aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
Diffstat (limited to 'net')
-rw-r--r--net/bluetooth/hci_conn.c2
-rw-r--r--net/bluetooth/l2cap_core.c16
-rw-r--r--net/bridge/br_multicast.c6
-rw-r--r--net/ipv4/ah4.c8
-rw-r--r--net/ipv4/inet_diag.c4
-rw-r--r--net/ipv4/ip_options.c1
-rw-r--r--net/ipv4/ping.c2
-rw-r--r--net/ipv4/route.c120
-rw-r--r--net/ipv4/tcp_ipv4.c1
-rw-r--r--net/ipv4/tcp_output.c2
-rw-r--r--net/ipv6/ah6.c8
-rw-r--r--net/ipv6/ip6_input.c8
-rw-r--r--net/ipv6/ip6_tunnel.c8
-rw-r--r--net/l2tp/l2tp_core.c8
-rw-r--r--net/mac80211/mlme.c21
-rw-r--r--net/mac80211/rx.c9
-rw-r--r--net/mac80211/sta_info.c8
-rw-r--r--net/mac80211/util.c4
-rw-r--r--net/rds/Kconfig1
-rw-r--r--net/wireless/nl80211.c9
-rw-r--r--net/wireless/reg.c3
-rw-r--r--net/wireless/scan.c13
22 files changed, 159 insertions, 103 deletions
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index c1c597e3e198..e0af7237cd92 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -673,7 +673,7 @@ int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
673 goto encrypt; 673 goto encrypt;
674 674
675auth: 675auth:
676 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) 676 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend))
677 return 0; 677 return 0;
678 678
679 if (!hci_conn_auth(conn, sec_level, auth_type)) 679 if (!hci_conn_auth(conn, sec_level, auth_type))
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index 8cd12917733b..5ea94a1eecf2 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -251,7 +251,7 @@ static void l2cap_chan_timeout(unsigned long arg)
251 251
252 if (sock_owned_by_user(sk)) { 252 if (sock_owned_by_user(sk)) {
253 /* sk is owned by user. Try again later */ 253 /* sk is owned by user. Try again later */
254 __set_chan_timer(chan, HZ / 5); 254 __set_chan_timer(chan, L2CAP_DISC_TIMEOUT);
255 bh_unlock_sock(sk); 255 bh_unlock_sock(sk);
256 chan_put(chan); 256 chan_put(chan);
257 return; 257 return;
@@ -2488,7 +2488,7 @@ static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hd
2488 if (sock_owned_by_user(sk)) { 2488 if (sock_owned_by_user(sk)) {
2489 l2cap_state_change(chan, BT_DISCONN); 2489 l2cap_state_change(chan, BT_DISCONN);
2490 __clear_chan_timer(chan); 2490 __clear_chan_timer(chan);
2491 __set_chan_timer(chan, HZ / 5); 2491 __set_chan_timer(chan, L2CAP_DISC_TIMEOUT);
2492 break; 2492 break;
2493 } 2493 }
2494 2494
@@ -2661,7 +2661,7 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2661 2661
2662 default: 2662 default:
2663 sk->sk_err = ECONNRESET; 2663 sk->sk_err = ECONNRESET;
2664 __set_chan_timer(chan, HZ * 5); 2664 __set_chan_timer(chan, L2CAP_DISC_REJ_TIMEOUT);
2665 l2cap_send_disconn_req(conn, chan, ECONNRESET); 2665 l2cap_send_disconn_req(conn, chan, ECONNRESET);
2666 goto done; 2666 goto done;
2667 } 2667 }
@@ -2718,7 +2718,7 @@ static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd
2718 if (sock_owned_by_user(sk)) { 2718 if (sock_owned_by_user(sk)) {
2719 l2cap_state_change(chan, BT_DISCONN); 2719 l2cap_state_change(chan, BT_DISCONN);
2720 __clear_chan_timer(chan); 2720 __clear_chan_timer(chan);
2721 __set_chan_timer(chan, HZ / 5); 2721 __set_chan_timer(chan, L2CAP_DISC_TIMEOUT);
2722 bh_unlock_sock(sk); 2722 bh_unlock_sock(sk);
2723 return 0; 2723 return 0;
2724 } 2724 }
@@ -2752,7 +2752,7 @@ static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd
2752 if (sock_owned_by_user(sk)) { 2752 if (sock_owned_by_user(sk)) {
2753 l2cap_state_change(chan,BT_DISCONN); 2753 l2cap_state_change(chan,BT_DISCONN);
2754 __clear_chan_timer(chan); 2754 __clear_chan_timer(chan);
2755 __set_chan_timer(chan, HZ / 5); 2755 __set_chan_timer(chan, L2CAP_DISC_TIMEOUT);
2756 bh_unlock_sock(sk); 2756 bh_unlock_sock(sk);
2757 return 0; 2757 return 0;
2758 } 2758 }
@@ -3998,7 +3998,7 @@ static inline void l2cap_check_encryption(struct l2cap_chan *chan, u8 encrypt)
3998 if (encrypt == 0x00) { 3998 if (encrypt == 0x00) {
3999 if (chan->sec_level == BT_SECURITY_MEDIUM) { 3999 if (chan->sec_level == BT_SECURITY_MEDIUM) {
4000 __clear_chan_timer(chan); 4000 __clear_chan_timer(chan);
4001 __set_chan_timer(chan, HZ * 5); 4001 __set_chan_timer(chan, L2CAP_ENC_TIMEOUT);
4002 } else if (chan->sec_level == BT_SECURITY_HIGH) 4002 } else if (chan->sec_level == BT_SECURITY_HIGH)
