aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
Diffstat (limited to 'net')
-rw-r--r--net/9p/client.c20
-rw-r--r--net/atm/common.c2
-rw-r--r--net/atm/svc.c7
-rw-r--r--net/ax25/af_ax25.c5
-rw-r--r--net/batman-adv/fragmentation.c20
-rw-r--r--net/batman-adv/types.h2
-rw-r--r--net/bluetooth/af_bluetooth.c2
-rw-r--r--net/bluetooth/cmtp/capi.c2
-rw-r--r--net/bluetooth/hci_request.c2
-rw-r--r--net/bluetooth/l2cap_sock.c3
-rw-r--r--net/bluetooth/rfcomm/sock.c4
-rw-r--r--net/bluetooth/sco.c3
-rw-r--r--net/bridge/br_forward.c3
-rw-r--r--net/bridge/br_input.c1
-rw-r--r--net/bridge/br_netfilter_hooks.c21
-rw-r--r--net/bridge/br_sysfs_br.c1
-rw-r--r--net/bridge/br_sysfs_if.c1
-rw-r--r--net/bridge/br_vlan.c2
-rw-r--r--net/caif/caif_socket.c2
-rw-r--r--net/ceph/ceph_common.c15
-rw-r--r--net/ceph/crypto.c1
-rw-r--r--net/ceph/messenger.c44
-rw-r--r--net/ceph/osd_client.c36
-rw-r--r--net/ceph/osdmap.c4
-rw-r--r--net/core/dev.c112
-rw-r--r--net/core/ethtool.c2
-rw-r--r--net/core/net-sysfs.c7
-rw-r--r--net/core/net_namespace.c2
-rw-r--r--net/core/netclassid_cgroup.c2
-rw-r--r--net/core/netprio_cgroup.c2
-rw-r--r--net/core/scm.c1
-rw-r--r--net/core/skbuff.c30
-rw-r--r--net/core/sock.c122
-rw-r--r--net/core/stream.c1
-rw-r--r--net/dccp/ccids/ccid2.c1
-rw-r--r--net/dccp/input.c10
-rw-r--r--net/dccp/ipv4.c3
-rw-r--r--net/dccp/ipv6.c8
-rw-r--r--net/dccp/minisocks.c29
-rw-r--r--net/dccp/output.c1
-rw-r--r--net/decnet/af_decnet.c7
-rw-r--r--net/dns_resolver/dns_query.c6
-rw-r--r--net/ipv4/af_inet.c9
-rw-r--r--net/ipv4/devinet.c1
-rw-r--r--net/ipv4/fib_frontend.c1
-rw-r--r--net/ipv4/inet_connection_sock.c2
-rw-r--r--net/ipv4/ip_output.c2
-rw-r--r--net/ipv4/netfilter.c7
-rw-r--r--net/ipv4/tcp.c15
-rw-r--r--net/ipv4/tcp_cdg.c2
-rw-r--r--net/ipv4/tcp_input.c10
-rw-r--r--net/ipv4/tcp_ipv4.c10
-rw-r--r--net/ipv4/tcp_timer.c6
-rw-r--r--net/ipv6/addrconf.c23
-rw-r--r--net/ipv6/af_inet6.c10
-rw-r--r--net/ipv6/ip6_fib.c2
-rw-r--r--net/ipv6/ip6_offload.c4
-rw-r--r--net/ipv6/ip6_output.c9
-rw-r--r--net/ipv6/ip6_vti.c8
-rw-r--r--net/ipv6/netfilter/nf_conntrack_reasm.c1
-rw-r--r--net/ipv6/route.c32
-rw-r--r--net/ipv6/tcp_ipv6.c8
-rw-r--r--net/irda/af_irda.c6
-rw-r--r--net/irda/ircomm/ircomm_tty.c2
-rw-r--r--net/irda/irnet/irnet_ppp.c3
-rw-r--r--net/iucv/af_iucv.c4
-rw-r--r--net/kcm/kcmsock.c2
-rw-r--r--net/llc/af_llc.c6
-rw-r--r--net/mac80211/agg-rx.c3
-rw-r--r--net/mac80211/ieee80211_i.h2
-rw-r--r--net/mac80211/mesh_plink.c2
-rw-r--r--net/mac80211/pm.c1
-rw-r--r--net/mac80211/rx.c31
-rw-r--r--net/mac80211/sta_info.c4
-rw-r--r--net/mac80211/sta_info.h8
-rw-r--r--net/mac80211/status.c3
-rw-r--r--net/mac802154/llsec.c2
-rw-r--r--net/mpls/af_mpls.c4
-rw-r--r--net/netfilter/nf_conntrack_sip.c2
-rw-r--r--net/netfilter/nf_tables_api.c133
-rw-r--r--net/netfilter/nft_set_rbtree.c9
-rw-r--r--net/netfilter/xt_owner.c2
-rw-r--r--net/netrom/af_netrom.c5
-rw-r--r--net/nfc/llcp_sock.c3
-rw-r--r--net/openvswitch/actions.c3
-rw-r--r--net/openvswitch/conntrack.c1
-rw-r--r--net/packet/af_packet.c8
-rw-r--r--net/phonet/pep.c7
-rw-r--r--net/phonet/socket.c6
-rw-r--r--net/rds/connection.c1
-rw-r--r--net/rds/ib.c10
-rw-r--r--net/rds/ib_cm.c47
-rw-r--r--net/rds/ib_mr.h2
-rw-r--r--net/rds/page.c29
-rw-r--r--net/rds/rds.h15
-rw-r--r--net/rds/tcp.c44
-rw-r--r--net/rds/tcp.h2
-rw-r--r--net/rds/tcp_listen.c11
-rw-r--r--net/rds/transport.c4
-rw-r--r--net/rose/af_rose.c5
-rw-r--r--net/rxrpc/af_rxrpc.c12
-rw-r--r--net/rxrpc/ar-internal.h1
-rw-r--r--net/rxrpc/call_accept.c48
-rw-r--r--net/rxrpc/call_object.c18
-rw-r--r--net/rxrpc/conn_client.c2
-rw-r--r--net/rxrpc/input.c28
-rw-r--r--net/rxrpc/recvmsg.c45
-rw-r--r--net/rxrpc/sendmsg.c97
-rw-r--r--net/sched/act_connmark.c3
-rw-r--r--net/sched/act_skbmod.c1
-rw-r--r--net/sched/em_meta.c1
-rw-r--r--net/sctp/input.c3
-rw-r--r--net/sctp/ipv6.c5
-rw-r--r--net/sctp/protocol.c5
-rw-r--r--net/sctp/socket.c5
-rw-r--r--net/smc/af_smc.c4
-rw-r--r--net/smc/smc_clc.c2
-rw-r--r--net/smc/smc_close.c2
-rw-r--r--net/smc/smc_rx.c2
-rw-r--r--net/smc/smc_tx.c2
-rw-r--r--net/socket.c5
-rw-r--r--net/strparser/strparser.c1
-rw-r--r--net/sunrpc/auth.c16
-rw-r--r--net/sunrpc/auth_null.c3
-rw-r--r--net/sunrpc/auth_unix.c18
-rw-r--r--net/sunrpc/cache.c68
-rw-r--r--net/sunrpc/clnt.c51
-rw-r--r--net/sunrpc/debugfs.c35
-rw-r--r--net/sunrpc/svc.c2
-rw-r--r--net/sunrpc/svcauth_unix.c4
-rw-r--r--net/sunrpc/xdr.c34
-rw-r--r--net/sunrpc/xprt.c2
-rw-r--r--net/sunrpc/xprtrdma/fmr_ops.c5
-rw-r--r--net/sunrpc/xprtrdma/frwr_ops.c11
-rw-r--r--net/sunrpc/xprtrdma/rpc_rdma.c82
-rw-r--r--net/sunrpc/xprtrdma/transport.c6
-rw-r--r--net/sunrpc/xprtrdma/verbs.c97
-rw-r--r--net/sunrpc/xprtrdma/xprt_rdma.h30
-rw-r--r--net/sunrpc/xprtsock.c94
-rw-r--r--net/tipc/socket.c10
-rw-r--r--net/unix/af_unix.c7
-rw-r--r--net/vmw_vsock/af_vsock.c4
-rw-r--r--net/vmw_vsock/virtio_transport.c3
-rw-r--r--net/vmw_vsock/virtio_transport_common.c1
-rw-r--r--net/x25/af_x25.c5
-rw-r--r--net/xfrm/xfrm_policy.c19
146 files changed, 1281 insertions, 761 deletions
diff --git a/net/9p/client.c b/net/9p/client.c
index 3fc94a49ccd5..3ce672af1596 100644
--- a/net/9p/client.c
+++ b/net/9p/client.c
@@ -32,7 +32,7 @@
32#include <linux/idr.h> 32#include <linux/idr.h>
33#include <linux/mutex.h> 33#include <linux/mutex.h>
34#include <linux/slab.h> 34#include <linux/slab.h>
35#include <linux/sched.h> 35#include <linux/sched/signal.h>
36#include <linux/uaccess.h> 36#include <linux/uaccess.h>
37#include <linux/uio.h> 37#include <linux/uio.h>
38#include <net/9p/9p.h> 38#include <net/9p/9p.h>
@@ -1101,7 +1101,7 @@ void p9_client_begin_disconnect(struct p9_client *clnt)
1101EXPORT_SYMBOL(p9_client_begin_disconnect); 1101EXPORT_SYMBOL(p9_client_begin_disconnect);
1102 1102
1103struct p9_fid *p9_client_attach(struct p9_client *clnt, struct p9_fid *afid, 1103struct p9_fid *p9_client_attach(struct p9_client *clnt, struct p9_fid *afid,
1104 char *uname, kuid_t n_uname, char *aname) 1104 const char *uname, kuid_t n_uname, const char *aname)
1105{ 1105{
1106 int err = 0; 1106 int err = 0;
1107 struct p9_req_t *req; 1107 struct p9_req_t *req;
@@ -1149,7 +1149,7 @@ error:
1149EXPORT_SYMBOL(p9_client_attach); 1149EXPORT_SYMBOL(p9_client_attach);
1150 1150
1151struct p9_fid *p9_client_walk(struct p9_fid *oldfid, uint16_t nwname, 1151struct p9_fid *p9_client_walk(struct p9_fid *oldfid, uint16_t nwname,
1152 char **wnames, int clone) 1152 const unsigned char * const *wnames, int clone)
1153{ 1153{
1154 int err; 1154 int err;
1155 struct p9_client *clnt; 1155 struct p9_client *clnt;
@@ -1271,7 +1271,7 @@ error:
1271} 1271}
1272EXPORT_SYMBOL(p9_client_open); 1272EXPORT_SYMBOL(p9_client_open);
1273 1273
1274int p9_client_create_dotl(struct p9_fid *ofid, char *name, u32 flags, u32 mode, 1274int p9_client_create_dotl(struct p9_fid *ofid, const char *name, u32 flags, u32 mode,
1275 kgid_t gid, struct p9_qid *qid) 1275 kgid_t gid, struct p9_qid *qid)
1276{ 1276{
1277 int err = 0; 1277 int err = 0;
@@ -1316,7 +1316,7 @@ error:
1316} 1316}
1317EXPORT_SYMBOL(p9_client_create_dotl); 1317EXPORT_SYMBOL(p9_client_create_dotl);
1318 1318
1319int p9_client_fcreate(struct p9_fid *fid, char *name, u32 perm, int mode, 1319int p9_client_fcreate(struct p9_fid *fid, const char *name, u32 perm, int mode,
1320 char *extension) 1320 char *extension)
1321{ 1321{
1322 int err; 1322 int err;
@@ -1361,8 +1361,8 @@ error:
1361} 1361}
1362EXPORT_SYMBOL(p9_client_fcreate); 1362EXPORT_SYMBOL(p9_client_fcreate);
1363 1363
1364int p9_client_symlink(struct p9_fid *dfid, char *name, char *symtgt, kgid_t gid, 1364int p9_client_symlink(struct p9_fid *dfid, const char *name,
1365 struct p9_qid *qid) 1365 const char *symtgt, kgid_t gid, struct p9_qid *qid)
1366{ 1366{
1367 int err = 0; 1367 int err = 0;
1368 struct p9_client *clnt; 1368 struct p9_client *clnt;
@@ -1395,7 +1395,7 @@ error:
1395} 1395}
1396EXPORT_SYMBOL(p9_client_symlink); 1396EXPORT_SYMBOL(p9_client_symlink);
1397 1397
1398int p9_client_link(struct p9_fid *dfid, struct p9_fid *oldfid, char *newname) 1398int p9_client_link(struct p9_fid *dfid, struct p9_fid *oldfid, const char *newname)
1399{ 1399{
1400 struct p9_client *clnt; 1400 struct p9_client *clnt;
1401 struct p9_req_t *req; 1401 struct p9_req_t *req;
@@ -2117,7 +2117,7 @@ error:
2117} 2117}
2118EXPORT_SYMBOL(p9_client_readdir); 2118EXPORT_SYMBOL(p9_client_readdir);
2119 2119
2120int p9_client_mknod_dotl(struct p9_fid *fid, char *name, int mode, 2120int p9_client_mknod_dotl(struct p9_fid *fid, const char *name, int mode,
2121 dev_t rdev, kgid_t gid, struct p9_qid *qid) 2121 dev_t rdev, kgid_t gid, struct p9_qid *qid)
2122{ 2122{
2123 int err; 2123 int err;
@@ -2148,7 +2148,7 @@ error:
2148} 2148}
2149EXPORT_SYMBOL(p9_client_mknod_dotl); 2149EXPORT_SYMBOL(p9_client_mknod_dotl);
2150 2150
2151int p9_client_mkdir_dotl(struct p9_fid *fid, char *name, int mode, 2151int p9_client_mkdir_dotl(struct p9_fid *fid, const char *name, int mode,
2152 kgid_t gid, struct p9_qid *qid) 2152 kgid_t gid, struct p9_qid *qid)
2153{ 2153{
2154 int err; 2154 int err;
diff --git a/net/atm/common.c b/net/atm/common.c
index a3ca922d307b..9613381f5db0 100644
--- a/net/atm/common.c
+++ b/net/atm/common.c
@@ -13,7 +13,7 @@
13#include <linux/errno.h> /* error codes */ 13#include <linux/errno.h> /* error codes */
14#include <linux/capability.h> 14#include <linux/capability.h>
15#include <linux/mm.h> 15#include <linux/mm.h>
16#include <linux/sched.h> 16#include <linux/sched/signal.h>
17#include <linux/time.h> /* struct timeval */ 17#include <linux/time.h> /* struct timeval */
18#include <linux/skbuff.h> 18#include <linux/skbuff.h>
19#include <linux/bitops.h> 19#include <linux/bitops.h>
diff --git a/net/atm/svc.c b/net/atm/svc.c
index 878563a8354d..5589de7086af 100644
--- a/net/atm/svc.c
+++ b/net/atm/svc.c
@@ -10,7 +10,7 @@
10#include <linux/kernel.h> /* printk */ 10#include <linux/kernel.h> /* printk */
11#include <linux/skbuff.h> 11#include <linux/skbuff.h>
12#include <linux/wait.h> 12#include <linux/wait.h>
13#include <linux/sched.h> /* jiffies and HZ */ 13#include <linux/sched/signal.h>
14#include <linux/fcntl.h> /* O_NONBLOCK */ 14#include <linux/fcntl.h> /* O_NONBLOCK */
15#include <linux/init.h> 15#include <linux/init.h>
16#include <linux/atm.h> /* ATM stuff */ 16#include <linux/atm.h> /* ATM stuff */
@@ -318,7 +318,8 @@ out:
318 return error; 318 return error;
319} 319}
320 320
321static int svc_accept(struct socket *sock, struct socket *newsock, int flags) 321static int svc_accept(struct socket *sock, struct socket *newsock, int flags,
322 bool kern)
322{ 323{
323 struct sock *sk = sock->sk; 324 struct sock *sk = sock->sk;
324 struct sk_buff *skb; 325 struct sk_buff *skb;
@@ -329,7 +330,7 @@ static int svc_accept(struct socket *sock, struct socket *newsock, int flags)
329 330
330 lock_sock(sk); 331 lock_sock(sk);
331 332
332 error = svc_create(sock_net(sk), newsock, 0, 0); 333 error = svc_create(sock_net(sk), newsock, 0, kern);
333 if (error) 334 if (error)
334 goto out; 335 goto out;
335 336
diff --git a/net/ax25/af_ax25.c b/net/ax25/af_ax25.c
index 90fcf5fc2e0a..b7c486752b3a 100644
--- a/net/ax25/af_ax25.c
+++ b/net/ax25/af_ax25.c
@@ -20,7 +20,7 @@
20#include <linux/socket.h> 20#include <linux/socket.h>
21#include <linux/in.h> 21#include <linux/in.h>
22#include <linux/kernel.h> 22#include <linux/kernel.h>
23#include <linux/sched.h> 23#include <linux/sched/signal.h>
24#include <linux/timer.h> 24#include <linux/timer.h>
25#include <linux/string.h> 25#include <linux/string.h>
26#include <linux/sockios.h> 26#include <linux/sockios.h>
@@ -1320,7 +1320,8 @@ out_release:
1320 return err; 1320 return err;
1321} 1321}
1322 1322
1323static int ax25_accept(struct socket *sock, struct socket *newsock, int flags) 1323static int ax25_accept(struct socket *sock, struct socket *newsock, int flags,
1324 bool kern)
1324{ 1325{
1325 struct sk_buff *skb; 1326 struct sk_buff *skb;
1326 struct sock *newsk; 1327 struct sock *newsk;
diff --git a/net/batman-adv/fragmentation.c b/net/batman-adv/fragmentation.c
index ead18ca836de..11a23fd6e1a0 100644
--- a/net/batman-adv/fragmentation.c
+++ b/net/batman-adv/fragmentation.c
@@ -239,8 +239,10 @@ err_unlock:
239 spin_unlock_bh(&chain->lock); 239 spin_unlock_bh(&chain->lock);
240 240
241err: 241err:
242 if (!ret) 242 if (!ret) {
243 kfree(frag_entry_new); 243 kfree(frag_entry_new);
244 kfree_skb(skb);
245 }
244 246
245 return ret; 247 return ret;
246} 248}
@@ -313,7 +315,7 @@ free:
313 * 315 *
314 * There are three possible outcomes: 1) Packet is merged: Return true and 316 * There are three possible outcomes: 1) Packet is merged: Return true and
315 * set *skb to merged packet; 2) Packet is buffered: Return true and set *skb 317 * set *skb to merged packet; 2) Packet is buffered: Return true and set *skb
316 * to NULL; 3) Error: Return false and leave skb as is. 318 * to NULL; 3) Error: Return false and free skb.
317 * 319 *
318 * Return: true when packet is merged or buffered, false when skb is not not 320 * Return: true when packet is merged or buffered, false when skb is not not
319 * used. 321 * used.
@@ -338,9 +340,9 @@ bool batadv_frag_skb_buffer(struct sk_buff **skb,
338 goto out_err; 340 goto out_err;
339 341
340out: 342out:
341 *skb = skb_out;
342 ret = true; 343 ret = true;
343out_err: 344out_err:
345 *skb = skb_out;
344 return ret; 346 return ret;
345} 347}
346 348
@@ -499,6 +501,12 @@ int batadv_frag_send_packet(struct sk_buff *skb,
499 501
500 /* Eat and send fragments from the tail of skb */ 502 /* Eat and send fragments from the tail of skb */
501 while (skb->len > max_fragment_size) { 503 while (skb->len > max_fragment_size) {
504 /* The initial check in this function should cover this case */
505 if (unlikely(frag_header.no == BATADV_FRAG_MAX_FRAGMENTS - 1)) {
506 ret = -EINVAL;
507 goto put_primary_if;
508 }
509
502 skb_fragment = batadv_frag_create(skb, &frag_header, mtu); 510 skb_fragment = batadv_frag_create(skb, &frag_header, mtu);
503 if (!skb_fragment) { 511 if (!skb_fragment) {
504 ret = -ENOMEM; 512 ret = -ENOMEM;
@@ -515,12 +523,6 @@ int batadv_frag_send_packet(struct sk_buff *skb,
515 } 523 }
516 524
517 frag_header.no++; 525 frag_header.no++;
518
519 /* The initial check in this function should cover this case */
520 if (frag_header.no == BATADV_FRAG_MAX_FRAGMENTS - 1) {
521 ret = -EINVAL;
522 goto put_primary_if;
523 }
524 } 526 }
525 527
526 /* Make room for the fragment header. */ 528 /* Make room for the fragment header. */
diff --git a/net/batman-adv/types.h b/net/batman-adv/types.h
index 8f64a5c01345..66b25e410a41 100644
--- a/net/batman-adv/types.h
+++ b/net/batman-adv/types.h
@@ -402,7 +402,7 @@ struct batadv_gw_node {
402 struct rcu_head rcu; 402 struct rcu_head rcu;
403}; 403};
404 404
405DECLARE_EWMA(throughput, 1024, 8) 405DECLARE_EWMA(throughput, 10, 8)
406 406
407/** 407/**
408 * struct batadv_hardif_neigh_node_bat_v - B.A.T.M.A.N. V private neighbor 408 * struct batadv_hardif_neigh_node_bat_v - B.A.T.M.A.N. V private neighbor
diff --git a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c
index cfb2faba46de..69e1f7d362a8 100644
--- a/net/bluetooth/af_bluetooth.c
+++ b/net/bluetooth/af_bluetooth.c
@@ -27,6 +27,8 @@
27#include <linux/module.h> 27#include <linux/module.h>
28#include <linux/debugfs.h> 28#include <linux/debugfs.h>
29#include <linux/stringify.h> 29#include <linux/stringify.h>
30#include <linux/sched/signal.h>
31
30#include <asm/ioctls.h> 32#include <asm/ioctls.h>
31 33
32#include <net/bluetooth/bluetooth.h> 34#include <net/bluetooth/bluetooth.h>
diff --git a/net/bluetooth/cmtp/capi.c b/net/bluetooth/cmtp/capi.c
index 46ac686c8911..bb308224099c 100644
--- a/net/bluetooth/cmtp/capi.c
+++ b/net/bluetooth/cmtp/capi.c
@@ -26,7 +26,7 @@
26#include <linux/types.h> 26#include <linux/types.h>
27#include <linux/errno.h> 27#include <linux/errno.h>
28#include <linux/kernel.h> 28#include <linux/kernel.h>
29#include <linux/sched.h> 29#include <linux/sched/signal.h>
30#include <linux/slab.h> 30#include <linux/slab.h>
31#include <linux/poll.h> 31#include <linux/poll.h>
32#include <linux/fcntl.h> 32#include <linux/fcntl.h>
diff --git a/net/bluetooth/hci_request.c b/net/bluetooth/hci_request.c
index 1015d9c8d97d..b5faff458d8b 100644
--- a/net/bluetooth/hci_request.c
+++ b/net/bluetooth/hci_request.c
@@ -21,6 +21,8 @@
21 SOFTWARE IS DISCLAIMED. 21 SOFTWARE IS DISCLAIMED.
22*/ 22*/
23 23
24#include <linux/sched/signal.h>
25
24#include <net/bluetooth/bluetooth.h> 26#include <net/bluetooth/bluetooth.h>
25#include <net/bluetooth/hci_core.h> 27#include <net/bluetooth/hci_core.h>
26#include <net/bluetooth/mgmt.h> 28#include <net/bluetooth/mgmt.h>
diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c
index a8ba752732c9..507b80d59dec 100644
--- a/net/bluetooth/l2cap_sock.c
+++ b/net/bluetooth/l2cap_sock.c
@@ -29,6 +29,7 @@
29 29
30#include <linux/module.h> 30#include <linux/module.h>
31#include <linux/export.h> 31#include <linux/export.h>
32#include <linux/sched/signal.h>
32 33
33#include <net/bluetooth/bluetooth.h> 34#include <net/bluetooth/bluetooth.h>
34#include <net/bluetooth/hci_core.h> 35#include <net/bluetooth/hci_core.h>
@@ -300,7 +301,7 @@ done:
300} 301}
301 302
302static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, 303static int l2cap_sock_accept(struct socket *sock, struct socket *newsock,
303 int flags) 304 int flags, bool kern)
304{ 305{
305 DEFINE_WAIT_FUNC(wait, woken_wake_function); 306 DEFINE_WAIT_FUNC(wait, woken_wake_function);
306 struct sock *sk = sock->sk, *nsk; 307 struct sock *sk = sock->sk, *nsk;
diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c
index 7511df72347f..ac3c650cb234 100644
--- a/net/bluetooth/rfcomm/sock.c
+++ b/net/bluetooth/rfcomm/sock.c
@@ -27,6 +27,7 @@
27 27
28#include <linux/export.h> 28#include <linux/export.h>
29#include <linux/debugfs.h> 29#include <linux/debugfs.h>
30#include <linux/sched/signal.h>
30 31
31#include <net/bluetooth/bluetooth.h> 32#include <net/bluetooth/bluetooth.h>
32#include <net/bluetooth/hci_core.h> 33#include <net/bluetooth/hci_core.h>
@@ -470,7 +471,8 @@ done:
470 return err; 471 return err;
471} 472}
472 473
473static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags) 474static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags,
475 bool kern)
474{ 476{
475 DEFINE_WAIT_FUNC(wait, woken_wake_function); 477 DEFINE_WAIT_FUNC(wait, woken_wake_function);
476 struct sock *sk = sock->sk, *nsk; 478 struct sock *sk = sock->sk, *nsk;
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index 3125ce670c2f..728e0c8dc8e7 100644
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -27,6 +27,7 @@
27#include <linux/module.h> 27#include <linux/module.h>
28#include <linux/debugfs.h> 28#include <linux/debugfs.h>
29#include <linux/seq_file.h> 29#include <linux/seq_file.h>
30#include <linux/sched/signal.h>
30 31
31#include <net/bluetooth/bluetooth.h> 32#include <net/bluetooth/bluetooth.h>
32#include <net/bluetooth/hci_core.h> 33#include <net/bluetooth/hci_core.h>
@@ -626,7 +627,7 @@ done:
626} 627}
627 628
628static int sco_sock_accept(struct socket *sock, struct socket *newsock, 629static int sco_sock_accept(struct socket *sock, struct socket *newsock,
629 int flags) 630 int flags, bool kern)
630{ 631{
631 DEFINE_WAIT_FUNC(wait, woken_wake_function); 632 DEFINE_WAIT_FUNC(wait, woken_wake_function);
632 struct sock *sk = sock->sk, *ch; 633 struct sock *sk = sock->sk, *ch;
diff --git a/net/bridge/br_forward.c b/net/bridge/br_forward.c
index 6bfac29318f2..902af6ba481c 100644
--- a/net/bridge/br_forward.c
+++ b/net/bridge/br_forward.c
@@ -186,8 +186,9 @@ void br_flood(struct net_bridge *br, struct sk_buff *skb,
186 /* Do not flood unicast traffic to ports that turn it off */ 186 /* Do not flood unicast traffic to ports that turn it off */
187 if (pkt_type == BR_PKT_UNICAST && !(p->flags & BR_FLOOD)) 187 if (pkt_type == BR_PKT_UNICAST && !(p->flags & BR_FLOOD))
188 continue; 188 continue;
189 /* Do not flood if mc off, except for traffic we originate */
189 if (pkt_type == BR_PKT_MULTICAST && 190 if (pkt_type == BR_PKT_MULTICAST &&
190 !(p->flags & BR_MCAST_FLOOD)) 191 !(p->flags & BR_MCAST_FLOOD) && skb->dev != br->dev)
191 continue; 192 continue;
192 193
193 /* Do not flood to ports that enable proxy ARP */ 194 /* Do not flood to ports that enable proxy ARP */
diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c
index 236f34244dbe..013f2290bfa5 100644
--- a/net/bridge/br_input.c
+++ b/net/bridge/br_input.c
@@ -30,6 +30,7 @@ EXPORT_SYMBOL(br_should_route_hook);
30static int 30static int
31br_netif_receive_skb(struct net *net, struct sock *sk, struct sk_buff *skb) 31br_netif_receive_skb(struct net *net, struct sock *sk, struct sk_buff *skb)
32{ 32{
33 br_drop_fake_rtable(skb);
33 return netif_receive_skb(skb); 34 return netif_receive_skb(skb);
34} 35}
35 36
diff --git a/net/bridge/br_netfilter_hooks.c b/net/bridge/br_netfilter_hooks.c
index 95087e6e8258..fa87fbd62bb7 100644
--- a/net/bridge/br_netfilter_hooks.c
+++ b/net/bridge/br_netfilter_hooks.c
@@ -521,21 +521,6 @@ static unsigned int br_nf_pre_routing(void *priv,
521} 521}
522 522
523 523
524/* PF_BRIDGE/LOCAL_IN ************************************************/
525/* The packet is locally destined, which requires a real
526 * dst_entry, so detach the fake one. On the way up, the
527 * packet would pass through PRE_ROUTING again (which already
528 * took place when the packet entered the bridge), but we
529 * register an IPv4 PRE_ROUTING 'sabotage' hook that will
530 * prevent this from happening. */
531static unsigned int br_nf_local_in(void *priv,
532 struct sk_buff *skb,
533 const struct nf_hook_state *state)
534{
535 br_drop_fake_rtable(skb);
536 return NF_ACCEPT;
537}
538
539/* PF_BRIDGE/FORWARD *************************************************/ 524/* PF_BRIDGE/FORWARD *************************************************/
540static int br_nf_forward_finish(struct net *net, struct sock *sk, struct sk_buff *skb) 525static int br_nf_forward_finish(struct net *net, struct sock *sk, struct sk_buff *skb)
541{ 526{
@@ -908,12 +893,6 @@ static struct nf_hook_ops br_nf_ops[] __read_mostly = {
908 .priority = NF_BR_PRI_BRNF, 893 .priority = NF_BR_PRI_BRNF,
909 }, 894 },
910 { 895 {
911 .hook = br_nf_local_in,
912 .pf = NFPROTO_BRIDGE,
913 .hooknum = NF_BR_LOCAL_IN,
914 .priority = NF_BR_PRI_BRNF,
915 },
916 {
917 .hook = br_nf_forward_ip, 896 .hook = br_nf_forward_ip,
918 .pf = NFPROTO_BRIDGE, 897 .pf = NFPROTO_BRIDGE,
919 .hooknum = NF_BR_FORWARD, 898 .hooknum = NF_BR_FORWARD,
diff --git a/net/bridge/br_sysfs_br.c b/net/bridge/br_sysfs_br.c
index 0f4034934d56..0b5dd607444c 100644
--- a/net/bridge/br_sysfs_br.c
+++ b/net/bridge/br_sysfs_br.c
@@ -19,6 +19,7 @@
19#include <linux/rtnetlink.h> 19#include <linux/rtnetlink.h>
20#include <linux/spinlock.h> 20#include <linux/spinlock.h>
21#include <linux/times.h> 21#include <linux/times.h>
22#include <linux/sched/signal.h>
22 23
23#include "br_private.h" 24#include "br_private.h"
24 25
diff --git a/net/bridge/br_sysfs_if.c b/net/bridge/br_sysfs_if.c
index 05e8946ccc03..79aee759aba5 100644
--- a/net/bridge/br_sysfs_if.c
+++ b/net/bridge/br_sysfs_if.c
@@ -17,6 +17,7 @@
17#include <linux/if_bridge.h> 17#include <linux/if_bridge.h>
18#include <linux/rtnetlink.h> 18#include <linux/rtnetlink.h>
19#include <linux/spinlock.h> 19#include <linux/spinlock.h>
20#include <linux/sched/signal.h>
20 21
21#include "br_private.h" 22#include "br_private.h"
22 23
diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c
index 62e68c0dc687..b838213c408e 100644
--- a/net/bridge/br_vlan.c
+++ b/net/bridge/br_vlan.c
@@ -997,10 +997,10 @@ err_vlan_add:
997 RCU_INIT_POINTER(p->vlgrp, NULL); 997 RCU_INIT_POINTER(p->vlgrp, NULL);
998 synchronize_rcu(); 998 synchronize_rcu();
999 vlan_tunnel_deinit(vg); 999 vlan_tunnel_deinit(vg);
1000err_vlan_enabled:
1001err_tunnel_init: 1000err_tunnel_init:
1002 rhashtable_destroy(&vg->vlan_hash); 1001 rhashtable_destroy(&vg->vlan_hash);
1003err_rhtbl: 1002err_rhtbl:
1003err_vlan_enabled:
1004 kfree(vg); 1004 kfree(vg);
1005 1005
1006 goto out; 1006 goto out;
diff --git a/net/caif/caif_socket.c b/net/caif/caif_socket.c
index 92cbbd2afddb..adcad344c843 100644
--- a/net/caif/caif_socket.c
+++ b/net/caif/caif_socket.c
@@ -9,7 +9,7 @@
9#include <linux/fs.h> 9#include <linux/fs.h>
10#include <linux/init.h> 10#include <linux/init.h>
11#include <linux/module.h> 11#include <linux/module.h>
12#include <linux/sched.h> 12#include <linux/sched/signal.h>
13#include <linux/spinlock.h> 13#include <linux/spinlock.h>
14#include <linux/mutex.h> 14#include <linux/mutex.h>
15#include <linux/list.h> 15#include <linux/list.h>
diff --git a/net/ceph/ceph_common.c b/net/ceph/ceph_common.c
index 464e88599b9d..108533859a53 100644
--- a/net/ceph/ceph_common.c
+++ b/net/ceph/ceph_common.c
@@ -230,6 +230,7 @@ enum {
230 Opt_osdkeepalivetimeout, 230 Opt_osdkeepalivetimeout,
231 Opt_mount_timeout, 231 Opt_mount_timeout,
232 Opt_osd_idle_ttl, 232 Opt_osd_idle_ttl,
233 Opt_osd_request_timeout,
233 Opt_last_int, 234 Opt_last_int,
234 /* int args above */ 235 /* int args above */
235 Opt_fsid, 236 Opt_fsid,
@@ -256,6 +257,7 @@ static match_table_t opt_tokens = {
256 {Opt_osdkeepalivetimeout, "osdkeepalive=%d"}, 257 {Opt_osdkeepalivetimeout, "osdkeepalive=%d"},
257 {Opt_mount_timeout, "mount_timeout=%d"}, 258 {Opt_mount_timeout, "mount_timeout=%d"},
258 {Opt_osd_idle_ttl, "osd_idle_ttl=%d"}, 259 {Opt_osd_idle_ttl, "osd_idle_ttl=%d"},
260 {Opt_osd_request_timeout, "osd_request_timeout=%d"},
259 /* int args above */ 261 /* int args above */
260 {Opt_fsid, "fsid=%s"}, 262 {Opt_fsid, "fsid=%s"},
261 {Opt_name, "name=%s"}, 263 {Opt_name, "name=%s"},
@@ -361,6 +363,7 @@ ceph_parse_options(char *options, const char *dev_name,
361 opt->osd_keepalive_timeout = CEPH_OSD_KEEPALIVE_DEFAULT; 363 opt->osd_keepalive_timeout = CEPH_OSD_KEEPALIVE_DEFAULT;
362 opt->mount_timeout = CEPH_MOUNT_TIMEOUT_DEFAULT; 364 opt->mount_timeout = CEPH_MOUNT_TIMEOUT_DEFAULT;
363 opt->osd_idle_ttl = CEPH_OSD_IDLE_TTL_DEFAULT; 365 opt->osd_idle_ttl = CEPH_OSD_IDLE_TTL_DEFAULT;
366 opt->osd_request_timeout = CEPH_OSD_REQUEST_TIMEOUT_DEFAULT;
364 367
365 /* get mon ip(s) */ 368 /* get mon ip(s) */
366 /* ip1[:port1][,ip2[:port2]...] */ 369 /* ip1[:port1][,ip2[:port2]...] */
@@ -473,6 +476,15 @@ ceph_parse_options(char *options, const char *dev_name,
473 } 476 }
474 opt->mount_timeout = msecs_to_jiffies(intval * 1000); 477 opt->mount_timeout = msecs_to_jiffies(intval * 1000);
475 break; 478 break;
479 case Opt_osd_request_timeout:
480 /* 0 is "wait forever" (i.e. infinite timeout) */
481 if (intval < 0 || intval > INT_MAX / 1000) {
482 pr_err("osd_request_timeout out of range\n");
483 err = -EINVAL;
484 goto out;
485 }
486 opt->osd_request_timeout = msecs_to_jiffies(intval * 1000);
487 break;
476 488
477 case Opt_share: 489 case Opt_share:
478 opt->flags &= ~CEPH_OPT_NOSHARE; 490 opt->flags &= ~CEPH_OPT_NOSHARE;
@@ -557,6 +569,9 @@ int ceph_print_client_options(struct seq_file *m, struct ceph_client *client)
557 if (opt->osd_keepalive_timeout != CEPH_OSD_KEEPALIVE_DEFAULT) 569 if (opt->osd_keepalive_timeout != CEPH_OSD_KEEPALIVE_DEFAULT)
558 seq_printf(m, "osdkeepalivetimeout=%d,", 570 seq_printf(m, "osdkeepalivetimeout=%d,",
559 jiffies_to_msecs(opt->osd_keepalive_timeout) / 1000); 571 jiffies_to_msecs(opt->osd_keepalive_timeout) / 1000);
572 if (opt->osd_request_timeout != CEPH_OSD_REQUEST_TIMEOUT_DEFAULT)
573 seq_printf(m, "osd_request_timeout=%d,",
574 jiffies_to_msecs(opt->osd_request_timeout) / 1000);
560 575
561 /* drop redundant comma */ 576 /* drop redundant comma */
562 if (m->count != pos) 577 if (m->count != pos)
diff --git a/net/ceph/crypto.c b/net/ceph/crypto.c
index 85747b7f91a9..46008d5ac504 100644
--- a/net/ceph/crypto.c
+++ b/net/ceph/crypto.c
@@ -8,6 +8,7 @@
8#include <crypto/aes.h> 8#include <crypto/aes.h>
9#include <crypto/skcipher.h> 9#include <crypto/skcipher.h>
10#include <linux/key-type.h> 10#include <linux/key-type.h>
11#include <linux/sched/mm.h>
11 12
12#include <keys/ceph-type.h> 13#include <keys/ceph-type.h>
13#include <keys/user-type.h> 14#include <keys/user-type.h>
diff --git a/net/ceph/messenger.c b/net/ceph/messenger.c
index bad3d4ae43f6..38dcf1eb427d 100644
--- a/net/ceph/messenger.c
+++ b/net/ceph/messenger.c
@@ -520,7 +520,8 @@ static int ceph_tcp_recvmsg(struct socket *sock, void *buf, size_t len)
520 struct msghdr msg = { .msg_flags = MSG_DONTWAIT | MSG_NOSIGNAL }; 520 struct msghdr msg = { .msg_flags = MSG_DONTWAIT | MSG_NOSIGNAL };
521 int r; 521 int r;
522 522
523 r = kernel_recvmsg(sock, &msg, &iov, 1, len, msg.msg_flags); 523 iov_iter_kvec(&msg.msg_iter, READ | ITER_KVEC, &iov, 1, len);
524 r = sock_recvmsg(sock, &msg, msg.msg_flags);
524 if (r == -EAGAIN) 525 if (r == -EAGAIN)
525 r = 0; 526 r = 0;
526 return r; 527 return r;
@@ -529,17 +530,20 @@ static int ceph_tcp_recvmsg(struct socket *sock, void *buf, size_t len)
529static int ceph_tcp_recvpage(struct socket *sock, struct page *page, 530static int ceph_tcp_recvpage(struct socket *sock, struct page *page,
530 int page_offset, size_t length) 531 int page_offset, size_t length)
531{ 532{
532 void *kaddr; 533 struct bio_vec bvec = {
533 int ret; 534 .bv_page = page,
535 .bv_offset = page_offset,
536 .bv_len = length
537 };
538 struct msghdr msg = { .msg_flags = MSG_DONTWAIT | MSG_NOSIGNAL };
539 int r;
534 540
535 BUG_ON(page_offset + length > PAGE_SIZE); 541 BUG_ON(page_offset + length > PAGE_SIZE);
536 542 iov_iter_bvec(&msg.msg_iter, READ | ITER_BVEC, &bvec, 1, length);
537 kaddr = kmap(page); 543 r = sock_recvmsg(sock, &msg, msg.msg_flags);
538 BUG_ON(!kaddr); 544 if (r == -EAGAIN)
539 ret = ceph_tcp_recvmsg(sock, kaddr + page_offset, length); 545 r = 0;
540 kunmap(page); 546 return r;
541
542 return ret;
543} 547}
544 548
545/* 549/*
@@ -579,18 +583,28 @@ static int __ceph_tcp_sendpage(struct socket *sock, struct page *page,
579static int ceph_tcp_sendpage(struct socket *sock, struct page *page, 583static int ceph_tcp_sendpage(struct socket *sock, struct page *page,
580 int offset, size_t size, bool more) 584 int offset, size_t size, bool more)
581{ 585{
586 struct msghdr msg = { .msg_flags = MSG_DONTWAIT | MSG_NOSIGNAL };
587 struct bio_vec bvec;
582 int ret; 588 int ret;
583 struct kvec iov;
584 589
585 /* sendpage cannot properly handle pages with page_count == 0, 590 /* sendpage cannot properly handle pages with page_count == 0,
586 * we need to fallback to sendmsg if that's the case */ 591 * we need to fallback to sendmsg if that's the case */
587 if (page_count(page) >= 1) 592 if (page_count(page) >= 1)
588 return __ceph_tcp_sendpage(sock, page, offset, size, more); 593 return __ceph_tcp_sendpage(sock, page, offset, size, more);
589 594
590 iov.iov_base = kmap(page) + offset; 595 bvec.bv_page = page;
591 iov.iov_len = size; 596 bvec.bv_offset = offset;
592 ret = ceph_tcp_sendmsg(sock, &iov, 1, size, more); 597 bvec.bv_len = size;
593 kunmap(page); 598
599 if (more)
600 msg.msg_flags |= MSG_MORE;
601 else
602 msg.msg_flags |= MSG_EOR; /* superfluous, but what the hell */
603
604 iov_iter_bvec(&msg.msg_iter, WRITE | ITER_BVEC, &bvec, 1, size);
605 ret = sock_sendmsg(sock, &msg);
606 if (ret == -EAGAIN)
607 ret = 0;
594 608
595 return ret; 609 return ret;
596} 610}
diff --git a/net/ceph/osd_client.c b/net/ceph/osd_client.c
index b65bbf9f45eb..e15ea9e4c495 100644
--- a/net/ceph/osd_client.c
+++ b/net/ceph/osd_client.c
@@ -1709,6 +1709,8 @@ static void account_request(struct ceph_osd_request *req)
1709 1709
1710 req->r_flags |= CEPH_OSD_FLAG_ONDISK; 1710 req->r_flags |= CEPH_OSD_FLAG_ONDISK;
1711 atomic_inc(&req->r_osdc->num_requests); 1711 atomic_inc(&req->r_osdc->num_requests);
1712
1713 req->r_start_stamp = jiffies;
1712} 1714}
1713 1715
1714static void submit_request(struct ceph_osd_request *req, bool wrlocked) 1716static void submit_request(struct ceph_osd_request *req, bool wrlocked)
@@ -1789,6 +1791,14 @@ static void cancel_request(struct ceph_osd_request *req)
1789 ceph_osdc_put_request(req); 1791 ceph_osdc_put_request(req);
1790} 1792}
1791 1793
1794static void abort_request(struct ceph_osd_request *req, int err)
1795{
1796 dout("%s req %p tid %llu err %d\n", __func__, req, req->r_tid, err);
1797
1798 cancel_map_check(req);
1799 complete_request(req, err);
1800}
1801
1792static void check_pool_dne(struct ceph_osd_request *req) 1802static void check_pool_dne(struct ceph_osd_request *req)
1793{ 1803{
1794 struct ceph_osd_client *osdc = req->r_osdc; 1804 struct ceph_osd_client *osdc = req->r_osdc;
@@ -2487,6 +2497,7 @@ static void handle_timeout(struct work_struct *work)
2487 container_of(work, struct ceph_osd_client, timeout_work.work); 2497 container_of(work, struct ceph_osd_client, timeout_work.work);
2488 struct ceph_options *opts = osdc->client->options; 2498 struct ceph_options *opts = osdc->client->options;
2489 unsigned long cutoff = jiffies - opts->osd_keepalive_timeout; 2499 unsigned long cutoff = jiffies - opts->osd_keepalive_timeout;
2500 unsigned long expiry_cutoff = jiffies - opts->osd_request_timeout;
2490 LIST_HEAD(slow_osds); 2501 LIST_HEAD(slow_osds);
2491 struct rb_node *n, *p; 2502 struct rb_node *n, *p;
2492 2503
@@ -2502,15 +2513,23 @@ static void handle_timeout(struct work_struct *work)
2502 struct ceph_osd *osd = rb_entry(n, struct ceph_osd, o_node); 2513 struct ceph_osd *osd = rb_entry(n, struct ceph_osd, o_node);
2503 bool found = false; 2514 bool found = false;
2504 2515
2505 for (p = rb_first(&osd->o_requests); p; p = rb_next(p)) { 2516 for (p = rb_first(&osd->o_requests); p; ) {
2506 struct ceph_osd_request *req = 2517 struct ceph_osd_request *req =
2507 rb_entry(p, struct ceph_osd_request, r_node); 2518 rb_entry(p, struct ceph_osd_request, r_node);
2508 2519
2520 p = rb_next(p); /* abort_request() */
2521
2509 if (time_before(req->r_stamp, cutoff)) { 2522 if (time_before(req->r_stamp, cutoff)) {
2510 dout(" req %p tid %llu on osd%d is laggy\n", 2523 dout(" req %p tid %llu on osd%d is laggy\n",
2511 req, req->r_tid, osd->o_osd); 2524 req, req->r_tid, osd->o_osd);
2512 found = true; 2525 found = true;
2513 } 2526 }
2527 if (opts->osd_request_timeout &&
2528 time_before(req->r_start_stamp, expiry_cutoff)) {
2529 pr_err_ratelimited("tid %llu on osd%d timeout\n",
2530 req->r_tid, osd->o_osd);
2531 abort_request(req, -ETIMEDOUT);
2532 }
2514 } 2533 }
2515 for (p = rb_first(&osd->o_linger_requests); p; p = rb_next(p)) { 2534 for (p = rb_first(&osd->o_linger_requests); p; p = rb_next(p)) {
2516 struct ceph_osd_linger_request *lreq = 2535 struct ceph_osd_linger_request *lreq =
@@ -2530,6 +2549,21 @@ static void handle_timeout(struct work_struct *work)
2530 list_move_tail(&osd->o_keepalive_item, &slow_osds); 2549 list_move_tail(&osd->o_keepalive_item, &slow_osds);
2531 } 2550 }
2532 2551
2552 if (opts->osd_request_timeout) {
2553 for (p = rb_first(&osdc->homeless_osd.o_requests); p; ) {
2554 struct ceph_osd_request *req =
2555 rb_entry(p, struct ceph_osd_request, r_node);
2556
2557 p = rb_next(p); /* abort_request() */
2558
2559 if (time_before(req->r_start_stamp, expiry_cutoff)) {
2560 pr_err_ratelimited("tid %llu on osd%d timeout\n",
2561 req->r_tid, osdc->homeless_osd.o_osd);
2562 abort_request(req, -ETIMEDOUT);
2563 }
2564 }
2565 }
2566
2533 if (atomic_read(&osdc->num_homeless) || !list_empty(&slow_osds)) 2567 if (atomic_read(&osdc->num_homeless) || !list_empty(&slow_osds))
2534 maybe_request_map(osdc); 2568 maybe_request_map(osdc);
2535 2569
diff --git a/net/ceph/osdmap.c b/net/ceph/osdmap.c
index 6824c0ec8373..ffe9e904d4d1 100644
--- a/net/ceph/osdmap.c
+++ b/net/ceph/osdmap.c
@@ -390,9 +390,8 @@ static struct crush_map *crush_decode(void *pbyval, void *end)
390 dout("crush decode tunable chooseleaf_stable = %d\n", 390 dout("crush decode tunable chooseleaf_stable = %d\n",
391 c->chooseleaf_stable); 391 c->chooseleaf_stable);
392 392
393 crush_finalize(c);
394
395done: 393done:
394 crush_finalize(c);
396 dout("crush_decode success\n"); 395 dout("crush_decode success\n");
397 return c; 396 return c;
398 397
@@ -1380,7 +1379,6 @@ static int decode_new_up_state_weight(void **p, void *end,
1380 if ((map->osd_state[osd] & CEPH_OSD_EXISTS) && 1379 if ((map->osd_state[osd] & CEPH_OSD_EXISTS) &&
1381 (xorstate & CEPH_OSD_EXISTS)) { 1380 (xorstate & CEPH_OSD_EXISTS)) {
1382 pr_info("osd%d does not exist\n", osd); 1381 pr_info("osd%d does not exist\n", osd);
1383 map->osd_weight[osd] = CEPH_OSD_IN;
1384 ret = set_primary_affinity(map, osd, 1382 ret = set_primary_affinity(map, osd,
1385 CEPH_OSD_DEFAULT_PRIMARY_AFFINITY); 1383 CEPH_OSD_DEFAULT_PRIMARY_AFFINITY);
1386 if (ret) 1384 if (ret)
diff --git a/net/core/dev.c b/net/core/dev.c
index 304f2deae5f9..7869ae3837ca 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -1304,6 +1304,7 @@ void netdev_notify_peers(struct net_device *dev)
1304{ 1304{
1305 rtnl_lock(); 1305 rtnl_lock();
1306 call_netdevice_notifiers(NETDEV_NOTIFY_PEERS, dev); 1306 call_netdevice_notifiers(NETDEV_NOTIFY_PEERS, dev);
1307 call_netdevice_notifiers(NETDEV_RESEND_IGMP, dev);
1307 rtnl_unlock(); 1308 rtnl_unlock();
1308} 1309}
1309EXPORT_SYMBOL(netdev_notify_peers); 1310EXPORT_SYMBOL(netdev_notify_peers);
@@ -1698,27 +1699,54 @@ EXPORT_SYMBOL_GPL(net_dec_egress_queue);
1698static struct static_key netstamp_needed __read_mostly; 1699static struct static_key netstamp_needed __read_mostly;
1699#ifdef HAVE_JUMP_LABEL 1700#ifdef HAVE_JUMP_LABEL
1700static atomic_t netstamp_needed_deferred; 1701static atomic_t netstamp_needed_deferred;
1702static atomic_t netstamp_wanted;
1701static void netstamp_clear(struct work_struct *work) 1703static void netstamp_clear(struct work_struct *work)
1702{ 1704{
1703 int deferred = atomic_xchg(&netstamp_needed_deferred, 0); 1705 int deferred = atomic_xchg(&netstamp_needed_deferred, 0);
1706 int wanted;
1704 1707
1705 while (deferred--) 1708 wanted = atomic_add_return(deferred, &netstamp_wanted);
1706 static_key_slow_dec(&netstamp_needed); 1709 if (wanted > 0)
1710 static_key_enable(&netstamp_needed);
1711 else
1712 static_key_disable(&netstamp_needed);
1707} 1713}
1708static DECLARE_WORK(netstamp_work, netstamp_clear); 1714static DECLARE_WORK(netstamp_work, netstamp_clear);
1709#endif 1715#endif
1710 1716
1711void net_enable_timestamp(void) 1717void net_enable_timestamp(void)
1712{ 1718{
1719#ifdef HAVE_JUMP_LABEL
1720 int wanted;
1721
1722 while (1) {
1723 wanted = atomic_read(&netstamp_wanted);
1724 if (wanted <= 0)
1725 break;
1726 if (atomic_cmpxchg(&netstamp_wanted, wanted, wanted + 1) == wanted)
1727 return;
1728 }
1729 atomic_inc(&netstamp_needed_deferred);
1730 schedule_work(&netstamp_work);
1731#else
1713 static_key_slow_inc(&netstamp_needed); 1732 static_key_slow_inc(&netstamp_needed);
1733#endif
1714} 1734}
1715EXPORT_SYMBOL(net_enable_timestamp); 1735EXPORT_SYMBOL(net_enable_timestamp);
1716 1736
1717void net_disable_timestamp(void) 1737void net_disable_timestamp(void)
1718{ 1738{
1719#ifdef HAVE_JUMP_LABEL 1739#ifdef HAVE_JUMP_LABEL
1720 /* net_disable_timestamp() can be called from non process context */ 1740 int wanted;
1721 atomic_inc(&netstamp_needed_deferred); 1741
1742 while (1) {
1743 wanted = atomic_read(&netstamp_wanted);
1744 if (wanted <= 1)
1745 break;
1746 if (atomic_cmpxchg(&netstamp_wanted, wanted, wanted - 1) == wanted)
1747 return;
1748 }
1749 atomic_dec(&netstamp_needed_deferred);
1722 schedule_work(&netstamp_work); 1750 schedule_work(&netstamp_work);
1723#else 1751#else
1724 static_key_slow_dec(&netstamp_needed); 1752 static_key_slow_dec(&netstamp_needed);
@@ -4884,6 +4912,39 @@ void __napi_schedule(struct napi_struct *n)
4884EXPORT_SYMBOL(__napi_schedule); 4912EXPORT_SYMBOL(__napi_schedule);
4885 4913
4886/** 4914/**
4915 * napi_schedule_prep - check if napi can be scheduled
4916 * @n: napi context
4917 *
4918 * Test if NAPI routine is already running, and if not mark
4919 * it as running. This is used as a condition variable
4920 * insure only one NAPI poll instance runs. We also make
4921 * sure there is no pending NAPI disable.
