Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (33 commits) sony-laptop: re-read the rfkill state when resuming from suspend sony-laptop: check for rfkill hard block at load time wext: add back wireless/ dir in sysfs for cfg80211 interfaces wext: Add bound checks for copy_from_user mac80211: improve/fix mlme messages cfg80211: always get BSS iwlwifi: fix 3945 ucode info retrieval after failure iwlwifi: fix memory leak in command queue handling iwlwifi: fix debugfs buffer handling cfg80211: don't set privacy w/o key cfg80211: wext: don't display BSSID unless associated net: Add explicit bound checks in net/socket.c bridge: Fix double-free in br_add_if. isdn: fix netjet/isdnhdlc build errors atm: dereference of he_dev->rbps_virt in he_init_group() ax25: Add missing dev_put in ax25_setsockopt Revert "sit: stateless autoconf for isatap" net: fix double skb free in dcbnl net: fix nlmsg len size for skb when error bit is set. net: fix vlan_get_size to include vlan_flags size ...
author: Linus Torvalds <torvalds@linux-foundation.org> 2009-09-30 11:07:12 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2009-09-30 11:07:12 -0400
commit: 5a4c8d75f4ff512c42065a7125d02dffe27966ce (patch)
tree: 05b47722f0515f134f64d3cda6113ba8ca60ad32 /net
parent: e15daf6cdf59fd76c0c5d396ccd1426567305750 (diff)
parent: eb1cf0f8f7a9e5a6d573d5bd72c015686a042db0 (diff)
13 files changed, 52 insertions, 106 deletions
diff --git a/net/8021q/vlan_netlink.c b/net/8021q/vlan_netlink.c
index 343146e1bceb..a91504850195 100644
--- a/net/8021q/vlan_netlink.c
+++ b/net/8021q/vlan_netlink.c
@@ -169,6 +169,7 @@ static size_t vlan_get_size(const struct net_device *dev)
        struct vlan_dev_info *vlan = vlan_dev_info(dev);
        return nla_total_size(2) +      /* IFLA_VLAN_ID */
+               sizeof(struct ifla_vlan_flags) + /* IFLA_VLAN_FLAGS */
               vlan_qos_map_size(vlan->nr_ingress_mappings) +
               vlan_qos_map_size(vlan->nr_egress_mappings);
 }
diff --git a/net/ax25/af_ax25.c b/net/ax25/af_ax25.c
index fbcac76fdc0d..4102de1022ee 100644
--- a/net/ax25/af_ax25.c
+++ b/net/ax25/af_ax25.c
@@ -641,15 +641,10 @@ static int ax25_setsockopt(struct socket *sock, int level, int optname,
        case SO_BINDTODEVICE:
                if (optlen > IFNAMSIZ)
-                        optlen=IFNAMSIZ;
+                        optlen = IFNAMSIZ;
-                if (copy_from_user(devname, optval, optlen)) {
-                res = -EFAULT;
-                        break;
-                }
-                dev = dev_get_by_name(&init_net, devname);
+                if (copy_from_user(devname, optval, optlen)) {
-                if (dev == NULL) {
+                        res = -EFAULT;
-                        res = -ENODEV;
                        break;
                }
@@ -657,12 +652,18 @@ static int ax25_setsockopt(struct socket *sock, int level, int optname,
                   (sock->state != SS_UNCONNECTED ||
                    sk->sk_state == TCP_LISTEN)) {
                        res = -EADDRNOTAVAIL;
-                        dev_put(dev);
+                        break;
+                }
+                dev = dev_get_by_name(&init_net, devname);
+                if (!dev) {
+                        res = -ENODEV;
                        break;
                }
                ax25->ax25_dev = ax25_dev_ax25dev(dev);
                ax25_fillin_cb(ax25, ax25->ax25_dev);
+                dev_put(dev);
                break;
        default:
diff --git a/net/bridge/br_if.c b/net/bridge/br_if.c
index 142ebac14176..b1b3b0fbf41c 100644
--- a/net/bridge/br_if.c
+++ b/net/bridge/br_if.c
@@ -432,6 +432,7 @@ err2:
        br_fdb_delete_by_port(br, p, 1);
 err1:
        kobject_put(&p->kobj);
+        p = NULL; /* kobject_put frees */
 err0:
        dev_set_promiscuity(dev, -1);
 put_back:
diff --git a/net/core/net-sysfs.c b/net/core/net-sysfs.c
index 7d4c57523b09..821d30918cfc 100644
--- a/net/core/net-sysfs.c
+++ b/net/core/net-sysfs.c
@@ -16,7 +16,7 @@
 #include <net/sock.h>
 #include <linux/rtnetlink.h>
 #include <linux/wireless.h>
-#include <net/iw_handler.h>
+#include <net/wext.h>
 #include "net-sysfs.h"
@@ -363,15 +363,13 @@ static ssize_t wireless_show(struct device *d, char *buf,
                                               char *))
 {
        struct net_device *dev = to_net_dev(d);
-        const struct iw_statistics *iw = NULL;
+        const struct iw_statistics *iw;
        ssize_t ret = -EINVAL;
        read_lock(&dev_base_lock);
        if (dev_isalive(dev)) {
-                if (dev->wireless_handlers &&
+                iw = get_wireless_stats(dev);
-                    dev->wireless_handlers->get_wireless_stats)
+                if (iw)
-                        iw = dev->wireless_handlers->get_wireless_stats(dev);
-                if (iw != NULL)
                        ret = (*format)(iw, buf);
        }
        read_unlock(&dev_base_lock);
@@ -505,7 +503,7 @@ int netdev_register_kobject(struct net_device *net)
