aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorJens Axboe <jens.axboe@oracle.com>2010-04-29 03:36:24 -0400
committerJens Axboe <jens.axboe@oracle.com>2010-04-29 03:36:24 -0400
commit7407cf355fdf5500430be966dbbde84a27293bad (patch)
tree922861288ff38558ed721a79653f52b17b13bb95 /net
parent6a47dc1418682c83d603b491df1d048f73aa973e (diff)
parent79dba2eaa771c3173957eccfd288e0e0d12e4d3f (diff)
Merge branch 'master' into for-2.6.35
Conflicts: fs/block_dev.c Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
Diffstat (limited to 'net')
-rw-r--r--net/bluetooth/l2cap.c5
-rw-r--r--net/bridge/br_multicast.c10
-rw-r--r--net/can/raw.c2
-rw-r--r--net/core/dev.c8
-rw-r--r--net/core/rtnetlink.c5
-rw-r--r--net/ieee802154/af_ieee802154.c3
-rw-r--r--net/ipv4/fib_trie.c4
-rw-r--r--net/ipv4/ip_output.c2
-rw-r--r--net/ipv4/udp.c4
-rw-r--r--net/ipv6/ip6_output.c4
-rw-r--r--net/ipv6/route.c2
-rw-r--r--net/ipv6/tcp_ipv6.c2
-rw-r--r--net/ipv6/udp.c4
-rw-r--r--net/ipv6/xfrm6_policy.c2
-rw-r--r--net/mac80211/agg-tx.c1
-rw-r--r--net/mac80211/main.c4
-rw-r--r--net/mac80211/mesh.c3
-rw-r--r--net/mac80211/mlme.c2
-rw-r--r--net/mac80211/rx.c5
-rw-r--r--net/mac80211/sta_info.c20
-rw-r--r--net/packet/af_packet.c2
-rw-r--r--net/rds/rdma_transport.c2
-rw-r--r--net/sctp/associola.c6
-rw-r--r--net/sctp/endpointola.c1
-rw-r--r--net/sctp/sm_make_chunk.c32
-rw-r--r--net/sctp/sm_sideeffect.c26
-rw-r--r--net/sctp/sm_statefuns.c8
-rw-r--r--net/sctp/socket.c14
-rw-r--r--net/x25/af_x25.c68
-rw-r--r--net/x25/x25_facilities.c27
-rw-r--r--net/x25/x25_in.c15
31 files changed, 218 insertions, 75 deletions
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index 99d68c34e4f1..9753b690a8b3 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -1626,7 +1626,10 @@ static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct ms
1626 /* Connectionless channel */ 1626 /* Connectionless channel */
1627 if (sk->sk_type == SOCK_DGRAM) { 1627 if (sk->sk_type == SOCK_DGRAM) {
1628 skb = l2cap_create_connless_pdu(sk, msg, len); 1628 skb = l2cap_create_connless_pdu(sk, msg, len);
1629 err = l2cap_do_send(sk, skb); 1629 if (IS_ERR(skb))
1630 err = PTR_ERR(skb);
1631 else
1632 err = l2cap_do_send(sk, skb);
1630 goto done; 1633 goto done;
1631 } 1634 }
1632 1635
diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c
index 6980625537ca..eaa0e1bae49b 100644
--- a/net/bridge/br_multicast.c
+++ b/net/bridge/br_multicast.c
@@ -723,11 +723,11 @@ static int br_multicast_igmp3_report(struct net_bridge *br,
723 if (!pskb_may_pull(skb, len)) 723 if (!pskb_may_pull(skb, len))
724 return -EINVAL; 724 return -EINVAL;
725 725
726 grec = (void *)(skb->data + len); 726 grec = (void *)(skb->data + len - sizeof(*grec));
727 group = grec->grec_mca; 727 group = grec->grec_mca;
728 type = grec->grec_type; 728 type = grec->grec_type;
729 729
730 len += grec->grec_nsrcs * 4; 730 len += ntohs(grec->grec_nsrcs) * 4;
731 if (!pskb_may_pull(skb, len)) 731 if (!pskb_may_pull(skb, len))
732 return -EINVAL; 732 return -EINVAL;
733 733
@@ -957,9 +957,6 @@ static int br_multicast_ipv4_rcv(struct net_bridge *br,
957 unsigned offset; 957 unsigned offset;
958 int err; 958 int err;
959 959
960 BR_INPUT_SKB_CB(skb)->igmp = 0;
961 BR_INPUT_SKB_CB(skb)->mrouters_only = 0;
962
963 /* We treat OOM as packet loss for now. */ 960 /* We treat OOM as packet loss for now. */
964 if (!pskb_may_pull(skb, sizeof(*iph))) 961 if (!pskb_may_pull(skb, sizeof(*iph)))
965 return -EINVAL; 962 return -EINVAL;
@@ -1049,6 +1046,9 @@ err_out:
1049int br_multicast_rcv(struct net_bridge *br, struct net_bridge_port *port, 1046int br_multicast_rcv(struct net_bridge *br, struct net_bridge_port *port,
1050 struct sk_buff *skb) 1047 struct sk_buff *skb)
1051{ 1048{
1049 BR_INPUT_SKB_CB(skb)->igmp = 0;
1050 BR_INPUT_SKB_CB(skb)->mrouters_only = 0;
1051
1052 if (br->multicast_disabled) 1052 if (br->multicast_disabled)
1053 return 0; 1053 return 0;
1054 1054
diff --git a/net/can/raw.c b/net/can/raw.c
index 3a7dffb6519c..da99cf153b33 100644
--- a/net/can/raw.c
+++ b/net/can/raw.c
@@ -445,7 +445,7 @@ static int raw_setsockopt(struct socket *sock, int level, int optname,
445 return -EFAULT; 445 return -EFAULT;
446 } 446 }
447 } else if (count == 1) { 447 } else if (count == 1) {
448 if (copy_from_user(&sfilter, optval, optlen)) 448 if (copy_from_user(&sfilter, optval, sizeof(sfilter)))
449 return -EFAULT; 449 return -EFAULT;
450 } 450 }
451 451
diff --git a/net/core/dev.c b/net/core/dev.c
index 1c8a0ce473a8..f769098774b7 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -1989,8 +1989,12 @@ static struct netdev_queue *dev_pick_tx(struct net_device *dev,
