Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networking fixes from David Miller:
1) Fix memory leaks and other issues in mwifiex driver, from Amitkumar
Karwar.
2) skb_segment() can choke on packets using frag lists, fix from
Herbert Xu with help from Eric Dumazet and others.
3) IPv4 output cached route instantiation properly handles races
involving two threads trying to install the same route, but we
forgot to propagate this logic to input routes as well. Fix from
Alexei Starovoitov.
4) Put protections in place to make sure that recvmsg() paths never
accidently copy uninitialized memory back into userspace and also
make sure that we never try to use more that sockaddr_storage for
building the on-kernel-stack copy of a sockaddr. Fixes from Hannes
Frederic Sowa.
5) R8152 driver transmit flow bug fixes from Hayes Wang.
6) Fix some minor fallouts from genetlink changes, from Johannes Berg
and Michael Opdenacker.
7) AF_PACKET sendmsg path can race with netdevice unregister notifier,
fix by using RCU to make sure the network device doesn't go away
from under us. Fix from Daniel Borkmann.
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (43 commits)
gso: handle new frag_list of frags GRO packets
genetlink: fix genl_set_err() group ID
genetlink: fix genlmsg_multicast() bug
packet: fix use after free race in send path when dev is released
xen-netback: stop the VIF thread before unbinding IRQs
wimax: remove dead code
net/phy: Add the autocross feature for forced links on VSC82x4
net/phy: Add VSC8662 support
net/phy: Add VSC8574 support
net/phy: Add VSC8234 support
net: add BUG_ON if kernel advertises msg_namelen > sizeof(struct sockaddr_storage)
net: rework recvmsg handler msg_name and msg_namelen logic
bridge: flush br's address entry in fdb when remove the
net: core: Always propagate flag changes to interfaces
ipv4: fix race in concurrent ip_route_input_slow()
r8152: fix incorrect type in assignment
r8152: support stopping/waking tx queue
r8152: modify the tx flow
r8152: fix tx/rx memory overflow
netfilter: ebt_ip6: fix source and destination matching
...
+505
-317
-2
crypto/algif_hash.c
-2
crypto/algif_hash.c
-1
crypto/algif_skcipher.c
-1
crypto/algif_skcipher.c
+4
-9
drivers/isdn/mISDN/socket.c
+4
-9
drivers/isdn/mISDN/socket.c
···
117
117
{
118
118
struct sk_buff *skb;
119
119
struct sock *sk = sock->sk;
120
-
struct sockaddr_mISDN *maddr;
121
120
122
121
int copied, err;
123
122
···
134
135
if (!skb)
135
136
return err;
136
137
137
-
if (msg->msg_namelen >= sizeof(struct sockaddr_mISDN)) {
138
-
msg->msg_namelen = sizeof(struct sockaddr_mISDN);
139
-
maddr = (struct sockaddr_mISDN *)msg->msg_name;
138
+
if (msg->msg_name) {
139
+
struct sockaddr_mISDN *maddr = msg->msg_name;
140
+
140
141
maddr->family = AF_ISDN;
141
142
maddr->dev = _pms(sk)->dev->id;
142
143
if ((sk->sk_protocol == ISDN_P_LAPD_TE) ||
···
149
150
maddr->sapi = _pms(sk)->ch.addr & 0xFF;
150
151
maddr->tei = (_pms(sk)->ch.addr >> 8) & 0xFF;
151
152
}
152
-
} else {
153
-
if (msg->msg_namelen)
154
-
printk(KERN_WARNING "%s: too small namelen %d\n",
155
-
__func__, msg->msg_namelen);
156
-
msg->msg_namelen = 0;
153
+
msg->msg_namelen = sizeof(*maddr);
157
154
}
158
155
159
156
copied = skb->len + MISDN_HEADER_LEN;
+2
-2
drivers/net/phy/phy_device.c
+2
-2
drivers/net/phy/phy_device.c
···
697
697
* to the values in phydev. Assumes that the values are valid.
698
698
* Please see phy_sanitize_settings().
699
699
*/
700
-
static int genphy_setup_forced(struct phy_device *phydev)
700
+
int genphy_setup_forced(struct phy_device *phydev)
701
701
{
702
702
int err;
703
703
int ctl = 0;
···
716
716
717
717
return err;
718
718
}
719
-
719
+
EXPORT_SYMBOL(genphy_setup_forced);
720
720
721
721
/**
722
722
* genphy_restart_aneg - Enable and Restart Autonegotiation
+113
-4
drivers/net/phy/vitesse.c
+113
-4
drivers/net/phy/vitesse.c
···
3
3
*
4
4
* Author: Kriston Carson
5
5
*
6
-
* Copyright (c) 2005, 2009 Freescale Semiconductor, Inc.
6
+
* Copyright (c) 2005, 2009, 2011 Freescale Semiconductor, Inc.
7
7
*
8
8
* This program is free software; you can redistribute it and/or modify it
9
9
* under the terms of the GNU General Public License as published by the
···
17
17
#include <linux/mii.h>
18
18
#include <linux/ethtool.h>
19
19
#include <linux/phy.h>
20
+
21
+
/* Vitesse Extended Page Magic Register(s) */
22
+
#define MII_VSC82X4_EXT_PAGE_16E 0x10
23
+
#define MII_VSC82X4_EXT_PAGE_17E 0x11
24
+
#define MII_VSC82X4_EXT_PAGE_18E 0x12
20
25
21
26
/* Vitesse Extended Control Register 1 */
22
27
#define MII_VSC8244_EXT_CON1 0x17
···
59
54
#define MII_VSC8221_AUXCONSTAT_INIT 0x0004 /* need to set this bit? */
60
55
#define MII_VSC8221_AUXCONSTAT_RESERVED 0x0004
61
56
57
+
/* Vitesse Extended Page Access Register */
58
+
#define MII_VSC82X4_EXT_PAGE_ACCESS 0x1f
59
+
60
+
#define PHY_ID_VSC8234 0x000fc620
62
61
#define PHY_ID_VSC8244 0x000fc6c0
62
+
#define PHY_ID_VSC8574 0x000704a0
63
+
#define PHY_ID_VSC8662 0x00070660
63
64
#define PHY_ID_VSC8221 0x000fc550
64
65
#define PHY_ID_VSC8211 0x000fc4b0
65
66
···
129
118
130
119
if (phydev->interrupts == PHY_INTERRUPT_ENABLED)
131
120
err = phy_write(phydev, MII_VSC8244_IMASK,
132
-
phydev->drv->phy_id == PHY_ID_VSC8244 ?
121
+
(phydev->drv->phy_id == PHY_ID_VSC8234 ||
122
+
phydev->drv->phy_id == PHY_ID_VSC8244 ||
123
+
phydev->drv->phy_id == PHY_ID_VSC8574) ?
133
124
MII_VSC8244_IMASK_MASK :
134
125
MII_VSC8221_IMASK_MASK);
135
126
else {
···
162
149
*/
163
150
}
164
151
165
-
/* Vitesse 824x */
152
+
/* vsc82x4_config_autocross_enable - Enable auto MDI/MDI-X for forced links
153
+
* @phydev: target phy_device struct
154
+
*
155
+
* Enable auto MDI/MDI-X when in 10/100 forced link speeds by writing
156
+
* special values in the VSC8234/VSC8244 extended reserved registers
157
+
*/
158
+
static int vsc82x4_config_autocross_enable(struct phy_device *phydev)
159
+
{
160
+
int ret;
161
+
162
+
if (phydev->autoneg == AUTONEG_ENABLE || phydev->speed > SPEED_100)
163
+
return 0;
164
+
165
+
/* map extended registers set 0x10 - 0x1e */
166
+
ret = phy_write(phydev, MII_VSC82X4_EXT_PAGE_ACCESS, 0x52b5);
167
+
if (ret >= 0)
168
+
ret = phy_write(phydev, MII_VSC82X4_EXT_PAGE_18E, 0x0012);
169
+
if (ret >= 0)
170
+
ret = phy_write(phydev, MII_VSC82X4_EXT_PAGE_17E, 0x2803);
171
+
if (ret >= 0)
172
+
ret = phy_write(phydev, MII_VSC82X4_EXT_PAGE_16E, 0x87fa);
173
+
/* map standard registers set 0x10 - 0x1e */
174
+
if (ret >= 0)
175
+
ret = phy_write(phydev, MII_VSC82X4_EXT_PAGE_ACCESS, 0x0000);
176
+
else
177
+
phy_write(phydev, MII_VSC82X4_EXT_PAGE_ACCESS, 0x0000);
178
+
179
+
return ret;
180
+
}
181
+
182
+
/* vsc82x4_config_aneg - restart auto-negotiation or write BMCR
183
+
* @phydev: target phy_device struct
184
+
*
185
+
* Description: If auto-negotiation is enabled, we configure the
186
+
* advertising, and then restart auto-negotiation. If it is not
187
+
* enabled, then we write the BMCR and also start the auto
188
+
* MDI/MDI-X feature
189
+
*/
190
+
static int vsc82x4_config_aneg(struct phy_device *phydev)
191
+
{
192
+
int ret;
193
+
194
+
/* Enable auto MDI/MDI-X when in 10/100 forced link speeds by
195
+
* writing special values in the VSC8234 extended reserved registers
196
+
*/
197
+
if (phydev->autoneg != AUTONEG_ENABLE && phydev->speed <= SPEED_100) {
198
+
ret = genphy_setup_forced(phydev);
199
+
200
+
if (ret < 0) /* error */
201
+
return ret;
202
+
203
+
return vsc82x4_config_autocross_enable(phydev);
204
+
}
205
+
206
+
return genphy_config_aneg(phydev);
207
+
}
208
+
209
+
/* Vitesse 82xx */
166
210
static struct phy_driver vsc82xx_driver[] = {
167
211
{
212
+
.phy_id = PHY_ID_VSC8234,
213
+
.name = "Vitesse VSC8234",
214
+
.phy_id_mask = 0x000ffff0,
