aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2013-11-22 12:57:35 -0500
committerLinus Torvalds <torvalds@linux-foundation.org>2013-11-22 12:57:35 -0500
commitd2c2ad54c485e7ebca5c0b7e4a7b2c56103fda38 (patch)
tree4918ea1f5c640fd4f1a5134cc50a6cb8bd0c700e
parent7fa850ab4fc992717b3cc6284d3445c88978ca7e (diff)
parent9d8506cc2d7ea1f911c72c100193a3677f6668c3 (diff)
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networking fixes from David Miller: 1) Fix memory leaks and other issues in mwifiex driver, from Amitkumar Karwar. 2) skb_segment() can choke on packets using frag lists, fix from Herbert Xu with help from Eric Dumazet and others. 3) IPv4 output cached route instantiation properly handles races involving two threads trying to install the same route, but we forgot to propagate this logic to input routes as well. Fix from Alexei Starovoitov. 4) Put protections in place to make sure that recvmsg() paths never accidently copy uninitialized memory back into userspace and also make sure that we never try to use more that sockaddr_storage for building the on-kernel-stack copy of a sockaddr. Fixes from Hannes Frederic Sowa. 5) R8152 driver transmit flow bug fixes from Hayes Wang. 6) Fix some minor fallouts from genetlink changes, from Johannes Berg and Michael Opdenacker. 7) AF_PACKET sendmsg path can race with netdevice unregister notifier, fix by using RCU to make sure the network device doesn't go away from under us. Fix from Daniel Borkmann. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (43 commits) gso: handle new frag_list of frags GRO packets genetlink: fix genl_set_err() group ID genetlink: fix genlmsg_multicast() bug packet: fix use after free race in send path when dev is released xen-netback: stop the VIF thread before unbinding IRQs wimax: remove dead code net/phy: Add the autocross feature for forced links on VSC82x4 net/phy: Add VSC8662 support net/phy: Add VSC8574 support net/phy: Add VSC8234 support net: add BUG_ON if kernel advertises msg_namelen > sizeof(struct sockaddr_storage) net: rework recvmsg handler msg_name and msg_namelen logic bridge: flush br's address entry in fdb when remove the net: core: Always propagate flag changes to interfaces ipv4: fix race in concurrent ip_route_input_slow() r8152: fix incorrect type in assignment r8152: support stopping/waking tx queue r8152: modify the tx flow r8152: fix tx/rx memory overflow netfilter: ebt_ip6: fix source and destination matching ...
Diffstat
-rw-r--r--crypto/algif_hash.c2
-rw-r--r--crypto/algif_skcipher.c1
-rw-r--r--drivers/isdn/mISDN/socket.c13
-rw-r--r--drivers/net/phy/phy_device.c4
-rw-r--r--drivers/net/phy/vitesse.c117
-rw-r--r--drivers/net/ppp/pppoe.c2
-rw-r--r--drivers/net/usb/r8152.c114
-rw-r--r--drivers/net/wireless/ath/ath9k/ar9003_phy.c50
-rw-r--r--drivers/net/wireless/ath/ath9k/ar9003_phy.h11
-rw-r--r--drivers/net/wireless/ath/ath9k/ar9462_2p1_initvals.h6
-rw-r--r--drivers/net/wireless/ath/regd.c3
-rw-r--r--drivers/net/wireless/brcm80211/brcmfmac/p2p.c1
-rw-r--r--drivers/net/wireless/mwifiex/cfg80211.c23
-rw-r--r--drivers/net/wireless/mwifiex/main.c28
-rw-r--r--drivers/net/wireless/mwifiex/pcie.c2
-rw-r--r--drivers/net/wireless/mwifiex/sdio.c7
-rw-r--r--drivers/net/wireless/mwifiex/usb.c27
-rw-r--r--drivers/net/wireless/rt2x00/rt2x00dev.c3
-rw-r--r--drivers/net/wireless/rtlwifi/rtl8192cu/mac.c6
-rw-r--r--drivers/net/wireless/rtlwifi/rtl8192cu/trx.c6
-rw-r--r--drivers/net/xen-netback/interface.c6
-rw-r--r--include/linux/net.h8
-rw-r--r--include/linux/phy.h1
-rw-r--r--include/net/genetlink.h8
-rw-r--r--net/appletalk/ddp.c16
-rw-r--r--net/atm/common.c2
-rw-r--r--net/ax25/af_ax25.c4
-rw-r--r--net/bluetooth/af_bluetooth.c9
-rw-r--r--net/bluetooth/hci_sock.c2
-rw-r--r--net/bluetooth/l2cap_core.c3
-rw-r--r--net/bluetooth/rfcomm/core.c3
-rw-r--r--net/bluetooth/rfcomm/sock.c7
-rw-r--r--net/bluetooth/sco.c1
-rw-r--r--net/bluetooth/smp.c3
-rw-r--r--net/bridge/br_if.c2
-rw-r--r--net/bridge/netfilter/ebt_ip6.c8
-rw-r--r--net/caif/caif_socket.c4
-rw-r--r--net/compat.c3
-rw-r--r--net/core/dev.c2
-rw-r--r--net/core/iovec.c3
-rw-r--r--net/core/skbuff.c75
-rw-r--r--net/ipv4/netfilter/ipt_SYNPROXY.c1
-rw-r--r--net/ipv4/route.c8
-rw-r--r--net/ipv6/netfilter/ip6t_SYNPROXY.c1
-rw-r--r--net/ipx/af_ipx.c3
-rw-r--r--net/irda/af_irda.c4
-rw-r--r--net/iucv/af_iucv.c2
-rw-r--r--net/key/af_key.c1
-rw-r--r--net/l2tp/l2tp_ppp.c2
-rw-r--r--net/llc/af_llc.c2
-rw-r--r--net/netfilter/Kconfig2
-rw-r--r--net/netfilter/nf_conntrack_core.c3
-rw-r--r--net/netfilter/nf_conntrack_seqadj.c4
-rw-r--r--net/netfilter/nf_synproxy_core.c7
-rw-r--r--net/netfilter/nft_compat.c19
-rw-r--r--net/netlink/af_netlink.c2
-rw-r--r--net/netlink/genetlink.c4
-rw-r--r--net/netrom/af_netrom.c3
-rw-r--r--net/nfc/llcp_sock.c2
-rw-r--r--net/nfc/rawsock.c2
-rw-r--r--net/packet/af_packet.c91
-rw-r--r--net/packet/internal.h1
-rw-r--r--net/rds/recv.c2
-rw-r--r--net/rose/af_rose.c8
-rw-r--r--net/rxrpc/ar-recvmsg.c9
-rw-r--r--net/socket.c22
-rw-r--r--net/tipc/socket.c6
-rw-r--r--net/unix/af_unix.c5
-rw-r--r--net/vmw_vsock/af_vsock.c2
-rw-r--r--net/vmw_vsock/vmci_transport.c2
-rw-r--r--net/wimax/stack.c1
-rw-r--r--net/x25/af_x25.c3
72 files changed, 504 insertions, 316 deletions
diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c
index 0262210cad38..ef5356cd280a 100644
--- a/crypto/algif_hash.c
+++ b/crypto/algif_hash.c
@@ -161,8 +161,6 @@ static int hash_recvmsg(struct kiocb *unused, struct socket *sock,
161 else if (len < ds) 161 else if (len < ds)
162 msg->msg_flags |= MSG_TRUNC; 162 msg->msg_flags |= MSG_TRUNC;
163 163
164 msg->msg_namelen = 0;
165
166 lock_sock(sk); 164 lock_sock(sk);
167 if (ctx->more) { 165 if (ctx->more) {
168 ctx->more = 0; 166 ctx->more = 0;
diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c
index a1c4f0a55583..6a6dfc062d2a 100644
--- a/crypto/algif_skcipher.c
+++ b/crypto/algif_skcipher.c
@@ -432,7 +432,6 @@ static int skcipher_recvmsg(struct kiocb *unused, struct socket *sock,
432 long copied = 0; 432 long copied = 0;
433 433
434 lock_sock(sk); 434 lock_sock(sk);
435 msg->msg_namelen = 0;
436 for (iov = msg->msg_iov, iovlen = msg->msg_iovlen; iovlen > 0; 435 for (iov = msg->msg_iov, iovlen = msg->msg_iovlen; iovlen > 0;
437 iovlen--, iov++) { 436 iovlen--, iov++) {
438 unsigned long seglen = iov->iov_len; 437 unsigned long seglen = iov->iov_len;
diff --git a/drivers/isdn/mISDN/socket.c b/drivers/isdn/mISDN/socket.c
index e47dcb9d1e91..5cefb479c707 100644
--- a/drivers/isdn/mISDN/socket.c
+++ b/drivers/isdn/mISDN/socket.c
@@ -117,7 +117,6 @@ mISDN_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
117{ 117{
118 struct sk_buff *skb; 118 struct sk_buff *skb;
119 struct sock *sk = sock->sk; 119 struct sock *sk = sock->sk;
120 struct sockaddr_mISDN *maddr;
121 120
122 int copied, err; 121 int copied, err;
123 122
@@ -135,9 +134,9 @@ mISDN_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
135 if (!skb) 134 if (!skb)
136 return err; 135 return err;
137 136
138 if (msg->msg_namelen >= sizeof(struct sockaddr_mISDN)) { 137 if (msg->msg_name) {
139 msg->msg_namelen = sizeof(struct sockaddr_mISDN); 138 struct sockaddr_mISDN *maddr = msg->msg_name;
140 maddr = (struct sockaddr_mISDN *)msg->msg_name; 139
141 maddr->family = AF_ISDN; 140 maddr->family = AF_ISDN;
142 maddr->dev = _pms(sk)->dev->id; 141 maddr->dev = _pms(sk)->dev->id;
143 if ((sk->sk_protocol == ISDN_P_LAPD_TE) || 142 if ((sk->sk_protocol == ISDN_P_LAPD_TE) ||
@@ -150,11 +149,7 @@ mISDN_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
150 maddr->sapi = _pms(sk)->ch.addr & 0xFF; 149 maddr->sapi = _pms(sk)->ch.addr & 0xFF;
151 maddr->tei = (_pms(sk)->ch.addr >> 8) & 0xFF; 150 maddr->tei = (_pms(sk)->ch.addr >> 8) & 0xFF;
152 } 151 }
153 } else { 152 msg->msg_namelen = sizeof(*maddr);
154 if (msg->msg_namelen)
155 printk(KERN_WARNING "%s: too small namelen %d\n",
156 __func__, msg->msg_namelen);
157 msg->msg_namelen = 0;
158 } 153 }
159 154
160 copied = skb->len + MISDN_HEADER_LEN; 155 copied = skb->len + MISDN_HEADER_LEN;
diff --git a/drivers/net/phy/phy_device.c b/drivers/net/phy/phy_device.c
index 74630e94fa3b..d6447b3f7409 100644
--- a/drivers/net/phy/phy_device.c
+++ b/drivers/net/phy/phy_device.c
@@ -697,7 +697,7 @@ static int genphy_config_advert(struct phy_device *phydev)
697 * to the values in phydev. Assumes that the values are valid. 697 * to the values in phydev. Assumes that the values are valid.
698 * Please see phy_sanitize_settings(). 698 * Please see phy_sanitize_settings().
699 */ 699 */
700static int genphy_setup_forced(struct phy_device *phydev) 700int genphy_setup_forced(struct phy_device *phydev)
701{ 701{
702 int err; 702 int err;
703 int ctl = 0; 703 int ctl = 0;
@@ -716,7 +716,7 @@ static int genphy_setup_forced(struct phy_device *phydev)
716 716
717 return err; 717 return err;
718} 718}
719 719EXPORT_SYMBOL(genphy_setup_forced);
720 720
721/** 721/**
722 * genphy_restart_aneg - Enable and Restart Autonegotiation 722 * genphy_restart_aneg - Enable and Restart Autonegotiation
diff --git a/drivers/net/phy/vitesse.c b/drivers/net/phy/vitesse.c
index 69b482bce7d2..508e4359338b 100644
--- a/drivers/net/phy/vitesse.c
+++ b/drivers/net/phy/vitesse.c
@@ -3,7 +3,7 @@
3 * 3 *
4 * Author: Kriston Carson 4 * Author: Kriston Carson
5 * 5 *
6 * Copyright (c) 2005, 2009 Freescale Semiconductor, Inc. 6 * Copyright (c) 2005, 2009, 2011 Freescale Semiconductor, Inc.
7 * 7 *
8 * This program is free software; you can redistribute it and/or modify it 8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the 9 * under the terms of the GNU General Public License as published by the
@@ -18,6 +18,11 @@
18#include <linux/ethtool.h> 18#include <linux/ethtool.h>
19#include <linux/phy.h> 19#include <linux/phy.h>
20 20
21/* Vitesse Extended Page Magic Register(s) */
22#define MII_VSC82X4_EXT_PAGE_16E 0x10
23#define MII_VSC82X4_EXT_PAGE_17E 0x11
24#define MII_VSC82X4_EXT_PAGE_18E 0x12
25
21/* Vitesse Extended Control Register 1 */ 26/* Vitesse Extended Control Register 1 */
22#define MII_VSC8244_EXT_CON1 0x17 27#define MII_VSC8244_EXT_CON1 0x17
23#define MII_VSC8244_EXTCON1_INIT 0x0000 28#define MII_VSC8244_EXTCON1_INIT 0x0000
@@ -54,7 +59,13 @@
54#define MII_VSC8221_AUXCONSTAT_INIT 0x0004 /* need to set this bit? */ 59#define MII_VSC8221_AUXCONSTAT_INIT 0x0004 /* need to set this bit? */
55#define MII_VSC8221_AUXCONSTAT_RESERVED 0x0004 60#define MII_VSC8221_AUXCONSTAT_RESERVED 0x0004
56 61
62/* Vitesse Extended Page Access Register */
63#define MII_VSC82X4_EXT_PAGE_ACCESS 0x1f
64
65#define PHY_ID_VSC8234 0x000fc620
57#define PHY_ID_VSC8244 0x000fc6c0 66#define PHY_ID_VSC8244 0x000fc6c0
67#define PHY_ID_VSC8574 0x000704a0
68#define PHY_ID_VSC8662 0x00070660
58#define PHY_ID_VSC8221 0x000fc550 69#define PHY_ID_VSC8221 0x000fc550
59#define PHY_ID_VSC8211 0x000fc4b0 70#define PHY_ID_VSC8211 0x000fc4b0
60 71
@@ -118,7 +129,9 @@ static int vsc82xx_config_intr(struct phy_device *phydev)
118 129
119 if (phydev->interrupts == PHY_INTERRUPT_ENABLED) 130 if (phydev->interrupts == PHY_INTERRUPT_ENABLED)
120 err = phy_write(phydev, MII_VSC8244_IMASK, 131 err = phy_write(phydev, MII_VSC8244_IMASK,
121 phydev->drv->phy_id == PHY_ID_VSC8244 ? 132 (phydev->drv->phy_id == PHY_ID_VSC8234 ||
133 phydev->drv->phy_id == PHY_ID_VSC8244 ||
134 phydev->drv->phy_id == PHY_ID_VSC8574) ?
