aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--MAINTAINERS9
-rw-r--r--drivers/net/ethernet/broadcom/tg3.c25
-rw-r--r--drivers/net/ethernet/cisco/enic/enic.h2
-rw-r--r--drivers/net/ethernet/cisco/enic/vnic_dev.c19
-rw-r--r--drivers/net/ethernet/synopsys/dwc_eth_qos.c2
-rw-r--r--drivers/net/geneve.c31
-rw-r--r--drivers/net/vxlan.c47
-rw-r--r--drivers/of/of_mdio.c1
-rw-r--r--include/linux/skbuff.h1
-rw-r--r--include/net/af_unix.h4
-rw-r--r--include/net/ip_tunnels.h1
-rw-r--r--include/net/scm.h1
-rw-r--r--include/net/tcp.h2
-rw-r--r--kernel/bpf/verifier.c2
-rw-r--r--net/core/flow_dissector.c9
-rw-r--r--net/core/scm.c7
-rw-r--r--net/core/skbuff.c2
-rw-r--r--net/core/sysctl_net_core.c10
-rw-r--r--net/ipv4/ip_gre.c8
-rw-r--r--net/ipv4/ip_tunnel.c20
-rw-r--r--net/ipv4/tcp.c4
-rw-r--r--net/ipv4/tcp_ipv4.c11
-rw-r--r--net/ipv6/addrconf.c5
-rw-r--r--net/ipv6/ip6_flowlabel.c5
-rw-r--r--net/ipv6/tcp_ipv6.c5
-rw-r--r--net/openvswitch/vport-vxlan.c2
-rw-r--r--net/sctp/socket.c9
-rw-r--r--net/unix/af_unix.c4
-rw-r--r--net/unix/garbage.c8
-rw-r--r--security/selinux/nlmsgtab.c1
30 files changed, 191 insertions, 66 deletions
diff --git a/MAINTAINERS b/MAINTAINERS
index 7f1fa4ff300a..4f55edf0a589 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -9787,10 +9787,11 @@ S: Supported
9787F: drivers/scsi/be2iscsi/ 9787F: drivers/scsi/be2iscsi/
9788 9788
9789Emulex 10Gbps NIC BE2, BE3-R, Lancer, Skyhawk-R DRIVER 9789Emulex 10Gbps NIC BE2, BE3-R, Lancer, Skyhawk-R DRIVER
9790M: Sathya Perla <sathya.perla@avagotech.com> 9790M: Sathya Perla <sathya.perla@broadcom.com>
9791M: Ajit Khaparde <ajit.khaparde@avagotech.com> 9791M: Ajit Khaparde <ajit.khaparde@broadcom.com>
9792M: Padmanabh Ratnakar <padmanabh.ratnakar@avagotech.com> 9792M: Padmanabh Ratnakar <padmanabh.ratnakar@broadcom.com>
9793M: Sriharsha Basavapatna <sriharsha.basavapatna@avagotech.com> 9793M: Sriharsha Basavapatna <sriharsha.basavapatna@broadcom.com>
9794M: Somnath Kotur <somnath.kotur@broadcom.com>
9794L: netdev@vger.kernel.org 9795L: netdev@vger.kernel.org
9795W: http://www.emulex.com 9796W: http://www.emulex.com
9796S: Supported 9797S: Supported
diff --git a/drivers/net/ethernet/broadcom/tg3.c b/drivers/net/ethernet/broadcom/tg3.c
index 49eea8981332..3010080cfeee 100644
--- a/drivers/net/ethernet/broadcom/tg3.c
+++ b/drivers/net/ethernet/broadcom/tg3.c
@@ -7831,6 +7831,14 @@ static int tigon3_dma_hwbug_workaround(struct tg3_napi *tnapi,
7831 return ret; 7831 return ret;
7832} 7832}
7833 7833
7834static bool tg3_tso_bug_gso_check(struct tg3_napi *tnapi, struct sk_buff *skb)
7835{
7836 /* Check if we will never have enough descriptors,
7837 * as gso_segs can be more than current ring size
7838 */
7839 return skb_shinfo(skb)->gso_segs < tnapi->tx_pending / 3;
7840}
7841
7834static netdev_tx_t tg3_start_xmit(struct sk_buff *, struct net_device *); 7842static netdev_tx_t tg3_start_xmit(struct sk_buff *, struct net_device *);
7835 7843
7836/* Use GSO to workaround all TSO packets that meet HW bug conditions 7844/* Use GSO to workaround all TSO packets that meet HW bug conditions
@@ -7934,14 +7942,19 @@ static netdev_tx_t tg3_start_xmit(struct sk_buff *skb, struct net_device *dev)
7934 * vlan encapsulated. 7942 * vlan encapsulated.
