aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2017-01-27 15:54:16 -0500
committerLinus Torvalds <torvalds@linux-foundation.org>2017-01-27 15:54:16 -0500
commit1b1bc42c1692e9b62756323c675a44cb1a1f9dbd (patch)
treed514a2d8512fc52c15747841e2368f8f99a50787 /net
parent3365135d43f861003555c963b309672d053a2228 (diff)
parent950eabbd6ddedc1b08350b9169a6a51b130ebaaf (diff)
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networking fixes from David Miller: 1) GTP fixes from Andreas Schultz (missing genl module alias, clear IP DF on transmit). 2) Netfilter needs to reflect the fwmark when sending resets, from Pau Espin Pedrol. 3) nftable dump OOPS fix from Liping Zhang. 4) Fix erroneous setting of VIRTIO_NET_HDR_F_DATA_VALID on transmit, from Rolf Neugebauer. 5) Fix build error of ipt_CLUSTERIP when procfs is disabled, from Arnd Bergmann. 6) Fix regression in handling of NETIF_F_SG in harmonize_features(), from Eric Dumazet. 7) Fix RTNL deadlock wrt. lwtunnel module loading, from David Ahern. 8) tcp_fastopen_create_child() needs to setup tp->max_window, from Alexey Kodanev. 9) Missing kmemdup() failure check in ipv6 segment routing code, from Eric Dumazet. 10) Don't execute unix_bind() under the bindlock, otherwise we deadlock with splice. From WANG Cong. 11) ip6_tnl_parse_tlv_enc_lim() potentially reallocates the skb buffer, therefore callers must reload cached header pointers into that skb. Fix from Eric Dumazet. 12) Fix various bugs in legacy IRQ fallback handling in alx driver, from Tobias Regnery. 13) Do not allow lwtunnel drivers to be unloaded while they are referenced by active instances, from Robert Shearman. 14) Fix truncated PHY LED trigger names, from Geert Uytterhoeven. 15) Fix a few regressions from virtio_net XDP support, from John Fastabend and Jakub Kicinski. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (102 commits) ISDN: eicon: silence misleading array-bounds warning net: phy: micrel: add support for KSZ8795 gtp: fix cross netns recv on gtp socket gtp: clear DF bit on GTP packet tx gtp: add genl family modules alias tcp: don't annotate mark on control socket from tcp_v6_send_response() ravb: unmap descriptors when freeing rings virtio_net: reject XDP programs using header adjustment virtio_net: use dev_kfree_skb for small buffer XDP receive r8152: check rx after napi is enabled r8152: re-schedule napi for tx r8152: avoid start_xmit to schedule napi when napi is disabled r8152: avoid start_xmit to call napi_schedule during autosuspend net: dsa: Bring back device detaching in dsa_slave_suspend() net: phy: leds: Fix truncated LED trigger names net: phy: leds: Break dependency of phy.h on phy_led_triggers.h net: phy: leds: Clear phy_num_led_triggers on failure to avoid crash net-next: ethernet: mediatek: change the compatible string Documentation: devicetree: change the mediatek ethernet compatible string bnxt_en: Fix RTNL lock usage on bnxt_get_port_module_status(). ...
Diffstat (limited to 'net')
-rw-r--r--net/batman-adv/fragmentation.c10
-rw-r--r--net/bridge/br_netlink.c33
-rw-r--r--net/core/dev.c4
-rw-r--r--net/core/ethtool.c2
-rw-r--r--net/core/lwt_bpf.c1
-rw-r--r--net/core/lwtunnel.c66
-rw-r--r--net/dccp/ipv6.c4
-rw-r--r--net/dsa/slave.c8
-rw-r--r--net/ipv4/fib_frontend.c8
-rw-r--r--net/ipv4/ip_output.c1
-rw-r--r--net/ipv4/ip_tunnel_core.c2
-rw-r--r--net/ipv4/netfilter/ipt_CLUSTERIP.c7
-rw-r--r--net/ipv4/netfilter/ipt_rpfilter.c8
-rw-r--r--net/ipv4/netfilter/nf_reject_ipv4.c2
-rw-r--r--net/ipv4/netfilter/nft_fib_ipv4.c15
-rw-r--r--net/ipv4/tcp_fastopen.c1
-rw-r--r--net/ipv4/tcp_input.c2
-rw-r--r--net/ipv6/addrconf.c4
-rw-r--r--net/ipv6/ila/ila_lwt.c1
-rw-r--r--net/ipv6/inet6_connection_sock.c2
-rw-r--r--net/ipv6/ip6_gre.c3
-rw-r--r--net/ipv6/ip6_output.c4
-rw-r--r--net/ipv6/ip6_tunnel.c36
-rw-r--r--net/ipv6/netfilter/ip6t_rpfilter.c8
-rw-r--r--net/ipv6/netfilter/nf_reject_ipv6.c3
-rw-r--r--net/ipv6/netfilter/nft_fib_ipv6.c13
-rw-r--r--net/ipv6/route.c12
-rw-r--r--net/ipv6/seg6.c2
-rw-r--r--net/ipv6/seg6_iptunnel.c1
-rw-r--r--net/ipv6/tcp_ipv6.c4
-rw-r--r--net/mac80211/rate.c2
-rw-r--r--net/mpls/af_mpls.c48
-rw-r--r--net/mpls/mpls_iptunnel.c1
-rw-r--r--net/netfilter/Kconfig2
-rw-r--r--net/netfilter/nf_conntrack_core.c44
-rw-r--r--net/netfilter/nf_log.c1
-rw-r--r--net/netfilter/nf_tables_api.c67
-rw-r--r--net/netfilter/nft_dynset.c3
-rw-r--r--net/netfilter/nft_log.c3
-rw-r--r--net/netfilter/nft_lookup.c3
-rw-r--r--net/netfilter/nft_objref.c6
-rw-r--r--net/netfilter/nft_set_hash.c2
-rw-r--r--net/netfilter/nft_set_rbtree.c2
-rw-r--r--net/packet/af_packet.c4
-rw-r--r--net/sctp/ipv6.c3
-rw-r--r--net/sctp/offload.c2
-rw-r--r--net/sctp/socket.c6
-rw-r--r--net/tipc/node.c9
-rw-r--r--net/tipc/server.c48
-rw-r--r--net/tipc/subscr.c124
-rw-r--r--net/tipc/subscr.h1
-rw-r--r--net/unix/af_unix.c27
52 files changed, 407 insertions, 268 deletions
diff --git a/net/batman-adv/fragmentation.c b/net/batman-adv/fragmentation.c
index 9c561e683f4b..0854ebd8613e 100644
--- a/net/batman-adv/fragmentation.c
+++ b/net/batman-adv/fragmentation.c
@@ -474,7 +474,7 @@ int batadv_frag_send_packet(struct sk_buff *skb,
474 primary_if = batadv_primary_if_get_selected(bat_priv); 474 primary_if = batadv_primary_if_get_selected(bat_priv);
475 if (!primary_if) { 475 if (!primary_if) {
476 ret = -EINVAL; 476 ret = -EINVAL;
477 goto put_primary_if; 477 goto free_skb;
478 } 478 }
479 479
480 /* Create one header to be copied to all fragments */ 480 /* Create one header to be copied to all fragments */
@@ -502,7 +502,7 @@ int batadv_frag_send_packet(struct sk_buff *skb,
502 skb_fragment = batadv_frag_create(skb, &frag_header, mtu); 502 skb_fragment = batadv_frag_create(skb, &frag_header, mtu);
503 if (!skb_fragment) { 503 if (!skb_fragment) {
504 ret = -ENOMEM; 504 ret = -ENOMEM;
505 goto free_skb; 505 goto put_primary_if;
506 } 506 }
507 507
508 batadv_inc_counter(bat_priv, BATADV_CNT_FRAG_TX); 508 batadv_inc_counter(bat_priv, BATADV_CNT_FRAG_TX);
@@ -511,7 +511,7 @@ int batadv_frag_send_packet(struct sk_buff *skb,
511 ret = batadv_send_unicast_skb(skb_fragment, neigh_node); 511 ret = batadv_send_unicast_skb(skb_fragment, neigh_node);
512 if (ret != NET_XMIT_SUCCESS) { 512 if (ret != NET_XMIT_SUCCESS) {
513 ret = NET_XMIT_DROP; 513 ret = NET_XMIT_DROP;
514 goto free_skb; 514 goto put_primary_if;
515 } 515 }
516 516
517 frag_header.no++; 517 frag_header.no++;
@@ -519,7 +519,7 @@ int batadv_frag_send_packet(struct sk_buff *skb,
519 /* The initial check in this function should cover this case */ 519 /* The initial check in this function should cover this case */
520 if (frag_header.no == BATADV_FRAG_MAX_FRAGMENTS - 1) { 520 if (frag_header.no == BATADV_FRAG_MAX_FRAGMENTS - 1) {
521 ret = -EINVAL; 521 ret = -EINVAL;
522 goto free_skb; 522 goto put_primary_if;
523 } 523 }
524 } 524 }
525 525
@@ -527,7 +527,7 @@ int batadv_frag_send_packet(struct sk_buff *skb,
527 if (batadv_skb_head_push(skb, header_size) < 0 || 527 if (batadv_skb_head_push(skb, header_size) < 0 ||
528 pskb_expand_head(skb, header_size + ETH_HLEN, 0, GFP_ATOMIC) < 0) { 528 pskb_expand_head(skb, header_size + ETH_HLEN, 0, GFP_ATOMIC) < 0) {
529 ret = -ENOMEM; 529 ret = -ENOMEM;
530 goto free_skb; 530 goto put_primary_if;
531 } 531 }
532 532
533 memcpy(skb->data, &frag_header, header_size); 533 memcpy(skb->data, &frag_header, header_size);
diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c
index 71c7453268c1..7109b389ea58 100644
--- a/net/bridge/br_netlink.c
+++ b/net/bridge/br_netlink.c
@@ -781,20 +781,6 @@ static int br_validate(struct nlattr *tb[], struct nlattr *data[])
781 return 0; 781 return 0;
782} 782}
783 783
784static int br_dev_newlink(struct net *src_net, struct net_device *dev,
785 struct nlattr *tb[], struct nlattr *data[])
786{
787 struct net_bridge *br = netdev_priv(dev);
788
789 if (tb[IFLA_ADDRESS]) {
790 spin_lock_bh(&br->lock);
791 br_stp_change_bridge_id(br, nla_data(tb[IFLA_ADDRESS]));
792 spin_unlock_bh(&br->lock);
793 }
794
795 return register_netdevice(dev);
796}
797
798static int br_port_slave_changelink(struct net_device *brdev, 784static int br_port_slave_changelink(struct net_device *brdev,
799 struct net_device *dev, 785 struct net_device *dev,
800 struct nlattr *tb[], 786 struct nlattr *tb[],
@@ -1115,6 +1101,25 @@ static int br_changelink(struct net_device *brdev, struct nlattr *tb[],
1115 return 0; 1101 return 0;
1116} 1102}
1117 1103
1104static int br_dev_newlink(struct net *src_net, struct net_device *dev,
1105 struct nlattr *tb[], struct nlattr *data[])
1106{
1107 struct net_bridge *br = netdev_priv(dev);
1108 int err;
1109
1110 if (tb[IFLA_ADDRESS]) {
1111 spin_lock_bh(&br->lock);
1112 br_stp_change_bridge_id(br, nla_data(tb[IFLA_ADDRESS]));
1113 spin_unlock_bh(&br->lock);
1114 }
1115
1116 err = br_changelink(dev, tb, data);
1117 if (err)
1118 return err;
1119
1120 return register_netdevice(dev);
1121}
1122
1118static size_t br_get_size(const struct net_device *brdev) 1123static size_t br_get_size(const struct net_device *brdev)
1119{ 1124{
1120 return nla_total_size(sizeof(u32)) + /* IFLA_BR_FORWARD_DELAY */ 1125 return nla_total_size(sizeof(u32)) + /* IFLA_BR_FORWARD_DELAY */
diff --git a/net/core/dev.c b/net/core/dev.c
index 07b307b0b414..7f218e095361 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -2795,9 +2795,9 @@ static netdev_features_t harmonize_features(struct sk_buff *skb,
2795 if (skb->ip_summed != CHECKSUM_NONE && 2795 if (skb->ip_summed != CHECKSUM_NONE &&
2796 !can_checksum_protocol(features, type)) { 2796 !can_checksum_protocol(features, type)) {
2797 features &= ~(NETIF_F_CSUM_MASK | NETIF_F_GSO_MASK); 2797 features &= ~(NETIF_F_CSUM_MASK | NETIF_F_GSO_MASK);
2798 } else if (illegal_highdma(skb->dev, skb)) {
2799 features &= ~NETIF_F_SG;
2800 } 2798 }
2799 if (illegal_highdma(skb->dev, skb))
2800 features &= ~NETIF_F_SG;
2801 2801
2802 return features; 2802 return features;
2803} 2803}
diff --git a/net/core/ethtool.c b/net/core/ethtool.c
index e23766c7e3ba..236a21e3c878 100644
--- a/net/core/ethtool.c
+++ b/net/core/ethtool.c
@@ -1712,7 +1712,7 @@ static noinline_for_stack int ethtool_get_channels(struct net_device *dev,
1712static noinline_for_stack int ethtool_set_channels(struct net_device *dev, 1712static noinline_for_stack int ethtool_set_channels(struct net_device *dev,
1713 void __user *useraddr) 1713 void __user *useraddr)
1714{ 1714{
1715 struct ethtool_channels channels, max; 1715 struct ethtool_channels channels, max = { .cmd = ETHTOOL_GCHANNELS };
1716 u32 max_rx_in_use = 0; 1716 u32 max_rx_in_use = 0;
1717 1717
1718 if (!dev->ethtool_ops->set_channels || !dev->ethtool_ops->get_channels) 1718 if (!dev->ethtool_ops->set_channels || !dev->ethtool_ops->get_channels)
diff --git a/net/core/lwt_bpf.c b/net/core/lwt_bpf.c
index 71bb3e2eca08..b3eef90b2df9 100644
--- a/net/core/lwt_bpf.c
+++ b/net/core/lwt_bpf.c
@@ -386,6 +386,7 @@ static const struct lwtunnel_encap_ops bpf_encap_ops = {
386 .fill_encap = bpf_fill_encap_info, 386 .fill_encap = bpf_fill_encap_info,
387 .get_encap_size = bpf_encap_nlsize, 387 .get_encap_size = bpf_encap_nlsize,
388 .cmp_encap = bpf_encap_cmp, 388 .cmp_encap = bpf_encap_cmp,
389 .owner = THIS_MODULE,
389}; 390};
390 391
391static int __init bpf_lwt_init(void) 392static int __init bpf_lwt_init(void)
diff --git a/net/core/lwtunnel.c b/net/core/lwtunnel.c
index a5d4e866ce88..c23465005f2f 100644
--- a/net/core/lwtunnel.c
+++ b/net/core/lwtunnel.c
@@ -26,6 +26,7 @@
26#include <net/lwtunnel.h> 26#include <net/lwtunnel.h>
27#include <net/rtnetlink.h> 27#include <net/rtnetlink.h>
28#include <net/ip6_fib.h> 28#include <net/ip6_fib.h>
29#include <net/nexthop.h>
29 30
30#ifdef CONFIG_MODULES 31#ifdef CONFIG_MODULES
31 32
@@ -114,25 +115,77 @@ int lwtunnel_build_state(struct net_device *dev, u16 encap_type,
114 ret = -EOPNOTSUPP; 115 ret = -EOPNOTSUPP;
115 rcu_read_lock(); 116 rcu_read_lock();
116 ops = rcu_dereference(lwtun_encaps[encap_type]); 117 ops = rcu_dereference(lwtun_encaps[encap_type]);
118 if (likely(ops && ops->build_state && try_module_get(ops->owner))) {
119 ret = ops->build_state(dev, encap, family, cfg, lws);
120 if (ret)
121 module_put(ops->owner);
122 }
123 rcu_read_unlock();
124
125 return ret;
126}
127EXPORT_SYMBOL(lwtunnel_build_state);
128
129int lwtunnel_valid_encap_type(u16 encap_type)
130{
131 const struct lwtunnel_encap_ops *ops;
132 int ret = -EINVAL;
133
134 if (encap_type == LWTUNNEL_ENCAP_NONE ||
135 encap_type > LWTUNNEL_ENCAP_MAX)
136 return ret;
137
138 rcu_read_lock();
139 ops = rcu_dereference(lwtun_encaps[encap_type]);
140 rcu_read_unlock();
117#ifdef CONFIG_MODULES 141#ifdef CONFIG_MODULES
