aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
Diffstat (limited to 'net')
-rw-r--r--net/atm/common.c2
-rw-r--r--net/ax25/af_ax25.c1
-rw-r--r--net/bluetooth/af_bluetooth.c4
-rw-r--r--net/bluetooth/rfcomm/sock.c1
-rw-r--r--net/bluetooth/sco.c1
-rw-r--r--net/caif/caif_socket.c2
-rw-r--r--net/core/dev.c1
-rw-r--r--net/core/dev_addr_lists.c6
-rw-r--r--net/ipv4/devinet.c6
-rw-r--r--net/ipv6/netfilter/ip6t_NPT.c2
-rw-r--r--net/ipv6/tcp_ipv6.c1
-rw-r--r--net/irda/af_irda.c2
-rw-r--r--net/iucv/af_iucv.c2
-rw-r--r--net/l2tp/l2tp_ip6.c1
-rw-r--r--net/llc/af_llc.c2
-rw-r--r--net/mac80211/cfg.c6
-rw-r--r--net/mac80211/chan.c17
-rw-r--r--net/mac80211/ieee80211_i.h4
-rw-r--r--net/mac80211/iface.c2
-rw-r--r--net/mac80211/offchannel.c23
-rw-r--r--net/netfilter/nf_conntrack_standalone.c1
-rw-r--r--net/netfilter/nfnetlink_acct.c2
-rw-r--r--net/netrom/af_netrom.c1
-rw-r--r--net/nfc/llcp/llcp.c8
-rw-r--r--net/nfc/llcp/sock.c9
-rw-r--r--net/rose/af_rose.c1
-rw-r--r--net/tipc/socket.c7
-rw-r--r--net/unix/af_unix.c6
-rw-r--r--net/vmw_vsock/af_vsock.c2
-rw-r--r--net/vmw_vsock/vmci_transport.c3
30 files changed, 90 insertions, 36 deletions
diff --git a/net/atm/common.c b/net/atm/common.c
index 7b491006eaf4..737bef59ce89 100644
--- a/net/atm/common.c
+++ b/net/atm/common.c
@@ -531,6 +531,8 @@ int vcc_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg,
531 struct sk_buff *skb; 531 struct sk_buff *skb;
532 int copied, error = -EINVAL; 532 int copied, error = -EINVAL;
533 533
534 msg->msg_namelen = 0;
535
534 if (sock->state != SS_CONNECTED) 536 if (sock->state != SS_CONNECTED)
535 return -ENOTCONN; 537 return -ENOTCONN;
536 538
diff --git a/net/ax25/af_ax25.c b/net/ax25/af_ax25.c
index 7b11f8bc5071..e277e38f736b 100644
--- a/net/ax25/af_ax25.c
+++ b/net/ax25/af_ax25.c
@@ -1642,6 +1642,7 @@ static int ax25_recvmsg(struct kiocb *iocb, struct socket *sock,
1642 ax25_address src; 1642 ax25_address src;
1643 const unsigned char *mac = skb_mac_header(skb); 1643 const unsigned char *mac = skb_mac_header(skb);
1644 1644
1645 memset(sax, 0, sizeof(struct full_sockaddr_ax25));
1645 ax25_addr_parse(mac + 1, skb->data - mac - 1, &src, NULL, 1646 ax25_addr_parse(mac + 1, skb->data - mac - 1, &src, NULL,
1646 &digi, NULL, NULL); 1647 &digi, NULL, NULL);
1647 sax->sax25_family = AF_AX25; 1648 sax->sax25_family = AF_AX25;
diff --git a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c
index fea778e1dc27..d5a973bf8a6f 100644
--- a/net/bluetooth/af_bluetooth.c
+++ b/net/bluetooth/af_bluetooth.c
@@ -230,6 +230,8 @@ int bt_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
230 if (flags & (MSG_OOB)) 230 if (flags & (MSG_OOB))
231 return -EOPNOTSUPP; 231 return -EOPNOTSUPP;
232 232
233 msg->msg_namelen = 0;
234
233 skb = skb_recv_datagram(sk, flags, noblock, &err); 235 skb = skb_recv_datagram(sk, flags, noblock, &err);
234 if (!skb) { 236 if (!skb) {
235 if (sk->sk_shutdown & RCV_SHUTDOWN) 237 if (sk->sk_shutdown & RCV_SHUTDOWN)
@@ -237,8 +239,6 @@ int bt_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
237 return err; 239 return err;
238 } 240 }
239 241
240 msg->msg_namelen = 0;
241
242 copied = skb->len; 242 copied = skb->len;
243 if (len < copied) { 243 if (len < copied) {
244 msg->msg_flags |= MSG_TRUNC; 244 msg->msg_flags |= MSG_TRUNC;
diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c
index c23bae86263b..7c9224bcce17 100644
--- a/net/bluetooth/rfcomm/sock.c
+++ b/net/bluetooth/rfcomm/sock.c
@@ -608,6 +608,7 @@ static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
608 608
609 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { 609 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
610 rfcomm_dlc_accept(d); 610 rfcomm_dlc_accept(d);
611 msg->msg_namelen = 0;
611 return 0; 612 return 0;
612 } 613 }
613 614
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index fad0302bdb32..fb6192c9812e 100644
