Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

Pull networking fixes from David Miller: 1) Don't use shared bluetooth antenna in iwlwifi driver for management frames, from Emmanuel Grumbach. 2) Fix device ID check in ath9k driver, from Felix Fietkau. 3) Off by one in xen-netback BUG checks, from Dan Carpenter. 4) Fix IFLA_VF_PORT netlink attribute validation, from Daniel Borkmann. 5) Fix races in setting peeked bit flag in SKBs during datagram receive. If it's shared we have to clone it otherwise the value can easily be corrupted. Fix from Herbert Xu. 6) Revert fec clock handling change, causes regressions. From Fabio Estevam. 7) Fix use after free in fq_codel and sfq packet schedulers, from WANG Cong. 8) ipvlan bug fixes (memory leaks, missing rcu_dereference_bh, etc.) from WANG Cong and Konstantin Khlebnikov. 9) Memory leak in act_bpf packet action, from Alexei Starovoitov. 10) ARM bpf JIT bug fixes from Nicolas Schichan. 11) Fix backwards compat of ANY_LAYOUT in virtio_net driver, from Michael S Tsirkin. 12) Destruction of bond with different ARP header types not handled correctly, fix from Nikolay Aleksandrov. 13) Revert GRO receive support in ipv6 SIT tunnel driver, causes regressions because the GRO packets created cannot be processed properly on the GSO side if we forward the frame. From Herbert Xu. 14) TCCR update race and other fixes to ravb driver from Sergei Shtylyov. 15) Fix SKB leaks in caif_queue_rcv_skb(), from Eric Dumazet. 16) Fix panics on packet scheduler filter replace, from Daniel Borkmann. 17) Make sure AF_PACKET sees properly IP headers in defragmented frames (via PACKET_FANOUT_FLAG_DEFRAG option), from Edward Hyunkoo Jee. 18) AF_NETLINK cannot hold mutex in RCU callback, fix from Florian Westphal. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (84 commits) ravb: fix ring memory allocation net: phy: dp83867: Fix warning check for setting the internal delay openvswitch: allocate nr_node_ids flow_stats instead of num_possible_nodes netlink: don't hold mutex in rcu callback when releasing mmapd ring ARM: net: fix vlan access instructions in ARM JIT. ARM: net: handle negative offsets in BPF JIT. ARM: net: fix condition for load_order > 0 when translating load instructions. tcp: suppress a division by zero warning drivers: net: cpsw: remove tx event processing in rx napi poll inet: frags: fix defragmented packet's IP header for af_packet net: mvneta: fix refilling for Rx DMA buffers stmmac: fix setting of driver data in stmmac_dvr_probe sched: cls_flow: fix panic on filter replace sched: cls_flower: fix panic on filter replace sched: cls_bpf: fix panic on filter replace net/mdio: fix mdio_bus_match for c45 PHY net: ratelimit warnings about dst entry refcount underflow or overflow caif: fix leaks and race in caif_queue_rcv_skb() qmi_wwan: add the second QMI/network interface for Sierra Wireless MC7305/MC7355 ravb: fix race updating TCCR ...
author: Linus Torvalds <torvalds@linux-foundation.org> 2015-07-22 17:45:25 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2015-07-22 17:45:25 -0400
commit: c5dfd654d0ec0a28fe81e7bd4d4fd984a9855e09 (patch)
tree: 3ea7bba549fd342b10a56e76626e83c05dabc3bf /net
parent: 5a5ca73ac0a73c876b62858f0753a25ee430e370 (diff)
parent: d8b48911fd249bc1a3431a9515619403c96d6af3 (diff)
31 files changed, 295 insertions, 135 deletions
diff --git a/net/ax25/ax25_subr.c b/net/ax25/ax25_subr.c
index 1997538a5d23..3b78e8473a01 100644
--- a/net/ax25/ax25_subr.c
+++ b/net/ax25/ax25_subr.c
@@ -264,6 +264,7 @@ void ax25_disconnect(ax25_cb *ax25, int reason)
 {
        ax25_clear_queues(ax25);
+        ax25_stop_heartbeat(ax25);
        ax25_stop_t1timer(ax25);
        ax25_stop_t2timer(ax25);
        ax25_stop_t3timer(ax25);
diff --git a/net/bridge/br_mdb.c b/net/bridge/br_mdb.c
index c11cf2611db0..1198a3dbad95 100644
--- a/net/bridge/br_mdb.c
+++ b/net/bridge/br_mdb.c
@@ -351,7 +351,6 @@ static int br_mdb_add_group(struct net_bridge *br, struct net_bridge_port *port,
        if (state == MDB_TEMPORARY)
                mod_timer(&p->timer, now + br->multicast_membership_interval);
-        br_mdb_notify(br->dev, port, group, RTM_NEWMDB);
        return 0;
 }
diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c
index 742a6c27d7a2..79db489cdade 100644
--- a/net/bridge/br_multicast.c
+++ b/net/bridge/br_multicast.c
@@ -39,6 +39,16 @@ static void br_multicast_start_querier(struct net_bridge *br,
                                       struct bridge_mcast_own_query *query);
 static void br_multicast_add_router(struct net_bridge *br,
                                    struct net_bridge_port *port);
+static void br_ip4_multicast_leave_group(struct net_bridge *br,
+                                         struct net_bridge_port *port,
+                                         __be32 group,
+                                         __u16 vid);
+#if IS_ENABLED(CONFIG_IPV6)
+static void br_ip6_multicast_leave_group(struct net_bridge *br,
+                                         struct net_bridge_port *port,
+                                         const struct in6_addr *group,
+                                         __u16 vid);
+#endif
 unsigned int br_mdb_rehash_seq;
 static inline int br_ip_equal(const struct br_ip *a, const struct br_ip *b)
@@ -1010,9 +1020,15 @@ static int br_ip4_multicast_igmp3_report(struct net_bridge *br,
                        continue;
                }
-                err = br_ip4_multicast_add_group(br, port, group, vid);
+                if ((type == IGMPV3_CHANGE_TO_INCLUDE ||
-                if (err)
+                     type == IGMPV3_MODE_IS_INCLUDE) &&
-                        break;
+                    ntohs(grec->grec_nsrcs) == 0) {
+                        br_ip4_multicast_leave_group(br, port, group, vid);
+                } else {
+                        err = br_ip4_multicast_add_group(br, port, group, vid);
+                        if (err)
+                                break;
+                }
        }
        return err;
@@ -1071,10 +1087,17 @@ static int br_ip6_multicast_mld2_report(struct net_bridge *br,
                        continue;
                }
-                err = br_ip6_multicast_add_group(br, port, &grec->grec_mca,
+                if ((grec->grec_type == MLD2_CHANGE_TO_INCLUDE ||
-                                                 vid);
+                     grec->grec_type == MLD2_MODE_IS_INCLUDE) &&
-                if (err)
+                    ntohs(*nsrcs) == 0) {
-                        break;
+                        br_ip6_multicast_leave_group(br, port, &grec->grec_mca,
+                                                     vid);
+                } else {
+                        err = br_ip6_multicast_add_group(br, port,
+                                                         &grec->grec_mca, vid);
+                        if (!err)
+                                break;
+                }
        }
        return err;
diff --git a/net/caif/caif_socket.c b/net/caif/caif_socket.c
index 3cc71b9f5517..cc858919108e 100644
--- a/net/caif/caif_socket.c
+++ b/net/caif/caif_socket.c
@@ -121,12 +121,13 @@ static void caif_flow_ctrl(struct sock *sk, int mode)
 * Copied from sock.c:sock_queue_rcv_skb(), but changed so packets are
 * not dropped, but CAIF is sending flow off instead.
