Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

Conflicts: drivers/net/ethernet/cadence/macb.c drivers/net/phy/phy.c include/linux/skbuff.h net/ipv4/tcp.c net/switchdev/switchdev.c Switchdev was a case of RTNH_H_{EXTERNAL --> OFFLOAD} renaming overlapping with net-next changes of various sorts. phy.c was a case of two changes, one adding a local variable to a function whilst the second was removing one. tcp.c overlapped a deadlock fix with the addition of new tcp_info statistic values. macb.c involved the addition of two zyncq device entries. skbuff.h involved adding back ipv4_daddr to nf_bridge_info whilst net-next changes put two other existing members of that struct into a union. Signed-off-by: David S. Miller <davem@davemloft.net>
author: David S. Miller <davem@davemloft.net> 2015-05-23 01:22:35 -0400
committer: David S. Miller <davem@davemloft.net> 2015-05-23 01:22:35 -0400
commit: 36583eb54d46c36a447afd6c379839f292397429 (patch)
tree: 70f5399529dc2135a986947b37c655194da60e9d /net
parent: fa7912be967102cdbecd8ef172571b28eb22099e (diff)
parent: cf539cbd8a81e12880735a0912de8b99f46c84fd (diff)
32 files changed, 207 insertions, 74 deletions
diff --git a/net/8021q/vlan.c b/net/8021q/vlan.c
index 98a30a5b8664..59555f0f8fc8 100644
--- a/net/8021q/vlan.c
+++ b/net/8021q/vlan.c
@@ -443,7 +443,7 @@ static int vlan_device_event(struct notifier_block *unused, unsigned long event,
        case NETDEV_UP:
                /* Put all VLANs for this dev in the up state too.  */
                vlan_group_for_each_dev(grp, i, vlandev) {
-                        flgs = vlandev->flags;
+                        flgs = dev_get_flags(vlandev);
                        if (flgs & IFF_UP)
                                continue;
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index 4663c3dad3f5..c4802f3bd4c5 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -2854,9 +2854,11 @@ static void le_scan_disable_work_complete(struct hci_dev *hdev, u8 status,
                         * state. If we were running both LE and BR/EDR inquiry
                         * simultaneously, and BR/EDR inquiry is already
                         * finished, stop discovery, otherwise BR/EDR inquiry
-                         * will stop discovery when finished.
+                         * will stop discovery when finished. If we will resolve
+                         * remote device name, do not change discovery state.
                         */
-                        if (!test_bit(HCI_INQUIRY, &hdev->flags))
+                        if (!test_bit(HCI_INQUIRY, &hdev->flags) &&
+                            hdev->discovery.state != DISCOVERY_RESOLVING)
                                hci_discovery_set_state(hdev,
                                                        DISCOVERY_STOPPED);
                } else {
diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c
index 2d69d5cab52f..d7e103e3538a 100644
--- a/net/bridge/br_multicast.c
+++ b/net/bridge/br_multicast.c
@@ -1069,7 +1069,7 @@ static int br_ip6_multicast_mld2_report(struct net_bridge *br,
                err = br_ip6_multicast_add_group(br, port, &grec->grec_mca,
                                                 vid);
-                if (!err)
+                if (err)
                        break;
        }
diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c
index 1d2eb32d8270..46660a28feef 100644
--- a/net/bridge/br_netfilter.c
+++ b/net/bridge/br_netfilter.c
@@ -37,10 +37,6 @@
 #include <net/route.h>
 #include <net/netfilter/br_netfilter.h>
-#if IS_ENABLED(CONFIG_NF_CONNTRACK)
-#include <net/netfilter/nf_conntrack.h>
-#endif
 #include <asm/uaccess.h>
 #include "br_private.h"
 #ifdef CONFIG_SYSCTL
@@ -358,24 +354,15 @@ free_skb:
        return 0;
 }
-static bool dnat_took_place(const struct sk_buff *skb)
+static bool daddr_was_changed(const struct sk_buff *skb,
+                              const struct nf_bridge_info *nf_bridge)
 {
-#if IS_ENABLED(CONFIG_NF_CONNTRACK)
+        return ip_hdr(skb)->daddr != nf_bridge->ipv4_daddr;
-        enum ip_conntrack_info ctinfo;
-        struct nf_conn *ct;
-        ct = nf_ct_get(skb, &ctinfo);
-        if (!ct || nf_ct_is_untracked(ct))
-                return false;
-        return test_bit(IPS_DST_NAT_BIT, &ct->status);
-#else
-        return false;
-#endif
 }
 /* This requires some explaining. If DNAT has taken place,
 * we will need to fix up the destination Ethernet address.
+ * This is also true when SNAT takes place (for the reply direction).