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -665,6 +665,7 @@ static int sco_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
665 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 665 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
666 hci_conn_accept(pi->conn->hcon, 0); 666 hci_conn_accept(pi->conn->hcon, 0);
667 sk->sk_state = BT_CONFIG; 667 sk->sk_state = BT_CONFIG;
668 msg->msg_namelen = 0;
668 669
669 release_sock(sk); 670 release_sock(sk);
670 return 0; 671 return 0;
diff --git a/net/caif/caif_socket.c b/net/caif/caif_socket.c
index 1d337e02bc63..630b8be6e748 100644
--- a/net/caif/caif_socket.c
+++ b/net/caif/caif_socket.c
@@ -286,6 +286,8 @@ static int caif_seqpkt_recvmsg(struct kiocb *iocb, struct socket *sock,
286 if (m->msg_flags&MSG_OOB) 286 if (m->msg_flags&MSG_OOB)
287 goto read_error; 287 goto read_error;
288 288
289 m->msg_namelen = 0;
290
289 skb = skb_recv_datagram(sk, flags, 0 , &ret); 291 skb = skb_recv_datagram(sk, flags, 0 , &ret);
290 if (!skb) 292 if (!skb)
291 goto read_error; 293 goto read_error;
diff --git a/net/core/dev.c b/net/core/dev.c
index 63e25332924d..3655ff927315 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -1639,6 +1639,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
1639 skb->mark = 0; 1639 skb->mark = 0;
1640 secpath_reset(skb); 1640 secpath_reset(skb);
1641 nf_reset(skb); 1641 nf_reset(skb);
1642 nf_reset_trace(skb);
1642 return netif_rx(skb); 1643 return netif_rx(skb);
1643} 1644}
1644EXPORT_SYMBOL_GPL(dev_forward_skb); 1645EXPORT_SYMBOL_GPL(dev_forward_skb);
diff --git a/net/core/dev_addr_lists.c b/net/core/dev_addr_lists.c
index bd2eb9d3e369..abdc9e6ef33e 100644
--- a/net/core/dev_addr_lists.c
+++ b/net/core/dev_addr_lists.c
@@ -37,7 +37,7 @@ static int __hw_addr_create_ex(struct netdev_hw_addr_list *list,
37 ha->type = addr_type; 37 ha->type = addr_type;
38 ha->refcount = 1; 38 ha->refcount = 1;
39 ha->global_use = global; 39 ha->global_use = global;
40 ha->synced = false; 40 ha->synced = 0;
41 list_add_tail_rcu(&ha->list, &list->list); 41 list_add_tail_rcu(&ha->list, &list->list);
42 list->count++; 42 list->count++;
43 43
@@ -165,7 +165,7 @@ int __hw_addr_sync(struct netdev_hw_addr_list *to_list,
165 addr_len, ha->type); 165 addr_len, ha->type);
166 if (err) 166 if (err)
167 break; 167 break;
168 ha->synced = true; 168 ha->synced++;
169 ha->refcount++; 169 ha->refcount++;
170 } else if (ha->refcount == 1) { 170 } else if (ha->refcount == 1) {
171 __hw_addr_del(to_list, ha->addr, addr_len, ha->type); 171 __hw_addr_del(to_list, ha->addr, addr_len, ha->type);
@@ -186,7 +186,7 @@ void __hw_addr_unsync(struct netdev_hw_addr_list *to_list,
186 if (ha->synced) { 186 if (ha->synced) {
187 __hw_addr_del(to_list, ha->addr, 187 __hw_addr_del(to_list, ha->addr,
188 addr_len, ha->type); 188 addr_len, ha->type);
189 ha->synced = false; 189 ha->synced--;
190 __hw_addr_del(from_list, ha->addr, 190 __hw_addr_del(from_list, ha->addr,
191 addr_len, ha->type); 191 addr_len, ha->type);
192 } 192 }
diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
index 5d985e367535..2759dfd576ae 100644
--- a/net/ipv4/devinet.c
+++ b/net/ipv4/devinet.c
@@ -802,8 +802,10 @@ static int inet_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh)
802 if (nlh->nlmsg_flags & NLM_F_EXCL || 802 if (nlh->nlmsg_flags & NLM_F_EXCL ||
803 !(nlh->nlmsg_flags & NLM_F_REPLACE)) 803 !(nlh->nlmsg_flags & NLM_F_REPLACE))
804 return -EEXIST; 804 return -EEXIST;
805 805 ifa = ifa_existing;
806 set_ifa_lifetime(ifa_existing, valid_lft, prefered_lft); 806 set_ifa_lifetime(ifa, valid_lft, prefered_lft);
807 rtmsg_ifa(RTM_NEWADDR, ifa, nlh, NETLINK_CB(skb).portid);
808 blocking_notifier_call_chain(&inetaddr_chain, NETDEV_UP, ifa);
807 } 809 }
808 return 0; 810 return 0;
809} 811}
diff --git a/net/ipv6/netfilter/ip6t_NPT.c b/net/ipv6/netfilter/ip6t_NPT.c
