diff options
Diffstat (limited to 'net')
-rw-r--r-- | net/core/pktgen.c | 15 | ||||
-rw-r--r-- | net/ipv4/raw.c | 24 | ||||
-rw-r--r-- | net/ipv4/tcp.c | 6 | ||||
-rw-r--r-- | net/mac80211/ibss.c | 6 | ||||
-rw-r--r-- | net/mac80211/mesh_hwmp.c | 2 | ||||
-rw-r--r-- | net/mac80211/mlme.c | 3 | ||||
-rw-r--r-- | net/mac80211/tx.c | 2 | ||||
-rw-r--r-- | net/packet/af_packet.c | 5 | ||||
-rw-r--r-- | net/wireless/core.h | 1 | ||||
-rw-r--r-- | net/wireless/mlme.c | 9 | ||||
-rw-r--r-- | net/wireless/sme.c | 21 |
11 files changed, 65 insertions, 29 deletions
diff --git a/net/core/pktgen.c b/net/core/pktgen.c index 86acdba0a97d..6eb8d47cbf3a 100644 --- a/net/core/pktgen.c +++ b/net/core/pktgen.c | |||
@@ -335,6 +335,7 @@ struct pktgen_dev { | |||
335 | __u32 cur_src_mac_offset; | 335 | __u32 cur_src_mac_offset; |
336 | __be32 cur_saddr; | 336 | __be32 cur_saddr; |
337 | __be32 cur_daddr; | 337 | __be32 cur_daddr; |
338 | __u16 ip_id; | ||
338 | __u16 cur_udp_dst; | 339 | __u16 cur_udp_dst; |
339 | __u16 cur_udp_src; | 340 | __u16 cur_udp_src; |
340 | __u16 cur_queue_map; | 341 | __u16 cur_queue_map; |
@@ -2630,6 +2631,8 @@ static struct sk_buff *fill_packet_ipv4(struct net_device *odev, | |||
2630 | iph->protocol = IPPROTO_UDP; /* UDP */ | 2631 | iph->protocol = IPPROTO_UDP; /* UDP */ |
2631 | iph->saddr = pkt_dev->cur_saddr; | 2632 | iph->saddr = pkt_dev->cur_saddr; |
2632 | iph->daddr = pkt_dev->cur_daddr; | 2633 | iph->daddr = pkt_dev->cur_daddr; |
2634 | iph->id = htons(pkt_dev->ip_id); | ||
2635 | pkt_dev->ip_id++; | ||
2633 | iph->frag_off = 0; | 2636 | iph->frag_off = 0; |
2634 | iplen = 20 + 8 + datalen; | 2637 | iplen = 20 + 8 + datalen; |
2635 | iph->tot_len = htons(iplen); | 2638 | iph->tot_len = htons(iplen); |
@@ -2641,24 +2644,26 @@ static struct sk_buff *fill_packet_ipv4(struct net_device *odev, | |||
2641 | skb->dev = odev; | 2644 | skb->dev = odev; |
2642 | skb->pkt_type = PACKET_HOST; | 2645 | skb->pkt_type = PACKET_HOST; |
2643 | 2646 | ||
2644 | if (pkt_dev->nfrags <= 0) | 2647 | if (pkt_dev->nfrags <= 0) { |
2645 | pgh = (struct pktgen_hdr *)skb_put(skb, datalen); | 2648 | pgh = (struct pktgen_hdr *)skb_put(skb, datalen); |
2646 | else { | 2649 | memset(pgh + 1, 0, datalen - sizeof(struct pktgen_hdr)); |
2650 | } else { | ||
2647 | int frags = pkt_dev->nfrags; | 2651 | int frags = pkt_dev->nfrags; |
2648 | int i; | 2652 | int i, len; |
2649 | 2653 | ||
2650 | pgh = (struct pktgen_hdr *)(((char *)(udph)) + 8); | 2654 | pgh = (struct pktgen_hdr *)(((char *)(udph)) + 8); |
2651 | 2655 | ||
2652 | if (frags > MAX_SKB_FRAGS) | 2656 | if (frags > MAX_SKB_FRAGS) |
2653 | frags = MAX_SKB_FRAGS; | 2657 | frags = MAX_SKB_FRAGS; |
2654 | if (datalen > frags * PAGE_SIZE) { | 2658 | if (datalen > frags * PAGE_SIZE) { |
