aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorDan Williams <dan.j.williams@intel.com>2009-09-08 20:55:54 -0400
committerDan Williams <dan.j.williams@intel.com>2009-09-08 20:55:54 -0400
commit9134d02bc0af4a8747d448d1f811ec5f8eb96df6 (patch)
tree704c3e5dcc10f360815c4868a74711f82fb62e27 /net
parentbbb20089a3275a19e475dbc21320c3742e3ca423 (diff)
parent80ffb3cceaefa405f2ecd46d66500ed8d53efe74 (diff)
Merge commit 'md/for-linus' into async-tx-next
Conflicts: drivers/md/raid5.c
Diffstat (limited to 'net')
-rw-r--r--net/9p/client.c13
-rw-r--r--net/9p/trans_fd.c14
-rw-r--r--net/appletalk/ddp.c1
-rw-r--r--net/atm/common.c6
-rw-r--r--net/bluetooth/rfcomm/core.c27
-rw-r--r--net/bluetooth/rfcomm/sock.c2
-rw-r--r--net/bridge/br.c2
-rw-r--r--net/bridge/br_if.c2
-rw-r--r--net/can/bcm.c4
-rw-r--r--net/can/raw.c4
-rw-r--r--net/core/datagram.c2
-rw-r--r--net/core/dev.c31
-rw-r--r--net/core/net_namespace.c2
-rw-r--r--net/core/netpoll.c2
-rw-r--r--net/core/sock.c49
-rw-r--r--net/dccp/output.c2
-rw-r--r--net/dccp/proto.c6
-rw-r--r--net/decnet/af_decnet.c2
-rw-r--r--net/dsa/mv88e6xxx.c2
-rw-r--r--net/ieee802154/netlink.c6
-rw-r--r--net/ipv4/arp.c11
-rw-r--r--net/ipv4/fib_trie.c7
-rw-r--r--net/ipv4/ip_gre.c4
-rw-r--r--net/ipv4/ip_input.c3
-rw-r--r--net/ipv4/ip_output.c1
-rw-r--r--net/ipv4/netfilter/nf_nat_helper.c17
-rw-r--r--net/ipv4/tcp.c17
-rw-r--r--net/ipv4/tcp_ipv4.c3
-rw-r--r--net/ipv4/tcp_minisocks.c3
-rw-r--r--net/ipv4/tcp_output.c5
-rw-r--r--net/ipv4/xfrm4_policy.c3
-rw-r--r--net/ipv6/addrconf.c35
-rw-r--r--net/ipv6/af_inet6.c2
-rw-r--r--net/ipv6/ip6_input.c3
-rw-r--r--net/ipv6/ip6_output.c1
-rw-r--r--net/ipv6/sit.c1
-rw-r--r--net/ipv6/tcp_ipv6.c3
-rw-r--r--net/ipv6/xfrm6_policy.c6
-rw-r--r--net/ipx/af_ipx.c1
-rw-r--r--net/irda/af_irda.c1
-rw-r--r--net/irda/irnet/irnet.h1
-rw-r--r--net/irda/irnet/irnet_ppp.c1
-rw-r--r--net/irda/irttp.c1
-rw-r--r--net/iucv/af_iucv.c4
-rw-r--r--net/mac80211/Kconfig1
-rw-r--r--net/mac80211/mesh.c2
-rw-r--r--net/mac80211/mesh_hwmp.c2
-rw-r--r--net/mac80211/mesh_pathtbl.c11
-rw-r--r--net/mac80211/mlme.c2
-rw-r--r--net/mac80211/pm.c24
-rw-r--r--net/mac80211/rc80211_minstrel.c5
-rw-r--r--net/mac80211/rx.c12
-rw-r--r--net/mac80211/tx.c2
-rw-r--r--net/netfilter/nf_conntrack_core.c21
-rw-r--r--net/netfilter/nf_conntrack_expect.c4
-rw-r--r--net/netfilter/nf_conntrack_extend.c2
-rw-r--r--net/netfilter/nf_conntrack_proto_tcp.c6
-rw-r--r--net/netfilter/xt_conntrack.c66
-rw-r--r--net/netfilter/xt_osf.c5
-rw-r--r--net/netlabel/netlabel_kapi.c2
-rw-r--r--net/phonet/pn_dev.c52
-rw-r--r--net/phonet/pn_netlink.c4
-rw-r--r--net/rfkill/core.c31
-rw-r--r--net/rose/af_rose.c18
-rw-r--r--net/rose/rose_route.c23
-rw-r--r--net/rxrpc/af_rxrpc.c4
-rw-r--r--net/sctp/output.c2
-rw-r--r--net/sctp/socket.c25
-rw-r--r--net/sunrpc/clnt.c1
-rw-r--r--net/sunrpc/sched.c1
-rw-r--r--net/sunrpc/sunrpc_syms.c1
-rw-r--r--net/sunrpc/svc_xprt.c1
-rw-r--r--net/unix/af_unix.c8
-rw-r--r--net/wanrouter/wanmain.c1
-rw-r--r--net/wireless/nl80211.c6
-rw-r--r--net/wireless/reg.c9
-rw-r--r--net/wireless/reg.h3
-rw-r--r--net/wireless/scan.c8
-rw-r--r--net/x25/af_x25.c1
-rw-r--r--net/xfrm/xfrm_algo.c4
-rw-r--r--net/xfrm/xfrm_state.c57
81 files changed, 464 insertions, 276 deletions
diff --git a/net/9p/client.c b/net/9p/client.c
index dd43a8289b0d..787ccddb85ea 100644
--- a/net/9p/client.c
+++ b/net/9p/client.c
@@ -117,9 +117,6 @@ static int parse_opts(char *opts, struct p9_client *clnt)
117 } 117 }
118 } 118 }
119 119
120 if (!clnt->trans_mod)
121 clnt->trans_mod = v9fs_get_default_trans();
122
123 kfree(options); 120 kfree(options);
124 return ret; 121 return ret;
125} 122}
@@ -689,6 +686,9 @@ struct p9_client *p9_client_create(const char *dev_name, char *options)
689 if (err < 0) 686 if (err < 0)
690 goto error; 687 goto error;
691 688
689 if (!clnt->trans_mod)
690 clnt->trans_mod = v9fs_get_default_trans();
691
692 if (clnt->trans_mod == NULL) { 692 if (clnt->trans_mod == NULL) {
693 err = -EPROTONOSUPPORT; 693 err = -EPROTONOSUPPORT;
694 P9_DPRINTK(P9_DEBUG_ERROR, 694 P9_DPRINTK(P9_DEBUG_ERROR,
@@ -1098,7 +1098,6 @@ p9_client_read(struct p9_fid *fid, char *data, char __user *udata, u64 offset,
1098 1098
1099 if (data) { 1099 if (data) {
1100 memmove(data, dataptr, count); 1100 memmove(data, dataptr, count);
1101 data += count;
1102 } 1101 }
1103 1102
1104 if (udata) { 1103 if (udata) {
@@ -1192,9 +1191,9 @@ struct p9_wstat *p9_client_stat(struct p9_fid *fid)
1192 1191
1193 err = p9pdu_readf(req->rc, clnt->dotu, "wS", &ignored, ret); 1192 err = p9pdu_readf(req->rc, clnt->dotu, "wS", &ignored, ret);
1194 if (err) { 1193 if (err) {
1195 ret = ERR_PTR(err);
1196 p9pdu_dump(1, req->rc); 1194 p9pdu_dump(1, req->rc);
1197 goto free_and_error; 1195 p9_free_req(clnt, req);
1196 goto error;
1198 } 1197 }
1199 1198
1200 P9_DPRINTK(P9_DEBUG_9P, 1199 P9_DPRINTK(P9_DEBUG_9P,
@@ -1211,8 +1210,6 @@ struct p9_wstat *p9_client_stat(struct p9_fid *fid)
1211 p9_free_req(clnt, req); 1210 p9_free_req(clnt, req);
1212 return ret; 1211 return ret;
1213 1212
1214free_and_error:
1215 p9_free_req(clnt, req);
1216error: 1213error:
1217 kfree(ret); 1214 kfree(ret);
1218 return ERR_PTR(err); 1215 return ERR_PTR(err);
diff --git a/net/9p/trans_fd.c b/net/9p/trans_fd.c
index a2a1814c7a8d..8c2588e4edc0 100644
--- a/net/9p/trans_fd.c
+++ b/net/9p/trans_fd.c
@@ -735,12 +735,14 @@ static int parse_opts(char *params, struct p9_fd_opts *opts)
735 if (!*p) 735 if (!*p)
736 continue; 736 continue;
737 token = match_token(p, tokens, args); 737 token = match_token(p, tokens, args);
738 r = match_int(&args[0], &option); 738 if (token != Opt_err) {
739 if (r < 0) { 739 r = match_int(&args[0], &option);
740 P9_DPRINTK(P9_DEBUG_ERROR, 740 if (r < 0) {
741 "integer field, but no integer?\n"); 741 P9_DPRINTK(P9_DEBUG_ERROR,
742 ret = r; 742 "integer field, but no integer?\n");
743 continue; 743 ret = r;
744 continue;
745 }
744 } 746 }
745 switch (token) { 747 switch (token) {
746 case Opt_port: 748 case Opt_port:
diff --git a/net/appletalk/ddp.c b/net/appletalk/ddp.c
index 590b83963622..bfbe13786bb4 100644
--- a/net/appletalk/ddp.c
+++ b/net/appletalk/ddp.c
@@ -54,6 +54,7 @@
54#include <linux/capability.h> 54#include <linux/capability.h>
55#include <linux/module.h> 55#include <linux/module.h>
56#include <linux/if_arp.h> 56#include <linux/if_arp.h>
57#include <linux/smp_lock.h>
57#include <linux/termios.h> /* For TIOCOUTQ/INQ */ 58#include <linux/termios.h> /* For TIOCOUTQ/INQ */
58#include <net/datalink.h> 59#include <net/datalink.h>
59#include <net/psnap.h> 60#include <net/psnap.h>
diff --git a/net/atm/common.c b/net/atm/common.c
index c1c97936192c..8c4d843eb17f 100644
--- a/net/atm/common.c
+++ b/net/atm/common.c
@@ -92,7 +92,7 @@ static void vcc_sock_destruct(struct sock *sk)
92static void vcc_def_wakeup(struct sock *sk) 92static void vcc_def_wakeup(struct sock *sk)
93{ 93{
94 read_lock(&sk->sk_callback_lock); 94 read_lock(&sk->sk_callback_lock);
95 if (sk->sk_sleep && waitqueue_active(sk->sk_sleep)) 95 if (sk_has_sleeper(sk))
96 wake_up(sk->sk_sleep); 96 wake_up(sk->sk_sleep);
97 read_unlock(&sk->sk_callback_lock); 97 read_unlock(&sk->sk_callback_lock);
98} 98}
@@ -110,7 +110,7 @@ static void vcc_write_space(struct sock *sk)
110 read_lock(&sk->sk_callback_lock); 110 read_lock(&sk->sk_callback_lock);
111 111
112 if (vcc_writable(sk)) { 112 if (vcc_writable(sk)) {
113 if (sk->sk_sleep && waitqueue_active(sk->sk_sleep)) 113 if (sk_has_sleeper(sk))
114 wake_up_interruptible(sk->sk_sleep); 114 wake_up_interruptible(sk->sk_sleep);
115 115
116 sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT); 116 sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT);
@@ -594,7 +594,7 @@ unsigned int vcc_poll(struct file *file, struct socket *sock, poll_table *wait)
594 struct atm_vcc *vcc; 594 struct atm_vcc *vcc;
595 unsigned int mask; 595 unsigned int mask;
596 596
597 poll_wait(file, sk->sk_sleep, wait); 597 sock_poll_wait(file, sk->sk_sleep, wait);
598 mask = 0; 598 mask = 0;
599 599
600 vcc = ATM_SD(sock); 600 vcc = ATM_SD(sock);
diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c
index e50566ebf9f9..94b3388c188b 100644
--- a/net/bluetooth/rfcomm/core.c
+++ b/net/bluetooth/rfcomm/core.c
@@ -2080,28 +2080,41 @@ static CLASS_ATTR(rfcomm_dlc, S_IRUGO, rfcomm_dlc_sysfs_show, NULL);
2080/* ---- Initialization ---- */ 2080/* ---- Initialization ---- */
2081static int __init rfcomm_init(void) 2081static int __init rfcomm_init(void)
2082{ 2082{
2083 int ret;
2084
2083 l2cap_load(); 2085 l2cap_load();
2084 2086
2085 hci_register_cb(&rfcomm_cb); 2087 hci_register_cb(&rfcomm_cb);
2086 2088
2087 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd"); 2089 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2088 if (IS_ERR(rfcomm_thread)) { 2090 if (IS_ERR(rfcomm_thread)) {
2089 hci_unregister_cb(&rfcomm_cb); 2091 ret = PTR_ERR(rfcomm_thread);
2090 return PTR_ERR(rfcomm_thread); 2092 goto out_thread;
2091 } 2093 }
2092 2094
2093 if (class_create_file(bt_class, &class_attr_rfcomm_dlc) < 0) 2095 if (class_create_file(bt_class, &class_attr_rfcomm_dlc) < 0)
2094 BT_ERR("Failed to create RFCOMM info file"); 2096 BT_ERR("Failed to create RFCOMM info file");
2095 2097
2096 rfcomm_init_sockets(); 2098 ret = rfcomm_init_ttys();
2099 if (ret)
2100 goto out_tty;
2097 2101
2098#ifdef CONFIG_BT_RFCOMM_TTY 2102 ret = rfcomm_init_sockets();
2099 rfcomm_init_ttys(); 2103 if (ret)
2100#endif 2104 goto out_sock;
2101 2105
2102 BT_INFO("RFCOMM ver %s", VERSION); 2106 BT_INFO("RFCOMM ver %s", VERSION);
2103 2107
2104 return 0; 2108 return 0;
2109
2110out_sock:
2111 rfcomm_cleanup_ttys();
2112out_tty:
2113 kthread_stop(rfcomm_thread);
2114out_thread:
2115 hci_unregister_cb(&rfcomm_cb);
2116
2117 return ret;
2105} 2118}
2106 2119
2107static void __exit rfcomm_exit(void) 2120static void __exit rfcomm_exit(void)
@@ -2112,9 +2125,7 @@ static void __exit rfcomm_exit(void)
2112 2125
2113 kthread_stop(rfcomm_thread); 2126 kthread_stop(rfcomm_thread);
2114 2127
2115#ifdef CONFIG_BT_RFCOMM_TTY
2116 rfcomm_cleanup_ttys(); 2128 rfcomm_cleanup_ttys();
2117#endif
2118 2129
2119 rfcomm_cleanup_sockets(); 2130 rfcomm_cleanup_sockets();
2120} 2131}
diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c
index 7f482784e9f7..0b85e8116859 100644
--- a/net/bluetooth/rfcomm/sock.c
+++ b/net/bluetooth/rfcomm/sock.c
@@ -1132,7 +1132,7 @@ error:
1132 return err; 1132 return err;
1133} 1133}
1134 1134
1135void __exit rfcomm_cleanup_sockets(void) 1135void rfcomm_cleanup_sockets(void)
1136{ 1136{
1137 class_remove_file(bt_class, &class_attr_rfcomm); 1137 class_remove_file(bt_class, &class_attr_rfcomm);
1138 1138
diff --git a/net/bridge/br.c b/net/bridge/br.c
index 9aac5213105a..e1241c76239a 100644
--- a/net/bridge/br.c
+++ b/net/bridge/br.c
@@ -93,7 +93,7 @@ static void __exit br_deinit(void)
93 93
94 unregister_pernet_subsys(&br_net_ops); 94 unregister_pernet_subsys(&br_net_ops);
95 95
96 synchronize_net(); 96 rcu_barrier(); /* Wait for completion of call_rcu()'s */
97 97
98 br_netfilter_fini(); 98 br_netfilter_fini();
99#if defined(CONFIG_ATM_LANE) || defined(CONFIG_ATM_LANE_MODULE) 99#if defined(CONFIG_ATM_LANE) || defined(CONFIG_ATM_LANE_MODULE)
diff --git a/net/bridge/br_if.c b/net/bridge/br_if.c
index 8a96672e2c5c..eb404dc3ed6e 100644
--- a/net/bridge/br_if.c
+++ b/net/bridge/br_if.c
@@ -424,7 +424,7 @@ int br_add_if(struct net_bridge *br, struct net_device *dev)
424err2: 424err2:
425 br_fdb_delete_by_port(br, p, 1); 425 br_fdb_delete_by_port(br, p, 1);
426err1: 426err1:
427 kobject_del(&p->kobj); 427 kobject_put(&p->kobj);
428err0: 428err0:
429 dev_set_promiscuity(dev, -1); 429 dev_set_promiscuity(dev, -1);
430put_back: 430put_back:
diff --git a/net/can/bcm.c b/net/can/bcm.c
index 95d7f32643ae..72720c710351 100644
--- a/net/can/bcm.c
+++ b/net/can/bcm.c
@@ -75,6 +75,7 @@ static __initdata const char banner[] = KERN_INFO
75MODULE_DESCRIPTION("PF_CAN broadcast manager protocol"); 75MODULE_DESCRIPTION("PF_CAN broadcast manager protocol");
76MODULE_LICENSE("Dual BSD/GPL"); 76MODULE_LICENSE("Dual BSD/GPL");
77MODULE_AUTHOR("Oliver Hartkopp <oliver.hartkopp@volkswagen.de>"); 77MODULE_AUTHOR("Oliver Hartkopp <oliver.hartkopp@volkswagen.de>");
78MODULE_ALIAS("can-proto-2");
78 79
79/* easy access to can_frame payload */ 80/* easy access to can_frame payload */
80static inline u64 GET_U64(const struct can_frame *cp) 81static inline u64 GET_U64(const struct can_frame *cp)
@@ -1469,6 +1470,9 @@ static int bcm_release(struct socket *sock)
1469 bo->ifindex = 0; 1470 bo->ifindex = 0;
1470 } 1471 }
1471 1472
1473 sock_orphan(sk);
1474 sock->sk = NULL;
1475
1472 release_sock(sk); 1476 release_sock(sk);
1473 sock_put(sk); 1477 sock_put(sk);
1474 1478
diff --git a/net/can/raw.c b/net/can/raw.c
index 6aa154e806ae..f4cc44548bda 100644
--- a/net/can/raw.c
+++ b/net/can/raw.c
@@ -62,6 +62,7 @@ static __initdata const char banner[] =
62MODULE_DESCRIPTION("PF_CAN raw protocol"); 62MODULE_DESCRIPTION("PF_CAN raw protocol");
63MODULE_LICENSE("Dual BSD/GPL"); 63MODULE_LICENSE("Dual BSD/GPL");
64MODULE_AUTHOR("Urs Thuermann <urs.thuermann@volkswagen.de>"); 64MODULE_AUTHOR("Urs Thuermann <urs.thuermann@volkswagen.de>");
65MODULE_ALIAS("can-proto-1");
65 66
66#define MASK_ALL 0 67#define MASK_ALL 0
67 68
@@ -306,6 +307,9 @@ static int raw_release(struct socket *sock)
306 ro->bound = 0; 307 ro->bound = 0;
307 ro->count = 0; 308 ro->count = 0;
308 309
310 sock_orphan(sk);
311 sock->sk = NULL;
312
309 release_sock(sk); 313 release_sock(sk);
310 sock_put(sk); 314 sock_put(sk);
311 315
diff --git a/net/core/datagram.c b/net/core/datagram.c
index 58abee1f1df1..b0fe69211eef 100644
--- a/net/core/datagram.c
+++ b/net/core/datagram.c
@@ -712,7 +712,7 @@ unsigned int datagram_poll(struct file *file, struct socket *sock,
712 struct sock *sk = sock->sk; 712 struct sock *sk = sock->sk;
713 unsigned int mask; 713 unsigned int mask;
714 714
715 poll_wait(file, sk->sk_sleep, wait); 715 sock_poll_wait(file, sk->sk_sleep, wait);
716 mask = 0; 716 mask = 0;
717 717
718 /* exceptional events? */ 718 /* exceptional events? */
diff --git a/net/core/dev.c b/net/core/dev.c
index 60b572812278..6a94475aee85 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -2823,9 +2823,11 @@ static void net_rx_action(struct softirq_action *h)
2823 * move the instance around on the list at-will. 2823 * move the instance around on the list at-will.
