diff options
author | Ross Zwisler <ross.zwisler@linux.intel.com> | 2018-02-03 02:26:26 -0500 |
---|---|---|
committer | Ross Zwisler <ross.zwisler@linux.intel.com> | 2018-02-03 02:26:26 -0500 |
commit | ee95f4059a833839bf52972191b2d4c3d3cec552 (patch) | |
tree | a1c8587d9b82e64a75dde376a90a3d69b0f4847a /net | |
parent | d121f07691415df824e6b60520f782f6d13b3c81 (diff) | |
parent | f81e1d35a6e36d30888c46283b8dd1022e847124 (diff) |
Merge branch 'for-4.16/nfit' into libnvdimm-for-next
Diffstat (limited to 'net')
-rw-r--r-- | net/8021q/vlan.c | 7 | ||||
-rw-r--r-- | net/bluetooth/l2cap_core.c | 20 | ||||
-rw-r--r-- | net/caif/caif_dev.c | 5 | ||||
-rw-r--r-- | net/caif/caif_usb.c | 4 | ||||
-rw-r--r-- | net/caif/cfcnfg.c | 10 | ||||
-rw-r--r-- | net/caif/cfctrl.c | 4 | ||||
-rw-r--r-- | net/core/dev.c | 14 | ||||
-rw-r--r-- | net/core/ethtool.c | 15 | ||||
-rw-r--r-- | net/core/filter.c | 6 | ||||
-rw-r--r-- | net/core/rtnetlink.c | 10 | ||||
-rw-r--r-- | net/core/sock_diag.c | 2 | ||||
-rw-r--r-- | net/core/sysctl_net_core.c | 6 | ||||
-rw-r--r-- | net/ipv4/raw.c | 4 | ||||
-rw-r--r-- | net/ipv6/exthdrs.c | 9 | ||||
-rw-r--r-- | net/ipv6/ip6_fib.c | 73 | ||||
-rw-r--r-- | net/ipv6/ip6_output.c | 5 | ||||
-rw-r--r-- | net/ipv6/ip6_tunnel.c | 15 | ||||
-rw-r--r-- | net/mac80211/rx.c | 2 | ||||
-rw-r--r-- | net/netfilter/nf_tables_api.c | 8 | ||||
-rw-r--r-- | net/netfilter/xt_bpf.c | 14 | ||||
-rw-r--r-- | net/rds/rdma.c | 4 | ||||
-rw-r--r-- | net/sched/act_gact.c | 2 | ||||
-rw-r--r-- | net/sched/act_mirred.c | 2 | ||||
-rw-r--r-- | net/sctp/input.c | 28 | ||||
-rw-r--r-- | net/sctp/socket.c | 28 | ||||
-rw-r--r-- | net/sctp/stream.c | 22 | ||||
-rw-r--r-- | net/sctp/transport.c | 29 | ||||
-rw-r--r-- | net/socket.c | 13 | ||||
-rw-r--r-- | net/tipc/group.c | 22 | ||||
-rw-r--r-- | net/wireless/nl80211.c | 3 |
30 files changed, 235 insertions, 151 deletions
diff --git a/net/8021q/vlan.c b/net/8021q/vlan.c index 8dfdd94e430f..bad01b14a4ad 100644 --- a/net/8021q/vlan.c +++ b/net/8021q/vlan.c | |||
@@ -111,12 +111,7 @@ void unregister_vlan_dev(struct net_device *dev, struct list_head *head) | |||
111 | vlan_gvrp_uninit_applicant(real_dev); | 111 | vlan_gvrp_uninit_applicant(real_dev); |
112 | } | 112 | } |
113 | 113 | ||
114 | /* Take it out of our own structures, but be sure to interlock with | 114 | vlan_vid_del(real_dev, vlan->vlan_proto, vlan_id); |
115 | * HW accelerating devices or SW vlan input packet processing if | ||
116 | * VLAN is not 0 (leave it there for 802.1p). | ||
117 | */ | ||
118 | if (vlan_id) | ||
119 | vlan_vid_del(real_dev, vlan->vlan_proto, vlan_id); | ||
120 | 115 | ||
121 | /* Get rid of the vlan's reference to real_dev */ | 116 | /* Get rid of the vlan's reference to real_dev */ |
122 | dev_put(real_dev); | 117 | dev_put(real_dev); |
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c index 43ba91c440bc..fc6615d59165 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c | |||
@@ -3363,9 +3363,10 @@ static int l2cap_parse_conf_req(struct l2cap_chan *chan, void *data, size_t data | |||
3363 | break; | 3363 | break; |
3364 | 3364 | ||
3365 | case L2CAP_CONF_EFS: | 3365 | case L2CAP_CONF_EFS: |
3366 | remote_efs = 1; | 3366 | if (olen == sizeof(efs)) { |
3367 | if (olen == sizeof(efs)) | 3367 | remote_efs = 1; |
3368 | memcpy(&efs, (void *) val, olen); | 3368 | memcpy(&efs, (void *) val, olen); |
3369 | } | ||
3369 | break; | 3370 | break; |
3370 | 3371 | ||
3371 | case L2CAP_CONF_EWS: | 3372 | case L2CAP_CONF_EWS: |
@@ -3584,16 +3585,17 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, | |||
3584 | break; | 3585 | break; |
3585 | 3586 | ||
3586 | case L2CAP_CONF_EFS: | 3587 | case L2CAP_CONF_EFS: |
3587 | if (olen == sizeof(efs)) | 3588 | if (olen == sizeof(efs)) { |
3588 | memcpy(&efs, (void *)val, olen); | 3589 | memcpy(&efs, (void *)val, olen); |
3589 | 3590 | ||
3590 | if (chan->local_stype != L2CAP_SERV_NOTRAFIC && | 3591 | if (chan->local_stype != L2CAP_SERV_NOTRAFIC && |
3591 | efs.stype != L2CAP_SERV_NOTRAFIC && | 3592 | efs.stype != L2CAP_SERV_NOTRAFIC && |
3592 | efs.stype != chan->local_stype) | 3593 | efs.stype != chan->local_stype) |
3593 | return -ECONNREFUSED; | 3594 | return -ECONNREFUSED; |
3594 | 3595 | ||
3595 | l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS, sizeof(efs), | 3596 | l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS, sizeof(efs), |
3596 | (unsigned long) &efs, endptr - ptr); | 3597 | (unsigned long) &efs, endptr - ptr); |
3598 | } | ||
3597 | break; | 3599 | break; |
3598 | 3600 | ||
3599 | case L2CAP_CONF_FCS: | 3601 | case L2CAP_CONF_FCS: |
diff --git a/net/caif/caif_dev.c b/net/caif/caif_dev.c index 2d38b6e34203..e0adcd123f48 100644 --- a/net/caif/caif_dev.c +++ b/net/caif/caif_dev.c | |||
@@ -334,9 +334,8 @@ void caif_enroll_dev(struct net_device *dev, struct caif_dev_common *caifdev, | |||
334 | mutex_lock(&caifdevs->lock); | 334 | mutex_lock(&caifdevs->lock); |
335 | list_add_rcu(&caifd->list, &caifdevs->list); | 335 | list_add_rcu(&caifd->list, &caifdevs->list); |
336 | 336 | ||
337 | strncpy(caifd->layer.name, dev->name, | 337 | strlcpy(caifd->layer.name, dev->name, |
338 | sizeof(caifd->layer.name) - 1); | 338 | sizeof(caifd->layer.name)); |
339 | caifd->layer.name[sizeof(caifd->layer.name) - 1] = 0; | ||
340 | caifd->layer.transmit = transmit; | 339 | caifd->layer.transmit = transmit; |
341 | cfcnfg_add_phy_layer(cfg, | 340 | cfcnfg_add_phy_layer(cfg, |
342 | dev, | 341 | dev, |
diff --git a/net/caif/caif_usb.c b/net/caif/caif_usb.c index 5cd44f001f64..1a082a946045 100644 --- a/net/caif/caif_usb.c +++ b/net/caif/caif_usb.c | |||
@@ -176,9 +176,7 @@ static int cfusbl_device_notify(struct notifier_block *me, unsigned long what, | |||
176 | dev_add_pack(&caif_usb_type); | 176 | dev_add_pack(&caif_usb_type); |
177 | pack_added = true; | 177 | pack_added = true; |
178 | 178 | ||
179 | strncpy(layer->name, dev->name, | 179 | strlcpy(layer->name, dev->name, sizeof(layer->name)); |
180 | sizeof(layer->name) - 1); | ||
181 | layer->name[sizeof(layer->name) - 1] = 0; | ||
182 | 180 | ||
183 | return 0; | 181 | return 0; |
184 | } | 182 | } |
diff --git a/net/caif/cfcnfg.c b/net/caif/cfcnfg.c index 273cb07f57d8..8f00bea093b9 100644 --- a/net/caif/cfcnfg.c +++ b/net/caif/cfcnfg.c | |||
