diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2013-04-05 17:04:10 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2013-04-05 17:04:10 -0400 |
| commit | 53f63189b1110559dce8c1ee29e8abc3e31f7630 (patch) | |
| tree | 5f9850243be2ab26d4ad3ad6829eaa93d90f188f /net | |
| parent | 6cfa92382e5f11be0bdb5ced62ed249004708f6c (diff) | |
| parent | 124dff01afbdbff251f0385beca84ba1b9adda68 (diff) | |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networking fixes from David Miller:
1) Fix erroneous sock_orphan() leading to crashes and double
kfree_skb() in NFC protocol. From Thierry Escande and Samuel Ortiz.
2) Fix use after free in remain-on-channel mac80211 code, from Johannes
Berg.
3) nf_reset() needs to reset the NF tracing cookie, otherwise we can
leak it from one namespace into another. Fix from Gao Feng and
Patrick McHardy.
4) Fix overflow in channel scanning array of mwifiex driver, from Stone
Piao.
5) Fix loss of link after suspend/shutdown in r8169, from Hayes Wang.
6) Synchronization of unicast address lists to the undelying device
doesn't work because whether to sync is maintained as a boolean
rather than a true count. Fix from Vlad Yasevich.
7) Fix corruption of TSO packets in atl1e by limiting the segmented
packet length. From Hannes Frederic Sowa.
8) Revert bogus AF_UNIX credential passing change and fix the
coalescing issue properly, from Eric W Biederman.
9) Changes of ipv4 address lifetime settings needs to generate a
notification, from Jiri Pirko.
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (22 commits)
netfilter: don't reset nf_trace in nf_reset()
net: ipv4: notify when address lifetime changes
ixgbe: fix registration order of driver and DCA nofitication
af_unix: If we don't care about credentials coallesce all messages
Revert "af_unix: dont send SCM_CREDENTIAL when dest socket is NULL"
bonding: remove sysfs before removing devices
atl1e: limit gso segment size to prevent generation of wrong ip length fields
net: count hw_addr syncs so that unsync works properly.
r8169: fix auto speed down issue
netfilter: ip6t_NPT: Fix translation for non-multiple of 32 prefix lengths
mwifiex: limit channel number not to overflow memory
NFC: microread: Fix build failure due to a new MEI bus API
iwlwifi: dvm: fix the passive-no-RX workaround
netfilter: nf_conntrack: fix error return code
NFC: llcp: Keep the connected socket parent pointer alive
mac80211: fix idle handling sequence
netfilter: nfnetlink_acct: return -EINVAL if object name is empty
netfilter: nfnetlink_queue: fix error return code in nfnetlink_queue_init()
netfilter: reset nf_trace in nf_reset
mac80211: fix remain-on-channel cancel crash
...
Diffstat (limited to 'net')
| -rw-r--r-- | net/core/dev.c | 1 | ||||
| -rw-r--r-- | net/core/dev_addr_lists.c | 6 | ||||
| -rw-r--r-- | net/ipv4/devinet.c | 6 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6t_NPT.c | 2 | ||||
| -rw-r--r-- | net/mac80211/cfg.c | 6 | ||||
| -rw-r--r-- | net/mac80211/chan.c | 17 | ||||
| -rw-r--r-- | net/mac80211/ieee80211_i.h | 4 | ||||
| -rw-r--r-- | net/mac80211/iface.c | 2 | ||||
| -rw-r--r-- | net/mac80211/offchannel.c | 23 | ||||