2824 */ 2824 */
2825 if (unlikely(work == weight)) { 2825 if (unlikely(work == weight)) {
2826 if (unlikely(napi_disable_pending(n))) 2826 if (unlikely(napi_disable_pending(n))) {
2827 __napi_complete(n); 2827 local_irq_enable();
2828 else 2828 napi_complete(n);
2829 local_irq_disable();
2830 } else
2829 list_move_tail(&n->poll_list, list); 2831 list_move_tail(&n->poll_list, list);
2830 } 2832 }
2831 2833
@@ -3863,10 +3865,12 @@ int dev_unicast_delete(struct net_device *dev, void *addr)
3863 3865
3864 ASSERT_RTNL(); 3866 ASSERT_RTNL();
3865 3867
3868 netif_addr_lock_bh(dev);
3866 err = __hw_addr_del(&dev->uc, addr, dev->addr_len, 3869 err = __hw_addr_del(&dev->uc, addr, dev->addr_len,
3867 NETDEV_HW_ADDR_T_UNICAST); 3870 NETDEV_HW_ADDR_T_UNICAST);
3868 if (!err) 3871 if (!err)
3869 __dev_set_rx_mode(dev); 3872 __dev_set_rx_mode(dev);
3873 netif_addr_unlock_bh(dev);
3870 return err; 3874 return err;
3871} 3875}
3872EXPORT_SYMBOL(dev_unicast_delete); 3876EXPORT_SYMBOL(dev_unicast_delete);
@@ -3887,10 +3891,12 @@ int dev_unicast_add(struct net_device *dev, void *addr)
3887 3891
3888 ASSERT_RTNL(); 3892 ASSERT_RTNL();
3889 3893
3894 netif_addr_lock_bh(dev);
3890 err = __hw_addr_add(&dev->uc, addr, dev->addr_len, 3895 err = __hw_addr_add(&dev->uc, addr, dev->addr_len,
3891 NETDEV_HW_ADDR_T_UNICAST); 3896 NETDEV_HW_ADDR_T_UNICAST);
3892 if (!err) 3897 if (!err)
3893 __dev_set_rx_mode(dev); 3898 __dev_set_rx_mode(dev);
3899 netif_addr_unlock_bh(dev);
3894 return err; 3900 return err;
3895} 3901}
3896EXPORT_SYMBOL(dev_unicast_add); 3902EXPORT_SYMBOL(dev_unicast_add);
@@ -3947,7 +3953,8 @@ void __dev_addr_unsync(struct dev_addr_list **to, int *to_count,
3947 * @from: source device 3953 * @from: source device
3948 * 3954 *
3949 * Add newly added addresses to the destination device and release 3955 * Add newly added addresses to the destination device and release
3950 * addresses that have no users left. 3956 * addresses that have no users left. The source device must be
3957 * locked by netif_tx_lock_bh.
3951 * 3958 *
3952 * This function is intended to be called from the dev->set_rx_mode 3959 * This function is intended to be called from the dev->set_rx_mode
3953 * function of layered software devices. 3960 * function of layered software devices.
@@ -3956,14 +3963,14 @@ int dev_unicast_sync(struct net_device *to, struct net_device *from)
3956{ 3963{
3957 int err = 0; 3964 int err = 0;
3958 3965
3959 ASSERT_RTNL();
3960
3961 if (to->addr_len != from->addr_len) 3966 if (to->addr_len != from->addr_len)
3962 return -EINVAL; 3967 return -EINVAL;
3963 3968
3969 netif_addr_lock_bh(to);
3964 err = __hw_addr_sync(&to->uc, &from->uc, to->addr_len); 3970 err = __hw_addr_sync(&to->uc, &from->uc, to->addr_len);
3965 if (!err) 3971 if (!err)
3966 __dev_set_rx_mode(to); 3972 __dev_set_rx_mode(to);
3973 netif_addr_unlock_bh(to);
3967 return err; 3974 return err;
3968} 3975}
3969EXPORT_SYMBOL(dev_unicast_sync); 3976EXPORT_SYMBOL(dev_unicast_sync);
@@ -3979,27 +3986,27 @@ EXPORT_SYMBOL(dev_unicast_sync);
3979 */ 3986 */
3980void dev_unicast_unsync(struct net_device *to, struct net_device *from) 3987void dev_unicast_unsync(struct net_device *to, struct net_device *from)
3981{ 3988{
3982 ASSERT_RTNL();
3983
3984 if (to->addr_len != from->addr_len) 3989 if (to->addr_len != from->addr_len)
3985 return; 3990 return;
3986 3991
3992 netif_addr_lock_bh(from);
3993 netif_addr_lock(to);
3987 __hw_addr_unsync(&to->uc, &from->uc, to->addr_len); 3994 __hw_addr_unsync(&to->uc, &from->uc, to->addr_len);
3988 __dev_set_rx_mode(to); 3995 __dev_set_rx_mode(to);
3996 netif_addr_unlock(to);
3997 netif_addr_unlock_bh(from);
3989} 3998}
3990EXPORT_SYMBOL(dev_unicast_unsync); 3999EXPORT_SYMBOL(dev_unicast_unsync);
3991 4000
3992static void dev_unicast_flush(struct net_device *dev) 4001static void dev_unicast_flush(struct net_device *dev)
3993{ 4002{
3994 /* rtnl_mutex must be held here */ 4003 netif_addr_lock_bh(dev);
3995
3996 __hw_addr_flush(&dev->uc); 4004 __hw_addr_flush(&dev->uc);
4005 netif_addr_unlock_bh(dev);
3997} 4006}
3998 4007
3999static void dev_unicast_init(struct net_device *dev) 4008static void dev_unicast_init(struct net_device *dev)
4000{ 4009{
4001 /* rtnl_mutex must be held here */
4002
4003 __hw_addr_init(&dev->uc); 4010 __hw_addr_init(&dev->uc);
4004} 4011}
4005 4012
diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c
index b7292a2719dc..197283072cc8 100644
--- a/net/core/net_namespace.c
+++ b/net/core/net_namespace.c
@@ -488,7 +488,7 @@ int net_assign_generic(struct net *net, int id, void *data)
488 */ 488 */
489 489
490 ng->len = id; 490 ng->len = id;
491 memcpy(&ng->ptr, &old_ng->ptr, old_ng->len); 491 memcpy(&ng->ptr, &old_ng->ptr, old_ng->len * sizeof(void*));
492 492
493 rcu_assign_pointer(net->gen, ng); 493 rcu_assign_pointer(net->gen, ng);
494 call_rcu(&old_ng->rcu, net_generic_release); 494 call_rcu(&old_ng->rcu, net_generic_release);
diff --git a/net/core/netpoll.c b/net/core/netpoll.c
index 9675f312830d..df30feb2fc72 100644
--- a/net/core/netpoll.c
+++ b/net/core/netpoll.c
@@ -740,7 +740,7 @@ int netpoll_setup(struct netpoll *np)
740 np->name); 740 np->name);
741 break; 741 break;
742 } 742 }
743 cond_resched(); 743 msleep(1);
744 } 744 }
745 745
746 /* If carrier appears to come up instantly, we don't 746 /* If carrier appears to come up instantly, we don't
diff --git a/net/core/sock.c b/net/core/sock.c
index b0ba569bc973..bbb25be7ddfe 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -631,7 +631,7 @@ set_rcvbuf:
631 631
632 case SO_TIMESTAMPING: 632 case SO_TIMESTAMPING:
633 if (val & ~SOF_TIMESTAMPING_MASK) { 633 if (val & ~SOF_TIMESTAMPING_MASK) {
634 ret = EINVAL; 634 ret = -EINVAL;
635 break; 635 break;
636 } 636 }
637 sock_valbool_flag(sk, SOCK_TIMESTAMPING_TX_HARDWARE, 637 sock_valbool_flag(sk, SOCK_TIMESTAMPING_TX_HARDWARE,
@@ -919,13 +919,19 @@ static inline void sock_lock_init(struct sock *sk)
919 af_family_keys + sk->sk_family); 919 af_family_keys + sk->sk_family);
920} 920}
921 921
922/*
923 * Copy all fields from osk to nsk but nsk->sk_refcnt must not change yet,
924 * even temporarly, because of RCU lookups. sk_node should also be left as is.
925 */
922static void sock_copy(struct sock *nsk, const struct sock *osk) 926static void sock_copy(struct sock *nsk, const struct sock *osk)
923{ 927{
924#ifdef CONFIG_SECURITY_NETWORK 928#ifdef CONFIG_SECURITY_NETWORK
925 void *sptr = nsk->sk_security; 929 void *sptr = nsk->sk_security;
926#endif 930#endif
927 931 BUILD_BUG_ON(offsetof(struct sock, sk_copy_start) !=
928 memcpy(nsk, osk, osk->sk_prot->obj_size); 932 sizeof(osk->sk_node) + sizeof(osk->sk_refcnt));
933 memcpy(&nsk->sk_copy_start, &osk->sk_copy_start,
934 osk->sk_prot->obj_size - offsetof(struct sock, sk_copy_start));
929#ifdef CONFIG_SECURITY_NETWORK 935#ifdef CONFIG_SECURITY_NETWORK
930 nsk->sk_security = sptr; 936 nsk->sk_security = sptr;
931 security_sk_clone(osk, nsk); 937 security_sk_clone(osk, nsk);
@@ -939,8 +945,23 @@ static struct sock *sk_prot_alloc(struct proto *prot, gfp_t priority,
939 struct kmem_cache *slab; 945 struct kmem_cache *slab;
940 946
941 slab = prot->slab; 947 slab = prot->slab;
942 if (slab != NULL) 948 if (slab != NULL) {
943 sk = kmem_cache_alloc(slab, priority); 949 sk = kmem_cache_alloc(slab, priority & ~__GFP_ZERO);
950 if (!sk)
951 return sk;
952 if (priority & __GFP_ZERO) {
953 /*
954 * caches using SLAB_DESTROY_BY_RCU should let
955 * sk_node.next un-modified. Special care is taken
956 * when initializing object to zero.
