tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

Pull networking fixes from David Miller:

1) Fix erroneous sock_orphan() leading to crashes and double
kfree_skb() in NFC protocol. From Thierry Escande and Samuel Ortiz.

2) Fix use after free in remain-on-channel mac80211 code, from Johannes
Berg.

3) nf_reset() needs to reset the NF tracing cookie, otherwise we can
leak it from one namespace into another. Fix from Gao Feng and
Patrick McHardy.

4) Fix overflow in channel scanning array of mwifiex driver, from Stone
Piao.

5) Fix loss of link after suspend/shutdown in r8169, from Hayes Wang.

6) Synchronization of unicast address lists to the undelying device
doesn't work because whether to sync is maintained as a boolean
rather than a true count. Fix from Vlad Yasevich.

7) Fix corruption of TSO packets in atl1e by limiting the segmented
packet length. From Hannes Frederic Sowa.

8) Revert bogus AF_UNIX credential passing change and fix the
coalescing issue properly, from Eric W Biederman.

9) Changes of ipv4 address lifetime settings needs to generate a
notification, from Jiri Pirko.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (22 commits)
netfilter: don't reset nf_trace in nf_reset()
net: ipv4: notify when address lifetime changes
ixgbe: fix registration order of driver and DCA nofitication
af_unix: If we don't care about credentials coallesce all messages
Revert "af_unix: dont send SCM_CREDENTIAL when dest socket is NULL"
bonding: remove sysfs before removing devices
atl1e: limit gso segment size to prevent generation of wrong ip length fields
net: count hw_addr syncs so that unsync works properly.
r8169: fix auto speed down issue
netfilter: ip6t_NPT: Fix translation for non-multiple of 32 prefix lengths
mwifiex: limit channel number not to overflow memory
NFC: microread: Fix build failure due to a new MEI bus API
iwlwifi: dvm: fix the passive-no-RX workaround
netfilter: nf_conntrack: fix error return code
NFC: llcp: Keep the connected socket parent pointer alive
mac80211: fix idle handling sequence
netfilter: nfnetlink_acct: return -EINVAL if object name is empty
netfilter: nfnetlink_queue: fix error return code in nfnetlink_queue_init()
netfilter: reset nf_trace in nf_reset
mac80211: fix remain-on-channel cancel crash
...

Linus Torvalds 53f63189 6cfa9238

+133 -75
+1 -1
drivers/net/bonding/bond_main.c
··· 4902 4902 4903 4903 bond_destroy_debugfs(); 4904 4904 4905 - rtnl_link_unregister(&bond_link_ops); 4906 4905 unregister_pernet_subsys(&bond_net_ops); 4906 + rtnl_link_unregister(&bond_link_ops); 4907 4907 4908 4908 #ifdef CONFIG_NET_POLL_CONTROLLER 4909 4909 /*
+1 -1
drivers/net/ethernet/atheros/atl1e/atl1e.h
··· 186 186 /* how about 0x2000 */ 187 187 #define MAX_TX_BUF_LEN 0x2000 188 188 #define MAX_TX_BUF_SHIFT 13 189 - /*#define MAX_TX_BUF_LEN 0x3000 */ 189 + #define MAX_TSO_SEG_SIZE 0x3c00 190 190 191 191 /* rrs word 1 bit 0:31 */ 192 192 #define RRS_RX_CSUM_MASK 0xFFFF
+1
drivers/net/ethernet/atheros/atl1e/atl1e_main.c
