diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2013-04-10 17:15:27 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2013-04-10 17:15:27 -0400 |
| commit | fe2971a01762963c62e9872bfcf0632546342c0f (patch) | |
| tree | eb4b2442b5fa5b1a98de7c3f7509c9749133a90a /net | |
| parent | eb02db38ee6da074628685971042b847dee05d43 (diff) | |
| parent | 6b07a24fc38476e04f591cc17594bc1835b9efdd (diff) | |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networking fixes from David Miller:
1) cfg80211_conn_scan() must be called with the sched_scan_mutex, fix
from Artem Savkov.
2) Fix regression in TCP ICMPv6 processing, we do not want to treat
redirects as socket errors, from Christoph Paasch.
3) Fix several recvmsg() msg_name kernel memory leaks into userspace,
in ATM, AX25, Bluetooth, CAIF, IRDA, s390 IUCV, L2TP, LLC, Netrom,
NFC, Rose, TIPC, and VSOCK. From Mathias Krause and Wei Yongjun.
4) Fix AF_IUCV handling of segmented SKBs in recvmsg(), from Ursula
Braun and Eric Dumazet.
5) CAN gw.c code does kfree() on SLAB cache memory, use
kmem_cache_free() instead. Fix from Wei Yongjun.
6) Fix LSM regression on TCP SYN/ACKs, some LSMs such as SELINUX want
an skb->sk socket context available for these packets, but nothing
else requires it. From Eric Dumazet and Paul Moore.
7) Fix ipv4 address lifetime processing so that we don't perform
sleepable acts inside of rcu_read_lock() sections, do them in an
rtnl_lock() section instead. From Jiri Pirko.
8) mvneta driver accidently sets HW features after device registry, it
should do so beforehand. Fix from Willy Tarreau.
9) Fix bonding unload races more correctly, from Nikolay Aleksandrov
and Veaceslav Falico.
10) rtnl_dump_ifinfo() and rtnl_calcit() invoke nlmsg_parse() with wrong
header size argument. Fix from Michael Riesch.
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (44 commits)
lsm: add the missing documentation for the security_skb_owned_by() hook
bnx2x: Prevent null pointer dereference in AFEX mode
e100: Add dma mapping error check
selinux: add a skb_owned_by() hook
can: gw: use kmem_cache_free() instead of kfree()
netrom: fix invalid use of sizeof in nr_recvmsg()
qeth: fix qeth_wait_for_threads() deadlock for OSN devices
af_iucv: fix recvmsg by replacing skb_pull() function
rtnetlink: Call nlmsg_parse() with correct header length
bonding: fix bonding_masters race condition in bond unloading
Revert "bonding: remove sysfs before removing devices"
net: mvneta: enable features before registering the driver
hyperv: Fix RNDIS send_completion code path
hyperv: Fix a kernel warning from netvsc_linkstatus_callback()
net: ipv4: fix schedule while atomic bug in check_lifetime()
net: ipv4: reset check_lifetime_work after changing lifetime
bnx2x: Fix KR2 rapid link flap
sctp: remove 'sridhar' from maintainers list
VSOCK: Fix missing msg_namelen update in vsock_stream_recvmsg()
VSOCK: vmci - fix possible info leak in vmci_transport_dgram_dequeue()
...
Diffstat (limited to 'net')
| -rw-r--r-- | net/atm/common.c | 2 | ||||
| -rw-r--r-- | net/ax25/af_ax25.c | 1 | ||||
| -rw-r--r-- | net/bluetooth/af_bluetooth.c | 4 | ||||
| -rw-r--r-- | net/bluetooth/rfcomm/sock.c | 1 | ||||
| -rw-r--r-- | net/bluetooth/sco.c | 1 | ||||
| -rw-r--r-- | net/caif/caif_socket.c | 2 | ||||
| -rw-r--r-- | net/can/gw.c | 6 | ||||
| -rw-r--r-- | net/core/rtnetlink.c | 4 | ||||
| -rw-r--r-- | net/ipv4/devinet.c | 60 | ||||
| -rw-r--r-- | net/ipv4/tcp_output.c | 1 | ||||
| -rw-r--r-- | net/ipv6/tcp_ipv6.c | 1 | ||||
| -rw-r--r-- | net/irda/af_irda.c | 2 | ||||
| -rw-r--r-- | net/iucv/af_iucv.c | 36 | ||||
| -rw-r--r-- | net/l2tp/l2tp_ip6.c | 1 | ||||
| -rw-r--r-- | net/llc/af_llc.c | 2 | ||||
| -rw-r--r-- | net/netrom/af_netrom.c | 1 | ||||
| -rw-r--r-- | net/nfc/llcp/sock.c | 3 | ||||
| -rw-r--r-- | net/rose/af_rose.c | 1 | ||||
| -rw-r--r-- | net/tipc/socket.c | 7 | ||||
| -rw-r--r-- | net/vmw_vsock/af_vsock.c | 2 | ||||
| -rw-r--r-- | net/vmw_vsock/vmci_transport.c | 3 | ||||
| -rw-r--r-- | net/wireless/sme.c | 2 |
22 files changed, 101 insertions, 42 deletions
diff --git a/net/atm/common.c b/net/atm/common.c index 7b491006eaf4..737bef59ce89 100644 --- a/net/atm/common.c +++ b/net/atm/common.c | |||
| @@ -531,6 +531,8 @@ int vcc_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, | |||
| 531 | struct sk_buff *skb; | 531 | struct sk_buff *skb; |
| 532 | int copied, error = -EINVAL; | 532 | int copied, error = -EINVAL; |
| 533 | 533 | ||
| 534 | msg->msg_namelen = 0; | ||
| 535 | |||
| 534 | if (sock->state != SS_CONNECTED) | 536 | if (sock->state != SS_CONNECTED) |
