aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorTejun Heo <tj@kernel.org>2009-07-03 18:13:18 -0400
committerTejun Heo <tj@kernel.org>2009-07-03 18:13:18 -0400
commitc43768cbb7655ea5ff782ae250f6e2ef4297cf98 (patch)
tree3982e41dde3eecaa3739a5d1a8ed18d04bd74f01 /net
parent1a8dd307cc0a2119be4e578c517795464e6dabba (diff)
parent746a99a5af60ee676afa2ba469ccd1373493c7e7 (diff)
Merge branch 'master' into for-next
Pull linus#master to merge PER_CPU_DEF_ATTRIBUTES and alpha build fix changes. As alpha in percpu tree uses 'weak' attribute instead of inline assembly, there's no need for __used attribute. Conflicts: arch/alpha/include/asm/percpu.h arch/mn10300/kernel/vmlinux.lds.S include/linux/percpu-defs.h
Diffstat (limited to 'net')
-rw-r--r--net/ax25/ax25_in.c3
-rw-r--r--net/bridge/br.c2
-rw-r--r--net/core/dev.c10
-rw-r--r--net/dccp/ipv6.c2
-rw-r--r--net/decnet/af_decnet.c2
-rw-r--r--net/ieee802154/af_ieee802154.c12
-rw-r--r--net/ieee802154/netlink.c6
-rw-r--r--net/ipv4/arp.c7
-rw-r--r--net/ipv4/fib_trie.c3
-rw-r--r--net/ipv4/ip_input.c3
-rw-r--r--net/ipv4/netfilter/nf_nat_helper.c17
-rw-r--r--net/ipv4/route.c36
-rw-r--r--net/ipv4/tcp.c15
-rw-r--r--net/ipv4/tcp_minisocks.c3
-rw-r--r--net/ipv4/tcp_output.c3
-rw-r--r--net/ipv6/addrconf.c5
-rw-r--r--net/ipv6/af_inet6.c2
-rw-r--r--net/ipv6/ah6.c2
-rw-r--r--net/ipv6/esp6.c2
-rw-r--r--net/ipv6/icmp.c12
-rw-r--r--net/ipv6/ip6_input.c3
-rw-r--r--net/ipv6/ip6_tunnel.c18
-rw-r--r--net/ipv6/ipcomp6.c2
-rw-r--r--net/ipv6/mip6.c2
-rw-r--r--net/ipv6/raw.c4
-rw-r--r--net/ipv6/route.c2
-rw-r--r--net/ipv6/tcp_ipv6.c2
-rw-r--r--net/ipv6/tunnel6.c2
-rw-r--r--net/ipv6/udp.c6
-rw-r--r--net/ipv6/udp_impl.h2
-rw-r--r--net/ipv6/udplite.c2
-rw-r--r--net/ipv6/xfrm6_tunnel.c2
-rw-r--r--net/irda/af_irda.c3
-rw-r--r--net/irda/ircomm/ircomm_lmp.c1
-rw-r--r--net/iucv/af_iucv.c297
-rw-r--r--net/mac80211/mesh.c2
-rw-r--r--net/netfilter/nf_conntrack_core.c25
-rw-r--r--net/netfilter/nf_conntrack_expect.c4
-rw-r--r--net/netfilter/nf_conntrack_extend.c2
-rw-r--r--net/netfilter/nf_conntrack_proto_tcp.c6
-rw-r--r--net/netfilter/nf_log.c16
-rw-r--r--net/netfilter/xt_NFQUEUE.c8
-rw-r--r--net/netfilter/xt_cluster.c8
-rw-r--r--net/netfilter/xt_conntrack.c66
-rw-r--r--net/netfilter/xt_quota.c1
-rw-r--r--net/netfilter/xt_rateest.c2
-rw-r--r--net/phonet/pn_dev.c52
-rw-r--r--net/phonet/pn_netlink.c4
-rw-r--r--net/rfkill/core.c56
-rw-r--r--net/sctp/ipv6.c2
-rw-r--r--net/sctp/output.c2
-rw-r--r--net/sunrpc/Makefile1
-rw-r--r--net/sunrpc/backchannel_rqst.c281
-rw-r--r--net/sunrpc/bc_svc.c81
-rw-r--r--net/sunrpc/cache.c2
-rw-r--r--net/sunrpc/clnt.c143
-rw-r--r--net/sunrpc/sched.c2
-rw-r--r--net/sunrpc/stats.c8
-rw-r--r--net/sunrpc/sunrpc.h37
-rw-r--r--net/sunrpc/sunrpc_syms.c1
-rw-r--r--net/sunrpc/svc.c134
-rw-r--r--net/sunrpc/svc_xprt.c57
-rw-r--r--net/sunrpc/svcsock.c161
-rw-r--r--net/sunrpc/xprt.c60
-rw-r--r--net/sunrpc/xprtrdma/svc_rdma_recvfrom.c8
-rw-r--r--net/sunrpc/xprtsock.c217
-rw-r--r--net/wireless/nl80211.c95
-rw-r--r--net/xfrm/xfrm_algo.c4
-rw-r--r--net/xfrm/xfrm_state.c57
69 files changed, 1634 insertions, 466 deletions
diff --git a/net/ax25/ax25_in.c b/net/ax25/ax25_in.c
index 5f1d2107a1dd..de56d3983de0 100644
--- a/net/ax25/ax25_in.c
+++ b/net/ax25/ax25_in.c
@@ -437,8 +437,7 @@ free:
437int ax25_kiss_rcv(struct sk_buff *skb, struct net_device *dev, 437int ax25_kiss_rcv(struct sk_buff *skb, struct net_device *dev,
438 struct packet_type *ptype, struct net_device *orig_dev) 438 struct packet_type *ptype, struct net_device *orig_dev)
439{ 439{
440 skb->sk = NULL; /* Initially we don't know who it's for */ 440 skb_orphan(skb);
441 skb->destructor = NULL; /* Who initializes this, dammit?! */
442 441
443 if (!net_eq(dev_net(dev), &init_net)) { 442 if (!net_eq(dev_net(dev), &init_net)) {
444 kfree_skb(skb); 443 kfree_skb(skb);
diff --git a/net/bridge/br.c b/net/bridge/br.c
index 9aac5213105a..e1241c76239a 100644
--- a/net/bridge/br.c
+++ b/net/bridge/br.c
@@ -93,7 +93,7 @@ static void __exit br_deinit(void)
93 93
94 unregister_pernet_subsys(&br_net_ops); 94 unregister_pernet_subsys(&br_net_ops);
95 95
96 synchronize_net(); 96 rcu_barrier(); /* Wait for completion of call_rcu()'s */
97 97
98 br_netfilter_fini(); 98 br_netfilter_fini();
99#if defined(CONFIG_ATM_LANE) || defined(CONFIG_ATM_LANE_MODULE) 99#if defined(CONFIG_ATM_LANE) || defined(CONFIG_ATM_LANE_MODULE)
diff --git a/net/core/dev.c b/net/core/dev.c
index baf2dc13a34a..70c27e0c7c32 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -2310,8 +2310,6 @@ ncls:
2310 if (!skb) 2310 if (!skb)
2311 goto out; 2311 goto out;
2312 2312
2313 skb_orphan(skb);
2314
2315 type = skb->protocol; 2313 type = skb->protocol;
2316 list_for_each_entry_rcu(ptype, 2314 list_for_each_entry_rcu(ptype,
2317 &ptype_base[ntohs(type) & PTYPE_HASH_MASK], list) { 2315 &ptype_base[ntohs(type) & PTYPE_HASH_MASK], list) {
@@ -2825,9 +2823,11 @@ static void net_rx_action(struct softirq_action *h)
2825 * move the instance around on the list at-will. 2823 * move the instance around on the list at-will.
2826 */ 2824 */
2827 if (unlikely(work == weight)) { 2825 if (unlikely(work == weight)) {
2828 if (unlikely(napi_disable_pending(n))) 2826 if (unlikely(napi_disable_pending(n))) {
2829 __napi_complete(n); 2827 local_irq_enable();
2830 else 2828 napi_complete(n);
2829 local_irq_disable();
2830 } else
2831 list_move_tail(&n->poll_list, list); 2831 list_move_tail(&n->poll_list, list);
2832 } 2832 }
2833 2833
diff --git a/net/dccp/ipv6.c b/net/dccp/ipv6.c
index 05ea7440d9e5..3e70faab2989 100644
--- a/net/dccp/ipv6.c
+++ b/net/dccp/ipv6.c
@@ -85,7 +85,7 @@ static inline __u32 dccp_v6_init_sequence(struct sk_buff *skb)
85} 85}
86 86
87static void dccp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, 87static void dccp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
88 int type, int code, int offset, __be32 info) 88 u8 type, u8 code, int offset, __be32 info)
89{ 89{
90 struct ipv6hdr *hdr = (struct ipv6hdr *)skb->data; 90 struct ipv6hdr *hdr = (struct ipv6hdr *)skb->data;
91 const struct dccp_hdr *dh = (struct dccp_hdr *)(skb->data + offset); 91 const struct dccp_hdr *dh = (struct dccp_hdr *)(skb->data + offset);
diff --git a/net/decnet/af_decnet.c b/net/decnet/af_decnet.c
index d351b8db0df5..77d40289653c 100644
--- a/net/decnet/af_decnet.c
+++ b/net/decnet/af_decnet.c
@@ -2413,6 +2413,8 @@ static void __exit decnet_exit(void)
2413 proc_net_remove(&init_net, "decnet"); 2413 proc_net_remove(&init_net, "decnet");
2414 2414
2415 proto_unregister(&dn_proto); 2415 proto_unregister(&dn_proto);
2416
2417 rcu_barrier_bh(); /* Wait for completion of call_rcu_bh()'s */
2416} 2418}
2417module_exit(decnet_exit); 2419module_exit(decnet_exit);
2418#endif 2420#endif
diff --git a/net/ieee802154/af_ieee802154.c b/net/ieee802154/af_ieee802154.c
index 882a927cefae..3bb6bdb1dac1 100644
--- a/net/ieee802154/af_ieee802154.c
+++ b/net/ieee802154/af_ieee802154.c
@@ -39,14 +39,6 @@
39 39
40#include "af802154.h" 40#include "af802154.h"
41 41
42#define DBG_DUMP(data, len) { \
43 int i; \
44 pr_debug("function: %s: data: len %d:\n", __func__, len); \
45 for (i = 0; i < len; i++) {\
46 pr_debug("%02x: %02x\n", i, (data)[i]); \
47 } \
48}
49
50/* 42/*
51 * Utility function for families 43 * Utility function for families
52 */ 44 */
@@ -302,10 +294,12 @@ static struct net_proto_family ieee802154_family_ops = {
302static int ieee802154_rcv(struct sk_buff *skb, struct net_device *dev, 294static int ieee802154_rcv(struct sk_buff *skb, struct net_device *dev,
303 struct packet_type *pt, struct net_device *orig_dev) 295 struct packet_type *pt, struct net_device *orig_dev)
304{ 296{
305 DBG_DUMP(skb->data, skb->len);
306 if (!netif_running(dev)) 297 if (!netif_running(dev))
307 return -ENODEV; 298 return -ENODEV;
308 pr_debug("got frame, type %d, dev %p\n", dev->type, dev); 299 pr_debug("got frame, type %d, dev %p\n", dev->type, dev);
300#ifdef DEBUG
301 print_hex_dump_bytes("ieee802154_rcv ", DUMP_PREFIX_NONE, skb->data, skb->len);
302#endif
309 303
310 if (!net_eq(dev_net(dev), &init_net)) 304 if (!net_eq(dev_net(dev), &init_net))
311 goto drop; 305 goto drop;
diff --git a/net/ieee802154/netlink.c b/net/ieee802154/netlink.c
index 105ad10876af..27eda9fdf3c2 100644
--- a/net/ieee802154/netlink.c
+++ b/net/ieee802154/netlink.c
@@ -276,6 +276,9 @@ static struct net_device *ieee802154_nl_get_dev(struct genl_info *info)
276 else 276 else
277 return NULL; 277 return NULL;
278 278
279 if (!dev)
280 return NULL;
281
279 if (dev->type != ARPHRD_IEEE802154) { 282 if (dev->type != ARPHRD_IEEE802154) {
280 dev_put(dev); 283 dev_put(dev);
281 return NULL; 284 return NULL;
@@ -521,3 +524,6 @@ static void __exit ieee802154_nl_exit(void)
521} 524}
522module_exit(ieee802154_nl_exit); 525module_exit(ieee802154_nl_exit);
523 526
527MODULE_LICENSE("GPL v2");
528MODULE_DESCRIPTION("ieee 802.15.4 configuration interface");
529
diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c
index 8a3881e28aca..c29d75d8f1b1 100644
--- a/net/ipv4/arp.c
+++ b/net/ipv4/arp.c
@@ -801,11 +801,8 @@ static int arp_process(struct sk_buff *skb)
801 * cache. 801 * cache.
802 */ 802 */
803 803
804 /* 804 /* Special case: IPv4 duplicate address detection packet (RFC2131) */
805 * Special case: IPv4 duplicate address detection packet (RFC2131) 805 if (sip == 0) {
806 * and Gratuitous ARP/ARP Announce. (RFC3927, Section 2.4)
807 */
808 if (sip == 0 || tip == sip) {
809 if (arp->ar_op == htons(ARPOP_REQUEST) && 806 if (arp->ar_op == htons(ARPOP_REQUEST) &&
810 inet_addr_type(net, tip) == RTN_LOCAL && 807 inet_addr_type(net, tip) == RTN_LOCAL &&
811 !arp_ignore(in_dev, sip, tip)) 808 !arp_ignore(in_dev, sip, tip))
diff --git a/net/ipv4/fib_trie.c b/net/ipv4/fib_trie.c
index 012cf5a68581..00a54b246dfe 100644
--- a/net/ipv4/fib_trie.c
+++ b/net/ipv4/fib_trie.c
@@ -1021,6 +1021,9 @@ static void trie_rebalance(struct trie *t, struct tnode *tn)
1021 (struct node *)tn, wasfull); 1021 (struct node *)tn, wasfull);
1022 1022
1023 tp = node_parent((struct node *) tn); 1023 tp = node_parent((struct node *) tn);
1024 if (!tp)
1025 rcu_assign_pointer(t->trie, (struct node *)tn);
1026
1024 tnode_free_flush(); 1027 tnode_free_flush();
1025 if (!tp) 1028 if (!tp)
1026 break; 1029 break;
diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c
index 490ce20faf38..db46b4b5b2b9 100644
--- a/net/ipv4/ip_input.c
+++ b/net/ipv4/ip_input.c
@@ -440,6 +440,9 @@ int ip_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt,
440 /* Remove any debris in the socket control block */ 440 /* Remove any debris in the socket control block */
441 memset(IPCB(skb), 0, sizeof(struct inet_skb_parm)); 441 memset(IPCB(skb), 0, sizeof(struct inet_skb_parm));
442 442
443 /* Must drop socket now because of tproxy. */
444 skb_orphan(skb);
445
443 return NF_HOOK(PF_INET, NF_INET_PRE_ROUTING, skb, dev, NULL, 446 return NF_HOOK(PF_INET, NF_INET_PRE_ROUTING, skb, dev, NULL,
444 ip_rcv_finish); 447 ip_rcv_finish);
445 448
diff --git a/net/ipv4/netfilter/nf_nat_helper.c b/net/ipv4/netfilter/nf_nat_helper.c
index 155c008626c8..09172a65d9b6 100644
--- a/net/ipv4/netfilter/nf_nat_helper.c
+++ b/net/ipv4/netfilter/nf_nat_helper.c
@@ -191,7 +191,8 @@ nf_nat_mangle_tcp_packet(struct sk_buff *skb,
191 ct, ctinfo); 191 ct, ctinfo);
192 /* Tell TCP window tracking about seq change */ 192 /* Tell TCP window tracking about seq change */
193 nf_conntrack_tcp_update(skb, ip_hdrlen(skb), 193 nf_conntrack_tcp_update(skb, ip_hdrlen(skb),
194 ct, CTINFO2DIR(ctinfo)); 194 ct, CTINFO2DIR(ctinfo),
195 (int)rep_len - (int)match_len);
195 196
196 nf_conntrack_event_cache(IPCT_NATSEQADJ, ct); 197 nf_conntrack_event_cache(IPCT_NATSEQADJ, ct);
197 } 198 }
@@ -377,6 +378,7 @@ nf_nat_seq_adjust(struct sk_buff *skb,
377 struct tcphdr *tcph; 378 struct tcphdr *tcph;
378 int dir; 379 int dir;
379 __be32 newseq, newack; 380 __be32 newseq, newack;
381 s16 seqoff, ackoff;
380 struct nf_conn_nat *nat = nfct_nat(ct); 382 struct nf_conn_nat *nat = nfct_nat(ct);
381 struct nf_nat_seq *this_way, *other_way; 383 struct nf_nat_seq *this_way, *other_way;
382 384
@@ -390,15 +392,18 @@ nf_nat_seq_adjust(struct sk_buff *skb,
390 392
391 tcph = (void *)skb->data + ip_hdrlen(skb); 393 tcph = (void *)skb->data + ip_hdrlen(skb);
392 if (after(ntohl(tcph->seq), this_way->correction_pos)) 394 if (after(ntohl(tcph->seq), this_way->correction_pos))
393 newseq = htonl(ntohl(tcph->seq) + this_way->offset_after); 395 seqoff = this_way->offset_after;
394 else 396 else
395 newseq = htonl(ntohl(tcph->seq) + this_way->offset_before); 397 seqoff = this_way->offset_before;
396 398
397 if (after(ntohl(tcph->ack_seq) - other_way->offset_before, 399 if (after(ntohl(tcph->ack_seq) - other_way->offset_before,
398 other_way->correction_pos)) 400 other_way->correction_pos))
399 newack = htonl(ntohl(tcph->ack_seq) - other_way->offset_after); 401 ackoff = other_way->offset_after;
400 else 402 else
401 newack = htonl(ntohl(tcph->ack_seq) - other_way->offset_before); 403 ackoff = other_way->offset_before;
404
405 newseq = htonl(ntohl(tcph->seq) + seqoff);
406 newack = htonl(ntohl(tcph->ack_seq) - ackoff);
402 407
403 inet_proto_csum_replace4(&tcph->check, skb, tcph->seq, newseq, 0); 408 inet_proto_csum_replace4(&tcph->check, skb, tcph->seq, newseq, 0);
404 inet_proto_csum_replace4(&tcph->check, skb, tcph->ack_seq, newack, 0); 409 inet_proto_csum_replace4(&tcph->check, skb, tcph->ack_seq, newack, 0);
@@ -413,7 +418,7 @@ nf_nat_seq_adjust(struct sk_buff *skb,
413 if (!nf_nat_sack_adjust(skb, tcph, ct, ctinfo)) 418 if (!nf_nat_sack_adjust(skb, tcph, ct, ctinfo))
414 return 0; 419 return 0;
415 420
416 nf_conntrack_tcp_update(skb, ip_hdrlen(skb), ct, dir); 421 nf_conntrack_tcp_update(skb, ip_hdrlen(skb), ct, dir, seqoff);
417 422
418 return 1; 423 return 1;
419} 424}
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index cd76b3cb7092..278f46f5011b 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -1085,8 +1085,35 @@ restart:
1085 now = jiffies; 1085 now = jiffies;
1086 1086
1087 if (!rt_caching(dev_net(rt->u.dst.dev))) { 1087 if (!rt_caching(dev_net(rt->u.dst.dev))) {
1088 rt_drop(rt); 1088 /*
1089 return 0; 1089 * If we're not caching, just tell the caller we
1090 * were successful and don't touch the route. The
1091 * caller hold the sole reference to the cache entry, and
1092 * it will be released when the caller is done with it.
1093 * If we drop it here, the callers have no way to resolve routes
1094 * when we're not caching. Instead, just point *rp at rt, so
1095 * the caller gets a single use out of the route
1096 * Note that we do rt_free on this new route entry, so that
1097 * once its refcount hits zero, we are still able to reap it
1098 * (Thanks Alexey)
1099 * Note also the rt_free uses call_rcu. We don't actually
1100 * need rcu protection here, this is just our path to get
1101 * on the route gc list.
1102 */
1103
1104 if (rt->rt_type == RTN_UNICAST || rt->fl.iif == 0) {
1105 int err = arp_bind_neighbour(&rt->u.dst);
1106 if (err) {
1107 if (net_ratelimit())
1108 printk(KERN_WARNING
1109 "Neighbour table failure & not caching routes.\n");
1110 rt_drop(rt);
1111 return err;
1112 }
1113 }
1114
1115 rt_free(rt);
1116 goto skip_hashing;
1090 } 1117 }
1091 1118
1092 rthp = &rt_hash_table[hash].chain; 1119 rthp = &rt_hash_table[hash].chain;
@@ -1203,7 +1230,8 @@ restart:
1203#if RT_CACHE_DEBUG >= 2 1230#if RT_CACHE_DEBUG >= 2
1204 if (rt->u.dst.rt_next) { 1231 if (rt->u.dst.rt_next) {
1205 struct rtable *trt; 1232 struct rtable *trt;
1206 printk(KERN_DEBUG "rt_cache @%02x: %pI4", hash, &rt->rt_dst); 1233 printk(KERN_DEBUG "rt_cache @%02x: %pI4",
1234 hash, &rt->rt_dst);
1207 for (trt = rt->u.dst.rt_next; trt; trt = trt->u.dst.rt_next) 1235 for (trt = rt->u.dst.rt_next; trt; trt = trt->u.dst.rt_next)
1208 printk(" . %pI4", &trt->rt_dst); 1236 printk(" . %pI4", &trt->rt_dst);
1209 printk("\n"); 1237 printk("\n");
@@ -1217,6 +1245,8 @@ restart:
1217 rcu_assign_pointer(rt_hash_table[hash].chain, rt); 1245 rcu_assign_pointer(rt_hash_table[hash].chain, rt);
1218 1246
1219 spin_unlock_bh(rt_hash_lock_addr(hash)); 1247 spin_unlock_bh(rt_hash_lock_addr(hash));
1248
1249skip_hashing:
1220 if (rp) 1250 if (rp)
1221 *rp = rt; 1251 *rp = rt;
1222 else 1252 else
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index 17b89c523f9d..7870a535dac6 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -903,13 +903,17 @@ int tcp_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg,
903 iov++; 903 iov++;
904 904
905 while (seglen > 0) { 905 while (seglen > 0) {
906 int copy; 906 int copy = 0;
907 int max = size_goal;
907 908
908 skb = tcp_write_queue_tail(sk); 909 skb = tcp_write_queue_tail(sk);
910 if (tcp_send_head(sk)) {
911 if (skb->ip_summed == CHECKSUM_NONE)
912 max = mss_now;
913 copy = max - skb->len;
914 }
909 915
910 if (!tcp_send_head(sk) || 916 if (copy <= 0) {
911 (copy = size_goal - skb->len) <= 0) {
912
913new_segment: 917new_segment:
914 /* Allocate new segment. If the interface is SG, 918 /* Allocate new segment. If the interface is SG,
915 * allocate skb fitting to single page. 919 * allocate skb fitting to single page.
@@ -930,6 +934,7 @@ new_segment:
930 934
931 skb_entail(sk, skb); 935 skb_entail(sk, skb);
932 copy = size_goal; 936 copy = size_goal;
937 max = size_goal;
933 } 938 }
934 939
935 /* Try to append data to the end of skb. */ 940 /* Try to append data to the end of skb. */
@@ -1028,7 +1033,7 @@ new_segment:
1028 if ((seglen -= copy) == 0 && iovlen == 0) 1033 if ((seglen -= copy) == 0 && iovlen == 0)
1029 goto out; 1034 goto out;
1030 1035
1031 if (skb->len < size_goal || (flags & MSG_OOB)) 1036 if (skb->len < max || (flags & MSG_OOB))
1032 continue; 1037 continue;
1033 1038
1034 if (forced_push(tp)) { 1039 if (forced_push(tp)) {
diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c
index 43bbba7926ee..f8d67ccc64f3 100644
--- a/net/ipv4/tcp_minisocks.c
+++ b/net/ipv4/tcp_minisocks.c
@@ -128,7 +128,8 @@ tcp_timewait_state_process(struct inet_timewait_sock *tw, struct sk_buff *skb,
128 goto kill_with_rst; 128 goto kill_with_rst;
129 129
130 /* Dup ACK? */ 130 /* Dup ACK? */
131 if (!after(TCP_SKB_CB(skb)->end_seq, tcptw->tw_rcv_nxt) || 131 if (!th->ack ||
132 !after(TCP_SKB_CB(skb)->end_seq, tcptw->tw_rcv_nxt) ||
132 TCP_SKB_CB(skb)->end_seq == TCP_SKB_CB(skb)->seq) { 133 TCP_SKB_CB(skb)->end_seq == TCP_SKB_CB(skb)->seq) {
133 inet_twsk_put(tw); 134 inet_twsk_put(tw);
134 return TCP_TW_SUCCESS; 135 return TCP_TW_SUCCESS;
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index 416fc4c2e7eb..5bdf08d312d9 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -725,7 +725,8 @@ static void tcp_queue_skb(struct sock *sk, struct sk_buff *skb)
725static void tcp_set_skb_tso_segs(struct sock *sk, struct sk_buff *skb, 725static void tcp_set_skb_tso_segs(struct sock *sk, struct sk_buff *skb,
726 unsigned int mss_now) 726 unsigned int mss_now)
727{ 727{
728 if (skb->len <= mss_now || !sk_can_gso(sk)) { 728 if (skb->len <= mss_now || !sk_can_gso(sk) ||
729 skb->ip_summed == CHECKSUM_NONE) {
729 /* Avoid the costly divide in the normal 730 /* Avoid the costly divide in the normal
730 * non-TSO case. 731 * non-TSO case.
