diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2018-01-24 20:24:30 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2018-01-24 20:24:30 -0500 |
| commit | 5b7d27967dabfb17c21b0d98b29153b9e3ee71e5 (patch) | |
| tree | 65e58639a0725422a2ac83bb400030ca3ec678e5 | |
| parent | f16549530924abd60554358283ed20e0203494f9 (diff) | |
| parent | 624ca9c33c8a853a4a589836e310d776620f4ab9 (diff) | |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networking fixes from David Miller:
1) Avoid negative netdev refcount in error flow of xfrm state add, from
Aviad Yehezkel.
2) Fix tcpdump decoding of IPSEC decap'd frames by filling in the
ethernet header protocol field in xfrm{4,6}_mode_tunnel_input().
From Yossi Kuperman.
3) Fix a syzbot triggered skb_under_panic in pppoe having to do with
failing to allocate an appropriate amount of headroom. From
Guillaume Nault.
4) Fix memory leak in vmxnet3 driver, from Neil Horman.
5) Cure out-of-bounds packet memory access in em_nbyte EMATCH module,
from Wolfgang Bumiller.
6) Restrict what kinds of sockets can be bound to the KCM multiplexer
and also disallow when another layer has attached to the socket and
made use of sk_user_data. From Tom Herbert.
7) Fix use before init of IOTLB in vhost code, from Jason Wang.
8) Correct STACR register write bit definition in IBM emac driver, from
Ivan Mikhaylov.
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net:
net/ibm/emac: wrong bit is used for STA control register write
net/ibm/emac: add 8192 rx/tx fifo size
vhost: do not try to access device IOTLB when not initialized
vhost: use mutex_lock_nested() in vhost_dev_lock_vqs()
i40e: flower: check if TC offload is enabled on a netdev
qed: Free reserved MR tid
qed: Remove reserveration of dpi for kernel
kcm: Check if sk_user_data already set in kcm_attach
kcm: Only allow TCP sockets to be attached to a KCM mux
net: sched: fix TCF_LAYER_LINK case in tcf_get_base_ptr
net: sched: em_nbyte: don't add the data offset twice
mlxsw: spectrum_router: Don't log an error on missing neighbor
vmxnet3: repair memory leak
ipv6: Fix getsockopt() for sockets with default IPV6_AUTOFLOWLABEL
pppoe: take ->needed_headroom of lower device into account on xmit
xfrm: fix boolean assignment in xfrm_get_type_offload
xfrm: Fix eth_hdr(skb)->h_proto to reflect inner IP version
xfrm: fix error flow in case of add state fails
xfrm: Add SA to hardware at the end of xfrm_state_construct()
| -rw-r--r-- | drivers/net/ethernet/ibm/emac/core.c | 6 | ||||
| -rw-r--r-- | drivers/net/ethernet/ibm/emac/emac.h | 4 | ||||
| -rw-r--r-- | drivers/net/ethernet/intel/i40e/i40e_main.c | 2 | ||||
| -rw-r--r-- | drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c | 10 | ||||
| -rw-r--r-- | drivers/net/ethernet/qlogic/qed/qed_rdma.c | 31 | ||||
| -rw-r--r-- | drivers/net/ppp/pppoe.c | 11 | ||||
| -rw-r--r-- | drivers/net/vmxnet3/vmxnet3_drv.c | 2 | ||||
| -rw-r--r-- | drivers/vhost/vhost.c | 6 | ||||
| -rw-r--r-- | include/net/ipv6.h | 1 | ||||
| -rw-r--r-- | include/net/pkt_cls.h | 2 | ||||
| -rw-r--r-- | net/ipv4/xfrm4_mode_tunnel.c | 1 | ||||
| -rw-r--r-- | net/ipv6/ip6_output.c | 2 | ||||
| -rw-r--r-- | net/ipv6/ipv6_sockglue.c | 2 | ||||
| -rw-r--r-- | net/ipv6/xfrm6_mode_tunnel.c | 1 | ||||
| -rw-r--r-- | net/kcm/kcmsock.c | 25 | ||||
| -rw-r--r-- | net/sched/em_nbyte.c | 2 | ||||
| -rw-r--r-- | net/xfrm/xfrm_device.c | 1 | ||||
| -rw-r--r-- | net/xfrm/xfrm_state.c | 12 | ||||
| -rw-r--r-- | net/xfrm/xfrm_user.c | 18 |
19 files changed, 90 insertions, 49 deletions
