From 38f7ac3eb7206ffd1201c14baba832d7e363de0a Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Tue, 14 Oct 2008 11:56:59 -0700 Subject: netfilter: restore lost #ifdef guarding defrag exception Nir Tzachar reported a warning when sending fragments over loopback with NAT: [ 6658.338121] WARNING: at net/ipv4/netfilter/nf_nat_standalone.c:89 nf_nat_fn+0x33/0x155() The reason is that defragmentation is skipped for already tracked connections. This is wrong in combination with NAT and ip_conntrack actually had some ifdefs to avoid this behaviour when NAT is compiled in. The entire "optimization" may seem a bit silly, for now simply restoring the lost #ifdef is the easiest solution until we can come up with something better. Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller diff --git a/net/ipv4/netfilter/nf_defrag_ipv4.c b/net/ipv4/netfilter/nf_defrag_ipv4.c index aa2c50a..fa2d6b6 100644 --- a/net/ipv4/netfilter/nf_defrag_ipv4.c +++ b/net/ipv4/netfilter/nf_defrag_ipv4.c @@ -41,12 +41,13 @@ static unsigned int ipv4_conntrack_defrag(unsigned int hooknum, int (*okfn)(struct sk_buff *)) { #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) +#if !defined(CONFIG_NF_NAT) && !defined(CONFIG_NF_NAT_MODULE) /* Previously seen (loopback)? Ignore. Do this before fragment check. */ if (skb->nfct) return NF_ACCEPT; #endif - +#endif /* Gather fragments. */ if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) { if (nf_ct_ipv4_gather_frags(skb, -- cgit v0.10.2 From 129404a1f117c35c6224e020444fc27eb4479817 Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Tue, 14 Oct 2008 11:57:33 -0700 Subject: netfilter: fix ebtables dependencies Ingo Molnar reported a build error with ebtables: ERROR: "ebt_register_table" [net/bridge/netfilter/ebtable_filter.ko] undefined! ERROR: "ebt_do_table" [net/bridge/netfilter/ebtable_filter.ko] undefined! ERROR: "ebt_unregister_table" [net/bridge/netfilter/ebtable_filter.ko] undefined! ERROR: "ebt_register_table" [net/bridge/netfilter/ebtable_broute.ko] undefined! ERROR: "ebt_do_table" [net/bridge/netfilter/ebtable_broute.ko] undefined! ERROR: "ebt_unregister_table" [net/bridge/netfilter/ebtable_broute.ko] undefined! make[1]: *** [__modpost] Error 1 make: *** [modules] Error 2 This reason is a missing dependencies that got lost during Kconfig cleanups. Restore it. Tested-by: Ingo Molnar Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller diff --git a/net/bridge/netfilter/Kconfig b/net/bridge/netfilter/Kconfig index 366d3e9..ba6f73e 100644 --- a/net/bridge/netfilter/Kconfig +++ b/net/bridge/netfilter/Kconfig @@ -4,6 +4,7 @@ menuconfig BRIDGE_NF_EBTABLES tristate "Ethernet Bridge tables (ebtables) support" + depends on BRIDGE && BRIDGE_NETFILTER select NETFILTER_XTABLES help ebtables is a general, extensible frame/packet identification -- cgit v0.10.2 From e6a7d3c04f8fe49099521e6dc9a46b0272381f2f Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Tue, 14 Oct 2008 11:58:31 -0700 Subject: netfilter: ctnetlink: remove bogus module dependency between ctnetlink and nf_nat This patch removes the module dependency between ctnetlink and nf_nat by means of an indirect call that is initialized when nf_nat is loaded. Now, nf_conntrack_netlink only requires nf_conntrack and nfnetlink. This patch puts nfnetlink_parse_nat_setup_hook into the nf_conntrack_core to avoid dependencies between ctnetlink, nf_conntrack_ipv4 and nf_conntrack_ipv6. This patch also introduces the function ctnetlink_change_nat that is only invoked from the creation path. Actually, the nat handling cannot be invoked from the update path since this is not allowed. By introducing this function, we remove the useless nat handling in the update path and we avoid deadlock-prone code. This patch also adds the required EAGAIN logic for nfnetlink. Signed-off-by: Pablo Neira Ayuso Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller diff --git a/include/linux/netfilter/nfnetlink.h b/include/linux/netfilter/nfnetlink.h index 0d8424f..7d8e045 100644 --- a/include/linux/netfilter/nfnetlink.h +++ b/include/linux/netfilter/nfnetlink.h @@ -78,6 +78,9 @@ extern int nfnetlink_send(struct sk_buff *skb, u32 pid, unsigned group, int echo); extern int nfnetlink_unicast(struct sk_buff *skb, u_int32_t pid, int flags); +extern void nfnl_lock(void); +extern void nfnl_unlock(void); + #define MODULE_ALIAS_NFNL_SUBSYS(subsys) \ MODULE_ALIAS("nfnetlink-subsys-" __stringify(subsys)) diff --git a/include/net/netfilter/nf_nat_core.h b/include/net/netfilter/nf_nat_core.h index f29eeb9..5868406 100644 --- a/include/net/netfilter/nf_nat_core.h +++ b/include/net/netfilter/nf_nat_core.h @@ -25,4 +25,12 @@ static inline int nf_nat_initialized(struct nf_conn *ct, else return test_bit(IPS_DST_NAT_DONE_BIT, &ct->status); } + +struct nlattr; + +extern int +(*nfnetlink_parse_nat_setup_hook)(struct nf_conn *ct, + enum nf_nat_manip_type manip, + struct nlattr *attr); + #endif /* _NF_NAT_CORE_H */ diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c index 2ac9eaf..a65cf69 100644 --- a/net/ipv4/netfilter/nf_nat_core.c +++ b/net/ipv4/netfilter/nf_nat_core.c @@ -584,6 +584,98 @@ static struct nf_ct_ext_type nat_extend __read_mostly = { .flags = NF_CT_EXT_F_PREALLOC, }; +#if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE) + +#include +#include + +static const struct nla_policy protonat_nla_policy[CTA_PROTONAT_MAX+1] = { + [CTA_PROTONAT_PORT_MIN] = { .type = NLA_U16 }, + [CTA_PROTONAT_PORT_MAX] = { .type = NLA_U16 }, +}; + +static int nfnetlink_parse_nat_proto(struct