aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
Diffstat (limited to 'net')
-rw-r--r--net/bluetooth/hci_core.c5
-rw-r--r--net/bluetooth/hci_event.c2
-rw-r--r--net/bluetooth/l2cap_core.c1
-rw-r--r--net/bluetooth/sco.c9
-rw-r--r--net/bridge/br_input.c2
-rw-r--r--net/can/bcm.c7
-rw-r--r--net/can/raw.c7
-rw-r--r--net/ipv4/route.c7
-rw-r--r--net/ipv6/route.c8
-rw-r--r--net/ipv6/udp.c2
-rw-r--r--net/mac80211/cfg.c2
-rw-r--r--net/mac80211/debugfs_netdev.c4
-rw-r--r--net/netfilter/ipset/ip_set_bitmap_ipmac.c4
-rw-r--r--net/netfilter/ipset/ip_set_core.c18
-rw-r--r--net/netfilter/xt_set.c18
15 files changed, 74 insertions, 22 deletions
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index 1ad4907766c7..e057d1235996 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -586,10 +586,8 @@ static int hci_dev_do_close(struct hci_dev *hdev)
586 hci_req_cancel(hdev, ENODEV); 586 hci_req_cancel(hdev, ENODEV);
587 hci_req_lock(hdev); 587 hci_req_lock(hdev);
588 588
589 /* Stop timer, it might be running */
590 del_timer_sync(&hdev->cmd_timer);
591
592 if (!test_and_clear_bit(HCI_UP, &hdev->flags)) { 589 if (!test_and_clear_bit(HCI_UP, &hdev->flags)) {
590 del_timer_sync(&hdev->cmd_timer);
593 hci_req_unlock(hdev); 591 hci_req_unlock(hdev);
594 return 0; 592 return 0;
595 } 593 }
@@ -628,6 +626,7 @@ static int hci_dev_do_close(struct hci_dev *hdev)
628 626
629 /* Drop last sent command */ 627 /* Drop last sent command */
630 if (hdev->sent_cmd) { 628 if (hdev->sent_cmd) {
629 del_timer_sync(&hdev->cmd_timer);
631 kfree_skb(hdev->sent_cmd); 630 kfree_skb(hdev->sent_cmd);
632 hdev->sent_cmd = NULL; 631 hdev->sent_cmd = NULL;
633 } 632 }
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index c7eb073fe633..cb25628c0583 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -2419,8 +2419,6 @@ static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *s
2419 if (!conn) 2419 if (!conn)
2420 goto unlock; 2420 goto unlock;
2421 2421
2422 hci_conn_hold(conn);
2423
2424 conn->remote_cap = ev->capability; 2422 conn->remote_cap = ev->capability;
2425 conn->remote_oob = ev->oob_data; 2423 conn->remote_oob = ev->oob_data;
2426 conn->remote_auth = ev->authentication; 2424 conn->remote_auth = ev->authentication;
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index 8cfa2a663028..fd3c1f35aa00 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -1079,6 +1079,7 @@ static void l2cap_retransmit_one_frame(struct l2cap_chan *chan, u8 tx_seq)
1079 tx_skb = skb_clone(skb, GFP_ATOMIC); 1079 tx_skb = skb_clone(skb, GFP_ATOMIC);
1080 bt_cb(skb)->retries++; 1080 bt_cb(skb)->retries++;
1081 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE); 1081 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
1082 control &= L2CAP_CTRL_SAR;
1082 1083
1083 if (chan->conn_state & L2CAP_CONN_SEND_FBIT) { 1084 if (chan->conn_state & L2CAP_CONN_SEND_FBIT) {
1084 control |= L2CAP_CTRL_FINAL; 1085 control |= L2CAP_CTRL_FINAL;
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index 42fdffd1d76c..94954c74f6ae 100644
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -369,6 +369,15 @@ static void __sco_sock_close(struct sock *sk)
