aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorJaroslav Kysela <perex@suse.cz>2006-02-01 07:08:56 -0500
committerJaroslav Kysela <perex@suse.cz>2006-02-01 07:08:56 -0500
commit847b9d01474f710e7a018186917d05e59e258309 (patch)
treec0da8777ce350c4b048aa6ed2c41fdd109c42e92 /net
parentd1d051b28e9d3c3bed0bd15a2b49df3d04f7768f (diff)
parenta6df590dd8b7644c8e298e3b13442bcd6ceeb739 (diff)
Merge with rsync://rsync.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6.git
Diffstat (limited to 'net')
-rw-r--r--net/bridge/br_if.c21
-rw-r--r--net/bridge/br_private.h1
-rw-r--r--net/core/dev.c5
-rw-r--r--net/core/filter.c6
-rw-r--r--net/core/skbuff.c8
-rw-r--r--net/dccp/ipv4.c3
-rw-r--r--net/dccp/ipv6.c1
-rw-r--r--net/ieee80211/ieee80211_rx.c26
-rw-r--r--net/ieee80211/ieee80211_wx.c12
-rw-r--r--net/ipv4/igmp.c2
-rw-r--r--net/ipv4/tcp_htcp.c1
-rw-r--r--net/ipv4/tcp_ipv4.c3
-rw-r--r--net/ipv6/mcast.c56
-rw-r--r--net/ipv6/tcp_ipv6.c1
-rw-r--r--net/key/af_key.c2
-rw-r--r--net/packet/af_packet.c16
-rw-r--r--net/sctp/sm_statefuns.c8
-rw-r--r--net/sctp/socket.c2
18 files changed, 124 insertions, 50 deletions
diff --git a/net/bridge/br_if.c b/net/bridge/br_if.c
index ba442883e877..da687c8dc6ff 100644
--- a/net/bridge/br_if.c
+++ b/net/bridge/br_if.c
@@ -104,6 +104,7 @@ static void destroy_nbp(struct net_bridge_port *p)
104{ 104{
105 struct net_device *dev = p->dev; 105 struct net_device *dev = p->dev;
106 106
107 dev->br_port = NULL;
107 p->br = NULL; 108 p->br = NULL;
108 p->dev = NULL; 109 p->dev = NULL;
109 dev_put(dev); 110 dev_put(dev);
@@ -118,13 +119,24 @@ static void destroy_nbp_rcu(struct rcu_head *head)
118 destroy_nbp(p); 119 destroy_nbp(p);
119} 120}
120 121
121/* called with RTNL */ 122/* Delete port(interface) from bridge is done in two steps.
123 * via RCU. First step, marks device as down. That deletes
124 * all the timers and stops new packets from flowing through.
125 *
126 * Final cleanup doesn't occur until after all CPU's finished
127 * processing packets.
128 *
129 * Protected from multiple admin operations by RTNL mutex
130 */
122static void del_nbp(struct net_bridge_port *p) 131static void del_nbp(struct net_bridge_port *p)
123{ 132{
124 struct net_bridge *br = p->br; 133 struct net_bridge *br = p->br;
125 struct net_device *dev = p->dev; 134 struct net_device *dev = p->dev;
126 135
127 dev->br_port = NULL; 136 /* Race between RTNL notify and RCU callback */
137 if (p->deleted)
138 return;
139
128 dev_set_promiscuity(dev, -1); 140 dev_set_promiscuity(dev, -1);
129 141
130 cancel_delayed_work(&p->carrier_check); 142 cancel_delayed_work(&p->carrier_check);
@@ -132,16 +144,13 @@ static void del_nbp(struct net_bridge_port *p)
132 144
133 spin_lock_bh(&br->lock); 145 spin_lock_bh(&br->lock);
134 br_stp_disable_port(p); 146 br_stp_disable_port(p);
147 p->deleted = 1;
135 spin_unlock_bh(&br->lock); 148 spin_unlock_bh(&br->lock);
136 149
137 br_fdb_delete_by_port(br, p); 150 br_fdb_delete_by_port(br, p);
138 151
139 list_del_rcu(&p->list); 152 list_del_rcu(&p->list);
140 153
141 del_timer_sync(&p->message_age_timer);
142 del_timer_sync(&p->forward_delay_timer);