731 */ 732 */
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 8c1e86afbbf5..3883b4036a74 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -3362,7 +3362,10 @@ static int inet6_fill_ifaddr(struct sk_buff *skb, struct inet6_ifaddr *ifa,
3362 valid = ifa->valid_lft; 3362 valid = ifa->valid_lft;
3363 if (preferred != INFINITY_LIFE_TIME) { 3363 if (preferred != INFINITY_LIFE_TIME) {
3364 long tval = (jiffies - ifa->tstamp)/HZ; 3364 long tval = (jiffies - ifa->tstamp)/HZ;
3365 preferred -= tval; 3365 if (preferred > tval)
3366 preferred -= tval;
3367 else
3368 preferred = 0;
3366 if (valid != INFINITY_LIFE_TIME) 3369 if (valid != INFINITY_LIFE_TIME)
3367 valid -= tval; 3370 valid -= tval;
3368 } 3371 }
diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
index 85b3d0036afd..caa0278d30a9 100644
--- a/net/ipv6/af_inet6.c
+++ b/net/ipv6/af_inet6.c
@@ -1284,6 +1284,8 @@ static void __exit inet6_exit(void)
1284 proto_unregister(&udplitev6_prot); 1284 proto_unregister(&udplitev6_prot);
1285 proto_unregister(&udpv6_prot); 1285 proto_unregister(&udpv6_prot);
1286 proto_unregister(&tcpv6_prot); 1286 proto_unregister(&tcpv6_prot);
1287
1288 rcu_barrier(); /* Wait for completion of call_rcu()'s */
1287} 1289}
1288module_exit(inet6_exit); 1290module_exit(inet6_exit);
1289 1291
diff --git a/net/ipv6/ah6.c b/net/ipv6/ah6.c
index 52449f7a1b71..86f42a288c4b 100644
--- a/net/ipv6/ah6.c
+++ b/net/ipv6/ah6.c
@@ -405,7 +405,7 @@ out:
405} 405}
406 406
407static void ah6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, 407static void ah6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
408 int type, int code, int offset, __be32 info) 408 u8 type, u8 code, int offset, __be32 info)
409{ 409{
410 struct net *net = dev_net(skb->dev); 410 struct net *net = dev_net(skb->dev);
411 struct ipv6hdr *iph = (struct ipv6hdr*)skb->data; 411 struct ipv6hdr *iph = (struct ipv6hdr*)skb->data;
diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c
index c2f250150db1..678bb95b1525 100644
--- a/net/ipv6/esp6.c
+++ b/net/ipv6/esp6.c
@@ -354,7 +354,7 @@ static u32 esp6_get_mtu(struct xfrm_state *x, int mtu)
354} 354}
355 355
356static void esp6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, 356static void esp6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
357 int type, int code, int offset, __be32 info) 357 u8 type, u8 code, int offset, __be32 info)
358{ 358{
359 struct net *net = dev_net(skb->dev); 359 struct net *net = dev_net(skb->dev);
360 struct ipv6hdr *iph = (struct ipv6hdr*)skb->data; 360 struct ipv6hdr *iph = (struct ipv6hdr*)skb->data;
diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c
index 36dff8807183..eab62a7a8f06 100644
--- a/net/ipv6/icmp.c
+++ b/net/ipv6/icmp.c
@@ -117,7 +117,7 @@ static __inline__ void icmpv6_xmit_unlock(struct sock *sk)
117/* 117/*
118 * Slightly more convenient version of icmpv6_send. 118 * Slightly more convenient version of icmpv6_send.
119 */ 119 */
120void icmpv6_param_prob(struct sk_buff *skb, int code, int pos) 120void icmpv6_param_prob(struct sk_buff *skb, u8 code, int pos)
121{ 121{
122 icmpv6_send(skb, ICMPV6_PARAMPROB, code, pos, skb->dev); 122 icmpv6_send(skb, ICMPV6_PARAMPROB, code, pos, skb->dev);
123 kfree_skb(skb); 123 kfree_skb(skb);
@@ -161,7 +161,7 @@ static int is_ineligible(struct sk_buff *skb)
161/* 161/*
162 * Check the ICMP output rate limit 162 * Check the ICMP output rate limit
163 */ 163 */
164static inline int icmpv6_xrlim_allow(struct sock *sk, int type, 164static inline int icmpv6_xrlim_allow(struct sock *sk, u8 type,
165 struct flowi *fl) 165 struct flowi *fl)
166{ 166{
167 struct dst_entry *dst; 167 struct dst_entry *dst;
@@ -305,7 +305,7 @@ static inline void mip6_addr_swap(struct sk_buff *skb) {}
305/* 305/*
306 * Send an ICMP message in response to a packet in error 306 * Send an ICMP message in response to a packet in error
307 */ 307 */
308void icmpv6_send(struct sk_buff *skb, int type, int code, __u32 info, 308void icmpv6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info,
309 struct net_device *dev) 309 struct net_device *dev)
310{ 310{
311 struct net *net = dev_net(skb->dev); 311 struct net *net = dev_net(skb->dev);
@@ -590,7 +590,7 @@ out:
590 icmpv6_xmit_unlock(sk); 590 icmpv6_xmit_unlock(sk);
591} 591}
592 592
593static void icmpv6_notify(struct sk_buff *skb, int type, int code, __be32 info) 593static void icmpv6_notify(struct sk_buff *skb, u8 type, u8 code, __be32 info)
594{ 594{
595 struct inet6_protocol *ipprot; 595 struct inet6_protocol *ipprot;
596 int inner_offset; 596 int inner_offset;
@@ -643,7 +643,7 @@ static int icmpv6_rcv(struct sk_buff *skb)
643 struct in6_addr *saddr, *daddr; 643 struct in6_addr *saddr, *daddr;
644 struct ipv6hdr *orig_hdr; 644 struct ipv6hdr *orig_hdr;
645 struct icmp6hdr *hdr; 645 struct icmp6hdr *hdr;
646 int type; 646 u8 type;
647 647
648 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) { 648 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
649 struct sec_path *sp = skb_sec_path(skb); 649 struct sec_path *sp = skb_sec_path(skb);
@@ -914,7 +914,7 @@ static const struct icmp6_err {
914 }, 914 },
915}; 915};
916 916
917int icmpv6_err_convert(int type, int code, int *err) 917int icmpv6_err_convert(u8 type, u8 code, int *err)
918{ 918{
919 int fatal = 0; 919 int fatal = 0;
920 920
diff --git a/net/ipv6/ip6_input.c b/net/ipv6/ip6_input.c
index c3a07d75b5f5..6d6a4277c677 100644
--- a/net/ipv6/ip6_input.c
+++ b/net/ipv6/ip6_input.c
@@ -139,6 +139,9 @@ int ipv6_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt
139 139
140 rcu_read_unlock(); 140 rcu_read_unlock();
141 141
142 /* Must drop socket now because of tproxy. */
143 skb_orphan(skb);
144
142 return NF_HOOK(PF_INET6, NF_INET_PRE_ROUTING, skb, dev, NULL, 145 return NF_HOOK(PF_INET6, NF_INET_PRE_ROUTING, skb, dev, NULL,
143 ip6_rcv_finish); 146 ip6_rcv_finish);
144err: 147err:
diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
index 404d16a97d5c..51f410e7775a 100644
--- a/net/ipv6/ip6_tunnel.c
+++ b/net/ipv6/ip6_tunnel.c
@@ -394,13 +394,13 @@ parse_tlv_tnl_enc_lim(struct sk_buff *skb, __u8 * raw)
394 394
395static int 395static int
396ip6_tnl_err(struct sk_buff *skb, __u8 ipproto, struct inet6_skb_parm *opt, 396ip6_tnl_err(struct sk_buff *skb, __u8 ipproto, struct inet6_skb_parm *opt,
397 int *type, int *code, int *msg, __u32 *info, int offset) 397 u8 *type, u8 *code, int *msg, __u32 *info, int offset)
398{ 398{
399 struct ipv6hdr *ipv6h = (struct ipv6hdr *) skb->data; 399 struct ipv6hdr *ipv6h = (struct ipv6hdr *) skb->data;
400 struct ip6_tnl *t; 400 struct ip6_tnl *t;
401 int rel_msg = 0; 401 int rel_msg = 0;
402 int rel_type = ICMPV6_DEST_UNREACH; 402 u8 rel_type = ICMPV6_DEST_UNREACH;
403 int rel_code = ICMPV6_ADDR_UNREACH; 403 u8 rel_code = ICMPV6_ADDR_UNREACH;
404 __u32 rel_info = 0; 404 __u32 rel_info = 0;
405 __u16 len; 405 __u16 len;
406 int err = -ENOENT; 406 int err = -ENOENT;
@@ -488,11 +488,11 @@ out:
488 488
489static int 489static int
490ip4ip6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, 490ip4ip6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
491 int type, int code, int offset, __be32 info) 491 u8 type, u8 code, int offset, __be32 info)
492{ 492{
493 int rel_msg = 0; 493 int rel_msg = 0;
494 int rel_type = type; 494 u8 rel_type = type;
495 int rel_code = code; 495 u8 rel_code = code;
496 __u32 rel_info = ntohl(info); 496 __u32 rel_info = ntohl(info);
497 int err; 497 int err;
498 struct sk_buff *skb2; 498 struct sk_buff *skb2;
@@ -586,11 +586,11 @@ out:
586 586
587static int 587static int
588ip6ip6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, 588ip6ip6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
589 int type, int code, int offset, __be32 info) 589 u8 type, u8 code, int offset, __be32 info)
590{ 590{
591 int rel_msg = 0; 591 int rel_msg = 0;
592 int rel_type = type; 592 u8 rel_type = type;
593 int rel_code = code; 593 u8 rel_code = code;
594 __u32 rel_info = ntohl(info); 594 __u32 rel_info = ntohl(info);
595 int err; 595 int err;
596 596
diff --git a/net/ipv6/ipcomp6.c b/net/ipv6/ipcomp6.c
index 3a0b3be7ece5..79c172f1ff01 100644
--- a/net/ipv6/ipcomp6.c
+++ b/net/ipv6/ipcomp6.c
@@ -51,7 +51,7 @@
51#include <linux/mutex.h> 51#include <linux/mutex.h>
52 52
53static void ipcomp6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, 53static void ipcomp6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
54 int type, int code, int offset, __be32 info) 54 u8 type, u8 code, int offset, __be32 info)
55{ 55{
56 __be32 spi; 56 __be32 spi;
57 struct ipv6hdr *iph = (struct ipv6hdr*)skb->data; 57 struct ipv6hdr *iph = (struct ipv6hdr*)skb->data;
diff --git a/net/ipv6/mip6.c b/net/ipv6/mip6.c
index f995e19c87a9..f797e8c6f3b3 100644
--- a/net/ipv6/mip6.c
+++ b/net/ipv6/mip6.c
@@ -54,7 +54,7 @@ static inline void *mip6_padn(__u8 *data, __u8 padlen)
54 return data + padlen; 54 return data + padlen;
55} 55}
56 56
57static inline void mip6_param_prob(struct sk_buff *skb, int code, int pos) 57static inline void mip6_param_prob(struct sk_buff *skb, u8 code, int pos)
58{ 58{
59 icmpv6_send(skb, ICMPV6_PARAMPROB, code, pos, skb->dev); 59 icmpv6_send(skb, ICMPV6_PARAMPROB, code, pos, skb->dev);
60} 60}
diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c
index 8b0b6f948063..d6c3c1c34b2d 100644
--- a/net/ipv6/raw.c
+++ b/net/ipv6/raw.c
@@ -310,7 +310,7 @@ out:
310 310
311static void rawv6_err(struct sock *sk, struct sk_buff *skb, 311static void rawv6_err(struct sock *sk, struct sk_buff *skb,
312 struct inet6_skb_parm *opt, 312 struct inet6_skb_parm *opt,
313 int type, int code, int offset, __be32 info) 313 u8 type, u8 code, int offset, __be32 info)
314{ 314{
315 struct inet_sock *inet = inet_sk(sk); 315 struct inet_sock *inet = inet_sk(sk);
316 struct ipv6_pinfo *np = inet6_sk(sk); 316 struct ipv6_pinfo *np = inet6_sk(sk);
@@ -343,7 +343,7 @@ static void rawv6_err(struct sock *sk, struct sk_buff *skb,
343} 343}
344 344
345void raw6_icmp_error(struct sk_buff *skb, int nexthdr, 345void raw6_icmp_error(struct sk_buff *skb, int nexthdr,
346 int type, int code, int inner_offset, __be32 info) 346 u8 type, u8 code, int inner_offset, __be32 info)
347{ 347{
348 struct sock *sk; 348 struct sock *sk;
349 int hash; 349 int hash;
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index 658293ea05ba..1473ee0a1f51 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -1865,7 +1865,7 @@ int ipv6_route_ioctl(struct net *net, unsigned int cmd, void __user *arg)
1865 * Drop the packet on the floor 1865 * Drop the packet on the floor
1866 */ 1866 */
1867 1867
1868static int ip6_pkt_drop(struct sk_buff *skb, int code, int ipstats_mib_noroutes) 1868static int ip6_pkt_drop(struct sk_buff *skb, u8 code, int ipstats_mib_noroutes)
1869{ 1869{
1870 int type; 1870 int type;
1871 struct dst_entry *dst = skb_dst(skb); 1871 struct dst_entry *dst = skb_dst(skb);
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index 53b6a4192b16..58810c65b635 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -317,7 +317,7 @@ failure:
317} 317}
318 318
319static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, 319static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
320 int type, int code, int offset, __be32 info) 320 u8 type, u8 code, int offset, __be32 info)
321{ 321{
322 struct ipv6hdr *hdr = (struct ipv6hdr*)skb->data; 322 struct ipv6hdr *hdr = (struct ipv6hdr*)skb->data;
323 const struct tcphdr *th = (struct tcphdr *)(skb->data+offset); 323 const struct tcphdr *th = (struct tcphdr *)(skb->data+offset);
diff --git a/net/ipv6/tunnel6.c b/net/ipv6/tunnel6.c
index 669f280989c3..633ad789effc 100644
--- a/net/ipv6/tunnel6.c
+++ b/net/ipv6/tunnel6.c
@@ -124,7 +124,7 @@ drop:
124} 124}
125 125
126static void tunnel6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, 126static void tunnel6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
127 int type, int code, int offset, __be32 info) 127 u8 type, u8 code, int offset, __be32 info)
128{ 128{
129 struct xfrm6_tunnel *handler; 129 struct xfrm6_tunnel *handler;
130 130
diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
index 023beda6b224..33b59bd92c4d 100644
--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -312,7 +312,7 @@ csum_copy_err:
312} 312}
313 313
314void __udp6_lib_err(struct sk_buff *skb, struct inet6_skb_parm *opt, 314void __udp6_lib_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
315 int type, int code, int offset, __be32 info, 315 u8 type, u8 code, int offset, __be32 info,
316 struct udp_table *udptable) 316 struct udp_table *udptable)
317{ 317{
318 struct ipv6_pinfo *np; 318 struct ipv6_pinfo *np;
@@ -346,8 +346,8 @@ out:
346} 346}
347 347
348static __inline__ void udpv6_err(struct sk_buff *skb, 348static __inline__ void udpv6_err(struct sk_buff *skb,
349 struct inet6_skb_parm *opt, int type, 349 struct inet6_skb_parm *opt, u8 type,
350 int code, int offset, __be32 info ) 350 u8 code, int offset, __be32 info )
351{ 351{
352 __udp6_lib_err(skb, opt, type, code, offset, info, &udp_table); 352 __udp6_lib_err(skb, opt, type, code, offset, info, &udp_table);
353} 353}
diff --git a/net/ipv6/udp_impl.h b/net/ipv6/udp_impl.h
index 23779208c334..6bb303471e20 100644
--- a/net/ipv6/udp_impl.h
+++ b/net/ipv6/udp_impl.h
@@ -9,7 +9,7 @@
9 9
10extern int __udp6_lib_rcv(struct sk_buff *, struct udp_table *, int ); 10extern int __udp6_lib_rcv(struct sk_buff *, struct udp_table *, int );
11extern void __udp6_lib_err(struct sk_buff *, struct inet6_skb_parm *, 11extern void __udp6_lib_err(struct sk_buff *, struct inet6_skb_parm *,
12 int , int , int , __be32 , struct udp_table *); 12 u8 , u8 , int , __be32 , struct udp_table *);
13 13
14extern int udp_v6_get_port(struct sock *sk, unsigned short snum); 14extern int udp_v6_get_port(struct sock *sk, unsigned short snum);
15 15
diff --git a/net/ipv6/udplite.c b/net/ipv6/udplite.c
index ba162a824585..4818c48688f2 100644
--- a/net/ipv6/udplite.c
+++ b/net/ipv6/udplite.c
@@ -20,7 +20,7 @@ static int udplitev6_rcv(struct sk_buff *skb)
20 20
21static void udplitev6_err(struct sk_buff *skb, 21static void udplitev6_err(struct sk_buff *skb,
22 struct inet6_skb_parm *opt, 22 struct inet6_skb_parm *opt,
23 int type, int code, int offset, __be32 info) 23 u8 type, u8 code, int offset, __be32 info)
24{ 24{
25 __udp6_lib_err(skb, opt, type, code, offset, info, &udplite_table); 25 __udp6_lib_err(skb, opt, type, code, offset, info, &udplite_table);
26} 26}
diff --git a/net/ipv6/xfrm6_tunnel.c b/net/ipv6/xfrm6_tunnel.c
index 80193db224d9..81a95c00e503 100644
--- a/net/ipv6/xfrm6_tunnel.c
+++ b/net/ipv6/xfrm6_tunnel.c
@@ -262,7 +262,7 @@ static int xfrm6_tunnel_rcv(struct sk_buff *skb)
262} 262}
263 263
264static int xfrm6_tunnel_err(struct sk_buff *skb, struct inet6_skb_parm *opt, 264static int xfrm6_tunnel_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
265 int type, int code, int offset, __be32 info) 265 u8 type, u8 code, int offset, __be32 info)
266{ 266{
267 /* xfrm6_tunnel native err handling */ 267 /* xfrm6_tunnel native err handling */
268 switch (type) { 268 switch (type) {
diff --git a/net/irda/af_irda.c b/net/irda/af_irda.c
index 5922febe25c4..cb762c8723ea 100644
--- a/net/irda/af_irda.c
+++ b/net/irda/af_irda.c
@@ -913,9 +913,6 @@ static int irda_accept(struct socket *sock, struct socket *newsock, int flags)
913 /* Clean up the original one to keep it in listen state */ 913 /* Clean up the original one to keep it in listen state */
914 irttp_listen(self->tsap); 914 irttp_listen(self->tsap);
915 915
916 /* Wow ! What is that ? Jean II */
917 skb->sk = NULL;
918 skb->destructor = NULL;
919 kfree_skb(skb); 916 kfree_skb(skb);
920 sk->sk_ack_backlog--; 917 sk->sk_ack_backlog--;
921 918
diff --git a/net/irda/ircomm/ircomm_lmp.c b/net/irda/ircomm/ircomm_lmp.c
index 67c99d20857f..7ba96618660e 100644
--- a/net/irda/ircomm/ircomm_lmp.c
+++ b/net/irda/ircomm/ircomm_lmp.c
@@ -196,6 +196,7 @@ static int ircomm_lmp_data_request(struct ircomm_cb *self,
196 /* Don't forget to refcount it - see ircomm_tty_do_softint() */ 196 /* Don't forget to refcount it - see ircomm_tty_do_softint() */
197 skb_get(skb); 197 skb_get(skb);
198 198
199 skb_orphan(skb);
199 skb->destructor = ircomm_lmp_flow_control; 200 skb->destructor = ircomm_lmp_flow_control;
200 201
201 if ((self->pkt_count++ > 7) && (self->flow_status == FLOW_START)) { 202 if ((self->pkt_count++ > 7) && (self->flow_status == FLOW_START)) {
diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c
index 656cbd195825..6be5f92d1094 100644
--- a/net/iucv/af_iucv.c
+++ b/net/iucv/af_iucv.c
@@ -54,6 +54,38 @@ static const u8 iprm_shutdown[8] =
54#define CB_TRGCLS(skb) ((skb)->cb + CB_TAG_LEN) /* iucv msg target class */ 54#define CB_TRGCLS(skb) ((skb)->cb + CB_TAG_LEN) /* iucv msg target class */
55#define CB_TRGCLS_LEN (TRGCLS_SIZE) 55#define CB_TRGCLS_LEN (TRGCLS_SIZE)
56 56
57#define __iucv_sock_wait(sk, condition, timeo, ret) \
58do { \
59 DEFINE_WAIT(__wait); \
60 long __timeo = timeo; \
61 ret = 0; \
62 while (!(condition)) { \
63 prepare_to_wait(sk->sk_sleep, &__wait, TASK_INTERRUPTIBLE); \
64 if (!__timeo) { \
65 ret = -EAGAIN; \
66 break; \
67 } \
68 if (signal_pending(current)) { \
69 ret = sock_intr_errno(__timeo); \
70 break; \
71 } \
72 release_sock(sk); \
73 __timeo = schedule_timeout(__timeo); \
74 lock_sock(sk); \
75 ret = sock_error(sk); \
76 if (ret) \
77 break; \
78 } \
79 finish_wait(sk->sk_sleep, &__wait); \
80} while (0)
81
82#define iucv_sock_wait(sk, condition, timeo) \
83({ \
84 int __ret = 0; \
85 if (!(condition)) \
86 __iucv_sock_wait(sk, condition, timeo, __ret); \
87 __ret; \
88})
57 89
58static void iucv_sock_kill(struct sock *sk); 90static void iucv_sock_kill(struct sock *sk);
59static void iucv_sock_close(struct sock *sk); 91static void iucv_sock_close(struct sock *sk);
@@ -238,6 +270,48 @@ static inline size_t iucv_msg_length(struct iucv_message *msg)
238 return msg->length; 270 return msg->length;
239} 271}
240 272
273/**
274 * iucv_sock_in_state() - check for specific states
275 * @sk: sock structure
276 * @state: first iucv sk state
277 * @state: second iucv sk state
278 *
279 * Returns true if the socket in either in the first or second state.
280 */
281static int iucv_sock_in_state(struct sock *sk, int state, int state2)
282{
283 return (sk->sk_state == state || sk->sk_state == state2);
284}
285
286/**
287 * iucv_below_msglim() - function to check if messages can be sent
288 * @sk: sock structure
289 *
290 * Returns true if the send queue length is lower than the message limit.
291 * Always returns true if the socket is not connected (no iucv path for
292 * checking the message limit).