4922 */
4923bool napi_schedule_prep(struct napi_struct *n)
4924{
4925 unsigned long val, new;
4926
4927 do {
4928 val = READ_ONCE(n->state);
4929 if (unlikely(val & NAPIF_STATE_DISABLE))
4930 return false;
4931 new = val | NAPIF_STATE_SCHED;
4932
4933 /* Sets STATE_MISSED bit if STATE_SCHED was already set
4934 * This was suggested by Alexander Duyck, as compiler
4935 * emits better code than :
4936 * if (val & NAPIF_STATE_SCHED)
4937 * new |= NAPIF_STATE_MISSED;
4938 */
4939 new |= (val & NAPIF_STATE_SCHED) / NAPIF_STATE_SCHED *
4940 NAPIF_STATE_MISSED;
4941 } while (cmpxchg(&n->state, val, new) != val);
4942
4943 return !(val & NAPIF_STATE_SCHED);
4944}
4945EXPORT_SYMBOL(napi_schedule_prep);
4946
4947/**
4887 * __napi_schedule_irqoff - schedule for receive 4948 * __napi_schedule_irqoff - schedule for receive
4888 * @n: entry to schedule 4949 * @n: entry to schedule
4889 * 4950 *
@@ -4897,7 +4958,7 @@ EXPORT_SYMBOL(__napi_schedule_irqoff);
4897 4958
4898bool napi_complete_done(struct napi_struct *n, int work_done) 4959bool napi_complete_done(struct napi_struct *n, int work_done)
4899{ 4960{
4900 unsigned long flags; 4961 unsigned long flags, val, new;
4901 4962
4902 /* 4963 /*
4903 * 1) Don't let napi dequeue from the cpu poll list 4964 * 1) Don't let napi dequeue from the cpu poll list
@@ -4927,7 +4988,27 @@ bool napi_complete_done(struct napi_struct *n, int work_done)
4927 list_del_init(&n->poll_list); 4988 list_del_init(&n->poll_list);
4928 local_irq_restore(flags); 4989 local_irq_restore(flags);
4929 } 4990 }
4930 WARN_ON_ONCE(!test_and_clear_bit(NAPI_STATE_SCHED, &n->state)); 4991
4992 do {
4993 val = READ_ONCE(n->state);
4994
4995 WARN_ON_ONCE(!(val & NAPIF_STATE_SCHED));
4996
4997 new = val & ~(NAPIF_STATE_MISSED | NAPIF_STATE_SCHED);
4998
4999 /* If STATE_MISSED was set, leave STATE_SCHED set,
5000 * because we will call napi->poll() one more time.
5001 * This C code was suggested by Alexander Duyck to help gcc.
5002 */
5003 new |= (val & NAPIF_STATE_MISSED) / NAPIF_STATE_MISSED *
5004 NAPIF_STATE_SCHED;
5005 } while (cmpxchg(&n->state, val, new) != val);
5006
5007 if (unlikely(val & NAPIF_STATE_MISSED)) {
5008 __napi_schedule(n);
5009 return false;
5010 }
5011
4931 return true; 5012 return true;
4932} 5013}
4933EXPORT_SYMBOL(napi_complete_done); 5014EXPORT_SYMBOL(napi_complete_done);
@@ -4953,6 +5034,16 @@ static void busy_poll_stop(struct napi_struct *napi, void *have_poll_lock)
4953{ 5034{
4954 int rc; 5035 int rc;
4955 5036
5037 /* Busy polling means there is a high chance device driver hard irq
5038 * could not grab NAPI_STATE_SCHED, and that NAPI_STATE_MISSED was
5039 * set in napi_schedule_prep().
5040 * Since we are about to call napi->poll() once more, we can safely
5041 * clear NAPI_STATE_MISSED.
5042 *
5043 * Note: x86 could use a single "lock and ..." instruction
5044 * to perform these two clear_bit()
5045 */
5046 clear_bit(NAPI_STATE_MISSED, &napi->state);
4956 clear_bit(NAPI_STATE_IN_BUSY_POLL, &napi->state); 5047 clear_bit(NAPI_STATE_IN_BUSY_POLL, &napi->state);
4957 5048
4958 local_bh_disable(); 5049 local_bh_disable();
@@ -5088,8 +5179,13 @@ static enum hrtimer_restart napi_watchdog(struct hrtimer *timer)
5088 struct napi_struct *napi; 5179 struct napi_struct *napi;
5089 5180
5090 napi = container_of(timer, struct napi_struct, timer); 5181 napi = container_of(timer, struct napi_struct, timer);
5091 if (napi->gro_list) 5182
5092 napi_schedule_irqoff(napi); 5183 /* Note : we use a relaxed variant of napi_schedule_prep() not setting
5184 * NAPI_STATE_MISSED, since we do not react to a device IRQ.
5185 */
5186 if (napi->gro_list && !napi_disable_pending(napi) &&
5187 !test_and_set_bit(NAPI_STATE_SCHED, &napi->state))
5188 __napi_schedule_irqoff(napi);
5093 5189
5094 return HRTIMER_NORESTART; 5190 return HRTIMER_NORESTART;
5095} 5191}
diff --git a/net/core/ethtool.c b/net/core/ethtool.c
index be7bab1adcde..aecb2c7241b6 100644
--- a/net/core/ethtool.c
+++ b/net/core/ethtool.c
@@ -24,7 +24,7 @@
24#include <linux/vmalloc.h> 24#include <linux/vmalloc.h>
25#include <linux/slab.h> 25#include <linux/slab.h>
26#include <linux/rtnetlink.h> 26#include <linux/rtnetlink.h>
27#include <linux/sched.h> 27#include <linux/sched/signal.h>
28#include <linux/net.h> 28#include <linux/net.h>
29 29
30/* 30/*
diff --git a/net/core/net-sysfs.c b/net/core/net-sysfs.c
index b0c04cf4851d..65ea0ff4017c 100644
--- a/net/core/net-sysfs.c
+++ b/net/core/net-sysfs.c
@@ -15,6 +15,7 @@
15#include <net/switchdev.h> 15#include <net/switchdev.h>
16#include <linux/if_arp.h> 16#include <linux/if_arp.h>
17#include <linux/slab.h> 17#include <linux/slab.h>
18#include <linux/sched/signal.h>
18#include <linux/nsproxy.h> 19#include <linux/nsproxy.h>
19#include <net/sock.h> 20#include <net/sock.h>
20#include <net/net_namespace.h> 21#include <net/net_namespace.h>
@@ -952,7 +953,7 @@ net_rx_queue_update_kobjects(struct net_device *dev, int old_num, int new_num)
952 while (--i >= new_num) { 953 while (--i >= new_num) {
953 struct kobject *kobj = &dev->_rx[i].kobj; 954 struct kobject *kobj = &dev->_rx[i].kobj;
954 955
955 if (!list_empty(&dev_net(dev)->exit_list)) 956 if (!atomic_read(&dev_net(dev)->count))
956 kobj->uevent_suppress = 1; 957 kobj->uevent_suppress = 1;
957 if (dev->sysfs_rx_queue_group) 958 if (dev->sysfs_rx_queue_group)
958 sysfs_remove_group(kobj, dev->sysfs_rx_queue_group); 959 sysfs_remove_group(kobj, dev->sysfs_rx_queue_group);
@@ -1370,7 +1371,7 @@ netdev_queue_update_kobjects(struct net_device *dev, int old_num, int new_num)
1370 while (--i >= new_num) { 1371 while (--i >= new_num) {
1371 struct netdev_queue *queue = dev->_tx + i; 1372 struct netdev_queue *queue = dev->_tx + i;
1372 1373
1373 if (!list_empty(&dev_net(dev)->exit_list)) 1374 if (!atomic_read(&dev_net(dev)->count))
1374 queue->kobj.uevent_suppress = 1; 1375 queue->kobj.uevent_suppress = 1;
1375#ifdef CONFIG_BQL 1376#ifdef CONFIG_BQL
1376 sysfs_remove_group(&queue->kobj, &dql_group); 1377 sysfs_remove_group(&queue->kobj, &dql_group);
@@ -1557,7 +1558,7 @@ void netdev_unregister_kobject(struct net_device *ndev)
1557{ 1558{
1558 struct device *dev = &(ndev->dev); 1559 struct device *dev = &(ndev->dev);
1559 1560
1560 if (!list_empty(&dev_net(ndev)->exit_list)) 1561 if (!atomic_read(&dev_net(ndev)->count))
1561 dev_set_uevent_suppress(dev, 1); 1562 dev_set_uevent_suppress(dev, 1);
1562 1563
1563 kobject_get(&dev->kobj); 1564 kobject_get(&dev->kobj);
diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c
index 3c4bbec39713..652468ff65b7 100644
--- a/net/core/net_namespace.c
+++ b/net/core/net_namespace.c
@@ -16,6 +16,8 @@
16#include <linux/export.h> 16#include <linux/export.h>
17#include <linux/user_namespace.h> 17#include <linux/user_namespace.h>
18#include <linux/net_namespace.h> 18#include <linux/net_namespace.h>
19#include <linux/sched/task.h>
20
19#include <net/sock.h> 21#include <net/sock.h>
20#include <net/netlink.h> 22#include <net/netlink.h>
21#include <net/net_namespace.h> 23#include <net/net_namespace.h>
diff --git a/net/core/netclassid_cgroup.c b/net/core/netclassid_cgroup.c
index 11fce17274f6..6ae56037bb13 100644
--- a/net/core/netclassid_cgroup.c
+++ b/net/core/netclassid_cgroup.c
@@ -12,6 +12,8 @@
12#include <linux/slab.h> 12#include <linux/slab.h>
13#include <linux/cgroup.h> 13#include <linux/cgroup.h>
14#include <linux/fdtable.h> 14#include <linux/fdtable.h>
15#include <linux/sched/task.h>
16
15#include <net/cls_cgroup.h> 17#include <net/cls_cgroup.h>
16#include <net/sock.h> 18#include <net/sock.h>
17 19
diff --git a/net/core/netprio_cgroup.c b/net/core/netprio_cgroup.c
index 756637dc7a57..0f9275ee5595 100644
--- a/net/core/netprio_cgroup.c
+++ b/net/core/netprio_cgroup.c
@@ -20,6 +20,8 @@
20#include <linux/cgroup.h> 20#include <linux/cgroup.h>
21#include <linux/rcupdate.h> 21#include <linux/rcupdate.h>
22#include <linux/atomic.h> 22#include <linux/atomic.h>
23#include <linux/sched/task.h>
24
23#include <net/rtnetlink.h> 25#include <net/rtnetlink.h>
24#include <net/pkt_cls.h> 26#include <net/pkt_cls.h>
25#include <net/sock.h> 27#include <net/sock.h>
diff --git a/net/core/scm.c b/net/core/scm.c
index b6d83686e149..b1ff8a441748 100644
--- a/net/core/scm.c
+++ b/net/core/scm.c
@@ -14,6 +14,7 @@
14#include <linux/capability.h> 14#include <linux/capability.h>
15#include <linux/errno.h> 15#include <linux/errno.h>
16#include <linux/sched.h> 16#include <linux/sched.h>
17#include <linux/sched/user.h>
17#include <linux/mm.h> 18#include <linux/mm.h>
18#include <linux/kernel.h> 19#include <linux/kernel.h>
19#include <linux/stat.h> 20#include <linux/stat.h>
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index f3557958e9bf..cd4ba8c6b609 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -3828,13 +3828,14 @@ void skb_complete_tx_timestamp(struct sk_buff *skb,
3828 if (!skb_may_tx_timestamp(sk, false)) 3828 if (!skb_may_tx_timestamp(sk, false))
3829 return; 3829 return;
3830 3830
3831 /* take a reference to prevent skb_orphan() from freeing the socket */ 3831 /* Take a reference to prevent skb_orphan() from freeing the socket,
3832 sock_hold(sk); 3832 * but only if the socket refcount is not zero.
3833 3833 */
3834 *skb_hwtstamps(skb) = *hwtstamps; 3834 if (likely(atomic_inc_not_zero(&sk->sk_refcnt))) {
3835 __skb_complete_tx_timestamp(skb, sk, SCM_TSTAMP_SND); 3835 *skb_hwtstamps(skb) = *hwtstamps;
3836 3836 __skb_complete_tx_timestamp(skb, sk, SCM_TSTAMP_SND);
3837 sock_put(sk); 3837 sock_put(sk);
3838 }
3838} 3839}
3839EXPORT_SYMBOL_GPL(skb_complete_tx_timestamp); 3840EXPORT_SYMBOL_GPL(skb_complete_tx_timestamp);
3840 3841
@@ -3893,7 +3894,7 @@ void skb_complete_wifi_ack(struct sk_buff *skb, bool acked)
3893{ 3894{
3894 struct sock *sk = skb->sk; 3895 struct sock *sk = skb->sk;
3895 struct sock_exterr_skb *serr; 3896 struct sock_exterr_skb *serr;
3896 int err; 3897 int err = 1;
3897 3898
3898 skb->wifi_acked_valid = 1; 3899 skb->wifi_acked_valid = 1;
3899 skb->wifi_acked = acked; 3900 skb->wifi_acked = acked;
@@ -3903,14 +3904,15 @@ void skb_complete_wifi_ack(struct sk_buff *skb, bool acked)
3903 serr->ee.ee_errno = ENOMSG; 3904 serr->ee.ee_errno = ENOMSG;
3904 serr->ee.ee_origin = SO_EE_ORIGIN_TXSTATUS; 3905 serr->ee.ee_origin = SO_EE_ORIGIN_TXSTATUS;
3905 3906
3906 /* take a reference to prevent skb_orphan() from freeing the socket */ 3907 /* Take a reference to prevent skb_orphan() from freeing the socket,
3907 sock_hold(sk); 3908 * but only if the socket refcount is not zero.
3908 3909 */
3909 err = sock_queue_err_skb(sk, skb); 3910 if (likely(atomic_inc_not_zero(&sk->sk_refcnt))) {
3911 err = sock_queue_err_skb(sk, skb);
3912 sock_put(sk);
3913 }
3910 if (err) 3914 if (err)
3911 kfree_skb(skb); 3915 kfree_skb(skb);
3912
3913 sock_put(sk);
3914} 3916}
3915EXPORT_SYMBOL_GPL(skb_complete_wifi_ack); 3917EXPORT_SYMBOL_GPL(skb_complete_wifi_ack);
3916 3918
diff --git a/net/core/sock.c b/net/core/sock.c
index e7d74940e863..a96d5f7a5734 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -197,66 +197,55 @@ EXPORT_SYMBOL(sk_net_capable);
197 197
198/* 198/*
199 * Each address family might have different locking rules, so we have 199 * Each address family might have different locking rules, so we have
200 * one slock key per address family: 200 * one slock key per address family and separate keys for internal and
201 * userspace sockets.
201 */ 202 */
202static struct lock_class_key af_family_keys[AF_MAX]; 203static struct lock_class_key af_family_keys[AF_MAX];
204static struct lock_class_key af_family_kern_keys[AF_MAX];
203static struct lock_class_key af_family_slock_keys[AF_MAX]; 205static struct lock_class_key af_family_slock_keys[AF_MAX];
206static struct lock_class_key af_family_kern_slock_keys[AF_MAX];
204 207
205/* 208/*
206 * Make lock validator output more readable. (we pre-construct these 209 * Make lock validator output more readable. (we pre-construct these
207 * strings build-time, so that runtime initialization of socket 210 * strings build-time, so that runtime initialization of socket
208 * locks is fast): 211 * locks is fast):
209 */ 212 */
213
214#define _sock_locks(x) \
215 x "AF_UNSPEC", x "AF_UNIX" , x "AF_INET" , \
216 x "AF_AX25" , x "AF_IPX" , x "AF_APPLETALK", \
217 x "AF_NETROM", x "AF_BRIDGE" , x "AF_ATMPVC" , \
218 x "AF_X25" , x "AF_INET6" , x "AF_ROSE" , \
219 x "AF_DECnet", x "AF_NETBEUI" , x "AF_SECURITY" , \
220 x "AF_KEY" , x "AF_NETLINK" , x "AF_PACKET" , \
221 x "AF_ASH" , x "AF_ECONET" , x "AF_ATMSVC" , \
222 x "AF_RDS" , x "AF_SNA" , x "AF_IRDA" , \
223 x "AF_PPPOX" , x "AF_WANPIPE" , x "AF_LLC" , \
224 x "27" , x "28" , x "AF_CAN" , \
225 x "AF_TIPC" , x "AF_BLUETOOTH", x "IUCV" , \
226 x "AF_RXRPC" , x "AF_ISDN" , x "AF_PHONET" , \
227 x "AF_IEEE802154", x "AF_CAIF" , x "AF_ALG" , \
228 x "AF_NFC" , x "AF_VSOCK" , x "AF_KCM" , \
229 x "AF_QIPCRTR", x "AF_SMC" , x "AF_MAX"
230
210static const char *const af_family_key_strings[AF_MAX+1] = { 231static const char *const af_family_key_strings[AF_MAX+1] = {
211 "sk_lock-AF_UNSPEC", "sk_lock-AF_UNIX" , "sk_lock-AF_INET" , 232 _sock_locks("sk_lock-")
212 "sk_lock-AF_AX25" , "sk_lock-AF_IPX" , "sk_lock-AF_APPLETALK",
213 "sk_lock-AF_NETROM", "sk_lock-AF_BRIDGE" , "sk_lock-AF_ATMPVC" ,
214 "sk_lock-AF_X25" , "sk_lock-AF_INET6" , "sk_lock-AF_ROSE" ,
215 "sk_lock-AF_DECnet", "sk_lock-AF_NETBEUI" , "sk_lock-AF_SECURITY" ,
216 "sk_lock-AF_KEY" , "sk_lock-AF_NETLINK" , "sk_lock-AF_PACKET" ,
217 "sk_lock-AF_ASH" , "sk_lock-AF_ECONET" , "sk_lock-AF_ATMSVC" ,
218 "sk_lock-AF_RDS" , "sk_lock-AF_SNA" , "sk_lock-AF_IRDA" ,
219 "sk_lock-AF_PPPOX" , "sk_lock-AF_WANPIPE" , "sk_lock-AF_LLC" ,
220 "sk_lock-27" , "sk_lock-28" , "sk_lock-AF_CAN" ,
221 "sk_lock-AF_TIPC" , "sk_lock-AF_BLUETOOTH", "sk_lock-IUCV" ,
222 "sk_lock-AF_RXRPC" , "sk_lock-AF_ISDN" , "sk_lock-AF_PHONET" ,
223 "sk_lock-AF_IEEE802154", "sk_lock-AF_CAIF" , "sk_lock-AF_ALG" ,
224 "sk_lock-AF_NFC" , "sk_lock-AF_VSOCK" , "sk_lock-AF_KCM" ,
225 "sk_lock-AF_QIPCRTR", "sk_lock-AF_SMC" , "sk_lock-AF_MAX"
226}; 233};
227static const char *const af_family_slock_key_strings[AF_MAX+1] = { 234static const char *const af_family_slock_key_strings[AF_MAX+1] = {
228 "slock-AF_UNSPEC", "slock-AF_UNIX" , "slock-AF_INET" , 235 _sock_locks("slock-")
229 "slock-AF_AX25" , "slock-AF_IPX" , "slock-AF_APPLETALK",
230 "slock-AF_NETROM", "slock-AF_BRIDGE" , "slock-AF_ATMPVC" ,
231 "slock-AF_X25" , "slock-AF_INET6" , "slock-AF_ROSE" ,
232 "slock-AF_DECnet", "slock-AF_NETBEUI" , "slock-AF_SECURITY" ,
233 "slock-AF_KEY" , "slock-AF_NETLINK" , "slock-AF_PACKET" ,
234 "slock-AF_ASH" , "slock-AF_ECONET" , "slock-AF_ATMSVC" ,
235 "slock-AF_RDS" , "slock-AF_SNA" , "slock-AF_IRDA" ,
236 "slock-AF_PPPOX" , "slock-AF_WANPIPE" , "slock-AF_LLC" ,
237 "slock-27" , "slock-28" , "slock-AF_CAN" ,
238 "slock-AF_TIPC" , "slock-AF_BLUETOOTH", "slock-AF_IUCV" ,
239 "slock-AF_RXRPC" , "slock-AF_ISDN" , "slock-AF_PHONET" ,
240 "slock-AF_IEEE802154", "slock-AF_CAIF" , "slock-AF_ALG" ,
241 "slock-AF_NFC" , "slock-AF_VSOCK" ,"slock-AF_KCM" ,
242 "slock-AF_QIPCRTR", "slock-AF_SMC" , "slock-AF_MAX"
243}; 236};
244static const char *const af_family_clock_key_strings[AF_MAX+1] = { 237static const char *const af_family_clock_key_strings[AF_MAX+1] = {
245 "clock-AF_UNSPEC", "clock-AF_UNIX" , "clock-AF_INET" , 238 _sock_locks("clock-")
246 "clock-AF_AX25" , "clock-AF_IPX" , "clock-AF_APPLETALK", 239};
247 "clock-AF_NETROM", "clock-AF_BRIDGE" , "clock-AF_ATMPVC" , 240
248 "clock-AF_X25" , "clock-AF_INET6" , "clock-AF_ROSE" , 241static const char *const af_family_kern_key_strings[AF_MAX+1] = {
249 "clock-AF_DECnet", "clock-AF_NETBEUI" , "clock-AF_SECURITY" , 242 _sock_locks("k-sk_lock-")
250 "clock-AF_KEY" , "clock-AF_NETLINK" , "clock-AF_PACKET" , 243};
251 "clock-AF_ASH" , "clock-AF_ECONET" , "clock-AF_ATMSVC" , 244static const char *const af_family_kern_slock_key_strings[AF_MAX+1] = {
252 "clock-AF_RDS" , "clock-AF_SNA" , "clock-AF_IRDA" , 245 _sock_locks("k-slock-")
253 "clock-AF_PPPOX" , "clock-AF_WANPIPE" , "clock-AF_LLC" , 246};
254 "clock-27" , "clock-28" , "clock-AF_CAN" , 247static const char *const af_family_kern_clock_key_strings[AF_MAX+1] = {
255 "clock-AF_TIPC" , "clock-AF_BLUETOOTH", "clock-AF_IUCV" , 248 _sock_locks("k-clock-")
256 "clock-AF_RXRPC" , "clock-AF_ISDN" , "clock-AF_PHONET" ,
257 "clock-AF_IEEE802154", "clock-AF_CAIF" , "clock-AF_ALG" ,
258 "clock-AF_NFC" , "clock-AF_VSOCK" , "clock-AF_KCM" ,
259 "clock-AF_QIPCRTR", "clock-AF_SMC" , "clock-AF_MAX"
260}; 249};
261 250
262/* 251/*
@@ -264,6 +253,7 @@ static const char *const af_family_clock_key_strings[AF_MAX+1] = {
264 * so split the lock classes by using a per-AF key: 253 * so split the lock classes by using a per-AF key:
265 */ 254 */
266static struct lock_class_key af_callback_keys[AF_MAX]; 255static struct lock_class_key af_callback_keys[AF_MAX];
256static struct lock_class_key af_kern_callback_keys[AF_MAX];
267 257
268/* Take into consideration the size of the struct sk_buff overhead in the 258/* Take into consideration the size of the struct sk_buff overhead in the
269 * determination of these values, since that is non-constant across 259 * determination of these values, since that is non-constant across
@@ -1293,7 +1283,16 @@ lenout:
1293 */ 1283 */
1294static inline void sock_lock_init(struct sock *sk) 1284static inline void sock_lock_init(struct sock *sk)
1295{ 1285{
1296 sock_lock_init_class_and_name(sk, 1286 if (sk->sk_kern_sock)
1287 sock_lock_init_class_and_name(
1288 sk,
1289 af_family_kern_slock_key_strings[sk->sk_family],
1290 af_family_kern_slock_keys + sk->sk_family,
1291 af_family_kern_key_strings[sk->sk_family],
1292 af_family_kern_keys + sk->sk_family);
1293 else
1294 sock_lock_init_class_and_name(
1295 sk,
1297 af_family_slock_key_strings[sk->sk_family], 1296 af_family_slock_key_strings[sk->sk_family],
1298 af_family_slock_keys + sk->sk_family, 1297 af_family_slock_keys + sk->sk_family,
1299 af_family_key_strings[sk->sk_family], 1298 af_family_key_strings[sk->sk_family],
@@ -1399,6 +1398,7 @@ struct sock *sk_alloc(struct net *net, int family, gfp_t priority,
1399 * why we need sk_prot_creator -acme 1398 * why we need sk_prot_creator -acme
1400 */ 1399 */
1401 sk->sk_prot = sk->sk_prot_creator = prot; 1400 sk->sk_prot = sk->sk_prot_creator = prot;
1401 sk->sk_kern_sock = kern;
1402 sock_lock_init(sk); 1402 sock_lock_init(sk);
1403 sk->sk_net_refcnt = kern ? 0 : 1; 1403 sk->sk_net_refcnt = kern ? 0 : 1;
1404 if (likely(sk->sk_net_refcnt)) 1404 if (likely(sk->sk_net_refcnt))
@@ -1539,11 +1539,7 @@ struct sock *sk_clone_lock(const struct sock *sk, const gfp_t priority)
1539 is_charged = sk_filter_charge(newsk, filter); 1539 is_charged = sk_filter_charge(newsk, filter);
1540 1540
1541 if (unlikely(!is_charged || xfrm_sk_clone_policy(newsk, sk))) { 1541 if (unlikely(!is_charged || xfrm_sk_clone_policy(newsk, sk))) {
1542 /* It is still raw copy of parent, so invalidate 1542 sk_free_unlock_clone(newsk);
1543 * destructor and make plain sk_free() */
1544 newsk->sk_destruct = NULL;
1545 bh_unlock_sock(newsk);
1546 sk_free(newsk);
1547 newsk = NULL; 1543 newsk = NULL;
1548 goto out; 1544 goto out;
1549 } 1545 }
@@ -1592,6 +1588,16 @@ out:
1592} 1588}
1593EXPORT_SYMBOL_GPL(sk_clone_lock); 1589EXPORT_SYMBOL_GPL(sk_clone_lock);
1594 1590
1591void sk_free_unlock_clone(struct sock *sk)
1592{
1593 /* It is still raw copy of parent, so invalidate
1594 * destructor and make plain sk_free() */
1595 sk->sk_destruct = NULL;
1596 bh_unlock_sock(sk);
1597 sk_free(sk);
1598}
1599EXPORT_SYMBOL_GPL(sk_free_unlock_clone);
1600
1595void sk_setup_caps(struct sock *sk, struct dst_entry *dst) 1601void sk_setup_caps(struct sock *sk, struct dst_entry *dst)
1596{ 1602{
1597 u32 max_segs = 1; 1603 u32 max_segs = 1;
@@ -2271,7 +2277,8 @@ int sock_no_socketpair(struct socket *sock1, struct socket *sock2)
2271} 2277}
2272EXPORT_SYMBOL(sock_no_socketpair); 2278EXPORT_SYMBOL(sock_no_socketpair);
2273 2279
2274int sock_no_accept(struct socket *sock, struct socket *newsock, int flags) 2280int sock_no_accept(struct socket *sock, struct socket *newsock, int flags,
2281 bool kern)
2275{ 2282{
2276 return -EOPNOTSUPP; 2283 return -EOPNOTSUPP;
2277} 2284}
@@ -2475,7 +2482,14 @@ void sock_init_data(struct socket *sock, struct sock *sk)
2475 } 2482 }
2476 2483
2477 rwlock_init(&sk->sk_callback_lock); 2484 rwlock_init(&sk->sk_callback_lock);
2478 lockdep_set_class_and_name(&sk->sk_callback_lock, 2485 if (sk->sk_kern_sock)
2486 lockdep_set_class_and_name(
2487 &sk->sk_callback_lock,
2488 af_kern_callback_keys + sk->sk_family,
2489 af_family_kern_clock_key_strings[sk->sk_family]);
2490 else
2491 lockdep_set_class_and_name(
2492 &sk->sk_callback_lock,
2479 af_callback_keys + sk->sk_family, 2493 af_callback_keys + sk->sk_family,
2480 af_family_clock_key_strings[sk->sk_family]); 2494 af_family_clock_key_strings[sk->sk_family]);
2481 2495
diff --git a/net/core/stream.c b/net/core/stream.c
index f575bcf64af2..20231dbb1da0 100644
--- a/net/core/stream.c
+++ b/net/core/stream.c
@@ -13,6 +13,7 @@
13 */ 13 */
14 14
15#include <linux/module.h> 15#include <linux/module.h>
16#include <linux/sched/signal.h>
16#include <linux/net.h> 17#include <linux/net.h>
17#include <linux/signal.h> 18#include <linux/signal.h>
18#include <linux/tcp.h> 19#include <linux/tcp.h>
diff --git a/net/dccp/ccids/ccid2.c b/net/dccp/ccids/ccid2.c
index f053198e730c..5e3a7302f774 100644
--- a/net/dccp/ccids/ccid2.c
+++ b/net/dccp/ccids/ccid2.c
@@ -749,6 +749,7 @@ static void ccid2_hc_tx_exit(struct sock *sk)
749 for (i = 0; i < hc->tx_seqbufc; i++) 749 for (i = 0; i < hc->tx_seqbufc; i++)
750 kfree(hc->tx_seqbuf[i]); 750 kfree(hc->tx_seqbuf[i]);
751 hc->tx_seqbufc = 0; 751 hc->tx_seqbufc = 0;
752 dccp_ackvec_parsed_cleanup(&hc->tx_av_chunks);
752} 753}
753 754
754static void ccid2_hc_rx_packet_recv(struct sock *sk, struct sk_buff *skb) 755static void ccid2_hc_rx_packet_recv(struct sock *sk, struct sk_buff *skb)
diff --git a/net/dccp/input.c b/net/dccp/input.c
index 8fedc2d49770..4a05d7876850 100644
--- a/net/dccp/input.c
+++ b/net/dccp/input.c
@@ -577,6 +577,7 @@ int dccp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
577 struct dccp_sock *dp = dccp_sk(sk); 577 struct dccp_sock *dp = dccp_sk(sk);
578 struct dccp_skb_cb *dcb = DCCP_SKB_CB(skb); 578 struct dccp_skb_cb *dcb = DCCP_SKB_CB(skb);
579 const int old_state = sk->sk_state; 579 const int old_state = sk->sk_state;
580 bool acceptable;
580 int queued = 0; 581 int queued = 0;
581 582
582 /* 583 /*
@@ -603,8 +604,13 @@ int dccp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
603 */ 604 */
604 if (sk->sk_state == DCCP_LISTEN) { 605 if (sk->sk_state == DCCP_LISTEN) {
605 if (dh->dccph_type == DCCP_PKT_REQUEST) { 606 if (dh->dccph_type == DCCP_PKT_REQUEST) {
606 if (inet_csk(sk)->icsk_af_ops->conn_request(sk, 607 /* It is possible that we process SYN packets from backlog,
607 skb) < 0) 608 * so we need to make sure to disable BH right there.
609 */
610 local_bh_disable();
611 acceptable = inet_csk(sk)->icsk_af_ops->conn_request(sk, skb) >= 0;
612 local_bh_enable();
613 if (!acceptable)
608 return 1; 614 return 1;
609 consume_skb(skb); 615 consume_skb(skb);
610 return 0; 616 return 0;
diff --git a/net/dccp/ipv4.c b/net/dccp/ipv4.c
index 409d0cfd3447..b99168b0fabf 100644
--- a/net/dccp/ipv4.c
+++ b/net/dccp/ipv4.c
@@ -289,7 +289,8 @@ static void dccp_v4_err(struct sk_buff *skb, u32 info)
289 289
290 switch (type) { 290 switch (type) {
291 case ICMP_REDIRECT: 291 case ICMP_REDIRECT:
292 dccp_do_redirect(skb, sk); 292 if (!sock_owned_by_user(sk))
293 dccp_do_redirect(skb, sk);
293 goto out; 294 goto out;
294 case ICMP_SOURCE_QUENCH: 295 case ICMP_SOURCE_QUENCH:
295 /* Just silently ignore these. */ 296 /* Just silently ignore these. */
diff --git a/net/dccp/ipv6.c b/net/dccp/ipv6.c
index 233b57367758..d9b6a4e403e7 100644
--- a/net/dccp/ipv6.c
+++ b/net/dccp/ipv6.c
@@ -122,10 +122,12 @@ static void dccp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
122 np = inet6_sk(sk); 122 np = inet6_sk(sk);
123 123
124 if (type == NDISC_REDIRECT) { 124 if (type == NDISC_REDIRECT) {
125 struct dst_entry *dst = __sk_dst_check(sk, np->dst_cookie); 125 if (!sock_owned_by_user(sk)) {
126 struct dst_entry *dst = __sk_dst_check(sk, np->dst_cookie);
126 127
127 if (dst) 128 if (dst)
128 dst->ops->redirect(dst, sk, skb); 129 dst->ops->redirect(dst, sk, skb);
130 }
129 goto out; 131 goto out;
130 } 132 }
131 133
diff --git a/net/dccp/minisocks.c b/net/dccp/minisocks.c
index 53eddf99e4f6..abd07a443219 100644
--- a/net/dccp/minisocks.c
+++ b/net/dccp/minisocks.c
@@ -119,10 +119,7 @@ struct sock *dccp_create_openreq_child(const struct sock *sk,
119 * Activate features: initialise CCIDs, sequence windows etc. 119 * Activate features: initialise CCIDs, sequence windows etc.
120 */ 120 */
121 if (dccp_feat_activate_values(newsk, &dreq->dreq_featneg)) { 121 if (dccp_feat_activate_values(newsk, &dreq->dreq_featneg)) {
122 /* It is still raw copy of parent, so invalidate 122 sk_free_unlock_clone(newsk);
123 * destructor and make plain sk_free() */
124 newsk->sk_destruct = NULL;
125 sk_free(newsk);
126 return NULL; 123 return NULL;
127 } 124 }
128 dccp_init_xmit_timers(newsk); 125 dccp_init_xmit_timers(newsk);
@@ -145,6 +142,13 @@ struct sock *dccp_check_req(struct sock *sk, struct sk_buff *skb,
145 struct dccp_request_sock *dreq = dccp_rsk(req); 142 struct dccp_request_sock *dreq = dccp_rsk(req);
146 bool own_req; 143 bool own_req;
147 144
145 /* TCP/DCCP listeners became lockless.
146 * DCCP stores complex state in its request_sock, so we need
147 * a protection for them, now this code runs without being protected
148 * by the parent (listener) lock.
