Merge airlied/drm-next into drm-misc-next

Backmerge the main pull request to sync up with all the newly landed drivers. Otherwise we'll have chaos even before 4.12 started in earnest. Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
author: Daniel Vetter <daniel.vetter@ffwll.ch> 2017-02-26 15:34:42 -0500
committer: Daniel Vetter <daniel.vetter@ffwll.ch> 2017-02-26 15:34:42 -0500
commit: 8e22e1b3499a446df48c2b26667ca36c55bf864c (patch)
tree: 5329f98b3eb3c95a9dcbab0fa4f9b6e62f0e788d /net/ipv6
parent: 00d3c14f14d51babd8aeafd5fa734ccf04f5ca3d (diff)
parent: 64a577196d66b44e37384bc5c4d78c61f59d5b2a (diff)
18 files changed, 118 insertions, 100 deletions
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index c1e124bc8e1e..a7bcc0ab5e99 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -3386,9 +3386,15 @@ static int addrconf_notify(struct notifier_block *this, unsigned long event,
                        }
                        if (idev) {
-                                if (idev->if_flags & IF_READY)
+                                if (idev->if_flags & IF_READY) {
-                                        /* device is already configured. */
+                                        /* device is already configured -
+                                         * but resend MLD reports, we might
+                                         * have roamed and need to update
+                                         * multicast snooping switches
+                                         */
+                                        ipv6_mc_up(idev);
                                        break;
+                                }
                                idev->if_flags |= IF_READY;
                        }
@@ -4009,6 +4015,12 @@ static void addrconf_dad_completed(struct inet6_ifaddr *ifp, bool bump_id)
        if (bump_id)
                rt_genid_bump_ipv6(dev_net(dev));
+        /* Make sure that a new temporary address will be created
+         * before this temporary address becomes deprecated.
+         */
+        if (ifp->flags & IFA_F_TEMPORARY)
+                addrconf_verify_rtnl();
 }
 static void addrconf_dad_run(struct inet6_dev *idev)
@@ -5540,8 +5552,7 @@ static void addrconf_disable_change(struct net *net, __s32 newf)
        struct net_device *dev;
        struct inet6_dev *idev;
-        rcu_read_lock();
+        for_each_netdev(net, dev) {
-        for_each_netdev_rcu(net, dev) {
                idev = __in6_dev_get(dev);
                if (idev) {
                        int changed = (!idev->cnf.disable_ipv6) ^ (!newf);
@@ -5550,7 +5561,6 @@ static void addrconf_disable_change(struct net *net, __s32 newf)
                                dev_disable_change(idev);
                }
        }
-        rcu_read_unlock();
 }
 static int addrconf_disable_ipv6(struct ctl_table *table, int *p, int newf)
diff --git a/net/ipv6/exthdrs.c b/net/ipv6/exthdrs.c
index e4198502fd98..275cac628a95 100644
--- a/net/ipv6/exthdrs.c
+++ b/net/ipv6/exthdrs.c
@@ -327,7 +327,6 @@ static int ipv6_srh_rcv(struct sk_buff *skb)
        struct ipv6_sr_hdr *hdr;
        struct inet6_dev *idev;
        struct in6_addr *addr;
-        bool cleanup = false;
        int accept_seg6;
        hdr = (struct ipv6_sr_hdr *)skb_transport_header(skb);
@@ -351,11 +350,7 @@ static int ipv6_srh_rcv(struct sk_buff *skb)
 #endif
 looped_back:
-        if (hdr->segments_left > 0) {
+        if (hdr->segments_left == 0) {
-                if (hdr->nexthdr != NEXTHDR_IPV6 && hdr->segments_left == 1 &&
-                    sr_has_cleanup(hdr))
-                        cleanup = true;
-        } else {
                if (hdr->nexthdr == NEXTHDR_IPV6) {
                        int offset = (hdr->hdrlen + 1) << 3;
@@ -418,21 +413,6 @@ looped_back:
        ipv6_hdr(skb)->daddr = *addr;
-        if (cleanup) {
-                int srhlen = (hdr->hdrlen + 1) << 3;
-                int nh = hdr->nexthdr;
-                skb_pull_rcsum(skb, sizeof(struct ipv6hdr) + srhlen);
-                memmove(skb_network_header(skb) + srhlen,
-                        skb_network_header(skb),
-                        (unsigned char *)hdr - skb_network_header(skb));