957 */
958 if (offsetof(struct sock, sk_node.next) != 0)
959 memset(sk, 0, offsetof(struct sock, sk_node.next));
960 memset(&sk->sk_node.pprev, 0,
961 prot->obj_size - offsetof(struct sock,
962 sk_node.pprev));
963 }
964 }
944 else 965 else
945 sk = kmalloc(prot->obj_size, priority); 966 sk = kmalloc(prot->obj_size, priority);
946 967
@@ -1125,6 +1146,11 @@ struct sock *sk_clone(const struct sock *sk, const gfp_t priority)
1125 1146
1126 newsk->sk_err = 0; 1147 newsk->sk_err = 0;
1127 newsk->sk_priority = 0; 1148 newsk->sk_priority = 0;
1149 /*
1150 * Before updating sk_refcnt, we must commit prior changes to memory
1151 * (Documentation/RCU/rculist_nulls.txt for details)
1152 */
1153 smp_wmb();
1128 atomic_set(&newsk->sk_refcnt, 2); 1154 atomic_set(&newsk->sk_refcnt, 2);
1129 1155
1130 /* 1156 /*
@@ -1715,7 +1741,7 @@ EXPORT_SYMBOL(sock_no_sendpage);
1715static void sock_def_wakeup(struct sock *sk) 1741static void sock_def_wakeup(struct sock *sk)
1716{ 1742{
1717 read_lock(&sk->sk_callback_lock); 1743 read_lock(&sk->sk_callback_lock);
1718 if (sk->sk_sleep && waitqueue_active(sk->sk_sleep)) 1744 if (sk_has_sleeper(sk))
1719 wake_up_interruptible_all(sk->sk_sleep); 1745 wake_up_interruptible_all(sk->sk_sleep);
1720 read_unlock(&sk->sk_callback_lock); 1746 read_unlock(&sk->sk_callback_lock);
1721} 1747}
@@ -1723,7 +1749,7 @@ static void sock_def_wakeup(struct sock *sk)
1723static void sock_def_error_report(struct sock *sk) 1749static void sock_def_error_report(struct sock *sk)
1724{ 1750{
1725 read_lock(&sk->sk_callback_lock); 1751 read_lock(&sk->sk_callback_lock);
1726 if (sk->sk_sleep && waitqueue_active(sk->sk_sleep)) 1752 if (sk_has_sleeper(sk))
1727 wake_up_interruptible_poll(sk->sk_sleep, POLLERR); 1753 wake_up_interruptible_poll(sk->sk_sleep, POLLERR);
1728 sk_wake_async(sk, SOCK_WAKE_IO, POLL_ERR); 1754 sk_wake_async(sk, SOCK_WAKE_IO, POLL_ERR);
1729 read_unlock(&sk->sk_callback_lock); 1755 read_unlock(&sk->sk_callback_lock);
@@ -1732,7 +1758,7 @@ static void sock_def_error_report(struct sock *sk)
1732static void sock_def_readable(struct sock *sk, int len) 1758static void sock_def_readable(struct sock *sk, int len)
1733{ 1759{
1734 read_lock(&sk->sk_callback_lock); 1760 read_lock(&sk->sk_callback_lock);
1735 if (sk->sk_sleep && waitqueue_active(sk->sk_sleep)) 1761 if (sk_has_sleeper(sk))
1736 wake_up_interruptible_sync_poll(sk->sk_sleep, POLLIN | 1762 wake_up_interruptible_sync_poll(sk->sk_sleep, POLLIN |
1737 POLLRDNORM | POLLRDBAND); 1763 POLLRDNORM | POLLRDBAND);
1738 sk_wake_async(sk, SOCK_WAKE_WAITD, POLL_IN); 1764 sk_wake_async(sk, SOCK_WAKE_WAITD, POLL_IN);
@@ -1747,7 +1773,7 @@ static void sock_def_write_space(struct sock *sk)
1747 * progress. --DaveM 1773 * progress. --DaveM
1748 */ 1774 */
1749 if ((atomic_read(&sk->sk_wmem_alloc) << 1) <= sk->sk_sndbuf) { 1775 if ((atomic_read(&sk->sk_wmem_alloc) << 1) <= sk->sk_sndbuf) {
1750 if (sk->sk_sleep && waitqueue_active(sk->sk_sleep)) 1776 if (sk_has_sleeper(sk))
1751 wake_up_interruptible_sync_poll(sk->sk_sleep, POLLOUT | 1777 wake_up_interruptible_sync_poll(sk->sk_sleep, POLLOUT |
1752 POLLWRNORM | POLLWRBAND); 1778 POLLWRNORM | POLLWRBAND);
1753 1779
@@ -1840,6 +1866,11 @@ void sock_init_data(struct socket *sock, struct sock *sk)
1840 1866
1841 sk->sk_stamp = ktime_set(-1L, 0); 1867 sk->sk_stamp = ktime_set(-1L, 0);
1842 1868
1869 /*
1870 * Before updating sk_refcnt, we must commit prior changes to memory
1871 * (Documentation/RCU/rculist_nulls.txt for details)
1872 */
1873 smp_wmb();
1843 atomic_set(&sk->sk_refcnt, 1); 1874 atomic_set(&sk->sk_refcnt, 1);
1844 atomic_set(&sk->sk_wmem_alloc, 1); 1875 atomic_set(&sk->sk_wmem_alloc, 1);
1845 atomic_set(&sk->sk_drops, 0); 1876 atomic_set(&sk->sk_drops, 0);
diff --git a/net/dccp/output.c b/net/dccp/output.c
index c0e88c16d088..c96119fda688 100644
--- a/net/dccp/output.c
+++ b/net/dccp/output.c
@@ -196,7 +196,7 @@ void dccp_write_space(struct sock *sk)
196{ 196{
197 read_lock(&sk->sk_callback_lock); 197 read_lock(&sk->sk_callback_lock);
198 198
199 if (sk->sk_sleep && waitqueue_active(sk->sk_sleep)) 199 if (sk_has_sleeper(sk))
200 wake_up_interruptible(sk->sk_sleep); 200 wake_up_interruptible(sk->sk_sleep);
201 /* Should agree with poll, otherwise some programs break */ 201 /* Should agree with poll, otherwise some programs break */
202 if (sock_writeable(sk)) 202 if (sock_writeable(sk))
diff --git a/net/dccp/proto.c b/net/dccp/proto.c
index 314a1b5c033c..3281013ce038 100644
--- a/net/dccp/proto.c
+++ b/net/dccp/proto.c
@@ -311,7 +311,7 @@ unsigned int dccp_poll(struct file *file, struct socket *sock,
311 unsigned int mask; 311 unsigned int mask;
312 struct sock *sk = sock->sk; 312 struct sock *sk = sock->sk;
313 313
314 poll_wait(file, sk->sk_sleep, wait); 314 sock_poll_wait(file, sk->sk_sleep, wait);
315 if (sk->sk_state == DCCP_LISTEN) 315 if (sk->sk_state == DCCP_LISTEN)
316 return inet_csk_listen_poll(sk); 316 return inet_csk_listen_poll(sk);
317 317
@@ -1066,7 +1066,7 @@ static int __init dccp_init(void)
1066 (dccp_hashinfo.ehash_size - 1)) 1066 (dccp_hashinfo.ehash_size - 1))
1067 dccp_hashinfo.ehash_size--; 1067 dccp_hashinfo.ehash_size--;
1068 dccp_hashinfo.ehash = (struct inet_ehash_bucket *) 1068 dccp_hashinfo.ehash = (struct inet_ehash_bucket *)
1069 __get_free_pages(GFP_ATOMIC, ehash_order); 1069 __get_free_pages(GFP_ATOMIC|__GFP_NOWARN, ehash_order);
1070 } while (!dccp_hashinfo.ehash && --ehash_order > 0); 1070 } while (!dccp_hashinfo.ehash && --ehash_order > 0);
1071 1071
1072 if (!dccp_hashinfo.ehash) { 1072 if (!dccp_hashinfo.ehash) {
@@ -1091,7 +1091,7 @@ static int __init dccp_init(void)
1091 bhash_order > 0) 1091 bhash_order > 0)
1092 continue; 1092 continue;
1093 dccp_hashinfo.bhash = (struct inet_bind_hashbucket *) 1093 dccp_hashinfo.bhash = (struct inet_bind_hashbucket *)
1094 __get_free_pages(GFP_ATOMIC, bhash_order); 1094 __get_free_pages(GFP_ATOMIC|__GFP_NOWARN, bhash_order);
1095 } while (!dccp_hashinfo.bhash && --bhash_order >= 0); 1095 } while (!dccp_hashinfo.bhash && --bhash_order >= 0);
1096 1096
1097 if (!dccp_hashinfo.bhash) { 1097 if (!dccp_hashinfo.bhash) {
diff --git a/net/decnet/af_decnet.c b/net/decnet/af_decnet.c
index d351b8db0df5..77d40289653c 100644
--- a/net/decnet/af_decnet.c
+++ b/net/decnet/af_decnet.c
@@ -2413,6 +2413,8 @@ static void __exit decnet_exit(void)
2413 proc_net_remove(&init_net, "decnet"); 2413 proc_net_remove(&init_net, "decnet");
2414 2414
2415 proto_unregister(&dn_proto); 2415 proto_unregister(&dn_proto);
2416
2417 rcu_barrier_bh(); /* Wait for completion of call_rcu_bh()'s */
2416} 2418}
2417module_exit(decnet_exit); 2419module_exit(decnet_exit);
2418#endif 2420#endif
diff --git a/net/dsa/mv88e6xxx.c b/net/dsa/mv88e6xxx.c
index 4e4d8b5ad03d..efe661a9def4 100644
--- a/net/dsa/mv88e6xxx.c
+++ b/net/dsa/mv88e6xxx.c
@@ -418,7 +418,7 @@ static int mv88e6xxx_stats_wait(struct dsa_switch *ds)
418 int i; 418 int i;
419 419
420 for (i = 0; i < 10; i++) { 420 for (i = 0; i < 10; i++) {
421 ret = REG_READ(REG_GLOBAL2, 0x1d); 421 ret = REG_READ(REG_GLOBAL, 0x1d);
422 if ((ret & 0x8000) == 0) 422 if ((ret & 0x8000) == 0)
423 return 0; 423 return 0;
424 } 424 }
diff --git a/net/ieee802154/netlink.c b/net/ieee802154/netlink.c
index 105ad10876af..27eda9fdf3c2 100644
--- a/net/ieee802154/netlink.c
+++ b/net/ieee802154/netlink.c
@@ -276,6 +276,9 @@ static struct net_device *ieee802154_nl_get_dev(struct genl_info *info)
276 else 276 else
277 return NULL; 277 return NULL;
278 278
279 if (!dev)
280 return NULL;
281
279 if (dev->type != ARPHRD_IEEE802154) { 282 if (dev->type != ARPHRD_IEEE802154) {
280 dev_put(dev); 283 dev_put(dev);
281 return NULL; 284 return NULL;
@@ -521,3 +524,6 @@ static void __exit ieee802154_nl_exit(void)
521} 524}
522module_exit(ieee802154_nl_exit); 525module_exit(ieee802154_nl_exit);
523 526
527MODULE_LICENSE("GPL v2");
528MODULE_DESCRIPTION("ieee 802.15.4 configuration interface");
529
diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c
index 8a3881e28aca..090e9991ac2a 100644
--- a/net/ipv4/arp.c
+++ b/net/ipv4/arp.c
@@ -801,11 +801,8 @@ static int arp_process(struct sk_buff *skb)
801 * cache. 801 * cache.
802 */ 802 */
803 803
804 /* 804 /* Special case: IPv4 duplicate address detection packet (RFC2131) */
805 * Special case: IPv4 duplicate address detection packet (RFC2131) 805 if (sip == 0) {
806 * and Gratuitous ARP/ARP Announce. (RFC3927, Section 2.4)
807 */
808 if (sip == 0 || tip == sip) {
809 if (arp->ar_op == htons(ARPOP_REQUEST) && 806 if (arp->ar_op == htons(ARPOP_REQUEST) &&
810 inet_addr_type(net, tip) == RTN_LOCAL && 807 inet_addr_type(net, tip) == RTN_LOCAL &&
811 !arp_ignore(in_dev, sip, tip)) 808 !arp_ignore(in_dev, sip, tip))
@@ -1307,7 +1304,9 @@ static void arp_format_neigh_entry(struct seq_file *seq,
1307 hbuffer[k++] = hex_asc_lo(n->ha[j]); 1304 hbuffer[k++] = hex_asc_lo(n->ha[j]);
1308 hbuffer[k++] = ':'; 1305 hbuffer[k++] = ':';
1309 } 1306 }
1310 hbuffer[--k] = 0; 1307 if (k != 0)
1308 --k;
1309 hbuffer[k] = 0;
1311#if defined(CONFIG_AX25) || defined(CONFIG_AX25_MODULE) 1310#if defined(CONFIG_AX25) || defined(CONFIG_AX25_MODULE)
1312 } 1311 }
1313#endif 1312#endif
diff --git a/net/ipv4/fib_trie.c b/net/ipv4/fib_trie.c
index 012cf5a68581..63c2fa7b68c4 100644
--- a/net/ipv4/fib_trie.c
+++ b/net/ipv4/fib_trie.c
@@ -316,8 +316,8 @@ static inline void check_tnode(const struct tnode *tn)
316 316
317static const int halve_threshold = 25; 317static const int halve_threshold = 25;
318static const int inflate_threshold = 50; 318static const int inflate_threshold = 50;
319static const int halve_threshold_root = 8; 319static const int halve_threshold_root = 15;
320static const int inflate_threshold_root = 15; 320static const int inflate_threshold_root = 25;
321 321
322 322
323static void __alias_free_mem(struct rcu_head *head) 323static void __alias_free_mem(struct rcu_head *head)
@@ -1021,6 +1021,9 @@ static void trie_rebalance(struct trie *t, struct tnode *tn)
1021 (struct node *)tn, wasfull); 1021 (struct node *)tn, wasfull);
1022 1022
1023 tp = node_parent((struct node *) tn); 1023 tp = node_parent((struct node *) tn);
1024 if (!tp)
1025 rcu_assign_pointer(t->trie, (struct node *)tn);
1026
1024 tnode_free_flush(); 1027 tnode_free_flush();
1025 if (!tp) 1028 if (!tp)
1026 break; 1029 break;
diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
index 44e2a3d2359a..cb4a0f4bd5e5 100644
--- a/net/ipv4/ip_gre.c
+++ b/net/ipv4/ip_gre.c
@@ -735,10 +735,10 @@ static int ipgre_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
735 } 735 }
736 736
737 tos = tiph->tos; 737 tos = tiph->tos;
738 if (tos&1) { 738 if (tos == 1) {
739 tos = 0;
739 if (skb->protocol == htons(ETH_P_IP)) 740 if (skb->protocol == htons(ETH_P_IP))
740 tos = old_iph->tos; 741 tos = old_iph->tos;
741 tos &= ~1;
742 } 742 }
743 743
744 { 744 {
diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c
index 490ce20faf38..db46b4b5b2b9 100644
--- a/net/ipv4/ip_input.c
+++ b/net/ipv4/ip_input.c
@@ -440,6 +440,9 @@ int ip_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt,
440 /* Remove any debris in the socket control block */ 440 /* Remove any debris in the socket control block */
441 memset(IPCB(skb), 0, sizeof(struct inet_skb_parm)); 441 memset(IPCB(skb), 0, sizeof(struct inet_skb_parm));
442 442
443 /* Must drop socket now because of tproxy. */
444 skb_orphan(skb);
445
443 return NF_HOOK(PF_INET, NF_INET_PRE_ROUTING, skb, dev, NULL, 446 return NF_HOOK(PF_INET, NF_INET_PRE_ROUTING, skb, dev, NULL,
444 ip_rcv_finish); 447 ip_rcv_finish);
445 448
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index 247026282669..7d0821054729 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -1243,7 +1243,6 @@ int ip_push_pending_frames(struct sock *sk)
1243 skb->len += tmp_skb->len; 1243 skb->len += tmp_skb->len;
1244 skb->data_len += tmp_skb->len; 1244 skb->data_len += tmp_skb->len;
1245 skb->truesize += tmp_skb->truesize; 1245 skb->truesize += tmp_skb->truesize;
1246 __sock_put(tmp_skb->sk);
1247 tmp_skb->destructor = NULL; 1246 tmp_skb->destructor = NULL;
1248 tmp_skb->sk = NULL; 1247 tmp_skb->sk = NULL;
1249 } 1248 }
diff --git a/net/ipv4/netfilter/nf_nat_helper.c b/net/ipv4/netfilter/nf_nat_helper.c
index 155c008626c8..09172a65d9b6 100644
--- a/net/ipv4/netfilter/nf_nat_helper.c
+++ b/net/ipv4/netfilter/nf_nat_helper.c
@@ -191,7 +191,8 @@ nf_nat_mangle_tcp_packet(struct sk_buff *skb,
191 ct, ctinfo); 191 ct, ctinfo);
192 /* Tell TCP window tracking about seq change */ 192 /* Tell TCP window tracking about seq change */
193 nf_conntrack_tcp_update(skb, ip_hdrlen(skb), 193 nf_conntrack_tcp_update(skb, ip_hdrlen(skb),
194 ct, CTINFO2DIR(ctinfo)); 194 ct, CTINFO2DIR(ctinfo),
195 (int)rep_len - (int)match_len);
195 196
196 nf_conntrack_event_cache(IPCT_NATSEQADJ, ct); 197 nf_conntrack_event_cache(IPCT_NATSEQADJ, ct);
197 } 198 }
@@ -377,6 +378,7 @@ nf_nat_seq_adjust(struct sk_buff *skb,
377 struct tcphdr *tcph; 378 struct tcphdr *tcph;
378 int dir; 379 int dir;
379 __be32 newseq, newack; 380 __be32 newseq, newack;
381 s16 seqoff, ackoff;
380 struct nf_conn_nat *nat = nfct_nat(ct); 382 struct nf_conn_nat *nat = nfct_nat(ct);
381 struct nf_nat_seq *this_way, *other_way; 383 struct nf_nat_seq *this_way, *other_way;
382 384
@@ -390,15 +392,18 @@ nf_nat_seq_adjust(struct sk_buff *skb,
390 392
391 tcph = (void *)skb->data + ip_hdrlen(skb); 393 tcph = (void *)skb->data + ip_hdrlen(skb);
392 if (after(ntohl(tcph->seq), this_way->correction_pos)) 394 if (after(ntohl(tcph->seq), this_way->correction_pos))
393 newseq = htonl(ntohl(tcph->seq) + this_way->offset_after); 395 seqoff = this_way->offset_after;
394 else 396 else
395 newseq = htonl(ntohl(tcph->seq) + this_way->offset_before); 397 seqoff = this_way->offset_before;
396 398
397 if (after(ntohl(tcph->ack_seq) - other_way->offset_before, 399 if (after(ntohl(tcph->ack_seq) - other_way->offset_before,
398 other_way->correction_pos)) 400 other_way->correction_pos))
399 newack = htonl(ntohl(tcph->ack_seq) - other_way->offset_after); 401 ackoff = other_way->offset_after;
400 else 402 else
401 newack = htonl(ntohl(tcph->ack_seq) - other_way->offset_before); 403 ackoff = other_way->offset_before;
404
405 newseq = htonl(ntohl(tcph->seq) + seqoff);
406 newack = htonl(ntohl(tcph->ack_seq) - ackoff);
402 407
403 inet_proto_csum_replace4(&tcph->check, skb, tcph->seq, newseq, 0); 408 inet_proto_csum_replace4(&tcph->check, skb, tcph->seq, newseq, 0);
404 inet_proto_csum_replace4(&tcph->check, skb, tcph->ack_seq, newack, 0); 409 inet_proto_csum_replace4(&tcph->check, skb, tcph->ack_seq, newack, 0);
@@ -413,7 +418,7 @@ nf_nat_seq_adjust(struct sk_buff *skb,
413 if (!nf_nat_sack_adjust(skb, tcph, ct, ctinfo)) 418 if (!nf_nat_sack_adjust(skb, tcph, ct, ctinfo))
414 return 0; 419 return 0;
415 420
416 nf_conntrack_tcp_update(skb, ip_hdrlen(skb), ct, dir); 421 nf_conntrack_tcp_update(skb, ip_hdrlen(skb), ct, dir, seqoff);
417 422
418 return 1; 423 return 1;
419} 424}
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index 17b89c523f9d..91145244ea63 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -339,7 +339,7 @@ unsigned int tcp_poll(struct file *file, struct socket *sock, poll_table *wait)
339 struct sock *sk = sock->sk; 339 struct sock *sk = sock->sk;
340 struct tcp_sock *tp = tcp_sk(sk); 340 struct tcp_sock *tp = tcp_sk(sk);
341 341
342 poll_wait(file, sk->sk_sleep, wait); 342 sock_poll_wait(file, sk->sk_sleep, wait);
343 if (sk->sk_state == TCP_LISTEN) 343 if (sk->sk_state == TCP_LISTEN)
344 return inet_csk_listen_poll(sk); 344 return inet_csk_listen_poll(sk);
345 345
@@ -903,13 +903,17 @@ int tcp_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg,
903 iov++; 903 iov++;
904 904
905 while (seglen > 0) { 905 while (seglen > 0) {
906 int copy; 906 int copy = 0;
907 int max = size_goal;
907 908
908 skb = tcp_write_queue_tail(sk); 909 skb = tcp_write_queue_tail(sk);
910 if (tcp_send_head(sk)) {
911 if (skb->ip_summed == CHECKSUM_NONE)
912 max = mss_now;
913 copy = max - skb->len;
914 }
909 915
910 if (!tcp_send_head(sk) || 916 if (copy <= 0) {
911 (copy = size_goal - skb->len) <= 0) {
912
913new_segment: 917new_segment:
914 /* Allocate new segment. If the interface is SG, 918 /* Allocate new segment. If the interface is SG,
915 * allocate skb fitting to single page. 919 * allocate skb fitting to single page.