2655 | skb_put(skb, datalen - frags * PAGE_SIZE); | 2659 | len = datalen - frags * PAGE_SIZE; |
2660 | memset(skb_put(skb, len), 0, len); | ||
2656 | datalen = frags * PAGE_SIZE; | 2661 | datalen = frags * PAGE_SIZE; |
2657 | } | 2662 | } |
2658 | 2663 | ||
2659 | i = 0; | 2664 | i = 0; |
2660 | while (datalen > 0) { | 2665 | while (datalen > 0) { |
2661 | struct page *page = alloc_pages(GFP_KERNEL, 0); | 2666 | struct page *page = alloc_pages(GFP_KERNEL | __GFP_ZERO, 0); |
2662 | skb_shinfo(skb)->frags[i].page = page; | 2667 | skb_shinfo(skb)->frags[i].page = page; |
2663 | skb_shinfo(skb)->frags[i].page_offset = 0; | 2668 | skb_shinfo(skb)->frags[i].page_offset = 0; |
2664 | skb_shinfo(skb)->frags[i].size = | 2669 | skb_shinfo(skb)->frags[i].size = |
diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c index 757c9171e7c2..ab996f9c0fe0 100644 --- a/net/ipv4/raw.c +++ b/net/ipv4/raw.c | |||
@@ -352,13 +352,24 @@ static int raw_send_hdrinc(struct sock *sk, void *from, size_t length, | |||
352 | skb->ip_summed = CHECKSUM_NONE; | 352 | skb->ip_summed = CHECKSUM_NONE; |
353 | 353 | ||
354 | skb->transport_header = skb->network_header; | 354 | skb->transport_header = skb->network_header; |
355 | err = memcpy_fromiovecend((void *)iph, from, 0, length); | 355 | err = -EFAULT; |
356 | if (err) | 356 | if (memcpy_fromiovecend((void *)iph, from, 0, length)) |
357 | goto error_fault; | 357 | goto error_free; |
358 | 358 | ||
359 | /* We don't modify invalid header */ | ||
360 | iphlen = iph->ihl * 4; | 359 | iphlen = iph->ihl * 4; |
361 | if (iphlen >= sizeof(*iph) && iphlen <= length) { | 360 | |
361 | /* | ||
362 | * We don't want to modify the ip header, but we do need to | ||
363 | * be sure that it won't cause problems later along the network | ||
364 | * stack. Specifically we want to make sure that iph->ihl is a | ||
365 | * sane value. If ihl points beyond the length of the buffer passed | ||
366 | * in, reject the frame as invalid | ||
367 | */ | ||
368 | err = -EINVAL; | ||
369 | if (iphlen > length) | ||
370 | goto error_free; | ||
371 | |||
372 | if (iphlen >= sizeof(*iph)) { | ||
362 | if (!iph->saddr) | 373 | if (!iph->saddr) |
363 | iph->saddr = rt->rt_src; | 374 | iph->saddr = rt->rt_src; |
364 | iph->check = 0; | 375 | iph->check = 0; |
@@ -381,8 +392,7 @@ static int raw_send_hdrinc(struct sock *sk, void *from, size_t length, | |||
381 | out: | 392 | out: |
382 | return 0; | 393 | return 0; |
383 | 394 | ||
384 | error_fault: | 395 | error_free: |
385 | err = -EFAULT; | ||
386 | kfree_skb(skb); | 396 | kfree_skb(skb); |
387 | error: | 397 | error: |
388 | IP_INC_STATS(net, IPSTATS_MIB_OUTDISCARDS); | 398 | IP_INC_STATS(net, IPSTATS_MIB_OUTDISCARDS); |
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c index 90b2e0649bfb..98440ad82558 100644 --- a/net/ipv4/tcp.c +++ b/net/ipv4/tcp.c | |||