diff --git a/drivers/net/ethernet/ibm/emac/core.c b/drivers/net/ethernet/ibm/emac/core.c index 7feff2450ed6..241db3199b88 100644 --- a/drivers/net/ethernet/ibm/emac/core.c +++ b/drivers/net/ethernet/ibm/emac/core.c | |||
| @@ -494,6 +494,9 @@ static u32 __emac_calc_base_mr1(struct emac_instance *dev, int tx_size, int rx_s | |||
| 494 | case 16384: | 494 | case 16384: |
| 495 | ret |= EMAC_MR1_RFS_16K; | 495 | ret |= EMAC_MR1_RFS_16K; |
| 496 | break; | 496 | break; |
| 497 | case 8192: | ||
| 498 | ret |= EMAC4_MR1_RFS_8K; | ||
| 499 | break; | ||
| 497 | case 4096: | 500 | case 4096: |
| 498 | ret |= EMAC_MR1_RFS_4K; | 501 | ret |= EMAC_MR1_RFS_4K; |
| 499 | break; | 502 | break; |
| @@ -516,6 +519,9 @@ static u32 __emac4_calc_base_mr1(struct emac_instance *dev, int tx_size, int rx_ | |||
| 516 | case 16384: | 519 | case 16384: |
| 517 | ret |= EMAC4_MR1_TFS_16K; | 520 | ret |= EMAC4_MR1_TFS_16K; |
| 518 | break; | 521 | break; |
| 522 | case 8192: | ||
| 523 | ret |= EMAC4_MR1_TFS_8K; | ||
| 524 | break; | ||
| 519 | case 4096: | 525 | case 4096: |
| 520 | ret |= EMAC4_MR1_TFS_4K; | 526 | ret |= EMAC4_MR1_TFS_4K; |
| 521 | break; | 527 | break; |
diff --git a/drivers/net/ethernet/ibm/emac/emac.h b/drivers/net/ethernet/ibm/emac/emac.h index 5afcc27ceebb..c26d2631ca30 100644 --- a/drivers/net/ethernet/ibm/emac/emac.h +++ b/drivers/net/ethernet/ibm/emac/emac.h | |||
| @@ -151,9 +151,11 @@ struct emac_regs { | |||
| 151 | 151 | ||
| 152 | #define EMAC4_MR1_RFS_2K 0x00100000 | 152 | #define EMAC4_MR1_RFS_2K 0x00100000 |
| 153 | #define EMAC4_MR1_RFS_4K 0x00180000 | 153 | #define EMAC4_MR1_RFS_4K 0x00180000 |
| 154 | #define EMAC4_MR1_RFS_8K 0x00200000 | ||
| 154 | #define EMAC4_MR1_RFS_16K 0x00280000 | 155 | #define EMAC4_MR1_RFS_16K 0x00280000 |
| 155 | #define EMAC4_MR1_TFS_2K 0x00020000 | 156 | #define EMAC4_MR1_TFS_2K 0x00020000 |
| 156 | #define EMAC4_MR1_TFS_4K 0x00030000 | 157 | #define EMAC4_MR1_TFS_4K 0x00030000 |
| 158 | #define EMAC4_MR1_TFS_8K 0x00040000 | ||
| 157 | #define EMAC4_MR1_TFS_16K 0x00050000 | 159 | #define EMAC4_MR1_TFS_16K 0x00050000 |
| 158 | #define EMAC4_MR1_TR 0x00008000 | 160 | #define EMAC4_MR1_TR 0x00008000 |
| 159 | #define EMAC4_MR1_MWSW_001 0x00001000 | 161 | #define EMAC4_MR1_MWSW_001 0x00001000 |
| @@ -242,7 +244,7 @@ struct emac_regs { | |||
| 242 | #define EMAC_STACR_PHYE 0x00004000 | 244 | #define EMAC_STACR_PHYE 0x00004000 |
| 243 | #define EMAC_STACR_STAC_MASK 0x00003000 | 245 | #define EMAC_STACR_STAC_MASK 0x00003000 |
| 244 | #define EMAC_STACR_STAC_READ 0x00001000 | 246 | #define EMAC_STACR_STAC_READ 0x00001000 |
| 245 | #define EMAC_STACR_STAC_WRITE 0x00002000 | 247 | #define EMAC_STACR_STAC_WRITE 0x00000800 |
| 246 | #define EMAC_STACR_OPBC_MASK 0x00000C00 | 248 | #define EMAC_STACR_OPBC_MASK 0x00000C00 |
| 247 | #define EMAC_STACR_OPBC_50 0x00000000 | 249 | #define EMAC_STACR_OPBC_50 0x00000000 |
| 248 | #define EMAC_STACR_OPBC_66 0x00000400 | 250 | #define EMAC_STACR_OPBC_66 0x00000400 |
diff --git a/drivers/net/ethernet/intel/i40e/i40e_main.c b/drivers/net/ethernet/intel/i40e/i40e_main.c index 42dcaefc4c19..af792112a2d3 100644 --- a/drivers/net/ethernet/intel/i40e/i40e_main.c +++ b/drivers/net/ethernet/intel/i40e/i40e_main.c | |||
| @@ -7505,6 +7505,8 @@ static int i40e_setup_tc_cls_flower(struct i40e_netdev_priv *np, | |||
| 7505 | { | 7505 | { |
| 7506 | struct i40e_vsi *vsi = np->vsi; | 7506 | struct i40e_vsi *vsi = np->vsi; |
| 7507 | 7507 | ||
| 7508 | if (!tc_can_offload(vsi->netdev)) | ||
| 7509 | return -EOPNOTSUPP; | ||
| 7508 | if (cls_flower->common.chain_index) | 7510 | if (cls_flower->common.chain_index) |
