tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

Pull networking update from David Miller:

1) Fix RX sequence number handling in mwifiex, from Stone Piao.

2) Netfilter ipset mis-compares device names, fix from Florian
Westphal.

3) Fix route leak in ipv6 IPVS, from Eric Dumazet.

4) NFS fixes. Several buffer overflows in NCI layer from Dan
Rosenberg, and release sock OOPS'er fix from Eric Dumazet.

5) Fix WEP handling ath9k, we started using a bit the chip provides to
indicate undecrypted packets but that bit turns out to be unreliable
in certain configurations. Fix from Felix Fietkau.

6) Fix Kconfig dependency bug in wlcore, from Randy Dunlap.

7) New USB IDs for rtlwifi driver from Larry Finger.

8) Fix crashes in qmi_wwan usbnet driver when disconnecting, from Bjørn
Mork.

9) Gianfar driver programs coalescing settings properly in single queue
mode, but does not do so in multi-queue mode. Fix from Claudiu
Manoil.

10) Missing module.h include in davinci_cpdma.c, from Daniel Mack.

11) Need dummy handler for IPSET_CMD_NONE otherwise we crash in ipset if
we get this via nfnetlink, fix from Tomasz Bursztyka.

12) Missing RCU unlock in nfnetlink error path, also from Tomasz.

13) Fix divide by zero in igbvf when the user tries to set an RX
coalescing value of 0 usecs, from Mitch A Williams.

14) We can process SCTP sacks for the wrong transport, oops. Fix from
Neil Horman.

15) Remove hw IP payload checksumming from e1000e driver. This has zery
value in our stack, and turning it on creates a very unintuitive
restriction for users when using jumbo MTUs.

Specifically, when IP payload checksums are on you cannot use both
receive hashing offload and jumbo MTU. Fix from Bruce Allan.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (27 commits)
e1000e: remove use of IP payload checksum
sctp: be more restrictive in transport selection on bundled sacks
igbvf: fix divide by zero
netfilter: nfnetlink: fix missing rcu_read_unlock in nfnetlink_rcv_msg
netfilter: ipset: fix crash if IPSET_CMD_NONE command is sent
davinci_cpdma: include linux/module.h
gianfar: Fix RXICr/TXICr programming for multi-queue mode
net: Downgrade CAP_SYS_MODULE deprecated message from error to warning.
net: qmi_wwan: fix Oops while disconnecting
mwifiex: fix memory leak associated with IE manamgement
ath9k: fix panic caused by returning a descriptor we have queued for reuse
mac80211: correct behaviour on unrecognised action frames
ath9k: enable serialize_regmode for non-PCIE AR9287
rtlwifi: rtl8192cu: New USB IDs
NFC: Return from rawsock_release when sk is NULL
iwlwifi: fix activating inactive stations
wlcore: drop INET dependency
ath9k: fix dynamic WEP related regression
NFC: Prevent multiple buffer overflows in NCI
netfilter: update location of my trees
...

