aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorIngo Molnar <mingo@elte.hu>2008-08-15 12:15:17 -0400
committerIngo Molnar <mingo@elte.hu>2008-08-15 12:15:17 -0400
commitf3efbe582b5396d134024c03a5fa253f2a85d9a6 (patch)
treee4e15b7567b82d24cb1e7327398286a2b88df04c /net
parent05d3ed0a1fe3ea05ab9f3b8d32576a0bc2e19660 (diff)
parentb635acec48bcaa9183fcbf4e3955616b0d4119b5 (diff)
Merge branch 'linus' into x86/gart
Diffstat (limited to 'net')
-rw-r--r--net/802/psnap.c4
-rw-r--r--net/9p/trans_fd.c2
-rw-r--r--net/Kconfig7
-rw-r--r--net/appletalk/ddp.c4
-rw-r--r--net/atm/mpc.c22
-rw-r--r--net/ax25/sysctl_net_ax25.c14
-rw-r--r--net/bluetooth/bnep/core.c15
-rw-r--r--net/bridge/br_device.c9
-rw-r--r--net/bridge/br_if.c3
-rw-r--r--net/bridge/br_netfilter.c63
-rw-r--r--net/bridge/br_private.h6
-rw-r--r--net/bridge/br_stp.c25
-rw-r--r--net/bridge/netfilter/ebtable_filter.c18
-rw-r--r--net/bridge/netfilter/ebtable_nat.c18
-rw-r--r--net/compat.c52
-rw-r--r--net/core/datagram.c8
-rw-r--r--net/core/dev.c89
-rw-r--r--net/core/gen_estimator.c9
-rw-r--r--net/core/neighbour.c13
-rw-r--r--net/core/netpoll.c1
-rw-r--r--net/core/pktgen.c83
-rw-r--r--net/core/request_sock.c2
-rw-r--r--net/core/skbuff.c23
-rw-r--r--net/core/sock.c2
-rw-r--r--net/core/stream.c6
-rw-r--r--net/core/sysctl_net_core.c4
-rw-r--r--net/core/user_dma.c6
-rw-r--r--net/core/utils.c5
-rw-r--r--net/dccp/dccp.h7
-rw-r--r--net/dccp/input.c2
-rw-r--r--net/dccp/ipv4.c11
-rw-r--r--net/dccp/ipv6.c18
-rw-r--r--net/dccp/minisocks.c3
-rw-r--r--net/dccp/output.c53
-rw-r--r--net/dccp/proto.c9
-rw-r--r--net/dccp/timer.c20
-rw-r--r--net/ipv4/Kconfig4
-rw-r--r--net/ipv4/af_inet.c27
-rw-r--r--net/ipv4/devinet.c6
-rw-r--r--net/ipv4/esp4.c2
-rw-r--r--net/ipv4/igmp.c71
-rw-r--r--net/ipv4/inet_connection_sock.c18
-rw-r--r--net/ipv4/inet_fragment.c4
-rw-r--r--net/ipv4/inet_hashtables.c8
-rw-r--r--net/ipv4/inet_timewait_sock.c2
-rw-r--r--net/ipv4/ip_fragment.c4
-rw-r--r--net/ipv4/ip_output.c2
-rw-r--r--net/ipv4/ipcomp.c319
-rw-r--r--net/ipv4/ipvs/ip_vs_app.c2
-rw-r--r--net/ipv4/ipvs/ip_vs_conn.c2
-rw-r--r--net/ipv4/ipvs/ip_vs_ctl.c27
-rw-r--r--net/ipv4/ipvs/ip_vs_dh.c2
-rw-r--r--net/ipv4/ipvs/ip_vs_est.c116
-rw-r--r--net/ipv4/ipvs/ip_vs_lblc.c2
-rw-r--r--net/ipv4/ipvs/ip_vs_lblcr.c2
-rw-r--r--net/ipv4/ipvs/ip_vs_lc.c2
-rw-r--r--net/ipv4/ipvs/ip_vs_nq.c2
-rw-r--r--net/ipv4/ipvs/ip_vs_proto.c4
-rw-r--r--net/ipv4/ipvs/ip_vs_rr.c2
-rw-r--r--net/ipv4/ipvs/ip_vs_sched.c4
-rw-r--r--net/ipv4/ipvs/ip_vs_sed.c2
-rw-r--r--net/ipv4/ipvs/ip_vs_sh.c2
-rw-r--r--net/ipv4/ipvs/ip_vs_sync.c4
-rw-r--r--net/ipv4/ipvs/ip_vs_wlc.c2
-rw-r--r--net/ipv4/ipvs/ip_vs_wrr.c2
-rw-r--r--net/ipv4/netfilter/Kconfig2
-rw-r--r--net/ipv4/netfilter/arptable_filter.c39
-rw-r--r--net/ipv4/netfilter/ipt_CLUSTERIP.c5
-rw-r--r--net/ipv4/netfilter/ipt_recent.c2
-rw-r--r--net/ipv4/netfilter/iptable_security.c2
-rw-r--r--net/ipv4/proc.c2
-rw-r--r--net/ipv4/route.c25
-rw-r--r--net/ipv4/syncookies.c1
-rw-r--r--net/ipv4/sysctl_net_ipv4.c8
-rw-r--r--net/ipv4/tcp.c12
-rw-r--r--net/ipv4/tcp_input.c23
-rw-r--r--net/ipv4/tcp_ipv4.c20
-rw-r--r--net/ipv4/tcp_minisocks.c140
-rw-r--r--net/ipv4/tcp_timer.c2
-rw-r--r--net/ipv4/udp.c6
-rw-r--r--net/ipv4/xfrm4_mode_beet.c6
-rw-r--r--net/ipv6/Kconfig4
-rw-r--r--net/ipv6/addrconf.c11
-rw-r--r--net/ipv6/af_inet6.c23
-rw-r--r--net/ipv6/datagram.c2
-rw-r--r--net/ipv6/esp6.c4
-rw-r--r--net/ipv6/inet6_connection_sock.c2
-rw-r--r--net/ipv6/inet6_hashtables.c4
-rw-r--r--net/ipv6/ip6_fib.c31
-rw-r--r--net/ipv6/ip6_output.c8
-rw-r--r--net/ipv6/ipcomp6.c302
-rw-r--r--net/ipv6/ipv6_sockglue.c2
-rw-r--r--net/ipv6/mip6.c8
-rw-r--r--net/ipv6/netfilter/Kconfig2
-rw-r--r--net/ipv6/netfilter/ip6table_security.c2
-rw-r--r--net/ipv6/netfilter/nf_conntrack_reasm.c4
-rw-r--r--net/ipv6/proc.c1
-rw-r--r--net/ipv6/reassembly.c4
-rw-r--r--net/ipv6/route.c5
-rw-r--r--net/ipv6/syncookies.c23
-rw-r--r--net/ipv6/sysctl_net_ipv6.c16
-rw-r--r--net/ipv6/tcp_ipv6.c43
-rw-r--r--net/ipv6/udp.c6
-rw-r--r--net/ipv6/xfrm6_mode_beet.c29
-rw-r--r--net/iucv/iucv.c2
-rw-r--r--net/key/af_key.c4
-rw-r--r--net/mac80211/cfg.c103
-rw-r--r--net/mac80211/ieee80211_i.h2
-rw-r--r--net/mac80211/main.c25
-rw-r--r--net/mac80211/mesh.h5
-rw-r--r--net/mac80211/mesh_hwmp.c19
-rw-r--r--net/mac80211/mesh_pathtbl.c11
-rw-r--r--net/mac80211/mlme.c48
-rw-r--r--net/mac80211/rx.c116
-rw-r--r--net/mac80211/tx.c117
-rw-r--r--net/mac80211/util.c1
-rw-r--r--net/mac80211/wep.c4
-rw-r--r--net/mac80211/wme.c9
-rw-r--r--net/netfilter/nf_conntrack_core.c6
-rw-r--r--net/netfilter/nf_conntrack_extend.c10
-rw-r--r--net/netfilter/nf_conntrack_proto_tcp.c29
-rw-r--r--net/netfilter/nf_conntrack_standalone.c28
-rw-r--r--net/netfilter/xt_hashlimit.c4
-rw-r--r--net/netlink/af_netlink.c7
-rw-r--r--net/packet/af_packet.c4
-rw-r--r--net/rfkill/rfkill-input.c54
-rw-r--r--net/rfkill/rfkill.c77
-rw-r--r--net/rxrpc/af_rxrpc.c6
-rw-r--r--net/rxrpc/ar-accept.c2
-rw-r--r--net/sched/act_api.c20
-rw-r--r--net/sched/act_police.c2
-rw-r--r--net/sched/cls_u32.c10
-rw-r--r--net/sched/sch_api.c115
-rw-r--r--net/sched/sch_atm.c18
-rw-r--r--net/sched/sch_cbq.c31
-rw-r--r--net/sched/sch_dsmark.c10
-rw-r--r--net/sched/sch_generic.c43
-rw-r--r--net/sched/sch_hfsc.c12
-rw-r--r--net/sched/sch_htb.c43
-rw-r--r--net/sched/sch_netem.c5
-rw-r--r--net/sched/sch_prio.c14
-rw-r--r--net/sched/sch_red.c2
-rw-r--r--net/sched/sch_sfq.c8
-rw-r--r--net/sched/sch_tbf.c3
-rw-r--r--net/sched/sch_teql.c9
-rw-r--r--net/sctp/associola.c2
-rw-r--r--net/sctp/ipv6.c8
-rw-r--r--net/sctp/output.c6
-rw-r--r--net/sctp/protocol.c9
-rw-r--r--net/sctp/socket.c2
-rw-r--r--net/socket.c144
-rw-r--r--net/sunrpc/rpc_pipe.c2
-rw-r--r--net/sunrpc/xprtrdma/svc_rdma_sendto.c3
-rw-r--r--net/sysctl_net.c38
-rw-r--r--net/tipc/subscr.c2
-rw-r--r--net/unix/af_unix.c10
-rw-r--r--net/unix/garbage.c18
-rw-r--r--net/wanrouter/wanmain.c27
-rw-r--r--net/wireless/nl80211.c275
-rw-r--r--net/wireless/wext.c1
-rw-r--r--net/xfrm/Kconfig6
-rw-r--r--net/xfrm/Makefile1
-rw-r--r--net/xfrm/xfrm_algo.c4
-rw-r--r--net/xfrm/xfrm_ipcomp.c384
-rw-r--r--net/xfrm/xfrm_output.c5
-rw-r--r--net/xfrm/xfrm_state.c2
166 files changed, 2206 insertions, 1894 deletions
diff --git a/net/802/psnap.c b/net/802/psnap.c
index ea4643931446..b3cfe5a14fca 100644
--- a/net/802/psnap.c
+++ b/net/802/psnap.c
@@ -31,11 +31,9 @@ static struct llc_sap *snap_sap;
31 */ 31 */
32static struct datalink_proto *find_snap_client(unsigned char *desc) 32static struct datalink_proto *find_snap_client(unsigned char *desc)
33{ 33{
34 struct list_head *entry;
35 struct datalink_proto *proto = NULL, *p; 34 struct datalink_proto *proto = NULL, *p;
36 35
37 list_for_each_rcu(entry, &snap_list) { 36 list_for_each_entry_rcu(p, &snap_list, node) {
38 p = list_entry(entry, struct datalink_proto, node);
39 if (!memcmp(p->type, desc, 5)) { 37 if (!memcmp(p->type, desc, 5)) {
40 proto = p; 38 proto = p;
41 break; 39 break;
diff --git a/net/9p/trans_fd.c b/net/9p/trans_fd.c
index 4507f744f44e..cdf137af7adc 100644
--- a/net/9p/trans_fd.c
+++ b/net/9p/trans_fd.c
@@ -1285,7 +1285,7 @@ static int p9_socket_open(struct p9_trans *trans, struct socket *csocket)
1285 int fd, ret; 1285 int fd, ret;
1286 1286
1287 csocket->sk->sk_allocation = GFP_NOIO; 1287 csocket->sk->sk_allocation = GFP_NOIO;
1288 fd = sock_map_fd(csocket); 1288 fd = sock_map_fd(csocket, 0);
1289 if (fd < 0) { 1289 if (fd < 0) {
1290 P9_EPRINTK(KERN_ERR, "p9_socket_open: failed to map fd\n"); 1290 P9_EPRINTK(KERN_ERR, "p9_socket_open: failed to map fd\n");
1291 return fd; 1291 return fd;
diff --git a/net/Kconfig b/net/Kconfig
index b98668751749..7612cc8c337c 100644
--- a/net/Kconfig
+++ b/net/Kconfig
@@ -2,9 +2,7 @@
2# Network configuration 2# Network configuration
3# 3#
4 4
5menu "Networking" 5menuconfig NET
6
7config NET
8 bool "Networking support" 6 bool "Networking support"
9 ---help--- 7 ---help---
10 Unless you really know what you are doing, you should say Y here. 8 Unless you really know what you are doing, you should say Y here.
@@ -22,7 +20,6 @@ config NET
22 recommended to read the NET-HOWTO, available from 20 recommended to read the NET-HOWTO, available from
23 <http://www.tldp.org/docs.html#howto>. 21 <http://www.tldp.org/docs.html#howto>.
24 22
25# Make sure that all config symbols are dependent on NET
26if NET 23if NET
27 24
28menu "Networking options" 25menu "Networking options"
@@ -252,5 +249,3 @@ source "net/rfkill/Kconfig"
252source "net/9p/Kconfig" 249source "net/9p/Kconfig"
253 250
254endif # if NET 251endif # if NET
255endmenu # Networking
256
diff --git a/net/appletalk/ddp.c b/net/appletalk/ddp.c
index 07b5b82c5eab..0c850427a85b 100644
--- a/net/appletalk/ddp.c
+++ b/net/appletalk/ddp.c
@@ -959,7 +959,7 @@ static unsigned long atalk_sum_skb(const struct sk_buff *skb, int offset,
959 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) { 959 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
960 int end; 960 int end;
961 961
962 BUG_TRAP(start <= offset + len); 962 WARN_ON(start > offset + len);
963 963
964 end = start + skb_shinfo(skb)->frags[i].size; 964 end = start + skb_shinfo(skb)->frags[i].size;
965 if ((copy = end - offset) > 0) { 965 if ((copy = end - offset) > 0) {
@@ -986,7 +986,7 @@ static unsigned long atalk_sum_skb(const struct sk_buff *skb, int offset,
986 for (; list; list = list->next) { 986 for (; list; list = list->next) {
987 int end; 987 int end;
988 988
989 BUG_TRAP(start <= offset + len); 989 WARN_ON(start > offset + len);
990 990
991 end = start + list->len; 991 end = start + list->len;
992 if ((copy = end - offset) > 0) { 992 if ((copy = end - offset) > 0) {
diff --git a/net/atm/mpc.c b/net/atm/mpc.c
index 4fccaa1e07be..11b16d16661c 100644
--- a/net/atm/mpc.c
+++ b/net/atm/mpc.c
@@ -62,11 +62,13 @@ static void MPOA_cache_impos_rcvd(struct k_message *msg, struct mpoa_client *mpc
62static void set_mpc_ctrl_addr_rcvd(struct k_message *mesg, struct mpoa_client *mpc); 62static void set_mpc_ctrl_addr_rcvd(struct k_message *mesg, struct mpoa_client *mpc);
63static void set_mps_mac_addr_rcvd(struct k_message *mesg, struct mpoa_client *mpc); 63static void set_mps_mac_addr_rcvd(struct k_message *mesg, struct mpoa_client *mpc);
64 64
65static uint8_t *copy_macs(struct mpoa_client *mpc, uint8_t *router_mac, 65static const uint8_t *copy_macs(struct mpoa_client *mpc,
66 uint8_t *tlvs, uint8_t mps_macs, uint8_t device_type); 66 const uint8_t *router_mac,
67 const uint8_t *tlvs, uint8_t mps_macs,
68 uint8_t device_type);
67static void purge_egress_shortcut(struct atm_vcc *vcc, eg_cache_entry *entry); 69static void purge_egress_shortcut(struct atm_vcc *vcc, eg_cache_entry *entry);
68 70
69static void send_set_mps_ctrl_addr(char *addr, struct mpoa_client *mpc); 71static void send_set_mps_ctrl_addr(const char *addr, struct mpoa_client *mpc);
70static void mpoad_close(struct atm_vcc *vcc); 72static void mpoad_close(struct atm_vcc *vcc);
71static int msg_from_mpoad(struct atm_vcc *vcc, struct sk_buff *skb); 73static int msg_from_mpoad(struct atm_vcc *vcc, struct sk_buff *skb);
72 74
@@ -351,12 +353,12 @@ static const char *mpoa_device_type_string(char type)
351 * lec sees a TLV it uses the pointer to call this function. 353 * lec sees a TLV it uses the pointer to call this function.
352 * 354 *
353 */ 355 */
354static void lane2_assoc_ind(struct net_device *dev, uint8_t *mac_addr, 356static void lane2_assoc_ind(struct net_device *dev, const u8 *mac_addr,
355 uint8_t *tlvs, uint32_t sizeoftlvs) 357 const u8 *tlvs, u32 sizeoftlvs)
356{ 358{
357 uint32_t type; 359 uint32_t type;
358 uint8_t length, mpoa_device_type, number_of_mps_macs; 360 uint8_t length, mpoa_device_type, number_of_mps_macs;
359 uint8_t *end_of_tlvs; 361 const uint8_t *end_of_tlvs;
360 struct mpoa_client *mpc; 362 struct mpoa_client *mpc;
361 363
362 mpoa_device_type = number_of_mps_macs = 0; /* silence gcc */ 364 mpoa_device_type = number_of_mps_macs = 0; /* silence gcc */
@@ -430,8 +432,10 @@ static void lane2_assoc_ind(struct net_device *dev, uint8_t *mac_addr,
430 * plus the possible MAC address(es) to mpc->mps_macs. 432 * plus the possible MAC address(es) to mpc->mps_macs.
431 * For a freshly allocated MPOA client mpc->mps_macs == 0. 433 * For a freshly allocated MPOA client mpc->mps_macs == 0.
432 */ 434 */
433static uint8_t *copy_macs(struct mpoa_client *mpc, uint8_t *router_mac, 435static const uint8_t *copy_macs(struct mpoa_client *mpc,
434 uint8_t *tlvs, uint8_t mps_macs, uint8_t device_type) 436 const uint8_t *router_mac,
437 const uint8_t *tlvs, uint8_t mps_macs,
438 uint8_t device_type)
435{ 439{
436 int num_macs; 440 int num_macs;
437 num_macs = (mps_macs > 1) ? mps_macs : 1; 441 num_macs = (mps_macs > 1) ? mps_macs : 1;
@@ -811,7 +815,7 @@ static int atm_mpoa_mpoad_attach (struct atm_vcc *vcc, int arg)
811 return arg; 815 return arg;
812} 816}
813 817
814static void send_set_mps_ctrl_addr(char *addr, struct mpoa_client *mpc) 818static void send_set_mps_ctrl_addr(const char *addr, struct mpoa_client *mpc)
815{ 819{
816 struct k_message mesg; 820 struct k_message mesg;
817 821
diff --git a/net/ax25/sysctl_net_ax25.c b/net/ax25/sysctl_net_ax25.c
index f597987b2424..f288fc4aef9b 100644
--- a/net/ax25/sysctl_net_ax25.c
+++ b/net/ax25/sysctl_net_ax25.c
@@ -36,6 +36,7 @@ static struct ctl_path ax25_path[] = {
36 { .procname = "ax25", .ctl_name = NET_AX25, }, 36 { .procname = "ax25", .ctl_name = NET_AX25, },
37 { } 37 { }
38}; 38};
39
39static const ctl_table ax25_param_table[] = { 40static const ctl_table ax25_param_table[] = {
40 { 41 {
41 .ctl_name = NET_AX25_IP_DEFAULT_MODE, 42 .ctl_name = NET_AX25_IP_DEFAULT_MODE,
@@ -167,6 +168,7 @@ static const ctl_table ax25_param_table[] = {
167 .extra1 = &min_proto, 168 .extra1 = &min_proto,
168 .extra2 = &max_proto 169 .extra2 = &max_proto
169 }, 170 },
171#ifdef CONFIG_AX25_DAMA_SLAVE
170 { 172 {
171 .ctl_name = NET_AX25_DAMA_SLAVE_TIMEOUT, 173 .ctl_name = NET_AX25_DAMA_SLAVE_TIMEOUT,
172 .procname = "dama_slave_timeout", 174 .procname = "dama_slave_timeout",
@@ -177,6 +179,8 @@ static const ctl_table ax25_param_table[] = {
177 .extra1 = &min_ds_timeout, 179 .extra1 = &min_ds_timeout,
178 .extra2 = &max_ds_timeout 180 .extra2 = &max_ds_timeout
179 }, 181 },
182#endif
183
180 { .ctl_name = 0 } /* that's all, folks! */ 184 { .ctl_name = 0 } /* that's all, folks! */
181}; 185};
182 186
@@ -210,16 +214,6 @@ void ax25_register_sysctl(void)
210 ax25_table[n].procname = ax25_dev->dev->name; 214 ax25_table[n].procname = ax25_dev->dev->name;
211 ax25_table[n].mode = 0555; 215 ax25_table[n].mode = 0555;
212 216
213#ifndef CONFIG_AX25_DAMA_SLAVE
214 /*
215 * We do not wish to have a representation of this parameter
216 * in /proc/sys/ when configured *not* to include the
217 * AX.25 DAMA slave code, do we?
218 */
219
220 child[AX25_VALUES_DS_TIMEOUT].procname = NULL;
221#endif
222
223 child[AX25_MAX_VALUES].ctl_name = 0; /* just in case... */ 217 child[AX25_MAX_VALUES].ctl_name = 0; /* just in case... */
224 218
225 for (k = 0; k < AX25_MAX_VALUES; k++) 219 for (k = 0; k < AX25_MAX_VALUES; k++)
diff --git a/net/bluetooth/bnep/core.c b/net/bluetooth/bnep/core.c
index 021172c0e666..12bba6207a8d 100644
--- a/net/bluetooth/bnep/core.c
+++ b/net/bluetooth/bnep/core.c
@@ -57,7 +57,10 @@
57#define BT_DBG(D...) 57#define BT_DBG(D...)
58#endif 58#endif
59 59
60#define VERSION "1.2" 60#define VERSION "1.3"
61
62static int compress_src = 1;
63static int compress_dst = 1;
61 64
62static LIST_HEAD(bnep_session_list); 65static LIST_HEAD(bnep_session_list);
63static DECLARE_RWSEM(bnep_session_sem); 66static DECLARE_RWSEM(bnep_session_sem);
@@ -418,10 +421,10 @@ static inline int bnep_tx_frame(struct bnep_session *s, struct sk_buff *skb)
418 iv[il++] = (struct kvec) { &type, 1 }; 421 iv[il++] = (struct kvec) { &type, 1 };
419 len++; 422 len++;
420 423
421 if (!compare_ether_addr(eh->h_dest, s->eh.h_source)) 424 if (compress_src && !compare_ether_addr(eh->h_dest, s->eh.h_source))
422 type |= 0x01; 425 type |= 0x01;
423 426
424 if (!compare_ether_addr(eh->h_source, s->eh.h_dest)) 427 if (compress_dst && !compare_ether_addr(eh->h_source, s->eh.h_dest))
425 type |= 0x02; 428 type |= 0x02;
426 429
427 if (type) 430 if (type)
@@ -727,6 +730,12 @@ static void __exit bnep_exit(void)
727module_init(bnep_init); 730module_init(bnep_init);
728module_exit(bnep_exit); 731module_exit(bnep_exit);
729 732
733module_param(compress_src, bool, 0644);
734MODULE_PARM_DESC(compress_src, "Compress sources headers");
735
736module_param(compress_dst, bool, 0644);
737MODULE_PARM_DESC(compress_dst, "Compress destination headers");
738
730MODULE_AUTHOR("David Libault <david.libault@inventel.fr>, Maxim Krasnyansky <maxk@qualcomm.com>"); 739MODULE_AUTHOR("David Libault <david.libault@inventel.fr>, Maxim Krasnyansky <maxk@qualcomm.com>");
731MODULE_DESCRIPTION("Bluetooth BNEP ver " VERSION); 740MODULE_DESCRIPTION("Bluetooth BNEP ver " VERSION);
732MODULE_VERSION(VERSION); 741MODULE_VERSION(VERSION);
diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c
index d9449df7cad5..9b58d70b0e7d 100644
--- a/net/bridge/br_device.c
+++ b/net/bridge/br_device.c
@@ -68,10 +68,17 @@ static int br_dev_stop(struct net_device *dev)
68 68
69static int br_change_mtu(struct net_device *dev, int new_mtu) 69static int br_change_mtu(struct net_device *dev, int new_mtu)
70{ 70{
71 if (new_mtu < 68 || new_mtu > br_min_mtu(netdev_priv(dev))) 71 struct net_bridge *br = netdev_priv(dev);
72 if (new_mtu < 68 || new_mtu > br_min_mtu(br))
72 return -EINVAL; 73 return -EINVAL;
73 74
74 dev->mtu = new_mtu; 75 dev->mtu = new_mtu;
76
77#ifdef CONFIG_BRIDGE_NETFILTER
78 /* remember the MTU in the rtable for PMTU */
79 br->fake_rtable.u.dst.metrics[RTAX_MTU - 1] = new_mtu;
80#endif
81
75 return 0; 82 return 0;
76} 83}
77 84
diff --git a/net/bridge/br_if.c b/net/bridge/br_if.c
index a072ea5ca6f5..63c18aacde8c 100644
--- a/net/bridge/br_if.c
+++ b/net/bridge/br_if.c
@@ -202,6 +202,9 @@ static struct net_device *new_bridge_dev(const char *name)
202 br->topology_change = 0; 202 br->topology_change = 0;
203 br->topology_change_detected = 0; 203 br->topology_change_detected = 0;
204 br->ageing_time = 300 * HZ; 204 br->ageing_time = 300 * HZ;
205
206 br_netfilter_rtable_init(br);
207
205 INIT_LIST_HEAD(&br->age_list); 208 INIT_LIST_HEAD(&br->age_list);
206 209
207 br_stp_timer_init(br); 210 br_stp_timer_init(br);
diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c
index bb90cd7bace3..6a9a6cd74b1e 100644
--- a/net/bridge/br_netfilter.c
+++ b/net/bridge/br_netfilter.c
@@ -101,33 +101,30 @@ static inline __be16 pppoe_proto(const struct sk_buff *skb)
101 pppoe_proto(skb) == htons(PPP_IPV6) && \ 101 pppoe_proto(skb) == htons(PPP_IPV6) && \
102 brnf_filter_pppoe_tagged) 102 brnf_filter_pppoe_tagged)
103 103
104/* We need these fake structures to make netfilter happy -- 104/*
105 * lots of places assume that skb->dst != NULL, which isn't 105 * Initialize bogus route table used to keep netfilter happy.
106 * all that unreasonable.
107 *
108 * Currently, we fill in the PMTU entry because netfilter 106 * Currently, we fill in the PMTU entry because netfilter
109 * refragmentation needs it, and the rt_flags entry because 107 * refragmentation needs it, and the rt_flags entry because
110 * ipt_REJECT needs it. Future netfilter modules might 108 * ipt_REJECT needs it. Future netfilter modules might
111 * require us to fill additional fields. */ 109 * require us to fill additional fields.
112static struct net_device __fake_net_device = { 110 */
113 .hard_header_len = ETH_HLEN, 111void br_netfilter_rtable_init(struct net_bridge *br)
114#ifdef CONFIG_NET_NS 112{
115 .nd_net = &init_net, 113 struct rtable *rt = &br->fake_rtable;
116#endif
117};
118 114
119static struct rtable __fake_rtable = { 115 atomic_set(&rt->u.dst.__refcnt, 1);
120 .u = { 116 rt->u.dst.dev = br->dev;
121 .dst = { 117 rt->u.dst.path = &rt->u.dst;
122 .__refcnt = ATOMIC_INIT(1), 118 rt->u.dst.metrics[RTAX_MTU - 1] = 1500;
123 .dev = &__fake_net_device, 119 rt->u.dst.flags = DST_NOXFRM;
124 .path = &__fake_rtable.u.dst, 120}
125 .metrics = {[RTAX_MTU - 1] = 1500}, 121
126 .flags = DST_NOXFRM, 122static inline struct rtable *bridge_parent_rtable(const struct net_device *dev)
127 } 123{
128 }, 124 struct net_bridge_port *port = rcu_dereference(dev->br_port);
129 .rt_flags = 0, 125
130}; 126 return port ? &port->br->fake_rtable : NULL;
127}
131 128
132static inline struct net_device *bridge_parent(const struct net_device *dev) 129static inline struct net_device *bridge_parent(const struct net_device *dev)
133{ 130{
@@ -226,8 +223,12 @@ static int br_nf_pre_routing_finish_ipv6(struct sk_buff *skb)
226 } 223 }
227 nf_bridge->mask ^= BRNF_NF_BRIDGE_PREROUTING; 224 nf_bridge->mask ^= BRNF_NF_BRIDGE_PREROUTING;
228 225
229 skb->rtable = &__fake_rtable; 226 skb->rtable = bridge_parent_rtable(nf_bridge->physindev);
230 dst_hold(&__fake_rtable.u.dst); 227 if (!skb->rtable) {
228 kfree_skb(skb);
229 return 0;
230 }
231 dst_hold(&skb->rtable->u.dst);
231 232
232 skb->dev = nf_bridge->physindev; 233 skb->dev = nf_bridge->physindev;
233 nf_bridge_push_encap_header(skb); 234 nf_bridge_push_encap_header(skb);
@@ -391,8 +392,12 @@ bridged_dnat:
391 skb->pkt_type = PACKET_HOST; 392 skb->pkt_type = PACKET_HOST;
392 } 393 }
393 } else { 394 } else {
394 skb->rtable = &__fake_rtable; 395 skb->rtable = bridge_parent_rtable(nf_bridge->physindev);
395 dst_hold(&__fake_rtable.u.dst); 396 if (!skb->rtable) {
397 kfree_skb(skb);
398 return 0;
399 }
400 dst_hold(&skb->rtable->u.dst);
396 } 401 }
397 402
398 skb->dev = nf_bridge->physindev; 403 skb->dev = nf_bridge->physindev;
@@ -611,8 +616,8 @@ static unsigned int br_nf_local_in(unsigned int hook, struct sk_buff *skb,
611 const struct net_device *out, 616 const struct net_device *out,
612 int (*okfn)(struct sk_buff *)) 617 int (*okfn)(struct sk_buff *))
613{ 618{
614 if (skb->rtable == &__fake_rtable) { 619 if (skb->rtable && skb->rtable == bridge_parent_rtable(in)) {
615 dst_release(&__fake_rtable.u.dst); 620 dst_release(&skb->rtable->u.dst);
616 skb->rtable = NULL; 621 skb->rtable = NULL;
617 } 622 }
618 623
diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h
index 815ed38925b2..c3dc18ddc043 100644
--- a/net/bridge/br_private.h
+++ b/net/bridge/br_private.h
@@ -15,6 +15,7 @@
15 15
16#include <linux/netdevice.h> 16#include <linux/netdevice.h>
17#include <linux/if_bridge.h> 17#include <linux/if_bridge.h>
18#include <net/route.h>
18 19
19#define BR_HASH_BITS 8 20#define BR_HASH_BITS 8
20#define BR_HASH_SIZE (1 << BR_HASH_BITS) 21#define BR_HASH_SIZE (1 << BR_HASH_BITS)
@@ -92,6 +93,9 @@ struct net_bridge
92 struct hlist_head hash[BR_HASH_SIZE]; 93 struct hlist_head hash[BR_HASH_SIZE];
93 struct list_head age_list; 94 struct list_head age_list;
94 unsigned long feature_mask; 95 unsigned long feature_mask;
96#ifdef CONFIG_BRIDGE_NETFILTER
97 struct rtable fake_rtable;
98#endif
95 unsigned long flags; 99 unsigned long flags;
96#define BR_SET_MAC_ADDR 0x00000001 100#define BR_SET_MAC_ADDR 0x00000001
97 101
@@ -197,9 +201,11 @@ extern int br_ioctl_deviceless_stub(struct net *net, unsigned int cmd, void __us
197#ifdef CONFIG_BRIDGE_NETFILTER 201#ifdef CONFIG_BRIDGE_NETFILTER
198extern int br_netfilter_init(void); 202extern int br_netfilter_init(void);
199extern void br_netfilter_fini(void); 203extern void br_netfilter_fini(void);
204extern void br_netfilter_rtable_init(struct net_bridge *);
200#else 205#else
201#define br_netfilter_init() (0) 206#define br_netfilter_init() (0)
202#define br_netfilter_fini() do { } while(0) 207#define br_netfilter_fini() do { } while(0)
208#define br_netfilter_rtable_init(x)
203#endif 209#endif
204 210
205/* br_stp.c */ 211/* br_stp.c */
diff --git a/net/bridge/br_stp.c b/net/bridge/br_stp.c
index 921bbe5cb94a..6e63ec3f1fcf 100644
--- a/net/bridge/br_stp.c
+++ b/net/bridge/br_stp.c
@@ -368,14 +368,25 @@ static void br_make_blocking(struct net_bridge_port *p)
368/* called under bridge lock */ 368/* called under bridge lock */
369static void br_make_forwarding(struct net_bridge_port *p) 369static void br_make_forwarding(struct net_bridge_port *p)
370{ 370{
371 if (p->state == BR_STATE_BLOCKING) { 371 struct net_bridge *br = p->br;
372 if (p->br->stp_enabled == BR_KERNEL_STP)
373 p->state = BR_STATE_LISTENING;
374 else
375 p->state = BR_STATE_LEARNING;
376 372
377 br_log_state(p); 373 if (p->state != BR_STATE_BLOCKING)
378 mod_timer(&p->forward_delay_timer, jiffies + p->br->forward_delay); } 374 return;
375
376 if (br->forward_delay == 0) {
377 p->state = BR_STATE_FORWARDING;
378 br_topology_change_detection(br);
379 del_timer(&p->forward_delay_timer);
380 }
381 else if (p->br->stp_enabled == BR_KERNEL_STP)
382 p->state = BR_STATE_LISTENING;
383 else
384 p->state = BR_STATE_LEARNING;
385
386 br_log_state(p);
387
388 if (br->forward_delay != 0)
389 mod_timer(&p->forward_delay_timer, jiffies + br->forward_delay);
379} 390}
380 391
381/* called under bridge lock */ 392/* called under bridge lock */
diff --git a/net/bridge/netfilter/ebtable_filter.c b/net/bridge/netfilter/ebtable_filter.c
index 690bc3ab186c..1a58af51a2e2 100644
--- a/net/bridge/netfilter/ebtable_filter.c
+++ b/net/bridge/netfilter/ebtable_filter.c
@@ -93,28 +93,20 @@ static struct nf_hook_ops ebt_ops_filter[] __read_mostly = {
93 93
94static int __init ebtable_filter_init(void) 94static int __init ebtable_filter_init(void)
95{ 95{
96 int i, j, ret; 96 int ret;
97 97
98 ret = ebt_register_table(&frame_filter); 98 ret = ebt_register_table(&frame_filter);
99 if (ret < 0) 99 if (ret < 0)
100 return ret; 100 return ret;
101 for (i = 0; i < ARRAY_SIZE(ebt_ops_filter); i++) 101 ret = nf_register_hooks(ebt_ops_filter, ARRAY_SIZE(ebt_ops_filter));
102 if ((ret = nf_register_hook(&ebt_ops_filter[i])) < 0) 102 if (ret < 0)
103 goto cleanup; 103 ebt_unregister_table(&frame_filter);
104 return ret;
105cleanup:
106 for (j = 0; j < i; j++)
107 nf_unregister_hook(&ebt_ops_filter[j]);
108 ebt_unregister_table(&frame_filter);
109 return ret; 104 return ret;
110} 105}
111 106
112static void __exit ebtable_filter_fini(void) 107static void __exit ebtable_filter_fini(void)
113{ 108{
114 int i; 109 nf_unregister_hooks(ebt_ops_filter, ARRAY_SIZE(ebt_ops_filter));
115
116 for (i = 0; i < ARRAY_SIZE(ebt_ops_filter); i++)
117 nf_unregister_hook(&ebt_ops_filter[i]);
118 ebt_unregister_table(&frame_filter); 110 ebt_unregister_table(&frame_filter);
119} 111}
120 112
diff --git a/net/bridge/netfilter/ebtable_nat.c b/net/bridge/netfilter/ebtable_nat.c
index 5b495fe2d0b6..f60c1e78e575 100644
--- a/net/bridge/netfilter/ebtable_nat.c
+++ b/net/bridge/netfilter/ebtable_nat.c
@@ -100,28 +100,20 @@ static struct nf_hook_ops ebt_ops_nat[] __read_mostly = {
100 100
101static int __init ebtable_nat_init(void) 101static int __init ebtable_nat_init(void)
102{ 102{
103 int i, ret, j; 103 int ret;
104 104
105 ret = ebt_register_table(&frame_nat); 105 ret = ebt_register_table(&frame_nat);
106 if (ret < 0) 106 if (ret < 0)
107 return ret; 107 return ret;
108 for (i = 0; i < ARRAY_SIZE(ebt_ops_nat); i++) 108 ret = nf_register_hooks(ebt_ops_nat, ARRAY_SIZE(ebt_ops_nat));
109 if ((ret = nf_register_hook(&ebt_ops_nat[i])) < 0) 109 if (ret < 0)
110 goto cleanup; 110 ebt_unregister_table(&frame_nat);
111 return ret;
112cleanup:
113 for (j = 0; j < i; j++)
114 nf_unregister_hook(&ebt_ops_nat[j]);
115 ebt_unregister_table(&frame_nat);
116 return ret; 111 return ret;
117} 112}
118 113
119static void __exit ebtable_nat_fini(void) 114static void __exit ebtable_nat_fini(void)
120{ 115{
121 int i; 116 nf_unregister_hooks(ebt_ops_nat, ARRAY_SIZE(ebt_ops_nat));
122
123 for (i = 0; i < ARRAY_SIZE(ebt_ops_nat); i++)
124 nf_unregister_hook(&ebt_ops_nat[i]);
125 ebt_unregister_table(&frame_nat); 117 ebt_unregister_table(&frame_nat);
126} 118}
127 119
diff --git a/net/compat.c b/net/compat.c
index 6e1b03b51933..67fb6a3834a3 100644
--- a/net/compat.c
+++ b/net/compat.c
@@ -722,9 +722,10 @@ EXPORT_SYMBOL(compat_mc_getsockopt);
722 722
723/* Argument list sizes for compat_sys_socketcall */ 723/* Argument list sizes for compat_sys_socketcall */
724#define AL(x) ((x) * sizeof(u32)) 724#define AL(x) ((x) * sizeof(u32))
725static unsigned char nas[18]={AL(0),AL(3),AL(3),AL(3),AL(2),AL(3), 725static unsigned char nas[19]={AL(0),AL(3),AL(3),AL(3),AL(2),AL(3),
726 AL(3),AL(3),AL(4),AL(4),AL(4),AL(6), 726 AL(3),AL(3),AL(4),AL(4),AL(4),AL(6),
727 AL(6),AL(2),AL(5),AL(5),AL(3),AL(3)}; 727 AL(6),AL(2),AL(5),AL(5),AL(3),AL(3),
728 AL(6)};
728#undef AL 729#undef AL
729 730
730asmlinkage long compat_sys_sendmsg(int fd, struct compat_msghdr __user *msg, unsigned flags) 731asmlinkage long compat_sys_sendmsg(int fd, struct compat_msghdr __user *msg, unsigned flags)
@@ -737,13 +738,52 @@ asmlinkage long compat_sys_recvmsg(int fd, struct compat_msghdr __user *msg, uns
737 return sys_recvmsg(fd, (struct msghdr __user *)msg, flags | MSG_CMSG_COMPAT); 738 return sys_recvmsg(fd, (struct msghdr __user *)msg, flags | MSG_CMSG_COMPAT);
738} 739}
739 740
741asmlinkage long compat_sys_paccept(int fd, struct sockaddr __user *upeer_sockaddr,
742 int __user *upeer_addrlen,
743 const compat_sigset_t __user *sigmask,
744 compat_size_t sigsetsize, int flags)
745{
746 compat_sigset_t ss32;
747 sigset_t ksigmask, sigsaved;
748 int ret;
749
750 if (sigmask) {
751 if (sigsetsize != sizeof(compat_sigset_t))
752 return -EINVAL;
753 if (copy_from_user(&ss32, sigmask, sizeof(ss32)))
754 return -EFAULT;
755 sigset_from_compat(&ksigmask, &ss32);
756
757 sigdelsetmask(&ksigmask, sigmask(SIGKILL)|sigmask(SIGSTOP));
758 sigprocmask(SIG_SETMASK, &ksigmask, &sigsaved);
759 }
760
761 ret = do_accept(fd, upeer_sockaddr, upeer_addrlen, flags);
762
763 if (ret == -ERESTARTNOHAND) {
764 /*
765 * Don't restore the signal mask yet. Let do_signal() deliver
766 * the signal on the way back to userspace, before the signal
767 * mask is restored.
768 */
769 if (sigmask) {
770 memcpy(&current->saved_sigmask, &sigsaved,
771 sizeof(sigsaved));
772 set_restore_sigmask();
773 }
774 } else if (sigmask)
775 sigprocmask(SIG_SETMASK, &sigsaved, NULL);
776
777 return ret;
778}
779
740asmlinkage long compat_sys_socketcall(int call, u32 __user *args) 780asmlinkage long compat_sys_socketcall(int call, u32 __user *args)
741{ 781{
742 int ret; 782 int ret;
743 u32 a[6]; 783 u32 a[6];
744 u32 a0, a1; 784 u32 a0, a1;
745 785
746 if (call < SYS_SOCKET || call > SYS_RECVMSG) 786 if (call < SYS_SOCKET || call > SYS_PACCEPT)
747 return -EINVAL; 787 return -EINVAL;
748 if (copy_from_user(a, args, nas[call])) 788 if (copy_from_user(a, args, nas[call]))
749 return -EFAULT; 789 return -EFAULT;
@@ -764,7 +804,7 @@ asmlinkage long compat_sys_socketcall(int call, u32 __user *args)
764 ret = sys_listen(a0, a1); 804 ret = sys_listen(a0, a1);
765 break; 805 break;
766 case SYS_ACCEPT: 806 case SYS_ACCEPT:
767 ret = sys_accept(a0, compat_ptr(a1), compat_ptr(a[2])); 807 ret = do_accept(a0, compat_ptr(a1), compat_ptr(a[2]), 0);
768 break; 808 break;
769 case SYS_GETSOCKNAME: 809 case SYS_GETSOCKNAME:
770 ret = sys_getsockname(a0, compat_ptr(a1), compat_ptr(a[2])); 810 ret = sys_getsockname(a0, compat_ptr(a1), compat_ptr(a[2]));
@@ -804,6 +844,10 @@ asmlinkage long compat_sys_socketcall(int call, u32 __user *args)
804 case SYS_RECVMSG: 844 case SYS_RECVMSG:
805 ret = compat_sys_recvmsg(a0, compat_ptr(a1), a[2]); 845 ret = compat_sys_recvmsg(a0, compat_ptr(a1), a[2]);
806 break; 846 break;
847 case SYS_PACCEPT:
848 ret = compat_sys_paccept(a0, compat_ptr(a1), compat_ptr(a[2]),
849 compat_ptr(a[3]), a[4], a[5]);
850 break;
807 default: 851 default:
808 ret = -EINVAL; 852 ret = -EINVAL;
809 break; 853 break;
diff --git a/net/core/datagram.c b/net/core/datagram.c
index 8a28fc93b724..dd61dcad6019 100644
--- a/net/core/datagram.c
+++ b/net/core/datagram.c
@@ -285,7 +285,7 @@ int skb_copy_datagram_iovec(const struct sk_buff *skb, int offset,
285 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) { 285 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
286 int end; 286 int end;
287 287
288 BUG_TRAP(start <= offset + len); 288 WARN_ON(start > offset + len);
289 289
290 end = start + skb_shinfo(skb)->frags[i].size; 290 end = start + skb_shinfo(skb)->frags[i].size;
291 if ((copy = end - offset) > 0) { 291 if ((copy = end - offset) > 0) {
@@ -315,7 +315,7 @@ int skb_copy_datagram_iovec(const struct sk_buff *skb, int offset,
315 for (; list; list = list->next) { 315 for (; list; list = list->next) {
316 int end; 316 int end;
317 317
318 BUG_TRAP(start <= offset + len); 318 WARN_ON(start > offset + len);
319 319
320 end = start + list->len; 320 end = start + list->len;
321 if ((copy = end - offset) > 0) { 321 if ((copy = end - offset) > 0) {
@@ -366,7 +366,7 @@ static int skb_copy_and_csum_datagram(const struct sk_buff *skb, int offset,
366 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) { 366 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
367 int end; 367 int end;
368 368
369 BUG_TRAP(start <= offset + len); 369 WARN_ON(start > offset + len);
370 370
371 end = start + skb_shinfo(skb)->frags[i].size; 371 end = start + skb_shinfo(skb)->frags[i].size;
372 if ((copy = end - offset) > 0) { 372 if ((copy = end - offset) > 0) {
@@ -402,7 +402,7 @@ static int skb_copy_and_csum_datagram(const struct sk_buff *skb, int offset,
402 for (; list; list=list->next) { 402 for (; list; list=list->next) {
403 int end; 403 int end;
404 404
405 BUG_TRAP(start <= offset + len); 405 WARN_ON(start > offset + len);
406 406
407 end = start + list->len; 407 end = start + list->len;
408 if ((copy = end - offset) > 0) { 408 if ((copy = end - offset) > 0) {
diff --git a/net/core/dev.c b/net/core/dev.c
index 6bf217da9d8f..600bb23c4c2e 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -1341,9 +1341,6 @@ static void dev_queue_xmit_nit(struct sk_buff *skb, struct net_device *dev)
1341 1341
1342void __netif_schedule(struct Qdisc *q) 1342void __netif_schedule(struct Qdisc *q)
1343{ 1343{
1344 if (WARN_ON_ONCE(q == &noop_qdisc))
1345 return;
1346
1347 if (!test_and_set_bit(__QDISC_STATE_SCHED, &q->state)) { 1344 if (!test_and_set_bit(__QDISC_STATE_SCHED, &q->state)) {
1348 struct softnet_data *sd; 1345 struct softnet_data *sd;
1349 unsigned long flags; 1346 unsigned long flags;
@@ -1799,7 +1796,7 @@ gso:
1799 skb->tc_verd = SET_TC_AT(skb->tc_verd,AT_EGRESS); 1796 skb->tc_verd = SET_TC_AT(skb->tc_verd,AT_EGRESS);
1800#endif 1797#endif
1801 if (q->enqueue) { 1798 if (q->enqueue) {
1802 spinlock_t *root_lock = qdisc_root_lock(q); 1799 spinlock_t *root_lock = qdisc_lock(q);
1803 1800
1804 spin_lock(root_lock); 1801 spin_lock(root_lock);
1805 1802
@@ -1808,7 +1805,6 @@ gso:
1808 1805
1809 spin_unlock(root_lock); 1806 spin_unlock(root_lock);
1810 1807
1811 rc = rc == NET_XMIT_BYPASS ? NET_XMIT_SUCCESS : rc;
1812 goto out; 1808 goto out;
1813 } 1809 }
1814 1810
@@ -1912,7 +1908,6 @@ int netif_rx(struct sk_buff *skb)
1912 if (queue->input_pkt_queue.qlen <= netdev_max_backlog) { 1908 if (queue->input_pkt_queue.qlen <= netdev_max_backlog) {
1913 if (queue->input_pkt_queue.qlen) { 1909 if (queue->input_pkt_queue.qlen) {
1914enqueue: 1910enqueue:
1915 dev_hold(skb->dev);
1916 __skb_queue_tail(&queue->input_pkt_queue, skb); 1911 __skb_queue_tail(&queue->input_pkt_queue, skb);
1917 local_irq_restore(flags); 1912 local_irq_restore(flags);
1918 return NET_RX_SUCCESS; 1913 return NET_RX_SUCCESS;
@@ -1944,22 +1939,6 @@ int netif_rx_ni(struct sk_buff *skb)
1944 1939
1945EXPORT_SYMBOL(netif_rx_ni); 1940EXPORT_SYMBOL(netif_rx_ni);
1946 1941
1947static inline struct net_device *skb_bond(struct sk_buff *skb)
1948{
1949 struct net_device *dev = skb->dev;
1950
1951 if (dev->master) {
1952 if (skb_bond_should_drop(skb)) {
1953 kfree_skb(skb);
1954 return NULL;
1955 }
1956 skb->dev = dev->master;
1957 }
1958
1959 return dev;
1960}
1961
1962
1963static void net_tx_action(struct softirq_action *h) 1942static void net_tx_action(struct softirq_action *h)
1964{ 1943{
1965 struct softnet_data *sd = &__get_cpu_var(softnet_data); 1944 struct softnet_data *sd = &__get_cpu_var(softnet_data);
@@ -1976,7 +1955,7 @@ static void net_tx_action(struct softirq_action *h)
1976 struct sk_buff *skb = clist; 1955 struct sk_buff *skb = clist;
1977 clist = clist->next; 1956 clist = clist->next;
1978 1957
1979 BUG_TRAP(!atomic_read(&skb->users)); 1958 WARN_ON(atomic_read(&skb->users));
1980 __kfree_skb(skb); 1959 __kfree_skb(skb);
1981 } 1960 }
1982 } 1961 }
@@ -1998,7 +1977,7 @@ static void net_tx_action(struct softirq_action *h)
1998 smp_mb__before_clear_bit(); 1977 smp_mb__before_clear_bit();
1999 clear_bit(__QDISC_STATE_SCHED, &q->state); 1978 clear_bit(__QDISC_STATE_SCHED, &q->state);
2000 1979
2001 root_lock = qdisc_root_lock(q); 1980 root_lock = qdisc_lock(q);
2002 if (spin_trylock(root_lock)) { 1981 if (spin_trylock(root_lock)) {
2003 qdisc_run(q); 1982 qdisc_run(q);
2004 spin_unlock(root_lock); 1983 spin_unlock(root_lock);
@@ -2103,7 +2082,7 @@ static int ing_filter(struct sk_buff *skb)
2103 rxq = &dev->rx_queue; 2082 rxq = &dev->rx_queue;
2104 2083
2105 q = rxq->qdisc; 2084 q = rxq->qdisc;
2106 if (q) { 2085 if (q != &noop_qdisc) {
2107 spin_lock(qdisc_lock(q)); 2086 spin_lock(qdisc_lock(q));
2108 result = qdisc_enqueue_root(skb, q); 2087 result = qdisc_enqueue_root(skb, q);
2109 spin_unlock(qdisc_lock(q)); 2088 spin_unlock(qdisc_lock(q));
@@ -2116,7 +2095,7 @@ static inline struct sk_buff *handle_ing(struct sk_buff *skb,
2116 struct packet_type **pt_prev, 2095 struct packet_type **pt_prev,
2117 int *ret, struct net_device *orig_dev) 2096 int *ret, struct net_device *orig_dev)
2118{ 2097{
2119 if (!skb->dev->rx_queue.qdisc) 2098 if (skb->dev->rx_queue.qdisc == &noop_qdisc)
2120 goto out; 2099 goto out;
2121 2100
2122 if (*pt_prev) { 2101 if (*pt_prev) {
@@ -2186,6 +2165,7 @@ int netif_receive_skb(struct sk_buff *skb)
2186{ 2165{
2187 struct packet_type *ptype, *pt_prev; 2166 struct packet_type *ptype, *pt_prev;
2188 struct net_device *orig_dev; 2167 struct net_device *orig_dev;
2168 struct net_device *null_or_orig;
2189 int ret = NET_RX_DROP; 2169 int ret = NET_RX_DROP;
2190 __be16 type; 2170 __be16 type;
2191 2171
@@ -2199,10 +2179,14 @@ int netif_receive_skb(struct sk_buff *skb)
2199 if (!skb->iif) 2179 if (!skb->iif)
2200 skb->iif = skb->dev->ifindex; 2180 skb->iif = skb->dev->ifindex;
2201 2181
2202 orig_dev = skb_bond(skb); 2182 null_or_orig = NULL;
2203 2183 orig_dev = skb->dev;
2204 if (!orig_dev) 2184 if (orig_dev->master) {
2205 return NET_RX_DROP; 2185 if (skb_bond_should_drop(skb))
2186 null_or_orig = orig_dev; /* deliver only exact match */
2187 else
2188 skb->dev = orig_dev->master;
2189 }
2206 2190
2207 __get_cpu_var(netdev_rx_stat).total++; 2191 __get_cpu_var(netdev_rx_stat).total++;
2208 2192
@@ -2226,7 +2210,8 @@ int netif_receive_skb(struct sk_buff *skb)
2226#endif 2210#endif
2227 2211
2228 list_for_each_entry_rcu(ptype, &ptype_all, list) { 2212 list_for_each_entry_rcu(ptype, &ptype_all, list) {
2229 if (!ptype->dev || ptype->dev == skb->dev) { 2213 if (ptype->dev == null_or_orig || ptype->dev == skb->dev ||
2214 ptype->dev == orig_dev) {
2230 if (pt_prev) 2215 if (pt_prev)
2231 ret = deliver_skb(skb, pt_prev, orig_dev); 2216 ret = deliver_skb(skb, pt_prev, orig_dev);
2232 pt_prev = ptype; 2217 pt_prev = ptype;
@@ -2251,7 +2236,8 @@ ncls:
2251 list_for_each_entry_rcu(ptype, 2236 list_for_each_entry_rcu(ptype,
2252 &ptype_base[ntohs(type) & PTYPE_HASH_MASK], list) { 2237 &ptype_base[ntohs(type) & PTYPE_HASH_MASK], list) {
2253 if (ptype->type == type && 2238 if (ptype->type == type &&
2254 (!ptype->dev || ptype->dev == skb->dev)) { 2239 (ptype->dev == null_or_orig || ptype->dev == skb->dev ||
2240 ptype->dev == orig_dev)) {
2255 if (pt_prev) 2241 if (pt_prev)
2256 ret = deliver_skb(skb, pt_prev, orig_dev); 2242 ret = deliver_skb(skb, pt_prev, orig_dev);
2257 pt_prev = ptype; 2243 pt_prev = ptype;
@@ -2273,6 +2259,20 @@ out:
2273 return ret; 2259 return ret;
2274} 2260}
2275 2261
2262/* Network device is going away, flush any packets still pending */
2263static void flush_backlog(void *arg)
2264{
2265 struct net_device *dev = arg;
2266 struct softnet_data *queue = &__get_cpu_var(softnet_data);
2267 struct sk_buff *skb, *tmp;
2268
2269 skb_queue_walk_safe(&queue->input_pkt_queue, skb, tmp)
2270 if (skb->dev == dev) {
2271 __skb_unlink(skb, &queue->input_pkt_queue);
2272 kfree_skb(skb);
2273 }
2274}
2275
2276static int process_backlog(struct napi_struct *napi, int quota) 2276static int process_backlog(struct napi_struct *napi, int quota)
2277{ 2277{
2278 int work = 0; 2278 int work = 0;
@@ -2282,7 +2282,6 @@ static int process_backlog(struct napi_struct *napi, int quota)
2282 napi->weight = weight_p; 2282 napi->weight = weight_p;
2283 do { 2283 do {
2284 struct sk_buff *skb; 2284 struct sk_buff *skb;
2285 struct net_device *dev;
2286 2285
2287 local_irq_disable(); 2286 local_irq_disable();
2288 skb = __skb_dequeue(&queue->input_pkt_queue); 2287 skb = __skb_dequeue(&queue->input_pkt_queue);
@@ -2291,14 +2290,9 @@ static int process_backlog(struct napi_struct *napi, int quota)
2291 local_irq_enable(); 2290 local_irq_enable();
2292 break; 2291 break;
2293 } 2292 }
2294
2295 local_irq_enable(); 2293 local_irq_enable();
2296 2294
2297 dev = skb->dev;
2298
2299 netif_receive_skb(skb); 2295 netif_receive_skb(skb);
2300
2301 dev_put(dev);
2302 } while (++work < quota && jiffies == start_time); 2296 } while (++work < quota && jiffies == start_time);
2303 2297
2304 return work; 2298 return work;
@@ -2398,7 +2392,7 @@ out:
2398 */ 2392 */
2399 if (!cpus_empty(net_dma.channel_mask)) { 2393 if (!cpus_empty(net_dma.channel_mask)) {
2400 int chan_idx; 2394 int chan_idx;
2401 for_each_cpu_mask(chan_idx, net_dma.channel_mask) { 2395 for_each_cpu_mask_nr(chan_idx, net_dma.channel_mask) {
2402 struct dma_chan *chan = net_dma.channels[chan_idx]; 2396 struct dma_chan *chan = net_dma.channels[chan_idx];
2403 if (chan) 2397 if (chan)
2404 dma_async_memcpy_issue_pending(chan); 2398 dma_async_memcpy_issue_pending(chan);
@@ -3850,7 +3844,7 @@ static void rollback_registered(struct net_device *dev)
3850 dev->uninit(dev); 3844 dev->uninit(dev);
3851 3845
3852 /* Notifier chain MUST detach us from master device. */ 3846 /* Notifier chain MUST detach us from master device. */
3853 BUG_TRAP(!dev->master); 3847 WARN_ON(dev->master);
3854 3848
3855 /* Remove entries from kobject tree */ 3849 /* Remove entries from kobject tree */
3856 netdev_unregister_kobject(dev); 3850 netdev_unregister_kobject(dev);
@@ -3991,6 +3985,10 @@ int register_netdevice(struct net_device *dev)
3991 } 3985 }
3992 } 3986 }
3993 3987
3988 /* Enable software GSO if SG is supported. */
3989 if (dev->features & NETIF_F_SG)
3990 dev->features |= NETIF_F_GSO;
3991
3994 netdev_initialize_kobject(dev); 3992 netdev_initialize_kobject(dev);
3995 ret = netdev_register_kobject(dev); 3993 ret = netdev_register_kobject(dev);
3996 if (ret) 3994 if (ret)
@@ -4168,13 +4166,15 @@ void netdev_run_todo(void)
4168 4166
4169 dev->reg_state = NETREG_UNREGISTERED; 4167 dev->reg_state = NETREG_UNREGISTERED;
4170 4168
4169 on_each_cpu(flush_backlog, dev, 1);
4170
4171 netdev_wait_allrefs(dev); 4171 netdev_wait_allrefs(dev);
4172 4172
4173 /* paranoia */ 4173 /* paranoia */
4174 BUG_ON(atomic_read(&dev->refcnt)); 4174 BUG_ON(atomic_read(&dev->refcnt));
4175 BUG_TRAP(!dev->ip_ptr); 4175 WARN_ON(dev->ip_ptr);
4176 BUG_TRAP(!dev->ip6_ptr); 4176 WARN_ON(dev->ip6_ptr);
4177 BUG_TRAP(!dev->dn_ptr); 4177 WARN_ON(dev->dn_ptr);
4178 4178
4179 if (dev->destructor) 4179 if (dev->destructor)
4180 dev->destructor(dev); 4180 dev->destructor(dev);
@@ -4203,6 +4203,7 @@ static void netdev_init_queues(struct net_device *dev)
4203{ 4203{
4204 netdev_init_one_queue(dev, &dev->rx_queue, NULL); 4204 netdev_init_one_queue(dev, &dev->rx_queue, NULL);
4205 netdev_for_each_tx_queue(dev, netdev_init_one_queue, NULL); 4205 netdev_for_each_tx_queue(dev, netdev_init_one_queue, NULL);
4206 spin_lock_init(&dev->tx_global_lock);
4206} 4207}
4207 4208
4208/** 4209/**
@@ -4533,7 +4534,7 @@ static void net_dma_rebalance(struct net_dma *net_dma)
4533 i = 0; 4534 i = 0;
4534 cpu = first_cpu(cpu_online_map); 4535 cpu = first_cpu(cpu_online_map);
4535 4536
4536 for_each_cpu_mask(chan_idx, net_dma->channel_mask) { 4537 for_each_cpu_mask_nr(chan_idx, net_dma->channel_mask) {
4537 chan = net_dma->channels[chan_idx]; 4538 chan = net_dma->channels[chan_idx];
4538 4539
4539 n = ((num_online_cpus() / cpus_weight(net_dma->channel_mask)) 4540 n = ((num_online_cpus() / cpus_weight(net_dma->channel_mask))
diff --git a/net/core/gen_estimator.c b/net/core/gen_estimator.c
index 57abe8266be1..a89f32fa94f6 100644
--- a/net/core/gen_estimator.c
+++ b/net/core/gen_estimator.c
@@ -99,7 +99,7 @@ struct gen_estimator_head
99 99
100static struct gen_estimator_head elist[EST_MAX_INTERVAL+1]; 100static struct gen_estimator_head elist[EST_MAX_INTERVAL+1];
101 101
102/* Protects against NULL dereference */ 102/* Protects against NULL dereference and RCU write-side */
103static DEFINE_RWLOCK(est_lock); 103static DEFINE_RWLOCK(est_lock);
104 104
105static void est_timer(unsigned long arg) 105static void est_timer(unsigned long arg)
@@ -185,6 +185,7 @@ int gen_new_estimator(struct gnet_stats_basic *bstats,
185 est->last_packets = bstats->packets; 185 est->last_packets = bstats->packets;
186 est->avpps = rate_est->pps<<10; 186 est->avpps = rate_est->pps<<10;
187 187
188 write_lock_bh(&est_lock);
188 if (!elist[idx].timer.function) { 189 if (!elist[idx].timer.function) {
189 INIT_LIST_HEAD(&elist[idx].list); 190 INIT_LIST_HEAD(&elist[idx].list);
190 setup_timer(&elist[idx].timer, est_timer, idx); 191 setup_timer(&elist[idx].timer, est_timer, idx);
@@ -194,6 +195,7 @@ int gen_new_estimator(struct gnet_stats_basic *bstats,
194 mod_timer(&elist[idx].timer, jiffies + ((HZ/4) << idx)); 195 mod_timer(&elist[idx].timer, jiffies + ((HZ/4) << idx));
195 196
196 list_add_rcu(&est->list, &elist[idx].list); 197 list_add_rcu(&est->list, &elist[idx].list);
198 write_unlock_bh(&est_lock);
197 return 0; 199 return 0;
198} 200}
199 201
@@ -212,7 +214,6 @@ static void __gen_kill_estimator(struct rcu_head *head)
212 * Removes the rate estimator specified by &bstats and &rate_est 214 * Removes the rate estimator specified by &bstats and &rate_est
213 * and deletes the timer. 215 * and deletes the timer.
