aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2011-06-04 10:16:00 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2011-06-04 10:16:00 -0400
commit0e833d8cfcb52b5ee3ead22cabbab81dea32c3f0 (patch)
tree0c64533ba9181c014a4b2dcda75c273ae0437dd6 /net
parent4f1ba49efafccbc73017f824efa2505c81b247cd (diff)
parent7b29dc21ea084be7ddfb536994a9cfae95337690 (diff)
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (40 commits) tg3: Fix tg3_skb_error_unmap() net: tracepoint of net_dev_xmit sees freed skb and causes panic drivers/net/can/flexcan.c: add missing clk_put net: dm9000: Get the chip in a known good state before enabling interrupts drivers/net/davinci_emac.c: add missing clk_put af-packet: Add flag to distinguish VID 0 from no-vlan. caif: Fix race when conditionally taking rtnl lock usbnet/cdc_ncm: add missing .reset_resume hook vlan: fix typo in vlan_dev_hard_start_xmit() net/ipv4: Check for mistakenly passed in non-IPv4 address iwl4965: correctly validate temperature value bluetooth l2cap: fix locking in l2cap_global_chan_by_psm ath9k: fix two more bugs in tx power cfg80211: don't drop p2p probe responses Revert "net: fix section mismatches" drivers/net/usb/catc.c: Fix potential deadlock in catc_ctrl_run() sctp: stop pending timers and purge queues when peer restart asoc drivers/net: ks8842 Fix crash on received packet when in PIO mode. ip_options_compile: properly handle unaligned pointer iwlagn: fix incorrect PCI subsystem id for 6150 devices ...
Diffstat (limited to 'net')
-rw-r--r--net/8021q/vlan_dev.c2
-rw-r--r--net/bluetooth/l2cap_core.c2
-rw-r--r--net/caif/chnl_net.c9
-rw-r--r--net/core/dev.c7
-rw-r--r--net/ipv4/af_inet.c3
-rw-r--r--net/ipv4/ip_options.c15
-rw-r--r--net/mac80211/mlme.c7
-rw-r--r--net/mac80211/scan.c1
-rw-r--r--net/packet/af_packet.c15
-rw-r--r--net/sctp/associola.c23
-rw-r--r--net/sctp/sm_sideeffect.c3
-rw-r--r--net/sctp/sm_statefuns.c14
-rw-r--r--net/wireless/nl80211.c4
-rw-r--r--net/wireless/scan.c43
14 files changed, 95 insertions, 53 deletions
diff --git a/net/8021q/vlan_dev.c b/net/8021q/vlan_dev.c
index f247f5bff88d..7ea5cf9ea08a 100644
--- a/net/8021q/vlan_dev.c
+++ b/net/8021q/vlan_dev.c
@@ -165,7 +165,7 @@ static netdev_tx_t vlan_dev_hard_start_xmit(struct sk_buff *skb,
165 u64_stats_update_begin(&stats->syncp); 165 u64_stats_update_begin(&stats->syncp);
166 stats->tx_packets++; 166 stats->tx_packets++;
167 stats->tx_bytes += len; 167 stats->tx_bytes += len;
168 u64_stats_update_begin(&stats->syncp); 168 u64_stats_update_end(&stats->syncp);
169 } else { 169 } else {
170 this_cpu_inc(vlan_dev_info(dev)->vlan_pcpu_stats->tx_dropped); 170 this_cpu_inc(vlan_dev_info(dev)->vlan_pcpu_stats->tx_dropped);
171 } 171 }
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index a86f9ba4f05c..e64a1c2df238 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -906,7 +906,7 @@ static struct l2cap_chan *l2cap_global_chan_by_psm(int state, __le16 psm, bdaddr
906 if (c->psm == psm) { 906 if (c->psm == psm) {
907 /* Exact match. */ 907 /* Exact match. */
908 if (!bacmp(&bt_sk(sk)->src, src)) { 908 if (!bacmp(&bt_sk(sk)->src, src)) {