369 369
370 case BT_CONNECTED: 370 case BT_CONNECTED:
371 case BT_CONFIG: 371 case BT_CONFIG:
372 if (sco_pi(sk)->conn) {
373 sk->sk_state = BT_DISCONN;
374 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT);
375 hci_conn_put(sco_pi(sk)->conn->hcon);
376 sco_pi(sk)->conn = NULL;
377 } else
378 sco_chan_del(sk, ECONNRESET);
379 break;
380
372 case BT_CONNECT: 381 case BT_CONNECT:
373 case BT_DISCONN: 382 case BT_DISCONN:
374 sco_chan_del(sk, ECONNRESET); 383 sco_chan_del(sk, ECONNRESET);
diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c
index 785932d7ad32..f3ac1e858ee1 100644
--- a/net/bridge/br_input.c
+++ b/net/bridge/br_input.c
@@ -165,7 +165,7 @@ rx_handler_result_t br_handle_frame(struct sk_buff **pskb)
165 goto drop; 165 goto drop;
166 166
167 /* If STP is turned off, then forward */ 167 /* If STP is turned off, then forward */
168 if (p->br->stp_enabled == BR_NO_STP) 168 if (p->br->stp_enabled == BR_NO_STP && dest[5] == 0)
169 goto forward; 169 goto forward;
170 170
171 if (NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_IN, skb, skb->dev, 171 if (NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_IN, skb, skb->dev,
diff --git a/net/can/bcm.c b/net/can/bcm.c
index 57b1aed79014..8a6a05e7c3c8 100644
--- a/net/can/bcm.c
+++ b/net/can/bcm.c
@@ -1427,9 +1427,14 @@ static int bcm_init(struct sock *sk)
1427static int bcm_release(struct socket *sock) 1427static int bcm_release(struct socket *sock)
1428{ 1428{
1429 struct sock *sk = sock->sk; 1429 struct sock *sk = sock->sk;
1430 struct bcm_sock *bo = bcm_sk(sk); 1430 struct bcm_sock *bo;
1431 struct bcm_op *op, *next; 1431 struct bcm_op *op, *next;
1432 1432
1433 if (sk == NULL)
1434 return 0;
1435
1436 bo = bcm_sk(sk);
1437
1433 /* remove bcm_ops, timer, rx_unregister(), etc. */ 1438 /* remove bcm_ops, timer, rx_unregister(), etc. */
1434 1439
1435 unregister_netdevice_notifier(&bo->notifier); 1440 unregister_netdevice_notifier(&bo->notifier);
diff --git a/net/can/raw.c b/net/can/raw.c
index 649acfa7c70a..0eb39a7fdf64 100644
--- a/net/can/raw.c
+++ b/net/can/raw.c
@@ -305,7 +305,12 @@ static int raw_init(struct sock *sk)
305static int raw_release(struct socket *sock) 305static int raw_release(struct socket *sock)
306{ 306{
307 struct sock *sk = sock->sk; 307 struct sock *sk = sock->sk;
308 struct raw_sock *ro = raw_sk(sk); 308 struct raw_sock *ro;
309
310 if (!sk)
311 return 0;
312
313 ro = raw_sk(sk);
309 314
310 unregister_netdevice_notifier(&ro->notifier); 315 unregister_netdevice_notifier(&ro->notifier);
311 316
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index f4b7f806afd8..d63f780c6941 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -2692,6 +2692,12 @@ static void ipv4_rt_blackhole_update_pmtu(struct dst_entry *dst, u32 mtu)
2692{ 2692{
2693} 2693}
2694 2694
2695static u32 *ipv4_rt_blackhole_cow_metrics(struct dst_entry *dst,
2696 unsigned long old)
2697{
2698 return NULL;
2699}
2700
2695static struct dst_ops ipv4_dst_blackhole_ops = { 2701static struct dst_ops ipv4_dst_blackhole_ops = {
2696 .family = AF_INET, 2702 .family = AF_INET,
2697 .protocol = cpu_to_be16(ETH_P_IP), 2703 .protocol = cpu_to_be16(ETH_P_IP),