143 del_timer_sync(&p->hold_timer);
144
145 call_rcu(&p->rcu, destroy_nbp_rcu); 154 call_rcu(&p->rcu, destroy_nbp_rcu);
146} 155}
147 156
diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h
index c5bd631ffcd5..e330b17b6d81 100644
--- a/net/bridge/br_private.h
+++ b/net/bridge/br_private.h
@@ -68,6 +68,7 @@ struct net_bridge_port
68 /* STP */ 68 /* STP */
69 u8 priority; 69 u8 priority;
70 u8 state; 70 u8 state;
71 u8 deleted;
71 u16 port_no; 72 u16 port_no;
72 unsigned char topology_change_ack; 73 unsigned char topology_change_ack;
73 unsigned char config_pending; 74 unsigned char config_pending;
diff --git a/net/core/dev.c b/net/core/dev.c
index fd070a098f20..ffb82073056e 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -2543,13 +2543,14 @@ int dev_ioctl(unsigned int cmd, void __user *arg)
2543 case SIOCBONDENSLAVE: 2543 case SIOCBONDENSLAVE:
2544 case SIOCBONDRELEASE: 2544 case SIOCBONDRELEASE:
2545 case SIOCBONDSETHWADDR: 2545 case SIOCBONDSETHWADDR:
2546 case SIOCBONDSLAVEINFOQUERY:
2547 case SIOCBONDINFOQUERY:
2548 case SIOCBONDCHANGEACTIVE: 2546 case SIOCBONDCHANGEACTIVE:
2549 case SIOCBRADDIF: 2547 case SIOCBRADDIF:
2550 case SIOCBRDELIF: 2548 case SIOCBRDELIF:
2551 if (!capable(CAP_NET_ADMIN)) 2549 if (!capable(CAP_NET_ADMIN))
2552 return -EPERM; 2550 return -EPERM;
2551 /* fall through */
2552 case SIOCBONDSLAVEINFOQUERY:
2553 case SIOCBONDINFOQUERY:
2553 dev_load(ifr.ifr_name); 2554 dev_load(ifr.ifr_name);
2554 rtnl_lock(); 2555 rtnl_lock();
2555 ret = dev_ifsioc(&ifr, cmd); 2556 ret = dev_ifsioc(&ifr, cmd);
diff --git a/net/core/filter.c b/net/core/filter.c
index 9540946a48f3..93fbd01d2259 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -64,7 +64,7 @@ static inline void *load_pointer(struct sk_buff *skb, int k,
64} 64}
65 65
66/** 66/**
67 * sk_run_filter - run a filter on a socket 67 * sk_run_filter - run a filter on a socket
68 * @skb: buffer to run the filter on 68 * @skb: buffer to run the filter on
69 * @filter: filter to apply 69 * @filter: filter to apply
70 * @flen: length of filter 70 * @flen: length of filter
@@ -78,8 +78,8 @@ unsigned int sk_run_filter(struct sk_buff *skb, struct sock_filter *filter, int
78{ 78{
79 struct sock_filter *fentry; /* We walk down these */ 79 struct sock_filter *fentry; /* We walk down these */
80 void *ptr; 80 void *ptr;
81 u32 A = 0; /* Accumulator */ 81 u32 A = 0; /* Accumulator */
82 u32 X = 0; /* Index Register */ 82 u32 X = 0; /* Index Register */
83 u32 mem[BPF_MEMWORDS]; /* Scratch Memory Store */ 83 u32 mem[BPF_MEMWORDS]; /* Scratch Memory Store */
84 u32 tmp; 84 u32 tmp;
85 int k; 85 int k;
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index d0732e9c8560..6766f118f070 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -135,13 +135,15 @@ void skb_under_panic(struct sk_buff *skb, int sz, void *here)
135struct sk_buff *__alloc_skb(unsigned int size, gfp_t gfp_mask, 135struct sk_buff *__alloc_skb(unsigned int size, gfp_t gfp_mask,
136 int fclone) 136 int fclone)
137{ 137{
138 kmem_cache_t *cache;
138 struct skb_shared_info *shinfo; 139 struct skb_shared_info *shinfo;