214 * 216 *
215 * NOTE: Called under rtnl_mutex
216 */ 217 */
217void gen_kill_estimator(struct gnet_stats_basic *bstats, 218void gen_kill_estimator(struct gnet_stats_basic *bstats,
218 struct gnet_stats_rate_est *rate_est) 219 struct gnet_stats_rate_est *rate_est)
@@ -226,17 +227,17 @@ void gen_kill_estimator(struct gnet_stats_basic *bstats,
226 if (!elist[idx].timer.function) 227 if (!elist[idx].timer.function)
227 continue; 228 continue;
228 229
230 write_lock_bh(&est_lock);
229 list_for_each_entry_safe(e, n, &elist[idx].list, list) { 231 list_for_each_entry_safe(e, n, &elist[idx].list, list) {
230 if (e->rate_est != rate_est || e->bstats != bstats) 232 if (e->rate_est != rate_est || e->bstats != bstats)
231 continue; 233 continue;
232 234
233 write_lock_bh(&est_lock);
234 e->bstats = NULL; 235 e->bstats = NULL;
235 write_unlock_bh(&est_lock);
236 236
237 list_del_rcu(&e->list); 237 list_del_rcu(&e->list);
238 call_rcu(&e->e_rcu, __gen_kill_estimator); 238 call_rcu(&e->e_rcu, __gen_kill_estimator);
239 } 239 }
240 write_unlock_bh(&est_lock);
240 } 241 }
241} 242}
242 243
diff --git a/net/core/neighbour.c b/net/core/neighbour.c
index f62c8af85d38..9d92e41826e7 100644
--- a/net/core/neighbour.c
+++ b/net/core/neighbour.c
@@ -2281,6 +2281,7 @@ static struct neighbour *neigh_get_idx(struct seq_file *seq, loff_t *pos)
2281 struct neighbour *n = neigh_get_first(seq); 2281 struct neighbour *n = neigh_get_first(seq);
2282 2282
2283 if (n) { 2283 if (n) {
2284 --(*pos);
2284 while (*pos) { 2285 while (*pos) {
2285 n = neigh_get_next(seq, n, pos); 2286 n = neigh_get_next(seq, n, pos);
2286 if (!n) 2287 if (!n)
@@ -2341,6 +2342,7 @@ static struct pneigh_entry *pneigh_get_idx(struct seq_file *seq, loff_t *pos)
2341 struct pneigh_entry *pn = pneigh_get_first(seq); 2342 struct pneigh_entry *pn = pneigh_get_first(seq);
2342 2343
2343 if (pn) { 2344 if (pn) {
2345 --(*pos);
2344 while (*pos) { 2346 while (*pos) {
2345 pn = pneigh_get_next(seq, pn, pos); 2347 pn = pneigh_get_next(seq, pn, pos);
2346 if (!pn) 2348 if (!pn)
@@ -2354,10 +2356,11 @@ static void *neigh_get_idx_any(struct seq_file *seq, loff_t *pos)
2354{ 2356{
2355 struct neigh_seq_state *state = seq->private; 2357 struct neigh_seq_state *state = seq->private;
2356 void *rc; 2358 void *rc;
2359 loff_t idxpos = *pos;
2357 2360
2358 rc = neigh_get_idx(seq, pos); 2361 rc = neigh_get_idx(seq, &idxpos);
2359 if (!rc && !(state->flags & NEIGH_SEQ_NEIGH_ONLY)) 2362 if (!rc && !(state->flags & NEIGH_SEQ_NEIGH_ONLY))
2360 rc = pneigh_get_idx(seq, pos); 2363 rc = pneigh_get_idx(seq, &idxpos);
2361 2364
2362 return rc; 2365 return rc;
2363} 2366}
@@ -2366,7 +2369,6 @@ void *neigh_seq_start(struct seq_file *seq, loff_t *pos, struct neigh_table *tbl
2366 __acquires(tbl->lock) 2369 __acquires(tbl->lock)
2367{ 2370{
2368 struct neigh_seq_state *state = seq->private; 2371 struct neigh_seq_state *state = seq->private;
2369 loff_t pos_minus_one;
2370 2372
2371 state->tbl = tbl; 2373 state->tbl = tbl;
2372 state->bucket = 0; 2374 state->bucket = 0;
@@ -2374,8 +2376,7 @@ void *neigh_seq_start(struct seq_file *seq, loff_t *pos, struct neigh_table *tbl
2374 2376
2375 read_lock_bh(&tbl->lock); 2377 read_lock_bh(&tbl->lock);
2376 2378
2377 pos_minus_one = *pos - 1; 2379 return *pos ? neigh_get_idx_any(seq, pos) : SEQ_START_TOKEN;
2378 return *pos ? neigh_get_idx_any(seq, &pos_minus_one) : SEQ_START_TOKEN;
2379} 2380}
2380EXPORT_SYMBOL(neigh_seq_start); 2381EXPORT_SYMBOL(neigh_seq_start);
2381 2382
@@ -2385,7 +2386,7 @@ void *neigh_seq_next(struct seq_file *seq, void *v, loff_t *pos)
2385 void *rc; 2386 void *rc;
2386 2387
2387 if (v == SEQ_START_TOKEN) { 2388 if (v == SEQ_START_TOKEN) {
2388 rc = neigh_get_idx(seq, pos); 2389 rc = neigh_get_first(seq);
2389 goto out; 2390 goto out;
2390 } 2391 }
2391 2392
diff --git a/net/core/netpoll.c b/net/core/netpoll.c
index c12720895ecf..6c7af390be0a 100644
--- a/net/core/netpoll.c
+++ b/net/core/netpoll.c
@@ -70,6 +70,7 @@ static void queue_process(struct work_struct *work)
70 local_irq_save(flags); 70 local_irq_save(flags);
71 __netif_tx_lock(txq, smp_processor_id()); 71 __netif_tx_lock(txq, smp_processor_id());
72 if (netif_tx_queue_stopped(txq) || 72 if (netif_tx_queue_stopped(txq) ||
73 netif_tx_queue_frozen(txq) ||
73 dev->hard_start_xmit(skb, dev) != NETDEV_TX_OK) { 74 dev->hard_start_xmit(skb, dev) != NETDEV_TX_OK) {
74 skb_queue_head(&npinfo->txq, skb); 75 skb_queue_head(&npinfo->txq, skb);
75 __netif_tx_unlock(txq); 76 __netif_tx_unlock(txq);
diff --git a/net/core/pktgen.c b/net/core/pktgen.c
index c7d484f7e1c4..a756847e3814 100644
--- a/net/core/pktgen.c
+++ b/net/core/pktgen.c
@@ -168,7 +168,7 @@
168#include <asm/div64.h> /* do_div */ 168#include <asm/div64.h> /* do_div */
169#include <asm/timex.h> 169#include <asm/timex.h>
170 170
171#define VERSION "pktgen v2.69: Packet Generator for packet performance testing.\n" 171#define VERSION "pktgen v2.70: Packet Generator for packet performance testing.\n"
172 172
173#define IP_NAME_SZ 32 173#define IP_NAME_SZ 32
174#define MAX_MPLS_LABELS 16 /* This is the max label stack depth */ 174#define MAX_MPLS_LABELS 16 /* This is the max label stack depth */
@@ -189,6 +189,7 @@
189#define F_FLOW_SEQ (1<<11) /* Sequential flows */ 189#define F_FLOW_SEQ (1<<11) /* Sequential flows */
190#define F_IPSEC_ON (1<<12) /* ipsec on for flows */ 190#define F_IPSEC_ON (1<<12) /* ipsec on for flows */
191#define F_QUEUE_MAP_RND (1<<13) /* queue map Random */ 191#define F_QUEUE_MAP_RND (1<<13) /* queue map Random */
192#define F_QUEUE_MAP_CPU (1<<14) /* queue map mirrors smp_processor_id() */
192 193
193/* Thread control flag bits */ 194/* Thread control flag bits */
194#define T_TERMINATE (1<<0) 195#define T_TERMINATE (1<<0)
@@ -621,6 +622,9 @@ static int pktgen_if_show(struct seq_file *seq, void *v)
621 if (pkt_dev->flags & F_QUEUE_MAP_RND) 622 if (pkt_dev->flags & F_QUEUE_MAP_RND)
622 seq_printf(seq, "QUEUE_MAP_RND "); 623 seq_printf(seq, "QUEUE_MAP_RND ");
623 624
625 if (pkt_dev->flags & F_QUEUE_MAP_CPU)
626 seq_printf(seq, "QUEUE_MAP_CPU ");
627
624 if (pkt_dev->cflows) { 628 if (pkt_dev->cflows) {
625 if (pkt_dev->flags & F_FLOW_SEQ) 629 if (pkt_dev->flags & F_FLOW_SEQ)
626 seq_printf(seq, "FLOW_SEQ "); /*in sequence flows*/ 630 seq_printf(seq, "FLOW_SEQ "); /*in sequence flows*/
@@ -1134,6 +1138,12 @@ static ssize_t pktgen_if_write(struct file *file,
1134 1138
1135 else if (strcmp(f, "!QUEUE_MAP_RND") == 0) 1139 else if (strcmp(f, "!QUEUE_MAP_RND") == 0)
1136 pkt_dev->flags &= ~F_QUEUE_MAP_RND; 1140 pkt_dev->flags &= ~F_QUEUE_MAP_RND;
1141
1142 else if (strcmp(f, "QUEUE_MAP_CPU") == 0)
1143 pkt_dev->flags |= F_QUEUE_MAP_CPU;
1144
1145 else if (strcmp(f, "!QUEUE_MAP_CPU") == 0)
1146 pkt_dev->flags &= ~F_QUEUE_MAP_CPU;
1137#ifdef CONFIG_XFRM 1147#ifdef CONFIG_XFRM
1138 else if (strcmp(f, "IPSEC") == 0) 1148 else if (strcmp(f, "IPSEC") == 0)
1139 pkt_dev->flags |= F_IPSEC_ON; 1149 pkt_dev->flags |= F_IPSEC_ON;
@@ -1895,6 +1905,23 @@ static int pktgen_device_event(struct notifier_block *unused,
1895 return NOTIFY_DONE; 1905 return NOTIFY_DONE;
1896} 1906}
1897 1907
1908static struct net_device *pktgen_dev_get_by_name(struct pktgen_dev *pkt_dev, const char *ifname)
1909{
1910 char b[IFNAMSIZ+5];
1911 int i = 0;
1912
1913 for(i=0; ifname[i] != '@'; i++) {
1914 if(i == IFNAMSIZ)
1915 break;
1916
1917 b[i] = ifname[i];
1918 }
1919 b[i] = 0;
1920
1921 return dev_get_by_name(&init_net, b);
1922}
1923
1924
1898/* Associate pktgen_dev with a device. */ 1925/* Associate pktgen_dev with a device. */
1899 1926
1900static int pktgen_setup_dev(struct pktgen_dev *pkt_dev, const char *ifname) 1927static int pktgen_setup_dev(struct pktgen_dev *pkt_dev, const char *ifname)
@@ -1908,7 +1935,7 @@ static int pktgen_setup_dev(struct pktgen_dev *pkt_dev, const char *ifname)
1908 pkt_dev->odev = NULL; 1935 pkt_dev->odev = NULL;
1909 } 1936 }
1910 1937
1911 odev = dev_get_by_name(&init_net, ifname); 1938 odev = pktgen_dev_get_by_name(pkt_dev, ifname);
1912 if (!odev) { 1939 if (!odev) {
1913 printk(KERN_ERR "pktgen: no such netdevice: \"%s\"\n", ifname); 1940 printk(KERN_ERR "pktgen: no such netdevice: \"%s\"\n", ifname);
1914 return -ENODEV; 1941 return -ENODEV;
@@ -1934,6 +1961,8 @@ static int pktgen_setup_dev(struct pktgen_dev *pkt_dev, const char *ifname)
1934 */ 1961 */
1935static void pktgen_setup_inject(struct pktgen_dev *pkt_dev) 1962static void pktgen_setup_inject(struct pktgen_dev *pkt_dev)
1936{ 1963{
1964 int ntxq;
1965
1937 if (!pkt_dev->odev) { 1966 if (!pkt_dev->odev) {
1938 printk(KERN_ERR "pktgen: ERROR: pkt_dev->odev == NULL in " 1967 printk(KERN_ERR "pktgen: ERROR: pkt_dev->odev == NULL in "
1939 "setup_inject.\n"); 1968 "setup_inject.\n");
@@ -1942,6 +1971,33 @@ static void pktgen_setup_inject(struct pktgen_dev *pkt_dev)
1942 return; 1971 return;
1943 } 1972 }
1944 1973
1974 /* make sure that we don't pick a non-existing transmit queue */
1975 ntxq = pkt_dev->odev->real_num_tx_queues;
1976 if (ntxq <= num_online_cpus() && (pkt_dev->flags & F_QUEUE_MAP_CPU)) {
1977 printk(KERN_WARNING "pktgen: WARNING: QUEUE_MAP_CPU "
1978 "disabled because CPU count (%d) exceeds number ",
1979 num_online_cpus());
1980 printk(KERN_WARNING "pktgen: WARNING: of tx queues "
1981 "(%d) on %s \n", ntxq, pkt_dev->odev->name);
1982 pkt_dev->flags &= ~F_QUEUE_MAP_CPU;
1983 }
1984 if (ntxq <= pkt_dev->queue_map_min) {
1985 printk(KERN_WARNING "pktgen: WARNING: Requested "
1986 "queue_map_min (%d) exceeds number of tx\n",
1987 pkt_dev->queue_map_min);
1988 printk(KERN_WARNING "pktgen: WARNING: queues (%d) on "
1989 "%s, resetting\n", ntxq, pkt_dev->odev->name);
1990 pkt_dev->queue_map_min = ntxq - 1;
1991 }
1992 if (ntxq <= pkt_dev->queue_map_max) {
1993 printk(KERN_WARNING "pktgen: WARNING: Requested "
1994 "queue_map_max (%d) exceeds number of tx\n",
1995 pkt_dev->queue_map_max);
1996 printk(KERN_WARNING "pktgen: WARNING: queues (%d) on "
1997 "%s, resetting\n", ntxq, pkt_dev->odev->name);
1998 pkt_dev->queue_map_max = ntxq - 1;
1999 }
2000
1945 /* Default to the interface's mac if not explicitly set. */ 2001 /* Default to the interface's mac if not explicitly set. */
1946 2002
1947 if (is_zero_ether_addr(pkt_dev->src_mac)) 2003 if (is_zero_ether_addr(pkt_dev->src_mac))
@@ -2085,15 +2141,19 @@ static inline int f_pick(struct pktgen_dev *pkt_dev)
2085 if (pkt_dev->flows[flow].count >= pkt_dev->lflow) { 2141 if (pkt_dev->flows[flow].count >= pkt_dev->lflow) {
2086 /* reset time */ 2142 /* reset time */
2087 pkt_dev->flows[flow].count = 0; 2143 pkt_dev->flows[flow].count = 0;
2144 pkt_dev->flows[flow].flags = 0;
2088 pkt_dev->curfl += 1; 2145 pkt_dev->curfl += 1;
2089 if (pkt_dev->curfl >= pkt_dev->cflows) 2146 if (pkt_dev->curfl >= pkt_dev->cflows)
2090 pkt_dev->curfl = 0; /*reset */ 2147 pkt_dev->curfl = 0; /*reset */
2091 } 2148 }
2092 } else { 2149 } else {
2093 flow = random32() % pkt_dev->cflows; 2150 flow = random32() % pkt_dev->cflows;
2151 pkt_dev->curfl = flow;
2094 2152
2095 if (pkt_dev->flows[flow].count > pkt_dev->lflow) 2153 if (pkt_dev->flows[flow].count > pkt_dev->lflow) {
2096 pkt_dev->flows[flow].count = 0; 2154 pkt_dev->flows[flow].count = 0;
2155 pkt_dev->flows[flow].flags = 0;
2156 }
2097 } 2157 }
2098 2158
2099 return pkt_dev->curfl; 2159 return pkt_dev->curfl;
@@ -2125,7 +2185,11 @@ static void get_ipsec_sa(struct pktgen_dev *pkt_dev, int flow)
2125#endif 2185#endif
2126static void set_cur_queue_map(struct pktgen_dev *pkt_dev) 2186static void set_cur_queue_map(struct pktgen_dev *pkt_dev)
2127{ 2187{
2128 if (pkt_dev->queue_map_min < pkt_dev->queue_map_max) { 2188
2189 if (pkt_dev->flags & F_QUEUE_MAP_CPU)
2190 pkt_dev->cur_queue_map = smp_processor_id();
2191
2192 else if (pkt_dev->queue_map_min < pkt_dev->queue_map_max) {
2129 __u16 t; 2193 __u16 t;
2130 if (pkt_dev->flags & F_QUEUE_MAP_RND) { 2194 if (pkt_dev->flags & F_QUEUE_MAP_RND) {
2131 t = random32() % 2195 t = random32() %
@@ -2162,7 +2226,7 @@ static void mod_cur_headers(struct pktgen_dev *pkt_dev)
2162 mc = random32() % pkt_dev->src_mac_count; 2226 mc = random32() % pkt_dev->src_mac_count;
2163 else { 2227 else {
2164 mc = pkt_dev->cur_src_mac_offset++; 2228 mc = pkt_dev->cur_src_mac_offset++;
2165 if (pkt_dev->cur_src_mac_offset > 2229 if (pkt_dev->cur_src_mac_offset >=
2166 pkt_dev->src_mac_count) 2230 pkt_dev->src_mac_count)
2167 pkt_dev->cur_src_mac_offset = 0; 2231 pkt_dev->cur_src_mac_offset = 0;
2168 } 2232 }
@@ -2189,7 +2253,7 @@ static void mod_cur_headers(struct pktgen_dev *pkt_dev)
2189 2253
2190 else { 2254 else {
2191 mc = pkt_dev->cur_dst_mac_offset++; 2255 mc = pkt_dev->cur_dst_mac_offset++;
2192 if (pkt_dev->cur_dst_mac_offset > 2256 if (pkt_dev->cur_dst_mac_offset >=
2193 pkt_dev->dst_mac_count) { 2257 pkt_dev->dst_mac_count) {
2194 pkt_dev->cur_dst_mac_offset = 0; 2258 pkt_dev->cur_dst_mac_offset = 0;
2195 } 2259 }
@@ -3305,6 +3369,7 @@ static __inline__ void pktgen_xmit(struct pktgen_dev *pkt_dev)
3305 3369
3306 txq = netdev_get_tx_queue(odev, queue_map); 3370 txq = netdev_get_tx_queue(odev, queue_map);
3307 if (netif_tx_queue_stopped(txq) || 3371 if (netif_tx_queue_stopped(txq) ||
3372 netif_tx_queue_frozen(txq) ||
3308 need_resched()) { 3373 need_resched()) {
3309 idle_start = getCurUs(); 3374 idle_start = getCurUs();
3310 3375
@@ -3320,7 +3385,8 @@ static __inline__ void pktgen_xmit(struct pktgen_dev *pkt_dev)
3320 3385
3321 pkt_dev->idle_acc += getCurUs() - idle_start; 3386 pkt_dev->idle_acc += getCurUs() - idle_start;
3322 3387
3323 if (netif_tx_queue_stopped(txq)) { 3388 if (netif_tx_queue_stopped(txq) ||
3389 netif_tx_queue_frozen(txq)) {
3324 pkt_dev->next_tx_us = getCurUs(); /* TODO */ 3390 pkt_dev->next_tx_us = getCurUs(); /* TODO */
3325 pkt_dev->next_tx_ns = 0; 3391 pkt_dev->next_tx_ns = 0;
3326 goto out; /* Try the next interface */ 3392 goto out; /* Try the next interface */
@@ -3352,7 +3418,8 @@ static __inline__ void pktgen_xmit(struct pktgen_dev *pkt_dev)
3352 txq = netdev_get_tx_queue(odev, queue_map); 3418 txq = netdev_get_tx_queue(odev, queue_map);
3353 3419
3354 __netif_tx_lock_bh(txq); 3420 __netif_tx_lock_bh(txq);
3355 if (!netif_tx_queue_stopped(txq)) { 3421 if (!netif_tx_queue_stopped(txq) &&
3422 !netif_tx_queue_frozen(txq)) {
3356 3423
3357 atomic_inc(&(pkt_dev->skb->users)); 3424 atomic_inc(&(pkt_dev->skb->users));
3358 retry_now: 3425 retry_now:
diff --git a/net/core/request_sock.c b/net/core/request_sock.c
index 2d3035d3abd7..7552495aff7a 100644
--- a/net/core/request_sock.c
+++ b/net/core/request_sock.c
@@ -123,7 +123,7 @@ void reqsk_queue_destroy(struct request_sock_queue *queue)
123 } 123 }
124 } 124 }
125 125
126 BUG_TRAP(lopt->qlen == 0); 126 WARN_ON(lopt->qlen != 0);
127 if (lopt_size > PAGE_SIZE) 127 if (lopt_size > PAGE_SIZE)
128 vfree(lopt); 128 vfree(lopt);
129 else 129 else
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index e4115672b6cf..84640172d65d 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -485,6 +485,9 @@ static struct sk_buff *__skb_clone(struct sk_buff *n, struct sk_buff *skb)
485 C(head); 485 C(head);
486 C(data); 486 C(data);
487 C(truesize); 487 C(truesize);
488#if defined(CONFIG_MAC80211) || defined(CONFIG_MAC80211_MODULE)
489 C(do_not_encrypt);
490#endif
488 atomic_set(&n->users, 1); 491 atomic_set(&n->users, 1);
489 492
490 atomic_inc(&(skb_shinfo(skb)->dataref)); 493 atomic_inc(&(skb_shinfo(skb)->dataref));
@@ -1200,7 +1203,7 @@ int skb_copy_bits(const struct sk_buff *skb, int offset, void *to, int len)
1200 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) { 1203 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
1201 int end; 1204 int end;
1202 1205
1203 BUG_TRAP(start <= offset + len); 1206 WARN_ON(start > offset + len);
1204 1207
1205 end = start + skb_shinfo(skb)->frags[i].size; 1208 end = start + skb_shinfo(skb)->frags[i].size;
1206 if ((copy = end - offset) > 0) { 1209 if ((copy = end - offset) > 0) {
@@ -1229,7 +1232,7 @@ int skb_copy_bits(const struct sk_buff *skb, int offset, void *to, int len)
1229 for (; list; list = list->next) { 1232 for (; list; list = list->next) {
1230 int end; 1233 int end;
1231 1234
1232 BUG_TRAP(start <= offset + len); 1235 WARN_ON(start > offset + len);
1233 1236
1234 end = start + list->len; 1237 end = start + list->len;
1235 if ((copy = end - offset) > 0) { 1238 if ((copy = end - offset) > 0) {
@@ -1475,7 +1478,7 @@ int skb_store_bits(struct sk_buff *skb, int offset, const void *from, int len)
1475 skb_frag_t *frag = &skb_shinfo(skb)->frags[i]; 1478 skb_frag_t *frag = &skb_shinfo(skb)->frags[i];
1476 int end; 1479 int end;
1477 1480
1478 BUG_TRAP(start <= offset + len); 1481 WARN_ON(start > offset + len);
1479 1482
1480 end = start + frag->size; 1483 end = start + frag->size;
1481 if ((copy = end - offset) > 0) { 1484 if ((copy = end - offset) > 0) {
@@ -1503,7 +1506,7 @@ int skb_store_bits(struct sk_buff *skb, int offset, const void *from, int len)
1503 for (; list; list = list->next) { 1506 for (; list; list = list->next) {
1504 int end; 1507 int end;
1505 1508
1506 BUG_TRAP(start <= offset + len); 1509 WARN_ON(start > offset + len);
1507 1510
1508 end = start + list->len; 1511 end = start + list->len;
1509 if ((copy = end - offset) > 0) { 1512 if ((copy = end - offset) > 0) {
@@ -1552,7 +1555,7 @@ __wsum skb_checksum(const struct sk_buff *skb, int offset,
1552 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) { 1555 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
1553 int end; 1556 int end;
1554 1557
1555 BUG_TRAP(start <= offset + len); 1558 WARN_ON(start > offset + len);
1556 1559
1557 end = start + skb_shinfo(skb)->frags[i].size; 1560 end = start + skb_shinfo(skb)->frags[i].size;
1558 if ((copy = end - offset) > 0) { 1561 if ((copy = end - offset) > 0) {
@@ -1581,7 +1584,7 @@ __wsum skb_checksum(const struct sk_buff *skb, int offset,
1581 for (; list; list = list->next) { 1584 for (; list; list = list->next) {
1582 int end; 1585 int end;
1583 1586
1584 BUG_TRAP(start <= offset + len); 1587 WARN_ON(start > offset + len);
1585 1588
1586 end = start + list->len; 1589 end = start + list->len;
1587 if ((copy = end - offset) > 0) { 1590 if ((copy = end - offset) > 0) {
@@ -1629,7 +1632,7 @@ __wsum skb_copy_and_csum_bits(const struct sk_buff *skb, int offset,
1629 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) { 1632 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
1630 int end; 1633 int end;
1631 1634
1632 BUG_TRAP(start <= offset + len); 1635 WARN_ON(start > offset + len);
1633 1636
1634 end = start + skb_shinfo(skb)->frags[i].size; 1637 end = start + skb_shinfo(skb)->frags[i].size;
1635 if ((copy = end - offset) > 0) { 1638 if ((copy = end - offset) > 0) {
@@ -1662,7 +1665,7 @@ __wsum skb_copy_and_csum_bits(const struct sk_buff *skb, int offset,
1662 __wsum csum2; 1665 __wsum csum2;
1663 int end; 1666 int end;
1664 1667
1665 BUG_TRAP(start <= offset + len); 1668 WARN_ON(start > offset + len);
1666 1669
1667 end = start + list->len; 1670 end = start + list->len;
1668 if ((copy = end - offset) > 0) { 1671 if ((copy = end - offset) > 0) {
@@ -2373,7 +2376,7 @@ __skb_to_sgvec(struct sk_buff *skb, struct scatterlist *sg, int offset, int len)
2373 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) { 2376 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
2374 int end; 2377 int end;
2375 2378
2376 BUG_TRAP(start <= offset + len); 2379 WARN_ON(start > offset + len);
2377 2380
2378 end = start + skb_shinfo(skb)->frags[i].size; 2381 end = start + skb_shinfo(skb)->frags[i].size;
2379 if ((copy = end - offset) > 0) { 2382 if ((copy = end - offset) > 0) {
@@ -2397,7 +2400,7 @@ __skb_to_sgvec(struct sk_buff *skb, struct scatterlist *sg, int offset, int len)
2397 for (; list; list = list->next) { 2400 for (; list; list = list->next) {
2398 int end; 2401 int end;
2399 2402
2400 BUG_TRAP(start <= offset + len); 2403 WARN_ON(start > offset + len);
2401 2404
2402 end = start + list->len; 2405 end = start + list->len;
2403 if ((copy = end - offset) > 0) { 2406 if ((copy = end - offset) > 0) {
diff --git a/net/core/sock.c b/net/core/sock.c
index 10a64d57078c..91f8bbc93526 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -180,7 +180,7 @@ static const char *af_family_clock_key_strings[AF_MAX+1] = {
180 "clock-AF_ASH" , "clock-AF_ECONET" , "clock-AF_ATMSVC" , 180 "clock-AF_ASH" , "clock-AF_ECONET" , "clock-AF_ATMSVC" ,
181 "clock-21" , "clock-AF_SNA" , "clock-AF_IRDA" , 181 "clock-21" , "clock-AF_SNA" , "clock-AF_IRDA" ,
182 "clock-AF_PPPOX" , "clock-AF_WANPIPE" , "clock-AF_LLC" , 182 "clock-AF_PPPOX" , "clock-AF_WANPIPE" , "clock-AF_LLC" ,
183 "clock-27" , "clock-28" , "clock-29" , 183 "clock-27" , "clock-28" , "clock-AF_CAN" ,
184 "clock-AF_TIPC" , "clock-AF_BLUETOOTH", "clock-AF_IUCV" , 184 "clock-AF_TIPC" , "clock-AF_BLUETOOTH", "clock-AF_IUCV" ,
185 "clock-AF_RXRPC" , "clock-AF_MAX" 185 "clock-AF_RXRPC" , "clock-AF_MAX"
186}; 186};
diff --git a/net/core/stream.c b/net/core/stream.c
index 4a0ad152c9c4..a6b3437ff082 100644
--- a/net/core/stream.c
+++ b/net/core/stream.c
@@ -192,13 +192,13 @@ void sk_stream_kill_queues(struct sock *sk)
192 __skb_queue_purge(&sk->sk_error_queue); 192 __skb_queue_purge(&sk->sk_error_queue);
193 193
194 /* Next, the write queue. */ 194 /* Next, the write queue. */
195 BUG_TRAP(skb_queue_empty(&sk->sk_write_queue)); 195 WARN_ON(!skb_queue_empty(&sk->sk_write_queue));
196 196
197 /* Account for returned memory. */ 197 /* Account for returned memory. */
198 sk_mem_reclaim(sk); 198 sk_mem_reclaim(sk);
199 199
200 BUG_TRAP(!sk->sk_wmem_queued); 200 WARN_ON(sk->sk_wmem_queued);
201 BUG_TRAP(!sk->sk_forward_alloc); 201 WARN_ON(sk->sk_forward_alloc);
202 202
203 /* It is _impossible_ for the backlog to contain anything 203 /* It is _impossible_ for the backlog to contain anything
204 * when we get here. All user references to this socket 204 * when we get here. All user references to this socket
diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c
index a570e2af22cb..f686467ff12b 100644
--- a/net/core/sysctl_net_core.c
+++ b/net/core/sysctl_net_core.c
@@ -67,7 +67,7 @@ static struct ctl_table net_core_table[] = {
67 { 67 {
68 .ctl_name = NET_CORE_MSG_COST, 68 .ctl_name = NET_CORE_MSG_COST,
69 .procname = "message_cost", 69 .procname = "message_cost",
70 .data = &net_msg_cost, 70 .data = &net_ratelimit_state.interval,
71 .maxlen = sizeof(int), 71 .maxlen = sizeof(int),
72 .mode = 0644, 72 .mode = 0644,
73 .proc_handler = &proc_dointvec_jiffies, 73 .proc_handler = &proc_dointvec_jiffies,
@@ -76,7 +76,7 @@ static struct ctl_table net_core_table[] = {
76 { 76 {
77 .ctl_name = NET_CORE_MSG_BURST, 77 .ctl_name = NET_CORE_MSG_BURST,
78 .procname = "message_burst", 78 .procname = "message_burst",
79 .data = &net_msg_burst, 79 .data = &net_ratelimit_state.burst,
80 .maxlen = sizeof(int), 80 .maxlen = sizeof(int),
81 .mode = 0644, 81 .mode = 0644,
82 .proc_handler = &proc_dointvec, 82 .proc_handler = &proc_dointvec,
diff --git a/net/core/user_dma.c b/net/core/user_dma.c
index c77aff9c6eb3..164b090d5ac3 100644
--- a/net/core/user_dma.c
+++ b/net/core/user_dma.c
@@ -27,13 +27,13 @@
27 27
28#include <linux/dmaengine.h> 28#include <linux/dmaengine.h>
29#include <linux/socket.h> 29#include <linux/socket.h>
30#include <linux/rtnetlink.h> /* for BUG_TRAP */
31#include <net/tcp.h> 30#include <net/tcp.h>
32#include <net/netdma.h> 31#include <net/netdma.h>
33 32
34#define NET_DMA_DEFAULT_COPYBREAK 4096 33#define NET_DMA_DEFAULT_COPYBREAK 4096
35 34
36int sysctl_tcp_dma_copybreak = NET_DMA_DEFAULT_COPYBREAK; 35int sysctl_tcp_dma_copybreak = NET_DMA_DEFAULT_COPYBREAK;
36EXPORT_SYMBOL(sysctl_tcp_dma_copybreak);
37 37
38/** 38/**
39 * dma_skb_copy_datagram_iovec - Copy a datagram to an iovec. 39 * dma_skb_copy_datagram_iovec - Copy a datagram to an iovec.
@@ -71,7 +71,7 @@ int dma_skb_copy_datagram_iovec(struct dma_chan *chan,
71 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) { 71 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
72 int end; 72 int end;
73 73
74 BUG_TRAP(start <= offset + len); 74 WARN_ON(start > offset + len);
75 75
76 end = start + skb_shinfo(skb)->frags[i].size; 76 end = start + skb_shinfo(skb)->frags[i].size;
77 copy = end - offset; 77 copy = end - offset;
@@ -100,7 +100,7 @@ int dma_skb_copy_datagram_iovec(struct dma_chan *chan,
100 for (; list; list = list->next) { 100 for (; list; list = list->next) {
101 int end; 101 int end;
102 102
103 BUG_TRAP(start <= offset + len); 103 WARN_ON(start > offset + len);
104 104
105 end = start + list->len; 105 end = start + list->len;
106 copy = end - offset; 106 copy = end - offset;
diff --git a/net/core/utils.c b/net/core/utils.c
index 8031eb59054e..72e0ebe964a0 100644
--- a/net/core/utils.c
+++ b/net/core/utils.c
@@ -31,17 +31,16 @@
31#include <asm/system.h> 31#include <asm/system.h>
32#include <asm/uaccess.h> 32#include <asm/uaccess.h>
33 33
34int net_msg_cost __read_mostly = 5*HZ;
35int net_msg_burst __read_mostly = 10;
36int net_msg_warn __read_mostly = 1; 34int net_msg_warn __read_mostly = 1;
37EXPORT_SYMBOL(net_msg_warn); 35EXPORT_SYMBOL(net_msg_warn);
38 36
37DEFINE_RATELIMIT_STATE(net_ratelimit_state, 5 * HZ, 10);
39/* 38/*
40 * All net warning printk()s should be guarded by this function. 39 * All net warning printk()s should be guarded by this function.
41 */ 40 */
42int net_ratelimit(void) 41int net_ratelimit(void)
43{ 42{
44 return __printk_ratelimit(net_msg_cost, net_msg_burst); 43 return __ratelimit(&net_ratelimit_state);
45} 44}
46EXPORT_SYMBOL(net_ratelimit); 45EXPORT_SYMBOL(net_ratelimit);
47 46
diff --git a/net/dccp/dccp.h b/net/dccp/dccp.h
index 32617e0576cb..b4bc6e095a0e 100644
--- a/net/dccp/dccp.h
+++ b/net/dccp/dccp.h
@@ -164,7 +164,7 @@ static inline bool dccp_loss_free(const u64 s1, const u64 s2, const u64 ndp)
164{ 164{
165 s64 delta = dccp_delta_seqno(s1, s2); 165 s64 delta = dccp_delta_seqno(s1, s2);
166 166
167 BUG_TRAP(delta >= 0); 167 WARN_ON(delta < 0);
168 return (u64)delta <= ndp + 1; 168 return (u64)delta <= ndp + 1;
169} 169}
170 170
@@ -226,10 +226,11 @@ static inline void dccp_csum_outgoing(struct sk_buff *skb)
226 226
227extern void dccp_v4_send_check(struct sock *sk, int len, struct sk_buff *skb); 227extern void dccp_v4_send_check(struct sock *sk, int len, struct sk_buff *skb);
228 228
229extern int dccp_retransmit_skb(struct sock *sk, struct sk_buff *skb); 229extern int dccp_retransmit_skb(struct sock *sk);
230 230
231extern void dccp_send_ack(struct sock *sk); 231extern void dccp_send_ack(struct sock *sk);
232extern void dccp_reqsk_send_ack(struct sk_buff *sk, struct request_sock *rsk); 232extern void dccp_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
233 struct request_sock *rsk);
233 234
234extern void dccp_send_sync(struct sock *sk, const u64 seq, 235extern void dccp_send_sync(struct sock *sk, const u64 seq,
235 const enum dccp_pkt_type pkt_type); 236 const enum dccp_pkt_type pkt_type);
diff --git a/net/dccp/input.c b/net/dccp/input.c
index 08392ed86c25..df2f110df94a 100644
--- a/net/dccp/input.c
+++ b/net/dccp/input.c
@@ -413,7 +413,7 @@ static int dccp_rcv_request_sent_state_process(struct sock *sk,
413 413
414 /* Stop the REQUEST timer */ 414 /* Stop the REQUEST timer */
415 inet_csk_clear_xmit_timer(sk, ICSK_TIME_RETRANS); 415 inet_csk_clear_xmit_timer(sk, ICSK_TIME_RETRANS);
416 BUG_TRAP(sk->sk_send_head != NULL); 416 WARN_ON(sk->sk_send_head == NULL);
417 __kfree_skb(sk->sk_send_head); 417 __kfree_skb(sk->sk_send_head);
418 sk->sk_send_head = NULL; 418 sk->sk_send_head = NULL;
419 419
diff --git a/net/dccp/ipv4.c b/net/dccp/ipv4.c
index 2622ace17c46..882c5c4de69e 100644
--- a/net/dccp/ipv4.c
+++ b/net/dccp/ipv4.c
@@ -196,8 +196,8 @@ static inline void dccp_do_pmtu_discovery(struct sock *sk,
196static void dccp_v4_err(struct sk_buff *skb, u32 info) 196static void dccp_v4_err(struct sk_buff *skb, u32 info)
197{ 197{
198 const struct iphdr *iph = (struct iphdr *)skb->data; 198 const struct iphdr *iph = (struct iphdr *)skb->data;
199 const struct dccp_hdr *dh = (struct dccp_hdr *)(skb->data + 199 const u8 offset = iph->ihl << 2;
200 (iph->ihl << 2)); 200 const struct dccp_hdr *dh = (struct dccp_hdr *)(skb->data + offset);
201 struct dccp_sock *dp; 201 struct dccp_sock *dp;
202 struct inet_sock *inet; 202 struct inet_sock *inet;
203 const int type = icmp_hdr(skb)->type; 203 const int type = icmp_hdr(skb)->type;
@@ -207,7 +207,8 @@ static void dccp_v4_err(struct sk_buff *skb, u32 info)
207 int err; 207 int err;
208 struct net *net = dev_net(skb->dev); 208 struct net *net = dev_net(skb->dev);
209 209
210 if (skb->len < (iph->ihl << 2) + 8) { 210 if (skb->len < offset + sizeof(*dh) ||
211 skb->len < offset + __dccp_basic_hdr_len(dh)) {
211 ICMP_INC_STATS_BH(net, ICMP_MIB_INERRORS); 212 ICMP_INC_STATS_BH(net, ICMP_MIB_INERRORS);
212 return; 213 return;
213 } 214 }
@@ -238,7 +239,7 @@ static void dccp_v4_err(struct sk_buff *skb, u32 info)
238 dp = dccp_sk(sk); 239 dp = dccp_sk(sk);
239 seq = dccp_hdr_seq(dh); 240 seq = dccp_hdr_seq(dh);
240 if ((1 << sk->sk_state) & ~(DCCPF_REQUESTING | DCCPF_LISTEN) && 241 if ((1 << sk->sk_state) & ~(DCCPF_REQUESTING | DCCPF_LISTEN) &&
241 !between48(seq, dp->dccps_swl, dp->dccps_swh)) { 242 !between48(seq, dp->dccps_awl, dp->dccps_awh)) {
242 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS); 243 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
243 goto out; 244 goto out;
244 } 245 }
@@ -283,7 +284,7 @@ static void dccp_v4_err(struct sk_buff *skb, u32 info)
283 * ICMPs are not backlogged, hence we cannot get an established 284 * ICMPs are not backlogged, hence we cannot get an established
284 * socket here. 285 * socket here.
285 */ 286 */
286 BUG_TRAP(!req->sk); 287 WARN_ON(req->sk);
287 288
288 if (seq != dccp_rsk(req)->dreq_iss) { 289 if (seq != dccp_rsk(req)->dreq_iss) {
289 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS); 290 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
diff --git a/net/dccp/ipv6.c b/net/dccp/ipv6.c
index b74e8b2cbe55..5e1ee0da2c40 100644
--- a/net/dccp/ipv6.c
+++ b/net/dccp/ipv6.c
@@ -89,12 +89,19 @@ static void dccp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
89{ 89{
90 struct ipv6hdr *hdr = (struct ipv6hdr *)skb->data; 90 struct ipv6hdr *hdr = (struct ipv6hdr *)skb->data;
91 const struct dccp_hdr *dh = (struct dccp_hdr *)(skb->data + offset); 91 const struct dccp_hdr *dh = (struct dccp_hdr *)(skb->data + offset);
92 struct dccp_sock *dp;
92 struct ipv6_pinfo *np; 93 struct ipv6_pinfo *np;
93 struct sock *sk; 94 struct sock *sk;
94 int err; 95 int err;
95 __u64 seq; 96 __u64 seq;
96 struct net *net = dev_net(skb->dev); 97 struct net *net = dev_net(skb->dev);
97 98
99 if (skb->len < offset + sizeof(*dh) ||
100 skb->len < offset + __dccp_basic_hdr_len(dh)) {
101 ICMP6_INC_STATS_BH(__in6_dev_get(skb->dev), ICMP6_MIB_INERRORS);
102 return;
103 }
104
98 sk = inet6_lookup(net, &dccp_hashinfo, 105 sk = inet6_lookup(net, &dccp_hashinfo,
99 &hdr->daddr, dh->dccph_dport, 106 &hdr->daddr, dh->dccph_dport,
100 &hdr->saddr, dh->dccph_sport, inet6_iif(skb)); 107 &hdr->saddr, dh->dccph_sport, inet6_iif(skb));
@@ -116,6 +123,14 @@ static void dccp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
116 if (sk->sk_state == DCCP_CLOSED) 123 if (sk->sk_state == DCCP_CLOSED)
117 goto out; 124 goto out;
118 125
126 dp = dccp_sk(sk);
127 seq = dccp_hdr_seq(dh);
128 if ((1 << sk->sk_state) & ~(DCCPF_REQUESTING | DCCPF_LISTEN) &&
129 !between48(seq, dp->dccps_awl, dp->dccps_awh)) {
130 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
131 goto out;
132 }
133
119 np = inet6_sk(sk); 134 np = inet6_sk(sk);
120 135
121 if (type == ICMPV6_PKT_TOOBIG) { 136 if (type == ICMPV6_PKT_TOOBIG) {
@@ -168,7 +183,6 @@ static void dccp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
168 183
169 icmpv6_err_convert(type, code, &err); 184 icmpv6_err_convert(type, code, &err);
170 185
171 seq = dccp_hdr_seq(dh);
172 /* Might be for an request_sock */ 186 /* Might be for an request_sock */
173 switch (sk->sk_state) { 187 switch (sk->sk_state) {
174 struct request_sock *req, **prev; 188 struct request_sock *req, **prev;
@@ -186,7 +200,7 @@ static void dccp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
186 * ICMPs are not backlogged, hence we cannot get an established 200 * ICMPs are not backlogged, hence we cannot get an established
187 * socket here. 201 * socket here.
188 */ 202 */
189 BUG_TRAP(req->sk == NULL); 203 WARN_ON(req->sk != NULL);
190 204
191 if (seq != dccp_rsk(req)->dreq_iss) { 205 if (seq != dccp_rsk(req)->dreq_iss) {
192 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS); 206 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
diff --git a/net/dccp/minisocks.c b/net/dccp/minisocks.c
index 66dca5bba858..b2804e2d1b8c 100644
--- a/net/dccp/minisocks.c
+++ b/net/dccp/minisocks.c
@@ -296,7 +296,8 @@ int dccp_child_process(struct sock *parent, struct sock *child,
296 296
297EXPORT_SYMBOL_GPL(dccp_child_process); 297EXPORT_SYMBOL_GPL(dccp_child_process);
298 298
299void dccp_reqsk_send_ack(struct sk_buff *skb, struct request_sock *rsk) 299void dccp_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
300 struct request_sock *rsk)
300{ 301{
301 DCCP_BUG("DCCP-ACK packets are never sent in LISTEN/RESPOND state"); 302 DCCP_BUG("DCCP-ACK packets are never sent in LISTEN/RESPOND state");
302} 303}
diff --git a/net/dccp/output.c b/net/dccp/output.c
index fe20068c5d8e..d06945c7d3df 100644
--- a/net/dccp/output.c
+++ b/net/dccp/output.c
@@ -53,8 +53,11 @@ static int dccp_transmit_skb(struct sock *sk, struct sk_buff *skb)
53 dccp_packet_hdr_len(dcb->dccpd_type); 53 dccp_packet_hdr_len(dcb->dccpd_type);
54 int err, set_ack = 1; 54 int err, set_ack = 1;
55 u64 ackno = dp->dccps_gsr; 55 u64 ackno = dp->dccps_gsr;
56 56 /*
57 dccp_inc_seqno(&dp->dccps_gss); 57 * Increment GSS here already in case the option code needs it.
58 * Update GSS for real only if option processing below succeeds.
59 */
60 dcb->dccpd_seq = ADD48(dp->dccps_gss, 1);
58 61
59 switch (dcb->dccpd_type) { 62 switch (dcb->dccpd_type) {
60 case DCCP_PKT_DATA: 63 case DCCP_PKT_DATA:
@@ -66,6 +69,9 @@ static int dccp_transmit_skb(struct sock *sk, struct sk_buff *skb)
66 69
67 case DCCP_PKT_REQUEST: 70 case DCCP_PKT_REQUEST:
68 set_ack = 0; 71 set_ack = 0;
72 /* Use ISS on the first (non-retransmitted) Request. */
73 if (icsk->icsk_retransmits == 0)
74 dcb->dccpd_seq = dp->dccps_iss;
69 /* fall through */ 75 /* fall through */
70 76
71 case DCCP_PKT_SYNC: 77 case DCCP_PKT_SYNC:
@@ -84,8 +90,6 @@ static int dccp_transmit_skb(struct sock *sk, struct sk_buff *skb)
84 break; 90 break;
85 } 91 }
86 92
87 dcb->dccpd_seq = dp->dccps_gss;
88
89 if (dccp_insert_options(sk, skb)) { 93 if (dccp_insert_options(sk, skb)) {
90 kfree_skb(skb); 94 kfree_skb(skb);
91 return -EPROTO; 95 return -EPROTO;
@@ -103,7 +107,7 @@ static int dccp_transmit_skb(struct sock *sk, struct sk_buff *skb)
103 /* XXX For now we're using only 48 bits sequence numbers */ 107 /* XXX For now we're using only 48 bits sequence numbers */
104 dh->dccph_x = 1; 108 dh->dccph_x = 1;
105 109
106 dp->dccps_awh = dp->dccps_gss; 110 dccp_update_gss(sk, dcb->dccpd_seq);
107 dccp_hdr_set_seq(dh, dp->dccps_gss); 111 dccp_hdr_set_seq(dh, dp->dccps_gss);
108 if (set_ack) 112 if (set_ack)
109 dccp_hdr_set_ack(dccp_hdr_ack_bits(skb), ackno); 113 dccp_hdr_set_ack(dccp_hdr_ack_bits(skb), ackno);
@@ -112,6 +116,11 @@ static int dccp_transmit_skb(struct sock *sk, struct sk_buff *skb)
112 case DCCP_PKT_REQUEST: 116 case DCCP_PKT_REQUEST:
113 dccp_hdr_request(skb)->dccph_req_service = 117 dccp_hdr_request(skb)->dccph_req_service =
114 dp->dccps_service; 118 dp->dccps_service;
119 /*
120 * Limit Ack window to ISS <= P.ackno <= GSS, so that
121 * only Responses to Requests we sent are considered.
122 */
123 dp->dccps_awl = dp->dccps_iss;
115 break; 124 break;
116 case DCCP_PKT_RESET: 125 case DCCP_PKT_RESET:
117 dccp_hdr_reset(skb)->dccph_reset_code = 126 dccp_hdr_reset(skb)->dccph_reset_code =
@@ -284,14 +293,26 @@ void dccp_write_xmit(struct sock *sk, int block)
284 } 293 }
285} 294}
286 295
287int dccp_retransmit_skb(struct sock *sk, struct sk_buff *skb) 296/**
297 * dccp_retransmit_skb - Retransmit Request, Close, or CloseReq packets
298 * There are only four retransmittable packet types in DCCP:
299 * - Request in client-REQUEST state (sec. 8.1.1),
300 * - CloseReq in server-CLOSEREQ state (sec. 8.3),
301 * - Close in node-CLOSING state (sec. 8.3),
302 * - Acks in client-PARTOPEN state (sec. 8.1.5, handled by dccp_delack_timer()).
303 * This function expects sk->sk_send_head to contain the original skb.
304 */
305int dccp_retransmit_skb(struct sock *sk)
288{ 306{
307 WARN_ON(sk->sk_send_head == NULL);
308
289 if (inet_csk(sk)->icsk_af_ops->rebuild_header(sk) != 0) 309 if (inet_csk(sk)->icsk_af_ops->rebuild_header(sk) != 0)
290 return -EHOSTUNREACH; /* Routing failure or similar. */ 310 return -EHOSTUNREACH; /* Routing failure or similar. */
291 311
292 return dccp_transmit_skb(sk, (skb_cloned(skb) ? 312 /* this count is used to distinguish original and retransmitted skb */
293 pskb_copy(skb, GFP_ATOMIC): 313 inet_csk(sk)->icsk_retransmits++;
294 skb_clone(skb, GFP_ATOMIC))); 314
315 return dccp_transmit_skb(sk, skb_clone(sk->sk_send_head, GFP_ATOMIC));
295} 316}
296 317
297struct sk_buff *dccp_make_response(struct sock *sk, struct dst_entry *dst, 318struct sk_buff *dccp_make_response(struct sock *sk, struct dst_entry *dst,
@@ -437,19 +458,7 @@ static inline void dccp_connect_init(struct sock *sk)
437 458
438 dccp_sync_mss(sk, dst_mtu(dst)); 459 dccp_sync_mss(sk, dst_mtu(dst));
439 460
440 /* 461 /* Initialise GAR as per 8.5; AWL/AWH are set in dccp_transmit_skb() */
441 * SWL and AWL are initially adjusted so that they are not less than
442 * the initial Sequence Numbers received and sent, respectively:
443 * SWL := max(GSR + 1 - floor(W/4), ISR),
444 * AWL := max(GSS - W' + 1, ISS).
445 * These adjustments MUST be applied only at the beginning of the
446 * connection.
447 */
448 dccp_update_gss(sk, dp->dccps_iss);
449 dccp_set_seqno(&dp->dccps_awl, max48(dp->dccps_awl, dp->dccps_iss));
450
451 /* S.GAR - greatest valid acknowledgement number received on a non-Sync;
452 * initialized to S.ISS (sec. 8.5) */
453 dp->dccps_gar = dp->dccps_iss; 462 dp->dccps_gar = dp->dccps_iss;
454 463
455 icsk->icsk_retransmits = 0; 464 icsk->icsk_retransmits = 0;
diff --git a/net/dccp/proto.c b/net/dccp/proto.c
index a0b56009611f..1ca3b26eed0f 100644
--- a/net/dccp/proto.c
+++ b/net/dccp/proto.c
@@ -327,7 +327,7 @@ int dccp_disconnect(struct sock *sk, int flags)
327 inet_csk_delack_init(sk); 327 inet_csk_delack_init(sk);
328 __sk_dst_reset(sk); 328 __sk_dst_reset(sk);
329 329
330 BUG_TRAP(!inet->num || icsk->icsk_bind_hash); 330 WARN_ON(inet->num && !icsk->icsk_bind_hash);
331 331
332 sk->sk_error_report(sk); 332 sk->sk_error_report(sk);
333 return err; 333 return err;
@@ -474,6 +474,11 @@ static int dccp_setsockopt_change(struct sock *sk, int type,
474 474
475 if (copy_from_user(&opt, optval, sizeof(opt))) 475 if (copy_from_user(&opt, optval, sizeof(opt)))
476 return -EFAULT; 476 return -EFAULT;
477 /*
478 * rfc4340: 6.1. Change Options
479 */
480 if (opt.dccpsf_len < 1)
481 return -EINVAL;
477 482
478 val = kmalloc(opt.dccpsf_len, GFP_KERNEL); 483 val = kmalloc(opt.dccpsf_len, GFP_KERNEL);
479 if (!val) 484 if (!val)
@@ -981,7 +986,7 @@ adjudge_to_death:
981 */ 986 */
982 local_bh_disable(); 987 local_bh_disable();
983 bh_lock_sock(sk); 988 bh_lock_sock(sk);
984 BUG_TRAP(!sock_owned_by_user(sk)); 989 WARN_ON(sock_owned_by_user(sk));
985 990
986 /* Have we already been destroyed by a softirq or backlog? */ 991 /* Have we already been destroyed by a softirq or backlog? */
987 if (state != DCCP_CLOSED && sk->sk_state == DCCP_CLOSED) 992 if (state != DCCP_CLOSED && sk->sk_state == DCCP_CLOSED)
diff --git a/net/dccp/timer.c b/net/dccp/timer.c
index 3608d5342ca2..54b3c7e9e016 100644
--- a/net/dccp/timer.c
+++ b/net/dccp/timer.c
@@ -99,21 +99,11 @@ static void dccp_retransmit_timer(struct sock *sk)
99 } 99 }
100 100
101 /* 101 /*
102 * sk->sk_send_head has to have one skb with
103 * DCCP_SKB_CB(skb)->dccpd_type set to one of the retransmittable DCCP
104 * packet types. The only packets eligible for retransmission are:
105 * -- Requests in client-REQUEST state (sec. 8.1.1)
106 * -- Acks in client-PARTOPEN state (sec. 8.1.5)
107 * -- CloseReq in server-CLOSEREQ state (sec. 8.3)
108 * -- Close in node-CLOSING state (sec. 8.3) */
109 BUG_TRAP(sk->sk_send_head != NULL);
110
111 /*
112 * More than than 4MSL (8 minutes) has passed, a RESET(aborted) was 102 * More than than 4MSL (8 minutes) has passed, a RESET(aborted) was
113 * sent, no need to retransmit, this sock is dead. 103 * sent, no need to retransmit, this sock is dead.
114 */ 104 */
115 if (dccp_write_timeout(sk)) 105 if (dccp_write_timeout(sk))
116 goto out; 106 return;
117 107
118 /* 108 /*
119 * We want to know the number of packets retransmitted, not the 109 * We want to know the number of packets retransmitted, not the
@@ -122,30 +112,28 @@ static void dccp_retransmit_timer(struct sock *sk)
122 if (icsk->icsk_retransmits == 0) 112 if (icsk->icsk_retransmits == 0)
123 DCCP_INC_STATS_BH(DCCP_MIB_TIMEOUTS); 113 DCCP_INC_STATS_BH(DCCP_MIB_TIMEOUTS);
124 114
125 if (dccp_retransmit_skb(sk, sk->sk_send_head) < 0) { 115 if (dccp_retransmit_skb(sk) != 0) {
126 /* 116 /*
127 * Retransmission failed because of local congestion, 117 * Retransmission failed because of local congestion,
128 * do not backoff. 118 * do not backoff.
129 */ 119 */
130 if (icsk->icsk_retransmits == 0) 120 if (--icsk->icsk_retransmits == 0)
131 icsk->icsk_retransmits = 1; 121 icsk->icsk_retransmits = 1;
132 inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS, 122 inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS,
133 min(icsk->icsk_rto, 123 min(icsk->icsk_rto,
134 TCP_RESOURCE_PROBE_INTERVAL), 124 TCP_RESOURCE_PROBE_INTERVAL),
135 DCCP_RTO_MAX); 125 DCCP_RTO_MAX);
136 goto out; 126 return;
137 } 127 }
138 128
139backoff: 129backoff:
140 icsk->icsk_backoff++; 130 icsk->icsk_backoff++;
141 icsk->icsk_retransmits++;
142 131
143 icsk->icsk_rto = min(icsk->icsk_rto << 1, DCCP_RTO_MAX); 132 icsk->icsk_rto = min(icsk->icsk_rto << 1, DCCP_RTO_MAX);
144 inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS, icsk->icsk_rto, 133 inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS, icsk->icsk_rto,
145 DCCP_RTO_MAX); 134 DCCP_RTO_MAX);
146 if (icsk->icsk_retransmits > sysctl_dccp_retries1) 135 if (icsk->icsk_retransmits > sysctl_dccp_retries1)
147 __sk_dst_reset(sk); 136 __sk_dst_reset(sk);
148out:;
149} 137}
150 138
151static void dccp_write_timer(unsigned long data) 139static void dccp_write_timer(unsigned long data)
diff --git a/net/ipv4/Kconfig b/net/ipv4/Kconfig
index 4670683b4688..591ea23639ca 100644
--- a/net/ipv4/Kconfig
+++ b/net/ipv4/Kconfig
@@ -356,10 +356,8 @@ config INET_ESP
356 356
357config INET_IPCOMP 357config INET_IPCOMP
358 tristate "IP: IPComp transformation" 358 tristate "IP: IPComp transformation"
359 select XFRM
360 select INET_XFRM_TUNNEL 359 select INET_XFRM_TUNNEL
361 select CRYPTO 360 select XFRM_IPCOMP
362 select CRYPTO_DEFLATE
363 ---help--- 361 ---help---
364 Support for IP Payload Compression Protocol (IPComp) (RFC3173), 362 Support for IP Payload Compression Protocol (IPComp) (RFC3173),
365 typically needed for IPsec. 363 typically needed for IPsec.
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index dd919d84285f..8a3ac1fa71a9 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -148,10 +148,10 @@ void inet_sock_destruct(struct sock *sk)
148 return; 148 return;
149 } 149 }
150 150
151 BUG_TRAP(!atomic_read(&sk->sk_rmem_alloc)); 151 WARN_ON(atomic_read(&sk->sk_rmem_alloc));
152 BUG_TRAP(!atomic_read(&sk->sk_wmem_alloc)); 152 WARN_ON(atomic_read(&sk->sk_wmem_alloc));
153 BUG_TRAP(!sk->sk_wmem_queued); 153 WARN_ON(sk->sk_wmem_queued);
154 BUG_TRAP(!sk->sk_forward_alloc); 154 WARN_ON(sk->sk_forward_alloc);
155 155
156 kfree(inet->opt); 156 kfree(inet->opt);
157 dst_release(sk->sk_dst_cache); 157 dst_release(sk->sk_dst_cache);
@@ -264,7 +264,6 @@ static inline int inet_netns_ok(struct net *net, int protocol)
264static int inet_create(struct net *net, struct socket *sock, int protocol) 264static int inet_create(struct net *net, struct socket *sock, int protocol)
265{ 265{
266 struct sock *sk; 266 struct sock *sk;
267 struct list_head *p;
268 struct inet_protosw *answer; 267 struct inet_protosw *answer;
269 struct inet_sock *inet; 268 struct inet_sock *inet;
270 struct proto *answer_prot; 269 struct proto *answer_prot;
@@ -281,13 +280,12 @@ static int inet_create(struct net *net, struct socket *sock, int protocol)
281 sock->state = SS_UNCONNECTED; 280 sock->state = SS_UNCONNECTED;
282 281
283 /* Look for the requested type/protocol pair. */ 282 /* Look for the requested type/protocol pair. */
284 answer = NULL;
285lookup_protocol: 283lookup_protocol:
286 err = -ESOCKTNOSUPPORT; 284 err = -ESOCKTNOSUPPORT;
287 rcu_read_lock(); 285 rcu_read_lock();
288 list_for_each_rcu(p, &inetsw[sock->type]) { 286 list_for_each_entry_rcu(answer, &inetsw[sock->type], list) {
289 answer = list_entry(p, struct inet_protosw, list);
290 287
288 err = 0;
291 /* Check the non-wild match. */ 289 /* Check the non-wild match. */
292 if (protocol == answer->protocol) { 290 if (protocol == answer->protocol) {
293 if (protocol != IPPROTO_IP) 291 if (protocol != IPPROTO_IP)
@@ -302,10 +300,9 @@ lookup_protocol:
302 break; 300 break;
303 } 301 }
304 err = -EPROTONOSUPPORT; 302 err = -EPROTONOSUPPORT;
305 answer = NULL;
306 } 303 }
307 304
308 if (unlikely(answer == NULL)) { 305 if (unlikely(err)) {
309 if (try_loading_module < 2) { 306 if (try_loading_module < 2) {
310 rcu_read_unlock(); 307 rcu_read_unlock();
311 /* 308 /*
@@ -341,7 +338,7 @@ lookup_protocol:
341 answer_flags = answer->flags; 338 answer_flags = answer->flags;
342 rcu_read_unlock(); 339 rcu_read_unlock();
343 340
344 BUG_TRAP(answer_prot->slab != NULL); 341 WARN_ON(answer_prot->slab == NULL);
345 342
346 err = -ENOBUFS; 343 err = -ENOBUFS;
347 sk = sk_alloc(net, PF_INET, GFP_KERNEL, answer_prot); 344 sk = sk_alloc(net, PF_INET, GFP_KERNEL, answer_prot);
@@ -661,8 +658,8 @@ int inet_accept(struct socket *sock, struct socket *newsock, int flags)
661 658
662 lock_sock(sk2); 659 lock_sock(sk2);
663 660
664 BUG_TRAP((1 << sk2->sk_state) & 661 WARN_ON(!((1 << sk2->sk_state) &
665 (TCPF_ESTABLISHED | TCPF_CLOSE_WAIT | TCPF_CLOSE)); 662 (TCPF_ESTABLISHED | TCPF_CLOSE_WAIT | TCPF_CLOSE)));
666 663
667 sock_graft(sk2, newsock); 664 sock_graft(sk2, newsock);
668 665
@@ -1442,6 +1439,10 @@ static int __init inet_init(void)
1442 1439
1443 (void)sock_register(&inet_family_ops); 1440 (void)sock_register(&inet_family_ops);
1444 1441
1442#ifdef CONFIG_SYSCTL
1443 ip_static_sysctl_init();
1444#endif
1445
1445 /* 1446 /*
1446 * Add all the base protocols. 1447 * Add all the base protocols.