| 535 | return -ENOTCONN; | 537 | return -ENOTCONN; |
| 536 | 538 | ||
diff --git a/net/ax25/af_ax25.c b/net/ax25/af_ax25.c index 7b11f8bc5071..e277e38f736b 100644 --- a/net/ax25/af_ax25.c +++ b/net/ax25/af_ax25.c | |||
| @@ -1642,6 +1642,7 @@ static int ax25_recvmsg(struct kiocb *iocb, struct socket *sock, | |||
| 1642 | ax25_address src; | 1642 | ax25_address src; |
| 1643 | const unsigned char *mac = skb_mac_header(skb); | 1643 | const unsigned char *mac = skb_mac_header(skb); |
| 1644 | 1644 | ||
| 1645 | memset(sax, 0, sizeof(struct full_sockaddr_ax25)); | ||
| 1645 | ax25_addr_parse(mac + 1, skb->data - mac - 1, &src, NULL, | 1646 | ax25_addr_parse(mac + 1, skb->data - mac - 1, &src, NULL, |
| 1646 | &digi, NULL, NULL); | 1647 | &digi, NULL, NULL); |
| 1647 | sax->sax25_family = AF_AX25; | 1648 | sax->sax25_family = AF_AX25; |
diff --git a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c index d3ee69b35a78..0d1b08cc76e1 100644 --- a/net/bluetooth/af_bluetooth.c +++ b/net/bluetooth/af_bluetooth.c | |||
| @@ -230,6 +230,8 @@ int bt_sock_recvmsg(struct kiocb *iocb, struct socket *sock, | |||
| 230 | if (flags & (MSG_OOB)) | 230 | if (flags & (MSG_OOB)) |
| 231 | return -EOPNOTSUPP; | 231 | return -EOPNOTSUPP; |
| 232 | 232 | ||
| 233 | msg->msg_namelen = 0; | ||
| 234 | |||
| 233 | skb = skb_recv_datagram(sk, flags, noblock, &err); | 235 | skb = skb_recv_datagram(sk, flags, noblock, &err); |
| 234 | if (!skb) { | 236 | if (!skb) { |
| 235 | if (sk->sk_shutdown & RCV_SHUTDOWN) | 237 | if (sk->sk_shutdown & RCV_SHUTDOWN) |
| @@ -237,8 +239,6 @@ int bt_sock_recvmsg(struct kiocb *iocb, struct socket *sock, | |||
| 237 | return err; | 239 | return err; |
| 238 | } | 240 | } |
| 239 | 241 | ||
| 240 | msg->msg_namelen = 0; | ||
| 241 | |||
| 242 | copied = skb->len; | 242 | copied = skb->len; |
| 243 | if (len < copied) { | 243 | if (len < copied) { |
| 244 | msg->msg_flags |= MSG_TRUNC; | 244 | msg->msg_flags |= MSG_TRUNC; |
diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c index c23bae86263b..7c9224bcce17 100644 --- a/net/bluetooth/rfcomm/sock.c +++ b/net/bluetooth/rfcomm/sock.c | |||
| @@ -608,6 +608,7 @@ static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock, | |||
| 608 | 608 | ||
| 609 | if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { | 609 | if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { |
| 610 | rfcomm_dlc_accept(d); | 610 | rfcomm_dlc_accept(d); |
| 611 | msg->msg_namelen = 0; | ||
| 611 | return 0; | 612 | return 0; |
| 612 | } | 613 | } |
| 613 | 614 | ||
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c index fad0302bdb32..fb6192c9812e 100644 --- a/net/bluetooth/sco.c +++ b/net/bluetooth/sco.c | |||
| @@ -665,6 +665,7 @@ static int sco_sock_recvmsg(struct kiocb *iocb, struct socket *sock, | |||
| 665 | test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { | 665 | test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { |
| 666 | hci_conn_accept(pi->conn->hcon, 0); | 666 | hci_conn_accept(pi->conn->hcon, 0); |
| 667 | sk->sk_state = BT_CONFIG; | 667 | sk->sk_state = BT_CONFIG; |
| 668 | msg->msg_namelen = 0; | ||
| 668 | 669 | ||
| 669 | release_sock(sk); | 670 | release_sock(sk); |
| 670 | return 0; | 671 | return 0; |
diff --git a/net/caif/caif_socket.c b/net/caif/caif_socket.c index 095259f83902..ff2ff3ce6965 100644 --- a/net/caif/caif_socket.c +++ b/net/caif/caif_socket.c | |||
| @@ -286,6 +286,8 @@ static int caif_seqpkt_recvmsg(struct kiocb *iocb, struct socket *sock, | |||
| 286 | if (m->msg_flags&MSG_OOB) | 286 | if (m->msg_flags&MSG_OOB) |
| 287 | goto read_error; | 287 | goto read_error; |
| 288 | 288 | ||
| 289 | m->msg_namelen = 0; | ||
| 290 | |||
| 289 | skb = skb_recv_datagram(sk, flags, 0 , &ret); | 291 | skb = skb_recv_datagram(sk, flags, 0 , &ret); |
| 290 | if (!skb) | 292 | if (!skb) |
| 291 | goto read_error; | 293 | goto read_error; |
diff --git a/net/can/gw.c b/net/can/gw.c index 2d117dc5ebea..117814a7e73c 100644 --- a/net/can/gw.c +++ b/net/can/gw.c | |||
| @@ -466,7 +466,7 @@ static int cgw_notifier(struct notifier_block *nb, | |||
| 466 | if (gwj->src.dev == dev || gwj->dst.dev == dev) { | 466 | if (gwj->src.dev == dev || gwj->dst.dev == dev) { |
| 467 | hlist_del(&gwj->list); | 467 | hlist_del(&gwj->list); |
| 468 | cgw_unregister_filter(gwj); | 468 | cgw_unregister_filter(gwj); |
| 469 | kfree(gwj); | 469 | kmem_cache_free(cgw_cache, gwj); |
| 470 | } | 470 | } |
| 471 | } | 471 | } |
| 472 | } | 472 | } |