7935 */ 7943 */
7936 if (skb->protocol == htons(ETH_P_8021Q) || 7944 if (skb->protocol == htons(ETH_P_8021Q) ||
7937 skb->protocol == htons(ETH_P_8021AD)) 7945 skb->protocol == htons(ETH_P_8021AD)) {
7938 return tg3_tso_bug(tp, tnapi, txq, skb); 7946 if (tg3_tso_bug_gso_check(tnapi, skb))
7947 return tg3_tso_bug(tp, tnapi, txq, skb);
7948 goto drop;
7949 }
7939 7950
7940 if (!skb_is_gso_v6(skb)) { 7951 if (!skb_is_gso_v6(skb)) {
7941 if (unlikely((ETH_HLEN + hdr_len) > 80) && 7952 if (unlikely((ETH_HLEN + hdr_len) > 80) &&
7942 tg3_flag(tp, TSO_BUG)) 7953 tg3_flag(tp, TSO_BUG)) {
7943 return tg3_tso_bug(tp, tnapi, txq, skb); 7954 if (tg3_tso_bug_gso_check(tnapi, skb))
7944 7955 return tg3_tso_bug(tp, tnapi, txq, skb);
7956 goto drop;
7957 }
7945 ip_csum = iph->check; 7958 ip_csum = iph->check;
7946 ip_tot_len = iph->tot_len; 7959 ip_tot_len = iph->tot_len;
7947 iph->check = 0; 7960 iph->check = 0;
@@ -8073,7 +8086,7 @@ static netdev_tx_t tg3_start_xmit(struct sk_buff *skb, struct net_device *dev)
8073 if (would_hit_hwbug) { 8086 if (would_hit_hwbug) {
8074 tg3_tx_skb_unmap(tnapi, tnapi->tx_prod, i); 8087 tg3_tx_skb_unmap(tnapi, tnapi->tx_prod, i);
8075 8088
8076 if (mss) { 8089 if (mss && tg3_tso_bug_gso_check(tnapi, skb)) {
8077 /* If it's a TSO packet, do GSO instead of 8090 /* If it's a TSO packet, do GSO instead of
8078 * allocating and copying to a large linear SKB 8091 * allocating and copying to a large linear SKB
8079 */ 8092 */
diff --git a/drivers/net/ethernet/cisco/enic/enic.h b/drivers/net/ethernet/cisco/enic/enic.h
index 1671fa3332c2..7ba6d530b0c0 100644
--- a/drivers/net/ethernet/cisco/enic/enic.h
+++ b/drivers/net/ethernet/cisco/enic/enic.h
@@ -33,7 +33,7 @@
33 33
34#define DRV_NAME "enic" 34#define DRV_NAME "enic"
35#define DRV_DESCRIPTION "Cisco VIC Ethernet NIC Driver" 35#define DRV_DESCRIPTION "Cisco VIC Ethernet NIC Driver"
36#define DRV_VERSION "2.3.0.12" 36#define DRV_VERSION "2.3.0.20"
37#define DRV_COPYRIGHT "Copyright 2008-2013 Cisco Systems, Inc" 37#define DRV_COPYRIGHT "Copyright 2008-2013 Cisco Systems, Inc"
38 38
39#define ENIC_BARS_MAX 6 39#define ENIC_BARS_MAX 6
diff --git a/drivers/net/ethernet/cisco/enic/vnic_dev.c b/drivers/net/ethernet/cisco/enic/vnic_dev.c
index 1ffd1050860b..1fdf5fe12a95 100644
--- a/drivers/net/ethernet/cisco/enic/vnic_dev.c
+++ b/drivers/net/ethernet/cisco/enic/vnic_dev.c
@@ -298,7 +298,8 @@ static int _vnic_dev_cmd2(struct vnic_dev *vdev, enum vnic_devcmd_cmd cmd,
298 int wait) 298 int wait)
299{ 299{
300 struct devcmd2_controller *dc2c = vdev->devcmd2; 300 struct devcmd2_controller *dc2c = vdev->devcmd2;
301 struct devcmd2_result *result = dc2c->result + dc2c->next_result; 301 struct devcmd2_result *result;
302 u8 color;
302 unsigned int i; 303 unsigned int i;
303 int delay, err; 304 int delay, err;
304 u32 fetch_index, new_posted; 305 u32 fetch_index, new_posted;
@@ -336,13 +337,17 @@ static int _vnic_dev_cmd2(struct vnic_dev *vdev, enum vnic_devcmd_cmd cmd,
336 if (dc2c->cmd_ring[posted].flags & DEVCMD2_FNORESULT) 337 if (dc2c->cmd_ring[posted].flags & DEVCMD2_FNORESULT)
337 return 0; 338 return 0;
338 339
340 result = dc2c->result + dc2c->next_result;
341 color = dc2c->color;
342
343 dc2c->next_result++;
344 if (dc2c->next_result == dc2c->result_size) {
345 dc2c->next_result = 0;
346 dc2c->color = dc2c->color ? 0 : 1;
347 }
348
339 for (delay = 0; delay < wait; delay++) { 349 for (delay = 0; delay < wait; delay++) {
340 if (result->color == dc2c->color) { 350 if (result->color == color) {
341 dc2c->next_result++;
342 if (dc2c->next_result == dc2c->result_size) {
343 dc2c->next_result = 0;
344 dc2c->color = dc2c->color ? 0 : 1;
345 }
346 if (result->error) { 351 if (result->error) {
347 err = result->error; 352 err = result->error;
348 if (err != ERR_ECMDUNKNOWN || 353 if (err != ERR_ECMDUNKNOWN ||
diff --git a/drivers/net/ethernet/synopsys/dwc_eth_qos.c b/drivers/net/ethernet/synopsys/dwc_eth_qos.c
index 70814b7386b3..fc8bbff2d7e3 100644
--- a/drivers/net/ethernet/synopsys/dwc_eth_qos.c
+++ b/drivers/net/ethernet/synopsys/dwc_eth_qos.c
@@ -1880,9 +1880,9 @@ static int dwceqos_open(struct net_device *ndev)
1880 } 1880 }
1881 netdev_reset_queue(ndev); 1881 netdev_reset_queue(ndev);
1882 1882
1883 dwceqos_init_hw(lp);
1883 napi_enable(&lp->napi); 1884 napi_enable(&lp->napi);
1884 phy_start(lp->phy_dev); 1885 phy_start(lp->phy_dev);
1885 dwceqos_init_hw(lp);
1886 1886
1887 netif_start_queue(ndev); 1887 netif_start_queue(ndev);
1888 tasklet_enable(&lp->tx_bdreclaim_tasklet); 1888 tasklet_enable(&lp->tx_bdreclaim_tasklet);
diff --git a/drivers/net/geneve.c b/drivers/net/geneve.c
index 0b14ac3b8d11..028e3873c310 100644
--- a/drivers/net/geneve.c
+++ b/drivers/net/geneve.c
@@ -1039,6 +1039,17 @@ static netdev_tx_t geneve_xmit(struct sk_buff *skb, struct net_device *dev)
1039 return geneve_xmit_skb(skb, dev, info); 1039 return geneve_xmit_skb(skb, dev, info);
1040} 1040}
1041 1041
1042static int geneve_change_mtu(struct net_device *dev, int new_mtu)
1043{
1044 /* GENEVE overhead is not fixed, so we can't enforce a more
1045 * precise max MTU.