1447 */ 1448 */
diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
index 2e667e2f90df..91d3d96805d0 100644
--- a/net/ipv4/devinet.c
+++ b/net/ipv4/devinet.c
@@ -138,8 +138,8 @@ void in_dev_finish_destroy(struct in_device *idev)
138{ 138{
139 struct net_device *dev = idev->dev; 139 struct net_device *dev = idev->dev;
140 140
141 BUG_TRAP(!idev->ifa_list); 141 WARN_ON(idev->ifa_list);
142 BUG_TRAP(!idev->mc_list); 142 WARN_ON(idev->mc_list);
143#ifdef NET_REFCNT_DEBUG 143#ifdef NET_REFCNT_DEBUG
144 printk(KERN_DEBUG "in_dev_finish_destroy: %p=%s\n", 144 printk(KERN_DEBUG "in_dev_finish_destroy: %p=%s\n",
145 idev, dev ? dev->name : "NIL"); 145 idev, dev ? dev->name : "NIL");
@@ -399,7 +399,7 @@ static int inet_set_ifa(struct net_device *dev, struct in_ifaddr *ifa)
399 } 399 }
400 ipv4_devconf_setall(in_dev); 400 ipv4_devconf_setall(in_dev);
401 if (ifa->ifa_dev != in_dev) { 401 if (ifa->ifa_dev != in_dev) {
402 BUG_TRAP(!ifa->ifa_dev); 402 WARN_ON(ifa->ifa_dev);
403 in_dev_hold(in_dev); 403 in_dev_hold(in_dev);
404 ifa->ifa_dev = in_dev; 404 ifa->ifa_dev = in_dev;
405 } 405 }
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
index 4e73e5708e70..21515d4c49eb 100644
--- a/net/ipv4/esp4.c
+++ b/net/ipv4/esp4.c
@@ -575,7 +575,7 @@ static int esp_init_state(struct xfrm_state *x)
575 crypto_aead_ivsize(aead); 575 crypto_aead_ivsize(aead);
576 if (x->props.mode == XFRM_MODE_TUNNEL) 576 if (x->props.mode == XFRM_MODE_TUNNEL)
577 x->props.header_len += sizeof(struct iphdr); 577 x->props.header_len += sizeof(struct iphdr);
578 else if (x->props.mode == XFRM_MODE_BEET) 578 else if (x->props.mode == XFRM_MODE_BEET && x->sel.family != AF_INET6)
579 x->props.header_len += IPV4_BEET_PHMAXLEN; 579 x->props.header_len += IPV4_BEET_PHMAXLEN;
580 if (x->encap) { 580 if (x->encap) {
581 struct xfrm_encap_tmpl *encap = x->encap; 581 struct xfrm_encap_tmpl *encap = x->encap;
diff --git a/net/ipv4/igmp.c b/net/ipv4/igmp.c
index 6203ece53606..f70fac612596 100644
--- a/net/ipv4/igmp.c
+++ b/net/ipv4/igmp.c
@@ -289,6 +289,7 @@ static struct sk_buff *igmpv3_newpack(struct net_device *dev, int size)
289 struct rtable *rt; 289 struct rtable *rt;
290 struct iphdr *pip; 290 struct iphdr *pip;
291 struct igmpv3_report *pig; 291 struct igmpv3_report *pig;
292 struct net *net = dev_net(dev);
292 293
293 skb = alloc_skb(size + LL_ALLOCATED_SPACE(dev), GFP_ATOMIC); 294 skb = alloc_skb(size + LL_ALLOCATED_SPACE(dev), GFP_ATOMIC);
294 if (skb == NULL) 295 if (skb == NULL)
@@ -299,7 +300,7 @@ static struct sk_buff *igmpv3_newpack(struct net_device *dev, int size)
299 .nl_u = { .ip4_u = { 300 .nl_u = { .ip4_u = {
300 .daddr = IGMPV3_ALL_MCR } }, 301 .daddr = IGMPV3_ALL_MCR } },
301 .proto = IPPROTO_IGMP }; 302 .proto = IPPROTO_IGMP };
302 if (ip_route_output_key(&init_net, &rt, &fl)) { 303 if (ip_route_output_key(net, &rt, &fl)) {
303 kfree_skb(skb); 304 kfree_skb(skb);
304 return NULL; 305 return NULL;
305 } 306 }
@@ -629,6 +630,7 @@ static int igmp_send_report(struct in_device *in_dev, struct ip_mc_list *pmc,
629 struct igmphdr *ih; 630 struct igmphdr *ih;
630 struct rtable *rt; 631 struct rtable *rt;
631 struct net_device *dev = in_dev->dev; 632 struct net_device *dev = in_dev->dev;
633 struct net *net = dev_net(dev);
632 __be32 group = pmc ? pmc->multiaddr : 0; 634 __be32 group = pmc ? pmc->multiaddr : 0;
633 __be32 dst; 635 __be32 dst;
634 636
@@ -643,7 +645,7 @@ static int igmp_send_report(struct in_device *in_dev, struct ip_mc_list *pmc,
643 struct flowi fl = { .oif = dev->ifindex, 645 struct flowi fl = { .oif = dev->ifindex,
644 .nl_u = { .ip4_u = { .daddr = dst } }, 646 .nl_u = { .ip4_u = { .daddr = dst } },
645 .proto = IPPROTO_IGMP }; 647 .proto = IPPROTO_IGMP };
646 if (ip_route_output_key(&init_net, &rt, &fl)) 648 if (ip_route_output_key(net, &rt, &fl))
647 return -1; 649 return -1;
648 } 650 }
649 if (rt->rt_src == 0) { 651 if (rt->rt_src == 0) {
@@ -1196,9 +1198,6 @@ void ip_mc_inc_group(struct in_device *in_dev, __be32 addr)
1196 1198
1197 ASSERT_RTNL(); 1199 ASSERT_RTNL();
1198 1200
1199 if (!net_eq(dev_net(in_dev->dev), &init_net))
1200 return;
1201
1202 for (im=in_dev->mc_list; im; im=im->next) { 1201 for (im=in_dev->mc_list; im; im=im->next) {
1203 if (im->multiaddr == addr) { 1202 if (im->multiaddr == addr) {
1204 im->users++; 1203 im->users++;
@@ -1278,9 +1277,6 @@ void ip_mc_dec_group(struct in_device *in_dev, __be32 addr)
1278 1277
1279 ASSERT_RTNL(); 1278 ASSERT_RTNL();
1280 1279
1281 if (!net_eq(dev_net(in_dev->dev), &init_net))
1282 return;
1283
1284 for (ip=&in_dev->mc_list; (i=*ip)!=NULL; ip=&i->next) { 1280 for (ip=&in_dev->mc_list; (i=*ip)!=NULL; ip=&i->next) {
1285 if (i->multiaddr==addr) { 1281 if (i->multiaddr==addr) {
1286 if (--i->users == 0) { 1282 if (--i->users == 0) {
@@ -1308,9 +1304,6 @@ void ip_mc_down(struct in_device *in_dev)
1308 1304
1309 ASSERT_RTNL(); 1305 ASSERT_RTNL();
1310 1306
1311 if (!net_eq(dev_net(in_dev->dev), &init_net))
1312 return;
1313
1314 for (i=in_dev->mc_list; i; i=i->next) 1307 for (i=in_dev->mc_list; i; i=i->next)
1315 igmp_group_dropped(i); 1308 igmp_group_dropped(i);
1316 1309
@@ -1331,9 +1324,6 @@ void ip_mc_init_dev(struct in_device *in_dev)
1331{ 1324{
1332 ASSERT_RTNL(); 1325 ASSERT_RTNL();
1333 1326
1334 if (!net_eq(dev_net(in_dev->dev), &init_net))
1335 return;
1336
1337 in_dev->mc_tomb = NULL; 1327 in_dev->mc_tomb = NULL;
1338#ifdef CONFIG_IP_MULTICAST 1328#ifdef CONFIG_IP_MULTICAST
1339 in_dev->mr_gq_running = 0; 1329 in_dev->mr_gq_running = 0;
@@ -1357,9 +1347,6 @@ void ip_mc_up(struct in_device *in_dev)
1357 1347
1358 ASSERT_RTNL(); 1348 ASSERT_RTNL();
1359 1349
1360 if (!net_eq(dev_net(in_dev->dev), &init_net))
1361 return;
1362
1363 ip_mc_inc_group(in_dev, IGMP_ALL_HOSTS); 1350 ip_mc_inc_group(in_dev, IGMP_ALL_HOSTS);
1364 1351
1365 for (i=in_dev->mc_list; i; i=i->next) 1352 for (i=in_dev->mc_list; i; i=i->next)
@@ -1376,9 +1363,6 @@ void ip_mc_destroy_dev(struct in_device *in_dev)
1376 1363
1377 ASSERT_RTNL(); 1364 ASSERT_RTNL();
1378 1365
1379 if (!net_eq(dev_net(in_dev->dev), &init_net))
1380 return;
1381
1382 /* Deactivate timers */ 1366 /* Deactivate timers */
1383 ip_mc_down(in_dev); 1367 ip_mc_down(in_dev);
1384 1368
@@ -1395,7 +1379,7 @@ void ip_mc_destroy_dev(struct in_device *in_dev)
1395 write_unlock_bh(&in_dev->mc_list_lock); 1379 write_unlock_bh(&in_dev->mc_list_lock);
1396} 1380}
1397 1381
1398static struct in_device * ip_mc_find_dev(struct ip_mreqn *imr) 1382static struct in_device *ip_mc_find_dev(struct net *net, struct ip_mreqn *imr)
1399{ 1383{
1400 struct flowi fl = { .nl_u = { .ip4_u = 1384 struct flowi fl = { .nl_u = { .ip4_u =
1401 { .daddr = imr->imr_multiaddr.s_addr } } }; 1385 { .daddr = imr->imr_multiaddr.s_addr } } };
@@ -1404,19 +1388,19 @@ static struct in_device * ip_mc_find_dev(struct ip_mreqn *imr)
1404 struct in_device *idev = NULL; 1388 struct in_device *idev = NULL;
1405 1389
1406 if (imr->imr_ifindex) { 1390 if (imr->imr_ifindex) {
1407 idev = inetdev_by_index(&init_net, imr->imr_ifindex); 1391 idev = inetdev_by_index(net, imr->imr_ifindex);
1408 if (idev) 1392 if (idev)
1409 __in_dev_put(idev); 1393 __in_dev_put(idev);
1410 return idev; 1394 return idev;
1411 } 1395 }
1412 if (imr->imr_address.s_addr) { 1396 if (imr->imr_address.s_addr) {
1413 dev = ip_dev_find(&init_net, imr->imr_address.s_addr); 1397 dev = ip_dev_find(net, imr->imr_address.s_addr);
1414 if (!dev) 1398 if (!dev)
1415 return NULL; 1399 return NULL;
1416 dev_put(dev); 1400 dev_put(dev);
1417 } 1401 }
1418 1402
1419 if (!dev && !ip_route_output_key(&init_net, &rt, &fl)) { 1403 if (!dev && !ip_route_output_key(net, &rt, &fl)) {
1420 dev = rt->u.dst.dev; 1404 dev = rt->u.dst.dev;
1421 ip_rt_put(rt); 1405 ip_rt_put(rt);
1422 } 1406 }
@@ -1754,18 +1738,16 @@ int ip_mc_join_group(struct sock *sk , struct ip_mreqn *imr)
1754 struct ip_mc_socklist *iml=NULL, *i; 1738 struct ip_mc_socklist *iml=NULL, *i;
1755 struct in_device *in_dev; 1739 struct in_device *in_dev;
1756 struct inet_sock *inet = inet_sk(sk); 1740 struct inet_sock *inet = inet_sk(sk);
1741 struct net *net = sock_net(sk);
1757 int ifindex; 1742 int ifindex;
1758 int count = 0; 1743 int count = 0;
1759 1744
1760 if (!ipv4_is_multicast(addr)) 1745 if (!ipv4_is_multicast(addr))
1761 return -EINVAL; 1746 return -EINVAL;
1762 1747
1763 if (!net_eq(sock_net(sk), &init_net))
1764 return -EPROTONOSUPPORT;
1765
1766 rtnl_lock(); 1748 rtnl_lock();
1767 1749
1768 in_dev = ip_mc_find_dev(imr); 1750 in_dev = ip_mc_find_dev(net, imr);
1769 1751
1770 if (!in_dev) { 1752 if (!in_dev) {
1771 iml = NULL; 1753 iml = NULL;
@@ -1827,15 +1809,13 @@ int ip_mc_leave_group(struct sock *sk, struct ip_mreqn *imr)
1827 struct inet_sock *inet = inet_sk(sk); 1809 struct inet_sock *inet = inet_sk(sk);
1828 struct ip_mc_socklist *iml, **imlp; 1810 struct ip_mc_socklist *iml, **imlp;
1829 struct in_device *in_dev; 1811 struct in_device *in_dev;
1812 struct net *net = sock_net(sk);
1830 __be32 group = imr->imr_multiaddr.s_addr; 1813 __be32 group = imr->imr_multiaddr.s_addr;
1831 u32 ifindex; 1814 u32 ifindex;
1832 int ret = -EADDRNOTAVAIL; 1815 int ret = -EADDRNOTAVAIL;
1833 1816
1834 if (!net_eq(sock_net(sk), &init_net))
1835 return -EPROTONOSUPPORT;
1836
1837 rtnl_lock(); 1817 rtnl_lock();
1838 in_dev = ip_mc_find_dev(imr); 1818 in_dev = ip_mc_find_dev(net, imr);
1839 ifindex = imr->imr_ifindex; 1819 ifindex = imr->imr_ifindex;
1840 for (imlp = &inet->mc_list; (iml = *imlp) != NULL; imlp = &iml->next) { 1820 for (imlp = &inet->mc_list; (iml = *imlp) != NULL; imlp = &iml->next) {
1841 if (iml->multi.imr_multiaddr.s_addr != group) 1821 if (iml->multi.imr_multiaddr.s_addr != group)
@@ -1873,21 +1853,19 @@ int ip_mc_source(int add, int omode, struct sock *sk, struct
1873 struct in_device *in_dev = NULL; 1853 struct in_device *in_dev = NULL;
1874 struct inet_sock *inet = inet_sk(sk); 1854 struct inet_sock *inet = inet_sk(sk);
1875 struct ip_sf_socklist *psl; 1855 struct ip_sf_socklist *psl;
1856 struct net *net = sock_net(sk);
1876 int leavegroup = 0; 1857 int leavegroup = 0;
1877 int i, j, rv; 1858 int i, j, rv;
1878 1859
1879 if (!ipv4_is_multicast(addr)) 1860 if (!ipv4_is_multicast(addr))
1880 return -EINVAL; 1861 return -EINVAL;
1881 1862
1882 if (!net_eq(sock_net(sk), &init_net))
1883 return -EPROTONOSUPPORT;
1884
1885 rtnl_lock(); 1863 rtnl_lock();
1886 1864
1887 imr.imr_multiaddr.s_addr = mreqs->imr_multiaddr; 1865 imr.imr_multiaddr.s_addr = mreqs->imr_multiaddr;
1888 imr.imr_address.s_addr = mreqs->imr_interface; 1866 imr.imr_address.s_addr = mreqs->imr_interface;
1889 imr.imr_ifindex = ifindex; 1867 imr.imr_ifindex = ifindex;
1890 in_dev = ip_mc_find_dev(&imr); 1868 in_dev = ip_mc_find_dev(net, &imr);
1891 1869
1892 if (!in_dev) { 1870 if (!in_dev) {
1893 err = -ENODEV; 1871 err = -ENODEV;
@@ -2007,6 +1985,7 @@ int ip_mc_msfilter(struct sock *sk, struct ip_msfilter *msf, int ifindex)
2007 struct in_device *in_dev; 1985 struct in_device *in_dev;
2008 struct inet_sock *inet = inet_sk(sk); 1986 struct inet_sock *inet = inet_sk(sk);
2009 struct ip_sf_socklist *newpsl, *psl; 1987 struct ip_sf_socklist *newpsl, *psl;
1988 struct net *net = sock_net(sk);
2010 int leavegroup = 0; 1989 int leavegroup = 0;
2011 1990
2012 if (!ipv4_is_multicast(addr)) 1991 if (!ipv4_is_multicast(addr))
@@ -2015,15 +1994,12 @@ int ip_mc_msfilter(struct sock *sk, struct ip_msfilter *msf, int ifindex)
2015 msf->imsf_fmode != MCAST_EXCLUDE) 1994 msf->imsf_fmode != MCAST_EXCLUDE)
2016 return -EINVAL; 1995 return -EINVAL;
2017 1996
2018 if (!net_eq(sock_net(sk), &init_net))
2019 return -EPROTONOSUPPORT;
2020
2021 rtnl_lock(); 1997 rtnl_lock();
2022 1998
2023 imr.imr_multiaddr.s_addr = msf->imsf_multiaddr; 1999 imr.imr_multiaddr.s_addr = msf->imsf_multiaddr;
2024 imr.imr_address.s_addr = msf->imsf_interface; 2000 imr.imr_address.s_addr = msf->imsf_interface;
2025 imr.imr_ifindex = ifindex; 2001 imr.imr_ifindex = ifindex;
2026 in_dev = ip_mc_find_dev(&imr); 2002 in_dev = ip_mc_find_dev(net, &imr);
2027 2003
2028 if (!in_dev) { 2004 if (!in_dev) {
2029 err = -ENODEV; 2005 err = -ENODEV;
@@ -2094,19 +2070,17 @@ int ip_mc_msfget(struct sock *sk, struct ip_msfilter *msf,
2094 struct in_device *in_dev; 2070 struct in_device *in_dev;
2095 struct inet_sock *inet = inet_sk(sk); 2071 struct inet_sock *inet = inet_sk(sk);
2096 struct ip_sf_socklist *psl; 2072 struct ip_sf_socklist *psl;
2073 struct net *net = sock_net(sk);
2097 2074
2098 if (!ipv4_is_multicast(addr)) 2075 if (!ipv4_is_multicast(addr))
2099 return -EINVAL; 2076 return -EINVAL;
2100 2077
2101 if (!net_eq(sock_net(sk), &init_net))
2102 return -EPROTONOSUPPORT;
2103
2104 rtnl_lock(); 2078 rtnl_lock();
2105 2079
2106 imr.imr_multiaddr.s_addr = msf->imsf_multiaddr; 2080 imr.imr_multiaddr.s_addr = msf->imsf_multiaddr;
2107 imr.imr_address.s_addr = msf->imsf_interface; 2081 imr.imr_address.s_addr = msf->imsf_interface;
2108 imr.imr_ifindex = 0; 2082 imr.imr_ifindex = 0;
2109 in_dev = ip_mc_find_dev(&imr); 2083 in_dev = ip_mc_find_dev(net, &imr);
2110 2084
2111 if (!in_dev) { 2085 if (!in_dev) {
2112 err = -ENODEV; 2086 err = -ENODEV;
@@ -2163,9 +2137,6 @@ int ip_mc_gsfget(struct sock *sk, struct group_filter *gsf,
2163 if (!ipv4_is_multicast(addr)) 2137 if (!ipv4_is_multicast(addr))
2164 return -EINVAL; 2138 return -EINVAL;
2165 2139
2166 if (!net_eq(sock_net(sk), &init_net))
2167 return -EPROTONOSUPPORT;
2168
2169 rtnl_lock(); 2140 rtnl_lock();
2170 2141
2171 err = -EADDRNOTAVAIL; 2142 err = -EADDRNOTAVAIL;
@@ -2246,19 +2217,17 @@ void ip_mc_drop_socket(struct sock *sk)
2246{ 2217{
2247 struct inet_sock *inet = inet_sk(sk); 2218 struct inet_sock *inet = inet_sk(sk);
2248 struct ip_mc_socklist *iml; 2219 struct ip_mc_socklist *iml;
2220 struct net *net = sock_net(sk);
2249 2221
2250 if (inet->mc_list == NULL) 2222 if (inet->mc_list == NULL)
2251 return; 2223 return;
2252 2224
2253 if (!net_eq(sock_net(sk), &init_net))
2254 return;
2255
2256 rtnl_lock(); 2225 rtnl_lock();
2257 while ((iml = inet->mc_list) != NULL) { 2226 while ((iml = inet->mc_list) != NULL) {
2258 struct in_device *in_dev; 2227 struct in_device *in_dev;
2259 inet->mc_list = iml->next; 2228 inet->mc_list = iml->next;
2260 2229
2261 in_dev = inetdev_by_index(&init_net, iml->multi.imr_ifindex); 2230 in_dev = inetdev_by_index(net, iml->multi.imr_ifindex);
2262 (void) ip_mc_leave_src(sk, iml, in_dev); 2231 (void) ip_mc_leave_src(sk, iml, in_dev);
2263 if (in_dev != NULL) { 2232 if (in_dev != NULL) {
2264 ip_mc_dec_group(in_dev, iml->multi.imr_multiaddr.s_addr); 2233 ip_mc_dec_group(in_dev, iml->multi.imr_multiaddr.s_addr);
diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c
index bb81c958b744..0c1ae68ee84b 100644
--- a/net/ipv4/inet_connection_sock.c
+++ b/net/ipv4/inet_connection_sock.c
@@ -167,7 +167,7 @@ tb_not_found:
167success: 167success:
168 if (!inet_csk(sk)->icsk_bind_hash) 168 if (!inet_csk(sk)->icsk_bind_hash)
169 inet_bind_hash(sk, tb, snum); 169 inet_bind_hash(sk, tb, snum);
170 BUG_TRAP(inet_csk(sk)->icsk_bind_hash == tb); 170 WARN_ON(inet_csk(sk)->icsk_bind_hash != tb);
171 ret = 0; 171 ret = 0;
172 172
173fail_unlock: 173fail_unlock:
@@ -260,7 +260,7 @@ struct sock *inet_csk_accept(struct sock *sk, int flags, int *err)
260 } 260 }
261 261
262 newsk = reqsk_queue_get_child(&icsk->icsk_accept_queue, sk); 262 newsk = reqsk_queue_get_child(&icsk->icsk_accept_queue, sk);
263 BUG_TRAP(newsk->sk_state != TCP_SYN_RECV); 263 WARN_ON(newsk->sk_state == TCP_SYN_RECV);
264out: 264out:
265 release_sock(sk); 265 release_sock(sk);
266 return newsk; 266 return newsk;
@@ -386,7 +386,7 @@ struct request_sock *inet_csk_search_req(const struct sock *sk,
386 ireq->rmt_addr == raddr && 386 ireq->rmt_addr == raddr &&
387 ireq->loc_addr == laddr && 387 ireq->loc_addr == laddr &&
388 AF_INET_FAMILY(req->rsk_ops->family)) { 388 AF_INET_FAMILY(req->rsk_ops->family)) {
389 BUG_TRAP(!req->sk); 389 WARN_ON(req->sk);
390 *prevp = prev; 390 *prevp = prev;
391 break; 391 break;
392 } 392 }
@@ -539,14 +539,14 @@ EXPORT_SYMBOL_GPL(inet_csk_clone);
539 */ 539 */
540void inet_csk_destroy_sock(struct sock *sk) 540void inet_csk_destroy_sock(struct sock *sk)
541{ 541{
542 BUG_TRAP(sk->sk_state == TCP_CLOSE); 542 WARN_ON(sk->sk_state != TCP_CLOSE);
543 BUG_TRAP(sock_flag(sk, SOCK_DEAD)); 543 WARN_ON(!sock_flag(sk, SOCK_DEAD));
544 544
545 /* It cannot be in hash table! */ 545 /* It cannot be in hash table! */
546 BUG_TRAP(sk_unhashed(sk)); 546 WARN_ON(!sk_unhashed(sk));
547 547
548 /* If it has not 0 inet_sk(sk)->num, it must be bound */ 548 /* If it has not 0 inet_sk(sk)->num, it must be bound */
549 BUG_TRAP(!inet_sk(sk)->num || inet_csk(sk)->icsk_bind_hash); 549 WARN_ON(inet_sk(sk)->num && !inet_csk(sk)->icsk_bind_hash);
550 550
551 sk->sk_prot->destroy(sk); 551 sk->sk_prot->destroy(sk);
552 552
@@ -629,7 +629,7 @@ void inet_csk_listen_stop(struct sock *sk)
629 629
630 local_bh_disable(); 630 local_bh_disable();
631 bh_lock_sock(child); 631 bh_lock_sock(child);
632 BUG_TRAP(!sock_owned_by_user(child)); 632 WARN_ON(sock_owned_by_user(child));
633 sock_hold(child); 633 sock_hold(child);
634 634
635 sk->sk_prot->disconnect(child, O_NONBLOCK); 635 sk->sk_prot->disconnect(child, O_NONBLOCK);
@@ -647,7 +647,7 @@ void inet_csk_listen_stop(struct sock *sk)
647 sk_acceptq_removed(sk); 647 sk_acceptq_removed(sk);
648 __reqsk_free(req); 648 __reqsk_free(req);
649 } 649 }
650 BUG_TRAP(!sk->sk_ack_backlog); 650 WARN_ON(sk->sk_ack_backlog);
651} 651}
652 652
653EXPORT_SYMBOL_GPL(inet_csk_listen_stop); 653EXPORT_SYMBOL_GPL(inet_csk_listen_stop);
diff --git a/net/ipv4/inet_fragment.c b/net/ipv4/inet_fragment.c
index 0546a0bc97ea..6c52e08f786e 100644
--- a/net/ipv4/inet_fragment.c
+++ b/net/ipv4/inet_fragment.c
@@ -134,8 +134,8 @@ void inet_frag_destroy(struct inet_frag_queue *q, struct inet_frags *f,
134 struct sk_buff *fp; 134 struct sk_buff *fp;
135 struct netns_frags *nf; 135 struct netns_frags *nf;
136 136
137 BUG_TRAP(q->last_in & INET_FRAG_COMPLETE); 137 WARN_ON(!(q->last_in & INET_FRAG_COMPLETE));
138 BUG_TRAP(del_timer(&q->timer) == 0); 138 WARN_ON(del_timer(&q->timer) != 0);
139 139
140 /* Release all fragment data. */ 140 /* Release all fragment data. */
141 fp = q->fragments; 141 fp = q->fragments;
diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c
index 115f53722d20..44981906fb91 100644
--- a/net/ipv4/inet_hashtables.c
+++ b/net/ipv4/inet_hashtables.c
@@ -305,7 +305,7 @@ unique:
305 inet->num = lport; 305 inet->num = lport;
306 inet->sport = htons(lport); 306 inet->sport = htons(lport);
307 sk->sk_hash = hash; 307 sk->sk_hash = hash;
308 BUG_TRAP(sk_unhashed(sk)); 308 WARN_ON(!sk_unhashed(sk));
309 __sk_add_node(sk, &head->chain); 309 __sk_add_node(sk, &head->chain);
310 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1); 310 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1);
311 write_unlock(lock); 311 write_unlock(lock);
@@ -342,7 +342,7 @@ void __inet_hash_nolisten(struct sock *sk)
342 rwlock_t *lock; 342 rwlock_t *lock;
343 struct inet_ehash_bucket *head; 343 struct inet_ehash_bucket *head;
344 344
345 BUG_TRAP(sk_unhashed(sk)); 345 WARN_ON(!sk_unhashed(sk));
346 346
347 sk->sk_hash = inet_sk_ehashfn(sk); 347 sk->sk_hash = inet_sk_ehashfn(sk);
348 head = inet_ehash_bucket(hashinfo, sk->sk_hash); 348 head = inet_ehash_bucket(hashinfo, sk->sk_hash);
@@ -367,7 +367,7 @@ static void __inet_hash(struct sock *sk)
367 return; 367 return;
368 } 368 }
369 369
370 BUG_TRAP(sk_unhashed(sk)); 370 WARN_ON(!sk_unhashed(sk));
371 list = &hashinfo->listening_hash[inet_sk_listen_hashfn(sk)]; 371 list = &hashinfo->listening_hash[inet_sk_listen_hashfn(sk)];
372 lock = &hashinfo->lhash_lock; 372 lock = &hashinfo->lhash_lock;
373 373
@@ -450,7 +450,7 @@ int __inet_hash_connect(struct inet_timewait_death_row *death_row,
450 */ 450 */
451 inet_bind_bucket_for_each(tb, node, &head->chain) { 451 inet_bind_bucket_for_each(tb, node, &head->chain) {
452 if (tb->ib_net == net && tb->port == port) { 452 if (tb->ib_net == net && tb->port == port) {
453 BUG_TRAP(!hlist_empty(&tb->owners)); 453 WARN_ON(hlist_empty(&tb->owners));
454 if (tb->fastreuse >= 0) 454 if (tb->fastreuse >= 0)
455 goto next_port; 455 goto next_port;
456 if (!check_established(death_row, sk, 456 if (!check_established(death_row, sk,
diff --git a/net/ipv4/inet_timewait_sock.c b/net/ipv4/inet_timewait_sock.c
index 75c2def8f9a0..d985bd613d25 100644
--- a/net/ipv4/inet_timewait_sock.c
+++ b/net/ipv4/inet_timewait_sock.c
@@ -86,7 +86,7 @@ void __inet_twsk_hashdance(struct inet_timewait_sock *tw, struct sock *sk,
86 hashinfo->bhash_size)]; 86 hashinfo->bhash_size)];
87 spin_lock(&bhead->lock); 87 spin_lock(&bhead->lock);
88 tw->tw_tb = icsk->icsk_bind_hash; 88 tw->tw_tb = icsk->icsk_bind_hash;
89 BUG_TRAP(icsk->icsk_bind_hash); 89 WARN_ON(!icsk->icsk_bind_hash);
90 inet_twsk_add_bind_node(tw, &tw->tw_tb->owners); 90 inet_twsk_add_bind_node(tw, &tw->tw_tb->owners);
91 spin_unlock(&bhead->lock); 91 spin_unlock(&bhead->lock);
92 92
diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
index 38d38f058018..2152d222b954 100644
--- a/net/ipv4/ip_fragment.c
+++ b/net/ipv4/ip_fragment.c
@@ -488,8 +488,8 @@ static int ip_frag_reasm(struct ipq *qp, struct sk_buff *prev,
488 qp->q.fragments = head; 488 qp->q.fragments = head;
489 } 489 }
490 490
491 BUG_TRAP(head != NULL); 491 WARN_ON(head == NULL);
492 BUG_TRAP(FRAG_CB(head)->offset == 0); 492 WARN_ON(FRAG_CB(head)->offset != 0);
493 493
494 /* Allocate a new buffer for the datagram. */ 494 /* Allocate a new buffer for the datagram. */
495 ihlen = ip_hdrlen(head); 495 ihlen = ip_hdrlen(head);
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index 465544f6281a..d533a89e08de 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -118,7 +118,7 @@ static int ip_dev_loopback_xmit(struct sk_buff *newskb)
118 __skb_pull(newskb, skb_network_offset(newskb)); 118 __skb_pull(newskb, skb_network_offset(newskb));
119 newskb->pkt_type = PACKET_LOOPBACK; 119 newskb->pkt_type = PACKET_LOOPBACK;
120 newskb->ip_summed = CHECKSUM_UNNECESSARY; 120 newskb->ip_summed = CHECKSUM_UNNECESSARY;
121 BUG_TRAP(newskb->dst); 121 WARN_ON(!newskb->dst);
122 netif_rx(newskb); 122 netif_rx(newskb);
123 return 0; 123 return 0;
124} 124}
diff --git a/net/ipv4/ipcomp.c b/net/ipv4/ipcomp.c
index a75807b971b3..38ccb6dfb02e 100644
--- a/net/ipv4/ipcomp.c
+++ b/net/ipv4/ipcomp.c
@@ -14,153 +14,14 @@
14 * - Adaptive compression. 14 * - Adaptive compression.
15 */ 15 */
16#include <linux/module.h> 16#include <linux/module.h>
17#include <linux/crypto.h>
18#include <linux/err.h> 17#include <linux/err.h>
19#include <linux/pfkeyv2.h>
20#include <linux/percpu.h>
21#include <linux/smp.h>
22#include <linux/list.h>
23#include <linux/vmalloc.h>
24#include <linux/rtnetlink.h> 18#include <linux/rtnetlink.h>
25#include <linux/mutex.h>
26#include <net/ip.h> 19#include <net/ip.h>
27#include <net/xfrm.h> 20#include <net/xfrm.h>
28#include <net/icmp.h> 21#include <net/icmp.h>
29#include <net/ipcomp.h> 22#include <net/ipcomp.h>
30#include <net/protocol.h> 23#include <net/protocol.h>
31 24#include <net/sock.h>
32struct ipcomp_tfms {
33 struct list_head list;
34 struct crypto_comp **tfms;
35 int users;
36};
37
38static DEFINE_MUTEX(ipcomp_resource_mutex);
39static void **ipcomp_scratches;
40static int ipcomp_scratch_users;
41static LIST_HEAD(ipcomp_tfms_list);
42
43static int ipcomp_decompress(struct xfrm_state *x, struct sk_buff *skb)
44{
45 struct ipcomp_data *ipcd = x->data;
46 const int plen = skb->len;
47 int dlen = IPCOMP_SCRATCH_SIZE;
48 const u8 *start = skb->data;
49 const int cpu = get_cpu();
50 u8 *scratch = *per_cpu_ptr(ipcomp_scratches, cpu);
51 struct crypto_comp *tfm = *per_cpu_ptr(ipcd->tfms, cpu);
52 int err = crypto_comp_decompress(tfm, start, plen, scratch, &dlen);
53
54 if (err)
55 goto out;
56
57 if (dlen < (plen + sizeof(struct ip_comp_hdr))) {
58 err = -EINVAL;
59 goto out;
60 }
61
62 err = pskb_expand_head(skb, 0, dlen - plen, GFP_ATOMIC);
63 if (err)
64 goto out;
65
66 skb->truesize += dlen - plen;
67 __skb_put(skb, dlen - plen);
68 skb_copy_to_linear_data(skb, scratch, dlen);
69out:
70 put_cpu();
71 return err;
72}
73
74static int ipcomp_input(struct xfrm_state *x, struct sk_buff *skb)
75{
76 int nexthdr;
77 int err = -ENOMEM;
78 struct ip_comp_hdr *ipch;
79
80 if (skb_linearize_cow(skb))
81 goto out;
82
83 skb->ip_summed = CHECKSUM_NONE;
84
85 /* Remove ipcomp header and decompress original payload */
86 ipch = (void *)skb->data;
87 nexthdr = ipch->nexthdr;
88
89 skb->transport_header = skb->network_header + sizeof(*ipch);
90 __skb_pull(skb, sizeof(*ipch));
91 err = ipcomp_decompress(x, skb);
92 if (err)
93 goto out;
94
95 err = nexthdr;
96
97out:
98 return err;
99}
100
101static int ipcomp_compress(struct xfrm_state *x, struct sk_buff *skb)
102{
103 struct ipcomp_data *ipcd = x->data;
104 const int plen = skb->len;
105 int dlen = IPCOMP_SCRATCH_SIZE;
106 u8 *start = skb->data;
107 const int cpu = get_cpu();
108 u8 *scratch = *per_cpu_ptr(ipcomp_scratches, cpu);
109 struct crypto_comp *tfm = *per_cpu_ptr(ipcd->tfms, cpu);
110 int err;
111
112 local_bh_disable();
113 err = crypto_comp_compress(tfm, start, plen, scratch, &dlen);
114 local_bh_enable();
115 if (err)
116 goto out;
117
118 if ((dlen + sizeof(struct ip_comp_hdr)) >= plen) {
119 err = -EMSGSIZE;
120 goto out;
121 }
122
123 memcpy(start + sizeof(struct ip_comp_hdr), scratch, dlen);
124 put_cpu();
125
126 pskb_trim(skb, dlen + sizeof(struct ip_comp_hdr));
127 return 0;
128
129out:
130 put_cpu();
131 return err;
132}
133
134static int ipcomp_output(struct xfrm_state *x, struct sk_buff *skb)
135{
136 int err;
137 struct ip_comp_hdr *ipch;
138 struct ipcomp_data *ipcd = x->data;
139
140 if (skb->len < ipcd->threshold) {
141 /* Don't bother compressing */
142 goto out_ok;
143 }
144
145 if (skb_linearize_cow(skb))
146 goto out_ok;
147
148 err = ipcomp_compress(x, skb);
149
150 if (err) {
151 goto out_ok;
152 }
153
154 /* Install ipcomp header, convert into ipcomp datagram. */
155 ipch = ip_comp_hdr(skb);
156 ipch->nexthdr = *skb_mac_header(skb);
157 ipch->flags = 0;
158 ipch->cpi = htons((u16 )ntohl(x->id.spi));
159 *skb_mac_header(skb) = IPPROTO_COMP;
160out_ok:
161 skb_push(skb, -skb_network_offset(skb));
162 return 0;
163}
164 25
165static void ipcomp4_err(struct sk_buff *skb, u32 info) 26static void ipcomp4_err(struct sk_buff *skb, u32 info)
166{ 27{
@@ -241,155 +102,9 @@ out:
241 return err; 102 return err;
242} 103}
243 104
244static void ipcomp_free_scratches(void) 105static int ipcomp4_init_state(struct xfrm_state *x)
245{
246 int i;
247 void **scratches;
248
249 if (--ipcomp_scratch_users)
250 return;
251
252 scratches = ipcomp_scratches;
253 if (!scratches)
254 return;
255
256 for_each_possible_cpu(i)
257 vfree(*per_cpu_ptr(scratches, i));
258
259 free_percpu(scratches);
260}
261
262static void **ipcomp_alloc_scratches(void)
263{
264 int i;
265 void **scratches;
266
267 if (ipcomp_scratch_users++)
268 return ipcomp_scratches;
269
270 scratches = alloc_percpu(void *);
271 if (!scratches)
272 return NULL;
273
274 ipcomp_scratches = scratches;
275
276 for_each_possible_cpu(i) {
277 void *scratch = vmalloc(IPCOMP_SCRATCH_SIZE);
278 if (!scratch)
279 return NULL;
280 *per_cpu_ptr(scratches, i) = scratch;
281 }
282
283 return scratches;
284}
285
286static void ipcomp_free_tfms(struct crypto_comp **tfms)
287{
288 struct ipcomp_tfms *pos;
289 int cpu;
290
291 list_for_each_entry(pos, &ipcomp_tfms_list, list) {
292 if (pos->tfms == tfms)
293 break;
294 }
295
296 BUG_TRAP(pos);
297
298 if (--pos->users)
299 return;
300
301 list_del(&pos->list);
302 kfree(pos);
303
304 if (!tfms)
305 return;
306
307 for_each_possible_cpu(cpu) {
308 struct crypto_comp *tfm = *per_cpu_ptr(tfms, cpu);
309 crypto_free_comp(tfm);
310 }
311 free_percpu(tfms);
312}
313
314static struct crypto_comp **ipcomp_alloc_tfms(const char *alg_name)
315{
316 struct ipcomp_tfms *pos;
317 struct crypto_comp **tfms;
318 int cpu;
319
320 /* This can be any valid CPU ID so we don't need locking. */
321 cpu = raw_smp_processor_id();
322
323 list_for_each_entry(pos, &ipcomp_tfms_list, list) {
324 struct crypto_comp *tfm;
325
326 tfms = pos->tfms;
327 tfm = *per_cpu_ptr(tfms, cpu);
328
329 if (!strcmp(crypto_comp_name(tfm), alg_name)) {
330 pos->users++;
331 return tfms;
332 }
333 }
334
335 pos = kmalloc(sizeof(*pos), GFP_KERNEL);
336 if (!pos)
337 return NULL;
338
339 pos->users = 1;
340 INIT_LIST_HEAD(&pos->list);
341 list_add(&pos->list, &ipcomp_tfms_list);
342
343 pos->tfms = tfms = alloc_percpu(struct crypto_comp *);
344 if (!tfms)
345 goto error;
346
347 for_each_possible_cpu(cpu) {
348 struct crypto_comp *tfm = crypto_alloc_comp(alg_name, 0,
349 CRYPTO_ALG_ASYNC);
350 if (IS_ERR(tfm))
351 goto error;
352 *per_cpu_ptr(tfms, cpu) = tfm;
353 }
354
355 return tfms;
356
357error:
358 ipcomp_free_tfms(tfms);
359 return NULL;
360}
361
362static void ipcomp_free_data(struct ipcomp_data *ipcd)
363{ 106{
364 if (ipcd->tfms) 107 int err = -EINVAL;
365 ipcomp_free_tfms(ipcd->tfms);
366 ipcomp_free_scratches();
367}
368
369static void ipcomp_destroy(struct xfrm_state *x)
370{
371 struct ipcomp_data *ipcd = x->data;
372 if (!ipcd)
373 return;
374 xfrm_state_delete_tunnel(x);
375 mutex_lock(&ipcomp_resource_mutex);
376 ipcomp_free_data(ipcd);
377 mutex_unlock(&ipcomp_resource_mutex);
378 kfree(ipcd);
379}
380
381static int ipcomp_init_state(struct xfrm_state *x)
382{
383 int err;
384 struct ipcomp_data *ipcd;
385 struct xfrm_algo_desc *calg_desc;
386
387 err = -EINVAL;
388 if (!x->calg)
389 goto out;
390
391 if (x->encap)
392 goto out;
393 108
394 x->props.header_len = 0; 109 x->props.header_len = 0;
395 switch (x->props.mode) { 110 switch (x->props.mode) {
@@ -402,40 +117,22 @@ static int ipcomp_init_state(struct xfrm_state *x)
402 goto out; 117 goto out;
403 } 118 }
404 119
405 err = -ENOMEM; 120 err = ipcomp_init_state(x);
406 ipcd = kzalloc(sizeof(*ipcd), GFP_KERNEL); 121 if (err)
407 if (!ipcd)
408 goto out; 122 goto out;
409 123
410 mutex_lock(&ipcomp_resource_mutex);
411 if (!ipcomp_alloc_scratches())
412 goto error;
413
414 ipcd->tfms = ipcomp_alloc_tfms(x->calg->alg_name);
415 if (!ipcd->tfms)
416 goto error;
417 mutex_unlock(&ipcomp_resource_mutex);
418
419 if (x->props.mode == XFRM_MODE_TUNNEL) { 124 if (x->props.mode == XFRM_MODE_TUNNEL) {
420 err = ipcomp_tunnel_attach(x); 125 err = ipcomp_tunnel_attach(x);
421 if (err) 126 if (err)
422 goto error_tunnel; 127 goto error_tunnel;
423 } 128 }
424 129
425 calg_desc = xfrm_calg_get_byname(x->calg->alg_name, 0);
426 BUG_ON(!calg_desc);
427 ipcd->threshold = calg_desc->uinfo.comp.threshold;
428 x->data = ipcd;
429 err = 0; 130 err = 0;
430out: 131out:
431 return err; 132 return err;
432 133
433error_tunnel: 134error_tunnel:
434 mutex_lock(&ipcomp_resource_mutex); 135 ipcomp_destroy(x);
435error:
436 ipcomp_free_data(ipcd);
437 mutex_unlock(&ipcomp_resource_mutex);
438 kfree(ipcd);
439 goto out; 136 goto out;
440} 137}
441 138
@@ -443,7 +140,7 @@ static const struct xfrm_type ipcomp_type = {
443 .description = "IPCOMP4", 140 .description = "IPCOMP4",
444 .owner = THIS_MODULE, 141 .owner = THIS_MODULE,
445 .proto = IPPROTO_COMP, 142 .proto = IPPROTO_COMP,
446 .init_state = ipcomp_init_state, 143 .init_state = ipcomp4_init_state,
447 .destructor = ipcomp_destroy, 144 .destructor = ipcomp_destroy,
448 .input = ipcomp_input, 145 .input = ipcomp_input,
449 .output = ipcomp_output 146 .output = ipcomp_output
@@ -481,7 +178,7 @@ module_init(ipcomp4_init);
481module_exit(ipcomp4_fini); 178module_exit(ipcomp4_fini);
482 179
483MODULE_LICENSE("GPL"); 180MODULE_LICENSE("GPL");
484MODULE_DESCRIPTION("IP Payload Compression Protocol (IPComp) - RFC3173"); 181MODULE_DESCRIPTION("IP Payload Compression Protocol (IPComp/IPv4) - RFC3173");
485MODULE_AUTHOR("James Morris <jmorris@intercode.com.au>"); 182MODULE_AUTHOR("James Morris <jmorris@intercode.com.au>");
486 183
487MODULE_ALIAS_XFRM_TYPE(AF_INET, XFRM_PROTO_COMP); 184MODULE_ALIAS_XFRM_TYPE(AF_INET, XFRM_PROTO_COMP);
diff --git a/net/ipv4/ipvs/ip_vs_app.c b/net/ipv4/ipvs/ip_vs_app.c
index 1f1897a1a702..201b8ea3020d 100644
--- a/net/ipv4/ipvs/ip_vs_app.c
+++ b/net/ipv4/ipvs/ip_vs_app.c
@@ -608,7 +608,7 @@ int ip_vs_skb_replace(struct sk_buff *skb, gfp_t pri,
608} 608}
609 609
610 610
611int ip_vs_app_init(void) 611int __init ip_vs_app_init(void)
612{ 612{
613 /* we will replace it with proc_net_ipvs_create() soon */ 613 /* we will replace it with proc_net_ipvs_create() soon */
614 proc_net_fops_create(&init_net, "ip_vs_app", 0, &ip_vs_app_fops); 614 proc_net_fops_create(&init_net, "ip_vs_app", 0, &ip_vs_app_fops);
diff --git a/net/ipv4/ipvs/ip_vs_conn.c b/net/ipv4/ipvs/ip_vs_conn.c
index f8bdae47a77f..44a6872dc245 100644
--- a/net/ipv4/ipvs/ip_vs_conn.c
+++ b/net/ipv4/ipvs/ip_vs_conn.c
@@ -965,7 +965,7 @@ static void ip_vs_conn_flush(void)
965} 965}
966 966
967 967
968int ip_vs_conn_init(void) 968int __init ip_vs_conn_init(void)
969{ 969{
970 int idx; 970 int idx;
971 971
diff --git a/net/ipv4/ipvs/ip_vs_ctl.c b/net/ipv4/ipvs/ip_vs_ctl.c
index 9a5ace0b4dd6..6379705a8dcb 100644
--- a/net/ipv4/ipvs/ip_vs_ctl.c
+++ b/net/ipv4/ipvs/ip_vs_ctl.c
@@ -683,9 +683,22 @@ static void
683ip_vs_zero_stats(struct ip_vs_stats *stats) 683ip_vs_zero_stats(struct ip_vs_stats *stats)
684{ 684{
685 spin_lock_bh(&stats->lock); 685 spin_lock_bh(&stats->lock);
686 memset(stats, 0, (char *)&stats->lock - (char *)stats); 686
687 spin_unlock_bh(&stats->lock); 687 stats->conns = 0;
688 stats->inpkts = 0;
689 stats->outpkts = 0;
690 stats->inbytes = 0;
691 stats->outbytes = 0;
692
693 stats->cps = 0;
694 stats->inpps = 0;
695 stats->outpps = 0;
696 stats->inbps = 0;
697 stats->outbps = 0;
698
688 ip_vs_zero_estimator(stats); 699 ip_vs_zero_estimator(stats);
700
701 spin_unlock_bh(&stats->lock);
689} 702}
690 703
691/* 704/*
@@ -1589,7 +1602,7 @@ static struct ctl_table vs_vars[] = {
1589 { .ctl_name = 0 } 1602 { .ctl_name = 0 }
1590}; 1603};
1591 1604
1592struct ctl_path net_vs_ctl_path[] = { 1605const struct ctl_path net_vs_ctl_path[] = {
1593 { .procname = "net", .ctl_name = CTL_NET, }, 1606 { .procname = "net", .ctl_name = CTL_NET, },
1594 { .procname = "ipv4", .ctl_name = NET_IPV4, }, 1607 { .procname = "ipv4", .ctl_name = NET_IPV4, },
1595 { .procname = "vs", }, 1608 { .procname = "vs", },
@@ -1784,7 +1797,9 @@ static const struct file_operations ip_vs_info_fops = {
1784 1797
1785#endif 1798#endif
1786 1799
1787struct ip_vs_stats ip_vs_stats; 1800struct ip_vs_stats ip_vs_stats = {
1801 .lock = __SPIN_LOCK_UNLOCKED(ip_vs_stats.lock),
1802};
1788 1803
1789#ifdef CONFIG_PROC_FS 1804#ifdef CONFIG_PROC_FS
1790static int ip_vs_stats_show(struct seq_file *seq, void *v) 1805static int ip_vs_stats_show(struct seq_file *seq, void *v)
@@ -2306,7 +2321,7 @@ static struct nf_sockopt_ops ip_vs_sockopts = {
2306}; 2321};
2307 2322
2308 2323
2309int ip_vs_control_init(void) 2324int __init ip_vs_control_init(void)
2310{ 2325{
2311 int ret; 2326 int ret;
2312 int idx; 2327 int idx;
@@ -2333,8 +2348,6 @@ int ip_vs_control_init(void)
2333 INIT_LIST_HEAD(&ip_vs_rtable[idx]); 2348 INIT_LIST_HEAD(&ip_vs_rtable[idx]);
2334 } 2349 }
2335 2350
2336 memset(&ip_vs_stats, 0, sizeof(ip_vs_stats));
2337 spin_lock_init(&ip_vs_stats.lock);
2338 ip_vs_new_estimator(&ip_vs_stats); 2351 ip_vs_new_estimator(&ip_vs_stats);
2339 2352
2340 /* Hook the defense timer */ 2353 /* Hook the defense timer */
diff --git a/net/ipv4/ipvs/ip_vs_dh.c b/net/ipv4/ipvs/ip_vs_dh.c
index 8afc1503ed20..fa66824d264f 100644
--- a/net/ipv4/ipvs/ip_vs_dh.c
+++ b/net/ipv4/ipvs/ip_vs_dh.c
@@ -233,6 +233,7 @@ static struct ip_vs_scheduler ip_vs_dh_scheduler =
233 .name = "dh", 233 .name = "dh",
234 .refcnt = ATOMIC_INIT(0), 234 .refcnt = ATOMIC_INIT(0),
235 .module = THIS_MODULE, 235 .module = THIS_MODULE,
236 .n_list = LIST_HEAD_INIT(ip_vs_dh_scheduler.n_list),
236 .init_service = ip_vs_dh_init_svc, 237 .init_service = ip_vs_dh_init_svc,
237 .done_service = ip_vs_dh_done_svc, 238 .done_service = ip_vs_dh_done_svc,
238 .update_service = ip_vs_dh_update_svc, 239 .update_service = ip_vs_dh_update_svc,
@@ -242,7 +243,6 @@ static struct ip_vs_scheduler ip_vs_dh_scheduler =
242 243
243static int __init ip_vs_dh_init(void) 244static int __init ip_vs_dh_init(void)
244{ 245{
245 INIT_LIST_HEAD(&ip_vs_dh_scheduler.n_list);
246 return register_ip_vs_scheduler(&ip_vs_dh_scheduler); 246 return register_ip_vs_scheduler(&ip_vs_dh_scheduler);
247} 247}
248 248
diff --git a/net/ipv4/ipvs/ip_vs_est.c b/net/ipv4/ipvs/ip_vs_est.c
index bc04eedd6dbb..5a20f93bd7f9 100644
--- a/net/ipv4/ipvs/ip_vs_est.c
+++ b/net/ipv4/ipvs/ip_vs_est.c
@@ -17,6 +17,7 @@
17#include <linux/types.h> 17#include <linux/types.h>
18#include <linux/interrupt.h> 18#include <linux/interrupt.h>
19#include <linux/sysctl.h> 19#include <linux/sysctl.h>
20#include <linux/list.h>
20 21
21#include <net/ip_vs.h> 22#include <net/ip_vs.h>
22 23
@@ -44,28 +45,11 @@
44 */ 45 */
45 46
46 47
47struct ip_vs_estimator 48static void estimation_timer(unsigned long arg);
48{
49 struct ip_vs_estimator *next;
50 struct ip_vs_stats *stats;
51
52 u32 last_conns;
53 u32 last_inpkts;
54 u32 last_outpkts;
55 u64 last_inbytes;
56 u64 last_outbytes;
57
58 u32 cps;
59 u32 inpps;
60 u32 outpps;
61 u32 inbps;
62 u32 outbps;
63};
64
65 49
66static struct ip_vs_estimator *est_list = NULL; 50static LIST_HEAD(est_list);
67static DEFINE_RWLOCK(est_lock); 51static DEFINE_SPINLOCK(est_lock);
68static struct timer_list est_timer; 52static DEFINE_TIMER(est_timer, estimation_timer, 0, 0);
69 53
70static void estimation_timer(unsigned long arg) 54static void estimation_timer(unsigned long arg)
71{ 55{
@@ -76,9 +60,9 @@ static void estimation_timer(unsigned long arg)
76 u64 n_inbytes, n_outbytes; 60 u64 n_inbytes, n_outbytes;
77 u32 rate; 61 u32 rate;
78 62
79 read_lock(&est_lock); 63 spin_lock(&est_lock);
80 for (e = est_list; e; e = e->next) { 64 list_for_each_entry(e, &est_list, list) {
81 s = e->stats; 65 s = container_of(e, struct ip_vs_stats, est);
82 66
83 spin_lock(&s->lock); 67 spin_lock(&s->lock);
84 n_conns = s->conns; 68 n_conns = s->conns;
@@ -114,19 +98,16 @@ static void estimation_timer(unsigned long arg)
114 s->outbps = (e->outbps+0xF)>>5; 98 s->outbps = (e->outbps+0xF)>>5;
115 spin_unlock(&s->lock); 99 spin_unlock(&s->lock);
116 } 100 }
117 read_unlock(&est_lock); 101 spin_unlock(&est_lock);
118 mod_timer(&est_timer, jiffies + 2*HZ); 102 mod_timer(&est_timer, jiffies + 2*HZ);
119} 103}
120 104
121int ip_vs_new_estimator(struct ip_vs_stats *stats) 105void ip_vs_new_estimator(struct ip_vs_stats *stats)
122{ 106{
123 struct ip_vs_estimator *est; 107 struct ip_vs_estimator *est = &stats->est;
124 108
125 est = kzalloc(sizeof(*est), GFP_KERNEL); 109 INIT_LIST_HEAD(&est->list);
126 if (est == NULL)
127 return -ENOMEM;
128 110
129 est->stats = stats;
130 est->last_conns = stats->conns; 111 est->last_conns = stats->conns;
131 est->cps = stats->cps<<10; 112 est->cps = stats->cps<<10;
132 113
@@ -142,59 +123,40 @@ int ip_vs_new_estimator(struct ip_vs_stats *stats)
142 est->last_outbytes = stats->outbytes; 123 est->last_outbytes = stats->outbytes;
143 est->outbps = stats->outbps<<5; 124 est->outbps = stats->outbps<<5;
144 125
145 write_lock_bh(&est_lock); 126 spin_lock_bh(&est_lock);
146 est->next = est_list; 127 if (list_empty(&est_list))
147 if (est->next == NULL) { 128 mod_timer(&est_timer, jiffies + 2 * HZ);
148 setup_timer(&est_timer, estimation_timer, 0); 129 list_add(&est->list, &est_list);
149 est_timer.expires = jiffies + 2*HZ; 130 spin_unlock_bh(&est_lock);
150 add_timer(&est_timer);
151 }
152 est_list = est;
153 write_unlock_bh(&est_lock);
154 return 0;
155} 131}
156 132
157void ip_vs_kill_estimator(struct ip_vs_stats *stats) 133void ip_vs_kill_estimator(struct ip_vs_stats *stats)
158{ 134{
159 struct ip_vs_estimator *est, **pest; 135 struct ip_vs_estimator *est = &stats->est;
160 int killed = 0; 136
161 137 spin_lock_bh(&est_lock);
162 write_lock_bh(&est_lock); 138 list_del(&est->list);
163 pest = &est_list; 139 while (list_empty(&est_list) && try_to_del_timer_sync(&est_timer) < 0) {
164 while ((est=*pest) != NULL) { 140 spin_unlock_bh(&est_lock);
165 if (est->stats != stats) { 141 cpu_relax();
166 pest = &est->next; 142 spin_lock_bh(&est_lock);
167 continue;
168 }
169 *pest = est->next;
170 kfree(est);
171 killed++;
172 } 143 }
173 if (killed && est_list == NULL) 144 spin_unlock_bh(&est_lock);
174 del_timer_sync(&est_timer);
175 write_unlock_bh(&est_lock);
176} 145}
177 146
178void ip_vs_zero_estimator(struct ip_vs_stats *stats) 147void ip_vs_zero_estimator(struct ip_vs_stats *stats)
179{ 148{
180 struct ip_vs_estimator *e; 149 struct ip_vs_estimator *est = &stats->est;
181 150
182 write_lock_bh(&est_lock); 151 /* set counters zero, caller must hold the stats->lock lock */
183 for (e = est_list; e; e = e->next) { 152 est->last_inbytes = 0;
184 if (e->stats != stats) 153 est->last_outbytes = 0;
185 continue; 154 est->last_conns = 0;
186 155 est->last_inpkts = 0;
187 /* set counters zero */ 156 est->last_outpkts = 0;
188 e->last_conns = 0; 157 est->cps = 0;
189 e->last_inpkts = 0; 158 est->inpps = 0;
190 e->last_outpkts = 0; 159 est->outpps = 0;
191 e->last_inbytes = 0; 160 est->inbps = 0;
192 e->last_outbytes = 0; 161 est->outbps = 0;
193 e->cps = 0;
194 e->inpps = 0;
195 e->outpps = 0;
196 e->inbps = 0;
197 e->outbps = 0;
198 }
199 write_unlock_bh(&est_lock);
200} 162}
diff --git a/net/ipv4/ipvs/ip_vs_lblc.c b/net/ipv4/ipvs/ip_vs_lblc.c
index 0efa3db4b180..7a6a319f544a 100644
--- a/net/ipv4/ipvs/ip_vs_lblc.c
+++ b/net/ipv4/ipvs/ip_vs_lblc.c
@@ -539,6 +539,7 @@ static struct ip_vs_scheduler ip_vs_lblc_scheduler =
539 .name = "lblc", 539 .name = "lblc",
540 .refcnt = ATOMIC_INIT(0), 540 .refcnt = ATOMIC_INIT(0),
541 .module = THIS_MODULE, 541 .module = THIS_MODULE,
542 .n_list = LIST_HEAD_INIT(ip_vs_lblc_scheduler.n_list),
542 .init_service = ip_vs_lblc_init_svc, 543 .init_service = ip_vs_lblc_init_svc,
543 .done_service = ip_vs_lblc_done_svc, 544 .done_service = ip_vs_lblc_done_svc,
544 .update_service = ip_vs_lblc_update_svc, 545 .update_service = ip_vs_lblc_update_svc,
@@ -550,7 +551,6 @@ static int __init ip_vs_lblc_init(void)
550{ 551{
551 int ret; 552 int ret;
552 553
553 INIT_LIST_HEAD(&ip_vs_lblc_scheduler.n_list);
554 sysctl_header = register_sysctl_paths(net_vs_ctl_path, vs_vars_table); 554 sysctl_header = register_sysctl_paths(net_vs_ctl_path, vs_vars_table);
555 ret = register_ip_vs_scheduler(&ip_vs_lblc_scheduler); 555 ret = register_ip_vs_scheduler(&ip_vs_lblc_scheduler);
556 if (ret) 556 if (ret)
diff --git a/net/ipv4/ipvs/ip_vs_lblcr.c b/net/ipv4/ipvs/ip_vs_lblcr.c
index 8e3bbeb45138..c234e73968a6 100644
--- a/net/ipv4/ipvs/ip_vs_lblcr.c
+++ b/net/ipv4/ipvs/ip_vs_lblcr.c
@@ -728,6 +728,7 @@ static struct ip_vs_scheduler ip_vs_lblcr_scheduler =
728 .name = "lblcr", 728 .name = "lblcr",
729 .refcnt = ATOMIC_INIT(0), 729 .refcnt = ATOMIC_INIT(0),
730 .module = THIS_MODULE, 730 .module = THIS_MODULE,
731 .n_list = LIST_HEAD_INIT(ip_vs_lblcr_scheduler.n_list),
731 .init_service = ip_vs_lblcr_init_svc, 732 .init_service = ip_vs_lblcr_init_svc,
732 .done_service = ip_vs_lblcr_done_svc, 733 .done_service = ip_vs_lblcr_done_svc,
733 .update_service = ip_vs_lblcr_update_svc, 734 .update_service = ip_vs_lblcr_update_svc,
@@ -739,7 +740,6 @@ static int __init ip_vs_lblcr_init(void)
739{ 740{
740 int ret; 741 int ret;
741 742
742 INIT_LIST_HEAD(&ip_vs_lblcr_scheduler.n_list);
743 sysctl_header = register_sysctl_paths(net_vs_ctl_path, vs_vars_table); 743 sysctl_header = register_sysctl_paths(net_vs_ctl_path, vs_vars_table);
744 ret = register_ip_vs_scheduler(&ip_vs_lblcr_scheduler); 744 ret = register_ip_vs_scheduler(&ip_vs_lblcr_scheduler);
745 if (ret) 745 if (ret)
diff --git a/net/ipv4/ipvs/ip_vs_lc.c b/net/ipv4/ipvs/ip_vs_lc.c
index ac9f08e065d5..ebcdbf75ac65 100644
--- a/net/ipv4/ipvs/ip_vs_lc.c
+++ b/net/ipv4/ipvs/ip_vs_lc.c
@@ -98,6 +98,7 @@ static struct ip_vs_scheduler ip_vs_lc_scheduler = {
98 .name = "lc", 98 .name = "lc",
99 .refcnt = ATOMIC_INIT(0), 99 .refcnt = ATOMIC_INIT(0),
100 .module = THIS_MODULE, 100 .module = THIS_MODULE,
101 .n_list = LIST_HEAD_INIT(ip_vs_lc_scheduler.n_list),
101 .init_service = ip_vs_lc_init_svc, 102 .init_service = ip_vs_lc_init_svc,
102 .done_service = ip_vs_lc_done_svc, 103 .done_service = ip_vs_lc_done_svc,
103 .update_service = ip_vs_lc_update_svc, 104 .update_service = ip_vs_lc_update_svc,
@@ -107,7 +108,6 @@ static struct ip_vs_scheduler ip_vs_lc_scheduler = {
107 108
108static int __init ip_vs_lc_init(void) 109static int __init ip_vs_lc_init(void)
109{ 110{
110 INIT_LIST_HEAD(&ip_vs_lc_scheduler.n_list);
111 return register_ip_vs_scheduler(&ip_vs_lc_scheduler) ; 111 return register_ip_vs_scheduler(&ip_vs_lc_scheduler) ;
112} 112}
113 113
diff --git a/net/ipv4/ipvs/ip_vs_nq.c b/net/ipv4/ipvs/ip_vs_nq.c
index a46bf258d420..92f3a6770031 100644
--- a/net/ipv4/ipvs/ip_vs_nq.c
+++ b/net/ipv4/ipvs/ip_vs_nq.c
@@ -136,6 +136,7 @@ static struct ip_vs_scheduler ip_vs_nq_scheduler =
136 .name = "nq", 136 .name = "nq",
137 .refcnt = ATOMIC_INIT(0), 137 .refcnt = ATOMIC_INIT(0),
138 .module = THIS_MODULE, 138 .module = THIS_MODULE,
139 .n_list = LIST_HEAD_INIT(ip_vs_nq_scheduler.n_list),
139 .init_service = ip_vs_nq_init_svc, 140 .init_service = ip_vs_nq_init_svc,
140 .done_service = ip_vs_nq_done_svc, 141 .done_service = ip_vs_nq_done_svc,
141 .update_service = ip_vs_nq_update_svc, 142 .update_service = ip_vs_nq_update_svc,
@@ -145,7 +146,6 @@ static struct ip_vs_scheduler ip_vs_nq_scheduler =
145 146
146static int __init ip_vs_nq_init(void) 147static int __init ip_vs_nq_init(void)
147{ 148{
148 INIT_LIST_HEAD(&ip_vs_nq_scheduler.n_list);
149 return register_ip_vs_scheduler(&ip_vs_nq_scheduler); 149 return register_ip_vs_scheduler(&ip_vs_nq_scheduler);
150} 150}
151 151
diff --git a/net/ipv4/ipvs/ip_vs_proto.c b/net/ipv4/ipvs/ip_vs_proto.c
index 876714f23d65..6099a88fc200 100644
--- a/net/ipv4/ipvs/ip_vs_proto.c
+++ b/net/ipv4/ipvs/ip_vs_proto.c
@@ -43,7 +43,7 @@ static struct ip_vs_protocol *ip_vs_proto_table[IP_VS_PROTO_TAB_SIZE];
43/* 43/*
44 * register an ipvs protocol 44 * register an ipvs protocol
45 */ 45 */
46static int __used register_ip_vs_protocol(struct ip_vs_protocol *pp) 46static int __used __init register_ip_vs_protocol(struct ip_vs_protocol *pp)
47{ 47{
48 unsigned hash = IP_VS_PROTO_HASH(pp->protocol); 48 unsigned hash = IP_VS_PROTO_HASH(pp->protocol);
49 49
@@ -190,7 +190,7 @@ ip_vs_tcpudp_debug_packet(struct ip_vs_protocol *pp,
190} 190}
191 191
192 192
193int ip_vs_protocol_init(void) 193int __init ip_vs_protocol_init(void)
194{ 194{
195 char protocols[64]; 195 char protocols[64];
196#define REGISTER_PROTOCOL(p) \ 196#define REGISTER_PROTOCOL(p) \
diff --git a/net/ipv4/ipvs/ip_vs_rr.c b/net/ipv4/ipvs/ip_vs_rr.c
index c8db12d39e61..358110d17e59 100644
--- a/net/ipv4/ipvs/ip_vs_rr.c
+++ b/net/ipv4/ipvs/ip_vs_rr.c
@@ -94,6 +94,7 @@ static struct ip_vs_scheduler ip_vs_rr_scheduler = {
94 .name = "rr", /* name */ 94 .name = "rr", /* name */
95 .refcnt = ATOMIC_INIT(0), 95 .refcnt = ATOMIC_INIT(0),
96 .module = THIS_MODULE, 96 .module = THIS_MODULE,
97 .n_list = LIST_HEAD_INIT(ip_vs_rr_scheduler.n_list),
97 .init_service = ip_vs_rr_init_svc, 98 .init_service = ip_vs_rr_init_svc,
98 .done_service = ip_vs_rr_done_svc, 99 .done_service = ip_vs_rr_done_svc,
99 .update_service = ip_vs_rr_update_svc, 100 .update_service = ip_vs_rr_update_svc,
@@ -102,7 +103,6 @@ static struct ip_vs_scheduler ip_vs_rr_scheduler = {
102 103
103static int __init ip_vs_rr_init(void) 104static int __init ip_vs_rr_init(void)
104{ 105{
105 INIT_LIST_HEAD(&ip_vs_rr_scheduler.n_list);
106 return register_ip_vs_scheduler(&ip_vs_rr_scheduler); 106 return register_ip_vs_scheduler(&ip_vs_rr_scheduler);
107} 107}
108 108
diff --git a/net/ipv4/ipvs/ip_vs_sched.c b/net/ipv4/ipvs/ip_vs_sched.c
index b64767309855..a46ad9e35016 100644
--- a/net/ipv4/ipvs/ip_vs_sched.c
+++ b/net/ipv4/ipvs/ip_vs_sched.c
@@ -184,7 +184,7 @@ int register_ip_vs_scheduler(struct ip_vs_scheduler *scheduler)
184 184
185 write_lock_bh(&__ip_vs_sched_lock); 185 write_lock_bh(&__ip_vs_sched_lock);
186 186
187 if (scheduler->n_list.next != &scheduler->n_list) { 187 if (!list_empty(&scheduler->n_list)) {
188 write_unlock_bh(&__ip_vs_sched_lock); 188 write_unlock_bh(&__ip_vs_sched_lock);
189 ip_vs_use_count_dec(); 189 ip_vs_use_count_dec();
190 IP_VS_ERR("register_ip_vs_scheduler(): [%s] scheduler " 190 IP_VS_ERR("register_ip_vs_scheduler(): [%s] scheduler "
@@ -229,7 +229,7 @@ int unregister_ip_vs_scheduler(struct ip_vs_scheduler *scheduler)
229 } 229 }
230 230
231 write_lock_bh(&__ip_vs_sched_lock); 231 write_lock_bh(&__ip_vs_sched_lock);
232 if (scheduler->n_list.next == &scheduler->n_list) { 232 if (list_empty(&scheduler->n_list)) {
233 write_unlock_bh(&__ip_vs_sched_lock); 233 write_unlock_bh(&__ip_vs_sched_lock);
234 IP_VS_ERR("unregister_ip_vs_scheduler(): [%s] scheduler " 234 IP_VS_ERR("unregister_ip_vs_scheduler(): [%s] scheduler "
235 "is not in the list. failed\n", scheduler->name); 235 "is not in the list. failed\n", scheduler->name);
diff --git a/net/ipv4/ipvs/ip_vs_sed.c b/net/ipv4/ipvs/ip_vs_sed.c
index 2a7d31358181..77663d84cbd1 100644
--- a/net/ipv4/ipvs/ip_vs_sed.c
+++ b/net/ipv4/ipvs/ip_vs_sed.c
@@ -138,6 +138,7 @@ static struct ip_vs_scheduler ip_vs_sed_scheduler =
138 .name = "sed", 138 .name = "sed",
139 .refcnt = ATOMIC_INIT(0), 139 .refcnt = ATOMIC_INIT(0),
140 .module = THIS_MODULE, 140 .module = THIS_MODULE,
141 .n_list = LIST_HEAD_INIT(ip_vs_sed_scheduler.n_list),
141 .init_service = ip_vs_sed_init_svc, 142 .init_service = ip_vs_sed_init_svc,
142 .done_service = ip_vs_sed_done_svc, 143 .done_service = ip_vs_sed_done_svc,
143 .update_service = ip_vs_sed_update_svc, 144 .update_service = ip_vs_sed_update_svc,
@@ -147,7 +148,6 @@ static struct ip_vs_scheduler ip_vs_sed_scheduler =
147 148
148static int __init ip_vs_sed_init(void) 149static int __init ip_vs_sed_init(void)
149{ 150{
150 INIT_LIST_HEAD(&ip_vs_sed_scheduler.n_list);
151 return register_ip_vs_scheduler(&ip_vs_sed_scheduler); 151 return register_ip_vs_scheduler(&ip_vs_sed_scheduler);
152} 152}
153 153
diff --git a/net/ipv4/ipvs/ip_vs_sh.c b/net/ipv4/ipvs/ip_vs_sh.c
index b8fdfac65001..7b979e228056 100644
--- a/net/ipv4/ipvs/ip_vs_sh.c
+++ b/net/ipv4/ipvs/ip_vs_sh.c
@@ -230,6 +230,7 @@ static struct ip_vs_scheduler ip_vs_sh_scheduler =
230 .name = "sh", 230 .name = "sh",
231 .refcnt = ATOMIC_INIT(0), 231 .refcnt = ATOMIC_INIT(0),
232 .module = THIS_MODULE, 232 .module = THIS_MODULE,
233 .n_list = LIST_HEAD_INIT(ip_vs_sh_scheduler.n_list),
233 .init_service = ip_vs_sh_init_svc, 234 .init_service = ip_vs_sh_init_svc,
234 .done_service = ip_vs_sh_done_svc, 235 .done_service = ip_vs_sh_done_svc,
235 .update_service = ip_vs_sh_update_svc, 236 .update_service = ip_vs_sh_update_svc,
@@ -239,7 +240,6 @@ static struct ip_vs_scheduler ip_vs_sh_scheduler =
239 240
240static int __init ip_vs_sh_init(void) 241static int __init ip_vs_sh_init(void)
241{ 242{
242 INIT_LIST_HEAD(&ip_vs_sh_scheduler.n_list);
243 return register_ip_vs_scheduler(&ip_vs_sh_scheduler); 243 return register_ip_vs_scheduler(&ip_vs_sh_scheduler);
244} 244}
245 245
diff --git a/net/ipv4/ipvs/ip_vs_sync.c b/net/ipv4/ipvs/ip_vs_sync.c
index 45e9bd96c286..a652da2c3200 100644
--- a/net/ipv4/ipvs/ip_vs_sync.c
+++ b/net/ipv4/ipvs/ip_vs_sync.c
@@ -904,9 +904,9 @@ int stop_sync_thread(int state)
904 * progress of stopping the master sync daemon. 904 * progress of stopping the master sync daemon.
