aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorGustavo F. Padovan <padovan@profusion.mobi>2011-04-20 20:47:07 -0400
committerGustavo F. Padovan <padovan@profusion.mobi>2011-04-20 20:47:07 -0400
commit828d7d7b19446bf5a40928da47955c575a454c75 (patch)
treefd006445c562749de9a07fe6e5363bab5d285a20 /net
parent26954c7f26068b6ced108806fdd39aee5cd54e6f (diff)
parent069f40fc07f6df3da325e7ea1698a0d6247983d5 (diff)
Merge master.kernel.org:/pub/scm/linux/kernel/git/padovan/bluetooth-2.6
Conflicts: net/bluetooth/l2cap_core.c net/bluetooth/l2cap_sock.c net/bluetooth/mgmt.c
Diffstat (limited to 'net')
-rw-r--r--net/appletalk/ddp.c11
-rw-r--r--net/atm/common.c1
-rw-r--r--net/bluetooth/hci_core.c1
-rw-r--r--net/bluetooth/hci_event.c2
-rw-r--r--net/bluetooth/l2cap_core.c1
-rw-r--r--net/bluetooth/sco.c9
-rw-r--r--net/bridge/br_multicast.c2
-rw-r--r--net/bridge/br_stp_if.c2
-rw-r--r--net/core/dev.c24
-rw-r--r--net/ipv4/arp.c3
-rw-r--r--net/ipv4/fib_frontend.c2
-rw-r--r--net/ipv4/tcp_output.c3
-rw-r--r--net/ipv6/ndisc.c2
-rw-r--r--net/mac80211/cfg.c2
-rw-r--r--net/mac80211/debugfs_netdev.c4
-rw-r--r--net/mac80211/key.c7
-rw-r--r--net/mac80211/rc80211_minstrel_ht.c25
-rw-r--r--net/mac80211/rx.c5
-rw-r--r--net/sctp/protocol.c4
-rw-r--r--net/sctp/sm_make_chunk.c4
-rw-r--r--net/wireless/scan.c31
21 files changed, 105 insertions, 40 deletions
diff --git a/net/appletalk/ddp.c b/net/appletalk/ddp.c
index 206e771e82d1..956a5302002a 100644
--- a/net/appletalk/ddp.c
+++ b/net/appletalk/ddp.c
@@ -1051,16 +1051,17 @@ static int atalk_release(struct socket *sock)
1051{ 1051{
1052 struct sock *sk = sock->sk; 1052 struct sock *sk = sock->sk;
1053 1053
1054 sock_hold(sk);
1055 lock_sock(sk);
1056 if (sk) { 1054 if (sk) {
1055 sock_hold(sk);
1056 lock_sock(sk);
1057
1057 sock_orphan(sk); 1058 sock_orphan(sk);
1058 sock->sk = NULL; 1059 sock->sk = NULL;
1059 atalk_destroy_socket(sk); 1060 atalk_destroy_socket(sk);
1060 }
1061 release_sock(sk);
1062 sock_put(sk);
1063 1061
1062 release_sock(sk);
1063 sock_put(sk);
1064 }
1064 return 0; 1065 return 0;
1065} 1066}
1066 1067
diff --git a/net/atm/common.c b/net/atm/common.c
index 1b9c52a02cd3..22b963d06a10 100644
--- a/net/atm/common.c
+++ b/net/atm/common.c
@@ -252,6 +252,7 @@ void atm_dev_release_vccs(struct atm_dev *dev)
252 } 252 }
253 write_unlock_irq(&vcc_sklist_lock); 253 write_unlock_irq(&vcc_sklist_lock);
254} 254}
255EXPORT_SYMBOL(atm_dev_release_vccs);
255 256
256static int adjust_tp(struct atm_trafprm *tp, unsigned char aal) 257static int adjust_tp(struct atm_trafprm *tp, unsigned char aal)
257{ 258{
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index a80bc1cdb35b..98aa24b92c58 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -590,6 +590,7 @@ static int hci_dev_do_close(struct hci_dev *hdev)
590 del_timer_sync(&hdev->cmd_timer); 590 del_timer_sync(&hdev->cmd_timer);
591 591
592 if (!test_and_clear_bit(HCI_UP, &hdev->flags)) { 592 if (!test_and_clear_bit(HCI_UP, &hdev->flags)) {
593 del_timer_sync(&hdev->cmd_timer);
593 hci_req_unlock(hdev); 594 hci_req_unlock(hdev);
594 return 0; 595 return 0;
595 } 596 }