1046 */
1047 if (new_mtu < 68 || new_mtu > IP_MAX_MTU)
1048 return -EINVAL;
1049 dev->mtu = new_mtu;
1050 return 0;
1051}
1052
1042static int geneve_fill_metadata_dst(struct net_device *dev, struct sk_buff *skb) 1053static int geneve_fill_metadata_dst(struct net_device *dev, struct sk_buff *skb)
1043{ 1054{
1044 struct ip_tunnel_info *info = skb_tunnel_info(skb); 1055 struct ip_tunnel_info *info = skb_tunnel_info(skb);
@@ -1083,7 +1094,7 @@ static const struct net_device_ops geneve_netdev_ops = {
1083 .ndo_stop = geneve_stop, 1094 .ndo_stop = geneve_stop,
1084 .ndo_start_xmit = geneve_xmit, 1095 .ndo_start_xmit = geneve_xmit,
1085 .ndo_get_stats64 = ip_tunnel_get_stats64, 1096 .ndo_get_stats64 = ip_tunnel_get_stats64,
1086 .ndo_change_mtu = eth_change_mtu, 1097 .ndo_change_mtu = geneve_change_mtu,
1087 .ndo_validate_addr = eth_validate_addr, 1098 .ndo_validate_addr = eth_validate_addr,
1088 .ndo_set_mac_address = eth_mac_addr, 1099 .ndo_set_mac_address = eth_mac_addr,
1089 .ndo_fill_metadata_dst = geneve_fill_metadata_dst, 1100 .ndo_fill_metadata_dst = geneve_fill_metadata_dst,
@@ -1442,11 +1453,21 @@ struct net_device *geneve_dev_create_fb(struct net *net, const char *name,
1442 1453
1443 err = geneve_configure(net, dev, &geneve_remote_unspec, 1454 err = geneve_configure(net, dev, &geneve_remote_unspec,
1444 0, 0, 0, htons(dst_port), true, 0); 1455 0, 0, 0, htons(dst_port), true, 0);
1445 if (err) { 1456 if (err)
1446 free_netdev(dev); 1457 goto err;
1447 return ERR_PTR(err); 1458
1448 } 1459 /* openvswitch users expect packet sizes to be unrestricted,
1460 * so set the largest MTU we can.
1461 */
1462 err = geneve_change_mtu(dev, IP_MAX_MTU);
1463 if (err)
1464 goto err;
1465
1449 return dev; 1466 return dev;
1467
1468 err:
1469 free_netdev(dev);
1470 return ERR_PTR(err);
1450} 1471}
1451EXPORT_SYMBOL_GPL(geneve_dev_create_fb); 1472EXPORT_SYMBOL_GPL(geneve_dev_create_fb);
1452 1473
diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
index 65439188c582..a31cd954b308 100644
--- a/drivers/net/vxlan.c
+++ b/drivers/net/vxlan.c
@@ -2367,29 +2367,43 @@ static void vxlan_set_multicast_list(struct net_device *dev)
2367{ 2367{
2368} 2368}
2369 2369
2370static int vxlan_change_mtu(struct net_device *dev, int new_mtu) 2370static int __vxlan_change_mtu(struct net_device *dev,
2371 struct net_device *lowerdev,
2372 struct vxlan_rdst *dst, int new_mtu, bool strict)
2371{ 2373{
2372 struct vxlan_dev *vxlan = netdev_priv(dev); 2374 int max_mtu = IP_MAX_MTU;
2373 struct vxlan_rdst *dst = &vxlan->default_dst;
2374 struct net_device *lowerdev;
2375 int max_mtu;
2376 2375
2377 lowerdev = __dev_get_by_index(vxlan->net, dst->remote_ifindex); 2376 if (lowerdev)
2378 if (lowerdev == NULL) 2377 max_mtu = lowerdev->mtu;
2379 return eth_change_mtu(dev, new_mtu);
2380 2378
2381 if (dst->remote_ip.sa.sa_family == AF_INET6) 2379 if (dst->remote_ip.sa.sa_family == AF_INET6)
2382 max_mtu = lowerdev->mtu - VXLAN6_HEADROOM; 2380 max_mtu -= VXLAN6_HEADROOM;
2383 else 2381 else
2384 max_mtu = lowerdev->mtu - VXLAN_HEADROOM; 2382 max_mtu -= VXLAN_HEADROOM;
2385 2383
2386 if (new_mtu < 68 || new_mtu > max_mtu) 2384 if (new_mtu < 68)
2387 return -EINVAL; 2385 return -EINVAL;
2388 2386
2387 if (new_mtu > max_mtu) {
2388 if (strict)
2389 return -EINVAL;
2390
2391 new_mtu = max_mtu;
2392 }
2393
2389 dev->mtu = new_mtu; 2394 dev->mtu = new_mtu;
2390 return 0; 2395 return 0;
2391} 2396}
2392 2397
2398static int vxlan_change_mtu(struct net_device *dev, int new_mtu)
2399{
2400 struct vxlan_dev *vxlan = netdev_priv(dev);
2401 struct vxlan_rdst *dst = &vxlan->default_dst;
2402 struct net_device *lowerdev = __dev_get_by_index(vxlan->net,
2403 dst->remote_ifindex);
2404 return __vxlan_change_mtu(dev, lowerdev, dst, new_mtu, true);
2405}
2406
2393static int egress_ipv4_tun_info(struct net_device *dev, struct sk_buff *skb, 2407static int egress_ipv4_tun_info(struct net_device *dev, struct sk_buff *skb,
2394 struct ip_tunnel_info *info, 2408 struct ip_tunnel_info *info,
2395 __be16 sport, __be16 dport) 2409 __be16 sport, __be16 dport)
@@ -2765,6 +2779,7 @@ static int vxlan_dev_configure(struct net *src_net, struct net_device *dev,
2765 int err; 2779 int err;
2766 bool use_ipv6 = false; 2780 bool use_ipv6 = false;
2767 __be16 default_port = vxlan->cfg.dst_port; 2781 __be16 default_port = vxlan->cfg.dst_port;
2782 struct net_device *lowerdev = NULL;
2768 2783
2769 vxlan->net = src_net; 2784 vxlan->net = src_net;
2770 2785
@@ -2785,9 +2800,7 @@ static int vxlan_dev_configure(struct net *src_net, struct net_device *dev,
2785 } 2800 }
2786 2801
2787 if (conf->remote_ifindex) { 2802 if (conf->remote_ifindex) {
2788 struct net_device *lowerdev 2803 lowerdev = __dev_get_by_index(src_net, conf->remote_ifindex);
2789 = __dev_get_by_index(src_net, conf->remote_ifindex);
2790
2791 dst->remote_ifindex = conf->remote_ifindex; 2804 dst->remote_ifindex = conf->remote_ifindex;
2792 2805
2793 if (!lowerdev) { 2806 if (!lowerdev) {
@@ -2811,6 +2824,12 @@ static int vxlan_dev_configure(struct net *src_net, struct net_device *dev,
