aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
Diffstat (limited to 'net')
-rw-r--r--net/batman-adv/fragmentation.c4
-rw-r--r--net/batman-adv/gateway_client.c2
-rw-r--r--net/batman-adv/multicast.c11
-rw-r--r--net/batman-adv/network-coding.c2
-rw-r--r--net/batman-adv/originator.c7
-rw-r--r--net/batman-adv/routing.c6
-rw-r--r--net/bluetooth/6lowpan.c1
-rw-r--r--net/bluetooth/bnep/core.c3
-rw-r--r--net/bluetooth/cmtp/core.c3
-rw-r--r--net/bluetooth/hci_conn.c2
-rw-r--r--net/bluetooth/hci_core.c60
-rw-r--r--net/bluetooth/hci_event.c36
-rw-r--r--net/bluetooth/hidp/core.c3
-rw-r--r--net/bluetooth/l2cap_core.c5
-rw-r--r--net/bluetooth/mgmt.c99
-rw-r--r--net/bluetooth/smp.c5
-rw-r--r--net/ceph/auth_x.c2
-rw-r--r--net/ceph/mon_client.c2
-rw-r--r--net/core/dev.c175
-rw-r--r--net/core/rtnetlink.c5
-rw-r--r--net/core/skbuff.c1
-rw-r--r--net/ipv4/geneve.c36
-rw-r--r--net/ipv4/ip_gre.c9
-rw-r--r--net/ipv4/ip_tunnel.c9
-rw-r--r--net/ipv4/tcp_output.c4
-rw-r--r--net/ipv6/tcp_ipv6.c45
-rw-r--r--net/mac80211/chan.c4
-rw-r--r--net/mac80211/key.c14
-rw-r--r--net/mac80211/mlme.c1
-rw-r--r--net/mac80211/rx.c11
-rw-r--r--net/mpls/mpls_gso.c5
-rw-r--r--net/netfilter/nfnetlink.c2
-rw-r--r--net/netlink/af_netlink.c92
-rw-r--r--net/netlink/af_netlink.h8
-rw-r--r--net/netlink/genetlink.c56
-rw-r--r--net/openvswitch/actions.c3
-rw-r--r--net/openvswitch/datapath.c3
-rw-r--r--net/openvswitch/flow.c5
-rw-r--r--net/openvswitch/flow_netlink.c13
-rw-r--r--net/openvswitch/vport-geneve.c3
-rw-r--r--net/openvswitch/vport-gre.c18
-rw-r--r--net/openvswitch/vport-vxlan.c2
-rw-r--r--net/openvswitch/vport.c7
-rw-r--r--net/packet/af_packet.c11
-rw-r--r--net/rds/message.c3
-rw-r--r--net/socket.c1
-rw-r--r--net/sunrpc/xdr.c6
-rw-r--r--net/wireless/Kconfig2
-rw-r--r--net/wireless/chan.c9
-rw-r--r--net/wireless/nl80211.c2
-rw-r--r--net/wireless/reg.c20
51 files changed, 535 insertions, 303 deletions
diff --git a/net/batman-adv/fragmentation.c b/net/batman-adv/fragmentation.c
index fc1835c6bb40..00f9e144cc97 100644
--- a/net/batman-adv/fragmentation.c
+++ b/net/batman-adv/fragmentation.c
@@ -251,7 +251,7 @@ batadv_frag_merge_packets(struct hlist_head *chain, struct sk_buff *skb)
251 kfree(entry); 251 kfree(entry);
252 252
253 /* Make room for the rest of the fragments. */ 253 /* Make room for the rest of the fragments. */
254 if (pskb_expand_head(skb_out, 0, size - skb->len, GFP_ATOMIC) < 0) { 254 if (pskb_expand_head(skb_out, 0, size - skb_out->len, GFP_ATOMIC) < 0) {
255 kfree_skb(skb_out); 255 kfree_skb(skb_out);
256 skb_out = NULL; 256 skb_out = NULL;
257 goto free; 257 goto free;
@@ -434,7 +434,7 @@ bool batadv_frag_send_packet(struct sk_buff *skb,
434 * fragments larger than BATADV_FRAG_MAX_FRAG_SIZE 434 * fragments larger than BATADV_FRAG_MAX_FRAG_SIZE
435 */ 435 */
436 mtu = min_t(unsigned, mtu, BATADV_FRAG_MAX_FRAG_SIZE); 436 mtu = min_t(unsigned, mtu, BATADV_FRAG_MAX_FRAG_SIZE);
437 max_fragment_size = (mtu - header_size - ETH_HLEN); 437 max_fragment_size = mtu - header_size;
438 max_packet_size = max_fragment_size * BATADV_FRAG_MAX_FRAGMENTS; 438 max_packet_size = max_fragment_size * BATADV_FRAG_MAX_FRAGMENTS;
439 439
440 /* Don't even try to fragment, if we need more than 16 fragments */ 440 /* Don't even try to fragment, if we need more than 16 fragments */
diff --git a/net/batman-adv/gateway_client.c b/net/batman-adv/gateway_client.c
index 90cff585b37d..e0bcf9e84273 100644
--- a/net/batman-adv/gateway_client.c
+++ b/net/batman-adv/gateway_client.c
@@ -810,7 +810,7 @@ bool batadv_gw_out_of_range(struct batadv_priv *bat_priv,
810 goto out; 810 goto out;
811 811
812 gw_node = batadv_gw_node_get(bat_priv, orig_dst_node); 812 gw_node = batadv_gw_node_get(bat_priv, orig_dst_node);
813 if (!gw_node->bandwidth_down == 0) 813 if (!gw_node)
814 goto out; 814 goto out;
815 815
816 switch (atomic_read(&bat_priv->gw_mode)) { 816 switch (atomic_read(&bat_priv->gw_mode)) {
diff --git a/net/batman-adv/multicast.c b/net/batman-adv/multicast.c
index ab6bb2af1d45..b24e4bb64fb5 100644
--- a/net/batman-adv/multicast.c
+++ b/net/batman-adv/multicast.c
@@ -685,11 +685,13 @@ static void batadv_mcast_tvlv_ogm_handler_v1(struct batadv_priv *bat_priv,
685 if (orig_initialized) 685 if (orig_initialized)
686 atomic_dec(&bat_priv->mcast.num_disabled); 686 atomic_dec(&bat_priv->mcast.num_disabled);
687 orig->capabilities |= BATADV_ORIG_CAPA_HAS_MCAST; 687 orig->capabilities |= BATADV_ORIG_CAPA_HAS_MCAST;
688 /* If mcast support is being switched off increase the disabled 688 /* If mcast support is being switched off or if this is an initial
689 * mcast node counter. 689 * OGM without mcast support then increase the disabled mcast
690 * node counter.
690 */ 691 */
691 } else if (!orig_mcast_enabled && 692 } else if (!orig_mcast_enabled &&
692 orig->capabilities & BATADV_ORIG_CAPA_HAS_MCAST) { 693 (orig->capabilities & BATADV_ORIG_CAPA_HAS_MCAST ||
694 !orig_initialized)) {
693 atomic_inc(&bat_priv->mcast.num_disabled); 695 atomic_inc(&bat_priv->mcast.num_disabled);
694 orig->capabilities &= ~BATADV_ORIG_CAPA_HAS_MCAST; 696 orig->capabilities &= ~BATADV_ORIG_CAPA_HAS_MCAST;
695 } 697 }
@@ -738,7 +740,8 @@ void batadv_mcast_purge_orig(struct batadv_orig_node *orig)
738{ 740{
739 struct batadv_priv *bat_priv = orig->bat_priv; 741 struct batadv_priv *bat_priv = orig->bat_priv;
740 742
741 if (!(orig->capabilities & BATADV_ORIG_CAPA_HAS_MCAST)) 743 if (!(orig->capabilities & BATADV_ORIG_CAPA_HAS_MCAST) &&
744 orig->capa_initialized & BATADV_ORIG_CAPA_HAS_MCAST)
742 atomic_dec(&bat_priv->mcast.num_disabled); 745 atomic_dec(&bat_priv->mcast.num_disabled);
743 746
744 batadv_mcast_want_unsnoop_update(bat_priv, orig, BATADV_NO_FLAGS); 747 batadv_mcast_want_unsnoop_update(bat_priv, orig, BATADV_NO_FLAGS);
diff --git a/net/batman-adv/network-coding.c b/net/batman-adv/network-coding.c
index 8d04d174669e..fab47f1f3ef9 100644
--- a/net/batman-adv/network-coding.c
+++ b/net/batman-adv/network-coding.c
@@ -133,7 +133,7 @@ int batadv_nc_mesh_init(struct batadv_priv *bat_priv)
133 if (!bat_priv->nc.decoding_hash) 133 if (!bat_priv->nc.decoding_hash)
134 goto err; 134 goto err;
135 135
136 batadv_hash_set_lock_class(bat_priv->nc.coding_hash, 136 batadv_hash_set_lock_class(bat_priv->nc.decoding_hash,
137 &batadv_nc_decoding_hash_lock_class_key); 137 &batadv_nc_decoding_hash_lock_class_key);
138 138
139 INIT_DELAYED_WORK(&bat_priv->nc.work, batadv_nc_worker); 139 INIT_DELAYED_WORK(&bat_priv->nc.work, batadv_nc_worker);
diff --git a/net/batman-adv/originator.c b/net/batman-adv/originator.c
index 6a484514cd3e..bea8198d0198 100644
--- a/net/batman-adv/originator.c
+++ b/net/batman-adv/originator.c
@@ -570,9 +570,6 @@ static void batadv_orig_node_free_rcu(struct rcu_head *rcu)
570 570
571 batadv_frag_purge_orig(orig_node, NULL); 571 batadv_frag_purge_orig(orig_node, NULL);
572 572
573 batadv_tt_global_del_orig(orig_node->bat_priv, orig_node, -1,
574 "originator timed out");
575
576 if (orig_node->bat_priv->bat_algo_ops->bat_orig_free) 573 if (orig_node->bat_priv->bat_algo_ops->bat_orig_free)
577 orig_node->bat_priv->bat_algo_ops->bat_orig_free(orig_node); 574 orig_node->bat_priv->bat_algo_ops->bat_orig_free(orig_node);
578 575
@@ -678,6 +675,7 @@ struct batadv_orig_node *batadv_orig_node_new(struct batadv_priv *bat_priv,
678 atomic_set(&orig_node->last_ttvn, 0); 675 atomic_set(&orig_node->last_ttvn, 0);
679 orig_node->tt_buff = NULL; 676 orig_node->tt_buff = NULL;
680 orig_node->tt_buff_len = 0; 677 orig_node->tt_buff_len = 0;
678 orig_node->last_seen = jiffies;
681 reset_time = jiffies - 1 - msecs_to_jiffies(BATADV_RESET_PROTECTION_MS); 679 reset_time = jiffies - 1 - msecs_to_jiffies(BATADV_RESET_PROTECTION_MS);
682 orig_node->bcast_seqno_reset = reset_time; 680 orig_node->bcast_seqno_reset = reset_time;
683#ifdef CONFIG_BATMAN_ADV_MCAST 681#ifdef CONFIG_BATMAN_ADV_MCAST
@@ -977,6 +975,9 @@ static void _batadv_purge_orig(struct batadv_priv *bat_priv)
977 if (batadv_purge_orig_node(bat_priv, orig_node)) { 975 if (batadv_purge_orig_node(bat_priv, orig_node)) {
978 batadv_gw_node_delete(bat_priv, orig_node); 976 batadv_gw_node_delete(bat_priv, orig_node);
979 hlist_del_rcu(&orig_node->hash_entry); 977 hlist_del_rcu(&orig_node->hash_entry);
978 batadv_tt_global_del_orig(orig_node->bat_priv,
979 orig_node, -1,
980 "originator timed out");
980 batadv_orig_node_free_ref(orig_node); 981 batadv_orig_node_free_ref(orig_node);
981 continue; 982 continue;
982 } 983 }
diff --git a/net/batman-adv/routing.c b/net/batman-adv/routing.c
index 35f76f2f7824..6648f321864d 100644
--- a/net/batman-adv/routing.c
+++ b/net/batman-adv/routing.c
@@ -443,11 +443,13 @@ batadv_find_router(struct batadv_priv *bat_priv,
443 443
444 router = batadv_orig_router_get(orig_node, recv_if); 444 router = batadv_orig_router_get(orig_node, recv_if);
445 445
446 if (!router)
447 return router;
448
446 /* only consider bonding for recv_if == BATADV_IF_DEFAULT (first hop) 449 /* only consider bonding for recv_if == BATADV_IF_DEFAULT (first hop)
447 * and if activated. 450 * and if activated.
448 */ 451 */
449 if (recv_if == BATADV_IF_DEFAULT || !atomic_read(&bat_priv->bonding) || 452 if (!(recv_if == BATADV_IF_DEFAULT && atomic_read(&bat_priv->bonding)))
450 !router)
451 return router; 453 return router;
452 454
453 /* bonding: loop through the list of possible routers found 455 /* bonding: loop through the list of possible routers found
diff --git a/net/bluetooth/6lowpan.c b/net/bluetooth/6lowpan.c
index 76617be1e797..c989253737f0 100644
--- a/net/bluetooth/6lowpan.c
+++ b/net/bluetooth/6lowpan.c
@@ -390,7 +390,6 @@ static int recv_pkt(struct sk_buff *skb, struct net_device *dev,
390 390
391drop: 391drop:
392 dev->stats.rx_dropped++; 392 dev->stats.rx_dropped++;
393 kfree_skb(skb);
394 return NET_RX_DROP; 393 return NET_RX_DROP;
395} 394}
396 395
diff --git a/net/bluetooth/bnep/core.c b/net/bluetooth/bnep/core.c
index 85bcc21e84d2..ce82722d049b 100644
--- a/net/bluetooth/bnep/core.c
+++ b/net/bluetooth/bnep/core.c
@@ -533,6 +533,9 @@ int bnep_add_connection(struct bnep_connadd_req *req, struct socket *sock)
533 533
534 BT_DBG(""); 534 BT_DBG("");
535 535
536 if (!l2cap_is_socket(sock))
537 return -EBADFD;
538
536 baswap((void *) dst, &l2cap_pi(sock->sk)->chan->dst); 539 baswap((void *) dst, &l2cap_pi(sock->sk)->chan->dst);
537 baswap((void *) src, &l2cap_pi(sock->sk)->chan->src); 540 baswap((void *) src, &l2cap_pi(sock->sk)->chan->src);
538 541
diff --git a/net/bluetooth/cmtp/core.c b/net/bluetooth/cmtp/core.c
index 67fe5e84e68f..278a194e6af4 100644
--- a/net/bluetooth/cmtp/core.c
+++ b/net/bluetooth/cmtp/core.c
@@ -334,6 +334,9 @@ int cmtp_add_connection(struct cmtp_connadd_req *req, struct socket *sock)
334 334
335 BT_DBG(""); 335 BT_DBG("");
336 336
337 if (!l2cap_is_socket(sock))
338 return -EBADFD;
339
337 session = kzalloc(sizeof(struct cmtp_session), GFP_KERNEL); 340 session = kzalloc(sizeof(struct cmtp_session), GFP_KERNEL);
338 if (!session) 341 if (!session)
339 return -ENOMEM; 342 return -ENOMEM;
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index 79d84b88b8f0..fe18825cc8a4 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -661,7 +661,7 @@ static void hci_req_add_le_create_conn(struct hci_request *req,
661 memset(&cp, 0, sizeof(cp)); 661 memset(&cp, 0, sizeof(cp));
662 662
663 /* Update random address, but set require_privacy to false so 663 /* Update random address, but set require_privacy to false so
664 * that we never connect with an unresolvable address. 664 * that we never connect with an non-resolvable address.
