aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2010-05-25 19:59:51 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2010-05-25 19:59:51 -0400
commitb1cdc4670b9508fcd47a15fbd12f70d269880b37 (patch)
treefea9e2650170886d539488f8b1e064f6ca60ad36 /net
parentce7d0226198aac42ed311dd2783232adc16b296d (diff)
parentf925b1303e0672effc78547353bd2ddfe11f5b5f (diff)
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (63 commits) drivers/net/usb/asix.c: Fix pointer cast. be2net: Bug fix to avoid disabling bottom half during firmware upgrade. proc_dointvec: write a single value hso: add support for new products Phonet: fix potential use-after-free in pep_sock_close() ath9k: remove VEOL support for ad-hoc ath9k: change beacon allocation to prefer the first beacon slot sock.h: fix kernel-doc warning cls_cgroup: Fix build error when built-in macvlan: do proper cleanup in macvlan_common_newlink() V2 be2net: Bug fix in init code in probe net/dccp: expansion of error code size ath9k: Fix rx of mcast/bcast frames in PS mode with auto sleep wireless: fix sta_info.h kernel-doc warnings wireless: fix mac80211.h kernel-doc warnings iwlwifi: testing the wrong variable in iwl_add_bssid_station() ath9k_htc: rare leak in ath9k_hif_usb_alloc_tx_urbs() ath9k_htc: dereferencing before check in hif_usb_tx_cb() rt2x00: Fix rt2800usb TX descriptor writing. rt2x00: Fix failed SLEEP->AWAKE and AWAKE->SLEEP transitions. ...
Diffstat (limited to 'net')
-rw-r--r--net/caif/Kconfig5
-rw-r--r--net/caif/caif_socket.c91
-rw-r--r--net/caif/cfctrl.c92
-rw-r--r--net/caif/cfmuxl.c3
-rw-r--r--net/caif/cfpkt_skbuff.c25
-rw-r--r--net/caif/cfserl.c3
-rw-r--r--net/caif/cfsrvl.c6
-rw-r--r--net/core/dev.c48
-rw-r--r--net/core/rtnetlink.c4
-rw-r--r--net/core/skbuff.c1
-rw-r--r--net/core/sock.c19
-rw-r--r--net/dccp/input.c6
-rw-r--r--net/ieee802154/wpan-class.c7
-rw-r--r--net/mac80211/sta_info.h2
-rw-r--r--net/netfilter/nf_conntrack_core.c10
-rw-r--r--net/netfilter/nf_conntrack_sip.c12
-rw-r--r--net/phonet/pep.c2
-rw-r--r--net/sched/cls_cgroup.c50
-rw-r--r--net/sched/sch_api.c14
-rw-r--r--net/socket.c9
-rw-r--r--net/wireless/chan.c2
-rw-r--r--net/wireless/nl80211.c6
-rw-r--r--net/wireless/scan.c4
23 files changed, 222 insertions, 199 deletions
diff --git a/net/caif/Kconfig b/net/caif/Kconfig
index cd1daf6008bd..ed651786f16b 100644
--- a/net/caif/Kconfig
+++ b/net/caif/Kconfig
@@ -2,10 +2,8 @@
2# CAIF net configurations 2# CAIF net configurations
3# 3#
4 4
5#menu "CAIF Support"
6comment "CAIF Support"
7menuconfig CAIF 5menuconfig CAIF
8 tristate "Enable CAIF support" 6 tristate "CAIF support"
9 select CRC_CCITT 7 select CRC_CCITT
10 default n 8 default n
11 ---help--- 9 ---help---
@@ -45,4 +43,3 @@ config CAIF_NETDEV
45 If unsure say Y. 43 If unsure say Y.
46 44
47endif 45endif
48#endmenu
diff --git a/net/caif/caif_socket.c b/net/caif/caif_socket.c
index c3a70c5c893a..3d0e09584fae 100644
--- a/net/caif/caif_socket.c
+++ b/net/caif/caif_socket.c
@@ -60,7 +60,7 @@ struct debug_fs_counter {
60 atomic_t num_rx_flow_off; 60 atomic_t num_rx_flow_off;
61 atomic_t num_rx_flow_on; 61 atomic_t num_rx_flow_on;
62}; 62};
63struct debug_fs_counter cnt; 63static struct debug_fs_counter cnt;
64#define dbfs_atomic_inc(v) atomic_inc(v) 64#define dbfs_atomic_inc(v) atomic_inc(v)
65#define dbfs_atomic_dec(v) atomic_dec(v) 65#define dbfs_atomic_dec(v) atomic_dec(v)
66#else 66#else
@@ -128,17 +128,17 @@ static void caif_read_unlock(struct sock *sk)
128 mutex_unlock(&cf_sk->readlock); 128 mutex_unlock(&cf_sk->readlock);
129} 129}
130 130
131int sk_rcvbuf_lowwater(struct caifsock *cf_sk) 131static int sk_rcvbuf_lowwater(struct caifsock *cf_sk)
132{ 132{
133 /* A quarter of full buffer is used a low water mark */ 133 /* A quarter of full buffer is used a low water mark */
134 return cf_sk->sk.sk_rcvbuf / 4; 134 return cf_sk->sk.sk_rcvbuf / 4;
135} 135}
136 136
137void caif_flow_ctrl(struct sock *sk, int mode) 137static void caif_flow_ctrl(struct sock *sk, int mode)
138{ 138{
139 struct caifsock *cf_sk; 139 struct caifsock *cf_sk;
140 cf_sk = container_of(sk, struct caifsock, sk); 140 cf_sk = container_of(sk, struct caifsock, sk);
141 if (cf_sk->layer.dn) 141 if (cf_sk->layer.dn && cf_sk->layer.dn->modemcmd)
142 cf_sk->layer.dn->modemcmd(cf_sk->layer.dn, mode); 142 cf_sk->layer.dn->modemcmd(cf_sk->layer.dn, mode);
143} 143}
144 144
@@ -146,7 +146,7 @@ void caif_flow_ctrl(struct sock *sk, int mode)
146 * Copied from sock.c:sock_queue_rcv_skb(), but changed so packets are 146 * Copied from sock.c:sock_queue_rcv_skb(), but changed so packets are
147 * not dropped, but CAIF is sending flow off instead. 147 * not dropped, but CAIF is sending flow off instead.
148 */ 148 */
149int caif_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) 149static int caif_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
150{ 150{
151 int err; 151 int err;
152 int skb_len; 152 int skb_len;
@@ -162,9 +162,8 @@ int caif_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
162 atomic_read(&cf_sk->sk.sk_rmem_alloc), 162 atomic_read(&cf_sk->sk.sk_rmem_alloc),
163 sk_rcvbuf_lowwater(cf_sk)); 163 sk_rcvbuf_lowwater(cf_sk));
164 set_rx_flow_off(cf_sk); 164 set_rx_flow_off(cf_sk);
165 if (cf_sk->layer.dn) 165 dbfs_atomic_inc(&cnt.num_rx_flow_off);
166 cf_sk->layer.dn->modemcmd(cf_sk->layer.dn, 166 caif_flow_ctrl(sk, CAIF_MODEMCMD_FLOW_OFF_REQ);
167 CAIF_MODEMCMD_FLOW_OFF_REQ);
168 } 167 }
169 168
170 err = sk_filter(sk, skb); 169 err = sk_filter(sk, skb);
@@ -175,9 +174,8 @@ int caif_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
175 trace_printk("CAIF: %s():" 174 trace_printk("CAIF: %s():"
176 " sending flow OFF due to rmem_schedule\n", 175 " sending flow OFF due to rmem_schedule\n",
177 __func__); 176 __func__);
178 if (cf_sk->layer.dn) 177 dbfs_atomic_inc(&cnt.num_rx_flow_off);
179 cf_sk->layer.dn->modemcmd(cf_sk->layer.dn, 178 caif_flow_ctrl(sk, CAIF_MODEMCMD_FLOW_OFF_REQ);
180 CAIF_MODEMCMD_FLOW_OFF_REQ);
181 } 179 }
182 skb->dev = NULL; 180 skb->dev = NULL;
183 skb_set_owner_r(skb, sk); 181 skb_set_owner_r(skb, sk);
@@ -285,65 +283,51 @@ static void caif_check_flow_release(struct sock *sk)
285{ 283{
286 struct caifsock *cf_sk = container_of(sk, struct caifsock, sk); 284 struct caifsock *cf_sk = container_of(sk, struct caifsock, sk);
287 285
288 if (cf_sk->layer.dn == NULL || cf_sk->layer.dn->modemcmd == NULL)
289 return;
290 if (rx_flow_is_on(cf_sk)) 286 if (rx_flow_is_on(cf_sk))
291 return; 287 return;
292 288
293 if (atomic_read(&sk->sk_rmem_alloc) <= sk_rcvbuf_lowwater(cf_sk)) { 289 if (atomic_read(&sk->sk_rmem_alloc) <= sk_rcvbuf_lowwater(cf_sk)) {
294 dbfs_atomic_inc(&cnt.num_rx_flow_on); 290 dbfs_atomic_inc(&cnt.num_rx_flow_on);
295 set_rx_flow_on(cf_sk); 291 set_rx_flow_on(cf_sk);
296 cf_sk->layer.dn->modemcmd(cf_sk->layer.dn, 292 caif_flow_ctrl(sk, CAIF_MODEMCMD_FLOW_ON_REQ);
297 CAIF_MODEMCMD_FLOW_ON_REQ);
298 } 293 }
299} 294}
295
300/* 296/*
301 * Copied from sock.c:sock_queue_rcv_skb(), and added check that user buffer 297 * Copied from unix_dgram_recvmsg, but removed credit checks,
302 * has sufficient size. 298 * changed locking, address handling and added MSG_TRUNC.