2811 needed_headroom = lowerdev->hard_header_len; 2824 needed_headroom = lowerdev->hard_header_len;
2812 } 2825 }
2813 2826
2827 if (conf->mtu) {
2828 err = __vxlan_change_mtu(dev, lowerdev, dst, conf->mtu, false);
2829 if (err)
2830 return err;
2831 }
2832
2814 if (use_ipv6 || conf->flags & VXLAN_F_COLLECT_METADATA) 2833 if (use_ipv6 || conf->flags & VXLAN_F_COLLECT_METADATA)
2815 needed_headroom += VXLAN6_HEADROOM; 2834 needed_headroom += VXLAN6_HEADROOM;
2816 else 2835 else
diff --git a/drivers/of/of_mdio.c b/drivers/of/of_mdio.c
index 5648317d355f..39c4be41ef83 100644
--- a/drivers/of/of_mdio.c
+++ b/drivers/of/of_mdio.c
@@ -154,6 +154,7 @@ static const struct of_device_id whitelist_phys[] = {
154 { .compatible = "marvell,88E1111", }, 154 { .compatible = "marvell,88E1111", },
155 { .compatible = "marvell,88e1116", }, 155 { .compatible = "marvell,88e1116", },
156 { .compatible = "marvell,88e1118", }, 156 { .compatible = "marvell,88e1118", },
157 { .compatible = "marvell,88e1145", },
157 { .compatible = "marvell,88e1149r", }, 158 { .compatible = "marvell,88e1149r", },
158 { .compatible = "marvell,88e1310", }, 159 { .compatible = "marvell,88e1310", },
159 { .compatible = "marvell,88E1510", }, 160 { .compatible = "marvell,88E1510", },
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
index 11f935c1a090..4ce9ff7086f4 100644
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -299,6 +299,7 @@ struct sk_buff;
299#else 299#else
300#define MAX_SKB_FRAGS (65536/PAGE_SIZE + 1) 300#define MAX_SKB_FRAGS (65536/PAGE_SIZE + 1)
301#endif 301#endif
302extern int sysctl_max_skb_frags;
302 303
303typedef struct skb_frag_struct skb_frag_t; 304typedef struct skb_frag_struct skb_frag_t;
304 305
diff --git a/include/net/af_unix.h b/include/net/af_unix.h
index 2a91a0561a47..9b4c418bebd8 100644
--- a/include/net/af_unix.h
+++ b/include/net/af_unix.h
@@ -6,8 +6,8 @@
6#include <linux/mutex.h> 6#include <linux/mutex.h>
7#include <net/sock.h> 7#include <net/sock.h>
8 8
9void unix_inflight(struct file *fp); 9void unix_inflight(struct user_struct *user, struct file *fp);
10void unix_notinflight(struct file *fp); 10void unix_notinflight(struct user_struct *user, struct file *fp);
11void unix_gc(void); 11void unix_gc(void);
12void wait_for_unix_gc(void); 12void wait_for_unix_gc(void);
13struct sock *unix_get_socket(struct file *filp); 13struct sock *unix_get_socket(struct file *filp);
diff --git a/include/net/ip_tunnels.h b/include/net/ip_tunnels.h
index 6db96ea0144f..dda9abf6b89c 100644
--- a/include/net/ip_tunnels.h
+++ b/include/net/ip_tunnels.h
@@ -230,6 +230,7 @@ void ip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev,
230int ip_tunnel_ioctl(struct net_device *dev, struct ip_tunnel_parm *p, int cmd); 230int ip_tunnel_ioctl(struct net_device *dev, struct ip_tunnel_parm *p, int cmd);
231int ip_tunnel_encap(struct sk_buff *skb, struct ip_tunnel *t, 231int ip_tunnel_encap(struct sk_buff *skb, struct ip_tunnel *t,
232 u8 *protocol, struct flowi4 *fl4); 232 u8 *protocol, struct flowi4 *fl4);
233int __ip_tunnel_change_mtu(struct net_device *dev, int new_mtu, bool strict);
233int ip_tunnel_change_mtu(struct net_device *dev, int new_mtu); 234int ip_tunnel_change_mtu(struct net_device *dev, int new_mtu);
234 235
235struct rtnl_link_stats64 *ip_tunnel_get_stats64(struct net_device *dev, 236struct rtnl_link_stats64 *ip_tunnel_get_stats64(struct net_device *dev,
diff --git a/include/net/scm.h b/include/net/scm.h
index 262532d111f5..59fa93c01d2a 100644
--- a/include/net/scm.h
+++ b/include/net/scm.h
@@ -21,6 +21,7 @@ struct scm_creds {
21struct scm_fp_list { 21struct scm_fp_list {
22 short count; 22 short count;
23 short max; 23 short max;
24 struct user_struct *user;
24 struct file *fp[SCM_MAX_FD]; 25 struct file *fp[SCM_MAX_FD];
25}; 26};
26 27
diff --git a/include/net/tcp.h b/include/net/tcp.h
index f6f8f032c73e..ae6468f5c9f3 100644
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
@@ -447,7 +447,7 @@ const u8 *tcp_parse_md5sig_option(const struct tcphdr *th);
447 447
448void tcp_v4_send_check(struct sock *sk, struct sk_buff *skb); 448void tcp_v4_send_check(struct sock *sk, struct sk_buff *skb);
449void tcp_v4_mtu_reduced(struct sock *sk); 449void tcp_v4_mtu_reduced(struct sock *sk);
450void tcp_req_err(struct sock *sk, u32 seq); 450void tcp_req_err(struct sock *sk, u32 seq, bool abort);
451int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb); 451int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb);
452struct sock *tcp_create_openreq_child(const struct sock *sk, 452struct sock *tcp_create_openreq_child(const struct sock *sk,
453 struct request_sock *req, 453 struct request_sock *req,
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index d1d3e8f57de9..2e7f7ab739e4 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -2082,7 +2082,7 @@ static void adjust_branches(struct bpf_prog *prog, int pos, int delta)
2082 /* adjust offset of jmps if necessary */ 2082 /* adjust offset of jmps if necessary */
2083 if (i < pos && i + insn->off + 1 > pos) 2083 if (i < pos && i + insn->off + 1 > pos)
2084 insn->off += delta; 2084 insn->off += delta;
