aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--MAINTAINERS18
-rw-r--r--drivers/net/ethernet/qlogic/qed/qed_dcbx.c13
-rw-r--r--drivers/net/ethernet/renesas/sh_eth.c122
-rw-r--r--drivers/net/phy/dp83640.c2
-rw-r--r--drivers/net/usb/ch9200.c9
-rw-r--r--drivers/net/usb/cx82310_eth.c7
-rw-r--r--drivers/net/usb/kaweth.c18
-rw-r--r--drivers/net/usb/lan78xx.c9
-rw-r--r--drivers/net/usb/smsc75xx.c8
-rw-r--r--drivers/net/usb/smsc95xx.c12
-rw-r--r--drivers/net/usb/sr9700.c9
-rw-r--r--include/uapi/linux/ipv6_route.h2
-rw-r--r--net/core/netpoll.c10
-rw-r--r--net/core/skbuff.c18
-rw-r--r--net/ipv6/exthdrs.c1
-rw-r--r--net/ipv6/ip6mr.c13
-rw-r--r--net/ipv6/route.c4
-rw-r--r--net/ipv6/seg6.c3
-rw-r--r--net/key/af_key.c93
-rw-r--r--net/mac80211/rx.c86
-rw-r--r--net/qrtr/qrtr.c4
-rw-r--r--net/sched/act_api.c55
-rw-r--r--tools/testing/selftests/bpf/test_maps.c4
-rw-r--r--tools/testing/selftests/net/psock_fanout.c22
-rw-r--r--tools/testing/selftests/net/psock_lib.h13
25 files changed, 345 insertions, 210 deletions
diff --git a/MAINTAINERS b/MAINTAINERS
index 676c139bc883..38d3e4ed7208 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -2585,12 +2585,26 @@ F: include/uapi/linux/if_bonding.h
2585 2585
2586BPF (Safe dynamic programs and tools) 2586BPF (Safe dynamic programs and tools)
2587M: Alexei Starovoitov <ast@kernel.org> 2587M: Alexei Starovoitov <ast@kernel.org>
2588M: Daniel Borkmann <daniel@iogearbox.net>
2588L: netdev@vger.kernel.org 2589L: netdev@vger.kernel.org
2589L: linux-kernel@vger.kernel.org 2590L: linux-kernel@vger.kernel.org
2590S: Supported 2591S: Supported
2592F: arch/x86/net/bpf_jit*
2593F: Documentation/networking/filter.txt
2594F: include/linux/bpf*
2595F: include/linux/filter.h
2596F: include/uapi/linux/bpf*
2597F: include/uapi/linux/filter.h
2591F: kernel/bpf/ 2598F: kernel/bpf/
2592F: tools/testing/selftests/bpf/ 2599F: kernel/trace/bpf_trace.c
2593F: lib/test_bpf.c 2600F: lib/test_bpf.c
2601F: net/bpf/
2602F: net/core/filter.c
2603F: net/sched/act_bpf.c
2604F: net/sched/cls_bpf.c
2605F: samples/bpf/
2606F: tools/net/bpf*
2607F: tools/testing/selftests/bpf/
2594 2608
2595BROADCOM B44 10/100 ETHERNET DRIVER 2609BROADCOM B44 10/100 ETHERNET DRIVER
2596M: Michael Chan <michael.chan@broadcom.com> 2610M: Michael Chan <michael.chan@broadcom.com>
@@ -8761,6 +8775,7 @@ W: http://www.linuxfoundation.org/en/Net
8761Q: http://patchwork.ozlabs.org/project/netdev/list/ 8775Q: http://patchwork.ozlabs.org/project/netdev/list/
8762T: git git://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git 8776T: git git://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git
8763T: git git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git 8777T: git git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git
8778B: mailto:netdev@vger.kernel.org
8764S: Maintained 8779S: Maintained
8765F: net/ 8780F: net/
8766F: include/net/ 8781F: include/net/
@@ -12464,7 +12479,6 @@ F: drivers/clk/ti/
12464F: include/linux/clk/ti.h 12479F: include/linux/clk/ti.h
12465 12480
12466TI ETHERNET SWITCH DRIVER (CPSW) 12481TI ETHERNET SWITCH DRIVER (CPSW)
12467M: Mugunthan V N <mugunthanvnm@ti.com>
12468R: Grygorii Strashko <grygorii.strashko@ti.com> 12482R: Grygorii Strashko <grygorii.strashko@ti.com>
12469L: linux-omap@vger.kernel.org 12483L: linux-omap@vger.kernel.org
12470L: netdev@vger.kernel.org 12484L: netdev@vger.kernel.org
diff --git a/drivers/net/ethernet/qlogic/qed/qed_dcbx.c b/drivers/net/ethernet/qlogic/qed/qed_dcbx.c
index 5bd36a4a8fcd..a6e2bbe629bd 100644
--- a/drivers/net/ethernet/qlogic/qed/qed_dcbx.c
+++ b/drivers/net/ethernet/qlogic/qed/qed_dcbx.c
@@ -583,6 +583,13 @@ qed_dcbx_get_ets_data(struct qed_hwfn *p_hwfn,
583 p_params->ets_cbs, 583 p_params->ets_cbs,
584 p_ets->pri_tc_tbl[0], p_params->max_ets_tc); 584 p_ets->pri_tc_tbl[0], p_params->max_ets_tc);
585 585
586 if (p_params->ets_enabled && !p_params->max_ets_tc) {
587 p_params->max_ets_tc = QED_MAX_PFC_PRIORITIES;
588 DP_VERBOSE(p_hwfn, QED_MSG_DCB,
589 "ETS params: max_ets_tc is forced to %d\n",
590 p_params->max_ets_tc);
591 }
592
586 /* 8 bit tsa and bw data corresponding to each of the 8 TC's are 593 /* 8 bit tsa and bw data corresponding to each of the 8 TC's are
587 * encoded in a type u32 array of size 2. 594 * encoded in a type u32 array of size 2.
588 */ 595 */
@@ -1001,6 +1008,8 @@ qed_dcbx_set_pfc_data(struct qed_hwfn *p_hwfn,
1001 u8 pfc_map = 0; 1008 u8 pfc_map = 0;
1002 int i; 1009 int i;
1003 1010
1011 *pfc &= ~DCBX_PFC_ERROR_MASK;
1012
1004 if (p_params->pfc.willing) 1013 if (p_params->pfc.willing)
1005 *pfc |= DCBX_PFC_WILLING_MASK; 1014 *pfc |= DCBX_PFC_WILLING_MASK;
1006 else 1015 else
@@ -1255,7 +1264,7 @@ static struct qed_dcbx_get *qed_dcbnl_get_dcbx(struct qed_hwfn *hwfn,
1255{ 1264{
1256 struct qed_dcbx_get *dcbx_info; 1265 struct qed_dcbx_get *dcbx_info;
1257 1266
1258 dcbx_info = kzalloc(sizeof(*dcbx_info), GFP_KERNEL); 1267 dcbx_info = kmalloc(sizeof(*dcbx_info), GFP_ATOMIC);
1259 if (!dcbx_info) 1268 if (!dcbx_info)
1260 return NULL; 1269 return NULL;
1261 1270
@@ -2073,6 +2082,8 @@ static int qed_dcbnl_ieee_setpfc(struct qed_dev *cdev, struct ieee_pfc *pfc)
2073 for (i = 0; i < QED_MAX_PFC_PRIORITIES; i++) 2082 for (i = 0; i < QED_MAX_PFC_PRIORITIES; i++)
2074 dcbx_set.config.params.pfc.prio[i] = !!(pfc->pfc_en & BIT(i)); 2083 dcbx_set.config.params.pfc.prio[i] = !!(pfc->pfc_en & BIT(i));
2075 2084
2085 dcbx_set.config.params.pfc.max_tc = pfc->pfc_cap;
2086
2076 ptt = qed_ptt_acquire(hwfn); 2087 ptt = qed_ptt_acquire(hwfn);
2077 if (!ptt) 2088 if (!ptt)
2078 return -EINVAL; 2089 return -EINVAL;
diff --git a/drivers/net/ethernet/renesas/sh_eth.c b/drivers/net/ethernet/renesas/sh_eth.c
index 54248775f227..f68c4db656ed 100644
--- a/drivers/net/ethernet/renesas/sh_eth.c
+++ b/drivers/net/ethernet/renesas/sh_eth.c
@@ -1127,12 +1127,70 @@ static struct mdiobb_ops bb_ops = {
1127 .get_mdio_data = sh_get_mdio, 1127 .get_mdio_data = sh_get_mdio,
1128}; 1128};
1129 1129
1130/* free Tx skb function */
1131static int sh_eth_tx_free(struct net_device *ndev, bool sent_only)
1132{
1133 struct sh_eth_private *mdp = netdev_priv(ndev);