        *groups++ = &netstat_group;
 #ifdef CONFIG_WIRELESS_EXT_SYSFS
-        if (net->wireless_handlers && net->wireless_handlers->get_wireless_stats)
+        if (net->wireless_handlers || net->ieee80211_ptr)
                *groups++ = &wireless_group;
 #endif
 #endif /* CONFIG_SYSFS */
diff --git a/net/dcb/dcbnl.c b/net/dcb/dcbnl.c
index e0879bfb7dd5..ac1205df6c86 100644
--- a/net/dcb/dcbnl.c
+++ b/net/dcb/dcbnl.c
@@ -194,7 +194,7 @@ static int dcbnl_reply(u8 value, u8 event, u8 cmd, u8 attr, u32 pid,
        nlmsg_end(dcbnl_skb, nlh);
        ret = rtnl_unicast(dcbnl_skb, &init_net, pid);
        if (ret)
-                goto err;
+                return -EINVAL;
        return 0;
 nlmsg_failure:
@@ -275,7 +275,7 @@ static int dcbnl_getpfccfg(struct net_device *netdev, struct nlattr **tb,
        ret = rtnl_unicast(dcbnl_skb, &init_net, pid);
        if (ret)
-                goto err;
+                goto err_out;
        return 0;
 nlmsg_failure:
@@ -316,12 +316,11 @@ static int dcbnl_getperm_hwaddr(struct net_device *netdev, struct nlattr **tb,
        ret = rtnl_unicast(dcbnl_skb, &init_net, pid);
        if (ret)
-                goto err;
+                goto err_out;
        return 0;
 nlmsg_failure:
-err:
        kfree_skb(dcbnl_skb);
 err_out:
        return -EINVAL;
@@ -383,7 +382,7 @@ static int dcbnl_getcap(struct net_device *netdev, struct nlattr **tb,
        ret = rtnl_unicast(dcbnl_skb, &init_net, pid);
        if (ret)
-                goto err;
+                goto err_out;
        return 0;
 nlmsg_failure:
@@ -460,7 +459,7 @@ static int dcbnl_getnumtcs(struct net_device *netdev, struct nlattr **tb,
        ret = rtnl_unicast(dcbnl_skb, &init_net, pid);
        if (ret) {
                ret = -EINVAL;
-                goto err;
+                goto err_out;
        }
        return 0;
@@ -799,7 +798,7 @@ static int __dcbnl_pg_getcfg(struct net_device *netdev, struct nlattr **tb,
        ret = rtnl_unicast(dcbnl_skb, &init_net, pid);
        if (ret)
-                goto err;
+                goto err_out;
        return 0;
@@ -1063,7 +1062,7 @@ static int dcbnl_bcn_getcfg(struct net_device *netdev, struct nlattr **tb,
        ret = rtnl_unicast(dcbnl_skb, &init_net, pid);
        if (ret)
-                goto err;
+                goto err_out;
        return 0;
diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
index 498b9b0b0fad..f74e4e2cdd06 100644
--- a/net/ipv6/ndisc.c
+++ b/net/ipv6/ndisc.c
@@ -658,7 +658,6 @@ void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
                     &icmp6h, NULL,
                     send_sllao ? ND_OPT_SOURCE_LL_ADDR : 0);
 }
-EXPORT_SYMBOL(ndisc_send_rs);
 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c
index fcb539628847..d65e0c496cc0 100644
--- a/net/ipv6/sit.c
+++ b/net/ipv6/sit.c
@@ -15,7 +15,6 @@
 * Roger Venning <r.venning@telstra.com>:       6to4 support
 * Nate Thompson <nate@thebog.net>:             6to4 support
 * Fred Templin <fred.l.templin@boeing.com>:    isatap support
- * Sascha Hlusiak <mail@saschahlusiak.de>:      stateless autoconf for isatap
 */
 #include <linux/module.h>
@@ -223,44 +222,6 @@ failed:
        return NULL;
 }
-static void ipip6_tunnel_rs_timer(unsigned long data)
-{
-        struct ip_tunnel_prl_entry *p = (struct ip_tunnel_prl_entry *) data;
-        struct inet6_dev *ifp;
-        struct inet6_ifaddr *addr;
-        spin_lock(&p->lock);
-        ifp = __in6_dev_get(p->tunnel->dev);
-        read_lock_bh(&ifp->lock);
-        for (addr = ifp->addr_list; addr; addr = addr->if_next) {
-                struct in6_addr rtr;
-                if (!(ipv6_addr_type(&addr->addr) & IPV6_ADDR_LINKLOCAL))
-                        continue;
-                /* Send RS to guessed linklocal address of router
-                 *
-                 * Better: send to ff02::2 encapsuled in unicast directly
-                 * to router-v4 instead of guessing the v6 address.
-                 *
-                 * Cisco/Windows seem to not set the u/l bit correctly,
-                 * so we won't guess right.
-                 */
-                ipv6_addr_set(&rtr,  htonl(0xFE800000), 0, 0, 0);
-                if (!__ipv6_isatap_ifid(rtr.s6_addr + 8,
-                                        p->addr)) {
-                        ndisc_send_rs(p->tunnel->dev, &addr->addr, &rtr);
-                }
-        }
-        read_unlock_bh(&ifp->lock);
-        mod_timer(&p->rs_timer, jiffies + HZ * p->rs_delay);
-        spin_unlock(&p->lock);
-        return;
-}
 static struct ip_tunnel_prl_entry *
 __ipip6_tunnel_locate_prl(struct ip_tunnel *t, __be32 addr)
 {
@@ -319,7 +280,6 @@ static int ipip6_tunnel_get_prl(struct ip_tunnel *t,
                        continue;
                kp[c].addr = prl->addr;
                kp[c].flags = prl->flags;
-                kp[c].rs_delay = prl->rs_delay;
                c++;
                if (kprl.addr != htonl(INADDR_ANY))
                        break;