 */
-static int caif_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
+static void caif_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
 {
        int err;
        unsigned long flags;
        struct sk_buff_head *list = &sk->sk_receive_queue;
        struct caifsock *cf_sk = container_of(sk, struct caifsock, sk);
+        bool queued = false;
        if (atomic_read(&sk->sk_rmem_alloc) + skb->truesize >=
                (unsigned int)sk->sk_rcvbuf && rx_flow_is_on(cf_sk)) {
@@ -139,7 +140,8 @@ static int caif_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
        err = sk_filter(sk, skb);
        if (err)
-                return err;
+                goto out;
        if (!sk_rmem_schedule(sk, skb, skb->truesize) && rx_flow_is_on(cf_sk)) {
                set_rx_flow_off(cf_sk);
                net_dbg_ratelimited("sending flow OFF due to rmem_schedule\n");
@@ -147,21 +149,16 @@ static int caif_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
        }
        skb->dev = NULL;
        skb_set_owner_r(skb, sk);
-        /* Cache the SKB length before we tack it onto the receive
-         * queue. Once it is added it no longer belongs to us and
-         * may be freed by other threads of control pulling packets
-         * from the queue.
-         */
        spin_lock_irqsave(&list->lock, flags);
-        if (!sock_flag(sk, SOCK_DEAD))
+        queued = !sock_flag(sk, SOCK_DEAD);
+        if (queued)
                __skb_queue_tail(list, skb);
        spin_unlock_irqrestore(&list->lock, flags);
+out:
-        if (!sock_flag(sk, SOCK_DEAD))
+        if (queued)
                sk->sk_data_ready(sk);
        else
                kfree_skb(skb);
-        return 0;
 }
 /* Packet Receive Callback function called from CAIF Stack */
diff --git a/net/core/datagram.c b/net/core/datagram.c
index b80fb91bb3f7..4967262b2707 100644
--- a/net/core/datagram.c
+++ b/net/core/datagram.c
@@ -131,6 +131,35 @@ out_noerr:
        goto out;
 }
+static int skb_set_peeked(struct sk_buff *skb)
+{
+        struct sk_buff *nskb;
+        if (skb->peeked)
+                return 0;
+        /* We have to unshare an skb before modifying it. */
+        if (!skb_shared(skb))
+                goto done;
+        nskb = skb_clone(skb, GFP_ATOMIC);
+        if (!nskb)
+                return -ENOMEM;
+        skb->prev->next = nskb;
+        skb->next->prev = nskb;
+        nskb->prev = skb->prev;
+        nskb->next = skb->next;
+        consume_skb(skb);
+        skb = nskb;
+done:
+        skb->peeked = 1;
+        return 0;
+}
 /**
 *      __skb_recv_datagram - Receive a datagram skbuff
 *      @sk: socket
@@ -165,7 +194,9 @@ out_noerr:
 struct sk_buff *__skb_recv_datagram(struct sock *sk, unsigned int flags,
                                    int *peeked, int *off, int *err)
 {
+        struct sk_buff_head *queue = &sk->sk_receive_queue;
        struct sk_buff *skb, *last;
+        unsigned long cpu_flags;
        long timeo;
        /*
         * Caller is allowed not to check sk->sk_err before skb_recv_datagram()
@@ -184,8 +215,6 @@ struct sk_buff *__skb_recv_datagram(struct sock *sk, unsigned int flags,
                 * Look at current nfs client by the way...
