aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorIngo Molnar <mingo@kernel.org>2017-08-25 05:04:51 -0400
committerIngo Molnar <mingo@kernel.org>2017-08-25 05:04:51 -0400
commit10c9850cb2ced2ce528e5b692c639974213a64ec (patch)
treef8063beac0ba1dab069d25661845c5b7ef9a67c7 /net
parent0c2364791343e4b04cd1f097ff2abc2799062448 (diff)
parent90a6cd503982bfd33ce8c70eb49bd2dd33bc6325 (diff)
Merge branch 'linus' into locking/core, to pick up fixes
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Diffstat (limited to 'net')
-rw-r--r--net/core/datagram.c12
-rw-r--r--net/core/filter.c2
-rw-r--r--net/dccp/proto.c19
-rw-r--r--net/dsa/tag_ksz.c13
-rw-r--r--net/ipv4/fib_semantics.c12
-rw-r--r--net/ipv4/igmp.c10
-rw-r--r--net/ipv4/route.c16
-rw-r--r--net/ipv4/tcp_input.c3
-rw-r--r--net/ipv4/tcp_ipv4.c4
-rw-r--r--net/ipv4/tcp_ulp.c14
-rw-r--r--net/ipv4/udp.c3
-rw-r--r--net/ipv6/ip6_fib.c28
-rw-r--r--net/ipv6/route.c19
-rw-r--r--net/ipv6/tcp_ipv6.c4
-rw-r--r--net/ipv6/udp.c3
-rw-r--r--net/irda/af_irda.c2
-rw-r--r--net/key/af_key.c48
-rw-r--r--net/mac80211/agg-rx.c22
-rw-r--r--net/openvswitch/actions.c1
-rw-r--r--net/openvswitch/datapath.c7
-rw-r--r--net/openvswitch/datapath.h2
-rw-r--r--net/rxrpc/call_accept.c1
-rw-r--r--net/sched/act_ipt.c2
-rw-r--r--net/sched/cls_api.c2
-rw-r--r--net/sched/sch_api.c3
-rw-r--r--net/sched/sch_atm.c4
-rw-r--r--net/sched/sch_cbq.c4
-rw-r--r--net/sched/sch_hfsc.c12
-rw-r--r--net/sched/sch_htb.c4
-rw-r--r--net/sched/sch_sfq.c5
-rw-r--r--net/sctp/ipv6.c2
-rw-r--r--net/tipc/bearer.c2
-rw-r--r--net/tipc/msg.c1
-rw-r--r--net/tipc/netlink_compat.c6
-rw-r--r--net/unix/af_unix.c5
35 files changed, 192 insertions, 105 deletions
diff --git a/net/core/datagram.c b/net/core/datagram.c
index ee5647bd91b3..a21ca8dee5ea 100644
--- a/net/core/datagram.c
+++ b/net/core/datagram.c
@@ -169,14 +169,20 @@ struct sk_buff *__skb_try_recv_from_queue(struct sock *sk,
169 int *peeked, int *off, int *err, 169 int *peeked, int *off, int *err,
170 struct sk_buff **last) 170 struct sk_buff **last)
171{ 171{
172 bool peek_at_off = false;
172 struct sk_buff *skb; 173 struct sk_buff *skb;
173 int _off = *off; 174 int _off = 0;
175
176 if (unlikely(flags & MSG_PEEK && *off >= 0)) {
177 peek_at_off = true;
178 _off = *off;
179 }
174 180
175 *last = queue->prev; 181 *last = queue->prev;
176 skb_queue_walk(queue, skb) { 182 skb_queue_walk(queue, skb) {
177 if (flags & MSG_PEEK) { 183 if (flags & MSG_PEEK) {
178 if (_off >= skb->len && (skb->len || _off || 184 if (peek_at_off && _off >= skb->len &&
179 skb->peeked)) { 185 (_off || skb->peeked)) {
180 _off -= skb->len; 186 _off -= skb->len;
181 continue; 187 continue;
182 } 188 }
diff --git a/net/core/filter.c b/net/core/filter.c
index f44fc22fd45a..6280a602604c 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -3505,6 +3505,7 @@ static u32 bpf_convert_ctx_access(enum bpf_access_type type,
3505 bpf_target_off(struct sk_buff, tc_index, 2, 3505 bpf_target_off(struct sk_buff, tc_index, 2,
3506 target_size)); 3506 target_size));
3507#else 3507#else
3508 *target_size = 2;
3508 if (type == BPF_WRITE) 3509 if (type == BPF_WRITE)
3509 *insn++ = BPF_MOV64_REG(si->dst_reg, si->dst_reg); 3510 *insn++ = BPF_MOV64_REG(si->dst_reg, si->dst_reg);
3510 else 3511 else
@@ -3520,6 +3521,7 @@ static u32 bpf_convert_ctx_access(enum bpf_access_type type,
3520 *insn++ = BPF_JMP_IMM(BPF_JGE, si->dst_reg, MIN_NAPI_ID, 1); 3521 *insn++ = BPF_JMP_IMM(BPF_JGE, si->dst_reg, MIN_NAPI_ID, 1);
3521 *insn++ = BPF_MOV64_IMM(si->dst_reg, 0); 3522 *insn++ = BPF_MOV64_IMM(si->dst_reg, 0);
3522#else 3523#else
3524 *target_size = 4;
3523 *insn++ = BPF_MOV64_IMM(si->dst_reg, 0); 3525 *insn++ = BPF_MOV64_IMM(si->dst_reg, 0);
3524#endif 3526#endif
3525 break; 3527 break;
diff --git a/net/dccp/proto.c b/net/dccp/proto.c
index 9fe25bf63296..b68168fcc06a 100644
--- a/net/dccp/proto.c
+++ b/net/dccp/proto.c
@@ -24,6 +24,7 @@
24#include <net/checksum.h> 24#include <net/checksum.h>
25 25
26#include <net/inet_sock.h> 26#include <net/inet_sock.h>
27#include <net/inet_common.h>
27#include <net/sock.h> 28#include <net/sock.h>
28#include <net/xfrm.h> 29#include <net/xfrm.h>
29 30
@@ -170,6 +171,15 @@ const char *dccp_packet_name(const int type)
170 171
171EXPORT_SYMBOL_GPL(dccp_packet_name); 172EXPORT_SYMBOL_GPL(dccp_packet_name);
172 173
174static void dccp_sk_destruct(struct sock *sk)
175{
176 struct dccp_sock *dp = dccp_sk(sk);
177
178 ccid_hc_tx_delete(dp->dccps_hc_tx_ccid, sk);
179 dp->dccps_hc_tx_ccid = NULL;
180 inet_sock_destruct(sk);
181}
182
173int dccp_init_sock(struct sock *sk, const __u8 ctl_sock_initialized) 183int dccp_init_sock(struct sock *sk, const __u8 ctl_sock_initialized)
174{ 184{
175 struct dccp_sock *dp = dccp_sk(sk); 185 struct dccp_sock *dp = dccp_sk(sk);
@@ -179,6 +189,7 @@ int dccp_init_sock(struct sock *sk, const __u8 ctl_sock_initialized)
179 icsk->icsk_syn_retries = sysctl_dccp_request_retries; 189 icsk->icsk_syn_retries = sysctl_dccp_request_retries;
180 sk->sk_state = DCCP_CLOSED; 190 sk->sk_state = DCCP_CLOSED;
181 sk->sk_write_space = dccp_write_space; 191 sk->sk_write_space = dccp_write_space;
192 sk->sk_destruct = dccp_sk_destruct;
182 icsk->icsk_sync_mss = dccp_sync_mss; 193 icsk->icsk_sync_mss = dccp_sync_mss;
183 dp->dccps_mss_cache = 536; 194 dp->dccps_mss_cache = 536;
184 dp->dccps_rate_last = jiffies; 195 dp->dccps_rate_last = jiffies;
@@ -201,10 +212,7 @@ void dccp_destroy_sock(struct sock *sk)
201{ 212{
202 struct dccp_sock *dp = dccp_sk(sk); 213 struct dccp_sock *dp = dccp_sk(sk);
203 214
204 /* 215 __skb_queue_purge(&sk->sk_write_queue);
205 * DCCP doesn't use sk_write_queue, just sk_send_head
206 * for retransmissions
207 */
208 if (sk->sk_send_head != NULL) { 216 if (sk->sk_send_head != NULL) {
209 kfree_skb(sk->sk_send_head); 217 kfree_skb(sk->sk_send_head);
210 sk->sk_send_head = NULL; 218 sk->sk_send_head = NULL;
@@ -222,8 +230,7 @@ void dccp_destroy_sock(struct sock *sk)
222 dp->dccps_hc_rx_ackvec = NULL; 230 dp->dccps_hc_rx_ackvec = NULL;
223 } 231 }
224 ccid_hc_rx_delete(dp->dccps_hc_rx_ccid, sk); 232 ccid_hc_rx_delete(dp->dccps_hc_rx_ccid, sk);
225 ccid_hc_tx_delete(dp->dccps_hc_tx_ccid, sk); 233 dp->dccps_hc_rx_ccid = NULL;
226 dp->dccps_hc_rx_ccid = dp->dccps_hc_tx_ccid = NULL;
227 234
228 /* clean up feature negotiation state */ 235 /* clean up feature negotiation state */
229 dccp_feat_list_purge(&dp->dccps_featneg); 236 dccp_feat_list_purge(&dp->dccps_featneg);