··· 2329 2329 2330 2330 INIT_WORK(&adapter->reset_task, atl1e_reset_task); 2331 2331 INIT_WORK(&adapter->link_chg_task, atl1e_link_chg_task); 2332 + netif_set_gso_max_size(netdev, MAX_TSO_SEG_SIZE); 2332 2333 err = register_netdev(netdev); 2333 2334 if (err) { 2334 2335 netdev_err(netdev, "register netdevice failed\n");
+9 -2
drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
··· 7922 7922 ixgbe_dbg_init(); 7923 7923 #endif /* CONFIG_DEBUG_FS */ 7924 7924 7925 + ret = pci_register_driver(&ixgbe_driver); 7926 + if (ret) { 7927 + #ifdef CONFIG_DEBUG_FS 7928 + ixgbe_dbg_exit(); 7929 + #endif /* CONFIG_DEBUG_FS */ 7930 + return ret; 7931 + } 7932 + 7925 7933 #ifdef CONFIG_IXGBE_DCA 7926 7934 dca_register_notify(&dca_notifier); 7927 7935 #endif 7928 7936 7929 - ret = pci_register_driver(&ixgbe_driver); 7930 - return ret; 7937 + return 0; 7931 7938 } 7932 7939 7933 7940 module_init(ixgbe_init_module);
+25 -3
drivers/net/ethernet/realtek/r8169.c
··· 3818 3818 } 3819 3819 } 3820 3820 3821 + static void rtl_speed_down(struct rtl8169_private *tp) 3822 + { 3823 + u32 adv; 3824 + int lpa; 3825 + 3826 + rtl_writephy(tp, 0x1f, 0x0000); 3827 + lpa = rtl_readphy(tp, MII_LPA); 3828 + 3829 + if (lpa & (LPA_10HALF | LPA_10FULL)) 3830 + adv = ADVERTISED_10baseT_Half | ADVERTISED_10baseT_Full; 3831 + else if (lpa & (LPA_100HALF | LPA_100FULL)) 3832 + adv = ADVERTISED_10baseT_Half | ADVERTISED_10baseT_Full | 3833 + ADVERTISED_100baseT_Half | ADVERTISED_100baseT_Full; 3834 + else 3835 + adv = ADVERTISED_10baseT_Half | ADVERTISED_10baseT_Full | 3836 + ADVERTISED_100baseT_Half | ADVERTISED_100baseT_Full | 3837 + (tp->mii.supports_gmii ? 3838 + ADVERTISED_1000baseT_Half | 3839 + ADVERTISED_1000baseT_Full : 0); 3840 + 3841 + rtl8169_set_speed(tp->dev, AUTONEG_ENABLE, SPEED_1000, DUPLEX_FULL, 3842 + adv); 3843 + } 3844 + 3821 3845 static void rtl_wol_suspend_quirk(struct rtl8169_private *tp) 3822 3846 { 3823 3847 void __iomem *ioaddr = tp->mmio_addr; ··· 3872 3848 if (!(__rtl8169_get_wol(tp) & WAKE_ANY)) 3873 3849 return false; 3874 3850 3875 - rtl_writephy(tp, 0x1f, 0x0000); 3876 - rtl_writephy(tp, MII_BMCR, 0x0000); 3877 - 3851 + rtl_speed_down(tp); 3878 3852 rtl_wol_suspend_quirk(tp); 3879 3853 3880 3854 return true;
+8 -10
drivers/net/wireless/iwlwifi/dvm/rxon.c
··· 1419 1419 1420 1420 mutex_lock(&priv->mutex); 1421 1421 1422 + if (changes & BSS_CHANGED_IDLE && bss_conf->idle) { 1423 + /* 1424 + * If we go idle, then clearly no "passive-no-rx" 1425 + * workaround is needed any more, this is a reset. 1426 + */ 1427 + iwlagn_lift_passive_no_rx(priv); 1428 + } 1429 + 1422 1430 if (unlikely(!iwl_is_ready(priv))) { 1423 1431 IWL_DEBUG_MAC80211(priv, "leave - not ready\n"); 1424 1432 mutex_unlock(&priv->mutex); ··· 1458 1450 priv->timestamp = bss_conf->sync_tsf; 1459 1451 ctx->staging.filter_flags |= RXON_FILTER_ASSOC_MSK; 1460 1452 } else { 1461 - /* 1462 - * If we disassociate while there are pending 1463 - * frames, just wake up the queues and let the 1464 - * frames "escape" ... This shouldn't really 1465 - * be happening to start with, but we should 1466 - * not get stuck in this case either since it 1467 - * can happen if userspace gets confused. 1468 - */ 1469 - iwlagn_lift_passive_no_rx(priv); 1470 - 1471 1453 ctx->staging.filter_flags &= ~RXON_FILTER_ASSOC_MSK; 1472 1454 1473 1455 if (ctx->ctxid == IWL_RXON_CTX_BSS)
