diff options
Diffstat (limited to 'net')
-rw-r--r-- | net/ipv4/raw.c | 24 | ||||
-rw-r--r-- | net/mac80211/ibss.c | 6 | ||||
-rw-r--r-- | net/mac80211/mesh_hwmp.c | 2 | ||||
-rw-r--r-- | net/mac80211/mlme.c | 3 | ||||
-rw-r--r-- | net/mac80211/tx.c | 2 | ||||
-rw-r--r-- | net/packet/af_packet.c | 5 | ||||
-rw-r--r-- | net/wireless/core.h | 1 | ||||
-rw-r--r-- | net/wireless/mlme.c | 9 | ||||
-rw-r--r-- | net/wireless/sme.c | 21 |
9 files changed, 52 insertions, 21 deletions
diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c index 9ef8c0829a77..ce154b47f1da 100644 --- a/net/ipv4/raw.c +++ b/net/ipv4/raw.c | |||
@@ -351,13 +351,24 @@ static int raw_send_hdrinc(struct sock *sk, void *from, size_t length, | |||
351 | skb->ip_summed = CHECKSUM_NONE; | 351 | skb->ip_summed = CHECKSUM_NONE; |
352 | 352 | ||
353 | skb->transport_header = skb->network_header; | 353 | skb->transport_header = skb->network_header; |
354 | err = memcpy_fromiovecend((void *)iph, from, 0, length); | 354 | err = -EFAULT; |
355 | if (err) | 355 | if (memcpy_fromiovecend((void *)iph, from, 0, length)) |
356 | goto error_fault; | 356 | goto error_free; |
357 | 357 | ||
358 | /* We don't modify invalid header */ | ||
359 | iphlen = iph->ihl * 4; | 358 | iphlen = iph->ihl * 4; |
360 | if (iphlen >= sizeof(*iph) && iphlen <= length) { | 359 | |
360 | /* | ||
361 | * We don't want to modify the ip header, but we do need to | ||
362 | * be sure that it won't cause problems later along the network | ||
363 | * stack. Specifically we want to make sure that iph->ihl is a | ||
364 | * sane value. If ihl points beyond the length of the buffer passed | ||
365 | * in, reject the frame as invalid | ||
366 | */ | ||
367 | err = -EINVAL; | ||
368 | if (iphlen > length) | ||
369 | goto error_free; | ||
370 | |||
371 | if (iphlen >= sizeof(*iph)) { | ||
361 | if (!iph->saddr) | 372 | if (!iph->saddr) |
362 | iph->saddr = rt->rt_src; | 373 | iph->saddr = rt->rt_src; |
363 | iph->check = 0; | 374 | iph->check = 0; |
@@ -380,8 +391,7 @@ static int raw_send_hdrinc(struct sock *sk, void *from, size_t length, | |||
380 | out: | 391 | out: |
381 | return 0; | 392 | return 0; |
382 | 393 | ||
383 | error_fault: | 394 | error_free: |
384 | err = -EFAULT; | ||
385 | kfree_skb(skb); | 395 | kfree_skb(skb); |
386 | error: | 396 | error: |
387 | IP_INC_STATS(net, IPSTATS_MIB_OUTDISCARDS); | 397 | IP_INC_STATS(net, IPSTATS_MIB_OUTDISCARDS); |
diff --git a/net/mac80211/ibss.c b/net/mac80211/ibss.c index 6eaf69823439..ca8ecce31d34 100644 --- a/net/mac80211/ibss.c +++ b/net/mac80211/ibss.c | |||
@@ -538,13 +538,12 @@ static void ieee80211_sta_find_ibss(struct ieee80211_sub_if_data *sdata) | |||
538 | WLAN_CAPABILITY_PRIVACY, | 538 | WLAN_CAPABILITY_PRIVACY, |
539 | capability); | 539 | capability); |
540 | 540 | ||
541 | if (bss) { | ||
541 | #ifdef CONFIG_MAC80211_IBSS_DEBUG | 542 | #ifdef CONFIG_MAC80211_IBSS_DEBUG |
542 | if (bss) | ||
543 | printk(KERN_DEBUG " sta_find_ibss: selected %pM current " | 543 | printk(KERN_DEBUG " sta_find_ibss: selected %pM current " |
544 | "%pM\n", bss->cbss.bssid, ifibss->bssid); | 544 | "%pM\n", bss->cbss.bssid, ifibss->bssid); |
