Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6

Conflicts: net/ipv4/Kconfig net/ipv4/tcp_timer.c
author: David S. Miller <davem@davemloft.net> 2010-10-04 14:56:38 -0400
committer: David S. Miller <davem@davemloft.net> 2010-10-04 14:56:38 -0400
commit: 21a180cda012e1f93e362dd4a9b0bfd3d8c92940 (patch)
tree: 0e0d10baa3fdcd8ffbc6881076ff1695808dad9d /net
parent: c7d4426a98a5f6654cd0b4b33d9dab2e77192c18 (diff)
parent: 51e97a12bef19b7e43199fc153cf9bd5f2140362 (diff)
14 files changed, 97 insertions, 37 deletions
diff --git a/net/8021q/vlan_core.c b/net/8021q/vlan_core.c
index 0eb486d342dc..b6d55a9304f2 100644
--- a/net/8021q/vlan_core.c
+++ b/net/8021q/vlan_core.c
@@ -24,8 +24,11 @@ int __vlan_hwaccel_rx(struct sk_buff *skb, struct vlan_group *grp,
        if (vlan_dev)
                skb->dev = vlan_dev;
-        else if (vlan_id)
+        else if (vlan_id) {
-                goto drop;
+                if (!(skb->dev->flags & IFF_PROMISC))
+                        goto drop;
+                skb->pkt_type = PACKET_OTHERHOST;
+        }
        return polling ? netif_receive_skb(skb) : netif_rx(skb);
@@ -101,8 +104,11 @@ vlan_gro_common(struct napi_struct *napi, struct vlan_group *grp,
        if (vlan_dev)
                skb->dev = vlan_dev;
-        else if (vlan_id)
+        else if (vlan_id) {
-                goto drop;
+                if (!(skb->dev->flags & IFF_PROMISC))
+                        goto drop;
+                skb->pkt_type = PACKET_OTHERHOST;
+        }
        for (p = napi->gro_list; p; p = p->next) {
                unsigned long diffs;
diff --git a/net/9p/trans_virtio.c b/net/9p/trans_virtio.c
index dcfbe99ff81c..b88515936e4b 100644
--- a/net/9p/trans_virtio.c
+++ b/net/9p/trans_virtio.c
@@ -329,7 +329,8 @@ p9_virtio_create(struct p9_client *client, const char *devname, char *args)
        mutex_lock(&virtio_9p_lock);
        list_for_each_entry(chan, &virtio_chan_list, chan_list) {
-                if (!strncmp(devname, chan->tag, chan->tag_len)) {
+                if (!strncmp(devname, chan->tag, chan->tag_len) &&
+                    strlen(devname) == chan->tag_len) {
                        if (!chan->inuse) {
                                chan->inuse = true;
                                found = 1;
diff --git a/net/core/iovec.c b/net/core/iovec.c
index f4657c2127b4..72aceb1fe4fa 100644
--- a/net/core/iovec.c
+++ b/net/core/iovec.c
@@ -35,9 +35,10 @@
 *      in any case.
 */
-int verify_iovec(struct msghdr *m, struct iovec *iov, struct sockaddr *address, int mode)
+long verify_iovec(struct msghdr *m, struct iovec *iov, struct sockaddr *address, int mode)
 {
-        int size, err, ct;
+        int size, ct;
+        long err;
        if (m->msg_namelen) {
                if (mode == VERIFY_READ) {
diff --git a/net/core/stream.c b/net/core/stream.c
index d959e0f41528..f5df85dcd20b 100644
--- a/net/core/stream.c
+++ b/net/core/stream.c
@@ -141,10 +141,10 @@ int sk_stream_wait_memory(struct sock *sk, long *timeo_p)
                set_bit(SOCK_NOSPACE, &sk->sk_socket->flags);
                sk->sk_write_pending++;
-                sk_wait_event(sk, &current_timeo, !sk->sk_err &&
+                sk_wait_event(sk, &current_timeo, sk->sk_err ||
-                                                  !(sk->sk_shutdown & SEND_SHUTDOWN) &&
+                                                  (sk->sk_shutdown & SEND_SHUTDOWN) ||
-                                                  sk_stream_memory_free(sk) &&
+                                                  (sk_stream_memory_free(sk) &&
-                                                  vm_wait);
+                                                  !vm_wait));
                sk->sk_write_pending--;
                if (vm_wait) {
diff --git a/net/ipv4/Kconfig b/net/ipv4/Kconfig
index 5462e2d147a6..e848e6c062cd 100644
--- a/net/ipv4/Kconfig
+++ b/net/ipv4/Kconfig
@@ -223,7 +223,7 @@ config NET_IPGRE_DEMUX
 config NET_IPGRE
        tristate "IP: GRE tunnels over IP"
-        depends on NET_IPGRE_DEMUX
+        depends on (IPV6 || IPV6=n) && NET_IPGRE_DEMUX
        help
          Tunneling means encapsulating data of one protocol type within
          another protocol and sending it over a channel that understands the
@@ -419,7 +419,7 @@ config INET_XFRM_MODE_BEET
          If unsure, say Y.