+1 -1
drivers/net/wireless/iwlwifi/dvm/tx.c
··· 1192 1192 memset(&info->status, 0, sizeof(info->status)); 1193 1193 1194 1194 if (status == TX_STATUS_FAIL_PASSIVE_NO_RX && 1195 - iwl_is_associated_ctx(ctx) && ctx->vif && 1195 + ctx->vif && 1196 1196 ctx->vif->type == NL80211_IFTYPE_STATION) { 1197 1197 /* block and stop all queues */ 1198 1198 priv->passive_no_rx = true;
+2 -1
drivers/net/wireless/mwifiex/cfg80211.c
··· 1892 1892 } 1893 1893 } 1894 1894 1895 - for (i = 0; i < request->n_channels; i++) { 1895 + for (i = 0; i < min_t(u32, request->n_channels, 1896 + MWIFIEX_USER_SCAN_CHAN_MAX); i++) { 1896 1897 chan = request->channels[i]; 1897 1898 priv->user_scan_cfg->chan_list[i].chan_number = chan->hw_value; 1898 1899 priv->user_scan_cfg->chan_list[i].radio_type = chan->band;
+17 -21
drivers/nfc/microread/mei.c
··· 22 22 #include <linux/slab.h> 23 23 #include <linux/interrupt.h> 24 24 #include <linux/gpio.h> 25 - #include <linux/mei_bus.h> 25 + #include <linux/mei_cl_bus.h> 26 26 27 27 #include <linux/nfc.h> 28 28 #include <net/nfc/hci.h> ··· 31 31 #include "microread.h" 32 32 33 33 #define MICROREAD_DRIVER_NAME "microread" 34 - 35 - #define MICROREAD_UUID UUID_LE(0x0bb17a78, 0x2a8e, 0x4c50, 0x94, \ 36 - 0xd4, 0x50, 0x26, 0x67, 0x23, 0x77, 0x5c) 37 34 38 35 struct mei_nfc_hdr { 39 36 u8 cmd; ··· 45 48 #define MEI_NFC_MAX_READ (MEI_NFC_HEADER_SIZE + MEI_NFC_MAX_HCI_PAYLOAD) 46 49 47 50 struct microread_mei_phy { 48 - struct mei_device *mei_device; 51 + struct mei_cl_device *device; 49 52 struct nfc_hci_dev *hdev; 50 53 51 54 int powered; ··· 102 105 103 106 MEI_DUMP_SKB_OUT("mei frame sent", skb); 104 107 105 - r = mei_send(phy->device, skb->data, skb->len); 108 + r = mei_cl_send(phy->device, skb->data, skb->len); 106 109 if (r > 0) 107 110 r = 0; 108 111 109 112 return r; 110 113 } 111 114 112 - static void microread_event_cb(struct mei_device *device, u32 events, 115 + static void microread_event_cb(struct mei_cl_device *device, u32 events, 113 116 void *context) 114 117 { 115 118 struct microread_mei_phy *phy = context; ··· 117 120 if (phy->hard_fault != 0) 118 121 return; 119 122 120 - if (events & BIT(MEI_EVENT_RX)) { 123 + if (events & BIT(MEI_CL_EVENT_RX)) { 121 124 struct sk_buff *skb; 122 125 int reply_size; 123 126 ··· 125 128 if (!skb) 126 129 return; 127 130 128 - reply_size = mei_recv(device, skb->data, MEI_NFC_MAX_READ); 131 + reply_size = mei_cl_recv(device, skb->data, MEI_NFC_MAX_READ); 129 132 if (reply_size < MEI_NFC_HEADER_SIZE) { 130 133 kfree(skb); 131 134 return; ··· 146 149 .disable = microread_mei_disable, 147 150 }; 148 151 149 - static int