp_sock_getnameSamuel Ortiz2012-07-091-0/+3
| | | | | | | | | | | | | | | | | | They both can potentially be NULL. Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
| * | NFC: Add ISO 14443 type B protocolSamuel Ortiz2012-07-093-4/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | Some devices (e.g. Sony's PaSoRi) can not do type B polling, so we have to make a distinction between ISO14443 type A and B poll modes. Cc: Eric Lapuyade <eric.lapuyade@intel.com> Cc: Ilan Elias <ilane@ti.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
| * | NFC: Dereference LLCP bind socket address after checking for it to be NULLSamuel Ortiz2012-07-091-2/+2
| | | | | | | | | | | | | | | Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
| * | NFC: Do not return EBUSY when stopping a poll that's already stoppedSamuel Ortiz2012-07-091-0/+9
| | | | | | | | | | | | | | | | | | | | | We check for the polling flag before checking if the netlink PID caller match. Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
| * | NFC: Remove warning from nfc_llcp_local_putSamuel Ortiz2012-07-091-2/+0
| | | | | | | | | | | | | | | | | | | | | | | | The socket local pointer can be NULL when a socket is created but never bound or connected. Reported-by: Sasha Levin <levinsasha928@gmail.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
| * | NFC: Handle LLCP Disconnected Mode framesSamuel Ortiz2012-07-091-0/+44
| | | | | | | | | | | | | | | | | | | | | | | | When receiving such frame, the sockets waiting for a connection to finish should be woken up. Connecting to an unbound LLCP service will trigger a DM as a response. Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
| * | NFC: LLCP late bindingSamuel Ortiz2012-07-092-77/+166
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With the LLCP 16 local SAPs we can potentially quickly run out of source SAPs for non well known services. With the so called late binding we will reserve an SAP only when we actually get a client connection for a local service. The SAP will be released once the last client is gone, leaving it available to other services. Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
| * | NFC: Forbid SSAP binding to a not well known LLCP serviceSamuel Ortiz2012-07-091-17/+5
| | | | | | | | | | | | | | | | | | | | | | | | With not Well Known Services there is no guarantees as to which SSAP the server will be listening on, so there is no reason to support binding to a specific source SAP. Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
| * | NFC: Forbid LLCP service name reusingSamuel Ortiz2012-07-091-1/+3
| | | | | | | | | | | | | | | | | | | | | This patch fixes a typo and return the correct error when trying to bind 2 sockets to the same service name. Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
| * | NFC: Release LLCP SAP when the owner is releasedSamuel Ortiz2012-07-093-14/+11
| | | | | | | | | | | | | | | | | | | | | | | | The LLCP SAP should only be freed when the socket owning it is released. As long as the socket is alive, the SAP should be reserved in order to e.g. send the right wks array when bringing the MAC up. Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
| * | NFC: Close listening LLCP sockets when the device is goneSamuel Ortiz2012-07-091-3/+8
| | | | | | | | | | | | | | | | | | | | | | | | When the MAC link goes down, we should only keep the bound sockets alive. They will be closed by sock_release or when the underlying NFC device is moving away. Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
| * | NFC: Build LLCP general bytes upon requestSamuel Ortiz2012-07-091-15/+17
| | | | | | | | | | | | | | | | | | | | | | | | Drivers will need them before starting a poll or when being activated as targets. Mostly WKS can have changed between device registration and then so we need to re-build the whole array. Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
| * | NFC: Fix LLCP getname socket opSamuel Ortiz2012-07-091-4/+7
| | | | | | | | | | | | | | | | | | Set the right target index and use a better socket declaration routine. Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
| * | NFC: Update LLCP socket target index when getting a connectionSamuel Ortiz2012-07-091-0/+1