1134 struct sh_eth_txdesc *txdesc;
1135 int free_num = 0;
1136 int entry;
1137 bool sent;
1138
1139 for (; mdp->cur_tx - mdp->dirty_tx > 0; mdp->dirty_tx++) {
1140 entry = mdp->dirty_tx % mdp->num_tx_ring;
1141 txdesc = &mdp->tx_ring[entry];
1142 sent = !(txdesc->status & cpu_to_le32(TD_TACT));
1143 if (sent_only && !sent)
1144 break;
1145 /* TACT bit must be checked before all the following reads */
1146 dma_rmb();
1147 netif_info(mdp, tx_done, ndev,
1148 "tx entry %d status 0x%08x\n",
1149 entry, le32_to_cpu(txdesc->status));
1150 /* Free the original skb. */
1151 if (mdp->tx_skbuff[entry]) {
1152 dma_unmap_single(&ndev->dev, le32_to_cpu(txdesc->addr),
1153 le32_to_cpu(txdesc->len) >> 16,
1154 DMA_TO_DEVICE);
1155 dev_kfree_skb_irq(mdp->tx_skbuff[entry]);
1156 mdp->tx_skbuff[entry] = NULL;
1157 free_num++;
1158 }
1159 txdesc->status = cpu_to_le32(TD_TFP);
1160 if (entry >= mdp->num_tx_ring - 1)
1161 txdesc->status |= cpu_to_le32(TD_TDLE);
1162
1163 if (sent) {
1164 ndev->stats.tx_packets++;
1165 ndev->stats.tx_bytes += le32_to_cpu(txdesc->len) >> 16;
1166 }
1167 }
1168 return free_num;
1169}
1170
1130/* free skb and descriptor buffer */ 1171/* free skb and descriptor buffer */
1131static void sh_eth_ring_free(struct net_device *ndev) 1172static void sh_eth_ring_free(struct net_device *ndev)
1132{ 1173{
1133 struct sh_eth_private *mdp = netdev_priv(ndev); 1174 struct sh_eth_private *mdp = netdev_priv(ndev);
1134 int ringsize, i; 1175 int ringsize, i;
1135 1176
1177 if (mdp->rx_ring) {
1178 for (i = 0; i < mdp->num_rx_ring; i++) {
1179 if (mdp->rx_skbuff[i]) {
1180 struct sh_eth_rxdesc *rxdesc = &mdp->rx_ring[i];
1181
1182 dma_unmap_single(&ndev->dev,
1183 le32_to_cpu(rxdesc->addr),
1184 ALIGN(mdp->rx_buf_sz, 32),
1185 DMA_FROM_DEVICE);
1186 }
1187 }
1188 ringsize = sizeof(struct sh_eth_rxdesc) * mdp->num_rx_ring;
1189 dma_free_coherent(NULL, ringsize, mdp->rx_ring,
1190 mdp->rx_desc_dma);
1191 mdp->rx_ring = NULL;
1192 }
1193
1136 /* Free Rx skb ringbuffer */ 1194 /* Free Rx skb ringbuffer */
1137 if (mdp->rx_skbuff) { 1195 if (mdp->rx_skbuff) {
1138 for (i = 0; i < mdp->num_rx_ring; i++) 1196 for (i = 0; i < mdp->num_rx_ring; i++)
@@ -1141,27 +1199,18 @@ static void sh_eth_ring_free(struct net_device *ndev)
1141 kfree(mdp->rx_skbuff); 1199 kfree(mdp->rx_skbuff);
1142 mdp->rx_skbuff = NULL; 1200 mdp->rx_skbuff = NULL;
1143 1201
1144 /* Free Tx skb ringbuffer */
1145 if (mdp->tx_skbuff) {
1146 for (i = 0; i < mdp->num_tx_ring; i++)
1147 dev_kfree_skb(mdp->tx_skbuff[i]);
1148 }
1149 kfree(mdp->tx_skbuff);
1150 mdp->tx_skbuff = NULL;
1151
1152 if (mdp->rx_ring) {
1153 ringsize = sizeof(struct sh_eth_rxdesc) * mdp->num_rx_ring;
1154 dma_free_coherent(NULL, ringsize, mdp->rx_ring,
1155 mdp->rx_desc_dma);
1156 mdp->rx_ring = NULL;
1157 }
1158
1159 if (mdp->tx_ring) { 1202 if (mdp->tx_ring) {
1203 sh_eth_tx_free(ndev, false);
1204
1160 ringsize = sizeof(struct sh_eth_txdesc) * mdp->num_tx_ring; 1205 ringsize = sizeof(struct sh_eth_txdesc) * mdp->num_tx_ring;
1161 dma_free_coherent(NULL, ringsize, mdp->tx_ring, 1206 dma_free_coherent(NULL, ringsize, mdp->tx_ring,
1162 mdp->tx_desc_dma); 1207 mdp->tx_desc_dma);
1163 mdp->tx_ring = NULL; 1208 mdp->tx_ring = NULL;
1164 } 1209 }
1210
1211 /* Free Tx skb ringbuffer */
1212 kfree(mdp->tx_skbuff);
1213 mdp->tx_skbuff = NULL;
1165} 1214}
1166 1215
1167/* format skb and descriptor buffer */ 1216/* format skb and descriptor buffer */
@@ -1409,43 +1458,6 @@ static void sh_eth_dev_exit(struct net_device *ndev)
1409 update_mac_address(ndev); 1458 update_mac_address(ndev);
1410} 1459}
1411 1460
1412/* free Tx skb function */
1413static int sh_eth_txfree(struct net_device *ndev)
1414{
1415 struct sh_eth_private *mdp = netdev_priv(ndev);
1416 struct sh_eth_txdesc *txdesc;
1417 int free_num = 0;
1418 int entry;
1419
1420 for (; mdp->cur_tx - mdp->dirty_tx > 0; mdp->dirty_tx++) {
1421 entry = mdp->dirty_tx % mdp->num_tx_ring;
1422 txdesc = &mdp->tx_ring[entry];
1423 if (txdesc->status & cpu_to_le32(TD_TACT))
1424 break;
1425 /* TACT bit must be checked before all the following reads */
1426 dma_rmb();
1427 netif_info(mdp, tx_done, ndev,
1428 "tx entry %d status 0x%08x\n",
1429 entry, le32_to_cpu(txdesc->status));
1430 /* Free the original skb. */
1431 if (mdp->tx_skbuff[entry]) {
1432 dma_unmap_single(&ndev->dev, le32_to_cpu(txdesc->addr),
1433 le32_to_cpu(txdesc->len) >> 16,
1434 DMA_TO_DEVICE);
1435 dev_kfree_skb_irq(mdp->tx_skbuff[entry]);
1436 mdp->tx_skbuff[entry] = NULL;
1437 free_num++;
1438 }
1439 txdesc->status = cpu_to_le32(TD_TFP);
1440 if (entry >= mdp->num_tx_ring - 1)
1441 txdesc->status |= cpu_to_le32(TD_TDLE);
1442
1443 ndev->stats.tx_packets++;
1444 ndev->stats.tx_bytes += le32_to_cpu(txdesc->len) >> 16;
1445 }
1446 return free_num;
1447}
1448
1449/* Packet receive function */ 1461/* Packet receive function */
1450static int sh_eth_rx(struct net_device *ndev, u32 intr_status, int *quota) 1462static int sh_eth_rx(struct net_device *ndev, u32 intr_status, int *quota)
1451{ 1463{
@@ -1690,7 +1702,7 @@ static void sh_eth_error(struct net_device *ndev, u32 intr_status)
1690 intr_status, mdp->cur_tx, mdp->dirty_tx, 1702 intr_status, mdp->cur_tx, mdp->dirty_tx,
1691 (u32)ndev->state, edtrr); 1703 (u32)ndev->state, edtrr);
1692 /* dirty buffer free */ 1704 /* dirty buffer free */
1693 sh_eth_txfree(ndev); 1705 sh_eth_tx_free(ndev, true);
1694 1706
1695 /* SH7712 BUG */ 1707 /* SH7712 BUG */
1696 if (edtrr ^ sh_eth_get_edtrr_trns(mdp)) { 1708 if (edtrr ^ sh_eth_get_edtrr_trns(mdp)) {
@@ -1751,7 +1763,7 @@ static irqreturn_t sh_eth_interrupt(int irq, void *netdev)
1751 /* Clear Tx interrupts */ 1763 /* Clear Tx interrupts */
1752 sh_eth_write(ndev, intr_status & cd->tx_check, EESR); 1764 sh_eth_write(ndev, intr_status & cd->tx_check, EESR);
1753 1765
1754 sh_eth_txfree(ndev); 1766 sh_eth_tx_free(ndev, true);
1755 netif_wake_queue(ndev); 1767 netif_wake_queue(ndev);
1756 } 1768 }
1757 1769
@@ -2412,7 +2424,7 @@ static int sh_eth_start_xmit(struct sk_buff *skb, struct net_device *ndev)
2412 2424
2413 spin_lock_irqsave(&mdp->lock, flags); 2425 spin_lock_irqsave(&mdp->lock, flags);