diff --git a/net/dsa/tag_ksz.c b/net/dsa/tag_ksz.c
index fab41de8e983..de66ca8e6201 100644
--- a/net/dsa/tag_ksz.c
+++ b/net/dsa/tag_ksz.c
@@ -42,6 +42,9 @@ static struct sk_buff *ksz_xmit(struct sk_buff *skb, struct net_device *dev)
42 padlen = (skb->len >= ETH_ZLEN) ? 0 : ETH_ZLEN - skb->len; 42 padlen = (skb->len >= ETH_ZLEN) ? 0 : ETH_ZLEN - skb->len;
43 43
44 if (skb_tailroom(skb) >= padlen + KSZ_INGRESS_TAG_LEN) { 44 if (skb_tailroom(skb) >= padlen + KSZ_INGRESS_TAG_LEN) {
45 if (skb_put_padto(skb, skb->len + padlen))
46 return NULL;
47
45 nskb = skb; 48 nskb = skb;
46 } else { 49 } else {
47 nskb = alloc_skb(NET_IP_ALIGN + skb->len + 50 nskb = alloc_skb(NET_IP_ALIGN + skb->len +
@@ -56,13 +59,15 @@ static struct sk_buff *ksz_xmit(struct sk_buff *skb, struct net_device *dev)
56 skb_set_transport_header(nskb, 59 skb_set_transport_header(nskb,
57 skb_transport_header(skb) - skb->head); 60 skb_transport_header(skb) - skb->head);
58 skb_copy_and_csum_dev(skb, skb_put(nskb, skb->len)); 61 skb_copy_and_csum_dev(skb, skb_put(nskb, skb->len));
62
63 if (skb_put_padto(nskb, nskb->len + padlen)) {
64 kfree_skb(nskb);
65 return NULL;
66 }
67
59 kfree_skb(skb); 68 kfree_skb(skb);
60 } 69 }
61 70
62 /* skb is freed when it fails */
63 if (skb_put_padto(nskb, nskb->len + padlen))
64 return NULL;
65
66 tag = skb_put(nskb, KSZ_INGRESS_TAG_LEN); 71 tag = skb_put(nskb, KSZ_INGRESS_TAG_LEN);
67 tag[0] = 0; 72 tag[0] = 0;
68 tag[1] = 1 << p->dp->index; /* destination port */ 73 tag[1] = 1 << p->dp->index; /* destination port */
diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c
index b8d18171cca3..ec3a9ce281a6 100644
--- a/net/ipv4/fib_semantics.c
+++ b/net/ipv4/fib_semantics.c
@@ -1083,15 +1083,17 @@ struct fib_info *fib_create_info(struct fib_config *cfg,
1083 fi = kzalloc(sizeof(*fi)+nhs*sizeof(struct fib_nh), GFP_KERNEL); 1083 fi = kzalloc(sizeof(*fi)+nhs*sizeof(struct fib_nh), GFP_KERNEL);
1084 if (!fi) 1084 if (!fi)
1085 goto failure; 1085 goto failure;
1086 fib_info_cnt++;
1087 if (cfg->fc_mx) { 1086 if (cfg->fc_mx) {
1088 fi->fib_metrics = kzalloc(sizeof(*fi->fib_metrics), GFP_KERNEL); 1087 fi->fib_metrics = kzalloc(sizeof(*fi->fib_metrics), GFP_KERNEL);
1089 if (!fi->fib_metrics) 1088 if (unlikely(!fi->fib_metrics)) {
1090 goto failure; 1089 kfree(fi);
1090 return ERR_PTR(err);
1091 }
1091 atomic_set(&fi->fib_metrics->refcnt, 1); 1092 atomic_set(&fi->fib_metrics->refcnt, 1);
1092 } else 1093 } else {
1093 fi->fib_metrics = (struct dst_metrics *)&dst_default_metrics; 1094 fi->fib_metrics = (struct dst_metrics *)&dst_default_metrics;
1094 1095 }
1096 fib_info_cnt++;
1095 fi->fib_net = net; 1097 fi->fib_net = net;
1096 fi->fib_protocol = cfg->fc_protocol; 1098 fi->fib_protocol = cfg->fc_protocol;
1097 fi->fib_scope = cfg->fc_scope; 1099 fi->fib_scope = cfg->fc_scope;
diff --git a/net/ipv4/igmp.c b/net/ipv4/igmp.c
index 498706b072fb..caf2f1101d02 100644
--- a/net/ipv4/igmp.c
+++ b/net/ipv4/igmp.c
@@ -1007,10 +1007,18 @@ int igmp_rcv(struct sk_buff *skb)
1007{ 1007{
1008 /* This basically follows the spec line by line -- see RFC1112 */ 1008 /* This basically follows the spec line by line -- see RFC1112 */
1009 struct igmphdr *ih; 1009 struct igmphdr *ih;
1010 struct in_device *in_dev = __in_dev_get_rcu(skb->dev); 1010 struct net_device *dev = skb->dev;
1011 struct in_device *in_dev;
1011 int len = skb->len; 1012 int len = skb->len;
1012 bool dropped = true; 1013 bool dropped = true;
1013 1014
1015 if (netif_is_l3_master(dev)) {
1016 dev = dev_get_by_index_rcu(dev_net(dev), IPCB(skb)->iif);
1017 if (!dev)
1018 goto drop;
1019 }
1020
1021 in_dev = __in_dev_get_rcu(dev);
1014 if (!in_dev) 1022 if (!in_dev)
1015 goto drop; 1023 goto drop;
1016 1024
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index 0383e66f59bc..2331de20ca50 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -1267,7 +1267,7 @@ static unsigned int ipv4_mtu(const struct dst_entry *dst)
1267 if (mtu) 1267 if (mtu)
1268 return mtu; 1268 return mtu;
1269 1269
1270 mtu = dst->dev->mtu; 1270 mtu = READ_ONCE(dst->dev->mtu);
1271 1271
1272 if (unlikely(dst_metric_locked(dst, RTAX_MTU))) { 1272 if (unlikely(dst_metric_locked(dst, RTAX_MTU))) {
1273 if (rt->rt_uses_gateway && mtu > 576) 1273 if (rt->rt_uses_gateway && mtu > 576)
@@ -2750,26 +2750,34 @@ static int inet_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr *nlh,
2750 err = 0; 2750 err = 0;
2751 if (IS_ERR(rt)) 2751 if (IS_ERR(rt))
2752 err = PTR_ERR(rt); 2752 err = PTR_ERR(rt);
2753 else
2754 skb_dst_set(skb, &rt->dst);
2753 } 2755 }
2754 2756
2755 if (err) 2757 if (err)
2756 goto errout_free; 2758 goto errout_free;
2757 2759
2758 skb_dst_set(skb, &rt->dst);
2759 if (rtm->rtm_flags & RTM_F_NOTIFY) 2760 if (rtm->rtm_flags & RTM_F_NOTIFY)
2760 rt->rt_flags |= RTCF_NOTIFY; 2761 rt->rt_flags |= RTCF_NOTIFY;
2761 2762
2762 if (rtm->rtm_flags & RTM_F_LOOKUP_TABLE) 2763 if (rtm->rtm_flags & RTM_F_LOOKUP_TABLE)
2763 table_id = rt->rt_table_id; 2764 table_id = rt->rt_table_id;
2764 2765
2765 if (rtm->rtm_flags & RTM_F_FIB_MATCH) 2766 if (rtm->rtm_flags & RTM_F_FIB_MATCH) {
2767 if (!res.fi) {
2768 err = fib_props[res.type].error;
2769 if (!err)
2770 err = -EHOSTUNREACH;
2771 goto errout_free;
2772 }
2766 err = fib_dump_info(skb, NETLINK_CB(in_skb).portid, 2773 err = fib_dump_info(skb, NETLINK_CB(in_skb).portid,
2767 nlh->nlmsg_seq, RTM_NEWROUTE, table_id, 2774 nlh->nlmsg_seq, RTM_NEWROUTE, table_id,
2768 rt->rt_type, res.prefix, res.prefixlen, 2775 rt->rt_type, res.prefix, res.prefixlen,
2769 fl4.flowi4_tos, res.fi, 0); 2776 fl4.flowi4_tos, res.fi, 0);
2770 else 2777 } else {
2771 err = rt_fill_info(net, dst, src, table_id, &fl4, skb, 2778 err = rt_fill_info(net, dst, src, table_id, &fl4, skb,
2772 NETLINK_CB(in_skb).portid, nlh->nlmsg_seq); 2779 NETLINK_CB(in_skb).portid, nlh->nlmsg_seq);
2780 }
2773 if (err < 0) 2781 if (err < 0)
2774 goto errout_free; 2782 goto errout_free;
2775 2783
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index 53de1424c13c..bab7f0493098 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -3009,8 +3009,7 @@ void tcp_rearm_rto(struct sock *sk)
3009 /* delta_us may not be positive if the socket is locked 3009 /* delta_us may not be positive if the socket is locked
3010 * when the retrans timer fires and is rescheduled. 3010 * when the retrans timer fires and is rescheduled.