@@ -268,17 +268,15 @@ static int caif_connect_req_to_link_param(struct cfcnfg *cnfg, | |||
268 | case CAIFPROTO_RFM: | 268 | case CAIFPROTO_RFM: |
269 | l->linktype = CFCTRL_SRV_RFM; | 269 | l->linktype = CFCTRL_SRV_RFM; |
270 | l->u.datagram.connid = s->sockaddr.u.rfm.connection_id; | 270 | l->u.datagram.connid = s->sockaddr.u.rfm.connection_id; |
271 | strncpy(l->u.rfm.volume, s->sockaddr.u.rfm.volume, | 271 | strlcpy(l->u.rfm.volume, s->sockaddr.u.rfm.volume, |
272 | sizeof(l->u.rfm.volume)-1); | 272 | sizeof(l->u.rfm.volume)); |
273 | l->u.rfm.volume[sizeof(l->u.rfm.volume)-1] = 0; | ||
274 | break; | 273 | break; |
275 | case CAIFPROTO_UTIL: | 274 | case CAIFPROTO_UTIL: |
276 | l->linktype = CFCTRL_SRV_UTIL; | 275 | l->linktype = CFCTRL_SRV_UTIL; |
277 | l->endpoint = 0x00; | 276 | l->endpoint = 0x00; |
278 | l->chtype = 0x00; | 277 | l->chtype = 0x00; |
279 | strncpy(l->u.utility.name, s->sockaddr.u.util.service, | 278 | strlcpy(l->u.utility.name, s->sockaddr.u.util.service, |
280 | sizeof(l->u.utility.name)-1); | 279 | sizeof(l->u.utility.name)); |
281 | l->u.utility.name[sizeof(l->u.utility.name)-1] = 0; | ||
282 | caif_assert(sizeof(l->u.utility.name) > 10); | 280 | caif_assert(sizeof(l->u.utility.name) > 10); |
283 | l->u.utility.paramlen = s->param.size; | 281 | l->u.utility.paramlen = s->param.size; |
284 | if (l->u.utility.paramlen > sizeof(l->u.utility.params)) | 282 | if (l->u.utility.paramlen > sizeof(l->u.utility.params)) |
diff --git a/net/caif/cfctrl.c b/net/caif/cfctrl.c index f5afda1abc76..655ed7032150 100644 --- a/net/caif/cfctrl.c +++ b/net/caif/cfctrl.c | |||
@@ -258,8 +258,8 @@ int cfctrl_linkup_request(struct cflayer *layer, | |||
258 | tmp16 = cpu_to_le16(param->u.utility.fifosize_bufs); | 258 | tmp16 = cpu_to_le16(param->u.utility.fifosize_bufs); |
259 | cfpkt_add_body(pkt, &tmp16, 2); | 259 | cfpkt_add_body(pkt, &tmp16, 2); |
260 | memset(utility_name, 0, sizeof(utility_name)); | 260 | memset(utility_name, 0, sizeof(utility_name)); |
261 | strncpy(utility_name, param->u.utility.name, | 261 | strlcpy(utility_name, param->u.utility.name, |
262 | UTILITY_NAME_LENGTH - 1); | 262 | UTILITY_NAME_LENGTH); |
263 | cfpkt_add_body(pkt, utility_name, UTILITY_NAME_LENGTH); | 263 | cfpkt_add_body(pkt, utility_name, UTILITY_NAME_LENGTH); |
264 | tmp8 = param->u.utility.paramlen; | 264 | tmp8 = param->u.utility.paramlen; |
265 | cfpkt_add_body(pkt, &tmp8, 1); | 265 | cfpkt_add_body(pkt, &tmp8, 1); |
diff --git a/net/core/dev.c b/net/core/dev.c index 01ee854454a8..0e0ba36eeac9 100644 --- a/net/core/dev.c +++ b/net/core/dev.c | |||
@@ -1146,7 +1146,19 @@ EXPORT_SYMBOL(dev_alloc_name); | |||
1146 | int dev_get_valid_name(struct net *net, struct net_device *dev, | 1146 | int dev_get_valid_name(struct net *net, struct net_device *dev, |
1147 | const char *name) | 1147 | const char *name) |
1148 | { | 1148 | { |
1149 | return dev_alloc_name_ns(net, dev, name); | 1149 | BUG_ON(!net); |
1150 | |||
1151 | if (!dev_valid_name(name)) | ||
1152 | return -EINVAL; | ||
1153 | |||
1154 | if (strchr(name, '%')) | ||
1155 | return dev_alloc_name_ns(net, dev, name); | ||
1156 | else if (__dev_get_by_name(net, name)) | ||
1157 | return -EEXIST; | ||
1158 | else if (dev->name != name) | ||
1159 | strlcpy(dev->name, name, IFNAMSIZ); | ||
1160 | |||
1161 | return 0; | ||
1150 | } | 1162 | } |
1151 | EXPORT_SYMBOL(dev_get_valid_name); | 1163 | EXPORT_SYMBOL(dev_get_valid_name); |
1152 | 1164 | ||
diff --git a/net/core/ethtool.c b/net/core/ethtool.c index f8fcf450a36e..8225416911ae 100644 --- a/net/core/ethtool.c +++ b/net/core/ethtool.c | |||
@@ -770,15 +770,6 @@ static int ethtool_set_link_ksettings(struct net_device *dev, | |||
770 | return dev->ethtool_ops->set_link_ksettings(dev, &link_ksettings); | 770 | return dev->ethtool_ops->set_link_ksettings(dev, &link_ksettings); |
771 | } | 771 | } |
772 | 772 | ||
773 | static void | ||
774 | warn_incomplete_ethtool_legacy_settings_conversion(const char *details) | ||
775 | { | ||
776 | char name[sizeof(current->comm)]; | ||
777 | |||
778 | pr_info_once("warning: `%s' uses legacy ethtool link settings API, %s\n", | ||
779 | get_task_comm(name, current), details); | ||
780 | } | ||
781 | |||
782 | /* Query device for its ethtool_cmd settings. | 773 | /* Query device for its ethtool_cmd settings. |
783 | * | 774 | * |
784 | * Backward compatibility note: for compatibility with legacy ethtool, | 775 | * Backward compatibility note: for compatibility with legacy ethtool, |
@@ -805,10 +796,8 @@ static int ethtool_get_settings(struct net_device *dev, void __user *useraddr) | |||
805 | &link_ksettings); | 796 | &link_ksettings); |
806 | if (err < 0) | 797 | if (err < 0) |
807 | return err; | 798 | return err; |
808 | if (!convert_link_ksettings_to_legacy_settings(&cmd, | 799 | convert_link_ksettings_to_legacy_settings(&cmd, |
809 | &link_ksettings)) | 800 | &link_ksettings); |
810 | warn_incomplete_ethtool_legacy_settings_conversion( | ||
811 | "link modes are only partially reported"); | ||
812 | 801 | ||
813 | /* send a sensible cmd tag back to user */ | 802 | /* send a sensible cmd tag back to user */ |
814 | cmd.cmd = ETHTOOL_GSET; | 803 | cmd.cmd = ETHTOOL_GSET; |
diff --git a/net/core/filter.c b/net/core/filter.c index 6a85e67fafce..d339ef170df6 100644 --- a/net/core/filter.c +++ b/net/core/filter.c | |||
@@ -1054,11 +1054,9 @@ static struct bpf_prog *bpf_migrate_filter(struct bpf_prog *fp) | |||
1054 | */ | 1054 | */ |
1055 | goto out_err_free; | 1055 | goto out_err_free; |
1056 | 1056 | ||
1057 | /* We are guaranteed to never error here with cBPF to eBPF | ||
1058 | * transitions, since there's no issue with type compatibility | ||
1059 | * checks on program arrays. | ||
1060 | */ | ||
1061 | fp = bpf_prog_select_runtime(fp, &err); | 1057 | fp = bpf_prog_select_runtime(fp, &err); |
1058 | if (err) | ||
1059 | goto out_err_free; | ||
1062 | 1060 | ||
1063 | kfree(old_prog); | 1061 | kfree(old_prog); |
1064 | return fp; | 1062 | return fp; |
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c index dabba2a91fc8..778d7f03404a 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c | |||
@@ -1681,18 +1681,18 @@ static bool link_dump_filtered(struct net_device *dev, | |||
1681 | return false; | 1681 | return false; |