2414 if ((mdp->cur_tx - mdp->dirty_tx) >= (mdp->num_tx_ring - 4)) { 2426 if ((mdp->cur_tx - mdp->dirty_tx) >= (mdp->num_tx_ring - 4)) {
2415 if (!sh_eth_txfree(ndev)) { 2427 if (!sh_eth_tx_free(ndev, true)) {
2416 netif_warn(mdp, tx_queued, ndev, "TxFD exhausted.\n"); 2428 netif_warn(mdp, tx_queued, ndev, "TxFD exhausted.\n");
2417 netif_stop_queue(ndev); 2429 netif_stop_queue(ndev);
2418 spin_unlock_irqrestore(&mdp->lock, flags); 2430 spin_unlock_irqrestore(&mdp->lock, flags);
diff --git a/drivers/net/phy/dp83640.c b/drivers/net/phy/dp83640.c
index e2460a57e4b1..ed0d10f54f26 100644
--- a/drivers/net/phy/dp83640.c
+++ b/drivers/net/phy/dp83640.c
@@ -1438,8 +1438,6 @@ static bool dp83640_rxtstamp(struct phy_device *phydev,
1438 skb_info->tmo = jiffies + SKB_TIMESTAMP_TIMEOUT; 1438 skb_info->tmo = jiffies + SKB_TIMESTAMP_TIMEOUT;
1439 skb_queue_tail(&dp83640->rx_queue, skb); 1439 skb_queue_tail(&dp83640->rx_queue, skb);
1440 schedule_delayed_work(&dp83640->ts_work, SKB_TIMESTAMP_TIMEOUT); 1440 schedule_delayed_work(&dp83640->ts_work, SKB_TIMESTAMP_TIMEOUT);
1441 } else {
1442 netif_rx_ni(skb);
1443 } 1441 }
1444 1442
1445 return true; 1443 return true;
diff --git a/drivers/net/usb/ch9200.c b/drivers/net/usb/ch9200.c
index 8a40202c0a17..c4f1c363e24b 100644
--- a/drivers/net/usb/ch9200.c
+++ b/drivers/net/usb/ch9200.c
@@ -254,14 +254,9 @@ static struct sk_buff *ch9200_tx_fixup(struct usbnet *dev, struct sk_buff *skb,
254 tx_overhead = 0x40; 254 tx_overhead = 0x40;
255 255
256 len = skb->len; 256 len = skb->len;
257 if (skb_headroom(skb) < tx_overhead) { 257 if (skb_cow_head(skb, tx_overhead)) {
258 struct sk_buff *skb2;
259
260 skb2 = skb_copy_expand(skb, tx_overhead, 0, flags);
261 dev_kfree_skb_any(skb); 258 dev_kfree_skb_any(skb);
262 skb = skb2; 259 return NULL;
263 if (!skb)
264 return NULL;
265 } 260 }
266 261
267 __skb_push(skb, tx_overhead); 262 __skb_push(skb, tx_overhead);
diff --git a/drivers/net/usb/cx82310_eth.c b/drivers/net/usb/cx82310_eth.c
index e221bfcee76b..947bea81d924 100644
--- a/drivers/net/usb/cx82310_eth.c
+++ b/drivers/net/usb/cx82310_eth.c
@@ -293,12 +293,9 @@ static struct sk_buff *cx82310_tx_fixup(struct usbnet *dev, struct sk_buff *skb,
293{ 293{
294 int len = skb->len; 294 int len = skb->len;
295 295
296 if (skb_headroom(skb) < 2) { 296 if (skb_cow_head(skb, 2)) {
297 struct sk_buff *skb2 = skb_copy_expand(skb, 2, 0, flags);
298 dev_kfree_skb_any(skb); 297 dev_kfree_skb_any(skb);
299 skb = skb2; 298 return NULL;
300 if (!skb)
301 return NULL;
302 } 299 }
303 skb_push(skb, 2); 300 skb_push(skb, 2);
304 301
diff --git a/drivers/net/usb/kaweth.c b/drivers/net/usb/kaweth.c
index 876f02f4945e..2a2c3edb6bad 100644
--- a/drivers/net/usb/kaweth.c
+++ b/drivers/net/usb/kaweth.c
@@ -803,18 +803,12 @@ static netdev_tx_t kaweth_start_xmit(struct sk_buff *skb,
803 } 803 }
804 804
805 /* We now decide whether we can put our special header into the sk_buff */ 805 /* We now decide whether we can put our special header into the sk_buff */
806 if (skb_cloned(skb) || skb_headroom(skb) < 2) { 806 if (skb_cow_head(skb, 2)) {
807 /* no such luck - we make our own */ 807 kaweth->stats.tx_errors++;
808 struct sk_buff *copied_skb; 808 netif_start_queue(net);
809 copied_skb = skb_copy_expand(skb, 2, 0, GFP_ATOMIC); 809 spin_unlock_irq(&kaweth->device_lock);
810 dev_kfree_skb_irq(skb); 810 dev_kfree_skb_any(skb);
811 skb = copied_skb; 811 return NETDEV_TX_OK;
812 if (!copied_skb) {
813 kaweth->stats.tx_errors++;
814 netif_start_queue(net);
815 spin_unlock_irq(&kaweth->device_lock);
816 return NETDEV_TX_OK;
817 }
818 } 812 }
819 813
820 private_header = (__le16 *)__skb_push(skb, 2); 814 private_header = (__le16 *)__skb_push(skb, 2);
diff --git a/drivers/net/usb/lan78xx.c b/drivers/net/usb/lan78xx.c
index 9889a70ff4f6..636f48f19d1e 100644
--- a/drivers/net/usb/lan78xx.c
+++ b/drivers/net/usb/lan78xx.c
@@ -2607,14 +2607,9 @@ static struct sk_buff *lan78xx_tx_prep(struct lan78xx_net *dev,
2607{ 2607{
2608 u32 tx_cmd_a, tx_cmd_b; 2608 u32 tx_cmd_a, tx_cmd_b;
2609 2609
2610 if (skb_headroom(skb) < TX_OVERHEAD) { 2610 if (skb_cow_head(skb, TX_OVERHEAD)) {
2611 struct sk_buff *skb2;
2612
2613 skb2 = skb_copy_expand(skb, TX_OVERHEAD, 0, flags);
2614 dev_kfree_skb_any(skb); 2611 dev_kfree_skb_any(skb);
2615 skb = skb2; 2612 return NULL;
2616 if (!skb)
2617 return NULL;
2618 } 2613 }
2619 2614
2620 if (lan78xx_linearize(skb) < 0) 2615 if (lan78xx_linearize(skb) < 0)
diff --git a/drivers/net/usb/smsc75xx.c b/drivers/net/usb/smsc75xx.c
index 0b17b40d7a4f..190de9a90f73 100644
--- a/drivers/net/usb/smsc75xx.c
+++ b/drivers/net/usb/smsc75xx.c
@@ -2203,13 +2203,9 @@ static struct sk_buff *smsc75xx_tx_fixup(struct usbnet *dev,
2203{ 2203{
2204 u32 tx_cmd_a, tx_cmd_b; 2204 u32 tx_cmd_a, tx_cmd_b;
2205 2205
2206 if (skb_headroom(skb) < SMSC75XX_TX_OVERHEAD) { 2206 if (skb_cow_head(skb, SMSC75XX_TX_OVERHEAD)) {
2207 struct sk_buff *skb2 =
2208 skb_copy_expand(skb, SMSC75XX_TX_OVERHEAD, 0, flags);
2209 dev_kfree_skb_any(skb); 2207 dev_kfree_skb_any(skb);
2210 skb = skb2; 2208 return NULL;
2211 if (!skb)
2212 return NULL;
2213 } 2209 }
2214 2210
2215 tx_cmd_a = (u32)(skb->len & TX_CMD_A_LEN) | TX_CMD_A_FCS; 2211 tx_cmd_a = (u32)(skb->len & TX_CMD_A_LEN) | TX_CMD_A_FCS;
diff --git a/drivers/net/usb/smsc95xx.c b/drivers/net/usb/smsc95xx.c
index 831aa33d078a..5f19fb0f025d 100644
--- a/drivers/net/usb/smsc95xx.c
+++ b/drivers/net/usb/smsc95xx.c
@@ -2001,13 +2001,13 @@ static struct sk_buff *smsc95xx_tx_fixup(struct usbnet *dev,
2001 /* We do not advertise SG, so skbs should be already linearized */ 2001 /* We do not advertise SG, so skbs should be already linearized */
2002 BUG_ON(skb_shinfo(skb)->nr_frags); 2002 BUG_ON(skb_shinfo(skb)->nr_frags);
2003 2003
2004 if (skb_headroom(skb) < overhead) { 2004 /* Make writable and expand header space by overhead if required */
2005 struct sk_buff *skb2 = skb_copy_expand(skb, 2005 if (skb_cow_head(skb, overhead)) {
2006 overhead, 0, flags); 2006 /* Must deallocate here as returning NULL to indicate error
2007 * means the skb won't be deallocated in the caller.