index 938e0b7ea1bd..590f767db5d4 100644
--- a/net/ipv6/netfilter/ip6t_NPT.c
+++ b/net/ipv6/netfilter/ip6t_NPT.c
@@ -52,7 +52,7 @@ static bool ip6t_npt_map_pfx(const struct ip6t_npt_tginfo *npt,
52 if (pfx_len - i >= 32) 52 if (pfx_len - i >= 32)
53 mask = 0; 53 mask = 0;
54 else 54 else
55 mask = htonl(~((1 << (pfx_len - i)) - 1)); 55 mask = htonl((1 << (i - pfx_len + 32)) - 1);
56 56
57 idx = i / 32; 57 idx = i / 32;
58 addr->s6_addr32[idx] &= mask; 58 addr->s6_addr32[idx] &= mask;
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index 1033d2b1d81e..e51bd1a58264 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -386,6 +386,7 @@ static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
386 386
387 if (dst) 387 if (dst)
388 dst->ops->redirect(dst, sk, skb); 388 dst->ops->redirect(dst, sk, skb);
389 goto out;
389 } 390 }
390 391
391 if (type == ICMPV6_PKT_TOOBIG) { 392 if (type == ICMPV6_PKT_TOOBIG) {
diff --git a/net/irda/af_irda.c b/net/irda/af_irda.c
index d28e7f014cc6..e493b3397ae3 100644
--- a/net/irda/af_irda.c
+++ b/net/irda/af_irda.c
@@ -1386,6 +1386,8 @@ static int irda_recvmsg_dgram(struct kiocb *iocb, struct socket *sock,
1386 1386
1387 IRDA_DEBUG(4, "%s()\n", __func__); 1387 IRDA_DEBUG(4, "%s()\n", __func__);
1388 1388
1389 msg->msg_namelen = 0;
1390
1389 skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, 1391 skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT,
1390 flags & MSG_DONTWAIT, &err); 1392 flags & MSG_DONTWAIT, &err);
1391 if (!skb) 1393 if (!skb)
diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c
index 7dfb9ed93698..e165e8dc962e 100644
--- a/net/iucv/af_iucv.c
+++ b/net/iucv/af_iucv.c
@@ -1328,6 +1328,8 @@ static int iucv_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
1328 struct sk_buff *skb, *rskb, *cskb; 1328 struct sk_buff *skb, *rskb, *cskb;
1329 int err = 0; 1329 int err = 0;
1330 1330
1331 msg->msg_namelen = 0;
1332
1331 if ((sk->sk_state == IUCV_DISCONN) && 1333 if ((sk->sk_state == IUCV_DISCONN) &&
1332 skb_queue_empty(&iucv->backlog_skb_q) && 1334 skb_queue_empty(&iucv->backlog_skb_q) &&
1333 skb_queue_empty(&sk->sk_receive_queue) && 1335 skb_queue_empty(&sk->sk_receive_queue) &&
diff --git a/net/l2tp/l2tp_ip6.c b/net/l2tp/l2tp_ip6.c
index c74f5a91ff6a..b8a6039314e8 100644
--- a/net/l2tp/l2tp_ip6.c
+++ b/net/l2tp/l2tp_ip6.c
@@ -690,6 +690,7 @@ static int l2tp_ip6_recvmsg(struct kiocb *iocb, struct sock *sk,
690 lsa->l2tp_addr = ipv6_hdr(skb)->saddr; 690 lsa->l2tp_addr = ipv6_hdr(skb)->saddr;
691 lsa->l2tp_flowinfo = 0; 691 lsa->l2tp_flowinfo = 0;
692 lsa->l2tp_scope_id = 0; 692 lsa->l2tp_scope_id = 0;
693 lsa->l2tp_conn_id = 0;
693 if (ipv6_addr_type(&lsa->l2tp_addr) & IPV6_ADDR_LINKLOCAL) 694 if (ipv6_addr_type(&lsa->l2tp_addr) & IPV6_ADDR_LINKLOCAL)
694 lsa->l2tp_scope_id = IP6CB(skb)->iif; 695 lsa->l2tp_scope_id = IP6CB(skb)->iif;
695 } 696 }
diff --git a/net/llc/af_llc.c b/net/llc/af_llc.c
index 88709882c464..48aaa89253e0 100644
--- a/net/llc/af_llc.c
+++ b/net/llc/af_llc.c
@@ -720,6 +720,8 @@ static int llc_ui_recvmsg(struct kiocb *iocb, struct socket *sock,
720 int target; /* Read at least this many bytes */ 720 int target; /* Read at least this many bytes */
721 long timeo; 721 long timeo;
722 722
723 msg->msg_namelen = 0;
724
723 lock_sock(sk); 725 lock_sock(sk);
724 copied = -ENOTCONN; 726 copied = -ENOTCONN;
725 if (unlikely(sk->sk_type == SOCK_STREAM && sk->sk_state == TCP_LISTEN)) 727 if (unlikely(sk->sk_type == SOCK_STREAM && sk->sk_state == TCP_LISTEN))
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index 1d1ddabd89ca..c34e6d78a592 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -2636,7 +2636,7 @@ static int ieee80211_cancel_roc(struct ieee80211_local *local,
2636 list_del(&dep->list); 2636 list_del(&dep->list);
2637 mutex_unlock(&local->mtx); 2637 mutex_unlock(&local->mtx);
2638 2638