3011 */ 3011 */
3012 if (delta_us > 0) 3012 rto = usecs_to_jiffies(max_t(int, delta_us, 1));
3013 rto = usecs_to_jiffies(delta_us);
3014 } 3013 }
3015 inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS, rto, 3014 inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS, rto,
3016 TCP_RTO_MAX); 3015 TCP_RTO_MAX);
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index a20e7f03d5f7..e9252c7df809 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -1722,6 +1722,8 @@ process:
1722 */ 1722 */
1723 sock_hold(sk); 1723 sock_hold(sk);
1724 refcounted = true; 1724 refcounted = true;
1725 if (tcp_filter(sk, skb))
1726 goto discard_and_relse;
1725 nsk = tcp_check_req(sk, skb, req, false); 1727 nsk = tcp_check_req(sk, skb, req, false);
1726 if (!nsk) { 1728 if (!nsk) {
1727 reqsk_put(req); 1729 reqsk_put(req);
@@ -1729,8 +1731,6 @@ process:
1729 } 1731 }
1730 if (nsk == sk) { 1732 if (nsk == sk) {
1731 reqsk_put(req); 1733 reqsk_put(req);
1732 } else if (tcp_filter(sk, skb)) {
1733 goto discard_and_relse;
1734 } else if (tcp_child_process(sk, nsk, skb)) { 1734 } else if (tcp_child_process(sk, nsk, skb)) {
1735 tcp_v4_send_reset(nsk, skb); 1735 tcp_v4_send_reset(nsk, skb);
1736 goto discard_and_relse; 1736 goto discard_and_relse;
diff --git a/net/ipv4/tcp_ulp.c b/net/ipv4/tcp_ulp.c
index 2417f55374c5..6bb9e14c710a 100644
--- a/net/ipv4/tcp_ulp.c
+++ b/net/ipv4/tcp_ulp.c
@@ -122,14 +122,14 @@ int tcp_set_ulp(struct sock *sk, const char *name)
122 122
123 ulp_ops = __tcp_ulp_find_autoload(name); 123 ulp_ops = __tcp_ulp_find_autoload(name);
124 if (!ulp_ops) 124 if (!ulp_ops)
125 err = -ENOENT; 125 return -ENOENT;
126 else
127 err = ulp_ops->init(sk);
128 126
129 if (err) 127 err = ulp_ops->init(sk);
130 goto out; 128 if (err) {
129 module_put(ulp_ops->owner);
130 return err;
131 }
131 132
132 icsk->icsk_ulp_ops = ulp_ops; 133 icsk->icsk_ulp_ops = ulp_ops;
133 out: 134 return 0;
134 return err;
135} 135}
diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
index b34f09b20fef..ebe46ed997cb 100644
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -1574,7 +1574,8 @@ int udp_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, int noblock,
1574 return ip_recv_error(sk, msg, len, addr_len); 1574 return ip_recv_error(sk, msg, len, addr_len);
1575 1575
1576try_again: 1576try_again:
1577 peeking = off = sk_peek_offset(sk, flags); 1577 peeking = flags & MSG_PEEK;
1578 off = sk_peek_offset(sk, flags);
1578 skb = __skb_recv_udp(sk, flags, noblock, &peeked, &off, &err); 1579 skb = __skb_recv_udp(sk, flags, noblock, &peeked, &off, &err);
1579 if (!skb) 1580 if (!skb)
1580 return err; 1581 return err;
diff --git a/net/ipv6/ip6_fib.c b/net/ipv6/ip6_fib.c
index ebb299cf72b7..5cc0ea038198 100644
--- a/net/ipv6/ip6_fib.c
+++ b/net/ipv6/ip6_fib.c
@@ -914,6 +914,8 @@ add:
914 } 914 }
915 nsiblings = iter->rt6i_nsiblings; 915 nsiblings = iter->rt6i_nsiblings;
916 fib6_purge_rt(iter, fn, info->nl_net); 916 fib6_purge_rt(iter, fn, info->nl_net);
917 if (fn->rr_ptr == iter)
918 fn->rr_ptr = NULL;
917 rt6_release(iter); 919 rt6_release(iter);
918 920
919 if (nsiblings) { 921 if (nsiblings) {
@@ -926,6 +928,8 @@ add:
926 if (rt6_qualify_for_ecmp(iter)) { 928 if (rt6_qualify_for_ecmp(iter)) {
927 *ins = iter->dst.rt6_next; 929 *ins = iter->dst.rt6_next;
928 fib6_purge_rt(iter, fn, info->nl_net); 930 fib6_purge_rt(iter, fn, info->nl_net);
931 if (fn->rr_ptr == iter)
932 fn->rr_ptr = NULL;
929 rt6_release(iter); 933 rt6_release(iter);
930 nsiblings--; 934 nsiblings--;
931 } else { 935 } else {
@@ -1014,7 +1018,7 @@ int fib6_add(struct fib6_node *root, struct rt6_info *rt,
1014 /* Create subtree root node */ 1018 /* Create subtree root node */
1015 sfn = node_alloc(); 1019 sfn = node_alloc();
1016 if (!sfn) 1020 if (!sfn)
1017 goto st_failure; 1021 goto failure;
1018 1022
1019 sfn->leaf = info->nl_net->ipv6.ip6_null_entry; 1023 sfn->leaf = info->nl_net->ipv6.ip6_null_entry;
1020 atomic_inc(&info->nl_net->ipv6.ip6_null_entry->rt6i_ref); 1024 atomic_inc(&info->nl_net->ipv6.ip6_null_entry->rt6i_ref);
@@ -1031,12 +1035,12 @@ int fib6_add(struct fib6_node *root, struct rt6_info *rt,
1031 1035
1032 if (IS_ERR(sn)) { 1036 if (IS_ERR(sn)) {
1033 /* If it is failed, discard just allocated 1037 /* If it is failed, discard just allocated
1034 root, and then (in st_failure) stale node 1038 root, and then (in failure) stale node
1035 in main tree. 1039 in main tree.
1036 */ 1040 */
1037 node_free(sfn); 1041 node_free(sfn);
1038 err = PTR_ERR(sn); 1042 err = PTR_ERR(sn);
1039 goto st_failure; 1043 goto failure;
1040 } 1044 }
1041 1045
1042 /* Now link new subtree to main tree */ 1046 /* Now link new subtree to main tree */
@@ -1051,7 +1055,7 @@ int fib6_add(struct fib6_node *root, struct rt6_info *rt,
1051 1055
1052 if (IS_ERR(sn)) { 1056 if (IS_ERR(sn)) {
1053 err = PTR_ERR(sn); 1057 err = PTR_ERR(sn);
1054 goto st_failure; 1058 goto failure;
1055 } 1059 }
1056 } 1060 }
1057 1061
@@ -1092,18 +1096,17 @@ out:
1092 atomic_inc(&pn->leaf->rt6i_ref); 1096 atomic_inc(&pn->leaf->rt6i_ref);
1093 } 1097 }
1094#endif 1098#endif
1095 /* Always release dst as dst->__refcnt is guaranteed 1099 goto failure;
1096 * to be taken before entering this function
1097 */
1098 dst_release_immediate(&rt->dst);
1099 } 1100 }
1100 return err; 1101 return err;
1101 1102
1102#ifdef CONFIG_IPV6_SUBTREES 1103failure:
1103 /* Subtree creation failed, probably main tree node 1104 /* fn->leaf could be NULL if fn is an intermediate node and we
1104 is orphan. If it is, shoot it. 1105 * failed to add the new route to it in both subtree creation
1106 * failure and fib6_add_rt2node() failure case.