@@ -369,23 +329,11 @@ ipip6_tunnel_add_prl(struct ip_tunnel *t, struct ip_tunnel_prl *a, int chg)
        }
        p->next = t->prl;
-        p->tunnel = t;
        t->prl = p;
        t->prl_count++;
-        spin_lock_init(&p->lock);
-        setup_timer(&p->rs_timer, ipip6_tunnel_rs_timer, (unsigned long) p);
 update:
        p->addr = a->addr;
        p->flags = a->flags;
-        p->rs_delay = a->rs_delay;
-        if (p->rs_delay == 0)
-                p->rs_delay = IPTUNNEL_RS_DEFAULT_DELAY;
-        spin_lock(&p->lock);
-        del_timer(&p->rs_timer);
-        if (p->flags & PRL_DEFAULT)
-                mod_timer(&p->rs_timer, jiffies + 1);
-        spin_unlock(&p->lock);
 out:
        write_unlock(&ipip6_lock);
        return err;
@@ -404,9 +352,6 @@ ipip6_tunnel_del_prl(struct ip_tunnel *t, struct ip_tunnel_prl *a)
                        if ((*p)->addr == a->addr) {
                                x = *p;
                                *p = x->next;
-                                spin_lock(&x->lock);
-                                del_timer(&x->rs_timer);
-                                spin_unlock(&x->lock);
                                kfree(x);
                                t->prl_count--;
                                goto out;
@@ -417,9 +362,6 @@ ipip6_tunnel_del_prl(struct ip_tunnel *t, struct ip_tunnel_prl *a)
                while (t->prl) {
                        x = t->prl;
                        t->prl = t->prl->next;
-                        spin_lock(&x->lock);
-                        del_timer(&x->rs_timer);
-                        spin_unlock(&x->lock);
                        kfree(x);
                        t->prl_count--;
                }
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index 97a278a2f48e..8d26e9bf8964 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -1388,8 +1388,8 @@ ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata,
        reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code);
-        printk(KERN_DEBUG "%s: disassociated (Reason: %u)\n",
+        printk(KERN_DEBUG "%s: disassociated from %pM (Reason: %u)\n",
-                        sdata->dev->name, reason_code);
+                        sdata->dev->name, mgmt->sa, reason_code);
        ieee80211_set_disassoc(sdata, false);
        return RX_MGMT_CFG80211_DISASSOC;
@@ -1675,7 +1675,7 @@ static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata,
        /* direct probe may be part of the association flow */
        if (wk && wk->state == IEEE80211_MGD_STATE_PROBE) {
-                printk(KERN_DEBUG "%s direct probe responded\n",
+                printk(KERN_DEBUG "%s: direct probe responded\n",
                       sdata->dev->name);
                wk->tries = 0;
                wk->state = IEEE80211_MGD_STATE_AUTH;
@@ -2502,9 +2502,6 @@ int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,
        struct ieee80211_mgd_work *wk;
        const u8 *bssid = NULL;
-        printk(KERN_DEBUG "%s: deauthenticating by local choice (reason=%d)\n",
-               sdata->dev->name, req->reason_code);
        mutex_lock(&ifmgd->mtx);
        if (ifmgd->associated && &ifmgd->associated->cbss == req->bss) {
@@ -2532,6 +2529,9 @@ int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,
        mutex_unlock(&ifmgd->mtx);
+        printk(KERN_DEBUG "%s: deauthenticating from %pM by local choice (reason=%d)\n",
+               sdata->dev->name, bssid, req->reason_code);
        ieee80211_send_deauth_disassoc(sdata, bssid,
                        IEEE80211_STYPE_DEAUTH, req->reason_code,
                        cookie);
@@ -2545,9 +2545,6 @@ int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata,
 {
        struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
-        printk(KERN_DEBUG "%s: disassociating by local choice (reason=%d)\n",
-               sdata->dev->name, req->reason_code);
        mutex_lock(&ifmgd->mtx);
        /*
@@ -2561,6 +2558,9 @@ int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata,
                return -ENOLINK;
        }
+        printk(KERN_DEBUG "%s: disassociating from %pM by local choice (reason=%d)\n",
+               sdata->dev->name, req->bss->bssid, req->reason_code);
        ieee80211_set_disassoc(sdata, false);
        mutex_unlock(&ifmgd->mtx);
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index a4bafbf15097..dd85320907cb 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -1788,7 +1788,7 @@ void netlink_ack(struct sk_buff *in_skb, struct nlmsghdr *nlh, int err)
        }
        rep = __nlmsg_put(skb, NETLINK_CB(in_skb).pid, nlh->nlmsg_seq,
-                          NLMSG_ERROR, sizeof(struct nlmsgerr), 0);
+                          NLMSG_ERROR, payload, 0);
        errmsg = nlmsg_data(rep);
        errmsg->error = err;
        memcpy(&errmsg->msg, nlh, err ? nlh->nlmsg_len : sizeof(*nlh));
diff --git a/net/socket.c b/net/socket.c
index 49917a1cac7d..41e8847508aa 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -2098,12 +2098,17 @@ SYSCALL_DEFINE2(socketcall, int, call, unsigned long __user *, args)
