diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2013-07-31 15:56:18 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2013-07-31 15:56:18 -0400 |
| commit | 06693f305e60202d2795a10bee7fb7da23bc2acc (patch) | |
| tree | 8ef3df7fc92359b13e292d71d91a0491f6615f40 /net | |
| parent | 75eaff010547c55256f807700277365ee07d2a58 (diff) | |
| parent | a661b43fd047ef501da43a19975415f861c7c3db (diff) | |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networking fixes from David Miller:
1) Fix association failures not triggering a connect-failure event in
cfg80211, from Johannes Berg.
2) Eliminate a potential NULL deref with older iptables tools when
configuring xt_socket rules, from Eric Dumazet.
3) Missing RTNL locking in wireless regulatory code, from Johannes
Berg.
4) Fix OOPS caused by firmware loading races in ath9k_htc, from Alexey
Khoroshilov.
5) Fix usb URB leak in usb_8dev CAN driver, also from Alexey
Khoroshilov.
6) VXLAN namespace teardown fails to unregister devices, from Stephen
Hemminger.
7) Fix multicast settings getting dropped by firmware in qlcnic driver,
from Sucheta Chakraborty.
8) Add sysctl range enforcement for tcp_syn_retries, from Michal Tesar.
9) Fix a nasty bug in bridging where an active timer would get
reinitialized with a setup_timer() call. From Eric Dumazet.
10) Fix use after free in new mlx5 driver, from Dan Carpenter.
11) Fix freed pointer reference in ipv6 multicast routing on namespace
cleanup, from Hannes Frederic Sowa.
12) Some usbnet drivers report TSO and SG in their feature set, but the
usbnet layer doesn't really support them. From Eric Dumazet.
13) Fix crash on EEH errors in tg3 driver, from Gavin Shan.
14) Drop cb_lock when requesting modules in genetlink, from Stanislaw
Gruszka.
15) Kernel stack leaks in cbq scheduler and af_key pfkey messages, from
Dan Carpenter.
16) FEC driver erroneously signals NETDEV_TX_BUSY on transmit leading to
endless loops, from Uwe Kleine-König.
17) Fix hangs from loading mvneta driver, from Arnaud Patard.
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (84 commits)
mlx5: fix error return code in mlx5_alloc_uuars()
mvneta: Try to fix mvneta when compiled as module
mvneta: Fix hang when loading the mvneta driver
atl1c: Fix misuse of netdev_alloc_skb in refilling rx ring
genetlink: fix usage of NLM_F_EXCL or NLM_F_REPLACE
af_key: more info leaks in pfkey messages
net/fec: Don't let ndo_start_xmit return NETDEV_TX_BUSY without link
net_sched: Fix stack info leak in cbq_dump_wrr().
igb: fix vlan filtering in promisc mode when not in VT mode
ixgbe: Fix Tx Hang issue with lldpad on 82598EB
genetlink: release cb_lock before requesting additional module
net: fec: workaround stop tx during errata ERR006358
qlcnic: Fix diagnostic interrupt test for 83xx adapters.
qlcnic: Fix setting Guest VLAN
qlcnic: Fix operation type and command type.
qlcnic: Fix initialization of work function.
Revert "atl1c: Fix misuse of netdev_alloc_skb in refilling rx ring"
atl1c: Fix misuse of netdev_alloc_skb in refilling rx ring
net/tg3: Fix warning from pci_disable_device()
net/tg3: Fix kernel crash
...
Diffstat (limited to 'net')
| -rw-r--r-- | net/bridge/br_multicast.c | 5 | ||||
| -rw-r--r-- | net/core/neighbour.c | 29 | ||||
| -rw-r--r-- | net/core/skbuff.c | 3 | ||||
| -rw-r--r-- | net/ipv4/fib_trie.c | 2 | ||||
| -rw-r--r-- | net/ipv4/sysctl_net_ipv4.c | 6 | ||||
| -rw-r--r-- | net/ipv6/ip6mr.c | 5 | ||||
| -rw-r--r-- | net/key/af_key.c | 4 | ||||
| -rw-r--r-- | net/mac80211/cfg.c | 2 | ||||
| -rw-r--r-- | net/mac80211/rc80211_minstrel.c | 3 | ||||
| -rw-r--r-- | net/mac80211/rc80211_minstrel_ht.c | 10 | ||||
| -rw-r--r-- | net/mac80211/rx.c | 10 | ||||
| -rw-r--r-- | net/netfilter/nf_conntrack_expect.c | 5 | ||||
| -rw-r--r-- | net/netfilter/xt_socket.c | 10 | ||||
| -rw-r--r-- | net/netlink/genetlink.c | 4 | ||||
| -rw-r--r-- | net/sched/sch_cbq.c | 1 | ||||
| -rw-r--r-- | net/wireless/nl80211.c | 11 | ||||
| -rw-r--r-- | net/wireless/reg.c | 2 | ||||
| -rw-r--r-- | net/wireless/sme.c | 29 |
18 files changed, 114 insertions, 27 deletions
diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c index 69af490cce44..4b99c9a27044 100644 --- a/net/bridge/br_multicast.c +++ b/net/bridge/br_multicast.c | |||