@@ -930,6 +934,7 @@ new_segment:
930 934
931 skb_entail(sk, skb); 935 skb_entail(sk, skb);
932 copy = size_goal; 936 copy = size_goal;
937 max = size_goal;
933 } 938 }
934 939
935 /* Try to append data to the end of skb. */ 940 /* Try to append data to the end of skb. */
@@ -1028,7 +1033,7 @@ new_segment:
1028 if ((seglen -= copy) == 0 && iovlen == 0) 1033 if ((seglen -= copy) == 0 && iovlen == 0)
1029 goto out; 1034 goto out;
1030 1035
1031 if (skb->len < size_goal || (flags & MSG_OOB)) 1036 if (skb->len < max || (flags & MSG_OOB))
1032 continue; 1037 continue;
1033 1038
1034 if (forced_push(tp)) { 1039 if (forced_push(tp)) {
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 5a1ca2698c88..6d88219c5e22 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -1160,6 +1160,7 @@ struct request_sock_ops tcp_request_sock_ops __read_mostly = {
1160#ifdef CONFIG_TCP_MD5SIG 1160#ifdef CONFIG_TCP_MD5SIG
1161static struct tcp_request_sock_ops tcp_request_sock_ipv4_ops = { 1161static struct tcp_request_sock_ops tcp_request_sock_ipv4_ops = {
1162 .md5_lookup = tcp_v4_reqsk_md5_lookup, 1162 .md5_lookup = tcp_v4_reqsk_md5_lookup,
1163 .calc_md5_hash = tcp_v4_md5_hash_skb,
1163}; 1164};
1164#endif 1165#endif
1165 1166
@@ -1373,7 +1374,7 @@ struct sock *tcp_v4_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
1373 */ 1374 */
1374 char *newkey = kmemdup(key->key, key->keylen, GFP_ATOMIC); 1375 char *newkey = kmemdup(key->key, key->keylen, GFP_ATOMIC);
1375 if (newkey != NULL) 1376 if (newkey != NULL)
1376 tcp_v4_md5_do_add(newsk, inet_sk(sk)->daddr, 1377 tcp_v4_md5_do_add(newsk, newinet->daddr,
1377 newkey, key->keylen); 1378 newkey, key->keylen);
1378 newsk->sk_route_caps &= ~NETIF_F_GSO_MASK; 1379 newsk->sk_route_caps &= ~NETIF_F_GSO_MASK;
1379 } 1380 }
diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c
index 43bbba7926ee..f8d67ccc64f3 100644
--- a/net/ipv4/tcp_minisocks.c
+++ b/net/ipv4/tcp_minisocks.c
@@ -128,7 +128,8 @@ tcp_timewait_state_process(struct inet_timewait_sock *tw, struct sk_buff *skb,
128 goto kill_with_rst; 128 goto kill_with_rst;
129 129
130 /* Dup ACK? */ 130 /* Dup ACK? */
131 if (!after(TCP_SKB_CB(skb)->end_seq, tcptw->tw_rcv_nxt) || 131 if (!th->ack ||
132 !after(TCP_SKB_CB(skb)->end_seq, tcptw->tw_rcv_nxt) ||
132 TCP_SKB_CB(skb)->end_seq == TCP_SKB_CB(skb)->seq) { 133 TCP_SKB_CB(skb)->end_seq == TCP_SKB_CB(skb)->seq) {
133 inet_twsk_put(tw); 134 inet_twsk_put(tw);
134 return TCP_TW_SUCCESS; 135 return TCP_TW_SUCCESS;
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index 416fc4c2e7eb..bd62712848fa 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -725,7 +725,8 @@ static void tcp_queue_skb(struct sock *sk, struct sk_buff *skb)
725static void tcp_set_skb_tso_segs(struct sock *sk, struct sk_buff *skb, 725static void tcp_set_skb_tso_segs(struct sock *sk, struct sk_buff *skb,
726 unsigned int mss_now) 726 unsigned int mss_now)
727{ 727{
728 if (skb->len <= mss_now || !sk_can_gso(sk)) { 728 if (skb->len <= mss_now || !sk_can_gso(sk) ||
729 skb->ip_summed == CHECKSUM_NONE) {
729 /* Avoid the costly divide in the normal 730 /* Avoid the costly divide in the normal
730 * non-TSO case. 731 * non-TSO case.
731 */ 732 */
@@ -2260,7 +2261,7 @@ struct sk_buff *tcp_make_synack(struct sock *sk, struct dst_entry *dst,
2260#ifdef CONFIG_TCP_MD5SIG 2261#ifdef CONFIG_TCP_MD5SIG
2261 /* Okay, we have all we need - do the md5 hash if needed */ 2262 /* Okay, we have all we need - do the md5 hash if needed */
2262 if (md5) { 2263 if (md5) {
2263 tp->af_specific->calc_md5_hash(md5_hash_location, 2264 tcp_rsk(req)->af_specific->calc_md5_hash(md5_hash_location,
2264 md5, NULL, req, skb); 2265 md5, NULL, req, skb);
2265 } 2266 }
2266#endif 2267#endif
diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c
index 60d918c96a4f..0071ee6f441f 100644
--- a/net/ipv4/xfrm4_policy.c
+++ b/net/ipv4/xfrm4_policy.c
@@ -136,7 +136,8 @@ _decode_session4(struct sk_buff *skb, struct flowi *fl, int reverse)
136 case IPPROTO_TCP: 136 case IPPROTO_TCP:
137 case IPPROTO_SCTP: 137 case IPPROTO_SCTP:
138 case IPPROTO_DCCP: 138 case IPPROTO_DCCP:
139 if (pskb_may_pull(skb, xprth + 4 - skb->data)) { 139 if (xprth + 4 < skb->data ||
140 pskb_may_pull(skb, xprth + 4 - skb->data)) {
140 __be16 *ports = (__be16 *)xprth; 141 __be16 *ports = (__be16 *)xprth;
141 142
142 fl->fl_ip_sport = ports[!!reverse]; 143 fl->fl_ip_sport = ports[!!reverse];
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 8c1e86afbbf5..43b3c9f89c12 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -1916,8 +1916,32 @@ ok:
1916 update_lft = 1; 1916 update_lft = 1;
1917 else if (stored_lft <= MIN_VALID_LIFETIME) { 1917 else if (stored_lft <= MIN_VALID_LIFETIME) {
1918 /* valid_lft <= stored_lft is always true */ 1918 /* valid_lft <= stored_lft is always true */
1919 /* XXX: IPsec */ 1919 /*
1920 update_lft = 0; 1920 * RFC 4862 Section 5.5.3e:
1921 * "Note that the preferred lifetime of
1922 * the corresponding address is always
1923 * reset to the Preferred Lifetime in
1924 * the received Prefix Information
1925 * option, regardless of whether the
1926 * valid lifetime is also reset or
1927 * ignored."
1928 *
1929 * So if the preferred lifetime in
1930 * this advertisement is different
1931 * than what we have stored, but the
1932 * valid lifetime is invalid, just
1933 * reset prefered_lft.
1934 *
1935 * We must set the valid lifetime
1936 * to the stored lifetime since we'll
1937 * be updating the timestamp below,
1938 * else we'll set it back to the
1939 * minumum.
1940 */
1941 if (prefered_lft != ifp->prefered_lft) {
1942 valid_lft = stored_lft;
1943 update_lft = 1;
1944 }
1921 } else { 1945 } else {
1922 valid_lft = MIN_VALID_LIFETIME; 1946 valid_lft = MIN_VALID_LIFETIME;
1923 if (valid_lft < prefered_lft) 1947 if (valid_lft < prefered_lft)
@@ -3085,7 +3109,7 @@ restart:
3085 spin_unlock(&ifp->lock); 3109 spin_unlock(&ifp->lock);
3086 continue; 3110 continue;
3087 } else if (age >= ifp->prefered_lft) { 3111 } else if (age >= ifp->prefered_lft) {
3088 /* jiffies - ifp->tsamp > age >= ifp->prefered_lft */ 3112 /* jiffies - ifp->tstamp > age >= ifp->prefered_lft */
3089 int deprecate = 0; 3113 int deprecate = 0;
3090 3114
3091 if (!(ifp->flags&IFA_F_DEPRECATED)) { 3115 if (!(ifp->flags&IFA_F_DEPRECATED)) {
@@ -3362,7 +3386,10 @@ static int inet6_fill_ifaddr(struct sk_buff *skb, struct inet6_ifaddr *ifa,
3362 valid = ifa->valid_lft; 3386 valid = ifa->valid_lft;
3363 if (preferred != INFINITY_LIFE_TIME) { 3387 if (preferred != INFINITY_LIFE_TIME) {
3364 long tval = (jiffies - ifa->tstamp)/HZ; 3388 long tval = (jiffies - ifa->tstamp)/HZ;
3365 preferred -= tval; 3389 if (preferred > tval)
3390 preferred -= tval;
3391 else
3392 preferred = 0;
3366 if (valid != INFINITY_LIFE_TIME) 3393 if (valid != INFINITY_LIFE_TIME)
3367 valid -= tval; 3394 valid -= tval;
3368 } 3395 }
diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
index 85b3d0036afd..caa0278d30a9 100644
--- a/net/ipv6/af_inet6.c
+++ b/net/ipv6/af_inet6.c
@@ -1284,6 +1284,8 @@ static void __exit inet6_exit(void)
1284 proto_unregister(&udplitev6_prot); 1284 proto_unregister(&udplitev6_prot);
1285 proto_unregister(&udpv6_prot); 1285 proto_unregister(&udpv6_prot);
1286 proto_unregister(&tcpv6_prot); 1286 proto_unregister(&tcpv6_prot);
1287
1288 rcu_barrier(); /* Wait for completion of call_rcu()'s */
1287} 1289}
1288module_exit(inet6_exit); 1290module_exit(inet6_exit);
1289 1291
diff --git a/net/ipv6/ip6_input.c b/net/ipv6/ip6_input.c
index c3a07d75b5f5..6d6a4277c677 100644
--- a/net/ipv6/ip6_input.c
+++ b/net/ipv6/ip6_input.c
@@ -139,6 +139,9 @@ int ipv6_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt
139 139
140 rcu_read_unlock(); 140 rcu_read_unlock();
141 141
142 /* Must drop socket now because of tproxy. */
143 skb_orphan(skb);
144
142 return NF_HOOK(PF_INET6, NF_INET_PRE_ROUTING, skb, dev, NULL, 145 return NF_HOOK(PF_INET6, NF_INET_PRE_ROUTING, skb, dev, NULL,
143 ip6_rcv_finish); 146 ip6_rcv_finish);
144err: 147err:
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index 7c76e3d18215..87f8419a68fd 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -1484,7 +1484,6 @@ int ip6_push_pending_frames(struct sock *sk)
1484 skb->len += tmp_skb->len; 1484 skb->len += tmp_skb->len;
1485 skb->data_len += tmp_skb->len; 1485 skb->data_len += tmp_skb->len;
1486 skb->truesize += tmp_skb->truesize; 1486 skb->truesize += tmp_skb->truesize;
1487 __sock_put(tmp_skb->sk);
1488 tmp_skb->destructor = NULL; 1487 tmp_skb->destructor = NULL;
1489 tmp_skb->sk = NULL; 1488 tmp_skb->sk = NULL;
1490 } 1489 }
diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c
index 68e52308e552..98b7327d0949 100644
--- a/net/ipv6/sit.c
+++ b/net/ipv6/sit.c
@@ -1018,6 +1018,7 @@ static void ipip6_tunnel_setup(struct net_device *dev)
1018 dev->hard_header_len = LL_MAX_HEADER + sizeof(struct iphdr); 1018 dev->hard_header_len = LL_MAX_HEADER + sizeof(struct iphdr);
1019 dev->mtu = ETH_DATA_LEN - sizeof(struct iphdr); 1019 dev->mtu = ETH_DATA_LEN - sizeof(struct iphdr);
1020 dev->flags = IFF_NOARP; 1020 dev->flags = IFF_NOARP;
1021 dev->priv_flags &= ~IFF_XMIT_DST_RELEASE;
1021 dev->iflink = 0; 1022 dev->iflink = 0;
1022 dev->addr_len = 4; 1023 dev->addr_len = 4;
1023 dev->features |= NETIF_F_NETNS_LOCAL; 1024 dev->features |= NETIF_F_NETNS_LOCAL;
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index 58810c65b635..d849dd53b788 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -896,6 +896,7 @@ struct request_sock_ops tcp6_request_sock_ops __read_mostly = {
896#ifdef CONFIG_TCP_MD5SIG 896#ifdef CONFIG_TCP_MD5SIG
897static struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = { 897static struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = {
898 .md5_lookup = tcp_v6_reqsk_md5_lookup, 898 .md5_lookup = tcp_v6_reqsk_md5_lookup,
899 .calc_md5_hash = tcp_v6_md5_hash_skb,
899}; 900};
900#endif 901#endif
901 902
@@ -1441,7 +1442,7 @@ static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
1441 */ 1442 */
1442 char *newkey = kmemdup(key->key, key->keylen, GFP_ATOMIC); 1443 char *newkey = kmemdup(key->key, key->keylen, GFP_ATOMIC);
1443 if (newkey != NULL) 1444 if (newkey != NULL)
1444 tcp_v6_md5_do_add(newsk, &inet6_sk(sk)->daddr, 1445 tcp_v6_md5_do_add(newsk, &newnp->daddr,
1445 newkey, key->keylen); 1446 newkey, key->keylen);
1446 } 1447 }
1447#endif 1448#endif
diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c
index b4b16a43f277..3a3c677bc0f2 100644
--- a/net/ipv6/xfrm6_policy.c
+++ b/net/ipv6/xfrm6_policy.c
@@ -157,7 +157,8 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse)
157 ipv6_addr_copy(&fl->fl6_dst, reverse ? &hdr->saddr : &hdr->daddr); 157 ipv6_addr_copy(&fl->fl6_dst, reverse ? &hdr->saddr : &hdr->daddr);
158 ipv6_addr_copy(&fl->fl6_src, reverse ? &hdr->daddr : &hdr->saddr); 158 ipv6_addr_copy(&fl->fl6_src, reverse ? &hdr->daddr : &hdr->saddr);
159 159
160 while (pskb_may_pull(skb, nh + offset + 1 - skb->data)) { 160 while (nh + offset + 1 < skb->data ||
161 pskb_may_pull(skb, nh + offset + 1 - skb->data)) {
161 nh = skb_network_header(skb); 162 nh = skb_network_header(skb);
162 exthdr = (struct ipv6_opt_hdr *)(nh + offset); 163 exthdr = (struct ipv6_opt_hdr *)(nh + offset);
163 164
@@ -177,7 +178,8 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse)
177 case IPPROTO_TCP: 178 case IPPROTO_TCP:
178 case IPPROTO_SCTP: 179 case IPPROTO_SCTP:
179 case IPPROTO_DCCP: 180 case IPPROTO_DCCP:
180 if (!onlyproto && pskb_may_pull(skb, nh + offset + 4 - skb->data)) { 181 if (!onlyproto && (nh + offset + 4 < skb->data ||
182 pskb_may_pull(skb, nh + offset + 4 - skb->data))) {
181 __be16 *ports = (__be16 *)exthdr; 183 __be16 *ports = (__be16 *)exthdr;
182 184
183 fl->fl_ip_sport = ports[!!reverse]; 185 fl->fl_ip_sport = ports[!!reverse];
diff --git a/net/ipx/af_ipx.c b/net/ipx/af_ipx.c
index 417b0e309495..f1118d92a191 100644
--- a/net/ipx/af_ipx.c
+++ b/net/ipx/af_ipx.c
@@ -41,6 +41,7 @@
41#include <linux/netdevice.h> 41#include <linux/netdevice.h>
42#include <linux/uio.h> 42#include <linux/uio.h>
43#include <linux/skbuff.h> 43#include <linux/skbuff.h>
44#include <linux/smp_lock.h>
44#include <linux/socket.h> 45#include <linux/socket.h>
45#include <linux/sockios.h> 46#include <linux/sockios.h>
46#include <linux/string.h> 47#include <linux/string.h>
diff --git a/net/irda/af_irda.c b/net/irda/af_irda.c
index cb762c8723ea..80cf29aae096 100644
--- a/net/irda/af_irda.c
+++ b/net/irda/af_irda.c
@@ -45,6 +45,7 @@
45#include <linux/capability.h> 45#include <linux/capability.h>
46#include <linux/module.h> 46#include <linux/module.h>
47#include <linux/types.h> 47#include <linux/types.h>
48#include <linux/smp_lock.h>
48#include <linux/socket.h> 49#include <linux/socket.h>
49#include <linux/sockios.h> 50#include <linux/sockios.h>
50#include <linux/init.h> 51#include <linux/init.h>
diff --git a/net/irda/irnet/irnet.h b/net/irda/irnet/irnet.h
index bccf4d0059f0..b001c361ad30 100644
--- a/net/irda/irnet/irnet.h
+++ b/net/irda/irnet/irnet.h
@@ -241,7 +241,6 @@
241#include <linux/module.h> 241#include <linux/module.h>
242 242
243#include <linux/kernel.h> 243#include <linux/kernel.h>
244#include <linux/smp_lock.h>
245#include <linux/skbuff.h> 244#include <linux/skbuff.h>
246#include <linux/tty.h> 245#include <linux/tty.h>
247#include <linux/proc_fs.h> 246#include <linux/proc_fs.h>
diff --git a/net/irda/irnet/irnet_ppp.c b/net/irda/irnet/irnet_ppp.c
index 6d8ae03c14f5..68cbcb19cbd8 100644
--- a/net/irda/irnet/irnet_ppp.c
+++ b/net/irda/irnet/irnet_ppp.c
@@ -13,6 +13,7 @@
13 * 2) as a control channel (write commands, read events) 13 * 2) as a control channel (write commands, read events)
14 */ 14 */
15 15
16#include <linux/smp_lock.h>
16#include "irnet_ppp.h" /* Private header */ 17#include "irnet_ppp.h" /* Private header */
17/* Please put other headers in irnet.h - Thanks */ 18/* Please put other headers in irnet.h - Thanks */
18 19
diff --git a/net/irda/irttp.c b/net/irda/irttp.c
index ecf4eb2717cb..9cb79f95bf63 100644
--- a/net/irda/irttp.c
+++ b/net/irda/irttp.c
@@ -1453,6 +1453,7 @@ struct tsap_cb *irttp_dup(struct tsap_cb *orig, void *instance)
1453 } 1453 }
1454 /* Dup */ 1454 /* Dup */
1455 memcpy(new, orig, sizeof(struct tsap_cb)); 1455 memcpy(new, orig, sizeof(struct tsap_cb));
1456 spin_lock_init(&new->lock);
1456 1457
1457 /* We don't need the old instance any more */ 1458 /* We don't need the old instance any more */
1458 spin_unlock_irqrestore(&irttp->tsaps->hb_spinlock, flags); 1459 spin_unlock_irqrestore(&irttp->tsaps->hb_spinlock, flags);
diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c
index 6be5f92d1094..49c15b48408e 100644
--- a/net/iucv/af_iucv.c
+++ b/net/iucv/af_iucv.c
@@ -306,7 +306,7 @@ static inline int iucv_below_msglim(struct sock *sk)
306static void iucv_sock_wake_msglim(struct sock *sk) 306static void iucv_sock_wake_msglim(struct sock *sk)
307{ 307{
308 read_lock(&sk->sk_callback_lock); 308 read_lock(&sk->sk_callback_lock);
309 if (sk->sk_sleep && waitqueue_active(sk->sk_sleep)) 309 if (sk_has_sleeper(sk))
310 wake_up_interruptible_all(sk->sk_sleep); 310 wake_up_interruptible_all(sk->sk_sleep);
311 sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT); 311 sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT);
312 read_unlock(&sk->sk_callback_lock); 312 read_unlock(&sk->sk_callback_lock);
@@ -1256,7 +1256,7 @@ unsigned int iucv_sock_poll(struct file *file, struct socket *sock,
1256 struct sock *sk = sock->sk; 1256 struct sock *sk = sock->sk;
1257 unsigned int mask = 0; 1257 unsigned int mask = 0;
1258 1258
1259 poll_wait(file, sk->sk_sleep, wait); 1259 sock_poll_wait(file, sk->sk_sleep, wait);
1260 1260
1261 if (sk->sk_state == IUCV_LISTEN) 1261 if (sk->sk_state == IUCV_LISTEN)
1262 return iucv_accept_poll(sk); 1262 return iucv_accept_poll(sk);
diff --git a/net/mac80211/Kconfig b/net/mac80211/Kconfig
index ba2643a43c73..7836ee928983 100644
--- a/net/mac80211/Kconfig
+++ b/net/mac80211/Kconfig
@@ -83,6 +83,7 @@ endmenu
83config MAC80211_MESH 83config MAC80211_MESH
84 bool "Enable mac80211 mesh networking (pre-802.11s) support" 84 bool "Enable mac80211 mesh networking (pre-802.11s) support"
85 depends on MAC80211 && EXPERIMENTAL 85 depends on MAC80211 && EXPERIMENTAL
86 depends on BROKEN
86 ---help--- 87 ---help---
87 This options enables support of Draft 802.11s mesh networking. 88 This options enables support of Draft 802.11s mesh networking.