 *
 * There are two cases to consider:
 * 1. The packet was DNAT'ed to a device in the same bridge
@@ -429,7 +416,7 @@ static int br_nf_pre_routing_finish(struct sock *sk, struct sk_buff *skb)
                nf_bridge->pkt_otherhost = false;
        }
        nf_bridge->mask ^= BRNF_NF_BRIDGE_PREROUTING;
-        if (dnat_took_place(skb)) {
+        if (daddr_was_changed(skb, nf_bridge)) {
                if ((err = ip_route_input(skb, iph->daddr, iph->saddr, iph->tos, dev))) {
                        struct in_device *in_dev = __in_dev_get_rcu(dev);
@@ -640,6 +627,7 @@ static unsigned int br_nf_pre_routing(const struct nf_hook_ops *ops,
                                      struct sk_buff *skb,
                                      const struct nf_hook_state *state)
 {
+        struct nf_bridge_info *nf_bridge;
        struct net_bridge_port *p;
        struct net_bridge *br;
        __u32 len = nf_bridge_encap_header_len(skb);
@@ -677,6 +665,9 @@ static unsigned int br_nf_pre_routing(const struct nf_hook_ops *ops,
        if (!setup_pre_routing(skb))
                return NF_DROP;
+        nf_bridge = nf_bridge_info_get(skb);
+        nf_bridge->ipv4_daddr = ip_hdr(skb)->daddr;
        skb->protocol = htons(ETH_P_IP);
        NF_HOOK(NFPROTO_IPV4, NF_INET_PRE_ROUTING, state->sk, skb,
diff --git a/net/bridge/br_stp_timer.c b/net/bridge/br_stp_timer.c
index 4fcaa67750fd..7caf7fae2d5b 100644
--- a/net/bridge/br_stp_timer.c
+++ b/net/bridge/br_stp_timer.c
@@ -97,7 +97,9 @@ static void br_forward_delay_timer_expired(unsigned long arg)
                netif_carrier_on(br->dev);
        }
        br_log_state(p);
+        rcu_read_lock();
        br_ifinfo_notify(RTM_NEWLINK, p);
+        rcu_read_unlock();
        spin_unlock(&br->lock);
 }
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index 5149d9e71114..d5aba394ff6f 100644
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -1117,6 +1117,8 @@ static int do_replace(struct net *net, const void __user *user,
                return -ENOMEM;
        if (tmp.num_counters >= INT_MAX / sizeof(struct ebt_counter))
                return -ENOMEM;
+        if (tmp.num_counters == 0)
+                return -EINVAL;
        tmp.name[sizeof(tmp.name) - 1] = 0;
@@ -2159,6 +2161,8 @@ static int compat_copy_ebt_replace_from_user(struct ebt_replace *repl,
                return -ENOMEM;
        if (tmp.num_counters >= INT_MAX / sizeof(struct ebt_counter))
                return -ENOMEM;
+        if (tmp.num_counters == 0)
+                return -EINVAL;
        memcpy(repl, &tmp, offsetof(struct ebt_replace, hook_entry));
diff --git a/net/core/ethtool.c b/net/core/ethtool.c
index eb0c3ace7458..4f6a17ef0710 100644
--- a/net/core/ethtool.c
+++ b/net/core/ethtool.c
@@ -358,7 +358,15 @@ static int ethtool_get_settings(struct net_device *dev, void __user *useraddr)
        int err;
        struct ethtool_cmd cmd;
-        err = __ethtool_get_settings(dev, &cmd);
+        if (!dev->ethtool_ops->get_settings)
+                return -EOPNOTSUPP;
+        if (copy_from_user(&cmd, useraddr, sizeof(cmd)))
+                return -EFAULT;
+        cmd.cmd = ETHTOOL_GSET;
+        err = dev->ethtool_ops->get_settings(dev, &cmd);
        if (err < 0)
                return err;
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index 141ccc357e2e..077b6d280371 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -2420,6 +2420,9 @@ void rtmsg_ifinfo(int type, struct net_device *dev, unsigned int change,
 {
        struct sk_buff *skb;
+        if (dev->reg_state != NETREG_REGISTERED)
+                return;
        skb = rtmsg_ifinfo_build_skb(type, dev, change, flags);
        if (skb)
                rtmsg_ifinfo_send(skb, dev, flags);
diff --git a/net/ipv4/fib_trie.c b/net/ipv4/fib_trie.c
index 03444c6ae342..5a5d9bdeaeb4 100644
--- a/net/ipv4/fib_trie.c
+++ b/net/ipv4/fib_trie.c
@@ -1164,6 +1164,7 @@ int fib_table_insert(struct fib_table *tb, struct fib_config *cfg)
                        state = fa->fa_state;
                        new_fa->fa_state = state & ~FA_S_ACCESSED;
                        new_fa->fa_slen = fa->fa_slen;
+                        new_fa->tb_id = tb->tb_id;
                        err = switchdev_fib_ipv4_add(key, plen, fi,
                                                     new_fa->fa_tos,
@@ -1762,7 +1763,7 @@ void fib_table_flush_external(struct fib_table *tb)
                        /* record local slen */
                        slen = fa->fa_slen;
-                        if (!fi || !(fi->fib_flags & RTNH_F_EXTERNAL))
+                        if (!fi || !(fi->fib_flags & RTNH_F_OFFLOAD))
                                continue;
                        switchdev_fib_ipv4_del(n->key, KEYLENGTH - fa->fa_slen,
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
index 13bfe84bf3ca..a61200754f4b 100644
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -1075,6 +1075,9 @@ static int do_replace(struct net *net, const void __user *user,