| @@ -619,6 +619,9 @@ rehash: | |||
| 619 | mp->br = br; | 619 | mp->br = br; |
| 620 | mp->addr = *group; | 620 | mp->addr = *group; |
| 621 | 621 | ||
| 622 | setup_timer(&mp->timer, br_multicast_group_expired, | ||
| 623 | (unsigned long)mp); | ||
| 624 | |||
| 622 | hlist_add_head_rcu(&mp->hlist[mdb->ver], &mdb->mhash[hash]); | 625 | hlist_add_head_rcu(&mp->hlist[mdb->ver], &mdb->mhash[hash]); |
| 623 | mdb->size++; | 626 | mdb->size++; |
| 624 | 627 | ||
| @@ -1126,7 +1129,6 @@ static int br_ip4_multicast_query(struct net_bridge *br, | |||
| 1126 | if (!mp) | 1129 | if (!mp) |
| 1127 | goto out; | 1130 | goto out; |
| 1128 | 1131 | ||
| 1129 | setup_timer(&mp->timer, br_multicast_group_expired, (unsigned long)mp); | ||
| 1130 | mod_timer(&mp->timer, now + br->multicast_membership_interval); | 1132 | mod_timer(&mp->timer, now + br->multicast_membership_interval); |
| 1131 | mp->timer_armed = true; | 1133 | mp->timer_armed = true; |
| 1132 | 1134 | ||
| @@ -1204,7 +1206,6 @@ static int br_ip6_multicast_query(struct net_bridge *br, | |||
| 1204 | if (!mp) | 1206 | if (!mp) |
| 1205 | goto out; | 1207 | goto out; |
| 1206 | 1208 | ||
| 1207 | setup_timer(&mp->timer, br_multicast_group_expired, (unsigned long)mp); | ||
| 1208 | mod_timer(&mp->timer, now + br->multicast_membership_interval); | 1209 | mod_timer(&mp->timer, now + br->multicast_membership_interval); |
| 1209 | mp->timer_armed = true; | 1210 | mp->timer_armed = true; |
| 1210 | 1211 | ||
diff --git a/net/core/neighbour.c b/net/core/neighbour.c index b7de821f98df..9232c68941ab 100644 --- a/net/core/neighbour.c +++ b/net/core/neighbour.c | |||
| @@ -2767,6 +2767,7 @@ EXPORT_SYMBOL(neigh_app_ns); | |||
| 2767 | 2767 | ||
| 2768 | #ifdef CONFIG_SYSCTL | 2768 | #ifdef CONFIG_SYSCTL |
| 2769 | static int zero; | 2769 | static int zero; |
| 2770 | static int int_max = INT_MAX; | ||
| 2770 | static int unres_qlen_max = INT_MAX / SKB_TRUESIZE(ETH_FRAME_LEN); | 2771 | static int unres_qlen_max = INT_MAX / SKB_TRUESIZE(ETH_FRAME_LEN); |
| 2771 | 2772 | ||
| 2772 | static int proc_unres_qlen(struct ctl_table *ctl, int write, | 2773 | static int proc_unres_qlen(struct ctl_table *ctl, int write, |
| @@ -2819,19 +2820,25 @@ static struct neigh_sysctl_table { | |||
| 2819 | .procname = "mcast_solicit", | 2820 | .procname = "mcast_solicit", |
| 2820 | .maxlen = sizeof(int), | 2821 | .maxlen = sizeof(int), |
| 2821 | .mode = 0644, | 2822 | .mode = 0644, |
| 2822 | .proc_handler = proc_dointvec, | 2823 | .extra1 = &zero, |
| 2824 | .extra2 = &int_max, | ||
| 2825 | .proc_handler = proc_dointvec_minmax, | ||
| 2823 | }, | 2826 | }, |
| 2824 | [NEIGH_VAR_UCAST_PROBE] = { | 2827 | [NEIGH_VAR_UCAST_PROBE] = { |
| 2825 | .procname = "ucast_solicit", | 2828 | .procname = "ucast_solicit", |
| 2826 | .maxlen = sizeof(int), | 2829 | .maxlen = sizeof(int), |
| 2827 | .mode = 0644, | 2830 | .mode = 0644, |
| 2828 | .proc_handler = proc_dointvec, | 2831 | .extra1 = &zero, |
| 2832 | .extra2 = &int_max, | ||
| 2833 | .proc_handler = proc_dointvec_minmax, | ||
| 2829 | }, | 2834 | }, |
| 2830 | [NEIGH_VAR_APP_PROBE] = { | 2835 | [NEIGH_VAR_APP_PROBE] = { |
| 2831 | .procname = "app_solicit", | 2836 | .procname = "app_solicit", |
| 2832 | .maxlen = sizeof(int), | 2837 | .maxlen = sizeof(int), |
| 2833 | .mode = 0644, | 2838 | .mode = 0644, |
| 2834 | .proc_handler = proc_dointvec, | 2839 | .extra1 = &zero, |
| 2840 | .extra2 = &int_max, | ||
| 2841 | .proc_handler = proc_dointvec_minmax, | ||
| 2835 | }, | 2842 | }, |
| 2836 | [NEIGH_VAR_RETRANS_TIME] = { | 2843 | [NEIGH_VAR_RETRANS_TIME] = { |
| 2837 | .procname = "retrans_time", | 2844 | .procname = "retrans_time", |
| @@ -2874,7 +2881,9 @@ static struct neigh_sysctl_table { | |||
| 2874 | .procname = "proxy_qlen", | 2881 | .procname = "proxy_qlen", |
| 2875 | .maxlen = sizeof(int), | 2882 | .maxlen = sizeof(int), |
| 2876 | .mode = 0644, | 2883 | .mode = 0644, |
| 2877 | .proc_handler = proc_dointvec, | 2884 | .extra1 = &zero, |
| 2885 | .extra2 = &int_max, | ||
| 2886 | .proc_handler = proc_dointvec_minmax, | ||
| 2878 | }, | 2887 | }, |
| 2879 | [NEIGH_VAR_ANYCAST_DELAY] = { | 2888 | [NEIGH_VAR_ANYCAST_DELAY] = { |
| 2880 | .procname = "anycast_delay", | 2889 | .procname = "anycast_delay", |