4003 l2cap_chan_close(chan, ECONNREFUSED); 4003 l2cap_chan_close(chan, ECONNREFUSED);
4004 } else { 4004 } else {
@@ -4066,7 +4066,7 @@ static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
4066 L2CAP_CONN_REQ, sizeof(req), &req); 4066 L2CAP_CONN_REQ, sizeof(req), &req);
4067 } else { 4067 } else {
4068 __clear_chan_timer(chan); 4068 __clear_chan_timer(chan);
4069 __set_chan_timer(chan, HZ / 10); 4069 __set_chan_timer(chan, L2CAP_DISC_TIMEOUT);
4070 } 4070 }
4071 } else if (chan->state == BT_CONNECT2) { 4071 } else if (chan->state == BT_CONNECT2) {
4072 struct l2cap_conn_rsp rsp; 4072 struct l2cap_conn_rsp rsp;
@@ -4086,7 +4086,7 @@ static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
4086 } 4086 }
4087 } else { 4087 } else {
4088 l2cap_state_change(chan, BT_DISCONN); 4088 l2cap_state_change(chan, BT_DISCONN);
4089 __set_chan_timer(chan, HZ / 10); 4089 __set_chan_timer(chan, L2CAP_DISC_TIMEOUT);
4090 res = L2CAP_CR_SEC_BLOCK; 4090 res = L2CAP_CR_SEC_BLOCK;
4091 stat = L2CAP_CS_NO_INFO; 4091 stat = L2CAP_CS_NO_INFO;
4092 } 4092 }
diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c
index 995cbe0ac0b2..a5f4e5769809 100644
--- a/net/bridge/br_multicast.c
+++ b/net/bridge/br_multicast.c
@@ -1501,6 +1501,8 @@ static int br_multicast_ipv6_rcv(struct net_bridge *br,
1501 1501
1502 __skb_pull(skb2, offset); 1502 __skb_pull(skb2, offset);
1503 skb_reset_transport_header(skb2); 1503 skb_reset_transport_header(skb2);
1504 skb_postpull_rcsum(skb2, skb_network_header(skb2),
1505 skb_network_header_len(skb2));
1504 1506
1505 icmp6_type = icmp6_hdr(skb2)->icmp6_type; 1507 icmp6_type = icmp6_hdr(skb2)->icmp6_type;
1506 1508
@@ -1770,7 +1772,7 @@ int br_multicast_toggle(struct net_bridge *br, unsigned long val)
1770 int err = 0; 1772 int err = 0;
1771 struct net_bridge_mdb_htable *mdb; 1773 struct net_bridge_mdb_htable *mdb;
1772 1774
1773 spin_lock(&br->multicast_lock); 1775 spin_lock_bh(&br->multicast_lock);
1774 if (br->multicast_disabled == !val) 1776 if (br->multicast_disabled == !val)
1775 goto unlock; 1777 goto unlock;
1776 1778
@@ -1806,7 +1808,7 @@ rollback:
1806 } 1808 }
1807 1809
1808unlock: 1810unlock:
1809 spin_unlock(&br->multicast_lock); 1811 spin_unlock_bh(&br->multicast_lock);
1810 1812
1811 return err; 1813 return err;
1812} 1814}
diff --git a/net/ipv4/ah4.c b/net/ipv4/ah4.c
index c1f4154552fc..36d14406261e 100644
--- a/net/ipv4/ah4.c
+++ b/net/ipv4/ah4.c
@@ -136,8 +136,6 @@ static void ah_output_done(struct crypto_async_request *base, int err)
136 memcpy(top_iph+1, iph+1, top_iph->ihl*4 - sizeof(struct iphdr)); 136 memcpy(top_iph+1, iph+1, top_iph->ihl*4 - sizeof(struct iphdr));
137 } 137 }
138 138
139 err = ah->nexthdr;
140
141 kfree(AH_SKB_CB(skb)->tmp); 139 kfree(AH_SKB_CB(skb)->tmp);
142 xfrm_output_resume(skb, err); 140 xfrm_output_resume(skb, err);
143} 141}
@@ -264,12 +262,12 @@ static void ah_input_done(struct crypto_async_request *base, int err)
264 if (err) 262 if (err)
265 goto out; 263 goto out;
266 264
265 err = ah->nexthdr;
266
267 skb->network_header += ah_hlen; 267 skb->network_header += ah_hlen;
268 memcpy(skb_network_header(skb), work_iph, ihl); 268 memcpy(skb_network_header(skb), work_iph, ihl);
269 __skb_pull(skb, ah_hlen + ihl); 269 __skb_pull(skb, ah_hlen + ihl);
270 skb_set_transport_header(skb, -ihl); 270 skb_set_transport_header(skb, -ihl);
271
272 err = ah->nexthdr;
273out: 271out:
274 kfree(AH_SKB_CB(skb)->tmp); 272 kfree(AH_SKB_CB(skb)->tmp);
275 xfrm_input_resume(skb, err); 273 xfrm_input_resume(skb, err);
@@ -371,8 +369,6 @@ static int ah_input(struct xfrm_state *x, struct sk_buff *skb)
371 if (err == -EINPROGRESS) 369 if (err == -EINPROGRESS)
372 goto out; 370 goto out;
373 371
374 if (err == -EBUSY)
375 err = NET_XMIT_DROP;
376 goto out_free; 372 goto out_free;
377 } 373 }
378 374
diff --git a/net/ipv4/inet_diag.c b/net/ipv4/inet_diag.c
index f5e2bdaef949..68e8ac514383 100644
--- a/net/ipv4/inet_diag.c
+++ b/net/ipv4/inet_diag.c
@@ -133,8 +133,8 @@ static int inet_csk_diag_fill(struct sock *sk,
133 &np->rcv_saddr); 133 &np->rcv_saddr);
134 ipv6_addr_copy((struct in6_addr *)r->id.idiag_dst, 134 ipv6_addr_copy((struct in6_addr *)r->id.idiag_dst,
135 &np->daddr); 135 &np->daddr);
136 if (ext & (1 << (INET_DIAG_TOS - 1))) 136 if (ext & (1 << (INET_DIAG_TCLASS - 1)))