122 MII_VSC8244_IMASK_MASK : 135 MII_VSC8244_IMASK_MASK :
123 MII_VSC8221_IMASK_MASK); 136 MII_VSC8221_IMASK_MASK);
124 else { 137 else {
@@ -149,21 +162,114 @@ static int vsc8221_config_init(struct phy_device *phydev)
149 */ 162 */
150} 163}
151 164
152/* Vitesse 824x */ 165/* vsc82x4_config_autocross_enable - Enable auto MDI/MDI-X for forced links
166 * @phydev: target phy_device struct
167 *
168 * Enable auto MDI/MDI-X when in 10/100 forced link speeds by writing
169 * special values in the VSC8234/VSC8244 extended reserved registers
170 */
171static int vsc82x4_config_autocross_enable(struct phy_device *phydev)
172{
173 int ret;
174
175 if (phydev->autoneg == AUTONEG_ENABLE || phydev->speed > SPEED_100)
176 return 0;
177
178 /* map extended registers set 0x10 - 0x1e */
179 ret = phy_write(phydev, MII_VSC82X4_EXT_PAGE_ACCESS, 0x52b5);
180 if (ret >= 0)
181 ret = phy_write(phydev, MII_VSC82X4_EXT_PAGE_18E, 0x0012);
182 if (ret >= 0)
183 ret = phy_write(phydev, MII_VSC82X4_EXT_PAGE_17E, 0x2803);
184 if (ret >= 0)
185 ret = phy_write(phydev, MII_VSC82X4_EXT_PAGE_16E, 0x87fa);
186 /* map standard registers set 0x10 - 0x1e */
187 if (ret >= 0)
188 ret = phy_write(phydev, MII_VSC82X4_EXT_PAGE_ACCESS, 0x0000);
189 else
190 phy_write(phydev, MII_VSC82X4_EXT_PAGE_ACCESS, 0x0000);
191
192 return ret;
193}
194
195/* vsc82x4_config_aneg - restart auto-negotiation or write BMCR
196 * @phydev: target phy_device struct
197 *
198 * Description: If auto-negotiation is enabled, we configure the
199 * advertising, and then restart auto-negotiation. If it is not
200 * enabled, then we write the BMCR and also start the auto
201 * MDI/MDI-X feature
202 */
203static int vsc82x4_config_aneg(struct phy_device *phydev)
204{
205 int ret;
206
207 /* Enable auto MDI/MDI-X when in 10/100 forced link speeds by
208 * writing special values in the VSC8234 extended reserved registers
209 */
210 if (phydev->autoneg != AUTONEG_ENABLE && phydev->speed <= SPEED_100) {
211 ret = genphy_setup_forced(phydev);
212
213 if (ret < 0) /* error */
214 return ret;
215
216 return vsc82x4_config_autocross_enable(phydev);
217 }
218
219 return genphy_config_aneg(phydev);
220}
221
222/* Vitesse 82xx */
153static struct phy_driver vsc82xx_driver[] = { 223static struct phy_driver vsc82xx_driver[] = {
154{ 224{
225 .phy_id = PHY_ID_VSC8234,
226 .name = "Vitesse VSC8234",
227 .phy_id_mask = 0x000ffff0,
228 .features = PHY_GBIT_FEATURES,
229 .flags = PHY_HAS_INTERRUPT,
230 .config_init = &vsc824x_config_init,
231 .config_aneg = &vsc82x4_config_aneg,
232 .read_status = &genphy_read_status,
233 .ack_interrupt = &vsc824x_ack_interrupt,
234 .config_intr = &vsc82xx_config_intr,
235 .driver = { .owner = THIS_MODULE,},
236}, {
155 .phy_id = PHY_ID_VSC8244, 237 .phy_id = PHY_ID_VSC8244,
156 .name = "Vitesse VSC8244", 238 .name = "Vitesse VSC8244",
157 .phy_id_mask = 0x000fffc0, 239 .phy_id_mask = 0x000fffc0,
158 .features = PHY_GBIT_FEATURES, 240 .features = PHY_GBIT_FEATURES,
159 .flags = PHY_HAS_INTERRUPT, 241 .flags = PHY_HAS_INTERRUPT,
160 .config_init = &vsc824x_config_init, 242 .config_init = &vsc824x_config_init,
161 .config_aneg = &genphy_config_aneg, 243 .config_aneg = &vsc82x4_config_aneg,
162 .read_status = &genphy_read_status, 244 .read_status = &genphy_read_status,
163 .ack_interrupt = &vsc824x_ack_interrupt, 245 .ack_interrupt = &vsc824x_ack_interrupt,
164 .config_intr = &vsc82xx_config_intr, 246 .config_intr = &vsc82xx_config_intr,
165 .driver = { .owner = THIS_MODULE,}, 247 .driver = { .owner = THIS_MODULE,},
166}, { 248}, {
249 .phy_id = PHY_ID_VSC8574,
250 .name = "Vitesse VSC8574",
251 .phy_id_mask = 0x000ffff0,
252 .features = PHY_GBIT_FEATURES,
253 .flags = PHY_HAS_INTERRUPT,
254 .config_init = &vsc824x_config_init,
255 .config_aneg = &vsc82x4_config_aneg,
256 .read_status = &genphy_read_status,
257 .ack_interrupt = &vsc824x_ack_interrupt,
258 .config_intr = &vsc82xx_config_intr,
259 .driver = { .owner = THIS_MODULE,},
260}, {
261 .phy_id = PHY_ID_VSC8662,
262 .name = "Vitesse VSC8662",
263 .phy_id_mask = 0x000ffff0,
264 .features = PHY_GBIT_FEATURES,
265 .flags = PHY_HAS_INTERRUPT,
266 .config_init = &vsc824x_config_init,
267 .config_aneg = &vsc82x4_config_aneg,
268 .read_status = &genphy_read_status,
269 .ack_interrupt = &vsc824x_ack_interrupt,
270 .config_intr = &vsc82xx_config_intr,
271 .driver = { .owner = THIS_MODULE,},
272}, {
167 /* Vitesse 8221 */ 273 /* Vitesse 8221 */
168 .phy_id = PHY_ID_VSC8221, 274 .phy_id = PHY_ID_VSC8221,
169 .phy_id_mask = 0x000ffff0, 275 .phy_id_mask = 0x000ffff0,
@@ -207,7 +313,10 @@ module_init(vsc82xx_init);
207module_exit(vsc82xx_exit); 313module_exit(vsc82xx_exit);
208 314
209static struct mdio_device_id __maybe_unused vitesse_tbl[] = { 315static struct mdio_device_id __maybe_unused vitesse_tbl[] = {
316 { PHY_ID_VSC8234, 0x000ffff0 },
210 { PHY_ID_VSC8244, 0x000fffc0 }, 317 { PHY_ID_VSC8244, 0x000fffc0 },
318 { PHY_ID_VSC8574, 0x000ffff0 },
319 { PHY_ID_VSC8662, 0x000ffff0 },
211 { PHY_ID_VSC8221, 0x000ffff0 }, 320 { PHY_ID_VSC8221, 0x000ffff0 },
212 { PHY_ID_VSC8211, 0x000ffff0 }, 321 { PHY_ID_VSC8211, 0x000ffff0 },
213 { } 322 { }
diff --git a/drivers/net/ppp/pppoe.c b/drivers/net/ppp/pppoe.c
index 5f66e30d9823..82ee6ed954cb 100644
--- a/drivers/net/ppp/pppoe.c
+++ b/drivers/net/ppp/pppoe.c
@@ -979,8 +979,6 @@ static int pppoe_recvmsg(struct kiocb *iocb, struct socket *sock,
979 if (error < 0) 979 if (error < 0)
980 goto end; 980 goto end;
981 981
982 m->msg_namelen = 0;
983
984 if (skb) { 982 if (skb) {
985 total_len = min_t(size_t, total_len, skb->len); 983 total_len = min_t(size_t, total_len, skb->len);
986 error = skb_copy_datagram_iovec(skb, 0, m->msg_iov, total_len); 984 error = skb_copy_datagram_iovec(skb, 0, m->msg_iov, total_len);
diff --git a/drivers/net/usb/r8152.c b/drivers/net/usb/r8152.c
index f3fce412c0c1..51073721e224 100644
--- a/drivers/net/usb/r8152.c
+++ b/drivers/net/usb/r8152.c
@@ -24,7 +24,7 @@
24#include <linux/ipv6.h> 24#include <linux/ipv6.h>
25 25
26/* Version Information */ 26/* Version Information */
27#define DRIVER_VERSION "v1.01.0 (2013/08/12)" 27#define DRIVER_VERSION "v1.02.0 (2013/10/28)"
28#define DRIVER_AUTHOR "Realtek linux nic maintainers <nic_swsd@realtek.com>" 28#define DRIVER_AUTHOR "Realtek linux nic maintainers <nic_swsd@realtek.com>"
29#define DRIVER_DESC "Realtek RTL8152 Based USB 2.0 Ethernet Adapters" 29#define DRIVER_DESC "Realtek RTL8152 Based USB 2.0 Ethernet Adapters"
30#define MODULENAME "r8152" 30#define MODULENAME "r8152"
@@ -307,22 +307,22 @@ enum rtl8152_flags {
307#define MCU_TYPE_USB 0x0000 307#define MCU_TYPE_USB 0x0000
308 308
309struct rx_desc { 309struct rx_desc {
310 u32 opts1; 310 __le32 opts1;
311#define RX_LEN_MASK 0x7fff 311#define RX_LEN_MASK 0x7fff
312 u32 opts2; 312 __le32 opts2;
313 u32 opts3; 313 __le32 opts3;
314 u32 opts4; 314 __le32 opts4;
315 u32 opts5; 315 __le32 opts5;
316 u32 opts6; 316 __le32 opts6;
317}; 317};
318 318
319struct tx_desc { 319struct tx_desc {
320 u32 opts1; 320 __le32 opts1;
321#define TX_FS (1 << 31) /* First segment of a packet */ 321#define TX_FS (1 << 31) /* First segment of a packet */
322#define TX_LS (1 << 30) /* Final segment of a packet */ 322#define TX_LS (1 << 30) /* Final segment of a packet */
323#define TX_LEN_MASK 0x3ffff 323#define TX_LEN_MASK 0x3ffff
324 324
325 u32 opts2; 325 __le32 opts2;
326#define UDP_CS (1 << 31) /* Calculate UDP/IP checksum */ 326#define UDP_CS (1 << 31) /* Calculate UDP/IP checksum */
327#define TCP_CS (1 << 30) /* Calculate TCP/IP checksum */ 327#define TCP_CS (1 << 30) /* Calculate TCP/IP checksum */
328#define IPV4_CS (1 << 29) /* Calculate IPv4 checksum */ 328#define IPV4_CS (1 << 29) /* Calculate IPv4 checksum */
@@ -365,6 +365,7 @@ struct r8152 {
365 struct mii_if_info mii; 365 struct mii_if_info mii;
366 int intr_interval; 366 int intr_interval;
367 u32 msg_enable; 367 u32 msg_enable;
368 u32 tx_qlen;
368 u16 ocp_base; 369 u16 ocp_base;
369 u8 *intr_buff; 370 u8 *intr_buff;
370 u8 version; 371 u8 version;
@@ -876,7 +877,7 @@ static void write_bulk_callback(struct urb *urb)
876static void intr_callback(struct urb *urb) 877static void intr_callback(struct urb *urb)
877{ 878{
878 struct r8152 *tp; 879 struct r8152 *tp;
879 __u16 *d; 880 __le16 *d;
880 int status = urb->status; 881 int status = urb->status;
881 int res; 882 int res;
882 883
@@ -1136,14 +1137,14 @@ r8152_tx_csum(struct r8152 *tp, struct tx_desc *desc, struct sk_buff *skb)
1136 1137
1137static int r8152_tx_agg_fill(struct r8152 *tp, struct tx_agg *agg) 1138static int r8152_tx_agg_fill(struct r8152 *tp, struct tx_agg *agg)
1138{ 1139{
1139 u32 remain; 1140 int remain;
1140 u8 *tx_data; 1141 u8 *tx_data;
1141 1142
1142 tx_data = agg->head; 1143 tx_data = agg->head;
1143 agg->skb_num = agg->skb_len = 0; 1144 agg->skb_num = agg->skb_len = 0;
1144 remain = rx_buf_sz - sizeof(struct tx_desc); 1145 remain = rx_buf_sz;
1145 1146
1146 while (remain >= ETH_ZLEN) { 1147 while (remain >= ETH_ZLEN + sizeof(struct tx_desc)) {
1147 struct tx_desc *tx_desc; 1148 struct tx_desc *tx_desc;
1148 struct sk_buff *skb; 1149 struct sk_buff *skb;
1149 unsigned int len; 1150 unsigned int len;
@@ -1152,12 +1153,14 @@ static int r8152_tx_agg_fill(struct r8152 *tp, struct tx_agg *agg)
1152 if (!skb) 1153 if (!skb)
1153 break; 1154 break;
1154 1155
1156 remain -= sizeof(*tx_desc);
1155 len = skb->len; 1157 len = skb->len;
1156 if (remain < len) { 1158 if (remain < len) {
1157 skb_queue_head(&tp->tx_queue, skb); 1159 skb_queue_head(&tp->tx_queue, skb);
1158 break; 1160 break;
1159 } 1161 }
1160 1162
1163 tx_data = tx_agg_align(tx_data);
1161 tx_desc = (struct tx_desc *)tx_data; 1164 tx_desc = (struct tx_desc *)tx_data;
1162 tx_data += sizeof(*tx_desc); 1165 tx_data += sizeof(*tx_desc);
1163 1166
@@ -1167,11 +1170,18 @@ static int r8152_tx_agg_fill(struct r8152 *tp, struct tx_agg *agg)
1167 agg->skb_len += len; 1170 agg->skb_len += len;
1168 dev_kfree_skb_any(skb); 1171 dev_kfree_skb_any(skb);
1169 1172
1170 tx_data = tx_agg_align(tx_data + len); 1173 tx_data += len;
1171 remain = rx_buf_sz - sizeof(*tx_desc) - 1174 remain = rx_buf_sz - (int)(tx_agg_align(tx_data) - agg->head);
1172 (u32)((void *)tx_data - agg->head);
1173 } 1175 }
1174 1176
1177 netif_tx_lock(tp->netdev);
1178
1179 if (netif_queue_stopped(tp->netdev) &&
1180 skb_queue_len(&tp->tx_queue) < tp->tx_qlen)
1181 netif_wake_queue(tp->netdev);
1182
1183 netif_tx_unlock(tp->netdev);
1184
1175 usb_fill_bulk_urb(agg->urb, tp->udev, usb_sndbulkpipe(tp->udev, 2), 1185 usb_fill_bulk_urb(agg->urb, tp->udev, usb_sndbulkpipe(tp->udev, 2),
1176 agg->head, (int)(tx_data - (u8 *)agg->head), 1186 agg->head, (int)(tx_data - (u8 *)agg->head),
1177 (usb_complete_t)write_bulk_callback, agg); 1187 (usb_complete_t)write_bulk_callback, agg);
@@ -1188,7 +1198,6 @@ static void rx_bottom(struct r8152 *tp)
1188 list_for_each_safe(cursor, next, &tp->rx_done) { 1198 list_for_each_safe(cursor, next, &tp->rx_done) {
1189 struct rx_desc *rx_desc; 1199 struct rx_desc *rx_desc;
1190 struct rx_agg *agg; 1200 struct rx_agg *agg;
1191 unsigned pkt_len;
1192 int len_used = 0; 1201 int len_used = 0;
1193 struct urb *urb; 1202 struct urb *urb;
1194 u8 *rx_data; 1203 u8 *rx_data;
@@ -1204,17 +1213,22 @@ static void rx_bottom(struct r8152 *tp)
1204 1213
1205 rx_desc = agg->head; 1214 rx_desc = agg->head;
1206 rx_data = agg->head; 1215 rx_data = agg->head;
1207 pkt_len = le32_to_cpu(rx_desc->opts1) & RX_LEN_MASK; 1216 len_used += sizeof(struct rx_desc);
1208 len_used += sizeof(struct rx_desc) + pkt_len;
1209 1217
1210 while (urb->actual_length >= len_used) { 1218 while (urb->actual_length > len_used) {
1211 struct net_device *netdev = tp->netdev; 1219 struct net_device *netdev = tp->netdev;
1212 struct net_device_stats *stats; 1220 struct net_device_stats *stats;
1221 unsigned int pkt_len;
1213 struct sk_buff *skb; 1222 struct sk_buff *skb;
1214 1223
1224 pkt_len = le32_to_cpu(rx_desc->opts1) & RX_LEN_MASK;
1215 if (pkt_len < ETH_ZLEN) 1225 if (pkt_len < ETH_ZLEN)
1216 break; 1226 break;
1217 1227
1228 len_used += pkt_len;
1229 if (urb->actual_length < len_used)
1230 break;
1231
1218 stats = rtl8152_get_stats(netdev); 1232 stats = rtl8152_get_stats(netdev);
1219 1233
1220 pkt_len -= 4; /* CRC */ 1234 pkt_len -= 4; /* CRC */
@@ -1234,9 +1248,8 @@ static void rx_bottom(struct r8152 *tp)
1234 1248
1235 rx_data = rx_agg_align(rx_data + pkt_len + 4); 1249 rx_data = rx_agg_align(rx_data + pkt_len + 4);
1236 rx_desc = (struct rx_desc *)rx_data; 1250 rx_desc = (struct rx_desc *)rx_data;
1237 pkt_len = le32_to_cpu(rx_desc->opts1) & RX_LEN_MASK;
1238 len_used = (int)(rx_data - (u8 *)agg->head); 1251 len_used = (int)(rx_data - (u8 *)agg->head);
1239 len_used += sizeof(struct rx_desc) + pkt_len; 1252 len_used += sizeof(struct rx_desc);
1240 } 1253 }
1241 1254
1242submit: 1255submit:
@@ -1384,53 +1397,17 @@ static netdev_tx_t rtl8152_start_xmit(struct sk_buff *skb,
1384 struct net_device *netdev) 1397 struct net_device *netdev)
1385{ 1398{
1386 struct r8152 *tp = netdev_priv(netdev); 1399 struct r8152 *tp = netdev_priv(netdev);
1387 struct net_device_stats *stats = rtl8152_get_stats(netdev);
1388 unsigned long flags;
1389 struct tx_agg *agg = NULL;
1390 struct tx_desc *tx_desc;
1391 unsigned int len;
1392 u8 *tx_data;
1393 int res;
1394 1400
1395 skb_tx_timestamp(skb); 1401 skb_tx_timestamp(skb);
1396 1402
1397 /* If tx_queue is not empty, it means at least one previous packt */ 1403 skb_queue_tail(&tp->tx_queue, skb);
1398 /* is waiting for sending. Don't send current one before it. */
1399 if (skb_queue_empty(&tp->tx_queue))
1400 agg = r8152_get_tx_agg(tp);
1401
1402 if (!agg) {
1403 skb_queue_tail(&tp->tx_queue, skb);
1404 return NETDEV_TX_OK;
1405 }
1406 1404
1407 tx_desc = (struct tx_desc *)agg->head; 1405 if (list_empty(&tp->tx_free) &&
1408 tx_data = agg->head + sizeof(*tx_desc); 1406 skb_queue_len(&tp->tx_queue) > tp->tx_qlen)
1409 agg->skb_num = agg->skb_len = 0; 1407 netif_stop_queue(netdev);
1410 1408
1411 len = skb->len; 1409 if (!list_empty(&tp->tx_free))
1412 r8152_tx_csum(tp, tx_desc, skb); 1410 tasklet_schedule(&tp->tl);
1413 memcpy(tx_data, skb->data, len);
1414 dev_kfree_skb_any(skb);
1415 agg->skb_num++;
1416 agg->skb_len += len;
1417 usb_fill_bulk_urb(agg->urb, tp->udev, usb_sndbulkpipe(tp->udev, 2),
1418 agg->head, len + sizeof(*tx_desc),
1419 (usb_complete_t)write_bulk_callback, agg);
1420 res = usb_submit_urb(agg->urb, GFP_ATOMIC);
1421 if (res) {
1422 /* Can we get/handle EPIPE here? */
1423 if (res == -ENODEV) {
1424 netif_device_detach(tp->netdev);
1425 } else {
1426 netif_warn(tp, tx_err, netdev,
1427 "failed tx_urb %d\n", res);
1428 stats->tx_dropped++;
1429 spin_lock_irqsave(&tp->tx_lock, flags);
1430 list_add_tail(&agg->list, &tp->tx_free);
1431 spin_unlock_irqrestore(&tp->tx_lock, flags);
1432 }
1433 }
1434 1411
1435 return NETDEV_TX_OK; 1412 return NETDEV_TX_OK;
1436} 1413}
@@ -1459,6 +1436,14 @@ static void rtl8152_nic_reset(struct r8152 *tp)
1459 } 1436 }
1460} 1437}
1461 1438
1439static void set_tx_qlen(struct r8152 *tp)
1440{
1441 struct net_device *netdev = tp->netdev;
1442
1443 tp->tx_qlen = rx_buf_sz / (netdev->mtu + VLAN_ETH_HLEN + VLAN_HLEN +
1444 sizeof(struct tx_desc));
1445}
1446
1462static inline u8 rtl8152_get_speed(struct r8152 *tp) 1447static inline u8 rtl8152_get_speed(struct r8152 *tp)
1463{ 1448{
1464 return ocp_read_byte(tp, MCU_TYPE_PLA, PLA_PHYSTATUS); 1449 return ocp_read_byte(tp, MCU_TYPE_PLA, PLA_PHYSTATUS);
@@ -1470,6 +1455,7 @@ static int rtl8152_enable(struct r8152 *tp)
1470 int i, ret; 1455 int i, ret;
1471 u8 speed; 1456 u8 speed;
1472 1457
1458 set_tx_qlen(tp);
1473 speed = rtl8152_get_speed(tp); 1459 speed = rtl8152_get_speed(tp);
1474 if (speed & _10bps) { 1460 if (speed & _10bps) {
1475 ocp_data = ocp_read_word(tp, MCU_TYPE_PLA, PLA_EEEP_CR); 1461 ocp_data = ocp_read_word(tp, MCU_TYPE_PLA, PLA_EEEP_CR);
diff --git a/drivers/net/wireless/ath/ath9k/ar9003_phy.c b/drivers/net/wireless/ath/ath9k/ar9003_phy.c
index 11f53589a3f3..d39b79f5e841 100644
--- a/drivers/net/wireless/ath/ath9k/ar9003_phy.c
+++ b/drivers/net/wireless/ath/ath9k/ar9003_phy.c
@@ -701,6 +701,54 @@ static int ar9550_hw_get_modes_txgain_index(struct ath_hw *ah,
701 return ret; 701 return ret;
702} 702}
703 703
704static void ar9003_doubler_fix(struct ath_hw *ah)
705{
706 if (AR_SREV_9300(ah) || AR_SREV_9580(ah) || AR_SREV_9550(ah)) {
707 REG_RMW(ah, AR_PHY_65NM_CH0_RXTX2,
708 1 << AR_PHY_65NM_CH0_RXTX2_SYNTHON_MASK_S |
709 1 << AR_PHY_65NM_CH0_RXTX2_SYNTHOVR_MASK_S, 0);
710 REG_RMW(ah, AR_PHY_65NM_CH1_RXTX2,
711 1 << AR_PHY_65NM_CH0_RXTX2_SYNTHON_MASK_S |
712 1 << AR_PHY_65NM_CH0_RXTX2_SYNTHOVR_MASK_S, 0);
713 REG_RMW(ah, AR_PHY_65NM_CH2_RXTX2,
714 1 << AR_PHY_65NM_CH0_RXTX2_SYNTHON_MASK_S |
715 1 << AR_PHY_65NM_CH0_RXTX2_SYNTHOVR_MASK_S, 0);
716
717 udelay(200);
718
719 REG_CLR_BIT(ah, AR_PHY_65NM_CH0_RXTX2,
720 AR_PHY_65NM_CH0_RXTX2_SYNTHON_MASK);
721 REG_CLR_BIT(ah, AR_PHY_65NM_CH1_RXTX2,
722 AR_PHY_65NM_CH0_RXTX2_SYNTHON_MASK);
723 REG_CLR_BIT(ah, AR_PHY_65NM_CH2_RXTX2,
724 AR_PHY_65NM_CH0_RXTX2_SYNTHON_MASK);
725
726 udelay(1);
727
728 REG_RMW_FIELD(ah, AR_PHY_65NM_CH0_RXTX2,
729 AR_PHY_65NM_CH0_RXTX2_SYNTHON_MASK, 1);
730 REG_RMW_FIELD(ah, AR_PHY_65NM_CH1_RXTX2,
731 AR_PHY_65NM_CH0_RXTX2_SYNTHON_MASK, 1);
732 REG_RMW_FIELD(ah, AR_PHY_65NM_CH2_RXTX2,
733 AR_PHY_65NM_CH0_RXTX2_SYNTHON_MASK, 1);
734
735 udelay(200);
736
737 REG_RMW_FIELD(ah, AR_PHY_65NM_CH0_SYNTH12,
738 AR_PHY_65NM_CH0_SYNTH12_VREFMUL3, 0xf);
739
740 REG_RMW(ah, AR_PHY_65NM_CH0_RXTX2, 0,
741 1 << AR_PHY_65NM_CH0_RXTX2_SYNTHON_MASK_S |
742 1 << AR_PHY_65NM_CH0_RXTX2_SYNTHOVR_MASK_S);
743 REG_RMW(ah, AR_PHY_65NM_CH1_RXTX2, 0,
744 1 << AR_PHY_65NM_CH0_RXTX2_SYNTHON_MASK_S |
745 1 << AR_PHY_65NM_CH0_RXTX2_SYNTHOVR_MASK_S);
746 REG_RMW(ah, AR_PHY_65NM_CH2_RXTX2, 0,
747 1 << AR_PHY_65NM_CH0_RXTX2_SYNTHON_MASK_S |
748 1 << AR_PHY_65NM_CH0_RXTX2_SYNTHOVR_MASK_S);
749 }
750}
751
704static int ar9003_hw_process_ini(struct ath_hw *ah, 752static int ar9003_hw_process_ini(struct ath_hw *ah,
705 struct ath9k_channel *chan) 753 struct ath9k_channel *chan)
706{ 754{
@@ -726,6 +774,8 @@ static int ar9003_hw_process_ini(struct ath_hw *ah,
726 modesIndex); 774 modesIndex);
727 } 775 }
728 776
777 ar9003_doubler_fix(ah);
778
729 /* 779 /*
730 * RXGAIN initvals. 780 * RXGAIN initvals.