| | | | | | | | | | | | | | | | | | Getting a valid CONNECT means we have a valid target index. Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
| * | NFC: Add netlink module alias for NFCSamuel Ortiz2012-07-091-0/+3
| | | | | | | | | | | | Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
| * | NFC: Add modules alias for NFC socketsSamuel Ortiz2012-07-091-0/+1
| | | | | | | | | | | | Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
| * | NFC: Allow HCI driver to pre-open pipes to some gatesEric Lapuyade2012-07-093-21/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some NFC chips will statically create and open pipes for both standard and proprietary gates. The driver can now pass this information to HCI such that HCI will not attempt to create and open them, but will instead directly use the passed pipe ids. Signed-off-by: Eric Lapuyade <eric.lapuyade@intel.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
| * | NFC: nfc_driver_failure() implementationEric Lapuyade2012-07-091-6/+2
| | | | | | | | | | | | | | | | | | | | | If the device is polling we sent a 0 target found event. Signed-off-by: Eric Lapuyade <eric.lapuyade@intel.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
| * | NFC: nfc_targets_found() should accept zero target foundEric Lapuyade2012-07-091-6/+13
| | | | | | | | | | | | | | | | | | | | | | | | The semantics for a zero target found event is that the polling operation could not complete. Signed-off-by: Eric Lapuyade <eric.lapuyade@intel.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
| * | NFC: Core must test the device polling state inside the device lockEric Lapuyade2012-07-091-2/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | There can ever be only one call to nfc_targets_found() after polling has been engaged. This could be from a target discovered event from the driver, or from an error handler to notify poll will never complete. Signed-off-by: Eric Lapuyade <eric.lapuyade@intel.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
| * | NFC: Implement HCI driver or internal error managementEric Lapuyade2012-07-091-4/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | If there is an ongoing HCI command executing, it will be completed, thereby pushing the error up to the core. Otherwise, HCI will directly notify the core with the error. Signed-off-by: Eric Lapuyade <eric.lapuyade@intel.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
| * | NFC: Factorize HCI cmd completionEric Lapuyade2012-07-091-11/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | HCI cmd can be completed either from an HCI response or from an internal driver or HCI error. This requires to factorize the completion code outside of the device lock. Signed-off-by: Eric Lapuyade <eric.lapuyade@intel.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
| * | NFC: Driver failure APIEric Lapuyade2012-07-091-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | This API should be used by drivers, HCI, SHDLC or NCI stacks to report an unrecoverable error. Signed-off-by: Eric Lapuyade <eric.lapuyade@intel.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
| * | NFC: Changed HCI cmd execution completion result to std linux errnoEric Lapuyade2012-07-093-22/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | An HCI command can complete either from an HCI response (with an HCI result) or as a consequence of any other system error during processing. The completion therefore needs to take a standard errno code. The HCI response will convert its result to a standard errno before calling the completion. Signed-off-by: Eric Lapuyade <eric.lapuyade@intel.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
| * | NFC: Implement HCP reaggregation allocation error caseEric Lapuyade2012-07-091-5/+10
| | | | | | | | | | | | | | | | | | | | | We can now report an ENOMEM error up to the HCI layer. Signed-off-by: Eric Lapuyade <eric.lapuyade@intel.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
| * | NFC: Remove an impossible HCI error caseEric Lapuyade2012-07-091-10/+0
