aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorH. Peter Anvin <hpa@zytor.com>2009-08-25 18:40:29 -0400
committerH. Peter Anvin <hpa@zytor.com>2009-08-25 18:40:29 -0400
commite8a2eb47e6ca03d4a4f98f0beef73720c5dddc0c (patch)
tree31c4d7718111abddfaaa8d3fb14ab4a7e2554cd9 /net
parent8b5a10fc6fd02289ea03480f93382b1a99006142 (diff)
parentc62e43202e7cf50ca24bce58b255df7bf5de69d0 (diff)
Merge commit 'origin/x86/urgent' into x86/asm
Diffstat (limited to 'net')
-rw-r--r--net/9p/client.c13
-rw-r--r--net/bluetooth/rfcomm/core.c27
-rw-r--r--net/bluetooth/rfcomm/sock.c2
-rw-r--r--net/bridge/br_if.c2
-rw-r--r--net/can/bcm.c4
-rw-r--r--net/can/raw.c4
-rw-r--r--net/core/dev.c23
-rw-r--r--net/core/net_namespace.c2
-rw-r--r--net/core/sock.c22
-rw-r--r--net/dccp/proto.c4
-rw-r--r--net/ipv4/arp.c4
-rw-r--r--net/ipv4/tcp_ipv4.c3
-rw-r--r--net/ipv4/tcp_output.c2
-rw-r--r--net/ipv6/tcp_ipv6.c3
-rw-r--r--net/irda/irttp.c1
-rw-r--r--net/mac80211/Kconfig1
-rw-r--r--net/mac80211/mesh_pathtbl.c11
-rw-r--r--net/mac80211/mlme.c2
-rw-r--r--net/mac80211/pm.c24
-rw-r--r--net/mac80211/rx.c12
-rw-r--r--net/mac80211/tx.c2
-rw-r--r--net/netfilter/nf_conntrack_core.c21
-rw-r--r--net/netfilter/xt_osf.c5
-rw-r--r--net/netlabel/netlabel_kapi.c2
-rw-r--r--net/rfkill/core.c31
-rw-r--r--net/rose/af_rose.c18
-rw-r--r--net/rose/rose_route.c23
-rw-r--r--net/socket.c2
-rw-r--r--net/wireless/nl80211.c5
-rw-r--r--net/wireless/reg.c9
-rw-r--r--net/wireless/reg.h3
-rw-r--r--net/wireless/scan.c7
32 files changed, 197 insertions, 97 deletions
diff --git a/net/9p/client.c b/net/9p/client.c
index dd43a8289b0d..787ccddb85ea 100644
--- a/net/9p/client.c
+++ b/net/9p/client.c
@@ -117,9 +117,6 @@ static int parse_opts(char *opts, struct p9_client *clnt)
117 } 117 }
118 } 118 }
119 119
120 if (!clnt->trans_mod)
121 clnt->trans_mod = v9fs_get_default_trans();
122
123 kfree(options); 120 kfree(options);
124 return ret; 121 return ret;
125} 122}
@@ -689,6 +686,9 @@ struct p9_client *p9_client_create(const char *dev_name, char *options)
689 if (err < 0) 686 if (err < 0)
690 goto error; 687 goto error;
691 688
689 if (!clnt->trans_mod)
690 clnt->trans_mod = v9fs_get_default_trans();
691
692 if (clnt->trans_mod == NULL) { 692 if (clnt->trans_mod == NULL) {
693 err = -EPROTONOSUPPORT; 693 err = -EPROTONOSUPPORT;
694 P9_DPRINTK(P9_DEBUG_ERROR, 694 P9_DPRINTK(P9_DEBUG_ERROR,
@@ -1098,7 +1098,6 @@ p9_client_read(struct p9_fid *fid, char *data, char __user *udata, u64 offset,
1098 1098
1099 if (data) { 1099 if (data) {
1100 memmove(data, dataptr, count); 1100 memmove(data, dataptr, count);
1101 data += count;
1102 } 1101 }
1103 1102
1104 if (udata) { 1103 if (udata) {
@@ -1192,9 +1191,9 @@ struct p9_wstat *p9_client_stat(struct p9_fid *fid)
1192 1191
1193 err = p9pdu_readf(req->rc, clnt->dotu, "wS", &ignored, ret); 1192 err = p9pdu_readf(req->rc, clnt->dotu, "wS", &ignored, ret);
1194 if (err) { 1193 if (err) {
1195 ret = ERR_PTR(err);
1196 p9pdu_dump(1, req->rc); 1194 p9pdu_dump(1, req->rc);
1197 goto free_and_error; 1195 p9_free_req(clnt, req);
1196 goto error;
1198 } 1197 }
1199 1198
1200 P9_DPRINTK(P9_DEBUG_9P, 1199 P9_DPRINTK(P9_DEBUG_9P,
@@ -1211,8 +1210,6 @@ struct p9_wstat *p9_client_stat(struct p9_fid *fid)
1211 p9_free_req(clnt, req); 1210 p9_free_req(clnt, req);
1212 return ret; 1211 return ret;
1213 1212
1214free_and_error:
1215 p9_free_req(clnt, req);
1216error: 1213error:
1217 kfree(ret); 1214 kfree(ret);
1218 return ERR_PTR(err); 1215 return ERR_PTR(err);
diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c
index e50566ebf9f9..94b3388c188b 100644
--- a/net/bluetooth/rfcomm/core.c
+++ b/net/bluetooth/rfcomm/core.c
@@ -2080,28 +2080,41 @@ static CLASS_ATTR(rfcomm_dlc, S_IRUGO, rfcomm_dlc_sysfs_show, NULL);
2080/* ---- Initialization ---- */ 2080/* ---- Initialization ---- */
2081static int __init rfcomm_init(void) 2081static int __init rfcomm_init(void)
2082{ 2082{
2083 int ret;
2084
2083 l2cap_load(); 2085 l2cap_load();
2084 2086
2085 hci_register_cb(&rfcomm_cb); 2087 hci_register_cb(&rfcomm_cb);
2086 2088
2087 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd"); 2089 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2088 if (IS_ERR(rfcomm_thread)) { 2090 if (IS_ERR(rfcomm_thread)) {
2089 hci_unregister_cb(&rfcomm_cb); 2091 ret = PTR_ERR(rfcomm_thread);
2090 return PTR_ERR(rfcomm_thread); 2092 goto out_thread;
2091 } 2093 }
2092 2094
2093 if (class_create_file(bt_class, &class_attr_rfcomm_dlc) < 0) 2095 if (class_create_file(bt_class, &class_attr_rfcomm_dlc) < 0)
2094 BT_ERR("Failed to create RFCOMM info file"); 2096 BT_ERR("Failed to create RFCOMM info file");
2095 2097
2096 rfcomm_init_sockets(); 2098 ret = rfcomm_init_ttys();
2099 if (ret)
2100 goto out_tty;
2097 2101
2098#ifdef CONFIG_BT_RFCOMM_TTY 2102 ret = rfcomm_init_sockets();
2099 rfcomm_init_ttys(); 2103 if (ret)
2100#endif 2104 goto out_sock;
2101 2105
2102 BT_INFO("RFCOMM ver %s", VERSION); 2106 BT_INFO("RFCOMM ver %s", VERSION);
2103 2107
2104 return 0; 2108 return 0;
2109
2110out_sock:
2111 rfcomm_cleanup_ttys();
2112out_tty:
2113 kthread_stop(rfcomm_thread);
2114out_thread:
2115 hci_unregister_cb(&rfcomm_cb);
2116
2117 return ret;
2105} 2118}
2106 2119