118 if (!ops) { 142 if (!ops) {
119 const char *encap_type_str = lwtunnel_encap_str(encap_type); 143 const char *encap_type_str = lwtunnel_encap_str(encap_type);
120 144
121 if (encap_type_str) { 145 if (encap_type_str) {
122 rcu_read_unlock(); 146 __rtnl_unlock();
123 request_module("rtnl-lwt-%s", encap_type_str); 147 request_module("rtnl-lwt-%s", encap_type_str);
148 rtnl_lock();
149
124 rcu_read_lock(); 150 rcu_read_lock();
125 ops = rcu_dereference(lwtun_encaps[encap_type]); 151 ops = rcu_dereference(lwtun_encaps[encap_type]);
152 rcu_read_unlock();
126 } 153 }
127 } 154 }
128#endif 155#endif
129 if (likely(ops && ops->build_state)) 156 return ops ? 0 : -EOPNOTSUPP;
130 ret = ops->build_state(dev, encap, family, cfg, lws); 157}
131 rcu_read_unlock(); 158EXPORT_SYMBOL(lwtunnel_valid_encap_type);
132 159
133 return ret; 160int lwtunnel_valid_encap_type_attr(struct nlattr *attr, int remaining)
161{
162 struct rtnexthop *rtnh = (struct rtnexthop *)attr;
163 struct nlattr *nla_entype;
164 struct nlattr *attrs;
165 struct nlattr *nla;
166 u16 encap_type;
167 int attrlen;
168
169 while (rtnh_ok(rtnh, remaining)) {
170 attrlen = rtnh_attrlen(rtnh);
171 if (attrlen > 0) {
172 attrs = rtnh_attrs(rtnh);
173 nla = nla_find(attrs, attrlen, RTA_ENCAP);
174 nla_entype = nla_find(attrs, attrlen, RTA_ENCAP_TYPE);
175
176 if (nla_entype) {
177 encap_type = nla_get_u16(nla_entype);
178
179 if (lwtunnel_valid_encap_type(encap_type) != 0)
180 return -EOPNOTSUPP;
181 }
182 }
183 rtnh = rtnh_next(rtnh, &remaining);
184 }
185
186 return 0;
134} 187}
135EXPORT_SYMBOL(lwtunnel_build_state); 188EXPORT_SYMBOL(lwtunnel_valid_encap_type_attr);
136 189
137void lwtstate_free(struct lwtunnel_state *lws) 190void lwtstate_free(struct lwtunnel_state *lws)
138{ 191{
@@ -144,6 +197,7 @@ void lwtstate_free(struct lwtunnel_state *lws)
144 } else { 197 } else {
145 kfree(lws); 198 kfree(lws);
146 } 199 }
200 module_put(ops->owner);
147} 201}
148EXPORT_SYMBOL(lwtstate_free); 202EXPORT_SYMBOL(lwtstate_free);
149 203
diff --git a/net/dccp/ipv6.c b/net/dccp/ipv6.c
index adfc790f7193..c4e879c02186 100644
--- a/net/dccp/ipv6.c
+++ b/net/dccp/ipv6.c
@@ -227,7 +227,7 @@ static int dccp_v6_send_response(const struct sock *sk, struct request_sock *req
227 opt = ireq->ipv6_opt; 227 opt = ireq->ipv6_opt;
228 if (!opt) 228 if (!opt)
229 opt = rcu_dereference(np->opt); 229 opt = rcu_dereference(np->opt);
230 err = ip6_xmit(sk, skb, &fl6, opt, np->tclass); 230 err = ip6_xmit(sk, skb, &fl6, sk->sk_mark, opt, np->tclass);
231 rcu_read_unlock(); 231 rcu_read_unlock();
232 err = net_xmit_eval(err); 232 err = net_xmit_eval(err);
233 } 233 }
@@ -281,7 +281,7 @@ static void dccp_v6_ctl_send_reset(const struct sock *sk, struct sk_buff *rxskb)
281 dst = ip6_dst_lookup_flow(ctl_sk, &fl6, NULL); 281 dst = ip6_dst_lookup_flow(ctl_sk, &fl6, NULL);
282 if (!IS_ERR(dst)) { 282 if (!IS_ERR(dst)) {
283 skb_dst_set(skb, dst); 283 skb_dst_set(skb, dst);
284 ip6_xmit(ctl_sk, skb, &fl6, NULL, 0); 284 ip6_xmit(ctl_sk, skb, &fl6, 0, NULL, 0);
285 DCCP_INC_STATS(DCCP_MIB_OUTSEGS); 285 DCCP_INC_STATS(DCCP_MIB_OUTSEGS);
286 DCCP_INC_STATS(DCCP_MIB_OUTRSTS); 286 DCCP_INC_STATS(DCCP_MIB_OUTRSTS);
287 return; 287 return;
diff --git a/net/dsa/slave.c b/net/dsa/slave.c
index 68c9eea00518..7d4596110851 100644
--- a/net/dsa/slave.c
+++ b/net/dsa/slave.c
@@ -1105,10 +1105,8 @@ static int dsa_slave_phy_connect(struct dsa_slave_priv *p,
1105 /* Use already configured phy mode */ 1105 /* Use already configured phy mode */
1106 if (p->phy_interface == PHY_INTERFACE_MODE_NA) 1106 if (p->phy_interface == PHY_INTERFACE_MODE_NA)
1107 p->phy_interface = p->phy->interface; 1107 p->phy_interface = p->phy->interface;
1108 phy_connect_direct(slave_dev, p->phy, dsa_slave_adjust_link, 1108 return phy_connect_direct(slave_dev, p->phy, dsa_slave_adjust_link,
1109 p->phy_interface); 1109 p->phy_interface);
1110
1111 return 0;
1112} 1110}
1113 1111
1114static int dsa_slave_phy_setup(struct dsa_slave_priv *p, 1112static int dsa_slave_phy_setup(struct dsa_slave_priv *p,
@@ -1203,6 +1201,8 @@ int dsa_slave_suspend(struct net_device *slave_dev)
1203{ 1201{
1204 struct dsa_slave_priv *p = netdev_priv(slave_dev); 1202 struct dsa_slave_priv *p = netdev_priv(slave_dev);
1205 1203
1204 netif_device_detach(slave_dev);
1205
1206 if (p->phy) { 1206 if (p->phy) {
1207 phy_stop(p->phy); 1207 phy_stop(p->phy);
1208 p->old_pause = -1; 1208 p->old_pause = -1;
diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c
index eae0332b0e8c..7db2ad2e82d3 100644
--- a/net/ipv4/fib_frontend.c
+++ b/net/ipv4/fib_frontend.c
@@ -46,6 +46,7 @@
46#include <net/rtnetlink.h> 46#include <net/rtnetlink.h>
47#include <net/xfrm.h> 47#include <net/xfrm.h>
48#include <net/l3mdev.h> 48#include <net/l3mdev.h>
49#include <net/lwtunnel.h>
49#include <trace/events/fib.h> 50#include <trace/events/fib.h>
50 51
51#ifndef CONFIG_IP_MULTIPLE_TABLES 52#ifndef CONFIG_IP_MULTIPLE_TABLES
@@ -677,6 +678,10 @@ static int rtm_to_fib_config(struct net *net, struct sk_buff *skb,
677 cfg->fc_mx_len = nla_len(attr); 678 cfg->fc_mx_len = nla_len(attr);
678 break; 679 break;
679 case RTA_MULTIPATH: 680 case RTA_MULTIPATH:
681 err = lwtunnel_valid_encap_type_attr(nla_data(attr),
682 nla_len(attr));
683 if (err < 0)
684 goto errout;
680 cfg->fc_mp = nla_data(attr); 685 cfg->fc_mp = nla_data(attr);
681 cfg->fc_mp_len = nla_len(attr); 686 cfg->fc_mp_len = nla_len(attr);
682 break; 687 break;
@@ -691,6 +696,9 @@ static int rtm_to_fib_config(struct net *net, struct sk_buff *skb,
691 break; 696 break;
692 case RTA_ENCAP_TYPE: 697 case RTA_ENCAP_TYPE:
693 cfg->fc_encap_type = nla_get_u16(attr); 698 cfg->fc_encap_type = nla_get_u16(attr);
699 err = lwtunnel_valid_encap_type(cfg->fc_encap_type);
700 if (err < 0)
701 goto errout;
694 break; 702 break;
695 } 703 }
696 } 704 }
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index fac275c48108..b67719f45953 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -1629,6 +1629,7 @@ void ip_send_unicast_reply(struct sock *sk, struct sk_buff *skb,
1629 sk->sk_protocol = ip_hdr(skb)->protocol; 1629 sk->sk_protocol = ip_hdr(skb)->protocol;
1630 sk->sk_bound_dev_if = arg->bound_dev_if; 1630 sk->sk_bound_dev_if = arg->bound_dev_if;
1631 sk->sk_sndbuf = sysctl_wmem_default; 1631 sk->sk_sndbuf = sysctl_wmem_default;
1632 sk->sk_mark = fl4.flowi4_mark;
1632 err = ip_append_data(sk, &fl4, ip_reply_glue_bits, arg->iov->iov_base, 1633 err = ip_append_data(sk, &fl4, ip_reply_glue_bits, arg->iov->iov_base,
1633 len, 0, &ipc, &rt, MSG_DONTWAIT); 1634 len, 0, &ipc, &rt, MSG_DONTWAIT);
1634 if (unlikely(err)) { 1635 if (unlikely(err)) {
diff --git a/net/ipv4/ip_tunnel_core.c b/net/ipv4/ip_tunnel_core.c
index fed3d29f9eb3..0fd1976ab63b 100644
--- a/net/ipv4/ip_tunnel_core.c
+++ b/net/ipv4/ip_tunnel_core.c
@@ -313,6 +313,7 @@ static const struct lwtunnel_encap_ops ip_tun_lwt_ops = {
313 .fill_encap = ip_tun_fill_encap_info, 313 .fill_encap = ip_tun_fill_encap_info,
314 .get_encap_size = ip_tun_encap_nlsize, 314 .get_encap_size = ip_tun_encap_nlsize,
315 .cmp_encap = ip_tun_cmp_encap, 315 .cmp_encap = ip_tun_cmp_encap,
316 .owner = THIS_MODULE,
316}; 317};
317 318
318static const struct nla_policy ip6_tun_policy[LWTUNNEL_IP6_MAX + 1] = { 319static const struct nla_policy ip6_tun_policy[LWTUNNEL_IP6_MAX + 1] = {
@@ -403,6 +404,7 @@ static const struct lwtunnel_encap_ops ip6_tun_lwt_ops = {
403 .fill_encap = ip6_tun_fill_encap_info, 404 .fill_encap = ip6_tun_fill_encap_info,
404 .get_encap_size = ip6_tun_encap_nlsize, 405 .get_encap_size = ip6_tun_encap_nlsize,
405 .cmp_encap = ip_tun_cmp_encap, 406 .cmp_encap = ip_tun_cmp_encap,
407 .owner = THIS_MODULE,
406}; 408};
407 409
408void __init ip_tunnel_core_init(void) 410void __init ip_tunnel_core_init(void)
diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c
index a6b8c1a4102b..0a783cd73faf 100644
--- a/net/ipv4/netfilter/ipt_CLUSTERIP.c
+++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c
@@ -144,7 +144,12 @@ clusterip_config_find_get(struct net *net, __be32 clusterip, int entry)
144 rcu_read_lock_bh(); 144 rcu_read_lock_bh();
145 c = __clusterip_config_find(net, clusterip); 145 c = __clusterip_config_find(net, clusterip);
146 if (c) { 146 if (c) {
147 if (!c->pde || unlikely(!atomic_inc_not_zero(&c->refcount))) 147#ifdef CONFIG_PROC_FS
148 if (!c->pde)
149 c = NULL;
150 else
151#endif
152 if (unlikely(!atomic_inc_not_zero(&c->refcount)))
148 c = NULL; 153 c = NULL;
149 else if (entry) 154 else if (entry)
150 atomic_inc(&c->entries); 155 atomic_inc(&c->entries);
diff --git a/net/ipv4/netfilter/ipt_rpfilter.c b/net/ipv4/netfilter/ipt_rpfilter.c
index f273098e48fd..37fb9552e858 100644
--- a/net/ipv4/netfilter/ipt_rpfilter.c
+++ b/net/ipv4/netfilter/ipt_rpfilter.c
@@ -63,10 +63,10 @@ static bool rpfilter_lookup_reverse(struct net *net, struct flowi4 *fl4,
63 return dev_match || flags & XT_RPFILTER_LOOSE; 63 return dev_match || flags & XT_RPFILTER_LOOSE;
64} 64}
65 65
66static bool rpfilter_is_local(const struct sk_buff *skb) 66static bool
67rpfilter_is_loopback(const struct sk_buff *skb, const struct net_device *in)
67{ 68{
68 const struct rtable *rt = skb_rtable(skb); 69 return skb->pkt_type == PACKET_LOOPBACK || in->flags & IFF_LOOPBACK;
69 return rt && (rt->rt_flags & RTCF_LOCAL);
70} 70}
71 71
72static bool rpfilter_mt(const struct sk_buff *skb, struct xt_action_param *par) 72static bool rpfilter_mt(const struct sk_buff *skb, struct xt_action_param *par)
@@ -79,7 +79,7 @@ static bool rpfilter_mt(const struct sk_buff *skb, struct xt_action_param *par)
79 info = par->matchinfo; 79 info = par->matchinfo;
80 invert = info->flags & XT_RPFILTER_INVERT; 80 invert = info->flags & XT_RPFILTER_INVERT;
81 81
82 if (rpfilter_is_local(skb)) 82 if (rpfilter_is_loopback(skb, xt_in(par)))
83 return true ^ invert; 83 return true ^ invert;
84 84
85 iph = ip_hdr(skb); 85 iph = ip_hdr(skb);
diff --git a/net/ipv4/netfilter/nf_reject_ipv4.c b/net/ipv4/netfilter/nf_reject_ipv4.c
index fd8220213afc..146d86105183 100644
--- a/net/ipv4/netfilter/nf_reject_ipv4.c
+++ b/net/ipv4/netfilter/nf_reject_ipv4.c
@@ -126,6 +126,8 @@ void nf_send_reset(struct net *net, struct sk_buff *oldskb, int hook)
126 /* ip_route_me_harder expects skb->dst to be set */ 126 /* ip_route_me_harder expects skb->dst to be set */
127 skb_dst_set_noref(nskb, skb_dst(oldskb)); 127 skb_dst_set_noref(nskb, skb_dst(oldskb));
128 128
129 nskb->mark = IP4_REPLY_MARK(net, oldskb->mark);
130
129 skb_reserve(nskb, LL_MAX_HEADER); 131 skb_reserve(nskb, LL_MAX_HEADER);
130 niph = nf_reject_iphdr_put(nskb, oldskb, IPPROTO_TCP, 132 niph = nf_reject_iphdr_put(nskb, oldskb, IPPROTO_TCP,
131 ip4_dst_hoplimit(skb_dst(nskb))); 133 ip4_dst_hoplimit(skb_dst(nskb)));
diff --git a/net/ipv4/netfilter/nft_fib_ipv4.c b/net/ipv4/netfilter/nft_fib_ipv4.c
index 965b1a161369..2981291910dd 100644
--- a/net/ipv4/netfilter/nft_fib_ipv4.c
+++ b/net/ipv4/netfilter/nft_fib_ipv4.c
@@ -26,13 +26,6 @@ static __be32 get_saddr(__be32 addr)
26 return addr; 26 return addr;
27} 27}
28 28
29static bool fib4_is_local(const struct sk_buff *skb)
30{
31 const struct rtable *rt = skb_rtable(skb);
32
33 return rt && (rt->rt_flags & RTCF_LOCAL);
34}
35
36#define DSCP_BITS 0xfc 29#define DSCP_BITS 0xfc
37 30
38void nft_fib4_eval_type(const struct nft_expr *expr, struct nft_regs *regs, 31void nft_fib4_eval_type(const struct nft_expr *expr, struct nft_regs *regs,
@@ -95,8 +88,10 @@ void nft_fib4_eval(const struct nft_expr *expr, struct nft_regs *regs,
95 else 88 else
96 oif = NULL; 89 oif = NULL;
97 90
98 if (nft_hook(pkt) == NF_INET_PRE_ROUTING && fib4_is_local(pkt->skb)) { 91 if (nft_hook(pkt) == NF_INET_PRE_ROUTING &&
99 nft_fib_store_result(dest, priv->result, pkt, LOOPBACK_IFINDEX); 92 nft_fib_is_loopback(pkt->skb, nft_in(pkt))) {
93 nft_fib_store_result(dest, priv->result, pkt,
94 nft_in(pkt)->ifindex);
100 return; 95 return;
101 } 96 }
102 97
@@ -131,7 +126,7 @@ void nft_fib4_eval(const struct nft_expr *expr, struct nft_regs *regs,
131 switch (res.type) { 126 switch (res.type) {
132 case RTN_UNICAST: 127 case RTN_UNICAST:
133 break; 128 break;
134 case RTN_LOCAL: /* should not appear here, see fib4_is_local() above */ 129 case RTN_LOCAL: /* Should not see RTN_LOCAL here */
135 return; 130 return;
136 default: 131 default:
137 break; 132 break;
diff --git a/net/ipv4/tcp_fastopen.c b/net/ipv4/tcp_fastopen.c
index f51919535ca7..dd2560c83a85 100644
--- a/net/ipv4/tcp_fastopen.c
+++ b/net/ipv4/tcp_fastopen.c
@@ -205,6 +205,7 @@ static struct sock *tcp_fastopen_create_child(struct sock *sk,
205 * scaled. So correct it appropriately. 205 * scaled. So correct it appropriately.