nlattr *attr, + const struct nf_conn *ct, + struct nf_nat_range *range) +{ + struct nlattr *tb[CTA_PROTONAT_MAX+1]; + const struct nf_nat_protocol *npt; + int err; + + err = nla_parse_nested(tb, CTA_PROTONAT_MAX, attr, protonat_nla_policy); + if (err < 0) + return err; + + npt = nf_nat_proto_find_get(nf_ct_protonum(ct)); + if (npt->nlattr_to_range) + err = npt->nlattr_to_range(tb, range); + nf_nat_proto_put(npt); + return err; +} + +static const struct nla_policy nat_nla_policy[CTA_NAT_MAX+1] = { + [CTA_NAT_MINIP] = { .type = NLA_U32 }, + [CTA_NAT_MAXIP] = { .type = NLA_U32 }, +}; + +static int +nfnetlink_parse_nat(struct nlattr *nat, + const struct nf_conn *ct, struct nf_nat_range *range) +{ + struct nlattr *tb[CTA_NAT_MAX+1]; + int err; + + memset(range, 0, sizeof(*range)); + + err = nla_parse_nested(tb, CTA_NAT_MAX, nat, nat_nla_policy); + if (err < 0) + return err; + + if (tb[CTA_NAT_MINIP]) + range->min_ip = nla_get_be32(tb[CTA_NAT_MINIP]); + + if (!tb[CTA_NAT_MAXIP]) + range->max_ip = range->min_ip; + else + range->max_ip = nla_get_be32(tb[CTA_NAT_MAXIP]); + + if (range->min_ip) + range->flags |= IP_NAT_RANGE_MAP_IPS; + + if (!tb[CTA_NAT_PROTO]) + return 0; + + err = nfnetlink_parse_nat_proto(tb[CTA_NAT_PROTO], ct, range); + if (err < 0) + return err; + + return 0; +} + +static int +nfnetlink_parse_nat_setup(struct nf_conn *ct, + enum nf_nat_manip_type manip, + struct nlattr *attr) +{ + struct nf_nat_range range; + + if (nfnetlink_parse_nat(attr, ct, &range) < 0) + return -EINVAL; + if (nf_nat_initialized(ct, manip)) + return -EEXIST; + + return nf_nat_setup_info(ct, &range, manip); +} +#else +static int +nfnetlink_parse_nat_setup(struct nf_conn *ct, + enum nf_nat_manip_type manip, + struct nlattr *attr) +{ + return -EOPNOTSUPP; +} +#endif + static int __net_init nf_nat_net_init(struct net *net) { net->ipv4.nat_bysource = nf_ct_alloc_hashtable(&nf_nat_htable_size, @@ -654,6 +746,9 @@ static int __init nf_nat_init(void) BUG_ON(nf_nat_seq_adjust_hook != NULL); rcu_assign_pointer(nf_nat_seq_adjust_hook, nf_nat_seq_adjust); + BUG_ON(nfnetlink_parse_nat_setup_hook != NULL); + rcu_assign_pointer(nfnetlink_parse_nat_setup_hook, + nfnetlink_parse_nat_setup); return 0; cleanup_extend: @@ -667,10 +762,12 @@ static void __exit nf_nat_cleanup(void) nf_ct_l3proto_put(l3proto); nf_ct_extend_unregister(&nat_extend); rcu_assign_pointer(nf_nat_seq_adjust_hook, NULL); + rcu_assign_pointer(nfnetlink_parse_nat_setup_hook, NULL); synchronize_net(); } MODULE_LICENSE("GPL"); +MODULE_ALIAS("nf-nat-ipv4"); module_init(nf_nat_init); module_exit(nf_nat_cleanup); diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c index 27de3c7..622d7c6 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c @@ -38,9 +38,16 @@ #include #include #include +#include #define NF_CONNTRACK_VERSION "0.5.0" +unsigned int +(*nfnetlink_parse_nat_setup_hook)(struct nf_conn *ct, + enum nf_nat_manip_type manip, + struct nlattr *attr) __read_mostly; +EXPORT_SYMBOL_GPL(nfnetlink_parse_nat_setup_hook); + DEFINE_SPINLOCK(nf_conntrack_lock); EXPORT_SYMBOL_GPL(nf_conntrack_lock); diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index cadfd15..08e82d6 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -689,71 +689,6 @@ ctnetlink_parse_tuple(struct nlattr *cda[], struct nf_conntrack_tuple *tuple, return 0; } -#ifdef CONFIG_NF_NAT_NEEDED -static const struct nla_policy protonat_nla_policy[CTA_PROTONAT_MAX+1] = { - [CTA_PROTONAT_PORT_MIN] = { .type = NLA_U16 }, - [CTA_PROTONAT_PORT_MAX] = { .type = NLA_U16 }, -}; - -static int nfnetlink_parse_nat_proto(struct nlattr *attr, - const struct nf_conn *ct, - struct nf_nat_range *range) -{ - struct nlattr *tb[CTA_PROTONAT_MAX+1]; - const struct nf_nat_protocol *npt; - int err; - - err = nla_parse_nested(tb, CTA_PROTONAT_MAX, attr, protonat_nla_policy); - if (err < 0) - return err; - - npt = nf_nat_proto_find_get(nf_ct_protonum(ct)); - if (npt->nlattr_to_range) - err = npt->nlattr_to_range(tb, range); - nf_nat_proto_put(npt); - return err; -} - -static const struct nla_policy nat_nla_policy[CTA_NAT_MAX+1] = { - [CTA_NAT_MINIP] = { .type = NLA_U32 }, - [CTA_NAT_MAXIP] = { .type = NLA_U32 }, -}; - -static inline int -nfnetlink_parse_nat(struct nlattr *nat, - const struct nf_conn *ct, struct nf_nat_range *range) -{ - struct nlattr *tb[CTA_NAT_MAX+1]; - int err; - - memset(range, 0, sizeof(*range)); - - err = nla_parse_nested(tb, CTA_NAT_MAX, nat, nat_nla_policy); - if (err < 0) - return err; - - if (tb[CTA_NAT_MINIP]) - range->min_ip = nla_get_be32(tb[CTA_NAT_MINIP]); - - if (!tb[CTA_NAT_MAXIP]) - range->max_ip = range->min_ip; - else - range->max_ip = nla_get_be32(tb[CTA_NAT_MAXIP]); - - if (range->min_ip) - range->flags |= IP_NAT_RANGE_MAP_IPS; - - if (!tb[CTA_NAT_PROTO]) - return 0; - - err = nfnetlink_parse_nat_proto(tb[CTA_NAT_PROTO], ct, range); - if (err < 0) - return err; - - return 0; -} -#endif - static inline int ctnetlink_parse_help(struct nlattr *attr, char **helper_name) { @@ -879,6 +814,34 @@ out: } static int +ctnetlink_parse_nat_setup(struct nf_conn *ct, + enum nf_nat_manip_type manip, + struct nlattr *attr) +{ + typeof(nfnetlink_parse_nat_setup_hook) parse_nat_setup; + + parse_nat_setup = rcu_dereference(nfnetlink_parse_nat_setup_hook); + if (!parse_nat_setup) { +#ifdef CONFIG_KMOD + rcu_read_unlock(); + nfnl_unlock(); + if (request_module("nf-nat-ipv4") < 0) { + nfnl_lock(); + rcu_read_lock(); + return -EOPNOTSUPP; + } + nfnl_lock(); + rcu_read_lock(); + if (nfnetlink_parse_nat_setup_hook) + return -EAGAIN; +#endif + return -EOPNOTSUPP; + } + + return parse_nat_setup(ct, manip, attr); +} + +static int ctnetlink_change_status(struct nf_conn *ct, struct nlattr *cda[]) { unsigned long d; @@ -897,31 +860,6 @@ ctnetlink_change_status(struct nf_conn *ct, struct nlattr *cda[]) /* ASSURED bit can only be set */ return -EBUSY; - if (cda[CTA_NAT_SRC] || cda[CTA_NAT_DST]) { -#ifndef CONFIG_NF_NAT_NEEDED - return -EOPNOTSUPP; -#else - struct nf_nat_range range; - - if (cda[CTA_NAT_DST]) { - if (nfnetlink_parse_nat(cda[CTA_NAT_DST], ct, - &range) < 0) - return -EINVAL; - if (nf_nat_initialized(ct, IP_NAT_MANIP_DST)) - return -EEXIST; - nf_nat_setup_info(ct, &range, IP_NAT_MANIP_DST); - } - if (cda[CTA_NAT_SRC]) { - if (nfnetlink_parse_nat(cda[CTA_NAT_SRC], ct, - &range) < 0) - return -EINVAL; - if (nf_nat_initialized(ct, IP_NAT_MANIP_SRC)) - return -EEXIST; - nf_nat_setup_info(ct, &range, IP_NAT_MANIP_SRC); - } -#endif - } - /* Be careful here, modifying NAT bits can screw up things, * so don't let users modify them directly if they don't pass * nf_nat_range. */ @@ -929,6 +867,31 @@ ctnetlink_change_status(struct nf_conn *ct, struct nlattr *cda[]) return 0; } +static int +ctnetlink_change_nat(struct nf_conn *ct, struct nlattr *cda[]) +{ +#ifdef CONFIG_NF_NAT_NEEDED + int ret; + + if (cda[CTA_NAT_DST]) { + ret = ctnetlink_parse_nat_setup(ct, + IP_NAT_MANIP_DST, + cda[CTA_NAT_DST]); + if (ret < 0) + return ret; + } + if (cda[CTA_NAT_SRC]) { + ret = ctnetlink_parse_nat_setup(ct, + IP_NAT_MANIP_SRC, + cda[CTA_NAT_SRC]); + if (ret < 0) + return ret; + } + return 0; +#else + return -EOPNOTSUPP; +#endif +} static inline int ctnetlink_change_helper(struct nf_conn *ct, struct nlattr *cda[]) @@ -1157,6 +1120,14 @@ ctnetlink_create_conntrack(struct nlattr *cda[], } } + if (cda[CTA_NAT_SRC] || cda[CTA_NAT_DST]) { + err = ctnetlink_change_nat(ct, cda); + if (err < 0) { + rcu_read_unlock(); + goto err; + } + } + if (cda[CTA_PROTOINFO]) { err = ctnetlink_change_protoinfo(ct, cda); if (err < 0) { diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c index b75c9c4..4739f9f 100644 --- a/net/netfilter/nfnetlink.c +++ b/net/netfilter/nfnetlink.c @@ -44,15 +44,17 @@ static struct sock *nfnl = NULL; static const struct nfnetlink_subsystem *subsys_table[NFNL_SUBSYS_COUNT]; static DEFINE_MUTEX(nfnl_mutex); -static inline void nfnl_lock(void) +void nfnl_lock(void) { mutex_lock(&nfnl_mutex); } +EXPORT_SYMBOL_GPL(nfnl_lock); -static inline void nfnl_unlock(void) +void nfnl_unlock(void) { mutex_unlock(&nfnl_mutex); } +EXPORT_SYMBOL_GPL(nfnl_unlock); int nfnetlink_subsys_register(const struct nfnetlink_subsystem *n) { @@ -132,6 +134,7 @@ static int nfnetlink_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh) return 0; type = nlh->nlmsg_type; +replay: ss = nfnetlink_get_subsys(type); if (!ss) { #ifdef CONFIG_KMOD @@ -165,7 +168,10 @@ static int nfnetlink_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh) } else return -EINVAL; - return nc->call(nfnl, skb, nlh, cda); + err = nc->call(nfnl, skb, nlh, cda); + if (err == -EAGAIN) + goto replay; + return err; } } -- cgit v0.10.2 From 3497b2f274b62292df67b6321d8947e24fce94a9 Mon Sep 17 00:00:00 2001 From: Randy Macleod Date: Tue, 14 Oct 2008 13:49:38 -0700 Subject: Phonet: Simple doc fix. From: "Randy Macleod" Signed-off-by: David S. Miller diff --git a/Documentation/networking/phonet.txt b/Documentation/networking/phonet.txt index 0e6e592..6a07e45 100644 --- a/Documentation/networking/phonet.txt +++ b/Documentation/networking/phonet.txt @@ -146,8 +146,8 @@ WARNING: When polling a connected pipe socket for writability, there is an intrinsic race condition whereby writability might be lost between the polling and the writing system calls. In this case, the socket will -block until write because possible again, unless non-blocking mode -becomes enabled. +block until write becomes possible again, unless non-blocking mode +is enabled. The pipe protocol provides two socket options at the SOL_PNPIPE level: -- cgit v0.10.2 From 746db510395e32ff57b9f8582e520df6b3fac618 Mon Sep 17 00:00:00 2001 From: "John W. Linville" Date: Fri, 10 Oct 2008 14:16:46 -0400 Subject: rtl8187: add device ID 0bda:8198 Reported by zOOmER.gm@gmail.com to work here: http://bugzilla.kernel.org/show_bug.cgi?id=11728 Signed-off-by: John W. Linville diff --git a/drivers/net/wireless/rtl8187_dev.c b/drivers/net/wireless/rtl8187_dev.c index e990261..7823277 100644 --- a/drivers/net/wireless/rtl8187_dev.c +++ b/drivers/net/wireless/rtl8187_dev.c @@ -37,6 +37,7 @@ static struct usb_device_id rtl8187_table[] __devinitdata = { {USB_DEVICE(0x0bda, 0x8187), .driver_info = DEVICE_RTL8187}, {USB_DEVICE(0x0bda, 0x8189), .driver_info = DEVICE_RTL8187B}, {USB_DEVICE(0x0bda, 0x8197), .driver_info = DEVICE_RTL8187B}, + {USB_DEVICE(0x0bda, 0x8198), .driver_info = DEVICE_RTL8187B}, /* Netgear */ {USB_DEVICE(0x0846, 0x6100), .driver_info = DEVICE_RTL8187}, {USB_DEVICE(0x0846, 0x6a00), .driver_info = DEVICE_RTL8187}, -- cgit v0.10.2 From 45527c2c4f698f8927239cfdec9f515cafed5f10 Mon Sep 17 00:00:00 2001 From: Rami Rosen Date: Tue, 7 Oct 2008 09:50:01 +0200 Subject: iwlwifi: fix compilation warning when CONFIG_IWLWIFI_DEBUG is not set. When CONFIG_IWLWIFI_DEBUG is not set and CONFIG_IWLWIFI is set, we get this compilation warning: /wireless-next-2.6/drivers/net/wireless/iwlwifi/iwl-agn-rs.c: In function 'rs_free_sta': /wireless-next-2.6/drivers/net/wireless/iwlwifi/iwl-agn-rs.c:2425: warning: unused variable 'priv' This patch fixes it