| -rw-r--r-- | net/netfilter/nf_conntrack_standalone.c | 1 | ||||
| -rw-r--r-- | net/netfilter/nfnetlink_acct.c | 2 | ||||
| -rw-r--r-- | net/netfilter/nfnetlink_queue_core.c | 4 | ||||
| -rw-r--r-- | net/nfc/llcp/llcp.c | 8 | ||||
| -rw-r--r-- | net/nfc/llcp/sock.c | 6 | ||||
| -rw-r--r-- | net/unix/af_unix.c | 6 |
15 files changed, 60 insertions, 34 deletions
diff --git a/net/core/dev.c b/net/core/dev.c index 13e6447f0398..e7d68ed8aafe 100644 --- a/net/core/dev.c +++ b/net/core/dev.c | |||
| @@ -1639,6 +1639,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) | |||
| 1639 | skb->mark = 0; | 1639 | skb->mark = 0; |
| 1640 | secpath_reset(skb); | 1640 | secpath_reset(skb); |
| 1641 | nf_reset(skb); | 1641 | nf_reset(skb); |
| 1642 | nf_reset_trace(skb); | ||
| 1642 | return netif_rx(skb); | 1643 | return netif_rx(skb); |
| 1643 | } | 1644 | } |
| 1644 | EXPORT_SYMBOL_GPL(dev_forward_skb); | 1645 | EXPORT_SYMBOL_GPL(dev_forward_skb); |
diff --git a/net/core/dev_addr_lists.c b/net/core/dev_addr_lists.c index bd2eb9d3e369..abdc9e6ef33e 100644 --- a/net/core/dev_addr_lists.c +++ b/net/core/dev_addr_lists.c | |||
| @@ -37,7 +37,7 @@ static int __hw_addr_create_ex(struct netdev_hw_addr_list *list, | |||
| 37 | ha->type = addr_type; | 37 | ha->type = addr_type; |
| 38 | ha->refcount = 1; | 38 | ha->refcount = 1; |
| 39 | ha->global_use = global; | 39 | ha->global_use = global; |
| 40 | ha->synced = false; | 40 | ha->synced = 0; |
| 41 | list_add_tail_rcu(&ha->list, &list->list); | 41 | list_add_tail_rcu(&ha->list, &list->list); |
| 42 | list->count++; | 42 | list->count++; |
| 43 | 43 | ||
| @@ -165,7 +165,7 @@ int __hw_addr_sync(struct netdev_hw_addr_list *to_list, | |||
| 165 | addr_len, ha->type); | 165 | addr_len, ha->type); |
| 166 | if (err) | 166 | if (err) |
| 167 | break; | 167 | break; |
| 168 | ha->synced = true; | 168 | ha->synced++; |
| 169 | ha->refcount++; | 169 | ha->refcount++; |
| 170 | } else if (ha->refcount == 1) { | 170 | } else if (ha->refcount == 1) { |
| 171 | __hw_addr_del(to_list, ha->addr, addr_len, ha->type); | 171 | __hw_addr_del(to_list, ha->addr, addr_len, ha->type); |
| @@ -186,7 +186,7 @@ void __hw_addr_unsync(struct netdev_hw_addr_list *to_list, | |||
| 186 | if (ha->synced) { | 186 | if (ha->synced) { |
| 187 | __hw_addr_del(to_list, ha->addr, | 187 | __hw_addr_del(to_list, ha->addr, |
| 188 | addr_len, ha->type); | 188 | addr_len, ha->type); |
| 189 | ha->synced = false; | 189 | ha->synced--; |
| 190 | __hw_addr_del(from_list, ha->addr, | 190 | __hw_addr_del(from_list, ha->addr, |
| 191 | addr_len, ha->type); | 191 | addr_len, ha->type); |
| 192 | } | 192 | } |
diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c index f678507bc829..96083b7a436b 100644 --- a/net/ipv4/devinet.c +++ b/net/ipv4/devinet.c | |||
| @@ -802,8 +802,10 @@ static int inet_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg | |||
| 802 | if (nlh->nlmsg_flags & NLM_F_EXCL || | 802 | if (nlh->nlmsg_flags & NLM_F_EXCL || |
| 803 | !(nlh->nlmsg_flags & NLM_F_REPLACE)) | 803 | !(nlh->nlmsg_flags & NLM_F_REPLACE)) |
| 804 | return -EEXIST; | 804 | return -EEXIST; |