| 7509 | return -EOPNOTSUPP; | 7511 | return -EOPNOTSUPP; |
| 7510 | 7512 | ||
diff --git a/drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c b/drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c index 6c0391c13fe0..7042c855a5d6 100644 --- a/drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c +++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c | |||
| @@ -1942,11 +1942,8 @@ static void mlxsw_sp_router_neigh_ent_ipv4_process(struct mlxsw_sp *mlxsw_sp, | |||
| 1942 | dipn = htonl(dip); | 1942 | dipn = htonl(dip); |
| 1943 | dev = mlxsw_sp->router->rifs[rif]->dev; | 1943 | dev = mlxsw_sp->router->rifs[rif]->dev; |
| 1944 | n = neigh_lookup(&arp_tbl, &dipn, dev); | 1944 | n = neigh_lookup(&arp_tbl, &dipn, dev); |
| 1945 | if (!n) { | 1945 | if (!n) |
| 1946 | netdev_err(dev, "Failed to find matching neighbour for IP=%pI4h\n", | ||
| 1947 | &dip); | ||
| 1948 | return; | 1946 | return; |
| 1949 | } | ||
| 1950 | 1947 | ||
| 1951 | netdev_dbg(dev, "Updating neighbour with IP=%pI4h\n", &dip); | 1948 | netdev_dbg(dev, "Updating neighbour with IP=%pI4h\n", &dip); |
| 1952 | neigh_event_send(n, NULL); | 1949 | neigh_event_send(n, NULL); |
| @@ -1973,11 +1970,8 @@ static void mlxsw_sp_router_neigh_ent_ipv6_process(struct mlxsw_sp *mlxsw_sp, | |||
| 1973 | 1970 | ||
| 1974 | dev = mlxsw_sp->router->rifs[rif]->dev; | 1971 | dev = mlxsw_sp->router->rifs[rif]->dev; |
| 1975 | n = neigh_lookup(&nd_tbl, &dip, dev); | 1972 | n = neigh_lookup(&nd_tbl, &dip, dev); |
| 1976 | if (!n) { | 1973 | if (!n) |
| 1977 | netdev_err(dev, "Failed to find matching neighbour for IP=%pI6c\n", | ||
| 1978 | &dip); | ||
| 1979 | return; | 1974 | return; |
| 1980 | } | ||
| 1981 | 1975 | ||
| 1982 | netdev_dbg(dev, "Updating neighbour with IP=%pI6c\n", &dip); | 1976 | netdev_dbg(dev, "Updating neighbour with IP=%pI6c\n", &dip); |
| 1983 | neigh_event_send(n, NULL); | 1977 | neigh_event_send(n, NULL); |
diff --git a/drivers/net/ethernet/qlogic/qed/qed_rdma.c b/drivers/net/ethernet/qlogic/qed/qed_rdma.c index c8c4b3940564..b7abb8205d3a 100644 --- a/drivers/net/ethernet/qlogic/qed/qed_rdma.c +++ b/drivers/net/ethernet/qlogic/qed/qed_rdma.c | |||
| @@ -358,10 +358,27 @@ static void qed_rdma_resc_free(struct qed_hwfn *p_hwfn) | |||
| 358 | kfree(p_rdma_info); | 358 | kfree(p_rdma_info); |
| 359 | } | 359 | } |
| 360 | 360 | ||
| 361 | static void qed_rdma_free_tid(void *rdma_cxt, u32 itid) | ||
| 362 | { | ||
| 363 | struct qed_hwfn *p_hwfn = (struct qed_hwfn *)rdma_cxt; | ||
| 364 | |||
| 365 | DP_VERBOSE(p_hwfn, QED_MSG_RDMA, "itid = %08x\n", itid); | ||
| 366 | |||
| 367 | spin_lock_bh(&p_hwfn->p_rdma_info->lock); | ||
| 368 | qed_bmap_release_id(p_hwfn, &p_hwfn->p_rdma_info->tid_map, itid); | ||
| 369 | spin_unlock_bh(&p_hwfn->p_rdma_info->lock); | ||
| 370 | } | ||
| 371 | |||
| 372 | static void qed_rdma_free_reserved_lkey(struct qed_hwfn *p_hwfn) | ||
| 373 | { | ||
| 374 | qed_rdma_free_tid(p_hwfn, p_hwfn->p_rdma_info->dev->reserved_lkey); | ||
| 375 | } | ||
| 376 | |||
| 361 | static void qed_rdma_free(struct qed_hwfn *p_hwfn) | 377 | static void qed_rdma_free(struct qed_hwfn *p_hwfn) |
| 362 | { | 378 | { |
| 363 | DP_VERBOSE(p_hwfn, QED_MSG_RDMA, "Freeing RDMA\n"); | 379 | DP_VERBOSE(p_hwfn, QED_MSG_RDMA, "Freeing RDMA\n"); |
| 364 | 380 | ||
| 381 | qed_rdma_free_reserved_lkey(p_hwfn); | ||
| 365 | qed_rdma_resc_free(p_hwfn); | 382 | qed_rdma_resc_free(p_hwfn); |
| 366 | } | 383 | } |
| 367 | 384 | ||
| @@ -615,9 +632,6 @@ static int qed_rdma_reserve_lkey(struct qed_hwfn *p_hwfn) | |||