1107 * In both cases, fib6_repair_tree() should be called to fix
1108 * fn->leaf.
1105 */ 1109 */
1106st_failure:
1107 if (fn && !(fn->fn_flags & (RTN_RTINFO|RTN_ROOT))) 1110 if (fn && !(fn->fn_flags & (RTN_RTINFO|RTN_ROOT)))
1108 fib6_repair_tree(info->nl_net, fn); 1111 fib6_repair_tree(info->nl_net, fn);
1109 /* Always release dst as dst->__refcnt is guaranteed 1112 /* Always release dst as dst->__refcnt is guaranteed
@@ -1111,7 +1114,6 @@ st_failure:
1111 */ 1114 */
1112 dst_release_immediate(&rt->dst); 1115 dst_release_immediate(&rt->dst);
1113 return err; 1116 return err;
1114#endif
1115} 1117}
1116 1118
1117/* 1119/*
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index a640fbcba15d..94d6a13d47f0 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -417,14 +417,11 @@ static void ip6_dst_ifdown(struct dst_entry *dst, struct net_device *dev,
417 struct net_device *loopback_dev = 417 struct net_device *loopback_dev =
418 dev_net(dev)->loopback_dev; 418 dev_net(dev)->loopback_dev;
419 419
420 if (dev != loopback_dev) { 420 if (idev && idev->dev != loopback_dev) {
421 if (idev && idev->dev == dev) { 421 struct inet6_dev *loopback_idev = in6_dev_get(loopback_dev);
422 struct inet6_dev *loopback_idev = 422 if (loopback_idev) {
423 in6_dev_get(loopback_dev); 423 rt->rt6i_idev = loopback_idev;
424 if (loopback_idev) { 424 in6_dev_put(idev);
425 rt->rt6i_idev = loopback_idev;
426 in6_dev_put(idev);
427 }
428 } 425 }
429 } 426 }
430} 427}
@@ -3724,10 +3721,10 @@ static int ip6_route_dev_notify(struct notifier_block *this,
3724 /* NETDEV_UNREGISTER could be fired for multiple times by 3721 /* NETDEV_UNREGISTER could be fired for multiple times by
3725 * netdev_wait_allrefs(). Make sure we only call this once. 3722 * netdev_wait_allrefs(). Make sure we only call this once.
3726 */ 3723 */
3727 in6_dev_put(net->ipv6.ip6_null_entry->rt6i_idev); 3724 in6_dev_put_clear(&net->ipv6.ip6_null_entry->rt6i_idev);
3728#ifdef CONFIG_IPV6_MULTIPLE_TABLES 3725#ifdef CONFIG_IPV6_MULTIPLE_TABLES
3729 in6_dev_put(net->ipv6.ip6_prohibit_entry->rt6i_idev); 3726 in6_dev_put_clear(&net->ipv6.ip6_prohibit_entry->rt6i_idev);
3730 in6_dev_put(net->ipv6.ip6_blk_hole_entry->rt6i_idev); 3727 in6_dev_put_clear(&net->ipv6.ip6_blk_hole_entry->rt6i_idev);
3731#endif 3728#endif
3732 } 3729 }
3733 3730
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index 2521690d62d6..206210125fd7 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -1456,6 +1456,8 @@ process:
1456 } 1456 }
1457 sock_hold(sk); 1457 sock_hold(sk);
1458 refcounted = true; 1458 refcounted = true;
1459 if (tcp_filter(sk, skb))
1460 goto discard_and_relse;
1459 nsk = tcp_check_req(sk, skb, req, false); 1461 nsk = tcp_check_req(sk, skb, req, false);
1460 if (!nsk) { 1462 if (!nsk) {
1461 reqsk_put(req); 1463 reqsk_put(req);
@@ -1464,8 +1466,6 @@ process:
1464 if (nsk == sk) { 1466 if (nsk == sk) {
1465 reqsk_put(req); 1467 reqsk_put(req);
1466 tcp_v6_restore_cb(skb); 1468 tcp_v6_restore_cb(skb);
1467 } else if (tcp_filter(sk, skb)) {
1468 goto discard_and_relse;
1469 } else if (tcp_child_process(sk, nsk, skb)) { 1469 } else if (tcp_child_process(sk, nsk, skb)) {
1470 tcp_v6_send_reset(nsk, skb); 1470 tcp_v6_send_reset(nsk, skb);
1471 goto discard_and_relse; 1471 goto discard_and_relse;
diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
index 96d240798c38..8cd9b628cdc7 100644
--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -362,7 +362,8 @@ int udpv6_recvmsg(struct sock *sk, struct msghdr *msg, size_t len,
362 return ipv6_recv_rxpmtu(sk, msg, len, addr_len); 362 return ipv6_recv_rxpmtu(sk, msg, len, addr_len);
363 363
364try_again: 364try_again:
365 peeking = off = sk_peek_offset(sk, flags); 365 peeking = flags & MSG_PEEK;
366 off = sk_peek_offset(sk, flags);
366 skb = __skb_recv_udp(sk, flags, noblock, &peeked, &off, &err); 367 skb = __skb_recv_udp(sk, flags, noblock, &peeked, &off, &err);
367 if (!skb) 368 if (!skb)
368 return err; 369 return err;
diff --git a/net/irda/af_irda.c b/net/irda/af_irda.c
index 2e6990f8b80b..23fa7c8b09a5 100644
--- a/net/irda/af_irda.c
+++ b/net/irda/af_irda.c
@@ -2213,7 +2213,7 @@ static int irda_getsockopt(struct socket *sock, int level, int optname,
2213{ 2213{
2214 struct sock *sk = sock->sk; 2214 struct sock *sk = sock->sk;
2215 struct irda_sock *self = irda_sk(sk); 2215 struct irda_sock *self = irda_sk(sk);
2216 struct irda_device_list list; 2216 struct irda_device_list list = { 0 };
2217 struct irda_device_info *discoveries; 2217 struct irda_device_info *discoveries;
2218 struct irda_ias_set * ias_opt; /* IAS get/query params */ 2218 struct irda_ias_set * ias_opt; /* IAS get/query params */
2219 struct ias_object * ias_obj; /* Object in IAS */ 2219 struct ias_object * ias_obj; /* Object in IAS */
diff --git a/net/key/af_key.c b/net/key/af_key.c
index ca9d3ae665e7..98f4d8211b9a 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -228,7 +228,7 @@ static int pfkey_broadcast_one(struct sk_buff *skb, struct sk_buff **skb2,
228#define BROADCAST_ONE 1 228#define BROADCAST_ONE 1
229#define BROADCAST_REGISTERED 2 229#define BROADCAST_REGISTERED 2
230#define BROADCAST_PROMISC_ONLY 4 230#define BROADCAST_PROMISC_ONLY 4
231static int pfkey_broadcast(struct sk_buff *skb, 231static int pfkey_broadcast(struct sk_buff *skb, gfp_t allocation,
232 int broadcast_flags, struct sock *one_sk, 232 int broadcast_flags, struct sock *one_sk,
233 struct net *net) 233 struct net *net)
234{ 234{
@@ -278,7 +278,7 @@ static int pfkey_broadcast(struct sk_buff *skb,
278 rcu_read_unlock(); 278 rcu_read_unlock();
279 279
280 if (one_sk != NULL) 280 if (one_sk != NULL)
281 err = pfkey_broadcast_one(skb, &skb2, GFP_KERNEL, one_sk); 281 err = pfkey_broadcast_one(skb, &skb2, allocation, one_sk);
282 282
283 kfree_skb(skb2); 283 kfree_skb(skb2);
284 kfree_skb(skb); 284 kfree_skb(skb);
@@ -311,7 +311,7 @@ static int pfkey_do_dump(struct pfkey_sock *pfk)
311 hdr = (struct sadb_msg *) pfk->dump.skb->data; 311 hdr = (struct sadb_msg *) pfk->dump.skb->data;
312 hdr->sadb_msg_seq = 0; 312 hdr->sadb_msg_seq = 0;
313 hdr->sadb_msg_errno = rc; 313 hdr->sadb_msg_errno = rc;
314 pfkey_broadcast(pfk->dump.skb, BROADCAST_ONE, 314 pfkey_broadcast(pfk->dump.skb, GFP_ATOMIC, BROADCAST_ONE,
315 &pfk->sk, sock_net(&pfk->sk)); 315 &pfk->sk, sock_net(&pfk->sk));
316 pfk->dump.skb = NULL; 316 pfk->dump.skb = NULL;
317 } 317 }
@@ -355,7 +355,7 @@ static int pfkey_error(const struct sadb_msg *orig, int err, struct sock *sk)