-                skb->network_header += srhlen;
-                ipv6_hdr(skb)->nexthdr = nh;
-                ipv6_hdr(skb)->payload_len = htons(skb->len -
-                                                   sizeof(struct ipv6hdr));
-                skb_push_rcsum(skb, sizeof(struct ipv6hdr));
-        }
        skb_dst_drop(skb);
        ip6_route_input(skb);
@@ -453,13 +433,8 @@ looped_back:
                }
                ipv6_hdr(skb)->hop_limit--;
-                /* be sure that srh is still present before reinjecting */
+                skb_pull(skb, sizeof(struct ipv6hdr));
-                if (!cleanup) {
+                goto looped_back;
-                        skb_pull(skb, sizeof(struct ipv6hdr));
-                        goto looped_back;
-                }
-                skb_set_transport_header(skb, sizeof(struct ipv6hdr));
-                IP6CB(skb)->nhoff = offsetof(struct ipv6hdr, nexthdr);
        }
        dst_input(skb);
diff --git a/net/ipv6/ila/ila_lwt.c b/net/ipv6/ila/ila_lwt.c
index a7bc54ab46e2..13b5e85fe0d5 100644
--- a/net/ipv6/ila/ila_lwt.c
+++ b/net/ipv6/ila/ila_lwt.c
@@ -238,6 +238,7 @@ static const struct lwtunnel_encap_ops ila_encap_ops = {
        .fill_encap = ila_fill_encap_info,
        .get_encap_size = ila_encap_nlsize,
        .cmp_encap = ila_encap_cmp,
+        .owner = THIS_MODULE,
 };
 int ila_lwt_init(void)
diff --git a/net/ipv6/inet6_connection_sock.c b/net/ipv6/inet6_connection_sock.c
index 7396e75e161b..75c308239243 100644
--- a/net/ipv6/inet6_connection_sock.c
+++ b/net/ipv6/inet6_connection_sock.c
@@ -176,7 +176,7 @@ int inet6_csk_xmit(struct sock *sk, struct sk_buff *skb, struct flowi *fl_unused
        /* Restore final destination back after routing done */
        fl6.daddr = sk->sk_v6_daddr;
-        res = ip6_xmit(sk, skb, &fl6, rcu_dereference(np->opt),
+        res = ip6_xmit(sk, skb, &fl6, sk->sk_mark, rcu_dereference(np->opt),
                       np->tclass);
        rcu_read_unlock();
        return res;
diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c
index 75b6108234dd..630b73be5999 100644
--- a/net/ipv6/ip6_gre.c
+++ b/net/ipv6/ip6_gre.c
@@ -367,35 +367,37 @@ static void ip6gre_tunnel_uninit(struct net_device *dev)
 static void ip6gre_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
-                u8 type, u8 code, int offset, __be32 info)
+                       u8 type, u8 code, int offset, __be32 info)
 {
-        const struct ipv6hdr *ipv6h = (const struct ipv6hdr *)skb->data;
+        const struct gre_base_hdr *greh;
-        __be16 *p = (__be16 *)(skb->data + offset);
+        const struct ipv6hdr *ipv6h;
-        int grehlen = offset + 4;
+        int grehlen = sizeof(*greh);
        struct ip6_tnl *t;
+        int key_off = 0;
        __be16 flags;
+        __be32 key;
-        flags = p[0];
+        if (!pskb_may_pull(skb, offset + grehlen))
-        if (flags&(GRE_CSUM|GRE_KEY|GRE_SEQ|GRE_ROUTING|GRE_VERSION)) {
+                return;
-                if (flags&(GRE_VERSION|GRE_ROUTING))
+        greh = (const struct gre_base_hdr *)(skb->data + offset);
-                        return;
+        flags = greh->flags;
-                if (flags&GRE_KEY) {
+        if (flags & (GRE_VERSION | GRE_ROUTING))
-                        grehlen += 4;
+                return;
-                        if (flags&GRE_CSUM)
+        if (flags & GRE_CSUM)
-                                grehlen += 4;
+                grehlen += 4;
-                }
+        if (flags & GRE_KEY) {
+                key_off = grehlen + offset;
+                grehlen += 4;
        }
-        /* If only 8 bytes returned, keyed message will be dropped here */
+        if (!pskb_may_pull(skb, offset + grehlen))
-        if (!pskb_may_pull(skb, grehlen))
                return;
        ipv6h = (const struct ipv6hdr *)skb->data;
-        p = (__be16 *)(skb->data + offset);
+        greh = (const struct gre_base_hdr *)(skb->data + offset);
+        key = key_off ? *(__be32 *)(skb->data + key_off) : 0;
        t = ip6gre_tunnel_lookup(skb->dev, &ipv6h->daddr, &ipv6h->saddr,
-                                flags & GRE_KEY ?