@@ -1442,9 +1442,9 @@ int tcp_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, | |||
1442 | goto found_ok_skb; | 1442 | goto found_ok_skb; |
1443 | if (tcp_hdr(skb)->fin) | 1443 | if (tcp_hdr(skb)->fin) |
1444 | goto found_fin_ok; | 1444 | goto found_fin_ok; |
1445 | if (WARN_ON(!(flags & MSG_PEEK))) | 1445 | WARN(!(flags & MSG_PEEK), KERN_INFO "recvmsg bug 2: " |
1446 | printk(KERN_INFO "recvmsg bug 2: copied %X " | 1446 | "copied %X seq %X\n", *seq, |
1447 | "seq %X\n", *seq, TCP_SKB_CB(skb)->seq); | 1447 | TCP_SKB_CB(skb)->seq); |
1448 | } | 1448 | } |
1449 | 1449 | ||
1450 | /* Well, if we have backlog, try to process it now yet. */ | 1450 | /* Well, if we have backlog, try to process it now yet. */ |
diff --git a/net/mac80211/ibss.c b/net/mac80211/ibss.c index 6eaf69823439..ca8ecce31d34 100644 --- a/net/mac80211/ibss.c +++ b/net/mac80211/ibss.c | |||
@@ -538,13 +538,12 @@ static void ieee80211_sta_find_ibss(struct ieee80211_sub_if_data *sdata) | |||
538 | WLAN_CAPABILITY_PRIVACY, | 538 | WLAN_CAPABILITY_PRIVACY, |
539 | capability); | 539 | capability); |
540 | 540 | ||
541 | if (bss) { | ||
541 | #ifdef CONFIG_MAC80211_IBSS_DEBUG | 542 | #ifdef CONFIG_MAC80211_IBSS_DEBUG |
542 | if (bss) | ||
543 | printk(KERN_DEBUG " sta_find_ibss: selected %pM current " | 543 | printk(KERN_DEBUG " sta_find_ibss: selected %pM current " |
544 | "%pM\n", bss->cbss.bssid, ifibss->bssid); | 544 | "%pM\n", bss->cbss.bssid, ifibss->bssid); |
545 | #endif /* CONFIG_MAC80211_IBSS_DEBUG */ | 545 | #endif /* CONFIG_MAC80211_IBSS_DEBUG */ |
546 | 546 | ||
547 | if (bss && !memcmp(ifibss->bssid, bss->cbss.bssid, ETH_ALEN)) { | ||
548 | printk(KERN_DEBUG "%s: Selected IBSS BSSID %pM" | 547 | printk(KERN_DEBUG "%s: Selected IBSS BSSID %pM" |
549 | " based on configured SSID\n", | 548 | " based on configured SSID\n", |
550 | sdata->dev->name, bss->cbss.bssid); | 549 | sdata->dev->name, bss->cbss.bssid); |
@@ -552,8 +551,7 @@ static void ieee80211_sta_find_ibss(struct ieee80211_sub_if_data *sdata) | |||
552 | ieee80211_sta_join_ibss(sdata, bss); | 551 | ieee80211_sta_join_ibss(sdata, bss); |
553 | ieee80211_rx_bss_put(local, bss); | 552 | ieee80211_rx_bss_put(local, bss); |
554 | return; | 553 | return; |
555 | } else if (bss) | 554 | } |
556 | ieee80211_rx_bss_put(local, bss); | ||
557 | 555 | ||
558 | #ifdef CONFIG_MAC80211_IBSS_DEBUG | 556 | #ifdef CONFIG_MAC80211_IBSS_DEBUG |
559 | printk(KERN_DEBUG " did not try to join ibss\n"); | 557 | printk(KERN_DEBUG " did not try to join ibss\n"); |
diff --git a/net/mac80211/mesh_hwmp.c b/net/mac80211/mesh_hwmp.c index e12a786e26b8..29b82e98effa 100644 --- a/net/mac80211/mesh_hwmp.c +++ b/net/mac80211/mesh_hwmp.c | |||