| @@ -2916,19 +2925,25 @@ static struct neigh_sysctl_table { | |||
| 2916 | .procname = "gc_thresh1", | 2925 | .procname = "gc_thresh1", |
| 2917 | .maxlen = sizeof(int), | 2926 | .maxlen = sizeof(int), |
| 2918 | .mode = 0644, | 2927 | .mode = 0644, |
| 2919 | .proc_handler = proc_dointvec, | 2928 | .extra1 = &zero, |
| 2929 | .extra2 = &int_max, | ||
| 2930 | .proc_handler = proc_dointvec_minmax, | ||
| 2920 | }, | 2931 | }, |
| 2921 | [NEIGH_VAR_GC_THRESH2] = { | 2932 | [NEIGH_VAR_GC_THRESH2] = { |
| 2922 | .procname = "gc_thresh2", | 2933 | .procname = "gc_thresh2", |
| 2923 | .maxlen = sizeof(int), | 2934 | .maxlen = sizeof(int), |
| 2924 | .mode = 0644, | 2935 | .mode = 0644, |
| 2925 | .proc_handler = proc_dointvec, | 2936 | .extra1 = &zero, |
| 2937 | .extra2 = &int_max, | ||
| 2938 | .proc_handler = proc_dointvec_minmax, | ||
| 2926 | }, | 2939 | }, |
| 2927 | [NEIGH_VAR_GC_THRESH3] = { | 2940 | [NEIGH_VAR_GC_THRESH3] = { |
| 2928 | .procname = "gc_thresh3", | 2941 | .procname = "gc_thresh3", |
| 2929 | .maxlen = sizeof(int), | 2942 | .maxlen = sizeof(int), |
| 2930 | .mode = 0644, | 2943 | .mode = 0644, |
| 2931 | .proc_handler = proc_dointvec, | 2944 | .extra1 = &zero, |
| 2945 | .extra2 = &int_max, | ||
| 2946 | .proc_handler = proc_dointvec_minmax, | ||
| 2932 | }, | 2947 | }, |
| 2933 | {}, | 2948 | {}, |
| 2934 | }, | 2949 | }, |
diff --git a/net/core/skbuff.c b/net/core/skbuff.c index 20e02d2605ec..3df4d4ccf440 100644 --- a/net/core/skbuff.c +++ b/net/core/skbuff.c | |||
| @@ -309,7 +309,8 @@ EXPORT_SYMBOL(__alloc_skb); | |||
| 309 | * @frag_size: size of fragment, or 0 if head was kmalloced | 309 | * @frag_size: size of fragment, or 0 if head was kmalloced |
| 310 | * | 310 | * |
| 311 | * Allocate a new &sk_buff. Caller provides space holding head and | 311 | * Allocate a new &sk_buff. Caller provides space holding head and |
| 312 | * skb_shared_info. @data must have been allocated by kmalloc() | 312 | * skb_shared_info. @data must have been allocated by kmalloc() only if |
| 313 | * @frag_size is 0, otherwise data should come from the page allocator. | ||
| 313 | * The return is the new skb buffer. | 314 | * The return is the new skb buffer. |
| 314 | * On a failure the return is %NULL, and @data is not freed. | 315 | * On a failure the return is %NULL, and @data is not freed. |
| 315 | * Notes : | 316 | * Notes : |
diff --git a/net/ipv4/fib_trie.c b/net/ipv4/fib_trie.c index 49616fed9340..108a1e9c9eac 100644 --- a/net/ipv4/fib_trie.c +++ b/net/ipv4/fib_trie.c | |||
| @@ -2133,7 +2133,7 @@ static void trie_show_stats(struct seq_file *seq, struct trie_stat *stat) | |||
| 2133 | max--; | 2133 | max--; |
| 2134 | 2134 | ||
| 2135 | pointers = 0; | 2135 | pointers = 0; |
| 2136 | for (i = 1; i <= max; i++) | 2136 | for (i = 1; i < max; i++) |
| 2137 | if (stat->nodesizes[i] != 0) { | 2137 | if (stat->nodesizes[i] != 0) { |
| 2138 | seq_printf(seq, " %u: %u", i, stat->nodesizes[i]); | 2138 | seq_printf(seq, " %u: %u", i, stat->nodesizes[i]); |
| 2139 | pointers += (1<<i) * stat->nodesizes[i]; | 2139 | pointers += (1<<i) * stat->nodesizes[i]; |
diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c index b2c123c44d69..610e324348d1 100644 --- a/net/ipv4/sysctl_net_ipv4.c +++ b/net/ipv4/sysctl_net_ipv4.c | |||
| @@ -36,6 +36,8 @@ static int tcp_adv_win_scale_min = -31; | |||
| 36 | static int tcp_adv_win_scale_max = 31; | 36 | static int tcp_adv_win_scale_max = 31; |
| 37 | static int ip_ttl_min = 1; | 37 | static int ip_ttl_min = 1; |
| 38 | static int ip_ttl_max = 255; | 38 | static int ip_ttl_max = 255; |
| 39 | static int tcp_syn_retries_min = 1; | ||
| 40 | static int tcp_syn_retries_max = MAX_TCP_SYNCNT; | ||
| 39 | static int ip_ping_group_range_min[] = { 0, 0 }; | 41 | static int ip_ping_group_range_min[] = { 0, 0 }; |
| 40 | static int ip_ping_group_range_max[] = { GID_T_MAX, GID_T_MAX }; | 42 | static int ip_ping_group_range_max[] = { GID_T_MAX, GID_T_MAX }; |
| 41 | 43 | ||
| @@ -332,7 +334,9 @@ static struct ctl_table ipv4_table[] = { | |||
| 332 | .data = &sysctl_tcp_syn_retries, | 334 | .data = &sysctl_tcp_syn_retries, |
| 333 | .maxlen = sizeof(int), | 335 | .maxlen = sizeof(int), |
| 334 | .mode = 0644, | 336 | .mode = 0644, |