139 struct sk_buff *skb; 140 struct sk_buff *skb;
140 u8 *data; 141 u8 *data;
141 142
143 cache = fclone ? skbuff_fclone_cache : skbuff_head_cache;
144
142 /* Get the HEAD */ 145 /* Get the HEAD */
143 skb = kmem_cache_alloc(fclone ? skbuff_fclone_cache : skbuff_head_cache, 146 skb = kmem_cache_alloc(cache, gfp_mask & ~__GFP_DMA);
144 gfp_mask & ~__GFP_DMA);
145 if (!skb) 147 if (!skb)
146 goto out; 148 goto out;
147 149
@@ -180,7 +182,7 @@ struct sk_buff *__alloc_skb(unsigned int size, gfp_t gfp_mask,
180out: 182out:
181 return skb; 183 return skb;
182nodata: 184nodata:
183 kmem_cache_free(skbuff_head_cache, skb); 185 kmem_cache_free(cache, skb);
184 skb = NULL; 186 skb = NULL;
185 goto out; 187 goto out;
186} 188}
diff --git a/net/dccp/ipv4.c b/net/dccp/ipv4.c
index 00f983226672..dc0487b5bace 100644
--- a/net/dccp/ipv4.c
+++ b/net/dccp/ipv4.c
@@ -119,7 +119,8 @@ int dccp_v4_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len)
119 if (err != 0) 119 if (err != 0)
120 goto failure; 120 goto failure;
121 121
122 err = ip_route_newports(&rt, inet->sport, inet->dport, sk); 122 err = ip_route_newports(&rt, IPPROTO_DCCP, inet->sport, inet->dport,
123 sk);
123 if (err != 0) 124 if (err != 0)
124 goto failure; 125 goto failure;
125 126
diff --git a/net/dccp/ipv6.c b/net/dccp/ipv6.c
index df074259f9c3..80c4d048869e 100644
--- a/net/dccp/ipv6.c
+++ b/net/dccp/ipv6.c
@@ -468,6 +468,7 @@ static int dccp_v6_send_response(struct sock *sk, struct request_sock *req,
468done: 468done:
469 if (opt && opt != np->opt) 469 if (opt && opt != np->opt)
470 sock_kfree_s(sk, opt, opt->tot_len); 470 sock_kfree_s(sk, opt, opt->tot_len);
471 dst_release(dst);
471 return err; 472 return err;
472} 473}
473 474
diff --git a/net/ieee80211/ieee80211_rx.c b/net/ieee80211/ieee80211_rx.c
index 7a121802faa9..960aa78cdb97 100644
--- a/net/ieee80211/ieee80211_rx.c
+++ b/net/ieee80211/ieee80211_rx.c
@@ -350,6 +350,7 @@ int ieee80211_rx(struct ieee80211_device *ieee, struct sk_buff *skb,
350 u8 src[ETH_ALEN]; 350 u8 src[ETH_ALEN];
351 struct ieee80211_crypt_data *crypt = NULL; 351 struct ieee80211_crypt_data *crypt = NULL;
352 int keyidx = 0; 352 int keyidx = 0;
353 int can_be_decrypted = 0;
353 354
354 hdr = (struct ieee80211_hdr_4addr *)skb->data; 355 hdr = (struct ieee80211_hdr_4addr *)skb->data;
355 stats = &ieee->stats; 356 stats = &ieee->stats;
@@ -410,12 +411,23 @@ int ieee80211_rx(struct ieee80211_device *ieee, struct sk_buff *skb,
410 return 1; 411 return 1;
411 } 412 }
412 413
413 if (is_multicast_ether_addr(hdr->addr1) 414 can_be_decrypted = (is_multicast_ether_addr(hdr->addr1) ||
414 ? ieee->host_mc_decrypt : ieee->host_decrypt) { 415 is_broadcast_ether_addr(hdr->addr2)) ?
416 ieee->host_mc_decrypt : ieee->host_decrypt;
417
418 if (can_be_decrypted) {
415 int idx = 0; 419 int idx = 0;
416 if (skb->len >= hdrlen + 3) 420 if (skb->len >= hdrlen + 3) {
421 /* Top two-bits of byte 3 are the key index */
417 idx = skb->data[hdrlen + 3] >> 6; 422 idx = skb->data[hdrlen + 3] >> 6;
423 }
424
425 /* ieee->crypt[] is WEP_KEY (4) in length. Given that idx
426 * is only allowed 2-bits of storage, no value of idx can