        /* overflow check */
        if (tmp.num_counters >= INT_MAX / sizeof(struct xt_counters))
                return -ENOMEM;
+        if (tmp.num_counters == 0)
+                return -EINVAL;
        tmp.name[sizeof(tmp.name)-1] = 0;
        newinfo = xt_alloc_table_info(tmp.size);
@@ -1499,6 +1502,9 @@ static int compat_do_replace(struct net *net, void __user *user,
                return -ENOMEM;
        if (tmp.num_counters >= INT_MAX / sizeof(struct xt_counters))
                return -ENOMEM;
+        if (tmp.num_counters == 0)
+                return -EINVAL;
        tmp.name[sizeof(tmp.name)-1] = 0;
        newinfo = xt_alloc_table_info(tmp.size);
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index c69db7fa25ee..2d0e265fef6e 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -1262,6 +1262,9 @@ do_replace(struct net *net, const void __user *user, unsigned int len)
        /* overflow check */
        if (tmp.num_counters >= INT_MAX / sizeof(struct xt_counters))
                return -ENOMEM;
+        if (tmp.num_counters == 0)
+                return -EINVAL;
        tmp.name[sizeof(tmp.name)-1] = 0;
        newinfo = xt_alloc_table_info(tmp.size);
@@ -1809,6 +1812,9 @@ compat_do_replace(struct net *net, void __user *user, unsigned int len)
                return -ENOMEM;
        if (tmp.num_counters >= INT_MAX / sizeof(struct xt_counters))
                return -ENOMEM;
+        if (tmp.num_counters == 0)
+                return -EINVAL;
        tmp.name[sizeof(tmp.name)-1] = 0;
        newinfo = xt_alloc_table_info(tmp.size);
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index 9e15f5ca4495..f6055984c307 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -900,6 +900,10 @@ static int ip_error(struct sk_buff *skb)
        bool send;
        int code;
+        /* IP on this device is disabled. */
+        if (!in_dev)
+                goto out;
        net = dev_net(rt->dst.dev);
        if (!IN_DEV_FORWARD(in_dev)) {
                switch (rt->dst.error) {
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index 7f3e721b9e69..90afcec3f427 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -402,6 +402,7 @@ void tcp_init_sock(struct sock *sk)
        tp->snd_ssthresh = TCP_INFINITE_SSTHRESH;
        tp->snd_cwnd_clamp = ~0;
        tp->mss_cache = TCP_MSS_DEFAULT;
+        u64_stats_init(&tp->syncp);
        tp->reordering = sysctl_tcp_reordering;
        tcp_enable_early_retrans(tp);
@@ -2625,6 +2626,7 @@ void tcp_get_info(struct sock *sk, struct tcp_info *info)
        const struct tcp_sock *tp = tcp_sk(sk);
        const struct inet_connection_sock *icsk = inet_csk(sk);
        u32 now = tcp_time_stamp;
+        unsigned int start;
        u32 rate;
        memset(info, 0, sizeof(*info));
@@ -2692,12 +2694,13 @@ void tcp_get_info(struct sock *sk, struct tcp_info *info)
        rate = READ_ONCE(sk->sk_max_pacing_rate);
        info->tcpi_max_pacing_rate = rate != ~0U ? rate : ~0ULL;
-        spin_lock_bh(&sk->sk_lock.slock);
+        do {
-        info->tcpi_bytes_acked = tp->bytes_acked;
+                start = u64_stats_fetch_begin_irq(&tp->syncp);
-        info->tcpi_bytes_received = tp->bytes_received;
+                info->tcpi_bytes_acked = tp->bytes_acked;
+                info->tcpi_bytes_received = tp->bytes_received;
+        } while (u64_stats_fetch_retry_irq(&tp->syncp, start));
        info->tcpi_segs_out = tp->segs_out;
        info->tcpi_segs_in = tp->segs_in;
-        spin_unlock_bh(&sk->sk_lock.slock);
 }
 EXPORT_SYMBOL_GPL(tcp_get_info);
diff --git a/net/ipv4/tcp_fastopen.c b/net/ipv4/tcp_fastopen.c
index 3c673d5e6cff..46b087a27503 100644
--- a/net/ipv4/tcp_fastopen.c
+++ b/net/ipv4/tcp_fastopen.c
@@ -206,6 +206,10 @@ static bool tcp_fastopen_create_child(struct sock *sk,
                        skb_set_owner_r(skb2, child);
                        __skb_queue_tail(&child->sk_receive_queue, skb2);
                        tp->syn_data_acked = 1;
+                        /* u64_stats_update_begin(&tp->syncp) not needed here,
+                         * as we certainly are not changing upper 32bit value (0)
+                         */
                        tp->bytes_received = end_seq - TCP_SKB_CB(skb)->seq - 1;
                } else {
                        end_seq = TCP_SKB_CB(skb)->seq + 1;
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index 40c435997e54..15c4536188a4 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -2695,16 +2695,21 @@ static void tcp_process_loss(struct sock *sk, int flag, bool is_dupack)
        struct tcp_sock *tp = tcp_sk(sk);
        bool recovered = !before(tp->snd_una, tp->high_seq);
+        if ((flag & FLAG_SND_UNA_ADVANCED) &&
+            tcp_try_undo_loss(sk, false))
+                return;
        if (tp->frto) { /* F-RTO RFC5682 sec 3.1 (sack enhanced version). */
                /* Step 3.b. A timeout is spurious if not all data are
                 * lost, i.e., never-retransmitted data are (s)acked.
