Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

Pull networking fixes from David Miller:

 1) Fix erroneous sock_orphan() leading to crashes and double
    kfree_skb() in NFC protocol.  From Thierry Escande and Samuel Ortiz.

 2) Fix use after free in remain-on-channel mac80211 code, from Johannes
    Berg.

 3) nf_reset() needs to reset the NF tracing cookie, otherwise we can
    leak it from one namespace into another.  Fix from Gao Feng and
    Patrick McHardy.

 4) Fix overflow in channel scanning array of mwifiex driver, from Stone
    Piao.

 5) Fix loss of link after suspend/shutdown in r8169, from Hayes Wang.

 6) Synchronization of unicast address lists to the undelying device
    doesn't work because whether to sync is maintained as a boolean
    rather than a true count.  Fix from Vlad Yasevich.

 7) Fix corruption of TSO packets in atl1e by limiting the segmented
    packet length.  From Hannes Frederic Sowa.

 8) Revert bogus AF_UNIX credential passing change and fix the
    coalescing issue properly, from Eric W Biederman.

 9) Changes of ipv4 address lifetime settings needs to generate a
    notification, from Jiri Pirko.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (22 commits)
  netfilter: don't reset nf_trace in nf_reset()
  net: ipv4: notify when address lifetime changes
  ixgbe: fix registration order of driver and DCA nofitication
  af_unix: If we don't care about credentials coallesce all messages
  Revert "af_unix: dont send SCM_CREDENTIAL when dest socket is NULL"
  bonding: remove sysfs before removing devices
  atl1e: limit gso segment size to prevent generation of wrong ip length fields
  net: count hw_addr syncs so that unsync works properly.
  r8169: fix auto speed down issue
  netfilter: ip6t_NPT: Fix translation for non-multiple of 32 prefix lengths
  mwifiex: limit channel number not to overflow memory
  NFC: microread: Fix build failure due to a new MEI bus API
  iwlwifi: dvm: fix the passive-no-RX workaround
  netfilter: nf_conntrack: fix error return code
  NFC: llcp: Keep the connected socket parent pointer alive
  mac80211: fix idle handling sequence
  netfilter: nfnetlink_acct: return -EINVAL if object name is empty
  netfilter: nfnetlink_queue: fix error return code in nfnetlink_queue_init()
  netfilter: reset nf_trace in nf_reset
  mac80211: fix remain-on-channel cancel crash
  ...

3 files changed, 6 insertions, 1 deletions

diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
index 6bcce401fd1..fedee394366 100644
--- a/net/netfilter/nf_conntrack_standalone.c
+++ b/net/netfilter/nf_conntrack_standalone.c
@@ -568,6 +568,7 @@ static int __init nf_conntrack_standalone_init(void)
 		register_net_sysctl(&init_net, "net", nf_ct_netfilter_table);
 	if (!nf_ct_netfilter_header) {
 		pr_err("nf_conntrack: can't register to sysctl.\n");
+		ret = -ENOMEM;
 		goto out_sysctl;
 	}
 #endif
diff --git a/net/netfilter/nfnetlink_acct.c b/net/netfilter/nfnetlink_acct.c
index 589d686f0b4..dc3fd5d4446 100644
--- a/net/netfilter/nfnetlink_acct.c
+++ b/net/netfilter/nfnetlink_acct.c
@@ -49,6 +49,8 @@ nfnl_acct_new(struct sock *nfnl, struct sk_buff *skb,
 		return -EINVAL;
 
 	acct_name = nla_data(tb[NFACCT_NAME]);
+	if (strlen(acct_name) == 0)
+		return -EINVAL;
 
 	list_for_each_entry(nfacct, &nfnl_acct_list, head) {
 		if (strncmp(nfacct->name, acct_name, NFACCT_NAME_MAX) != 0)
diff --git a/net/netfilter/nfnetlink_queue_core.c b/net/netfilter/nfnetlink_queue_core.c
index 1cb48540f86..42680b2baa1 100644
--- a/net/netfilter/nfnetlink_queue_core.c
+++ b/net/netfilter/nfnetlink_queue_core.c
@@ -1062,8 +1062,10 @@ static int __init nfnetlink_queue_init(void)
 
 #ifdef CONFIG_PROC_FS
 	if (!proc_create("nfnetlink_queue", 0440,
-			 proc_net_netfilter, &nfqnl_file_ops))
+			 proc_net_netfilter, &nfqnl_file_ops)) {
+		status = -ENOMEM;
 		goto cleanup_subsys;
+	}
 #endif
 
 	register_netdevice_notifier(&nfqnl_dev_notifier);