aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
Diffstat (limited to 'net')
-rw-r--r--net/bridge/br.c2
-rw-r--r--net/caif/cffrml.c2
-rw-r--r--net/caif/cfpkt_skbuff.c6
-rw-r--r--net/can/af_can.c3
-rw-r--r--net/compat.c9
-rw-r--r--net/core/dev.c2
-rw-r--r--net/core/ethtool.c1
-rw-r--r--net/core/gen_stats.c15
-rw-r--r--net/core/pktgen.c3
-rw-r--r--net/core/rtnetlink.c15
-rw-r--r--net/core/skbuff.c5
-rw-r--r--net/decnet/dn_route.c2
-rw-r--r--net/hsr/hsr_device.c3
-rw-r--r--net/hsr/hsr_main.c4
-rw-r--r--net/hsr/hsr_slave.c10
-rw-r--r--net/ipv4/ip_fragment.c11
-rw-r--r--net/ipv4/ip_output.c3
-rw-r--r--net/ipv4/ip_sockglue.c33
-rw-r--r--net/ipv4/ping.c12
-rw-r--r--net/ipv4/tcp.c10
-rw-r--r--net/ipv4/tcp_input.c2
-rw-r--r--net/ipv6/addrconf.c17
-rw-r--r--net/ipv6/datagram.c39
-rw-r--r--net/ipv6/ip6_output.c3
-rw-r--r--net/ipv6/ping.c5
-rw-r--r--net/irda/ircomm/ircomm_tty.c6
-rw-r--r--net/irda/irnet/irnet_ppp.c4
-rw-r--r--net/mac80211/chan.c5
-rw-r--r--net/mac80211/rc80211_minstrel.c2
-rw-r--r--net/mac80211/tx.c1
-rw-r--r--net/netfilter/ipvs/ip_vs_ctl.c2
-rw-r--r--net/netfilter/ipvs/ip_vs_sync.c3
-rw-r--r--net/netfilter/nf_tables_api.c61
-rw-r--r--net/netfilter/nft_compat.c26
-rw-r--r--net/netfilter/nft_hash.c2
-rw-r--r--net/netfilter/xt_recent.c11
-rw-r--r--net/netfilter/xt_socket.c21
-rw-r--r--net/netlink/af_netlink.c2
-rw-r--r--net/openvswitch/datapath.c45
-rw-r--r--net/openvswitch/flow_netlink.c8
-rw-r--r--net/openvswitch/vport.h2
-rw-r--r--net/packet/af_packet.c42
-rw-r--r--net/rxrpc/ar-ack.c9
-rw-r--r--net/rxrpc/ar-error.c4
-rw-r--r--net/sched/ematch.c1
-rw-r--r--net/sunrpc/auth_gss/gss_rpc_upcall.c2
-rw-r--r--net/sunrpc/auth_gss/svcauth_gss.c2
-rw-r--r--net/sunrpc/cache.c2
-rw-r--r--net/sunrpc/xprtrdma/rpc_rdma.c3
-rw-r--r--net/sunrpc/xprtrdma/xprt_rdma.h2
-rw-r--r--net/tipc/link.c7
-rw-r--r--net/tipc/socket.c2
-rw-r--r--net/wireless/core.c1
-rw-r--r--net/wireless/nl80211.c12
-rw-r--r--net/wireless/reg.c2
55 files changed, 345 insertions, 164 deletions
diff --git a/net/bridge/br.c b/net/bridge/br.c
index fb57ab6b24f9..02c24cf63c34 100644
--- a/net/bridge/br.c
+++ b/net/bridge/br.c
@@ -190,6 +190,8 @@ static int __init br_init(void)
190{ 190{
191 int err; 191 int err;
192 192
193 BUILD_BUG_ON(sizeof(struct br_input_skb_cb) > FIELD_SIZEOF(struct sk_buff, cb));
194
193 err = stp_proto_register(&br_stp_proto); 195 err = stp_proto_register(&br_stp_proto);
194 if (err < 0) { 196 if (err < 0) {
195 pr_err("bridge: can't register sap for STP\n"); 197 pr_err("bridge: can't register sap for STP\n");
diff --git a/net/caif/cffrml.c b/net/caif/cffrml.c
index 8bc7caa28e64..434ba8557826 100644
--- a/net/caif/cffrml.c
+++ b/net/caif/cffrml.c
@@ -84,7 +84,7 @@ static int cffrml_receive(struct cflayer *layr, struct cfpkt *pkt)
84 u16 tmp; 84 u16 tmp;
85 u16 len; 85 u16 len;
86 u16 hdrchks; 86 u16 hdrchks;
87 u16 pktchks; 87 int pktchks;
88 struct cffrml *this; 88 struct cffrml *this;
89 this = container_obj(layr); 89 this = container_obj(layr);
90 90
diff --git a/net/caif/cfpkt_skbuff.c b/net/caif/cfpkt_skbuff.c
index 1be0b521ac49..f6c3b2137eea 100644
--- a/net/caif/cfpkt_skbuff.c
+++ b/net/caif/cfpkt_skbuff.c
@@ -255,9 +255,9 @@ inline u16 cfpkt_getlen(struct cfpkt *pkt)
255 return skb->len; 255 return skb->len;
256} 256}
257 257
258inline u16 cfpkt_iterate(struct cfpkt *pkt, 258int cfpkt_iterate(struct cfpkt *pkt,
259 u16 (*iter_func)(u16, void *, u16), 259 u16 (*iter_func)(u16, void *, u16),
260 u16 data) 260 u16 data)
261{ 261{
262 /* 262 /*
263 * Don't care about the performance hit of linearizing, 263 * Don't care about the performance hit of linearizing,
diff --git a/net/can/af_can.c b/net/can/af_can.c
index 66e08040ced7..32d710eaf1fc 100644
--- a/net/can/af_can.c
+++ b/net/can/af_can.c
@@ -259,6 +259,9 @@ int can_send(struct sk_buff *skb, int loop)
259 goto inval_skb; 259 goto inval_skb;
260 } 260 }
261 261
262 skb->ip_summed = CHECKSUM_UNNECESSARY;
263
264 skb_reset_mac_header(skb);
262 skb_reset_network_header(skb); 265 skb_reset_network_header(skb);
263 skb_reset_transport_header(skb); 266 skb_reset_transport_header(skb);
264 267
diff --git a/net/compat.c b/net/compat.c
index 3236b4167a32..94d3d5e97883 100644
--- a/net/compat.c
+++ b/net/compat.c
@@ -711,24 +711,18 @@ static unsigned char nas[21] = {
711 711
712COMPAT_SYSCALL_DEFINE3(sendmsg, int, fd, struct compat_msghdr __user *, msg, unsigned int, flags) 712COMPAT_SYSCALL_DEFINE3(sendmsg, int, fd, struct compat_msghdr __user *, msg, unsigned int, flags)
713{ 713{
714 if (flags & MSG_CMSG_COMPAT)
715 return -EINVAL;
716 return __sys_sendmsg(fd, (struct user_msghdr __user *)msg, flags | MSG_CMSG_COMPAT); 714 return __sys_sendmsg(fd, (struct user_msghdr __user *)msg, flags | MSG_CMSG_COMPAT);
717} 715}
718 716
719COMPAT_SYSCALL_DEFINE4(sendmmsg, int, fd, struct compat_mmsghdr __user *, mmsg, 717COMPAT_SYSCALL_DEFINE4(sendmmsg, int, fd, struct compat_mmsghdr __user *, mmsg,
720 unsigned int, vlen, unsigned int, flags) 718 unsigned int, vlen, unsigned int, flags)
721{ 719{
722 if (flags & MSG_CMSG_COMPAT)
723 return -EINVAL;
724 return __sys_sendmmsg(fd, (struct mmsghdr __user *)mmsg, vlen, 720 return __sys_sendmmsg(fd, (struct mmsghdr __user *)mmsg, vlen,
725 flags | MSG_CMSG_COMPAT); 721 flags | MSG_CMSG_COMPAT);
726} 722}
727 723
728COMPAT_SYSCALL_DEFINE3(recvmsg, int, fd, struct compat_msghdr __user *, msg, unsigned int, flags) 724COMPAT_SYSCALL_DEFINE3(recvmsg, int, fd, struct compat_msghdr __user *, msg, unsigned int, flags)
729{ 725{
730 if (flags & MSG_CMSG_COMPAT)
731 return -EINVAL;
732 return __sys_recvmsg(fd, (struct user_msghdr __user *)msg, flags | MSG_CMSG_COMPAT); 726 return __sys_recvmsg(fd, (struct user_msghdr __user *)msg, flags | MSG_CMSG_COMPAT);
733} 727}
734 728
@@ -751,9 +745,6 @@ COMPAT_SYSCALL_DEFINE5(recvmmsg, int, fd, struct compat_mmsghdr __user *, mmsg,
751 int datagrams; 745 int datagrams;
752 struct timespec ktspec; 746 struct timespec ktspec;
753 747
754 if (flags & MSG_CMSG_COMPAT)
755 return -EINVAL;
756
757 if (timeout == NULL) 748 if (timeout == NULL)
758 return __sys_recvmmsg(fd, (struct mmsghdr __user *)mmsg, vlen, 749 return __sys_recvmmsg(fd, (struct mmsghdr __user *)mmsg, vlen,
759 flags | MSG_CMSG_COMPAT, NULL); 750 flags | MSG_CMSG_COMPAT, NULL);
diff --git a/net/core/dev.c b/net/core/dev.c
index 8f9710c62e20..962ee9d71964 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -946,7 +946,7 @@ bool dev_valid_name(const char *name)
946 return false; 946 return false;
947 947
948 while (*name) { 948 while (*name) {
949 if (*name == '/' || isspace(*name)) 949 if (*name == '/' || *name == ':' || isspace(*name))
950 return false; 950 return false;
951 name++; 951 name++;
952 } 952 }
diff --git a/net/core/ethtool.c b/net/core/ethtool.c
index 91f74f3eb204..aa378ecef186 100644
--- a/net/core/ethtool.c
+++ b/net/core/ethtool.c
@@ -98,6 +98,7 @@ static const char netdev_features_strings[NETDEV_FEATURE_COUNT][ETH_GSTRING_LEN]
98 [NETIF_F_RXALL_BIT] = "rx-all", 98 [NETIF_F_RXALL_BIT] = "rx-all",
99 [NETIF_F_HW_L2FW_DOFFLOAD_BIT] = "l2-fwd-offload", 99 [NETIF_F_HW_L2FW_DOFFLOAD_BIT] = "l2-fwd-offload",
100 [NETIF_F_BUSY_POLL_BIT] = "busy-poll", 100 [NETIF_F_BUSY_POLL_BIT] = "busy-poll",
101 [NETIF_F_HW_SWITCH_OFFLOAD_BIT] = "hw-switch-offload",
101}; 102};
102 103
103static const char 104static const char
diff --git a/net/core/gen_stats.c b/net/core/gen_stats.c
index 0c08062d1796..1e2f46a69d50 100644
--- a/net/core/gen_stats.c
+++ b/net/core/gen_stats.c
@@ -32,6 +32,9 @@ gnet_stats_copy(struct gnet_dump *d, int type, void *buf, int size)
32 return 0; 32 return 0;
33 33
34nla_put_failure: 34nla_put_failure:
35 kfree(d->xstats);
36 d->xstats = NULL;
37 d->xstats_len = 0;
35 spin_unlock_bh(d->lock); 38 spin_unlock_bh(d->lock);
36 return -1; 39 return -1;
37} 40}
@@ -305,7 +308,9 @@ int
305gnet_stats_copy_app(struct gnet_dump *d, void *st, int len) 308gnet_stats_copy_app(struct gnet_dump *d, void *st, int len)
306{ 309{
307 if (d->compat_xstats) { 310 if (d->compat_xstats) {
308 d->xstats = st; 311 d->xstats = kmemdup(st, len, GFP_ATOMIC);
312 if (!d->xstats)
313 goto err_out;
309 d->xstats_len = len; 314 d->xstats_len = len;
310 } 315 }
311 316
@@ -313,6 +318,11 @@ gnet_stats_copy_app(struct gnet_dump *d, void *st, int len)
313 return gnet_stats_copy(d, TCA_STATS_APP, st, len); 318 return gnet_stats_copy(d, TCA_STATS_APP, st, len);
314 319
315 return 0; 320 return 0;
321
322err_out:
323 d->xstats_len = 0;
324 spin_unlock_bh(d->lock);
325 return -1;
316} 326}
317EXPORT_SYMBOL(gnet_stats_copy_app); 327EXPORT_SYMBOL(gnet_stats_copy_app);
318 328
@@ -345,6 +355,9 @@ gnet_stats_finish_copy(struct gnet_dump *d)
345 return -1; 355 return -1;
346 } 356 }
347 357
358 kfree(d->xstats);
359 d->xstats = NULL;
360 d->xstats_len = 0;
348 spin_unlock_bh(d->lock); 361 spin_unlock_bh(d->lock);
349 return 0; 362 return 0;
350} 363}
diff --git a/net/core/pktgen.c b/net/core/pktgen.c
index b4899f5b7388..508155b283dd 100644
--- a/net/core/pktgen.c
+++ b/net/core/pktgen.c
@@ -1134,6 +1134,9 @@ static ssize_t pktgen_if_write(struct file *file,
1134 return len; 1134 return len;
1135 1135
1136 i += len; 1136 i += len;
1137 if ((value > 1) &&
1138 (!(pkt_dev->odev->priv_flags & IFF_TX_SKB_SHARING)))
1139 return -ENOTSUPP;
1137 pkt_dev->burst = value < 1 ? 1 : value; 1140 pkt_dev->burst = value < 1 ? 1 : value;
1138 sprintf(pg_result, "OK: burst=%d", pkt_dev->burst); 1141 sprintf(pg_result, "OK: burst=%d", pkt_dev->burst);
1139 return count; 1142 return count;
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index ab293a3066b3..25b4b5d23485 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -1300,7 +1300,6 @@ static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb)
1300 s_h = cb->args[0]; 1300 s_h = cb->args[0];
1301 s_idx = cb->args[1]; 1301 s_idx = cb->args[1];
1302 1302
1303 rcu_read_lock();
1304 cb->seq = net->dev_base_seq; 1303 cb->seq = net->dev_base_seq;
1305 1304
1306 /* A hack to preserve kernel<->userspace interface. 1305 /* A hack to preserve kernel<->userspace interface.