@@ -2700,6 +2706,7 @@ static struct dst_ops ipv4_dst_blackhole_ops = {
2700 .default_mtu = ipv4_blackhole_default_mtu, 2706 .default_mtu = ipv4_blackhole_default_mtu,
2701 .default_advmss = ipv4_default_advmss, 2707 .default_advmss = ipv4_default_advmss,
2702 .update_pmtu = ipv4_rt_blackhole_update_pmtu, 2708 .update_pmtu = ipv4_rt_blackhole_update_pmtu,
2709 .cow_metrics = ipv4_rt_blackhole_cow_metrics,
2703}; 2710};
2704 2711
2705struct dst_entry *ipv4_blackhole_route(struct net *net, struct dst_entry *dst_orig) 2712struct dst_entry *ipv4_blackhole_route(struct net *net, struct dst_entry *dst_orig)
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index 852fc28ca818..19a77d0e0308 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -153,6 +153,12 @@ static void ip6_rt_blackhole_update_pmtu(struct dst_entry *dst, u32 mtu)
153{ 153{
154} 154}
155 155
156static u32 *ip6_rt_blackhole_cow_metrics(struct dst_entry *dst,
157 unsigned long old)
158{
159 return NULL;
160}
161
156static struct dst_ops ip6_dst_blackhole_ops = { 162static struct dst_ops ip6_dst_blackhole_ops = {
157 .family = AF_INET6, 163 .family = AF_INET6,
158 .protocol = cpu_to_be16(ETH_P_IPV6), 164 .protocol = cpu_to_be16(ETH_P_IPV6),
@@ -161,6 +167,7 @@ static struct dst_ops ip6_dst_blackhole_ops = {
161 .default_mtu = ip6_blackhole_default_mtu, 167 .default_mtu = ip6_blackhole_default_mtu,
162 .default_advmss = ip6_default_advmss, 168 .default_advmss = ip6_default_advmss,
163 .update_pmtu = ip6_rt_blackhole_update_pmtu, 169 .update_pmtu = ip6_rt_blackhole_update_pmtu,
170 .cow_metrics = ip6_rt_blackhole_cow_metrics,
164}; 171};
165 172
166static const u32 ip6_template_metrics[RTAX_MAX] = { 173static const u32 ip6_template_metrics[RTAX_MAX] = {
@@ -2022,7 +2029,6 @@ struct rt6_info *addrconf_dst_alloc(struct inet6_dev *idev,
2022 rt->dst.output = ip6_output; 2029 rt->dst.output = ip6_output;
2023 rt->rt6i_dev = net->loopback_dev; 2030 rt->rt6i_dev = net->loopback_dev;
2024 rt->rt6i_idev = idev; 2031 rt->rt6i_idev = idev;
2025 dst_metric_set(&rt->dst, RTAX_HOPLIMIT, -1);
2026 rt->dst.obsolete = -1; 2032 rt->dst.obsolete = -1;
2027 2033
2028 rt->rt6i_flags = RTF_UP | RTF_NONEXTHOP; 2034 rt->rt6i_flags = RTF_UP | RTF_NONEXTHOP;
diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
index 1bdc5f053db8..98ecfd7359e2 100644
--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -1335,7 +1335,7 @@ static struct sk_buff *udp6_ufo_fragment(struct sk_buff *skb, u32 features)
1335 skb->ip_summed = CHECKSUM_NONE; 1335 skb->ip_summed = CHECKSUM_NONE;
1336 1336
1337 /* Check if there is enough headroom to insert fragment header. */ 1337 /* Check if there is enough headroom to insert fragment header. */
1338 if ((skb_headroom(skb) < frag_hdr_sz) && 1338 if ((skb_mac_header(skb) < skb->head + frag_hdr_sz) &&
1339 pskb_expand_head(skb, frag_hdr_sz, 0, GFP_ATOMIC)) 1339 pskb_expand_head(skb, frag_hdr_sz, 0, GFP_ATOMIC))
1340 goto out; 1340 goto out;
1341 1341
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index a6d191f2a0fe..a9ddaf63ee14 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -1526,6 +1526,8 @@ int __ieee80211_request_smps(struct ieee80211_sub_if_data *sdata,