| 805 | 805 | ifa = ifa_existing; | |
| 806 | set_ifa_lifetime(ifa_existing, valid_lft, prefered_lft); | 806 | set_ifa_lifetime(ifa, valid_lft, prefered_lft); |
| 807 | rtmsg_ifa(RTM_NEWADDR, ifa, nlh, NETLINK_CB(skb).portid); | ||
| 808 | blocking_notifier_call_chain(&inetaddr_chain, NETDEV_UP, ifa); | ||
| 807 | } | 809 | } |
| 808 | return 0; | 810 | return 0; |
| 809 | } | 811 | } |
diff --git a/net/ipv6/netfilter/ip6t_NPT.c b/net/ipv6/netfilter/ip6t_NPT.c index 33608c610276..cb631143721c 100644 --- a/net/ipv6/netfilter/ip6t_NPT.c +++ b/net/ipv6/netfilter/ip6t_NPT.c | |||
| @@ -57,7 +57,7 @@ static bool ip6t_npt_map_pfx(const struct ip6t_npt_tginfo *npt, | |||
| 57 | if (pfx_len - i >= 32) | 57 | if (pfx_len - i >= 32) |
| 58 | mask = 0; | 58 | mask = 0; |
| 59 | else | 59 | else |
| 60 | mask = htonl(~((1 << (pfx_len - i)) - 1)); | 60 | mask = htonl((1 << (i - pfx_len + 32)) - 1); |
| 61 | 61 | ||
| 62 | idx = i / 32; | 62 | idx = i / 32; |
| 63 | addr->s6_addr32[idx] &= mask; | 63 | addr->s6_addr32[idx] &= mask; |
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c index fb306814576a..a6893602f87a 100644 --- a/net/mac80211/cfg.c +++ b/net/mac80211/cfg.c | |||
| @@ -2582,7 +2582,7 @@ static int ieee80211_cancel_roc(struct ieee80211_local *local, | |||
| 2582 | list_del(&dep->list); | 2582 | list_del(&dep->list); |
| 2583 | mutex_unlock(&local->mtx); | 2583 | mutex_unlock(&local->mtx); |
| 2584 | 2584 | ||
| 2585 | ieee80211_roc_notify_destroy(dep); | 2585 | ieee80211_roc_notify_destroy(dep, true); |
| 2586 | return 0; | 2586 | return 0; |
| 2587 | } | 2587 | } |
| 2588 | 2588 | ||
| @@ -2622,7 +2622,7 @@ static int ieee80211_cancel_roc(struct ieee80211_local *local, | |||
| 2622 | ieee80211_start_next_roc(local); | 2622 | ieee80211_start_next_roc(local); |
| 2623 | mutex_unlock(&local->mtx); | 2623 | mutex_unlock(&local->mtx); |
| 2624 | 2624 | ||
| 2625 | ieee80211_roc_notify_destroy(found); | 2625 | ieee80211_roc_notify_destroy(found, true); |
| 2626 | } else { | 2626 | } else { |
| 2627 | /* work may be pending so use it all the time */ | 2627 | /* work may be pending so use it all the time */ |
| 2628 | found->abort = true; | 2628 | found->abort = true; |
| @@ -2632,6 +2632,8 @@ static int ieee80211_cancel_roc(struct ieee80211_local *local, | |||
| 2632 | 2632 | ||
| 2633 | /* work will clean up etc */ | 2633 | /* work will clean up etc */ |
| 2634 | flush_delayed_work(&found->work); | 2634 | flush_delayed_work(&found->work); |
| 2635 | WARN_ON(!found->to_be_freed); | ||
| 2636 | kfree(found); | ||
| 2635 | } | 2637 | } |
| 2636 | 2638 | ||
| 2637 | return 0; | 2639 | return 0; |
diff --git a/net/mac80211/chan.c b/net/mac80211/chan.c index 78c0d90dd641..931be419ab5a 100644 --- a/net/mac80211/chan.c +++ b/net/mac80211/chan.c | |||
| @@ -63,6 +63,7 @@ ieee80211_new_chanctx(struct ieee80211_local *local, | |||
| 63 | enum ieee80211_chanctx_mode mode) | 63 | enum ieee80211_chanctx_mode mode) |
| 64 | { | 64 | { |
| 65 | struct ieee80211_chanctx *ctx; | 65 | struct ieee80211_chanctx *ctx; |
| 66 | u32 changed; | ||
| 66 | int err; | 67 | int err; |
| 67 | 68 | ||