                 * However, this function was correct in any case. 8)
                 */
-                unsigned long cpu_flags;
-                struct sk_buff_head *queue = &sk->sk_receive_queue;
                int _off = *off;
                last = (struct sk_buff *)queue;
@@ -199,7 +228,11 @@ struct sk_buff *__skb_recv_datagram(struct sock *sk, unsigned int flags,
                                        _off -= skb->len;
                                        continue;
                                }
-                                skb->peeked = 1;
+                                error = skb_set_peeked(skb);
+                                if (error)
+                                        goto unlock_err;
                                atomic_inc(&skb->users);
                        } else
                                __skb_unlink(skb, queue);
@@ -223,6 +256,8 @@ struct sk_buff *__skb_recv_datagram(struct sock *sk, unsigned int flags,
        return NULL;
+unlock_err:
+        spin_unlock_irqrestore(&queue->lock, cpu_flags);
 no_packet:
        *err = error;
        return NULL;
@@ -622,7 +657,8 @@ __sum16 __skb_checksum_complete_head(struct sk_buff *skb, int len)
                    !skb->csum_complete_sw)
                        netdev_rx_csum_fault(skb->dev);
        }
-        skb->csum_valid = !sum;
+        if (!skb_shared(skb))
+                skb->csum_valid = !sum;
        return sum;
 }
 EXPORT_SYMBOL(__skb_checksum_complete_head);
@@ -642,11 +678,13 @@ __sum16 __skb_checksum_complete(struct sk_buff *skb)
                        netdev_rx_csum_fault(skb->dev);
        }
-        /* Save full packet checksum */
+        if (!skb_shared(skb)) {
-        skb->csum = csum;
+                /* Save full packet checksum */
-        skb->ip_summed = CHECKSUM_COMPLETE;
+                skb->csum = csum;
-        skb->csum_complete_sw = 1;
+                skb->ip_summed = CHECKSUM_COMPLETE;
-        skb->csum_valid = !sum;
+                skb->csum_complete_sw = 1;
+                skb->csum_valid = !sum;
+        }
        return sum;
 }
diff --git a/net/core/dst.c b/net/core/dst.c
index e956ce6d1378..002144bea935 100644
--- a/net/core/dst.c
+++ b/net/core/dst.c
@@ -284,7 +284,9 @@ void dst_release(struct dst_entry *dst)
                int newrefcnt;
                newrefcnt = atomic_dec_return(&dst->__refcnt);
-                WARN_ON(newrefcnt < 0);
+                if (unlikely(newrefcnt < 0))
+                        net_warn_ratelimited("%s: dst:%p refcnt:%d\n",
+                                             __func__, dst, newrefcnt);
                if (unlikely(dst->flags & DST_NOCACHE) && !newrefcnt)
                        call_rcu(&dst->rcu_head, dst_destroy_rcu);
        }
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index 9e433d58d265..dc004b1e1f85 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -1804,10 +1804,13 @@ static int do_setlink(const struct sk_buff *skb,
                        goto errout;
                nla_for_each_nested(attr, tb[IFLA_VF_PORTS], rem) {
-                        if (nla_type(attr) != IFLA_VF_PORT)
+                        if (nla_type(attr) != IFLA_VF_PORT ||
-                                continue;
+                            nla_len(attr) < NLA_HDRLEN) {
-                        err = nla_parse_nested(port, IFLA_PORT_MAX,
+                                err = -EINVAL;
-                                attr, ifla_port_policy);
+                                goto errout;
+                        }
+                        err = nla_parse_nested(port, IFLA_PORT_MAX, attr,
+                                               ifla_port_policy);
                        if (err < 0)
                                goto errout;
                        if (!port[IFLA_PORT_VF]) {
diff --git a/net/ipv4/datagram.c b/net/ipv4/datagram.c
index 90c0e8386116..574fad9cca05 100644
--- a/net/ipv4/datagram.c
+++ b/net/ipv4/datagram.c
@@ -20,7 +20,7 @@
 #include <net/route.h>
 #include <net/tcp_states.h>
-int ip4_datagram_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len)
+int __ip4_datagram_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len)
 {
        struct inet_sock *inet = inet_sk(sk);
        struct sockaddr_in *usin = (struct sockaddr_in *) uaddr;
@@ -39,8 +39,6 @@ int ip4_datagram_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len)
        sk_dst_reset(sk);
-        lock_sock(sk);
        oif = sk->sk_bound_dev_if;
        saddr = inet->inet_saddr;
        if (ipv4_is_multicast(usin->sin_addr.s_addr)) {
@@ -82,9 +80,19 @@ int ip4_datagram_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len)
        sk_dst_set(sk, &rt->dst);
        err = 0;
 out:
-        release_sock(sk);
        return err;
 }
+EXPORT_SYMBOL(__ip4_datagram_connect);
+int ip4_datagram_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len)
+{
+        int res;
+        lock_sock(sk);
+        res = __ip4_datagram_connect(sk, uaddr, addr_len);
+        release_sock(sk);
+        return res;
+}
 EXPORT_SYMBOL(ip4_datagram_connect);
 /* Because UDP xmit path can manipulate sk_dst_cache without holding
diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c
index 5f9b063bbe8a..0cb9165421d4 100644
--- a/net/ipv4/inet_hashtables.c
+++ b/net/ipv4/inet_hashtables.c
@@ -624,22 +624,21 @@ EXPORT_SYMBOL_GPL(inet_hashinfo_init);
 int inet_ehash_locks_alloc(struct inet_hashinfo *hashinfo)
 {
+        unsigned int locksz = sizeof(spinlock_t);
        unsigned int i, nblocks = 1;
-        if (sizeof(spinlock_t) != 0) {
+        if (locksz != 0) {
                /* allocate 2 cache lines or at least one spinlock per cpu */
-                nblocks = max_t(unsigned int,
+                nblocks = max(2U * L1_CACHE_BYTES / locksz, 1U);
-                                2 * L1_CACHE_BYTES / sizeof(spinlock_t),
-                                1);
                nblocks = roundup_pow_of_two(nblocks * num_possible_cpus());
                /* no more locks than number of hash buckets */
                nblocks = min(nblocks, hashinfo->ehash_mask + 1);
-                hashinfo->ehash_locks = kmalloc_array(nblocks, sizeof(spinlock_t),
+                hashinfo->ehash_locks = kmalloc_array(nblocks, locksz,
                                                      GFP_KERNEL | __GFP_NOWARN);
                if (!hashinfo->ehash_locks)
-                        hashinfo->ehash_locks = vmalloc(nblocks * sizeof(spinlock_t));
+                        hashinfo->ehash_locks = vmalloc(nblocks * locksz);
                if (!hashinfo->ehash_locks)