2107static void __exit rfcomm_exit(void) 2120static void __exit rfcomm_exit(void)
@@ -2112,9 +2125,7 @@ static void __exit rfcomm_exit(void)
2112 2125
2113 kthread_stop(rfcomm_thread); 2126 kthread_stop(rfcomm_thread);
2114 2127
2115#ifdef CONFIG_BT_RFCOMM_TTY
2116 rfcomm_cleanup_ttys(); 2128 rfcomm_cleanup_ttys();
2117#endif
2118 2129
2119 rfcomm_cleanup_sockets(); 2130 rfcomm_cleanup_sockets();
2120} 2131}
diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c
index 7f482784e9f7..0b85e8116859 100644
--- a/net/bluetooth/rfcomm/sock.c
+++ b/net/bluetooth/rfcomm/sock.c
@@ -1132,7 +1132,7 @@ error:
1132 return err; 1132 return err;
1133} 1133}
1134 1134
1135void __exit rfcomm_cleanup_sockets(void) 1135void rfcomm_cleanup_sockets(void)
1136{ 1136{
1137 class_remove_file(bt_class, &class_attr_rfcomm); 1137 class_remove_file(bt_class, &class_attr_rfcomm);
1138 1138
diff --git a/net/bridge/br_if.c b/net/bridge/br_if.c
index 8a96672e2c5c..eb404dc3ed6e 100644
--- a/net/bridge/br_if.c
+++ b/net/bridge/br_if.c
@@ -424,7 +424,7 @@ int br_add_if(struct net_bridge *br, struct net_device *dev)
424err2: 424err2:
425 br_fdb_delete_by_port(br, p, 1); 425 br_fdb_delete_by_port(br, p, 1);
426err1: 426err1:
427 kobject_del(&p->kobj); 427 kobject_put(&p->kobj);
428err0: 428err0:
429 dev_set_promiscuity(dev, -1); 429 dev_set_promiscuity(dev, -1);
430put_back: 430put_back:
diff --git a/net/can/bcm.c b/net/can/bcm.c
index 95d7f32643ae..72720c710351 100644
--- a/net/can/bcm.c
+++ b/net/can/bcm.c
@@ -75,6 +75,7 @@ static __initdata const char banner[] = KERN_INFO
75MODULE_DESCRIPTION("PF_CAN broadcast manager protocol"); 75MODULE_DESCRIPTION("PF_CAN broadcast manager protocol");
76MODULE_LICENSE("Dual BSD/GPL"); 76MODULE_LICENSE("Dual BSD/GPL");
77MODULE_AUTHOR("Oliver Hartkopp <oliver.hartkopp@volkswagen.de>"); 77MODULE_AUTHOR("Oliver Hartkopp <oliver.hartkopp@volkswagen.de>");
78MODULE_ALIAS("can-proto-2");
78 79
79/* easy access to can_frame payload */ 80/* easy access to can_frame payload */
80static inline u64 GET_U64(const struct can_frame *cp) 81static inline u64 GET_U64(const struct can_frame *cp)
@@ -1469,6 +1470,9 @@ static int bcm_release(struct socket *sock)
1469 bo->ifindex = 0; 1470 bo->ifindex = 0;
1470 } 1471 }
1471 1472
1473 sock_orphan(sk);
1474 sock->sk = NULL;
1475
1472 release_sock(sk); 1476 release_sock(sk);
1473 sock_put(sk); 1477 sock_put(sk);
1474 1478
diff --git a/net/can/raw.c b/net/can/raw.c
index 6aa154e806ae..f4cc44548bda 100644
--- a/net/can/raw.c
+++ b/net/can/raw.c
@@ -62,6 +62,7 @@ static __initdata const char banner[] =
62MODULE_DESCRIPTION("PF_CAN raw protocol"); 62MODULE_DESCRIPTION("PF_CAN raw protocol");
63MODULE_LICENSE("Dual BSD/GPL"); 63MODULE_LICENSE("Dual BSD/GPL");
64MODULE_AUTHOR("Urs Thuermann <urs.thuermann@volkswagen.de>"); 64MODULE_AUTHOR("Urs Thuermann <urs.thuermann@volkswagen.de>");
65MODULE_ALIAS("can-proto-1");
65 66
66#define MASK_ALL 0 67#define MASK_ALL 0
67 68
@@ -306,6 +307,9 @@ static int raw_release(struct socket *sock)
306 ro->bound = 0; 307 ro->bound = 0;
307 ro->count = 0; 308 ro->count = 0;
308 309
310 sock_orphan(sk);
311 sock->sk = NULL;
312
309 release_sock(sk); 313 release_sock(sk);
310 sock_put(sk); 314 sock_put(sk);
311 315
diff --git a/net/core/dev.c b/net/core/dev.c
index 70c27e0c7c32..6a94475aee85 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -3865,10 +3865,12 @@ int dev_unicast_delete(struct net_device *dev, void *addr)
3865 3865
3866 ASSERT_RTNL(); 3866 ASSERT_RTNL();
3867 3867
3868 netif_addr_lock_bh(dev);
3868 err = __hw_addr_del(&dev->uc, addr, dev->addr_len, 3869 err = __hw_addr_del(&dev->uc, addr, dev->addr_len,
3869 NETDEV_HW_ADDR_T_UNICAST); 3870 NETDEV_HW_ADDR_T_UNICAST);
3870 if (!err) 3871 if (!err)
3871 __dev_set_rx_mode(dev); 3872 __dev_set_rx_mode(dev);
3873 netif_addr_unlock_bh(dev);
3872 return err; 3874 return err;
3873} 3875}
3874EXPORT_SYMBOL(dev_unicast_delete); 3876EXPORT_SYMBOL(dev_unicast_delete);
@@ -3889,10 +3891,12 @@ int dev_unicast_add(struct net_device *dev, void *addr)
3889 3891
3890 ASSERT_RTNL(); 3892 ASSERT_RTNL();
3891 3893
3894 netif_addr_lock_bh(dev);
3892 err = __hw_addr_add(&dev->uc, addr, dev->addr_len, 3895 err = __hw_addr_add(&dev->uc, addr, dev->addr_len,
3893 NETDEV_HW_ADDR_T_UNICAST); 3896 NETDEV_HW_ADDR_T_UNICAST);
3894 if (!err) 3897 if (!err)
3895 __dev_set_rx_mode(dev); 3898 __dev_set_rx_mode(dev);
3899 netif_addr_unlock_bh(dev);
3896 return err; 3900 return err;
3897} 3901}
3898EXPORT_SYMBOL(dev_unicast_add); 3902EXPORT_SYMBOL(dev_unicast_add);
@@ -3949,7 +3953,8 @@ void __dev_addr_unsync(struct dev_addr_list **to, int *to_count,
3949 * @from: source device 3953 * @from: source device
3950 * 3954 *
3951 * Add newly added addresses to the destination device and release 3955 * Add newly added addresses to the destination device and release
3952 * addresses that have no users left. 3956 * addresses that have no users left. The source device must be
3957 * locked by netif_tx_lock_bh.
3953 * 3958 *
3954 * This function is intended to be called from the dev->set_rx_mode 3959 * This function is intended to be called from the dev->set_rx_mode
3955 * function of layered software devices. 3960 * function of layered software devices.