Linus Torvalds 56728748 dab058fd

+197 -161
+2 -2
MAINTAINERS
··· 4654 4654 L: coreteam@netfilter.org 4655 4655 W: http://www.netfilter.org/ 4656 4656 W: http://www.iptables.org/ 4657 - T: git git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-2.6.git 4658 - T: git git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next-2.6.git 4657 + T: git git://1984.lsi.us.es/nf 4658 + T: git git://1984.lsi.us.es/nf-next 4659 4659 S: Supported 4660 4660 F: include/linux/netfilter* 4661 4661 F: include/linux/netfilter/
+4 -6
drivers/net/ethernet/freescale/gianfar.c
··· 1804 1804 if (priv->mode == MQ_MG_MODE) { 1805 1805 baddr = &regs->txic0; 1806 1806 for_each_set_bit(i, &tx_mask, priv->num_tx_queues) { 1807 - if (likely(priv->tx_queue[i]->txcoalescing)) { 1808 - gfar_write(baddr + i, 0); 1807 + gfar_write(baddr + i, 0); 1808 + if (likely(priv->tx_queue[i]->txcoalescing)) 1809 1809 gfar_write(baddr + i, priv->tx_queue[i]->txic); 1810 - } 1811 1810 } 1812 1811 1813 1812 baddr = &regs->rxic0; 1814 1813 for_each_set_bit(i, &rx_mask, priv->num_rx_queues) { 1815 - if (likely(priv->rx_queue[i]->rxcoalescing)) { 1816 - gfar_write(baddr + i, 0); 1814 + gfar_write(baddr + i, 0); 1815 + if (likely(priv->rx_queue[i]->rxcoalescing)) 1817 1816 gfar_write(baddr + i, priv->rx_queue[i]->rxic); 1818 - } 1819 1817 } 1820 1818 } 1821 1819 }
+1
drivers/net/ethernet/intel/e1000e/defines.h
··· 103 103 #define E1000_RXD_ERR_SEQ 0x04 /* Sequence Error */ 104 104 #define E1000_RXD_ERR_CXE 0x10 /* Carrier Extension Error */ 105 105 #define E1000_RXD_ERR_TCPE 0x20 /* TCP/UDP Checksum Error */ 106 + #define E1000_RXD_ERR_IPE 0x40 /* IP Checksum Error */ 106 107 #define E1000_RXD_ERR_RXE 0x80 /* Rx Data Error */ 107 108 #define E1000_RXD_SPC_VLAN_MASK 0x0FFF /* VLAN ID is in lower 12 bits */ 108 109
+14 -61
drivers/net/ethernet/intel/e1000e/netdev.c
··· 496 496 * @sk_buff: socket buffer with received data 497 497 **/ 498 498 static void e1000_rx_checksum(struct e1000_adapter *adapter, u32 status_err, 499 - __le16 csum, struct sk_buff *skb) 499 + struct sk_buff *skb) 500 500 { 501 501 u16 status = (u16)status_err; 502 502 u8 errors = (u8)(status_err >> 24); ··· 511 511 if (status & E1000_RXD_STAT_IXSM) 512 512 return; 513 513 514 - /* TCP/UDP checksum error bit is set */ 515 - if (errors & E1000_RXD_ERR_TCPE) { 514 + /* TCP/UDP checksum error bit or IP checksum error bit is set */ 515 + if (errors & (E1000_RXD_ERR_TCPE | E1000_RXD_ERR_IPE)) { 516 516 /* let the stack verify checksum errors */ 517 517 adapter->hw_csum_err++; 518 518 return; ··· 523 523 return; 524 524 525 525 /* It must be a TCP or UDP packet with a valid checksum */ 526 - if (status & E1000_RXD_STAT_TCPCS) { 527 - /* TCP checksum is good */ 528 - skb->ip_summed = CHECKSUM_UNNECESSARY; 529 - } else { 530 - /* 531 - * IP fragment with UDP payload 532 - * Hardware complements the payload checksum, so we undo it 533 - * and then put the value in host order for further stack use. 534 - */ 535 - __sum16 sum = (__force __sum16)swab16((__force u16)csum); 536 - skb->csum = csum_unfold(~sum); 537 - skb->ip_summed = CHECKSUM_COMPLETE; 538 - } 526 + skb->ip_summed = CHECKSUM_UNNECESSARY; 539 527 adapter->hw_csum_good++; 540 528 } 541 529 ··· 942 954 skb_put(skb, length); 943 955 944 956 /* Receive Checksum Offload */ 945 - e1000_rx_checksum(adapter, staterr, 946 - rx_desc->wb.lower.hi_dword.csum_ip.csum, skb); 957 + e1000_rx_checksum(adapter, staterr, skb); 947 958 948 959 e1000_rx_hash(netdev, rx_desc->wb.lower.hi_dword.rss, skb); 949 960 ··· 1328 1341 total_rx_bytes += skb->len; 1329 1342 total_rx_packets++; 1330 1343 1331 - e1000_rx_checksum(adapter, staterr, 1332 - rx_desc->wb.lower.hi_dword.csum_ip.csum, skb); 1344 + e1000_rx_checksum(adapter, staterr, skb); 1333 1345 1334 1346 e1000_rx_hash(netdev, rx_desc->wb.lower.hi_dword.rss, skb); 1335 1347 ··· 1498 1512 } 1499 1513 } 1500 1514 1501 - /* Receive Checksum Offload XXX recompute due to CRC strip? */ 1502 - e1000_rx_checksum(adapter, staterr, 1503 - rx_desc->wb.lower.hi_dword.csum_ip.csum, skb); 1515 + /* Receive Checksum Offload */ 1516 + e1000_rx_checksum(adapter, staterr, skb); 1504 1517 1505 1518 e1000_rx_hash(netdev, rx_desc->wb.lower.hi_dword.rss, skb); 1506 1519 ··· 3083 3098 3084 3099 /* Enable Receive Checksum Offload for TCP and UDP */ 3085 3100 rxcsum = er32(RXCSUM); 3086 - if (adapter->netdev->features & NETIF_F_RXCSUM) { 3101 + if (adapter->netdev->features & NETIF_F_RXCSUM) 3087 3102 rxcsum |= E1000_RXCSUM_TUOFL; 3088 - 3089 - /* 3090 - * IPv4 payload checksum for UDP fragments must be 3091 - * used in conjunction with packet-split. 