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index c7eb073fe633..cb25628c0583 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -2419,8 +2419,6 @@ static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *s
2419 if (!conn) 2419 if (!conn)
2420 goto unlock; 2420 goto unlock;
2421 2421
2422 hci_conn_hold(conn);
2423
2424 conn->remote_cap = ev->capability; 2422 conn->remote_cap = ev->capability;
2425 conn->remote_oob = ev->oob_data; 2423 conn->remote_oob = ev->oob_data;
2426 conn->remote_auth = ev->authentication; 2424 conn->remote_auth = ev->authentication;
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index d47de2b04b2e..9e8dc136ef16 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -1079,6 +1079,7 @@ static void l2cap_retransmit_one_frame(struct l2cap_chan *chan, u8 tx_seq)
1079 tx_skb = skb_clone(skb, GFP_ATOMIC); 1079 tx_skb = skb_clone(skb, GFP_ATOMIC);
1080 bt_cb(skb)->retries++; 1080 bt_cb(skb)->retries++;
1081 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE); 1081 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
1082 control &= L2CAP_CTRL_SAR;
1082 1083
1083 if (chan->conn_state & L2CAP_CONN_SEND_FBIT) { 1084 if (chan->conn_state & L2CAP_CONN_SEND_FBIT) {
1084 control |= L2CAP_CTRL_FINAL; 1085 control |= L2CAP_CTRL_FINAL;
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index 42fdffd1d76c..94954c74f6ae 100644
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -369,6 +369,15 @@ static void __sco_sock_close(struct sock *sk)
369 369
370 case BT_CONNECTED: 370 case BT_CONNECTED:
371 case BT_CONFIG: 371 case BT_CONFIG:
372 if (sco_pi(sk)->conn) {
373 sk->sk_state = BT_DISCONN;
374 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT);
375 hci_conn_put(sco_pi(sk)->conn->hcon);
376 sco_pi(sk)->conn = NULL;
377 } else
378 sco_chan_del(sk, ECONNRESET);
379 break;
380
372 case BT_CONNECT: 381 case BT_CONNECT:
373 case BT_DISCONN: 382 case BT_DISCONN:
374 sco_chan_del(sk, ECONNRESET); 383 sco_chan_del(sk, ECONNRESET);
diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c
index f61eb2eff3fd..59660c909a7c 100644
--- a/net/bridge/br_multicast.c
+++ b/net/bridge/br_multicast.c
@@ -1475,7 +1475,7 @@ static int br_multicast_ipv6_rcv(struct net_bridge *br,
1475 ip6h->payload_len == 0) 1475 ip6h->payload_len == 0)
1476 return 0; 1476 return 0;
1477 1477
1478 len = ntohs(ip6h->payload_len); 1478 len = ntohs(ip6h->payload_len) + sizeof(*ip6h);
1479 if (skb->len < len) 1479 if (skb->len < len)
1480 return -EINVAL; 1480 return -EINVAL;
1481 1481
diff --git a/net/bridge/br_stp_if.c b/net/bridge/br_stp_if.c
index 5593f5aec942..9b61d09de9b9 100644
--- a/net/bridge/br_stp_if.c
+++ b/net/bridge/br_stp_if.c
@@ -213,7 +213,7 @@ bool br_stp_recalculate_bridge_id(struct net_bridge *br)
213 213
214 /* user has chosen a value so keep it */ 214 /* user has chosen a value so keep it */
215 if (br->flags & BR_SET_MAC_ADDR) 215 if (br->flags & BR_SET_MAC_ADDR)
216 return; 216 return false;
217 217
218 list_for_each_entry(p, &br->port_list, list) { 218 list_for_each_entry(p, &br->port_list, list) {
219 if (addr == br_mac_zero || 219 if (addr == br_mac_zero ||