by adding __maybe_unused attribute. Signed-off-by: Rami Rosen Signed-off-by: John W. Linville diff --git a/drivers/net/wireless/iwlwifi/iwl-agn-rs.c b/drivers/net/wireless/iwlwifi/iwl-agn-rs.c index 93944de..e2a58e4 100644 --- a/drivers/net/wireless/iwlwifi/iwl-agn-rs.c +++ b/drivers/net/wireless/iwlwifi/iwl-agn-rs.c @@ -2422,7 +2422,7 @@ static void rs_free_sta(void *priv_r, struct ieee80211_sta *sta, void *priv_sta) { struct iwl_lq_sta *lq_sta = priv_sta; - struct iwl_priv *priv = priv_r; + struct iwl_priv *priv __maybe_unused = priv_r; IWL_DEBUG_RATE("enter\n"); kfree(lq_sta); -- cgit v0.10.2 From 63044e9f54b6bac50d2380bf4d14f63e9e7de72b Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Tue, 7 Oct 2008 12:04:29 +0200 Subject: mac80211: fix debugfs lockup When debugfs_create_dir fails, sta_info_debugfs_add_work will not terminate because it will find the same station again and again. This is possible whenever debugfs fails for whatever reason; one reason is a race condition in mac80211, unfortunately we cannot do much about it, so just document it, it just means some station may be missing from debugfs. Signed-off-by: Johannes Berg Cc: Robin Holt Signed-off-by: John W. Linville diff --git a/net/mac80211/debugfs_sta.c b/net/mac80211/debugfs_sta.c index b9902e4..189d0ba 100644 --- a/net/mac80211/debugfs_sta.c +++ b/net/mac80211/debugfs_sta.c @@ -249,11 +249,22 @@ void ieee80211_sta_debugfs_add(struct sta_info *sta) DECLARE_MAC_BUF(mbuf); u8 *mac; + sta->debugfs.add_has_run = true; + if (!stations_dir) return; mac = print_mac(mbuf, sta->sta.addr); + /* + * This might fail due to a race condition: + * When mac80211 unlinks a station, the debugfs entries + * remain, but it is already possible to link a new + * station with the same address which triggers adding + * it to debugfs; therefore, if the old station isn't + * destroyed quickly enough the old station's debugfs + * dir might still be around. + */ sta->debugfs.dir = debugfs_create_dir(mac, stations_dir); if (!sta->debugfs.dir) return; diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c index 9b72d15..7fef8ea 100644 --- a/net/mac80211/sta_info.c +++ b/net/mac80211/sta_info.c @@ -635,7 +635,12 @@ static void sta_info_debugfs_add_work(struct work_struct *work) spin_lock_irqsave(&local->sta_lock, flags); list_for_each_entry(tmp, &local->sta_list, list) { - if (!tmp->debugfs.dir) { + /* + * debugfs.add_has_run will be set by + * ieee80211_sta_debugfs_add regardless + * of what else it does. + */ + if (!tmp->debugfs.add_has_run) { sta = tmp; __sta_info_pin(sta); break; diff --git a/net/mac80211/sta_info.h b/net/mac80211/sta_info.h index a6b5186..168a39a 100644 --- a/net/mac80211/sta_info.h +++ b/net/mac80211/sta_info.h @@ -300,6 +300,7 @@ struct sta_info { struct dentry *inactive_ms; struct dentry *last_seq_ctrl; struct dentry *agg_status; + bool add_has_run; } debugfs; #endif -- cgit v0.10.2 From 3eadd751eb8cb8090a65b4fa72c6360fd1aa5f06 Mon Sep 17 00:00:00 2001 From: Larry Finger Date: Tue, 7 Oct 2008 08:27:45 -0700 Subject: p54: Fix compilation problem on PPC The commit entitled "p54: Fix sparse warnings" introduced a compile error on PPC architecture. Thanks to Johannes Berg for reporting this problem. Signed-off-by: Signed-off-by: John W. Linville diff --git a/drivers/net/wireless/p54/p54common.c b/drivers/net/wireless/p54/p54common.c index 1994aa1..117c7d3 100644 --- a/drivers/net/wireless/p54/p54common.c +++ b/drivers/net/wireless/p54/p54common.c @@ -479,7 +479,6 @@ static int p54_parse_eeprom(struct ieee80211_hw *dev, void *eeprom, int len) printk(KERN_ERR "p54: eeprom parse failed!\n"); return err; } -EXPORT_SYMBOL_GPL(p54_parse_eeprom); static int p54_rssi_to_dbm(struct ieee80211_hw *dev, int rssi) { -- cgit v0.10.2 From 09914813da37f1ee9d77998a0701629cfbbd98f4 Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Tue, 7 Oct 2008 19:31:17 +0200 Subject: mac80211: fix HT information element parsing There's no checking that the HT IEs are of the right length which can be used by an attacker to cause an out-of-bounds access by sending a too short HT information/capability IE. Fix it by simply pretending those IEs didn't exist when too short. Signed-off-by: Johannes Berg Signed-off-by: John W. Linville diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h index 8025b29..156e42a 100644 --- a/net/mac80211/ieee80211_i.h +++ b/net/mac80211/ieee80211_i.h @@ -816,8 +816,8 @@ struct ieee802_11_elems { u8 *ext_supp_rates; u8 *wmm_info; u8 *wmm_param; - u8 *ht_cap_elem; - u8 *ht_info_elem; + struct ieee80211_ht_cap *ht_cap_elem; + struct ieee80211_ht_addt_info *ht_info_elem; u8 *mesh_config; u8 *mesh_id; u8 *peer_link; @@ -844,8 +844,6 @@ struct ieee802_11_elems { u8 ext_supp_rates_len; u8 wmm_info_len; u8 wmm_param_len; - u8 ht_cap_elem_len; - u8 ht_info_elem_len; u8 mesh_config_len; u8 mesh_id_len; u8 peer_link_len; diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c index 49f86fa..87665d7b 100644 --- a/net/mac80211/mlme.c +++ b/net/mac80211/mlme.c @@ -1348,10 +1348,8 @@ static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata, (ifsta->flags & IEEE80211_STA_WMM_ENABLED)) { struct ieee80211_ht_bss_info bss_info; ieee80211_ht_cap_ie_to_ht_info( - (struct ieee80211_ht_cap *) elems.ht_cap_elem, &sta->sta.ht_info); ieee80211_ht_addt_info_ie_to_ht_bss_info( - (struct ieee80211_ht_addt_info *) elems.ht_info_elem, &bss_info); ieee80211_handle_ht(local, 1, &sta->sta.ht_info, &bss_info); } @@ -1709,7 +1707,6 @@ static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata, struct