215
+
.features = PHY_GBIT_FEATURES,
216
+
.flags = PHY_HAS_INTERRUPT,
217
+
.config_init = &vsc824x_config_init,
218
+
.config_aneg = &vsc82x4_config_aneg,
219
+
.read_status = &genphy_read_status,
220
+
.ack_interrupt = &vsc824x_ack_interrupt,
221
+
.config_intr = &vsc82xx_config_intr,
222
+
.driver = { .owner = THIS_MODULE,},
223
+
}, {
168
224
.phy_id = PHY_ID_VSC8244,
169
225
.name = "Vitesse VSC8244",
170
226
.phy_id_mask = 0x000fffc0,
171
227
.features = PHY_GBIT_FEATURES,
172
228
.flags = PHY_HAS_INTERRUPT,
173
229
.config_init = &vsc824x_config_init,
174
-
.config_aneg = &genphy_config_aneg,
230
+
.config_aneg = &vsc82x4_config_aneg,
175
231
.read_status = &genphy_read_status,
176
232
.ack_interrupt = &vsc824x_ack_interrupt,
177
233
.config_intr = &vsc82xx_config_intr,
178
234
.driver = { .owner = THIS_MODULE,},
235
+
}, {
236
+
.phy_id = PHY_ID_VSC8574,
237
+
.name = "Vitesse VSC8574",
238
+
.phy_id_mask = 0x000ffff0,
239
+
.features = PHY_GBIT_FEATURES,
240
+
.flags = PHY_HAS_INTERRUPT,
241
+
.config_init = &vsc824x_config_init,
242
+
.config_aneg = &vsc82x4_config_aneg,
243
+
.read_status = &genphy_read_status,
244
+
.ack_interrupt = &vsc824x_ack_interrupt,
245
+
.config_intr = &vsc82xx_config_intr,
246
+
.driver = { .owner = THIS_MODULE,},
247
+
}, {
248
+
.phy_id = PHY_ID_VSC8662,
249
+
.name = "Vitesse VSC8662",
250
+
.phy_id_mask = 0x000ffff0,
251
+
.features = PHY_GBIT_FEATURES,
252
+
.flags = PHY_HAS_INTERRUPT,
253
+
.config_init = &vsc824x_config_init,
254
+
.config_aneg = &vsc82x4_config_aneg,
255
+
.read_status = &genphy_read_status,
256
+
.ack_interrupt = &vsc824x_ack_interrupt,
257
+
.config_intr = &vsc82xx_config_intr,
258
+
.driver = { .owner = THIS_MODULE,},
179
259
}, {
180
260
/* Vitesse 8221 */
181
261
.phy_id = PHY_ID_VSC8221,
···
313
207
module_exit(vsc82xx_exit);
314
208
315
209
static struct mdio_device_id __maybe_unused vitesse_tbl[] = {
210
+
{ PHY_ID_VSC8234, 0x000ffff0 },
316
211
{ PHY_ID_VSC8244, 0x000fffc0 },
212
+
{ PHY_ID_VSC8574, 0x000ffff0 },
213
+
{ PHY_ID_VSC8662, 0x000ffff0 },
317
214
{ PHY_ID_VSC8221, 0x000ffff0 },
318
215
{ PHY_ID_VSC8211, 0x000ffff0 },
319
216
{ }
-2
drivers/net/ppp/pppoe.c
-2
drivers/net/ppp/pppoe.c
+50
-64
drivers/net/usb/r8152.c
+50
-64
drivers/net/usb/r8152.c
···
24
24
#include <linux/ipv6.h>
25
25
26
26
/* Version Information */
27
-
#define DRIVER_VERSION "v1.01.0 (2013/08/12)"
27
+
#define DRIVER_VERSION "v1.02.0 (2013/10/28)"
28
28
#define DRIVER_AUTHOR "Realtek linux nic maintainers <nic_swsd@realtek.com>"
29
29
#define DRIVER_DESC "Realtek RTL8152 Based USB 2.0 Ethernet Adapters"
30
30
#define MODULENAME "r8152"
···
307
307
#define MCU_TYPE_USB 0x0000
308
308
309
309
struct rx_desc {
310
-
u32 opts1;
310
+
__le32 opts1;
311
311
#define RX_LEN_MASK 0x7fff
312
-
u32 opts2;
313
-
u32 opts3;
314
-
u32 opts4;
315
-
u32 opts5;
316
-
u32 opts6;
312
+
__le32 opts2;
313
+
__le32 opts3;
314
+
__le32 opts4;
315
+
__le32 opts5;
316
+
__le32 opts6;
317
317
};
318
318
319
319
struct tx_desc {
320
-
u32 opts1;
320
+
__le32 opts1;
321
321
#define TX_FS (1 << 31) /* First segment of a packet */
322
322
#define TX_LS (1 << 30) /* Final segment of a packet */
323
323
#define TX_LEN_MASK 0x3ffff
324
324
325
-
u32 opts2;
325
+
__le32 opts2;
326
326
#define UDP_CS (1 << 31) /* Calculate UDP/IP checksum */
327
327
#define TCP_CS (1 << 30) /* Calculate TCP/IP checksum */
328
328
#define IPV4_CS (1 << 29) /* Calculate IPv4 checksum */
···
365
365
struct mii_if_info mii;
366
366
int intr_interval;
367
367
u32 msg_enable;
368
+
u32 tx_qlen;
368
369
u16 ocp_base;
369
370
u8 *intr_buff;
370
371
u8 version;
···
877
876
static void intr_callback(struct urb *urb)
878
877
{
879
878
struct r8152 *tp;
880
-
__u16 *d;
879
+
__le16 *d;
881
880
int status = urb->status;
882
881
int res;
883
882
···
1137
1136
1138
1137
static int r8152_tx_agg_fill(struct r8152 *tp, struct tx_agg *agg)
1139
1138
{
1140
-
u32 remain;
1139
+
int remain;
1141
1140
u8 *tx_data;
1142
1141
1143
1142
tx_data = agg->head;
1144
1143
agg->skb_num = agg->skb_len = 0;
1145
-
remain = rx_buf_sz - sizeof(struct tx_desc);
1144
+
remain = rx_buf_sz;
1146
1145
1147
-
while (remain >= ETH_ZLEN) {
1146
+
while (remain >= ETH_ZLEN + sizeof(struct tx_desc)) {
1148
1147
struct tx_desc *tx_desc;
1149
1148
struct sk_buff *skb;
1150
1149
unsigned int len;
···
1153
1152
if (!skb)
1154
1153
break;
1155
1154
1155
+
remain -= sizeof(*tx_desc);
1156
1156
len = skb->len;
1157
1157
if (remain < len) {
1158
1158
skb_queue_head(&tp->tx_queue, skb);
1159
1159
break;
1160
1160
}
1161
1161
1162
+
tx_data = tx_agg_align(tx_data);
1162
1163
tx_desc = (struct tx_desc *)tx_data;
1163
1164
tx_data += sizeof(*tx_desc);
1164
1165
···
1170
1167
agg->skb_len += len;
1171
1168
dev_kfree_skb_any(skb);
1172
1169
1173
-
tx_data = tx_agg_align(tx_data + len);
1174
-
remain = rx_buf_sz - sizeof(*tx_desc) -
1175
-
(u32)((void *)tx_data - agg->head);
1170
+
tx_data += len;
1171
+
remain = rx_buf_sz - (int)(tx_agg_align(tx_data) - agg->head);
1176
1172
}
1173
+
1174
+
netif_tx_lock(tp->netdev);
1175
+
1176
+
if (netif_queue_stopped(tp->netdev) &&
1177
+
skb_queue_len(&tp->tx_queue) < tp->tx_qlen)
1178
+
netif_wake_queue(tp->netdev);
1179
+
1180
+
netif_tx_unlock(tp->netdev);
1177
1181
1178
1182
usb_fill_bulk_urb(agg->urb, tp->udev, usb_sndbulkpipe(tp->udev, 2),
1179
1183
agg->head, (int)(tx_data - (u8 *)agg->head),
···
1198
1188
list_for_each_safe(cursor, next, &tp->rx_done) {
1199
1189
struct rx_desc *rx_desc;
1200
1190
struct rx_agg *agg;
1201
-
unsigned pkt_len;
1202
1191
int len_used = 0;
1203
1192
struct urb *urb;
1204
1193
u8 *rx_data;
···
1213
1204
1214
1205
rx_desc = agg->head;
1215
1206
rx_data = agg->head;
1216
-
pkt_len = le32_to_cpu(rx_desc->opts1) & RX_LEN_MASK;
1217
-
len_used += sizeof(struct rx_desc) + pkt_len;
1207
+
len_used += sizeof(struct rx_desc);
1218
1208
1219
-
while (urb->actual_length >= len_used) {
1209
+
while (urb->actual_length > len_used) {
1220
1210
struct net_device *netdev = tp->netdev;
1221
1211
struct net_device_stats *stats;
1212
+
unsigned int pkt_len;
1222
1213
struct sk_buff *skb;
1223
1214
1215
+
pkt_len = le32_to_cpu(rx_desc->opts1) & RX_LEN_MASK;
1224
1216
if (pkt_len < ETH_ZLEN)
1217
+
break;
1218
+
1219
+
len_used += pkt_len;
1220
+
if (urb->actual_length < len_used)
1225
1221
break;
1226
1222
1227
1223
stats = rtl8152_get_stats(netdev);
···
1248
1234
1249
1235
rx_data = rx_agg_align(rx_data + pkt_len + 4);
1250
1236
rx_desc = (struct rx_desc *)rx_data;
1251
-
pkt_len = le32_to_cpu(rx_desc->opts1) & RX_LEN_MASK;
1252
1237
len_used = (int)(rx_data - (u8 *)agg->head);
1253
-
len_used += sizeof(struct rx_desc) + pkt_len;
1238
+
len_used += sizeof(struct rx_desc);
1254
1239
}
1255
1240
1256
1241
submit:
···
1397
1384
struct net_device *netdev)
1398
1385
{
1399
1386
struct r8152 *tp = netdev_priv(netdev);
1400
-
struct net_device_stats *stats = rtl8152_get_stats(netdev);
1401
-
unsigned long flags;
1402
-
struct tx_agg *agg = NULL;
1403
-
struct tx_desc *tx_desc;
1404
-
unsigned int len;
1405
-
u8 *tx_data;
1406
-
int res;
1407
1387
1408
1388
skb_tx_timestamp(skb);
1409
1389
1410
-
/* If tx_queue is not empty, it means at least one previous packt */
1411
-
/* is waiting for sending. Don't send current one before it. */
1412
-
if (skb_queue_empty(&tp->tx_queue))
1413
-
agg = r8152_get_tx_agg(tp);
1390
+
skb_queue_tail(&tp->tx_queue, skb);
1414
1391
1415
-
if (!agg) {
1416
-
skb_queue_tail(&tp->tx_queue, skb);
1417
-
return NETDEV_TX_OK;
1418
-
}
1392
+
if (list_empty(&tp->tx_free) &&
1393
+
skb_queue_len(&tp->tx_queue) > tp->tx_qlen)
1394
+
netif_stop_queue(netdev);
1419
1395
1420
-
tx_desc = (struct tx_desc *)agg->head;
1421
-