3092 - */ 3093 - if (adapter->rx_ps_pages) 3094 - rxcsum |= E1000_RXCSUM_IPPCSE; 3095 - } else { 3103 + else 3096 3104 rxcsum &= ~E1000_RXCSUM_TUOFL; 3097 - /* no need to clear IPPCSE as it defaults to 0 */ 3098 - } 3099 3105 ew32(RXCSUM, rxcsum); 3100 3106 3101 3107 if (adapter->hw.mac.type == e1000_pch2lan) { ··· 5217 5241 int max_frame = new_mtu + ETH_HLEN + ETH_FCS_LEN; 5218 5242 5219 5243 /* Jumbo frame support */ 5220 - if (max_frame > ETH_FRAME_LEN + ETH_FCS_LEN) { 5221 - if (!(adapter->flags & FLAG_HAS_JUMBO_FRAMES)) { 5222 - e_err("Jumbo Frames not supported.\n"); 5223 - return -EINVAL; 5224 - } 5225 - 5226 - /* 5227 - * IP payload checksum (enabled with jumbos/packet-split when 5228 - * Rx checksum is enabled) and generation of RSS hash is 5229 - * mutually exclusive in the hardware. 5230 - */ 5231 - if ((netdev->features & NETIF_F_RXCSUM) && 5232 - (netdev->features & NETIF_F_RXHASH)) { 5233 - e_err("Jumbo frames cannot be enabled when both receive checksum offload and receive hashing are enabled. Disable one of the receive offload features before enabling jumbos.\n"); 5234 - return -EINVAL; 5235 - } 5244 + if ((max_frame > ETH_FRAME_LEN + ETH_FCS_LEN) && 5245 + !(adapter->flags & FLAG_HAS_JUMBO_FRAMES)) { 5246 + e_err("Jumbo Frames not supported.\n"); 5247 + return -EINVAL; 5236 5248 } 5237 5249 5238 5250 /* Supported frame sizes */ ··· 5993 6029 NETIF_F_RXCSUM | NETIF_F_RXHASH | NETIF_F_RXFCS | 5994 6030 NETIF_F_RXALL))) 5995 6031 return 0; 5996 - 5997 - /* 5998 - * IP payload checksum (enabled with jumbos/packet-split when Rx 5999 - * checksum is enabled) and generation of RSS hash is mutually 6000 - * exclusive in the hardware. 6001 - */ 6002 - if (adapter->rx_ps_pages && 6003 - (features & NETIF_F_RXCSUM) && (features & NETIF_F_RXHASH)) { 6004 - e_err("Enabling both receive checksum offload and receive hashing is not possible with jumbo frames. Disable jumbos or enable only one of the receive offload features.\n"); 6005 - return -EINVAL; 6006 - } 6007 6032 6008 6033 if (changed & NETIF_F_RXFCS) { 6009 6034 if (features & NETIF_F_RXFCS) {
+19 -12
drivers/net/ethernet/intel/igbvf/ethtool.c
··· 357 357 struct igbvf_adapter *adapter = netdev_priv(netdev); 358 358 struct e1000_hw *hw = &adapter->hw; 359 359 360 - if ((ec->rx_coalesce_usecs > IGBVF_MAX_ITR_USECS) || 361 - ((ec->rx_coalesce_usecs > 3) && 362 - (ec->rx_coalesce_usecs < IGBVF_MIN_ITR_USECS)) || 363 - (ec->rx_coalesce_usecs == 2)) 364 - return -EINVAL; 365 - 366 - /* convert to rate of irq's per second */ 367 - if (ec->rx_coalesce_usecs && ec->rx_coalesce_usecs <= 3) { 368 - adapter->current_itr = IGBVF_START_ITR; 369 - adapter->requested_itr = ec->rx_coalesce_usecs; 370 - } else { 360 + if ((ec->rx_coalesce_usecs >= IGBVF_MIN_ITR_USECS) && 361 + (ec->rx_coalesce_usecs <= IGBVF_MAX_ITR_USECS)) { 371 362 adapter->current_itr = ec->rx_coalesce_usecs << 2; 372 363 adapter->requested_itr = 1000000000 / 373 364 (adapter->current_itr * 256); 374 - } 365 + } else if ((ec->rx_coalesce_usecs == 3) || 366 + (ec->rx_coalesce_usecs == 2)) { 367 + adapter->current_itr = IGBVF_START_ITR; 368 + adapter->requested_itr = ec->rx_coalesce_usecs; 369 + } else if (ec->rx_coalesce_usecs == 0) { 370 + /* 371 + * The user's desire is to turn off interrupt throttling 372 + * altogether, but due to HW limitations, we can't do that. 373 + * Instead we set a very small value in EITR, which would 374 + * allow ~967k interrupts per second, but allow the adapter's 375 + * internal clocking to still function properly. 376 + */ 377 + adapter->current_itr = 4; 378 + adapter->requested_itr = 1000000000 / 379 + (adapter->current_itr * 256); 380 + } else 381 + return -EINVAL; 375 382 376 383 writel(adapter->current_itr, 377 384 hw->hw_addr + adapter->rx_ring->itr_register);
+1
drivers/net/ethernet/ti/davinci_cpdma.c
··· 15 15 #include <linux/kernel.h> 16 16 #include <linux/spinlock.h> 17 17 #include <linux/device.h> 18 + #include <linux/module.h> 18 19 #include <linux/slab.h> 19 20 #include <linux/err.h> 20 21 #include <linux/dma-mapping.h>
+4
drivers/net/usb/qmi_wwan.c
··· 197 197 static int qmi_wwan_cdc_wdm_manage_power(struct usb_interface *intf, int on) 198 198 { 199 199 struct usbnet *dev = usb_get_intfdata(intf); 200 + 201 + /* can be called while disconnecting */ 202 + if (!dev) 203 + return 0; 200 204 return qmi_wwan_manage_power(dev, on); 201 205 } 202 206
+1
drivers/net/wireless/ath/ath.h