137 RTA_PUT_U8(skb, INET_DIAG_TOS, np->tclass); 137 RTA_PUT_U8(skb, INET_DIAG_TCLASS, np->tclass);
138 } 138 }
139#endif 139#endif
140 140
diff --git a/net/ipv4/ip_options.c b/net/ipv4/ip_options.c
index ec93335901dd..05d20cca9d66 100644
--- a/net/ipv4/ip_options.c
+++ b/net/ipv4/ip_options.c
@@ -640,6 +640,7 @@ int ip_options_rcv_srr(struct sk_buff *skb)
640 } 640 }
641 if (srrptr <= srrspace) { 641 if (srrptr <= srrspace) {
642 opt->srr_is_hit = 1; 642 opt->srr_is_hit = 1;
643 iph->daddr = nexthop;
643 opt->is_changed = 1; 644 opt->is_changed = 1;
644 } 645 }
645 return 0; 646 return 0;
diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c
index a06f73fdb3c0..43d4c3b22369 100644
--- a/net/ipv4/ping.c
+++ b/net/ipv4/ping.c
@@ -339,7 +339,6 @@ void ping_err(struct sk_buff *skb, u32 info)
339 sk = ping_v4_lookup(net, iph->daddr, iph->saddr, 339 sk = ping_v4_lookup(net, iph->daddr, iph->saddr,
340 ntohs(icmph->un.echo.id), skb->dev->ifindex); 340 ntohs(icmph->un.echo.id), skb->dev->ifindex);
341 if (sk == NULL) { 341 if (sk == NULL) {
342 ICMP_INC_STATS_BH(net, ICMP_MIB_INERRORS);
343 pr_debug("no socket, dropping\n"); 342 pr_debug("no socket, dropping\n");
344 return; /* No socket for error */ 343 return; /* No socket for error */
345 } 344 }
@@ -679,7 +678,6 @@ static int ping_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
679 pr_debug("ping_queue_rcv_skb(sk=%p,sk->num=%d,skb=%p)\n", 678 pr_debug("ping_queue_rcv_skb(sk=%p,sk->num=%d,skb=%p)\n",
680 inet_sk(sk), inet_sk(sk)->inet_num, skb); 679 inet_sk(sk), inet_sk(sk)->inet_num, skb);
681 if (sock_queue_rcv_skb(sk, skb) < 0) { 680 if (sock_queue_rcv_skb(sk, skb) < 0) {
682 ICMP_INC_STATS_BH(sock_net(sk), ICMP_MIB_INERRORS);
683 kfree_skb(skb); 681 kfree_skb(skb);
684 pr_debug("ping_queue_rcv_skb -> failed\n"); 682 pr_debug("ping_queue_rcv_skb -> failed\n");
685 return -1; 683 return -1;
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index 155138d8ec8b..0c74da8a0473 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -1304,16 +1304,42 @@ static void rt_del(unsigned hash, struct rtable *rt)
1304 spin_unlock_bh(rt_hash_lock_addr(hash)); 1304 spin_unlock_bh(rt_hash_lock_addr(hash));
1305} 1305}
1306 1306
1307static int check_peer_redir(struct dst_entry *dst, struct inet_peer *peer)
1308{
1309 struct rtable *rt = (struct rtable *) dst;
1310 __be32 orig_gw = rt->rt_gateway;
1311 struct neighbour *n, *old_n;
1312
1313 dst_confirm(&rt->dst);
1314
1315 rt->rt_gateway = peer->redirect_learned.a4;
1316
1317 n = ipv4_neigh_lookup(&rt->dst, &rt->rt_gateway);
1318 if (IS_ERR(n))
1319 return PTR_ERR(n);
1320 old_n = xchg(&rt->dst._neighbour, n);
1321 if (old_n)
1322 neigh_release(old_n);
1323 if (!n || !(n->nud_state & NUD_VALID)) {
1324 if (n)
1325 neigh_event_send(n, NULL);
1326 rt->rt_gateway = orig_gw;
1327 return -EAGAIN;
1328 } else {
1329 rt->rt_flags |= RTCF_REDIRECTED;
1330 call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, n);
1331 }
1332 return 0;
1333}
1334
1307/* called in rcu_read_lock() section */ 1335/* called in rcu_read_lock() section */
1308void ip_rt_redirect(__be32 old_gw, __be32 daddr, __be32 new_gw, 1336void ip_rt_redirect(__be32 old_gw, __be32 daddr, __be32 new_gw,
1309 __be32 saddr, struct net_device *dev) 1337 __be32 saddr, struct net_device *dev)
1310{ 1338{
1311 int s, i; 1339 int s, i;
1312 struct in_device *in_dev = __in_dev_get_rcu(dev); 1340 struct in_device *in_dev = __in_dev_get_rcu(dev);
1313 struct rtable *rt;
1314 __be32 skeys[2] = { saddr, 0 }; 1341 __be32 skeys[2] = { saddr, 0 };
1315 int ikeys[2] = { dev->ifindex, 0 }; 1342 int ikeys[2] = { dev->ifindex, 0 };
1316 struct flowi4 fl4;
1317 struct inet_peer *peer; 1343 struct inet_peer *peer;
1318 struct net *net; 1344 struct net *net;
1319 1345
@@ -1336,33 +1362,42 @@ void ip_rt_redirect(__be32 old_gw, __be32 daddr, __be32 new_gw,
1336 goto reject_redirect; 1362 goto reject_redirect;
1337 } 1363 }
1338 1364
1339 memset(&fl4, 0, sizeof(fl4));
1340 fl4.daddr = daddr;
1341 for (s = 0; s < 2; s++) { 1365 for (s = 0; s < 2; s++) {
1342 for (i = 0; i < 2; i++) { 1366 for (i = 0; i < 2; i++) {
1343 fl4.flowi4_oif = ikeys[i]; 1367 unsigned int hash;
1344 fl4.saddr = skeys[s]; 1368 struct rtable __rcu **rthp;
1345 rt = __ip_route_output_key(net, &fl4); 1369 struct rtable *rt;