293 */
294static inline int iucv_below_msglim(struct sock *sk)
295{
296 struct iucv_sock *iucv = iucv_sk(sk);
297
298 if (sk->sk_state != IUCV_CONNECTED)
299 return 1;
300 return (skb_queue_len(&iucv->send_skb_q) < iucv->path->msglim);
301}
302
303/**
304 * iucv_sock_wake_msglim() - Wake up thread waiting on msg limit
305 */
306static void iucv_sock_wake_msglim(struct sock *sk)
307{
308 read_lock(&sk->sk_callback_lock);
309 if (sk->sk_sleep && waitqueue_active(sk->sk_sleep))
310 wake_up_interruptible_all(sk->sk_sleep);
311 sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT);
312 read_unlock(&sk->sk_callback_lock);
313}
314
241/* Timers */ 315/* Timers */
242static void iucv_sock_timeout(unsigned long arg) 316static void iucv_sock_timeout(unsigned long arg)
243{ 317{
@@ -329,7 +403,9 @@ static void iucv_sock_close(struct sock *sk)
329 timeo = sk->sk_lingertime; 403 timeo = sk->sk_lingertime;
330 else 404 else
331 timeo = IUCV_DISCONN_TIMEOUT; 405 timeo = IUCV_DISCONN_TIMEOUT;
332 err = iucv_sock_wait_state(sk, IUCV_CLOSED, 0, timeo); 406 err = iucv_sock_wait(sk,
407 iucv_sock_in_state(sk, IUCV_CLOSED, 0),
408 timeo);
333 } 409 }
334 410
335 case IUCV_CLOSING: /* fall through */ 411 case IUCV_CLOSING: /* fall through */
@@ -510,39 +586,6 @@ struct sock *iucv_accept_dequeue(struct sock *parent, struct socket *newsock)
510 return NULL; 586 return NULL;
511} 587}
512 588
513int iucv_sock_wait_state(struct sock *sk, int state, int state2,
514 unsigned long timeo)
515{
516 DECLARE_WAITQUEUE(wait, current);
517 int err = 0;
518
519 add_wait_queue(sk->sk_sleep, &wait);
520 while (sk->sk_state != state && sk->sk_state != state2) {
521 set_current_state(TASK_INTERRUPTIBLE);
522
523 if (!timeo) {
524 err = -EAGAIN;
525 break;
526 }
527
528 if (signal_pending(current)) {
529 err = sock_intr_errno(timeo);
530 break;
531 }
532
533 release_sock(sk);
534 timeo = schedule_timeout(timeo);
535 lock_sock(sk);
536
537 err = sock_error(sk);
538 if (err)
539 break;
540 }
541 set_current_state(TASK_RUNNING);
542 remove_wait_queue(sk->sk_sleep, &wait);
543 return err;
544}
545
546/* Bind an unbound socket */ 589/* Bind an unbound socket */
547static int iucv_sock_bind(struct socket *sock, struct sockaddr *addr, 590static int iucv_sock_bind(struct socket *sock, struct sockaddr *addr,
548 int addr_len) 591 int addr_len)
@@ -687,8 +730,9 @@ static int iucv_sock_connect(struct socket *sock, struct sockaddr *addr,
687 } 730 }
688 731
689 if (sk->sk_state != IUCV_CONNECTED) { 732 if (sk->sk_state != IUCV_CONNECTED) {
690 err = iucv_sock_wait_state(sk, IUCV_CONNECTED, IUCV_DISCONN, 733 err = iucv_sock_wait(sk, iucv_sock_in_state(sk, IUCV_CONNECTED,
691 sock_sndtimeo(sk, flags & O_NONBLOCK)); 734 IUCV_DISCONN),
735 sock_sndtimeo(sk, flags & O_NONBLOCK));
692 } 736 }
693 737
694 if (sk->sk_state == IUCV_DISCONN) { 738 if (sk->sk_state == IUCV_DISCONN) {
@@ -842,9 +886,11 @@ static int iucv_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
842 struct iucv_message txmsg; 886 struct iucv_message txmsg;
843 struct cmsghdr *cmsg; 887 struct cmsghdr *cmsg;
844 int cmsg_done; 888 int cmsg_done;
889 long timeo;
845 char user_id[9]; 890 char user_id[9];
846 char appl_id[9]; 891 char appl_id[9];
847 int err; 892 int err;
893 int noblock = msg->msg_flags & MSG_DONTWAIT;
848 894
849 err = sock_error(sk); 895 err = sock_error(sk);
850 if (err) 896 if (err)
@@ -864,108 +910,119 @@ static int iucv_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
864 goto out; 910 goto out;
865 } 911 }
866 912
867 if (sk->sk_state == IUCV_CONNECTED) { 913 /* Return if the socket is not in connected state */
868 /* initialize defaults */ 914 if (sk->sk_state != IUCV_CONNECTED) {
869 cmsg_done = 0; /* check for duplicate headers */ 915 err = -ENOTCONN;
870 txmsg.class = 0; 916 goto out;
917 }
871 918
872 /* iterate over control messages */ 919 /* initialize defaults */
873 for (cmsg = CMSG_FIRSTHDR(msg); cmsg; 920 cmsg_done = 0; /* check for duplicate headers */
874 cmsg = CMSG_NXTHDR(msg, cmsg)) { 921 txmsg.class = 0;
875 922
876 if (!CMSG_OK(msg, cmsg)) { 923 /* iterate over control messages */
877 err = -EINVAL; 924 for (cmsg = CMSG_FIRSTHDR(msg); cmsg;
878 goto out; 925 cmsg = CMSG_NXTHDR(msg, cmsg)) {
879 } 926
927 if (!CMSG_OK(msg, cmsg)) {
928 err = -EINVAL;
929 goto out;
930 }
931
932 if (cmsg->cmsg_level != SOL_IUCV)
933 continue;
880 934
881 if (cmsg->cmsg_level != SOL_IUCV) 935 if (cmsg->cmsg_type & cmsg_done) {
882 continue; 936 err = -EINVAL;
937 goto out;
938 }
939 cmsg_done |= cmsg->cmsg_type;
883 940
884 if (cmsg->cmsg_type & cmsg_done) { 941 switch (cmsg->cmsg_type) {
942 case SCM_IUCV_TRGCLS:
943 if (cmsg->cmsg_len != CMSG_LEN(TRGCLS_SIZE)) {
885 err = -EINVAL; 944 err = -EINVAL;
886 goto out; 945 goto out;
887 } 946 }
888 cmsg_done |= cmsg->cmsg_type;
889
890 switch (cmsg->cmsg_type) {
891 case SCM_IUCV_TRGCLS:
892 if (cmsg->cmsg_len != CMSG_LEN(TRGCLS_SIZE)) {
893 err = -EINVAL;
894 goto out;
895 }
896 947
897 /* set iucv message target class */ 948 /* set iucv message target class */
898 memcpy(&txmsg.class, 949 memcpy(&txmsg.class,
899 (void *) CMSG_DATA(cmsg), TRGCLS_SIZE); 950 (void *) CMSG_DATA(cmsg), TRGCLS_SIZE);
900 951
901 break; 952 break;
902 953
903 default: 954 default:
904 err = -EINVAL; 955 err = -EINVAL;
905 goto out; 956 goto out;
906 break; 957 break;
907 }
908 } 958 }
959 }
909 960
910 /* allocate one skb for each iucv message: 961 /* allocate one skb for each iucv message:
911 * this is fine for SOCK_SEQPACKET (unless we want to support 962 * this is fine for SOCK_SEQPACKET (unless we want to support
912 * segmented records using the MSG_EOR flag), but 963 * segmented records using the MSG_EOR flag), but
913 * for SOCK_STREAM we might want to improve it in future */ 964 * for SOCK_STREAM we might want to improve it in future */
914 if (!(skb = sock_alloc_send_skb(sk, len, 965 skb = sock_alloc_send_skb(sk, len, noblock, &err);
915 msg->msg_flags & MSG_DONTWAIT, 966 if (!skb)
916 &err))) 967 goto out;
917 goto out; 968 if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) {
969 err = -EFAULT;
970 goto fail;
971 }
918 972
919 if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) { 973 /* wait if outstanding messages for iucv path has reached */
920 err = -EFAULT; 974 timeo = sock_sndtimeo(sk, noblock);
921 goto fail; 975 err = iucv_sock_wait(sk, iucv_below_msglim(sk), timeo);
922 } 976 if (err)
977 goto fail;
923 978
924 /* increment and save iucv message tag for msg_completion cbk */ 979 /* return -ECONNRESET if the socket is no longer connected */
925 txmsg.tag = iucv->send_tag++; 980 if (sk->sk_state != IUCV_CONNECTED) {
926 memcpy(CB_TAG(skb), &txmsg.tag, CB_TAG_LEN); 981 err = -ECONNRESET;
927 skb_queue_tail(&iucv->send_skb_q, skb); 982 goto fail;
983 }
928 984
929 if (((iucv->path->flags & IUCV_IPRMDATA) & iucv->flags) 985 /* increment and save iucv message tag for msg_completion cbk */
930 && skb->len <= 7) { 986 txmsg.tag = iucv->send_tag++;
931 err = iucv_send_iprm(iucv->path, &txmsg, skb); 987 memcpy(CB_TAG(skb), &txmsg.tag, CB_TAG_LEN);
988 skb_queue_tail(&iucv->send_skb_q, skb);
932 989
933 /* on success: there is no message_complete callback 990 if (((iucv->path->flags & IUCV_IPRMDATA) & iucv->flags)
934 * for an IPRMDATA msg; remove skb from send queue */ 991 && skb->len <= 7) {
935 if (err == 0) { 992 err = iucv_send_iprm(iucv->path, &txmsg, skb);
936 skb_unlink(skb, &iucv->send_skb_q);
937 kfree_skb(skb);
938 }
939 993
940 /* this error should never happen since the 994 /* on success: there is no message_complete callback
941 * IUCV_IPRMDATA path flag is set... sever path */ 995 * for an IPRMDATA msg; remove skb from send queue */
942 if (err == 0x15) { 996 if (err == 0) {
943 iucv_path_sever(iucv->path, NULL); 997 skb_unlink(skb, &iucv->send_skb_q);
944 skb_unlink(skb, &iucv->send_skb_q); 998 kfree_skb(skb);
945 err = -EPIPE; 999 }
946 goto fail; 1000
947 } 1001 /* this error should never happen since the
948 } else 1002 * IUCV_IPRMDATA path flag is set... sever path */
949 err = iucv_message_send(iucv->path, &txmsg, 0, 0, 1003 if (err == 0x15) {
950 (void *) skb->data, skb->len); 1004 iucv_path_sever(iucv->path, NULL);
951 if (err) {
952 if (err == 3) {
953 user_id[8] = 0;
954 memcpy(user_id, iucv->dst_user_id, 8);
955 appl_id[8] = 0;
956 memcpy(appl_id, iucv->dst_name, 8);
957 pr_err("Application %s on z/VM guest %s"
958 " exceeds message limit\n",
959 user_id, appl_id);
960 }
961 skb_unlink(skb, &iucv->send_skb_q); 1005 skb_unlink(skb, &iucv->send_skb_q);
962 err = -EPIPE; 1006 err = -EPIPE;
963 goto fail; 1007 goto fail;
964 } 1008 }
965 1009 } else
966 } else { 1010 err = iucv_message_send(iucv->path, &txmsg, 0, 0,
967 err = -ENOTCONN; 1011 (void *) skb->data, skb->len);
968 goto out; 1012 if (err) {
1013 if (err == 3) {
1014 user_id[8] = 0;
1015 memcpy(user_id, iucv->dst_user_id, 8);
1016 appl_id[8] = 0;
1017 memcpy(appl_id, iucv->dst_name, 8);
1018 pr_err("Application %s on z/VM guest %s"
1019 " exceeds message limit\n",
1020 appl_id, user_id);
1021 err = -EAGAIN;
1022 } else
1023 err = -EPIPE;
1024 skb_unlink(skb, &iucv->send_skb_q);
1025 goto fail;
969 } 1026 }
970 1027
971 release_sock(sk); 1028 release_sock(sk);
@@ -1581,7 +1638,11 @@ static void iucv_callback_txdone(struct iucv_path *path,
1581 1638
1582 spin_unlock_irqrestore(&list->lock, flags); 1639 spin_unlock_irqrestore(&list->lock, flags);
1583 1640
1584 kfree_skb(this); 1641 if (this) {
1642 kfree_skb(this);
1643 /* wake up any process waiting for sending */
1644 iucv_sock_wake_msglim(sk);
1645 }
1585 } 1646 }
1586 BUG_ON(!this); 1647 BUG_ON(!this);
1587 1648
diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c
index fc712e60705d..11cf45bce38a 100644
--- a/net/mac80211/mesh.c
+++ b/net/mac80211/mesh.c
@@ -494,7 +494,7 @@ void ieee80211_stop_mesh(struct ieee80211_sub_if_data *sdata)
494 * should it be using the interface and enqueuing 494 * should it be using the interface and enqueuing
495 * frames at this very time on another CPU. 495 * frames at this very time on another CPU.
496 */ 496 */
497 synchronize_rcu(); 497 rcu_barrier(); /* Wait for RX path and call_rcu()'s */
498 skb_queue_purge(&sdata->u.mesh.skb_queue); 498 skb_queue_purge(&sdata->u.mesh.skb_queue);
499} 499}
500 500
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 5f72b94b4918..7508f11c5b39 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -335,7 +335,8 @@ begin:
335 h = __nf_conntrack_find(net, tuple); 335 h = __nf_conntrack_find(net, tuple);
336 if (h) { 336 if (h) {
337 ct = nf_ct_tuplehash_to_ctrack(h); 337 ct = nf_ct_tuplehash_to_ctrack(h);
338 if (unlikely(!atomic_inc_not_zero(&ct->ct_general.use))) 338 if (unlikely(nf_ct_is_dying(ct) ||
339 !atomic_inc_not_zero(&ct->ct_general.use)))
339 h = NULL; 340 h = NULL;
340 else { 341 else {
341 if (unlikely(!nf_ct_tuple_equal(tuple, &h->tuple))) { 342 if (unlikely(!nf_ct_tuple_equal(tuple, &h->tuple))) {
@@ -425,7 +426,6 @@ __nf_conntrack_confirm(struct sk_buff *skb)
425 /* Remove from unconfirmed list */ 426 /* Remove from unconfirmed list */
426 hlist_nulls_del_rcu(&ct->tuplehash[IP_CT_DIR_ORIGINAL].hnnode); 427 hlist_nulls_del_rcu(&ct->tuplehash[IP_CT_DIR_ORIGINAL].hnnode);
427 428
428 __nf_conntrack_hash_insert(ct, hash, repl_hash);
429 /* Timer relative to confirmation time, not original 429 /* Timer relative to confirmation time, not original
430 setting time, otherwise we'd get timer wrap in 430 setting time, otherwise we'd get timer wrap in
431 weird delay cases. */ 431 weird delay cases. */
@@ -433,8 +433,16 @@ __nf_conntrack_confirm(struct sk_buff *skb)
433 add_timer(&ct->timeout); 433 add_timer(&ct->timeout);
434 atomic_inc(&ct->ct_general.use); 434 atomic_inc(&ct->ct_general.use);
435 set_bit(IPS_CONFIRMED_BIT, &ct->status); 435 set_bit(IPS_CONFIRMED_BIT, &ct->status);
436
437 /* Since the lookup is lockless, hash insertion must be done after
438 * starting the timer and setting the CONFIRMED bit. The RCU barriers
439 * guarantee that no other CPU can find the conntrack before the above
440 * stores are visible.
441 */
442 __nf_conntrack_hash_insert(ct, hash, repl_hash);
436 NF_CT_STAT_INC(net, insert); 443 NF_CT_STAT_INC(net, insert);
437 spin_unlock_bh(&nf_conntrack_lock); 444 spin_unlock_bh(&nf_conntrack_lock);
445
438 help = nfct_help(ct); 446 help = nfct_help(ct);
439 if (help && help->helper) 447 if (help && help->helper)
440 nf_conntrack_event_cache(IPCT_HELPER, ct); 448 nf_conntrack_event_cache(IPCT_HELPER, ct);
@@ -503,7 +511,8 @@ static noinline int early_drop(struct net *net, unsigned int hash)
503 cnt++; 511 cnt++;
504 } 512 }
505 513
506 if (ct && unlikely(!atomic_inc_not_zero(&ct->ct_general.use))) 514 if (ct && unlikely(nf_ct_is_dying(ct) ||
515 !atomic_inc_not_zero(&ct->ct_general.use)))
507 ct = NULL; 516 ct = NULL;
508 if (ct || cnt >= NF_CT_EVICTION_RANGE) 517 if (ct || cnt >= NF_CT_EVICTION_RANGE)
509 break; 518 break;
@@ -1267,13 +1276,19 @@ err_cache:
1267 return ret; 1276 return ret;
1268} 1277}
1269 1278
1279/*
1280 * We need to use special "null" values, not used in hash table
1281 */
1282#define UNCONFIRMED_NULLS_VAL ((1<<30)+0)
1283#define DYING_NULLS_VAL ((1<<30)+1)
1284
1270static int nf_conntrack_init_net(struct net *net) 1285static int nf_conntrack_init_net(struct net *net)
1271{ 1286{
1272 int ret; 1287 int ret;
1273 1288
1274 atomic_set(&net->ct.count, 0); 1289 atomic_set(&net->ct.count, 0);
1275 INIT_HLIST_NULLS_HEAD(&net->ct.unconfirmed, 0); 1290 INIT_HLIST_NULLS_HEAD(&net->ct.unconfirmed, UNCONFIRMED_NULLS_VAL);
1276 INIT_HLIST_NULLS_HEAD(&net->ct.dying, 0); 1291 INIT_HLIST_NULLS_HEAD(&net->ct.dying, DYING_NULLS_VAL);
1277 net->ct.stat = alloc_percpu(struct ip_conntrack_stat); 1292 net->ct.stat = alloc_percpu(struct ip_conntrack_stat);
1278 if (!net->ct.stat) { 1293 if (!net->ct.stat) {
1279 ret = -ENOMEM; 1294 ret = -ENOMEM;
diff --git a/net/netfilter/nf_conntrack_expect.c b/net/netfilter/nf_conntrack_expect.c
index afde8f991646..2032dfe25ca8 100644
--- a/net/netfilter/nf_conntrack_expect.c
+++ b/net/netfilter/nf_conntrack_expect.c
@@ -617,8 +617,10 @@ err1:
617void nf_conntrack_expect_fini(struct net *net) 617void nf_conntrack_expect_fini(struct net *net)
618{ 618{
619 exp_proc_remove(net); 619 exp_proc_remove(net);
620 if (net_eq(net, &init_net)) 620 if (net_eq(net, &init_net)) {
621 rcu_barrier(); /* Wait for call_rcu() before destroy */
621 kmem_cache_destroy(nf_ct_expect_cachep); 622 kmem_cache_destroy(nf_ct_expect_cachep);
623 }
622 nf_ct_free_hashtable(net->ct.expect_hash, net->ct.expect_vmalloc, 624 nf_ct_free_hashtable(net->ct.expect_hash, net->ct.expect_vmalloc,
623 nf_ct_expect_hsize); 625 nf_ct_expect_hsize);
624} 626}
diff --git a/net/netfilter/nf_conntrack_extend.c b/net/netfilter/nf_conntrack_extend.c
index 4b2c769d555f..fef95be334bd 100644
--- a/net/netfilter/nf_conntrack_extend.c
+++ b/net/netfilter/nf_conntrack_extend.c
@@ -186,6 +186,6 @@ void nf_ct_extend_unregister(struct nf_ct_ext_type *type)
186 rcu_assign_pointer(nf_ct_ext_types[type->id], NULL); 186 rcu_assign_pointer(nf_ct_ext_types[type->id], NULL);
187 update_alloc_size(type); 187 update_alloc_size(type);
188 mutex_unlock(&nf_ct_ext_type_mutex); 188 mutex_unlock(&nf_ct_ext_type_mutex);
189 synchronize_rcu(); 189 rcu_barrier(); /* Wait for completion of call_rcu()'s */
190} 190}
191EXPORT_SYMBOL_GPL(nf_ct_extend_unregister); 191EXPORT_SYMBOL_GPL(nf_ct_extend_unregister);
diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c
index 33fc0a443f3d..97a82ba75376 100644
--- a/net/netfilter/nf_conntrack_proto_tcp.c
+++ b/net/netfilter/nf_conntrack_proto_tcp.c
@@ -720,8 +720,8 @@ static bool tcp_in_window(const struct nf_conn *ct,
720/* Caller must linearize skb at tcp header. */ 720/* Caller must linearize skb at tcp header. */
721void nf_conntrack_tcp_update(const struct sk_buff *skb, 721void nf_conntrack_tcp_update(const struct sk_buff *skb,
722 unsigned int dataoff, 722 unsigned int dataoff,
723 struct nf_conn *ct, 723 struct nf_conn *ct, int dir,
724 int dir) 724 s16 offset)
725{ 725{
726 const struct tcphdr *tcph = (const void *)skb->data + dataoff; 726 const struct tcphdr *tcph = (const void *)skb->data + dataoff;
727 const struct ip_ct_tcp_state *sender = &ct->proto.tcp.seen[dir]; 727 const struct ip_ct_tcp_state *sender = &ct->proto.tcp.seen[dir];
@@ -734,7 +734,7 @@ void nf_conntrack_tcp_update(const struct sk_buff *skb,
734 /* 734 /*
735 * We have to worry for the ack in the reply packet only... 735 * We have to worry for the ack in the reply packet only...