665 */ 665 */
666 if (hci_update_random_address(req, false, &own_addr_type)) 666 if (hci_update_random_address(req, false, &own_addr_type))
667 return; 667 return;
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index 93f92a085506..5dcacf9607e4 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -1373,8 +1373,6 @@ static void hci_init1_req(struct hci_request *req, unsigned long opt)
1373 1373
1374static void bredr_setup(struct hci_request *req) 1374static void bredr_setup(struct hci_request *req)
1375{ 1375{
1376 struct hci_dev *hdev = req->hdev;
1377
1378 __le16 param; 1376 __le16 param;
1379 __u8 flt_type; 1377 __u8 flt_type;
1380 1378
@@ -1403,14 +1401,6 @@ static void bredr_setup(struct hci_request *req)
1403 /* Connection accept timeout ~20 secs */ 1401 /* Connection accept timeout ~20 secs */
1404 param = cpu_to_le16(0x7d00); 1402 param = cpu_to_le16(0x7d00);
1405 hci_req_add(req, HCI_OP_WRITE_CA_TIMEOUT, 2, &param); 1403 hci_req_add(req, HCI_OP_WRITE_CA_TIMEOUT, 2, &param);
1406
1407 /* AVM Berlin (31), aka "BlueFRITZ!", reports version 1.2,
1408 * but it does not support page scan related HCI commands.
1409 */
1410 if (hdev->manufacturer != 31 && hdev->hci_ver > BLUETOOTH_VER_1_1) {
1411 hci_req_add(req, HCI_OP_READ_PAGE_SCAN_ACTIVITY, 0, NULL);
1412 hci_req_add(req, HCI_OP_READ_PAGE_SCAN_TYPE, 0, NULL);
1413 }
1414} 1404}
1415 1405
1416static void le_setup(struct hci_request *req) 1406static void le_setup(struct hci_request *req)
@@ -1718,6 +1708,16 @@ static void hci_init3_req(struct hci_request *req, unsigned long opt)
1718 if (hdev->commands[5] & 0x10) 1708 if (hdev->commands[5] & 0x10)
1719 hci_setup_link_policy(req); 1709 hci_setup_link_policy(req);
1720 1710
1711 if (hdev->commands[8] & 0x01)
1712 hci_req_add(req, HCI_OP_READ_PAGE_SCAN_ACTIVITY, 0, NULL);
1713
1714 /* Some older Broadcom based Bluetooth 1.2 controllers do not
1715 * support the Read Page Scan Type command. Check support for
1716 * this command in the bit mask of supported commands.
1717 */
1718 if (hdev->commands[13] & 0x01)
1719 hci_req_add(req, HCI_OP_READ_PAGE_SCAN_TYPE, 0, NULL);
1720
1721 if (lmp_le_capable(hdev)) { 1721 if (lmp_le_capable(hdev)) {
1722 u8 events[8]; 1722 u8 events[8];
1723 1723
@@ -2634,6 +2634,12 @@ static int hci_dev_do_close(struct hci_dev *hdev)
2634 drain_workqueue(hdev->workqueue); 2634 drain_workqueue(hdev->workqueue);
2635 2635
2636 hci_dev_lock(hdev); 2636 hci_dev_lock(hdev);
2637
2638 if (!test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
2639 if (hdev->dev_type == HCI_BREDR)
2640 mgmt_powered(hdev, 0);
2641 }
2642
2637 hci_inquiry_cache_flush(hdev); 2643 hci_inquiry_cache_flush(hdev);
2638 hci_pend_le_actions_clear(hdev); 2644 hci_pend_le_actions_clear(hdev);
2639 hci_conn_hash_flush(hdev); 2645 hci_conn_hash_flush(hdev);
@@ -2681,14 +2687,6 @@ static int hci_dev_do_close(struct hci_dev *hdev)
2681 hdev->flags &= BIT(HCI_RAW); 2687 hdev->flags &= BIT(HCI_RAW);
2682 hdev->dev_flags &= ~HCI_PERSISTENT_MASK; 2688 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
2683 2689
2684 if (!test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
2685 if (hdev->dev_type == HCI_BREDR) {
2686 hci_dev_lock(hdev);
2687 mgmt_powered(hdev, 0);
2688 hci_dev_unlock(hdev);
2689 }
2690 }
2691
2692 /* Controller radio is available but is currently powered down */ 2690 /* Controller radio is available but is currently powered down */
2693 hdev->amp_status = AMP_STATUS_POWERED_DOWN; 2691 hdev->amp_status = AMP_STATUS_POWERED_DOWN;
2694 2692
@@ -3083,7 +3081,9 @@ static void hci_power_on(struct work_struct *work)
3083 3081
3084 err = hci_dev_do_open(hdev); 3082 err = hci_dev_do_open(hdev);
3085 if (err < 0) { 3083 if (err < 0) {
3084 hci_dev_lock(hdev);
3086 mgmt_set_powered_failed(hdev, err); 3085 mgmt_set_powered_failed(hdev, err);
3086 hci_dev_unlock(hdev);
3087 return; 3087 return;
3088 } 3088 }
3089 3089
@@ -3959,17 +3959,29 @@ int hci_update_random_address(struct hci_request *req, bool require_privacy,
3959 } 3959 }
3960 3960
3961 /* In case of required privacy without resolvable private address, 3961 /* In case of required privacy without resolvable private address,
3962 * use an unresolvable private address. This is useful for active 3962 * use an non-resolvable private address. This is useful for active
3963 * scanning and non-connectable advertising. 3963 * scanning and non-connectable advertising.
3964 */ 3964 */
3965 if (require_privacy) { 3965 if (require_privacy) {
3966 bdaddr_t urpa; 3966 bdaddr_t nrpa;
3967
3968 while (true) {
3969 /* The non-resolvable private address is generated
3970 * from random six bytes with the two most significant
3971 * bits cleared.
3972 */
3973 get_random_bytes(&nrpa, 6);
3974 nrpa.b[5] &= 0x3f;
3967 3975
3968 get_random_bytes(&urpa, 6); 3976 /* The non-resolvable private address shall not be
3969 urpa.b[5] &= 0x3f; /* Clear two most significant bits */ 3977 * equal to the public address.
3978 */
3979 if (bacmp(&hdev->bdaddr, &nrpa))
3980 break;
3981 }
3970 3982
3971 *own_addr_type = ADDR_LE_DEV_RANDOM; 3983 *own_addr_type = ADDR_LE_DEV_RANDOM;
3972 set_random_addr(req, &urpa); 3984 set_random_addr(req, &nrpa);
3973 return 0; 3985 return 0;
3974 } 3986 }
3975 3987
@@ -5625,7 +5637,7 @@ void hci_req_add_le_passive_scan(struct hci_request *req)
5625 u8 filter_policy; 5637 u8 filter_policy;
5626 5638
5627 /* Set require_privacy to false since no SCAN_REQ are send 5639 /* Set require_privacy to false since no SCAN_REQ are send
5628 * during passive scanning. Not using an unresolvable address 5640 * during passive scanning. Not using an non-resolvable address
5629 * here is important so that peer devices using direct 5641 * here is important so that peer devices using direct
5630 * advertising with our address will be correctly reported 5642 * advertising with our address will be correctly reported
5631 * by the controller. 5643 * by the controller.
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 322abbbbcef9..3f2e8b830cbd 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -242,7 +242,8 @@ static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
242 if (rp->status) 242 if (rp->status)
243 return; 243 return;
244 244
245 if (test_bit(HCI_SETUP, &hdev->dev_flags)) 245 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
246 test_bit(HCI_CONFIG, &hdev->dev_flags))
246 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH); 247 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
247} 248}
248 249
@@ -257,6 +258,8 @@ static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
257 if (!sent) 258 if (!sent)
258 return; 259 return;
259 260
261 hci_dev_lock(hdev);
262
260 if (!status) { 263 if (!status) {
261 __u8 param = *((__u8 *) sent); 264 __u8 param = *((__u8 *) sent);
262 265
@@ -268,6 +271,8 @@ static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
268 271
269 if (test_bit(HCI_MGMT, &hdev->dev_flags)) 272 if (test_bit(HCI_MGMT, &hdev->dev_flags))
270 mgmt_auth_enable_complete(hdev, status); 273 mgmt_auth_enable_complete(hdev, status);
274
275 hci_dev_unlock(hdev);
271} 276}
272 277
273static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb) 278static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
@@ -443,6 +448,8 @@ static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
443 if (!sent) 448 if (!sent)
444 return; 449 return;
445 450
451 hci_dev_lock(hdev);
452
446 if (!status) { 453 if (!status) {
447 if (sent->mode) 454 if (sent->mode)
448 hdev->features[1][0] |= LMP_HOST_SSP; 455 hdev->features[1][0] |= LMP_HOST_SSP;
@@ -458,6 +465,8 @@ static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
458 else 465 else
459 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags); 466 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
460 } 467 }
468
469 hci_dev_unlock(hdev);
461} 470}
462 471
463static void hci_cc_write_sc_support(struct hci_dev *hdev, struct sk_buff *skb) 472static void hci_cc_write_sc_support(struct hci_dev *hdev, struct sk_buff *skb)
@@ -471,6 +480,8 @@ static void hci_cc_write_sc_support(struct hci_dev *hdev, struct sk_buff *skb)
471 if (!sent) 480 if (!sent)
472 return; 481 return;
473 482
483 hci_dev_lock(hdev);
484
474 if (!status) { 485 if (!status) {
475 if (sent->support) 486 if (sent->support)
476 hdev->features[1][0] |= LMP_HOST_SC; 487 hdev->features[1][0] |= LMP_HOST_SC;
@@ -486,6 +497,8 @@ static void hci_cc_write_sc_support(struct hci_dev *hdev, struct sk_buff *skb)
486 else 497 else
487 clear_bit(HCI_SC_ENABLED, &hdev->dev_flags); 498 clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
488 } 499 }
500
501 hci_dev_unlock(hdev);
489} 502}
490 503
491static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb) 504static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
@@ -497,7 +510,8 @@ static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
497 if (rp->status) 510 if (rp->status)
498 return; 511 return;
499 512
500 if (test_bit(HCI_SETUP, &hdev->dev_flags)) { 513 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
514 test_bit(HCI_CONFIG, &hdev->dev_flags)) {
501 hdev->hci_ver = rp->hci_ver; 515 hdev->hci_ver = rp->hci_ver;
502 hdev->hci_rev = __le16_to_cpu(rp->hci_rev); 516 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
503 hdev->lmp_ver = rp->lmp_ver; 517 hdev->lmp_ver = rp->lmp_ver;
@@ -516,7 +530,8 @@ static void hci_cc_read_local_commands(struct hci_dev *hdev,
516 if (rp->status) 530 if (rp->status)
517 return; 531 return;
518 532
519 if (test_bit(HCI_SETUP, &hdev->dev_flags)) 533 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
534 test_bit(HCI_CONFIG, &hdev->dev_flags))
520 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands)); 535 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
521} 536}
522 537
@@ -1135,6 +1150,8 @@ static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1135 if (!cp) 1150 if (!cp)
1136 return; 1151 return;
1137 1152
1153 hci_dev_lock(hdev);
1154
1138 switch (cp->enable) { 1155 switch (cp->enable) {
1139 case LE_SCAN_ENABLE: 1156 case LE_SCAN_ENABLE:
1140 set_bit(HCI_LE_SCAN, &hdev->dev_flags); 1157 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
@@ -1184,6 +1201,8 @@ static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1184 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable); 1201 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1185 break; 1202 break;
1186 } 1203 }
1204
1205 hci_dev_unlock(hdev);
1187} 1206}
1188 1207
1189static void hci_cc_le_read_white_list_size(struct hci_dev *hdev, 1208static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
@@ -1278,6 +1297,8 @@ static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1278 if (!sent) 1297 if (!sent)
1279 return; 1298 return;
1280 1299
1300 hci_dev_lock(hdev);
1301
1281 if (sent->le) { 1302 if (sent->le) {
1282 hdev->features[1][0] |= LMP_HOST_LE; 1303 hdev->features[1][0] |= LMP_HOST_LE;
1283 set_bit(HCI_LE_ENABLED, &hdev->dev_flags); 1304 set_bit(HCI_LE_ENABLED, &hdev->dev_flags);
@@ -1291,6 +1312,8 @@ static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1291 hdev->features[1][0] |= LMP_HOST_LE_BREDR; 1312 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
1292 else 1313 else
1293 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR; 1314 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
1315
1316 hci_dev_unlock(hdev);
1294} 1317}
1295 1318
1296static void hci_cc_set_adv_param(struct hci_dev *hdev, struct sk_buff *skb) 1319static void hci_cc_set_adv_param(struct hci_dev *hdev, struct sk_buff *skb)
@@ -2174,7 +2197,12 @@ static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2174 return; 2197 return;
2175 } 2198 }
2176 2199
2177 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags) && 2200 /* Require HCI_CONNECTABLE or a whitelist entry to accept the
2201 * connection. These features are only touched through mgmt so
2202 * only do the checks if HCI_MGMT is set.
2203 */
2204 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
2205 !test_bit(HCI_CONNECTABLE, &hdev->dev_flags) &&
2178 !hci_bdaddr_list_lookup(&hdev->whitelist, &ev->bdaddr, 2206 !hci_bdaddr_list_lookup(&hdev->whitelist, &ev->bdaddr,
2179 BDADDR_BREDR)) { 2207 BDADDR_BREDR)) {
2180 hci_reject_conn(hdev, &ev->bdaddr); 2208 hci_reject_conn(hdev, &ev->bdaddr);
diff --git a/net/bluetooth/hidp/core.c b/net/bluetooth/hidp/core.c
index cc25d0b74b36..07348e142f16 100644
--- a/net/bluetooth/hidp/core.c
+++ b/net/bluetooth/hidp/core.c
@@ -1314,13 +1314,14 @@ int hidp_connection_add(struct hidp_connadd_req *req,
1314{ 1314{
1315 struct hidp_session *session; 1315 struct hidp_session *session;
1316 struct l2cap_conn *conn; 1316 struct l2cap_conn *conn;
1317 struct l2cap_chan *chan = l2cap_pi(ctrl_sock->sk)->chan; 1317 struct l2cap_chan *chan;
1318 int ret; 1318 int ret;
1319 1319
1320 ret = hidp_verify_sockets(ctrl_sock, intr_sock); 1320 ret = hidp_verify_sockets(ctrl_sock, intr_sock);
1321 if (ret) 1321 if (ret)
1322 return ret; 1322 return ret;
1323 1323
1324 chan = l2cap_pi(ctrl_sock->sk)->chan;
1324 conn = NULL; 1325 conn = NULL;
1325 l2cap_chan_lock(chan); 1326 l2cap_chan_lock(chan);
1326 if (chan->conn) 1327 if (chan->conn)
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index a2b6dfa38a0c..d04dc0095736 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -6966,8 +6966,9 @@ static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon)
6966 test_bit(HCI_HS_ENABLED, &hcon->hdev->dev_flags)) 6966 test_bit(HCI_HS_ENABLED, &hcon->hdev->dev_flags))
6967 conn->local_fixed_chan |= L2CAP_FC_A2MP; 6967 conn->local_fixed_chan |= L2CAP_FC_A2MP;
6968 6968
6969 if (bredr_sc_enabled(hcon->hdev) && 6969 if (test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags) &&
6970 test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags)) 6970 (bredr_sc_enabled(hcon->hdev) ||
6971 test_bit(HCI_FORCE_LESC, &hcon->hdev->dbg_flags)))
6971 conn->local_fixed_chan |= L2CAP_FC_SMP_BREDR; 6972 conn->local_fixed_chan |= L2CAP_FC_SMP_BREDR;
6972 6973
6973 mutex_init(&conn->ident_lock); 6974 mutex_init(&conn->ident_lock);
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index 7384f1161336..693ce8bcd06e 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -2199,12 +2199,14 @@ static void le_enable_complete(struct hci_dev *hdev, u8 status)
2199{ 2199{
2200 struct cmd_lookup match = { NULL, hdev }; 2200 struct cmd_lookup match = { NULL, hdev };
2201 2201
2202 hci_dev_lock(hdev);
2203
2202 if (status) { 2204 if (status) {
2203 u8 mgmt_err = mgmt_status(status); 2205 u8 mgmt_err = mgmt_status(status);
2204 2206
2205 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp, 2207 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2206 &mgmt_err); 2208 &mgmt_err);
2207 return; 2209 goto unlock;
2208 } 2210 }
2209 2211
2210 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match); 2212 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
@@ -2222,17 +2224,16 @@ static void le_enable_complete(struct hci_dev *hdev, u8 status)
2222 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) { 2224 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2223 struct hci_request req; 2225 struct hci_request req;
2224 2226
2225 hci_dev_lock(hdev);
2226
2227 hci_req_init(&req, hdev); 2227 hci_req_init(&req, hdev);
2228 update_adv_data(&req); 2228 update_adv_data(&req);
2229 update_scan_rsp_data(&req); 2229 update_scan_rsp_data(&req);
2230 hci_req_run(&req, NULL); 2230 hci_req_run(&req, NULL);
2231 2231
2232 hci_update_background_scan(hdev); 2232 hci_update_background_scan(hdev);
2233
2234 hci_dev_unlock(hdev);
2235 } 2233 }
2234
2235unlock:
2236 hci_dev_unlock(hdev);
2236} 2237}
2237 2238
2238static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 2239static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
@@ -3114,14 +3115,13 @@ static void pairing_complete(struct pending_cmd *cmd, u8 status)
3114 conn->disconn_cfm_cb = NULL; 3115 conn->disconn_cfm_cb = NULL;
3115 3116
3116 hci_conn_drop(conn); 3117 hci_conn_drop(conn);
3117 hci_conn_put(conn);
3118
3119 mgmt_pending_remove(cmd);
3120 3118
3121 /* The device is paired so there is no need to remove 3119 /* The device is paired so there is no need to remove
3122 * its connection parameters anymore. 3120 * its connection parameters anymore.