@@ -259,7 +259,7 @@ static u32 airtime_link_metric_get(struct ieee80211_local *local, | |||
259 | * @hwmp_ie: hwmp information element (PREP or PREQ) | 259 | * @hwmp_ie: hwmp information element (PREP or PREQ) |
260 | * | 260 | * |
261 | * This function updates the path routing information to the originator and the | 261 | * This function updates the path routing information to the originator and the |
262 | * transmitter of a HWMP PREQ or PREP fram. | 262 | * transmitter of a HWMP PREQ or PREP frame. |
263 | * | 263 | * |
264 | * Returns: metric to frame originator or 0 if the frame should not be further | 264 | * Returns: metric to frame originator or 0 if the frame should not be further |
265 | * processed | 265 | * processed |
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c index 8d26e9bf8964..dc5049d58c51 100644 --- a/net/mac80211/mlme.c +++ b/net/mac80211/mlme.c | |||
@@ -1457,8 +1457,7 @@ ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata, | |||
1457 | if (status_code != WLAN_STATUS_SUCCESS) { | 1457 | if (status_code != WLAN_STATUS_SUCCESS) { |
1458 | printk(KERN_DEBUG "%s: AP denied association (code=%d)\n", | 1458 | printk(KERN_DEBUG "%s: AP denied association (code=%d)\n", |
1459 | sdata->dev->name, status_code); | 1459 | sdata->dev->name, status_code); |
1460 | list_del(&wk->list); | 1460 | wk->state = IEEE80211_MGD_STATE_IDLE; |
1461 | kfree(wk); | ||
1462 | return RX_MGMT_CFG80211_ASSOC; | 1461 | return RX_MGMT_CFG80211_ASSOC; |
1463 | } | 1462 | } |
1464 | 1463 | ||
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c index db4bda681ec9..eaa4118de988 100644 --- a/net/mac80211/tx.c +++ b/net/mac80211/tx.c | |||
@@ -1445,7 +1445,7 @@ static void ieee80211_xmit(struct ieee80211_sub_if_data *sdata, | |||
1445 | if (tmp_sdata->vif.type != NL80211_IFTYPE_AP) | 1445 | if (tmp_sdata->vif.type != NL80211_IFTYPE_AP) |
1446 | continue; | 1446 | continue; |
1447 | if (compare_ether_addr(tmp_sdata->dev->dev_addr, | 1447 | if (compare_ether_addr(tmp_sdata->dev->dev_addr, |
1448 | hdr->addr2)) { | 1448 | hdr->addr2) == 0) { |
1449 | dev_hold(tmp_sdata->dev); | 1449 | dev_hold(tmp_sdata->dev); |
1450 | dev_put(sdata->dev); | 1450 | dev_put(sdata->dev); |
1451 | sdata = tmp_sdata; | 1451 | sdata = tmp_sdata; |
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c index d7ecca0a0c07..f2d116a5cb35 100644 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c | |||
@@ -982,10 +982,7 @@ static int tpacket_snd(struct packet_sock *po, struct msghdr *msg) | |||
982 | goto out_put; | 982 | goto out_put; |
983 | 983 | ||
984 | size_max = po->tx_ring.frame_size | 984 | size_max = po->tx_ring.frame_size |
985 | - sizeof(struct skb_shared_info) | 985 | - (po->tp_hdrlen - sizeof(struct sockaddr_ll)); |
986 | - po->tp_hdrlen | ||
987 | - LL_ALLOCATED_SPACE(dev) | ||