2008 */
2007 dev_kfree_skb_any(skb); 2009 dev_kfree_skb_any(skb);
2008 skb = skb2; 2010 return NULL;
2009 if (!skb)
2010 return NULL;
2011 } 2011 }
2012 2012
2013 if (csum) { 2013 if (csum) {
diff --git a/drivers/net/usb/sr9700.c b/drivers/net/usb/sr9700.c
index 4a1e9c489f1f..aadfe1d1c37e 100644
--- a/drivers/net/usb/sr9700.c
+++ b/drivers/net/usb/sr9700.c
@@ -456,14 +456,9 @@ static struct sk_buff *sr9700_tx_fixup(struct usbnet *dev, struct sk_buff *skb,
456 456
457 len = skb->len; 457 len = skb->len;
458 458
459 if (skb_headroom(skb) < SR_TX_OVERHEAD) { 459 if (skb_cow_head(skb, SR_TX_OVERHEAD)) {
460 struct sk_buff *skb2;
461
462 skb2 = skb_copy_expand(skb, SR_TX_OVERHEAD, 0, flags);
463 dev_kfree_skb_any(skb); 460 dev_kfree_skb_any(skb);
464 skb = skb2; 461 return NULL;
465 if (!skb)
466 return NULL;
467 } 462 }
468 463
469 __skb_push(skb, SR_TX_OVERHEAD); 464 __skb_push(skb, SR_TX_OVERHEAD);
diff --git a/include/uapi/linux/ipv6_route.h b/include/uapi/linux/ipv6_route.h
index 85bbb1799df3..d496c02e14bc 100644
--- a/include/uapi/linux/ipv6_route.h
+++ b/include/uapi/linux/ipv6_route.h
@@ -35,7 +35,7 @@
35#define RTF_PREF(pref) ((pref) << 27) 35#define RTF_PREF(pref) ((pref) << 27)
36#define RTF_PREF_MASK 0x18000000 36#define RTF_PREF_MASK 0x18000000
37 37
38#define RTF_PCPU 0x40000000 38#define RTF_PCPU 0x40000000 /* read-only: can not be set by user */
39#define RTF_LOCAL 0x80000000 39#define RTF_LOCAL 0x80000000
40 40
41 41
diff --git a/net/core/netpoll.c b/net/core/netpoll.c
index 9424673009c1..29be2466970c 100644
--- a/net/core/netpoll.c
+++ b/net/core/netpoll.c
@@ -105,15 +105,21 @@ static void queue_process(struct work_struct *work)
105 while ((skb = skb_dequeue(&npinfo->txq))) { 105 while ((skb = skb_dequeue(&npinfo->txq))) {
106 struct net_device *dev = skb->dev; 106 struct net_device *dev = skb->dev;
107 struct netdev_queue *txq; 107 struct netdev_queue *txq;
108 unsigned int q_index;
108 109
109 if (!netif_device_present(dev) || !netif_running(dev)) { 110 if (!netif_device_present(dev) || !netif_running(dev)) {
110 kfree_skb(skb); 111 kfree_skb(skb);
111 continue; 112 continue;
112 } 113 }
113 114
114 txq = skb_get_tx_queue(dev, skb);
115
116 local_irq_save(flags); 115 local_irq_save(flags);
116 /* check if skb->queue_mapping is still valid */
117 q_index = skb_get_queue_mapping(skb);
118 if (unlikely(q_index >= dev->real_num_tx_queues)) {
119 q_index = q_index % dev->real_num_tx_queues;
120 skb_set_queue_mapping(skb, q_index);
121 }
122 txq = netdev_get_tx_queue(dev, q_index);
117 HARD_TX_LOCK(dev, txq, smp_processor_id()); 123 HARD_TX_LOCK(dev, txq, smp_processor_id());
118 if (netif_xmit_frozen_or_stopped(txq) || 124 if (netif_xmit_frozen_or_stopped(txq) ||
119 netpoll_start_xmit(skb, dev, txq) != NETDEV_TX_OK) { 125 netpoll_start_xmit(skb, dev, txq) != NETDEV_TX_OK) {
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 35c1e2460206..f86bf69cfb8d 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -3082,22 +3082,32 @@ struct sk_buff *skb_segment(struct sk_buff *head_skb,
3082 if (sg && csum && (mss != GSO_BY_FRAGS)) { 3082 if (sg && csum && (mss != GSO_BY_FRAGS)) {
3083 if (!(features & NETIF_F_GSO_PARTIAL)) { 3083 if (!(features & NETIF_F_GSO_PARTIAL)) {
3084 struct sk_buff *iter; 3084 struct sk_buff *iter;
3085 unsigned int frag_len;
3085 3086
3086 if (!list_skb || 3087 if (!list_skb ||
3087 !net_gso_ok(features, skb_shinfo(head_skb)->gso_type)) 3088 !net_gso_ok(features, skb_shinfo(head_skb)->gso_type))
3088 goto normal; 3089 goto normal;
3089 3090
3090 /* Split the buffer at the frag_list pointer. 3091 /* If we get here then all the required
3091 * This is based on the assumption that all 3092 * GSO features except frag_list are supported.
3092 * buffers in the chain excluding the last 3093 * Try to split the SKB to multiple GSO SKBs
3093 * containing the same amount of data. 3094 * with no frag_list.
3095 * Currently we can do that only when the buffers don't
3096 * have a linear part and all the buffers except
3097 * the last are of the same length.
3094 */ 3098 */
3099 frag_len = list_skb->len;
3095 skb_walk_frags(head_skb, iter) { 3100 skb_walk_frags(head_skb, iter) {
3101 if (frag_len != iter->len && iter->next)
3102 goto normal;
3096 if (skb_headlen(iter)) 3103 if (skb_headlen(iter))
3097 goto normal; 3104 goto normal;
3098 3105
3099 len -= iter->len; 3106 len -= iter->len;
3100 } 3107 }
3108
3109 if (len != frag_len)
3110 goto normal;
3101 } 3111 }
3102 3112
3103 /* GSO partial only requires that we trim off any excess that 3113 /* GSO partial only requires that we trim off any excess that
diff --git a/net/ipv6/exthdrs.c b/net/ipv6/exthdrs.c
index 275cac628a95..25192a3b0cd7 100644
--- a/net/ipv6/exthdrs.c
+++ b/net/ipv6/exthdrs.c
@@ -388,7 +388,6 @@ looped_back:
388 icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, 388 icmpv6_param_prob(skb, ICMPV6_HDR_FIELD,
389 ((&hdr->segments_left) - 389 ((&hdr->segments_left) -
390 skb_network_header(skb))); 390 skb_network_header(skb)));
391 kfree_skb(skb);
392 return -1; 391 return -1;
393 } 392 }
394 393
diff --git a/net/ipv6/ip6mr.c b/net/ipv6/ip6mr.c
index 6ba6c900ebcf..bf34d0950752 100644
--- a/net/ipv6/ip6mr.c
+++ b/net/ipv6/ip6mr.c
@@ -774,7 +774,8 @@ failure:
774 * Delete a VIF entry 774 * Delete a VIF entry
775 */ 775 */
776 776
777static int mif6_delete(struct mr6_table *mrt, int vifi, struct list_head *head) 777static int mif6_delete(struct mr6_table *mrt, int vifi, int notify,
778 struct list_head *head)
778{ 779{
779 struct mif_device *v; 780 struct mif_device *v;
780 struct net_device *dev; 781 struct net_device *dev;
@@ -820,7 +821,7 @@ static int mif6_delete(struct mr6_table *mrt, int vifi, struct list_head *head)
820 dev->ifindex, &in6_dev->cnf); 821 dev->ifindex, &in6_dev->cnf);
821 } 822 }
822 823
823 if (v->flags & MIFF_REGISTER) 824 if ((v->flags & MIFF_REGISTER) && !notify)
824 unregister_netdevice_queue(dev, head); 825 unregister_netdevice_queue(dev, head);
825 826
826 dev_put(dev); 827 dev_put(dev);
@@ -1331,7 +1332,6 @@ static int ip6mr_device_event(struct notifier_block *this,
1331 struct mr6_table *mrt; 1332 struct mr6_table *mrt;
1332 struct mif_device *v; 1333 struct mif_device *v;
1333 int ct; 1334 int ct;
1334 LIST_HEAD(list);
1335 1335
1336 if (event != NETDEV_UNREGISTER) 1336 if (event != NETDEV_UNREGISTER)
1337 return NOTIFY_DONE; 1337 return NOTIFY_DONE;
@@ -1340,10 +1340,9 @@ static int ip6mr_device_event(struct notifier_block *this,
1340 v = &mrt->vif6_table[0]; 1340 v = &mrt->vif6_table[0];
1341 for (ct = 0; ct < mrt->maxvif; ct++, v++) { 1341 for (ct = 0; ct < mrt->maxvif; ct++, v++) {
1342 if (v->dev == dev) 1342 if (v->dev == dev)