303 */ 299 */
304
305static int caif_seqpkt_recvmsg(struct kiocb *iocb, struct socket *sock, 300static int caif_seqpkt_recvmsg(struct kiocb *iocb, struct socket *sock,
306 struct msghdr *m, size_t buf_len, int flags) 301 struct msghdr *m, size_t len, int flags)
307 302
308{ 303{
309 struct sock *sk = sock->sk; 304 struct sock *sk = sock->sk;
310 struct sk_buff *skb; 305 struct sk_buff *skb;
311 int ret = 0; 306 int ret;
312 int len; 307 int copylen;
313 308
314 if (unlikely(!buf_len)) 309 ret = -EOPNOTSUPP;
315 return -EINVAL; 310 if (m->msg_flags&MSG_OOB)
311 goto read_error;
316 312
317 skb = skb_recv_datagram(sk, flags, 0 , &ret); 313 skb = skb_recv_datagram(sk, flags, 0 , &ret);
318 if (!skb) 314 if (!skb)
319 goto read_error; 315 goto read_error;
320 316 copylen = skb->len;
321 len = skb->len; 317 if (len < copylen) {
322 318 m->msg_flags |= MSG_TRUNC;
323 if (skb && skb->len > buf_len && !(flags & MSG_PEEK)) { 319 copylen = len;
324 len = buf_len;
325 /*
326 * Push skb back on receive queue if buffer too small.
327 * This has a built-in race where multi-threaded receive
328 * may get packet in wrong order, but multiple read does
329 * not really guarantee ordered delivery anyway.
330 * Let's optimize for speed without taking locks.
331 */
332
333 skb_queue_head(&sk->sk_receive_queue, skb);
334 ret = -EMSGSIZE;
335 goto read_error;
336 } 320 }
337 321
338 ret = skb_copy_datagram_iovec(skb, 0, m->msg_iov, len); 322 ret = skb_copy_datagram_iovec(skb, 0, m->msg_iov, copylen);
339 if (ret) 323 if (ret)
340 goto read_error; 324 goto out_free;
341 325
326 ret = (flags & MSG_TRUNC) ? skb->len : copylen;
327out_free:
342 skb_free_datagram(sk, skb); 328 skb_free_datagram(sk, skb);
343
344 caif_check_flow_release(sk); 329 caif_check_flow_release(sk);
345 330 return ret;
346 return len;
347 331
348read_error: 332read_error:
349 return ret; 333 return ret;
@@ -920,17 +904,17 @@ wait_connect:
920 timeo = sock_sndtimeo(sk, flags & O_NONBLOCK); 904 timeo = sock_sndtimeo(sk, flags & O_NONBLOCK);
921 905
922 release_sock(sk); 906 release_sock(sk);
923 err = wait_event_interruptible_timeout(*sk_sleep(sk), 907 err = -ERESTARTSYS;
908 timeo = wait_event_interruptible_timeout(*sk_sleep(sk),
924 sk->sk_state != CAIF_CONNECTING, 909 sk->sk_state != CAIF_CONNECTING,
925 timeo); 910 timeo);
926 lock_sock(sk); 911 lock_sock(sk);
927 if (err < 0) 912 if (timeo < 0)
928 goto out; /* -ERESTARTSYS */ 913 goto out; /* -ERESTARTSYS */
929 if (err == 0 && sk->sk_state != CAIF_CONNECTED) {
930 err = -ETIMEDOUT;
931 goto out;
932 }
933 914
915 err = -ETIMEDOUT;
916 if (timeo == 0 && sk->sk_state != CAIF_CONNECTED)
917 goto out;
934 if (sk->sk_state != CAIF_CONNECTED) { 918 if (sk->sk_state != CAIF_CONNECTED) {
935 sock->state = SS_UNCONNECTED; 919 sock->state = SS_UNCONNECTED;
936 err = sock_error(sk); 920 err = sock_error(sk);
@@ -945,7 +929,6 @@ out:
945 return err; 929 return err;
946} 930}
947 931
948
949/* 932/*
950 * caif_release() - Disconnect a CAIF Socket 933 * caif_release() - Disconnect a CAIF Socket
951 * Copied and modified af_irda.c:irda_release(). 934 * Copied and modified af_irda.c:irda_release().
@@ -1019,10 +1002,6 @@ static unsigned int caif_poll(struct file *file,
1019 (sk->sk_shutdown & RCV_SHUTDOWN)) 1002 (sk->sk_shutdown & RCV_SHUTDOWN))
1020 mask |= POLLIN | POLLRDNORM; 1003 mask |= POLLIN | POLLRDNORM;
1021 1004
1022 /* Connection-based need to check for termination and startup */
1023 if (sk->sk_state == CAIF_DISCONNECTED)
1024 mask |= POLLHUP;
1025
1026 /* 1005 /*
1027 * we set writable also when the other side has shut down the 1006 * we set writable also when the other side has shut down the
1028 * connection. This prevents stuck sockets. 1007 * connection. This prevents stuck sockets.