149 */
150 spin_lock_bh(&dreq->dreq_lock);
151
148 /* Check for retransmitted REQUEST */ 152 /* Check for retransmitted REQUEST */
149 if (dccp_hdr(skb)->dccph_type == DCCP_PKT_REQUEST) { 153 if (dccp_hdr(skb)->dccph_type == DCCP_PKT_REQUEST) {
150 154
@@ -159,7 +163,7 @@ struct sock *dccp_check_req(struct sock *sk, struct sk_buff *skb,
159 inet_rtx_syn_ack(sk, req); 163 inet_rtx_syn_ack(sk, req);
160 } 164 }
161 /* Network Duplicate, discard packet */ 165 /* Network Duplicate, discard packet */
162 return NULL; 166 goto out;
163 } 167 }
164 168
165 DCCP_SKB_CB(skb)->dccpd_reset_code = DCCP_RESET_CODE_PACKET_ERROR; 169 DCCP_SKB_CB(skb)->dccpd_reset_code = DCCP_RESET_CODE_PACKET_ERROR;
@@ -185,20 +189,20 @@ struct sock *dccp_check_req(struct sock *sk, struct sk_buff *skb,
185 189
186 child = inet_csk(sk)->icsk_af_ops->syn_recv_sock(sk, skb, req, NULL, 190 child = inet_csk(sk)->icsk_af_ops->syn_recv_sock(sk, skb, req, NULL,
187 req, &own_req); 191 req, &own_req);
188 if (!child) 192 if (child) {
189 goto listen_overflow; 193 child = inet_csk_complete_hashdance(sk, child, req, own_req);
190 194 goto out;
191 return inet_csk_complete_hashdance(sk, child, req, own_req); 195 }
192 196
193listen_overflow:
194 dccp_pr_debug("listen_overflow!\n");
195 DCCP_SKB_CB(skb)->dccpd_reset_code = DCCP_RESET_CODE_TOO_BUSY; 197 DCCP_SKB_CB(skb)->dccpd_reset_code = DCCP_RESET_CODE_TOO_BUSY;
196drop: 198drop:
197 if (dccp_hdr(skb)->dccph_type != DCCP_PKT_RESET) 199 if (dccp_hdr(skb)->dccph_type != DCCP_PKT_RESET)
198 req->rsk_ops->send_reset(sk, skb); 200 req->rsk_ops->send_reset(sk, skb);
199 201
200 inet_csk_reqsk_queue_drop(sk, req); 202 inet_csk_reqsk_queue_drop(sk, req);
201 return NULL; 203out:
204 spin_unlock_bh(&dreq->dreq_lock);
205 return child;
202} 206}
203 207
204EXPORT_SYMBOL_GPL(dccp_check_req); 208EXPORT_SYMBOL_GPL(dccp_check_req);
@@ -249,6 +253,7 @@ int dccp_reqsk_init(struct request_sock *req,
249{ 253{
250 struct dccp_request_sock *dreq = dccp_rsk(req); 254 struct dccp_request_sock *dreq = dccp_rsk(req);
251 255
256 spin_lock_init(&dreq->dreq_lock);
252 inet_rsk(req)->ir_rmt_port = dccp_hdr(skb)->dccph_sport; 257 inet_rsk(req)->ir_rmt_port = dccp_hdr(skb)->dccph_sport;
253 inet_rsk(req)->ir_num = ntohs(dccp_hdr(skb)->dccph_dport); 258 inet_rsk(req)->ir_num = ntohs(dccp_hdr(skb)->dccph_dport);
254 inet_rsk(req)->acked = 0; 259 inet_rsk(req)->acked = 0;
diff --git a/net/dccp/output.c b/net/dccp/output.c
index b66c84db0766..91a15b3c4915 100644
--- a/net/dccp/output.c
+++ b/net/dccp/output.c
@@ -14,6 +14,7 @@
14#include <linux/kernel.h> 14#include <linux/kernel.h>
15#include <linux/skbuff.h> 15#include <linux/skbuff.h>
16#include <linux/slab.h> 16#include <linux/slab.h>
17#include <linux/sched/signal.h>
17 18
18#include <net/inet_sock.h> 19#include <net/inet_sock.h>
19#include <net/sock.h> 20#include <net/sock.h>
diff --git a/net/decnet/af_decnet.c b/net/decnet/af_decnet.c
index a90ed67027b0..7de5b40a5d0d 100644
--- a/net/decnet/af_decnet.c
+++ b/net/decnet/af_decnet.c
@@ -106,7 +106,7 @@ Version 0.0.6 2.1.110 07-aug-98 Eduardo Marcelo Serrat
106#include <linux/socket.h> 106#include <linux/socket.h>
107#include <linux/in.h> 107#include <linux/in.h>
108#include <linux/kernel.h> 108#include <linux/kernel.h>
109#include <linux/sched.h> 109#include <linux/sched/signal.h>
110#include <linux/timer.h> 110#include <linux/timer.h>
111#include <linux/string.h> 111#include <linux/string.h>
112#include <linux/sockios.h> 112#include <linux/sockios.h>
@@ -1070,7 +1070,8 @@ static struct sk_buff *dn_wait_for_connect(struct sock *sk, long *timeo)
1070 return skb == NULL ? ERR_PTR(err) : skb; 1070 return skb == NULL ? ERR_PTR(err) : skb;
1071} 1071}
1072 1072
1073static int dn_accept(struct socket *sock, struct socket *newsock, int flags) 1073static int dn_accept(struct socket *sock, struct socket *newsock, int flags,
1074 bool kern)
1074{ 1075{
1075 struct sock *sk = sock->sk, *newsk; 1076 struct sock *sk = sock->sk, *newsk;
1076 struct sk_buff *skb = NULL; 1077 struct sk_buff *skb = NULL;
@@ -1099,7 +1100,7 @@ static int dn_accept(struct socket *sock, struct socket *newsock, int flags)
1099 1100
1100 cb = DN_SKB_CB(skb); 1101 cb = DN_SKB_CB(skb);
1101 sk->sk_ack_backlog--; 1102 sk->sk_ack_backlog--;
1102 newsk = dn_alloc_sock(sock_net(sk), newsock, sk->sk_allocation, 0); 1103 newsk = dn_alloc_sock(sock_net(sk), newsock, sk->sk_allocation, kern);
1103 if (newsk == NULL) { 1104 if (newsk == NULL) {
1104 release_sock(sk); 1105 release_sock(sk);
1105 kfree_skb(skb); 1106 kfree_skb(skb);
diff --git a/net/dns_resolver/dns_query.c b/net/dns_resolver/dns_query.c
index ecc28cff08ab..af781010753b 100644
--- a/net/dns_resolver/dns_query.c
+++ b/net/dns_resolver/dns_query.c
@@ -37,8 +37,10 @@
37 37
38#include <linux/module.h> 38#include <linux/module.h>
39#include <linux/slab.h> 39#include <linux/slab.h>
40#include <linux/cred.h>
40#include <linux/dns_resolver.h> 41#include <linux/dns_resolver.h>
41#include <linux/err.h> 42#include <linux/err.h>
43
42#include <keys/dns_resolver-type.h> 44#include <keys/dns_resolver-type.h>
43#include <keys/user-type.h> 45#include <keys/user-type.h>
44 46
@@ -70,7 +72,7 @@ int dns_query(const char *type, const char *name, size_t namelen,
70 const char *options, char **_result, time64_t *_expiry) 72 const char *options, char **_result, time64_t *_expiry)
71{ 73{
72 struct key *rkey; 74 struct key *rkey;
73 const struct user_key_payload *upayload; 75 struct user_key_payload *upayload;
74 const struct cred *saved_cred; 76 const struct cred *saved_cred;
75 size_t typelen, desclen; 77 size_t typelen, desclen;
76 char *desc, *cp; 78 char *desc, *cp;
@@ -141,7 +143,7 @@ int dns_query(const char *type, const char *name, size_t namelen,
141 if (ret) 143 if (ret)
142 goto put; 144 goto put;
143 145
144 upayload = user_key_payload(rkey); 146 upayload = user_key_payload_locked(rkey);
145 len = upayload->datalen; 147 len = upayload->datalen;
146 148
147 ret = -ENOMEM; 149 ret = -ENOMEM;
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index 602d40f43687..6b1fc6e4278e 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -689,11 +689,12 @@ EXPORT_SYMBOL(inet_stream_connect);
689 * Accept a pending connection. The TCP layer now gives BSD semantics. 689 * Accept a pending connection. The TCP layer now gives BSD semantics.
690 */ 690 */
691 691
692int inet_accept(struct socket *sock, struct socket *newsock, int flags) 692int inet_accept(struct socket *sock, struct socket *newsock, int flags,
693 bool kern)
693{ 694{
694 struct sock *sk1 = sock->sk; 695 struct sock *sk1 = sock->sk;
695 int err = -EINVAL; 696 int err = -EINVAL;
696 struct sock *sk2 = sk1->sk_prot->accept(sk1, flags, &err); 697 struct sock *sk2 = sk1->sk_prot->accept(sk1, flags, &err, kern);
697 698
698 if (!sk2) 699 if (!sk2)
699 goto do_err; 700 goto do_err;
@@ -1487,8 +1488,10 @@ int inet_gro_complete(struct sk_buff *skb, int nhoff)
1487 int proto = iph->protocol; 1488 int proto = iph->protocol;
1488 int err = -ENOSYS; 1489 int err = -ENOSYS;
1489 1490
1490 if (skb->encapsulation) 1491 if (skb->encapsulation) {
1492 skb_set_inner_protocol(skb, cpu_to_be16(ETH_P_IP));
1491 skb_set_inner_network_header(skb, nhoff); 1493 skb_set_inner_network_header(skb, nhoff);
1494 }
1492 1495
1493 csum_replace2(&iph->check, iph->tot_len, newlen); 1496 csum_replace2(&iph->check, iph->tot_len, newlen);
1494 iph->tot_len = newlen; 1497 iph->tot_len = newlen;
diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
index 5d367b7ff542..cebedd545e5e 100644
--- a/net/ipv4/devinet.c
+++ b/net/ipv4/devinet.c
@@ -32,6 +32,7 @@
32#include <linux/module.h> 32#include <linux/module.h>
33#include <linux/types.h> 33#include <linux/types.h>
34#include <linux/kernel.h> 34#include <linux/kernel.h>
35#include <linux/sched/signal.h>
35#include <linux/string.h> 36#include <linux/string.h>
36#include <linux/mm.h> 37#include <linux/mm.h>
37#include <linux/socket.h> 38#include <linux/socket.h>
diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c
index b39a791f6756..42bfd08109dd 100644
--- a/net/ipv4/fib_frontend.c
+++ b/net/ipv4/fib_frontend.c
@@ -622,6 +622,7 @@ const struct nla_policy rtm_ipv4_policy[RTA_MAX + 1] = {
622 [RTA_ENCAP_TYPE] = { .type = NLA_U16 }, 622 [RTA_ENCAP_TYPE] = { .type = NLA_U16 },
623 [RTA_ENCAP] = { .type = NLA_NESTED }, 623 [RTA_ENCAP] = { .type = NLA_NESTED },
624 [RTA_UID] = { .type = NLA_U32 }, 624 [RTA_UID] = { .type = NLA_U32 },
625 [RTA_MARK] = { .type = NLA_U32 },
625}; 626};
626 627
627static int rtm_to_fib_config(struct net *net, struct sk_buff *skb, 628static int rtm_to_fib_config(struct net *net, struct sk_buff *skb,
diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c
index b4d5980ade3b..5e313c1ac94f 100644
--- a/net/ipv4/inet_connection_sock.c
+++ b/net/ipv4/inet_connection_sock.c
@@ -424,7 +424,7 @@ static int inet_csk_wait_for_connect(struct sock *sk, long timeo)
424/* 424/*
425 * This will accept the next outstanding connection. 425 * This will accept the next outstanding connection.
426 */ 426 */
427struct sock *inet_csk_accept(struct sock *sk, int flags, int *err) 427struct sock *inet_csk_accept(struct sock *sk, int flags, int *err, bool kern)
428{ 428{
429 struct inet_connection_sock *icsk = inet_csk(sk); 429 struct inet_connection_sock *icsk = inet_csk(sk);
430 struct request_sock_queue *queue = &icsk->icsk_accept_queue; 430 struct request_sock_queue *queue = &icsk->icsk_accept_queue;
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index 737ce826d7ec..7a3fd25e8913 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -966,7 +966,7 @@ static int __ip_append_data(struct sock *sk,
966 cork->length += length; 966 cork->length += length;
967 if ((((length + fragheaderlen) > mtu) || (skb && skb_is_gso(skb))) && 967 if ((((length + fragheaderlen) > mtu) || (skb && skb_is_gso(skb))) &&
968 (sk->sk_protocol == IPPROTO_UDP) && 968 (sk->sk_protocol == IPPROTO_UDP) &&
969 (rt->dst.dev->features & NETIF_F_UFO) && !rt->dst.header_len && 969 (rt->dst.dev->features & NETIF_F_UFO) && !dst_xfrm(&rt->dst) &&
970 (sk->sk_type == SOCK_DGRAM) && !sk->sk_no_check_tx) { 970 (sk->sk_type == SOCK_DGRAM) && !sk->sk_no_check_tx) {
971 err = ip_ufo_append_data(sk, queue, getfrag, from, length, 971 err = ip_ufo_append_data(sk, queue, getfrag, from, length,
972 hh_len, fragheaderlen, transhdrlen, 972 hh_len, fragheaderlen, transhdrlen,
diff --git a/net/ipv4/netfilter.c b/net/ipv4/netfilter.c
index b3cc1335adbc..c0cc6aa8cfaa 100644
--- a/net/ipv4/netfilter.c
+++ b/net/ipv4/netfilter.c
@@ -23,7 +23,8 @@ int ip_route_me_harder(struct net *net, struct sk_buff *skb, unsigned int addr_t
23 struct rtable *rt; 23 struct rtable *rt;
24 struct flowi4 fl4 = {}; 24 struct flowi4 fl4 = {};
25 __be32 saddr = iph->saddr; 25 __be32 saddr = iph->saddr;
26 __u8 flags = skb->sk ? inet_sk_flowi_flags(skb->sk) : 0; 26 const struct sock *sk = skb_to_full_sk(skb);
27 __u8 flags = sk ? inet_sk_flowi_flags(sk) : 0;
27 struct net_device *dev = skb_dst(skb)->dev; 28 struct net_device *dev = skb_dst(skb)->dev;
28 unsigned int hh_len; 29 unsigned int hh_len;
29 30
@@ -40,7 +41,7 @@ int ip_route_me_harder(struct net *net, struct sk_buff *skb, unsigned int addr_t
40 fl4.daddr = iph->daddr; 41 fl4.daddr = iph->daddr;
41 fl4.saddr = saddr; 42 fl4.saddr = saddr;
42 fl4.flowi4_tos = RT_TOS(iph->tos); 43 fl4.flowi4_tos = RT_TOS(iph->tos);
43 fl4.flowi4_oif = skb->sk ? skb->sk->sk_bound_dev_if : 0; 44 fl4.flowi4_oif = sk ? sk->sk_bound_dev_if : 0;
44 if (!fl4.flowi4_oif) 45 if (!fl4.flowi4_oif)
45 fl4.flowi4_oif = l3mdev_master_ifindex(dev); 46 fl4.flowi4_oif = l3mdev_master_ifindex(dev);
46 fl4.flowi4_mark = skb->mark; 47 fl4.flowi4_mark = skb->mark;
@@ -61,7 +62,7 @@ int ip_route_me_harder(struct net *net, struct sk_buff *skb, unsigned int addr_t
61 xfrm_decode_session(skb, flowi4_to_flowi(&fl4), AF_INET) == 0) { 62 xfrm_decode_session(skb, flowi4_to_flowi(&fl4), AF_INET) == 0) {
62 struct dst_entry *dst = skb_dst(skb); 63 struct dst_entry *dst = skb_dst(skb);
63 skb_dst_set(skb, NULL); 64 skb_dst_set(skb, NULL);
64 dst = xfrm_lookup(net, dst, flowi4_to_flowi(&fl4), skb->sk, 0); 65 dst = xfrm_lookup(net, dst, flowi4_to_flowi(&fl4), sk, 0);
65 if (IS_ERR(dst)) 66 if (IS_ERR(dst))
66 return PTR_ERR(dst); 67 return PTR_ERR(dst);
67 skb_dst_set(skb, dst); 68 skb_dst_set(skb, dst);
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index da385ae997a3..cf4555581282 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -1110,9 +1110,14 @@ static int tcp_sendmsg_fastopen(struct sock *sk, struct msghdr *msg,
1110 flags = (msg->msg_flags & MSG_DONTWAIT) ? O_NONBLOCK : 0; 1110 flags = (msg->msg_flags & MSG_DONTWAIT) ? O_NONBLOCK : 0;
1111 err = __inet_stream_connect(sk->sk_socket, msg->msg_name, 1111 err = __inet_stream_connect(sk->sk_socket, msg->msg_name,
1112 msg->msg_namelen, flags, 1); 1112 msg->msg_namelen, flags, 1);
1113 inet->defer_connect = 0; 1113 /* fastopen_req could already be freed in __inet_stream_connect
1114 *copied = tp->fastopen_req->copied; 1114 * if the connection times out or gets rst
1115 tcp_free_fastopen_req(tp); 1115 */
1116 if (tp->fastopen_req) {
1117 *copied = tp->fastopen_req->copied;
1118 tcp_free_fastopen_req(tp);
1119 inet->defer_connect = 0;
1120 }
1116 return err; 1121 return err;
1117} 1122}
1118 1123
@@ -2318,6 +2323,10 @@ int tcp_disconnect(struct sock *sk, int flags)
2318 memset(&tp->rx_opt, 0, sizeof(tp->rx_opt)); 2323 memset(&tp->rx_opt, 0, sizeof(tp->rx_opt));
2319 __sk_dst_reset(sk); 2324 __sk_dst_reset(sk);
2320 2325
2326 /* Clean up fastopen related fields */
2327 tcp_free_fastopen_req(tp);
2328 inet->defer_connect = 0;
2329
2321 WARN_ON(inet->inet_num && !icsk->icsk_bind_hash); 2330 WARN_ON(inet->inet_num && !icsk->icsk_bind_hash);
2322 2331
2323 sk->sk_error_report(sk); 2332 sk->sk_error_report(sk);
diff --git a/net/ipv4/tcp_cdg.c b/net/ipv4/tcp_cdg.c
index 35b280361cb2..50a0f3e51d5b 100644
--- a/net/ipv4/tcp_cdg.c
+++ b/net/ipv4/tcp_cdg.c
@@ -27,6 +27,8 @@
27#include <linux/kernel.h> 27#include <linux/kernel.h>
28#include <linux/random.h> 28#include <linux/random.h>
29#include <linux/module.h> 29#include <linux/module.h>
30#include <linux/sched/clock.h>
31
30#include <net/tcp.h> 32#include <net/tcp.h>
31 33
32#define HYSTART_ACK_TRAIN 1 34#define HYSTART_ACK_TRAIN 1
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index 2c0ff327b6df..39c393cc0fd3 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -5886,9 +5886,15 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb)
5886 if (th->syn) { 5886 if (th->syn) {
5887 if (th->fin) 5887 if (th->fin)
5888 goto discard; 5888 goto discard;
5889 if (icsk->icsk_af_ops->conn_request(sk, skb) < 0) 5889 /* It is possible that we process SYN packets from backlog,
5890 return 1; 5890 * so we need to make sure to disable BH right there.
5891 */
5892 local_bh_disable();
5893 acceptable = icsk->icsk_af_ops->conn_request(sk, skb) >= 0;
5894 local_bh_enable();
5891 5895
5896 if (!acceptable)
5897 return 1;
5892 consume_skb(skb); 5898 consume_skb(skb);
5893 return 0; 5899 return 0;
5894 } 5900 }
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 9a89b8deafae..575e19dcc017 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -279,10 +279,13 @@ EXPORT_SYMBOL(tcp_v4_connect);
279 */ 279 */
280void tcp_v4_mtu_reduced(struct sock *sk) 280void tcp_v4_mtu_reduced(struct sock *sk)
281{ 281{
282 struct dst_entry *dst;
283 struct inet_sock *inet = inet_sk(sk); 282 struct inet_sock *inet = inet_sk(sk);
284 u32 mtu = tcp_sk(sk)->mtu_info; 283 struct dst_entry *dst;
284 u32 mtu;
285 285
286 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))
287 return;
288 mtu = tcp_sk(sk)->mtu_info;
286 dst = inet_csk_update_pmtu(sk, mtu); 289 dst = inet_csk_update_pmtu(sk, mtu);
287 if (!dst) 290 if (!dst)
288 return; 291 return;
@@ -428,7 +431,8 @@ void tcp_v4_err(struct sk_buff *icmp_skb, u32 info)
428 431
429 switch (type) { 432 switch (type) {
430 case ICMP_REDIRECT: 433 case ICMP_REDIRECT:
431 do_redirect(icmp_skb, sk); 434 if (!sock_owned_by_user(sk))
435 do_redirect(icmp_skb, sk);
432 goto out; 436 goto out;
433 case ICMP_SOURCE_QUENCH: 437 case ICMP_SOURCE_QUENCH:
434 /* Just silently ignore these. */ 438 /* Just silently ignore these. */
diff --git a/net/ipv4/tcp_timer.c b/net/ipv4/tcp_timer.c
index 40d893556e67..b2ab411c6d37 100644
--- a/net/ipv4/tcp_timer.c
+++ b/net/ipv4/tcp_timer.c
@@ -249,7 +249,8 @@ void tcp_delack_timer_handler(struct sock *sk)
249 249
250 sk_mem_reclaim_partial(sk); 250 sk_mem_reclaim_partial(sk);
251 251
252 if (sk->sk_state == TCP_CLOSE || !(icsk->icsk_ack.pending & ICSK_ACK_TIMER)) 252 if (((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN)) ||
253 !(icsk->icsk_ack.pending & ICSK_ACK_TIMER))
253 goto out; 254 goto out;
254 255
255 if (time_after(icsk->icsk_ack.timeout, jiffies)) { 256 if (time_after(icsk->icsk_ack.timeout, jiffies)) {
@@ -552,7 +553,8 @@ void tcp_write_timer_handler(struct sock *sk)
552 struct inet_connection_sock *icsk = inet_csk(sk); 553 struct inet_connection_sock *icsk = inet_csk(sk);
553 int event; 554 int event;
554 555
555 if (sk->sk_state == TCP_CLOSE || !icsk->icsk_pending) 556 if (((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN)) ||
557 !icsk->icsk_pending)
556 goto out; 558 goto out;
557 559
558 if (time_after(icsk->icsk_timeout, jiffies)) { 560 if (time_after(icsk->icsk_timeout, jiffies)) {
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 3a2025f5bf2c..363172527e43 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -43,6 +43,7 @@
43#include <linux/errno.h> 43#include <linux/errno.h>
44#include <linux/types.h> 44#include <linux/types.h>
45#include <linux/kernel.h> 45#include <linux/kernel.h>
46#include <linux/sched/signal.h>
46#include <linux/socket.h> 47#include <linux/socket.h>
47#include <linux/sockios.h> 48#include <linux/sockios.h>
48#include <linux/net.h> 49#include <linux/net.h>
@@ -5692,13 +5693,18 @@ static int addrconf_sysctl_addr_gen_mode(struct ctl_table *ctl, int write,
5692 struct inet6_dev *idev = (struct inet6_dev *)ctl->extra1; 5693 struct inet6_dev *idev = (struct inet6_dev *)ctl->extra1;
5693 struct net *net = (struct net *)ctl->extra2; 5694 struct net *net = (struct net *)ctl->extra2;
5694 5695
5696 if (!rtnl_trylock())
5697 return restart_syscall();
5698
5695 ret = proc_dointvec(ctl, write, buffer, lenp, ppos); 5699 ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
5696 5700
5697 if (write) { 5701 if (write) {
5698 new_val = *((int *)ctl->data); 5702 new_val = *((int *)ctl->data);
5699 5703
5700 if (check_addr_gen_mode(new_val) < 0) 5704 if (check_addr_gen_mode(new_val) < 0) {
5701 return -EINVAL; 5705 ret = -EINVAL;
5706 goto out;
5707 }
5702 5708
5703 /* request for default */ 5709 /* request for default */
5704 if (&net->ipv6.devconf_dflt->addr_gen_mode == ctl->data) { 5710 if (&net->ipv6.devconf_dflt->addr_gen_mode == ctl->data) {
@@ -5707,20 +5713,23 @@ static int addrconf_sysctl_addr_gen_mode(struct ctl_table *ctl, int write,
5707 /* request for individual net device */ 5713 /* request for individual net device */
5708 } else { 5714 } else {
5709 if (!idev) 5715 if (!idev)
5710 return ret; 5716 goto out;
5711 5717
5712 if (check_stable_privacy(idev, net, new_val) < 0) 5718 if (check_stable_privacy(idev, net, new_val) < 0) {
5713 return -EINVAL; 5719 ret = -EINVAL;
5720 goto out;
5721 }
5714 5722
5715 if (idev->cnf.addr_gen_mode != new_val) { 5723 if (idev->cnf.addr_gen_mode != new_val) {
5716 idev->cnf.addr_gen_mode = new_val; 5724 idev->cnf.addr_gen_mode = new_val;
5717 rtnl_lock();
5718 addrconf_dev_config(idev->dev); 5725 addrconf_dev_config(idev->dev);
5719 rtnl_unlock();
5720 } 5726 }
5721 } 5727 }
5722 } 5728 }
5723 5729
5730out:
5731 rtnl_unlock();
5732
5724 return ret; 5733 return ret;
5725} 5734}
5726 5735
diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
index 04db40620ea6..a9a9553ee63d 100644
--- a/net/ipv6/af_inet6.c
+++ b/net/ipv6/af_inet6.c
@@ -920,12 +920,12 @@ static int __init inet6_init(void)
920 err = register_pernet_subsys(&inet6_net_ops); 920 err = register_pernet_subsys(&inet6_net_ops);
921 if (err) 921 if (err)
922 goto register_pernet_fail; 922 goto register_pernet_fail;
923 err = icmpv6_init();
924 if (err)
925 goto icmp_fail;
926 err = ip6_mr_init(); 923 err = ip6_mr_init();
927 if (err) 924 if (err)
928 goto ipmr_fail; 925 goto ipmr_fail;
926 err = icmpv6_init();
927 if (err)
928 goto icmp_fail;
929 err = ndisc_init(); 929 err = ndisc_init();
930 if (err) 930 if (err)
931 goto ndisc_fail; 931 goto ndisc_fail;
@@ -1061,10 +1061,10 @@ igmp_fail:
1061 ndisc_cleanup(); 1061 ndisc_cleanup();
1062ndisc_fail: 1062ndisc_fail:
1063 ip6_mr_cleanup(); 1063 ip6_mr_cleanup();
1064ipmr_fail:
1065 icmpv6_cleanup();
1066icmp_fail: 1064icmp_fail:
1067 unregister_pernet_subsys(&inet6_net_ops); 1065 unregister_pernet_subsys(&inet6_net_ops);
1066ipmr_fail:
1067 icmpv6_cleanup();
1068register_pernet_fail: 1068register_pernet_fail:
1069 sock_unregister(PF_INET6); 1069 sock_unregister(PF_INET6);
1070 rtnl_unregister_all(PF_INET6); 1070 rtnl_unregister_all(PF_INET6);
diff --git a/net/ipv6/ip6_fib.c b/net/ipv6/ip6_fib.c
index e4266746e4a2..d4bf2c68a545 100644
--- a/net/ipv6/ip6_fib.c
+++ b/net/ipv6/ip6_fib.c
@@ -923,6 +923,8 @@ add:
923 ins = &rt->dst.rt6_next; 923 ins = &rt->dst.rt6_next;
924 iter = *ins; 924 iter = *ins;
925 while (iter) { 925 while (iter) {
926 if (iter->rt6i_metric > rt->rt6i_metric)
927 break;
926 if (rt6_qualify_for_ecmp(iter)) { 928 if (rt6_qualify_for_ecmp(iter)) {
927 *ins = iter->dst.rt6_next; 929 *ins = iter->dst.rt6_next;
928 fib6_purge_rt(iter, fn, info->nl_net); 930 fib6_purge_rt(iter, fn, info->nl_net);
diff --git a/net/ipv6/ip6_offload.c b/net/ipv6/ip6_offload.c
index 0838e6d01d2e..93e58a5e1837 100644
--- a/net/ipv6/ip6_offload.c
+++ b/net/ipv6/ip6_offload.c
@@ -294,8 +294,10 @@ static int ipv6_gro_complete(struct sk_buff *skb, int nhoff)
294 struct ipv6hdr *iph = (struct ipv6hdr *)(skb->data + nhoff); 294 struct ipv6hdr *iph = (struct ipv6hdr *)(skb->data + nhoff);
295 int err = -ENOSYS; 295 int err = -ENOSYS;
296 296
297 if (skb->encapsulation) 297 if (skb->encapsulation) {
298 skb_set_inner_protocol(skb, cpu_to_be16(ETH_P_IPV6));
298 skb_set_inner_network_header(skb, nhoff); 299 skb_set_inner_network_header(skb, nhoff);
300 }
299 301
300 iph->payload_len = htons(skb->len - nhoff - sizeof(*iph)); 302 iph->payload_len = htons(skb->len - nhoff - sizeof(*iph));
301 303
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index 528b3c1f3fde..58f6288e9ba5 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -768,13 +768,14 @@ slow_path:
768 * Fragment the datagram. 768 * Fragment the datagram.
769 */ 769 */
770 770
771 *prevhdr = NEXTHDR_FRAGMENT;
772 troom = rt->dst.dev->needed_tailroom; 771 troom = rt->dst.dev->needed_tailroom;
773 772
774 /* 773 /*
775 * Keep copying data until we run out. 774 * Keep copying data until we run out.
776 */ 775 */
777 while (left > 0) { 776 while (left > 0) {
777 u8 *fragnexthdr_offset;
778
778 len = left; 779 len = left;
779 /* IF: it doesn't fit, use 'mtu' - the data space left */ 780 /* IF: it doesn't fit, use 'mtu' - the data space left */
780 if (len > mtu) 781 if (len > mtu)
@@ -819,6 +820,10 @@ slow_path:
819 */ 820 */
820 skb_copy_from_linear_data(skb, skb_network_header(frag), hlen); 821 skb_copy_from_linear_data(skb, skb_network_header(frag), hlen);
821 822
823 fragnexthdr_offset = skb_network_header(frag);
824 fragnexthdr_offset += prevhdr - skb_network_header(skb);
825 *fragnexthdr_offset = NEXTHDR_FRAGMENT;
826
822 /* 827 /*
823 * Build fragment header. 828 * Build fragment header.
824 */ 829 */
@@ -1385,7 +1390,7 @@ emsgsize:
1385 if ((((length + fragheaderlen) > mtu) || 1390 if ((((length + fragheaderlen) > mtu) ||
1386 (skb && skb_is_gso(skb))) && 1391 (skb && skb_is_gso(skb))) &&
1387 (sk->sk_protocol == IPPROTO_UDP) && 1392 (sk->sk_protocol == IPPROTO_UDP) &&
1388 (rt->dst.dev->features & NETIF_F_UFO) && !rt->dst.header_len && 1393 (rt->dst.dev->features & NETIF_F_UFO) && !dst_xfrm(&rt->dst) &&
1389 (sk->sk_type == SOCK_DGRAM) && !udp_get_no_check6_tx(sk)) { 1394 (sk->sk_type == SOCK_DGRAM) && !udp_get_no_check6_tx(sk)) {
1390 err = ip6_ufo_append_data(sk, queue, getfrag, from, length, 1395 err = ip6_ufo_append_data(sk, queue, getfrag, from, length,
1391 hh_len, fragheaderlen, exthdrlen, 1396 hh_len, fragheaderlen, exthdrlen,
diff --git a/net/ipv6/ip6_vti.c b/net/ipv6/ip6_vti.c
index 644ba59fbd9d..3d8a3b63b4fd 100644
--- a/net/ipv6/ip6_vti.c
+++ b/net/ipv6/ip6_vti.c
@@ -485,11 +485,15 @@ vti6_xmit(struct sk_buff *skb, struct net_device *dev, struct flowi *fl)
485 if (!skb->ignore_df && skb->len > mtu) { 485 if (!skb->ignore_df && skb->len > mtu) {
486 skb_dst(skb)->ops->update_pmtu(dst, NULL, skb, mtu); 486 skb_dst(skb)->ops->update_pmtu(dst, NULL, skb, mtu);
487 487
488 if (skb->protocol == htons(ETH_P_IPV6)) 488 if (skb->protocol == htons(ETH_P_IPV6)) {
489 if (mtu < IPV6_MIN_MTU)
490 mtu = IPV6_MIN_MTU;
491
489 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu); 492 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
490 else 493 } else {
491 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, 494 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED,
492 htonl(mtu)); 495 htonl(mtu));
496 }
493 497
494 return -EMSGSIZE; 498 return -EMSGSIZE;
495 } 499 }
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
index 9948b5ce52da..986d4ca38832 100644
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -589,6 +589,7 @@ int nf_ct_frag6_gather(struct net *net, struct sk_buff *skb, u32 user)
589 hdr = ipv6_hdr(skb); 589 hdr = ipv6_hdr(skb);
590 fhdr = (struct frag_hdr *)skb_transport_header(skb); 590 fhdr = (struct frag_hdr *)skb_transport_header(skb);
591 591
592 skb_orphan(skb);
592 fq = fq_find(net, fhdr->identification, user, &hdr->saddr, &hdr->daddr, 593 fq = fq_find(net, fhdr->identification, user, &hdr->saddr, &hdr->daddr,
593 skb->dev ? skb->dev->ifindex : 0, ip6_frag_ecn(hdr)); 594 skb->dev ? skb->dev->ifindex : 0, ip6_frag_ecn(hdr));
594 if (fq == NULL) { 595 if (fq == NULL) {
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index f54f4265b37f..35c58b669ebd 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -2169,10 +2169,13 @@ int ip6_del_rt(struct rt6_info *rt)
2169static int __ip6_del_rt_siblings(struct rt6_info *rt, struct fib6_config *cfg) 2169static int __ip6_del_rt_siblings(struct rt6_info *rt, struct fib6_config *cfg)
2170{ 2170{
2171 struct nl_info *info = &cfg->fc_nlinfo; 2171 struct nl_info *info = &cfg->fc_nlinfo;
2172 struct net *net = info->nl_net;
2172 struct sk_buff *skb = NULL; 2173 struct sk_buff *skb = NULL;
2173 struct fib6_table *table; 2174 struct fib6_table *table;
2174 int err; 2175 int err = -ENOENT;
2175 2176
2177 if (rt == net->ipv6.ip6_null_entry)
2178 goto out_put;
2176 table = rt->rt6i_table; 2179 table = rt->rt6i_table;
2177 write_lock_bh(&table->tb6_lock); 2180 write_lock_bh(&table->tb6_lock);
2178 2181
@@ -2184,7 +2187,7 @@ static int __ip6_del_rt_siblings(struct rt6_info *rt, struct fib6_config *cfg)
2184 if (skb) { 2187 if (skb) {
2185 u32 seq = info->nlh ? info->nlh->nlmsg_seq : 0; 2188 u32 seq = info->nlh ? info->nlh->nlmsg_seq : 0;
2186 2189
2187 if (rt6_fill_node(info->nl_net, skb, rt, 2190 if (rt6_fill_node(net, skb, rt,
2188 NULL, NULL, 0, RTM_DELROUTE, 2191 NULL, NULL, 0, RTM_DELROUTE,
2189 info->portid, seq, 0) < 0) { 2192 info->portid, seq, 0) < 0) {
2190 kfree_skb(skb); 2193 kfree_skb(skb);
@@ -2198,17 +2201,18 @@ static int __ip6_del_rt_siblings(struct rt6_info *rt, struct fib6_config *cfg)
2198 rt6i_siblings) { 2201 rt6i_siblings) {
2199 err = fib6_del(sibling, info); 2202 err = fib6_del(sibling, info);
2200 if (err) 2203 if (err)
2201 goto out; 2204 goto out_unlock;
2202 } 2205 }
2203 } 2206 }
2204 2207
2205 err = fib6_del(rt, info); 2208 err = fib6_del(rt, info);
2206out: 2209out_unlock:
2207 write_unlock_bh(&table->tb6_lock); 2210 write_unlock_bh(&table->tb6_lock);
2211out_put:
2208 ip6_rt_put(rt); 2212 ip6_rt_put(rt);
2209 2213
2210 if (skb) { 2214 if (skb) {
2211 rtnl_notify(skb, info->nl_net, info->portid, RTNLGRP_IPV6_ROUTE, 2215 rtnl_notify(skb, net, info->portid, RTNLGRP_IPV6_ROUTE,
2212 info->nlh, gfp_any()); 2216 info->nlh, gfp_any());
2213 } 2217 }
2214 return err; 2218 return err;
@@ -2891,6 +2895,7 @@ static const struct nla_policy rtm_ipv6_policy[RTA_MAX+1] = {
2891 [RTA_ENCAP] = { .type = NLA_NESTED }, 2895 [RTA_ENCAP] = { .type = NLA_NESTED },
2892 [RTA_EXPIRES] = { .type = NLA_U32 }, 2896 [RTA_EXPIRES] = { .type = NLA_U32 },
2893 [RTA_UID] = { .type = NLA_U32 }, 2897 [RTA_UID] = { .type = NLA_U32 },
2898 [RTA_MARK] = { .type = NLA_U32 },
2894}; 2899};
2895 2900
2896static int rtm_to_fib6_config(struct sk_buff *skb, struct nlmsghdr *nlh, 2901static int rtm_to_fib6_config(struct sk_buff *skb, struct nlmsghdr *nlh,
@@ -3294,7 +3299,6 @@ static size_t rt6_nlmsg_size(struct rt6_info *rt)
3294 nexthop_len = nla_total_size(0) /* RTA_MULTIPATH */ 3299 nexthop_len = nla_total_size(0) /* RTA_MULTIPATH */
3295 + NLA_ALIGN(sizeof(struct rtnexthop)) 3300 + NLA_ALIGN(sizeof(struct rtnexthop))
3296 + nla_total_size(16) /* RTA_GATEWAY */ 3301 + nla_total_size(16) /* RTA_GATEWAY */
3297 + nla_total_size(4) /* RTA_OIF */
3298 + lwtunnel_get_encap_size(rt->dst.lwtstate); 3302 + lwtunnel_get_encap_size(rt->dst.lwtstate);
3299 3303
3300 nexthop_len *= rt->rt6i_nsiblings; 3304 nexthop_len *= rt->rt6i_nsiblings;
@@ -3318,7 +3322,7 @@ static size_t rt6_nlmsg_size(struct rt6_info *rt)
3318} 3322}
3319 3323
3320static int rt6_nexthop_info(struct sk_buff *skb, struct rt6_info *rt, 3324static int rt6_nexthop_info(struct sk_buff *skb, struct rt6_info *rt,
3321 unsigned int *flags) 3325 unsigned int *flags, bool skip_oif)
3322{ 3326{
3323 if (!netif_running(rt->dst.dev) || !netif_carrier_ok(rt->dst.dev)) { 3327 if (!netif_running(rt->dst.dev) || !netif_carrier_ok(rt->dst.dev)) {
3324 *flags |= RTNH_F_LINKDOWN; 3328 *flags |= RTNH_F_LINKDOWN;
@@ -3331,7 +3335,8 @@ static int rt6_nexthop_info(struct sk_buff *skb, struct rt6_info *rt,
3331 goto nla_put_failure; 3335 goto nla_put_failure;
3332 } 3336 }
3333 3337
3334 if (rt->dst.dev && 3338 /* not needed for multipath encoding b/c it has a rtnexthop struct */
3339 if (!skip_oif && rt->dst.dev &&
3335 nla_put_u32(skb, RTA_OIF, rt->dst.dev->ifindex)) 3340 nla_put_u32(skb, RTA_OIF, rt->dst.dev->ifindex))
3336 goto nla_put_failure; 3341 goto nla_put_failure;
3337 3342
@@ -3345,6 +3350,7 @@ nla_put_failure:
3345 return -EMSGSIZE; 3350 return -EMSGSIZE;
3346} 3351}
3347 3352
3353/* add multipath next hop */
3348static int rt6_add_nexthop(struct sk_buff *skb, struct rt6_info *rt) 3354static int rt6_add_nexthop(struct sk_buff *skb, struct rt6_info *rt)
3349{ 3355{
3350 struct rtnexthop *rtnh; 3356 struct rtnexthop *rtnh;
@@ -3357,7 +3363,7 @@ static int rt6_add_nexthop(struct sk_buff *skb, struct rt6_info *rt)
3357 rtnh->rtnh_hops = 0; 3363 rtnh->rtnh_hops = 0;
3358 rtnh->rtnh_ifindex = rt->dst.dev ? rt->dst.dev->ifindex : 0; 3364 rtnh->rtnh_ifindex = rt->dst.dev ? rt->dst.dev->ifindex : 0;
3359 3365
3360 if (rt6_nexthop_info(skb, rt, &flags) < 0) 3366 if (rt6_nexthop_info(skb, rt, &flags, true) < 0)
3361 goto nla_put_failure; 3367 goto nla_put_failure;
3362 3368
3363 rtnh->rtnh_flags = flags; 3369 rtnh->rtnh_flags = flags;
@@ -3510,7 +3516,7 @@ static int rt6_fill_node(struct net *net,
3510 3516
3511 nla_nest_end(skb, mp); 3517 nla_nest_end(skb, mp);
3512 } else { 3518 } else {
3513 if (rt6_nexthop_info(skb, rt, &rtm->rtm_flags) < 0) 3519 if (rt6_nexthop_info(skb, rt, &rtm->rtm_flags, false) < 0)
3514 goto nla_put_failure; 3520 goto nla_put_failure;
3515 } 3521 }
3516 3522
@@ -3627,6 +3633,12 @@ static int inet6_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr *nlh)
3627 rt = (struct rt6_info *)ip6_route_output(net, NULL, &fl6); 3633 rt = (struct rt6_info *)ip6_route_output(net, NULL, &fl6);
3628 } 3634 }
3629 3635
3636 if (rt == net->ipv6.ip6_null_entry) {
3637 err = rt->dst.error;
3638 ip6_rt_put(rt);
3639 goto errout;
3640 }
3641
3630 skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL); 3642 skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL);
3631 if (!skb) { 3643 if (!skb) {
3632 ip6_rt_put(rt); 3644 ip6_rt_put(rt);
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index 60a5295a7de6..49fa2e8c3fa9 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -391,10 +391,12 @@ static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
391 np = inet6_sk(sk); 391 np = inet6_sk(sk);
392 392
393 if (type == NDISC_REDIRECT) { 393 if (type == NDISC_REDIRECT) {
394 struct dst_entry *dst = __sk_dst_check(sk, np->dst_cookie); 394 if (!sock_owned_by_user(sk)) {
395 struct dst_entry *dst = __sk_dst_check(sk, np->dst_cookie);
395 396
396 if (dst) 397 if (dst)
397 dst->ops->redirect(dst, sk, skb); 398 dst->ops->redirect(dst, sk, skb);
399 }
398 goto out; 400 goto out;
399 } 401 }
400 402
diff --git a/net/irda/af_irda.c b/net/irda/af_irda.c
index ab254041dab7..8d77ad5cadaf 100644
--- a/net/irda/af_irda.c
+++ b/net/irda/af_irda.c
@@ -46,6 +46,7 @@
46#include <linux/socket.h> 46#include <linux/socket.h>
47#include <linux/sockios.h> 47#include <linux/sockios.h>
48#include <linux/slab.h> 48#include <linux/slab.h>
49#include <linux/sched/signal.h>
49#include <linux/init.h> 50#include <linux/init.h>
50#include <linux/net.h> 51#include <linux/net.h>
51#include <linux/irda.h> 52#include <linux/irda.h>
@@ -827,7 +828,8 @@ out:
827 * Wait for incoming connection 828 * Wait for incoming connection
828 * 829 *
829 */ 830 */
830static int irda_accept(struct socket *sock, struct socket *newsock, int flags) 831static int irda_accept(struct socket *sock, struct socket *newsock, int flags,
832 bool kern)
831{ 833{
832 struct sock *sk = sock->sk; 834 struct sock *sk = sock->sk;
833 struct irda_sock *new, *self = irda_sk(sk); 835 struct irda_sock *new, *self = irda_sk(sk);
@@ -835,7 +837,7 @@ static int irda_accept(struct socket *sock, struct socket *newsock, int flags)
835 struct sk_buff *skb = NULL; 837 struct sk_buff *skb = NULL;
836 int err; 838 int err;
837 839
838 err = irda_create(sock_net(sk), newsock, sk->sk_protocol, 0); 840 err = irda_create(sock_net(sk), newsock, sk->sk_protocol, kern);
839 if (err) 841 if (err)
840 return err; 842 return err;
841 843
diff --git a/net/irda/ircomm/ircomm_tty.c b/net/irda/ircomm/ircomm_tty.c
index 817b1b186aff..f6061c4bb0a8 100644
--- a/net/irda/ircomm/ircomm_tty.c
+++ b/net/irda/ircomm/ircomm_tty.c
@@ -32,7 +32,7 @@
32#include <linux/module.h> 32#include <linux/module.h>
33#include <linux/fs.h> 33#include <linux/fs.h>
34#include <linux/slab.h> 34#include <linux/slab.h>
35#include <linux/sched.h> 35#include <linux/sched/signal.h>
36#include <linux/seq_file.h> 36#include <linux/seq_file.h>
37#include <linux/termios.h> 37#include <linux/termios.h>
38#include <linux/tty.h> 38#include <linux/tty.h>
diff --git a/net/irda/irnet/irnet_ppp.c b/net/irda/irnet/irnet_ppp.c
index 35dbf3dc3d28..7025dcb853d0 100644
--- a/net/irda/irnet/irnet_ppp.c
+++ b/net/irda/irnet/irnet_ppp.c
@@ -13,8 +13,9 @@
13 * 2) as a control channel (write commands, read events) 13 * 2) as a control channel (write commands, read events)
14 */ 14 */
15 15
16#include <linux/sched.h> 16#include <linux/sched/signal.h>
17#include <linux/slab.h> 17#include <linux/slab.h>
18
18#include "irnet_ppp.h" /* Private header */ 19#include "irnet_ppp.h" /* Private header */
19/* Please put other headers in irnet.h - Thanks */ 20/* Please put other headers in irnet.h - Thanks */
20 21
diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c
index 13190b38f22e..84de7b6326dc 100644
--- a/net/iucv/af_iucv.c
+++ b/net/iucv/af_iucv.c
@@ -17,7 +17,7 @@
17#include <linux/list.h> 17#include <linux/list.h>
18#include <linux/errno.h> 18#include <linux/errno.h>
19#include <linux/kernel.h> 19#include <linux/kernel.h>
20#include <linux/sched.h> 20#include <linux/sched/signal.h>
21#include <linux/slab.h> 21#include <linux/slab.h>
22#include <linux/skbuff.h> 22#include <linux/skbuff.h>
23#include <linux/init.h> 23#include <linux/init.h>
@@ -938,7 +938,7 @@ done:
938 938
939/* Accept a pending connection */ 939/* Accept a pending connection */
940static int iucv_sock_accept(struct socket *sock, struct socket *newsock, 940static int iucv_sock_accept(struct socket *sock, struct socket *newsock,
941 int flags) 941 int flags, bool kern)
942{ 942{
943 DECLARE_WAITQUEUE(wait, current); 943 DECLARE_WAITQUEUE(wait, current);
944 struct sock *sk = sock->sk, *nsk; 944 struct sock *sk = sock->sk, *nsk;
diff --git a/net/kcm/kcmsock.c b/net/kcm/kcmsock.c
index a646f3481240..309062f3debe 100644
--- a/net/kcm/kcmsock.c
+++ b/net/kcm/kcmsock.c
@@ -24,6 +24,8 @@
24#include <linux/uaccess.h> 24#include <linux/uaccess.h>
25#include <linux/workqueue.h> 25#include <linux/workqueue.h>
26#include <linux/syscalls.h> 26#include <linux/syscalls.h>
27#include <linux/sched/signal.h>
28
27#include <net/kcm.h> 29#include <net/kcm.h>
28#include <net/netns/generic.h> 30#include <net/netns/generic.h>
29#include <net/sock.h> 31#include <net/sock.h>
diff --git a/net/llc/af_llc.c b/net/llc/af_llc.c
index 5e9296382420..cb4fff785cbf 100644
--- a/net/llc/af_llc.c
+++ b/net/llc/af_llc.c
@@ -26,6 +26,8 @@
26#include <linux/rtnetlink.h> 26#include <linux/rtnetlink.h>
27#include <linux/init.h> 27#include <linux/init.h>
28#include <linux/slab.h> 28#include <linux/slab.h>
29#include <linux/sched/signal.h>
30
29#include <net/llc.h> 31#include <net/llc.h>
30#include <net/llc_sap.h> 32#include <net/llc_sap.h>
31#include <net/llc_pdu.h> 33#include <net/llc_pdu.h>
@@ -639,11 +641,13 @@ static void llc_cmsg_rcv(struct msghdr *msg, struct sk_buff *skb)
639 * @sock: Socket which connections arrive on. 641 * @sock: Socket which connections arrive on.