1989 if (dev->real_num_tx_queues > 1) 1989 if (dev->real_num_tx_queues > 1)
1990 queue_index = skb_tx_hash(dev, skb); 1990 queue_index = skb_tx_hash(dev, skb);
1991 1991
1992 if (sk && sk->sk_dst_cache) 1992 if (sk) {
1993 sk_tx_queue_set(sk, queue_index); 1993 struct dst_entry *dst = rcu_dereference_bh(sk->sk_dst_cache);
1994
1995 if (dst && skb_dst(skb) == dst)
1996 sk_tx_queue_set(sk, queue_index);
1997 }
1994 } 1998 }
1995 } 1999 }
1996 2000
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index 4568120d8533..fe776c9ddeca 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -1270,10 +1270,11 @@ replay:
1270 err = ops->newlink(net, dev, tb, data); 1270 err = ops->newlink(net, dev, tb, data);
1271 else 1271 else
1272 err = register_netdevice(dev); 1272 err = register_netdevice(dev);
1273 if (err < 0 && !IS_ERR(dev)) { 1273
1274 if (err < 0 && !IS_ERR(dev))
1274 free_netdev(dev); 1275 free_netdev(dev);
1276 if (err < 0)
1275 goto out; 1277 goto out;
1276 }
1277 1278
1278 err = rtnl_configure_link(dev, ifm); 1279 err = rtnl_configure_link(dev, ifm);
1279 if (err < 0) 1280 if (err < 0)
diff --git a/net/ieee802154/af_ieee802154.c b/net/ieee802154/af_ieee802154.c
index c7da600750bb..93c91b633a56 100644
--- a/net/ieee802154/af_ieee802154.c
+++ b/net/ieee802154/af_ieee802154.c
@@ -151,6 +151,9 @@ static int ieee802154_dev_ioctl(struct sock *sk, struct ifreq __user *arg,
151 dev_load(sock_net(sk), ifr.ifr_name); 151 dev_load(sock_net(sk), ifr.ifr_name);
152 dev = dev_get_by_name(sock_net(sk), ifr.ifr_name); 152 dev = dev_get_by_name(sock_net(sk), ifr.ifr_name);
153 153
154 if (!dev)
155 return -ENODEV;
156
154 if (dev->type == ARPHRD_IEEE802154 && dev->netdev_ops->ndo_do_ioctl) 157 if (dev->type == ARPHRD_IEEE802154 && dev->netdev_ops->ndo_do_ioctl)
155 ret = dev->netdev_ops->ndo_do_ioctl(dev, &ifr, cmd); 158 ret = dev->netdev_ops->ndo_do_ioctl(dev, &ifr, cmd);
156 159
diff --git a/net/ipv4/fib_trie.c b/net/ipv4/fib_trie.c
index 59a838795e3e..c98f115fb0fd 100644
--- a/net/ipv4/fib_trie.c
+++ b/net/ipv4/fib_trie.c
@@ -209,7 +209,9 @@ static inline struct node *tnode_get_child_rcu(struct tnode *tn, unsigned int i)
209{ 209{
210 struct node *ret = tnode_get_child(tn, i); 210 struct node *ret = tnode_get_child(tn, i);
211 211
212 return rcu_dereference(ret); 212 return rcu_dereference_check(ret,
213 rcu_read_lock_held() ||
214 lockdep_rtnl_is_held());
213} 215}
214 216
215static inline int tnode_child_length(const struct tnode *tn) 217static inline int tnode_child_length(const struct tnode *tn)
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index c65f18e0936e..d1bcc9f21d4f 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -120,7 +120,7 @@ static int ip_dev_loopback_xmit(struct sk_buff *newskb)
120 newskb->pkt_type = PACKET_LOOPBACK; 120 newskb->pkt_type = PACKET_LOOPBACK;
121 newskb->ip_summed = CHECKSUM_UNNECESSARY; 121 newskb->ip_summed = CHECKSUM_UNNECESSARY;
122 WARN_ON(!skb_dst(newskb)); 122 WARN_ON(!skb_dst(newskb));
123 netif_rx(newskb); 123 netif_rx_ni(newskb);
124 return 0; 124 return 0;
125} 125}
126 126
diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
index 954bbfb39dff..8fef859db35d 100644
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -472,8 +472,8 @@ static struct sock *__udp4_lib_lookup(struct net *net, __be32 saddr,
472 if (hslot->count < hslot2->count) 472 if (hslot->count < hslot2->count)
473 goto begin; 473 goto begin;
474 474
475 result = udp4_lib_lookup2(net, INADDR_ANY, sport, 475 result = udp4_lib_lookup2(net, saddr, sport,
476 daddr, hnum, dif, 476 INADDR_ANY, hnum, dif,
477 hslot2, slot2); 477 hslot2, slot2);
478 } 478 }
479 rcu_read_unlock(); 479 rcu_read_unlock();
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index 16c4391f952b..75d5ef830097 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -108,7 +108,7 @@ static int ip6_dev_loopback_xmit(struct sk_buff *newskb)
108 newskb->ip_summed = CHECKSUM_UNNECESSARY; 108 newskb->ip_summed = CHECKSUM_UNNECESSARY;
109 WARN_ON(!skb_dst(newskb)); 109 WARN_ON(!skb_dst(newskb));
110 110
111 netif_rx(newskb); 111 netif_rx_ni(newskb);
112 return 0; 112 return 0;
113} 113}
114 114
@@ -629,7 +629,7 @@ static int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *))
629 /* We must not fragment if the socket is set to force MTU discovery 629 /* We must not fragment if the socket is set to force MTU discovery
630 * or if the skb it not generated by a local socket. 630 * or if the skb it not generated by a local socket.