| 335 | .proc_handler = proc_dointvec | 337 | .proc_handler = proc_dointvec_minmax, |
| 338 | .extra1 = &tcp_syn_retries_min, | ||
| 339 | .extra2 = &tcp_syn_retries_max | ||
| 336 | }, | 340 | }, |
| 337 | { | 341 | { |
| 338 | .procname = "tcp_synack_retries", | 342 | .procname = "tcp_synack_retries", |
diff --git a/net/ipv6/ip6mr.c b/net/ipv6/ip6mr.c index 583e8d435f9a..03986d31fa41 100644 --- a/net/ipv6/ip6mr.c +++ b/net/ipv6/ip6mr.c | |||
| @@ -259,10 +259,12 @@ static void __net_exit ip6mr_rules_exit(struct net *net) | |||
| 259 | { | 259 | { |
| 260 | struct mr6_table *mrt, *next; | 260 | struct mr6_table *mrt, *next; |
| 261 | 261 | ||
| 262 | rtnl_lock(); | ||
| 262 | list_for_each_entry_safe(mrt, next, &net->ipv6.mr6_tables, list) { | 263 | list_for_each_entry_safe(mrt, next, &net->ipv6.mr6_tables, list) { |
| 263 | list_del(&mrt->list); | 264 | list_del(&mrt->list); |
| 264 | ip6mr_free_table(mrt); | 265 | ip6mr_free_table(mrt); |
| 265 | } | 266 | } |
| 267 | rtnl_unlock(); | ||
| 266 | fib_rules_unregister(net->ipv6.mr6_rules_ops); | 268 | fib_rules_unregister(net->ipv6.mr6_rules_ops); |
| 267 | } | 269 | } |
| 268 | #else | 270 | #else |
| @@ -289,7 +291,10 @@ static int __net_init ip6mr_rules_init(struct net *net) | |||
| 289 | 291 | ||
| 290 | static void __net_exit ip6mr_rules_exit(struct net *net) | 292 | static void __net_exit ip6mr_rules_exit(struct net *net) |
| 291 | { | 293 | { |
| 294 | rtnl_lock(); | ||
| 292 | ip6mr_free_table(net->ipv6.mrt6); | 295 | ip6mr_free_table(net->ipv6.mrt6); |
| 296 | net->ipv6.mrt6 = NULL; | ||
| 297 | rtnl_unlock(); | ||
| 293 | } | 298 | } |
| 294 | #endif | 299 | #endif |
| 295 | 300 | ||
diff --git a/net/key/af_key.c b/net/key/af_key.c index 9da862070dd8..ab8bd2cabfa0 100644 --- a/net/key/af_key.c +++ b/net/key/af_key.c | |||
| @@ -2081,6 +2081,7 @@ static int pfkey_xfrm_policy2msg(struct sk_buff *skb, const struct xfrm_policy * | |||
| 2081 | pol->sadb_x_policy_type = IPSEC_POLICY_NONE; | 2081 | pol->sadb_x_policy_type = IPSEC_POLICY_NONE; |
| 2082 | } | 2082 | } |
| 2083 | pol->sadb_x_policy_dir = dir+1; | 2083 | pol->sadb_x_policy_dir = dir+1; |
| 2084 | pol->sadb_x_policy_reserved = 0; | ||
| 2084 | pol->sadb_x_policy_id = xp->index; | 2085 | pol->sadb_x_policy_id = xp->index; |
| 2085 | pol->sadb_x_policy_priority = xp->priority; | 2086 | pol->sadb_x_policy_priority = xp->priority; |
| 2086 | 2087 | ||
| @@ -3137,7 +3138,9 @@ static int pfkey_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *t, struct | |||
| 3137 | pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY; | 3138 | pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY; |
| 3138 | pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC; | 3139 | pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC; |
| 3139 | pol->sadb_x_policy_dir = XFRM_POLICY_OUT + 1; | 3140 | pol->sadb_x_policy_dir = XFRM_POLICY_OUT + 1; |
| 3141 | pol->sadb_x_policy_reserved = 0; | ||
| 3140 | pol->sadb_x_policy_id = xp->index; | 3142 | pol->sadb_x_policy_id = xp->index; |
| 3143 | pol->sadb_x_policy_priority = xp->priority; | ||
| 3141 | 3144 | ||
| 3142 | /* Set sadb_comb's. */ | 3145 | /* Set sadb_comb's. */ |
| 3143 | if (x->id.proto == IPPROTO_AH) | 3146 | if (x->id.proto == IPPROTO_AH) |
| @@ -3525,6 +3528,7 @@ static int pfkey_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type, | |||
| 3525 | pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY; | 3528 | pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY; |
| 3526 | pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC; | 3529 | pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC; |
| 3527 | pol->sadb_x_policy_dir = dir + 1; | 3530 | pol->sadb_x_policy_dir = dir + 1; |
| 3531 | pol->sadb_x_policy_reserved = 0; | ||
| 3528 | pol->sadb_x_policy_id = 0; | 3532 | pol->sadb_x_policy_id = 0; |
| 3529 | pol->sadb_x_policy_priority = 0; | 3533 | pol->sadb_x_policy_priority = 0; |
| 3530 | 3534 | ||
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c index 8184d121ff09..43dd7525bfcb 100644 --- a/net/mac80211/cfg.c +++ b/net/mac80211/cfg.c | |||
| @@ -666,6 +666,8 @@ static void ieee80211_get_et_stats(struct wiphy *wiphy, | |||
| 666 | if (sta->sdata->dev != dev) | 666 | if (sta->sdata->dev != dev) |