909 read_unlock_bh(&chan_list_lock); 909 read_unlock(&chan_list_lock);
910 return c; 910 return c;
911 } 911 }
912 912
diff --git a/net/caif/chnl_net.c b/net/caif/chnl_net.c
index 649ebacaf6bc..adbb424403d4 100644
--- a/net/caif/chnl_net.c
+++ b/net/caif/chnl_net.c
@@ -139,17 +139,14 @@ static void close_work(struct work_struct *work)
139 struct chnl_net *dev = NULL; 139 struct chnl_net *dev = NULL;
140 struct list_head *list_node; 140 struct list_head *list_node;
141 struct list_head *_tmp; 141 struct list_head *_tmp;
142 /* May be called with or without RTNL lock held */ 142
143 int islocked = rtnl_is_locked(); 143 rtnl_lock();
144 if (!islocked)
145 rtnl_lock();
146 list_for_each_safe(list_node, _tmp, &chnl_net_list) { 144 list_for_each_safe(list_node, _tmp, &chnl_net_list) {
147 dev = list_entry(list_node, struct chnl_net, list_field); 145 dev = list_entry(list_node, struct chnl_net, list_field);
148 if (dev->state == CAIF_SHUTDOWN) 146 if (dev->state == CAIF_SHUTDOWN)
149 dev_close(dev->netdev); 147 dev_close(dev->netdev);
150 } 148 }
151 if (!islocked) 149 rtnl_unlock();
152 rtnl_unlock();
153} 150}
154static DECLARE_WORK(close_worker, close_work); 151static DECLARE_WORK(close_worker, close_work);
155 152
diff --git a/net/core/dev.c b/net/core/dev.c
index c7e305d13b71..939307891e71 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -2096,6 +2096,7 @@ int dev_hard_start_xmit(struct sk_buff *skb, struct net_device *dev,
2096{ 2096{
2097 const struct net_device_ops *ops = dev->netdev_ops; 2097 const struct net_device_ops *ops = dev->netdev_ops;
2098 int rc = NETDEV_TX_OK; 2098 int rc = NETDEV_TX_OK;
2099 unsigned int skb_len;
2099 2100
2100 if (likely(!skb->next)) { 2101 if (likely(!skb->next)) {
2101 u32 features; 2102 u32 features;
@@ -2146,8 +2147,9 @@ int dev_hard_start_xmit(struct sk_buff *skb, struct net_device *dev,
2146 } 2147 }
2147 } 2148 }
2148 2149
2150 skb_len = skb->len;
2149 rc = ops->ndo_start_xmit(skb, dev); 2151 rc = ops->ndo_start_xmit(skb, dev);
2150 trace_net_dev_xmit(skb, rc); 2152 trace_net_dev_xmit(skb, rc, dev, skb_len);
2151 if (rc == NETDEV_TX_OK) 2153 if (rc == NETDEV_TX_OK)
2152 txq_trans_update(txq); 2154 txq_trans_update(txq);
2153 return rc; 2155 return rc;
@@ -2167,8 +2169,9 @@ gso:
2167 if (dev->priv_flags & IFF_XMIT_DST_RELEASE) 2169 if (dev->priv_flags & IFF_XMIT_DST_RELEASE)
2168 skb_dst_drop(nskb); 2170 skb_dst_drop(nskb);
2169 2171
2172 skb_len = nskb->len;
2170 rc = ops->ndo_start_xmit(nskb, dev); 2173 rc = ops->ndo_start_xmit(nskb, dev);
2171 trace_net_dev_xmit(nskb, rc); 2174 trace_net_dev_xmit(nskb, rc, dev, skb_len);
2172 if (unlikely(rc != NETDEV_TX_OK)) { 2175 if (unlikely(rc != NETDEV_TX_OK)) {
2173 if (rc & ~NETDEV_TX_MASK) 2176 if (rc & ~NETDEV_TX_MASK)
2174 goto out_kfree_gso_skb; 2177 goto out_kfree_gso_skb;
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index cc1463156cd0..9c1926027a26 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -465,6 +465,9 @@ int inet_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
465 if (addr_len < sizeof(struct sockaddr_in)) 465 if (addr_len < sizeof(struct sockaddr_in))