1682 | } | 1682 | } |
1683 | 1683 | ||
1684 | static struct net *get_target_net(struct sk_buff *skb, int netnsid) | 1684 | static struct net *get_target_net(struct sock *sk, int netnsid) |
1685 | { | 1685 | { |
1686 | struct net *net; | 1686 | struct net *net; |
1687 | 1687 | ||
1688 | net = get_net_ns_by_id(sock_net(skb->sk), netnsid); | 1688 | net = get_net_ns_by_id(sock_net(sk), netnsid); |
1689 | if (!net) | 1689 | if (!net) |
1690 | return ERR_PTR(-EINVAL); | 1690 | return ERR_PTR(-EINVAL); |
1691 | 1691 | ||
1692 | /* For now, the caller is required to have CAP_NET_ADMIN in | 1692 | /* For now, the caller is required to have CAP_NET_ADMIN in |
1693 | * the user namespace owning the target net ns. | 1693 | * the user namespace owning the target net ns. |
1694 | */ | 1694 | */ |
1695 | if (!netlink_ns_capable(skb, net->user_ns, CAP_NET_ADMIN)) { | 1695 | if (!sk_ns_capable(sk, net->user_ns, CAP_NET_ADMIN)) { |
1696 | put_net(net); | 1696 | put_net(net); |
1697 | return ERR_PTR(-EACCES); | 1697 | return ERR_PTR(-EACCES); |
1698 | } | 1698 | } |
@@ -1733,7 +1733,7 @@ static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb) | |||
1733 | ifla_policy, NULL) >= 0) { | 1733 | ifla_policy, NULL) >= 0) { |
1734 | if (tb[IFLA_IF_NETNSID]) { | 1734 | if (tb[IFLA_IF_NETNSID]) { |
1735 | netnsid = nla_get_s32(tb[IFLA_IF_NETNSID]); | 1735 | netnsid = nla_get_s32(tb[IFLA_IF_NETNSID]); |
1736 | tgt_net = get_target_net(skb, netnsid); | 1736 | tgt_net = get_target_net(skb->sk, netnsid); |
1737 | if (IS_ERR(tgt_net)) { | 1737 | if (IS_ERR(tgt_net)) { |
1738 | tgt_net = net; | 1738 | tgt_net = net; |
1739 | netnsid = -1; | 1739 | netnsid = -1; |
@@ -2883,7 +2883,7 @@ static int rtnl_getlink(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
2883 | 2883 | ||
2884 | if (tb[IFLA_IF_NETNSID]) { | 2884 | if (tb[IFLA_IF_NETNSID]) { |
2885 | netnsid = nla_get_s32(tb[IFLA_IF_NETNSID]); | 2885 | netnsid = nla_get_s32(tb[IFLA_IF_NETNSID]); |
2886 | tgt_net = get_target_net(skb, netnsid); | 2886 | tgt_net = get_target_net(NETLINK_CB(skb).sk, netnsid); |
2887 | if (IS_ERR(tgt_net)) | 2887 | if (IS_ERR(tgt_net)) |
2888 | return PTR_ERR(tgt_net); | 2888 | return PTR_ERR(tgt_net); |
2889 | } | 2889 | } |
diff --git a/net/core/sock_diag.c b/net/core/sock_diag.c index 217f4e3b82f6..146b50e30659 100644 --- a/net/core/sock_diag.c +++ b/net/core/sock_diag.c | |||
@@ -288,7 +288,7 @@ static int sock_diag_bind(struct net *net, int group) | |||
288 | case SKNLGRP_INET6_UDP_DESTROY: | 288 | case SKNLGRP_INET6_UDP_DESTROY: |
289 | if (!sock_diag_handlers[AF_INET6]) | 289 | if (!sock_diag_handlers[AF_INET6]) |
290 | request_module("net-pf-%d-proto-%d-type-%d", PF_NETLINK, | 290 | request_module("net-pf-%d-proto-%d-type-%d", PF_NETLINK, |
291 | NETLINK_SOCK_DIAG, AF_INET); | 291 | NETLINK_SOCK_DIAG, AF_INET6); |
292 | break; | 292 | break; |
293 | } | 293 | } |
294 | return 0; | 294 | return 0; |
diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c index cbc3dde4cfcc..a47ad6cd41c0 100644 --- a/net/core/sysctl_net_core.c +++ b/net/core/sysctl_net_core.c | |||
@@ -325,7 +325,13 @@ static struct ctl_table net_core_table[] = { | |||
325 | .data = &bpf_jit_enable, | 325 | .data = &bpf_jit_enable, |
326 | .maxlen = sizeof(int), | 326 | .maxlen = sizeof(int), |
327 | .mode = 0644, | 327 | .mode = 0644, |
328 | #ifndef CONFIG_BPF_JIT_ALWAYS_ON | ||
328 | .proc_handler = proc_dointvec | 329 | .proc_handler = proc_dointvec |
330 | #else | ||
331 | .proc_handler = proc_dointvec_minmax, | ||
332 | .extra1 = &one, | ||
333 | .extra2 = &one, | ||
334 | #endif | ||
329 | }, | 335 | }, |
330 | # ifdef CONFIG_HAVE_EBPF_JIT | 336 | # ifdef CONFIG_HAVE_EBPF_JIT |
331 | { | 337 | { |
diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c index 125c1eab3eaa..5e570aa9e43b 100644 --- a/net/ipv4/raw.c +++ b/net/ipv4/raw.c | |||
@@ -520,9 +520,11 @@ static int raw_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) | |||
520 | goto out; | 520 | goto out; |
521 | 521 | ||
522 | /* hdrincl should be READ_ONCE(inet->hdrincl) | 522 | /* hdrincl should be READ_ONCE(inet->hdrincl) |
523 | * but READ_ONCE() doesn't work with bit fields | 523 | * but READ_ONCE() doesn't work with bit fields. |
524 | * Doing this indirectly yields the same result. | ||
524 | */ | 525 | */ |
525 | hdrincl = inet->hdrincl; | 526 | hdrincl = inet->hdrincl; |
527 | hdrincl = READ_ONCE(hdrincl); | ||
526 | /* | 528 | /* |
527 | * Check the flags. | 529 | * Check the flags. |
528 | */ | 530 | */ |
diff --git a/net/ipv6/exthdrs.c b/net/ipv6/exthdrs.c index 83bd75713535..bc68eb661970 100644 --- a/net/ipv6/exthdrs.c +++ b/net/ipv6/exthdrs.c | |||
@@ -925,6 +925,15 @@ static void ipv6_push_rthdr4(struct sk_buff *skb, u8 *proto, | |||
925 | sr_phdr->segments[0] = **addr_p; | 925 | sr_phdr->segments[0] = **addr_p; |
926 | *addr_p = &sr_ihdr->segments[sr_ihdr->segments_left]; | 926 | *addr_p = &sr_ihdr->segments[sr_ihdr->segments_left]; |
927 | 927 | ||
928 | if (sr_ihdr->hdrlen > hops * 2) { | ||
929 | int tlvs_offset, tlvs_length; | ||
930 | |||
931 | tlvs_offset = (1 + hops * 2) << 3; | ||
932 | tlvs_length = (sr_ihdr->hdrlen - hops * 2) << 3; | ||
933 | memcpy((char *)sr_phdr + tlvs_offset, | ||
934 | (char *)sr_ihdr + tlvs_offset, tlvs_length); | ||
935 | } | ||
936 | |||
928 | #ifdef CONFIG_IPV6_SEG6_HMAC | 937 | #ifdef CONFIG_IPV6_SEG6_HMAC |
929 | if (sr_has_hmac(sr_phdr)) { | 938 | if (sr_has_hmac(sr_phdr)) { |
930 | struct net *net = NULL; | 939 | struct net *net = NULL; |
diff --git a/net/ipv6/ip6_fib.c b/net/ipv6/ip6_fib.c index f5285f4e1d08..9dcc3924a975 100644 --- a/net/ipv6/ip6_fib.c +++ b/net/ipv6/ip6_fib.c | |||
@@ -640,6 +640,11 @@ static struct fib6_node *fib6_add_1(struct net *net, | |||
640 | if (!(fn->fn_flags & RTN_RTINFO)) { | 640 | if (!(fn->fn_flags & RTN_RTINFO)) { |
641 | RCU_INIT_POINTER(fn->leaf, NULL); | 641 | RCU_INIT_POINTER(fn->leaf, NULL); |
642 | rt6_release(leaf); | 642 | rt6_release(leaf); |
643 | /* remove null_entry in the root node */ | ||
644 | } else if (fn->fn_flags & RTN_TL_ROOT && | ||
645 | rcu_access_pointer(fn->leaf) == | ||
646 | net->ipv6.ip6_null_entry) { | ||
647 | RCU_INIT_POINTER(fn->leaf, NULL); | ||
643 | } | 648 | } |
644 | 649 | ||
645 | return fn; | 650 | return fn; |