2085 else if (i > pos && i + insn->off + 1 < pos) 2085 else if (i > pos + delta && i + insn->off + 1 <= pos + delta)
2086 insn->off -= delta; 2086 insn->off -= delta;
2087 } 2087 }
2088} 2088}
diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
index d79699c9d1b9..eab81bc80e5c 100644
--- a/net/core/flow_dissector.c
+++ b/net/core/flow_dissector.c
@@ -208,7 +208,6 @@ ip:
208 case htons(ETH_P_IPV6): { 208 case htons(ETH_P_IPV6): {
209 const struct ipv6hdr *iph; 209 const struct ipv6hdr *iph;
210 struct ipv6hdr _iph; 210 struct ipv6hdr _iph;
211 __be32 flow_label;
212 211
213ipv6: 212ipv6:
214 iph = __skb_header_pointer(skb, nhoff, sizeof(_iph), data, hlen, &_iph); 213 iph = __skb_header_pointer(skb, nhoff, sizeof(_iph), data, hlen, &_iph);
@@ -230,8 +229,12 @@ ipv6:
230 key_control->addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS; 229 key_control->addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
231 } 230 }
232 231
233 flow_label = ip6_flowlabel(iph); 232 if ((dissector_uses_key(flow_dissector,
234 if (flow_label) { 233 FLOW_DISSECTOR_KEY_FLOW_LABEL) ||
234 (flags & FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL)) &&
235 ip6_flowlabel(iph)) {
236 __be32 flow_label = ip6_flowlabel(iph);
237
235 if (dissector_uses_key(flow_dissector, 238 if (dissector_uses_key(flow_dissector,
236 FLOW_DISSECTOR_KEY_FLOW_LABEL)) { 239 FLOW_DISSECTOR_KEY_FLOW_LABEL)) {
237 key_tags = skb_flow_dissector_target(flow_dissector, 240 key_tags = skb_flow_dissector_target(flow_dissector,
diff --git a/net/core/scm.c b/net/core/scm.c
index 14596fb37172..2696aefdc148 100644
--- a/net/core/scm.c
+++ b/net/core/scm.c
@@ -87,6 +87,7 @@ static int scm_fp_copy(struct cmsghdr *cmsg, struct scm_fp_list **fplp)
87 *fplp = fpl; 87 *fplp = fpl;
88 fpl->count = 0; 88 fpl->count = 0;
89 fpl->max = SCM_MAX_FD; 89 fpl->max = SCM_MAX_FD;
90 fpl->user = NULL;
90 } 91 }
91 fpp = &fpl->fp[fpl->count]; 92 fpp = &fpl->fp[fpl->count];
92 93
@@ -107,6 +108,10 @@ static int scm_fp_copy(struct cmsghdr *cmsg, struct scm_fp_list **fplp)
107 *fpp++ = file; 108 *fpp++ = file;
108 fpl->count++; 109 fpl->count++;
109 } 110 }
111
112 if (!fpl->user)
113 fpl->user = get_uid(current_user());
114
110 return num; 115 return num;
111} 116}
112 117
@@ -119,6 +124,7 @@ void __scm_destroy(struct scm_cookie *scm)
119 scm->fp = NULL; 124 scm->fp = NULL;
120 for (i=fpl->count-1; i>=0; i--) 125 for (i=fpl->count-1; i>=0; i--)
121 fput(fpl->fp[i]); 126 fput(fpl->fp[i]);
127 free_uid(fpl->user);
122 kfree(fpl); 128 kfree(fpl);
123 } 129 }
124} 130}
@@ -336,6 +342,7 @@ struct scm_fp_list *scm_fp_dup(struct scm_fp_list *fpl)
336 for (i = 0; i < fpl->count; i++) 342 for (i = 0; i < fpl->count; i++)
337 get_file(fpl->fp[i]); 343 get_file(fpl->fp[i]);
338 new_fpl->max = new_fpl->count; 344 new_fpl->max = new_fpl->count;
345 new_fpl->user = get_uid(fpl->user);
339 } 346 }
340 return new_fpl; 347 return new_fpl;
341} 348}
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index b2df375ec9c2..5bf88f58bee7 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -79,6 +79,8 @@
79 79
80struct kmem_cache *skbuff_head_cache __read_mostly; 80struct kmem_cache *skbuff_head_cache __read_mostly;
81static struct kmem_cache *skbuff_fclone_cache __read_mostly; 81static struct kmem_cache *skbuff_fclone_cache __read_mostly;
82int sysctl_max_skb_frags __read_mostly = MAX_SKB_FRAGS;
83EXPORT_SYMBOL(sysctl_max_skb_frags);
82 84
83/** 85/**
84 * skb_panic - private function for out-of-line support 86 * skb_panic - private function for out-of-line support
diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c
index 95b6139d710c..a6beb7b6ae55 100644
--- a/net/core/sysctl_net_core.c
+++ b/net/core/sysctl_net_core.c
@@ -26,6 +26,7 @@ static int zero = 0;
26static int one = 1; 26static int one = 1;
27static int min_sndbuf = SOCK_MIN_SNDBUF; 27static int min_sndbuf = SOCK_MIN_SNDBUF;
28static int min_rcvbuf = SOCK_MIN_RCVBUF; 28static int min_rcvbuf = SOCK_MIN_RCVBUF;
29static int max_skb_frags = MAX_SKB_FRAGS;
29 30
30static int net_msg_warn; /* Unused, but still a sysctl */ 31static int net_msg_warn; /* Unused, but still a sysctl */
31 32
@@ -392,6 +393,15 @@ static struct ctl_table net_core_table[] = {
392 .mode = 0644, 393 .mode = 0644,
393 .proc_handler = proc_dointvec 394 .proc_handler = proc_dointvec
394 }, 395 },
396 {
397 .procname = "max_skb_frags",
398 .data = &sysctl_max_skb_frags,
399 .maxlen = sizeof(int),
400 .mode = 0644,
401 .proc_handler = proc_dointvec_minmax,
402 .extra1 = &one,
403 .extra2 = &max_skb_frags,
404 },
395 { } 405 { }
396}; 406};
397 407
diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
index 7c51c4e1661f..56fdf4e0dce4 100644
--- a/net/ipv4/ip_gre.c
+++ b/net/ipv4/ip_gre.c
@@ -1240,6 +1240,14 @@ struct net_device *gretap_fb_dev_create(struct net *net, const char *name,
1240 err = ipgre_newlink(net, dev, tb, NULL); 1240 err = ipgre_newlink(net, dev, tb, NULL);
1241 if (err < 0) 1241 if (err < 0)
1242 goto out; 1242 goto out;
1243
1244 /* openvswitch users expect packet sizes to be unrestricted,
1245 * so set the largest MTU we can.