88 The implementation is based on Draft 1.08 of the Mesh Networking 89 The implementation is based on Draft 1.08 of the Mesh Networking
diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c
index fc712e60705d..11cf45bce38a 100644
--- a/net/mac80211/mesh.c
+++ b/net/mac80211/mesh.c
@@ -494,7 +494,7 @@ void ieee80211_stop_mesh(struct ieee80211_sub_if_data *sdata)
494 * should it be using the interface and enqueuing 494 * should it be using the interface and enqueuing
495 * frames at this very time on another CPU. 495 * frames at this very time on another CPU.
496 */ 496 */
497 synchronize_rcu(); 497 rcu_barrier(); /* Wait for RX path and call_rcu()'s */
498 skb_queue_purge(&sdata->u.mesh.skb_queue); 498 skb_queue_purge(&sdata->u.mesh.skb_queue);
499} 499}
500 500
diff --git a/net/mac80211/mesh_hwmp.c b/net/mac80211/mesh_hwmp.c
index 003cb470ac84..f49ef288e2e2 100644
--- a/net/mac80211/mesh_hwmp.c
+++ b/net/mac80211/mesh_hwmp.c
@@ -637,7 +637,7 @@ static void mesh_queue_preq(struct mesh_path *mpath, u8 flags)
637 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh; 637 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
638 struct mesh_preq_queue *preq_node; 638 struct mesh_preq_queue *preq_node;
639 639
640 preq_node = kmalloc(sizeof(struct mesh_preq_queue), GFP_KERNEL); 640 preq_node = kmalloc(sizeof(struct mesh_preq_queue), GFP_ATOMIC);
641 if (!preq_node) { 641 if (!preq_node) {
642 printk(KERN_DEBUG "Mesh HWMP: could not allocate PREQ node\n"); 642 printk(KERN_DEBUG "Mesh HWMP: could not allocate PREQ node\n");
643 return; 643 return;
diff --git a/net/mac80211/mesh_pathtbl.c b/net/mac80211/mesh_pathtbl.c
index 3c72557df45a..479597e88583 100644
--- a/net/mac80211/mesh_pathtbl.c
+++ b/net/mac80211/mesh_pathtbl.c
@@ -175,6 +175,8 @@ int mesh_path_add(u8 *dst, struct ieee80211_sub_if_data *sdata)
175 int err = 0; 175 int err = 0;
176 u32 hash_idx; 176 u32 hash_idx;
177 177
178 might_sleep();
179
178 if (memcmp(dst, sdata->dev->dev_addr, ETH_ALEN) == 0) 180 if (memcmp(dst, sdata->dev->dev_addr, ETH_ALEN) == 0)
179 /* never add ourselves as neighbours */ 181 /* never add ourselves as neighbours */
180 return -ENOTSUPP; 182 return -ENOTSUPP;
@@ -265,6 +267,7 @@ int mpp_path_add(u8 *dst, u8 *mpp, struct ieee80211_sub_if_data *sdata)
265 int err = 0; 267 int err = 0;
266 u32 hash_idx; 268 u32 hash_idx;
267 269
270 might_sleep();
268 271
269 if (memcmp(dst, sdata->dev->dev_addr, ETH_ALEN) == 0) 272 if (memcmp(dst, sdata->dev->dev_addr, ETH_ALEN) == 0)
270 /* never add ourselves as neighbours */ 273 /* never add ourselves as neighbours */
@@ -491,8 +494,10 @@ void mesh_path_tx_pending(struct mesh_path *mpath)
491 * @skb: frame to discard 494 * @skb: frame to discard
492 * @sdata: network subif the frame was to be sent through 495 * @sdata: network subif the frame was to be sent through
493 * 496 *
494 * If the frame was beign forwarded from another MP, a PERR frame will be sent 497 * If the frame was being forwarded from another MP, a PERR frame will be sent
495 * to the precursor. 498 * to the precursor. The precursor's address (i.e. the previous hop) was saved
499 * in addr1 of the frame-to-be-forwarded, and would only be overwritten once
500 * the destination is successfully resolved.
496 * 501 *
497 * Locking: the function must me called within a rcu_read_lock region 502 * Locking: the function must me called within a rcu_read_lock region
498 */ 503 */
@@ -507,7 +512,7 @@ void mesh_path_discard_frame(struct sk_buff *skb,
507 u8 *ra, *da; 512 u8 *ra, *da;
508 513
509 da = hdr->addr3; 514 da = hdr->addr3;
510 ra = hdr->addr2; 515 ra = hdr->addr1;
511 mpath = mesh_path_lookup(da, sdata); 516 mpath = mesh_path_lookup(da, sdata);
512 if (mpath) 517 if (mpath)
513 dsn = ++mpath->dsn; 518 dsn = ++mpath->dsn;
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index aca22b00b6a3..07e7e41816be 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -721,7 +721,7 @@ void ieee80211_dynamic_ps_timer(unsigned long data)
721{ 721{
722 struct ieee80211_local *local = (void *) data; 722 struct ieee80211_local *local = (void *) data;
723 723
724 if (local->quiescing) 724 if (local->quiescing || local->suspended)
725 return; 725 return;
726 726
727 queue_work(local->hw.workqueue, &local->dynamic_ps_enable_work); 727 queue_work(local->hw.workqueue, &local->dynamic_ps_enable_work);
diff --git a/net/mac80211/pm.c b/net/mac80211/pm.c
index 7a549f9deb96..5e3d476972f9 100644
--- a/net/mac80211/pm.c
+++ b/net/mac80211/pm.c
@@ -55,15 +55,6 @@ int __ieee80211_suspend(struct ieee80211_hw *hw)
55 55
56 rcu_read_unlock(); 56 rcu_read_unlock();
57 57
58 /* flush again, in case driver queued work */
59 flush_workqueue(local->hw.workqueue);
60
61 /* stop hardware - this must stop RX */
62 if (local->open_count) {
63 ieee80211_led_radio(local, false);
64 drv_stop(local);
65 }
66
67 /* remove STAs */ 58 /* remove STAs */
68 spin_lock_irqsave(&local->sta_lock, flags); 59 spin_lock_irqsave(&local->sta_lock, flags);
69 list_for_each_entry(sta, &local->sta_list, list) { 60 list_for_each_entry(sta, &local->sta_list, list) {
@@ -111,7 +102,22 @@ int __ieee80211_suspend(struct ieee80211_hw *hw)
111 drv_remove_interface(local, &conf); 102 drv_remove_interface(local, &conf);
112 } 103 }
113 104
105 /* stop hardware - this must stop RX */
106 if (local->open_count) {
107 ieee80211_led_radio(local, false);
108 drv_stop(local);
109 }
110
111 /*
112 * flush again, in case driver queued work -- it
113 * shouldn't be doing (or cancel everything in the
114 * stop callback) that but better safe than sorry.
115 */
116 flush_workqueue(local->hw.workqueue);
117
114 local->suspended = true; 118 local->suspended = true;
119 /* need suspended to be visible before quiescing is false */
120 barrier();
115 local->quiescing = false; 121 local->quiescing = false;
116 122
117 return 0; 123 return 0;
diff --git a/net/mac80211/rc80211_minstrel.c b/net/mac80211/rc80211_minstrel.c
index b218b98fba7f..37771abd8f5a 100644
--- a/net/mac80211/rc80211_minstrel.c
+++ b/net/mac80211/rc80211_minstrel.c
@@ -66,7 +66,7 @@ rix_to_ndx(struct minstrel_sta_info *mi, int rix)
66 for (i = rix; i >= 0; i--) 66 for (i = rix; i >= 0; i--)
67 if (mi->r[i].rix == rix) 67 if (mi->r[i].rix == rix)
68 break; 68 break;
69 WARN_ON(mi->r[i].rix != rix); 69 WARN_ON(i < 0);
70 return i; 70 return i;
71} 71}
72 72
@@ -181,6 +181,9 @@ minstrel_tx_status(void *priv, struct ieee80211_supported_band *sband,
181 break; 181 break;
182 182
183 ndx = rix_to_ndx(mi, ar[i].idx); 183 ndx = rix_to_ndx(mi, ar[i].idx);
184 if (ndx < 0)
185 continue;
186
184 mi->r[ndx].attempts += ar[i].count; 187 mi->r[ndx].attempts += ar[i].count;
185 188
186 if ((i != IEEE80211_TX_MAX_RATES - 1) && (ar[i + 1].idx < 0)) 189 if ((i != IEEE80211_TX_MAX_RATES - 1) && (ar[i + 1].idx < 0))
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index de5bba7f910a..0936fc24942d 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -2453,6 +2453,18 @@ void __ieee80211_rx(struct ieee80211_hw *hw, struct sk_buff *skb,
2453 return; 2453 return;
2454 } 2454 }
2455 2455
2456 /*
2457 * If we're suspending, it is possible although not too likely
2458 * that we'd be receiving frames after having already partially
2459 * quiesced the stack. We can't process such frames then since
2460 * that might, for example, cause stations to be added or other
2461 * driver callbacks be invoked.
2462 */
2463 if (unlikely(local->quiescing || local->suspended)) {
2464 kfree_skb(skb);
2465 return;
2466 }
2467
2456 if (status->flag & RX_FLAG_HT) { 2468 if (status->flag & RX_FLAG_HT) {
2457 /* rate_idx is MCS index */ 2469 /* rate_idx is MCS index */
2458 if (WARN_ON(status->rate_idx < 0 || 2470 if (WARN_ON(status->rate_idx < 0 ||
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index d238a8939a09..3a8922cd1038 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -1455,7 +1455,7 @@ int ieee80211_master_start_xmit(struct sk_buff *skb, struct net_device *dev)
1455 monitor_iface = UNKNOWN_ADDRESS; 1455 monitor_iface = UNKNOWN_ADDRESS;
1456 1456
1457 len_rthdr = ieee80211_get_radiotap_len(skb->data); 1457 len_rthdr = ieee80211_get_radiotap_len(skb->data);
1458 hdr = (struct ieee80211_hdr *)skb->data + len_rthdr; 1458 hdr = (struct ieee80211_hdr *)(skb->data + len_rthdr);
1459 hdrlen = ieee80211_hdrlen(hdr->frame_control); 1459 hdrlen = ieee80211_hdrlen(hdr->frame_control);
1460 1460
1461 /* check the header is complete in the frame */ 1461 /* check the header is complete in the frame */
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 7508f11c5b39..b5869b9574b0 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -561,23 +561,38 @@ struct nf_conn *nf_conntrack_alloc(struct net *net,
561 } 561 }
562 } 562 }
563 563
564 ct = kmem_cache_zalloc(nf_conntrack_cachep, gfp); 564 /*
565 * Do not use kmem_cache_zalloc(), as this cache uses
566 * SLAB_DESTROY_BY_RCU.
567 */
568 ct = kmem_cache_alloc(nf_conntrack_cachep, gfp);
565 if (ct == NULL) { 569 if (ct == NULL) {
566 pr_debug("nf_conntrack_alloc: Can't alloc conntrack.\n"); 570 pr_debug("nf_conntrack_alloc: Can't alloc conntrack.\n");
567 atomic_dec(&net->ct.count); 571 atomic_dec(&net->ct.count);
568 return ERR_PTR(-ENOMEM); 572 return ERR_PTR(-ENOMEM);
569 } 573 }
570 574 /*
575 * Let ct->tuplehash[IP_CT_DIR_ORIGINAL].hnnode.next
576 * and ct->tuplehash[IP_CT_DIR_REPLY].hnnode.next unchanged.
577 */
578 memset(&ct->tuplehash[IP_CT_DIR_MAX], 0,
579 sizeof(*ct) - offsetof(struct nf_conn, tuplehash[IP_CT_DIR_MAX]));
571 spin_lock_init(&ct->lock); 580 spin_lock_init(&ct->lock);
572 atomic_set(&ct->ct_general.use, 1);
573 ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple = *orig; 581 ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple = *orig;
582 ct->tuplehash[IP_CT_DIR_ORIGINAL].hnnode.pprev = NULL;
574 ct->tuplehash[IP_CT_DIR_REPLY].tuple = *repl; 583 ct->tuplehash[IP_CT_DIR_REPLY].tuple = *repl;
584 ct->tuplehash[IP_CT_DIR_REPLY].hnnode.pprev = NULL;
575 /* Don't set timer yet: wait for confirmation */ 585 /* Don't set timer yet: wait for confirmation */
576 setup_timer(&ct->timeout, death_by_timeout, (unsigned long)ct); 586 setup_timer(&ct->timeout, death_by_timeout, (unsigned long)ct);
577#ifdef CONFIG_NET_NS 587#ifdef CONFIG_NET_NS
578 ct->ct_net = net; 588 ct->ct_net = net;
579#endif 589#endif
580 590
591 /*
592 * changes to lookup keys must be done before setting refcnt to 1
593 */
594 smp_wmb();
595 atomic_set(&ct->ct_general.use, 1);
581 return ct; 596 return ct;
582} 597}
583EXPORT_SYMBOL_GPL(nf_conntrack_alloc); 598EXPORT_SYMBOL_GPL(nf_conntrack_alloc);
diff --git a/net/netfilter/nf_conntrack_expect.c b/net/netfilter/nf_conntrack_expect.c
index afde8f991646..2032dfe25ca8 100644
--- a/net/netfilter/nf_conntrack_expect.c
+++ b/net/netfilter/nf_conntrack_expect.c
@@ -617,8 +617,10 @@ err1:
617void nf_conntrack_expect_fini(struct net *net) 617void nf_conntrack_expect_fini(struct net *net)
618{ 618{
619 exp_proc_remove(net); 619 exp_proc_remove(net);
620 if (net_eq(net, &init_net)) 620 if (net_eq(net, &init_net)) {
621 rcu_barrier(); /* Wait for call_rcu() before destroy */
621 kmem_cache_destroy(nf_ct_expect_cachep); 622 kmem_cache_destroy(nf_ct_expect_cachep);
623 }
622 nf_ct_free_hashtable(net->ct.expect_hash, net->ct.expect_vmalloc, 624 nf_ct_free_hashtable(net->ct.expect_hash, net->ct.expect_vmalloc,
623 nf_ct_expect_hsize); 625 nf_ct_expect_hsize);
624} 626}
diff --git a/net/netfilter/nf_conntrack_extend.c b/net/netfilter/nf_conntrack_extend.c
index 4b2c769d555f..fef95be334bd 100644
--- a/net/netfilter/nf_conntrack_extend.c
+++ b/net/netfilter/nf_conntrack_extend.c
@@ -186,6 +186,6 @@ void nf_ct_extend_unregister(struct nf_ct_ext_type *type)
186 rcu_assign_pointer(nf_ct_ext_types[type->id], NULL); 186 rcu_assign_pointer(nf_ct_ext_types[type->id], NULL);
187 update_alloc_size(type); 187 update_alloc_size(type);
188 mutex_unlock(&nf_ct_ext_type_mutex); 188 mutex_unlock(&nf_ct_ext_type_mutex);
189 synchronize_rcu(); 189 rcu_barrier(); /* Wait for completion of call_rcu()'s */
190} 190}
191EXPORT_SYMBOL_GPL(nf_ct_extend_unregister); 191EXPORT_SYMBOL_GPL(nf_ct_extend_unregister);
diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c
index 33fc0a443f3d..97a82ba75376 100644
--- a/net/netfilter/nf_conntrack_proto_tcp.c
+++ b/net/netfilter/nf_conntrack_proto_tcp.c
@@ -720,8 +720,8 @@ static bool tcp_in_window(const struct nf_conn *ct,
720/* Caller must linearize skb at tcp header. */ 720/* Caller must linearize skb at tcp header. */
721void nf_conntrack_tcp_update(const struct sk_buff *skb, 721void nf_conntrack_tcp_update(const struct sk_buff *skb,
722 unsigned int dataoff, 722 unsigned int dataoff,
723 struct nf_conn *ct, 723 struct nf_conn *ct, int dir,
724 int dir) 724 s16 offset)
725{ 725{
726 const struct tcphdr *tcph = (const void *)skb->data + dataoff; 726 const struct tcphdr *tcph = (const void *)skb->data + dataoff;
727 const struct ip_ct_tcp_state *sender = &ct->proto.tcp.seen[dir]; 727 const struct ip_ct_tcp_state *sender = &ct->proto.tcp.seen[dir];
@@ -734,7 +734,7 @@ void nf_conntrack_tcp_update(const struct sk_buff *skb,
734 /* 734 /*
735 * We have to worry for the ack in the reply packet only... 735 * We have to worry for the ack in the reply packet only...