@@ -1322,7 +1321,7 @@ static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb)
1322 for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) { 1321 for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) {
1323 idx = 0; 1322 idx = 0;
1324 head = &net->dev_index_head[h]; 1323 head = &net->dev_index_head[h];
1325 hlist_for_each_entry_rcu(dev, head, index_hlist) { 1324 hlist_for_each_entry(dev, head, index_hlist) {
1326 if (idx < s_idx) 1325 if (idx < s_idx)
1327 goto cont; 1326 goto cont;
1328 err = rtnl_fill_ifinfo(skb, dev, RTM_NEWLINK, 1327 err = rtnl_fill_ifinfo(skb, dev, RTM_NEWLINK,
@@ -1344,7 +1343,6 @@ cont:
1344 } 1343 }
1345 } 1344 }
1346out: 1345out:
1347 rcu_read_unlock();
1348 cb->args[1] = idx; 1346 cb->args[1] = idx;
1349 cb->args[0] = h; 1347 cb->args[0] = h;
1350 1348
@@ -2012,8 +2010,8 @@ replay:
2012 } 2010 }
2013 2011
2014 if (1) { 2012 if (1) {
2015 struct nlattr *attr[ops ? ops->maxtype + 1 : 0]; 2013 struct nlattr *attr[ops ? ops->maxtype + 1 : 1];
2016 struct nlattr *slave_attr[m_ops ? m_ops->slave_maxtype + 1 : 0]; 2014 struct nlattr *slave_attr[m_ops ? m_ops->slave_maxtype + 1 : 1];
2017 struct nlattr **data = NULL; 2015 struct nlattr **data = NULL;
2018 struct nlattr **slave_data = NULL; 2016 struct nlattr **slave_data = NULL;
2019 struct net *dest_net, *link_net = NULL; 2017 struct net *dest_net, *link_net = NULL;
@@ -2122,6 +2120,10 @@ replay:
2122 if (IS_ERR(dest_net)) 2120 if (IS_ERR(dest_net))
2123 return PTR_ERR(dest_net); 2121 return PTR_ERR(dest_net);
2124 2122
2123 err = -EPERM;
2124 if (!netlink_ns_capable(skb, dest_net->user_ns, CAP_NET_ADMIN))
2125 goto out;
2126
2125 if (tb[IFLA_LINK_NETNSID]) { 2127 if (tb[IFLA_LINK_NETNSID]) {
2126 int id = nla_get_s32(tb[IFLA_LINK_NETNSID]); 2128 int id = nla_get_s32(tb[IFLA_LINK_NETNSID]);
2127 2129
@@ -2130,6 +2132,9 @@ replay:
2130 err = -EINVAL; 2132 err = -EINVAL;
2131 goto out; 2133 goto out;
2132 } 2134 }
2135 err = -EPERM;
2136 if (!netlink_ns_capable(skb, link_net->user_ns, CAP_NET_ADMIN))
2137 goto out;
2133 } 2138 }
2134 2139
2135 dev = rtnl_create_link(link_net ? : dest_net, ifname, 2140 dev = rtnl_create_link(link_net ? : dest_net, ifname,
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 88c613eab142..f80507823531 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -3621,13 +3621,14 @@ struct sk_buff *sock_dequeue_err_skb(struct sock *sk)
3621{ 3621{
3622 struct sk_buff_head *q = &sk->sk_error_queue; 3622 struct sk_buff_head *q = &sk->sk_error_queue;
3623 struct sk_buff *skb, *skb_next; 3623 struct sk_buff *skb, *skb_next;
3624 unsigned long flags;
3624 int err = 0; 3625 int err = 0;
3625 3626
3626 spin_lock_bh(&q->lock); 3627 spin_lock_irqsave(&q->lock, flags);
3627 skb = __skb_dequeue(q); 3628 skb = __skb_dequeue(q);
3628 if (skb && (skb_next = skb_peek(q))) 3629 if (skb && (skb_next = skb_peek(q)))
3629 err = SKB_EXT_ERR(skb_next)->ee.ee_errno; 3630 err = SKB_EXT_ERR(skb_next)->ee.ee_errno;
3630 spin_unlock_bh(&q->lock); 3631 spin_unlock_irqrestore(&q->lock, flags);
3631 3632
3632 sk->sk_err = err; 3633 sk->sk_err = err;
3633 if (err) 3634 if (err)
diff --git a/net/decnet/dn_route.c b/net/decnet/dn_route.c
index 1d7c1256e845..3b81092771f8 100644
--- a/net/decnet/dn_route.c
+++ b/net/decnet/dn_route.c
@@ -1062,7 +1062,7 @@ source_ok:
1062 if (decnet_debug_level & 16) 1062 if (decnet_debug_level & 16)
1063 printk(KERN_DEBUG 1063 printk(KERN_DEBUG
1064 "dn_route_output_slow: initial checks complete." 1064 "dn_route_output_slow: initial checks complete."
1065 " dst=%o4x src=%04x oif=%d try_hard=%d\n", 1065 " dst=%04x src=%04x oif=%d try_hard=%d\n",
1066 le16_to_cpu(fld.daddr), le16_to_cpu(fld.saddr), 1066 le16_to_cpu(fld.daddr), le16_to_cpu(fld.saddr),
1067 fld.flowidn_oif, try_hard); 1067 fld.flowidn_oif, try_hard);
1068 1068
diff --git a/net/hsr/hsr_device.c b/net/hsr/hsr_device.c
index a138d75751df..44d27469ae55 100644
--- a/net/hsr/hsr_device.c
+++ b/net/hsr/hsr_device.c
@@ -359,8 +359,11 @@ static void hsr_dev_destroy(struct net_device *hsr_dev)
359 struct hsr_port *port; 359 struct hsr_port *port;
360 360
361 hsr = netdev_priv(hsr_dev); 361 hsr = netdev_priv(hsr_dev);
362
363 rtnl_lock();
362 hsr_for_each_port(hsr, port) 364 hsr_for_each_port(hsr, port)
363 hsr_del_port(port); 365 hsr_del_port(port);
366 rtnl_unlock();
364 367
365 del_timer_sync(&hsr->prune_timer); 368 del_timer_sync(&hsr->prune_timer);
366 del_timer_sync(&hsr->announce_timer); 369 del_timer_sync(&hsr->announce_timer);
diff --git a/net/hsr/hsr_main.c b/net/hsr/hsr_main.c
index 779d28b65417..cd37d0011b42 100644
--- a/net/hsr/hsr_main.c
+++ b/net/hsr/hsr_main.c
@@ -36,6 +36,10 @@ static int hsr_netdev_notify(struct notifier_block *nb, unsigned long event,
36 return NOTIFY_DONE; /* Not an HSR device */ 36 return NOTIFY_DONE; /* Not an HSR device */
37 hsr = netdev_priv(dev); 37 hsr = netdev_priv(dev);
38 port = hsr_port_get_hsr(hsr, HSR_PT_MASTER); 38 port = hsr_port_get_hsr(hsr, HSR_PT_MASTER);
39 if (port == NULL) {
40 /* Resend of notification concerning removed device? */
41 return NOTIFY_DONE;
42 }
39 } else { 43 } else {
40 hsr = port->hsr; 44 hsr = port->hsr;
41 } 45 }
diff --git a/net/hsr/hsr_slave.c b/net/hsr/hsr_slave.c
index a348dcbcd683..7d37366cc695 100644
--- a/net/hsr/hsr_slave.c
+++ b/net/hsr/hsr_slave.c
@@ -181,8 +181,10 @@ void hsr_del_port(struct hsr_port *port)
181 list_del_rcu(&port->port_list); 181 list_del_rcu(&port->port_list);
182 182
183 if (port != master) { 183 if (port != master) {
184 netdev_update_features(master->dev); 184 if (master != NULL) {
185 dev_set_mtu(master->dev, hsr_get_max_mtu(hsr)); 185 netdev_update_features(master->dev);
186 dev_set_mtu(master->dev, hsr_get_max_mtu(hsr));
187 }
186 netdev_rx_handler_unregister(port->dev); 188 netdev_rx_handler_unregister(port->dev);
187 dev_set_promiscuity(port->dev, -1); 189 dev_set_promiscuity(port->dev, -1);
188 } 190 }
@@ -192,5 +194,7 @@ void hsr_del_port(struct hsr_port *port)
192 */ 194 */
193 195
194 synchronize_rcu(); 196 synchronize_rcu();
195 dev_put(port->dev); 197
198 if (port != master)
199 dev_put(port->dev);
196} 200}
diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
index e5b6d0ddcb58..145a50c4d566 100644
--- a/net/ipv4/ip_fragment.c
+++ b/net/ipv4/ip_fragment.c
@@ -659,27 +659,30 @@ EXPORT_SYMBOL(ip_defrag);
659struct sk_buff *ip_check_defrag(struct sk_buff *skb, u32 user) 659struct sk_buff *ip_check_defrag(struct sk_buff *skb, u32 user)
660{ 660{
661 struct iphdr iph; 661 struct iphdr iph;
662 int netoff;
662 u32 len; 663 u32 len;
663 664
664 if (skb->protocol != htons(ETH_P_IP)) 665 if (skb->protocol != htons(ETH_P_IP))
665 return skb; 666 return skb;
666 667
667 if (!skb_copy_bits(skb, 0, &iph, sizeof(iph))) 668 netoff = skb_network_offset(skb);
669
670 if (skb_copy_bits(skb, netoff, &iph, sizeof(iph)) < 0)
668 return skb; 671 return skb;
669 672
670 if (iph.ihl < 5 || iph.version != 4) 673 if (iph.ihl < 5 || iph.version != 4)
671 return skb; 674 return skb;
672 675
673 len = ntohs(iph.tot_len); 676 len = ntohs(iph.tot_len);
674 if (skb->len < len || len < (iph.ihl * 4)) 677 if (skb->len < netoff + len || len < (iph.ihl * 4))
675 return skb; 678 return skb;
676 679
677 if (ip_is_fragment(&iph)) { 680 if (ip_is_fragment(&iph)) {
678 skb = skb_share_check(skb, GFP_ATOMIC); 681 skb = skb_share_check(skb, GFP_ATOMIC);
679 if (skb) { 682 if (skb) {
680 if (!pskb_may_pull(skb, iph.ihl*4)) 683 if (!pskb_may_pull(skb, netoff + iph.ihl * 4))
681 return skb; 684 return skb;
682 if (pskb_trim_rcsum(skb, len)) 685 if (pskb_trim_rcsum(skb, netoff + len))
683 return skb; 686 return skb;
684 memset(IPCB(skb), 0, sizeof(struct inet_skb_parm)); 687 memset(IPCB(skb), 0, sizeof(struct inet_skb_parm));
685 if (ip_defrag(skb, user)) 688 if (ip_defrag(skb, user))
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index d68199d9b2b0..a7aea2048a0d 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -888,7 +888,8 @@ static int __ip_append_data(struct sock *sk,
888 cork->length += length; 888 cork->length += length;
889 if (((length > mtu) || (skb && skb_is_gso(skb))) && 889 if (((length > mtu) || (skb && skb_is_gso(skb))) &&
890 (sk->sk_protocol == IPPROTO_UDP) && 890 (sk->sk_protocol == IPPROTO_UDP) &&
891 (rt->dst.dev->features & NETIF_F_UFO) && !rt->dst.header_len) { 891 (rt->dst.dev->features & NETIF_F_UFO) && !rt->dst.header_len &&
892 (sk->sk_type == SOCK_DGRAM)) {
892 err = ip_ufo_append_data(sk, queue, getfrag, from, length, 893 err = ip_ufo_append_data(sk, queue, getfrag, from, length,
893 hh_len, fragheaderlen, transhdrlen, 894 hh_len, fragheaderlen, transhdrlen,
894 maxfraglen, flags); 895 maxfraglen, flags);
diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
index 31d8c71986b4..5cd99271d3a6 100644
--- a/net/ipv4/ip_sockglue.c
+++ b/net/ipv4/ip_sockglue.c
@@ -432,17 +432,32 @@ void ip_local_error(struct sock *sk, int err, __be32 daddr, __be16 port, u32 inf
432 kfree_skb(skb); 432 kfree_skb(skb);
433} 433}
434 434
435static bool ipv4_pktinfo_prepare_errqueue(const struct sock *sk, 435/* IPv4 supports cmsg on all imcp errors and some timestamps
436 const struct sk_buff *skb, 436 *
437 int ee_origin) 437 * Timestamp code paths do not initialize the fields expected by cmsg:
438 * the PKTINFO fields in skb->cb[]. Fill those in here.