| 68 | lockdep_assert_held(&local->chanctx_mtx); | 69 | lockdep_assert_held(&local->chanctx_mtx); |
| @@ -76,6 +77,13 @@ ieee80211_new_chanctx(struct ieee80211_local *local, | |||
| 76 | ctx->conf.rx_chains_dynamic = 1; | 77 | ctx->conf.rx_chains_dynamic = 1; |
| 77 | ctx->mode = mode; | 78 | ctx->mode = mode; |
| 78 | 79 | ||
| 80 | /* acquire mutex to prevent idle from changing */ | ||
| 81 | mutex_lock(&local->mtx); | ||
| 82 | /* turn idle off *before* setting channel -- some drivers need that */ | ||
| 83 | changed = ieee80211_idle_off(local); | ||
| 84 | if (changed) | ||
| 85 | ieee80211_hw_config(local, changed); | ||
| 86 | |||
| 79 | if (!local->use_chanctx) { | 87 | if (!local->use_chanctx) { |
| 80 | local->_oper_channel_type = | 88 | local->_oper_channel_type = |
| 81 | cfg80211_get_chandef_type(chandef); | 89 | cfg80211_get_chandef_type(chandef); |
| @@ -85,14 +93,17 @@ ieee80211_new_chanctx(struct ieee80211_local *local, | |||
| 85 | err = drv_add_chanctx(local, ctx); | 93 | err = drv_add_chanctx(local, ctx); |
| 86 | if (err) { | 94 | if (err) { |
| 87 | kfree(ctx); | 95 | kfree(ctx); |
| 88 | return ERR_PTR(err); | 96 | ctx = ERR_PTR(err); |
| 97 | |||
| 98 | ieee80211_recalc_idle(local); | ||
| 99 | goto out; | ||
| 89 | } | 100 | } |
| 90 | } | 101 | } |
| 91 | 102 | ||
| 103 | /* and keep the mutex held until the new chanctx is on the list */ | ||
| 92 | list_add_rcu(&ctx->list, &local->chanctx_list); | 104 | list_add_rcu(&ctx->list, &local->chanctx_list); |
| 93 | 105 | ||
| 94 | mutex_lock(&local->mtx); | 106 | out: |
| 95 | ieee80211_recalc_idle(local); | ||
| 96 | mutex_unlock(&local->mtx); | 107 | mutex_unlock(&local->mtx); |
| 97 | 108 | ||
| 98 | return ctx; | 109 | return ctx; |
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h index 388580a1bada..5672533a0832 100644 --- a/net/mac80211/ieee80211_i.h +++ b/net/mac80211/ieee80211_i.h | |||
| @@ -309,6 +309,7 @@ struct ieee80211_roc_work { | |||
| 309 | struct ieee80211_channel *chan; | 309 | struct ieee80211_channel *chan; |
| 310 | 310 | ||
| 311 | bool started, abort, hw_begun, notified; | 311 | bool started, abort, hw_begun, notified; |
| 312 | bool to_be_freed; | ||
| 312 | 313 | ||
| 313 | unsigned long hw_start_time; | 314 | unsigned long hw_start_time; |
| 314 | 315 | ||
| @@ -1347,7 +1348,7 @@ void ieee80211_offchannel_return(struct ieee80211_local *local); | |||
| 1347 | void ieee80211_roc_setup(struct ieee80211_local *local); | 1348 | void ieee80211_roc_setup(struct ieee80211_local *local); |
| 1348 | void ieee80211_start_next_roc(struct ieee80211_local *local); | 1349 | void ieee80211_start_next_roc(struct ieee80211_local *local); |
| 1349 | void ieee80211_roc_purge(struct ieee80211_sub_if_data *sdata); | 1350 | void ieee80211_roc_purge(struct ieee80211_sub_if_data *sdata); |
| 1350 | void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc); | 1351 | void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc, bool free); |
| 1351 | void ieee80211_sw_roc_work(struct work_struct *work); | 1352 | void ieee80211_sw_roc_work(struct work_struct *work); |