microread_mei_probe(struct mei_device *device, 150 - const struct mei_id *id) 152 + static int microread_mei_probe(struct mei_cl_device *device, 153 + const struct mei_cl_device_id *id) 151 154 { 152 155 struct microread_mei_phy *phy; 153 156 int r; ··· 161 164 } 162 165 163 166 phy->device = device; 164 - mei_set_clientdata(device, phy); 167 + mei_cl_set_drvdata(device, phy); 165 168 166 - r = mei_register_event_cb(device, microread_event_cb, phy); 169 + r = mei_cl_register_event_cb(device, microread_event_cb, phy); 167 170 if (r) { 168 171 pr_err(MICROREAD_DRIVER_NAME ": event cb registration failed\n"); 169 172 goto err_out; ··· 183 186 return r; 184 187 } 185 188 186 - static int microread_mei_remove(struct mei_device *device) 189 + static int microread_mei_remove(struct mei_cl_device *device) 187 190 { 188 - struct microread_mei_phy *phy = mei_get_clientdata(device); 191 + struct microread_mei_phy *phy = mei_cl_get_drvdata(device); 189 192 190 193 pr_info("Removing microread\n"); 191 194 ··· 199 202 return 0; 200 203 } 201 204 202 - static struct mei_id microread_mei_tbl[] = { 203 - { MICROREAD_DRIVER_NAME, MICROREAD_UUID }, 205 + static struct mei_cl_device_id microread_mei_tbl[] = { 206 + { MICROREAD_DRIVER_NAME }, 204 207 205 208 /* required last entry */ 206 209 { } 207 210 }; 208 - 209 211 MODULE_DEVICE_TABLE(mei, microread_mei_tbl); 210 212 211 - static struct mei_driver microread_driver = { 213 + static struct mei_cl_driver microread_driver = { 212 214 .id_table = microread_mei_tbl, 213 215 .name = MICROREAD_DRIVER_NAME, 214 216 ··· 221 225 222 226 pr_debug(DRIVER_DESC ": %s\n", __func__); 223 227 224 - r = mei_driver_register(&microread_driver); 228 + r = mei_cl_driver_register(&microread_driver); 225 229 if (r) { 226 230 pr_err(MICROREAD_DRIVER_NAME ": driver registration failed\n"); 227 231 return r; ··· 232 236 233 237 static void microread_mei_exit(void) 234 238 { 235 - mei_driver_unregister(&microread_driver); 239 + mei_cl_driver_unregister(&microread_driver); 236 240 } 237 241 238 242 module_init(microread_mei_init);
+1 -1
include/linux/netdevice.h
··· 210 210 #define NETDEV_HW_ADDR_T_SLAVE 3 211 211 #define NETDEV_HW_ADDR_T_UNICAST 4 212 212 #define NETDEV_HW_ADDR_T_MULTICAST 5 213 - bool synced; 214 213 bool global_use; 215 214 int refcount; 215 + int synced; 216 216 struct rcu_head rcu_head; 217 217 }; 218 218
+7
include/linux/skbuff.h
··· 2643 2643 #endif 2644 2644 } 2645 2645 2646 + static inline void nf_reset_trace(struct sk_buff *skb) 2647 + { 2648 + #if IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TRACE) 2649 + skb->nf_trace = 0; 2650 + #endif 2651 + } 2652 + 2646 2653 /* Note: This doesn't put any conntrack and bridge info in dst. */ 2647 2654 static inline void __nf_copy(struct sk_buff *dst, const struct sk_buff *src) 2648 2655 {
+1
net/core/dev.c
··· 1639 1639 skb->mark = 0; 1640 1640 secpath_reset(skb); 1641 1641 nf_reset(skb); 1642 + nf_reset_trace(skb); 1642 1643 return netif_rx(skb); 1643 1644 } 1644 1645 EXPORT_SYMBOL_GPL(dev_forward_skb);