439 */
440static bool ipv4_datagram_support_cmsg(const struct sock *sk,
441 struct sk_buff *skb,
442 int ee_origin)
438{ 443{
439 struct in_pktinfo *info = PKTINFO_SKB_CB(skb); 444 struct in_pktinfo *info;
445
446 if (ee_origin == SO_EE_ORIGIN_ICMP)
447 return true;
440 448
441 if ((ee_origin != SO_EE_ORIGIN_TIMESTAMPING) || 449 if (ee_origin == SO_EE_ORIGIN_LOCAL)
442 (!(sk->sk_tsflags & SOF_TIMESTAMPING_OPT_CMSG)) || 450 return false;
451
452 /* Support IP_PKTINFO on tstamp packets if requested, to correlate
453 * timestamp with egress dev. Not possible for packets without dev
454 * or without payload (SOF_TIMESTAMPING_OPT_TSONLY).
455 */
456 if ((!(sk->sk_tsflags & SOF_TIMESTAMPING_OPT_CMSG)) ||
443 (!skb->dev)) 457 (!skb->dev))
444 return false; 458 return false;
445 459
460 info = PKTINFO_SKB_CB(skb);
446 info->ipi_spec_dst.s_addr = ip_hdr(skb)->saddr; 461 info->ipi_spec_dst.s_addr = ip_hdr(skb)->saddr;
447 info->ipi_ifindex = skb->dev->ifindex; 462 info->ipi_ifindex = skb->dev->ifindex;
448 return true; 463 return true;
@@ -483,7 +498,7 @@ int ip_recv_error(struct sock *sk, struct msghdr *msg, int len, int *addr_len)
483 498
484 serr = SKB_EXT_ERR(skb); 499 serr = SKB_EXT_ERR(skb);
485 500
486 if (sin && skb->len) { 501 if (sin && serr->port) {
487 sin->sin_family = AF_INET; 502 sin->sin_family = AF_INET;
488 sin->sin_addr.s_addr = *(__be32 *)(skb_network_header(skb) + 503 sin->sin_addr.s_addr = *(__be32 *)(skb_network_header(skb) +
489 serr->addr_offset); 504 serr->addr_offset);
@@ -496,9 +511,7 @@ int ip_recv_error(struct sock *sk, struct msghdr *msg, int len, int *addr_len)
496 sin = &errhdr.offender; 511 sin = &errhdr.offender;
497 memset(sin, 0, sizeof(*sin)); 512 memset(sin, 0, sizeof(*sin));
498 513
499 if (skb->len && 514 if (ipv4_datagram_support_cmsg(sk, skb, serr->ee.ee_origin)) {
500 (serr->ee.ee_origin == SO_EE_ORIGIN_ICMP ||
501 ipv4_pktinfo_prepare_errqueue(sk, skb, serr->ee.ee_origin))) {
502 sin->sin_family = AF_INET; 515 sin->sin_family = AF_INET;
503 sin->sin_addr.s_addr = ip_hdr(skb)->saddr; 516 sin->sin_addr.s_addr = ip_hdr(skb)->saddr;
504 if (inet_sk(sk)->cmsg_flags) 517 if (inet_sk(sk)->cmsg_flags)
diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c
index e9f66e1cda50..208d5439e59b 100644
--- a/net/ipv4/ping.c
+++ b/net/ipv4/ping.c
@@ -259,6 +259,9 @@ int ping_init_sock(struct sock *sk)
259 kgid_t low, high; 259 kgid_t low, high;
260 int ret = 0; 260 int ret = 0;
261 261
262 if (sk->sk_family == AF_INET6)
263 sk->sk_ipv6only = 1;
264
262 inet_get_ping_group_range_net(net, &low, &high); 265 inet_get_ping_group_range_net(net, &low, &high);
263 if (gid_lte(low, group) && gid_lte(group, high)) 266 if (gid_lte(low, group) && gid_lte(group, high))
264 return 0; 267 return 0;
@@ -305,6 +308,11 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk,
305 if (addr_len < sizeof(*addr)) 308 if (addr_len < sizeof(*addr))
306 return -EINVAL; 309 return -EINVAL;
307 310
311 if (addr->sin_family != AF_INET &&
312 !(addr->sin_family == AF_UNSPEC &&
313 addr->sin_addr.s_addr == htonl(INADDR_ANY)))
314 return -EAFNOSUPPORT;
315
308 pr_debug("ping_check_bind_addr(sk=%p,addr=%pI4,port=%d)\n", 316 pr_debug("ping_check_bind_addr(sk=%p,addr=%pI4,port=%d)\n",
309 sk, &addr->sin_addr.s_addr, ntohs(addr->sin_port)); 317 sk, &addr->sin_addr.s_addr, ntohs(addr->sin_port));
310 318
@@ -330,7 +338,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk,
330 return -EINVAL; 338 return -EINVAL;
331 339
332 if (addr->sin6_family != AF_INET6) 340 if (addr->sin6_family != AF_INET6)
333 return -EINVAL; 341 return -EAFNOSUPPORT;
334 342
335 pr_debug("ping_check_bind_addr(sk=%p,addr=%pI6c,port=%d)\n", 343 pr_debug("ping_check_bind_addr(sk=%p,addr=%pI6c,port=%d)\n",
336 sk, addr->sin6_addr.s6_addr, ntohs(addr->sin6_port)); 344 sk, addr->sin6_addr.s6_addr, ntohs(addr->sin6_port));
@@ -716,7 +724,7 @@ static int ping_v4_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *m
716 if (msg->msg_namelen < sizeof(*usin)) 724 if (msg->msg_namelen < sizeof(*usin))
717 return -EINVAL; 725 return -EINVAL;
718 if (usin->sin_family != AF_INET) 726 if (usin->sin_family != AF_INET)
719 return -EINVAL; 727 return -EAFNOSUPPORT;
720 daddr = usin->sin_addr.s_addr; 728 daddr = usin->sin_addr.s_addr;
721 /* no remote port */ 729 /* no remote port */
722 } else { 730 } else {
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index 9d72a0fcd928..995a2259bcfc 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -835,17 +835,13 @@ static unsigned int tcp_xmit_size_goal(struct sock *sk, u32 mss_now,
835 int large_allowed) 835 int large_allowed)
836{ 836{
837 struct tcp_sock *tp = tcp_sk(sk); 837 struct tcp_sock *tp = tcp_sk(sk);
838 u32 new_size_goal, size_goal, hlen; 838 u32 new_size_goal, size_goal;
839 839
840 if (!large_allowed || !sk_can_gso(sk)) 840 if (!large_allowed || !sk_can_gso(sk))
841 return mss_now; 841 return mss_now;
842 842
843 /* Maybe we should/could use sk->sk_prot->max_header here ? */ 843 /* Note : tcp_tso_autosize() will eventually split this later */
844 hlen = inet_csk(sk)->icsk_af_ops->net_header_len + 844 new_size_goal = sk->sk_gso_max_size - 1 - MAX_TCP_HEADER;
845 inet_csk(sk)->icsk_ext_hdr_len +
846 tp->tcp_header_len;
847
848 new_size_goal = sk->sk_gso_max_size - 1 - hlen;
849 new_size_goal = tcp_bound_to_half_wnd(tp, new_size_goal); 845 new_size_goal = tcp_bound_to_half_wnd(tp, new_size_goal);
850 846
851 /* We try hard to avoid divides here */ 847 /* We try hard to avoid divides here */
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index 8fdd27b17306..fb4cf8b8e121 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -4770,7 +4770,7 @@ static bool tcp_should_expand_sndbuf(const struct sock *sk)
4770 return false; 4770 return false;
4771 4771
4772 /* If we filled the congestion window, do not expand. */ 4772 /* If we filled the congestion window, do not expand. */
4773 if (tp->packets_out >= tp->snd_cwnd) 4773 if (tcp_packets_in_flight(tp) >= tp->snd_cwnd)
4774 return false; 4774 return false;
4775 4775
4776 return true; 4776 return true;
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 98e4a63d72bb..b6030025f411 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -4903,6 +4903,21 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write,
4903 return ret; 4903 return ret;
4904} 4904}
4905 4905
4906static
4907int addrconf_sysctl_mtu(struct ctl_table *ctl, int write,
4908 void __user *buffer, size_t *lenp, loff_t *ppos)
4909{
4910 struct inet6_dev *idev = ctl->extra1;
4911 int min_mtu = IPV6_MIN_MTU;
4912 struct ctl_table lctl;
4913
4914 lctl = *ctl;
4915 lctl.extra1 = &min_mtu;
4916 lctl.extra2 = idev ? &idev->dev->mtu : NULL;
4917
4918 return proc_dointvec_minmax(&lctl, write, buffer, lenp, ppos);
4919}
4920
4906static void dev_disable_change(struct inet6_dev *idev) 4921static void dev_disable_change(struct inet6_dev *idev)
4907{ 4922{
4908 struct netdev_notifier_info info; 4923 struct netdev_notifier_info info;
@@ -5054,7 +5069,7 @@ static struct addrconf_sysctl_table
5054 .data = &ipv6_devconf.mtu6, 5069 .data = &ipv6_devconf.mtu6,
5055 .maxlen = sizeof(int), 5070 .maxlen = sizeof(int),
5056 .mode = 0644, 5071 .mode = 0644,
5057 .proc_handler = proc_dointvec, 5072 .proc_handler = addrconf_sysctl_mtu,
5058 }, 5073 },
5059 { 5074 {
5060 .procname = "accept_ra", 5075 .procname = "accept_ra",
diff --git a/net/ipv6/datagram.c b/net/ipv6/datagram.c
index c215be70cac0..ace8daca5c83 100644
--- a/net/ipv6/datagram.c
+++ b/net/ipv6/datagram.c
@@ -325,14 +325,34 @@ void ipv6_local_rxpmtu(struct sock *sk, struct flowi6 *fl6, u32 mtu)
325 kfree_skb(skb); 325 kfree_skb(skb);
326} 326}
327 327
328static void ip6_datagram_prepare_pktinfo_errqueue(struct sk_buff *skb) 328/* IPv6 supports cmsg on all origins aside from SO_EE_ORIGIN_LOCAL.