427 * be provided via above code that would result in idx
428 * being out of range */
418 crypt = ieee->crypt[idx]; 429 crypt = ieee->crypt[idx];
430
419#ifdef NOT_YET 431#ifdef NOT_YET
420 sta = NULL; 432 sta = NULL;
421 433
@@ -553,7 +565,7 @@ int ieee80211_rx(struct ieee80211_device *ieee, struct sk_buff *skb,
553 565
554 /* skb: hdr + (possibly fragmented, possibly encrypted) payload */ 566 /* skb: hdr + (possibly fragmented, possibly encrypted) payload */
555 567
556 if (ieee->host_decrypt && (fc & IEEE80211_FCTL_PROTECTED) && 568 if ((fc & IEEE80211_FCTL_PROTECTED) && can_be_decrypted &&
557 (keyidx = ieee80211_rx_frame_decrypt(ieee, skb, crypt)) < 0) 569 (keyidx = ieee80211_rx_frame_decrypt(ieee, skb, crypt)) < 0)
558 goto rx_dropped; 570 goto rx_dropped;
559 571
@@ -617,7 +629,7 @@ int ieee80211_rx(struct ieee80211_device *ieee, struct sk_buff *skb,
617 629
618 /* skb: hdr + (possible reassembled) full MSDU payload; possibly still 630 /* skb: hdr + (possible reassembled) full MSDU payload; possibly still
619 * encrypted/authenticated */ 631 * encrypted/authenticated */
620 if (ieee->host_decrypt && (fc & IEEE80211_FCTL_PROTECTED) && 632 if ((fc & IEEE80211_FCTL_PROTECTED) && can_be_decrypted &&
621 ieee80211_rx_frame_decrypt_msdu(ieee, skb, keyidx, crypt)) 633 ieee80211_rx_frame_decrypt_msdu(ieee, skb, keyidx, crypt))
622 goto rx_dropped; 634 goto rx_dropped;
623 635
@@ -1439,7 +1451,7 @@ void ieee80211_rx_mgt(struct ieee80211_device *ieee,
1439 break; 1451 break;
1440 1452
1441 case IEEE80211_STYPE_PROBE_REQ: 1453 case IEEE80211_STYPE_PROBE_REQ:
1442 IEEE80211_DEBUG_MGMT("recieved auth (%d)\n", 1454 IEEE80211_DEBUG_MGMT("received auth (%d)\n",
1443 WLAN_FC_GET_STYPE(le16_to_cpu 1455 WLAN_FC_GET_STYPE(le16_to_cpu
1444 (header->frame_ctl))); 1456 (header->frame_ctl)));
1445 1457
@@ -1473,7 +1485,7 @@ void ieee80211_rx_mgt(struct ieee80211_device *ieee,
1473 break; 1485 break;
1474 case IEEE80211_STYPE_AUTH: 1486 case IEEE80211_STYPE_AUTH:
1475 1487
1476 IEEE80211_DEBUG_MGMT("recieved auth (%d)\n", 1488 IEEE80211_DEBUG_MGMT("received auth (%d)\n",
1477 WLAN_FC_GET_STYPE(le16_to_cpu 1489 WLAN_FC_GET_STYPE(le16_to_cpu
1478 (header->frame_ctl))); 1490 (header->frame_ctl)));
1479 1491
diff --git a/net/ieee80211/ieee80211_wx.c b/net/ieee80211/ieee80211_wx.c
index 23e1630f50b7..f87c6b89f845 100644
--- a/net/ieee80211/ieee80211_wx.c
+++ b/net/ieee80211/ieee80211_wx.c
@@ -232,15 +232,18 @@ static char *ipw2100_translate_scan(struct ieee80211_device *ieee,
232 return start; 232 return start;
233} 233}
234 234
235#define SCAN_ITEM_SIZE 128
236
235int ieee80211_wx_get_scan(struct ieee80211_device *ieee, 237int ieee80211_wx_get_scan(struct ieee80211_device *ieee,
236 struct iw_request_info *info, 238 struct iw_request_info *info,
237 union iwreq_data *wrqu, char *extra) 239 union iwreq_data *wrqu, char *extra)
238{ 240{
239 struct ieee80211_network *network; 241 struct ieee80211_network *network;
240 unsigned long flags; 242 unsigned long flags;
243 int err = 0;
241 244
242 char *ev = extra; 245 char *ev = extra;
243 char *stop = ev + IW_SCAN_MAX_DATA; 246 char *stop = ev + wrqu->data.length;