tx_data = agg->head + sizeof(*tx_desc);
1422
-
agg->skb_num = agg->skb_len = 0;
1423
-
1424
-
len = skb->len;
1425
-
r8152_tx_csum(tp, tx_desc, skb);
1426
-
memcpy(tx_data, skb->data, len);
1427
-
dev_kfree_skb_any(skb);
1428
-
agg->skb_num++;
1429
-
agg->skb_len += len;
1430
-
usb_fill_bulk_urb(agg->urb, tp->udev, usb_sndbulkpipe(tp->udev, 2),
1431
-
agg->head, len + sizeof(*tx_desc),
1432
-
(usb_complete_t)write_bulk_callback, agg);
1433
-
res = usb_submit_urb(agg->urb, GFP_ATOMIC);
1434
-
if (res) {
1435
-
/* Can we get/handle EPIPE here? */
1436
-
if (res == -ENODEV) {
1437
-
netif_device_detach(tp->netdev);
1438
-
} else {
1439
-
netif_warn(tp, tx_err, netdev,
1440
-
"failed tx_urb %d\n", res);
1441
-
stats->tx_dropped++;
1442
-
spin_lock_irqsave(&tp->tx_lock, flags);
1443
-
list_add_tail(&agg->list, &tp->tx_free);
1444
-
spin_unlock_irqrestore(&tp->tx_lock, flags);
1445
-
}
1446
-
}
1396
+
if (!list_empty(&tp->tx_free))
1397
+
tasklet_schedule(&tp->tl);
1447
1398
1448
1399
return NETDEV_TX_OK;
1449
1400
}
···
1436
1459
}
1437
1460
}
1438
1461
1462
+
static void set_tx_qlen(struct r8152 *tp)
1463
+
{
1464
+
struct net_device *netdev = tp->netdev;
1465
+
1466
+
tp->tx_qlen = rx_buf_sz / (netdev->mtu + VLAN_ETH_HLEN + VLAN_HLEN +
1467
+
sizeof(struct tx_desc));
1468
+
}
1469
+
1439
1470
static inline u8 rtl8152_get_speed(struct r8152 *tp)
1440
1471
{
1441
1472
return ocp_read_byte(tp, MCU_TYPE_PLA, PLA_PHYSTATUS);
···
1455
1470
int i, ret;
1456
1471
u8 speed;
1457
1472
1473
+
set_tx_qlen(tp);
1458
1474
speed = rtl8152_get_speed(tp);
1459
1475
if (speed & _10bps) {
1460
1476
ocp_data = ocp_read_word(tp, MCU_TYPE_PLA, PLA_EEEP_CR);
+50
drivers/net/wireless/ath/ath9k/ar9003_phy.c
+50
drivers/net/wireless/ath/ath9k/ar9003_phy.c
···
701
701
return ret;
702
702
}
703
703
704
+
static void ar9003_doubler_fix(struct ath_hw *ah)
705
+
{
706
+
if (AR_SREV_9300(ah) || AR_SREV_9580(ah) || AR_SREV_9550(ah)) {
707
+
REG_RMW(ah, AR_PHY_65NM_CH0_RXTX2,
708
+
1 << AR_PHY_65NM_CH0_RXTX2_SYNTHON_MASK_S |
709
+
1 << AR_PHY_65NM_CH0_RXTX2_SYNTHOVR_MASK_S, 0);
710
+
REG_RMW(ah, AR_PHY_65NM_CH1_RXTX2,
711
+
1 << AR_PHY_65NM_CH0_RXTX2_SYNTHON_MASK_S |
712
+
1 << AR_PHY_65NM_CH0_RXTX2_SYNTHOVR_MASK_S, 0);
713
+
REG_RMW(ah, AR_PHY_65NM_CH2_RXTX2,
714
+
1 << AR_PHY_65NM_CH0_RXTX2_SYNTHON_MASK_S |
715
+
1 << AR_PHY_65NM_CH0_RXTX2_SYNTHOVR_MASK_S, 0);
716
+
717
+
udelay(200);
718
+
719
+
REG_CLR_BIT(ah, AR_PHY_65NM_CH0_RXTX2,
720
+
AR_PHY_65NM_CH0_RXTX2_SYNTHON_MASK);
721
+
REG_CLR_BIT(ah, AR_PHY_65NM_CH1_RXTX2,
722
+
AR_PHY_65NM_CH0_RXTX2_SYNTHON_MASK);
723
+
REG_CLR_BIT(ah, AR_PHY_65NM_CH2_RXTX2,
724
+
AR_PHY_65NM_CH0_RXTX2_SYNTHON_MASK);
725
+
726
+
udelay(1);
727
+
728
+
REG_RMW_FIELD(ah, AR_PHY_65NM_CH0_RXTX2,
729
+
AR_PHY_65NM_CH0_RXTX2_SYNTHON_MASK, 1);
730
+
REG_RMW_FIELD(ah, AR_PHY_65NM_CH1_RXTX2,
731
+
AR_PHY_65NM_CH0_RXTX2_SYNTHON_MASK, 1);
732
+
REG_RMW_FIELD(ah, AR_PHY_65NM_CH2_RXTX2,
733
+
AR_PHY_65NM_CH0_RXTX2_SYNTHON_MASK, 1);
734
+
735
+
udelay(200);
736
+
737
+
REG_RMW_FIELD(ah, AR_PHY_65NM_CH0_SYNTH12,
738
+
AR_PHY_65NM_CH0_SYNTH12_VREFMUL3, 0xf);
739
+
740
+
REG_RMW(ah, AR_PHY_65NM_CH0_RXTX2, 0,
741
+
1 << AR_PHY_65NM_CH0_RXTX2_SYNTHON_MASK_S |
742
+
1 << AR_PHY_65NM_CH0_RXTX2_SYNTHOVR_MASK_S);
743
+
REG_RMW(ah, AR_PHY_65NM_CH1_RXTX2, 0,
744
+
1 << AR_PHY_65NM_CH0_RXTX2_SYNTHON_MASK_S |
745
+
1 << AR_PHY_65NM_CH0_RXTX2_SYNTHOVR_MASK_S);
746
+
REG_RMW(ah, AR_PHY_65NM_CH2_RXTX2, 0,
747
+
1 << AR_PHY_65NM_CH0_RXTX2_SYNTHON_MASK_S |
748
+
1 << AR_PHY_65NM_CH0_RXTX2_SYNTHOVR_MASK_S);
749
+
}
750
+
}
751
+
704
752
static int ar9003_hw_process_ini(struct ath_hw *ah,
705
753
struct ath9k_channel *chan)
706
754
{
···
773
725
&ah->ini_radio_post_sys2ant,
774
726
modesIndex);
775
727
}
728
+
729
+
ar9003_doubler_fix(ah);
776
730
777
731
/*
778
732
* RXGAIN initvals.
+11
drivers/net/wireless/ath/ath9k/ar9003_phy.h
+11
drivers/net/wireless/ath/ath9k/ar9003_phy.h
···
656
656
#define AR_PHY_SYNTH4_LONG_SHIFT_SELECT ((AR_SREV_9462(ah) || AR_SREV_9565(ah)) ? 0x00000001 : 0x00000002)
657
657
#define AR_PHY_SYNTH4_LONG_SHIFT_SELECT_S ((AR_SREV_9462(ah) || AR_SREV_9565(ah)) ? 0 : 1)
658
658
#define AR_PHY_65NM_CH0_SYNTH7 0x16098
659
+
#define AR_PHY_65NM_CH0_SYNTH12 0x160ac
659
660
#define AR_PHY_65NM_CH0_BIAS1 0x160c0
660
661
#define AR_PHY_65NM_CH0_BIAS2 0x160c4
661
662
#define AR_PHY_65NM_CH0_BIAS4 0x160cc
663
+
#define AR_PHY_65NM_CH0_RXTX2 0x16104
664
+
#define AR_PHY_65NM_CH1_RXTX2 0x16504
665
+
#define AR_PHY_65NM_CH2_RXTX2 0x16904
662
666
#define AR_PHY_65NM_CH0_RXTX4 0x1610c
663
667
#define AR_PHY_65NM_CH1_RXTX4 0x1650c
664
668
#define AR_PHY_65NM_CH2_RXTX4 0x1690c
669
+
670
+
#define AR_PHY_65NM_CH0_SYNTH12_VREFMUL3 0x00780000
671
+
#define AR_PHY_65NM_CH0_SYNTH12_VREFMUL3_S 19
672
+
#define AR_PHY_65NM_CH0_RXTX2_SYNTHON_MASK 0x00000004
673
+
#define AR_PHY_65NM_CH0_RXTX2_SYNTHON_MASK_S 2
674
+
#define AR_PHY_65NM_CH0_RXTX2_SYNTHOVR_MASK 0x00000008
675
+
#define AR_PHY_65NM_CH0_RXTX2_SYNTHOVR_MASK_S 3
665
676
666
677
#define AR_CH0_TOP (AR_SREV_9300(ah) ? 0x16288 : \
667
678
(((AR_SREV_9462(ah) || AR_SREV_9565(ah)) ? 0x1628c : 0x16280)))
+3
-3
drivers/net/wireless/ath/ath9k/ar9462_2p1_initvals.h
+3
-3
drivers/net/wireless/ath/ath9k/ar9462_2p1_initvals.h
···
361
361
{0x00009e14, 0x37b95d5e, 0x37b9605e, 0x3236605e, 0x32365a5e},
362
362
{0x00009e18, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
363
363
{0x00009e1c, 0x0001cf9c, 0x0001cf9c, 0x00021f9c, 0x00021f9c},
364
-
{0x00009e20, 0x000003b5, 0x000003b5, 0x000003ce, 0x000003ce},
364
+
{0x00009e20, 0x000003a5, 0x000003a5, 0x000003a5, 0x000003a5},
365
365
{0x00009e2c, 0x0000001c, 0x0000001c, 0x00000021, 0x00000021},
366
366
{0x00009e3c, 0xcf946220, 0xcf946220, 0xcfd5c782, 0xcfd5c282},
367
367
{0x00009e44, 0x62321e27, 0x62321e27, 0xfe291e27, 0xfe291e27},
···
400
400
{0x0000ae04, 0x001c0000, 0x001c0000, 0x001c0000, 0x00100000},
401
401
{0x0000ae18, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
402
402
{0x0000ae1c, 0x0000019c, 0x0000019c, 0x0000019c, 0x0000019c},
403
-
{0x0000ae20, 0x000001b5, 0x000001b5, 0x000001ce, 0x000001ce},
403
+
{0x0000ae20, 0x000001a6, 0x000001a6, 0x000001aa, 0x000001aa},
404
404
{0x0000b284, 0x00000000, 0x00000000, 0x00000550, 0x00000550},
405
405
};
406
406
···
472
472
473
473
static const u32 ar9462_2p1_soc_preamble[][2] = {
474
474
/* Addr allmodes */
475
-
{0x000040a4, 0x00a0c1c9},
475
+
{0x000040a4, 0x00a0c9c9},
476
476
{0x00007020, 0x00000000},
477
477
{0x00007034, 0x00000002},
478
478
{0x00007038, 0x000004c2},
+2
-1
drivers/net/wireless/ath/regd.c
+2
-1
drivers/net/wireless/ath/regd.c
+1
drivers/net/wireless/brcm80211/brcmfmac/p2p.c
+1
drivers/net/wireless/brcm80211/brcmfmac/p2p.c
+19
-4
drivers/net/wireless/mwifiex/cfg80211.c
+19
-4
drivers/net/wireless/mwifiex/cfg80211.c
···
2210
2210
priv->bss_started = 0;
2211
2211
priv->bss_num = 0;
2212
2212
2213
-
if (mwifiex_cfg80211_init_p2p_client(priv))
2214
-
return ERR_PTR(-EFAULT);
2213
+
if (mwifiex_cfg80211_init_p2p_client(priv)) {
2214
+
wdev = ERR_PTR(-EFAULT);
2215
+
goto done;
2216
+
}
2215
2217
2216
2218
break;
2217
2219
default:
···
2226
2224
if (!dev) {
2227
2225
wiphy_err(wiphy, "no memory available for netdevice\n");
2228
2226
priv->bss_mode = NL80211_IFTYPE_UNSPECIFIED;
2229
-
return ERR_PTR(-ENOMEM);
2227
+
wdev = ERR_PTR(-ENOMEM);
2228
+
goto done;
2230
2229
}
2231
2230
2232
2231
mwifiex_init_priv_params(priv, dev);
···
2267
2264
wiphy_err(wiphy, "cannot register virtual network device\n");
2268
2265
free_netdev(dev);
2269
2266
priv->bss_mode = NL80211_IFTYPE_UNSPECIFIED;
2270
-
return ERR_PTR(-EFAULT);
2267
+
priv->netdev = NULL;
2268
+
wdev = ERR_PTR(-EFAULT);
2269
+
goto done;
2271
2270
}
2272
2271
2273
2272