329 *
330 * At one point, excluding local errors was a quick test to identify icmp/icmp6
331 * errors. This is no longer true, but the test remained, so the v6 stack,
332 * unlike v4, also honors cmsg requests on all wifi and timestamp errors.
333 *
334 * Timestamp code paths do not initialize the fields expected by cmsg:
335 * the PKTINFO fields in skb->cb[]. Fill those in here.
336 */
337static bool ip6_datagram_support_cmsg(struct sk_buff *skb,
338 struct sock_exterr_skb *serr)
329{ 339{
330 int ifindex = skb->dev ? skb->dev->ifindex : -1; 340 if (serr->ee.ee_origin == SO_EE_ORIGIN_ICMP ||
341 serr->ee.ee_origin == SO_EE_ORIGIN_ICMP6)
342 return true;
343
344 if (serr->ee.ee_origin == SO_EE_ORIGIN_LOCAL)
345 return false;
346
347 if (!skb->dev)
348 return false;
331 349
332 if (skb->protocol == htons(ETH_P_IPV6)) 350 if (skb->protocol == htons(ETH_P_IPV6))
333 IP6CB(skb)->iif = ifindex; 351 IP6CB(skb)->iif = skb->dev->ifindex;
334 else 352 else
335 PKTINFO_SKB_CB(skb)->ipi_ifindex = ifindex; 353 PKTINFO_SKB_CB(skb)->ipi_ifindex = skb->dev->ifindex;
354
355 return true;
336} 356}
337 357
338/* 358/*
@@ -369,7 +389,7 @@ int ipv6_recv_error(struct sock *sk, struct msghdr *msg, int len, int *addr_len)
369 389
370 serr = SKB_EXT_ERR(skb); 390 serr = SKB_EXT_ERR(skb);
371 391
372 if (sin && skb->len) { 392 if (sin && serr->port) {
373 const unsigned char *nh = skb_network_header(skb); 393 const unsigned char *nh = skb_network_header(skb);
374 sin->sin6_family = AF_INET6; 394 sin->sin6_family = AF_INET6;
375 sin->sin6_flowinfo = 0; 395 sin->sin6_flowinfo = 0;
@@ -394,14 +414,11 @@ int ipv6_recv_error(struct sock *sk, struct msghdr *msg, int len, int *addr_len)
394 memcpy(&errhdr.ee, &serr->ee, sizeof(struct sock_extended_err)); 414 memcpy(&errhdr.ee, &serr->ee, sizeof(struct sock_extended_err));
395 sin = &errhdr.offender; 415 sin = &errhdr.offender;
396 memset(sin, 0, sizeof(*sin)); 416 memset(sin, 0, sizeof(*sin));
397 if (serr->ee.ee_origin != SO_EE_ORIGIN_LOCAL && skb->len) { 417
418 if (ip6_datagram_support_cmsg(skb, serr)) {
398 sin->sin6_family = AF_INET6; 419 sin->sin6_family = AF_INET6;
399 if (np->rxopt.all) { 420 if (np->rxopt.all)
400 if (serr->ee.ee_origin != SO_EE_ORIGIN_ICMP &&
401 serr->ee.ee_origin != SO_EE_ORIGIN_ICMP6)
402 ip6_datagram_prepare_pktinfo_errqueue(skb);
403 ip6_datagram_recv_common_ctl(sk, msg, skb); 421 ip6_datagram_recv_common_ctl(sk, msg, skb);
404 }
405 if (skb->protocol == htons(ETH_P_IPV6)) { 422 if (skb->protocol == htons(ETH_P_IPV6)) {
406 sin->sin6_addr = ipv6_hdr(skb)->saddr; 423 sin->sin6_addr = ipv6_hdr(skb)->saddr;
407 if (np->rxopt.all) 424 if (np->rxopt.all)
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index 7deebf102cba..0a04a37305d5 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -1298,7 +1298,8 @@ emsgsize:
1298 if (((length > mtu) || 1298 if (((length > mtu) ||
1299 (skb && skb_is_gso(skb))) && 1299 (skb && skb_is_gso(skb))) &&
1300 (sk->sk_protocol == IPPROTO_UDP) && 1300 (sk->sk_protocol == IPPROTO_UDP) &&
1301 (rt->dst.dev->features & NETIF_F_UFO)) { 1301 (rt->dst.dev->features & NETIF_F_UFO) &&
1302 (sk->sk_type == SOCK_DGRAM)) {
1302 err = ip6_ufo_append_data(sk, queue, getfrag, from, length, 1303 err = ip6_ufo_append_data(sk, queue, getfrag, from, length,
1303 hh_len, fragheaderlen, 1304 hh_len, fragheaderlen,
1304 transhdrlen, mtu, flags, rt); 1305 transhdrlen, mtu, flags, rt);
diff --git a/net/ipv6/ping.c b/net/ipv6/ping.c
index bd46f736f61d..a2dfff6ff227 100644
--- a/net/ipv6/ping.c
+++ b/net/ipv6/ping.c
@@ -102,9 +102,10 @@ int ping_v6_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
102 102
103 if (msg->msg_name) { 103 if (msg->msg_name) {
104 DECLARE_SOCKADDR(struct sockaddr_in6 *, u, msg->msg_name); 104 DECLARE_SOCKADDR(struct sockaddr_in6 *, u, msg->msg_name);
105 if (msg->msg_namelen < sizeof(struct sockaddr_in6) || 105 if (msg->msg_namelen < sizeof(*u))
106 u->sin6_family != AF_INET6) {
107 return -EINVAL; 106 return -EINVAL;
107 if (u->sin6_family != AF_INET6) {
108 return -EAFNOSUPPORT;
108 } 109 }
109 if (sk->sk_bound_dev_if && 110 if (sk->sk_bound_dev_if &&
110 sk->sk_bound_dev_if != u->sin6_scope_id) { 111 sk->sk_bound_dev_if != u->sin6_scope_id) {
diff --git a/net/irda/ircomm/ircomm_tty.c b/net/irda/ircomm/ircomm_tty.c
index 40695b9751c1..683346d2d633 100644
--- a/net/irda/ircomm/ircomm_tty.c
+++ b/net/irda/ircomm/ircomm_tty.c
@@ -798,7 +798,9 @@ static void ircomm_tty_wait_until_sent(struct tty_struct *tty, int timeout)
798 orig_jiffies = jiffies; 798 orig_jiffies = jiffies;
799 799
800 /* Set poll time to 200 ms */ 800 /* Set poll time to 200 ms */
801 poll_time = IRDA_MIN(timeout, msecs_to_jiffies(200)); 801 poll_time = msecs_to_jiffies(200);
802 if (timeout)
803 poll_time = min_t(unsigned long, timeout, poll_time);
802 804
803 spin_lock_irqsave(&self->spinlock, flags); 805 spin_lock_irqsave(&self->spinlock, flags);
804 while (self->tx_skb && self->tx_skb->len) { 806 while (self->tx_skb && self->tx_skb->len) {
@@ -811,7 +813,7 @@ static void ircomm_tty_wait_until_sent(struct tty_struct *tty, int timeout)
811 break; 813 break;
812 } 814 }
813 spin_unlock_irqrestore(&self->spinlock, flags); 815 spin_unlock_irqrestore(&self->spinlock, flags);
814 current->state = TASK_RUNNING; 816 __set_current_state(TASK_RUNNING);
815} 817}
816 818
817/* 819/*
diff --git a/net/irda/irnet/irnet_ppp.c b/net/irda/irnet/irnet_ppp.c
index 3c83a1e5ab03..1215693fdd22 100644
--- a/net/irda/irnet/irnet_ppp.c
+++ b/net/irda/irnet/irnet_ppp.c
@@ -305,7 +305,7 @@ irnet_ctrl_read(irnet_socket * ap,
305 305
306 /* Put ourselves on the wait queue to be woken up */ 306 /* Put ourselves on the wait queue to be woken up */
307 add_wait_queue(&irnet_events.rwait, &wait); 307 add_wait_queue(&irnet_events.rwait, &wait);
308 current->state = TASK_INTERRUPTIBLE; 308 set_current_state(TASK_INTERRUPTIBLE);
309 for(;;) 309 for(;;)
310 { 310 {
311 /* If there is unread events */ 311 /* If there is unread events */
@@ -321,7 +321,7 @@ irnet_ctrl_read(irnet_socket * ap,
321 /* Yield and wait to be woken up */ 321 /* Yield and wait to be woken up */
322 schedule(); 322 schedule();
323 } 323 }
324 current->state = TASK_RUNNING; 324 __set_current_state(TASK_RUNNING);
325 remove_wait_queue(&irnet_events.rwait, &wait); 325 remove_wait_queue(&irnet_events.rwait, &wait);
326 326
327 /* Did we got it ? */ 327 /* Did we got it ? */
diff --git a/net/mac80211/chan.c b/net/mac80211/chan.c
index ff0d2db09df9..5bcd4e5589d3 100644
--- a/net/mac80211/chan.c
+++ b/net/mac80211/chan.c
@@ -1508,6 +1508,8 @@ static void __ieee80211_vif_release_channel(struct ieee80211_sub_if_data *sdata)
1508 if (ieee80211_chanctx_refcount(local, ctx) == 0) 1508 if (ieee80211_chanctx_refcount(local, ctx) == 0)
1509 ieee80211_free_chanctx(local, ctx); 1509 ieee80211_free_chanctx(local, ctx);
1510 1510
1511 sdata->radar_required = false;
1512
1511 /* Unreserving may ready an in-place reservation. */ 1513 /* Unreserving may ready an in-place reservation. */
1512 if (use_reserved_switch) 1514 if (use_reserved_switch)
1513 ieee80211_vif_use_reserved_switch(local); 1515 ieee80211_vif_use_reserved_switch(local);
@@ -1566,6 +1568,9 @@ int ieee80211_vif_use_channel(struct ieee80211_sub_if_data *sdata,
1566 ieee80211_recalc_smps_chanctx(local, ctx); 1568 ieee80211_recalc_smps_chanctx(local, ctx);
1567 ieee80211_recalc_radar_chanctx(local, ctx); 1569 ieee80211_recalc_radar_chanctx(local, ctx);
1568 out: 1570 out:
1571 if (ret)
1572 sdata->radar_required = false;
1573
1569 mutex_unlock(&local->chanctx_mtx); 1574 mutex_unlock(&local->chanctx_mtx);
1570 return ret; 1575 return ret;
1571} 1576}
diff --git a/net/mac80211/rc80211_minstrel.c b/net/mac80211/rc80211_minstrel.c
index 7c86a002df95..ef6e8a6c4253 100644
--- a/net/mac80211/rc80211_minstrel.c
+++ b/net/mac80211/rc80211_minstrel.c
@@ -373,7 +373,7 @@ minstrel_get_rate(void *priv, struct ieee80211_sta *sta,
373 rate++; 373 rate++;
374 mi->sample_deferred++; 374 mi->sample_deferred++;
375 } else { 375 } else {
376 if (!msr->sample_limit != 0) 376 if (!msr->sample_limit)
377 return; 377 return;
378 378
379 mi->sample_packets++; 379 mi->sample_packets++;
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index 88a18ffe2975..07bd8db00af8 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -566,6 +566,7 @@ ieee80211_tx_h_check_control_port_protocol(struct ieee80211_tx_data *tx)
566 if (tx->sdata->control_port_no_encrypt) 566 if (tx->sdata->control_port_no_encrypt)
567 info->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 567 info->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
568 info->control.flags |= IEEE80211_TX_CTRL_PORT_CTRL_PROTO; 568 info->control.flags |= IEEE80211_TX_CTRL_PORT_CTRL_PROTO;
569 info->flags |= IEEE80211_TX_CTL_USE_MINRATE;
569 } 570 }
570 571
571 return TX_CONTINUE; 572 return TX_CONTINUE;
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index e55759056361..ed99448671c3 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -3402,7 +3402,7 @@ static int ip_vs_genl_set_cmd(struct sk_buff *skb, struct genl_info *info)
3402 if (udest.af == 0) 3402 if (udest.af == 0)
3403 udest.af = svc->af; 3403 udest.af = svc->af;
3404 3404
3405 if (udest.af != svc->af) { 3405 if (udest.af != svc->af && cmd != IPVS_CMD_DEL_DEST) {
3406 /* The synchronization protocol is incompatible 3406 /* The synchronization protocol is incompatible
3407 * with mixed family services 3407 * with mixed family services
3408 */ 3408 */
diff --git a/net/netfilter/ipvs/ip_vs_sync.c b/net/netfilter/ipvs/ip_vs_sync.c
index c47ffd7a0a70..d93ceeb3ef04 100644
--- a/net/netfilter/ipvs/ip_vs_sync.c
+++ b/net/netfilter/ipvs/ip_vs_sync.c
@@ -896,6 +896,8 @@ static void ip_vs_proc_conn(struct net *net, struct ip_vs_conn_param *param,
896 IP_VS_DBG(2, "BACKUP, add new conn. failed\n"); 896 IP_VS_DBG(2, "BACKUP, add new conn. failed\n");
897 return; 897 return;
898 } 898 }
899 if (!(flags & IP_VS_CONN_F_TEMPLATE))
900 kfree(param->pe_data);
899 } 901 }