3123 */ 3121 */
3124 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags); 3122 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
3123
3124 hci_conn_put(conn);
3125} 3125}
3126 3126
3127void mgmt_smp_complete(struct hci_conn *conn, bool complete) 3127void mgmt_smp_complete(struct hci_conn *conn, bool complete)
@@ -3130,8 +3130,10 @@ void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3130 struct pending_cmd *cmd; 3130 struct pending_cmd *cmd;
3131 3131
3132 cmd = find_pairing(conn); 3132 cmd = find_pairing(conn);
3133 if (cmd) 3133 if (cmd) {
3134 cmd->cmd_complete(cmd, status); 3134 cmd->cmd_complete(cmd, status);
3135 mgmt_pending_remove(cmd);
3136 }
3135} 3137}
3136 3138
3137static void pairing_complete_cb(struct hci_conn *conn, u8 status) 3139static void pairing_complete_cb(struct hci_conn *conn, u8 status)
@@ -3141,10 +3143,13 @@ static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3141 BT_DBG("status %u", status); 3143 BT_DBG("status %u", status);
3142 3144
3143 cmd = find_pairing(conn); 3145 cmd = find_pairing(conn);
3144 if (!cmd) 3146 if (!cmd) {
3145 BT_DBG("Unable to find a pending command"); 3147 BT_DBG("Unable to find a pending command");
3146 else 3148 return;
3147 cmd->cmd_complete(cmd, mgmt_status(status)); 3149 }
3150
3151 cmd->cmd_complete(cmd, mgmt_status(status));
3152 mgmt_pending_remove(cmd);
3148} 3153}
3149 3154
3150static void le_pairing_complete_cb(struct hci_conn *conn, u8 status) 3155static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
@@ -3157,10 +3162,13 @@ static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
3157 return; 3162 return;
3158 3163
3159 cmd = find_pairing(conn); 3164 cmd = find_pairing(conn);
3160 if (!cmd) 3165 if (!cmd) {
3161 BT_DBG("Unable to find a pending command"); 3166 BT_DBG("Unable to find a pending command");
3162 else 3167 return;
3163 cmd->cmd_complete(cmd, mgmt_status(status)); 3168 }
3169
3170 cmd->cmd_complete(cmd, mgmt_status(status));
3171 mgmt_pending_remove(cmd);
3164} 3172}
3165 3173
3166static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data, 3174static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
@@ -3274,8 +3282,10 @@ static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3274 cmd->user_data = hci_conn_get(conn); 3282 cmd->user_data = hci_conn_get(conn);
3275 3283
3276 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) && 3284 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
3277 hci_conn_security(conn, sec_level, auth_type, true)) 3285 hci_conn_security(conn, sec_level, auth_type, true)) {
3278 pairing_complete(cmd, 0); 3286 cmd->cmd_complete(cmd, 0);
3287 mgmt_pending_remove(cmd);
3288 }
3279 3289
3280 err = 0; 3290 err = 0;
3281 3291
@@ -3317,7 +3327,8 @@ static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3317 goto unlock; 3327 goto unlock;
3318 } 3328 }
3319 3329
3320 pairing_complete(cmd, MGMT_STATUS_CANCELLED); 3330 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3331 mgmt_pending_remove(cmd);
3321 3332
3322 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0, 3333 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3323 addr, sizeof(*addr)); 3334 addr, sizeof(*addr));
@@ -3791,7 +3802,7 @@ static bool trigger_discovery(struct hci_request *req, u8 *status)
3791 3802
3792 /* All active scans will be done with either a resolvable 3803 /* All active scans will be done with either a resolvable
3793 * private address (when privacy feature has been enabled) 3804 * private address (when privacy feature has been enabled)
3794 * or unresolvable private address. 3805 * or non-resolvable private address.
3795 */ 3806 */
3796 err = hci_update_random_address(req, true, &own_addr_type); 3807 err = hci_update_random_address(req, true, &own_addr_type);
3797 if (err < 0) { 3808 if (err < 0) {
@@ -4279,12 +4290,14 @@ static void set_advertising_complete(struct hci_dev *hdev, u8 status)
4279{ 4290{
4280 struct cmd_lookup match = { NULL, hdev }; 4291 struct cmd_lookup match = { NULL, hdev };
4281 4292
4293 hci_dev_lock(hdev);
4294
4282 if (status) { 4295 if (status) {
4283 u8 mgmt_err = mgmt_status(status); 4296 u8 mgmt_err = mgmt_status(status);
4284 4297
4285 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, 4298 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4286 cmd_status_rsp, &mgmt_err); 4299 cmd_status_rsp, &mgmt_err);
4287 return; 4300 goto unlock;
4288 } 4301 }
4289 4302
4290 if (test_bit(HCI_LE_ADV, &hdev->dev_flags)) 4303 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
@@ -4299,6 +4312,9 @@ static void set_advertising_complete(struct hci_dev *hdev, u8 status)
4299 4312
4300 if (match.sk) 4313 if (match.sk)
4301 sock_put(match.sk); 4314 sock_put(match.sk);
4315
4316unlock:
4317 hci_dev_unlock(hdev);
4302} 4318}
4303 4319
4304static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data, 4320static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
@@ -6081,6 +6097,11 @@ static int powered_update_hci(struct hci_dev *hdev)
6081 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp); 6097 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
6082 } 6098 }
6083 6099
6100 if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) {
6101 u8 sc = 0x01;
6102 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, sizeof(sc), &sc);
6103 }
6104
6084 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) && 6105 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
6085 lmp_bredr_capable(hdev)) { 6106 lmp_bredr_capable(hdev)) {
6086 struct hci_cp_write_le_host_supported cp; 6107 struct hci_cp_write_le_host_supported cp;
@@ -6130,8 +6151,7 @@ static int powered_update_hci(struct hci_dev *hdev)
6130int mgmt_powered(struct hci_dev *hdev, u8 powered) 6151int mgmt_powered(struct hci_dev *hdev, u8 powered)
6131{ 6152{
6132 struct cmd_lookup match = { NULL, hdev }; 6153 struct cmd_lookup match = { NULL, hdev };
6133 u8 status_not_powered = MGMT_STATUS_NOT_POWERED; 6154 u8 status, zero_cod[] = { 0, 0, 0 };
6134 u8 zero_cod[] = { 0, 0, 0 };
6135 int err; 6155 int err;
6136 6156
6137 if (!test_bit(HCI_MGMT, &hdev->dev_flags)) 6157 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
@@ -6147,7 +6167,20 @@ int mgmt_powered(struct hci_dev *hdev, u8 powered)
6147 } 6167 }
6148 6168
6149 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match); 6169 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6150 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status_not_powered); 6170
6171 /* If the power off is because of hdev unregistration let
6172 * use the appropriate INVALID_INDEX status. Otherwise use
6173 * NOT_POWERED. We cover both scenarios here since later in
6174 * mgmt_index_removed() any hci_conn callbacks will have already
6175 * been triggered, potentially causing misleading DISCONNECTED
6176 * status responses.
6177 */
6178 if (test_bit(HCI_UNREGISTER, &hdev->dev_flags))
6179 status = MGMT_STATUS_INVALID_INDEX;
6180 else
6181 status = MGMT_STATUS_NOT_POWERED;
6182
6183 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
6151 6184
6152 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0) 6185 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
6153 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, 6186 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
@@ -6681,8 +6714,10 @@ void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
6681 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev), 6714 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
6682 cmd ? cmd->sk : NULL); 6715 cmd ? cmd->sk : NULL);
6683 6716
6684 if (cmd) 6717 if (cmd) {
6685 pairing_complete(cmd, status); 6718 cmd->cmd_complete(cmd, status);
6719 mgmt_pending_remove(cmd);
6720 }
6686} 6721}
6687 6722
6688void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status) 6723void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
@@ -7046,13 +7081,15 @@ void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7046 * kept and checking possible scan response data 7081 * kept and checking possible scan response data
7047 * will be skipped. 7082 * will be skipped.
7048 */ 7083 */
7049 if (hdev->discovery.uuid_count > 0) { 7084 if (hdev->discovery.uuid_count > 0)
7050 match = eir_has_uuids(eir, eir_len, 7085 match = eir_has_uuids(eir, eir_len,
7051 hdev->discovery.uuid_count, 7086 hdev->discovery.uuid_count,
7052 hdev->discovery.uuids); 7087 hdev->discovery.uuids);
7053 if (!match) 7088 else
7054 return; 7089 match = true;
7055 } 7090
7091 if (!match && !scan_rsp_len)
7092 return;
7056 7093
7057 /* Copy EIR or advertising data into event */ 7094 /* Copy EIR or advertising data into event */
7058 memcpy(ev->eir, eir, eir_len); 7095 memcpy(ev->eir, eir, eir_len);
@@ -7061,8 +7098,10 @@ void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7061 * provided, results with empty EIR or advertising data 7098 * provided, results with empty EIR or advertising data
7062 * should be dropped since they do not match any UUID. 7099 * should be dropped since they do not match any UUID.
7063 */ 7100 */
7064 if (hdev->discovery.uuid_count > 0) 7101 if (hdev->discovery.uuid_count > 0 && !scan_rsp_len)
7065 return; 7102 return;
7103
7104 match = false;
7066 } 7105 }
7067 7106
7068 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV)) 7107 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index 6a46252fe66f..b67749bb55bf 100644
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -1673,7 +1673,8 @@ static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
1673 /* SMP over BR/EDR requires special treatment */ 1673 /* SMP over BR/EDR requires special treatment */
1674 if (conn->hcon->type == ACL_LINK) { 1674 if (conn->hcon->type == ACL_LINK) {
1675 /* We must have a BR/EDR SC link */ 1675 /* We must have a BR/EDR SC link */
1676 if (!test_bit(HCI_CONN_AES_CCM, &conn->hcon->flags)) 1676 if (!test_bit(HCI_CONN_AES_CCM, &conn->hcon->flags) &&
1677 !test_bit(HCI_FORCE_LESC, &hdev->dbg_flags))
1677 return SMP_CROSS_TRANSP_NOT_ALLOWED; 1678 return SMP_CROSS_TRANSP_NOT_ALLOWED;
1678 1679
1679 set_bit(SMP_FLAG_SC, &smp->flags); 1680 set_bit(SMP_FLAG_SC, &smp->flags);
@@ -2927,7 +2928,7 @@ static struct l2cap_chan *smp_add_cid(struct hci_dev *hdev, u16 cid)
2927 tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, 0); 2928 tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, 0);
2928 if (IS_ERR(tfm_aes)) { 2929 if (IS_ERR(tfm_aes)) {
2929 BT_ERR("Unable to create crypto context"); 2930 BT_ERR("Unable to create crypto context");
2930 return ERR_PTR(PTR_ERR(tfm_aes)); 2931 return ERR_CAST(tfm_aes);
2931 } 2932 }
2932 2933
2933create_chan: 2934create_chan:
diff --git a/net/ceph/auth_x.c b/net/ceph/auth_x.c
index 15845814a0f2..ba6eb17226da 100644
--- a/net/ceph/auth_x.c
+++ b/net/ceph/auth_x.c
@@ -676,7 +676,7 @@ static int calcu_signature(struct ceph_x_authorizer *au,
676 int ret; 676 int ret;
677 char tmp_enc[40]; 677 char tmp_enc[40];
678 __le32 tmp[5] = { 678 __le32 tmp[5] = {
679 16u, msg->hdr.crc, msg->footer.front_crc, 679 cpu_to_le32(16), msg->hdr.crc, msg->footer.front_crc,
680 msg->footer.middle_crc, msg->footer.data_crc, 680 msg->footer.middle_crc, msg->footer.data_crc,
681 }; 681 };
682 ret = ceph_x_encrypt(&au->session_key, &tmp, sizeof(tmp), 682 ret = ceph_x_encrypt(&au->session_key, &tmp, sizeof(tmp),
diff --git a/net/ceph/mon_client.c b/net/ceph/mon_client.c
index a83062ceeec9..f2148e22b148 100644
--- a/net/ceph/mon_client.c
+++ b/net/ceph/mon_client.c
@@ -717,7 +717,7 @@ static int get_poolop_reply_buf(const char *src, size_t src_len,
717 if (src_len != sizeof(u32) + dst_len) 717 if (src_len != sizeof(u32) + dst_len)
718 return -EINVAL; 718 return -EINVAL;
719 719
720 buf_len = le32_to_cpu(*(u32 *)src); 720 buf_len = le32_to_cpu(*(__le32 *)src);
721 if (buf_len != dst_len) 721 if (buf_len != dst_len)
722 return -EINVAL; 722 return -EINVAL;
723 723
diff --git a/net/core/dev.c b/net/core/dev.c
index f411c28d0a66..683d493aa1bf 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -1694,6 +1694,7 @@ int __dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
1694 1694
1695 skb_scrub_packet(skb, true); 1695 skb_scrub_packet(skb, true);
1696 skb->protocol = eth_type_trans(skb, dev); 1696 skb->protocol = eth_type_trans(skb, dev);
1697 skb_postpull_rcsum(skb, eth_hdr(skb), ETH_HLEN);
1697 1698
1698 return 0; 1699 return 0;
1699} 1700}
@@ -2522,7 +2523,7 @@ static int illegal_highdma(struct net_device *dev, struct sk_buff *skb)
2522/* If MPLS offload request, verify we are testing hardware MPLS features 2523/* If MPLS offload request, verify we are testing hardware MPLS features
2523 * instead of standard features for the netdev. 2524 * instead of standard features for the netdev.