1246 */
1247 err = __ip_tunnel_change_mtu(dev, IP_MAX_MTU, false);
1248 if (err)
1249 goto out;
1250
1243 return dev; 1251 return dev;
1244out: 1252out:
1245 free_netdev(dev); 1253 free_netdev(dev);
diff --git a/net/ipv4/ip_tunnel.c b/net/ipv4/ip_tunnel.c
index c7bd72e9b544..89e8861e05fc 100644
--- a/net/ipv4/ip_tunnel.c
+++ b/net/ipv4/ip_tunnel.c
@@ -943,17 +943,31 @@ done:
943} 943}
944EXPORT_SYMBOL_GPL(ip_tunnel_ioctl); 944EXPORT_SYMBOL_GPL(ip_tunnel_ioctl);
945 945
946int ip_tunnel_change_mtu(struct net_device *dev, int new_mtu) 946int __ip_tunnel_change_mtu(struct net_device *dev, int new_mtu, bool strict)
947{ 947{
948 struct ip_tunnel *tunnel = netdev_priv(dev); 948 struct ip_tunnel *tunnel = netdev_priv(dev);
949 int t_hlen = tunnel->hlen + sizeof(struct iphdr); 949 int t_hlen = tunnel->hlen + sizeof(struct iphdr);
950 int max_mtu = 0xFFF8 - dev->hard_header_len - t_hlen;
950 951
951 if (new_mtu < 68 || 952 if (new_mtu < 68)
952 new_mtu > 0xFFF8 - dev->hard_header_len - t_hlen)
953 return -EINVAL; 953 return -EINVAL;
954
955 if (new_mtu > max_mtu) {
956 if (strict)
957 return -EINVAL;
958
959 new_mtu = max_mtu;
960 }
961
954 dev->mtu = new_mtu; 962 dev->mtu = new_mtu;
955 return 0; 963 return 0;
956} 964}
965EXPORT_SYMBOL_GPL(__ip_tunnel_change_mtu);
966
967int ip_tunnel_change_mtu(struct net_device *dev, int new_mtu)
968{
969 return __ip_tunnel_change_mtu(dev, new_mtu, true);
970}
957EXPORT_SYMBOL_GPL(ip_tunnel_change_mtu); 971EXPORT_SYMBOL_GPL(ip_tunnel_change_mtu);
958 972
959static void ip_tunnel_dev_free(struct net_device *dev) 973static void ip_tunnel_dev_free(struct net_device *dev)
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index 19746b3fcbbe..0c36ef4a3f86 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -940,7 +940,7 @@ new_segment:
940 940
941 i = skb_shinfo(skb)->nr_frags; 941 i = skb_shinfo(skb)->nr_frags;
942 can_coalesce = skb_can_coalesce(skb, i, page, offset); 942 can_coalesce = skb_can_coalesce(skb, i, page, offset);
943 if (!can_coalesce && i >= MAX_SKB_FRAGS) { 943 if (!can_coalesce && i >= sysctl_max_skb_frags) {
944 tcp_mark_push(tp, skb); 944 tcp_mark_push(tp, skb);
945 goto new_segment; 945 goto new_segment;
946 } 946 }
@@ -1213,7 +1213,7 @@ new_segment:
1213 1213
1214 if (!skb_can_coalesce(skb, i, pfrag->page, 1214 if (!skb_can_coalesce(skb, i, pfrag->page,
1215 pfrag->offset)) { 1215 pfrag->offset)) {
1216 if (i == MAX_SKB_FRAGS || !sg) { 1216 if (i == sysctl_max_skb_frags || !sg) {
1217 tcp_mark_push(tp, skb); 1217 tcp_mark_push(tp, skb);
1218 goto new_segment; 1218 goto new_segment;
1219 } 1219 }
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index a4d523709ab3..7f6ff037adaf 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -311,7 +311,7 @@ static void do_redirect(struct sk_buff *skb, struct sock *sk)
311 311
312 312
313/* handle ICMP messages on TCP_NEW_SYN_RECV request sockets */ 313/* handle ICMP messages on TCP_NEW_SYN_RECV request sockets */
314void tcp_req_err(struct sock *sk, u32 seq) 314void tcp_req_err(struct sock *sk, u32 seq, bool abort)
315{ 315{
316 struct request_sock *req = inet_reqsk(sk); 316 struct request_sock *req = inet_reqsk(sk);
317 struct net *net = sock_net(sk); 317 struct net *net = sock_net(sk);
@@ -323,7 +323,7 @@ void tcp_req_err(struct sock *sk, u32 seq)
323 323
324 if (seq != tcp_rsk(req)->snt_isn) { 324 if (seq != tcp_rsk(req)->snt_isn) {
325 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS); 325 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
326 } else { 326 } else if (abort) {
327 /* 327 /*
328 * Still in SYN_RECV, just remove it silently. 328 * Still in SYN_RECV, just remove it silently.