988 | - sizeof(struct sockaddr_ll); | ||
989 | 986 | ||
990 | if (size_max > dev->mtu + reserve) | 987 | if (size_max > dev->mtu + reserve) |
991 | size_max = dev->mtu + reserve; | 988 | size_max = dev->mtu + reserve; |
diff --git a/net/wireless/core.h b/net/wireless/core.h index 2a33d8bc886b..68b321997d4c 100644 --- a/net/wireless/core.h +++ b/net/wireless/core.h | |||
@@ -358,6 +358,7 @@ int cfg80211_mgd_wext_connect(struct cfg80211_registered_device *rdev, | |||
358 | struct wireless_dev *wdev); | 358 | struct wireless_dev *wdev); |
359 | 359 | ||
360 | void cfg80211_conn_work(struct work_struct *work); | 360 | void cfg80211_conn_work(struct work_struct *work); |
361 | void cfg80211_sme_failed_assoc(struct wireless_dev *wdev); | ||
361 | bool cfg80211_sme_failed_reassoc(struct wireless_dev *wdev); | 362 | bool cfg80211_sme_failed_reassoc(struct wireless_dev *wdev); |
362 | 363 | ||
363 | /* internal helpers */ | 364 | /* internal helpers */ |
diff --git a/net/wireless/mlme.c b/net/wireless/mlme.c index 79d2eec54cec..0a6b7a0eca6b 100644 --- a/net/wireless/mlme.c +++ b/net/wireless/mlme.c | |||
@@ -62,6 +62,7 @@ void cfg80211_send_rx_assoc(struct net_device *dev, const u8 *buf, size_t len) | |||
62 | u8 *ie = mgmt->u.assoc_resp.variable; | 62 | u8 *ie = mgmt->u.assoc_resp.variable; |
63 | int i, ieoffs = offsetof(struct ieee80211_mgmt, u.assoc_resp.variable); | 63 | int i, ieoffs = offsetof(struct ieee80211_mgmt, u.assoc_resp.variable); |
64 | struct cfg80211_internal_bss *bss = NULL; | 64 | struct cfg80211_internal_bss *bss = NULL; |
65 | bool need_connect_result = true; | ||
65 | 66 | ||
66 | wdev_lock(wdev); | 67 | wdev_lock(wdev); |
67 | 68 | ||
@@ -94,6 +95,14 @@ void cfg80211_send_rx_assoc(struct net_device *dev, const u8 *buf, size_t len) | |||
94 | } | 95 | } |
95 | 96 | ||
96 | WARN_ON(!bss); | 97 | WARN_ON(!bss); |
98 | } else if (wdev->conn) { | ||
99 | cfg80211_sme_failed_assoc(wdev); | ||
100 | need_connect_result = false; | ||
101 | /* | ||
102 | * do not call connect_result() now because the | ||
103 | * sme will schedule work that does it later. | ||
104 | */ | ||
105 | goto out; | ||
97 | } | 106 | } |
98 | 107 | ||
99 | if (!wdev->conn && wdev->sme_state == CFG80211_SME_IDLE) { | 108 | if (!wdev->conn && wdev->sme_state == CFG80211_SME_IDLE) { |
diff --git a/net/wireless/sme.c b/net/wireless/sme.c index 93c3ed329204..ece378d531ef 100644 --- a/net/wireless/sme.c +++ b/net/wireless/sme.c | |||
@@ -26,6 +26,7 @@ struct cfg80211_conn { | |||
26 | CFG80211_CONN_AUTHENTICATING, | 26 | CFG80211_CONN_AUTHENTICATING, |
27 | CFG80211_CONN_ASSOCIATE_NEXT, | 27 | CFG80211_CONN_ASSOCIATE_NEXT, |
28 | CFG80211_CONN_ASSOCIATING, | 28 | CFG80211_CONN_ASSOCIATING, |
29 | CFG80211_CONN_DEAUTH_ASSOC_FAIL, | ||
29 | } state; | 30 | } state; |