2639 ieee80211_roc_notify_destroy(dep); 2639 ieee80211_roc_notify_destroy(dep, true);
2640 return 0; 2640 return 0;
2641 } 2641 }
2642 2642
@@ -2676,7 +2676,7 @@ static int ieee80211_cancel_roc(struct ieee80211_local *local,
2676 ieee80211_start_next_roc(local); 2676 ieee80211_start_next_roc(local);
2677 mutex_unlock(&local->mtx); 2677 mutex_unlock(&local->mtx);
2678 2678
2679 ieee80211_roc_notify_destroy(found); 2679 ieee80211_roc_notify_destroy(found, true);
2680 } else { 2680 } else {
2681 /* work may be pending so use it all the time */ 2681 /* work may be pending so use it all the time */
2682 found->abort = true; 2682 found->abort = true;
@@ -2686,6 +2686,8 @@ static int ieee80211_cancel_roc(struct ieee80211_local *local,
2686 2686
2687 /* work will clean up etc */ 2687 /* work will clean up etc */
2688 flush_delayed_work(&found->work); 2688 flush_delayed_work(&found->work);
2689 WARN_ON(!found->to_be_freed);
2690 kfree(found);
2689 } 2691 }
2690 2692
2691 return 0; 2693 return 0;
diff --git a/net/mac80211/chan.c b/net/mac80211/chan.c
index 78c0d90dd641..931be419ab5a 100644
--- a/net/mac80211/chan.c
+++ b/net/mac80211/chan.c
@@ -63,6 +63,7 @@ ieee80211_new_chanctx(struct ieee80211_local *local,
63 enum ieee80211_chanctx_mode mode) 63 enum ieee80211_chanctx_mode mode)
64{ 64{
65 struct ieee80211_chanctx *ctx; 65 struct ieee80211_chanctx *ctx;
66 u32 changed;
66 int err; 67 int err;
67 68
68 lockdep_assert_held(&local->chanctx_mtx); 69 lockdep_assert_held(&local->chanctx_mtx);
@@ -76,6 +77,13 @@ ieee80211_new_chanctx(struct ieee80211_local *local,
76 ctx->conf.rx_chains_dynamic = 1; 77 ctx->conf.rx_chains_dynamic = 1;
77 ctx->mode = mode; 78 ctx->mode = mode;
78 79
80 /* acquire mutex to prevent idle from changing */
81 mutex_lock(&local->mtx);
82 /* turn idle off *before* setting channel -- some drivers need that */
83 changed = ieee80211_idle_off(local);
84 if (changed)
85 ieee80211_hw_config(local, changed);
86
79 if (!local->use_chanctx) { 87 if (!local->use_chanctx) {
80 local->_oper_channel_type = 88 local->_oper_channel_type =
81 cfg80211_get_chandef_type(chandef); 89 cfg80211_get_chandef_type(chandef);
@@ -85,14 +93,17 @@ ieee80211_new_chanctx(struct ieee80211_local *local,
85 err = drv_add_chanctx(local, ctx); 93 err = drv_add_chanctx(local, ctx);
86 if (err) { 94 if (err) {
87 kfree(ctx); 95 kfree(ctx);
88 return ERR_PTR(err); 96 ctx = ERR_PTR(err);
97
98 ieee80211_recalc_idle(local);
99 goto out;
89 } 100 }
90 } 101 }
91 102
103 /* and keep the mutex held until the new chanctx is on the list */
92 list_add_rcu(&ctx->list, &local->chanctx_list); 104 list_add_rcu(&ctx->list, &local->chanctx_list);
93 105
94 mutex_lock(&local->mtx); 106 out:
95 ieee80211_recalc_idle(local);
96 mutex_unlock(&local->mtx); 107 mutex_unlock(&local->mtx);
97 108
98 return ctx; 109 return ctx;
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index f4433f081e77..e140184c28ce 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -309,6 +309,7 @@ struct ieee80211_roc_work {
309 struct ieee80211_channel *chan; 309 struct ieee80211_channel *chan;
310 310
311 bool started, abort, hw_begun, notified; 311 bool started, abort, hw_begun, notified;
312 bool to_be_freed;
312 313
313 unsigned long hw_start_time; 314 unsigned long hw_start_time;
314 315
@@ -1335,7 +1336,7 @@ void ieee80211_offchannel_return(struct ieee80211_local *local);
1335void ieee80211_roc_setup(struct ieee80211_local *local); 1336void ieee80211_roc_setup(struct ieee80211_local *local);
1336void ieee80211_start_next_roc(struct ieee80211_local *local); 1337void ieee80211_start_next_roc(struct ieee80211_local *local);
1337void ieee80211_roc_purge(struct ieee80211_sub_if_data *sdata); 1338void ieee80211_roc_purge(struct ieee80211_sub_if_data *sdata);
1338void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc); 1339void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc, bool free);