| @@ -864,7 +864,7 @@ static void cgw_remove_all_jobs(void) | |||
| 864 | hlist_for_each_entry_safe(gwj, nx, &cgw_list, list) { | 864 | hlist_for_each_entry_safe(gwj, nx, &cgw_list, list) { |
| 865 | hlist_del(&gwj->list); | 865 | hlist_del(&gwj->list); |
| 866 | cgw_unregister_filter(gwj); | 866 | cgw_unregister_filter(gwj); |
| 867 | kfree(gwj); | 867 | kmem_cache_free(cgw_cache, gwj); |
| 868 | } | 868 | } |
| 869 | } | 869 | } |
| 870 | 870 | ||
| @@ -920,7 +920,7 @@ static int cgw_remove_job(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg) | |||
| 920 | 920 | ||
| 921 | hlist_del(&gwj->list); | 921 | hlist_del(&gwj->list); |
| 922 | cgw_unregister_filter(gwj); | 922 | cgw_unregister_filter(gwj); |
| 923 | kfree(gwj); | 923 | kmem_cache_free(cgw_cache, gwj); |
| 924 | err = 0; | 924 | err = 0; |
| 925 | break; | 925 | break; |
| 926 | } | 926 | } |
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c index b65441da74ab..23854b51a259 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c | |||
| @@ -1072,7 +1072,7 @@ static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb) | |||
| 1072 | rcu_read_lock(); | 1072 | rcu_read_lock(); |
| 1073 | cb->seq = net->dev_base_seq; | 1073 | cb->seq = net->dev_base_seq; |
| 1074 | 1074 | ||
| 1075 | if (nlmsg_parse(cb->nlh, sizeof(struct rtgenmsg), tb, IFLA_MAX, | 1075 | if (nlmsg_parse(cb->nlh, sizeof(struct ifinfomsg), tb, IFLA_MAX, |
| 1076 | ifla_policy) >= 0) { | 1076 | ifla_policy) >= 0) { |
| 1077 | 1077 | ||
| 1078 | if (tb[IFLA_EXT_MASK]) | 1078 | if (tb[IFLA_EXT_MASK]) |
| @@ -1922,7 +1922,7 @@ static u16 rtnl_calcit(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
| 1922 | u32 ext_filter_mask = 0; | 1922 | u32 ext_filter_mask = 0; |
| 1923 | u16 min_ifinfo_dump_size = 0; | 1923 | u16 min_ifinfo_dump_size = 0; |
| 1924 | 1924 | ||
| 1925 | if (nlmsg_parse(nlh, sizeof(struct rtgenmsg), tb, IFLA_MAX, | 1925 | if (nlmsg_parse(nlh, sizeof(struct ifinfomsg), tb, IFLA_MAX, |
| 1926 | ifla_policy) >= 0) { | 1926 | ifla_policy) >= 0) { |
| 1927 | if (tb[IFLA_EXT_MASK]) | 1927 | if (tb[IFLA_EXT_MASK]) |
| 1928 | ext_filter_mask = nla_get_u32(tb[IFLA_EXT_MASK]); | 1928 | ext_filter_mask = nla_get_u32(tb[IFLA_EXT_MASK]); |
diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c index 96083b7a436b..c6287cd978c2 100644 --- a/net/ipv4/devinet.c +++ b/net/ipv4/devinet.c | |||
| @@ -587,13 +587,16 @@ static void check_lifetime(struct work_struct *work) | |||
| 587 | { | 587 | { |
| 588 | unsigned long now, next, next_sec, next_sched; | 588 | unsigned long now, next, next_sec, next_sched; |
| 589 | struct in_ifaddr *ifa; | 589 | struct in_ifaddr *ifa; |
| 590 | struct hlist_node *n; | ||
| 590 | int i; | 591 | int i; |
| 591 | 592 | ||
| 592 | now = jiffies; | 593 | now = jiffies; |
| 593 | next = round_jiffies_up(now + ADDR_CHECK_FREQUENCY); | 594 | next = round_jiffies_up(now + ADDR_CHECK_FREQUENCY); |
| 594 | 595 | ||
| 595 | rcu_read_lock(); | ||
| 596 | for (i = 0; i < IN4_ADDR_HSIZE; i++) { | 596 | for (i = 0; i < IN4_ADDR_HSIZE; i++) { |
| 597 | bool change_needed = false; | ||
| 598 | |||
| 599 | rcu_read_lock(); | ||
| 597 | hlist_for_each_entry_rcu(ifa, &inet_addr_lst[i], hash) { | 600 | hlist_for_each_entry_rcu(ifa, &inet_addr_lst[i], hash) { |
| 598 | unsigned long age; | 601 | unsigned long age; |
| 599 | 602 | ||
| @@ -606,16 +609,7 @@ static void check_lifetime(struct work_struct *work) | |||
| 606 | 609 | ||
| 607 | if (ifa->ifa_valid_lft != INFINITY_LIFE_TIME && | 610 | if (ifa->ifa_valid_lft != INFINITY_LIFE_TIME && |
| 608 | age >= ifa->ifa_valid_lft) { | 611 | age >= ifa->ifa_valid_lft) { |
| 609 | struct in_ifaddr **ifap ; | 612 | change_needed = true; |
| 610 | |||
| 611 | rtnl_lock(); | ||
| 612 | for (ifap = &ifa->ifa_dev->ifa_list; | ||
| 613 | *ifap != NULL; ifap = &ifa->ifa_next) { | ||
| 614 | if (*ifap == ifa) | ||
| 615 | inet_del_ifa(ifa->ifa_dev, | ||
| 616 | ifap, 1); | ||
| 617 | } | ||
| 618 | rtnl_unlock(); | ||
| 619 | } else if (ifa->ifa_preferred_lft == | 613 | } else if (ifa->ifa_preferred_lft == |
| 620 | INFINITY_LIFE_TIME) { | 614 | INFINITY_LIFE_TIME) { |
| 621 | continue; | 615 | continue; |
| @@ -625,10 +619,8 @@ static void check_lifetime(struct work_struct *work) | |||
| 625 | next = ifa->ifa_tstamp + | 619 | next = ifa->ifa_tstamp + |
| 626 | ifa->ifa_valid_lft * HZ; | 620 | ifa->ifa_valid_lft * HZ; |
| 627 | 621 | ||
| 628 | if (!(ifa->ifa_flags & IFA_F_DEPRECATED)) { | 622 | if (!(ifa->ifa_flags & IFA_F_DEPRECATED)) |