905 */ 905 */
906 906
907 spin_lock(&ip_vs_sync_lock); 907 spin_lock_bh(&ip_vs_sync_lock);
908 ip_vs_sync_state &= ~IP_VS_STATE_MASTER; 908 ip_vs_sync_state &= ~IP_VS_STATE_MASTER;
909 spin_unlock(&ip_vs_sync_lock); 909 spin_unlock_bh(&ip_vs_sync_lock);
910 kthread_stop(sync_master_thread); 910 kthread_stop(sync_master_thread);
911 sync_master_thread = NULL; 911 sync_master_thread = NULL;
912 } else if (state == IP_VS_STATE_BACKUP) { 912 } else if (state == IP_VS_STATE_BACKUP) {
diff --git a/net/ipv4/ipvs/ip_vs_wlc.c b/net/ipv4/ipvs/ip_vs_wlc.c
index 772c3cb4eca1..9b0ef86bb1f7 100644
--- a/net/ipv4/ipvs/ip_vs_wlc.c
+++ b/net/ipv4/ipvs/ip_vs_wlc.c
@@ -126,6 +126,7 @@ static struct ip_vs_scheduler ip_vs_wlc_scheduler =
126 .name = "wlc", 126 .name = "wlc",
127 .refcnt = ATOMIC_INIT(0), 127 .refcnt = ATOMIC_INIT(0),
128 .module = THIS_MODULE, 128 .module = THIS_MODULE,
129 .n_list = LIST_HEAD_INIT(ip_vs_wlc_scheduler.n_list),
129 .init_service = ip_vs_wlc_init_svc, 130 .init_service = ip_vs_wlc_init_svc,
130 .done_service = ip_vs_wlc_done_svc, 131 .done_service = ip_vs_wlc_done_svc,
131 .update_service = ip_vs_wlc_update_svc, 132 .update_service = ip_vs_wlc_update_svc,
@@ -135,7 +136,6 @@ static struct ip_vs_scheduler ip_vs_wlc_scheduler =
135 136
136static int __init ip_vs_wlc_init(void) 137static int __init ip_vs_wlc_init(void)
137{ 138{
138 INIT_LIST_HEAD(&ip_vs_wlc_scheduler.n_list);
139 return register_ip_vs_scheduler(&ip_vs_wlc_scheduler); 139 return register_ip_vs_scheduler(&ip_vs_wlc_scheduler);
140} 140}
141 141
diff --git a/net/ipv4/ipvs/ip_vs_wrr.c b/net/ipv4/ipvs/ip_vs_wrr.c
index 1d6932d7dc97..0d86a79b87b5 100644
--- a/net/ipv4/ipvs/ip_vs_wrr.c
+++ b/net/ipv4/ipvs/ip_vs_wrr.c
@@ -212,6 +212,7 @@ static struct ip_vs_scheduler ip_vs_wrr_scheduler = {
212 .name = "wrr", 212 .name = "wrr",
213 .refcnt = ATOMIC_INIT(0), 213 .refcnt = ATOMIC_INIT(0),
214 .module = THIS_MODULE, 214 .module = THIS_MODULE,
215 .n_list = LIST_HEAD_INIT(ip_vs_wrr_scheduler.n_list),
215 .init_service = ip_vs_wrr_init_svc, 216 .init_service = ip_vs_wrr_init_svc,
216 .done_service = ip_vs_wrr_done_svc, 217 .done_service = ip_vs_wrr_done_svc,
217 .update_service = ip_vs_wrr_update_svc, 218 .update_service = ip_vs_wrr_update_svc,
@@ -220,7 +221,6 @@ static struct ip_vs_scheduler ip_vs_wrr_scheduler = {
220 221
221static int __init ip_vs_wrr_init(void) 222static int __init ip_vs_wrr_init(void)
222{ 223{
223 INIT_LIST_HEAD(&ip_vs_wrr_scheduler.n_list);
224 return register_ip_vs_scheduler(&ip_vs_wrr_scheduler) ; 224 return register_ip_vs_scheduler(&ip_vs_wrr_scheduler) ;
225} 225}
226 226
diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig
index f23e60c93ef9..90eb7cb47e77 100644
--- a/net/ipv4/netfilter/Kconfig
+++ b/net/ipv4/netfilter/Kconfig
@@ -369,7 +369,7 @@ config IP_NF_SECURITY
369 tristate "Security table" 369 tristate "Security table"
370 depends on IP_NF_IPTABLES 370 depends on IP_NF_IPTABLES
371 depends on SECURITY 371 depends on SECURITY
372 default m if NETFILTER_ADVANCED=n 372 depends on NETFILTER_ADVANCED
373 help 373 help
374 This option adds a `security' table to iptables, for use 374 This option adds a `security' table to iptables, for use
375 with Mandatory Access Control (MAC) policy. 375 with Mandatory Access Control (MAC) policy.
diff --git a/net/ipv4/netfilter/arptable_filter.c b/net/ipv4/netfilter/arptable_filter.c
index 3be4d07e7ed9..082f5dd3156c 100644
--- a/net/ipv4/netfilter/arptable_filter.c
+++ b/net/ipv4/netfilter/arptable_filter.c
@@ -55,32 +55,53 @@ static struct xt_table packet_filter = {
55}; 55};
56 56
57/* The work comes in here from netfilter.c */ 57/* The work comes in here from netfilter.c */
58static unsigned int arpt_hook(unsigned int hook, 58static unsigned int arpt_in_hook(unsigned int hook,
59 struct sk_buff *skb, 59 struct sk_buff *skb,
60 const struct net_device *in, 60 const struct net_device *in,
61 const struct net_device *out, 61 const struct net_device *out,
62 int (*okfn)(struct sk_buff *)) 62 int (*okfn)(struct sk_buff *))
63{ 63{
64 return arpt_do_table(skb, hook, in, out, init_net.ipv4.arptable_filter); 64 return arpt_do_table(skb, hook, in, out,
65 dev_net(in)->ipv4.arptable_filter);
66}
67
68static unsigned int arpt_out_hook(unsigned int hook,
69 struct sk_buff *skb,
70 const struct net_device *in,
71 const struct net_device *out,
72 int (*okfn)(struct sk_buff *))
73{
74 return arpt_do_table(skb, hook, in, out,
75 dev_net(out)->ipv4.arptable_filter);
76}
77
78static unsigned int arpt_forward_hook(unsigned int hook,
79 struct sk_buff *skb,
80 const struct net_device *in,
81 const struct net_device *out,
82 int (*okfn)(struct sk_buff *))
83{
84 return arpt_do_table(skb, hook, in, out,
85 dev_net(in)->ipv4.arptable_filter);
65} 86}
66 87
67static struct nf_hook_ops arpt_ops[] __read_mostly = { 88static struct nf_hook_ops arpt_ops[] __read_mostly = {
68 { 89 {
69 .hook = arpt_hook, 90 .hook = arpt_in_hook,
70 .owner = THIS_MODULE, 91 .owner = THIS_MODULE,
71 .pf = NF_ARP, 92 .pf = NF_ARP,
72 .hooknum = NF_ARP_IN, 93 .hooknum = NF_ARP_IN,
73 .priority = NF_IP_PRI_FILTER, 94 .priority = NF_IP_PRI_FILTER,
74 }, 95 },
75 { 96 {
76 .hook = arpt_hook, 97 .hook = arpt_out_hook,
77 .owner = THIS_MODULE, 98 .owner = THIS_MODULE,
78 .pf = NF_ARP, 99 .pf = NF_ARP,
79 .hooknum = NF_ARP_OUT, 100 .hooknum = NF_ARP_OUT,
80 .priority = NF_IP_PRI_FILTER, 101 .priority = NF_IP_PRI_FILTER,
81 }, 102 },
82 { 103 {
83 .hook = arpt_hook, 104 .hook = arpt_forward_hook,
84 .owner = THIS_MODULE, 105 .owner = THIS_MODULE,
85 .pf = NF_ARP, 106 .pf = NF_ARP,
86 .hooknum = NF_ARP_FORWARD, 107 .hooknum = NF_ARP_FORWARD,
diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c
index 1819ad7ab910..fafe8ebb4c55 100644
--- a/net/ipv4/netfilter/ipt_CLUSTERIP.c
+++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c
@@ -475,11 +475,10 @@ static void arp_print(struct arp_payload *payload)
475#define HBUFFERLEN 30 475#define HBUFFERLEN 30
476 char hbuffer[HBUFFERLEN]; 476 char hbuffer[HBUFFERLEN];
477 int j,k; 477 int j,k;
478 const char hexbuf[]= "0123456789abcdef";
479 478
480 for (k=0, j=0; k < HBUFFERLEN-3 && j < ETH_ALEN; j++) { 479 for (k=0, j=0; k < HBUFFERLEN-3 && j < ETH_ALEN; j++) {
481 hbuffer[k++]=hexbuf[(payload->src_hw[j]>>4)&15]; 480 hbuffer[k++] = hex_asc_hi(payload->src_hw[j]);
482 hbuffer[k++]=hexbuf[payload->src_hw[j]&15]; 481 hbuffer[k++] = hex_asc_lo(payload->src_hw[j]);
483 hbuffer[k++]=':'; 482 hbuffer[k++]=':';
484 } 483 }
485 hbuffer[--k]='\0'; 484 hbuffer[--k]='\0';
diff --git a/net/ipv4/netfilter/ipt_recent.c b/net/ipv4/netfilter/ipt_recent.c
index 21cb053f5d7d..3974d7cae5c0 100644
--- a/net/ipv4/netfilter/ipt_recent.c
+++ b/net/ipv4/netfilter/ipt_recent.c
@@ -305,10 +305,10 @@ static void recent_mt_destroy(const struct xt_match *match, void *matchinfo)
305 spin_lock_bh(&recent_lock); 305 spin_lock_bh(&recent_lock);
306 list_del(&t->list); 306 list_del(&t->list);
307 spin_unlock_bh(&recent_lock); 307 spin_unlock_bh(&recent_lock);
308 recent_table_flush(t);
309#ifdef CONFIG_PROC_FS 308#ifdef CONFIG_PROC_FS
310 remove_proc_entry(t->name, proc_dir); 309 remove_proc_entry(t->name, proc_dir);
311#endif 310#endif
311 recent_table_flush(t);
312 kfree(t); 312 kfree(t);
313 } 313 }
314 mutex_unlock(&recent_mutex); 314 mutex_unlock(&recent_mutex);
diff --git a/net/ipv4/netfilter/iptable_security.c b/net/ipv4/netfilter/iptable_security.c
index 2b472ac2263a..db6d312128e1 100644
--- a/net/ipv4/netfilter/iptable_security.c
+++ b/net/ipv4/netfilter/iptable_security.c
@@ -32,7 +32,7 @@ static struct
32 struct ipt_replace repl; 32 struct ipt_replace repl;
33 struct ipt_standard entries[3]; 33 struct ipt_standard entries[3];
34 struct ipt_error term; 34 struct ipt_error term;
35} initial_table __initdata = { 35} initial_table __net_initdata = {
36 .repl = { 36 .repl = {
37 .name = "security", 37 .name = "security",
38 .valid_hooks = SECURITY_VALID_HOOKS, 38 .valid_hooks = SECURITY_VALID_HOOKS,
diff --git a/net/ipv4/proc.c b/net/ipv4/proc.c
index 834356ea99df..8f5a403f6f6b 100644
--- a/net/ipv4/proc.c
+++ b/net/ipv4/proc.c
@@ -232,6 +232,8 @@ static const struct snmp_mib snmp4_net_list[] = {
232 SNMP_MIB_ITEM("TCPDSACKIgnoredOld", LINUX_MIB_TCPDSACKIGNOREDOLD), 232 SNMP_MIB_ITEM("TCPDSACKIgnoredOld", LINUX_MIB_TCPDSACKIGNOREDOLD),
233 SNMP_MIB_ITEM("TCPDSACKIgnoredNoUndo", LINUX_MIB_TCPDSACKIGNOREDNOUNDO), 233 SNMP_MIB_ITEM("TCPDSACKIgnoredNoUndo", LINUX_MIB_TCPDSACKIGNOREDNOUNDO),
234 SNMP_MIB_ITEM("TCPSpuriousRTOs", LINUX_MIB_TCPSPURIOUSRTOS), 234 SNMP_MIB_ITEM("TCPSpuriousRTOs", LINUX_MIB_TCPSPURIOUSRTOS),
235 SNMP_MIB_ITEM("TCPMD5NotFound", LINUX_MIB_TCPMD5NOTFOUND),
236 SNMP_MIB_ITEM("TCPMD5Unexpected", LINUX_MIB_TCPMD5UNEXPECTED),
235 SNMP_MIB_SENTINEL 237 SNMP_MIB_SENTINEL
236}; 238};
237 239
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index e4ab0ac94f92..16fc6f454a31 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -1502,21 +1502,21 @@ unsigned short ip_rt_frag_needed(struct net *net, struct iphdr *iph,
1502 rth->fl.iif != 0 || 1502 rth->fl.iif != 0 ||
1503 dst_metric_locked(&rth->u.dst, RTAX_MTU) || 1503 dst_metric_locked(&rth->u.dst, RTAX_MTU) ||
1504 !net_eq(dev_net(rth->u.dst.dev), net) || 1504 !net_eq(dev_net(rth->u.dst.dev), net) ||
1505 !rt_is_expired(rth)) 1505 rt_is_expired(rth))
1506 continue; 1506 continue;
1507 1507
1508 if (new_mtu < 68 || new_mtu >= old_mtu) { 1508 if (new_mtu < 68 || new_mtu >= old_mtu) {
1509 1509
1510 /* BSD 4.2 compatibility hack :-( */ 1510 /* BSD 4.2 compatibility hack :-( */
1511 if (mtu == 0 && 1511 if (mtu == 0 &&
1512 old_mtu >= dst_metric(&rth->u.dst, RTAX_MTU) && 1512 old_mtu >= dst_mtu(&rth->u.dst) &&
1513 old_mtu >= 68 + (iph->ihl << 2)) 1513 old_mtu >= 68 + (iph->ihl << 2))
1514 old_mtu -= iph->ihl << 2; 1514 old_mtu -= iph->ihl << 2;
1515 1515
1516 mtu = guess_mtu(old_mtu); 1516 mtu = guess_mtu(old_mtu);
1517 } 1517 }
1518 if (mtu <= dst_metric(&rth->u.dst, RTAX_MTU)) { 1518 if (mtu <= dst_mtu(&rth->u.dst)) {
1519 if (mtu < dst_metric(&rth->u.dst, RTAX_MTU)) { 1519 if (mtu < dst_mtu(&rth->u.dst)) {
1520 dst_confirm(&rth->u.dst); 1520 dst_confirm(&rth->u.dst);
1521 if (mtu < ip_rt_min_pmtu) { 1521 if (mtu < ip_rt_min_pmtu) {
1522 mtu = ip_rt_min_pmtu; 1522 mtu = ip_rt_min_pmtu;
@@ -1538,7 +1538,7 @@ unsigned short ip_rt_frag_needed(struct net *net, struct iphdr *iph,
1538 1538
1539static void ip_rt_update_pmtu(struct dst_entry *dst, u32 mtu) 1539static void ip_rt_update_pmtu(struct dst_entry *dst, u32 mtu)
1540{ 1540{
1541 if (dst_metric(dst, RTAX_MTU) > mtu && mtu >= 68 && 1541 if (dst_mtu(dst) > mtu && mtu >= 68 &&
1542 !(dst_metric_locked(dst, RTAX_MTU))) { 1542 !(dst_metric_locked(dst, RTAX_MTU))) {
1543 if (mtu < ip_rt_min_pmtu) { 1543 if (mtu < ip_rt_min_pmtu) {
1544 mtu = ip_rt_min_pmtu; 1544 mtu = ip_rt_min_pmtu;
@@ -1667,7 +1667,7 @@ static void rt_set_nexthop(struct rtable *rt, struct fib_result *res, u32 itag)
1667 1667
1668 if (dst_metric(&rt->u.dst, RTAX_HOPLIMIT) == 0) 1668 if (dst_metric(&rt->u.dst, RTAX_HOPLIMIT) == 0)
1669 rt->u.dst.metrics[RTAX_HOPLIMIT-1] = sysctl_ip_default_ttl; 1669 rt->u.dst.metrics[RTAX_HOPLIMIT-1] = sysctl_ip_default_ttl;
1670 if (dst_metric(&rt->u.dst, RTAX_MTU) > IP_MAX_MTU) 1670 if (dst_mtu(&rt->u.dst) > IP_MAX_MTU)
1671 rt->u.dst.metrics[RTAX_MTU-1] = IP_MAX_MTU; 1671 rt->u.dst.metrics[RTAX_MTU-1] = IP_MAX_MTU;
1672 if (dst_metric(&rt->u.dst, RTAX_ADVMSS) == 0) 1672 if (dst_metric(&rt->u.dst, RTAX_ADVMSS) == 0)
1673 rt->u.dst.metrics[RTAX_ADVMSS-1] = max_t(unsigned int, rt->u.dst.dev->mtu - 40, 1673 rt->u.dst.metrics[RTAX_ADVMSS-1] = max_t(unsigned int, rt->u.dst.dev->mtu - 40,
@@ -2914,7 +2914,7 @@ static int ipv4_sysctl_rtcache_flush_strategy(ctl_table *table,
2914 return 0; 2914 return 0;
2915} 2915}
2916 2916
2917ctl_table ipv4_route_table[] = { 2917static ctl_table ipv4_route_table[] = {
2918 { 2918 {
2919 .ctl_name = NET_IPV4_ROUTE_GC_THRESH, 2919 .ctl_name = NET_IPV4_ROUTE_GC_THRESH,
2920 .procname = "gc_thresh", 2920 .procname = "gc_thresh",
@@ -3216,6 +3216,17 @@ int __init ip_rt_init(void)
3216 return rc; 3216 return rc;
3217} 3217}
3218 3218
3219#ifdef CONFIG_SYSCTL
3220/*
3221 * We really need to sanitize the damn ipv4 init order, then all
3222 * this nonsense will go away.
3223 */
3224void __init ip_static_sysctl_init(void)
3225{
3226 register_sysctl_paths(ipv4_route_path, ipv4_route_table);
3227}
3228#endif
3229
3219EXPORT_SYMBOL(__ip_select_ident); 3230EXPORT_SYMBOL(__ip_select_ident);
3220EXPORT_SYMBOL(ip_route_input); 3231EXPORT_SYMBOL(ip_route_input);
3221EXPORT_SYMBOL(ip_route_output_key); 3232EXPORT_SYMBOL(ip_route_output_key);
diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c
index 51bc24d3b8a7..9d38005abbac 100644
--- a/net/ipv4/syncookies.c
+++ b/net/ipv4/syncookies.c
@@ -299,6 +299,7 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
299 ireq->rmt_port = th->source; 299 ireq->rmt_port = th->source;
300 ireq->loc_addr = ip_hdr(skb)->daddr; 300 ireq->loc_addr = ip_hdr(skb)->daddr;
301 ireq->rmt_addr = ip_hdr(skb)->saddr; 301 ireq->rmt_addr = ip_hdr(skb)->saddr;
302 ireq->ecn_ok = 0;
302 ireq->snd_wscale = tcp_opt.snd_wscale; 303 ireq->snd_wscale = tcp_opt.snd_wscale;
303 ireq->rcv_wscale = tcp_opt.rcv_wscale; 304 ireq->rcv_wscale = tcp_opt.rcv_wscale;
304 ireq->sack_ok = tcp_opt.sack_ok; 305 ireq->sack_ok = tcp_opt.sack_ok;
diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c
index 14ef202a2254..e0689fd7b798 100644
--- a/net/ipv4/sysctl_net_ipv4.c
+++ b/net/ipv4/sysctl_net_ipv4.c
@@ -232,6 +232,7 @@ static struct ctl_table ipv4_table[] = {
232 .mode = 0644, 232 .mode = 0644,
233 .proc_handler = &ipv4_doint_and_flush, 233 .proc_handler = &ipv4_doint_and_flush,
234 .strategy = &ipv4_doint_and_flush_strategy, 234 .strategy = &ipv4_doint_and_flush_strategy,
235 .extra2 = &init_net,
235 }, 236 },
236 { 237 {
237 .ctl_name = NET_IPV4_NO_PMTU_DISC, 238 .ctl_name = NET_IPV4_NO_PMTU_DISC,
@@ -401,13 +402,6 @@ static struct ctl_table ipv4_table[] = {
401 .proc_handler = &ipv4_local_port_range, 402 .proc_handler = &ipv4_local_port_range,
402 .strategy = &ipv4_sysctl_local_port_range, 403 .strategy = &ipv4_sysctl_local_port_range,
403 }, 404 },
404 {
405 .ctl_name = NET_IPV4_ROUTE,
406 .procname = "route",
407 .maxlen = 0,
408 .mode = 0555,
409 .child = ipv4_route_table
410 },
411#ifdef CONFIG_IP_MULTICAST 405#ifdef CONFIG_IP_MULTICAST
412 { 406 {
413 .ctl_name = NET_IPV4_IGMP_MAX_MEMBERSHIPS, 407 .ctl_name = NET_IPV4_IGMP_MAX_MEMBERSHIPS,
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index 0b491bf03db4..1ab341e5d3e0 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -1096,7 +1096,7 @@ void tcp_cleanup_rbuf(struct sock *sk, int copied)
1096#if TCP_DEBUG 1096#if TCP_DEBUG
1097 struct sk_buff *skb = skb_peek(&sk->sk_receive_queue); 1097 struct sk_buff *skb = skb_peek(&sk->sk_receive_queue);
1098 1098
1099 BUG_TRAP(!skb || before(tp->copied_seq, TCP_SKB_CB(skb)->end_seq)); 1099 WARN_ON(skb && !before(tp->copied_seq, TCP_SKB_CB(skb)->end_seq));
1100#endif 1100#endif
1101 1101
1102 if (inet_csk_ack_scheduled(sk)) { 1102 if (inet_csk_ack_scheduled(sk)) {
@@ -1358,7 +1358,7 @@ int tcp_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
1358 goto found_ok_skb; 1358 goto found_ok_skb;
1359 if (tcp_hdr(skb)->fin) 1359 if (tcp_hdr(skb)->fin)
1360 goto found_fin_ok; 1360 goto found_fin_ok;
1361 BUG_TRAP(flags & MSG_PEEK); 1361 WARN_ON(!(flags & MSG_PEEK));
1362 skb = skb->next; 1362 skb = skb->next;
1363 } while (skb != (struct sk_buff *)&sk->sk_receive_queue); 1363 } while (skb != (struct sk_buff *)&sk->sk_receive_queue);
1364 1364
@@ -1421,8 +1421,8 @@ int tcp_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
1421 1421
1422 tp->ucopy.len = len; 1422 tp->ucopy.len = len;
1423 1423
1424 BUG_TRAP(tp->copied_seq == tp->rcv_nxt || 1424 WARN_ON(tp->copied_seq != tp->rcv_nxt &&
1425 (flags & (MSG_PEEK | MSG_TRUNC))); 1425 !(flags & (MSG_PEEK | MSG_TRUNC)));
1426 1426
1427 /* Ugly... If prequeue is not empty, we have to 1427 /* Ugly... If prequeue is not empty, we have to
1428 * process it before releasing socket, otherwise 1428 * process it before releasing socket, otherwise
@@ -1844,7 +1844,7 @@ adjudge_to_death:
1844 */ 1844 */
1845 local_bh_disable(); 1845 local_bh_disable();
1846 bh_lock_sock(sk); 1846 bh_lock_sock(sk);
1847 BUG_TRAP(!sock_owned_by_user(sk)); 1847 WARN_ON(sock_owned_by_user(sk));
1848 1848
1849 /* Have we already been destroyed by a softirq or backlog? */ 1849 /* Have we already been destroyed by a softirq or backlog? */
1850 if (state != TCP_CLOSE && sk->sk_state == TCP_CLOSE) 1850 if (state != TCP_CLOSE && sk->sk_state == TCP_CLOSE)
@@ -1973,7 +1973,7 @@ int tcp_disconnect(struct sock *sk, int flags)
1973 memset(&tp->rx_opt, 0, sizeof(tp->rx_opt)); 1973 memset(&tp->rx_opt, 0, sizeof(tp->rx_opt));
1974 __sk_dst_reset(sk); 1974 __sk_dst_reset(sk);
1975 1975
1976 BUG_TRAP(!inet->num || icsk->icsk_bind_hash); 1976 WARN_ON(inet->num && !icsk->icsk_bind_hash);
1977 1977
1978 sk->sk_error_report(sk); 1978 sk->sk_error_report(sk);
1979 return err; 1979 return err;
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index 1f5e6049883e..67ccce2a96bd 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -1629,10 +1629,10 @@ advance_sp:
1629out: 1629out:
1630 1630
1631#if FASTRETRANS_DEBUG > 0 1631#if FASTRETRANS_DEBUG > 0
1632 BUG_TRAP((int)tp->sacked_out >= 0); 1632 WARN_ON((int)tp->sacked_out < 0);
1633 BUG_TRAP((int)tp->lost_out >= 0); 1633 WARN_ON((int)tp->lost_out < 0);
1634 BUG_TRAP((int)tp->retrans_out >= 0); 1634 WARN_ON((int)tp->retrans_out < 0);
1635 BUG_TRAP((int)tcp_packets_in_flight(tp) >= 0); 1635 WARN_ON((int)tcp_packets_in_flight(tp) < 0);
1636#endif 1636#endif
1637 return flag; 1637 return flag;
1638} 1638}
@@ -2181,7 +2181,7 @@ static void tcp_mark_head_lost(struct sock *sk, int packets)
2181 int err; 2181 int err;
2182 unsigned int mss; 2182 unsigned int mss;
2183 2183
2184 BUG_TRAP(packets <= tp->packets_out); 2184 WARN_ON(packets > tp->packets_out);
2185 if (tp->lost_skb_hint) { 2185 if (tp->lost_skb_hint) {
2186 skb = tp->lost_skb_hint; 2186 skb = tp->lost_skb_hint;
2187 cnt = tp->lost_cnt_hint; 2187 cnt = tp->lost_cnt_hint;
@@ -2610,7 +2610,7 @@ static void tcp_fastretrans_alert(struct sock *sk, int pkts_acked, int flag)
2610 /* E. Check state exit conditions. State can be terminated 2610 /* E. Check state exit conditions. State can be terminated
2611 * when high_seq is ACKed. */ 2611 * when high_seq is ACKed. */
2612 if (icsk->icsk_ca_state == TCP_CA_Open) { 2612 if (icsk->icsk_ca_state == TCP_CA_Open) {
2613 BUG_TRAP(tp->retrans_out == 0); 2613 WARN_ON(tp->retrans_out != 0);
2614 tp->retrans_stamp = 0; 2614 tp->retrans_stamp = 0;
2615 } else if (!before(tp->snd_una, tp->high_seq)) { 2615 } else if (!before(tp->snd_una, tp->high_seq)) {
2616 switch (icsk->icsk_ca_state) { 2616 switch (icsk->icsk_ca_state) {
@@ -2972,9 +2972,9 @@ static int tcp_clean_rtx_queue(struct sock *sk, int prior_fackets)
2972 } 2972 }
2973 2973
2974#if FASTRETRANS_DEBUG > 0 2974#if FASTRETRANS_DEBUG > 0
2975 BUG_TRAP((int)tp->sacked_out >= 0); 2975 WARN_ON((int)tp->sacked_out < 0);
2976 BUG_TRAP((int)tp->lost_out >= 0); 2976 WARN_ON((int)tp->lost_out < 0);
2977 BUG_TRAP((int)tp->retrans_out >= 0); 2977 WARN_ON((int)tp->retrans_out < 0);
2978 if (!tp->packets_out && tcp_is_sack(tp)) { 2978 if (!tp->packets_out && tcp_is_sack(tp)) {
2979 icsk = inet_csk(sk); 2979 icsk = inet_csk(sk);
2980 if (tp->lost_out) { 2980 if (tp->lost_out) {
@@ -3292,6 +3292,7 @@ static int tcp_ack(struct sock *sk, struct sk_buff *skb, int flag)
3292 * log. Something worked... 3292 * log. Something worked...
3293 */ 3293 */
3294 sk->sk_err_soft = 0; 3294 sk->sk_err_soft = 0;
3295 icsk->icsk_probes_out = 0;
3295 tp->rcv_tstamp = tcp_time_stamp; 3296 tp->rcv_tstamp = tcp_time_stamp;
3296 prior_packets = tp->packets_out; 3297 prior_packets = tp->packets_out;
3297 if (!prior_packets) 3298 if (!prior_packets)
@@ -3324,8 +3325,6 @@ static int tcp_ack(struct sock *sk, struct sk_buff *skb, int flag)
3324 return 1; 3325 return 1;
3325 3326
3326no_queue: 3327no_queue:
3327 icsk->icsk_probes_out = 0;
3328
3329 /* If this ack opens up a zero window, clear backoff. It was 3328 /* If this ack opens up a zero window, clear backoff. It was
3330 * being used to time the probes, and is probably far higher than 3329 * being used to time the probes, and is probably far higher than
3331 * it needs to be for normal retransmission. 3330 * it needs to be for normal retransmission.
@@ -3878,7 +3877,7 @@ static void tcp_sack_remove(struct tcp_sock *tp)
3878 int i; 3877 int i;
3879 3878
3880 /* RCV.NXT must cover all the block! */ 3879 /* RCV.NXT must cover all the block! */
3881 BUG_TRAP(!before(tp->rcv_nxt, sp->end_seq)); 3880 WARN_ON(before(tp->rcv_nxt, sp->end_seq));
3882 3881
3883 /* Zap this SACK, by moving forward any other SACKS. */ 3882 /* Zap this SACK, by moving forward any other SACKS. */
3884 for (i=this_sack+1; i < num_sacks; i++) 3883 for (i=this_sack+1; i < num_sacks; i++)
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index a82df6307567..44c1e934824b 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -418,7 +418,7 @@ void tcp_v4_err(struct sk_buff *skb, u32 info)
418 /* ICMPs are not backlogged, hence we cannot get 418 /* ICMPs are not backlogged, hence we cannot get
419 an established socket here. 419 an established socket here.
420 */ 420 */
421 BUG_TRAP(!req->sk); 421 WARN_ON(req->sk);
422 422
423 if (seq != tcp_rsk(req)->snt_isn) { 423 if (seq != tcp_rsk(req)->snt_isn) {
424 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS); 424 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
@@ -655,8 +655,8 @@ static void tcp_v4_send_ack(struct sk_buff *skb, u32 seq, u32 ack,
655 rep.th.doff = arg.iov[0].iov_len/4; 655 rep.th.doff = arg.iov[0].iov_len/4;
656 656
657 tcp_v4_md5_hash_hdr((__u8 *) &rep.opt[offset], 657 tcp_v4_md5_hash_hdr((__u8 *) &rep.opt[offset],
658 key, ip_hdr(skb)->daddr, 658 key, ip_hdr(skb)->saddr,
659 ip_hdr(skb)->saddr, &rep.th); 659 ip_hdr(skb)->daddr, &rep.th);
660 } 660 }
661#endif 661#endif
662 arg.csum = csum_tcpudp_nofold(ip_hdr(skb)->daddr, 662 arg.csum = csum_tcpudp_nofold(ip_hdr(skb)->daddr,
@@ -687,14 +687,14 @@ static void tcp_v4_timewait_ack(struct sock *sk, struct sk_buff *skb)
687 inet_twsk_put(tw); 687 inet_twsk_put(tw);
688} 688}
689 689
690static void tcp_v4_reqsk_send_ack(struct sk_buff *skb, 690static void tcp_v4_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
691 struct request_sock *req) 691 struct request_sock *req)
692{ 692{
693 tcp_v4_send_ack(skb, tcp_rsk(req)->snt_isn + 1, 693 tcp_v4_send_ack(skb, tcp_rsk(req)->snt_isn + 1,
694 tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd, 694 tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd,
695 req->ts_recent, 695 req->ts_recent,
696 0, 696 0,
697 tcp_v4_md5_do_lookup(skb->sk, ip_hdr(skb)->daddr)); 697 tcp_v4_md5_do_lookup(sk, ip_hdr(skb)->daddr));
698} 698}
699 699
700/* 700/*
@@ -1116,18 +1116,12 @@ static int tcp_v4_inbound_md5_hash(struct sock *sk, struct sk_buff *skb)
1116 return 0; 1116 return 0;
1117 1117
1118 if (hash_expected && !hash_location) { 1118 if (hash_expected && !hash_location) {
1119 LIMIT_NETDEBUG(KERN_INFO "MD5 Hash expected but NOT found " 1119 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND);
1120 "(" NIPQUAD_FMT ", %d)->(" NIPQUAD_FMT ", %d)\n",
1121 NIPQUAD(iph->saddr), ntohs(th->source),
1122 NIPQUAD(iph->daddr), ntohs(th->dest));
1123 return 1; 1120 return 1;
1124 } 1121 }
1125 1122
1126 if (!hash_expected && hash_location) { 1123 if (!hash_expected && hash_location) {
1127 LIMIT_NETDEBUG(KERN_INFO "MD5 Hash NOT expected but found " 1124 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED);
1128 "(" NIPQUAD_FMT ", %d)->(" NIPQUAD_FMT ", %d)\n",
1129 NIPQUAD(iph->saddr), ntohs(th->source),
1130 NIPQUAD(iph->daddr), ntohs(th->dest));
1131 return 1; 1125 return 1;
1132 } 1126 }
1133 1127
diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c
index 204c42162660..f976fc57892c 100644
--- a/net/ipv4/tcp_minisocks.c
+++ b/net/ipv4/tcp_minisocks.c
@@ -609,7 +609,7 @@ struct sock *tcp_check_req(struct sock *sk,struct sk_buff *skb,
609 tcp_rsk(req)->rcv_isn + 1, tcp_rsk(req)->rcv_isn + 1 + req->rcv_wnd)) { 609 tcp_rsk(req)->rcv_isn + 1, tcp_rsk(req)->rcv_isn + 1 + req->rcv_wnd)) {
610 /* Out of window: send ACK and drop. */ 610 /* Out of window: send ACK and drop. */
611 if (!(flg & TCP_FLAG_RST)) 611 if (!(flg & TCP_FLAG_RST))
612 req->rsk_ops->send_ack(skb, req); 612 req->rsk_ops->send_ack(sk, skb, req);
613 if (paws_reject) 613 if (paws_reject)
614 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_PAWSESTABREJECTED); 614 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_PAWSESTABREJECTED);
615 return NULL; 615 return NULL;
@@ -618,89 +618,87 @@ struct sock *tcp_check_req(struct sock *sk,struct sk_buff *skb,
618 /* In sequence, PAWS is OK. */ 618 /* In sequence, PAWS is OK. */
619 619
620 if (tmp_opt.saw_tstamp && !after(TCP_SKB_CB(skb)->seq, tcp_rsk(req)->rcv_isn + 1)) 620 if (tmp_opt.saw_tstamp && !after(TCP_SKB_CB(skb)->seq, tcp_rsk(req)->rcv_isn + 1))
621 req->ts_recent = tmp_opt.rcv_tsval; 621 req->ts_recent = tmp_opt.rcv_tsval;
622 622
623 if (TCP_SKB_CB(skb)->seq == tcp_rsk(req)->rcv_isn) { 623 if (TCP_SKB_CB(skb)->seq == tcp_rsk(req)->rcv_isn) {
624 /* Truncate SYN, it is out of window starting 624 /* Truncate SYN, it is out of window starting
625 at tcp_rsk(req)->rcv_isn + 1. */ 625 at tcp_rsk(req)->rcv_isn + 1. */
626 flg &= ~TCP_FLAG_SYN; 626 flg &= ~TCP_FLAG_SYN;
627 } 627 }
628 628
629 /* RFC793: "second check the RST bit" and 629 /* RFC793: "second check the RST bit" and
630 * "fourth, check the SYN bit" 630 * "fourth, check the SYN bit"
631 */ 631 */
632 if (flg & (TCP_FLAG_RST|TCP_FLAG_SYN)) { 632 if (flg & (TCP_FLAG_RST|TCP_FLAG_SYN)) {
633 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_ATTEMPTFAILS); 633 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_ATTEMPTFAILS);
634 goto embryonic_reset; 634 goto embryonic_reset;
635 } 635 }
636 636
637 /* ACK sequence verified above, just make sure ACK is 637 /* ACK sequence verified above, just make sure ACK is
638 * set. If ACK not set, just silently drop the packet. 638 * set. If ACK not set, just silently drop the packet.
639 */ 639 */
640 if (!(flg & TCP_FLAG_ACK)) 640 if (!(flg & TCP_FLAG_ACK))
641 return NULL; 641 return NULL;
642
643 /* If TCP_DEFER_ACCEPT is set, drop bare ACK. */
644 if (inet_csk(sk)->icsk_accept_queue.rskq_defer_accept &&
645 TCP_SKB_CB(skb)->end_seq == tcp_rsk(req)->rcv_isn + 1) {
646 inet_rsk(req)->acked = 1;
647 return NULL;
648 }
649 642
650 /* OK, ACK is valid, create big socket and 643 /* If TCP_DEFER_ACCEPT is set, drop bare ACK. */
651 * feed this segment to it. It will repeat all 644 if (inet_csk(sk)->icsk_accept_queue.rskq_defer_accept &&
652 * the tests. THIS SEGMENT MUST MOVE SOCKET TO 645 TCP_SKB_CB(skb)->end_seq == tcp_rsk(req)->rcv_isn + 1) {
653 * ESTABLISHED STATE. If it will be dropped after 646 inet_rsk(req)->acked = 1;
654 * socket is created, wait for troubles. 647 return NULL;
655 */ 648 }
656 child = inet_csk(sk)->icsk_af_ops->syn_recv_sock(sk, skb, 649
657 req, NULL); 650 /* OK, ACK is valid, create big socket and
658 if (child == NULL) 651 * feed this segment to it. It will repeat all
659 goto listen_overflow; 652 * the tests. THIS SEGMENT MUST MOVE SOCKET TO
653 * ESTABLISHED STATE. If it will be dropped after
654 * socket is created, wait for troubles.
655 */
656 child = inet_csk(sk)->icsk_af_ops->syn_recv_sock(sk, skb, req, NULL);
657 if (child == NULL)
658 goto listen_overflow;
660#ifdef CONFIG_TCP_MD5SIG 659#ifdef CONFIG_TCP_MD5SIG
661 else { 660 else {
662 /* Copy over the MD5 key from the original socket */ 661 /* Copy over the MD5 key from the original socket */
663 struct tcp_md5sig_key *key; 662 struct tcp_md5sig_key *key;
664 struct tcp_sock *tp = tcp_sk(sk); 663 struct tcp_sock *tp = tcp_sk(sk);
665 key = tp->af_specific->md5_lookup(sk, child); 664 key = tp->af_specific->md5_lookup(sk, child);
666 if (key != NULL) { 665 if (key != NULL) {
667 /* 666 /*
668 * We're using one, so create a matching key on the 667 * We're using one, so create a matching key on the
669 * newsk structure. If we fail to get memory then we 668 * newsk structure. If we fail to get memory then we
670 * end up not copying the key across. Shucks. 669 * end up not copying the key across. Shucks.
671 */ 670 */
672 char *newkey = kmemdup(key->key, key->keylen, 671 char *newkey = kmemdup(key->key, key->keylen,
673 GFP_ATOMIC); 672 GFP_ATOMIC);
674 if (newkey) { 673 if (newkey) {
675 if (!tcp_alloc_md5sig_pool()) 674 if (!tcp_alloc_md5sig_pool())
676 BUG(); 675 BUG();
677 tp->af_specific->md5_add(child, child, 676 tp->af_specific->md5_add(child, child, newkey,
678 newkey, 677 key->keylen);
679 key->keylen);
680 }
681 } 678 }
682 } 679 }
680 }
683#endif 681#endif
684 682
685 inet_csk_reqsk_queue_unlink(sk, req, prev); 683 inet_csk_reqsk_queue_unlink(sk, req, prev);
686 inet_csk_reqsk_queue_removed(sk, req); 684 inet_csk_reqsk_queue_removed(sk, req);
687 685
688 inet_csk_reqsk_queue_add(sk, req, child); 686 inet_csk_reqsk_queue_add(sk, req, child);
689 return child; 687 return child;
690 688
691 listen_overflow: 689listen_overflow:
692 if (!sysctl_tcp_abort_on_overflow) { 690 if (!sysctl_tcp_abort_on_overflow) {
693 inet_rsk(req)->acked = 1; 691 inet_rsk(req)->acked = 1;
694 return NULL; 692 return NULL;
695 } 693 }
696 694
697 embryonic_reset: 695embryonic_reset:
698 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_EMBRYONICRSTS); 696 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_EMBRYONICRSTS);
699 if (!(flg & TCP_FLAG_RST)) 697 if (!(flg & TCP_FLAG_RST))
700 req->rsk_ops->send_reset(sk, skb); 698 req->rsk_ops->send_reset(sk, skb);
701 699
702 inet_csk_reqsk_queue_drop(sk, req, prev); 700 inet_csk_reqsk_queue_drop(sk, req, prev);
703 return NULL; 701 return NULL;
704} 702}
705 703
706/* 704/*
diff --git a/net/ipv4/tcp_timer.c b/net/ipv4/tcp_timer.c
index 328e0cf42b3c..5ab6ba19c3ce 100644
--- a/net/ipv4/tcp_timer.c
+++ b/net/ipv4/tcp_timer.c
@@ -287,7 +287,7 @@ static void tcp_retransmit_timer(struct sock *sk)
287 if (!tp->packets_out) 287 if (!tp->packets_out)
288 goto out; 288 goto out;
289 289
290 BUG_TRAP(!tcp_write_queue_empty(sk)); 290 WARN_ON(tcp_write_queue_empty(sk));
291 291
292 if (!tp->snd_wnd && !sock_flag(sk, SOCK_DEAD) && 292 if (!tp->snd_wnd && !sock_flag(sk, SOCK_DEAD) &&
293 !((1 << sk->sk_state) & (TCPF_SYN_SENT | TCPF_SYN_RECV))) { 293 !((1 << sk->sk_state) & (TCPF_SYN_SENT | TCPF_SYN_RECV))) {
diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
index 383d17359d01..8e42fbbd5761 100644
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -989,7 +989,9 @@ int udp_queue_rcv_skb(struct sock * sk, struct sk_buff *skb)
989 up->encap_rcv != NULL) { 989 up->encap_rcv != NULL) {
990 int ret; 990 int ret;
991 991
992 bh_unlock_sock(sk);
992 ret = (*up->encap_rcv)(sk, skb); 993 ret = (*up->encap_rcv)(sk, skb);
994 bh_lock_sock(sk);
993 if (ret <= 0) { 995 if (ret <= 0) {
994 UDP_INC_STATS_BH(sock_net(sk), 996 UDP_INC_STATS_BH(sock_net(sk),
995 UDP_MIB_INDATAGRAMS, 997 UDP_MIB_INDATAGRAMS,
@@ -1092,7 +1094,7 @@ static int __udp4_lib_mcast_deliver(struct net *net, struct sk_buff *skb,
1092 if (skb1) { 1094 if (skb1) {
1093 int ret = 0; 1095 int ret = 0;
1094 1096
1095 bh_lock_sock_nested(sk); 1097 bh_lock_sock(sk);
1096 if (!sock_owned_by_user(sk)) 1098 if (!sock_owned_by_user(sk))
1097 ret = udp_queue_rcv_skb(sk, skb1); 1099 ret = udp_queue_rcv_skb(sk, skb1);
1098 else 1100 else
@@ -1194,7 +1196,7 @@ int __udp4_lib_rcv(struct sk_buff *skb, struct hlist_head udptable[],
1194 1196
1195 if (sk != NULL) { 1197 if (sk != NULL) {
1196 int ret = 0; 1198 int ret = 0;
1197 bh_lock_sock_nested(sk); 1199 bh_lock_sock(sk);
1198 if (!sock_owned_by_user(sk)) 1200 if (!sock_owned_by_user(sk))
1199 ret = udp_queue_rcv_skb(sk, skb); 1201 ret = udp_queue_rcv_skb(sk, skb);
1200 else 1202 else
diff --git a/net/ipv4/xfrm4_mode_beet.c b/net/ipv4/xfrm4_mode_beet.c
index 9c798abce736..63418185f524 100644
--- a/net/ipv4/xfrm4_mode_beet.c
+++ b/net/ipv4/xfrm4_mode_beet.c
@@ -47,8 +47,10 @@ static int xfrm4_beet_output(struct xfrm_state *x, struct sk_buff *skb)
47 if (unlikely(optlen)) 47 if (unlikely(optlen))
48 hdrlen += IPV4_BEET_PHMAXLEN - (optlen & 4); 48 hdrlen += IPV4_BEET_PHMAXLEN - (optlen & 4);
49 49
50 skb_set_network_header(skb, IPV4_BEET_PHMAXLEN - x->props.header_len - 50 skb_set_network_header(skb, -x->props.header_len -
51 hdrlen); 51 hdrlen + (XFRM_MODE_SKB_CB(skb)->ihl - sizeof(*top_iph)));
52 if (x->sel.family != AF_INET6)
53 skb->network_header += IPV4_BEET_PHMAXLEN;
52 skb->mac_header = skb->network_header + 54 skb->mac_header = skb->network_header +
53 offsetof(struct iphdr, protocol); 55 offsetof(struct iphdr, protocol);
54 skb->transport_header = skb->network_header + sizeof(*top_iph); 56 skb->transport_header = skb->network_header + sizeof(*top_iph);
diff --git a/net/ipv6/Kconfig b/net/ipv6/Kconfig
index 42814a2ec9d7..ec992159b5f8 100644
--- a/net/ipv6/Kconfig
+++ b/net/ipv6/Kconfig
@@ -96,10 +96,8 @@ config INET6_ESP
96 96
97config INET6_IPCOMP 97config INET6_IPCOMP
98 tristate "IPv6: IPComp transformation" 98 tristate "IPv6: IPComp transformation"
99 select XFRM
100 select INET6_XFRM_TUNNEL 99 select INET6_XFRM_TUNNEL
101 select CRYPTO 100 select XFRM_IPCOMP
102 select CRYPTO_DEFLATE
103 ---help--- 101 ---help---
104 Support for IP Payload Compression Protocol (IPComp) (RFC3173), 102 Support for IP Payload Compression Protocol (IPComp) (RFC3173),
105 typically needed for IPsec. 103 typically needed for IPsec.