| 615 | { | 632 | { |
| 616 | struct qed_rdma_device *dev = p_hwfn->p_rdma_info->dev; | 633 | struct qed_rdma_device *dev = p_hwfn->p_rdma_info->dev; |
| 617 | 634 | ||
| 618 | /* The first DPI is reserved for the Kernel */ | ||
| 619 | __set_bit(0, p_hwfn->p_rdma_info->dpi_map.bitmap); | ||
| 620 | |||
| 621 | /* Tid 0 will be used as the key for "reserved MR". | 635 | /* Tid 0 will be used as the key for "reserved MR". |
| 622 | * The driver should allocate memory for it so it can be loaded but no | 636 | * The driver should allocate memory for it so it can be loaded but no |
| 623 | * ramrod should be passed on it. | 637 | * ramrod should be passed on it. |
| @@ -797,17 +811,6 @@ static struct qed_rdma_device *qed_rdma_query_device(void *rdma_cxt) | |||
| 797 | return p_hwfn->p_rdma_info->dev; | 811 | return p_hwfn->p_rdma_info->dev; |
| 798 | } | 812 | } |
| 799 | 813 | ||
| 800 | static void qed_rdma_free_tid(void *rdma_cxt, u32 itid) | ||
| 801 | { | ||
| 802 | struct qed_hwfn *p_hwfn = (struct qed_hwfn *)rdma_cxt; | ||
| 803 | |||
| 804 | DP_VERBOSE(p_hwfn, QED_MSG_RDMA, "itid = %08x\n", itid); | ||
| 805 | |||
| 806 | spin_lock_bh(&p_hwfn->p_rdma_info->lock); | ||
| 807 | qed_bmap_release_id(p_hwfn, &p_hwfn->p_rdma_info->tid_map, itid); | ||
| 808 | spin_unlock_bh(&p_hwfn->p_rdma_info->lock); | ||
| 809 | } | ||
| 810 | |||
| 811 | static void qed_rdma_cnq_prod_update(void *rdma_cxt, u8 qz_offset, u16 prod) | 814 | static void qed_rdma_cnq_prod_update(void *rdma_cxt, u8 qz_offset, u16 prod) |
| 812 | { | 815 | { |
| 813 | struct qed_hwfn *p_hwfn; | 816 | struct qed_hwfn *p_hwfn; |
diff --git a/drivers/net/ppp/pppoe.c b/drivers/net/ppp/pppoe.c index 4e1da1645b15..5aa59f41bf8c 100644 --- a/drivers/net/ppp/pppoe.c +++ b/drivers/net/ppp/pppoe.c | |||
| @@ -842,6 +842,7 @@ static int pppoe_sendmsg(struct socket *sock, struct msghdr *m, | |||
| 842 | struct pppoe_hdr *ph; | 842 | struct pppoe_hdr *ph; |
| 843 | struct net_device *dev; | 843 | struct net_device *dev; |
| 844 | char *start; | 844 | char *start; |
| 845 | int hlen; | ||
| 845 | 846 | ||
| 846 | lock_sock(sk); | 847 | lock_sock(sk); |
| 847 | if (sock_flag(sk, SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED)) { | 848 | if (sock_flag(sk, SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED)) { |
| @@ -860,16 +861,16 @@ static int pppoe_sendmsg(struct socket *sock, struct msghdr *m, | |||
| 860 | if (total_len > (dev->mtu + dev->hard_header_len)) | 861 | if (total_len > (dev->mtu + dev->hard_header_len)) |
| 861 | goto end; | 862 | goto end; |
| 862 | 863 | ||
| 863 | 864 | hlen = LL_RESERVED_SPACE(dev); | |
| 864 | skb = sock_wmalloc(sk, total_len + dev->hard_header_len + 32, | 865 | skb = sock_wmalloc(sk, hlen + sizeof(*ph) + total_len + |
| 865 | 0, GFP_KERNEL); | 866 | dev->needed_tailroom, 0, GFP_KERNEL); |
| 866 | if (!skb) { | 867 | if (!skb) { |
| 867 | error = -ENOMEM; | 868 | error = -ENOMEM; |
| 868 | goto end; | 869 | goto end; |
| 869 | } | 870 | } |
| 870 | 871 | ||
| 871 | /* Reserve space for headers. */ | 872 | /* Reserve space for headers. */ |
| 872 | skb_reserve(skb, dev->hard_header_len); | 873 | skb_reserve(skb, hlen); |
| 873 | skb_reset_network_header(skb); | 874 | skb_reset_network_header(skb); |
| 874 | 875 | ||
| 875 | skb->dev = dev; | 876 | skb->dev = dev; |
| @@ -930,7 +931,7 @@ static int __pppoe_xmit(struct sock *sk, struct sk_buff *skb) | |||
| 930 | /* Copy the data if there is no space for the header or if it's | 931 | /* Copy the data if there is no space for the header or if it's |