| 629 | ifa->ifa_flags |= IFA_F_DEPRECATED; | 623 | change_needed = true; |
| 630 | rtmsg_ifa(RTM_NEWADDR, ifa, NULL, 0); | ||
| 631 | } | ||
| 632 | } else if (time_before(ifa->ifa_tstamp + | 624 | } else if (time_before(ifa->ifa_tstamp + |
| 633 | ifa->ifa_preferred_lft * HZ, | 625 | ifa->ifa_preferred_lft * HZ, |
| 634 | next)) { | 626 | next)) { |
| @@ -636,8 +628,42 @@ static void check_lifetime(struct work_struct *work) | |||
| 636 | ifa->ifa_preferred_lft * HZ; | 628 | ifa->ifa_preferred_lft * HZ; |
| 637 | } | 629 | } |
| 638 | } | 630 | } |
| 631 | rcu_read_unlock(); | ||
| 632 | if (!change_needed) | ||
| 633 | continue; | ||
| 634 | rtnl_lock(); | ||
| 635 | hlist_for_each_entry_safe(ifa, n, &inet_addr_lst[i], hash) { | ||
| 636 | unsigned long age; | ||
| 637 | |||
| 638 | if (ifa->ifa_flags & IFA_F_PERMANENT) | ||
| 639 | continue; | ||
| 640 | |||
| 641 | /* We try to batch several events at once. */ | ||
| 642 | age = (now - ifa->ifa_tstamp + | ||
| 643 | ADDRCONF_TIMER_FUZZ_MINUS) / HZ; | ||
| 644 | |||
| 645 | if (ifa->ifa_valid_lft != INFINITY_LIFE_TIME && | ||
| 646 | age >= ifa->ifa_valid_lft) { | ||
| 647 | struct in_ifaddr **ifap; | ||
| 648 | |||
| 649 | for (ifap = &ifa->ifa_dev->ifa_list; | ||
| 650 | *ifap != NULL; ifap = &(*ifap)->ifa_next) { | ||
| 651 | if (*ifap == ifa) { | ||
| 652 | inet_del_ifa(ifa->ifa_dev, | ||
| 653 | ifap, 1); | ||
| 654 | break; | ||
| 655 | } | ||
| 656 | } | ||
| 657 | } else if (ifa->ifa_preferred_lft != | ||
| 658 | INFINITY_LIFE_TIME && | ||
| 659 | age >= ifa->ifa_preferred_lft && | ||
| 660 | !(ifa->ifa_flags & IFA_F_DEPRECATED)) { | ||
| 661 | ifa->ifa_flags |= IFA_F_DEPRECATED; | ||
| 662 | rtmsg_ifa(RTM_NEWADDR, ifa, NULL, 0); | ||
| 663 | } | ||
| 664 | } | ||
| 665 | rtnl_unlock(); | ||
| 639 | } | 666 | } |
| 640 | rcu_read_unlock(); | ||
| 641 | 667 | ||
| 642 | next_sec = round_jiffies_up(next); | 668 | next_sec = round_jiffies_up(next); |
| 643 | next_sched = next; | 669 | next_sched = next; |
| @@ -804,6 +830,8 @@ static int inet_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg | |||
| 804 | return -EEXIST; | 830 | return -EEXIST; |
| 805 | ifa = ifa_existing; | 831 | ifa = ifa_existing; |
| 806 | set_ifa_lifetime(ifa, valid_lft, prefered_lft); | 832 | set_ifa_lifetime(ifa, valid_lft, prefered_lft); |
| 833 | cancel_delayed_work(&check_lifetime_work); | ||
| 834 | schedule_delayed_work(&check_lifetime_work, 0); | ||
| 807 | rtmsg_ifa(RTM_NEWADDR, ifa, nlh, NETLINK_CB(skb).portid); | 835 | rtmsg_ifa(RTM_NEWADDR, ifa, nlh, NETLINK_CB(skb).portid); |
| 808 | blocking_notifier_call_chain(&inetaddr_chain, NETDEV_UP, ifa); | 836 | blocking_notifier_call_chain(&inetaddr_chain, NETDEV_UP, ifa); |
| 809 | } | 837 | } |
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c index 5d0b4387cba6..b44cf81d8178 100644 --- a/net/ipv4/tcp_output.c +++ b/net/ipv4/tcp_output.c | |||
| @@ -2709,6 +2709,7 @@ struct sk_buff *tcp_make_synack(struct sock *sk, struct dst_entry *dst, | |||
| 2709 | skb_reserve(skb, MAX_TCP_HEADER); | 2709 | skb_reserve(skb, MAX_TCP_HEADER); |
| 2710 | 2710 | ||
| 2711 | skb_dst_set(skb, dst); | 2711 | skb_dst_set(skb, dst); |
| 2712 | security_skb_owned_by(skb, sk); | ||
| 2712 | 2713 | ||
| 2713 | mss = dst_metric_advmss(dst); | 2714 | mss = dst_metric_advmss(dst); |
| 2714 | if (tp->rx_opt.user_mss && tp->rx_opt.user_mss < mss) | 2715 | if (tp->rx_opt.user_mss && tp->rx_opt.user_mss < mss) |
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index f6d629fd6aee..46a5be85be87 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c | |||
| @@ -386,6 +386,7 @@ static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, | |||
| 386 | 386 | ||
| 387 | if (dst) | 387 | if (dst) |
| 388 | dst->ops->redirect(dst, sk, skb); | 388 | dst->ops->redirect(dst, sk, skb); |
| 389 | goto out; | ||
| 389 | } | 390 | } |
| 390 | 391 | ||
| 391 | if (type == ICMPV6_PKT_TOOBIG) { | 392 | if (type == ICMPV6_PKT_TOOBIG) { |
diff --git a/net/irda/af_irda.c b/net/irda/af_irda.c index d28e7f014cc6..e493b3397ae3 100644 --- a/net/irda/af_irda.c +++ b/net/irda/af_irda.c | |||
| @@ -1386,6 +1386,8 @@ static int irda_recvmsg_dgram(struct kiocb *iocb, struct socket *sock, | |||
| 1386 | 1386 | ||
| 1387 | IRDA_DEBUG(4, "%s()\n", __func__); | 1387 | IRDA_DEBUG(4, "%s()\n", __func__); |
| 1388 | 1388 | ||
| 1389 | msg->msg_namelen = 0; | ||
| 1390 | |||
| 1389 | skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, | 1391 | skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, |
| 1390 | flags & MSG_DONTWAIT, &err); | 1392 | flags & MSG_DONTWAIT, &err); |