1343 mif6_delete(mrt, ct, &list); 1343 mif6_delete(mrt, ct, 1, NULL);
1344 } 1344 }
1345 } 1345 }
1346 unregister_netdevice_many(&list);
1347 1346
1348 return NOTIFY_DONE; 1347 return NOTIFY_DONE;
1349} 1348}
@@ -1552,7 +1551,7 @@ static void mroute_clean_tables(struct mr6_table *mrt, bool all)
1552 for (i = 0; i < mrt->maxvif; i++) { 1551 for (i = 0; i < mrt->maxvif; i++) {
1553 if (!all && (mrt->vif6_table[i].flags & VIFF_STATIC)) 1552 if (!all && (mrt->vif6_table[i].flags & VIFF_STATIC))
1554 continue; 1553 continue;
1555 mif6_delete(mrt, i, &list); 1554 mif6_delete(mrt, i, 0, &list);
1556 } 1555 }
1557 unregister_netdevice_many(&list); 1556 unregister_netdevice_many(&list);
1558 1557
@@ -1707,7 +1706,7 @@ int ip6_mroute_setsockopt(struct sock *sk, int optname, char __user *optval, uns
1707 if (copy_from_user(&mifi, optval, sizeof(mifi_t))) 1706 if (copy_from_user(&mifi, optval, sizeof(mifi_t)))
1708 return -EFAULT; 1707 return -EFAULT;
1709 rtnl_lock(); 1708 rtnl_lock();
1710 ret = mif6_delete(mrt, mifi, NULL); 1709 ret = mif6_delete(mrt, mifi, 0, NULL);
1711 rtnl_unlock(); 1710 rtnl_unlock();
1712 return ret; 1711 return ret;
1713 1712
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index 9db1418993f2..fb174b590fd3 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -1854,6 +1854,10 @@ static struct rt6_info *ip6_route_info_create(struct fib6_config *cfg)
1854 int addr_type; 1854 int addr_type;
1855 int err = -EINVAL; 1855 int err = -EINVAL;
1856 1856
1857 /* RTF_PCPU is an internal flag; can not be set by userspace */
1858 if (cfg->fc_flags & RTF_PCPU)
1859 goto out;
1860
1857 if (cfg->fc_dst_len > 128 || cfg->fc_src_len > 128) 1861 if (cfg->fc_dst_len > 128 || cfg->fc_src_len > 128)
1858 goto out; 1862 goto out;
1859#ifndef CONFIG_IPV6_SUBTREES 1863#ifndef CONFIG_IPV6_SUBTREES
diff --git a/net/ipv6/seg6.c b/net/ipv6/seg6.c
index a855eb325b03..5f44ffed2576 100644
--- a/net/ipv6/seg6.c
+++ b/net/ipv6/seg6.c
@@ -53,6 +53,9 @@ bool seg6_validate_srh(struct ipv6_sr_hdr *srh, int len)
53 struct sr6_tlv *tlv; 53 struct sr6_tlv *tlv;
54 unsigned int tlv_len; 54 unsigned int tlv_len;
55 55
56 if (trailing < sizeof(*tlv))
57 return false;
58
56 tlv = (struct sr6_tlv *)((unsigned char *)srh + tlv_offset); 59 tlv = (struct sr6_tlv *)((unsigned char *)srh + tlv_offset);
57 tlv_len = sizeof(*tlv) + tlv->len; 60 tlv_len = sizeof(*tlv) + tlv->len;
58 61
diff --git a/net/key/af_key.c b/net/key/af_key.c
index c6252ed42c1d..be8cecc65002 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -63,8 +63,13 @@ struct pfkey_sock {
63 } u; 63 } u;
64 struct sk_buff *skb; 64 struct sk_buff *skb;
65 } dump; 65 } dump;
66 struct mutex dump_lock;
66}; 67};
67 68
69static int parse_sockaddr_pair(struct sockaddr *sa, int ext_len,
70 xfrm_address_t *saddr, xfrm_address_t *daddr,
71 u16 *family);
72
68static inline struct pfkey_sock *pfkey_sk(struct sock *sk) 73static inline struct pfkey_sock *pfkey_sk(struct sock *sk)
69{ 74{
70 return (struct pfkey_sock *)sk; 75 return (struct pfkey_sock *)sk;
@@ -139,6 +144,7 @@ static int pfkey_create(struct net *net, struct socket *sock, int protocol,
139{ 144{
140 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id); 145 struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
141 struct sock *sk; 146 struct sock *sk;
147 struct pfkey_sock *pfk;
142 int err; 148 int err;
143 149
144 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) 150 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
@@ -153,6 +159,9 @@ static int pfkey_create(struct net *net, struct socket *sock, int protocol,
153 if (sk == NULL) 159 if (sk == NULL)
154 goto out; 160 goto out;
155 161
162 pfk = pfkey_sk(sk);
163 mutex_init(&pfk->dump_lock);
164
156 sock->ops = &pfkey_ops; 165 sock->ops = &pfkey_ops;
157 sock_init_data(sock, sk); 166 sock_init_data(sock, sk);
158 167
@@ -281,13 +290,23 @@ static int pfkey_do_dump(struct pfkey_sock *pfk)
281 struct sadb_msg *hdr; 290 struct sadb_msg *hdr;
282 int rc; 291 int rc;
283 292
293 mutex_lock(&pfk->dump_lock);
294 if (!pfk->dump.dump) {
295 rc = 0;
296 goto out;
297 }
298
284 rc = pfk->dump.dump(pfk); 299 rc = pfk->dump.dump(pfk);
285 if (rc == -ENOBUFS) 300 if (rc == -ENOBUFS) {
286 return 0; 301 rc = 0;
302 goto out;
303 }
287 304
288 if (pfk->dump.skb) { 305 if (pfk->dump.skb) {
289 if (!pfkey_can_dump(&pfk->sk)) 306 if (!pfkey_can_dump(&pfk->sk)) {
290 return 0; 307 rc = 0;
308 goto out;
309 }
291 310
292 hdr = (struct sadb_msg *) pfk->dump.skb->data; 311 hdr = (struct sadb_msg *) pfk->dump.skb->data;
293 hdr->sadb_msg_seq = 0; 312 hdr->sadb_msg_seq = 0;
@@ -298,6 +317,9 @@ static int pfkey_do_dump(struct pfkey_sock *pfk)
298 } 317 }
299 318
300 pfkey_terminate_dump(pfk); 319 pfkey_terminate_dump(pfk);
320
321out:
322 mutex_unlock(&pfk->dump_lock);
301 return rc; 323 return rc;
302} 324}
303 325
@@ -1793,19 +1815,26 @@ static int pfkey_dump(struct sock *sk, struct sk_buff *skb, const struct sadb_ms
1793 struct xfrm_address_filter *filter = NULL; 1815 struct xfrm_address_filter *filter = NULL;
1794 struct pfkey_sock *pfk = pfkey_sk(sk); 1816 struct pfkey_sock *pfk = pfkey_sk(sk);
1795 1817
1796 if (pfk->dump.dump != NULL) 1818 mutex_lock(&pfk->dump_lock);
1819 if (pfk->dump.dump != NULL) {
1820 mutex_unlock(&pfk->dump_lock);
1797 return -EBUSY; 1821 return -EBUSY;
1822 }
1798 1823
1799 proto = pfkey_satype2proto(hdr->sadb_msg_satype); 1824 proto = pfkey_satype2proto(hdr->sadb_msg_satype);
1800 if (proto == 0) 1825 if (proto == 0) {
1826 mutex_unlock(&pfk->dump_lock);
1801 return -EINVAL; 1827 return -EINVAL;
1828 }
1802 1829
1803 if (ext_hdrs[SADB_X_EXT_FILTER - 1]) { 1830 if (ext_hdrs[SADB_X_EXT_FILTER - 1]) {
1804 struct sadb_x_filter *xfilter = ext_hdrs[SADB_X_EXT_FILTER - 1]; 1831 struct sadb_x_filter *xfilter = ext_hdrs[SADB_X_EXT_FILTER - 1];
1805 1832
1806 filter = kmalloc(sizeof(*filter), GFP_KERNEL); 1833 filter = kmalloc(sizeof(*filter), GFP_KERNEL);
1807 if (filter == NULL) 1834 if (filter == NULL) {
1835 mutex_unlock(&pfk->dump_lock);
1808 return -ENOMEM; 1836 return -ENOMEM;
1837 }
1809 1838
1810 memcpy(&filter->saddr, &xfilter->sadb_x_filter_saddr, 1839 memcpy(&filter->saddr, &xfilter->sadb_x_filter_saddr,
1811 sizeof(xfrm_address_t)); 1840 sizeof(xfrm_address_t));
@@ -1821,6 +1850,7 @@ static int pfkey_dump(struct sock *sk, struct sk_buff *skb, const struct sadb_ms
1821 pfk->dump.dump = pfkey_dump_sa; 1850 pfk->dump.dump = pfkey_dump_sa;
1822 pfk->dump.done = pfkey_dump_sa_done; 1851 pfk->dump.done = pfkey_dump_sa_done;
1823 xfrm_state_walk_init(&pfk->dump.u.state, proto, filter); 1852 xfrm_state_walk_init(&pfk->dump.u.state, proto, filter);