sema_init(&priv->async_sem, 1);
···
2279
2274
#ifdef CONFIG_DEBUG_FS
2280
2275
mwifiex_dev_debugfs_init(priv);
2281
2276
#endif
2277
+
2278
+
done:
2279
+
if (IS_ERR(wdev)) {
2280
+
kfree(priv->wdev);
2281
+
priv->wdev = NULL;
2282
+
}
2283
+
2282
2284
return wdev;
2283
2285
}
2284
2286
EXPORT_SYMBOL_GPL(mwifiex_add_virtual_intf);
···
2310
2298
unregister_netdevice(wdev->netdev);
2311
2299
2312
2300
/* Clear the priv in adapter */
2301
+
priv->netdev->ieee80211_ptr = NULL;
2313
2302
priv->netdev = NULL;
2303
+
kfree(wdev);
2304
+
priv->wdev = NULL;
2314
2305
2315
2306
priv->media_connected = false;
2316
2307
+7
-21
drivers/net/wireless/mwifiex/main.c
+7
-21
drivers/net/wireless/mwifiex/main.c
···
411
411
*/
412
412
static void mwifiex_fw_dpc(const struct firmware *firmware, void *context)
413
413
{
414
-
int ret, i;
414
+
int ret;
415
415
char fmt[64];
416
416
struct mwifiex_private *priv;
417
417
struct mwifiex_adapter *adapter = context;
418
418
struct mwifiex_fw_image fw;
419
419
struct semaphore *sem = adapter->card_sem;
420
420
bool init_failed = false;
421
+
struct wireless_dev *wdev;
421
422
422
423
if (!firmware) {
423
424
dev_err(adapter->dev,
···
470
469
priv = adapter->priv[MWIFIEX_BSS_ROLE_STA];
471
470
if (mwifiex_register_cfg80211(adapter)) {
472
471
dev_err(adapter->dev, "cannot register with cfg80211\n");
473
-
goto err_register_cfg80211;
472
+
goto err_init_fw;
474
473
}
475
474
476
475
rtnl_lock();
477
476
/* Create station interface by default */
478
-
if (!mwifiex_add_virtual_intf(adapter->wiphy, "mlan%d",
479
-
NL80211_IFTYPE_STATION, NULL, NULL)) {
477
+
wdev = mwifiex_add_virtual_intf(adapter->wiphy, "mlan%d",
478
+
NL80211_IFTYPE_STATION, NULL, NULL);
479
+
if (IS_ERR(wdev)) {
480
480
dev_err(adapter->dev, "cannot create default STA interface\n");
481
+
rtnl_unlock();
481
482
goto err_add_intf;
482
483
}
483
484
rtnl_unlock();
···
489
486
goto done;
490
487
491
488
err_add_intf:
492
-
for (i = 0; i < adapter->priv_num; i++) {
493
-
priv = adapter->priv[i];
494
-
495
-
if (!priv)
496
-
continue;
497
-
498
-
if (priv->wdev && priv->netdev)
499
-
mwifiex_del_virtual_intf(adapter->wiphy, priv->wdev);
500
-
}
501
-
rtnl_unlock();
502
-
err_register_cfg80211:
503
489
wiphy_unregister(adapter->wiphy);
504
490
wiphy_free(adapter->wiphy);
505
491
err_init_fw:
···
997
1005
998
1006
wiphy_unregister(priv->wdev->wiphy);
999
1007
wiphy_free(priv->wdev->wiphy);
1000
-
1001
-
for (i = 0; i < adapter->priv_num; i++) {
1002
-
priv = adapter->priv[i];
1003
-
if (priv)
1004
-
kfree(priv->wdev);
1005
-
}
1006
1008
1007
1009
mwifiex_terminate_workqueue(adapter);
1008
1010
+1
-1
drivers/net/wireless/mwifiex/pcie.c
+1
-1
drivers/net/wireless/mwifiex/pcie.c
···
232
232
}
233
233
234
234
mwifiex_remove_card(card->adapter, &add_remove_card_sem);
235
-
kfree(card);
236
235
}
237
236
238
237
static void mwifiex_pcie_shutdown(struct pci_dev *pdev)
···
2312
2313
pci_release_region(pdev, 0);
2313
2314
pci_set_drvdata(pdev, NULL);
2314
2315
}
2316
+
kfree(card);
2315
2317
}
2316
2318
2317
2319
/*
+4
-3
drivers/net/wireless/mwifiex/sdio.c
+4
-3
drivers/net/wireless/mwifiex/sdio.c
···
196
196
}
197
197
198
198
mwifiex_remove_card(card->adapter, &add_remove_card_sem);
199
-
kfree(card);
200
199
}
201
200
202
201
/*
···
1744
1745
sdio_claim_host(card->func);
1745
1746
sdio_disable_func(card->func);
1746
1747
sdio_release_host(card->func);
1747
-
sdio_set_drvdata(card->func, NULL);
1748
1748
}
1749
1749
}
1750
1750
···
1771
1773
return ret;
1772
1774
}
1773
1775
1774
-
sdio_set_drvdata(func, card);
1775
1776
1776
1777
adapter->dev = &func->dev;
1777
1778
···
1797
1800
const struct mwifiex_sdio_card_reg *reg = card->reg;
1798
1801
int ret;
1799
1802
u8 sdio_ireg;
1803
+
1804
+
sdio_set_drvdata(card->func, card);
1800
1805
1801
1806
/*
1802
1807
* Read the HOST_INT_STATUS_REG for ACK the first interrupt got
···
1882
1883
kfree(card->mpa_rx.len_arr);
1883
1884
kfree(card->mpa_tx.buf);
1884
1885
kfree(card->mpa_rx.buf);
1886
+
sdio_set_drvdata(card->func, NULL);
1887
+
kfree(card);
1885
1888
}
1886
1889
1887
1890
/*
+15
-12
drivers/net/wireless/mwifiex/usb.c
+15
-12
drivers/net/wireless/mwifiex/usb.c
···
350
350
351
351
card->udev = udev;
352
352
card->intf = intf;
353
-
usb_card = card;
354
353
355
354
pr_debug("info: bcdUSB=%#x Device Class=%#x SubClass=%#x Protocol=%#x\n",
356
355
udev->descriptor.bcdUSB, udev->descriptor.bDeviceClass,
···
524
525
static void mwifiex_usb_disconnect(struct usb_interface *intf)
525
526
{
526
527
struct usb_card_rec *card = usb_get_intfdata(intf);
527
-
struct mwifiex_adapter *adapter;
528
528
529
-
if (!card || !card->adapter) {
530
-
pr_err("%s: card or card->adapter is NULL\n", __func__);
529
+
if (!card) {
530
+
pr_err("%s: card is NULL\n", __func__);
531
531
return;
532
532
}
533
533
534
-
adapter = card->adapter;
535
-
if (!adapter->priv_num)
536
-
return;
537
-
538
534
mwifiex_usb_free(card);
539
535
540
-
dev_dbg(adapter->dev, "%s: removing card\n", __func__);
541
-
mwifiex_remove_card(adapter, &add_remove_card_sem);
536
+
if (card->adapter) {
537
+
struct mwifiex_adapter *adapter = card->adapter;
538
+
539
+
if (!adapter->priv_num)
540
+
return;
541
+
542
+
dev_dbg(adapter->dev, "%s: removing card\n", __func__);
543
+
mwifiex_remove_card(adapter, &add_remove_card_sem);
544
+
}
542
545
543
546
usb_set_intfdata(intf, NULL);
544
547
usb_put_dev(interface_to_usbdev(intf));
545
548
kfree(card);
549
+
usb_card = NULL;
546
550
547
551
return;
548
552
}
···
756
754
card->adapter = adapter;
757
755
adapter->dev = &card->udev->dev;
758
756
strcpy(adapter->fw_name, USB8797_DEFAULT_FW_NAME);
757
+
usb_card = card;
759
758
760
759
return 0;
761
760
}
···
765
762
{
766
763
struct usb_card_rec *card = (struct usb_card_rec *)adapter->card;
767
764
768
-
usb_set_intfdata(card->intf, NULL);
765
+
card->adapter = NULL;
769
766
}
770
767
771
768
static int mwifiex_prog_fw_w_helper(struct mwifiex_adapter *adapter,
···
1007
1004
if (!down_interruptible(&add_remove_card_sem))
1008
1005
up(&add_remove_card_sem);
1009
1006
1010
-
if (usb_card) {
1007
+
if (usb_card && usb_card->adapter) {
1011
1008
struct mwifiex_adapter *adapter = usb_card->adapter;
1012
1009
int i;
1013
1010
+2
-1
drivers/net/wireless/rt2x00/rt2x00dev.c
+2
-1
drivers/net/wireless/rt2x00/rt2x00dev.c
···
181
181
static void rt2x00lib_bc_buffer_iter(void *data, u8 *mac,
182
182
struct ieee80211_vif *vif)
183
183
{
184
+
struct ieee80211_tx_control control = {};
184
185
struct rt2x00_dev *rt2x00dev = data;
185
186
struct sk_buff *skb;
186
187
···
196
195
*/
197
196
skb = ieee80211_get_buffered_bc(rt2x00dev->hw, vif);
198
197
while (skb) {
199
-
rt2x00mac_tx(rt2x00dev->hw, NULL, skb);
198
+
rt2x00mac_tx(rt2x00dev->hw, &control, skb);
200
199
skb = ieee80211_get_buffered_bc(rt2x00dev->hw, vif);
201
200
}
202
201
}
+3
-3
drivers/net/wireless/rtlwifi/rtl8192cu/mac.c
+3
-3
drivers/net/wireless/rtlwifi/rtl8192cu/mac.c
···
769
769
770
770
static void _rtl92c_query_rxphystatus(struct ieee80211_hw *hw,
771
771
struct rtl_stats *pstats,
772
-
struct rx_desc_92c *pdesc,
772
+
struct rx_desc_92c *p_desc,
773
773
struct rx_fwinfo_92c *p_drvinfo,
774
774
bool packet_match_bssid,
775
775
bool packet_toself,
···
784
784
u32 rssi, total_rssi = 0;
785
785
bool in_powersavemode = false;
786
786
bool is_cck_rate;
787
+
u8 *pdesc = (u8 *)p_desc;
787
788
788
-
is_cck_rate = RX_HAL_IS_CCK_RATE(pdesc);
789
+
is_cck_rate = RX_HAL_IS_CCK_RATE(p_desc);
789
790
pstats->packet_matchbssid = packet_match_bssid;
790
791
pstats->packet_toself = packet_toself;
791
-
pstats->is_cck = is_cck_rate;
792
792
pstats->packet_beacon = packet_beacon;
793
793
pstats->is_cck = is_cck_rate;
794
794
pstats->RX_SIGQ[0] = -1;
+3
-3