2524 */ 2525 */
2525#ifdef CONFIG_NET_MPLS_GSO 2526#if IS_ENABLED(CONFIG_NET_MPLS_GSO)
2526static netdev_features_t net_mpls_features(struct sk_buff *skb, 2527static netdev_features_t net_mpls_features(struct sk_buff *skb,
2527 netdev_features_t features, 2528 netdev_features_t features,
2528 __be16 type) 2529 __be16 type)
@@ -2562,7 +2563,7 @@ static netdev_features_t harmonize_features(struct sk_buff *skb,
2562 2563
2563netdev_features_t netif_skb_features(struct sk_buff *skb) 2564netdev_features_t netif_skb_features(struct sk_buff *skb)
2564{ 2565{
2565 const struct net_device *dev = skb->dev; 2566 struct net_device *dev = skb->dev;
2566 netdev_features_t features = dev->features; 2567 netdev_features_t features = dev->features;
2567 u16 gso_segs = skb_shinfo(skb)->gso_segs; 2568 u16 gso_segs = skb_shinfo(skb)->gso_segs;
2568 __be16 protocol = skb->protocol; 2569 __be16 protocol = skb->protocol;
@@ -2570,11 +2571,21 @@ netdev_features_t netif_skb_features(struct sk_buff *skb)
2570 if (gso_segs > dev->gso_max_segs || gso_segs < dev->gso_min_segs) 2571 if (gso_segs > dev->gso_max_segs || gso_segs < dev->gso_min_segs)
2571 features &= ~NETIF_F_GSO_MASK; 2572 features &= ~NETIF_F_GSO_MASK;
2572 2573
2573 if (protocol == htons(ETH_P_8021Q) || protocol == htons(ETH_P_8021AD)) { 2574 /* If encapsulation offload request, verify we are testing
2574 struct vlan_ethhdr *veh = (struct vlan_ethhdr *)skb->data; 2575 * hardware encapsulation features instead of standard
2575 protocol = veh->h_vlan_encapsulated_proto; 2576 * features for the netdev
2576 } else if (!vlan_tx_tag_present(skb)) { 2577 */
2577 return harmonize_features(skb, features); 2578 if (skb->encapsulation)
2579 features &= dev->hw_enc_features;
2580
2581 if (!vlan_tx_tag_present(skb)) {
2582 if (unlikely(protocol == htons(ETH_P_8021Q) ||
2583 protocol == htons(ETH_P_8021AD))) {
2584 struct vlan_ethhdr *veh = (struct vlan_ethhdr *)skb->data;
2585 protocol = veh->h_vlan_encapsulated_proto;
2586 } else {
2587 goto finalize;
2588 }
2578 } 2589 }
2579 2590
2580 features = netdev_intersect_features(features, 2591 features = netdev_intersect_features(features,
@@ -2591,6 +2602,11 @@ netdev_features_t netif_skb_features(struct sk_buff *skb)
2591 NETIF_F_HW_VLAN_CTAG_TX | 2602 NETIF_F_HW_VLAN_CTAG_TX |
2592 NETIF_F_HW_VLAN_STAG_TX); 2603 NETIF_F_HW_VLAN_STAG_TX);
2593 2604
2605finalize:
2606 if (dev->netdev_ops->ndo_features_check)
2607 features &= dev->netdev_ops->ndo_features_check(skb, dev,
2608 features);
2609
2594 return harmonize_features(skb, features); 2610 return harmonize_features(skb, features);
2595} 2611}
2596EXPORT_SYMBOL(netif_skb_features); 2612EXPORT_SYMBOL(netif_skb_features);
@@ -2661,19 +2677,12 @@ static struct sk_buff *validate_xmit_skb(struct sk_buff *skb, struct net_device
2661 if (unlikely(!skb)) 2677 if (unlikely(!skb))
2662 goto out_null; 2678 goto out_null;
2663 2679
2664 /* If encapsulation offload request, verify we are testing
2665 * hardware encapsulation features instead of standard
2666 * features for the netdev
2667 */
2668 if (skb->encapsulation)
2669 features &= dev->hw_enc_features;
2670
2671 if (netif_needs_gso(dev, skb, features)) { 2680 if (netif_needs_gso(dev, skb, features)) {
2672 struct sk_buff *segs; 2681 struct sk_buff *segs;
2673 2682
2674 segs = skb_gso_segment(skb, features); 2683 segs = skb_gso_segment(skb, features);
2675 if (IS_ERR(segs)) { 2684 if (IS_ERR(segs)) {
2676 segs = NULL; 2685 goto out_kfree_skb;
2677 } else if (segs) { 2686 } else if (segs) {
2678 consume_skb(skb); 2687 consume_skb(skb);
2679 skb = segs; 2688 skb = segs;
@@ -4557,6 +4566,68 @@ void netif_napi_del(struct napi_struct *napi)
4557} 4566}
4558EXPORT_SYMBOL(netif_napi_del); 4567EXPORT_SYMBOL(netif_napi_del);
4559 4568
4569static int napi_poll(struct napi_struct *n, struct list_head *repoll)
4570{
4571 void *have;
4572 int work, weight;
4573
4574 list_del_init(&n->poll_list);
4575
4576 have = netpoll_poll_lock(n);
4577
4578 weight = n->weight;
4579
4580 /* This NAPI_STATE_SCHED test is for avoiding a race
4581 * with netpoll's poll_napi(). Only the entity which
4582 * obtains the lock and sees NAPI_STATE_SCHED set will
4583 * actually make the ->poll() call. Therefore we avoid
4584 * accidentally calling ->poll() when NAPI is not scheduled.
4585 */
4586 work = 0;
4587 if (test_bit(NAPI_STATE_SCHED, &n->state)) {
4588 work = n->poll(n, weight);
4589 trace_napi_poll(n);
4590 }
4591
4592 WARN_ON_ONCE(work > weight);
4593
4594 if (likely(work < weight))
4595 goto out_unlock;
4596
4597 /* Drivers must not modify the NAPI state if they
4598 * consume the entire weight. In such cases this code
4599 * still "owns" the NAPI instance and therefore can
4600 * move the instance around on the list at-will.
4601 */
4602 if (unlikely(napi_disable_pending(n))) {
4603 napi_complete(n);
4604 goto out_unlock;
4605 }
4606
4607 if (n->gro_list) {
4608 /* flush too old packets
4609 * If HZ < 1000, flush all packets.
4610 */
4611 napi_gro_flush(n, HZ >= 1000);
4612 }
4613
4614 /* Some drivers may have called napi_schedule
4615 * prior to exhausting their budget.
4616 */
4617 if (unlikely(!list_empty(&n->poll_list))) {
4618 pr_warn_once("%s: Budget exhausted after napi rescheduled\n",
4619 n->dev ? n->dev->name : "backlog");
4620 goto out_unlock;
4621 }
4622
4623 list_add_tail(&n->poll_list, repoll);
4624
4625out_unlock:
4626 netpoll_poll_unlock(have);
4627
4628 return work;
4629}
4630
4560static void net_rx_action(struct softirq_action *h) 4631static void net_rx_action(struct softirq_action *h)
4561{ 4632{
4562 struct softnet_data *sd = this_cpu_ptr(&softnet_data); 4633 struct softnet_data *sd = this_cpu_ptr(&softnet_data);
@@ -4564,74 +4635,34 @@ static void net_rx_action(struct softirq_action *h)
4564 int budget = netdev_budget; 4635 int budget = netdev_budget;
4565 LIST_HEAD(list); 4636 LIST_HEAD(list);
4566 LIST_HEAD(repoll); 4637 LIST_HEAD(repoll);
4567 void *have;
4568 4638
4569 local_irq_disable(); 4639 local_irq_disable();
4570 list_splice_init(&sd->poll_list, &list); 4640 list_splice_init(&sd->poll_list, &list);
4571 local_irq_enable(); 4641 local_irq_enable();
4572 4642
4573 while (!list_empty(&list)) { 4643 for (;;) {
4574 struct napi_struct *n; 4644 struct napi_struct *n;
4575 int work, weight;
4576
4577 /* If softirq window is exhausted then punt.
4578 * Allow this to run for 2 jiffies since which will allow
4579 * an average latency of 1.5/HZ.
4580 */
4581 if (unlikely(budget <= 0 || time_after_eq(jiffies, time_limit)))
4582 goto softnet_break;
4583
4584
4585 n = list_first_entry(&list, struct napi_struct, poll_list);
4586 list_del_init(&n->poll_list);
4587 4645
4588 have = netpoll_poll_lock(n); 4646 if (list_empty(&list)) {
4589 4647 if (!sd_has_rps_ipi_waiting(sd) && list_empty(&repoll))
4590 weight = n->weight; 4648 return;
4591 4649 break;
4592 /* This NAPI_STATE_SCHED test is for avoiding a race
4593 * with netpoll's poll_napi(). Only the entity which
4594 * obtains the lock and sees NAPI_STATE_SCHED set will
4595 * actually make the ->poll() call. Therefore we avoid
4596 * accidentally calling ->poll() when NAPI is not scheduled.
4597 */
4598 work = 0;
4599 if (test_bit(NAPI_STATE_SCHED, &n->state)) {
4600 work = n->poll(n, weight);
4601 trace_napi_poll(n);
4602 } 4650 }
4603 4651
4604 WARN_ON_ONCE(work > weight); 4652 n = list_first_entry(&list, struct napi_struct, poll_list);
4605 4653 budget -= napi_poll(n, &repoll);
4606 budget -= work;
4607 4654
4608 /* Drivers must not modify the NAPI state if they 4655 /* If softirq window is exhausted then punt.
4609 * consume the entire weight. In such cases this code 4656 * Allow this to run for 2 jiffies since which will allow
4610 * still "owns" the NAPI instance and therefore can 4657 * an average latency of 1.5/HZ.
4611 * move the instance around on the list at-will.
4612 */ 4658 */
4613 if (unlikely(work == weight)) { 4659 if (unlikely(budget <= 0 ||
4614 if (unlikely(napi_disable_pending(n))) { 4660 time_after_eq(jiffies, time_limit))) {
4615 napi_complete(n); 4661 sd->time_squeeze++;
4616 } else { 4662 break;
4617 if (n->gro_list) {
4618 /* flush too old packets
4619 * If HZ < 1000, flush all packets.
4620 */
4621 napi_gro_flush(n, HZ >= 1000);
4622 }
4623 list_add_tail(&n->poll_list, &repoll);
4624 }
4625 } 4663 }
4626
4627 netpoll_poll_unlock(have);
4628 } 4664 }
4629 4665
4630 if (!sd_has_rps_ipi_waiting(sd) &&
4631 list_empty(&list) &&
4632 list_empty(&repoll))
4633 return;
4634out:
4635 local_irq_disable(); 4666 local_irq_disable();
4636 4667
4637 list_splice_tail_init(&sd->poll_list, &list); 4668 list_splice_tail_init(&sd->poll_list, &list);
@@ -4641,12 +4672,6 @@ out:
4641 __raise_softirq_irqoff(NET_RX_SOFTIRQ); 4672 __raise_softirq_irqoff(NET_RX_SOFTIRQ);
4642 4673
4643 net_rps_action_and_irq_enable(sd); 4674 net_rps_action_and_irq_enable(sd);
4644
4645 return;
4646
4647softnet_break:
4648 sd->time_squeeze++;
4649 goto out;
4650} 4675}
4651 4676
4652struct netdev_adjacent { 4677struct netdev_adjacent {
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index d06107d36ec8..9cf6fe9ddc0c 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -2368,6 +2368,11 @@ int ndo_dflt_fdb_add(struct ndmsg *ndm,
2368 return err; 2368 return err;
2369 } 2369 }
2370 2370
2371 if (vid) {
2372 pr_info("%s: vlans aren't supported yet for dev_uc|mc_add()\n", dev->name);
2373 return err;
2374 }
2375
2371 if (is_unicast_ether_addr(addr) || is_link_local_ether_addr(addr)) 2376 if (is_unicast_ether_addr(addr) || is_link_local_ether_addr(addr))
2372 err = dev_uc_add_excl(dev, addr); 2377 err = dev_uc_add_excl(dev, addr);
2373 else if (is_multicast_ether_addr(addr)) 2378 else if (is_multicast_ether_addr(addr))
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index ae13ef6b3ea7..395c15b82087 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -4148,6 +4148,7 @@ void skb_scrub_packet(struct sk_buff *skb, bool xnet)
4148 skb->ignore_df = 0; 4148 skb->ignore_df = 0;
4149 skb_dst_drop(skb); 4149 skb_dst_drop(skb);
4150 skb->mark = 0; 4150 skb->mark = 0;
4151 skb_init_secmark(skb);
4151 secpath_reset(skb); 4152 secpath_reset(skb);
4152 nf_reset(skb); 4153 nf_reset(skb);
4153 nf_reset_trace(skb); 4154 nf_reset_trace(skb);
diff --git a/net/ipv4/geneve.c b/net/ipv4/geneve.c
index a457232f0131..394a200f93c1 100644
--- a/net/ipv4/geneve.c
+++ b/net/ipv4/geneve.c
@@ -122,14 +122,18 @@ int geneve_xmit_skb(struct geneve_sock *gs, struct rtable *rt,
122 int err; 122 int err;
123 123
124 skb = udp_tunnel_handle_offloads(skb, !gs->sock->sk->sk_no_check_tx); 124 skb = udp_tunnel_handle_offloads(skb, !gs->sock->sk->sk_no_check_tx);
125 if (IS_ERR(skb))
126 return PTR_ERR(skb);
125 127
126 min_headroom = LL_RESERVED_SPACE(rt->dst.dev) + rt->dst.header_len 128 min_headroom = LL_RESERVED_SPACE(rt->dst.dev) + rt->dst.header_len
127 + GENEVE_BASE_HLEN + opt_len + sizeof(struct iphdr) 129 + GENEVE_BASE_HLEN + opt_len + sizeof(struct iphdr)
128 + (vlan_tx_tag_present(skb) ? VLAN_HLEN : 0); 130 + (vlan_tx_tag_present(skb) ? VLAN_HLEN : 0);
129 131
130 err = skb_cow_head(skb, min_headroom); 132 err = skb_cow_head(skb, min_headroom);
131 if (unlikely(err)) 133 if (unlikely(err)) {
134 kfree_skb(skb);
132 return err; 135 return err;
136 }
133 137
134 skb = vlan_hwaccel_push_inside(skb); 138 skb = vlan_hwaccel_push_inside(skb);
135 if (unlikely(!skb)) 139 if (unlikely(!skb))
@@ -159,6 +163,15 @@ static void geneve_notify_add_rx_port(struct geneve_sock *gs)
159 } 163 }
160} 164}
161 165
166static void geneve_notify_del_rx_port(struct geneve_sock *gs)
167{
168 struct sock *sk = gs->sock->sk;
169 sa_family_t sa_family = sk->sk_family;
170
171 if (sa_family == AF_INET)
172 udp_del_offload(&gs->udp_offloads);
173}
174
162/* Callback from net/ipv4/udp.c to receive packets */ 175/* Callback from net/ipv4/udp.c to receive packets */
163static int geneve_udp_encap_recv(struct sock *sk, struct sk_buff *skb) 176static int geneve_udp_encap_recv(struct sock *sk, struct sk_buff *skb)
164{ 177{
@@ -287,6 +300,7 @@ struct geneve_sock *geneve_sock_add(struct net *net, __be16 port,
287 geneve_rcv_t *rcv, void *data, 300 geneve_rcv_t *rcv, void *data,
288 bool no_share, bool ipv6) 301 bool no_share, bool ipv6)
289{ 302{
303 struct geneve_net *gn = net_generic(net, geneve_net_id);
290 struct geneve_sock *gs; 304 struct geneve_sock *gs;
291 305
292 gs = geneve_socket_create(net, port, rcv, data, ipv6); 306 gs = geneve_socket_create(net, port, rcv, data, ipv6);
@@ -296,15 +310,15 @@ struct geneve_sock *geneve_sock_add(struct net *net, __be16 port,
296 if (no_share) /* Return error if sharing is not allowed. */ 310 if (no_share) /* Return error if sharing is not allowed. */
297 return ERR_PTR(-EINVAL); 311 return ERR_PTR(-EINVAL);
298 312
313 spin_lock(&gn->sock_lock);
299 gs = geneve_find_sock(net, port); 314 gs = geneve_find_sock(net, port);
300 if (gs) { 315 if (gs && ((gs->rcv != rcv) ||
301 if (gs->rcv == rcv) 316 !atomic_add_unless(&gs->refcnt, 1, 0)))
302 atomic_inc(&gs->refcnt);
303 else
304 gs = ERR_PTR(-EBUSY); 317 gs = ERR_PTR(-EBUSY);
305 } else { 318 spin_unlock(&gn->sock_lock);
319
320 if (!gs)
306 gs = ERR_PTR(-EINVAL); 321 gs = ERR_PTR(-EINVAL);
307 }
308 322
309 return gs; 323 return gs;
310} 324}
@@ -312,9 +326,17 @@ EXPORT_SYMBOL_GPL(geneve_sock_add);
312 326
313void geneve_sock_release(struct geneve_sock *gs) 327void geneve_sock_release(struct geneve_sock *gs)
314{ 328{
329 struct net *net = sock_net(gs->sock->sk);
330 struct geneve_net *gn = net_generic(net, geneve_net_id);
331
315 if (!atomic_dec_and_test(&gs->refcnt)) 332 if (!atomic_dec_and_test(&gs->refcnt))
316 return; 333 return;
317 334
335 spin_lock(&gn->sock_lock);
336 hlist_del_rcu(&gs->hlist);
337 geneve_notify_del_rx_port(gs);
338 spin_unlock(&gn->sock_lock);
339
318 queue_work(geneve_wq, &gs->del_work); 340 queue_work(geneve_wq, &gs->del_work);
319} 341}
320EXPORT_SYMBOL_GPL(geneve_sock_release); 342EXPORT_SYMBOL_GPL(geneve_sock_release);
diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
index ac8491245e5b..4f4bf5b99686 100644
--- a/net/ipv4/ip_gre.c
+++ b/net/ipv4/ip_gre.c
@@ -252,10 +252,6 @@ static netdev_tx_t ipgre_xmit(struct sk_buff *skb,
252 struct ip_tunnel *tunnel = netdev_priv(dev); 252 struct ip_tunnel *tunnel = netdev_priv(dev);
253 const struct iphdr *tnl_params; 253 const struct iphdr *tnl_params;
254 254
255 skb = gre_handle_offloads(skb, !!(tunnel->parms.o_flags&TUNNEL_CSUM));
256 if (IS_ERR(skb))
257 goto out;
258
259 if (dev->header_ops) { 255 if (dev->header_ops) {
260 /* Need space for new headers */ 256 /* Need space for new headers */
261 if (skb_cow_head(skb, dev->needed_headroom - 257 if (skb_cow_head(skb, dev->needed_headroom -
@@ -268,6 +264,7 @@ static netdev_tx_t ipgre_xmit(struct sk_buff *skb,
268 * to gre header. 264 * to gre header.