                        return -ENOMEM;
diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
index a50dc6d408d1..31f71b15cfba 100644
--- a/net/ipv4/ip_fragment.c
+++ b/net/ipv4/ip_fragment.c
@@ -351,7 +351,7 @@ static int ip_frag_queue(struct ipq *qp, struct sk_buff *skb)
        ihl = ip_hdrlen(skb);
        /* Determine the position of this fragment. */
-        end = offset + skb->len - ihl;
+        end = offset + skb->len - skb_network_offset(skb) - ihl;
        err = -EINVAL;
        /* Is this the final fragment? */
@@ -381,7 +381,7 @@ static int ip_frag_queue(struct ipq *qp, struct sk_buff *skb)
                goto err;
        err = -ENOMEM;
-        if (!pskb_pull(skb, ihl))
+        if (!pskb_pull(skb, skb_network_offset(skb) + ihl))
                goto err;
        err = pskb_trim_rcsum(skb, end - offset);
@@ -641,6 +641,8 @@ static int ip_frag_reasm(struct ipq *qp, struct sk_buff *prev,
                iph->frag_off = 0;
        }
+        ip_send_check(iph);
        IP_INC_STATS_BH(net, IPSTATS_MIB_REASMOKS);
        qp->q.fragments = NULL;
        qp->q.fragments_tail = NULL;
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index 684f095d196e..728f5b3d3c64 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -1917,14 +1917,13 @@ void tcp_enter_loss(struct sock *sk)
        const struct inet_connection_sock *icsk = inet_csk(sk);
        struct tcp_sock *tp = tcp_sk(sk);
        struct sk_buff *skb;
-        bool new_recovery = false;
+        bool new_recovery = icsk->icsk_ca_state < TCP_CA_Recovery;
        bool is_reneg;                  /* is receiver reneging on SACKs? */
        /* Reduce ssthresh if it has not yet been made inside this window. */
        if (icsk->icsk_ca_state <= TCP_CA_Disorder ||
            !after(tp->high_seq, tp->snd_una) ||
            (icsk->icsk_ca_state == TCP_CA_Loss && !icsk->icsk_retransmits)) {
-                new_recovery = true;
                tp->prior_ssthresh = tcp_current_ssthresh(sk);
                tp->snd_ssthresh = icsk->icsk_ca_ops->ssthresh(sk);
                tcp_ca_event(sk, CA_EVENT_LOSS);
diff --git a/net/ipv6/datagram.c b/net/ipv6/datagram.c
index 62d908e64eeb..b10a88986a98 100644
--- a/net/ipv6/datagram.c
+++ b/net/ipv6/datagram.c
@@ -40,7 +40,7 @@ static bool ipv6_mapped_addr_any(const struct in6_addr *a)
        return ipv6_addr_v4mapped(a) && (a->s6_addr32[3] == 0);
 }
-int ip6_datagram_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len)
+static int __ip6_datagram_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len)
 {
        struct sockaddr_in6     *usin = (struct sockaddr_in6 *) uaddr;
        struct inet_sock        *inet = inet_sk(sk);
@@ -56,7 +56,7 @@ int ip6_datagram_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len)
        if (usin->sin6_family == AF_INET) {
                if (__ipv6_only_sock(sk))
                        return -EAFNOSUPPORT;
-                err = ip4_datagram_connect(sk, uaddr, addr_len);
+                err = __ip4_datagram_connect(sk, uaddr, addr_len);
                goto ipv4_connected;
        }
@@ -98,9 +98,9 @@ int ip6_datagram_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len)
                sin.sin_addr.s_addr = daddr->s6_addr32[3];
                sin.sin_port = usin->sin6_port;
-                err = ip4_datagram_connect(sk,
+                err = __ip4_datagram_connect(sk,
-                                           (struct sockaddr *) &sin,
+                                             (struct sockaddr *) &sin,
-                                           sizeof(sin));
+                                             sizeof(sin));
 ipv4_connected:
                if (err)
@@ -204,6 +204,16 @@ out:
        fl6_sock_release(flowlabel);
        return err;
 }
+int ip6_datagram_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len)
+{
+        int res;
+        lock_sock(sk);
+        res = __ip6_datagram_connect(sk, uaddr, addr_len);
+        release_sock(sk);
+        return res;
+}
 EXPORT_SYMBOL_GPL(ip6_datagram_connect);
 int ip6_datagram_connect_v6_only(struct sock *sk, struct sockaddr *uaddr,
diff --git a/net/ipv6/ip6_offload.c b/net/ipv6/ip6_offload.c
index e893cd18612f..08b62047c67f 100644
--- a/net/ipv6/ip6_offload.c
+++ b/net/ipv6/ip6_offload.c
@@ -292,8 +292,6 @@ static struct packet_offload ipv6_packet_offload __read_mostly = {
 static const struct net_offload sit_offload = {
        .callbacks = {
                .gso_segment    = ipv6_gso_segment,
-                .gro_receive    = ipv6_gro_receive,
-                .gro_complete   = ipv6_gro_complete,
        },
 };
diff --git a/net/mac80211/debugfs_netdev.c b/net/mac80211/debugfs_netdev.c
index 29236e832e44..c09c0131bfa2 100644
--- a/net/mac80211/debugfs_netdev.c
+++ b/net/mac80211/debugfs_netdev.c
@@ -723,6 +723,7 @@ void ieee80211_debugfs_remove_netdev(struct ieee80211_sub_if_data *sdata)
        debugfs_remove_recursive(sdata->vif.debugfs_dir);
        sdata->vif.debugfs_dir = NULL;
+        sdata->debugfs.subdir_stations = NULL;
 }
 void ieee80211_debugfs_rename_netdev(struct ieee80211_sub_if_data *sdata)
diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
index ed1edac14372..553ac6dd4867 100644
--- a/net/mac80211/iface.c
+++ b/net/mac80211/iface.c
@@ -1863,10 +1863,6 @@ void ieee80211_sdata_stop(struct ieee80211_sub_if_data *sdata)
        ieee80211_teardown_sdata(sdata);
 }
-/*
- * Remove all interfaces, may only be called at hardware unregistration
- * time because it doesn't do RCU-safe list removals.
- */
 void ieee80211_remove_interfaces(struct ieee80211_local *local)
 {
        struct ieee80211_sub_if_data *sdata, *tmp;
@@ -1875,14 +1871,21 @@ void ieee80211_remove_interfaces(struct ieee80211_local *local)
        ASSERT_RTNL();
-        /*
+        /* Before destroying the interfaces, make sure they're all stopped so
-         * Close all AP_VLAN interfaces first, as otherwise they
+         * that the hardware is stopped. Otherwise, the driver might still be
-         * might be closed while the AP interface they belong to
+         * iterating the interfaces during the shutdown, e.g. from a worker
-         * is closed, causing unregister_netdevice_many() to crash.
+         * or from RX processing or similar, and if it does so (using atomic
+         * iteration) while we're manipulating the list, the iteration will
+         * crash.
+         *
+         * After this, the hardware should be stopped and the driver should
+         * have stopped all of its activities, so that we can do RCU-unaware
+         * manipulations of the interface list below.