        unsigned long a[6];
        unsigned long a0, a1;
        int err;
+        unsigned int len;
        if (call < 1 || call > SYS_ACCEPT4)
                return -EINVAL;
+        len = nargs[call];
+        if (len > sizeof(a))
+                return -EINVAL;
        /* copy_from_user should be SMP safe. */
-        if (copy_from_user(a, args, nargs[call]))
+        if (copy_from_user(a, args, len))
                return -EFAULT;
        audit_socketcall(nargs[call] / sizeof(unsigned long), a);
diff --git a/net/wireless/sme.c b/net/wireless/sme.c
index 7fae7eee65de..93c3ed329204 100644
--- a/net/wireless/sme.c
+++ b/net/wireless/sme.c
@@ -762,9 +762,8 @@ int __cfg80211_connect(struct cfg80211_registered_device *rdev,
                wdev->conn->params.ssid = wdev->ssid;
                wdev->conn->params.ssid_len = connect->ssid_len;
-                /* don't care about result -- but fill bssid & channel */
+                /* see if we have the bss already */
-                if (!wdev->conn->params.bssid || !wdev->conn->params.channel)
+                bss = cfg80211_get_conn_bss(wdev);
-                        bss = cfg80211_get_conn_bss(wdev);
                wdev->sme_state = CFG80211_SME_CONNECTING;
                wdev->connect_keys = connkeys;
diff --git a/net/wireless/wext-sme.c b/net/wireless/wext-sme.c
index bf725275eb8d..5615a8802536 100644
--- a/net/wireless/wext-sme.c
+++ b/net/wireless/wext-sme.c
@@ -30,7 +30,8 @@ int cfg80211_mgd_wext_connect(struct cfg80211_registered_device *rdev,
        if (wdev->wext.keys) {
                wdev->wext.keys->def = wdev->wext.default_key;
                wdev->wext.keys->defmgmt = wdev->wext.default_mgmt_key;
-                wdev->wext.connect.privacy = true;
+                if (wdev->wext.default_key != -1)
+                        wdev->wext.connect.privacy = true;
        }
        if (!wdev->wext.connect.ssid_len)
@@ -229,8 +230,7 @@ int cfg80211_mgd_wext_giwessid(struct net_device *dev,
                data->flags = 1;
                data->length = wdev->wext.connect.ssid_len;
                memcpy(ssid, wdev->wext.connect.ssid, data->length);
-        } else
+        }
-                data->flags = 0;
        wdev_unlock(wdev);
        return 0;
@@ -306,8 +306,6 @@ int cfg80211_mgd_wext_giwap(struct net_device *dev,
        wdev_lock(wdev);
        if (wdev->current_bss)
                memcpy(ap_addr->sa_data, wdev->current_bss->pub.bssid, ETH_ALEN);
-        else if (wdev->wext.connect.bssid)
-                memcpy(ap_addr->sa_data, wdev->wext.connect.bssid, ETH_ALEN);
        else
                memset(ap_addr->sa_data, 0, ETH_ALEN);
        wdev_unlock(wdev);
diff --git a/net/wireless/wext.c b/net/wireless/wext.c
index 5b4a0cee4418..60fe57761ca9 100644
--- a/net/wireless/wext.c
+++ b/net/wireless/wext.c
@@ -470,7 +470,7 @@ static iw_handler get_handler(struct net_device *dev, unsigned int cmd)
 /*
 * Get statistics out of the driver
 */
-static struct iw_statistics *get_wireless_stats(struct net_device *dev)
+struct iw_statistics *get_wireless_stats(struct net_device *dev)
 {
        /* New location */
        if ((dev->wireless_handlers != NULL) &&
@@ -773,10 +773,13 @@ static int ioctl_standard_iw_point(struct iw_point *iwp, unsigned int cmd,
                        essid_compat = 1;
                else if (IW_IS_SET(cmd) && (iwp->length != 0)) {
                        char essid[IW_ESSID_MAX_SIZE + 1];
+                        unsigned int len;
+                        len = iwp->length * descr->token_size;
-                        err = copy_from_user(essid, iwp->pointer,
+                        if (len > IW_ESSID_MAX_SIZE)
-                                             iwp->length *
+                                return -EFAULT;
-                                             descr->token_size);
+                        err = copy_from_user(essid, iwp->pointer, len);
                        if (err)
                                return -EFAULT;
author	Linus Torvalds <torvalds@linux-foundation.org>	2009-09-30 11:07:12 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2009-09-30 11:07:12 -0400
commit	5a4c8d75f4ff512c42065a7125d02dffe27966ce (patch)
tree	05b47722f0515f134f64d3cda6113ba8ca60ad32 /net
parent	e15daf6cdf59fd76c0c5d396ccd1426567305750 (diff)
parent	eb1cf0f8f7a9e5a6d573d5bd72c015686a042db0 (diff)

diff --git a/net/8021q/vlan_netlink.c b/net/8021q/vlan_netlink.c index 343146e1bceb..a91504850195 100644 --- a/net/8021q/vlan_netlink.c +++ b/net/8021q/vlan_netlink.c
@@ -169,6 +169,7 @@ static size_t vlan_get_size(const struct net_device *dev)
169	struct vlan_dev_info *vlan = vlan_dev_info(dev);	169	struct vlan_dev_info *vlan = vlan_dev_info(dev);
170		170
171	return nla_total_size(2) + /* IFLA_VLAN_ID */	171	return nla_total_size(2) + /* IFLA_VLAN_ID */
		172	sizeof(struct ifla_vlan_flags) + /* IFLA_VLAN_FLAGS */