drivers/net/wireless/rtlwifi/rtl8192cu/trx.c
+3
-3
drivers/net/wireless/rtlwifi/rtl8192cu/trx.c
···
303
303
bool rtl92cu_rx_query_desc(struct ieee80211_hw *hw,
304
304
struct rtl_stats *stats,
305
305
struct ieee80211_rx_status *rx_status,
306
-
u8 *p_desc, struct sk_buff *skb)
306
+
u8 *pdesc, struct sk_buff *skb)
307
307
{
308
308
struct rx_fwinfo_92c *p_drvinfo;
309
-
struct rx_desc_92c *pdesc = (struct rx_desc_92c *)p_desc;
309
+
struct rx_desc_92c *p_desc = (struct rx_desc_92c *)pdesc;
310
310
u32 phystatus = GET_RX_DESC_PHY_STATUS(pdesc);
311
311
312
312
stats->length = (u16) GET_RX_DESC_PKT_LEN(pdesc);
···
345
345
if (phystatus) {
346
346
p_drvinfo = (struct rx_fwinfo_92c *)(skb->data +
347
347
stats->rx_bufshift);
348
-
rtl92c_translate_rx_signal_stuff(hw, skb, stats, pdesc,
348
+
rtl92c_translate_rx_signal_stuff(hw, skb, stats, p_desc,
349
349
p_drvinfo);
350
350
}
351
351
/*rx_status->qual = stats->signal; */
+3
-3
drivers/net/xen-netback/interface.c
+3
-3
drivers/net/xen-netback/interface.c
···
461
461
if (netif_carrier_ok(vif->dev))
462
462
xenvif_carrier_off(vif);
463
463
464
+
if (vif->task)
465
+
kthread_stop(vif->task);
466
+
464
467
if (vif->tx_irq) {
465
468
if (vif->tx_irq == vif->rx_irq)
466
469
unbind_from_irqhandler(vif->tx_irq, vif);
···
473
470
}
474
471
vif->tx_irq = 0;
475
472
}
476
-
477
-
if (vif->task)
478
-
kthread_stop(vif->task);
479
473
480
474
xenvif_unmap_frontend_rings(vif);
481
475
}
+8
include/linux/net.h
+8
include/linux/net.h
···
164
164
#endif
165
165
int (*sendmsg) (struct kiocb *iocb, struct socket *sock,
166
166
struct msghdr *m, size_t total_len);
167
+
/* Notes for implementing recvmsg:
168
+
* ===============================
169
+
* msg->msg_namelen should get updated by the recvmsg handlers
170
+
* iff msg_name != NULL. It is by default 0 to prevent
171
+
* returning uninitialized memory to user space. The recvfrom
172
+
* handlers can assume that msg.msg_name is either NULL or has
173
+
* a minimum size of sizeof(struct sockaddr_storage).
174
+
*/
167
175
int (*recvmsg) (struct kiocb *iocb, struct socket *sock,
168
176
struct msghdr *m, size_t total_len,
169
177
int flags);
+1
include/linux/phy.h
+1
include/linux/phy.h
···
559
559
return phydev->drv->read_status(phydev);
560
560
}
561
561
562
+
int genphy_setup_forced(struct phy_device *phydev);
562
563
int genphy_restart_aneg(struct phy_device *phydev);
563
564
int genphy_config_aneg(struct phy_device *phydev);
564
565
int genphy_update_link(struct phy_device *phydev);
+4
-4
include/net/genetlink.h
+4
-4
include/net/genetlink.h
···
265
265
struct net *net, struct sk_buff *skb,
266
266
u32 portid, unsigned int group, gfp_t flags)
267
267
{
268
-
if (group >= family->n_mcgrps)
268
+
if (WARN_ON_ONCE(group >= family->n_mcgrps))
269
269
return -EINVAL;
270
270
group = family->mcgrp_offset + group;
271
271
return nlmsg_multicast(net->genl_sock, skb, portid, group, flags);
···
283
283
struct sk_buff *skb, u32 portid,
284
284
unsigned int group, gfp_t flags)
285
285
{
286
-
if (group >= family->n_mcgrps)
287
-
return -EINVAL;
288
-
group = family->mcgrp_offset + group;
289
286
return genlmsg_multicast_netns(family, &init_net, skb,
290
287
portid, group, flags);
291
288
}
···
384
387
static inline int genl_set_err(struct genl_family *family, struct net *net,
385
388
u32 portid, u32 group, int code)
386
389
{
390
+
if (WARN_ON_ONCE(group >= family->n_mcgrps))
391
+
return -EINVAL;
392
+
group = family->mcgrp_offset + group;
387
393
return netlink_set_err(net->genl_sock, portid, group, code);
388
394
}
389
395
+7
-9
net/appletalk/ddp.c
+7
-9
net/appletalk/ddp.c
···
1735
1735
size_t size, int flags)
1736
1736
{
1737
1737
struct sock *sk = sock->sk;
1738
-
struct sockaddr_at *sat = (struct sockaddr_at *)msg->msg_name;
1739
1738
struct ddpehdr *ddp;
1740
1739
int copied = 0;
1741
1740
int offset = 0;
···
1763
1764
}
1764
1765
err = skb_copy_datagram_iovec(skb, offset, msg->msg_iov, copied);
1765
1766
1766
-
if (!err) {
1767
-
if (sat) {
1768
-
sat->sat_family = AF_APPLETALK;
1769
-
sat->sat_port = ddp->deh_sport;
1770
-
sat->sat_addr.s_node = ddp->deh_snode;
1771
-
sat->sat_addr.s_net = ddp->deh_snet;
1772
-
}
1773
-
msg->msg_namelen = sizeof(*sat);
1767
+
if (!err && msg->msg_name) {
1768
+
struct sockaddr_at *sat = msg->msg_name;
1769
+
sat->sat_family = AF_APPLETALK;
1770
+
sat->sat_port = ddp->deh_sport;
1771
+
sat->sat_addr.s_node = ddp->deh_snode;
1772
+
sat->sat_addr.s_net = ddp->deh_snet;
1773
+
msg->msg_namelen = sizeof(*sat);
1774
1774
}
1775
1775
1776
1776
skb_free_datagram(sk, skb); /* Free the datagram. */
-2
net/atm/common.c
-2
net/atm/common.c
+2
-2
net/ax25/af_ax25.c
+2
-2
net/ax25/af_ax25.c
···
1636
1636
1637
1637
skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
1638
1638
1639
-
if (msg->msg_namelen != 0) {
1640
-
struct sockaddr_ax25 *sax = (struct sockaddr_ax25 *)msg->msg_name;
1639
+
if (msg->msg_name) {
1641
1640
ax25_digi digi;
1642
1641
ax25_address src;
1643
1642
const unsigned char *mac = skb_mac_header(skb);
1643
+
struct sockaddr_ax25 *sax = msg->msg_name;
1644
1644
1645
1645
memset(sax, 0, sizeof(struct full_sockaddr_ax25));
1646
1646
ax25_addr_parse(mac + 1, skb->data - mac - 1, &src, NULL,
+2
-7
net/bluetooth/af_bluetooth.c
+2
-7
net/bluetooth/af_bluetooth.c
···
224
224
225
225
skb = skb_recv_datagram(sk, flags, noblock, &err);
226
226
if (!skb) {
227
-
if (sk->sk_shutdown & RCV_SHUTDOWN) {
228
-
msg->msg_namelen = 0;
227
+
if (sk->sk_shutdown & RCV_SHUTDOWN)
229
228
return 0;
230
-
}
229
+
231
230
return err;
232
231
}
233
232
···
244
245
if (bt_sk(sk)->skb_msg_name)
245
246
bt_sk(sk)->skb_msg_name(skb, msg->msg_name,
246
247
&msg->msg_namelen);
247
-
else
248
-
msg->msg_namelen = 0;
249
248
}
250
249
251
250
skb_free_datagram(sk, skb);
···
291
294
292
295
if (flags & MSG_OOB)
293
296
return -EOPNOTSUPP;
294
-
295
-
msg->msg_namelen = 0;
296
297
297
298
BT_DBG("sk %p size %zu", sk, size);
298
299
-2
net/bluetooth/hci_sock.c
-2
net/bluetooth/hci_sock.c
+3
net/bluetooth/l2cap_core.c
+3
net/bluetooth/l2cap_core.c
+3
net/bluetooth/rfcomm/core.c
+3
net/bluetooth/rfcomm/core.c
···
694
694
addr.l2_family = AF_BLUETOOTH;
695
695
addr.l2_psm = 0;
696
696
addr.l2_cid = 0;
697
+
addr.l2_bdaddr_type = BDADDR_BREDR;
697
698
*err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
698
699
if (*err < 0)
699
700
goto failed;
···
720
719
addr.l2_family = AF_BLUETOOTH;
721
720
addr.l2_psm = __constant_cpu_to_le16(RFCOMM_PSM);
722
721
addr.l2_cid = 0;
722
+
addr.l2_bdaddr_type = BDADDR_BREDR;
723
723
*err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
724
724
if (*err == 0 || *err == -EINPROGRESS)
725
725
return s;
···
1985
1983
addr.l2_family = AF_BLUETOOTH;
1986
1984
addr.l2_psm = __constant_cpu_to_le16(RFCOMM_PSM);
1987
1985
addr.l2_cid = 0;
1986
+
addr.l2_bdaddr_type = BDADDR_BREDR;
1988
1987
err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1989
1988
if (err < 0) {
1990
1989
BT_ERR("Bind failed %d", err);
+5
-2
net/bluetooth/rfcomm/sock.c
+5
-2
net/bluetooth/rfcomm/sock.c
···
615
615
616
616
if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
617
617
rfcomm_dlc_accept(d);
618
-
msg->msg_namelen = 0;
619
618
return 0;
620
619
}
621
620
···
738
739
static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
739
740
{
740
741
struct sock *sk = sock->sk;
742
+
struct sock *l2cap_sk;
743
+
struct l2cap_conn *conn;
741
744
struct rfcomm_conninfo cinfo;
742
-
struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
743
745
int len, err = 0;
744
746
u32 opt;
745
747
···
782
782
err = -ENOTCONN;
783
783
break;
784
784
}
785
+
786
+
l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk;
787
+
conn = l2cap_pi(l2cap_sk)->chan->conn;