ieee80211_ht_bss_info bss_info; ieee80211_ht_addt_info_ie_to_ht_bss_info( - (struct ieee80211_ht_addt_info *) elems.ht_info_elem, &bss_info); changed |= ieee80211_handle_ht(local, 1, &conf->ht_conf, &bss_info); diff --git a/net/mac80211/util.c b/net/mac80211/util.c index f32561e..cee4884 100644 --- a/net/mac80211/util.c +++ b/net/mac80211/util.c @@ -529,12 +529,12 @@ void ieee802_11_parse_elems(u8 *start, size_t len, elems->ext_supp_rates_len = elen; break; case WLAN_EID_HT_CAPABILITY: - elems->ht_cap_elem = pos; - elems->ht_cap_elem_len = elen; + if (elen >= sizeof(struct ieee80211_ht_cap)) + elems->ht_cap_elem = (void *)pos; break; case WLAN_EID_HT_EXTRA_INFO: - elems->ht_info_elem = pos; - elems->ht_info_elem_len = elen; + if (elen >= sizeof(struct ieee80211_ht_addt_info)) + elems->ht_info_elem = (void *)pos; break; case WLAN_EID_MESH_ID: elems->mesh_id = pos; -- cgit v0.10.2 From d5d7c584810b3be2b70c979af3283a1e48b6574d Mon Sep 17 00:00:00 2001 From: Tomas Winkler Date: Wed, 8 Oct 2008 09:37:28 +0800 Subject: iwlwifi: fix ct kill configuration for 5350 This patch fixes ct kill configuration for 5350. Temperature units that HW expects are in Celsius not in kelvins. Signed-off-by: Tomas Winkler Signed-off-by: Zhu Yi Signed-off-by: John W. Linville diff --git a/drivers/net/wireless/iwlwifi/iwl-5000.c b/drivers/net/wireless/iwlwifi/iwl-5000.c index f6003e7..5155b8a 100644 --- a/drivers/net/wireless/iwlwifi/iwl-5000.c +++ b/drivers/net/wireless/iwlwifi/iwl-5000.c @@ -833,12 +833,12 @@ static int iwl5000_hw_set_hw_params(struct iwl_priv *priv) switch (priv->hw_rev & CSR_HW_REV_TYPE_MSK) { case CSR_HW_REV_TYPE_5100: case CSR_HW_REV_TYPE_5300: - /* 5X00 wants in Celsius */ + case CSR_HW_REV_TYPE_5350: + /* 5X00 and 5350 wants in Celsius */ priv->hw_params.ct_kill_threshold = CT_KILL_THRESHOLD; break; case CSR_HW_REV_TYPE_5150: - case CSR_HW_REV_TYPE_5350: - /* 5X50 wants in Kelvin */ + /* 5150 wants in Kelvin */ priv->hw_params.ct_kill_threshold = CELSIUS_TO_KELVIN(CT_KILL_THRESHOLD); break; -- cgit v0.10.2 From c74e90a9e37c4a3923905189a6ebbd7ef61e6e67 Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Wed, 8 Oct 2008 10:18:36 +0200 Subject: mac80211: fix debugfs netdev rename If, for some reason, a netdev has no debugfs dir, we shouldn't try to rename that dir. Signed-off-by: Johannes Berg Cc: Robin Holt Signed-off-by: John W. Linville diff --git a/net/mac80211/debugfs_netdev.c b/net/mac80211/debugfs_netdev.c index 2a45156..2ad504f 100644 --- a/net/mac80211/debugfs_netdev.c +++ b/net/mac80211/debugfs_netdev.c @@ -545,8 +545,12 @@ static int netdev_notify(struct notifier_block *nb, sdata = IEEE80211_DEV_TO_SUB_IF(dev); - sprintf(buf, "netdev:%s", dev->name); dir = sdata->debugfsdir; + + if (!dir) + return 0; + + sprintf(buf, "netdev:%s", dev->name); if (!debugfs_rename(dir->d_parent, dir, dir->d_parent, buf)) printk(KERN_ERR "mac80211: debugfs: failed to rename debugfs " "dir to %s\n", buf); -- cgit v0.10.2 From 33c0360bf74d5fded34cb08d3512ada32ad661e4 Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Wed, 8 Oct 2008 10:23:48 +0200 Subject: cfg80211: fix debugfs error handling If something goes wrong creating the debugfs dir or when debugfs is not compiled in, the current code might lead to trouble; make it more robust. Signed-off-by: Johannes Berg Signed-off-by: John W. Linville diff --git a/net/wireless/core.c b/net/wireless/core.c index 24fdd4c..5031db7 100644 --- a/net/wireless/core.c +++ b/net/wireless/core.c @@ -184,7 +184,8 @@ int cfg80211_dev_rename(struct cfg80211_registered_device *rdev, if (result) goto out_unlock; - if (!debugfs_rename(rdev->wiphy.debugfsdir->d_parent, + if (rdev->wiphy.debugfsdir && + !debugfs_rename(rdev->wiphy.debugfsdir->d_parent, rdev->wiphy.debugfsdir, rdev->wiphy.debugfsdir->d_parent, newname)) @@ -317,6 +318,8 @@ int wiphy_register(struct wiphy *wiphy) drv->wiphy.debugfsdir = debugfs_create_dir(wiphy_name(&drv->wiphy), ieee80211_debugfs_dir); + if (IS_ERR(drv->wiphy.debugfsdir)) + drv->wiphy.debugfsdir = NULL; res = 0; out_unlock: -- cgit v0.10.2 From 552a71515eef5cba9af8bfe608149557059c4463 Mon Sep 17 00:00:00 2001 From: Andrey Borzenkov Date: Fri, 10 Oct 2008 20:22:38 +0400 Subject: orinoco: fix unsafe locking in orinoco_cs_resume [ 6972.562035] ================================= [ 6972.562040] [ INFO: inconsistent lock state ] [ 6972.562048] 2.6.27-1avb #17 [ 6972.562053] --------------------------------- [ 6972.562060] inconsistent {in-hardirq-W} -> {hardirq-on-W} usage. [ 6972.562068] pm-suspend/17062 [HC0[0]:SC0[0]:HE1:SE1] takes: [ 6972.562076] (&priv->lock){++..}, at: [] orinoco_cs_resume+0x5b/0xd0 [orinoco_cs] [ 6972.562122] {in-hardirq-W} state was registered at: [ 6972.562128] [] __lock_acquire+0x6cb/0x1640 [ 6972.562171] [] lock_acquire+0x5c/0x80 [ 6972.562181] [] _spin_lock_irqsave+0x49/0x80 [ 6972.562210] [] orinoco_interrupt+0x4d/0x16d0 [orinoco] [ 6972.562257] [] handle_IRQ_event+0x31/0x60 [ 6972.562278] [] handle_level_irq+0x6e/0xe0 [ 6972.562291] [] do_IRQ+0xb0/0x130 [ 6972.562313] [] 0xffffffff Signed-off-by: Andrey Borzenkov Signed-off-by: John W. Linville diff --git a/drivers/net/wireless/orinoco_cs.c b/drivers/net/wireless/orinoco_cs.c index 9eaa252..65fd054 100644 --- a/drivers/net/wireless/orinoco_cs.c +++ b/drivers/net/wireless/orinoco_cs.c @@ -403,6 +403,7 @@ static int orinoco_cs_resume(struct pcmcia_device *link) struct orinoco_private *priv = netdev_priv(dev); struct orinoco_pccard *card = priv->card; int err = 