1346 if (IS_ERR(rt)) 1370
1347 continue; 1371 hash = rt_hash(daddr, skeys[s], ikeys[i], rt_genid(net));
1348 1372
1349 if (rt->dst.error || rt->dst.dev != dev || 1373 rthp = &rt_hash_table[hash].chain;
1350 rt->rt_gateway != old_gw) { 1374
1351 ip_rt_put(rt); 1375 while ((rt = rcu_dereference(*rthp)) != NULL) {
1352 continue; 1376 rthp = &rt->dst.rt_next;
1353 } 1377
1378 if (rt->rt_key_dst != daddr ||
1379 rt->rt_key_src != skeys[s] ||
1380 rt->rt_oif != ikeys[i] ||
1381 rt_is_input_route(rt) ||
1382 rt_is_expired(rt) ||
1383 !net_eq(dev_net(rt->dst.dev), net) ||
1384 rt->dst.error ||
1385 rt->dst.dev != dev ||
1386 rt->rt_gateway != old_gw)
1387 continue;
1354 1388
1355 if (!rt->peer) 1389 if (!rt->peer)
1356 rt_bind_peer(rt, rt->rt_dst, 1); 1390 rt_bind_peer(rt, rt->rt_dst, 1);
1357 1391
1358 peer = rt->peer; 1392 peer = rt->peer;
1359 if (peer) { 1393 if (peer) {
1360 peer->redirect_learned.a4 = new_gw; 1394 if (peer->redirect_learned.a4 != new_gw) {
1361 atomic_inc(&__rt_peer_genid); 1395 peer->redirect_learned.a4 = new_gw;
1396 atomic_inc(&__rt_peer_genid);
1397 }
1398 check_peer_redir(&rt->dst, peer);
1399 }
1362 } 1400 }
1363
1364 ip_rt_put(rt);
1365 return;
1366 } 1401 }
1367 } 1402 }
1368 return; 1403 return;
@@ -1649,33 +1684,6 @@ static void ip_rt_update_pmtu(struct dst_entry *dst, u32 mtu)
1649 } 1684 }
1650} 1685}
1651 1686
1652static int check_peer_redir(struct dst_entry *dst, struct inet_peer *peer)
1653{
1654 struct rtable *rt = (struct rtable *) dst;
1655 __be32 orig_gw = rt->rt_gateway;
1656 struct neighbour *n, *old_n;
1657
1658 dst_confirm(&rt->dst);
1659
1660 rt->rt_gateway = peer->redirect_learned.a4;
1661
1662 n = ipv4_neigh_lookup(&rt->dst, &rt->rt_gateway);
1663 if (IS_ERR(n))
1664 return PTR_ERR(n);
1665 old_n = xchg(&rt->dst._neighbour, n);
1666 if (old_n)
1667 neigh_release(old_n);
1668 if (!n || !(n->nud_state & NUD_VALID)) {
1669 if (n)
1670 neigh_event_send(n, NULL);
1671 rt->rt_gateway = orig_gw;
1672 return -EAGAIN;
1673 } else {
1674 rt->rt_flags |= RTCF_REDIRECTED;
1675 call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, n);
1676 }
1677 return 0;
1678}
1679 1687
1680static struct dst_entry *ipv4_dst_check(struct dst_entry *dst, u32 cookie) 1688static struct dst_entry *ipv4_dst_check(struct dst_entry *dst, u32 cookie)
1681{ 1689{
@@ -2845,7 +2853,7 @@ static int rt_fill_info(struct net *net,
2845 struct rtable *rt = skb_rtable(skb); 2853 struct rtable *rt = skb_rtable(skb);
2846 struct rtmsg *r; 2854 struct rtmsg *r;
2847 struct nlmsghdr *nlh; 2855 struct nlmsghdr *nlh;
2848 long expires = 0; 2856 unsigned long expires = 0;
2849 const struct inet_peer *peer = rt->peer; 2857 const struct inet_peer *peer = rt->peer;
2850 u32 id = 0, ts = 0, tsage = 0, error; 2858 u32 id = 0, ts = 0, tsage = 0, error;
2851 2859
@@ -2902,8 +2910,12 @@ static int rt_fill_info(struct net *net,
2902 tsage = get_seconds() - peer->tcp_ts_stamp; 2910 tsage = get_seconds() - peer->tcp_ts_stamp;
2903 } 2911 }
2904 expires = ACCESS_ONCE(peer->pmtu_expires); 2912 expires = ACCESS_ONCE(peer->pmtu_expires);
2905 if (expires) 2913 if (expires) {
2906 expires -= jiffies; 2914 if (time_before(jiffies, expires))
2915 expires -= jiffies;
2916 else
2917 expires = 0;
2918 }
2907 } 2919 }
2908 2920
2909 if (rt_is_input_route(rt)) { 2921 if (rt_is_input_route(rt)) {
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index a7443159c400..a9db4b1a2215 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -1510,6 +1510,7 @@ exit:
1510 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS); 1510 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS);
1511 return NULL; 1511 return NULL;
1512put_and_exit: 1512put_and_exit:
1513 tcp_clear_xmit_timers(newsk);
1513 bh_unlock_sock(newsk); 1514 bh_unlock_sock(newsk);
1514 sock_put(newsk); 1515 sock_put(newsk);
1515 goto exit; 1516 goto exit;
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index 980b98f6288c..63170e297540 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -1382,7 +1382,7 @@ static inline int tcp_minshall_check(const struct tcp_sock *tp)
1382/* Return 0, if packet can be sent now without violation Nagle's rules: 1382/* Return 0, if packet can be sent now without violation Nagle's rules:
1383 * 1. It is full sized. 1383 * 1. It is full sized.