@@ -1241,23 +1246,28 @@ out: | |||
1241 | * If fib6_add_1 has cleared the old leaf pointer in the | 1246 | * If fib6_add_1 has cleared the old leaf pointer in the |
1242 | * super-tree leaf node we have to find a new one for it. | 1247 | * super-tree leaf node we have to find a new one for it. |
1243 | */ | 1248 | */ |
1244 | struct rt6_info *pn_leaf = rcu_dereference_protected(pn->leaf, | 1249 | if (pn != fn) { |
1245 | lockdep_is_held(&table->tb6_lock)); | 1250 | struct rt6_info *pn_leaf = |
1246 | if (pn != fn && pn_leaf == rt) { | 1251 | rcu_dereference_protected(pn->leaf, |
1247 | pn_leaf = NULL; | 1252 | lockdep_is_held(&table->tb6_lock)); |
1248 | RCU_INIT_POINTER(pn->leaf, NULL); | 1253 | if (pn_leaf == rt) { |
1249 | atomic_dec(&rt->rt6i_ref); | 1254 | pn_leaf = NULL; |
1250 | } | 1255 | RCU_INIT_POINTER(pn->leaf, NULL); |
1251 | if (pn != fn && !pn_leaf && !(pn->fn_flags & RTN_RTINFO)) { | 1256 | atomic_dec(&rt->rt6i_ref); |
1252 | pn_leaf = fib6_find_prefix(info->nl_net, table, pn); | ||
1253 | #if RT6_DEBUG >= 2 | ||
1254 | if (!pn_leaf) { | ||
1255 | WARN_ON(!pn_leaf); | ||
1256 | pn_leaf = info->nl_net->ipv6.ip6_null_entry; | ||
1257 | } | 1257 | } |
1258 | if (!pn_leaf && !(pn->fn_flags & RTN_RTINFO)) { | ||
1259 | pn_leaf = fib6_find_prefix(info->nl_net, table, | ||
1260 | pn); | ||
1261 | #if RT6_DEBUG >= 2 | ||
1262 | if (!pn_leaf) { | ||
1263 | WARN_ON(!pn_leaf); | ||
1264 | pn_leaf = | ||
1265 | info->nl_net->ipv6.ip6_null_entry; | ||
1266 | } | ||
1258 | #endif | 1267 | #endif |
1259 | atomic_inc(&pn_leaf->rt6i_ref); | 1268 | atomic_inc(&pn_leaf->rt6i_ref); |
1260 | rcu_assign_pointer(pn->leaf, pn_leaf); | 1269 | rcu_assign_pointer(pn->leaf, pn_leaf); |
1270 | } | ||
1261 | } | 1271 | } |
1262 | #endif | 1272 | #endif |
1263 | goto failure; | 1273 | goto failure; |
@@ -1265,13 +1275,17 @@ out: | |||
1265 | return err; | 1275 | return err; |
1266 | 1276 | ||
1267 | failure: | 1277 | failure: |
1268 | /* fn->leaf could be NULL if fn is an intermediate node and we | 1278 | /* fn->leaf could be NULL and fib6_repair_tree() needs to be called if: |
1269 | * failed to add the new route to it in both subtree creation | 1279 | * 1. fn is an intermediate node and we failed to add the new |
1270 | * failure and fib6_add_rt2node() failure case. | 1280 | * route to it in both subtree creation failure and fib6_add_rt2node() |
1271 | * In both cases, fib6_repair_tree() should be called to fix | 1281 | * failure case. |
1272 | * fn->leaf. | 1282 | * 2. fn is the root node in the table and we fail to add the first |
1283 | * default route to it. | ||
1273 | */ | 1284 | */ |
1274 | if (fn && !(fn->fn_flags & (RTN_RTINFO|RTN_ROOT))) | 1285 | if (fn && |
1286 | (!(fn->fn_flags & (RTN_RTINFO|RTN_ROOT)) || | ||
1287 | (fn->fn_flags & RTN_TL_ROOT && | ||
1288 | !rcu_access_pointer(fn->leaf)))) | ||
1275 | fib6_repair_tree(info->nl_net, table, fn); | 1289 | fib6_repair_tree(info->nl_net, table, fn); |
1276 | /* Always release dst as dst->__refcnt is guaranteed | 1290 | /* Always release dst as dst->__refcnt is guaranteed |
1277 | * to be taken before entering this function | 1291 | * to be taken before entering this function |
@@ -1526,6 +1540,12 @@ static struct fib6_node *fib6_repair_tree(struct net *net, | |||
1526 | struct fib6_walker *w; | 1540 | struct fib6_walker *w; |
1527 | int iter = 0; | 1541 | int iter = 0; |
1528 | 1542 | ||
1543 | /* Set fn->leaf to null_entry for root node. */ | ||
1544 | if (fn->fn_flags & RTN_TL_ROOT) { | ||
1545 | rcu_assign_pointer(fn->leaf, net->ipv6.ip6_null_entry); | ||
1546 | return fn; | ||
1547 | } | ||
1548 | |||
1529 | for (;;) { | 1549 | for (;;) { |
1530 | struct fib6_node *fn_r = rcu_dereference_protected(fn->right, | 1550 | struct fib6_node *fn_r = rcu_dereference_protected(fn->right, |
1531 | lockdep_is_held(&table->tb6_lock)); | 1551 | lockdep_is_held(&table->tb6_lock)); |
@@ -1680,10 +1700,15 @@ static void fib6_del_route(struct fib6_table *table, struct fib6_node *fn, | |||
1680 | } | 1700 | } |
1681 | read_unlock(&net->ipv6.fib6_walker_lock); | 1701 | read_unlock(&net->ipv6.fib6_walker_lock); |
1682 | 1702 | ||
1683 | /* If it was last route, expunge its radix tree node */ | 1703 | /* If it was last route, call fib6_repair_tree() to: |
1704 | * 1. For root node, put back null_entry as how the table was created. | ||
1705 | * 2. For other nodes, expunge its radix tree node. | ||
1706 | */ | ||
1684 | if (!rcu_access_pointer(fn->leaf)) { | 1707 | if (!rcu_access_pointer(fn->leaf)) { |
1685 | fn->fn_flags &= ~RTN_RTINFO; | 1708 | if (!(fn->fn_flags & RTN_TL_ROOT)) { |
1686 | net->ipv6.rt6_stats->fib_route_nodes--; | 1709 | fn->fn_flags &= ~RTN_RTINFO; |
1710 | net->ipv6.rt6_stats->fib_route_nodes--; | ||
1711 | } | ||
1687 | fn = fib6_repair_tree(net, table, fn); | 1712 | fn = fib6_repair_tree(net, table, fn); |
1688 | } | 1713 | } |
1689 | 1714 | ||
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index f7dd51c42314..688ba5f7516b 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c | |||
@@ -1735,9 +1735,10 @@ struct sk_buff *ip6_make_skb(struct sock *sk, | |||
1735 | cork.base.opt = NULL; | 1735 | cork.base.opt = NULL; |
1736 | v6_cork.opt = NULL; | 1736 | v6_cork.opt = NULL; |
1737 | err = ip6_setup_cork(sk, &cork, &v6_cork, ipc6, rt, fl6); | 1737 | err = ip6_setup_cork(sk, &cork, &v6_cork, ipc6, rt, fl6); |
1738 | if (err) | 1738 | if (err) { |
1739 | ip6_cork_release(&cork, &v6_cork); | ||
1739 | return ERR_PTR(err); | 1740 | return ERR_PTR(err); |
1740 | 1741 | } | |
1741 | if (ipc6->dontfrag < 0) | 1742 | if (ipc6->dontfrag < 0) |
1742 | ipc6->dontfrag = inet6_sk(sk)->dontfrag; | 1743 | ipc6->dontfrag = inet6_sk(sk)->dontfrag; |
1743 | 1744 | ||
diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c index 931c38f6ff4a..9a7cf355bc8c 100644 --- a/net/ipv6/ip6_tunnel.c +++ b/net/ipv6/ip6_tunnel.c | |||
@@ -1074,10 +1074,11 @@ int ip6_tnl_xmit(struct sk_buff *skb, struct net_device *dev, __u8 dsfield, | |||
1074 | memcpy(&fl6->daddr, addr6, sizeof(fl6->daddr)); | 1074 | memcpy(&fl6->daddr, addr6, sizeof(fl6->daddr)); |
1075 | neigh_release(neigh); | 1075 | neigh_release(neigh); |
1076 | } | 1076 | } |
1077 | } else if (!(t->parms.flags & | 1077 | } else if (t->parms.proto != 0 && !(t->parms.flags & |