785
788
786
789
memset(&cinfo, 0, sizeof(cinfo));
787
790
cinfo.hci_handle = conn->hcon->handle;
-1
net/bluetooth/sco.c
-1
net/bluetooth/sco.c
+3
net/bluetooth/smp.c
+3
net/bluetooth/smp.c
+2
net/bridge/br_if.c
+2
net/bridge/br_if.c
+5
-3
net/bridge/netfilter/ebt_ip6.c
+5
-3
net/bridge/netfilter/ebt_ip6.c
···
48
48
if (info->bitmask & EBT_IP6_TCLASS &&
49
49
FWINV(info->tclass != ipv6_get_dsfield(ih6), EBT_IP6_TCLASS))
50
50
return false;
51
-
if (FWINV(ipv6_masked_addr_cmp(&ih6->saddr, &info->smsk,
52
-
&info->saddr), EBT_IP6_SOURCE) ||
51
+
if ((info->bitmask & EBT_IP6_SOURCE &&
52
+
FWINV(ipv6_masked_addr_cmp(&ih6->saddr, &info->smsk,
53
+
&info->saddr), EBT_IP6_SOURCE)) ||
54
+
(info->bitmask & EBT_IP6_DEST &&
53
55
FWINV(ipv6_masked_addr_cmp(&ih6->daddr, &info->dmsk,
54
-
&info->daddr), EBT_IP6_DEST))
56
+
&info->daddr), EBT_IP6_DEST)))
55
57
return false;
56
58
if (info->bitmask & EBT_IP6_PROTO) {
57
59
uint8_t nexthdr = ih6->nexthdr;
-4
net/caif/caif_socket.c
-4
net/caif/caif_socket.c
···
286
286
if (m->msg_flags&MSG_OOB)
287
287
goto read_error;
288
288
289
-
m->msg_namelen = 0;
290
-
291
289
skb = skb_recv_datagram(sk, flags, 0 , &ret);
292
290
if (!skb)
293
291
goto read_error;
···
358
360
err = -EOPNOTSUPP;
359
361
if (flags&MSG_OOB)
360
362
goto out;
361
-
362
-
msg->msg_namelen = 0;
363
363
364
364
/*
365
365
* Lock the socket to prevent queue disordering
+2
-1
net/compat.c
+2
-1
net/compat.c
+1
-1
net/core/dev.c
+1
-1
net/core/dev.c
+2
-1
net/core/iovec.c
+2
-1
net/core/iovec.c
+50
-25
net/core/skbuff.c
+50
-25
net/core/skbuff.c
···
2796
2796
struct sk_buff *segs = NULL;
2797
2797
struct sk_buff *tail = NULL;
2798
2798
struct sk_buff *fskb = skb_shinfo(skb)->frag_list;
2799
+
skb_frag_t *skb_frag = skb_shinfo(skb)->frags;
2799
2800
unsigned int mss = skb_shinfo(skb)->gso_size;
2800
2801
unsigned int doffset = skb->data - skb_mac_header(skb);
2801
2802
unsigned int offset = doffset;
···
2836
2835
if (hsize > len || !sg)
2837
2836
hsize = len;
2838
2837
2839
-
if (!hsize && i >= nfrags) {
2840
-
BUG_ON(fskb->len != len);
2838
+
if (!hsize && i >= nfrags && skb_headlen(fskb) &&
2839
+
(skb_headlen(fskb) == len || sg)) {
2840
+
BUG_ON(skb_headlen(fskb) > len);
2841
2841
2842
-
pos += len;
2842
+
i = 0;
2843
+
nfrags = skb_shinfo(fskb)->nr_frags;
2844
+
skb_frag = skb_shinfo(fskb)->frags;
2845
+
pos += skb_headlen(fskb);
2846
+
2847
+
while (pos < offset + len) {
2848
+
BUG_ON(i >= nfrags);
2849
+
2850
+
size = skb_frag_size(skb_frag);
2851
+
if (pos + size > offset + len)
2852
+
break;
2853
+
2854
+
i++;
2855
+
pos += size;
2856
+
skb_frag++;
2857
+
}
2858
+
2843
2859
nskb = skb_clone(fskb, GFP_ATOMIC);
2844
2860
fskb = fskb->next;
2845
2861
2846
2862
if (unlikely(!nskb))
2847
2863
goto err;
2864
+
2865
+
if (unlikely(pskb_trim(nskb, len))) {
2866
+
kfree_skb(nskb);
2867
+
goto err;
2868
+
}
2848
2869
2849
2870
hsize = skb_end_offset(nskb);
2850
2871
if (skb_cow_head(nskb, doffset + headroom)) {
···
2904
2881
nskb->data - tnl_hlen,
2905
2882
doffset + tnl_hlen);
2906
2883
2907
-
if (fskb != skb_shinfo(skb)->frag_list)
2884
+
if (nskb->len == len + doffset)
2908
2885
goto perform_csum_check;
2909
2886
2910
2887
if (!sg) {
···
2922
2899
2923
2900
skb_shinfo(nskb)->tx_flags = skb_shinfo(skb)->tx_flags & SKBTX_SHARED_FRAG;
2924
2901
2925
-
while (pos < offset + len && i < nfrags) {
2926
-
*frag = skb_shinfo(skb)->frags[i];
2902
+
while (pos < offset + len) {
2903
+
if (i >= nfrags) {
2904
+
BUG_ON(skb_headlen(fskb));
2905
+
2906
+
i = 0;
2907
+
nfrags = skb_shinfo(fskb)->nr_frags;
2908
+
skb_frag = skb_shinfo(fskb)->frags;
2909
+
2910
+
BUG_ON(!nfrags);
2911
+
2912
+
fskb = fskb->next;
2913
+
}
2914
+
2915
+
if (unlikely(skb_shinfo(nskb)->nr_frags >=
2916
+
MAX_SKB_FRAGS)) {
2917
+
net_warn_ratelimited(
2918
+
"skb_segment: too many frags: %u %u\n",
2919
+
pos, mss);
2920
+
goto err;
2921
+
}
2922
+
2923
+
*frag = *skb_frag;
2927
2924
__skb_frag_ref(frag);
2928
2925
size = skb_frag_size(frag);
2929
2926
···
2956
2913
2957
2914
if (pos + size <= offset + len) {
2958
2915
i++;
2916
+
skb_frag++;
2959
2917
pos += size;
2960
2918
} else {
2961
2919
skb_frag_size_sub(frag, pos + size - (offset + len));
···
2964
2920
}
2965
2921
2966
2922
frag++;
2967
-
}
2968
-
2969
-
if (pos < offset + len) {
2970
-
struct sk_buff *fskb2 = fskb;
2971
-
2972
-
BUG_ON(pos + fskb->len != offset + len);
2973
-
2974
-
pos += fskb->len;
2975
-
fskb = fskb->next;
2976
-
2977
-
if (fskb2->next) {
2978
-
fskb2 = skb_clone(fskb2, GFP_ATOMIC);
2979
-
if (!fskb2)
2980
-
goto err;
2981
-
} else
2982
-
skb_get(fskb2);
2983
-
2984
-
SKB_FRAG_ASSERT(nskb);
2985
-
skb_shinfo(nskb)->frag_list = fskb2;
2986
2923
}
2987
2924
2988
2925
skip_fraglist:
+1
net/ipv4/netfilter/ipt_SYNPROXY.c
+1
net/ipv4/netfilter/ipt_SYNPROXY.c
+6
-2
net/ipv4/route.c
+6
-2
net/ipv4/route.c
···
1776
1776
rth->dst.error= -err;
1777
1777
rth->rt_flags &= ~RTCF_LOCAL;
1778
1778
}
1779
-
if (do_cache)
1780
-
rt_cache_route(&FIB_RES_NH(res), rth);
1779
+
if (do_cache) {
1780
+
if (unlikely(!rt_cache_route(&FIB_RES_NH(res), rth))) {
1781
+
rth->dst.flags |= DST_NOCACHE;
1782
+
rt_add_uncached_list(rth);
1783
+
}
1784
+
}
1781
1785
skb_dst_set(skb, &rth->dst);
1782
1786
err = 0;
1783
1787
goto out;
+1
net/ipv6/netfilter/ip6t_SYNPROXY.c
+1
net/ipv6/netfilter/ip6t_SYNPROXY.c
+1
-2
net/ipx/af_ipx.c
+1
-2
net/ipx/af_ipx.c
···
1823
1823
if (skb->tstamp.tv64)
1824
1824
sk->sk_stamp = skb->tstamp;
1825
1825
1826
-
msg->msg_namelen = sizeof(*sipx);
1827
-
1828
1826
if (sipx) {
1829
1827
sipx->sipx_family = AF_IPX;
1830
1828
sipx->sipx_port = ipx->ipx_source.sock;
···
1830
1832
sipx->sipx_network = IPX_SKB_CB(skb)->ipx_source_net;
1831
1833
sipx->sipx_type = ipx->ipx_type;
1832
1834
sipx->sipx_zero = 0;
1835
+
msg->msg_namelen = sizeof(*sipx);
1833
1836
}
1834
1837
rc = copied;
1835
1838
-4
net/irda/af_irda.c
-4
net/irda/af_irda.c
···
1385
1385
1386
1386
IRDA_DEBUG(4, "%s()\n", __func__);
1387
1387
1388
-
msg->msg_namelen = 0;
1389
-
1390
1388
skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT,
1391
1389
flags & MSG_DONTWAIT, &err);
1392
1390
if (!skb)
···
1448
1450
err = 0;
1449
1451
target = sock_rcvlowat(sk, flags & MSG_WAITALL, size);
1450
1452
timeo = sock_rcvtimeo(sk, noblock);
1451
-
1452
-
msg->msg_namelen = 0;
1453
1453
1454
1454
do {
1455
1455
int chunk;
-2
net/iucv/af_iucv.c
-2
net/iucv/af_iucv.c
-1
net/key/af_key.c
-1
net/key/af_key.c
-2
net/l2tp/l2tp_ppp.c
-2
net/l2tp/l2tp_ppp.c
-2
net/llc/af_llc.c
-2
net/llc/af_llc.c
+1
-1
net/netfilter/Kconfig
+1
-1
net/netfilter/Kconfig
+2
-1
net/netfilter/nf_conntrack_core.c
+2
-1
net/netfilter/nf_conntrack_core.c
···
764
764
struct net *net = nf_ct_net(ct);
765
765
766
766
nf_ct_ext_destroy(ct);
767
-
atomic_dec(&net->ct.count);
768
767
nf_ct_ext_free(ct);
769
768
kmem_cache_free(net->ct.nf_conntrack_cachep, ct);
769
+
smp_mb__before_atomic_dec();
770
+
atomic_dec(&net->ct.count);
770
771
}
771
772
EXPORT_SYMBOL_GPL(nf_conntrack_free);
772
773
+2
-2
net/netfilter/nf_conntrack_seqadj.c
+2
-2
net/netfilter/nf_conntrack_seqadj.c
···
41
41
spin_lock_bh(&ct->lock);
42
42
this_way = &seqadj->seq[dir];
43
43
if (this_way->offset_before == this_way->offset_after ||
44
-
before(this_way->correction_pos, seq)) {
45
-
this_way->correction_pos = seq;
44
+
before(this_way->correction_pos, ntohl(seq))) {
45
+
this_way->correction_pos = ntohl(seq);
46
46
this_way->offset_before = this_way->offset_after;
47
47
this_way->offset_after += off;
48
48
}
+4
-3
net/netfilter/nf_synproxy_core.c
+4
-3
net/netfilter/nf_synproxy_core.c
···
151
151
opts->tsecr = opts->tsval;
152
152
opts->tsval = tcp_time_stamp & ~0x3f;
153
153
154
-
if (opts->options & XT_SYNPROXY_OPT_WSCALE)
155
-