466 goto out; 466 goto out;
467 467
468 if (addr->sin_family != AF_INET)
469 goto out;
470
468 chk_addr_ret = inet_addr_type(sock_net(sk), addr->sin_addr.s_addr); 471 chk_addr_ret = inet_addr_type(sock_net(sk), addr->sin_addr.s_addr);
469 472
470 /* Not specified by any standard per-se, however it breaks too 473 /* Not specified by any standard per-se, however it breaks too
diff --git a/net/ipv4/ip_options.c b/net/ipv4/ip_options.c
index c3118e1cd3bb..ec93335901dd 100644
--- a/net/ipv4/ip_options.c
+++ b/net/ipv4/ip_options.c
@@ -14,6 +14,7 @@
14#include <linux/slab.h> 14#include <linux/slab.h>
15#include <linux/types.h> 15#include <linux/types.h>
16#include <asm/uaccess.h> 16#include <asm/uaccess.h>
17#include <asm/unaligned.h>
17#include <linux/skbuff.h> 18#include <linux/skbuff.h>
18#include <linux/ip.h> 19#include <linux/ip.h>
19#include <linux/icmp.h> 20#include <linux/icmp.h>
@@ -350,7 +351,7 @@ int ip_options_compile(struct net *net,
350 goto error; 351 goto error;
351 } 352 }
352 if (optptr[2] <= optlen) { 353 if (optptr[2] <= optlen) {
353 __be32 *timeptr = NULL; 354 unsigned char *timeptr = NULL;
354 if (optptr[2]+3 > optptr[1]) { 355 if (optptr[2]+3 > optptr[1]) {
355 pp_ptr = optptr + 2; 356 pp_ptr = optptr + 2;
356 goto error; 357 goto error;
@@ -359,7 +360,7 @@ int ip_options_compile(struct net *net,
359 case IPOPT_TS_TSONLY: 360 case IPOPT_TS_TSONLY:
360 opt->ts = optptr - iph; 361 opt->ts = optptr - iph;
361 if (skb) 362 if (skb)
362 timeptr = (__be32*)&optptr[optptr[2]-1]; 363 timeptr = &optptr[optptr[2]-1];
363 opt->ts_needtime = 1; 364 opt->ts_needtime = 1;
364 optptr[2] += 4; 365 optptr[2] += 4;
365 break; 366 break;
@@ -371,7 +372,7 @@ int ip_options_compile(struct net *net,
371 opt->ts = optptr - iph; 372 opt->ts = optptr - iph;
372 if (rt) { 373 if (rt) {
373 memcpy(&optptr[optptr[2]-1], &rt->rt_spec_dst, 4); 374 memcpy(&optptr[optptr[2]-1], &rt->rt_spec_dst, 4);
374 timeptr = (__be32*)&optptr[optptr[2]+3]; 375 timeptr = &optptr[optptr[2]+3];
375 } 376 }
376 opt->ts_needaddr = 1; 377 opt->ts_needaddr = 1;
377 opt->ts_needtime = 1; 378 opt->ts_needtime = 1;
@@ -389,7 +390,7 @@ int ip_options_compile(struct net *net,
389 if (inet_addr_type(net, addr) == RTN_UNICAST) 390 if (inet_addr_type(net, addr) == RTN_UNICAST)
390 break; 391 break;
391 if (skb) 392 if (skb)
392 timeptr = (__be32*)&optptr[optptr[2]+3]; 393 timeptr = &optptr[optptr[2]+3];
393 } 394 }
394 opt->ts_needtime = 1; 395 opt->ts_needtime = 1;
395 optptr[2] += 8; 396 optptr[2] += 8;
@@ -403,10 +404,10 @@ int ip_options_compile(struct net *net,
403 } 404 }
404 if (timeptr) { 405 if (timeptr) {
405 struct timespec tv; 406 struct timespec tv;
406 __be32 midtime; 407 u32 midtime;
407 getnstimeofday(&tv); 408 getnstimeofday(&tv);
408 midtime = htonl((tv.tv_sec % 86400) * MSEC_PER_SEC + tv.tv_nsec / NSEC_PER_MSEC); 409 midtime = (tv.tv_sec % 86400) * MSEC_PER_SEC + tv.tv_nsec / NSEC_PER_MSEC;
409 memcpy(timeptr, &midtime, sizeof(__be32)); 410 put_unaligned_be32(midtime, timeptr);
410 opt->is_changed = 1; 411 opt->is_changed = 1;
411 } 412 }