··· 143 143 u32 keymax; 144 144 DECLARE_BITMAP(keymap, ATH_KEYMAX); 145 145 DECLARE_BITMAP(tkip_keymap, ATH_KEYMAX); 146 + DECLARE_BITMAP(ccmp_keymap, ATH_KEYMAX); 146 147 enum ath_crypt_caps crypt_caps; 147 148 148 149 unsigned int clockrate;
+1 -1
drivers/net/wireless/ath/ath9k/hw.c
··· 622 622 623 623 if (NR_CPUS > 1 && ah->config.serialize_regmode == SER_REG_MODE_AUTO) { 624 624 if (ah->hw_version.macVersion == AR_SREV_VERSION_5416_PCI || 625 - ((AR_SREV_9160(ah) || AR_SREV_9280(ah)) && 625 + ((AR_SREV_9160(ah) || AR_SREV_9280(ah) || AR_SREV_9287(ah)) && 626 626 !ah->is_pciexpress)) { 627 627 ah->config.serialize_regmode = 628 628 SER_REG_MODE_ON;
+4 -3
drivers/net/wireless/ath/ath9k/recv.c
··· 695 695 __skb_unlink(skb, &rx_edma->rx_fifo); 696 696 list_add_tail(&bf->list, &sc->rx.rxbuf); 697 697 ath_rx_edma_buf_link(sc, qtype); 698 - } else { 699 - bf = NULL; 700 698 } 699 + 700 + bf = NULL; 701 701 } 702 702 703 703 *dest = bf; ··· 822 822 * descriptor does contain a valid key index. This has been observed 823 823 * mostly with CCMP encryption. 824 824 */ 825 - if (rx_stats->rs_keyix == ATH9K_RXKEYIX_INVALID) 825 + if (rx_stats->rs_keyix == ATH9K_RXKEYIX_INVALID || 826 + !test_bit(rx_stats->rs_keyix, common->ccmp_keymap)) 826 827 rx_stats->rs_status &= ~ATH9K_RXERR_KEYMISS; 827 828 828 829 if (!rx_stats->rs_datalen) {
+4
drivers/net/wireless/ath/key.c
··· 556 556 return -EIO; 557 557 558 558 set_bit(idx, common->keymap); 559 + if (key->cipher == WLAN_CIPHER_SUITE_CCMP) 560 + set_bit(idx, common->ccmp_keymap); 561 + 559 562 if (key->cipher == WLAN_CIPHER_SUITE_TKIP) { 560 563 set_bit(idx + 64, common->keymap); 561 564 set_bit(idx, common->tkip_keymap); ··· 585 582 return; 586 583 587 584 clear_bit(key->hw_key_idx, common->keymap); 585 + clear_bit(key->hw_key_idx, common->ccmp_keymap); 588 586 if (key->cipher != WLAN_CIPHER_SUITE_TKIP) 589 587 return; 590 588
+12
drivers/net/wireless/iwlwifi/iwl-mac80211.c
··· 796 796 switch (op) { 797 797 case ADD: 798 798 ret = iwlagn_mac_sta_add(hw, vif, sta); 799 + if (ret) 800 + break; 801 + /* 802 + * Clear the in-progress flag, the AP station entry was added 803 + * but we'll initialize LQ only when we've associated (which 804 + * would also clear the in-progress flag). This is necessary 805 + * in case we never initialize LQ because association fails. 806 + */ 807 + spin_lock_bh(&priv->sta_lock); 808 + priv->stations[iwl_sta_id(sta)].used &= 809 + ~IWL_STA_UCODE_INPROGRESS; 810 + spin_unlock_bh(&priv->sta_lock); 799 811 break; 800 812 case REMOVE: 801 813 ret = iwlagn_mac_sta_remove(hw, vif, sta);
+3 -2
drivers/net/wireless/mwifiex/11n_rxreorder.c
··· 256 256 else 257 257 last_seq = priv->rx_seq[tid]; 258 258 259 - if (last_seq >= new_node->start_win) 259 + if (last_seq != MWIFIEX_DEF_11N_RX_SEQ_NUM && 260 + last_seq >= new_node->start_win) 260 261 new_node->start_win = last_seq + 1; 261 262 262 263 new_node->win_size = win_size; ··· 597 596 spin_unlock_irqrestore(&priv->rx_reorder_tbl_lock, flags); 598 597 599 598 INIT_LIST_HEAD(&priv->rx_reorder_tbl_ptr); 600 - memset(priv->rx_seq, 0, sizeof(priv->rx_seq)); 599 + mwifiex_reset_11n_rx_seq_num(priv); 601 600 }
+7
drivers/net/wireless/mwifiex/11n_rxreorder.h
··· 37 37 38 38 #define ADDBA_RSP_STATUS_ACCEPT 0 39 39 40 + #define MWIFIEX_DEF_11N_RX_SEQ_NUM 0xffff 41 + 42 + static inline void mwifiex_reset_11n_rx_seq_num(struct mwifiex_private *priv) 43 + { 44 + memset(priv->rx_seq, 0xff, sizeof(priv->rx_seq)); 45 + } 46 + 40 47 int mwifiex_11n_rx_reorder_pkt(struct mwifiex_private *, 41 48 u16 seqNum, 42 49 u16 tid, u8 *ta,
+1
drivers/net/wireless/mwifiex/ie.c
··· 213 213 /* save assoc resp ie index after auto-indexing */ 214 214 *assoc_idx = *((u16 *)pos); 215 215 216 + kfree(ap_custom_ie); 216 217 return ret; 217 218 } 218 219
+3 -3
drivers/net/wireless/mwifiex/sdio.c
··· 978 978 dev_dbg(adapter->dev, "info: --- Rx: Event ---\n"); 979 979 adapter->event_cause = *(u32 *) skb->data; 980 980 981 - skb_pull(skb, MWIFIEX_EVENT_HEADER_LEN); 982 - 983 981 if ((skb->len > 0) && (skb->len < MAX_EVENT_SIZE)) 984 - memcpy(adapter->event_body, skb->data, skb->len); 982 + memcpy(adapter->event_body, 983 + skb->data + MWIFIEX_EVENT_HEADER_LEN, 984 + skb->len); 985 985 986 986 /* event cause has been saved to adapter->event_cause */ 987 987 adapter->event_received = true;
+4 -5
drivers/net/wireless/mwifiex/sta_event.c