640 * @newsock: Socket to move incoming connection to. 642 * @newsock: Socket to move incoming connection to.
641 * @flags: User specified operational flags. 643 * @flags: User specified operational flags.
644 * @kern: If the socket is kernel internal
642 * 645 *
643 * Accept a new incoming connection. 646 * Accept a new incoming connection.
644 * Returns 0 upon success, negative otherwise. 647 * Returns 0 upon success, negative otherwise.
645 */ 648 */
646static int llc_ui_accept(struct socket *sock, struct socket *newsock, int flags) 649static int llc_ui_accept(struct socket *sock, struct socket *newsock, int flags,
650 bool kern)
647{ 651{
648 struct sock *sk = sock->sk, *newsk; 652 struct sock *sk = sock->sk, *newsk;
649 struct llc_sock *llc, *newllc; 653 struct llc_sock *llc, *newllc;
diff --git a/net/mac80211/agg-rx.c b/net/mac80211/agg-rx.c
index 3b5fd4188f2a..4456559cb056 100644
--- a/net/mac80211/agg-rx.c
+++ b/net/mac80211/agg-rx.c
@@ -85,7 +85,7 @@ void ___ieee80211_stop_rx_ba_session(struct sta_info *sta, u16 tid,
85 ht_dbg(sta->sdata, 85 ht_dbg(sta->sdata,
86 "Rx BA session stop requested for %pM tid %u %s reason: %d\n", 86 "Rx BA session stop requested for %pM tid %u %s reason: %d\n",
87 sta->sta.addr, tid, 87 sta->sta.addr, tid,
88 initiator == WLAN_BACK_RECIPIENT ? "recipient" : "inititator", 88 initiator == WLAN_BACK_RECIPIENT ? "recipient" : "initiator",
89 (int)reason); 89 (int)reason);
90 90
91 if (drv_ampdu_action(local, sta->sdata, &params)) 91 if (drv_ampdu_action(local, sta->sdata, &params))
@@ -398,6 +398,7 @@ void __ieee80211_start_rx_ba_session(struct sta_info *sta,
398 tid_agg_rx->timeout = timeout; 398 tid_agg_rx->timeout = timeout;
399 tid_agg_rx->stored_mpdu_num = 0; 399 tid_agg_rx->stored_mpdu_num = 0;
400 tid_agg_rx->auto_seq = auto_seq; 400 tid_agg_rx->auto_seq = auto_seq;
401 tid_agg_rx->started = false;
401 tid_agg_rx->reorder_buf_filtered = 0; 402 tid_agg_rx->reorder_buf_filtered = 0;
402 status = WLAN_STATUS_SUCCESS; 403 status = WLAN_STATUS_SUCCESS;
403 404
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index 159a1a733725..0e718437d080 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -428,7 +428,7 @@ struct ieee80211_sta_tx_tspec {
428 bool downgraded; 428 bool downgraded;
429}; 429};
430 430
431DECLARE_EWMA(beacon_signal, 16, 4) 431DECLARE_EWMA(beacon_signal, 4, 4)
432 432
433struct ieee80211_if_managed { 433struct ieee80211_if_managed {
434 struct timer_list timer; 434 struct timer_list timer;
diff --git a/net/mac80211/mesh_plink.c b/net/mac80211/mesh_plink.c
index fcba70e57073..953d71e784a9 100644
--- a/net/mac80211/mesh_plink.c
+++ b/net/mac80211/mesh_plink.c
@@ -9,6 +9,8 @@
9#include <linux/gfp.h> 9#include <linux/gfp.h>
10#include <linux/kernel.h> 10#include <linux/kernel.h>
11#include <linux/random.h> 11#include <linux/random.h>
12#include <linux/rculist.h>
13
12#include "ieee80211_i.h" 14#include "ieee80211_i.h"
13#include "rate.h" 15#include "rate.h"
14#include "mesh.h" 16#include "mesh.h"
diff --git a/net/mac80211/pm.c b/net/mac80211/pm.c
index 28a3a0957c9e..76a8bcd8ef11 100644
--- a/net/mac80211/pm.c
+++ b/net/mac80211/pm.c
@@ -168,6 +168,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan)
168 break; 168 break;
169 } 169 }
170 170
171 flush_delayed_work(&sdata->dec_tailroom_needed_wk);
171 drv_remove_interface(local, sdata); 172 drv_remove_interface(local, sdata);
172 } 173 }
173 174
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 50ca3828b124..e48724a6725e 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -4,7 +4,7 @@
4 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 4 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
5 * Copyright 2007-2010 Johannes Berg <johannes@sipsolutions.net> 5 * Copyright 2007-2010 Johannes Berg <johannes@sipsolutions.net>
6 * Copyright 2013-2014 Intel Mobile Communications GmbH 6 * Copyright 2013-2014 Intel Mobile Communications GmbH
7 * Copyright(c) 2015 - 2016 Intel Deutschland GmbH 7 * Copyright(c) 2015 - 2017 Intel Deutschland GmbH
8 * 8 *
9 * This program is free software; you can redistribute it and/or modify 9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License version 2 as 10 * it under the terms of the GNU General Public License version 2 as
@@ -1034,6 +1034,18 @@ static bool ieee80211_sta_manage_reorder_buf(struct ieee80211_sub_if_data *sdata
1034 buf_size = tid_agg_rx->buf_size; 1034 buf_size = tid_agg_rx->buf_size;
1035 head_seq_num = tid_agg_rx->head_seq_num; 1035 head_seq_num = tid_agg_rx->head_seq_num;
1036 1036
1037 /*
1038 * If the current MPDU's SN is smaller than the SSN, it shouldn't
1039 * be reordered.
1040 */
1041 if (unlikely(!tid_agg_rx->started)) {
1042 if (ieee80211_sn_less(mpdu_seq_num, head_seq_num)) {
1043 ret = false;
1044 goto out;
1045 }
1046 tid_agg_rx->started = true;
1047 }
1048
1037 /* frame with out of date sequence number */ 1049 /* frame with out of date sequence number */
1038 if (ieee80211_sn_less(mpdu_seq_num, head_seq_num)) { 1050 if (ieee80211_sn_less(mpdu_seq_num, head_seq_num)) {
1039 dev_kfree_skb(skb); 1051 dev_kfree_skb(skb);
@@ -3880,6 +3892,7 @@ static bool ieee80211_invoke_fast_rx(struct ieee80211_rx_data *rx,
3880 stats->last_rate = sta_stats_encode_rate(status); 3892 stats->last_rate = sta_stats_encode_rate(status);
3881 3893
3882 stats->fragments++; 3894 stats->fragments++;
3895 stats->packets++;
3883 3896
3884 if (!(status->flag & RX_FLAG_NO_SIGNAL_VAL)) { 3897 if (!(status->flag & RX_FLAG_NO_SIGNAL_VAL)) {
3885 stats->last_signal = status->signal; 3898 stats->last_signal = status->signal;
@@ -4073,15 +4086,17 @@ static void __ieee80211_rx_handle_packet(struct ieee80211_hw *hw,
4073 ieee80211_is_beacon(hdr->frame_control))) 4086 ieee80211_is_beacon(hdr->frame_control)))
4074 ieee80211_scan_rx(local, skb); 4087 ieee80211_scan_rx(local, skb);
4075 4088
4076 if (pubsta) { 4089 if (ieee80211_is_data(fc)) {
4077 rx.sta = container_of(pubsta, struct sta_info, sta);
4078 rx.sdata = rx.sta->sdata;
4079 if (ieee80211_prepare_and_rx_handle(&rx, skb, true))
4080 return;
4081 goto out;
4082 } else if (ieee80211_is_data(fc)) {
4083 struct sta_info *sta, *prev_sta; 4090 struct sta_info *sta, *prev_sta;
4084 4091
4092 if (pubsta) {
4093 rx.sta = container_of(pubsta, struct sta_info, sta);
4094 rx.sdata = rx.sta->sdata;
4095 if (ieee80211_prepare_and_rx_handle(&rx, skb, true))
4096 return;
4097 goto out;
4098 }
4099
4085 prev_sta = NULL; 4100 prev_sta = NULL;
4086 4101
4087 for_each_sta_info(local, hdr->addr2, sta, tmp) { 4102 for_each_sta_info(local, hdr->addr2, sta, tmp) {
diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c
index 4774e663a411..3323a2fb289b 100644
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -688,7 +688,7 @@ static void __sta_info_recalc_tim(struct sta_info *sta, bool ignore_pending)
688 } 688 }
689 689
690 /* No need to do anything if the driver does all */ 690 /* No need to do anything if the driver does all */
691 if (ieee80211_hw_check(&local->hw, AP_LINK_PS)) 691 if (ieee80211_hw_check(&local->hw, AP_LINK_PS) && !local->ops->set_tim)
692 return; 692 return;
693 693
694 if (sta->dead) 694 if (sta->dead)
@@ -1264,7 +1264,7 @@ void ieee80211_sta_ps_deliver_wakeup(struct sta_info *sta)
1264 sta_info_recalc_tim(sta); 1264 sta_info_recalc_tim(sta);
1265 1265
1266 ps_dbg(sdata, 1266 ps_dbg(sdata,
1267 "STA %pM aid %d sending %d filtered/%d PS frames since STA not sleeping anymore\n", 1267 "STA %pM aid %d sending %d filtered/%d PS frames since STA woke up\n",
1268 sta->sta.addr, sta->sta.aid, filtered, buffered); 1268 sta->sta.addr, sta->sta.aid, filtered, buffered);
1269 1269
1270 ieee80211_check_fast_xmit(sta); 1270 ieee80211_check_fast_xmit(sta);
diff --git a/net/mac80211/sta_info.h b/net/mac80211/sta_info.h
index dd06ef0b8861..e65cda34d2bc 100644
--- a/net/mac80211/sta_info.h
+++ b/net/mac80211/sta_info.h
@@ -189,6 +189,7 @@ struct tid_ampdu_tx {
189 * @auto_seq: used for offloaded BA sessions to automatically pick head_seq_and 189 * @auto_seq: used for offloaded BA sessions to automatically pick head_seq_and
190 * and ssn. 190 * and ssn.
191 * @removed: this session is removed (but might have been found due to RCU) 191 * @removed: this session is removed (but might have been found due to RCU)
192 * @started: this session has started (head ssn or higher was received)
192 * 193 *
193 * This structure's lifetime is managed by RCU, assignments to 194 * This structure's lifetime is managed by RCU, assignments to
194 * the array holding it must hold the aggregation mutex. 195 * the array holding it must hold the aggregation mutex.
@@ -212,8 +213,9 @@ struct tid_ampdu_rx {
212 u16 ssn; 213 u16 ssn;
213 u16 buf_size; 214 u16 buf_size;
214 u16 timeout; 215 u16 timeout;
215 bool auto_seq; 216 u8 auto_seq:1,
216 bool removed; 217 removed:1,
218 started:1;
217}; 219};
218 220
219/** 221/**
@@ -370,7 +372,7 @@ struct mesh_sta {
370 unsigned int fail_avg; 372 unsigned int fail_avg;
371}; 373};
372 374
373DECLARE_EWMA(signal, 1024, 8) 375DECLARE_EWMA(signal, 10, 8)
374 376
375struct ieee80211_sta_rx_stats { 377struct ieee80211_sta_rx_stats {
376 unsigned long packets; 378 unsigned long packets;
diff --git a/net/mac80211/status.c b/net/mac80211/status.c
index 0dd7c351002d..83b8b11f24ea 100644
--- a/net/mac80211/status.c
+++ b/net/mac80211/status.c
@@ -51,7 +51,8 @@ static void ieee80211_handle_filtered_frame(struct ieee80211_local *local,
51 struct ieee80211_hdr *hdr = (void *)skb->data; 51 struct ieee80211_hdr *hdr = (void *)skb->data;
52 int ac; 52 int ac;
53 53
54 if (info->flags & IEEE80211_TX_CTL_NO_PS_BUFFER) { 54 if (info->flags & (IEEE80211_TX_CTL_NO_PS_BUFFER |
55 IEEE80211_TX_CTL_AMPDU)) {
55 ieee80211_free_txskb(&local->hw, skb); 56 ieee80211_free_txskb(&local->hw, skb);
56 return; 57 return;
57 } 58 }
diff --git a/net/mac802154/llsec.c b/net/mac802154/llsec.c
index 6a3e1c2181d3..1e1c9b20bab7 100644
--- a/net/mac802154/llsec.c
+++ b/net/mac802154/llsec.c
@@ -18,6 +18,8 @@
18#include <linux/bug.h> 18#include <linux/bug.h>
19#include <linux/completion.h> 19#include <linux/completion.h>
20#include <linux/ieee802154.h> 20#include <linux/ieee802154.h>
21#include <linux/rculist.h>
22
21#include <crypto/aead.h> 23#include <crypto/aead.h>
22#include <crypto/skcipher.h> 24#include <crypto/skcipher.h>
23 25
diff --git a/net/mpls/af_mpls.c b/net/mpls/af_mpls.c
index 3818686182b2..33211f9a2656 100644
--- a/net/mpls/af_mpls.c
+++ b/net/mpls/af_mpls.c
@@ -1288,7 +1288,8 @@ static void mpls_ifdown(struct net_device *dev, int event)
1288 /* fall through */ 1288 /* fall through */
1289 case NETDEV_CHANGE: 1289 case NETDEV_CHANGE:
1290 nh->nh_flags |= RTNH_F_LINKDOWN; 1290 nh->nh_flags |= RTNH_F_LINKDOWN;
1291 ACCESS_ONCE(rt->rt_nhn_alive) = rt->rt_nhn_alive - 1; 1291 if (event != NETDEV_UNREGISTER)
1292 ACCESS_ONCE(rt->rt_nhn_alive) = rt->rt_nhn_alive - 1;
1292 break; 1293 break;
1293 } 1294 }
1294 if (event == NETDEV_UNREGISTER) 1295 if (event == NETDEV_UNREGISTER)
@@ -2028,6 +2029,7 @@ static void mpls_net_exit(struct net *net)
2028 for (index = 0; index < platform_labels; index++) { 2029 for (index = 0; index < platform_labels; index++) {
2029 struct mpls_route *rt = rtnl_dereference(platform_label[index]); 2030 struct mpls_route *rt = rtnl_dereference(platform_label[index]);
2030 RCU_INIT_POINTER(platform_label[index], NULL); 2031 RCU_INIT_POINTER(platform_label[index], NULL);
2032 mpls_notify_route(net, index, rt, NULL, NULL);
2031 mpls_rt_free(rt); 2033 mpls_rt_free(rt);
2032 } 2034 }
2033 rtnl_unlock(); 2035 rtnl_unlock();
diff --git a/net/netfilter/nf_conntrack_sip.c b/net/netfilter/nf_conntrack_sip.c
index 24174c520239..0d17894798b5 100644
--- a/net/netfilter/nf_conntrack_sip.c
+++ b/net/netfilter/nf_conntrack_sip.c
@@ -1628,8 +1628,6 @@ static int __init nf_conntrack_sip_init(void)
1628 ports[ports_c++] = SIP_PORT; 1628 ports[ports_c++] = SIP_PORT;
1629 1629
1630 for (i = 0; i < ports_c; i++) { 1630 for (i = 0; i < ports_c; i++) {
1631 memset(&sip[i], 0, sizeof(sip[i]));
1632
1633 nf_ct_helper_init(&sip[4 * i], AF_INET, IPPROTO_UDP, "sip", 1631 nf_ct_helper_init(&sip[4 * i], AF_INET, IPPROTO_UDP, "sip",
1634 SIP_PORT, ports[i], i, sip_exp_policy, 1632 SIP_PORT, ports[i], i, sip_exp_policy,
1635 SIP_EXPECT_MAX, 1633 SIP_EXPECT_MAX,
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index ff7304ae58ac..5e0ccfd5bb37 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -461,16 +461,15 @@ nla_put_failure:
461 return -1; 461 return -1;
462} 462}
463 463
464static int nf_tables_table_notify(const struct nft_ctx *ctx, int event) 464static void nf_tables_table_notify(const struct nft_ctx *ctx, int event)
465{ 465{
466 struct sk_buff *skb; 466 struct sk_buff *skb;
467 int err; 467 int err;
468 468
469 if (!ctx->report && 469 if (!ctx->report &&
470 !nfnetlink_has_listeners(ctx->net, NFNLGRP_NFTABLES)) 470 !nfnetlink_has_listeners(ctx->net, NFNLGRP_NFTABLES))
471 return 0; 471 return;
472 472
473 err = -ENOBUFS;
474 skb = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL); 473 skb = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
475 if (skb == NULL) 474 if (skb == NULL)
476 goto err; 475 goto err;
@@ -482,14 +481,11 @@ static int nf_tables_table_notify(const struct nft_ctx *ctx, int event)
482 goto err; 481 goto err;
483 } 482 }
484 483
485 err = nfnetlink_send(skb, ctx->net, ctx->portid, NFNLGRP_NFTABLES, 484 nfnetlink_send(skb, ctx->net, ctx->portid, NFNLGRP_NFTABLES,
486 ctx->report, GFP_KERNEL); 485 ctx->report, GFP_KERNEL);
486 return;
487err: 487err:
488 if (err < 0) { 488 nfnetlink_set_err(ctx->net, ctx->portid, NFNLGRP_NFTABLES, -ENOBUFS);
489 nfnetlink_set_err(ctx->net, ctx->portid, NFNLGRP_NFTABLES,
490 err);
491 }
492 return err;
493} 489}
494 490
495static int nf_tables_dump_tables(struct sk_buff *skb, 491static int nf_tables_dump_tables(struct sk_buff *skb,
@@ -1050,16 +1046,15 @@ nla_put_failure:
1050 return -1; 1046 return -1;
1051} 1047}
1052 1048
1053static int nf_tables_chain_notify(const struct nft_ctx *ctx, int event) 1049static void nf_tables_chain_notify(const struct nft_ctx *ctx, int event)
1054{ 1050{
1055 struct sk_buff *skb; 1051 struct sk_buff *skb;
1056 int err; 1052 int err;
1057 1053
1058 if (!ctx->report && 1054 if (!ctx->report &&
1059 !nfnetlink_has_listeners(ctx->net, NFNLGRP_NFTABLES)) 1055 !nfnetlink_has_listeners(ctx->net, NFNLGRP_NFTABLES))
1060 return 0; 1056 return;
1061 1057
1062 err = -ENOBUFS;
1063 skb = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL); 1058 skb = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
1064 if (skb == NULL) 1059 if (skb == NULL)
1065 goto err; 1060 goto err;
@@ -1072,14 +1067,11 @@ static int nf_tables_chain_notify(const struct nft_ctx *ctx, int event)
1072 goto err; 1067 goto err;
1073 } 1068 }
1074 1069
1075 err = nfnetlink_send(skb, ctx->net, ctx->portid, NFNLGRP_NFTABLES, 1070 nfnetlink_send(skb, ctx->net, ctx->portid, NFNLGRP_NFTABLES,
1076 ctx->report, GFP_KERNEL); 1071 ctx->report, GFP_KERNEL);
1072 return;
1077err: 1073err:
1078 if (err < 0) { 1074 nfnetlink_set_err(ctx->net, ctx->portid, NFNLGRP_NFTABLES, -ENOBUFS);
1079 nfnetlink_set_err(ctx->net, ctx->portid, NFNLGRP_NFTABLES,
1080 err);
1081 }
1082 return err;
1083} 1075}
1084 1076
1085static int nf_tables_dump_chains(struct sk_buff *skb, 1077static int nf_tables_dump_chains(struct sk_buff *skb,
@@ -1934,18 +1926,16 @@ nla_put_failure:
1934 return -1; 1926 return -1;
1935} 1927}
1936 1928
1937static int nf_tables_rule_notify(const struct nft_ctx *ctx, 1929static void nf_tables_rule_notify(const struct nft_ctx *ctx,
1938 const struct nft_rule *rule, 1930 const struct nft_rule *rule, int event)
1939 int event)
1940{ 1931{
1941 struct sk_buff *skb; 1932 struct sk_buff *skb;
1942 int err; 1933 int err;
1943 1934
1944 if (!ctx->report && 1935 if (!ctx->report &&
1945 !nfnetlink_has_listeners(ctx->net, NFNLGRP_NFTABLES)) 1936 !nfnetlink_has_listeners(ctx->net, NFNLGRP_NFTABLES))
1946 return 0; 1937 return;
1947 1938
1948 err = -ENOBUFS;
1949 skb = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL); 1939 skb = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
1950 if (skb == NULL) 1940 if (skb == NULL)
1951 goto err; 1941 goto err;
@@ -1958,14 +1948,11 @@ static int nf_tables_rule_notify(const struct nft_ctx *ctx,
1958 goto err; 1948 goto err;
1959 } 1949 }
1960 1950
1961 err = nfnetlink_send(skb, ctx->net, ctx->portid, NFNLGRP_NFTABLES, 1951 nfnetlink_send(skb, ctx->net, ctx->portid, NFNLGRP_NFTABLES,
1962 ctx->report, GFP_KERNEL); 1952 ctx->report, GFP_KERNEL);
1953 return;
1963err: 1954err:
1964 if (err < 0) { 1955 nfnetlink_set_err(ctx->net, ctx->portid, NFNLGRP_NFTABLES, -ENOBUFS);
1965 nfnetlink_set_err(ctx->net, ctx->portid, NFNLGRP_NFTABLES,
1966 err);
1967 }
1968 return err;
1969} 1956}
1970 1957
1971struct nft_rule_dump_ctx { 1958struct nft_rule_dump_ctx {
@@ -2696,9 +2683,9 @@ nla_put_failure:
2696 return -1; 2683 return -1;
2697} 2684}
2698 2685
2699static int nf_tables_set_notify(const struct nft_ctx *ctx, 2686static void nf_tables_set_notify(const struct nft_ctx *ctx,
2700 const struct nft_set *set, 2687 const struct nft_set *set, int event,
2701 int event, gfp_t gfp_flags) 2688 gfp_t gfp_flags)
2702{ 2689{
2703 struct sk_buff *skb; 2690 struct sk_buff *skb;
2704 u32 portid = ctx->portid; 2691 u32 portid = ctx->portid;
@@ -2706,9 +2693,8 @@ static int nf_tables_set_notify(const struct nft_ctx *ctx,
2706 2693
2707 if (!ctx->report && 2694 if (!ctx->report &&
2708 !nfnetlink_has_listeners(ctx->net, NFNLGRP_NFTABLES)) 2695 !nfnetlink_has_listeners(ctx->net, NFNLGRP_NFTABLES))
2709 return 0; 2696 return;
2710 2697
2711 err = -ENOBUFS;
2712 skb = nlmsg_new(NLMSG_GOODSIZE, gfp_flags); 2698 skb = nlmsg_new(NLMSG_GOODSIZE, gfp_flags);
2713 if (skb == NULL) 2699 if (skb == NULL)
2714 goto err; 2700 goto err;
@@ -2719,12 +2705,11 @@ static int nf_tables_set_notify(const struct nft_ctx *ctx,
2719 goto err; 2705 goto err;
2720 } 2706 }
2721 2707
2722 err = nfnetlink_send(skb, ctx->net, portid, NFNLGRP_NFTABLES, 2708 nfnetlink_send(skb, ctx->net, portid, NFNLGRP_NFTABLES, ctx->report,
2723 ctx->report, gfp_flags); 2709 gfp_flags);
2710 return;
2724err: 2711err:
2725 if (err < 0) 2712 nfnetlink_set_err(ctx->net, portid, NFNLGRP_NFTABLES, -ENOBUFS);
2726 nfnetlink_set_err(ctx->net, portid, NFNLGRP_NFTABLES, err);
2727 return err;
2728} 2713}
2729 2714
2730static int nf_tables_dump_sets(struct sk_buff *skb, struct netlink_callback *cb) 2715static int nf_tables_dump_sets(struct sk_buff *skb, struct netlink_callback *cb)
@@ -3504,10 +3489,10 @@ nla_put_failure:
3504 return -1; 3489 return -1;
3505} 3490}
3506 3491
3507static int nf_tables_setelem_notify(const struct nft_ctx *ctx, 3492static void nf_tables_setelem_notify(const struct nft_ctx *ctx,
3508 const struct nft_set *set, 3493 const struct nft_set *set,
3509 const struct nft_set_elem *elem, 3494 const struct nft_set_elem *elem,
3510 int event, u16 flags) 3495 int event, u16 flags)
3511{ 3496{
3512 struct net *net = ctx->net; 3497 struct net *net = ctx->net;
3513 u32 portid = ctx->portid; 3498 u32 portid = ctx->portid;
@@ -3515,9 +3500,8 @@ static int nf_tables_setelem_notify(const struct nft_ctx *ctx,
3515 int err; 3500 int err;
3516 3501
3517 if (!ctx->report && !nfnetlink_has_listeners(net, NFNLGRP_NFTABLES)) 3502 if (!ctx->report && !nfnetlink_has_listeners(net, NFNLGRP_NFTABLES))
3518 return 0; 3503 return;
3519 3504
3520 err = -ENOBUFS;
3521 skb = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL); 3505 skb = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
3522 if (skb == NULL) 3506 if (skb == NULL)
3523 goto err; 3507 goto err;
@@ -3529,12 +3513,11 @@ static int nf_tables_setelem_notify(const struct nft_ctx *ctx,
3529 goto err; 3513 goto err;
3530 } 3514 }
3531 3515
3532 err = nfnetlink_send(skb, net, portid, NFNLGRP_NFTABLES, ctx->report, 3516 nfnetlink_send(skb, net, portid, NFNLGRP_NFTABLES, ctx->report,
3533 GFP_KERNEL); 3517 GFP_KERNEL);
3518 return;
3534err: 3519err:
3535 if (err < 0) 3520 nfnetlink_set_err(net, portid, NFNLGRP_NFTABLES, -ENOBUFS);
3536 nfnetlink_set_err(net, portid, NFNLGRP_NFTABLES, err);
3537 return err;
3538} 3521}
3539 3522
3540static struct nft_trans *nft_trans_elem_alloc(struct nft_ctx *ctx, 3523static struct nft_trans *nft_trans_elem_alloc(struct nft_ctx *ctx,
@@ -4476,18 +4459,17 @@ static int nf_tables_delobj(struct net *net, struct sock *nlsk,
4476 return nft_delobj(&ctx, obj); 4459 return nft_delobj(&ctx, obj);
4477} 4460}
4478 4461
4479int nft_obj_notify(struct net *net, struct nft_table *table, 4462void nft_obj_notify(struct net *net, struct nft_table *table,
4480 struct nft_object *obj, u32 portid, u32 seq, int event, 4463 struct nft_object *obj, u32 portid, u32 seq, int event,
4481 int family, int report, gfp_t gfp) 4464 int family, int report, gfp_t gfp)
4482{ 4465{
4483 struct sk_buff *skb; 4466 struct sk_buff *skb;
4484 int err; 4467 int err;
4485 4468
4486 if (!report && 4469 if (!report &&
4487 !nfnetlink_has_listeners(net, NFNLGRP_NFTABLES)) 4470 !nfnetlink_has_listeners(net, NFNLGRP_NFTABLES))
4488 return 0; 4471 return;
4489 4472
4490 err = -ENOBUFS;
4491 skb = nlmsg_new(NLMSG_GOODSIZE, gfp); 4473 skb = nlmsg_new(NLMSG_GOODSIZE, gfp);
4492 if (skb == NULL) 4474 if (skb == NULL)
4493 goto err; 4475 goto err;
@@ -4499,21 +4481,18 @@ int nft_obj_notify(struct net *net, struct nft_table *table,
4499 goto err; 4481 goto err;
4500 } 4482 }
4501 4483
4502 err = nfnetlink_send(skb, net, portid, NFNLGRP_NFTABLES, report, gfp); 4484 nfnetlink_send(skb, net, portid, NFNLGRP_NFTABLES, report, gfp);
4485 return;
4503err: 4486err:
4504 if (err < 0) { 4487 nfnetlink_set_err(net, portid, NFNLGRP_NFTABLES, -ENOBUFS);
4505 nfnetlink_set_err(net, portid, NFNLGRP_NFTABLES, err);
4506 }
4507 return err;
4508} 4488}
4509EXPORT_SYMBOL_GPL(nft_obj_notify); 4489EXPORT_SYMBOL_GPL(nft_obj_notify);
4510 4490
4511static int nf_tables_obj_notify(const struct nft_ctx *ctx, 4491static void nf_tables_obj_notify(const struct nft_ctx *ctx,
4512 struct nft_object *obj, int event) 4492 struct nft_object *obj, int event)
4513{ 4493{
4514 return nft_obj_notify(ctx->net, ctx->table, obj, ctx->portid, 4494 nft_obj_notify(ctx->net, ctx->table, obj, ctx->portid, ctx->seq, event,
4515 ctx->seq, event, ctx->afi->family, ctx->report, 4495 ctx->afi->family, ctx->report, GFP_KERNEL);
4516 GFP_KERNEL);
4517} 4496}
4518 4497
4519static int nf_tables_fill_gen_info(struct sk_buff *skb, struct net *net, 4498static int nf_tables_fill_gen_info(struct sk_buff *skb, struct net *net,
@@ -4543,7 +4522,8 @@ nla_put_failure:
4543 return -EMSGSIZE; 4522 return -EMSGSIZE;
4544} 4523}
4545 4524
4546static int nf_tables_gen_notify(struct net *net, struct sk_buff *skb, int event) 4525static void nf_tables_gen_notify(struct net *net, struct sk_buff *skb,
4526 int event)
4547{ 4527{
4548 struct nlmsghdr *nlh = nlmsg_hdr(skb); 4528 struct nlmsghdr *nlh = nlmsg_hdr(skb);
4549 struct sk_buff *skb2; 4529 struct sk_buff *skb2;
@@ -4551,9 +4531,8 @@ static int nf_tables_gen_notify(struct net *net, struct sk_buff *skb, int event)
4551 4531
4552 if (nlmsg_report(nlh) && 4532 if (nlmsg_report(nlh) &&
4553 !nfnetlink_has_listeners(net, NFNLGRP_NFTABLES)) 4533 !nfnetlink_has_listeners(net, NFNLGRP_NFTABLES))
4554 return 0; 4534 return;
4555 4535
4556 err = -ENOBUFS;
4557 skb2 = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL); 4536 skb2 = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
4558 if (skb2 == NULL) 4537 if (skb2 == NULL)
4559 goto err; 4538 goto err;
@@ -4565,14 +4544,12 @@ static int nf_tables_gen_notify(struct net *net, struct sk_buff *skb, int event)
4565 goto err; 4544 goto err;
4566 } 4545 }
4567 4546
4568 err = nfnetlink_send(skb2, net, NETLINK_CB(skb).portid, 4547 nfnetlink_send(skb2, net, NETLINK_CB(skb).portid, NFNLGRP_NFTABLES,
4569 NFNLGRP_NFTABLES, nlmsg_report(nlh), GFP_KERNEL); 4548 nlmsg_report(nlh), GFP_KERNEL);
4549 return;
4570err: 4550err:
4571 if (err < 0) { 4551 nfnetlink_set_err(net, NETLINK_CB(skb).portid, NFNLGRP_NFTABLES,
4572 nfnetlink_set_err(net, NETLINK_CB(skb).portid, NFNLGRP_NFTABLES, 4552 -ENOBUFS);
4573 err);
4574 }
4575 return err;
4576} 4553}
4577 4554
4578static int nf_tables_getgen(struct net *net, struct sock *nlsk, 4555static int nf_tables_getgen(struct net *net, struct sock *nlsk,
diff --git a/net/netfilter/nft_set_rbtree.c b/net/netfilter/nft_set_rbtree.c
index 71e8fb886a73..78dfbf9588b3 100644
--- a/net/netfilter/nft_set_rbtree.c
+++ b/net/netfilter/nft_set_rbtree.c
@@ -60,11 +60,10 @@ static bool nft_rbtree_lookup(const struct net *net, const struct nft_set *set,
60 d = memcmp(this, key, set->klen); 60 d = memcmp(this, key, set->klen);
61 if (d < 0) { 61 if (d < 0) {
62 parent = parent->rb_left; 62 parent = parent->rb_left;
63 /* In case of adjacent ranges, we always see the high 63 if (interval &&
64 * part of the range in first place, before the low one. 64 nft_rbtree_equal(set, this, interval) &&
65 * So don't update interval if the keys are equal. 65 nft_rbtree_interval_end(this) &&
66 */ 66 !nft_rbtree_interval_end(interval))
67 if (interval && nft_rbtree_equal(set, this, interval))
68 continue; 67 continue;
69 interval = rbe; 68 interval = rbe;
70 } else if (d > 0) 69 } else if (d > 0)
diff --git a/net/netfilter/xt_owner.c b/net/netfilter/xt_owner.c
index 16477df45b3b..3d705c688a27 100644
--- a/net/netfilter/xt_owner.c
+++ b/net/netfilter/xt_owner.c
@@ -13,6 +13,8 @@
13#include <linux/module.h> 13#include <linux/module.h>
14#include <linux/skbuff.h> 14#include <linux/skbuff.h>
15#include <linux/file.h> 15#include <linux/file.h>
16#include <linux/cred.h>
17
16#include <net/sock.h> 18#include <net/sock.h>
17#include <net/inet_sock.h> 19#include <net/inet_sock.h>
18#include <linux/netfilter/x_tables.h> 20#include <linux/netfilter/x_tables.h>
diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c
index ed212ffc1d9d..ebf16f7f9089 100644
--- a/net/netrom/af_netrom.c
+++ b/net/netrom/af_netrom.c
@@ -17,7 +17,7 @@
17#include <linux/in.h> 17#include <linux/in.h>
18#include <linux/slab.h> 18#include <linux/slab.h>
19#include <linux/kernel.h> 19#include <linux/kernel.h>
20#include <linux/sched.h> 20#include <linux/sched/signal.h>
21#include <linux/timer.h> 21#include <linux/timer.h>
22#include <linux/string.h> 22#include <linux/string.h>
23#include <linux/sockios.h> 23#include <linux/sockios.h>
@@ -765,7 +765,8 @@ out_release:
765 return err; 765 return err;
766} 766}
767 767
768static int nr_accept(struct socket *sock, struct socket *newsock, int flags) 768static int nr_accept(struct socket *sock, struct socket *newsock, int flags,
769 bool kern)
769{ 770{
770 struct sk_buff *skb; 771 struct sk_buff *skb;
771 struct sock *newsk; 772 struct sock *newsk;
diff --git a/net/nfc/llcp_sock.c b/net/nfc/llcp_sock.c
index b9edf5fae6ae..2ffb18e73df6 100644
--- a/net/nfc/llcp_sock.c
+++ b/net/nfc/llcp_sock.c
@@ -21,6 +21,7 @@
21#include <linux/kernel.h> 21#include <linux/kernel.h>
22#include <linux/module.h> 22#include <linux/module.h>
23#include <linux/nfc.h> 23#include <linux/nfc.h>
24#include <linux/sched/signal.h>
24 25
25#include "nfc.h" 26#include "nfc.h"
26#include "llcp.h" 27#include "llcp.h"
@@ -440,7 +441,7 @@ struct sock *nfc_llcp_accept_dequeue(struct sock *parent,
440} 441}
441 442
442static int llcp_sock_accept(struct socket *sock, struct socket *newsock, 443static int llcp_sock_accept(struct socket *sock, struct socket *newsock,
443 int flags) 444 int flags, bool kern)
444{ 445{
445 DECLARE_WAITQUEUE(wait, current); 446 DECLARE_WAITQUEUE(wait, current);
446 struct sock *sk = sock->sk, *new_sk; 447 struct sock *sk = sock->sk, *new_sk;
diff --git a/net/openvswitch/actions.c b/net/openvswitch/actions.c
index b1beb2b94ec7..c82301ce3fff 100644
--- a/net/openvswitch/actions.c
+++ b/net/openvswitch/actions.c
@@ -796,9 +796,8 @@ static void ovs_fragment(struct net *net, struct vport *vport,
796 unsigned long orig_dst; 796 unsigned long orig_dst;
797 struct rt6_info ovs_rt; 797 struct rt6_info ovs_rt;
798 798
799 if (!v6ops) { 799 if (!v6ops)
800 goto err; 800 goto err;
801 }
802 801
803 prepare_frag(vport, skb, orig_network_offset, 802 prepare_frag(vport, skb, orig_network_offset,
804 ovs_key_mac_proto(key)); 803 ovs_key_mac_proto(key));
diff --git a/net/openvswitch/conntrack.c b/net/openvswitch/conntrack.c
index 85cd59526670..e0a87776a010 100644
--- a/net/openvswitch/conntrack.c
+++ b/net/openvswitch/conntrack.c
@@ -485,7 +485,6 @@ static int handle_fragments(struct net *net, struct sw_flow_key *key,
485 } else if (key->eth.type == htons(ETH_P_IPV6)) { 485 } else if (key->eth.type == htons(ETH_P_IPV6)) {
486 enum ip6_defrag_users user = IP6_DEFRAG_CONNTRACK_IN + zone; 486 enum ip6_defrag_users user = IP6_DEFRAG_CONNTRACK_IN + zone;
487 487
488 skb_orphan(skb);
489 memset(IP6CB(skb), 0, sizeof(struct inet6_skb_parm)); 488 memset(IP6CB(skb), 0, sizeof(struct inet6_skb_parm));
490 err = nf_ct_frag6_gather(net, skb, user); 489 err = nf_ct_frag6_gather(net, skb, user);
491 if (err) { 490 if (err) {
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
index 2bd0d1949312..a0dbe7ca8f72 100644
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -3103,7 +3103,7 @@ static int packet_bind_spkt(struct socket *sock, struct sockaddr *uaddr,
3103 int addr_len) 3103 int addr_len)
3104{ 3104{
3105 struct sock *sk = sock->sk; 3105 struct sock *sk = sock->sk;
3106 char name[15]; 3106 char name[sizeof(uaddr->sa_data) + 1];
3107 3107
3108 /* 3108 /*
3109 * Check legality 3109 * Check legality
@@ -3111,7 +3111,11 @@ static int packet_bind_spkt(struct socket *sock, struct sockaddr *uaddr,
3111 3111
3112 if (addr_len != sizeof(struct sockaddr)) 3112 if (addr_len != sizeof(struct sockaddr))
3113 return -EINVAL; 3113 return -EINVAL;
3114 strlcpy(name, uaddr->sa_data, sizeof(name)); 3114 /* uaddr->sa_data comes from the userspace, it's not guaranteed to be
3115 * zero-terminated.