545 | #endif /* CONFIG_MAC80211_IBSS_DEBUG */ | 545 | #endif /* CONFIG_MAC80211_IBSS_DEBUG */ |
546 | 546 | ||
547 | if (bss && !memcmp(ifibss->bssid, bss->cbss.bssid, ETH_ALEN)) { | ||
548 | printk(KERN_DEBUG "%s: Selected IBSS BSSID %pM" | 547 | printk(KERN_DEBUG "%s: Selected IBSS BSSID %pM" |
549 | " based on configured SSID\n", | 548 | " based on configured SSID\n", |
550 | sdata->dev->name, bss->cbss.bssid); | 549 | sdata->dev->name, bss->cbss.bssid); |
@@ -552,8 +551,7 @@ static void ieee80211_sta_find_ibss(struct ieee80211_sub_if_data *sdata) | |||
552 | ieee80211_sta_join_ibss(sdata, bss); | 551 | ieee80211_sta_join_ibss(sdata, bss); |
553 | ieee80211_rx_bss_put(local, bss); | 552 | ieee80211_rx_bss_put(local, bss); |
554 | return; | 553 | return; |
555 | } else if (bss) | 554 | } |
556 | ieee80211_rx_bss_put(local, bss); | ||
557 | 555 | ||
558 | #ifdef CONFIG_MAC80211_IBSS_DEBUG | 556 | #ifdef CONFIG_MAC80211_IBSS_DEBUG |
559 | printk(KERN_DEBUG " did not try to join ibss\n"); | 557 | printk(KERN_DEBUG " did not try to join ibss\n"); |
diff --git a/net/mac80211/mesh_hwmp.c b/net/mac80211/mesh_hwmp.c index e12a786e26b8..29b82e98effa 100644 --- a/net/mac80211/mesh_hwmp.c +++ b/net/mac80211/mesh_hwmp.c | |||
@@ -259,7 +259,7 @@ static u32 airtime_link_metric_get(struct ieee80211_local *local, | |||
259 | * @hwmp_ie: hwmp information element (PREP or PREQ) | 259 | * @hwmp_ie: hwmp information element (PREP or PREQ) |
260 | * | 260 | * |
261 | * This function updates the path routing information to the originator and the | 261 | * This function updates the path routing information to the originator and the |
262 | * transmitter of a HWMP PREQ or PREP fram. | 262 | * transmitter of a HWMP PREQ or PREP frame. |
263 | * | 263 | * |
264 | * Returns: metric to frame originator or 0 if the frame should not be further | 264 | * Returns: metric to frame originator or 0 if the frame should not be further |
265 | * processed | 265 | * processed |
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c index 71220a5d1406..dcc14e99227c 100644 --- a/net/mac80211/mlme.c +++ b/net/mac80211/mlme.c | |||
@@ -1463,8 +1463,7 @@ ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata, | |||
1463 | if (status_code != WLAN_STATUS_SUCCESS) { | 1463 | if (status_code != WLAN_STATUS_SUCCESS) { |
1464 | printk(KERN_DEBUG "%s: AP denied association (code=%d)\n", | 1464 | printk(KERN_DEBUG "%s: AP denied association (code=%d)\n", |
1465 | sdata->dev->name, status_code); | 1465 | sdata->dev->name, status_code); |
1466 | list_del(&wk->list); | 1466 | wk->state = IEEE80211_MGD_STATE_IDLE; |
1467 | kfree(wk); | ||
1468 | return RX_MGMT_CFG80211_ASSOC; | 1467 | return RX_MGMT_CFG80211_ASSOC; |
1469 | } | 1468 | } |
1470 | 1469 | ||
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c index db4bda681ec9..eaa4118de988 100644 --- a/net/mac80211/tx.c +++ b/net/mac80211/tx.c | |||
@@ -1445,7 +1445,7 @@ static void ieee80211_xmit(struct ieee80211_sub_if_data *sdata, | |||
1445 | if (tmp_sdata->vif.type != NL80211_IFTYPE_AP) | 1445 | if (tmp_sdata->vif.type != NL80211_IFTYPE_AP) |
1446 | continue; | 1446 | continue; |
1447 | if (compare_ether_addr(tmp_sdata->dev->dev_addr, | 1447 | if (compare_ether_addr(tmp_sdata->dev->dev_addr, |