| 931 | * read-only. | 932 | * read-only. |
| 932 | */ | 933 | */ |
| 933 | if (skb_cow_head(skb, sizeof(*ph) + dev->hard_header_len)) | 934 | if (skb_cow_head(skb, LL_RESERVED_SPACE(dev) + sizeof(*ph))) |
| 934 | goto abort; | 935 | goto abort; |
| 935 | 936 | ||
| 936 | __skb_push(skb, sizeof(*ph)); | 937 | __skb_push(skb, sizeof(*ph)); |
diff --git a/drivers/net/vmxnet3/vmxnet3_drv.c b/drivers/net/vmxnet3/vmxnet3_drv.c index d1c7029ded7c..cf95290b160c 100644 --- a/drivers/net/vmxnet3/vmxnet3_drv.c +++ b/drivers/net/vmxnet3/vmxnet3_drv.c | |||
| @@ -1616,7 +1616,6 @@ static void vmxnet3_rq_destroy(struct vmxnet3_rx_queue *rq, | |||
| 1616 | rq->rx_ring[i].basePA); | 1616 | rq->rx_ring[i].basePA); |
| 1617 | rq->rx_ring[i].base = NULL; | 1617 | rq->rx_ring[i].base = NULL; |
| 1618 | } | 1618 | } |
| 1619 | rq->buf_info[i] = NULL; | ||
| 1620 | } | 1619 | } |
| 1621 | 1620 | ||
| 1622 | if (rq->data_ring.base) { | 1621 | if (rq->data_ring.base) { |
| @@ -1638,6 +1637,7 @@ static void vmxnet3_rq_destroy(struct vmxnet3_rx_queue *rq, | |||
| 1638 | (rq->rx_ring[0].size + rq->rx_ring[1].size); | 1637 | (rq->rx_ring[0].size + rq->rx_ring[1].size); |
| 1639 | dma_free_coherent(&adapter->pdev->dev, sz, rq->buf_info[0], | 1638 | dma_free_coherent(&adapter->pdev->dev, sz, rq->buf_info[0], |
| 1640 | rq->buf_info_pa); | 1639 | rq->buf_info_pa); |
| 1640 | rq->buf_info[0] = rq->buf_info[1] = NULL; | ||
| 1641 | } | 1641 | } |
| 1642 | } | 1642 | } |
| 1643 | 1643 | ||
diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c index 33ac2b186b85..5727b186b3ca 100644 --- a/drivers/vhost/vhost.c +++ b/drivers/vhost/vhost.c | |||
| @@ -904,7 +904,7 @@ static void vhost_dev_lock_vqs(struct vhost_dev *d) | |||
| 904 | { | 904 | { |
| 905 | int i = 0; | 905 | int i = 0; |
| 906 | for (i = 0; i < d->nvqs; ++i) | 906 | for (i = 0; i < d->nvqs; ++i) |
| 907 | mutex_lock(&d->vqs[i]->mutex); | 907 | mutex_lock_nested(&d->vqs[i]->mutex, i); |
| 908 | } | 908 | } |
| 909 | 909 | ||
| 910 | static void vhost_dev_unlock_vqs(struct vhost_dev *d) | 910 | static void vhost_dev_unlock_vqs(struct vhost_dev *d) |
| @@ -1015,6 +1015,10 @@ static int vhost_process_iotlb_msg(struct vhost_dev *dev, | |||
| 1015 | vhost_iotlb_notify_vq(dev, msg); | 1015 | vhost_iotlb_notify_vq(dev, msg); |
| 1016 | break; | 1016 | break; |
| 1017 | case VHOST_IOTLB_INVALIDATE: | 1017 | case VHOST_IOTLB_INVALIDATE: |
| 1018 | if (!dev->iotlb) { | ||
| 1019 | ret = -EFAULT; | ||
| 1020 | break; | ||
| 1021 | } | ||
| 1018 | vhost_vq_meta_reset(dev); | 1022 | vhost_vq_meta_reset(dev); |
| 1019 | vhost_del_umem_range(dev->iotlb, msg->iova, | 1023 | vhost_del_umem_range(dev->iotlb, msg->iova, |
| 1020 | msg->iova + msg->size - 1); | 1024 | msg->iova + msg->size - 1); |
diff --git a/include/net/ipv6.h b/include/net/ipv6.h index f73797e2fa60..221238254eb7 100644 --- a/include/net/ipv6.h +++ b/include/net/ipv6.h | |||
| @@ -331,6 +331,7 @@ int ipv6_flowlabel_opt_get(struct sock *sk, struct in6_flowlabel_req *freq, | |||
| 331 | int flags); | 331 | int flags); |
| 332 | int ip6_flowlabel_init(void); | 332 | int ip6_flowlabel_init(void); |
| 333 | void ip6_flowlabel_cleanup(void); | 333 | void ip6_flowlabel_cleanup(void); |
| 334 | bool ip6_autoflowlabel(struct net *net, const struct ipv6_pinfo *np); | ||
| 334 | 335 | ||
| 335 | static inline void fl6_sock_release(struct ip6_flowlabel *fl) | 336 | static inline void fl6_sock_release(struct ip6_flowlabel *fl) |
| 336 | { | 337 | { |
diff --git a/include/net/pkt_cls.h b/include/net/pkt_cls.h index 8e08b6da72f3..753ac9361154 100644 --- a/include/net/pkt_cls.h +++ b/include/net/pkt_cls.h | |||