631 */ 631 */
632 if (!skb->local_df) { 632 if (!skb->local_df && skb->len > mtu) {
633 skb->dev = skb_dst(skb)->dev; 633 skb->dev = skb_dst(skb)->dev;
634 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu); 634 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
635 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), 635 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index c2438e8cb9d0..05ebd7833043 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -815,7 +815,7 @@ struct dst_entry * ip6_route_output(struct net *net, struct sock *sk,
815{ 815{
816 int flags = 0; 816 int flags = 0;
817 817
818 if (rt6_need_strict(&fl->fl6_dst)) 818 if (fl->oif || rt6_need_strict(&fl->fl6_dst))
819 flags |= RT6_LOOKUP_F_IFACE; 819 flags |= RT6_LOOKUP_F_IFACE;
820 820
821 if (!ipv6_addr_any(&fl->fl6_src)) 821 if (!ipv6_addr_any(&fl->fl6_src))
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index c92ebe8f80d5..075f540ec197 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -1015,7 +1015,7 @@ static void tcp_v6_send_response(struct sk_buff *skb, u32 seq, u32 ack, u32 win,
1015 skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len); 1015 skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
1016 1016
1017 t1 = (struct tcphdr *) skb_push(buff, tot_len); 1017 t1 = (struct tcphdr *) skb_push(buff, tot_len);
1018 skb_reset_transport_header(skb); 1018 skb_reset_transport_header(buff);
1019 1019
1020 /* Swap the send and the receive. */ 1020 /* Swap the send and the receive. */
1021 memset(t1, 0, sizeof(*t1)); 1021 memset(t1, 0, sizeof(*t1));
diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
index c177aea88c0b..90824852f598 100644
--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -259,8 +259,8 @@ static struct sock *__udp6_lib_lookup(struct net *net,
259 if (hslot->count < hslot2->count) 259 if (hslot->count < hslot2->count)
260 goto begin; 260 goto begin;
261 261
262 result = udp6_lib_lookup2(net, &in6addr_any, sport, 262 result = udp6_lib_lookup2(net, saddr, sport,
263 daddr, hnum, dif, 263 &in6addr_any, hnum, dif,
264 hslot2, slot2); 264 hslot2, slot2);
265 } 265 }
266 rcu_read_unlock(); 266 rcu_read_unlock();
diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c
index ae181651c75a..00bf7c962b7e 100644
--- a/net/ipv6/xfrm6_policy.c
+++ b/net/ipv6/xfrm6_policy.c
@@ -124,7 +124,7 @@ static int xfrm6_fill_dst(struct xfrm_dst *xdst, struct net_device *dev,
124 xdst->u.dst.dev = dev; 124 xdst->u.dst.dev = dev;
125 dev_hold(dev); 125 dev_hold(dev);
126 126
127 xdst->u.rt6.rt6i_idev = in6_dev_get(rt->u.dst.dev); 127 xdst->u.rt6.rt6i_idev = in6_dev_get(dev);
128 if (!xdst->u.rt6.rt6i_idev) 128 if (!xdst->u.rt6.rt6i_idev)
129 return -ENODEV; 129 return -ENODEV;
130 130
diff --git a/net/mac80211/agg-tx.c b/net/mac80211/agg-tx.c
index 96d25348aa59..87782a4bb541 100644
--- a/net/mac80211/agg-tx.c
+++ b/net/mac80211/agg-tx.c
@@ -184,7 +184,6 @@ static void sta_addba_resp_timer_expired(unsigned long data)
184 HT_AGG_STATE_REQ_STOP_BA_MSK)) != 184 HT_AGG_STATE_REQ_STOP_BA_MSK)) !=
185 HT_ADDBA_REQUESTED_MSK) { 185 HT_ADDBA_REQUESTED_MSK) {
186 spin_unlock_bh(&sta->lock); 186 spin_unlock_bh(&sta->lock);
187 *state = HT_AGG_STATE_IDLE;
188#ifdef CONFIG_MAC80211_HT_DEBUG 187#ifdef CONFIG_MAC80211_HT_DEBUG
189 printk(KERN_DEBUG "timer expired on tid %d but we are not " 188 printk(KERN_DEBUG "timer expired on tid %d but we are not "
190 "(or no longer) expecting addBA response there", 189 "(or no longer) expecting addBA response there",
diff --git a/net/mac80211/main.c b/net/mac80211/main.c
index 06c33b68d8e5..b887e484ae04 100644
--- a/net/mac80211/main.c
+++ b/net/mac80211/main.c
@@ -225,11 +225,11 @@ void ieee80211_bss_info_change_notify(struct ieee80211_sub_if_data *sdata,
225 switch (sdata->vif.type) { 225 switch (sdata->vif.type) {
226 case NL80211_IFTYPE_AP: 226 case NL80211_IFTYPE_AP:
227 sdata->vif.bss_conf.enable_beacon = 227 sdata->vif.bss_conf.enable_beacon =
228 !!rcu_dereference(sdata->u.ap.beacon); 228 !!sdata->u.ap.beacon;
229 break; 229 break;
230 case NL80211_IFTYPE_ADHOC: 230 case NL80211_IFTYPE_ADHOC:
231 sdata->vif.bss_conf.enable_beacon = 231 sdata->vif.bss_conf.enable_beacon =
232 !!rcu_dereference(sdata->u.ibss.presp); 232 !!sdata->u.ibss.presp;
233 break; 233 break;
234 case NL80211_IFTYPE_MESH_POINT: 234 case NL80211_IFTYPE_MESH_POINT:
235 sdata->vif.bss_conf.enable_beacon = true; 235 sdata->vif.bss_conf.enable_beacon = true;
diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c
index 58e3e3a61d99..859ee5f3d941 100644
--- a/net/mac80211/mesh.c
+++ b/net/mac80211/mesh.c
@@ -750,9 +750,6 @@ ieee80211_mesh_rx_mgmt(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb)
750 750
751 switch (fc & IEEE80211_FCTL_STYPE) { 751 switch (fc & IEEE80211_FCTL_STYPE) {
752 case IEEE80211_STYPE_ACTION: 752 case IEEE80211_STYPE_ACTION:
753 if (skb->len < IEEE80211_MIN_ACTION_SIZE)
754 return RX_DROP_MONITOR;
755 /* fall through */
756 case IEEE80211_STYPE_PROBE_RESP: 753 case IEEE80211_STYPE_PROBE_RESP:
757 case IEEE80211_STYPE_BEACON: 754 case IEEE80211_STYPE_BEACON:
758 skb_queue_tail(&ifmsh->skb_queue, skb); 755 skb_queue_tail(&ifmsh->skb_queue, skb);
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index c8cd169fc10e..4aefa6dc3091 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -168,6 +168,8 @@ static u32 ieee80211_enable_ht(struct ieee80211_sub_if_data *sdata,