         */
-        list_for_each_entry(sdata, &local->interfaces, list)
+        cfg80211_shutdown_all_interfaces(local->hw.wiphy);
-                if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
-                        dev_close(sdata->dev);
+        WARN(local->open_count, "%s: open count remains %d\n",
+             wiphy_name(local->hw.wiphy), local->open_count);
        mutex_lock(&local->iflist_mtx);
        list_for_each_entry_safe(sdata, tmp, &local->interfaces, list) {
diff --git a/net/mac80211/mesh_plink.c b/net/mac80211/mesh_plink.c
index 5438d13e2f00..3b59099413fb 100644
--- a/net/mac80211/mesh_plink.c
+++ b/net/mac80211/mesh_plink.c
@@ -306,7 +306,7 @@ static int mesh_plink_frame_tx(struct ieee80211_sub_if_data *sdata,
                if (action == WLAN_SP_MESH_PEERING_CONFIRM) {
                        /* AID */
                        pos = skb_put(skb, 2);
-                        put_unaligned_le16(plid, pos + 2);
+                        put_unaligned_le16(plid, pos);
                }
                if (ieee80211_add_srates_ie(sdata, skb, true, band) ||
                    ieee80211_add_ext_srates_ie(sdata, skb, true, band) ||
@@ -1122,6 +1122,9 @@ void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata,
                                                WLAN_SP_MESH_PEERING_CONFIRM) {
                baseaddr += 4;
                baselen += 4;
+                if (baselen > len)
+                        return;
        }
        ieee802_11_parse_elems(baseaddr, len - baselen, true, &elems);
        mesh_process_plink_frame(sdata, mgmt, &elems);
diff --git a/net/mac80211/pm.c b/net/mac80211/pm.c
index 06b60980c62c..b676b9fa707b 100644
--- a/net/mac80211/pm.c
+++ b/net/mac80211/pm.c
@@ -76,6 +76,22 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan)
                        if (sdata->vif.type != NL80211_IFTYPE_STATION)
                                continue;
                        ieee80211_mgd_quiesce(sdata);
+                        /* If suspended during TX in progress, and wowlan
+                         * is enabled (connection will be active) there
+                         * can be a race where the driver is put out
+                         * of power-save due to TX and during suspend
+                         * dynamic_ps_timer is cancelled and TX packet
+                         * is flushed, leaving the driver in ACTIVE even
+                         * after resuming until dynamic_ps_timer puts
+                         * driver back in DOZE.
+                         */
+                        if (sdata->u.mgd.associated &&
+                            sdata->u.mgd.powersave &&
+                             !(local->hw.conf.flags & IEEE80211_CONF_PS)) {
+                                local->hw.conf.flags |= IEEE80211_CONF_PS;
+                                ieee80211_hw_config(local,
+                                                    IEEE80211_CONF_CHANGE_PS);
+                        }
                }
                err = drv_suspend(local, wowlan);
diff --git a/net/mac80211/tdls.c b/net/mac80211/tdls.c
index ad31b2dab4f5..8db6e2994bbc 100644
--- a/net/mac80211/tdls.c
+++ b/net/mac80211/tdls.c
@@ -60,6 +60,7 @@ ieee80211_tdls_add_subband(struct ieee80211_sub_if_data *sdata,
        struct ieee80211_channel *ch;
        struct cfg80211_chan_def chandef;
        int i, subband_start;
+        struct wiphy *wiphy = sdata->local->hw.wiphy;
        for (i = start; i <= end; i += spacing) {
                if (!ch_cnt)
@@ -70,9 +71,8 @@ ieee80211_tdls_add_subband(struct ieee80211_sub_if_data *sdata,
                        /* we will be active on the channel */
                        cfg80211_chandef_create(&chandef, ch,
                                                NL80211_CHAN_NO_HT);
-                        if (cfg80211_reg_can_beacon(sdata->local->hw.wiphy,
+                        if (cfg80211_reg_can_beacon_relax(wiphy, &chandef,
-                                                    &chandef,
+                                                          sdata->wdev.iftype)) {
-                                                    sdata->wdev.iftype)) {
                                ch_cnt++;
                                /*
                                 * check if the next channel is also part of
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index 8410bb3bf5e8..b8233505bf9f 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -1117,7 +1117,9 @@ static bool ieee80211_tx_prep_agg(struct ieee80211_tx_data *tx,
                        queued = true;
                        info->control.vif = &tx->sdata->vif;
                        info->flags |= IEEE80211_TX_INTFL_NEED_TXPROCESSING;
-                        info->flags &= ~IEEE80211_TX_TEMPORARY_FLAGS;
+                        info->flags &= ~IEEE80211_TX_TEMPORARY_FLAGS |
+                                        IEEE80211_TX_CTL_NO_PS_BUFFER |
+                                        IEEE80211_TX_STATUS_EOSP;
                        __skb_queue_tail(&tid_tx->pending, skb);
                        if (skb_queue_len(&tid_tx->pending) > STA_MAX_TX_BUFFER)
                                purge_skb = __skb_dequeue(&tid_tx->pending);
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index 9a0ae7172f92..d8e2e3918ce2 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -357,25 +357,52 @@ err1:
        return NULL;
 }
+static void
+__netlink_set_ring(struct sock *sk, struct nl_mmap_req *req, bool tx_ring, void **pg_vec,
+                   unsigned int order)
+{
+        struct netlink_sock *nlk = nlk_sk(sk);
+        struct sk_buff_head *queue;
+        struct netlink_ring *ring;
+        queue = tx_ring ? &sk->sk_write_queue : &sk->sk_receive_queue;