736 */ 736 */
737 if (after(end, ct->proto.tcp.seen[dir].td_end)) 737 if (ct->proto.tcp.seen[dir].td_end + offset == end)
738 ct->proto.tcp.seen[dir].td_end = end; 738 ct->proto.tcp.seen[dir].td_end = end;
739 ct->proto.tcp.last_end = end; 739 ct->proto.tcp.last_end = end;
740 spin_unlock_bh(&ct->lock); 740 spin_unlock_bh(&ct->lock);
diff --git a/net/netfilter/xt_conntrack.c b/net/netfilter/xt_conntrack.c
index 0b7139f3dd78..fc581800698e 100644
--- a/net/netfilter/xt_conntrack.c
+++ b/net/netfilter/xt_conntrack.c
@@ -129,7 +129,7 @@ conntrack_addrcmp(const union nf_inet_addr *kaddr,
129 129
130static inline bool 130static inline bool
131conntrack_mt_origsrc(const struct nf_conn *ct, 131conntrack_mt_origsrc(const struct nf_conn *ct,
132 const struct xt_conntrack_mtinfo1 *info, 132 const struct xt_conntrack_mtinfo2 *info,
133 u_int8_t family) 133 u_int8_t family)
134{ 134{
135 return conntrack_addrcmp(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u3, 135 return conntrack_addrcmp(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u3,
@@ -138,7 +138,7 @@ conntrack_mt_origsrc(const struct nf_conn *ct,
138 138
139static inline bool 139static inline bool
140conntrack_mt_origdst(const struct nf_conn *ct, 140conntrack_mt_origdst(const struct nf_conn *ct,
141 const struct xt_conntrack_mtinfo1 *info, 141 const struct xt_conntrack_mtinfo2 *info,
142 u_int8_t family) 142 u_int8_t family)
143{ 143{
144 return conntrack_addrcmp(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.u3, 144 return conntrack_addrcmp(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.u3,
@@ -147,7 +147,7 @@ conntrack_mt_origdst(const struct nf_conn *ct,
147 147
148static inline bool 148static inline bool
149conntrack_mt_replsrc(const struct nf_conn *ct, 149conntrack_mt_replsrc(const struct nf_conn *ct,
150 const struct xt_conntrack_mtinfo1 *info, 150 const struct xt_conntrack_mtinfo2 *info,
151 u_int8_t family) 151 u_int8_t family)
152{ 152{
153 return conntrack_addrcmp(&ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.u3, 153 return conntrack_addrcmp(&ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.u3,
@@ -156,7 +156,7 @@ conntrack_mt_replsrc(const struct nf_conn *ct,
156 156
157static inline bool 157static inline bool
158conntrack_mt_repldst(const struct nf_conn *ct, 158conntrack_mt_repldst(const struct nf_conn *ct,
159 const struct xt_conntrack_mtinfo1 *info, 159 const struct xt_conntrack_mtinfo2 *info,
160 u_int8_t family) 160 u_int8_t family)
161{ 161{
162 return conntrack_addrcmp(&ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u3, 162 return conntrack_addrcmp(&ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u3,
@@ -164,7 +164,7 @@ conntrack_mt_repldst(const struct nf_conn *ct,
164} 164}
165 165
166static inline bool 166static inline bool
167ct_proto_port_check(const struct xt_conntrack_mtinfo1 *info, 167ct_proto_port_check(const struct xt_conntrack_mtinfo2 *info,
168 const struct nf_conn *ct) 168 const struct nf_conn *ct)
169{ 169{
170 const struct nf_conntrack_tuple *tuple; 170 const struct nf_conntrack_tuple *tuple;
@@ -204,7 +204,7 @@ ct_proto_port_check(const struct xt_conntrack_mtinfo1 *info,
204static bool 204static bool
205conntrack_mt(const struct sk_buff *skb, const struct xt_match_param *par) 205conntrack_mt(const struct sk_buff *skb, const struct xt_match_param *par)
206{ 206{
207 const struct xt_conntrack_mtinfo1 *info = par->matchinfo; 207 const struct xt_conntrack_mtinfo2 *info = par->matchinfo;
208 enum ip_conntrack_info ctinfo; 208 enum ip_conntrack_info ctinfo;
209 const struct nf_conn *ct; 209 const struct nf_conn *ct;
210 unsigned int statebit; 210 unsigned int statebit;
@@ -278,6 +278,16 @@ conntrack_mt(const struct sk_buff *skb, const struct xt_match_param *par)
278 return true; 278 return true;
279} 279}
280 280
281static bool
282conntrack_mt_v1(const struct sk_buff *skb, const struct xt_match_param *par)
283{
284 const struct xt_conntrack_mtinfo2 *const *info = par->matchinfo;
285 struct xt_match_param newpar = *par;
286
287 newpar.matchinfo = *info;
288 return conntrack_mt(skb, &newpar);
289}
290
281static bool conntrack_mt_check(const struct xt_mtchk_param *par) 291static bool conntrack_mt_check(const struct xt_mtchk_param *par)
282{ 292{
283 if (nf_ct_l3proto_try_module_get(par->family) < 0) { 293 if (nf_ct_l3proto_try_module_get(par->family) < 0) {
@@ -288,11 +298,45 @@ static bool conntrack_mt_check(const struct xt_mtchk_param *par)
288 return true; 298 return true;
289} 299}
290 300
301static bool conntrack_mt_check_v1(const struct xt_mtchk_param *par)
302{
303 struct xt_conntrack_mtinfo1 *info = par->matchinfo;
304 struct xt_conntrack_mtinfo2 *up;
305 int ret = conntrack_mt_check(par);
306
307 if (ret < 0)
308 return ret;
309
310 up = kmalloc(sizeof(*up), GFP_KERNEL);
311 if (up == NULL) {
312 nf_ct_l3proto_module_put(par->family);
313 return -ENOMEM;
314 }
315
316 /*
317 * The strategy here is to minimize the overhead of v1 matching,
318 * by prebuilding a v2 struct and putting the pointer into the
319 * v1 dataspace.
320 */
321 memcpy(up, info, offsetof(typeof(*info), state_mask));
322 up->state_mask = info->state_mask;
323 up->status_mask = info->status_mask;
324 *(void **)info = up;
325 return true;
326}
327
291static void conntrack_mt_destroy(const struct xt_mtdtor_param *par) 328static void conntrack_mt_destroy(const struct xt_mtdtor_param *par)
292{ 329{
293 nf_ct_l3proto_module_put(par->family); 330 nf_ct_l3proto_module_put(par->family);
294} 331}
295 332
333static void conntrack_mt_destroy_v1(const struct xt_mtdtor_param *par)
334{
335 struct xt_conntrack_mtinfo2 **info = par->matchinfo;
336 kfree(*info);
337 conntrack_mt_destroy(par);
338}
339
296#ifdef CONFIG_COMPAT 340#ifdef CONFIG_COMPAT
297struct compat_xt_conntrack_info 341struct compat_xt_conntrack_info
298{ 342{
@@ -363,6 +407,16 @@ static struct xt_match conntrack_mt_reg[] __read_mostly = {
363 .revision = 1, 407 .revision = 1,
364 .family = NFPROTO_UNSPEC, 408 .family = NFPROTO_UNSPEC,
365 .matchsize = sizeof(struct xt_conntrack_mtinfo1), 409 .matchsize = sizeof(struct xt_conntrack_mtinfo1),
410 .match = conntrack_mt_v1,
411 .checkentry = conntrack_mt_check_v1,
412 .destroy = conntrack_mt_destroy_v1,
413 .me = THIS_MODULE,
414 },
415 {
416 .name = "conntrack",
417 .revision = 2,
418 .family = NFPROTO_UNSPEC,
419 .matchsize = sizeof(struct xt_conntrack_mtinfo2),
366 .match = conntrack_mt, 420 .match = conntrack_mt,
367 .checkentry = conntrack_mt_check, 421 .checkentry = conntrack_mt_check,
368 .destroy = conntrack_mt_destroy, 422 .destroy = conntrack_mt_destroy,
diff --git a/net/netfilter/xt_osf.c b/net/netfilter/xt_osf.c
index 863e40977a4d..0f482e2440b4 100644
--- a/net/netfilter/xt_osf.c
+++ b/net/netfilter/xt_osf.c
@@ -330,7 +330,8 @@ static bool xt_osf_match_packet(const struct sk_buff *skb,
330 fcount++; 330 fcount++;
331 331
332 if (info->flags & XT_OSF_LOG) 332 if (info->flags & XT_OSF_LOG)
333 nf_log_packet(p->hooknum, 0, skb, p->in, p->out, NULL, 333 nf_log_packet(p->family, p->hooknum, skb,
334 p->in, p->out, NULL,
334 "%s [%s:%s] : %pi4:%d -> %pi4:%d hops=%d\n", 335 "%s [%s:%s] : %pi4:%d -> %pi4:%d hops=%d\n",
335 f->genre, f->version, f->subtype, 336 f->genre, f->version, f->subtype,
336 &ip->saddr, ntohs(tcp->source), 337 &ip->saddr, ntohs(tcp->source),
@@ -345,7 +346,7 @@ static bool xt_osf_match_packet(const struct sk_buff *skb,
345 rcu_read_unlock(); 346 rcu_read_unlock();
346 347
347 if (!fcount && (info->flags & XT_OSF_LOG)) 348 if (!fcount && (info->flags & XT_OSF_LOG))
348 nf_log_packet(p->hooknum, 0, skb, p->in, p->out, NULL, 349 nf_log_packet(p->family, p->hooknum, skb, p->in, p->out, NULL,
349 "Remote OS is not known: %pi4:%u -> %pi4:%u\n", 350 "Remote OS is not known: %pi4:%u -> %pi4:%u\n",
350 &ip->saddr, ntohs(tcp->source), 351 &ip->saddr, ntohs(tcp->source),
351 &ip->daddr, ntohs(tcp->dest)); 352 &ip->daddr, ntohs(tcp->dest));
diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c
index b0e582f2d37a..16e6c4378ff1 100644
--- a/net/netlabel/netlabel_kapi.c
+++ b/net/netlabel/netlabel_kapi.c
@@ -151,7 +151,7 @@ int netlbl_cfg_unlbl_map_add(const char *domain,
151 addr6 = addr; 151 addr6 = addr;
152 mask6 = mask; 152 mask6 = mask;
153 map6 = kzalloc(sizeof(*map6), GFP_ATOMIC); 153 map6 = kzalloc(sizeof(*map6), GFP_ATOMIC);
154 if (map4 == NULL) 154 if (map6 == NULL)
155 goto cfg_unlbl_map_add_failure; 155 goto cfg_unlbl_map_add_failure;
156 map6->type = NETLBL_NLTYPE_UNLABELED; 156 map6->type = NETLBL_NLTYPE_UNLABELED;
157 ipv6_addr_copy(&map6->list.addr, addr6); 157 ipv6_addr_copy(&map6->list.addr, addr6);
diff --git a/net/phonet/pn_dev.c b/net/phonet/pn_dev.c
index 80a322d77909..b0d6ddd82a9d 100644
--- a/net/phonet/pn_dev.c
+++ b/net/phonet/pn_dev.c
@@ -69,10 +69,27 @@ static struct phonet_device *__phonet_get(struct net_device *dev)
69 return NULL; 69 return NULL;
70} 70}
71 71
72static void __phonet_device_free(struct phonet_device *pnd) 72static void phonet_device_destroy(struct net_device *dev)
73{ 73{
74 list_del(&pnd->list); 74 struct phonet_device_list *pndevs = phonet_device_list(dev_net(dev));
75 kfree(pnd); 75 struct phonet_device *pnd;
76
77 ASSERT_RTNL();
78
79 spin_lock_bh(&pndevs->lock);
80 pnd = __phonet_get(dev);
81 if (pnd)
82 list_del(&pnd->list);
83 spin_unlock_bh(&pndevs->lock);
84
85 if (pnd) {
86 u8 addr;
87
88 for (addr = find_first_bit(pnd->addrs, 64); addr < 64;
89 addr = find_next_bit(pnd->addrs, 64, 1+addr))
90 phonet_address_notify(RTM_DELADDR, dev, addr);
91 kfree(pnd);
92 }
76} 93}
77 94
78struct net_device *phonet_device_get(struct net *net) 95struct net_device *phonet_device_get(struct net *net)
@@ -126,8 +143,10 @@ int phonet_address_del(struct net_device *dev, u8 addr)
126 pnd = __phonet_get(dev); 143 pnd = __phonet_get(dev);
127 if (!pnd || !test_and_clear_bit(addr >> 2, pnd->addrs)) 144 if (!pnd || !test_and_clear_bit(addr >> 2, pnd->addrs))
128 err = -EADDRNOTAVAIL; 145 err = -EADDRNOTAVAIL;
129 else if (bitmap_empty(pnd->addrs, 64)) 146 else if (bitmap_empty(pnd->addrs, 64)) {
130 __phonet_device_free(pnd); 147 list_del(&pnd->list);
148 kfree(pnd);
149 }
131 spin_unlock_bh(&pndevs->lock); 150 spin_unlock_bh(&pndevs->lock);
132 return err; 151 return err;
133} 152}
@@ -181,18 +200,8 @@ static int phonet_device_notify(struct notifier_block *me, unsigned long what,
181{ 200{
182 struct net_device *dev = arg; 201 struct net_device *dev = arg;
183 202
184 if (what == NETDEV_UNREGISTER) { 203 if (what == NETDEV_UNREGISTER)
185 struct phonet_device_list *pndevs; 204 phonet_device_destroy(dev);
186 struct phonet_device *pnd;
187
188 /* Destroy phonet-specific device data */
189 pndevs = phonet_device_list(dev_net(dev));
190 spin_lock_bh(&pndevs->lock);
191 pnd = __phonet_get(dev);
192 if (pnd)
193 __phonet_device_free(pnd);
194 spin_unlock_bh(&pndevs->lock);
195 }
196 return 0; 205 return 0;
197 206
198} 207}
@@ -218,11 +227,12 @@ static int phonet_init_net(struct net *net)
218static void phonet_exit_net(struct net *net) 227static void phonet_exit_net(struct net *net)
219{ 228{
220 struct phonet_net *pnn = net_generic(net, phonet_net_id); 229 struct phonet_net *pnn = net_generic(net, phonet_net_id);
221 struct phonet_device *pnd, *n; 230 struct net_device *dev;
222
223 list_for_each_entry_safe(pnd, n, &pnn->pndevs.list, list)
224 __phonet_device_free(pnd);
225 231
232 rtnl_lock();
233 for_each_netdev(net, dev)
234 phonet_device_destroy(dev);
235 rtnl_unlock();
226 kfree(pnn); 236 kfree(pnn);
227} 237}
228 238
diff --git a/net/phonet/pn_netlink.c b/net/phonet/pn_netlink.c
index cec4e5951681..f8b4cee434c2 100644
--- a/net/phonet/pn_netlink.c
+++ b/net/phonet/pn_netlink.c
@@ -32,7 +32,7 @@
32static int fill_addr(struct sk_buff *skb, struct net_device *dev, u8 addr, 32static int fill_addr(struct sk_buff *skb, struct net_device *dev, u8 addr,
33 u32 pid, u32 seq, int event); 33 u32 pid, u32 seq, int event);
34 34
35static void rtmsg_notify(int event, struct net_device *dev, u8 addr) 35void phonet_address_notify(int event, struct net_device *dev, u8 addr)
36{ 36{
37 struct sk_buff *skb; 37 struct sk_buff *skb;
38 int err = -ENOBUFS; 38 int err = -ENOBUFS;
@@ -94,7 +94,7 @@ static int addr_doit(struct sk_buff *skb, struct nlmsghdr *nlh, void *attr)
94 else 94 else
95 err = phonet_address_del(dev, pnaddr); 95 err = phonet_address_del(dev, pnaddr);
96 if (!err) 96 if (!err)
97 rtmsg_notify(nlh->nlmsg_type, dev, pnaddr); 97 phonet_address_notify(nlh->nlmsg_type, dev, pnaddr);
98 return err; 98 return err;
99} 99}
100 100
diff --git a/net/rfkill/core.c b/net/rfkill/core.c
index 79693fe2001e..2fc4a1724eb8 100644
--- a/net/rfkill/core.c
+++ b/net/rfkill/core.c
@@ -549,6 +549,10 @@ void rfkill_set_states(struct rfkill *rfkill, bool sw, bool hw)
549 swprev = !!(rfkill->state & RFKILL_BLOCK_SW); 549 swprev = !!(rfkill->state & RFKILL_BLOCK_SW);
550 hwprev = !!(rfkill->state & RFKILL_BLOCK_HW); 550 hwprev = !!(rfkill->state & RFKILL_BLOCK_HW);
551 __rfkill_set_sw_state(rfkill, sw); 551 __rfkill_set_sw_state(rfkill, sw);
552 if (hw)
553 rfkill->state |= RFKILL_BLOCK_HW;
554 else
555 rfkill->state &= ~RFKILL_BLOCK_HW;
552 556
553 spin_unlock_irqrestore(&rfkill->lock, flags); 557 spin_unlock_irqrestore(&rfkill->lock, flags);
554 558
@@ -648,15 +652,26 @@ static ssize_t rfkill_state_store(struct device *dev,
648 struct device_attribute *attr, 652 struct device_attribute *attr,
649 const char *buf, size_t count) 653 const char *buf, size_t count)
650{ 654{
651 /* 655 struct rfkill *rfkill = to_rfkill(dev);
652 * The intention was that userspace can only take control over 656 unsigned long state;
653 * a given device when/if rfkill-input doesn't control it due 657 int err;
654 * to user_claim. Since user_claim is currently unsupported, 658
655 * we never support changing the state from userspace -- this 659 if (!capable(CAP_NET_ADMIN))
656 * can be implemented again later. 660 return -EPERM;
657 */ 661
662 err = strict_strtoul(buf, 0, &state);
663 if (err)
664 return err;
665
666 if (state != RFKILL_USER_STATE_SOFT_BLOCKED &&
667 state != RFKILL_USER_STATE_UNBLOCKED)
668 return -EINVAL;
669
670 mutex_lock(&rfkill_global_mutex);
671 rfkill_set_block(rfkill, state == RFKILL_USER_STATE_SOFT_BLOCKED);
672 mutex_unlock(&rfkill_global_mutex);
658 673
659 return -EPERM; 674 return err ?: count;
660} 675}
661 676
662static ssize_t rfkill_claim_show(struct device *dev, 677static ssize_t rfkill_claim_show(struct device *dev,
diff --git a/net/rose/af_rose.c b/net/rose/af_rose.c
index 6bd8e93869ed..f0a76f6bca71 100644
--- a/net/rose/af_rose.c
+++ b/net/rose/af_rose.c
@@ -92,23 +92,21 @@ static void rose_set_lockdep_key(struct net_device *dev)
92/* 92/*
93 * Convert a ROSE address into text. 93 * Convert a ROSE address into text.