1078 | (IP6_TNL_F_USE_ORIG_TCLASS | IP6_TNL_F_USE_ORIG_FWMARK))) { | 1078 | (IP6_TNL_F_USE_ORIG_TCLASS | |
1079 | /* enable the cache only only if the routing decision does | 1079 | IP6_TNL_F_USE_ORIG_FWMARK))) { |
1080 | * not depend on the current inner header value | 1080 | /* enable the cache only if neither the outer protocol nor the |
1081 | * routing decision depends on the current inner header value | ||
1081 | */ | 1082 | */ |
1082 | use_cache = true; | 1083 | use_cache = true; |
1083 | } | 1084 | } |
@@ -1676,11 +1677,11 @@ int ip6_tnl_change_mtu(struct net_device *dev, int new_mtu) | |||
1676 | { | 1677 | { |
1677 | struct ip6_tnl *tnl = netdev_priv(dev); | 1678 | struct ip6_tnl *tnl = netdev_priv(dev); |
1678 | 1679 | ||
1679 | if (tnl->parms.proto == IPPROTO_IPIP) { | 1680 | if (tnl->parms.proto == IPPROTO_IPV6) { |
1680 | if (new_mtu < ETH_MIN_MTU) | 1681 | if (new_mtu < IPV6_MIN_MTU) |
1681 | return -EINVAL; | 1682 | return -EINVAL; |
1682 | } else { | 1683 | } else { |
1683 | if (new_mtu < IPV6_MIN_MTU) | 1684 | if (new_mtu < ETH_MIN_MTU) |
1684 | return -EINVAL; | 1685 | return -EINVAL; |
1685 | } | 1686 | } |
1686 | if (new_mtu > 0xFFF8 - dev->hard_header_len) | 1687 | if (new_mtu > 0xFFF8 - dev->hard_header_len) |
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c index 70e9d2ca8bbe..4daafb07602f 100644 --- a/net/mac80211/rx.c +++ b/net/mac80211/rx.c | |||
@@ -3632,6 +3632,8 @@ static bool ieee80211_accept_frame(struct ieee80211_rx_data *rx) | |||
3632 | } | 3632 | } |
3633 | return true; | 3633 | return true; |
3634 | case NL80211_IFTYPE_MESH_POINT: | 3634 | case NL80211_IFTYPE_MESH_POINT: |
3635 | if (ether_addr_equal(sdata->vif.addr, hdr->addr2)) | ||
3636 | return false; | ||
3635 | if (multicast) | 3637 | if (multicast) |
3636 | return true; | 3638 | return true; |
3637 | return ether_addr_equal(sdata->vif.addr, hdr->addr1); | 3639 | return ether_addr_equal(sdata->vif.addr, hdr->addr1); |
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index 10798b357481..07bd4138c84e 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c | |||
@@ -2072,7 +2072,7 @@ static int nf_tables_dump_rules(struct sk_buff *skb, | |||
2072 | continue; | 2072 | continue; |
2073 | 2073 | ||
2074 | list_for_each_entry_rcu(chain, &table->chains, list) { | 2074 | list_for_each_entry_rcu(chain, &table->chains, list) { |
2075 | if (ctx && ctx->chain[0] && | 2075 | if (ctx && ctx->chain && |
2076 | strcmp(ctx->chain, chain->name) != 0) | 2076 | strcmp(ctx->chain, chain->name) != 0) |
2077 | continue; | 2077 | continue; |
2078 | 2078 | ||
@@ -4665,8 +4665,10 @@ static int nf_tables_dump_obj_done(struct netlink_callback *cb) | |||
4665 | { | 4665 | { |
4666 | struct nft_obj_filter *filter = cb->data; | 4666 | struct nft_obj_filter *filter = cb->data; |
4667 | 4667 | ||
4668 | kfree(filter->table); | 4668 | if (filter) { |
4669 | kfree(filter); | 4669 | kfree(filter->table); |
4670 | kfree(filter); | ||
4671 | } | ||
4670 | 4672 | ||
4671 | return 0; | 4673 | return 0; |
4672 | } | 4674 | } |
diff --git a/net/netfilter/xt_bpf.c b/net/netfilter/xt_bpf.c index 1f7fbd3c7e5a..06b090d8e901 100644 --- a/net/netfilter/xt_bpf.c +++ b/net/netfilter/xt_bpf.c | |||
@@ -55,21 +55,11 @@ static int __bpf_mt_check_fd(int fd, struct bpf_prog **ret) | |||
55 | 55 | ||
56 | static int __bpf_mt_check_path(const char *path, struct bpf_prog **ret) | 56 | static int __bpf_mt_check_path(const char *path, struct bpf_prog **ret) |
57 | { | 57 | { |
58 | mm_segment_t oldfs = get_fs(); | ||
59 | int retval, fd; | ||
60 | |||
61 | if (strnlen(path, XT_BPF_PATH_MAX) == XT_BPF_PATH_MAX) | 58 | if (strnlen(path, XT_BPF_PATH_MAX) == XT_BPF_PATH_MAX) |
62 | return -EINVAL; | 59 | return -EINVAL; |
63 | 60 | ||
64 | set_fs(KERNEL_DS); | 61 | *ret = bpf_prog_get_type_path(path, BPF_PROG_TYPE_SOCKET_FILTER); |
65 | fd = bpf_obj_get_user(path, 0); | 62 | return PTR_ERR_OR_ZERO(*ret); |
66 | set_fs(oldfs); | ||
67 | if (fd < 0) | ||
68 | return fd; | ||
69 | |||
70 | retval = __bpf_mt_check_fd(fd, ret); | ||
71 | sys_close(fd); | ||
72 | return retval; | ||
73 | } | 63 | } |
74 | 64 | ||
75 | static int bpf_mt_check(const struct xt_mtchk_param *par) | 65 | static int bpf_mt_check(const struct xt_mtchk_param *par) |
diff --git a/net/rds/rdma.c b/net/rds/rdma.c index bc2f1e0977d6..634cfcb7bba6 100644 --- a/net/rds/rdma.c +++ b/net/rds/rdma.c | |||
@@ -525,6 +525,9 @@ int rds_rdma_extra_size(struct rds_rdma_args *args) | |||
525 | 525 | ||
526 | local_vec = (struct rds_iovec __user *)(unsigned long) args->local_vec_addr; | 526 | local_vec = (struct rds_iovec __user *)(unsigned long) args->local_vec_addr; |
527 | 527 | ||
528 | if (args->nr_local == 0) | ||
529 | return -EINVAL; | ||
530 | |||
528 | /* figure out the number of pages in the vector */ | 531 | /* figure out the number of pages in the vector */ |
529 | for (i = 0; i < args->nr_local; i++) { | 532 | for (i = 0; i < args->nr_local; i++) { |
530 | if (copy_from_user(&vec, &local_vec[i], | 533 | if (copy_from_user(&vec, &local_vec[i], |
@@ -874,6 +877,7 @@ int rds_cmsg_atomic(struct rds_sock *rs, struct rds_message *rm, | |||
874 | err: | 877 | err: |
875 | if (page) | 878 | if (page) |
876 | put_page(page); | 879 | put_page(page); |
880 | rm->atomic.op_active = 0; | ||
877 | kfree(rm->atomic.op_notifier); | 881 | kfree(rm->atomic.op_notifier); |
878 | 882 | ||
879 | return ret; | 883 | return ret; |
diff --git a/net/sched/act_gact.c b/net/sched/act_gact.c index e29a48ef7fc3..a0ac42b3ed06 100644 --- a/net/sched/act_gact.c +++ b/net/sched/act_gact.c | |||
@@ -159,7 +159,7 @@ static void tcf_gact_stats_update(struct tc_action *a, u64 bytes, u32 packets, | |||
159 | if (action == TC_ACT_SHOT) | 159 | if (action == TC_ACT_SHOT) |
160 | this_cpu_ptr(gact->common.cpu_qstats)->drops += packets; | 160 | this_cpu_ptr(gact->common.cpu_qstats)->drops += packets; |
161 | 161 | ||
162 | tm->lastuse = lastuse; | 162 | tm->lastuse = max_t(u64, tm->lastuse, lastuse); |
163 | } | 163 | } |
164 | 164 | ||
165 | static int tcf_gact_dump(struct sk_buff *skb, struct tc_action *a, | 165 | static int tcf_gact_dump(struct sk_buff *skb, struct tc_action *a, |
diff --git a/net/sched/act_mirred.c b/net/sched/act_mirred.c index 8b3e59388480..08b61849c2a2 100644 --- a/net/sched/act_mirred.c +++ b/net/sched/act_mirred.c | |||