172	vlan_qos_map_size(vlan->nr_ingress_mappings) +	173	vlan_qos_map_size(vlan->nr_ingress_mappings) +
173	vlan_qos_map_size(vlan->nr_egress_mappings);	174	vlan_qos_map_size(vlan->nr_egress_mappings);
174	}	175	}


diff --git a/net/ax25/af_ax25.c b/net/ax25/af_ax25.c index fbcac76fdc0d..4102de1022ee 100644 --- a/net/ax25/af_ax25.c +++ b/net/ax25/af_ax25.c
@@ -641,15 +641,10 @@ static int ax25_setsockopt(struct socket *sock, int level, int optname,
641		641
642	case SO_BINDTODEVICE:	642	case SO_BINDTODEVICE:
643	if (optlen > IFNAMSIZ)	643	if (optlen > IFNAMSIZ)
644	optlen=IFNAMSIZ;	644	optlen = IFNAMSIZ;
645	if (copy_from_user(devname, optval, optlen)) {
646	res = -EFAULT;
647	break;
648	}
649		645
650	dev = dev_get_by_name(&init_net, devname);	646	if (copy_from_user(devname, optval, optlen)) {
651	if (dev == NULL) {	647	res = -EFAULT;
652	res = -ENODEV;
653	break;	648	break;
654	}	649	}
655		650
@@ -657,12 +652,18 @@ static int ax25_setsockopt(struct socket *sock, int level, int optname,
657	(sock->state != SS_UNCONNECTED \|\|	652	(sock->state != SS_UNCONNECTED \|\|
658	sk->sk_state == TCP_LISTEN)) {	653	sk->sk_state == TCP_LISTEN)) {
659	res = -EADDRNOTAVAIL;	654	res = -EADDRNOTAVAIL;
660	dev_put(dev);	655	break;
		656	}
		657
		658	dev = dev_get_by_name(&init_net, devname);
		659	if (!dev) {
		660	res = -ENODEV;
661	break;	661	break;
662	}	662	}
663		663
664	ax25->ax25_dev = ax25_dev_ax25dev(dev);	664	ax25->ax25_dev = ax25_dev_ax25dev(dev);
665	ax25_fillin_cb(ax25, ax25->ax25_dev);	665	ax25_fillin_cb(ax25, ax25->ax25_dev);
		666	dev_put(dev);
666	break;	667	break;
667		668
668	default:	669	default:


diff --git a/net/bridge/br_if.c b/net/bridge/br_if.c index 142ebac14176..b1b3b0fbf41c 100644 --- a/net/bridge/br_if.c +++ b/net/bridge/br_if.c
@@ -432,6 +432,7 @@ err2:
432	br_fdb_delete_by_port(br, p, 1);	432	br_fdb_delete_by_port(br, p, 1);
433	err1:	433	err1:
434	kobject_put(&p->kobj);	434	kobject_put(&p->kobj);
		435	p = NULL; /* kobject_put frees */
435	err0:	436	err0:
436	dev_set_promiscuity(dev, -1);	437	dev_set_promiscuity(dev, -1);
437	put_back:	438	put_back:


diff --git a/net/core/net-sysfs.c b/net/core/net-sysfs.c index 7d4c57523b09..821d30918cfc 100644 --- a/net/core/net-sysfs.c +++ b/net/core/net-sysfs.c
@@ -16,7 +16,7 @@
16	#include <net/sock.h>	16	#include <net/sock.h>
17	#include <linux/rtnetlink.h>	17	#include <linux/rtnetlink.h>
18	#include <linux/wireless.h>	18	#include <linux/wireless.h>
19	#include <net/iw_handler.h>	19	#include <net/wext.h>
20		20
21	#include "net-sysfs.h"	21	#include "net-sysfs.h"
22		22
@@ -363,15 +363,13 @@ static ssize_t wireless_show(struct device d, char buf,
363	char *))	363	char *))
364	{	364	{
365	struct net_device *dev = to_net_dev(d);	365	struct net_device *dev = to_net_dev(d);
366	const struct iw_statistics *iw = NULL;	366	const struct iw_statistics *iw;
367	ssize_t ret = -EINVAL;	367	ssize_t ret = -EINVAL;
368		368
369	read_lock(&dev_base_lock);	369	read_lock(&dev_base_lock);
370	if (dev_isalive(dev)) {	370	if (dev_isalive(dev)) {
371	if (dev->wireless_handlers &&	371	iw = get_wireless_stats(dev);
372	dev->wireless_handlers->get_wireless_stats)	372	if (iw)
373	iw = dev->wireless_handlers->get_wireless_stats(dev);
374	if (iw != NULL)
375	ret = (*format)(iw, buf);	373	ret = (*format)(iw, buf);
376	}	374	}
377	read_unlock(&dev_base_lock);	375	read_unlock(&dev_base_lock);
@@ -505,7 +503,7 @@ int netdev_register_kobject(struct net_device *net)
505	*groups++ = &netstat_group;	503	*groups++ = &netstat_group;
506		504
507	#ifdef CONFIG_WIRELESS_EXT_SYSFS	505	#ifdef CONFIG_WIRELESS_EXT_SYSFS
508	if (net->wireless_handlers && net->wireless_handlers->get_wireless_stats)	506	if (net->wireless_handlers \|\| net->ieee80211_ptr)
509	*groups++ = &wireless_group;	507	*groups++ = &wireless_group;
510	#endif	508	#endif
511	#endif /* CONFIG_SYSFS */	509	#endif /* CONFIG_SYSFS */


diff --git a/net/dcb/dcbnl.c b/net/dcb/dcbnl.c index e0879bfb7dd5..ac1205df6c86 100644 --- a/net/dcb/dcbnl.c +++ b/net/dcb/dcbnl.c
@@ -194,7 +194,7 @@ static int dcbnl_reply(u8 value, u8 event, u8 cmd, u8 attr, u32 pid,
194	nlmsg_end(dcbnl_skb, nlh);	194	nlmsg_end(dcbnl_skb, nlh);
195	ret = rtnl_unicast(dcbnl_skb, &init_net, pid);	195	ret = rtnl_unicast(dcbnl_skb, &init_net, pid);
196	if (ret)	196	if (ret)
197	goto err;	197	return -EINVAL;
198		198
199	return 0;	199	return 0;
200	nlmsg_failure:	200	nlmsg_failure:
@@ -275,7 +275,7 @@ static int dcbnl_getpfccfg(struct net_device netdev, struct nlattr *tb,
275		275
276	ret = rtnl_unicast(dcbnl_skb, &init_net, pid);	276	ret = rtnl_unicast(dcbnl_skb, &init_net, pid);
277	if (ret)	277	if (ret)
278	goto err;	278	goto err_out;
279		279
280	return 0;	280	return 0;
281	nlmsg_failure:	281	nlmsg_failure:
@@ -316,12 +316,11 @@ static int dcbnl_getperm_hwaddr(struct net_device netdev, struct nlattr *tb,
316		316
317	ret = rtnl_unicast(dcbnl_skb, &init_net, pid);	317	ret = rtnl_unicast(dcbnl_skb, &init_net, pid);
318	if (ret)	318	if (ret)
319	goto err;	319	goto err_out;
320		320
321	return 0;	321	return 0;
322		322