1853 mutex_unlock(&pfk->dump_lock);
1824 1854
1825 return pfkey_do_dump(pfk); 1855 return pfkey_do_dump(pfk);
1826} 1856}
@@ -1913,19 +1943,14 @@ parse_ipsecrequest(struct xfrm_policy *xp, struct sadb_x_ipsecrequest *rq)
1913 1943
1914 /* addresses present only in tunnel mode */ 1944 /* addresses present only in tunnel mode */
1915 if (t->mode == XFRM_MODE_TUNNEL) { 1945 if (t->mode == XFRM_MODE_TUNNEL) {
1916 u8 *sa = (u8 *) (rq + 1); 1946 int err;
1917 int family, socklen;
1918 1947
1919 family = pfkey_sockaddr_extract((struct sockaddr *)sa, 1948 err = parse_sockaddr_pair(
1920 &t->saddr); 1949 (struct sockaddr *)(rq + 1),
1921 if (!family) 1950 rq->sadb_x_ipsecrequest_len - sizeof(*rq),
1922 return -EINVAL; 1951 &t->saddr, &t->id.daddr, &t->encap_family);
1923 1952 if (err)
1924 socklen = pfkey_sockaddr_len(family); 1953 return err;
1925 if (pfkey_sockaddr_extract((struct sockaddr *)(sa + socklen),
1926 &t->id.daddr) != family)
1927 return -EINVAL;
1928 t->encap_family = family;
1929 } else 1954 } else
1930 t->encap_family = xp->family; 1955 t->encap_family = xp->family;
1931 1956
@@ -1945,7 +1970,11 @@ parse_ipsecrequests(struct xfrm_policy *xp, struct sadb_x_policy *pol)
1945 if (pol->sadb_x_policy_len * 8 < sizeof(struct sadb_x_policy)) 1970 if (pol->sadb_x_policy_len * 8 < sizeof(struct sadb_x_policy))
1946 return -EINVAL; 1971 return -EINVAL;
1947 1972
1948 while (len >= sizeof(struct sadb_x_ipsecrequest)) { 1973 while (len >= sizeof(*rq)) {
1974 if (len < rq->sadb_x_ipsecrequest_len ||
1975 rq->sadb_x_ipsecrequest_len < sizeof(*rq))
1976 return -EINVAL;
1977
1949 if ((err = parse_ipsecrequest(xp, rq)) < 0) 1978 if ((err = parse_ipsecrequest(xp, rq)) < 0)
1950 return err; 1979 return err;
1951 len -= rq->sadb_x_ipsecrequest_len; 1980 len -= rq->sadb_x_ipsecrequest_len;
@@ -2408,7 +2437,6 @@ out:
2408 return err; 2437 return err;
2409} 2438}
2410 2439
2411#ifdef CONFIG_NET_KEY_MIGRATE
2412static int pfkey_sockaddr_pair_size(sa_family_t family) 2440static int pfkey_sockaddr_pair_size(sa_family_t family)
2413{ 2441{
2414 return PFKEY_ALIGN8(pfkey_sockaddr_len(family) * 2); 2442 return PFKEY_ALIGN8(pfkey_sockaddr_len(family) * 2);
@@ -2420,7 +2448,7 @@ static int parse_sockaddr_pair(struct sockaddr *sa, int ext_len,
2420{ 2448{
2421 int af, socklen; 2449 int af, socklen;
2422 2450
2423 if (ext_len < pfkey_sockaddr_pair_size(sa->sa_family)) 2451 if (ext_len < 2 || ext_len < pfkey_sockaddr_pair_size(sa->sa_family))
2424 return -EINVAL; 2452 return -EINVAL;
2425 2453
2426 af = pfkey_sockaddr_extract(sa, saddr); 2454 af = pfkey_sockaddr_extract(sa, saddr);
@@ -2436,6 +2464,7 @@ static int parse_sockaddr_pair(struct sockaddr *sa, int ext_len,
2436 return 0; 2464 return 0;
2437} 2465}
2438 2466
2467#ifdef CONFIG_NET_KEY_MIGRATE
2439static int ipsecrequests_to_migrate(struct sadb_x_ipsecrequest *rq1, int len, 2468static int ipsecrequests_to_migrate(struct sadb_x_ipsecrequest *rq1, int len,
2440 struct xfrm_migrate *m) 2469 struct xfrm_migrate *m)
2441{ 2470{
@@ -2443,13 +2472,14 @@ static int ipsecrequests_to_migrate(struct sadb_x_ipsecrequest *rq1, int len,
2443 struct sadb_x_ipsecrequest *rq2; 2472 struct sadb_x_ipsecrequest *rq2;
2444 int mode; 2473 int mode;
2445 2474
2446 if (len <= sizeof(struct sadb_x_ipsecrequest) || 2475 if (len < sizeof(*rq1) ||
2447 len < rq1->sadb_x_ipsecrequest_len) 2476 len < rq1->sadb_x_ipsecrequest_len ||
2477 rq1->sadb_x_ipsecrequest_len < sizeof(*rq1))
2448 return -EINVAL; 2478 return -EINVAL;
2449 2479
2450 /* old endoints */ 2480 /* old endoints */
2451 err = parse_sockaddr_pair((struct sockaddr *)(rq1 + 1), 2481 err = parse_sockaddr_pair((struct sockaddr *)(rq1 + 1),
2452 rq1->sadb_x_ipsecrequest_len, 2482 rq1->sadb_x_ipsecrequest_len - sizeof(*rq1),
2453 &m->old_saddr, &m->old_daddr, 2483 &m->old_saddr, &m->old_daddr,
2454 &m->old_family); 2484 &m->old_family);
2455 if (err) 2485 if (err)
@@ -2458,13 +2488,14 @@ static int ipsecrequests_to_migrate(struct sadb_x_ipsecrequest *rq1, int len,
2458 rq2 = (struct sadb_x_ipsecrequest *)((u8 *)rq1 + rq1->sadb_x_ipsecrequest_len); 2488 rq2 = (struct sadb_x_ipsecrequest *)((u8 *)rq1 + rq1->sadb_x_ipsecrequest_len);
2459 len -= rq1->sadb_x_ipsecrequest_len; 2489 len -= rq1->sadb_x_ipsecrequest_len;
2460 2490
2461 if (len <= sizeof(struct sadb_x_ipsecrequest) || 2491 if (len <= sizeof(*rq2) ||
2462 len < rq2->sadb_x_ipsecrequest_len) 2492 len < rq2->sadb_x_ipsecrequest_len ||
2493 rq2->sadb_x_ipsecrequest_len < sizeof(*rq2))
2463 return -EINVAL; 2494 return -EINVAL;
2464 2495
2465 /* new endpoints */ 2496 /* new endpoints */
2466 err = parse_sockaddr_pair((struct sockaddr *)(rq2 + 1), 2497 err = parse_sockaddr_pair((struct sockaddr *)(rq2 + 1),
2467 rq2->sadb_x_ipsecrequest_len, 2498 rq2->sadb_x_ipsecrequest_len - sizeof(*rq2),
2468 &m->new_saddr, &m->new_daddr, 2499 &m->new_saddr, &m->new_daddr,
2469 &m->new_family); 2500 &m->new_family);
2470 if (err) 2501 if (err)
@@ -2679,14 +2710,18 @@ static int pfkey_spddump(struct sock *sk, struct sk_buff *skb, const struct sadb
2679{ 2710{
2680 struct pfkey_sock *pfk = pfkey_sk(sk); 2711 struct pfkey_sock *pfk = pfkey_sk(sk);
2681 2712
2682 if (pfk->dump.dump != NULL) 2713 mutex_lock(&pfk->dump_lock);
2714 if (pfk->dump.dump != NULL) {
2715 mutex_unlock(&pfk->dump_lock);
2683 return -EBUSY; 2716 return -EBUSY;
2717 }
2684 2718
2685 pfk->dump.msg_version = hdr->sadb_msg_version; 2719 pfk->dump.msg_version = hdr->sadb_msg_version;
2686 pfk->dump.msg_portid = hdr->sadb_msg_pid; 2720 pfk->dump.msg_portid = hdr->sadb_msg_pid;
2687 pfk->dump.dump = pfkey_dump_sp; 2721 pfk->dump.dump = pfkey_dump_sp;
2688 pfk->dump.done = pfkey_dump_sp_done; 2722 pfk->dump.done = pfkey_dump_sp_done;
2689 xfrm_policy_walk_init(&pfk->dump.u.policy, XFRM_POLICY_TYPE_MAIN); 2723 xfrm_policy_walk_init(&pfk->dump.u.policy, XFRM_POLICY_TYPE_MAIN);
2724 mutex_unlock(&pfk->dump_lock);
2690 2725
2691 return pfkey_do_dump(pfk); 2726 return pfkey_do_dump(pfk);
2692} 2727}
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index e48724a6725e..4d7543d1a62c 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -208,6 +208,51 @@ ieee80211_rx_radiotap_hdrlen(struct ieee80211_local *local,
208 return len; 208 return len;
209} 209}
210 210
211static void ieee80211_handle_mu_mimo_mon(struct ieee80211_sub_if_data *sdata,
212 struct sk_buff *skb,
213 int rtap_vendor_space)
214{
215 struct {
216 struct ieee80211_hdr_3addr hdr;
217 u8 category;
218 u8 action_code;
219 } __packed action;
220
221 if (!sdata)
222 return;
223
224 BUILD_BUG_ON(sizeof(action) != IEEE80211_MIN_ACTION_SIZE + 1);
225
226 if (skb->len < rtap_vendor_space + sizeof(action) +