731 */ 781 */
diff --git a/drivers/net/wireless/ath/ath9k/ar9003_phy.h b/drivers/net/wireless/ath/ath9k/ar9003_phy.h
index fca624322dc8..2af667beb273 100644
--- a/drivers/net/wireless/ath/ath9k/ar9003_phy.h
+++ b/drivers/net/wireless/ath/ath9k/ar9003_phy.h
@@ -656,13 +656,24 @@
656#define AR_PHY_SYNTH4_LONG_SHIFT_SELECT ((AR_SREV_9462(ah) || AR_SREV_9565(ah)) ? 0x00000001 : 0x00000002) 656#define AR_PHY_SYNTH4_LONG_SHIFT_SELECT ((AR_SREV_9462(ah) || AR_SREV_9565(ah)) ? 0x00000001 : 0x00000002)
657#define AR_PHY_SYNTH4_LONG_SHIFT_SELECT_S ((AR_SREV_9462(ah) || AR_SREV_9565(ah)) ? 0 : 1) 657#define AR_PHY_SYNTH4_LONG_SHIFT_SELECT_S ((AR_SREV_9462(ah) || AR_SREV_9565(ah)) ? 0 : 1)
658#define AR_PHY_65NM_CH0_SYNTH7 0x16098 658#define AR_PHY_65NM_CH0_SYNTH7 0x16098
659#define AR_PHY_65NM_CH0_SYNTH12 0x160ac
659#define AR_PHY_65NM_CH0_BIAS1 0x160c0 660#define AR_PHY_65NM_CH0_BIAS1 0x160c0
660#define AR_PHY_65NM_CH0_BIAS2 0x160c4 661#define AR_PHY_65NM_CH0_BIAS2 0x160c4
661#define AR_PHY_65NM_CH0_BIAS4 0x160cc 662#define AR_PHY_65NM_CH0_BIAS4 0x160cc
663#define AR_PHY_65NM_CH0_RXTX2 0x16104
664#define AR_PHY_65NM_CH1_RXTX2 0x16504
665#define AR_PHY_65NM_CH2_RXTX2 0x16904
662#define AR_PHY_65NM_CH0_RXTX4 0x1610c 666#define AR_PHY_65NM_CH0_RXTX4 0x1610c
663#define AR_PHY_65NM_CH1_RXTX4 0x1650c 667#define AR_PHY_65NM_CH1_RXTX4 0x1650c
664#define AR_PHY_65NM_CH2_RXTX4 0x1690c 668#define AR_PHY_65NM_CH2_RXTX4 0x1690c
665 669
670#define AR_PHY_65NM_CH0_SYNTH12_VREFMUL3 0x00780000
671#define AR_PHY_65NM_CH0_SYNTH12_VREFMUL3_S 19
672#define AR_PHY_65NM_CH0_RXTX2_SYNTHON_MASK 0x00000004
673#define AR_PHY_65NM_CH0_RXTX2_SYNTHON_MASK_S 2
674#define AR_PHY_65NM_CH0_RXTX2_SYNTHOVR_MASK 0x00000008
675#define AR_PHY_65NM_CH0_RXTX2_SYNTHOVR_MASK_S 3
676
666#define AR_CH0_TOP (AR_SREV_9300(ah) ? 0x16288 : \ 677#define AR_CH0_TOP (AR_SREV_9300(ah) ? 0x16288 : \
667 (((AR_SREV_9462(ah) || AR_SREV_9565(ah)) ? 0x1628c : 0x16280))) 678 (((AR_SREV_9462(ah) || AR_SREV_9565(ah)) ? 0x1628c : 0x16280)))
668#define AR_CH0_TOP_XPABIASLVL (AR_SREV_9550(ah) ? 0x3c0 : 0x300) 679#define AR_CH0_TOP_XPABIASLVL (AR_SREV_9550(ah) ? 0x3c0 : 0x300)
diff --git a/drivers/net/wireless/ath/ath9k/ar9462_2p1_initvals.h b/drivers/net/wireless/ath/ath9k/ar9462_2p1_initvals.h
index 4dbc294df7e3..57fc5f459d0a 100644
--- a/drivers/net/wireless/ath/ath9k/ar9462_2p1_initvals.h
+++ b/drivers/net/wireless/ath/ath9k/ar9462_2p1_initvals.h
@@ -361,7 +361,7 @@ static const u32 ar9462_2p1_baseband_postamble[][5] = {
361 {0x00009e14, 0x37b95d5e, 0x37b9605e, 0x3236605e, 0x32365a5e}, 361 {0x00009e14, 0x37b95d5e, 0x37b9605e, 0x3236605e, 0x32365a5e},
362 {0x00009e18, 0x00000000, 0x00000000, 0x00000000, 0x00000000}, 362 {0x00009e18, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
363 {0x00009e1c, 0x0001cf9c, 0x0001cf9c, 0x00021f9c, 0x00021f9c}, 363 {0x00009e1c, 0x0001cf9c, 0x0001cf9c, 0x00021f9c, 0x00021f9c},
364 {0x00009e20, 0x000003b5, 0x000003b5, 0x000003ce, 0x000003ce}, 364 {0x00009e20, 0x000003a5, 0x000003a5, 0x000003a5, 0x000003a5},
365 {0x00009e2c, 0x0000001c, 0x0000001c, 0x00000021, 0x00000021}, 365 {0x00009e2c, 0x0000001c, 0x0000001c, 0x00000021, 0x00000021},
366 {0x00009e3c, 0xcf946220, 0xcf946220, 0xcfd5c782, 0xcfd5c282}, 366 {0x00009e3c, 0xcf946220, 0xcf946220, 0xcfd5c782, 0xcfd5c282},
367 {0x00009e44, 0x62321e27, 0x62321e27, 0xfe291e27, 0xfe291e27}, 367 {0x00009e44, 0x62321e27, 0x62321e27, 0xfe291e27, 0xfe291e27},
@@ -400,7 +400,7 @@ static const u32 ar9462_2p1_baseband_postamble[][5] = {
400 {0x0000ae04, 0x001c0000, 0x001c0000, 0x001c0000, 0x00100000}, 400 {0x0000ae04, 0x001c0000, 0x001c0000, 0x001c0000, 0x00100000},
401 {0x0000ae18, 0x00000000, 0x00000000, 0x00000000, 0x00000000}, 401 {0x0000ae18, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
402 {0x0000ae1c, 0x0000019c, 0x0000019c, 0x0000019c, 0x0000019c}, 402 {0x0000ae1c, 0x0000019c, 0x0000019c, 0x0000019c, 0x0000019c},
403 {0x0000ae20, 0x000001b5, 0x000001b5, 0x000001ce, 0x000001ce}, 403 {0x0000ae20, 0x000001a6, 0x000001a6, 0x000001aa, 0x000001aa},
404 {0x0000b284, 0x00000000, 0x00000000, 0x00000550, 0x00000550}, 404 {0x0000b284, 0x00000000, 0x00000000, 0x00000550, 0x00000550},
405}; 405};
406 406
@@ -472,7 +472,7 @@ static const u32 ar9462_2p1_radio_postamble[][5] = {
472 472
473static const u32 ar9462_2p1_soc_preamble[][2] = { 473static const u32 ar9462_2p1_soc_preamble[][2] = {
474 /* Addr allmodes */ 474 /* Addr allmodes */
475 {0x000040a4, 0x00a0c1c9}, 475 {0x000040a4, 0x00a0c9c9},
476 {0x00007020, 0x00000000}, 476 {0x00007020, 0x00000000},
477 {0x00007034, 0x00000002}, 477 {0x00007034, 0x00000002},
478 {0x00007038, 0x000004c2}, 478 {0x00007038, 0x000004c2},
diff --git a/drivers/net/wireless/ath/regd.c b/drivers/net/wireless/ath/regd.c
index c00687e05688..1217c52ab28e 100644
--- a/drivers/net/wireless/ath/regd.c
+++ b/drivers/net/wireless/ath/regd.c
@@ -362,7 +362,8 @@ static int __ath_reg_dyn_country(struct wiphy *wiphy,
362{ 362{
363 u16 country_code; 363 u16 country_code;
364 364
365 if (!ath_is_world_regd(reg)) 365 if (request->initiator == NL80211_REGDOM_SET_BY_COUNTRY_IE &&
366 !ath_is_world_regd(reg))
366 return -EINVAL; 367 return -EINVAL;
367 368
368 country_code = ath_regd_find_country_by_name(request->alpha2); 369 country_code = ath_regd_find_country_by_name(request->alpha2);
diff --git a/drivers/net/wireless/brcm80211/brcmfmac/p2p.c b/drivers/net/wireless/brcm80211/brcmfmac/p2p.c
index 5b5b952d47b1..4a2293041821 100644
--- a/drivers/net/wireless/brcm80211/brcmfmac/p2p.c
+++ b/drivers/net/wireless/brcm80211/brcmfmac/p2p.c
@@ -823,6 +823,7 @@ static s32 brcmf_p2p_run_escan(struct brcmf_cfg80211_info *cfg,
823 } 823 }
824 err = brcmf_p2p_escan(p2p, num_nodfs, chanspecs, search_state, 824 err = brcmf_p2p_escan(p2p, num_nodfs, chanspecs, search_state,
825 action, P2PAPI_BSSCFG_DEVICE); 825 action, P2PAPI_BSSCFG_DEVICE);
826 kfree(chanspecs);
826 } 827 }
827exit: 828exit:
828 if (err) 829 if (err)
diff --git a/drivers/net/wireless/mwifiex/cfg80211.c b/drivers/net/wireless/mwifiex/cfg80211.c
index fbad00a5abc8..aeaea0e3b4c4 100644
--- a/drivers/net/wireless/mwifiex/cfg80211.c
+++ b/drivers/net/wireless/mwifiex/cfg80211.c
@@ -2210,8 +2210,10 @@ struct wireless_dev *mwifiex_add_virtual_intf(struct wiphy *wiphy,
2210 priv->bss_started = 0; 2210 priv->bss_started = 0;
2211 priv->bss_num = 0; 2211 priv->bss_num = 0;
2212 2212
2213 if (mwifiex_cfg80211_init_p2p_client(priv)) 2213 if (mwifiex_cfg80211_init_p2p_client(priv)) {
2214 return ERR_PTR(-EFAULT); 2214 wdev = ERR_PTR(-EFAULT);
2215 goto done;
2216 }
2215 2217
2216 break; 2218 break;
2217 default: 2219 default:
@@ -2224,7 +2226,8 @@ struct wireless_dev *mwifiex_add_virtual_intf(struct wiphy *wiphy,
2224 if (!dev) { 2226 if (!dev) {
2225 wiphy_err(wiphy, "no memory available for netdevice\n"); 2227 wiphy_err(wiphy, "no memory available for netdevice\n");
2226 priv->bss_mode = NL80211_IFTYPE_UNSPECIFIED; 2228 priv->bss_mode = NL80211_IFTYPE_UNSPECIFIED;
2227 return ERR_PTR(-ENOMEM); 2229 wdev = ERR_PTR(-ENOMEM);
2230 goto done;
2228 } 2231 }
2229 2232
2230 mwifiex_init_priv_params(priv, dev); 2233 mwifiex_init_priv_params(priv, dev);
@@ -2264,7 +2267,9 @@ struct wireless_dev *mwifiex_add_virtual_intf(struct wiphy *wiphy,
2264 wiphy_err(wiphy, "cannot register virtual network device\n"); 2267 wiphy_err(wiphy, "cannot register virtual network device\n");
2265 free_netdev(dev); 2268 free_netdev(dev);
2266 priv->bss_mode = NL80211_IFTYPE_UNSPECIFIED; 2269 priv->bss_mode = NL80211_IFTYPE_UNSPECIFIED;
2267 return ERR_PTR(-EFAULT); 2270 priv->netdev = NULL;
2271 wdev = ERR_PTR(-EFAULT);
2272 goto done;
2268 } 2273 }
2269 2274
2270 sema_init(&priv->async_sem, 1); 2275 sema_init(&priv->async_sem, 1);
@@ -2274,6 +2279,13 @@ struct wireless_dev *mwifiex_add_virtual_intf(struct wiphy *wiphy,
2274#ifdef CONFIG_DEBUG_FS 2279#ifdef CONFIG_DEBUG_FS
2275 mwifiex_dev_debugfs_init(priv); 2280 mwifiex_dev_debugfs_init(priv);
2276#endif 2281#endif
2282
2283done:
2284 if (IS_ERR(wdev)) {
2285 kfree(priv->wdev);
2286 priv->wdev = NULL;
2287 }
2288
2277 return wdev; 2289 return wdev;
2278} 2290}
2279EXPORT_SYMBOL_GPL(mwifiex_add_virtual_intf); 2291EXPORT_SYMBOL_GPL(mwifiex_add_virtual_intf);
@@ -2298,7 +2310,10 @@ int mwifiex_del_virtual_intf(struct wiphy *wiphy, struct wireless_dev *wdev)
2298 unregister_netdevice(wdev->netdev); 2310 unregister_netdevice(wdev->netdev);
2299 2311
2300 /* Clear the priv in adapter */ 2312 /* Clear the priv in adapter */
2313 priv->netdev->ieee80211_ptr = NULL;
2301 priv->netdev = NULL; 2314 priv->netdev = NULL;
2315 kfree(wdev);
2316 priv->wdev = NULL;
2302 2317
2303 priv->media_connected = false; 2318 priv->media_connected = false;
2304 2319
diff --git a/drivers/net/wireless/mwifiex/main.c b/drivers/net/wireless/mwifiex/main.c
index 9d7c9d354d34..78e8a6666cc6 100644
--- a/drivers/net/wireless/mwifiex/main.c
+++ b/drivers/net/wireless/mwifiex/main.c
@@ -411,13 +411,14 @@ static void mwifiex_terminate_workqueue(struct mwifiex_adapter *adapter)
411 */ 411 */
412static void mwifiex_fw_dpc(const struct firmware *firmware, void *context) 412static void mwifiex_fw_dpc(const struct firmware *firmware, void *context)
413{ 413{
414 int ret, i; 414 int ret;
415 char fmt[64]; 415 char fmt[64];
416 struct mwifiex_private *priv; 416 struct mwifiex_private *priv;
417 struct mwifiex_adapter *adapter = context; 417 struct mwifiex_adapter *adapter = context;
418 struct mwifiex_fw_image fw; 418 struct mwifiex_fw_image fw;
419 struct semaphore *sem = adapter->card_sem; 419 struct semaphore *sem = adapter->card_sem;
420 bool init_failed = false; 420 bool init_failed = false;
421 struct wireless_dev *wdev;
421 422
422 if (!firmware) { 423 if (!firmware) {
423 dev_err(adapter->dev, 424 dev_err(adapter->dev,
@@ -469,14 +470,16 @@ static void mwifiex_fw_dpc(const struct firmware *firmware, void *context)
469 priv = adapter->priv[MWIFIEX_BSS_ROLE_STA]; 470 priv = adapter->priv[MWIFIEX_BSS_ROLE_STA];
470 if (mwifiex_register_cfg80211(adapter)) { 471 if (mwifiex_register_cfg80211(adapter)) {
471 dev_err(adapter->dev, "cannot register with cfg80211\n"); 472 dev_err(adapter->dev, "cannot register with cfg80211\n");
472 goto err_register_cfg80211; 473 goto err_init_fw;
473 } 474 }
474 475
475 rtnl_lock(); 476 rtnl_lock();
476 /* Create station interface by default */ 477 /* Create station interface by default */
477 if (!mwifiex_add_virtual_intf(adapter->wiphy, "mlan%d", 478 wdev = mwifiex_add_virtual_intf(adapter->wiphy, "mlan%d",
478 NL80211_IFTYPE_STATION, NULL, NULL)) { 479 NL80211_IFTYPE_STATION, NULL, NULL);
480 if (IS_ERR(wdev)) {
479 dev_err(adapter->dev, "cannot create default STA interface\n"); 481 dev_err(adapter->dev, "cannot create default STA interface\n");
482 rtnl_unlock();
480 goto err_add_intf; 483 goto err_add_intf;
481 } 484 }
482 rtnl_unlock(); 485 rtnl_unlock();
@@ -486,17 +489,6 @@ static void mwifiex_fw_dpc(const struct firmware *firmware, void *context)
486 goto done; 489 goto done;
487 490
488err_add_intf: 491err_add_intf:
489 for (i = 0; i < adapter->priv_num; i++) {
490 priv = adapter->priv[i];
491
492 if (!priv)
493 continue;
494
495 if (priv->wdev && priv->netdev)
496 mwifiex_del_virtual_intf(adapter->wiphy, priv->wdev);
497 }
498 rtnl_unlock();
499err_register_cfg80211:
500 wiphy_unregister(adapter->wiphy); 492 wiphy_unregister(adapter->wiphy);
501 wiphy_free(adapter->wiphy); 493 wiphy_free(adapter->wiphy);
502err_init_fw: 494err_init_fw:
@@ -1006,12 +998,6 @@ int mwifiex_remove_card(struct mwifiex_adapter *adapter, struct semaphore *sem)
1006 wiphy_unregister(priv->wdev->wiphy); 998 wiphy_unregister(priv->wdev->wiphy);
1007 wiphy_free(priv->wdev->wiphy); 999 wiphy_free(priv->wdev->wiphy);
1008 1000
1009 for (i = 0; i < adapter->priv_num; i++) {
1010 priv = adapter->priv[i];
1011 if (priv)
1012 kfree(priv->wdev);
1013 }
1014
1015 mwifiex_terminate_workqueue(adapter); 1001 mwifiex_terminate_workqueue(adapter);
1016 1002
1017 /* Unregister device */ 1003 /* Unregister device */
diff --git a/drivers/net/wireless/mwifiex/pcie.c b/drivers/net/wireless/mwifiex/pcie.c
index 33fa9432b241..03688aa14e8a 100644