                 */
-                if (tcp_try_undo_loss(sk, flag & FLAG_ORIG_SACK_ACKED))
+                if ((flag & FLAG_ORIG_SACK_ACKED) &&
+                    tcp_try_undo_loss(sk, true))
                        return;
-                if (after(tp->snd_nxt, tp->high_seq) &&
+                if (after(tp->snd_nxt, tp->high_seq)) {
-                    (flag & FLAG_DATA_SACKED || is_dupack)) {
+                        if (flag & FLAG_DATA_SACKED || is_dupack)
-                        tp->frto = 0; /* Loss was real: 2nd part of step 3.a */
+                                tp->frto = 0; /* Step 3.a. loss was real */
                } else if (flag & FLAG_SND_UNA_ADVANCED && !recovered) {
                        tp->high_seq = tp->snd_nxt;
                        __tcp_push_pending_frames(sk, tcp_current_mss(sk),
@@ -2729,8 +2734,6 @@ static void tcp_process_loss(struct sock *sk, int flag, bool is_dupack)
                else if (flag & FLAG_SND_UNA_ADVANCED)
                        tcp_reset_reno_sack(tp);
        }
-        if (tcp_try_undo_loss(sk, false))
-                return;
        tcp_xmit_retransmit_queue(sk);
 }
@@ -3281,7 +3284,9 @@ static void tcp_snd_una_update(struct tcp_sock *tp, u32 ack)
 {
        u32 delta = ack - tp->snd_una;
+        u64_stats_update_begin(&tp->syncp);
        tp->bytes_acked += delta;
+        u64_stats_update_end(&tp->syncp);
        tp->snd_una = ack;
 }
@@ -3290,7 +3295,9 @@ static void tcp_rcv_nxt_update(struct tcp_sock *tp, u32 seq)
 {
        u32 delta = seq - tp->rcv_nxt;
+        u64_stats_update_begin(&tp->syncp);
        tp->bytes_received += delta;
+        u64_stats_update_end(&tp->syncp);
        tp->rcv_nxt = seq;
 }
diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c
index b62d15c86946..df7fe3c31162 100644
--- a/net/ipv4/tcp_minisocks.c
+++ b/net/ipv4/tcp_minisocks.c
@@ -300,7 +300,7 @@ void tcp_time_wait(struct sock *sk, int state, int timeo)
                        tw->tw_v6_daddr = sk->sk_v6_daddr;
                        tw->tw_v6_rcv_saddr = sk->sk_v6_rcv_saddr;
                        tw->tw_tclass = np->tclass;
-                        tw->tw_flowlabel = np->flow_label >> 12;
+                        tw->tw_flowlabel = be32_to_cpu(np->flow_label & IPV6_FLOWLABEL_MASK);
                        tw->tw_ipv6only = sk->sk_ipv6only;
                }
 #endif
diff --git a/net/ipv6/ip6_fib.c b/net/ipv6/ip6_fib.c
index 96dbffff5a24..bde57b113009 100644
--- a/net/ipv6/ip6_fib.c
+++ b/net/ipv6/ip6_fib.c
@@ -693,6 +693,7 @@ static int fib6_add_rt2node(struct fib6_node *fn, struct rt6_info *rt,
 {
        struct rt6_info *iter = NULL;
        struct rt6_info **ins;
+        struct rt6_info **fallback_ins = NULL;
        int replace = (info->nlh &&
                       (info->nlh->nlmsg_flags & NLM_F_REPLACE));
        int add = (!info->nlh ||
@@ -716,8 +717,13 @@ static int fib6_add_rt2node(struct fib6_node *fn, struct rt6_info *rt,
                            (info->nlh->nlmsg_flags & NLM_F_EXCL))
                                return -EEXIST;
                        if (replace) {
-                                found++;
+                                if (rt_can_ecmp == rt6_qualify_for_ecmp(iter)) {
-                                break;
+                                        found++;
+                                        break;
+                                }
+                                if (rt_can_ecmp)
+                                        fallback_ins = fallback_ins ?: ins;
+                                goto next_iter;
                        }
                        if (iter->dst.dev == rt->dst.dev &&
@@ -753,9 +759,17 @@ static int fib6_add_rt2node(struct fib6_node *fn, struct rt6_info *rt,
                if (iter->rt6i_metric > rt->rt6i_metric)
                        break;
+next_iter:
                ins = &iter->dst.rt6_next;
        }
+        if (fallback_ins && !found) {
+                /* No ECMP-able route found, replace first non-ECMP one */
+                ins = fallback_ins;
+                iter = *ins;
+                found++;
+        }
        /* Reset round-robin state, if necessary */
        if (ins == &fn->leaf)
                fn->rr_ptr = NULL;
@@ -815,6 +829,8 @@ add:
                }
        } else {
+                int nsiblings;
                if (!found) {
                        if (add)
                                goto add;
@@ -835,8 +851,27 @@ add:
                        info->nl_net->ipv6.rt6_stats->fib_route_nodes++;
                        fn->fn_flags |= RTN_RTINFO;
                }
+                nsiblings = iter->rt6i_nsiblings;
                fib6_purge_rt(iter, fn, info->nl_net);
                rt6_release(iter);
+                if (nsiblings) {
+                        /* Replacing an ECMP route, remove all siblings */
+                        ins = &rt->dst.rt6_next;
+                        iter = *ins;
+                        while (iter) {
+                                if (rt6_qualify_for_ecmp(iter)) {
+                                        *ins = iter->dst.rt6_next;
+                                        fib6_purge_rt(iter, fn, info->nl_net);
+                                        rt6_release(iter);
+                                        nsiblings--;
+                                } else {
+                                        ins = &iter->dst.rt6_next;
+                                }
+                                iter = *ins;
+                        }
+                        WARN_ON(nsiblings != 0);
+                }
        }
        return 0;
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index c21777565c58..bc09cb97b840 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -1300,8 +1300,10 @@ emsgsize:
        /* If this is the first and only packet and device
         * supports checksum offloading, let's use it.