355 hdr->sadb_msg_len = (sizeof(struct sadb_msg) / 355 hdr->sadb_msg_len = (sizeof(struct sadb_msg) /
356 sizeof(uint64_t)); 356 sizeof(uint64_t));
357 357
358 pfkey_broadcast(skb, BROADCAST_ONE, sk, sock_net(sk)); 358 pfkey_broadcast(skb, GFP_KERNEL, BROADCAST_ONE, sk, sock_net(sk));
359 359
360 return 0; 360 return 0;
361} 361}
@@ -1389,7 +1389,7 @@ static int pfkey_getspi(struct sock *sk, struct sk_buff *skb, const struct sadb_
1389 1389
1390 xfrm_state_put(x); 1390 xfrm_state_put(x);
1391 1391
1392 pfkey_broadcast(resp_skb, BROADCAST_ONE, sk, net); 1392 pfkey_broadcast(resp_skb, GFP_KERNEL, BROADCAST_ONE, sk, net);
1393 1393
1394 return 0; 1394 return 0;
1395} 1395}
@@ -1476,7 +1476,7 @@ static int key_notify_sa(struct xfrm_state *x, const struct km_event *c)
1476 hdr->sadb_msg_seq = c->seq; 1476 hdr->sadb_msg_seq = c->seq;
1477 hdr->sadb_msg_pid = c->portid; 1477 hdr->sadb_msg_pid = c->portid;
1478 1478
1479 pfkey_broadcast(skb, BROADCAST_ALL, NULL, xs_net(x)); 1479 pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ALL, NULL, xs_net(x));
1480 1480
1481 return 0; 1481 return 0;
1482} 1482}
@@ -1589,7 +1589,7 @@ static int pfkey_get(struct sock *sk, struct sk_buff *skb, const struct sadb_msg
1589 out_hdr->sadb_msg_reserved = 0; 1589 out_hdr->sadb_msg_reserved = 0;
1590 out_hdr->sadb_msg_seq = hdr->sadb_msg_seq; 1590 out_hdr->sadb_msg_seq = hdr->sadb_msg_seq;
1591 out_hdr->sadb_msg_pid = hdr->sadb_msg_pid; 1591 out_hdr->sadb_msg_pid = hdr->sadb_msg_pid;
1592 pfkey_broadcast(out_skb, BROADCAST_ONE, sk, sock_net(sk)); 1592 pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_ONE, sk, sock_net(sk));
1593 1593
1594 return 0; 1594 return 0;
1595} 1595}
@@ -1694,8 +1694,8 @@ static int pfkey_register(struct sock *sk, struct sk_buff *skb, const struct sad
1694 return -ENOBUFS; 1694 return -ENOBUFS;
1695 } 1695 }
1696 1696
1697 pfkey_broadcast(supp_skb, BROADCAST_REGISTERED, sk, sock_net(sk)); 1697 pfkey_broadcast(supp_skb, GFP_KERNEL, BROADCAST_REGISTERED, sk,
1698 1698 sock_net(sk));
1699 return 0; 1699 return 0;
1700} 1700}
1701 1701
@@ -1712,7 +1712,8 @@ static int unicast_flush_resp(struct sock *sk, const struct sadb_msg *ihdr)
1712 hdr->sadb_msg_errno = (uint8_t) 0; 1712 hdr->sadb_msg_errno = (uint8_t) 0;
1713 hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t)); 1713 hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t));
1714 1714
1715 return pfkey_broadcast(skb, BROADCAST_ONE, sk, sock_net(sk)); 1715 return pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ONE, sk,
1716 sock_net(sk));
1716} 1717}
1717 1718
1718static int key_notify_sa_flush(const struct km_event *c) 1719static int key_notify_sa_flush(const struct km_event *c)
@@ -1733,7 +1734,7 @@ static int key_notify_sa_flush(const struct km_event *c)
1733 hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t)); 1734 hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t));
1734 hdr->sadb_msg_reserved = 0; 1735 hdr->sadb_msg_reserved = 0;
1735 1736
1736 pfkey_broadcast(skb, BROADCAST_ALL, NULL, c->net); 1737 pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ALL, NULL, c->net);
1737 1738
1738 return 0; 1739 return 0;
1739} 1740}
@@ -1790,7 +1791,7 @@ static int dump_sa(struct xfrm_state *x, int count, void *ptr)
1790 out_hdr->sadb_msg_pid = pfk->dump.msg_portid; 1791 out_hdr->sadb_msg_pid = pfk->dump.msg_portid;
1791 1792
1792 if (pfk->dump.skb) 1793 if (pfk->dump.skb)
1793 pfkey_broadcast(pfk->dump.skb, BROADCAST_ONE, 1794 pfkey_broadcast(pfk->dump.skb, GFP_ATOMIC, BROADCAST_ONE,
1794 &pfk->sk, sock_net(&pfk->sk)); 1795 &pfk->sk, sock_net(&pfk->sk));
1795 pfk->dump.skb = out_skb; 1796 pfk->dump.skb = out_skb;
1796 1797
@@ -1878,7 +1879,7 @@ static int pfkey_promisc(struct sock *sk, struct sk_buff *skb, const struct sadb
1878 new_hdr->sadb_msg_errno = 0; 1879 new_hdr->sadb_msg_errno = 0;
1879 } 1880 }
1880 1881
1881 pfkey_broadcast(skb, BROADCAST_ALL, NULL, sock_net(sk)); 1882 pfkey_broadcast(skb, GFP_KERNEL, BROADCAST_ALL, NULL, sock_net(sk));
1882 return 0; 1883 return 0;
1883} 1884}
1884 1885
@@ -2206,7 +2207,7 @@ static int key_notify_policy(struct xfrm_policy *xp, int dir, const struct km_ev
2206 out_hdr->sadb_msg_errno = 0; 2207 out_hdr->sadb_msg_errno = 0;
2207 out_hdr->sadb_msg_seq = c->seq; 2208 out_hdr->sadb_msg_seq = c->seq;
2208 out_hdr->sadb_msg_pid = c->portid; 2209 out_hdr->sadb_msg_pid = c->portid;
2209 pfkey_broadcast(out_skb, BROADCAST_ALL, NULL, xp_net(xp)); 2210 pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_ALL, NULL, xp_net(xp));
2210 return 0; 2211 return 0;
2211 2212
2212} 2213}
@@ -2426,7 +2427,7 @@ static int key_pol_get_resp(struct sock *sk, struct xfrm_policy *xp, const struc
2426 out_hdr->sadb_msg_errno = 0; 2427 out_hdr->sadb_msg_errno = 0;
2427 out_hdr->sadb_msg_seq = hdr->sadb_msg_seq; 2428 out_hdr->sadb_msg_seq = hdr->sadb_msg_seq;
2428 out_hdr->sadb_msg_pid = hdr->sadb_msg_pid; 2429 out_hdr->sadb_msg_pid = hdr->sadb_msg_pid;
2429 pfkey_broadcast(out_skb, BROADCAST_ONE, sk, xp_net(xp)); 2430 pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_ONE, sk, xp_net(xp));
2430 err = 0; 2431 err = 0;
2431 2432
2432out: 2433out:
@@ -2682,7 +2683,7 @@ static int dump_sp(struct xfrm_policy *xp, int dir, int count, void *ptr)
2682 out_hdr->sadb_msg_pid = pfk->dump.msg_portid; 2683 out_hdr->sadb_msg_pid = pfk->dump.msg_portid;
2683 2684
2684 if (pfk->dump.skb) 2685 if (pfk->dump.skb)
2685 pfkey_broadcast(pfk->dump.skb, BROADCAST_ONE, 2686 pfkey_broadcast(pfk->dump.skb, GFP_ATOMIC, BROADCAST_ONE,
2686 &pfk->sk, sock_net(&pfk->sk)); 2687 &pfk->sk, sock_net(&pfk->sk));
2687 pfk->dump.skb = out_skb; 2688 pfk->dump.skb = out_skb;
2688 2689
@@ -2739,7 +2740,7 @@ static int key_notify_policy_flush(const struct km_event *c)
2739 hdr->sadb_msg_satype = SADB_SATYPE_UNSPEC; 2740 hdr->sadb_msg_satype = SADB_SATYPE_UNSPEC;
2740 hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t)); 2741 hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t));
2741 hdr->sadb_msg_reserved = 0; 2742 hdr->sadb_msg_reserved = 0;
2742 pfkey_broadcast(skb_out, BROADCAST_ALL, NULL, c->net); 2743 pfkey_broadcast(skb_out, GFP_ATOMIC, BROADCAST_ALL, NULL, c->net);
2743 return 0; 2744 return 0;
2744 2745
2745} 2746}
@@ -2803,7 +2804,7 @@ static int pfkey_process(struct sock *sk, struct sk_buff *skb, const struct sadb
2803 void *ext_hdrs[SADB_EXT_MAX]; 2804 void *ext_hdrs[SADB_EXT_MAX];
2804 int err; 2805 int err;