736 */ 736 */
737 if (after(end, ct->proto.tcp.seen[dir].td_end)) 737 if (ct->proto.tcp.seen[dir].td_end + offset == end)
738 ct->proto.tcp.seen[dir].td_end = end; 738 ct->proto.tcp.seen[dir].td_end = end;
739 ct->proto.tcp.last_end = end; 739 ct->proto.tcp.last_end = end;
740 spin_unlock_bh(&ct->lock); 740 spin_unlock_bh(&ct->lock);
diff --git a/net/netfilter/nf_log.c b/net/netfilter/nf_log.c
index 2fefe147750a..4e620305f28c 100644
--- a/net/netfilter/nf_log.c
+++ b/net/netfilter/nf_log.c
@@ -47,7 +47,6 @@ int nf_log_register(u_int8_t pf, struct nf_logger *logger)
47 mutex_lock(&nf_log_mutex); 47 mutex_lock(&nf_log_mutex);
48 48
49 if (pf == NFPROTO_UNSPEC) { 49 if (pf == NFPROTO_UNSPEC) {
50 int i;
51 for (i = NFPROTO_UNSPEC; i < NFPROTO_NUMPROTO; i++) 50 for (i = NFPROTO_UNSPEC; i < NFPROTO_NUMPROTO; i++)
52 list_add_tail(&(logger->list[i]), &(nf_loggers_l[i])); 51 list_add_tail(&(logger->list[i]), &(nf_loggers_l[i]));
53 } else { 52 } else {
@@ -216,7 +215,7 @@ static const struct file_operations nflog_file_ops = {
216#endif /* PROC_FS */ 215#endif /* PROC_FS */
217 216
218#ifdef CONFIG_SYSCTL 217#ifdef CONFIG_SYSCTL
219struct ctl_path nf_log_sysctl_path[] = { 218static struct ctl_path nf_log_sysctl_path[] = {
220 { .procname = "net", .ctl_name = CTL_NET, }, 219 { .procname = "net", .ctl_name = CTL_NET, },
221 { .procname = "netfilter", .ctl_name = NET_NETFILTER, }, 220 { .procname = "netfilter", .ctl_name = NET_NETFILTER, },
222 { .procname = "nf_log", .ctl_name = CTL_UNNUMBERED, }, 221 { .procname = "nf_log", .ctl_name = CTL_UNNUMBERED, },
@@ -228,19 +227,26 @@ static struct ctl_table nf_log_sysctl_table[NFPROTO_NUMPROTO+1];
228static struct ctl_table_header *nf_log_dir_header; 227static struct ctl_table_header *nf_log_dir_header;
229 228
230static int nf_log_proc_dostring(ctl_table *table, int write, struct file *filp, 229static int nf_log_proc_dostring(ctl_table *table, int write, struct file *filp,
231 void *buffer, size_t *lenp, loff_t *ppos) 230 void __user *buffer, size_t *lenp, loff_t *ppos)
232{ 231{
233 const struct nf_logger *logger; 232 const struct nf_logger *logger;
233 char buf[NFLOGGER_NAME_LEN];
234 size_t size = *lenp;
234 int r = 0; 235 int r = 0;
235 int tindex = (unsigned long)table->extra1; 236 int tindex = (unsigned long)table->extra1;
236 237
237 if (write) { 238 if (write) {
238 if (!strcmp(buffer, "NONE")) { 239 if (size > sizeof(buf))
240 size = sizeof(buf);
241 if (copy_from_user(buf, buffer, size))
242 return -EFAULT;
243
244 if (!strcmp(buf, "NONE")) {
239 nf_log_unbind_pf(tindex); 245 nf_log_unbind_pf(tindex);
240 return 0; 246 return 0;
241 } 247 }
242 mutex_lock(&nf_log_mutex); 248 mutex_lock(&nf_log_mutex);
243 logger = __find_logger(tindex, buffer); 249 logger = __find_logger(tindex, buf);
244 if (logger == NULL) { 250 if (logger == NULL) {
245 mutex_unlock(&nf_log_mutex); 251 mutex_unlock(&nf_log_mutex);
246 return -ENOENT; 252 return -ENOENT;
diff --git a/net/netfilter/xt_NFQUEUE.c b/net/netfilter/xt_NFQUEUE.c
index 498b45101df7..f28f6a5fc02d 100644
--- a/net/netfilter/xt_NFQUEUE.c
+++ b/net/netfilter/xt_NFQUEUE.c
@@ -40,12 +40,12 @@ nfqueue_tg(struct sk_buff *skb, const struct xt_target_param *par)
40static u32 hash_v4(const struct sk_buff *skb) 40static u32 hash_v4(const struct sk_buff *skb)
41{ 41{
42 const struct iphdr *iph = ip_hdr(skb); 42 const struct iphdr *iph = ip_hdr(skb);
43 u32 ipaddr; 43 __be32 ipaddr;
44 44
45 /* packets in either direction go into same queue */ 45 /* packets in either direction go into same queue */
46 ipaddr = iph->saddr ^ iph->daddr; 46 ipaddr = iph->saddr ^ iph->daddr;
47 47
48 return jhash_2words(ipaddr, iph->protocol, jhash_initval); 48 return jhash_2words((__force u32)ipaddr, iph->protocol, jhash_initval);
49} 49}
50 50
51static unsigned int 51static unsigned int
@@ -63,14 +63,14 @@ nfqueue_tg4_v1(struct sk_buff *skb, const struct xt_target_param *par)
63static u32 hash_v6(const struct sk_buff *skb) 63static u32 hash_v6(const struct sk_buff *skb)
64{ 64{
65 const struct ipv6hdr *ip6h = ipv6_hdr(skb); 65 const struct ipv6hdr *ip6h = ipv6_hdr(skb);
66 u32 addr[4]; 66 __be32 addr[4];
67 67
68 addr[0] = ip6h->saddr.s6_addr32[0] ^ ip6h->daddr.s6_addr32[0]; 68 addr[0] = ip6h->saddr.s6_addr32[0] ^ ip6h->daddr.s6_addr32[0];
69 addr[1] = ip6h->saddr.s6_addr32[1] ^ ip6h->daddr.s6_addr32[1]; 69 addr[1] = ip6h->saddr.s6_addr32[1] ^ ip6h->daddr.s6_addr32[1];
70 addr[2] = ip6h->saddr.s6_addr32[2] ^ ip6h->daddr.s6_addr32[2]; 70 addr[2] = ip6h->saddr.s6_addr32[2] ^ ip6h->daddr.s6_addr32[2];
71 addr[3] = ip6h->saddr.s6_addr32[3] ^ ip6h->daddr.s6_addr32[3]; 71 addr[3] = ip6h->saddr.s6_addr32[3] ^ ip6h->daddr.s6_addr32[3];
72 72
73 return jhash2(addr, ARRAY_SIZE(addr), jhash_initval); 73 return jhash2((__force u32 *)addr, ARRAY_SIZE(addr), jhash_initval);
74} 74}
75 75
76static unsigned int 76static unsigned int
diff --git a/net/netfilter/xt_cluster.c b/net/netfilter/xt_cluster.c
index 69a639f35403..225ee3ecd69d 100644
--- a/net/netfilter/xt_cluster.c
+++ b/net/netfilter/xt_cluster.c
@@ -15,14 +15,14 @@
15#include <net/netfilter/nf_conntrack.h> 15#include <net/netfilter/nf_conntrack.h>
16#include <linux/netfilter/xt_cluster.h> 16#include <linux/netfilter/xt_cluster.h>
17 17
18static inline u_int32_t nf_ct_orig_ipv4_src(const struct nf_conn *ct) 18static inline u32 nf_ct_orig_ipv4_src(const struct nf_conn *ct)
19{ 19{
20 return ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u3.ip; 20 return (__force u32)ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u3.ip;
21} 21}
22 22
23static inline const void *nf_ct_orig_ipv6_src(const struct nf_conn *ct) 23static inline const u32 *nf_ct_orig_ipv6_src(const struct nf_conn *ct)
24{ 24{
25 return ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u3.ip6; 25 return (__force u32 *)ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u3.ip6;
26} 26}
27 27
28static inline u_int32_t 28static inline u_int32_t
diff --git a/net/netfilter/xt_conntrack.c b/net/netfilter/xt_conntrack.c
index 0b7139f3dd78..fc581800698e 100644
--- a/net/netfilter/xt_conntrack.c
+++ b/net/netfilter/xt_conntrack.c
@@ -129,7 +129,7 @@ conntrack_addrcmp(const union nf_inet_addr *kaddr,
129 129
130static inline bool 130static inline bool
131conntrack_mt_origsrc(const struct nf_conn *ct, 131conntrack_mt_origsrc(const struct nf_conn *ct,
132 const struct xt_conntrack_mtinfo1 *info, 132 const struct xt_conntrack_mtinfo2 *info,
133 u_int8_t family) 133 u_int8_t family)
134{ 134{
135 return conntrack_addrcmp(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u3, 135 return conntrack_addrcmp(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u3,
@@ -138,7 +138,7 @@ conntrack_mt_origsrc(const struct nf_conn *ct,
138 138
139static inline bool 139static inline bool
140conntrack_mt_origdst(const struct nf_conn *ct, 140conntrack_mt_origdst(const struct nf_conn *ct,
141 const struct xt_conntrack_mtinfo1 *info, 141 const struct xt_conntrack_mtinfo2 *info,
142 u_int8_t family) 142 u_int8_t family)
143{ 143{
144 return conntrack_addrcmp(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.u3, 144 return conntrack_addrcmp(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.u3,
@@ -147,7 +147,7 @@ conntrack_mt_origdst(const struct nf_conn *ct,
147 147
148static inline bool 148static inline bool
149conntrack_mt_replsrc(const struct nf_conn *ct, 149conntrack_mt_replsrc(const struct nf_conn *ct,
150 const struct xt_conntrack_mtinfo1 *info, 150 const struct xt_conntrack_mtinfo2 *info,
151 u_int8_t family) 151 u_int8_t family)
152{ 152{
153 return conntrack_addrcmp(&ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.u3, 153 return conntrack_addrcmp(&ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.u3,
@@ -156,7 +156,7 @@ conntrack_mt_replsrc(const struct nf_conn *ct,
156 156
157static inline bool 157static inline bool
158conntrack_mt_repldst(const struct nf_conn *ct, 158conntrack_mt_repldst(const struct nf_conn *ct,
159 const struct xt_conntrack_mtinfo1 *info, 159 const struct xt_conntrack_mtinfo2 *info,
160 u_int8_t family) 160 u_int8_t family)
161{ 161{
162 return conntrack_addrcmp(&ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u3, 162 return conntrack_addrcmp(&ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u3,
@@ -164,7 +164,7 @@ conntrack_mt_repldst(const struct nf_conn *ct,
164} 164}
165 165
166static inline bool 166static inline bool
167ct_proto_port_check(const struct xt_conntrack_mtinfo1 *info, 167ct_proto_port_check(const struct xt_conntrack_mtinfo2 *info,
168 const struct nf_conn *ct) 168 const struct nf_conn *ct)
169{ 169{
170 const struct nf_conntrack_tuple *tuple; 170 const struct nf_conntrack_tuple *tuple;
@@ -204,7 +204,7 @@ ct_proto_port_check(const struct xt_conntrack_mtinfo1 *info,
204static bool 204static bool
205conntrack_mt(const struct sk_buff *skb, const struct xt_match_param *par) 205conntrack_mt(const struct sk_buff *skb, const struct xt_match_param *par)
206{ 206{
207 const struct xt_conntrack_mtinfo1 *info = par->matchinfo; 207 const struct xt_conntrack_mtinfo2 *info = par->matchinfo;
208 enum ip_conntrack_info ctinfo; 208 enum ip_conntrack_info ctinfo;
209 const struct nf_conn *ct; 209 const struct nf_conn *ct;
210 unsigned int statebit; 210 unsigned int statebit;
@@ -278,6 +278,16 @@ conntrack_mt(const struct sk_buff *skb, const struct xt_match_param *par)
278 return true; 278 return true;
279} 279}
280 280
281static bool
282conntrack_mt_v1(const struct sk_buff *skb, const struct xt_match_param *par)
283{
284 const struct xt_conntrack_mtinfo2 *const *info = par->matchinfo;
285 struct xt_match_param newpar = *par;
286
287 newpar.matchinfo = *info;
288 return conntrack_mt(skb, &newpar);
289}
290
281static bool conntrack_mt_check(const struct xt_mtchk_param *par) 291static bool conntrack_mt_check(const struct xt_mtchk_param *par)
282{ 292{
283 if (nf_ct_l3proto_try_module_get(par->family) < 0) { 293 if (nf_ct_l3proto_try_module_get(par->family) < 0) {
@@ -288,11 +298,45 @@ static bool conntrack_mt_check(const struct xt_mtchk_param *par)
288 return true; 298 return true;
289} 299}
290 300
301static bool conntrack_mt_check_v1(const struct xt_mtchk_param *par)
302{
303 struct xt_conntrack_mtinfo1 *info = par->matchinfo;
304 struct xt_conntrack_mtinfo2 *up;
305 int ret = conntrack_mt_check(par);
306
307 if (ret < 0)
308 return ret;
309
310 up = kmalloc(sizeof(*up), GFP_KERNEL);
311 if (up == NULL) {
312 nf_ct_l3proto_module_put(par->family);
313 return -ENOMEM;
314 }
315
316 /*
317 * The strategy here is to minimize the overhead of v1 matching,
318 * by prebuilding a v2 struct and putting the pointer into the
319 * v1 dataspace.
320 */
321 memcpy(up, info, offsetof(typeof(*info), state_mask));
322 up->state_mask = info->state_mask;
323 up->status_mask = info->status_mask;
324 *(void **)info = up;
325 return true;
326}
327
291static void conntrack_mt_destroy(const struct xt_mtdtor_param *par) 328static void conntrack_mt_destroy(const struct xt_mtdtor_param *par)
292{ 329{
293 nf_ct_l3proto_module_put(par->family); 330 nf_ct_l3proto_module_put(par->family);
294} 331}
295 332
333static void conntrack_mt_destroy_v1(const struct xt_mtdtor_param *par)
334{
335 struct xt_conntrack_mtinfo2 **info = par->matchinfo;
336 kfree(*info);
337 conntrack_mt_destroy(par);
338}
339
296#ifdef CONFIG_COMPAT 340#ifdef CONFIG_COMPAT
297struct compat_xt_conntrack_info 341struct compat_xt_conntrack_info
298{ 342{
@@ -363,6 +407,16 @@ static struct xt_match conntrack_mt_reg[] __read_mostly = {
363 .revision = 1, 407 .revision = 1,
364 .family = NFPROTO_UNSPEC, 408 .family = NFPROTO_UNSPEC,
365 .matchsize = sizeof(struct xt_conntrack_mtinfo1), 409 .matchsize = sizeof(struct xt_conntrack_mtinfo1),
410 .match = conntrack_mt_v1,
411 .checkentry = conntrack_mt_check_v1,
412 .destroy = conntrack_mt_destroy_v1,
413 .me = THIS_MODULE,
414 },
415 {
416 .name = "conntrack",
417 .revision = 2,
418 .family = NFPROTO_UNSPEC,
419 .matchsize = sizeof(struct xt_conntrack_mtinfo2),
366 .match = conntrack_mt, 420 .match = conntrack_mt,
367 .checkentry = conntrack_mt_check, 421 .checkentry = conntrack_mt_check,
368 .destroy = conntrack_mt_destroy, 422 .destroy = conntrack_mt_destroy,
diff --git a/net/netfilter/xt_quota.c b/net/netfilter/xt_quota.c
index 01dd07b764ec..98fc190e8f0e 100644
--- a/net/netfilter/xt_quota.c
+++ b/net/netfilter/xt_quota.c
@@ -54,6 +54,7 @@ static bool quota_mt_check(const struct xt_mtchk_param *par)
54 if (q->master == NULL) 54 if (q->master == NULL)
55 return -ENOMEM; 55 return -ENOMEM;
56 56
57 q->master->quota = q->quota;
57 return true; 58 return true;
58} 59}
59 60
diff --git a/net/netfilter/xt_rateest.c b/net/netfilter/xt_rateest.c
index 220a1d588ee0..4fc6a917f6de 100644
--- a/net/netfilter/xt_rateest.c
+++ b/net/netfilter/xt_rateest.c
@@ -66,7 +66,7 @@ xt_rateest_mt(const struct sk_buff *skb, const struct xt_match_param *par)
66 if (info->flags & XT_RATEEST_MATCH_BPS) 66 if (info->flags & XT_RATEEST_MATCH_BPS)
67 ret &= bps1 == bps2; 67 ret &= bps1 == bps2;
68 if (info->flags & XT_RATEEST_MATCH_PPS) 68 if (info->flags & XT_RATEEST_MATCH_PPS)
69 ret &= pps2 == pps2; 69 ret &= pps1 == pps2;
70 break; 70 break;
71 } 71 }
72 72
diff --git a/net/phonet/pn_dev.c b/net/phonet/pn_dev.c
index 80a322d77909..b0d6ddd82a9d 100644
--- a/net/phonet/pn_dev.c
+++ b/net/phonet/pn_dev.c
@@ -69,10 +69,27 @@ static struct phonet_device *__phonet_get(struct net_device *dev)
69 return NULL; 69 return NULL;
70} 70}
71 71
72static void __phonet_device_free(struct phonet_device *pnd) 72static void phonet_device_destroy(struct net_device *dev)
73{ 73{
74 list_del(&pnd->list); 74 struct phonet_device_list *pndevs = phonet_device_list(dev_net(dev));
75 kfree(pnd); 75 struct phonet_device *pnd;
76
77 ASSERT_RTNL();
78
79 spin_lock_bh(&pndevs->lock);
80 pnd = __phonet_get(dev);
81 if (pnd)
82 list_del(&pnd->list);
83 spin_unlock_bh(&pndevs->lock);
84
85 if (pnd) {
86 u8 addr;
87
88 for (addr = find_first_bit(pnd->addrs, 64); addr < 64;
89 addr = find_next_bit(pnd->addrs, 64, 1+addr))
90 phonet_address_notify(RTM_DELADDR, dev, addr);
91 kfree(pnd);
92 }
76} 93}
77 94
78struct net_device *phonet_device_get(struct net *net) 95struct net_device *phonet_device_get(struct net *net)
@@ -126,8 +143,10 @@ int phonet_address_del(struct net_device *dev, u8 addr)
126 pnd = __phonet_get(dev); 143 pnd = __phonet_get(dev);
127 if (!pnd || !test_and_clear_bit(addr >> 2, pnd->addrs)) 144 if (!pnd || !test_and_clear_bit(addr >> 2, pnd->addrs))
128 err = -EADDRNOTAVAIL; 145 err = -EADDRNOTAVAIL;
129 else if (bitmap_empty(pnd->addrs, 64)) 146 else if (bitmap_empty(pnd->addrs, 64)) {
130 __phonet_device_free(pnd); 147 list_del(&pnd->list);
148 kfree(pnd);
149 }
131 spin_unlock_bh(&pndevs->lock); 150 spin_unlock_bh(&pndevs->lock);
132 return err; 151 return err;
133} 152}
@@ -181,18 +200,8 @@ static int phonet_device_notify(struct notifier_block *me, unsigned long what,
181{ 200{
182 struct net_device *dev = arg; 201 struct net_device *dev = arg;
183 202
184 if (what == NETDEV_UNREGISTER) { 203 if (what == NETDEV_UNREGISTER)
185 struct phonet_device_list *pndevs; 204 phonet_device_destroy(dev);
186 struct phonet_device *pnd;
187
188 /* Destroy phonet-specific device data */
189 pndevs = phonet_device_list(dev_net(dev));
190 spin_lock_bh(&pndevs->lock);
191 pnd = __phonet_get(dev);
192 if (pnd)
193 __phonet_device_free(pnd);
194 spin_unlock_bh(&pndevs->lock);
195 }
196 return 0; 205 return 0;
197 206
198} 207}
@@ -218,11 +227,12 @@ static int phonet_init_net(struct net *net)
218static void phonet_exit_net(struct net *net) 227static void phonet_exit_net(struct net *net)
219{ 228{
220 struct phonet_net *pnn = net_generic(net, phonet_net_id); 229 struct phonet_net *pnn = net_generic(net, phonet_net_id);
221 struct phonet_device *pnd, *n; 230 struct net_device *dev;
222
223 list_for_each_entry_safe(pnd, n, &pnn->pndevs.list, list)
224 __phonet_device_free(pnd);
225 231
232 rtnl_lock();
233 for_each_netdev(net, dev)
234 phonet_device_destroy(dev);
235 rtnl_unlock();
226 kfree(pnn); 236 kfree(pnn);
227} 237}
228 238
diff --git a/net/phonet/pn_netlink.c b/net/phonet/pn_netlink.c
index cec4e5951681..f8b4cee434c2 100644
--- a/net/phonet/pn_netlink.c
+++ b/net/phonet/pn_netlink.c
@@ -32,7 +32,7 @@
32static int fill_addr(struct sk_buff *skb, struct net_device *dev, u8 addr, 32static int fill_addr(struct sk_buff *skb, struct net_device *dev, u8 addr,
33 u32 pid, u32 seq, int event); 33 u32 pid, u32 seq, int event);
34 34
35static void rtmsg_notify(int event, struct net_device *dev, u8 addr) 35void phonet_address_notify(int event, struct net_device *dev, u8 addr)
36{ 36{
37 struct sk_buff *skb; 37 struct sk_buff *skb;
38 int err = -ENOBUFS; 38 int err = -ENOBUFS;
@@ -94,7 +94,7 @@ static int addr_doit(struct sk_buff *skb, struct nlmsghdr *nlh, void *attr)
94 else 94 else
95 err = phonet_address_del(dev, pnaddr); 95 err = phonet_address_del(dev, pnaddr);
96 if (!err) 96 if (!err)
97 rtmsg_notify(nlh->nlmsg_type, dev, pnaddr); 97 phonet_address_notify(nlh->nlmsg_type, dev, pnaddr);
98 return err; 98 return err;
99} 99}
100 100
diff --git a/net/rfkill/core.c b/net/rfkill/core.c
index 4e68ab439d5d..79693fe2001e 100644
--- a/net/rfkill/core.c
+++ b/net/rfkill/core.c
@@ -56,7 +56,6 @@ struct rfkill {
56 u32 idx; 56 u32 idx;
57 57
58 bool registered; 58 bool registered;
59 bool suspended;
60 bool persistent; 59 bool persistent;
61 60
62 const struct rfkill_ops *ops; 61 const struct rfkill_ops *ops;
@@ -224,7 +223,7 @@ static void rfkill_send_events(struct rfkill *rfkill, enum rfkill_operation op)
224 223
225static void rfkill_event(struct rfkill *rfkill) 224static void rfkill_event(struct rfkill *rfkill)
226{ 225{
227 if (!rfkill->registered || rfkill->suspended) 226 if (!rfkill->registered)
228 return; 227 return;
229 228
230 kobject_uevent(&rfkill->dev.kobj, KOBJ_CHANGE); 229 kobject_uevent(&rfkill->dev.kobj, KOBJ_CHANGE);
@@ -270,6 +269,9 @@ static void rfkill_set_block(struct rfkill *rfkill, bool blocked)
270 unsigned long flags; 269 unsigned long flags;
271 int err; 270 int err;
272 271
272 if (unlikely(rfkill->dev.power.power_state.event & PM_EVENT_SLEEP))
273 return;
274
273 /* 275 /*
274 * Some platforms (...!) generate input events which affect the 276 * Some platforms (...!) generate input events which affect the
275 * _hard_ kill state -- whenever something tries to change the 277 * _hard_ kill state -- whenever something tries to change the
@@ -292,9 +294,6 @@ static void rfkill_set_block(struct rfkill *rfkill, bool blocked)
292 rfkill->state |= RFKILL_BLOCK_SW_SETCALL; 294 rfkill->state |= RFKILL_BLOCK_SW_SETCALL;
293 spin_unlock_irqrestore(&rfkill->lock, flags); 295 spin_unlock_irqrestore(&rfkill->lock, flags);
294 296
295 if (unlikely(rfkill->dev.power.power_state.event & PM_EVENT_SLEEP))
296 return;
297
298 err = rfkill->ops->set_block(rfkill->data, blocked); 297 err = rfkill->ops->set_block(rfkill->data, blocked);
299 298
300 spin_lock_irqsave(&rfkill->lock, flags); 299 spin_lock_irqsave(&rfkill->lock, flags);
@@ -508,19 +507,32 @@ bool rfkill_set_sw_state(struct rfkill *rfkill, bool blocked)
508 blocked = blocked || hwblock; 507 blocked = blocked || hwblock;
509 spin_unlock_irqrestore(&rfkill->lock, flags); 508 spin_unlock_irqrestore(&rfkill->lock, flags);
510 509
511 if (!rfkill->registered) { 510 if (!rfkill->registered)
512 rfkill->persistent = true; 511 return blocked;
513 } else {
514 if (prev != blocked && !hwblock)
515 schedule_work(&rfkill->uevent_work);
516 512
517 rfkill_led_trigger_event(rfkill); 513 if (prev != blocked && !hwblock)
518 } 514 schedule_work(&rfkill->uevent_work);
515
516 rfkill_led_trigger_event(rfkill);
519 517
520 return blocked; 518 return blocked;
521} 519}
522EXPORT_SYMBOL(rfkill_set_sw_state); 520EXPORT_SYMBOL(rfkill_set_sw_state);
523 521
522void rfkill_init_sw_state(struct rfkill *rfkill, bool blocked)
523{
524 unsigned long flags;
525
526 BUG_ON(!rfkill);
527 BUG_ON(rfkill->registered);
528
529 spin_lock_irqsave(&rfkill->lock, flags);
530 __rfkill_set_sw_state(rfkill, blocked);
531 rfkill->persistent = true;
532 spin_unlock_irqrestore(&rfkill->lock, flags);
533}
534EXPORT_SYMBOL(rfkill_init_sw_state);
535
524void rfkill_set_states(struct rfkill *rfkill, bool sw, bool hw) 536void rfkill_set_states(struct rfkill *rfkill, bool sw, bool hw)
525{ 537{
526 unsigned long flags; 538 unsigned long flags;
@@ -598,6 +610,15 @@ static ssize_t rfkill_idx_show(struct device *dev,
598 return sprintf(buf, "%d\n", rfkill->idx); 610 return sprintf(buf, "%d\n", rfkill->idx);
599} 611}
600 612
613static ssize_t rfkill_persistent_show(struct device *dev,
614 struct device_attribute *attr,
615 char *buf)
616{
617 struct rfkill *rfkill = to_rfkill(dev);
618
619 return sprintf(buf, "%d\n", rfkill->persistent);
620}
621
601static u8 user_state_from_blocked(unsigned long state) 622static u8 user_state_from_blocked(unsigned long state)
602{ 623{
603 if (state & RFKILL_BLOCK_HW) 624 if (state & RFKILL_BLOCK_HW)
@@ -656,6 +677,7 @@ static struct device_attribute rfkill_dev_attrs[] = {
656 __ATTR(name, S_IRUGO, rfkill_name_show, NULL), 677 __ATTR(name, S_IRUGO, rfkill_name_show, NULL),
657 __ATTR(type, S_IRUGO, rfkill_type_show, NULL), 678 __ATTR(type, S_IRUGO, rfkill_type_show, NULL),
658 __ATTR(index, S_IRUGO, rfkill_idx_show, NULL), 679 __ATTR(index, S_IRUGO, rfkill_idx_show, NULL),
680 __ATTR(persistent, S_IRUGO, rfkill_persistent_show, NULL),
659 __ATTR(state, S_IRUGO|S_IWUSR, rfkill_state_show, rfkill_state_store), 681 __ATTR(state, S_IRUGO|S_IWUSR, rfkill_state_show, rfkill_state_store),
660 __ATTR(claim, S_IRUGO|S_IWUSR, rfkill_claim_show, rfkill_claim_store), 682 __ATTR(claim, S_IRUGO|S_IWUSR, rfkill_claim_show, rfkill_claim_store),
661 __ATTR_NULL 683 __ATTR_NULL
@@ -718,8 +740,6 @@ static int rfkill_suspend(struct device *dev, pm_message_t state)
718 740
719 rfkill_pause_polling(rfkill); 741 rfkill_pause_polling(rfkill);
720 742
721 rfkill->suspended = true;
722
723 return 0; 743 return 0;
724} 744}
725 745
@@ -728,10 +748,10 @@ static int rfkill_resume(struct device *dev)
728 struct rfkill *rfkill = to_rfkill(dev); 748 struct rfkill *rfkill = to_rfkill(dev);
729 bool cur; 749 bool cur;
730 750
731 cur = !!(rfkill->state & RFKILL_BLOCK_SW); 751 if (!rfkill->persistent) {
732 rfkill_set_block(rfkill, cur); 752 cur = !!(rfkill->state & RFKILL_BLOCK_SW);
733 753 rfkill_set_block(rfkill, cur);
734 rfkill->suspended = false; 754 }
735 755
736 rfkill_resume_polling(rfkill); 756 rfkill_resume_polling(rfkill);
737 757
diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c
index a63de3f7f185..6a4b19094143 100644
--- a/net/sctp/ipv6.c
+++ b/net/sctp/ipv6.c
@@ -133,7 +133,7 @@ static struct notifier_block sctp_inet6addr_notifier = {
133 133
134/* ICMP error handler. */ 134/* ICMP error handler. */
135SCTP_STATIC void sctp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, 135SCTP_STATIC void sctp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
136 int type, int code, int offset, __be32 info) 136 u8 type, u8 code, int offset, __be32 info)
137{ 137{
138 struct inet6_dev *idev; 138 struct inet6_dev *idev;
139 struct sock *sk; 139 struct sock *sk;
diff --git a/net/sctp/output.c b/net/sctp/output.c
index b76411444515..b94c21190566 100644
--- a/net/sctp/output.c
+++ b/net/sctp/output.c
@@ -407,7 +407,7 @@ int sctp_packet_transmit(struct sctp_packet *packet)
407 } 407 }
408 dst = dst_clone(tp->dst); 408 dst = dst_clone(tp->dst);
409 skb_dst_set(nskb, dst); 409 skb_dst_set(nskb, dst);
410 if (dst) 410 if (!dst)
411 goto no_route; 411 goto no_route;
412 412
413 /* Build the SCTP header. */ 413 /* Build the SCTP header. */
diff --git a/net/sunrpc/Makefile b/net/sunrpc/Makefile
index 5369aa369b35..db73fd2a3f0e 100644
--- a/net/sunrpc/Makefile
+++ b/net/sunrpc/Makefile
@@ -13,5 +13,6 @@ sunrpc-y := clnt.o xprt.o socklib.o xprtsock.o sched.o \
13 rpcb_clnt.o timer.o xdr.o \ 13 rpcb_clnt.o timer.o xdr.o \
14 sunrpc_syms.o cache.o rpc_pipe.o \ 14 sunrpc_syms.o cache.o rpc_pipe.o \
15 svc_xprt.o 15 svc_xprt.o
16sunrpc-$(CONFIG_NFS_V4_1) += backchannel_rqst.o bc_svc.o
16sunrpc-$(CONFIG_PROC_FS) += stats.o 17sunrpc-$(CONFIG_PROC_FS) += stats.o
17sunrpc-$(CONFIG_SYSCTL) += sysctl.o 18sunrpc-$(CONFIG_SYSCTL) += sysctl.o
diff --git a/net/sunrpc/backchannel_rqst.c b/net/sunrpc/backchannel_rqst.c
new file mode 100644
index 000000000000..553621fb2c41
--- /dev/null
+++ b/net/sunrpc/backchannel_rqst.c
@@ -0,0 +1,281 @@
1/******************************************************************************
2
3(c) 2007 Network Appliance, Inc. All Rights Reserved.