| @@ -522,7 +522,7 @@ static inline unsigned char * tcf_get_base_ptr(struct sk_buff *skb, int layer) | |||
| 522 | { | 522 | { |
| 523 | switch (layer) { | 523 | switch (layer) { |
| 524 | case TCF_LAYER_LINK: | 524 | case TCF_LAYER_LINK: |
| 525 | return skb->data; | 525 | return skb_mac_header(skb); |
| 526 | case TCF_LAYER_NETWORK: | 526 | case TCF_LAYER_NETWORK: |
| 527 | return skb_network_header(skb); | 527 | return skb_network_header(skb); |
| 528 | case TCF_LAYER_TRANSPORT: | 528 | case TCF_LAYER_TRANSPORT: |
diff --git a/net/ipv4/xfrm4_mode_tunnel.c b/net/ipv4/xfrm4_mode_tunnel.c index e6265e2c274e..20ca486b3cad 100644 --- a/net/ipv4/xfrm4_mode_tunnel.c +++ b/net/ipv4/xfrm4_mode_tunnel.c | |||
| @@ -92,6 +92,7 @@ static int xfrm4_mode_tunnel_input(struct xfrm_state *x, struct sk_buff *skb) | |||
| 92 | 92 | ||
| 93 | skb_reset_network_header(skb); | 93 | skb_reset_network_header(skb); |
| 94 | skb_mac_header_rebuild(skb); | 94 | skb_mac_header_rebuild(skb); |
| 95 | eth_hdr(skb)->h_proto = skb->protocol; | ||
| 95 | 96 | ||
| 96 | err = 0; | 97 | err = 0; |
| 97 | 98 | ||
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index 4f7d8de56611..3763dc01e374 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c | |||
| @@ -166,7 +166,7 @@ int ip6_output(struct net *net, struct sock *sk, struct sk_buff *skb) | |||
| 166 | !(IP6CB(skb)->flags & IP6SKB_REROUTED)); | 166 | !(IP6CB(skb)->flags & IP6SKB_REROUTED)); |
| 167 | } | 167 | } |
| 168 | 168 | ||
| 169 | static bool ip6_autoflowlabel(struct net *net, const struct ipv6_pinfo *np) | 169 | bool ip6_autoflowlabel(struct net *net, const struct ipv6_pinfo *np) |
| 170 | { | 170 | { |
| 171 | if (!np->autoflowlabel_set) | 171 | if (!np->autoflowlabel_set) |
| 172 | return ip6_default_np_autolabel(net); | 172 | return ip6_default_np_autolabel(net); |
diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c index 2d4680e0376f..e8ffb5b5d84e 100644 --- a/net/ipv6/ipv6_sockglue.c +++ b/net/ipv6/ipv6_sockglue.c | |||
| @@ -1336,7 +1336,7 @@ static int do_ipv6_getsockopt(struct sock *sk, int level, int optname, | |||
| 1336 | break; | 1336 | break; |
| 1337 | 1337 | ||
| 1338 | case IPV6_AUTOFLOWLABEL: | 1338 | case IPV6_AUTOFLOWLABEL: |
| 1339 | val = np->autoflowlabel; | 1339 | val = ip6_autoflowlabel(sock_net(sk), np); |
| 1340 | break; | 1340 | break; |
| 1341 | 1341 | ||
| 1342 | case IPV6_RECVFRAGSIZE: | 1342 | case IPV6_RECVFRAGSIZE: |
diff --git a/net/ipv6/xfrm6_mode_tunnel.c b/net/ipv6/xfrm6_mode_tunnel.c index 02556e356f87..dc93002ff9d1 100644 --- a/net/ipv6/xfrm6_mode_tunnel.c +++ b/net/ipv6/xfrm6_mode_tunnel.c | |||
| @@ -92,6 +92,7 @@ static int xfrm6_mode_tunnel_input(struct xfrm_state *x, struct sk_buff *skb) | |||
| 92 | 92 | ||
| 93 | skb_reset_network_header(skb); | 93 | skb_reset_network_header(skb); |
| 94 | skb_mac_header_rebuild(skb); | 94 | skb_mac_header_rebuild(skb); |
| 95 | eth_hdr(skb)->h_proto = skb->protocol; | ||
| 95 | 96 | ||
| 96 | err = 0; | 97 | err = 0; |
| 97 | 98 | ||
diff --git a/net/kcm/kcmsock.c b/net/kcm/kcmsock.c index d4e98f20fc2a..4a8d407f8902 100644 --- a/net/kcm/kcmsock.c +++ b/net/kcm/kcmsock.c | |||
| @@ -1387,8 +1387,13 @@ static int kcm_attach(struct socket *sock, struct socket *csock, | |||
| 1387 | if (!csk) | 1387 | if (!csk) |
| 1388 | return -EINVAL; | 1388 | return -EINVAL; |
| 1389 | 1389 | ||
| 1390 | /* We must prevent loops or risk deadlock ! */ | 1390 | /* Only allow TCP sockets to be attached for now */ |