269 */ 265 */
270 skb_pull(skb, tunnel->hlen + sizeof(struct iphdr)); 266 skb_pull(skb, tunnel->hlen + sizeof(struct iphdr));
267 skb_reset_mac_header(skb);
271 } else { 268 } else {
272 if (skb_cow_head(skb, dev->needed_headroom)) 269 if (skb_cow_head(skb, dev->needed_headroom))
273 goto free_skb; 270 goto free_skb;
@@ -275,6 +272,10 @@ static netdev_tx_t ipgre_xmit(struct sk_buff *skb,
275 tnl_params = &tunnel->parms.iph; 272 tnl_params = &tunnel->parms.iph;
276 } 273 }
277 274
275 skb = gre_handle_offloads(skb, !!(tunnel->parms.o_flags&TUNNEL_CSUM));
276 if (IS_ERR(skb))
277 goto out;
278
278 __gre_xmit(skb, dev, tnl_params, skb->protocol); 279 __gre_xmit(skb, dev, tnl_params, skb->protocol);
279 280
280 return NETDEV_TX_OK; 281 return NETDEV_TX_OK;
diff --git a/net/ipv4/ip_tunnel.c b/net/ipv4/ip_tunnel.c
index 63e745aadab6..d3e447936720 100644
--- a/net/ipv4/ip_tunnel.c
+++ b/net/ipv4/ip_tunnel.c
@@ -514,6 +514,9 @@ const struct ip_tunnel_encap_ops __rcu *
514int ip_tunnel_encap_add_ops(const struct ip_tunnel_encap_ops *ops, 514int ip_tunnel_encap_add_ops(const struct ip_tunnel_encap_ops *ops,
515 unsigned int num) 515 unsigned int num)
516{ 516{
517 if (num >= MAX_IPTUN_ENCAP_OPS)
518 return -ERANGE;
519
517 return !cmpxchg((const struct ip_tunnel_encap_ops **) 520 return !cmpxchg((const struct ip_tunnel_encap_ops **)
518 &iptun_encaps[num], 521 &iptun_encaps[num],
519 NULL, ops) ? 0 : -1; 522 NULL, ops) ? 0 : -1;
@@ -525,6 +528,9 @@ int ip_tunnel_encap_del_ops(const struct ip_tunnel_encap_ops *ops,
525{ 528{
526 int ret; 529 int ret;
527 530
531 if (num >= MAX_IPTUN_ENCAP_OPS)
532 return -ERANGE;
533
528 ret = (cmpxchg((const struct ip_tunnel_encap_ops **) 534 ret = (cmpxchg((const struct ip_tunnel_encap_ops **)
529 &iptun_encaps[num], 535 &iptun_encaps[num],
530 ops, NULL) == ops) ? 0 : -1; 536 ops, NULL) == ops) ? 0 : -1;
@@ -567,6 +573,9 @@ int ip_tunnel_encap(struct sk_buff *skb, struct ip_tunnel *t,
567 if (t->encap.type == TUNNEL_ENCAP_NONE) 573 if (t->encap.type == TUNNEL_ENCAP_NONE)
568 return 0; 574 return 0;
569 575
576 if (t->encap.type >= MAX_IPTUN_ENCAP_OPS)
577 return -EINVAL;
578
570 rcu_read_lock(); 579 rcu_read_lock();
571 ops = rcu_dereference(iptun_encaps[t->encap.type]); 580 ops = rcu_dereference(iptun_encaps[t->encap.type]);
572 if (likely(ops && ops->build_header)) 581 if (likely(ops && ops->build_header))
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index 7f18262e2326..65caf8b95e17 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -2019,7 +2019,7 @@ static bool tcp_write_xmit(struct sock *sk, unsigned int mss_now, int nonagle,
2019 if (unlikely(!tcp_snd_wnd_test(tp, skb, mss_now))) 2019 if (unlikely(!tcp_snd_wnd_test(tp, skb, mss_now)))
2020 break; 2020 break;
2021 2021
2022 if (tso_segs == 1) { 2022 if (tso_segs == 1 || !max_segs) {
2023 if (unlikely(!tcp_nagle_test(tp, skb, mss_now, 2023 if (unlikely(!tcp_nagle_test(tp, skb, mss_now,
2024 (tcp_skb_is_last(sk, skb) ? 2024 (tcp_skb_is_last(sk, skb) ?
2025 nonagle : TCP_NAGLE_PUSH)))) 2025 nonagle : TCP_NAGLE_PUSH))))
@@ -2032,7 +2032,7 @@ static bool tcp_write_xmit(struct sock *sk, unsigned int mss_now, int nonagle,
2032 } 2032 }
2033 2033
2034 limit = mss_now; 2034 limit = mss_now;
2035 if (tso_segs > 1 && !tcp_urg_mode(tp)) 2035 if (tso_segs > 1 && max_segs && !tcp_urg_mode(tp))
2036 limit = tcp_mss_split_point(sk, skb, mss_now, 2036 limit = tcp_mss_split_point(sk, skb, mss_now,
2037 min_t(unsigned int, 2037 min_t(unsigned int,
2038 cwnd_quota, 2038 cwnd_quota,
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index 5ff87805258e..9c0b54e87b47 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -1387,6 +1387,28 @@ ipv6_pktoptions:
1387 return 0; 1387 return 0;
1388} 1388}
1389 1389
1390static void tcp_v6_fill_cb(struct sk_buff *skb, const struct ipv6hdr *hdr,
1391 const struct tcphdr *th)
1392{
1393 /* This is tricky: we move IP6CB at its correct location into
1394 * TCP_SKB_CB(). It must be done after xfrm6_policy_check(), because
1395 * _decode_session6() uses IP6CB().
1396 * barrier() makes sure compiler won't play aliasing games.
1397 */
1398 memmove(&TCP_SKB_CB(skb)->header.h6, IP6CB(skb),
1399 sizeof(struct inet6_skb_parm));
1400 barrier();
1401
1402 TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1403 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1404 skb->len - th->doff*4);
1405 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1406 TCP_SKB_CB(skb)->tcp_flags = tcp_flag_byte(th);
1407 TCP_SKB_CB(skb)->tcp_tw_isn = 0;
1408 TCP_SKB_CB(skb)->ip_dsfield = ipv6_get_dsfield(hdr);
1409 TCP_SKB_CB(skb)->sacked = 0;
1410}
1411
1390static int tcp_v6_rcv(struct sk_buff *skb) 1412static int tcp_v6_rcv(struct sk_buff *skb)
1391{ 1413{
1392 const struct tcphdr *th; 1414 const struct tcphdr *th;
@@ -1418,24 +1440,9 @@ static int tcp_v6_rcv(struct sk_buff *skb)
1418 1440
1419 th = tcp_hdr(skb); 1441 th = tcp_hdr(skb);
1420 hdr = ipv6_hdr(skb); 1442 hdr = ipv6_hdr(skb);
1421 /* This is tricky : We move IPCB at its correct location into TCP_SKB_CB()
1422 * barrier() makes sure compiler wont play fool^Waliasing games.
1423 */
1424 memmove(&TCP_SKB_CB(skb)->header.h6, IP6CB(skb),
1425 sizeof(struct inet6_skb_parm));
1426 barrier();
1427
1428 TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1429 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1430 skb->len - th->doff*4);
1431 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1432 TCP_SKB_CB(skb)->tcp_flags = tcp_flag_byte(th);
1433 TCP_SKB_CB(skb)->tcp_tw_isn = 0;
1434 TCP_SKB_CB(skb)->ip_dsfield = ipv6_get_dsfield(hdr);
1435 TCP_SKB_CB(skb)->sacked = 0;
1436 1443
1437 sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest, 1444 sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest,
1438 tcp_v6_iif(skb)); 1445 inet6_iif(skb));
1439 if (!sk) 1446 if (!sk)
1440 goto no_tcp_socket; 1447 goto no_tcp_socket;
1441 1448
@@ -1451,6 +1458,8 @@ process:
1451 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb)) 1458 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
1452 goto discard_and_relse; 1459 goto discard_and_relse;
1453 1460
1461 tcp_v6_fill_cb(skb, hdr, th);
1462
1454#ifdef CONFIG_TCP_MD5SIG 1463#ifdef CONFIG_TCP_MD5SIG
1455 if (tcp_v6_inbound_md5_hash(sk, skb)) 1464 if (tcp_v6_inbound_md5_hash(sk, skb))
1456 goto discard_and_relse; 1465 goto discard_and_relse;
@@ -1482,6 +1491,8 @@ no_tcp_socket:
1482 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) 1491 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
1483 goto discard_it; 1492 goto discard_it;
1484 1493
1494 tcp_v6_fill_cb(skb, hdr, th);
1495
1485 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) { 1496 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1486csum_error: 1497csum_error:
1487 TCP_INC_STATS_BH(net, TCP_MIB_CSUMERRORS); 1498 TCP_INC_STATS_BH(net, TCP_MIB_CSUMERRORS);
@@ -1505,6 +1516,8 @@ do_time_wait:
1505 goto discard_it; 1516 goto discard_it;
1506 } 1517 }
1507 1518
1519 tcp_v6_fill_cb(skb, hdr, th);
1520
1508 if (skb->len < (th->doff<<2)) { 1521 if (skb->len < (th->doff<<2)) {
1509 inet_twsk_put(inet_twsk(sk)); 1522 inet_twsk_put(inet_twsk(sk));
1510 goto bad_packet; 1523 goto bad_packet;
diff --git a/net/mac80211/chan.c b/net/mac80211/chan.c
index 5d6dae9e4aac..da1c12c34487 100644
--- a/net/mac80211/chan.c
+++ b/net/mac80211/chan.c
@@ -1011,6 +1011,10 @@ ieee80211_vif_use_reserved_reassign(struct ieee80211_sub_if_data *sdata)
1011 1011
1012 ieee80211_vif_update_chandef(sdata, &sdata->reserved_chandef); 1012 ieee80211_vif_update_chandef(sdata, &sdata->reserved_chandef);
1013 1013
1014 ieee80211_recalc_smps_chanctx(local, new_ctx);
1015 ieee80211_recalc_radar_chanctx(local, new_ctx);
1016 ieee80211_recalc_chanctx_min_def(local, new_ctx);
1017
1014 if (changed) 1018 if (changed)
1015 ieee80211_bss_info_change_notify(sdata, changed); 1019 ieee80211_bss_info_change_notify(sdata, changed);
1016 1020
diff --git a/net/mac80211/key.c b/net/mac80211/key.c
index 434a91ad12c8..bd4e46ec32bd 100644
--- a/net/mac80211/key.c
+++ b/net/mac80211/key.c
@@ -140,7 +140,9 @@ static int ieee80211_key_enable_hw_accel(struct ieee80211_key *key)
140 if (!ret) { 140 if (!ret) {
141 key->flags |= KEY_FLAG_UPLOADED_TO_HARDWARE; 141 key->flags |= KEY_FLAG_UPLOADED_TO_HARDWARE;
142 142
143 if (!(key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC)) 143 if (!((key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC) ||
144 (key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV) ||
145 (key->conf.flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE)))
144 sdata->crypto_tx_tailroom_needed_cnt--; 146 sdata->crypto_tx_tailroom_needed_cnt--;
145 147
146 WARN_ON((key->conf.flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE) && 148 WARN_ON((key->conf.flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE) &&
@@ -188,7 +190,9 @@ static void ieee80211_key_disable_hw_accel(struct ieee80211_key *key)
188 sta = key->sta; 190 sta = key->sta;
189 sdata = key->sdata; 191 sdata = key->sdata;
190 192
191 if (!(key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC)) 193 if (!((key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC) ||
194 (key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV) ||
195 (key->conf.flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE)))
192 increment_tailroom_need_count(sdata); 196 increment_tailroom_need_count(sdata);
193 197
194 ret = drv_set_key(key->local, DISABLE_KEY, sdata, 198 ret = drv_set_key(key->local, DISABLE_KEY, sdata,
@@ -656,7 +660,7 @@ void ieee80211_free_sta_keys(struct ieee80211_local *local,
656 int i; 660 int i;
657 661
658 mutex_lock(&local->key_mtx); 662 mutex_lock(&local->key_mtx);
659 for (i = 0; i < NUM_DEFAULT_KEYS; i++) { 663 for (i = 0; i < ARRAY_SIZE(sta->gtk); i++) {
660 key = key_mtx_dereference(local, sta->gtk[i]); 664 key = key_mtx_dereference(local, sta->gtk[i]);
661 if (!key) 665 if (!key)
662 continue; 666 continue;
@@ -884,7 +888,9 @@ void ieee80211_remove_key(struct ieee80211_key_conf *keyconf)
884 if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) { 888 if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) {
885 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE; 889 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
886 890
887 if (!(key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC)) 891 if (!((key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC) ||
892 (key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV) ||
893 (key->conf.flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE)))