1339void ieee80211_sw_roc_work(struct work_struct *work); 1340void ieee80211_sw_roc_work(struct work_struct *work);
1340void ieee80211_handle_roc_started(struct ieee80211_roc_work *roc); 1341void ieee80211_handle_roc_started(struct ieee80211_roc_work *roc);
1341 1342
@@ -1349,6 +1350,7 @@ int ieee80211_if_change_type(struct ieee80211_sub_if_data *sdata,
1349 enum nl80211_iftype type); 1350 enum nl80211_iftype type);
1350void ieee80211_if_remove(struct ieee80211_sub_if_data *sdata); 1351void ieee80211_if_remove(struct ieee80211_sub_if_data *sdata);
1351void ieee80211_remove_interfaces(struct ieee80211_local *local); 1352void ieee80211_remove_interfaces(struct ieee80211_local *local);
1353u32 ieee80211_idle_off(struct ieee80211_local *local);
1352void ieee80211_recalc_idle(struct ieee80211_local *local); 1354void ieee80211_recalc_idle(struct ieee80211_local *local);
1353void ieee80211_adjust_monitor_flags(struct ieee80211_sub_if_data *sdata, 1355void ieee80211_adjust_monitor_flags(struct ieee80211_sub_if_data *sdata,
1354 const int offset); 1356 const int offset);
diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
index 7530c60fe502..a2b5e17036bb 100644
--- a/net/mac80211/iface.c
+++ b/net/mac80211/iface.c
@@ -78,7 +78,7 @@ void ieee80211_recalc_txpower(struct ieee80211_sub_if_data *sdata)
78 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_TXPOWER); 78 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_TXPOWER);
79} 79}
80 80
81static u32 ieee80211_idle_off(struct ieee80211_local *local) 81u32 ieee80211_idle_off(struct ieee80211_local *local)
82{ 82{
83 if (!(local->hw.conf.flags & IEEE80211_CONF_IDLE)) 83 if (!(local->hw.conf.flags & IEEE80211_CONF_IDLE))
84 return 0; 84 return 0;
diff --git a/net/mac80211/offchannel.c b/net/mac80211/offchannel.c
index db547fceaeb9..950c95bec13d 100644
--- a/net/mac80211/offchannel.c
+++ b/net/mac80211/offchannel.c
@@ -297,10 +297,13 @@ void ieee80211_start_next_roc(struct ieee80211_local *local)
297 } 297 }
298} 298}
299 299
300void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc) 300void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc, bool free)
301{ 301{
302 struct ieee80211_roc_work *dep, *tmp; 302 struct ieee80211_roc_work *dep, *tmp;
303 303
304 if (WARN_ON(roc->to_be_freed))
305 return;
306
304 /* was never transmitted */ 307 /* was never transmitted */
305 if (roc->frame) { 308 if (roc->frame) {
306 cfg80211_mgmt_tx_status(&roc->sdata->wdev, 309 cfg80211_mgmt_tx_status(&roc->sdata->wdev,
@@ -316,9 +319,12 @@ void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc)
316 GFP_KERNEL); 319 GFP_KERNEL);
317 320
318 list_for_each_entry_safe(dep, tmp, &roc->dependents, list) 321 list_for_each_entry_safe(dep, tmp, &roc->dependents, list)
319 ieee80211_roc_notify_destroy(dep); 322 ieee80211_roc_notify_destroy(dep, true);
320 323
321 kfree(roc); 324 if (free)
325 kfree(roc);
326 else
327 roc->to_be_freed = true;
322} 328}
323 329
324void ieee80211_sw_roc_work(struct work_struct *work) 330void ieee80211_sw_roc_work(struct work_struct *work)
@@ -331,6 +337,9 @@ void ieee80211_sw_roc_work(struct work_struct *work)
331 337
332 mutex_lock(&local->mtx); 338 mutex_lock(&local->mtx);
333 339
340 if (roc->to_be_freed)
341 goto out_unlock;
342
334 if (roc->abort) 343 if (roc->abort)
335 goto finish; 344 goto finish;
336 345
@@ -370,7 +379,7 @@ void ieee80211_sw_roc_work(struct work_struct *work)
370 finish: 379 finish:
371 list_del(&roc->list); 380 list_del(&roc->list);
372 started = roc->started; 381 started = roc->started;
373 ieee80211_roc_notify_destroy(roc); 382 ieee80211_roc_notify_destroy(roc, !roc->abort);
374 383
375 if (started) { 384 if (started) {
376 drv_flush(local, false); 385 drv_flush(local, false);
@@ -410,7 +419,7 @@ static void ieee80211_hw_roc_done(struct work_struct *work)
410 419
411 list_del(&roc->list); 420 list_del(&roc->list);