diff --git a/net/core/dev.c b/net/core/dev.c
index 563ddc28139d..3da9fb06d47a 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -1454,6 +1454,27 @@ static inline void net_timestamp_check(struct sk_buff *skb)
1454 __net_timestamp(skb); 1454 __net_timestamp(skb);
1455} 1455}
1456 1456
1457static inline bool is_skb_forwardable(struct net_device *dev,
1458 struct sk_buff *skb)
1459{
1460 unsigned int len;
1461
1462 if (!(dev->flags & IFF_UP))
1463 return false;
1464
1465 len = dev->mtu + dev->hard_header_len + VLAN_HLEN;
1466 if (skb->len <= len)
1467 return true;
1468
1469 /* if TSO is enabled, we don't care about the length as the packet
1470 * could be forwarded without being segmented before
1471 */
1472 if (skb_is_gso(skb))
1473 return true;
1474
1475 return false;
1476}
1477
1457/** 1478/**
1458 * dev_forward_skb - loopback an skb to another netif 1479 * dev_forward_skb - loopback an skb to another netif
1459 * 1480 *
@@ -1477,8 +1498,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
1477 skb_orphan(skb); 1498 skb_orphan(skb);
1478 nf_reset(skb); 1499 nf_reset(skb);
1479 1500
1480 if (unlikely(!(dev->flags & IFF_UP) || 1501 if (unlikely(!is_skb_forwardable(dev, skb))) {
1481 (skb->len > (dev->mtu + dev->hard_header_len + VLAN_HLEN)))) {
1482 atomic_long_inc(&dev->rx_dropped); 1502 atomic_long_inc(&dev->rx_dropped);
1483 kfree_skb(skb); 1503 kfree_skb(skb);
1484 return NET_RX_DROP; 1504 return NET_RX_DROP;
diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c
index 090d273d7865..1b74d3b64371 100644
--- a/net/ipv4/arp.c
+++ b/net/ipv4/arp.c
@@ -215,6 +215,9 @@ int arp_mc_map(__be32 addr, u8 *haddr, struct net_device *dev, int dir)
215 case ARPHRD_INFINIBAND: 215 case ARPHRD_INFINIBAND:
216 ip_ib_mc_map(addr, dev->broadcast, haddr); 216 ip_ib_mc_map(addr, dev->broadcast, haddr);
217 return 0; 217 return 0;
218 case ARPHRD_IPGRE:
219 ip_ipgre_mc_map(addr, dev->broadcast, haddr);
220 return 0;
218 default: 221 default:
219 if (dir) { 222 if (dir) {
220 memcpy(haddr, dev->broadcast, dev->addr_len); 223 memcpy(haddr, dev->broadcast, dev->addr_len);
diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c
index f116ce8f1b46..451088330bbb 100644
--- a/net/ipv4/fib_frontend.c
+++ b/net/ipv4/fib_frontend.c
@@ -1068,6 +1068,7 @@ static void ip_fib_net_exit(struct net *net)
1068 fib4_rules_exit(net); 1068 fib4_rules_exit(net);
1069#endif 1069#endif
1070 1070
1071 rtnl_lock();
1071 for (i = 0; i < FIB_TABLE_HASHSZ; i++) { 1072 for (i = 0; i < FIB_TABLE_HASHSZ; i++) {
1072 struct fib_table *tb; 1073 struct fib_table *tb;
1073 struct hlist_head *head; 1074 struct hlist_head *head;
@@ -1080,6 +1081,7 @@ static void ip_fib_net_exit(struct net *net)
1080 fib_free_table(tb); 1081 fib_free_table(tb);
1081 } 1082 }
1082 } 1083 }
1084 rtnl_unlock();
1083 kfree(net->ipv4.fib_table_hash); 1085 kfree(net->ipv4.fib_table_hash);
1084} 1086}
1085 1087
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index dfa5beb0c1c8..8b0d0167e44a 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -1003,7 +1003,8 @@ int tcp_fragment(struct sock *sk, struct sk_buff *skb, u32 len,
1003 int nlen; 1003 int nlen;