| 1352 | void ieee80211_handle_roc_started(struct ieee80211_roc_work *roc); | 1353 | void ieee80211_handle_roc_started(struct ieee80211_roc_work *roc); |
| 1353 | 1354 | ||
| @@ -1361,6 +1362,7 @@ int ieee80211_if_change_type(struct ieee80211_sub_if_data *sdata, | |||
| 1361 | enum nl80211_iftype type); | 1362 | enum nl80211_iftype type); |
| 1362 | void ieee80211_if_remove(struct ieee80211_sub_if_data *sdata); | 1363 | void ieee80211_if_remove(struct ieee80211_sub_if_data *sdata); |
| 1363 | void ieee80211_remove_interfaces(struct ieee80211_local *local); | 1364 | void ieee80211_remove_interfaces(struct ieee80211_local *local); |
| 1365 | u32 ieee80211_idle_off(struct ieee80211_local *local); | ||
| 1364 | void ieee80211_recalc_idle(struct ieee80211_local *local); | 1366 | void ieee80211_recalc_idle(struct ieee80211_local *local); |
| 1365 | void ieee80211_adjust_monitor_flags(struct ieee80211_sub_if_data *sdata, | 1367 | void ieee80211_adjust_monitor_flags(struct ieee80211_sub_if_data *sdata, |
| 1366 | const int offset); | 1368 | const int offset); |
diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c index 3bfe2612c8c2..58150f877ec3 100644 --- a/net/mac80211/iface.c +++ b/net/mac80211/iface.c | |||
| @@ -78,7 +78,7 @@ void ieee80211_recalc_txpower(struct ieee80211_sub_if_data *sdata) | |||
| 78 | ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_TXPOWER); | 78 | ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_TXPOWER); |
| 79 | } | 79 | } |
| 80 | 80 | ||
| 81 | static u32 ieee80211_idle_off(struct ieee80211_local *local) | 81 | u32 ieee80211_idle_off(struct ieee80211_local *local) |
| 82 | { | 82 | { |
| 83 | if (!(local->hw.conf.flags & IEEE80211_CONF_IDLE)) | 83 | if (!(local->hw.conf.flags & IEEE80211_CONF_IDLE)) |
| 84 | return 0; | 84 | return 0; |
diff --git a/net/mac80211/offchannel.c b/net/mac80211/offchannel.c index cc79b4a2e821..430bd254e496 100644 --- a/net/mac80211/offchannel.c +++ b/net/mac80211/offchannel.c | |||
| @@ -297,10 +297,13 @@ void ieee80211_start_next_roc(struct ieee80211_local *local) | |||
| 297 | } | 297 | } |
| 298 | } | 298 | } |
| 299 | 299 | ||
| 300 | void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc) | 300 | void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc, bool free) |
| 301 | { | 301 | { |
| 302 | struct ieee80211_roc_work *dep, *tmp; | 302 | struct ieee80211_roc_work *dep, *tmp; |
| 303 | 303 | ||
| 304 | if (WARN_ON(roc->to_be_freed)) | ||
| 305 | return; | ||
| 306 | |||
| 304 | /* was never transmitted */ | 307 | /* was never transmitted */ |
| 305 | if (roc->frame) { | 308 | if (roc->frame) { |
| 306 | cfg80211_mgmt_tx_status(&roc->sdata->wdev, | 309 | cfg80211_mgmt_tx_status(&roc->sdata->wdev, |
| @@ -316,9 +319,12 @@ void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc) | |||
| 316 | GFP_KERNEL); | 319 | GFP_KERNEL); |
| 317 | 320 | ||
| 318 | list_for_each_entry_safe(dep, tmp, &roc->dependents, list) | 321 | list_for_each_entry_safe(dep, tmp, &roc->dependents, list) |
| 319 | ieee80211_roc_notify_destroy(dep); | 322 | ieee80211_roc_notify_destroy(dep, true); |
| 320 | 323 | ||
| 321 | kfree(roc); | 324 | if (free) |