+        ring  = tx_ring ? &nlk->tx_ring : &nlk->rx_ring;
+        spin_lock_bh(&queue->lock);
+        ring->frame_max         = req->nm_frame_nr - 1;
+        ring->head              = 0;
+        ring->frame_size        = req->nm_frame_size;
+        ring->pg_vec_pages      = req->nm_block_size / PAGE_SIZE;
+        swap(ring->pg_vec_len, req->nm_block_nr);
+        swap(ring->pg_vec_order, order);
+        swap(ring->pg_vec, pg_vec);
+        __skb_queue_purge(queue);
+        spin_unlock_bh(&queue->lock);
+        WARN_ON(atomic_read(&nlk->mapped));
+        if (pg_vec)
+                free_pg_vec(pg_vec, order, req->nm_block_nr);
+}
 static int netlink_set_ring(struct sock *sk, struct nl_mmap_req *req,
-                            bool closing, bool tx_ring)
+                            bool tx_ring)
 {
        struct netlink_sock *nlk = nlk_sk(sk);
        struct netlink_ring *ring;
-        struct sk_buff_head *queue;
        void **pg_vec = NULL;
        unsigned int order = 0;
-        int err;
        ring  = tx_ring ? &nlk->tx_ring : &nlk->rx_ring;
-        queue = tx_ring ? &sk->sk_write_queue : &sk->sk_receive_queue;
-        if (!closing) {
+        if (atomic_read(&nlk->mapped))
-                if (atomic_read(&nlk->mapped))
+                return -EBUSY;
-                        return -EBUSY;
+        if (atomic_read(&ring->pending))
-                if (atomic_read(&ring->pending))
+                return -EBUSY;
-                        return -EBUSY;
-        }
        if (req->nm_block_nr) {
                if (ring->pg_vec != NULL)
@@ -407,31 +434,19 @@ static int netlink_set_ring(struct sock *sk, struct nl_mmap_req *req,
                        return -EINVAL;
        }
-        err = -EBUSY;
        mutex_lock(&nlk->pg_vec_lock);
-        if (closing || atomic_read(&nlk->mapped) == 0) {
+        if (atomic_read(&nlk->mapped) == 0) {
-                err = 0;
+                __netlink_set_ring(sk, req, tx_ring, pg_vec, order);
-                spin_lock_bh(&queue->lock);
+                mutex_unlock(&nlk->pg_vec_lock);
+                return 0;
-                ring->frame_max         = req->nm_frame_nr - 1;
-                ring->head              = 0;
-                ring->frame_size        = req->nm_frame_size;
-                ring->pg_vec_pages      = req->nm_block_size / PAGE_SIZE;
-                swap(ring->pg_vec_len, req->nm_block_nr);
-                swap(ring->pg_vec_order, order);
-                swap(ring->pg_vec, pg_vec);
-                __skb_queue_purge(queue);
-                spin_unlock_bh(&queue->lock);
-                WARN_ON(atomic_read(&nlk->mapped));
        }
        mutex_unlock(&nlk->pg_vec_lock);
        if (pg_vec)
                free_pg_vec(pg_vec, order, req->nm_block_nr);
-        return err;
+        return -EBUSY;
 }
 static void netlink_mm_open(struct vm_area_struct *vma)
@@ -900,10 +915,10 @@ static void netlink_sock_destruct(struct sock *sk)
                memset(&req, 0, sizeof(req));
                if (nlk->rx_ring.pg_vec)
-                        netlink_set_ring(sk, &req, true, false);
+                        __netlink_set_ring(sk, &req, false, NULL, 0);
                memset(&req, 0, sizeof(req));
                if (nlk->tx_ring.pg_vec)
-                        netlink_set_ring(sk, &req, true, true);
+                        __netlink_set_ring(sk, &req, true, NULL, 0);
        }
 #endif /* CONFIG_NETLINK_MMAP */
@@ -2223,7 +2238,7 @@ static int netlink_setsockopt(struct socket *sock, int level, int optname,
                        return -EINVAL;
                if (copy_from_user(&req, optval, sizeof(req)))
                        return -EFAULT;
-                err = netlink_set_ring(sk, &req, false,
+                err = netlink_set_ring(sk, &req,
                                       optname == NETLINK_TX_RING);
                break;
        }
diff --git a/net/openvswitch/flow_table.c b/net/openvswitch/flow_table.c
index 4613df8c8290..65523948fb95 100644
--- a/net/openvswitch/flow_table.c
+++ b/net/openvswitch/flow_table.c
@@ -752,7 +752,7 @@ int ovs_flow_init(void)
        BUILD_BUG_ON(sizeof(struct sw_flow_key) % sizeof(long));
        flow_cache = kmem_cache_create("sw_flow", sizeof(struct sw_flow)
-                                       + (num_possible_nodes()
+                                       + (nr_node_ids
                                          * sizeof(struct flow_stats *)),
                                       0, 0, NULL);
        if (flow_cache == NULL)
diff --git a/net/sched/act_bpf.c b/net/sched/act_bpf.c
index 1d56903fd4c7..1df78289e248 100644
--- a/net/sched/act_bpf.c
+++ b/net/sched/act_bpf.c
@@ -339,6 +339,9 @@ static void tcf_bpf_cleanup(struct tc_action *act, int bind)
                bpf_prog_put(prog->filter);
        else
                bpf_prog_destroy(prog->filter);
+        kfree(prog->bpf_ops);
+        kfree(prog->bpf_name);
 }
 static struct tc_action_ops act_bpf_ops __read_mostly = {
diff --git a/net/sched/cls_bpf.c b/net/sched/cls_bpf.c
index c79ecfd36e0f..e5168f8b9640 100644
--- a/net/sched/cls_bpf.c
+++ b/net/sched/cls_bpf.c
@@ -378,7 +378,7 @@ static int cls_bpf_change(struct net *net, struct sk_buff *in_skb,
                goto errout;
        if (oldprog) {
-                list_replace_rcu(&prog->link, &oldprog->link);
+                list_replace_rcu(&oldprog->link, &prog->link);
                tcf_unbind_filter(tp, &oldprog->res);
                call_rcu(&oldprog->rcu, __cls_bpf_delete_prog);
        } else {
diff --git a/net/sched/cls_flow.c b/net/sched/cls_flow.c
index 76bc3a20ffdb..bb2a0f529c1f 100644
--- a/net/sched/cls_flow.c
+++ b/net/sched/cls_flow.c
@@ -425,6 +425,8 @@ static int flow_change(struct net *net, struct sk_buff *in_skb,