1004 u8 flags; 1004 u8 flags;
1005 1005
1006 BUG_ON(len > skb->len); 1006 if (WARN_ON(len > skb->len))
1007 return -EINVAL;
1007 1008
1008 nsize = skb_headlen(skb) - len; 1009 nsize = skb_headlen(skb) - len;
1009 if (nsize < 0) 1010 if (nsize < 0)
diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
index 0e49c9db3c98..92f952d093db 100644
--- a/net/ipv6/ndisc.c
+++ b/net/ipv6/ndisc.c
@@ -341,6 +341,8 @@ int ndisc_mc_map(struct in6_addr *addr, char *buf, struct net_device *dev, int d
341 case ARPHRD_INFINIBAND: 341 case ARPHRD_INFINIBAND:
342 ipv6_ib_mc_map(addr, dev->broadcast, buf); 342 ipv6_ib_mc_map(addr, dev->broadcast, buf);
343 return 0; 343 return 0;
344 case ARPHRD_IPGRE:
345 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
344 default: 346 default:
345 if (dir) { 347 if (dir) {
346 memcpy(buf, dev->broadcast, dev->addr_len); 348 memcpy(buf, dev->broadcast, dev->addr_len);
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index 334213571ad0..44049733c4ea 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -1504,6 +1504,8 @@ int __ieee80211_request_smps(struct ieee80211_sub_if_data *sdata,
1504 enum ieee80211_smps_mode old_req; 1504 enum ieee80211_smps_mode old_req;
1505 int err; 1505 int err;
1506 1506
1507 lockdep_assert_held(&sdata->u.mgd.mtx);
1508
1507 old_req = sdata->u.mgd.req_smps; 1509 old_req = sdata->u.mgd.req_smps;
1508 sdata->u.mgd.req_smps = smps_mode; 1510 sdata->u.mgd.req_smps = smps_mode;
1509 1511
diff --git a/net/mac80211/debugfs_netdev.c b/net/mac80211/debugfs_netdev.c
index dacace6b1393..9ea7c0d0103f 100644
--- a/net/mac80211/debugfs_netdev.c
+++ b/net/mac80211/debugfs_netdev.c
@@ -177,9 +177,9 @@ static int ieee80211_set_smps(struct ieee80211_sub_if_data *sdata,
177 if (sdata->vif.type != NL80211_IFTYPE_STATION) 177 if (sdata->vif.type != NL80211_IFTYPE_STATION)
178 return -EOPNOTSUPP; 178 return -EOPNOTSUPP;
179 179
180 mutex_lock(&local->iflist_mtx); 180 mutex_lock(&sdata->u.mgd.mtx);
181 err = __ieee80211_request_smps(sdata, smps_mode); 181 err = __ieee80211_request_smps(sdata, smps_mode);
182 mutex_unlock(&local->iflist_mtx); 182 mutex_unlock(&sdata->u.mgd.mtx);
183 183
184 return err; 184 return err;
185} 185}
diff --git a/net/mac80211/key.c b/net/mac80211/key.c
index 8c02469b7176..af3c56482c80 100644
--- a/net/mac80211/key.c
+++ b/net/mac80211/key.c
@@ -342,7 +342,7 @@ struct ieee80211_key *ieee80211_key_alloc(u32 cipher, int idx, size_t key_len,
342 if (IS_ERR(key->u.ccmp.tfm)) { 342 if (IS_ERR(key->u.ccmp.tfm)) {
343 err = PTR_ERR(key->u.ccmp.tfm); 343 err = PTR_ERR(key->u.ccmp.tfm);
344 kfree(key); 344 kfree(key);
345 key = ERR_PTR(err); 345 return ERR_PTR(err);
346 } 346 }
347 break; 347 break;
348 case WLAN_CIPHER_SUITE_AES_CMAC: 348 case WLAN_CIPHER_SUITE_AES_CMAC:
@@ -360,7 +360,7 @@ struct ieee80211_key *ieee80211_key_alloc(u32 cipher, int idx, size_t key_len,
360 if (IS_ERR(key->u.aes_cmac.tfm)) { 360 if (IS_ERR(key->u.aes_cmac.tfm)) {
361 err = PTR_ERR(key->u.aes_cmac.tfm); 361 err = PTR_ERR(key->u.aes_cmac.tfm);
362 kfree(key); 362 kfree(key);
363 key = ERR_PTR(err); 363 return ERR_PTR(err);