3116 */
3117 memcpy(name, uaddr->sa_data, sizeof(uaddr->sa_data));
3118 name[sizeof(uaddr->sa_data)] = 0;
3115 3119
3116 return packet_do_bind(sk, name, 0, pkt_sk(sk)->num); 3120 return packet_do_bind(sk, name, 0, pkt_sk(sk)->num);
3117} 3121}
diff --git a/net/phonet/pep.c b/net/phonet/pep.c
index 8bad5624a27a..e81537991ddf 100644
--- a/net/phonet/pep.c
+++ b/net/phonet/pep.c
@@ -23,6 +23,7 @@
23 */ 23 */
24 24
25#include <linux/kernel.h> 25#include <linux/kernel.h>
26#include <linux/sched/signal.h>
26#include <linux/slab.h> 27#include <linux/slab.h>
27#include <linux/socket.h> 28#include <linux/socket.h>
28#include <net/sock.h> 29#include <net/sock.h>
@@ -771,7 +772,8 @@ static void pep_sock_close(struct sock *sk, long timeout)
771 sock_put(sk); 772 sock_put(sk);
772} 773}
773 774
774static struct sock *pep_sock_accept(struct sock *sk, int flags, int *errp) 775static struct sock *pep_sock_accept(struct sock *sk, int flags, int *errp,
776 bool kern)
775{ 777{
776 struct pep_sock *pn = pep_sk(sk), *newpn; 778 struct pep_sock *pn = pep_sk(sk), *newpn;
777 struct sock *newsk = NULL; 779 struct sock *newsk = NULL;
@@ -845,7 +847,8 @@ static struct sock *pep_sock_accept(struct sock *sk, int flags, int *errp)
845 } 847 }
846 848
847 /* Create a new to-be-accepted sock */ 849 /* Create a new to-be-accepted sock */
848 newsk = sk_alloc(sock_net(sk), PF_PHONET, GFP_KERNEL, sk->sk_prot, 0); 850 newsk = sk_alloc(sock_net(sk), PF_PHONET, GFP_KERNEL, sk->sk_prot,
851 kern);
849 if (!newsk) { 852 if (!newsk) {
850 pep_reject_conn(sk, skb, PN_PIPE_ERR_OVERLOAD, GFP_KERNEL); 853 pep_reject_conn(sk, skb, PN_PIPE_ERR_OVERLOAD, GFP_KERNEL);
851 err = -ENOBUFS; 854 err = -ENOBUFS;
diff --git a/net/phonet/socket.c b/net/phonet/socket.c
index ffd5f2297584..64634e3ec2fc 100644
--- a/net/phonet/socket.c
+++ b/net/phonet/socket.c
@@ -27,6 +27,8 @@
27#include <linux/kernel.h> 27#include <linux/kernel.h>
28#include <linux/net.h> 28#include <linux/net.h>
29#include <linux/poll.h> 29#include <linux/poll.h>
30#include <linux/sched/signal.h>
31
30#include <net/sock.h> 32#include <net/sock.h>
31#include <net/tcp_states.h> 33#include <net/tcp_states.h>
32 34
@@ -303,7 +305,7 @@ out:
303} 305}
304 306
305static int pn_socket_accept(struct socket *sock, struct socket *newsock, 307static int pn_socket_accept(struct socket *sock, struct socket *newsock,
306 int flags) 308 int flags, bool kern)
307{ 309{
308 struct sock *sk = sock->sk; 310 struct sock *sk = sock->sk;
309 struct sock *newsk; 311 struct sock *newsk;
@@ -312,7 +314,7 @@ static int pn_socket_accept(struct socket *sock, struct socket *newsock,
312 if (unlikely(sk->sk_state != TCP_LISTEN)) 314 if (unlikely(sk->sk_state != TCP_LISTEN))
313 return -EINVAL; 315 return -EINVAL;
314 316
315 newsk = sk->sk_prot->accept(sk, flags, &err); 317 newsk = sk->sk_prot->accept(sk, flags, &err, kern);
316 if (!newsk) 318 if (!newsk)
317 return err; 319 return err;
318 320
diff --git a/net/rds/connection.c b/net/rds/connection.c
index 0e04dcceb1d4..1fa75ab7b733 100644
--- a/net/rds/connection.c
+++ b/net/rds/connection.c
@@ -429,6 +429,7 @@ void rds_conn_destroy(struct rds_connection *conn)
429 */ 429 */
430 rds_cong_remove_conn(conn); 430 rds_cong_remove_conn(conn);
431 431
432 put_net(conn->c_net);
432 kmem_cache_free(rds_conn_slab, conn); 433 kmem_cache_free(rds_conn_slab, conn);
433 434
434 spin_lock_irqsave(&rds_conn_lock, flags); 435 spin_lock_irqsave(&rds_conn_lock, flags);
diff --git a/net/rds/ib.c b/net/rds/ib.c
index 91fe46f1e4cc..7a64c8db81ab 100644
--- a/net/rds/ib.c
+++ b/net/rds/ib.c
@@ -45,8 +45,8 @@
45#include "ib.h" 45#include "ib.h"
46#include "ib_mr.h" 46#include "ib_mr.h"
47 47
48unsigned int rds_ib_mr_1m_pool_size = RDS_MR_1M_POOL_SIZE; 48static unsigned int rds_ib_mr_1m_pool_size = RDS_MR_1M_POOL_SIZE;
49unsigned int rds_ib_mr_8k_pool_size = RDS_MR_8K_POOL_SIZE; 49static unsigned int rds_ib_mr_8k_pool_size = RDS_MR_8K_POOL_SIZE;
50unsigned int rds_ib_retry_count = RDS_IB_DEFAULT_RETRY_COUNT; 50unsigned int rds_ib_retry_count = RDS_IB_DEFAULT_RETRY_COUNT;
51 51
52module_param(rds_ib_mr_1m_pool_size, int, 0444); 52module_param(rds_ib_mr_1m_pool_size, int, 0444);
@@ -438,16 +438,12 @@ int rds_ib_init(void)
438 if (ret) 438 if (ret)
439 goto out_sysctl; 439 goto out_sysctl;
440 440
441 ret = rds_trans_register(&rds_ib_transport); 441 rds_trans_register(&rds_ib_transport);
442 if (ret)
443 goto out_recv;
444 442
445 rds_info_register_func(RDS_INFO_IB_CONNECTIONS, rds_ib_ic_info); 443 rds_info_register_func(RDS_INFO_IB_CONNECTIONS, rds_ib_ic_info);
446 444
447 goto out; 445 goto out;
448 446
449out_recv:
450 rds_ib_recv_exit();
451out_sysctl: 447out_sysctl:
452 rds_ib_sysctl_exit(); 448 rds_ib_sysctl_exit();
453out_ibreg: 449out_ibreg:
diff --git a/net/rds/ib_cm.c b/net/rds/ib_cm.c
index ce3775abc6e7..1c38d2c7caa8 100644
--- a/net/rds/ib_cm.c
+++ b/net/rds/ib_cm.c
@@ -442,7 +442,7 @@ static int rds_ib_setup_qp(struct rds_connection *conn)
442 ic->i_send_cq = NULL; 442 ic->i_send_cq = NULL;
443 ibdev_put_vector(rds_ibdev, ic->i_scq_vector); 443 ibdev_put_vector(rds_ibdev, ic->i_scq_vector);
444 rdsdebug("ib_create_cq send failed: %d\n", ret); 444 rdsdebug("ib_create_cq send failed: %d\n", ret);
445 goto out; 445 goto rds_ibdev_out;
446 } 446 }
447 447
448 ic->i_rcq_vector = ibdev_get_unused_vector(rds_ibdev); 448 ic->i_rcq_vector = ibdev_get_unused_vector(rds_ibdev);
@@ -456,19 +456,19 @@ static int rds_ib_setup_qp(struct rds_connection *conn)
456 ic->i_recv_cq = NULL; 456 ic->i_recv_cq = NULL;
457 ibdev_put_vector(rds_ibdev, ic->i_rcq_vector); 457 ibdev_put_vector(rds_ibdev, ic->i_rcq_vector);
458 rdsdebug("ib_create_cq recv failed: %d\n", ret); 458 rdsdebug("ib_create_cq recv failed: %d\n", ret);
459 goto out; 459 goto send_cq_out;
460 } 460 }
461 461
462 ret = ib_req_notify_cq(ic->i_send_cq, IB_CQ_NEXT_COMP); 462 ret = ib_req_notify_cq(ic->i_send_cq, IB_CQ_NEXT_COMP);
463 if (ret) { 463 if (ret) {
464 rdsdebug("ib_req_notify_cq send failed: %d\n", ret); 464 rdsdebug("ib_req_notify_cq send failed: %d\n", ret);
465 goto out; 465 goto recv_cq_out;
466 } 466 }
467 467
468 ret = ib_req_notify_cq(ic->i_recv_cq, IB_CQ_SOLICITED); 468 ret = ib_req_notify_cq(ic->i_recv_cq, IB_CQ_SOLICITED);
469 if (ret) { 469 if (ret) {
470 rdsdebug("ib_req_notify_cq recv failed: %d\n", ret); 470 rdsdebug("ib_req_notify_cq recv failed: %d\n", ret);
471 goto out; 471 goto recv_cq_out;
472 } 472 }
473 473
474 /* XXX negotiate max send/recv with remote? */ 474 /* XXX negotiate max send/recv with remote? */
@@ -494,7 +494,7 @@ static int rds_ib_setup_qp(struct rds_connection *conn)
494 ret = rdma_create_qp(ic->i_cm_id, ic->i_pd, &attr); 494 ret = rdma_create_qp(ic->i_cm_id, ic->i_pd, &attr);
495 if (ret) { 495 if (ret) {
496 rdsdebug("rdma_create_qp failed: %d\n", ret); 496 rdsdebug("rdma_create_qp failed: %d\n", ret);
497 goto out; 497 goto recv_cq_out;
498 } 498 }
499 499
500 ic->i_send_hdrs = ib_dma_alloc_coherent(dev, 500 ic->i_send_hdrs = ib_dma_alloc_coherent(dev,
@@ -504,7 +504,7 @@ static int rds_ib_setup_qp(struct rds_connection *conn)
504 if (!ic->i_send_hdrs) { 504 if (!ic->i_send_hdrs) {
505 ret = -ENOMEM; 505 ret = -ENOMEM;
506 rdsdebug("ib_dma_alloc_coherent send failed\n"); 506 rdsdebug("ib_dma_alloc_coherent send failed\n");
507 goto out; 507 goto qp_out;
508 } 508 }
509 509
510 ic->i_recv_hdrs = ib_dma_alloc_coherent(dev, 510 ic->i_recv_hdrs = ib_dma_alloc_coherent(dev,
@@ -514,7 +514,7 @@ static int rds_ib_setup_qp(struct rds_connection *conn)
514 if (!ic->i_recv_hdrs) { 514 if (!ic->i_recv_hdrs) {
515 ret = -ENOMEM; 515 ret = -ENOMEM;
516 rdsdebug("ib_dma_alloc_coherent recv failed\n"); 516 rdsdebug("ib_dma_alloc_coherent recv failed\n");
517 goto out; 517 goto send_hdrs_dma_out;
518 } 518 }
519 519
520 ic->i_ack = ib_dma_alloc_coherent(dev, sizeof(struct rds_header), 520 ic->i_ack = ib_dma_alloc_coherent(dev, sizeof(struct rds_header),
@@ -522,7 +522,7 @@ static int rds_ib_setup_qp(struct rds_connection *conn)
522 if (!ic->i_ack) { 522 if (!ic->i_ack) {
523 ret = -ENOMEM; 523 ret = -ENOMEM;
524 rdsdebug("ib_dma_alloc_coherent ack failed\n"); 524 rdsdebug("ib_dma_alloc_coherent ack failed\n");
525 goto out; 525 goto recv_hdrs_dma_out;
526 } 526 }
527 527
528 ic->i_sends = vzalloc_node(ic->i_send_ring.w_nr * sizeof(struct rds_ib_send_work), 528 ic->i_sends = vzalloc_node(ic->i_send_ring.w_nr * sizeof(struct rds_ib_send_work),
@@ -530,7 +530,7 @@ static int rds_ib_setup_qp(struct rds_connection *conn)
530 if (!ic->i_sends) { 530 if (!ic->i_sends) {
531 ret = -ENOMEM; 531 ret = -ENOMEM;
532 rdsdebug("send allocation failed\n"); 532 rdsdebug("send allocation failed\n");
533 goto out; 533 goto ack_dma_out;
534 } 534 }
535 535
536 ic->i_recvs = vzalloc_node(ic->i_recv_ring.w_nr * sizeof(struct rds_ib_recv_work), 536 ic->i_recvs = vzalloc_node(ic->i_recv_ring.w_nr * sizeof(struct rds_ib_recv_work),
@@ -538,7 +538,7 @@ static int rds_ib_setup_qp(struct rds_connection *conn)
538 if (!ic->i_recvs) { 538 if (!ic->i_recvs) {
539 ret = -ENOMEM; 539 ret = -ENOMEM;
540 rdsdebug("recv allocation failed\n"); 540 rdsdebug("recv allocation failed\n");
541 goto out; 541 goto sends_out;
542 } 542 }
543 543
544 rds_ib_recv_init_ack(ic); 544 rds_ib_recv_init_ack(ic);
@@ -546,8 +546,33 @@ static int rds_ib_setup_qp(struct rds_connection *conn)
546 rdsdebug("conn %p pd %p cq %p %p\n", conn, ic->i_pd, 546 rdsdebug("conn %p pd %p cq %p %p\n", conn, ic->i_pd,
547 ic->i_send_cq, ic->i_recv_cq); 547 ic->i_send_cq, ic->i_recv_cq);
548 548
549out: 549 return ret;
550
551sends_out:
552 vfree(ic->i_sends);
553ack_dma_out:
554 ib_dma_free_coherent(dev, sizeof(struct rds_header),
555 ic->i_ack, ic->i_ack_dma);
556recv_hdrs_dma_out:
557 ib_dma_free_coherent(dev, ic->i_recv_ring.w_nr *
558 sizeof(struct rds_header),
559 ic->i_recv_hdrs, ic->i_recv_hdrs_dma);
560send_hdrs_dma_out:
561 ib_dma_free_coherent(dev, ic->i_send_ring.w_nr *
562 sizeof(struct rds_header),
563 ic->i_send_hdrs, ic->i_send_hdrs_dma);
564qp_out:
565 rdma_destroy_qp(ic->i_cm_id);
566recv_cq_out:
567 if (!ib_destroy_cq(ic->i_recv_cq))
568 ic->i_recv_cq = NULL;
569send_cq_out:
570 if (!ib_destroy_cq(ic->i_send_cq))
571 ic->i_send_cq = NULL;
572rds_ibdev_out:
573 rds_ib_remove_conn(rds_ibdev, conn);
550 rds_ib_dev_put(rds_ibdev); 574 rds_ib_dev_put(rds_ibdev);
575
551 return ret; 576 return ret;
552} 577}
553 578
diff --git a/net/rds/ib_mr.h b/net/rds/ib_mr.h
index 24c086db4511..5d6e98a79a5e 100644
--- a/net/rds/ib_mr.h
+++ b/net/rds/ib_mr.h
@@ -107,8 +107,6 @@ struct rds_ib_mr_pool {
107}; 107};
108 108
109extern struct workqueue_struct *rds_ib_mr_wq; 109extern struct workqueue_struct *rds_ib_mr_wq;
110extern unsigned int rds_ib_mr_1m_pool_size;
111extern unsigned int rds_ib_mr_8k_pool_size;
112extern bool prefer_frmr; 110extern bool prefer_frmr;
113 111
114struct rds_ib_mr_pool *rds_ib_create_mr_pool(struct rds_ib_device *rds_dev, 112struct rds_ib_mr_pool *rds_ib_create_mr_pool(struct rds_ib_device *rds_dev,
diff --git a/net/rds/page.c b/net/rds/page.c
index e2b5a5832d3d..7cc57e098ddb 100644
--- a/net/rds/page.c
+++ b/net/rds/page.c
@@ -45,35 +45,6 @@ struct rds_page_remainder {
45static 45static
46DEFINE_PER_CPU_SHARED_ALIGNED(struct rds_page_remainder, rds_page_remainders); 46DEFINE_PER_CPU_SHARED_ALIGNED(struct rds_page_remainder, rds_page_remainders);
47 47
48/*
49 * returns 0 on success or -errno on failure.
50 *
51 * We don't have to worry about flush_dcache_page() as this only works
52 * with private pages. If, say, we were to do directed receive to pinned
53 * user pages we'd have to worry more about cache coherence. (Though
54 * the flush_dcache_page() in get_user_pages() would probably be enough).
55 */
56int rds_page_copy_user(struct page *page, unsigned long offset,
57 void __user *ptr, unsigned long bytes,
58 int to_user)
59{
60 unsigned long ret;
61 void *addr;
62
63 addr = kmap(page);
64 if (to_user) {
65 rds_stats_add(s_copy_to_user, bytes);
66 ret = copy_to_user(ptr, addr + offset, bytes);
67 } else {
68 rds_stats_add(s_copy_from_user, bytes);
69 ret = copy_from_user(addr + offset, ptr, bytes);
70 }
71 kunmap(page);
72
73 return ret ? -EFAULT : 0;
74}
75EXPORT_SYMBOL_GPL(rds_page_copy_user);
76
77/** 48/**
78 * rds_page_remainder_alloc - build up regions of a message. 49 * rds_page_remainder_alloc - build up regions of a message.
79 * 50 *
diff --git a/net/rds/rds.h b/net/rds/rds.h
index 07fff73dd4f3..82d38ccf5e8b 100644
--- a/net/rds/rds.h
+++ b/net/rds/rds.h
@@ -147,7 +147,7 @@ struct rds_connection {
147 147
148 /* Protocol version */ 148 /* Protocol version */
149 unsigned int c_version; 149 unsigned int c_version;
150 possible_net_t c_net; 150 struct net *c_net;
151 151
152 struct list_head c_map_item; 152 struct list_head c_map_item;
153 unsigned long c_map_queued; 153 unsigned long c_map_queued;
@@ -162,13 +162,13 @@ struct rds_connection {
162static inline 162static inline
163struct net *rds_conn_net(struct rds_connection *conn) 163struct net *rds_conn_net(struct rds_connection *conn)
164{ 164{
165 return read_pnet(&conn->c_net); 165 return conn->c_net;
166} 166}
167 167
168static inline 168static inline
169void rds_conn_net_set(struct rds_connection *conn, struct net *net) 169void rds_conn_net_set(struct rds_connection *conn, struct net *net)
170{ 170{
171 write_pnet(&conn->c_net, net); 171 conn->c_net = get_net(net);
172} 172}
173 173
174#define RDS_FLAG_CONG_BITMAP 0x01 174#define RDS_FLAG_CONG_BITMAP 0x01
@@ -798,13 +798,6 @@ static inline int rds_message_verify_checksum(const struct rds_header *hdr)
798/* page.c */ 798/* page.c */
799int rds_page_remainder_alloc(struct scatterlist *scat, unsigned long bytes, 799int rds_page_remainder_alloc(struct scatterlist *scat, unsigned long bytes,
800 gfp_t gfp); 800 gfp_t gfp);
801int rds_page_copy_user(struct page *page, unsigned long offset,
802 void __user *ptr, unsigned long bytes,
803 int to_user);
804#define rds_page_copy_to_user(page, offset, ptr, bytes) \
805 rds_page_copy_user(page, offset, ptr, bytes, 1)
806#define rds_page_copy_from_user(page, offset, ptr, bytes) \
807 rds_page_copy_user(page, offset, ptr, bytes, 0)
808void rds_page_exit(void); 801void rds_page_exit(void);
809 802
810/* recv.c */ 803/* recv.c */
@@ -910,7 +903,7 @@ void rds_connect_path_complete(struct rds_conn_path *conn, int curr);
910void rds_connect_complete(struct rds_connection *conn); 903void rds_connect_complete(struct rds_connection *conn);
911 904
912/* transport.c */ 905/* transport.c */
913int rds_trans_register(struct rds_transport *trans); 906void rds_trans_register(struct rds_transport *trans);
914void rds_trans_unregister(struct rds_transport *trans); 907void rds_trans_unregister(struct rds_transport *trans);
915struct rds_transport *rds_trans_get_preferred(struct net *net, __be32 addr); 908struct rds_transport *rds_trans_get_preferred(struct net *net, __be32 addr);
916void rds_trans_put(struct rds_transport *trans); 909void rds_trans_put(struct rds_transport *trans);
diff --git a/net/rds/tcp.c b/net/rds/tcp.c
index 5438f6725092..225690076773 100644
--- a/net/rds/tcp.c
+++ b/net/rds/tcp.c
@@ -484,9 +484,10 @@ static void __net_exit rds_tcp_exit_net(struct net *net)
484 * we do need to clean up the listen socket here. 484 * we do need to clean up the listen socket here.
485 */ 485 */
486 if (rtn->rds_tcp_listen_sock) { 486 if (rtn->rds_tcp_listen_sock) {
487 rds_tcp_listen_stop(rtn->rds_tcp_listen_sock); 487 struct socket *lsock = rtn->rds_tcp_listen_sock;
488
488 rtn->rds_tcp_listen_sock = NULL; 489 rtn->rds_tcp_listen_sock = NULL;
489 flush_work(&rtn->rds_tcp_accept_w); 490 rds_tcp_listen_stop(lsock, &rtn->rds_tcp_accept_w);
490 } 491 }
491} 492}
492 493
@@ -523,13 +524,13 @@ static void rds_tcp_kill_sock(struct net *net)
523 struct rds_tcp_connection *tc, *_tc; 524 struct rds_tcp_connection *tc, *_tc;
524 LIST_HEAD(tmp_list); 525 LIST_HEAD(tmp_list);
525 struct rds_tcp_net *rtn = net_generic(net, rds_tcp_netid); 526 struct rds_tcp_net *rtn = net_generic(net, rds_tcp_netid);
527 struct socket *lsock = rtn->rds_tcp_listen_sock;
526 528
527 rds_tcp_listen_stop(rtn->rds_tcp_listen_sock);
528 rtn->rds_tcp_listen_sock = NULL; 529 rtn->rds_tcp_listen_sock = NULL;
529 flush_work(&rtn->rds_tcp_accept_w); 530 rds_tcp_listen_stop(lsock, &rtn->rds_tcp_accept_w);
530 spin_lock_irq(&rds_tcp_conn_lock); 531 spin_lock_irq(&rds_tcp_conn_lock);
531 list_for_each_entry_safe(tc, _tc, &rds_tcp_conn_list, t_tcp_node) { 532 list_for_each_entry_safe(tc, _tc, &rds_tcp_conn_list, t_tcp_node) {
532 struct net *c_net = read_pnet(&tc->t_cpath->cp_conn->c_net); 533 struct net *c_net = tc->t_cpath->cp_conn->c_net;
533 534
534 if (net != c_net || !tc->t_sock) 535 if (net != c_net || !tc->t_sock)
535 continue; 536 continue;
@@ -546,8 +547,12 @@ static void rds_tcp_kill_sock(struct net *net)
546void *rds_tcp_listen_sock_def_readable(struct net *net) 547void *rds_tcp_listen_sock_def_readable(struct net *net)
547{ 548{
548 struct rds_tcp_net *rtn = net_generic(net, rds_tcp_netid); 549 struct rds_tcp_net *rtn = net_generic(net, rds_tcp_netid);
550 struct socket *lsock = rtn->rds_tcp_listen_sock;
551
552 if (!lsock)
553 return NULL;
549 554
550 return rtn->rds_tcp_listen_sock->sk->sk_user_data; 555 return lsock->sk->sk_user_data;
551} 556}
552 557
553static int rds_tcp_dev_event(struct notifier_block *this, 558static int rds_tcp_dev_event(struct notifier_block *this,
@@ -584,7 +589,7 @@ static void rds_tcp_sysctl_reset(struct net *net)
584 589
585 spin_lock_irq(&rds_tcp_conn_lock); 590 spin_lock_irq(&rds_tcp_conn_lock);
586 list_for_each_entry_safe(tc, _tc, &rds_tcp_conn_list, t_tcp_node) { 591 list_for_each_entry_safe(tc, _tc, &rds_tcp_conn_list, t_tcp_node) {
587 struct net *c_net = read_pnet(&tc->t_cpath->cp_conn->c_net); 592 struct net *c_net = tc->t_cpath->cp_conn->c_net;
588 593
589 if (net != c_net || !tc->t_sock) 594 if (net != c_net || !tc->t_sock)
590 continue; 595 continue;
@@ -638,35 +643,30 @@ static int rds_tcp_init(void)
638 goto out; 643 goto out;
639 } 644 }
640 645
641 ret = register_netdevice_notifier(&rds_tcp_dev_notifier); 646 ret = rds_tcp_recv_init();
642 if (ret) { 647 if (ret)
643 pr_warn("could not register rds_tcp_dev_notifier\n");
644 goto out_slab; 648 goto out_slab;
645 }
646 649
647 ret = register_pernet_subsys(&rds_tcp_net_ops); 650 ret = register_pernet_subsys(&rds_tcp_net_ops);
648 if (ret) 651 if (ret)
649 goto out_notifier; 652 goto out_recv;
650 653
651 ret = rds_tcp_recv_init(); 654 ret = register_netdevice_notifier(&rds_tcp_dev_notifier);
652 if (ret) 655 if (ret) {
656 pr_warn("could not register rds_tcp_dev_notifier\n");
653 goto out_pernet; 657 goto out_pernet;
658 }
654 659
655 ret = rds_trans_register(&rds_tcp_transport); 660 rds_trans_register(&rds_tcp_transport);
656 if (ret)
657 goto out_recv;
658 661
659 rds_info_register_func(RDS_INFO_TCP_SOCKETS, rds_tcp_tc_info); 662 rds_info_register_func(RDS_INFO_TCP_SOCKETS, rds_tcp_tc_info);
660 663
661 goto out; 664 goto out;
662 665
663out_recv:
664 rds_tcp_recv_exit();
665out_pernet: 666out_pernet:
666 unregister_pernet_subsys(&rds_tcp_net_ops); 667 unregister_pernet_subsys(&rds_tcp_net_ops);
667out_notifier: 668out_recv:
668 if (unregister_netdevice_notifier(&rds_tcp_dev_notifier)) 669 rds_tcp_recv_exit();
669 pr_warn("could not unregister rds_tcp_dev_notifier\n");
670out_slab: 670out_slab:
671 kmem_cache_destroy(rds_tcp_conn_slab); 671 kmem_cache_destroy(rds_tcp_conn_slab);
672out: 672out:
diff --git a/net/rds/tcp.h b/net/rds/tcp.h
index 9a1cc8906576..56ea6620fcf9 100644
--- a/net/rds/tcp.h
+++ b/net/rds/tcp.h
@@ -66,7 +66,7 @@ void rds_tcp_state_change(struct sock *sk);
66 66
67/* tcp_listen.c */ 67/* tcp_listen.c */
68struct socket *rds_tcp_listen_init(struct net *); 68struct socket *rds_tcp_listen_init(struct net *);
69void rds_tcp_listen_stop(struct socket *); 69void rds_tcp_listen_stop(struct socket *sock, struct work_struct *acceptor);
70void rds_tcp_listen_data_ready(struct sock *sk); 70void rds_tcp_listen_data_ready(struct sock *sk);
71int rds_tcp_accept_one(struct socket *sock); 71int rds_tcp_accept_one(struct socket *sock);
72int rds_tcp_keepalive(struct socket *sock); 72int rds_tcp_keepalive(struct socket *sock);
diff --git a/net/rds/tcp_listen.c b/net/rds/tcp_listen.c
index 67d0929c7d3d..507678853e6c 100644
--- a/net/rds/tcp_listen.c
+++ b/net/rds/tcp_listen.c
@@ -133,7 +133,7 @@ int rds_tcp_accept_one(struct socket *sock)
133 133
134 new_sock->type = sock->type; 134 new_sock->type = sock->type;
135 new_sock->ops = sock->ops; 135 new_sock->ops = sock->ops;
136 ret = sock->ops->accept(sock, new_sock, O_NONBLOCK); 136 ret = sock->ops->accept(sock, new_sock, O_NONBLOCK, true);
137 if (ret < 0) 137 if (ret < 0)
138 goto out; 138 goto out;
139 139
@@ -223,6 +223,9 @@ void rds_tcp_listen_data_ready(struct sock *sk)
223 * before it has been accepted and the accepter has set up their 223 * before it has been accepted and the accepter has set up their
224 * data_ready.. we only want to queue listen work for our listening 224 * data_ready.. we only want to queue listen work for our listening
225 * socket 225 * socket
226 *
227 * (*ready)() may be null if we are racing with netns delete, and
228 * the listen socket is being torn down.
226 */ 229 */
227 if (sk->sk_state == TCP_LISTEN) 230 if (sk->sk_state == TCP_LISTEN)
228 rds_tcp_accept_work(sk); 231 rds_tcp_accept_work(sk);
@@ -231,7 +234,8 @@ void rds_tcp_listen_data_ready(struct sock *sk)
231 234
232out: 235out:
233 read_unlock_bh(&sk->sk_callback_lock); 236 read_unlock_bh(&sk->sk_callback_lock);
234 ready(sk); 237 if (ready)
238 ready(sk);
235} 239}
236 240
237struct socket *rds_tcp_listen_init(struct net *net) 241struct socket *rds_tcp_listen_init(struct net *net)
@@ -271,7 +275,7 @@ out:
271 return NULL; 275 return NULL;
272} 276}
273 277
274void rds_tcp_listen_stop(struct socket *sock) 278void rds_tcp_listen_stop(struct socket *sock, struct work_struct *acceptor)
275{ 279{
276 struct sock *sk; 280 struct sock *sk;
277 281
@@ -292,5 +296,6 @@ void rds_tcp_listen_stop(struct socket *sock)
292 296
293 /* wait for accepts to stop and close the socket */ 297 /* wait for accepts to stop and close the socket */
294 flush_workqueue(rds_wq); 298 flush_workqueue(rds_wq);
299 flush_work(acceptor);
295 sock_release(sock); 300 sock_release(sock);
296} 301}
diff --git a/net/rds/transport.c b/net/rds/transport.c
index 2ffd3e30c643..0b188dd0a344 100644
--- a/net/rds/transport.c
+++ b/net/rds/transport.c
@@ -40,7 +40,7 @@
40static struct rds_transport *transports[RDS_TRANS_COUNT]; 40static struct rds_transport *transports[RDS_TRANS_COUNT];
41static DECLARE_RWSEM(rds_trans_sem); 41static DECLARE_RWSEM(rds_trans_sem);
42 42
43int rds_trans_register(struct rds_transport *trans) 43void rds_trans_register(struct rds_transport *trans)
44{ 44{
45 BUG_ON(strlen(trans->t_name) + 1 > TRANSNAMSIZ); 45 BUG_ON(strlen(trans->t_name) + 1 > TRANSNAMSIZ);
46 46
@@ -55,8 +55,6 @@ int rds_trans_register(struct rds_transport *trans)
55 } 55 }
56 56
57 up_write(&rds_trans_sem); 57 up_write(&rds_trans_sem);
58
59 return 0;
60} 58}
61EXPORT_SYMBOL_GPL(rds_trans_register); 59EXPORT_SYMBOL_GPL(rds_trans_register);
62 60
diff --git a/net/rose/af_rose.c b/net/rose/af_rose.c
index 9ad301c46b88..4a9729257023 100644
--- a/net/rose/af_rose.c
+++ b/net/rose/af_rose.c
@@ -20,7 +20,7 @@
20#include <linux/in.h> 20#include <linux/in.h>
21#include <linux/slab.h> 21#include <linux/slab.h>
22#include <linux/kernel.h> 22#include <linux/kernel.h>
23#include <linux/sched.h> 23#include <linux/sched/signal.h>
24#include <linux/spinlock.h> 24#include <linux/spinlock.h>
25#include <linux/timer.h> 25#include <linux/timer.h>
26#include <linux/string.h> 26#include <linux/string.h>
@@ -871,7 +871,8 @@ out_release:
871 return err; 871 return err;
872} 872}
873 873
874static int rose_accept(struct socket *sock, struct socket *newsock, int flags) 874static int rose_accept(struct socket *sock, struct socket *newsock, int flags,
875 bool kern)
875{ 876{
876 struct sk_buff *skb; 877 struct sk_buff *skb;
877 struct sock *newsk; 878 struct sock *newsk;
diff --git a/net/rxrpc/af_rxrpc.c b/net/rxrpc/af_rxrpc.c
index 199b46e93e64..7fb59c3f1542 100644
--- a/net/rxrpc/af_rxrpc.c
+++ b/net/rxrpc/af_rxrpc.c
@@ -290,10 +290,11 @@ struct rxrpc_call *rxrpc_kernel_begin_call(struct socket *sock,
290 cp.exclusive = false; 290 cp.exclusive = false;
291 cp.service_id = srx->srx_service; 291 cp.service_id = srx->srx_service;
292 call = rxrpc_new_client_call(rx, &cp, srx, user_call_ID, gfp); 292 call = rxrpc_new_client_call(rx, &cp, srx, user_call_ID, gfp);
293 /* The socket has been unlocked. */
293 if (!IS_ERR(call)) 294 if (!IS_ERR(call))
294 call->notify_rx = notify_rx; 295 call->notify_rx = notify_rx;
295 296
296 release_sock(&rx->sk); 297 mutex_unlock(&call->user_mutex);
297 _leave(" = %p", call); 298 _leave(" = %p", call);
298 return call; 299 return call;
299} 300}
@@ -310,7 +311,10 @@ EXPORT_SYMBOL(rxrpc_kernel_begin_call);
310void rxrpc_kernel_end_call(struct socket *sock, struct rxrpc_call *call) 311void rxrpc_kernel_end_call(struct socket *sock, struct rxrpc_call *call)
311{ 312{
312 _enter("%d{%d}", call->debug_id, atomic_read(&call->usage)); 313 _enter("%d{%d}", call->debug_id, atomic_read(&call->usage));
314
315 mutex_lock(&call->user_mutex);
313 rxrpc_release_call(rxrpc_sk(sock->sk), call); 316 rxrpc_release_call(rxrpc_sk(sock->sk), call);
317 mutex_unlock(&call->user_mutex);
314 rxrpc_put_call(call, rxrpc_call_put_kernel); 318 rxrpc_put_call(call, rxrpc_call_put_kernel);
315} 319}
316EXPORT_SYMBOL(rxrpc_kernel_end_call); 320EXPORT_SYMBOL(rxrpc_kernel_end_call);
@@ -450,14 +454,16 @@ static int rxrpc_sendmsg(struct socket *sock, struct msghdr *m, size_t len)
450 case RXRPC_SERVER_BOUND: 454 case RXRPC_SERVER_BOUND:
451 case RXRPC_SERVER_LISTENING: 455 case RXRPC_SERVER_LISTENING:
452 ret = rxrpc_do_sendmsg(rx, m, len); 456 ret = rxrpc_do_sendmsg(rx, m, len);
453 break; 457 /* The socket has been unlocked */
458 goto out;
454 default: 459 default:
455 ret = -EINVAL; 460 ret = -EINVAL;
456 break; 461 goto error_unlock;
457 } 462 }
458 463
459error_unlock: 464error_unlock:
460 release_sock(&rx->sk); 465 release_sock(&rx->sk);
466out:
461 _leave(" = %d", ret); 467 _leave(" = %d", ret);
462 return ret; 468 return ret;
463} 469}
diff --git a/net/rxrpc/ar-internal.h b/net/rxrpc/ar-internal.h
index 12be432be9b2..26a7b1db1361 100644
--- a/net/rxrpc/ar-internal.h
+++ b/net/rxrpc/ar-internal.h
@@ -467,6 +467,7 @@ struct rxrpc_call {
467 struct rxrpc_connection *conn; /* connection carrying call */ 467 struct rxrpc_connection *conn; /* connection carrying call */
468 struct rxrpc_peer *peer; /* Peer record for remote address */ 468 struct rxrpc_peer *peer; /* Peer record for remote address */
469 struct rxrpc_sock __rcu *socket; /* socket responsible */ 469 struct rxrpc_sock __rcu *socket; /* socket responsible */
470 struct mutex user_mutex; /* User access mutex */
470 ktime_t ack_at; /* When deferred ACK needs to happen */ 471 ktime_t ack_at; /* When deferred ACK needs to happen */
471 ktime_t resend_at; /* When next resend needs to happen */ 472 ktime_t resend_at; /* When next resend needs to happen */
472 ktime_t ping_at; /* When next to send a ping */ 473 ktime_t ping_at; /* When next to send a ping */
diff --git a/net/rxrpc/call_accept.c b/net/rxrpc/call_accept.c
index 7c4c64ab8da2..0ed181f53f32 100644
--- a/net/rxrpc/call_accept.c
+++ b/net/rxrpc/call_accept.c
@@ -323,6 +323,8 @@ static struct rxrpc_call *rxrpc_alloc_incoming_call(struct rxrpc_sock *rx,
323 * 323 *
324 * If we want to report an error, we mark the skb with the packet type and 324 * If we want to report an error, we mark the skb with the packet type and
325 * abort code and return NULL. 325 * abort code and return NULL.
326 *
327 * The call is returned with the user access mutex held.
326 */ 328 */
327struct rxrpc_call *rxrpc_new_incoming_call(struct rxrpc_local *local, 329struct rxrpc_call *rxrpc_new_incoming_call(struct rxrpc_local *local,
328 struct rxrpc_connection *conn, 330 struct rxrpc_connection *conn,
@@ -371,6 +373,18 @@ found_service:
371 trace_rxrpc_receive(call, rxrpc_receive_incoming, 373 trace_rxrpc_receive(call, rxrpc_receive_incoming,
372 sp->hdr.serial, sp->hdr.seq); 374 sp->hdr.serial, sp->hdr.seq);
373 375
376 /* Lock the call to prevent rxrpc_kernel_send/recv_data() and
377 * sendmsg()/recvmsg() inconveniently stealing the mutex once the
378 * notification is generated.
379 *
380 * The BUG should never happen because the kernel should be well
381 * behaved enough not to access the call before the first notification
382 * event and userspace is prevented from doing so until the state is
383 * appropriate.
384 */
385 if (!mutex_trylock(&call->user_mutex))
386 BUG();
387
374 /* Make the call live. */ 388 /* Make the call live. */
375 rxrpc_incoming_call(rx, call, skb); 389 rxrpc_incoming_call(rx, call, skb);
376 conn = call->conn; 390 conn = call->conn;
@@ -429,10 +443,12 @@ out:
429/* 443/*
430 * handle acceptance of a call by userspace 444 * handle acceptance of a call by userspace
431 * - assign the user call ID to the call at the front of the queue 445 * - assign the user call ID to the call at the front of the queue
446 * - called with the socket locked.
432 */ 447 */
433struct rxrpc_call *rxrpc_accept_call(struct rxrpc_sock *rx, 448struct rxrpc_call *rxrpc_accept_call(struct rxrpc_sock *rx,
434 unsigned long user_call_ID, 449 unsigned long user_call_ID,
435 rxrpc_notify_rx_t notify_rx) 450 rxrpc_notify_rx_t notify_rx)
451 __releases(&rx->sk.sk_lock.slock)
436{ 452{
437 struct rxrpc_call *call; 453 struct rxrpc_call *call;
438 struct rb_node *parent, **pp; 454 struct rb_node *parent, **pp;
@@ -446,6 +462,7 @@ struct rxrpc_call *rxrpc_accept_call(struct rxrpc_sock *rx,
446 462
447 if (list_empty(&rx->to_be_accepted)) { 463 if (list_empty(&rx->to_be_accepted)) {
448 write_unlock(&rx->call_lock); 464 write_unlock(&rx->call_lock);
465 release_sock(&rx->sk);
449 kleave(" = -ENODATA [empty]"); 466 kleave(" = -ENODATA [empty]");
450 return ERR_PTR(-ENODATA); 467 return ERR_PTR(-ENODATA);
451 } 468 }
@@ -470,10 +487,39 @@ struct rxrpc_call *rxrpc_accept_call(struct rxrpc_sock *rx,
470 */ 487 */
471 call = list_entry(rx->to_be_accepted.next, 488 call = list_entry(rx->to_be_accepted.next,
472 struct rxrpc_call, accept_link); 489 struct rxrpc_call, accept_link);
490 write_unlock(&rx->call_lock);
491
492 /* We need to gain the mutex from the interrupt handler without
493 * upsetting lockdep, so we have to release it there and take it here.
494 * We are, however, still holding the socket lock, so other accepts
495 * must wait for us and no one can add the user ID behind our backs.
496 */
497 if (mutex_lock_interruptible(&call->user_mutex) < 0) {
498 release_sock(&rx->sk);
499 kleave(" = -ERESTARTSYS");
500 return ERR_PTR(-ERESTARTSYS);
501 }
502
503 write_lock(&rx->call_lock);
473 list_del_init(&call->accept_link); 504 list_del_init(&call->accept_link);
474 sk_acceptq_removed(&rx->sk); 505 sk_acceptq_removed(&rx->sk);
475 rxrpc_see_call(call); 506 rxrpc_see_call(call);
476 507
508 /* Find the user ID insertion point. */
509 pp = &rx->calls.rb_node;
510 parent = NULL;
511 while (*pp) {
512 parent = *pp;
513 call = rb_entry(parent, struct rxrpc_call, sock_node);
514
515 if (user_call_ID < call->user_call_ID)
516 pp = &(*pp)->rb_left;
517 else if (user_call_ID > call->user_call_ID)
518 pp = &(*pp)->rb_right;
519 else
520 BUG();
521 }
522
477 write_lock_bh(&call->state_lock); 523 write_lock_bh(&call->state_lock);
478 switch (call->state) { 524 switch (call->state) {
479 case RXRPC_CALL_SERVER_ACCEPTING: 525 case RXRPC_CALL_SERVER_ACCEPTING:
@@ -499,6 +545,7 @@ struct rxrpc_call *rxrpc_accept_call(struct rxrpc_sock *rx,
499 write_unlock(&rx->call_lock); 545 write_unlock(&rx->call_lock);
500 rxrpc_notify_socket(call); 546 rxrpc_notify_socket(call);
501 rxrpc_service_prealloc(rx, GFP_KERNEL); 547 rxrpc_service_prealloc(rx, GFP_KERNEL);
548 release_sock(&rx->sk);
502 _leave(" = %p{%d}", call, call->debug_id); 549 _leave(" = %p{%d}", call, call->debug_id);
503 return call; 550 return call;
504 551
@@ -515,6 +562,7 @@ id_in_use:
515 write_unlock(&rx->call_lock); 562 write_unlock(&rx->call_lock);
516out: 563out:
517 rxrpc_service_prealloc(rx, GFP_KERNEL); 564 rxrpc_service_prealloc(rx, GFP_KERNEL);
565 release_sock(&rx->sk);
518 _leave(" = %d", ret); 566 _leave(" = %d", ret);
519 return ERR_PTR(ret); 567 return ERR_PTR(ret);
520} 568}
diff --git a/net/rxrpc/call_object.c b/net/rxrpc/call_object.c
index 8b94db3c9b2e..d79cd36987a9 100644
--- a/net/rxrpc/call_object.c
+++ b/net/rxrpc/call_object.c
@@ -115,6 +115,7 @@ struct rxrpc_call *rxrpc_alloc_call(gfp_t gfp)
115 if (!call->rxtx_annotations) 115 if (!call->rxtx_annotations)
116 goto nomem_2; 116 goto nomem_2;
117 117
118 mutex_init(&call->user_mutex);
118 setup_timer(&call->timer, rxrpc_call_timer_expired, 119 setup_timer(&call->timer, rxrpc_call_timer_expired,
119 (unsigned long)call); 120 (unsigned long)call);
120 INIT_WORK(&call->processor, &rxrpc_process_call); 121 INIT_WORK(&call->processor, &rxrpc_process_call);
@@ -194,14 +195,16 @@ static void rxrpc_start_call_timer(struct rxrpc_call *call)
194} 195}
195 196
196/* 197/*
197 * set up a call for the given data 198 * Set up a call for the given parameters.
198 * - called in process context with IRQs enabled 199 * - Called with the socket lock held, which it must release.
200 * - If it returns a call, the call's lock will need releasing by the caller.
199 */ 201 */
200struct rxrpc_call *rxrpc_new_client_call(struct rxrpc_sock *rx, 202struct rxrpc_call *rxrpc_new_client_call(struct rxrpc_sock *rx,
201 struct rxrpc_conn_parameters *cp, 203 struct rxrpc_conn_parameters *cp,
202 struct sockaddr_rxrpc *srx, 204 struct sockaddr_rxrpc *srx,
203 unsigned long user_call_ID, 205 unsigned long user_call_ID,
204 gfp_t gfp) 206 gfp_t gfp)
207 __releases(&rx->sk.sk_lock.slock)
205{ 208{
206 struct rxrpc_call *call, *xcall; 209 struct rxrpc_call *call, *xcall;
207 struct rb_node *parent, **pp; 210 struct rb_node *parent, **pp;
@@ -212,6 +215,7 @@ struct rxrpc_call *rxrpc_new_client_call(struct rxrpc_sock *rx,
212 215
213 call = rxrpc_alloc_client_call(srx, gfp); 216 call = rxrpc_alloc_client_call(srx, gfp);
214 if (IS_ERR(call)) { 217 if (IS_ERR(call)) {
218 release_sock(&rx->sk);
215 _leave(" = %ld", PTR_ERR(call)); 219 _leave(" = %ld", PTR_ERR(call));
216 return call; 220 return call;
217 } 221 }
@@ -219,6 +223,11 @@ struct rxrpc_call *rxrpc_new_client_call(struct rxrpc_sock *rx,
219 trace_rxrpc_call(call, rxrpc_call_new_client, atomic_read(&call->usage), 223 trace_rxrpc_call(call, rxrpc_call_new_client, atomic_read(&call->usage),
220 here, (const void *)user_call_ID); 224 here, (const void *)user_call_ID);
221 225
226 /* We need to protect a partially set up call against the user as we
227 * will be acting outside the socket lock.
228 */
229 mutex_lock(&call->user_mutex);
230
222 /* Publish the call, even though it is incompletely set up as yet */ 231 /* Publish the call, even though it is incompletely set up as yet */
223 write_lock(&rx->call_lock); 232 write_lock(&rx->call_lock);
224 233
@@ -250,6 +259,9 @@ struct rxrpc_call *rxrpc_new_client_call(struct rxrpc_sock *rx,
250 list_add_tail(&call->link, &rxrpc_calls); 259 list_add_tail(&call->link, &rxrpc_calls);
251 write_unlock(&rxrpc_call_lock); 260 write_unlock(&rxrpc_call_lock);
252 261
262 /* From this point on, the call is protected by its own lock. */
263 release_sock(&rx->sk);
264
253 /* Set up or get a connection record and set the protocol parameters, 265 /* Set up or get a connection record and set the protocol parameters,
254 * including channel number and call ID. 266 * including channel number and call ID.