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 74d543d504a1..a7842c54f58a 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -313,8 +313,10 @@ static void in6_dev_finish_destroy_rcu(struct rcu_head *head)
313void in6_dev_finish_destroy(struct inet6_dev *idev) 313void in6_dev_finish_destroy(struct inet6_dev *idev)
314{ 314{
315 struct net_device *dev = idev->dev; 315 struct net_device *dev = idev->dev;
316 BUG_TRAP(idev->addr_list==NULL); 316
317 BUG_TRAP(idev->mc_list==NULL); 317 WARN_ON(idev->addr_list != NULL);
318 WARN_ON(idev->mc_list != NULL);
319
318#ifdef NET_REFCNT_DEBUG 320#ifdef NET_REFCNT_DEBUG
319 printk(KERN_DEBUG "in6_dev_finish_destroy: %s\n", dev ? dev->name : "NIL"); 321 printk(KERN_DEBUG "in6_dev_finish_destroy: %s\n", dev ? dev->name : "NIL");
320#endif 322#endif
@@ -517,8 +519,9 @@ static void addrconf_fixup_forwarding(struct ctl_table *table, int *p, int old)
517 519
518void inet6_ifa_finish_destroy(struct inet6_ifaddr *ifp) 520void inet6_ifa_finish_destroy(struct inet6_ifaddr *ifp)
519{ 521{
520 BUG_TRAP(ifp->if_next==NULL); 522 WARN_ON(ifp->if_next != NULL);
521 BUG_TRAP(ifp->lst_next==NULL); 523 WARN_ON(ifp->lst_next != NULL);
524
522#ifdef NET_REFCNT_DEBUG 525#ifdef NET_REFCNT_DEBUG
523 printk(KERN_DEBUG "inet6_ifa_finish_destroy\n"); 526 printk(KERN_DEBUG "inet6_ifa_finish_destroy\n");
524#endif 527#endif
diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
index 3d828bc4b1cf..95055f8c3f35 100644
--- a/net/ipv6/af_inet6.c
+++ b/net/ipv6/af_inet6.c
@@ -83,7 +83,6 @@ static int inet6_create(struct net *net, struct socket *sock, int protocol)
83 struct inet_sock *inet; 83 struct inet_sock *inet;
84 struct ipv6_pinfo *np; 84 struct ipv6_pinfo *np;
85 struct sock *sk; 85 struct sock *sk;
86 struct list_head *p;
87 struct inet_protosw *answer; 86 struct inet_protosw *answer;
88 struct proto *answer_prot; 87 struct proto *answer_prot;
89 unsigned char answer_flags; 88 unsigned char answer_flags;
@@ -97,13 +96,12 @@ static int inet6_create(struct net *net, struct socket *sock, int protocol)
97 build_ehash_secret(); 96 build_ehash_secret();
98 97
99 /* Look for the requested type/protocol pair. */ 98 /* Look for the requested type/protocol pair. */
100 answer = NULL;
101lookup_protocol: 99lookup_protocol:
102 err = -ESOCKTNOSUPPORT; 100 err = -ESOCKTNOSUPPORT;
103 rcu_read_lock(); 101 rcu_read_lock();
104 list_for_each_rcu(p, &inetsw6[sock->type]) { 102 list_for_each_entry_rcu(answer, &inetsw6[sock->type], list) {
105 answer = list_entry(p, struct inet_protosw, list);
106 103
104 err = 0;
107 /* Check the non-wild match. */ 105 /* Check the non-wild match. */
108 if (protocol == answer->protocol) { 106 if (protocol == answer->protocol) {
109 if (protocol != IPPROTO_IP) 107 if (protocol != IPPROTO_IP)
@@ -118,10 +116,9 @@ lookup_protocol:
118 break; 116 break;
119 } 117 }
120 err = -EPROTONOSUPPORT; 118 err = -EPROTONOSUPPORT;
121 answer = NULL;
122 } 119 }
123 120
124 if (!answer) { 121 if (err) {
125 if (try_loading_module < 2) { 122 if (try_loading_module < 2) {
126 rcu_read_unlock(); 123 rcu_read_unlock();
127 /* 124 /*
@@ -153,7 +150,7 @@ lookup_protocol:
153 answer_flags = answer->flags; 150 answer_flags = answer->flags;
154 rcu_read_unlock(); 151 rcu_read_unlock();
155 152
156 BUG_TRAP(answer_prot->slab != NULL); 153 WARN_ON(answer_prot->slab == NULL);
157 154
158 err = -ENOBUFS; 155 err = -ENOBUFS;
159 sk = sk_alloc(net, PF_INET6, GFP_KERNEL, answer_prot); 156 sk = sk_alloc(net, PF_INET6, GFP_KERNEL, answer_prot);
@@ -937,6 +934,11 @@ static int __init inet6_init(void)
937 if (err) 934 if (err)
938 goto out_unregister_sock; 935 goto out_unregister_sock;
939 936
937#ifdef CONFIG_SYSCTL
938 err = ipv6_static_sysctl_register();
939 if (err)
940 goto static_sysctl_fail;
941#endif
940 /* 942 /*
941 * ipngwg API draft makes clear that the correct semantics 943 * ipngwg API draft makes clear that the correct semantics
942 * for TCP and UDP is to consider one TCP and UDP instance 944 * for TCP and UDP is to consider one TCP and UDP instance
@@ -1061,6 +1063,10 @@ ipmr_fail:
1061icmp_fail: 1063icmp_fail:
1062 unregister_pernet_subsys(&inet6_net_ops); 1064 unregister_pernet_subsys(&inet6_net_ops);
1063register_pernet_fail: 1065register_pernet_fail:
1066#ifdef CONFIG_SYSCTL
1067 ipv6_static_sysctl_unregister();
1068static_sysctl_fail:
1069#endif
1064 cleanup_ipv6_mibs(); 1070 cleanup_ipv6_mibs();
1065out_unregister_sock: 1071out_unregister_sock:
1066 sock_unregister(PF_INET6); 1072 sock_unregister(PF_INET6);
@@ -1116,6 +1122,9 @@ static void __exit inet6_exit(void)
1116 rawv6_exit(); 1122 rawv6_exit();
1117 1123
1118 unregister_pernet_subsys(&inet6_net_ops); 1124 unregister_pernet_subsys(&inet6_net_ops);
1125#ifdef CONFIG_SYSCTL
1126 ipv6_static_sysctl_unregister();
1127#endif
1119 cleanup_ipv6_mibs(); 1128 cleanup_ipv6_mibs();
1120 proto_unregister(&rawv6_prot); 1129 proto_unregister(&rawv6_prot);
1121 proto_unregister(&udplitev6_prot); 1130 proto_unregister(&udplitev6_prot);
diff --git a/net/ipv6/datagram.c b/net/ipv6/datagram.c
index f7b535dec860..410046a8cc91 100644
--- a/net/ipv6/datagram.c
+++ b/net/ipv6/datagram.c
@@ -732,7 +732,7 @@ int datagram_send_ctl(struct net *net,
732 LIMIT_NETDEBUG(KERN_DEBUG "invalid cmsg type: %d\n", 732 LIMIT_NETDEBUG(KERN_DEBUG "invalid cmsg type: %d\n",
733 cmsg->cmsg_type); 733 cmsg->cmsg_type);
734 err = -EINVAL; 734 err = -EINVAL;
735 break; 735 goto exit_f;
736 } 736 }
737 } 737 }
738 738
diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c
index c6bb4c6d24b3..b181b08fb761 100644
--- a/net/ipv6/esp6.c
+++ b/net/ipv6/esp6.c
@@ -521,6 +521,10 @@ static int esp6_init_state(struct xfrm_state *x)
521 crypto_aead_ivsize(aead); 521 crypto_aead_ivsize(aead);
522 switch (x->props.mode) { 522 switch (x->props.mode) {
523 case XFRM_MODE_BEET: 523 case XFRM_MODE_BEET:
524 if (x->sel.family != AF_INET6)
525 x->props.header_len += IPV4_BEET_PHMAXLEN +
526 (sizeof(struct ipv6hdr) - sizeof(struct iphdr));
527 break;
524 case XFRM_MODE_TRANSPORT: 528 case XFRM_MODE_TRANSPORT:
525 break; 529 break;
526 case XFRM_MODE_TUNNEL: 530 case XFRM_MODE_TUNNEL:
diff --git a/net/ipv6/inet6_connection_sock.c b/net/ipv6/inet6_connection_sock.c
index 87801cc1b2f8..16d43f20b32f 100644
--- a/net/ipv6/inet6_connection_sock.c
+++ b/net/ipv6/inet6_connection_sock.c
@@ -98,7 +98,7 @@ struct request_sock *inet6_csk_search_req(const struct sock *sk,
98 ipv6_addr_equal(&treq->rmt_addr, raddr) && 98 ipv6_addr_equal(&treq->rmt_addr, raddr) &&
99 ipv6_addr_equal(&treq->loc_addr, laddr) && 99 ipv6_addr_equal(&treq->loc_addr, laddr) &&
100 (!treq->iif || treq->iif == iif)) { 100 (!treq->iif || treq->iif == iif)) {
101 BUG_TRAP(req->sk == NULL); 101 WARN_ON(req->sk != NULL);
102 *prevp = prev; 102 *prevp = prev;
103 return req; 103 return req;
104 } 104 }
diff --git a/net/ipv6/inet6_hashtables.c b/net/ipv6/inet6_hashtables.c
index 00a8a5f9380c..1646a5658255 100644
--- a/net/ipv6/inet6_hashtables.c
+++ b/net/ipv6/inet6_hashtables.c
@@ -28,7 +28,7 @@ void __inet6_hash(struct sock *sk)
28 struct hlist_head *list; 28 struct hlist_head *list;
29 rwlock_t *lock; 29 rwlock_t *lock;
30 30
31 BUG_TRAP(sk_unhashed(sk)); 31 WARN_ON(!sk_unhashed(sk));
32 32
33 if (sk->sk_state == TCP_LISTEN) { 33 if (sk->sk_state == TCP_LISTEN) {
34 list = &hashinfo->listening_hash[inet_sk_listen_hashfn(sk)]; 34 list = &hashinfo->listening_hash[inet_sk_listen_hashfn(sk)];
@@ -202,7 +202,7 @@ unique:
202 * in hash table socket with a funny identity. */ 202 * in hash table socket with a funny identity. */
203 inet->num = lport; 203 inet->num = lport;
204 inet->sport = htons(lport); 204 inet->sport = htons(lport);
205 BUG_TRAP(sk_unhashed(sk)); 205 WARN_ON(!sk_unhashed(sk));
206 __sk_add_node(sk, &head->chain); 206 __sk_add_node(sk, &head->chain);
207 sk->sk_hash = hash; 207 sk->sk_hash = hash;
208 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1); 208 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1);
diff --git a/net/ipv6/ip6_fib.c b/net/ipv6/ip6_fib.c
index 08ea2de28d63..52dddc25d3e6 100644
--- a/net/ipv6/ip6_fib.c
+++ b/net/ipv6/ip6_fib.c
@@ -287,7 +287,7 @@ static int fib6_dump_node(struct fib6_walker_t *w)
287 w->leaf = rt; 287 w->leaf = rt;
288 return 1; 288 return 1;
289 } 289 }
290 BUG_TRAP(res!=0); 290 WARN_ON(res == 0);
291 } 291 }
292 w->leaf = NULL; 292 w->leaf = NULL;
293 return 0; 293 return 0;
@@ -778,7 +778,7 @@ out:
778 pn->leaf = fib6_find_prefix(info->nl_net, pn); 778 pn->leaf = fib6_find_prefix(info->nl_net, pn);
779#if RT6_DEBUG >= 2 779#if RT6_DEBUG >= 2
780 if (!pn->leaf) { 780 if (!pn->leaf) {
781 BUG_TRAP(pn->leaf != NULL); 781 WARN_ON(pn->leaf == NULL);
782 pn->leaf = info->nl_net->ipv6.ip6_null_entry; 782 pn->leaf = info->nl_net->ipv6.ip6_null_entry;
783 } 783 }
784#endif 784#endif
@@ -942,7 +942,7 @@ struct fib6_node * fib6_locate(struct fib6_node *root,
942 942
943#ifdef CONFIG_IPV6_SUBTREES 943#ifdef CONFIG_IPV6_SUBTREES
944 if (src_len) { 944 if (src_len) {
945 BUG_TRAP(saddr!=NULL); 945 WARN_ON(saddr == NULL);
946 if (fn && fn->subtree) 946 if (fn && fn->subtree)
947 fn = fib6_locate_1(fn->subtree, saddr, src_len, 947 fn = fib6_locate_1(fn->subtree, saddr, src_len,
948 offsetof(struct rt6_info, rt6i_src)); 948 offsetof(struct rt6_info, rt6i_src));
@@ -996,9 +996,9 @@ static struct fib6_node *fib6_repair_tree(struct net *net,
996 RT6_TRACE("fixing tree: plen=%d iter=%d\n", fn->fn_bit, iter); 996 RT6_TRACE("fixing tree: plen=%d iter=%d\n", fn->fn_bit, iter);
997 iter++; 997 iter++;
998 998
999 BUG_TRAP(!(fn->fn_flags&RTN_RTINFO)); 999 WARN_ON(fn->fn_flags & RTN_RTINFO);
1000 BUG_TRAP(!(fn->fn_flags&RTN_TL_ROOT)); 1000 WARN_ON(fn->fn_flags & RTN_TL_ROOT);
1001 BUG_TRAP(fn->leaf==NULL); 1001 WARN_ON(fn->leaf != NULL);
1002 1002
1003 children = 0; 1003 children = 0;
1004 child = NULL; 1004 child = NULL;
@@ -1014,7 +1014,7 @@ static struct fib6_node *fib6_repair_tree(struct net *net,
1014 fn->leaf = fib6_find_prefix(net, fn); 1014 fn->leaf = fib6_find_prefix(net, fn);
1015#if RT6_DEBUG >= 2 1015#if RT6_DEBUG >= 2
1016 if (fn->leaf==NULL) { 1016 if (fn->leaf==NULL) {
1017 BUG_TRAP(fn->leaf); 1017 WARN_ON(!fn->leaf);
1018 fn->leaf = net->ipv6.ip6_null_entry; 1018 fn->leaf = net->ipv6.ip6_null_entry;
1019 } 1019 }
1020#endif 1020#endif
@@ -1025,16 +1025,17 @@ static struct fib6_node *fib6_repair_tree(struct net *net,
1025 pn = fn->parent; 1025 pn = fn->parent;
1026#ifdef CONFIG_IPV6_SUBTREES 1026#ifdef CONFIG_IPV6_SUBTREES
1027 if (FIB6_SUBTREE(pn) == fn) { 1027 if (FIB6_SUBTREE(pn) == fn) {
1028 BUG_TRAP(fn->fn_flags&RTN_ROOT); 1028 WARN_ON(!(fn->fn_flags & RTN_ROOT));
1029 FIB6_SUBTREE(pn) = NULL; 1029 FIB6_SUBTREE(pn) = NULL;
1030 nstate = FWS_L; 1030 nstate = FWS_L;
1031 } else { 1031 } else {
1032 BUG_TRAP(!(fn->fn_flags&RTN_ROOT)); 1032 WARN_ON(fn->fn_flags & RTN_ROOT);
1033#endif 1033#endif
1034 if (pn->right == fn) pn->right = child; 1034 if (pn->right == fn) pn->right = child;
1035 else if (pn->left == fn) pn->left = child; 1035 else if (pn->left == fn) pn->left = child;
1036#if RT6_DEBUG >= 2 1036#if RT6_DEBUG >= 2
1037 else BUG_TRAP(0); 1037 else
1038 WARN_ON(1);
1038#endif 1039#endif
1039 if (child) 1040 if (child)
1040 child->parent = pn; 1041 child->parent = pn;
@@ -1154,14 +1155,14 @@ int fib6_del(struct rt6_info *rt, struct nl_info *info)
1154 1155
1155#if RT6_DEBUG >= 2 1156#if RT6_DEBUG >= 2
1156 if (rt->u.dst.obsolete>0) { 1157 if (rt->u.dst.obsolete>0) {
1157 BUG_TRAP(fn==NULL); 1158 WARN_ON(fn != NULL);
1158 return -ENOENT; 1159 return -ENOENT;
1159 } 1160 }
1160#endif 1161#endif
1161 if (fn == NULL || rt == net->ipv6.ip6_null_entry) 1162 if (fn == NULL || rt == net->ipv6.ip6_null_entry)
1162 return -ENOENT; 1163 return -ENOENT;
1163 1164
1164 BUG_TRAP(fn->fn_flags&RTN_RTINFO); 1165 WARN_ON(!(fn->fn_flags & RTN_RTINFO));
1165 1166
1166 if (!(rt->rt6i_flags&RTF_CACHE)) { 1167 if (!(rt->rt6i_flags&RTF_CACHE)) {
1167 struct fib6_node *pn = fn; 1168 struct fib6_node *pn = fn;
@@ -1266,7 +1267,7 @@ static int fib6_walk_continue(struct fib6_walker_t *w)
1266 w->node = pn; 1267 w->node = pn;
1267#ifdef CONFIG_IPV6_SUBTREES 1268#ifdef CONFIG_IPV6_SUBTREES
1268 if (FIB6_SUBTREE(pn) == fn) { 1269 if (FIB6_SUBTREE(pn) == fn) {
1269 BUG_TRAP(fn->fn_flags&RTN_ROOT); 1270 WARN_ON(!(fn->fn_flags & RTN_ROOT));
1270 w->state = FWS_L; 1271 w->state = FWS_L;
1271 continue; 1272 continue;
1272 } 1273 }
@@ -1281,7 +1282,7 @@ static int fib6_walk_continue(struct fib6_walker_t *w)
1281 continue; 1282 continue;
1282 } 1283 }
1283#if RT6_DEBUG >= 2 1284#if RT6_DEBUG >= 2
1284 BUG_TRAP(0); 1285 WARN_ON(1);
1285#endif 1286#endif
1286 } 1287 }
1287 } 1288 }
@@ -1323,7 +1324,7 @@ static int fib6_clean_node(struct fib6_walker_t *w)
1323 } 1324 }
1324 return 0; 1325 return 0;
1325 } 1326 }
1326 BUG_TRAP(res==0); 1327 WARN_ON(res != 0);
1327 } 1328 }
1328 w->leaf = rt; 1329 w->leaf = rt;
1329 return 0; 1330 return 0;
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index 6407c64ea4a5..a4402de425d9 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -116,7 +116,7 @@ static int ip6_dev_loopback_xmit(struct sk_buff *newskb)
116 __skb_pull(newskb, skb_network_offset(newskb)); 116 __skb_pull(newskb, skb_network_offset(newskb));
117 newskb->pkt_type = PACKET_LOOPBACK; 117 newskb->pkt_type = PACKET_LOOPBACK;
118 newskb->ip_summed = CHECKSUM_UNNECESSARY; 118 newskb->ip_summed = CHECKSUM_UNNECESSARY;
119 BUG_TRAP(newskb->dst); 119 WARN_ON(!newskb->dst);
120 120
121 netif_rx(newskb); 121 netif_rx(newskb);
122 return 0; 122 return 0;
@@ -236,6 +236,10 @@ int ip6_xmit(struct sock *sk, struct sk_buff *skb, struct flowi *fl,
236 skb_reset_network_header(skb); 236 skb_reset_network_header(skb);
237 hdr = ipv6_hdr(skb); 237 hdr = ipv6_hdr(skb);
238 238
239 /* Allow local fragmentation. */
240 if (ipfragok)
241 skb->local_df = 1;
242
239 /* 243 /*
240 * Fill in the IPv6 header 244 * Fill in the IPv6 header
241 */ 245 */
@@ -265,7 +269,7 @@ int ip6_xmit(struct sock *sk, struct sk_buff *skb, struct flowi *fl,
265 skb->mark = sk->sk_mark; 269 skb->mark = sk->sk_mark;
266 270
267 mtu = dst_mtu(dst); 271 mtu = dst_mtu(dst);
268 if ((skb->len <= mtu) || ipfragok || skb_is_gso(skb)) { 272 if ((skb->len <= mtu) || skb->local_df || skb_is_gso(skb)) {
269 IP6_INC_STATS(ip6_dst_idev(skb->dst), 273 IP6_INC_STATS(ip6_dst_idev(skb->dst),
270 IPSTATS_MIB_OUTREQUESTS); 274 IPSTATS_MIB_OUTREQUESTS);
271 return NF_HOOK(PF_INET6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev, 275 return NF_HOOK(PF_INET6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev,
diff --git a/net/ipv6/ipcomp6.c b/net/ipv6/ipcomp6.c
index ee6de425ce6b..4545e4306862 100644
--- a/net/ipv6/ipcomp6.c
+++ b/net/ipv6/ipcomp6.c
@@ -50,125 +50,6 @@
50#include <linux/icmpv6.h> 50#include <linux/icmpv6.h>
51#include <linux/mutex.h> 51#include <linux/mutex.h>
52 52
53struct ipcomp6_tfms {
54 struct list_head list;
55 struct crypto_comp **tfms;
56 int users;
57};
58
59static DEFINE_MUTEX(ipcomp6_resource_mutex);
60static void **ipcomp6_scratches;
61static int ipcomp6_scratch_users;
62static LIST_HEAD(ipcomp6_tfms_list);
63
64static int ipcomp6_input(struct xfrm_state *x, struct sk_buff *skb)
65{
66 int nexthdr;
67 int err = -ENOMEM;
68 struct ip_comp_hdr *ipch;
69 int plen, dlen;
70 struct ipcomp_data *ipcd = x->data;
71 u8 *start, *scratch;
72 struct crypto_comp *tfm;
73 int cpu;
74
75 if (skb_linearize_cow(skb))
76 goto out;
77
78 skb->ip_summed = CHECKSUM_NONE;
79
80 /* Remove ipcomp header and decompress original payload */
81 ipch = (void *)skb->data;
82 nexthdr = ipch->nexthdr;
83
84 skb->transport_header = skb->network_header + sizeof(*ipch);
85 __skb_pull(skb, sizeof(*ipch));
86
87 /* decompression */
88 plen = skb->len;
89 dlen = IPCOMP_SCRATCH_SIZE;
90 start = skb->data;
91
92 cpu = get_cpu();
93 scratch = *per_cpu_ptr(ipcomp6_scratches, cpu);
94 tfm = *per_cpu_ptr(ipcd->tfms, cpu);
95
96 err = crypto_comp_decompress(tfm, start, plen, scratch, &dlen);
97 if (err)
98 goto out_put_cpu;
99
100 if (dlen < (plen + sizeof(*ipch))) {
101 err = -EINVAL;
102 goto out_put_cpu;
103 }
104
105 err = pskb_expand_head(skb, 0, dlen - plen, GFP_ATOMIC);
106 if (err) {
107 goto out_put_cpu;
108 }
109
110 skb->truesize += dlen - plen;
111 __skb_put(skb, dlen - plen);
112 skb_copy_to_linear_data(skb, scratch, dlen);
113 err = nexthdr;
114
115out_put_cpu:
116 put_cpu();
117out:
118 return err;
119}
120
121static int ipcomp6_output(struct xfrm_state *x, struct sk_buff *skb)
122{
123 int err;
124 struct ip_comp_hdr *ipch;
125 struct ipcomp_data *ipcd = x->data;
126 int plen, dlen;
127 u8 *start, *scratch;
128 struct crypto_comp *tfm;
129 int cpu;
130
131 /* check whether datagram len is larger than threshold */
132 if (skb->len < ipcd->threshold) {
133 goto out_ok;
134 }
135
136 if (skb_linearize_cow(skb))
137 goto out_ok;
138
139 /* compression */
140 plen = skb->len;
141 dlen = IPCOMP_SCRATCH_SIZE;
142 start = skb->data;
143
144 cpu = get_cpu();
145 scratch = *per_cpu_ptr(ipcomp6_scratches, cpu);
146 tfm = *per_cpu_ptr(ipcd->tfms, cpu);
147
148 local_bh_disable();
149 err = crypto_comp_compress(tfm, start, plen, scratch, &dlen);
150 local_bh_enable();
151 if (err || (dlen + sizeof(*ipch)) >= plen) {
152 put_cpu();
153 goto out_ok;
154 }
155 memcpy(start + sizeof(struct ip_comp_hdr), scratch, dlen);
156 put_cpu();
157 pskb_trim(skb, dlen + sizeof(struct ip_comp_hdr));
158
159 /* insert ipcomp header and replace datagram */
160 ipch = ip_comp_hdr(skb);
161 ipch->nexthdr = *skb_mac_header(skb);
162 ipch->flags = 0;
163 ipch->cpi = htons((u16 )ntohl(x->id.spi));
164 *skb_mac_header(skb) = IPPROTO_COMP;
165
166out_ok:
167 skb_push(skb, -skb_network_offset(skb));
168
169 return 0;
170}
171
172static void ipcomp6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, 53static void ipcomp6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
173 int type, int code, int offset, __be32 info) 54 int type, int code, int offset, __be32 info)
174{ 55{
@@ -251,160 +132,9 @@ out:
251 return err; 132 return err;
252} 133}
253 134
254static void ipcomp6_free_scratches(void)
255{
256 int i;
257 void **scratches;
258
259 if (--ipcomp6_scratch_users)
260 return;
261
262 scratches = ipcomp6_scratches;
263 if (!scratches)
264 return;
265
266 for_each_possible_cpu(i) {
267 void *scratch = *per_cpu_ptr(scratches, i);
268
269 vfree(scratch);
270 }
271
272 free_percpu(scratches);
273}
274
275static void **ipcomp6_alloc_scratches(void)
276{
277 int i;
278 void **scratches;
279
280 if (ipcomp6_scratch_users++)
281 return ipcomp6_scratches;
282
283 scratches = alloc_percpu(void *);
284 if (!scratches)
285 return NULL;
286
287 ipcomp6_scratches = scratches;
288
289 for_each_possible_cpu(i) {
290 void *scratch = vmalloc(IPCOMP_SCRATCH_SIZE);
291 if (!scratch)
292 return NULL;
293 *per_cpu_ptr(scratches, i) = scratch;
294 }
295
296 return scratches;
297}
298
299static void ipcomp6_free_tfms(struct crypto_comp **tfms)
300{
301 struct ipcomp6_tfms *pos;
302 int cpu;
303
304 list_for_each_entry(pos, &ipcomp6_tfms_list, list) {
305 if (pos->tfms == tfms)
306 break;
307 }
308
309 BUG_TRAP(pos);
310
311 if (--pos->users)
312 return;
313
314 list_del(&pos->list);
315 kfree(pos);
316
317 if (!tfms)
318 return;
319
320 for_each_possible_cpu(cpu) {
321 struct crypto_comp *tfm = *per_cpu_ptr(tfms, cpu);
322 crypto_free_comp(tfm);
323 }
324 free_percpu(tfms);
325}
326
327static struct crypto_comp **ipcomp6_alloc_tfms(const char *alg_name)
328{
329 struct ipcomp6_tfms *pos;
330 struct crypto_comp **tfms;
331 int cpu;
332
333 /* This can be any valid CPU ID so we don't need locking. */
334 cpu = raw_smp_processor_id();
335
336 list_for_each_entry(pos, &ipcomp6_tfms_list, list) {
337 struct crypto_comp *tfm;
338
339 tfms = pos->tfms;
340 tfm = *per_cpu_ptr(tfms, cpu);
341
342 if (!strcmp(crypto_comp_name(tfm), alg_name)) {
343 pos->users++;
344 return tfms;
345 }
346 }
347
348 pos = kmalloc(sizeof(*pos), GFP_KERNEL);
349 if (!pos)
350 return NULL;
351
352 pos->users = 1;
353 INIT_LIST_HEAD(&pos->list);
354 list_add(&pos->list, &ipcomp6_tfms_list);
355
356 pos->tfms = tfms = alloc_percpu(struct crypto_comp *);
357 if (!tfms)
358 goto error;
359
360 for_each_possible_cpu(cpu) {
361 struct crypto_comp *tfm = crypto_alloc_comp(alg_name, 0,
362 CRYPTO_ALG_ASYNC);
363 if (IS_ERR(tfm))
364 goto error;
365 *per_cpu_ptr(tfms, cpu) = tfm;
366 }
367
368 return tfms;
369
370error:
371 ipcomp6_free_tfms(tfms);
372 return NULL;
373}
374
375static void ipcomp6_free_data(struct ipcomp_data *ipcd)
376{
377 if (ipcd->tfms)
378 ipcomp6_free_tfms(ipcd->tfms);
379 ipcomp6_free_scratches();
380}
381
382static void ipcomp6_destroy(struct xfrm_state *x)
383{
384 struct ipcomp_data *ipcd = x->data;
385 if (!ipcd)
386 return;
387 xfrm_state_delete_tunnel(x);
388 mutex_lock(&ipcomp6_resource_mutex);
389 ipcomp6_free_data(ipcd);
390 mutex_unlock(&ipcomp6_resource_mutex);
391 kfree(ipcd);
392
393 xfrm6_tunnel_free_spi((xfrm_address_t *)&x->props.saddr);
394}
395
396static int ipcomp6_init_state(struct xfrm_state *x) 135static int ipcomp6_init_state(struct xfrm_state *x)
397{ 136{
398 int err; 137 int err = -EINVAL;
399 struct ipcomp_data *ipcd;
400 struct xfrm_algo_desc *calg_desc;
401
402 err = -EINVAL;
403 if (!x->calg)
404 goto out;
405
406 if (x->encap)
407 goto out;
408 138
409 x->props.header_len = 0; 139 x->props.header_len = 0;
410 switch (x->props.mode) { 140 switch (x->props.mode) {
@@ -417,39 +147,21 @@ static int ipcomp6_init_state(struct xfrm_state *x)
417 goto out; 147 goto out;
418 } 148 }
419 149
420 err = -ENOMEM; 150 err = ipcomp_init_state(x);
421 ipcd = kzalloc(sizeof(*ipcd), GFP_KERNEL); 151 if (err)
422 if (!ipcd)
423 goto out; 152 goto out;
424 153
425 mutex_lock(&ipcomp6_resource_mutex);
426 if (!ipcomp6_alloc_scratches())
427 goto error;
428
429 ipcd->tfms = ipcomp6_alloc_tfms(x->calg->alg_name);
430 if (!ipcd->tfms)
431 goto error;
432 mutex_unlock(&ipcomp6_resource_mutex);
433
434 if (x->props.mode == XFRM_MODE_TUNNEL) { 154 if (x->props.mode == XFRM_MODE_TUNNEL) {
435 err = ipcomp6_tunnel_attach(x); 155 err = ipcomp6_tunnel_attach(x);
436 if (err) 156 if (err)
437 goto error_tunnel; 157 goto error_tunnel;
438 } 158 }
439 159
440 calg_desc = xfrm_calg_get_byname(x->calg->alg_name, 0);
441 BUG_ON(!calg_desc);
442 ipcd->threshold = calg_desc->uinfo.comp.threshold;
443 x->data = ipcd;
444 err = 0; 160 err = 0;
445out: 161out:
446 return err; 162 return err;
447error_tunnel: 163error_tunnel:
448 mutex_lock(&ipcomp6_resource_mutex); 164 ipcomp_destroy(x);
449error:
450 ipcomp6_free_data(ipcd);
451 mutex_unlock(&ipcomp6_resource_mutex);
452 kfree(ipcd);
453 165
454 goto out; 166 goto out;
455} 167}
@@ -460,9 +172,9 @@ static const struct xfrm_type ipcomp6_type =
460 .owner = THIS_MODULE, 172 .owner = THIS_MODULE,
461 .proto = IPPROTO_COMP, 173 .proto = IPPROTO_COMP,
462 .init_state = ipcomp6_init_state, 174 .init_state = ipcomp6_init_state,
463 .destructor = ipcomp6_destroy, 175 .destructor = ipcomp_destroy,
464 .input = ipcomp6_input, 176 .input = ipcomp_input,
465 .output = ipcomp6_output, 177 .output = ipcomp_output,
466 .hdr_offset = xfrm6_find_1stfragopt, 178 .hdr_offset = xfrm6_find_1stfragopt,
467}; 179};
468 180
diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c
index ea33b26512c2..741cfcd96f88 100644
--- a/net/ipv6/ipv6_sockglue.c
+++ b/net/ipv6/ipv6_sockglue.c
@@ -346,6 +346,8 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
346 */ 346 */
347 if (optlen == 0) 347 if (optlen == 0)
348 optval = NULL; 348 optval = NULL;
349 else if (optval == NULL)
350 goto e_inval;
349 else if (optlen < sizeof(struct ipv6_opt_hdr) || 351 else if (optlen < sizeof(struct ipv6_opt_hdr) ||
350 optlen & 0x7 || optlen > 8 * 255) 352 optlen & 0x7 || optlen > 8 * 255)
351 goto e_inval; 353 goto e_inval;
diff --git a/net/ipv6/mip6.c b/net/ipv6/mip6.c
index ad1cc5bbf977..31295c8f6196 100644
--- a/net/ipv6/mip6.c
+++ b/net/ipv6/mip6.c
@@ -164,8 +164,8 @@ static int mip6_destopt_output(struct xfrm_state *x, struct sk_buff *skb)
164 calc_padlen(sizeof(*dstopt), 6)); 164 calc_padlen(sizeof(*dstopt), 6));
165 165
166 hao->type = IPV6_TLV_HAO; 166 hao->type = IPV6_TLV_HAO;
167 BUILD_BUG_ON(sizeof(*hao) != 18);
167 hao->length = sizeof(*hao) - 2; 168 hao->length = sizeof(*hao) - 2;
168 BUG_TRAP(hao->length == 16);
169 169
170 len = ((char *)hao - (char *)dstopt) + sizeof(*hao); 170 len = ((char *)hao - (char *)dstopt) + sizeof(*hao);
171 171
@@ -174,7 +174,7 @@ static int mip6_destopt_output(struct xfrm_state *x, struct sk_buff *skb)
174 memcpy(&iph->saddr, x->coaddr, sizeof(iph->saddr)); 174 memcpy(&iph->saddr, x->coaddr, sizeof(iph->saddr));
175 spin_unlock_bh(&x->lock); 175 spin_unlock_bh(&x->lock);
176 176
177 BUG_TRAP(len == x->props.header_len); 177 WARN_ON(len != x->props.header_len);
178 dstopt->hdrlen = (x->props.header_len >> 3) - 1; 178 dstopt->hdrlen = (x->props.header_len >> 3) - 1;
179 179
180 return 0; 180 return 0;
@@ -317,7 +317,7 @@ static int mip6_destopt_init_state(struct xfrm_state *x)
317 x->props.header_len = sizeof(struct ipv6_destopt_hdr) + 317 x->props.header_len = sizeof(struct ipv6_destopt_hdr) +
318 calc_padlen(sizeof(struct ipv6_destopt_hdr), 6) + 318 calc_padlen(sizeof(struct ipv6_destopt_hdr), 6) +
319 sizeof(struct ipv6_destopt_hao); 319 sizeof(struct ipv6_destopt_hao);
320 BUG_TRAP(x->props.header_len == 24); 320 WARN_ON(x->props.header_len != 24);
321 321
322 return 0; 322 return 0;
323} 323}
@@ -380,7 +380,7 @@ static int mip6_rthdr_output(struct xfrm_state *x, struct sk_buff *skb)
380 rt2->rt_hdr.segments_left = 1; 380 rt2->rt_hdr.segments_left = 1;
381 memset(&rt2->reserved, 0, sizeof(rt2->reserved)); 381 memset(&rt2->reserved, 0, sizeof(rt2->reserved));
382 382
383 BUG_TRAP(rt2->rt_hdr.hdrlen == 2); 383 WARN_ON(rt2->rt_hdr.hdrlen != 2);
384 384
385 memcpy(&rt2->addr, &iph->daddr, sizeof(rt2->addr)); 385 memcpy(&rt2->addr, &iph->daddr, sizeof(rt2->addr));
386 spin_lock_bh(&x->lock); 386 spin_lock_bh(&x->lock);
diff --git a/net/ipv6/netfilter/Kconfig b/net/ipv6/netfilter/Kconfig
index 689dec899c57..0cfcce7b18d8 100644
--- a/net/ipv6/netfilter/Kconfig
+++ b/net/ipv6/netfilter/Kconfig
@@ -213,7 +213,7 @@ config IP6_NF_SECURITY
213 tristate "Security table" 213 tristate "Security table"
214 depends on IP6_NF_IPTABLES 214 depends on IP6_NF_IPTABLES
215 depends on SECURITY 215 depends on SECURITY
216 default m if NETFILTER_ADVANCED=n 216 depends on NETFILTER_ADVANCED
217 help 217 help
218 This option adds a `security' table to iptables, for use 218 This option adds a `security' table to iptables, for use
219 with Mandatory Access Control (MAC) policy. 219 with Mandatory Access Control (MAC) policy.
diff --git a/net/ipv6/netfilter/ip6table_security.c b/net/ipv6/netfilter/ip6table_security.c
index a07abee30497..6e7131036bc6 100644
--- a/net/ipv6/netfilter/ip6table_security.c
+++ b/net/ipv6/netfilter/ip6table_security.c
@@ -31,7 +31,7 @@ static struct
31 struct ip6t_replace repl; 31 struct ip6t_replace repl;
32 struct ip6t_standard entries[3]; 32 struct ip6t_standard entries[3];
33 struct ip6t_error term; 33 struct ip6t_error term;
34} initial_table __initdata = { 34} initial_table __net_initdata = {
35 .repl = { 35 .repl = {
36 .name = "security", 36 .name = "security",
37 .valid_hooks = SECURITY_VALID_HOOKS, 37 .valid_hooks = SECURITY_VALID_HOOKS,
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
index cf20bc4fd60d..52d06dd4b817 100644
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -416,8 +416,8 @@ nf_ct_frag6_reasm(struct nf_ct_frag6_queue *fq, struct net_device *dev)
416 416
417 fq_kill(fq); 417 fq_kill(fq);
418 418
419 BUG_TRAP(head != NULL); 419 WARN_ON(head == NULL);
420 BUG_TRAP(NFCT_FRAG6_CB(head)->offset == 0); 420 WARN_ON(NFCT_FRAG6_CB(head)->offset != 0);
421 421
422 /* Unfragmented part is taken from the first segment. */ 422 /* Unfragmented part is taken from the first segment. */
423 payload_len = ((head->data - skb_network_header(head)) - 423 payload_len = ((head->data - skb_network_header(head)) -
diff --git a/net/ipv6/proc.c b/net/ipv6/proc.c
index f82f6074cf85..0179b66864f1 100644
--- a/net/ipv6/proc.c
+++ b/net/ipv6/proc.c
@@ -286,7 +286,6 @@ proc_net_fail:
286 286
287void ipv6_misc_proc_exit(void) 287void ipv6_misc_proc_exit(void)
288{ 288{
289 proc_net_remove(&init_net, "sockstat6");
290 proc_net_remove(&init_net, "dev_snmp6"); 289 proc_net_remove(&init_net, "dev_snmp6");
291 proc_net_remove(&init_net, "snmp6"); 290 proc_net_remove(&init_net, "snmp6");
292 unregister_pernet_subsys(&ipv6_proc_ops); 291 unregister_pernet_subsys(&ipv6_proc_ops);
diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c
index 6ab957ec2dd6..89184b576e23 100644
--- a/net/ipv6/reassembly.c
+++ b/net/ipv6/reassembly.c
@@ -473,8 +473,8 @@ static int ip6_frag_reasm(struct frag_queue *fq, struct sk_buff *prev,
473 fq->q.fragments = head; 473 fq->q.fragments = head;
474 } 474 }
475 475
476 BUG_TRAP(head != NULL); 476 WARN_ON(head == NULL);
477 BUG_TRAP(FRAG6_CB(head)->offset == 0); 477 WARN_ON(FRAG6_CB(head)->offset != 0);
478 478
479 /* Unfragmented part is taken from the first segment. */ 479 /* Unfragmented part is taken from the first segment. */
480 payload_len = ((head->data - skb_network_header(head)) - 480 payload_len = ((head->data - skb_network_header(head)) -
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index 86540b24b27c..41b165ffb369 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -1249,7 +1249,7 @@ install_route:
1249 1249
1250 if (dst_metric(&rt->u.dst, RTAX_HOPLIMIT) == 0) 1250 if (dst_metric(&rt->u.dst, RTAX_HOPLIMIT) == 0)
1251 rt->u.dst.metrics[RTAX_HOPLIMIT-1] = -1; 1251 rt->u.dst.metrics[RTAX_HOPLIMIT-1] = -1;
1252 if (!dst_metric(&rt->u.dst, RTAX_MTU)) 1252 if (!dst_mtu(&rt->u.dst))
1253 rt->u.dst.metrics[RTAX_MTU-1] = ipv6_get_mtu(dev); 1253 rt->u.dst.metrics[RTAX_MTU-1] = ipv6_get_mtu(dev);
1254 if (!dst_metric(&rt->u.dst, RTAX_ADVMSS)) 1254 if (!dst_metric(&rt->u.dst, RTAX_ADVMSS))
1255 rt->u.dst.metrics[RTAX_ADVMSS-1] = ipv6_advmss(net, dst_mtu(&rt->u.dst)); 1255 rt->u.dst.metrics[RTAX_ADVMSS-1] = ipv6_advmss(net, dst_mtu(&rt->u.dst));
@@ -2187,8 +2187,9 @@ static int rt6_fill_node(struct sk_buff *skb, struct rt6_info *rt,
2187#endif 2187#endif
2188 NLA_PUT_U32(skb, RTA_IIF, iif); 2188 NLA_PUT_U32(skb, RTA_IIF, iif);
2189 } else if (dst) { 2189 } else if (dst) {
2190 struct inet6_dev *idev = ip6_dst_idev(&rt->u.dst);
2190 struct in6_addr saddr_buf; 2191 struct in6_addr saddr_buf;
2191 if (ipv6_dev_get_saddr(ip6_dst_idev(&rt->u.dst)->dev, 2192 if (ipv6_dev_get_saddr(idev ? idev->dev : NULL,
2192 dst, 0, &saddr_buf) == 0) 2193 dst, 0, &saddr_buf) == 0)
2193 NLA_PUT(skb, RTA_PREFSRC, 16, &saddr_buf); 2194 NLA_PUT(skb, RTA_PREFSRC, 16, &saddr_buf);
2194 } 2195 }
diff --git a/net/ipv6/syncookies.c b/net/ipv6/syncookies.c
index 6a68eeb7bbf8..ec394cf5a19b 100644
--- a/net/ipv6/syncookies.c
+++ b/net/ipv6/syncookies.c
@@ -199,10 +199,8 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb)
199 ireq6 = inet6_rsk(req); 199 ireq6 = inet6_rsk(req);
200 treq = tcp_rsk(req); 200 treq = tcp_rsk(req);
201 201
202 if (security_inet_conn_request(sk, skb, req)) { 202 if (security_inet_conn_request(sk, skb, req))
203 reqsk_free(req); 203 goto out_free;
204 goto out;
205 }
206 204
207 req->mss = mss; 205 req->mss = mss;
208 ireq->rmt_port = th->source; 206 ireq->rmt_port = th->source;
@@ -223,6 +221,7 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb)
223 221
224 req->expires = 0UL; 222 req->expires = 0UL;
225 req->retrans = 0; 223 req->retrans = 0;
224 ireq->ecn_ok = 0;
226 ireq->snd_wscale = tcp_opt.snd_wscale; 225 ireq->snd_wscale = tcp_opt.snd_wscale;
227 ireq->rcv_wscale = tcp_opt.rcv_wscale; 226 ireq->rcv_wscale = tcp_opt.rcv_wscale;
228 ireq->sack_ok = tcp_opt.sack_ok; 227 ireq->sack_ok = tcp_opt.sack_ok;
@@ -254,14 +253,13 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb)
254 fl.fl_ip_dport = inet_rsk(req)->rmt_port; 253 fl.fl_ip_dport = inet_rsk(req)->rmt_port;
255 fl.fl_ip_sport = inet_sk(sk)->sport; 254 fl.fl_ip_sport = inet_sk(sk)->sport;
256 security_req_classify_flow(req, &fl); 255 security_req_classify_flow(req, &fl);
257 if (ip6_dst_lookup(sk, &dst, &fl)) { 256 if (ip6_dst_lookup(sk, &dst, &fl))
258 reqsk_free(req); 257 goto out_free;
259 goto out; 258
260 }
261 if (final_p) 259 if (final_p)
262 ipv6_addr_copy(&fl.fl6_dst, final_p); 260 ipv6_addr_copy(&fl.fl6_dst, final_p);
263 if ((xfrm_lookup(&dst, &fl, sk, 0)) < 0) 261 if ((xfrm_lookup(&dst, &fl, sk, 0)) < 0)
264 goto out; 262 goto out_free;
265 } 263 }
266 264
267 req->window_clamp = tp->window_clamp ? :dst_metric(dst, RTAX_WINDOW); 265 req->window_clamp = tp->window_clamp ? :dst_metric(dst, RTAX_WINDOW);
@@ -272,7 +270,10 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb)
272 ireq->rcv_wscale = rcv_wscale; 270 ireq->rcv_wscale = rcv_wscale;
273 271
274 ret = get_cookie_sock(sk, skb, req, dst); 272 ret = get_cookie_sock(sk, skb, req, dst);
275 273out:
276out: return ret; 274 return ret;
275out_free:
276 reqsk_free(req);
277 return NULL;
277} 278}
278 279
diff --git a/net/ipv6/sysctl_net_ipv6.c b/net/ipv6/sysctl_net_ipv6.c
index 5c99274558bf..e6dfaeac6be3 100644
--- a/net/ipv6/sysctl_net_ipv6.c
+++ b/net/ipv6/sysctl_net_ipv6.c
@@ -150,3 +150,19 @@ void ipv6_sysctl_unregister(void)
150 unregister_net_sysctl_table(ip6_header); 150 unregister_net_sysctl_table(ip6_header);
151 unregister_pernet_subsys(&ipv6_sysctl_net_ops); 151 unregister_pernet_subsys(&ipv6_sysctl_net_ops);
152} 152}
153
154static struct ctl_table_header *ip6_base;
155
156int ipv6_static_sysctl_register(void)
157{
158 static struct ctl_table empty[1];
159 ip6_base = register_net_sysctl_rotable(net_ipv6_ctl_path, empty);
160 if (ip6_base == NULL)
161 return -ENOMEM;
162 return 0;
163}
164
165void ipv6_static_sysctl_unregister(void)
166{
167 unregister_net_sysctl_table(ip6_base);
168}
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index ae45f9835014..5b90b369ccb2 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -69,7 +69,8 @@
69#include <linux/scatterlist.h> 69#include <linux/scatterlist.h>
70 70
71static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb); 71static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb);
72static void tcp_v6_reqsk_send_ack(struct sk_buff *skb, struct request_sock *req); 72static void tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
73 struct request_sock *req);
73 74
74static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb); 75static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb);
75 76
@@ -421,7 +422,7 @@ static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
421 /* ICMPs are not backlogged, hence we cannot get 422 /* ICMPs are not backlogged, hence we cannot get
422 * an established socket here. 423 * an established socket here.
423 */ 424 */
424 BUG_TRAP(req->sk == NULL); 425 WARN_ON(req->sk != NULL);
425 426
426 if (seq != tcp_rsk(req)->snt_isn) { 427 if (seq != tcp_rsk(req)->snt_isn) {
427 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS); 428 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
@@ -748,7 +749,7 @@ static int tcp_v6_md5_hash_pseudoheader(struct tcp_md5sig_pool *hp,
748 ipv6_addr_copy(&bp->saddr, saddr); 749 ipv6_addr_copy(&bp->saddr, saddr);
749 ipv6_addr_copy(&bp->daddr, daddr); 750 ipv6_addr_copy(&bp->daddr, daddr);
750 bp->protocol = cpu_to_be32(IPPROTO_TCP); 751 bp->protocol = cpu_to_be32(IPPROTO_TCP);
751 bp->len = cpu_to_be16(nbytes); 752 bp->len = cpu_to_be32(nbytes);
752 753
753 sg_init_one(&sg, bp, sizeof(*bp)); 754 sg_init_one(&sg, bp, sizeof(*bp));
754 return crypto_hash_update(&hp->md5_desc, &sg, sizeof(*bp)); 755 return crypto_hash_update(&hp->md5_desc, &sg, sizeof(*bp));
@@ -849,28 +850,17 @@ static int tcp_v6_inbound_md5_hash (struct sock *sk, struct sk_buff *skb)
849 hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr); 850 hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr);
850 hash_location = tcp_parse_md5sig_option(th); 851 hash_location = tcp_parse_md5sig_option(th);
851 852
852 /* do we have a hash as expected? */ 853 /* We've parsed the options - do we have a hash? */
853 if (!hash_expected) { 854 if (!hash_expected && !hash_location)
854 if (!hash_location) 855 return 0;
855 return 0; 856
856 if (net_ratelimit()) { 857 if (hash_expected && !hash_location) {
857 printk(KERN_INFO "MD5 Hash NOT expected but found " 858 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND);
858 "(" NIP6_FMT ", %u)->"
859 "(" NIP6_FMT ", %u)\n",
860 NIP6(ip6h->saddr), ntohs(th->source),
861 NIP6(ip6h->daddr), ntohs(th->dest));
862 }
863 return 1; 859 return 1;
864 } 860 }
865 861
866 if (!hash_location) { 862 if (!hash_expected && hash_location) {
867 if (net_ratelimit()) { 863 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED);
868 printk(KERN_INFO "MD5 Hash expected but NOT found "
869 "(" NIP6_FMT ", %u)->"
870 "(" NIP6_FMT ", %u)\n",
871 NIP6(ip6h->saddr), ntohs(th->source),
872 NIP6(ip6h->daddr), ntohs(th->dest));
873 }
874 return 1; 864 return 1;
875 } 865 }
876 866
@@ -1105,8 +1095,8 @@ static void tcp_v6_send_ack(struct sk_buff *skb, u32 seq, u32 ack, u32 win, u32
1105 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) | 1095 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
1106 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG); 1096 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
1107 tcp_v6_md5_hash_hdr((__u8 *)topt, key, 1097 tcp_v6_md5_hash_hdr((__u8 *)topt, key,
1108 &ipv6_hdr(skb)->daddr, 1098 &ipv6_hdr(skb)->saddr,
1109 &ipv6_hdr(skb)->saddr, t1); 1099 &ipv6_hdr(skb)->daddr, t1);
1110 } 1100 }
1111#endif 1101#endif
1112 1102
@@ -1149,10 +1139,11 @@ static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
1149 inet_twsk_put(tw); 1139 inet_twsk_put(tw);
1150} 1140}
1151 1141
1152static void tcp_v6_reqsk_send_ack(struct sk_buff *skb, struct request_sock *req) 1142static void tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
1143 struct request_sock *req)
1153{ 1144{
1154 tcp_v6_send_ack(skb, tcp_rsk(req)->snt_isn + 1, tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd, req->ts_recent, 1145 tcp_v6_send_ack(skb, tcp_rsk(req)->snt_isn + 1, tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd, req->ts_recent,
1155 tcp_v6_md5_do_lookup(skb->sk, &ipv6_hdr(skb)->daddr)); 1146 tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr));
1156} 1147}
1157 1148
1158 1149
diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
index d1477b350f76..a6aecf76a71b 100644
--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -379,7 +379,7 @@ static int __udp6_lib_mcast_deliver(struct net *net, struct sk_buff *skb,
379 uh->source, saddr, dif))) { 379 uh->source, saddr, dif))) {
380 struct sk_buff *buff = skb_clone(skb, GFP_ATOMIC); 380 struct sk_buff *buff = skb_clone(skb, GFP_ATOMIC);
381 if (buff) { 381 if (buff) {
382 bh_lock_sock_nested(sk2); 382 bh_lock_sock(sk2);
383 if (!sock_owned_by_user(sk2)) 383 if (!sock_owned_by_user(sk2))
384 udpv6_queue_rcv_skb(sk2, buff); 384 udpv6_queue_rcv_skb(sk2, buff);
385 else 385 else
@@ -387,7 +387,7 @@ static int __udp6_lib_mcast_deliver(struct net *net, struct sk_buff *skb,
387 bh_unlock_sock(sk2); 387 bh_unlock_sock(sk2);
388 } 388 }
389 } 389 }
390 bh_lock_sock_nested(sk); 390 bh_lock_sock(sk);
391 if (!sock_owned_by_user(sk)) 391 if (!sock_owned_by_user(sk))
392 udpv6_queue_rcv_skb(sk, skb); 392 udpv6_queue_rcv_skb(sk, skb);
393 else 393 else
@@ -508,7 +508,7 @@ int __udp6_lib_rcv(struct sk_buff *skb, struct hlist_head udptable[],
508 508
509 /* deliver */ 509 /* deliver */
510 510
511 bh_lock_sock_nested(sk); 511 bh_lock_sock(sk);
512 if (!sock_owned_by_user(sk)) 512 if (!sock_owned_by_user(sk))
513 udpv6_queue_rcv_skb(sk, skb); 513 udpv6_queue_rcv_skb(sk, skb);
514 else 514 else
diff --git a/net/ipv6/xfrm6_mode_beet.c b/net/ipv6/xfrm6_mode_beet.c
index d6ce400f585f..bbd48b101bae 100644
--- a/net/ipv6/xfrm6_mode_beet.c
+++ b/net/ipv6/xfrm6_mode_beet.c
@@ -40,16 +40,39 @@ static void xfrm6_beet_make_header(struct sk_buff *skb)
40static int xfrm6_beet_output(struct xfrm_state *x, struct sk_buff *skb) 40static int xfrm6_beet_output(struct xfrm_state *x, struct sk_buff *skb)
41{ 41{
42 struct ipv6hdr *top_iph; 42 struct ipv6hdr *top_iph;
43 43 struct ip_beet_phdr *ph;
44 skb_set_network_header(skb, -x->props.header_len); 44 struct iphdr *iphv4;
45 int optlen, hdr_len;
46
47 iphv4 = ip_hdr(skb);
48 hdr_len = 0;
49 optlen = XFRM_MODE_SKB_CB(skb)->optlen;
50 if (unlikely(optlen))
51 hdr_len += IPV4_BEET_PHMAXLEN - (optlen & 4);
52
53 skb_set_network_header(skb, -x->props.header_len - hdr_len);
54 if (x->sel.family != AF_INET6)
55 skb->network_header += IPV4_BEET_PHMAXLEN;
45 skb->mac_header = skb->network_header + 56 skb->mac_header = skb->network_header +
46 offsetof(struct ipv6hdr, nexthdr); 57 offsetof(struct ipv6hdr, nexthdr);
47 skb->transport_header = skb->network_header + sizeof(*top_iph); 58 skb->transport_header = skb->network_header + sizeof(*top_iph);
48 __skb_pull(skb, XFRM_MODE_SKB_CB(skb)->ihl); 59 ph = (struct ip_beet_phdr *)__skb_pull(skb, XFRM_MODE_SKB_CB(skb)->ihl-hdr_len);
49 60
50 xfrm6_beet_make_header(skb); 61 xfrm6_beet_make_header(skb);
51 62
52 top_iph = ipv6_hdr(skb); 63 top_iph = ipv6_hdr(skb);
64 if (unlikely(optlen)) {
65
66 BUG_ON(optlen < 0);
67
68 ph->padlen = 4 - (optlen & 4);
69 ph->hdrlen = optlen / 8;
70 ph->nexthdr = top_iph->nexthdr;
71 if (ph->padlen)
72 memset(ph + 1, IPOPT_NOP, ph->padlen);
73
74 top_iph->nexthdr = IPPROTO_BEETPH;
75 }
53 76
54 ipv6_addr_copy(&top_iph->saddr, (struct in6_addr *)&x->props.saddr); 77 ipv6_addr_copy(&top_iph->saddr, (struct in6_addr *)&x->props.saddr);
55 ipv6_addr_copy(&top_iph->daddr, (struct in6_addr *)&x->id.daddr); 78 ipv6_addr_copy(&top_iph->daddr, (struct in6_addr *)&x->id.daddr);
diff --git a/net/iucv/iucv.c b/net/iucv/iucv.c
index 265b1b289a32..705959b31e24 100644
--- a/net/iucv/iucv.c
+++ b/net/iucv/iucv.c
@@ -497,7 +497,7 @@ static void iucv_setmask_up(void)
497 /* Disable all cpu but the first in cpu_irq_cpumask. */ 497 /* Disable all cpu but the first in cpu_irq_cpumask. */
498 cpumask = iucv_irq_cpumask; 498 cpumask = iucv_irq_cpumask;
499 cpu_clear(first_cpu(iucv_irq_cpumask), cpumask); 499 cpu_clear(first_cpu(iucv_irq_cpumask), cpumask);
500 for_each_cpu_mask(cpu, cpumask) 500 for_each_cpu_mask_nr(cpu, cpumask)
501 smp_call_function_single(cpu, iucv_block_cpu, NULL, 1); 501 smp_call_function_single(cpu, iucv_block_cpu, NULL, 1);
502} 502}
503 503
diff --git a/net/key/af_key.c b/net/key/af_key.c
index f0fc46c8038d..d628df97e02e 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -96,8 +96,8 @@ static void pfkey_sock_destruct(struct sock *sk)
96 return; 96 return;
97 } 97 }
98 98
99 BUG_TRAP(!atomic_read(&sk->sk_rmem_alloc)); 99 WARN_ON(atomic_read(&sk->sk_rmem_alloc));
100 BUG_TRAP(!atomic_read(&sk->sk_wmem_alloc)); 100 WARN_ON(atomic_read(&sk->sk_wmem_alloc));
101 101
102 atomic_dec(&pfkey_socks_nr); 102 atomic_dec(&pfkey_socks_nr);
103} 103}
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index 8e7ba0e62cf5..297c257864c7 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -81,6 +81,7 @@ static int ieee80211_change_iface(struct wiphy *wiphy, int ifindex,
81 enum nl80211_iftype type, u32 *flags, 81 enum nl80211_iftype type, u32 *flags,
82 struct vif_params *params) 82 struct vif_params *params)
83{ 83{
84 struct ieee80211_local *local = wiphy_priv(wiphy);
84 struct net_device *dev; 85 struct net_device *dev;
85 enum ieee80211_if_types itype; 86 enum ieee80211_if_types itype;
86 struct ieee80211_sub_if_data *sdata; 87 struct ieee80211_sub_if_data *sdata;
@@ -95,6 +96,9 @@ static int ieee80211_change_iface(struct wiphy *wiphy, int ifindex,
95 if (itype == IEEE80211_IF_TYPE_INVALID) 96 if (itype == IEEE80211_IF_TYPE_INVALID)
96 return -EINVAL; 97 return -EINVAL;
97 98
99 if (dev == local->mdev)
100 return -EOPNOTSUPP;
101
98 sdata = IEEE80211_DEV_TO_SUB_IF(dev); 102 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
99 103
100 ret = ieee80211_if_change_type(sdata, itype); 104 ret = ieee80211_if_change_type(sdata, itype);
@@ -117,12 +121,16 @@ static int ieee80211_add_key(struct wiphy *wiphy, struct net_device *dev,
117 u8 key_idx, u8 *mac_addr, 121 u8 key_idx, u8 *mac_addr,
118 struct key_params *params) 122 struct key_params *params)
119{ 123{
124 struct ieee80211_local *local = wiphy_priv(wiphy);
120 struct ieee80211_sub_if_data *sdata; 125 struct ieee80211_sub_if_data *sdata;
121 struct sta_info *sta = NULL; 126 struct sta_info *sta = NULL;
122 enum ieee80211_key_alg alg; 127 enum ieee80211_key_alg alg;
123 struct ieee80211_key *key; 128 struct ieee80211_key *key;
124 int err; 129 int err;
125 130
131 if (dev == local->mdev)
132 return -EOPNOTSUPP;
133
126 sdata = IEEE80211_DEV_TO_SUB_IF(dev); 134 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
127 135
128 switch (params->cipher) { 136 switch (params->cipher) {
@@ -167,10 +175,14 @@ static int ieee80211_add_key(struct wiphy *wiphy, struct net_device *dev,
167static int ieee80211_del_key(struct wiphy *wiphy, struct net_device *dev, 175static int ieee80211_del_key(struct wiphy *wiphy, struct net_device *dev,
168 u8 key_idx, u8 *mac_addr) 176 u8 key_idx, u8 *mac_addr)
169{ 177{
178 struct ieee80211_local *local = wiphy_priv(wiphy);
170 struct ieee80211_sub_if_data *sdata; 179 struct ieee80211_sub_if_data *sdata;
171 struct sta_info *sta; 180 struct sta_info *sta;
172 int ret; 181 int ret;
173 182
183 if (dev == local->mdev)
184 return -EOPNOTSUPP;
185
174 sdata = IEEE80211_DEV_TO_SUB_IF(dev); 186 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
175 187
176 rcu_read_lock(); 188 rcu_read_lock();
@@ -211,7 +223,8 @@ static int ieee80211_get_key(struct wiphy *wiphy, struct net_device *dev,
211 void (*callback)(void *cookie, 223 void (*callback)(void *cookie,
212 struct key_params *params)) 224 struct key_params *params))
213{ 225{
214 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 226 struct ieee80211_local *local = wiphy_priv(wiphy);
227 struct ieee80211_sub_if_data *sdata;
215 struct sta_info *sta = NULL; 228 struct sta_info *sta = NULL;
216 u8 seq[6] = {0}; 229 u8 seq[6] = {0};
217 struct key_params params; 230 struct key_params params;
@@ -220,6 +233,11 @@ static int ieee80211_get_key(struct wiphy *wiphy, struct net_device *dev,
220 u16 iv16; 233 u16 iv16;
221 int err = -ENOENT; 234 int err = -ENOENT;
222 235
236 if (dev == local->mdev)
237 return -EOPNOTSUPP;
238
239 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
240
223 rcu_read_lock(); 241 rcu_read_lock();
224 242
225 if (mac_addr) { 243 if (mac_addr) {
@@ -293,8 +311,12 @@ static int ieee80211_config_default_key(struct wiphy *wiphy,
293 struct net_device *dev, 311 struct net_device *dev,
294 u8 key_idx) 312 u8 key_idx)
295{ 313{
314 struct ieee80211_local *local = wiphy_priv(wiphy);
296 struct ieee80211_sub_if_data *sdata; 315 struct ieee80211_sub_if_data *sdata;
297 316
317 if (dev == local->mdev)
318 return -EOPNOTSUPP;
319
298 rcu_read_lock(); 320 rcu_read_lock();
299 321
300 sdata = IEEE80211_DEV_TO_SUB_IF(dev); 322 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
@@ -475,9 +497,15 @@ static int ieee80211_config_beacon(struct ieee80211_sub_if_data *sdata,
475static int ieee80211_add_beacon(struct wiphy *wiphy, struct net_device *dev, 497static int ieee80211_add_beacon(struct wiphy *wiphy, struct net_device *dev,
476 struct beacon_parameters *params) 498 struct beacon_parameters *params)
477{ 499{
478 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 500 struct ieee80211_local *local = wiphy_priv(wiphy);
501 struct ieee80211_sub_if_data *sdata;
479 struct beacon_data *old; 502 struct beacon_data *old;
480 503
504 if (dev == local->mdev)
505 return -EOPNOTSUPP;
506
507 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
508
481 if (sdata->vif.type != IEEE80211_IF_TYPE_AP) 509 if (sdata->vif.type != IEEE80211_IF_TYPE_AP)
482 return -EINVAL; 510 return -EINVAL;
483 511
@@ -492,9 +520,15 @@ static int ieee80211_add_beacon(struct wiphy *wiphy, struct net_device *dev,
492static int ieee80211_set_beacon(struct wiphy *wiphy, struct net_device *dev, 520static int ieee80211_set_beacon(struct wiphy *wiphy, struct net_device *dev,
493 struct beacon_parameters *params) 521 struct beacon_parameters *params)
494{ 522{
495 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 523 struct ieee80211_local *local = wiphy_priv(wiphy);
524 struct ieee80211_sub_if_data *sdata;
496 struct beacon_data *old; 525 struct beacon_data *old;
497 526
527 if (dev == local->mdev)
528 return -EOPNOTSUPP;
529
530 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
531
498 if (sdata->vif.type != IEEE80211_IF_TYPE_AP) 532 if (sdata->vif.type != IEEE80211_IF_TYPE_AP)
499 return -EINVAL; 533 return -EINVAL;
500 534
@@ -508,9 +542,15 @@ static int ieee80211_set_beacon(struct wiphy *wiphy, struct net_device *dev,
508 542
509static int ieee80211_del_beacon(struct wiphy *wiphy, struct net_device *dev) 543static int ieee80211_del_beacon(struct wiphy *wiphy, struct net_device *dev)
510{ 544{
511 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 545 struct ieee80211_local *local = wiphy_priv(wiphy);
546 struct ieee80211_sub_if_data *sdata;
512 struct beacon_data *old; 547 struct beacon_data *old;
513 548
549 if (dev == local->mdev)
550 return -EOPNOTSUPP;
551
552 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
553
514 if (sdata->vif.type != IEEE80211_IF_TYPE_AP) 554 if (sdata->vif.type != IEEE80211_IF_TYPE_AP)
515 return -EINVAL; 555 return -EINVAL;
516 556
@@ -646,11 +686,14 @@ static void sta_apply_parameters(struct ieee80211_local *local,
646static int ieee80211_add_station(struct wiphy *wiphy, struct net_device *dev, 686static int ieee80211_add_station(struct wiphy *wiphy, struct net_device *dev,
647 u8 *mac, struct station_parameters *params) 687 u8 *mac, struct station_parameters *params)
648{ 688{
649 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 689 struct ieee80211_local *local = wiphy_priv(wiphy);
650 struct sta_info *sta; 690 struct sta_info *sta;
651 struct ieee80211_sub_if_data *sdata; 691 struct ieee80211_sub_if_data *sdata;
652 int err; 692 int err;
653 693
694 if (dev == local->mdev || params->vlan == local->mdev)
695 return -EOPNOTSUPP;
696
654 /* Prevent a race with changing the rate control algorithm */ 697 /* Prevent a race with changing the rate control algorithm */
655 if (!netif_running(dev)) 698 if (!netif_running(dev))
656 return -ENETDOWN; 699 return -ENETDOWN;
@@ -701,10 +744,15 @@ static int ieee80211_add_station(struct wiphy *wiphy, struct net_device *dev,
701static int ieee80211_del_station(struct wiphy *wiphy, struct net_device *dev, 744static int ieee80211_del_station(struct wiphy *wiphy, struct net_device *dev,
702 u8 *mac) 745 u8 *mac)
703{ 746{
704 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 747 struct ieee80211_local *local = wiphy_priv(wiphy);
705 struct ieee80211_local *local = sdata->local; 748 struct ieee80211_sub_if_data *sdata;
706 struct sta_info *sta; 749 struct sta_info *sta;
707 750
751 if (dev == local->mdev)
752 return -EOPNOTSUPP;
753
754 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
755
708 if (mac) { 756 if (mac) {
709 rcu_read_lock(); 757 rcu_read_lock();
710 758
@@ -730,10 +778,13 @@ static int ieee80211_change_station(struct wiphy *wiphy,
730 u8 *mac, 778 u8 *mac,
731 struct station_parameters *params) 779 struct station_parameters *params)
732{ 780{
733 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 781 struct ieee80211_local *local = wiphy_priv(wiphy);
734 struct sta_info *sta; 782 struct sta_info *sta;
735 struct ieee80211_sub_if_data *vlansdata; 783 struct ieee80211_sub_if_data *vlansdata;
736 784
785 if (dev == local->mdev || params->vlan == local->mdev)
786 return -EOPNOTSUPP;
787
737 rcu_read_lock(); 788 rcu_read_lock();
738 789
739 /* XXX: get sta belonging to dev */ 790 /* XXX: get sta belonging to dev */
@@ -752,7 +803,7 @@ static int ieee80211_change_station(struct wiphy *wiphy,
752 return -EINVAL; 803 return -EINVAL;
753 } 804 }
754 805
755 sta->sdata = IEEE80211_DEV_TO_SUB_IF(params->vlan); 806 sta->sdata = vlansdata;
756 ieee80211_send_layer2_update(sta); 807 ieee80211_send_layer2_update(sta);
757 } 808 }
758 809
@@ -767,15 +818,20 @@ static int ieee80211_change_station(struct wiphy *wiphy,
767static int ieee80211_add_mpath(struct wiphy *wiphy, struct net_device *dev, 818static int ieee80211_add_mpath(struct wiphy *wiphy, struct net_device *dev,
768 u8 *dst, u8 *next_hop) 819 u8 *dst, u8 *next_hop)
769{ 820{
770 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 821 struct ieee80211_local *local = wiphy_priv(wiphy);
771 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 822 struct ieee80211_sub_if_data *sdata;
772 struct mesh_path *mpath; 823 struct mesh_path *mpath;
773 struct sta_info *sta; 824 struct sta_info *sta;
774 int err; 825 int err;
775 826
827 if (dev == local->mdev)
828 return -EOPNOTSUPP;
829
776 if (!netif_running(dev)) 830 if (!netif_running(dev))
777 return -ENETDOWN; 831 return -ENETDOWN;
778 832
833 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
834
779 if (sdata->vif.type != IEEE80211_IF_TYPE_MESH_POINT) 835 if (sdata->vif.type != IEEE80211_IF_TYPE_MESH_POINT)
780 return -ENOTSUPP; 836 return -ENOTSUPP;
781 837
@@ -817,14 +873,19 @@ static int ieee80211_change_mpath(struct wiphy *wiphy,
817 struct net_device *dev, 873 struct net_device *dev,
818 u8 *dst, u8 *next_hop) 874 u8 *dst, u8 *next_hop)
819{ 875{
820 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 876 struct ieee80211_local *local = wiphy_priv(wiphy);
821 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 877 struct ieee80211_sub_if_data *sdata;
822 struct mesh_path *mpath; 878 struct mesh_path *mpath;
823 struct sta_info *sta; 879 struct sta_info *sta;
824 880
881 if (dev == local->mdev)
882 return -EOPNOTSUPP;
883
825 if (!netif_running(dev)) 884 if (!netif_running(dev))
826 return -ENETDOWN; 885 return -ENETDOWN;
827 886
887 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
888
828 if (sdata->vif.type != IEEE80211_IF_TYPE_MESH_POINT) 889 if (sdata->vif.type != IEEE80211_IF_TYPE_MESH_POINT)
829 return -ENOTSUPP; 890 return -ENOTSUPP;
830 891
@@ -891,9 +952,15 @@ static int ieee80211_get_mpath(struct wiphy *wiphy, struct net_device *dev,
891 u8 *dst, u8 *next_hop, struct mpath_info *pinfo) 952 u8 *dst, u8 *next_hop, struct mpath_info *pinfo)
892 953
893{ 954{
894 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 955 struct ieee80211_local *local = wiphy_priv(wiphy);
956 struct ieee80211_sub_if_data *sdata;
895 struct mesh_path *mpath; 957 struct mesh_path *mpath;
896 958
959 if (dev == local->mdev)
960 return -EOPNOTSUPP;
961
962 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
963
897 if (sdata->vif.type != IEEE80211_IF_TYPE_MESH_POINT) 964 if (sdata->vif.type != IEEE80211_IF_TYPE_MESH_POINT)
898 return -ENOTSUPP; 965 return -ENOTSUPP;
899 966
@@ -913,9 +980,15 @@ static int ieee80211_dump_mpath(struct wiphy *wiphy, struct net_device *dev,
913 int idx, u8 *dst, u8 *next_hop, 980 int idx, u8 *dst, u8 *next_hop,
914 struct mpath_info *pinfo) 981 struct mpath_info *pinfo)
915{ 982{
916 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 983 struct ieee80211_local *local = wiphy_priv(wiphy);
984 struct ieee80211_sub_if_data *sdata;
917 struct mesh_path *mpath; 985 struct mesh_path *mpath;
918 986
987 if (dev == local->mdev)
988 return -EOPNOTSUPP;
989
990 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
991
919 if (sdata->vif.type != IEEE80211_IF_TYPE_MESH_POINT) 992 if (sdata->vif.type != IEEE80211_IF_TYPE_MESH_POINT)
920 return -ENOTSUPP; 993 return -ENOTSUPP;
921 994
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index a4f9a832722a..ec59345af65b 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -82,6 +82,7 @@ struct ieee80211_sta_bss {
82 82
83 u8 bssid[ETH_ALEN]; 83 u8 bssid[ETH_ALEN];
84 u8 ssid[IEEE80211_MAX_SSID_LEN]; 84 u8 ssid[IEEE80211_MAX_SSID_LEN];
85 u8 dtim_period;
85 u16 capability; /* host byte order */ 86 u16 capability; /* host byte order */
86 enum ieee80211_band band; 87 enum ieee80211_band band;
87 int freq; 88 int freq;
@@ -586,6 +587,7 @@ struct ieee80211_local {
586 struct timer_list sta_cleanup; 587 struct timer_list sta_cleanup;
587 588
588 unsigned long queues_pending[BITS_TO_LONGS(IEEE80211_MAX_QUEUES)]; 589 unsigned long queues_pending[BITS_TO_LONGS(IEEE80211_MAX_QUEUES)];
590 unsigned long queues_pending_run[BITS_TO_LONGS(IEEE80211_MAX_QUEUES)];
589 struct ieee80211_tx_stored_packet pending_packet[IEEE80211_MAX_QUEUES]; 591 struct ieee80211_tx_stored_packet pending_packet[IEEE80211_MAX_QUEUES];
590 struct tasklet_struct tx_pending_tasklet; 592 struct tasklet_struct tx_pending_tasklet;
591 593
diff --git a/net/mac80211/main.c b/net/mac80211/main.c
index f1a83d450ea0..aa5a191598c9 100644
--- a/net/mac80211/main.c
+++ b/net/mac80211/main.c
@@ -245,10 +245,13 @@ static int ieee80211_open(struct net_device *dev)
245 case IEEE80211_IF_TYPE_AP: 245 case IEEE80211_IF_TYPE_AP:
246 sdata->bss = &sdata->u.ap; 246 sdata->bss = &sdata->u.ap;
247 break; 247 break;
248 case IEEE80211_IF_TYPE_MESH_POINT:
249 /* mesh ifaces must set allmulti to forward mcast traffic */
250 atomic_inc(&local->iff_allmultis);
251 break;
248 case IEEE80211_IF_TYPE_STA: 252 case IEEE80211_IF_TYPE_STA:
249 case IEEE80211_IF_TYPE_MNTR: 253 case IEEE80211_IF_TYPE_MNTR:
250 case IEEE80211_IF_TYPE_IBSS: 254 case IEEE80211_IF_TYPE_IBSS:
251 case IEEE80211_IF_TYPE_MESH_POINT:
252 /* no special treatment */ 255 /* no special treatment */
253 break; 256 break;
254 case IEEE80211_IF_TYPE_INVALID: 257 case IEEE80211_IF_TYPE_INVALID:
@@ -495,6 +498,9 @@ static int ieee80211_stop(struct net_device *dev)
495 netif_addr_unlock_bh(local->mdev); 498 netif_addr_unlock_bh(local->mdev);
496 break; 499 break;
497 case IEEE80211_IF_TYPE_MESH_POINT: 500 case IEEE80211_IF_TYPE_MESH_POINT:
501 /* allmulti is always set on mesh ifaces */
502 atomic_dec(&local->iff_allmultis);
503 /* fall through */
498 case IEEE80211_IF_TYPE_STA: 504 case IEEE80211_IF_TYPE_STA:
499 case IEEE80211_IF_TYPE_IBSS: 505 case IEEE80211_IF_TYPE_IBSS:
500 sdata->u.sta.state = IEEE80211_DISABLED; 506 sdata->u.sta.state = IEEE80211_DISABLED;
@@ -1233,18 +1239,12 @@ static void ieee80211_tasklet_handler(unsigned long data)
1233/* Remove added headers (e.g., QoS control), encryption header/MIC, etc. to 1239/* Remove added headers (e.g., QoS control), encryption header/MIC, etc. to
1234 * make a prepared TX frame (one that has been given to hw) to look like brand 1240 * make a prepared TX frame (one that has been given to hw) to look like brand
1235 * new IEEE 802.11 frame that is ready to go through TX processing again. 1241 * new IEEE 802.11 frame that is ready to go through TX processing again.