| | | | | | | | | | | | | | | | | | | | | nfc_hci_recv_frame can not be called with a NULL skb. Signed-off-by: Eric Lapuyade <eric.lapuyade@intel.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
| * | NFC: Handle SHDLC RSET frames from an SHDLC connected chipEric Lapuyade2012-07-091-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | shdlc reset may leave HCI in an inconsistent state by loosing parts of HCI frames. Handle this case by reporting an unrecoverable error to HCI. Signed-off-by: Eric Lapuyade <eric.lapuyade@intel.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
| * | NFC: Removed addressed shdlc TODOsEric Lapuyade2012-07-091-11/+0
| | | | | | | | | | | | | | | | | | | | | The questions asked in the comments have been answered and addressed. Signed-off-by: Eric Lapuyade <eric.lapuyade@intel.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
| * | NFC: Prepare asynchronous error management for driver and shdlcEric Lapuyade2012-07-092-8/+19
| | | | | | | | | | | | | | | Signed-off-by: Eric Lapuyade <eric.lapuyade@intel.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
| * | Merge branch 'master' of ↵John W. Linville2012-07-093-7/+10
| |\| | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless Conflicts: net/mac80211/mlme.c
| * | Merge branch 'master' of ↵John W. Linville2012-06-121-0/+3
| |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless Conflicts: MAINTAINERS drivers/net/wireless/iwlwifi/pcie/trans.c
* | \ \ Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller2012-07-101-1/+1
|\ \ \ \ | | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: net/batman-adv/bridge_loop_avoidance.c net/batman-adv/bridge_loop_avoidance.h net/batman-adv/soft-interface.c net/mac80211/mlme.c With merge help from Antonio Quartulli (batman-adv) and Stephen Rothwell (drivers/net/usb/qmi_wwan.c). The net/mac80211/mlme.c conflict seemed easy enough, accounting for a conversion to some new tracing macros. Signed-off-by: David S. Miller <davem@davemloft.net>
| * | | NFC: Prevent NULL deref when getting socket nameSasha Levin2012-07-091-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | llcp_sock_getname can be called without a device attached to the nfc_llcp_sock. This would lead to the following BUG: [ 362.341807] BUG: unable to handle kernel NULL pointer dereference at (null) [ 362.341815] IP: [<ffffffff836258e5>] llcp_sock_getname+0x75/0xc0 [ 362.341818] PGD 31b35067 PUD 30631067 PMD 0 [ 362.341821] Oops: 0000 [#627] PREEMPT SMP DEBUG_PAGEALLOC [ 362.341826] CPU 3 [ 362.341827] Pid: 7816, comm: trinity-child55 Tainted: G D W 3.5.0-rc4-next-20120628-sasha-00005-g9f23eb7 #479 [ 362.341831] RIP: 0010:[<ffffffff836258e5>] [<ffffffff836258e5>] llcp_sock_getname+0x75/0xc0 [ 362.341832] RSP: 0018:ffff8800304fde88 EFLAGS: 00010286 [ 362.341834] RAX: 0000000000000000 RBX: ffff880033cb8000 RCX: 0000000000000001 [ 362.341835] RDX: ffff8800304fdec4 RSI: ffff8800304fdec8 RDI: ffff8800304fdeda [ 362.341836] RBP: ffff8800304fdea8 R08: 7ebcebcb772b7ffb R09: 5fbfcb9c35bdfd53 [ 362.341838] R10: 4220020c54326244 R11: 0000000000000246 R12: ffff8800304fdec8 [ 362.341839] R13: ffff8800304fdec4 R14: ffff8800304fdec8 R15: 0000000000000044 [ 362.341841] FS: 00007effa376e700(0000) GS:ffff880035a00000(0000) knlGS:0000000000000000 [ 362.341843] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 362.341844] CR2: 0000000000000000 CR3: 0000000030438000 CR4: 00000000000406e0 [ 362.341851] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 362.341856] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 362.341858] Process trinity-child55 (pid: 7816, threadinfo ffff8800304fc000, task ffff880031270000) [ 362.341858] Stack: [ 362.341862] ffff8800304fdea8 ffff880035156780 0000000000000000 0000000000001000 [ 362.341865] ffff8800304fdf78 ffffffff83183b40 00000000304fdec8 0000006000000000 [ 362.341868] ffff8800304f0027 ffffffff83729649 ffff8800304fdee8 ffff8800304fdf48 [ 362.341869] Call Trace: [ 362.341874] [<ffffffff83183b40>] sys_getpeername+0xa0/0x110 [ 362.341877] [<ffffffff83729649>] ? _raw_spin_unlock_irq+0x59/0x80 [ 362.341882] [<ffffffff810f342b>] ? do_setitimer+0x23b/0x290 [ 362.341886] [<ffffffff81985ede>] ? trace_hardirqs_on_thunk+0x3a/0x3f [ 362.341889] [<ffffffff8372a539>] system_call_fastpath+0x16/0x1b [ 