168 ht_changed = conf_is_ht(&local->hw.conf) != enable_ht || 168 ht_changed = conf_is_ht(&local->hw.conf) != enable_ht ||
169 channel_type != local->hw.conf.channel_type; 169 channel_type != local->hw.conf.channel_type;
170 170
171 if (local->tmp_channel)
172 local->tmp_channel_type = channel_type;
171 local->oper_channel_type = channel_type; 173 local->oper_channel_type = channel_type;
172 174
173 if (ht_changed) { 175 if (ht_changed) {
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index f0accf622cd7..04ea07f0e78a 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -1974,6 +1974,11 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
1974 goto handled; 1974 goto handled;
1975 } 1975 }
1976 break; 1976 break;
1977 case MESH_PLINK_CATEGORY:
1978 case MESH_PATH_SEL_CATEGORY:
1979 if (ieee80211_vif_is_mesh(&sdata->vif))
1980 return ieee80211_mesh_rx_mgmt(sdata, rx->skb);
1981 break;
1977 } 1982 }
1978 1983
1979 /* 1984 /*
diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c
index 56422d894351..fb12cec4d333 100644
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -93,12 +93,18 @@ struct sta_info *sta_info_get(struct ieee80211_sub_if_data *sdata,
93 struct ieee80211_local *local = sdata->local; 93 struct ieee80211_local *local = sdata->local;
94 struct sta_info *sta; 94 struct sta_info *sta;
95 95
96 sta = rcu_dereference(local->sta_hash[STA_HASH(addr)]); 96 sta = rcu_dereference_check(local->sta_hash[STA_HASH(addr)],
97 rcu_read_lock_held() ||
98 lockdep_is_held(&local->sta_lock) ||
99 lockdep_is_held(&local->sta_mtx));
97 while (sta) { 100 while (sta) {
98 if (sta->sdata == sdata && 101 if (sta->sdata == sdata &&
99 memcmp(sta->sta.addr, addr, ETH_ALEN) == 0) 102 memcmp(sta->sta.addr, addr, ETH_ALEN) == 0)
100 break; 103 break;
101 sta = rcu_dereference(sta->hnext); 104 sta = rcu_dereference_check(sta->hnext,
105 rcu_read_lock_held() ||
106 lockdep_is_held(&local->sta_lock) ||
107 lockdep_is_held(&local->sta_mtx));
102 } 108 }
103 return sta; 109 return sta;
104} 110}
@@ -113,13 +119,19 @@ struct sta_info *sta_info_get_bss(struct ieee80211_sub_if_data *sdata,
113 struct ieee80211_local *local = sdata->local; 119 struct ieee80211_local *local = sdata->local;
114 struct sta_info *sta; 120 struct sta_info *sta;
115 121
116 sta = rcu_dereference(local->sta_hash[STA_HASH(addr)]); 122 sta = rcu_dereference_check(local->sta_hash[STA_HASH(addr)],
123 rcu_read_lock_held() ||
124 lockdep_is_held(&local->sta_lock) ||
125 lockdep_is_held(&local->sta_mtx));
117 while (sta) { 126 while (sta) {
118 if ((sta->sdata == sdata || 127 if ((sta->sdata == sdata ||
119 sta->sdata->bss == sdata->bss) && 128 sta->sdata->bss == sdata->bss) &&
120 memcmp(sta->sta.addr, addr, ETH_ALEN) == 0) 129 memcmp(sta->sta.addr, addr, ETH_ALEN) == 0)
121 break; 130 break;
122 sta = rcu_dereference(sta->hnext); 131 sta = rcu_dereference_check(sta->hnext,
132 rcu_read_lock_held() ||
133 lockdep_is_held(&local->sta_lock) ||
134 lockdep_is_held(&local->sta_mtx));
123 } 135 }
124 return sta; 136 return sta;
125} 137}
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
index cc90363d7e7a..243946d4809d 100644
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -2169,8 +2169,6 @@ static int packet_ioctl(struct socket *sock, unsigned int cmd,
2169 case SIOCGIFDSTADDR: 2169 case SIOCGIFDSTADDR:
2170 case SIOCSIFDSTADDR: 2170 case SIOCSIFDSTADDR:
2171 case SIOCSIFFLAGS: 2171 case SIOCSIFFLAGS:
2172 if (!net_eq(sock_net(sk), &init_net))
2173 return -ENOIOCTLCMD;
2174 return inet_dgram_ops.ioctl(sock, cmd, arg); 2172 return inet_dgram_ops.ioctl(sock, cmd, arg);
2175#endif 2173#endif
2176 2174
diff --git a/net/rds/rdma_transport.c b/net/rds/rdma_transport.c
index 9ece910ea394..7b155081b4dc 100644
--- a/net/rds/rdma_transport.c
+++ b/net/rds/rdma_transport.c
@@ -134,7 +134,7 @@ static int __init rds_rdma_listen_init(void)
134 ret = PTR_ERR(cm_id); 134 ret = PTR_ERR(cm_id);
135 printk(KERN_ERR "RDS/RDMA: failed to setup listener, " 135 printk(KERN_ERR "RDS/RDMA: failed to setup listener, "
136 "rdma_create_id() returned %d\n", ret); 136 "rdma_create_id() returned %d\n", ret);
137 goto out; 137 return ret;
138 } 138 }
139 139
140 sin.sin_family = AF_INET, 140 sin.sin_family = AF_INET,
diff --git a/net/sctp/associola.c b/net/sctp/associola.c
index df5abbff63e2..99c93ee98ad9 100644
--- a/net/sctp/associola.c
+++ b/net/sctp/associola.c
@@ -1194,8 +1194,10 @@ void sctp_assoc_update(struct sctp_association *asoc,
1194 /* Remove any peer addresses not present in the new association. */ 1194 /* Remove any peer addresses not present in the new association. */
1195 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { 1195 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) {
1196 trans = list_entry(pos, struct sctp_transport, transports); 1196 trans = list_entry(pos, struct sctp_transport, transports);
1197 if (!sctp_assoc_lookup_paddr(new, &trans->ipaddr)) 1197 if (!sctp_assoc_lookup_paddr(new, &trans->ipaddr)) {
1198 sctp_assoc_del_peer(asoc, &trans->ipaddr); 1198 sctp_assoc_rm_peer(asoc, trans);
1199 continue;
1200 }
1199 1201
1200 if (asoc->state >= SCTP_STATE_ESTABLISHED) 1202 if (asoc->state >= SCTP_STATE_ESTABLISHED)
1201 sctp_transport_reset(trans); 1203 sctp_transport_reset(trans);