··· 406 406 break; 407 407 408 408 case EVENT_UAP_STA_ASSOC: 409 - skb_pull(adapter->event_skb, MWIFIEX_UAP_EVENT_EXTRA_HEADER); 410 409 memset(&sinfo, 0, sizeof(sinfo)); 411 - event = (struct mwifiex_assoc_event *)adapter->event_skb->data; 410 + event = (struct mwifiex_assoc_event *) 411 + (adapter->event_body + MWIFIEX_UAP_EVENT_EXTRA_HEADER); 412 412 if (le16_to_cpu(event->type) == TLV_TYPE_UAP_MGMT_FRAME) { 413 413 len = -1; 414 414 ··· 433 433 GFP_KERNEL); 434 434 break; 435 435 case EVENT_UAP_STA_DEAUTH: 436 - skb_pull(adapter->event_skb, MWIFIEX_UAP_EVENT_EXTRA_HEADER); 437 - cfg80211_del_sta(priv->netdev, adapter->event_skb->data, 438 - GFP_KERNEL); 436 + cfg80211_del_sta(priv->netdev, adapter->event_body + 437 + MWIFIEX_UAP_EVENT_EXTRA_HEADER, GFP_KERNEL); 439 438 break; 440 439 case EVENT_UAP_BSS_IDLE: 441 440 priv->media_connected = false;
+20 -8
drivers/net/wireless/mwifiex/usb.c
··· 49 49 struct device *dev = adapter->dev; 50 50 u32 recv_type; 51 51 __le32 tmp; 52 + int ret; 52 53 53 54 if (adapter->hs_activated) 54 55 mwifiex_process_hs_config(adapter); ··· 70 69 case MWIFIEX_USB_TYPE_CMD: 71 70 if (skb->len > MWIFIEX_SIZE_OF_CMD_BUFFER) { 72 71 dev_err(dev, "CMD: skb->len too large\n"); 73 - return -1; 72 + ret = -1; 73 + goto exit_restore_skb; 74 74 } else if (!adapter->curr_cmd) { 75 75 dev_dbg(dev, "CMD: no curr_cmd\n"); 76 76 if (adapter->ps_state == PS_STATE_SLEEP_CFM) { 77 77 mwifiex_process_sleep_confirm_resp( 78 78 adapter, skb->data, 79 79 skb->len); 80 - return 0; 80 + ret = 0; 81 + goto exit_restore_skb; 81 82 } 82 - return -1; 83 + ret = -1; 84 + goto exit_restore_skb; 83 85 } 84 86 85 87 adapter->curr_cmd->resp_skb = skb; ··· 91 87 case MWIFIEX_USB_TYPE_EVENT: 92 88 if (skb->len < sizeof(u32)) { 93 89 dev_err(dev, "EVENT: skb->len too small\n"); 94 - return -1; 90 + ret = -1; 91 + goto exit_restore_skb; 95 92 } 96 93 skb_copy_from_linear_data(skb, &tmp, sizeof(u32)); 97 94 adapter->event_cause = le32_to_cpu(tmp); 98 - skb_pull(skb, sizeof(u32)); 99 95 dev_dbg(dev, "event_cause %#x\n", adapter->event_cause); 100 96 101 97 if (skb->len > MAX_EVENT_SIZE) { 102 98 dev_err(dev, "EVENT: event body too large\n"); 103 - return -1; 99 + ret = -1; 100 + goto exit_restore_skb; 104 101 } 105 102 106 - skb_copy_from_linear_data(skb, adapter->event_body, 107 - skb->len); 103 + memcpy(adapter->event_body, skb->data + 104 + MWIFIEX_EVENT_HEADER_LEN, skb->len); 105 + 108 106 adapter->event_received = true; 109 107 adapter->event_skb = skb; 110 108 break; ··· 130 124 } 131 125 132 126 return -EINPROGRESS; 127 + 128 + exit_restore_skb: 129 + /* The buffer will be reused for further cmds/events */ 130 + skb_push(skb, INTF_HEADER_LEN); 131 + 132 + return ret; 133 133 } 134 134 135 135 static void mwifiex_usb_rx_complete(struct urb *urb)
+3
drivers/net/wireless/mwifiex/wmm.c
··· 404 404 priv->add_ba_param.tx_win_size = MWIFIEX_AMPDU_DEF_TXWINSIZE; 405 405 priv->add_ba_param.rx_win_size = MWIFIEX_AMPDU_DEF_RXWINSIZE; 406 406 407 + mwifiex_reset_11n_rx_seq_num(priv); 408 + 407 409 atomic_set(&priv->wmm.tx_pkts_queued, 0); 408 410 atomic_set(&priv->wmm.highest_queued_prio, HIGH_PRIO_TID); 409 411 } ··· 1223 1221 1224 1222 if (!ptr->is_11n_enabled || 1225 1223 mwifiex_is_ba_stream_setup(priv, ptr, tid) || 1224 + priv->wps.session_enable || 1226 1225 ((priv->sec_info.wpa_enabled || 1227 1226 priv->sec_info.wpa2_enabled) && 1228 1227 !priv->wpa_is_gtk_set)) {
+3
drivers/net/wireless/rtlwifi/rtl8192cu/sw.c
··· 301 301 {RTL_USB_DEVICE(0x07b8, 0x8188, rtl92cu_hal_cfg)}, /*Abocom - Abocom*/ 302 302 {RTL_USB_DEVICE(0x07b8, 0x8189, rtl92cu_hal_cfg)}, /*Funai - Abocom*/ 303 303 {RTL_USB_DEVICE(0x0846, 0x9041, rtl92cu_hal_cfg)}, /*NetGear WNA1000M*/ 304 + {RTL_USB_DEVICE(0x0bda, 0x5088, rtl92cu_hal_cfg)}, /*Thinkware-CC&C*/ 304 305 {RTL_USB_DEVICE(0x0df6, 0x0052, rtl92cu_hal_cfg)}, /*Sitecom - Edimax*/ 305 306 {RTL_USB_DEVICE(0x0df6, 0x005c, rtl92cu_hal_cfg)}, /*Sitecom - Edimax*/ 306 307 {RTL_USB_DEVICE(0x0eb0, 0x9071, rtl92cu_hal_cfg)}, /*NO Brand - Etop*/ 308 + {RTL_USB_DEVICE(0x4856, 0x0091, rtl92cu_hal_cfg)}, /*NetweeN - Feixun*/ 307 309 /* HP - Lite-On ,8188CUS Slim Combo */ 308 310 {RTL_USB_DEVICE(0x103c, 0x1629, rtl92cu_hal_cfg)}, 309 311 {RTL_USB_DEVICE(0x13d3, 0x3357, rtl92cu_hal_cfg)}, /* AzureWave */ ··· 348 346 {RTL_USB_DEVICE(0x07b8, 0x8178, rtl92cu_hal_cfg)}, /*Funai -Abocom*/ 349 347 {RTL_USB_DEVICE(0x0846, 0x9021, rtl92cu_hal_cfg)}, /*Netgear-Sercomm*/ 350 348 {RTL_USB_DEVICE(0x0b05, 0x17ab, rtl92cu_hal_cfg)}, /*ASUS-Edimax*/ 349 + {RTL_USB_DEVICE(0x0bda, 0x8186, rtl92cu_hal_cfg)}, /*Realtek 92CE-VAU*/ 351 350 {RTL_USB_DEVICE(0x0df6, 0x0061, rtl92cu_hal_cfg)}, /*Sitecom-Edimax*/ 352 351 {RTL_USB_DEVICE(0x0e66, 0x0019, rtl92cu_hal_cfg)}, /*Hawking-Edimax*/ 353 352 {RTL_USB_DEVICE(0x2001, 0x3307, rtl92cu_hal_cfg)}, /*D-Link-Cameo*/
