aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
Diffstat (limited to 'net')
-rw-r--r--net/core/pktgen.c15
-rw-r--r--net/ipv4/raw.c24
-rw-r--r--net/ipv4/tcp.c6
-rw-r--r--net/mac80211/ibss.c6
-rw-r--r--net/mac80211/mesh_hwmp.c2
-rw-r--r--net/mac80211/mlme.c3
-rw-r--r--net/mac80211/tx.c2
-rw-r--r--net/packet/af_packet.c5
-rw-r--r--net/wireless/core.h1
-rw-r--r--net/wireless/mlme.c9
-rw-r--r--net/wireless/sme.c21
11 files changed, 65 insertions, 29 deletions
diff --git a/net/core/pktgen.c b/net/core/pktgen.c
index 86acdba0a97d..6eb8d47cbf3a 100644
--- a/net/core/pktgen.c
+++ b/net/core/pktgen.c
@@ -335,6 +335,7 @@ struct pktgen_dev {
335 __u32 cur_src_mac_offset; 335 __u32 cur_src_mac_offset;
336 __be32 cur_saddr; 336 __be32 cur_saddr;
337 __be32 cur_daddr; 337 __be32 cur_daddr;
338 __u16 ip_id;
338 __u16 cur_udp_dst; 339 __u16 cur_udp_dst;
339 __u16 cur_udp_src; 340 __u16 cur_udp_src;
340 __u16 cur_queue_map; 341 __u16 cur_queue_map;
@@ -2630,6 +2631,8 @@ static struct sk_buff *fill_packet_ipv4(struct net_device *odev,
2630 iph->protocol = IPPROTO_UDP; /* UDP */ 2631 iph->protocol = IPPROTO_UDP; /* UDP */
2631 iph->saddr = pkt_dev->cur_saddr; 2632 iph->saddr = pkt_dev->cur_saddr;
2632 iph->daddr = pkt_dev->cur_daddr; 2633 iph->daddr = pkt_dev->cur_daddr;
2634 iph->id = htons(pkt_dev->ip_id);
2635 pkt_dev->ip_id++;
2633 iph->frag_off = 0; 2636 iph->frag_off = 0;
2634 iplen = 20 + 8 + datalen; 2637 iplen = 20 + 8 + datalen;
2635 iph->tot_len = htons(iplen); 2638 iph->tot_len = htons(iplen);
@@ -2641,24 +2644,26 @@ static struct sk_buff *fill_packet_ipv4(struct net_device *odev,
2641 skb->dev = odev; 2644 skb->dev = odev;
2642 skb->pkt_type = PACKET_HOST; 2645 skb->pkt_type = PACKET_HOST;
2643 2646
2644 if (pkt_dev->nfrags <= 0) 2647 if (pkt_dev->nfrags <= 0) {
2645 pgh = (struct pktgen_hdr *)skb_put(skb, datalen); 2648 pgh = (struct pktgen_hdr *)skb_put(skb, datalen);
2646 else { 2649 memset(pgh + 1, 0, datalen - sizeof(struct pktgen_hdr));
2650 } else {
2647 int frags = pkt_dev->nfrags; 2651 int frags = pkt_dev->nfrags;
2648 int i; 2652 int i, len;
2649 2653
2650 pgh = (struct pktgen_hdr *)(((char *)(udph)) + 8); 2654 pgh = (struct pktgen_hdr *)(((char *)(udph)) + 8);
2651 2655
2652 if (frags > MAX_SKB_FRAGS) 2656 if (frags > MAX_SKB_FRAGS)
2653 frags = MAX_SKB_FRAGS; 2657 frags = MAX_SKB_FRAGS;
2654 if (datalen > frags * PAGE_SIZE) { 2658 if (datalen > frags * PAGE_SIZE) {
2655 skb_put(skb, datalen - frags * PAGE_SIZE); 2659 len = datalen - frags * PAGE_SIZE;
2660 memset(skb_put(skb, len), 0, len);
2656 datalen = frags * PAGE_SIZE; 2661 datalen = frags * PAGE_SIZE;