900 902
901 if (opt) 903 if (opt)
@@ -1169,6 +1171,7 @@ static inline int ip_vs_proc_sync_conn(struct net *net, __u8 *p, __u8 *msg_end)
1169 (opt_flags & IPVS_OPT_F_SEQ_DATA ? &opt : NULL) 1171 (opt_flags & IPVS_OPT_F_SEQ_DATA ? &opt : NULL)
1170 ); 1172 );
1171#endif 1173#endif
1174 ip_vs_pe_put(param.pe);
1172 return 0; 1175 return 0;
1173 /* Error exit */ 1176 /* Error exit */
1174out: 1177out:
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 199fd0f27b0e..6ab777912237 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -227,7 +227,7 @@ nft_rule_deactivate_next(struct net *net, struct nft_rule *rule)
227 227
228static inline void nft_rule_clear(struct net *net, struct nft_rule *rule) 228static inline void nft_rule_clear(struct net *net, struct nft_rule *rule)
229{ 229{
230 rule->genmask = 0; 230 rule->genmask &= ~(1 << gencursor_next(net));
231} 231}
232 232
233static int 233static int
@@ -1711,9 +1711,12 @@ static int nf_tables_fill_rule_info(struct sk_buff *skb, struct net *net,
1711 } 1711 }
1712 nla_nest_end(skb, list); 1712 nla_nest_end(skb, list);
1713 1713
1714 if (rule->ulen && 1714 if (rule->udata) {
1715 nla_put(skb, NFTA_RULE_USERDATA, rule->ulen, nft_userdata(rule))) 1715 struct nft_userdata *udata = nft_userdata(rule);
1716 goto nla_put_failure; 1716 if (nla_put(skb, NFTA_RULE_USERDATA, udata->len + 1,
1717 udata->data) < 0)
1718 goto nla_put_failure;
1719 }
1717 1720
1718 nlmsg_end(skb, nlh); 1721 nlmsg_end(skb, nlh);
1719 return 0; 1722 return 0;
@@ -1896,11 +1899,12 @@ static int nf_tables_newrule(struct sock *nlsk, struct sk_buff *skb,
1896 struct nft_table *table; 1899 struct nft_table *table;
1897 struct nft_chain *chain; 1900 struct nft_chain *chain;
1898 struct nft_rule *rule, *old_rule = NULL; 1901 struct nft_rule *rule, *old_rule = NULL;
1902 struct nft_userdata *udata;
1899 struct nft_trans *trans = NULL; 1903 struct nft_trans *trans = NULL;
1900 struct nft_expr *expr; 1904 struct nft_expr *expr;
1901 struct nft_ctx ctx; 1905 struct nft_ctx ctx;
1902 struct nlattr *tmp; 1906 struct nlattr *tmp;
1903 unsigned int size, i, n, ulen = 0; 1907 unsigned int size, i, n, ulen = 0, usize = 0;
1904 int err, rem; 1908 int err, rem;
1905 bool create; 1909 bool create;
1906 u64 handle, pos_handle; 1910 u64 handle, pos_handle;
@@ -1968,12 +1972,19 @@ static int nf_tables_newrule(struct sock *nlsk, struct sk_buff *skb,
1968 n++; 1972 n++;
1969 } 1973 }
1970 } 1974 }
1975 /* Check for overflow of dlen field */
1976 err = -EFBIG;
1977 if (size >= 1 << 12)
1978 goto err1;
1971 1979
1972 if (nla[NFTA_RULE_USERDATA]) 1980 if (nla[NFTA_RULE_USERDATA]) {
1973 ulen = nla_len(nla[NFTA_RULE_USERDATA]); 1981 ulen = nla_len(nla[NFTA_RULE_USERDATA]);
1982 if (ulen > 0)
1983 usize = sizeof(struct nft_userdata) + ulen;
1984 }
1974 1985
1975 err = -ENOMEM; 1986 err = -ENOMEM;
1976 rule = kzalloc(sizeof(*rule) + size + ulen, GFP_KERNEL); 1987 rule = kzalloc(sizeof(*rule) + size + usize, GFP_KERNEL);
1977 if (rule == NULL) 1988 if (rule == NULL)
1978 goto err1; 1989 goto err1;
1979 1990
@@ -1981,10 +1992,13 @@ static int nf_tables_newrule(struct sock *nlsk, struct sk_buff *skb,
1981 1992
1982 rule->handle = handle; 1993 rule->handle = handle;
1983 rule->dlen = size; 1994 rule->dlen = size;
1984 rule->ulen = ulen; 1995 rule->udata = ulen ? 1 : 0;
1985 1996
1986 if (ulen) 1997 if (ulen) {
1987 nla_memcpy(nft_userdata(rule), nla[NFTA_RULE_USERDATA], ulen); 1998 udata = nft_userdata(rule);
1999 udata->len = ulen - 1;
2000 nla_memcpy(udata->data, nla[NFTA_RULE_USERDATA], ulen);
2001 }
1988 2002
1989 expr = nft_expr_first(rule); 2003 expr = nft_expr_first(rule);
1990 for (i = 0; i < n; i++) { 2004 for (i = 0; i < n; i++) {
@@ -2031,12 +2045,6 @@ static int nf_tables_newrule(struct sock *nlsk, struct sk_buff *skb,
2031 2045
2032err3: 2046err3:
2033 list_del_rcu(&rule->list); 2047 list_del_rcu(&rule->list);
2034 if (trans) {
2035 list_del_rcu(&nft_trans_rule(trans)->list);
2036 nft_rule_clear(net, nft_trans_rule(trans));
2037 nft_trans_destroy(trans);
2038 chain->use++;
2039 }
2040err2: 2048err2:
2041 nf_tables_rule_destroy(&ctx, rule); 2049 nf_tables_rule_destroy(&ctx, rule);
2042err1: 2050err1:
@@ -3612,12 +3620,11 @@ static int nf_tables_commit(struct sk_buff *skb)
3612 &te->elem, 3620 &te->elem,
3613 NFT_MSG_DELSETELEM, 0); 3621 NFT_MSG_DELSETELEM, 0);
3614 te->set->ops->get(te->set, &te->elem); 3622 te->set->ops->get(te->set, &te->elem);
3615 te->set->ops->remove(te->set, &te->elem);
3616 nft_data_uninit(&te->elem.key, NFT_DATA_VALUE); 3623 nft_data_uninit(&te->elem.key, NFT_DATA_VALUE);
3617 if (te->elem.flags & NFT_SET_MAP) { 3624 if (te->set->flags & NFT_SET_MAP &&
3618 nft_data_uninit(&te->elem.data, 3625 !(te->elem.flags & NFT_SET_ELEM_INTERVAL_END))
3619 te->set->dtype); 3626 nft_data_uninit(&te->elem.data, te->set->dtype);
3620 } 3627 te->set->ops->remove(te->set, &te->elem);
3621 nft_trans_destroy(trans); 3628 nft_trans_destroy(trans);
3622 break; 3629 break;
3623 } 3630 }
@@ -3658,7 +3665,7 @@ static int nf_tables_abort(struct sk_buff *skb)
3658{ 3665{
3659 struct net *net = sock_net(skb->sk); 3666 struct net *net = sock_net(skb->sk);
3660 struct nft_trans *trans, *next; 3667 struct nft_trans *trans, *next;
3661 struct nft_set *set; 3668 struct nft_trans_elem *te;
3662 3669
3663 list_for_each_entry_safe(trans, next, &net->nft.commit_list, list) { 3670 list_for_each_entry_safe(trans, next, &net->nft.commit_list, list) {
3664 switch (trans->msg_type) { 3671 switch (trans->msg_type) {
@@ -3719,9 +3726,13 @@ static int nf_tables_abort(struct sk_buff *skb)
3719 break; 3726 break;
3720 case NFT_MSG_NEWSETELEM: 3727 case NFT_MSG_NEWSETELEM:
3721 nft_trans_elem_set(trans)->nelems--; 3728 nft_trans_elem_set(trans)->nelems--;
3722 set = nft_trans_elem_set(trans); 3729 te = (struct nft_trans_elem *)trans->data;
3723 set->ops->get(set, &nft_trans_elem(trans)); 3730 te->set->ops->get(te->set, &te->elem);
3724 set->ops->remove(set, &nft_trans_elem(trans)); 3731 nft_data_uninit(&te->elem.key, NFT_DATA_VALUE);
3732 if (te->set->flags & NFT_SET_MAP &&
3733 !(te->elem.flags & NFT_SET_ELEM_INTERVAL_END))
3734 nft_data_uninit(&te->elem.data, te->set->dtype);
3735 te->set->ops->remove(te->set, &te->elem);
3725 nft_trans_destroy(trans); 3736 nft_trans_destroy(trans);
3726 break; 3737 break;
3727 case NFT_MSG_DELSETELEM: 3738 case NFT_MSG_DELSETELEM:
diff --git a/net/netfilter/nft_compat.c b/net/netfilter/nft_compat.c
index c598f74063a1..213584cf04b3 100644
--- a/net/netfilter/nft_compat.c
+++ b/net/netfilter/nft_compat.c
@@ -123,7 +123,7 @@ static void
123nft_target_set_tgchk_param(struct xt_tgchk_param *par, 123nft_target_set_tgchk_param(struct xt_tgchk_param *par,
124 const struct nft_ctx *ctx, 124 const struct nft_ctx *ctx,
125 struct xt_target *target, void *info, 125 struct xt_target *target, void *info,
126 union nft_entry *entry, u8 proto, bool inv) 126 union nft_entry *entry, u16 proto, bool inv)
127{ 127{
128 par->net = ctx->net; 128 par->net = ctx->net;
129 par->table = ctx->table->name; 129 par->table = ctx->table->name;
@@ -137,7 +137,7 @@ nft_target_set_tgchk_param(struct xt_tgchk_param *par,
137 entry->e6.ipv6.invflags = inv ? IP6T_INV_PROTO : 0; 137 entry->e6.ipv6.invflags = inv ? IP6T_INV_PROTO : 0;
138 break; 138 break;
139 case NFPROTO_BRIDGE: 139 case NFPROTO_BRIDGE:
140 entry->ebt.ethproto = proto; 140 entry->ebt.ethproto = (__force __be16)proto;
141 entry->ebt.invflags = inv ? EBT_IPROTO : 0; 141 entry->ebt.invflags = inv ? EBT_IPROTO : 0;
142 break; 142 break;
143 } 143 }
@@ -171,7 +171,7 @@ static const struct nla_policy nft_rule_compat_policy[NFTA_RULE_COMPAT_MAX + 1]
171 [NFTA_RULE_COMPAT_FLAGS] = { .type = NLA_U32 }, 171 [NFTA_RULE_COMPAT_FLAGS] = { .type = NLA_U32 },
172}; 172};
173 173
174static int nft_parse_compat(const struct nlattr *attr, u8 *proto, bool *inv) 174static int nft_parse_compat(const struct nlattr *attr, u16 *proto, bool *inv)
175{ 175{
176 struct nlattr *tb[NFTA_RULE_COMPAT_MAX+1]; 176 struct nlattr *tb[NFTA_RULE_COMPAT_MAX+1];
177 u32 flags; 177 u32 flags;
@@ -203,7 +203,7 @@ nft_target_init(const struct nft_ctx *ctx, const struct nft_expr *expr,
203 struct xt_target *target = expr->ops->data; 203 struct xt_target *target = expr->ops->data;
204 struct xt_tgchk_param par; 204 struct xt_tgchk_param par;
205 size_t size = XT_ALIGN(nla_len(tb[NFTA_TARGET_INFO])); 205 size_t size = XT_ALIGN(nla_len(tb[NFTA_TARGET_INFO]));
206 u8 proto = 0; 206 u16 proto = 0;
207 bool inv = false; 207 bool inv = false;
208 union nft_entry e = {}; 208 union nft_entry e = {};
209 int ret; 209 int ret;
@@ -334,7 +334,7 @@ static const struct nla_policy nft_match_policy[NFTA_MATCH_MAX + 1] = {
334static void 334static void
335nft_match_set_mtchk_param(struct xt_mtchk_param *par, const struct nft_ctx *ctx, 335nft_match_set_mtchk_param(struct xt_mtchk_param *par, const struct nft_ctx *ctx,
336 struct xt_match *match, void *info, 336 struct xt_match *match, void *info,
337 union nft_entry *entry, u8 proto, bool inv) 337 union nft_entry *entry, u16 proto, bool inv)
338{ 338{
339 par->net = ctx->net; 339 par->net = ctx->net;
340 par->table = ctx->table->name; 340 par->table = ctx->table->name;
@@ -348,7 +348,7 @@ nft_match_set_mtchk_param(struct xt_mtchk_param *par, const struct nft_ctx *ctx,
348 entry->e6.ipv6.invflags = inv ? IP6T_INV_PROTO : 0; 348 entry->e6.ipv6.invflags = inv ? IP6T_INV_PROTO : 0;
349 break; 349 break;
350 case NFPROTO_BRIDGE: 350 case NFPROTO_BRIDGE:
351 entry->ebt.ethproto = proto; 351 entry->ebt.ethproto = (__force __be16)proto;
352 entry->ebt.invflags = inv ? EBT_IPROTO : 0; 352 entry->ebt.invflags = inv ? EBT_IPROTO : 0;
353 break; 353 break;
354 } 354 }
@@ -385,7 +385,7 @@ nft_match_init(const struct nft_ctx *ctx, const struct nft_expr *expr,
385 struct xt_match *match = expr->ops->data; 385 struct xt_match *match = expr->ops->data;
386 struct xt_mtchk_param par; 386 struct xt_mtchk_param par;
387 size_t size = XT_ALIGN(nla_len(tb[NFTA_MATCH_INFO])); 387 size_t size = XT_ALIGN(nla_len(tb[NFTA_MATCH_INFO]));