diff --git a/net/sctp/endpointola.c b/net/sctp/endpointola.c
index 905fda582b92..7ec09ba03a1c 100644
--- a/net/sctp/endpointola.c
+++ b/net/sctp/endpointola.c
@@ -144,6 +144,7 @@ static struct sctp_endpoint *sctp_endpoint_init(struct sctp_endpoint *ep,
144 /* Use SCTP specific send buffer space queues. */ 144 /* Use SCTP specific send buffer space queues. */
145 ep->sndbuf_policy = sctp_sndbuf_policy; 145 ep->sndbuf_policy = sctp_sndbuf_policy;
146 146
147 sk->sk_data_ready = sctp_data_ready;
147 sk->sk_write_space = sctp_write_space; 148 sk->sk_write_space = sctp_write_space;
148 sock_set_flag(sk, SOCK_USE_WRITE_QUEUE); 149 sock_set_flag(sk, SOCK_USE_WRITE_QUEUE);
149 150
diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c
index 17cb400ecd6a..0fd5b4c88358 100644
--- a/net/sctp/sm_make_chunk.c
+++ b/net/sctp/sm_make_chunk.c
@@ -208,7 +208,8 @@ struct sctp_chunk *sctp_make_init(const struct sctp_association *asoc,
208 sp = sctp_sk(asoc->base.sk); 208 sp = sctp_sk(asoc->base.sk);
209 num_types = sp->pf->supported_addrs(sp, types); 209 num_types = sp->pf->supported_addrs(sp, types);
210 210
211 chunksize = sizeof(init) + addrs_len + SCTP_SAT_LEN(num_types); 211 chunksize = sizeof(init) + addrs_len;
212 chunksize += WORD_ROUND(SCTP_SAT_LEN(num_types));
212 chunksize += sizeof(ecap_param); 213 chunksize += sizeof(ecap_param);
213 214
214 if (sctp_prsctp_enable) 215 if (sctp_prsctp_enable)
@@ -238,14 +239,14 @@ struct sctp_chunk *sctp_make_init(const struct sctp_association *asoc,
238 /* Add HMACS parameter length if any were defined */ 239 /* Add HMACS parameter length if any were defined */
239 auth_hmacs = (sctp_paramhdr_t *)asoc->c.auth_hmacs; 240 auth_hmacs = (sctp_paramhdr_t *)asoc->c.auth_hmacs;
240 if (auth_hmacs->length) 241 if (auth_hmacs->length)
241 chunksize += ntohs(auth_hmacs->length); 242 chunksize += WORD_ROUND(ntohs(auth_hmacs->length));
242 else 243 else
243 auth_hmacs = NULL; 244 auth_hmacs = NULL;
244 245
245 /* Add CHUNKS parameter length */ 246 /* Add CHUNKS parameter length */
246 auth_chunks = (sctp_paramhdr_t *)asoc->c.auth_chunks; 247 auth_chunks = (sctp_paramhdr_t *)asoc->c.auth_chunks;
247 if (auth_chunks->length) 248 if (auth_chunks->length)
248 chunksize += ntohs(auth_chunks->length); 249 chunksize += WORD_ROUND(ntohs(auth_chunks->length));
249 else 250 else
250 auth_chunks = NULL; 251 auth_chunks = NULL;
251 252
@@ -255,7 +256,8 @@ struct sctp_chunk *sctp_make_init(const struct sctp_association *asoc,
255 256
256 /* If we have any extensions to report, account for that */ 257 /* If we have any extensions to report, account for that */
257 if (num_ext) 258 if (num_ext)
258 chunksize += sizeof(sctp_supported_ext_param_t) + num_ext; 259 chunksize += WORD_ROUND(sizeof(sctp_supported_ext_param_t) +
260 num_ext);
259 261
260 /* RFC 2960 3.3.2 Initiation (INIT) (1) 262 /* RFC 2960 3.3.2 Initiation (INIT) (1)
261 * 263 *
@@ -397,13 +399,13 @@ struct sctp_chunk *sctp_make_init_ack(const struct sctp_association *asoc,
397 399
398 auth_hmacs = (sctp_paramhdr_t *)asoc->c.auth_hmacs; 400 auth_hmacs = (sctp_paramhdr_t *)asoc->c.auth_hmacs;
399 if (auth_hmacs->length) 401 if (auth_hmacs->length)
400 chunksize += ntohs(auth_hmacs->length); 402 chunksize += WORD_ROUND(ntohs(auth_hmacs->length));
401 else 403 else
402 auth_hmacs = NULL; 404 auth_hmacs = NULL;
403 405
404 auth_chunks = (sctp_paramhdr_t *)asoc->c.auth_chunks; 406 auth_chunks = (sctp_paramhdr_t *)asoc->c.auth_chunks;
405 if (auth_chunks->length) 407 if (auth_chunks->length)
406 chunksize += ntohs(auth_chunks->length); 408 chunksize += WORD_ROUND(ntohs(auth_chunks->length));
407 else 409 else
408 auth_chunks = NULL; 410 auth_chunks = NULL;
409 411
@@ -412,7 +414,8 @@ struct sctp_chunk *sctp_make_init_ack(const struct sctp_association *asoc,
412 } 414 }
413 415
414 if (num_ext) 416 if (num_ext)
415 chunksize += sizeof(sctp_supported_ext_param_t) + num_ext; 417 chunksize += WORD_ROUND(sizeof(sctp_supported_ext_param_t) +
418 num_ext);
416 419
417 /* Now allocate and fill out the chunk. */ 420 /* Now allocate and fill out the chunk. */
418 retval = sctp_make_chunk(asoc, SCTP_CID_INIT_ACK, 0, chunksize); 421 retval = sctp_make_chunk(asoc, SCTP_CID_INIT_ACK, 0, chunksize);
@@ -3315,21 +3318,6 @@ int sctp_process_asconf_ack(struct sctp_association *asoc,
3315 sctp_chunk_free(asconf); 3318 sctp_chunk_free(asconf);
3316 asoc->addip_last_asconf = NULL; 3319 asoc->addip_last_asconf = NULL;
3317 3320
3318 /* Send the next asconf chunk from the addip chunk queue. */
3319 if (!list_empty(&asoc->addip_chunk_list)) {
3320 struct list_head *entry = asoc->addip_chunk_list.next;
3321 asconf = list_entry(entry, struct sctp_chunk, list);
3322
3323 list_del_init(entry);
3324
3325 /* Hold the chunk until an ASCONF_ACK is received. */
3326 sctp_chunk_hold(asconf);
3327 if (sctp_primitive_ASCONF(asoc, asconf))
3328 sctp_chunk_free(asconf);
3329 else
3330 asoc->addip_last_asconf = asconf;
3331 }
3332
3333 return retval; 3321 return retval;
3334} 3322}
3335 3323
diff --git a/net/sctp/sm_sideeffect.c b/net/sctp/sm_sideeffect.c
index 4c5bed9af4e3..d5ae450b6f02 100644
--- a/net/sctp/sm_sideeffect.c
+++ b/net/sctp/sm_sideeffect.c
@@ -962,6 +962,29 @@ static int sctp_cmd_send_msg(struct sctp_association *asoc,
962} 962}
963 963
964 964
965/* Sent the next ASCONF packet currently stored in the association.