227 VHT_MUMIMO_GROUPS_DATA_LEN)
228 return;
229
230 if (!is_valid_ether_addr(sdata->u.mntr.mu_follow_addr))
231 return;
232
233 skb_copy_bits(skb, rtap_vendor_space, &action, sizeof(action));
234
235 if (!ieee80211_is_action(action.hdr.frame_control))
236 return;
237
238 if (action.category != WLAN_CATEGORY_VHT)
239 return;
240
241 if (action.action_code != WLAN_VHT_ACTION_GROUPID_MGMT)
242 return;
243
244 if (!ether_addr_equal(action.hdr.addr1, sdata->u.mntr.mu_follow_addr))
245 return;
246
247 skb = skb_copy(skb, GFP_ATOMIC);
248 if (!skb)
249 return;
250
251 skb->pkt_type = IEEE80211_SDATA_QUEUE_TYPE_FRAME;
252 skb_queue_tail(&sdata->skb_queue, skb);
253 ieee80211_queue_work(&sdata->local->hw, &sdata->work);
254}
255
211/* 256/*
212 * ieee80211_add_rx_radiotap_header - add radiotap header 257 * ieee80211_add_rx_radiotap_header - add radiotap header
213 * 258 *
@@ -515,7 +560,6 @@ ieee80211_rx_monitor(struct ieee80211_local *local, struct sk_buff *origskb,
515 struct net_device *prev_dev = NULL; 560 struct net_device *prev_dev = NULL;
516 int present_fcs_len = 0; 561 int present_fcs_len = 0;
517 unsigned int rtap_vendor_space = 0; 562 unsigned int rtap_vendor_space = 0;
518 struct ieee80211_mgmt *mgmt;
519 struct ieee80211_sub_if_data *monitor_sdata = 563 struct ieee80211_sub_if_data *monitor_sdata =
520 rcu_dereference(local->monitor_sdata); 564 rcu_dereference(local->monitor_sdata);
521 565
@@ -553,6 +597,8 @@ ieee80211_rx_monitor(struct ieee80211_local *local, struct sk_buff *origskb,
553 return remove_monitor_info(local, origskb, rtap_vendor_space); 597 return remove_monitor_info(local, origskb, rtap_vendor_space);
554 } 598 }
555 599
600 ieee80211_handle_mu_mimo_mon(monitor_sdata, origskb, rtap_vendor_space);
601
556 /* room for the radiotap header based on driver features */ 602 /* room for the radiotap header based on driver features */
557 rt_hdrlen = ieee80211_rx_radiotap_hdrlen(local, status, origskb); 603 rt_hdrlen = ieee80211_rx_radiotap_hdrlen(local, status, origskb);
558 needed_headroom = rt_hdrlen - rtap_vendor_space; 604 needed_headroom = rt_hdrlen - rtap_vendor_space;
@@ -618,23 +664,6 @@ ieee80211_rx_monitor(struct ieee80211_local *local, struct sk_buff *origskb,
618 ieee80211_rx_stats(sdata->dev, skb->len); 664 ieee80211_rx_stats(sdata->dev, skb->len);
619 } 665 }
620 666
621 mgmt = (void *)skb->data;
622 if (monitor_sdata &&
623 skb->len >= IEEE80211_MIN_ACTION_SIZE + 1 + VHT_MUMIMO_GROUPS_DATA_LEN &&
624 ieee80211_is_action(mgmt->frame_control) &&
625 mgmt->u.action.category == WLAN_CATEGORY_VHT &&
626 mgmt->u.action.u.vht_group_notif.action_code == WLAN_VHT_ACTION_GROUPID_MGMT &&
627 is_valid_ether_addr(monitor_sdata->u.mntr.mu_follow_addr) &&
628 ether_addr_equal(mgmt->da, monitor_sdata->u.mntr.mu_follow_addr)) {
629 struct sk_buff *mu_skb = skb_copy(skb, GFP_ATOMIC);
630
631 if (mu_skb) {
632 mu_skb->pkt_type = IEEE80211_SDATA_QUEUE_TYPE_FRAME;
633 skb_queue_tail(&monitor_sdata->skb_queue, mu_skb);
634 ieee80211_queue_work(&local->hw, &monitor_sdata->work);
635 }
636 }
637
638 if (prev_dev) { 667 if (prev_dev) {
639 skb->dev = prev_dev; 668 skb->dev = prev_dev;
640 netif_receive_skb(skb); 669 netif_receive_skb(skb);
@@ -3610,6 +3639,27 @@ static bool ieee80211_accept_frame(struct ieee80211_rx_data *rx)
3610 !ether_addr_equal(bssid, hdr->addr1)) 3639 !ether_addr_equal(bssid, hdr->addr1))
3611 return false; 3640 return false;
3612 } 3641 }
3642
3643 /*
3644 * 802.11-2016 Table 9-26 says that for data frames, A1 must be
3645 * the BSSID - we've checked that already but may have accepted
3646 * the wildcard (ff:ff:ff:ff:ff:ff).
3647 *
3648 * It also says:
3649 * The BSSID of the Data frame is determined as follows:
3650 * a) If the STA is contained within an AP or is associated
3651 * with an AP, the BSSID is the address currently in use
3652 * by the STA contained in the AP.
3653 *
3654 * So we should not accept data frames with an address that's
3655 * multicast.
3656 *
3657 * Accepting it also opens a security problem because stations
3658 * could encrypt it with the GTK and inject traffic that way.
3659 */
3660 if (ieee80211_is_data(hdr->frame_control) && multicast)
3661 return false;
3662
3613 return true; 3663 return true;
3614 case NL80211_IFTYPE_WDS: 3664 case NL80211_IFTYPE_WDS:
3615 if (bssid || !ieee80211_is_data(hdr->frame_control)) 3665 if (bssid || !ieee80211_is_data(hdr->frame_control))
diff --git a/net/qrtr/qrtr.c b/net/qrtr/qrtr.c
index ae5ac175b2be..9da7368b0140 100644
--- a/net/qrtr/qrtr.c
+++ b/net/qrtr/qrtr.c
@@ -658,7 +658,9 @@ static int qrtr_sendmsg(struct socket *sock, struct msghdr *msg, size_t len)
658 } 658 }
659 659
660 if (plen != len) { 660 if (plen != len) {
661 skb_pad(skb, plen - len); 661 rc = skb_pad(skb, plen - len);
662 if (rc)
663 goto out_node;
662 skb_put(skb, plen - len); 664 skb_put(skb, plen - len);
663 } 665 }
664 666
diff --git a/net/sched/act_api.c b/net/sched/act_api.c
index b70aa57319ea..e05b924618a0 100644
--- a/net/sched/act_api.c
+++ b/net/sched/act_api.c
@@ -529,20 +529,20 @@ errout:
529 return err; 529 return err;
530} 530}
531 531
532static int nla_memdup_cookie(struct tc_action *a, struct nlattr **tb) 532static struct tc_cookie *nla_memdup_cookie(struct nlattr **tb)
533{ 533{
534 a->act_cookie = kzalloc(sizeof(*a->act_cookie), GFP_KERNEL); 534 struct tc_cookie *c = kzalloc(sizeof(*c), GFP_KERNEL);
535 if (!a->act_cookie) 535 if (!c)
536 return -ENOMEM; 536 return NULL;
537 537
538 a->act_cookie->data = nla_memdup(tb[TCA_ACT_COOKIE], GFP_KERNEL); 538 c->data = nla_memdup(tb[TCA_ACT_COOKIE], GFP_KERNEL);
539 if (!a->act_cookie->data) { 539 if (!c->data) {
540 kfree(a->act_cookie); 540 kfree(c);
541 return -ENOMEM; 541 return NULL;
542 } 542 }
543 a->act_cookie->len = nla_len(tb[TCA_ACT_COOKIE]); 543 c->len = nla_len(tb[TCA_ACT_COOKIE]);
544 544
545 return 0; 545 return c;
546} 546}
547 547
548struct tc_action *tcf_action_init_1(struct net *net, struct nlattr *nla, 548struct tc_action *tcf_action_init_1(struct net *net, struct nlattr *nla,
@@ -551,6 +551,7 @@ struct tc_action *tcf_action_init_1(struct net *net, struct nlattr *nla,
551{ 551{
552 struct tc_action *a; 552 struct tc_action *a;
553 struct tc_action_ops *a_o; 553 struct tc_action_ops *a_o;
554 struct tc_cookie *cookie = NULL;
554 char act_name[IFNAMSIZ]; 555 char act_name[IFNAMSIZ];
555 struct nlattr *tb[TCA_ACT_MAX + 1]; 556 struct nlattr *tb[TCA_ACT_MAX + 1];
556 struct nlattr *kind; 557 struct nlattr *kind;
@@ -566,6 +567,18 @@ struct tc_action *tcf_action_init_1(struct net *net, struct nlattr *nla,
566 goto err_out; 567 goto err_out;
567 if (nla_strlcpy(act_name, kind, IFNAMSIZ) >= IFNAMSIZ) 568 if (nla_strlcpy(act_name, kind, IFNAMSIZ) >= IFNAMSIZ)