@@ -1194,7 +1173,7 @@ static struct net_proto_family caif_family_ops = {
1194 .owner = THIS_MODULE, 1173 .owner = THIS_MODULE,
1195}; 1174};
1196 1175
1197int af_caif_init(void) 1176static int af_caif_init(void)
1198{ 1177{
1199 int err = sock_register(&caif_family_ops); 1178 int err = sock_register(&caif_family_ops);
1200 if (!err) 1179 if (!err)
diff --git a/net/caif/cfctrl.c b/net/caif/cfctrl.c
index 0ffe1e1ce901..fcfda98a5e6d 100644
--- a/net/caif/cfctrl.c
+++ b/net/caif/cfctrl.c
@@ -44,13 +44,14 @@ struct cflayer *cfctrl_create(void)
44 dev_info.id = 0xff; 44 dev_info.id = 0xff;
45 memset(this, 0, sizeof(*this)); 45 memset(this, 0, sizeof(*this));
46 cfsrvl_init(&this->serv, 0, &dev_info); 46 cfsrvl_init(&this->serv, 0, &dev_info);
47 spin_lock_init(&this->info_list_lock);
48 atomic_set(&this->req_seq_no, 1); 47 atomic_set(&this->req_seq_no, 1);
49 atomic_set(&this->rsp_seq_no, 1); 48 atomic_set(&this->rsp_seq_no, 1);
50 this->serv.layer.receive = cfctrl_recv; 49 this->serv.layer.receive = cfctrl_recv;
51 sprintf(this->serv.layer.name, "ctrl"); 50 sprintf(this->serv.layer.name, "ctrl");
52 this->serv.layer.ctrlcmd = cfctrl_ctrlcmd; 51 this->serv.layer.ctrlcmd = cfctrl_ctrlcmd;
53 spin_lock_init(&this->loop_linkid_lock); 52 spin_lock_init(&this->loop_linkid_lock);
53 spin_lock_init(&this->info_list_lock);
54 INIT_LIST_HEAD(&this->list);
54 this->loop_linkid = 1; 55 this->loop_linkid = 1;
55 return &this->serv.layer; 56 return &this->serv.layer;
56} 57}
@@ -112,20 +113,10 @@ bool cfctrl_req_eq(struct cfctrl_request_info *r1,
112void cfctrl_insert_req(struct cfctrl *ctrl, 113void cfctrl_insert_req(struct cfctrl *ctrl,
113 struct cfctrl_request_info *req) 114 struct cfctrl_request_info *req)
114{ 115{
115 struct cfctrl_request_info *p;
116 spin_lock(&ctrl->info_list_lock); 116 spin_lock(&ctrl->info_list_lock);
117 req->next = NULL;
118 atomic_inc(&ctrl->req_seq_no); 117 atomic_inc(&ctrl->req_seq_no);
119 req->sequence_no = atomic_read(&ctrl->req_seq_no); 118 req->sequence_no = atomic_read(&ctrl->req_seq_no);
120 if (ctrl->first_req == NULL) { 119 list_add_tail(&req->list, &ctrl->list);
121 ctrl->first_req = req;
122 spin_unlock(&ctrl->info_list_lock);
123 return;
124 }
125 p = ctrl->first_req;
126 while (p->next != NULL)
127 p = p->next;
128 p->next = req;
129 spin_unlock(&ctrl->info_list_lock); 120 spin_unlock(&ctrl->info_list_lock);
130} 121}
131 122
@@ -133,46 +124,28 @@ void cfctrl_insert_req(struct cfctrl *ctrl,
133struct cfctrl_request_info *cfctrl_remove_req(struct cfctrl *ctrl, 124struct cfctrl_request_info *cfctrl_remove_req(struct cfctrl *ctrl,
134 struct cfctrl_request_info *req) 125 struct cfctrl_request_info *req)
135{ 126{
136 struct cfctrl_request_info *p; 127 struct cfctrl_request_info *p, *tmp, *first;
137 struct cfctrl_request_info *ret;
138 128
139 spin_lock(&ctrl->info_list_lock); 129 spin_lock(&ctrl->info_list_lock);
140 if (ctrl->first_req == NULL) { 130 first = list_first_entry(&ctrl->list, struct cfctrl_request_info, list);
141 spin_unlock(&ctrl->info_list_lock);
142 return NULL;
143 }
144
145 if (cfctrl_req_eq(req, ctrl->first_req)) {
146 ret = ctrl->first_req;
147 caif_assert(ctrl->first_req);
148 atomic_set(&ctrl->rsp_seq_no,
149 ctrl->first_req->sequence_no);
150 ctrl->first_req = ctrl->first_req->next;
151 spin_unlock(&ctrl->info_list_lock);
152 return ret;
153 }
154 131
155 p = ctrl->first_req; 132 list_for_each_entry_safe(p, tmp, &ctrl->list, list) {
156 133 if (cfctrl_req_eq(req, p)) {
157 while (p->next != NULL) { 134 if (p != first)
158 if (cfctrl_req_eq(req, p->next)) { 135 pr_warning("CAIF: %s(): Requests are not "
159 pr_warning("CAIF: %s(): Requests are not "
160 "received in order\n", 136 "received in order\n",
161 __func__); 137 __func__);
162 ret = p->next; 138
163 atomic_set(&ctrl->rsp_seq_no, 139 atomic_set(&ctrl->rsp_seq_no,
164 p->next->sequence_no); 140 p->sequence_no);
165 p->next = p->next->next; 141 list_del(&p->list);
166 spin_unlock(&ctrl->info_list_lock); 142 goto out;
167 return ret;
168 } 143 }
169 p = p->next;
170 } 144 }
145 p = NULL;
146out:
171 spin_unlock(&ctrl->info_list_lock); 147 spin_unlock(&ctrl->info_list_lock);
172 148 return p;
173 pr_warning("CAIF: %s(): Request does not match\n",
174 __func__);
175 return NULL;
176} 149}
177 150
178struct cfctrl_rsp *cfctrl_get_respfuncs(struct cflayer *layer) 151struct cfctrl_rsp *cfctrl_get_respfuncs(struct cflayer *layer)
@@ -388,31 +361,18 @@ void cfctrl_getstartreason_req(struct cflayer *layer)
388 361
389void cfctrl_cancel_req(struct cflayer *layr, struct cflayer *adap_layer) 362void cfctrl_cancel_req(struct cflayer *layr, struct cflayer *adap_layer)
390{ 363{
391 struct cfctrl_request_info *p, *req; 364 struct cfctrl_request_info *p, *tmp;
392 struct cfctrl *ctrl = container_obj(layr); 365 struct cfctrl *ctrl = container_obj(layr);
393 spin_lock(&ctrl->info_list_lock); 366 spin_lock(&ctrl->info_list_lock);
394 367 pr_warning("CAIF: %s(): enter\n", __func__);
395 if (ctrl->first_req == NULL) { 368
396 spin_unlock(&ctrl->info_list_lock); 369 list_for_each_entry_safe(p, tmp, &ctrl->list, list) {
397 return; 370 if (p->client_layer == adap_layer) {
398 } 371 pr_warning("CAIF: %s(): cancel req :%d\n", __func__,
399 372 p->sequence_no);
400 if (ctrl->first_req->client_layer == adap_layer) { 373 list_del(&p->list);
401 374 kfree(p);
402 req = ctrl->first_req;
403 ctrl->first_req = ctrl->first_req->next;
404 kfree(req);
405 }
406
407 p = ctrl->first_req;
408 while (p != NULL && p->next != NULL) {
409 if (p->next->client_layer == adap_layer) {
410
411 req = p->next;
412 p->next = p->next->next;
413 kfree(p->next);
414 } 375 }
415 p = p->next;
416 } 376 }
417 377
418 spin_unlock(&ctrl->info_list_lock); 378 spin_unlock(&ctrl->info_list_lock);
@@ -634,7 +594,7 @@ static void cfctrl_ctrlcmd(struct cflayer *layr, enum caif_ctrlcmd ctrl,
634 case _CAIF_CTRLCMD_PHYIF_FLOW_OFF_IND: 594 case _CAIF_CTRLCMD_PHYIF_FLOW_OFF_IND:
635 case CAIF_CTRLCMD_FLOW_OFF_IND: 595 case CAIF_CTRLCMD_FLOW_OFF_IND:
636 spin_lock(&this->info_list_lock); 596 spin_lock(&this->info_list_lock);
637 if (this->first_req != NULL) { 597 if (!list_empty(&this->list)) {