@@ -239,7 +239,7 @@ static void tcf_stats_update(struct tc_action *a, u64 bytes, u32 packets, | |||
239 | struct tcf_t *tm = &m->tcf_tm; | 239 | struct tcf_t *tm = &m->tcf_tm; |
240 | 240 | ||
241 | _bstats_cpu_update(this_cpu_ptr(a->cpu_bstats), bytes, packets); | 241 | _bstats_cpu_update(this_cpu_ptr(a->cpu_bstats), bytes, packets); |
242 | tm->lastuse = lastuse; | 242 | tm->lastuse = max_t(u64, tm->lastuse, lastuse); |
243 | } | 243 | } |
244 | 244 | ||
245 | static int tcf_mirred_dump(struct sk_buff *skb, struct tc_action *a, int bind, | 245 | static int tcf_mirred_dump(struct sk_buff *skb, struct tc_action *a, int bind, |
diff --git a/net/sctp/input.c b/net/sctp/input.c index 621b5ca3fd1c..141c9c466ec1 100644 --- a/net/sctp/input.c +++ b/net/sctp/input.c | |||
@@ -399,20 +399,24 @@ void sctp_icmp_frag_needed(struct sock *sk, struct sctp_association *asoc, | |||
399 | return; | 399 | return; |
400 | } | 400 | } |
401 | 401 | ||
402 | if (t->param_flags & SPP_PMTUD_ENABLE) { | 402 | if (!(t->param_flags & SPP_PMTUD_ENABLE)) |
403 | /* Update transports view of the MTU */ | 403 | /* We can't allow retransmitting in such case, as the |
404 | sctp_transport_update_pmtu(t, pmtu); | 404 | * retransmission would be sized just as before, and thus we |
405 | 405 | * would get another icmp, and retransmit again. | |
406 | /* Update association pmtu. */ | 406 | */ |
407 | sctp_assoc_sync_pmtu(asoc); | 407 | return; |
408 | } | ||
409 | 408 | ||
410 | /* Retransmit with the new pmtu setting. | 409 | /* Update transports view of the MTU. Return if no update was needed. |
411 | * Normally, if PMTU discovery is disabled, an ICMP Fragmentation | 410 | * If an update wasn't needed/possible, it also doesn't make sense to |
412 | * Needed will never be sent, but if a message was sent before | 411 | * try to retransmit now. |
413 | * PMTU discovery was disabled that was larger than the PMTU, it | ||
414 | * would not be fragmented, so it must be re-transmitted fragmented. | ||
415 | */ | 412 | */ |
413 | if (!sctp_transport_update_pmtu(t, pmtu)) | ||
414 | return; | ||
415 | |||
416 | /* Update association pmtu. */ | ||
417 | sctp_assoc_sync_pmtu(asoc); | ||
418 | |||
419 | /* Retransmit with the new pmtu setting. */ | ||
416 | sctp_retransmit(&asoc->outqueue, t, SCTP_RTXR_PMTUD); | 420 | sctp_retransmit(&asoc->outqueue, t, SCTP_RTXR_PMTUD); |
417 | } | 421 | } |
418 | 422 | ||
diff --git a/net/sctp/socket.c b/net/sctp/socket.c index b4fb6e4886d2..9b01e994f661 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c | |||
@@ -2277,7 +2277,7 @@ static int sctp_setsockopt_events(struct sock *sk, char __user *optval, | |||
2277 | 2277 | ||
2278 | if (asoc && sctp_outq_is_empty(&asoc->outqueue)) { | 2278 | if (asoc && sctp_outq_is_empty(&asoc->outqueue)) { |
2279 | event = sctp_ulpevent_make_sender_dry_event(asoc, | 2279 | event = sctp_ulpevent_make_sender_dry_event(asoc, |
2280 | GFP_ATOMIC); | 2280 | GFP_USER | __GFP_NOWARN); |
2281 | if (!event) | 2281 | if (!event) |
2282 | return -ENOMEM; | 2282 | return -ENOMEM; |
2283 | 2283 | ||
@@ -3498,6 +3498,8 @@ static int sctp_setsockopt_hmac_ident(struct sock *sk, | |||
3498 | 3498 | ||
3499 | if (optlen < sizeof(struct sctp_hmacalgo)) | 3499 | if (optlen < sizeof(struct sctp_hmacalgo)) |
3500 | return -EINVAL; | 3500 | return -EINVAL; |
3501 | optlen = min_t(unsigned int, optlen, sizeof(struct sctp_hmacalgo) + | ||
3502 | SCTP_AUTH_NUM_HMACS * sizeof(u16)); | ||
3501 | 3503 | ||
3502 | hmacs = memdup_user(optval, optlen); | 3504 | hmacs = memdup_user(optval, optlen); |
3503 | if (IS_ERR(hmacs)) | 3505 | if (IS_ERR(hmacs)) |
@@ -3536,6 +3538,11 @@ static int sctp_setsockopt_auth_key(struct sock *sk, | |||
3536 | 3538 | ||
3537 | if (optlen <= sizeof(struct sctp_authkey)) | 3539 | if (optlen <= sizeof(struct sctp_authkey)) |
3538 | return -EINVAL; | 3540 | return -EINVAL; |
3541 | /* authkey->sca_keylength is u16, so optlen can't be bigger than | ||
3542 | * this. | ||
3543 | */ | ||
3544 | optlen = min_t(unsigned int, optlen, USHRT_MAX + | ||
3545 | sizeof(struct sctp_authkey)); | ||
3539 | 3546 | ||
3540 | authkey = memdup_user(optval, optlen); | 3547 | authkey = memdup_user(optval, optlen); |
3541 | if (IS_ERR(authkey)) | 3548 | if (IS_ERR(authkey)) |
@@ -3893,6 +3900,9 @@ static int sctp_setsockopt_reset_streams(struct sock *sk, | |||
3893 | 3900 | ||
3894 | if (optlen < sizeof(*params)) | 3901 | if (optlen < sizeof(*params)) |
3895 | return -EINVAL; | 3902 | return -EINVAL; |
3903 | /* srs_number_streams is u16, so optlen can't be bigger than this. */ | ||
3904 | optlen = min_t(unsigned int, optlen, USHRT_MAX + | ||
3905 | sizeof(__u16) * sizeof(*params)); | ||
3896 | 3906 | ||
3897 | params = memdup_user(optval, optlen); | 3907 | params = memdup_user(optval, optlen); |
3898 | if (IS_ERR(params)) | 3908 | if (IS_ERR(params)) |
@@ -5015,7 +5025,7 @@ static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optv | |||
5015 | len = sizeof(int); | 5025 | len = sizeof(int); |
5016 | if (put_user(len, optlen)) | 5026 | if (put_user(len, optlen)) |
5017 | return -EFAULT; | 5027 | return -EFAULT; |
5018 | if (copy_to_user(optval, &sctp_sk(sk)->autoclose, sizeof(int))) | 5028 | if (copy_to_user(optval, &sctp_sk(sk)->autoclose, len)) |
5019 | return -EFAULT; | 5029 | return -EFAULT; |
5020 | return 0; | 5030 | return 0; |
5021 | } | 5031 | } |
@@ -5645,6 +5655,9 @@ copy_getaddrs: | |||
5645 | err = -EFAULT; | 5655 | err = -EFAULT; |
5646 | goto out; | 5656 | goto out; |
5647 | } | 5657 | } |
5658 | /* XXX: We should have accounted for sizeof(struct sctp_getaddrs) too, | ||
5659 | * but we can't change it anymore. | ||
5660 | */ | ||
5648 | if (put_user(bytes_copied, optlen)) | 5661 | if (put_user(bytes_copied, optlen)) |
5649 | err = -EFAULT; | 5662 | err = -EFAULT; |
5650 | out: | 5663 | out: |
@@ -6081,7 +6094,7 @@ static int sctp_getsockopt_maxseg(struct sock *sk, int len, | |||
6081 | params.assoc_id = 0; | 6094 | params.assoc_id = 0; |
6082 | } else if (len >= sizeof(struct sctp_assoc_value)) { | 6095 | } else if (len >= sizeof(struct sctp_assoc_value)) { |
6083 | len = sizeof(struct sctp_assoc_value); | 6096 | len = sizeof(struct sctp_assoc_value); |