+                                 key, greh->protocol);
-                                *(((__be32 *)p) + (grehlen / 4) - 1) : 0,
-                                p[1]);
        if (!t)
                return;
@@ -582,6 +584,9 @@ static inline int ip6gre_xmit_ipv6(struct sk_buff *skb, struct net_device *dev)
                return -1;
        offset = ip6_tnl_parse_tlv_enc_lim(skb, skb_network_header(skb));
+        /* ip6_tnl_parse_tlv_enc_lim() might have reallocated skb->head */
+        ipv6h = ipv6_hdr(skb);
        if (offset > 0) {
                struct ipv6_tlv_tnl_enc_lim *tel;
                tel = (struct ipv6_tlv_tnl_enc_lim *)&skb_network_header(skb)[offset];
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index 38122d04fadc..b6a94ff0bbd0 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -172,7 +172,7 @@ int ip6_output(struct net *net, struct sock *sk, struct sk_buff *skb)
 * which are using proper atomic operations or spinlocks.
 */
 int ip6_xmit(const struct sock *sk, struct sk_buff *skb, struct flowi6 *fl6,
-             struct ipv6_txoptions *opt, int tclass)
+             __u32 mark, struct ipv6_txoptions *opt, int tclass)
 {
        struct net *net = sock_net(sk);
        const struct ipv6_pinfo *np = inet6_sk(sk);
@@ -240,7 +240,7 @@ int ip6_xmit(const struct sock *sk, struct sk_buff *skb, struct flowi6 *fl6,
        skb->protocol = htons(ETH_P_IPV6);
        skb->priority = sk->sk_priority;
-        skb->mark = sk->sk_mark;
+        skb->mark = mark;
        mtu = dst_mtu(dst);
        if ((skb->len <= mtu) || skb->ignore_df || skb_is_gso(skb)) {
@@ -1344,7 +1344,7 @@ emsgsize:
         */
        if (transhdrlen && sk->sk_protocol == IPPROTO_UDP &&
            headersize == sizeof(struct ipv6hdr) &&
-            length < mtu - headersize &&
+            length <= mtu - headersize &&
            !(flags & MSG_MORE) &&
            rt->dst.dev->features & (NETIF_F_IPV6_CSUM | NETIF_F_HW_CSUM))
                csummode = CHECKSUM_PARTIAL;
diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
index 753d6d0860fb..75fac933c209 100644
--- a/net/ipv6/ip6_tunnel.c
+++ b/net/ipv6/ip6_tunnel.c
@@ -400,18 +400,19 @@ ip6_tnl_dev_uninit(struct net_device *dev)
 __u16 ip6_tnl_parse_tlv_enc_lim(struct sk_buff *skb, __u8 *raw)
 {
-        const struct ipv6hdr *ipv6h = (const struct ipv6hdr *) raw;
+        const struct ipv6hdr *ipv6h = (const struct ipv6hdr *)raw;
-        __u8 nexthdr = ipv6h->nexthdr;
+        unsigned int nhoff = raw - skb->data;
-        __u16 off = sizeof(*ipv6h);
+        unsigned int off = nhoff + sizeof(*ipv6h);
+        u8 next, nexthdr = ipv6h->nexthdr;
        while (ipv6_ext_hdr(nexthdr) && nexthdr != NEXTHDR_NONE) {
-                __u16 optlen = 0;
                struct ipv6_opt_hdr *hdr;
-                if (raw + off + sizeof(*hdr) > skb->data &&
+                u16 optlen;
-                    !pskb_may_pull(skb, raw - skb->data + off + sizeof (*hdr)))
+                if (!pskb_may_pull(skb, off + sizeof(*hdr)))
                        break;
-                hdr = (struct ipv6_opt_hdr *) (raw + off);
+                hdr = (struct ipv6_opt_hdr *)(skb->data + off);
                if (nexthdr == NEXTHDR_FRAGMENT) {
                        struct frag_hdr *frag_hdr = (struct frag_hdr *) hdr;
                        if (frag_hdr->frag_off)
@@ -422,20 +423,29 @@ __u16 ip6_tnl_parse_tlv_enc_lim(struct sk_buff *skb, __u8 *raw)