206 */ 206 */
207 tp->snd_wnd = ntohs(tcp_hdr(skb)->window); 207 tp->snd_wnd = ntohs(tcp_hdr(skb)->window);
208 tp->max_window = tp->snd_wnd;
208 209
209 /* Activate the retrans timer so that SYNACK can be retransmitted. 210 /* Activate the retrans timer so that SYNACK can be retransmitted.
210 * The request socket is not added to the ehash 211 * The request socket is not added to the ehash
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index 6c790754ae3e..41dcbd568cbe 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -5078,7 +5078,7 @@ static void tcp_check_space(struct sock *sk)
5078 if (sock_flag(sk, SOCK_QUEUE_SHRUNK)) { 5078 if (sock_flag(sk, SOCK_QUEUE_SHRUNK)) {
5079 sock_reset_flag(sk, SOCK_QUEUE_SHRUNK); 5079 sock_reset_flag(sk, SOCK_QUEUE_SHRUNK);
5080 /* pairs with tcp_poll() */ 5080 /* pairs with tcp_poll() */
5081 smp_mb__after_atomic(); 5081 smp_mb();
5082 if (sk->sk_socket && 5082 if (sk->sk_socket &&
5083 test_bit(SOCK_NOSPACE, &sk->sk_socket->flags)) { 5083 test_bit(SOCK_NOSPACE, &sk->sk_socket->flags)) {
5084 tcp_new_space(sk); 5084 tcp_new_space(sk);
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index c1e124bc8e1e..f60e88e56255 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -5540,8 +5540,7 @@ static void addrconf_disable_change(struct net *net, __s32 newf)
5540 struct net_device *dev; 5540 struct net_device *dev;
5541 struct inet6_dev *idev; 5541 struct inet6_dev *idev;
5542 5542
5543 rcu_read_lock(); 5543 for_each_netdev(net, dev) {
5544 for_each_netdev_rcu(net, dev) {
5545 idev = __in6_dev_get(dev); 5544 idev = __in6_dev_get(dev);
5546 if (idev) { 5545 if (idev) {
5547 int changed = (!idev->cnf.disable_ipv6) ^ (!newf); 5546 int changed = (!idev->cnf.disable_ipv6) ^ (!newf);
@@ -5550,7 +5549,6 @@ static void addrconf_disable_change(struct net *net, __s32 newf)
5550 dev_disable_change(idev); 5549 dev_disable_change(idev);
5551 } 5550 }
5552 } 5551 }
5553 rcu_read_unlock();
5554} 5552}
5555 5553
5556static int addrconf_disable_ipv6(struct ctl_table *table, int *p, int newf) 5554static int addrconf_disable_ipv6(struct ctl_table *table, int *p, int newf)
diff --git a/net/ipv6/ila/ila_lwt.c b/net/ipv6/ila/ila_lwt.c
index a7bc54ab46e2..13b5e85fe0d5 100644
--- a/net/ipv6/ila/ila_lwt.c
+++ b/net/ipv6/ila/ila_lwt.c
@@ -238,6 +238,7 @@ static const struct lwtunnel_encap_ops ila_encap_ops = {
238 .fill_encap = ila_fill_encap_info, 238 .fill_encap = ila_fill_encap_info,
239 .get_encap_size = ila_encap_nlsize, 239 .get_encap_size = ila_encap_nlsize,
240 .cmp_encap = ila_encap_cmp, 240 .cmp_encap = ila_encap_cmp,
241 .owner = THIS_MODULE,
241}; 242};
242 243
243int ila_lwt_init(void) 244int ila_lwt_init(void)
diff --git a/net/ipv6/inet6_connection_sock.c b/net/ipv6/inet6_connection_sock.c
index 7396e75e161b..75c308239243 100644
--- a/net/ipv6/inet6_connection_sock.c
+++ b/net/ipv6/inet6_connection_sock.c
@@ -176,7 +176,7 @@ int inet6_csk_xmit(struct sock *sk, struct sk_buff *skb, struct flowi *fl_unused
176 /* Restore final destination back after routing done */ 176 /* Restore final destination back after routing done */
177 fl6.daddr = sk->sk_v6_daddr; 177 fl6.daddr = sk->sk_v6_daddr;
178 178
179 res = ip6_xmit(sk, skb, &fl6, rcu_dereference(np->opt), 179 res = ip6_xmit(sk, skb, &fl6, sk->sk_mark, rcu_dereference(np->opt),
180 np->tclass); 180 np->tclass);
181 rcu_read_unlock(); 181 rcu_read_unlock();
182 return res; 182 return res;
diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c
index 75b6108234dd..558631860d91 100644
--- a/net/ipv6/ip6_gre.c
+++ b/net/ipv6/ip6_gre.c
@@ -582,6 +582,9 @@ static inline int ip6gre_xmit_ipv6(struct sk_buff *skb, struct net_device *dev)
582 return -1; 582 return -1;
583 583
584 offset = ip6_tnl_parse_tlv_enc_lim(skb, skb_network_header(skb)); 584 offset = ip6_tnl_parse_tlv_enc_lim(skb, skb_network_header(skb));
585 /* ip6_tnl_parse_tlv_enc_lim() might have reallocated skb->head */
586 ipv6h = ipv6_hdr(skb);
587
585 if (offset > 0) { 588 if (offset > 0) {
586 struct ipv6_tlv_tnl_enc_lim *tel; 589 struct ipv6_tlv_tnl_enc_lim *tel;
587 tel = (struct ipv6_tlv_tnl_enc_lim *)&skb_network_header(skb)[offset]; 590 tel = (struct ipv6_tlv_tnl_enc_lim *)&skb_network_header(skb)[offset];
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index 38122d04fadc..2c0df09e9036 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -172,7 +172,7 @@ int ip6_output(struct net *net, struct sock *sk, struct sk_buff *skb)
172 * which are using proper atomic operations or spinlocks. 172 * which are using proper atomic operations or spinlocks.
173 */ 173 */
174int ip6_xmit(const struct sock *sk, struct sk_buff *skb, struct flowi6 *fl6, 174int ip6_xmit(const struct sock *sk, struct sk_buff *skb, struct flowi6 *fl6,
175 struct ipv6_txoptions *opt, int tclass) 175 __u32 mark, struct ipv6_txoptions *opt, int tclass)
176{ 176{
177 struct net *net = sock_net(sk); 177 struct net *net = sock_net(sk);
178 const struct ipv6_pinfo *np = inet6_sk(sk); 178 const struct ipv6_pinfo *np = inet6_sk(sk);
@@ -240,7 +240,7 @@ int ip6_xmit(const struct sock *sk, struct sk_buff *skb, struct flowi6 *fl6,
240 240
241 skb->protocol = htons(ETH_P_IPV6); 241 skb->protocol = htons(ETH_P_IPV6);
242 skb->priority = sk->sk_priority; 242 skb->priority = sk->sk_priority;
243 skb->mark = sk->sk_mark; 243 skb->mark = mark;
244 244
245 mtu = dst_mtu(dst); 245 mtu = dst_mtu(dst);
246 if ((skb->len <= mtu) || skb->ignore_df || skb_is_gso(skb)) { 246 if ((skb->len <= mtu) || skb->ignore_df || skb_is_gso(skb)) {
diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
index 753d6d0860fb..ff8ee06491c3 100644
--- a/net/ipv6/ip6_tunnel.c
+++ b/net/ipv6/ip6_tunnel.c
@@ -400,18 +400,19 @@ ip6_tnl_dev_uninit(struct net_device *dev)
400 400
401__u16 ip6_tnl_parse_tlv_enc_lim(struct sk_buff *skb, __u8 *raw) 401__u16 ip6_tnl_parse_tlv_enc_lim(struct sk_buff *skb, __u8 *raw)
402{ 402{
403 const struct ipv6hdr *ipv6h = (const struct ipv6hdr *) raw; 403 const struct ipv6hdr *ipv6h = (const struct ipv6hdr *)raw;
404 __u8 nexthdr = ipv6h->nexthdr; 404 unsigned int nhoff = raw - skb->data;
405 __u16 off = sizeof(*ipv6h); 405 unsigned int off = nhoff + sizeof(*ipv6h);
406 u8 next, nexthdr = ipv6h->nexthdr;
406 407
407 while (ipv6_ext_hdr(nexthdr) && nexthdr != NEXTHDR_NONE) { 408 while (ipv6_ext_hdr(nexthdr) && nexthdr != NEXTHDR_NONE) {
408 __u16 optlen = 0;
409 struct ipv6_opt_hdr *hdr; 409 struct ipv6_opt_hdr *hdr;
410 if (raw + off + sizeof(*hdr) > skb->data && 410 u16 optlen;
411 !pskb_may_pull(skb, raw - skb->data + off + sizeof (*hdr))) 411
412 if (!pskb_may_pull(skb, off + sizeof(*hdr)))
412 break; 413 break;
413 414
414 hdr = (struct ipv6_opt_hdr *) (raw + off); 415 hdr = (struct ipv6_opt_hdr *)(skb->data + off);
415 if (nexthdr == NEXTHDR_FRAGMENT) { 416 if (nexthdr == NEXTHDR_FRAGMENT) {
416 struct frag_hdr *frag_hdr = (struct frag_hdr *) hdr; 417 struct frag_hdr *frag_hdr = (struct frag_hdr *) hdr;
417 if (frag_hdr->frag_off) 418 if (frag_hdr->frag_off)
@@ -422,20 +423,29 @@ __u16 ip6_tnl_parse_tlv_enc_lim(struct sk_buff *skb, __u8 *raw)
422 } else { 423 } else {
423 optlen = ipv6_optlen(hdr); 424 optlen = ipv6_optlen(hdr);
424 } 425 }
426 /* cache hdr->nexthdr, since pskb_may_pull() might
427 * invalidate hdr
428 */
429 next = hdr->nexthdr;
425 if (nexthdr == NEXTHDR_DEST) { 430 if (nexthdr == NEXTHDR_DEST) {
426 __u16 i = off + 2; 431 u16 i = 2;
432
433 /* Remember : hdr is no longer valid at this point. */
434 if (!pskb_may_pull(skb, off + optlen))
435 break;
436
427 while (1) { 437 while (1) {
428 struct ipv6_tlv_tnl_enc_lim *tel; 438 struct ipv6_tlv_tnl_enc_lim *tel;
429 439
430 /* No more room for encapsulation limit */ 440 /* No more room for encapsulation limit */
431 if (i + sizeof (*tel) > off + optlen) 441 if (i + sizeof(*tel) > optlen)
432 break; 442 break;
433 443
434 tel = (struct ipv6_tlv_tnl_enc_lim *) &raw[i]; 444 tel = (struct ipv6_tlv_tnl_enc_lim *) skb->data + off + i;
435 /* return index of option if found and valid */ 445 /* return index of option if found and valid */
436 if (tel->type == IPV6_TLV_TNL_ENCAP_LIMIT && 446 if (tel->type == IPV6_TLV_TNL_ENCAP_LIMIT &&
437 tel->length == 1) 447 tel->length == 1)
438 return i; 448 return i + off - nhoff;
439 /* else jump to next option */ 449 /* else jump to next option */
440 if (tel->type) 450 if (tel->type)
441 i += tel->length + 2; 451 i += tel->length + 2;
@@ -443,7 +453,7 @@ __u16 ip6_tnl_parse_tlv_enc_lim(struct sk_buff *skb, __u8 *raw)
443 i++; 453 i++;
444 } 454 }
445 } 455 }
446 nexthdr = hdr->nexthdr; 456 nexthdr = next;
447 off += optlen; 457 off += optlen;
448 } 458 }
449 return 0; 459 return 0;
@@ -1303,6 +1313,8 @@ ip6ip6_tnl_xmit(struct sk_buff *skb, struct net_device *dev)
1303 fl6.flowlabel = key->label; 1313 fl6.flowlabel = key->label;
1304 } else { 1314 } else {
1305 offset = ip6_tnl_parse_tlv_enc_lim(skb, skb_network_header(skb)); 1315 offset = ip6_tnl_parse_tlv_enc_lim(skb, skb_network_header(skb));
1316 /* ip6_tnl_parse_tlv_enc_lim() might have reallocated skb->head */
1317 ipv6h = ipv6_hdr(skb);
1306 if (offset > 0) { 1318 if (offset > 0) {
1307 struct ipv6_tlv_tnl_enc_lim *tel; 1319 struct ipv6_tlv_tnl_enc_lim *tel;
1308 1320
diff --git a/net/ipv6/netfilter/ip6t_rpfilter.c b/net/ipv6/netfilter/ip6t_rpfilter.c
index d5263dc364a9..b12e61b7b16c 100644
--- a/net/ipv6/netfilter/ip6t_rpfilter.c
+++ b/net/ipv6/netfilter/ip6t_rpfilter.c
@@ -72,10 +72,10 @@ static bool rpfilter_lookup_reverse6(struct net *net, const struct sk_buff *skb,
72 return ret; 72 return ret;
73} 73}
74 74
75static bool rpfilter_is_local(const struct sk_buff *skb) 75static bool
76rpfilter_is_loopback(const struct sk_buff *skb, const struct net_device *in)
76{ 77{
77 const struct rt6_info *rt = (const void *) skb_dst(skb); 78 return skb->pkt_type == PACKET_LOOPBACK || in->flags & IFF_LOOPBACK;
78 return rt && (rt->rt6i_flags & RTF_LOCAL);
79} 79}
80 80
81static bool rpfilter_mt(const struct sk_buff *skb, struct xt_action_param *par) 81static bool rpfilter_mt(const struct sk_buff *skb, struct xt_action_param *par)
@@ -85,7 +85,7 @@ static bool rpfilter_mt(const struct sk_buff *skb, struct xt_action_param *par)
85 struct ipv6hdr *iph; 85 struct ipv6hdr *iph;
86 bool invert = info->flags & XT_RPFILTER_INVERT; 86 bool invert = info->flags & XT_RPFILTER_INVERT;
87 87
88 if (rpfilter_is_local(skb)) 88 if (rpfilter_is_loopback(skb, xt_in(par)))
89 return true ^ invert; 89 return true ^ invert;
90 90
91 iph = ipv6_hdr(skb); 91 iph = ipv6_hdr(skb);
diff --git a/net/ipv6/netfilter/nf_reject_ipv6.c b/net/ipv6/netfilter/nf_reject_ipv6.c
index 10090400c72f..eedee5d108d9 100644
--- a/net/ipv6/netfilter/nf_reject_ipv6.c
+++ b/net/ipv6/netfilter/nf_reject_ipv6.c
@@ -157,6 +157,7 @@ void nf_send_reset6(struct net *net, struct sk_buff *oldskb, int hook)
157 fl6.fl6_sport = otcph->dest; 157 fl6.fl6_sport = otcph->dest;
158 fl6.fl6_dport = otcph->source; 158 fl6.fl6_dport = otcph->source;