-1
drivers/net/wireless/ti/wlcore/Kconfig
··· 1 1 config WLCORE 2 2 tristate "TI wlcore support" 3 3 depends on WL_TI && GENERIC_HARDIRQS && MAC80211 4 - depends on INET 5 4 select FW_LOADER 6 5 ---help--- 7 6 This module contains the main code for TI WLAN chips. It abstracts
+4
include/net/sctp/structs.h
··· 912 912 /* Is this structure kfree()able? */ 913 913 malloced:1; 914 914 915 + /* Has this transport moved the ctsn since we last sacked */ 916 + __u32 sack_generation; 917 + 915 918 struct flowi fl; 916 919 917 920 /* This is the peer's IP address and port. */ ··· 1587 1584 */ 1588 1585 __u8 sack_needed; /* Do we need to sack the peer? */ 1589 1586 __u32 sack_cnt; 1587 + __u32 sack_generation; 1590 1588 1591 1589 /* These are capabilities which our peer advertised. */ 1592 1590 __u8 ecn_capable:1, /* Can peer do ECN? */
+2 -1
include/net/sctp/tsnmap.h
··· 117 117 int sctp_tsnmap_check(const struct sctp_tsnmap *, __u32 tsn); 118 118 119 119 /* Mark this TSN as seen. */ 120 - int sctp_tsnmap_mark(struct sctp_tsnmap *, __u32 tsn); 120 + int sctp_tsnmap_mark(struct sctp_tsnmap *, __u32 tsn, 121 + struct sctp_transport *trans); 121 122 122 123 /* Mark this TSN and all lower as seen. */ 123 124 void sctp_tsnmap_skip(struct sctp_tsnmap *map, __u32 tsn);
+2 -2
net/core/dev.c
··· 1136 1136 no_module = request_module("netdev-%s", name); 1137 1137 if (no_module && capable(CAP_SYS_MODULE)) { 1138 1138 if (!request_module("%s", name)) 1139 - pr_err("Loading kernel module for a network device with CAP_SYS_MODULE (deprecated). Use CAP_NET_ADMIN and alias netdev-%s instead.\n", 1140 - name); 1139 + pr_warn("Loading kernel module for a network device with CAP_SYS_MODULE (deprecated). Use CAP_NET_ADMIN and alias netdev-%s instead.\n", 1140 + name); 1141 1141 } 1142 1142 } 1143 1143 EXPORT_SYMBOL(dev_load);
+6 -7
net/mac80211/mlme.c
··· 1342 1342 struct ieee80211_local *local = sdata->local; 1343 1343 struct sta_info *sta; 1344 1344 u32 changed = 0; 1345 - u8 bssid[ETH_ALEN]; 1346 1345 1347 1346 ASSERT_MGD_MTX(ifmgd); 1348 1347 ··· 1353 1354 1354 1355 ieee80211_stop_poll(sdata); 1355 1356 1356 - memcpy(bssid, ifmgd->associated->bssid, ETH_ALEN); 1357 - 1358 1357 ifmgd->associated = NULL; 1359 - memset(ifmgd->bssid, 0, ETH_ALEN); 1360 1358 1361 1359 /* 1362 1360 * we need to commit the associated = NULL change because the ··· 1373 1377 netif_carrier_off(sdata->dev); 1374 1378 1375 1379 mutex_lock(&local->sta_mtx); 1376 - sta = sta_info_get(sdata, bssid); 1380 + sta = sta_info_get(sdata, ifmgd->bssid); 1377 1381 if (sta) { 1378 1382 set_sta_flag(sta, WLAN_STA_BLOCK_BA); 1379 1383 ieee80211_sta_tear_down_BA_sessions(sta, tx); ··· 1382 1386 1383 1387 /* deauthenticate/disassociate now */ 1384 1388 if (tx || frame_buf) 1385 - ieee80211_send_deauth_disassoc(sdata, bssid, stype, reason, 1386 - tx, frame_buf); 1389 + ieee80211_send_deauth_disassoc(sdata, ifmgd->bssid, stype, 1390 + reason, tx, frame_buf); 1387 1391 1388 1392 /* flush out frame */ 1389 1393 if (tx) 1390 1394 drv_flush(local, false); 1395 + 1396 + /* clear bssid only after building the needed mgmt frames */ 1397 + memset(ifmgd->bssid, 0, ETH_ALEN); 1391 1398 1392 1399 /* remove AP and TDLS peers */ 1393 1400 sta_info_flush(local, sdata);
+4 -1
net/mac80211/rx.c
··· 2455 2455 * frames that we didn't handle, including returning unknown 2456 2456 * ones. For all other modes we will return them to the sender, 2457 2457 * setting the 0x80 bit in the action category, as required by 2458 - * 802.11-2007 7.3.1.11. 2458 + * 802.11-2012 9.24.4. 2459 2459 * Newer versions of hostapd shall also use the management frame 2460 2460 * registration mechanisms, but older ones still use cooked 2461 2461 * monitor interfaces so push all frames there. ··· 2463 2463 if (!(status->rx_flags & IEEE80211_RX_MALFORMED_ACTION_FRM) && 2464 2464 (sdata->vif.type == NL80211_IFTYPE_AP || 2465 2465 sdata->vif.type == NL80211_IFTYPE_AP_VLAN)) 2466 + return RX_DROP_MONITOR; 2467 + 2468 + if (is_multicast_ether_addr(mgmt->da)) 2466 2469 return RX_DROP_MONITOR; 2467 2470 2468 2471 /* do not return rejected action frames */
+12
net/netfilter/ipset/ip_set_core.c