                } else {
                        optlen = ipv6_optlen(hdr);
                }
+                /* cache hdr->nexthdr, since pskb_may_pull() might
+                 * invalidate hdr
+                 */
+                next = hdr->nexthdr;
                if (nexthdr == NEXTHDR_DEST) {
-                        __u16 i = off + 2;
+                        u16 i = 2;
+                        /* Remember : hdr is no longer valid at this point. */
+                        if (!pskb_may_pull(skb, off + optlen))
+                                break;
                        while (1) {
                                struct ipv6_tlv_tnl_enc_lim *tel;
                                /* No more room for encapsulation limit */
-                                if (i + sizeof (*tel) > off + optlen)
+                                if (i + sizeof(*tel) > optlen)
                                        break;
-                                tel = (struct ipv6_tlv_tnl_enc_lim *) &raw[i];
+                                tel = (struct ipv6_tlv_tnl_enc_lim *)(skb->data + off + i);
                                /* return index of option if found and valid */
                                if (tel->type == IPV6_TLV_TNL_ENCAP_LIMIT &&
                                    tel->length == 1)
-                                        return i;
+                                        return i + off - nhoff;
                                /* else jump to next option */
                                if (tel->type)
                                        i += tel->length + 2;
@@ -443,7 +453,7 @@ __u16 ip6_tnl_parse_tlv_enc_lim(struct sk_buff *skb, __u8 *raw)
                                        i++;
                        }
                }
-                nexthdr = hdr->nexthdr;
+                nexthdr = next;
                off += optlen;
        }
        return 0;
@@ -1303,6 +1313,8 @@ ip6ip6_tnl_xmit(struct sk_buff *skb, struct net_device *dev)
                fl6.flowlabel = key->label;
        } else {
                offset = ip6_tnl_parse_tlv_enc_lim(skb, skb_network_header(skb));
+                /* ip6_tnl_parse_tlv_enc_lim() might have reallocated skb->head */
+                ipv6h = ipv6_hdr(skb);
                if (offset > 0) {
                        struct ipv6_tlv_tnl_enc_lim *tel;
diff --git a/net/ipv6/mcast.c b/net/ipv6/mcast.c
index 7139fffd61b6..1bdc703cb966 100644
--- a/net/ipv6/mcast.c
+++ b/net/ipv6/mcast.c
@@ -779,6 +779,7 @@ static void mld_del_delrec(struct inet6_dev *idev, struct ifmcaddr6 *im)
                                psf->sf_crcount = im->mca_crcount;
                }
                in6_dev_put(pmc->idev);
+                kfree(pmc);
        }
        spin_unlock_bh(&im->mca_lock);
 }
diff --git a/net/ipv6/netfilter/ip6t_rpfilter.c b/net/ipv6/netfilter/ip6t_rpfilter.c
index d5263dc364a9..b12e61b7b16c 100644
--- a/net/ipv6/netfilter/ip6t_rpfilter.c
+++ b/net/ipv6/netfilter/ip6t_rpfilter.c
@@ -72,10 +72,10 @@ static bool rpfilter_lookup_reverse6(struct net *net, const struct sk_buff *skb,
        return ret;
 }
-static bool rpfilter_is_local(const struct sk_buff *skb)
+static bool
+rpfilter_is_loopback(const struct sk_buff *skb, const struct net_device *in)
 {
-        const struct rt6_info *rt = (const void *) skb_dst(skb);
+        return skb->pkt_type == PACKET_LOOPBACK || in->flags & IFF_LOOPBACK;