30 | u8 bssid[ETH_ALEN], prev_bssid[ETH_ALEN]; | 31 | u8 bssid[ETH_ALEN], prev_bssid[ETH_ALEN]; |
31 | u8 *ie; | 32 | u8 *ie; |
@@ -148,6 +149,12 @@ static int cfg80211_conn_do_work(struct wireless_dev *wdev) | |||
148 | NULL, 0, | 149 | NULL, 0, |
149 | WLAN_REASON_DEAUTH_LEAVING); | 150 | WLAN_REASON_DEAUTH_LEAVING); |
150 | return err; | 151 | return err; |
152 | case CFG80211_CONN_DEAUTH_ASSOC_FAIL: | ||
153 | __cfg80211_mlme_deauth(rdev, wdev->netdev, params->bssid, | ||
154 | NULL, 0, | ||
155 | WLAN_REASON_DEAUTH_LEAVING); | ||
156 | /* return an error so that we call __cfg80211_connect_result() */ | ||
157 | return -EINVAL; | ||
151 | default: | 158 | default: |
152 | return 0; | 159 | return 0; |
153 | } | 160 | } |
@@ -158,6 +165,7 @@ void cfg80211_conn_work(struct work_struct *work) | |||
158 | struct cfg80211_registered_device *rdev = | 165 | struct cfg80211_registered_device *rdev = |
159 | container_of(work, struct cfg80211_registered_device, conn_work); | 166 | container_of(work, struct cfg80211_registered_device, conn_work); |
160 | struct wireless_dev *wdev; | 167 | struct wireless_dev *wdev; |
168 | u8 bssid[ETH_ALEN]; | ||
161 | 169 | ||
162 | rtnl_lock(); | 170 | rtnl_lock(); |
163 | cfg80211_lock_rdev(rdev); | 171 | cfg80211_lock_rdev(rdev); |
@@ -173,10 +181,10 @@ void cfg80211_conn_work(struct work_struct *work) | |||
173 | wdev_unlock(wdev); | 181 | wdev_unlock(wdev); |
174 | continue; | 182 | continue; |
175 | } | 183 | } |
184 | memcpy(bssid, wdev->conn->params.bssid, ETH_ALEN); | ||
176 | if (cfg80211_conn_do_work(wdev)) | 185 | if (cfg80211_conn_do_work(wdev)) |
177 | __cfg80211_connect_result( | 186 | __cfg80211_connect_result( |
178 | wdev->netdev, | 187 | wdev->netdev, bssid, |
179 | wdev->conn->params.bssid, | ||
180 | NULL, 0, NULL, 0, | 188 | NULL, 0, NULL, 0, |
181 | WLAN_STATUS_UNSPECIFIED_FAILURE, | 189 | WLAN_STATUS_UNSPECIFIED_FAILURE, |
182 | false, NULL); | 190 | false, NULL); |
@@ -337,6 +345,15 @@ bool cfg80211_sme_failed_reassoc(struct wireless_dev *wdev) | |||
337 | return true; | 345 | return true; |
338 | } | 346 | } |
339 | 347 | ||
348 | void cfg80211_sme_failed_assoc(struct wireless_dev *wdev) | ||
349 | { | ||
350 | struct wiphy *wiphy = wdev->wiphy; | ||
351 | struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); | ||
352 | |||
353 | wdev->conn->state = CFG80211_CONN_DEAUTH_ASSOC_FAIL; | ||
354 | schedule_work(&rdev->conn_work); | ||
355 | } | ||
356 | |||
340 | void __cfg80211_connect_result(struct net_device *dev, const u8 *bssid, | 357 | void __cfg80211_connect_result(struct net_device *dev, const u8 *bssid, |
341 | const u8 *req_ie, size_t req_ie_len, | 358 | const u8 *req_ie, size_t req_ie_len, |
342 | const u8 *resp_ie, size_t resp_ie_len, | 359 | const u8 *resp_ie, size_t resp_ie_len, |