6084 | if (copy_from_user(¶ms, optval, sizeof(params))) | 6097 | if (copy_from_user(¶ms, optval, len)) |
6085 | return -EFAULT; | 6098 | return -EFAULT; |
6086 | } else | 6099 | } else |
6087 | return -EINVAL; | 6100 | return -EINVAL; |
@@ -6251,7 +6264,9 @@ static int sctp_getsockopt_active_key(struct sock *sk, int len, | |||
6251 | 6264 | ||
6252 | if (len < sizeof(struct sctp_authkeyid)) | 6265 | if (len < sizeof(struct sctp_authkeyid)) |
6253 | return -EINVAL; | 6266 | return -EINVAL; |
6254 | if (copy_from_user(&val, optval, sizeof(struct sctp_authkeyid))) | 6267 | |
6268 | len = sizeof(struct sctp_authkeyid); | ||
6269 | if (copy_from_user(&val, optval, len)) | ||
6255 | return -EFAULT; | 6270 | return -EFAULT; |
6256 | 6271 | ||
6257 | asoc = sctp_id2assoc(sk, val.scact_assoc_id); | 6272 | asoc = sctp_id2assoc(sk, val.scact_assoc_id); |
@@ -6263,7 +6278,6 @@ static int sctp_getsockopt_active_key(struct sock *sk, int len, | |||
6263 | else | 6278 | else |
6264 | val.scact_keynumber = ep->active_key_id; | 6279 | val.scact_keynumber = ep->active_key_id; |
6265 | 6280 | ||
6266 | len = sizeof(struct sctp_authkeyid); | ||
6267 | if (put_user(len, optlen)) | 6281 | if (put_user(len, optlen)) |
6268 | return -EFAULT; | 6282 | return -EFAULT; |
6269 | if (copy_to_user(optval, &val, len)) | 6283 | if (copy_to_user(optval, &val, len)) |
@@ -6289,7 +6303,7 @@ static int sctp_getsockopt_peer_auth_chunks(struct sock *sk, int len, | |||
6289 | if (len < sizeof(struct sctp_authchunks)) | 6303 | if (len < sizeof(struct sctp_authchunks)) |
6290 | return -EINVAL; | 6304 | return -EINVAL; |
6291 | 6305 | ||
6292 | if (copy_from_user(&val, optval, sizeof(struct sctp_authchunks))) | 6306 | if (copy_from_user(&val, optval, sizeof(val))) |
6293 | return -EFAULT; | 6307 | return -EFAULT; |
6294 | 6308 | ||
6295 | to = p->gauth_chunks; | 6309 | to = p->gauth_chunks; |
@@ -6334,7 +6348,7 @@ static int sctp_getsockopt_local_auth_chunks(struct sock *sk, int len, | |||
6334 | if (len < sizeof(struct sctp_authchunks)) | 6348 | if (len < sizeof(struct sctp_authchunks)) |
6335 | return -EINVAL; | 6349 | return -EINVAL; |
6336 | 6350 | ||
6337 | if (copy_from_user(&val, optval, sizeof(struct sctp_authchunks))) | 6351 | if (copy_from_user(&val, optval, sizeof(val))) |
6338 | return -EFAULT; | 6352 | return -EFAULT; |
6339 | 6353 | ||
6340 | to = p->gauth_chunks; | 6354 | to = p->gauth_chunks; |
diff --git a/net/sctp/stream.c b/net/sctp/stream.c index 76ea66be0bbe..524dfeb94c41 100644 --- a/net/sctp/stream.c +++ b/net/sctp/stream.c | |||
@@ -156,9 +156,9 @@ int sctp_stream_init(struct sctp_stream *stream, __u16 outcnt, __u16 incnt, | |||
156 | sctp_stream_outq_migrate(stream, NULL, outcnt); | 156 | sctp_stream_outq_migrate(stream, NULL, outcnt); |
157 | sched->sched_all(stream); | 157 | sched->sched_all(stream); |
158 | 158 | ||
159 | i = sctp_stream_alloc_out(stream, outcnt, gfp); | 159 | ret = sctp_stream_alloc_out(stream, outcnt, gfp); |
160 | if (i) | 160 | if (ret) |
161 | return i; | 161 | goto out; |
162 | 162 | ||
163 | stream->outcnt = outcnt; | 163 | stream->outcnt = outcnt; |
164 | for (i = 0; i < stream->outcnt; i++) | 164 | for (i = 0; i < stream->outcnt; i++) |
@@ -170,19 +170,17 @@ in: | |||
170 | if (!incnt) | 170 | if (!incnt) |
171 | goto out; | 171 | goto out; |
172 | 172 | ||
173 | i = sctp_stream_alloc_in(stream, incnt, gfp); | 173 | ret = sctp_stream_alloc_in(stream, incnt, gfp); |
174 | if (i) { | 174 | if (ret) { |
175 | ret = -ENOMEM; | 175 | sched->free(stream); |
176 | goto free; | 176 | kfree(stream->out); |
177 | stream->out = NULL; | ||
178 | stream->outcnt = 0; | ||
179 | goto out; | ||
177 | } | 180 | } |
178 | 181 | ||
179 | stream->incnt = incnt; | 182 | stream->incnt = incnt; |
180 | goto out; | ||
181 | 183 | ||
182 | free: | ||
183 | sched->free(stream); | ||
184 | kfree(stream->out); | ||
185 | stream->out = NULL; | ||
186 | out: | 184 | out: |
187 | return ret; | 185 | return ret; |
188 | } | 186 | } |
diff --git a/net/sctp/transport.c b/net/sctp/transport.c index 1e5a22430cf5..47f82bd794d9 100644 --- a/net/sctp/transport.c +++ b/net/sctp/transport.c | |||
@@ -248,28 +248,37 @@ void sctp_transport_pmtu(struct sctp_transport *transport, struct sock *sk) | |||
248 | transport->pathmtu = SCTP_DEFAULT_MAXSEGMENT; | 248 | transport->pathmtu = SCTP_DEFAULT_MAXSEGMENT; |
249 | } | 249 | } |
250 | 250 | ||
251 | void sctp_transport_update_pmtu(struct sctp_transport *t, u32 pmtu) | 251 | bool sctp_transport_update_pmtu(struct sctp_transport *t, u32 pmtu) |
252 | { | 252 | { |
253 | struct dst_entry *dst = sctp_transport_dst_check(t); | 253 | struct dst_entry *dst = sctp_transport_dst_check(t); |
254 | bool change = true; | ||
254 | 255 | ||
255 | if (unlikely(pmtu < SCTP_DEFAULT_MINSEGMENT)) { | 256 | if (unlikely(pmtu < SCTP_DEFAULT_MINSEGMENT)) { |
256 | pr_warn("%s: Reported pmtu %d too low, using default minimum of %d\n", | 257 | pr_warn_ratelimited("%s: Reported pmtu %d too low, using default minimum of %d\n", |
257 | __func__, pmtu, SCTP_DEFAULT_MINSEGMENT); | 258 | __func__, pmtu, SCTP_DEFAULT_MINSEGMENT); |
258 | /* Use default minimum segment size and disable | 259 | /* Use default minimum segment instead */ |
259 | * pmtu discovery on this transport. | 260 | pmtu = SCTP_DEFAULT_MINSEGMENT; |
260 | */ | ||
261 | t->pathmtu = SCTP_DEFAULT_MINSEGMENT; | ||
262 | } else { | ||
263 | t->pathmtu = pmtu; | ||
264 | } | 261 | } |
262 | pmtu = SCTP_TRUNC4(pmtu); | ||
265 | 263 | ||
266 | if (dst) { | 264 | if (dst) { |
267 | dst->ops->update_pmtu(dst, t->asoc->base.sk, NULL, pmtu); | 265 | dst->ops->update_pmtu(dst, t->asoc->base.sk, NULL, pmtu); |
268 | dst = sctp_transport_dst_check(t); | 266 | dst = sctp_transport_dst_check(t); |
269 | } | 267 | } |
270 | 268 | ||
271 | if (!dst) | 269 | if (!dst) { |
272 | t->af_specific->get_dst(t, &t->saddr, &t->fl, t->asoc->base.sk); | 270 | t->af_specific->get_dst(t, &t->saddr, &t->fl, t->asoc->base.sk); |
271 | dst = t->dst; | ||
272 | } | ||
273 | |||
274 | if (dst) { | ||
275 | /* Re-fetch, as under layers may have a higher minimum size */ | ||
276 | pmtu = SCTP_TRUNC4(dst_mtu(dst)); | ||
277 | change = t->pathmtu != pmtu; | ||
278 | } | ||
279 | t->pathmtu = pmtu; | ||
280 | |||
281 | return change; | ||