--- a/drivers/net/wireless/mwifiex/pcie.c
+++ b/drivers/net/wireless/mwifiex/pcie.c
@@ -232,7 +232,6 @@ static void mwifiex_pcie_remove(struct pci_dev *pdev)
232 } 232 }
233 233
234 mwifiex_remove_card(card->adapter, &add_remove_card_sem); 234 mwifiex_remove_card(card->adapter, &add_remove_card_sem);
235 kfree(card);
236} 235}
237 236
238static void mwifiex_pcie_shutdown(struct pci_dev *pdev) 237static void mwifiex_pcie_shutdown(struct pci_dev *pdev)
@@ -2313,6 +2312,7 @@ static void mwifiex_pcie_cleanup(struct mwifiex_adapter *adapter)
2313 pci_release_region(pdev, 0); 2312 pci_release_region(pdev, 0);
2314 pci_set_drvdata(pdev, NULL); 2313 pci_set_drvdata(pdev, NULL);
2315 } 2314 }
2315 kfree(card);
2316} 2316}
2317 2317
2318/* 2318/*
diff --git a/drivers/net/wireless/mwifiex/sdio.c b/drivers/net/wireless/mwifiex/sdio.c
index 9bf8898743ab..b44a31523461 100644
--- a/drivers/net/wireless/mwifiex/sdio.c
+++ b/drivers/net/wireless/mwifiex/sdio.c
@@ -196,7 +196,6 @@ mwifiex_sdio_remove(struct sdio_func *func)
196 } 196 }
197 197
198 mwifiex_remove_card(card->adapter, &add_remove_card_sem); 198 mwifiex_remove_card(card->adapter, &add_remove_card_sem);
199 kfree(card);
200} 199}
201 200
202/* 201/*
@@ -1745,7 +1744,6 @@ mwifiex_unregister_dev(struct mwifiex_adapter *adapter)
1745 sdio_claim_host(card->func); 1744 sdio_claim_host(card->func);
1746 sdio_disable_func(card->func); 1745 sdio_disable_func(card->func);
1747 sdio_release_host(card->func); 1746 sdio_release_host(card->func);
1748 sdio_set_drvdata(card->func, NULL);
1749 } 1747 }
1750} 1748}
1751 1749
@@ -1773,7 +1771,6 @@ static int mwifiex_register_dev(struct mwifiex_adapter *adapter)
1773 return ret; 1771 return ret;
1774 } 1772 }
1775 1773
1776 sdio_set_drvdata(func, card);
1777 1774
1778 adapter->dev = &func->dev; 1775 adapter->dev = &func->dev;
1779 1776
@@ -1801,6 +1798,8 @@ static int mwifiex_init_sdio(struct mwifiex_adapter *adapter)
1801 int ret; 1798 int ret;
1802 u8 sdio_ireg; 1799 u8 sdio_ireg;
1803 1800
1801 sdio_set_drvdata(card->func, card);
1802
1804 /* 1803 /*
1805 * Read the HOST_INT_STATUS_REG for ACK the first interrupt got 1804 * Read the HOST_INT_STATUS_REG for ACK the first interrupt got
1806 * from the bootloader. If we don't do this we get a interrupt 1805 * from the bootloader. If we don't do this we get a interrupt
@@ -1883,6 +1882,8 @@ static void mwifiex_cleanup_sdio(struct mwifiex_adapter *adapter)
1883 kfree(card->mpa_rx.len_arr); 1882 kfree(card->mpa_rx.len_arr);
1884 kfree(card->mpa_tx.buf); 1883 kfree(card->mpa_tx.buf);
1885 kfree(card->mpa_rx.buf); 1884 kfree(card->mpa_rx.buf);
1885 sdio_set_drvdata(card->func, NULL);
1886 kfree(card);
1886} 1887}
1887 1888
1888/* 1889/*
diff --git a/drivers/net/wireless/mwifiex/usb.c b/drivers/net/wireless/mwifiex/usb.c
index 1c70b8d09227..edf5b7a24900 100644
--- a/drivers/net/wireless/mwifiex/usb.c
+++ b/drivers/net/wireless/mwifiex/usb.c
@@ -350,7 +350,6 @@ static int mwifiex_usb_probe(struct usb_interface *intf,
350 350
351 card->udev = udev; 351 card->udev = udev;
352 card->intf = intf; 352 card->intf = intf;
353 usb_card = card;
354 353
355 pr_debug("info: bcdUSB=%#x Device Class=%#x SubClass=%#x Protocol=%#x\n", 354 pr_debug("info: bcdUSB=%#x Device Class=%#x SubClass=%#x Protocol=%#x\n",
356 udev->descriptor.bcdUSB, udev->descriptor.bDeviceClass, 355 udev->descriptor.bcdUSB, udev->descriptor.bDeviceClass,
@@ -525,25 +524,28 @@ static int mwifiex_usb_resume(struct usb_interface *intf)
525static void mwifiex_usb_disconnect(struct usb_interface *intf) 524static void mwifiex_usb_disconnect(struct usb_interface *intf)
526{ 525{
527 struct usb_card_rec *card = usb_get_intfdata(intf); 526 struct usb_card_rec *card = usb_get_intfdata(intf);
528 struct mwifiex_adapter *adapter;
529 527
530 if (!card || !card->adapter) { 528 if (!card) {
531 pr_err("%s: card or card->adapter is NULL\n", __func__); 529 pr_err("%s: card is NULL\n", __func__);
532 return; 530 return;
533 } 531 }
534 532
535 adapter = card->adapter;
536 if (!adapter->priv_num)
537 return;
538
539 mwifiex_usb_free(card); 533 mwifiex_usb_free(card);
540 534
541 dev_dbg(adapter->dev, "%s: removing card\n", __func__); 535 if (card->adapter) {
542 mwifiex_remove_card(adapter, &add_remove_card_sem); 536 struct mwifiex_adapter *adapter = card->adapter;
537
538 if (!adapter->priv_num)
539 return;
540
541 dev_dbg(adapter->dev, "%s: removing card\n", __func__);
542 mwifiex_remove_card(adapter, &add_remove_card_sem);
543 }
543 544
544 usb_set_intfdata(intf, NULL); 545 usb_set_intfdata(intf, NULL);
545 usb_put_dev(interface_to_usbdev(intf)); 546 usb_put_dev(interface_to_usbdev(intf));
546 kfree(card); 547 kfree(card);
548 usb_card = NULL;
547 549
548 return; 550 return;
549} 551}
@@ -754,6 +756,7 @@ static int mwifiex_register_dev(struct mwifiex_adapter *adapter)
754 card->adapter = adapter; 756 card->adapter = adapter;
755 adapter->dev = &card->udev->dev; 757 adapter->dev = &card->udev->dev;
756 strcpy(adapter->fw_name, USB8797_DEFAULT_FW_NAME); 758 strcpy(adapter->fw_name, USB8797_DEFAULT_FW_NAME);
759 usb_card = card;
757 760
758 return 0; 761 return 0;
759} 762}
@@ -762,7 +765,7 @@ static void mwifiex_unregister_dev(struct mwifiex_adapter *adapter)
762{ 765{
763 struct usb_card_rec *card = (struct usb_card_rec *)adapter->card; 766 struct usb_card_rec *card = (struct usb_card_rec *)adapter->card;
764 767
765 usb_set_intfdata(card->intf, NULL); 768 card->adapter = NULL;
766} 769}
767 770
768static int mwifiex_prog_fw_w_helper(struct mwifiex_adapter *adapter, 771static int mwifiex_prog_fw_w_helper(struct mwifiex_adapter *adapter,
@@ -1004,7 +1007,7 @@ static void mwifiex_usb_cleanup_module(void)
1004 if (!down_interruptible(&add_remove_card_sem)) 1007 if (!down_interruptible(&add_remove_card_sem))
1005 up(&add_remove_card_sem); 1008 up(&add_remove_card_sem);
1006 1009
1007 if (usb_card) { 1010 if (usb_card && usb_card->adapter) {
1008 struct mwifiex_adapter *adapter = usb_card->adapter; 1011 struct mwifiex_adapter *adapter = usb_card->adapter;
1009 int i; 1012 int i;
1010 1013
diff --git a/drivers/net/wireless/rt2x00/rt2x00dev.c b/drivers/net/wireless/rt2x00/rt2x00dev.c
index 080b1fcae5fa..9dd92a700442 100644
--- a/drivers/net/wireless/rt2x00/rt2x00dev.c
+++ b/drivers/net/wireless/rt2x00/rt2x00dev.c
@@ -181,6 +181,7 @@ static void rt2x00lib_autowakeup(struct work_struct *work)
181static void rt2x00lib_bc_buffer_iter(void *data, u8 *mac, 181static void rt2x00lib_bc_buffer_iter(void *data, u8 *mac,
182 struct ieee80211_vif *vif) 182 struct ieee80211_vif *vif)
183{ 183{
184 struct ieee80211_tx_control control = {};
184 struct rt2x00_dev *rt2x00dev = data; 185 struct rt2x00_dev *rt2x00dev = data;
185 struct sk_buff *skb; 186 struct sk_buff *skb;
186 187
@@ -195,7 +196,7 @@ static void rt2x00lib_bc_buffer_iter(void *data, u8 *mac,
195 */ 196 */
196 skb = ieee80211_get_buffered_bc(rt2x00dev->hw, vif); 197 skb = ieee80211_get_buffered_bc(rt2x00dev->hw, vif);
197 while (skb) { 198 while (skb) {
198 rt2x00mac_tx(rt2x00dev->hw, NULL, skb); 199 rt2x00mac_tx(rt2x00dev->hw, &control, skb);
199 skb = ieee80211_get_buffered_bc(rt2x00dev->hw, vif); 200 skb = ieee80211_get_buffered_bc(rt2x00dev->hw, vif);
200 } 201 }
201} 202}
diff --git a/drivers/net/wireless/rtlwifi/rtl8192cu/mac.c b/drivers/net/wireless/rtlwifi/rtl8192cu/mac.c
index 393685390f3e..e26312fb4356 100644
--- a/drivers/net/wireless/rtlwifi/rtl8192cu/mac.c
+++ b/drivers/net/wireless/rtlwifi/rtl8192cu/mac.c
@@ -769,7 +769,7 @@ static long _rtl92c_signal_scale_mapping(struct ieee80211_hw *hw,
769 769
770static void _rtl92c_query_rxphystatus(struct ieee80211_hw *hw, 770static void _rtl92c_query_rxphystatus(struct ieee80211_hw *hw,
771 struct rtl_stats *pstats, 771 struct rtl_stats *pstats,
772 struct rx_desc_92c *pdesc, 772 struct rx_desc_92c *p_desc,
773 struct rx_fwinfo_92c *p_drvinfo, 773 struct rx_fwinfo_92c *p_drvinfo,
774 bool packet_match_bssid, 774 bool packet_match_bssid,
775 bool packet_toself, 775 bool packet_toself,
@@ -784,11 +784,11 @@ static void _rtl92c_query_rxphystatus(struct ieee80211_hw *hw,
784 u32 rssi, total_rssi = 0; 784 u32 rssi, total_rssi = 0;
785 bool in_powersavemode = false; 785 bool in_powersavemode = false;
786 bool is_cck_rate; 786 bool is_cck_rate;
787 u8 *pdesc = (u8 *)p_desc;
787 788
788 is_cck_rate = RX_HAL_IS_CCK_RATE(pdesc); 789 is_cck_rate = RX_HAL_IS_CCK_RATE(p_desc);
789 pstats->packet_matchbssid = packet_match_bssid; 790 pstats->packet_matchbssid = packet_match_bssid;
790 pstats->packet_toself = packet_toself; 791 pstats->packet_toself = packet_toself;
791 pstats->is_cck = is_cck_rate;
792 pstats->packet_beacon = packet_beacon; 792 pstats->packet_beacon = packet_beacon;
793 pstats->is_cck = is_cck_rate; 793 pstats->is_cck = is_cck_rate;
794 pstats->RX_SIGQ[0] = -1; 794 pstats->RX_SIGQ[0] = -1;
diff --git a/drivers/net/wireless/rtlwifi/rtl8192cu/trx.c b/drivers/net/wireless/rtlwifi/rtl8192cu/trx.c
index b0c346a9e4b8..1bc21ccfa71b 100644
--- a/drivers/net/wireless/rtlwifi/rtl8192cu/trx.c
+++ b/drivers/net/wireless/rtlwifi/rtl8192cu/trx.c
@@ -303,10 +303,10 @@ out:
303bool rtl92cu_rx_query_desc(struct ieee80211_hw *hw, 303bool rtl92cu_rx_query_desc(struct ieee80211_hw *hw,
304 struct rtl_stats *stats, 304 struct rtl_stats *stats,
305 struct ieee80211_rx_status *rx_status, 305 struct ieee80211_rx_status *rx_status,
306 u8 *p_desc, struct sk_buff *skb) 306 u8 *pdesc, struct sk_buff *skb)
307{ 307{
308 struct rx_fwinfo_92c *p_drvinfo; 308 struct rx_fwinfo_92c *p_drvinfo;
309 struct rx_desc_92c *pdesc = (struct rx_desc_92c *)p_desc; 309 struct rx_desc_92c *p_desc = (struct rx_desc_92c *)pdesc;
310 u32 phystatus = GET_RX_DESC_PHY_STATUS(pdesc); 310 u32 phystatus = GET_RX_DESC_PHY_STATUS(pdesc);
311 311
312 stats->length = (u16) GET_RX_DESC_PKT_LEN(pdesc); 312 stats->length = (u16) GET_RX_DESC_PKT_LEN(pdesc);
@@ -345,7 +345,7 @@ bool rtl92cu_rx_query_desc(struct ieee80211_hw *hw,
345 if (phystatus) { 345 if (phystatus) {
346 p_drvinfo = (struct rx_fwinfo_92c *)(skb->data + 346 p_drvinfo = (struct rx_fwinfo_92c *)(skb->data +
347 stats->rx_bufshift); 347 stats->rx_bufshift);
348 rtl92c_translate_rx_signal_stuff(hw, skb, stats, pdesc, 348 rtl92c_translate_rx_signal_stuff(hw, skb, stats, p_desc,
349 p_drvinfo); 349 p_drvinfo);
350 } 350 }
351 /*rx_status->qual = stats->signal; */ 351 /*rx_status->qual = stats->signal; */
diff --git a/drivers/net/xen-netback/interface.c b/drivers/net/xen-netback/interface.c
index b78ee10a956a..2329cccf1fa6 100644
--- a/drivers/net/xen-netback/interface.c
+++ b/drivers/net/xen-netback/interface.c
@@ -461,6 +461,9 @@ void xenvif_disconnect(struct xenvif *vif)
461 if (netif_carrier_ok(vif->dev)) 461 if (netif_carrier_ok(vif->dev))
462 xenvif_carrier_off(vif); 462 xenvif_carrier_off(vif);
463 463
464 if (vif->task)
465 kthread_stop(vif->task);
466
464 if (vif->tx_irq) { 467 if (vif->tx_irq) {
465 if (vif->tx_irq == vif->rx_irq) 468 if (vif->tx_irq == vif->rx_irq)
466 unbind_from_irqhandler(vif->tx_irq, vif); 469 unbind_from_irqhandler(vif->tx_irq, vif);
@@ -471,9 +474,6 @@ void xenvif_disconnect(struct xenvif *vif)
471 vif->tx_irq = 0; 474 vif->tx_irq = 0;
472 } 475 }
473 476
474 if (vif->task)
475 kthread_stop(vif->task);
476
477 xenvif_unmap_frontend_rings(vif); 477 xenvif_unmap_frontend_rings(vif);
478} 478}
479 479
diff --git a/include/linux/net.h b/include/linux/net.h
index b292a0435571..4bcee94cef93 100644
--- a/include/linux/net.h
+++ b/include/linux/net.h
@@ -164,6 +164,14 @@ struct proto_ops {
164#endif 164#endif
165 int (*sendmsg) (struct kiocb *iocb, struct socket *sock, 165 int (*sendmsg) (struct kiocb *iocb, struct socket *sock,
166 struct msghdr *m, size_t total_len); 166 struct msghdr *m, size_t total_len);
167 /* Notes for implementing recvmsg:
168 * ===============================
169 * msg->msg_namelen should get updated by the recvmsg handlers
170 * iff msg_name != NULL. It is by default 0 to prevent
171 * returning uninitialized memory to user space. The recvfrom
172 * handlers can assume that msg.msg_name is either NULL or has
173 * a minimum size of sizeof(struct sockaddr_storage).