@@ -3958,14 +3963,14 @@ int dev_unicast_sync(struct net_device *to, struct net_device *from)
3958{ 3963{
3959 int err = 0; 3964 int err = 0;
3960 3965
3961 ASSERT_RTNL();
3962
3963 if (to->addr_len != from->addr_len) 3966 if (to->addr_len != from->addr_len)
3964 return -EINVAL; 3967 return -EINVAL;
3965 3968
3969 netif_addr_lock_bh(to);
3966 err = __hw_addr_sync(&to->uc, &from->uc, to->addr_len); 3970 err = __hw_addr_sync(&to->uc, &from->uc, to->addr_len);
3967 if (!err) 3971 if (!err)
3968 __dev_set_rx_mode(to); 3972 __dev_set_rx_mode(to);
3973 netif_addr_unlock_bh(to);
3969 return err; 3974 return err;
3970} 3975}
3971EXPORT_SYMBOL(dev_unicast_sync); 3976EXPORT_SYMBOL(dev_unicast_sync);
@@ -3981,27 +3986,27 @@ EXPORT_SYMBOL(dev_unicast_sync);
3981 */ 3986 */
3982void dev_unicast_unsync(struct net_device *to, struct net_device *from) 3987void dev_unicast_unsync(struct net_device *to, struct net_device *from)
3983{ 3988{
3984 ASSERT_RTNL();
3985
3986 if (to->addr_len != from->addr_len) 3989 if (to->addr_len != from->addr_len)
3987 return; 3990 return;
3988 3991
3992 netif_addr_lock_bh(from);
3993 netif_addr_lock(to);
3989 __hw_addr_unsync(&to->uc, &from->uc, to->addr_len); 3994 __hw_addr_unsync(&to->uc, &from->uc, to->addr_len);
3990 __dev_set_rx_mode(to); 3995 __dev_set_rx_mode(to);
3996 netif_addr_unlock(to);
3997 netif_addr_unlock_bh(from);
3991} 3998}
3992EXPORT_SYMBOL(dev_unicast_unsync); 3999EXPORT_SYMBOL(dev_unicast_unsync);
3993 4000
3994static void dev_unicast_flush(struct net_device *dev) 4001static void dev_unicast_flush(struct net_device *dev)
3995{ 4002{
3996 /* rtnl_mutex must be held here */ 4003 netif_addr_lock_bh(dev);
3997
3998 __hw_addr_flush(&dev->uc); 4004 __hw_addr_flush(&dev->uc);
4005 netif_addr_unlock_bh(dev);
3999} 4006}
4000 4007
4001static void dev_unicast_init(struct net_device *dev) 4008static void dev_unicast_init(struct net_device *dev)
4002{ 4009{
4003 /* rtnl_mutex must be held here */
4004
4005 __hw_addr_init(&dev->uc); 4010 __hw_addr_init(&dev->uc);
4006} 4011}
4007 4012
diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c
index b7292a2719dc..197283072cc8 100644
--- a/net/core/net_namespace.c
+++ b/net/core/net_namespace.c
@@ -488,7 +488,7 @@ int net_assign_generic(struct net *net, int id, void *data)
488 */ 488 */
489 489
490 ng->len = id; 490 ng->len = id;
491 memcpy(&ng->ptr, &old_ng->ptr, old_ng->len); 491 memcpy(&ng->ptr, &old_ng->ptr, old_ng->len * sizeof(void*));
492 492
493 rcu_assign_pointer(net->gen, ng); 493 rcu_assign_pointer(net->gen, ng);
494 call_rcu(&old_ng->rcu, net_generic_release); 494 call_rcu(&old_ng->rcu, net_generic_release);
diff --git a/net/core/sock.c b/net/core/sock.c
index ba5d2116aea1..bbb25be7ddfe 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -631,7 +631,7 @@ set_rcvbuf:
631 631
632 case SO_TIMESTAMPING: 632 case SO_TIMESTAMPING:
633 if (val & ~SOF_TIMESTAMPING_MASK) { 633 if (val & ~SOF_TIMESTAMPING_MASK) {
634 ret = EINVAL; 634 ret = -EINVAL;
635 break; 635 break;
636 } 636 }
637 sock_valbool_flag(sk, SOCK_TIMESTAMPING_TX_HARDWARE, 637 sock_valbool_flag(sk, SOCK_TIMESTAMPING_TX_HARDWARE,
@@ -919,13 +919,19 @@ static inline void sock_lock_init(struct sock *sk)
919 af_family_keys + sk->sk_family); 919 af_family_keys + sk->sk_family);
920} 920}
921 921
922/*
923 * Copy all fields from osk to nsk but nsk->sk_refcnt must not change yet,
924 * even temporarly, because of RCU lookups. sk_node should also be left as is.
925 */
922static void sock_copy(struct sock *nsk, const struct sock *osk) 926static void sock_copy(struct sock *nsk, const struct sock *osk)
923{ 927{
924#ifdef CONFIG_SECURITY_NETWORK 928#ifdef CONFIG_SECURITY_NETWORK
925 void *sptr = nsk->sk_security; 929 void *sptr = nsk->sk_security;
926#endif 930#endif
927 931 BUILD_BUG_ON(offsetof(struct sock, sk_copy_start) !=
928 memcpy(nsk, osk, osk->sk_prot->obj_size); 932 sizeof(osk->sk_node) + sizeof(osk->sk_refcnt));
933 memcpy(&nsk->sk_copy_start, &osk->sk_copy_start,
934 osk->sk_prot->obj_size - offsetof(struct sock, sk_copy_start));
929#ifdef CONFIG_SECURITY_NETWORK 935#ifdef CONFIG_SECURITY_NETWORK
930 nsk->sk_security = sptr; 936 nsk->sk_security = sptr;
931 security_sk_clone(osk, nsk); 937 security_sk_clone(osk, nsk);
@@ -1140,6 +1146,11 @@ struct sock *sk_clone(const struct sock *sk, const gfp_t priority)
1140 1146
1141 newsk->sk_err = 0; 1147 newsk->sk_err = 0;
1142 newsk->sk_priority = 0; 1148 newsk->sk_priority = 0;
1149 /*
1150 * Before updating sk_refcnt, we must commit prior changes to memory
1151 * (Documentation/RCU/rculist_nulls.txt for details)
1152 */
1153 smp_wmb();
1143 atomic_set(&newsk->sk_refcnt, 2); 1154 atomic_set(&newsk->sk_refcnt, 2);
1144 1155
1145 /* 1156 /*
@@ -1855,6 +1866,11 @@ void sock_init_data(struct socket *sock, struct sock *sk)
1855 1866
1856 sk->sk_stamp = ktime_set(-1L, 0); 1867 sk->sk_stamp = ktime_set(-1L, 0);
1857 1868
1869 /*
1870 * Before updating sk_refcnt, we must commit prior changes to memory
1871 * (Documentation/RCU/rculist_nulls.txt for details)
1872 */
1873 smp_wmb();
1858 atomic_set(&sk->sk_refcnt, 1); 1874 atomic_set(&sk->sk_refcnt, 1);
1859 atomic_set(&sk->sk_wmem_alloc, 1); 1875 atomic_set(&sk->sk_wmem_alloc, 1);
1860 atomic_set(&sk->sk_drops, 0); 1876 atomic_set(&sk->sk_drops, 0);
diff --git a/net/dccp/proto.c b/net/dccp/proto.c
index 94ca8eaace7d..3281013ce038 100644
--- a/net/dccp/proto.c
+++ b/net/dccp/proto.c
@@ -1066,7 +1066,7 @@ static int __init dccp_init(void)
1066 (dccp_hashinfo.ehash_size - 1)) 1066 (dccp_hashinfo.ehash_size - 1))
1067 dccp_hashinfo.ehash_size--; 1067 dccp_hashinfo.ehash_size--;