4(c) 2009 NetApp. All Rights Reserved.
5
6NetApp provides this source code under the GPL v2 License.
7The GPL v2 license is available at
8http://opensource.org/licenses/gpl-license.php.
9
10THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
11"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
12LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
13A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
14CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
15EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
16PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
17PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
18LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
19NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
20SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
21
22******************************************************************************/
23
24#include <linux/tcp.h>
25#include <linux/sunrpc/xprt.h>
26
27#ifdef RPC_DEBUG
28#define RPCDBG_FACILITY RPCDBG_TRANS
29#endif
30
31#if defined(CONFIG_NFS_V4_1)
32
33/*
34 * Helper routines that track the number of preallocation elements
35 * on the transport.
36 */
37static inline int xprt_need_to_requeue(struct rpc_xprt *xprt)
38{
39 return xprt->bc_alloc_count > 0;
40}
41
42static inline void xprt_inc_alloc_count(struct rpc_xprt *xprt, unsigned int n)
43{
44 xprt->bc_alloc_count += n;
45}
46
47static inline int xprt_dec_alloc_count(struct rpc_xprt *xprt, unsigned int n)
48{
49 return xprt->bc_alloc_count -= n;
50}
51
52/*
53 * Free the preallocated rpc_rqst structure and the memory
54 * buffers hanging off of it.
55 */
56static void xprt_free_allocation(struct rpc_rqst *req)
57{
58 struct xdr_buf *xbufp;
59
60 dprintk("RPC: free allocations for req= %p\n", req);
61 BUG_ON(test_bit(RPC_BC_PA_IN_USE, &req->rq_bc_pa_state));
62 xbufp = &req->rq_private_buf;
63 free_page((unsigned long)xbufp->head[0].iov_base);
64 xbufp = &req->rq_snd_buf;
65 free_page((unsigned long)xbufp->head[0].iov_base);
66 list_del(&req->rq_bc_pa_list);
67 kfree(req);
68}
69
70/*
71 * Preallocate up to min_reqs structures and related buffers for use
72 * by the backchannel. This function can be called multiple times
73 * when creating new sessions that use the same rpc_xprt. The
74 * preallocated buffers are added to the pool of resources used by
75 * the rpc_xprt. Anyone of these resources may be used used by an
76 * incoming callback request. It's up to the higher levels in the
77 * stack to enforce that the maximum number of session slots is not
78 * being exceeded.
79 *
80 * Some callback arguments can be large. For example, a pNFS server
81 * using multiple deviceids. The list can be unbound, but the client
82 * has the ability to tell the server the maximum size of the callback
83 * requests. Each deviceID is 16 bytes, so allocate one page
84 * for the arguments to have enough room to receive a number of these
85 * deviceIDs. The NFS client indicates to the pNFS server that its
86 * callback requests can be up to 4096 bytes in size.
87 */
88int xprt_setup_backchannel(struct rpc_xprt *xprt, unsigned int min_reqs)
89{
90 struct page *page_rcv = NULL, *page_snd = NULL;
91 struct xdr_buf *xbufp = NULL;
92 struct rpc_rqst *req, *tmp;
93 struct list_head tmp_list;
94 int i;
95
96 dprintk("RPC: setup backchannel transport\n");
97
98 /*
99 * We use a temporary list to keep track of the preallocated
100 * buffers. Once we're done building the list we splice it
101 * into the backchannel preallocation list off of the rpc_xprt
102 * struct. This helps minimize the amount of time the list
103 * lock is held on the rpc_xprt struct. It also makes cleanup
104 * easier in case of memory allocation errors.
105 */
106 INIT_LIST_HEAD(&tmp_list);
107 for (i = 0; i < min_reqs; i++) {
108 /* Pre-allocate one backchannel rpc_rqst */
109 req = kzalloc(sizeof(struct rpc_rqst), GFP_KERNEL);
110 if (req == NULL) {
111 printk(KERN_ERR "Failed to create bc rpc_rqst\n");
112 goto out_free;
113 }
114
115 /* Add the allocated buffer to the tmp list */
116 dprintk("RPC: adding req= %p\n", req);
117 list_add(&req->rq_bc_pa_list, &tmp_list);
118
119 req->rq_xprt = xprt;
120 INIT_LIST_HEAD(&req->rq_list);
121 INIT_LIST_HEAD(&req->rq_bc_list);
122
123 /* Preallocate one XDR receive buffer */
124 page_rcv = alloc_page(GFP_KERNEL);
125 if (page_rcv == NULL) {
126 printk(KERN_ERR "Failed to create bc receive xbuf\n");
127 goto out_free;
128 }
129 xbufp = &req->rq_rcv_buf;
130 xbufp->head[0].iov_base = page_address(page_rcv);
131 xbufp->head[0].iov_len = PAGE_SIZE;
132 xbufp->tail[0].iov_base = NULL;
133 xbufp->tail[0].iov_len = 0;
134 xbufp->page_len = 0;
135 xbufp->len = PAGE_SIZE;
136 xbufp->buflen = PAGE_SIZE;
137
138 /* Preallocate one XDR send buffer */
139 page_snd = alloc_page(GFP_KERNEL);
140 if (page_snd == NULL) {
141 printk(KERN_ERR "Failed to create bc snd xbuf\n");
142 goto out_free;
143 }
144
145 xbufp = &req->rq_snd_buf;
146 xbufp->head[0].iov_base = page_address(page_snd);
147 xbufp->head[0].iov_len = 0;
148 xbufp->tail[0].iov_base = NULL;
149 xbufp->tail[0].iov_len = 0;
150 xbufp->page_len = 0;
151 xbufp->len = 0;
152 xbufp->buflen = PAGE_SIZE;
153 }
154
155 /*
156 * Add the temporary list to the backchannel preallocation list
157 */
158 spin_lock_bh(&xprt->bc_pa_lock);
159 list_splice(&tmp_list, &xprt->bc_pa_list);
160 xprt_inc_alloc_count(xprt, min_reqs);
161 spin_unlock_bh(&xprt->bc_pa_lock);
162
163 dprintk("RPC: setup backchannel transport done\n");
164 return 0;
165
166out_free:
167 /*
168 * Memory allocation failed, free the temporary list
169 */
170 list_for_each_entry_safe(req, tmp, &tmp_list, rq_bc_pa_list)
171 xprt_free_allocation(req);
172
173 dprintk("RPC: setup backchannel transport failed\n");
174 return -1;
175}
176EXPORT_SYMBOL(xprt_setup_backchannel);
177
178/*
179 * Destroys the backchannel preallocated structures.
180 * Since these structures may have been allocated by multiple calls
181 * to xprt_setup_backchannel, we only destroy up to the maximum number
182 * of reqs specified by the caller.
183 * @xprt: the transport holding the preallocated strucures
184 * @max_reqs the maximum number of preallocated structures to destroy
185 */
186void xprt_destroy_backchannel(struct rpc_xprt *xprt, unsigned int max_reqs)
187{
188 struct rpc_rqst *req = NULL, *tmp = NULL;
189
190 dprintk("RPC: destroy backchannel transport\n");
191
192 BUG_ON(max_reqs == 0);
193 spin_lock_bh(&xprt->bc_pa_lock);
194 xprt_dec_alloc_count(xprt, max_reqs);
195 list_for_each_entry_safe(req, tmp, &xprt->bc_pa_list, rq_bc_pa_list) {
196 dprintk("RPC: req=%p\n", req);
197 xprt_free_allocation(req);
198 if (--max_reqs == 0)
199 break;
200 }
201 spin_unlock_bh(&xprt->bc_pa_lock);
202
203 dprintk("RPC: backchannel list empty= %s\n",
204 list_empty(&xprt->bc_pa_list) ? "true" : "false");
205}
206EXPORT_SYMBOL(xprt_destroy_backchannel);
207
208/*
209 * One or more rpc_rqst structure have been preallocated during the
210 * backchannel setup. Buffer space for the send and private XDR buffers
211 * has been preallocated as well. Use xprt_alloc_bc_request to allocate
212 * to this request. Use xprt_free_bc_request to return it.
213 *
214 * We know that we're called in soft interrupt context, grab the spin_lock
215 * since there is no need to grab the bottom half spin_lock.
216 *
217 * Return an available rpc_rqst, otherwise NULL if non are available.
218 */
219struct rpc_rqst *xprt_alloc_bc_request(struct rpc_xprt *xprt)
220{
221 struct rpc_rqst *req;
222
223 dprintk("RPC: allocate a backchannel request\n");
224 spin_lock(&xprt->bc_pa_lock);
225 if (!list_empty(&xprt->bc_pa_list)) {
226 req = list_first_entry(&xprt->bc_pa_list, struct rpc_rqst,
227 rq_bc_pa_list);
228 list_del(&req->rq_bc_pa_list);
229 } else {
230 req = NULL;
231 }
232 spin_unlock(&xprt->bc_pa_lock);
233
234 if (req != NULL) {
235 set_bit(RPC_BC_PA_IN_USE, &req->rq_bc_pa_state);
236 req->rq_reply_bytes_recvd = 0;
237 req->rq_bytes_sent = 0;
238 memcpy(&req->rq_private_buf, &req->rq_rcv_buf,
239 sizeof(req->rq_private_buf));
240 }
241 dprintk("RPC: backchannel req=%p\n", req);
242 return req;
243}
244
245/*
246 * Return the preallocated rpc_rqst structure and XDR buffers
247 * associated with this rpc_task.
248 */
249void xprt_free_bc_request(struct rpc_rqst *req)
250{
251 struct rpc_xprt *xprt = req->rq_xprt;
252
253 dprintk("RPC: free backchannel req=%p\n", req);
254
255 smp_mb__before_clear_bit();
256 BUG_ON(!test_bit(RPC_BC_PA_IN_USE, &req->rq_bc_pa_state));
257 clear_bit(RPC_BC_PA_IN_USE, &req->rq_bc_pa_state);
258 smp_mb__after_clear_bit();
259
260 if (!xprt_need_to_requeue(xprt)) {
261 /*
262 * The last remaining session was destroyed while this
263 * entry was in use. Free the entry and don't attempt
264 * to add back to the list because there is no need to
265 * have anymore preallocated entries.
266 */
267 dprintk("RPC: Last session removed req=%p\n", req);
268 xprt_free_allocation(req);
269 return;
270 }
271
272 /*
273 * Return it to the list of preallocations so that it
274 * may be reused by a new callback request.
275 */
276 spin_lock_bh(&xprt->bc_pa_lock);
277 list_add(&req->rq_bc_pa_list, &xprt->bc_pa_list);
278 spin_unlock_bh(&xprt->bc_pa_lock);
279}
280
281#endif /* CONFIG_NFS_V4_1 */
diff --git a/net/sunrpc/bc_svc.c b/net/sunrpc/bc_svc.c
new file mode 100644
index 000000000000..13f214f53120
--- /dev/null
+++ b/net/sunrpc/bc_svc.c
@@ -0,0 +1,81 @@
1/******************************************************************************
2
3(c) 2007 Network Appliance, Inc. All Rights Reserved.
4(c) 2009 NetApp. All Rights Reserved.
5
6NetApp provides this source code under the GPL v2 License.
7The GPL v2 license is available at
8http://opensource.org/licenses/gpl-license.php.
9
10THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
11"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
12LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
13A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
14CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
15EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
16PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
17PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
18LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
19NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
20SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
21
22******************************************************************************/
23
24/*
25 * The NFSv4.1 callback service helper routines.
26 * They implement the transport level processing required to send the
27 * reply over an existing open connection previously established by the client.
28 */
29
30#if defined(CONFIG_NFS_V4_1)
31
32#include <linux/module.h>
33
34#include <linux/sunrpc/xprt.h>
35#include <linux/sunrpc/sched.h>
36#include <linux/sunrpc/bc_xprt.h>
37
38#define RPCDBG_FACILITY RPCDBG_SVCDSP
39
40void bc_release_request(struct rpc_task *task)
41{
42 struct rpc_rqst *req = task->tk_rqstp;
43
44 dprintk("RPC: bc_release_request: task= %p\n", task);
45
46 /*
47 * Release this request only if it's a backchannel
48 * preallocated request
49 */
50 if (!bc_prealloc(req))
51 return;
52 xprt_free_bc_request(req);
53}
54
55/* Empty callback ops */
56static const struct rpc_call_ops nfs41_callback_ops = {
57};
58
59
60/*
61 * Send the callback reply
62 */
63int bc_send(struct rpc_rqst *req)
64{
65 struct rpc_task *task;
66 int ret;
67
68 dprintk("RPC: bc_send req= %p\n", req);
69 task = rpc_run_bc_task(req, &nfs41_callback_ops);
70 if (IS_ERR(task))
71 ret = PTR_ERR(task);
72 else {
73 BUG_ON(atomic_read(&task->tk_count) != 1);
74 ret = task->tk_status;
75 rpc_put_task(task);
76 }
77 return ret;
78 dprintk("RPC: bc_send ret= %d \n", ret);
79}
80
81#endif /* CONFIG_NFS_V4_1 */
diff --git a/net/sunrpc/cache.c b/net/sunrpc/cache.c
index 20029a79a5de..ff0c23053d2f 100644
--- a/net/sunrpc/cache.c
+++ b/net/sunrpc/cache.c
@@ -488,7 +488,7 @@ static void do_cache_clean(struct work_struct *work)
488{ 488{
489 int delay = 5; 489 int delay = 5;
490 if (cache_clean() == -1) 490 if (cache_clean() == -1)
491 delay = 30*HZ; 491 delay = round_jiffies_relative(30*HZ);
492 492
493 if (list_empty(&cache_list)) 493 if (list_empty(&cache_list))
494 delay = 0; 494 delay = 0;
diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c
index 5abab094441f..5bc2f45bddf0 100644
--- a/net/sunrpc/clnt.c
+++ b/net/sunrpc/clnt.c
@@ -36,7 +36,9 @@
36#include <linux/sunrpc/clnt.h> 36#include <linux/sunrpc/clnt.h>
37#include <linux/sunrpc/rpc_pipe_fs.h> 37#include <linux/sunrpc/rpc_pipe_fs.h>
38#include <linux/sunrpc/metrics.h> 38#include <linux/sunrpc/metrics.h>
39#include <linux/sunrpc/bc_xprt.h>
39 40
41#include "sunrpc.h"
40 42
41#ifdef RPC_DEBUG 43#ifdef RPC_DEBUG
42# define RPCDBG_FACILITY RPCDBG_CALL 44# define RPCDBG_FACILITY RPCDBG_CALL
@@ -63,6 +65,9 @@ static void call_decode(struct rpc_task *task);
63static void call_bind(struct rpc_task *task); 65static void call_bind(struct rpc_task *task);
64static void call_bind_status(struct rpc_task *task); 66static void call_bind_status(struct rpc_task *task);
65static void call_transmit(struct rpc_task *task); 67static void call_transmit(struct rpc_task *task);
68#if defined(CONFIG_NFS_V4_1)
69static void call_bc_transmit(struct rpc_task *task);
70#endif /* CONFIG_NFS_V4_1 */
66static void call_status(struct rpc_task *task); 71static void call_status(struct rpc_task *task);
67static void call_transmit_status(struct rpc_task *task); 72static void call_transmit_status(struct rpc_task *task);
68static void call_refresh(struct rpc_task *task); 73static void call_refresh(struct rpc_task *task);
@@ -613,6 +618,50 @@ rpc_call_async(struct rpc_clnt *clnt, const struct rpc_message *msg, int flags,
613} 618}
614EXPORT_SYMBOL_GPL(rpc_call_async); 619EXPORT_SYMBOL_GPL(rpc_call_async);
615 620
621#if defined(CONFIG_NFS_V4_1)
622/**
623 * rpc_run_bc_task - Allocate a new RPC task for backchannel use, then run
624 * rpc_execute against it
625 * @ops: RPC call ops
626 */
627struct rpc_task *rpc_run_bc_task(struct rpc_rqst *req,
628 const struct rpc_call_ops *tk_ops)
629{
630 struct rpc_task *task;
631 struct xdr_buf *xbufp = &req->rq_snd_buf;
632 struct rpc_task_setup task_setup_data = {
633 .callback_ops = tk_ops,
634 };
635
636 dprintk("RPC: rpc_run_bc_task req= %p\n", req);
637 /*
638 * Create an rpc_task to send the data
639 */
640 task = rpc_new_task(&task_setup_data);
641 if (!task) {
642 xprt_free_bc_request(req);
643 goto out;
644 }
645 task->tk_rqstp = req;
646
647 /*
648 * Set up the xdr_buf length.
649 * This also indicates that the buffer is XDR encoded already.
650 */
651 xbufp->len = xbufp->head[0].iov_len + xbufp->page_len +
652 xbufp->tail[0].iov_len;
653
654 task->tk_action = call_bc_transmit;
655 atomic_inc(&task->tk_count);
656 BUG_ON(atomic_read(&task->tk_count) != 2);
657 rpc_execute(task);
658
659out:
660 dprintk("RPC: rpc_run_bc_task: task= %p\n", task);
661 return task;
662}
663#endif /* CONFIG_NFS_V4_1 */
664
616void 665void
617rpc_call_start(struct rpc_task *task) 666rpc_call_start(struct rpc_task *task)
618{ 667{
@@ -695,6 +744,19 @@ void rpc_force_rebind(struct rpc_clnt *clnt)
695EXPORT_SYMBOL_GPL(rpc_force_rebind); 744EXPORT_SYMBOL_GPL(rpc_force_rebind);
696 745
697/* 746/*
747 * Restart an (async) RPC call from the call_prepare state.
748 * Usually called from within the exit handler.
749 */
750void
751rpc_restart_call_prepare(struct rpc_task *task)
752{
753 if (RPC_ASSASSINATED(task))
754 return;
755 task->tk_action = rpc_prepare_task;
756}
757EXPORT_SYMBOL_GPL(rpc_restart_call_prepare);
758
759/*
698 * Restart an (async) RPC call. Usually called from within the 760 * Restart an (async) RPC call. Usually called from within the
699 * exit handler. 761 * exit handler.
700 */ 762 */
@@ -1085,7 +1147,7 @@ call_transmit(struct rpc_task *task)
1085 * in order to allow access to the socket to other RPC requests. 1147 * in order to allow access to the socket to other RPC requests.
1086 */ 1148 */
1087 call_transmit_status(task); 1149 call_transmit_status(task);
1088 if (task->tk_msg.rpc_proc->p_decode != NULL) 1150 if (rpc_reply_expected(task))
1089 return; 1151 return;
1090 task->tk_action = rpc_exit_task; 1152 task->tk_action = rpc_exit_task;
1091 rpc_wake_up_queued_task(&task->tk_xprt->pending, task); 1153 rpc_wake_up_queued_task(&task->tk_xprt->pending, task);
@@ -1120,6 +1182,72 @@ call_transmit_status(struct rpc_task *task)
1120 } 1182 }
1121} 1183}
1122 1184
1185#if defined(CONFIG_NFS_V4_1)
1186/*
1187 * 5b. Send the backchannel RPC reply. On error, drop the reply. In
1188 * addition, disconnect on connectivity errors.
1189 */
1190static void
1191call_bc_transmit(struct rpc_task *task)
1192{
1193 struct rpc_rqst *req = task->tk_rqstp;
1194
1195 BUG_ON(task->tk_status != 0);
1196 task->tk_status = xprt_prepare_transmit(task);
1197 if (task->tk_status == -EAGAIN) {
1198 /*
1199 * Could not reserve the transport. Try again after the
1200 * transport is released.
1201 */
1202 task->tk_status = 0;
1203 task->tk_action = call_bc_transmit;
1204 return;
1205 }
1206
1207 task->tk_action = rpc_exit_task;
1208 if (task->tk_status < 0) {
1209 printk(KERN_NOTICE "RPC: Could not send backchannel reply "
1210 "error: %d\n", task->tk_status);
1211 return;
1212 }
1213
1214 xprt_transmit(task);
1215 xprt_end_transmit(task);
1216 dprint_status(task);
1217 switch (task->tk_status) {
1218 case 0:
1219 /* Success */
1220 break;
1221 case -EHOSTDOWN:
1222 case -EHOSTUNREACH:
1223 case -ENETUNREACH:
1224 case -ETIMEDOUT:
1225 /*
1226 * Problem reaching the server. Disconnect and let the
1227 * forechannel reestablish the connection. The server will
1228 * have to retransmit the backchannel request and we'll
1229 * reprocess it. Since these ops are idempotent, there's no
1230 * need to cache our reply at this time.
1231 */
1232 printk(KERN_NOTICE "RPC: Could not send backchannel reply "
1233 "error: %d\n", task->tk_status);
1234 xprt_conditional_disconnect(task->tk_xprt,
1235 req->rq_connect_cookie);
1236 break;
1237 default:
1238 /*
1239 * We were unable to reply and will have to drop the
1240 * request. The server should reconnect and retransmit.