329 * There is no good way to pass the error to the newly 329 * There is no good way to pass the error to the newly
@@ -383,7 +383,12 @@ void tcp_v4_err(struct sk_buff *icmp_skb, u32 info)
383 } 383 }
384 seq = ntohl(th->seq); 384 seq = ntohl(th->seq);
385 if (sk->sk_state == TCP_NEW_SYN_RECV) 385 if (sk->sk_state == TCP_NEW_SYN_RECV)
386 return tcp_req_err(sk, seq); 386 return tcp_req_err(sk, seq,
387 type == ICMP_PARAMETERPROB ||
388 type == ICMP_TIME_EXCEEDED ||
389 (type == ICMP_DEST_UNREACH &&
390 (code == ICMP_NET_UNREACH ||
391 code == ICMP_HOST_UNREACH)));
387 392
388 bh_lock_sock(sk); 393 bh_lock_sock(sk);
389 /* If too many ICMPs get dropped on busy 394 /* If too many ICMPs get dropped on busy
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 38eeddedfc21..9efd9ffdc34c 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -3538,6 +3538,7 @@ static void addrconf_dad_begin(struct inet6_ifaddr *ifp)
3538{ 3538{
3539 struct inet6_dev *idev = ifp->idev; 3539 struct inet6_dev *idev = ifp->idev;
3540 struct net_device *dev = idev->dev; 3540 struct net_device *dev = idev->dev;
3541 bool notify = false;
3541 3542
3542 addrconf_join_solict(dev, &ifp->addr); 3543 addrconf_join_solict(dev, &ifp->addr);
3543 3544
@@ -3583,7 +3584,7 @@ static void addrconf_dad_begin(struct inet6_ifaddr *ifp)
3583 /* Because optimistic nodes can use this address, 3584 /* Because optimistic nodes can use this address,
3584 * notify listeners. If DAD fails, RTM_DELADDR is sent. 3585 * notify listeners. If DAD fails, RTM_DELADDR is sent.
3585 */ 3586 */
3586 ipv6_ifa_notify(RTM_NEWADDR, ifp); 3587 notify = true;
3587 } 3588 }
3588 } 3589 }
3589 3590
@@ -3591,6 +3592,8 @@ static void addrconf_dad_begin(struct inet6_ifaddr *ifp)
3591out: 3592out:
3592 spin_unlock(&ifp->lock); 3593 spin_unlock(&ifp->lock);
3593 read_unlock_bh(&idev->lock); 3594 read_unlock_bh(&idev->lock);
3595 if (notify)
3596 ipv6_ifa_notify(RTM_NEWADDR, ifp);
3594} 3597}
3595 3598
3596static void addrconf_dad_start(struct inet6_ifaddr *ifp) 3599static void addrconf_dad_start(struct inet6_ifaddr *ifp)
diff --git a/net/ipv6/ip6_flowlabel.c b/net/ipv6/ip6_flowlabel.c
index 1f9ebe3cbb4a..dc2db4f7b182 100644
--- a/net/ipv6/ip6_flowlabel.c
+++ b/net/ipv6/ip6_flowlabel.c
@@ -540,12 +540,13 @@ int ipv6_flowlabel_opt(struct sock *sk, char __user *optval, int optlen)
540 } 540 }
541 spin_lock_bh(&ip6_sk_fl_lock); 541 spin_lock_bh(&ip6_sk_fl_lock);
542 for (sflp = &np->ipv6_fl_list; 542 for (sflp = &np->ipv6_fl_list;
543 (sfl = rcu_dereference(*sflp)) != NULL; 543 (sfl = rcu_dereference_protected(*sflp,
544 lockdep_is_held(&ip6_sk_fl_lock))) != NULL;
544 sflp = &sfl->next) { 545 sflp = &sfl->next) {
545 if (sfl->fl->label == freq.flr_label) { 546 if (sfl->fl->label == freq.flr_label) {
546 if (freq.flr_label == (np->flow_label&IPV6_FLOWLABEL_MASK)) 547 if (freq.flr_label == (np->flow_label&IPV6_FLOWLABEL_MASK))
547 np->flow_label &= ~IPV6_FLOWLABEL_MASK; 548 np->flow_label &= ~IPV6_FLOWLABEL_MASK;
548 *sflp = rcu_dereference(sfl->next); 549 *sflp = sfl->next;
549 spin_unlock_bh(&ip6_sk_fl_lock); 550 spin_unlock_bh(&ip6_sk_fl_lock);
550 fl_release(sfl->fl); 551 fl_release(sfl->fl);
551 kfree_rcu(sfl, rcu); 552 kfree_rcu(sfl, rcu);
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index 006396e31cb0..1a5a70fb8551 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -327,6 +327,7 @@ static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
327 struct tcp_sock *tp; 327 struct tcp_sock *tp;
328 __u32 seq, snd_una; 328 __u32 seq, snd_una;
329 struct sock *sk; 329 struct sock *sk;
330 bool fatal;
330 int err; 331 int err;
331 332
332 sk = __inet6_lookup_established(net, &tcp_hashinfo, 333 sk = __inet6_lookup_established(net, &tcp_hashinfo,
@@ -345,8 +346,9 @@ static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
345 return; 346 return;
346 } 347 }
347 seq = ntohl(th->seq); 348 seq = ntohl(th->seq);
349 fatal = icmpv6_err_convert(type, code, &err);
348 if (sk->sk_state == TCP_NEW_SYN_RECV) 350 if (sk->sk_state == TCP_NEW_SYN_RECV)
349 return tcp_req_err(sk, seq); 351 return tcp_req_err(sk, seq, fatal);
350 352
351 bh_lock_sock(sk); 353 bh_lock_sock(sk);
352 if (sock_owned_by_user(sk) && type != ICMPV6_PKT_TOOBIG) 354 if (sock_owned_by_user(sk) && type != ICMPV6_PKT_TOOBIG)
@@ -400,7 +402,6 @@ static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
400 goto out; 402 goto out;
401 } 403 }
402 404
403 icmpv6_err_convert(type, code, &err);
404 405
405 /* Might be for an request_sock */ 406 /* Might be for an request_sock */
406 switch (sk->sk_state) { 407 switch (sk->sk_state) {
diff --git a/net/openvswitch/vport-vxlan.c b/net/openvswitch/vport-vxlan.c
index 1605691d9414..de9cb19efb6a 100644
--- a/net/openvswitch/vport-vxlan.c