+         * Use transhdrlen, same as IPv4, because partial
+         * sums only work when transhdrlen is set.
         */
-        if (!skb && sk->sk_protocol == IPPROTO_UDP &&
+        if (transhdrlen && sk->sk_protocol == IPPROTO_UDP &&
            length + fragheaderlen < mtu &&
            rt->dst.dev->features & NETIF_F_V6_CSUM &&
            !exthdrlen)
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index 1a732a1d3c8e..62f5b0d0bc9b 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -1275,6 +1275,9 @@ do_replace(struct net *net, const void __user *user, unsigned int len)
        /* overflow check */
        if (tmp.num_counters >= INT_MAX / sizeof(struct xt_counters))
                return -ENOMEM;
+        if (tmp.num_counters == 0)
+                return -EINVAL;
        tmp.name[sizeof(tmp.name)-1] = 0;
        newinfo = xt_alloc_table_info(tmp.size);
@@ -1822,6 +1825,9 @@ compat_do_replace(struct net *net, void __user *user, unsigned int len)
                return -ENOMEM;
        if (tmp.num_counters >= INT_MAX / sizeof(struct xt_counters))
                return -ENOMEM;
+        if (tmp.num_counters == 0)
+                return -EINVAL;
        tmp.name[sizeof(tmp.name)-1] = 0;
        newinfo = xt_alloc_table_info(tmp.size);
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index 98fce6f4a580..0c889cb89cc3 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -2515,9 +2515,9 @@ static int ip6_route_multipath(struct fib6_config *cfg, int add)
        int attrlen;
        int err = 0, last_err = 0;
+        remaining = cfg->fc_mp_len;
 beginning:
        rtnh = (struct rtnexthop *)cfg->fc_mp;
-        remaining = cfg->fc_mp_len;
        /* Parse a Multipath Entry */
        while (rtnh_ok(rtnh, remaining)) {
@@ -2547,15 +2547,19 @@ beginning:
                                 * next hops that have been already added.
                                 */
                                add = 0;
+                                remaining = cfg->fc_mp_len - remaining;
                                goto beginning;
                        }
                }
                /* Because each route is added like a single route we remove
-                 * this flag after the first nexthop (if there is a collision,
+                 * these flags after the first nexthop: if there is a collision,
-                 * we have already fail to add the first nexthop:
+                 * we have already failed to add the first nexthop:
-                 * fib6_add_rt2node() has reject it).
+                 * fib6_add_rt2node() has rejected it; when replacing, old
+                 * nexthops have been replaced by first new, the rest should
+                 * be added to it.