638 pr_debug("CAIF: %s(): Received flow off in " 598 pr_debug("CAIF: %s(): Received flow off in "
639 "control layer", __func__); 599 "control layer", __func__);
640 } 600 }
diff --git a/net/caif/cfmuxl.c b/net/caif/cfmuxl.c
index 7372f27f1d32..80c8d332b258 100644
--- a/net/caif/cfmuxl.c
+++ b/net/caif/cfmuxl.c
@@ -174,10 +174,11 @@ struct cflayer *cfmuxl_remove_uplayer(struct cflayer *layr, u8 id)
174 spin_lock(&muxl->receive_lock); 174 spin_lock(&muxl->receive_lock);
175 up = get_up(muxl, id); 175 up = get_up(muxl, id);
176 if (up == NULL) 176 if (up == NULL)
177 return NULL; 177 goto out;
178 memset(muxl->up_cache, 0, sizeof(muxl->up_cache)); 178 memset(muxl->up_cache, 0, sizeof(muxl->up_cache));
179 list_del(&up->node); 179 list_del(&up->node);
180 cfsrvl_put(up); 180 cfsrvl_put(up);
181out:
181 spin_unlock(&muxl->receive_lock); 182 spin_unlock(&muxl->receive_lock);
182 return up; 183 return up;
183} 184}
diff --git a/net/caif/cfpkt_skbuff.c b/net/caif/cfpkt_skbuff.c
index 83fff2ff6658..a6fdf899741a 100644
--- a/net/caif/cfpkt_skbuff.c
+++ b/net/caif/cfpkt_skbuff.c
@@ -238,6 +238,7 @@ int cfpkt_add_head(struct cfpkt *pkt, const void *data2, u16 len)
238 struct sk_buff *lastskb; 238 struct sk_buff *lastskb;
239 u8 *to; 239 u8 *to;
240 const u8 *data = data2; 240 const u8 *data = data2;
241 int ret;
241 if (unlikely(is_erronous(pkt))) 242 if (unlikely(is_erronous(pkt)))
242 return -EPROTO; 243 return -EPROTO;
243 if (unlikely(skb_headroom(skb) < len)) { 244 if (unlikely(skb_headroom(skb) < len)) {
@@ -246,9 +247,10 @@ int cfpkt_add_head(struct cfpkt *pkt, const void *data2, u16 len)
246 } 247 }
247 248
248 /* Make sure data is writable */ 249 /* Make sure data is writable */
249 if (unlikely(skb_cow_data(skb, 0, &lastskb) < 0)) { 250 ret = skb_cow_data(skb, 0, &lastskb);
251 if (unlikely(ret < 0)) {
250 PKT_ERROR(pkt, "cfpkt_add_head: cow failed\n"); 252 PKT_ERROR(pkt, "cfpkt_add_head: cow failed\n");
251 return -EPROTO; 253 return ret;
252 } 254 }
253 255
254 to = skb_push(skb, len); 256 to = skb_push(skb, len);
@@ -316,6 +318,8 @@ EXPORT_SYMBOL(cfpkt_setlen);
316struct cfpkt *cfpkt_create_uplink(const unsigned char *data, unsigned int len) 318struct cfpkt *cfpkt_create_uplink(const unsigned char *data, unsigned int len)
317{ 319{
318 struct cfpkt *pkt = cfpkt_create_pfx(len + PKT_POSTFIX, PKT_PREFIX); 320 struct cfpkt *pkt = cfpkt_create_pfx(len + PKT_POSTFIX, PKT_PREFIX);
321 if (!pkt)
322 return NULL;
319 if (unlikely(data != NULL)) 323 if (unlikely(data != NULL))
320 cfpkt_add_body(pkt, data, len); 324 cfpkt_add_body(pkt, data, len);
321 return pkt; 325 return pkt;
@@ -344,12 +348,13 @@ struct cfpkt *cfpkt_append(struct cfpkt *dstpkt,
344 348
345 if (dst->tail + neededtailspace > dst->end) { 349 if (dst->tail + neededtailspace > dst->end) {
346 /* Create a dumplicate of 'dst' with more tail space */ 350 /* Create a dumplicate of 'dst' with more tail space */
351 struct cfpkt *tmppkt;
347 dstlen = skb_headlen(dst); 352 dstlen = skb_headlen(dst);
348 createlen = dstlen + neededtailspace; 353 createlen = dstlen + neededtailspace;
349 tmp = pkt_to_skb( 354 tmppkt = cfpkt_create(createlen + PKT_PREFIX + PKT_POSTFIX);
350 cfpkt_create(createlen + PKT_PREFIX + PKT_POSTFIX)); 355 if (tmppkt == NULL)
351 if (!tmp)
352 return NULL; 356 return NULL;
357 tmp = pkt_to_skb(tmppkt);
353 skb_set_tail_pointer(tmp, dstlen); 358 skb_set_tail_pointer(tmp, dstlen);
354 tmp->len = dstlen; 359 tmp->len = dstlen;
355 memcpy(tmp->data, dst->data, dstlen); 360 memcpy(tmp->data, dst->data, dstlen);
@@ -368,6 +373,7 @@ struct cfpkt *cfpkt_split(struct cfpkt *pkt, u16 pos)
368{ 373{
369 struct sk_buff *skb2; 374 struct sk_buff *skb2;
370 struct sk_buff *skb = pkt_to_skb(pkt); 375 struct sk_buff *skb = pkt_to_skb(pkt);
376 struct cfpkt *tmppkt;
371 u8 *split = skb->data + pos; 377 u8 *split = skb->data + pos;
372 u16 len2nd = skb_tail_pointer(skb) - split; 378 u16 len2nd = skb_tail_pointer(skb) - split;
373 379
@@ -381,9 +387,12 @@ struct cfpkt *cfpkt_split(struct cfpkt *pkt, u16 pos)
381 } 387 }
382 388
383 /* Create a new packet for the second part of the data */ 389 /* Create a new packet for the second part of the data */
384 skb2 = pkt_to_skb( 390 tmppkt = cfpkt_create_pfx(len2nd + PKT_PREFIX + PKT_POSTFIX,
385 cfpkt_create_pfx(len2nd + PKT_PREFIX + PKT_POSTFIX, 391 PKT_PREFIX);
386 PKT_PREFIX)); 392 if (tmppkt == NULL)
393 return NULL;
394 skb2 = pkt_to_skb(tmppkt);
395
387 396
388 if (skb2 == NULL) 397 if (skb2 == NULL)
389 return NULL; 398 return NULL;
diff --git a/net/caif/cfserl.c b/net/caif/cfserl.c
index 06029ea2da2f..cb4325a3dc83 100644
--- a/net/caif/cfserl.c
+++ b/net/caif/cfserl.c
@@ -67,6 +67,8 @@ static int cfserl_receive(struct cflayer *l, struct cfpkt *newpkt)
67 layr->incomplete_frm = 67 layr->incomplete_frm =
68 cfpkt_append(layr->incomplete_frm, newpkt, expectlen); 68 cfpkt_append(layr->incomplete_frm, newpkt, expectlen);
69 pkt = layr->incomplete_frm; 69 pkt = layr->incomplete_frm;
70 if (pkt == NULL)
71 return -ENOMEM;
70 } else { 72 } else {
71 pkt = newpkt; 73 pkt = newpkt;
72 } 74 }
@@ -154,7 +156,6 @@ static int cfserl_receive(struct cflayer *l, struct cfpkt *newpkt)
154 if (layr->usestx) { 156 if (layr->usestx) {
155 if (tail_pkt != NULL) 157 if (tail_pkt != NULL)
156 pkt = cfpkt_append(pkt, tail_pkt, 0); 158 pkt = cfpkt_append(pkt, tail_pkt, 0);
157
158 /* Start search for next STX if frame failed */ 159 /* Start search for next STX if frame failed */
159 continue; 160 continue;
160 } else { 161 } else {
diff --git a/net/caif/cfsrvl.c b/net/caif/cfsrvl.c
index aff31f34528f..6e5b7079a684 100644
--- a/net/caif/cfsrvl.c
+++ b/net/caif/cfsrvl.c
@@ -123,6 +123,12 @@ static int cfservl_modemcmd(struct cflayer *layr, enum caif_modemcmd ctrl)
123 struct caif_payload_info *info; 123 struct caif_payload_info *info;
124 u8 flow_off = SRVL_FLOW_OFF; 124 u8 flow_off = SRVL_FLOW_OFF;
125 pkt = cfpkt_create(SRVL_CTRL_PKT_SIZE); 125 pkt = cfpkt_create(SRVL_CTRL_PKT_SIZE);
126 if (!pkt) {
127 pr_warning("CAIF: %s(): Out of memory\n",
128 __func__);
129 return -ENOMEM;
130 }
131