opts->tsval |= info->wscale;
156
-
else
154
+
if (opts->options & XT_SYNPROXY_OPT_WSCALE) {
155
+
opts->tsval |= opts->wscale;
156
+
opts->wscale = info->wscale;
157
+
} else
157
158
opts->tsval |= 0xf;
158
159
159
160
if (opts->options & XT_SYNPROXY_OPT_SACK_PERM)
+13
-6
net/netfilter/nft_compat.c
+13
-6
net/netfilter/nft_compat.c
···
128
128
[NFTA_RULE_COMPAT_FLAGS] = { .type = NLA_U32 },
129
129
};
130
130
131
-
static u8 nft_parse_compat(const struct nlattr *attr, bool *inv)
131
+
static int nft_parse_compat(const struct nlattr *attr, u8 *proto, bool *inv)
132
132
{
133
133
struct nlattr *tb[NFTA_RULE_COMPAT_MAX+1];
134
134
u32 flags;
···
148
148
if (flags & NFT_RULE_COMPAT_F_INV)
149
149
*inv = true;
150
150
151
-
return ntohl(nla_get_be32(tb[NFTA_RULE_COMPAT_PROTO]));
151
+
*proto = ntohl(nla_get_be32(tb[NFTA_RULE_COMPAT_PROTO]));
152
+
return 0;
152
153
}
153
154
154
155
static int
···
167
166
168
167
target_compat_from_user(target, nla_data(tb[NFTA_TARGET_INFO]), info);
169
168
170
-
if (ctx->nla[NFTA_RULE_COMPAT])
171
-
proto = nft_parse_compat(ctx->nla[NFTA_RULE_COMPAT], &inv);
169
+
if (ctx->nla[NFTA_RULE_COMPAT]) {
170
+
ret = nft_parse_compat(ctx->nla[NFTA_RULE_COMPAT], &proto, &inv);
171
+
if (ret < 0)
172
+
goto err;
173
+
}
172
174
173
175
nft_target_set_tgchk_param(&par, ctx, target, info, &e, proto, inv);
174
176
···
360
356
361
357
match_compat_from_user(match, nla_data(tb[NFTA_MATCH_INFO]), info);
362
358
363
-
if (ctx->nla[NFTA_RULE_COMPAT])
364
-
proto = nft_parse_compat(ctx->nla[NFTA_RULE_COMPAT], &inv);
359
+
if (ctx->nla[NFTA_RULE_COMPAT]) {
360
+
ret = nft_parse_compat(ctx->nla[NFTA_RULE_COMPAT], &proto, &inv);
361
+
if (ret < 0)
362
+
goto err;
363
+
}
365
364
366
365
nft_match_set_mtchk_param(&par, ctx, match, info, &e, proto, inv);
367
366
-2
net/netlink/af_netlink.c
-2
net/netlink/af_netlink.c
+2
-2
net/netlink/genetlink.c
+2
-2
net/netlink/genetlink.c
···
1045
1045
int genlmsg_multicast_allns(struct genl_family *family, struct sk_buff *skb,
1046
1046
u32 portid, unsigned int group, gfp_t flags)
1047
1047
{
1048
-
if (group >= family->n_mcgrps)
1048
+
if (WARN_ON_ONCE(group >= family->n_mcgrps))
1049
1049
return -EINVAL;
1050
1050
group = family->mcgrp_offset + group;
1051
1051
return genlmsg_mcast(skb, portid, group, flags);
···
1062
1062
if (nlh)
1063
1063
report = nlmsg_report(nlh);
1064
1064
1065
-
if (group >= family->n_mcgrps)
1065
+
if (WARN_ON_ONCE(group >= family->n_mcgrps))
1066
1066
return;
1067
1067
group = family->mcgrp_offset + group;
1068
1068
nlmsg_notify(sk, skb, portid, group, report, flags);
+1
-2
net/netrom/af_netrom.c
+1
-2
net/netrom/af_netrom.c
···
1179
1179
sax->sax25_family = AF_NETROM;
1180
1180
skb_copy_from_linear_data_offset(skb, 7, sax->sax25_call.ax25_call,
1181
1181
AX25_ADDR_LEN);
1182
+
msg->msg_namelen = sizeof(*sax);
1182
1183
}
1183
-
1184
-
msg->msg_namelen = sizeof(*sax);
1185
1184
1186
1185
skb_free_datagram(sk, skb);
1187
1186
-2
net/nfc/llcp_sock.c
-2
net/nfc/llcp_sock.c
-2
net/nfc/rawsock.c
-2
net/nfc/rawsock.c
+52
-41
net/packet/af_packet.c
+52
-41
net/packet/af_packet.c
···
244
244
static void register_prot_hook(struct sock *sk)
245
245
{
246
246
struct packet_sock *po = pkt_sk(sk);
247
+
247
248
if (!po->running) {
248
-
if (po->fanout)
249
+
if (po->fanout) {
249
250
__fanout_link(sk, po);
250
-
else
251
+
} else {
251
252
dev_add_pack(&po->prot_hook);
253
+
rcu_assign_pointer(po->cached_dev, po->prot_hook.dev);
254
+
}
255
+
252
256
sock_hold(sk);
253
257
po->running = 1;
254
258
}
···
270
266
struct packet_sock *po = pkt_sk(sk);
271
267
272
268
po->running = 0;
273
-
if (po->fanout)
269
+
if (po->fanout) {
274
270
__fanout_unlink(sk, po);
275
-
else
271
+
} else {
276
272
__dev_remove_pack(&po->prot_hook);
273
+
RCU_INIT_POINTER(po->cached_dev, NULL);
274
+
}
275
+
277
276
__sock_put(sk);
278
277
279
278
if (sync) {
···
2059
2052
return tp_len;
2060
2053
}
2061
2054
2055
+
static struct net_device *packet_cached_dev_get(struct packet_sock *po)
2056
+
{
2057
+
struct net_device *dev;
2058
+
2059
+
rcu_read_lock();
2060
+
dev = rcu_dereference(po->cached_dev);
2061
+
if (dev)
2062
+
dev_hold(dev);
2063
+
rcu_read_unlock();
2064
+
2065
+
return dev;
2066
+
}
2067
+
2062
2068
static int tpacket_snd(struct packet_sock *po, struct msghdr *msg)
2063
2069
{
2064
2070
struct sk_buff *skb;
2065
2071
struct net_device *dev;
2066
2072
__be16 proto;
2067
-
bool need_rls_dev = false;
2068
2073
int err, reserve = 0;
2069
2074
void *ph;
2070
2075
struct sockaddr_ll *saddr = (struct sockaddr_ll *)msg->msg_name;
···
2089
2070
mutex_lock(&po->pg_vec_lock);
2090
2071
2091
2072
if (saddr == NULL) {
2092
-
dev = po->prot_hook.dev;
2073
+
dev = packet_cached_dev_get(po);
2093
2074
proto = po->num;
2094
2075
addr = NULL;
2095
2076
} else {
···
2103
2084
proto = saddr->sll_protocol;
2104
2085
addr = saddr->sll_addr;
2105
2086
dev = dev_get_by_index(sock_net(&po->sk), saddr->sll_ifindex);
2106
-
need_rls_dev = true;
2107
2087
}
2108
2088
2109
2089
err = -ENXIO;
2110
2090
if (unlikely(dev == NULL))
2111
2091
goto out;
2112
-
2113
-
reserve = dev->hard_header_len;
2114
-
2115
2092
err = -ENETDOWN;
2116
2093
if (unlikely(!(dev->flags & IFF_UP)))
2117
2094
goto out_put;
2095
+
2096
+
reserve = dev->hard_header_len;
2118
2097
2119
2098
size_max = po->tx_ring.frame_size
2120
2099
- (po->tp_hdrlen - sizeof(struct sockaddr_ll));
···
2190
2173
__packet_set_status(po, ph, status);
2191
2174
kfree_skb(skb);
2192
2175
out_put:
2193
-
if (need_rls_dev)
2194
-
dev_put(dev);
2176
+
dev_put(dev);
2195
2177
out:
2196
2178
mutex_unlock(&po->pg_vec_lock);
2197
2179
return err;
···
2228
2212
struct sk_buff *skb;
2229
2213
struct net_device *dev;
2230
2214
__be16 proto;
2231
-
bool need_rls_dev = false;
2232
2215
unsigned char *addr;
2233
2216
int err, reserve = 0;
2234
2217
struct virtio_net_hdr vnet_hdr = { 0 };
···
2243
2228
*/
2244
2229
2245
2230
if (saddr == NULL) {
2246
-
dev = po->prot_hook.dev;
2231
+
dev = packet_cached_dev_get(po);
2247
2232
proto = po->num;
2248
2233
addr = NULL;
2249
2234
} else {
···
2255
2240
proto = saddr->sll_protocol;
2256
2241
addr = saddr->sll_addr;
2257
2242
dev = dev_get_by_index(sock_net(sk), saddr->sll_ifindex);
2258
-
need_rls_dev = true;
2259
2243
}
2260
2244
2261
2245
err = -ENXIO;
2262
-
if (dev == NULL)
2246
+
if (unlikely(dev == NULL))
2263
2247
goto out_unlock;
2248
+
err = -ENETDOWN;
2249
+
if (unlikely(!(dev->flags & IFF_UP)))
2250
+
goto out_unlock;
2251
+
2264
2252
if (sock->type == SOCK_RAW)
2265
2253
reserve = dev->hard_header_len;
2266
-
2267
-
err = -ENETDOWN;
2268
-
if (!(dev->flags & IFF_UP))
2269
-
goto out_unlock;
2270
-
2271
2254
if (po->has_vnet_hdr) {
2272
2255
vnet_hdr_len = sizeof(vnet_hdr);
2273
2256
···
2399
2386
if (err > 0 && (err = net_xmit_errno(err)) != 0)
2400
2387
goto out_unlock;
2401
2388
2402
-
if (need_rls_dev)
2403
-
dev_put(dev);
2389
+
dev_put(dev);
2404
2390
2405
2391
return len;
2406
2392
2407
2393
out_free:
2408
2394
kfree_skb(skb);
2409
2395
out_unlock:
2410
-
if (dev && need_rls_dev)
2396
+
if (dev)
2411
2397
dev_put(dev);
2412
2398
out:
2413
2399
return err;
···
2626
2614
po = pkt_sk(sk);
2627
2615
sk->sk_family = PF_PACKET;
2628
2616
po->num = proto;
2617
+
RCU_INIT_POINTER(po->cached_dev, NULL);
2629
2618
2630
2619
sk->sk_destruct = packet_sock_destruct;
2631
2620
sk_refcnt_debug_inc(sk);
···
2673
2660
struct sock *sk = sock->sk;
2674
2661
struct sk_buff *skb;
2675
2662
int copied, err;
2676
-
struct sockaddr_ll *sll;
2677
2663
int vnet_hdr_len = 0;
2678
2664
2679
2665
err = -EINVAL;
···
2756
2744
goto out_free;
2757
2745
}
2758
2746
2759
-
/*
2760
-
* If the address length field is there to be filled in, we fill
2761
-
* it in now.