                 */
-                cfg->fc_nlinfo.nlh->nlmsg_flags &= ~NLM_F_EXCL;
+                cfg->fc_nlinfo.nlh->nlmsg_flags &= ~(NLM_F_EXCL |
+                                                     NLM_F_REPLACE);
                rtnh = rtnh_next(rtnh, &remaining);
        }
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index beac6bf840b9..fefe4455e1f3 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -914,7 +914,7 @@ static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
                        tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
                        tcp_time_stamp + tcptw->tw_ts_offset,
                        tcptw->tw_ts_recent, tw->tw_bound_dev_if, tcp_twsk_md5_key(tcptw),
-                        tw->tw_tclass, (tw->tw_flowlabel << 12));
+                        tw->tw_tclass, cpu_to_be32(tw->tw_flowlabel));
        inet_twsk_put(tw);
 }
diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
index 3477c919fcc8..c2ec41617a35 100644
--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -731,7 +731,9 @@ static bool __udp_v6_is_mcast_sock(struct net *net, struct sock *sk,
            (inet->inet_dport && inet->inet_dport != rmt_port) ||
            (!ipv6_addr_any(&sk->sk_v6_daddr) &&
                    !ipv6_addr_equal(&sk->sk_v6_daddr, rmt_addr)) ||
-            (sk->sk_bound_dev_if && sk->sk_bound_dev_if != dif))
+            (sk->sk_bound_dev_if && sk->sk_bound_dev_if != dif) ||
+            (!ipv6_addr_any(&sk->sk_v6_rcv_saddr) &&
+                    !ipv6_addr_equal(&sk->sk_v6_rcv_saddr, loc_addr)))
                return false;
        if (!inet6_mc_check(sk, loc_addr, rmt_addr))
                return false;
diff --git a/net/mac80211/wep.c b/net/mac80211/wep.c
index a4220e92f0cc..efa3f48f1ec5 100644
--- a/net/mac80211/wep.c
+++ b/net/mac80211/wep.c
@@ -98,8 +98,7 @@ static u8 *ieee80211_wep_add_iv(struct ieee80211_local *local,
        hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
-        if (WARN_ON(skb_tailroom(skb) < IEEE80211_WEP_ICV_LEN ||
+        if (WARN_ON(skb_headroom(skb) < IEEE80211_WEP_IV_LEN))
-                    skb_headroom(skb) < IEEE80211_WEP_IV_LEN))
                return NULL;
        hdrlen = ieee80211_hdrlen(hdr->frame_control);
@@ -167,6 +166,9 @@ int ieee80211_wep_encrypt(struct ieee80211_local *local,
        size_t len;
        u8 rc4key[3 + WLAN_KEY_LEN_WEP104];
+        if (WARN_ON(skb_tailroom(skb) < IEEE80211_WEP_ICV_LEN))
+                return -1;
        iv = ieee80211_wep_add_iv(local, skb, keylen, keyidx);
        if (!iv)
                return -1;
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index db1c674397ad..1c78d7fb1da7 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -870,6 +870,7 @@ config NETFILTER_XT_TARGET_TPROXY
        depends on NETFILTER_XTABLES
        depends on NETFILTER_ADVANCED
        depends on (IPV6 || IPV6=n)
+        depends on (IP6_NF_IPTABLES || IP6_NF_IPTABLES=n)
        depends on IP_NF_MANGLE
        select NF_DEFRAG_IPV4
        select NF_DEFRAG_IPV6 if IP6_NF_IPTABLES
@@ -1363,6 +1364,7 @@ config NETFILTER_XT_MATCH_SOCKET
        depends on NETFILTER_ADVANCED
        depends on !NF_CONNTRACK || NF_CONNTRACK
        depends on (IPV6 || IPV6=n)
+        depends on (IP6_NF_IPTABLES || IP6_NF_IPTABLES=n)
        select NF_DEFRAG_IPV4
        select NF_DEFRAG_IPV6 if IP6_NF_IPTABLES
        help
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index 49532672f66d..285eae3a1454 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -3823,6 +3823,9 @@ static void __net_exit ip_vs_control_net_cleanup_sysctl(struct net *net)
        cancel_work_sync(&ipvs->defense_work.work);
        unregister_net_sysctl_table(ipvs->sysctl_hdr);
        ip_vs_stop_estimator(net, &ipvs->tot_stats);
+        if (!net_eq(net, &init_net))
+                kfree(ipvs->sysctl_tbl);
 }
 #else
diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c
index 5caa0c41bf26..70383de72054 100644
--- a/net/netfilter/nf_conntrack_proto_tcp.c
+++ b/net/netfilter/nf_conntrack_proto_tcp.c
@@ -202,7 +202,7 @@ static const u8 tcp_conntracks[2][6][TCP_CONNTRACK_MAX] = {
 *      sES -> sES      :-)
 *      sFW -> sCW      Normal close request answered by ACK.
 *      sCW -> sCW
- *      sLA -> sTW      Last ACK detected.
+ *      sLA -> sTW      Last ACK detected (RFC5961 challenged)
 *      sTW -> sTW      Retransmitted last ACK. Remain in the same state.
 *      sCL -> sCL
 */
@@ -261,7 +261,7 @@ static const u8 tcp_conntracks[2][6][TCP_CONNTRACK_MAX] = {
 *      sES -> sES      :-)
 *      sFW -> sCW      Normal close request answered by ACK.
 *      sCW -> sCW
- *      sLA -> sTW      Last ACK detected.
+ *      sLA -> sTW      Last ACK detected (RFC5961 challenged)
 *      sTW -> sTW      Retransmitted last ACK.
 *      sCL -> sCL
 */
@@ -906,6 +906,7 @@ static int tcp_packet(struct nf_conn *ct,
                                        1 : ct->proto.tcp.last_win;
                        ct->proto.tcp.seen[ct->proto.tcp.last_dir].td_scale =
                                ct->proto.tcp.last_wscale;
+                        ct->proto.tcp.last_flags &= ~IP_CT_EXP_CHALLENGE_ACK;
                        ct->proto.tcp.seen[ct->proto.tcp.last_dir].flags =
                                ct->proto.tcp.last_flags;
                        memset(&ct->proto.tcp.seen[dir], 0,
@@ -923,7 +924,9 @@ static int tcp_packet(struct nf_conn *ct,
                 * may be in sync but we are not. In that case, we annotate
                 * the TCP options and let the packet go through. If it is a
                 * valid SYN packet, the server will reply with a SYN/ACK, and
-                 * then we'll get in sync. Otherwise, the server ignores it. */
+                 * then we'll get in sync. Otherwise, the server potentially
+                 * responds with a challenge ACK if implementing RFC5961.