1241 */
1242 BUG_ON(task->tk_status == -EAGAIN);
1243 printk(KERN_NOTICE "RPC: Could not send backchannel reply "
1244 "error: %d\n", task->tk_status);
1245 break;
1246 }
1247 rpc_wake_up_queued_task(&req->rq_xprt->pending, task);
1248}
1249#endif /* CONFIG_NFS_V4_1 */
1250
1123/* 1251/*
1124 * 6. Sort out the RPC call status 1252 * 6. Sort out the RPC call status
1125 */ 1253 */
@@ -1130,8 +1258,8 @@ call_status(struct rpc_task *task)
1130 struct rpc_rqst *req = task->tk_rqstp; 1258 struct rpc_rqst *req = task->tk_rqstp;
1131 int status; 1259 int status;
1132 1260
1133 if (req->rq_received > 0 && !req->rq_bytes_sent) 1261 if (req->rq_reply_bytes_recvd > 0 && !req->rq_bytes_sent)
1134 task->tk_status = req->rq_received; 1262 task->tk_status = req->rq_reply_bytes_recvd;
1135 1263
1136 dprint_status(task); 1264 dprint_status(task);
1137 1265
@@ -1248,7 +1376,7 @@ call_decode(struct rpc_task *task)
1248 1376
1249 /* 1377 /*
1250 * Ensure that we see all writes made by xprt_complete_rqst() 1378 * Ensure that we see all writes made by xprt_complete_rqst()
1251 * before it changed req->rq_received. 1379 * before it changed req->rq_reply_bytes_recvd.
1252 */ 1380 */
1253 smp_rmb(); 1381 smp_rmb();
1254 req->rq_rcv_buf.len = req->rq_private_buf.len; 1382 req->rq_rcv_buf.len = req->rq_private_buf.len;
@@ -1289,7 +1417,7 @@ out_retry:
1289 task->tk_status = 0; 1417 task->tk_status = 0;
1290 /* Note: rpc_verify_header() may have freed the RPC slot */ 1418 /* Note: rpc_verify_header() may have freed the RPC slot */
1291 if (task->tk_rqstp == req) { 1419 if (task->tk_rqstp == req) {
1292 req->rq_received = req->rq_rcv_buf.len = 0; 1420 req->rq_reply_bytes_recvd = req->rq_rcv_buf.len = 0;
1293 if (task->tk_client->cl_discrtry) 1421 if (task->tk_client->cl_discrtry)
1294 xprt_conditional_disconnect(task->tk_xprt, 1422 xprt_conditional_disconnect(task->tk_xprt,
1295 req->rq_connect_cookie); 1423 req->rq_connect_cookie);
@@ -1377,13 +1505,14 @@ rpc_verify_header(struct rpc_task *task)
1377 } 1505 }
1378 if ((len -= 3) < 0) 1506 if ((len -= 3) < 0)
1379 goto out_overflow; 1507 goto out_overflow;
1380 p += 1; /* skip XID */
1381 1508
1509 p += 1; /* skip XID */
1382 if ((n = ntohl(*p++)) != RPC_REPLY) { 1510 if ((n = ntohl(*p++)) != RPC_REPLY) {
1383 dprintk("RPC: %5u %s: not an RPC reply: %x\n", 1511 dprintk("RPC: %5u %s: not an RPC reply: %x\n",
1384 task->tk_pid, __func__, n); 1512 task->tk_pid, __func__, n);
1385 goto out_garbage; 1513 goto out_garbage;
1386 } 1514 }
1515
1387 if ((n = ntohl(*p++)) != RPC_MSG_ACCEPTED) { 1516 if ((n = ntohl(*p++)) != RPC_MSG_ACCEPTED) {
1388 if (--len < 0) 1517 if (--len < 0)
1389 goto out_overflow; 1518 goto out_overflow;
diff --git a/net/sunrpc/sched.c b/net/sunrpc/sched.c
index ff50a0546865..1102ce1251f7 100644
--- a/net/sunrpc/sched.c
+++ b/net/sunrpc/sched.c
@@ -569,7 +569,7 @@ EXPORT_SYMBOL_GPL(rpc_delay);
569/* 569/*
570 * Helper to call task->tk_ops->rpc_call_prepare 570 * Helper to call task->tk_ops->rpc_call_prepare
571 */ 571 */
572static void rpc_prepare_task(struct rpc_task *task) 572void rpc_prepare_task(struct rpc_task *task)
573{ 573{
574 task->tk_ops->rpc_call_prepare(task, task->tk_calldata); 574 task->tk_ops->rpc_call_prepare(task, task->tk_calldata);
575} 575}
diff --git a/net/sunrpc/stats.c b/net/sunrpc/stats.c
index 1ef6e46d9da2..1b4e6791ecf3 100644
--- a/net/sunrpc/stats.c
+++ b/net/sunrpc/stats.c
@@ -141,12 +141,14 @@ EXPORT_SYMBOL_GPL(rpc_free_iostats);
141void rpc_count_iostats(struct rpc_task *task) 141void rpc_count_iostats(struct rpc_task *task)
142{ 142{
143 struct rpc_rqst *req = task->tk_rqstp; 143 struct rpc_rqst *req = task->tk_rqstp;
144 struct rpc_iostats *stats = task->tk_client->cl_metrics; 144 struct rpc_iostats *stats;
145 struct rpc_iostats *op_metrics; 145 struct rpc_iostats *op_metrics;
146 long rtt, execute, queue; 146 long rtt, execute, queue;
147 147
148 if (!stats || !req) 148 if (!task->tk_client || !task->tk_client->cl_metrics || !req)
149 return; 149 return;
150
151 stats = task->tk_client->cl_metrics;
150 op_metrics = &stats[task->tk_msg.rpc_proc->p_statidx]; 152 op_metrics = &stats[task->tk_msg.rpc_proc->p_statidx];
151 153
152 op_metrics->om_ops++; 154 op_metrics->om_ops++;
@@ -154,7 +156,7 @@ void rpc_count_iostats(struct rpc_task *task)
154 op_metrics->om_timeouts += task->tk_timeouts; 156 op_metrics->om_timeouts += task->tk_timeouts;
155 157
156 op_metrics->om_bytes_sent += task->tk_bytes_sent; 158 op_metrics->om_bytes_sent += task->tk_bytes_sent;
157 op_metrics->om_bytes_recv += req->rq_received; 159 op_metrics->om_bytes_recv += req->rq_reply_bytes_recvd;
158 160
159 queue = (long)req->rq_xtime - task->tk_start; 161 queue = (long)req->rq_xtime - task->tk_start;
160 if (queue < 0) 162 if (queue < 0)
diff --git a/net/sunrpc/sunrpc.h b/net/sunrpc/sunrpc.h
new file mode 100644
index 000000000000..5d9dd742264b
--- /dev/null
+++ b/net/sunrpc/sunrpc.h
@@ -0,0 +1,37 @@
1/******************************************************************************
2
3(c) 2008 NetApp. All Rights Reserved.
4
5NetApp provides this source code under the GPL v2 License.
6The GPL v2 license is available at
7http://opensource.org/licenses/gpl-license.php.
8
9THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
10"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
11LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
12A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
13CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
14EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
15PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
16PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
17LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
18NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
19SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
20
21******************************************************************************/
22
23/*
24 * Functions and macros used internally by RPC
25 */
26
27#ifndef _NET_SUNRPC_SUNRPC_H
28#define _NET_SUNRPC_SUNRPC_H
29
30static inline int rpc_reply_expected(struct rpc_task *task)
31{
32 return (task->tk_msg.rpc_proc != NULL) &&
33 (task->tk_msg.rpc_proc->p_decode != NULL);
34}
35
36#endif /* _NET_SUNRPC_SUNRPC_H */
37
diff --git a/net/sunrpc/sunrpc_syms.c b/net/sunrpc/sunrpc_syms.c
index 843629f55763..adaa81982f74 100644
--- a/net/sunrpc/sunrpc_syms.c
+++ b/net/sunrpc/sunrpc_syms.c
@@ -66,6 +66,7 @@ cleanup_sunrpc(void)
66#ifdef CONFIG_PROC_FS 66#ifdef CONFIG_PROC_FS
67 rpc_proc_exit(); 67 rpc_proc_exit();
68#endif 68#endif
69 rcu_barrier(); /* Wait for completion of call_rcu()'s */
69} 70}
70MODULE_LICENSE("GPL"); 71MODULE_LICENSE("GPL");
71module_init(init_sunrpc); 72module_init(init_sunrpc);
diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c
index 5ed8931dfe98..952f206ff307 100644
--- a/net/sunrpc/svc.c
+++ b/net/sunrpc/svc.c
@@ -25,6 +25,7 @@
25#include <linux/sunrpc/stats.h> 25#include <linux/sunrpc/stats.h>
26#include <linux/sunrpc/svcsock.h> 26#include <linux/sunrpc/svcsock.h>
27#include <linux/sunrpc/clnt.h> 27#include <linux/sunrpc/clnt.h>
28#include <linux/sunrpc/bc_xprt.h>
28 29
29#define RPCDBG_FACILITY RPCDBG_SVCDSP 30#define RPCDBG_FACILITY RPCDBG_SVCDSP
30 31
@@ -486,6 +487,10 @@ svc_destroy(struct svc_serv *serv)
486 if (svc_serv_is_pooled(serv)) 487 if (svc_serv_is_pooled(serv))
487 svc_pool_map_put(); 488 svc_pool_map_put();
488 489
490#if defined(CONFIG_NFS_V4_1)
491 svc_sock_destroy(serv->bc_xprt);
492#endif /* CONFIG_NFS_V4_1 */
493
489 svc_unregister(serv); 494 svc_unregister(serv);
490 kfree(serv->sv_pools); 495 kfree(serv->sv_pools);
491 kfree(serv); 496 kfree(serv);
@@ -970,20 +975,18 @@ svc_printk(struct svc_rqst *rqstp, const char *fmt, ...)
970} 975}
971 976
972/* 977/*
973 * Process the RPC request. 978 * Common routine for processing the RPC request.
974 */ 979 */
975int 980static int
976svc_process(struct svc_rqst *rqstp) 981svc_process_common(struct svc_rqst *rqstp, struct kvec *argv, struct kvec *resv)
977{ 982{
978 struct svc_program *progp; 983 struct svc_program *progp;
979 struct svc_version *versp = NULL; /* compiler food */ 984 struct svc_version *versp = NULL; /* compiler food */
980 struct svc_procedure *procp = NULL; 985 struct svc_procedure *procp = NULL;
981 struct kvec * argv = &rqstp->rq_arg.head[0];
982 struct kvec * resv = &rqstp->rq_res.head[0];
983 struct svc_serv *serv = rqstp->rq_server; 986 struct svc_serv *serv = rqstp->rq_server;
984 kxdrproc_t xdr; 987 kxdrproc_t xdr;
985 __be32 *statp; 988 __be32 *statp;
986 u32 dir, prog, vers, proc; 989 u32 prog, vers, proc;
987 __be32 auth_stat, rpc_stat; 990 __be32 auth_stat, rpc_stat;
988 int auth_res; 991 int auth_res;
989 __be32 *reply_statp; 992 __be32 *reply_statp;
@@ -993,19 +996,6 @@ svc_process(struct svc_rqst *rqstp)
993 if (argv->iov_len < 6*4) 996 if (argv->iov_len < 6*4)
994 goto err_short_len; 997 goto err_short_len;
995 998
996 /* setup response xdr_buf.
997 * Initially it has just one page
998 */
999 rqstp->rq_resused = 1;
1000 resv->iov_base = page_address(rqstp->rq_respages[0]);
1001 resv->iov_len = 0;
1002 rqstp->rq_res.pages = rqstp->rq_respages + 1;
1003 rqstp->rq_res.len = 0;
1004 rqstp->rq_res.page_base = 0;
1005 rqstp->rq_res.page_len = 0;
1006 rqstp->rq_res.buflen = PAGE_SIZE;
1007 rqstp->rq_res.tail[0].iov_base = NULL;
1008 rqstp->rq_res.tail[0].iov_len = 0;
1009 /* Will be turned off only in gss privacy case: */ 999 /* Will be turned off only in gss privacy case: */
1010 rqstp->rq_splice_ok = 1; 1000 rqstp->rq_splice_ok = 1;
1011 /* Will be turned off only when NFSv4 Sessions are used */ 1001 /* Will be turned off only when NFSv4 Sessions are used */
@@ -1014,17 +1004,13 @@ svc_process(struct svc_rqst *rqstp)
1014 /* Setup reply header */ 1004 /* Setup reply header */
1015 rqstp->rq_xprt->xpt_ops->xpo_prep_reply_hdr(rqstp); 1005 rqstp->rq_xprt->xpt_ops->xpo_prep_reply_hdr(rqstp);
1016 1006
1017 rqstp->rq_xid = svc_getu32(argv);
1018 svc_putu32(resv, rqstp->rq_xid); 1007 svc_putu32(resv, rqstp->rq_xid);
1019 1008
1020 dir = svc_getnl(argv);
1021 vers = svc_getnl(argv); 1009 vers = svc_getnl(argv);
1022 1010
1023 /* First words of reply: */ 1011 /* First words of reply: */
1024 svc_putnl(resv, 1); /* REPLY */ 1012 svc_putnl(resv, 1); /* REPLY */
1025 1013
1026 if (dir != 0) /* direction != CALL */
1027 goto err_bad_dir;
1028 if (vers != 2) /* RPC version number */ 1014 if (vers != 2) /* RPC version number */
1029 goto err_bad_rpc; 1015 goto err_bad_rpc;
1030 1016
@@ -1147,7 +1133,7 @@ svc_process(struct svc_rqst *rqstp)
1147 sendit: 1133 sendit:
1148 if (svc_authorise(rqstp)) 1134 if (svc_authorise(rqstp))
1149 goto dropit; 1135 goto dropit;
1150 return svc_send(rqstp); 1136 return 1; /* Caller can now send it */
1151 1137
1152 dropit: 1138 dropit:
1153 svc_authorise(rqstp); /* doesn't hurt to call this twice */ 1139 svc_authorise(rqstp); /* doesn't hurt to call this twice */
@@ -1161,12 +1147,6 @@ err_short_len:
1161 1147
1162 goto dropit; /* drop request */ 1148 goto dropit; /* drop request */
1163 1149
1164err_bad_dir:
1165 svc_printk(rqstp, "bad direction %d, dropping request\n", dir);
1166
1167 serv->sv_stats->rpcbadfmt++;
1168 goto dropit; /* drop request */
1169
1170err_bad_rpc: 1150err_bad_rpc:
1171 serv->sv_stats->rpcbadfmt++; 1151 serv->sv_stats->rpcbadfmt++;
1172 svc_putnl(resv, 1); /* REJECT */ 1152 svc_putnl(resv, 1); /* REJECT */
@@ -1220,6 +1200,100 @@ err_bad:
1220EXPORT_SYMBOL_GPL(svc_process); 1200EXPORT_SYMBOL_GPL(svc_process);
1221 1201
1222/* 1202/*
1203 * Process the RPC request.
1204 */
1205int
1206svc_process(struct svc_rqst *rqstp)
1207{
1208 struct kvec *argv = &rqstp->rq_arg.head[0];
1209 struct kvec *resv = &rqstp->rq_res.head[0];
1210 struct svc_serv *serv = rqstp->rq_server;
1211 u32 dir;
1212 int error;
1213
1214 /*
1215 * Setup response xdr_buf.
1216 * Initially it has just one page
1217 */
1218 rqstp->rq_resused = 1;
1219 resv->iov_base = page_address(rqstp->rq_respages[0]);
1220 resv->iov_len = 0;
1221 rqstp->rq_res.pages = rqstp->rq_respages + 1;
1222 rqstp->rq_res.len = 0;
1223 rqstp->rq_res.page_base = 0;
1224 rqstp->rq_res.page_len = 0;
1225 rqstp->rq_res.buflen = PAGE_SIZE;
1226 rqstp->rq_res.tail[0].iov_base = NULL;
1227 rqstp->rq_res.tail[0].iov_len = 0;
1228
1229 rqstp->rq_xid = svc_getu32(argv);
1230
1231 dir = svc_getnl(argv);
1232 if (dir != 0) {
1233 /* direction != CALL */
1234 svc_printk(rqstp, "bad direction %d, dropping request\n", dir);
1235 serv->sv_stats->rpcbadfmt++;
1236 svc_drop(rqstp);
1237 return 0;
1238 }
1239
1240 error = svc_process_common(rqstp, argv, resv);
1241 if (error <= 0)
1242 return error;
1243
1244 return svc_send(rqstp);
1245}
1246
1247#if defined(CONFIG_NFS_V4_1)
1248/*
1249 * Process a backchannel RPC request that arrived over an existing
1250 * outbound connection
1251 */
1252int
1253bc_svc_process(struct svc_serv *serv, struct rpc_rqst *req,
1254 struct svc_rqst *rqstp)
1255{
1256 struct kvec *argv = &rqstp->rq_arg.head[0];
1257 struct kvec *resv = &rqstp->rq_res.head[0];
1258 int error;
1259
1260 /* Build the svc_rqst used by the common processing routine */
1261 rqstp->rq_xprt = serv->bc_xprt;
1262 rqstp->rq_xid = req->rq_xid;
1263 rqstp->rq_prot = req->rq_xprt->prot;
1264 rqstp->rq_server = serv;
1265
1266 rqstp->rq_addrlen = sizeof(req->rq_xprt->addr);
1267 memcpy(&rqstp->rq_addr, &req->rq_xprt->addr, rqstp->rq_addrlen);
1268 memcpy(&rqstp->rq_arg, &req->rq_rcv_buf, sizeof(rqstp->rq_arg));
1269 memcpy(&rqstp->rq_res, &req->rq_snd_buf, sizeof(rqstp->rq_res));
1270
1271 /* reset result send buffer "put" position */
1272 resv->iov_len = 0;
1273
1274 if (rqstp->rq_prot != IPPROTO_TCP) {
1275 printk(KERN_ERR "No support for Non-TCP transports!\n");
1276 BUG();
1277 }
1278
1279 /*
1280 * Skip the next two words because they've already been
1281 * processed in the trasport
1282 */
1283 svc_getu32(argv); /* XID */
1284 svc_getnl(argv); /* CALLDIR */
1285
1286 error = svc_process_common(rqstp, argv, resv);
1287 if (error <= 0)
1288 return error;
1289
1290 memcpy(&req->rq_snd_buf, &rqstp->rq_res, sizeof(req->rq_snd_buf));
1291 return bc_send(req);
1292}
1293EXPORT_SYMBOL(bc_svc_process);
1294#endif /* CONFIG_NFS_V4_1 */
1295
1296/*
1223 * Return (transport-specific) limit on the rpc payload. 1297 * Return (transport-specific) limit on the rpc payload.
1224 */ 1298 */
1225u32 svc_max_payload(const struct svc_rqst *rqstp) 1299u32 svc_max_payload(const struct svc_rqst *rqstp)
diff --git a/net/sunrpc/svc_xprt.c b/net/sunrpc/svc_xprt.c
index c200d92e57e4..6f33d33cc064 100644
--- a/net/sunrpc/svc_xprt.c
+++ b/net/sunrpc/svc_xprt.c
@@ -11,6 +11,7 @@
11#include <net/sock.h> 11#include <net/sock.h>
12#include <linux/sunrpc/stats.h> 12#include <linux/sunrpc/stats.h>
13#include <linux/sunrpc/svc_xprt.h> 13#include <linux/sunrpc/svc_xprt.h>
14#include <linux/sunrpc/svcsock.h>
14 15
15#define RPCDBG_FACILITY RPCDBG_SVCXPRT 16#define RPCDBG_FACILITY RPCDBG_SVCXPRT
16 17
@@ -1097,36 +1098,58 @@ struct svc_xprt *svc_find_xprt(struct svc_serv *serv, const char *xcl_name,
1097} 1098}
1098EXPORT_SYMBOL_GPL(svc_find_xprt); 1099EXPORT_SYMBOL_GPL(svc_find_xprt);
1099 1100
1100/* 1101static int svc_one_xprt_name(const struct svc_xprt *xprt,
1101 * Format a buffer with a list of the active transports. A zero for 1102 char *pos, int remaining)
1102 * the buflen parameter disables target buffer overflow checking. 1103{
1104 int len;
1105
1106 len = snprintf(pos, remaining, "%s %u\n",
1107 xprt->xpt_class->xcl_name,
1108 svc_xprt_local_port(xprt));
1109 if (len >= remaining)
1110 return -ENAMETOOLONG;
1111 return len;
1112}
1113
1114/**
1115 * svc_xprt_names - format a buffer with a list of transport names
1116 * @serv: pointer to an RPC service
1117 * @buf: pointer to a buffer to be filled in
1118 * @buflen: length of buffer to be filled in
1119 *
1120 * Fills in @buf with a string containing a list of transport names,
1121 * each name terminated with '\n'.
1122 *
1123 * Returns positive length of the filled-in string on success; otherwise
1124 * a negative errno value is returned if an error occurs.
1103 */ 1125 */
1104int svc_xprt_names(struct svc_serv *serv, char *buf, int buflen) 1126int svc_xprt_names(struct svc_serv *serv, char *buf, const int buflen)
1105{ 1127{
1106 struct svc_xprt *xprt; 1128 struct svc_xprt *xprt;
1107 char xprt_str[64]; 1129 int len, totlen;
1108 int totlen = 0; 1130 char *pos;
1109 int len;
1110 1131
1111 /* Sanity check args */ 1132 /* Sanity check args */
1112 if (!serv) 1133 if (!serv)
1113 return 0; 1134 return 0;
1114 1135
1115 spin_lock_bh(&serv->sv_lock); 1136 spin_lock_bh(&serv->sv_lock);
1137
1138 pos = buf;
1139 totlen = 0;
1116 list_for_each_entry(xprt, &serv->sv_permsocks, xpt_list) { 1140 list_for_each_entry(xprt, &serv->sv_permsocks, xpt_list) {
1117 len = snprintf(xprt_str, sizeof(xprt_str), 1141 len = svc_one_xprt_name(xprt, pos, buflen - totlen);
1118 "%s %d\n", xprt->xpt_class->xcl_name, 1142 if (len < 0) {
1119 svc_xprt_local_port(xprt)); 1143 *buf = '\0';
1120 /* If the string was truncated, replace with error string */ 1144 totlen = len;
1121 if (len >= sizeof(xprt_str)) 1145 }
1122 strcpy(xprt_str, "name-too-long\n"); 1146 if (len <= 0)
1123 /* Don't overflow buffer */
1124 len = strlen(xprt_str);
1125 if (buflen && (len + totlen >= buflen))
1126 break; 1147 break;
1127 strcpy(buf+totlen, xprt_str); 1148
1149 pos += len;
1128 totlen += len; 1150 totlen += len;
1129 } 1151 }
1152
1130 spin_unlock_bh(&serv->sv_lock); 1153 spin_unlock_bh(&serv->sv_lock);
1131 return totlen; 1154 return totlen;
1132} 1155}
diff --git a/net/sunrpc/svcsock.c b/net/sunrpc/svcsock.c
index 9d504234af4a..23128ee191ae 100644
--- a/net/sunrpc/svcsock.c
+++ b/net/sunrpc/svcsock.c
@@ -240,42 +240,76 @@ out:
240/* 240/*
241 * Report socket names for nfsdfs 241 * Report socket names for nfsdfs
242 */ 242 */
243static int one_sock_name(char *buf, struct svc_sock *svsk) 243static int svc_one_sock_name(struct svc_sock *svsk, char *buf, int remaining)
244{ 244{
245 const struct sock *sk = svsk->sk_sk;
246 const char *proto_name = sk->sk_protocol == IPPROTO_UDP ?
247 "udp" : "tcp";
245 int len; 248 int len;
246 249
247 switch(svsk->sk_sk->sk_family) { 250 switch (sk->sk_family) {
248 case AF_INET: 251 case PF_INET:
249 len = sprintf(buf, "ipv4 %s %pI4 %d\n", 252 len = snprintf(buf, remaining, "ipv4 %s %pI4 %d\n",
250 svsk->sk_sk->sk_protocol == IPPROTO_UDP ? 253 proto_name,
251 "udp" : "tcp", 254 &inet_sk(sk)->rcv_saddr,
252 &inet_sk(svsk->sk_sk)->rcv_saddr, 255 inet_sk(sk)->num);
253 inet_sk(svsk->sk_sk)->num); 256 break;
257 case PF_INET6:
258 len = snprintf(buf, remaining, "ipv6 %s %pI6 %d\n",
259 proto_name,
260 &inet6_sk(sk)->rcv_saddr,
261 inet_sk(sk)->num);
254 break; 262 break;
255 default: 263 default:
256 len = sprintf(buf, "*unknown-%d*\n", 264 len = snprintf(buf, remaining, "*unknown-%d*\n",
257 svsk->sk_sk->sk_family); 265 sk->sk_family);
266 }
267
268 if (len >= remaining) {
269 *buf = '\0';
270 return -ENAMETOOLONG;
258 } 271 }
259 return len; 272 return len;
260} 273}
261 274
262int 275/**
263svc_sock_names(char *buf, struct svc_serv *serv, char *toclose) 276 * svc_sock_names - construct a list of listener names in a string
277 * @serv: pointer to RPC service
278 * @buf: pointer to a buffer to fill in with socket names
279 * @buflen: size of the buffer to be filled
280 * @toclose: pointer to '\0'-terminated C string containing the name
281 * of a listener to be closed
282 *
283 * Fills in @buf with a '\n'-separated list of names of listener
284 * sockets. If @toclose is not NULL, the socket named by @toclose
285 * is closed, and is not included in the output list.