388 u8 proto = 0; 388 u16 proto = 0;
389 bool inv = false; 389 bool inv = false;
390 union nft_entry e = {}; 390 union nft_entry e = {};
391 int ret; 391 int ret;
@@ -625,8 +625,12 @@ nft_match_select_ops(const struct nft_ctx *ctx,
625 struct xt_match *match = nft_match->ops.data; 625 struct xt_match *match = nft_match->ops.data;
626 626
627 if (strcmp(match->name, mt_name) == 0 && 627 if (strcmp(match->name, mt_name) == 0 &&
628 match->revision == rev && match->family == family) 628 match->revision == rev && match->family == family) {
629 if (!try_module_get(match->me))
630 return ERR_PTR(-ENOENT);
631
629 return &nft_match->ops; 632 return &nft_match->ops;
633 }
630 } 634 }
631 635
632 match = xt_request_find_match(family, mt_name, rev); 636 match = xt_request_find_match(family, mt_name, rev);
@@ -695,8 +699,12 @@ nft_target_select_ops(const struct nft_ctx *ctx,
695 struct xt_target *target = nft_target->ops.data; 699 struct xt_target *target = nft_target->ops.data;
696 700
697 if (strcmp(target->name, tg_name) == 0 && 701 if (strcmp(target->name, tg_name) == 0 &&
698 target->revision == rev && target->family == family) 702 target->revision == rev && target->family == family) {
703 if (!try_module_get(target->me))
704 return ERR_PTR(-ENOENT);
705
699 return &nft_target->ops; 706 return &nft_target->ops;
707 }
700 } 708 }
701 709
702 target = xt_request_find_target(family, tg_name, rev); 710 target = xt_request_find_target(family, tg_name, rev);
diff --git a/net/netfilter/nft_hash.c b/net/netfilter/nft_hash.c
index 61e6c407476a..c82df0a48fcd 100644
--- a/net/netfilter/nft_hash.c
+++ b/net/netfilter/nft_hash.c
@@ -192,8 +192,6 @@ static int nft_hash_init(const struct nft_set *set,
192 .key_offset = offsetof(struct nft_hash_elem, key), 192 .key_offset = offsetof(struct nft_hash_elem, key),
193 .key_len = set->klen, 193 .key_len = set->klen,
194 .hashfn = jhash, 194 .hashfn = jhash,
195 .grow_decision = rht_grow_above_75,
196 .shrink_decision = rht_shrink_below_30,
197 }; 195 };
198 196
199 return rhashtable_init(priv, &params); 197 return rhashtable_init(priv, &params);
diff --git a/net/netfilter/xt_recent.c b/net/netfilter/xt_recent.c
index 30dbe34915ae..45e1b30e4fb2 100644
--- a/net/netfilter/xt_recent.c
+++ b/net/netfilter/xt_recent.c
@@ -378,12 +378,11 @@ static int recent_mt_check(const struct xt_mtchk_param *par,
378 mutex_lock(&recent_mutex); 378 mutex_lock(&recent_mutex);
379 t = recent_table_lookup(recent_net, info->name); 379 t = recent_table_lookup(recent_net, info->name);
380 if (t != NULL) { 380 if (t != NULL) {
381 if (info->hit_count > t->nstamps_max_mask) { 381 if (nstamp_mask > t->nstamps_max_mask) {
382 pr_info("hitcount (%u) is larger than packets to be remembered (%u) for table %s\n", 382 spin_lock_bh(&recent_lock);
383 info->hit_count, t->nstamps_max_mask + 1, 383 recent_table_flush(t);
384 info->name); 384 t->nstamps_max_mask = nstamp_mask;
385 ret = -EINVAL; 385 spin_unlock_bh(&recent_lock);
386 goto out;
387 } 386 }
388 387
389 t->refcnt++; 388 t->refcnt++;
diff --git a/net/netfilter/xt_socket.c b/net/netfilter/xt_socket.c
index 1ba67931eb1b..13332dbf291d 100644
--- a/net/netfilter/xt_socket.c
+++ b/net/netfilter/xt_socket.c
@@ -243,12 +243,13 @@ static int
243extract_icmp6_fields(const struct sk_buff *skb, 243extract_icmp6_fields(const struct sk_buff *skb,
244 unsigned int outside_hdrlen, 244 unsigned int outside_hdrlen,
245 int *protocol, 245 int *protocol,
246 struct in6_addr **raddr, 246 const struct in6_addr **raddr,
247 struct in6_addr **laddr, 247 const struct in6_addr **laddr,
248 __be16 *rport, 248 __be16 *rport,
249 __be16 *lport) 249 __be16 *lport,
250 struct ipv6hdr *ipv6_var)
250{ 251{
251 struct ipv6hdr *inside_iph, _inside_iph; 252 const struct ipv6hdr *inside_iph;
252 struct icmp6hdr *icmph, _icmph; 253 struct icmp6hdr *icmph, _icmph;
253 __be16 *ports, _ports[2]; 254 __be16 *ports, _ports[2];
254 u8 inside_nexthdr; 255 u8 inside_nexthdr;
@@ -263,12 +264,14 @@ extract_icmp6_fields(const struct sk_buff *skb,
263 if (icmph->icmp6_type & ICMPV6_INFOMSG_MASK) 264 if (icmph->icmp6_type & ICMPV6_INFOMSG_MASK)
264 return 1; 265 return 1;
265 266
266 inside_iph = skb_header_pointer(skb, outside_hdrlen + sizeof(_icmph), sizeof(_inside_iph), &_inside_iph); 267 inside_iph = skb_header_pointer(skb, outside_hdrlen + sizeof(_icmph),
268 sizeof(*ipv6_var), ipv6_var);
267 if (inside_iph == NULL) 269 if (inside_iph == NULL)
268 return 1; 270 return 1;
269 inside_nexthdr = inside_iph->nexthdr; 271 inside_nexthdr = inside_iph->nexthdr;
270 272
271 inside_hdrlen = ipv6_skip_exthdr(skb, outside_hdrlen + sizeof(_icmph) + sizeof(_inside_iph), 273 inside_hdrlen = ipv6_skip_exthdr(skb, outside_hdrlen + sizeof(_icmph) +
274 sizeof(*ipv6_var),
272 &inside_nexthdr, &inside_fragoff); 275 &inside_nexthdr, &inside_fragoff);
273 if (inside_hdrlen < 0) 276 if (inside_hdrlen < 0)
274 return 1; /* hjm: Packet has no/incomplete transport layer headers. */ 277 return 1; /* hjm: Packet has no/incomplete transport layer headers. */
@@ -315,10 +318,10 @@ xt_socket_get_sock_v6(struct net *net, const u8 protocol,
315static bool 318static bool
316socket_mt6_v1_v2(const struct sk_buff *skb, struct xt_action_param *par) 319socket_mt6_v1_v2(const struct sk_buff *skb, struct xt_action_param *par)
317{ 320{
318 struct ipv6hdr *iph = ipv6_hdr(skb); 321 struct ipv6hdr ipv6_var, *iph = ipv6_hdr(skb);
319 struct udphdr _hdr, *hp = NULL; 322 struct udphdr _hdr, *hp = NULL;
320 struct sock *sk = skb->sk; 323 struct sock *sk = skb->sk;
321 struct in6_addr *daddr = NULL, *saddr = NULL; 324 const struct in6_addr *daddr = NULL, *saddr = NULL;
322 __be16 uninitialized_var(dport), uninitialized_var(sport); 325 __be16 uninitialized_var(dport), uninitialized_var(sport);
323 int thoff = 0, uninitialized_var(tproto); 326 int thoff = 0, uninitialized_var(tproto);
324 const struct xt_socket_mtinfo1 *info = (struct xt_socket_mtinfo1 *) par->matchinfo; 327 const struct xt_socket_mtinfo1 *info = (struct xt_socket_mtinfo1 *) par->matchinfo;
@@ -342,7 +345,7 @@ socket_mt6_v1_v2(const struct sk_buff *skb, struct xt_action_param *par)
342 345
343 } else if (tproto == IPPROTO_ICMPV6) { 346 } else if (tproto == IPPROTO_ICMPV6) {
344 if (extract_icmp6_fields(skb, thoff, &tproto, &saddr, &daddr, 347 if (extract_icmp6_fields(skb, thoff, &tproto, &saddr, &daddr,
345 &sport, &dport)) 348 &sport, &dport, &ipv6_var))
346 return false; 349 return false;
347 } else { 350 } else {
348 return false; 351 return false;
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index 2702673f0f23..05919bf3f670 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -3126,8 +3126,6 @@ static int __init netlink_proto_init(void)
3126 .key_len = sizeof(u32), /* portid */ 3126 .key_len = sizeof(u32), /* portid */
3127 .hashfn = jhash, 3127 .hashfn = jhash,
3128 .max_shift = 16, /* 64K */ 3128 .max_shift = 16, /* 64K */
3129 .grow_decision = rht_grow_above_75,
3130 .shrink_decision = rht_shrink_below_30,
3131 }; 3129 };
3132 3130
3133 if (err != 0) 3131 if (err != 0)
diff --git a/net/openvswitch/datapath.c b/net/openvswitch/datapath.c
index ae5e77cdc0ca..5bae7243c577 100644
--- a/net/openvswitch/datapath.c
+++ b/net/openvswitch/datapath.c
@@ -2194,14 +2194,55 @@ static int __net_init ovs_init_net(struct net *net)
2194 return 0; 2194 return 0;
2195} 2195}
2196 2196
2197static void __net_exit ovs_exit_net(struct net *net) 2197static void __net_exit list_vports_from_net(struct net *net, struct net *dnet,
2198 struct list_head *head)
2198{ 2199{
2199 struct datapath *dp, *dp_next;
2200 struct ovs_net *ovs_net = net_generic(net, ovs_net_id); 2200 struct ovs_net *ovs_net = net_generic(net, ovs_net_id);
2201 struct datapath *dp;
2202
2203 list_for_each_entry(dp, &ovs_net->dps, list_node) {
2204 int i;
2205
2206 for (i = 0; i < DP_VPORT_HASH_BUCKETS; i++) {
2207 struct vport *vport;
2208
2209 hlist_for_each_entry(vport, &dp->ports[i], dp_hash_node) {
2210 struct netdev_vport *netdev_vport;
2211
2212 if (vport->ops->type != OVS_VPORT_TYPE_INTERNAL)
2213 continue;
2214
2215 netdev_vport = netdev_vport_priv(vport);
2216 if (dev_net(netdev_vport->dev) == dnet)
2217 list_add(&vport->detach_list, head);
2218 }
2219 }
2220 }
2221}
2222
2223static void __net_exit ovs_exit_net(struct net *dnet)
2224{
2225 struct datapath *dp, *dp_next;
2226 struct ovs_net *ovs_net = net_generic(dnet, ovs_net_id);
2227 struct vport *vport, *vport_next;
2228 struct net *net;
2229 LIST_HEAD(head);
2201 2230
2202 ovs_lock(); 2231 ovs_lock();
2203 list_for_each_entry_safe(dp, dp_next, &ovs_net->dps, list_node) 2232 list_for_each_entry_safe(dp, dp_next, &ovs_net->dps, list_node)
2204 __dp_destroy(dp); 2233 __dp_destroy(dp);
2234
2235 rtnl_lock();
2236 for_each_net(net)
2237 list_vports_from_net(net, dnet, &head);
2238 rtnl_unlock();
2239
2240 /* Detach all vports from given namespace. */
2241 list_for_each_entry_safe(vport, vport_next, &head, detach_list) {
2242 list_del(&vport->detach_list);
2243 ovs_dp_detach_port(vport);
2244 }
2245
2205 ovs_unlock(); 2246 ovs_unlock();
2206 2247
2207 cancel_work_sync(&ovs_net->dp_notify_work); 2248 cancel_work_sync(&ovs_net->dp_notify_work);
diff --git a/net/openvswitch/flow_netlink.c b/net/openvswitch/flow_netlink.c
index 216f20b90aa5..22b18c145c92 100644
--- a/net/openvswitch/flow_netlink.c
+++ b/net/openvswitch/flow_netlink.c
@@ -2253,14 +2253,20 @@ static int masked_set_action_to_set_action_attr(const struct nlattr *a,
2253 struct sk_buff *skb) 2253 struct sk_buff *skb)
2254{ 2254{
2255 const struct nlattr *ovs_key = nla_data(a); 2255 const struct nlattr *ovs_key = nla_data(a);
2256 struct nlattr *nla;
2256 size_t key_len = nla_len(ovs_key) / 2; 2257 size_t key_len = nla_len(ovs_key) / 2;
2257 2258
2258 /* Revert the conversion we did from a non-masked set action to 2259 /* Revert the conversion we did from a non-masked set action to
2259 * masked set action. 2260 * masked set action.