··· 640 640 } 641 641 642 642 static int 643 + ip_set_none(struct sock *ctnl, struct sk_buff *skb, 644 + const struct nlmsghdr *nlh, 645 + const struct nlattr * const attr[]) 646 + { 647 + return -EOPNOTSUPP; 648 + } 649 + 650 + static int 643 651 ip_set_create(struct sock *ctnl, struct sk_buff *skb, 644 652 const struct nlmsghdr *nlh, 645 653 const struct nlattr * const attr[]) ··· 1547 1539 } 1548 1540 1549 1541 static const struct nfnl_callback ip_set_netlink_subsys_cb[IPSET_MSG_MAX] = { 1542 + [IPSET_CMD_NONE] = { 1543 + .call = ip_set_none, 1544 + .attr_count = IPSET_ATTR_CMD_MAX, 1545 + }, 1550 1546 [IPSET_CMD_CREATE] = { 1551 1547 .call = ip_set_create, 1552 1548 .attr_count = IPSET_ATTR_CMD_MAX,
+4 -28
net/netfilter/ipset/ip_set_hash_netiface.c
··· 38 38 39 39 #define iface_data(n) (rb_entry(n, struct iface_node, node)->iface) 40 40 41 - static inline long 42 - ifname_compare(const char *_a, const char *_b) 43 - { 44 - const long *a = (const long *)_a; 45 - const long *b = (const long *)_b; 46 - 47 - BUILD_BUG_ON(IFNAMSIZ > 4 * sizeof(unsigned long)); 48 - if (a[0] != b[0]) 49 - return a[0] - b[0]; 50 - if (IFNAMSIZ > sizeof(long)) { 51 - if (a[1] != b[1]) 52 - return a[1] - b[1]; 53 - } 54 - if (IFNAMSIZ > 2 * sizeof(long)) { 55 - if (a[2] != b[2]) 56 - return a[2] - b[2]; 57 - } 58 - if (IFNAMSIZ > 3 * sizeof(long)) { 59 - if (a[3] != b[3]) 60 - return a[3] - b[3]; 61 - } 62 - return 0; 63 - } 64 - 65 41 static void 66 42 rbtree_destroy(struct rb_root *root) 67 43 { ··· 75 99 76 100 while (n) { 77 101 const char *d = iface_data(n); 78 - long res = ifname_compare(*iface, d); 102 + int res = strcmp(*iface, d); 79 103 80 104 if (res < 0) 81 105 n = n->rb_left; ··· 97 121 98 122 while (*n) { 99 123 char *ifname = iface_data(*n); 100 - long res = ifname_compare(*iface, ifname); 124 + int res = strcmp(*iface, ifname); 101 125 102 126 p = *n; 103 127 if (res < 0) ··· 342 366 struct hash_netiface4_elem data = { .cidr = HOST_MASK }; 343 367 u32 ip = 0, ip_to, last; 344 368 u32 timeout = h->timeout; 345 - char iface[IFNAMSIZ] = {}; 369 + char iface[IFNAMSIZ]; 346 370 int ret; 347 371 348 372 if (unlikely(!tb[IPSET_ATTR_IP] || ··· 639 663 ipset_adtfn adtfn = set->variant->adt[adt]; 640 664 struct hash_netiface6_elem data = { .cidr = HOST_MASK }; 641 665 u32 timeout = h->timeout; 642 - char iface[IFNAMSIZ] = {}; 666 + char iface[IFNAMSIZ]; 643 667 int ret; 644 668 645 669 if (unlikely(!tb[IPSET_ATTR_IP] ||
+7 -7
net/netfilter/ipvs/ip_vs_ctl.c
··· 76 76 77 77 #ifdef CONFIG_IP_VS_IPV6 78 78 /* Taken from rt6_fill_node() in net/ipv6/route.c, is there a better way? */ 79 - static int __ip_vs_addr_is_local_v6(struct net *net, 80 - const struct in6_addr *addr) 79 + static bool __ip_vs_addr_is_local_v6(struct net *net, 80 + const struct in6_addr *addr) 81 81 { 82 - struct rt6_info *rt; 83 82 struct flowi6 fl6 = { 84 83 .daddr = *addr, 85 84 }; 85 + struct dst_entry *dst = ip6_route_output(net, NULL, &fl6); 86 + bool is_local; 86 87 87 - rt = (struct rt6_info *)ip6_route_output(net, NULL, &fl6); 88 - if (rt && rt->dst.dev && (rt->dst.dev->flags & IFF_LOOPBACK)) 89 - return 1; 88 + is_local = !dst->error && dst->dev && (dst->dev->flags & IFF_LOOPBACK); 90 89 91 - return 0; 90 + dst_release(dst); 91 + return is_local; 92 92 } 93 93 #endif 94 94
+3 -1
net/netfilter/nfnetlink.c
··· 169 169 170 170 err = nla_parse(cda, ss->cb[cb_id].attr_count, 171 171 attr, attrlen, ss->cb[cb_id].policy); 172 - if (err < 0) 172 + if (err < 0) { 173 + rcu_read_unlock(); 173 174 return err; 175 + } 174 176 175 177 if (nc->call_rcu) { 176 178 err = nc->call_rcu(net->nfnl, skb, nlh,
+5 -5
net/nfc/nci/ntf.c
··· 106 106 nfca_poll->sens_res = __le16_to_cpu(*((__u16 *)data)); 107 107 data += 2; 108 108 109 - nfca_poll->nfcid1_len = *data++; 109 + nfca_poll->nfcid1_len = min_t(__u8, *data++, NFC_NFCID1_MAXSIZE); 110 110 111 111 pr_debug("sens_res 0x%x, nfcid1_len %d\n", 112 112 nfca_poll->sens_res, nfca_poll->nfcid1_len); ··· 130 130 struct rf_tech_specific_params_nfcb_poll *nfcb_poll, 131 131 __u8 *data) 132 132 { 133 - nfcb_poll->sensb_res_len = *data++; 133 + nfcb_poll->sensb_res_len = min_t(__u8, *data++, NFC_SENSB_RES_MAXSIZE); 134 134 135 135 pr_debug("sensb_res_len %d\n", nfcb_poll->sensb_res_len); 136 136 ··· 145 145 __u8 *data) 146 146 { 147 147 nfcf_poll->bit_rate = *data++; 148 - nfcf_poll->sensf_res_len = *data++; 148 + nfcf_poll->sensf_res_len = min_t(__u8, *data++, NFC_SENSF_RES_MAXSIZE); 149 149 150 150 pr_debug("bit_rate %d, sensf_res_len %d\n", 151 151 nfcf_poll->bit_rate, nfcf_poll->sensf_res_len); ··· 331 331 switch (ntf->activation_rf_tech_and_mode) { 332 332 case NCI_NFC_A_PASSIVE_POLL_MODE: 333 333 nfca_poll = &ntf->activation_params.nfca_poll_iso_dep; 334 - nfca_poll->rats_res_len = *data++; 334 + nfca_poll->rats_res_len = min_t(__u8, *data++, 20); 335 335 pr_debug("rats_res_len %d\n", nfca_poll->rats_res_len); 336 336 if (nfca_poll->rats_res_len > 0) { 337 337 memcpy(nfca_poll->rats_res, ··· 341 341 342 342 case NCI_NFC_B_PASSIVE_POLL_MODE: 343 343 nfcb_poll = &ntf->activation_params.nfcb_poll_iso_dep; 344 - nfcb_poll->attrib_res_len = *data++; 344 + nfcb_poll->attrib_res_len = min_t(__u8, *data++, 50); 345 345 pr_debug("attrib_res_len %d\n", nfcb_poll->attrib_res_len); 346 346 if (nfcb_poll->attrib_res_len > 0) { 347 347 memcpy(nfcb_poll->attrib_res,