966 * This happens after the ASCONF_ACK was succeffully processed.
967 */
968static void sctp_cmd_send_asconf(struct sctp_association *asoc)
969{
970 /* Send the next asconf chunk from the addip chunk
971 * queue.
972 */
973 if (!list_empty(&asoc->addip_chunk_list)) {
974 struct list_head *entry = asoc->addip_chunk_list.next;
975 struct sctp_chunk *asconf = list_entry(entry,
976 struct sctp_chunk, list);
977 list_del_init(entry);
978
979 /* Hold the chunk until an ASCONF_ACK is received. */
980 sctp_chunk_hold(asconf);
981 if (sctp_primitive_ASCONF(asoc, asconf))
982 sctp_chunk_free(asconf);
983 else
984 asoc->addip_last_asconf = asconf;
985 }
986}
987
965 988
966/* These three macros allow us to pull the debugging code out of the 989/* These three macros allow us to pull the debugging code out of the
967 * main flow of sctp_do_sm() to keep attention focused on the real 990 * main flow of sctp_do_sm() to keep attention focused on the real
@@ -1617,6 +1640,9 @@ static int sctp_cmd_interpreter(sctp_event_t event_type,
1617 } 1640 }
1618 error = sctp_cmd_send_msg(asoc, cmd->obj.msg); 1641 error = sctp_cmd_send_msg(asoc, cmd->obj.msg);
1619 break; 1642 break;
1643 case SCTP_CMD_SEND_NEXT_ASCONF:
1644 sctp_cmd_send_asconf(asoc);
1645 break;
1620 default: 1646 default:
1621 printk(KERN_WARNING "Impossible command: %u, %p\n", 1647 printk(KERN_WARNING "Impossible command: %u, %p\n",
1622 cmd->verb, cmd->obj.ptr); 1648 cmd->verb, cmd->obj.ptr);
diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
index abf601a1b847..24b2cd555637 100644
--- a/net/sctp/sm_statefuns.c
+++ b/net/sctp/sm_statefuns.c
@@ -3676,8 +3676,14 @@ sctp_disposition_t sctp_sf_do_asconf_ack(const struct sctp_endpoint *ep,
3676 SCTP_TO(SCTP_EVENT_TIMEOUT_T4_RTO)); 3676 SCTP_TO(SCTP_EVENT_TIMEOUT_T4_RTO));
3677 3677
3678 if (!sctp_process_asconf_ack((struct sctp_association *)asoc, 3678 if (!sctp_process_asconf_ack((struct sctp_association *)asoc,
3679 asconf_ack)) 3679 asconf_ack)) {
3680 /* Successfully processed ASCONF_ACK. We can
3681 * release the next asconf if we have one.
3682 */
3683 sctp_add_cmd_sf(commands, SCTP_CMD_SEND_NEXT_ASCONF,
3684 SCTP_NULL());
3680 return SCTP_DISPOSITION_CONSUME; 3685 return SCTP_DISPOSITION_CONSUME;
3686 }
3681 3687
3682 abort = sctp_make_abort(asoc, asconf_ack, 3688 abort = sctp_make_abort(asoc, asconf_ack,
3683 sizeof(sctp_errhdr_t)); 3689 sizeof(sctp_errhdr_t));
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index 007e8baba089..44a1ab03a3f0 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -3719,12 +3719,12 @@ SCTP_STATIC int sctp_init_sock(struct sock *sk)
3719 sp->hmac = NULL; 3719 sp->hmac = NULL;
3720 3720
3721 SCTP_DBG_OBJCNT_INC(sock); 3721 SCTP_DBG_OBJCNT_INC(sock);
3722 percpu_counter_inc(&sctp_sockets_allocated);
3723 3722
3724 /* Set socket backlog limit. */ 3723 /* Set socket backlog limit. */
3725 sk->sk_backlog.limit = sysctl_sctp_rmem[1]; 3724 sk->sk_backlog.limit = sysctl_sctp_rmem[1];
3726 3725
3727 local_bh_disable(); 3726 local_bh_disable();
3727 percpu_counter_inc(&sctp_sockets_allocated);
3728 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1); 3728 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1);
3729 local_bh_enable(); 3729 local_bh_enable();
3730 3730
@@ -3741,8 +3741,8 @@ SCTP_STATIC void sctp_destroy_sock(struct sock *sk)
3741 /* Release our hold on the endpoint. */ 3741 /* Release our hold on the endpoint. */
3742 ep = sctp_sk(sk)->ep; 3742 ep = sctp_sk(sk)->ep;
3743 sctp_endpoint_free(ep); 3743 sctp_endpoint_free(ep);
3744 percpu_counter_dec(&sctp_sockets_allocated);
3745 local_bh_disable(); 3744 local_bh_disable();