 config INET_LRO
-        bool "Large Receive Offload (ipv4/tcp)"
+        tristate "Large Receive Offload (ipv4/tcp)"
        default y
        ---help---
          Support for Large Receive Offload (ipv4/tcp).
diff --git a/net/ipv4/igmp.c b/net/ipv4/igmp.c
index 1fdcacd36ce7..2a4bb76f2132 100644
--- a/net/ipv4/igmp.c
+++ b/net/ipv4/igmp.c
@@ -834,7 +834,7 @@ static void igmp_heard_query(struct in_device *in_dev, struct sk_buff *skb,
        int                     mark = 0;
-        if (len == 8 || IGMP_V2_SEEN(in_dev)) {
+        if (len == 8) {
                if (ih->code == 0) {
                        /* Alas, old v1 router presents here. */
@@ -856,6 +856,18 @@ static void igmp_heard_query(struct in_device *in_dev, struct sk_buff *skb,
                igmpv3_clear_delrec(in_dev);
        } else if (len < 12) {
                return; /* ignore bogus packet; freed by caller */
+        } else if (IGMP_V1_SEEN(in_dev)) {
+                /* This is a v3 query with v1 queriers present */
+                max_delay = IGMP_Query_Response_Interval;
+                group = 0;
+        } else if (IGMP_V2_SEEN(in_dev)) {
+                /* this is a v3 query with v2 queriers present;
+                 * Interpretation of the max_delay code is problematic here.
+                 * A real v2 host would use ih_code directly, while v3 has a
+                 * different encoding. We use the v3 encoding as more likely
+                 * to be intended in a v3 query.
+                 */
+                max_delay = IGMPV3_MRC(ih3->code)*(HZ/IGMP_TIMER_SCALE);
        } else { /* v3 */
                if (!pskb_may_pull(skb, sizeof(struct igmpv3_query)))
                        return;
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index c3cb8bd23638..04e0df82b88c 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -1232,7 +1232,7 @@ restart:
                        }
                        if (net_ratelimit())
-                                printk(KERN_WARNING "Neighbour table overflow.\n");
+                                printk(KERN_WARNING "ipv4: Neighbour table overflow.\n");
                        rt_drop(rt);
                        return -ENOBUFS;
                }
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index 19192c5fe67a..1664a0590bb8 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -943,7 +943,7 @@ int tcp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
        sg = sk->sk_route_caps & NETIF_F_SG;
        while (--iovlen >= 0) {
-                int seglen = iov->iov_len;
+                size_t seglen = iov->iov_len;
                unsigned char __user *from = iov->iov_base;
                iov++;
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index eaf20e7e61da..f6fdd727a23d 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -2532,7 +2532,8 @@ static void tcp_mark_head_lost(struct sock *sk, int packets)
                        cnt += tcp_skb_pcount(skb);
                if (cnt > packets) {
-                        if (tcp_is_sack(tp) || (oldcnt >= packets))
+                        if ((tcp_is_sack(tp) && !tcp_is_fack(tp)) ||
+                            (oldcnt >= packets))
                                break;
                        mss = skb_shinfo(skb)->gso_size;
diff --git a/net/ipv4/tcp_timer.c b/net/ipv4/tcp_timer.c
index baea4a129022..f3c8c6c019ae 100644
--- a/net/ipv4/tcp_timer.c
+++ b/net/ipv4/tcp_timer.c
@@ -135,13 +135,16 @@ static void tcp_mtu_probing(struct inet_connection_sock *icsk, struct sock *sk)
 /* This function calculates a "timeout" which is equivalent to the timeout of a
 * TCP connection after "boundary" unsuccessful, exponentially backed-off
- * retransmissions with an initial RTO of TCP_RTO_MIN.
+ * retransmissions with an initial RTO of TCP_RTO_MIN or TCP_TIMEOUT_INIT if
+ * syn_set flag is set.