412 } else { 413 } else {
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index 4f6b2675e41d..456cccf26b51 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -232,6 +232,9 @@ static u32 ieee80211_enable_ht(struct ieee80211_sub_if_data *sdata,
232 WARN_ON(!ieee80211_set_channel_type(local, sdata, channel_type)); 232 WARN_ON(!ieee80211_set_channel_type(local, sdata, channel_type));
233 } 233 }
234 234
235 ieee80211_stop_queues_by_reason(&sdata->local->hw,
236 IEEE80211_QUEUE_STOP_REASON_CSA);
237
235 /* channel_type change automatically detected */ 238 /* channel_type change automatically detected */
236 ieee80211_hw_config(local, 0); 239 ieee80211_hw_config(local, 0);
237 240
@@ -245,6 +248,9 @@ static u32 ieee80211_enable_ht(struct ieee80211_sub_if_data *sdata,
245 rcu_read_unlock(); 248 rcu_read_unlock();
246 } 249 }
247 250
251 ieee80211_wake_queues_by_reason(&sdata->local->hw,
252 IEEE80211_QUEUE_STOP_REASON_CSA);
253
248 ht_opmode = le16_to_cpu(hti->operation_mode); 254 ht_opmode = le16_to_cpu(hti->operation_mode);
249 255
250 /* if bss configuration changed store the new one */ 256 /* if bss configuration changed store the new one */
@@ -1089,6 +1095,7 @@ static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
1089 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 1095 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
1090 config_changed |= IEEE80211_CONF_CHANGE_PS; 1096 config_changed |= IEEE80211_CONF_CHANGE_PS;
1091 } 1097 }
1098 local->ps_sdata = NULL;
1092 1099
1093 ieee80211_hw_config(local, config_changed); 1100 ieee80211_hw_config(local, config_changed);
1094 1101
diff --git a/net/mac80211/scan.c b/net/mac80211/scan.c
index 27af6723cb5e..58ffa7d069c7 100644
--- a/net/mac80211/scan.c
+++ b/net/mac80211/scan.c
@@ -15,7 +15,6 @@
15#include <linux/if_arp.h> 15#include <linux/if_arp.h>
16#include <linux/rtnetlink.h> 16#include <linux/rtnetlink.h>
17#include <linux/pm_qos_params.h> 17#include <linux/pm_qos_params.h>
18#include <linux/slab.h>
19#include <net/sch_generic.h> 18#include <net/sch_generic.h>
20#include <linux/slab.h> 19#include <linux/slab.h>
21#include <net/mac80211.h> 20#include <net/mac80211.h>
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
index 925f715686a5..ba248d93399a 100644
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -798,7 +798,12 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev,
798 getnstimeofday(&ts); 798 getnstimeofday(&ts);
799 h.h2->tp_sec = ts.tv_sec; 799 h.h2->tp_sec = ts.tv_sec;
800 h.h2->tp_nsec = ts.tv_nsec; 800 h.h2->tp_nsec = ts.tv_nsec;
801 h.h2->tp_vlan_tci = vlan_tx_tag_get(skb); 801 if (vlan_tx_tag_present(skb)) {
802 h.h2->tp_vlan_tci = vlan_tx_tag_get(skb);
803 status |= TP_STATUS_VLAN_VALID;
804 } else {
805 h.h2->tp_vlan_tci = 0;
806 }
802 hdrlen = sizeof(*h.h2); 807 hdrlen = sizeof(*h.h2);
803 break; 808 break;
804 default: 809 default:
@@ -1725,8 +1730,12 @@ static int packet_recvmsg(struct kiocb *iocb, struct socket *sock,
1725 aux.tp_snaplen = skb->len; 1730 aux.tp_snaplen = skb->len;
1726 aux.tp_mac = 0; 1731 aux.tp_mac = 0;