2805 2806
2806 pfkey_broadcast(skb_clone(skb, GFP_KERNEL), 2807 pfkey_broadcast(skb_clone(skb, GFP_KERNEL), GFP_KERNEL,
2807 BROADCAST_PROMISC_ONLY, NULL, sock_net(sk)); 2808 BROADCAST_PROMISC_ONLY, NULL, sock_net(sk));
2808 2809
2809 memset(ext_hdrs, 0, sizeof(ext_hdrs)); 2810 memset(ext_hdrs, 0, sizeof(ext_hdrs));
@@ -3024,7 +3025,8 @@ static int key_notify_sa_expire(struct xfrm_state *x, const struct km_event *c)
3024 out_hdr->sadb_msg_seq = 0; 3025 out_hdr->sadb_msg_seq = 0;
3025 out_hdr->sadb_msg_pid = 0; 3026 out_hdr->sadb_msg_pid = 0;
3026 3027
3027 pfkey_broadcast(out_skb, BROADCAST_REGISTERED, NULL, xs_net(x)); 3028 pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_REGISTERED, NULL,
3029 xs_net(x));
3028 return 0; 3030 return 0;
3029} 3031}
3030 3032
@@ -3212,7 +3214,8 @@ static int pfkey_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *t, struct
3212 xfrm_ctx->ctx_len); 3214 xfrm_ctx->ctx_len);
3213 } 3215 }
3214 3216
3215 return pfkey_broadcast(skb, BROADCAST_REGISTERED, NULL, xs_net(x)); 3217 return pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_REGISTERED, NULL,
3218 xs_net(x));
3216} 3219}
3217 3220
3218static struct xfrm_policy *pfkey_compile_policy(struct sock *sk, int opt, 3221static struct xfrm_policy *pfkey_compile_policy(struct sock *sk, int opt,
@@ -3408,7 +3411,8 @@ static int pfkey_send_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr,
3408 n_port->sadb_x_nat_t_port_port = sport; 3411 n_port->sadb_x_nat_t_port_port = sport;
3409 n_port->sadb_x_nat_t_port_reserved = 0; 3412 n_port->sadb_x_nat_t_port_reserved = 0;
3410 3413
3411 return pfkey_broadcast(skb, BROADCAST_REGISTERED, NULL, xs_net(x)); 3414 return pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_REGISTERED, NULL,
3415 xs_net(x));
3412} 3416}
3413 3417
3414#ifdef CONFIG_NET_KEY_MIGRATE 3418#ifdef CONFIG_NET_KEY_MIGRATE
@@ -3599,7 +3603,7 @@ static int pfkey_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
3599 } 3603 }
3600 3604
3601 /* broadcast migrate message to sockets */ 3605 /* broadcast migrate message to sockets */
3602 pfkey_broadcast(skb, BROADCAST_ALL, NULL, &init_net); 3606 pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ALL, NULL, &init_net);
3603 3607
3604 return 0; 3608 return 0;
3605 3609
diff --git a/net/mac80211/agg-rx.c b/net/mac80211/agg-rx.c
index 8708cbe8af5b..2b36eff5d97e 100644
--- a/net/mac80211/agg-rx.c
+++ b/net/mac80211/agg-rx.c
@@ -7,7 +7,7 @@
7 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 7 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
8 * Copyright 2007, Michael Wu <flamingice@sourmilk.net> 8 * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
9 * Copyright 2007-2010, Intel Corporation 9 * Copyright 2007-2010, Intel Corporation
10 * Copyright(c) 2015 Intel Deutschland GmbH 10 * Copyright(c) 2015-2017 Intel Deutschland GmbH
11 * 11 *
12 * This program is free software; you can redistribute it and/or modify 12 * This program is free software; you can redistribute it and/or modify
13 * it under the terms of the GNU General Public License version 2 as 13 * it under the terms of the GNU General Public License version 2 as
@@ -466,3 +466,23 @@ void ieee80211_manage_rx_ba_offl(struct ieee80211_vif *vif,
466 rcu_read_unlock(); 466 rcu_read_unlock();
467} 467}
468EXPORT_SYMBOL(ieee80211_manage_rx_ba_offl); 468EXPORT_SYMBOL(ieee80211_manage_rx_ba_offl);
469
470void ieee80211_rx_ba_timer_expired(struct ieee80211_vif *vif,
471 const u8 *addr, unsigned int tid)
472{
473 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
474 struct ieee80211_local *local = sdata->local;
475 struct sta_info *sta;
476
477 rcu_read_lock();
478 sta = sta_info_get_bss(sdata, addr);
479 if (!sta)
480 goto unlock;
481
482 set_bit(tid, sta->ampdu_mlme.tid_rx_timer_expired);
483 ieee80211_queue_work(&local->hw, &sta->ampdu_mlme.work);
484
485 unlock:
486 rcu_read_unlock();
487}
488EXPORT_SYMBOL(ieee80211_rx_ba_timer_expired);
diff --git a/net/openvswitch/actions.c b/net/openvswitch/actions.c
index e4610676299b..a54a556fcdb5 100644
--- a/net/openvswitch/actions.c
+++ b/net/openvswitch/actions.c
@@ -1337,6 +1337,7 @@ int ovs_execute_actions(struct datapath *dp, struct sk_buff *skb,
1337 goto out; 1337 goto out;
1338 } 1338 }
1339 1339
1340 OVS_CB(skb)->acts_origlen = acts->orig_len;
1340 err = do_execute_actions(dp, skb, key, 1341 err = do_execute_actions(dp, skb, key,
1341 acts->actions, acts->actions_len); 1342 acts->actions, acts->actions_len);
1342 1343
diff --git a/net/openvswitch/datapath.c b/net/openvswitch/datapath.c
index 45fe8c8a884d..6b44fe405282 100644
--- a/net/openvswitch/datapath.c
+++ b/net/openvswitch/datapath.c
@@ -381,7 +381,7 @@ static int queue_gso_packets(struct datapath *dp, struct sk_buff *skb,
381} 381}
382 382
383static size_t upcall_msg_size(const struct dp_upcall_info *upcall_info, 383static size_t upcall_msg_size(const struct dp_upcall_info *upcall_info,
384 unsigned int hdrlen) 384 unsigned int hdrlen, int actions_attrlen)
385{ 385{
386 size_t size = NLMSG_ALIGN(sizeof(struct ovs_header)) 386 size_t size = NLMSG_ALIGN(sizeof(struct ovs_header))
387 + nla_total_size(hdrlen) /* OVS_PACKET_ATTR_PACKET */ 387 + nla_total_size(hdrlen) /* OVS_PACKET_ATTR_PACKET */
@@ -398,7 +398,7 @@ static size_t upcall_msg_size(const struct dp_upcall_info *upcall_info,
398 398
399 /* OVS_PACKET_ATTR_ACTIONS */ 399 /* OVS_PACKET_ATTR_ACTIONS */
400 if (upcall_info->actions_len) 400 if (upcall_info->actions_len)
401 size += nla_total_size(upcall_info->actions_len); 401 size += nla_total_size(actions_attrlen);
402 402
403 /* OVS_PACKET_ATTR_MRU */ 403 /* OVS_PACKET_ATTR_MRU */
404 if (upcall_info->mru) 404 if (upcall_info->mru)
@@ -465,7 +465,8 @@ static int queue_userspace_packet(struct datapath *dp, struct sk_buff *skb,
465 else 465 else
466 hlen = skb->len; 466 hlen = skb->len;
467 467
468 len = upcall_msg_size(upcall_info, hlen - cutlen); 468 len = upcall_msg_size(upcall_info, hlen - cutlen,
469 OVS_CB(skb)->acts_origlen);
469 user_skb = genlmsg_new(len, GFP_ATOMIC); 470 user_skb = genlmsg_new(len, GFP_ATOMIC);
470 if (!user_skb) { 471 if (!user_skb) {
471 err = -ENOMEM; 472 err = -ENOMEM;
diff --git a/net/openvswitch/datapath.h b/net/openvswitch/datapath.h
index 5d8dcd88815f..480600649d0b 100644
--- a/net/openvswitch/datapath.h
+++ b/net/openvswitch/datapath.h
@@ -99,11 +99,13 @@ struct datapath {
99 * when a packet is received by OVS. 99 * when a packet is received by OVS.