159 fl6.flowi6_oif = l3mdev_master_ifindex(skb_dst(oldskb)->dev); 159 fl6.flowi6_oif = l3mdev_master_ifindex(skb_dst(oldskb)->dev);
160 fl6.flowi6_mark = IP6_REPLY_MARK(net, oldskb->mark);
160 security_skb_classify_flow(oldskb, flowi6_to_flowi(&fl6)); 161 security_skb_classify_flow(oldskb, flowi6_to_flowi(&fl6));
161 dst = ip6_route_output(net, NULL, &fl6); 162 dst = ip6_route_output(net, NULL, &fl6);
162 if (dst->error) { 163 if (dst->error) {
@@ -180,6 +181,8 @@ void nf_send_reset6(struct net *net, struct sk_buff *oldskb, int hook)
180 181
181 skb_dst_set(nskb, dst); 182 skb_dst_set(nskb, dst);
182 183
184 nskb->mark = fl6.flowi6_mark;
185
183 skb_reserve(nskb, hh_len + dst->header_len); 186 skb_reserve(nskb, hh_len + dst->header_len);
184 ip6h = nf_reject_ip6hdr_put(nskb, oldskb, IPPROTO_TCP, 187 ip6h = nf_reject_ip6hdr_put(nskb, oldskb, IPPROTO_TCP,
185 ip6_dst_hoplimit(dst)); 188 ip6_dst_hoplimit(dst));
diff --git a/net/ipv6/netfilter/nft_fib_ipv6.c b/net/ipv6/netfilter/nft_fib_ipv6.c
index c947aad8bcc6..765facf03d45 100644
--- a/net/ipv6/netfilter/nft_fib_ipv6.c
+++ b/net/ipv6/netfilter/nft_fib_ipv6.c
@@ -18,13 +18,6 @@
18#include <net/ip6_fib.h> 18#include <net/ip6_fib.h>
19#include <net/ip6_route.h> 19#include <net/ip6_route.h>
20 20
21static bool fib6_is_local(const struct sk_buff *skb)
22{
23 const struct rt6_info *rt = (const void *)skb_dst(skb);
24
25 return rt && (rt->rt6i_flags & RTF_LOCAL);
26}
27
28static int get_ifindex(const struct net_device *dev) 21static int get_ifindex(const struct net_device *dev)
29{ 22{
30 return dev ? dev->ifindex : 0; 23 return dev ? dev->ifindex : 0;
@@ -164,8 +157,10 @@ void nft_fib6_eval(const struct nft_expr *expr, struct nft_regs *regs,
164 157
165 lookup_flags = nft_fib6_flowi_init(&fl6, priv, pkt, oif); 158 lookup_flags = nft_fib6_flowi_init(&fl6, priv, pkt, oif);
166 159
167 if (nft_hook(pkt) == NF_INET_PRE_ROUTING && fib6_is_local(pkt->skb)) { 160 if (nft_hook(pkt) == NF_INET_PRE_ROUTING &&
168 nft_fib_store_result(dest, priv->result, pkt, LOOPBACK_IFINDEX); 161 nft_fib_is_loopback(pkt->skb, nft_in(pkt))) {
162 nft_fib_store_result(dest, priv->result, pkt,
163 nft_in(pkt)->ifindex);
169 return; 164 return;
170 } 165 }
171 166
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index 4f6b067c8753..7ea85370c11c 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -2896,6 +2896,11 @@ static int rtm_to_fib6_config(struct sk_buff *skb, struct nlmsghdr *nlh,
2896 if (tb[RTA_MULTIPATH]) { 2896 if (tb[RTA_MULTIPATH]) {
2897 cfg->fc_mp = nla_data(tb[RTA_MULTIPATH]); 2897 cfg->fc_mp = nla_data(tb[RTA_MULTIPATH]);
2898 cfg->fc_mp_len = nla_len(tb[RTA_MULTIPATH]); 2898 cfg->fc_mp_len = nla_len(tb[RTA_MULTIPATH]);
2899
2900 err = lwtunnel_valid_encap_type_attr(cfg->fc_mp,
2901 cfg->fc_mp_len);
2902 if (err < 0)
2903 goto errout;
2899 } 2904 }
2900 2905
2901 if (tb[RTA_PREF]) { 2906 if (tb[RTA_PREF]) {
@@ -2909,9 +2914,14 @@ static int rtm_to_fib6_config(struct sk_buff *skb, struct nlmsghdr *nlh,
2909 if (tb[RTA_ENCAP]) 2914 if (tb[RTA_ENCAP])
2910 cfg->fc_encap = tb[RTA_ENCAP]; 2915 cfg->fc_encap = tb[RTA_ENCAP];
2911 2916
2912 if (tb[RTA_ENCAP_TYPE]) 2917 if (tb[RTA_ENCAP_TYPE]) {
2913 cfg->fc_encap_type = nla_get_u16(tb[RTA_ENCAP_TYPE]); 2918 cfg->fc_encap_type = nla_get_u16(tb[RTA_ENCAP_TYPE]);
2914 2919
2920 err = lwtunnel_valid_encap_type(cfg->fc_encap_type);
2921 if (err < 0)
2922 goto errout;
2923 }
2924
2915 if (tb[RTA_EXPIRES]) { 2925 if (tb[RTA_EXPIRES]) {
2916 unsigned long timeout = addrconf_timeout_fixup(nla_get_u32(tb[RTA_EXPIRES]), HZ); 2926 unsigned long timeout = addrconf_timeout_fixup(nla_get_u32(tb[RTA_EXPIRES]), HZ);
2917 2927
diff --git a/net/ipv6/seg6.c b/net/ipv6/seg6.c
index b172d85c650a..a855eb325b03 100644
--- a/net/ipv6/seg6.c
+++ b/net/ipv6/seg6.c
@@ -176,6 +176,8 @@ static int seg6_genl_set_tunsrc(struct sk_buff *skb, struct genl_info *info)
176 176
177 val = nla_data(info->attrs[SEG6_ATTR_DST]); 177 val = nla_data(info->attrs[SEG6_ATTR_DST]);
178 t_new = kmemdup(val, sizeof(*val), GFP_KERNEL); 178 t_new = kmemdup(val, sizeof(*val), GFP_KERNEL);
179 if (!t_new)
180 return -ENOMEM;
179 181
180 mutex_lock(&sdata->lock); 182 mutex_lock(&sdata->lock);
181 183
diff --git a/net/ipv6/seg6_iptunnel.c b/net/ipv6/seg6_iptunnel.c
index 1d60cb132835..c46f8cbf5ab5 100644
--- a/net/ipv6/seg6_iptunnel.c
+++ b/net/ipv6/seg6_iptunnel.c
@@ -422,6 +422,7 @@ static const struct lwtunnel_encap_ops seg6_iptun_ops = {
422 .fill_encap = seg6_fill_encap_info, 422 .fill_encap = seg6_fill_encap_info,
423 .get_encap_size = seg6_encap_nlsize, 423 .get_encap_size = seg6_encap_nlsize,
424 .cmp_encap = seg6_encap_cmp, 424 .cmp_encap = seg6_encap_cmp,
425 .owner = THIS_MODULE,
425}; 426};
426 427
427int __init seg6_iptunnel_init(void) 428int __init seg6_iptunnel_init(void)
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index 73bc8fc68acd..cb8929681dc7 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -469,7 +469,7 @@ static int tcp_v6_send_synack(const struct sock *sk, struct dst_entry *dst,
469 opt = ireq->ipv6_opt; 469 opt = ireq->ipv6_opt;
470 if (!opt) 470 if (!opt)
471 opt = rcu_dereference(np->opt); 471 opt = rcu_dereference(np->opt);
472 err = ip6_xmit(sk, skb, fl6, opt, np->tclass); 472 err = ip6_xmit(sk, skb, fl6, sk->sk_mark, opt, np->tclass);
473 rcu_read_unlock(); 473 rcu_read_unlock();
474 err = net_xmit_eval(err); 474 err = net_xmit_eval(err);
475 } 475 }
@@ -840,7 +840,7 @@ static void tcp_v6_send_response(const struct sock *sk, struct sk_buff *skb, u32
840 dst = ip6_dst_lookup_flow(ctl_sk, &fl6, NULL); 840 dst = ip6_dst_lookup_flow(ctl_sk, &fl6, NULL);
841 if (!IS_ERR(dst)) { 841 if (!IS_ERR(dst)) {
842 skb_dst_set(buff, dst); 842 skb_dst_set(buff, dst);
843 ip6_xmit(ctl_sk, buff, &fl6, NULL, tclass); 843 ip6_xmit(ctl_sk, buff, &fl6, fl6.flowi6_mark, NULL, tclass);
844 TCP_INC_STATS(net, TCP_MIB_OUTSEGS); 844 TCP_INC_STATS(net, TCP_MIB_OUTSEGS);
845 if (rst) 845 if (rst)
846 TCP_INC_STATS(net, TCP_MIB_OUTRSTS); 846 TCP_INC_STATS(net, TCP_MIB_OUTRSTS);
diff --git a/net/mac80211/rate.c b/net/mac80211/rate.c
index 9e2641d45587..206698bc93f4 100644
--- a/net/mac80211/rate.c
+++ b/net/mac80211/rate.c
@@ -40,8 +40,6 @@ void rate_control_rate_init(struct sta_info *sta)
40 40
41 ieee80211_sta_set_rx_nss(sta); 41 ieee80211_sta_set_rx_nss(sta);
42 42
43 ieee80211_recalc_min_chandef(sta->sdata);
44
45 if (!ref) 43 if (!ref)
46 return; 44 return;
47 45
diff --git a/net/mpls/af_mpls.c b/net/mpls/af_mpls.c
index 15fe97644ffe..5b77377e5a15 100644
--- a/net/mpls/af_mpls.c
+++ b/net/mpls/af_mpls.c
@@ -98,18 +98,19 @@ bool mpls_pkt_too_big(const struct sk_buff *skb, unsigned int mtu)
98} 98}
99EXPORT_SYMBOL_GPL(mpls_pkt_too_big); 99EXPORT_SYMBOL_GPL(mpls_pkt_too_big);
100 100
101static u32 mpls_multipath_hash(struct mpls_route *rt, 101static u32 mpls_multipath_hash(struct mpls_route *rt, struct sk_buff *skb)
102 struct sk_buff *skb, bool bos)
103{ 102{
104 struct mpls_entry_decoded dec; 103 struct mpls_entry_decoded dec;
104 unsigned int mpls_hdr_len = 0;
105 struct mpls_shim_hdr *hdr; 105 struct mpls_shim_hdr *hdr;
106 bool eli_seen = false; 106 bool eli_seen = false;
107 int label_index; 107 int label_index;
108 u32 hash = 0; 108 u32 hash = 0;
109 109
110 for (label_index = 0; label_index < MAX_MP_SELECT_LABELS && !bos; 110 for (label_index = 0; label_index < MAX_MP_SELECT_LABELS;
111 label_index++) { 111 label_index++) {
112 if (!pskb_may_pull(skb, sizeof(*hdr) * label_index)) 112 mpls_hdr_len += sizeof(*hdr);
113 if (!pskb_may_pull(skb, mpls_hdr_len))
113 break; 114 break;
114 115
115 /* Read and decode the current label */ 116 /* Read and decode the current label */
@@ -134,37 +135,38 @@ static u32 mpls_multipath_hash(struct mpls_route *rt,
134 eli_seen = true; 135 eli_seen = true;
135 } 136 }
136 137
137 bos = dec.bos; 138 if (!dec.bos)
138 if (bos && pskb_may_pull(skb, sizeof(*hdr) * label_index + 139 continue;
139 sizeof(struct iphdr))) { 140
141 /* found bottom label; does skb have room for a header? */
142 if (pskb_may_pull(skb, mpls_hdr_len + sizeof(struct iphdr))) {
140 const struct iphdr *v4hdr; 143 const struct iphdr *v4hdr;
141 144
142 v4hdr = (const struct iphdr *)(mpls_hdr(skb) + 145 v4hdr = (const struct iphdr *)(hdr + 1);
143 label_index);
144 if (v4hdr->version == 4) { 146 if (v4hdr->version == 4) {
145 hash = jhash_3words(ntohl(v4hdr->saddr), 147 hash = jhash_3words(ntohl(v4hdr->saddr),
146 ntohl(v4hdr->daddr), 148 ntohl(v4hdr->daddr),
147 v4hdr->protocol, hash); 149 v4hdr->protocol, hash);
148 } else if (v4hdr->version == 6 && 150 } else if (v4hdr->version == 6 &&
149 pskb_may_pull(skb, sizeof(*hdr) * label_index + 151 pskb_may_pull(skb, mpls_hdr_len +
150 sizeof(struct ipv6hdr))) { 152 sizeof(struct ipv6hdr))) {
151 const struct ipv6hdr *v6hdr; 153 const struct ipv6hdr *v6hdr;
152 154
153 v6hdr = (const struct ipv6hdr *)(mpls_hdr(skb) + 155 v6hdr = (const struct ipv6hdr *)(hdr + 1);
154 label_index);
155
156 hash = __ipv6_addr_jhash(&v6hdr->saddr, hash); 156 hash = __ipv6_addr_jhash(&v6hdr->saddr, hash);
157 hash = __ipv6_addr_jhash(&v6hdr->daddr, hash); 157 hash = __ipv6_addr_jhash(&v6hdr->daddr, hash);
158 hash = jhash_1word(v6hdr->nexthdr, hash); 158 hash = jhash_1word(v6hdr->nexthdr, hash);
159 } 159 }
160 } 160 }
161
162 break;
161 } 163 }
162 164
163 return hash; 165 return hash;
164} 166}
165 167
166static struct mpls_nh *mpls_select_multipath(struct mpls_route *rt, 168static struct mpls_nh *mpls_select_multipath(struct mpls_route *rt,
167 struct sk_buff *skb, bool bos) 169 struct sk_buff *skb)
168{ 170{
169 int alive = ACCESS_ONCE(rt->rt_nhn_alive); 171 int alive = ACCESS_ONCE(rt->rt_nhn_alive);
170 u32 hash = 0; 172 u32 hash = 0;
@@ -180,7 +182,7 @@ static struct mpls_nh *mpls_select_multipath(struct mpls_route *rt,
180 if (alive <= 0) 182 if (alive <= 0)
181 return NULL; 183 return NULL;
182 184
183 hash = mpls_multipath_hash(rt, skb, bos); 185 hash = mpls_multipath_hash(rt, skb);
184 nh_index = hash % alive; 186 nh_index = hash % alive;
185 if (alive == rt->rt_nhn) 187 if (alive == rt->rt_nhn)
186 goto out; 188 goto out;
@@ -278,17 +280,11 @@ static int mpls_forward(struct sk_buff *skb, struct net_device *dev,
278 hdr = mpls_hdr(skb); 280 hdr = mpls_hdr(skb);
279 dec = mpls_entry_decode(hdr); 281 dec = mpls_entry_decode(hdr);
280 282
281 /* Pop the label */
282 skb_pull(skb, sizeof(*hdr));
283 skb_reset_network_header(skb);
284
285 skb_orphan(skb);
286
287 rt = mpls_route_input_rcu(net, dec.label); 283 rt = mpls_route_input_rcu(net, dec.label);
288 if (!rt) 284 if (!rt)
289 goto drop; 285 goto drop;
290 286
291 nh = mpls_select_multipath(rt, skb, dec.bos); 287 nh = mpls_select_multipath(rt, skb);
292 if (!nh) 288 if (!nh)
293 goto drop; 289 goto drop;
294 290
@@ -297,6 +293,12 @@ static int mpls_forward(struct sk_buff *skb, struct net_device *dev,
297 if (!mpls_output_possible(out_dev)) 293 if (!mpls_output_possible(out_dev))
298 goto drop; 294 goto drop;
299 295