-        return rt && (rt->rt6i_flags & RTF_LOCAL);
 }
 static bool rpfilter_mt(const struct sk_buff *skb, struct xt_action_param *par)
@@ -85,7 +85,7 @@ static bool rpfilter_mt(const struct sk_buff *skb, struct xt_action_param *par)
        struct ipv6hdr *iph;
        bool invert = info->flags & XT_RPFILTER_INVERT;
-        if (rpfilter_is_local(skb))
+        if (rpfilter_is_loopback(skb, xt_in(par)))
                return true ^ invert;
        iph = ipv6_hdr(skb);
diff --git a/net/ipv6/netfilter/nf_reject_ipv6.c b/net/ipv6/netfilter/nf_reject_ipv6.c
index 10090400c72f..eedee5d108d9 100644
--- a/net/ipv6/netfilter/nf_reject_ipv6.c
+++ b/net/ipv6/netfilter/nf_reject_ipv6.c
@@ -157,6 +157,7 @@ void nf_send_reset6(struct net *net, struct sk_buff *oldskb, int hook)
        fl6.fl6_sport = otcph->dest;
        fl6.fl6_dport = otcph->source;
        fl6.flowi6_oif = l3mdev_master_ifindex(skb_dst(oldskb)->dev);
+        fl6.flowi6_mark = IP6_REPLY_MARK(net, oldskb->mark);
        security_skb_classify_flow(oldskb, flowi6_to_flowi(&fl6));
        dst = ip6_route_output(net, NULL, &fl6);
        if (dst->error) {
@@ -180,6 +181,8 @@ void nf_send_reset6(struct net *net, struct sk_buff *oldskb, int hook)
        skb_dst_set(nskb, dst);
+        nskb->mark = fl6.flowi6_mark;
        skb_reserve(nskb, hh_len + dst->header_len);
        ip6h = nf_reject_ip6hdr_put(nskb, oldskb, IPPROTO_TCP,
                                    ip6_dst_hoplimit(dst));
diff --git a/net/ipv6/netfilter/nft_fib_ipv6.c b/net/ipv6/netfilter/nft_fib_ipv6.c
index c947aad8bcc6..765facf03d45 100644
--- a/net/ipv6/netfilter/nft_fib_ipv6.c
+++ b/net/ipv6/netfilter/nft_fib_ipv6.c
@@ -18,13 +18,6 @@
 #include <net/ip6_fib.h>
 #include <net/ip6_route.h>
-static bool fib6_is_local(const struct sk_buff *skb)
-{
-        const struct rt6_info *rt = (const void *)skb_dst(skb);
-        return rt && (rt->rt6i_flags & RTF_LOCAL);
-}
 static int get_ifindex(const struct net_device *dev)
 {
        return dev ? dev->ifindex : 0;
@@ -164,8 +157,10 @@ void nft_fib6_eval(const struct nft_expr *expr, struct nft_regs *regs,
        lookup_flags = nft_fib6_flowi_init(&fl6, priv, pkt, oif);
-        if (nft_hook(pkt) == NF_INET_PRE_ROUTING && fib6_is_local(pkt->skb)) {
+        if (nft_hook(pkt) == NF_INET_PRE_ROUTING &&
-                nft_fib_store_result(dest, priv->result, pkt, LOOPBACK_IFINDEX);
+            nft_fib_is_loopback(pkt->skb, nft_in(pkt))) {
+                nft_fib_store_result(dest, priv->result, pkt,
+                                     nft_in(pkt)->ifindex);
                return;
        }
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index 4f6b067c8753..7ea85370c11c 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -2896,6 +2896,11 @@ static int rtm_to_fib6_config(struct sk_buff *skb, struct nlmsghdr *nlh,
        if (tb[RTA_MULTIPATH]) {
                cfg->fc_mp = nla_data(tb[RTA_MULTIPATH]);
                cfg->fc_mp_len = nla_len(tb[RTA_MULTIPATH]);
+                err = lwtunnel_valid_encap_type_attr(cfg->fc_mp,
+                                                     cfg->fc_mp_len);
+                if (err < 0)
+                        goto errout;
        }
        if (tb[RTA_PREF]) {
@@ -2909,9 +2914,14 @@ static int rtm_to_fib6_config(struct sk_buff *skb, struct nlmsghdr *nlh,
        if (tb[RTA_ENCAP])
                cfg->fc_encap = tb[RTA_ENCAP];