1236 * Also, tx_packet_data in cb is restored from tx_control. */ 1242 */
1237static void ieee80211_remove_tx_extra(struct ieee80211_local *local, 1243static void ieee80211_remove_tx_extra(struct ieee80211_local *local,
1238 struct ieee80211_key *key, 1244 struct ieee80211_key *key,
1239 struct sk_buff *skb) 1245 struct sk_buff *skb)
1240{ 1246{
1241 int hdrlen, iv_len, mic_len; 1247 int hdrlen, iv_len, mic_len;
1242 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1243
1244 info->flags &= IEEE80211_TX_CTL_REQ_TX_STATUS |
1245 IEEE80211_TX_CTL_DO_NOT_ENCRYPT |
1246 IEEE80211_TX_CTL_REQUEUE |
1247 IEEE80211_TX_CTL_EAPOL_FRAME;
1248 1248
1249 hdrlen = ieee80211_get_hdrlen_from_skb(skb); 1249 hdrlen = ieee80211_get_hdrlen_from_skb(skb);
1250 1250
@@ -1695,6 +1695,11 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
1695 if (local->hw.conf.beacon_int < 10) 1695 if (local->hw.conf.beacon_int < 10)
1696 local->hw.conf.beacon_int = 100; 1696 local->hw.conf.beacon_int = 100;
1697 1697
1698 if (local->hw.max_listen_interval == 0)
1699 local->hw.max_listen_interval = 1;
1700
1701 local->hw.conf.listen_interval = local->hw.max_listen_interval;
1702
1698 local->wstats_flags |= local->hw.flags & (IEEE80211_HW_SIGNAL_UNSPEC | 1703 local->wstats_flags |= local->hw.flags & (IEEE80211_HW_SIGNAL_UNSPEC |
1699 IEEE80211_HW_SIGNAL_DB | 1704 IEEE80211_HW_SIGNAL_DB |
1700 IEEE80211_HW_SIGNAL_DBM) ? 1705 IEEE80211_HW_SIGNAL_DBM) ?
@@ -1731,8 +1736,8 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
1731 result = ieee80211_wep_init(local); 1736 result = ieee80211_wep_init(local);
1732 1737
1733 if (result < 0) { 1738 if (result < 0) {
1734 printk(KERN_DEBUG "%s: Failed to initialize wep\n", 1739 printk(KERN_DEBUG "%s: Failed to initialize wep: %d\n",
1735 wiphy_name(local->hw.wiphy)); 1740 wiphy_name(local->hw.wiphy), result);
1736 goto fail_wep; 1741 goto fail_wep;
1737 } 1742 }
1738 1743
diff --git a/net/mac80211/mesh.h b/net/mac80211/mesh.h
index 669eafafe497..7495fbb0d211 100644
--- a/net/mac80211/mesh.h
+++ b/net/mac80211/mesh.h
@@ -214,8 +214,7 @@ void ieee80211s_stop(void);
214void ieee80211_mesh_init_sdata(struct ieee80211_sub_if_data *sdata); 214void ieee80211_mesh_init_sdata(struct ieee80211_sub_if_data *sdata);
215 215
216/* Mesh paths */ 216/* Mesh paths */
217int mesh_nexthop_lookup(u8 *next_hop, struct sk_buff *skb, 217int mesh_nexthop_lookup(struct sk_buff *skb, struct net_device *dev);
218 struct net_device *dev);
219void mesh_path_start_discovery(struct net_device *dev); 218void mesh_path_start_discovery(struct net_device *dev);
220struct mesh_path *mesh_path_lookup(u8 *dst, struct net_device *dev); 219struct mesh_path *mesh_path_lookup(u8 *dst, struct net_device *dev);
221struct mesh_path *mesh_path_lookup_by_idx(int idx, struct net_device *dev); 220struct mesh_path *mesh_path_lookup_by_idx(int idx, struct net_device *dev);
@@ -286,6 +285,4 @@ static inline void mesh_path_activate(struct mesh_path *mpath)
286#define mesh_allocated 0 285#define mesh_allocated 0
287#endif 286#endif
288 287
289#define MESH_PREQ(skb) (skb->cb + 30)
290
291#endif /* IEEE80211S_H */ 288#endif /* IEEE80211S_H */
diff --git a/net/mac80211/mesh_hwmp.c b/net/mac80211/mesh_hwmp.c
index 7fa149e230e6..08aca446ca01 100644
--- a/net/mac80211/mesh_hwmp.c
+++ b/net/mac80211/mesh_hwmp.c
@@ -758,29 +758,30 @@ enddiscovery:
758/** 758/**
759 * ieee80211s_lookup_nexthop - put the appropriate next hop on a mesh frame 759 * ieee80211s_lookup_nexthop - put the appropriate next hop on a mesh frame
760 * 760 *
761 * @next_hop: output argument for next hop address 761 * @skb: 802.11 frame to be sent
762 * @skb: frame to be sent
763 * @dev: network device the frame will be sent through 762 * @dev: network device the frame will be sent through
763 * @fwd_frame: true if this frame was originally from a different host
764 * 764 *
765 * Returns: 0 if the next hop was found. Nonzero otherwise. If no next hop is 765 * Returns: 0 if the next hop was found. Nonzero otherwise. If no next hop is
766 * found, the function will start a path discovery and queue the frame so it is 766 * found, the function will start a path discovery and queue the frame so it is
767 * sent when the path is resolved. This means the caller must not free the skb 767 * sent when the path is resolved. This means the caller must not free the skb
768 * in this case. 768 * in this case.
769 */ 769 */
770int mesh_nexthop_lookup(u8 *next_hop, struct sk_buff *skb, 770int mesh_nexthop_lookup(struct sk_buff *skb, struct net_device *dev)
771 struct net_device *dev)
772{ 771{
773 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 772 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
774 struct sk_buff *skb_to_free = NULL; 773 struct sk_buff *skb_to_free = NULL;
775 struct mesh_path *mpath; 774 struct mesh_path *mpath;
775 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
776 u8 *dst_addr = hdr->addr3;
776 int err = 0; 777 int err = 0;
777 778
778 rcu_read_lock(); 779 rcu_read_lock();
779 mpath = mesh_path_lookup(skb->data, dev); 780 mpath = mesh_path_lookup(dst_addr, dev);
780 781
781 if (!mpath) { 782 if (!mpath) {
782 mesh_path_add(skb->data, dev); 783 mesh_path_add(dst_addr, dev);
783 mpath = mesh_path_lookup(skb->data, dev); 784 mpath = mesh_path_lookup(dst_addr, dev);
784 if (!mpath) { 785 if (!mpath) {
785 dev_kfree_skb(skb); 786 dev_kfree_skb(skb);
786 sdata->u.sta.mshstats.dropped_frames_no_route++; 787 sdata->u.sta.mshstats.dropped_frames_no_route++;
@@ -792,13 +793,13 @@ int mesh_nexthop_lookup(u8 *next_hop, struct sk_buff *skb,
792 if (mpath->flags & MESH_PATH_ACTIVE) { 793 if (mpath->flags & MESH_PATH_ACTIVE) {
793 if (time_after(jiffies, mpath->exp_time - 794 if (time_after(jiffies, mpath->exp_time -
794 msecs_to_jiffies(sdata->u.sta.mshcfg.path_refresh_time)) 795 msecs_to_jiffies(sdata->u.sta.mshcfg.path_refresh_time))
795 && skb->pkt_type != PACKET_OTHERHOST 796 && !memcmp(dev->dev_addr, hdr->addr4, ETH_ALEN)
796 && !(mpath->flags & MESH_PATH_RESOLVING) 797 && !(mpath->flags & MESH_PATH_RESOLVING)
797 && !(mpath->flags & MESH_PATH_FIXED)) { 798 && !(mpath->flags & MESH_PATH_FIXED)) {
798 mesh_queue_preq(mpath, 799 mesh_queue_preq(mpath,
799 PREQ_Q_F_START | PREQ_Q_F_REFRESH); 800 PREQ_Q_F_START | PREQ_Q_F_REFRESH);
800 } 801 }
801 memcpy(next_hop, mpath->next_hop->addr, 802 memcpy(hdr->addr1, mpath->next_hop->addr,
802 ETH_ALEN); 803 ETH_ALEN);
803 } else { 804 } else {
804 if (!(mpath->flags & MESH_PATH_RESOLVING)) { 805 if (!(mpath->flags & MESH_PATH_RESOLVING)) {
diff --git a/net/mac80211/mesh_pathtbl.c b/net/mac80211/mesh_pathtbl.c
index 5f88a2e6ee50..838ee60492ad 100644
--- a/net/mac80211/mesh_pathtbl.c
+++ b/net/mac80211/mesh_pathtbl.c
@@ -388,18 +388,15 @@ void mesh_path_tx_pending(struct mesh_path *mpath)
388void mesh_path_discard_frame(struct sk_buff *skb, struct net_device *dev) 388void mesh_path_discard_frame(struct sk_buff *skb, struct net_device *dev)
389{ 389{
390 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 390 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
391 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
391 struct mesh_path *mpath; 392 struct mesh_path *mpath;
392 u32 dsn = 0; 393 u32 dsn = 0;
393 394
394 if (skb->pkt_type == PACKET_OTHERHOST) { 395 if (memcmp(hdr->addr4, dev->dev_addr, ETH_ALEN) != 0) {
395 struct ieee80211s_hdr *prev_meshhdr;
396 int mshhdrlen;
397 u8 *ra, *da; 396 u8 *ra, *da;
398 397
399 prev_meshhdr = ((struct ieee80211s_hdr *)skb->cb); 398 da = hdr->addr3;
400 mshhdrlen = ieee80211_get_mesh_hdrlen(prev_meshhdr); 399 ra = hdr->addr2;
401 da = skb->data;
402 ra = MESH_PREQ(skb);
403 mpath = mesh_path_lookup(da, dev); 400 mpath = mesh_path_lookup(da, dev);
404 if (mpath) 401 if (mpath)
405 dsn = ++mpath->dsn; 402 dsn = ++mpath->dsn;
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index d7c371e36bf0..e1d11c9b6729 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -551,6 +551,7 @@ static void ieee80211_set_associated(struct net_device *dev,
551 /* set timing information */ 551 /* set timing information */
552 sdata->bss_conf.beacon_int = bss->beacon_int; 552 sdata->bss_conf.beacon_int = bss->beacon_int;
553 sdata->bss_conf.timestamp = bss->timestamp; 553 sdata->bss_conf.timestamp = bss->timestamp;
554 sdata->bss_conf.dtim_period = bss->dtim_period;
554 555
555 changed |= ieee80211_handle_bss_capability(sdata, bss); 556 changed |= ieee80211_handle_bss_capability(sdata, bss);
556 557
@@ -606,7 +607,6 @@ void ieee80211_sta_tx(struct net_device *dev, struct sk_buff *skb,
606 int encrypt) 607 int encrypt)
607{ 608{
608 struct ieee80211_sub_if_data *sdata; 609 struct ieee80211_sub_if_data *sdata;
609 struct ieee80211_tx_info *info;
610 610
611 sdata = IEEE80211_DEV_TO_SUB_IF(dev); 611 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
612 skb->dev = sdata->local->mdev; 612 skb->dev = sdata->local->mdev;
@@ -614,11 +614,8 @@ void ieee80211_sta_tx(struct net_device *dev, struct sk_buff *skb,
614 skb_set_network_header(skb, 0); 614 skb_set_network_header(skb, 0);
615 skb_set_transport_header(skb, 0); 615 skb_set_transport_header(skb, 0);
616 616
617 info = IEEE80211_SKB_CB(skb); 617 skb->iif = sdata->dev->ifindex;
618 memset(info, 0, sizeof(struct ieee80211_tx_info)); 618 skb->do_not_encrypt = !encrypt;
619 info->control.ifindex = sdata->dev->ifindex;
620 if (!encrypt)
621 info->flags |= IEEE80211_TX_CTL_DO_NOT_ENCRYPT;
622 619
623 dev_queue_xmit(skb); 620 dev_queue_xmit(skb);
624} 621}
@@ -777,7 +774,8 @@ static void ieee80211_send_assoc(struct net_device *dev,
777 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT, 774 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
778 IEEE80211_STYPE_REASSOC_REQ); 775 IEEE80211_STYPE_REASSOC_REQ);
779 mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab); 776 mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab);
780 mgmt->u.reassoc_req.listen_interval = cpu_to_le16(1); 777 mgmt->u.reassoc_req.listen_interval =
778 cpu_to_le16(local->hw.conf.listen_interval);
781 memcpy(mgmt->u.reassoc_req.current_ap, ifsta->prev_bssid, 779 memcpy(mgmt->u.reassoc_req.current_ap, ifsta->prev_bssid,
782 ETH_ALEN); 780 ETH_ALEN);
783 } else { 781 } else {
@@ -785,7 +783,8 @@ static void ieee80211_send_assoc(struct net_device *dev,
785 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT, 783 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
786 IEEE80211_STYPE_ASSOC_REQ); 784 IEEE80211_STYPE_ASSOC_REQ);
787 mgmt->u.assoc_req.capab_info = cpu_to_le16(capab); 785 mgmt->u.assoc_req.capab_info = cpu_to_le16(capab);
788 mgmt->u.assoc_req.listen_interval = cpu_to_le16(1); 786 mgmt->u.reassoc_req.listen_interval =
787 cpu_to_le16(local->hw.conf.listen_interval);
789 } 788 }
790 789
791 /* SSID */ 790 /* SSID */
@@ -2692,6 +2691,16 @@ static void ieee80211_rx_bss_info(struct net_device *dev,
2692 bss->beacon_int = le16_to_cpu(mgmt->u.beacon.beacon_int); 2691 bss->beacon_int = le16_to_cpu(mgmt->u.beacon.beacon_int);
2693 bss->capability = le16_to_cpu(mgmt->u.beacon.capab_info); 2692 bss->capability = le16_to_cpu(mgmt->u.beacon.capab_info);
2694 2693
2694 if (elems->tim) {
2695 struct ieee80211_tim_ie *tim_ie =
2696 (struct ieee80211_tim_ie *)elems->tim;
2697 bss->dtim_period = tim_ie->dtim_period;
2698 }
2699
2700 /* set default value for buggy APs */
2701 if (!elems->tim || bss->dtim_period == 0)
2702 bss->dtim_period = 1;
2703
2695 bss->supp_rates_len = 0; 2704 bss->supp_rates_len = 0;
2696 if (elems->supp_rates) { 2705 if (elems->supp_rates) {
2697 clen = IEEE80211_MAX_SUPP_RATES - bss->supp_rates_len; 2706 clen = IEEE80211_MAX_SUPP_RATES - bss->supp_rates_len;
@@ -3303,6 +3312,7 @@ void ieee80211_start_mesh(struct net_device *dev)
3303 ifsta = &sdata->u.sta; 3312 ifsta = &sdata->u.sta;
3304 ifsta->state = IEEE80211_MESH_UP; 3313 ifsta->state = IEEE80211_MESH_UP;
3305 ieee80211_sta_timer((unsigned long)sdata); 3314 ieee80211_sta_timer((unsigned long)sdata);
3315 ieee80211_if_config(sdata, IEEE80211_IFCC_BEACON);
3306} 3316}
3307#endif 3317#endif
3308 3318
@@ -3653,11 +3663,21 @@ static int ieee80211_sta_find_ibss(struct net_device *dev,
3653 "%s\n", print_mac(mac, bssid), 3663 "%s\n", print_mac(mac, bssid),
3654 print_mac(mac2, ifsta->bssid)); 3664 print_mac(mac2, ifsta->bssid));
3655#endif /* CONFIG_MAC80211_IBSS_DEBUG */ 3665#endif /* CONFIG_MAC80211_IBSS_DEBUG */
3656 if (found && memcmp(ifsta->bssid, bssid, ETH_ALEN) != 0 && 3666
3657 (bss = ieee80211_rx_bss_get(dev, bssid, 3667 if (found && memcmp(ifsta->bssid, bssid, ETH_ALEN) != 0) {
3658 local->hw.conf.channel->center_freq,
3659 ifsta->ssid, ifsta->ssid_len))) {
3660 int ret; 3668 int ret;
3669 int search_freq;
3670
3671 if (ifsta->flags & IEEE80211_STA_AUTO_CHANNEL_SEL)
3672 search_freq = bss->freq;
3673 else
3674 search_freq = local->hw.conf.channel->center_freq;
3675
3676 bss = ieee80211_rx_bss_get(dev, bssid, search_freq,
3677 ifsta->ssid, ifsta->ssid_len);
3678 if (!bss)
3679 goto dont_join;
3680
3661 printk(KERN_DEBUG "%s: Selected IBSS BSSID %s" 3681 printk(KERN_DEBUG "%s: Selected IBSS BSSID %s"
3662 " based on configured SSID\n", 3682 " based on configured SSID\n",
3663 dev->name, print_mac(mac, bssid)); 3683 dev->name, print_mac(mac, bssid));
@@ -3665,6 +3685,8 @@ static int ieee80211_sta_find_ibss(struct net_device *dev,
3665 ieee80211_rx_bss_put(local, bss); 3685 ieee80211_rx_bss_put(local, bss);
3666 return ret; 3686 return ret;
3667 } 3687 }
3688
3689dont_join:
3668#ifdef CONFIG_MAC80211_IBSS_DEBUG 3690#ifdef CONFIG_MAC80211_IBSS_DEBUG
3669 printk(KERN_DEBUG " did not try to join ibss\n"); 3691 printk(KERN_DEBUG " did not try to join ibss\n");
3670#endif /* CONFIG_MAC80211_IBSS_DEBUG */ 3692#endif /* CONFIG_MAC80211_IBSS_DEBUG */
@@ -3898,7 +3920,7 @@ done:
3898 if (sdata->vif.type == IEEE80211_IF_TYPE_IBSS) { 3920 if (sdata->vif.type == IEEE80211_IF_TYPE_IBSS) {
3899 struct ieee80211_if_sta *ifsta = &sdata->u.sta; 3921 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
3900 if (!(ifsta->flags & IEEE80211_STA_BSSID_SET) || 3922 if (!(ifsta->flags & IEEE80211_STA_BSSID_SET) ||
3901 (!ifsta->state == IEEE80211_IBSS_JOINED && 3923 (!(ifsta->state == IEEE80211_IBSS_JOINED) &&
3902 !ieee80211_sta_active_ibss(dev))) 3924 !ieee80211_sta_active_ibss(dev)))
3903 ieee80211_sta_find_ibss(dev, ifsta); 3925 ieee80211_sta_find_ibss(dev, ifsta);
3904 } 3926 }
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 6d9ae67c27ca..6db854505193 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -1109,20 +1109,9 @@ ieee80211_data_to_8023(struct ieee80211_rx_data *rx)
1109 1109
1110 hdrlen = ieee80211_get_hdrlen(fc); 1110 hdrlen = ieee80211_get_hdrlen(fc);
1111 1111
1112 if (ieee80211_vif_is_mesh(&sdata->vif)) { 1112 if (ieee80211_vif_is_mesh(&sdata->vif))
1113 int meshhdrlen = ieee80211_get_mesh_hdrlen( 1113 hdrlen += ieee80211_get_mesh_hdrlen(
1114 (struct ieee80211s_hdr *) (skb->data + hdrlen)); 1114 (struct ieee80211s_hdr *) (skb->data + hdrlen));
1115 /* Copy on cb:
1116 * - mesh header: to be used for mesh forwarding
1117 * decision. It will also be used as mesh header template at
1118 * tx.c:ieee80211_subif_start_xmit() if interface
1119 * type is mesh and skb->pkt_type == PACKET_OTHERHOST
1120 * - ta: to be used if a RERR needs to be sent.
1121 */
1122 memcpy(skb->cb, skb->data + hdrlen, meshhdrlen);
1123 memcpy(MESH_PREQ(skb), hdr->addr2, ETH_ALEN);
1124 hdrlen += meshhdrlen;
1125 }
1126 1115
1127 /* convert IEEE 802.11 header + possible LLC headers into Ethernet 1116 /* convert IEEE 802.11 header + possible LLC headers into Ethernet
1128 * header 1117 * header
@@ -1269,38 +1258,6 @@ ieee80211_deliver_skb(struct ieee80211_rx_data *rx)
1269 } 1258 }
1270 } 1259 }
1271 1260
1272 /* Mesh forwarding */
1273 if (ieee80211_vif_is_mesh(&sdata->vif)) {
1274 u8 *mesh_ttl = &((struct ieee80211s_hdr *)skb->cb)->ttl;
1275 (*mesh_ttl)--;
1276
1277 if (is_multicast_ether_addr(skb->data)) {
1278 if (*mesh_ttl > 0) {
1279 xmit_skb = skb_copy(skb, GFP_ATOMIC);
1280 if (xmit_skb)
1281 xmit_skb->pkt_type = PACKET_OTHERHOST;
1282 else if (net_ratelimit())
1283 printk(KERN_DEBUG "%s: failed to clone "
1284 "multicast frame\n", dev->name);
1285 } else
1286 IEEE80211_IFSTA_MESH_CTR_INC(&sdata->u.sta,
1287 dropped_frames_ttl);
1288 } else if (skb->pkt_type != PACKET_OTHERHOST &&
1289 compare_ether_addr(dev->dev_addr, skb->data) != 0) {
1290 if (*mesh_ttl == 0) {
1291 IEEE80211_IFSTA_MESH_CTR_INC(&sdata->u.sta,
1292 dropped_frames_ttl);
1293 dev_kfree_skb(skb);
1294 skb = NULL;
1295 } else {
1296 xmit_skb = skb;
1297 xmit_skb->pkt_type = PACKET_OTHERHOST;
1298 if (!(dev->flags & IFF_PROMISC))
1299 skb = NULL;
1300 }
1301 }
1302 }
1303
1304 if (skb) { 1261 if (skb) {
1305 /* deliver to local stack */ 1262 /* deliver to local stack */
1306 skb->protocol = eth_type_trans(skb, dev); 1263 skb->protocol = eth_type_trans(skb, dev);
@@ -1431,6 +1388,63 @@ ieee80211_rx_h_amsdu(struct ieee80211_rx_data *rx)
1431} 1388}
1432 1389
1433static ieee80211_rx_result debug_noinline 1390static ieee80211_rx_result debug_noinline
1391ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx)
1392{
1393 struct ieee80211_hdr *hdr;
1394 struct ieee80211s_hdr *mesh_hdr;
1395 unsigned int hdrlen;
1396 struct sk_buff *skb = rx->skb, *fwd_skb;
1397
1398 hdr = (struct ieee80211_hdr *) skb->data;
1399 hdrlen = ieee80211_hdrlen(hdr->frame_control);
1400 mesh_hdr = (struct ieee80211s_hdr *) (skb->data + hdrlen);
1401
1402 if (!ieee80211_is_data(hdr->frame_control))
1403 return RX_CONTINUE;
1404
1405 if (!mesh_hdr->ttl)
1406 /* illegal frame */
1407 return RX_DROP_MONITOR;
1408
1409 if (compare_ether_addr(rx->dev->dev_addr, hdr->addr3) == 0)
1410 return RX_CONTINUE;
1411
1412 mesh_hdr->ttl--;
1413
1414 if (rx->flags & IEEE80211_RX_RA_MATCH) {
1415 if (!mesh_hdr->ttl)
1416 IEEE80211_IFSTA_MESH_CTR_INC(&rx->sdata->u.sta,
1417 dropped_frames_ttl);
1418 else {
1419 struct ieee80211_hdr *fwd_hdr;
1420 fwd_skb = skb_copy(skb, GFP_ATOMIC);
1421
1422 if (!fwd_skb && net_ratelimit())
1423 printk(KERN_DEBUG "%s: failed to clone mesh frame\n",
1424 rx->dev->name);
1425
1426 fwd_hdr = (struct ieee80211_hdr *) fwd_skb->data;
1427 /*
1428 * Save TA to addr1 to send TA a path error if a
1429 * suitable next hop is not found
1430 */
1431 memcpy(fwd_hdr->addr1, fwd_hdr->addr2, ETH_ALEN);
1432 memcpy(fwd_hdr->addr2, rx->dev->dev_addr, ETH_ALEN);
1433 fwd_skb->dev = rx->local->mdev;
1434 fwd_skb->iif = rx->dev->ifindex;
1435 dev_queue_xmit(fwd_skb);
1436 }
1437 }
1438
1439 if (is_multicast_ether_addr(hdr->addr3) ||
1440 rx->dev->flags & IFF_PROMISC)
1441 return RX_CONTINUE;
1442 else
1443 return RX_DROP_MONITOR;
1444}
1445
1446
1447static ieee80211_rx_result debug_noinline
1434ieee80211_rx_h_data(struct ieee80211_rx_data *rx) 1448ieee80211_rx_h_data(struct ieee80211_rx_data *rx)
1435{ 1449{
1436 struct net_device *dev = rx->dev; 1450 struct net_device *dev = rx->dev;
@@ -1663,10 +1677,12 @@ static void ieee80211_invoke_rx_handlers(struct ieee80211_sub_if_data *sdata,
1663 rx->sdata = sdata; 1677 rx->sdata = sdata;
1664 rx->dev = sdata->dev; 1678 rx->dev = sdata->dev;
1665 1679
1666#define CALL_RXH(rxh) \ 1680#define CALL_RXH(rxh) \
1667 res = rxh(rx); \ 1681 do { \
1668 if (res != RX_CONTINUE) \ 1682 res = rxh(rx); \
1669 goto rxh_done; 1683 if (res != RX_CONTINUE) \
1684 goto rxh_done; \
1685 } while (0);
1670 1686
1671 CALL_RXH(ieee80211_rx_h_passive_scan) 1687 CALL_RXH(ieee80211_rx_h_passive_scan)
1672 CALL_RXH(ieee80211_rx_h_check) 1688 CALL_RXH(ieee80211_rx_h_check)
@@ -1678,6 +1694,8 @@ static void ieee80211_invoke_rx_handlers(struct ieee80211_sub_if_data *sdata,
1678 /* must be after MMIC verify so header is counted in MPDU mic */ 1694 /* must be after MMIC verify so header is counted in MPDU mic */
1679 CALL_RXH(ieee80211_rx_h_remove_qos_control) 1695 CALL_RXH(ieee80211_rx_h_remove_qos_control)
1680 CALL_RXH(ieee80211_rx_h_amsdu) 1696 CALL_RXH(ieee80211_rx_h_amsdu)
1697 if (ieee80211_vif_is_mesh(&sdata->vif))
1698 CALL_RXH(ieee80211_rx_h_mesh_fwding);
1681 CALL_RXH(ieee80211_rx_h_data) 1699 CALL_RXH(ieee80211_rx_h_data)
1682 CALL_RXH(ieee80211_rx_h_ctrl) 1700 CALL_RXH(ieee80211_rx_h_ctrl)
1683 CALL_RXH(ieee80211_rx_h_mgmt) 1701 CALL_RXH(ieee80211_rx_h_mgmt)
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index 0fbadd8b983c..4788f7b91f49 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -305,7 +305,7 @@ static void purge_old_ps_buffers(struct ieee80211_local *local)
305 rcu_read_unlock(); 305 rcu_read_unlock();
306 306
307 local->total_ps_buffered = total; 307 local->total_ps_buffered = total;
308#ifdef MAC80211_VERBOSE_PS_DEBUG 308#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
309 printk(KERN_DEBUG "%s: PS buffers full - purged %d frames\n", 309 printk(KERN_DEBUG "%s: PS buffers full - purged %d frames\n",
310 wiphy_name(local->hw.wiphy), purged); 310 wiphy_name(local->hw.wiphy), purged);
311#endif 311#endif
@@ -342,7 +342,7 @@ ieee80211_tx_h_multicast_ps_buf(struct ieee80211_tx_data *tx)
342 purge_old_ps_buffers(tx->local); 342 purge_old_ps_buffers(tx->local);
343 if (skb_queue_len(&tx->sdata->bss->ps_bc_buf) >= 343 if (skb_queue_len(&tx->sdata->bss->ps_bc_buf) >=
344 AP_MAX_BC_BUFFER) { 344 AP_MAX_BC_BUFFER) {
345#ifdef MAC80211_VERBOSE_PS_DEBUG 345#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
346 if (net_ratelimit()) { 346 if (net_ratelimit()) {
347 printk(KERN_DEBUG "%s: BC TX buffer full - " 347 printk(KERN_DEBUG "%s: BC TX buffer full - "
348 "dropping the oldest frame\n", 348 "dropping the oldest frame\n",
@@ -389,7 +389,7 @@ ieee80211_tx_h_unicast_ps_buf(struct ieee80211_tx_data *tx)
389 purge_old_ps_buffers(tx->local); 389 purge_old_ps_buffers(tx->local);
390 if (skb_queue_len(&sta->ps_tx_buf) >= STA_MAX_TX_BUFFER) { 390 if (skb_queue_len(&sta->ps_tx_buf) >= STA_MAX_TX_BUFFER) {
391 struct sk_buff *old = skb_dequeue(&sta->ps_tx_buf); 391 struct sk_buff *old = skb_dequeue(&sta->ps_tx_buf);
392#ifdef MAC80211_VERBOSE_PS_DEBUG 392#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
393 if (net_ratelimit()) { 393 if (net_ratelimit()) {
394 printk(KERN_DEBUG "%s: STA %s TX " 394 printk(KERN_DEBUG "%s: STA %s TX "
395 "buffer full - dropping oldest frame\n", 395 "buffer full - dropping oldest frame\n",
@@ -439,14 +439,14 @@ ieee80211_tx_h_select_key(struct ieee80211_tx_data *tx)
439 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb); 439 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
440 u16 fc = tx->fc; 440 u16 fc = tx->fc;
441 441
442 if (unlikely(info->flags & IEEE80211_TX_CTL_DO_NOT_ENCRYPT)) 442 if (unlikely(tx->skb->do_not_encrypt))
443 tx->key = NULL; 443 tx->key = NULL;
444 else if (tx->sta && (key = rcu_dereference(tx->sta->key))) 444 else if (tx->sta && (key = rcu_dereference(tx->sta->key)))
445 tx->key = key; 445 tx->key = key;
446 else if ((key = rcu_dereference(tx->sdata->default_key))) 446 else if ((key = rcu_dereference(tx->sdata->default_key)))
447 tx->key = key; 447 tx->key = key;
448 else if (tx->sdata->drop_unencrypted && 448 else if (tx->sdata->drop_unencrypted &&
449 !(info->flags & IEEE80211_TX_CTL_EAPOL_FRAME) && 449 (tx->skb->protocol != cpu_to_be16(ETH_P_PAE)) &&
450 !(info->flags & IEEE80211_TX_CTL_INJECTED)) { 450 !(info->flags & IEEE80211_TX_CTL_INJECTED)) {
451 I802_DEBUG_INC(tx->local->tx_handlers_drop_unencrypted); 451 I802_DEBUG_INC(tx->local->tx_handlers_drop_unencrypted);
452 return TX_DROP; 452 return TX_DROP;
@@ -476,7 +476,7 @@ ieee80211_tx_h_select_key(struct ieee80211_tx_data *tx)
476 } 476 }
477 477
478 if (!tx->key || !(tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE)) 478 if (!tx->key || !(tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
479 info->flags |= IEEE80211_TX_CTL_DO_NOT_ENCRYPT; 479 tx->skb->do_not_encrypt = 1;
480 480
481 return TX_CONTINUE; 481 return TX_CONTINUE;
482} 482}
@@ -732,6 +732,7 @@ ieee80211_tx_h_fragment(struct ieee80211_tx_data *tx)
732 memcpy(skb_put(frag, copylen), pos, copylen); 732 memcpy(skb_put(frag, copylen), pos, copylen);
733 memcpy(frag->cb, first->cb, sizeof(frag->cb)); 733 memcpy(frag->cb, first->cb, sizeof(frag->cb));
734 skb_copy_queue_mapping(frag, first); 734 skb_copy_queue_mapping(frag, first);
735 frag->do_not_encrypt = first->do_not_encrypt;
735 736
736 pos += copylen; 737 pos += copylen;
737 left -= copylen; 738 left -= copylen;
@@ -852,7 +853,7 @@ __ieee80211_parse_tx_radiotap(struct ieee80211_tx_data *tx,
852 853
853 sband = tx->local->hw.wiphy->bands[tx->channel->band]; 854 sband = tx->local->hw.wiphy->bands[tx->channel->band];
854 855
855 info->flags |= IEEE80211_TX_CTL_DO_NOT_ENCRYPT; 856 skb->do_not_encrypt = 1;
856 info->flags |= IEEE80211_TX_CTL_INJECTED; 857 info->flags |= IEEE80211_TX_CTL_INJECTED;
857 tx->flags &= ~IEEE80211_TX_FRAGMENTED; 858 tx->flags &= ~IEEE80211_TX_FRAGMENTED;
858 859
@@ -925,8 +926,7 @@ __ieee80211_parse_tx_radiotap(struct ieee80211_tx_data *tx,
925 skb_trim(skb, skb->len - FCS_LEN); 926 skb_trim(skb, skb->len - FCS_LEN);
926 } 927 }
927 if (*iterator.this_arg & IEEE80211_RADIOTAP_F_WEP) 928 if (*iterator.this_arg & IEEE80211_RADIOTAP_F_WEP)
928 info->flags &= 929 tx->skb->do_not_encrypt = 0;
929 ~IEEE80211_TX_CTL_DO_NOT_ENCRYPT;
930 if (*iterator.this_arg & IEEE80211_RADIOTAP_F_FRAG) 930 if (*iterator.this_arg & IEEE80211_RADIOTAP_F_FRAG)
931 tx->flags |= IEEE80211_TX_FRAGMENTED; 931 tx->flags |= IEEE80211_TX_FRAGMENTED;
932 break; 932 break;
@@ -1042,10 +1042,9 @@ static int ieee80211_tx_prepare(struct ieee80211_tx_data *tx,
1042 struct sk_buff *skb, 1042 struct sk_buff *skb,
1043 struct net_device *mdev) 1043 struct net_device *mdev)
1044{ 1044{
1045 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1046 struct net_device *dev; 1045 struct net_device *dev;
1047 1046
1048 dev = dev_get_by_index(&init_net, info->control.ifindex); 1047 dev = dev_get_by_index(&init_net, skb->iif);
1049 if (unlikely(dev && !is_ieee80211_device(dev, mdev))) { 1048 if (unlikely(dev && !is_ieee80211_device(dev, mdev))) {
1050 dev_put(dev); 1049 dev_put(dev);
1051 dev = NULL; 1050 dev = NULL;
@@ -1061,13 +1060,14 @@ static int ieee80211_tx_prepare(struct ieee80211_tx_data *tx,
1061static int __ieee80211_tx(struct ieee80211_local *local, struct sk_buff *skb, 1060static int __ieee80211_tx(struct ieee80211_local *local, struct sk_buff *skb,
1062 struct ieee80211_tx_data *tx) 1061 struct ieee80211_tx_data *tx)
1063{ 1062{
1064 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 1063 struct ieee80211_tx_info *info;
1065 int ret, i; 1064 int ret, i;
1066 1065
1067 if (netif_subqueue_stopped(local->mdev, skb))
1068 return IEEE80211_TX_AGAIN;
1069
1070 if (skb) { 1066 if (skb) {
1067 if (netif_subqueue_stopped(local->mdev, skb))
1068 return IEEE80211_TX_AGAIN;
1069 info = IEEE80211_SKB_CB(skb);
1070
1071 ieee80211_dump_frame(wiphy_name(local->hw.wiphy), 1071 ieee80211_dump_frame(wiphy_name(local->hw.wiphy),
1072 "TX to low-level driver", skb); 1072 "TX to low-level driver", skb);
1073 ret = local->ops->tx(local_to_hw(local), skb); 1073 ret = local->ops->tx(local_to_hw(local), skb);
@@ -1216,6 +1216,7 @@ retry:
1216 1216
1217 if (ret == IEEE80211_TX_FRAG_AGAIN) 1217 if (ret == IEEE80211_TX_FRAG_AGAIN)
1218 skb = NULL; 1218 skb = NULL;
1219
1219 set_bit(queue, local->queues_pending); 1220 set_bit(queue, local->queues_pending);
1220 smp_mb(); 1221 smp_mb();
1221 /* 1222 /*
@@ -1300,14 +1301,15 @@ int ieee80211_master_start_xmit(struct sk_buff *skb,
1300 struct net_device *dev) 1301 struct net_device *dev)
1301{ 1302{
1302 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 1303 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1304 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
1303 struct net_device *odev = NULL; 1305 struct net_device *odev = NULL;
1304 struct ieee80211_sub_if_data *osdata; 1306 struct ieee80211_sub_if_data *osdata;
1305 int headroom; 1307 int headroom;
1306 bool may_encrypt; 1308 bool may_encrypt;
1307 int ret; 1309 int ret;
1308 1310
1309 if (info->control.ifindex) 1311 if (skb->iif)
1310 odev = dev_get_by_index(&init_net, info->control.ifindex); 1312 odev = dev_get_by_index(&init_net, skb->iif);
1311 if (unlikely(odev && !is_ieee80211_device(odev, dev))) { 1313 if (unlikely(odev && !is_ieee80211_device(odev, dev))) {
1312 dev_put(odev); 1314 dev_put(odev);
1313 odev = NULL; 1315 odev = NULL;
@@ -1321,9 +1323,27 @@ int ieee80211_master_start_xmit(struct sk_buff *skb,
1321 return 0; 1323 return 0;
1322 } 1324 }
1323 1325
1326 memset(info, 0, sizeof(*info));
1327
1328 info->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS;
1329
1324 osdata = IEEE80211_DEV_TO_SUB_IF(odev); 1330 osdata = IEEE80211_DEV_TO_SUB_IF(odev);
1325 1331
1326 may_encrypt = !(info->flags & IEEE80211_TX_CTL_DO_NOT_ENCRYPT); 1332 if (ieee80211_vif_is_mesh(&osdata->vif) &&
1333 ieee80211_is_data(hdr->frame_control)) {
1334 if (ieee80211_is_data(hdr->frame_control)) {
1335 if (is_multicast_ether_addr(hdr->addr3))
1336 memcpy(hdr->addr1, hdr->addr3, ETH_ALEN);
1337 else
1338 if (mesh_nexthop_lookup(skb, odev))
1339 return 0;
1340 if (memcmp(odev->dev_addr, hdr->addr4, ETH_ALEN) != 0)
1341 IEEE80211_IFSTA_MESH_CTR_INC(&osdata->u.sta,
1342 fwded_frames);
1343 }
1344 }
1345
1346 may_encrypt = !skb->do_not_encrypt;
1327 1347
1328 headroom = osdata->local->tx_headroom; 1348 headroom = osdata->local->tx_headroom;
1329 if (may_encrypt) 1349 if (may_encrypt)
@@ -1348,7 +1368,6 @@ int ieee80211_monitor_start_xmit(struct sk_buff *skb,
1348 struct net_device *dev) 1368 struct net_device *dev)
1349{ 1369{
1350 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 1370 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1351 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1352 struct ieee80211_radiotap_header *prthdr = 1371 struct ieee80211_radiotap_header *prthdr =
1353 (struct ieee80211_radiotap_header *)skb->data; 1372 (struct ieee80211_radiotap_header *)skb->data;
1354 u16 len_rthdr; 1373 u16 len_rthdr;
@@ -1371,11 +1390,11 @@ int ieee80211_monitor_start_xmit(struct sk_buff *skb,
1371 skb->dev = local->mdev; 1390 skb->dev = local->mdev;
1372 1391
1373 /* needed because we set skb device to master */ 1392 /* needed because we set skb device to master */
1374 info->control.ifindex = dev->ifindex; 1393 skb->iif = dev->ifindex;
1375 1394
1376 info->flags |= IEEE80211_TX_CTL_DO_NOT_ENCRYPT; 1395 /* sometimes we do encrypt injected frames, will be fixed
1377 /* Interfaces should always request a status report */ 1396 * up in radiotap parser if not wanted */
1378 info->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS; 1397 skb->do_not_encrypt = 0;
1379 1398
1380 /* 1399 /*
1381 * fix up the pointers accounting for the radiotap 1400 * fix up the pointers accounting for the radiotap
@@ -1419,7 +1438,6 @@ int ieee80211_subif_start_xmit(struct sk_buff *skb,
1419 struct net_device *dev) 1438 struct net_device *dev)
1420{ 1439{
1421 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 1440 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1422 struct ieee80211_tx_info *info;
1423 struct ieee80211_sub_if_data *sdata; 1441 struct ieee80211_sub_if_data *sdata;
1424 int ret = 1, head_need; 1442 int ret = 1, head_need;
1425 u16 ethertype, hdrlen, meshhdrlen = 0; 1443 u16 ethertype, hdrlen, meshhdrlen = 0;
@@ -1469,30 +1487,17 @@ int ieee80211_subif_start_xmit(struct sk_buff *skb,
1469 case IEEE80211_IF_TYPE_MESH_POINT: 1487 case IEEE80211_IF_TYPE_MESH_POINT:
1470 fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS); 1488 fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS);
1471 /* RA TA DA SA */ 1489 /* RA TA DA SA */
1472 if (is_multicast_ether_addr(skb->data)) 1490 memset(hdr.addr1, 0, ETH_ALEN);
1473 memcpy(hdr.addr1, skb->data, ETH_ALEN);
1474 else if (mesh_nexthop_lookup(hdr.addr1, skb, dev))
1475 return 0;
1476 memcpy(hdr.addr2, dev->dev_addr, ETH_ALEN); 1491 memcpy(hdr.addr2, dev->dev_addr, ETH_ALEN);
1477 memcpy(hdr.addr3, skb->data, ETH_ALEN); 1492 memcpy(hdr.addr3, skb->data, ETH_ALEN);
1478 memcpy(hdr.addr4, skb->data + ETH_ALEN, ETH_ALEN); 1493 memcpy(hdr.addr4, skb->data + ETH_ALEN, ETH_ALEN);
1479 if (skb->pkt_type == PACKET_OTHERHOST) { 1494 if (!sdata->u.sta.mshcfg.dot11MeshTTL) {
1480 /* Forwarded frame, keep mesh ttl and seqnum */ 1495 /* Do not send frames with mesh_ttl == 0 */
1481 struct ieee80211s_hdr *prev_meshhdr; 1496 sdata->u.sta.mshstats.dropped_frames_ttl++;
1482 prev_meshhdr = ((struct ieee80211s_hdr *)skb->cb); 1497 ret = 0;
1483 meshhdrlen = ieee80211_get_mesh_hdrlen(prev_meshhdr); 1498 goto fail;
1484 memcpy(&mesh_hdr, prev_meshhdr, meshhdrlen);
1485 sdata->u.sta.mshstats.fwded_frames++;
1486 } else {
1487 if (!sdata->u.sta.mshcfg.dot11MeshTTL) {
1488 /* Do not send frames with mesh_ttl == 0 */
1489 sdata->u.sta.mshstats.dropped_frames_ttl++;
1490 ret = 0;
1491 goto fail;
1492 }
1493 meshhdrlen = ieee80211_new_mesh_header(&mesh_hdr,
1494 sdata);
1495 } 1499 }
1500 meshhdrlen = ieee80211_new_mesh_header(&mesh_hdr, sdata);
1496 hdrlen = 30; 1501 hdrlen = 30;
1497 break; 1502 break;
1498#endif 1503#endif
@@ -1540,7 +1545,8 @@ int ieee80211_subif_start_xmit(struct sk_buff *skb,
1540 * Drop unicast frames to unauthorised stations unless they are 1545 * Drop unicast frames to unauthorised stations unless they are
1541 * EAPOL frames from the local station. 1546 * EAPOL frames from the local station.
1542 */ 1547 */
1543 if (unlikely(!is_multicast_ether_addr(hdr.addr1) && 1548 if (!ieee80211_vif_is_mesh(&sdata->vif) &&
1549 unlikely(!is_multicast_ether_addr(hdr.addr1) &&
1544 !(sta_flags & WLAN_STA_AUTHORIZED) && 1550 !(sta_flags & WLAN_STA_AUTHORIZED) &&
1545 !(ethertype == ETH_P_PAE && 1551 !(ethertype == ETH_P_PAE &&
1546 compare_ether_addr(dev->dev_addr, 1552 compare_ether_addr(dev->dev_addr,
@@ -1645,14 +1651,7 @@ int ieee80211_subif_start_xmit(struct sk_buff *skb,
1645 nh_pos += hdrlen; 1651 nh_pos += hdrlen;
1646 h_pos += hdrlen; 1652 h_pos += hdrlen;
1647 1653
1648 info = IEEE80211_SKB_CB(skb); 1654 skb->iif = dev->ifindex;
1649 memset(info, 0, sizeof(*info));
1650 info->control.ifindex = dev->ifindex;
1651 if (ethertype == ETH_P_PAE)
1652 info->flags |= IEEE80211_TX_CTL_EAPOL_FRAME;
1653
1654 /* Interfaces should always request a status report */
1655 info->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS;
1656 1655
1657 skb->dev = local->mdev; 1656 skb->dev = local->mdev;
1658 dev->stats.tx_packets++; 1657 dev->stats.tx_packets++;
@@ -1714,14 +1713,19 @@ void ieee80211_tx_pending(unsigned long data)
1714 netif_tx_lock_bh(dev); 1713 netif_tx_lock_bh(dev);
1715 for (i = 0; i < ieee80211_num_regular_queues(&local->hw); i++) { 1714 for (i = 0; i < ieee80211_num_regular_queues(&local->hw); i++) {
1716 /* Check that this queue is ok */ 1715 /* Check that this queue is ok */
1717 if (__netif_subqueue_stopped(local->mdev, i)) 1716 if (__netif_subqueue_stopped(local->mdev, i) &&
1717 !test_bit(i, local->queues_pending_run))
1718 continue; 1718 continue;
1719 1719
1720 if (!test_bit(i, local->queues_pending)) { 1720 if (!test_bit(i, local->queues_pending)) {
1721 clear_bit(i, local->queues_pending_run);
1721 ieee80211_wake_queue(&local->hw, i); 1722 ieee80211_wake_queue(&local->hw, i);
1722 continue; 1723 continue;
1723 } 1724 }
1724 1725
1726 clear_bit(i, local->queues_pending_run);
1727 netif_start_subqueue(local->mdev, i);
1728
1725 store = &local->pending_packet[i]; 1729 store = &local->pending_packet[i];
1726 tx.extra_frag = store->extra_frag; 1730 tx.extra_frag = store->extra_frag;
1727 tx.num_extra_frag = store->num_extra_frag; 1731 tx.num_extra_frag = store->num_extra_frag;
@@ -1922,6 +1926,8 @@ struct sk_buff *ieee80211_beacon_get(struct ieee80211_hw *hw,
1922 1926
1923 info = IEEE80211_SKB_CB(skb); 1927 info = IEEE80211_SKB_CB(skb);
1924 1928
1929 skb->do_not_encrypt = 1;
1930
1925 info->band = band; 1931 info->band = band;
1926 rate_control_get_rate(local->mdev, sband, skb, &rsel); 1932 rate_control_get_rate(local->mdev, sband, skb, &rsel);
1927 1933
@@ -1931,7 +1937,7 @@ struct sk_buff *ieee80211_beacon_get(struct ieee80211_hw *hw,
1931 "no rate found\n", 1937 "no rate found\n",
1932 wiphy_name(local->hw.wiphy)); 1938 wiphy_name(local->hw.wiphy));
1933 } 1939 }
1934 dev_kfree_skb(skb); 1940 dev_kfree_skb_any(skb);
1935 skb = NULL; 1941 skb = NULL;
1936 goto out; 1942 goto out;
1937 } 1943 }
@@ -1940,7 +1946,6 @@ struct sk_buff *ieee80211_beacon_get(struct ieee80211_hw *hw,
1940 info->tx_rate_idx = rsel.rate_idx; 1946 info->tx_rate_idx = rsel.rate_idx;
1941 1947
1942 info->flags |= IEEE80211_TX_CTL_NO_ACK; 1948 info->flags |= IEEE80211_TX_CTL_NO_ACK;
1943 info->flags |= IEEE80211_TX_CTL_DO_NOT_ENCRYPT;
1944 info->flags |= IEEE80211_TX_CTL_CLEAR_PS_FILT; 1949 info->flags |= IEEE80211_TX_CTL_CLEAR_PS_FILT;
1945 info->flags |= IEEE80211_TX_CTL_ASSIGN_SEQ; 1950 info->flags |= IEEE80211_TX_CTL_ASSIGN_SEQ;
1946 if (sdata->bss_conf.use_short_preamble && 1951 if (sdata->bss_conf.use_short_preamble &&
diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index 19f85e1b3695..0d463c80c404 100644
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -361,6 +361,7 @@ void ieee80211_wake_queue(struct ieee80211_hw *hw, int queue)
361 struct ieee80211_local *local = hw_to_local(hw); 361 struct ieee80211_local *local = hw_to_local(hw);
362 362
363 if (test_bit(queue, local->queues_pending)) { 363 if (test_bit(queue, local->queues_pending)) {
364 set_bit(queue, local->queues_pending_run);
364 tasklet_schedule(&local->tx_pending_tasklet); 365 tasklet_schedule(&local->tx_pending_tasklet);
365 } else { 366 } else {
366 netif_wake_subqueue(local->mdev, queue); 367 netif_wake_subqueue(local->mdev, queue);
diff --git a/net/mac80211/wep.c b/net/mac80211/wep.c
index 872d2fcd1a5b..5c2bf0a3d4db 100644
--- a/net/mac80211/wep.c
+++ b/net/mac80211/wep.c
@@ -31,13 +31,13 @@ int ieee80211_wep_init(struct ieee80211_local *local)
31 local->wep_tx_tfm = crypto_alloc_blkcipher("ecb(arc4)", 0, 31 local->wep_tx_tfm = crypto_alloc_blkcipher("ecb(arc4)", 0,
32 CRYPTO_ALG_ASYNC); 32 CRYPTO_ALG_ASYNC);
33 if (IS_ERR(local->wep_tx_tfm)) 33 if (IS_ERR(local->wep_tx_tfm))
34 return -ENOMEM; 34 return PTR_ERR(local->wep_tx_tfm);
35 35
36 local->wep_rx_tfm = crypto_alloc_blkcipher("ecb(arc4)", 0, 36 local->wep_rx_tfm = crypto_alloc_blkcipher("ecb(arc4)", 0,
37 CRYPTO_ALG_ASYNC); 37 CRYPTO_ALG_ASYNC);
38 if (IS_ERR(local->wep_rx_tfm)) { 38 if (IS_ERR(local->wep_rx_tfm)) {
39 crypto_free_blkcipher(local->wep_tx_tfm); 39 crypto_free_blkcipher(local->wep_tx_tfm);
40 return -ENOMEM; 40 return PTR_ERR(local->wep_rx_tfm);
41 } 41 }
42 42
43 return 0; 43 return 0;
diff --git a/net/mac80211/wme.c b/net/mac80211/wme.c
index 07edda0b8a5c..4310e2f65661 100644
--- a/net/mac80211/wme.c
+++ b/net/mac80211/wme.c
@@ -188,6 +188,9 @@ int ieee80211_ht_agg_queue_add(struct ieee80211_local *local,
188{ 188{
189 int i; 189 int i;
190 190
191 /* XXX: currently broken due to cb/requeue use */
192 return -EPERM;
193
191 /* prepare the filter and save it for the SW queue 194 /* prepare the filter and save it for the SW queue
192 * matching the received HW queue */ 195 * matching the received HW queue */
193 196
@@ -238,12 +241,14 @@ void ieee80211_ht_agg_queue_remove(struct ieee80211_local *local,
238 } else { 241 } else {
239 struct netdev_queue *txq; 242 struct netdev_queue *txq;
240 spinlock_t *root_lock; 243 spinlock_t *root_lock;
244 struct Qdisc *q;
241 245
242 txq = netdev_get_tx_queue(local->mdev, agg_queue); 246 txq = netdev_get_tx_queue(local->mdev, agg_queue);
243 root_lock = qdisc_root_lock(txq->qdisc); 247 q = rcu_dereference(txq->qdisc);
248 root_lock = qdisc_lock(q);
244 249
245 spin_lock_bh(root_lock); 250 spin_lock_bh(root_lock);
246 qdisc_reset(txq->qdisc); 251 qdisc_reset(q);
247 spin_unlock_bh(root_lock); 252 spin_unlock_bh(root_lock);
248 } 253 }
249} 254}
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index c519d090bdb9..9d1830da8e84 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -1032,10 +1032,10 @@ void nf_conntrack_cleanup(void)
1032 nf_ct_free_hashtable(nf_conntrack_hash, nf_conntrack_vmalloc, 1032 nf_ct_free_hashtable(nf_conntrack_hash, nf_conntrack_vmalloc,
1033 nf_conntrack_htable_size); 1033 nf_conntrack_htable_size);
1034 1034
1035 nf_conntrack_proto_fini();
1036 nf_conntrack_helper_fini();
1037 nf_conntrack_expect_fini();
1038 nf_conntrack_acct_fini(); 1035 nf_conntrack_acct_fini();
1036 nf_conntrack_expect_fini();
1037 nf_conntrack_helper_fini();
1038 nf_conntrack_proto_fini();
1039} 1039}
1040 1040
1041struct hlist_head *nf_ct_alloc_hashtable(unsigned int *sizep, int *vmalloced) 1041struct hlist_head *nf_ct_alloc_hashtable(unsigned int *sizep, int *vmalloced)
diff --git a/net/netfilter/nf_conntrack_extend.c b/net/netfilter/nf_conntrack_extend.c
index 3469bc71a385..4b2c769d555f 100644
--- a/net/netfilter/nf_conntrack_extend.c
+++ b/net/netfilter/nf_conntrack_extend.c
@@ -95,7 +95,7 @@ void *__nf_ct_ext_add(struct nf_conn *ct, enum nf_ct_ext_id id, gfp_t gfp)
95 newlen = newoff + t->len; 95 newlen = newoff + t->len;
96 rcu_read_unlock(); 96 rcu_read_unlock();
97 97
98 new = krealloc(ct->ext, newlen, gfp); 98 new = __krealloc(ct->ext, newlen, gfp);
99 if (!new) 99 if (!new)
100 return NULL; 100 return NULL;
101 101
@@ -115,10 +115,10 @@ void *__nf_ct_ext_add(struct nf_conn *ct, enum nf_ct_ext_id id, gfp_t gfp)
115 ct->ext = new; 115 ct->ext = new;
116 } 116 }
117 117
118 ct->ext->offset[id] = newoff; 118 new->offset[id] = newoff;
119 ct->ext->len = newlen; 119 new->len = newlen;
120 memset((void *)ct->ext + newoff, 0, newlen - newoff); 120 memset((void *)new + newoff, 0, newlen - newoff);
121 return (void *)ct->ext + newoff; 121 return (void *)new + newoff;
122} 122}
123EXPORT_SYMBOL(__nf_ct_ext_add); 123EXPORT_SYMBOL(__nf_ct_ext_add);
124 124
diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c
index 420a10d8eb1e..6f61261888ef 100644
--- a/net/netfilter/nf_conntrack_proto_tcp.c
+++ b/net/netfilter/nf_conntrack_proto_tcp.c
@@ -67,7 +67,8 @@ static const char *const tcp_conntrack_names[] = {
67/* RFC1122 says the R2 limit should be at least 100 seconds. 67/* RFC1122 says the R2 limit should be at least 100 seconds.