0; + unsigned long flags; if (! test_bit(0, &card->hard_reset_in_progress)) { err = orinoco_reinit_firmware(dev); @@ -412,7 +413,7 @@ static int orinoco_cs_resume(struct pcmcia_device *link) return -EIO; } - spin_lock(&priv->lock); + spin_lock_irqsave(&priv->lock, flags); netif_device_attach(dev); priv->hw_unavailable--; @@ -424,7 +425,7 @@ static int orinoco_cs_resume(struct pcmcia_device *link) dev->name, err); } - spin_unlock(&priv->lock); + spin_unlock_irqrestore(&priv->lock, flags); } return err; -- cgit v0.10.2 From c25bab54fe30d26a2cddf7058d77da72be630b23 Mon Sep 17 00:00:00 2001 From: David Kilroy Date: Fri, 10 Oct 2008 22:58:32 +0100 Subject: orinoco: fix unsafe locking in spectrum_cs_suspend A similar problem was highlighted in the orinoco_cs driver by lockdep. This patch fixes the spectrum_cs driver. Signed-off-by: David Kilroy Signed-off-by: John W. Linville diff --git a/drivers/net/wireless/spectrum_cs.c b/drivers/net/wireless/spectrum_cs.c index 67b26d3..f5513cd 100644 --- a/drivers/net/wireless/spectrum_cs.c +++ b/drivers/net/wireless/spectrum_cs.c @@ -450,10 +450,11 @@ spectrum_cs_suspend(struct pcmcia_device *link) { struct net_device *dev = link->priv; struct orinoco_private *priv = netdev_priv(dev); + unsigned long flags; int err = 0; /* Mark the device as stopped, to block IO until later */ - spin_lock(&priv->lock); + spin_lock_irqsave(&priv->lock, flags); err = __orinoco_down(dev); if (err) @@ -463,7 +464,7 @@ spectrum_cs_suspend(struct pcmcia_device *link) netif_device_detach(dev); priv->hw_unavailable++; - spin_unlock(&priv->lock); + spin_unlock_irqrestore(&priv->lock, flags); return err; } -- cgit v0.10.2 From d048e503a2b01e771ee87921c24d89d7ec3f0c2f Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sat, 11 Oct 2008 03:29:55 +0300 Subject: mac80211: Fix scan RX processing oops ieee80211_bss_info_update() can return NULL. Verify that this is not the case before calling ieee802111_rx_bss_put() which would trigger an oops in interrupt context in atomic_dec_and_lock(). Signed-off-by: Jouni Malinen Acked-by: Johannes Berg Acked-by: Benoit Papillault Signed-off-by: John W. Linville diff --git a/net/mac80211/scan.c b/net/mac80211/scan.c index 8e6685e..416bb41 100644 --- a/net/mac80211/scan.c +++ b/net/mac80211/scan.c @@ -388,7 +388,8 @@ ieee80211_scan_rx(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb, bss = ieee80211_bss_info_update(sdata->local, rx_status, mgmt, skb->len, &elems, freq, beacon); - ieee80211_rx_bss_put(sdata->local, bss); + if (bss) + ieee80211_rx_bss_put(sdata->local, bss); dev_kfree_skb(skb); return RX_QUEUED; -- cgit v0.10.2 From 96d46d5d792d96f80e9bd274ab6d433b8a3c22bc Mon Sep 17 00:00:00 2001 From: Manish Katiyar Date: Mon, 13 Oct 2008 16:22:42 +0530 Subject: libertas : Remove unused variable warning for "old_channel" from cmd.c Below patch removes the following warning during compilation. drivers/net/wireless/libertas/cmd.c:826: warning: unused variable 'old_channel' Signed-off-by : Manish Katiyar Acked-by: Dan Williams Signed-off-by: John W. Linville diff --git a/drivers/net/wireless/libertas/cmd.c b/drivers/net/wireless/libertas/cmd.c index a912fb6..297696d 100644 --- a/drivers/net/wireless/libertas/cmd.c +++ b/drivers/net/wireless/libertas/cmd.c @@ -823,7 +823,9 @@ int lbs_update_channel(struct lbs_private *priv) int lbs_set_channel(struct lbs_private *priv, u8 channel) { struct cmd_ds_802_11_rf_channel cmd; +#ifdef DEBUG u8 old_channel = priv->curbssparams.channel; +#endif int ret = 0; lbs_deb_enter(LBS_DEB_CMD); -- cgit v0.10.2 From 4233df6b748193d45f79fb7448991a473061a65d Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Mon, 13 Oct 2008 13:35:05 +0200 Subject: ath9k/mac80211: disallow fragmentation in ath9k, report to userspace As I've reported, ath9k currently fails utterly when fragmentation is enabled. This makes ath9k "support" hardware fragmentation by not supporting fragmentation at all to avoid the double-free issue. The patch also changes mac80211 to report errors from the driver operation to userspace. That hack in ath9k should be removed once the rate control algorithm it has is fixed, and we can at that time consider removing the hw fragmentation support entirely since it's not used by any driver. Signed-off-by: Johannes Berg Cc: stable@kernel.org Acked-by: Luis R. Rodriguez Signed-off-by: John W. Linville diff --git a/drivers/net/wireless/ath9k/main.c b/drivers/net/wireless/ath9k/main.c index 7472699..f05f584 100644 --- a/drivers/net/wireless/ath9k/main.c +++ b/drivers/net/wireless/ath9k/main.c @@ -1640,6 +1640,11 @@ static int ath9k_ampdu_action(struct ieee80211_hw *hw, return ret; } +static int ath9k_no_fragmentation(struct ieee80211_hw *hw, u32 value) +{ + return -EOPNOTSUPP; +} + static struct ieee80211_ops ath9k_ops = { .tx = ath9k_tx, .start = ath9k_start, @@ -1664,7 +1669,8 @@ static struct ieee80211_ops ath9k_ops = { .get_tsf = ath9k_get_tsf, .reset_tsf = ath9k_reset_tsf, .tx_last_beacon = NULL, - .ampdu_action = ath9k_ampdu_action + .ampdu_action = ath9k_ampdu_action, + .set_frag_threshold = ath9k_no_fragmentation, }; static int ath_pci_probe(struct pci_dev *pdev, const struct pci_device_id *id) diff --git a/net/mac80211/wext.c b/net/mac80211/wext.c index 7e0d53a..742f811 100644 --- a/net/mac80211/wext.c +++ b/net/mac80211/wext.c @@ -775,7 +775,7 @@ static int ieee80211_ioctl_siwfrag(struct net_device *dev, * configure it here */ if (local->ops->set_frag_threshold) - local->ops->set_frag_threshold( + return