174 */
167 int (*recvmsg) (struct kiocb *iocb, struct socket *sock, 175 int (*recvmsg) (struct kiocb *iocb, struct socket *sock,
168 struct msghdr *m, size_t total_len, 176 struct msghdr *m, size_t total_len,
169 int flags); 177 int flags);
diff --git a/include/linux/phy.h b/include/linux/phy.h
index 64ab823f7b74..48a4dc3cb8cf 100644
--- a/include/linux/phy.h
+++ b/include/linux/phy.h
@@ -559,6 +559,7 @@ static inline int phy_read_status(struct phy_device *phydev) {
559 return phydev->drv->read_status(phydev); 559 return phydev->drv->read_status(phydev);
560} 560}
561 561
562int genphy_setup_forced(struct phy_device *phydev);
562int genphy_restart_aneg(struct phy_device *phydev); 563int genphy_restart_aneg(struct phy_device *phydev);
563int genphy_config_aneg(struct phy_device *phydev); 564int genphy_config_aneg(struct phy_device *phydev);
564int genphy_update_link(struct phy_device *phydev); 565int genphy_update_link(struct phy_device *phydev);
diff --git a/include/net/genetlink.h b/include/net/genetlink.h
index ace4abf118d7..1b177ed803b7 100644
--- a/include/net/genetlink.h
+++ b/include/net/genetlink.h
@@ -265,7 +265,7 @@ static inline int genlmsg_multicast_netns(struct genl_family *family,
265 struct net *net, struct sk_buff *skb, 265 struct net *net, struct sk_buff *skb,
266 u32 portid, unsigned int group, gfp_t flags) 266 u32 portid, unsigned int group, gfp_t flags)
267{ 267{
268 if (group >= family->n_mcgrps) 268 if (WARN_ON_ONCE(group >= family->n_mcgrps))
269 return -EINVAL; 269 return -EINVAL;
270 group = family->mcgrp_offset + group; 270 group = family->mcgrp_offset + group;
271 return nlmsg_multicast(net->genl_sock, skb, portid, group, flags); 271 return nlmsg_multicast(net->genl_sock, skb, portid, group, flags);
@@ -283,9 +283,6 @@ static inline int genlmsg_multicast(struct genl_family *family,
283 struct sk_buff *skb, u32 portid, 283 struct sk_buff *skb, u32 portid,
284 unsigned int group, gfp_t flags) 284 unsigned int group, gfp_t flags)
285{ 285{
286 if (group >= family->n_mcgrps)
287 return -EINVAL;
288 group = family->mcgrp_offset + group;
289 return genlmsg_multicast_netns(family, &init_net, skb, 286 return genlmsg_multicast_netns(family, &init_net, skb,
290 portid, group, flags); 287 portid, group, flags);
291} 288}
@@ -387,6 +384,9 @@ static inline struct sk_buff *genlmsg_new(size_t payload, gfp_t flags)
387static inline int genl_set_err(struct genl_family *family, struct net *net, 384static inline int genl_set_err(struct genl_family *family, struct net *net,
388 u32 portid, u32 group, int code) 385 u32 portid, u32 group, int code)
389{ 386{
387 if (WARN_ON_ONCE(group >= family->n_mcgrps))
388 return -EINVAL;
389 group = family->mcgrp_offset + group;
390 return netlink_set_err(net->genl_sock, portid, group, code); 390 return netlink_set_err(net->genl_sock, portid, group, code);
391} 391}
392 392
diff --git a/net/appletalk/ddp.c b/net/appletalk/ddp.c
index 7fee50d637f9..7d424ac6e760 100644
--- a/net/appletalk/ddp.c
+++ b/net/appletalk/ddp.c
@@ -1735,7 +1735,6 @@ static int atalk_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr
1735 size_t size, int flags) 1735 size_t size, int flags)
1736{ 1736{
1737 struct sock *sk = sock->sk; 1737 struct sock *sk = sock->sk;
1738 struct sockaddr_at *sat = (struct sockaddr_at *)msg->msg_name;
1739 struct ddpehdr *ddp; 1738 struct ddpehdr *ddp;
1740 int copied = 0; 1739 int copied = 0;
1741 int offset = 0; 1740 int offset = 0;
@@ -1764,14 +1763,13 @@ static int atalk_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr
1764 } 1763 }
1765 err = skb_copy_datagram_iovec(skb, offset, msg->msg_iov, copied); 1764 err = skb_copy_datagram_iovec(skb, offset, msg->msg_iov, copied);
1766 1765
1767 if (!err) { 1766 if (!err && msg->msg_name) {
1768 if (sat) { 1767 struct sockaddr_at *sat = msg->msg_name;
1769 sat->sat_family = AF_APPLETALK; 1768 sat->sat_family = AF_APPLETALK;
1770 sat->sat_port = ddp->deh_sport; 1769 sat->sat_port = ddp->deh_sport;
1771 sat->sat_addr.s_node = ddp->deh_snode; 1770 sat->sat_addr.s_node = ddp->deh_snode;
1772 sat->sat_addr.s_net = ddp->deh_snet; 1771 sat->sat_addr.s_net = ddp->deh_snet;
1773 } 1772 msg->msg_namelen = sizeof(*sat);
1774 msg->msg_namelen = sizeof(*sat);
1775 } 1773 }
1776 1774
1777 skb_free_datagram(sk, skb); /* Free the datagram. */ 1775 skb_free_datagram(sk, skb); /* Free the datagram. */
diff --git a/net/atm/common.c b/net/atm/common.c
index 737bef59ce89..7b491006eaf4 100644
--- a/net/atm/common.c
+++ b/net/atm/common.c
@@ -531,8 +531,6 @@ int vcc_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg,
531 struct sk_buff *skb; 531 struct sk_buff *skb;
532 int copied, error = -EINVAL; 532 int copied, error = -EINVAL;
533 533
534 msg->msg_namelen = 0;
535
536 if (sock->state != SS_CONNECTED) 534 if (sock->state != SS_CONNECTED)
537 return -ENOTCONN; 535 return -ENOTCONN;
538 536
diff --git a/net/ax25/af_ax25.c b/net/ax25/af_ax25.c
index a00123ebb0ae..7bb1605bdfd9 100644
--- a/net/ax25/af_ax25.c
+++ b/net/ax25/af_ax25.c
@@ -1636,11 +1636,11 @@ static int ax25_recvmsg(struct kiocb *iocb, struct socket *sock,
1636 1636
1637 skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); 1637 skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
1638 1638
1639 if (msg->msg_namelen != 0) { 1639 if (msg->msg_name) {
1640 struct sockaddr_ax25 *sax = (struct sockaddr_ax25 *)msg->msg_name;
1641 ax25_digi digi; 1640 ax25_digi digi;
1642 ax25_address src; 1641 ax25_address src;
1643 const unsigned char *mac = skb_mac_header(skb); 1642 const unsigned char *mac = skb_mac_header(skb);
1643 struct sockaddr_ax25 *sax = msg->msg_name;
1644 1644
1645 memset(sax, 0, sizeof(struct full_sockaddr_ax25)); 1645 memset(sax, 0, sizeof(struct full_sockaddr_ax25));
1646 ax25_addr_parse(mac + 1, skb->data - mac - 1, &src, NULL, 1646 ax25_addr_parse(mac + 1, skb->data - mac - 1, &src, NULL,
diff --git a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c
index f6a1671ea2ff..56ca494621c6 100644
--- a/net/bluetooth/af_bluetooth.c
+++ b/net/bluetooth/af_bluetooth.c
@@ -224,10 +224,9 @@ int bt_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
224 224
225 skb = skb_recv_datagram(sk, flags, noblock, &err); 225 skb = skb_recv_datagram(sk, flags, noblock, &err);
226 if (!skb) { 226 if (!skb) {
227 if (sk->sk_shutdown & RCV_SHUTDOWN) { 227 if (sk->sk_shutdown & RCV_SHUTDOWN)
228 msg->msg_namelen = 0;
229 return 0; 228 return 0;
230 } 229
231 return err; 230 return err;
232 } 231 }
233 232
@@ -245,8 +244,6 @@ int bt_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
245 if (bt_sk(sk)->skb_msg_name) 244 if (bt_sk(sk)->skb_msg_name)
246 bt_sk(sk)->skb_msg_name(skb, msg->msg_name, 245 bt_sk(sk)->skb_msg_name(skb, msg->msg_name,
247 &msg->msg_namelen); 246 &msg->msg_namelen);
248 else
249 msg->msg_namelen = 0;
250 } 247 }
251 248
252 skb_free_datagram(sk, skb); 249 skb_free_datagram(sk, skb);
@@ -295,8 +292,6 @@ int bt_sock_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
295 if (flags & MSG_OOB) 292 if (flags & MSG_OOB)
296 return -EOPNOTSUPP; 293 return -EOPNOTSUPP;
297 294
298 msg->msg_namelen = 0;
299
300 BT_DBG("sk %p size %zu", sk, size); 295 BT_DBG("sk %p size %zu", sk, size);
301 296
302 lock_sock(sk); 297 lock_sock(sk);
diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c
index 71f0be173080..6a6c8bb4fd72 100644
--- a/net/bluetooth/hci_sock.c
+++ b/net/bluetooth/hci_sock.c
@@ -856,8 +856,6 @@ static int hci_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
856 if (!skb) 856 if (!skb)
857 return err; 857 return err;
858 858
859 msg->msg_namelen = 0;
860
861 copied = skb->len; 859 copied = skb->len;
862 if (len < copied) { 860 if (len < copied) {
863 msg->msg_flags |= MSG_TRUNC; 861 msg->msg_flags |= MSG_TRUNC;
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index 0cef67707838..4af3821df880 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -2439,6 +2439,9 @@ int l2cap_chan_send(struct l2cap_chan *chan, struct msghdr *msg, size_t len,
2439 int err; 2439 int err;
2440 struct sk_buff_head seg_queue; 2440 struct sk_buff_head seg_queue;
2441 2441
2442 if (!chan->conn)
2443 return -ENOTCONN;
2444
2442 /* Connectionless channel */ 2445 /* Connectionless channel */
2443 if (chan->chan_type == L2CAP_CHAN_CONN_LESS) { 2446 if (chan->chan_type == L2CAP_CHAN_CONN_LESS) {
2444 skb = l2cap_create_connless_pdu(chan, msg, len, priority); 2447 skb = l2cap_create_connless_pdu(chan, msg, len, priority);
diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c
index 94d06cbfbc18..facd8a79c038 100644
--- a/net/bluetooth/rfcomm/core.c
+++ b/net/bluetooth/rfcomm/core.c
@@ -694,6 +694,7 @@ static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
694 addr.l2_family = AF_BLUETOOTH; 694 addr.l2_family = AF_BLUETOOTH;
695 addr.l2_psm = 0; 695 addr.l2_psm = 0;
696 addr.l2_cid = 0; 696 addr.l2_cid = 0;
697 addr.l2_bdaddr_type = BDADDR_BREDR;
697 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr)); 698 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
698 if (*err < 0) 699 if (*err < 0)
699 goto failed; 700 goto failed;
@@ -719,6 +720,7 @@ static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
719 addr.l2_family = AF_BLUETOOTH; 720 addr.l2_family = AF_BLUETOOTH;
720 addr.l2_psm = __constant_cpu_to_le16(RFCOMM_PSM); 721 addr.l2_psm = __constant_cpu_to_le16(RFCOMM_PSM);
721 addr.l2_cid = 0; 722 addr.l2_cid = 0;
723 addr.l2_bdaddr_type = BDADDR_BREDR;
722 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK); 724 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
723 if (*err == 0 || *err == -EINPROGRESS) 725 if (*err == 0 || *err == -EINPROGRESS)
724 return s; 726 return s;
@@ -1983,6 +1985,7 @@ static int rfcomm_add_listener(bdaddr_t *ba)
1983 addr.l2_family = AF_BLUETOOTH; 1985 addr.l2_family = AF_BLUETOOTH;
1984 addr.l2_psm = __constant_cpu_to_le16(RFCOMM_PSM); 1986 addr.l2_psm = __constant_cpu_to_le16(RFCOMM_PSM);
1985 addr.l2_cid = 0; 1987 addr.l2_cid = 0;
1988 addr.l2_bdaddr_type = BDADDR_BREDR;
1986 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr)); 1989 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1987 if (err < 0) { 1990 if (err < 0) {
1988 BT_ERR("Bind failed %d", err); 1991 BT_ERR("Bind failed %d", err);
diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c
index c4d3d423f89b..3c2d3e4aa2f5 100644
--- a/net/bluetooth/rfcomm/sock.c
+++ b/net/bluetooth/rfcomm/sock.c
@@ -615,7 +615,6 @@ static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
615 615
616 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { 616 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
617 rfcomm_dlc_accept(d); 617 rfcomm_dlc_accept(d);
618 msg->msg_namelen = 0;
619 return 0; 618 return 0;
620 } 619 }
621 620
@@ -739,8 +738,9 @@ static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, c
739static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) 738static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
740{ 739{
741 struct sock *sk = sock->sk; 740 struct sock *sk = sock->sk;
741 struct sock *l2cap_sk;
742 struct l2cap_conn *conn;
742 struct rfcomm_conninfo cinfo; 743 struct rfcomm_conninfo cinfo;
743 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
744 int len, err = 0; 744 int len, err = 0;
745 u32 opt; 745 u32 opt;
746 746
@@ -783,6 +783,9 @@ static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __u
783 break; 783 break;
784 } 784 }
785 785
786 l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk;
787 conn = l2cap_pi(l2cap_sk)->chan->conn;
788
786 memset(&cinfo, 0, sizeof(cinfo)); 789 memset(&cinfo, 0, sizeof(cinfo));
787 cinfo.hci_handle = conn->hcon->handle; 790 cinfo.hci_handle = conn->hcon->handle;
788 memcpy(cinfo.dev_class, conn->hcon->dev_class, 3); 791 memcpy(cinfo.dev_class, conn->hcon->dev_class, 3);
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index 12a0e51e21e1..24fa3964b3c8 100644
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -711,7 +711,6 @@ static int sco_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
711 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 711 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
712 sco_conn_defer_accept(pi->conn->hcon, pi->setting); 712 sco_conn_defer_accept(pi->conn->hcon, pi->setting);
713 sk->sk_state = BT_CONFIG; 713 sk->sk_state = BT_CONFIG;
714 msg->msg_namelen = 0;
715 714
716 release_sock(sk); 715 release_sock(sk);
717 return 0; 716 return 0;
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index 85a2796cac61..4b07acb8293c 100644
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -742,6 +742,9 @@ static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
742 742
743 BT_DBG("conn %p", conn); 743 BT_DBG("conn %p", conn);
744 744
745 if (!(conn->hcon->link_mode & HCI_LM_MASTER))
746 return SMP_CMD_NOTSUPP;
747
745 hcon->pending_sec_level = authreq_to_seclevel(rp->auth_req); 748 hcon->pending_sec_level = authreq_to_seclevel(rp->auth_req);
746 749
747 if (smp_ltk_encrypt(conn, hcon->pending_sec_level)) 750 if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
diff --git a/net/bridge/br_if.c b/net/bridge/br_if.c
index 6e6194fcd88e..4bf02adb5dc2 100644
--- a/net/bridge/br_if.c
+++ b/net/bridge/br_if.c
@@ -172,6 +172,8 @@ void br_dev_delete(struct net_device *dev, struct list_head *head)
172 del_nbp(p); 172 del_nbp(p);
173 } 173 }
174 174
175 br_fdb_delete_by_port(br, NULL, 1);
176
175 br_vlan_flush(br); 177 br_vlan_flush(br);
176 del_timer_sync(&br->gc_timer); 178 del_timer_sync(&br->gc_timer);
177 179
diff --git a/net/bridge/netfilter/ebt_ip6.c b/net/bridge/netfilter/ebt_ip6.c
index 99c85668f551..17fd5f2cb4b8 100644
--- a/net/bridge/netfilter/ebt_ip6.c
+++ b/net/bridge/netfilter/ebt_ip6.c
@@ -48,10 +48,12 @@ ebt_ip6_mt(const struct sk_buff *skb, struct xt_action_param *par)
48 if (info->bitmask & EBT_IP6_TCLASS && 48 if (info->bitmask & EBT_IP6_TCLASS &&
49 FWINV(info->tclass != ipv6_get_dsfield(ih6), EBT_IP6_TCLASS)) 49 FWINV(info->tclass != ipv6_get_dsfield(ih6), EBT_IP6_TCLASS))
50 return false; 50 return false;
51 if (FWINV(ipv6_masked_addr_cmp(&ih6->saddr, &info->smsk, 51 if ((info->bitmask & EBT_IP6_SOURCE &&
52 &info->saddr), EBT_IP6_SOURCE) || 52 FWINV(ipv6_masked_addr_cmp(&ih6->saddr, &info->smsk,
53 &info->saddr), EBT_IP6_SOURCE)) ||
54 (info->bitmask & EBT_IP6_DEST &&