1384 * 2. Or it contains FIN. (already checked by caller) 1384 * 2. Or it contains FIN. (already checked by caller)
1385 * 3. Or TCP_NODELAY was set. 1385 * 3. Or TCP_CORK is not set, and TCP_NODELAY is set.
1386 * 4. Or TCP_CORK is not set, and all sent packets are ACKed. 1386 * 4. Or TCP_CORK is not set, and all sent packets are ACKed.
1387 * With Minshall's modification: all sent small packets are ACKed. 1387 * With Minshall's modification: all sent small packets are ACKed.
1388 */ 1388 */
diff --git a/net/ipv6/ah6.c b/net/ipv6/ah6.c
index 2195ae651923..4c0f894d0843 100644
--- a/net/ipv6/ah6.c
+++ b/net/ipv6/ah6.c
@@ -324,8 +324,6 @@ static void ah6_output_done(struct crypto_async_request *base, int err)
324#endif 324#endif
325 } 325 }
326 326
327 err = ah->nexthdr;
328
329 kfree(AH_SKB_CB(skb)->tmp); 327 kfree(AH_SKB_CB(skb)->tmp);
330 xfrm_output_resume(skb, err); 328 xfrm_output_resume(skb, err);
331} 329}
@@ -466,12 +464,12 @@ static void ah6_input_done(struct crypto_async_request *base, int err)
466 if (err) 464 if (err)
467 goto out; 465 goto out;
468 466
467 err = ah->nexthdr;
468
469 skb->network_header += ah_hlen; 469 skb->network_header += ah_hlen;
470 memcpy(skb_network_header(skb), work_iph, hdr_len); 470 memcpy(skb_network_header(skb), work_iph, hdr_len);
471 __skb_pull(skb, ah_hlen + hdr_len); 471 __skb_pull(skb, ah_hlen + hdr_len);
472 skb_set_transport_header(skb, -hdr_len); 472 skb_set_transport_header(skb, -hdr_len);
473
474 err = ah->nexthdr;
475out: 473out:
476 kfree(AH_SKB_CB(skb)->tmp); 474 kfree(AH_SKB_CB(skb)->tmp);
477 xfrm_input_resume(skb, err); 475 xfrm_input_resume(skb, err);
@@ -583,8 +581,6 @@ static int ah6_input(struct xfrm_state *x, struct sk_buff *skb)
583 if (err == -EINPROGRESS) 581 if (err == -EINPROGRESS)
584 goto out; 582 goto out;
585 583
586 if (err == -EBUSY)
587 err = NET_XMIT_DROP;
588 goto out_free; 584 goto out_free;
589 } 585 }
590 586
diff --git a/net/ipv6/ip6_input.c b/net/ipv6/ip6_input.c
index 027c7ff6f1e5..a46c64eb0a66 100644
--- a/net/ipv6/ip6_input.c
+++ b/net/ipv6/ip6_input.c
@@ -111,6 +111,14 @@ int ipv6_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt
111 ipv6_addr_loopback(&hdr->daddr)) 111 ipv6_addr_loopback(&hdr->daddr))
112 goto err; 112 goto err;
113 113
114 /*
115 * RFC4291 2.7
116 * Multicast addresses must not be used as source addresses in IPv6
117 * packets or appear in any Routing header.