1727 aux.tp_net = skb_network_offset(skb); 1732 aux.tp_net = skb_network_offset(skb);
1728 aux.tp_vlan_tci = vlan_tx_tag_get(skb); 1733 if (vlan_tx_tag_present(skb)) {
1729 1734 aux.tp_vlan_tci = vlan_tx_tag_get(skb);
1735 aux.tp_status |= TP_STATUS_VLAN_VALID;
1736 } else {
1737 aux.tp_vlan_tci = 0;
1738 }
1730 put_cmsg(msg, SOL_PACKET, PACKET_AUXDATA, sizeof(aux), &aux); 1739 put_cmsg(msg, SOL_PACKET, PACKET_AUXDATA, sizeof(aux), &aux);
1731 } 1740 }
1732 1741
diff --git a/net/sctp/associola.c b/net/sctp/associola.c
index 525f97c467e9..4a62888f2e43 100644
--- a/net/sctp/associola.c
+++ b/net/sctp/associola.c
@@ -444,15 +444,7 @@ void sctp_association_free(struct sctp_association *asoc)
444 444
445 asoc->peer.transport_count = 0; 445 asoc->peer.transport_count = 0;
446 446
447 /* Free any cached ASCONF_ACK chunk. */ 447 sctp_asconf_queue_teardown(asoc);
448 sctp_assoc_free_asconf_acks(asoc);
449
450 /* Free the ASCONF queue. */
451 sctp_assoc_free_asconf_queue(asoc);
452
453 /* Free any cached ASCONF chunk. */
454 if (asoc->addip_last_asconf)
455 sctp_chunk_free(asoc->addip_last_asconf);
456 448
457 /* AUTH - Free the endpoint shared keys */ 449 /* AUTH - Free the endpoint shared keys */
458 sctp_auth_destroy_keys(&asoc->endpoint_shared_keys); 450 sctp_auth_destroy_keys(&asoc->endpoint_shared_keys);
@@ -1646,3 +1638,16 @@ struct sctp_chunk *sctp_assoc_lookup_asconf_ack(
1646 1638
1647 return NULL; 1639 return NULL;
1648} 1640}
1641
1642void sctp_asconf_queue_teardown(struct sctp_association *asoc)
1643{
1644 /* Free any cached ASCONF_ACK chunk. */
1645 sctp_assoc_free_asconf_acks(asoc);
1646
1647 /* Free the ASCONF queue. */
1648 sctp_assoc_free_asconf_queue(asoc);
1649
1650 /* Free any cached ASCONF chunk. */
1651 if (asoc->addip_last_asconf)
1652 sctp_chunk_free(asoc->addip_last_asconf);
1653}
diff --git a/net/sctp/sm_sideeffect.c b/net/sctp/sm_sideeffect.c
index d612ca1ca6c0..534c2e5feb05 100644
--- a/net/sctp/sm_sideeffect.c
+++ b/net/sctp/sm_sideeffect.c
@@ -1670,6 +1670,9 @@ static int sctp_cmd_interpreter(sctp_event_t event_type,
1670 case SCTP_CMD_SEND_NEXT_ASCONF: 1670 case SCTP_CMD_SEND_NEXT_ASCONF:
1671 sctp_cmd_send_asconf(asoc); 1671 sctp_cmd_send_asconf(asoc);
1672 break; 1672 break;
1673 case SCTP_CMD_PURGE_ASCONF_QUEUE:
1674 sctp_asconf_queue_teardown(asoc);
1675 break;
1673 default: 1676 default:
1674 pr_warn("Impossible command: %u, %p\n", 1677 pr_warn("Impossible command: %u, %p\n",
1675 cmd->verb, cmd->obj.ptr); 1678 cmd->verb, cmd->obj.ptr);
diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
index 7f4a4f8368ee..a297283154d5 100644
--- a/net/sctp/sm_statefuns.c
+++ b/net/sctp/sm_statefuns.c
@@ -1718,11 +1718,21 @@ static sctp_disposition_t sctp_sf_do_dupcook_a(const struct sctp_endpoint *ep,
1718 return SCTP_DISPOSITION_CONSUME; 1718 return SCTP_DISPOSITION_CONSUME;
1719 } 1719 }
1720 1720
1721 /* For now, fail any unsent/unacked data. Consider the optional 1721 /* For now, stop pending T3-rtx and SACK timers, fail any unsent/unacked
1722 * choice of resending of this data. 1722 * data. Consider the optional choice of resending of this data.