| 667 | continue; | 667 | continue; |
| 668 | 668 | ||
| 669 | sinfo.filled = 0; | ||
| 670 | sta_set_sinfo(sta, &sinfo); | ||
| 669 | i = 0; | 671 | i = 0; |
| 670 | ADD_STA_STATS(sta); | 672 | ADD_STA_STATS(sta); |
| 671 | } | 673 | } |
diff --git a/net/mac80211/rc80211_minstrel.c b/net/mac80211/rc80211_minstrel.c index ac7ef5414bde..e6512e2ffd20 100644 --- a/net/mac80211/rc80211_minstrel.c +++ b/net/mac80211/rc80211_minstrel.c | |||
| @@ -290,7 +290,7 @@ minstrel_get_rate(void *priv, struct ieee80211_sta *sta, | |||
| 290 | struct minstrel_rate *msr, *mr; | 290 | struct minstrel_rate *msr, *mr; |
| 291 | unsigned int ndx; | 291 | unsigned int ndx; |
| 292 | bool mrr_capable; | 292 | bool mrr_capable; |
| 293 | bool prev_sample = mi->prev_sample; | 293 | bool prev_sample; |
| 294 | int delta; | 294 | int delta; |
| 295 | int sampling_ratio; | 295 | int sampling_ratio; |
| 296 | 296 | ||
| @@ -314,6 +314,7 @@ minstrel_get_rate(void *priv, struct ieee80211_sta *sta, | |||
| 314 | (mi->sample_count + mi->sample_deferred / 2); | 314 | (mi->sample_count + mi->sample_deferred / 2); |
| 315 | 315 | ||
| 316 | /* delta < 0: no sampling required */ | 316 | /* delta < 0: no sampling required */ |
| 317 | prev_sample = mi->prev_sample; | ||
| 317 | mi->prev_sample = false; | 318 | mi->prev_sample = false; |
| 318 | if (delta < 0 || (!mrr_capable && prev_sample)) | 319 | if (delta < 0 || (!mrr_capable && prev_sample)) |
| 319 | return; | 320 | return; |
diff --git a/net/mac80211/rc80211_minstrel_ht.c b/net/mac80211/rc80211_minstrel_ht.c index 5b2d3012b983..f5aed963b22e 100644 --- a/net/mac80211/rc80211_minstrel_ht.c +++ b/net/mac80211/rc80211_minstrel_ht.c | |||
| @@ -804,10 +804,18 @@ minstrel_ht_get_rate(void *priv, struct ieee80211_sta *sta, void *priv_sta, | |||
| 804 | 804 | ||
| 805 | sample_group = &minstrel_mcs_groups[sample_idx / MCS_GROUP_RATES]; | 805 | sample_group = &minstrel_mcs_groups[sample_idx / MCS_GROUP_RATES]; |
| 806 | info->flags |= IEEE80211_TX_CTL_RATE_CTRL_PROBE; | 806 | info->flags |= IEEE80211_TX_CTL_RATE_CTRL_PROBE; |
| 807 | rate->count = 1; | ||
| 808 | |||
| 809 | if (sample_idx / MCS_GROUP_RATES == MINSTREL_CCK_GROUP) { | ||
| 810 | int idx = sample_idx % ARRAY_SIZE(mp->cck_rates); | ||
| 811 | rate->idx = mp->cck_rates[idx]; | ||
| 812 | rate->flags = 0; | ||
| 813 | return; | ||
| 814 | } | ||
| 815 | |||
| 807 | rate->idx = sample_idx % MCS_GROUP_RATES + | 816 | rate->idx = sample_idx % MCS_GROUP_RATES + |
| 808 | (sample_group->streams - 1) * MCS_GROUP_RATES; | 817 | (sample_group->streams - 1) * MCS_GROUP_RATES; |
| 809 | rate->flags = IEEE80211_TX_RC_MCS | sample_group->flags; | 818 | rate->flags = IEEE80211_TX_RC_MCS | sample_group->flags; |
| 810 | rate->count = 1; | ||
| 811 | } | 819 | } |
| 812 | 820 | ||
| 813 | static void | 821 | static void |
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c index 23dbcfc69b3b..2c5a79bd3777 100644 --- a/net/mac80211/rx.c +++ b/net/mac80211/rx.c | |||
| @@ -936,8 +936,14 @@ ieee80211_rx_h_check(struct ieee80211_rx_data *rx) | |||
| 936 | struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data; | 936 | struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data; |
| 937 | struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb); | 937 | struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb); |
| 938 | 938 | ||
| 939 | /* Drop duplicate 802.11 retransmissions (IEEE 802.11 Chap. 9.2.9) */ | 939 | /* |
| 940 | if (rx->sta && !is_multicast_ether_addr(hdr->addr1)) { | 940 | * Drop duplicate 802.11 retransmissions |
| 941 | * (IEEE 802.11-2012: 9.3.2.10 "Duplicate detection and recovery") | ||
| 942 | */ | ||
| 943 | if (rx->skb->len >= 24 && rx->sta && | ||
| 944 | !ieee80211_is_ctl(hdr->frame_control) && | ||
| 945 | !ieee80211_is_qos_nullfunc(hdr->frame_control) && | ||
| 946 | !is_multicast_ether_addr(hdr->addr1)) { | ||
| 941 | if (unlikely(ieee80211_has_retry(hdr->frame_control) && | 947 | if (unlikely(ieee80211_has_retry(hdr->frame_control) && |
| 942 | rx->sta->last_seq_ctrl[rx->seqno_idx] == | 948 | rx->sta->last_seq_ctrl[rx->seqno_idx] == |
| 943 | hdr->seq_ctrl)) { | 949 | hdr->seq_ctrl)) { |