2657 } 2662 }
2658 2663
2659 i = 0; 2664 i = 0;
2660 while (datalen > 0) { 2665 while (datalen > 0) {
2661 struct page *page = alloc_pages(GFP_KERNEL, 0); 2666 struct page *page = alloc_pages(GFP_KERNEL | __GFP_ZERO, 0);
2662 skb_shinfo(skb)->frags[i].page = page; 2667 skb_shinfo(skb)->frags[i].page = page;
2663 skb_shinfo(skb)->frags[i].page_offset = 0; 2668 skb_shinfo(skb)->frags[i].page_offset = 0;
2664 skb_shinfo(skb)->frags[i].size = 2669 skb_shinfo(skb)->frags[i].size =
diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c
index 757c9171e7c2..ab996f9c0fe0 100644
--- a/net/ipv4/raw.c
+++ b/net/ipv4/raw.c
@@ -352,13 +352,24 @@ static int raw_send_hdrinc(struct sock *sk, void *from, size_t length,
352 skb->ip_summed = CHECKSUM_NONE; 352 skb->ip_summed = CHECKSUM_NONE;
353 353
354 skb->transport_header = skb->network_header; 354 skb->transport_header = skb->network_header;
355 err = memcpy_fromiovecend((void *)iph, from, 0, length); 355 err = -EFAULT;
356 if (err) 356 if (memcpy_fromiovecend((void *)iph, from, 0, length))
357 goto error_fault; 357 goto error_free;
358 358
359 /* We don't modify invalid header */
360 iphlen = iph->ihl * 4; 359 iphlen = iph->ihl * 4;
361 if (iphlen >= sizeof(*iph) && iphlen <= length) { 360
361 /*
362 * We don't want to modify the ip header, but we do need to
363 * be sure that it won't cause problems later along the network
364 * stack. Specifically we want to make sure that iph->ihl is a
365 * sane value. If ihl points beyond the length of the buffer passed
366 * in, reject the frame as invalid
367 */
368 err = -EINVAL;
369 if (iphlen > length)
370 goto error_free;
371
372 if (iphlen >= sizeof(*iph)) {
362 if (!iph->saddr) 373 if (!iph->saddr)
363 iph->saddr = rt->rt_src; 374 iph->saddr = rt->rt_src;
364 iph->check = 0; 375 iph->check = 0;
@@ -381,8 +392,7 @@ static int raw_send_hdrinc(struct sock *sk, void *from, size_t length,
381out: 392out:
382 return 0; 393 return 0;
383 394
384error_fault: 395error_free:
385 err = -EFAULT;
386 kfree_skb(skb); 396 kfree_skb(skb);
387error: 397error:
388 IP_INC_STATS(net, IPSTATS_MIB_OUTDISCARDS); 398 IP_INC_STATS(net, IPSTATS_MIB_OUTDISCARDS);
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index 90b2e0649bfb..98440ad82558 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -1442,9 +1442,9 @@ int tcp_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
1442 goto found_ok_skb; 1442 goto found_ok_skb;
1443 if (tcp_hdr(skb)->fin) 1443 if (tcp_hdr(skb)->fin)
1444 goto found_fin_ok; 1444 goto found_fin_ok;
1445 if (WARN_ON(!(flags & MSG_PEEK))) 1445 WARN(!(flags & MSG_PEEK), KERN_INFO "recvmsg bug 2: "