+++ b/net/openvswitch/vport-vxlan.c
@@ -91,6 +91,8 @@ static struct vport *vxlan_tnl_create(const struct vport_parms *parms)
91 struct vxlan_config conf = { 91 struct vxlan_config conf = {
92 .no_share = true, 92 .no_share = true,
93 .flags = VXLAN_F_COLLECT_METADATA, 93 .flags = VXLAN_F_COLLECT_METADATA,
94 /* Don't restrict the packets that can be sent by MTU */
95 .mtu = IP_MAX_MTU,
94 }; 96 };
95 97
96 if (!options) { 98 if (!options) {
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index 5ca2ebfe0be8..e878da0949db 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -5538,6 +5538,7 @@ static int sctp_getsockopt_hmac_ident(struct sock *sk, int len,
5538 struct sctp_hmac_algo_param *hmacs; 5538 struct sctp_hmac_algo_param *hmacs;
5539 __u16 data_len = 0; 5539 __u16 data_len = 0;
5540 u32 num_idents; 5540 u32 num_idents;
5541 int i;
5541 5542
5542 if (!ep->auth_enable) 5543 if (!ep->auth_enable)
5543 return -EACCES; 5544 return -EACCES;
@@ -5555,8 +5556,12 @@ static int sctp_getsockopt_hmac_ident(struct sock *sk, int len,
5555 return -EFAULT; 5556 return -EFAULT;
5556 if (put_user(num_idents, &p->shmac_num_idents)) 5557 if (put_user(num_idents, &p->shmac_num_idents))
5557 return -EFAULT; 5558 return -EFAULT;
5558 if (copy_to_user(p->shmac_idents, hmacs->hmac_ids, data_len)) 5559 for (i = 0; i < num_idents; i++) {
5559 return -EFAULT; 5560 __u16 hmacid = ntohs(hmacs->hmac_ids[i]);
5561
5562 if (copy_to_user(&p->shmac_idents[i], &hmacid, sizeof(__u16)))
5563 return -EFAULT;
5564 }
5560 return 0; 5565 return 0;
5561} 5566}
5562 5567
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index 49d5093eb055..29be035f9c65 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -1496,7 +1496,7 @@ static void unix_detach_fds(struct scm_cookie *scm, struct sk_buff *skb)
1496 UNIXCB(skb).fp = NULL; 1496 UNIXCB(skb).fp = NULL;
1497 1497
1498 for (i = scm->fp->count-1; i >= 0; i--) 1498 for (i = scm->fp->count-1; i >= 0; i--)
1499 unix_notinflight(scm->fp->fp[i]); 1499 unix_notinflight(scm->fp->user, scm->fp->fp[i]);
1500} 1500}
1501 1501
1502static void unix_destruct_scm(struct sk_buff *skb) 1502static void unix_destruct_scm(struct sk_buff *skb)
@@ -1561,7 +1561,7 @@ static int unix_attach_fds(struct scm_cookie *scm, struct sk_buff *skb)
1561 return -ENOMEM; 1561 return -ENOMEM;
1562 1562
1563 for (i = scm->fp->count - 1; i >= 0; i--) 1563 for (i = scm->fp->count - 1; i >= 0; i--)
1564 unix_inflight(scm->fp->fp[i]); 1564 unix_inflight(scm->fp->user, scm->fp->fp[i]);
1565 return max_level; 1565 return max_level;
1566} 1566}
1567 1567
diff --git a/net/unix/garbage.c b/net/unix/garbage.c
index 8fcdc2283af5..6a0d48525fcf 100644
--- a/net/unix/garbage.c
+++ b/net/unix/garbage.c
@@ -116,7 +116,7 @@ struct sock *unix_get_socket(struct file *filp)
116 * descriptor if it is for an AF_UNIX socket. 116 * descriptor if it is for an AF_UNIX socket.
117 */ 117 */
118 118
119void unix_inflight(struct file *fp) 119void unix_inflight(struct user_struct *user, struct file *fp)
120{ 120{
121 struct sock *s = unix_get_socket(fp); 121 struct sock *s = unix_get_socket(fp);
122 122
@@ -133,11 +133,11 @@ void unix_inflight(struct file *fp)
133 } 133 }
134 unix_tot_inflight++; 134 unix_tot_inflight++;
135 } 135 }
136 fp->f_cred->user->unix_inflight++; 136 user->unix_inflight++;
137 spin_unlock(&unix_gc_lock); 137 spin_unlock(&unix_gc_lock);
138} 138}
139 139
140void unix_notinflight(struct file *fp) 140void unix_notinflight(struct user_struct *user, struct file *fp)
141{ 141{
142 struct sock *s = unix_get_socket(fp); 142 struct sock *s = unix_get_socket(fp);
143 143
@@ -152,7 +152,7 @@ void unix_notinflight(struct file *fp)
152 list_del_init(&u->link); 152 list_del_init(&u->link);
153 unix_tot_inflight--; 153 unix_tot_inflight--;
154 } 154 }
155 fp->f_cred->user->unix_inflight--; 155 user->unix_inflight--;
156 spin_unlock(&unix_gc_lock); 156 spin_unlock(&unix_gc_lock);
157} 157}
158 158
diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c
index 2bbb41822d8e..8495b9368190 100644
--- a/security/selinux/nlmsgtab.c
+++ b/security/selinux/nlmsgtab.c
@@ -83,6 +83,7 @@ static struct nlmsg_perm nlmsg_tcpdiag_perms[] =
83 { TCPDIAG_GETSOCK, NETLINK_TCPDIAG_SOCKET__NLMSG_READ }, 83 { TCPDIAG_GETSOCK, NETLINK_TCPDIAG_SOCKET__NLMSG_READ },
84 { DCCPDIAG_GETSOCK, NETLINK_TCPDIAG_SOCKET__NLMSG_READ }, 84 { DCCPDIAG_GETSOCK, NETLINK_TCPDIAG_SOCKET__NLMSG_READ },
85 { SOCK_DIAG_BY_FAMILY, NETLINK_TCPDIAG_SOCKET__NLMSG_READ }, 85 { SOCK_DIAG_BY_FAMILY, NETLINK_TCPDIAG_SOCKET__NLMSG_READ },
86 { SOCK_DESTROY, NETLINK_TCPDIAG_SOCKET__NLMSG_WRITE },
86}; 87};
87 88
88static struct nlmsg_perm nlmsg_xfrm_perms[] = 89static struct nlmsg_perm nlmsg_xfrm_perms[] =
generated by cgit v1.2.2 (git 2.25.0) at 2026-04-25 23:14:52 -0400