255 */ 267 */
@@ -279,6 +291,7 @@ struct rxrpc_call *rxrpc_new_client_call(struct rxrpc_sock *rx,
279 */ 291 */
280error_dup_user_ID: 292error_dup_user_ID:
281 write_unlock(&rx->call_lock); 293 write_unlock(&rx->call_lock);
294 release_sock(&rx->sk);
282 ret = -EEXIST; 295 ret = -EEXIST;
283 296
284error: 297error:
@@ -287,6 +300,7 @@ error:
287 trace_rxrpc_call(call, rxrpc_call_error, atomic_read(&call->usage), 300 trace_rxrpc_call(call, rxrpc_call_error, atomic_read(&call->usage),
288 here, ERR_PTR(ret)); 301 here, ERR_PTR(ret));
289 rxrpc_release_call(rx, call); 302 rxrpc_release_call(rx, call);
303 mutex_unlock(&call->user_mutex);
290 rxrpc_put_call(call, rxrpc_call_put); 304 rxrpc_put_call(call, rxrpc_call_put);
291 _leave(" = %d", ret); 305 _leave(" = %d", ret);
292 return ERR_PTR(ret); 306 return ERR_PTR(ret);
diff --git a/net/rxrpc/conn_client.c b/net/rxrpc/conn_client.c
index 40a1ef2adeb4..c3be03e8d098 100644
--- a/net/rxrpc/conn_client.c
+++ b/net/rxrpc/conn_client.c
@@ -76,6 +76,8 @@
76#include <linux/slab.h> 76#include <linux/slab.h>
77#include <linux/idr.h> 77#include <linux/idr.h>
78#include <linux/timer.h> 78#include <linux/timer.h>
79#include <linux/sched/signal.h>
80
79#include "ar-internal.h" 81#include "ar-internal.h"
80 82
81__read_mostly unsigned int rxrpc_max_client_connections = 1000; 83__read_mostly unsigned int rxrpc_max_client_connections = 1000;
diff --git a/net/rxrpc/input.c b/net/rxrpc/input.c
index 78ec33477adf..18b2ad8be8e2 100644
--- a/net/rxrpc/input.c
+++ b/net/rxrpc/input.c
@@ -420,6 +420,7 @@ static void rxrpc_input_data(struct rxrpc_call *call, struct sk_buff *skb,
420 u16 skew) 420 u16 skew)
421{ 421{
422 struct rxrpc_skb_priv *sp = rxrpc_skb(skb); 422 struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
423 enum rxrpc_call_state state;
423 unsigned int offset = sizeof(struct rxrpc_wire_header); 424 unsigned int offset = sizeof(struct rxrpc_wire_header);
424 unsigned int ix; 425 unsigned int ix;
425 rxrpc_serial_t serial = sp->hdr.serial, ack_serial = 0; 426 rxrpc_serial_t serial = sp->hdr.serial, ack_serial = 0;
@@ -434,14 +435,15 @@ static void rxrpc_input_data(struct rxrpc_call *call, struct sk_buff *skb,
434 _proto("Rx DATA %%%u { #%u f=%02x }", 435 _proto("Rx DATA %%%u { #%u f=%02x }",
435 sp->hdr.serial, seq, sp->hdr.flags); 436 sp->hdr.serial, seq, sp->hdr.flags);
436 437
437 if (call->state >= RXRPC_CALL_COMPLETE) 438 state = READ_ONCE(call->state);
439 if (state >= RXRPC_CALL_COMPLETE)
438 return; 440 return;
439 441
440 /* Received data implicitly ACKs all of the request packets we sent 442 /* Received data implicitly ACKs all of the request packets we sent
441 * when we're acting as a client. 443 * when we're acting as a client.
442 */ 444 */
443 if ((call->state == RXRPC_CALL_CLIENT_SEND_REQUEST || 445 if ((state == RXRPC_CALL_CLIENT_SEND_REQUEST ||
444 call->state == RXRPC_CALL_CLIENT_AWAIT_REPLY) && 446 state == RXRPC_CALL_CLIENT_AWAIT_REPLY) &&
445 !rxrpc_receiving_reply(call)) 447 !rxrpc_receiving_reply(call))
446 return; 448 return;
447 449
@@ -650,6 +652,7 @@ static void rxrpc_input_ackinfo(struct rxrpc_call *call, struct sk_buff *skb,
650 struct rxrpc_skb_priv *sp = rxrpc_skb(skb); 652 struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
651 struct rxrpc_peer *peer; 653 struct rxrpc_peer *peer;
652 unsigned int mtu; 654 unsigned int mtu;
655 bool wake = false;
653 u32 rwind = ntohl(ackinfo->rwind); 656 u32 rwind = ntohl(ackinfo->rwind);
654 657
655 _proto("Rx ACK %%%u Info { rx=%u max=%u rwin=%u jm=%u }", 658 _proto("Rx ACK %%%u Info { rx=%u max=%u rwin=%u jm=%u }",
@@ -657,9 +660,14 @@ static void rxrpc_input_ackinfo(struct rxrpc_call *call, struct sk_buff *skb,
657 ntohl(ackinfo->rxMTU), ntohl(ackinfo->maxMTU), 660 ntohl(ackinfo->rxMTU), ntohl(ackinfo->maxMTU),
658 rwind, ntohl(ackinfo->jumbo_max)); 661 rwind, ntohl(ackinfo->jumbo_max));
659 662
660 if (rwind > RXRPC_RXTX_BUFF_SIZE - 1) 663 if (call->tx_winsize != rwind) {
661 rwind = RXRPC_RXTX_BUFF_SIZE - 1; 664 if (rwind > RXRPC_RXTX_BUFF_SIZE - 1)
662 call->tx_winsize = rwind; 665 rwind = RXRPC_RXTX_BUFF_SIZE - 1;
666 if (rwind > call->tx_winsize)
667 wake = true;
668 call->tx_winsize = rwind;
669 }
670
663 if (call->cong_ssthresh > rwind) 671 if (call->cong_ssthresh > rwind)
664 call->cong_ssthresh = rwind; 672 call->cong_ssthresh = rwind;
665 673
@@ -673,6 +681,9 @@ static void rxrpc_input_ackinfo(struct rxrpc_call *call, struct sk_buff *skb,
673 spin_unlock_bh(&peer->lock); 681 spin_unlock_bh(&peer->lock);
674 _net("Net MTU %u (maxdata %u)", peer->mtu, peer->maxdata); 682 _net("Net MTU %u (maxdata %u)", peer->mtu, peer->maxdata);
675 } 683 }
684
685 if (wake)
686 wake_up(&call->waitq);
676} 687}
677 688
678/* 689/*
@@ -799,7 +810,7 @@ static void rxrpc_input_ack(struct rxrpc_call *call, struct sk_buff *skb,
799 return rxrpc_proto_abort("AK0", call, 0); 810 return rxrpc_proto_abort("AK0", call, 0);
800 811
801 /* Ignore ACKs unless we are or have just been transmitting. */ 812 /* Ignore ACKs unless we are or have just been transmitting. */
802 switch (call->state) { 813 switch (READ_ONCE(call->state)) {
803 case RXRPC_CALL_CLIENT_SEND_REQUEST: 814 case RXRPC_CALL_CLIENT_SEND_REQUEST:
804 case RXRPC_CALL_CLIENT_AWAIT_REPLY: 815 case RXRPC_CALL_CLIENT_AWAIT_REPLY:
805 case RXRPC_CALL_SERVER_SEND_REPLY: 816 case RXRPC_CALL_SERVER_SEND_REPLY:
@@ -940,7 +951,7 @@ static void rxrpc_input_call_packet(struct rxrpc_call *call,
940static void rxrpc_input_implicit_end_call(struct rxrpc_connection *conn, 951static void rxrpc_input_implicit_end_call(struct rxrpc_connection *conn,
941 struct rxrpc_call *call) 952 struct rxrpc_call *call)
942{ 953{
943 switch (call->state) { 954 switch (READ_ONCE(call->state)) {
944 case RXRPC_CALL_SERVER_AWAIT_ACK: 955 case RXRPC_CALL_SERVER_AWAIT_ACK:
945 rxrpc_call_completed(call); 956 rxrpc_call_completed(call);
946 break; 957 break;
@@ -1194,6 +1205,7 @@ void rxrpc_data_ready(struct sock *udp_sk)
1194 goto reject_packet; 1205 goto reject_packet;
1195 } 1206 }
1196 rxrpc_send_ping(call, skb, skew); 1207 rxrpc_send_ping(call, skb, skew);
1208 mutex_unlock(&call->user_mutex);
1197 } 1209 }
1198 1210
1199 rxrpc_input_call_packet(call, skb, skew); 1211 rxrpc_input_call_packet(call, skb, skew);
diff --git a/net/rxrpc/recvmsg.c b/net/rxrpc/recvmsg.c
index f3a688e10843..3e2f1a8e9c5b 100644
--- a/net/rxrpc/recvmsg.c
+++ b/net/rxrpc/recvmsg.c
@@ -14,6 +14,8 @@
14#include <linux/net.h> 14#include <linux/net.h>
15#include <linux/skbuff.h> 15#include <linux/skbuff.h>
16#include <linux/export.h> 16#include <linux/export.h>
17#include <linux/sched/signal.h>
18
17#include <net/sock.h> 19#include <net/sock.h>
18#include <net/af_rxrpc.h> 20#include <net/af_rxrpc.h>
19#include "ar-internal.h" 21#include "ar-internal.h"
@@ -487,6 +489,20 @@ try_again:
487 489
488 trace_rxrpc_recvmsg(call, rxrpc_recvmsg_dequeue, 0, 0, 0, 0); 490 trace_rxrpc_recvmsg(call, rxrpc_recvmsg_dequeue, 0, 0, 0, 0);
489 491
492 /* We're going to drop the socket lock, so we need to lock the call
493 * against interference by sendmsg.
494 */
495 if (!mutex_trylock(&call->user_mutex)) {
496 ret = -EWOULDBLOCK;
497 if (flags & MSG_DONTWAIT)
498 goto error_requeue_call;
499 ret = -ERESTARTSYS;
500 if (mutex_lock_interruptible(&call->user_mutex) < 0)
501 goto error_requeue_call;
502 }
503
504 release_sock(&rx->sk);
505
490 if (test_bit(RXRPC_CALL_RELEASED, &call->flags)) 506 if (test_bit(RXRPC_CALL_RELEASED, &call->flags))
491 BUG(); 507 BUG();
492 508
@@ -502,7 +518,7 @@ try_again:
502 &call->user_call_ID); 518 &call->user_call_ID);
503 } 519 }
504 if (ret < 0) 520 if (ret < 0)
505 goto error; 521 goto error_unlock_call;
506 } 522 }
507 523
508 if (msg->msg_name) { 524 if (msg->msg_name) {
@@ -511,7 +527,7 @@ try_again:
511 msg->msg_namelen = len; 527 msg->msg_namelen = len;
512 } 528 }
513 529
514 switch (call->state) { 530 switch (READ_ONCE(call->state)) {
515 case RXRPC_CALL_SERVER_ACCEPTING: 531 case RXRPC_CALL_SERVER_ACCEPTING:
516 ret = rxrpc_recvmsg_new_call(rx, call, msg, flags); 532 ret = rxrpc_recvmsg_new_call(rx, call, msg, flags);
517 break; 533 break;
@@ -533,12 +549,12 @@ try_again:
533 } 549 }
534 550
535 if (ret < 0) 551 if (ret < 0)
536 goto error; 552 goto error_unlock_call;
537 553
538 if (call->state == RXRPC_CALL_COMPLETE) { 554 if (call->state == RXRPC_CALL_COMPLETE) {
539 ret = rxrpc_recvmsg_term(call, msg); 555 ret = rxrpc_recvmsg_term(call, msg);
540 if (ret < 0) 556 if (ret < 0)
541 goto error; 557 goto error_unlock_call;
542 if (!(flags & MSG_PEEK)) 558 if (!(flags & MSG_PEEK))
543 rxrpc_release_call(rx, call); 559 rxrpc_release_call(rx, call);
544 msg->msg_flags |= MSG_EOR; 560 msg->msg_flags |= MSG_EOR;
@@ -551,8 +567,21 @@ try_again:
551 msg->msg_flags &= ~MSG_MORE; 567 msg->msg_flags &= ~MSG_MORE;
552 ret = copied; 568 ret = copied;
553 569
554error: 570error_unlock_call:
571 mutex_unlock(&call->user_mutex);
555 rxrpc_put_call(call, rxrpc_call_put); 572 rxrpc_put_call(call, rxrpc_call_put);
573 trace_rxrpc_recvmsg(call, rxrpc_recvmsg_return, 0, 0, 0, ret);
574 return ret;
575
576error_requeue_call:
577 if (!(flags & MSG_PEEK)) {
578 write_lock_bh(&rx->recvmsg_lock);
579 list_add(&call->recvmsg_link, &rx->recvmsg_q);
580 write_unlock_bh(&rx->recvmsg_lock);
581 trace_rxrpc_recvmsg(call, rxrpc_recvmsg_requeue, 0, 0, 0, 0);
582 } else {
583 rxrpc_put_call(call, rxrpc_call_put);
584 }
556error_no_call: 585error_no_call:
557 release_sock(&rx->sk); 586 release_sock(&rx->sk);
558 trace_rxrpc_recvmsg(call, rxrpc_recvmsg_return, 0, 0, 0, ret); 587 trace_rxrpc_recvmsg(call, rxrpc_recvmsg_return, 0, 0, 0, ret);
@@ -609,9 +638,9 @@ int rxrpc_kernel_recv_data(struct socket *sock, struct rxrpc_call *call,
609 iov.iov_len = size - *_offset; 638 iov.iov_len = size - *_offset;
610 iov_iter_kvec(&iter, ITER_KVEC | READ, &iov, 1, size - *_offset); 639 iov_iter_kvec(&iter, ITER_KVEC | READ, &iov, 1, size - *_offset);
611 640
612 lock_sock(sock->sk); 641 mutex_lock(&call->user_mutex);
613 642
614 switch (call->state) { 643 switch (READ_ONCE(call->state)) {
615 case RXRPC_CALL_CLIENT_RECV_REPLY: 644 case RXRPC_CALL_CLIENT_RECV_REPLY:
616 case RXRPC_CALL_SERVER_RECV_REQUEST: 645 case RXRPC_CALL_SERVER_RECV_REQUEST:
617 case RXRPC_CALL_SERVER_ACK_REQUEST: 646 case RXRPC_CALL_SERVER_ACK_REQUEST:
@@ -648,7 +677,7 @@ int rxrpc_kernel_recv_data(struct socket *sock, struct rxrpc_call *call,
648read_phase_complete: 677read_phase_complete:
649 ret = 1; 678 ret = 1;
650out: 679out:
651 release_sock(sock->sk); 680 mutex_unlock(&call->user_mutex);
652 _leave(" = %d [%zu,%d]", ret, *_offset, *_abort); 681 _leave(" = %d [%zu,%d]", ret, *_offset, *_abort);
653 return ret; 682 return ret;
654 683
diff --git a/net/rxrpc/sendmsg.c b/net/rxrpc/sendmsg.c
index 0a6ef217aa8a..97ab214ca411 100644
--- a/net/rxrpc/sendmsg.c
+++ b/net/rxrpc/sendmsg.c
@@ -15,6 +15,8 @@
15#include <linux/gfp.h> 15#include <linux/gfp.h>
16#include <linux/skbuff.h> 16#include <linux/skbuff.h>
17#include <linux/export.h> 17#include <linux/export.h>
18#include <linux/sched/signal.h>
19
18#include <net/sock.h> 20#include <net/sock.h>
19#include <net/af_rxrpc.h> 21#include <net/af_rxrpc.h>
20#include "ar-internal.h" 22#include "ar-internal.h"
@@ -59,9 +61,12 @@ static int rxrpc_wait_for_tx_window(struct rxrpc_sock *rx,
59 } 61 }
60 62
61 trace_rxrpc_transmit(call, rxrpc_transmit_wait); 63 trace_rxrpc_transmit(call, rxrpc_transmit_wait);
62 release_sock(&rx->sk); 64 mutex_unlock(&call->user_mutex);
63 *timeo = schedule_timeout(*timeo); 65 *timeo = schedule_timeout(*timeo);
64 lock_sock(&rx->sk); 66 if (mutex_lock_interruptible(&call->user_mutex) < 0) {
67 ret = sock_intr_errno(*timeo);
68 break;
69 }
65 } 70 }
66 71
67 remove_wait_queue(&call->waitq, &myself); 72 remove_wait_queue(&call->waitq, &myself);
@@ -171,7 +176,7 @@ static void rxrpc_queue_packet(struct rxrpc_call *call, struct sk_buff *skb,
171/* 176/*
172 * send data through a socket 177 * send data through a socket
173 * - must be called in process context 178 * - must be called in process context
174 * - caller holds the socket locked 179 * - The caller holds the call user access mutex, but not the socket lock.
175 */ 180 */
176static int rxrpc_send_data(struct rxrpc_sock *rx, 181static int rxrpc_send_data(struct rxrpc_sock *rx,
177 struct rxrpc_call *call, 182 struct rxrpc_call *call,
@@ -437,10 +442,13 @@ static int rxrpc_sendmsg_cmsg(struct msghdr *msg,
437 442
438/* 443/*
439 * Create a new client call for sendmsg(). 444 * Create a new client call for sendmsg().
445 * - Called with the socket lock held, which it must release.
446 * - If it returns a call, the call's lock will need releasing by the caller.
440 */ 447 */
441static struct rxrpc_call * 448static struct rxrpc_call *
442rxrpc_new_client_call_for_sendmsg(struct rxrpc_sock *rx, struct msghdr *msg, 449rxrpc_new_client_call_for_sendmsg(struct rxrpc_sock *rx, struct msghdr *msg,
443 unsigned long user_call_ID, bool exclusive) 450 unsigned long user_call_ID, bool exclusive)
451 __releases(&rx->sk.sk_lock.slock)
444{ 452{
445 struct rxrpc_conn_parameters cp; 453 struct rxrpc_conn_parameters cp;
446 struct rxrpc_call *call; 454 struct rxrpc_call *call;
@@ -450,8 +458,10 @@ rxrpc_new_client_call_for_sendmsg(struct rxrpc_sock *rx, struct msghdr *msg,
450 458
451 _enter(""); 459 _enter("");
452 460
453 if (!msg->msg_name) 461 if (!msg->msg_name) {
462 release_sock(&rx->sk);
454 return ERR_PTR(-EDESTADDRREQ); 463 return ERR_PTR(-EDESTADDRREQ);
464 }
455 465
456 key = rx->key; 466 key = rx->key;
457 if (key && !rx->key->payload.data[0]) 467 if (key && !rx->key->payload.data[0])
@@ -464,6 +474,7 @@ rxrpc_new_client_call_for_sendmsg(struct rxrpc_sock *rx, struct msghdr *msg,
464 cp.exclusive = rx->exclusive | exclusive; 474 cp.exclusive = rx->exclusive | exclusive;
465 cp.service_id = srx->srx_service; 475 cp.service_id = srx->srx_service;
466 call = rxrpc_new_client_call(rx, &cp, srx, user_call_ID, GFP_KERNEL); 476 call = rxrpc_new_client_call(rx, &cp, srx, user_call_ID, GFP_KERNEL);
477 /* The socket is now unlocked */
467 478
468 _leave(" = %p\n", call); 479 _leave(" = %p\n", call);
469 return call; 480 return call;
@@ -475,7 +486,9 @@ rxrpc_new_client_call_for_sendmsg(struct rxrpc_sock *rx, struct msghdr *msg,
475 * - the socket may be either a client socket or a server socket 486 * - the socket may be either a client socket or a server socket
476 */ 487 */
477int rxrpc_do_sendmsg(struct rxrpc_sock *rx, struct msghdr *msg, size_t len) 488int rxrpc_do_sendmsg(struct rxrpc_sock *rx, struct msghdr *msg, size_t len)
489 __releases(&rx->sk.sk_lock.slock)
478{ 490{
491 enum rxrpc_call_state state;
479 enum rxrpc_command cmd; 492 enum rxrpc_command cmd;
480 struct rxrpc_call *call; 493 struct rxrpc_call *call;
481 unsigned long user_call_ID = 0; 494 unsigned long user_call_ID = 0;
@@ -488,12 +501,14 @@ int rxrpc_do_sendmsg(struct rxrpc_sock *rx, struct msghdr *msg, size_t len)
488 ret = rxrpc_sendmsg_cmsg(msg, &user_call_ID, &cmd, &abort_code, 501 ret = rxrpc_sendmsg_cmsg(msg, &user_call_ID, &cmd, &abort_code,
489 &exclusive); 502 &exclusive);
490 if (ret < 0) 503 if (ret < 0)
491 return ret; 504 goto error_release_sock;
492 505
493 if (cmd == RXRPC_CMD_ACCEPT) { 506 if (cmd == RXRPC_CMD_ACCEPT) {
507 ret = -EINVAL;
494 if (rx->sk.sk_state != RXRPC_SERVER_LISTENING) 508 if (rx->sk.sk_state != RXRPC_SERVER_LISTENING)
495 return -EINVAL; 509 goto error_release_sock;
496 call = rxrpc_accept_call(rx, user_call_ID, NULL); 510 call = rxrpc_accept_call(rx, user_call_ID, NULL);
511 /* The socket is now unlocked. */
497 if (IS_ERR(call)) 512 if (IS_ERR(call))
498 return PTR_ERR(call); 513 return PTR_ERR(call);
499 rxrpc_put_call(call, rxrpc_call_put); 514 rxrpc_put_call(call, rxrpc_call_put);
@@ -502,18 +517,41 @@ int rxrpc_do_sendmsg(struct rxrpc_sock *rx, struct msghdr *msg, size_t len)
502 517
503 call = rxrpc_find_call_by_user_ID(rx, user_call_ID); 518 call = rxrpc_find_call_by_user_ID(rx, user_call_ID);
504 if (!call) { 519 if (!call) {
520 ret = -EBADSLT;
505 if (cmd != RXRPC_CMD_SEND_DATA) 521 if (cmd != RXRPC_CMD_SEND_DATA)
506 return -EBADSLT; 522 goto error_release_sock;
507 call = rxrpc_new_client_call_for_sendmsg(rx, msg, user_call_ID, 523 call = rxrpc_new_client_call_for_sendmsg(rx, msg, user_call_ID,
508 exclusive); 524 exclusive);
525 /* The socket is now unlocked... */
509 if (IS_ERR(call)) 526 if (IS_ERR(call))
510 return PTR_ERR(call); 527 return PTR_ERR(call);
528 /* ... and we have the call lock. */
529 } else {
530 switch (READ_ONCE(call->state)) {
531 case RXRPC_CALL_UNINITIALISED:
532 case RXRPC_CALL_CLIENT_AWAIT_CONN:
533 case RXRPC_CALL_SERVER_PREALLOC:
534 case RXRPC_CALL_SERVER_SECURING:
535 case RXRPC_CALL_SERVER_ACCEPTING:
536 ret = -EBUSY;
537 goto error_release_sock;
538 default:
539 break;
540 }
541
542 ret = mutex_lock_interruptible(&call->user_mutex);
543 release_sock(&rx->sk);
544 if (ret < 0) {
545 ret = -ERESTARTSYS;
546 goto error_put;
547 }
511 } 548 }
512 549
550 state = READ_ONCE(call->state);
513 _debug("CALL %d USR %lx ST %d on CONN %p", 551 _debug("CALL %d USR %lx ST %d on CONN %p",
514 call->debug_id, call->user_call_ID, call->state, call->conn); 552 call->debug_id, call->user_call_ID, state, call->conn);
515 553
516 if (call->state >= RXRPC_CALL_COMPLETE) { 554 if (state >= RXRPC_CALL_COMPLETE) {
517 /* it's too late for this call */ 555 /* it's too late for this call */
518 ret = -ESHUTDOWN; 556 ret = -ESHUTDOWN;
519 } else if (cmd == RXRPC_CMD_SEND_ABORT) { 557 } else if (cmd == RXRPC_CMD_SEND_ABORT) {
@@ -523,21 +561,27 @@ int rxrpc_do_sendmsg(struct rxrpc_sock *rx, struct msghdr *msg, size_t len)
523 } else if (cmd != RXRPC_CMD_SEND_DATA) { 561 } else if (cmd != RXRPC_CMD_SEND_DATA) {
524 ret = -EINVAL; 562 ret = -EINVAL;
525 } else if (rxrpc_is_client_call(call) && 563 } else if (rxrpc_is_client_call(call) &&
526 call->state != RXRPC_CALL_CLIENT_SEND_REQUEST) { 564 state != RXRPC_CALL_CLIENT_SEND_REQUEST) {
527 /* request phase complete for this client call */ 565 /* request phase complete for this client call */
528 ret = -EPROTO; 566 ret = -EPROTO;
529 } else if (rxrpc_is_service_call(call) && 567 } else if (rxrpc_is_service_call(call) &&
530 call->state != RXRPC_CALL_SERVER_ACK_REQUEST && 568 state != RXRPC_CALL_SERVER_ACK_REQUEST &&
531 call->state != RXRPC_CALL_SERVER_SEND_REPLY) { 569 state != RXRPC_CALL_SERVER_SEND_REPLY) {
532 /* Reply phase not begun or not complete for service call. */ 570 /* Reply phase not begun or not complete for service call. */
533 ret = -EPROTO; 571 ret = -EPROTO;
534 } else { 572 } else {
535 ret = rxrpc_send_data(rx, call, msg, len); 573 ret = rxrpc_send_data(rx, call, msg, len);
536 } 574 }
537 575
576 mutex_unlock(&call->user_mutex);
577error_put:
538 rxrpc_put_call(call, rxrpc_call_put); 578 rxrpc_put_call(call, rxrpc_call_put);
539 _leave(" = %d", ret); 579 _leave(" = %d", ret);
540 return ret; 580 return ret;
581
582error_release_sock:
583 release_sock(&rx->sk);
584 return ret;
541} 585}
542 586
543/** 587/**
@@ -562,22 +606,29 @@ int rxrpc_kernel_send_data(struct socket *sock, struct rxrpc_call *call,
562 ASSERTCMP(msg->msg_name, ==, NULL); 606 ASSERTCMP(msg->msg_name, ==, NULL);
563 ASSERTCMP(msg->msg_control, ==, NULL); 607 ASSERTCMP(msg->msg_control, ==, NULL);
564 608
565 lock_sock(sock->sk); 609 mutex_lock(&call->user_mutex);
566 610
567 _debug("CALL %d USR %lx ST %d on CONN %p", 611 _debug("CALL %d USR %lx ST %d on CONN %p",
568 call->debug_id, call->user_call_ID, call->state, call->conn); 612 call->debug_id, call->user_call_ID, call->state, call->conn);
569 613
570 if (call->state >= RXRPC_CALL_COMPLETE) { 614 switch (READ_ONCE(call->state)) {
571 ret = -ESHUTDOWN; /* it's too late for this call */ 615 case RXRPC_CALL_CLIENT_SEND_REQUEST:
572 } else if (call->state != RXRPC_CALL_CLIENT_SEND_REQUEST && 616 case RXRPC_CALL_SERVER_ACK_REQUEST:
573 call->state != RXRPC_CALL_SERVER_ACK_REQUEST && 617 case RXRPC_CALL_SERVER_SEND_REPLY:
574 call->state != RXRPC_CALL_SERVER_SEND_REPLY) {
575 ret = -EPROTO; /* request phase complete for this client call */
576 } else {
577 ret = rxrpc_send_data(rxrpc_sk(sock->sk), call, msg, len); 618 ret = rxrpc_send_data(rxrpc_sk(sock->sk), call, msg, len);
619 break;
620 case RXRPC_CALL_COMPLETE:
621 read_lock_bh(&call->state_lock);
622 ret = -call->error;
623 read_unlock_bh(&call->state_lock);
624 break;
625 default:
626 /* Request phase complete for this client call */
627 ret = -EPROTO;
628 break;
578 } 629 }
579 630
580 release_sock(sock->sk); 631 mutex_unlock(&call->user_mutex);
581 _leave(" = %d", ret); 632 _leave(" = %d", ret);
582 return ret; 633 return ret;
583} 634}
@@ -598,12 +649,12 @@ void rxrpc_kernel_abort_call(struct socket *sock, struct rxrpc_call *call,
598{ 649{
599 _enter("{%d},%d,%d,%s", call->debug_id, abort_code, error, why); 650 _enter("{%d},%d,%d,%s", call->debug_id, abort_code, error, why);
600 651
601 lock_sock(sock->sk); 652 mutex_lock(&call->user_mutex);
602 653
603 if (rxrpc_abort_call(why, call, 0, abort_code, error)) 654 if (rxrpc_abort_call(why, call, 0, abort_code, error))
604 rxrpc_send_abort_packet(call); 655 rxrpc_send_abort_packet(call);
605 656
606 release_sock(sock->sk); 657 mutex_unlock(&call->user_mutex);
607 _leave(""); 658 _leave("");
608} 659}
609 660
diff --git a/net/sched/act_connmark.c b/net/sched/act_connmark.c
index ab8062909962..f9bb43c25697 100644
--- a/net/sched/act_connmark.c
+++ b/net/sched/act_connmark.c
@@ -113,6 +113,9 @@ static int tcf_connmark_init(struct net *net, struct nlattr *nla,
113 if (ret < 0) 113 if (ret < 0)
114 return ret; 114 return ret;
115 115
116 if (!tb[TCA_CONNMARK_PARMS])
117 return -EINVAL;
118
116 parm = nla_data(tb[TCA_CONNMARK_PARMS]); 119 parm = nla_data(tb[TCA_CONNMARK_PARMS]);
117 120
118 if (!tcf_hash_check(tn, parm->index, a, bind)) { 121 if (!tcf_hash_check(tn, parm->index, a, bind)) {
diff --git a/net/sched/act_skbmod.c b/net/sched/act_skbmod.c
index 3b7074e23024..c736627f8f4a 100644
--- a/net/sched/act_skbmod.c
+++ b/net/sched/act_skbmod.c
@@ -228,7 +228,6 @@ static int tcf_skbmod_dump(struct sk_buff *skb, struct tc_action *a,
228 228
229 return skb->len; 229 return skb->len;
230nla_put_failure: 230nla_put_failure:
231 rcu_read_unlock();
232 nlmsg_trim(skb, b); 231 nlmsg_trim(skb, b);
233 return -1; 232 return -1;
234} 233}
diff --git a/net/sched/em_meta.c b/net/sched/em_meta.c
index 41c80b6c3906..ae7e4f5b348b 100644
--- a/net/sched/em_meta.c
+++ b/net/sched/em_meta.c
@@ -63,6 +63,7 @@
63#include <linux/types.h> 63#include <linux/types.h>
64#include <linux/kernel.h> 64#include <linux/kernel.h>
65#include <linux/sched.h> 65#include <linux/sched.h>
66#include <linux/sched/loadavg.h>
66#include <linux/string.h> 67#include <linux/string.h>
67#include <linux/skbuff.h> 68#include <linux/skbuff.h>
68#include <linux/random.h> 69#include <linux/random.h>
diff --git a/net/sctp/input.c b/net/sctp/input.c
index fc458968fe4b..2a28ab20487f 100644
--- a/net/sctp/input.c
+++ b/net/sctp/input.c
@@ -884,14 +884,17 @@ int sctp_hash_transport(struct sctp_transport *t)
884 arg.paddr = &t->ipaddr; 884 arg.paddr = &t->ipaddr;
885 arg.lport = htons(t->asoc->base.bind_addr.port); 885 arg.lport = htons(t->asoc->base.bind_addr.port);
886 886
887 rcu_read_lock();
887 list = rhltable_lookup(&sctp_transport_hashtable, &arg, 888 list = rhltable_lookup(&sctp_transport_hashtable, &arg,
888 sctp_hash_params); 889 sctp_hash_params);
889 890
890 rhl_for_each_entry_rcu(transport, tmp, list, node) 891 rhl_for_each_entry_rcu(transport, tmp, list, node)
891 if (transport->asoc->ep == t->asoc->ep) { 892 if (transport->asoc->ep == t->asoc->ep) {
893 rcu_read_unlock();
892 err = -EEXIST; 894 err = -EEXIST;
893 goto out; 895 goto out;
894 } 896 }
897 rcu_read_unlock();
895 898
896 err = rhltable_insert_key(&sctp_transport_hashtable, &arg, 899 err = rhltable_insert_key(&sctp_transport_hashtable, &arg,
897 &t->node, sctp_hash_params); 900 &t->node, sctp_hash_params);
diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c
index 063baac5b9fe..961ee59f696a 100644
--- a/net/sctp/ipv6.c
+++ b/net/sctp/ipv6.c
@@ -640,14 +640,15 @@ static sctp_scope_t sctp_v6_scope(union sctp_addr *addr)
640 640
641/* Create and initialize a new sk for the socket to be returned by accept(). */ 641/* Create and initialize a new sk for the socket to be returned by accept(). */
642static struct sock *sctp_v6_create_accept_sk(struct sock *sk, 642static struct sock *sctp_v6_create_accept_sk(struct sock *sk,
643 struct sctp_association *asoc) 643 struct sctp_association *asoc,
644 bool kern)
644{ 645{
645 struct sock *newsk; 646 struct sock *newsk;
646 struct ipv6_pinfo *newnp, *np = inet6_sk(sk); 647 struct ipv6_pinfo *newnp, *np = inet6_sk(sk);
647 struct sctp6_sock *newsctp6sk; 648 struct sctp6_sock *newsctp6sk;
648 struct ipv6_txoptions *opt; 649 struct ipv6_txoptions *opt;
649 650
650 newsk = sk_alloc(sock_net(sk), PF_INET6, GFP_KERNEL, sk->sk_prot, 0); 651 newsk = sk_alloc(sock_net(sk), PF_INET6, GFP_KERNEL, sk->sk_prot, kern);
651 if (!newsk) 652 if (!newsk)
652 goto out; 653 goto out;
653 654
diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c
index 1b6d4574d2b0..989a900383b5 100644
--- a/net/sctp/protocol.c
+++ b/net/sctp/protocol.c
@@ -575,10 +575,11 @@ static int sctp_v4_is_ce(const struct sk_buff *skb)
575 575
576/* Create and initialize a new sk for the socket returned by accept(). */ 576/* Create and initialize a new sk for the socket returned by accept(). */
577static struct sock *sctp_v4_create_accept_sk(struct sock *sk, 577static struct sock *sctp_v4_create_accept_sk(struct sock *sk,
578 struct sctp_association *asoc) 578 struct sctp_association *asoc,
579 bool kern)
579{ 580{
580 struct sock *newsk = sk_alloc(sock_net(sk), PF_INET, GFP_KERNEL, 581 struct sock *newsk = sk_alloc(sock_net(sk), PF_INET, GFP_KERNEL,
581 sk->sk_prot, 0); 582 sk->sk_prot, kern);
582 struct inet_sock *newinet; 583 struct inet_sock *newinet;
583 584
584 if (!newsk) 585 if (!newsk)
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index 465a9c8464f9..0f378ea2ae38 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -57,6 +57,7 @@
57#include <linux/kernel.h> 57#include <linux/kernel.h>
58#include <linux/wait.h> 58#include <linux/wait.h>
59#include <linux/time.h> 59#include <linux/time.h>
60#include <linux/sched/signal.h>
60#include <linux/ip.h> 61#include <linux/ip.h>
61#include <linux/capability.h> 62#include <linux/capability.h>
62#include <linux/fcntl.h> 63#include <linux/fcntl.h>
@@ -4115,7 +4116,7 @@ static int sctp_disconnect(struct sock *sk, int flags)
4115 * descriptor will be returned from accept() to represent the newly 4116 * descriptor will be returned from accept() to represent the newly
4116 * formed association. 4117 * formed association.
4117 */ 4118 */
4118static struct sock *sctp_accept(struct sock *sk, int flags, int *err) 4119static struct sock *sctp_accept(struct sock *sk, int flags, int *err, bool kern)
4119{ 4120{
4120 struct sctp_sock *sp; 4121 struct sctp_sock *sp;
4121 struct sctp_endpoint *ep; 4122 struct sctp_endpoint *ep;
@@ -4150,7 +4151,7 @@ static struct sock *sctp_accept(struct sock *sk, int flags, int *err)
4150 */ 4151 */
4151 asoc = list_entry(ep->asocs.next, struct sctp_association, asocs); 4152 asoc = list_entry(ep->asocs.next, struct sctp_association, asocs);
4152 4153
4153 newsk = sp->pf->create_accept_sk(sk, asoc); 4154 newsk = sp->pf->create_accept_sk(sk, asoc, kern);
4154 if (!newsk) { 4155 if (!newsk) {
4155 error = -ENOMEM; 4156 error = -ENOMEM;
4156 goto out; 4157 goto out;
diff --git a/net/smc/af_smc.c b/net/smc/af_smc.c
index 5d4208ad029e..093803786eac 100644
--- a/net/smc/af_smc.c
+++ b/net/smc/af_smc.c
@@ -27,6 +27,8 @@
27#include <linux/inetdevice.h> 27#include <linux/inetdevice.h>
28#include <linux/workqueue.h> 28#include <linux/workqueue.h>
29#include <linux/in.h> 29#include <linux/in.h>
30#include <linux/sched/signal.h>
31
30#include <net/sock.h> 32#include <net/sock.h>
31#include <net/tcp.h> 33#include <net/tcp.h>
32#include <net/smc.h> 34#include <net/smc.h>
@@ -942,7 +944,7 @@ out:
942} 944}
943 945
944static int smc_accept(struct socket *sock, struct socket *new_sock, 946static int smc_accept(struct socket *sock, struct socket *new_sock,
945 int flags) 947 int flags, bool kern)
946{ 948{
947 struct sock *sk = sock->sk, *nsk; 949 struct sock *sk = sock->sk, *nsk;
948 DECLARE_WAITQUEUE(wait, current); 950 DECLARE_WAITQUEUE(wait, current);
diff --git a/net/smc/smc_clc.c b/net/smc/smc_clc.c
index cc6b6f8651eb..e41f594a1e1d 100644
--- a/net/smc/smc_clc.c
+++ b/net/smc/smc_clc.c
@@ -11,6 +11,8 @@
11 11
12#include <linux/in.h> 12#include <linux/in.h>
13#include <linux/if_ether.h> 13#include <linux/if_ether.h>
14#include <linux/sched/signal.h>
15
14#include <net/sock.h> 16#include <net/sock.h>
15#include <net/tcp.h> 17#include <net/tcp.h>
16 18
diff --git a/net/smc/smc_close.c b/net/smc/smc_close.c
index 03dfcc6b7661..67a71d170bed 100644
--- a/net/smc/smc_close.c
+++ b/net/smc/smc_close.c
@@ -9,6 +9,8 @@
9 */ 9 */
10 10
11#include <linux/workqueue.h> 11#include <linux/workqueue.h>
12#include <linux/sched/signal.h>
13
12#include <net/sock.h> 14#include <net/sock.h>
13 15
14#include "smc.h" 16#include "smc.h"
diff --git a/net/smc/smc_rx.c b/net/smc/smc_rx.c
index 5d1878732f46..c4ef9a4ec569 100644
--- a/net/smc/smc_rx.c
+++ b/net/smc/smc_rx.c
@@ -11,6 +11,8 @@
11 11
12#include <linux/net.h> 12#include <linux/net.h>
13#include <linux/rcupdate.h> 13#include <linux/rcupdate.h>
14#include <linux/sched/signal.h>
15
14#include <net/sock.h> 16#include <net/sock.h>
15 17
16#include "smc.h" 18#include "smc.h"
diff --git a/net/smc/smc_tx.c b/net/smc/smc_tx.c
index 6e73b28915ea..69a0013dd25c 100644
--- a/net/smc/smc_tx.c
+++ b/net/smc/smc_tx.c
@@ -15,6 +15,8 @@
15#include <linux/net.h> 15#include <linux/net.h>
16#include <linux/rcupdate.h> 16#include <linux/rcupdate.h>
17#include <linux/workqueue.h> 17#include <linux/workqueue.h>
18#include <linux/sched/signal.h>
19
18#include <net/sock.h> 20#include <net/sock.h>
19 21
20#include "smc.h" 22#include "smc.h"
diff --git a/net/socket.c b/net/socket.c
index 2c1e8677ff2d..e034fe4164be 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -1506,7 +1506,7 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr,
1506 if (err) 1506 if (err)
1507 goto out_fd; 1507 goto out_fd;
1508 1508
1509 err = sock->ops->accept(sock, newsock, sock->file->f_flags); 1509 err = sock->ops->accept(sock, newsock, sock->file->f_flags, false);
1510 if (err < 0) 1510 if (err < 0)
1511 goto out_fd; 1511 goto out_fd;
1512 1512
@@ -1731,6 +1731,7 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size,
1731 /* We assume all kernel code knows the size of sockaddr_storage */ 1731 /* We assume all kernel code knows the size of sockaddr_storage */
1732 msg.msg_namelen = 0; 1732 msg.msg_namelen = 0;
1733 msg.msg_iocb = NULL; 1733 msg.msg_iocb = NULL;
1734 msg.msg_flags = 0;
1734 if (sock->file->f_flags & O_NONBLOCK) 1735 if (sock->file->f_flags & O_NONBLOCK)
1735 flags |= MSG_DONTWAIT; 1736 flags |= MSG_DONTWAIT;
1736 err = sock_recvmsg(sock, &msg, flags); 1737 err = sock_recvmsg(sock, &msg, flags);
@@ -3238,7 +3239,7 @@ int kernel_accept(struct socket *sock, struct socket **newsock, int flags)
3238 if (err < 0) 3239 if (err < 0)
3239 goto done; 3240 goto done;
3240 3241
3241 err = sock->ops->accept(sock, *newsock, flags); 3242 err = sock->ops->accept(sock, *newsock, flags, true);
3242 if (err < 0) { 3243 if (err < 0) {
3243 sock_release(*newsock); 3244 sock_release(*newsock);
3244 *newsock = NULL; 3245 *newsock = NULL;
diff --git a/net/strparser/strparser.c b/net/strparser/strparser.c
index 41adf362936d..b5c279b22680 100644
--- a/net/strparser/strparser.c
+++ b/net/strparser/strparser.c
@@ -504,6 +504,7 @@ static int __init strp_mod_init(void)
504 504
505static void __exit strp_mod_exit(void) 505static void __exit strp_mod_exit(void)
506{ 506{
507 destroy_workqueue(strp_wq);
507} 508}
508module_init(strp_mod_init); 509module_init(strp_mod_init);
509module_exit(strp_mod_exit); 510module_exit(strp_mod_exit);
diff --git a/net/sunrpc/auth.c b/net/sunrpc/auth.c
index 2bff63a73cf8..d2623b9f23d6 100644
--- a/net/sunrpc/auth.c
+++ b/net/sunrpc/auth.c
@@ -8,6 +8,7 @@
8 8
9#include <linux/types.h> 9#include <linux/types.h>
10#include <linux/sched.h> 10#include <linux/sched.h>
11#include <linux/cred.h>
11#include <linux/module.h> 12#include <linux/module.h>
12#include <linux/slab.h> 13#include <linux/slab.h>
13#include <linux/errno.h> 14#include <linux/errno.h>
@@ -464,8 +465,10 @@ rpcauth_prune_expired(struct list_head *free, int nr_to_scan)
464 * Note that the cred_unused list must be time-ordered. 465 * Note that the cred_unused list must be time-ordered.