100 * @mru: The maximum received fragement size; 0 if the packet is not 100 * @mru: The maximum received fragement size; 0 if the packet is not
101 * fragmented. 101 * fragmented.
102 * @acts_origlen: The netlink size of the flow actions applied to this skb.
102 * @cutlen: The number of bytes from the packet end to be removed. 103 * @cutlen: The number of bytes from the packet end to be removed.
103 */ 104 */
104struct ovs_skb_cb { 105struct ovs_skb_cb {
105 struct vport *input_vport; 106 struct vport *input_vport;
106 u16 mru; 107 u16 mru;
108 u16 acts_origlen;
107 u32 cutlen; 109 u32 cutlen;
108}; 110};
109#define OVS_CB(skb) ((struct ovs_skb_cb *)(skb)->cb) 111#define OVS_CB(skb) ((struct ovs_skb_cb *)(skb)->cb)
diff --git a/net/rxrpc/call_accept.c b/net/rxrpc/call_accept.c
index dd30d74824b0..ec3383f97d4c 100644
--- a/net/rxrpc/call_accept.c
+++ b/net/rxrpc/call_accept.c
@@ -223,6 +223,7 @@ void rxrpc_discard_prealloc(struct rxrpc_sock *rx)
223 tail = b->call_backlog_tail; 223 tail = b->call_backlog_tail;
224 while (CIRC_CNT(head, tail, size) > 0) { 224 while (CIRC_CNT(head, tail, size) > 0) {
225 struct rxrpc_call *call = b->call_backlog[tail]; 225 struct rxrpc_call *call = b->call_backlog[tail];
226 call->socket = rx;
226 if (rx->discard_new_call) { 227 if (rx->discard_new_call) {
227 _debug("discard %lx", call->user_call_ID); 228 _debug("discard %lx", call->user_call_ID);
228 rx->discard_new_call(call, call->user_call_ID); 229 rx->discard_new_call(call, call->user_call_ID);
diff --git a/net/sched/act_ipt.c b/net/sched/act_ipt.c
index d516ba8178b8..541707802a23 100644
--- a/net/sched/act_ipt.c
+++ b/net/sched/act_ipt.c
@@ -41,6 +41,7 @@ static int ipt_init_target(struct net *net, struct xt_entry_target *t,
41{ 41{
42 struct xt_tgchk_param par; 42 struct xt_tgchk_param par;
43 struct xt_target *target; 43 struct xt_target *target;
44 struct ipt_entry e = {};
44 int ret = 0; 45 int ret = 0;
45 46
46 target = xt_request_find_target(AF_INET, t->u.user.name, 47 target = xt_request_find_target(AF_INET, t->u.user.name,
@@ -52,6 +53,7 @@ static int ipt_init_target(struct net *net, struct xt_entry_target *t,
52 memset(&par, 0, sizeof(par)); 53 memset(&par, 0, sizeof(par));
53 par.net = net; 54 par.net = net;
54 par.table = table; 55 par.table = table;
56 par.entryinfo = &e;
55 par.target = target; 57 par.target = target;
56 par.targinfo = t->data; 58 par.targinfo = t->data;
57 par.hook_mask = hook; 59 par.hook_mask = hook;
diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c
index 39da0c5801c9..9fd44c221347 100644
--- a/net/sched/cls_api.c
+++ b/net/sched/cls_api.c
@@ -205,7 +205,7 @@ static void tcf_chain_flush(struct tcf_chain *chain)
205{ 205{
206 struct tcf_proto *tp; 206 struct tcf_proto *tp;
207 207
208 if (*chain->p_filter_chain) 208 if (chain->p_filter_chain)
209 RCU_INIT_POINTER(*chain->p_filter_chain, NULL); 209 RCU_INIT_POINTER(*chain->p_filter_chain, NULL);
210 while ((tp = rtnl_dereference(chain->filter_chain)) != NULL) { 210 while ((tp = rtnl_dereference(chain->filter_chain)) != NULL) {
211 RCU_INIT_POINTER(chain->filter_chain, tp->next); 211 RCU_INIT_POINTER(chain->filter_chain, tp->next);
diff --git a/net/sched/sch_api.c b/net/sched/sch_api.c
index bd24a550e0f9..a3fa144b8648 100644
--- a/net/sched/sch_api.c
+++ b/net/sched/sch_api.c
@@ -286,9 +286,6 @@ static struct Qdisc *qdisc_match_from_root(struct Qdisc *root, u32 handle)
286void qdisc_hash_add(struct Qdisc *q, bool invisible) 286void qdisc_hash_add(struct Qdisc *q, bool invisible)
287{ 287{
288 if ((q->parent != TC_H_ROOT) && !(q->flags & TCQ_F_INGRESS)) { 288 if ((q->parent != TC_H_ROOT) && !(q->flags & TCQ_F_INGRESS)) {
289 struct Qdisc *root = qdisc_dev(q)->qdisc;
290
291 WARN_ON_ONCE(root == &noop_qdisc);
292 ASSERT_RTNL(); 289 ASSERT_RTNL();
293 hash_add_rcu(qdisc_dev(q)->qdisc_hash, &q->hash, q->handle); 290 hash_add_rcu(qdisc_dev(q)->qdisc_hash, &q->hash, q->handle);
294 if (invisible) 291 if (invisible)
diff --git a/net/sched/sch_atm.c b/net/sched/sch_atm.c
index 572fe2584e48..c403c87aff7a 100644
--- a/net/sched/sch_atm.c
+++ b/net/sched/sch_atm.c
@@ -572,8 +572,10 @@ static void atm_tc_destroy(struct Qdisc *sch)
572 struct atm_flow_data *flow, *tmp; 572 struct atm_flow_data *flow, *tmp;
573 573
574 pr_debug("atm_tc_destroy(sch %p,[qdisc %p])\n", sch, p); 574 pr_debug("atm_tc_destroy(sch %p,[qdisc %p])\n", sch, p);
575 list_for_each_entry(flow, &p->flows, list) 575 list_for_each_entry(flow, &p->flows, list) {
576 tcf_block_put(flow->block); 576 tcf_block_put(flow->block);
577 flow->block = NULL;
578 }
577 579
578 list_for_each_entry_safe(flow, tmp, &p->flows, list) { 580 list_for_each_entry_safe(flow, tmp, &p->flows, list) {
579 if (flow->ref > 1) 581 if (flow->ref > 1)
diff --git a/net/sched/sch_cbq.c b/net/sched/sch_cbq.c
index 481036f6b54e..780db43300b1 100644
--- a/net/sched/sch_cbq.c
+++ b/net/sched/sch_cbq.c
@@ -1431,8 +1431,10 @@ static void cbq_destroy(struct Qdisc *sch)
1431 * be bound to classes which have been destroyed already. --TGR '04 1431 * be bound to classes which have been destroyed already. --TGR '04
1432 */ 1432 */
1433 for (h = 0; h < q->clhash.hashsize; h++) { 1433 for (h = 0; h < q->clhash.hashsize; h++) {
1434 hlist_for_each_entry(cl, &q->clhash.hash[h], common.hnode) 1434 hlist_for_each_entry(cl, &q->clhash.hash[h], common.hnode) {
1435 tcf_block_put(cl->block); 1435 tcf_block_put(cl->block);
1436 cl->block = NULL;
1437 }
1436 } 1438 }
1437 for (h = 0; h < q->clhash.hashsize; h++) { 1439 for (h = 0; h < q->clhash.hashsize; h++) {
1438 hlist_for_each_entry_safe(cl, next, &q->clhash.hash[h], 1440 hlist_for_each_entry_safe(cl, next, &q->clhash.hash[h],
diff --git a/net/sched/sch_hfsc.c b/net/sched/sch_hfsc.c
index b52f74610dc7..fd15200f8627 100644
--- a/net/sched/sch_hfsc.c
+++ b/net/sched/sch_hfsc.c
@@ -1428,6 +1428,10 @@ hfsc_init_qdisc(struct Qdisc *sch, struct nlattr *opt)
1428 return err; 1428 return err;
1429 q->eligible = RB_ROOT; 1429 q->eligible = RB_ROOT;
1430 1430
1431 err = tcf_block_get(&q->root.block, &q->root.filter_list);
1432 if (err)
1433 goto err_tcf;
1434
1431 q->root.cl_common.classid = sch->handle; 1435 q->root.cl_common.classid = sch->handle;
1432 q->root.refcnt = 1; 1436 q->root.refcnt = 1;
1433 q->root.sched = q; 1437 q->root.sched = q;