2260 */ 2261 */
2261 if (nla_put(skb, OVS_ACTION_ATTR_SET, nla_len(a) - key_len, ovs_key)) 2262 nla = nla_nest_start(skb, OVS_ACTION_ATTR_SET);
2263 if (!nla)
2262 return -EMSGSIZE; 2264 return -EMSGSIZE;
2263 2265
2266 if (nla_put(skb, nla_type(ovs_key), key_len, nla_data(ovs_key)))
2267 return -EMSGSIZE;
2268
2269 nla_nest_end(skb, nla);
2264 return 0; 2270 return 0;
2265} 2271}
2266 2272
diff --git a/net/openvswitch/vport.h b/net/openvswitch/vport.h
index f8ae295fb001..bc85331a6c60 100644
--- a/net/openvswitch/vport.h
+++ b/net/openvswitch/vport.h
@@ -103,6 +103,7 @@ struct vport_portids {
103 * @ops: Class structure. 103 * @ops: Class structure.
104 * @percpu_stats: Points to per-CPU statistics used and maintained by vport 104 * @percpu_stats: Points to per-CPU statistics used and maintained by vport
105 * @err_stats: Points to error statistics used and maintained by vport 105 * @err_stats: Points to error statistics used and maintained by vport
106 * @detach_list: list used for detaching vport in net-exit call.
106 */ 107 */
107struct vport { 108struct vport {
108 struct rcu_head rcu; 109 struct rcu_head rcu;
@@ -117,6 +118,7 @@ struct vport {
117 struct pcpu_sw_netstats __percpu *percpu_stats; 118 struct pcpu_sw_netstats __percpu *percpu_stats;
118 119
119 struct vport_err_stats err_stats; 120 struct vport_err_stats err_stats;
121 struct list_head detach_list;
120}; 122};
121 123
122/** 124/**
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
index 9c28cec1a083..f8db7064d81c 100644
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -698,6 +698,10 @@ static void prb_retire_rx_blk_timer_expired(unsigned long data)
698 698
699 if (pkc->last_kactive_blk_num == pkc->kactive_blk_num) { 699 if (pkc->last_kactive_blk_num == pkc->kactive_blk_num) {
700 if (!frozen) { 700 if (!frozen) {
701 if (!BLOCK_NUM_PKTS(pbd)) {
702 /* An empty block. Just refresh the timer. */
703 goto refresh_timer;
704 }
701 prb_retire_current_block(pkc, po, TP_STATUS_BLK_TMO); 705 prb_retire_current_block(pkc, po, TP_STATUS_BLK_TMO);
702 if (!prb_dispatch_next_block(pkc, po)) 706 if (!prb_dispatch_next_block(pkc, po))
703 goto refresh_timer; 707 goto refresh_timer;
@@ -798,7 +802,11 @@ static void prb_close_block(struct tpacket_kbdq_core *pkc1,
798 h1->ts_last_pkt.ts_sec = last_pkt->tp_sec; 802 h1->ts_last_pkt.ts_sec = last_pkt->tp_sec;
799 h1->ts_last_pkt.ts_nsec = last_pkt->tp_nsec; 803 h1->ts_last_pkt.ts_nsec = last_pkt->tp_nsec;
800 } else { 804 } else {
801 /* Ok, we tmo'd - so get the current time */ 805 /* Ok, we tmo'd - so get the current time.
806 *
807 * It shouldn't really happen as we don't close empty
808 * blocks. See prb_retire_rx_blk_timer_expired().
809 */
802 struct timespec ts; 810 struct timespec ts;
803 getnstimeofday(&ts); 811 getnstimeofday(&ts);
804 h1->ts_last_pkt.ts_sec = ts.tv_sec; 812 h1->ts_last_pkt.ts_sec = ts.tv_sec;
@@ -1349,14 +1357,14 @@ static int packet_rcv_fanout(struct sk_buff *skb, struct net_device *dev,
1349 return 0; 1357 return 0;
1350 } 1358 }
1351 1359
1360 if (fanout_has_flag(f, PACKET_FANOUT_FLAG_DEFRAG)) {
1361 skb = ip_check_defrag(skb, IP_DEFRAG_AF_PACKET);
1362 if (!skb)
1363 return 0;
1364 }
1352 switch (f->type) { 1365 switch (f->type) {
1353 case PACKET_FANOUT_HASH: 1366 case PACKET_FANOUT_HASH:
1354 default: 1367 default:
1355 if (fanout_has_flag(f, PACKET_FANOUT_FLAG_DEFRAG)) {
1356 skb = ip_check_defrag(skb, IP_DEFRAG_AF_PACKET);
1357 if (!skb)
1358 return 0;
1359 }
1360 idx = fanout_demux_hash(f, skb, num); 1368 idx = fanout_demux_hash(f, skb, num);
1361 break; 1369 break;
1362 case PACKET_FANOUT_LB: 1370 case PACKET_FANOUT_LB:
@@ -3115,11 +3123,18 @@ static int packet_dev_mc(struct net_device *dev, struct packet_mclist *i,
3115 return 0; 3123 return 0;
3116} 3124}
3117 3125
3118static void packet_dev_mclist(struct net_device *dev, struct packet_mclist *i, int what) 3126static void packet_dev_mclist_delete(struct net_device *dev,
3127 struct packet_mclist **mlp)
3119{ 3128{
3120 for ( ; i; i = i->next) { 3129 struct packet_mclist *ml;
3121 if (i->ifindex == dev->ifindex) 3130
3122 packet_dev_mc(dev, i, what); 3131 while ((ml = *mlp) != NULL) {
3132 if (ml->ifindex == dev->ifindex) {
3133 packet_dev_mc(dev, ml, -1);
3134 *mlp = ml->next;
3135 kfree(ml);
3136 } else
3137 mlp = &ml->next;
3123 } 3138 }
3124} 3139}
3125 3140
@@ -3196,12 +3211,11 @@ static int packet_mc_drop(struct sock *sk, struct packet_mreq_max *mreq)
3196 packet_dev_mc(dev, ml, -1); 3211 packet_dev_mc(dev, ml, -1);
3197 kfree(ml); 3212 kfree(ml);
3198 } 3213 }
3199 rtnl_unlock(); 3214 break;
3200 return 0;
3201 } 3215 }
3202 } 3216 }
3203 rtnl_unlock(); 3217 rtnl_unlock();
3204 return -EADDRNOTAVAIL; 3218 return 0;
3205} 3219}
3206 3220
3207static void packet_flush_mclist(struct sock *sk) 3221static void packet_flush_mclist(struct sock *sk)
@@ -3551,7 +3565,7 @@ static int packet_notifier(struct notifier_block *this,
3551 switch (msg) { 3565 switch (msg) {
3552 case NETDEV_UNREGISTER: 3566 case NETDEV_UNREGISTER:
3553 if (po->mclist) 3567 if (po->mclist)
3554 packet_dev_mclist(dev, po->mclist, -1); 3568 packet_dev_mclist_delete(dev, &po->mclist);
3555 /* fallthrough */ 3569 /* fallthrough */
3556 3570
3557 case NETDEV_DOWN: 3571 case NETDEV_DOWN:
diff --git a/net/rxrpc/ar-ack.c b/net/rxrpc/ar-ack.c
index c6be17a959a6..e0547f521f20 100644
--- a/net/rxrpc/ar-ack.c
+++ b/net/rxrpc/ar-ack.c
@@ -218,7 +218,8 @@ static void rxrpc_resend(struct rxrpc_call *call)
218 struct rxrpc_header *hdr; 218 struct rxrpc_header *hdr;
219 struct sk_buff *txb; 219 struct sk_buff *txb;
220 unsigned long *p_txb, resend_at; 220 unsigned long *p_txb, resend_at;
221 int loop, stop; 221 bool stop;
222 int loop;
222 u8 resend; 223 u8 resend;
223 224
224 _enter("{%d,%d,%d,%d},", 225 _enter("{%d,%d,%d,%d},",
@@ -226,7 +227,7 @@ static void rxrpc_resend(struct rxrpc_call *call)
226 atomic_read(&call->sequence), 227 atomic_read(&call->sequence),
227 CIRC_CNT(call->acks_head, call->acks_tail, call->acks_winsz)); 228 CIRC_CNT(call->acks_head, call->acks_tail, call->acks_winsz));
228 229
229 stop = 0; 230 stop = false;
230 resend = 0; 231 resend = 0;
231 resend_at = 0; 232 resend_at = 0;
232 233
@@ -255,11 +256,11 @@ static void rxrpc_resend(struct rxrpc_call *call)
255 _proto("Tx DATA %%%u { #%d }", 256 _proto("Tx DATA %%%u { #%d }",
256 ntohl(sp->hdr.serial), ntohl(sp->hdr.seq)); 257 ntohl(sp->hdr.serial), ntohl(sp->hdr.seq));
257 if (rxrpc_send_packet(call->conn->trans, txb) < 0) { 258 if (rxrpc_send_packet(call->conn->trans, txb) < 0) {
258 stop = 0; 259 stop = true;
259 sp->resend_at = jiffies + 3; 260 sp->resend_at = jiffies + 3;
260 } else { 261 } else {
261 sp->resend_at = 262 sp->resend_at =
262 jiffies + rxrpc_resend_timeout * HZ; 263 jiffies + rxrpc_resend_timeout;
263 } 264 }
264 } 265 }
265 266
diff --git a/net/rxrpc/ar-error.c b/net/rxrpc/ar-error.c
index 5394b6be46ec..0610efa83d72 100644
--- a/net/rxrpc/ar-error.c
+++ b/net/rxrpc/ar-error.c
@@ -42,7 +42,8 @@ void rxrpc_UDP_error_report(struct sock *sk)
42 _leave("UDP socket errqueue empty"); 42 _leave("UDP socket errqueue empty");
43 return; 43 return;
44 } 44 }
45 if (!skb->len) { 45 serr = SKB_EXT_ERR(skb);
46 if (!skb->len && serr->ee.ee_origin == SO_EE_ORIGIN_TIMESTAMPING) {
46 _leave("UDP empty message"); 47 _leave("UDP empty message");
47 kfree_skb(skb); 48 kfree_skb(skb);
48 return; 49 return;
@@ -50,7 +51,6 @@ void rxrpc_UDP_error_report(struct sock *sk)
50 51
51 rxrpc_new_skb(skb); 52 rxrpc_new_skb(skb);
52 53
53 serr = SKB_EXT_ERR(skb);
54 addr = *(__be32 *)(skb_network_header(skb) + serr->addr_offset); 54 addr = *(__be32 *)(skb_network_header(skb) + serr->addr_offset);
55 port = serr->port; 55 port = serr->port;
56 56
diff --git a/net/sched/ematch.c b/net/sched/ematch.c
index 6742200b1307..fbb7ebfc58c6 100644
--- a/net/sched/ematch.c
+++ b/net/sched/ematch.c
@@ -228,6 +228,7 @@ static int tcf_em_validate(struct tcf_proto *tp,
228 * to replay the request. 228 * to replay the request.