412 421
413 ieee80211_roc_notify_destroy(roc); 422 ieee80211_roc_notify_destroy(roc, true);
414 423
415 /* if there's another roc, start it now */ 424 /* if there's another roc, start it now */
416 ieee80211_start_next_roc(local); 425 ieee80211_start_next_roc(local);
@@ -460,12 +469,14 @@ void ieee80211_roc_purge(struct ieee80211_sub_if_data *sdata)
460 list_for_each_entry_safe(roc, tmp, &tmp_list, list) { 469 list_for_each_entry_safe(roc, tmp, &tmp_list, list) {
461 if (local->ops->remain_on_channel) { 470 if (local->ops->remain_on_channel) {
462 list_del(&roc->list); 471 list_del(&roc->list);
463 ieee80211_roc_notify_destroy(roc); 472 ieee80211_roc_notify_destroy(roc, true);
464 } else { 473 } else {
465 ieee80211_queue_delayed_work(&local->hw, &roc->work, 0); 474 ieee80211_queue_delayed_work(&local->hw, &roc->work, 0);
466 475
467 /* work will clean up etc */ 476 /* work will clean up etc */
468 flush_delayed_work(&roc->work); 477 flush_delayed_work(&roc->work);
478 WARN_ON(!roc->to_be_freed);
479 kfree(roc);
469 } 480 }
470 } 481 }
471 482
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
index 6c69fbdb8361..ebb67d33bd63 100644
--- a/net/netfilter/nf_conntrack_standalone.c
+++ b/net/netfilter/nf_conntrack_standalone.c
@@ -572,6 +572,7 @@ static int __init nf_conntrack_standalone_init(void)
572 register_net_sysctl(&init_net, "net", nf_ct_netfilter_table); 572 register_net_sysctl(&init_net, "net", nf_ct_netfilter_table);
573 if (!nf_ct_netfilter_header) { 573 if (!nf_ct_netfilter_header) {
574 pr_err("nf_conntrack: can't register to sysctl.\n"); 574 pr_err("nf_conntrack: can't register to sysctl.\n");
575 ret = -ENOMEM;
575 goto out_sysctl; 576 goto out_sysctl;
576 } 577 }
577#endif 578#endif
diff --git a/net/netfilter/nfnetlink_acct.c b/net/netfilter/nfnetlink_acct.c
index 589d686f0b4c..dc3fd5d44464 100644
--- a/net/netfilter/nfnetlink_acct.c
+++ b/net/netfilter/nfnetlink_acct.c
@@ -49,6 +49,8 @@ nfnl_acct_new(struct sock *nfnl, struct sk_buff *skb,
49 return -EINVAL; 49 return -EINVAL;
50 50
51 acct_name = nla_data(tb[NFACCT_NAME]); 51 acct_name = nla_data(tb[NFACCT_NAME]);
52 if (strlen(acct_name) == 0)
53 return -EINVAL;
52 54
53 list_for_each_entry(nfacct, &nfnl_acct_list, head) { 55 list_for_each_entry(nfacct, &nfnl_acct_list, head) {
54 if (strncmp(nfacct->name, acct_name, NFACCT_NAME_MAX) != 0) 56 if (strncmp(nfacct->name, acct_name, NFACCT_NAME_MAX) != 0)
diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c
index d1fa1d9ffd2e..7fcb307dea47 100644
--- a/net/netrom/af_netrom.c
+++ b/net/netrom/af_netrom.c
@@ -1173,6 +1173,7 @@ static int nr_recvmsg(struct kiocb *iocb, struct socket *sock,
1173 } 1173 }
1174 1174
1175 if (sax != NULL) { 1175 if (sax != NULL) {
1176 memset(sax, 0, sizeof(sax));
1176 sax->sax25_family = AF_NETROM; 1177 sax->sax25_family = AF_NETROM;
1177 skb_copy_from_linear_data_offset(skb, 7, sax->sax25_call.ax25_call, 1178 skb_copy_from_linear_data_offset(skb, 7, sax->sax25_call.ax25_call,
1178 AX25_ADDR_LEN); 1179 AX25_ADDR_LEN);
diff --git a/net/nfc/llcp/llcp.c b/net/nfc/llcp/llcp.c
index bb67b98b9797..7de0368aff0c 100644
--- a/net/nfc/llcp/llcp.c
+++ b/net/nfc/llcp/llcp.c
@@ -107,8 +107,6 @@ static void nfc_llcp_socket_release(struct nfc_llcp_local *local, bool listen,
107 accept_sk->sk_state_change(sk); 107 accept_sk->sk_state_change(sk);
108 108
109 bh_unlock_sock(accept_sk); 109 bh_unlock_sock(accept_sk);
110
111 sock_orphan(accept_sk);
112 } 110 }
113 111
114 if (listen == true) { 112 if (listen == true) {
@@ -134,8 +132,6 @@ static void nfc_llcp_socket_release(struct nfc_llcp_local *local, bool listen,
134 132
135 bh_unlock_sock(sk); 133 bh_unlock_sock(sk);
136 134
137 sock_orphan(sk);
138
139 sk_del_node_init(sk); 135 sk_del_node_init(sk);
140 } 136 }
141 137
@@ -164,8 +160,6 @@ static void nfc_llcp_socket_release(struct nfc_llcp_local *local, bool listen,