+4 -1
net/nfc/rawsock.c
··· 54 54 { 55 55 struct sock *sk = sock->sk; 56 56 57 - pr_debug("sock=%p\n", sock); 57 + pr_debug("sock=%p sk=%p\n", sock, sk); 58 + 59 + if (!sk) 60 + return 0; 58 61 59 62 sock_orphan(sk); 60 63 sock_put(sk);
+1
net/sctp/associola.c
··· 271 271 */ 272 272 asoc->peer.sack_needed = 1; 273 273 asoc->peer.sack_cnt = 0; 274 + asoc->peer.sack_generation = 1; 274 275 275 276 /* Assume that the peer will tell us if he recognizes ASCONF 276 277 * as part of INIT exchange.
+5
net/sctp/output.c
··· 248 248 /* If the SACK timer is running, we have a pending SACK */ 249 249 if (timer_pending(timer)) { 250 250 struct sctp_chunk *sack; 251 + 252 + if (pkt->transport->sack_generation != 253 + pkt->transport->asoc->peer.sack_generation) 254 + return retval; 255 + 251 256 asoc->a_rwnd = asoc->rwnd; 252 257 sack = sctp_make_sack(asoc); 253 258 if (sack) {
+16
net/sctp/sm_make_chunk.c
··· 734 734 int len; 735 735 __u32 ctsn; 736 736 __u16 num_gabs, num_dup_tsns; 737 + struct sctp_association *aptr = (struct sctp_association *)asoc; 737 738 struct sctp_tsnmap *map = (struct sctp_tsnmap *)&asoc->peer.tsn_map; 738 739 struct sctp_gap_ack_block gabs[SCTP_MAX_GABS]; 740 + struct sctp_transport *trans; 739 741 740 742 memset(gabs, 0, sizeof(gabs)); 741 743 ctsn = sctp_tsnmap_get_ctsn(map); ··· 807 805 sctp_addto_chunk(retval, sizeof(__u32) * num_dup_tsns, 808 806 sctp_tsnmap_get_dups(map)); 809 807 808 + /* Once we have a sack generated, check to see what our sack 809 + * generation is, if its 0, reset the transports to 0, and reset 810 + * the association generation to 1 811 + * 812 + * The idea is that zero is never used as a valid generation for the 813 + * association so no transport will match after a wrap event like this, 814 + * Until the next sack 815 + */ 816 + if (++aptr->peer.sack_generation == 0) { 817 + list_for_each_entry(trans, &asoc->peer.transport_addr_list, 818 + transports) 819 + trans->sack_generation = 0; 820 + aptr->peer.sack_generation = 1; 821 + } 810 822 nodata: 811 823 return retval; 812 824 }
+1 -1
net/sctp/sm_sideeffect.c
··· 1268 1268 case SCTP_CMD_REPORT_TSN: 1269 1269 /* Record the arrival of a TSN. */ 1270 1270 error = sctp_tsnmap_mark(&asoc->peer.tsn_map, 1271 - cmd->obj.u32); 1271 + cmd->obj.u32, NULL); 1272 1272 break; 1273 1273 1274 1274 case SCTP_CMD_REPORT_FWDTSN:
+2
net/sctp/transport.c
··· 68 68 peer->af_specific = sctp_get_af_specific(addr->sa.sa_family); 69 69 memset(&peer->saddr, 0, sizeof(union sctp_addr)); 70 70 71 + peer->sack_generation = 0; 72 + 71 73 /* From 6.3.1 RTO Calculation: 72 74 * 73 75 * C1) Until an RTT measurement has been made for a packet sent to the
+5 -1
net/sctp/tsnmap.c
··· 114 114 115 115 116 116 /* Mark this TSN as seen. */ 117 - int sctp_tsnmap_mark(struct sctp_tsnmap *map, __u32 tsn) 117 + int sctp_tsnmap_mark(struct sctp_tsnmap *map, __u32 tsn, 118 + struct sctp_transport *trans) 118 119 { 119 120 u16 gap; 120 121 ··· 134 133 */ 135 134 map->max_tsn_seen++; 136 135 map->cumulative_tsn_ack_point++; 136 + if (trans) 137 + trans->sack_generation = 138 + trans->asoc->peer.sack_generation; 137 139 map->base_tsn++; 138 140 } else { 139 141 /* Either we already have a gap, or about to record a gap, so
+2 -1
net/sctp/ulpevent.c
··· 715 715 * can mark it as received so the tsn_map is updated correctly. 716 716 */ 717 717 if (sctp_tsnmap_mark(&asoc->peer.tsn_map, 718 - ntohl(chunk->subh.data_hdr->tsn))) 718 + ntohl(chunk->subh.data_hdr->tsn), 719 + chunk->transport)) 719 720 goto fail_mark; 720 721 721 722 /* First calculate the padding, so we don't inadvertently
+1 -1
net/sctp/ulpqueue.c
··· 1051 1051 if (chunk && (freed >= needed)) { 1052 1052 __u32 tsn; 1053 1053 tsn = ntohl(chunk->subh.data_hdr->tsn); 1054 - sctp_tsnmap_mark(&asoc->peer.tsn_map, tsn); 1054 + sctp_tsnmap_mark(&asoc->peer.tsn_map, tsn, chunk->transport); 1055 1055 sctp_ulpq_tail_data(ulpq, chunk, gfp); 1056 1056 1057 1057 sctp_ulpq_partial_delivery(ulpq, chunk, gfp);