1448 | hdr->addr2)) { | 1448 | hdr->addr2) == 0) { |
1449 | dev_hold(tmp_sdata->dev); | 1449 | dev_hold(tmp_sdata->dev); |
1450 | dev_put(sdata->dev); | 1450 | dev_put(sdata->dev); |
1451 | sdata = tmp_sdata; | 1451 | sdata = tmp_sdata; |
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c index 33e68f20ec61..95ef64e4189a 100644 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c | |||
@@ -984,10 +984,7 @@ static int tpacket_snd(struct packet_sock *po, struct msghdr *msg) | |||
984 | goto out_put; | 984 | goto out_put; |
985 | 985 | ||
986 | size_max = po->tx_ring.frame_size | 986 | size_max = po->tx_ring.frame_size |
987 | - sizeof(struct skb_shared_info) | 987 | - (po->tp_hdrlen - sizeof(struct sockaddr_ll)); |
988 | - po->tp_hdrlen | ||
989 | - LL_ALLOCATED_SPACE(dev) | ||
990 | - sizeof(struct sockaddr_ll); | ||
991 | 988 | ||
992 | if (size_max > dev->mtu + reserve) | 989 | if (size_max > dev->mtu + reserve) |
993 | size_max = dev->mtu + reserve; | 990 | size_max = dev->mtu + reserve; |
diff --git a/net/wireless/core.h b/net/wireless/core.h index 2a33d8bc886b..68b321997d4c 100644 --- a/net/wireless/core.h +++ b/net/wireless/core.h | |||
@@ -358,6 +358,7 @@ int cfg80211_mgd_wext_connect(struct cfg80211_registered_device *rdev, | |||
358 | struct wireless_dev *wdev); | 358 | struct wireless_dev *wdev); |
359 | 359 | ||
360 | void cfg80211_conn_work(struct work_struct *work); | 360 | void cfg80211_conn_work(struct work_struct *work); |
361 | void cfg80211_sme_failed_assoc(struct wireless_dev *wdev); | ||
361 | bool cfg80211_sme_failed_reassoc(struct wireless_dev *wdev); | 362 | bool cfg80211_sme_failed_reassoc(struct wireless_dev *wdev); |
362 | 363 | ||
363 | /* internal helpers */ | 364 | /* internal helpers */ |
diff --git a/net/wireless/mlme.c b/net/wireless/mlme.c index 1f87b4e7f4f7..83c2a288dc63 100644 --- a/net/wireless/mlme.c +++ b/net/wireless/mlme.c | |||
@@ -62,6 +62,7 @@ void cfg80211_send_rx_assoc(struct net_device *dev, const u8 *buf, size_t len) | |||
62 | u8 *ie = mgmt->u.assoc_resp.variable; | 62 | u8 *ie = mgmt->u.assoc_resp.variable; |
63 | int i, ieoffs = offsetof(struct ieee80211_mgmt, u.assoc_resp.variable); | 63 | int i, ieoffs = offsetof(struct ieee80211_mgmt, u.assoc_resp.variable); |
64 | struct cfg80211_internal_bss *bss = NULL; | 64 | struct cfg80211_internal_bss *bss = NULL; |
65 | bool need_connect_result = true; | ||
65 | 66 | ||
66 | wdev_lock(wdev); | 67 | wdev_lock(wdev); |
67 | 68 | ||
@@ -94,6 +95,14 @@ void cfg80211_send_rx_assoc(struct net_device *dev, const u8 *buf, size_t len) | |||
94 | } | 95 | } |
95 | 96 | ||
96 | WARN_ON(!bss); | 97 | WARN_ON(!bss); |
98 | } else if (wdev->conn) { | ||
99 | cfg80211_sme_failed_assoc(wdev); | ||
100 | need_connect_result = false; | ||
101 | /* | ||
102 | * do not call connect_result() now because the | ||
103 | * sme will schedule work that does it later. | ||
104 | */ | ||
105 | goto out; | ||
97 | } | 106 | } |
98 | 107 | ||
99 | if (!wdev->conn && wdev->sme_state == CFG80211_SME_IDLE) { | 108 | if (!wdev->conn && wdev->sme_state == CFG80211_SME_IDLE) { |
diff --git a/net/wireless/sme.c b/net/wireless/sme.c index d3624152f7f7..98a3b7efac4c 100644 --- a/net/wireless/sme.c +++ b/net/wireless/sme.c | |||