273 | } | 282 | } |
274 | 283 | ||
275 | /* Caches the dst entry and source address for a transport's destination | 284 | /* Caches the dst entry and source address for a transport's destination |
diff --git a/net/socket.c b/net/socket.c index 05f361faec45..6f05d5c4bf30 100644 --- a/net/socket.c +++ b/net/socket.c | |||
@@ -436,8 +436,10 @@ static int sock_map_fd(struct socket *sock, int flags) | |||
436 | { | 436 | { |
437 | struct file *newfile; | 437 | struct file *newfile; |
438 | int fd = get_unused_fd_flags(flags); | 438 | int fd = get_unused_fd_flags(flags); |
439 | if (unlikely(fd < 0)) | 439 | if (unlikely(fd < 0)) { |
440 | sock_release(sock); | ||
440 | return fd; | 441 | return fd; |
442 | } | ||
441 | 443 | ||
442 | newfile = sock_alloc_file(sock, flags, NULL); | 444 | newfile = sock_alloc_file(sock, flags, NULL); |
443 | if (likely(!IS_ERR(newfile))) { | 445 | if (likely(!IS_ERR(newfile))) { |
@@ -2619,6 +2621,15 @@ out_fs: | |||
2619 | 2621 | ||
2620 | core_initcall(sock_init); /* early initcall */ | 2622 | core_initcall(sock_init); /* early initcall */ |
2621 | 2623 | ||
2624 | static int __init jit_init(void) | ||
2625 | { | ||
2626 | #ifdef CONFIG_BPF_JIT_ALWAYS_ON | ||
2627 | bpf_jit_enable = 1; | ||
2628 | #endif | ||
2629 | return 0; | ||
2630 | } | ||
2631 | pure_initcall(jit_init); | ||
2632 | |||
2622 | #ifdef CONFIG_PROC_FS | 2633 | #ifdef CONFIG_PROC_FS |
2623 | void socket_seq_show(struct seq_file *seq) | 2634 | void socket_seq_show(struct seq_file *seq) |
2624 | { | 2635 | { |
diff --git a/net/tipc/group.c b/net/tipc/group.c index 8e12ab55346b..5f4ffae807ee 100644 --- a/net/tipc/group.c +++ b/net/tipc/group.c | |||
@@ -109,7 +109,8 @@ static void tipc_group_proto_xmit(struct tipc_group *grp, struct tipc_member *m, | |||
109 | static void tipc_group_decr_active(struct tipc_group *grp, | 109 | static void tipc_group_decr_active(struct tipc_group *grp, |
110 | struct tipc_member *m) | 110 | struct tipc_member *m) |
111 | { | 111 | { |
112 | if (m->state == MBR_ACTIVE || m->state == MBR_RECLAIMING) | 112 | if (m->state == MBR_ACTIVE || m->state == MBR_RECLAIMING || |
113 | m->state == MBR_REMITTED) | ||
113 | grp->active_cnt--; | 114 | grp->active_cnt--; |
114 | } | 115 | } |
115 | 116 | ||
@@ -562,7 +563,7 @@ void tipc_group_update_rcv_win(struct tipc_group *grp, int blks, u32 node, | |||
562 | int max_active = grp->max_active; | 563 | int max_active = grp->max_active; |
563 | int reclaim_limit = max_active * 3 / 4; | 564 | int reclaim_limit = max_active * 3 / 4; |
564 | int active_cnt = grp->active_cnt; | 565 | int active_cnt = grp->active_cnt; |
565 | struct tipc_member *m, *rm; | 566 | struct tipc_member *m, *rm, *pm; |
566 | 567 | ||
567 | m = tipc_group_find_member(grp, node, port); | 568 | m = tipc_group_find_member(grp, node, port); |
568 | if (!m) | 569 | if (!m) |
@@ -605,6 +606,17 @@ void tipc_group_update_rcv_win(struct tipc_group *grp, int blks, u32 node, | |||
605 | pr_warn_ratelimited("Rcv unexpected msg after REMIT\n"); | 606 | pr_warn_ratelimited("Rcv unexpected msg after REMIT\n"); |
606 | tipc_group_proto_xmit(grp, m, GRP_ADV_MSG, xmitq); | 607 | tipc_group_proto_xmit(grp, m, GRP_ADV_MSG, xmitq); |
607 | } | 608 | } |
609 | grp->active_cnt--; | ||
610 | list_del_init(&m->list); | ||
611 | if (list_empty(&grp->pending)) | ||
612 | return; | ||
613 | |||
614 | /* Set oldest pending member to active and advertise */ | ||
615 | pm = list_first_entry(&grp->pending, struct tipc_member, list); | ||
616 | pm->state = MBR_ACTIVE; | ||
617 | list_move_tail(&pm->list, &grp->active); | ||
618 | grp->active_cnt++; | ||
619 | tipc_group_proto_xmit(grp, pm, GRP_ADV_MSG, xmitq); | ||
608 | break; | 620 | break; |
609 | case MBR_RECLAIMING: | 621 | case MBR_RECLAIMING: |
610 | case MBR_DISCOVERED: | 622 | case MBR_DISCOVERED: |
@@ -742,14 +754,14 @@ void tipc_group_proto_rcv(struct tipc_group *grp, bool *usr_wakeup, | |||
742 | if (!m || m->state != MBR_RECLAIMING) | 754 | if (!m || m->state != MBR_RECLAIMING) |
743 | return; | 755 | return; |
744 | 756 | ||
745 | list_del_init(&m->list); | ||
746 | grp->active_cnt--; | ||
747 | remitted = msg_grp_remitted(hdr); | 757 | remitted = msg_grp_remitted(hdr); |
748 | 758 | ||
749 | /* Messages preceding the REMIT still in receive queue */ | 759 | /* Messages preceding the REMIT still in receive queue */ |
750 | if (m->advertised > remitted) { | 760 | if (m->advertised > remitted) { |
751 | m->state = MBR_REMITTED; | 761 | m->state = MBR_REMITTED; |
752 | in_flight = m->advertised - remitted; | 762 | in_flight = m->advertised - remitted; |
763 | m->advertised = ADV_IDLE + in_flight; | ||
764 | return; | ||
753 | } | 765 | } |
754 | /* All messages preceding the REMIT have been read */ | 766 | /* All messages preceding the REMIT have been read */ |
755 | if (m->advertised <= remitted) { | 767 | if (m->advertised <= remitted) { |
@@ -761,6 +773,8 @@ void tipc_group_proto_rcv(struct tipc_group *grp, bool *usr_wakeup, | |||
761 | tipc_group_proto_xmit(grp, m, GRP_ADV_MSG, xmitq); | 773 | tipc_group_proto_xmit(grp, m, GRP_ADV_MSG, xmitq); |
762 | 774 | ||
763 | m->advertised = ADV_IDLE + in_flight; | 775 | m->advertised = ADV_IDLE + in_flight; |
776 | grp->active_cnt--; | ||
777 | list_del_init(&m->list); | ||
764 | 778 | ||
765 | /* Set oldest pending member to active and advertise */ | 779 | /* Set oldest pending member to active and advertise */ |
766 | if (list_empty(&grp->pending)) | 780 | if (list_empty(&grp->pending)) |
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index 213d0c498c97..2b3dbcd40e46 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c | |||
@@ -11361,7 +11361,8 @@ static int nl80211_nan_add_func(struct sk_buff *skb, | |||
11361 | break; | 11361 | break; |
11362 | case NL80211_NAN_FUNC_FOLLOW_UP: | 11362 | case NL80211_NAN_FUNC_FOLLOW_UP: |
11363 | if (!tb[NL80211_NAN_FUNC_FOLLOW_UP_ID] || | 11363 | if (!tb[NL80211_NAN_FUNC_FOLLOW_UP_ID] || |
11364 | !tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID]) { | 11364 | !tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] || |
11365 | !tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]) { | ||
11365 | err = -EINVAL; | 11366 | err = -EINVAL; |
11366 | goto out; | 11367 | goto out; |
11367 | } | 11368 | } |