568 goto err_out; 569 goto err_out;
570 if (tb[TCA_ACT_COOKIE]) {
571 int cklen = nla_len(tb[TCA_ACT_COOKIE]);
572
573 if (cklen > TC_COOKIE_MAX_SIZE)
574 goto err_out;
575
576 cookie = nla_memdup_cookie(tb);
577 if (!cookie) {
578 err = -ENOMEM;
579 goto err_out;
580 }
581 }
569 } else { 582 } else {
570 err = -EINVAL; 583 err = -EINVAL;
571 if (strlcpy(act_name, name, IFNAMSIZ) >= IFNAMSIZ) 584 if (strlcpy(act_name, name, IFNAMSIZ) >= IFNAMSIZ)
@@ -604,20 +617,12 @@ struct tc_action *tcf_action_init_1(struct net *net, struct nlattr *nla,
604 if (err < 0) 617 if (err < 0)
605 goto err_mod; 618 goto err_mod;
606 619
607 if (tb[TCA_ACT_COOKIE]) { 620 if (name == NULL && tb[TCA_ACT_COOKIE]) {
608 int cklen = nla_len(tb[TCA_ACT_COOKIE]); 621 if (a->act_cookie) {
609 622 kfree(a->act_cookie->data);
610 if (cklen > TC_COOKIE_MAX_SIZE) { 623 kfree(a->act_cookie);
611 err = -EINVAL;
612 tcf_hash_release(a, bind);
613 goto err_mod;
614 }
615
616 if (nla_memdup_cookie(a, tb) < 0) {
617 err = -ENOMEM;
618 tcf_hash_release(a, bind);
619 goto err_mod;
620 } 624 }
625 a->act_cookie = cookie;
621 } 626 }
622 627
623 /* module count goes up only when brand new policy is created 628 /* module count goes up only when brand new policy is created
@@ -632,6 +637,10 @@ struct tc_action *tcf_action_init_1(struct net *net, struct nlattr *nla,
632err_mod: 637err_mod:
633 module_put(a_o->owner); 638 module_put(a_o->owner);
634err_out: 639err_out:
640 if (cookie) {
641 kfree(cookie->data);
642 kfree(cookie);
643 }
635 return ERR_PTR(err); 644 return ERR_PTR(err);
636} 645}
637 646
diff --git a/tools/testing/selftests/bpf/test_maps.c b/tools/testing/selftests/bpf/test_maps.c
index a0aa2009b0e0..20f1871874df 100644
--- a/tools/testing/selftests/bpf/test_maps.c
+++ b/tools/testing/selftests/bpf/test_maps.c
@@ -282,7 +282,7 @@ static void test_arraymap_percpu(int task, void *data)
282{ 282{
283 unsigned int nr_cpus = bpf_num_possible_cpus(); 283 unsigned int nr_cpus = bpf_num_possible_cpus();
284 int key, next_key, fd, i; 284 int key, next_key, fd, i;
285 long values[nr_cpus]; 285 long long values[nr_cpus];
286 286
287 fd = bpf_create_map(BPF_MAP_TYPE_PERCPU_ARRAY, sizeof(key), 287 fd = bpf_create_map(BPF_MAP_TYPE_PERCPU_ARRAY, sizeof(key),
288 sizeof(values[0]), 2, 0); 288 sizeof(values[0]), 2, 0);
@@ -340,7 +340,7 @@ static void test_arraymap_percpu_many_keys(void)
340 * allocator more than anything else 340 * allocator more than anything else
341 */ 341 */
342 unsigned int nr_keys = 2000; 342 unsigned int nr_keys = 2000;
343 long values[nr_cpus]; 343 long long values[nr_cpus];
344 int key, fd, i; 344 int key, fd, i;
345 345
346 fd = bpf_create_map(BPF_MAP_TYPE_PERCPU_ARRAY, sizeof(key), 346 fd = bpf_create_map(BPF_MAP_TYPE_PERCPU_ARRAY, sizeof(key),
diff --git a/tools/testing/selftests/net/psock_fanout.c b/tools/testing/selftests/net/psock_fanout.c
index 412459369686..e62bb354820c 100644
--- a/tools/testing/selftests/net/psock_fanout.c
+++ b/tools/testing/selftests/net/psock_fanout.c
@@ -75,7 +75,7 @@ static int sock_fanout_open(uint16_t typeflags, int num_packets)
75{ 75{
76 int fd, val; 76 int fd, val;
77 77
78 fd = socket(PF_PACKET, SOCK_DGRAM, htons(ETH_P_IP)); 78 fd = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_IP));
79 if (fd < 0) { 79 if (fd < 0) {
80 perror("socket packet"); 80 perror("socket packet");
81 exit(1); 81 exit(1);
@@ -95,6 +95,24 @@ static int sock_fanout_open(uint16_t typeflags, int num_packets)
95 return fd; 95 return fd;
96} 96}
97 97
98static void sock_fanout_set_cbpf(int fd)
99{
100 struct sock_filter bpf_filter[] = {
101 BPF_STMT(BPF_LD+BPF_B+BPF_ABS, 80), /* ldb [80] */
102 BPF_STMT(BPF_RET+BPF_A, 0), /* ret A */
103 };
104 struct sock_fprog bpf_prog;
105
106 bpf_prog.filter = bpf_filter;
107 bpf_prog.len = sizeof(bpf_filter) / sizeof(struct sock_filter);
108
109 if (setsockopt(fd, SOL_PACKET, PACKET_FANOUT_DATA, &bpf_prog,
110 sizeof(bpf_prog))) {
111 perror("fanout data cbpf");
112 exit(1);
113 }
114}
115
98static void sock_fanout_set_ebpf(int fd) 116static void sock_fanout_set_ebpf(int fd)
99{ 117{
100 const int len_off = __builtin_offsetof(struct __sk_buff, len); 118 const int len_off = __builtin_offsetof(struct __sk_buff, len);
@@ -270,7 +288,7 @@ static int test_datapath(uint16_t typeflags, int port_off,
270 exit(1); 288 exit(1);
271 } 289 }
272 if (type == PACKET_FANOUT_CBPF) 290 if (type == PACKET_FANOUT_CBPF)
273 sock_setfilter(fds[0], SOL_PACKET, PACKET_FANOUT_DATA); 291 sock_fanout_set_cbpf(fds[0]);
274 else if (type == PACKET_FANOUT_EBPF) 292 else if (type == PACKET_FANOUT_EBPF)
275 sock_fanout_set_ebpf(fds[0]); 293 sock_fanout_set_ebpf(fds[0]);
276 294
diff --git a/tools/testing/selftests/net/psock_lib.h b/tools/testing/selftests/net/psock_lib.h
index a77da88bf946..7d990d6c861b 100644
--- a/tools/testing/selftests/net/psock_lib.h
+++ b/tools/testing/selftests/net/psock_lib.h
@@ -38,7 +38,7 @@
38# define __maybe_unused __attribute__ ((__unused__)) 38# define __maybe_unused __attribute__ ((__unused__))
39#endif 39#endif
40 40
41static __maybe_unused void sock_setfilter(int fd, int lvl, int optnum) 41static __maybe_unused void pair_udp_setfilter(int fd)
42{ 42{
43 /* the filter below checks for all of the following conditions that 43 /* the filter below checks for all of the following conditions that
44 * are based on the contents of create_payload() 44 * are based on the contents of create_payload()
@@ -76,23 +76,16 @@ static __maybe_unused void sock_setfilter(int fd, int lvl, int optnum)
76 }; 76 };
77 struct sock_fprog bpf_prog; 77 struct sock_fprog bpf_prog;
78 78
79 if (lvl == SOL_PACKET && optnum == PACKET_FANOUT_DATA)
80 bpf_filter[5].code = 0x16; /* RET A */
81
82 bpf_prog.filter = bpf_filter; 79 bpf_prog.filter = bpf_filter;
83 bpf_prog.len = sizeof(bpf_filter) / sizeof(struct sock_filter); 80 bpf_prog.len = sizeof(bpf_filter) / sizeof(struct sock_filter);
84 if (setsockopt(fd, lvl, optnum, &bpf_prog, 81
82 if (setsockopt(fd, SOL_SOCKET, SO_ATTACH_FILTER, &bpf_prog,
85 sizeof(bpf_prog))) { 83 sizeof(bpf_prog))) {
86 perror("setsockopt SO_ATTACH_FILTER"); 84 perror("setsockopt SO_ATTACH_FILTER");
87 exit(1); 85 exit(1);
88 } 86 }
89} 87}
90 88
91static __maybe_unused void pair_udp_setfilter(int fd)
92{
93 sock_setfilter(fd, SOL_SOCKET, SO_ATTACH_FILTER);
94}
95
96static __maybe_unused void pair_udp_open(int fds[], uint16_t port) 89static __maybe_unused void pair_udp_open(int fds[], uint16_t port)
97{ 90{
98 struct sockaddr_in saddr, daddr; 91 struct sockaddr_in saddr, daddr;
generated by cgit v1.2.2 (git 2.25.0) at 2025-09-03 08:50:27 -0400