126 if (cfpkt_add_head(pkt, &flow_off, 1) < 0) { 132 if (cfpkt_add_head(pkt, &flow_off, 1) < 0) {
127 pr_err("CAIF: %s(): Packet is erroneous!\n", 133 pr_err("CAIF: %s(): Packet is erroneous!\n",
128 __func__); 134 __func__);
diff --git a/net/core/dev.c b/net/core/dev.c
index d273e4e3ecdc..1845b08c624e 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -954,18 +954,22 @@ int dev_alloc_name(struct net_device *dev, const char *name)
954} 954}
955EXPORT_SYMBOL(dev_alloc_name); 955EXPORT_SYMBOL(dev_alloc_name);
956 956
957static int dev_get_valid_name(struct net *net, const char *name, char *buf, 957static int dev_get_valid_name(struct net_device *dev, const char *name, bool fmt)
958 bool fmt)
959{ 958{
959 struct net *net;
960
961 BUG_ON(!dev_net(dev));
962 net = dev_net(dev);
963
960 if (!dev_valid_name(name)) 964 if (!dev_valid_name(name))
961 return -EINVAL; 965 return -EINVAL;
962 966
963 if (fmt && strchr(name, '%')) 967 if (fmt && strchr(name, '%'))
964 return __dev_alloc_name(net, name, buf); 968 return dev_alloc_name(dev, name);
965 else if (__dev_get_by_name(net, name)) 969 else if (__dev_get_by_name(net, name))
966 return -EEXIST; 970 return -EEXIST;
967 else if (buf != name) 971 else if (dev->name != name)
968 strlcpy(buf, name, IFNAMSIZ); 972 strlcpy(dev->name, name, IFNAMSIZ);
969 973
970 return 0; 974 return 0;
971} 975}
@@ -997,7 +1001,7 @@ int dev_change_name(struct net_device *dev, const char *newname)
997 1001
998 memcpy(oldname, dev->name, IFNAMSIZ); 1002 memcpy(oldname, dev->name, IFNAMSIZ);
999 1003
1000 err = dev_get_valid_name(net, newname, dev->name, 1); 1004 err = dev_get_valid_name(dev, newname, 1);
1001 if (err < 0) 1005 if (err < 0)
1002 return err; 1006 return err;
1003 1007
@@ -2421,10 +2425,7 @@ static int enqueue_to_backlog(struct sk_buff *skb, int cpu,
2421 if (skb_queue_len(&sd->input_pkt_queue)) { 2425 if (skb_queue_len(&sd->input_pkt_queue)) {
2422enqueue: 2426enqueue:
2423 __skb_queue_tail(&sd->input_pkt_queue, skb); 2427 __skb_queue_tail(&sd->input_pkt_queue, skb);
2424#ifdef CONFIG_RPS 2428 input_queue_tail_incr_save(sd, qtail);
2425 *qtail = sd->input_queue_head +
2426 skb_queue_len(&sd->input_pkt_queue);
2427#endif
2428 rps_unlock(sd); 2429 rps_unlock(sd);
2429 local_irq_restore(flags); 2430 local_irq_restore(flags);
2430 return NET_RX_SUCCESS; 2431 return NET_RX_SUCCESS;
@@ -2959,7 +2960,7 @@ static void flush_backlog(void *arg)
2959 if (skb->dev == dev) { 2960 if (skb->dev == dev) {
2960 __skb_unlink(skb, &sd->input_pkt_queue); 2961 __skb_unlink(skb, &sd->input_pkt_queue);
2961 kfree_skb(skb); 2962 kfree_skb(skb);
2962 input_queue_head_add(sd, 1); 2963 input_queue_head_incr(sd);
2963 } 2964 }
2964 } 2965 }
2965 rps_unlock(sd); 2966 rps_unlock(sd);
@@ -2968,6 +2969,7 @@ static void flush_backlog(void *arg)
2968 if (skb->dev == dev) { 2969 if (skb->dev == dev) {
2969 __skb_unlink(skb, &sd->process_queue); 2970 __skb_unlink(skb, &sd->process_queue);
2970 kfree_skb(skb); 2971 kfree_skb(skb);
2972 input_queue_head_incr(sd);
2971 } 2973 }
2972 } 2974 }
2973} 2975}
@@ -3323,18 +3325,20 @@ static int process_backlog(struct napi_struct *napi, int quota)
3323 while ((skb = __skb_dequeue(&sd->process_queue))) { 3325 while ((skb = __skb_dequeue(&sd->process_queue))) {
3324 local_irq_enable(); 3326 local_irq_enable();
3325 __netif_receive_skb(skb); 3327 __netif_receive_skb(skb);
3326 if (++work >= quota)
3327 return work;
3328 local_irq_disable(); 3328 local_irq_disable();
3329 input_queue_head_incr(sd);
3330 if (++work >= quota) {
3331 local_irq_enable();
3332 return work;
3333 }
3329 } 3334 }
3330 3335
3331 rps_lock(sd); 3336 rps_lock(sd);
3332 qlen = skb_queue_len(&sd->input_pkt_queue); 3337 qlen = skb_queue_len(&sd->input_pkt_queue);
3333 if (qlen) { 3338 if (qlen)
3334 input_queue_head_add(sd, qlen);
3335 skb_queue_splice_tail_init(&sd->input_pkt_queue, 3339 skb_queue_splice_tail_init(&sd->input_pkt_queue,
3336 &sd->process_queue); 3340 &sd->process_queue);
3337 } 3341
3338 if (qlen < quota - work) { 3342 if (qlen < quota - work) {
3339 /* 3343 /*
3340 * Inline a custom version of __napi_complete(). 3344 * Inline a custom version of __napi_complete().
@@ -4960,7 +4964,7 @@ int register_netdevice(struct net_device *dev)
4960 } 4964 }
4961 } 4965 }
4962 4966
4963 ret = dev_get_valid_name(net, dev->name, dev->name, 0); 4967 ret = dev_get_valid_name(dev, dev->name, 0);
4964 if (ret) 4968 if (ret)
4965 goto err_uninit; 4969 goto err_uninit;
4966 4970
@@ -5558,7 +5562,7 @@ int dev_change_net_namespace(struct net_device *dev, struct net *net, const char
5558 /* We get here if we can't use the current device name */ 5562 /* We get here if we can't use the current device name */
5559 if (!pat) 5563 if (!pat)
5560 goto out; 5564 goto out;
5561 if (dev_get_valid_name(net, pat, dev->name, 1)) 5565 if (dev_get_valid_name(dev, pat, 1))
5562 goto out; 5566 goto out;
5563 } 5567 }
5564 5568
@@ -5661,12 +5665,14 @@ static int dev_cpu_callback(struct notifier_block *nfb,
5661 local_irq_enable(); 5665 local_irq_enable();
5662 5666
5663 /* Process offline CPU's input_pkt_queue */ 5667 /* Process offline CPU's input_pkt_queue */
5664 while ((skb = __skb_dequeue(&oldsd->input_pkt_queue))) { 5668 while ((skb = __skb_dequeue(&oldsd->process_queue))) {
5665 netif_rx(skb); 5669 netif_rx(skb);
5666 input_queue_head_add(oldsd, 1); 5670 input_queue_head_incr(oldsd);
5667 } 5671 }
5668 while ((skb = __skb_dequeue(&oldsd->process_queue))) 5672 while ((skb = __skb_dequeue(&oldsd->input_pkt_queue))) {
5669 netif_rx(skb); 5673 netif_rx(skb);
5674 input_queue_head_incr(oldsd);
5675 }
5670 5676
5671 return NOTIFY_OK; 5677 return NOTIFY_OK;
5672} 5678}
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index e4b9870e4706..7ab86f3a1ea4 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -1199,8 +1199,10 @@ static int do_setlink(struct net_device *dev, struct ifinfomsg *ifm,
1199 struct nlattr *attr; 1199 struct nlattr *attr;
1200 int rem; 1200 int rem;
1201 nla_for_each_nested(attr, tb[IFLA_VFINFO_LIST], rem) { 1201 nla_for_each_nested(attr, tb[IFLA_VFINFO_LIST], rem) {
1202 if (nla_type(attr) != IFLA_VF_INFO) 1202 if (nla_type(attr) != IFLA_VF_INFO) {