diff --git a/net/netfilter/nf_conntrack_expect.c b/net/netfilter/nf_conntrack_expect.c index c63b618cd619..4fd1ca94fd4a 100644 --- a/net/netfilter/nf_conntrack_expect.c +++ b/net/netfilter/nf_conntrack_expect.c | |||
| @@ -293,6 +293,11 @@ void nf_ct_expect_init(struct nf_conntrack_expect *exp, unsigned int class, | |||
| 293 | sizeof(exp->tuple.dst.u3) - len); | 293 | sizeof(exp->tuple.dst.u3) - len); |
| 294 | 294 | ||
| 295 | exp->tuple.dst.u.all = *dst; | 295 | exp->tuple.dst.u.all = *dst; |
| 296 | |||
| 297 | #ifdef CONFIG_NF_NAT_NEEDED | ||
| 298 | memset(&exp->saved_addr, 0, sizeof(exp->saved_addr)); | ||
| 299 | memset(&exp->saved_proto, 0, sizeof(exp->saved_proto)); | ||
| 300 | #endif | ||
| 296 | } | 301 | } |
| 297 | EXPORT_SYMBOL_GPL(nf_ct_expect_init); | 302 | EXPORT_SYMBOL_GPL(nf_ct_expect_init); |
| 298 | 303 | ||
diff --git a/net/netfilter/xt_socket.c b/net/netfilter/xt_socket.c index f8b71911037a..20b15916f403 100644 --- a/net/netfilter/xt_socket.c +++ b/net/netfilter/xt_socket.c | |||
| @@ -172,7 +172,7 @@ socket_match(const struct sk_buff *skb, struct xt_action_param *par, | |||
| 172 | 172 | ||
| 173 | /* Ignore non-transparent sockets, | 173 | /* Ignore non-transparent sockets, |
| 174 | if XT_SOCKET_TRANSPARENT is used */ | 174 | if XT_SOCKET_TRANSPARENT is used */ |
| 175 | if (info && info->flags & XT_SOCKET_TRANSPARENT) | 175 | if (info->flags & XT_SOCKET_TRANSPARENT) |
| 176 | transparent = ((sk->sk_state != TCP_TIME_WAIT && | 176 | transparent = ((sk->sk_state != TCP_TIME_WAIT && |
| 177 | inet_sk(sk)->transparent) || | 177 | inet_sk(sk)->transparent) || |
| 178 | (sk->sk_state == TCP_TIME_WAIT && | 178 | (sk->sk_state == TCP_TIME_WAIT && |
| @@ -196,7 +196,11 @@ socket_match(const struct sk_buff *skb, struct xt_action_param *par, | |||
| 196 | static bool | 196 | static bool |
| 197 | socket_mt4_v0(const struct sk_buff *skb, struct xt_action_param *par) | 197 | socket_mt4_v0(const struct sk_buff *skb, struct xt_action_param *par) |
| 198 | { | 198 | { |
| 199 | return socket_match(skb, par, NULL); | 199 | static struct xt_socket_mtinfo1 xt_info_v0 = { |
| 200 | .flags = 0, | ||
| 201 | }; | ||
| 202 | |||
| 203 | return socket_match(skb, par, &xt_info_v0); | ||
| 200 | } | 204 | } |
| 201 | 205 | ||
| 202 | static bool | 206 | static bool |
| @@ -314,7 +318,7 @@ socket_mt6_v1_v2(const struct sk_buff *skb, struct xt_action_param *par) | |||
| 314 | 318 | ||
| 315 | /* Ignore non-transparent sockets, | 319 | /* Ignore non-transparent sockets, |
| 316 | if XT_SOCKET_TRANSPARENT is used */ | 320 | if XT_SOCKET_TRANSPARENT is used */ |
| 317 | if (info && info->flags & XT_SOCKET_TRANSPARENT) | 321 | if (info->flags & XT_SOCKET_TRANSPARENT) |
| 318 | transparent = ((sk->sk_state != TCP_TIME_WAIT && | 322 | transparent = ((sk->sk_state != TCP_TIME_WAIT && |
| 319 | inet_sk(sk)->transparent) || | 323 | inet_sk(sk)->transparent) || |
| 320 | (sk->sk_state == TCP_TIME_WAIT && | 324 | (sk->sk_state == TCP_TIME_WAIT && |
diff --git a/net/netlink/genetlink.c b/net/netlink/genetlink.c index 2fd6dbea327a..512718adb0d5 100644 --- a/net/netlink/genetlink.c +++ b/net/netlink/genetlink.c | |||
| @@ -571,7 +571,7 @@ static int genl_family_rcv_msg(struct genl_family *family, | |||
| 571 | !capable(CAP_NET_ADMIN)) | 571 | !capable(CAP_NET_ADMIN)) |
| 572 | return -EPERM; | 572 | return -EPERM; |
| 573 | 573 | ||
| 574 | if (nlh->nlmsg_flags & NLM_F_DUMP) { | 574 | if ((nlh->nlmsg_flags & NLM_F_DUMP) == NLM_F_DUMP) { |
| 575 | struct netlink_dump_control c = { | 575 | struct netlink_dump_control c = { |
| 576 | .dump = ops->dumpit, | 576 | .dump = ops->dumpit, |
| 577 | .done = ops->done, | 577 | .done = ops->done, |
| @@ -877,8 +877,10 @@ static int ctrl_getfamily(struct sk_buff *skb, struct genl_info *info) | |||
| 877 | #ifdef CONFIG_MODULES | 877 | #ifdef CONFIG_MODULES |
| 878 | if (res == NULL) { | 878 | if (res == NULL) { |
| 879 | genl_unlock(); | 879 | genl_unlock(); |
| 880 | up_read(&cb_lock); | ||
| 880 | request_module("net-pf-%d-proto-%d-family-%s", | 881 | request_module("net-pf-%d-proto-%d-family-%s", |
| 881 | PF_NETLINK, NETLINK_GENERIC, name); | 882 | PF_NETLINK, NETLINK_GENERIC, name); |
| 883 | down_read(&cb_lock); | ||
| 882 | genl_lock(); | 884 | genl_lock(); |
| 883 | res = genl_family_find_byname(name); | 885 | res = genl_family_find_byname(name); |