1068 dccp_hashinfo.ehash = (struct inet_ehash_bucket *) 1068 dccp_hashinfo.ehash = (struct inet_ehash_bucket *)
1069 __get_free_pages(GFP_ATOMIC, ehash_order); 1069 __get_free_pages(GFP_ATOMIC|__GFP_NOWARN, ehash_order);
1070 } while (!dccp_hashinfo.ehash && --ehash_order > 0); 1070 } while (!dccp_hashinfo.ehash && --ehash_order > 0);
1071 1071
1072 if (!dccp_hashinfo.ehash) { 1072 if (!dccp_hashinfo.ehash) {
@@ -1091,7 +1091,7 @@ static int __init dccp_init(void)
1091 bhash_order > 0) 1091 bhash_order > 0)
1092 continue; 1092 continue;
1093 dccp_hashinfo.bhash = (struct inet_bind_hashbucket *) 1093 dccp_hashinfo.bhash = (struct inet_bind_hashbucket *)
1094 __get_free_pages(GFP_ATOMIC, bhash_order); 1094 __get_free_pages(GFP_ATOMIC|__GFP_NOWARN, bhash_order);
1095 } while (!dccp_hashinfo.bhash && --bhash_order >= 0); 1095 } while (!dccp_hashinfo.bhash && --bhash_order >= 0);
1096 1096
1097 if (!dccp_hashinfo.bhash) { 1097 if (!dccp_hashinfo.bhash) {
diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c
index c29d75d8f1b1..090e9991ac2a 100644
--- a/net/ipv4/arp.c
+++ b/net/ipv4/arp.c
@@ -1304,7 +1304,9 @@ static void arp_format_neigh_entry(struct seq_file *seq,
1304 hbuffer[k++] = hex_asc_lo(n->ha[j]); 1304 hbuffer[k++] = hex_asc_lo(n->ha[j]);
1305 hbuffer[k++] = ':'; 1305 hbuffer[k++] = ':';
1306 } 1306 }
1307 hbuffer[--k] = 0; 1307 if (k != 0)
1308 --k;
1309 hbuffer[k] = 0;
1308#if defined(CONFIG_AX25) || defined(CONFIG_AX25_MODULE) 1310#if defined(CONFIG_AX25) || defined(CONFIG_AX25_MODULE)
1309 } 1311 }
1310#endif 1312#endif
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 5a1ca2698c88..6d88219c5e22 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -1160,6 +1160,7 @@ struct request_sock_ops tcp_request_sock_ops __read_mostly = {
1160#ifdef CONFIG_TCP_MD5SIG 1160#ifdef CONFIG_TCP_MD5SIG
1161static struct tcp_request_sock_ops tcp_request_sock_ipv4_ops = { 1161static struct tcp_request_sock_ops tcp_request_sock_ipv4_ops = {
1162 .md5_lookup = tcp_v4_reqsk_md5_lookup, 1162 .md5_lookup = tcp_v4_reqsk_md5_lookup,
1163 .calc_md5_hash = tcp_v4_md5_hash_skb,
1163}; 1164};
1164#endif 1165#endif
1165 1166
@@ -1373,7 +1374,7 @@ struct sock *tcp_v4_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
1373 */ 1374 */
1374 char *newkey = kmemdup(key->key, key->keylen, GFP_ATOMIC); 1375 char *newkey = kmemdup(key->key, key->keylen, GFP_ATOMIC);
1375 if (newkey != NULL) 1376 if (newkey != NULL)
1376 tcp_v4_md5_do_add(newsk, inet_sk(sk)->daddr, 1377 tcp_v4_md5_do_add(newsk, newinet->daddr,
1377 newkey, key->keylen); 1378 newkey, key->keylen);
1378 newsk->sk_route_caps &= ~NETIF_F_GSO_MASK; 1379 newsk->sk_route_caps &= ~NETIF_F_GSO_MASK;
1379 } 1380 }
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index 5bdf08d312d9..bd62712848fa 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -2261,7 +2261,7 @@ struct sk_buff *tcp_make_synack(struct sock *sk, struct dst_entry *dst,
2261#ifdef CONFIG_TCP_MD5SIG 2261#ifdef CONFIG_TCP_MD5SIG
2262 /* Okay, we have all we need - do the md5 hash if needed */ 2262 /* Okay, we have all we need - do the md5 hash if needed */
2263 if (md5) { 2263 if (md5) {
2264 tp->af_specific->calc_md5_hash(md5_hash_location, 2264 tcp_rsk(req)->af_specific->calc_md5_hash(md5_hash_location,
2265 md5, NULL, req, skb); 2265 md5, NULL, req, skb);
2266 } 2266 }
2267#endif 2267#endif
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index 58810c65b635..d849dd53b788 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -896,6 +896,7 @@ struct request_sock_ops tcp6_request_sock_ops __read_mostly = {
896#ifdef CONFIG_TCP_MD5SIG 896#ifdef CONFIG_TCP_MD5SIG
897static struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = { 897static struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = {
898 .md5_lookup = tcp_v6_reqsk_md5_lookup, 898 .md5_lookup = tcp_v6_reqsk_md5_lookup,
899 .calc_md5_hash = tcp_v6_md5_hash_skb,
899}; 900};
900#endif 901#endif
901 902
@@ -1441,7 +1442,7 @@ static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
1441 */ 1442 */
1442 char *newkey = kmemdup(key->key, key->keylen, GFP_ATOMIC); 1443 char *newkey = kmemdup(key->key, key->keylen, GFP_ATOMIC);
1443 if (newkey != NULL) 1444 if (newkey != NULL)
1444 tcp_v6_md5_do_add(newsk, &inet6_sk(sk)->daddr, 1445 tcp_v6_md5_do_add(newsk, &newnp->daddr,
1445 newkey, key->keylen); 1446 newkey, key->keylen);
1446 } 1447 }
1447#endif 1448#endif
diff --git a/net/irda/irttp.c b/net/irda/irttp.c
index ecf4eb2717cb..9cb79f95bf63 100644
--- a/net/irda/irttp.c
+++ b/net/irda/irttp.c
@@ -1453,6 +1453,7 @@ struct tsap_cb *irttp_dup(struct tsap_cb *orig, void *instance)
1453 } 1453 }
1454 /* Dup */ 1454 /* Dup */
1455 memcpy(new, orig, sizeof(struct tsap_cb)); 1455 memcpy(new, orig, sizeof(struct tsap_cb));
1456 spin_lock_init(&new->lock);
1456 1457
1457 /* We don't need the old instance any more */ 1458 /* We don't need the old instance any more */
1458 spin_unlock_irqrestore(&irttp->tsaps->hb_spinlock, flags); 1459 spin_unlock_irqrestore(&irttp->tsaps->hb_spinlock, flags);
diff --git a/net/mac80211/Kconfig b/net/mac80211/Kconfig
index ba2643a43c73..7836ee928983 100644
--- a/net/mac80211/Kconfig
+++ b/net/mac80211/Kconfig
@@ -83,6 +83,7 @@ endmenu
83config MAC80211_MESH 83config MAC80211_MESH
84 bool "Enable mac80211 mesh networking (pre-802.11s) support" 84 bool "Enable mac80211 mesh networking (pre-802.11s) support"
85 depends on MAC80211 && EXPERIMENTAL 85 depends on MAC80211 && EXPERIMENTAL
86 depends on BROKEN
86 ---help--- 87 ---help---
87 This options enables support of Draft 802.11s mesh networking. 88 This options enables support of Draft 802.11s mesh networking.