323	nlmsg_failure:	323	nlmsg_failure:
324	err:
325	kfree_skb(dcbnl_skb);	324	kfree_skb(dcbnl_skb);
326	err_out:	325	err_out:
327	return -EINVAL;	326	return -EINVAL;
@@ -383,7 +382,7 @@ static int dcbnl_getcap(struct net_device netdev, struct nlattr *tb,
383		382
384	ret = rtnl_unicast(dcbnl_skb, &init_net, pid);	383	ret = rtnl_unicast(dcbnl_skb, &init_net, pid);
385	if (ret)	384	if (ret)
386	goto err;	385	goto err_out;
387		386
388	return 0;	387	return 0;
389	nlmsg_failure:	388	nlmsg_failure:
@@ -460,7 +459,7 @@ static int dcbnl_getnumtcs(struct net_device netdev, struct nlattr *tb,
460	ret = rtnl_unicast(dcbnl_skb, &init_net, pid);	459	ret = rtnl_unicast(dcbnl_skb, &init_net, pid);
461	if (ret) {	460	if (ret) {
462	ret = -EINVAL;	461	ret = -EINVAL;
463	goto err;	462	goto err_out;
464	}	463	}
465		464
466	return 0;	465	return 0;
@@ -799,7 +798,7 @@ static int __dcbnl_pg_getcfg(struct net_device netdev, struct nlattr *tb,
799		798
800	ret = rtnl_unicast(dcbnl_skb, &init_net, pid);	799	ret = rtnl_unicast(dcbnl_skb, &init_net, pid);
801	if (ret)	800	if (ret)
802	goto err;	801	goto err_out;
803		802
804	return 0;	803	return 0;
805		804
@@ -1063,7 +1062,7 @@ static int dcbnl_bcn_getcfg(struct net_device netdev, struct nlattr *tb,
1063		1062
1064	ret = rtnl_unicast(dcbnl_skb, &init_net, pid);	1063	ret = rtnl_unicast(dcbnl_skb, &init_net, pid);
1065	if (ret)	1064	if (ret)
1066	goto err;	1065	goto err_out;
1067		1066
1068	return 0;	1067	return 0;
1069		1068


diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c index 498b9b0b0fad..f74e4e2cdd06 100644 --- a/net/ipv6/ndisc.c +++ b/net/ipv6/ndisc.c
@@ -658,7 +658,6 @@ void ndisc_send_rs(struct net_device dev, const struct in6_addr saddr,
658	&icmp6h, NULL,	658	&icmp6h, NULL,
659	send_sllao ? ND_OPT_SOURCE_LL_ADDR : 0);	659	send_sllao ? ND_OPT_SOURCE_LL_ADDR : 0);
660	}	660	}
661	EXPORT_SYMBOL(ndisc_send_rs);
662		661
663		662
664	static void ndisc_error_report(struct neighbour neigh, struct sk_buff skb)	663	static void ndisc_error_report(struct neighbour neigh, struct sk_buff skb)


diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c index fcb539628847..d65e0c496cc0 100644 --- a/net/ipv6/sit.c +++ b/net/ipv6/sit.c
@@ -15,7 +15,6 @@
15	* Roger Venning <r.venning@telstra.com>: 6to4 support	15	* Roger Venning <r.venning@telstra.com>: 6to4 support
16	* Nate Thompson <nate@thebog.net>: 6to4 support	16	* Nate Thompson <nate@thebog.net>: 6to4 support
17	* Fred Templin <fred.l.templin@boeing.com>: isatap support	17	* Fred Templin <fred.l.templin@boeing.com>: isatap support
18	* Sascha Hlusiak <mail@saschahlusiak.de>: stateless autoconf for isatap
19	*/	18	*/
20		19
21	#include <linux/module.h>	20	#include <linux/module.h>
@@ -223,44 +222,6 @@ failed:
223	return NULL;	222	return NULL;
224	}	223	}
225		224
226	static void ipip6_tunnel_rs_timer(unsigned long data)
227	{
228	struct ip_tunnel_prl_entry p = (struct ip_tunnel_prl_entry ) data;
229	struct inet6_dev *ifp;
230	struct inet6_ifaddr *addr;
231
232	spin_lock(&p->lock);
233	ifp = __in6_dev_get(p->tunnel->dev);
234
235	read_lock_bh(&ifp->lock);
236	for (addr = ifp->addr_list; addr; addr = addr->if_next) {
237	struct in6_addr rtr;
238
239	if (!(ipv6_addr_type(&addr->addr) & IPV6_ADDR_LINKLOCAL))
240	continue;
241
242	/* Send RS to guessed linklocal address of router
243	*
244	* Better: send to ff02::2 encapsuled in unicast directly
245	* to router-v4 instead of guessing the v6 address.
246	*
247	* Cisco/Windows seem to not set the u/l bit correctly,
248	* so we won't guess right.
249	*/
250	ipv6_addr_set(&rtr, htonl(0xFE800000), 0, 0, 0);
251	if (!__ipv6_isatap_ifid(rtr.s6_addr + 8,
252	p->addr)) {
253	ndisc_send_rs(p->tunnel->dev, &addr->addr, &rtr);
254	}
255	}
256	read_unlock_bh(&ifp->lock);
257
258	mod_timer(&p->rs_timer, jiffies + HZ * p->rs_delay);
259	spin_unlock(&p->lock);
260
261	return;
262	}
263
264	static struct ip_tunnel_prl_entry *	225	static struct ip_tunnel_prl_entry *
265	__ipip6_tunnel_locate_prl(struct ip_tunnel *t, __be32 addr)	226	__ipip6_tunnel_locate_prl(struct ip_tunnel *t, __be32 addr)
266	{	227	{
@@ -319,7 +280,6 @@ static int ipip6_tunnel_get_prl(struct ip_tunnel *t,
319	continue;	280	continue;
320	kp[c].addr = prl->addr;	281	kp[c].addr = prl->addr;
321	kp[c].flags = prl->flags;	282	kp[c].flags = prl->flags;
322	kp[c].rs_delay = prl->rs_delay;
323	c++;	283	c++;
324	if (kprl.addr != htonl(INADDR_ANY))	284	if (kprl.addr != htonl(INADDR_ANY))
325	break;	285	break;
@@ -369,23 +329,11 @@ ipip6_tunnel_add_prl(struct ip_tunnel t, struct ip_tunnel_prl a, int chg)
369	}	329	}
370		330
371	p->next = t->prl;	331	p->next = t->prl;
372	p->tunnel = t;
373	t->prl = p;	332	t->prl = p;
374	t->prl_count++;	333	t->prl_count++;
375
376	spin_lock_init(&p->lock);
377	setup_timer(&p->rs_timer, ipip6_tunnel_rs_timer, (unsigned long) p);
378	update:	334	update:
379	p->addr = a->addr;	335	p->addr = a->addr;
380	p->flags = a->flags;	336	p->flags = a->flags;
381	p->rs_delay = a->rs_delay;
382	if (p->rs_delay == 0)