@@ -1447,6 +1451,10 @@ hfsc_init_qdisc(struct Qdisc *sch, struct nlattr *opt)
1447 qdisc_watchdog_init(&q->watchdog, sch); 1451 qdisc_watchdog_init(&q->watchdog, sch);
1448 1452
1449 return 0; 1453 return 0;
1454
1455err_tcf:
1456 qdisc_class_hash_destroy(&q->clhash);
1457 return err;
1450} 1458}
1451 1459
1452static int 1460static int
@@ -1522,8 +1530,10 @@ hfsc_destroy_qdisc(struct Qdisc *sch)
1522 unsigned int i; 1530 unsigned int i;
1523 1531
1524 for (i = 0; i < q->clhash.hashsize; i++) { 1532 for (i = 0; i < q->clhash.hashsize; i++) {
1525 hlist_for_each_entry(cl, &q->clhash.hash[i], cl_common.hnode) 1533 hlist_for_each_entry(cl, &q->clhash.hash[i], cl_common.hnode) {
1526 tcf_block_put(cl->block); 1534 tcf_block_put(cl->block);
1535 cl->block = NULL;
1536 }
1527 } 1537 }
1528 for (i = 0; i < q->clhash.hashsize; i++) { 1538 for (i = 0; i < q->clhash.hashsize; i++) {
1529 hlist_for_each_entry_safe(cl, next, &q->clhash.hash[i], 1539 hlist_for_each_entry_safe(cl, next, &q->clhash.hash[i],
diff --git a/net/sched/sch_htb.c b/net/sched/sch_htb.c
index 203286ab4427..5d65ec5207e9 100644
--- a/net/sched/sch_htb.c
+++ b/net/sched/sch_htb.c
@@ -1258,8 +1258,10 @@ static void htb_destroy(struct Qdisc *sch)
1258 tcf_block_put(q->block); 1258 tcf_block_put(q->block);
1259 1259
1260 for (i = 0; i < q->clhash.hashsize; i++) { 1260 for (i = 0; i < q->clhash.hashsize; i++) {
1261 hlist_for_each_entry(cl, &q->clhash.hash[i], common.hnode) 1261 hlist_for_each_entry(cl, &q->clhash.hash[i], common.hnode) {
1262 tcf_block_put(cl->block); 1262 tcf_block_put(cl->block);
1263 cl->block = NULL;
1264 }
1263 } 1265 }
1264 for (i = 0; i < q->clhash.hashsize; i++) { 1266 for (i = 0; i < q->clhash.hashsize; i++) {
1265 hlist_for_each_entry_safe(cl, next, &q->clhash.hash[i], 1267 hlist_for_each_entry_safe(cl, next, &q->clhash.hash[i],
diff --git a/net/sched/sch_sfq.c b/net/sched/sch_sfq.c
index f80ea2cc5f1f..82469ef9655e 100644
--- a/net/sched/sch_sfq.c
+++ b/net/sched/sch_sfq.c
@@ -437,6 +437,7 @@ congestion_drop:
437 qdisc_drop(head, sch, to_free); 437 qdisc_drop(head, sch, to_free);
438 438
439 slot_queue_add(slot, skb); 439 slot_queue_add(slot, skb);
440 qdisc_tree_reduce_backlog(sch, 0, delta);
440 return NET_XMIT_CN; 441 return NET_XMIT_CN;
441 } 442 }
442 443
@@ -468,8 +469,10 @@ enqueue:
468 /* Return Congestion Notification only if we dropped a packet 469 /* Return Congestion Notification only if we dropped a packet
469 * from this flow. 470 * from this flow.
470 */ 471 */
471 if (qlen != slot->qlen) 472 if (qlen != slot->qlen) {
473 qdisc_tree_reduce_backlog(sch, 0, dropped - qdisc_pkt_len(skb));
472 return NET_XMIT_CN; 474 return NET_XMIT_CN;
475 }
473 476
474 /* As we dropped a packet, better let upper stack know this */ 477 /* As we dropped a packet, better let upper stack know this */
475 qdisc_tree_reduce_backlog(sch, 1, dropped); 478 qdisc_tree_reduce_backlog(sch, 1, dropped);
diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c
index 2a186b201ad2..a4b6ffb61495 100644
--- a/net/sctp/ipv6.c
+++ b/net/sctp/ipv6.c
@@ -512,7 +512,9 @@ static void sctp_v6_to_addr(union sctp_addr *addr, struct in6_addr *saddr,
512{ 512{
513 addr->sa.sa_family = AF_INET6; 513 addr->sa.sa_family = AF_INET6;
514 addr->v6.sin6_port = port; 514 addr->v6.sin6_port = port;
515 addr->v6.sin6_flowinfo = 0;
515 addr->v6.sin6_addr = *saddr; 516 addr->v6.sin6_addr = *saddr;
517 addr->v6.sin6_scope_id = 0;
516} 518}
517 519
518/* Compare addresses exactly. 520/* Compare addresses exactly.
diff --git a/net/tipc/bearer.c b/net/tipc/bearer.c
index d174ee3254ee..767e0537dde5 100644
--- a/net/tipc/bearer.c
+++ b/net/tipc/bearer.c
@@ -596,7 +596,7 @@ static int tipc_l2_rcv_msg(struct sk_buff *skb, struct net_device *dev,
596 rcu_read_lock(); 596 rcu_read_lock();
597 b = rcu_dereference_rtnl(dev->tipc_ptr); 597 b = rcu_dereference_rtnl(dev->tipc_ptr);
598 if (likely(b && test_bit(0, &b->up) && 598 if (likely(b && test_bit(0, &b->up) &&
599 (skb->pkt_type <= PACKET_BROADCAST))) { 599 (skb->pkt_type <= PACKET_MULTICAST))) {
600 skb->next = NULL; 600 skb->next = NULL;
601 tipc_rcv(dev_net(dev), skb, b); 601 tipc_rcv(dev_net(dev), skb, b);
602 rcu_read_unlock(); 602 rcu_read_unlock();
diff --git a/net/tipc/msg.c b/net/tipc/msg.c
index ab3087687a32..dcd90e6fa7c3 100644
--- a/net/tipc/msg.c
+++ b/net/tipc/msg.c
@@ -513,6 +513,7 @@ bool tipc_msg_reverse(u32 own_node, struct sk_buff **skb, int err)
513 513
514 /* Now reverse the concerned fields */ 514 /* Now reverse the concerned fields */
515 msg_set_errcode(hdr, err); 515 msg_set_errcode(hdr, err);
516 msg_set_non_seq(hdr, 0);
516 msg_set_origport(hdr, msg_destport(&ohdr)); 517 msg_set_origport(hdr, msg_destport(&ohdr));
517 msg_set_destport(hdr, msg_origport(&ohdr)); 518 msg_set_destport(hdr, msg_origport(&ohdr));
518 msg_set_destnode(hdr, msg_prevnode(&ohdr)); 519 msg_set_destnode(hdr, msg_prevnode(&ohdr));
diff --git a/net/tipc/netlink_compat.c b/net/tipc/netlink_compat.c
index 9bfe886ab330..750949dfc1d7 100644
--- a/net/tipc/netlink_compat.c
+++ b/net/tipc/netlink_compat.c
@@ -258,13 +258,15 @@ static int tipc_nl_compat_dumpit(struct tipc_nl_compat_cmd_dump *cmd,
258 arg = nlmsg_new(0, GFP_KERNEL); 258 arg = nlmsg_new(0, GFP_KERNEL);
259 if (!arg) { 259 if (!arg) {
260 kfree_skb(msg->rep); 260 kfree_skb(msg->rep);
261 msg->rep = NULL;
261 return -ENOMEM; 262 return -ENOMEM;
262 } 263 }
263 264
264 err = __tipc_nl_compat_dumpit(cmd, msg, arg); 265 err = __tipc_nl_compat_dumpit(cmd, msg, arg);
265 if (err) 266 if (err) {
266 kfree_skb(msg->rep); 267 kfree_skb(msg->rep);
267 268 msg->rep = NULL;
269 }
268 kfree_skb(arg); 270 kfree_skb(arg);
269 271
270 return err; 272 return err;
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index 7b52a380d710..be8982b4f8c0 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -2304,10 +2304,7 @@ static int unix_stream_read_generic(struct unix_stream_read_state *state,
2304 */ 2304 */
2305 mutex_lock(&u->iolock); 2305 mutex_lock(&u->iolock);
2306 2306
2307 if (flags & MSG_PEEK) 2307 skip = max(sk_peek_offset(sk, flags), 0);
2308 skip = sk_peek_offset(sk, flags);
2309 else
2310 skip = 0;
2311 2308
2312 do { 2309 do {
2313 int chunk; 2310 int chunk;
generated by cgit v1.2.2 (git 2.25.0) at 2026-01-05 21:44:48 -0500