+3 -3
net/core/dev_addr_lists.c
··· 37 37 ha->type = addr_type; 38 38 ha->refcount = 1; 39 39 ha->global_use = global; 40 - ha->synced = false; 40 + ha->synced = 0; 41 41 list_add_tail_rcu(&ha->list, &list->list); 42 42 list->count++; 43 43 ··· 165 165 addr_len, ha->type); 166 166 if (err) 167 167 break; 168 - ha->synced = true; 168 + ha->synced++; 169 169 ha->refcount++; 170 170 } else if (ha->refcount == 1) { 171 171 __hw_addr_del(to_list, ha->addr, addr_len, ha->type); ··· 186 186 if (ha->synced) { 187 187 __hw_addr_del(to_list, ha->addr, 188 188 addr_len, ha->type); 189 - ha->synced = false; 189 + ha->synced--; 190 190 __hw_addr_del(from_list, ha->addr, 191 191 addr_len, ha->type); 192 192 }
+4 -2
net/ipv4/devinet.c
··· 802 802 if (nlh->nlmsg_flags & NLM_F_EXCL || 803 803 !(nlh->nlmsg_flags & NLM_F_REPLACE)) 804 804 return -EEXIST; 805 - 806 - set_ifa_lifetime(ifa_existing, valid_lft, prefered_lft); 805 + ifa = ifa_existing; 806 + set_ifa_lifetime(ifa, valid_lft, prefered_lft); 807 + rtmsg_ifa(RTM_NEWADDR, ifa, nlh, NETLINK_CB(skb).portid); 808 + blocking_notifier_call_chain(&inetaddr_chain, NETDEV_UP, ifa); 807 809 } 808 810 return 0; 809 811 }
+1 -1
net/ipv6/netfilter/ip6t_NPT.c
··· 57 57 if (pfx_len - i >= 32) 58 58 mask = 0; 59 59 else 60 - mask = htonl(~((1 << (pfx_len - i)) - 1)); 60 + mask = htonl((1 << (i - pfx_len + 32)) - 1); 61 61 62 62 idx = i / 32; 63 63 addr->s6_addr32[idx] &= mask;
+4 -2
net/mac80211/cfg.c
··· 2582 2582 list_del(&dep->list); 2583 2583 mutex_unlock(&local->mtx); 2584 2584 2585 - ieee80211_roc_notify_destroy(dep); 2585 + ieee80211_roc_notify_destroy(dep, true); 2586 2586 return 0; 2587 2587 } 2588 2588 ··· 2622 2622 ieee80211_start_next_roc(local); 2623 2623 mutex_unlock(&local->mtx); 2624 2624 2625 - ieee80211_roc_notify_destroy(found); 2625 + ieee80211_roc_notify_destroy(found, true); 2626 2626 } else { 2627 2627 /* work may be pending so use it all the time */ 2628 2628 found->abort = true; ··· 2632 2632 2633 2633 /* work will clean up etc */ 2634 2634 flush_delayed_work(&found->work); 2635 + WARN_ON(!found->to_be_freed); 2636 + kfree(found); 2635 2637 } 2636 2638 2637 2639 return 0;
+14 -3
net/mac80211/chan.c
··· 63 63 enum ieee80211_chanctx_mode mode) 64 64 { 65 65 struct ieee80211_chanctx *ctx; 66 + u32 changed; 66 67 int err; 67 68 68 69 lockdep_assert_held(&local->chanctx_mtx); ··· 77 76 ctx->conf.rx_chains_dynamic = 1; 78 77 ctx->mode = mode; 79 78 79 + /* acquire mutex to prevent idle from changing */ 80 + mutex_lock(&local->mtx); 81 + /* turn idle off *before* setting channel -- some drivers need that */ 82 + changed = ieee80211_idle_off(local); 83 + if (changed) 84 + ieee80211_hw_config(local, changed); 85 + 80 86 if (!local->use_chanctx) { 81 87 local->_oper_channel_type = 82 88 cfg80211_get_chandef_type(chandef); ··· 93 85 err = drv_add_chanctx(local, ctx); 94 86 if (err) { 95 87 kfree(ctx); 96 - return ERR_PTR(err); 88 + ctx = ERR_PTR(err); 89 + 90 + ieee80211_recalc_idle(local); 91 + goto out; 97 92 } 98 93 } 99 94 95 + /* and keep the mutex held until the new chanctx is on the list */ 100 96 list_add_rcu(&ctx->list, &local->chanctx_list); 101 97 102 - mutex_lock(&local->mtx); 103 - ieee80211_recalc_idle(local); 98 + out: 104 99 mutex_unlock(&local->mtx); 105 100 106 101 return ctx;