118 */
119 if (ipv6_addr_is_multicast(&hdr->saddr))
120 goto err;
121
114 skb->transport_header = skb->network_header + sizeof(*hdr); 122 skb->transport_header = skb->network_header + sizeof(*hdr);
115 IP6CB(skb)->nhoff = offsetof(struct ipv6hdr, nexthdr); 123 IP6CB(skb)->nhoff = offsetof(struct ipv6hdr, nexthdr);
116 124
diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
index bdc15c9003d7..4e2e9ff67ef2 100644
--- a/net/ipv6/ip6_tunnel.c
+++ b/net/ipv6/ip6_tunnel.c
@@ -289,6 +289,8 @@ static struct ip6_tnl *ip6_tnl_create(struct net *net, struct ip6_tnl_parm *p)
289 if ((err = register_netdevice(dev)) < 0) 289 if ((err = register_netdevice(dev)) < 0)
290 goto failed_free; 290 goto failed_free;
291 291
292 strcpy(t->parms.name, dev->name);
293
292 dev_hold(dev); 294 dev_hold(dev);
293 ip6_tnl_link(ip6n, t); 295 ip6_tnl_link(ip6n, t);
294 return t; 296 return t;
@@ -1407,7 +1409,6 @@ ip6_tnl_dev_init_gen(struct net_device *dev)
1407 struct ip6_tnl *t = netdev_priv(dev); 1409 struct ip6_tnl *t = netdev_priv(dev);
1408 1410
1409 t->dev = dev; 1411 t->dev = dev;
1410 strcpy(t->parms.name, dev->name);
1411 dev->tstats = alloc_percpu(struct pcpu_tstats); 1412 dev->tstats = alloc_percpu(struct pcpu_tstats);
1412 if (!dev->tstats) 1413 if (!dev->tstats)
1413 return -ENOMEM; 1414 return -ENOMEM;
@@ -1487,6 +1488,7 @@ static void __net_exit ip6_tnl_destroy_tunnels(struct ip6_tnl_net *ip6n)
1487static int __net_init ip6_tnl_init_net(struct net *net) 1488static int __net_init ip6_tnl_init_net(struct net *net)
1488{ 1489{
1489 struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id); 1490 struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id);
1491 struct ip6_tnl *t = NULL;
1490 int err; 1492 int err;
1491 1493
1492 ip6n->tnls[0] = ip6n->tnls_wc; 1494 ip6n->tnls[0] = ip6n->tnls_wc;
@@ -1507,6 +1509,10 @@ static int __net_init ip6_tnl_init_net(struct net *net)
1507 err = register_netdev(ip6n->fb_tnl_dev); 1509 err = register_netdev(ip6n->fb_tnl_dev);
1508 if (err < 0) 1510 if (err < 0)
1509 goto err_register; 1511 goto err_register;
1512
1513 t = netdev_priv(ip6n->fb_tnl_dev);
1514
1515 strcpy(t->parms.name, ip6n->fb_tnl_dev->name);
1510 return 0; 1516 return 0;
1511 1517
1512err_register: 1518err_register:
diff --git a/net/l2tp/l2tp_core.c b/net/l2tp/l2tp_core.c
index bf8d50c67931..cf0f308abf5e 100644
--- a/net/l2tp/l2tp_core.c
+++ b/net/l2tp/l2tp_core.c
@@ -756,9 +756,6 @@ static int l2tp_udp_recv_core(struct l2tp_tunnel *tunnel, struct sk_buff *skb,
756 goto error; 756 goto error;
757 } 757 }
758 758
759 /* Point to L2TP header */
760 optr = ptr = skb->data;
761
762 /* Trace packet contents, if enabled */ 759 /* Trace packet contents, if enabled */
763 if (tunnel->debug & L2TP_MSG_DATA) { 760 if (tunnel->debug & L2TP_MSG_DATA) {
764 length = min(32u, skb->len); 761 length = min(32u, skb->len);
@@ -769,12 +766,15 @@ static int l2tp_udp_recv_core(struct l2tp_tunnel *tunnel, struct sk_buff *skb,
769 766
770 offset = 0; 767 offset = 0;
771 do { 768 do {
772 printk(" %02X", ptr[offset]); 769 printk(" %02X", skb->data[offset]);
773 } while (++offset < length); 770 } while (++offset < length);
774 771
775 printk("\n"); 772 printk("\n");
776 } 773 }
777 774
775 /* Point to L2TP header */
776 optr = ptr = skb->data;
777
778 /* Get L2TP header flags */ 778 /* Get L2TP header flags */
779 hdrflags = ntohs(*(__be16 *) ptr); 779 hdrflags = ntohs(*(__be16 *) ptr);
780 780
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index 72c8bea81a6c..b1b1bb368f70 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -1487,6 +1487,7 @@ static bool ieee80211_assoc_success(struct ieee80211_work *wk,
1487 int i, j, err; 1487 int i, j, err;
1488 bool have_higher_than_11mbit = false; 1488 bool have_higher_than_11mbit = false;
1489 u16 ap_ht_cap_flags; 1489 u16 ap_ht_cap_flags;
1490 int min_rate = INT_MAX, min_rate_index = -1;
1490 1491
1491 /* AssocResp and ReassocResp have identical structure */ 1492 /* AssocResp and ReassocResp have identical structure */
1492 1493
@@ -1553,6 +1554,10 @@ static bool ieee80211_assoc_success(struct ieee80211_work *wk,
1553 rates |= BIT(j); 1554 rates |= BIT(j);
1554 if (is_basic) 1555 if (is_basic)
1555 basic_rates |= BIT(j); 1556 basic_rates |= BIT(j);
1557 if (rate < min_rate) {
1558 min_rate = rate;
1559 min_rate_index = j;
1560 }
1556 break; 1561 break;
1557 } 1562 }
1558 } 1563 }
@@ -1570,11 +1575,25 @@ static bool ieee80211_assoc_success(struct ieee80211_work *wk,
1570 rates |= BIT(j); 1575 rates |= BIT(j);
1571 if (is_basic) 1576 if (is_basic)
1572 basic_rates |= BIT(j); 1577 basic_rates |= BIT(j);
1578 if (rate < min_rate) {
1579 min_rate = rate;
1580 min_rate_index = j;
1581 }
1573 break; 1582 break;
1574 } 1583 }
1575 } 1584 }
1576 } 1585 }
1577 1586
1587 /*
1588 * some buggy APs don't advertise basic_rates. use the lowest
1589 * supported rate instead.
