Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6

* 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6: [NETFILTER]: Fix NULL pointer dereference in nf_nat_move_storage() [SUNHME]: VLAN support for sunhme [CHELSIO]: Fix skb->dev setting. [NETFILTER]: fix compat_nf_sockopt typo [INET]: Fix potential kfree on vmalloc-ed area of request_sock_queue [VIA_VELOCITY]: Don't oops on MTU change. iwl4965: fix not correctly dealing with hotunplug rt2x00: Fix chipset revision validation iwl3945: place CCK rates in front of OFDM for supported rates mac80211: Fix queuing of scan containing a SSID
author: Linus Torvalds <torvalds@woody.linux-foundation.org> 2007-11-15 19:34:00 -0500
committer: Linus Torvalds <torvalds@woody.linux-foundation.org> 2007-11-15 19:34:00 -0500
commit: adea27f4ba29200c989194a3f6214b652d009e83 (patch)
tree: a4699ba7557e731570d724e09bf6e05d3e83570c /net
parent: 40787d0099676c9923e31fbdb90422d5c97cdcd5 (diff)
parent: 7799652557d966e49512479f4d3b9079bbc01fff (diff)
5 files changed, 48 insertions, 5 deletions
diff --git a/net/core/request_sock.c b/net/core/request_sock.c
index 5f0818d815e6..45aed75cb571 100644
--- a/net/core/request_sock.c
+++ b/net/core/request_sock.c
@@ -71,6 +71,41 @@ int reqsk_queue_alloc(struct request_sock_queue *queue,
 EXPORT_SYMBOL(reqsk_queue_alloc);
+void __reqsk_queue_destroy(struct request_sock_queue *queue)
+{
+        struct listen_sock *lopt;
+        size_t lopt_size;
+        /*
+         * this is an error recovery path only
+         * no locking needed and the lopt is not NULL
+         */
+        lopt = queue->listen_opt;
+        lopt_size = sizeof(struct listen_sock) +
+                lopt->nr_table_entries * sizeof(struct request_sock *);
+        if (lopt_size > PAGE_SIZE)
+                vfree(lopt);
+        else
+                kfree(lopt);
+}
+EXPORT_SYMBOL(__reqsk_queue_destroy);
+static inline struct listen_sock *reqsk_queue_yank_listen_sk(
+                struct request_sock_queue *queue)
+{
+        struct listen_sock *lopt;
+        write_lock_bh(&queue->syn_wait_lock);
+        lopt = queue->listen_opt;
+        queue->listen_opt = NULL;
+        write_unlock_bh(&queue->syn_wait_lock);
+        return lopt;
+}
 void reqsk_queue_destroy(struct request_sock_queue *queue)
 {
        /* make all the listen_opt local to us */
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index b4e32ab3664d..72e1c93dd87e 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -242,6 +242,8 @@ struct ieee80211_if_sta {
        u8 bssid[ETH_ALEN], prev_bssid[ETH_ALEN];
        u8 ssid[IEEE80211_MAX_SSID_LEN];
        size_t ssid_len;
+        u8 scan_ssid[IEEE80211_MAX_SSID_LEN];
+        size_t scan_ssid_len;
        u16 aid;
        u16 ap_capab, capab;
        u8 *extra_ie; /* to be added to the end of AssocReq */
diff --git a/net/mac80211/ieee80211_sta.c b/net/mac80211/ieee80211_sta.c
index 2079e988fc56..015b3f879aa9 100644
--- a/net/mac80211/ieee80211_sta.c
+++ b/net/mac80211/ieee80211_sta.c
@@ -2002,7 +2002,10 @@ void ieee80211_sta_work(struct work_struct *work)
        if (ifsta->state != IEEE80211_AUTHENTICATE &&
            ifsta->state != IEEE80211_ASSOCIATE &&
            test_and_clear_bit(IEEE80211_STA_REQ_SCAN, &ifsta->request)) {
-                ieee80211_sta_start_scan(dev, NULL, 0);
+                if (ifsta->scan_ssid_len)
+                        ieee80211_sta_start_scan(dev, ifsta->scan_ssid, ifsta->scan_ssid_len);
+                else
+                        ieee80211_sta_start_scan(dev, NULL, 0);
                return;
        }
@@ -2872,6 +2875,9 @@ int ieee80211_sta_req_scan(struct net_device *dev, u8 *ssid, size_t ssid_len)
                return -EBUSY;
        }
+        ifsta->scan_ssid_len = ssid_len;
+        if (ssid_len)
+                memcpy(ifsta->scan_ssid, ssid, ssid_len);
        set_bit(IEEE80211_STA_REQ_SCAN, &ifsta->request);
        queue_work(local->hw.workqueue, &ifsta->work);
        return 0;
diff --git a/net/netfilter/nf_conntrack_extend.c b/net/netfilter/nf_conntrack_extend.c
index a1a65a1313b3..cf6ba6659a80 100644
--- a/net/netfilter/nf_conntrack_extend.c
+++ b/net/netfilter/nf_conntrack_extend.c
@@ -109,7 +109,7 @@ void *__nf_ct_ext_add(struct nf_conn *ct, enum nf_ct_ext_id id, gfp_t gfp)
                        rcu_read_lock();
                        t = rcu_dereference(nf_ct_ext_types[i]);
                        if (t && t->move)
-                                t->move(ct, ct->ext + ct->ext->offset[id]);
+                                t->move(ct, ct->ext + ct->ext->offset[i]);
                        rcu_read_unlock();
                }
                kfree(ct->ext);
diff --git a/net/netfilter/nf_sockopt.c b/net/netfilter/nf_sockopt.c
index 87bc1443c520..3dd4b3c76d81 100644
--- a/net/netfilter/nf_sockopt.c
+++ b/net/netfilter/nf_sockopt.c
@@ -143,12 +143,12 @@ static int compat_nf_sockopt(struct sock *sk, int pf, int val,
                if (ops->compat_get)
                        ret = ops->compat_get(sk, val, opt, len);
                else
-                        ret = ops->get(sk, val, ops, len);
+                        ret = ops->get(sk, val, opt, len);
        } else {
                if (ops->compat_set)
-                        ret = ops->compat_set(sk, val, ops, *len);
+                        ret = ops->compat_set(sk, val, opt, *len);
                else
-                        ret = ops->set(sk, val, ops, *len);
+                        ret = ops->set(sk, val, opt, *len);
        }
        module_put(ops->owner);
author	Linus Torvalds <torvalds@woody.linux-foundation.org>	2007-11-15 19:34:00 -0500
committer	Linus Torvalds <torvalds@woody.linux-foundation.org>	2007-11-15 19:34:00 -0500
commit	adea27f4ba29200c989194a3f6214b652d009e83 (patch)
tree	a4699ba7557e731570d724e09bf6e05d3e83570c /net
parent	40787d0099676c9923e31fbdb90422d5c97cdcd5 (diff)
parent	7799652557d966e49512479f4d3b9079bbc01fff (diff)