| 325 | kfree(roc); | ||
| 326 | else | ||
| 327 | roc->to_be_freed = true; | ||
| 322 | } | 328 | } |
| 323 | 329 | ||
| 324 | void ieee80211_sw_roc_work(struct work_struct *work) | 330 | void ieee80211_sw_roc_work(struct work_struct *work) |
| @@ -331,6 +337,9 @@ void ieee80211_sw_roc_work(struct work_struct *work) | |||
| 331 | 337 | ||
| 332 | mutex_lock(&local->mtx); | 338 | mutex_lock(&local->mtx); |
| 333 | 339 | ||
| 340 | if (roc->to_be_freed) | ||
| 341 | goto out_unlock; | ||
| 342 | |||
| 334 | if (roc->abort) | 343 | if (roc->abort) |
| 335 | goto finish; | 344 | goto finish; |
| 336 | 345 | ||
| @@ -370,7 +379,7 @@ void ieee80211_sw_roc_work(struct work_struct *work) | |||
| 370 | finish: | 379 | finish: |
| 371 | list_del(&roc->list); | 380 | list_del(&roc->list); |
| 372 | started = roc->started; | 381 | started = roc->started; |
| 373 | ieee80211_roc_notify_destroy(roc); | 382 | ieee80211_roc_notify_destroy(roc, !roc->abort); |
| 374 | 383 | ||
| 375 | if (started) { | 384 | if (started) { |
| 376 | drv_flush(local, false); | 385 | drv_flush(local, false); |
| @@ -410,7 +419,7 @@ static void ieee80211_hw_roc_done(struct work_struct *work) | |||
| 410 | 419 | ||
| 411 | list_del(&roc->list); | 420 | list_del(&roc->list); |
| 412 | 421 | ||
| 413 | ieee80211_roc_notify_destroy(roc); | 422 | ieee80211_roc_notify_destroy(roc, true); |
| 414 | 423 | ||
| 415 | /* if there's another roc, start it now */ | 424 | /* if there's another roc, start it now */ |
| 416 | ieee80211_start_next_roc(local); | 425 | ieee80211_start_next_roc(local); |
| @@ -460,12 +469,14 @@ void ieee80211_roc_purge(struct ieee80211_sub_if_data *sdata) | |||
| 460 | list_for_each_entry_safe(roc, tmp, &tmp_list, list) { | 469 | list_for_each_entry_safe(roc, tmp, &tmp_list, list) { |
| 461 | if (local->ops->remain_on_channel) { | 470 | if (local->ops->remain_on_channel) { |
| 462 | list_del(&roc->list); | 471 | list_del(&roc->list); |
| 463 | ieee80211_roc_notify_destroy(roc); | 472 | ieee80211_roc_notify_destroy(roc, true); |
| 464 | } else { | 473 | } else { |
| 465 | ieee80211_queue_delayed_work(&local->hw, &roc->work, 0); | 474 | ieee80211_queue_delayed_work(&local->hw, &roc->work, 0); |
| 466 | 475 | ||
| 467 | /* work will clean up etc */ | 476 | /* work will clean up etc */ |
| 468 | flush_delayed_work(&roc->work); | 477 | flush_delayed_work(&roc->work); |
| 478 | WARN_ON(!roc->to_be_freed); | ||
| 479 | kfree(roc); | ||
| 469 | } | 480 | } |
| 470 | } | 481 | } |
| 471 | 482 | ||
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index 6bcce401fd1c..fedee3943661 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c | |||
| @@ -568,6 +568,7 @@ static int __init nf_conntrack_standalone_init(void) | |||
| 568 | register_net_sysctl(&init_net, "net", nf_ct_netfilter_table); | 568 | register_net_sysctl(&init_net, "net", nf_ct_netfilter_table); |
| 569 | if (!nf_ct_netfilter_header) { | 569 | if (!nf_ct_netfilter_header) { |
| 570 | pr_err("nf_conntrack: can't register to sysctl.\n"); | 570 | pr_err("nf_conntrack: can't register to sysctl.\n"); |
| 571 | ret = -ENOMEM; | ||
| 571 | goto out_sysctl; | 572 | goto out_sysctl; |