3745 percpu_counter_dec(&sctp_sockets_allocated);
3746 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1); 3746 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1);
3747 local_bh_enable(); 3747 local_bh_enable();
3748} 3748}
@@ -6189,6 +6189,16 @@ do_nonblock:
6189 goto out; 6189 goto out;
6190} 6190}
6191 6191
6192void sctp_data_ready(struct sock *sk, int len)
6193{
6194 read_lock_bh(&sk->sk_callback_lock);
6195 if (sk_has_sleeper(sk))
6196 wake_up_interruptible_sync_poll(sk->sk_sleep, POLLIN |
6197 POLLRDNORM | POLLRDBAND);
6198 sk_wake_async(sk, SOCK_WAKE_WAITD, POLL_IN);
6199 read_unlock_bh(&sk->sk_callback_lock);
6200}
6201
6192/* If socket sndbuf has changed, wake up all per association waiters. */ 6202/* If socket sndbuf has changed, wake up all per association waiters. */
6193void sctp_write_space(struct sock *sk) 6203void sctp_write_space(struct sock *sk)
6194{ 6204{
diff --git a/net/x25/af_x25.c b/net/x25/af_x25.c
index e56f711baccc..36e84e13c6aa 100644
--- a/net/x25/af_x25.c
+++ b/net/x25/af_x25.c
@@ -83,6 +83,41 @@ struct compat_x25_subscrip_struct {
83}; 83};
84#endif 84#endif
85 85
86
87int x25_parse_address_block(struct sk_buff *skb,
88 struct x25_address *called_addr,
89 struct x25_address *calling_addr)
90{
91 unsigned char len;
92 int needed;
93 int rc;
94
95 if (skb->len < 1) {
96 /* packet has no address block */
97 rc = 0;
98 goto empty;
99 }
100
101 len = *skb->data;
102 needed = 1 + (len >> 4) + (len & 0x0f);
103
104 if (skb->len < needed) {
105 /* packet is too short to hold the addresses it claims
106 to hold */
107 rc = -1;
108 goto empty;
109 }
110
111 return x25_addr_ntoa(skb->data, called_addr, calling_addr);
112
113empty:
114 *called_addr->x25_addr = 0;
115 *calling_addr->x25_addr = 0;
116
117 return rc;
118}
119
120
86int x25_addr_ntoa(unsigned char *p, struct x25_address *called_addr, 121int x25_addr_ntoa(unsigned char *p, struct x25_address *called_addr,
87 struct x25_address *calling_addr) 122 struct x25_address *calling_addr)
88{ 123{
@@ -367,6 +402,7 @@ static void __x25_destroy_socket(struct sock *sk)
367 /* 402 /*
368 * Queue the unaccepted socket for death 403 * Queue the unaccepted socket for death
369 */ 404 */
405 skb->sk->sk_state = TCP_LISTEN;
370 sock_set_flag(skb->sk, SOCK_DEAD); 406 sock_set_flag(skb->sk, SOCK_DEAD);
371 x25_start_heartbeat(skb->sk); 407 x25_start_heartbeat(skb->sk);
372 x25_sk(skb->sk)->state = X25_STATE_0; 408 x25_sk(skb->sk)->state = X25_STATE_0;
@@ -554,7 +590,8 @@ static int x25_create(struct net *net, struct socket *sock, int protocol,
554 x25->facilities.winsize_out = X25_DEFAULT_WINDOW_SIZE; 590 x25->facilities.winsize_out = X25_DEFAULT_WINDOW_SIZE;
555 x25->facilities.pacsize_in = X25_DEFAULT_PACKET_SIZE; 591 x25->facilities.pacsize_in = X25_DEFAULT_PACKET_SIZE;
556 x25->facilities.pacsize_out = X25_DEFAULT_PACKET_SIZE; 592 x25->facilities.pacsize_out = X25_DEFAULT_PACKET_SIZE;
557 x25->facilities.throughput = X25_DEFAULT_THROUGHPUT; 593 x25->facilities.throughput = 0; /* by default don't negotiate
594 throughput */
558 x25->facilities.reverse = X25_DEFAULT_REVERSE; 595 x25->facilities.reverse = X25_DEFAULT_REVERSE;
559 x25->dte_facilities.calling_len = 0; 596 x25->dte_facilities.calling_len = 0;
560 x25->dte_facilities.called_len = 0; 597 x25->dte_facilities.called_len = 0;
@@ -922,16 +959,26 @@ int x25_rx_call_request(struct sk_buff *skb, struct x25_neigh *nb,
922 /* 959 /*
923 * Extract the X.25 addresses and convert them to ASCII strings, 960 * Extract the X.25 addresses and convert them to ASCII strings,
924 * and remove them. 961 * and remove them.