1446 printk(KERN_INFO "recvmsg bug 2: copied %X " 1446 "copied %X seq %X\n", *seq,
1447 "seq %X\n", *seq, TCP_SKB_CB(skb)->seq); 1447 TCP_SKB_CB(skb)->seq);
1448 } 1448 }
1449 1449
1450 /* Well, if we have backlog, try to process it now yet. */ 1450 /* Well, if we have backlog, try to process it now yet. */
diff --git a/net/mac80211/ibss.c b/net/mac80211/ibss.c
index 6eaf69823439..ca8ecce31d34 100644
--- a/net/mac80211/ibss.c
+++ b/net/mac80211/ibss.c
@@ -538,13 +538,12 @@ static void ieee80211_sta_find_ibss(struct ieee80211_sub_if_data *sdata)
538 WLAN_CAPABILITY_PRIVACY, 538 WLAN_CAPABILITY_PRIVACY,
539 capability); 539 capability);
540 540
541 if (bss) {
541#ifdef CONFIG_MAC80211_IBSS_DEBUG 542#ifdef CONFIG_MAC80211_IBSS_DEBUG
542 if (bss)
543 printk(KERN_DEBUG " sta_find_ibss: selected %pM current " 543 printk(KERN_DEBUG " sta_find_ibss: selected %pM current "
544 "%pM\n", bss->cbss.bssid, ifibss->bssid); 544 "%pM\n", bss->cbss.bssid, ifibss->bssid);
545#endif /* CONFIG_MAC80211_IBSS_DEBUG */ 545#endif /* CONFIG_MAC80211_IBSS_DEBUG */
546 546
547 if (bss && !memcmp(ifibss->bssid, bss->cbss.bssid, ETH_ALEN)) {
548 printk(KERN_DEBUG "%s: Selected IBSS BSSID %pM" 547 printk(KERN_DEBUG "%s: Selected IBSS BSSID %pM"
549 " based on configured SSID\n", 548 " based on configured SSID\n",
550 sdata->dev->name, bss->cbss.bssid); 549 sdata->dev->name, bss->cbss.bssid);
@@ -552,8 +551,7 @@ static void ieee80211_sta_find_ibss(struct ieee80211_sub_if_data *sdata)
552 ieee80211_sta_join_ibss(sdata, bss); 551 ieee80211_sta_join_ibss(sdata, bss);
553 ieee80211_rx_bss_put(local, bss); 552 ieee80211_rx_bss_put(local, bss);
554 return; 553 return;
555 } else if (bss) 554 }
556 ieee80211_rx_bss_put(local, bss);
557 555
558#ifdef CONFIG_MAC80211_IBSS_DEBUG 556#ifdef CONFIG_MAC80211_IBSS_DEBUG
559 printk(KERN_DEBUG " did not try to join ibss\n"); 557 printk(KERN_DEBUG " did not try to join ibss\n");
diff --git a/net/mac80211/mesh_hwmp.c b/net/mac80211/mesh_hwmp.c
index e12a786e26b8..29b82e98effa 100644
--- a/net/mac80211/mesh_hwmp.c
+++ b/net/mac80211/mesh_hwmp.c
@@ -259,7 +259,7 @@ static u32 airtime_link_metric_get(struct ieee80211_local *local,
259 * @hwmp_ie: hwmp information element (PREP or PREQ) 259 * @hwmp_ie: hwmp information element (PREP or PREQ)
260 * 260 *
261 * This function updates the path routing information to the originator and the 261 * This function updates the path routing information to the originator and the
262 * transmitter of a HWMP PREQ or PREP fram. 262 * transmitter of a HWMP PREQ or PREP frame.