        if (!fnew)
                goto err2;
+        tcf_exts_init(&fnew->exts, TCA_FLOW_ACT, TCA_FLOW_POLICE);
        fold = (struct flow_filter *)*arg;
        if (fold) {
                err = -EINVAL;
@@ -486,7 +488,6 @@ static int flow_change(struct net *net, struct sk_buff *in_skb,
                fnew->mask  = ~0U;
                fnew->tp = tp;
                get_random_bytes(&fnew->hashrnd, 4);
-                tcf_exts_init(&fnew->exts, TCA_FLOW_ACT, TCA_FLOW_POLICE);
        }
        fnew->perturb_timer.function = flow_perturbation;
@@ -526,7 +527,7 @@ static int flow_change(struct net *net, struct sk_buff *in_skb,
        if (*arg == 0)
                list_add_tail_rcu(&fnew->list, &head->filters);
        else
-                list_replace_rcu(&fnew->list, &fold->list);
+                list_replace_rcu(&fold->list, &fnew->list);
        *arg = (unsigned long)fnew;
diff --git a/net/sched/cls_flower.c b/net/sched/cls_flower.c
index 9d37ccd95062..2f3d03f99487 100644
--- a/net/sched/cls_flower.c
+++ b/net/sched/cls_flower.c
@@ -499,7 +499,7 @@ static int fl_change(struct net *net, struct sk_buff *in_skb,
        *arg = (unsigned long) fnew;
        if (fold) {
-                list_replace_rcu(&fnew->list, &fold->list);
+                list_replace_rcu(&fold->list, &fnew->list);
                tcf_unbind_filter(tp, &fold->res);
                call_rcu(&fold->rcu, fl_destroy_filter);
        } else {
diff --git a/net/sched/sch_fq_codel.c b/net/sched/sch_fq_codel.c
index d75993f89fac..21ca33c9f036 100644
--- a/net/sched/sch_fq_codel.c
+++ b/net/sched/sch_fq_codel.c
@@ -155,14 +155,23 @@ static unsigned int fq_codel_drop(struct Qdisc *sch)
        skb = dequeue_head(flow);
        len = qdisc_pkt_len(skb);
        q->backlogs[idx] -= len;
-        kfree_skb(skb);
        sch->q.qlen--;
        qdisc_qstats_drop(sch);
        qdisc_qstats_backlog_dec(sch, skb);
+        kfree_skb(skb);
        flow->dropped++;
        return idx;
 }
+static unsigned int fq_codel_qdisc_drop(struct Qdisc *sch)
+{
+        unsigned int prev_backlog;
+        prev_backlog = sch->qstats.backlog;
+        fq_codel_drop(sch);
+        return prev_backlog - sch->qstats.backlog;
+}
 static int fq_codel_enqueue(struct sk_buff *skb, struct Qdisc *sch)
 {
        struct fq_codel_sched_data *q = qdisc_priv(sch);
@@ -604,7 +613,7 @@ static struct Qdisc_ops fq_codel_qdisc_ops __read_mostly = {
        .enqueue        =       fq_codel_enqueue,
        .dequeue        =       fq_codel_dequeue,
        .peek           =       qdisc_peek_dequeued,
-        .drop           =       fq_codel_drop,
+        .drop           =       fq_codel_qdisc_drop,
        .init           =       fq_codel_init,
        .reset          =       fq_codel_reset,
        .destroy        =       fq_codel_destroy,
diff --git a/net/sched/sch_sfq.c b/net/sched/sch_sfq.c
index 7d1492663360..52f75a5473e1 100644
--- a/net/sched/sch_sfq.c
+++ b/net/sched/sch_sfq.c
@@ -306,10 +306,10 @@ drop:
                len = qdisc_pkt_len(skb);
                slot->backlog -= len;
                sfq_dec(q, x);
-                kfree_skb(skb);
                sch->q.qlen--;
                qdisc_qstats_drop(sch);
                qdisc_qstats_backlog_dec(sch, skb);
+                kfree_skb(skb);
                return len;
        }
diff --git a/net/wireless/chan.c b/net/wireless/chan.c
index 915b328b9ac5..59cabc9bce69 100644
--- a/net/wireless/chan.c
+++ b/net/wireless/chan.c
@@ -797,23 +797,18 @@ static bool cfg80211_ir_permissive_chan(struct wiphy *wiphy,
        return false;
 }
-bool cfg80211_reg_can_beacon(struct wiphy *wiphy,
+static bool _cfg80211_reg_can_beacon(struct wiphy *wiphy,
-                             struct cfg80211_chan_def *chandef,
+                                     struct cfg80211_chan_def *chandef,
-                             enum nl80211_iftype iftype)
+                                     enum nl80211_iftype iftype,
+                                     bool check_no_ir)
 {
        bool res;
        u32 prohibited_flags = IEEE80211_CHAN_DISABLED |
                               IEEE80211_CHAN_RADAR;
-        trace_cfg80211_reg_can_beacon(wiphy, chandef, iftype);
+        trace_cfg80211_reg_can_beacon(wiphy, chandef, iftype, check_no_ir);
-        /*
+        if (check_no_ir)
-         * Under certain conditions suggested by some regulatory bodies a
-         * GO/STA can IR on channels marked with IEEE80211_NO_IR. Set this flag
-         * only if such relaxations are not enabled and the conditions are not
-         * met.
-         */
-        if (!cfg80211_ir_permissive_chan(wiphy, iftype, chandef->chan))
                prohibited_flags |= IEEE80211_CHAN_NO_IR;
        if (cfg80211_chandef_dfs_required(wiphy, chandef, iftype) > 0 &&
@@ -827,8 +822,36 @@ bool cfg80211_reg_can_beacon(struct wiphy *wiphy,
        trace_cfg80211_return_bool(res);
        return res;
 }
+bool cfg80211_reg_can_beacon(struct wiphy *wiphy,
+                             struct cfg80211_chan_def *chandef,
+                             enum nl80211_iftype iftype)
+{
+        return _cfg80211_reg_can_beacon(wiphy, chandef, iftype, true);
+}
 EXPORT_SYMBOL(cfg80211_reg_can_beacon);
+bool cfg80211_reg_can_beacon_relax(struct wiphy *wiphy,
+                                   struct cfg80211_chan_def *chandef,
+                                   enum nl80211_iftype iftype)
+{
+        bool check_no_ir;
+        ASSERT_RTNL();
+        /*
+         * Under certain conditions suggested by some regulatory bodies a
+         * GO/STA can IR on channels marked with IEEE80211_NO_IR. Set this flag
+         * only if such relaxations are not enabled and the conditions are not
+         * met.