1590 */
1591 if (unlikely(!basic_rates) && min_rate_index >= 0) {
1592 printk(KERN_DEBUG "%s: No basic rates in AssocResp. "
1593 "Using min supported rate instead.\n", sdata->name);
1594 basic_rates = BIT(min_rate_index);
1595 }
1596
1578 sta->sta.supp_rates[wk->chan->band] = rates; 1597 sta->sta.supp_rates[wk->chan->band] = rates;
1579 sdata->vif.bss_conf.basic_rates = basic_rates; 1598 sdata->vif.bss_conf.basic_rates = basic_rates;
1580 1599
@@ -2269,6 +2288,7 @@ void ieee80211_sta_quiesce(struct ieee80211_sub_if_data *sdata)
2269 2288
2270 cancel_work_sync(&ifmgd->request_smps_work); 2289 cancel_work_sync(&ifmgd->request_smps_work);
2271 2290
2291 cancel_work_sync(&ifmgd->monitor_work);
2272 cancel_work_sync(&ifmgd->beacon_connection_loss_work); 2292 cancel_work_sync(&ifmgd->beacon_connection_loss_work);
2273 if (del_timer_sync(&ifmgd->timer)) 2293 if (del_timer_sync(&ifmgd->timer))
2274 set_bit(TMR_RUNNING_TIMER, &ifmgd->timers_running); 2294 set_bit(TMR_RUNNING_TIMER, &ifmgd->timers_running);
@@ -2277,7 +2297,6 @@ void ieee80211_sta_quiesce(struct ieee80211_sub_if_data *sdata)
2277 if (del_timer_sync(&ifmgd->chswitch_timer)) 2297 if (del_timer_sync(&ifmgd->chswitch_timer))
2278 set_bit(TMR_RUNNING_CHANSW, &ifmgd->timers_running); 2298 set_bit(TMR_RUNNING_CHANSW, &ifmgd->timers_running);
2279 2299
2280 cancel_work_sync(&ifmgd->monitor_work);
2281 /* these will just be re-established on connection */ 2300 /* these will just be re-established on connection */
2282 del_timer_sync(&ifmgd->conn_mon_timer); 2301 del_timer_sync(&ifmgd->conn_mon_timer);
2283 del_timer_sync(&ifmgd->bcn_mon_timer); 2302 del_timer_sync(&ifmgd->bcn_mon_timer);
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index bb53726cb04a..fb123e2e081a 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -141,8 +141,9 @@ ieee80211_add_rx_radiotap_header(struct ieee80211_local *local,
141 pos++; 141 pos++;
142 142
143 /* IEEE80211_RADIOTAP_RATE */ 143 /* IEEE80211_RADIOTAP_RATE */
144 if (status->flag & RX_FLAG_HT) { 144 if (!rate || status->flag & RX_FLAG_HT) {
145 /* 145 /*
146 * Without rate information don't add it. If we have,
146 * MCS information is a separate field in radiotap, 147 * MCS information is a separate field in radiotap,
147 * added below. The byte here is needed as padding 148 * added below. The byte here is needed as padding
148 * for the channel though, so initialise it to 0. 149 * for the channel though, so initialise it to 0.
@@ -163,12 +164,14 @@ ieee80211_add_rx_radiotap_header(struct ieee80211_local *local,
163 else if (status->flag & RX_FLAG_HT) 164 else if (status->flag & RX_FLAG_HT)
164 put_unaligned_le16(IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ, 165 put_unaligned_le16(IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ,
165 pos); 166 pos);
166 else if (rate->flags & IEEE80211_RATE_ERP_G) 167 else if (rate && rate->flags & IEEE80211_RATE_ERP_G)
167 put_unaligned_le16(IEEE80211_CHAN_OFDM | IEEE80211_CHAN_2GHZ, 168 put_unaligned_le16(IEEE80211_CHAN_OFDM | IEEE80211_CHAN_2GHZ,
168 pos); 169 pos);
169 else 170 else if (rate)
170 put_unaligned_le16(IEEE80211_CHAN_CCK | IEEE80211_CHAN_2GHZ, 171 put_unaligned_le16(IEEE80211_CHAN_CCK | IEEE80211_CHAN_2GHZ,
171 pos); 172 pos);
173 else
174 put_unaligned_le16(IEEE80211_CHAN_2GHZ, pos);
172 pos += 2; 175 pos += 2;
173 176
174 /* IEEE80211_RADIOTAP_DBM_ANTSIGNAL */ 177 /* IEEE80211_RADIOTAP_DBM_ANTSIGNAL */
diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c
index ce962d2c8782..8eaa746ec7a2 100644
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -1354,12 +1354,12 @@ ieee80211_sta_ps_deliver_response(struct sta_info *sta,
1354 * Use MoreData flag to indicate whether there are 1354 * Use MoreData flag to indicate whether there are
1355 * more buffered frames for this STA 1355 * more buffered frames for this STA
1356 */ 1356 */
1357 if (!more_data) 1357 if (more_data || !skb_queue_empty(&frames))
1358 hdr->frame_control &=
1359 cpu_to_le16(~IEEE80211_FCTL_MOREDATA);
1360 else
1361 hdr->frame_control |= 1358 hdr->frame_control |=
1362 cpu_to_le16(IEEE80211_FCTL_MOREDATA); 1359 cpu_to_le16(IEEE80211_FCTL_MOREDATA);
1360 else
1361 hdr->frame_control &=
1362 cpu_to_le16(~IEEE80211_FCTL_MOREDATA);
1363 1363
1364 if (ieee80211_is_data_qos(hdr->frame_control) || 1364 if (ieee80211_is_data_qos(hdr->frame_control) ||
1365 ieee80211_is_qos_nullfunc(hdr->frame_control)) 1365 ieee80211_is_qos_nullfunc(hdr->frame_control))
diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index 51e256c5fb78..eca0fad09709 100644