| 1391 | if (!skb) | 1393 | if (!skb) |
diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c index a7d11ffe4284..206ce6db2c36 100644 --- a/net/iucv/af_iucv.c +++ b/net/iucv/af_iucv.c | |||
| @@ -49,12 +49,6 @@ static const u8 iprm_shutdown[8] = | |||
| 49 | 49 | ||
| 50 | #define TRGCLS_SIZE (sizeof(((struct iucv_message *)0)->class)) | 50 | #define TRGCLS_SIZE (sizeof(((struct iucv_message *)0)->class)) |
| 51 | 51 | ||
| 52 | /* macros to set/get socket control buffer at correct offset */ | ||
| 53 | #define CB_TAG(skb) ((skb)->cb) /* iucv message tag */ | ||
| 54 | #define CB_TAG_LEN (sizeof(((struct iucv_message *) 0)->tag)) | ||
| 55 | #define CB_TRGCLS(skb) ((skb)->cb + CB_TAG_LEN) /* iucv msg target class */ | ||
| 56 | #define CB_TRGCLS_LEN (TRGCLS_SIZE) | ||
| 57 | |||
| 58 | #define __iucv_sock_wait(sk, condition, timeo, ret) \ | 52 | #define __iucv_sock_wait(sk, condition, timeo, ret) \ |
| 59 | do { \ | 53 | do { \ |
| 60 | DEFINE_WAIT(__wait); \ | 54 | DEFINE_WAIT(__wait); \ |
| @@ -1141,7 +1135,7 @@ static int iucv_sock_sendmsg(struct kiocb *iocb, struct socket *sock, | |||
| 1141 | 1135 | ||
| 1142 | /* increment and save iucv message tag for msg_completion cbk */ | 1136 | /* increment and save iucv message tag for msg_completion cbk */ |
| 1143 | txmsg.tag = iucv->send_tag++; | 1137 | txmsg.tag = iucv->send_tag++; |
| 1144 | memcpy(CB_TAG(skb), &txmsg.tag, CB_TAG_LEN); | 1138 | IUCV_SKB_CB(skb)->tag = txmsg.tag; |
| 1145 | 1139 | ||
| 1146 | if (iucv->transport == AF_IUCV_TRANS_HIPER) { | 1140 | if (iucv->transport == AF_IUCV_TRANS_HIPER) { |
| 1147 | atomic_inc(&iucv->msg_sent); | 1141 | atomic_inc(&iucv->msg_sent); |
| @@ -1224,7 +1218,7 @@ static int iucv_fragment_skb(struct sock *sk, struct sk_buff *skb, int len) | |||
| 1224 | return -ENOMEM; | 1218 | return -ENOMEM; |
| 1225 | 1219 | ||
| 1226 | /* copy target class to control buffer of new skb */ | 1220 | /* copy target class to control buffer of new skb */ |
| 1227 | memcpy(CB_TRGCLS(nskb), CB_TRGCLS(skb), CB_TRGCLS_LEN); | 1221 | IUCV_SKB_CB(nskb)->class = IUCV_SKB_CB(skb)->class; |
| 1228 | 1222 | ||
| 1229 | /* copy data fragment */ | 1223 | /* copy data fragment */ |
| 1230 | memcpy(nskb->data, skb->data + copied, size); | 1224 | memcpy(nskb->data, skb->data + copied, size); |
| @@ -1256,7 +1250,7 @@ static void iucv_process_message(struct sock *sk, struct sk_buff *skb, | |||
| 1256 | 1250 | ||
| 1257 | /* store msg target class in the second 4 bytes of skb ctrl buffer */ | 1251 | /* store msg target class in the second 4 bytes of skb ctrl buffer */ |
| 1258 | /* Note: the first 4 bytes are reserved for msg tag */ | 1252 | /* Note: the first 4 bytes are reserved for msg tag */ |
| 1259 | memcpy(CB_TRGCLS(skb), &msg->class, CB_TRGCLS_LEN); | 1253 | IUCV_SKB_CB(skb)->class = msg->class; |
| 1260 | 1254 | ||
| 1261 | /* check for special IPRM messages (e.g. iucv_sock_shutdown) */ | 1255 | /* check for special IPRM messages (e.g. iucv_sock_shutdown) */ |
| 1262 | if ((msg->flags & IUCV_IPRMDATA) && len > 7) { | 1256 | if ((msg->flags & IUCV_IPRMDATA) && len > 7) { |
| @@ -1292,6 +1286,7 @@ static void iucv_process_message(struct sock *sk, struct sk_buff *skb, | |||
| 1292 | } | 1286 | } |
| 1293 | } | 1287 | } |
| 1294 | 1288 | ||
| 1289 | IUCV_SKB_CB(skb)->offset = 0; | ||
| 1295 | if (sock_queue_rcv_skb(sk, skb)) | 1290 | if (sock_queue_rcv_skb(sk, skb)) |
| 1296 | skb_queue_head(&iucv_sk(sk)->backlog_skb_q, skb); | 1291 | skb_queue_head(&iucv_sk(sk)->backlog_skb_q, skb); |
| 1297 | } | 1292 | } |
| @@ -1327,6 +1322,9 @@ static int iucv_sock_recvmsg(struct kiocb *iocb, struct socket *sock, | |||
| 1327 | unsigned int copied, rlen; | 1322 | unsigned int copied, rlen; |
| 1328 | struct sk_buff *skb, *rskb, *cskb; | 1323 | struct sk_buff *skb, *rskb, *cskb; |
| 1329 | int err = 0; | 1324 | int err = 0; |
| 1325 | u32 offset; | ||
| 1326 | |||
| 1327 | msg->msg_namelen = 0; | ||
| 1330 | 1328 | ||
| 1331 | if ((sk->sk_state == IUCV_DISCONN) && | 1329 | if ((sk->sk_state == IUCV_DISCONN) && |
| 1332 | skb_queue_empty(&iucv->backlog_skb_q) && | 1330 | skb_queue_empty(&iucv->backlog_skb_q) && |
| @@ -1346,13 +1344,14 @@ static int iucv_sock_recvmsg(struct kiocb *iocb, struct socket *sock, | |||
| 1346 | return err; | 1344 | return err; |
| 1347 | } | 1345 | } |
| 1348 | 1346 | ||
| 1349 | rlen = skb->len; /* real length of skb */ | 1347 | offset = IUCV_SKB_CB(skb)->offset; |
| 1348 | rlen = skb->len - offset; /* real length of skb */ | ||