465 */ 466 */
466 if (time_in_range(cred->cr_expire, expired, jiffies) && 467 if (time_in_range(cred->cr_expire, expired, jiffies) &&
467 test_bit(RPCAUTH_CRED_HASHED, &cred->cr_flags) != 0) 468 test_bit(RPCAUTH_CRED_HASHED, &cred->cr_flags) != 0) {
469 freed = SHRINK_STOP;
468 break; 470 break;
471 }
469 472
470 list_del_init(&cred->cr_lru); 473 list_del_init(&cred->cr_lru);
471 number_cred_unused--; 474 number_cred_unused--;
@@ -520,7 +523,7 @@ static unsigned long
520rpcauth_cache_shrink_count(struct shrinker *shrink, struct shrink_control *sc) 523rpcauth_cache_shrink_count(struct shrinker *shrink, struct shrink_control *sc)
521 524
522{ 525{
523 return (number_cred_unused / 100) * sysctl_vfs_cache_pressure; 526 return number_cred_unused * sysctl_vfs_cache_pressure / 100;
524} 527}
525 528
526static void 529static void
@@ -646,9 +649,6 @@ rpcauth_init_cred(struct rpc_cred *cred, const struct auth_cred *acred,
646 cred->cr_auth = auth; 649 cred->cr_auth = auth;
647 cred->cr_ops = ops; 650 cred->cr_ops = ops;
648 cred->cr_expire = jiffies; 651 cred->cr_expire = jiffies;
649#if IS_ENABLED(CONFIG_SUNRPC_DEBUG)
650 cred->cr_magic = RPCAUTH_CRED_MAGIC;
651#endif
652 cred->cr_uid = acred->uid; 652 cred->cr_uid = acred->uid;
653} 653}
654EXPORT_SYMBOL_GPL(rpcauth_init_cred); 654EXPORT_SYMBOL_GPL(rpcauth_init_cred);
@@ -876,8 +876,12 @@ int __init rpcauth_init_module(void)
876 err = rpc_init_generic_auth(); 876 err = rpc_init_generic_auth();
877 if (err < 0) 877 if (err < 0)
878 goto out2; 878 goto out2;
879 register_shrinker(&rpc_cred_shrinker); 879 err = register_shrinker(&rpc_cred_shrinker);
880 if (err < 0)
881 goto out3;
880 return 0; 882 return 0;
883out3:
884 rpc_destroy_generic_auth();
881out2: 885out2:
882 rpc_destroy_authunix(); 886 rpc_destroy_authunix();
883out1: 887out1:
diff --git a/net/sunrpc/auth_null.c b/net/sunrpc/auth_null.c
index 4d17376b2acb..5f3d527dff65 100644
--- a/net/sunrpc/auth_null.c
+++ b/net/sunrpc/auth_null.c
@@ -139,7 +139,4 @@ struct rpc_cred null_cred = {
139 .cr_ops = &null_credops, 139 .cr_ops = &null_credops,
140 .cr_count = ATOMIC_INIT(1), 140 .cr_count = ATOMIC_INIT(1),
141 .cr_flags = 1UL << RPCAUTH_CRED_UPTODATE, 141 .cr_flags = 1UL << RPCAUTH_CRED_UPTODATE,
142#if IS_ENABLED(CONFIG_SUNRPC_DEBUG)
143 .cr_magic = RPCAUTH_CRED_MAGIC,
144#endif
145}; 142};
diff --git a/net/sunrpc/auth_unix.c b/net/sunrpc/auth_unix.c
index 306fc0f54596..82337e1ec9cd 100644
--- a/net/sunrpc/auth_unix.c
+++ b/net/sunrpc/auth_unix.c
@@ -14,12 +14,10 @@
14#include <linux/sunrpc/auth.h> 14#include <linux/sunrpc/auth.h>
15#include <linux/user_namespace.h> 15#include <linux/user_namespace.h>
16 16
17#define NFS_NGROUPS 16
18
19struct unx_cred { 17struct unx_cred {
20 struct rpc_cred uc_base; 18 struct rpc_cred uc_base;
21 kgid_t uc_gid; 19 kgid_t uc_gid;
22 kgid_t uc_gids[NFS_NGROUPS]; 20 kgid_t uc_gids[UNX_NGROUPS];
23}; 21};
24#define uc_uid uc_base.cr_uid 22#define uc_uid uc_base.cr_uid
25 23
@@ -82,13 +80,13 @@ unx_create_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags, gfp_t
82 80
83 if (acred->group_info != NULL) 81 if (acred->group_info != NULL)
84 groups = acred->group_info->ngroups; 82 groups = acred->group_info->ngroups;
85 if (groups > NFS_NGROUPS) 83 if (groups > UNX_NGROUPS)
86 groups = NFS_NGROUPS; 84 groups = UNX_NGROUPS;
87 85
88 cred->uc_gid = acred->gid; 86 cred->uc_gid = acred->gid;
89 for (i = 0; i < groups; i++) 87 for (i = 0; i < groups; i++)
90 cred->uc_gids[i] = acred->group_info->gid[i]; 88 cred->uc_gids[i] = acred->group_info->gid[i];
91 if (i < NFS_NGROUPS) 89 if (i < UNX_NGROUPS)
92 cred->uc_gids[i] = INVALID_GID; 90 cred->uc_gids[i] = INVALID_GID;
93 91
94 return &cred->uc_base; 92 return &cred->uc_base;
@@ -132,12 +130,12 @@ unx_match(struct auth_cred *acred, struct rpc_cred *rcred, int flags)
132 130
133 if (acred->group_info != NULL) 131 if (acred->group_info != NULL)
134 groups = acred->group_info->ngroups; 132 groups = acred->group_info->ngroups;
135 if (groups > NFS_NGROUPS) 133 if (groups > UNX_NGROUPS)
136 groups = NFS_NGROUPS; 134 groups = UNX_NGROUPS;
137 for (i = 0; i < groups ; i++) 135 for (i = 0; i < groups ; i++)
138 if (!gid_eq(cred->uc_gids[i], acred->group_info->gid[i])) 136 if (!gid_eq(cred->uc_gids[i], acred->group_info->gid[i]))
139 return 0; 137 return 0;
140 if (groups < NFS_NGROUPS && gid_valid(cred->uc_gids[groups])) 138 if (groups < UNX_NGROUPS && gid_valid(cred->uc_gids[groups]))
141 return 0; 139 return 0;
142 return 1; 140 return 1;
143} 141}
@@ -166,7 +164,7 @@ unx_marshal(struct rpc_task *task, __be32 *p)
166 *p++ = htonl((u32) from_kuid(&init_user_ns, cred->uc_uid)); 164 *p++ = htonl((u32) from_kuid(&init_user_ns, cred->uc_uid));
167 *p++ = htonl((u32) from_kgid(&init_user_ns, cred->uc_gid)); 165 *p++ = htonl((u32) from_kgid(&init_user_ns, cred->uc_gid));
168 hold = p++; 166 hold = p++;
169 for (i = 0; i < 16 && gid_valid(cred->uc_gids[i]); i++) 167 for (i = 0; i < UNX_NGROUPS && gid_valid(cred->uc_gids[i]); i++)
170 *p++ = htonl((u32) from_kgid(&init_user_ns, cred->uc_gids[i])); 168 *p++ = htonl((u32) from_kgid(&init_user_ns, cred->uc_gids[i]));
171 *hold = htonl(p - hold - 1); /* gid array length */ 169 *hold = htonl(p - hold - 1); /* gid array length */
172 *base = htonl((p - base - 1) << 2); /* cred length */ 170 *base = htonl((p - base - 1) << 2); /* cred length */
diff --git a/net/sunrpc/cache.c b/net/sunrpc/cache.c
index d8639da06d9c..79d55d949d9a 100644
--- a/net/sunrpc/cache.c
+++ b/net/sunrpc/cache.c
@@ -728,7 +728,7 @@ void cache_clean_deferred(void *owner)
728/* 728/*
729 * communicate with user-space 729 * communicate with user-space
730 * 730 *
731 * We have a magic /proc file - /proc/sunrpc/<cachename>/channel. 731 * We have a magic /proc file - /proc/net/rpc/<cachename>/channel.
732 * On read, you get a full request, or block. 732 * On read, you get a full request, or block.
733 * On write, an update request is processed. 733 * On write, an update request is processed.
734 * Poll works if anything to read, and always allows write. 734 * Poll works if anything to read, and always allows write.
@@ -1283,7 +1283,7 @@ EXPORT_SYMBOL_GPL(qword_get);
1283 1283
1284 1284
1285/* 1285/*
1286 * support /proc/sunrpc/cache/$CACHENAME/content 1286 * support /proc/net/rpc/$CACHENAME/content
1287 * as a seqfile. 1287 * as a seqfile.
1288 * We call ->cache_show passing NULL for the item to 1288 * We call ->cache_show passing NULL for the item to
1289 * get a header, then pass each real item in the cache 1289 * get a header, then pass each real item in the cache
@@ -1438,20 +1438,11 @@ static ssize_t read_flush(struct file *file, char __user *buf,
1438 struct cache_detail *cd) 1438 struct cache_detail *cd)
1439{ 1439{
1440 char tbuf[22]; 1440 char tbuf[22];
1441 unsigned long p = *ppos;
1442 size_t len; 1441 size_t len;
1443 1442
1444 snprintf(tbuf, sizeof(tbuf), "%lu\n", convert_to_wallclock(cd->flush_time)); 1443 len = snprintf(tbuf, sizeof(tbuf), "%lu\n",
1445 len = strlen(tbuf); 1444 convert_to_wallclock(cd->flush_time));
1446 if (p >= len) 1445 return simple_read_from_buffer(buf, count, ppos, tbuf, len);
1447 return 0;
1448 len -= p;
1449 if (len > count)
1450 len = count;
1451 if (copy_to_user(buf, (void*)(tbuf+p), len))
1452 return -EFAULT;
1453 *ppos += len;
1454 return len;
1455} 1446}
1456 1447
1457static ssize_t write_flush(struct file *file, const char __user *buf, 1448static ssize_t write_flush(struct file *file, const char __user *buf,
@@ -1611,21 +1602,12 @@ static const struct file_operations cache_flush_operations_procfs = {
1611 .llseek = no_llseek, 1602 .llseek = no_llseek,
1612}; 1603};
1613 1604
1614static void remove_cache_proc_entries(struct cache_detail *cd, struct net *net) 1605static void remove_cache_proc_entries(struct cache_detail *cd)
1615{ 1606{
1616 struct sunrpc_net *sn; 1607 if (cd->procfs) {
1617 1608 proc_remove(cd->procfs);
1618 if (cd->u.procfs.proc_ent == NULL) 1609 cd->procfs = NULL;
1619 return; 1610 }
1620 if (cd->u.procfs.flush_ent)
1621 remove_proc_entry("flush", cd->u.procfs.proc_ent);
1622 if (cd->u.procfs.channel_ent)
1623 remove_proc_entry("channel", cd->u.procfs.proc_ent);
1624 if (cd->u.procfs.content_ent)
1625 remove_proc_entry("content", cd->u.procfs.proc_ent);
1626 cd->u.procfs.proc_ent = NULL;
1627 sn = net_generic(net, sunrpc_net_id);
1628 remove_proc_entry(cd->name, sn->proc_net_rpc);
1629} 1611}
1630 1612
1631#ifdef CONFIG_PROC_FS 1613#ifdef CONFIG_PROC_FS
@@ -1635,38 +1617,30 @@ static int create_cache_proc_entries(struct cache_detail *cd, struct net *net)
1635 struct sunrpc_net *sn; 1617 struct sunrpc_net *sn;
1636 1618
1637 sn = net_generic(net, sunrpc_net_id); 1619 sn = net_generic(net, sunrpc_net_id);
1638 cd->u.procfs.proc_ent = proc_mkdir(cd->name, sn->proc_net_rpc); 1620 cd->procfs = proc_mkdir(cd->name, sn->proc_net_rpc);
1639 if (cd->u.procfs.proc_ent == NULL) 1621 if (cd->procfs == NULL)
1640 goto out_nomem; 1622 goto out_nomem;
1641 cd->u.procfs.channel_ent = NULL;
1642 cd->u.procfs.content_ent = NULL;
1643 1623
1644 p = proc_create_data("flush", S_IFREG|S_IRUSR|S_IWUSR, 1624 p = proc_create_data("flush", S_IFREG|S_IRUSR|S_IWUSR,
1645 cd->u.procfs.proc_ent, 1625 cd->procfs, &cache_flush_operations_procfs, cd);
1646 &cache_flush_operations_procfs, cd);
1647 cd->u.procfs.flush_ent = p;
1648 if (p == NULL) 1626 if (p == NULL)
1649 goto out_nomem; 1627 goto out_nomem;
1650 1628
1651 if (cd->cache_request || cd->cache_parse) { 1629 if (cd->cache_request || cd->cache_parse) {
1652 p = proc_create_data("channel", S_IFREG|S_IRUSR|S_IWUSR, 1630 p = proc_create_data("channel", S_IFREG|S_IRUSR|S_IWUSR,
1653 cd->u.procfs.proc_ent, 1631 cd->procfs, &cache_file_operations_procfs, cd);
1654 &cache_file_operations_procfs, cd);
1655 cd->u.procfs.channel_ent = p;
1656 if (p == NULL) 1632 if (p == NULL)
1657 goto out_nomem; 1633 goto out_nomem;
1658 } 1634 }
1659 if (cd->cache_show) { 1635 if (cd->cache_show) {
1660 p = proc_create_data("content", S_IFREG|S_IRUSR, 1636 p = proc_create_data("content", S_IFREG|S_IRUSR,
1661 cd->u.procfs.proc_ent, 1637 cd->procfs, &content_file_operations_procfs, cd);
1662 &content_file_operations_procfs, cd);
1663 cd->u.procfs.content_ent = p;
1664 if (p == NULL) 1638 if (p == NULL)
1665 goto out_nomem; 1639 goto out_nomem;
1666 } 1640 }
1667 return 0; 1641 return 0;
1668out_nomem: 1642out_nomem:
1669 remove_cache_proc_entries(cd, net); 1643 remove_cache_proc_entries(cd);
1670 return -ENOMEM; 1644 return -ENOMEM;
1671} 1645}
1672#else /* CONFIG_PROC_FS */ 1646#else /* CONFIG_PROC_FS */
@@ -1695,7 +1669,7 @@ EXPORT_SYMBOL_GPL(cache_register_net);
1695 1669
1696void cache_unregister_net(struct cache_detail *cd, struct net *net) 1670void cache_unregister_net(struct cache_detail *cd, struct net *net)
1697{ 1671{
1698 remove_cache_proc_entries(cd, net); 1672 remove_cache_proc_entries(cd);
1699 sunrpc_destroy_cache_detail(cd); 1673 sunrpc_destroy_cache_detail(cd);
1700} 1674}
1701EXPORT_SYMBOL_GPL(cache_unregister_net); 1675EXPORT_SYMBOL_GPL(cache_unregister_net);
@@ -1854,15 +1828,17 @@ int sunrpc_cache_register_pipefs(struct dentry *parent,
1854 struct dentry *dir = rpc_create_cache_dir(parent, name, umode, cd); 1828 struct dentry *dir = rpc_create_cache_dir(parent, name, umode, cd);
1855 if (IS_ERR(dir)) 1829 if (IS_ERR(dir))
1856 return PTR_ERR(dir); 1830 return PTR_ERR(dir);
1857 cd->u.pipefs.dir = dir; 1831 cd->pipefs = dir;
1858 return 0; 1832 return 0;
1859} 1833}
1860EXPORT_SYMBOL_GPL(sunrpc_cache_register_pipefs); 1834EXPORT_SYMBOL_GPL(sunrpc_cache_register_pipefs);
1861 1835
1862void sunrpc_cache_unregister_pipefs(struct cache_detail *cd) 1836void sunrpc_cache_unregister_pipefs(struct cache_detail *cd)
1863{ 1837{
1864 rpc_remove_cache_dir(cd->u.pipefs.dir); 1838 if (cd->pipefs) {
1865 cd->u.pipefs.dir = NULL; 1839 rpc_remove_cache_dir(cd->pipefs);
1840 cd->pipefs = NULL;
1841 }
1866} 1842}
1867EXPORT_SYMBOL_GPL(sunrpc_cache_unregister_pipefs); 1843EXPORT_SYMBOL_GPL(sunrpc_cache_unregister_pipefs);
1868 1844
diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c
index 1dc9f3bac099..52da3ce54bb5 100644
--- a/net/sunrpc/clnt.c
+++ b/net/sunrpc/clnt.c
@@ -1453,21 +1453,6 @@ size_t rpc_max_bc_payload(struct rpc_clnt *clnt)
1453EXPORT_SYMBOL_GPL(rpc_max_bc_payload); 1453EXPORT_SYMBOL_GPL(rpc_max_bc_payload);
1454 1454
1455/** 1455/**
1456 * rpc_get_timeout - Get timeout for transport in units of HZ
1457 * @clnt: RPC client to query
1458 */
1459unsigned long rpc_get_timeout(struct rpc_clnt *clnt)
1460{
1461 unsigned long ret;
1462
1463 rcu_read_lock();
1464 ret = rcu_dereference(clnt->cl_xprt)->timeout->to_initval;
1465 rcu_read_unlock();
1466 return ret;
1467}
1468EXPORT_SYMBOL_GPL(rpc_get_timeout);
1469
1470/**
1471 * rpc_force_rebind - force transport to check that remote port is unchanged 1456 * rpc_force_rebind - force transport to check that remote port is unchanged
1472 * @clnt: client to rebind 1457 * @clnt: client to rebind
1473 * 1458 *
@@ -2699,6 +2684,7 @@ int rpc_clnt_add_xprt(struct rpc_clnt *clnt,
2699{ 2684{
2700 struct rpc_xprt_switch *xps; 2685 struct rpc_xprt_switch *xps;
2701 struct rpc_xprt *xprt; 2686 struct rpc_xprt *xprt;
2687 unsigned long connect_timeout;
2702 unsigned long reconnect_timeout; 2688 unsigned long reconnect_timeout;
2703 unsigned char resvport; 2689 unsigned char resvport;
2704 int ret = 0; 2690 int ret = 0;
@@ -2711,6 +2697,7 @@ int rpc_clnt_add_xprt(struct rpc_clnt *clnt,
2711 return -EAGAIN; 2697 return -EAGAIN;
2712 } 2698 }
2713 resvport = xprt->resvport; 2699 resvport = xprt->resvport;
2700 connect_timeout = xprt->connect_timeout;
2714 reconnect_timeout = xprt->max_reconnect_timeout; 2701 reconnect_timeout = xprt->max_reconnect_timeout;
2715 rcu_read_unlock(); 2702 rcu_read_unlock();
2716 2703
@@ -2720,7 +2707,10 @@ int rpc_clnt_add_xprt(struct rpc_clnt *clnt,
2720 goto out_put_switch; 2707 goto out_put_switch;
2721 } 2708 }
2722 xprt->resvport = resvport; 2709 xprt->resvport = resvport;
2723 xprt->max_reconnect_timeout = reconnect_timeout; 2710 if (xprt->ops->set_connect_timeout != NULL)
2711 xprt->ops->set_connect_timeout(xprt,
2712 connect_timeout,
2713 reconnect_timeout);
2724 2714
2725 rpc_xprt_switch_set_roundrobin(xps); 2715 rpc_xprt_switch_set_roundrobin(xps);
2726 if (setup) { 2716 if (setup) {
@@ -2737,26 +2727,39 @@ out_put_switch:
2737} 2727}
2738EXPORT_SYMBOL_GPL(rpc_clnt_add_xprt); 2728EXPORT_SYMBOL_GPL(rpc_clnt_add_xprt);
2739 2729
2730struct connect_timeout_data {
2731 unsigned long connect_timeout;
2732 unsigned long reconnect_timeout;
2733};
2734
2740static int 2735static int
2741rpc_xprt_cap_max_reconnect_timeout(struct rpc_clnt *clnt, 2736rpc_xprt_set_connect_timeout(struct rpc_clnt *clnt,
2742 struct rpc_xprt *xprt, 2737 struct rpc_xprt *xprt,
2743 void *data) 2738 void *data)
2744{ 2739{
2745 unsigned long timeout = *((unsigned long *)data); 2740 struct connect_timeout_data *timeo = data;
2746 2741
2747 if (timeout < xprt->max_reconnect_timeout) 2742 if (xprt->ops->set_connect_timeout)
2748 xprt->max_reconnect_timeout = timeout; 2743 xprt->ops->set_connect_timeout(xprt,
2744 timeo->connect_timeout,
2745 timeo->reconnect_timeout);
2749 return 0; 2746 return 0;
2750} 2747}
2751 2748
2752void 2749void
2753rpc_cap_max_reconnect_timeout(struct rpc_clnt *clnt, unsigned long timeo) 2750rpc_set_connect_timeout(struct rpc_clnt *clnt,
2751 unsigned long connect_timeout,
2752 unsigned long reconnect_timeout)
2754{ 2753{
2754 struct connect_timeout_data timeout = {
2755 .connect_timeout = connect_timeout,
2756 .reconnect_timeout = reconnect_timeout,
2757 };
2755 rpc_clnt_iterate_for_each_xprt(clnt, 2758 rpc_clnt_iterate_for_each_xprt(clnt,
2756 rpc_xprt_cap_max_reconnect_timeout, 2759 rpc_xprt_set_connect_timeout,
2757 &timeo); 2760 &timeout);
2758} 2761}
2759EXPORT_SYMBOL_GPL(rpc_cap_max_reconnect_timeout); 2762EXPORT_SYMBOL_GPL(rpc_set_connect_timeout);
2760 2763
2761void rpc_clnt_xprt_switch_put(struct rpc_clnt *clnt) 2764void rpc_clnt_xprt_switch_put(struct rpc_clnt *clnt)
2762{ 2765{
diff --git a/net/sunrpc/debugfs.c b/net/sunrpc/debugfs.c
index e7b4d93566df..c8fd0b6c1618 100644
--- a/net/sunrpc/debugfs.c
+++ b/net/sunrpc/debugfs.c
@@ -16,11 +16,6 @@ static struct dentry *rpc_xprt_dir;
16 16
17unsigned int rpc_inject_disconnect; 17unsigned int rpc_inject_disconnect;
18 18
19struct rpc_clnt_iter {
20 struct rpc_clnt *clnt;
21 loff_t pos;
22};
23
24static int 19static int
25tasks_show(struct seq_file *f, void *v) 20tasks_show(struct seq_file *f, void *v)
26{ 21{
@@ -47,12 +42,10 @@ static void *
47tasks_start(struct seq_file *f, loff_t *ppos) 42tasks_start(struct seq_file *f, loff_t *ppos)
48 __acquires(&clnt->cl_lock) 43 __acquires(&clnt->cl_lock)
49{ 44{
50 struct rpc_clnt_iter *iter = f->private; 45 struct rpc_clnt *clnt = f->private;
51 loff_t pos = *ppos; 46 loff_t pos = *ppos;
52 struct rpc_clnt *clnt = iter->clnt;
53 struct rpc_task *task; 47 struct rpc_task *task;
54 48
55 iter->pos = pos + 1;
56 spin_lock(&clnt->cl_lock); 49 spin_lock(&clnt->cl_lock);
57 list_for_each_entry(task, &clnt->cl_tasks, tk_task) 50 list_for_each_entry(task, &clnt->cl_tasks, tk_task)
58 if (pos-- == 0) 51 if (pos-- == 0)
@@ -63,12 +56,10 @@ tasks_start(struct seq_file *f, loff_t *ppos)
63static void * 56static void *
64tasks_next(struct seq_file *f, void *v, loff_t *pos) 57tasks_next(struct seq_file *f, void *v, loff_t *pos)
65{ 58{
66 struct rpc_clnt_iter *iter = f->private; 59 struct rpc_clnt *clnt = f->private;
67 struct rpc_clnt *clnt = iter->clnt;
68 struct rpc_task *task = v; 60 struct rpc_task *task = v;
69 struct list_head *next = task->tk_task.next; 61 struct list_head *next = task->tk_task.next;
70 62
71 ++iter->pos;
72 ++*pos; 63 ++*pos;
73 64
74 /* If there's another task on list, return it */ 65 /* If there's another task on list, return it */
@@ -81,9 +72,7 @@ static void
81tasks_stop(struct seq_file *f, void *v) 72tasks_stop(struct seq_file *f, void *v)
82 __releases(&clnt->cl_lock) 73 __releases(&clnt->cl_lock)
83{ 74{
84 struct rpc_clnt_iter *iter = f->private; 75 struct rpc_clnt *clnt = f->private;
85 struct rpc_clnt *clnt = iter->clnt;
86
87 spin_unlock(&clnt->cl_lock); 76 spin_unlock(&clnt->cl_lock);
88} 77}
89 78
@@ -96,17 +85,13 @@ static const struct seq_operations tasks_seq_operations = {
96 85
97static int tasks_open(struct inode *inode, struct file *filp) 86static int tasks_open(struct inode *inode, struct file *filp)
98{ 87{
99 int ret = seq_open_private(filp, &tasks_seq_operations, 88 int ret = seq_open(filp, &tasks_seq_operations);
100 sizeof(struct rpc_clnt_iter));
101
102 if (!ret) { 89 if (!ret) {
103 struct seq_file *seq = filp->private_data; 90 struct seq_file *seq = filp->private_data;
104 struct rpc_clnt_iter *iter = seq->private; 91 struct rpc_clnt *clnt = seq->private = inode->i_private;
105
106 iter->clnt = inode->i_private;
107 92
108 if (!atomic_inc_not_zero(&iter->clnt->cl_count)) { 93 if (!atomic_inc_not_zero(&clnt->cl_count)) {
109 seq_release_private(inode, filp); 94 seq_release(inode, filp);
110 ret = -EINVAL; 95 ret = -EINVAL;
111 } 96 }
112 } 97 }
@@ -118,10 +103,10 @@ static int
118tasks_release(struct inode *inode, struct file *filp) 103tasks_release(struct inode *inode, struct file *filp)
119{ 104{
120 struct seq_file *seq = filp->private_data; 105 struct seq_file *seq = filp->private_data;
121 struct rpc_clnt_iter *iter = seq->private; 106 struct rpc_clnt *clnt = seq->private;
122 107
123 rpc_release_client(iter->clnt); 108 rpc_release_client(clnt);
124 return seq_release_private(inode, filp); 109 return seq_release(inode, filp);
125} 110}
126 111
127static const struct file_operations tasks_fops = { 112static const struct file_operations tasks_fops = {
diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c
index b94efd93d3e4..a08aeb56b8e4 100644
--- a/net/sunrpc/svc.c
+++ b/net/sunrpc/svc.c
@@ -11,7 +11,7 @@
11 */ 11 */
12 12
13#include <linux/linkage.h> 13#include <linux/linkage.h>
14#include <linux/sched.h> 14#include <linux/sched/signal.h>
15#include <linux/errno.h> 15#include <linux/errno.h>
16#include <linux/net.h> 16#include <linux/net.h>
17#include <linux/in.h> 17#include <linux/in.h>
diff --git a/net/sunrpc/svcauth_unix.c b/net/sunrpc/svcauth_unix.c
index 64af4f034de6..f81eaa8e0888 100644
--- a/net/sunrpc/svcauth_unix.c
+++ b/net/sunrpc/svcauth_unix.c
@@ -403,7 +403,7 @@ svcauth_unix_info_release(struct svc_xprt *xpt)
403/**************************************************************************** 403/****************************************************************************
404 * auth.unix.gid cache 404 * auth.unix.gid cache
405 * simple cache to map a UID to a list of GIDs 405 * simple cache to map a UID to a list of GIDs
406 * because AUTH_UNIX aka AUTH_SYS has a max of 16 406 * because AUTH_UNIX aka AUTH_SYS has a max of UNX_NGROUPS
407 */ 407 */
408#define GID_HASHBITS 8 408#define GID_HASHBITS 8
409#define GID_HASHMAX (1<<GID_HASHBITS) 409#define GID_HASHMAX (1<<GID_HASHBITS)
@@ -810,7 +810,7 @@ svcauth_unix_accept(struct svc_rqst *rqstp, __be32 *authp)
810 cred->cr_uid = make_kuid(&init_user_ns, svc_getnl(argv)); /* uid */ 810 cred->cr_uid = make_kuid(&init_user_ns, svc_getnl(argv)); /* uid */
811 cred->cr_gid = make_kgid(&init_user_ns, svc_getnl(argv)); /* gid */ 811 cred->cr_gid = make_kgid(&init_user_ns, svc_getnl(argv)); /* gid */
812 slen = svc_getnl(argv); /* gids length */ 812 slen = svc_getnl(argv); /* gids length */
813 if (slen > 16 || (len -= (slen + 2)*4) < 0) 813 if (slen > UNX_NGROUPS || (len -= (slen + 2)*4) < 0)
814 goto badcred; 814 goto badcred;
815 cred->cr_group_info = groups_alloc(slen); 815 cred->cr_group_info = groups_alloc(slen);
816 if (cred->cr_group_info == NULL) 816 if (cred->cr_group_info == NULL)
diff --git a/net/sunrpc/xdr.c b/net/sunrpc/xdr.c
index 7f1071e103ca..1f7082144e01 100644
--- a/net/sunrpc/xdr.c
+++ b/net/sunrpc/xdr.c
@@ -1518,3 +1518,37 @@ out:
1518} 1518}
1519EXPORT_SYMBOL_GPL(xdr_process_buf); 1519EXPORT_SYMBOL_GPL(xdr_process_buf);
1520 1520
1521/**
1522 * xdr_stream_decode_string_dup - Decode and duplicate variable length string
1523 * @xdr: pointer to xdr_stream
1524 * @str: location to store pointer to string
1525 * @maxlen: maximum acceptable string length
1526 * @gfp_flags: GFP mask to use
1527 *
1528 * Return values:
1529 * On success, returns length of NUL-terminated string stored in *@ptr
1530 * %-EBADMSG on XDR buffer overflow
1531 * %-EMSGSIZE if the size of the string would exceed @maxlen
1532 * %-ENOMEM on memory allocation failure
1533 */
1534ssize_t xdr_stream_decode_string_dup(struct xdr_stream *xdr, char **str,
1535 size_t maxlen, gfp_t gfp_flags)
1536{
1537 void *p;
1538 ssize_t ret;
1539
1540 ret = xdr_stream_decode_opaque_inline(xdr, &p, maxlen);
1541 if (ret > 0) {
1542 char *s = kmalloc(ret + 1, gfp_flags);
1543 if (s != NULL) {
1544 memcpy(s, p, ret);
1545 s[ret] = '\0';
1546 *str = s;
1547 return strlen(s);
1548 }
1549 ret = -ENOMEM;
1550 }
1551 *str = NULL;
1552 return ret;
1553}
1554EXPORT_SYMBOL_GPL(xdr_stream_decode_string_dup);
diff --git a/net/sunrpc/xprt.c b/net/sunrpc/xprt.c
index 9a6be030ca7d..b530a2852ba8 100644
--- a/net/sunrpc/xprt.c
+++ b/net/sunrpc/xprt.c
@@ -897,13 +897,11 @@ static void xprt_timer(struct rpc_task *task)
897 return; 897 return;
898 dprintk("RPC: %5u xprt_timer\n", task->tk_pid); 898 dprintk("RPC: %5u xprt_timer\n", task->tk_pid);
899 899
900 spin_lock_bh(&xprt->transport_lock);
901 if (!req->rq_reply_bytes_recvd) { 900 if (!req->rq_reply_bytes_recvd) {
902 if (xprt->ops->timer) 901 if (xprt->ops->timer)
903 xprt->ops->timer(xprt, task); 902 xprt->ops->timer(xprt, task);
904 } else 903 } else
905 task->tk_status = 0; 904 task->tk_status = 0;
906 spin_unlock_bh(&xprt->transport_lock);
907} 905}
908 906
909/** 907/**
diff --git a/net/sunrpc/xprtrdma/fmr_ops.c b/net/sunrpc/xprtrdma/fmr_ops.c
index 1ebb09e1ac4f..59e64025ed96 100644
--- a/net/sunrpc/xprtrdma/fmr_ops.c
+++ b/net/sunrpc/xprtrdma/fmr_ops.c
@@ -310,10 +310,7 @@ fmr_op_unmap_safe(struct rpcrdma_xprt *r_xprt, struct rpcrdma_req *req,
310 struct rpcrdma_mw *mw; 310 struct rpcrdma_mw *mw;
311 311
312 while (!list_empty(&req->rl_registered)) { 312 while (!list_empty(&req->rl_registered)) {
313 mw = list_first_entry(&req->rl_registered, 313 mw = rpcrdma_pop_mw(&req->rl_registered);
314 struct rpcrdma_mw, mw_list);
315 list_del_init(&mw->mw_list);
316
317 if (sync) 314 if (sync)
318 fmr_op_recover_mr(mw); 315 fmr_op_recover_mr(mw);
319 else 316 else
diff --git a/net/sunrpc/xprtrdma/frwr_ops.c b/net/sunrpc/xprtrdma/frwr_ops.c
index 47bed5333c7f..f81dd93176c0 100644
--- a/net/sunrpc/xprtrdma/frwr_ops.c
+++ b/net/sunrpc/xprtrdma/frwr_ops.c
@@ -466,8 +466,8 @@ frwr_op_unmap_sync(struct rpcrdma_xprt *r_xprt, struct rpcrdma_req *req)
466 struct ib_send_wr *first, **prev, *last, *bad_wr; 466 struct ib_send_wr *first, **prev, *last, *bad_wr;
467 struct rpcrdma_rep *rep = req->rl_reply; 467 struct rpcrdma_rep *rep = req->rl_reply;
468 struct rpcrdma_ia *ia = &r_xprt->rx_ia; 468 struct rpcrdma_ia *ia = &r_xprt->rx_ia;
469 struct rpcrdma_mw *mw, *tmp;
470 struct rpcrdma_frmr *f; 469 struct rpcrdma_frmr *f;
470 struct rpcrdma_mw *mw;
471 int count, rc; 471 int count, rc;
472 472
473 dprintk("RPC: %s: req %p\n", __func__, req); 473 dprintk("RPC: %s: req %p\n", __func__, req);
@@ -534,10 +534,10 @@ frwr_op_unmap_sync(struct rpcrdma_xprt *r_xprt, struct rpcrdma_req *req)
534 * them to the free MW list. 534 * them to the free MW list.
535 */ 535 */
536unmap: 536unmap:
537 list_for_each_entry_safe(mw, tmp, &req->rl_registered, mw_list) { 537 while (!list_empty(&req->rl_registered)) {
538 mw = rpcrdma_pop_mw(&req->rl_registered);
538 dprintk("RPC: %s: DMA unmapping frmr %p\n", 539 dprintk("RPC: %s: DMA unmapping frmr %p\n",
539 __func__, &mw->frmr); 540 __func__, &mw->frmr);
540 list_del_init(&mw->mw_list);
541 ib_dma_unmap_sg(ia->ri_device, 541 ib_dma_unmap_sg(ia->ri_device,
542 mw->mw_sg, mw->mw_nents, mw->mw_dir); 542 mw->mw_sg, mw->mw_nents, mw->mw_dir);
543 rpcrdma_put_mw(r_xprt, mw); 543 rpcrdma_put_mw(r_xprt, mw);
@@ -571,10 +571,7 @@ frwr_op_unmap_safe(struct rpcrdma_xprt *r_xprt, struct rpcrdma_req *req,
571 struct rpcrdma_mw *mw; 571 struct rpcrdma_mw *mw;
572 572
573 while (!list_empty(&req->rl_registered)) { 573 while (!list_empty(&req->rl_registered)) {
574 mw = list_first_entry(&req->rl_registered, 574 mw = rpcrdma_pop_mw(&req->rl_registered);
575 struct rpcrdma_mw, mw_list);
576 list_del_init(&mw->mw_list);
577
578 if (sync) 575 if (sync)
579 frwr_op_recover_mr(mw); 576 frwr_op_recover_mr(mw);
580 else 577 else
diff --git a/net/sunrpc/xprtrdma/rpc_rdma.c b/net/sunrpc/xprtrdma/rpc_rdma.c
index c52e0f2ffe52..a044be2d6ad7 100644
--- a/net/sunrpc/xprtrdma/rpc_rdma.c
+++ b/net/sunrpc/xprtrdma/rpc_rdma.c
@@ -125,14 +125,34 @@ void rpcrdma_set_max_header_sizes(struct rpcrdma_xprt *r_xprt)
125/* The client can send a request inline as long as the RPCRDMA header 125/* The client can send a request inline as long as the RPCRDMA header
126 * plus the RPC call fit under the transport's inline limit. If the 126 * plus the RPC call fit under the transport's inline limit. If the
127 * combined call message size exceeds that limit, the client must use 127 * combined call message size exceeds that limit, the client must use
128 * the read chunk list for this operation. 128 * a Read chunk for this operation.
129 *
130 * A Read chunk is also required if sending the RPC call inline would
131 * exceed this device's max_sge limit.
129 */ 132 */
130static bool rpcrdma_args_inline(struct rpcrdma_xprt *r_xprt, 133static bool rpcrdma_args_inline(struct rpcrdma_xprt *r_xprt,
131 struct rpc_rqst *rqst) 134 struct rpc_rqst *rqst)
132{ 135{
133 struct rpcrdma_ia *ia = &r_xprt->rx_ia; 136 struct xdr_buf *xdr = &rqst->rq_snd_buf;
137 unsigned int count, remaining, offset;
138
139 if (xdr->len > r_xprt->rx_ia.ri_max_inline_write)
140 return false;
141
142 if (xdr->page_len) {
143 remaining = xdr->page_len;
144 offset = xdr->page_base & ~PAGE_MASK;
145 count = 0;
146 while (remaining) {
147 remaining -= min_t(unsigned int,
148 PAGE_SIZE - offset, remaining);
149 offset = 0;
150 if (++count > r_xprt->rx_ia.ri_max_send_sges)
151 return false;
152 }
153 }
134 154
135 return rqst->rq_snd_buf.len <= ia->ri_max_inline_write; 155 return true;
136} 156}
137 157
138/* The client can't know how large the actual reply will be. Thus it 158/* The client can't know how large the actual reply will be. Thus it
@@ -186,9 +206,9 @@ rpcrdma_convert_kvec(struct kvec *vec, struct rpcrdma_mr_seg *seg, int n)
186 */ 206 */
187 207
188static int 208static int
189rpcrdma_convert_iovs(struct xdr_buf *xdrbuf, unsigned int pos, 209rpcrdma_convert_iovs(struct rpcrdma_xprt *r_xprt, struct xdr_buf *xdrbuf,
190 enum rpcrdma_chunktype type, struct rpcrdma_mr_seg *seg, 210 unsigned int pos, enum rpcrdma_chunktype type,
191 bool reminv_expected) 211 struct rpcrdma_mr_seg *seg)
192{ 212{
193 int len, n, p, page_base; 213 int len, n, p, page_base;
194 struct page **ppages; 214 struct page **ppages;
@@ -226,22 +246,21 @@ rpcrdma_convert_iovs(struct xdr_buf *xdrbuf, unsigned int pos,
226 if (len && n == RPCRDMA_MAX_SEGS) 246 if (len && n == RPCRDMA_MAX_SEGS)
227 goto out_overflow; 247 goto out_overflow;
228 248
229 /* When encoding the read list, the tail is always sent inline */ 249 /* When encoding a Read chunk, the tail iovec contains an
230 if (type == rpcrdma_readch) 250 * XDR pad and may be omitted.
251 */
252 if (type == rpcrdma_readch && r_xprt->rx_ia.ri_implicit_roundup)
231 return n; 253 return n;
232 254
233 /* When encoding the Write list, some servers need to see an extra 255 /* When encoding a Write chunk, some servers need to see an
234 * segment for odd-length Write chunks. The upper layer provides 256 * extra segment for non-XDR-aligned Write chunks. The upper
235 * space in the tail iovec for this purpose. 257 * layer provides space in the tail iovec that may be used
258 * for this purpose.