| 884 | } | 886 | } |
diff --git a/net/sched/sch_cbq.c b/net/sched/sch_cbq.c index 71a568862557..7a42c81a19eb 100644 --- a/net/sched/sch_cbq.c +++ b/net/sched/sch_cbq.c | |||
| @@ -1465,6 +1465,7 @@ static int cbq_dump_wrr(struct sk_buff *skb, struct cbq_class *cl) | |||
| 1465 | unsigned char *b = skb_tail_pointer(skb); | 1465 | unsigned char *b = skb_tail_pointer(skb); |
| 1466 | struct tc_cbq_wrropt opt; | 1466 | struct tc_cbq_wrropt opt; |
| 1467 | 1467 | ||
| 1468 | memset(&opt, 0, sizeof(opt)); | ||
| 1468 | opt.flags = 0; | 1469 | opt.flags = 0; |
| 1469 | opt.allot = cl->allot; | 1470 | opt.allot = cl->allot; |
| 1470 | opt.priority = cl->priority + 1; | 1471 | opt.priority = cl->priority + 1; |
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index 1cc47aca7f05..25d217d90807 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c | |||
| @@ -4770,9 +4770,9 @@ do { \ | |||
| 4770 | FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, 0, 1, | 4770 | FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, 0, 1, |
| 4771 | mask, NL80211_MESHCONF_FORWARDING, | 4771 | mask, NL80211_MESHCONF_FORWARDING, |
| 4772 | nla_get_u8); | 4772 | nla_get_u8); |
| 4773 | FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, 1, 255, | 4773 | FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, -255, 0, |
| 4774 | mask, NL80211_MESHCONF_RSSI_THRESHOLD, | 4774 | mask, NL80211_MESHCONF_RSSI_THRESHOLD, |
| 4775 | nla_get_u32); | 4775 | nla_get_s32); |
| 4776 | FILL_IN_MESH_PARAM_IF_SET(tb, cfg, ht_opmode, 0, 16, | 4776 | FILL_IN_MESH_PARAM_IF_SET(tb, cfg, ht_opmode, 0, 16, |
| 4777 | mask, NL80211_MESHCONF_HT_OPMODE, | 4777 | mask, NL80211_MESHCONF_HT_OPMODE, |
| 4778 | nla_get_u16); | 4778 | nla_get_u16); |
| @@ -6613,12 +6613,14 @@ EXPORT_SYMBOL(cfg80211_testmode_alloc_event_skb); | |||
| 6613 | 6613 | ||
| 6614 | void cfg80211_testmode_event(struct sk_buff *skb, gfp_t gfp) | 6614 | void cfg80211_testmode_event(struct sk_buff *skb, gfp_t gfp) |
| 6615 | { | 6615 | { |
| 6616 | struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0]; | ||
| 6616 | void *hdr = ((void **)skb->cb)[1]; | 6617 | void *hdr = ((void **)skb->cb)[1]; |
| 6617 | struct nlattr *data = ((void **)skb->cb)[2]; | 6618 | struct nlattr *data = ((void **)skb->cb)[2]; |
| 6618 | 6619 | ||
| 6619 | nla_nest_end(skb, data); | 6620 | nla_nest_end(skb, data); |
| 6620 | genlmsg_end(skb, hdr); | 6621 | genlmsg_end(skb, hdr); |
| 6621 | genlmsg_multicast(skb, 0, nl80211_testmode_mcgrp.id, gfp); | 6622 | genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), skb, 0, |
| 6623 | nl80211_testmode_mcgrp.id, gfp); | ||
| 6622 | } | 6624 | } |
| 6623 | EXPORT_SYMBOL(cfg80211_testmode_event); | 6625 | EXPORT_SYMBOL(cfg80211_testmode_event); |
| 6624 | #endif | 6626 | #endif |
| @@ -10064,7 +10066,8 @@ void cfg80211_mgmt_tx_status(struct wireless_dev *wdev, u64 cookie, | |||
| 10064 | 10066 | ||
| 10065 | genlmsg_end(msg, hdr); | 10067 | genlmsg_end(msg, hdr); |
| 10066 | 10068 | ||
| 10067 | genlmsg_multicast(msg, 0, nl80211_mlme_mcgrp.id, gfp); | 10069 | genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, |
| 10070 | nl80211_mlme_mcgrp.id, gfp); | ||
| 10068 | return; | 10071 | return; |
| 10069 | 10072 | ||
| 10070 | nla_put_failure: | 10073 | nla_put_failure: |
diff --git a/net/wireless/reg.c b/net/wireless/reg.c index 5a24c986f34b..5a950f36bae4 100644 --- a/net/wireless/reg.c +++ b/net/wireless/reg.c | |||
| @@ -2279,7 +2279,9 @@ void wiphy_regulatory_deregister(struct wiphy *wiphy) | |||
| 2279 | static void reg_timeout_work(struct work_struct *work) | 2279 | static void reg_timeout_work(struct work_struct *work) |
| 2280 | { | 2280 | { |
| 2281 | REG_DBG_PRINT("Timeout while waiting for CRDA to reply, restoring regulatory settings\n"); | 2281 | REG_DBG_PRINT("Timeout while waiting for CRDA to reply, restoring regulatory settings\n"); |
| 2282 | rtnl_lock(); | ||
| 2282 | restore_regulatory_settings(true); | 2283 | restore_regulatory_settings(true); |
| 2284 | rtnl_unlock(); | ||
| 2283 | } | 2285 | } |
| 2284 | 2286 | ||
| 2285 | int __init regulatory_init(void) | 2287 | int __init regulatory_init(void) |