286 *
287 * Returns positive length of the socket name string, or a negative
288 * errno value on error.
289 */
290int svc_sock_names(struct svc_serv *serv, char *buf, const size_t buflen,
291 const char *toclose)
264{ 292{
265 struct svc_sock *svsk, *closesk = NULL; 293 struct svc_sock *svsk, *closesk = NULL;
266 int len = 0; 294 int len = 0;
267 295
268 if (!serv) 296 if (!serv)
269 return 0; 297 return 0;
298
270 spin_lock_bh(&serv->sv_lock); 299 spin_lock_bh(&serv->sv_lock);
271 list_for_each_entry(svsk, &serv->sv_permsocks, sk_xprt.xpt_list) { 300 list_for_each_entry(svsk, &serv->sv_permsocks, sk_xprt.xpt_list) {
272 int onelen = one_sock_name(buf+len, svsk); 301 int onelen = svc_one_sock_name(svsk, buf + len, buflen - len);
273 if (toclose && strcmp(toclose, buf+len) == 0) 302 if (onelen < 0) {
303 len = onelen;
304 break;
305 }
306 if (toclose && strcmp(toclose, buf + len) == 0)
274 closesk = svsk; 307 closesk = svsk;
275 else 308 else
276 len += onelen; 309 len += onelen;
277 } 310 }
278 spin_unlock_bh(&serv->sv_lock); 311 spin_unlock_bh(&serv->sv_lock);
312
279 if (closesk) 313 if (closesk)
280 /* Should unregister with portmap, but you cannot 314 /* Should unregister with portmap, but you cannot
281 * unregister just one protocol... 315 * unregister just one protocol...
@@ -346,6 +380,7 @@ static void svc_sock_setbufsize(struct socket *sock, unsigned int snd,
346 sock->sk->sk_sndbuf = snd * 2; 380 sock->sk->sk_sndbuf = snd * 2;
347 sock->sk->sk_rcvbuf = rcv * 2; 381 sock->sk->sk_rcvbuf = rcv * 2;
348 sock->sk->sk_userlocks |= SOCK_SNDBUF_LOCK|SOCK_RCVBUF_LOCK; 382 sock->sk->sk_userlocks |= SOCK_SNDBUF_LOCK|SOCK_RCVBUF_LOCK;
383 sock->sk->sk_write_space(sock->sk);
349 release_sock(sock->sk); 384 release_sock(sock->sk);
350#endif 385#endif
351} 386}
@@ -387,6 +422,15 @@ static void svc_write_space(struct sock *sk)
387 } 422 }
388} 423}
389 424
425static void svc_tcp_write_space(struct sock *sk)
426{
427 struct socket *sock = sk->sk_socket;
428
429 if (sk_stream_wspace(sk) >= sk_stream_min_wspace(sk) && sock)
430 clear_bit(SOCK_NOSPACE, &sock->flags);
431 svc_write_space(sk);
432}
433
390/* 434/*
391 * Copy the UDP datagram's destination address to the rqstp structure. 435 * Copy the UDP datagram's destination address to the rqstp structure.
392 * The 'destination' address in this case is the address to which the 436 * The 'destination' address in this case is the address to which the
@@ -427,13 +471,14 @@ static int svc_udp_recvfrom(struct svc_rqst *rqstp)
427 long all[SVC_PKTINFO_SPACE / sizeof(long)]; 471 long all[SVC_PKTINFO_SPACE / sizeof(long)];
428 } buffer; 472 } buffer;
429 struct cmsghdr *cmh = &buffer.hdr; 473 struct cmsghdr *cmh = &buffer.hdr;
430 int err, len;
431 struct msghdr msg = { 474 struct msghdr msg = {
432 .msg_name = svc_addr(rqstp), 475 .msg_name = svc_addr(rqstp),
433 .msg_control = cmh, 476 .msg_control = cmh,
434 .msg_controllen = sizeof(buffer), 477 .msg_controllen = sizeof(buffer),
435 .msg_flags = MSG_DONTWAIT, 478 .msg_flags = MSG_DONTWAIT,
436 }; 479 };
480 size_t len;
481 int err;
437 482
438 if (test_and_clear_bit(XPT_CHNGBUF, &svsk->sk_xprt.xpt_flags)) 483 if (test_and_clear_bit(XPT_CHNGBUF, &svsk->sk_xprt.xpt_flags))
439 /* udp sockets need large rcvbuf as all pending 484 /* udp sockets need large rcvbuf as all pending
@@ -465,8 +510,8 @@ static int svc_udp_recvfrom(struct svc_rqst *rqstp)
465 return -EAGAIN; 510 return -EAGAIN;
466 } 511 }
467 len = svc_addr_len(svc_addr(rqstp)); 512 len = svc_addr_len(svc_addr(rqstp));
468 if (len < 0) 513 if (len == 0)
469 return len; 514 return -EAFNOSUPPORT;
470 rqstp->rq_addrlen = len; 515 rqstp->rq_addrlen = len;
471 if (skb->tstamp.tv64 == 0) { 516 if (skb->tstamp.tv64 == 0) {
472 skb->tstamp = ktime_get_real(); 517 skb->tstamp = ktime_get_real();
@@ -980,25 +1025,16 @@ static void svc_tcp_prep_reply_hdr(struct svc_rqst *rqstp)
980static int svc_tcp_has_wspace(struct svc_xprt *xprt) 1025static int svc_tcp_has_wspace(struct svc_xprt *xprt)
981{ 1026{
982 struct svc_sock *svsk = container_of(xprt, struct svc_sock, sk_xprt); 1027 struct svc_sock *svsk = container_of(xprt, struct svc_sock, sk_xprt);
983 struct svc_serv *serv = svsk->sk_xprt.xpt_server; 1028 struct svc_serv *serv = svsk->sk_xprt.xpt_server;
984 int required; 1029 int required;
985 int wspace;
986 1030
987 /* 1031 if (test_bit(XPT_LISTENER, &xprt->xpt_flags))
988 * Set the SOCK_NOSPACE flag before checking the available 1032 return 1;
989 * sock space. 1033 required = atomic_read(&xprt->xpt_reserved) + serv->sv_max_mesg;
990 */ 1034 if (sk_stream_wspace(svsk->sk_sk) >= required)
1035 return 1;
991 set_bit(SOCK_NOSPACE, &svsk->sk_sock->flags); 1036 set_bit(SOCK_NOSPACE, &svsk->sk_sock->flags);
992 required = atomic_read(&svsk->sk_xprt.xpt_reserved) + serv->sv_max_mesg; 1037 return 0;
993 wspace = sk_stream_wspace(svsk->sk_sk);
994
995 if (wspace < sk_stream_min_wspace(svsk->sk_sk))
996 return 0;
997 if (required * 2 > wspace)
998 return 0;
999
1000 clear_bit(SOCK_NOSPACE, &svsk->sk_sock->flags);
1001 return 1;
1002} 1038}
1003 1039
1004static struct svc_xprt *svc_tcp_create(struct svc_serv *serv, 1040static struct svc_xprt *svc_tcp_create(struct svc_serv *serv,
@@ -1054,7 +1090,7 @@ static void svc_tcp_init(struct svc_sock *svsk, struct svc_serv *serv)
1054 dprintk("setting up TCP socket for reading\n"); 1090 dprintk("setting up TCP socket for reading\n");
1055 sk->sk_state_change = svc_tcp_state_change; 1091 sk->sk_state_change = svc_tcp_state_change;
1056 sk->sk_data_ready = svc_tcp_data_ready; 1092 sk->sk_data_ready = svc_tcp_data_ready;
1057 sk->sk_write_space = svc_write_space; 1093 sk->sk_write_space = svc_tcp_write_space;
1058 1094
1059 svsk->sk_reclen = 0; 1095 svsk->sk_reclen = 0;
1060 svsk->sk_tcplen = 0; 1096 svsk->sk_tcplen = 0;
@@ -1148,9 +1184,19 @@ static struct svc_sock *svc_setup_socket(struct svc_serv *serv,
1148 return svsk; 1184 return svsk;
1149} 1185}
1150 1186
1151int svc_addsock(struct svc_serv *serv, 1187/**
1152 int fd, 1188 * svc_addsock - add a listener socket to an RPC service
1153 char *name_return) 1189 * @serv: pointer to RPC service to which to add a new listener
1190 * @fd: file descriptor of the new listener
1191 * @name_return: pointer to buffer to fill in with name of listener
1192 * @len: size of the buffer
1193 *
1194 * Fills in socket name and returns positive length of name if successful.
1195 * Name is terminated with '\n'. On error, returns a negative errno
1196 * value.
1197 */
1198int svc_addsock(struct svc_serv *serv, const int fd, char *name_return,
1199 const size_t len)
1154{ 1200{
1155 int err = 0; 1201 int err = 0;
1156 struct socket *so = sockfd_lookup(fd, &err); 1202 struct socket *so = sockfd_lookup(fd, &err);
@@ -1190,7 +1236,7 @@ int svc_addsock(struct svc_serv *serv,
1190 sockfd_put(so); 1236 sockfd_put(so);
1191 return err; 1237 return err;
1192 } 1238 }
1193 return one_sock_name(name_return, svsk); 1239 return svc_one_sock_name(svsk, name_return, len);
1194} 1240}
1195EXPORT_SYMBOL_GPL(svc_addsock); 1241EXPORT_SYMBOL_GPL(svc_addsock);
1196 1242
@@ -1327,3 +1373,42 @@ static void svc_sock_free(struct svc_xprt *xprt)
1327 sock_release(svsk->sk_sock); 1373 sock_release(svsk->sk_sock);
1328 kfree(svsk); 1374 kfree(svsk);
1329} 1375}
1376
1377/*
1378 * Create a svc_xprt.
1379 *
1380 * For internal use only (e.g. nfsv4.1 backchannel).
1381 * Callers should typically use the xpo_create() method.
1382 */
1383struct svc_xprt *svc_sock_create(struct svc_serv *serv, int prot)
1384{
1385 struct svc_sock *svsk;
1386 struct svc_xprt *xprt = NULL;
1387
1388 dprintk("svc: %s\n", __func__);
1389 svsk = kzalloc(sizeof(*svsk), GFP_KERNEL);
1390 if (!svsk)
1391 goto out;
1392
1393 xprt = &svsk->sk_xprt;
1394 if (prot == IPPROTO_TCP)
1395 svc_xprt_init(&svc_tcp_class, xprt, serv);
1396 else if (prot == IPPROTO_UDP)
1397 svc_xprt_init(&svc_udp_class, xprt, serv);
1398 else
1399 BUG();
1400out:
1401 dprintk("svc: %s return %p\n", __func__, xprt);
1402 return xprt;
1403}
1404EXPORT_SYMBOL_GPL(svc_sock_create);
1405
1406/*
1407 * Destroy a svc_sock.
1408 */
1409void svc_sock_destroy(struct svc_xprt *xprt)
1410{
1411 if (xprt)
1412 kfree(container_of(xprt, struct svc_sock, sk_xprt));
1413}
1414EXPORT_SYMBOL_GPL(svc_sock_destroy);
diff --git a/net/sunrpc/xprt.c b/net/sunrpc/xprt.c
index 06ca058572f2..f412a852bc73 100644
--- a/net/sunrpc/xprt.c
+++ b/net/sunrpc/xprt.c
@@ -12,8 +12,9 @@
12 * - Next, the caller puts together the RPC message, stuffs it into 12 * - Next, the caller puts together the RPC message, stuffs it into
13 * the request struct, and calls xprt_transmit(). 13 * the request struct, and calls xprt_transmit().
14 * - xprt_transmit sends the message and installs the caller on the 14 * - xprt_transmit sends the message and installs the caller on the
15 * transport's wait list. At the same time, it installs a timer that 15 * transport's wait list. At the same time, if a reply is expected,
16 * is run after the packet's timeout has expired. 16 * it installs a timer that is run after the packet's timeout has
17 * expired.
17 * - When a packet arrives, the data_ready handler walks the list of 18 * - When a packet arrives, the data_ready handler walks the list of
18 * pending requests for that transport. If a matching XID is found, the 19 * pending requests for that transport. If a matching XID is found, the
19 * caller is woken up, and the timer removed. 20 * caller is woken up, and the timer removed.
@@ -46,6 +47,8 @@
46#include <linux/sunrpc/clnt.h> 47#include <linux/sunrpc/clnt.h>
47#include <linux/sunrpc/metrics.h> 48#include <linux/sunrpc/metrics.h>
48 49
50#include "sunrpc.h"
51
49/* 52/*
50 * Local variables 53 * Local variables
51 */ 54 */
@@ -192,8 +195,8 @@ EXPORT_SYMBOL_GPL(xprt_load_transport);
192 */ 195 */
193int xprt_reserve_xprt(struct rpc_task *task) 196int xprt_reserve_xprt(struct rpc_task *task)
194{ 197{
195 struct rpc_xprt *xprt = task->tk_xprt;
196 struct rpc_rqst *req = task->tk_rqstp; 198 struct rpc_rqst *req = task->tk_rqstp;
199 struct rpc_xprt *xprt = req->rq_xprt;
197 200
198 if (test_and_set_bit(XPRT_LOCKED, &xprt->state)) { 201 if (test_and_set_bit(XPRT_LOCKED, &xprt->state)) {
199 if (task == xprt->snd_task) 202 if (task == xprt->snd_task)
@@ -803,9 +806,10 @@ void xprt_complete_rqst(struct rpc_task *task, int copied)
803 806
804 list_del_init(&req->rq_list); 807 list_del_init(&req->rq_list);
805 req->rq_private_buf.len = copied; 808 req->rq_private_buf.len = copied;
806 /* Ensure all writes are done before we update req->rq_received */ 809 /* Ensure all writes are done before we update */
810 /* req->rq_reply_bytes_recvd */
807 smp_wmb(); 811 smp_wmb();
808 req->rq_received = copied; 812 req->rq_reply_bytes_recvd = copied;
809 rpc_wake_up_queued_task(&xprt->pending, task); 813 rpc_wake_up_queued_task(&xprt->pending, task);
810} 814}
811EXPORT_SYMBOL_GPL(xprt_complete_rqst); 815EXPORT_SYMBOL_GPL(xprt_complete_rqst);
@@ -820,7 +824,7 @@ static void xprt_timer(struct rpc_task *task)
820 dprintk("RPC: %5u xprt_timer\n", task->tk_pid); 824 dprintk("RPC: %5u xprt_timer\n", task->tk_pid);
821 825
822 spin_lock_bh(&xprt->transport_lock); 826 spin_lock_bh(&xprt->transport_lock);
823 if (!req->rq_received) { 827 if (!req->rq_reply_bytes_recvd) {
824 if (xprt->ops->timer) 828 if (xprt->ops->timer)
825 xprt->ops->timer(task); 829 xprt->ops->timer(task);
826 } else 830 } else
@@ -842,8 +846,8 @@ int xprt_prepare_transmit(struct rpc_task *task)
842 dprintk("RPC: %5u xprt_prepare_transmit\n", task->tk_pid); 846 dprintk("RPC: %5u xprt_prepare_transmit\n", task->tk_pid);
843 847
844 spin_lock_bh(&xprt->transport_lock); 848 spin_lock_bh(&xprt->transport_lock);
845 if (req->rq_received && !req->rq_bytes_sent) { 849 if (req->rq_reply_bytes_recvd && !req->rq_bytes_sent) {
846 err = req->rq_received; 850 err = req->rq_reply_bytes_recvd;
847 goto out_unlock; 851 goto out_unlock;
848 } 852 }
849 if (!xprt->ops->reserve_xprt(task)) 853 if (!xprt->ops->reserve_xprt(task))
@@ -855,7 +859,7 @@ out_unlock:
855 859
856void xprt_end_transmit(struct rpc_task *task) 860void xprt_end_transmit(struct rpc_task *task)
857{ 861{
858 xprt_release_write(task->tk_xprt, task); 862 xprt_release_write(task->tk_rqstp->rq_xprt, task);
859} 863}
860 864
861/** 865/**
@@ -872,8 +876,11 @@ void xprt_transmit(struct rpc_task *task)
872 876
873 dprintk("RPC: %5u xprt_transmit(%u)\n", task->tk_pid, req->rq_slen); 877 dprintk("RPC: %5u xprt_transmit(%u)\n", task->tk_pid, req->rq_slen);
874 878
875 if (!req->rq_received) { 879 if (!req->rq_reply_bytes_recvd) {
876 if (list_empty(&req->rq_list)) { 880 if (list_empty(&req->rq_list) && rpc_reply_expected(task)) {
881 /*
882 * Add to the list only if we're expecting a reply
883 */
877 spin_lock_bh(&xprt->transport_lock); 884 spin_lock_bh(&xprt->transport_lock);
878 /* Update the softirq receive buffer */ 885 /* Update the softirq receive buffer */
879 memcpy(&req->rq_private_buf, &req->rq_rcv_buf, 886 memcpy(&req->rq_private_buf, &req->rq_rcv_buf,
@@ -908,8 +915,13 @@ void xprt_transmit(struct rpc_task *task)
908 /* Don't race with disconnect */ 915 /* Don't race with disconnect */
909 if (!xprt_connected(xprt)) 916 if (!xprt_connected(xprt))
910 task->tk_status = -ENOTCONN; 917 task->tk_status = -ENOTCONN;
911 else if (!req->rq_received) 918 else if (!req->rq_reply_bytes_recvd && rpc_reply_expected(task)) {
919 /*
920 * Sleep on the pending queue since
921 * we're expecting a reply.
922 */
912 rpc_sleep_on(&xprt->pending, task, xprt_timer); 923 rpc_sleep_on(&xprt->pending, task, xprt_timer);
924 }
913 spin_unlock_bh(&xprt->transport_lock); 925 spin_unlock_bh(&xprt->transport_lock);
914} 926}
915 927
@@ -982,11 +994,17 @@ static void xprt_request_init(struct rpc_task *task, struct rpc_xprt *xprt)
982 */ 994 */
983void xprt_release(struct rpc_task *task) 995void xprt_release(struct rpc_task *task)
984{ 996{
985 struct rpc_xprt *xprt = task->tk_xprt; 997 struct rpc_xprt *xprt;
986 struct rpc_rqst *req; 998 struct rpc_rqst *req;
999 int is_bc_request;
987 1000
988 if (!(req = task->tk_rqstp)) 1001 if (!(req = task->tk_rqstp))
989 return; 1002 return;
1003
1004 /* Preallocated backchannel request? */
1005 is_bc_request = bc_prealloc(req);
1006
1007 xprt = req->rq_xprt;
990 rpc_count_iostats(task); 1008 rpc_count_iostats(task);
991 spin_lock_bh(&xprt->transport_lock); 1009 spin_lock_bh(&xprt->transport_lock);
992 xprt->ops->release_xprt(xprt, task); 1010 xprt->ops->release_xprt(xprt, task);
@@ -999,10 +1017,19 @@ void xprt_release(struct rpc_task *task)
999 mod_timer(&xprt->timer, 1017 mod_timer(&xprt->timer,
1000 xprt->last_used + xprt->idle_timeout); 1018 xprt->last_used + xprt->idle_timeout);
1001 spin_unlock_bh(&xprt->transport_lock); 1019 spin_unlock_bh(&xprt->transport_lock);
1002 xprt->ops->buf_free(req->rq_buffer); 1020 if (!bc_prealloc(req))
1021 xprt->ops->buf_free(req->rq_buffer);
1003 task->tk_rqstp = NULL; 1022 task->tk_rqstp = NULL;
1004 if (req->rq_release_snd_buf) 1023 if (req->rq_release_snd_buf)
1005 req->rq_release_snd_buf(req); 1024 req->rq_release_snd_buf(req);
1025
1026 /*
1027 * Early exit if this is a backchannel preallocated request.
1028 * There is no need to have it added to the RPC slot list.
1029 */
1030 if (is_bc_request)
1031 return;
1032
1006 memset(req, 0, sizeof(*req)); /* mark unused */ 1033 memset(req, 0, sizeof(*req)); /* mark unused */
1007 1034
1008 dprintk("RPC: %5u release request %p\n", task->tk_pid, req); 1035 dprintk("RPC: %5u release request %p\n", task->tk_pid, req);
@@ -1049,6 +1076,11 @@ found:
1049 1076
1050 INIT_LIST_HEAD(&xprt->free); 1077 INIT_LIST_HEAD(&xprt->free);
1051 INIT_LIST_HEAD(&xprt->recv); 1078 INIT_LIST_HEAD(&xprt->recv);
1079#if defined(CONFIG_NFS_V4_1)
1080 spin_lock_init(&xprt->bc_pa_lock);
1081 INIT_LIST_HEAD(&xprt->bc_pa_list);
1082#endif /* CONFIG_NFS_V4_1 */
1083
1052 INIT_WORK(&xprt->task_cleanup, xprt_autoclose); 1084 INIT_WORK(&xprt->task_cleanup, xprt_autoclose);
1053 setup_timer(&xprt->timer, xprt_init_autodisconnect, 1085 setup_timer(&xprt->timer, xprt_init_autodisconnect,
1054 (unsigned long)xprt); 1086 (unsigned long)xprt);
diff --git a/net/sunrpc/xprtrdma/svc_rdma_recvfrom.c b/net/sunrpc/xprtrdma/svc_rdma_recvfrom.c
index 42a6f9f20285..9e884383134f 100644
--- a/net/sunrpc/xprtrdma/svc_rdma_recvfrom.c
+++ b/net/sunrpc/xprtrdma/svc_rdma_recvfrom.c
@@ -397,14 +397,14 @@ static int rdma_read_xdr(struct svcxprt_rdma *xprt,
397 if (!ch) 397 if (!ch)
398 return 0; 398 return 0;
399 399
400 /* Allocate temporary reply and chunk maps */
401 rpl_map = svc_rdma_get_req_map();
402 chl_map = svc_rdma_get_req_map();
403
404 svc_rdma_rcl_chunk_counts(ch, &ch_count, &byte_count); 400 svc_rdma_rcl_chunk_counts(ch, &ch_count, &byte_count);
405 if (ch_count > RPCSVC_MAXPAGES) 401 if (ch_count > RPCSVC_MAXPAGES)
406 return -EINVAL; 402 return -EINVAL;
407 403
404 /* Allocate temporary reply and chunk maps */
405 rpl_map = svc_rdma_get_req_map();
406 chl_map = svc_rdma_get_req_map();
407
408 if (!xprt->sc_frmr_pg_list_len) 408 if (!xprt->sc_frmr_pg_list_len)
409 sge_count = map_read_chunks(xprt, rqstp, hdr_ctxt, rmsgp, 409 sge_count = map_read_chunks(xprt, rqstp, hdr_ctxt, rmsgp,
410 rpl_map, chl_map, ch_count, 410 rpl_map, chl_map, ch_count,
diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c
index 6c2d61586551..83c73c4d017a 100644
--- a/net/sunrpc/xprtsock.c
+++ b/net/sunrpc/xprtsock.c
@@ -34,6 +34,9 @@
34#include <linux/sunrpc/sched.h> 34#include <linux/sunrpc/sched.h>
35#include <linux/sunrpc/xprtsock.h> 35#include <linux/sunrpc/xprtsock.h>
36#include <linux/file.h> 36#include <linux/file.h>
37#ifdef CONFIG_NFS_V4_1
38#include <linux/sunrpc/bc_xprt.h>
39#endif
37 40
38#include <net/sock.h> 41#include <net/sock.h>
39#include <net/checksum.h> 42#include <net/checksum.h>
@@ -270,6 +273,13 @@ struct sock_xprt {
270#define TCP_RCV_COPY_FRAGHDR (1UL << 1) 273#define TCP_RCV_COPY_FRAGHDR (1UL << 1)
271#define TCP_RCV_COPY_XID (1UL << 2) 274#define TCP_RCV_COPY_XID (1UL << 2)
272#define TCP_RCV_COPY_DATA (1UL << 3) 275#define TCP_RCV_COPY_DATA (1UL << 3)
276#define TCP_RCV_READ_CALLDIR (1UL << 4)
277#define TCP_RCV_COPY_CALLDIR (1UL << 5)
278
279/*
280 * TCP RPC flags
281 */
282#define TCP_RPC_REPLY (1UL << 6)
273 283
274static inline struct sockaddr *xs_addr(struct rpc_xprt *xprt) 284static inline struct sockaddr *xs_addr(struct rpc_xprt *xprt)
275{ 285{
@@ -956,7 +966,7 @@ static inline void xs_tcp_read_fraghdr(struct rpc_xprt *xprt, struct xdr_skb_rea
956 transport->tcp_offset = 0; 966 transport->tcp_offset = 0;
957 967
958 /* Sanity check of the record length */ 968 /* Sanity check of the record length */
959 if (unlikely(transport->tcp_reclen < 4)) { 969 if (unlikely(transport->tcp_reclen < 8)) {
960 dprintk("RPC: invalid TCP record fragment length\n"); 970 dprintk("RPC: invalid TCP record fragment length\n");
961 xprt_force_disconnect(xprt); 971 xprt_force_disconnect(xprt);
962 return; 972 return;
@@ -991,33 +1001,77 @@ static inline void xs_tcp_read_xid(struct sock_xprt *transport, struct xdr_skb_r
991 if (used != len) 1001 if (used != len)
992 return; 1002 return;
993 transport->tcp_flags &= ~TCP_RCV_COPY_XID; 1003 transport->tcp_flags &= ~TCP_RCV_COPY_XID;
994 transport->tcp_flags |= TCP_RCV_COPY_DATA; 1004 transport->tcp_flags |= TCP_RCV_READ_CALLDIR;
995 transport->tcp_copied = 4; 1005 transport->tcp_copied = 4;
996 dprintk("RPC: reading reply for XID %08x\n", 1006 dprintk("RPC: reading %s XID %08x\n",
1007 (transport->tcp_flags & TCP_RPC_REPLY) ? "reply for"
1008 : "request with",
997 ntohl(transport->tcp_xid)); 1009 ntohl(transport->tcp_xid));
998 xs_tcp_check_fraghdr(transport); 1010 xs_tcp_check_fraghdr(transport);
999} 1011}
1000 1012
1001static inline void xs_tcp_read_request(struct rpc_xprt *xprt, struct xdr_skb_reader *desc) 1013static inline void xs_tcp_read_calldir(struct sock_xprt *transport,
1014 struct xdr_skb_reader *desc)
1002{ 1015{
1003 struct sock_xprt *transport = container_of(xprt, struct sock_xprt, xprt); 1016 size_t len, used;
1004 struct rpc_rqst *req; 1017 u32 offset;
1018 __be32 calldir;
1019
1020 /*
1021 * We want transport->tcp_offset to be 8 at the end of this routine
1022 * (4 bytes for the xid and 4 bytes for the call/reply flag).