+                 */
                if (index == TCP_SYN_SET && dir == IP_CT_DIR_ORIGINAL) {
                        struct ip_ct_tcp_state seen = {};
@@ -939,6 +942,13 @@ static int tcp_packet(struct nf_conn *ct,
                                ct->proto.tcp.last_flags |=
                                        IP_CT_TCP_FLAG_SACK_PERM;
                        }
+                        /* Mark the potential for RFC5961 challenge ACK,
+                         * this pose a special problem for LAST_ACK state
+                         * as ACK is intrepretated as ACKing last FIN.
+                         */
+                        if (old_state == TCP_CONNTRACK_LAST_ACK)
+                                ct->proto.tcp.last_flags |=
+                                        IP_CT_EXP_CHALLENGE_ACK;
                }
                spin_unlock_bh(&ct->lock);
                if (LOG_INVALID(net, IPPROTO_TCP))
@@ -970,6 +980,25 @@ static int tcp_packet(struct nf_conn *ct,
                        nf_log_packet(net, pf, 0, skb, NULL, NULL, NULL,
                                  "nf_ct_tcp: invalid state ");
                return -NF_ACCEPT;
+        case TCP_CONNTRACK_TIME_WAIT:
+                /* RFC5961 compliance cause stack to send "challenge-ACK"
+                 * e.g. in response to spurious SYNs.  Conntrack MUST
+                 * not believe this ACK is acking last FIN.
+                 */
+                if (old_state == TCP_CONNTRACK_LAST_ACK &&
+                    index == TCP_ACK_SET &&
+                    ct->proto.tcp.last_dir != dir &&
+                    ct->proto.tcp.last_index == TCP_SYN_SET &&
+                    (ct->proto.tcp.last_flags & IP_CT_EXP_CHALLENGE_ACK)) {
+                        /* Detected RFC5961 challenge ACK */
+                        ct->proto.tcp.last_flags &= ~IP_CT_EXP_CHALLENGE_ACK;
+                        spin_unlock_bh(&ct->lock);
+                        if (LOG_INVALID(net, IPPROTO_TCP))
+                                nf_log_packet(net, pf, 0, skb, NULL, NULL, NULL,
+                                      "nf_ct_tcp: challenge-ACK ignored ");
+                        return NF_ACCEPT; /* Don't change state */
+                }
+                break;
        case TCP_CONNTRACK_CLOSE:
                if (index == TCP_RST_SET
                    && (ct->proto.tcp.seen[!dir].flags & IP_CT_TCP_FLAG_MAXACK_SET)
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index ad9d11fb29fd..34ded09317e7 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -4472,9 +4472,9 @@ EXPORT_SYMBOL_GPL(nft_data_init);
 */
 void nft_data_uninit(const struct nft_data *data, enum nft_data_types type)
 {
-        switch (type) {
+        if (type < NFT_DATA_VERDICT)
-        case NFT_DATA_VALUE:
                return;
+        switch (type) {
        case NFT_DATA_VERDICT:
                return nft_verdict_uninit(data);
        default:
diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c
index 3ad91266c821..4ef1fae8445e 100644
--- a/net/netfilter/nfnetlink_log.c
+++ b/net/netfilter/nfnetlink_log.c
@@ -1073,7 +1073,13 @@ static struct pernet_operations nfnl_log_net_ops = {
 static int __init nfnetlink_log_init(void)
 {
-        int status = -ENOMEM;
+        int status;
+        status = register_pernet_subsys(&nfnl_log_net_ops);
+        if (status < 0) {
+                pr_err("failed to register pernet ops\n");
+                goto out;
+        }
        netlink_register_notifier(&nfulnl_rtnl_notifier);
        status = nfnetlink_subsys_register(&nfulnl_subsys);
@@ -1088,28 +1094,23 @@ static int __init nfnetlink_log_init(void)
                goto cleanup_subsys;
        }
-        status = register_pernet_subsys(&nfnl_log_net_ops);
-        if (status < 0) {
-                pr_err("failed to register pernet ops\n");
-                goto cleanup_logger;
-        }
        return status;
-cleanup_logger:
-        nf_log_unregister(&nfulnl_logger);
 cleanup_subsys:
        nfnetlink_subsys_unregister(&nfulnl_subsys);
 cleanup_netlink_notifier:
        netlink_unregister_notifier(&nfulnl_rtnl_notifier);
+        unregister_pernet_subsys(&nfnl_log_net_ops);
+out:
        return status;
 }
 static void __exit nfnetlink_log_fini(void)
 {
-        unregister_pernet_subsys(&nfnl_log_net_ops);
        nf_log_unregister(&nfulnl_logger);
        nfnetlink_subsys_unregister(&nfulnl_subsys);
        netlink_unregister_notifier(&nfulnl_rtnl_notifier);
+        unregister_pernet_subsys(&nfnl_log_net_ops);