| 572 | } | 573 | } |
| 573 | #endif | 574 | #endif |
diff --git a/net/netfilter/nfnetlink_acct.c b/net/netfilter/nfnetlink_acct.c index 589d686f0b4c..dc3fd5d44464 100644 --- a/net/netfilter/nfnetlink_acct.c +++ b/net/netfilter/nfnetlink_acct.c | |||
| @@ -49,6 +49,8 @@ nfnl_acct_new(struct sock *nfnl, struct sk_buff *skb, | |||
| 49 | return -EINVAL; | 49 | return -EINVAL; |
| 50 | 50 | ||
| 51 | acct_name = nla_data(tb[NFACCT_NAME]); | 51 | acct_name = nla_data(tb[NFACCT_NAME]); |
| 52 | if (strlen(acct_name) == 0) | ||
| 53 | return -EINVAL; | ||
| 52 | 54 | ||
| 53 | list_for_each_entry(nfacct, &nfnl_acct_list, head) { | 55 | list_for_each_entry(nfacct, &nfnl_acct_list, head) { |
| 54 | if (strncmp(nfacct->name, acct_name, NFACCT_NAME_MAX) != 0) | 56 | if (strncmp(nfacct->name, acct_name, NFACCT_NAME_MAX) != 0) |
diff --git a/net/netfilter/nfnetlink_queue_core.c b/net/netfilter/nfnetlink_queue_core.c index 1cb48540f86a..42680b2baa11 100644 --- a/net/netfilter/nfnetlink_queue_core.c +++ b/net/netfilter/nfnetlink_queue_core.c | |||
| @@ -1062,8 +1062,10 @@ static int __init nfnetlink_queue_init(void) | |||
| 1062 | 1062 | ||
| 1063 | #ifdef CONFIG_PROC_FS | 1063 | #ifdef CONFIG_PROC_FS |
| 1064 | if (!proc_create("nfnetlink_queue", 0440, | 1064 | if (!proc_create("nfnetlink_queue", 0440, |
| 1065 | proc_net_netfilter, &nfqnl_file_ops)) | 1065 | proc_net_netfilter, &nfqnl_file_ops)) { |
| 1066 | status = -ENOMEM; | ||
| 1066 | goto cleanup_subsys; | 1067 | goto cleanup_subsys; |
| 1068 | } | ||
| 1067 | #endif | 1069 | #endif |
| 1068 | 1070 | ||
| 1069 | register_netdevice_notifier(&nfqnl_dev_notifier); | 1071 | register_netdevice_notifier(&nfqnl_dev_notifier); |
diff --git a/net/nfc/llcp/llcp.c b/net/nfc/llcp/llcp.c index b530afadd76c..ee25f25f0cd6 100644 --- a/net/nfc/llcp/llcp.c +++ b/net/nfc/llcp/llcp.c | |||
| @@ -107,8 +107,6 @@ static void nfc_llcp_socket_release(struct nfc_llcp_local *local, bool listen, | |||
| 107 | accept_sk->sk_state_change(sk); | 107 | accept_sk->sk_state_change(sk); |
| 108 | 108 | ||
| 109 | bh_unlock_sock(accept_sk); | 109 | bh_unlock_sock(accept_sk); |
| 110 | |||
| 111 | sock_orphan(accept_sk); | ||
| 112 | } | 110 | } |
| 113 | 111 | ||
| 114 | if (listen == true) { | 112 | if (listen == true) { |
| @@ -134,8 +132,6 @@ static void nfc_llcp_socket_release(struct nfc_llcp_local *local, bool listen, | |||
| 134 | 132 | ||
| 135 | bh_unlock_sock(sk); | 133 | bh_unlock_sock(sk); |
| 136 | 134 | ||
| 137 | sock_orphan(sk); | ||
| 138 | |||
| 139 | sk_del_node_init(sk); | 135 | sk_del_node_init(sk); |
| 140 | } | 136 | } |
| 141 | 137 | ||
| @@ -164,8 +160,6 @@ static void nfc_llcp_socket_release(struct nfc_llcp_local *local, bool listen, | |||
| 164 | 160 | ||
| 165 | bh_unlock_sock(sk); | 161 | bh_unlock_sock(sk); |
| 166 | 162 | ||
| 167 | sock_orphan(sk); | ||
| 168 | |||
| 169 | sk_del_node_init(sk); | 163 | sk_del_node_init(sk); |
| 170 | } | 164 | } |
| 171 | 165 | ||
| @@ -827,7 +821,6 @@ static void nfc_llcp_recv_ui(struct nfc_llcp_local *local, | |||
| 827 | skb_get(skb); | 821 | skb_get(skb); |
| 828 | } else { | 822 | } else { |