164 160
165 bh_unlock_sock(sk); 161 bh_unlock_sock(sk);
166 162
167 sock_orphan(sk);
168
169 sk_del_node_init(sk); 163 sk_del_node_init(sk);
170 } 164 }
171 165
@@ -869,7 +863,6 @@ static void nfc_llcp_recv_ui(struct nfc_llcp_local *local,
869 skb_get(skb); 863 skb_get(skb);
870 } else { 864 } else {
871 pr_err("Receive queue is full\n"); 865 pr_err("Receive queue is full\n");
872 kfree_skb(skb);
873 } 866 }
874 867
875 nfc_llcp_sock_put(llcp_sock); 868 nfc_llcp_sock_put(llcp_sock);
@@ -1072,7 +1065,6 @@ static void nfc_llcp_recv_hdlc(struct nfc_llcp_local *local,
1072 skb_get(skb); 1065 skb_get(skb);
1073 } else { 1066 } else {
1074 pr_err("Receive queue is full\n"); 1067 pr_err("Receive queue is full\n");
1075 kfree_skb(skb);
1076 } 1068 }
1077 } 1069 }
1078 1070
diff --git a/net/nfc/llcp/sock.c b/net/nfc/llcp/sock.c
index 6b3254452b36..c1101e6de170 100644
--- a/net/nfc/llcp/sock.c
+++ b/net/nfc/llcp/sock.c
@@ -388,7 +388,9 @@ struct sock *nfc_llcp_accept_dequeue(struct sock *parent,
388 } 388 }
389 389
390 if (sk->sk_state == LLCP_CONNECTED || !newsock) { 390 if (sk->sk_state == LLCP_CONNECTED || !newsock) {
391 nfc_llcp_accept_unlink(sk); 391 list_del_init(&lsk->accept_queue);
392 sock_put(sk);
393
392 if (newsock) 394 if (newsock)
393 sock_graft(sk, newsock); 395 sock_graft(sk, newsock);
394 396
@@ -583,8 +585,6 @@ static int llcp_sock_release(struct socket *sock)
583 nfc_llcp_accept_unlink(accept_sk); 585 nfc_llcp_accept_unlink(accept_sk);
584 586
585 release_sock(accept_sk); 587 release_sock(accept_sk);
586
587 sock_orphan(accept_sk);
588 } 588 }
589 } 589 }
590 590
@@ -765,6 +765,8 @@ static int llcp_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
765 765
766 pr_debug("%p %zu\n", sk, len); 766 pr_debug("%p %zu\n", sk, len);
767 767
768 msg->msg_namelen = 0;
769
768 lock_sock(sk); 770 lock_sock(sk);
769 771
770 if (sk->sk_state == LLCP_CLOSED && 772 if (sk->sk_state == LLCP_CLOSED &&
@@ -810,6 +812,7 @@ static int llcp_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
810 812
811 pr_debug("Datagram socket %d %d\n", ui_cb->dsap, ui_cb->ssap); 813 pr_debug("Datagram socket %d %d\n", ui_cb->dsap, ui_cb->ssap);
812 814
815 memset(sockaddr, 0, sizeof(*sockaddr));
813 sockaddr->sa_family = AF_NFC; 816 sockaddr->sa_family = AF_NFC;
814 sockaddr->nfc_protocol = NFC_PROTO_NFC_DEP; 817 sockaddr->nfc_protocol = NFC_PROTO_NFC_DEP;
815 sockaddr->dsap = ui_cb->dsap; 818 sockaddr->dsap = ui_cb->dsap;
diff --git a/net/rose/af_rose.c b/net/rose/af_rose.c
index cf68e6e4054a..9c8347451597 100644
--- a/net/rose/af_rose.c
+++ b/net/rose/af_rose.c
@@ -1253,6 +1253,7 @@ static int rose_recvmsg(struct kiocb *iocb, struct socket *sock,
1253 skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); 1253 skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
1254 1254
1255 if (srose != NULL) { 1255 if (srose != NULL) {
1256 memset(srose, 0, msg->msg_namelen);
1256 srose->srose_family = AF_ROSE; 1257 srose->srose_family = AF_ROSE;
1257 srose->srose_addr = rose->dest_addr; 1258 srose->srose_addr = rose->dest_addr;
1258 srose->srose_call = rose->dest_call; 1259 srose->srose_call = rose->dest_call;
diff --git a/net/tipc/socket.c b/net/tipc/socket.c
index a9622b6cd916..515ce38e4f4c 100644
--- a/net/tipc/socket.c
+++ b/net/tipc/socket.c
@@ -790,6 +790,7 @@ static void set_orig_addr(struct msghdr *m, struct tipc_msg *msg)
790 if (addr) { 790 if (addr) {
791 addr->family = AF_TIPC; 791 addr->family = AF_TIPC;
792 addr->addrtype = TIPC_ADDR_ID; 792 addr->addrtype = TIPC_ADDR_ID;
793 memset(&addr->addr, 0, sizeof(addr->addr));
793 addr->addr.id.ref = msg_origport(msg); 794 addr->addr.id.ref = msg_origport(msg);
794 addr->addr.id.node = msg_orignode(msg); 795 addr->addr.id.node = msg_orignode(msg);
795 addr->addr.name.domain = 0; /* could leave uninitialized */ 796 addr->addr.name.domain = 0; /* could leave uninitialized */