local->ops->set_frag_threshold( local_to_hw(local), local->fragmentation_threshold); -- cgit v0.10.2 From e1a65b5828edfddb29c6fb4eb556fa503295146b Mon Sep 17 00:00:00 2001 From: Randy Dunlap Date: Mon, 13 Oct 2008 09:15:01 -0700 Subject: mac80211: fixme for kernel-doc Fix kernel-doc warnings in mac80211.h. Fields need real explanations added to them. Warning(lin2627-g3-kdocfixes//include/net/mac80211.h:659): No description found for parameter 'icv_len' Warning(lin2627-g3-kdocfixes//include/net/mac80211.h:659): No description found for parameter 'iv_len' Signed-off-by: Randy Dunlap Signed-off-by: John W. Linville diff --git a/include/net/mac80211.h b/include/net/mac80211.h index 5617a16..d861197 100644 --- a/include/net/mac80211.h +++ b/include/net/mac80211.h @@ -645,7 +645,8 @@ enum ieee80211_key_flags { * - Temporal Encryption Key (128 bits) * - Temporal Authenticator Tx MIC Key (64 bits) * - Temporal Authenticator Rx MIC Key (64 bits) - * + * @icv_len: FIXME + * @iv_len: FIXME */ struct ieee80211_key_conf { enum ieee80211_key_alg alg; -- cgit v0.10.2 From ec366eba3b8d96fdb2e629c64fa2750be2723ba7 Mon Sep 17 00:00:00 2001 From: Christian Lamparter Date: Mon, 13 Oct 2008 23:41:53 +0200 Subject: p54usb: Device ID updates This patch updates p54usb's device list. It adds the ID for SMC 2862W-G v2 and marks the "Spinnaker Proto board" as a first generation device. Reported-by: Signed-off-by: Christian Lamparter Signed-off-by: John W. Linville diff --git a/drivers/net/wireless/p54/p54usb.c b/drivers/net/wireless/p54/p54usb.c index 1912f5e..75d749b 100644 --- a/drivers/net/wireless/p54/p54usb.c +++ b/drivers/net/wireless/p54/p54usb.c @@ -39,6 +39,7 @@ static struct usb_device_id p54u_table[] __devinitdata = { {USB_DEVICE(0x0846, 0x4200)}, /* Netgear WG121 */ {USB_DEVICE(0x0846, 0x4210)}, /* Netgear WG121 the second ? */ {USB_DEVICE(0x0846, 0x4220)}, /* Netgear WG111 */ + {USB_DEVICE(0x09aa, 0x1000)}, /* Spinnaker Proto board */ {USB_DEVICE(0x0cde, 0x0006)}, /* Medion 40900, Roper Europe */ {USB_DEVICE(0x124a, 0x4023)}, /* Shuttle PN15, Airvast WM168g, IOGear GWU513 */ {USB_DEVICE(0x1915, 0x2234)}, /* Linksys WUSB54G OEM */ @@ -63,8 +64,8 @@ static struct usb_device_id p54u_table[] __devinitdata = { {USB_DEVICE(0x0cde, 0x0006)}, /* Medion MD40900 */ {USB_DEVICE(0x0cde, 0x0008)}, /* Sagem XG703A */ {USB_DEVICE(0x0d8e, 0x3762)}, /* DLink DWL-G120 Cohiba */ - {USB_DEVICE(0x09aa, 0x1000)}, /* Spinnaker Proto board */ {USB_DEVICE(0x124a, 0x4025)}, /* IOGear GWU513 (GW3887IK chip) */ + {USB_DEVICE(0x1260, 0xee22)}, /* SMC 2862W-G version 2 */ {USB_DEVICE(0x13b1, 0x000a)}, /* Linksys WUSB54G ver 2 */ {USB_DEVICE(0x13B1, 0x000C)}, /* Linksys WUSB54AG */ {USB_DEVICE(0x1435, 0x0427)}, /* Inventel UR054G */ -- cgit v0.10.2 From eaca90dab6ab9853223029deffdd226f41b2028c Mon Sep 17 00:00:00 2001 From: Florent Fourcot Date: Mon, 13 Oct 2008 16:34:26 -0700 Subject: rtl8187: Add USB ID for Belkin F5D7050 with RTL8187B chip The Belkin F5D7050rev5000de (id 050d:705e) has the Realtek RTL8187B chip and works with the 2.6.27 driver. Signed-off-by: Larry Finger Signed-off-by: John W. Linville diff --git a/drivers/net/wireless/rtl8187_dev.c b/drivers/net/wireless/rtl8187_dev.c index 7823277..431e3c7 100644 --- a/drivers/net/wireless/rtl8187_dev.c +++ b/drivers/net/wireless/rtl8187_dev.c @@ -33,6 +33,8 @@ MODULE_LICENSE("GPL"); static struct usb_device_id rtl8187_table[] __devinitdata = { /* Asus */ {USB_DEVICE(0x0b05, 0x171d), .driver_info = DEVICE_RTL8187}, + /* Belkin */ + {USB_DEVICE(0x050d, 0x705e), .driver_info = DEVICE_RTL8187B}, /* Realtek */ {USB_DEVICE(0x0bda, 0x8187), .driver_info = DEVICE_RTL8187}, {USB_DEVICE(0x0bda, 0x8189), .driver_info = DEVICE_RTL8187B}, -- cgit v0.10.2 From 8713a7ccd88d93d9f8a72436088d6627c82490db Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Tue, 14 Oct 2008 23:57:43 +0200 Subject: rt2x00: fix regression introduced by "mac80211: free up 2 bytes in skb->cb" The hw_key pointer is used (and obviously NULL) after skb->cb is memset to 0. This patch grabs the iv_len before the memset call. Signed-off-by: Felix Fietkau Signed-off-by: Stephen Blackheath Acked-by: Johannes Berg Signed-off-by: John W. Linville diff --git a/drivers/net/wireless/rt2x00/rt2x00queue.c b/drivers/net/wireless/rt2x00/rt2x00queue.c index 1676ac4..451d410 100644 --- a/drivers/net/wireless/rt2x00/rt2x00queue.c +++ b/drivers/net/wireless/rt2x00/rt2x00queue.c @@ -374,7 +374,7 @@ int rt2x00queue_write_tx_frame(struct data_queue *queue, struct sk_buff *skb) struct queue_entry *entry = rt2x00queue_get_entry(queue, Q_INDEX); struct txentry_desc txdesc; struct skb_frame_desc *skbdesc; - unsigned int iv_len; + unsigned int iv_len = 0; if (unlikely(rt2x00queue_full(queue))) return -EINVAL; @@ -395,6 +395,9 @@ int rt2x00queue_write_tx_frame(struct data_queue *queue, struct sk_buff *skb) entry->skb = skb; rt2x00queue_create_tx_descriptor(entry, &txdesc); + if (IEEE80211_SKB_CB(skb)->control.hw_key != NULL) + iv_len = IEEE80211_SKB_CB(skb)->control.hw_key->iv_len; + /* * All information is retreived from the skb->cb array, * now we should claim ownership of the driver part of that @@ -410,9 +413,7 @@ int rt2x00queue_write_tx_frame(struct data_queue *queue, struct sk_buff *skb) * the frame so we can provide it to the driver seperately. */ if (test_bit(ENTRY_TXD_ENCRYPT, &txdesc.flags) && - !test_bit(ENTRY_TXD_ENCRYPT_IV, &txdesc.flags) && - (IEEE80211_SKB_CB(skb)->control.hw_key != NULL)) { - iv_len = IEEE80211_SKB_CB(skb)->control.hw_key->iv_len; + !test_bit(ENTRY_TXD_ENCRYPT_IV, &txdesc.flags)) { rt2x00crypto_tx_remove_iv(skb, iv_len); } -- cgit