68 Linux uses 15 packets as limit, which corresponds 68 Linux uses 15 packets as limit, which corresponds
69 to ~13-30min depending on RTO. */ 69 to ~13-30min depending on RTO. */
70static unsigned int nf_ct_tcp_timeout_max_retrans __read_mostly = 5 MINS; 70static unsigned int nf_ct_tcp_timeout_max_retrans __read_mostly = 5 MINS;
71static unsigned int nf_ct_tcp_timeout_unacknowledged __read_mostly = 5 MINS;
71 72
72static unsigned int tcp_timeouts[TCP_CONNTRACK_MAX] __read_mostly = { 73static unsigned int tcp_timeouts[TCP_CONNTRACK_MAX] __read_mostly = {
73 [TCP_CONNTRACK_SYN_SENT] = 2 MINS, 74 [TCP_CONNTRACK_SYN_SENT] = 2 MINS,
@@ -625,8 +626,10 @@ static bool tcp_in_window(const struct nf_conn *ct,
625 swin = win + (sack - ack); 626 swin = win + (sack - ack);
626 if (sender->td_maxwin < swin) 627 if (sender->td_maxwin < swin)
627 sender->td_maxwin = swin; 628 sender->td_maxwin = swin;
628 if (after(end, sender->td_end)) 629 if (after(end, sender->td_end)) {
629 sender->td_end = end; 630 sender->td_end = end;
631 sender->flags |= IP_CT_TCP_FLAG_DATA_UNACKNOWLEDGED;
632 }
630 /* 633 /*
631 * Update receiver data. 634 * Update receiver data.
632 */ 635 */
@@ -637,6 +640,8 @@ static bool tcp_in_window(const struct nf_conn *ct,
637 if (win == 0) 640 if (win == 0)
638 receiver->td_maxend++; 641 receiver->td_maxend++;
639 } 642 }
643 if (ack == receiver->td_end)
644 receiver->flags &= ~IP_CT_TCP_FLAG_DATA_UNACKNOWLEDGED;
640 645
641 /* 646 /*
642 * Check retransmissions. 647 * Check retransmissions.
@@ -951,9 +956,16 @@ static int tcp_packet(struct nf_conn *ct,
951 if (old_state != new_state 956 if (old_state != new_state
952 && new_state == TCP_CONNTRACK_FIN_WAIT) 957 && new_state == TCP_CONNTRACK_FIN_WAIT)
953 ct->proto.tcp.seen[dir].flags |= IP_CT_TCP_FLAG_CLOSE_INIT; 958 ct->proto.tcp.seen[dir].flags |= IP_CT_TCP_FLAG_CLOSE_INIT;
954 timeout = ct->proto.tcp.retrans >= nf_ct_tcp_max_retrans 959
955 && tcp_timeouts[new_state] > nf_ct_tcp_timeout_max_retrans 960 if (ct->proto.tcp.retrans >= nf_ct_tcp_max_retrans &&
956 ? nf_ct_tcp_timeout_max_retrans : tcp_timeouts[new_state]; 961 tcp_timeouts[new_state] > nf_ct_tcp_timeout_max_retrans)
962 timeout = nf_ct_tcp_timeout_max_retrans;
963 else if ((ct->proto.tcp.seen[0].flags | ct->proto.tcp.seen[1].flags) &
964 IP_CT_TCP_FLAG_DATA_UNACKNOWLEDGED &&
965 tcp_timeouts[new_state] > nf_ct_tcp_timeout_unacknowledged)
966 timeout = nf_ct_tcp_timeout_unacknowledged;
967 else
968 timeout = tcp_timeouts[new_state];
957 write_unlock_bh(&tcp_lock); 969 write_unlock_bh(&tcp_lock);
958 970
959 nf_conntrack_event_cache(IPCT_PROTOINFO_VOLATILE, skb); 971 nf_conntrack_event_cache(IPCT_PROTOINFO_VOLATILE, skb);
@@ -1236,6 +1248,13 @@ static struct ctl_table tcp_sysctl_table[] = {
1236 .proc_handler = &proc_dointvec_jiffies, 1248 .proc_handler = &proc_dointvec_jiffies,
1237 }, 1249 },
1238 { 1250 {
1251 .procname = "nf_conntrack_tcp_timeout_unacknowledged",
1252 .data = &nf_ct_tcp_timeout_unacknowledged,
1253 .maxlen = sizeof(unsigned int),
1254 .mode = 0644,
1255 .proc_handler = &proc_dointvec_jiffies,
1256 },
1257 {
1239 .ctl_name = NET_NF_CONNTRACK_TCP_LOOSE, 1258 .ctl_name = NET_NF_CONNTRACK_TCP_LOOSE,
1240 .procname = "nf_conntrack_tcp_loose", 1259 .procname = "nf_conntrack_tcp_loose",
1241 .data = &nf_ct_tcp_loose, 1260 .data = &nf_ct_tcp_loose,
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
index 869ef9349d0f..8509db14670b 100644
--- a/net/netfilter/nf_conntrack_standalone.c
+++ b/net/netfilter/nf_conntrack_standalone.c
@@ -324,6 +324,7 @@ static int log_invalid_proto_min = 0;
324static int log_invalid_proto_max = 255; 324static int log_invalid_proto_max = 255;
325 325
326static struct ctl_table_header *nf_ct_sysctl_header; 326static struct ctl_table_header *nf_ct_sysctl_header;
327static struct ctl_table_header *nf_ct_netfilter_header;
327 328
328static ctl_table nf_ct_sysctl_table[] = { 329static ctl_table nf_ct_sysctl_table[] = {
329 { 330 {
@@ -384,12 +385,6 @@ static ctl_table nf_ct_sysctl_table[] = {
384 385
385static ctl_table nf_ct_netfilter_table[] = { 386static ctl_table nf_ct_netfilter_table[] = {
386 { 387 {
387 .ctl_name = NET_NETFILTER,
388 .procname = "netfilter",
389 .mode = 0555,
390 .child = nf_ct_sysctl_table,
391 },
392 {
393 .ctl_name = NET_NF_CONNTRACK_MAX, 388 .ctl_name = NET_NF_CONNTRACK_MAX,
394 .procname = "nf_conntrack_max", 389 .procname = "nf_conntrack_max",
395 .data = &nf_conntrack_max, 390 .data = &nf_conntrack_max,
@@ -409,18 +404,29 @@ EXPORT_SYMBOL_GPL(nf_ct_log_invalid);
409 404
410static int nf_conntrack_standalone_init_sysctl(void) 405static int nf_conntrack_standalone_init_sysctl(void)
411{ 406{
412 nf_ct_sysctl_header = 407 nf_ct_netfilter_header =
413 register_sysctl_paths(nf_ct_path, nf_ct_netfilter_table); 408 register_sysctl_paths(nf_ct_path, nf_ct_netfilter_table);
414 if (nf_ct_sysctl_header == NULL) { 409 if (!nf_ct_netfilter_header)
415 printk("nf_conntrack: can't register to sysctl.\n"); 410 goto out;
416 return -ENOMEM; 411
417 } 412 nf_ct_sysctl_header =
413 register_sysctl_paths(nf_net_netfilter_sysctl_path,
414 nf_ct_sysctl_table);
415 if (!nf_ct_sysctl_header)
416 goto out_unregister_netfilter;
417
418 return 0; 418 return 0;
419 419
420out_unregister_netfilter:
421 unregister_sysctl_table(nf_ct_netfilter_header);
422out:
423 printk("nf_conntrack: can't register to sysctl.\n");
424 return -ENOMEM;
420} 425}
421 426
422static void nf_conntrack_standalone_fini_sysctl(void) 427static void nf_conntrack_standalone_fini_sysctl(void)
423{ 428{
429 unregister_sysctl_table(nf_ct_netfilter_header);
424 unregister_sysctl_table(nf_ct_sysctl_header); 430 unregister_sysctl_table(nf_ct_sysctl_header);
425} 431}
426#else 432#else
diff --git a/net/netfilter/xt_hashlimit.c b/net/netfilter/xt_hashlimit.c
index 6809af542a2c..d9418a267812 100644
--- a/net/netfilter/xt_hashlimit.c
+++ b/net/netfilter/xt_hashlimit.c
@@ -367,9 +367,7 @@ static void htable_gc(unsigned long htlong)
367 367
368static void htable_destroy(struct xt_hashlimit_htable *hinfo) 368static void htable_destroy(struct xt_hashlimit_htable *hinfo)
369{ 369{
370 /* remove timer, if it is pending */ 370 del_timer_sync(&hinfo->timer);
371 if (timer_pending(&hinfo->timer))
372 del_timer(&hinfo->timer);
373 371
374 /* remove proc entry */ 372 /* remove proc entry */
375 remove_proc_entry(hinfo->pde->name, 373 remove_proc_entry(hinfo->pde->name,
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index 98bfe277eab2..b0eacc0007cc 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -158,9 +158,10 @@ static void netlink_sock_destruct(struct sock *sk)
158 printk(KERN_ERR "Freeing alive netlink socket %p\n", sk); 158 printk(KERN_ERR "Freeing alive netlink socket %p\n", sk);
159 return; 159 return;
160 } 160 }
161 BUG_TRAP(!atomic_read(&sk->sk_rmem_alloc)); 161
162 BUG_TRAP(!atomic_read(&sk->sk_wmem_alloc)); 162 WARN_ON(atomic_read(&sk->sk_rmem_alloc));
163 BUG_TRAP(!nlk_sk(sk)->groups); 163 WARN_ON(atomic_read(&sk->sk_wmem_alloc));
164 WARN_ON(nlk_sk(sk)->groups);
164} 165}
165 166
166/* This lock without WQ_FLAG_EXCLUSIVE is good on UP and it is _very_ bad on 167/* This lock without WQ_FLAG_EXCLUSIVE is good on UP and it is _very_ bad on
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
index d56cae112dc8..c718e7e3f7de 100644
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -260,8 +260,8 @@ static inline struct packet_sock *pkt_sk(struct sock *sk)
260 260
261static void packet_sock_destruct(struct sock *sk) 261static void packet_sock_destruct(struct sock *sk)
262{ 262{
263 BUG_TRAP(!atomic_read(&sk->sk_rmem_alloc)); 263 WARN_ON(atomic_read(&sk->sk_rmem_alloc));
264 BUG_TRAP(!atomic_read(&sk->sk_wmem_alloc)); 264 WARN_ON(atomic_read(&sk->sk_wmem_alloc));
265 265
266 if (!sock_flag(sk, SOCK_DEAD)) { 266 if (!sock_flag(sk, SOCK_DEAD)) {
267 printk("Attempt to release alive packet socket: %p\n", sk); 267 printk("Attempt to release alive packet socket: %p\n", sk);
diff --git a/net/rfkill/rfkill-input.c b/net/rfkill/rfkill-input.c
index 8aa822730145..e5b69556bb5b 100644
--- a/net/rfkill/rfkill-input.c
+++ b/net/rfkill/rfkill-input.c
@@ -109,6 +109,25 @@ static DEFINE_RFKILL_TASK(rfkill_uwb, RFKILL_TYPE_UWB);
109static DEFINE_RFKILL_TASK(rfkill_wimax, RFKILL_TYPE_WIMAX); 109static DEFINE_RFKILL_TASK(rfkill_wimax, RFKILL_TYPE_WIMAX);
110static DEFINE_RFKILL_TASK(rfkill_wwan, RFKILL_TYPE_WWAN); 110static DEFINE_RFKILL_TASK(rfkill_wwan, RFKILL_TYPE_WWAN);
111 111
112static void rfkill_schedule_evsw_rfkillall(int state)
113{
114 /* EVERY radio type. state != 0 means radios ON */
115 /* handle EPO (emergency power off) through shortcut */
116 if (state) {
117 rfkill_schedule_set(&rfkill_wwan,
118 RFKILL_STATE_UNBLOCKED);
119 rfkill_schedule_set(&rfkill_wimax,
120 RFKILL_STATE_UNBLOCKED);
121 rfkill_schedule_set(&rfkill_uwb,
122 RFKILL_STATE_UNBLOCKED);
123 rfkill_schedule_set(&rfkill_bt,
124 RFKILL_STATE_UNBLOCKED);
125 rfkill_schedule_set(&rfkill_wlan,
126 RFKILL_STATE_UNBLOCKED);
127 } else
128 rfkill_schedule_epo();
129}
130
112static void rfkill_event(struct input_handle *handle, unsigned int type, 131static void rfkill_event(struct input_handle *handle, unsigned int type,
113 unsigned int code, int data) 132 unsigned int code, int data)
114{ 133{
@@ -132,21 +151,7 @@ static void rfkill_event(struct input_handle *handle, unsigned int type,
132 } else if (type == EV_SW) { 151 } else if (type == EV_SW) {
133 switch (code) { 152 switch (code) {
134 case SW_RFKILL_ALL: 153 case SW_RFKILL_ALL:
135 /* EVERY radio type. data != 0 means radios ON */ 154 rfkill_schedule_evsw_rfkillall(data);
136 /* handle EPO (emergency power off) through shortcut */
137 if (data) {
138 rfkill_schedule_set(&rfkill_wwan,
139 RFKILL_STATE_UNBLOCKED);
140 rfkill_schedule_set(&rfkill_wimax,
141 RFKILL_STATE_UNBLOCKED);
142 rfkill_schedule_set(&rfkill_uwb,
143 RFKILL_STATE_UNBLOCKED);
144 rfkill_schedule_set(&rfkill_bt,
145 RFKILL_STATE_UNBLOCKED);
146 rfkill_schedule_set(&rfkill_wlan,
147 RFKILL_STATE_UNBLOCKED);
148 } else
149 rfkill_schedule_epo();
150 break; 155 break;
151 default: 156 default:
152 break; 157 break;
@@ -168,6 +173,7 @@ static int rfkill_connect(struct input_handler *handler, struct input_dev *dev,
168 handle->handler = handler; 173 handle->handler = handler;
169 handle->name = "rfkill"; 174 handle->name = "rfkill";
170 175
176 /* causes rfkill_start() to be called */
171 error = input_register_handle(handle); 177 error = input_register_handle(handle);
172 if (error) 178 if (error)
173 goto err_free_handle; 179 goto err_free_handle;
@@ -185,6 +191,23 @@ static int rfkill_connect(struct input_handler *handler, struct input_dev *dev,
185 return error; 191 return error;
186} 192}
187 193
194static void rfkill_start(struct input_handle *handle)
195{
196 /* Take event_lock to guard against configuration changes, we
197 * should be able to deal with concurrency with rfkill_event()
198 * just fine (which event_lock will also avoid). */
199 spin_lock_irq(&handle->dev->event_lock);
200
201 if (test_bit(EV_SW, handle->dev->evbit)) {
202 if (test_bit(SW_RFKILL_ALL, handle->dev->swbit))
203 rfkill_schedule_evsw_rfkillall(test_bit(SW_RFKILL_ALL,
204 handle->dev->sw));
205 /* add resync for further EV_SW events here */
206 }
207
208 spin_unlock_irq(&handle->dev->event_lock);
209}
210
188static void rfkill_disconnect(struct input_handle *handle) 211static void rfkill_disconnect(struct input_handle *handle)
189{ 212{
190 input_close_device(handle); 213 input_close_device(handle);
@@ -225,6 +248,7 @@ static struct input_handler rfkill_handler = {
225 .event = rfkill_event, 248 .event = rfkill_event,
226 .connect = rfkill_connect, 249 .connect = rfkill_connect,
227 .disconnect = rfkill_disconnect, 250 .disconnect = rfkill_disconnect,
251 .start = rfkill_start,
228 .name = "rfkill", 252 .name = "rfkill",
229 .id_table = rfkill_ids, 253 .id_table = rfkill_ids,
230}; 254};
diff --git a/net/rfkill/rfkill.c b/net/rfkill/rfkill.c
index 7a560b785097..d2d45655cd1a 100644
--- a/net/rfkill/rfkill.c
+++ b/net/rfkill/rfkill.c
@@ -105,6 +105,16 @@ static void rfkill_led_trigger(struct rfkill *rfkill,
105#endif /* CONFIG_RFKILL_LEDS */ 105#endif /* CONFIG_RFKILL_LEDS */
106} 106}
107 107
108#ifdef CONFIG_RFKILL_LEDS
109static void rfkill_led_trigger_activate(struct led_classdev *led)
110{
111 struct rfkill *rfkill = container_of(led->trigger,
112 struct rfkill, led_trigger);
113
114 rfkill_led_trigger(rfkill, rfkill->state);
115}
116#endif /* CONFIG_RFKILL_LEDS */
117
108static void notify_rfkill_state_change(struct rfkill *rfkill) 118static void notify_rfkill_state_change(struct rfkill *rfkill)
109{ 119{
110 blocking_notifier_call_chain(&rfkill_notifier_list, 120 blocking_notifier_call_chain(&rfkill_notifier_list,
@@ -130,7 +140,6 @@ static void update_rfkill_state(struct rfkill *rfkill)
130 140
131/** 141/**
132 * rfkill_toggle_radio - wrapper for toggle_radio hook 142 * rfkill_toggle_radio - wrapper for toggle_radio hook
133 *
134 * @rfkill: the rfkill struct to use 143 * @rfkill: the rfkill struct to use
135 * @force: calls toggle_radio even if cache says it is not needed, 144 * @force: calls toggle_radio even if cache says it is not needed,
136 * and also makes sure notifications of the state will be 145 * and also makes sure notifications of the state will be
@@ -141,8 +150,8 @@ static void update_rfkill_state(struct rfkill *rfkill)
141 * calls and handling all the red tape such as issuing notifications 150 * calls and handling all the red tape such as issuing notifications
142 * if the call is successful. 151 * if the call is successful.
143 * 152 *
144 * Note that @force cannot override a (possibly cached) state of 153 * Note that the @force parameter cannot override a (possibly cached)
145 * RFKILL_STATE_HARD_BLOCKED. Any device making use of 154 * state of RFKILL_STATE_HARD_BLOCKED. Any device making use of
146 * RFKILL_STATE_HARD_BLOCKED implements either get_state() or 155 * RFKILL_STATE_HARD_BLOCKED implements either get_state() or
147 * rfkill_force_state(), so the cache either is bypassed or valid. 156 * rfkill_force_state(), so the cache either is bypassed or valid.
148 * 157 *
@@ -150,7 +159,7 @@ static void update_rfkill_state(struct rfkill *rfkill)
150 * even if the radio is in RFKILL_STATE_HARD_BLOCKED state, so as to 159 * even if the radio is in RFKILL_STATE_HARD_BLOCKED state, so as to
151 * give the driver a hint that it should double-BLOCK the transmitter. 160 * give the driver a hint that it should double-BLOCK the transmitter.
152 * 161 *
153 * Caller must have aquired rfkill_mutex. 162 * Caller must have acquired rfkill->mutex.
154 */ 163 */
155static int rfkill_toggle_radio(struct rfkill *rfkill, 164static int rfkill_toggle_radio(struct rfkill *rfkill,
156 enum rfkill_state state, 165 enum rfkill_state state,
@@ -200,12 +209,12 @@ static int rfkill_toggle_radio(struct rfkill *rfkill,
200 209
201/** 210/**
202 * rfkill_switch_all - Toggle state of all switches of given type 211 * rfkill_switch_all - Toggle state of all switches of given type
203 * @type: type of interfaces to be affeceted 212 * @type: type of interfaces to be affected
204 * @state: the new state 213 * @state: the new state
205 * 214 *
206 * This function toggles state of all switches of given type unless 215 * This function toggles the state of all switches of given type,
207 * a specific switch is claimed by userspace in which case it is 216 * unless a specific switch is claimed by userspace (in which case,
208 * left alone. 217 * that switch is left alone).
209 */ 218 */
210void rfkill_switch_all(enum rfkill_type type, enum rfkill_state state) 219void rfkill_switch_all(enum rfkill_type type, enum rfkill_state state)
211{ 220{
@@ -216,8 +225,11 @@ void rfkill_switch_all(enum rfkill_type type, enum rfkill_state state)
216 rfkill_states[type] = state; 225 rfkill_states[type] = state;
217 226
218 list_for_each_entry(rfkill, &rfkill_list, node) { 227 list_for_each_entry(rfkill, &rfkill_list, node) {
219 if ((!rfkill->user_claim) && (rfkill->type == type)) 228 if ((!rfkill->user_claim) && (rfkill->type == type)) {
229 mutex_lock(&rfkill->mutex);
220 rfkill_toggle_radio(rfkill, state, 0); 230 rfkill_toggle_radio(rfkill, state, 0);
231 mutex_unlock(&rfkill->mutex);
232 }
221 } 233 }
222 234
223 mutex_unlock(&rfkill_mutex); 235 mutex_unlock(&rfkill_mutex);
@@ -228,7 +240,7 @@ EXPORT_SYMBOL(rfkill_switch_all);
228 * rfkill_epo - emergency power off all transmitters 240 * rfkill_epo - emergency power off all transmitters
229 * 241 *
230 * This kicks all rfkill devices to RFKILL_STATE_SOFT_BLOCKED, ignoring 242 * This kicks all rfkill devices to RFKILL_STATE_SOFT_BLOCKED, ignoring
231 * everything in its path but rfkill_mutex. 243 * everything in its path but rfkill_mutex and rfkill->mutex.
232 */ 244 */
233void rfkill_epo(void) 245void rfkill_epo(void)
234{ 246{
@@ -236,7 +248,9 @@ void rfkill_epo(void)
236 248
237 mutex_lock(&rfkill_mutex); 249 mutex_lock(&rfkill_mutex);
238 list_for_each_entry(rfkill, &rfkill_list, node) { 250 list_for_each_entry(rfkill, &rfkill_list, node) {
251 mutex_lock(&rfkill->mutex);
239 rfkill_toggle_radio(rfkill, RFKILL_STATE_SOFT_BLOCKED, 1); 252 rfkill_toggle_radio(rfkill, RFKILL_STATE_SOFT_BLOCKED, 1);
253 mutex_unlock(&rfkill->mutex);
240 } 254 }
241 mutex_unlock(&rfkill_mutex); 255 mutex_unlock(&rfkill_mutex);
242} 256}
@@ -252,7 +266,12 @@ EXPORT_SYMBOL_GPL(rfkill_epo);
252 * a notification by the firmware/hardware of the current *real* 266 * a notification by the firmware/hardware of the current *real*
253 * state of the radio rfkill switch. 267 * state of the radio rfkill switch.
254 * 268 *
255 * It may not be called from an atomic context. 269 * Devices which are subject to external changes on their rfkill
270 * state (such as those caused by a hardware rfkill line) MUST
271 * have their driver arrange to call rfkill_force_state() as soon
272 * as possible after such a change.
273 *
274 * This function may not be called from an atomic context.
256 */ 275 */
257int rfkill_force_state(struct rfkill *rfkill, enum rfkill_state state) 276int rfkill_force_state(struct rfkill *rfkill, enum rfkill_state state)
258{ 277{
@@ -367,6 +386,9 @@ static ssize_t rfkill_claim_store(struct device *dev,
367 if (!capable(CAP_NET_ADMIN)) 386 if (!capable(CAP_NET_ADMIN))
368 return -EPERM; 387 return -EPERM;
369 388
389 if (rfkill->user_claim_unsupported)
390 return -EOPNOTSUPP;
391
370 /* 392 /*
371 * Take the global lock to make sure the kernel is not in 393 * Take the global lock to make sure the kernel is not in
372 * the middle of rfkill_switch_all 394 * the middle of rfkill_switch_all
@@ -375,19 +397,17 @@ static ssize_t rfkill_claim_store(struct device *dev,
375 if (error) 397 if (error)
376 return error; 398 return error;
377 399
378 if (rfkill->user_claim_unsupported) {
379 error = -EOPNOTSUPP;
380 goto out_unlock;
381 }
382 if (rfkill->user_claim != claim) { 400 if (rfkill->user_claim != claim) {
383 if (!claim) 401 if (!claim) {
402 mutex_lock(&rfkill->mutex);
384 rfkill_toggle_radio(rfkill, 403 rfkill_toggle_radio(rfkill,
385 rfkill_states[rfkill->type], 404 rfkill_states[rfkill->type],
386 0); 405 0);
406 mutex_unlock(&rfkill->mutex);
407 }
387 rfkill->user_claim = claim; 408 rfkill->user_claim = claim;
388 } 409 }
389 410
390out_unlock:
391 mutex_unlock(&rfkill_mutex); 411 mutex_unlock(&rfkill_mutex);
392 412
393 return error ? error : count; 413 return error ? error : count;
@@ -516,8 +536,11 @@ static void rfkill_remove_switch(struct rfkill *rfkill)
516{ 536{
517 mutex_lock(&rfkill_mutex); 537 mutex_lock(&rfkill_mutex);
518 list_del_init(&rfkill->node); 538 list_del_init(&rfkill->node);
519 rfkill_toggle_radio(rfkill, RFKILL_STATE_SOFT_BLOCKED, 1);
520 mutex_unlock(&rfkill_mutex); 539 mutex_unlock(&rfkill_mutex);
540
541 mutex_lock(&rfkill->mutex);
542 rfkill_toggle_radio(rfkill, RFKILL_STATE_SOFT_BLOCKED, 1);
543 mutex_unlock(&rfkill->mutex);
521} 544}
522 545
523/** 546/**
@@ -526,9 +549,10 @@ static void rfkill_remove_switch(struct rfkill *rfkill)
526 * @type: type of the switch (RFKILL_TYPE_*) 549 * @type: type of the switch (RFKILL_TYPE_*)
527 * 550 *
528 * This function should be called by the network driver when it needs 551 * This function should be called by the network driver when it needs
529 * rfkill structure. Once the structure is allocated the driver shoud 552 * rfkill structure. Once the structure is allocated the driver should
530 * finish its initialization by setting name, private data, enable_radio 553 * finish its initialization by setting the name, private data, enable_radio
531 * and disable_radio methods and then register it with rfkill_register(). 554 * and disable_radio methods and then register it with rfkill_register().
555 *
532 * NOTE: If registration fails the structure shoudl be freed by calling 556 * NOTE: If registration fails the structure shoudl be freed by calling
533 * rfkill_free() otherwise rfkill_unregister() should be used. 557 * rfkill_free() otherwise rfkill_unregister() should be used.
534 */ 558 */
@@ -560,7 +584,7 @@ EXPORT_SYMBOL(rfkill_allocate);
560 * rfkill_free - Mark rfkill structure for deletion 584 * rfkill_free - Mark rfkill structure for deletion
561 * @rfkill: rfkill structure to be destroyed 585 * @rfkill: rfkill structure to be destroyed
562 * 586 *
563 * Decrements reference count of rfkill structure so it is destroyed. 587 * Decrements reference count of the rfkill structure so it is destroyed.
564 * Note that rfkill_free() should _not_ be called after rfkill_unregister(). 588 * Note that rfkill_free() should _not_ be called after rfkill_unregister().
565 */ 589 */
566void rfkill_free(struct rfkill *rfkill) 590void rfkill_free(struct rfkill *rfkill)
@@ -575,7 +599,10 @@ static void rfkill_led_trigger_register(struct rfkill *rfkill)
575#ifdef CONFIG_RFKILL_LEDS 599#ifdef CONFIG_RFKILL_LEDS
576 int error; 600 int error;
577 601
578 rfkill->led_trigger.name = rfkill->dev.bus_id; 602 if (!rfkill->led_trigger.name)
603 rfkill->led_trigger.name = rfkill->dev.bus_id;
604 if (!rfkill->led_trigger.activate)
605 rfkill->led_trigger.activate = rfkill_led_trigger_activate;
579 error = led_trigger_register(&rfkill->led_trigger); 606 error = led_trigger_register(&rfkill->led_trigger);
580 if (error) 607 if (error)
581 rfkill->led_trigger.name = NULL; 608 rfkill->led_trigger.name = NULL;
@@ -585,8 +612,10 @@ static void rfkill_led_trigger_register(struct rfkill *rfkill)
585static void rfkill_led_trigger_unregister(struct rfkill *rfkill) 612static void rfkill_led_trigger_unregister(struct rfkill *rfkill)
586{ 613{
587#ifdef CONFIG_RFKILL_LEDS 614#ifdef CONFIG_RFKILL_LEDS
588 if (rfkill->led_trigger.name) 615 if (rfkill->led_trigger.name) {
589 led_trigger_unregister(&rfkill->led_trigger); 616 led_trigger_unregister(&rfkill->led_trigger);
617 rfkill->led_trigger.name = NULL;
618 }
590#endif 619#endif
591} 620}
592 621
@@ -622,8 +651,8 @@ int rfkill_register(struct rfkill *rfkill)
622 651
623 error = device_add(dev); 652 error = device_add(dev);
624 if (error) { 653 if (error) {
625 rfkill_led_trigger_unregister(rfkill);
626 rfkill_remove_switch(rfkill); 654 rfkill_remove_switch(rfkill);
655 rfkill_led_trigger_unregister(rfkill);
627 return error; 656 return error;
628 } 657 }
629 658
diff --git a/net/rxrpc/af_rxrpc.c b/net/rxrpc/af_rxrpc.c
index 4b2682feeedc..32e489118beb 100644
--- a/net/rxrpc/af_rxrpc.c
+++ b/net/rxrpc/af_rxrpc.c
@@ -660,9 +660,9 @@ static void rxrpc_sock_destructor(struct sock *sk)
660 660
661 rxrpc_purge_queue(&sk->sk_receive_queue); 661 rxrpc_purge_queue(&sk->sk_receive_queue);
662 662
663 BUG_TRAP(!atomic_read(&sk->sk_wmem_alloc)); 663 WARN_ON(atomic_read(&sk->sk_wmem_alloc));
664 BUG_TRAP(sk_unhashed(sk)); 664 WARN_ON(!sk_unhashed(sk));
665 BUG_TRAP(!sk->sk_socket); 665 WARN_ON(sk->sk_socket);
666 666
667 if (!sock_flag(sk, SOCK_DEAD)) { 667 if (!sock_flag(sk, SOCK_DEAD)) {
668 printk("Attempt to release alive rxrpc socket: %p\n", sk); 668 printk("Attempt to release alive rxrpc socket: %p\n", sk);
diff --git a/net/rxrpc/ar-accept.c b/net/rxrpc/ar-accept.c
index bdfb77417794..77228f28fa36 100644
--- a/net/rxrpc/ar-accept.c
+++ b/net/rxrpc/ar-accept.c
@@ -100,7 +100,7 @@ static int rxrpc_accept_incoming_call(struct rxrpc_local *local,
100 100
101 trans = rxrpc_get_transport(local, peer, GFP_NOIO); 101 trans = rxrpc_get_transport(local, peer, GFP_NOIO);
102 rxrpc_put_peer(peer); 102 rxrpc_put_peer(peer);
103 if (!trans) { 103 if (IS_ERR(trans)) {
104 _debug("no trans"); 104 _debug("no trans");
105 ret = -EBUSY; 105 ret = -EBUSY;
106 goto error; 106 goto error;
diff --git a/net/sched/act_api.c b/net/sched/act_api.c
index 74e662cbb2c5..9974b3f04f05 100644
--- a/net/sched/act_api.c
+++ b/net/sched/act_api.c
@@ -41,7 +41,7 @@ void tcf_hash_destroy(struct tcf_common *p, struct tcf_hashinfo *hinfo)
41 return; 41 return;
42 } 42 }
43 } 43 }
44 BUG_TRAP(0); 44 WARN_ON(1);
45} 45}
46EXPORT_SYMBOL(tcf_hash_destroy); 46EXPORT_SYMBOL(tcf_hash_destroy);
47 47
@@ -205,10 +205,9 @@ struct tcf_common *tcf_hash_check(u32 index, struct tc_action *a, int bind,
205{ 205{
206 struct tcf_common *p = NULL; 206 struct tcf_common *p = NULL;
207 if (index && (p = tcf_hash_lookup(index, hinfo)) != NULL) { 207 if (index && (p = tcf_hash_lookup(index, hinfo)) != NULL) {
208 if (bind) { 208 if (bind)
209 p->tcfc_bindcnt++; 209 p->tcfc_bindcnt++;
210 p->tcfc_refcnt++; 210 p->tcfc_refcnt++;
211 }
212 a->priv = p; 211 a->priv = p;
213 } 212 }
214 return p; 213 return p;
@@ -752,7 +751,7 @@ static int tca_action_flush(struct nlattr *nla, struct nlmsghdr *n, u32 pid)
752 struct nlattr *tb[TCA_ACT_MAX+1]; 751 struct nlattr *tb[TCA_ACT_MAX+1];
753 struct nlattr *kind; 752 struct nlattr *kind;
754 struct tc_action *a = create_a(0); 753 struct tc_action *a = create_a(0);
755 int err = -EINVAL; 754 int err = -ENOMEM;
756 755
757 if (a == NULL) { 756 if (a == NULL) {
758 printk("tca_action_flush: couldnt create tc_action\n"); 757 printk("tca_action_flush: couldnt create tc_action\n");
@@ -763,7 +762,7 @@ static int tca_action_flush(struct nlattr *nla, struct nlmsghdr *n, u32 pid)
763 if (!skb) { 762 if (!skb) {
764 printk("tca_action_flush: failed skb alloc\n"); 763 printk("tca_action_flush: failed skb alloc\n");
765 kfree(a); 764 kfree(a);
766 return -ENOBUFS; 765 return err;
767 } 766 }
768 767
769 b = skb_tail_pointer(skb); 768 b = skb_tail_pointer(skb);
@@ -791,6 +790,8 @@ static int tca_action_flush(struct nlattr *nla, struct nlmsghdr *n, u32 pid)
791 err = a->ops->walk(skb, &dcb, RTM_DELACTION, a); 790 err = a->ops->walk(skb, &dcb, RTM_DELACTION, a);
792 if (err < 0) 791 if (err < 0)
793 goto nla_put_failure; 792 goto nla_put_failure;
793 if (err == 0)
794 goto noflush_out;
794 795
795 nla_nest_end(skb, nest); 796 nla_nest_end(skb, nest);
796 797
@@ -808,6 +809,7 @@ nla_put_failure:
808nlmsg_failure: 809nlmsg_failure:
809 module_put(a->ops->owner); 810 module_put(a->ops->owner);
810err_out: 811err_out:
812noflush_out:
811 kfree_skb(skb); 813 kfree_skb(skb);
812 kfree(a); 814 kfree(a);
813 return err; 815 return err;
@@ -825,8 +827,10 @@ tca_action_gd(struct nlattr *nla, struct nlmsghdr *n, u32 pid, int event)
825 return ret; 827 return ret;
826 828
827 if (event == RTM_DELACTION && n->nlmsg_flags&NLM_F_ROOT) { 829 if (event == RTM_DELACTION && n->nlmsg_flags&NLM_F_ROOT) {
828 if (tb[0] != NULL && tb[1] == NULL) 830 if (tb[1] != NULL)
829 return tca_action_flush(tb[0], n, pid); 831 return tca_action_flush(tb[1], n, pid);
832 else
833 return -EINVAL;
830 } 834 }
831 835
832 for (i = 1; i <= TCA_ACT_MAX_PRIO && tb[i]; i++) { 836 for (i = 1; i <= TCA_ACT_MAX_PRIO && tb[i]; i++) {
diff --git a/net/sched/act_police.c b/net/sched/act_police.c
index 32c3f9d9fb7a..38015b493947 100644
--- a/net/sched/act_police.c
+++ b/net/sched/act_police.c
@@ -116,7 +116,7 @@ static void tcf_police_destroy(struct tcf_police *p)
116 return; 116 return;
117 } 117 }
118 } 118 }
119 BUG_TRAP(0); 119 WARN_ON(1);
120} 120}
121 121
122static const struct nla_policy police_policy[TCA_POLICE_MAX + 1] = { 122static const struct nla_policy police_policy[TCA_POLICE_MAX + 1] = {
diff --git a/net/sched/cls_u32.c b/net/sched/cls_u32.c
index 527db2559dd2..246f9065ce34 100644
--- a/net/sched/cls_u32.c
+++ b/net/sched/cls_u32.c
@@ -345,7 +345,7 @@ static int u32_delete_key(struct tcf_proto *tp, struct tc_u_knode* key)
345 } 345 }
346 } 346 }
347 } 347 }
348 BUG_TRAP(0); 348 WARN_ON(1);
349 return 0; 349 return 0;
350} 350}
351 351
@@ -368,7 +368,7 @@ static int u32_destroy_hnode(struct tcf_proto *tp, struct tc_u_hnode *ht)
368 struct tc_u_common *tp_c = tp->data; 368 struct tc_u_common *tp_c = tp->data;
369 struct tc_u_hnode **hn; 369 struct tc_u_hnode **hn;
370 370
371 BUG_TRAP(!ht->refcnt); 371 WARN_ON(ht->refcnt);
372 372
373 u32_clear_hnode(tp, ht); 373 u32_clear_hnode(tp, ht);
374 374
@@ -380,7 +380,7 @@ static int u32_destroy_hnode(struct tcf_proto *tp, struct tc_u_hnode *ht)
380 } 380 }
381 } 381 }
382 382
383 BUG_TRAP(0); 383 WARN_ON(1);
384 return -ENOENT; 384 return -ENOENT;
385} 385}
386 386
@@ -389,7 +389,7 @@ static void u32_destroy(struct tcf_proto *tp)
389 struct tc_u_common *tp_c = tp->data; 389 struct tc_u_common *tp_c = tp->data;
390 struct tc_u_hnode *root_ht = xchg(&tp->root, NULL); 390 struct tc_u_hnode *root_ht = xchg(&tp->root, NULL);
391 391
392 BUG_TRAP(root_ht != NULL); 392 WARN_ON(root_ht == NULL);
393 393
394 if (root_ht && --root_ht->refcnt == 0) 394 if (root_ht && --root_ht->refcnt == 0)
395 u32_destroy_hnode(tp, root_ht); 395 u32_destroy_hnode(tp, root_ht);
@@ -407,7 +407,7 @@ static void u32_destroy(struct tcf_proto *tp)
407 while ((ht = tp_c->hlist) != NULL) { 407 while ((ht = tp_c->hlist) != NULL) {
408 tp_c->hlist = ht->next; 408 tp_c->hlist = ht->next;
409 409
410 BUG_TRAP(ht->refcnt == 0); 410 WARN_ON(ht->refcnt != 0);
411 411
412 kfree(ht); 412 kfree(ht);
413 } 413 }
diff --git a/net/sched/sch_api.c b/net/sched/sch_api.c
index b0601642e227..c25465e5607a 100644
--- a/net/sched/sch_api.c
+++ b/net/sched/sch_api.c
@@ -183,24 +183,34 @@ EXPORT_SYMBOL(unregister_qdisc);
183 (root qdisc, all its children, children of children etc.) 183 (root qdisc, all its children, children of children etc.)
184 */ 184 */
185 185
186struct Qdisc *qdisc_match_from_root(struct Qdisc *root, u32 handle)
187{
188 struct Qdisc *q;
189
190 if (!(root->flags & TCQ_F_BUILTIN) &&
191 root->handle == handle)
192 return root;
193
194 list_for_each_entry(q, &root->list, list) {
195 if (q->handle == handle)
196 return q;
197 }
198 return NULL;
199}
200
186struct Qdisc *qdisc_lookup(struct net_device *dev, u32 handle) 201struct Qdisc *qdisc_lookup(struct net_device *dev, u32 handle)
187{ 202{
188 unsigned int i; 203 unsigned int i;
189 204
190 for (i = 0; i < dev->num_tx_queues; i++) { 205 for (i = 0; i < dev->num_tx_queues; i++) {
191 struct netdev_queue *txq = netdev_get_tx_queue(dev, i); 206 struct netdev_queue *txq = netdev_get_tx_queue(dev, i);
192 struct Qdisc *q, *txq_root = txq->qdisc; 207 struct Qdisc *q, *txq_root = txq->qdisc_sleeping;
193 208
194 if (!(txq_root->flags & TCQ_F_BUILTIN) && 209 q = qdisc_match_from_root(txq_root, handle);
195 txq_root->handle == handle) 210 if (q)
196 return txq_root; 211 return q;
197
198 list_for_each_entry(q, &txq_root->list, list) {
199 if (q->handle == handle)
200 return q;
201 }
202 } 212 }
203 return NULL; 213 return qdisc_match_from_root(dev->rx_queue.qdisc_sleeping, handle);
204} 214}
205 215
206static struct Qdisc *qdisc_leaf(struct Qdisc *p, u32 classid) 216static struct Qdisc *qdisc_leaf(struct Qdisc *p, u32 classid)
@@ -321,7 +331,7 @@ static struct qdisc_size_table *qdisc_get_stab(struct nlattr *opt)
321 if (!s || tsize != s->tsize || (!tab && tsize > 0)) 331 if (!s || tsize != s->tsize || (!tab && tsize > 0))
322 return ERR_PTR(-EINVAL); 332 return ERR_PTR(-EINVAL);
323 333
324 spin_lock(&qdisc_stab_lock); 334 spin_lock_bh(&qdisc_stab_lock);
325 335
326 list_for_each_entry(stab, &qdisc_stab_list, list) { 336 list_for_each_entry(stab, &qdisc_stab_list, list) {
327 if (memcmp(&stab->szopts, s, sizeof(*s))) 337 if (memcmp(&stab->szopts, s, sizeof(*s)))
@@ -329,11 +339,11 @@ static struct qdisc_size_table *qdisc_get_stab(struct nlattr *opt)
329 if (tsize > 0 && memcmp(stab->data, tab, tsize * sizeof(u16))) 339 if (tsize > 0 && memcmp(stab->data, tab, tsize * sizeof(u16)))
330 continue; 340 continue;
331 stab->refcnt++; 341 stab->refcnt++;
332 spin_unlock(&qdisc_stab_lock); 342 spin_unlock_bh(&qdisc_stab_lock);
333 return stab; 343 return stab;
334 } 344 }
335 345
336 spin_unlock(&qdisc_stab_lock); 346 spin_unlock_bh(&qdisc_stab_lock);
337 347
338 stab = kmalloc(sizeof(*stab) + tsize * sizeof(u16), GFP_KERNEL); 348 stab = kmalloc(sizeof(*stab) + tsize * sizeof(u16), GFP_KERNEL);
339 if (!stab) 349 if (!stab)
@@ -344,9 +354,9 @@ static struct qdisc_size_table *qdisc_get_stab(struct nlattr *opt)
344 if (tsize > 0) 354 if (tsize > 0)
345 memcpy(stab->data, tab, tsize * sizeof(u16)); 355 memcpy(stab->data, tab, tsize * sizeof(u16));
346 356
347 spin_lock(&qdisc_stab_lock); 357 spin_lock_bh(&qdisc_stab_lock);
348 list_add_tail(&stab->list, &qdisc_stab_list); 358 list_add_tail(&stab->list, &qdisc_stab_list);
349 spin_unlock(&qdisc_stab_lock); 359 spin_unlock_bh(&qdisc_stab_lock);
350 360
351 return stab; 361 return stab;
352} 362}
@@ -356,14 +366,14 @@ void qdisc_put_stab(struct qdisc_size_table *tab)
356 if (!tab) 366 if (!tab)
357 return; 367 return;
358 368
359 spin_lock(&qdisc_stab_lock); 369 spin_lock_bh(&qdisc_stab_lock);
360 370
361 if (--tab->refcnt == 0) { 371 if (--tab->refcnt == 0) {
362 list_del(&tab->list); 372 list_del(&tab->list);
363 kfree(tab); 373 kfree(tab);
364 } 374 }
365 375
366 spin_unlock(&qdisc_stab_lock); 376 spin_unlock_bh(&qdisc_stab_lock);
367} 377}
368EXPORT_SYMBOL(qdisc_put_stab); 378EXPORT_SYMBOL(qdisc_put_stab);
369 379
@@ -572,44 +582,21 @@ static u32 qdisc_alloc_handle(struct net_device *dev)
572static struct Qdisc *dev_graft_qdisc(struct netdev_queue *dev_queue, 582static struct Qdisc *dev_graft_qdisc(struct netdev_queue *dev_queue,
573 struct Qdisc *qdisc) 583 struct Qdisc *qdisc)
574{ 584{
585 struct Qdisc *oqdisc = dev_queue->qdisc_sleeping;
575 spinlock_t *root_lock; 586 spinlock_t *root_lock;
576 struct Qdisc *oqdisc;
577 int ingress;
578
579 ingress = 0;
580 if (qdisc && qdisc->flags&TCQ_F_INGRESS)
581 ingress = 1;
582
583 if (ingress) {
584 oqdisc = dev_queue->qdisc;
585 } else {
586 oqdisc = dev_queue->qdisc_sleeping;
587 }
588 587
589 root_lock = qdisc_root_lock(oqdisc); 588 root_lock = qdisc_root_lock(oqdisc);
590 spin_lock_bh(root_lock); 589 spin_lock_bh(root_lock);
591 590
592 if (ingress) { 591 /* Prune old scheduler */
593 /* Prune old scheduler */ 592 if (oqdisc && atomic_read(&oqdisc->refcnt) <= 1)
594 if (oqdisc && atomic_read(&oqdisc->refcnt) <= 1) { 593 qdisc_reset(oqdisc);
595 /* delete */
596 qdisc_reset(oqdisc);
597 dev_queue->qdisc = NULL;
598 } else { /* new */
599 dev_queue->qdisc = qdisc;
600 }
601 594
602 } else { 595 /* ... and graft new one */
603 /* Prune old scheduler */ 596 if (qdisc == NULL)
604 if (oqdisc && atomic_read(&oqdisc->refcnt) <= 1) 597 qdisc = &noop_qdisc;
605 qdisc_reset(oqdisc); 598 dev_queue->qdisc_sleeping = qdisc;
606 599 dev_queue->qdisc = &noop_qdisc;
607 /* ... and graft new one */
608 if (qdisc == NULL)
609 qdisc = &noop_qdisc;
610 dev_queue->qdisc_sleeping = qdisc;
611 dev_queue->qdisc = &noop_qdisc;
612 }
613 600
614 spin_unlock_bh(root_lock); 601 spin_unlock_bh(root_lock);
615 602
@@ -678,7 +665,8 @@ static int qdisc_graft(struct net_device *dev, struct Qdisc *parent,
678 665
679 ingress = 0; 666 ingress = 0;
680 num_q = dev->num_tx_queues; 667 num_q = dev->num_tx_queues;
681 if (q && q->flags & TCQ_F_INGRESS) { 668 if ((q && q->flags & TCQ_F_INGRESS) ||
669 (new && new->flags & TCQ_F_INGRESS)) {
682 num_q = 1; 670 num_q = 1;
683 ingress = 1; 671 ingress = 1;
684 } 672 }
@@ -692,13 +680,10 @@ static int qdisc_graft(struct net_device *dev, struct Qdisc *parent,
692 if (!ingress) 680 if (!ingress)
693 dev_queue = netdev_get_tx_queue(dev, i); 681 dev_queue = netdev_get_tx_queue(dev, i);
694 682
695 if (ingress) { 683 old = dev_graft_qdisc(dev_queue, new);
696 old = dev_graft_qdisc(dev_queue, q); 684 if (new && i > 0)
697 } else { 685 atomic_inc(&new->refcnt);
698 old = dev_graft_qdisc(dev_queue, new); 686
699 if (new && i > 0)
700 atomic_inc(&new->refcnt);
701 }
702 notify_and_destroy(skb, n, classid, old, new); 687 notify_and_destroy(skb, n, classid, old, new);
703 } 688 }
704 689
@@ -817,8 +802,8 @@ qdisc_create(struct net_device *dev, struct netdev_queue *dev_queue,
817 goto err_out3; 802 goto err_out3;
818 } 803 }
819 } 804 }
820 if (parent) 805 if ((parent != TC_H_ROOT) && !(sch->flags & TCQ_F_INGRESS))
821 list_add_tail(&sch->list, &dev_queue->qdisc->list); 806 list_add_tail(&sch->list, &dev_queue->qdisc_sleeping->list);
822 807
823 return sch; 808 return sch;
824 } 809 }
@@ -933,7 +918,7 @@ static int tc_get_qdisc(struct sk_buff *skb, struct nlmsghdr *n, void *arg)
933 return -ENOENT; 918 return -ENOENT;
934 q = qdisc_leaf(p, clid); 919 q = qdisc_leaf(p, clid);
935 } else { /* ingress */ 920 } else { /* ingress */
936 q = dev->rx_queue.qdisc; 921 q = dev->rx_queue.qdisc_sleeping;
937 } 922 }
938 } else { 923 } else {
939 struct netdev_queue *dev_queue; 924 struct netdev_queue *dev_queue;
@@ -1003,7 +988,7 @@ replay:
1003 return -ENOENT; 988 return -ENOENT;
1004 q = qdisc_leaf(p, clid); 989 q = qdisc_leaf(p, clid);
1005 } else { /*ingress */ 990 } else { /*ingress */
1006 q = dev->rx_queue.qdisc; 991 q = dev->rx_queue.qdisc_sleeping;
1007 } 992 }
1008 } else { 993 } else {
1009 struct netdev_queue *dev_queue; 994 struct netdev_queue *dev_queue;
@@ -1261,11 +1246,11 @@ static int tc_dump_qdisc(struct sk_buff *skb, struct netlink_callback *cb)
1261 q_idx = 0; 1246 q_idx = 0;
1262 1247
1263 dev_queue = netdev_get_tx_queue(dev, 0); 1248 dev_queue = netdev_get_tx_queue(dev, 0);
1264 if (tc_dump_qdisc_root(dev_queue->qdisc, skb, cb, &q_idx, s_q_idx) < 0) 1249 if (tc_dump_qdisc_root(dev_queue->qdisc_sleeping, skb, cb, &q_idx, s_q_idx) < 0)
1265 goto done; 1250 goto done;
1266 1251
1267 dev_queue = &dev->rx_queue; 1252 dev_queue = &dev->rx_queue;
1268 if (tc_dump_qdisc_root(dev_queue->qdisc, skb, cb, &q_idx, s_q_idx) < 0) 1253 if (tc_dump_qdisc_root(dev_queue->qdisc_sleeping, skb, cb, &q_idx, s_q_idx) < 0)
1269 goto done; 1254 goto done;
1270 1255
1271cont: 1256cont:
@@ -1554,11 +1539,11 @@ static int tc_dump_tclass(struct sk_buff *skb, struct netlink_callback *cb)
1554 t = 0; 1539 t = 0;
1555 1540
1556 dev_queue = netdev_get_tx_queue(dev, 0); 1541 dev_queue = netdev_get_tx_queue(dev, 0);
1557 if (tc_dump_tclass_root(dev_queue->qdisc, skb, tcm, cb, &t, s_t) < 0) 1542 if (tc_dump_tclass_root(dev_queue->qdisc_sleeping, skb, tcm, cb, &t, s_t) < 0)
1558 goto done; 1543 goto done;
1559 1544
1560 dev_queue = &dev->rx_queue; 1545 dev_queue = &dev->rx_queue;
1561 if (tc_dump_tclass_root(dev_queue->qdisc, skb, tcm, cb, &t, s_t) < 0) 1546 if (tc_dump_tclass_root(dev_queue->qdisc_sleeping, skb, tcm, cb, &t, s_t) < 0)
1562 goto done; 1547 goto done;
1563 1548
1564done: 1549done:
diff --git a/net/sched/sch_atm.c b/net/sched/sch_atm.c
index 04faa835be17..43d37256c15e 100644
--- a/net/sched/sch_atm.c
+++ b/net/sched/sch_atm.c
@@ -162,7 +162,7 @@ static void atm_tc_put(struct Qdisc *sch, unsigned long cl)
162 qdisc_destroy(flow->q); 162 qdisc_destroy(flow->q);
163 tcf_destroy_chain(&flow->filter_list); 163 tcf_destroy_chain(&flow->filter_list);
164 if (flow->sock) { 164 if (flow->sock) {
165 pr_debug("atm_tc_put: f_count %d\n", 165 pr_debug("atm_tc_put: f_count %ld\n",
166 file_count(flow->sock->file)); 166 file_count(flow->sock->file));
167 flow->vcc->pop = flow->old_pop; 167 flow->vcc->pop = flow->old_pop;
168 sockfd_put(flow->sock); 168 sockfd_put(flow->sock);
@@ -259,7 +259,7 @@ static int atm_tc_change(struct Qdisc *sch, u32 classid, u32 parent,
259 sock = sockfd_lookup(fd, &error); 259 sock = sockfd_lookup(fd, &error);
260 if (!sock) 260 if (!sock)
261 return error; /* f_count++ */ 261 return error; /* f_count++ */
262 pr_debug("atm_tc_change: f_count %d\n", file_count(sock->file)); 262 pr_debug("atm_tc_change: f_count %ld\n", file_count(sock->file));
263 if (sock->ops->family != PF_ATMSVC && sock->ops->family != PF_ATMPVC) { 263 if (sock->ops->family != PF_ATMSVC && sock->ops->family != PF_ATMPVC) {
264 error = -EPROTOTYPE; 264 error = -EPROTOTYPE;
265 goto err_out; 265 goto err_out;
@@ -415,7 +415,7 @@ static int atm_tc_enqueue(struct sk_buff *skb, struct Qdisc *sch)
415 case TC_ACT_QUEUED: 415 case TC_ACT_QUEUED:
416 case TC_ACT_STOLEN: 416 case TC_ACT_STOLEN:
417 kfree_skb(skb); 417 kfree_skb(skb);
418 return NET_XMIT_SUCCESS; 418 return NET_XMIT_SUCCESS | __NET_XMIT_STOLEN;
419 case TC_ACT_SHOT: 419 case TC_ACT_SHOT:
420 kfree_skb(skb); 420 kfree_skb(skb);
421 goto drop; 421 goto drop;
@@ -432,9 +432,11 @@ static int atm_tc_enqueue(struct sk_buff *skb, struct Qdisc *sch)
432 ret = qdisc_enqueue(skb, flow->q); 432 ret = qdisc_enqueue(skb, flow->q);
433 if (ret != 0) { 433 if (ret != 0) {
434drop: __maybe_unused 434drop: __maybe_unused
435 sch->qstats.drops++; 435 if (net_xmit_drop_count(ret)) {
436 if (flow) 436 sch->qstats.drops++;
437 flow->qstats.drops++; 437 if (flow)
438 flow->qstats.drops++;
439 }
438 return ret; 440 return ret;
439 } 441 }
440 sch->bstats.bytes += qdisc_pkt_len(skb); 442 sch->bstats.bytes += qdisc_pkt_len(skb);
@@ -455,7 +457,7 @@ drop: __maybe_unused
455 return 0; 457 return 0;
456 } 458 }
457 tasklet_schedule(&p->task); 459 tasklet_schedule(&p->task);
458 return NET_XMIT_BYPASS; 460 return NET_XMIT_SUCCESS | __NET_XMIT_BYPASS;
459} 461}
460 462
461/* 463/*
@@ -530,7 +532,7 @@ static int atm_tc_requeue(struct sk_buff *skb, struct Qdisc *sch)
530 if (!ret) { 532 if (!ret) {
531 sch->q.qlen++; 533 sch->q.qlen++;
532 sch->qstats.requeues++; 534 sch->qstats.requeues++;
533 } else { 535 } else if (net_xmit_drop_count(ret)) {
534 sch->qstats.drops++; 536 sch->qstats.drops++;
535 p->link.qstats.drops++; 537 p->link.qstats.drops++;
536 } 538 }
diff --git a/net/sched/sch_cbq.c b/net/sched/sch_cbq.c
index f1d2f8ec8b4c..4e261ce62f48 100644
--- a/net/sched/sch_cbq.c
+++ b/net/sched/sch_cbq.c
@@ -230,7 +230,7 @@ cbq_classify(struct sk_buff *skb, struct Qdisc *sch, int *qerr)
230 (cl = cbq_class_lookup(q, prio)) != NULL) 230 (cl = cbq_class_lookup(q, prio)) != NULL)
231 return cl; 231 return cl;
232 232
233 *qerr = NET_XMIT_BYPASS; 233 *qerr = NET_XMIT_SUCCESS | __NET_XMIT_BYPASS;
234 for (;;) { 234 for (;;) {
235 int result = 0; 235 int result = 0;
236 defmap = head->defaults; 236 defmap = head->defaults;
@@ -256,7 +256,7 @@ cbq_classify(struct sk_buff *skb, struct Qdisc *sch, int *qerr)
256 switch (result) { 256 switch (result) {
257 case TC_ACT_QUEUED: 257 case TC_ACT_QUEUED:
258 case TC_ACT_STOLEN: 258 case TC_ACT_STOLEN:
259 *qerr = NET_XMIT_SUCCESS; 259 *qerr = NET_XMIT_SUCCESS | __NET_XMIT_STOLEN;
260 case TC_ACT_SHOT: 260 case TC_ACT_SHOT:
261 return NULL; 261 return NULL;
262 case TC_ACT_RECLASSIFY: 262 case TC_ACT_RECLASSIFY:
@@ -377,7 +377,7 @@ cbq_enqueue(struct sk_buff *skb, struct Qdisc *sch)
377 q->rx_class = cl; 377 q->rx_class = cl;
378#endif 378#endif
379 if (cl == NULL) { 379 if (cl == NULL) {
380 if (ret == NET_XMIT_BYPASS) 380 if (ret & __NET_XMIT_BYPASS)
381 sch->qstats.drops++; 381 sch->qstats.drops++;
382 kfree_skb(skb); 382 kfree_skb(skb);
383 return ret; 383 return ret;
@@ -397,9 +397,11 @@ cbq_enqueue(struct sk_buff *skb, struct Qdisc *sch)
397 return ret; 397 return ret;
398 } 398 }
399 399
400 sch->qstats.drops++; 400 if (net_xmit_drop_count(ret)) {
401 cbq_mark_toplevel(q, cl); 401 sch->qstats.drops++;
402 cl->qstats.drops++; 402 cbq_mark_toplevel(q, cl);
403 cl->qstats.drops++;
404 }
403 return ret; 405 return ret;
404} 406}
405 407
@@ -430,8 +432,10 @@ cbq_requeue(struct sk_buff *skb, struct Qdisc *sch)
430 cbq_activate_class(cl); 432 cbq_activate_class(cl);
431 return 0; 433 return 0;
432 } 434 }
433 sch->qstats.drops++; 435 if (net_xmit_drop_count(ret)) {
434 cl->qstats.drops++; 436 sch->qstats.drops++;
437 cl->qstats.drops++;
438 }
435 return ret; 439 return ret;
436} 440}
437 441
@@ -664,13 +668,15 @@ static int cbq_reshape_fail(struct sk_buff *skb, struct Qdisc *child)
664 q->rx_class = NULL; 668 q->rx_class = NULL;
665 669
666 if (cl && (cl = cbq_reclassify(skb, cl)) != NULL) { 670 if (cl && (cl = cbq_reclassify(skb, cl)) != NULL) {
671 int ret;
667 672
668 cbq_mark_toplevel(q, cl); 673 cbq_mark_toplevel(q, cl);
669 674
670 q->rx_class = cl; 675 q->rx_class = cl;
671 cl->q->__parent = sch; 676 cl->q->__parent = sch;
672 677
673 if (qdisc_enqueue(skb, cl->q) == 0) { 678 ret = qdisc_enqueue(skb, cl->q);
679 if (ret == NET_XMIT_SUCCESS) {
674 sch->q.qlen++; 680 sch->q.qlen++;
675 sch->bstats.packets++; 681 sch->bstats.packets++;
676 sch->bstats.bytes += qdisc_pkt_len(skb); 682 sch->bstats.bytes += qdisc_pkt_len(skb);
@@ -678,7 +684,8 @@ static int cbq_reshape_fail(struct sk_buff *skb, struct Qdisc *child)
678 cbq_activate_class(cl); 684 cbq_activate_class(cl);
679 return 0; 685 return 0;
680 } 686 }
681 sch->qstats.drops++; 687 if (net_xmit_drop_count(ret))
688 sch->qstats.drops++;
682 return 0; 689 return 0;
683 } 690 }
684 691
@@ -1175,7 +1182,7 @@ static void cbq_unlink_class(struct cbq_class *this)
1175 this->tparent->children = NULL; 1182 this->tparent->children = NULL;
1176 } 1183 }
1177 } else { 1184 } else {
1178 BUG_TRAP(this->sibling == this); 1185 WARN_ON(this->sibling != this);
1179 } 1186 }
1180} 1187}
1181 1188
@@ -1699,7 +1706,7 @@ static void cbq_destroy_class(struct Qdisc *sch, struct cbq_class *cl)
1699{ 1706{
1700 struct cbq_sched_data *q = qdisc_priv(sch); 1707 struct cbq_sched_data *q = qdisc_priv(sch);
1701 1708
1702 BUG_TRAP(!cl->filters); 1709 WARN_ON(cl->filters);
1703 1710
1704 tcf_destroy_chain(&cl->filter_list); 1711 tcf_destroy_chain(&cl->filter_list);
1705 qdisc_destroy(cl->q); 1712 qdisc_destroy(cl->q);
diff --git a/net/sched/sch_dsmark.c b/net/sched/sch_dsmark.c
index a935676987e2..edd1298f85f6 100644
--- a/net/sched/sch_dsmark.c
+++ b/net/sched/sch_dsmark.c
@@ -236,7 +236,7 @@ static int dsmark_enqueue(struct sk_buff *skb, struct Qdisc *sch)
236 case TC_ACT_QUEUED: 236 case TC_ACT_QUEUED:
237 case TC_ACT_STOLEN: 237 case TC_ACT_STOLEN:
238 kfree_skb(skb); 238 kfree_skb(skb);
239 return NET_XMIT_SUCCESS; 239 return NET_XMIT_SUCCESS | __NET_XMIT_STOLEN;
240 240
241 case TC_ACT_SHOT: 241 case TC_ACT_SHOT:
242 goto drop; 242 goto drop;
@@ -254,7 +254,8 @@ static int dsmark_enqueue(struct sk_buff *skb, struct Qdisc *sch)
254 254
255 err = qdisc_enqueue(skb, p->q); 255 err = qdisc_enqueue(skb, p->q);
256 if (err != NET_XMIT_SUCCESS) { 256 if (err != NET_XMIT_SUCCESS) {
257 sch->qstats.drops++; 257 if (net_xmit_drop_count(err))
258 sch->qstats.drops++;
258 return err; 259 return err;
259 } 260 }
260 261
@@ -267,7 +268,7 @@ static int dsmark_enqueue(struct sk_buff *skb, struct Qdisc *sch)
267drop: 268drop:
268 kfree_skb(skb); 269 kfree_skb(skb);
269 sch->qstats.drops++; 270 sch->qstats.drops++;
270 return NET_XMIT_BYPASS; 271 return NET_XMIT_SUCCESS | __NET_XMIT_BYPASS;
271} 272}
272 273
273static struct sk_buff *dsmark_dequeue(struct Qdisc *sch) 274static struct sk_buff *dsmark_dequeue(struct Qdisc *sch)
@@ -321,7 +322,8 @@ static int dsmark_requeue(struct sk_buff *skb, struct Qdisc *sch)
321 322
322 err = p->q->ops->requeue(skb, p->q); 323 err = p->q->ops->requeue(skb, p->q);
323 if (err != NET_XMIT_SUCCESS) { 324 if (err != NET_XMIT_SUCCESS) {
324 sch->qstats.drops++; 325 if (net_xmit_drop_count(err))
326 sch->qstats.drops++;
325 return err; 327 return err;
326 } 328 }
327 329
diff --git a/net/sched/sch_generic.c b/net/sched/sch_generic.c
index 4ac7e3a8c253..468574682caa 100644
--- a/net/sched/sch_generic.c
+++ b/net/sched/sch_generic.c
@@ -29,7 +29,7 @@
29/* Main transmission queue. */ 29/* Main transmission queue. */
30 30
31/* Modifications to data participating in scheduling must be protected with 31/* Modifications to data participating in scheduling must be protected with
32 * qdisc_root_lock(qdisc) spinlock. 32 * qdisc_lock(qdisc) spinlock.