94 */ 94 */
95const char *rose2asc(const rose_address *addr) 95char *rose2asc(char *buf, const rose_address *addr)
96{ 96{
97 static char buffer[11];
98
99 if (addr->rose_addr[0] == 0x00 && addr->rose_addr[1] == 0x00 && 97 if (addr->rose_addr[0] == 0x00 && addr->rose_addr[1] == 0x00 &&
100 addr->rose_addr[2] == 0x00 && addr->rose_addr[3] == 0x00 && 98 addr->rose_addr[2] == 0x00 && addr->rose_addr[3] == 0x00 &&
101 addr->rose_addr[4] == 0x00) { 99 addr->rose_addr[4] == 0x00) {
102 strcpy(buffer, "*"); 100 strcpy(buf, "*");
103 } else { 101 } else {
104 sprintf(buffer, "%02X%02X%02X%02X%02X", addr->rose_addr[0] & 0xFF, 102 sprintf(buf, "%02X%02X%02X%02X%02X", addr->rose_addr[0] & 0xFF,
105 addr->rose_addr[1] & 0xFF, 103 addr->rose_addr[1] & 0xFF,
106 addr->rose_addr[2] & 0xFF, 104 addr->rose_addr[2] & 0xFF,
107 addr->rose_addr[3] & 0xFF, 105 addr->rose_addr[3] & 0xFF,
108 addr->rose_addr[4] & 0xFF); 106 addr->rose_addr[4] & 0xFF);
109 } 107 }
110 108
111 return buffer; 109 return buf;
112} 110}
113 111
114/* 112/*
@@ -1437,7 +1435,7 @@ static void rose_info_stop(struct seq_file *seq, void *v)
1437 1435
1438static int rose_info_show(struct seq_file *seq, void *v) 1436static int rose_info_show(struct seq_file *seq, void *v)
1439{ 1437{
1440 char buf[11]; 1438 char buf[11], rsbuf[11];
1441 1439
1442 if (v == SEQ_START_TOKEN) 1440 if (v == SEQ_START_TOKEN)
1443 seq_puts(seq, 1441 seq_puts(seq,
@@ -1455,8 +1453,8 @@ static int rose_info_show(struct seq_file *seq, void *v)
1455 devname = dev->name; 1453 devname = dev->name;
1456 1454
1457 seq_printf(seq, "%-10s %-9s ", 1455 seq_printf(seq, "%-10s %-9s ",
1458 rose2asc(&rose->dest_addr), 1456 rose2asc(rsbuf, &rose->dest_addr),
1459 ax2asc(buf, &rose->dest_call)); 1457 ax2asc(buf, &rose->dest_call));
1460 1458
1461 if (ax25cmp(&rose->source_call, &null_ax25_address) == 0) 1459 if (ax25cmp(&rose->source_call, &null_ax25_address) == 0)
1462 callsign = "??????-?"; 1460 callsign = "??????-?";
@@ -1465,7 +1463,7 @@ static int rose_info_show(struct seq_file *seq, void *v)
1465 1463
1466 seq_printf(seq, 1464 seq_printf(seq,
1467 "%-10s %-9s %-5s %3.3X %05d %d %d %d %d %3lu %3lu %3lu %3lu %3lu %3lu/%03lu %5d %5d %ld\n", 1465 "%-10s %-9s %-5s %3.3X %05d %d %d %d %d %3lu %3lu %3lu %3lu %3lu %3lu/%03lu %5d %5d %ld\n",
1468 rose2asc(&rose->source_addr), 1466 rose2asc(rsbuf, &rose->source_addr),
1469 callsign, 1467 callsign,
1470 devname, 1468 devname,
1471 rose->lci & 0x0FFF, 1469 rose->lci & 0x0FFF,
diff --git a/net/rose/rose_route.c b/net/rose/rose_route.c
index a81066a1010a..9478d9b3d977 100644
--- a/net/rose/rose_route.c
+++ b/net/rose/rose_route.c
@@ -1104,6 +1104,7 @@ static void rose_node_stop(struct seq_file *seq, void *v)
1104 1104
1105static int rose_node_show(struct seq_file *seq, void *v) 1105static int rose_node_show(struct seq_file *seq, void *v)
1106{ 1106{
1107 char rsbuf[11];
1107 int i; 1108 int i;
1108 1109
1109 if (v == SEQ_START_TOKEN) 1110 if (v == SEQ_START_TOKEN)
@@ -1112,13 +1113,13 @@ static int rose_node_show(struct seq_file *seq, void *v)
1112 const struct rose_node *rose_node = v; 1113 const struct rose_node *rose_node = v;
1113 /* if (rose_node->loopback) { 1114 /* if (rose_node->loopback) {
1114 seq_printf(seq, "%-10s %04d 1 loopback\n", 1115 seq_printf(seq, "%-10s %04d 1 loopback\n",
1115 rose2asc(&rose_node->address), 1116 rose2asc(rsbuf, &rose_node->address),
1116 rose_node->mask); 1117 rose_node->mask);
1117 } else { */ 1118 } else { */
1118 seq_printf(seq, "%-10s %04d %d", 1119 seq_printf(seq, "%-10s %04d %d",
1119 rose2asc(&rose_node->address), 1120 rose2asc(rsbuf, &rose_node->address),
1120 rose_node->mask, 1121 rose_node->mask,
1121 rose_node->count); 1122 rose_node->count);
1122 1123
1123 for (i = 0; i < rose_node->count; i++) 1124 for (i = 0; i < rose_node->count; i++)
1124 seq_printf(seq, " %05d", 1125 seq_printf(seq, " %05d",
@@ -1267,7 +1268,7 @@ static void rose_route_stop(struct seq_file *seq, void *v)
1267 1268
1268static int rose_route_show(struct seq_file *seq, void *v) 1269static int rose_route_show(struct seq_file *seq, void *v)
1269{ 1270{
1270 char buf[11]; 1271 char buf[11], rsbuf[11];
1271 1272
1272 if (v == SEQ_START_TOKEN) 1273 if (v == SEQ_START_TOKEN)
1273 seq_puts(seq, 1274 seq_puts(seq,
@@ -1279,7 +1280,7 @@ static int rose_route_show(struct seq_file *seq, void *v)
1279 seq_printf(seq, 1280 seq_printf(seq,
1280 "%3.3X %-10s %-9s %05d ", 1281 "%3.3X %-10s %-9s %05d ",
1281 rose_route->lci1, 1282 rose_route->lci1,
1282 rose2asc(&rose_route->src_addr), 1283 rose2asc(rsbuf, &rose_route->src_addr),
1283 ax2asc(buf, &rose_route->src_call), 1284 ax2asc(buf, &rose_route->src_call),
1284 rose_route->neigh1->number); 1285 rose_route->neigh1->number);
1285 else 1286 else
@@ -1289,10 +1290,10 @@ static int rose_route_show(struct seq_file *seq, void *v)
1289 if (rose_route->neigh2) 1290 if (rose_route->neigh2)
1290 seq_printf(seq, 1291 seq_printf(seq,
1291 "%3.3X %-10s %-9s %05d\n", 1292 "%3.3X %-10s %-9s %05d\n",
1292 rose_route->lci2, 1293 rose_route->lci2,
1293 rose2asc(&rose_route->dest_addr), 1294 rose2asc(rsbuf, &rose_route->dest_addr),
1294 ax2asc(buf, &rose_route->dest_call), 1295 ax2asc(buf, &rose_route->dest_call),
1295 rose_route->neigh2->number); 1296 rose_route->neigh2->number);
1296 else 1297 else
1297 seq_puts(seq, 1298 seq_puts(seq,
1298 "000 * * 00000\n"); 1299 "000 * * 00000\n");
diff --git a/net/rxrpc/af_rxrpc.c b/net/rxrpc/af_rxrpc.c
index eac5e7bb7365..bfe493ebf27c 100644
--- a/net/rxrpc/af_rxrpc.c
+++ b/net/rxrpc/af_rxrpc.c
@@ -63,7 +63,7 @@ static void rxrpc_write_space(struct sock *sk)
63 _enter("%p", sk); 63 _enter("%p", sk);
64 read_lock(&sk->sk_callback_lock); 64 read_lock(&sk->sk_callback_lock);
65 if (rxrpc_writable(sk)) { 65 if (rxrpc_writable(sk)) {
66 if (sk->sk_sleep && waitqueue_active(sk->sk_sleep)) 66 if (sk_has_sleeper(sk))
67 wake_up_interruptible(sk->sk_sleep); 67 wake_up_interruptible(sk->sk_sleep);
68 sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT); 68 sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT);
69 } 69 }
@@ -588,7 +588,7 @@ static unsigned int rxrpc_poll(struct file *file, struct socket *sock,
588 unsigned int mask; 588 unsigned int mask;
589 struct sock *sk = sock->sk; 589 struct sock *sk = sock->sk;
590 590
591 poll_wait(file, sk->sk_sleep, wait); 591 sock_poll_wait(file, sk->sk_sleep, wait);
592 mask = 0; 592 mask = 0;
593 593
594 /* the socket is readable if there are any messages waiting on the Rx 594 /* the socket is readable if there are any messages waiting on the Rx
diff --git a/net/sctp/output.c b/net/sctp/output.c
index b76411444515..b94c21190566 100644
--- a/net/sctp/output.c
+++ b/net/sctp/output.c
@@ -407,7 +407,7 @@ int sctp_packet_transmit(struct sctp_packet *packet)
407 } 407 }
408 dst = dst_clone(tp->dst); 408 dst = dst_clone(tp->dst);
409 skb_dst_set(nskb, dst); 409 skb_dst_set(nskb, dst);
410 if (dst) 410 if (!dst)
411 goto no_route; 411 goto no_route;
412 412
413 /* Build the SCTP header. */ 413 /* Build the SCTP header. */
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index 35ba035970a2..971890dbfea0 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -6652,21 +6652,6 @@ static void sctp_wait_for_close(struct sock *sk, long timeout)
6652 finish_wait(sk->sk_sleep, &wait); 6652 finish_wait(sk->sk_sleep, &wait);
6653} 6653}
6654 6654
6655static void sctp_sock_rfree_frag(struct sk_buff *skb)
6656{
6657 struct sk_buff *frag;
6658
6659 if (!skb->data_len)
6660 goto done;
6661
6662 /* Don't forget the fragments. */
6663 skb_walk_frags(skb, frag)
6664 sctp_sock_rfree_frag(frag);
6665
6666done:
6667 sctp_sock_rfree(skb);
6668}
6669
6670static void sctp_skb_set_owner_r_frag(struct sk_buff *skb, struct sock *sk) 6655static void sctp_skb_set_owner_r_frag(struct sk_buff *skb, struct sock *sk)
6671{ 6656{
6672 struct sk_buff *frag; 6657 struct sk_buff *frag;
@@ -6776,7 +6761,6 @@ static void sctp_sock_migrate(struct sock *oldsk, struct sock *newsk,
6776 sctp_skb_for_each(skb, &oldsk->sk_receive_queue, tmp) { 6761 sctp_skb_for_each(skb, &oldsk->sk_receive_queue, tmp) {
6777 event = sctp_skb2event(skb); 6762 event = sctp_skb2event(skb);
6778 if (event->asoc == assoc) { 6763 if (event->asoc == assoc) {
6779 sctp_sock_rfree_frag(skb);
6780 __skb_unlink(skb, &oldsk->sk_receive_queue); 6764 __skb_unlink(skb, &oldsk->sk_receive_queue);
6781 __skb_queue_tail(&newsk->sk_receive_queue, skb); 6765 __skb_queue_tail(&newsk->sk_receive_queue, skb);
6782 sctp_skb_set_owner_r_frag(skb, newsk); 6766 sctp_skb_set_owner_r_frag(skb, newsk);
@@ -6807,7 +6791,6 @@ static void sctp_sock_migrate(struct sock *oldsk, struct sock *newsk,
6807 sctp_skb_for_each(skb, &oldsp->pd_lobby, tmp) { 6791 sctp_skb_for_each(skb, &oldsp->pd_lobby, tmp) {
6808 event = sctp_skb2event(skb); 6792 event = sctp_skb2event(skb);
6809 if (event->asoc == assoc) { 6793 if (event->asoc == assoc) {
6810 sctp_sock_rfree_frag(skb);
6811 __skb_unlink(skb, &oldsp->pd_lobby); 6794 __skb_unlink(skb, &oldsp->pd_lobby);
6812 __skb_queue_tail(queue, skb); 6795 __skb_queue_tail(queue, skb);
6813 sctp_skb_set_owner_r_frag(skb, newsk); 6796 sctp_skb_set_owner_r_frag(skb, newsk);
@@ -6822,15 +6805,11 @@ static void sctp_sock_migrate(struct sock *oldsk, struct sock *newsk,
6822 6805
6823 } 6806 }
6824 6807
6825 sctp_skb_for_each(skb, &assoc->ulpq.reasm, tmp) { 6808 sctp_skb_for_each(skb, &assoc->ulpq.reasm, tmp)
6826 sctp_sock_rfree_frag(skb);
6827 sctp_skb_set_owner_r_frag(skb, newsk); 6809 sctp_skb_set_owner_r_frag(skb, newsk);
6828 }
6829 6810
6830 sctp_skb_for_each(skb, &assoc->ulpq.lobby, tmp) { 6811 sctp_skb_for_each(skb, &assoc->ulpq.lobby, tmp)
6831 sctp_sock_rfree_frag(skb);
6832 sctp_skb_set_owner_r_frag(skb, newsk); 6812 sctp_skb_set_owner_r_frag(skb, newsk);
6833 }
6834 6813
6835 /* Set the type of socket to indicate that it is peeled off from the 6814 /* Set the type of socket to indicate that it is peeled off from the
6836 * original UDP-style socket or created with the accept() call on a 6815 * original UDP-style socket or created with the accept() call on a
diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c
index 5bc2f45bddf0..ebfcf9b89909 100644
--- a/net/sunrpc/clnt.c
+++ b/net/sunrpc/clnt.c
@@ -28,7 +28,6 @@
28#include <linux/kallsyms.h> 28#include <linux/kallsyms.h>
29#include <linux/mm.h> 29#include <linux/mm.h>
30#include <linux/slab.h> 30#include <linux/slab.h>
31#include <linux/smp_lock.h>
32#include <linux/utsname.h> 31#include <linux/utsname.h>
33#include <linux/workqueue.h> 32#include <linux/workqueue.h>
34#include <linux/in6.h> 33#include <linux/in6.h>
diff --git a/net/sunrpc/sched.c b/net/sunrpc/sched.c
index 1102ce1251f7..8f459abe97cf 100644
--- a/net/sunrpc/sched.c
+++ b/net/sunrpc/sched.c
@@ -16,7 +16,6 @@
16#include <linux/slab.h> 16#include <linux/slab.h>
17#include <linux/mempool.h> 17#include <linux/mempool.h>
18#include <linux/smp.h> 18#include <linux/smp.h>
19#include <linux/smp_lock.h>
20#include <linux/spinlock.h> 19#include <linux/spinlock.h>
21#include <linux/mutex.h> 20#include <linux/mutex.h>
22 21
diff --git a/net/sunrpc/sunrpc_syms.c b/net/sunrpc/sunrpc_syms.c
index 843629f55763..adaa81982f74 100644
--- a/net/sunrpc/sunrpc_syms.c
+++ b/net/sunrpc/sunrpc_syms.c
@@ -66,6 +66,7 @@ cleanup_sunrpc(void)
66#ifdef CONFIG_PROC_FS 66#ifdef CONFIG_PROC_FS
67 rpc_proc_exit(); 67 rpc_proc_exit();
68#endif 68#endif
69 rcu_barrier(); /* Wait for completion of call_rcu()'s */
69} 70}
70MODULE_LICENSE("GPL"); 71MODULE_LICENSE("GPL");
71module_init(init_sunrpc); 72module_init(init_sunrpc);
diff --git a/net/sunrpc/svc_xprt.c b/net/sunrpc/svc_xprt.c
index 6f33d33cc064..27d44332f017 100644
--- a/net/sunrpc/svc_xprt.c
+++ b/net/sunrpc/svc_xprt.c
@@ -5,6 +5,7 @@
5 */ 5 */
6 6
7#include <linux/sched.h> 7#include <linux/sched.h>
8#include <linux/smp_lock.h>
8#include <linux/errno.h> 9#include <linux/errno.h>
9#include <linux/freezer.h> 10#include <linux/freezer.h>
10#include <linux/kthread.h> 11#include <linux/kthread.h>
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index 36d4e44d6233..fc3ebb906911 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -315,7 +315,7 @@ static void unix_write_space(struct sock *sk)