236 */ 259 */
237 if (type == rpcrdma_writech && reminv_expected) 260 if (type == rpcrdma_writech && r_xprt->rx_ia.ri_implicit_roundup)
238 return n; 261 return n;
239 262
240 if (xdrbuf->tail[0].iov_len) { 263 if (xdrbuf->tail[0].iov_len) {
241 /* the rpcrdma protocol allows us to omit any trailing
242 * xdr pad bytes, saving the server an RDMA operation. */
243 if (xdrbuf->tail[0].iov_len < 4 && xprt_rdma_pad_optimize)
244 return n;
245 n = rpcrdma_convert_kvec(&xdrbuf->tail[0], seg, n); 264 n = rpcrdma_convert_kvec(&xdrbuf->tail[0], seg, n);
246 if (n == RPCRDMA_MAX_SEGS) 265 if (n == RPCRDMA_MAX_SEGS)
247 goto out_overflow; 266 goto out_overflow;
@@ -293,7 +312,8 @@ rpcrdma_encode_read_list(struct rpcrdma_xprt *r_xprt,
293 if (rtype == rpcrdma_areadch) 312 if (rtype == rpcrdma_areadch)
294 pos = 0; 313 pos = 0;
295 seg = req->rl_segments; 314 seg = req->rl_segments;
296 nsegs = rpcrdma_convert_iovs(&rqst->rq_snd_buf, pos, rtype, seg, false); 315 nsegs = rpcrdma_convert_iovs(r_xprt, &rqst->rq_snd_buf, pos,
316 rtype, seg);
297 if (nsegs < 0) 317 if (nsegs < 0)
298 return ERR_PTR(nsegs); 318 return ERR_PTR(nsegs);
299 319
@@ -302,7 +322,7 @@ rpcrdma_encode_read_list(struct rpcrdma_xprt *r_xprt,
302 false, &mw); 322 false, &mw);
303 if (n < 0) 323 if (n < 0)
304 return ERR_PTR(n); 324 return ERR_PTR(n);
305 list_add(&mw->mw_list, &req->rl_registered); 325 rpcrdma_push_mw(mw, &req->rl_registered);
306 326
307 *iptr++ = xdr_one; /* item present */ 327 *iptr++ = xdr_one; /* item present */
308 328
@@ -355,10 +375,9 @@ rpcrdma_encode_write_list(struct rpcrdma_xprt *r_xprt, struct rpcrdma_req *req,
355 } 375 }
356 376
357 seg = req->rl_segments; 377 seg = req->rl_segments;
358 nsegs = rpcrdma_convert_iovs(&rqst->rq_rcv_buf, 378 nsegs = rpcrdma_convert_iovs(r_xprt, &rqst->rq_rcv_buf,
359 rqst->rq_rcv_buf.head[0].iov_len, 379 rqst->rq_rcv_buf.head[0].iov_len,
360 wtype, seg, 380 wtype, seg);
361 r_xprt->rx_ia.ri_reminv_expected);
362 if (nsegs < 0) 381 if (nsegs < 0)
363 return ERR_PTR(nsegs); 382 return ERR_PTR(nsegs);
364 383
@@ -371,7 +390,7 @@ rpcrdma_encode_write_list(struct rpcrdma_xprt *r_xprt, struct rpcrdma_req *req,
371 true, &mw); 390 true, &mw);
372 if (n < 0) 391 if (n < 0)
373 return ERR_PTR(n); 392 return ERR_PTR(n);
374 list_add(&mw->mw_list, &req->rl_registered); 393 rpcrdma_push_mw(mw, &req->rl_registered);
375 394
376 iptr = xdr_encode_rdma_segment(iptr, mw); 395 iptr = xdr_encode_rdma_segment(iptr, mw);
377 396
@@ -423,8 +442,7 @@ rpcrdma_encode_reply_chunk(struct rpcrdma_xprt *r_xprt,
423 } 442 }
424 443
425 seg = req->rl_segments; 444 seg = req->rl_segments;
426 nsegs = rpcrdma_convert_iovs(&rqst->rq_rcv_buf, 0, wtype, seg, 445 nsegs = rpcrdma_convert_iovs(r_xprt, &rqst->rq_rcv_buf, 0, wtype, seg);
427 r_xprt->rx_ia.ri_reminv_expected);
428 if (nsegs < 0) 446 if (nsegs < 0)
429 return ERR_PTR(nsegs); 447 return ERR_PTR(nsegs);
430 448
@@ -437,7 +455,7 @@ rpcrdma_encode_reply_chunk(struct rpcrdma_xprt *r_xprt,
437 true, &mw); 455 true, &mw);
438 if (n < 0) 456 if (n < 0)
439 return ERR_PTR(n); 457 return ERR_PTR(n);
440 list_add(&mw->mw_list, &req->rl_registered); 458 rpcrdma_push_mw(mw, &req->rl_registered);
441 459
442 iptr = xdr_encode_rdma_segment(iptr, mw); 460 iptr = xdr_encode_rdma_segment(iptr, mw);
443 461
@@ -741,13 +759,13 @@ rpcrdma_marshal_req(struct rpc_rqst *rqst)
741 iptr = headerp->rm_body.rm_chunks; 759 iptr = headerp->rm_body.rm_chunks;
742 iptr = rpcrdma_encode_read_list(r_xprt, req, rqst, iptr, rtype); 760 iptr = rpcrdma_encode_read_list(r_xprt, req, rqst, iptr, rtype);
743 if (IS_ERR(iptr)) 761 if (IS_ERR(iptr))
744 goto out_unmap; 762 goto out_err;
745 iptr = rpcrdma_encode_write_list(r_xprt, req, rqst, iptr, wtype); 763 iptr = rpcrdma_encode_write_list(r_xprt, req, rqst, iptr, wtype);
746 if (IS_ERR(iptr)) 764 if (IS_ERR(iptr))
747 goto out_unmap; 765 goto out_err;
748 iptr = rpcrdma_encode_reply_chunk(r_xprt, req, rqst, iptr, wtype); 766 iptr = rpcrdma_encode_reply_chunk(r_xprt, req, rqst, iptr, wtype);
749 if (IS_ERR(iptr)) 767 if (IS_ERR(iptr))
750 goto out_unmap; 768 goto out_err;
751 hdrlen = (unsigned char *)iptr - (unsigned char *)headerp; 769 hdrlen = (unsigned char *)iptr - (unsigned char *)headerp;
752 770
753 dprintk("RPC: %5u %s: %s/%s: hdrlen %zd rpclen %zd\n", 771 dprintk("RPC: %5u %s: %s/%s: hdrlen %zd rpclen %zd\n",
@@ -758,12 +776,14 @@ rpcrdma_marshal_req(struct rpc_rqst *rqst)
758 if (!rpcrdma_prepare_send_sges(&r_xprt->rx_ia, req, hdrlen, 776 if (!rpcrdma_prepare_send_sges(&r_xprt->rx_ia, req, hdrlen,
759 &rqst->rq_snd_buf, rtype)) { 777 &rqst->rq_snd_buf, rtype)) {
760 iptr = ERR_PTR(-EIO); 778 iptr = ERR_PTR(-EIO);
761 goto out_unmap; 779 goto out_err;
762 } 780 }
763 return 0; 781 return 0;
764 782
765out_unmap: 783out_err:
766 r_xprt->rx_ia.ri_ops->ro_unmap_safe(r_xprt, req, false); 784 pr_err("rpcrdma: rpcrdma_marshal_req failed, status %ld\n",
785 PTR_ERR(iptr));
786 r_xprt->rx_stats.failed_marshal_count++;
767 return PTR_ERR(iptr); 787 return PTR_ERR(iptr);
768} 788}
769 789
diff --git a/net/sunrpc/xprtrdma/transport.c b/net/sunrpc/xprtrdma/transport.c
index 534c178d2a7e..c717f5410776 100644
--- a/net/sunrpc/xprtrdma/transport.c
+++ b/net/sunrpc/xprtrdma/transport.c
@@ -67,7 +67,7 @@ unsigned int xprt_rdma_max_inline_read = RPCRDMA_DEF_INLINE;
67static unsigned int xprt_rdma_max_inline_write = RPCRDMA_DEF_INLINE; 67static unsigned int xprt_rdma_max_inline_write = RPCRDMA_DEF_INLINE;
68static unsigned int xprt_rdma_inline_write_padding; 68static unsigned int xprt_rdma_inline_write_padding;
69static unsigned int xprt_rdma_memreg_strategy = RPCRDMA_FRMR; 69static unsigned int xprt_rdma_memreg_strategy = RPCRDMA_FRMR;
70 int xprt_rdma_pad_optimize = 1; 70 int xprt_rdma_pad_optimize = 0;
71 71
72#if IS_ENABLED(CONFIG_SUNRPC_DEBUG) 72#if IS_ENABLED(CONFIG_SUNRPC_DEBUG)
73 73
@@ -709,10 +709,6 @@ xprt_rdma_send_request(struct rpc_task *task)
709 return 0; 709 return 0;
710 710
711failed_marshal: 711failed_marshal:
712 dprintk("RPC: %s: rpcrdma_marshal_req failed, status %i\n",
713 __func__, rc);
714 if (rc == -EIO)
715 r_xprt->rx_stats.failed_marshal_count++;
716 if (rc != -ENOTCONN) 712 if (rc != -ENOTCONN)
717 return rc; 713 return rc;
718drop_connection: 714drop_connection:
diff --git a/net/sunrpc/xprtrdma/verbs.c b/net/sunrpc/xprtrdma/verbs.c
index 11d07748f699..3b332b395045 100644
--- a/net/sunrpc/xprtrdma/verbs.c
+++ b/net/sunrpc/xprtrdma/verbs.c
@@ -54,6 +54,7 @@
54#include <linux/sunrpc/svc_rdma.h> 54#include <linux/sunrpc/svc_rdma.h>
55#include <asm/bitops.h> 55#include <asm/bitops.h>
56#include <linux/module.h> /* try_module_get()/module_put() */ 56#include <linux/module.h> /* try_module_get()/module_put() */
57#include <rdma/ib_cm.h>
57 58
58#include "xprt_rdma.h" 59#include "xprt_rdma.h"
59 60
@@ -208,6 +209,7 @@ rpcrdma_update_connect_private(struct rpcrdma_xprt *r_xprt,
208 209
209 /* Default settings for RPC-over-RDMA Version One */ 210 /* Default settings for RPC-over-RDMA Version One */
210 r_xprt->rx_ia.ri_reminv_expected = false; 211 r_xprt->rx_ia.ri_reminv_expected = false;
212 r_xprt->rx_ia.ri_implicit_roundup = xprt_rdma_pad_optimize;
211 rsize = RPCRDMA_V1_DEF_INLINE_SIZE; 213 rsize = RPCRDMA_V1_DEF_INLINE_SIZE;
212 wsize = RPCRDMA_V1_DEF_INLINE_SIZE; 214 wsize = RPCRDMA_V1_DEF_INLINE_SIZE;
213 215
@@ -215,6 +217,7 @@ rpcrdma_update_connect_private(struct rpcrdma_xprt *r_xprt,
215 pmsg->cp_magic == rpcrdma_cmp_magic && 217 pmsg->cp_magic == rpcrdma_cmp_magic &&
216 pmsg->cp_version == RPCRDMA_CMP_VERSION) { 218 pmsg->cp_version == RPCRDMA_CMP_VERSION) {
217 r_xprt->rx_ia.ri_reminv_expected = true; 219 r_xprt->rx_ia.ri_reminv_expected = true;
220 r_xprt->rx_ia.ri_implicit_roundup = true;
218 rsize = rpcrdma_decode_buffer_size(pmsg->cp_send_size); 221 rsize = rpcrdma_decode_buffer_size(pmsg->cp_send_size);
219 wsize = rpcrdma_decode_buffer_size(pmsg->cp_recv_size); 222 wsize = rpcrdma_decode_buffer_size(pmsg->cp_recv_size);
220 } 223 }
@@ -277,7 +280,14 @@ rpcrdma_conn_upcall(struct rdma_cm_id *id, struct rdma_cm_event *event)
277 connstate = -ENETDOWN; 280 connstate = -ENETDOWN;
278 goto connected; 281 goto connected;
279 case RDMA_CM_EVENT_REJECTED: 282 case RDMA_CM_EVENT_REJECTED:
283#if IS_ENABLED(CONFIG_SUNRPC_DEBUG)
284 pr_info("rpcrdma: connection to %pIS:%u on %s rejected: %s\n",
285 sap, rpc_get_port(sap), ia->ri_device->name,
286 rdma_reject_msg(id, event->status));
287#endif
280 connstate = -ECONNREFUSED; 288 connstate = -ECONNREFUSED;
289 if (event->status == IB_CM_REJ_STALE_CONN)
290 connstate = -EAGAIN;
281 goto connected; 291 goto connected;
282 case RDMA_CM_EVENT_DISCONNECTED: 292 case RDMA_CM_EVENT_DISCONNECTED:
283 connstate = -ECONNABORTED; 293 connstate = -ECONNABORTED;
@@ -486,18 +496,20 @@ rpcrdma_ia_close(struct rpcrdma_ia *ia)
486 */ 496 */
487int 497int
488rpcrdma_ep_create(struct rpcrdma_ep *ep, struct rpcrdma_ia *ia, 498rpcrdma_ep_create(struct rpcrdma_ep *ep, struct rpcrdma_ia *ia,
489 struct rpcrdma_create_data_internal *cdata) 499 struct rpcrdma_create_data_internal *cdata)
490{ 500{
491 struct rpcrdma_connect_private *pmsg = &ep->rep_cm_private; 501 struct rpcrdma_connect_private *pmsg = &ep->rep_cm_private;
502 unsigned int max_qp_wr, max_sge;
492 struct ib_cq *sendcq, *recvcq; 503 struct ib_cq *sendcq, *recvcq;
493 unsigned int max_qp_wr;
494 int rc; 504 int rc;
495 505
496 if (ia->ri_device->attrs.max_sge < RPCRDMA_MAX_SEND_SGES) { 506 max_sge = min_t(unsigned int, ia->ri_device->attrs.max_sge,
497 dprintk("RPC: %s: insufficient sge's available\n", 507 RPCRDMA_MAX_SEND_SGES);
498 __func__); 508 if (max_sge < RPCRDMA_MIN_SEND_SGES) {
509 pr_warn("rpcrdma: HCA provides only %d send SGEs\n", max_sge);
499 return -ENOMEM; 510 return -ENOMEM;
500 } 511 }
512 ia->ri_max_send_sges = max_sge - RPCRDMA_MIN_SEND_SGES;
501 513
502 if (ia->ri_device->attrs.max_qp_wr <= RPCRDMA_BACKWARD_WRS) { 514 if (ia->ri_device->attrs.max_qp_wr <= RPCRDMA_BACKWARD_WRS) {
503 dprintk("RPC: %s: insufficient wqe's available\n", 515 dprintk("RPC: %s: insufficient wqe's available\n",
@@ -522,7 +534,7 @@ rpcrdma_ep_create(struct rpcrdma_ep *ep, struct rpcrdma_ia *ia,
522 ep->rep_attr.cap.max_recv_wr = cdata->max_requests; 534 ep->rep_attr.cap.max_recv_wr = cdata->max_requests;
523 ep->rep_attr.cap.max_recv_wr += RPCRDMA_BACKWARD_WRS; 535 ep->rep_attr.cap.max_recv_wr += RPCRDMA_BACKWARD_WRS;
524 ep->rep_attr.cap.max_recv_wr += 1; /* drain cqe */ 536 ep->rep_attr.cap.max_recv_wr += 1; /* drain cqe */
525 ep->rep_attr.cap.max_send_sge = RPCRDMA_MAX_SEND_SGES; 537 ep->rep_attr.cap.max_send_sge = max_sge;
526 ep->rep_attr.cap.max_recv_sge = 1; 538 ep->rep_attr.cap.max_recv_sge = 1;
527 ep->rep_attr.cap.max_inline_data = 0; 539 ep->rep_attr.cap.max_inline_data = 0;
528 ep->rep_attr.sq_sig_type = IB_SIGNAL_REQ_WR; 540 ep->rep_attr.sq_sig_type = IB_SIGNAL_REQ_WR;
@@ -640,20 +652,21 @@ rpcrdma_ep_destroy(struct rpcrdma_ep *ep, struct rpcrdma_ia *ia)
640int 652int
641rpcrdma_ep_connect(struct rpcrdma_ep *ep, struct rpcrdma_ia *ia) 653rpcrdma_ep_connect(struct rpcrdma_ep *ep, struct rpcrdma_ia *ia)
642{ 654{
655 struct rpcrdma_xprt *r_xprt = container_of(ia, struct rpcrdma_xprt,
656 rx_ia);
643 struct rdma_cm_id *id, *old; 657 struct rdma_cm_id *id, *old;
658 struct sockaddr *sap;
659 unsigned int extras;
644 int rc = 0; 660 int rc = 0;
645 int retry_count = 0;
646 661
647 if (ep->rep_connected != 0) { 662 if (ep->rep_connected != 0) {
648 struct rpcrdma_xprt *xprt;
649retry: 663retry:
650 dprintk("RPC: %s: reconnecting...\n", __func__); 664 dprintk("RPC: %s: reconnecting...\n", __func__);
651 665
652 rpcrdma_ep_disconnect(ep, ia); 666 rpcrdma_ep_disconnect(ep, ia);
653 667
654 xprt = container_of(ia, struct rpcrdma_xprt, rx_ia); 668 sap = (struct sockaddr *)&r_xprt->rx_data.addr;
655 id = rpcrdma_create_id(xprt, ia, 669 id = rpcrdma_create_id(r_xprt, ia, sap);
656 (struct sockaddr *)&xprt->rx_data.addr);
657 if (IS_ERR(id)) { 670 if (IS_ERR(id)) {
658 rc = -EHOSTUNREACH; 671 rc = -EHOSTUNREACH;
659 goto out; 672 goto out;
@@ -708,51 +721,18 @@ retry:
708 } 721 }
709 722
710 wait_event_interruptible(ep->rep_connect_wait, ep->rep_connected != 0); 723 wait_event_interruptible(ep->rep_connect_wait, ep->rep_connected != 0);
711
712 /*
713 * Check state. A non-peer reject indicates no listener
714 * (ECONNREFUSED), which may be a transient state. All
715 * others indicate a transport condition which has already
716 * undergone a best-effort.
717 */
718 if (ep->rep_connected == -ECONNREFUSED &&
719 ++retry_count <= RDMA_CONNECT_RETRY_MAX) {
720 dprintk("RPC: %s: non-peer_reject, retry\n", __func__);
721 goto retry;
722 }
723 if (ep->rep_connected <= 0) { 724 if (ep->rep_connected <= 0) {
724 /* Sometimes, the only way to reliably connect to remote 725 if (ep->rep_connected == -EAGAIN)
725 * CMs is to use same nonzero values for ORD and IRD. */
726 if (retry_count++ <= RDMA_CONNECT_RETRY_MAX + 1 &&
727 (ep->rep_remote_cma.responder_resources == 0 ||
728 ep->rep_remote_cma.initiator_depth !=
729 ep->rep_remote_cma.responder_resources)) {
730 if (ep->rep_remote_cma.responder_resources == 0)
731 ep->rep_remote_cma.responder_resources = 1;
732 ep->rep_remote_cma.initiator_depth =
733 ep->rep_remote_cma.responder_resources;
734 goto retry; 726 goto retry;
735 }
736 rc = ep->rep_connected; 727 rc = ep->rep_connected;
737 } else { 728 goto out;
738 struct rpcrdma_xprt *r_xprt;
739 unsigned int extras;
740
741 dprintk("RPC: %s: connected\n", __func__);
742
743 r_xprt = container_of(ia, struct rpcrdma_xprt, rx_ia);
744 extras = r_xprt->rx_buf.rb_bc_srv_max_requests;
745
746 if (extras) {
747 rc = rpcrdma_ep_post_extra_recv(r_xprt, extras);
748 if (rc) {
749 pr_warn("%s: rpcrdma_ep_post_extra_recv: %i\n",
750 __func__, rc);
751 rc = 0;
752 }
753 }
754 } 729 }
755 730
731 dprintk("RPC: %s: connected\n", __func__);
732 extras = r_xprt->rx_buf.rb_bc_srv_max_requests;
733 if (extras)
734 rpcrdma_ep_post_extra_recv(r_xprt, extras);
735
756out: 736out:
757 if (rc) 737 if (rc)
758 ep->rep_connected = rc; 738 ep->rep_connected = rc;
@@ -797,9 +777,7 @@ rpcrdma_mr_recovery_worker(struct work_struct *work)
797 777
798 spin_lock(&buf->rb_recovery_lock); 778 spin_lock(&buf->rb_recovery_lock);
799 while (!list_empty(&buf->rb_stale_mrs)) { 779 while (!list_empty(&buf->rb_stale_mrs)) {
800 mw = list_first_entry(&buf->rb_stale_mrs, 780 mw = rpcrdma_pop_mw(&buf->rb_stale_mrs);
801 struct rpcrdma_mw, mw_list);
802 list_del_init(&mw->mw_list);
803 spin_unlock(&buf->rb_recovery_lock); 781 spin_unlock(&buf->rb_recovery_lock);
804 782
805 dprintk("RPC: %s: recovering MR %p\n", __func__, mw); 783 dprintk("RPC: %s: recovering MR %p\n", __func__, mw);
@@ -817,7 +795,7 @@ rpcrdma_defer_mr_recovery(struct rpcrdma_mw *mw)
817 struct rpcrdma_buffer *buf = &r_xprt->rx_buf; 795 struct rpcrdma_buffer *buf = &r_xprt->rx_buf;
818 796
819 spin_lock(&buf->rb_recovery_lock); 797 spin_lock(&buf->rb_recovery_lock);
820 list_add(&mw->mw_list, &buf->rb_stale_mrs); 798 rpcrdma_push_mw(mw, &buf->rb_stale_mrs);
821 spin_unlock(&buf->rb_recovery_lock); 799 spin_unlock(&buf->rb_recovery_lock);
822 800
823 schedule_delayed_work(&buf->rb_recovery_worker, 0); 801 schedule_delayed_work(&buf->rb_recovery_worker, 0);
@@ -1093,11 +1071,8 @@ rpcrdma_get_mw(struct rpcrdma_xprt *r_xprt)
1093 struct rpcrdma_mw *mw = NULL; 1071 struct rpcrdma_mw *mw = NULL;
1094 1072
1095 spin_lock(&buf->rb_mwlock); 1073 spin_lock(&buf->rb_mwlock);
1096 if (!list_empty(&buf->rb_mws)) { 1074 if (!list_empty(&buf->rb_mws))
1097 mw = list_first_entry(&buf->rb_mws, 1075 mw = rpcrdma_pop_mw(&buf->rb_mws);
1098 struct rpcrdma_mw, mw_list);
1099 list_del_init(&mw->mw_list);
1100 }
1101 spin_unlock(&buf->rb_mwlock); 1076 spin_unlock(&buf->rb_mwlock);
1102 1077
1103 if (!mw) 1078 if (!mw)
@@ -1120,7 +1095,7 @@ rpcrdma_put_mw(struct rpcrdma_xprt *r_xprt, struct rpcrdma_mw *mw)
1120 struct rpcrdma_buffer *buf = &r_xprt->rx_buf; 1095 struct rpcrdma_buffer *buf = &r_xprt->rx_buf;
1121 1096
1122 spin_lock(&buf->rb_mwlock); 1097 spin_lock(&buf->rb_mwlock);
1123 list_add_tail(&mw->mw_list, &buf->rb_mws); 1098 rpcrdma_push_mw(mw, &buf->rb_mws);
1124 spin_unlock(&buf->rb_mwlock); 1099 spin_unlock(&buf->rb_mwlock);
1125} 1100}
1126 1101
diff --git a/net/sunrpc/xprtrdma/xprt_rdma.h b/net/sunrpc/xprtrdma/xprt_rdma.h
index e35efd4ac1e4..171a35116de9 100644
--- a/net/sunrpc/xprtrdma/xprt_rdma.h
+++ b/net/sunrpc/xprtrdma/xprt_rdma.h
@@ -74,7 +74,9 @@ struct rpcrdma_ia {
74 unsigned int ri_max_frmr_depth; 74 unsigned int ri_max_frmr_depth;
75 unsigned int ri_max_inline_write; 75 unsigned int ri_max_inline_write;
76 unsigned int ri_max_inline_read; 76 unsigned int ri_max_inline_read;
77 unsigned int ri_max_send_sges;
77 bool ri_reminv_expected; 78 bool ri_reminv_expected;
79 bool ri_implicit_roundup;
78 enum ib_mr_type ri_mrtype; 80 enum ib_mr_type ri_mrtype;
79 struct ib_qp_attr ri_qp_attr; 81 struct ib_qp_attr ri_qp_attr;
80 struct ib_qp_init_attr ri_qp_init_attr; 82 struct ib_qp_init_attr ri_qp_init_attr;
@@ -303,15 +305,19 @@ struct rpcrdma_mr_seg { /* chunk descriptors */
303 char *mr_offset; /* kva if no page, else offset */ 305 char *mr_offset; /* kva if no page, else offset */
304}; 306};
305 307
306/* Reserve enough Send SGEs to send a maximum size inline request: 308/* The Send SGE array is provisioned to send a maximum size
309 * inline request:
307 * - RPC-over-RDMA header 310 * - RPC-over-RDMA header
308 * - xdr_buf head iovec 311 * - xdr_buf head iovec
309 * - RPCRDMA_MAX_INLINE bytes, possibly unaligned, in pages 312 * - RPCRDMA_MAX_INLINE bytes, in pages
310 * - xdr_buf tail iovec 313 * - xdr_buf tail iovec
314 *
315 * The actual number of array elements consumed by each RPC
316 * depends on the device's max_sge limit.
311 */ 317 */
312enum { 318enum {
313 RPCRDMA_MAX_SEND_PAGES = PAGE_SIZE + RPCRDMA_MAX_INLINE - 1, 319 RPCRDMA_MIN_SEND_SGES = 3,
314 RPCRDMA_MAX_PAGE_SGES = (RPCRDMA_MAX_SEND_PAGES >> PAGE_SHIFT) + 1, 320 RPCRDMA_MAX_PAGE_SGES = RPCRDMA_MAX_INLINE >> PAGE_SHIFT,
315 RPCRDMA_MAX_SEND_SGES = 1 + 1 + RPCRDMA_MAX_PAGE_SGES + 1, 321 RPCRDMA_MAX_SEND_SGES = 1 + 1 + RPCRDMA_MAX_PAGE_SGES + 1,
316}; 322};
317 323
@@ -348,6 +354,22 @@ rpcr_to_rdmar(struct rpc_rqst *rqst)
348 return rqst->rq_xprtdata; 354 return rqst->rq_xprtdata;
349} 355}
350 356
357static inline void
358rpcrdma_push_mw(struct rpcrdma_mw *mw, struct list_head *list)
359{
360 list_add_tail(&mw->mw_list, list);
361}
362
363static inline struct rpcrdma_mw *
364rpcrdma_pop_mw(struct list_head *list)
365{
366 struct rpcrdma_mw *mw;
367
368 mw = list_first_entry(list, struct rpcrdma_mw, mw_list);
369 list_del(&mw->mw_list);
370 return mw;
371}
372
351/* 373/*
352 * struct rpcrdma_buffer -- holds list/queue of pre-registered memory for 374 * struct rpcrdma_buffer -- holds list/queue of pre-registered memory for
353 * inline requests/replies, and client/server credits. 375 * inline requests/replies, and client/server credits.
diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c
index 956c7bce80d1..16aff8ddc16f 100644
--- a/net/sunrpc/xprtsock.c
+++ b/net/sunrpc/xprtsock.c
@@ -52,6 +52,8 @@
52#include "sunrpc.h" 52#include "sunrpc.h"
53 53
54static void xs_close(struct rpc_xprt *xprt); 54static void xs_close(struct rpc_xprt *xprt);
55static void xs_tcp_set_socket_timeouts(struct rpc_xprt *xprt,
56 struct socket *sock);
55 57
56/* 58/*
57 * xprtsock tunables 59 * xprtsock tunables
@@ -666,6 +668,9 @@ static int xs_tcp_send_request(struct rpc_task *task)
666 if (task->tk_flags & RPC_TASK_SENT) 668 if (task->tk_flags & RPC_TASK_SENT)
667 zerocopy = false; 669 zerocopy = false;
668 670
671 if (test_bit(XPRT_SOCK_UPD_TIMEOUT, &transport->sock_state))
672 xs_tcp_set_socket_timeouts(xprt, transport->sock);
673
669 /* Continue transmitting the packet/record. We must be careful 674 /* Continue transmitting the packet/record. We must be careful
670 * to cope with writespace callbacks arriving _after_ we have 675 * to cope with writespace callbacks arriving _after_ we have
671 * called sendmsg(). */ 676 * called sendmsg(). */
@@ -1734,7 +1739,9 @@ static void xs_udp_set_buffer_size(struct rpc_xprt *xprt, size_t sndsize, size_t
1734 */ 1739 */
1735static void xs_udp_timer(struct rpc_xprt *xprt, struct rpc_task *task) 1740static void xs_udp_timer(struct rpc_xprt *xprt, struct rpc_task *task)
1736{ 1741{
1742 spin_lock_bh(&xprt->transport_lock);
1737 xprt_adjust_cwnd(xprt, task, -ETIMEDOUT); 1743 xprt_adjust_cwnd(xprt, task, -ETIMEDOUT);
1744 spin_unlock_bh(&xprt->transport_lock);
1738} 1745}
1739 1746
1740static unsigned short xs_get_random_port(void) 1747static unsigned short xs_get_random_port(void)
@@ -2235,6 +2242,66 @@ static void xs_tcp_shutdown(struct rpc_xprt *xprt)
2235 xs_reset_transport(transport); 2242 xs_reset_transport(transport);
2236} 2243}
2237 2244
2245static void xs_tcp_set_socket_timeouts(struct rpc_xprt *xprt,
2246 struct socket *sock)
2247{
2248 struct sock_xprt *transport = container_of(xprt, struct sock_xprt, xprt);
2249 unsigned int keepidle;
2250 unsigned int keepcnt;
2251 unsigned int opt_on = 1;
2252 unsigned int timeo;
2253
2254 spin_lock_bh(&xprt->transport_lock);
2255 keepidle = DIV_ROUND_UP(xprt->timeout->to_initval, HZ);
2256 keepcnt = xprt->timeout->to_retries + 1;
2257 timeo = jiffies_to_msecs(xprt->timeout->to_initval) *
2258 (xprt->timeout->to_retries + 1);
2259 clear_bit(XPRT_SOCK_UPD_TIMEOUT, &transport->sock_state);
2260 spin_unlock_bh(&xprt->transport_lock);
2261
2262 /* TCP Keepalive options */
2263 kernel_setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE,
2264 (char *)&opt_on, sizeof(opt_on));
2265 kernel_setsockopt(sock, SOL_TCP, TCP_KEEPIDLE,
2266 (char *)&keepidle, sizeof(keepidle));
2267 kernel_setsockopt(sock, SOL_TCP, TCP_KEEPINTVL,
2268 (char *)&keepidle, sizeof(keepidle));
2269 kernel_setsockopt(sock, SOL_TCP, TCP_KEEPCNT,
2270 (char *)&keepcnt, sizeof(keepcnt));
2271
2272 /* TCP user timeout (see RFC5482) */
2273 kernel_setsockopt(sock, SOL_TCP, TCP_USER_TIMEOUT,
2274 (char *)&timeo, sizeof(timeo));
2275}
2276
2277static void xs_tcp_set_connect_timeout(struct rpc_xprt *xprt,
2278 unsigned long connect_timeout,
2279 unsigned long reconnect_timeout)
2280{
2281 struct sock_xprt *transport = container_of(xprt, struct sock_xprt, xprt);
2282 struct rpc_timeout to;
2283 unsigned long initval;
2284
2285 spin_lock_bh(&xprt->transport_lock);
2286 if (reconnect_timeout < xprt->max_reconnect_timeout)
2287 xprt->max_reconnect_timeout = reconnect_timeout;
2288 if (connect_timeout < xprt->connect_timeout) {
2289 memcpy(&to, xprt->timeout, sizeof(to));
2290 initval = DIV_ROUND_UP(connect_timeout, to.to_retries + 1);
2291 /* Arbitrary lower limit */
2292 if (initval < XS_TCP_INIT_REEST_TO << 1)
2293 initval = XS_TCP_INIT_REEST_TO << 1;
2294 to.to_initval = initval;
2295 to.to_maxval = initval;
2296 memcpy(&transport->tcp_timeout, &to,
2297 sizeof(transport->tcp_timeout));
2298 xprt->timeout = &transport->tcp_timeout;
2299 xprt->connect_timeout = connect_timeout;
2300 }
2301 set_bit(XPRT_SOCK_UPD_TIMEOUT, &transport->sock_state);
2302 spin_unlock_bh(&xprt->transport_lock);
2303}
2304
2238static int xs_tcp_finish_connecting(struct rpc_xprt *xprt, struct socket *sock) 2305static int xs_tcp_finish_connecting(struct rpc_xprt *xprt, struct socket *sock)
2239{ 2306{
2240 struct sock_xprt *transport = container_of(xprt, struct sock_xprt, xprt); 2307 struct sock_xprt *transport = container_of(xprt, struct sock_xprt, xprt);
@@ -2242,22 +2309,8 @@ static int xs_tcp_finish_connecting(struct rpc_xprt *xprt, struct socket *sock)
2242 2309
2243 if (!transport->inet) { 2310 if (!transport->inet) {
2244 struct sock *sk = sock->sk; 2311 struct sock *sk = sock->sk;
2245 unsigned int keepidle = xprt->timeout->to_initval / HZ;
2246 unsigned int keepcnt = xprt->timeout->to_retries + 1;
2247 unsigned int opt_on = 1;
2248 unsigned int timeo;
2249 unsigned int addr_pref = IPV6_PREFER_SRC_PUBLIC; 2312 unsigned int addr_pref = IPV6_PREFER_SRC_PUBLIC;
2250 2313
2251 /* TCP Keepalive options */
2252 kernel_setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE,
2253 (char *)&opt_on, sizeof(opt_on));
2254 kernel_setsockopt(sock, SOL_TCP, TCP_KEEPIDLE,
2255 (char *)&keepidle, sizeof(keepidle));
2256 kernel_setsockopt(sock, SOL_TCP, TCP_KEEPINTVL,
2257 (char *)&keepidle, sizeof(keepidle));
2258 kernel_setsockopt(sock, SOL_TCP, TCP_KEEPCNT,
2259 (char *)&keepcnt, sizeof(keepcnt));
2260
2261 /* Avoid temporary address, they are bad for long-lived 2314 /* Avoid temporary address, they are bad for long-lived
2262 * connections such as NFS mounts. 2315 * connections such as NFS mounts.
2263 * RFC4941, section 3.6 suggests that: 2316 * RFC4941, section 3.6 suggests that:
@@ -2268,11 +2321,7 @@ static int xs_tcp_finish_connecting(struct rpc_xprt *xprt, struct socket *sock)
2268 kernel_setsockopt(sock, SOL_IPV6, IPV6_ADDR_PREFERENCES, 2321 kernel_setsockopt(sock, SOL_IPV6, IPV6_ADDR_PREFERENCES,
2269 (char *)&addr_pref, sizeof(addr_pref)); 2322 (char *)&addr_pref, sizeof(addr_pref));
2270 2323
2271 /* TCP user timeout (see RFC5482) */ 2324 xs_tcp_set_socket_timeouts(xprt, sock);
2272 timeo = jiffies_to_msecs(xprt->timeout->to_initval) *
2273 (xprt->timeout->to_retries + 1);
2274 kernel_setsockopt(sock, SOL_TCP, TCP_USER_TIMEOUT,
2275 (char *)&timeo, sizeof(timeo));
2276 2325
2277 write_lock_bh(&sk->sk_callback_lock); 2326 write_lock_bh(&sk->sk_callback_lock);
2278 2327
@@ -2721,6 +2770,7 @@ static struct rpc_xprt_ops xs_tcp_ops = {
2721 .set_retrans_timeout = xprt_set_retrans_timeout_def, 2770 .set_retrans_timeout = xprt_set_retrans_timeout_def,
2722 .close = xs_tcp_shutdown, 2771 .close = xs_tcp_shutdown,
2723 .destroy = xs_destroy, 2772 .destroy = xs_destroy,
2773 .set_connect_timeout = xs_tcp_set_connect_timeout,
2724 .print_stats = xs_tcp_print_stats, 2774 .print_stats = xs_tcp_print_stats,
2725 .enable_swap = xs_enable_swap, 2775 .enable_swap = xs_enable_swap,
2726 .disable_swap = xs_disable_swap, 2776 .disable_swap = xs_disable_swap,
@@ -3007,6 +3057,8 @@ static struct rpc_xprt *xs_setup_tcp(struct xprt_create *args)
3007 xprt->timeout = &xs_tcp_default_timeout; 3057 xprt->timeout = &xs_tcp_default_timeout;
3008 3058
3009 xprt->max_reconnect_timeout = xprt->timeout->to_maxval; 3059 xprt->max_reconnect_timeout = xprt->timeout->to_maxval;
3060 xprt->connect_timeout = xprt->timeout->to_initval *
3061 (xprt->timeout->to_retries + 1);
3010 3062
3011 INIT_WORK(&transport->recv_worker, xs_tcp_data_receive_workfn); 3063 INIT_WORK(&transport->recv_worker, xs_tcp_data_receive_workfn);
3012 INIT_DELAYED_WORK(&transport->connect_worker, xs_tcp_setup_socket); 3064 INIT_DELAYED_WORK(&transport->connect_worker, xs_tcp_setup_socket);
@@ -3209,7 +3261,9 @@ static int param_set_uint_minmax(const char *val,
3209 if (!val) 3261 if (!val)
3210 return -EINVAL; 3262 return -EINVAL;
3211 ret = kstrtouint(val, 0, &num); 3263 ret = kstrtouint(val, 0, &num);
3212 if (ret == -EINVAL || num < min || num > max) 3264 if (ret)
3265 return ret;
3266 if (num < min || num > max)
3213 return -EINVAL; 3267 return -EINVAL;
3214 *((unsigned int *)kp->arg) = num; 3268 *((unsigned int *)kp->arg) = num;
3215 return 0; 3269 return 0;
diff --git a/net/tipc/socket.c b/net/tipc/socket.c
index 6b09a778cc71..7130e73bd42c 100644
--- a/net/tipc/socket.c
+++ b/net/tipc/socket.c
@@ -35,6 +35,8 @@
35 */ 35 */
36 36
37#include <linux/rhashtable.h> 37#include <linux/rhashtable.h>
38#include <linux/sched/signal.h>
39
38#include "core.h" 40#include "core.h"
39#include "name_table.h" 41#include "name_table.h"
40#include "node.h" 42#include "node.h"
@@ -113,7 +115,8 @@ static void tipc_data_ready(struct sock *sk);
113static void tipc_write_space(struct sock *sk); 115static void tipc_write_space(struct sock *sk);
114static void tipc_sock_destruct(struct sock *sk); 116static void tipc_sock_destruct(struct sock *sk);
115static int tipc_release(struct socket *sock); 117static int tipc_release(struct socket *sock);
116static int tipc_accept(struct socket *sock, struct socket *new_sock, int flags); 118static int tipc_accept(struct socket *sock, struct socket *new_sock, int flags,
119 bool kern);
117static void tipc_sk_timeout(unsigned long data); 120static void tipc_sk_timeout(unsigned long data);
118static int tipc_sk_publish(struct tipc_sock *tsk, uint scope, 121static int tipc_sk_publish(struct tipc_sock *tsk, uint scope,
119 struct tipc_name_seq const *seq); 122 struct tipc_name_seq const *seq);
@@ -2027,7 +2030,8 @@ static int tipc_wait_for_accept(struct socket *sock, long timeo)
2027 * 2030 *
2028 * Returns 0 on success, errno otherwise 2031 * Returns 0 on success, errno otherwise
2029 */ 2032 */
2030static int tipc_accept(struct socket *sock, struct socket *new_sock, int flags) 2033static int tipc_accept(struct socket *sock, struct socket *new_sock, int flags,
2034 bool kern)
2031{ 2035{
2032 struct sock *new_sk, *sk = sock->sk; 2036 struct sock *new_sk, *sk = sock->sk;
2033 struct sk_buff *buf; 2037 struct sk_buff *buf;
@@ -2049,7 +2053,7 @@ static int tipc_accept(struct socket *sock, struct socket *new_sock, int flags)
2049 2053
2050 buf = skb_peek(&sk->sk_receive_queue); 2054 buf = skb_peek(&sk->sk_receive_queue);
2051 2055
2052 res = tipc_sk_create(sock_net(sock->sk), new_sock, 0, 0); 2056 res = tipc_sk_create(sock_net(sock->sk), new_sock, 0, kern);
2053 if (res) 2057 if (res)
2054 goto exit; 2058 goto exit;
2055 security_sk_clone(sock->sk, new_sock->sk); 2059 security_sk_clone(sock->sk, new_sock->sk);
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index e2d18b9f910f..928691c43408 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -85,7 +85,7 @@
85#include <linux/module.h> 85#include <linux/module.h>
86#include <linux/kernel.h> 86#include <linux/kernel.h>
87#include <linux/signal.h> 87#include <linux/signal.h>
88#include <linux/sched.h> 88#include <linux/sched/signal.h>
89#include <linux/errno.h> 89#include <linux/errno.h>
90#include <linux/string.h> 90#include <linux/string.h>
91#include <linux/stat.h> 91#include <linux/stat.h>
@@ -636,7 +636,7 @@ static int unix_bind(struct socket *, struct sockaddr *, int);
636static int unix_stream_connect(struct socket *, struct sockaddr *, 636static int unix_stream_connect(struct socket *, struct sockaddr *,
637 int addr_len, int flags); 637 int addr_len, int flags);
638static int unix_socketpair(struct socket *, struct socket *); 638static int unix_socketpair(struct socket *, struct socket *);
639static int unix_accept(struct socket *, struct socket *, int); 639static int unix_accept(struct socket *, struct socket *, int, bool);
640static int unix_getname(struct socket *, struct sockaddr *, int *, int); 640static int unix_getname(struct socket *, struct sockaddr *, int *, int);
641static unsigned int unix_poll(struct file *, struct socket *, poll_table *); 641static unsigned int unix_poll(struct file *, struct socket *, poll_table *);
642static unsigned int unix_dgram_poll(struct file *, struct socket *, 642static unsigned int unix_dgram_poll(struct file *, struct socket *,
@@ -1402,7 +1402,8 @@ static void unix_sock_inherit_flags(const struct socket *old,
1402 set_bit(SOCK_PASSSEC, &new->flags); 1402 set_bit(SOCK_PASSSEC, &new->flags);
1403} 1403}
1404 1404
1405static int unix_accept(struct socket *sock, struct socket *newsock, int flags) 1405static int unix_accept(struct socket *sock, struct socket *newsock, int flags,
1406 bool kern)
1406{ 1407{
1407 struct sock *sk = sock->sk; 1408 struct sock *sk = sock->sk;
1408 struct sock *tsk; 1409 struct sock *tsk;
diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c
index 8a398b3fb532..9f770f33c100 100644
--- a/net/vmw_vsock/af_vsock.c
+++ b/net/vmw_vsock/af_vsock.c
@@ -90,6 +90,7 @@
90#include <linux/init.h> 90#include <linux/init.h>
91#include <linux/io.h> 91#include <linux/io.h>
92#include <linux/kernel.h> 92#include <linux/kernel.h>
93#include <linux/sched/signal.h>
93#include <linux/kmod.h> 94#include <linux/kmod.h>
94#include <linux/list.h> 95#include <linux/list.h>
95#include <linux/miscdevice.h> 96#include <linux/miscdevice.h>
@@ -1249,7 +1250,8 @@ out:
1249 return err; 1250 return err;
1250} 1251}
1251 1252
1252static int vsock_accept(struct socket *sock, struct socket *newsock, int flags) 1253static int vsock_accept(struct socket *sock, struct socket *newsock, int flags,
1254 bool kern)
1253{ 1255{
1254 struct sock *listener; 1256 struct sock *listener;
1255 int err; 1257 int err;
diff --git a/net/vmw_vsock/virtio_transport.c b/net/vmw_vsock/virtio_transport.c
index 6788264acc63..9d24c0e958b1 100644
--- a/net/vmw_vsock/virtio_transport.c
+++ b/net/vmw_vsock/virtio_transport.c
@@ -532,7 +532,8 @@ static int virtio_vsock_probe(struct virtio_device *vdev)
532 vsock->vdev = vdev; 532 vsock->vdev = vdev;
533 533
534 ret = vsock->vdev->config->find_vqs(vsock->vdev, VSOCK_VQ_MAX, 534 ret = vsock->vdev->config->find_vqs(vsock->vdev, VSOCK_VQ_MAX,
535 vsock->vqs, callbacks, names); 535 vsock->vqs, callbacks, names,
536 NULL);
536 if (ret < 0) 537 if (ret < 0)
537 goto out; 538 goto out;
538 539
diff --git a/net/vmw_vsock/virtio_transport_common.c b/net/vmw_vsock/virtio_transport_common.c
index 849c4ad0411e..8d592a45b597 100644
--- a/net/vmw_vsock/virtio_transport_common.c
+++ b/net/vmw_vsock/virtio_transport_common.c
@@ -9,6 +9,7 @@
9 */ 9 */
10#include <linux/spinlock.h> 10#include <linux/spinlock.h>
11#include <linux/module.h> 11#include <linux/module.h>
12#include <linux/sched/signal.h>
12#include <linux/ctype.h> 13#include <linux/ctype.h>
13#include <linux/list.h> 14#include <linux/list.h>
14#include <linux/virtio.h> 15#include <linux/virtio.h>
diff --git a/net/x25/af_x25.c b/net/x25/af_x25.c
index 079c883aa96e..8b911c29860e 100644
--- a/net/x25/af_x25.c
+++ b/net/x25/af_x25.c
@@ -41,7 +41,7 @@
41#include <linux/capability.h> 41#include <linux/capability.h>
42#include <linux/errno.h> 42#include <linux/errno.h>
43#include <linux/kernel.h> 43#include <linux/kernel.h>
44#include <linux/sched.h> 44#include <linux/sched/signal.h>
45#include <linux/timer.h> 45#include <linux/timer.h>
46#include <linux/string.h> 46#include <linux/string.h>
47#include <linux/net.h> 47#include <linux/net.h>
@@ -852,7 +852,8 @@ static int x25_wait_for_data(struct sock *sk, long timeout)
852 return rc; 852 return rc;
853} 853}
854 854
855static int x25_accept(struct socket *sock, struct socket *newsock, int flags) 855static int x25_accept(struct socket *sock, struct socket *newsock, int flags,
856 bool kern)
856{ 857{
857 struct sock *sk = sock->sk; 858 struct sock *sk = sock->sk;
858 struct sock *newsk; 859 struct sock *newsk;
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 0806dccdf507..236cbbc0ab9c 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -1243,7 +1243,7 @@ static inline int policy_to_flow_dir(int dir)
1243} 1243}
1244 1244
1245static struct xfrm_policy *xfrm_sk_policy_lookup(const struct sock *sk, int dir, 1245static struct xfrm_policy *xfrm_sk_policy_lookup(const struct sock *sk, int dir,
1246 const struct flowi *fl) 1246 const struct flowi *fl, u16 family)
1247{ 1247{
1248 struct xfrm_policy *pol; 1248 struct xfrm_policy *pol;
1249 1249
@@ -1251,8 +1251,7 @@ static struct xfrm_policy *xfrm_sk_policy_lookup(const struct sock *sk, int dir,
1251 again: 1251 again:
1252 pol = rcu_dereference(sk->sk_policy[dir]); 1252 pol = rcu_dereference(sk->sk_policy[dir]);
1253 if (pol != NULL) { 1253 if (pol != NULL) {
1254 bool match = xfrm_selector_match(&pol->selector, fl, 1254 bool match = xfrm_selector_match(&pol->selector, fl, family);
1255 sk->sk_family);
1256 int err = 0; 1255 int err = 0;
1257 1256
1258 if (match) { 1257 if (match) {
@@ -2239,7 +2238,7 @@ struct dst_entry *xfrm_lookup(struct net *net, struct dst_entry *dst_orig,
2239 sk = sk_const_to_full_sk(sk); 2238 sk = sk_const_to_full_sk(sk);
2240 if (sk && sk->sk_policy[XFRM_POLICY_OUT]) { 2239 if (sk && sk->sk_policy[XFRM_POLICY_OUT]) {
2241 num_pols = 1; 2240 num_pols = 1;
2242 pols[0] = xfrm_sk_policy_lookup(sk, XFRM_POLICY_OUT, fl); 2241 pols[0] = xfrm_sk_policy_lookup(sk, XFRM_POLICY_OUT, fl, family);
2243 err = xfrm_expand_policies(fl, family, pols, 2242 err = xfrm_expand_policies(fl, family, pols,
2244 &num_pols, &num_xfrms); 2243 &num_pols, &num_xfrms);
2245 if (err < 0) 2244 if (err < 0)
@@ -2518,7 +2517,7 @@ int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb,
2518 pol = NULL; 2517 pol = NULL;
2519 sk = sk_to_full_sk(sk); 2518 sk = sk_to_full_sk(sk);
2520 if (sk && sk->sk_policy[dir]) { 2519 if (sk && sk->sk_policy[dir]) {
2521 pol = xfrm_sk_policy_lookup(sk, dir, &fl); 2520 pol = xfrm_sk_policy_lookup(sk, dir, &fl, family);
2522 if (IS_ERR(pol)) { 2521 if (IS_ERR(pol)) {
2523 XFRM_INC_STATS(net, LINUX_MIB_XFRMINPOLERROR); 2522 XFRM_INC_STATS(net, LINUX_MIB_XFRMINPOLERROR);
2524 return 0; 2523 return 0;
@@ -3069,6 +3068,11 @@ static int __net_init xfrm_net_init(struct net *net)
3069{ 3068{
3070 int rv; 3069 int rv;
3071 3070
3071 /* Initialize the per-net locks here */
3072 spin_lock_init(&net->xfrm.xfrm_state_lock);
3073 spin_lock_init(&net->xfrm.xfrm_policy_lock);
3074 mutex_init(&net->xfrm.xfrm_cfg_mutex);
3075
3072 rv = xfrm_statistics_init(net); 3076 rv = xfrm_statistics_init(net);
3073 if (rv < 0) 3077 if (rv < 0)
3074 goto out_statistics; 3078 goto out_statistics;
@@ -3085,11 +3089,6 @@ static int __net_init xfrm_net_init(struct net *net)
3085 if (rv < 0) 3089 if (rv < 0)
3086 goto out; 3090 goto out;
3087 3091
3088 /* Initialize the per-net locks here */
3089 spin_lock_init(&net->xfrm.xfrm_state_lock);
3090 spin_lock_init(&net->xfrm.xfrm_policy_lock);
3091 mutex_init(&net->xfrm.xfrm_cfg_mutex);
3092
3093 return 0; 3092 return 0;
3094 3093
3095out: 3094out:
generated by cgit v1.2.2 (git 2.25.0) at 2025-08-24 18:03:45 -0400