296 /* Pop the label */
297 skb_pull(skb, sizeof(*hdr));
298 skb_reset_network_header(skb);
299
300 skb_orphan(skb);
301
300 if (skb_warn_if_lro(skb)) 302 if (skb_warn_if_lro(skb))
301 goto drop; 303 goto drop;
302 304
diff --git a/net/mpls/mpls_iptunnel.c b/net/mpls/mpls_iptunnel.c
index 2f7ccd934416..1d281c1ff7c1 100644
--- a/net/mpls/mpls_iptunnel.c
+++ b/net/mpls/mpls_iptunnel.c
@@ -215,6 +215,7 @@ static const struct lwtunnel_encap_ops mpls_iptun_ops = {
215 .fill_encap = mpls_fill_encap_info, 215 .fill_encap = mpls_fill_encap_info,
216 .get_encap_size = mpls_encap_nlsize, 216 .get_encap_size = mpls_encap_nlsize,
217 .cmp_encap = mpls_encap_cmp, 217 .cmp_encap = mpls_encap_cmp,
218 .owner = THIS_MODULE,
218}; 219};
219 220
220static int __init mpls_iptunnel_init(void) 221static int __init mpls_iptunnel_init(void)
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index 63729b489c2c..bbc45f8a7b2d 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -494,7 +494,7 @@ config NFT_CT
494 depends on NF_CONNTRACK 494 depends on NF_CONNTRACK
495 tristate "Netfilter nf_tables conntrack module" 495 tristate "Netfilter nf_tables conntrack module"
496 help 496 help
497 This option adds the "meta" expression that you can use to match 497 This option adds the "ct" expression that you can use to match
498 connection tracking information such as the flow state. 498 connection tracking information such as the flow state.
499 499
500config NFT_SET_RBTREE 500config NFT_SET_RBTREE
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 3a073cd9fcf4..4e8083c5e01d 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -85,11 +85,11 @@ static __read_mostly DEFINE_SPINLOCK(nf_conntrack_locks_all_lock);
85static __read_mostly bool nf_conntrack_locks_all; 85static __read_mostly bool nf_conntrack_locks_all;
86 86
87/* every gc cycle scans at most 1/GC_MAX_BUCKETS_DIV part of table */ 87/* every gc cycle scans at most 1/GC_MAX_BUCKETS_DIV part of table */
88#define GC_MAX_BUCKETS_DIV 64u 88#define GC_MAX_BUCKETS_DIV 128u
89/* upper bound of scan intervals */ 89/* upper bound of full table scan */
90#define GC_INTERVAL_MAX (2 * HZ) 90#define GC_MAX_SCAN_JIFFIES (16u * HZ)
91/* maximum conntracks to evict per gc run */ 91/* desired ratio of entries found to be expired */
92#define GC_MAX_EVICTS 256u 92#define GC_EVICT_RATIO 50u
93 93
94static struct conntrack_gc_work conntrack_gc_work; 94static struct conntrack_gc_work conntrack_gc_work;
95 95
@@ -938,6 +938,7 @@ static noinline int early_drop(struct net *net, unsigned int _hash)
938 938
939static void gc_worker(struct work_struct *work) 939static void gc_worker(struct work_struct *work)
940{ 940{
941 unsigned int min_interval = max(HZ / GC_MAX_BUCKETS_DIV, 1u);
941 unsigned int i, goal, buckets = 0, expired_count = 0; 942 unsigned int i, goal, buckets = 0, expired_count = 0;
942 struct conntrack_gc_work *gc_work; 943 struct conntrack_gc_work *gc_work;
943 unsigned int ratio, scanned = 0; 944 unsigned int ratio, scanned = 0;
@@ -979,8 +980,7 @@ static void gc_worker(struct work_struct *work)
979 */ 980 */
980 rcu_read_unlock(); 981 rcu_read_unlock();
981 cond_resched_rcu_qs(); 982 cond_resched_rcu_qs();
982 } while (++buckets < goal && 983 } while (++buckets < goal);
983 expired_count < GC_MAX_EVICTS);
984 984
985 if (gc_work->exiting) 985 if (gc_work->exiting)
986 return; 986 return;
@@ -997,27 +997,25 @@ static void gc_worker(struct work_struct *work)
997 * 1. Minimize time until we notice a stale entry 997 * 1. Minimize time until we notice a stale entry
998 * 2. Maximize scan intervals to not waste cycles 998 * 2. Maximize scan intervals to not waste cycles
999 * 999 *
1000 * Normally, expired_count will be 0, this increases the next_run time 1000 * Normally, expire ratio will be close to 0.
1001 * to priorize 2) above.
1002 * 1001 *
1003 * As soon as a timed-out entry is found, move towards 1) and increase 1002 * As soon as a sizeable fraction of the entries have expired
1004 * the scan frequency. 1003 * increase scan frequency.
1005 * In case we have lots of evictions next scan is done immediately.
1006 */ 1004 */
1007 ratio = scanned ? expired_count * 100 / scanned : 0; 1005 ratio = scanned ? expired_count * 100 / scanned : 0;
1008 if (ratio >= 90 || expired_count == GC_MAX_EVICTS) { 1006 if (ratio > GC_EVICT_RATIO) {
1009 gc_work->next_gc_run = 0; 1007 gc_work->next_gc_run = min_interval;
1010 next_run = 0;
1011 } else if (expired_count) {
1012 gc_work->next_gc_run /= 2U;
1013 next_run = msecs_to_jiffies(1);
1014 } else { 1008 } else {
1015 if (gc_work->next_gc_run < GC_INTERVAL_MAX) 1009 unsigned int max = GC_MAX_SCAN_JIFFIES / GC_MAX_BUCKETS_DIV;
1016 gc_work->next_gc_run += msecs_to_jiffies(1);
1017 1010
1018 next_run = gc_work->next_gc_run; 1011 BUILD_BUG_ON((GC_MAX_SCAN_JIFFIES / GC_MAX_BUCKETS_DIV) == 0);
1012
1013 gc_work->next_gc_run += min_interval;
1014 if (gc_work->next_gc_run > max)
1015 gc_work->next_gc_run = max;
1019 } 1016 }
1020 1017
1018 next_run = gc_work->next_gc_run;
1021 gc_work->last_bucket = i; 1019 gc_work->last_bucket = i;
1022 queue_delayed_work(system_long_wq, &gc_work->dwork, next_run); 1020 queue_delayed_work(system_long_wq, &gc_work->dwork, next_run);
1023} 1021}
@@ -1025,7 +1023,7 @@ static void gc_worker(struct work_struct *work)
1025static void conntrack_gc_work_init(struct conntrack_gc_work *gc_work) 1023static void conntrack_gc_work_init(struct conntrack_gc_work *gc_work)
1026{ 1024{
1027 INIT_DELAYED_WORK(&gc_work->dwork, gc_worker); 1025 INIT_DELAYED_WORK(&gc_work->dwork, gc_worker);
1028 gc_work->next_gc_run = GC_INTERVAL_MAX; 1026 gc_work->next_gc_run = HZ;
1029 gc_work->exiting = false; 1027 gc_work->exiting = false;
1030} 1028}
1031 1029
@@ -1917,7 +1915,7 @@ int nf_conntrack_init_start(void)
1917 nf_ct_untracked_status_or(IPS_CONFIRMED | IPS_UNTRACKED); 1915 nf_ct_untracked_status_or(IPS_CONFIRMED | IPS_UNTRACKED);
1918 1916
1919 conntrack_gc_work_init(&conntrack_gc_work); 1917 conntrack_gc_work_init(&conntrack_gc_work);
1920 queue_delayed_work(system_long_wq, &conntrack_gc_work.dwork, GC_INTERVAL_MAX); 1918 queue_delayed_work(system_long_wq, &conntrack_gc_work.dwork, HZ);
1921 1919
1922 return 0; 1920 return 0;
1923 1921
diff --git a/net/netfilter/nf_log.c b/net/netfilter/nf_log.c
index 3dca90dc24ad..ffb9e8ada899 100644
--- a/net/netfilter/nf_log.c
+++ b/net/netfilter/nf_log.c
@@ -13,7 +13,6 @@
13/* Internal logging interface, which relies on the real 13/* Internal logging interface, which relies on the real
14 LOG target modules */ 14 LOG target modules */
15 15
16#define NF_LOG_PREFIXLEN 128
17#define NFLOGGER_NAME_LEN 64 16#define NFLOGGER_NAME_LEN 64
18 17
19static struct nf_logger __rcu *loggers[NFPROTO_NUMPROTO][NF_LOG_TYPE_MAX] __read_mostly; 18static struct nf_logger __rcu *loggers[NFPROTO_NUMPROTO][NF_LOG_TYPE_MAX] __read_mostly;
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 0db5f9782265..1b913760f205 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -928,7 +928,8 @@ static struct nft_chain *nf_tables_chain_lookup(const struct nft_table *table,
928} 928}
929 929
930static const struct nla_policy nft_chain_policy[NFTA_CHAIN_MAX + 1] = { 930static const struct nla_policy nft_chain_policy[NFTA_CHAIN_MAX + 1] = {
931 [NFTA_CHAIN_TABLE] = { .type = NLA_STRING }, 931 [NFTA_CHAIN_TABLE] = { .type = NLA_STRING,
932 .len = NFT_TABLE_MAXNAMELEN - 1 },
932 [NFTA_CHAIN_HANDLE] = { .type = NLA_U64 }, 933 [NFTA_CHAIN_HANDLE] = { .type = NLA_U64 },
933 [NFTA_CHAIN_NAME] = { .type = NLA_STRING, 934 [NFTA_CHAIN_NAME] = { .type = NLA_STRING,
934 .len = NFT_CHAIN_MAXNAMELEN - 1 }, 935 .len = NFT_CHAIN_MAXNAMELEN - 1 },
@@ -1854,7 +1855,8 @@ static struct nft_rule *nf_tables_rule_lookup(const struct nft_chain *chain,
1854} 1855}
1855 1856
1856static const struct nla_policy nft_rule_policy[NFTA_RULE_MAX + 1] = { 1857static const struct nla_policy nft_rule_policy[NFTA_RULE_MAX + 1] = {
1857 [NFTA_RULE_TABLE] = { .type = NLA_STRING }, 1858 [NFTA_RULE_TABLE] = { .type = NLA_STRING,
1859 .len = NFT_TABLE_MAXNAMELEN - 1 },
1858 [NFTA_RULE_CHAIN] = { .type = NLA_STRING, 1860 [NFTA_RULE_CHAIN] = { .type = NLA_STRING,
1859 .len = NFT_CHAIN_MAXNAMELEN - 1 }, 1861 .len = NFT_CHAIN_MAXNAMELEN - 1 },
1860 [NFTA_RULE_HANDLE] = { .type = NLA_U64 }, 1862 [NFTA_RULE_HANDLE] = { .type = NLA_U64 },
@@ -2443,7 +2445,8 @@ nft_select_set_ops(const struct nlattr * const nla[],
2443} 2445}
2444 2446
2445static const struct nla_policy nft_set_policy[NFTA_SET_MAX + 1] = { 2447static const struct nla_policy nft_set_policy[NFTA_SET_MAX + 1] = {
2446 [NFTA_SET_TABLE] = { .type = NLA_STRING }, 2448 [NFTA_SET_TABLE] = { .type = NLA_STRING,
2449 .len = NFT_TABLE_MAXNAMELEN - 1 },
2447 [NFTA_SET_NAME] = { .type = NLA_STRING, 2450 [NFTA_SET_NAME] = { .type = NLA_STRING,
2448 .len = NFT_SET_MAXNAMELEN - 1 }, 2451 .len = NFT_SET_MAXNAMELEN - 1 },
2449 [NFTA_SET_FLAGS] = { .type = NLA_U32 }, 2452 [NFTA_SET_FLAGS] = { .type = NLA_U32 },
@@ -3084,9 +3087,9 @@ static int nf_tables_delset(struct net *net, struct sock *nlsk,
3084} 3087}
3085 3088
3086static int nf_tables_bind_check_setelem(const struct nft_ctx *ctx, 3089static int nf_tables_bind_check_setelem(const struct nft_ctx *ctx,
3087 const struct nft_set *set, 3090 struct nft_set *set,
3088 const struct nft_set_iter *iter, 3091 const struct nft_set_iter *iter,
3089 const struct nft_set_elem *elem) 3092 struct nft_set_elem *elem)
3090{ 3093{
3091 const struct nft_set_ext *ext = nft_set_elem_ext(set, elem->priv); 3094 const struct nft_set_ext *ext = nft_set_elem_ext(set, elem->priv);
3092 enum nft_registers dreg; 3095 enum nft_registers dreg;
@@ -3192,8 +3195,10 @@ static const struct nla_policy nft_set_elem_policy[NFTA_SET_ELEM_MAX + 1] = {
3192}; 3195};
3193 3196
3194static const struct nla_policy nft_set_elem_list_policy[NFTA_SET_ELEM_LIST_MAX + 1] = { 3197static const struct nla_policy nft_set_elem_list_policy[NFTA_SET_ELEM_LIST_MAX + 1] = {
3195 [NFTA_SET_ELEM_LIST_TABLE] = { .type = NLA_STRING }, 3198 [NFTA_SET_ELEM_LIST_TABLE] = { .type = NLA_STRING,
3196 [NFTA_SET_ELEM_LIST_SET] = { .type = NLA_STRING }, 3199 .len = NFT_TABLE_MAXNAMELEN - 1 },
3200 [NFTA_SET_ELEM_LIST_SET] = { .type = NLA_STRING,
3201 .len = NFT_SET_MAXNAMELEN - 1 },
3197 [NFTA_SET_ELEM_LIST_ELEMENTS] = { .type = NLA_NESTED }, 3202 [NFTA_SET_ELEM_LIST_ELEMENTS] = { .type = NLA_NESTED },
3198 [NFTA_SET_ELEM_LIST_SET_ID] = { .type = NLA_U32 }, 3203 [NFTA_SET_ELEM_LIST_SET_ID] = { .type = NLA_U32 },
3199}; 3204};
@@ -3303,9 +3308,9 @@ struct nft_set_dump_args {
3303}; 3308};
3304 3309
3305static int nf_tables_dump_setelem(const struct nft_ctx *ctx, 3310static int nf_tables_dump_setelem(const struct nft_ctx *ctx,
3306 const struct nft_set *set, 3311 struct nft_set *set,
3307 const struct nft_set_iter *iter, 3312 const struct nft_set_iter *iter,
3308 const struct nft_set_elem *elem) 3313 struct nft_set_elem *elem)
3309{ 3314{
3310 struct nft_set_dump_args *args; 3315 struct nft_set_dump_args *args;