| 1391 | if (csk->sk_family == PF_KCM) | 1391 | if ((csk->sk_family != AF_INET && csk->sk_family != AF_INET6) || |
| 1392 | csk->sk_protocol != IPPROTO_TCP) | ||
| 1393 | return -EOPNOTSUPP; | ||
| 1394 | |||
| 1395 | /* Don't allow listeners or closed sockets */ | ||
| 1396 | if (csk->sk_state == TCP_LISTEN || csk->sk_state == TCP_CLOSE) | ||
| 1392 | return -EOPNOTSUPP; | 1397 | return -EOPNOTSUPP; |
| 1393 | 1398 | ||
| 1394 | psock = kmem_cache_zalloc(kcm_psockp, GFP_KERNEL); | 1399 | psock = kmem_cache_zalloc(kcm_psockp, GFP_KERNEL); |
| @@ -1405,9 +1410,18 @@ static int kcm_attach(struct socket *sock, struct socket *csock, | |||
| 1405 | return err; | 1410 | return err; |
| 1406 | } | 1411 | } |
| 1407 | 1412 | ||
| 1408 | sock_hold(csk); | ||
| 1409 | |||
| 1410 | write_lock_bh(&csk->sk_callback_lock); | 1413 | write_lock_bh(&csk->sk_callback_lock); |
| 1414 | |||
| 1415 | /* Check if sk_user_data is aready by KCM or someone else. | ||
| 1416 | * Must be done under lock to prevent race conditions. | ||
| 1417 | */ | ||
| 1418 | if (csk->sk_user_data) { | ||
| 1419 | write_unlock_bh(&csk->sk_callback_lock); | ||
| 1420 | strp_done(&psock->strp); | ||
| 1421 | kmem_cache_free(kcm_psockp, psock); | ||
| 1422 | return -EALREADY; | ||
| 1423 | } | ||
| 1424 | |||
| 1411 | psock->save_data_ready = csk->sk_data_ready; | 1425 | psock->save_data_ready = csk->sk_data_ready; |
| 1412 | psock->save_write_space = csk->sk_write_space; | 1426 | psock->save_write_space = csk->sk_write_space; |
| 1413 | psock->save_state_change = csk->sk_state_change; | 1427 | psock->save_state_change = csk->sk_state_change; |
| @@ -1415,8 +1429,11 @@ static int kcm_attach(struct socket *sock, struct socket *csock, | |||
| 1415 | csk->sk_data_ready = psock_data_ready; | 1429 | csk->sk_data_ready = psock_data_ready; |
| 1416 | csk->sk_write_space = psock_write_space; | 1430 | csk->sk_write_space = psock_write_space; |
| 1417 | csk->sk_state_change = psock_state_change; | 1431 | csk->sk_state_change = psock_state_change; |
| 1432 | |||
| 1418 | write_unlock_bh(&csk->sk_callback_lock); | 1433 | write_unlock_bh(&csk->sk_callback_lock); |
| 1419 | 1434 | ||
| 1435 | sock_hold(csk); | ||
| 1436 | |||
| 1420 | /* Finished initialization, now add the psock to the MUX. */ | 1437 | /* Finished initialization, now add the psock to the MUX. */ |
| 1421 | spin_lock_bh(&mux->lock); | 1438 | spin_lock_bh(&mux->lock); |
| 1422 | head = &mux->psocks; | 1439 | head = &mux->psocks; |
diff --git a/net/sched/em_nbyte.c b/net/sched/em_nbyte.c index df3110d69585..07c10bac06a0 100644 --- a/net/sched/em_nbyte.c +++ b/net/sched/em_nbyte.c | |||
| @@ -51,7 +51,7 @@ static int em_nbyte_match(struct sk_buff *skb, struct tcf_ematch *em, | |||
| 51 | if (!tcf_valid_offset(skb, ptr, nbyte->hdr.len)) | 51 | if (!tcf_valid_offset(skb, ptr, nbyte->hdr.len)) |
| 52 | return 0; | 52 | return 0; |
| 53 | 53 | ||
| 54 | return !memcmp(ptr + nbyte->hdr.off, nbyte->pattern, nbyte->hdr.len); | 54 | return !memcmp(ptr, nbyte->pattern, nbyte->hdr.len); |
| 55 | } | 55 | } |
| 56 | 56 | ||
| 57 | static struct tcf_ematch_ops em_nbyte_ops = { | 57 | static struct tcf_ematch_ops em_nbyte_ops = { |
diff --git a/net/xfrm/xfrm_device.c b/net/xfrm/xfrm_device.c index 30e5746085b8..ac9477189d1c 100644 --- a/net/xfrm/xfrm_device.c +++ b/net/xfrm/xfrm_device.c | |||
| @@ -102,6 +102,7 @@ int xfrm_dev_state_add(struct net *net, struct xfrm_state *x, | |||
| 102 | 102 | ||
| 103 | err = dev->xfrmdev_ops->xdo_dev_state_add(x); | 103 | err = dev->xfrmdev_ops->xdo_dev_state_add(x); |
| 104 | if (err) { | 104 | if (err) { |