-        if (tb[RTA_ENCAP_TYPE])
+        if (tb[RTA_ENCAP_TYPE]) {
                cfg->fc_encap_type = nla_get_u16(tb[RTA_ENCAP_TYPE]);
+                err = lwtunnel_valid_encap_type(cfg->fc_encap_type);
+                if (err < 0)
+                        goto errout;
+        }
        if (tb[RTA_EXPIRES]) {
                unsigned long timeout = addrconf_timeout_fixup(nla_get_u32(tb[RTA_EXPIRES]), HZ);
diff --git a/net/ipv6/seg6.c b/net/ipv6/seg6.c
index b172d85c650a..a855eb325b03 100644
--- a/net/ipv6/seg6.c
+++ b/net/ipv6/seg6.c
@@ -176,6 +176,8 @@ static int seg6_genl_set_tunsrc(struct sk_buff *skb, struct genl_info *info)
        val = nla_data(info->attrs[SEG6_ATTR_DST]);
        t_new = kmemdup(val, sizeof(*val), GFP_KERNEL);
+        if (!t_new)
+                return -ENOMEM;
        mutex_lock(&sdata->lock);
diff --git a/net/ipv6/seg6_hmac.c b/net/ipv6/seg6_hmac.c
index 03a064803626..6ef3dfb6e811 100644
--- a/net/ipv6/seg6_hmac.c
+++ b/net/ipv6/seg6_hmac.c
@@ -174,7 +174,7 @@ int seg6_hmac_compute(struct seg6_hmac_info *hinfo, struct ipv6_sr_hdr *hdr,
         * hash function (RadioGatun) with up to 1216 bits
         */
-        /* saddr(16) + first_seg(1) + cleanup(1) + keyid(4) + seglist(16n) */
+        /* saddr(16) + first_seg(1) + flags(1) + keyid(4) + seglist(16n) */
        plen = 16 + 1 + 1 + 4 + (hdr->first_segment + 1) * 16;
        /* this limit allows for 14 segments */
@@ -186,7 +186,7 @@ int seg6_hmac_compute(struct seg6_hmac_info *hinfo, struct ipv6_sr_hdr *hdr,
         *
         * 1. Source IPv6 address (128 bits)
         * 2. first_segment value (8 bits)
-         * 3. cleanup flag (8 bits: highest bit is cleanup value, others are 0)
+         * 3. Flags (8 bits)
         * 4. HMAC Key ID (32 bits)
         * 5. All segments in the segments list (n * 128 bits)
         */
@@ -202,8 +202,8 @@ int seg6_hmac_compute(struct seg6_hmac_info *hinfo, struct ipv6_sr_hdr *hdr,
        /* first_segment value */
        *off++ = hdr->first_segment;
-        /* cleanup flag */
+        /* flags */
-        *off++ = !!(sr_has_cleanup(hdr)) << 7;
+        *off++ = hdr->flags;
        /* HMAC Key ID */
        memcpy(off, &hmackeyid, 4);
diff --git a/net/ipv6/seg6_iptunnel.c b/net/ipv6/seg6_iptunnel.c
index 1d60cb132835..c46f8cbf5ab5 100644
--- a/net/ipv6/seg6_iptunnel.c
+++ b/net/ipv6/seg6_iptunnel.c
@@ -422,6 +422,7 @@ static const struct lwtunnel_encap_ops seg6_iptun_ops = {
        .fill_encap = seg6_fill_encap_info,
        .get_encap_size = seg6_encap_nlsize,
        .cmp_encap = seg6_encap_cmp,
+        .owner = THIS_MODULE,
 };
 int __init seg6_iptunnel_init(void)
diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c
index fad992ad4bc8..99853c6e33a8 100644
--- a/net/ipv6/sit.c
+++ b/net/ipv6/sit.c
@@ -1380,6 +1380,7 @@ static int ipip6_tunnel_init(struct net_device *dev)
        err = dst_cache_init(&tunnel->dst_cache, GFP_KERNEL);
        if (err) {
                free_percpu(dev->tstats);
+                dev->tstats = NULL;
                return err;
        }
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index 73bc8fc68acd..eaad72c3d746 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -469,7 +469,7 @@ static int tcp_v6_send_synack(const struct sock *sk, struct dst_entry *dst,
                opt = ireq->ipv6_opt;
                if (!opt)
                        opt = rcu_dereference(np->opt);