53 FWINV(ipv6_masked_addr_cmp(&ih6->daddr, &info->dmsk, 55 FWINV(ipv6_masked_addr_cmp(&ih6->daddr, &info->dmsk,
54 &info->daddr), EBT_IP6_DEST)) 56 &info->daddr), EBT_IP6_DEST)))
55 return false; 57 return false;
56 if (info->bitmask & EBT_IP6_PROTO) { 58 if (info->bitmask & EBT_IP6_PROTO) {
57 uint8_t nexthdr = ih6->nexthdr; 59 uint8_t nexthdr = ih6->nexthdr;
diff --git a/net/caif/caif_socket.c b/net/caif/caif_socket.c
index 05a41c7ec304..d6be3edb7a43 100644
--- a/net/caif/caif_socket.c
+++ b/net/caif/caif_socket.c
@@ -286,8 +286,6 @@ static int caif_seqpkt_recvmsg(struct kiocb *iocb, struct socket *sock,
286 if (m->msg_flags&MSG_OOB) 286 if (m->msg_flags&MSG_OOB)
287 goto read_error; 287 goto read_error;
288 288
289 m->msg_namelen = 0;
290
291 skb = skb_recv_datagram(sk, flags, 0 , &ret); 289 skb = skb_recv_datagram(sk, flags, 0 , &ret);
292 if (!skb) 290 if (!skb)
293 goto read_error; 291 goto read_error;
@@ -361,8 +359,6 @@ static int caif_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
361 if (flags&MSG_OOB) 359 if (flags&MSG_OOB)
362 goto out; 360 goto out;
363 361
364 msg->msg_namelen = 0;
365
366 /* 362 /*
367 * Lock the socket to prevent queue disordering 363 * Lock the socket to prevent queue disordering
368 * while sleeps in memcpy_tomsg 364 * while sleeps in memcpy_tomsg
diff --git a/net/compat.c b/net/compat.c
index 89032580bd1d..618c6a8a911b 100644
--- a/net/compat.c
+++ b/net/compat.c
@@ -93,7 +93,8 @@ int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov,
93 if (err < 0) 93 if (err < 0)
94 return err; 94 return err;
95 } 95 }
96 kern_msg->msg_name = kern_address; 96 if (kern_msg->msg_name)
97 kern_msg->msg_name = kern_address;
97 } else 98 } else
98 kern_msg->msg_name = NULL; 99 kern_msg->msg_name = NULL;
99 100
diff --git a/net/core/dev.c b/net/core/dev.c
index 7e00a7342ee6..ba3b7ea5ebb3 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -4996,7 +4996,7 @@ static void dev_change_rx_flags(struct net_device *dev, int flags)
4996{ 4996{
4997 const struct net_device_ops *ops = dev->netdev_ops; 4997 const struct net_device_ops *ops = dev->netdev_ops;
4998 4998
4999 if ((dev->flags & IFF_UP) && ops->ndo_change_rx_flags) 4999 if (ops->ndo_change_rx_flags)
5000 ops->ndo_change_rx_flags(dev, flags); 5000 ops->ndo_change_rx_flags(dev, flags);
5001} 5001}
5002 5002
diff --git a/net/core/iovec.c b/net/core/iovec.c
index 4cdb7c48dad6..b61869429f4c 100644
--- a/net/core/iovec.c
+++ b/net/core/iovec.c
@@ -48,7 +48,8 @@ int verify_iovec(struct msghdr *m, struct iovec *iov, struct sockaddr_storage *a
48 if (err < 0) 48 if (err < 0)
49 return err; 49 return err;
50 } 50 }
51 m->msg_name = address; 51 if (m->msg_name)
52 m->msg_name = address;
52 } else { 53 } else {
53 m->msg_name = NULL; 54 m->msg_name = NULL;
54 } 55 }
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 8cec1e6b844d..2718fed53d8c 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -2796,6 +2796,7 @@ struct sk_buff *skb_segment(struct sk_buff *skb, netdev_features_t features)
2796 struct sk_buff *segs = NULL; 2796 struct sk_buff *segs = NULL;
2797 struct sk_buff *tail = NULL; 2797 struct sk_buff *tail = NULL;
2798 struct sk_buff *fskb = skb_shinfo(skb)->frag_list; 2798 struct sk_buff *fskb = skb_shinfo(skb)->frag_list;
2799 skb_frag_t *skb_frag = skb_shinfo(skb)->frags;
2799 unsigned int mss = skb_shinfo(skb)->gso_size; 2800 unsigned int mss = skb_shinfo(skb)->gso_size;
2800 unsigned int doffset = skb->data - skb_mac_header(skb); 2801 unsigned int doffset = skb->data - skb_mac_header(skb);
2801 unsigned int offset = doffset; 2802 unsigned int offset = doffset;
@@ -2835,16 +2836,38 @@ struct sk_buff *skb_segment(struct sk_buff *skb, netdev_features_t features)
2835 if (hsize > len || !sg) 2836 if (hsize > len || !sg)
2836 hsize = len; 2837 hsize = len;
2837 2838
2838 if (!hsize && i >= nfrags) { 2839 if (!hsize && i >= nfrags && skb_headlen(fskb) &&
2839 BUG_ON(fskb->len != len); 2840 (skb_headlen(fskb) == len || sg)) {
2841 BUG_ON(skb_headlen(fskb) > len);
2842
2843 i = 0;
2844 nfrags = skb_shinfo(fskb)->nr_frags;
2845 skb_frag = skb_shinfo(fskb)->frags;
2846 pos += skb_headlen(fskb);
2847
2848 while (pos < offset + len) {
2849 BUG_ON(i >= nfrags);
2850
2851 size = skb_frag_size(skb_frag);
2852 if (pos + size > offset + len)
2853 break;
2854
2855 i++;
2856 pos += size;
2857 skb_frag++;
2858 }
2840 2859
2841 pos += len;
2842 nskb = skb_clone(fskb, GFP_ATOMIC); 2860 nskb = skb_clone(fskb, GFP_ATOMIC);
2843 fskb = fskb->next; 2861 fskb = fskb->next;
2844 2862
2845 if (unlikely(!nskb)) 2863 if (unlikely(!nskb))
2846 goto err; 2864 goto err;
2847 2865
2866 if (unlikely(pskb_trim(nskb, len))) {
2867 kfree_skb(nskb);
2868 goto err;
2869 }
2870
2848 hsize = skb_end_offset(nskb); 2871 hsize = skb_end_offset(nskb);
2849 if (skb_cow_head(nskb, doffset + headroom)) { 2872 if (skb_cow_head(nskb, doffset + headroom)) {
2850 kfree_skb(nskb); 2873 kfree_skb(nskb);
@@ -2881,7 +2904,7 @@ struct sk_buff *skb_segment(struct sk_buff *skb, netdev_features_t features)
2881 nskb->data - tnl_hlen, 2904 nskb->data - tnl_hlen,
2882 doffset + tnl_hlen); 2905 doffset + tnl_hlen);
2883 2906
2884 if (fskb != skb_shinfo(skb)->frag_list) 2907 if (nskb->len == len + doffset)
2885 goto perform_csum_check; 2908 goto perform_csum_check;
2886 2909
2887 if (!sg) { 2910 if (!sg) {
@@ -2899,8 +2922,28 @@ struct sk_buff *skb_segment(struct sk_buff *skb, netdev_features_t features)
2899 2922
2900 skb_shinfo(nskb)->tx_flags = skb_shinfo(skb)->tx_flags & SKBTX_SHARED_FRAG; 2923 skb_shinfo(nskb)->tx_flags = skb_shinfo(skb)->tx_flags & SKBTX_SHARED_FRAG;
2901 2924
2902 while (pos < offset + len && i < nfrags) { 2925 while (pos < offset + len) {
2903 *frag = skb_shinfo(skb)->frags[i]; 2926 if (i >= nfrags) {
2927 BUG_ON(skb_headlen(fskb));
2928
2929 i = 0;
2930 nfrags = skb_shinfo(fskb)->nr_frags;
2931 skb_frag = skb_shinfo(fskb)->frags;
2932
2933 BUG_ON(!nfrags);
2934
2935 fskb = fskb->next;
2936 }
2937
2938 if (unlikely(skb_shinfo(nskb)->nr_frags >=
2939 MAX_SKB_FRAGS)) {
2940 net_warn_ratelimited(
2941 "skb_segment: too many frags: %u %u\n",
2942 pos, mss);
2943 goto err;
2944 }
2945
2946 *frag = *skb_frag;
2904 __skb_frag_ref(frag); 2947 __skb_frag_ref(frag);
2905 size = skb_frag_size(frag); 2948 size = skb_frag_size(frag);
2906 2949
@@ -2913,6 +2956,7 @@ struct sk_buff *skb_segment(struct sk_buff *skb, netdev_features_t features)
2913 2956
2914 if (pos + size <= offset + len) { 2957 if (pos + size <= offset + len) {
2915 i++; 2958 i++;
2959 skb_frag++;
2916 pos += size; 2960 pos += size;
2917 } else { 2961 } else {
2918 skb_frag_size_sub(frag, pos + size - (offset + len)); 2962 skb_frag_size_sub(frag, pos + size - (offset + len));
@@ -2922,25 +2966,6 @@ struct sk_buff *skb_segment(struct sk_buff *skb, netdev_features_t features)
2922 frag++; 2966 frag++;
2923 } 2967 }
2924 2968
2925 if (pos < offset + len) {
2926 struct sk_buff *fskb2 = fskb;
2927
2928 BUG_ON(pos + fskb->len != offset + len);
2929
2930 pos += fskb->len;
2931 fskb = fskb->next;
2932
2933 if (fskb2->next) {
2934 fskb2 = skb_clone(fskb2, GFP_ATOMIC);
2935 if (!fskb2)
2936 goto err;
2937 } else
2938 skb_get(fskb2);
2939
2940 SKB_FRAG_ASSERT(nskb);
2941 skb_shinfo(nskb)->frag_list = fskb2;
2942 }
2943
2944skip_fraglist: 2969skip_fraglist:
2945 nskb->data_len = len - hsize; 2970 nskb->data_len = len - hsize;
2946 nskb->len += nskb->data_len; 2971 nskb->len += nskb->data_len;
diff --git a/net/ipv4/netfilter/ipt_SYNPROXY.c b/net/ipv4/netfilter/ipt_SYNPROXY.c
index 01cffeaa0085..f13bd91d9a56 100644
--- a/net/ipv4/netfilter/ipt_SYNPROXY.c
+++ b/net/ipv4/netfilter/ipt_SYNPROXY.c
@@ -244,6 +244,7 @@ synproxy_recv_client_ack(const struct synproxy_net *snet,
244 244
245 this_cpu_inc(snet->stats->cookie_valid); 245 this_cpu_inc(snet->stats->cookie_valid);
246 opts->mss = mss; 246 opts->mss = mss;
247 opts->options |= XT_SYNPROXY_OPT_MSS;
247 248
248 if (opts->options & XT_SYNPROXY_OPT_TIMESTAMP) 249 if (opts->options & XT_SYNPROXY_OPT_TIMESTAMP)
249 synproxy_check_timestamp_cookie(opts); 250 synproxy_check_timestamp_cookie(opts);
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index f428935c50db..f8da28278014 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -1776,8 +1776,12 @@ local_input:
1776 rth->dst.error= -err; 1776 rth->dst.error= -err;
1777 rth->rt_flags &= ~RTCF_LOCAL; 1777 rth->rt_flags &= ~RTCF_LOCAL;
1778 } 1778 }
1779 if (do_cache) 1779 if (do_cache) {
1780 rt_cache_route(&FIB_RES_NH(res), rth); 1780 if (unlikely(!rt_cache_route(&FIB_RES_NH(res), rth))) {
1781 rth->dst.flags |= DST_NOCACHE;
1782 rt_add_uncached_list(rth);
1783 }
1784 }
1781 skb_dst_set(skb, &rth->dst); 1785 skb_dst_set(skb, &rth->dst);
1782 err = 0; 1786 err = 0;
1783 goto out; 1787 goto out;
diff --git a/net/ipv6/netfilter/ip6t_SYNPROXY.c b/net/ipv6/netfilter/ip6t_SYNPROXY.c
index bf9f612c1bc2..f78f41aca8e9 100644
--- a/net/ipv6/netfilter/ip6t_SYNPROXY.c
+++ b/net/ipv6/netfilter/ip6t_SYNPROXY.c
@@ -259,6 +259,7 @@ synproxy_recv_client_ack(const struct synproxy_net *snet,
259 259
260 this_cpu_inc(snet->stats->cookie_valid); 260 this_cpu_inc(snet->stats->cookie_valid);
261 opts->mss = mss; 261 opts->mss = mss;
262 opts->options |= XT_SYNPROXY_OPT_MSS;
262 263
263 if (opts->options & XT_SYNPROXY_OPT_TIMESTAMP) 264 if (opts->options & XT_SYNPROXY_OPT_TIMESTAMP)
264 synproxy_check_timestamp_cookie(opts); 265 synproxy_check_timestamp_cookie(opts);
diff --git a/net/ipx/af_ipx.c b/net/ipx/af_ipx.c
index 7a1e0fc1bd4d..e096025b477f 100644
--- a/net/ipx/af_ipx.c
+++ b/net/ipx/af_ipx.c
@@ -1823,8 +1823,6 @@ static int ipx_recvmsg(struct kiocb *iocb, struct socket *sock,
1823 if (skb->tstamp.tv64) 1823 if (skb->tstamp.tv64)
1824 sk->sk_stamp = skb->tstamp; 1824 sk->sk_stamp = skb->tstamp;
1825 1825
1826 msg->msg_namelen = sizeof(*sipx);
1827
1828 if (sipx) { 1826 if (sipx) {
1829 sipx->sipx_family = AF_IPX; 1827 sipx->sipx_family = AF_IPX;
1830 sipx->sipx_port = ipx->ipx_source.sock; 1828 sipx->sipx_port = ipx->ipx_source.sock;
@@ -1832,6 +1830,7 @@ static int ipx_recvmsg(struct kiocb *iocb, struct socket *sock,
1832 sipx->sipx_network = IPX_SKB_CB(skb)->ipx_source_net; 1830 sipx->sipx_network = IPX_SKB_CB(skb)->ipx_source_net;
1833 sipx->sipx_type = ipx->ipx_type; 1831 sipx->sipx_type = ipx->ipx_type;
1834 sipx->sipx_zero = 0; 1832 sipx->sipx_zero = 0;
1833 msg->msg_namelen = sizeof(*sipx);
1835 } 1834 }
1836 rc = copied; 1835 rc = copied;
1837 1836
diff --git a/net/irda/af_irda.c b/net/irda/af_irda.c
index 0f676908d15b..de7db23049f1 100644
--- a/net/irda/af_irda.c
+++ b/net/irda/af_irda.c
@@ -1385,8 +1385,6 @@ static int irda_recvmsg_dgram(struct kiocb *iocb, struct socket *sock,
1385 1385
1386 IRDA_DEBUG(4, "%s()\n", __func__); 1386 IRDA_DEBUG(4, "%s()\n", __func__);
1387 1387
1388 msg->msg_namelen = 0;
1389
1390 skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, 1388 skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT,
1391 flags & MSG_DONTWAIT, &err); 1389 flags & MSG_DONTWAIT, &err);
1392 if (!skb) 1390 if (!skb)
@@ -1451,8 +1449,6 @@ static int irda_recvmsg_stream(struct kiocb *iocb, struct socket *sock,
1451 target = sock_rcvlowat(sk, flags & MSG_WAITALL, size); 1449 target = sock_rcvlowat(sk, flags & MSG_WAITALL, size);
1452 timeo = sock_rcvtimeo(sk, noblock); 1450 timeo = sock_rcvtimeo(sk, noblock);
1453 1451
1454 msg->msg_namelen = 0;
1455
1456 do { 1452 do {
1457 int chunk; 1453 int chunk;
1458 struct sk_buff *skb = skb_dequeue(&sk->sk_receive_queue); 1454 struct sk_buff *skb = skb_dequeue(&sk->sk_receive_queue);
diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c
index 168aff5e60de..c4b7218058b6 100644
--- a/net/iucv/af_iucv.c
+++ b/net/iucv/af_iucv.c
@@ -1324,8 +1324,6 @@ static int iucv_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
1324 int err = 0; 1324 int err = 0;
1325 u32 offset; 1325 u32 offset;
1326 1326
1327 msg->msg_namelen = 0;
1328
1329 if ((sk->sk_state == IUCV_DISCONN) && 1327 if ((sk->sk_state == IUCV_DISCONN) &&
1330 skb_queue_empty(&iucv->backlog_skb_q) && 1328 skb_queue_empty(&iucv->backlog_skb_q) &&
1331 skb_queue_empty(&sk->sk_receive_queue) && 1329 skb_queue_empty(&sk->sk_receive_queue) &&
diff --git a/net/key/af_key.c b/net/key/af_key.c
index 911ef03bf8fb..545f047868ad 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -3616,7 +3616,6 @@ static int pfkey_recvmsg(struct kiocb *kiocb,
3616 if (flags & ~(MSG_PEEK|MSG_DONTWAIT|MSG_TRUNC|MSG_CMSG_COMPAT)) 3616 if (flags & ~(MSG_PEEK|MSG_DONTWAIT|MSG_TRUNC|MSG_CMSG_COMPAT))
3617 goto out; 3617 goto out;
3618 3618
3619 msg->msg_namelen = 0;
3620 skb = skb_recv_datagram(sk, flags, flags & MSG_DONTWAIT, &err); 3619 skb = skb_recv_datagram(sk, flags, flags & MSG_DONTWAIT, &err);
3621 if (skb == NULL) 3620 if (skb == NULL)
3622 goto out; 3621 goto out;
diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c
index ffda81ef1a70..be5fadf34739 100644
--- a/net/l2tp/l2tp_ppp.c
+++ b/net/l2tp/l2tp_ppp.c
@@ -197,8 +197,6 @@ static int pppol2tp_recvmsg(struct kiocb *iocb, struct socket *sock,
197 if (sk->sk_state & PPPOX_BOUND) 197 if (sk->sk_state & PPPOX_BOUND)
198 goto end; 198 goto end;
199 199
200 msg->msg_namelen = 0;
201
202 err = 0; 200 err = 0;
203 skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, 201 skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT,
204 flags & MSG_DONTWAIT, &err); 202 flags & MSG_DONTWAIT, &err);
diff --git a/net/llc/af_llc.c b/net/llc/af_llc.c
index 6cba486353e8..7b01b9f5846c 100644
--- a/net/llc/af_llc.c
+++ b/net/llc/af_llc.c
@@ -720,8 +720,6 @@ static int llc_ui_recvmsg(struct kiocb *iocb, struct socket *sock,
720 int target; /* Read at least this many bytes */ 720 int target; /* Read at least this many bytes */
721 long timeo; 721 long timeo;
722 722
723 msg->msg_namelen = 0;
724
725 lock_sock(sk); 723 lock_sock(sk);
726 copied = -ENOTCONN; 724 copied = -ENOTCONN;
727 if (unlikely(sk->sk_type == SOCK_STREAM && sk->sk_state == TCP_LISTEN)) 725 if (unlikely(sk->sk_type == SOCK_STREAM && sk->sk_state == TCP_LISTEN))
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index 48acec17e27a..c3398cd99b94 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -909,7 +909,7 @@ config NETFILTER_XT_MATCH_CONNLABEL
909 connection simultaneously. 909 connection simultaneously.