1526 enum ieee80211_smps_mode old_req; 1526 enum ieee80211_smps_mode old_req;
1527 int err; 1527 int err;
1528 1528
1529 lockdep_assert_held(&sdata->u.mgd.mtx);
1530
1529 old_req = sdata->u.mgd.req_smps; 1531 old_req = sdata->u.mgd.req_smps;
1530 sdata->u.mgd.req_smps = smps_mode; 1532 sdata->u.mgd.req_smps = smps_mode;
1531 1533
diff --git a/net/mac80211/debugfs_netdev.c b/net/mac80211/debugfs_netdev.c
index dacace6b1393..9ea7c0d0103f 100644
--- a/net/mac80211/debugfs_netdev.c
+++ b/net/mac80211/debugfs_netdev.c
@@ -177,9 +177,9 @@ static int ieee80211_set_smps(struct ieee80211_sub_if_data *sdata,
177 if (sdata->vif.type != NL80211_IFTYPE_STATION) 177 if (sdata->vif.type != NL80211_IFTYPE_STATION)
178 return -EOPNOTSUPP; 178 return -EOPNOTSUPP;
179 179
180 mutex_lock(&local->iflist_mtx); 180 mutex_lock(&sdata->u.mgd.mtx);
181 err = __ieee80211_request_smps(sdata, smps_mode); 181 err = __ieee80211_request_smps(sdata, smps_mode);
182 mutex_unlock(&local->iflist_mtx); 182 mutex_unlock(&sdata->u.mgd.mtx);
183 183
184 return err; 184 return err;
185} 185}
diff --git a/net/netfilter/ipset/ip_set_bitmap_ipmac.c b/net/netfilter/ipset/ip_set_bitmap_ipmac.c
index 00a33242e90c..a274300b6a56 100644
--- a/net/netfilter/ipset/ip_set_bitmap_ipmac.c
+++ b/net/netfilter/ipset/ip_set_bitmap_ipmac.c
@@ -343,6 +343,10 @@ bitmap_ipmac_kadt(struct ip_set *set, const struct sk_buff *skb,
343 ipset_adtfn adtfn = set->variant->adt[adt]; 343 ipset_adtfn adtfn = set->variant->adt[adt];
344 struct ipmac data; 344 struct ipmac data;
345 345
346 /* MAC can be src only */
347 if (!(flags & IPSET_DIM_TWO_SRC))
348 return 0;
349
346 data.id = ntohl(ip4addr(skb, flags & IPSET_DIM_ONE_SRC)); 350 data.id = ntohl(ip4addr(skb, flags & IPSET_DIM_ONE_SRC));
347 if (data.id < map->first_ip || data.id > map->last_ip) 351 if (data.id < map->first_ip || data.id > map->last_ip)
348 return -IPSET_ERR_BITMAP_RANGE; 352 return -IPSET_ERR_BITMAP_RANGE;
diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c
index 9152e69a162d..72d1ac611fdc 100644
--- a/net/netfilter/ipset/ip_set_core.c
+++ b/net/netfilter/ipset/ip_set_core.c
@@ -1022,8 +1022,9 @@ ip_set_dump_start(struct sk_buff *skb, struct netlink_callback *cb)
1022 if (cb->args[1] >= ip_set_max) 1022 if (cb->args[1] >= ip_set_max)
1023 goto out; 1023 goto out;
1024 1024
1025 pr_debug("args[0]: %ld args[1]: %ld\n", cb->args[0], cb->args[1]);
1026 max = cb->args[0] == DUMP_ONE ? cb->args[1] + 1 : ip_set_max; 1025 max = cb->args[0] == DUMP_ONE ? cb->args[1] + 1 : ip_set_max;
1026dump_last:
1027 pr_debug("args[0]: %ld args[1]: %ld\n", cb->args[0], cb->args[1]);
1027 for (; cb->args[1] < max; cb->args[1]++) { 1028 for (; cb->args[1] < max; cb->args[1]++) {
1028 index = (ip_set_id_t) cb->args[1]; 1029 index = (ip_set_id_t) cb->args[1];
1029 set = ip_set_list[index]; 1030 set = ip_set_list[index];
@@ -1038,8 +1039,8 @@ ip_set_dump_start(struct sk_buff *skb, struct netlink_callback *cb)
1038 * so that lists (unions of sets) are dumped last. 1039 * so that lists (unions of sets) are dumped last.