 */
 static bool retransmits_timed_out(struct sock *sk,
                                  unsigned int boundary,
-                                  unsigned int timeout)
+                                  unsigned int timeout,
+                                  bool syn_set)
 {
        unsigned int linear_backoff_thresh, start_ts;
+        unsigned int rto_base = syn_set ? TCP_TIMEOUT_INIT : TCP_RTO_MIN;
        if (!inet_csk(sk)->icsk_retransmits)
                return false;
@@ -152,12 +155,12 @@ static bool retransmits_timed_out(struct sock *sk,
                start_ts = tcp_sk(sk)->retrans_stamp;
        if (likely(timeout == 0)) {
-                linear_backoff_thresh = ilog2(TCP_RTO_MAX/TCP_RTO_MIN);
+                linear_backoff_thresh = ilog2(TCP_RTO_MAX/rto_base);
                if (boundary <= linear_backoff_thresh)
-                        timeout = ((2 << boundary) - 1) * TCP_RTO_MIN;
+                        timeout = ((2 << boundary) - 1) * rto_base;
                else
-                        timeout = ((2 << linear_backoff_thresh) - 1) * TCP_RTO_MIN +
+                        timeout = ((2 << linear_backoff_thresh) - 1) * rto_base +
                                (boundary - linear_backoff_thresh) * TCP_RTO_MAX;
        }
        return (tcp_time_stamp - start_ts) >= timeout;
@@ -168,14 +171,15 @@ static int tcp_write_timeout(struct sock *sk)
 {
        struct inet_connection_sock *icsk = inet_csk(sk);
        int retry_until;
-        bool do_reset;
+        bool do_reset, syn_set = 0;
        if ((1 << sk->sk_state) & (TCPF_SYN_SENT | TCPF_SYN_RECV)) {
                if (icsk->icsk_retransmits)
                        dst_negative_advice(sk);
                retry_until = icsk->icsk_syn_retries ? : sysctl_tcp_syn_retries;
+                syn_set = 1;
        } else {
-                if (retransmits_timed_out(sk, sysctl_tcp_retries1, 0)) {
+                if (retransmits_timed_out(sk, sysctl_tcp_retries1, 0, 0)) {
                        /* Black hole detection */
                        tcp_mtu_probing(icsk, sk);
@@ -188,7 +192,7 @@ static int tcp_write_timeout(struct sock *sk)
                        retry_until = tcp_orphan_retries(sk, alive);
                        do_reset = alive ||
-                                   !retransmits_timed_out(sk, retry_until, 0);
+                                !retransmits_timed_out(sk, retry_until, 0, 0);
                        if (tcp_out_of_resources(sk, do_reset))
                                return 1;
@@ -196,8 +200,7 @@ static int tcp_write_timeout(struct sock *sk)
        }
        if (retransmits_timed_out(sk, retry_until,
-            (1 << sk->sk_state) & (TCPF_SYN_SENT | TCPF_SYN_RECV) ? 0 :
+                                  syn_set ? 0 : icsk->icsk_user_timeout, syn_set)) {
-            icsk->icsk_user_timeout)) {
                /* Has it gone just too far? */
                tcp_write_err(sk);
                return 1;
@@ -439,7 +442,7 @@ out_reset_timer:
                icsk->icsk_rto = min(icsk->icsk_rto << 1, TCP_RTO_MAX);
        }
        inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS, icsk->icsk_rto, TCP_RTO_MAX);
-        if (retransmits_timed_out(sk, sysctl_tcp_retries1 + 1, 0))
+        if (retransmits_timed_out(sk, sysctl_tcp_retries1 + 1, 0, 0))
                __sk_dst_reset(sk);
 out:;
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index 25476e7e708b..17e217933885 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -670,7 +670,7 @@ static struct rt6_info *rt6_alloc_cow(struct rt6_info *ort, struct in6_addr *dad
                        if (net_ratelimit())
                                printk(KERN_WARNING
-                                       "Neighbour table overflow.\n");
+                                       "ipv6: Neighbour table overflow.\n");
                        dst_free(&rt->dst);
                        return NULL;
                }
@@ -1559,14 +1559,13 @@ out:
 *      i.e. Path MTU discovery
 */
-void rt6_pmtu_discovery(struct in6_addr *daddr, struct in6_addr *saddr,
+static void rt6_do_pmtu_disc(struct in6_addr *daddr, struct in6_addr *saddr,
-                        struct net_device *dev, u32 pmtu)
+                             struct net *net, u32 pmtu, int ifindex)
 {
        struct rt6_info *rt, *nrt;
-        struct net *net = dev_net(dev);
        int allfrag = 0;
-        rt = rt6_lookup(net, daddr, saddr, dev->ifindex, 0);
+        rt = rt6_lookup(net, daddr, saddr, ifindex, 0);
        if (rt == NULL)
                return;
@@ -1634,6 +1633,27 @@ out:
        dst_release(&rt->dst);
 }
+void rt6_pmtu_discovery(struct in6_addr *daddr, struct in6_addr *saddr,
+                        struct net_device *dev, u32 pmtu)
+{
+        struct net *net = dev_net(dev);
+        /*
+         * RFC 1981 states that a node "MUST reduce the size of the packets it
+         * is sending along the path" that caused the Packet Too Big message.