88 The implementation is based on Draft 1.08 of the Mesh Networking 89 The implementation is based on Draft 1.08 of the Mesh Networking
diff --git a/net/mac80211/mesh_pathtbl.c b/net/mac80211/mesh_pathtbl.c
index 3c72557df45a..479597e88583 100644
--- a/net/mac80211/mesh_pathtbl.c
+++ b/net/mac80211/mesh_pathtbl.c
@@ -175,6 +175,8 @@ int mesh_path_add(u8 *dst, struct ieee80211_sub_if_data *sdata)
175 int err = 0; 175 int err = 0;
176 u32 hash_idx; 176 u32 hash_idx;
177 177
178 might_sleep();
179
178 if (memcmp(dst, sdata->dev->dev_addr, ETH_ALEN) == 0) 180 if (memcmp(dst, sdata->dev->dev_addr, ETH_ALEN) == 0)
179 /* never add ourselves as neighbours */ 181 /* never add ourselves as neighbours */
180 return -ENOTSUPP; 182 return -ENOTSUPP;
@@ -265,6 +267,7 @@ int mpp_path_add(u8 *dst, u8 *mpp, struct ieee80211_sub_if_data *sdata)
265 int err = 0; 267 int err = 0;
266 u32 hash_idx; 268 u32 hash_idx;
267 269
270 might_sleep();
268 271
269 if (memcmp(dst, sdata->dev->dev_addr, ETH_ALEN) == 0) 272 if (memcmp(dst, sdata->dev->dev_addr, ETH_ALEN) == 0)
270 /* never add ourselves as neighbours */ 273 /* never add ourselves as neighbours */
@@ -491,8 +494,10 @@ void mesh_path_tx_pending(struct mesh_path *mpath)
491 * @skb: frame to discard 494 * @skb: frame to discard
492 * @sdata: network subif the frame was to be sent through 495 * @sdata: network subif the frame was to be sent through
493 * 496 *
494 * If the frame was beign forwarded from another MP, a PERR frame will be sent 497 * If the frame was being forwarded from another MP, a PERR frame will be sent
495 * to the precursor. 498 * to the precursor. The precursor's address (i.e. the previous hop) was saved
499 * in addr1 of the frame-to-be-forwarded, and would only be overwritten once
500 * the destination is successfully resolved.
496 * 501 *
497 * Locking: the function must me called within a rcu_read_lock region 502 * Locking: the function must me called within a rcu_read_lock region
498 */ 503 */
@@ -507,7 +512,7 @@ void mesh_path_discard_frame(struct sk_buff *skb,
507 u8 *ra, *da; 512 u8 *ra, *da;
508 513
509 da = hdr->addr3; 514 da = hdr->addr3;
510 ra = hdr->addr2; 515 ra = hdr->addr1;
511 mpath = mesh_path_lookup(da, sdata); 516 mpath = mesh_path_lookup(da, sdata);
512 if (mpath) 517 if (mpath)
513 dsn = ++mpath->dsn; 518 dsn = ++mpath->dsn;
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index aca22b00b6a3..07e7e41816be 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -721,7 +721,7 @@ void ieee80211_dynamic_ps_timer(unsigned long data)
721{ 721{
722 struct ieee80211_local *local = (void *) data; 722 struct ieee80211_local *local = (void *) data;
723 723
724 if (local->quiescing) 724 if (local->quiescing || local->suspended)
725 return; 725 return;
726 726
727 queue_work(local->hw.workqueue, &local->dynamic_ps_enable_work); 727 queue_work(local->hw.workqueue, &local->dynamic_ps_enable_work);
diff --git a/net/mac80211/pm.c b/net/mac80211/pm.c
index 7a549f9deb96..5e3d476972f9 100644
--- a/net/mac80211/pm.c
+++ b/net/mac80211/pm.c
@@ -55,15 +55,6 @@ int __ieee80211_suspend(struct ieee80211_hw *hw)
55 55
56 rcu_read_unlock(); 56 rcu_read_unlock();
57 57
58 /* flush again, in case driver queued work */
59 flush_workqueue(local->hw.workqueue);
60
61 /* stop hardware - this must stop RX */
62 if (local->open_count) {
63 ieee80211_led_radio(local, false);
64 drv_stop(local);
65 }
66
67 /* remove STAs */ 58 /* remove STAs */
68 spin_lock_irqsave(&local->sta_lock, flags); 59 spin_lock_irqsave(&local->sta_lock, flags);
69 list_for_each_entry(sta, &local->sta_list, list) { 60 list_for_each_entry(sta, &local->sta_list, list) {
@@ -111,7 +102,22 @@ int __ieee80211_suspend(struct ieee80211_hw *hw)
111 drv_remove_interface(local, &conf); 102 drv_remove_interface(local, &conf);
112 } 103 }
113 104
105 /* stop hardware - this must stop RX */
106 if (local->open_count) {
107 ieee80211_led_radio(local, false);
108 drv_stop(local);
109 }
110
111 /*
112 * flush again, in case driver queued work -- it
113 * shouldn't be doing (or cancel everything in the
114 * stop callback) that but better safe than sorry.
115 */
116 flush_workqueue(local->hw.workqueue);
117
114 local->suspended = true; 118 local->suspended = true;
119 /* need suspended to be visible before quiescing is false */
120 barrier();
115 local->quiescing = false; 121 local->quiescing = false;
116 122
117 return 0; 123 return 0;
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index de5bba7f910a..0936fc24942d 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -2453,6 +2453,18 @@ void __ieee80211_rx(struct ieee80211_hw *hw, struct sk_buff *skb,
2453 return; 2453 return;
2454 } 2454 }
2455 2455
2456 /*
2457 * If we're suspending, it is possible although not too likely
2458 * that we'd be receiving frames after having already partially
2459 * quiesced the stack. We can't process such frames then since
2460 * that might, for example, cause stations to be added or other
2461 * driver callbacks be invoked.
2462 */
2463 if (unlikely(local->quiescing || local->suspended)) {
2464 kfree_skb(skb);
2465 return;
2466 }
2467
2456 if (status->flag & RX_FLAG_HT) { 2468 if (status->flag & RX_FLAG_HT) {
2457 /* rate_idx is MCS index */ 2469 /* rate_idx is MCS index */
2458 if (WARN_ON(status->rate_idx < 0 || 2470 if (WARN_ON(status->rate_idx < 0 ||
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index d238a8939a09..3a8922cd1038 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -1455,7 +1455,7 @@ int ieee80211_master_start_xmit(struct sk_buff *skb, struct net_device *dev)
1455 monitor_iface = UNKNOWN_ADDRESS; 1455 monitor_iface = UNKNOWN_ADDRESS;
1456 1456
1457 len_rthdr = ieee80211_get_radiotap_len(skb->data); 1457 len_rthdr = ieee80211_get_radiotap_len(skb->data);
1458 hdr = (struct ieee80211_hdr *)skb->data + len_rthdr; 1458 hdr = (struct ieee80211_hdr *)(skb->data + len_rthdr);
1459 hdrlen = ieee80211_hdrlen(hdr->frame_control); 1459 hdrlen = ieee80211_hdrlen(hdr->frame_control);
1460 1460
1461 /* check the header is complete in the frame */ 1461 /* check the header is complete in the frame */
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 7508f11c5b39..b5869b9574b0 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -561,23 +561,38 @@ struct nf_conn *nf_conntrack_alloc(struct net *net,
561 } 561 }
562 } 562 }
563 563
564 ct = kmem_cache_zalloc(nf_conntrack_cachep, gfp); 564 /*
565 * Do not use kmem_cache_zalloc(), as this cache uses
566 * SLAB_DESTROY_BY_RCU.