244 int i = 0; 247 int i = 0;
245 248
246 IEEE80211_DEBUG_WX("Getting scan\n"); 249 IEEE80211_DEBUG_WX("Getting scan\n");
@@ -249,6 +252,11 @@ int ieee80211_wx_get_scan(struct ieee80211_device *ieee,
249 252
250 list_for_each_entry(network, &ieee->network_list, list) { 253 list_for_each_entry(network, &ieee->network_list, list) {
251 i++; 254 i++;
255 if (stop - ev < SCAN_ITEM_SIZE) {
256 err = -E2BIG;
257 break;
258 }
259
252 if (ieee->scan_age == 0 || 260 if (ieee->scan_age == 0 ||
253 time_after(network->last_scanned + ieee->scan_age, jiffies)) 261 time_after(network->last_scanned + ieee->scan_age, jiffies))
254 ev = ipw2100_translate_scan(ieee, ev, stop, network); 262 ev = ipw2100_translate_scan(ieee, ev, stop, network);
@@ -270,7 +278,7 @@ int ieee80211_wx_get_scan(struct ieee80211_device *ieee,
270 278
271 IEEE80211_DEBUG_WX("exit: %d networks returned.\n", i); 279 IEEE80211_DEBUG_WX("exit: %d networks returned.\n", i);
272 280
273 return 0; 281 return err;
274} 282}
275 283
276int ieee80211_wx_set_encode(struct ieee80211_device *ieee, 284int ieee80211_wx_set_encode(struct ieee80211_device *ieee,
diff --git a/net/ipv4/igmp.c b/net/ipv4/igmp.c
index d8ce7133cd8f..0b4e95f93dad 100644
--- a/net/ipv4/igmp.c
+++ b/net/ipv4/igmp.c
@@ -970,7 +970,7 @@ int igmp_rcv(struct sk_buff *skb)
970 case IGMP_MTRACE_RESP: 970 case IGMP_MTRACE_RESP:
971 break; 971 break;
972 default: 972 default:
973 NETDEBUG(KERN_DEBUG "New IGMP type=%d, why we do not know about it?\n", ih->type); 973 break;
974 } 974 }
975 975
976drop: 976drop:
diff --git a/net/ipv4/tcp_htcp.c b/net/ipv4/tcp_htcp.c
index 3284cfb993e6..128de4d7c0b7 100644
--- a/net/ipv4/tcp_htcp.c
+++ b/net/ipv4/tcp_htcp.c
@@ -230,7 +230,6 @@ static void htcp_cong_avoid(struct sock *sk, u32 ack, u32 rtt,
230 if (tp->snd_cwnd < tp->snd_cwnd_clamp) 230 if (tp->snd_cwnd < tp->snd_cwnd_clamp)
231 tp->snd_cwnd++; 231 tp->snd_cwnd++;
232 tp->snd_cwnd_cnt = 0; 232 tp->snd_cwnd_cnt = 0;
233 ca->ccount++;
234 } 233 }
235 } 234 }
236} 235}
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 6ea353907af5..233bdf259965 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -236,7 +236,7 @@ int tcp_v4_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len)
236 if (err) 236 if (err)
237 goto failure; 237 goto failure;
238 238
239 err = ip_route_newports(&rt, inet->sport, inet->dport, sk); 239 err = ip_route_newports(&rt, IPPROTO_TCP, inet->sport, inet->dport, sk);
240 if (err) 240 if (err)
241 goto failure; 241 goto failure;
242 242
@@ -1845,7 +1845,6 @@ void __init tcp_v4_init(struct net_proto_family *ops)
1845} 1845}
1846 1846
1847EXPORT_SYMBOL(ipv4_specific); 1847EXPORT_SYMBOL(ipv4_specific);
1848EXPORT_SYMBOL(inet_bind_bucket_create);
1849EXPORT_SYMBOL(tcp_hashinfo); 1848EXPORT_SYMBOL(tcp_hashinfo);
1850EXPORT_SYMBOL(tcp_prot); 1849EXPORT_SYMBOL(tcp_prot);
1851EXPORT_SYMBOL(tcp_unhash); 1850EXPORT_SYMBOL(tcp_unhash);
diff --git a/net/ipv6/mcast.c b/net/ipv6/mcast.c
index 6c05c7978bef..4420948a1bfe 100644
--- a/net/ipv6/mcast.c
+++ b/net/ipv6/mcast.c
@@ -1252,8 +1252,7 @@ int igmp6_event_query(struct sk_buff *skb)