| 829 | pr_err("Receive queue is full\n"); | 823 | pr_err("Receive queue is full\n"); |
| 830 | kfree_skb(skb); | ||
| 831 | } | 824 | } |
| 832 | 825 | ||
| 833 | nfc_llcp_sock_put(llcp_sock); | 826 | nfc_llcp_sock_put(llcp_sock); |
| @@ -1028,7 +1021,6 @@ static void nfc_llcp_recv_hdlc(struct nfc_llcp_local *local, | |||
| 1028 | skb_get(skb); | 1021 | skb_get(skb); |
| 1029 | } else { | 1022 | } else { |
| 1030 | pr_err("Receive queue is full\n"); | 1023 | pr_err("Receive queue is full\n"); |
| 1031 | kfree_skb(skb); | ||
| 1032 | } | 1024 | } |
| 1033 | } | 1025 | } |
| 1034 | 1026 | ||
diff --git a/net/nfc/llcp/sock.c b/net/nfc/llcp/sock.c index 5c7cdf3f2a83..8f025746f337 100644 --- a/net/nfc/llcp/sock.c +++ b/net/nfc/llcp/sock.c | |||
| @@ -270,7 +270,9 @@ struct sock *nfc_llcp_accept_dequeue(struct sock *parent, | |||
| 270 | } | 270 | } |
| 271 | 271 | ||
| 272 | if (sk->sk_state == LLCP_CONNECTED || !newsock) { | 272 | if (sk->sk_state == LLCP_CONNECTED || !newsock) { |
| 273 | nfc_llcp_accept_unlink(sk); | 273 | list_del_init(&lsk->accept_queue); |
| 274 | sock_put(sk); | ||
| 275 | |||
| 274 | if (newsock) | 276 | if (newsock) |
| 275 | sock_graft(sk, newsock); | 277 | sock_graft(sk, newsock); |
| 276 | 278 | ||
| @@ -464,8 +466,6 @@ static int llcp_sock_release(struct socket *sock) | |||
| 464 | nfc_llcp_accept_unlink(accept_sk); | 466 | nfc_llcp_accept_unlink(accept_sk); |
| 465 | 467 | ||
| 466 | release_sock(accept_sk); | 468 | release_sock(accept_sk); |
| 467 | |||
| 468 | sock_orphan(accept_sk); | ||
| 469 | } | 469 | } |
| 470 | } | 470 | } |
| 471 | 471 | ||
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c index 971282b6f6a3..2db702d82e7d 100644 --- a/net/unix/af_unix.c +++ b/net/unix/af_unix.c | |||
| @@ -1412,8 +1412,8 @@ static void maybe_add_creds(struct sk_buff *skb, const struct socket *sock, | |||
| 1412 | if (UNIXCB(skb).cred) | 1412 | if (UNIXCB(skb).cred) |
| 1413 | return; | 1413 | return; |
| 1414 | if (test_bit(SOCK_PASSCRED, &sock->flags) || | 1414 | if (test_bit(SOCK_PASSCRED, &sock->flags) || |
| 1415 | (other->sk_socket && | 1415 | !other->sk_socket || |
| 1416 | test_bit(SOCK_PASSCRED, &other->sk_socket->flags))) { | 1416 | test_bit(SOCK_PASSCRED, &other->sk_socket->flags)) { |
| 1417 | UNIXCB(skb).pid = get_pid(task_tgid(current)); | 1417 | UNIXCB(skb).pid = get_pid(task_tgid(current)); |
| 1418 | UNIXCB(skb).cred = get_current_cred(); | 1418 | UNIXCB(skb).cred = get_current_cred(); |
| 1419 | } | 1419 | } |
| @@ -1993,7 +1993,7 @@ again: | |||
| 1993 | if ((UNIXCB(skb).pid != siocb->scm->pid) || | 1993 | if ((UNIXCB(skb).pid != siocb->scm->pid) || |
| 1994 | (UNIXCB(skb).cred != siocb->scm->cred)) | 1994 | (UNIXCB(skb).cred != siocb->scm->cred)) |
| 1995 | break; | 1995 | break; |
| 1996 | } else { | 1996 | } else if (test_bit(SOCK_PASSCRED, &sock->flags)) { |
| 1997 | /* Copy credentials */ | 1997 | /* Copy credentials */ |
| 1998 | scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred); | 1998 | scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred); |
| 1999 | check_creds = 1; | 1999 | check_creds = 1; |