+         */
+        check_no_ir = !cfg80211_ir_permissive_chan(wiphy, iftype,
+                                                   chandef->chan);
+        return _cfg80211_reg_can_beacon(wiphy, chandef, iftype, check_no_ir);
+}
+EXPORT_SYMBOL(cfg80211_reg_can_beacon_relax);
 int cfg80211_set_monitor_channel(struct cfg80211_registered_device *rdev,
                                 struct cfg80211_chan_def *chandef)
 {
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index c264effd00a6..76b41578a838 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -2003,7 +2003,8 @@ static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
        switch (iftype) {
        case NL80211_IFTYPE_AP:
        case NL80211_IFTYPE_P2P_GO:
-                if (!cfg80211_reg_can_beacon(&rdev->wiphy, &chandef, iftype)) {
+                if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
+                                                   iftype)) {
                        result = -EINVAL;
                        break;
                }
@@ -3403,8 +3404,8 @@ static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
        } else if (!nl80211_get_ap_channel(rdev, &params))
                return -EINVAL;
-        if (!cfg80211_reg_can_beacon(&rdev->wiphy, &params.chandef,
+        if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &params.chandef,
-                                     wdev->iftype))
+                                           wdev->iftype))
                return -EINVAL;
        if (info->attrs[NL80211_ATTR_ACL_POLICY]) {
@@ -6492,8 +6493,8 @@ skip_beacons:
        if (err)
                return err;
-        if (!cfg80211_reg_can_beacon(&rdev->wiphy, &params.chandef,
+        if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &params.chandef,
-                                     wdev->iftype))
+                                           wdev->iftype))
                return -EINVAL;
        err = cfg80211_chandef_dfs_required(wdev->wiphy,
@@ -10170,7 +10171,8 @@ static int nl80211_tdls_channel_switch(struct sk_buff *skb,
                return -EINVAL;
        /* we will be active on the TDLS link */
-        if (!cfg80211_reg_can_beacon(&rdev->wiphy, &chandef, wdev->iftype))
+        if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
+                                           wdev->iftype))
                return -EINVAL;
        /* don't allow switching to DFS channels */
diff --git a/net/wireless/reg.c b/net/wireless/reg.c
index d359e0610198..aa2d75482017 100644
--- a/net/wireless/reg.c
+++ b/net/wireless/reg.c
@@ -544,15 +544,15 @@ static int call_crda(const char *alpha2)
        reg_regdb_query(alpha2);
        if (reg_crda_timeouts > REG_MAX_CRDA_TIMEOUTS) {
-                pr_info("Exceeded CRDA call max attempts. Not calling CRDA\n");
+                pr_debug("Exceeded CRDA call max attempts. Not calling CRDA\n");
                return -EINVAL;
        }
        if (!is_world_regdom((char *) alpha2))
-                pr_info("Calling CRDA for country: %c%c\n",
+                pr_debug("Calling CRDA for country: %c%c\n",
                        alpha2[0], alpha2[1]);
        else
-                pr_info("Calling CRDA to update world regulatory domain\n");
+                pr_debug("Calling CRDA to update world regulatory domain\n");
        return kobject_uevent_env(&reg_pdev->dev.kobj, KOBJ_CHANGE, env);
 }
@@ -1589,7 +1589,7 @@ static bool reg_wdev_chan_valid(struct wiphy *wiphy, struct wireless_dev *wdev)
        case NL80211_IFTYPE_AP:
        case NL80211_IFTYPE_P2P_GO:
        case NL80211_IFTYPE_ADHOC:
-                return cfg80211_reg_can_beacon(wiphy, &chandef, iftype);
+                return cfg80211_reg_can_beacon_relax(wiphy, &chandef, iftype);
        case NL80211_IFTYPE_STATION:
        case NL80211_IFTYPE_P2P_CLIENT:
                return cfg80211_chandef_usable(wiphy, &chandef,
diff --git a/net/wireless/trace.h b/net/wireless/trace.h
index af3617c9879e..a808279a432a 100644
--- a/net/wireless/trace.h
+++ b/net/wireless/trace.h
@@ -2358,20 +2358,23 @@ TRACE_EVENT(cfg80211_cqm_rssi_notify,
 TRACE_EVENT(cfg80211_reg_can_beacon,
        TP_PROTO(struct wiphy *wiphy, struct cfg80211_chan_def *chandef,
-                 enum nl80211_iftype iftype),
+                 enum nl80211_iftype iftype, bool check_no_ir),
-        TP_ARGS(wiphy, chandef, iftype),
+        TP_ARGS(wiphy, chandef, iftype, check_no_ir),
        TP_STRUCT__entry(
                WIPHY_ENTRY
                CHAN_DEF_ENTRY
                __field(enum nl80211_iftype, iftype)
+                __field(bool, check_no_ir)
        ),
        TP_fast_assign(
                WIPHY_ASSIGN;
                CHAN_DEF_ASSIGN(chandef);
                __entry->iftype = iftype;
+                __entry->check_no_ir = check_no_ir;
        ),
-        TP_printk(WIPHY_PR_FMT ", " CHAN_DEF_PR_FMT ", iftype=%d",
+        TP_printk(WIPHY_PR_FMT ", " CHAN_DEF_PR_FMT ", iftype=%d check_no_ir=%s",
-                  WIPHY_PR_ARG, CHAN_DEF_PR_ARG, __entry->iftype)
+                  WIPHY_PR_ARG, CHAN_DEF_PR_ARG, __entry->iftype,
+                  BOOL_TO_STR(__entry->check_no_ir))
 );
 TRACE_EVENT(cfg80211_chandef_dfs_required,
author	Linus Torvalds <torvalds@linux-foundation.org>	2015-07-22 17:45:25 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2015-07-22 17:45:25 -0400
commit	c5dfd654d0ec0a28fe81e7bd4d4fd984a9855e09 (patch)
tree	3ea7bba549fd342b10a56e76626e83c05dabc3bf /net
parent	5a5ca73ac0a73c876b62858f0753a25ee430e370 (diff)
parent	d8b48911fd249bc1a3431a9515619403c96d6af3 (diff)