1203 err = -EINVAL;
1203 goto errout; 1204 goto errout;
1205 }
1204 err = do_setvfinfo(dev, attr); 1206 err = do_setvfinfo(dev, attr);
1205 if (err < 0) 1207 if (err < 0)
1206 goto errout; 1208 goto errout;
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 66d9c416851e..f8abf68e3988 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -2722,6 +2722,7 @@ int skb_gro_receive(struct sk_buff **head, struct sk_buff *skb)
2722 *NAPI_GRO_CB(nskb) = *NAPI_GRO_CB(p); 2722 *NAPI_GRO_CB(nskb) = *NAPI_GRO_CB(p);
2723 skb_shinfo(nskb)->frag_list = p; 2723 skb_shinfo(nskb)->frag_list = p;
2724 skb_shinfo(nskb)->gso_size = pinfo->gso_size; 2724 skb_shinfo(nskb)->gso_size = pinfo->gso_size;
2725 pinfo->gso_size = 0;
2725 skb_header_release(p); 2726 skb_header_release(p);
2726 nskb->prev = p; 2727 nskb->prev = p;
2727 2728
diff --git a/net/core/sock.c b/net/core/sock.c
index bf88a167c8f2..37fe9b6adade 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -123,6 +123,7 @@
123#include <linux/net_tstamp.h> 123#include <linux/net_tstamp.h>
124#include <net/xfrm.h> 124#include <net/xfrm.h>
125#include <linux/ipsec.h> 125#include <linux/ipsec.h>
126#include <net/cls_cgroup.h>
126 127
127#include <linux/filter.h> 128#include <linux/filter.h>
128 129
@@ -217,6 +218,11 @@ __u32 sysctl_rmem_default __read_mostly = SK_RMEM_MAX;
217int sysctl_optmem_max __read_mostly = sizeof(unsigned long)*(2*UIO_MAXIOV+512); 218int sysctl_optmem_max __read_mostly = sizeof(unsigned long)*(2*UIO_MAXIOV+512);
218EXPORT_SYMBOL(sysctl_optmem_max); 219EXPORT_SYMBOL(sysctl_optmem_max);
219 220
221#if defined(CONFIG_CGROUPS) && !defined(CONFIG_NET_CLS_CGROUP)
222int net_cls_subsys_id = -1;
223EXPORT_SYMBOL_GPL(net_cls_subsys_id);
224#endif
225
220static int sock_set_timeout(long *timeo_p, char __user *optval, int optlen) 226static int sock_set_timeout(long *timeo_p, char __user *optval, int optlen)
221{ 227{
222 struct timeval tv; 228 struct timeval tv;
@@ -1050,6 +1056,17 @@ static void sk_prot_free(struct proto *prot, struct sock *sk)
1050 module_put(owner); 1056 module_put(owner);
1051} 1057}
1052 1058
1059#ifdef CONFIG_CGROUPS
1060void sock_update_classid(struct sock *sk)
1061{
1062 u32 classid = task_cls_classid(current);
1063
1064 if (classid && classid != sk->sk_classid)
1065 sk->sk_classid = classid;
1066}
1067EXPORT_SYMBOL(sock_update_classid);
1068#endif
1069
1053/** 1070/**
1054 * sk_alloc - All socket objects are allocated here 1071 * sk_alloc - All socket objects are allocated here
1055 * @net: the applicable net namespace 1072 * @net: the applicable net namespace
@@ -1073,6 +1090,8 @@ struct sock *sk_alloc(struct net *net, int family, gfp_t priority,
1073 sock_lock_init(sk); 1090 sock_lock_init(sk);
1074 sock_net_set(sk, get_net(net)); 1091 sock_net_set(sk, get_net(net));
1075 atomic_set(&sk->sk_wmem_alloc, 1); 1092 atomic_set(&sk->sk_wmem_alloc, 1);
1093
1094 sock_update_classid(sk);
1076 } 1095 }
1077 1096
1078 return sk; 1097 return sk;
diff --git a/net/dccp/input.c b/net/dccp/input.c
index 58f7bc156850..6beb6a7d6fba 100644
--- a/net/dccp/input.c
+++ b/net/dccp/input.c
@@ -124,9 +124,9 @@ static int dccp_rcv_closereq(struct sock *sk, struct sk_buff *skb)
124 return queued; 124 return queued;
125} 125}
126 126
127static u8 dccp_reset_code_convert(const u8 code) 127static u16 dccp_reset_code_convert(const u8 code)
128{ 128{
129 const u8 error_code[] = { 129 const u16 error_code[] = {
130 [DCCP_RESET_CODE_CLOSED] = 0, /* normal termination */ 130 [DCCP_RESET_CODE_CLOSED] = 0, /* normal termination */
131 [DCCP_RESET_CODE_UNSPECIFIED] = 0, /* nothing known */ 131 [DCCP_RESET_CODE_UNSPECIFIED] = 0, /* nothing known */
132 [DCCP_RESET_CODE_ABORTED] = ECONNRESET, 132 [DCCP_RESET_CODE_ABORTED] = ECONNRESET,
@@ -148,7 +148,7 @@ static u8 dccp_reset_code_convert(const u8 code)
148 148
149static void dccp_rcv_reset(struct sock *sk, struct sk_buff *skb) 149static void dccp_rcv_reset(struct sock *sk, struct sk_buff *skb)
150{ 150{
151 u8 err = dccp_reset_code_convert(dccp_hdr_reset(skb)->dccph_reset_code); 151 u16 err = dccp_reset_code_convert(dccp_hdr_reset(skb)->dccph_reset_code);
152 152
153 sk->sk_err = err; 153 sk->sk_err = err;
154 154
diff --git a/net/ieee802154/wpan-class.c b/net/ieee802154/wpan-class.c
index 3d803a1b9fb6..1627ef2e8522 100644
--- a/net/ieee802154/wpan-class.c
+++ b/net/ieee802154/wpan-class.c
@@ -147,13 +147,15 @@ struct wpan_phy *wpan_phy_alloc(size_t priv_size)
147 struct wpan_phy *phy = kzalloc(sizeof(*phy) + priv_size, 147 struct wpan_phy *phy = kzalloc(sizeof(*phy) + priv_size,
148 GFP_KERNEL); 148 GFP_KERNEL);
149 149
150 if (!phy)
151 goto out;
150 mutex_lock(&wpan_phy_mutex); 152 mutex_lock(&wpan_phy_mutex);
151 phy->idx = wpan_phy_idx++; 153 phy->idx = wpan_phy_idx++;
152 if (unlikely(!wpan_phy_idx_valid(phy->idx))) { 154 if (unlikely(!wpan_phy_idx_valid(phy->idx))) {
153 wpan_phy_idx--; 155 wpan_phy_idx--;
154 mutex_unlock(&wpan_phy_mutex); 156 mutex_unlock(&wpan_phy_mutex);
155 kfree(phy); 157 kfree(phy);
156 return NULL; 158 goto out;
157 } 159 }
158 mutex_unlock(&wpan_phy_mutex); 160 mutex_unlock(&wpan_phy_mutex);
159 161
@@ -168,6 +170,9 @@ struct wpan_phy *wpan_phy_alloc(size_t priv_size)
168 phy->current_page = 0; /* for compatibility */ 170 phy->current_page = 0; /* for compatibility */
169 171
170 return phy; 172 return phy;
173
174out:
175 return NULL;
171} 176}
172EXPORT_SYMBOL(wpan_phy_alloc); 177EXPORT_SYMBOL(wpan_phy_alloc);
173 178
diff --git a/net/mac80211/sta_info.h b/net/mac80211/sta_info.h
index 48a5e80957f0..df9d45544ca5 100644
--- a/net/mac80211/sta_info.h
+++ b/net/mac80211/sta_info.h
@@ -145,7 +145,7 @@ enum plink_state {
145/** 145/**
146 * struct sta_ampdu_mlme - STA aggregation information. 146 * struct sta_ampdu_mlme - STA aggregation information.
147 * 147 *
148 * @tid_state_rx: TID's state in Rx session state machine. 148 * @tid_active_rx: TID's state in Rx session state machine.
149 * @tid_rx: aggregation info for Rx per TID 149 * @tid_rx: aggregation info for Rx per TID
150 * @tid_state_tx: TID's state in Tx session state machine. 150 * @tid_state_tx: TID's state in Tx session state machine.