| 1350 | copied = min_t(unsigned int, rlen, len); | 1349 | copied = min_t(unsigned int, rlen, len); |
| 1351 | if (!rlen) | 1350 | if (!rlen) |
| 1352 | sk->sk_shutdown = sk->sk_shutdown | RCV_SHUTDOWN; | 1351 | sk->sk_shutdown = sk->sk_shutdown | RCV_SHUTDOWN; |
| 1353 | 1352 | ||
| 1354 | cskb = skb; | 1353 | cskb = skb; |
| 1355 | if (skb_copy_datagram_iovec(cskb, 0, msg->msg_iov, copied)) { | 1354 | if (skb_copy_datagram_iovec(cskb, offset, msg->msg_iov, copied)) { |
| 1356 | if (!(flags & MSG_PEEK)) | 1355 | if (!(flags & MSG_PEEK)) |
| 1357 | skb_queue_head(&sk->sk_receive_queue, skb); | 1356 | skb_queue_head(&sk->sk_receive_queue, skb); |
| 1358 | return -EFAULT; | 1357 | return -EFAULT; |
| @@ -1370,7 +1369,8 @@ static int iucv_sock_recvmsg(struct kiocb *iocb, struct socket *sock, | |||
| 1370 | * get the trgcls from the control buffer of the skb due to | 1369 | * get the trgcls from the control buffer of the skb due to |
| 1371 | * fragmentation of original iucv message. */ | 1370 | * fragmentation of original iucv message. */ |
| 1372 | err = put_cmsg(msg, SOL_IUCV, SCM_IUCV_TRGCLS, | 1371 | err = put_cmsg(msg, SOL_IUCV, SCM_IUCV_TRGCLS, |
| 1373 | CB_TRGCLS_LEN, CB_TRGCLS(skb)); | 1372 | sizeof(IUCV_SKB_CB(skb)->class), |
| 1373 | (void *)&IUCV_SKB_CB(skb)->class); | ||
| 1374 | if (err) { | 1374 | if (err) { |
| 1375 | if (!(flags & MSG_PEEK)) | 1375 | if (!(flags & MSG_PEEK)) |
| 1376 | skb_queue_head(&sk->sk_receive_queue, skb); | 1376 | skb_queue_head(&sk->sk_receive_queue, skb); |
| @@ -1382,9 +1382,8 @@ static int iucv_sock_recvmsg(struct kiocb *iocb, struct socket *sock, | |||
| 1382 | 1382 | ||
| 1383 | /* SOCK_STREAM: re-queue skb if it contains unreceived data */ | 1383 | /* SOCK_STREAM: re-queue skb if it contains unreceived data */ |
| 1384 | if (sk->sk_type == SOCK_STREAM) { | 1384 | if (sk->sk_type == SOCK_STREAM) { |
| 1385 | skb_pull(skb, copied); | 1385 | if (copied < rlen) { |
| 1386 | if (skb->len) { | 1386 | IUCV_SKB_CB(skb)->offset = offset + copied; |
| 1387 | skb_queue_head(&sk->sk_receive_queue, skb); | ||
| 1388 | goto done; | 1387 | goto done; |
| 1389 | } | 1388 | } |
| 1390 | } | 1389 | } |
| @@ -1403,6 +1402,7 @@ static int iucv_sock_recvmsg(struct kiocb *iocb, struct socket *sock, | |||
| 1403 | spin_lock_bh(&iucv->message_q.lock); | 1402 | spin_lock_bh(&iucv->message_q.lock); |
| 1404 | rskb = skb_dequeue(&iucv->backlog_skb_q); | 1403 | rskb = skb_dequeue(&iucv->backlog_skb_q); |
| 1405 | while (rskb) { | 1404 | while (rskb) { |
| 1405 | IUCV_SKB_CB(rskb)->offset = 0; | ||
| 1406 | if (sock_queue_rcv_skb(sk, rskb)) { | 1406 | if (sock_queue_rcv_skb(sk, rskb)) { |
| 1407 | skb_queue_head(&iucv->backlog_skb_q, | 1407 | skb_queue_head(&iucv->backlog_skb_q, |
| 1408 | rskb); | 1408 | rskb); |
| @@ -1830,7 +1830,7 @@ static void iucv_callback_txdone(struct iucv_path *path, | |||
| 1830 | spin_lock_irqsave(&list->lock, flags); | 1830 | spin_lock_irqsave(&list->lock, flags); |
| 1831 | 1831 | ||
| 1832 | while (list_skb != (struct sk_buff *)list) { | 1832 | while (list_skb != (struct sk_buff *)list) { |
| 1833 | if (!memcmp(&msg->tag, CB_TAG(list_skb), CB_TAG_LEN)) { | 1833 | if (msg->tag != IUCV_SKB_CB(list_skb)->tag) { |
| 1834 | this = list_skb; | 1834 | this = list_skb; |
| 1835 | break; | 1835 | break; |
| 1836 | } | 1836 | } |
| @@ -2091,6 +2091,7 @@ static int afiucv_hs_callback_rx(struct sock *sk, struct sk_buff *skb) | |||
| 2091 | skb_pull(skb, sizeof(struct af_iucv_trans_hdr)); | 2091 | skb_pull(skb, sizeof(struct af_iucv_trans_hdr)); |
| 2092 | skb_reset_transport_header(skb); | 2092 | skb_reset_transport_header(skb); |
| 2093 | skb_reset_network_header(skb); | 2093 | skb_reset_network_header(skb); |
| 2094 | IUCV_SKB_CB(skb)->offset = 0; | ||
| 2094 | spin_lock(&iucv->message_q.lock); | 2095 | spin_lock(&iucv->message_q.lock); |
| 2095 | if (skb_queue_empty(&iucv->backlog_skb_q)) { | 2096 | if (skb_queue_empty(&iucv->backlog_skb_q)) { |
| 2096 | if (sock_queue_rcv_skb(sk, skb)) { | 2097 | if (sock_queue_rcv_skb(sk, skb)) { |
| @@ -2195,8 +2196,7 @@ static int afiucv_hs_rcv(struct sk_buff *skb, struct net_device *dev, | |||
| 2195 | /* fall through and receive zero length data */ | 2196 | /* fall through and receive zero length data */ |
| 2196 | case 0: | 2197 | case 0: |
| 2197 | /* plain data frame */ | 2198 | /* plain data frame */ |
| 2198 | memcpy(CB_TRGCLS(skb), &trans_hdr->iucv_hdr.class, | 2199 | IUCV_SKB_CB(skb)->class = trans_hdr->iucv_hdr.class; |
| 2199 | CB_TRGCLS_LEN); | ||