1023 * When this function is called for the first time,
1024 * transport->tcp_offset is 4 (after having already read the xid).
1025 */
1026 offset = transport->tcp_offset - sizeof(transport->tcp_xid);
1027 len = sizeof(calldir) - offset;
1028 dprintk("RPC: reading CALL/REPLY flag (%Zu bytes)\n", len);
1029 used = xdr_skb_read_bits(desc, &calldir, len);
1030 transport->tcp_offset += used;
1031 if (used != len)
1032 return;
1033 transport->tcp_flags &= ~TCP_RCV_READ_CALLDIR;
1034 transport->tcp_flags |= TCP_RCV_COPY_CALLDIR;
1035 transport->tcp_flags |= TCP_RCV_COPY_DATA;
1036 /*
1037 * We don't yet have the XDR buffer, so we will write the calldir
1038 * out after we get the buffer from the 'struct rpc_rqst'
1039 */
1040 if (ntohl(calldir) == RPC_REPLY)
1041 transport->tcp_flags |= TCP_RPC_REPLY;
1042 else
1043 transport->tcp_flags &= ~TCP_RPC_REPLY;
1044 dprintk("RPC: reading %s CALL/REPLY flag %08x\n",
1045 (transport->tcp_flags & TCP_RPC_REPLY) ?
1046 "reply for" : "request with", calldir);
1047 xs_tcp_check_fraghdr(transport);
1048}
1049
1050static inline void xs_tcp_read_common(struct rpc_xprt *xprt,
1051 struct xdr_skb_reader *desc,
1052 struct rpc_rqst *req)
1053{
1054 struct sock_xprt *transport =
1055 container_of(xprt, struct sock_xprt, xprt);
1005 struct xdr_buf *rcvbuf; 1056 struct xdr_buf *rcvbuf;
1006 size_t len; 1057 size_t len;
1007 ssize_t r; 1058 ssize_t r;
1008 1059
1009 /* Find and lock the request corresponding to this xid */ 1060 rcvbuf = &req->rq_private_buf;
1010 spin_lock(&xprt->transport_lock); 1061
1011 req = xprt_lookup_rqst(xprt, transport->tcp_xid); 1062 if (transport->tcp_flags & TCP_RCV_COPY_CALLDIR) {
1012 if (!req) { 1063 /*
1013 transport->tcp_flags &= ~TCP_RCV_COPY_DATA; 1064 * Save the RPC direction in the XDR buffer
1014 dprintk("RPC: XID %08x request not found!\n", 1065 */
1015 ntohl(transport->tcp_xid)); 1066 __be32 calldir = transport->tcp_flags & TCP_RPC_REPLY ?
1016 spin_unlock(&xprt->transport_lock); 1067 htonl(RPC_REPLY) : 0;
1017 return; 1068
1069 memcpy(rcvbuf->head[0].iov_base + transport->tcp_copied,
1070 &calldir, sizeof(calldir));
1071 transport->tcp_copied += sizeof(calldir);
1072 transport->tcp_flags &= ~TCP_RCV_COPY_CALLDIR;
1018 } 1073 }
1019 1074
1020 rcvbuf = &req->rq_private_buf;
1021 len = desc->count; 1075 len = desc->count;
1022 if (len > transport->tcp_reclen - transport->tcp_offset) { 1076 if (len > transport->tcp_reclen - transport->tcp_offset) {
1023 struct xdr_skb_reader my_desc; 1077 struct xdr_skb_reader my_desc;
@@ -1054,7 +1108,7 @@ static inline void xs_tcp_read_request(struct rpc_xprt *xprt, struct xdr_skb_rea
1054 "tcp_offset = %u, tcp_reclen = %u\n", 1108 "tcp_offset = %u, tcp_reclen = %u\n",
1055 xprt, transport->tcp_copied, 1109 xprt, transport->tcp_copied,
1056 transport->tcp_offset, transport->tcp_reclen); 1110 transport->tcp_offset, transport->tcp_reclen);
1057 goto out; 1111 return;
1058 } 1112 }
1059 1113
1060 dprintk("RPC: XID %08x read %Zd bytes\n", 1114 dprintk("RPC: XID %08x read %Zd bytes\n",
@@ -1070,11 +1124,125 @@ static inline void xs_tcp_read_request(struct rpc_xprt *xprt, struct xdr_skb_rea
1070 transport->tcp_flags &= ~TCP_RCV_COPY_DATA; 1124 transport->tcp_flags &= ~TCP_RCV_COPY_DATA;
1071 } 1125 }
1072 1126
1073out: 1127 return;
1128}
1129
1130/*
1131 * Finds the request corresponding to the RPC xid and invokes the common
1132 * tcp read code to read the data.
1133 */
1134static inline int xs_tcp_read_reply(struct rpc_xprt *xprt,
1135 struct xdr_skb_reader *desc)
1136{
1137 struct sock_xprt *transport =
1138 container_of(xprt, struct sock_xprt, xprt);
1139 struct rpc_rqst *req;
1140
1141 dprintk("RPC: read reply XID %08x\n", ntohl(transport->tcp_xid));
1142
1143 /* Find and lock the request corresponding to this xid */
1144 spin_lock(&xprt->transport_lock);
1145 req = xprt_lookup_rqst(xprt, transport->tcp_xid);
1146 if (!req) {
1147 dprintk("RPC: XID %08x request not found!\n",
1148 ntohl(transport->tcp_xid));
1149 spin_unlock(&xprt->transport_lock);
1150 return -1;
1151 }
1152
1153 xs_tcp_read_common(xprt, desc, req);
1154
1074 if (!(transport->tcp_flags & TCP_RCV_COPY_DATA)) 1155 if (!(transport->tcp_flags & TCP_RCV_COPY_DATA))
1075 xprt_complete_rqst(req->rq_task, transport->tcp_copied); 1156 xprt_complete_rqst(req->rq_task, transport->tcp_copied);
1157
1076 spin_unlock(&xprt->transport_lock); 1158 spin_unlock(&xprt->transport_lock);
1077 xs_tcp_check_fraghdr(transport); 1159 return 0;
1160}
1161
1162#if defined(CONFIG_NFS_V4_1)
1163/*
1164 * Obtains an rpc_rqst previously allocated and invokes the common
1165 * tcp read code to read the data. The result is placed in the callback
1166 * queue.
1167 * If we're unable to obtain the rpc_rqst we schedule the closing of the
1168 * connection and return -1.
1169 */
1170static inline int xs_tcp_read_callback(struct rpc_xprt *xprt,
1171 struct xdr_skb_reader *desc)
1172{
1173 struct sock_xprt *transport =
1174 container_of(xprt, struct sock_xprt, xprt);
1175 struct rpc_rqst *req;
1176
1177 req = xprt_alloc_bc_request(xprt);
1178 if (req == NULL) {
1179 printk(KERN_WARNING "Callback slot table overflowed\n");
1180 xprt_force_disconnect(xprt);
1181 return -1;
1182 }
1183
1184 req->rq_xid = transport->tcp_xid;
1185 dprintk("RPC: read callback XID %08x\n", ntohl(req->rq_xid));
1186 xs_tcp_read_common(xprt, desc, req);
1187
1188 if (!(transport->tcp_flags & TCP_RCV_COPY_DATA)) {
1189 struct svc_serv *bc_serv = xprt->bc_serv;
1190
1191 /*
1192 * Add callback request to callback list. The callback
1193 * service sleeps on the sv_cb_waitq waiting for new
1194 * requests. Wake it up after adding enqueing the
1195 * request.
1196 */
1197 dprintk("RPC: add callback request to list\n");
1198 spin_lock(&bc_serv->sv_cb_lock);
1199 list_add(&req->rq_bc_list, &bc_serv->sv_cb_list);
1200 spin_unlock(&bc_serv->sv_cb_lock);
1201 wake_up(&bc_serv->sv_cb_waitq);
1202 }
1203
1204 req->rq_private_buf.len = transport->tcp_copied;
1205
1206 return 0;
1207}
1208
1209static inline int _xs_tcp_read_data(struct rpc_xprt *xprt,
1210 struct xdr_skb_reader *desc)
1211{
1212 struct sock_xprt *transport =
1213 container_of(xprt, struct sock_xprt, xprt);
1214
1215 return (transport->tcp_flags & TCP_RPC_REPLY) ?
1216 xs_tcp_read_reply(xprt, desc) :
1217 xs_tcp_read_callback(xprt, desc);
1218}
1219#else
1220static inline int _xs_tcp_read_data(struct rpc_xprt *xprt,
1221 struct xdr_skb_reader *desc)
1222{
1223 return xs_tcp_read_reply(xprt, desc);
1224}
1225#endif /* CONFIG_NFS_V4_1 */
1226
1227/*
1228 * Read data off the transport. This can be either an RPC_CALL or an
1229 * RPC_REPLY. Relay the processing to helper functions.
1230 */
1231static void xs_tcp_read_data(struct rpc_xprt *xprt,
1232 struct xdr_skb_reader *desc)
1233{
1234 struct sock_xprt *transport =
1235 container_of(xprt, struct sock_xprt, xprt);
1236
1237 if (_xs_tcp_read_data(xprt, desc) == 0)
1238 xs_tcp_check_fraghdr(transport);
1239 else {
1240 /*
1241 * The transport_lock protects the request handling.
1242 * There's no need to hold it to update the tcp_flags.
1243 */
1244 transport->tcp_flags &= ~TCP_RCV_COPY_DATA;
1245 }
1078} 1246}
1079 1247
1080static inline void xs_tcp_read_discard(struct sock_xprt *transport, struct xdr_skb_reader *desc) 1248static inline void xs_tcp_read_discard(struct sock_xprt *transport, struct xdr_skb_reader *desc)
@@ -1114,9 +1282,14 @@ static int xs_tcp_data_recv(read_descriptor_t *rd_desc, struct sk_buff *skb, uns
1114 xs_tcp_read_xid(transport, &desc); 1282 xs_tcp_read_xid(transport, &desc);
1115 continue; 1283 continue;
1116 } 1284 }
1285 /* Read in the call/reply flag */
1286 if (transport->tcp_flags & TCP_RCV_READ_CALLDIR) {
1287 xs_tcp_read_calldir(transport, &desc);
1288 continue;
1289 }
1117 /* Read in the request data */ 1290 /* Read in the request data */
1118 if (transport->tcp_flags & TCP_RCV_COPY_DATA) { 1291 if (transport->tcp_flags & TCP_RCV_COPY_DATA) {
1119 xs_tcp_read_request(xprt, &desc); 1292 xs_tcp_read_data(xprt, &desc);
1120 continue; 1293 continue;
1121 } 1294 }
1122 /* Skip over any trailing bytes on short reads */ 1295 /* Skip over any trailing bytes on short reads */
@@ -1792,6 +1965,7 @@ static void xs_tcp_setup_socket(struct rpc_xprt *xprt,
1792 */ 1965 */
1793 set_bit(XPRT_CONNECTION_CLOSE, &xprt->state); 1966 set_bit(XPRT_CONNECTION_CLOSE, &xprt->state);
1794 xprt_force_disconnect(xprt); 1967 xprt_force_disconnect(xprt);
1968 break;
1795 case -ECONNREFUSED: 1969 case -ECONNREFUSED:
1796 case -ECONNRESET: 1970 case -ECONNRESET:
1797 case -ENETUNREACH: 1971 case -ENETUNREACH:
@@ -2010,6 +2184,9 @@ static struct rpc_xprt_ops xs_tcp_ops = {
2010 .buf_free = rpc_free, 2184 .buf_free = rpc_free,
2011 .send_request = xs_tcp_send_request, 2185 .send_request = xs_tcp_send_request,
2012 .set_retrans_timeout = xprt_set_retrans_timeout_def, 2186 .set_retrans_timeout = xprt_set_retrans_timeout_def,
2187#if defined(CONFIG_NFS_V4_1)
2188 .release_request = bc_release_request,
2189#endif /* CONFIG_NFS_V4_1 */
2013 .close = xs_tcp_close, 2190 .close = xs_tcp_close,
2014 .destroy = xs_destroy, 2191 .destroy = xs_destroy,
2015 .print_stats = xs_tcp_print_stats, 2192 .print_stats = xs_tcp_print_stats,
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 24168560ebae..241bddd0b4f1 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -1687,13 +1687,52 @@ static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
1687 if (err) 1687 if (err)
1688 goto out_rtnl; 1688 goto out_rtnl;
1689 1689
1690 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 1690 err = get_vlan(info->attrs[NL80211_ATTR_STA_VLAN], drv, &params.vlan);
1691 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN) { 1691 if (err)
1692 err = -EINVAL;
1693 goto out; 1692 goto out;
1693
1694 /* validate settings */
1695 err = 0;
1696
1697 switch (dev->ieee80211_ptr->iftype) {
1698 case NL80211_IFTYPE_AP:
1699 case NL80211_IFTYPE_AP_VLAN:
1700 /* disallow mesh-specific things */
1701 if (params.plink_action)
1702 err = -EINVAL;
1703 break;
1704 case NL80211_IFTYPE_STATION:
1705 /* disallow everything but AUTHORIZED flag */
1706 if (params.plink_action)
1707 err = -EINVAL;
1708 if (params.vlan)
1709 err = -EINVAL;
1710 if (params.supported_rates)
1711 err = -EINVAL;
1712 if (params.ht_capa)
1713 err = -EINVAL;
1714 if (params.listen_interval >= 0)
1715 err = -EINVAL;
1716 if (params.sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
1717 err = -EINVAL;
1718 break;
1719 case NL80211_IFTYPE_MESH_POINT:
1720 /* disallow things mesh doesn't support */
1721 if (params.vlan)
1722 err = -EINVAL;
1723 if (params.ht_capa)
1724 err = -EINVAL;
1725 if (params.listen_interval >= 0)
1726 err = -EINVAL;
1727 if (params.supported_rates)
1728 err = -EINVAL;
1729 if (params.sta_flags_mask)
1730 err = -EINVAL;
1731 break;
1732 default:
1733 err = -EINVAL;
1694 } 1734 }
1695 1735
1696 err = get_vlan(info->attrs[NL80211_ATTR_STA_VLAN], drv, &params.vlan);
1697 if (err) 1736 if (err)
1698 goto out; 1737 goto out;
1699 1738
@@ -1728,9 +1767,6 @@ static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
1728 if (!info->attrs[NL80211_ATTR_MAC]) 1767 if (!info->attrs[NL80211_ATTR_MAC])
1729 return -EINVAL; 1768 return -EINVAL;
1730 1769
1731 if (!info->attrs[NL80211_ATTR_STA_AID])
1732 return -EINVAL;
1733
1734 if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]) 1770 if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
1735 return -EINVAL; 1771 return -EINVAL;
1736 1772
@@ -1745,9 +1781,11 @@ static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
1745 params.listen_interval = 1781 params.listen_interval =
1746 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]); 1782 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
1747 1783
1748 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]); 1784 if (info->attrs[NL80211_ATTR_STA_AID]) {
1749 if (!params.aid || params.aid > IEEE80211_MAX_AID) 1785 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
1750 return -EINVAL; 1786 if (!params.aid || params.aid > IEEE80211_MAX_AID)
1787 return -EINVAL;
1788 }
1751 1789
1752 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) 1790 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
1753 params.ht_capa = 1791 params.ht_capa =
@@ -1762,13 +1800,39 @@ static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
1762 if (err) 1800 if (err)
1763 goto out_rtnl; 1801 goto out_rtnl;
1764 1802
1765 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 1803 err = get_vlan(info->attrs[NL80211_ATTR_STA_VLAN], drv, &params.vlan);
1766 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN) { 1804 if (err)
1767 err = -EINVAL;
1768 goto out; 1805 goto out;
1806
1807 /* validate settings */
1808 err = 0;
1809
1810 switch (dev->ieee80211_ptr->iftype) {
1811 case NL80211_IFTYPE_AP:
1812 case NL80211_IFTYPE_AP_VLAN:
1813 /* all ok but must have AID */
1814 if (!params.aid)
1815 err = -EINVAL;
1816 break;
1817 case NL80211_IFTYPE_MESH_POINT:
1818 /* disallow things mesh doesn't support */
1819 if (params.vlan)
1820 err = -EINVAL;
1821 if (params.aid)
1822 err = -EINVAL;
1823 if (params.ht_capa)
1824 err = -EINVAL;
1825 if (params.listen_interval >= 0)
1826 err = -EINVAL;
1827 if (params.supported_rates)
1828 err = -EINVAL;
1829 if (params.sta_flags_mask)
1830 err = -EINVAL;
1831 break;
1832 default:
1833 err = -EINVAL;
1769 } 1834 }
1770 1835
1771 err = get_vlan(info->attrs[NL80211_ATTR_STA_VLAN], drv, &params.vlan);
1772 if (err) 1836 if (err)
1773 goto out; 1837 goto out;
1774 1838
@@ -1812,7 +1876,8 @@ static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
1812 goto out_rtnl; 1876 goto out_rtnl;
1813 1877
1814 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 1878 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
1815 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN) { 1879 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
1880 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) {
1816 err = -EINVAL; 1881 err = -EINVAL;
1817 goto out; 1882 goto out;
1818 } 1883 }
diff --git a/net/xfrm/xfrm_algo.c b/net/xfrm/xfrm_algo.c
index d31ccb487730..faf54c6bf96b 100644
--- a/net/xfrm/xfrm_algo.c
+++ b/net/xfrm/xfrm_algo.c
@@ -292,8 +292,8 @@ static struct xfrm_algo_desc ealg_list[] = {
292 } 292 }
293}, 293},
294{ 294{
295 .name = "cbc(cast128)", 295 .name = "cbc(cast5)",
296 .compat = "cast128", 296 .compat = "cast5",
297 297
298 .uinfo = { 298 .uinfo = {
299 .encr = { 299 .encr = {
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 5f1f86565f16..f2f7c638083e 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -668,22 +668,10 @@ static struct xfrm_state *__xfrm_state_lookup(struct net *net, xfrm_address_t *d
668 hlist_for_each_entry(x, entry, net->xfrm.state_byspi+h, byspi) { 668 hlist_for_each_entry(x, entry, net->xfrm.state_byspi+h, byspi) {
669 if (x->props.family != family || 669 if (x->props.family != family ||
670 x->id.spi != spi || 670 x->id.spi != spi ||
671 x->id.proto != proto) 671 x->id.proto != proto ||
672 xfrm_addr_cmp(&x->id.daddr, daddr, family))
672 continue; 673 continue;
673 674
674 switch (family) {
675 case AF_INET:
676 if (x->id.daddr.a4 != daddr->a4)
677 continue;
678 break;
679 case AF_INET6:
680 if (!ipv6_addr_equal((struct in6_addr *)daddr,
681 (struct in6_addr *)
682 x->id.daddr.a6))
683 continue;
684 break;
685 }
686
687 xfrm_state_hold(x); 675 xfrm_state_hold(x);
688 return x; 676 return x;
689 } 677 }
@@ -699,26 +687,11 @@ static struct xfrm_state *__xfrm_state_lookup_byaddr(struct net *net, xfrm_addre
699 687
700 hlist_for_each_entry(x, entry, net->xfrm.state_bysrc+h, bysrc) { 688 hlist_for_each_entry(x, entry, net->xfrm.state_bysrc+h, bysrc) {
701 if (x->props.family != family || 689 if (x->props.family != family ||
702 x->id.proto != proto) 690 x->id.proto != proto ||
691 xfrm_addr_cmp(&x->id.daddr, daddr, family) ||
692 xfrm_addr_cmp(&x->props.saddr, saddr, family))
703 continue; 693 continue;
704 694
705 switch (family) {
706 case AF_INET:
707 if (x->id.daddr.a4 != daddr->a4 ||
708 x->props.saddr.a4 != saddr->a4)
709 continue;
710 break;
711 case AF_INET6:
712 if (!ipv6_addr_equal((struct in6_addr *)daddr,
713 (struct in6_addr *)
714 x->id.daddr.a6) ||
715 !ipv6_addr_equal((struct in6_addr *)saddr,
716 (struct in6_addr *)
717 x->props.saddr.a6))
718 continue;
719 break;
720 }
721
722 xfrm_state_hold(x); 695 xfrm_state_hold(x);
723 return x; 696 return x;
724 } 697 }
@@ -1001,25 +974,11 @@ static struct xfrm_state *__find_acq_core(struct net *net, unsigned short family
1001 x->props.family != family || 974 x->props.family != family ||
1002 x->km.state != XFRM_STATE_ACQ || 975 x->km.state != XFRM_STATE_ACQ ||
1003 x->id.spi != 0 || 976 x->id.spi != 0 ||
1004 x->id.proto != proto) 977 x->id.proto != proto ||
978 xfrm_addr_cmp(&x->id.daddr, daddr, family) ||
979 xfrm_addr_cmp(&x->props.saddr, saddr, family))
1005 continue; 980 continue;
1006 981
1007 switch (family) {
1008 case AF_INET:
1009 if (x->id.daddr.a4 != daddr->a4 ||
1010 x->props.saddr.a4 != saddr->a4)
1011 continue;
1012 break;
1013 case AF_INET6:
1014 if (!ipv6_addr_equal((struct in6_addr *)x->id.daddr.a6,
1015 (struct in6_addr *)daddr) ||
1016 !ipv6_addr_equal((struct in6_addr *)
1017 x->props.saddr.a6,
1018 (struct in6_addr *)saddr))
1019 continue;
1020 break;
1021 }
1022
1023 xfrm_state_hold(x); 982 xfrm_state_hold(x);
1024 return x; 983 return x;
1025 } 984 }
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-26 15:06:29 -0500