@@ -26,6 +26,7 @@ struct cfg80211_conn { | |||
26 | CFG80211_CONN_AUTHENTICATING, | 26 | CFG80211_CONN_AUTHENTICATING, |
27 | CFG80211_CONN_ASSOCIATE_NEXT, | 27 | CFG80211_CONN_ASSOCIATE_NEXT, |
28 | CFG80211_CONN_ASSOCIATING, | 28 | CFG80211_CONN_ASSOCIATING, |
29 | CFG80211_CONN_DEAUTH_ASSOC_FAIL, | ||
29 | } state; | 30 | } state; |
30 | u8 bssid[ETH_ALEN], prev_bssid[ETH_ALEN]; | 31 | u8 bssid[ETH_ALEN], prev_bssid[ETH_ALEN]; |
31 | u8 *ie; | 32 | u8 *ie; |
@@ -148,6 +149,12 @@ static int cfg80211_conn_do_work(struct wireless_dev *wdev) | |||
148 | NULL, 0, | 149 | NULL, 0, |
149 | WLAN_REASON_DEAUTH_LEAVING); | 150 | WLAN_REASON_DEAUTH_LEAVING); |
150 | return err; | 151 | return err; |
152 | case CFG80211_CONN_DEAUTH_ASSOC_FAIL: | ||
153 | __cfg80211_mlme_deauth(rdev, wdev->netdev, params->bssid, | ||
154 | NULL, 0, | ||
155 | WLAN_REASON_DEAUTH_LEAVING); | ||
156 | /* return an error so that we call __cfg80211_connect_result() */ | ||
157 | return -EINVAL; | ||
151 | default: | 158 | default: |
152 | return 0; | 159 | return 0; |
153 | } | 160 | } |
@@ -158,6 +165,7 @@ void cfg80211_conn_work(struct work_struct *work) | |||
158 | struct cfg80211_registered_device *rdev = | 165 | struct cfg80211_registered_device *rdev = |
159 | container_of(work, struct cfg80211_registered_device, conn_work); | 166 | container_of(work, struct cfg80211_registered_device, conn_work); |
160 | struct wireless_dev *wdev; | 167 | struct wireless_dev *wdev; |
168 | u8 bssid[ETH_ALEN]; | ||
161 | 169 | ||
162 | rtnl_lock(); | 170 | rtnl_lock(); |
163 | cfg80211_lock_rdev(rdev); | 171 | cfg80211_lock_rdev(rdev); |
@@ -173,10 +181,10 @@ void cfg80211_conn_work(struct work_struct *work) | |||
173 | wdev_unlock(wdev); | 181 | wdev_unlock(wdev); |
174 | continue; | 182 | continue; |
175 | } | 183 | } |
184 | memcpy(bssid, wdev->conn->params.bssid, ETH_ALEN); | ||
176 | if (cfg80211_conn_do_work(wdev)) | 185 | if (cfg80211_conn_do_work(wdev)) |
177 | __cfg80211_connect_result( | 186 | __cfg80211_connect_result( |
178 | wdev->netdev, | 187 | wdev->netdev, bssid, |
179 | wdev->conn->params.bssid, | ||
180 | NULL, 0, NULL, 0, | 188 | NULL, 0, NULL, 0, |
181 | WLAN_STATUS_UNSPECIFIED_FAILURE, | 189 | WLAN_STATUS_UNSPECIFIED_FAILURE, |
182 | false, NULL); | 190 | false, NULL); |
@@ -337,6 +345,15 @@ bool cfg80211_sme_failed_reassoc(struct wireless_dev *wdev) | |||
337 | return true; | 345 | return true; |
338 | } | 346 | } |
339 | 347 | ||
348 | void cfg80211_sme_failed_assoc(struct wireless_dev *wdev) | ||
349 | { | ||
350 | struct wiphy *wiphy = wdev->wiphy; | ||
351 | struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); | ||
352 | |||
353 | wdev->conn->state = CFG80211_CONN_DEAUTH_ASSOC_FAIL; | ||
354 | schedule_work(&rdev->conn_work); | ||
355 | } | ||
356 | |||
340 | void __cfg80211_connect_result(struct net_device *dev, const u8 *bssid, | 357 | void __cfg80211_connect_result(struct net_device *dev, const u8 *bssid, |
341 | const u8 *req_ie, size_t req_ie_len, | 358 | const u8 *req_ie, size_t req_ie_len, |
342 | const u8 *resp_ie, size_t resp_ie_len, | 359 | const u8 *resp_ie, size_t resp_ie_len, |