diff --git a/net/wireless/sme.c b/net/wireless/sme.c index 1d3cfb1a3f28..81c8a10d743c 100644 --- a/net/wireless/sme.c +++ b/net/wireless/sme.c | |||
| @@ -34,8 +34,10 @@ struct cfg80211_conn { | |||
| 34 | CFG80211_CONN_SCAN_AGAIN, | 34 | CFG80211_CONN_SCAN_AGAIN, |
| 35 | CFG80211_CONN_AUTHENTICATE_NEXT, | 35 | CFG80211_CONN_AUTHENTICATE_NEXT, |
| 36 | CFG80211_CONN_AUTHENTICATING, | 36 | CFG80211_CONN_AUTHENTICATING, |
| 37 | CFG80211_CONN_AUTH_FAILED, | ||
| 37 | CFG80211_CONN_ASSOCIATE_NEXT, | 38 | CFG80211_CONN_ASSOCIATE_NEXT, |
| 38 | CFG80211_CONN_ASSOCIATING, | 39 | CFG80211_CONN_ASSOCIATING, |
| 40 | CFG80211_CONN_ASSOC_FAILED, | ||
| 39 | CFG80211_CONN_DEAUTH, | 41 | CFG80211_CONN_DEAUTH, |
| 40 | CFG80211_CONN_CONNECTED, | 42 | CFG80211_CONN_CONNECTED, |
| 41 | } state; | 43 | } state; |
| @@ -164,6 +166,8 @@ static int cfg80211_conn_do_work(struct wireless_dev *wdev) | |||
| 164 | NULL, 0, | 166 | NULL, 0, |
| 165 | params->key, params->key_len, | 167 | params->key, params->key_len, |
| 166 | params->key_idx, NULL, 0); | 168 | params->key_idx, NULL, 0); |
| 169 | case CFG80211_CONN_AUTH_FAILED: | ||
| 170 | return -ENOTCONN; | ||
| 167 | case CFG80211_CONN_ASSOCIATE_NEXT: | 171 | case CFG80211_CONN_ASSOCIATE_NEXT: |
| 168 | BUG_ON(!rdev->ops->assoc); | 172 | BUG_ON(!rdev->ops->assoc); |
| 169 | wdev->conn->state = CFG80211_CONN_ASSOCIATING; | 173 | wdev->conn->state = CFG80211_CONN_ASSOCIATING; |
| @@ -188,10 +192,17 @@ static int cfg80211_conn_do_work(struct wireless_dev *wdev) | |||
| 188 | WLAN_REASON_DEAUTH_LEAVING, | 192 | WLAN_REASON_DEAUTH_LEAVING, |
| 189 | false); | 193 | false); |
| 190 | return err; | 194 | return err; |
| 195 | case CFG80211_CONN_ASSOC_FAILED: | ||
| 196 | cfg80211_mlme_deauth(rdev, wdev->netdev, params->bssid, | ||
| 197 | NULL, 0, | ||
| 198 | WLAN_REASON_DEAUTH_LEAVING, false); | ||
| 199 | return -ENOTCONN; | ||
| 191 | case CFG80211_CONN_DEAUTH: | 200 | case CFG80211_CONN_DEAUTH: |
| 192 | cfg80211_mlme_deauth(rdev, wdev->netdev, params->bssid, | 201 | cfg80211_mlme_deauth(rdev, wdev->netdev, params->bssid, |
| 193 | NULL, 0, | 202 | NULL, 0, |
| 194 | WLAN_REASON_DEAUTH_LEAVING, false); | 203 | WLAN_REASON_DEAUTH_LEAVING, false); |
| 204 | /* free directly, disconnected event already sent */ | ||
| 205 | cfg80211_sme_free(wdev); | ||
| 195 | return 0; | 206 | return 0; |
| 196 | default: | 207 | default: |
| 197 | return 0; | 208 | return 0; |
| @@ -371,7 +382,7 @@ bool cfg80211_sme_rx_assoc_resp(struct wireless_dev *wdev, u16 status) | |||
| 371 | return true; | 382 | return true; |
| 372 | } | 383 | } |
| 373 | 384 | ||
| 374 | wdev->conn->state = CFG80211_CONN_DEAUTH; | 385 | wdev->conn->state = CFG80211_CONN_ASSOC_FAILED; |
| 375 | schedule_work(&rdev->conn_work); | 386 | schedule_work(&rdev->conn_work); |
| 376 | return false; | 387 | return false; |
| 377 | } | 388 | } |
| @@ -383,7 +394,13 @@ void cfg80211_sme_deauth(struct wireless_dev *wdev) | |||
| 383 | 394 | ||
| 384 | void cfg80211_sme_auth_timeout(struct wireless_dev *wdev) | 395 | void cfg80211_sme_auth_timeout(struct wireless_dev *wdev) |
| 385 | { | 396 | { |
| 386 | cfg80211_sme_free(wdev); | 397 | struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); |
| 398 | |||
| 399 | if (!wdev->conn) | ||
| 400 | return; | ||
| 401 | |||
| 402 | wdev->conn->state = CFG80211_CONN_AUTH_FAILED; | ||
| 403 | schedule_work(&rdev->conn_work); | ||
| 387 | } | 404 | } |
| 388 | 405 | ||
| 389 | void cfg80211_sme_disassoc(struct wireless_dev *wdev) | 406 | void cfg80211_sme_disassoc(struct wireless_dev *wdev) |
| @@ -399,7 +416,13 @@ void cfg80211_sme_disassoc(struct wireless_dev *wdev) | |||
| 399 | 416 | ||
| 400 | void cfg80211_sme_assoc_timeout(struct wireless_dev *wdev) | 417 | void cfg80211_sme_assoc_timeout(struct wireless_dev *wdev) |
| 401 | { | 418 | { |
| 402 | cfg80211_sme_disassoc(wdev); | 419 | struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); |
| 420 | |||
| 421 | if (!wdev->conn) | ||
| 422 | return; | ||
| 423 | |||
| 424 | wdev->conn->state = CFG80211_CONN_ASSOC_FAILED; | ||
| 425 | schedule_work(&rdev->conn_work); | ||
| 403 | } | 426 | } |
| 404 | 427 | ||
| 405 | static int cfg80211_sme_connect(struct wireless_dev *wdev, | 428 | static int cfg80211_sme_connect(struct wireless_dev *wdev, |