@@ -904,6 +905,9 @@ static int recv_msg(struct kiocb *iocb, struct socket *sock,
904 goto exit; 905 goto exit;
905 } 906 }
906 907
908 /* will be updated in set_orig_addr() if needed */
909 m->msg_namelen = 0;
910
907 timeout = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); 911 timeout = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
908restart: 912restart:
909 913
@@ -1013,6 +1017,9 @@ static int recv_stream(struct kiocb *iocb, struct socket *sock,
1013 goto exit; 1017 goto exit;
1014 } 1018 }
1015 1019
1020 /* will be updated in set_orig_addr() if needed */
1021 m->msg_namelen = 0;
1022
1016 target = sock_rcvlowat(sk, flags & MSG_WAITALL, buf_len); 1023 target = sock_rcvlowat(sk, flags & MSG_WAITALL, buf_len);
1017 timeout = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); 1024 timeout = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
1018 1025
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index 2e4d90044a52..824eaf2c3afa 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -1412,8 +1412,8 @@ static void maybe_add_creds(struct sk_buff *skb, const struct socket *sock,
1412 if (UNIXCB(skb).cred) 1412 if (UNIXCB(skb).cred)
1413 return; 1413 return;
1414 if (test_bit(SOCK_PASSCRED, &sock->flags) || 1414 if (test_bit(SOCK_PASSCRED, &sock->flags) ||
1415 (other->sk_socket && 1415 !other->sk_socket ||
1416 test_bit(SOCK_PASSCRED, &other->sk_socket->flags))) { 1416 test_bit(SOCK_PASSCRED, &other->sk_socket->flags)) {
1417 UNIXCB(skb).pid = get_pid(task_tgid(current)); 1417 UNIXCB(skb).pid = get_pid(task_tgid(current));
1418 UNIXCB(skb).cred = get_current_cred(); 1418 UNIXCB(skb).cred = get_current_cred();
1419 } 1419 }
@@ -1993,7 +1993,7 @@ again:
1993 if ((UNIXCB(skb).pid != siocb->scm->pid) || 1993 if ((UNIXCB(skb).pid != siocb->scm->pid) ||
1994 (UNIXCB(skb).cred != siocb->scm->cred)) 1994 (UNIXCB(skb).cred != siocb->scm->cred))
1995 break; 1995 break;
1996 } else { 1996 } else if (test_bit(SOCK_PASSCRED, &sock->flags)) {
1997 /* Copy credentials */ 1997 /* Copy credentials */
1998 scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred); 1998 scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred);
1999 check_creds = 1; 1999 check_creds = 1;
diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c
index d8079daf1bde..7f93e2a42d7a 100644
--- a/net/vmw_vsock/af_vsock.c
+++ b/net/vmw_vsock/af_vsock.c
@@ -1670,6 +1670,8 @@ vsock_stream_recvmsg(struct kiocb *kiocb,
1670 vsk = vsock_sk(sk); 1670 vsk = vsock_sk(sk);
1671 err = 0; 1671 err = 0;
1672 1672
1673 msg->msg_namelen = 0;
1674
1673 lock_sock(sk); 1675 lock_sock(sk);
1674 1676
1675 if (sk->sk_state != SS_CONNECTED) { 1677 if (sk->sk_state != SS_CONNECTED) {
diff --git a/net/vmw_vsock/vmci_transport.c b/net/vmw_vsock/vmci_transport.c
index 9caa91c0bdaf..daff75200e25 100644
--- a/net/vmw_vsock/vmci_transport.c
+++ b/net/vmw_vsock/vmci_transport.c
@@ -1746,6 +1746,8 @@ static int vmci_transport_dgram_dequeue(struct kiocb *kiocb,
1746 if (flags & MSG_OOB || flags & MSG_ERRQUEUE) 1746 if (flags & MSG_OOB || flags & MSG_ERRQUEUE)
1747 return -EOPNOTSUPP; 1747 return -EOPNOTSUPP;
1748 1748
1749 msg->msg_namelen = 0;
1750
1749 /* Retrieve the head sk_buff from the socket's receive queue. */ 1751 /* Retrieve the head sk_buff from the socket's receive queue. */
1750 err = 0; 1752 err = 0;
1751 skb = skb_recv_datagram(&vsk->sk, flags, noblock, &err); 1753 skb = skb_recv_datagram(&vsk->sk, flags, noblock, &err);
@@ -1778,7 +1780,6 @@ static int vmci_transport_dgram_dequeue(struct kiocb *kiocb,
1778 if (err) 1780 if (err)
1779 goto out; 1781 goto out;
1780 1782
1781 msg->msg_namelen = 0;
1782 if (msg->msg_name) { 1783 if (msg->msg_name) {
1783 struct sockaddr_vm *vm_addr; 1784 struct sockaddr_vm *vm_addr;
1784 1785
generated by cgit v1.2.2 (git 2.25.0) at 2025-02-18 08:53:12 -0500