 }
 MODULE_DESCRIPTION("netfilter userspace logging");
diff --git a/net/netfilter/nfnetlink_queue_core.c b/net/netfilter/nfnetlink_queue_core.c
index bec7c60fe4d0..22a5ac76683e 100644
--- a/net/netfilter/nfnetlink_queue_core.c
+++ b/net/netfilter/nfnetlink_queue_core.c
@@ -1317,7 +1317,13 @@ static struct pernet_operations nfnl_queue_net_ops = {
 static int __init nfnetlink_queue_init(void)
 {
-        int status = -ENOMEM;
+        int status;
+        status = register_pernet_subsys(&nfnl_queue_net_ops);
+        if (status < 0) {
+                pr_err("nf_queue: failed to register pernet ops\n");
+                goto out;
+        }
        netlink_register_notifier(&nfqnl_rtnl_notifier);
        status = nfnetlink_subsys_register(&nfqnl_subsys);
@@ -1326,19 +1332,13 @@ static int __init nfnetlink_queue_init(void)
                goto cleanup_netlink_notifier;
        }
-        status = register_pernet_subsys(&nfnl_queue_net_ops);
-        if (status < 0) {
-                pr_err("nf_queue: failed to register pernet ops\n");
-                goto cleanup_subsys;
-        }
        register_netdevice_notifier(&nfqnl_dev_notifier);
        nf_register_queue_handler(&nfqh);
        return status;
-cleanup_subsys:
-        nfnetlink_subsys_unregister(&nfqnl_subsys);
 cleanup_netlink_notifier:
        netlink_unregister_notifier(&nfqnl_rtnl_notifier);
+out:
        return status;
 }
@@ -1346,9 +1346,9 @@ static void __exit nfnetlink_queue_fini(void)
 {
        nf_unregister_queue_handler();
        unregister_netdevice_notifier(&nfqnl_dev_notifier);
-        unregister_pernet_subsys(&nfnl_queue_net_ops);
        nfnetlink_subsys_unregister(&nfqnl_subsys);
        netlink_unregister_notifier(&nfqnl_rtnl_notifier);
+        unregister_pernet_subsys(&nfnl_queue_net_ops);
        rcu_barrier(); /* Wait for completion of call_rcu()'s */
 }
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index 136056f0c62c..69d67c300b80 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -90,7 +90,7 @@ static inline int netlink_is_kernel(struct sock *sk)
        return nlk_sk(sk)->flags & NETLINK_F_KERNEL_SOCKET;
 }
-struct netlink_table *nl_table;
+struct netlink_table *nl_table __read_mostly;
 EXPORT_SYMBOL_GPL(nl_table);
 static DECLARE_WAIT_QUEUE_HEAD(nl_table_wait);
@@ -1083,6 +1083,7 @@ static int netlink_insert(struct sock *sk, u32 portid)
        if (err) {
                if (err == -EEXIST)
                        err = -EADDRINUSE;
+                nlk_sk(sk)->portid = 0;
                sock_put(sk);
        }
diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c
index b6ef9a04de06..a75864d93142 100644
--- a/net/sched/cls_api.c
+++ b/net/sched/cls_api.c
@@ -81,6 +81,11 @@ int unregister_tcf_proto_ops(struct tcf_proto_ops *ops)
        struct tcf_proto_ops *t;
        int rc = -ENOENT;
+        /* Wait for outstanding call_rcu()s, if any, from a
+         * tcf_proto_ops's destroy() handler.
+         */
+        rcu_barrier();
        write_lock(&cls_mod_lock);
        list_for_each_entry(t, &tcf_proto_base, head) {
                if (t == ops) {
diff --git a/net/switchdev/switchdev.c b/net/switchdev/switchdev.c
index d4c8cf828240..ac853acbe211 100644
--- a/net/switchdev/switchdev.c
+++ b/net/switchdev/switchdev.c
@@ -851,7 +851,7 @@ int switchdev_fib_ipv4_add(u32 dst, int dst_len, struct fib_info *fi,
        err = switchdev_port_obj_add(dev, &fib_obj);
        if (!err)
-                fi->fib_flags |= RTNH_F_EXTERNAL;
+                fi->fib_flags |= RTNH_F_OFFLOAD;
        return err;
 }
@@ -887,7 +887,7 @@ int switchdev_fib_ipv4_del(u32 dst, int dst_len, struct fib_info *fi,
        struct net_device *dev;
        int err = 0;
-        if (!(fi->fib_flags & RTNH_F_EXTERNAL))
+        if (!(fi->fib_flags & RTNH_F_OFFLOAD))
                return 0;
        dev = switchdev_get_dev_by_nhs(fi);
@@ -896,7 +896,7 @@ int switchdev_fib_ipv4_del(u32 dst, int dst_len, struct fib_info *fi,
        err = switchdev_port_obj_del(dev, &fib_obj);
        if (!err)
-                fi->fib_flags &= ~RTNH_F_EXTERNAL;
+                fi->fib_flags &= ~RTNH_F_OFFLOAD;
        return err;
 }
author	David S. Miller <davem@davemloft.net>	2015-05-23 01:22:35 -0400
committer	David S. Miller <davem@davemloft.net>	2015-05-23 01:22:35 -0400
commit	36583eb54d46c36a447afd6c379839f292397429 (patch)
tree	70f5399529dc2135a986947b37c655194da60e9d /net
parent	fa7912be967102cdbecd8ef172571b28eb22099e (diff)
parent	cf539cbd8a81e12880735a0912de8b99f46c84fd (diff)