1252 } 1252 }
1253 } else { 1253 } else {
1254 for (ma = idev->mc_list; ma; ma=ma->next) { 1254 for (ma = idev->mc_list; ma; ma=ma->next) {
1255 if (group_type != IPV6_ADDR_ANY && 1255 if (!ipv6_addr_equal(group, &ma->mca_addr))
1256 !ipv6_addr_equal(group, &ma->mca_addr))
1257 continue; 1256 continue;
1258 spin_lock_bh(&ma->mca_lock); 1257 spin_lock_bh(&ma->mca_lock);
1259 if (ma->mca_flags & MAF_TIMER_RUNNING) { 1258 if (ma->mca_flags & MAF_TIMER_RUNNING) {
@@ -1268,11 +1267,10 @@ int igmp6_event_query(struct sk_buff *skb)
1268 ma->mca_flags &= ~MAF_GSQUERY; 1267 ma->mca_flags &= ~MAF_GSQUERY;
1269 } 1268 }
1270 if (!(ma->mca_flags & MAF_GSQUERY) || 1269 if (!(ma->mca_flags & MAF_GSQUERY) ||
1271 mld_marksources(ma, ntohs(mlh2->nsrcs), mlh2->srcs)) 1270 mld_marksources(ma, ntohs(mlh2->nsrcs), mlh2->srcs))
1272 igmp6_group_queried(ma, max_delay); 1271 igmp6_group_queried(ma, max_delay);
1273 spin_unlock_bh(&ma->mca_lock); 1272 spin_unlock_bh(&ma->mca_lock);
1274 if (group_type != IPV6_ADDR_ANY) 1273 break;
1275 break;
1276 } 1274 }
1277 } 1275 }
1278 read_unlock_bh(&idev->lock); 1276 read_unlock_bh(&idev->lock);
@@ -1351,7 +1349,7 @@ static int is_in(struct ifmcaddr6 *pmc, struct ip6_sf_list *psf, int type,
1351 * in all filters 1349 * in all filters
1352 */ 1350 */
1353 if (psf->sf_count[MCAST_INCLUDE]) 1351 if (psf->sf_count[MCAST_INCLUDE])
1354 return 0; 1352 return type == MLD2_MODE_IS_INCLUDE;
1355 return pmc->mca_sfcount[MCAST_EXCLUDE] == 1353 return pmc->mca_sfcount[MCAST_EXCLUDE] ==
1356 psf->sf_count[MCAST_EXCLUDE]; 1354 psf->sf_count[MCAST_EXCLUDE];
1357 } 1355 }
@@ -1966,7 +1964,7 @@ static void sf_markstate(struct ifmcaddr6 *pmc)
1966 1964
1967static int sf_setstate(struct ifmcaddr6 *pmc) 1965static int sf_setstate(struct ifmcaddr6 *pmc)
1968{ 1966{
1969 struct ip6_sf_list *psf; 1967 struct ip6_sf_list *psf, *dpsf;
1970 int mca_xcount = pmc->mca_sfcount[MCAST_EXCLUDE]; 1968 int mca_xcount = pmc->mca_sfcount[MCAST_EXCLUDE];
1971 int qrv = pmc->idev->mc_qrv; 1969 int qrv = pmc->idev->mc_qrv;
1972 int new_in, rv; 1970 int new_in, rv;
@@ -1978,8 +1976,48 @@ static int sf_setstate(struct ifmcaddr6 *pmc)
1978 !psf->sf_count[MCAST_INCLUDE]; 1976 !psf->sf_count[MCAST_INCLUDE];
1979 } else 1977 } else
1980 new_in = psf->sf_count[MCAST_INCLUDE] != 0; 1978 new_in = psf->sf_count[MCAST_INCLUDE] != 0;
1981 if (new_in != psf->sf_oldin) { 1979 if (new_in) {
1982 psf->sf_crcount = qrv; 1980 if (!psf->sf_oldin) {
1981 struct ip6_sf_list *prev = 0;
1982
1983 for (dpsf=pmc->mca_tomb; dpsf;
1984 dpsf=dpsf->sf_next) {
1985 if (ipv6_addr_equal(&dpsf->sf_addr,
1986 &psf->sf_addr))
1987 break;
1988 prev = dpsf;
1989 }
1990 if (dpsf) {
1991 if (prev)
1992 prev->sf_next = dpsf->sf_next;
1993 else
1994 pmc->mca_tomb = dpsf->sf_next;
1995 kfree(dpsf);
1996 }
1997 psf->sf_crcount = qrv;
1998 rv++;
1999 }
2000 } else if (psf->sf_oldin) {
2001 psf->sf_crcount = 0;
2002 /*
2003 * add or update "delete" records if an active filter
2004 * is now inactive
2005 */
2006 for (dpsf=pmc->mca_tomb; dpsf; dpsf=dpsf->sf_next)
2007 if (ipv6_addr_equal(&dpsf->sf_addr,
2008 &psf->sf_addr))
2009 break;