888 increment_tailroom_need_count(key->sdata); 894 increment_tailroom_need_count(key->sdata);
889 } 895 }
890 896
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index 75a9bf50207e..2c36c4765f47 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -174,6 +174,7 @@ ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata,
174 if (!(ht_cap->cap_info & 174 if (!(ht_cap->cap_info &
175 cpu_to_le16(IEEE80211_HT_CAP_SUP_WIDTH_20_40))) { 175 cpu_to_le16(IEEE80211_HT_CAP_SUP_WIDTH_20_40))) {
176 ret = IEEE80211_STA_DISABLE_40MHZ; 176 ret = IEEE80211_STA_DISABLE_40MHZ;
177 vht_chandef = *chandef;
177 goto out; 178 goto out;
178 } 179 }
179 180
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 49c23bdf08bb..683b10f46505 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -1761,14 +1761,14 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx)
1761 sc = le16_to_cpu(hdr->seq_ctrl); 1761 sc = le16_to_cpu(hdr->seq_ctrl);
1762 frag = sc & IEEE80211_SCTL_FRAG; 1762 frag = sc & IEEE80211_SCTL_FRAG;
1763 1763
1764 if (likely(!ieee80211_has_morefrags(fc) && frag == 0))
1765 goto out;
1766
1767 if (is_multicast_ether_addr(hdr->addr1)) { 1764 if (is_multicast_ether_addr(hdr->addr1)) {
1768 rx->local->dot11MulticastReceivedFrameCount++; 1765 rx->local->dot11MulticastReceivedFrameCount++;
1769 goto out; 1766 goto out_no_led;
1770 } 1767 }
1771 1768
1769 if (likely(!ieee80211_has_morefrags(fc) && frag == 0))
1770 goto out;
1771
1772 I802_DEBUG_INC(rx->local->rx_handlers_fragments); 1772 I802_DEBUG_INC(rx->local->rx_handlers_fragments);
1773 1773
1774 if (skb_linearize(rx->skb)) 1774 if (skb_linearize(rx->skb))
@@ -1859,9 +1859,10 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx)
1859 status->rx_flags |= IEEE80211_RX_FRAGMENTED; 1859 status->rx_flags |= IEEE80211_RX_FRAGMENTED;
1860 1860
1861 out: 1861 out:
1862 ieee80211_led_rx(rx->local);
1863 out_no_led:
1862 if (rx->sta) 1864 if (rx->sta)
1863 rx->sta->rx_packets++; 1865 rx->sta->rx_packets++;
1864 ieee80211_led_rx(rx->local);
1865 return RX_CONTINUE; 1866 return RX_CONTINUE;
1866} 1867}
1867 1868
diff --git a/net/mpls/mpls_gso.c b/net/mpls/mpls_gso.c
index ca27837974fe..349295d21946 100644
--- a/net/mpls/mpls_gso.c
+++ b/net/mpls/mpls_gso.c
@@ -31,10 +31,7 @@ static struct sk_buff *mpls_gso_segment(struct sk_buff *skb,
31 SKB_GSO_TCPV6 | 31 SKB_GSO_TCPV6 |
32 SKB_GSO_UDP | 32 SKB_GSO_UDP |
33 SKB_GSO_DODGY | 33 SKB_GSO_DODGY |
34 SKB_GSO_TCP_ECN | 34 SKB_GSO_TCP_ECN)))
35 SKB_GSO_GRE |
36 SKB_GSO_GRE_CSUM |
37 SKB_GSO_IPIP)))
38 goto out; 35 goto out;
39 36
40 /* Setup inner SKB. */ 37 /* Setup inner SKB. */
diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c
index 13c2e17bbe27..cde4a6702fa3 100644
--- a/net/netfilter/nfnetlink.c
+++ b/net/netfilter/nfnetlink.c
@@ -463,7 +463,7 @@ static void nfnetlink_rcv(struct sk_buff *skb)
463} 463}
464 464
465#ifdef CONFIG_MODULES 465#ifdef CONFIG_MODULES
466static int nfnetlink_bind(int group) 466static int nfnetlink_bind(struct net *net, int group)
467{ 467{
468 const struct nfnetlink_subsystem *ss; 468 const struct nfnetlink_subsystem *ss;
469 int type; 469 int type;
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index ef5f77b44ec7..84ea76ca3f1f 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -525,14 +525,14 @@ out:
525 return err; 525 return err;
526} 526}
527 527
528static void netlink_frame_flush_dcache(const struct nl_mmap_hdr *hdr) 528static void netlink_frame_flush_dcache(const struct nl_mmap_hdr *hdr, unsigned int nm_len)
529{ 529{
530#if ARCH_IMPLEMENTS_FLUSH_DCACHE_PAGE == 1 530#if ARCH_IMPLEMENTS_FLUSH_DCACHE_PAGE == 1
531 struct page *p_start, *p_end; 531 struct page *p_start, *p_end;
532 532
533 /* First page is flushed through netlink_{get,set}_status */ 533 /* First page is flushed through netlink_{get,set}_status */
534 p_start = pgvec_to_page(hdr + PAGE_SIZE); 534 p_start = pgvec_to_page(hdr + PAGE_SIZE);
535 p_end = pgvec_to_page((void *)hdr + NL_MMAP_HDRLEN + hdr->nm_len - 1); 535 p_end = pgvec_to_page((void *)hdr + NL_MMAP_HDRLEN + nm_len - 1);
536 while (p_start <= p_end) { 536 while (p_start <= p_end) {
537 flush_dcache_page(p_start); 537 flush_dcache_page(p_start);
538 p_start++; 538 p_start++;
@@ -550,9 +550,9 @@ static enum nl_mmap_status netlink_get_status(const struct nl_mmap_hdr *hdr)
550static void netlink_set_status(struct nl_mmap_hdr *hdr, 550static void netlink_set_status(struct nl_mmap_hdr *hdr,
551 enum nl_mmap_status status) 551 enum nl_mmap_status status)
552{ 552{
553 smp_mb();
553 hdr->nm_status = status; 554 hdr->nm_status = status;
554 flush_dcache_page(pgvec_to_page(hdr)); 555 flush_dcache_page(pgvec_to_page(hdr));
555 smp_wmb();
556} 556}
557 557
558static struct nl_mmap_hdr * 558static struct nl_mmap_hdr *
@@ -714,24 +714,16 @@ static int netlink_mmap_sendmsg(struct sock *sk, struct msghdr *msg,
714 struct nl_mmap_hdr *hdr; 714 struct nl_mmap_hdr *hdr;
715 struct sk_buff *skb; 715 struct sk_buff *skb;
716 unsigned int maxlen; 716 unsigned int maxlen;
717 bool excl = true;
718 int err = 0, len = 0; 717 int err = 0, len = 0;
719 718
720 /* Netlink messages are validated by the receiver before processing.
721 * In order to avoid userspace changing the contents of the message
722 * after validation, the socket and the ring may only be used by a
723 * single process, otherwise we fall back to copying.
724 */
725 if (atomic_long_read(&sk->sk_socket->file->f_count) > 1 ||
726 atomic_read(&nlk->mapped) > 1)
727 excl = false;
728
729 mutex_lock(&nlk->pg_vec_lock); 719 mutex_lock(&nlk->pg_vec_lock);
730 720
731 ring = &nlk->tx_ring; 721 ring = &nlk->tx_ring;
732 maxlen = ring->frame_size - NL_MMAP_HDRLEN; 722 maxlen = ring->frame_size - NL_MMAP_HDRLEN;
733 723
734 do { 724 do {
725 unsigned int nm_len;
726
735 hdr = netlink_current_frame(ring, NL_MMAP_STATUS_VALID); 727 hdr = netlink_current_frame(ring, NL_MMAP_STATUS_VALID);
736 if (hdr == NULL) { 728 if (hdr == NULL) {
737 if (!(msg->msg_flags & MSG_DONTWAIT) && 729 if (!(msg->msg_flags & MSG_DONTWAIT) &&
@@ -739,35 +731,23 @@ static int netlink_mmap_sendmsg(struct sock *sk, struct msghdr *msg,
739 schedule(); 731 schedule();
740 continue; 732 continue;
741 } 733 }
742 if (hdr->nm_len > maxlen) { 734
735 nm_len = ACCESS_ONCE(hdr->nm_len);
736 if (nm_len > maxlen) {
743 err = -EINVAL; 737 err = -EINVAL;
744 goto out; 738 goto out;
745 } 739 }
746 740
747 netlink_frame_flush_dcache(hdr); 741 netlink_frame_flush_dcache(hdr, nm_len);
748 742
749 if (likely(dst_portid == 0 && dst_group == 0 && excl)) { 743 skb = alloc_skb(nm_len, GFP_KERNEL);
750 skb = alloc_skb_head(GFP_KERNEL); 744 if (skb == NULL) {
751 if (skb == NULL) { 745 err = -ENOBUFS;
752 err = -ENOBUFS; 746 goto out;
753 goto out;
754 }
755 sock_hold(sk);
756 netlink_ring_setup_skb(skb, sk, ring, hdr);
757 NETLINK_CB(skb).flags |= NETLINK_SKB_TX;
758 __skb_put(skb, hdr->nm_len);
759 netlink_set_status(hdr, NL_MMAP_STATUS_RESERVED);
760 atomic_inc(&ring->pending);
761 } else {
762 skb = alloc_skb(hdr->nm_len, GFP_KERNEL);
763 if (skb == NULL) {
764 err = -ENOBUFS;
765 goto out;
766 }
767 __skb_put(skb, hdr->nm_len);
768 memcpy(skb->data, (void *)hdr + NL_MMAP_HDRLEN, hdr->nm_len);
769 netlink_set_status(hdr, NL_MMAP_STATUS_UNUSED);
770 } 747 }
748 __skb_put(skb, nm_len);
749 memcpy(skb->data, (void *)hdr + NL_MMAP_HDRLEN, nm_len);
750 netlink_set_status(hdr, NL_MMAP_STATUS_UNUSED);
771 751
772 netlink_increment_head(ring); 752 netlink_increment_head(ring);
773 753
@@ -813,7 +793,7 @@ static void netlink_queue_mmaped_skb(struct sock *sk, struct sk_buff *skb)
813 hdr->nm_pid = NETLINK_CB(skb).creds.pid; 793 hdr->nm_pid = NETLINK_CB(skb).creds.pid;
814 hdr->nm_uid = from_kuid(sk_user_ns(sk), NETLINK_CB(skb).creds.uid); 794 hdr->nm_uid = from_kuid(sk_user_ns(sk), NETLINK_CB(skb).creds.uid);
815 hdr->nm_gid = from_kgid(sk_user_ns(sk), NETLINK_CB(skb).creds.gid); 795 hdr->nm_gid = from_kgid(sk_user_ns(sk), NETLINK_CB(skb).creds.gid);
816 netlink_frame_flush_dcache(hdr); 796 netlink_frame_flush_dcache(hdr, hdr->nm_len);
817 netlink_set_status(hdr, NL_MMAP_STATUS_VALID); 797 netlink_set_status(hdr, NL_MMAP_STATUS_VALID);
818 798
819 NETLINK_CB(skb).flags |= NETLINK_SKB_DELIVERED; 799 NETLINK_CB(skb).flags |= NETLINK_SKB_DELIVERED;
@@ -1111,8 +1091,10 @@ static void netlink_remove(struct sock *sk)
1111 mutex_unlock(&nl_sk_hash_lock); 1091 mutex_unlock(&nl_sk_hash_lock);
1112 1092
1113 netlink_table_grab(); 1093 netlink_table_grab();
1114 if (nlk_sk(sk)->subscriptions) 1094 if (nlk_sk(sk)->subscriptions) {
1115 __sk_del_bind_node(sk); 1095 __sk_del_bind_node(sk);
1096 netlink_update_listeners(sk);
1097 }
1116 netlink_table_ungrab(); 1098 netlink_table_ungrab();
1117} 1099}
1118 1100
@@ -1159,8 +1141,8 @@ static int netlink_create(struct net *net, struct socket *sock, int protocol,
1159 struct module *module = NULL; 1141 struct module *module = NULL;
1160 struct mutex *cb_mutex; 1142 struct mutex *cb_mutex;
1161 struct netlink_sock *nlk; 1143 struct netlink_sock *nlk;
1162 int (*bind)(int group); 1144 int (*bind)(struct net *net, int group);
1163 void (*unbind)(int group); 1145 void (*unbind)(struct net *net, int group);
1164 int err = 0; 1146 int err = 0;
1165 1147
1166 sock->state = SS_UNCONNECTED; 1148 sock->state = SS_UNCONNECTED;
@@ -1246,8 +1228,8 @@ static int netlink_release(struct socket *sock)
1246 1228
1247 module_put(nlk->module); 1229 module_put(nlk->module);
1248 1230
1249 netlink_table_grab();
1250 if (netlink_is_kernel(sk)) { 1231 if (netlink_is_kernel(sk)) {
1232 netlink_table_grab();
1251 BUG_ON(nl_table[sk->sk_protocol].registered == 0); 1233 BUG_ON(nl_table[sk->sk_protocol].registered == 0);
1252 if (--nl_table[sk->sk_protocol].registered == 0) { 1234 if (--nl_table[sk->sk_protocol].registered == 0) {
1253 struct listeners *old; 1235 struct listeners *old;
@@ -1261,11 +1243,16 @@ static int netlink_release(struct socket *sock)
1261 nl_table[sk->sk_protocol].flags = 0; 1243 nl_table[sk->sk_protocol].flags = 0;
1262 nl_table[sk->sk_protocol].registered = 0; 1244 nl_table[sk->sk_protocol].registered = 0;
1263 } 1245 }
1264 } else if (nlk->subscriptions) { 1246 netlink_table_ungrab();
1265 netlink_update_listeners(sk);
1266 } 1247 }
1267 netlink_table_ungrab();
1268 1248
1249 if (nlk->netlink_unbind) {
1250 int i;
1251
1252 for (i = 0; i < nlk->ngroups; i++)
1253 if (test_bit(i, nlk->groups))
1254 nlk->netlink_unbind(sock_net(sk), i + 1);
1255 }
1269 kfree(nlk->groups); 1256 kfree(nlk->groups);
1270 nlk->groups = NULL; 1257 nlk->groups = NULL;