315{ 315{
316 read_lock(&sk->sk_callback_lock); 316 read_lock(&sk->sk_callback_lock);
317 if (unix_writable(sk)) { 317 if (unix_writable(sk)) {
318 if (sk->sk_sleep && waitqueue_active(sk->sk_sleep)) 318 if (sk_has_sleeper(sk))
319 wake_up_interruptible_sync(sk->sk_sleep); 319 wake_up_interruptible_sync(sk->sk_sleep);
320 sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT); 320 sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT);
321 } 321 }
@@ -1985,7 +1985,7 @@ static unsigned int unix_poll(struct file *file, struct socket *sock, poll_table
1985 struct sock *sk = sock->sk; 1985 struct sock *sk = sock->sk;
1986 unsigned int mask; 1986 unsigned int mask;
1987 1987
1988 poll_wait(file, sk->sk_sleep, wait); 1988 sock_poll_wait(file, sk->sk_sleep, wait);
1989 mask = 0; 1989 mask = 0;
1990 1990
1991 /* exceptional events? */ 1991 /* exceptional events? */
@@ -2022,7 +2022,7 @@ static unsigned int unix_dgram_poll(struct file *file, struct socket *sock,
2022 struct sock *sk = sock->sk, *other; 2022 struct sock *sk = sock->sk, *other;
2023 unsigned int mask, writable; 2023 unsigned int mask, writable;
2024 2024
2025 poll_wait(file, sk->sk_sleep, wait); 2025 sock_poll_wait(file, sk->sk_sleep, wait);
2026 mask = 0; 2026 mask = 0;
2027 2027
2028 /* exceptional events? */ 2028 /* exceptional events? */
@@ -2053,7 +2053,7 @@ static unsigned int unix_dgram_poll(struct file *file, struct socket *sock,
2053 other = unix_peer_get(sk); 2053 other = unix_peer_get(sk);
2054 if (other) { 2054 if (other) {
2055 if (unix_peer(other) != sk) { 2055 if (unix_peer(other) != sk) {
2056 poll_wait(file, &unix_sk(other)->peer_wait, 2056 sock_poll_wait(file, &unix_sk(other)->peer_wait,
2057 wait); 2057 wait);
2058 if (unix_recvq_full(other)) 2058 if (unix_recvq_full(other))
2059 writable = 0; 2059 writable = 0;
diff --git a/net/wanrouter/wanmain.c b/net/wanrouter/wanmain.c
index 466e2d22d256..258daa80ad92 100644
--- a/net/wanrouter/wanmain.c
+++ b/net/wanrouter/wanmain.c
@@ -48,6 +48,7 @@
48#include <linux/kernel.h> 48#include <linux/kernel.h>
49#include <linux/module.h> /* support for loadable modules */ 49#include <linux/module.h> /* support for loadable modules */
50#include <linux/slab.h> /* kmalloc(), kfree() */ 50#include <linux/slab.h> /* kmalloc(), kfree() */
51#include <linux/smp_lock.h>
51#include <linux/mm.h> 52#include <linux/mm.h>
52#include <linux/string.h> /* inline mem*, str* functions */ 53#include <linux/string.h> /* inline mem*, str* functions */
53 54
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 241bddd0b4f1..634496b3ed77 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -447,6 +447,7 @@ static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
447 447
448 rdev = __cfg80211_drv_from_info(info); 448 rdev = __cfg80211_drv_from_info(info);
449 if (IS_ERR(rdev)) { 449 if (IS_ERR(rdev)) {
450 mutex_unlock(&cfg80211_mutex);
450 result = PTR_ERR(rdev); 451 result = PTR_ERR(rdev);
451 goto unlock; 452 goto unlock;
452 } 453 }
@@ -996,7 +997,7 @@ static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
996 997
997 if (IS_ERR(hdr)) { 998 if (IS_ERR(hdr)) {
998 err = PTR_ERR(hdr); 999 err = PTR_ERR(hdr);
999 goto out; 1000 goto free_msg;
1000 } 1001 }
1001 1002
1002 cookie.msg = msg; 1003 cookie.msg = msg;
@@ -1010,7 +1011,7 @@ static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
1010 &cookie, get_key_callback); 1011 &cookie, get_key_callback);
1011 1012
1012 if (err) 1013 if (err)
1013 goto out; 1014 goto free_msg;
1014 1015
1015 if (cookie.error) 1016 if (cookie.error)
1016 goto nla_put_failure; 1017 goto nla_put_failure;
@@ -1021,6 +1022,7 @@ static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
1021 1022
1022 nla_put_failure: 1023 nla_put_failure:
1023 err = -ENOBUFS; 1024 err = -ENOBUFS;
1025 free_msg:
1024 nlmsg_free(msg); 1026 nlmsg_free(msg);
1025 out: 1027 out:
1026 cfg80211_put_dev(drv); 1028 cfg80211_put_dev(drv);
diff --git a/net/wireless/reg.c b/net/wireless/reg.c
index 5e14371cda70..75a406d33619 100644
--- a/net/wireless/reg.c
+++ b/net/wireless/reg.c
@@ -1089,17 +1089,18 @@ static void handle_reg_beacon(struct wiphy *wiphy,
1089 1089
1090 chan->beacon_found = true; 1090 chan->beacon_found = true;
1091 1091
1092 if (wiphy->disable_beacon_hints)
1093 return;
1094
1092 chan_before.center_freq = chan->center_freq; 1095 chan_before.center_freq = chan->center_freq;
1093 chan_before.flags = chan->flags; 1096 chan_before.flags = chan->flags;
1094 1097
1095 if ((chan->flags & IEEE80211_CHAN_PASSIVE_SCAN) && 1098 if (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN) {
1096 !(chan->orig_flags & IEEE80211_CHAN_PASSIVE_SCAN)) {
1097 chan->flags &= ~IEEE80211_CHAN_PASSIVE_SCAN; 1099 chan->flags &= ~IEEE80211_CHAN_PASSIVE_SCAN;
1098 channel_changed = true; 1100 channel_changed = true;
1099 } 1101 }
1100 1102
1101 if ((chan->flags & IEEE80211_CHAN_NO_IBSS) && 1103 if (chan->flags & IEEE80211_CHAN_NO_IBSS) {
1102 !(chan->orig_flags & IEEE80211_CHAN_NO_IBSS)) {
1103 chan->flags &= ~IEEE80211_CHAN_NO_IBSS; 1104 chan->flags &= ~IEEE80211_CHAN_NO_IBSS;
1104 channel_changed = true; 1105 channel_changed = true;
1105 } 1106 }
diff --git a/net/wireless/reg.h b/net/wireless/reg.h
index e37829a49dc4..4e167a8e11be 100644
--- a/net/wireless/reg.h
+++ b/net/wireless/reg.h
@@ -30,7 +30,8 @@ int set_regdom(const struct ieee80211_regdomain *rd);
30 * non-radar 5 GHz channels. 30 * non-radar 5 GHz channels.
31 * 31 *
32 * Drivers do not need to call this, cfg80211 will do it for after a scan 32 * Drivers do not need to call this, cfg80211 will do it for after a scan
33 * on a newly found BSS. 33 * on a newly found BSS. If you cannot make use of this feature you can
34 * set the wiphy->disable_beacon_hints to true.
34 */ 35 */
35int regulatory_hint_found_beacon(struct wiphy *wiphy, 36int regulatory_hint_found_beacon(struct wiphy *wiphy,
36 struct ieee80211_channel *beacon_chan, 37 struct ieee80211_channel *beacon_chan,
diff --git a/net/wireless/scan.c b/net/wireless/scan.c
index e95b638b919f..7e595ce24eeb 100644
--- a/net/wireless/scan.c
+++ b/net/wireless/scan.c
@@ -35,8 +35,6 @@ void cfg80211_scan_done(struct cfg80211_scan_request *request, bool aborted)
35 else 35 else
36 nl80211_send_scan_done(wiphy_to_dev(request->wiphy), dev); 36 nl80211_send_scan_done(wiphy_to_dev(request->wiphy), dev);
37 37
38 wiphy_to_dev(request->wiphy)->scan_req = NULL;
39
40#ifdef CONFIG_WIRELESS_EXT 38#ifdef CONFIG_WIRELESS_EXT
41 if (!aborted) { 39 if (!aborted) {
42 memset(&wrqu, 0, sizeof(wrqu)); 40 memset(&wrqu, 0, sizeof(wrqu));
@@ -48,6 +46,7 @@ void cfg80211_scan_done(struct cfg80211_scan_request *request, bool aborted)
48 dev_put(dev); 46 dev_put(dev);
49 47
50 out: 48 out:
49 wiphy_to_dev(request->wiphy)->scan_req = NULL;
51 kfree(request); 50 kfree(request);
52} 51}
53EXPORT_SYMBOL(cfg80211_scan_done); 52EXPORT_SYMBOL(cfg80211_scan_done);
@@ -119,7 +118,7 @@ static int cmp_ies(u8 num, u8 *ies1, size_t len1, u8 *ies2, size_t len2)
119 118
120 if (!ie1 && !ie2) 119 if (!ie1 && !ie2)
121 return 0; 120 return 0;
122 if (!ie1) 121 if (!ie1 || !ie2)
123 return -1; 122 return -1;
124 123
125 r = memcmp(ie1 + 2, ie2 + 2, min(ie1[1], ie2[1])); 124 r = memcmp(ie1 + 2, ie2 + 2, min(ie1[1], ie2[1]));
@@ -172,6 +171,8 @@ static bool is_mesh(struct cfg80211_bss *a,
172 ie = find_ie(WLAN_EID_MESH_CONFIG, 171 ie = find_ie(WLAN_EID_MESH_CONFIG,
173 a->information_elements, 172 a->information_elements,
174 a->len_information_elements); 173 a->len_information_elements);
174 if (!ie)
175 return false;
175 if (ie[1] != IEEE80211_MESH_CONFIG_LEN) 176 if (ie[1] != IEEE80211_MESH_CONFIG_LEN)
176 return false; 177 return false;
177 178
@@ -366,7 +367,6 @@ cfg80211_bss_update(struct cfg80211_registered_device *dev,
366 found = rb_find_bss(dev, res); 367 found = rb_find_bss(dev, res);
367 368
368 if (found) { 369 if (found) {
369 kref_get(&found->ref);
370 found->pub.beacon_interval = res->pub.beacon_interval; 370 found->pub.beacon_interval = res->pub.beacon_interval;
371 found->pub.tsf = res->pub.tsf; 371 found->pub.tsf = res->pub.tsf;
372 found->pub.signal = res->pub.signal; 372 found->pub.signal = res->pub.signal;
diff --git a/net/x25/af_x25.c b/net/x25/af_x25.c
index 21cdc872004e..5e6c072c64d3 100644
--- a/net/x25/af_x25.c
+++ b/net/x25/af_x25.c
@@ -40,6 +40,7 @@
40#include <linux/errno.h> 40#include <linux/errno.h>
41#include <linux/kernel.h> 41#include <linux/kernel.h>
42#include <linux/sched.h> 42#include <linux/sched.h>
43#include <linux/smp_lock.h>
43#include <linux/timer.h> 44#include <linux/timer.h>
44#include <linux/string.h> 45#include <linux/string.h>
45#include <linux/net.h> 46#include <linux/net.h>
diff --git a/net/xfrm/xfrm_algo.c b/net/xfrm/xfrm_algo.c
index d31ccb487730..faf54c6bf96b 100644
--- a/net/xfrm/xfrm_algo.c
+++ b/net/xfrm/xfrm_algo.c
@@ -292,8 +292,8 @@ static struct xfrm_algo_desc ealg_list[] = {
292 } 292 }
293}, 293},
294{ 294{
295 .name = "cbc(cast128)", 295 .name = "cbc(cast5)",
296 .compat = "cast128", 296 .compat = "cast5",
297 297
298 .uinfo = { 298 .uinfo = {
299 .encr = { 299 .encr = {
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 5f1f86565f16..f2f7c638083e 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -668,22 +668,10 @@ static struct xfrm_state *__xfrm_state_lookup(struct net *net, xfrm_address_t *d
668 hlist_for_each_entry(x, entry, net->xfrm.state_byspi+h, byspi) { 668 hlist_for_each_entry(x, entry, net->xfrm.state_byspi+h, byspi) {
669 if (x->props.family != family || 669 if (x->props.family != family ||
670 x->id.spi != spi || 670 x->id.spi != spi ||
671 x->id.proto != proto) 671 x->id.proto != proto ||
672 xfrm_addr_cmp(&x->id.daddr, daddr, family))
672 continue; 673 continue;
673 674
674 switch (family) {
675 case AF_INET:
676 if (x->id.daddr.a4 != daddr->a4)
677 continue;
678 break;
679 case AF_INET6:
680 if (!ipv6_addr_equal((struct in6_addr *)daddr,
681 (struct in6_addr *)
682 x->id.daddr.a6))
683 continue;
684 break;
685 }
686
687 xfrm_state_hold(x); 675 xfrm_state_hold(x);
688 return x; 676 return x;
689 } 677 }
@@ -699,26 +687,11 @@ static struct xfrm_state *__xfrm_state_lookup_byaddr(struct net *net, xfrm_addre
699 687
700 hlist_for_each_entry(x, entry, net->xfrm.state_bysrc+h, bysrc) { 688 hlist_for_each_entry(x, entry, net->xfrm.state_bysrc+h, bysrc) {
701 if (x->props.family != family || 689 if (x->props.family != family ||
702 x->id.proto != proto) 690 x->id.proto != proto ||
691 xfrm_addr_cmp(&x->id.daddr, daddr, family) ||
692 xfrm_addr_cmp(&x->props.saddr, saddr, family))
703 continue; 693 continue;
704 694
705 switch (family) {
706 case AF_INET:
707 if (x->id.daddr.a4 != daddr->a4 ||
708 x->props.saddr.a4 != saddr->a4)
709 continue;
710 break;
711 case AF_INET6:
712 if (!ipv6_addr_equal((struct in6_addr *)daddr,
713 (struct in6_addr *)
714 x->id.daddr.a6) ||
715 !ipv6_addr_equal((struct in6_addr *)saddr,
716 (struct in6_addr *)
717 x->props.saddr.a6))
718 continue;
719 break;
720 }
721
722 xfrm_state_hold(x); 695 xfrm_state_hold(x);
723 return x; 696 return x;
724 } 697 }
@@ -1001,25 +974,11 @@ static struct xfrm_state *__find_acq_core(struct net *net, unsigned short family
1001 x->props.family != family || 974 x->props.family != family ||
1002 x->km.state != XFRM_STATE_ACQ || 975 x->km.state != XFRM_STATE_ACQ ||
1003 x->id.spi != 0 || 976 x->id.spi != 0 ||
1004 x->id.proto != proto) 977 x->id.proto != proto ||
978 xfrm_addr_cmp(&x->id.daddr, daddr, family) ||
979 xfrm_addr_cmp(&x->props.saddr, saddr, family))
1005 continue; 980 continue;
1006 981
1007 switch (family) {
1008 case AF_INET:
1009 if (x->id.daddr.a4 != daddr->a4 ||
1010 x->props.saddr.a4 != saddr->a4)
1011 continue;
1012 break;
1013 case AF_INET6:
1014 if (!ipv6_addr_equal((struct in6_addr *)x->id.daddr.a6,
1015 (struct in6_addr *)daddr) ||
1016 !ipv6_addr_equal((struct in6_addr *)
1017 x->props.saddr.a6,
1018 (struct in6_addr *)saddr))
1019 continue;
1020 break;
1021 }
1022
1023 xfrm_state_hold(x); 982 xfrm_state_hold(x);
1024 return x; 983 return x;
1025 } 984 }
generated by cgit v1.2.2 (git 2.25.0) at 2025-08-17 14:24:52 -0400