364 } 364 }
365 break; 365 break;
366 } 366 }
@@ -400,11 +400,12 @@ int ieee80211_key_link(struct ieee80211_key *key,
400{ 400{
401 struct ieee80211_key *old_key; 401 struct ieee80211_key *old_key;
402 int idx, ret; 402 int idx, ret;
403 bool pairwise = key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE; 403 bool pairwise;
404 404
405 BUG_ON(!sdata); 405 BUG_ON(!sdata);
406 BUG_ON(!key); 406 BUG_ON(!key);
407 407
408 pairwise = key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE;
408 idx = key->conf.keyidx; 409 idx = key->conf.keyidx;
409 key->local = sdata->local; 410 key->local = sdata->local;
410 key->sdata = sdata; 411 key->sdata = sdata;
diff --git a/net/mac80211/rc80211_minstrel_ht.c b/net/mac80211/rc80211_minstrel_ht.c
index 8212a8bebf06..dbdebeda097f 100644
--- a/net/mac80211/rc80211_minstrel_ht.c
+++ b/net/mac80211/rc80211_minstrel_ht.c
@@ -659,18 +659,14 @@ minstrel_ht_update_caps(void *priv, struct ieee80211_supported_band *sband,
659 struct ieee80211_mcs_info *mcs = &sta->ht_cap.mcs; 659 struct ieee80211_mcs_info *mcs = &sta->ht_cap.mcs;
660 struct ieee80211_local *local = hw_to_local(mp->hw); 660 struct ieee80211_local *local = hw_to_local(mp->hw);
661 u16 sta_cap = sta->ht_cap.cap; 661 u16 sta_cap = sta->ht_cap.cap;
662 int n_supported = 0;
662 int ack_dur; 663 int ack_dur;
663 int stbc; 664 int stbc;
664 int i; 665 int i;
665 666
666 /* fall back to the old minstrel for legacy stations */ 667 /* fall back to the old minstrel for legacy stations */
667 if (!sta->ht_cap.ht_supported) { 668 if (!sta->ht_cap.ht_supported)
668 msp->is_ht = false; 669 goto use_legacy;
669 memset(&msp->legacy, 0, sizeof(msp->legacy));
670 msp->legacy.r = msp->ratelist;
671 msp->legacy.sample_table = msp->sample_table;
672 return mac80211_minstrel.rate_init(priv, sband, sta, &msp->legacy);
673 }
674 670
675 BUILD_BUG_ON(ARRAY_SIZE(minstrel_mcs_groups) != 671 BUILD_BUG_ON(ARRAY_SIZE(minstrel_mcs_groups) !=
676 MINSTREL_MAX_STREAMS * MINSTREL_STREAM_GROUPS); 672 MINSTREL_MAX_STREAMS * MINSTREL_STREAM_GROUPS);
@@ -725,7 +721,22 @@ minstrel_ht_update_caps(void *priv, struct ieee80211_supported_band *sband,
725 721
726 mi->groups[i].supported = 722 mi->groups[i].supported =
727 mcs->rx_mask[minstrel_mcs_groups[i].streams - 1]; 723 mcs->rx_mask[minstrel_mcs_groups[i].streams - 1];
724
725 if (mi->groups[i].supported)
726 n_supported++;
728 } 727 }
728
729 if (!n_supported)
730 goto use_legacy;
731
732 return;
733
734use_legacy:
735 msp->is_ht = false;
736 memset(&msp->legacy, 0, sizeof(msp->legacy));
737 msp->legacy.r = msp->ratelist;
738 msp->legacy.sample_table = msp->sample_table;
739 return mac80211_minstrel.rate_init(priv, sband, sta, &msp->legacy);
729} 740}
730 741
731static void 742static void
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 5c1930ba8ebe..2afeac9c6453 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -612,7 +612,8 @@ static void ieee80211_sta_reorder_release(struct ieee80211_hw *hw,
612 skipped++; 612 skipped++;
613 continue; 613 continue;
614 } 614 }
615 if (!time_after(jiffies, tid_agg_rx->reorder_time[j] + 615 if (skipped &&