362.341921] Code: 84 00 00 00 00 00 b8 b3 ff ff ff 48 85 db 74 54 66 41 c7 04 24 27 00 49 8d 7c 24 12 41 c7 45 00 60 00 00 00 48 8b 83 28 05 00 00 <8b> 00 41 89 44 24 04 0f b6 83 41 05 00 00 41 88 44 24 10 0f b6 [ 362.341924] RIP [<ffffffff836258e5>] llcp_sock_getname+0x75/0xc0 [ 362.341925] RSP <ffff8800304fde88> [ 362.341926] CR2: 0000000000000000 [ 362.341928] ---[ end trace 6d450e935ee18bf3 ]--- Signed-off-by: Sasha Levin <levinsasha928@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | | | net: Use NLMSG_DEFAULT_SIZE in combination with nlmsg_new()Thomas Graf2012-06-281-9/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Using NLMSG_GOODSIZE results in multiple pages being used as nlmsg_new() will automatically add the size of the netlink header to the payload thus exceeding the page limit. NLMSG_DEFAULT_SIZE takes this into account. Signed-off-by: Thomas Graf <tgraf@suug.ch> Cc: Jiri Pirko <jpirko@redhat.com> Cc: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> Cc: Sergey Lapin <slapin@ossfans.org> Cc: Johannes Berg <johannes@sipsolutions.net> Cc: Lauro Ramos Venancio <lauro.venancio@openbossa.org> Cc: Aloisio Almeida Jr <aloisio.almeida@openbossa.org> Cc: Samuel Ortiz <sameo@linux.intel.com> Reviewed-by: Jiri Pirko <jpirko@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | | Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller2012-06-282-6/+9
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: drivers/net/caif/caif_hsi.c drivers/net/usb/qmi_wwan.c The qmi_wwan merge was trivial. The caif_hsi.c, on the other hand, was not. It's a conflict between 1c385f1fdf6f9c66d982802cd74349c040980b50 ("caif-hsi: Replace platform device with ops structure.") in the net-next tree and commit 39abbaef19cd0a30be93794aa4773c779c3eb1f3 ("caif-hsi: Postpone init of HIS until open()") in the net tree. I did my best with that one and will ask Sjur to check it out. Signed-off-by: David S. Miller <davem@davemloft.net>
| * | | NFC: Return from rawsock_release when sk is NULLEric Dumazet2012-06-261-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Sasha Levin reported following panic : [ 2136.383310] BUG: unable to handle kernel NULL pointer dereference at 00000000000003b0 [ 2136.384022] IP: [<ffffffff8114e400>] __lock_acquire+0xc0/0x4b0 [ 2136.384022] PGD 131c4067 PUD 11c0c067 PMD 0 [ 2136.388106] Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC [ 2136.388106] CPU 1 [ 2136.388106] Pid: 24855, comm: trinity-child1 Tainted: G W 3.5.0-rc2-sasha-00015-g7b268f7 #374 [ 2136.388106] RIP: 0010:[<ffffffff8114e400>] [<ffffffff8114e400>] __lock_acquire+0xc0/0x4b0 [ 2136.388106] RSP: 0018:ffff8800130b3ca8 EFLAGS: 00010046 [ 2136.388106] RAX: 0000000000000086 RBX: ffff88001186b000 RCX: 0000000000000000 [ 2136.388106] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2136.388106] RBP: ffff8800130b3d08 R08: 0000000000000001 R09: 0000000000000000 [ 2136.388106] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000002 [ 2136.388106] R13: 00000000000003b0 R14: 0000000000000000 R15: 0000000000000000 [ 2136.388106] FS: 00007fa5b1bd4700(0000) GS:ffff88001b800000(0000) knlGS:0000000000000000 [ 2136.388106] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2136.388106] CR2: 00000000000003b0 CR3: 0000000011d1f000 CR4: 00000000000406e0 [ 2136.388106] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 2136.388106] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 2136.388106] Process trinity-child1 (pid: 24855, threadinfo ffff8800130b2000, task ffff88001186b000) [ 2136.388106] Stack: [ 2136.388106] ffff8800130b3cd8 ffffffff81121785 ffffffff81236774 000080d000000001 [ 2136.388106] ffff88001b9d6c00 00000000001d6c00 ffffffff130b3d08 ffff88001186b000 [ 2136.388106] 0000000000000000 0000000000000002 0000000000000000 0000000000000000 [ 2136.388106] Call Trace: [ 2136.388106] [<ffffffff81121785>] ? sched_clock_local+0x25/0x90 [ 2136.388106] [<ffffffff81236774>] ? get_empty_filp+0x74/0x220 [ 2136.388106] [<ffffffff8114e97a>] lock_acquire+0x18a/0x1e0 [ 2136.388106] [<ffffffff836b37df>] ? rawsock_release+0x4f/0xa0 [ 2136.388106] [<ffffffff837c0ef0>] _raw_write_lock_bh+0x40/0x80 [ 2136.388106] [<ffffffff836b37df>] ? rawsock_release+0x4f/0xa0 [ 2136.388106] [<ffffffff836b37df>] rawsock_release+0x4f/0xa0 [ 2136.388106] [<ffffffff8321cfe8>] sock_release+0x18/0x70 [ 2136.388106] [<ffffffff8321d069>] sock_close+0x29/0x30 [ 2136.388106] [<ffffffff81236bca>] __fput+0x11a/0x2c0 [ 2136.388106] [<ffffffff81236d85>] fput+0x15/0x20 [ 2136.388106] [<ffffffff8321de34>] sys_accept4+0x1b4/0x200 [ 2136.388106] [<ffffffff837c165c>] ? _raw_spin_unlock_irq+0x4c/0x80 [ 2136.388106] [<ffffffff837c1669>] ? _raw_spin_unlock_irq+0x59/0x80 [ 2136.388106] [<ffffffff837c2565>] ? sysret_check+0x22/0x5d [ 2136.388106] [<ffffffff8321de8b>] sys_accept+0xb/0x10 [ 2136.388106] [<ffffffff837c2539>] system_call_fastpath+0x16/0x1b [ 2136.388106] Code: ec 04 00 0f 85 ea 03 00 00 be d5 0b 00 00 48 c7 c7 8a c1 40 84 e8 b1 a5 f8 ff 31 c0 e9 d4 03 00 00 66 2e 0f 1f 84 00 00 00 00 00 <49> 81 7d 00 60 73 5e 85 b8 01 00 00 00 44 0f 44 e0 83 fe 01 77 [ 2136.388106] RIP [<ffffffff8114e400>] __lock_acquire+0xc0/0x4b0 [ 2136.388106] RSP <ffff8800130b3ca8> [ 2136.388106] CR2: 00000000000003b0 [ 2136.388106] ---[ end trace 6d450e935ee18982 ]--- [ 2136.388106] Kernel panic - not syncing: Fatal exception in interrupt rawsock_release() should test if sock->sk is NULL before calling sock_orphan()/sock_put() Reported-by: Sasha Levin <levinsasha928@gmail.com> Tested-by: Sasha Levin <levinsasha928@gmail.com> Cc: stable@kernel.org Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
| * | | NFC: Prevent multiple buffer overflows in NCIDan Rosenberg2012-06-251-5/+5
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix multiple remotely-exploitable stack-based buffer overflows due to the NCI code pulling length fields directly from incoming frames and copying too much data into statically-sized arrays. Signed-off-by: Dan Rosenberg <dan.j.rosenberg@gmail.com> Cc: stable@kernel.org Cc: security@kernel.org Cc: Lauro Ramos Venancio <lauro.venancio@openbossa.org> Cc: Aloisio Almeida Jr <aloisio.almeida@openbossa.org> Cc: Samuel Ortiz <sameo@linux.intel.com> Cc: David S. Miller <davem@davemloft.net> Acked-by: Ilan Elias <ilane@ti.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
* | | Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller2012-06-121-0/+3
|\| | | |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: MAINTAINERS drivers/net/wireless/iwlwifi/pcie/trans.c The iwlwifi conflict was resolved by keeping the code added in 'net' that turns off the buggy chip feature. The MAINTAINERS conflict was merely overlapping changes, one change updated all the wireless web site URLs and the other changed some GIT trees to be Johannes's instead of John's. Signed-off-by: David S. Miller <davem@davemloft.net>
| * NFC: Fix possible NULL ptr deref when getting the name of a socketSasha Levin2012-06-081-0/+3
| | | | | | | | | | | | | | | | | | | | | | llcp_sock_getname() might get called before the LLCP socket was created. This condition isn't checked, and llcp_sock_getname will simply deref a NULL ptr in that case. This exists starting with d646960 ("NFC: Initial LLCP support"). Signed-off-by: Sasha Levin <levinsasha928@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | NFC: Destroy LLCP timout workqueue when releasing the linkSamuel Ortiz2012-06-041-0/+1
| | | | | | | | Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
* | NFC: Switch to Initiator mode when getting NFC_ATTR_PROTOCOLSSamuel Ortiz2012-06-041-2/+2
| | | | | | | | | | | | | | That is needed for keeping backward compatibility with apps using the old netlink polling API (NFC_ATTR_PROTOCOLS instead of NFC_ATTR_IM_PROTOCOLS). Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
* | NFC: Send a receiver ready frame only to reply to an I frameSamuel Ortiz2012-06-041-1/+1
| | | | | | | | | | | | | | Sending an RR as a reply to another RR is fine but not quite logical. We should send RRs only as a reply to I frames. Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
* | NFC: Requeue lost LLCP framesSamuel Ortiz2012-06-041-31/+55
| | | | | | | | | | | | | | When receiving an I or RR frame telling us that some of the pending queues were not received, we should requeue them before the currently pending ones. Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>