567 */
568 ct = kmem_cache_alloc(nf_conntrack_cachep, gfp);
565 if (ct == NULL) { 569 if (ct == NULL) {
566 pr_debug("nf_conntrack_alloc: Can't alloc conntrack.\n"); 570 pr_debug("nf_conntrack_alloc: Can't alloc conntrack.\n");
567 atomic_dec(&net->ct.count); 571 atomic_dec(&net->ct.count);
568 return ERR_PTR(-ENOMEM); 572 return ERR_PTR(-ENOMEM);
569 } 573 }
570 574 /*
575 * Let ct->tuplehash[IP_CT_DIR_ORIGINAL].hnnode.next
576 * and ct->tuplehash[IP_CT_DIR_REPLY].hnnode.next unchanged.
577 */
578 memset(&ct->tuplehash[IP_CT_DIR_MAX], 0,
579 sizeof(*ct) - offsetof(struct nf_conn, tuplehash[IP_CT_DIR_MAX]));
571 spin_lock_init(&ct->lock); 580 spin_lock_init(&ct->lock);
572 atomic_set(&ct->ct_general.use, 1);
573 ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple = *orig; 581 ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple = *orig;
582 ct->tuplehash[IP_CT_DIR_ORIGINAL].hnnode.pprev = NULL;
574 ct->tuplehash[IP_CT_DIR_REPLY].tuple = *repl; 583 ct->tuplehash[IP_CT_DIR_REPLY].tuple = *repl;
584 ct->tuplehash[IP_CT_DIR_REPLY].hnnode.pprev = NULL;
575 /* Don't set timer yet: wait for confirmation */ 585 /* Don't set timer yet: wait for confirmation */
576 setup_timer(&ct->timeout, death_by_timeout, (unsigned long)ct); 586 setup_timer(&ct->timeout, death_by_timeout, (unsigned long)ct);
577#ifdef CONFIG_NET_NS 587#ifdef CONFIG_NET_NS
578 ct->ct_net = net; 588 ct->ct_net = net;
579#endif 589#endif
580 590
591 /*
592 * changes to lookup keys must be done before setting refcnt to 1
593 */
594 smp_wmb();
595 atomic_set(&ct->ct_general.use, 1);
581 return ct; 596 return ct;
582} 597}
583EXPORT_SYMBOL_GPL(nf_conntrack_alloc); 598EXPORT_SYMBOL_GPL(nf_conntrack_alloc);
diff --git a/net/netfilter/xt_osf.c b/net/netfilter/xt_osf.c
index 863e40977a4d..0f482e2440b4 100644
--- a/net/netfilter/xt_osf.c
+++ b/net/netfilter/xt_osf.c
@@ -330,7 +330,8 @@ static bool xt_osf_match_packet(const struct sk_buff *skb,
330 fcount++; 330 fcount++;
331 331
332 if (info->flags & XT_OSF_LOG) 332 if (info->flags & XT_OSF_LOG)
333 nf_log_packet(p->hooknum, 0, skb, p->in, p->out, NULL, 333 nf_log_packet(p->family, p->hooknum, skb,
334 p->in, p->out, NULL,
334 "%s [%s:%s] : %pi4:%d -> %pi4:%d hops=%d\n", 335 "%s [%s:%s] : %pi4:%d -> %pi4:%d hops=%d\n",
335 f->genre, f->version, f->subtype, 336 f->genre, f->version, f->subtype,
336 &ip->saddr, ntohs(tcp->source), 337 &ip->saddr, ntohs(tcp->source),
@@ -345,7 +346,7 @@ static bool xt_osf_match_packet(const struct sk_buff *skb,
345 rcu_read_unlock(); 346 rcu_read_unlock();
346 347
347 if (!fcount && (info->flags & XT_OSF_LOG)) 348 if (!fcount && (info->flags & XT_OSF_LOG))
348 nf_log_packet(p->hooknum, 0, skb, p->in, p->out, NULL, 349 nf_log_packet(p->family, p->hooknum, skb, p->in, p->out, NULL,
349 "Remote OS is not known: %pi4:%u -> %pi4:%u\n", 350 "Remote OS is not known: %pi4:%u -> %pi4:%u\n",
350 &ip->saddr, ntohs(tcp->source), 351 &ip->saddr, ntohs(tcp->source),
351 &ip->daddr, ntohs(tcp->dest)); 352 &ip->daddr, ntohs(tcp->dest));
diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c
index b0e582f2d37a..16e6c4378ff1 100644
--- a/net/netlabel/netlabel_kapi.c
+++ b/net/netlabel/netlabel_kapi.c
@@ -151,7 +151,7 @@ int netlbl_cfg_unlbl_map_add(const char *domain,
151 addr6 = addr; 151 addr6 = addr;
152 mask6 = mask; 152 mask6 = mask;
153 map6 = kzalloc(sizeof(*map6), GFP_ATOMIC); 153 map6 = kzalloc(sizeof(*map6), GFP_ATOMIC);
154 if (map4 == NULL) 154 if (map6 == NULL)
155 goto cfg_unlbl_map_add_failure; 155 goto cfg_unlbl_map_add_failure;
156 map6->type = NETLBL_NLTYPE_UNLABELED; 156 map6->type = NETLBL_NLTYPE_UNLABELED;
157 ipv6_addr_copy(&map6->list.addr, addr6); 157 ipv6_addr_copy(&map6->list.addr, addr6);
diff --git a/net/rfkill/core.c b/net/rfkill/core.c
index 79693fe2001e..2fc4a1724eb8 100644
--- a/net/rfkill/core.c
+++ b/net/rfkill/core.c
@@ -549,6 +549,10 @@ void rfkill_set_states(struct rfkill *rfkill, bool sw, bool hw)
549 swprev = !!(rfkill->state & RFKILL_BLOCK_SW); 549 swprev = !!(rfkill->state & RFKILL_BLOCK_SW);
550 hwprev = !!(rfkill->state & RFKILL_BLOCK_HW); 550 hwprev = !!(rfkill->state & RFKILL_BLOCK_HW);
551 __rfkill_set_sw_state(rfkill, sw); 551 __rfkill_set_sw_state(rfkill, sw);
552 if (hw)
553 rfkill->state |= RFKILL_BLOCK_HW;
554 else
555 rfkill->state &= ~RFKILL_BLOCK_HW;
552 556
553 spin_unlock_irqrestore(&rfkill->lock, flags); 557 spin_unlock_irqrestore(&rfkill->lock, flags);
554 558
@@ -648,15 +652,26 @@ static ssize_t rfkill_state_store(struct device *dev,
648 struct device_attribute *attr, 652 struct device_attribute *attr,
649 const char *buf, size_t count) 653 const char *buf, size_t count)
650{ 654{
651 /* 655 struct rfkill *rfkill = to_rfkill(dev);
652 * The intention was that userspace can only take control over 656 unsigned long state;
653 * a given device when/if rfkill-input doesn't control it due 657 int err;
654 * to user_claim. Since user_claim is currently unsupported, 658
655 * we never support changing the state from userspace -- this 659 if (!capable(CAP_NET_ADMIN))
656 * can be implemented again later. 660 return -EPERM;
657 */ 661
662 err = strict_strtoul(buf, 0, &state);
663 if (err)
664 return err;
665
666 if (state != RFKILL_USER_STATE_SOFT_BLOCKED &&
667 state != RFKILL_USER_STATE_UNBLOCKED)
668 return -EINVAL;
669
670 mutex_lock(&rfkill_global_mutex);
671 rfkill_set_block(rfkill, state == RFKILL_USER_STATE_SOFT_BLOCKED);
672 mutex_unlock(&rfkill_global_mutex);
658 673
659 return -EPERM; 674 return err ?: count;
660} 675}
661 676
662static ssize_t rfkill_claim_show(struct device *dev, 677static ssize_t rfkill_claim_show(struct device *dev,
diff --git a/net/rose/af_rose.c b/net/rose/af_rose.c
index 6bd8e93869ed..f0a76f6bca71 100644
--- a/net/rose/af_rose.c
+++ b/net/rose/af_rose.c
@@ -92,23 +92,21 @@ static void rose_set_lockdep_key(struct net_device *dev)
92/* 92/*
93 * Convert a ROSE address into text. 93 * Convert a ROSE address into text.