616 !time_after(jiffies, tid_agg_rx->reorder_time[j] +
616 HT_RX_REORDER_BUF_TIMEOUT)) 617 HT_RX_REORDER_BUF_TIMEOUT))
617 goto set_release_timer; 618 goto set_release_timer;
618 619
@@ -2540,7 +2541,6 @@ static void ieee80211_rx_handlers(struct ieee80211_rx_data *rx)
2540 * same TID from the same station 2541 * same TID from the same station
2541 */ 2542 */
2542 rx->skb = skb; 2543 rx->skb = skb;
2543 rx->flags = 0;
2544 2544
2545 CALL_RXH(ieee80211_rx_h_decrypt) 2545 CALL_RXH(ieee80211_rx_h_decrypt)
2546 CALL_RXH(ieee80211_rx_h_check_more_data) 2546 CALL_RXH(ieee80211_rx_h_check_more_data)
@@ -2611,6 +2611,7 @@ void ieee80211_release_reorder_timeout(struct sta_info *sta, int tid)
2611 .sdata = sta->sdata, 2611 .sdata = sta->sdata,
2612 .local = sta->local, 2612 .local = sta->local,
2613 .queue = tid, 2613 .queue = tid,
2614 .flags = 0,
2614 }; 2615 };
2615 struct tid_ampdu_rx *tid_agg_rx; 2616 struct tid_ampdu_rx *tid_agg_rx;
2616 2617
diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c
index 152976ec0b74..d5bf91d04f63 100644
--- a/net/sctp/protocol.c
+++ b/net/sctp/protocol.c
@@ -1205,7 +1205,7 @@ SCTP_STATIC __init int sctp_init(void)
1205 if ((sctp_assoc_hashsize > (64 * 1024)) && order > 0) 1205 if ((sctp_assoc_hashsize > (64 * 1024)) && order > 0)
1206 continue; 1206 continue;
1207 sctp_assoc_hashtable = (struct sctp_hashbucket *) 1207 sctp_assoc_hashtable = (struct sctp_hashbucket *)
1208 __get_free_pages(GFP_ATOMIC, order); 1208 __get_free_pages(GFP_ATOMIC|__GFP_NOWARN, order);
1209 } while (!sctp_assoc_hashtable && --order > 0); 1209 } while (!sctp_assoc_hashtable && --order > 0);
1210 if (!sctp_assoc_hashtable) { 1210 if (!sctp_assoc_hashtable) {
1211 pr_err("Failed association hash alloc\n"); 1211 pr_err("Failed association hash alloc\n");
@@ -1238,7 +1238,7 @@ SCTP_STATIC __init int sctp_init(void)
1238 if ((sctp_port_hashsize > (64 * 1024)) && order > 0) 1238 if ((sctp_port_hashsize > (64 * 1024)) && order > 0)
1239 continue; 1239 continue;
1240 sctp_port_hashtable = (struct sctp_bind_hashbucket *) 1240 sctp_port_hashtable = (struct sctp_bind_hashbucket *)
1241 __get_free_pages(GFP_ATOMIC, order); 1241 __get_free_pages(GFP_ATOMIC|__GFP_NOWARN, order);
1242 } while (!sctp_port_hashtable && --order > 0); 1242 } while (!sctp_port_hashtable && --order > 0);
1243 if (!sctp_port_hashtable) { 1243 if (!sctp_port_hashtable) {
1244 pr_err("Failed bind hash alloc\n"); 1244 pr_err("Failed bind hash alloc\n");
diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c
index de98665db524..b3434cc7d0cf 100644
--- a/net/sctp/sm_make_chunk.c
+++ b/net/sctp/sm_make_chunk.c
@@ -3106,10 +3106,10 @@ struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc,
3106 3106
3107 /* create an ASCONF_ACK chunk. 3107 /* create an ASCONF_ACK chunk.
3108 * Based on the definitions of parameters, we know that the size of 3108 * Based on the definitions of parameters, we know that the size of
3109 * ASCONF_ACK parameters are less than or equal to the twice of ASCONF 3109 * ASCONF_ACK parameters are less than or equal to the fourfold of ASCONF
3110 * parameters. 3110 * parameters.