+3 -1
net/mac80211/ieee80211_i.h
··· 309 309 struct ieee80211_channel *chan; 310 310 311 311 bool started, abort, hw_begun, notified; 312 + bool to_be_freed; 312 313 313 314 unsigned long hw_start_time; 314 315 ··· 1348 1347 void ieee80211_roc_setup(struct ieee80211_local *local); 1349 1348 void ieee80211_start_next_roc(struct ieee80211_local *local); 1350 1349 void ieee80211_roc_purge(struct ieee80211_sub_if_data *sdata); 1351 - void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc); 1350 + void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc, bool free); 1352 1351 void ieee80211_sw_roc_work(struct work_struct *work); 1353 1352 void ieee80211_handle_roc_started(struct ieee80211_roc_work *roc); 1354 1353 ··· 1362 1361 enum nl80211_iftype type); 1363 1362 void ieee80211_if_remove(struct ieee80211_sub_if_data *sdata); 1364 1363 void ieee80211_remove_interfaces(struct ieee80211_local *local); 1364 + u32 ieee80211_idle_off(struct ieee80211_local *local); 1365 1365 void ieee80211_recalc_idle(struct ieee80211_local *local); 1366 1366 void ieee80211_adjust_monitor_flags(struct ieee80211_sub_if_data *sdata, 1367 1367 const int offset);
+1 -1
net/mac80211/iface.c
··· 78 78 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_TXPOWER); 79 79 } 80 80 81 - static u32 ieee80211_idle_off(struct ieee80211_local *local) 81 + u32 ieee80211_idle_off(struct ieee80211_local *local) 82 82 { 83 83 if (!(local->hw.conf.flags & IEEE80211_CONF_IDLE)) 84 84 return 0;
+17 -6
net/mac80211/offchannel.c
··· 297 297 } 298 298 } 299 299 300 - void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc) 300 + void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc, bool free) 301 301 { 302 302 struct ieee80211_roc_work *dep, *tmp; 303 + 304 + if (WARN_ON(roc->to_be_freed)) 305 + return; 303 306 304 307 /* was never transmitted */ 305 308 if (roc->frame) { ··· 319 316 GFP_KERNEL); 320 317 321 318 list_for_each_entry_safe(dep, tmp, &roc->dependents, list) 322 - ieee80211_roc_notify_destroy(dep); 319 + ieee80211_roc_notify_destroy(dep, true); 323 320 324 - kfree(roc); 321 + if (free) 322 + kfree(roc); 323 + else 324 + roc->to_be_freed = true; 325 325 } 326 326 327 327 void ieee80211_sw_roc_work(struct work_struct *work) ··· 336 330 bool started; 337 331 338 332 mutex_lock(&local->mtx); 333 + 334 + if (roc->to_be_freed) 335 + goto out_unlock; 339 336 340 337 if (roc->abort) 341 338 goto finish; ··· 379 370 finish: 380 371 list_del(&roc->list); 381 372 started = roc->started; 382 - ieee80211_roc_notify_destroy(roc); 373 + ieee80211_roc_notify_destroy(roc, !roc->abort); 383 374 384 375 if (started) { 385 376 drv_flush(local, false); ··· 