229 */ 229 */
230 module_put(em->ops->owner); 230 module_put(em->ops->owner);
231 em->ops = NULL;
231 err = -EAGAIN; 232 err = -EAGAIN;
232 } 233 }
233#endif 234#endif
diff --git a/net/sunrpc/auth_gss/gss_rpc_upcall.c b/net/sunrpc/auth_gss/gss_rpc_upcall.c
index abbb7dcd1689..59eeed43eda2 100644
--- a/net/sunrpc/auth_gss/gss_rpc_upcall.c
+++ b/net/sunrpc/auth_gss/gss_rpc_upcall.c
@@ -217,6 +217,8 @@ static void gssp_free_receive_pages(struct gssx_arg_accept_sec_context *arg)
217 217
218 for (i = 0; i < arg->npages && arg->pages[i]; i++) 218 for (i = 0; i < arg->npages && arg->pages[i]; i++)
219 __free_page(arg->pages[i]); 219 __free_page(arg->pages[i]);
220
221 kfree(arg->pages);
220} 222}
221 223
222static int gssp_alloc_receive_pages(struct gssx_arg_accept_sec_context *arg) 224static int gssp_alloc_receive_pages(struct gssx_arg_accept_sec_context *arg)
diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c
index 224a82f24d3c..1095be9c80ab 100644
--- a/net/sunrpc/auth_gss/svcauth_gss.c
+++ b/net/sunrpc/auth_gss/svcauth_gss.c
@@ -463,6 +463,8 @@ static int rsc_parse(struct cache_detail *cd,
463 /* number of additional gid's */ 463 /* number of additional gid's */
464 if (get_int(&mesg, &N)) 464 if (get_int(&mesg, &N))
465 goto out; 465 goto out;
466 if (N < 0 || N > NGROUPS_MAX)
467 goto out;
466 status = -ENOMEM; 468 status = -ENOMEM;
467 rsci.cred.cr_group_info = groups_alloc(N); 469 rsci.cred.cr_group_info = groups_alloc(N);
468 if (rsci.cred.cr_group_info == NULL) 470 if (rsci.cred.cr_group_info == NULL)
diff --git a/net/sunrpc/cache.c b/net/sunrpc/cache.c
index 33fb105d4352..5199bb1a017e 100644
--- a/net/sunrpc/cache.c
+++ b/net/sunrpc/cache.c
@@ -921,7 +921,7 @@ static unsigned int cache_poll(struct file *filp, poll_table *wait,
921 poll_wait(filp, &queue_wait, wait); 921 poll_wait(filp, &queue_wait, wait);
922 922
923 /* alway allow write */ 923 /* alway allow write */
924 mask = POLL_OUT | POLLWRNORM; 924 mask = POLLOUT | POLLWRNORM;
925 925
926 if (!rp) 926 if (!rp)
927 return mask; 927 return mask;
diff --git a/net/sunrpc/xprtrdma/rpc_rdma.c b/net/sunrpc/xprtrdma/rpc_rdma.c
index 7e9acd9361c5..91ffde82fa0c 100644
--- a/net/sunrpc/xprtrdma/rpc_rdma.c
+++ b/net/sunrpc/xprtrdma/rpc_rdma.c
@@ -738,8 +738,9 @@ rpcrdma_reply_handler(struct rpcrdma_rep *rep)
738 struct rpc_xprt *xprt = rep->rr_xprt; 738 struct rpc_xprt *xprt = rep->rr_xprt;
739 struct rpcrdma_xprt *r_xprt = rpcx_to_rdmax(xprt); 739 struct rpcrdma_xprt *r_xprt = rpcx_to_rdmax(xprt);
740 __be32 *iptr; 740 __be32 *iptr;
741 int credits, rdmalen, status; 741 int rdmalen, status;
742 unsigned long cwnd; 742 unsigned long cwnd;
743 u32 credits;
743 744
744 /* Check status. If bad, signal disconnect and return rep to pool */ 745 /* Check status. If bad, signal disconnect and return rep to pool */
745 if (rep->rr_len == ~0U) { 746 if (rep->rr_len == ~0U) {
diff --git a/net/sunrpc/xprtrdma/xprt_rdma.h b/net/sunrpc/xprtrdma/xprt_rdma.h
index d1b70397c60f..0a16fb6f0885 100644
--- a/net/sunrpc/xprtrdma/xprt_rdma.h
+++ b/net/sunrpc/xprtrdma/xprt_rdma.h
@@ -285,7 +285,7 @@ rpcr_to_rdmar(struct rpc_rqst *rqst)
285 */ 285 */
286struct rpcrdma_buffer { 286struct rpcrdma_buffer {
287 spinlock_t rb_lock; /* protects indexes */ 287 spinlock_t rb_lock; /* protects indexes */
288 int rb_max_requests;/* client max requests */ 288 u32 rb_max_requests;/* client max requests */
289 struct list_head rb_mws; /* optional memory windows/fmrs/frmrs */ 289 struct list_head rb_mws; /* optional memory windows/fmrs/frmrs */
290 struct list_head rb_all; 290 struct list_head rb_all;
291 int rb_send_index; 291 int rb_send_index;
diff --git a/net/tipc/link.c b/net/tipc/link.c
index a4cf364316de..14f09b3cb87c 100644
--- a/net/tipc/link.c
+++ b/net/tipc/link.c
@@ -464,10 +464,11 @@ void tipc_link_reset(struct tipc_link *l_ptr)
464 /* Clean up all queues, except inputq: */ 464 /* Clean up all queues, except inputq: */
465 __skb_queue_purge(&l_ptr->outqueue); 465 __skb_queue_purge(&l_ptr->outqueue);
466 __skb_queue_purge(&l_ptr->deferred_queue); 466 __skb_queue_purge(&l_ptr->deferred_queue);
467 skb_queue_splice_init(&l_ptr->wakeupq, &l_ptr->inputq); 467 if (!owner->inputq)
468 if (!skb_queue_empty(&l_ptr->inputq)) 468 owner->inputq = &l_ptr->inputq;
469 skb_queue_splice_init(&l_ptr->wakeupq, owner->inputq);
470 if (!skb_queue_empty(owner->inputq))
469 owner->action_flags |= TIPC_MSG_EVT; 471 owner->action_flags |= TIPC_MSG_EVT;
470 owner->inputq = &l_ptr->inputq;
471 l_ptr->next_out = NULL; 472 l_ptr->next_out = NULL;
472 l_ptr->unacked_window = 0; 473 l_ptr->unacked_window = 0;
473 l_ptr->checkpoint = 1; 474 l_ptr->checkpoint = 1;
diff --git a/net/tipc/socket.c b/net/tipc/socket.c
index f73e975af80b..b4d4467d0bb0 100644
--- a/net/tipc/socket.c
+++ b/net/tipc/socket.c
@@ -2364,8 +2364,6 @@ int tipc_sk_rht_init(struct net *net)
2364 .hashfn = jhash, 2364 .hashfn = jhash,
2365 .max_shift = 20, /* 1M */ 2365 .max_shift = 20, /* 1M */
2366 .min_shift = 8, /* 256 */ 2366 .min_shift = 8, /* 256 */
2367 .grow_decision = rht_grow_above_75,
2368 .shrink_decision = rht_shrink_below_30,
2369 }; 2367 };
2370 2368
2371 return rhashtable_init(&tn->sk_rht, &rht_params); 2369 return rhashtable_init(&tn->sk_rht, &rht_params);
diff --git a/net/wireless/core.c b/net/wireless/core.c
index 3af0ecf1cc16..2a0bbd22854b 100644
--- a/net/wireless/core.c
+++ b/net/wireless/core.c
@@ -1199,6 +1199,7 @@ out_fail_wq:
1199 regulatory_exit(); 1199 regulatory_exit();
1200out_fail_reg: 1200out_fail_reg:
1201 debugfs_remove(ieee80211_debugfs_dir); 1201 debugfs_remove(ieee80211_debugfs_dir);
1202 nl80211_exit();
1202out_fail_nl80211: 1203out_fail_nl80211:
1203 unregister_netdevice_notifier(&cfg80211_netdev_notifier); 1204 unregister_netdevice_notifier(&cfg80211_netdev_notifier);
1204out_fail_notifier: 1205out_fail_notifier:
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index d78fd8b54515..be2501538011 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -2654,10 +2654,6 @@ static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
2654 return err; 2654 return err;
2655 } 2655 }
2656 2656
2657 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2658 if (!msg)
2659 return -ENOMEM;
2660
2661 err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ? 2657 err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ?
2662 info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL, 2658 info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL,
2663 &flags); 2659 &flags);
@@ -2666,6 +2662,10 @@ static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
2666 !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR)) 2662 !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
2667 return -EOPNOTSUPP; 2663 return -EOPNOTSUPP;
2668 2664
2665 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2666 if (!msg)
2667 return -ENOMEM;
2668
2669 wdev = rdev_add_virtual_intf(rdev, 2669 wdev = rdev_add_virtual_intf(rdev,
2670 nla_data(info->attrs[NL80211_ATTR_IFNAME]), 2670 nla_data(info->attrs[NL80211_ATTR_IFNAME]),
2671 type, err ? NULL : &flags, &params); 2671 type, err ? NULL : &flags, &params);
@@ -12528,9 +12528,7 @@ static int cfg80211_net_detect_results(struct sk_buff *msg,
12528 } 12528 }
12529 12529
12530 for (j = 0; j < match->n_channels; j++) { 12530 for (j = 0; j < match->n_channels; j++) {
12531 if (nla_put_u32(msg, 12531 if (nla_put_u32(msg, j, match->channels[j])) {
12532 NL80211_ATTR_WIPHY_FREQ,
12533 match->channels[j])) {
12534 nla_nest_cancel(msg, nl_freqs); 12532 nla_nest_cancel(msg, nl_freqs);
12535 nla_nest_cancel(msg, nl_match); 12533 nla_nest_cancel(msg, nl_match);
12536 goto out; 12534 goto out;
diff --git a/net/wireless/reg.c b/net/wireless/reg.c
index b586d0dcb09e..48dfc7b4e981 100644
--- a/net/wireless/reg.c
+++ b/net/wireless/reg.c
@@ -228,7 +228,7 @@ static DECLARE_DELAYED_WORK(reg_timeout, reg_timeout_work);
228 228
229/* We keep a static world regulatory domain in case of the absence of CRDA */ 229/* We keep a static world regulatory domain in case of the absence of CRDA */
230static const struct ieee80211_regdomain world_regdom = { 230static const struct ieee80211_regdomain world_regdom = {
231 .n_reg_rules = 6, 231 .n_reg_rules = 8,
232 .alpha2 = "00", 232 .alpha2 = "00",
233 .reg_rules = { 233 .reg_rules = {
234 /* IEEE 802.11b/g, channels 1..11 */ 234 /* IEEE 802.11b/g, channels 1..11 */
generated by cgit v1.2.2 (git 2.25.0) at 2026-01-01 07:30:58 -0500