3311 3316
@@ -3317,7 +3322,7 @@ static int nf_tables_dump_set(struct sk_buff *skb, struct netlink_callback *cb)
3317{ 3322{
3318 struct net *net = sock_net(skb->sk); 3323 struct net *net = sock_net(skb->sk);
3319 u8 genmask = nft_genmask_cur(net); 3324 u8 genmask = nft_genmask_cur(net);
3320 const struct nft_set *set; 3325 struct nft_set *set;
3321 struct nft_set_dump_args args; 3326 struct nft_set_dump_args args;
3322 struct nft_ctx ctx; 3327 struct nft_ctx ctx;
3323 struct nlattr *nla[NFTA_SET_ELEM_LIST_MAX + 1]; 3328 struct nlattr *nla[NFTA_SET_ELEM_LIST_MAX + 1];
@@ -3740,10 +3745,18 @@ static int nft_add_set_elem(struct nft_ctx *ctx, struct nft_set *set,
3740 goto err5; 3745 goto err5;
3741 } 3746 }
3742 3747
3748 if (set->size &&
3749 !atomic_add_unless(&set->nelems, 1, set->size + set->ndeact)) {
3750 err = -ENFILE;
3751 goto err6;
3752 }
3753
3743 nft_trans_elem(trans) = elem; 3754 nft_trans_elem(trans) = elem;
3744 list_add_tail(&trans->list, &ctx->net->nft.commit_list); 3755 list_add_tail(&trans->list, &ctx->net->nft.commit_list);
3745 return 0; 3756 return 0;
3746 3757
3758err6:
3759 set->ops->remove(set, &elem);
3747err5: 3760err5:
3748 kfree(trans); 3761 kfree(trans);
3749err4: 3762err4:
@@ -3790,15 +3803,9 @@ static int nf_tables_newsetelem(struct net *net, struct sock *nlsk,
3790 return -EBUSY; 3803 return -EBUSY;
3791 3804
3792 nla_for_each_nested(attr, nla[NFTA_SET_ELEM_LIST_ELEMENTS], rem) { 3805 nla_for_each_nested(attr, nla[NFTA_SET_ELEM_LIST_ELEMENTS], rem) {
3793 if (set->size &&
3794 !atomic_add_unless(&set->nelems, 1, set->size + set->ndeact))
3795 return -ENFILE;
3796
3797 err = nft_add_set_elem(&ctx, set, attr, nlh->nlmsg_flags); 3806 err = nft_add_set_elem(&ctx, set, attr, nlh->nlmsg_flags);
3798 if (err < 0) { 3807 if (err < 0)
3799 atomic_dec(&set->nelems);
3800 break; 3808 break;
3801 }
3802 } 3809 }
3803 return err; 3810 return err;
3804} 3811}
@@ -3883,9 +3890,9 @@ err1:
3883} 3890}
3884 3891
3885static int nft_flush_set(const struct nft_ctx *ctx, 3892static int nft_flush_set(const struct nft_ctx *ctx,
3886 const struct nft_set *set, 3893 struct nft_set *set,
3887 const struct nft_set_iter *iter, 3894 const struct nft_set_iter *iter,
3888 const struct nft_set_elem *elem) 3895 struct nft_set_elem *elem)
3889{ 3896{
3890 struct nft_trans *trans; 3897 struct nft_trans *trans;
3891 int err; 3898 int err;
@@ -3899,9 +3906,10 @@ static int nft_flush_set(const struct nft_ctx *ctx,
3899 err = -ENOENT; 3906 err = -ENOENT;
3900 goto err1; 3907 goto err1;
3901 } 3908 }
3909 set->ndeact++;
3902 3910
3903 nft_trans_elem_set(trans) = (struct nft_set *)set; 3911 nft_trans_elem_set(trans) = set;
3904 nft_trans_elem(trans) = *((struct nft_set_elem *)elem); 3912 nft_trans_elem(trans) = *elem;
3905 list_add_tail(&trans->list, &ctx->net->nft.commit_list); 3913 list_add_tail(&trans->list, &ctx->net->nft.commit_list);
3906 3914
3907 return 0; 3915 return 0;
@@ -4032,8 +4040,10 @@ struct nft_object *nf_tables_obj_lookup(const struct nft_table *table,
4032EXPORT_SYMBOL_GPL(nf_tables_obj_lookup); 4040EXPORT_SYMBOL_GPL(nf_tables_obj_lookup);
4033 4041
4034static const struct nla_policy nft_obj_policy[NFTA_OBJ_MAX + 1] = { 4042static const struct nla_policy nft_obj_policy[NFTA_OBJ_MAX + 1] = {
4035 [NFTA_OBJ_TABLE] = { .type = NLA_STRING }, 4043 [NFTA_OBJ_TABLE] = { .type = NLA_STRING,
4036 [NFTA_OBJ_NAME] = { .type = NLA_STRING }, 4044 .len = NFT_TABLE_MAXNAMELEN - 1 },
4045 [NFTA_OBJ_NAME] = { .type = NLA_STRING,
4046 .len = NFT_OBJ_MAXNAMELEN - 1 },
4037 [NFTA_OBJ_TYPE] = { .type = NLA_U32 }, 4047 [NFTA_OBJ_TYPE] = { .type = NLA_U32 },
4038 [NFTA_OBJ_DATA] = { .type = NLA_NESTED }, 4048 [NFTA_OBJ_DATA] = { .type = NLA_NESTED },
4039}; 4049};
@@ -4262,10 +4272,11 @@ static int nf_tables_dump_obj(struct sk_buff *skb, struct netlink_callback *cb)
4262 if (idx > s_idx) 4272 if (idx > s_idx)
4263 memset(&cb->args[1], 0, 4273 memset(&cb->args[1], 0,
4264 sizeof(cb->args) - sizeof(cb->args[0])); 4274 sizeof(cb->args) - sizeof(cb->args[0]));
4265 if (filter->table[0] && 4275 if (filter && filter->table[0] &&
4266 strcmp(filter->table, table->name)) 4276 strcmp(filter->table, table->name))
4267 goto cont; 4277 goto cont;
4268 if (filter->type != NFT_OBJECT_UNSPEC && 4278 if (filter &&
4279 filter->type != NFT_OBJECT_UNSPEC &&
4269 obj->type->type != filter->type) 4280 obj->type->type != filter->type)
4270 goto cont; 4281 goto cont;
4271 4282
@@ -5009,9 +5020,9 @@ static int nf_tables_check_loops(const struct nft_ctx *ctx,
5009 const struct nft_chain *chain); 5020 const struct nft_chain *chain);
5010 5021
5011static int nf_tables_loop_check_setelem(const struct nft_ctx *ctx, 5022static int nf_tables_loop_check_setelem(const struct nft_ctx *ctx,
5012 const struct nft_set *set, 5023 struct nft_set *set,
5013 const struct nft_set_iter *iter, 5024 const struct nft_set_iter *iter,
5014 const struct nft_set_elem *elem) 5025 struct nft_set_elem *elem)
5015{ 5026{
5016 const struct nft_set_ext *ext = nft_set_elem_ext(set, elem->priv); 5027 const struct nft_set_ext *ext = nft_set_elem_ext(set, elem->priv);
5017 const struct nft_data *data; 5028 const struct nft_data *data;
@@ -5035,7 +5046,7 @@ static int nf_tables_check_loops(const struct nft_ctx *ctx,
5035{ 5046{
5036 const struct nft_rule *rule; 5047 const struct nft_rule *rule;
5037 const struct nft_expr *expr, *last; 5048 const struct nft_expr *expr, *last;
5038 const struct nft_set *set; 5049 struct nft_set *set;
5039 struct nft_set_binding *binding; 5050 struct nft_set_binding *binding;
5040 struct nft_set_iter iter; 5051 struct nft_set_iter iter;
5041 5052
diff --git a/net/netfilter/nft_dynset.c b/net/netfilter/nft_dynset.c
index 7de2f46734a4..049ad2d9ee66 100644
--- a/net/netfilter/nft_dynset.c
+++ b/net/netfilter/nft_dynset.c
@@ -98,7 +98,8 @@ out:
98} 98}
99 99
100static const struct nla_policy nft_dynset_policy[NFTA_DYNSET_MAX + 1] = { 100static const struct nla_policy nft_dynset_policy[NFTA_DYNSET_MAX + 1] = {
101 [NFTA_DYNSET_SET_NAME] = { .type = NLA_STRING }, 101 [NFTA_DYNSET_SET_NAME] = { .type = NLA_STRING,
102 .len = NFT_SET_MAXNAMELEN - 1 },
102 [NFTA_DYNSET_SET_ID] = { .type = NLA_U32 }, 103 [NFTA_DYNSET_SET_ID] = { .type = NLA_U32 },
103 [NFTA_DYNSET_OP] = { .type = NLA_U32 }, 104 [NFTA_DYNSET_OP] = { .type = NLA_U32 },
104 [NFTA_DYNSET_SREG_KEY] = { .type = NLA_U32 }, 105 [NFTA_DYNSET_SREG_KEY] = { .type = NLA_U32 },
diff --git a/net/netfilter/nft_log.c b/net/netfilter/nft_log.c
index 6271e40a3dd6..6f6e64423643 100644
--- a/net/netfilter/nft_log.c
+++ b/net/netfilter/nft_log.c
@@ -39,7 +39,8 @@ static void nft_log_eval(const struct nft_expr *expr,
39 39
40static const struct nla_policy nft_log_policy[NFTA_LOG_MAX + 1] = { 40static const struct nla_policy nft_log_policy[NFTA_LOG_MAX + 1] = {
41 [NFTA_LOG_GROUP] = { .type = NLA_U16 }, 41 [NFTA_LOG_GROUP] = { .type = NLA_U16 },
42 [NFTA_LOG_PREFIX] = { .type = NLA_STRING }, 42 [NFTA_LOG_PREFIX] = { .type = NLA_STRING,
43 .len = NF_LOG_PREFIXLEN - 1 },
43 [NFTA_LOG_SNAPLEN] = { .type = NLA_U32 }, 44 [NFTA_LOG_SNAPLEN] = { .type = NLA_U32 },
44 [NFTA_LOG_QTHRESHOLD] = { .type = NLA_U16 }, 45 [NFTA_LOG_QTHRESHOLD] = { .type = NLA_U16 },
45 [NFTA_LOG_LEVEL] = { .type = NLA_U32 }, 46 [NFTA_LOG_LEVEL] = { .type = NLA_U32 },
diff --git a/net/netfilter/nft_lookup.c b/net/netfilter/nft_lookup.c
index d4f97fa7e21d..e21aea7e5ec8 100644
--- a/net/netfilter/nft_lookup.c
+++ b/net/netfilter/nft_lookup.c
@@ -49,7 +49,8 @@ static void nft_lookup_eval(const struct nft_expr *expr,
49} 49}
50 50
51static const struct nla_policy nft_lookup_policy[NFTA_LOOKUP_MAX + 1] = { 51static const struct nla_policy nft_lookup_policy[NFTA_LOOKUP_MAX + 1] = {
52 [NFTA_LOOKUP_SET] = { .type = NLA_STRING }, 52 [NFTA_LOOKUP_SET] = { .type = NLA_STRING,
53 .len = NFT_SET_MAXNAMELEN - 1 },
53 [NFTA_LOOKUP_SET_ID] = { .type = NLA_U32 }, 54 [NFTA_LOOKUP_SET_ID] = { .type = NLA_U32 },
54 [NFTA_LOOKUP_SREG] = { .type = NLA_U32 }, 55 [NFTA_LOOKUP_SREG] = { .type = NLA_U32 },
55 [NFTA_LOOKUP_DREG] = { .type = NLA_U32 }, 56 [NFTA_LOOKUP_DREG] = { .type = NLA_U32 },
diff --git a/net/netfilter/nft_objref.c b/net/netfilter/nft_objref.c
index 415a65ba2b85..1ae8c49ca4a1 100644
--- a/net/netfilter/nft_objref.c
+++ b/net/netfilter/nft_objref.c
@@ -193,10 +193,12 @@ nft_objref_select_ops(const struct nft_ctx *ctx,
193} 193}
194 194
195static const struct nla_policy nft_objref_policy[NFTA_OBJREF_MAX + 1] = { 195static const struct nla_policy nft_objref_policy[NFTA_OBJREF_MAX + 1] = {
196 [NFTA_OBJREF_IMM_NAME] = { .type = NLA_STRING }, 196 [NFTA_OBJREF_IMM_NAME] = { .type = NLA_STRING,
197 .len = NFT_OBJ_MAXNAMELEN - 1 },
197 [NFTA_OBJREF_IMM_TYPE] = { .type = NLA_U32 }, 198 [NFTA_OBJREF_IMM_TYPE] = { .type = NLA_U32 },
198 [NFTA_OBJREF_SET_SREG] = { .type = NLA_U32 }, 199 [NFTA_OBJREF_SET_SREG] = { .type = NLA_U32 },
199 [NFTA_OBJREF_SET_NAME] = { .type = NLA_STRING }, 200 [NFTA_OBJREF_SET_NAME] = { .type = NLA_STRING,
201 .len = NFT_SET_MAXNAMELEN - 1 },
200 [NFTA_OBJREF_SET_ID] = { .type = NLA_U32 }, 202 [NFTA_OBJREF_SET_ID] = { .type = NLA_U32 },
201}; 203};
202 204
diff --git a/net/netfilter/nft_set_hash.c b/net/netfilter/nft_set_hash.c
index 1e20e2bbb6d9..e36069fb76ae 100644
--- a/net/netfilter/nft_set_hash.c
+++ b/net/netfilter/nft_set_hash.c
@@ -212,7 +212,7 @@ static void nft_hash_remove(const struct nft_set *set,
212 rhashtable_remove_fast(&priv->ht, &he->node, nft_hash_params); 212 rhashtable_remove_fast(&priv->ht, &he->node, nft_hash_params);
213} 213}
214 214
215static void nft_hash_walk(const struct nft_ctx *ctx, const struct nft_set *set, 215static void nft_hash_walk(const struct nft_ctx *ctx, struct nft_set *set,
216 struct nft_set_iter *iter) 216 struct nft_set_iter *iter)
217{ 217{
218 struct nft_hash *priv = nft_set_priv(set); 218 struct nft_hash *priv = nft_set_priv(set);
diff --git a/net/netfilter/nft_set_rbtree.c b/net/netfilter/nft_set_rbtree.c
index 08376e50f6cd..f06f55ee516d 100644
--- a/net/netfilter/nft_set_rbtree.c
+++ b/net/netfilter/nft_set_rbtree.c
@@ -221,7 +221,7 @@ static void *nft_rbtree_deactivate(const struct net *net,
221} 221}
222 222
223static void nft_rbtree_walk(const struct nft_ctx *ctx, 223static void nft_rbtree_walk(const struct nft_ctx *ctx,
224 const struct nft_set *set, 224 struct nft_set *set,
225 struct nft_set_iter *iter) 225 struct nft_set_iter *iter)
226{ 226{
227 const struct nft_rbtree *priv = nft_set_priv(set); 227 const struct nft_rbtree *priv = nft_set_priv(set);
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
index b9e1a13b4ba3..3d555c79a7b5 100644
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -1976,7 +1976,7 @@ static int packet_rcv_vnet(struct msghdr *msg, const struct sk_buff *skb,
1976 return -EINVAL; 1976 return -EINVAL;
1977 *len -= sizeof(vnet_hdr); 1977 *len -= sizeof(vnet_hdr);
1978 1978
1979 if (virtio_net_hdr_from_skb(skb, &vnet_hdr, vio_le())) 1979 if (virtio_net_hdr_from_skb(skb, &vnet_hdr, vio_le(), true))