3111 */ 3111 */
3112 asconf_ack = sctp_make_asconf_ack(asoc, serial, chunk_len * 2); 3112 asconf_ack = sctp_make_asconf_ack(asoc, serial, chunk_len * 4);
3113 if (!asconf_ack) 3113 if (!asconf_ack)
3114 goto done; 3114 goto done;
3115 3115
diff --git a/net/wireless/scan.c b/net/wireless/scan.c
index ea427f418f64..fbf6f33ae4d0 100644
--- a/net/wireless/scan.c
+++ b/net/wireless/scan.c
@@ -124,6 +124,15 @@ void cfg80211_bss_age(struct cfg80211_registered_device *dev,
124} 124}
125 125
126/* must hold dev->bss_lock! */ 126/* must hold dev->bss_lock! */
127static void __cfg80211_unlink_bss(struct cfg80211_registered_device *dev,
128 struct cfg80211_internal_bss *bss)
129{
130 list_del_init(&bss->list);
131 rb_erase(&bss->rbn, &dev->bss_tree);
132 kref_put(&bss->ref, bss_release);
133}
134
135/* must hold dev->bss_lock! */
127void cfg80211_bss_expire(struct cfg80211_registered_device *dev) 136void cfg80211_bss_expire(struct cfg80211_registered_device *dev)
128{ 137{
129 struct cfg80211_internal_bss *bss, *tmp; 138 struct cfg80211_internal_bss *bss, *tmp;
@@ -134,9 +143,7 @@ void cfg80211_bss_expire(struct cfg80211_registered_device *dev)
134 continue; 143 continue;
135 if (!time_after(jiffies, bss->ts + IEEE80211_SCAN_RESULT_EXPIRE)) 144 if (!time_after(jiffies, bss->ts + IEEE80211_SCAN_RESULT_EXPIRE))
136 continue; 145 continue;
137 list_del(&bss->list); 146 __cfg80211_unlink_bss(dev, bss);
138 rb_erase(&bss->rbn, &dev->bss_tree);
139 kref_put(&bss->ref, bss_release);
140 expired = true; 147 expired = true;
141 } 148 }
142 149
@@ -585,16 +592,23 @@ cfg80211_inform_bss_frame(struct wiphy *wiphy,
585 struct cfg80211_internal_bss *res; 592 struct cfg80211_internal_bss *res;
586 size_t ielen = len - offsetof(struct ieee80211_mgmt, 593 size_t ielen = len - offsetof(struct ieee80211_mgmt,
587 u.probe_resp.variable); 594 u.probe_resp.variable);
588 size_t privsz = wiphy->bss_priv_size; 595 size_t privsz;
596
597 if (WARN_ON(!mgmt))
598 return NULL;
599
600 if (WARN_ON(!wiphy))
601 return NULL;
589 602
590 if (WARN_ON(wiphy->signal_type == CFG80211_SIGNAL_TYPE_UNSPEC && 603 if (WARN_ON(wiphy->signal_type == CFG80211_SIGNAL_TYPE_UNSPEC &&
591 (signal < 0 || signal > 100))) 604 (signal < 0 || signal > 100)))
592 return NULL; 605 return NULL;
593 606
594 if (WARN_ON(!mgmt || !wiphy || 607 if (WARN_ON(len < offsetof(struct ieee80211_mgmt, u.probe_resp.variable)))
595 len < offsetof(struct ieee80211_mgmt, u.probe_resp.variable)))
596 return NULL; 608 return NULL;
597 609
610 privsz = wiphy->bss_priv_size;
611
598 res = kzalloc(sizeof(*res) + privsz + ielen, gfp); 612 res = kzalloc(sizeof(*res) + privsz + ielen, gfp);
599 if (!res) 613 if (!res)
600 return NULL; 614 return NULL;
@@ -662,11 +676,8 @@ void cfg80211_unlink_bss(struct wiphy *wiphy, struct cfg80211_bss *pub)
662 676
663 spin_lock_bh(&dev->bss_lock); 677 spin_lock_bh(&dev->bss_lock);
664 if (!list_empty(&bss->list)) { 678 if (!list_empty(&bss->list)) {
665 list_del_init(&bss->list); 679 __cfg80211_unlink_bss(dev, bss);
666 dev->bss_generation++; 680 dev->bss_generation++;
667 rb_erase(&bss->rbn, &dev->bss_tree);
668
669 kref_put(&bss->ref, bss_release);
670 } 681 }
671 spin_unlock_bh(&dev->bss_lock); 682 spin_unlock_bh(&dev->bss_lock);
672} 683}
generated by cgit v1.2.2 (git 2.25.0) at 2025-01-26 00:34:41 -0500