383	p->rs_delay = IPTUNNEL_RS_DEFAULT_DELAY;
384	spin_lock(&p->lock);
385	del_timer(&p->rs_timer);
386	if (p->flags & PRL_DEFAULT)
387	mod_timer(&p->rs_timer, jiffies + 1);
388	spin_unlock(&p->lock);
389	out:	337	out:
390	write_unlock(&ipip6_lock);	338	write_unlock(&ipip6_lock);
391	return err;	339	return err;
@@ -404,9 +352,6 @@ ipip6_tunnel_del_prl(struct ip_tunnel t, struct ip_tunnel_prl a)
404	if ((*p)->addr == a->addr) {	352	if ((*p)->addr == a->addr) {
405	x = *p;	353	x = *p;
406	*p = x->next;	354	*p = x->next;
407	spin_lock(&x->lock);
408	del_timer(&x->rs_timer);
409	spin_unlock(&x->lock);
410	kfree(x);	355	kfree(x);
411	t->prl_count--;	356	t->prl_count--;
412	goto out;	357	goto out;
@@ -417,9 +362,6 @@ ipip6_tunnel_del_prl(struct ip_tunnel t, struct ip_tunnel_prl a)
417	while (t->prl) {	362	while (t->prl) {
418	x = t->prl;	363	x = t->prl;
419	t->prl = t->prl->next;	364	t->prl = t->prl->next;
420	spin_lock(&x->lock);
421	del_timer(&x->rs_timer);
422	spin_unlock(&x->lock);
423	kfree(x);	365	kfree(x);
424	t->prl_count--;	366	t->prl_count--;
425	}	367	}


diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c index 97a278a2f48e..8d26e9bf8964 100644 --- a/net/mac80211/mlme.c +++ b/net/mac80211/mlme.c
@@ -1388,8 +1388,8 @@ ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata,
1388		1388
1389	reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code);	1389	reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code);
1390		1390
1391	printk(KERN_DEBUG "%s: disassociated (Reason: %u)\n",	1391	printk(KERN_DEBUG "%s: disassociated from %pM (Reason: %u)\n",
1392	sdata->dev->name, reason_code);	1392	sdata->dev->name, mgmt->sa, reason_code);
1393		1393
1394	ieee80211_set_disassoc(sdata, false);	1394	ieee80211_set_disassoc(sdata, false);
1395	return RX_MGMT_CFG80211_DISASSOC;	1395	return RX_MGMT_CFG80211_DISASSOC;
@@ -1675,7 +1675,7 @@ static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata,
1675		1675
1676	/* direct probe may be part of the association flow */	1676	/* direct probe may be part of the association flow */
1677	if (wk && wk->state == IEEE80211_MGD_STATE_PROBE) {	1677	if (wk && wk->state == IEEE80211_MGD_STATE_PROBE) {
1678	printk(KERN_DEBUG "%s direct probe responded\n",	1678	printk(KERN_DEBUG "%s: direct probe responded\n",
1679	sdata->dev->name);	1679	sdata->dev->name);
1680	wk->tries = 0;	1680	wk->tries = 0;
1681	wk->state = IEEE80211_MGD_STATE_AUTH;	1681	wk->state = IEEE80211_MGD_STATE_AUTH;
@@ -2502,9 +2502,6 @@ int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,
2502	struct ieee80211_mgd_work *wk;	2502	struct ieee80211_mgd_work *wk;
2503	const u8 *bssid = NULL;	2503	const u8 *bssid = NULL;
2504		2504
2505	printk(KERN_DEBUG "%s: deauthenticating by local choice (reason=%d)\n",
2506	sdata->dev->name, req->reason_code);
2507
2508	mutex_lock(&ifmgd->mtx);	2505	mutex_lock(&ifmgd->mtx);
2509		2506
2510	if (ifmgd->associated && &ifmgd->associated->cbss == req->bss) {	2507	if (ifmgd->associated && &ifmgd->associated->cbss == req->bss) {
@@ -2532,6 +2529,9 @@ int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,
2532		2529
2533	mutex_unlock(&ifmgd->mtx);	2530	mutex_unlock(&ifmgd->mtx);
2534		2531
		2532	printk(KERN_DEBUG "%s: deauthenticating from %pM by local choice (reason=%d)\n",
		2533	sdata->dev->name, bssid, req->reason_code);
		2534
2535	ieee80211_send_deauth_disassoc(sdata, bssid,	2535	ieee80211_send_deauth_disassoc(sdata, bssid,
2536	IEEE80211_STYPE_DEAUTH, req->reason_code,	2536	IEEE80211_STYPE_DEAUTH, req->reason_code,
2537	cookie);	2537	cookie);
@@ -2545,9 +2545,6 @@ int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata,
2545	{	2545	{
2546	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;	2546	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2547		2547
2548	printk(KERN_DEBUG "%s: disassociating by local choice (reason=%d)\n",
2549	sdata->dev->name, req->reason_code);
2550
2551	mutex_lock(&ifmgd->mtx);	2548	mutex_lock(&ifmgd->mtx);
2552		2549
2553	/*	2550	/*
@@ -2561,6 +2558,9 @@ int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata,
2561	return -ENOLINK;	2558	return -ENOLINK;
2562	}	2559	}
2563		2560
		2561	printk(KERN_DEBUG "%s: disassociating from %pM by local choice (reason=%d)\n",
		2562	sdata->dev->name, req->bss->bssid, req->reason_code);
		2563
2564	ieee80211_set_disassoc(sdata, false);	2564	ieee80211_set_disassoc(sdata, false);
2565		2565
2566	mutex_unlock(&ifmgd->mtx);	2566	mutex_unlock(&ifmgd->mtx);


diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c index a4bafbf15097..dd85320907cb 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c
@@ -1788,7 +1788,7 @@ void netlink_ack(struct sk_buff in_skb, struct nlmsghdr nlh, int err)
1788	}	1788	}
1789		1789
1790	rep = __nlmsg_put(skb, NETLINK_CB(in_skb).pid, nlh->nlmsg_seq,	1790	rep = __nlmsg_put(skb, NETLINK_CB(in_skb).pid, nlh->nlmsg_seq,
1791	NLMSG_ERROR, sizeof(struct nlmsgerr), 0);	1791	NLMSG_ERROR, payload, 0);
1792	errmsg = nlmsg_data(rep);	1792	errmsg = nlmsg_data(rep);
1793	errmsg->error = err;	1793	errmsg->error = err;