| 105 | xso->dev = NULL; | ||
| 105 | dev_put(dev); | 106 | dev_put(dev); |
| 106 | return err; | 107 | return err; |
| 107 | } | 108 | } |
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 429957412633..a3785f538018 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c | |||
| @@ -317,7 +317,7 @@ retry: | |||
| 317 | 317 | ||
| 318 | if (!type && try_load) { | 318 | if (!type && try_load) { |
| 319 | request_module("xfrm-offload-%d-%d", family, proto); | 319 | request_module("xfrm-offload-%d-%d", family, proto); |
| 320 | try_load = 0; | 320 | try_load = false; |
| 321 | goto retry; | 321 | goto retry; |
| 322 | } | 322 | } |
| 323 | 323 | ||
| @@ -2272,8 +2272,6 @@ int __xfrm_init_state(struct xfrm_state *x, bool init_replay, bool offload) | |||
| 2272 | goto error; | 2272 | goto error; |
| 2273 | } | 2273 | } |
| 2274 | 2274 | ||
| 2275 | x->km.state = XFRM_STATE_VALID; | ||
| 2276 | |||
| 2277 | error: | 2275 | error: |
| 2278 | return err; | 2276 | return err; |
| 2279 | } | 2277 | } |
| @@ -2282,7 +2280,13 @@ EXPORT_SYMBOL(__xfrm_init_state); | |||
| 2282 | 2280 | ||
| 2283 | int xfrm_init_state(struct xfrm_state *x) | 2281 | int xfrm_init_state(struct xfrm_state *x) |
| 2284 | { | 2282 | { |
| 2285 | return __xfrm_init_state(x, true, false); | 2283 | int err; |
| 2284 | |||
| 2285 | err = __xfrm_init_state(x, true, false); | ||
| 2286 | if (!err) | ||
| 2287 | x->km.state = XFRM_STATE_VALID; | ||
| 2288 | |||
| 2289 | return err; | ||
| 2286 | } | 2290 | } |
| 2287 | 2291 | ||
| 2288 | EXPORT_SYMBOL(xfrm_init_state); | 2292 | EXPORT_SYMBOL(xfrm_init_state); |
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index bdb48e5dba04..7f52b8eb177d 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c | |||
| @@ -598,13 +598,6 @@ static struct xfrm_state *xfrm_state_construct(struct net *net, | |||
| 598 | goto error; | 598 | goto error; |
| 599 | } | 599 | } |
| 600 | 600 | ||
| 601 | if (attrs[XFRMA_OFFLOAD_DEV]) { | ||
| 602 | err = xfrm_dev_state_add(net, x, | ||
| 603 | nla_data(attrs[XFRMA_OFFLOAD_DEV])); | ||
| 604 | if (err) | ||
| 605 | goto error; | ||
| 606 | } | ||
| 607 | |||
| 608 | if ((err = xfrm_alloc_replay_state_esn(&x->replay_esn, &x->preplay_esn, | 601 | if ((err = xfrm_alloc_replay_state_esn(&x->replay_esn, &x->preplay_esn, |
| 609 | attrs[XFRMA_REPLAY_ESN_VAL]))) | 602 | attrs[XFRMA_REPLAY_ESN_VAL]))) |
| 610 | goto error; | 603 | goto error; |
| @@ -620,6 +613,14 @@ static struct xfrm_state *xfrm_state_construct(struct net *net, | |||
| 620 | /* override default values from above */ | 613 | /* override default values from above */ |
| 621 | xfrm_update_ae_params(x, attrs, 0); | 614 | xfrm_update_ae_params(x, attrs, 0); |
| 622 | 615 | ||
| 616 | /* configure the hardware if offload is requested */ | ||
| 617 | if (attrs[XFRMA_OFFLOAD_DEV]) { | ||
| 618 | err = xfrm_dev_state_add(net, x, | ||
| 619 | nla_data(attrs[XFRMA_OFFLOAD_DEV])); | ||
| 620 | if (err) | ||
| 621 | goto error; | ||
| 622 | } | ||
| 623 | |||
| 623 | return x; | 624 | return x; |
| 624 | 625 | ||
| 625 | error: | 626 | error: |
| @@ -662,6 +663,9 @@ static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 662 | goto out; | 663 | goto out; |
| 663 | } | 664 | } |
| 664 | 665 | ||
| 666 | if (x->km.state == XFRM_STATE_VOID) | ||
| 667 | x->km.state = XFRM_STATE_VALID; | ||
| 668 | |||
| 665 | c.seq = nlh->nlmsg_seq; | 669 | c.seq = nlh->nlmsg_seq; |
| 666 | c.portid = nlh->nlmsg_pid; | 670 | c.portid = nlh->nlmsg_pid; |
| 667 | c.event = nlh->nlmsg_type; | 671 | c.event = nlh->nlmsg_type; |