263 * 263 *
264 * Returns: metric to frame originator or 0 if the frame should not be further 264 * Returns: metric to frame originator or 0 if the frame should not be further
265 * processed 265 * processed
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index 8d26e9bf8964..dc5049d58c51 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -1457,8 +1457,7 @@ ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata,
1457 if (status_code != WLAN_STATUS_SUCCESS) { 1457 if (status_code != WLAN_STATUS_SUCCESS) {
1458 printk(KERN_DEBUG "%s: AP denied association (code=%d)\n", 1458 printk(KERN_DEBUG "%s: AP denied association (code=%d)\n",
1459 sdata->dev->name, status_code); 1459 sdata->dev->name, status_code);
1460 list_del(&wk->list); 1460 wk->state = IEEE80211_MGD_STATE_IDLE;
1461 kfree(wk);
1462 return RX_MGMT_CFG80211_ASSOC; 1461 return RX_MGMT_CFG80211_ASSOC;
1463 } 1462 }
1464 1463
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index db4bda681ec9..eaa4118de988 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -1445,7 +1445,7 @@ static void ieee80211_xmit(struct ieee80211_sub_if_data *sdata,
1445 if (tmp_sdata->vif.type != NL80211_IFTYPE_AP) 1445 if (tmp_sdata->vif.type != NL80211_IFTYPE_AP)
1446 continue; 1446 continue;
1447 if (compare_ether_addr(tmp_sdata->dev->dev_addr, 1447 if (compare_ether_addr(tmp_sdata->dev->dev_addr,
1448 hdr->addr2)) { 1448 hdr->addr2) == 0) {
1449 dev_hold(tmp_sdata->dev); 1449 dev_hold(tmp_sdata->dev);
1450 dev_put(sdata->dev); 1450 dev_put(sdata->dev);
1451 sdata = tmp_sdata; 1451 sdata = tmp_sdata;
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
index d7ecca0a0c07..f2d116a5cb35 100644
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -982,10 +982,7 @@ static int tpacket_snd(struct packet_sock *po, struct msghdr *msg)
982 goto out_put; 982 goto out_put;
983 983
984 size_max = po->tx_ring.frame_size 984 size_max = po->tx_ring.frame_size
985 - sizeof(struct skb_shared_info) 985 - (po->tp_hdrlen - sizeof(struct sockaddr_ll));
986 - po->tp_hdrlen
987 - LL_ALLOCATED_SPACE(dev)
988 - sizeof(struct sockaddr_ll);
989 986
990 if (size_max > dev->mtu + reserve) 987 if (size_max > dev->mtu + reserve)
991 size_max = dev->mtu + reserve; 988 size_max = dev->mtu + reserve;
diff --git a/net/wireless/core.h b/net/wireless/core.h
index 2a33d8bc886b..68b321997d4c 100644
--- a/net/wireless/core.h
+++ b/net/wireless/core.h
@@ -358,6 +358,7 @@ int cfg80211_mgd_wext_connect(struct cfg80211_registered_device *rdev,
358 struct wireless_dev *wdev); 358 struct wireless_dev *wdev);
359 359
360void cfg80211_conn_work(struct work_struct *work); 360void cfg80211_conn_work(struct work_struct *work);
361void cfg80211_sme_failed_assoc(struct wireless_dev *wdev);
361bool cfg80211_sme_failed_reassoc(struct wireless_dev *wdev); 362bool cfg80211_sme_failed_reassoc(struct wireless_dev *wdev);
362 363
363/* internal helpers */ 364/* internal helpers */
diff --git a/net/wireless/mlme.c b/net/wireless/mlme.c
index 79d2eec54cec..0a6b7a0eca6b 100644
--- a/net/wireless/mlme.c
+++ b/net/wireless/mlme.c
@@ -62,6 +62,7 @@ void cfg80211_send_rx_assoc(struct net_device *dev, const u8 *buf, size_t len)
62 u8 *ie = mgmt->u.assoc_resp.variable; 62 u8 *ie = mgmt->u.assoc_resp.variable;
63 int i, ieoffs = offsetof(struct ieee80211_mgmt, u.assoc_resp.variable); 63 int i, ieoffs = offsetof(struct ieee80211_mgmt, u.assoc_resp.variable);
64 struct cfg80211_internal_bss *bss = NULL; 64 struct cfg80211_internal_bss *bss = NULL;
65 bool need_connect_result = true;
65 66
66 wdev_lock(wdev); 67 wdev_lock(wdev);
67 68
@@ -94,6 +95,14 @@ void cfg80211_send_rx_assoc(struct net_device *dev, const u8 *buf, size_t len)
94 } 95 }
95 96
96 WARN_ON(!bss); 97 WARN_ON(!bss);
98 } else if (wdev->conn) {
99 cfg80211_sme_failed_assoc(wdev);
100 need_connect_result = false;
101 /*
102 * do not call connect_result() now because the
103 * sme will schedule work that does it later.