v0.10.2 From 4ef079ccc1d934c5f9966f2bfcd5dbbef8f7a0a7 Mon Sep 17 00:00:00 2001 From: Alexey Dobriyan Date: Tue, 14 Oct 2008 22:54:48 -0700 Subject: netns: fix net_generic array leak Signed-off-by: Alexey Dobriyan Signed-off-by: David S. Miller diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c index b0dc818..f1d07b5 100644 --- a/net/core/net_namespace.c +++ b/net/core/net_namespace.c @@ -96,7 +96,7 @@ static void net_free(struct net *net) return; } #endif - + kfree(net->gen); kmem_cache_free(net_cachep, net); } -- cgit v0.10.2 From eef9d90dcde7bb4d029b67ed36457efc4970d5a2 Mon Sep 17 00:00:00 2001 From: Alexey Dobriyan Date: Tue, 14 Oct 2008 22:55:21 -0700 Subject: netns: correct mib stats in ip6_route_me_harder() Signed-off-by: Alexey Dobriyan Signed-off-by: David S. Miller diff --git a/net/ipv6/netfilter.c b/net/ipv6/netfilter.c index 6b29b03..fd5b3a4 100644 --- a/net/ipv6/netfilter.c +++ b/net/ipv6/netfilter.c @@ -12,6 +12,7 @@ int ip6_route_me_harder(struct sk_buff *skb) { + struct net *net = dev_net(skb->dst->dev); struct ipv6hdr *iph = ipv6_hdr(skb); struct dst_entry *dst; struct flowi fl = { @@ -23,7 +24,7 @@ int ip6_route_me_harder(struct sk_buff *skb) .saddr = iph->saddr, } }, }; - dst = ip6_route_output(dev_net(skb->dst->dev), skb->sk, &fl); + dst = ip6_route_output(net, skb->sk, &fl); #ifdef CONFIG_XFRM if (!(IP6CB(skb)->flags & IP6SKB_XFRM_TRANSFORMED) && @@ -33,8 +34,7 @@ int ip6_route_me_harder(struct sk_buff *skb) #endif if (dst->error) { - IP6_INC_STATS(&init_net, ip6_dst_idev(dst), - IPSTATS_MIB_OUTNOROUTES); + IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTNOROUTES); LIMIT_NETDEBUG(KERN_DEBUG "ip6_route_me_harder: No more route.\n"); dst_release(dst); return -EINVAL; -- cgit v0.10.2 From deb28d9bc4bb6922c1f7e459744d7b2d0db3a1d2 Mon Sep 17 00:00:00 2001 From: Manish Katiyar Date: Wed, 15 Oct 2008 00:13:53 -0700 Subject: net/802/fc.c: Fix compilation warnings Signed-off-by: Manish Katiyar Signed-off-by: David S. Miller diff --git a/net/802/fc.c b/net/802/fc.c index cb3475e..34cf1ee 100644 --- a/net/802/fc.c +++ b/net/802/fc.c @@ -82,13 +82,13 @@ static int fc_header(struct sk_buff *skb, struct net_device *dev, static int fc_rebuild_header(struct sk_buff *skb) { +#ifdef CONFIG_INET struct fch_hdr *fch=(struct fch_hdr *)skb->data; struct fcllc *fcllc=(struct fcllc *)(skb->data+sizeof(struct fch_hdr)); if(fcllc->ethertype != htons(ETH_P_IP)) { printk("fc_rebuild_header: Don't know how to resolve type %04X addresses ?\n", ntohs(fcllc->ethertype)); return 0; } -#ifdef CONFIG_INET return arp_find(fch->daddr, skb); #else return 0; -- cgit v0.10.2 From 22441cfa0c70dcd457f3c081fcf285c3bd155824 Mon Sep 17 00:00:00 2001 From: Pedro Ribeiro Date: Wed, 15 Oct 2008 15:47:49 -0700 Subject: IPV6: Fix default gateway criteria wrt. HIGH/LOW preference radv option Problem observed: In IPv6, in the presence of multiple routers candidates to default gateway in one segment, each sending a different value of preference, the Linux hosts connected to the segment weren't selecting the right one in all the combinations possible of LOW/MEDIUM/HIGH preference. This patch changes two files: include/linux/icmpv6.h Get the "router_pref" bitfield in the right place (as RFC4191 says), named the bit left with this fix as "home_agent" (RFC3775 say that's his function) net/ipv6/ndisc.c Corrects the binary logic behind the updating of the router preference in the flags of the routing table Result: With this two fixes applied, the default route used by the system was to consistent with the rules mentioned in RFC4191 in case of changes in the value of preference in router advertisements Signed-off-by: Pedro Ribeiro Acked-by: YOSHIFUJI Hideaki Signed-off-by: David S. Miller diff --git a/include/linux/icmpv6.h b/include/linux/icmpv6.h index 0306744..a93a8dd 100644 --- a/include/linux/icmpv6.h +++ b/include/linux/icmpv6.h @@ -40,16 +40,18 @@ struct icmp6hdr { struct icmpv6_nd_ra { __u8 hop_limit; #if defined(__LITTLE_ENDIAN_BITFIELD) - __u8 reserved:4, + __u8 reserved:3, router_pref:2, + home_agent:1, other:1, managed:1; #elif defined(__BIG_ENDIAN_BITFIELD) __u8 managed:1, other:1, + home_agent:1, router_pref:2, - reserved:4; + reserved:3; #else #error "Please fix " #endif diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c index 840b157..aae7ddc 100644 --- a/net/ipv6/ndisc.c +++ b/net/ipv6/ndisc.c @@ -1199,7 +1199,7 @@ static void ndisc_router_discovery(struct sk_buff *skb) } neigh->flags |= NTF_ROUTER; } else if (rt) { - rt->rt6i_flags |= (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref); + rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref); } if (rt) -- cgit v0.10.2 From 8fa0b315fc0c1a414da1371f1fc39523a657c192 Mon Sep 17 00:00:00 2001 From: "David S. Miller" Date: Wed, 15 Oct 2008 15:59:50 -0700 Subject: decnet: Fix compiler warning in dn_dev.c Use offsetof() instead of home-brewed version. Based upon initial patch by Steven Whitehouse and suggestions by Ben Hutchings. Signed-off-by: David S. Miller diff --git a/net/decnet/dn_dev.c b/net/decnet/dn_dev.c index 2f0ac3c..ba35258 100644 --- a/net/decnet/dn_dev.c +++ b/net/decnet/dn_dev.c @@ -152,7 +152,7 @@ static struct dn_dev_parms dn_dev_list[] = { #define DN_DEV_LIST_SIZE ARRAY_SIZE(dn_dev_list) -#define DN_DEV_PARMS_OFFSET(x) ((int) ((char *) &((struct dn_dev_parms *)0)->x)) +#define DN_DEV_PARMS_OFFSET(x) offsetof(struct dn_dev_parms, x) #ifdef CONFIG_SYSCTL -- cgit v0.10.2