1723 */ 1723 */
1724 sctp_add_cmd_sf(commands, SCTP_CMD_T3_RTX_TIMERS_STOP, SCTP_NULL());
1725 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
1726 SCTP_TO(SCTP_EVENT_TIMEOUT_SACK));
1724 sctp_add_cmd_sf(commands, SCTP_CMD_PURGE_OUTQUEUE, SCTP_NULL()); 1727 sctp_add_cmd_sf(commands, SCTP_CMD_PURGE_OUTQUEUE, SCTP_NULL());
1725 1728
1729 /* Stop pending T4-rto timer, teardown ASCONF queue, ASCONF-ACK queue
1730 * and ASCONF-ACK cache.
1731 */
1732 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
1733 SCTP_TO(SCTP_EVENT_TIMEOUT_T4_RTO));
1734 sctp_add_cmd_sf(commands, SCTP_CMD_PURGE_ASCONF_QUEUE, SCTP_NULL());
1735
1726 repl = sctp_make_cookie_ack(new_asoc, chunk); 1736 repl = sctp_make_cookie_ack(new_asoc, chunk);
1727 if (!repl) 1737 if (!repl)
1728 goto nomem; 1738 goto nomem;
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index ec83f413a7ed..88a565f130a5 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -3406,12 +3406,12 @@ static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
3406 i = 0; 3406 i = 0;
3407 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) { 3407 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
3408 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) { 3408 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
3409 request->ssids[i].ssid_len = nla_len(attr);
3409 if (request->ssids[i].ssid_len > IEEE80211_MAX_SSID_LEN) { 3410 if (request->ssids[i].ssid_len > IEEE80211_MAX_SSID_LEN) {
3410 err = -EINVAL; 3411 err = -EINVAL;
3411 goto out_free; 3412 goto out_free;
3412 } 3413 }
3413 memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr)); 3414 memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
3414 request->ssids[i].ssid_len = nla_len(attr);
3415 i++; 3415 i++;
3416 } 3416 }
3417 } 3417 }
@@ -3572,6 +3572,7 @@ static int nl80211_start_sched_scan(struct sk_buff *skb,
3572 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) { 3572 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
3573 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], 3573 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS],
3574 tmp) { 3574 tmp) {
3575 request->ssids[i].ssid_len = nla_len(attr);
3575 if (request->ssids[i].ssid_len > 3576 if (request->ssids[i].ssid_len >
3576 IEEE80211_MAX_SSID_LEN) { 3577 IEEE80211_MAX_SSID_LEN) {
3577 err = -EINVAL; 3578 err = -EINVAL;
@@ -3579,7 +3580,6 @@ static int nl80211_start_sched_scan(struct sk_buff *skb,
3579 } 3580 }
3580 memcpy(request->ssids[i].ssid, nla_data(attr), 3581 memcpy(request->ssids[i].ssid, nla_data(attr),
3581 nla_len(attr)); 3582 nla_len(attr));
3582 request->ssids[i].ssid_len = nla_len(attr);
3583 i++; 3583 i++;
3584 } 3584 }
3585 } 3585 }
diff --git a/net/wireless/scan.c b/net/wireless/scan.c
index 73a441d237b5..7a6c67667d70 100644
--- a/net/wireless/scan.c
+++ b/net/wireless/scan.c
@@ -267,13 +267,35 @@ static bool is_bss(struct cfg80211_bss *a,