104 */
105 goto out;
97 } 106 }
98 107
99 if (!wdev->conn && wdev->sme_state == CFG80211_SME_IDLE) { 108 if (!wdev->conn && wdev->sme_state == CFG80211_SME_IDLE) {
diff --git a/net/wireless/sme.c b/net/wireless/sme.c
index 93c3ed329204..ece378d531ef 100644
--- a/net/wireless/sme.c
+++ b/net/wireless/sme.c
@@ -26,6 +26,7 @@ struct cfg80211_conn {
26 CFG80211_CONN_AUTHENTICATING, 26 CFG80211_CONN_AUTHENTICATING,
27 CFG80211_CONN_ASSOCIATE_NEXT, 27 CFG80211_CONN_ASSOCIATE_NEXT,
28 CFG80211_CONN_ASSOCIATING, 28 CFG80211_CONN_ASSOCIATING,
29 CFG80211_CONN_DEAUTH_ASSOC_FAIL,
29 } state; 30 } state;
30 u8 bssid[ETH_ALEN], prev_bssid[ETH_ALEN]; 31 u8 bssid[ETH_ALEN], prev_bssid[ETH_ALEN];
31 u8 *ie; 32 u8 *ie;
@@ -148,6 +149,12 @@ static int cfg80211_conn_do_work(struct wireless_dev *wdev)
148 NULL, 0, 149 NULL, 0,
149 WLAN_REASON_DEAUTH_LEAVING); 150 WLAN_REASON_DEAUTH_LEAVING);
150 return err; 151 return err;
152 case CFG80211_CONN_DEAUTH_ASSOC_FAIL:
153 __cfg80211_mlme_deauth(rdev, wdev->netdev, params->bssid,
154 NULL, 0,
155 WLAN_REASON_DEAUTH_LEAVING);
156 /* return an error so that we call __cfg80211_connect_result() */
157 return -EINVAL;
151 default: 158 default:
152 return 0; 159 return 0;
153 } 160 }
@@ -158,6 +165,7 @@ void cfg80211_conn_work(struct work_struct *work)
158 struct cfg80211_registered_device *rdev = 165 struct cfg80211_registered_device *rdev =
159 container_of(work, struct cfg80211_registered_device, conn_work); 166 container_of(work, struct cfg80211_registered_device, conn_work);
160 struct wireless_dev *wdev; 167 struct wireless_dev *wdev;
168 u8 bssid[ETH_ALEN];
161 169
162 rtnl_lock(); 170 rtnl_lock();
163 cfg80211_lock_rdev(rdev); 171 cfg80211_lock_rdev(rdev);
@@ -173,10 +181,10 @@ void cfg80211_conn_work(struct work_struct *work)
173 wdev_unlock(wdev); 181 wdev_unlock(wdev);
174 continue; 182 continue;
175 } 183 }
184 memcpy(bssid, wdev->conn->params.bssid, ETH_ALEN);
176 if (cfg80211_conn_do_work(wdev)) 185 if (cfg80211_conn_do_work(wdev))
177 __cfg80211_connect_result( 186 __cfg80211_connect_result(
178 wdev->netdev, 187 wdev->netdev, bssid,
179 wdev->conn->params.bssid,
180 NULL, 0, NULL, 0, 188 NULL, 0, NULL, 0,
181 WLAN_STATUS_UNSPECIFIED_FAILURE, 189 WLAN_STATUS_UNSPECIFIED_FAILURE,
182 false, NULL); 190 false, NULL);
@@ -337,6 +345,15 @@ bool cfg80211_sme_failed_reassoc(struct wireless_dev *wdev)
337 return true; 345 return true;
338} 346}
339 347
348void cfg80211_sme_failed_assoc(struct wireless_dev *wdev)
349{
350 struct wiphy *wiphy = wdev->wiphy;
351 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
352
353 wdev->conn->state = CFG80211_CONN_DEAUTH_ASSOC_FAIL;
354 schedule_work(&rdev->conn_work);
355}
356
340void __cfg80211_connect_result(struct net_device *dev, const u8 *bssid, 357void __cfg80211_connect_result(struct net_device *dev, const u8 *bssid,
341 const u8 *req_ie, size_t req_ie_len, 358 const u8 *req_ie, size_t req_ie_len,
342 const u8 *resp_ie, size_t resp_ie_len, 359 const u8 *resp_ie, size_t resp_ie_len,