419 410 420 411 list_del(&roc->list); 421 412 422 - ieee80211_roc_notify_destroy(roc); 413 + ieee80211_roc_notify_destroy(roc, true); 423 414 424 415 /* if there's another roc, start it now */ 425 416 ieee80211_start_next_roc(local); ··· 469 460 list_for_each_entry_safe(roc, tmp, &tmp_list, list) { 470 461 if (local->ops->remain_on_channel) { 471 462 list_del(&roc->list); 472 - ieee80211_roc_notify_destroy(roc); 463 + ieee80211_roc_notify_destroy(roc, true); 473 464 } else { 474 465 ieee80211_queue_delayed_work(&local->hw, &roc->work, 0); 475 466 476 467 /* work will clean up etc */ 477 468 flush_delayed_work(&roc->work); 469 + WARN_ON(!roc->to_be_freed); 470 + kfree(roc); 478 471 } 479 472 } 480 473
+1
net/netfilter/nf_conntrack_standalone.c
··· 568 568 register_net_sysctl(&init_net, "net", nf_ct_netfilter_table); 569 569 if (!nf_ct_netfilter_header) { 570 570 pr_err("nf_conntrack: can't register to sysctl.\n"); 571 + ret = -ENOMEM; 571 572 goto out_sysctl; 572 573 } 573 574 #endif
-8
net/nfc/llcp/llcp.c
··· 107 107 accept_sk->sk_state_change(sk); 108 108 109 109 bh_unlock_sock(accept_sk); 110 - 111 - sock_orphan(accept_sk); 112 110 } 113 111 114 112 if (listen == true) { ··· 131 133 sk->sk_state_change(sk); 132 134 133 135 bh_unlock_sock(sk); 134 - 135 - sock_orphan(sk); 136 136 137 137 sk_del_node_init(sk); 138 138 } ··· 159 163 sk->sk_state_change(sk); 160 164 161 165 bh_unlock_sock(sk); 162 - 163 - sock_orphan(sk); 164 166 165 167 sk_del_node_init(sk); 166 168 } ··· 821 827 skb_get(skb); 822 828 } else { 823 829 pr_err("Receive queue is full\n"); 824 - kfree_skb(skb); 825 830 } 826 831 827 832 nfc_llcp_sock_put(llcp_sock); ··· 1021 1028 skb_get(skb); 1022 1029 } else { 1023 1030 pr_err("Receive queue is full\n"); 1024 - kfree_skb(skb); 1025 1031 } 1026 1032 } 1027 1033
+3 -3
net/nfc/llcp/sock.c
··· 270 270 } 271 271 272 272 if (sk->sk_state == LLCP_CONNECTED || !newsock) { 273 - nfc_llcp_accept_unlink(sk); 273 + list_del_init(&lsk->accept_queue); 274 + sock_put(sk); 275 + 274 276 if (newsock) 275 277 sock_graft(sk, newsock); 276 278 ··· 466 464 nfc_llcp_accept_unlink(accept_sk); 467 465 468 466 release_sock(accept_sk); 469 - 470 - sock_orphan(accept_sk); 471 467 } 472 468 } 473 469
+3 -3
net/unix/af_unix.c
··· 1412 1412 if (UNIXCB(skb).cred) 1413 1413 return; 1414 1414 if (test_bit(SOCK_PASSCRED, &sock->flags) || 1415 - (other->sk_socket && 1416 - test_bit(SOCK_PASSCRED, &other->sk_socket->flags))) { 1415 + !other->sk_socket || 1416 + test_bit(SOCK_PASSCRED, &other->sk_socket->flags)) { 1417 1417 UNIXCB(skb).pid = get_pid(task_tgid(current)); 1418 1418 UNIXCB(skb).cred = get_current_cred(); 1419 1419 } ··· 1993 1993 if ((UNIXCB(skb).pid != siocb->scm->pid) || 1994 1994 (UNIXCB(skb).cred != siocb->scm->cred)) 1995 1995 break; 1996 - } else { 1996 + } else if (test_bit(SOCK_PASSCRED, &sock->flags)) { 1997 1997 /* Copy credentials */ 1998 1998 scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred); 1999 1999 check_creds = 1;