2010 if (!dpsf) {
2011 dpsf = (struct ip6_sf_list *)
2012 kmalloc(sizeof(*dpsf), GFP_ATOMIC);
2013 if (!dpsf)
2014 continue;
2015 *dpsf = *psf;
2016 /* pmc->mca_lock held by callers */
2017 dpsf->sf_next = pmc->mca_tomb;
2018 pmc->mca_tomb = dpsf;
2019 }
2020 dpsf->sf_crcount = qrv;
1983 rv++; 2021 rv++;
1984 } 2022 }
1985 } 2023 }
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index 66d04004afda..ca9cf6853755 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -515,6 +515,7 @@ static int tcp_v6_send_synack(struct sock *sk, struct request_sock *req,
515done: 515done:
516 if (opt && opt != np->opt) 516 if (opt && opt != np->opt)
517 sock_kfree_s(sk, opt, opt->tot_len); 517 sock_kfree_s(sk, opt, opt->tot_len);
518 dst_release(dst);
518 return err; 519 return err;
519} 520}
520 521
diff --git a/net/key/af_key.c b/net/key/af_key.c
index 43f1ce74187d..ae86d237a456 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -1620,6 +1620,7 @@ static int key_notify_sa_flush(struct km_event *c)
1620 return -ENOBUFS; 1620 return -ENOBUFS;
1621 hdr = (struct sadb_msg *) skb_put(skb, sizeof(struct sadb_msg)); 1621 hdr = (struct sadb_msg *) skb_put(skb, sizeof(struct sadb_msg));
1622 hdr->sadb_msg_satype = pfkey_proto2satype(c->data.proto); 1622 hdr->sadb_msg_satype = pfkey_proto2satype(c->data.proto);
1623 hdr->sadb_msg_type = SADB_FLUSH;
1623 hdr->sadb_msg_seq = c->seq; 1624 hdr->sadb_msg_seq = c->seq;
1624 hdr->sadb_msg_pid = c->pid; 1625 hdr->sadb_msg_pid = c->pid;
1625 hdr->sadb_msg_version = PF_KEY_V2; 1626 hdr->sadb_msg_version = PF_KEY_V2;
@@ -2385,6 +2386,7 @@ static int key_notify_policy_flush(struct km_event *c)
2385 if (!skb_out) 2386 if (!skb_out)
2386 return -ENOBUFS; 2387 return -ENOBUFS;
2387 hdr = (struct sadb_msg *) skb_put(skb_out, sizeof(struct sadb_msg)); 2388 hdr = (struct sadb_msg *) skb_put(skb_out, sizeof(struct sadb_msg));
2389 hdr->sadb_msg_type = SADB_X_SPDFLUSH;
2388 hdr->sadb_msg_seq = c->seq; 2390 hdr->sadb_msg_seq = c->seq;
2389 hdr->sadb_msg_pid = c->pid; 2391 hdr->sadb_msg_pid = c->pid;
2390 hdr->sadb_msg_version = PF_KEY_V2; 2392 hdr->sadb_msg_version = PF_KEY_V2;
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
index ee93abc71cb8..9db7dbdb16e6 100644
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -365,7 +365,7 @@ static int packet_sendmsg_spkt(struct kiocb *iocb, struct socket *sock,
365 */ 365 */
366 366
367 err = -EMSGSIZE; 367 err = -EMSGSIZE;
368 if(len>dev->mtu+dev->hard_header_len) 368 if (len > dev->mtu + dev->hard_header_len)
369 goto out_unlock; 369 goto out_unlock;
370 370
371 err = -ENOBUFS; 371 err = -ENOBUFS;
@@ -935,7 +935,7 @@ static int packet_bind_spkt(struct socket *sock, struct sockaddr *uaddr, int add
935 * Check legality 935 * Check legality
936 */ 936 */
937 937
938 if(addr_len!=sizeof(struct sockaddr)) 938 if (addr_len != sizeof(struct sockaddr))
939 return -EINVAL; 939 return -EINVAL;
940 strlcpy(name,uaddr->sa_data,sizeof(name)); 940 strlcpy(name,uaddr->sa_data,sizeof(name));
941 941
@@ -1092,7 +1092,7 @@ static int packet_recvmsg(struct kiocb *iocb, struct socket *sock,
1092 * retries. 1092 * retries.