| 2200 | err = afiucv_hs_callback_rx(sk, skb); | 2200 | err = afiucv_hs_callback_rx(sk, skb); |
| 2201 | break; | 2201 | break; |
| 2202 | default: | 2202 | default: |
diff --git a/net/l2tp/l2tp_ip6.c b/net/l2tp/l2tp_ip6.c index c74f5a91ff6a..b8a6039314e8 100644 --- a/net/l2tp/l2tp_ip6.c +++ b/net/l2tp/l2tp_ip6.c | |||
| @@ -690,6 +690,7 @@ static int l2tp_ip6_recvmsg(struct kiocb *iocb, struct sock *sk, | |||
| 690 | lsa->l2tp_addr = ipv6_hdr(skb)->saddr; | 690 | lsa->l2tp_addr = ipv6_hdr(skb)->saddr; |
| 691 | lsa->l2tp_flowinfo = 0; | 691 | lsa->l2tp_flowinfo = 0; |
| 692 | lsa->l2tp_scope_id = 0; | 692 | lsa->l2tp_scope_id = 0; |
| 693 | lsa->l2tp_conn_id = 0; | ||
| 693 | if (ipv6_addr_type(&lsa->l2tp_addr) & IPV6_ADDR_LINKLOCAL) | 694 | if (ipv6_addr_type(&lsa->l2tp_addr) & IPV6_ADDR_LINKLOCAL) |
| 694 | lsa->l2tp_scope_id = IP6CB(skb)->iif; | 695 | lsa->l2tp_scope_id = IP6CB(skb)->iif; |
| 695 | } | 696 | } |
diff --git a/net/llc/af_llc.c b/net/llc/af_llc.c index 88709882c464..48aaa89253e0 100644 --- a/net/llc/af_llc.c +++ b/net/llc/af_llc.c | |||
| @@ -720,6 +720,8 @@ static int llc_ui_recvmsg(struct kiocb *iocb, struct socket *sock, | |||
| 720 | int target; /* Read at least this many bytes */ | 720 | int target; /* Read at least this many bytes */ |
| 721 | long timeo; | 721 | long timeo; |
| 722 | 722 | ||
| 723 | msg->msg_namelen = 0; | ||
| 724 | |||
| 723 | lock_sock(sk); | 725 | lock_sock(sk); |
| 724 | copied = -ENOTCONN; | 726 | copied = -ENOTCONN; |
| 725 | if (unlikely(sk->sk_type == SOCK_STREAM && sk->sk_state == TCP_LISTEN)) | 727 | if (unlikely(sk->sk_type == SOCK_STREAM && sk->sk_state == TCP_LISTEN)) |
diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c index d1fa1d9ffd2e..103bd704b5fc 100644 --- a/net/netrom/af_netrom.c +++ b/net/netrom/af_netrom.c | |||
| @@ -1173,6 +1173,7 @@ static int nr_recvmsg(struct kiocb *iocb, struct socket *sock, | |||
| 1173 | } | 1173 | } |
| 1174 | 1174 | ||
| 1175 | if (sax != NULL) { | 1175 | if (sax != NULL) { |
| 1176 | memset(sax, 0, sizeof(*sax)); | ||
| 1176 | sax->sax25_family = AF_NETROM; | 1177 | sax->sax25_family = AF_NETROM; |
| 1177 | skb_copy_from_linear_data_offset(skb, 7, sax->sax25_call.ax25_call, | 1178 | skb_copy_from_linear_data_offset(skb, 7, sax->sax25_call.ax25_call, |
| 1178 | AX25_ADDR_LEN); | 1179 | AX25_ADDR_LEN); |
diff --git a/net/nfc/llcp/sock.c b/net/nfc/llcp/sock.c index 8f025746f337..6c94447ec414 100644 --- a/net/nfc/llcp/sock.c +++ b/net/nfc/llcp/sock.c | |||
| @@ -646,6 +646,8 @@ static int llcp_sock_recvmsg(struct kiocb *iocb, struct socket *sock, | |||
| 646 | 646 | ||
| 647 | pr_debug("%p %zu\n", sk, len); | 647 | pr_debug("%p %zu\n", sk, len); |
| 648 | 648 | ||
| 649 | msg->msg_namelen = 0; | ||
| 650 | |||
| 649 | lock_sock(sk); | 651 | lock_sock(sk); |
| 650 | 652 | ||
| 651 | if (sk->sk_state == LLCP_CLOSED && | 653 | if (sk->sk_state == LLCP_CLOSED && |
| @@ -691,6 +693,7 @@ static int llcp_sock_recvmsg(struct kiocb *iocb, struct socket *sock, | |||
| 691 | 693 | ||
| 692 | pr_debug("Datagram socket %d %d\n", ui_cb->dsap, ui_cb->ssap); | 694 | pr_debug("Datagram socket %d %d\n", ui_cb->dsap, ui_cb->ssap); |
| 693 | 695 | ||
| 696 | memset(sockaddr, 0, sizeof(*sockaddr)); | ||
| 694 | sockaddr->sa_family = AF_NFC; | 697 | sockaddr->sa_family = AF_NFC; |
| 695 | sockaddr->nfc_protocol = NFC_PROTO_NFC_DEP; | 698 | sockaddr->nfc_protocol = NFC_PROTO_NFC_DEP; |
| 696 | sockaddr->dsap = ui_cb->dsap; | 699 | sockaddr->dsap = ui_cb->dsap; |
diff --git a/net/rose/af_rose.c b/net/rose/af_rose.c index cf68e6e4054a..9c8347451597 100644 --- a/net/rose/af_rose.c +++ b/net/rose/af_rose.c | |||
| @@ -1253,6 +1253,7 @@ static int rose_recvmsg(struct kiocb *iocb, struct socket *sock, | |||
| 1253 | skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); | 1253 | skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); |
| 1254 | 1254 | ||
| 1255 | if (srose != NULL) { | 1255 | if (srose != NULL) { |
| 1256 | memset(srose, 0, msg->msg_namelen); | ||
| 1256 | srose->srose_family = AF_ROSE; | 1257 | srose->srose_family = AF_ROSE; |
| 1257 | srose->srose_addr = rose->dest_addr; | 1258 | srose->srose_addr = rose->dest_addr; |
| 1258 | srose->srose_call = rose->dest_call; | 1259 | srose->srose_call = rose->dest_call; |
diff --git a/net/tipc/socket.c b/net/tipc/socket.c index a9622b6cd916..515ce38e4f4c 100644 --- a/net/tipc/socket.c +++ b/net/tipc/socket.c | |||
| @@ -790,6 +790,7 @@ static void set_orig_addr(struct msghdr *m, struct tipc_msg *msg) | |||