1980 return -EINVAL; 1980 return -EINVAL;
1981 1981
1982 return memcpy_to_msg(msg, (void *)&vnet_hdr, sizeof(vnet_hdr)); 1982 return memcpy_to_msg(msg, (void *)&vnet_hdr, sizeof(vnet_hdr));
@@ -2237,7 +2237,7 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev,
2237 if (po->has_vnet_hdr) { 2237 if (po->has_vnet_hdr) {
2238 if (virtio_net_hdr_from_skb(skb, h.raw + macoff - 2238 if (virtio_net_hdr_from_skb(skb, h.raw + macoff -
2239 sizeof(struct virtio_net_hdr), 2239 sizeof(struct virtio_net_hdr),
2240 vio_le())) { 2240 vio_le(), true)) {
2241 spin_lock(&sk->sk_receive_queue.lock); 2241 spin_lock(&sk->sk_receive_queue.lock);
2242 goto drop_n_account; 2242 goto drop_n_account;
2243 } 2243 }
diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c
index 5ed8e79bf102..64dfd35ccdcc 100644
--- a/net/sctp/ipv6.c
+++ b/net/sctp/ipv6.c
@@ -222,7 +222,8 @@ static int sctp_v6_xmit(struct sk_buff *skb, struct sctp_transport *transport)
222 SCTP_INC_STATS(sock_net(sk), SCTP_MIB_OUTSCTPPACKS); 222 SCTP_INC_STATS(sock_net(sk), SCTP_MIB_OUTSCTPPACKS);
223 223
224 rcu_read_lock(); 224 rcu_read_lock();
225 res = ip6_xmit(sk, skb, fl6, rcu_dereference(np->opt), np->tclass); 225 res = ip6_xmit(sk, skb, fl6, sk->sk_mark, rcu_dereference(np->opt),
226 np->tclass);
226 rcu_read_unlock(); 227 rcu_read_unlock();
227 return res; 228 return res;
228} 229}
diff --git a/net/sctp/offload.c b/net/sctp/offload.c
index 7e869d0cca69..4f5a2b580aa5 100644
--- a/net/sctp/offload.c
+++ b/net/sctp/offload.c
@@ -68,7 +68,7 @@ static struct sk_buff *sctp_gso_segment(struct sk_buff *skb,
68 goto out; 68 goto out;
69 } 69 }
70 70
71 segs = skb_segment(skb, features | NETIF_F_HW_CSUM); 71 segs = skb_segment(skb, features | NETIF_F_HW_CSUM | NETIF_F_SG);
72 if (IS_ERR(segs)) 72 if (IS_ERR(segs))
73 goto out; 73 goto out;
74 74
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index 318c6786d653..37eeab7899fc 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -235,8 +235,12 @@ static struct sctp_transport *sctp_addr_id2transport(struct sock *sk,
235 sctp_assoc_t id) 235 sctp_assoc_t id)
236{ 236{
237 struct sctp_association *addr_asoc = NULL, *id_asoc = NULL; 237 struct sctp_association *addr_asoc = NULL, *id_asoc = NULL;
238 struct sctp_transport *transport; 238 struct sctp_af *af = sctp_get_af_specific(addr->ss_family);
239 union sctp_addr *laddr = (union sctp_addr *)addr; 239 union sctp_addr *laddr = (union sctp_addr *)addr;
240 struct sctp_transport *transport;
241
242 if (sctp_verify_addr(sk, laddr, af->sockaddr_len))
243 return NULL;
240 244
241 addr_asoc = sctp_endpoint_lookup_assoc(sctp_sk(sk)->ep, 245 addr_asoc = sctp_endpoint_lookup_assoc(sctp_sk(sk)->ep,
242 laddr, 246 laddr,
diff --git a/net/tipc/node.c b/net/tipc/node.c
index 9d2f4c2b08ab..27753325e06e 100644
--- a/net/tipc/node.c
+++ b/net/tipc/node.c
@@ -263,6 +263,11 @@ static void tipc_node_write_lock(struct tipc_node *n)
263 write_lock_bh(&n->lock); 263 write_lock_bh(&n->lock);
264} 264}
265 265
266static void tipc_node_write_unlock_fast(struct tipc_node *n)
267{
268 write_unlock_bh(&n->lock);
269}
270
266static void tipc_node_write_unlock(struct tipc_node *n) 271static void tipc_node_write_unlock(struct tipc_node *n)
267{ 272{
268 struct net *net = n->net; 273 struct net *net = n->net;
@@ -417,7 +422,7 @@ void tipc_node_subscribe(struct net *net, struct list_head *subscr, u32 addr)
417 } 422 }
418 tipc_node_write_lock(n); 423 tipc_node_write_lock(n);
419 list_add_tail(subscr, &n->publ_list); 424 list_add_tail(subscr, &n->publ_list);
420 tipc_node_write_unlock(n); 425 tipc_node_write_unlock_fast(n);
421 tipc_node_put(n); 426 tipc_node_put(n);
422} 427}
423 428
@@ -435,7 +440,7 @@ void tipc_node_unsubscribe(struct net *net, struct list_head *subscr, u32 addr)
435 } 440 }
436 tipc_node_write_lock(n); 441 tipc_node_write_lock(n);
437 list_del_init(subscr); 442 list_del_init(subscr);
438 tipc_node_write_unlock(n); 443 tipc_node_write_unlock_fast(n);
439 tipc_node_put(n); 444 tipc_node_put(n);
440} 445}
441 446
diff --git a/net/tipc/server.c b/net/tipc/server.c
index 215849ce453d..3cd6402e812c 100644
--- a/net/tipc/server.c
+++ b/net/tipc/server.c
@@ -86,12 +86,12 @@ struct outqueue_entry {
86static void tipc_recv_work(struct work_struct *work); 86static void tipc_recv_work(struct work_struct *work);
87static void tipc_send_work(struct work_struct *work); 87static void tipc_send_work(struct work_struct *work);
88static void tipc_clean_outqueues(struct tipc_conn *con); 88static void tipc_clean_outqueues(struct tipc_conn *con);
89static void tipc_sock_release(struct tipc_conn *con);
90 89
91static void tipc_conn_kref_release(struct kref *kref) 90static void tipc_conn_kref_release(struct kref *kref)
92{ 91{
93 struct tipc_conn *con = container_of(kref, struct tipc_conn, kref); 92 struct tipc_conn *con = container_of(kref, struct tipc_conn, kref);
94 struct sockaddr_tipc *saddr = con->server->saddr; 93 struct tipc_server *s = con->server;
94 struct sockaddr_tipc *saddr = s->saddr;
95 struct socket *sock = con->sock; 95 struct socket *sock = con->sock;
96 struct sock *sk; 96 struct sock *sk;
97 97
@@ -103,9 +103,13 @@ static void tipc_conn_kref_release(struct kref *kref)
103 } 103 }
104 saddr->scope = -TIPC_NODE_SCOPE; 104 saddr->scope = -TIPC_NODE_SCOPE;
105 kernel_bind(sock, (struct sockaddr *)saddr, sizeof(*saddr)); 105 kernel_bind(sock, (struct sockaddr *)saddr, sizeof(*saddr));
106 tipc_sock_release(con);
107 sock_release(sock); 106 sock_release(sock);
108 con->sock = NULL; 107 con->sock = NULL;
108
109 spin_lock_bh(&s->idr_lock);
110 idr_remove(&s->conn_idr, con->conid);
111 s->idr_in_use--;
112 spin_unlock_bh(&s->idr_lock);
109 } 113 }
110 114
111 tipc_clean_outqueues(con); 115 tipc_clean_outqueues(con);
@@ -128,8 +132,10 @@ static struct tipc_conn *tipc_conn_lookup(struct tipc_server *s, int conid)
128 132
129 spin_lock_bh(&s->idr_lock); 133 spin_lock_bh(&s->idr_lock);
130 con = idr_find(&s->conn_idr, conid); 134 con = idr_find(&s->conn_idr, conid);
131 if (con) 135 if (con && test_bit(CF_CONNECTED, &con->flags))
132 conn_get(con); 136 conn_get(con);
137 else
138 con = NULL;
133 spin_unlock_bh(&s->idr_lock); 139 spin_unlock_bh(&s->idr_lock);
134 return con; 140 return con;
135} 141}
@@ -186,26 +192,15 @@ static void tipc_unregister_callbacks(struct tipc_conn *con)
186 write_unlock_bh(&sk->sk_callback_lock); 192 write_unlock_bh(&sk->sk_callback_lock);
187} 193}
188 194
189static void tipc_sock_release(struct tipc_conn *con)
190{
191 struct tipc_server *s = con->server;
192
193 if (con->conid)
194 s->tipc_conn_release(con->conid, con->usr_data);
195
196 tipc_unregister_callbacks(con);
197}
198
199static void tipc_close_conn(struct tipc_conn *con) 195static void tipc_close_conn(struct tipc_conn *con)
200{ 196{
201 struct tipc_server *s = con->server; 197 struct tipc_server *s = con->server;
202 198
203 if (test_and_clear_bit(CF_CONNECTED, &con->flags)) { 199 if (test_and_clear_bit(CF_CONNECTED, &con->flags)) {
200 tipc_unregister_callbacks(con);
204 201
205 spin_lock_bh(&s->idr_lock); 202 if (con->conid)
206 idr_remove(&s->conn_idr, con->conid); 203 s->tipc_conn_release(con->conid, con->usr_data);
207 s->idr_in_use--;
208 spin_unlock_bh(&s->idr_lock);
209 204
210 /* We shouldn't flush pending works as we may be in the 205 /* We shouldn't flush pending works as we may be in the
211 * thread. In fact the races with pending rx/tx work structs 206 * thread. In fact the races with pending rx/tx work structs
@@ -458,6 +453,11 @@ int tipc_conn_sendmsg(struct tipc_server *s, int conid,
458 if (!con) 453 if (!con)
459 return -EINVAL; 454 return -EINVAL;
460 455
456 if (!test_bit(CF_CONNECTED, &con->flags)) {
457 conn_put(con);
458 return 0;
459 }
460
461 e = tipc_alloc_entry(data, len); 461 e = tipc_alloc_entry(data, len);
462 if (!e) { 462 if (!e) {
463 conn_put(con); 463 conn_put(con);
@@ -471,12 +471,8 @@ int tipc_conn_sendmsg(struct tipc_server *s, int conid,
471 list_add_tail(&e->list, &con->outqueue); 471 list_add_tail(&e->list, &con->outqueue);
472 spin_unlock_bh(&con->outqueue_lock); 472 spin_unlock_bh(&con->outqueue_lock);
473 473
474 if (test_bit(CF_CONNECTED, &con->flags)) { 474 if (!queue_work(s->send_wq, &con->swork))
475 if (!queue_work(s->send_wq, &con->swork))
476 conn_put(con);
477 } else {
478 conn_put(con); 475 conn_put(con);
479 }
480 return 0; 476 return 0;
481} 477}
482 478
@@ -500,7 +496,7 @@ static void tipc_send_to_sock(struct tipc_conn *con)
500 int ret; 496 int ret;
501 497
502 spin_lock_bh(&con->outqueue_lock); 498 spin_lock_bh(&con->outqueue_lock);
503 while (1) { 499 while (test_bit(CF_CONNECTED, &con->flags)) {
504 e = list_entry(con->outqueue.next, struct outqueue_entry, 500 e = list_entry(con->outqueue.next, struct outqueue_entry,
505 list); 501 list);
506 if ((struct list_head *) e == &con->outqueue) 502 if ((struct list_head *) e == &con->outqueue)
@@ -623,14 +619,12 @@ int tipc_server_start(struct tipc_server *s)
623void tipc_server_stop(struct tipc_server *s) 619void tipc_server_stop(struct tipc_server *s)
624{ 620{
625 struct tipc_conn *con; 621 struct tipc_conn *con;
626 int total = 0;
627 int id; 622 int id;
628 623
629 spin_lock_bh(&s->idr_lock); 624 spin_lock_bh(&s->idr_lock);
630 for (id = 0; total < s->idr_in_use; id++) { 625 for (id = 0; s->idr_in_use; id++) {
631 con = idr_find(&s->conn_idr, id); 626 con = idr_find(&s->conn_idr, id);
632 if (con) { 627 if (con) {
633 total++;
634 spin_unlock_bh(&s->idr_lock); 628 spin_unlock_bh(&s->idr_lock);
635 tipc_close_conn(con); 629 tipc_close_conn(con);
636 spin_lock_bh(&s->idr_lock); 630 spin_lock_bh(&s->idr_lock);
diff --git a/net/tipc/subscr.c b/net/tipc/subscr.c
index 0dd02244e21d..9d94e65d0894 100644
--- a/net/tipc/subscr.c
+++ b/net/tipc/subscr.c
@@ -54,6 +54,8 @@ struct tipc_subscriber {
54 54
55static void tipc_subscrp_delete(struct tipc_subscription *sub); 55static void tipc_subscrp_delete(struct tipc_subscription *sub);
56static void tipc_subscrb_put(struct tipc_subscriber *subscriber); 56static void tipc_subscrb_put(struct tipc_subscriber *subscriber);
57static void tipc_subscrp_put(struct tipc_subscription *subscription);
58static void tipc_subscrp_get(struct tipc_subscription *subscription);
57 59
58/** 60/**
59 * htohl - convert value to endianness used by destination 61 * htohl - convert value to endianness used by destination
@@ -123,6 +125,7 @@ void tipc_subscrp_report_overlap(struct tipc_subscription *sub, u32 found_lower,
123{ 125{
124 struct tipc_name_seq seq; 126 struct tipc_name_seq seq;
125 127
128 tipc_subscrp_get(sub);
126 tipc_subscrp_convert_seq(&sub->evt.s.seq, sub->swap, &seq); 129 tipc_subscrp_convert_seq(&sub->evt.s.seq, sub->swap, &seq);
127 if (!tipc_subscrp_check_overlap(&seq, found_lower, found_upper)) 130 if (!tipc_subscrp_check_overlap(&seq, found_lower, found_upper))
128 return; 131 return;