+         * Since it's not possible in the general case to determine which
+         * interface was used to send the original packet, we update the MTU
+         * on the interface that will be used to send future packets. We also
+         * update the MTU on the interface that received the Packet Too Big in
+         * case the original packet was forced out that interface with
+         * SO_BINDTODEVICE or similar. This is the next best thing to the
+         * correct behaviour, which would be to update the MTU on all
+         * interfaces.
+         */
+        rt6_do_pmtu_disc(daddr, saddr, net, pmtu, 0);
+        rt6_do_pmtu_disc(daddr, saddr, net, pmtu, dev->ifindex);
+}
 /*
 *      Misc support functions
 */
diff --git a/net/phonet/pep.c b/net/phonet/pep.c
index 552fb665645f..aa3d8700d213 100644
--- a/net/phonet/pep.c
+++ b/net/phonet/pep.c
@@ -507,12 +507,13 @@ static void pipe_grant_credits(struct sock *sk)
 static int pipe_rcv_status(struct sock *sk, struct sk_buff *skb)
 {
        struct pep_sock *pn = pep_sk(sk);
-        struct pnpipehdr *hdr = pnp_hdr(skb);
+        struct pnpipehdr *hdr;
        int wake = 0;
        if (!pskb_may_pull(skb, sizeof(*hdr) + 4))
                return -EINVAL;
+        hdr = pnp_hdr(skb);
        if (hdr->data[0] != PN_PEP_TYPE_COMMON) {
                LIMIT_NETDEBUG(KERN_DEBUG"Phonet unknown PEP type: %u\n",
                                (unsigned)hdr->data[0]);
diff --git a/net/sctp/auth.c b/net/sctp/auth.c
index 86366390038a..ddbbf7c81fa1 100644
--- a/net/sctp/auth.c
+++ b/net/sctp/auth.c
@@ -543,16 +543,20 @@ struct sctp_hmac *sctp_auth_asoc_get_hmac(const struct sctp_association *asoc)
                id = ntohs(hmacs->hmac_ids[i]);
                /* Check the id is in the supported range */
-                if (id > SCTP_AUTH_HMAC_ID_MAX)
+                if (id > SCTP_AUTH_HMAC_ID_MAX) {
+                        id = 0;
                        continue;
+                }
                /* See is we support the id.  Supported IDs have name and
                 * length fields set, so that we can allocated and use
                 * them.  We can safely just check for name, for without the
                 * name, we can't allocate the TFM.
                 */
-                if (!sctp_hmac_list[id].hmac_name)
+                if (!sctp_hmac_list[id].hmac_name) {
+                        id = 0;
                        continue;
+                }
                break;
        }
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index d4bf2a78cb8a..e34ca9cc1167 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -918,6 +918,11 @@ SCTP_STATIC int sctp_setsockopt_bindx(struct sock* sk,
        /* Walk through the addrs buffer and count the number of addresses. */
        addr_buf = kaddrs;
        while (walk_size < addrs_size) {
+                if (walk_size + sizeof(sa_family_t) > addrs_size) {
+                        kfree(kaddrs);
+                        return -EINVAL;
+                }
                sa_addr = (struct sockaddr *)addr_buf;
                af = sctp_get_af_specific(sa_addr->sa_family);
@@ -1004,9 +1009,13 @@ static int __sctp_connect(struct sock* sk,
        /* Walk through the addrs buffer and count the number of addresses. */
        addr_buf = kaddrs;
        while (walk_size < addrs_size) {
+                if (walk_size + sizeof(sa_family_t) > addrs_size) {
+                        err = -EINVAL;
+                        goto out_free;
+                }
                sa_addr = (union sctp_addr *)addr_buf;
                af = sctp_get_af_specific(sa_addr->sa.sa_family);
-                port = ntohs(sa_addr->v4.sin_port);
                /* If the address family is not supported or if this address
                 * causes the address buffer to overflow return EINVAL.
@@ -1016,6 +1025,8 @@ static int __sctp_connect(struct sock* sk,
                        goto out_free;
                }
+                port = ntohs(sa_addr->v4.sin_port);
                /* Save current address so we can work with it */
                memcpy(&to, sa_addr, af->sockaddr_len);
author	David S. Miller <davem@davemloft.net>	2010-10-04 14:56:38 -0400
committer	David S. Miller <davem@davemloft.net>	2010-10-04 14:56:38 -0400
commit	21a180cda012e1f93e362dd4a9b0bfd3d8c92940 (patch)
tree	0e0d10baa3fdcd8ffbc6881076ff1695808dad9d /net
parent	c7d4426a98a5f6654cd0b4b33d9dab2e77192c18 (diff)
parent	51e97a12bef19b7e43199fc153cf9bd5f2140362 (diff)