1271 1258
@@ -1430,9 +1417,10 @@ static int netlink_realloc_groups(struct sock *sk)
1430 return err; 1417 return err;
1431} 1418}
1432 1419
1433static void netlink_unbind(int group, long unsigned int groups, 1420static void netlink_undo_bind(int group, long unsigned int groups,
1434 struct netlink_sock *nlk) 1421 struct sock *sk)
1435{ 1422{
1423 struct netlink_sock *nlk = nlk_sk(sk);
1436 int undo; 1424 int undo;
1437 1425
1438 if (!nlk->netlink_unbind) 1426 if (!nlk->netlink_unbind)
@@ -1440,7 +1428,7 @@ static void netlink_unbind(int group, long unsigned int groups,
1440 1428
1441 for (undo = 0; undo < group; undo++) 1429 for (undo = 0; undo < group; undo++)
1442 if (test_bit(undo, &groups)) 1430 if (test_bit(undo, &groups))
1443 nlk->netlink_unbind(undo); 1431 nlk->netlink_unbind(sock_net(sk), undo);
1444} 1432}
1445 1433
1446static int netlink_bind(struct socket *sock, struct sockaddr *addr, 1434static int netlink_bind(struct socket *sock, struct sockaddr *addr,
@@ -1478,10 +1466,10 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr,
1478 for (group = 0; group < nlk->ngroups; group++) { 1466 for (group = 0; group < nlk->ngroups; group++) {
1479 if (!test_bit(group, &groups)) 1467 if (!test_bit(group, &groups))
1480 continue; 1468 continue;
1481 err = nlk->netlink_bind(group); 1469 err = nlk->netlink_bind(net, group);
1482 if (!err) 1470 if (!err)
1483 continue; 1471 continue;
1484 netlink_unbind(group, groups, nlk); 1472 netlink_undo_bind(group, groups, sk);
1485 return err; 1473 return err;
1486 } 1474 }
1487 } 1475 }
@@ -1491,7 +1479,7 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr,
1491 netlink_insert(sk, net, nladdr->nl_pid) : 1479 netlink_insert(sk, net, nladdr->nl_pid) :
1492 netlink_autobind(sock); 1480 netlink_autobind(sock);
1493 if (err) { 1481 if (err) {
1494 netlink_unbind(nlk->ngroups, groups, nlk); 1482 netlink_undo_bind(nlk->ngroups, groups, sk);
1495 return err; 1483 return err;
1496 } 1484 }
1497 } 1485 }
@@ -2142,7 +2130,7 @@ static int netlink_setsockopt(struct socket *sock, int level, int optname,
2142 if (!val || val - 1 >= nlk->ngroups) 2130 if (!val || val - 1 >= nlk->ngroups)
2143 return -EINVAL; 2131 return -EINVAL;
2144 if (optname == NETLINK_ADD_MEMBERSHIP && nlk->netlink_bind) { 2132 if (optname == NETLINK_ADD_MEMBERSHIP && nlk->netlink_bind) {
2145 err = nlk->netlink_bind(val); 2133 err = nlk->netlink_bind(sock_net(sk), val);
2146 if (err) 2134 if (err)
2147 return err; 2135 return err;
2148 } 2136 }
@@ -2151,7 +2139,7 @@ static int netlink_setsockopt(struct socket *sock, int level, int optname,
2151 optname == NETLINK_ADD_MEMBERSHIP); 2139 optname == NETLINK_ADD_MEMBERSHIP);
2152 netlink_table_ungrab(); 2140 netlink_table_ungrab();
2153 if (optname == NETLINK_DROP_MEMBERSHIP && nlk->netlink_unbind) 2141 if (optname == NETLINK_DROP_MEMBERSHIP && nlk->netlink_unbind)
2154 nlk->netlink_unbind(val); 2142 nlk->netlink_unbind(sock_net(sk), val);
2155 2143
2156 err = 0; 2144 err = 0;
2157 break; 2145 break;
diff --git a/net/netlink/af_netlink.h b/net/netlink/af_netlink.h
index b20a1731759b..f123a88496f8 100644
--- a/net/netlink/af_netlink.h
+++ b/net/netlink/af_netlink.h
@@ -39,8 +39,8 @@ struct netlink_sock {
39 struct mutex *cb_mutex; 39 struct mutex *cb_mutex;
40 struct mutex cb_def_mutex; 40 struct mutex cb_def_mutex;
41 void (*netlink_rcv)(struct sk_buff *skb); 41 void (*netlink_rcv)(struct sk_buff *skb);
42 int (*netlink_bind)(int group); 42 int (*netlink_bind)(struct net *net, int group);
43 void (*netlink_unbind)(int group); 43 void (*netlink_unbind)(struct net *net, int group);
44 struct module *module; 44 struct module *module;
45#ifdef CONFIG_NETLINK_MMAP 45#ifdef CONFIG_NETLINK_MMAP
46 struct mutex pg_vec_lock; 46 struct mutex pg_vec_lock;
@@ -65,8 +65,8 @@ struct netlink_table {
65 unsigned int groups; 65 unsigned int groups;
66 struct mutex *cb_mutex; 66 struct mutex *cb_mutex;
67 struct module *module; 67 struct module *module;
68 int (*bind)(int group); 68 int (*bind)(struct net *net, int group);
69 void (*unbind)(int group); 69 void (*unbind)(struct net *net, int group);
70 bool (*compare)(struct net *net, struct sock *sock); 70 bool (*compare)(struct net *net, struct sock *sock);
71 int registered; 71 int registered;
72}; 72};
diff --git a/net/netlink/genetlink.c b/net/netlink/genetlink.c
index 76393f2f4b22..2e11061ef885 100644
--- a/net/netlink/genetlink.c
+++ b/net/netlink/genetlink.c
@@ -983,11 +983,67 @@ static struct genl_multicast_group genl_ctrl_groups[] = {
983 { .name = "notify", }, 983 { .name = "notify", },
984}; 984};
985 985
986static int genl_bind(struct net *net, int group)
987{
988 int i, err = 0;
989
990 down_read(&cb_lock);
991 for (i = 0; i < GENL_FAM_TAB_SIZE; i++) {
992 struct genl_family *f;
993
994 list_for_each_entry(f, genl_family_chain(i), family_list) {
995 if (group >= f->mcgrp_offset &&
996 group < f->mcgrp_offset + f->n_mcgrps) {
997 int fam_grp = group - f->mcgrp_offset;
998
999 if (!f->netnsok && net != &init_net)
1000 err = -ENOENT;
1001 else if (f->mcast_bind)
1002 err = f->mcast_bind(net, fam_grp);
1003 else
1004 err = 0;
1005 break;
1006 }
1007 }
1008 }
1009 up_read(&cb_lock);
1010
1011 return err;
1012}
1013
1014static void genl_unbind(struct net *net, int group)
1015{
1016 int i;
1017 bool found = false;
1018
1019 down_read(&cb_lock);
1020 for (i = 0; i < GENL_FAM_TAB_SIZE; i++) {
1021 struct genl_family *f;
1022
1023 list_for_each_entry(f, genl_family_chain(i), family_list) {
1024 if (group >= f->mcgrp_offset &&
1025 group < f->mcgrp_offset + f->n_mcgrps) {
1026 int fam_grp = group - f->mcgrp_offset;
1027
1028 if (f->mcast_unbind)
1029 f->mcast_unbind(net, fam_grp);
1030 found = true;
1031 break;
1032 }
1033 }
1034 }
1035 up_read(&cb_lock);
1036
1037 WARN_ON(!found);
1038}
1039
986static int __net_init genl_pernet_init(struct net *net) 1040static int __net_init genl_pernet_init(struct net *net)
987{ 1041{
988 struct netlink_kernel_cfg cfg = { 1042 struct netlink_kernel_cfg cfg = {
989 .input = genl_rcv, 1043 .input = genl_rcv,
990 .flags = NL_CFG_F_NONROOT_RECV, 1044 .flags = NL_CFG_F_NONROOT_RECV,
1045 .bind = genl_bind,
1046 .unbind = genl_unbind,
991 }; 1047 };
992 1048
993 /* we'll bump the group number right afterwards */ 1049 /* we'll bump the group number right afterwards */
diff --git a/net/openvswitch/actions.c b/net/openvswitch/actions.c
index 764fdc39c63b..770064c83711 100644
--- a/net/openvswitch/actions.c
+++ b/net/openvswitch/actions.c
@@ -147,7 +147,8 @@ static int push_mpls(struct sk_buff *skb, struct sw_flow_key *key,
147 hdr = eth_hdr(skb); 147 hdr = eth_hdr(skb);
148 hdr->h_proto = mpls->mpls_ethertype; 148 hdr->h_proto = mpls->mpls_ethertype;
149 149
150 skb_set_inner_protocol(skb, skb->protocol); 150 if (!skb->inner_protocol)
151 skb_set_inner_protocol(skb, skb->protocol);
151 skb->protocol = mpls->mpls_ethertype; 152 skb->protocol = mpls->mpls_ethertype;
152 153
153 invalidate_flow_key(key); 154 invalidate_flow_key(key);
diff --git a/net/openvswitch/datapath.c b/net/openvswitch/datapath.c
index 332b5a031739..4e9a5f035cbc 100644
--- a/net/openvswitch/datapath.c
+++ b/net/openvswitch/datapath.c
@@ -83,8 +83,7 @@ static bool ovs_must_notify(struct genl_family *family, struct genl_info *info,
83 unsigned int group) 83 unsigned int group)
84{ 84{
85 return info->nlhdr->nlmsg_flags & NLM_F_ECHO || 85 return info->nlhdr->nlmsg_flags & NLM_F_ECHO ||
86 genl_has_listeners(family, genl_info_net(info)->genl_sock, 86 genl_has_listeners(family, genl_info_net(info), group);
87 group);
88} 87}
89 88
90static void ovs_notify(struct genl_family *family, 89static void ovs_notify(struct genl_family *family,
diff --git a/net/openvswitch/flow.c b/net/openvswitch/flow.c
index 70bef2ab7f2b..da2fae0873a5 100644
--- a/net/openvswitch/flow.c
+++ b/net/openvswitch/flow.c
@@ -70,6 +70,7 @@ void ovs_flow_stats_update(struct sw_flow *flow, __be16 tcp_flags,
70{ 70{
71 struct flow_stats *stats; 71 struct flow_stats *stats;
72 int node = numa_node_id(); 72 int node = numa_node_id();
73 int len = skb->len + (vlan_tx_tag_present(skb) ? VLAN_HLEN : 0);
73 74
74 stats = rcu_dereference(flow->stats[node]); 75 stats = rcu_dereference(flow->stats[node]);
75 76
@@ -105,7 +106,7 @@ void ovs_flow_stats_update(struct sw_flow *flow, __be16 tcp_flags,
105 if (likely(new_stats)) { 106 if (likely(new_stats)) {
106 new_stats->used = jiffies; 107 new_stats->used = jiffies;
107 new_stats->packet_count = 1; 108 new_stats->packet_count = 1;
108 new_stats->byte_count = skb->len; 109 new_stats->byte_count = len;
109 new_stats->tcp_flags = tcp_flags; 110 new_stats->tcp_flags = tcp_flags;
110 spin_lock_init(&new_stats->lock); 111 spin_lock_init(&new_stats->lock);
111 112
@@ -120,7 +121,7 @@ void ovs_flow_stats_update(struct sw_flow *flow, __be16 tcp_flags,
120 121
121 stats->used = jiffies; 122 stats->used = jiffies;
122 stats->packet_count++; 123 stats->packet_count++;
123 stats->byte_count += skb->len; 124 stats->byte_count += len;
124 stats->tcp_flags |= tcp_flags; 125 stats->tcp_flags |= tcp_flags;
125unlock: 126unlock:
126 spin_unlock(&stats->lock); 127 spin_unlock(&stats->lock);
diff --git a/net/openvswitch/flow_netlink.c b/net/openvswitch/flow_netlink.c
index 9645a21d9eaa..d1eecf707613 100644
--- a/net/openvswitch/flow_netlink.c
+++ b/net/openvswitch/flow_netlink.c
@@ -1753,7 +1753,6 @@ static int __ovs_nla_copy_actions(const struct nlattr *attr,
1753 __be16 eth_type, __be16 vlan_tci, bool log) 1753 __be16 eth_type, __be16 vlan_tci, bool log)
1754{ 1754{
1755 const struct nlattr *a; 1755 const struct nlattr *a;
1756 bool out_tnl_port = false;
1757 int rem, err; 1756 int rem, err;
1758 1757
1759 if (depth >= SAMPLE_ACTION_DEPTH) 1758 if (depth >= SAMPLE_ACTION_DEPTH)
@@ -1796,8 +1795,6 @@ static int __ovs_nla_copy_actions(const struct nlattr *attr,
1796 case OVS_ACTION_ATTR_OUTPUT: 1795 case OVS_ACTION_ATTR_OUTPUT:
1797 if (nla_get_u32(a) >= DP_MAX_PORTS) 1796 if (nla_get_u32(a) >= DP_MAX_PORTS)
1798 return -EINVAL; 1797 return -EINVAL;
1799 out_tnl_port = false;
1800
1801 break; 1798 break;
1802 1799
1803 case OVS_ACTION_ATTR_HASH: { 1800 case OVS_ACTION_ATTR_HASH: {
@@ -1832,12 +1829,6 @@ static int __ovs_nla_copy_actions(const struct nlattr *attr,
1832 case OVS_ACTION_ATTR_PUSH_MPLS: { 1829 case OVS_ACTION_ATTR_PUSH_MPLS: {
1833 const struct ovs_action_push_mpls *mpls = nla_data(a); 1830 const struct ovs_action_push_mpls *mpls = nla_data(a);
1834 1831
1835 /* Networking stack do not allow simultaneous Tunnel
1836 * and MPLS GSO.