267 return memcmp(ssidie + 2, ssid, ssid_len) == 0; 267 return memcmp(ssidie + 2, ssid, ssid_len) == 0;
268} 268}
269 269
270static bool is_mesh_bss(struct cfg80211_bss *a)
271{
272 const u8 *ie;
273
274 if (!WLAN_CAPABILITY_IS_STA_BSS(a->capability))
275 return false;
276
277 ie = cfg80211_find_ie(WLAN_EID_MESH_ID,
278 a->information_elements,
279 a->len_information_elements);
280 if (!ie)
281 return false;
282
283 ie = cfg80211_find_ie(WLAN_EID_MESH_CONFIG,
284 a->information_elements,
285 a->len_information_elements);
286 if (!ie)
287 return false;
288
289 return true;
290}
291
270static bool is_mesh(struct cfg80211_bss *a, 292static bool is_mesh(struct cfg80211_bss *a,
271 const u8 *meshid, size_t meshidlen, 293 const u8 *meshid, size_t meshidlen,
272 const u8 *meshcfg) 294 const u8 *meshcfg)
273{ 295{
274 const u8 *ie; 296 const u8 *ie;
275 297
276 if (!WLAN_CAPABILITY_IS_MBSS(a->capability)) 298 if (!WLAN_CAPABILITY_IS_STA_BSS(a->capability))
277 return false; 299 return false;
278 300
279 ie = cfg80211_find_ie(WLAN_EID_MESH_ID, 301 ie = cfg80211_find_ie(WLAN_EID_MESH_ID,
@@ -311,7 +333,7 @@ static int cmp_bss(struct cfg80211_bss *a,
311 if (a->channel != b->channel) 333 if (a->channel != b->channel)
312 return b->channel->center_freq - a->channel->center_freq; 334 return b->channel->center_freq - a->channel->center_freq;
313 335
314 if (WLAN_CAPABILITY_IS_MBSS(a->capability | b->capability)) { 336 if (is_mesh_bss(a) && is_mesh_bss(b)) {
315 r = cmp_ies(WLAN_EID_MESH_ID, 337 r = cmp_ies(WLAN_EID_MESH_ID,
316 a->information_elements, 338 a->information_elements,
317 a->len_information_elements, 339 a->len_information_elements,
@@ -457,7 +479,6 @@ cfg80211_bss_update(struct cfg80211_registered_device *dev,
457 struct cfg80211_internal_bss *res) 479 struct cfg80211_internal_bss *res)
458{ 480{
459 struct cfg80211_internal_bss *found = NULL; 481 struct cfg80211_internal_bss *found = NULL;
460 const u8 *meshid, *meshcfg;
461 482
462 /* 483 /*
463 * The reference to "res" is donated to this function. 484 * The reference to "res" is donated to this function.
@@ -470,22 +491,6 @@ cfg80211_bss_update(struct cfg80211_registered_device *dev,
470 491
471 res->ts = jiffies; 492 res->ts = jiffies;
472 493
473 if (WLAN_CAPABILITY_IS_MBSS(res->pub.capability)) {
474 /* must be mesh, verify */
475 meshid = cfg80211_find_ie(WLAN_EID_MESH_ID,
476 res->pub.information_elements,
477 res->pub.len_information_elements);
478 meshcfg = cfg80211_find_ie(WLAN_EID_MESH_CONFIG,
479 res->pub.information_elements,
480 res->pub.len_information_elements);
481 if (!meshid || !meshcfg ||
482 meshcfg[1] != sizeof(struct ieee80211_meshconf_ie)) {
483 /* bogus mesh */
484 kref_put(&res->ref, bss_release);
485 return NULL;
486 }
487 }
488
489 spin_lock_bh(&dev->bss_lock); 494 spin_lock_bh(&dev->bss_lock);
490 495
491 found = rb_find_bss(dev, res); 496 found = rb_find_bss(dev, res);