910 910
911config NETFILTER_XT_MATCH_CONNLIMIT 911config NETFILTER_XT_MATCH_CONNLIMIT
912 tristate '"connlimit" match support"' 912 tristate '"connlimit" match support'
913 depends on NF_CONNTRACK 913 depends on NF_CONNTRACK
914 depends on NETFILTER_ADVANCED 914 depends on NETFILTER_ADVANCED
915 ---help--- 915 ---help---
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index e22d950c60b3..43549eb7a7be 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -764,9 +764,10 @@ void nf_conntrack_free(struct nf_conn *ct)
764 struct net *net = nf_ct_net(ct); 764 struct net *net = nf_ct_net(ct);
765 765
766 nf_ct_ext_destroy(ct); 766 nf_ct_ext_destroy(ct);
767 atomic_dec(&net->ct.count);
768 nf_ct_ext_free(ct); 767 nf_ct_ext_free(ct);
769 kmem_cache_free(net->ct.nf_conntrack_cachep, ct); 768 kmem_cache_free(net->ct.nf_conntrack_cachep, ct);
769 smp_mb__before_atomic_dec();
770 atomic_dec(&net->ct.count);
770} 771}
771EXPORT_SYMBOL_GPL(nf_conntrack_free); 772EXPORT_SYMBOL_GPL(nf_conntrack_free);
772 773
diff --git a/net/netfilter/nf_conntrack_seqadj.c b/net/netfilter/nf_conntrack_seqadj.c
index 5f9bfd060dea..17c1bcb182c6 100644
--- a/net/netfilter/nf_conntrack_seqadj.c
+++ b/net/netfilter/nf_conntrack_seqadj.c
@@ -41,8 +41,8 @@ int nf_ct_seqadj_set(struct nf_conn *ct, enum ip_conntrack_info ctinfo,
41 spin_lock_bh(&ct->lock); 41 spin_lock_bh(&ct->lock);
42 this_way = &seqadj->seq[dir]; 42 this_way = &seqadj->seq[dir];
43 if (this_way->offset_before == this_way->offset_after || 43 if (this_way->offset_before == this_way->offset_after ||
44 before(this_way->correction_pos, seq)) { 44 before(this_way->correction_pos, ntohl(seq))) {
45 this_way->correction_pos = seq; 45 this_way->correction_pos = ntohl(seq);
46 this_way->offset_before = this_way->offset_after; 46 this_way->offset_before = this_way->offset_after;
47 this_way->offset_after += off; 47 this_way->offset_after += off;
48 } 48 }
diff --git a/net/netfilter/nf_synproxy_core.c b/net/netfilter/nf_synproxy_core.c
index cdf4567ba9b3..9858e3e51a3a 100644
--- a/net/netfilter/nf_synproxy_core.c
+++ b/net/netfilter/nf_synproxy_core.c
@@ -151,9 +151,10 @@ void synproxy_init_timestamp_cookie(const struct xt_synproxy_info *info,
151 opts->tsecr = opts->tsval; 151 opts->tsecr = opts->tsval;
152 opts->tsval = tcp_time_stamp & ~0x3f; 152 opts->tsval = tcp_time_stamp & ~0x3f;
153 153
154 if (opts->options & XT_SYNPROXY_OPT_WSCALE) 154 if (opts->options & XT_SYNPROXY_OPT_WSCALE) {
155 opts->tsval |= info->wscale; 155 opts->tsval |= opts->wscale;
156 else 156 opts->wscale = info->wscale;
157 } else
157 opts->tsval |= 0xf; 158 opts->tsval |= 0xf;
158 159
159 if (opts->options & XT_SYNPROXY_OPT_SACK_PERM) 160 if (opts->options & XT_SYNPROXY_OPT_SACK_PERM)
diff --git a/net/netfilter/nft_compat.c b/net/netfilter/nft_compat.c
index a82667c64729..da0c1f4ada12 100644
--- a/net/netfilter/nft_compat.c
+++ b/net/netfilter/nft_compat.c
@@ -128,7 +128,7 @@ static const struct nla_policy nft_rule_compat_policy[NFTA_RULE_COMPAT_MAX + 1]
128 [NFTA_RULE_COMPAT_FLAGS] = { .type = NLA_U32 }, 128 [NFTA_RULE_COMPAT_FLAGS] = { .type = NLA_U32 },
129}; 129};
130 130
131static u8 nft_parse_compat(const struct nlattr *attr, bool *inv) 131static int nft_parse_compat(const struct nlattr *attr, u8 *proto, bool *inv)
132{ 132{
133 struct nlattr *tb[NFTA_RULE_COMPAT_MAX+1]; 133 struct nlattr *tb[NFTA_RULE_COMPAT_MAX+1];
134 u32 flags; 134 u32 flags;
@@ -148,7 +148,8 @@ static u8 nft_parse_compat(const struct nlattr *attr, bool *inv)
148 if (flags & NFT_RULE_COMPAT_F_INV) 148 if (flags & NFT_RULE_COMPAT_F_INV)
149 *inv = true; 149 *inv = true;
150 150
151 return ntohl(nla_get_be32(tb[NFTA_RULE_COMPAT_PROTO])); 151 *proto = ntohl(nla_get_be32(tb[NFTA_RULE_COMPAT_PROTO]));
152 return 0;
152} 153}
153 154
154static int 155static int
@@ -166,8 +167,11 @@ nft_target_init(const struct nft_ctx *ctx, const struct nft_expr *expr,
166 167
167 target_compat_from_user(target, nla_data(tb[NFTA_TARGET_INFO]), info); 168 target_compat_from_user(target, nla_data(tb[NFTA_TARGET_INFO]), info);
168 169
169 if (ctx->nla[NFTA_RULE_COMPAT]) 170 if (ctx->nla[NFTA_RULE_COMPAT]) {
170 proto = nft_parse_compat(ctx->nla[NFTA_RULE_COMPAT], &inv); 171 ret = nft_parse_compat(ctx->nla[NFTA_RULE_COMPAT], &proto, &inv);
172 if (ret < 0)
173 goto err;
174 }
171 175
172 nft_target_set_tgchk_param(&par, ctx, target, info, &e, proto, inv); 176 nft_target_set_tgchk_param(&par, ctx, target, info, &e, proto, inv);
173 177
@@ -356,8 +360,11 @@ nft_match_init(const struct nft_ctx *ctx, const struct nft_expr *expr,
356 360
357 match_compat_from_user(match, nla_data(tb[NFTA_MATCH_INFO]), info); 361 match_compat_from_user(match, nla_data(tb[NFTA_MATCH_INFO]), info);
358 362
359 if (ctx->nla[NFTA_RULE_COMPAT]) 363 if (ctx->nla[NFTA_RULE_COMPAT]) {
360 proto = nft_parse_compat(ctx->nla[NFTA_RULE_COMPAT], &inv); 364 ret = nft_parse_compat(ctx->nla[NFTA_RULE_COMPAT], &proto, &inv);
365 if (ret < 0)
366 goto err;
367 }
361 368
362 nft_match_set_mtchk_param(&par, ctx, match, info, &e, proto, inv); 369 nft_match_set_mtchk_param(&par, ctx, match, info, &e, proto, inv);
363 370
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index f0176e1a5a81..bca50b95c182 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -2335,8 +2335,6 @@ static int netlink_recvmsg(struct kiocb *kiocb, struct socket *sock,
2335 } 2335 }
2336#endif 2336#endif
2337 2337
2338 msg->msg_namelen = 0;
2339
2340 copied = data_skb->len; 2338 copied = data_skb->len;
2341 if (len < copied) { 2339 if (len < copied) {
2342 msg->msg_flags |= MSG_TRUNC; 2340 msg->msg_flags |= MSG_TRUNC;
diff --git a/net/netlink/genetlink.c b/net/netlink/genetlink.c
index 7dbc4f732c75..4518a57aa5fe 100644
--- a/net/netlink/genetlink.c
+++ b/net/netlink/genetlink.c
@@ -1045,7 +1045,7 @@ static int genlmsg_mcast(struct sk_buff *skb, u32 portid, unsigned long group,
1045int genlmsg_multicast_allns(struct genl_family *family, struct sk_buff *skb, 1045int genlmsg_multicast_allns(struct genl_family *family, struct sk_buff *skb,
1046 u32 portid, unsigned int group, gfp_t flags) 1046 u32 portid, unsigned int group, gfp_t flags)
1047{ 1047{
1048 if (group >= family->n_mcgrps) 1048 if (WARN_ON_ONCE(group >= family->n_mcgrps))
1049 return -EINVAL; 1049 return -EINVAL;
1050 group = family->mcgrp_offset + group; 1050 group = family->mcgrp_offset + group;
1051 return genlmsg_mcast(skb, portid, group, flags); 1051 return genlmsg_mcast(skb, portid, group, flags);
@@ -1062,7 +1062,7 @@ void genl_notify(struct genl_family *family,
1062 if (nlh) 1062 if (nlh)
1063 report = nlmsg_report(nlh); 1063 report = nlmsg_report(nlh);
1064 1064
1065 if (group >= family->n_mcgrps) 1065 if (WARN_ON_ONCE(group >= family->n_mcgrps))
1066 return; 1066 return;
1067 group = family->mcgrp_offset + group; 1067 group = family->mcgrp_offset + group;
1068 nlmsg_notify(sk, skb, portid, group, report, flags); 1068 nlmsg_notify(sk, skb, portid, group, report, flags);
diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c
index 698814bfa7ad..53c19a35fc6d 100644
--- a/net/netrom/af_netrom.c
+++ b/net/netrom/af_netrom.c
@@ -1179,10 +1179,9 @@ static int nr_recvmsg(struct kiocb *iocb, struct socket *sock,
1179 sax->sax25_family = AF_NETROM; 1179 sax->sax25_family = AF_NETROM;
1180 skb_copy_from_linear_data_offset(skb, 7, sax->sax25_call.ax25_call, 1180 skb_copy_from_linear_data_offset(skb, 7, sax->sax25_call.ax25_call,
1181 AX25_ADDR_LEN); 1181 AX25_ADDR_LEN);
1182 msg->msg_namelen = sizeof(*sax);
1182 } 1183 }
1183 1184
1184 msg->msg_namelen = sizeof(*sax);
1185
1186 skb_free_datagram(sk, skb); 1185 skb_free_datagram(sk, skb);
1187 1186
1188 release_sock(sk); 1187 release_sock(sk);
diff --git a/net/nfc/llcp_sock.c b/net/nfc/llcp_sock.c
index d308402b67d8..824c6056bf82 100644
--- a/net/nfc/llcp_sock.c
+++ b/net/nfc/llcp_sock.c
@@ -807,8 +807,6 @@ static int llcp_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
807 807
808 pr_debug("%p %zu\n", sk, len); 808 pr_debug("%p %zu\n", sk, len);
809 809
810 msg->msg_namelen = 0;
811
812 lock_sock(sk); 810 lock_sock(sk);
813 811
814 if (sk->sk_state == LLCP_CLOSED && 812 if (sk->sk_state == LLCP_CLOSED &&
diff --git a/net/nfc/rawsock.c b/net/nfc/rawsock.c
index cd958b381f96..66bcd2eb5773 100644
--- a/net/nfc/rawsock.c
+++ b/net/nfc/rawsock.c
@@ -244,8 +244,6 @@ static int rawsock_recvmsg(struct kiocb *iocb, struct socket *sock,
244 if (!skb) 244 if (!skb)
245 return rc; 245 return rc;
246 246
247 msg->msg_namelen = 0;
248
249 copied = skb->len; 247 copied = skb->len;
250 if (len < copied) { 248 if (len < copied) {
251 msg->msg_flags |= MSG_TRUNC; 249 msg->msg_flags |= MSG_TRUNC;
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
index 2e8286b47c28..ac27c86ef6d1 100644
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -244,11 +244,15 @@ static void __fanout_link(struct sock *sk, struct packet_sock *po);
244static void register_prot_hook(struct sock *sk) 244static void register_prot_hook(struct sock *sk)
245{ 245{
246 struct packet_sock *po = pkt_sk(sk); 246 struct packet_sock *po = pkt_sk(sk);
247
247 if (!po->running) { 248 if (!po->running) {
248 if (po->fanout) 249 if (po->fanout) {
249 __fanout_link(sk, po); 250 __fanout_link(sk, po);
250 else 251 } else {
251 dev_add_pack(&po->prot_hook); 252 dev_add_pack(&po->prot_hook);
253 rcu_assign_pointer(po->cached_dev, po->prot_hook.dev);
254 }
255
252 sock_hold(sk); 256 sock_hold(sk);
253 po->running = 1; 257 po->running = 1;
254 } 258 }
@@ -266,10 +270,13 @@ static void __unregister_prot_hook(struct sock *sk, bool sync)
266 struct packet_sock *po = pkt_sk(sk); 270 struct packet_sock *po = pkt_sk(sk);
267 271
268 po->running = 0; 272 po->running = 0;
269 if (po->fanout) 273 if (po->fanout) {
270 __fanout_unlink(sk, po); 274 __fanout_unlink(sk, po);
271 else 275 } else {
272 __dev_remove_pack(&po->prot_hook); 276 __dev_remove_pack(&po->prot_hook);
277 RCU_INIT_POINTER(po->cached_dev, NULL);
278 }
279
273 __sock_put(sk); 280 __sock_put(sk);
274 281
275 if (sync) { 282 if (sync) {
@@ -2052,12 +2059,24 @@ static int tpacket_fill_skb(struct packet_sock *po, struct sk_buff *skb,
2052 return tp_len; 2059 return tp_len;
2053} 2060}
2054 2061
2062static struct net_device *packet_cached_dev_get(struct packet_sock *po)
2063{
2064 struct net_device *dev;
2065
2066 rcu_read_lock();
2067 dev = rcu_dereference(po->cached_dev);
2068 if (dev)
2069 dev_hold(dev);
2070 rcu_read_unlock();
2071
2072 return dev;
2073}
2074
2055static int tpacket_snd(struct packet_sock *po, struct msghdr *msg) 2075static int tpacket_snd(struct packet_sock *po, struct msghdr *msg)
2056{ 2076{
2057 struct sk_buff *skb; 2077 struct sk_buff *skb;
2058 struct net_device *dev; 2078 struct net_device *dev;
2059 __be16 proto; 2079 __be16 proto;
2060 bool need_rls_dev = false;
2061 int err, reserve = 0; 2080 int err, reserve = 0;
2062 void *ph; 2081 void *ph;
2063 struct sockaddr_ll *saddr = (struct sockaddr_ll *)msg->msg_name; 2082 struct sockaddr_ll *saddr = (struct sockaddr_ll *)msg->msg_name;
@@ -2070,7 +2089,7 @@ static int tpacket_snd(struct packet_sock *po, struct msghdr *msg)
2070 mutex_lock(&po->pg_vec_lock); 2089 mutex_lock(&po->pg_vec_lock);
2071 2090
2072 if (saddr == NULL) { 2091 if (saddr == NULL) {
2073 dev = po->prot_hook.dev; 2092 dev = packet_cached_dev_get(po);
2074 proto = po->num; 2093 proto = po->num;
2075 addr = NULL; 2094 addr = NULL;
2076 } else { 2095 } else {
@@ -2084,19 +2103,17 @@ static int tpacket_snd(struct packet_sock *po, struct msghdr *msg)
2084 proto = saddr->sll_protocol; 2103 proto = saddr->sll_protocol;
2085 addr = saddr->sll_addr; 2104 addr = saddr->sll_addr;
2086 dev = dev_get_by_index(sock_net(&po->sk), saddr->sll_ifindex); 2105 dev = dev_get_by_index(sock_net(&po->sk), saddr->sll_ifindex);
2087 need_rls_dev = true;
2088 } 2106 }
2089 2107
2090 err = -ENXIO; 2108 err = -ENXIO;
2091 if (unlikely(dev == NULL)) 2109 if (unlikely(dev == NULL))
2092 goto out; 2110 goto out;
2093
2094 reserve = dev->hard_header_len;
2095
2096 err = -ENETDOWN; 2111 err = -ENETDOWN;
2097 if (unlikely(!(dev->flags & IFF_UP))) 2112 if (unlikely(!(dev->flags & IFF_UP)))
2098 goto out_put; 2113 goto out_put;
2099 2114
2115 reserve = dev->hard_header_len;
2116
2100 size_max = po->tx_ring.frame_size 2117 size_max = po->tx_ring.frame_size
2101 - (po->tp_hdrlen - sizeof(struct sockaddr_ll)); 2118 - (po->tp_hdrlen - sizeof(struct sockaddr_ll));
2102 2119
@@ -2173,8 +2190,7 @@ out_status:
2173 __packet_set_status(po, ph, status); 2190 __packet_set_status(po, ph, status);
2174 kfree_skb(skb); 2191 kfree_skb(skb);
2175out_put: 2192out_put:
2176 if (need_rls_dev) 2193 dev_put(dev);
2177 dev_put(dev);
2178out: 2194out:
2179 mutex_unlock(&po->pg_vec_lock); 2195 mutex_unlock(&po->pg_vec_lock);
2180 return err; 2196 return err;
@@ -2212,7 +2228,6 @@ static int packet_snd(struct socket *sock,
2212 struct sk_buff *skb; 2228 struct sk_buff *skb;
2213 struct net_device *dev; 2229 struct net_device *dev;
2214 __be16 proto; 2230 __be16 proto;
2215 bool need_rls_dev = false;
2216 unsigned char *addr; 2231 unsigned char *addr;
2217 int err, reserve = 0; 2232 int err, reserve = 0;
2218 struct virtio_net_hdr vnet_hdr = { 0 }; 2233 struct virtio_net_hdr vnet_hdr = { 0 };
@@ -2228,7 +2243,7 @@ static int packet_snd(struct socket *sock,
2228 */ 2243 */
2229 2244
2230 if (saddr == NULL) { 2245 if (saddr == NULL) {
2231 dev = po->prot_hook.dev; 2246 dev = packet_cached_dev_get(po);
2232 proto = po->num; 2247 proto = po->num;
2233 addr = NULL; 2248 addr = NULL;
2234 } else { 2249 } else {
@@ -2240,19 +2255,17 @@ static int packet_snd(struct socket *sock,
2240 proto = saddr->sll_protocol; 2255 proto = saddr->sll_protocol;
2241 addr = saddr->sll_addr; 2256 addr = saddr->sll_addr;
2242 dev = dev_get_by_index(sock_net(sk), saddr->sll_ifindex); 2257 dev = dev_get_by_index(sock_net(sk), saddr->sll_ifindex);
2243 need_rls_dev = true;
2244 } 2258 }
2245 2259
2246 err = -ENXIO; 2260 err = -ENXIO;
2247 if (dev == NULL) 2261 if (unlikely(dev == NULL))
2248 goto out_unlock; 2262 goto out_unlock;
2249 if (sock->type == SOCK_RAW)
2250 reserve = dev->hard_header_len;
2251
2252 err = -ENETDOWN; 2263 err = -ENETDOWN;
2253 if (!(dev->flags & IFF_UP)) 2264 if (unlikely(!(dev->flags & IFF_UP)))
2254 goto out_unlock; 2265 goto out_unlock;
2255 2266
2267 if (sock->type == SOCK_RAW)
2268 reserve = dev->hard_header_len;
2256 if (po->has_vnet_hdr) { 2269 if (po->has_vnet_hdr) {
2257 vnet_hdr_len = sizeof(vnet_hdr); 2270 vnet_hdr_len = sizeof(vnet_hdr);
2258 2271
@@ -2386,15 +2399,14 @@ static int packet_snd(struct socket *sock,
2386 if (err > 0 && (err = net_xmit_errno(err)) != 0) 2399 if (err > 0 && (err = net_xmit_errno(err)) != 0)
2387 goto out_unlock; 2400 goto out_unlock;
2388 2401
2389 if (need_rls_dev) 2402 dev_put(dev);
2390 dev_put(dev);
2391 2403
2392 return len; 2404 return len;
2393 2405
2394out_free: 2406out_free:
2395 kfree_skb(skb); 2407 kfree_skb(skb);
2396out_unlock: 2408out_unlock:
2397 if (dev && need_rls_dev) 2409 if (dev)
2398 dev_put(dev); 2410 dev_put(dev);
2399out: 2411out:
2400 return err; 2412 return err;
@@ -2614,6 +2626,7 @@ static int packet_create(struct net *net, struct socket *sock, int protocol,
2614 po = pkt_sk(sk); 2626 po = pkt_sk(sk);
2615 sk->sk_family = PF_PACKET; 2627 sk->sk_family = PF_PACKET;
2616 po->num = proto; 2628 po->num = proto;
2629 RCU_INIT_POINTER(po->cached_dev, NULL);
2617 2630
2618 sk->sk_destruct = packet_sock_destruct; 2631 sk->sk_destruct = packet_sock_destruct;
2619 sk_refcnt_debug_inc(sk); 2632 sk_refcnt_debug_inc(sk);
@@ -2660,7 +2673,6 @@ static int packet_recvmsg(struct kiocb *iocb, struct socket *sock,
2660 struct sock *sk = sock->sk; 2673 struct sock *sk = sock->sk;
2661 struct sk_buff *skb; 2674 struct sk_buff *skb;
2662 int copied, err; 2675 int copied, err;
2663 struct sockaddr_ll *sll;
2664 int vnet_hdr_len = 0; 2676 int vnet_hdr_len = 0;
2665 2677
2666 err = -EINVAL; 2678 err = -EINVAL;
@@ -2744,22 +2756,10 @@ static int packet_recvmsg(struct kiocb *iocb, struct socket *sock,
2744 goto out_free; 2756 goto out_free;
2745 } 2757 }
2746 2758
2747 /* 2759 /* You lose any data beyond the buffer you gave. If it worries
2748 * If the address length field is there to be filled in, we fill 2760 * a user program they can ask the device for its MTU
2749 * it in now. 2761 * anyway.