@@ -132,30 +135,23 @@ void tipc_subscrp_report_overlap(struct tipc_subscription *sub, u32 found_lower,
132 135
133 tipc_subscrp_send_event(sub, found_lower, found_upper, event, port_ref, 136 tipc_subscrp_send_event(sub, found_lower, found_upper, event, port_ref,
134 node); 137 node);
138 tipc_subscrp_put(sub);
135} 139}
136 140
137static void tipc_subscrp_timeout(unsigned long data) 141static void tipc_subscrp_timeout(unsigned long data)
138{ 142{
139 struct tipc_subscription *sub = (struct tipc_subscription *)data; 143 struct tipc_subscription *sub = (struct tipc_subscription *)data;
140 struct tipc_subscriber *subscriber = sub->subscriber;
141 144
142 /* Notify subscriber of timeout */ 145 /* Notify subscriber of timeout */
143 tipc_subscrp_send_event(sub, sub->evt.s.seq.lower, sub->evt.s.seq.upper, 146 tipc_subscrp_send_event(sub, sub->evt.s.seq.lower, sub->evt.s.seq.upper,
144 TIPC_SUBSCR_TIMEOUT, 0, 0); 147 TIPC_SUBSCR_TIMEOUT, 0, 0);
145 148
146 spin_lock_bh(&subscriber->lock); 149 tipc_subscrp_put(sub);
147 tipc_subscrp_delete(sub);
148 spin_unlock_bh(&subscriber->lock);
149
150 tipc_subscrb_put(subscriber);
151} 150}
152 151
153static void tipc_subscrb_kref_release(struct kref *kref) 152static void tipc_subscrb_kref_release(struct kref *kref)
154{ 153{
155 struct tipc_subscriber *subcriber = container_of(kref, 154 kfree(container_of(kref,struct tipc_subscriber, kref));
156 struct tipc_subscriber, kref);
157
158 kfree(subcriber);
159} 155}
160 156
161static void tipc_subscrb_put(struct tipc_subscriber *subscriber) 157static void tipc_subscrb_put(struct tipc_subscriber *subscriber)
@@ -168,6 +164,59 @@ static void tipc_subscrb_get(struct tipc_subscriber *subscriber)
168 kref_get(&subscriber->kref); 164 kref_get(&subscriber->kref);
169} 165}
170 166
167static void tipc_subscrp_kref_release(struct kref *kref)
168{
169 struct tipc_subscription *sub = container_of(kref,
170 struct tipc_subscription,
171 kref);
172 struct tipc_net *tn = net_generic(sub->net, tipc_net_id);
173 struct tipc_subscriber *subscriber = sub->subscriber;
174
175 spin_lock_bh(&subscriber->lock);
176 tipc_nametbl_unsubscribe(sub);
177 list_del(&sub->subscrp_list);
178 atomic_dec(&tn->subscription_count);
179 spin_unlock_bh(&subscriber->lock);
180 kfree(sub);
181 tipc_subscrb_put(subscriber);
182}
183
184static void tipc_subscrp_put(struct tipc_subscription *subscription)
185{
186 kref_put(&subscription->kref, tipc_subscrp_kref_release);
187}
188
189static void tipc_subscrp_get(struct tipc_subscription *subscription)
190{
191 kref_get(&subscription->kref);
192}
193
194/* tipc_subscrb_subscrp_delete - delete a specific subscription or all
195 * subscriptions for a given subscriber.
196 */
197static void tipc_subscrb_subscrp_delete(struct tipc_subscriber *subscriber,
198 struct tipc_subscr *s)
199{
200 struct list_head *subscription_list = &subscriber->subscrp_list;
201 struct tipc_subscription *sub, *temp;
202
203 spin_lock_bh(&subscriber->lock);
204 list_for_each_entry_safe(sub, temp, subscription_list, subscrp_list) {
205 if (s && memcmp(s, &sub->evt.s, sizeof(struct tipc_subscr)))
206 continue;
207
208 tipc_subscrp_get(sub);
209 spin_unlock_bh(&subscriber->lock);
210 tipc_subscrp_delete(sub);
211 tipc_subscrp_put(sub);
212 spin_lock_bh(&subscriber->lock);
213
214 if (s)
215 break;
216 }
217 spin_unlock_bh(&subscriber->lock);
218}
219
171static struct tipc_subscriber *tipc_subscrb_create(int conid) 220static struct tipc_subscriber *tipc_subscrb_create(int conid)
172{ 221{
173 struct tipc_subscriber *subscriber; 222 struct tipc_subscriber *subscriber;
@@ -177,8 +226,8 @@ static struct tipc_subscriber *tipc_subscrb_create(int conid)
177 pr_warn("Subscriber rejected, no memory\n"); 226 pr_warn("Subscriber rejected, no memory\n");
178 return NULL; 227 return NULL;
179 } 228 }
180 kref_init(&subscriber->kref);
181 INIT_LIST_HEAD(&subscriber->subscrp_list); 229 INIT_LIST_HEAD(&subscriber->subscrp_list);
230 kref_init(&subscriber->kref);
182 subscriber->conid = conid; 231 subscriber->conid = conid;
183 spin_lock_init(&subscriber->lock); 232 spin_lock_init(&subscriber->lock);
184 233
@@ -187,55 +236,22 @@ static struct tipc_subscriber *tipc_subscrb_create(int conid)
187 236
188static void tipc_subscrb_delete(struct tipc_subscriber *subscriber) 237static void tipc_subscrb_delete(struct tipc_subscriber *subscriber)
189{ 238{
190 struct tipc_subscription *sub, *temp; 239 tipc_subscrb_subscrp_delete(subscriber, NULL);
191 u32 timeout;
192
193 spin_lock_bh(&subscriber->lock);
194 /* Destroy any existing subscriptions for subscriber */
195 list_for_each_entry_safe(sub, temp, &subscriber->subscrp_list,
196 subscrp_list) {
197 timeout = htohl(sub->evt.s.timeout, sub->swap);
198 if ((timeout == TIPC_WAIT_FOREVER) || del_timer(&sub->timer)) {
199 tipc_subscrp_delete(sub);
200 tipc_subscrb_put(subscriber);
201 }
202 }
203 spin_unlock_bh(&subscriber->lock);
204
205 tipc_subscrb_put(subscriber); 240 tipc_subscrb_put(subscriber);
206} 241}
207 242
208static void tipc_subscrp_delete(struct tipc_subscription *sub) 243static void tipc_subscrp_delete(struct tipc_subscription *sub)
209{ 244{
210 struct tipc_net *tn = net_generic(sub->net, tipc_net_id); 245 u32 timeout = htohl(sub->evt.s.timeout, sub->swap);
211 246
212 tipc_nametbl_unsubscribe(sub); 247 if (timeout == TIPC_WAIT_FOREVER || del_timer(&sub->timer))
213 list_del(&sub->subscrp_list); 248 tipc_subscrp_put(sub);
214 kfree(sub);
215 atomic_dec(&tn->subscription_count);
216} 249}
217 250
218static void tipc_subscrp_cancel(struct tipc_subscr *s, 251static void tipc_subscrp_cancel(struct tipc_subscr *s,
219 struct tipc_subscriber *subscriber) 252 struct tipc_subscriber *subscriber)
220{ 253{
221 struct tipc_subscription *sub, *temp; 254 tipc_subscrb_subscrp_delete(subscriber, s);
222 u32 timeout;
223
224 spin_lock_bh(&subscriber->lock);
225 /* Find first matching subscription, exit if not found */
226 list_for_each_entry_safe(sub, temp, &subscriber->subscrp_list,
227 subscrp_list) {
228 if (!memcmp(s, &sub->evt.s, sizeof(struct tipc_subscr))) {
229 timeout = htohl(sub->evt.s.timeout, sub->swap);
230 if ((timeout == TIPC_WAIT_FOREVER) ||
231 del_timer(&sub->timer)) {
232 tipc_subscrp_delete(sub);
233 tipc_subscrb_put(subscriber);
234 }
235 break;
236 }
237 }
238 spin_unlock_bh(&subscriber->lock);
239} 255}
240 256
241static struct tipc_subscription *tipc_subscrp_create(struct net *net, 257static struct tipc_subscription *tipc_subscrp_create(struct net *net,
@@ -272,6 +288,7 @@ static struct tipc_subscription *tipc_subscrp_create(struct net *net,
272 sub->swap = swap; 288 sub->swap = swap;
273 memcpy(&sub->evt.s, s, sizeof(*s)); 289 memcpy(&sub->evt.s, s, sizeof(*s));
274 atomic_inc(&tn->subscription_count); 290 atomic_inc(&tn->subscription_count);
291 kref_init(&sub->kref);
275 return sub; 292 return sub;
276} 293}
277 294
@@ -288,17 +305,16 @@ static void tipc_subscrp_subscribe(struct net *net, struct tipc_subscr *s,
288 305
289 spin_lock_bh(&subscriber->lock); 306 spin_lock_bh(&subscriber->lock);
290 list_add(&sub->subscrp_list, &subscriber->subscrp_list); 307 list_add(&sub->subscrp_list, &subscriber->subscrp_list);
291 tipc_subscrb_get(subscriber);
292 sub->subscriber = subscriber; 308 sub->subscriber = subscriber;
293 tipc_nametbl_subscribe(sub); 309 tipc_nametbl_subscribe(sub);
310 tipc_subscrb_get(subscriber);
294 spin_unlock_bh(&subscriber->lock); 311 spin_unlock_bh(&subscriber->lock);
295 312
313 setup_timer(&sub->timer, tipc_subscrp_timeout, (unsigned long)sub);
296 timeout = htohl(sub->evt.s.timeout, swap); 314 timeout = htohl(sub->evt.s.timeout, swap);
297 if (timeout == TIPC_WAIT_FOREVER)
298 return;
299 315
300 setup_timer(&sub->timer, tipc_subscrp_timeout, (unsigned long)sub); 316 if (timeout != TIPC_WAIT_FOREVER)
301 mod_timer(&sub->timer, jiffies + msecs_to_jiffies(timeout)); 317 mod_timer(&sub->timer, jiffies + msecs_to_jiffies(timeout));
302} 318}
303 319
304/* Handle one termination request for the subscriber */ 320/* Handle one termination request for the subscriber */
diff --git a/net/tipc/subscr.h b/net/tipc/subscr.h
index be60103082c9..ffdc214c117a 100644
--- a/net/tipc/subscr.h
+++ b/net/tipc/subscr.h
@@ -57,6 +57,7 @@ struct tipc_subscriber;
57 * @evt: template for events generated by subscription 57 * @evt: template for events generated by subscription
58 */ 58 */
59struct tipc_subscription { 59struct tipc_subscription {
60 struct kref kref;
60 struct tipc_subscriber *subscriber; 61 struct tipc_subscriber *subscriber;
61 struct net *net; 62 struct net *net;
62 struct timer_list timer; 63 struct timer_list timer;
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index 127656ebe7be..cef79873b09d 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -995,6 +995,7 @@ static int unix_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
995 unsigned int hash; 995 unsigned int hash;
996 struct unix_address *addr; 996 struct unix_address *addr;
997 struct hlist_head *list; 997 struct hlist_head *list;
998 struct path path = { NULL, NULL };
998 999
999 err = -EINVAL; 1000 err = -EINVAL;
1000 if (sunaddr->sun_family != AF_UNIX) 1001 if (sunaddr->sun_family != AF_UNIX)
@@ -1010,9 +1011,20 @@ static int unix_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
1010 goto out; 1011 goto out;
1011 addr_len = err; 1012 addr_len = err;
1012 1013
1014 if (sun_path[0]) {
1015 umode_t mode = S_IFSOCK |
1016 (SOCK_INODE(sock)->i_mode & ~current_umask());
1017 err = unix_mknod(sun_path, mode, &path);
1018 if (err) {
1019 if (err == -EEXIST)
1020 err = -EADDRINUSE;
1021 goto out;
1022 }
1023 }
1024
1013 err = mutex_lock_interruptible(&u->bindlock); 1025 err = mutex_lock_interruptible(&u->bindlock);
1014 if (err) 1026 if (err)
1015 goto out; 1027 goto out_put;
1016 1028
1017 err = -EINVAL; 1029 err = -EINVAL;
1018 if (u->addr) 1030 if (u->addr)
@@ -1029,16 +1041,6 @@ static int unix_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
1029 atomic_set(&addr->refcnt, 1); 1041 atomic_set(&addr->refcnt, 1);
1030 1042
1031 if (sun_path[0]) { 1043 if (sun_path[0]) {
1032 struct path path;
1033 umode_t mode = S_IFSOCK |
1034 (SOCK_INODE(sock)->i_mode & ~current_umask());
1035 err = unix_mknod(sun_path, mode, &path);
1036 if (err) {
1037 if (err == -EEXIST)
1038 err = -EADDRINUSE;
1039 unix_release_addr(addr);
1040 goto out_up;
1041 }
1042 addr->hash = UNIX_HASH_SIZE; 1044 addr->hash = UNIX_HASH_SIZE;
1043 hash = d_backing_inode(path.dentry)->i_ino & (UNIX_HASH_SIZE - 1); 1045 hash = d_backing_inode(path.dentry)->i_ino & (UNIX_HASH_SIZE - 1);
1044 spin_lock(&unix_table_lock); 1046 spin_lock(&unix_table_lock);
@@ -1065,6 +1067,9 @@ out_unlock:
1065 spin_unlock(&unix_table_lock); 1067 spin_unlock(&unix_table_lock);
1066out_up: 1068out_up:
1067 mutex_unlock(&u->bindlock); 1069 mutex_unlock(&u->bindlock);
1070out_put:
1071 if (err)
1072 path_put(&path);
1068out: 1073out:
1069 return err; 1074 return err;
1070} 1075}
generated by cgit v1.2.2 (git 2.25.0) at 2025-08-23 09:20:59 -0400