1837 */
1838 if (out_tnl_port)
1839 return -EINVAL;
1840
1841 if (!eth_p_mpls(mpls->mpls_ethertype)) 1832 if (!eth_p_mpls(mpls->mpls_ethertype))
1842 return -EINVAL; 1833 return -EINVAL;
1843 /* Prohibit push MPLS other than to a white list 1834 /* Prohibit push MPLS other than to a white list
@@ -1873,11 +1864,9 @@ static int __ovs_nla_copy_actions(const struct nlattr *attr,
1873 1864
1874 case OVS_ACTION_ATTR_SET: 1865 case OVS_ACTION_ATTR_SET:
1875 err = validate_set(a, key, sfa, 1866 err = validate_set(a, key, sfa,
1876 &out_tnl_port, eth_type, log); 1867 &skip_copy, eth_type, log);
1877 if (err) 1868 if (err)
1878 return err; 1869 return err;
1879
1880 skip_copy = out_tnl_port;
1881 break; 1870 break;
1882 1871
1883 case OVS_ACTION_ATTR_SAMPLE: 1872 case OVS_ACTION_ATTR_SAMPLE:
diff --git a/net/openvswitch/vport-geneve.c b/net/openvswitch/vport-geneve.c
index 347fa2325b22..484864dd0e68 100644
--- a/net/openvswitch/vport-geneve.c
+++ b/net/openvswitch/vport-geneve.c
@@ -219,7 +219,10 @@ static int geneve_tnl_send(struct vport *vport, struct sk_buff *skb)
219 false); 219 false);
220 if (err < 0) 220 if (err < 0)
221 ip_rt_put(rt); 221 ip_rt_put(rt);
222 return err;
223
222error: 224error:
225 kfree_skb(skb);
223 return err; 226 return err;
224} 227}
225 228
diff --git a/net/openvswitch/vport-gre.c b/net/openvswitch/vport-gre.c
index 6b69df545b1d..d4168c442db5 100644
--- a/net/openvswitch/vport-gre.c
+++ b/net/openvswitch/vport-gre.c
@@ -73,7 +73,7 @@ static struct sk_buff *__build_header(struct sk_buff *skb,
73 73
74 skb = gre_handle_offloads(skb, !!(tun_key->tun_flags & TUNNEL_CSUM)); 74 skb = gre_handle_offloads(skb, !!(tun_key->tun_flags & TUNNEL_CSUM));
75 if (IS_ERR(skb)) 75 if (IS_ERR(skb))
76 return NULL; 76 return skb;
77 77
78 tpi.flags = filter_tnl_flags(tun_key->tun_flags); 78 tpi.flags = filter_tnl_flags(tun_key->tun_flags);
79 tpi.proto = htons(ETH_P_TEB); 79 tpi.proto = htons(ETH_P_TEB);
@@ -144,7 +144,7 @@ static int gre_tnl_send(struct vport *vport, struct sk_buff *skb)
144 144
145 if (unlikely(!OVS_CB(skb)->egress_tun_info)) { 145 if (unlikely(!OVS_CB(skb)->egress_tun_info)) {
146 err = -EINVAL; 146 err = -EINVAL;
147 goto error; 147 goto err_free_skb;
148 } 148 }
149 149
150 tun_key = &OVS_CB(skb)->egress_tun_info->tunnel; 150 tun_key = &OVS_CB(skb)->egress_tun_info->tunnel;
@@ -157,8 +157,10 @@ static int gre_tnl_send(struct vport *vport, struct sk_buff *skb)
157 fl.flowi4_proto = IPPROTO_GRE; 157 fl.flowi4_proto = IPPROTO_GRE;
158 158
159 rt = ip_route_output_key(net, &fl); 159 rt = ip_route_output_key(net, &fl);
160 if (IS_ERR(rt)) 160 if (IS_ERR(rt)) {
161 return PTR_ERR(rt); 161 err = PTR_ERR(rt);
162 goto err_free_skb;
163 }
162 164
163 tunnel_hlen = ip_gre_calc_hlen(tun_key->tun_flags); 165 tunnel_hlen = ip_gre_calc_hlen(tun_key->tun_flags);
164 166
@@ -183,8 +185,9 @@ static int gre_tnl_send(struct vport *vport, struct sk_buff *skb)
183 185
184 /* Push Tunnel header. */ 186 /* Push Tunnel header. */
185 skb = __build_header(skb, tunnel_hlen); 187 skb = __build_header(skb, tunnel_hlen);
186 if (unlikely(!skb)) { 188 if (IS_ERR(skb)) {
187 err = 0; 189 err = PTR_ERR(skb);
190 skb = NULL;
188 goto err_free_rt; 191 goto err_free_rt;
189 } 192 }
190 193
@@ -198,7 +201,8 @@ static int gre_tnl_send(struct vport *vport, struct sk_buff *skb)
198 tun_key->ipv4_tos, tun_key->ipv4_ttl, df, false); 201 tun_key->ipv4_tos, tun_key->ipv4_ttl, df, false);
199err_free_rt: 202err_free_rt:
200 ip_rt_put(rt); 203 ip_rt_put(rt);
201error: 204err_free_skb:
205 kfree_skb(skb);
202 return err; 206 return err;
203} 207}
204 208
diff --git a/net/openvswitch/vport-vxlan.c b/net/openvswitch/vport-vxlan.c
index 38f95a52241b..d7c46b301024 100644
--- a/net/openvswitch/vport-vxlan.c
+++ b/net/openvswitch/vport-vxlan.c
@@ -187,7 +187,9 @@ static int vxlan_tnl_send(struct vport *vport, struct sk_buff *skb)
187 false); 187 false);
188 if (err < 0) 188 if (err < 0)
189 ip_rt_put(rt); 189 ip_rt_put(rt);
190 return err;
190error: 191error:
192 kfree_skb(skb);
191 return err; 193 return err;
192} 194}
193 195
diff --git a/net/openvswitch/vport.c b/net/openvswitch/vport.c
index 9584526c0778..2034c6d9cb5a 100644
--- a/net/openvswitch/vport.c
+++ b/net/openvswitch/vport.c
@@ -480,7 +480,7 @@ void ovs_vport_receive(struct vport *vport, struct sk_buff *skb,
480 stats = this_cpu_ptr(vport->percpu_stats); 480 stats = this_cpu_ptr(vport->percpu_stats);
481 u64_stats_update_begin(&stats->syncp); 481 u64_stats_update_begin(&stats->syncp);
482 stats->rx_packets++; 482 stats->rx_packets++;
483 stats->rx_bytes += skb->len; 483 stats->rx_bytes += skb->len + (vlan_tx_tag_present(skb) ? VLAN_HLEN : 0);
484 u64_stats_update_end(&stats->syncp); 484 u64_stats_update_end(&stats->syncp);
485 485
486 OVS_CB(skb)->input_vport = vport; 486 OVS_CB(skb)->input_vport = vport;
@@ -519,10 +519,9 @@ int ovs_vport_send(struct vport *vport, struct sk_buff *skb)
519 u64_stats_update_end(&stats->syncp); 519 u64_stats_update_end(&stats->syncp);
520 } else if (sent < 0) { 520 } else if (sent < 0) {
521 ovs_vport_record_error(vport, VPORT_E_TX_ERROR); 521 ovs_vport_record_error(vport, VPORT_E_TX_ERROR);
522 kfree_skb(skb); 522 } else {
523 } else
524 ovs_vport_record_error(vport, VPORT_E_TX_DROPPED); 523 ovs_vport_record_error(vport, VPORT_E_TX_DROPPED);
525 524 }
526 return sent; 525 return sent;
527} 526}
528 527
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
index e52a44785681..6880f34a529a 100644
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -785,6 +785,7 @@ static void prb_close_block(struct tpacket_kbdq_core *pkc1,
785 785
786 struct tpacket3_hdr *last_pkt; 786 struct tpacket3_hdr *last_pkt;
787 struct tpacket_hdr_v1 *h1 = &pbd1->hdr.bh1; 787 struct tpacket_hdr_v1 *h1 = &pbd1->hdr.bh1;
788 struct sock *sk = &po->sk;
788 789
789 if (po->stats.stats3.tp_drops) 790 if (po->stats.stats3.tp_drops)
790 status |= TP_STATUS_LOSING; 791 status |= TP_STATUS_LOSING;
@@ -809,6 +810,8 @@ static void prb_close_block(struct tpacket_kbdq_core *pkc1,
809 /* Flush the block */ 810 /* Flush the block */
810 prb_flush_block(pkc1, pbd1, status); 811 prb_flush_block(pkc1, pbd1, status);
811 812
813 sk->sk_data_ready(sk);
814
812 pkc1->kactive_blk_num = GET_NEXT_PRB_BLK_NUM(pkc1); 815 pkc1->kactive_blk_num = GET_NEXT_PRB_BLK_NUM(pkc1);
813} 816}
814 817
@@ -2052,12 +2055,12 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev,
2052 smp_wmb(); 2055 smp_wmb();
2053#endif 2056#endif
2054 2057
2055 if (po->tp_version <= TPACKET_V2) 2058 if (po->tp_version <= TPACKET_V2) {
2056 __packet_set_status(po, h.raw, status); 2059 __packet_set_status(po, h.raw, status);
2057 else 2060 sk->sk_data_ready(sk);
2061 } else {
2058 prb_clear_blk_fill_status(&po->rx_ring); 2062 prb_clear_blk_fill_status(&po->rx_ring);
2059 2063 }
2060 sk->sk_data_ready(sk);
2061 2064
2062drop_n_restore: 2065drop_n_restore:
2063 if (skb_head != skb->data && skb_shared(skb)) { 2066 if (skb_head != skb->data && skb_shared(skb)) {
diff --git a/net/rds/message.c b/net/rds/message.c
index ff2202218187..5a21e6f5986f 100644
--- a/net/rds/message.c
+++ b/net/rds/message.c
@@ -325,7 +325,8 @@ int rds_message_inc_copy_to_user(struct rds_incoming *inc, struct iov_iter *to)
325 copied = 0; 325 copied = 0;
326 326
327 while (iov_iter_count(to) && copied < len) { 327 while (iov_iter_count(to) && copied < len) {
328 to_copy = min(iov_iter_count(to), sg->length - vec_off); 328 to_copy = min_t(unsigned long, iov_iter_count(to),
329 sg->length - vec_off);
329 to_copy = min_t(unsigned long, to_copy, len - copied); 330 to_copy = min_t(unsigned long, to_copy, len - copied);
330 331
331 rds_stats_add(s_copy_to_user, to_copy); 332 rds_stats_add(s_copy_to_user, to_copy);
diff --git a/net/socket.c b/net/socket.c
index 70bbde65e4ca..a2c33a4dc7ba 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -372,7 +372,6 @@ struct file *sock_alloc_file(struct socket *sock, int flags, const char *dname)
372 path.mnt = mntget(sock_mnt); 372 path.mnt = mntget(sock_mnt);
373 373
374 d_instantiate(path.dentry, SOCK_INODE(sock)); 374 d_instantiate(path.dentry, SOCK_INODE(sock));
375 SOCK_INODE(sock)->i_fop = &socket_file_ops;
376 375
377 file = alloc_file(&path, FMODE_READ | FMODE_WRITE, 376 file = alloc_file(&path, FMODE_READ | FMODE_WRITE,
378 &socket_file_ops); 377 &socket_file_ops);
diff --git a/net/sunrpc/xdr.c b/net/sunrpc/xdr.c
index 1cb61242e55e..4439ac4c1b53 100644
--- a/net/sunrpc/xdr.c
+++ b/net/sunrpc/xdr.c
@@ -606,7 +606,7 @@ void xdr_truncate_encode(struct xdr_stream *xdr, size_t len)
606 struct kvec *head = buf->head; 606 struct kvec *head = buf->head;
607 struct kvec *tail = buf->tail; 607 struct kvec *tail = buf->tail;
608 int fraglen; 608 int fraglen;
609 int new, old; 609 int new;
610 610
611 if (len > buf->len) { 611 if (len > buf->len) {
612 WARN_ON_ONCE(1); 612 WARN_ON_ONCE(1);
@@ -629,8 +629,8 @@ void xdr_truncate_encode(struct xdr_stream *xdr, size_t len)
629 buf->len -= fraglen; 629 buf->len -= fraglen;
630 630
631 new = buf->page_base + buf->page_len; 631 new = buf->page_base + buf->page_len;
632 old = new + fraglen; 632
633 xdr->page_ptr -= (old >> PAGE_SHIFT) - (new >> PAGE_SHIFT); 633 xdr->page_ptr = buf->pages + (new >> PAGE_SHIFT);
634 634
635 if (buf->page_len) { 635 if (buf->page_len) {
636 xdr->p = page_address(*xdr->page_ptr); 636 xdr->p = page_address(*xdr->page_ptr);
diff --git a/net/wireless/Kconfig b/net/wireless/Kconfig
index 22ba971741e5..29c8675f9a11 100644
--- a/net/wireless/Kconfig
+++ b/net/wireless/Kconfig
@@ -175,7 +175,7 @@ config CFG80211_INTERNAL_REGDB
175 Most distributions have a CRDA package. So if unsure, say N. 175 Most distributions have a CRDA package. So if unsure, say N.
176 176
177config CFG80211_WEXT 177config CFG80211_WEXT
178 bool 178 bool "cfg80211 wireless extensions compatibility"
179 depends on CFG80211 179 depends on CFG80211
180 select WEXT_CORE 180 select WEXT_CORE
181 help 181 help
diff --git a/net/wireless/chan.c b/net/wireless/chan.c
index 85506f1d0789..7aaf7415dc4c 100644
--- a/net/wireless/chan.c
+++ b/net/wireless/chan.c
@@ -603,7 +603,7 @@ bool cfg80211_chandef_usable(struct wiphy *wiphy,
603{ 603{
604 struct ieee80211_sta_ht_cap *ht_cap; 604 struct ieee80211_sta_ht_cap *ht_cap;
605 struct ieee80211_sta_vht_cap *vht_cap; 605 struct ieee80211_sta_vht_cap *vht_cap;
606 u32 width, control_freq; 606 u32 width, control_freq, cap;
607 607
608 if (WARN_ON(!cfg80211_chandef_valid(chandef))) 608 if (WARN_ON(!cfg80211_chandef_valid(chandef)))
609 return false; 609 return false;
@@ -643,7 +643,8 @@ bool cfg80211_chandef_usable(struct wiphy *wiphy,
643 return false; 643 return false;
644 break; 644 break;
645 case NL80211_CHAN_WIDTH_80P80: 645 case NL80211_CHAN_WIDTH_80P80:
646 if (!(vht_cap->cap & IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ)) 646 cap = vht_cap->cap & IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK;
647 if (cap != IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ)
647 return false; 648 return false;
648 case NL80211_CHAN_WIDTH_80: 649 case NL80211_CHAN_WIDTH_80:
649 if (!vht_cap->vht_supported) 650 if (!vht_cap->vht_supported)
@@ -654,7 +655,9 @@ bool cfg80211_chandef_usable(struct wiphy *wiphy,
654 case NL80211_CHAN_WIDTH_160: 655 case NL80211_CHAN_WIDTH_160:
655 if (!vht_cap->vht_supported) 656 if (!vht_cap->vht_supported)
656 return false; 657 return false;
657 if (!(vht_cap->cap & IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ)) 658 cap = vht_cap->cap & IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK;
659 if (cap != IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ &&
660 cap != IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ)
658 return false; 661 return false;
659 prohibited_flags |= IEEE80211_CHAN_NO_160MHZ; 662 prohibited_flags |= IEEE80211_CHAN_NO_160MHZ;
660 width = 160; 663 width = 160;
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index a17d6bc6b22c..7ca4b5133123 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -6002,7 +6002,7 @@ nl80211_parse_sched_scan(struct wiphy *wiphy, struct wireless_dev *wdev,
6002 } 6002 }
6003 6003
6004 /* there was no other matchset, so the RSSI one is alone */ 6004 /* there was no other matchset, so the RSSI one is alone */
6005 if (i == 0) 6005 if (i == 0 && n_match_sets)
6006 request->match_sets[0].rssi_thold = default_match_rssi; 6006 request->match_sets[0].rssi_thold = default_match_rssi;
6007 6007
6008 request->min_rssi_thold = INT_MAX; 6008 request->min_rssi_thold = INT_MAX;
diff --git a/net/wireless/reg.c b/net/wireless/reg.c
index 47be6163381c..7b8309840d4e 100644
--- a/net/wireless/reg.c
+++ b/net/wireless/reg.c
@@ -1549,9 +1549,15 @@ static bool reg_wdev_chan_valid(struct wiphy *wiphy, struct wireless_dev *wdev)
1549 ret = cfg80211_reg_can_beacon(wiphy, 1549 ret = cfg80211_reg_can_beacon(wiphy,
1550 &wdev->chandef, wdev->iftype); 1550 &wdev->chandef, wdev->iftype);
1551 break; 1551 break;
1552 case NL80211_IFTYPE_ADHOC:
1553 if (!wdev->ssid_len)
1554 goto out;
1555
1556 ret = cfg80211_reg_can_beacon(wiphy,
1557 &wdev->chandef, wdev->iftype);
1558 break;
1552 case NL80211_IFTYPE_STATION: 1559 case NL80211_IFTYPE_STATION:
1553 case NL80211_IFTYPE_P2P_CLIENT: 1560 case NL80211_IFTYPE_P2P_CLIENT:
1554 case NL80211_IFTYPE_ADHOC:
1555 if (!wdev->current_bss || 1561 if (!wdev->current_bss ||
1556 !wdev->current_bss->pub.channel) 1562 !wdev->current_bss->pub.channel)
1557 goto out; 1563 goto out;
@@ -1907,7 +1913,7 @@ static enum reg_request_treatment
1907reg_process_hint_driver(struct wiphy *wiphy, 1913reg_process_hint_driver(struct wiphy *wiphy,
1908 struct regulatory_request *driver_request) 1914 struct regulatory_request *driver_request)
1909{ 1915{
1910 const struct ieee80211_regdomain *regd; 1916 const struct ieee80211_regdomain *regd, *tmp;
1911 enum reg_request_treatment treatment; 1917 enum reg_request_treatment treatment;
1912 1918
1913 treatment = __reg_process_hint_driver(driver_request); 1919 treatment = __reg_process_hint_driver(driver_request);
@@ -1927,7 +1933,10 @@ reg_process_hint_driver(struct wiphy *wiphy,
1927 reg_free_request(driver_request); 1933 reg_free_request(driver_request);
1928 return REG_REQ_IGNORE; 1934 return REG_REQ_IGNORE;
1929 } 1935 }
1936
1937 tmp = get_wiphy_regdom(wiphy);
1930 rcu_assign_pointer(wiphy->regd, regd); 1938 rcu_assign_pointer(wiphy->regd, regd);
1939 rcu_free_regdom(tmp);
1931 } 1940 }
1932 1941
1933 1942
@@ -1986,11 +1995,8 @@ __reg_process_hint_country_ie(struct wiphy *wiphy,
1986 return REG_REQ_IGNORE; 1995 return REG_REQ_IGNORE;
1987 return REG_REQ_ALREADY_SET; 1996 return REG_REQ_ALREADY_SET;
1988 } 1997 }
1989 /* 1998
1990 * Two consecutive Country IE hints on the same wiphy. 1999 if (regdom_changes(country_ie_request->alpha2))
1991 * This should be picked up early by the driver/stack
1992 */
1993 if (WARN_ON(regdom_changes(country_ie_request->alpha2)))
1994 return REG_REQ_OK; 2000 return REG_REQ_OK;
1995 return REG_REQ_ALREADY_SET; 2001 return REG_REQ_ALREADY_SET;
1996} 2002}
generated by cgit v1.2.2 (git 2.25.0) at 2025-08-24 18:06:05 -0400