1039 */ 1040 */
1040 if (cb->args[0] != DUMP_ONE && 1041 if (cb->args[0] != DUMP_ONE &&
1041 !((cb->args[0] == DUMP_ALL) ^ 1042 ((cb->args[0] == DUMP_ALL) ==
1042 (set->type->features & IPSET_DUMP_LAST))) 1043 !!(set->type->features & IPSET_DUMP_LAST)))
1043 continue; 1044 continue;
1044 pr_debug("List set: %s\n", set->name); 1045 pr_debug("List set: %s\n", set->name);
1045 if (!cb->args[2]) { 1046 if (!cb->args[2]) {
@@ -1083,6 +1084,12 @@ ip_set_dump_start(struct sk_buff *skb, struct netlink_callback *cb)
1083 goto release_refcount; 1084 goto release_refcount;
1084 } 1085 }
1085 } 1086 }
1087 /* If we dump all sets, continue with dumping last ones */
1088 if (cb->args[0] == DUMP_ALL) {
1089 cb->args[0] = DUMP_LAST;
1090 cb->args[1] = 0;
1091 goto dump_last;
1092 }
1086 goto out; 1093 goto out;
1087 1094
1088nla_put_failure: 1095nla_put_failure:
@@ -1093,11 +1100,6 @@ release_refcount:
1093 pr_debug("release set %s\n", ip_set_list[index]->name); 1100 pr_debug("release set %s\n", ip_set_list[index]->name);
1094 ip_set_put_byindex(index); 1101 ip_set_put_byindex(index);
1095 } 1102 }
1096
1097 /* If we dump all sets, continue with dumping last ones */
1098 if (cb->args[0] == DUMP_ALL && cb->args[1] >= max && !cb->args[2])
1099 cb->args[0] = DUMP_LAST;
1100
1101out: 1103out:
1102 if (nlh) { 1104 if (nlh) {
1103 nlmsg_end(skb, nlh); 1105 nlmsg_end(skb, nlh);
diff --git a/net/netfilter/xt_set.c b/net/netfilter/xt_set.c
index 061d48cec137..b3babaed7719 100644
--- a/net/netfilter/xt_set.c
+++ b/net/netfilter/xt_set.c
@@ -81,6 +81,7 @@ set_match_v0_checkentry(const struct xt_mtchk_param *par)
81 if (info->match_set.u.flags[IPSET_DIM_MAX-1] != 0) { 81 if (info->match_set.u.flags[IPSET_DIM_MAX-1] != 0) {
82 pr_warning("Protocol error: set match dimension " 82 pr_warning("Protocol error: set match dimension "
83 "is over the limit!\n"); 83 "is over the limit!\n");
84 ip_set_nfnl_put(info->match_set.index);
84 return -ERANGE; 85 return -ERANGE;
85 } 86 }
86 87
@@ -135,6 +136,8 @@ set_target_v0_checkentry(const struct xt_tgchk_param *par)
135 if (index == IPSET_INVALID_ID) { 136 if (index == IPSET_INVALID_ID) {
136 pr_warning("Cannot find del_set index %u as target\n", 137 pr_warning("Cannot find del_set index %u as target\n",
137 info->del_set.index); 138 info->del_set.index);
139 if (info->add_set.index != IPSET_INVALID_ID)
140 ip_set_nfnl_put(info->add_set.index);
138 return -ENOENT; 141 return -ENOENT;
139 } 142 }
140 } 143 }
@@ -142,6 +145,10 @@ set_target_v0_checkentry(const struct xt_tgchk_param *par)