94 */ 94 */
95const char *rose2asc(const rose_address *addr) 95char *rose2asc(char *buf, const rose_address *addr)
96{ 96{
97 static char buffer[11];
98
99 if (addr->rose_addr[0] == 0x00 && addr->rose_addr[1] == 0x00 && 97 if (addr->rose_addr[0] == 0x00 && addr->rose_addr[1] == 0x00 &&
100 addr->rose_addr[2] == 0x00 && addr->rose_addr[3] == 0x00 && 98 addr->rose_addr[2] == 0x00 && addr->rose_addr[3] == 0x00 &&
101 addr->rose_addr[4] == 0x00) { 99 addr->rose_addr[4] == 0x00) {
102 strcpy(buffer, "*"); 100 strcpy(buf, "*");
103 } else { 101 } else {
104 sprintf(buffer, "%02X%02X%02X%02X%02X", addr->rose_addr[0] & 0xFF, 102 sprintf(buf, "%02X%02X%02X%02X%02X", addr->rose_addr[0] & 0xFF,
105 addr->rose_addr[1] & 0xFF, 103 addr->rose_addr[1] & 0xFF,
106 addr->rose_addr[2] & 0xFF, 104 addr->rose_addr[2] & 0xFF,
107 addr->rose_addr[3] & 0xFF, 105 addr->rose_addr[3] & 0xFF,
108 addr->rose_addr[4] & 0xFF); 106 addr->rose_addr[4] & 0xFF);
109 } 107 }
110 108
111 return buffer; 109 return buf;
112} 110}
113 111
114/* 112/*
@@ -1437,7 +1435,7 @@ static void rose_info_stop(struct seq_file *seq, void *v)
1437 1435
1438static int rose_info_show(struct seq_file *seq, void *v) 1436static int rose_info_show(struct seq_file *seq, void *v)
1439{ 1437{
1440 char buf[11]; 1438 char buf[11], rsbuf[11];
1441 1439
1442 if (v == SEQ_START_TOKEN) 1440 if (v == SEQ_START_TOKEN)
1443 seq_puts(seq, 1441 seq_puts(seq,
@@ -1455,8 +1453,8 @@ static int rose_info_show(struct seq_file *seq, void *v)
1455 devname = dev->name; 1453 devname = dev->name;
1456 1454
1457 seq_printf(seq, "%-10s %-9s ", 1455 seq_printf(seq, "%-10s %-9s ",
1458 rose2asc(&rose->dest_addr), 1456 rose2asc(rsbuf, &rose->dest_addr),
1459 ax2asc(buf, &rose->dest_call)); 1457 ax2asc(buf, &rose->dest_call));
1460 1458
1461 if (ax25cmp(&rose->source_call, &null_ax25_address) == 0) 1459 if (ax25cmp(&rose->source_call, &null_ax25_address) == 0)
1462 callsign = "??????-?"; 1460 callsign = "??????-?";
@@ -1465,7 +1463,7 @@ static int rose_info_show(struct seq_file *seq, void *v)
1465 1463
1466 seq_printf(seq, 1464 seq_printf(seq,
1467 "%-10s %-9s %-5s %3.3X %05d %d %d %d %d %3lu %3lu %3lu %3lu %3lu %3lu/%03lu %5d %5d %ld\n", 1465 "%-10s %-9s %-5s %3.3X %05d %d %d %d %d %3lu %3lu %3lu %3lu %3lu %3lu/%03lu %5d %5d %ld\n",
1468 rose2asc(&rose->source_addr), 1466 rose2asc(rsbuf, &rose->source_addr),
1469 callsign, 1467 callsign,
1470 devname, 1468 devname,
1471 rose->lci & 0x0FFF, 1469 rose->lci & 0x0FFF,
diff --git a/net/rose/rose_route.c b/net/rose/rose_route.c
index a81066a1010a..9478d9b3d977 100644
--- a/net/rose/rose_route.c
+++ b/net/rose/rose_route.c
@@ -1104,6 +1104,7 @@ static void rose_node_stop(struct seq_file *seq, void *v)
1104 1104
1105static int rose_node_show(struct seq_file *seq, void *v) 1105static int rose_node_show(struct seq_file *seq, void *v)
1106{ 1106{
1107 char rsbuf[11];
1107 int i; 1108 int i;
1108 1109
1109 if (v == SEQ_START_TOKEN) 1110 if (v == SEQ_START_TOKEN)
@@ -1112,13 +1113,13 @@ static int rose_node_show(struct seq_file *seq, void *v)
1112 const struct rose_node *rose_node = v; 1113 const struct rose_node *rose_node = v;
1113 /* if (rose_node->loopback) { 1114 /* if (rose_node->loopback) {
1114 seq_printf(seq, "%-10s %04d 1 loopback\n", 1115 seq_printf(seq, "%-10s %04d 1 loopback\n",
1115 rose2asc(&rose_node->address), 1116 rose2asc(rsbuf, &rose_node->address),
1116 rose_node->mask); 1117 rose_node->mask);
1117 } else { */ 1118 } else { */
1118 seq_printf(seq, "%-10s %04d %d", 1119 seq_printf(seq, "%-10s %04d %d",
1119 rose2asc(&rose_node->address), 1120 rose2asc(rsbuf, &rose_node->address),
1120 rose_node->mask, 1121 rose_node->mask,
1121 rose_node->count); 1122 rose_node->count);
1122 1123
1123 for (i = 0; i < rose_node->count; i++) 1124 for (i = 0; i < rose_node->count; i++)
1124 seq_printf(seq, " %05d", 1125 seq_printf(seq, " %05d",
@@ -1267,7 +1268,7 @@ static void rose_route_stop(struct seq_file *seq, void *v)
1267 1268
1268static int rose_route_show(struct seq_file *seq, void *v) 1269static int rose_route_show(struct seq_file *seq, void *v)
1269{ 1270{
1270 char buf[11]; 1271 char buf[11], rsbuf[11];
1271 1272
1272 if (v == SEQ_START_TOKEN) 1273 if (v == SEQ_START_TOKEN)
1273 seq_puts(seq, 1274 seq_puts(seq,
@@ -1279,7 +1280,7 @@ static int rose_route_show(struct seq_file *seq, void *v)
1279 seq_printf(seq, 1280 seq_printf(seq,
1280 "%3.3X %-10s %-9s %05d ", 1281 "%3.3X %-10s %-9s %05d ",
1281 rose_route->lci1, 1282 rose_route->lci1,
1282 rose2asc(&rose_route->src_addr), 1283 rose2asc(rsbuf, &rose_route->src_addr),
1283 ax2asc(buf, &rose_route->src_call), 1284 ax2asc(buf, &rose_route->src_call),
1284 rose_route->neigh1->number); 1285 rose_route->neigh1->number);
1285 else 1286 else
@@ -1289,10 +1290,10 @@ static int rose_route_show(struct seq_file *seq, void *v)
1289 if (rose_route->neigh2) 1290 if (rose_route->neigh2)
1290 seq_printf(seq, 1291 seq_printf(seq,
1291 "%3.3X %-10s %-9s %05d\n", 1292 "%3.3X %-10s %-9s %05d\n",
1292 rose_route->lci2, 1293 rose_route->lci2,
1293 rose2asc(&rose_route->dest_addr), 1294 rose2asc(rsbuf, &rose_route->dest_addr),
1294 ax2asc(buf, &rose_route->dest_call), 1295 ax2asc(buf, &rose_route->dest_call),
1295 rose_route->neigh2->number); 1296 rose_route->neigh2->number);
1296 else 1297 else
1297 seq_puts(seq, 1298 seq_puts(seq,
1298 "000 * * 00000\n"); 1299 "000 * * 00000\n");
diff --git a/net/socket.c b/net/socket.c