151 * @tid_tx: aggregation info for Tx per TID 151 * @tid_tx: aggregation info for Tx per TID
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index b83c530c5e0a..eeeb8bc73982 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -424,6 +424,16 @@ __nf_conntrack_confirm(struct sk_buff *skb)
424 424
425 spin_lock_bh(&nf_conntrack_lock); 425 spin_lock_bh(&nf_conntrack_lock);
426 426
427 /* We have to check the DYING flag inside the lock to prevent
428 a race against nf_ct_get_next_corpse() possibly called from
429 user context, else we insert an already 'dead' hash, blocking
430 further use of that particular connection -JM */
431
432 if (unlikely(nf_ct_is_dying(ct))) {
433 spin_unlock_bh(&nf_conntrack_lock);
434 return NF_ACCEPT;
435 }
436
427 /* See if there's one in the list already, including reverse: 437 /* See if there's one in the list already, including reverse:
428 NAT could have grabbed it without realizing, since we're 438 NAT could have grabbed it without realizing, since we're
429 not in the hash. If there is, we lost race. */ 439 not in the hash. If there is, we lost race. */
diff --git a/net/netfilter/nf_conntrack_sip.c b/net/netfilter/nf_conntrack_sip.c
index b20f4275893c..53d892210a04 100644
--- a/net/netfilter/nf_conntrack_sip.c
+++ b/net/netfilter/nf_conntrack_sip.c
@@ -1393,10 +1393,8 @@ static int sip_help_tcp(struct sk_buff *skb, unsigned int protoff,
1393 1393
1394 nf_ct_refresh(ct, skb, sip_timeout * HZ); 1394 nf_ct_refresh(ct, skb, sip_timeout * HZ);
1395 1395
1396 if (skb_is_nonlinear(skb)) { 1396 if (unlikely(skb_linearize(skb)))
1397 pr_debug("Copy of skbuff not supported yet.\n"); 1397 return NF_DROP;
1398 return NF_ACCEPT;
1399 }
1400 1398
1401 dptr = skb->data + dataoff; 1399 dptr = skb->data + dataoff;
1402 datalen = skb->len - dataoff; 1400 datalen = skb->len - dataoff;
@@ -1455,10 +1453,8 @@ static int sip_help_udp(struct sk_buff *skb, unsigned int protoff,
1455 1453
1456 nf_ct_refresh(ct, skb, sip_timeout * HZ); 1454 nf_ct_refresh(ct, skb, sip_timeout * HZ);
1457 1455
1458 if (skb_is_nonlinear(skb)) { 1456 if (unlikely(skb_linearize(skb)))
1459 pr_debug("Copy of skbuff not supported yet.\n"); 1457 return NF_DROP;
1460 return NF_ACCEPT;
1461 }
1462 1458
1463 dptr = skb->data + dataoff; 1459 dptr = skb->data + dataoff;
1464 datalen = skb->len - dataoff; 1460 datalen = skb->len - dataoff;
diff --git a/net/phonet/pep.c b/net/phonet/pep.c
index af4d38bc3b22..7b048a35ca58 100644
--- a/net/phonet/pep.c
+++ b/net/phonet/pep.c
@@ -626,6 +626,7 @@ static void pep_sock_close(struct sock *sk, long timeout)
626 struct pep_sock *pn = pep_sk(sk); 626 struct pep_sock *pn = pep_sk(sk);
627 int ifindex = 0; 627 int ifindex = 0;
628 628
629 sock_hold(sk); /* keep a reference after sk_common_release() */
629 sk_common_release(sk); 630 sk_common_release(sk);
630 631
631 lock_sock(sk); 632 lock_sock(sk);
@@ -644,6 +645,7 @@ static void pep_sock_close(struct sock *sk, long timeout)
644 645
645 if (ifindex) 646 if (ifindex)
646 gprs_detach(sk); 647 gprs_detach(sk);
648 sock_put(sk);
647} 649}
648 650
649static int pep_wait_connreq(struct sock *sk, int noblock) 651static int pep_wait_connreq(struct sock *sk, int noblock)
diff --git a/net/sched/cls_cgroup.c b/net/sched/cls_cgroup.c
index 221180384fd7..78ef2c5e130b 100644
--- a/net/sched/cls_cgroup.c
+++ b/net/sched/cls_cgroup.c
@@ -16,14 +16,11 @@
16#include <linux/errno.h> 16#include <linux/errno.h>
17#include <linux/skbuff.h> 17#include <linux/skbuff.h>
18#include <linux/cgroup.h> 18#include <linux/cgroup.h>
19#include <linux/rcupdate.h>
19#include <net/rtnetlink.h> 20#include <net/rtnetlink.h>
20#include <net/pkt_cls.h> 21#include <net/pkt_cls.h>
21 22#include <net/sock.h>
22struct cgroup_cls_state 23#include <net/cls_cgroup.h>
23{
24 struct cgroup_subsys_state css;
25 u32 classid;
26};
27 24
28static struct cgroup_subsys_state *cgrp_create(struct cgroup_subsys *ss, 25static struct cgroup_subsys_state *cgrp_create(struct cgroup_subsys *ss,
29 struct cgroup *cgrp); 26 struct cgroup *cgrp);
@@ -112,6 +109,10 @@ static int cls_cgroup_classify(struct sk_buff *skb, struct tcf_proto *tp,
112 struct cls_cgroup_head *head = tp->root; 109 struct cls_cgroup_head *head = tp->root;
113 u32 classid; 110 u32 classid;
114 111
112 rcu_read_lock();
113 classid = task_cls_state(current)->classid;
114 rcu_read_unlock();
115
115 /* 116 /*
116 * Due to the nature of the classifier it is required to ignore all 117 * Due to the nature of the classifier it is required to ignore all
117 * packets originating from softirq context as accessing `current' 118 * packets originating from softirq context as accessing `current'
@@ -122,12 +123,12 @@ static int cls_cgroup_classify(struct sk_buff *skb, struct tcf_proto *tp,
122 * calls by looking at the number of nested bh disable calls because 123 * calls by looking at the number of nested bh disable calls because
123 * softirqs always disables bh. 124 * softirqs always disables bh.
124 */ 125 */
125 if (softirq_count() != SOFTIRQ_OFFSET) 126 if (softirq_count() != SOFTIRQ_OFFSET) {
126 return -1; 127 /* If there is an sk_classid we'll use that. */
127 128 if (!skb->sk)
128 rcu_read_lock(); 129 return -1;
129 classid = task_cls_state(current)->classid; 130 classid = skb->sk->sk_classid;
130 rcu_read_unlock(); 131 }
131 132
132 if (!classid) 133 if (!classid)
133 return -1; 134 return -1;
@@ -289,18 +290,35 @@ static struct tcf_proto_ops cls_cgroup_ops __read_mostly = {
289 290
290static int __init init_cgroup_cls(void) 291static int __init init_cgroup_cls(void)
291{ 292{
292 int ret = register_tcf_proto_ops(&cls_cgroup_ops); 293 int ret;
293 if (ret) 294
294 return ret;
295 ret = cgroup_load_subsys(&net_cls_subsys); 295 ret = cgroup_load_subsys(&net_cls_subsys);
296 if (ret) 296 if (ret)
297 unregister_tcf_proto_ops(&cls_cgroup_ops); 297 goto out;
298
299#ifndef CONFIG_NET_CLS_CGROUP
300 /* We can't use rcu_assign_pointer because this is an int. */
301 smp_wmb();
302 net_cls_subsys_id = net_cls_subsys.subsys_id;
303#endif
304
305 ret = register_tcf_proto_ops(&cls_cgroup_ops);
306 if (ret)
307 cgroup_unload_subsys(&net_cls_subsys);
308
309out:
298 return ret; 310 return ret;
299} 311}
300 312
301static void __exit exit_cgroup_cls(void) 313static void __exit exit_cgroup_cls(void)
302{ 314{
303 unregister_tcf_proto_ops(&cls_cgroup_ops); 315 unregister_tcf_proto_ops(&cls_cgroup_ops);
316
317#ifndef CONFIG_NET_CLS_CGROUP
318 net_cls_subsys_id = -1;
319 synchronize_rcu();
320#endif
321
304 cgroup_unload_subsys(&net_cls_subsys); 322 cgroup_unload_subsys(&net_cls_subsys);
305} 323}
306 324
diff --git a/net/sched/sch_api.c b/net/sched/sch_api.c
index fe35c1f338c2..b9e8c3b7d406 100644
--- a/net/sched/sch_api.c
+++ b/net/sched/sch_api.c
@@ -1195,6 +1195,11 @@ nla_put_failure:
1195 return -1; 1195 return -1;
1196} 1196}