-                err = ip6_xmit(sk, skb, fl6, opt, np->tclass);
+                err = ip6_xmit(sk, skb, fl6, sk->sk_mark, opt, np->tclass);
                rcu_read_unlock();
                err = net_xmit_eval(err);
        }
@@ -840,7 +840,7 @@ static void tcp_v6_send_response(const struct sock *sk, struct sk_buff *skb, u32
        dst = ip6_dst_lookup_flow(ctl_sk, &fl6, NULL);
        if (!IS_ERR(dst)) {
                skb_dst_set(buff, dst);
-                ip6_xmit(ctl_sk, buff, &fl6, NULL, tclass);
+                ip6_xmit(ctl_sk, buff, &fl6, fl6.flowi6_mark, NULL, tclass);
                TCP_INC_STATS(net, TCP_MIB_OUTSEGS);
                if (rst)
                        TCP_INC_STATS(net, TCP_MIB_OUTRSTS);
@@ -991,6 +991,16 @@ drop:
        return 0; /* don't send reset */
 }
+static void tcp_v6_restore_cb(struct sk_buff *skb)
+{
+        /* We need to move header back to the beginning if xfrm6_policy_check()
+         * and tcp_v6_fill_cb() are going to be called again.
+         * ip6_datagram_recv_specific_ctl() also expects IP6CB to be there.
+         */
+        memmove(IP6CB(skb), &TCP_SKB_CB(skb)->header.h6,
+                sizeof(struct inet6_skb_parm));
+}
 static struct sock *tcp_v6_syn_recv_sock(const struct sock *sk, struct sk_buff *skb,
                                         struct request_sock *req,
                                         struct dst_entry *dst,
@@ -1182,8 +1192,10 @@ static struct sock *tcp_v6_syn_recv_sock(const struct sock *sk, struct sk_buff *
                                                      sk_gfp_mask(sk, GFP_ATOMIC));
                        consume_skb(ireq->pktopts);
                        ireq->pktopts = NULL;
-                        if (newnp->pktoptions)
+                        if (newnp->pktoptions) {
+                                tcp_v6_restore_cb(newnp->pktoptions);
                                skb_set_owner_r(newnp->pktoptions, newsk);
+                        }
                }
        }
@@ -1198,16 +1210,6 @@ out:
        return NULL;
 }
-static void tcp_v6_restore_cb(struct sk_buff *skb)
-{
-        /* We need to move header back to the beginning if xfrm6_policy_check()
-         * and tcp_v6_fill_cb() are going to be called again.
-         * ip6_datagram_recv_specific_ctl() also expects IP6CB to be there.
-         */
-        memmove(IP6CB(skb), &TCP_SKB_CB(skb)->header.h6,
-                sizeof(struct inet6_skb_parm));
-}
 /* The socket must have it's spinlock held when we get
 * here, unless it is a TCP_LISTEN socket.
 *
diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
index 4d5c4eee4b3f..8990856f5101 100644
--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -441,7 +441,7 @@ try_again:
        return err;
 csum_copy_err:
-        if (!__sk_queue_drop_skb(sk, skb, flags)) {
+        if (!__sk_queue_drop_skb(sk, skb, flags, udp_skb_destructor)) {
                if (is_udp4) {
                        UDP_INC_STATS(sock_net(sk),
                                      UDP_MIB_CSUMERRORS, is_udplite);
author	Daniel Vetter <daniel.vetter@ffwll.ch>	2017-02-26 15:34:42 -0500
committer	Daniel Vetter <daniel.vetter@ffwll.ch>	2017-02-26 15:34:42 -0500
commit	8e22e1b3499a446df48c2b26667ca36c55bf864c (patch)
tree	5329f98b3eb3c95a9dcbab0fa4f9b6e62f0e788d /net/ipv6
parent	00d3c14f14d51babd8aeafd5fa734ccf04f5ca3d (diff)
parent	64a577196d66b44e37384bc5c4d78c61f59d5b2a (diff)