2747
+
/* You lose any data beyond the buffer you gave. If it worries
2748
+
* a user program they can ask the device for its MTU
2749
+
* anyway.
2762
2750
*/
2763
-
2764
-
sll = &PACKET_SKB_CB(skb)->sa.ll;
2765
-
if (sock->type == SOCK_PACKET)
2766
-
msg->msg_namelen = sizeof(struct sockaddr_pkt);
2767
-
else
2768
-
msg->msg_namelen = sll->sll_halen + offsetof(struct sockaddr_ll, sll_addr);
2769
-
2770
-
/*
2771
-
* You lose any data beyond the buffer you gave. If it worries a
2772
-
* user program they can ask the device for its MTU anyway.
2773
-
*/
2774
-
2775
2751
copied = skb->len;
2776
2752
if (copied > len) {
2777
2753
copied = len;
···
2772
2772
2773
2773
sock_recv_ts_and_drops(msg, sk, skb);
2774
2774
2775
-
if (msg->msg_name)
2775
+
if (msg->msg_name) {
2776
+
/* If the address length field is there to be filled
2777
+
* in, we fill it in now.
2778
+
*/
2779
+
if (sock->type == SOCK_PACKET) {
2780
+
msg->msg_namelen = sizeof(struct sockaddr_pkt);
2781
+
} else {
2782
+
struct sockaddr_ll *sll = &PACKET_SKB_CB(skb)->sa.ll;
2783
+
msg->msg_namelen = sll->sll_halen +
2784
+
offsetof(struct sockaddr_ll, sll_addr);
2785
+
}
2776
2786
memcpy(msg->msg_name, &PACKET_SKB_CB(skb)->sa,
2777
2787
msg->msg_namelen);
2788
+
}
2778
2789
2779
2790
if (pkt_sk(sk)->auxdata) {
2780
2791
struct tpacket_auxdata aux;
+1
net/packet/internal.h
+1
net/packet/internal.h
-2
net/rds/recv.c
-2
net/rds/recv.c
+5
-3
net/rose/af_rose.c
+5
-3
net/rose/af_rose.c
···
1216
1216
{
1217
1217
struct sock *sk = sock->sk;
1218
1218
struct rose_sock *rose = rose_sk(sk);
1219
-
struct sockaddr_rose *srose = (struct sockaddr_rose *)msg->msg_name;
1220
1219
size_t copied;
1221
1220
unsigned char *asmptr;
1222
1221
struct sk_buff *skb;
···
1251
1252
1252
1253
skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
1253
1254
1254
-
if (srose != NULL) {
1255
-
memset(srose, 0, msg->msg_namelen);
1255
+
if (msg->msg_name) {
1256
+
struct sockaddr_rose *srose;
1257
+
1258
+
memset(msg->msg_name, 0, sizeof(struct full_sockaddr_rose));
1259
+
srose = msg->msg_name;
1256
1260
srose->srose_family = AF_ROSE;
1257
1261
srose->srose_addr = rose->dest_addr;
1258
1262
srose->srose_call = rose->dest_call;
+6
-3
net/rxrpc/ar-recvmsg.c
+6
-3
net/rxrpc/ar-recvmsg.c
···
143
143
144
144
/* copy the peer address and timestamp */
145
145
if (!continue_call) {
146
-
if (msg->msg_name && msg->msg_namelen > 0)
146
+
if (msg->msg_name) {
147
+
size_t len =
148
+
sizeof(call->conn->trans->peer->srx);
147
149
memcpy(msg->msg_name,
148
-
&call->conn->trans->peer->srx,
149
-
sizeof(call->conn->trans->peer->srx));
150
+
&call->conn->trans->peer->srx, len);
151
+
msg->msg_namelen = len;
152
+
}
150
153
sock_recv_ts_and_drops(msg, &rx->sk, skb);
151
154
}
152
155
+13
-9
net/socket.c
+13
-9
net/socket.c
···
221
221
int err;
222
222
int len;
223
223
224
+
BUG_ON(klen > sizeof(struct sockaddr_storage));
224
225
err = get_user(len, ulen);
225
226
if (err)
226
227
return err;
227
228
if (len > klen)
228
229
len = klen;
229
-
if (len < 0 || len > sizeof(struct sockaddr_storage))
230
+
if (len < 0)
230
231
return -EINVAL;
231
232
if (len) {
232
233
if (audit_sockaddr(klen, kaddr))
···
1841
1840
msg.msg_iov = &iov;
1842
1841
iov.iov_len = size;
1843
1842
iov.iov_base = ubuf;
1844
-
msg.msg_name = (struct sockaddr *)&address;
1845
-
msg.msg_namelen = sizeof(address);
1843
+
/* Save some cycles and don't copy the address if not needed */
1844
+
msg.msg_name = addr ? (struct sockaddr *)&address : NULL;
1845
+
/* We assume all kernel code knows the size of sockaddr_storage */
1846
+
msg.msg_namelen = 0;
1846
1847
if (sock->file->f_flags & O_NONBLOCK)
1847
1848
flags |= MSG_DONTWAIT;
1848
1849
err = sock_recvmsg(sock, &msg, size, flags);
···
2224
2221
goto out;
2225
2222
}
2226
2223
2227
-
/*
2228
-
* Save the user-mode address (verify_iovec will change the
2229
-
* kernel msghdr to use the kernel address space)
2224
+
/* Save the user-mode address (verify_iovec will change the
2225
+
* kernel msghdr to use the kernel address space)
2230
2226
*/
2231
-
2232
2227
uaddr = (__force void __user *)msg_sys->msg_name;
2233
2228
uaddr_len = COMPAT_NAMELEN(msg);
2234
-
if (MSG_CMSG_COMPAT & flags) {
2229
+
if (MSG_CMSG_COMPAT & flags)
2235
2230
err = verify_compat_iovec(msg_sys, iov, &addr, VERIFY_WRITE);
2236
-
} else
2231
+
else
2237
2232
err = verify_iovec(msg_sys, iov, &addr, VERIFY_WRITE);
2238
2233
if (err < 0)
2239
2234
goto out_freeiov;
···
2239
2238
2240
2239
cmsg_ptr = (unsigned long)msg_sys->msg_control;
2241
2240
msg_sys->msg_flags = flags & (MSG_CMSG_CLOEXEC|MSG_CMSG_COMPAT);
2241
+
2242
+
/* We assume all kernel code knows the size of sockaddr_storage */
2243
+
msg_sys->msg_namelen = 0;
2242
2244
2243
2245
if (sock->file->f_flags & O_NONBLOCK)
2244
2246
flags |= MSG_DONTWAIT;
-6
net/tipc/socket.c
-6
net/tipc/socket.c
···
980
980
goto exit;
981
981
}
982
982
983
-
/* will be updated in set_orig_addr() if needed */
984
-
m->msg_namelen = 0;
985
-
986
983
timeout = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
987
984
restart:
988
985
···
1087
1090
res = -ENOTCONN;
1088
1091
goto exit;
1089
1092
}
1090
-
1091
-
/* will be updated in set_orig_addr() if needed */
1092
-
m->msg_namelen = 0;
1093
1093
1094
1094
target = sock_rcvlowat(sk, flags & MSG_WAITALL, buf_len);
1095
1095
timeout = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
-5
net/unix/af_unix.c
-5
net/unix/af_unix.c
···
1754
1754
{
1755
1755
struct unix_sock *u = unix_sk(sk);
1756
1756
1757
-
msg->msg_namelen = 0;
1758
1757
if (u->addr) {
1759
1758
msg->msg_namelen = u->addr->len;
1760
1759
memcpy(msg->msg_name, u->addr->name, u->addr->len);
···
1776
1777
err = -EOPNOTSUPP;
1777
1778
if (flags&MSG_OOB)
1778
1779
goto out;
1779
-
1780
-
msg->msg_namelen = 0;
1781
1780
1782
1781
err = mutex_lock_interruptible(&u->readlock);
1783
1782
if (err) {
···
1920
1923
1921
1924
target = sock_rcvlowat(sk, flags&MSG_WAITALL, size);
1922
1925
timeo = sock_rcvtimeo(sk, flags&MSG_DONTWAIT);
1923
-
1924
-
msg->msg_namelen = 0;
1925
1926
1926
1927
/* Lock the socket to prevent queue disordering
1927
1928
* while sleeps in memcpy_tomsg
-2
net/vmw_vsock/af_vsock.c
-2
net/vmw_vsock/af_vsock.c
-2
net/vmw_vsock/vmci_transport.c
-2
net/vmw_vsock/vmci_transport.c
-1
net/wimax/stack.c
-1
net/wimax/stack.c
+1
-2
net/x25/af_x25.c
+1
-2
net/x25/af_x25.c