1794	memcpy(&errmsg->msg, nlh, err ? nlh->nlmsg_len : sizeof(*nlh));	1794	memcpy(&errmsg->msg, nlh, err ? nlh->nlmsg_len : sizeof(*nlh));


diff --git a/net/socket.c b/net/socket.c index 49917a1cac7d..41e8847508aa 100644 --- a/net/socket.c +++ b/net/socket.c
@@ -2098,12 +2098,17 @@ SYSCALL_DEFINE2(socketcall, int, call, unsigned long __user *, args)
2098	unsigned long a[6];	2098	unsigned long a[6];
2099	unsigned long a0, a1;	2099	unsigned long a0, a1;
2100	int err;	2100	int err;
		2101	unsigned int len;
2101		2102
2102	if (call < 1 \|\| call > SYS_ACCEPT4)	2103	if (call < 1 \|\| call > SYS_ACCEPT4)
2103	return -EINVAL;	2104	return -EINVAL;
2104		2105
		2106	len = nargs[call];
		2107	if (len > sizeof(a))
		2108	return -EINVAL;
		2109
2105	/* copy_from_user should be SMP safe. */	2110	/* copy_from_user should be SMP safe. */
2106	if (copy_from_user(a, args, nargs[call]))	2111	if (copy_from_user(a, args, len))
2107	return -EFAULT;	2112	return -EFAULT;
2108		2113
2109	audit_socketcall(nargs[call] / sizeof(unsigned long), a);	2114	audit_socketcall(nargs[call] / sizeof(unsigned long), a);


diff --git a/net/wireless/sme.c b/net/wireless/sme.c index 7fae7eee65de..93c3ed329204 100644 --- a/net/wireless/sme.c +++ b/net/wireless/sme.c
@@ -762,9 +762,8 @@ int __cfg80211_connect(struct cfg80211_registered_device *rdev,
762	wdev->conn->params.ssid = wdev->ssid;	762	wdev->conn->params.ssid = wdev->ssid;
763	wdev->conn->params.ssid_len = connect->ssid_len;	763	wdev->conn->params.ssid_len = connect->ssid_len;
764		764
765	/* don't care about result -- but fill bssid & channel */	765	/* see if we have the bss already */
766	if (!wdev->conn->params.bssid \|\| !wdev->conn->params.channel)	766	bss = cfg80211_get_conn_bss(wdev);
767	bss = cfg80211_get_conn_bss(wdev);
768		767
769	wdev->sme_state = CFG80211_SME_CONNECTING;	768	wdev->sme_state = CFG80211_SME_CONNECTING;
770	wdev->connect_keys = connkeys;	769	wdev->connect_keys = connkeys;


diff --git a/net/wireless/wext-sme.c b/net/wireless/wext-sme.c index bf725275eb8d..5615a8802536 100644 --- a/net/wireless/wext-sme.c +++ b/net/wireless/wext-sme.c
@@ -30,7 +30,8 @@ int cfg80211_mgd_wext_connect(struct cfg80211_registered_device *rdev,
30	if (wdev->wext.keys) {	30	if (wdev->wext.keys) {
31	wdev->wext.keys->def = wdev->wext.default_key;	31	wdev->wext.keys->def = wdev->wext.default_key;
32	wdev->wext.keys->defmgmt = wdev->wext.default_mgmt_key;	32	wdev->wext.keys->defmgmt = wdev->wext.default_mgmt_key;
33	wdev->wext.connect.privacy = true;	33	if (wdev->wext.default_key != -1)
		34	wdev->wext.connect.privacy = true;
34	}	35	}
35		36
36	if (!wdev->wext.connect.ssid_len)	37	if (!wdev->wext.connect.ssid_len)
@@ -229,8 +230,7 @@ int cfg80211_mgd_wext_giwessid(struct net_device *dev,
229	data->flags = 1;	230	data->flags = 1;
230	data->length = wdev->wext.connect.ssid_len;	231	data->length = wdev->wext.connect.ssid_len;
231	memcpy(ssid, wdev->wext.connect.ssid, data->length);	232	memcpy(ssid, wdev->wext.connect.ssid, data->length);
232	} else	233	}
233	data->flags = 0;
234	wdev_unlock(wdev);	234	wdev_unlock(wdev);
235		235
236	return 0;	236	return 0;
@@ -306,8 +306,6 @@ int cfg80211_mgd_wext_giwap(struct net_device *dev,
306	wdev_lock(wdev);	306	wdev_lock(wdev);
307	if (wdev->current_bss)	307	if (wdev->current_bss)
308	memcpy(ap_addr->sa_data, wdev->current_bss->pub.bssid, ETH_ALEN);	308	memcpy(ap_addr->sa_data, wdev->current_bss->pub.bssid, ETH_ALEN);
309	else if (wdev->wext.connect.bssid)
310	memcpy(ap_addr->sa_data, wdev->wext.connect.bssid, ETH_ALEN);
311	else	309	else
312	memset(ap_addr->sa_data, 0, ETH_ALEN);	310	memset(ap_addr->sa_data, 0, ETH_ALEN);
313	wdev_unlock(wdev);	311	wdev_unlock(wdev);


diff --git a/net/wireless/wext.c b/net/wireless/wext.c index 5b4a0cee4418..60fe57761ca9 100644 --- a/net/wireless/wext.c +++ b/net/wireless/wext.c
@@ -470,7 +470,7 @@ static iw_handler get_handler(struct net_device *dev, unsigned int cmd)
470	/*	470	/*
471	* Get statistics out of the driver	471	* Get statistics out of the driver
472	*/	472	*/
473	static struct iw_statistics get_wireless_stats(struct net_device dev)	473	struct iw_statistics get_wireless_stats(struct net_device dev)
474	{	474	{
475	/* New location */	475	/* New location */
476	if ((dev->wireless_handlers != NULL) &&	476	if ((dev->wireless_handlers != NULL) &&
@@ -773,10 +773,13 @@ static int ioctl_standard_iw_point(struct iw_point *iwp, unsigned int cmd,
773	essid_compat = 1;	773	essid_compat = 1;
774	else if (IW_IS_SET(cmd) && (iwp->length != 0)) {	774	else if (IW_IS_SET(cmd) && (iwp->length != 0)) {
775	char essid[IW_ESSID_MAX_SIZE + 1];	775	char essid[IW_ESSID_MAX_SIZE + 1];
		776	unsigned int len;
		777	len = iwp->length * descr->token_size;
776		778
777	err = copy_from_user(essid, iwp->pointer,	779	if (len > IW_ESSID_MAX_SIZE)
778	iwp->length *	780	return -EFAULT;
779	descr->token_size);	781
		782	err = copy_from_user(essid, iwp->pointer, len);
780	if (err)	783	if (err)
781	return -EFAULT;	784	return -EFAULT;
782		785