1093 */ 1093 */
1094 1094
1095 if(skb==NULL) 1095 if (skb == NULL)
1096 goto out; 1096 goto out;
1097 1097
1098 /* 1098 /*
@@ -1392,8 +1392,8 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
1392 if (level != SOL_PACKET) 1392 if (level != SOL_PACKET)
1393 return -ENOPROTOOPT; 1393 return -ENOPROTOOPT;
1394 1394
1395 if (get_user(len,optlen)) 1395 if (get_user(len, optlen))
1396 return -EFAULT; 1396 return -EFAULT;
1397 1397
1398 if (len < 0) 1398 if (len < 0)
1399 return -EINVAL; 1399 return -EINVAL;
@@ -1419,9 +1419,9 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
1419 return -ENOPROTOOPT; 1419 return -ENOPROTOOPT;
1420 } 1420 }
1421 1421
1422 if (put_user(len, optlen)) 1422 if (put_user(len, optlen))
1423 return -EFAULT; 1423 return -EFAULT;
1424 return 0; 1424 return 0;
1425} 1425}
1426 1426
1427 1427
diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
index 71c9a961c321..2b9a832b29a7 100644
--- a/net/sctp/sm_statefuns.c
+++ b/net/sctp/sm_statefuns.c
@@ -884,7 +884,7 @@ sctp_disposition_t sctp_sf_sendbeat_8_3(const struct sctp_endpoint *ep,
884{ 884{
885 struct sctp_transport *transport = (struct sctp_transport *) arg; 885 struct sctp_transport *transport = (struct sctp_transport *) arg;
886 886
887 if (asoc->overall_error_count > asoc->max_retrans) { 887 if (asoc->overall_error_count >= asoc->max_retrans) {
888 /* CMD_ASSOC_FAILED calls CMD_DELETE_TCB. */ 888 /* CMD_ASSOC_FAILED calls CMD_DELETE_TCB. */
889 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED, 889 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
890 SCTP_U32(SCTP_ERROR_NO_ERROR)); 890 SCTP_U32(SCTP_ERROR_NO_ERROR));
@@ -2122,7 +2122,7 @@ static sctp_disposition_t sctp_sf_do_5_2_6_stale(const struct sctp_endpoint *ep,
2122 struct sctp_bind_addr *bp; 2122 struct sctp_bind_addr *bp;
2123 int attempts = asoc->init_err_counter + 1; 2123 int attempts = asoc->init_err_counter + 1;
2124 2124
2125 if (attempts >= asoc->max_init_attempts) { 2125 if (attempts > asoc->max_init_attempts) {
2126 sctp_add_cmd_sf(commands, SCTP_CMD_INIT_FAILED, 2126 sctp_add_cmd_sf(commands, SCTP_CMD_INIT_FAILED,
2127 SCTP_U32(SCTP_ERROR_STALE_COOKIE)); 2127 SCTP_U32(SCTP_ERROR_STALE_COOKIE));
2128 return SCTP_DISPOSITION_DELETE_TCB; 2128 return SCTP_DISPOSITION_DELETE_TCB;
@@ -4640,7 +4640,7 @@ sctp_disposition_t sctp_sf_t1_init_timer_expire(const struct sctp_endpoint *ep,
4640 4640
4641 SCTP_DEBUG_PRINTK("Timer T1 expired (INIT).\n"); 4641 SCTP_DEBUG_PRINTK("Timer T1 expired (INIT).\n");
4642 4642
4643 if (attempts < asoc->max_init_attempts) { 4643 if (attempts <= asoc->max_init_attempts) {
4644 bp = (struct sctp_bind_addr *) &asoc->base.bind_addr; 4644 bp = (struct sctp_bind_addr *) &asoc->base.bind_addr;
4645 repl = sctp_make_init(asoc, bp, GFP_ATOMIC, 0); 4645 repl = sctp_make_init(asoc, bp, GFP_ATOMIC, 0);
4646 if (!repl) 4646 if (!repl)
@@ -4697,7 +4697,7 @@ sctp_disposition_t sctp_sf_t1_cookie_timer_expire(const struct sctp_endpoint *ep
4697 4697
4698 SCTP_DEBUG_PRINTK("Timer T1 expired (COOKIE-ECHO).\n"); 4698 SCTP_DEBUG_PRINTK("Timer T1 expired (COOKIE-ECHO).\n");
4699 4699
4700 if (attempts < asoc->max_init_attempts) { 4700 if (attempts <= asoc->max_init_attempts) {
4701 repl = sctp_make_cookie_echo(asoc, NULL); 4701 repl = sctp_make_cookie_echo(asoc, NULL);
4702 if (!repl) 4702 if (!repl)
4703 return SCTP_DISPOSITION_NOMEM; 4703 return SCTP_DISPOSITION_NOMEM;
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index fb1821d9f338..0ea947eb6813 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -5426,7 +5426,7 @@ out:
5426 return err; 5426 return err;
5427 5427
5428do_error: 5428do_error:
5429 if (asoc->init_err_counter + 1 >= asoc->max_init_attempts) 5429 if (asoc->init_err_counter + 1 > asoc->max_init_attempts)
5430 err = -ETIMEDOUT; 5430 err = -ETIMEDOUT;
5431 else 5431 else
5432 err = -ECONNREFUSED; 5432 err = -ECONNREFUSED;
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-16 03:26:09 -0500