962 *
963 * Address block is mandatory in call request packets
925 */ 964 */
926 addr_len = x25_addr_ntoa(skb->data, &source_addr, &dest_addr); 965 addr_len = x25_parse_address_block(skb, &source_addr, &dest_addr);
966 if (addr_len <= 0)
967 goto out_clear_request;
927 skb_pull(skb, addr_len); 968 skb_pull(skb, addr_len);
928 969
929 /* 970 /*
930 * Get the length of the facilities, skip past them for the moment 971 * Get the length of the facilities, skip past them for the moment
931 * get the call user data because this is needed to determine 972 * get the call user data because this is needed to determine
932 * the correct listener 973 * the correct listener
974 *
975 * Facilities length is mandatory in call request packets
933 */ 976 */
977 if (skb->len < 1)
978 goto out_clear_request;
934 len = skb->data[0] + 1; 979 len = skb->data[0] + 1;
980 if (skb->len < len)
981 goto out_clear_request;
935 skb_pull(skb,len); 982 skb_pull(skb,len);
936 983
937 /* 984 /*
@@ -1415,9 +1462,20 @@ static int x25_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
1415 if (facilities.winsize_in < 1 || 1462 if (facilities.winsize_in < 1 ||
1416 facilities.winsize_in > 127) 1463 facilities.winsize_in > 127)
1417 break; 1464 break;
1418 if (facilities.throughput < 0x03 || 1465 if (facilities.throughput) {
1419 facilities.throughput > 0xDD) 1466 int out = facilities.throughput & 0xf0;
1420 break; 1467 int in = facilities.throughput & 0x0f;
1468 if (!out)
1469 facilities.throughput |=
1470 X25_DEFAULT_THROUGHPUT << 4;
1471 else if (out < 0x30 || out > 0xD0)
1472 break;
1473 if (!in)
1474 facilities.throughput |=
1475 X25_DEFAULT_THROUGHPUT;
1476 else if (in < 0x03 || in > 0x0D)
1477 break;
1478 }
1421 if (facilities.reverse && 1479 if (facilities.reverse &&
1422 (facilities.reverse & 0x81) != 0x81) 1480 (facilities.reverse & 0x81) != 0x81)
1423 break; 1481 break;
diff --git a/net/x25/x25_facilities.c b/net/x25/x25_facilities.c
index a21f6646eb3a..771bab00754b 100644
--- a/net/x25/x25_facilities.c
+++ b/net/x25/x25_facilities.c
@@ -35,7 +35,7 @@ int x25_parse_facilities(struct sk_buff *skb, struct x25_facilities *facilities,
35 struct x25_dte_facilities *dte_facs, unsigned long *vc_fac_mask) 35 struct x25_dte_facilities *dte_facs, unsigned long *vc_fac_mask)
36{ 36{
37 unsigned char *p = skb->data; 37 unsigned char *p = skb->data;
38 unsigned int len = *p++; 38 unsigned int len;
39 39
40 *vc_fac_mask = 0; 40 *vc_fac_mask = 0;
41 41
@@ -50,6 +50,14 @@ int x25_parse_facilities(struct sk_buff *skb, struct x25_facilities *facilities,
50 memset(dte_facs->called_ae, '\0', sizeof(dte_facs->called_ae)); 50 memset(dte_facs->called_ae, '\0', sizeof(dte_facs->called_ae));
51 memset(dte_facs->calling_ae, '\0', sizeof(dte_facs->calling_ae)); 51 memset(dte_facs->calling_ae, '\0', sizeof(dte_facs->calling_ae));
52 52
53 if (skb->len < 1)
54 return 0;
55
56 len = *p++;
57
58 if (len >= skb->len)
59 return -1;
60
53 while (len > 0) { 61 while (len > 0) {
54 switch (*p & X25_FAC_CLASS_MASK) { 62 switch (*p & X25_FAC_CLASS_MASK) {
55 case X25_FAC_CLASS_A: 63 case X25_FAC_CLASS_A:
@@ -247,6 +255,8 @@ int x25_negotiate_facilities(struct sk_buff *skb, struct sock *sk,
247 memcpy(new, ours, sizeof(*new)); 255 memcpy(new, ours, sizeof(*new));
248 256
249 len = x25_parse_facilities(skb, &theirs, dte, &x25->vc_facil_mask); 257 len = x25_parse_facilities(skb, &theirs, dte, &x25->vc_facil_mask);
258 if (len < 0)
259 return len;
250 260
251 /* 261 /*
252 * They want reverse charging, we won't accept it. 262 * They want reverse charging, we won't accept it.
@@ -259,9 +269,18 @@ int x25_negotiate_facilities(struct sk_buff *skb, struct sock *sk,
259 new->reverse = theirs.reverse; 269 new->reverse = theirs.reverse;
260 270
261 if (theirs.throughput) { 271 if (theirs.throughput) {
262 if (theirs.throughput < ours->throughput) { 272 int theirs_in = theirs.throughput & 0x0f;
263 SOCK_DEBUG(sk, "X.25: throughput negotiated down\n"); 273 int theirs_out = theirs.throughput & 0xf0;
264 new->throughput = theirs.throughput; 274 int ours_in = ours->throughput & 0x0f;
275 int ours_out = ours->throughput & 0xf0;
276 if (!ours_in || theirs_in < ours_in) {
277 SOCK_DEBUG(sk, "X.25: inbound throughput negotiated\n");
278 new->throughput = (new->throughput & 0xf0) | theirs_in;
279 }
280 if (!ours_out || theirs_out < ours_out) {
281 SOCK_DEBUG(sk,
282 "X.25: outbound throughput negotiated\n");
283 new->throughput = (new->throughput & 0x0f) | theirs_out;
265 } 284 }
266 } 285 }
267 286
diff --git a/net/x25/x25_in.c b/net/x25/x25_in.c
index a31b3b9e5966..372ac226e648 100644
--- a/net/x25/x25_in.c
+++ b/net/x25/x25_in.c
@@ -90,6 +90,7 @@ static int x25_queue_rx_frame(struct sock *sk, struct sk_buff *skb, int more)
90static int x25_state1_machine(struct sock *sk, struct sk_buff *skb, int frametype) 90static int x25_state1_machine(struct sock *sk, struct sk_buff *skb, int frametype)
91{ 91{
92 struct x25_address source_addr, dest_addr; 92 struct x25_address source_addr, dest_addr;
93 int len;
93 94
94 switch (frametype) { 95 switch (frametype) {
95 case X25_CALL_ACCEPTED: { 96 case X25_CALL_ACCEPTED: {
@@ -107,11 +108,17 @@ static int x25_state1_machine(struct sock *sk, struct sk_buff *skb, int frametyp
107 * Parse the data in the frame. 108 * Parse the data in the frame.
108 */ 109 */
109 skb_pull(skb, X25_STD_MIN_LEN); 110 skb_pull(skb, X25_STD_MIN_LEN);
110 skb_pull(skb, x25_addr_ntoa(skb->data, &source_addr, &dest_addr)); 111
111 skb_pull(skb, 112 len = x25_parse_address_block(skb, &source_addr,
112 x25_parse_facilities(skb, &x25->facilities, 113 &dest_addr);
114 if (len > 0)
115 skb_pull(skb, len);
116
117 len = x25_parse_facilities(skb, &x25->facilities,
113 &x25->dte_facilities, 118 &x25->dte_facilities,
114 &x25->vc_facil_mask)); 119 &x25->vc_facil_mask);
120 if (len > 0)
121 skb_pull(skb, len);
115 /* 122 /*
116 * Copy any Call User Data. 123 * Copy any Call User Data.
117 */ 124 */