142 info->del_set.u.flags[IPSET_DIM_MAX-1] != 0) { 145 info->del_set.u.flags[IPSET_DIM_MAX-1] != 0) {
143 pr_warning("Protocol error: SET target dimension " 146 pr_warning("Protocol error: SET target dimension "
144 "is over the limit!\n"); 147 "is over the limit!\n");
148 if (info->add_set.index != IPSET_INVALID_ID)
149 ip_set_nfnl_put(info->add_set.index);
150 if (info->del_set.index != IPSET_INVALID_ID)
151 ip_set_nfnl_put(info->del_set.index);
145 return -ERANGE; 152 return -ERANGE;
146 } 153 }
147 154
@@ -192,6 +199,7 @@ set_match_checkentry(const struct xt_mtchk_param *par)
192 if (info->match_set.dim > IPSET_DIM_MAX) { 199 if (info->match_set.dim > IPSET_DIM_MAX) {
193 pr_warning("Protocol error: set match dimension " 200 pr_warning("Protocol error: set match dimension "
194 "is over the limit!\n"); 201 "is over the limit!\n");
202 ip_set_nfnl_put(info->match_set.index);
195 return -ERANGE; 203 return -ERANGE;
196 } 204 }
197 205
@@ -219,7 +227,7 @@ set_target(struct sk_buff *skb, const struct xt_action_param *par)
219 if (info->del_set.index != IPSET_INVALID_ID) 227 if (info->del_set.index != IPSET_INVALID_ID)
220 ip_set_del(info->del_set.index, 228 ip_set_del(info->del_set.index,
221 skb, par->family, 229 skb, par->family,
222 info->add_set.dim, 230 info->del_set.dim,
223 info->del_set.flags); 231 info->del_set.flags);
224 232
225 return XT_CONTINUE; 233 return XT_CONTINUE;
@@ -245,13 +253,19 @@ set_target_checkentry(const struct xt_tgchk_param *par)
245 if (index == IPSET_INVALID_ID) { 253 if (index == IPSET_INVALID_ID) {
246 pr_warning("Cannot find del_set index %u as target\n", 254 pr_warning("Cannot find del_set index %u as target\n",
247 info->del_set.index); 255 info->del_set.index);
256 if (info->add_set.index != IPSET_INVALID_ID)
257 ip_set_nfnl_put(info->add_set.index);
248 return -ENOENT; 258 return -ENOENT;
249 } 259 }
250 } 260 }
251 if (info->add_set.dim > IPSET_DIM_MAX || 261 if (info->add_set.dim > IPSET_DIM_MAX ||
252 info->del_set.flags > IPSET_DIM_MAX) { 262 info->del_set.dim > IPSET_DIM_MAX) {
253 pr_warning("Protocol error: SET target dimension " 263 pr_warning("Protocol error: SET target dimension "
254 "is over the limit!\n"); 264 "is over the limit!\n");
265 if (info->add_set.index != IPSET_INVALID_ID)
266 ip_set_nfnl_put(info->add_set.index);
267 if (info->del_set.index != IPSET_INVALID_ID)
268 ip_set_nfnl_put(info->del_set.index);
255 return -ERANGE; 269 return -ERANGE;
256 } 270 }
257 271