1197 1197
1198static bool tc_qdisc_dump_ignore(struct Qdisc *q)
1199{
1200 return (q->flags & TCQ_F_BUILTIN) ? true : false;
1201}
1202
1198static int qdisc_notify(struct net *net, struct sk_buff *oskb, 1203static int qdisc_notify(struct net *net, struct sk_buff *oskb,
1199 struct nlmsghdr *n, u32 clid, 1204 struct nlmsghdr *n, u32 clid,
1200 struct Qdisc *old, struct Qdisc *new) 1205 struct Qdisc *old, struct Qdisc *new)
@@ -1206,11 +1211,11 @@ static int qdisc_notify(struct net *net, struct sk_buff *oskb,
1206 if (!skb) 1211 if (!skb)
1207 return -ENOBUFS; 1212 return -ENOBUFS;
1208 1213
1209 if (old && old->handle) { 1214 if (old && !tc_qdisc_dump_ignore(old)) {
1210 if (tc_fill_qdisc(skb, old, clid, pid, n->nlmsg_seq, 0, RTM_DELQDISC) < 0) 1215 if (tc_fill_qdisc(skb, old, clid, pid, n->nlmsg_seq, 0, RTM_DELQDISC) < 0)
1211 goto err_out; 1216 goto err_out;
1212 } 1217 }
1213 if (new) { 1218 if (new && !tc_qdisc_dump_ignore(new)) {
1214 if (tc_fill_qdisc(skb, new, clid, pid, n->nlmsg_seq, old ? NLM_F_REPLACE : 0, RTM_NEWQDISC) < 0) 1219 if (tc_fill_qdisc(skb, new, clid, pid, n->nlmsg_seq, old ? NLM_F_REPLACE : 0, RTM_NEWQDISC) < 0)
1215 goto err_out; 1220 goto err_out;
1216 } 1221 }
@@ -1223,11 +1228,6 @@ err_out:
1223 return -EINVAL; 1228 return -EINVAL;
1224} 1229}
1225 1230
1226static bool tc_qdisc_dump_ignore(struct Qdisc *q)
1227{
1228 return (q->flags & TCQ_F_BUILTIN) ? true : false;
1229}
1230
1231static int tc_dump_qdisc_root(struct Qdisc *root, struct sk_buff *skb, 1231static int tc_dump_qdisc_root(struct Qdisc *root, struct sk_buff *skb,
1232 struct netlink_callback *cb, 1232 struct netlink_callback *cb,
1233 int *q_idx_p, int s_q_idx) 1233 int *q_idx_p, int s_q_idx)
diff --git a/net/socket.c b/net/socket.c
index f9f7d0872cac..367d5477d00f 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -94,6 +94,7 @@
94 94
95#include <net/compat.h> 95#include <net/compat.h>
96#include <net/wext.h> 96#include <net/wext.h>
97#include <net/cls_cgroup.h>
97 98
98#include <net/sock.h> 99#include <net/sock.h>
99#include <linux/netfilter.h> 100#include <linux/netfilter.h>
@@ -558,6 +559,8 @@ static inline int __sock_sendmsg(struct kiocb *iocb, struct socket *sock,
558 struct sock_iocb *si = kiocb_to_siocb(iocb); 559 struct sock_iocb *si = kiocb_to_siocb(iocb);
559 int err; 560 int err;
560 561
562 sock_update_classid(sock->sk);
563
561 si->sock = sock; 564 si->sock = sock;
562 si->scm = NULL; 565 si->scm = NULL;
563 si->msg = msg; 566 si->msg = msg;
@@ -684,6 +687,8 @@ static inline int __sock_recvmsg_nosec(struct kiocb *iocb, struct socket *sock,
684{ 687{
685 struct sock_iocb *si = kiocb_to_siocb(iocb); 688 struct sock_iocb *si = kiocb_to_siocb(iocb);
686 689
690 sock_update_classid(sock->sk);
691
687 si->sock = sock; 692 si->sock = sock;
688 si->scm = NULL; 693 si->scm = NULL;
689 si->msg = msg; 694 si->msg = msg;
@@ -777,6 +782,8 @@ static ssize_t sock_splice_read(struct file *file, loff_t *ppos,
777 if (unlikely(!sock->ops->splice_read)) 782 if (unlikely(!sock->ops->splice_read))
778 return -EINVAL; 783 return -EINVAL;
779 784
785 sock_update_classid(sock->sk);
786
780 return sock->ops->splice_read(sock, ppos, pipe, len, flags); 787 return sock->ops->splice_read(sock, ppos, pipe, len, flags);
781} 788}
782 789
@@ -3069,6 +3076,8 @@ int kernel_setsockopt(struct socket *sock, int level, int optname,
3069int kernel_sendpage(struct socket *sock, struct page *page, int offset, 3076int kernel_sendpage(struct socket *sock, struct page *page, int offset,
3070 size_t size, int flags) 3077 size_t size, int flags)
3071{ 3078{
3079 sock_update_classid(sock->sk);
3080
3072 if (sock->ops->sendpage) 3081 if (sock->ops->sendpage)
3073 return sock->ops->sendpage(sock, page, offset, size, flags); 3082 return sock->ops->sendpage(sock, page, offset, size, flags);
3074 3083
diff --git a/net/wireless/chan.c b/net/wireless/chan.c
index d92d088026bf..b01a6f6397d7 100644
--- a/net/wireless/chan.c
+++ b/net/wireless/chan.c
@@ -50,7 +50,7 @@ int cfg80211_set_freq(struct cfg80211_registered_device *rdev,
50 struct ieee80211_channel *chan; 50 struct ieee80211_channel *chan;
51 int result; 51 int result;
52 52
53 if (wdev->iftype == NL80211_IFTYPE_MONITOR) 53 if (wdev && wdev->iftype == NL80211_IFTYPE_MONITOR)
54 wdev = NULL; 54 wdev = NULL;
55 55
56 if (wdev) { 56 if (wdev) {
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index aaa1aad566cd..db71150b8040 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -4443,9 +4443,10 @@ static int nl80211_remain_on_channel(struct sk_buff *skb,
4443 if (channel_type != NL80211_CHAN_NO_HT && 4443 if (channel_type != NL80211_CHAN_NO_HT &&
4444 channel_type != NL80211_CHAN_HT20 && 4444 channel_type != NL80211_CHAN_HT20 &&
4445 channel_type != NL80211_CHAN_HT40PLUS && 4445 channel_type != NL80211_CHAN_HT40PLUS &&
4446 channel_type != NL80211_CHAN_HT40MINUS) 4446 channel_type != NL80211_CHAN_HT40MINUS) {
4447 err = -EINVAL; 4447 err = -EINVAL;
4448 goto out; 4448 goto out;
4449 }
4449 } 4450 }
4450 4451
4451 freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]); 4452 freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
@@ -4717,9 +4718,10 @@ static int nl80211_action(struct sk_buff *skb, struct genl_info *info)
4717 if (channel_type != NL80211_CHAN_NO_HT && 4718 if (channel_type != NL80211_CHAN_NO_HT &&
4718 channel_type != NL80211_CHAN_HT20 && 4719 channel_type != NL80211_CHAN_HT20 &&
4719 channel_type != NL80211_CHAN_HT40PLUS && 4720 channel_type != NL80211_CHAN_HT40PLUS &&
4720 channel_type != NL80211_CHAN_HT40MINUS) 4721 channel_type != NL80211_CHAN_HT40MINUS) {
4721 err = -EINVAL; 4722 err = -EINVAL;
4722 goto out; 4723 goto out;
4724 }
4723 } 4725 }
4724 4726
4725 freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]); 4727 freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
diff --git a/net/wireless/scan.c b/net/wireless/scan.c
index a026c6d56bd3..58401d246bda 100644
--- a/net/wireless/scan.c
+++ b/net/wireless/scan.c
@@ -515,7 +515,7 @@ cfg80211_inform_bss(struct wiphy *wiphy,
515 515
516 privsz = wiphy->bss_priv_size; 516 privsz = wiphy->bss_priv_size;
517 517
518 if (WARN_ON(wiphy->signal_type == NL80211_BSS_SIGNAL_UNSPEC && 518 if (WARN_ON(wiphy->signal_type == CFG80211_SIGNAL_TYPE_UNSPEC &&
519 (signal < 0 || signal > 100))) 519 (signal < 0 || signal > 100)))
520 return NULL; 520 return NULL;
521 521
@@ -571,7 +571,7 @@ cfg80211_inform_bss_frame(struct wiphy *wiphy,
571 u.probe_resp.variable); 571 u.probe_resp.variable);
572 size_t privsz = wiphy->bss_priv_size; 572 size_t privsz = wiphy->bss_priv_size;
573 573
574 if (WARN_ON(wiphy->signal_type == NL80211_BSS_SIGNAL_UNSPEC && 574 if (WARN_ON(wiphy->signal_type == CFG80211_SIGNAL_TYPE_UNSPEC &&
575 (signal < 0 || signal > 100))) 575 (signal < 0 || signal > 100)))
576 return NULL; 576 return NULL;
577 577