| 790 | if (addr) { | 790 | if (addr) { |
| 791 | addr->family = AF_TIPC; | 791 | addr->family = AF_TIPC; |
| 792 | addr->addrtype = TIPC_ADDR_ID; | 792 | addr->addrtype = TIPC_ADDR_ID; |
| 793 | memset(&addr->addr, 0, sizeof(addr->addr)); | ||
| 793 | addr->addr.id.ref = msg_origport(msg); | 794 | addr->addr.id.ref = msg_origport(msg); |
| 794 | addr->addr.id.node = msg_orignode(msg); | 795 | addr->addr.id.node = msg_orignode(msg); |
| 795 | addr->addr.name.domain = 0; /* could leave uninitialized */ | 796 | addr->addr.name.domain = 0; /* could leave uninitialized */ |
| @@ -904,6 +905,9 @@ static int recv_msg(struct kiocb *iocb, struct socket *sock, | |||
| 904 | goto exit; | 905 | goto exit; |
| 905 | } | 906 | } |
| 906 | 907 | ||
| 908 | /* will be updated in set_orig_addr() if needed */ | ||
| 909 | m->msg_namelen = 0; | ||
| 910 | |||
| 907 | timeout = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); | 911 | timeout = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); |
| 908 | restart: | 912 | restart: |
| 909 | 913 | ||
| @@ -1013,6 +1017,9 @@ static int recv_stream(struct kiocb *iocb, struct socket *sock, | |||
| 1013 | goto exit; | 1017 | goto exit; |
| 1014 | } | 1018 | } |
| 1015 | 1019 | ||
| 1020 | /* will be updated in set_orig_addr() if needed */ | ||
| 1021 | m->msg_namelen = 0; | ||
| 1022 | |||
| 1016 | target = sock_rcvlowat(sk, flags & MSG_WAITALL, buf_len); | 1023 | target = sock_rcvlowat(sk, flags & MSG_WAITALL, buf_len); |
| 1017 | timeout = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); | 1024 | timeout = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); |
| 1018 | 1025 | ||
diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c index d8079daf1bde..7f93e2a42d7a 100644 --- a/net/vmw_vsock/af_vsock.c +++ b/net/vmw_vsock/af_vsock.c | |||
| @@ -1670,6 +1670,8 @@ vsock_stream_recvmsg(struct kiocb *kiocb, | |||
| 1670 | vsk = vsock_sk(sk); | 1670 | vsk = vsock_sk(sk); |
| 1671 | err = 0; | 1671 | err = 0; |
| 1672 | 1672 | ||
| 1673 | msg->msg_namelen = 0; | ||
| 1674 | |||
| 1673 | lock_sock(sk); | 1675 | lock_sock(sk); |
| 1674 | 1676 | ||
| 1675 | if (sk->sk_state != SS_CONNECTED) { | 1677 | if (sk->sk_state != SS_CONNECTED) { |
diff --git a/net/vmw_vsock/vmci_transport.c b/net/vmw_vsock/vmci_transport.c index 1f6508e249ae..5e04d3d96285 100644 --- a/net/vmw_vsock/vmci_transport.c +++ b/net/vmw_vsock/vmci_transport.c | |||
| @@ -1736,6 +1736,8 @@ static int vmci_transport_dgram_dequeue(struct kiocb *kiocb, | |||
| 1736 | if (flags & MSG_OOB || flags & MSG_ERRQUEUE) | 1736 | if (flags & MSG_OOB || flags & MSG_ERRQUEUE) |
| 1737 | return -EOPNOTSUPP; | 1737 | return -EOPNOTSUPP; |
| 1738 | 1738 | ||
| 1739 | msg->msg_namelen = 0; | ||
| 1740 | |||
| 1739 | /* Retrieve the head sk_buff from the socket's receive queue. */ | 1741 | /* Retrieve the head sk_buff from the socket's receive queue. */ |
| 1740 | err = 0; | 1742 | err = 0; |
| 1741 | skb = skb_recv_datagram(&vsk->sk, flags, noblock, &err); | 1743 | skb = skb_recv_datagram(&vsk->sk, flags, noblock, &err); |
| @@ -1768,7 +1770,6 @@ static int vmci_transport_dgram_dequeue(struct kiocb *kiocb, | |||
| 1768 | if (err) | 1770 | if (err) |
| 1769 | goto out; | 1771 | goto out; |
| 1770 | 1772 | ||
| 1771 | msg->msg_namelen = 0; | ||
| 1772 | if (msg->msg_name) { | 1773 | if (msg->msg_name) { |
| 1773 | struct sockaddr_vm *vm_addr; | 1774 | struct sockaddr_vm *vm_addr; |
| 1774 | 1775 | ||
diff --git a/net/wireless/sme.c b/net/wireless/sme.c index 09d994d192ff..482c70e70127 100644 --- a/net/wireless/sme.c +++ b/net/wireless/sme.c | |||
| @@ -224,6 +224,7 @@ void cfg80211_conn_work(struct work_struct *work) | |||
| 224 | rtnl_lock(); | 224 | rtnl_lock(); |
| 225 | cfg80211_lock_rdev(rdev); | 225 | cfg80211_lock_rdev(rdev); |
| 226 | mutex_lock(&rdev->devlist_mtx); | 226 | mutex_lock(&rdev->devlist_mtx); |
| 227 | mutex_lock(&rdev->sched_scan_mtx); | ||
| 227 | 228 | ||
| 228 | list_for_each_entry(wdev, &rdev->wdev_list, list) { | 229 | list_for_each_entry(wdev, &rdev->wdev_list, list) { |
| 229 | wdev_lock(wdev); | 230 | wdev_lock(wdev); |
| @@ -248,6 +249,7 @@ void cfg80211_conn_work(struct work_struct *work) | |||
| 248 | wdev_unlock(wdev); | 249 | wdev_unlock(wdev); |
| 249 | } | 250 | } |
| 250 | 251 | ||
| 252 | mutex_unlock(&rdev->sched_scan_mtx); | ||
| 251 | mutex_unlock(&rdev->devlist_mtx); | 253 | mutex_unlock(&rdev->devlist_mtx); |
| 252 | cfg80211_unlock_rdev(rdev); | 254 | cfg80211_unlock_rdev(rdev); |
| 253 | rtnl_unlock(); | 255 | rtnl_unlock(); |