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -881,6 +881,8 @@ struct sk_buff *ieee80211_build_probe_req(struct ieee80211_sub_if_data *sdata,
881 skb = ieee80211_probereq_get(&local->hw, &sdata->vif, 881 skb = ieee80211_probereq_get(&local->hw, &sdata->vif,
882 ssid, ssid_len, 882 ssid, ssid_len,
883 buf, buf_len); 883 buf, buf_len);
884 if (!skb)
885 goto out;
884 886
885 if (dst) { 887 if (dst) {
886 mgmt = (struct ieee80211_mgmt *) skb->data; 888 mgmt = (struct ieee80211_mgmt *) skb->data;
@@ -889,6 +891,8 @@ struct sk_buff *ieee80211_build_probe_req(struct ieee80211_sub_if_data *sdata,
889 } 891 }
890 892
891 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 893 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
894
895 out:
892 kfree(buf); 896 kfree(buf);
893 897
894 return skb; 898 return skb;
diff --git a/net/rds/Kconfig b/net/rds/Kconfig
index 4cf6dc7910e4..ec753b3ae72a 100644
--- a/net/rds/Kconfig
+++ b/net/rds/Kconfig
@@ -9,7 +9,6 @@ config RDS
9 9
10config RDS_RDMA 10config RDS_RDMA
11 tristate "RDS over Infiniband and iWARP" 11 tristate "RDS over Infiniband and iWARP"
12 select LLIST
13 depends on RDS && INFINIBAND && INFINIBAND_ADDR_TRANS 12 depends on RDS && INFINIBAND && INFINIBAND_ADDR_TRANS
14 ---help--- 13 ---help---
15 Allow RDS to use Infiniband and iWARP as a transport. 14 Allow RDS to use Infiniband and iWARP as a transport.
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 48260c2d092a..b3a476fe8272 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -132,8 +132,7 @@ static const struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] = {
132 [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED }, 132 [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
133 [NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG }, 133 [NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
134 134
135 [NL80211_ATTR_HT_CAPABILITY] = { .type = NLA_BINARY, 135 [NL80211_ATTR_HT_CAPABILITY] = { .len = NL80211_HT_CAPABILITY_LEN },
136 .len = NL80211_HT_CAPABILITY_LEN },
137 136
138 [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 }, 137 [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
139 [NL80211_ATTR_IE] = { .type = NLA_BINARY, 138 [NL80211_ATTR_IE] = { .type = NLA_BINARY,
@@ -1253,6 +1252,12 @@ static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
1253 goto bad_res; 1252 goto bad_res;
1254 } 1253 }
1255 1254
1255 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
1256 netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
1257 result = -EINVAL;
1258 goto bad_res;
1259 }
1260
1256 nla_for_each_nested(nl_txq_params, 1261 nla_for_each_nested(nl_txq_params,
1257 info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS], 1262 info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
1258 rem_txq_params) { 1263 rem_txq_params) {
diff --git a/net/wireless/reg.c b/net/wireless/reg.c
index 6acba9d18cc8..e71f5a66574e 100644
--- a/net/wireless/reg.c
+++ b/net/wireless/reg.c
@@ -2265,6 +2265,9 @@ void /* __init_or_exit */ regulatory_exit(void)
2265 2265
2266 kfree(last_request); 2266 kfree(last_request);
2267 2267
2268 last_request = NULL;
2269 dev_set_uevent_suppress(&reg_pdev->dev, true);
2270
2268 platform_device_unregister(reg_pdev); 2271 platform_device_unregister(reg_pdev);
2269 2272
2270 spin_lock_bh(&reg_pending_beacons_lock); 2273 spin_lock_bh(&reg_pending_beacons_lock);
diff --git a/net/wireless/scan.c b/net/wireless/scan.c
index 0fb142410404..dc23b31594e0 100644
--- a/net/wireless/scan.c
+++ b/net/wireless/scan.c
@@ -259,17 +259,20 @@ static int cmp_ies(u8 num, u8 *ies1, size_t len1, u8 *ies2, size_t len2)
259{ 259{
260 const u8 *ie1 = cfg80211_find_ie(num, ies1, len1); 260 const u8 *ie1 = cfg80211_find_ie(num, ies1, len1);
261 const u8 *ie2 = cfg80211_find_ie(num, ies2, len2); 261 const u8 *ie2 = cfg80211_find_ie(num, ies2, len2);
262 int r;
263 262
263 /* equal if both missing */
264 if (!ie1 && !ie2) 264 if (!ie1 && !ie2)
265 return 0; 265 return 0;
266 if (!ie1 || !ie2) 266 /* sort missing IE before (left of) present IE */
267 if (!ie1)
267 return -1; 268 return -1;
269 if (!ie2)
270 return 1;
268 271
269 r = memcmp(ie1 + 2, ie2 + 2, min(ie1[1], ie2[1])); 272 /* sort by length first, then by contents */
270 if (r == 0 && ie1[1] != ie2[1]) 273 if (ie1[1] != ie2[1])
271 return ie2[1] - ie1[1]; 274 return ie2[1] - ie1[1];
272 return r; 275 return memcmp(ie1 + 2, ie2 + 2, ie1[1]);
273} 276}
274 277
275static bool is_bss(struct cfg80211_bss *a, 278static bool is_bss(struct cfg80211_bss *a,
generated by cgit v1.2.2 (git 2.25.0) at 2024-12-30 11:00:46 -0500