index 791d71a36a93..6d4716559047 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -736,7 +736,7 @@ static ssize_t sock_sendpage(struct file *file, struct page *page,
736 if (more) 736 if (more)
737 flags |= MSG_MORE; 737 flags |= MSG_MORE;
738 738
739 return sock->ops->sendpage(sock, page, offset, size, flags); 739 return kernel_sendpage(sock, page, offset, size, flags);
740} 740}
741 741
742static ssize_t sock_splice_read(struct file *file, loff_t *ppos, 742static ssize_t sock_splice_read(struct file *file, loff_t *ppos,
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 43bdb1372cae..634496b3ed77 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -997,7 +997,7 @@ static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
997 997
998 if (IS_ERR(hdr)) { 998 if (IS_ERR(hdr)) {
999 err = PTR_ERR(hdr); 999 err = PTR_ERR(hdr);
1000 goto out; 1000 goto free_msg;
1001 } 1001 }
1002 1002
1003 cookie.msg = msg; 1003 cookie.msg = msg;
@@ -1011,7 +1011,7 @@ static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
1011 &cookie, get_key_callback); 1011 &cookie, get_key_callback);
1012 1012
1013 if (err) 1013 if (err)
1014 goto out; 1014 goto free_msg;
1015 1015
1016 if (cookie.error) 1016 if (cookie.error)
1017 goto nla_put_failure; 1017 goto nla_put_failure;
@@ -1022,6 +1022,7 @@ static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
1022 1022
1023 nla_put_failure: 1023 nla_put_failure:
1024 err = -ENOBUFS; 1024 err = -ENOBUFS;
1025 free_msg:
1025 nlmsg_free(msg); 1026 nlmsg_free(msg);
1026 out: 1027 out:
1027 cfg80211_put_dev(drv); 1028 cfg80211_put_dev(drv);
diff --git a/net/wireless/reg.c b/net/wireless/reg.c
index 5e14371cda70..75a406d33619 100644
--- a/net/wireless/reg.c
+++ b/net/wireless/reg.c
@@ -1089,17 +1089,18 @@ static void handle_reg_beacon(struct wiphy *wiphy,
1089 1089
1090 chan->beacon_found = true; 1090 chan->beacon_found = true;
1091 1091
1092 if (wiphy->disable_beacon_hints)
1093 return;
1094
1092 chan_before.center_freq = chan->center_freq; 1095 chan_before.center_freq = chan->center_freq;
1093 chan_before.flags = chan->flags; 1096 chan_before.flags = chan->flags;
1094 1097
1095 if ((chan->flags & IEEE80211_CHAN_PASSIVE_SCAN) && 1098 if (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN) {
1096 !(chan->orig_flags & IEEE80211_CHAN_PASSIVE_SCAN)) {
1097 chan->flags &= ~IEEE80211_CHAN_PASSIVE_SCAN; 1099 chan->flags &= ~IEEE80211_CHAN_PASSIVE_SCAN;
1098 channel_changed = true; 1100 channel_changed = true;
1099 } 1101 }
1100 1102
1101 if ((chan->flags & IEEE80211_CHAN_NO_IBSS) && 1103 if (chan->flags & IEEE80211_CHAN_NO_IBSS) {
1102 !(chan->orig_flags & IEEE80211_CHAN_NO_IBSS)) {
1103 chan->flags &= ~IEEE80211_CHAN_NO_IBSS; 1104 chan->flags &= ~IEEE80211_CHAN_NO_IBSS;
1104 channel_changed = true; 1105 channel_changed = true;
1105 } 1106 }
diff --git a/net/wireless/reg.h b/net/wireless/reg.h
index e37829a49dc4..4e167a8e11be 100644
--- a/net/wireless/reg.h
+++ b/net/wireless/reg.h
@@ -30,7 +30,8 @@ int set_regdom(const struct ieee80211_regdomain *rd);
30 * non-radar 5 GHz channels. 30 * non-radar 5 GHz channels.
31 * 31 *
32 * Drivers do not need to call this, cfg80211 will do it for after a scan 32 * Drivers do not need to call this, cfg80211 will do it for after a scan
33 * on a newly found BSS. 33 * on a newly found BSS. If you cannot make use of this feature you can
34 * set the wiphy->disable_beacon_hints to true.
34 */ 35 */
35int regulatory_hint_found_beacon(struct wiphy *wiphy, 36int regulatory_hint_found_beacon(struct wiphy *wiphy,
36 struct ieee80211_channel *beacon_chan, 37 struct ieee80211_channel *beacon_chan,
diff --git a/net/wireless/scan.c b/net/wireless/scan.c
index f8e71b300001..7e595ce24eeb 100644
--- a/net/wireless/scan.c
+++ b/net/wireless/scan.c
@@ -35,8 +35,6 @@ void cfg80211_scan_done(struct cfg80211_scan_request *request, bool aborted)
35 else 35 else
36 nl80211_send_scan_done(wiphy_to_dev(request->wiphy), dev); 36 nl80211_send_scan_done(wiphy_to_dev(request->wiphy), dev);
37 37
38 wiphy_to_dev(request->wiphy)->scan_req = NULL;
39
40#ifdef CONFIG_WIRELESS_EXT 38#ifdef CONFIG_WIRELESS_EXT
41 if (!aborted) { 39 if (!aborted) {
42 memset(&wrqu, 0, sizeof(wrqu)); 40 memset(&wrqu, 0, sizeof(wrqu));
@@ -48,6 +46,7 @@ void cfg80211_scan_done(struct cfg80211_scan_request *request, bool aborted)
48 dev_put(dev); 46 dev_put(dev);
49 47
50 out: 48 out:
49 wiphy_to_dev(request->wiphy)->scan_req = NULL;
51 kfree(request); 50 kfree(request);
52} 51}
53EXPORT_SYMBOL(cfg80211_scan_done); 52EXPORT_SYMBOL(cfg80211_scan_done);
@@ -119,7 +118,7 @@ static int cmp_ies(u8 num, u8 *ies1, size_t len1, u8 *ies2, size_t len2)
119 118
120 if (!ie1 && !ie2) 119 if (!ie1 && !ie2)
121 return 0; 120 return 0;
122 if (!ie1) 121 if (!ie1 || !ie2)
123 return -1; 122 return -1;
124 123
125 r = memcmp(ie1 + 2, ie2 + 2, min(ie1[1], ie2[1])); 124 r = memcmp(ie1 + 2, ie2 + 2, min(ie1[1], ie2[1]));
@@ -172,6 +171,8 @@ static bool is_mesh(struct cfg80211_bss *a,
172 ie = find_ie(WLAN_EID_MESH_CONFIG, 171 ie = find_ie(WLAN_EID_MESH_CONFIG,
173 a->information_elements, 172 a->information_elements,
174 a->len_information_elements); 173 a->len_information_elements);
174 if (!ie)
175 return false;
175 if (ie[1] != IEEE80211_MESH_CONFIG_LEN) 176 if (ie[1] != IEEE80211_MESH_CONFIG_LEN)
176 return false; 177 return false;
177 178
generated by cgit v1.2.2 (git 2.25.0) at 2025-04-13 12:00:54 -0400