2750 */ 2762 */
2751
2752 sll = &PACKET_SKB_CB(skb)->sa.ll;
2753 if (sock->type == SOCK_PACKET)
2754 msg->msg_namelen = sizeof(struct sockaddr_pkt);
2755 else
2756 msg->msg_namelen = sll->sll_halen + offsetof(struct sockaddr_ll, sll_addr);
2757
2758 /*
2759 * You lose any data beyond the buffer you gave. If it worries a
2760 * user program they can ask the device for its MTU anyway.
2761 */
2762
2763 copied = skb->len; 2763 copied = skb->len;
2764 if (copied > len) { 2764 if (copied > len) {
2765 copied = len; 2765 copied = len;
@@ -2772,9 +2772,20 @@ static int packet_recvmsg(struct kiocb *iocb, struct socket *sock,
2772 2772
2773 sock_recv_ts_and_drops(msg, sk, skb); 2773 sock_recv_ts_and_drops(msg, sk, skb);
2774 2774
2775 if (msg->msg_name) 2775 if (msg->msg_name) {
2776 /* If the address length field is there to be filled
2777 * in, we fill it in now.
2778 */
2779 if (sock->type == SOCK_PACKET) {
2780 msg->msg_namelen = sizeof(struct sockaddr_pkt);
2781 } else {
2782 struct sockaddr_ll *sll = &PACKET_SKB_CB(skb)->sa.ll;
2783 msg->msg_namelen = sll->sll_halen +
2784 offsetof(struct sockaddr_ll, sll_addr);
2785 }
2776 memcpy(msg->msg_name, &PACKET_SKB_CB(skb)->sa, 2786 memcpy(msg->msg_name, &PACKET_SKB_CB(skb)->sa,
2777 msg->msg_namelen); 2787 msg->msg_namelen);
2788 }
2778 2789
2779 if (pkt_sk(sk)->auxdata) { 2790 if (pkt_sk(sk)->auxdata) {
2780 struct tpacket_auxdata aux; 2791 struct tpacket_auxdata aux;
diff --git a/net/packet/internal.h b/net/packet/internal.h
index c4e4b4561207..1035fa2d909c 100644
--- a/net/packet/internal.h
+++ b/net/packet/internal.h
@@ -113,6 +113,7 @@ struct packet_sock {
113 unsigned int tp_loss:1; 113 unsigned int tp_loss:1;
114 unsigned int tp_tx_has_off:1; 114 unsigned int tp_tx_has_off:1;
115 unsigned int tp_tstamp; 115 unsigned int tp_tstamp;
116 struct net_device __rcu *cached_dev;
116 struct packet_type prot_hook ____cacheline_aligned_in_smp; 117 struct packet_type prot_hook ____cacheline_aligned_in_smp;
117}; 118};
118 119
diff --git a/net/rds/recv.c b/net/rds/recv.c
index 9f0f17cf6bf9..de339b24ca14 100644
--- a/net/rds/recv.c
+++ b/net/rds/recv.c
@@ -410,8 +410,6 @@ int rds_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg,
410 410
411 rdsdebug("size %zu flags 0x%x timeo %ld\n", size, msg_flags, timeo); 411 rdsdebug("size %zu flags 0x%x timeo %ld\n", size, msg_flags, timeo);
412 412
413 msg->msg_namelen = 0;
414
415 if (msg_flags & MSG_OOB) 413 if (msg_flags & MSG_OOB)
416 goto out; 414 goto out;
417 415
diff --git a/net/rose/af_rose.c b/net/rose/af_rose.c
index e98fcfbe6007..33af77246bfe 100644
--- a/net/rose/af_rose.c
+++ b/net/rose/af_rose.c
@@ -1216,7 +1216,6 @@ static int rose_recvmsg(struct kiocb *iocb, struct socket *sock,
1216{ 1216{
1217 struct sock *sk = sock->sk; 1217 struct sock *sk = sock->sk;
1218 struct rose_sock *rose = rose_sk(sk); 1218 struct rose_sock *rose = rose_sk(sk);
1219 struct sockaddr_rose *srose = (struct sockaddr_rose *)msg->msg_name;
1220 size_t copied; 1219 size_t copied;
1221 unsigned char *asmptr; 1220 unsigned char *asmptr;
1222 struct sk_buff *skb; 1221 struct sk_buff *skb;
@@ -1252,8 +1251,11 @@ static int rose_recvmsg(struct kiocb *iocb, struct socket *sock,
1252 1251
1253 skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); 1252 skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
1254 1253
1255 if (srose != NULL) { 1254 if (msg->msg_name) {
1256 memset(srose, 0, msg->msg_namelen); 1255 struct sockaddr_rose *srose;
1256
1257 memset(msg->msg_name, 0, sizeof(struct full_sockaddr_rose));
1258 srose = msg->msg_name;
1257 srose->srose_family = AF_ROSE; 1259 srose->srose_family = AF_ROSE;
1258 srose->srose_addr = rose->dest_addr; 1260 srose->srose_addr = rose->dest_addr;
1259 srose->srose_call = rose->dest_call; 1261 srose->srose_call = rose->dest_call;
diff --git a/net/rxrpc/ar-recvmsg.c b/net/rxrpc/ar-recvmsg.c
index 4b48687c3890..898492a8d61b 100644
--- a/net/rxrpc/ar-recvmsg.c
+++ b/net/rxrpc/ar-recvmsg.c
@@ -143,10 +143,13 @@ int rxrpc_recvmsg(struct kiocb *iocb, struct socket *sock,
143 143
144 /* copy the peer address and timestamp */ 144 /* copy the peer address and timestamp */
145 if (!continue_call) { 145 if (!continue_call) {
146 if (msg->msg_name && msg->msg_namelen > 0) 146 if (msg->msg_name) {
147 size_t len =
148 sizeof(call->conn->trans->peer->srx);
147 memcpy(msg->msg_name, 149 memcpy(msg->msg_name,
148 &call->conn->trans->peer->srx, 150 &call->conn->trans->peer->srx, len);
149 sizeof(call->conn->trans->peer->srx)); 151 msg->msg_namelen = len;
152 }
150 sock_recv_ts_and_drops(msg, &rx->sk, skb); 153 sock_recv_ts_and_drops(msg, &rx->sk, skb);
151 } 154 }
152 155
diff --git a/net/socket.c b/net/socket.c
index c226aceee65b..0b18693f2be6 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -221,12 +221,13 @@ static int move_addr_to_user(struct sockaddr_storage *kaddr, int klen,
221 int err; 221 int err;
222 int len; 222 int len;
223 223
224 BUG_ON(klen > sizeof(struct sockaddr_storage));
224 err = get_user(len, ulen); 225 err = get_user(len, ulen);
225 if (err) 226 if (err)
226 return err; 227 return err;
227 if (len > klen) 228 if (len > klen)
228 len = klen; 229 len = klen;
229 if (len < 0 || len > sizeof(struct sockaddr_storage)) 230 if (len < 0)
230 return -EINVAL; 231 return -EINVAL;
231 if (len) { 232 if (len) {
232 if (audit_sockaddr(klen, kaddr)) 233 if (audit_sockaddr(klen, kaddr))
@@ -1840,8 +1841,10 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size,
1840 msg.msg_iov = &iov; 1841 msg.msg_iov = &iov;
1841 iov.iov_len = size; 1842 iov.iov_len = size;
1842 iov.iov_base = ubuf; 1843 iov.iov_base = ubuf;
1843 msg.msg_name = (struct sockaddr *)&address; 1844 /* Save some cycles and don't copy the address if not needed */
1844 msg.msg_namelen = sizeof(address); 1845 msg.msg_name = addr ? (struct sockaddr *)&address : NULL;
1846 /* We assume all kernel code knows the size of sockaddr_storage */
1847 msg.msg_namelen = 0;
1845 if (sock->file->f_flags & O_NONBLOCK) 1848 if (sock->file->f_flags & O_NONBLOCK)
1846 flags |= MSG_DONTWAIT; 1849 flags |= MSG_DONTWAIT;
1847 err = sock_recvmsg(sock, &msg, size, flags); 1850 err = sock_recvmsg(sock, &msg, size, flags);
@@ -2221,16 +2224,14 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
2221 goto out; 2224 goto out;
2222 } 2225 }
2223 2226
2224 /* 2227 /* Save the user-mode address (verify_iovec will change the
2225 * Save the user-mode address (verify_iovec will change the 2228 * kernel msghdr to use the kernel address space)
2226 * kernel msghdr to use the kernel address space)
2227 */ 2229 */
2228
2229 uaddr = (__force void __user *)msg_sys->msg_name; 2230 uaddr = (__force void __user *)msg_sys->msg_name;
2230 uaddr_len = COMPAT_NAMELEN(msg); 2231 uaddr_len = COMPAT_NAMELEN(msg);
2231 if (MSG_CMSG_COMPAT & flags) { 2232 if (MSG_CMSG_COMPAT & flags)
2232 err = verify_compat_iovec(msg_sys, iov, &addr, VERIFY_WRITE); 2233 err = verify_compat_iovec(msg_sys, iov, &addr, VERIFY_WRITE);
2233 } else 2234 else
2234 err = verify_iovec(msg_sys, iov, &addr, VERIFY_WRITE); 2235 err = verify_iovec(msg_sys, iov, &addr, VERIFY_WRITE);
2235 if (err < 0) 2236 if (err < 0)
2236 goto out_freeiov; 2237 goto out_freeiov;
@@ -2239,6 +2240,9 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
2239 cmsg_ptr = (unsigned long)msg_sys->msg_control; 2240 cmsg_ptr = (unsigned long)msg_sys->msg_control;
2240 msg_sys->msg_flags = flags & (MSG_CMSG_CLOEXEC|MSG_CMSG_COMPAT); 2241 msg_sys->msg_flags = flags & (MSG_CMSG_CLOEXEC|MSG_CMSG_COMPAT);
2241 2242
2243 /* We assume all kernel code knows the size of sockaddr_storage */
2244 msg_sys->msg_namelen = 0;
2245
2242 if (sock->file->f_flags & O_NONBLOCK) 2246 if (sock->file->f_flags & O_NONBLOCK)
2243 flags |= MSG_DONTWAIT; 2247 flags |= MSG_DONTWAIT;
2244 err = (nosec ? sock_recvmsg_nosec : sock_recvmsg)(sock, msg_sys, 2248 err = (nosec ? sock_recvmsg_nosec : sock_recvmsg)(sock, msg_sys,
diff --git a/net/tipc/socket.c b/net/tipc/socket.c
index 3906527259d1..3b61851bb927 100644
--- a/net/tipc/socket.c
+++ b/net/tipc/socket.c
@@ -980,9 +980,6 @@ static int recv_msg(struct kiocb *iocb, struct socket *sock,
980 goto exit; 980 goto exit;
981 } 981 }
982 982
983 /* will be updated in set_orig_addr() if needed */
984 m->msg_namelen = 0;
985
986 timeout = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); 983 timeout = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
987restart: 984restart:
988 985
@@ -1091,9 +1088,6 @@ static int recv_stream(struct kiocb *iocb, struct socket *sock,
1091 goto exit; 1088 goto exit;
1092 } 1089 }
1093 1090
1094 /* will be updated in set_orig_addr() if needed */
1095 m->msg_namelen = 0;
1096
1097 target = sock_rcvlowat(sk, flags & MSG_WAITALL, buf_len); 1091 target = sock_rcvlowat(sk, flags & MSG_WAITALL, buf_len);
1098 timeout = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); 1092 timeout = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
1099 1093
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index c1f403bed683..01625ccc3ae6 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -1754,7 +1754,6 @@ static void unix_copy_addr(struct msghdr *msg, struct sock *sk)
1754{ 1754{
1755 struct unix_sock *u = unix_sk(sk); 1755 struct unix_sock *u = unix_sk(sk);
1756 1756
1757 msg->msg_namelen = 0;
1758 if (u->addr) { 1757 if (u->addr) {
1759 msg->msg_namelen = u->addr->len; 1758 msg->msg_namelen = u->addr->len;
1760 memcpy(msg->msg_name, u->addr->name, u->addr->len); 1759 memcpy(msg->msg_name, u->addr->name, u->addr->len);
@@ -1778,8 +1777,6 @@ static int unix_dgram_recvmsg(struct kiocb *iocb, struct socket *sock,
1778 if (flags&MSG_OOB) 1777 if (flags&MSG_OOB)
1779 goto out; 1778 goto out;
1780 1779
1781 msg->msg_namelen = 0;
1782
1783 err = mutex_lock_interruptible(&u->readlock); 1780 err = mutex_lock_interruptible(&u->readlock);
1784 if (err) { 1781 if (err) {
1785 err = sock_intr_errno(sock_rcvtimeo(sk, noblock)); 1782 err = sock_intr_errno(sock_rcvtimeo(sk, noblock));
@@ -1924,8 +1921,6 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
1924 target = sock_rcvlowat(sk, flags&MSG_WAITALL, size); 1921 target = sock_rcvlowat(sk, flags&MSG_WAITALL, size);
1925 timeo = sock_rcvtimeo(sk, flags&MSG_DONTWAIT); 1922 timeo = sock_rcvtimeo(sk, flags&MSG_DONTWAIT);
1926 1923
1927 msg->msg_namelen = 0;
1928
1929 /* Lock the socket to prevent queue disordering 1924 /* Lock the socket to prevent queue disordering
1930 * while sleeps in memcpy_tomsg 1925 * while sleeps in memcpy_tomsg
1931 */ 1926 */
diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c
index 545c08b8a1d4..5adfd94c5b85 100644
--- a/net/vmw_vsock/af_vsock.c
+++ b/net/vmw_vsock/af_vsock.c
@@ -1662,8 +1662,6 @@ vsock_stream_recvmsg(struct kiocb *kiocb,
1662 vsk = vsock_sk(sk); 1662 vsk = vsock_sk(sk);
1663 err = 0; 1663 err = 0;
1664 1664
1665 msg->msg_namelen = 0;
1666
1667 lock_sock(sk); 1665 lock_sock(sk);
1668 1666
1669 if (sk->sk_state != SS_CONNECTED) { 1667 if (sk->sk_state != SS_CONNECTED) {
diff --git a/net/vmw_vsock/vmci_transport.c b/net/vmw_vsock/vmci_transport.c
index 9d6986634e0b..687360da62d9 100644
--- a/net/vmw_vsock/vmci_transport.c
+++ b/net/vmw_vsock/vmci_transport.c
@@ -1746,8 +1746,6 @@ static int vmci_transport_dgram_dequeue(struct kiocb *kiocb,
1746 if (flags & MSG_OOB || flags & MSG_ERRQUEUE) 1746 if (flags & MSG_OOB || flags & MSG_ERRQUEUE)
1747 return -EOPNOTSUPP; 1747 return -EOPNOTSUPP;
1748 1748
1749 msg->msg_namelen = 0;
1750
1751 /* Retrieve the head sk_buff from the socket's receive queue. */ 1749 /* Retrieve the head sk_buff from the socket's receive queue. */
1752 err = 0; 1750 err = 0;
1753 skb = skb_recv_datagram(&vsk->sk, flags, noblock, &err); 1751 skb = skb_recv_datagram(&vsk->sk, flags, noblock, &err);
diff --git a/net/wimax/stack.c b/net/wimax/stack.c
index ef2191b969a7..ec8b577db135 100644
--- a/net/wimax/stack.c
+++ b/net/wimax/stack.c
@@ -610,7 +610,6 @@ int __init wimax_subsys_init(void)
610 d_fnend(4, NULL, "() = 0\n"); 610 d_fnend(4, NULL, "() = 0\n");
611 return 0; 611 return 0;
612 612
613 genl_unregister_family(&wimax_gnl_family);
614error_register_family: 613error_register_family:
615 d_fnend(4, NULL, "() = %d\n", result); 614 d_fnend(4, NULL, "() = %d\n", result);
616 return result; 615 return result;
diff --git a/net/x25/af_x25.c b/net/x25/af_x25.c
index 45a3ab5612c1..7622789d3750 100644
--- a/net/x25/af_x25.c
+++ b/net/x25/af_x25.c
@@ -1340,10 +1340,9 @@ static int x25_recvmsg(struct kiocb *iocb, struct socket *sock,
1340 if (sx25) { 1340 if (sx25) {
1341 sx25->sx25_family = AF_X25; 1341 sx25->sx25_family = AF_X25;
1342 sx25->sx25_addr = x25->dest_addr; 1342 sx25->sx25_addr = x25->dest_addr;
1343 msg->msg_namelen = sizeof(*sx25);
1343 } 1344 }
1344 1345
1345 msg->msg_namelen = sizeof(struct sockaddr_x25);
1346
1347 x25_check_rbuf(sk); 1346 x25_check_rbuf(sk);
1348 rc = copied; 1347 rc = copied;
1349out_free_dgram: 1348out_free_dgram:
generated by cgit v1.2.2 (git 2.25.0) at 2025-12-26 11:41:50 -0500