33 * 33 *
34 * The idea is the following: 34 * The idea is the following:
35 * - enqueue, dequeue are serialized via qdisc root lock 35 * - enqueue, dequeue are serialized via qdisc root lock
@@ -126,7 +126,7 @@ static inline int qdisc_restart(struct Qdisc *q)
126 if (unlikely((skb = dequeue_skb(q)) == NULL)) 126 if (unlikely((skb = dequeue_skb(q)) == NULL))
127 return 0; 127 return 0;
128 128
129 root_lock = qdisc_root_lock(q); 129 root_lock = qdisc_lock(q);
130 130
131 /* And release qdisc */ 131 /* And release qdisc */
132 spin_unlock(root_lock); 132 spin_unlock(root_lock);
@@ -135,7 +135,8 @@ static inline int qdisc_restart(struct Qdisc *q)
135 txq = netdev_get_tx_queue(dev, skb_get_queue_mapping(skb)); 135 txq = netdev_get_tx_queue(dev, skb_get_queue_mapping(skb));
136 136
137 HARD_TX_LOCK(dev, txq, smp_processor_id()); 137 HARD_TX_LOCK(dev, txq, smp_processor_id());
138 if (!netif_subqueue_stopped(dev, skb)) 138 if (!netif_tx_queue_stopped(txq) &&
139 !netif_tx_queue_frozen(txq))
139 ret = dev_hard_start_xmit(skb, dev, txq); 140 ret = dev_hard_start_xmit(skb, dev, txq);
140 HARD_TX_UNLOCK(dev, txq); 141 HARD_TX_UNLOCK(dev, txq);
141 142
@@ -162,7 +163,8 @@ static inline int qdisc_restart(struct Qdisc *q)
162 break; 163 break;
163 } 164 }
164 165
165 if (ret && netif_tx_queue_stopped(txq)) 166 if (ret && (netif_tx_queue_stopped(txq) ||
167 netif_tx_queue_frozen(txq)))
166 ret = 0; 168 ret = 0;
167 169
168 return ret; 170 return ret;
@@ -505,7 +507,7 @@ errout:
505} 507}
506EXPORT_SYMBOL(qdisc_create_dflt); 508EXPORT_SYMBOL(qdisc_create_dflt);
507 509
508/* Under qdisc_root_lock(qdisc) and BH! */ 510/* Under qdisc_lock(qdisc) and BH! */
509 511
510void qdisc_reset(struct Qdisc *qdisc) 512void qdisc_reset(struct Qdisc *qdisc)
511{ 513{
@@ -541,7 +543,7 @@ static void __qdisc_destroy(struct rcu_head *head)
541 kfree((char *) qdisc - qdisc->padded); 543 kfree((char *) qdisc - qdisc->padded);
542} 544}
543 545
544/* Under qdisc_root_lock(qdisc) and BH! */ 546/* Under qdisc_lock(qdisc) and BH! */
545 547
546void qdisc_destroy(struct Qdisc *qdisc) 548void qdisc_destroy(struct Qdisc *qdisc)
547{ 549{
@@ -596,7 +598,7 @@ static void transition_one_qdisc(struct net_device *dev,
596 int *need_watchdog_p = _need_watchdog; 598 int *need_watchdog_p = _need_watchdog;
597 599
598 rcu_assign_pointer(dev_queue->qdisc, new_qdisc); 600 rcu_assign_pointer(dev_queue->qdisc, new_qdisc);
599 if (new_qdisc != &noqueue_qdisc) 601 if (need_watchdog_p && new_qdisc != &noqueue_qdisc)
600 *need_watchdog_p = 1; 602 *need_watchdog_p = 1;
601} 603}
602 604
@@ -619,6 +621,7 @@ void dev_activate(struct net_device *dev)
619 621
620 need_watchdog = 0; 622 need_watchdog = 0;
621 netdev_for_each_tx_queue(dev, transition_one_qdisc, &need_watchdog); 623 netdev_for_each_tx_queue(dev, transition_one_qdisc, &need_watchdog);
624 transition_one_qdisc(dev, &dev->rx_queue, NULL);
622 625
623 if (need_watchdog) { 626 if (need_watchdog) {
624 dev->trans_start = jiffies; 627 dev->trans_start = jiffies;
@@ -644,7 +647,7 @@ static void dev_deactivate_queue(struct net_device *dev,
644 } 647 }
645} 648}
646 649
647static bool some_qdisc_is_running(struct net_device *dev, int lock) 650static bool some_qdisc_is_busy(struct net_device *dev, int lock)
648{ 651{
649 unsigned int i; 652 unsigned int i;
650 653
@@ -655,13 +658,14 @@ static bool some_qdisc_is_running(struct net_device *dev, int lock)
655 int val; 658 int val;
656 659
657 dev_queue = netdev_get_tx_queue(dev, i); 660 dev_queue = netdev_get_tx_queue(dev, i);
658 q = dev_queue->qdisc; 661 q = dev_queue->qdisc_sleeping;
659 root_lock = qdisc_root_lock(q); 662 root_lock = qdisc_lock(q);
660 663
661 if (lock) 664 if (lock)
662 spin_lock_bh(root_lock); 665 spin_lock_bh(root_lock);
663 666
664 val = test_bit(__QDISC_STATE_RUNNING, &q->state); 667 val = (test_bit(__QDISC_STATE_RUNNING, &q->state) ||
668 test_bit(__QDISC_STATE_SCHED, &q->state));
665 669
666 if (lock) 670 if (lock)
667 spin_unlock_bh(root_lock); 671 spin_unlock_bh(root_lock);
@@ -677,6 +681,7 @@ void dev_deactivate(struct net_device *dev)
677 bool running; 681 bool running;
678 682
679 netdev_for_each_tx_queue(dev, dev_deactivate_queue, &noop_qdisc); 683 netdev_for_each_tx_queue(dev, dev_deactivate_queue, &noop_qdisc);
684 dev_deactivate_queue(dev, &dev->rx_queue, &noop_qdisc);
680 685
681 dev_watchdog_down(dev); 686 dev_watchdog_down(dev);
682 687
@@ -685,14 +690,14 @@ void dev_deactivate(struct net_device *dev)
685 690
686 /* Wait for outstanding qdisc_run calls. */ 691 /* Wait for outstanding qdisc_run calls. */
687 do { 692 do {
688 while (some_qdisc_is_running(dev, 0)) 693 while (some_qdisc_is_busy(dev, 0))
689 yield(); 694 yield();
690 695
691 /* 696 /*
692 * Double-check inside queue lock to ensure that all effects 697 * Double-check inside queue lock to ensure that all effects
693 * of the queue run are visible when we return. 698 * of the queue run are visible when we return.
694 */ 699 */
695 running = some_qdisc_is_running(dev, 1); 700 running = some_qdisc_is_busy(dev, 1);
696 701
697 /* 702 /*
698 * The running flag should never be set at this point because 703 * The running flag should never be set at this point because
@@ -718,7 +723,7 @@ static void dev_init_scheduler_queue(struct net_device *dev,
718void dev_init_scheduler(struct net_device *dev) 723void dev_init_scheduler(struct net_device *dev)
719{ 724{
720 netdev_for_each_tx_queue(dev, dev_init_scheduler_queue, &noop_qdisc); 725 netdev_for_each_tx_queue(dev, dev_init_scheduler_queue, &noop_qdisc);
721 dev_init_scheduler_queue(dev, &dev->rx_queue, NULL); 726 dev_init_scheduler_queue(dev, &dev->rx_queue, &noop_qdisc);
722 727
723 setup_timer(&dev->watchdog_timer, dev_watchdog, (unsigned long)dev); 728 setup_timer(&dev->watchdog_timer, dev_watchdog, (unsigned long)dev);
724} 729}
@@ -731,20 +736,20 @@ static void shutdown_scheduler_queue(struct net_device *dev,
731 struct Qdisc *qdisc_default = _qdisc_default; 736 struct Qdisc *qdisc_default = _qdisc_default;
732 737
733 if (qdisc) { 738 if (qdisc) {
734 spinlock_t *root_lock = qdisc_root_lock(qdisc); 739 spinlock_t *root_lock = qdisc_lock(qdisc);
735 740
736 dev_queue->qdisc = qdisc_default; 741 dev_queue->qdisc = qdisc_default;
737 dev_queue->qdisc_sleeping = qdisc_default; 742 dev_queue->qdisc_sleeping = qdisc_default;
738 743
739 spin_lock(root_lock); 744 spin_lock_bh(root_lock);
740 qdisc_destroy(qdisc); 745 qdisc_destroy(qdisc);
741 spin_unlock(root_lock); 746 spin_unlock_bh(root_lock);
742 } 747 }
743} 748}
744 749
745void dev_shutdown(struct net_device *dev) 750void dev_shutdown(struct net_device *dev)
746{ 751{
747 netdev_for_each_tx_queue(dev, shutdown_scheduler_queue, &noop_qdisc); 752 netdev_for_each_tx_queue(dev, shutdown_scheduler_queue, &noop_qdisc);
748 shutdown_scheduler_queue(dev, &dev->rx_queue, NULL); 753 shutdown_scheduler_queue(dev, &dev->rx_queue, &noop_qdisc);
749 BUG_TRAP(!timer_pending(&dev->watchdog_timer)); 754 WARN_ON(timer_pending(&dev->watchdog_timer));
750} 755}
diff --git a/net/sched/sch_hfsc.c b/net/sched/sch_hfsc.c
index 0ae7d19dcba8..c2b8d9cce3d2 100644
--- a/net/sched/sch_hfsc.c
+++ b/net/sched/sch_hfsc.c
@@ -1159,14 +1159,14 @@ hfsc_classify(struct sk_buff *skb, struct Qdisc *sch, int *qerr)
1159 if (cl->level == 0) 1159 if (cl->level == 0)
1160 return cl; 1160 return cl;
1161 1161
1162 *qerr = NET_XMIT_BYPASS; 1162 *qerr = NET_XMIT_SUCCESS | __NET_XMIT_BYPASS;
1163 tcf = q->root.filter_list; 1163 tcf = q->root.filter_list;
1164 while (tcf && (result = tc_classify(skb, tcf, &res)) >= 0) { 1164 while (tcf && (result = tc_classify(skb, tcf, &res)) >= 0) {
1165#ifdef CONFIG_NET_CLS_ACT 1165#ifdef CONFIG_NET_CLS_ACT
1166 switch (result) { 1166 switch (result) {
1167 case TC_ACT_QUEUED: 1167 case TC_ACT_QUEUED:
1168 case TC_ACT_STOLEN: 1168 case TC_ACT_STOLEN:
1169 *qerr = NET_XMIT_SUCCESS; 1169 *qerr = NET_XMIT_SUCCESS | __NET_XMIT_STOLEN;
1170 case TC_ACT_SHOT: 1170 case TC_ACT_SHOT:
1171 return NULL; 1171 return NULL;
1172 } 1172 }
@@ -1578,7 +1578,7 @@ hfsc_enqueue(struct sk_buff *skb, struct Qdisc *sch)
1578 1578
1579 cl = hfsc_classify(skb, sch, &err); 1579 cl = hfsc_classify(skb, sch, &err);
1580 if (cl == NULL) { 1580 if (cl == NULL) {
1581 if (err == NET_XMIT_BYPASS) 1581 if (err & __NET_XMIT_BYPASS)
1582 sch->qstats.drops++; 1582 sch->qstats.drops++;
1583 kfree_skb(skb); 1583 kfree_skb(skb);
1584 return err; 1584 return err;
@@ -1586,8 +1586,10 @@ hfsc_enqueue(struct sk_buff *skb, struct Qdisc *sch)
1586 1586
1587 err = qdisc_enqueue(skb, cl->qdisc); 1587 err = qdisc_enqueue(skb, cl->qdisc);
1588 if (unlikely(err != NET_XMIT_SUCCESS)) { 1588 if (unlikely(err != NET_XMIT_SUCCESS)) {
1589 cl->qstats.drops++; 1589 if (net_xmit_drop_count(err)) {
1590 sch->qstats.drops++; 1590 cl->qstats.drops++;
1591 sch->qstats.drops++;
1592 }
1591 return err; 1593 return err;
1592 } 1594 }
1593 1595
diff --git a/net/sched/sch_htb.c b/net/sched/sch_htb.c
index 30c999c61b01..6febd245e62b 100644
--- a/net/sched/sch_htb.c
+++ b/net/sched/sch_htb.c
@@ -214,14 +214,14 @@ static struct htb_class *htb_classify(struct sk_buff *skb, struct Qdisc *sch,
214 if ((cl = htb_find(skb->priority, sch)) != NULL && cl->level == 0) 214 if ((cl = htb_find(skb->priority, sch)) != NULL && cl->level == 0)
215 return cl; 215 return cl;
216 216
217 *qerr = NET_XMIT_BYPASS; 217 *qerr = NET_XMIT_SUCCESS | __NET_XMIT_BYPASS;
218 tcf = q->filter_list; 218 tcf = q->filter_list;
219 while (tcf && (result = tc_classify(skb, tcf, &res)) >= 0) { 219 while (tcf && (result = tc_classify(skb, tcf, &res)) >= 0) {
220#ifdef CONFIG_NET_CLS_ACT 220#ifdef CONFIG_NET_CLS_ACT
221 switch (result) { 221 switch (result) {
222 case TC_ACT_QUEUED: 222 case TC_ACT_QUEUED:
223 case TC_ACT_STOLEN: 223 case TC_ACT_STOLEN:
224 *qerr = NET_XMIT_SUCCESS; 224 *qerr = NET_XMIT_SUCCESS | __NET_XMIT_STOLEN;
225 case TC_ACT_SHOT: 225 case TC_ACT_SHOT:
226 return NULL; 226 return NULL;
227 } 227 }
@@ -524,7 +524,7 @@ htb_change_class_mode(struct htb_sched *q, struct htb_class *cl, long *diff)
524 */ 524 */
525static inline void htb_activate(struct htb_sched *q, struct htb_class *cl) 525static inline void htb_activate(struct htb_sched *q, struct htb_class *cl)
526{ 526{
527 BUG_TRAP(!cl->level && cl->un.leaf.q && cl->un.leaf.q->q.qlen); 527 WARN_ON(cl->level || !cl->un.leaf.q || !cl->un.leaf.q->q.qlen);
528 528
529 if (!cl->prio_activity) { 529 if (!cl->prio_activity) {
530 cl->prio_activity = 1 << (cl->un.leaf.aprio = cl->un.leaf.prio); 530 cl->prio_activity = 1 << (cl->un.leaf.aprio = cl->un.leaf.prio);
@@ -542,7 +542,7 @@ static inline void htb_activate(struct htb_sched *q, struct htb_class *cl)
542 */ 542 */
543static inline void htb_deactivate(struct htb_sched *q, struct htb_class *cl) 543static inline void htb_deactivate(struct htb_sched *q, struct htb_class *cl)
544{ 544{
545 BUG_TRAP(cl->prio_activity); 545 WARN_ON(!cl->prio_activity);
546 546
547 htb_deactivate_prios(q, cl); 547 htb_deactivate_prios(q, cl);
548 cl->prio_activity = 0; 548 cl->prio_activity = 0;
@@ -567,14 +567,16 @@ static int htb_enqueue(struct sk_buff *skb, struct Qdisc *sch)
567 } 567 }
568#ifdef CONFIG_NET_CLS_ACT 568#ifdef CONFIG_NET_CLS_ACT
569 } else if (!cl) { 569 } else if (!cl) {
570 if (ret == NET_XMIT_BYPASS) 570 if (ret & __NET_XMIT_BYPASS)
571 sch->qstats.drops++; 571 sch->qstats.drops++;
572 kfree_skb(skb); 572 kfree_skb(skb);
573 return ret; 573 return ret;
574#endif 574#endif
575 } else if (qdisc_enqueue(skb, cl->un.leaf.q) != NET_XMIT_SUCCESS) { 575 } else if ((ret = qdisc_enqueue(skb, cl->un.leaf.q)) != NET_XMIT_SUCCESS) {
576 sch->qstats.drops++; 576 if (net_xmit_drop_count(ret)) {
577 cl->qstats.drops++; 577 sch->qstats.drops++;
578 cl->qstats.drops++;
579 }
578 return NET_XMIT_DROP; 580 return NET_XMIT_DROP;
579 } else { 581 } else {
580 cl->bstats.packets += 582 cl->bstats.packets +=
@@ -610,15 +612,17 @@ static int htb_requeue(struct sk_buff *skb, struct Qdisc *sch)
610 } 612 }
611#ifdef CONFIG_NET_CLS_ACT 613#ifdef CONFIG_NET_CLS_ACT
612 } else if (!cl) { 614 } else if (!cl) {
613 if (ret == NET_XMIT_BYPASS) 615 if (ret & __NET_XMIT_BYPASS)
614 sch->qstats.drops++; 616 sch->qstats.drops++;
615 kfree_skb(skb); 617 kfree_skb(skb);
616 return ret; 618 return ret;
617#endif 619#endif
618 } else if (cl->un.leaf.q->ops->requeue(skb, cl->un.leaf.q) != 620 } else if ((ret = cl->un.leaf.q->ops->requeue(skb, cl->un.leaf.q)) !=
619 NET_XMIT_SUCCESS) { 621 NET_XMIT_SUCCESS) {
620 sch->qstats.drops++; 622 if (net_xmit_drop_count(ret)) {
621 cl->qstats.drops++; 623 sch->qstats.drops++;
624 cl->qstats.drops++;
625 }
622 return NET_XMIT_DROP; 626 return NET_XMIT_DROP;
623 } else 627 } else
624 htb_activate(q, cl); 628 htb_activate(q, cl);
@@ -757,7 +761,7 @@ static struct htb_class *htb_lookup_leaf(struct rb_root *tree, int prio,
757 u32 *pid; 761 u32 *pid;
758 } stk[TC_HTB_MAXDEPTH], *sp = stk; 762 } stk[TC_HTB_MAXDEPTH], *sp = stk;
759 763
760 BUG_TRAP(tree->rb_node); 764 WARN_ON(!tree->rb_node);
761 sp->root = tree->rb_node; 765 sp->root = tree->rb_node;
762 sp->pptr = pptr; 766 sp->pptr = pptr;
763 sp->pid = pid; 767 sp->pid = pid;
@@ -777,7 +781,7 @@ static struct htb_class *htb_lookup_leaf(struct rb_root *tree, int prio,
777 *sp->pptr = (*sp->pptr)->rb_left; 781 *sp->pptr = (*sp->pptr)->rb_left;
778 if (sp > stk) { 782 if (sp > stk) {
779 sp--; 783 sp--;
780 BUG_TRAP(*sp->pptr); 784 WARN_ON(!*sp->pptr);
781 if (!*sp->pptr) 785 if (!*sp->pptr)
782 return NULL; 786 return NULL;
783 htb_next_rb_node(sp->pptr); 787 htb_next_rb_node(sp->pptr);
@@ -792,7 +796,7 @@ static struct htb_class *htb_lookup_leaf(struct rb_root *tree, int prio,
792 sp->pid = cl->un.inner.last_ptr_id + prio; 796 sp->pid = cl->un.inner.last_ptr_id + prio;
793 } 797 }
794 } 798 }
795 BUG_TRAP(0); 799 WARN_ON(1);
796 return NULL; 800 return NULL;
797} 801}
798 802
@@ -810,7 +814,7 @@ static struct sk_buff *htb_dequeue_tree(struct htb_sched *q, int prio,
810 814
811 do { 815 do {
812next: 816next:
813 BUG_TRAP(cl); 817 WARN_ON(!cl);
814 if (!cl) 818 if (!cl)
815 return NULL; 819 return NULL;
816 820
@@ -1185,7 +1189,7 @@ static void htb_parent_to_leaf(struct htb_sched *q, struct htb_class *cl,
1185{ 1189{
1186 struct htb_class *parent = cl->parent; 1190 struct htb_class *parent = cl->parent;
1187 1191
1188 BUG_TRAP(!cl->level && cl->un.leaf.q && !cl->prio_activity); 1192 WARN_ON(cl->level || !cl->un.leaf.q || cl->prio_activity);
1189 1193
1190 if (parent->cmode != HTB_CAN_SEND) 1194 if (parent->cmode != HTB_CAN_SEND)
1191 htb_safe_rb_erase(&parent->pq_node, q->wait_pq + parent->level); 1195 htb_safe_rb_erase(&parent->pq_node, q->wait_pq + parent->level);
@@ -1205,7 +1209,7 @@ static void htb_parent_to_leaf(struct htb_sched *q, struct htb_class *cl,
1205static void htb_destroy_class(struct Qdisc *sch, struct htb_class *cl) 1209static void htb_destroy_class(struct Qdisc *sch, struct htb_class *cl)
1206{ 1210{
1207 if (!cl->level) { 1211 if (!cl->level) {
1208 BUG_TRAP(cl->un.leaf.q); 1212 WARN_ON(!cl->un.leaf.q);
1209 qdisc_destroy(cl->un.leaf.q); 1213 qdisc_destroy(cl->un.leaf.q);
1210 } 1214 }
1211 gen_kill_estimator(&cl->bstats, &cl->rate_est); 1215 gen_kill_estimator(&cl->bstats, &cl->rate_est);
@@ -1275,7 +1279,8 @@ static int htb_delete(struct Qdisc *sch, unsigned long arg)
1275 1279
1276 /* delete from hash and active; remainder in destroy_class */ 1280 /* delete from hash and active; remainder in destroy_class */
1277 qdisc_class_hash_remove(&q->clhash, &cl->common); 1281 qdisc_class_hash_remove(&q->clhash, &cl->common);
1278 cl->parent->children--; 1282 if (cl->parent)
1283 cl->parent->children--;
1279 1284
1280 if (cl->prio_activity) 1285 if (cl->prio_activity)
1281 htb_deactivate(q, cl); 1286 htb_deactivate(q, cl);
diff --git a/net/sched/sch_netem.c b/net/sched/sch_netem.c
index a59085700678..fb0294d0b55e 100644
--- a/net/sched/sch_netem.c
+++ b/net/sched/sch_netem.c
@@ -176,7 +176,7 @@ static int netem_enqueue(struct sk_buff *skb, struct Qdisc *sch)
176 if (count == 0) { 176 if (count == 0) {
177 sch->qstats.drops++; 177 sch->qstats.drops++;
178 kfree_skb(skb); 178 kfree_skb(skb);
179 return NET_XMIT_BYPASS; 179 return NET_XMIT_SUCCESS | __NET_XMIT_BYPASS;
180 } 180 }
181 181
182 skb_orphan(skb); 182 skb_orphan(skb);
@@ -240,8 +240,9 @@ static int netem_enqueue(struct sk_buff *skb, struct Qdisc *sch)
240 sch->q.qlen++; 240 sch->q.qlen++;
241 sch->bstats.bytes += qdisc_pkt_len(skb); 241 sch->bstats.bytes += qdisc_pkt_len(skb);
242 sch->bstats.packets++; 242 sch->bstats.packets++;
243 } else 243 } else if (net_xmit_drop_count(ret)) {
244 sch->qstats.drops++; 244 sch->qstats.drops++;
245 }
245 246
246 pr_debug("netem: enqueue ret %d\n", ret); 247 pr_debug("netem: enqueue ret %d\n", ret);
247 return ret; 248 return ret;
diff --git a/net/sched/sch_prio.c b/net/sched/sch_prio.c
index f849243eb095..eac197610edf 100644
--- a/net/sched/sch_prio.c
+++ b/net/sched/sch_prio.c
@@ -38,14 +38,14 @@ prio_classify(struct sk_buff *skb, struct Qdisc *sch, int *qerr)
38 struct tcf_result res; 38 struct tcf_result res;
39 int err; 39 int err;
40 40
41 *qerr = NET_XMIT_BYPASS; 41 *qerr = NET_XMIT_SUCCESS | __NET_XMIT_BYPASS;
42 if (TC_H_MAJ(skb->priority) != sch->handle) { 42 if (TC_H_MAJ(skb->priority) != sch->handle) {
43 err = tc_classify(skb, q->filter_list, &res); 43 err = tc_classify(skb, q->filter_list, &res);
44#ifdef CONFIG_NET_CLS_ACT 44#ifdef CONFIG_NET_CLS_ACT
45 switch (err) { 45 switch (err) {
46 case TC_ACT_STOLEN: 46 case TC_ACT_STOLEN:
47 case TC_ACT_QUEUED: 47 case TC_ACT_QUEUED:
48 *qerr = NET_XMIT_SUCCESS; 48 *qerr = NET_XMIT_SUCCESS | __NET_XMIT_STOLEN;
49 case TC_ACT_SHOT: 49 case TC_ACT_SHOT:
50 return NULL; 50 return NULL;
51 } 51 }
@@ -74,7 +74,7 @@ prio_enqueue(struct sk_buff *skb, struct Qdisc *sch)
74#ifdef CONFIG_NET_CLS_ACT 74#ifdef CONFIG_NET_CLS_ACT
75 if (qdisc == NULL) { 75 if (qdisc == NULL) {
76 76
77 if (ret == NET_XMIT_BYPASS) 77 if (ret & __NET_XMIT_BYPASS)
78 sch->qstats.drops++; 78 sch->qstats.drops++;
79 kfree_skb(skb); 79 kfree_skb(skb);
80 return ret; 80 return ret;
@@ -88,7 +88,8 @@ prio_enqueue(struct sk_buff *skb, struct Qdisc *sch)
88 sch->q.qlen++; 88 sch->q.qlen++;
89 return NET_XMIT_SUCCESS; 89 return NET_XMIT_SUCCESS;
90 } 90 }
91 sch->qstats.drops++; 91 if (net_xmit_drop_count(ret))
92 sch->qstats.drops++;
92 return ret; 93 return ret;
93} 94}
94 95
@@ -102,7 +103,7 @@ prio_requeue(struct sk_buff *skb, struct Qdisc* sch)
102 qdisc = prio_classify(skb, sch, &ret); 103 qdisc = prio_classify(skb, sch, &ret);
103#ifdef CONFIG_NET_CLS_ACT 104#ifdef CONFIG_NET_CLS_ACT
104 if (qdisc == NULL) { 105 if (qdisc == NULL) {
105 if (ret == NET_XMIT_BYPASS) 106 if (ret & __NET_XMIT_BYPASS)
106 sch->qstats.drops++; 107 sch->qstats.drops++;
107 kfree_skb(skb); 108 kfree_skb(skb);
108 return ret; 109 return ret;
@@ -114,7 +115,8 @@ prio_requeue(struct sk_buff *skb, struct Qdisc* sch)
114 sch->qstats.requeues++; 115 sch->qstats.requeues++;
115 return 0; 116 return 0;
116 } 117 }
117 sch->qstats.drops++; 118 if (net_xmit_drop_count(ret))
119 sch->qstats.drops++;
118 return NET_XMIT_DROP; 120 return NET_XMIT_DROP;
119} 121}
120 122
diff --git a/net/sched/sch_red.c b/net/sched/sch_red.c
index 3f2d1d7f3bbd..5da05839e225 100644
--- a/net/sched/sch_red.c
+++ b/net/sched/sch_red.c
@@ -97,7 +97,7 @@ static int red_enqueue(struct sk_buff *skb, struct Qdisc* sch)
97 sch->bstats.bytes += qdisc_pkt_len(skb); 97 sch->bstats.bytes += qdisc_pkt_len(skb);
98 sch->bstats.packets++; 98 sch->bstats.packets++;
99 sch->q.qlen++; 99 sch->q.qlen++;
100 } else { 100 } else if (net_xmit_drop_count(ret)) {
101 q->stats.pdrop++; 101 q->stats.pdrop++;
102 sch->qstats.drops++; 102 sch->qstats.drops++;
103 } 103 }
diff --git a/net/sched/sch_sfq.c b/net/sched/sch_sfq.c
index 8589da666568..6e041d10dbdb 100644
--- a/net/sched/sch_sfq.c
+++ b/net/sched/sch_sfq.c
@@ -171,14 +171,14 @@ static unsigned int sfq_classify(struct sk_buff *skb, struct Qdisc *sch,
171 if (!q->filter_list) 171 if (!q->filter_list)
172 return sfq_hash(q, skb) + 1; 172 return sfq_hash(q, skb) + 1;
173 173
174 *qerr = NET_XMIT_BYPASS; 174 *qerr = NET_XMIT_SUCCESS | __NET_XMIT_BYPASS;
175 result = tc_classify(skb, q->filter_list, &res); 175 result = tc_classify(skb, q->filter_list, &res);
176 if (result >= 0) { 176 if (result >= 0) {
177#ifdef CONFIG_NET_CLS_ACT 177#ifdef CONFIG_NET_CLS_ACT
178 switch (result) { 178 switch (result) {
179 case TC_ACT_STOLEN: 179 case TC_ACT_STOLEN:
180 case TC_ACT_QUEUED: 180 case TC_ACT_QUEUED:
181 *qerr = NET_XMIT_SUCCESS; 181 *qerr = NET_XMIT_SUCCESS | __NET_XMIT_STOLEN;
182 case TC_ACT_SHOT: 182 case TC_ACT_SHOT:
183 return 0; 183 return 0;
184 } 184 }
@@ -285,7 +285,7 @@ sfq_enqueue(struct sk_buff *skb, struct Qdisc *sch)
285 285
286 hash = sfq_classify(skb, sch, &ret); 286 hash = sfq_classify(skb, sch, &ret);
287 if (hash == 0) { 287 if (hash == 0) {
288 if (ret == NET_XMIT_BYPASS) 288 if (ret & __NET_XMIT_BYPASS)
289 sch->qstats.drops++; 289 sch->qstats.drops++;
290 kfree_skb(skb); 290 kfree_skb(skb);
291 return ret; 291 return ret;
@@ -339,7 +339,7 @@ sfq_requeue(struct sk_buff *skb, struct Qdisc *sch)
339 339
340 hash = sfq_classify(skb, sch, &ret); 340 hash = sfq_classify(skb, sch, &ret);
341 if (hash == 0) { 341 if (hash == 0) {
342 if (ret == NET_XMIT_BYPASS) 342 if (ret & __NET_XMIT_BYPASS)
343 sch->qstats.drops++; 343 sch->qstats.drops++;
344 kfree_skb(skb); 344 kfree_skb(skb);
345 return ret; 345 return ret;
diff --git a/net/sched/sch_tbf.c b/net/sched/sch_tbf.c
index b296672f7632..7d3b7ff3bf07 100644
--- a/net/sched/sch_tbf.c
+++ b/net/sched/sch_tbf.c
@@ -135,7 +135,8 @@ static int tbf_enqueue(struct sk_buff *skb, struct Qdisc* sch)
135 135
136 ret = qdisc_enqueue(skb, q->qdisc); 136 ret = qdisc_enqueue(skb, q->qdisc);
137 if (ret != 0) { 137 if (ret != 0) {
138 sch->qstats.drops++; 138 if (net_xmit_drop_count(ret))
139 sch->qstats.drops++;
139 return ret; 140 return ret;
140 } 141 }
141 142
diff --git a/net/sched/sch_teql.c b/net/sched/sch_teql.c
index 537223642b6e..2c35c678563b 100644
--- a/net/sched/sch_teql.c
+++ b/net/sched/sch_teql.c
@@ -305,10 +305,11 @@ restart:
305 305
306 switch (teql_resolve(skb, skb_res, slave)) { 306 switch (teql_resolve(skb, skb_res, slave)) {
307 case 0: 307 case 0:
308 if (netif_tx_trylock(slave)) { 308 if (__netif_tx_trylock(slave_txq)) {
309 if (!__netif_subqueue_stopped(slave, subq) && 309 if (!netif_tx_queue_stopped(slave_txq) &&
310 !netif_tx_queue_frozen(slave_txq) &&
310 slave->hard_start_xmit(skb, slave) == 0) { 311 slave->hard_start_xmit(skb, slave) == 0) {
311 netif_tx_unlock(slave); 312 __netif_tx_unlock(slave_txq);
312 master->slaves = NEXT_SLAVE(q); 313 master->slaves = NEXT_SLAVE(q);
313 netif_wake_queue(dev); 314 netif_wake_queue(dev);
314 master->stats.tx_packets++; 315 master->stats.tx_packets++;
@@ -316,7 +317,7 @@ restart:
316 qdisc_pkt_len(skb); 317 qdisc_pkt_len(skb);
317 return 0; 318 return 0;
318 } 319 }
319 netif_tx_unlock(slave); 320 __netif_tx_unlock(slave_txq);
320 } 321 }
321 if (netif_queue_stopped(dev)) 322 if (netif_queue_stopped(dev))
322 busy = 1; 323 busy = 1;
diff --git a/net/sctp/associola.c b/net/sctp/associola.c
index ec2a0a33fd78..8472b8b349c4 100644
--- a/net/sctp/associola.c
+++ b/net/sctp/associola.c
@@ -464,7 +464,7 @@ static void sctp_association_destroy(struct sctp_association *asoc)
464 spin_unlock_bh(&sctp_assocs_id_lock); 464 spin_unlock_bh(&sctp_assocs_id_lock);
465 } 465 }
466 466
467 BUG_TRAP(!atomic_read(&asoc->rmem_alloc)); 467 WARN_ON(atomic_read(&asoc->rmem_alloc));
468 468
469 if (asoc->base.malloced) { 469 if (asoc->base.malloced) {
470 kfree(asoc); 470 kfree(asoc);
diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c
index a238d6834b33..483a01d0740a 100644
--- a/net/sctp/ipv6.c
+++ b/net/sctp/ipv6.c
@@ -195,8 +195,7 @@ out:
195} 195}
196 196
197/* Based on tcp_v6_xmit() in tcp_ipv6.c. */ 197/* Based on tcp_v6_xmit() in tcp_ipv6.c. */
198static int sctp_v6_xmit(struct sk_buff *skb, struct sctp_transport *transport, 198static int sctp_v6_xmit(struct sk_buff *skb, struct sctp_transport *transport)
199 int ipfragok)
200{ 199{
201 struct sock *sk = skb->sk; 200 struct sock *sk = skb->sk;
202 struct ipv6_pinfo *np = inet6_sk(sk); 201 struct ipv6_pinfo *np = inet6_sk(sk);
@@ -231,7 +230,10 @@ static int sctp_v6_xmit(struct sk_buff *skb, struct sctp_transport *transport,
231 230
232 SCTP_INC_STATS(SCTP_MIB_OUTSCTPPACKS); 231 SCTP_INC_STATS(SCTP_MIB_OUTSCTPPACKS);
233 232
234 return ip6_xmit(sk, skb, &fl, np->opt, ipfragok); 233 if (!(transport->param_flags & SPP_PMTUD_ENABLE))
234 skb->local_df = 1;
235
236 return ip6_xmit(sk, skb, &fl, np->opt, 0);
235} 237}
236 238
237/* Returns the dst cache entry for the given source and destination ip 239/* Returns the dst cache entry for the given source and destination ip
diff --git a/net/sctp/output.c b/net/sctp/output.c
index 45684646b1db..0dc4a7dfb234 100644
--- a/net/sctp/output.c
+++ b/net/sctp/output.c
@@ -586,10 +586,8 @@ int sctp_packet_transmit(struct sctp_packet *packet)
586 SCTP_DEBUG_PRINTK("***sctp_transmit_packet*** skb len %d\n", 586 SCTP_DEBUG_PRINTK("***sctp_transmit_packet*** skb len %d\n",
587 nskb->len); 587 nskb->len);
588 588
589 if (tp->param_flags & SPP_PMTUD_ENABLE) 589 nskb->local_df = packet->ipfragok;
590 (*tp->af_specific->sctp_xmit)(nskb, tp, packet->ipfragok); 590 (*tp->af_specific->sctp_xmit)(nskb, tp);
591 else
592 (*tp->af_specific->sctp_xmit)(nskb, tp, 1);
593 591
594out: 592out:
595 packet->size = packet->overhead; 593 packet->size = packet->overhead;
diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c
index a6e0818bcff5..0b65354aaf64 100644
--- a/net/sctp/protocol.c
+++ b/net/sctp/protocol.c
@@ -862,16 +862,21 @@ static int sctp_inet_supported_addrs(const struct sctp_sock *opt,
862 862
863/* Wrapper routine that calls the ip transmit routine. */ 863/* Wrapper routine that calls the ip transmit routine. */
864static inline int sctp_v4_xmit(struct sk_buff *skb, 864static inline int sctp_v4_xmit(struct sk_buff *skb,
865 struct sctp_transport *transport, int ipfragok) 865 struct sctp_transport *transport)
866{ 866{
867 struct inet_sock *inet = inet_sk(skb->sk);
868
867 SCTP_DEBUG_PRINTK("%s: skb:%p, len:%d, " 869 SCTP_DEBUG_PRINTK("%s: skb:%p, len:%d, "
868 "src:%u.%u.%u.%u, dst:%u.%u.%u.%u\n", 870 "src:%u.%u.%u.%u, dst:%u.%u.%u.%u\n",
869 __func__, skb, skb->len, 871 __func__, skb, skb->len,
870 NIPQUAD(skb->rtable->rt_src), 872 NIPQUAD(skb->rtable->rt_src),
871 NIPQUAD(skb->rtable->rt_dst)); 873 NIPQUAD(skb->rtable->rt_dst));
872 874
875 inet->pmtudisc = transport->param_flags & SPP_PMTUD_ENABLE ?
876 IP_PMTUDISC_DO : IP_PMTUDISC_DONT;
877
873 SCTP_INC_STATS(SCTP_MIB_OUTSCTPPACKS); 878 SCTP_INC_STATS(SCTP_MIB_OUTSCTPPACKS);
874 return ip_queue_xmit(skb, ipfragok); 879 return ip_queue_xmit(skb, 0);
875} 880}
876 881
877static struct sctp_af sctp_af_inet; 882static struct sctp_af sctp_af_inet;
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index 79bece16aede..dbb79adf8f3c 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -3910,7 +3910,7 @@ static int sctp_getsockopt_peeloff(struct sock *sk, int len, char __user *optval
3910 goto out; 3910 goto out;
3911 3911
3912 /* Map the socket to an unused fd that can be returned to the user. */ 3912 /* Map the socket to an unused fd that can be returned to the user. */
3913 retval = sock_map_fd(newsock); 3913 retval = sock_map_fd(newsock, 0);
3914 if (retval < 0) { 3914 if (retval < 0) {
3915 sock_release(newsock); 3915 sock_release(newsock);
3916 goto out; 3916 goto out;
diff --git a/net/socket.c b/net/socket.c
index 1ba57d888981..8ef8ba81b9e2 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -63,11 +63,13 @@
63#include <linux/file.h> 63#include <linux/file.h>
64#include <linux/net.h> 64#include <linux/net.h>
65#include <linux/interrupt.h> 65#include <linux/interrupt.h>
66#include <linux/thread_info.h>
66#include <linux/rcupdate.h> 67#include <linux/rcupdate.h>
67#include <linux/netdevice.h> 68#include <linux/netdevice.h>
68#include <linux/proc_fs.h> 69#include <linux/proc_fs.h>
69#include <linux/seq_file.h> 70#include <linux/seq_file.h>
70#include <linux/mutex.h> 71#include <linux/mutex.h>
72#include <linux/thread_info.h>
71#include <linux/wanrouter.h> 73#include <linux/wanrouter.h>
72#include <linux/if_bridge.h> 74#include <linux/if_bridge.h>
73#include <linux/if_frad.h> 75#include <linux/if_frad.h>
@@ -263,7 +265,7 @@ static void sock_destroy_inode(struct inode *inode)
263 container_of(inode, struct socket_alloc, vfs_inode)); 265 container_of(inode, struct socket_alloc, vfs_inode));
264} 266}
265 267
266static void init_once(struct kmem_cache *cachep, void *foo) 268static void init_once(void *foo)
267{ 269{
268 struct socket_alloc *ei = (struct socket_alloc *)foo; 270 struct socket_alloc *ei = (struct socket_alloc *)foo;
269 271
@@ -349,11 +351,11 @@ static struct dentry_operations sockfs_dentry_operations = {
349 * but we take care of internal coherence yet. 351 * but we take care of internal coherence yet.
350 */ 352 */
351 353
352static int sock_alloc_fd(struct file **filep) 354static int sock_alloc_fd(struct file **filep, int flags)
353{ 355{
354 int fd; 356 int fd;
355 357
356 fd = get_unused_fd(); 358 fd = get_unused_fd_flags(flags);
357 if (likely(fd >= 0)) { 359 if (likely(fd >= 0)) {
358 struct file *file = get_empty_filp(); 360 struct file *file = get_empty_filp();
359 361
@@ -367,7 +369,7 @@ static int sock_alloc_fd(struct file **filep)
367 return fd; 369 return fd;
368} 370}
369 371
370static int sock_attach_fd(struct socket *sock, struct file *file) 372static int sock_attach_fd(struct socket *sock, struct file *file, int flags)
371{ 373{
372 struct dentry *dentry; 374 struct dentry *dentry;
373 struct qstr name = { .name = "" }; 375 struct qstr name = { .name = "" };
@@ -389,20 +391,20 @@ static int sock_attach_fd(struct socket *sock, struct file *file)
389 init_file(file, sock_mnt, dentry, FMODE_READ | FMODE_WRITE, 391 init_file(file, sock_mnt, dentry, FMODE_READ | FMODE_WRITE,
390 &socket_file_ops); 392 &socket_file_ops);
391 SOCK_INODE(sock)->i_fop = &socket_file_ops; 393 SOCK_INODE(sock)->i_fop = &socket_file_ops;
392 file->f_flags = O_RDWR; 394 file->f_flags = O_RDWR | (flags & O_NONBLOCK);
393 file->f_pos = 0; 395 file->f_pos = 0;
394 file->private_data = sock; 396 file->private_data = sock;
395 397
396 return 0; 398 return 0;
397} 399}
398 400
399int sock_map_fd(struct socket *sock) 401int sock_map_fd(struct socket *sock, int flags)
400{ 402{
401 struct file *newfile; 403 struct file *newfile;
402 int fd = sock_alloc_fd(&newfile); 404 int fd = sock_alloc_fd(&newfile, flags);
403 405
404 if (likely(fd >= 0)) { 406 if (likely(fd >= 0)) {
405 int err = sock_attach_fd(sock, newfile); 407 int err = sock_attach_fd(sock, newfile, flags);
406 408
407 if (unlikely(err < 0)) { 409 if (unlikely(err < 0)) {
408 put_filp(newfile); 410 put_filp(newfile);
@@ -1218,12 +1220,27 @@ asmlinkage long sys_socket(int family, int type, int protocol)
1218{ 1220{
1219 int retval; 1221 int retval;
1220 struct socket *sock; 1222 struct socket *sock;
1223 int flags;
1224
1225 /* Check the SOCK_* constants for consistency. */
1226 BUILD_BUG_ON(SOCK_CLOEXEC != O_CLOEXEC);
1227 BUILD_BUG_ON((SOCK_MAX | SOCK_TYPE_MASK) != SOCK_TYPE_MASK);
1228 BUILD_BUG_ON(SOCK_CLOEXEC & SOCK_TYPE_MASK);
1229 BUILD_BUG_ON(SOCK_NONBLOCK & SOCK_TYPE_MASK);
1230
1231 flags = type & ~SOCK_TYPE_MASK;
1232 if (flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK))
1233 return -EINVAL;
1234 type &= SOCK_TYPE_MASK;
1235
1236 if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
1237 flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
1221 1238
1222 retval = sock_create(family, type, protocol, &sock); 1239 retval = sock_create(family, type, protocol, &sock);
1223 if (retval < 0) 1240 if (retval < 0)
1224 goto out; 1241 goto out;
1225 1242
1226 retval = sock_map_fd(sock); 1243 retval = sock_map_fd(sock, flags & (O_CLOEXEC | O_NONBLOCK));
1227 if (retval < 0) 1244 if (retval < 0)
1228 goto out_release; 1245 goto out_release;
1229 1246
@@ -1246,6 +1263,15 @@ asmlinkage long sys_socketpair(int family, int type, int protocol,
1246 struct socket *sock1, *sock2; 1263 struct socket *sock1, *sock2;
1247 int fd1, fd2, err; 1264 int fd1, fd2, err;
1248 struct file *newfile1, *newfile2; 1265 struct file *newfile1, *newfile2;
1266 int flags;
1267
1268 flags = type & ~SOCK_TYPE_MASK;
1269 if (flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK))
1270 return -EINVAL;
1271 type &= SOCK_TYPE_MASK;
1272
1273 if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
1274 flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
1249 1275
1250 /* 1276 /*
1251 * Obtain the first socket and check if the underlying protocol 1277 * Obtain the first socket and check if the underlying protocol
@@ -1264,13 +1290,13 @@ asmlinkage long sys_socketpair(int family, int type, int protocol,
1264 if (err < 0) 1290 if (err < 0)
1265 goto out_release_both; 1291 goto out_release_both;
1266 1292
1267 fd1 = sock_alloc_fd(&newfile1); 1293 fd1 = sock_alloc_fd(&newfile1, flags & O_CLOEXEC);
1268 if (unlikely(fd1 < 0)) { 1294 if (unlikely(fd1 < 0)) {
1269 err = fd1; 1295 err = fd1;
1270 goto out_release_both; 1296 goto out_release_both;
1271 } 1297 }
1272 1298
1273 fd2 = sock_alloc_fd(&newfile2); 1299 fd2 = sock_alloc_fd(&newfile2, flags & O_CLOEXEC);
1274 if (unlikely(fd2 < 0)) { 1300 if (unlikely(fd2 < 0)) {
1275 err = fd2; 1301 err = fd2;
1276 put_filp(newfile1); 1302 put_filp(newfile1);
@@ -1278,12 +1304,12 @@ asmlinkage long sys_socketpair(int family, int type, int protocol,
1278 goto out_release_both; 1304 goto out_release_both;
1279 } 1305 }
1280 1306
1281 err = sock_attach_fd(sock1, newfile1); 1307 err = sock_attach_fd(sock1, newfile1, flags & O_NONBLOCK);
1282 if (unlikely(err < 0)) { 1308 if (unlikely(err < 0)) {
1283 goto out_fd2; 1309 goto out_fd2;
1284 } 1310 }
1285 1311
1286 err = sock_attach_fd(sock2, newfile2); 1312 err = sock_attach_fd(sock2, newfile2, flags & O_NONBLOCK);
1287 if (unlikely(err < 0)) { 1313 if (unlikely(err < 0)) {
1288 fput(newfile1); 1314 fput(newfile1);
1289 goto out_fd1; 1315 goto out_fd1;
@@ -1401,14 +1427,20 @@ asmlinkage long sys_listen(int fd, int backlog)
1401 * clean when we restucture accept also. 1427 * clean when we restucture accept also.
1402 */ 1428 */
1403 1429
1404asmlinkage long sys_accept(int fd, struct sockaddr __user *upeer_sockaddr, 1430long do_accept(int fd, struct sockaddr __user *upeer_sockaddr,
1405 int __user *upeer_addrlen) 1431 int __user *upeer_addrlen, int flags)
1406{ 1432{
1407 struct socket *sock, *newsock; 1433 struct socket *sock, *newsock;
1408 struct file *newfile; 1434 struct file *newfile;
1409 int err, len, newfd, fput_needed; 1435 int err, len, newfd, fput_needed;
1410 struct sockaddr_storage address; 1436 struct sockaddr_storage address;
1411 1437
1438 if (flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK))
1439 return -EINVAL;
1440
1441 if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
1442 flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
1443
1412 sock = sockfd_lookup_light(fd, &err, &fput_needed); 1444 sock = sockfd_lookup_light(fd, &err, &fput_needed);
1413 if (!sock) 1445 if (!sock)
1414 goto out; 1446 goto out;
@@ -1426,14 +1458,14 @@ asmlinkage long sys_accept(int fd, struct sockaddr __user *upeer_sockaddr,
1426 */ 1458 */
1427 __module_get(newsock->ops->owner); 1459 __module_get(newsock->ops->owner);
1428 1460
1429 newfd = sock_alloc_fd(&newfile); 1461 newfd = sock_alloc_fd(&newfile, flags & O_CLOEXEC);
1430 if (unlikely(newfd < 0)) { 1462 if (unlikely(newfd < 0)) {
1431 err = newfd; 1463 err = newfd;
1432 sock_release(newsock); 1464 sock_release(newsock);
1433 goto out_put; 1465 goto out_put;
1434 } 1466 }
1435 1467
1436 err = sock_attach_fd(newsock, newfile); 1468 err = sock_attach_fd(newsock, newfile, flags & O_NONBLOCK);
1437 if (err < 0) 1469 if (err < 0)
1438 goto out_fd_simple; 1470 goto out_fd_simple;
1439 1471
@@ -1479,6 +1511,66 @@ out_fd:
1479 goto out_put; 1511 goto out_put;
1480} 1512}
1481 1513
1514#ifdef HAVE_SET_RESTORE_SIGMASK
1515asmlinkage long sys_paccept(int fd, struct sockaddr __user *upeer_sockaddr,
1516 int __user *upeer_addrlen,
1517 const sigset_t __user *sigmask,
1518 size_t sigsetsize, int flags)
1519{
1520 sigset_t ksigmask, sigsaved;
1521 int ret;
1522
1523 if (sigmask) {
1524 /* XXX: Don't preclude handling different sized sigset_t's. */
1525 if (sigsetsize != sizeof(sigset_t))
1526 return -EINVAL;
1527 if (copy_from_user(&ksigmask, sigmask, sizeof(ksigmask)))
1528 return -EFAULT;
1529
1530 sigdelsetmask(&ksigmask, sigmask(SIGKILL)|sigmask(SIGSTOP));
1531 sigprocmask(SIG_SETMASK, &ksigmask, &sigsaved);
1532 }
1533
1534 ret = do_accept(fd, upeer_sockaddr, upeer_addrlen, flags);
1535
1536 if (ret < 0 && signal_pending(current)) {
1537 /*
1538 * Don't restore the signal mask yet. Let do_signal() deliver
1539 * the signal on the way back to userspace, before the signal
1540 * mask is restored.
1541 */
1542 if (sigmask) {
1543 memcpy(&current->saved_sigmask, &sigsaved,
1544 sizeof(sigsaved));
1545 set_restore_sigmask();
1546 }
1547 } else if (sigmask)
1548 sigprocmask(SIG_SETMASK, &sigsaved, NULL);
1549
1550 return ret;
1551}
1552#else
1553asmlinkage long sys_paccept(int fd, struct sockaddr __user *upeer_sockaddr,
1554 int __user *upeer_addrlen,
1555 const sigset_t __user *sigmask,
1556 size_t sigsetsize, int flags)
1557{
1558 /* The platform does not support restoring the signal mask in the
1559 * return path. So we do not allow using paccept() with a signal
1560 * mask. */
1561 if (sigmask)
1562 return -EINVAL;
1563
1564 return do_accept(fd, upeer_sockaddr, upeer_addrlen, flags);
1565}
1566#endif
1567
1568asmlinkage long sys_accept(int fd, struct sockaddr __user *upeer_sockaddr,
1569 int __user *upeer_addrlen)
1570{
1571 return do_accept(fd, upeer_sockaddr, upeer_addrlen, 0);
1572}
1573
1482/* 1574/*
1483 * Attempt to connect to a socket with the server address. The address 1575 * Attempt to connect to a socket with the server address. The address
1484 * is in user space so we verify it is OK and move it to kernel space. 1576 * is in user space so we verify it is OK and move it to kernel space.
@@ -1999,10 +2091,11 @@ out:
1999 2091
2000/* Argument list sizes for sys_socketcall */ 2092/* Argument list sizes for sys_socketcall */
2001#define AL(x) ((x) * sizeof(unsigned long)) 2093#define AL(x) ((x) * sizeof(unsigned long))
2002static const unsigned char nargs[18]={ 2094static const unsigned char nargs[19]={
2003 AL(0),AL(3),AL(3),AL(3),AL(2),AL(3), 2095 AL(0),AL(3),AL(3),AL(3),AL(2),AL(3),
2004 AL(3),AL(3),AL(4),AL(4),AL(4),AL(6), 2096 AL(3),AL(3),AL(4),AL(4),AL(4),AL(6),
2005 AL(6),AL(2),AL(5),AL(5),AL(3),AL(3) 2097 AL(6),AL(2),AL(5),AL(5),AL(3),AL(3),
2098 AL(6)
2006}; 2099};
2007 2100
2008#undef AL 2101#undef AL
@@ -2021,7 +2114,7 @@ asmlinkage long sys_socketcall(int call, unsigned long __user *args)
2021 unsigned long a0, a1; 2114 unsigned long a0, a1;
2022 int err; 2115 int err;
2023 2116
2024 if (call < 1 || call > SYS_RECVMSG) 2117 if (call < 1 || call > SYS_PACCEPT)
2025 return -EINVAL; 2118 return -EINVAL;
2026 2119
2027 /* copy_from_user should be SMP safe. */ 2120 /* copy_from_user should be SMP safe. */
@@ -2050,8 +2143,8 @@ asmlinkage long sys_socketcall(int call, unsigned long __user *args)
2050 break; 2143 break;
2051 case SYS_ACCEPT: 2144 case SYS_ACCEPT:
2052 err = 2145 err =
2053 sys_accept(a0, (struct sockaddr __user *)a1, 2146 do_accept(a0, (struct sockaddr __user *)a1,
2054 (int __user *)a[2]); 2147 (int __user *)a[2], 0);
2055 break; 2148 break;
2056 case SYS_GETSOCKNAME: 2149 case SYS_GETSOCKNAME:
2057 err = 2150 err =
@@ -2098,6 +2191,13 @@ asmlinkage long sys_socketcall(int call, unsigned long __user *args)
2098 case SYS_RECVMSG: 2191 case SYS_RECVMSG:
2099 err = sys_recvmsg(a0, (struct msghdr __user *)a1, a[2]); 2192 err = sys_recvmsg(a0, (struct msghdr __user *)a1, a[2]);
2100 break; 2193 break;
2194 case SYS_PACCEPT:
2195 err =
2196 sys_paccept(a0, (struct sockaddr __user *)a1,
2197 (int __user *)a[2],
2198 (const sigset_t __user *) a[3],
2199 a[4], a[5]);
2200 break;
2101 default: 2201 default:
2102 err = -EINVAL; 2202 err = -EINVAL;
2103 break; 2203 break;
diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c
index 5a9b0e7828cd..23a2b8f6dc49 100644
--- a/net/sunrpc/rpc_pipe.c
+++ b/net/sunrpc/rpc_pipe.c
@@ -897,7 +897,7 @@ static struct file_system_type rpc_pipe_fs_type = {
897}; 897};
898 898
899static void 899static void
900init_once(struct kmem_cache * cachep, void *foo) 900init_once(void *foo)
901{ 901{
902 struct rpc_inode *rpci = (struct rpc_inode *) foo; 902 struct rpc_inode *rpci = (struct rpc_inode *) foo;
903 903
diff --git a/net/sunrpc/xprtrdma/svc_rdma_sendto.c b/net/sunrpc/xprtrdma/svc_rdma_sendto.c
index a19b22b452a3..84d328329d98 100644
--- a/net/sunrpc/xprtrdma/svc_rdma_sendto.c
+++ b/net/sunrpc/xprtrdma/svc_rdma_sendto.c
@@ -169,7 +169,8 @@ static int send_write(struct svcxprt_rdma *xprt, struct svc_rqst *rqstp,
169 (void *) 169 (void *)
170 vec->sge[xdr_sge_no].iov_base + sge_off, 170 vec->sge[xdr_sge_no].iov_base + sge_off,
171 sge_bytes, DMA_TO_DEVICE); 171 sge_bytes, DMA_TO_DEVICE);
172 if (dma_mapping_error(sge[sge_no].addr)) 172 if (dma_mapping_error(xprt->sc_cm_id->device->dma_device,
173 sge[sge_no].addr))
173 goto err; 174 goto err;
174 sge_off = 0; 175 sge_off = 0;
175 sge_no++; 176 sge_no++;
diff --git a/net/sysctl_net.c b/net/sysctl_net.c
index 007c1a6708ee..972201cd5fa7 100644
--- a/net/sysctl_net.c
+++ b/net/sysctl_net.c
@@ -29,23 +29,35 @@
29#include <linux/if_tr.h> 29#include <linux/if_tr.h>
30#endif 30#endif
31 31
32static struct list_head * 32static struct ctl_table_set *
33net_ctl_header_lookup(struct ctl_table_root *root, struct nsproxy *namespaces) 33net_ctl_header_lookup(struct ctl_table_root *root, struct nsproxy *namespaces)
34{ 34{
35 return &namespaces->net_ns->sysctl_table_headers; 35 return &namespaces->net_ns->sysctls;
36} 36}
37 37
38static struct ctl_table_root net_sysctl_root = { 38static int is_seen(struct ctl_table_set *set)
39 .lookup = net_ctl_header_lookup, 39{
40}; 40 return &current->nsproxy->net_ns->sysctls == set;
41}
41 42
42static LIST_HEAD(net_sysctl_ro_tables); 43/* Return standard mode bits for table entry. */
43static struct list_head *net_ctl_ro_header_lookup(struct ctl_table_root *root, 44static int net_ctl_permissions(struct ctl_table_root *root,
44 struct nsproxy *namespaces) 45 struct nsproxy *nsproxy,
46 struct ctl_table *table)
45{ 47{
46 return &net_sysctl_ro_tables; 48 /* Allow network administrator to have same access as root. */
49 if (capable(CAP_NET_ADMIN)) {
50 int mode = (table->mode >> 6) & 7;
51 return (mode << 6) | (mode << 3) | mode;
52 }
53 return table->mode;
47} 54}
48 55
56static struct ctl_table_root net_sysctl_root = {
57 .lookup = net_ctl_header_lookup,
58 .permissions = net_ctl_permissions,
59};
60
49static int net_ctl_ro_header_perms(struct ctl_table_root *root, 61static int net_ctl_ro_header_perms(struct ctl_table_root *root,
50 struct nsproxy *namespaces, struct ctl_table *table) 62 struct nsproxy *namespaces, struct ctl_table *table)
51{ 63{
@@ -56,19 +68,20 @@ static int net_ctl_ro_header_perms(struct ctl_table_root *root,
56} 68}
57 69
58static struct ctl_table_root net_sysctl_ro_root = { 70static struct ctl_table_root net_sysctl_ro_root = {
59 .lookup = net_ctl_ro_header_lookup,
60 .permissions = net_ctl_ro_header_perms, 71 .permissions = net_ctl_ro_header_perms,
61}; 72};
62 73
63static int sysctl_net_init(struct net *net) 74static int sysctl_net_init(struct net *net)
64{ 75{
65 INIT_LIST_HEAD(&net->sysctl_table_headers); 76 setup_sysctl_set(&net->sysctls,
77 &net_sysctl_ro_root.default_set,
78 is_seen);
66 return 0; 79 return 0;
67} 80}
68 81
69static void sysctl_net_exit(struct net *net) 82static void sysctl_net_exit(struct net *net)
70{ 83{
71 WARN_ON(!list_empty(&net->sysctl_table_headers)); 84 WARN_ON(!list_empty(&net->sysctls.list));
72 return; 85 return;
73} 86}
74 87
@@ -84,6 +97,7 @@ static __init int sysctl_init(void)
84 if (ret) 97 if (ret)
85 goto out; 98 goto out;
86 register_sysctl_root(&net_sysctl_root); 99 register_sysctl_root(&net_sysctl_root);
100 setup_sysctl_set(&net_sysctl_ro_root.default_set, NULL, NULL);
87 register_sysctl_root(&net_sysctl_ro_root); 101 register_sysctl_root(&net_sysctl_ro_root);
88out: 102out:
89 return ret; 103 return ret;
diff --git a/net/tipc/subscr.c b/net/tipc/subscr.c
index 0326d3060bc7..0747d8a9232f 100644
--- a/net/tipc/subscr.c
+++ b/net/tipc/subscr.c
@@ -85,7 +85,7 @@ static struct top_srv topsrv = { 0 };
85 85
86static u32 htohl(u32 in, int swap) 86static u32 htohl(u32 in, int swap)
87{ 87{
88 return swap ? (u32)___constant_swab32(in) : in; 88 return swap ? swab32(in) : in;
89} 89}
90 90
91/** 91/**
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index 70ceb1604ad8..015606b54d9b 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -227,7 +227,7 @@ static void __unix_remove_socket(struct sock *sk)
227 227
228static void __unix_insert_socket(struct hlist_head *list, struct sock *sk) 228static void __unix_insert_socket(struct hlist_head *list, struct sock *sk)
229{ 229{
230 BUG_TRAP(sk_unhashed(sk)); 230 WARN_ON(!sk_unhashed(sk));
231 sk_add_node(sk, list); 231 sk_add_node(sk, list);
232} 232}
233 233
@@ -350,9 +350,9 @@ static void unix_sock_destructor(struct sock *sk)
350 350
351 skb_queue_purge(&sk->sk_receive_queue); 351 skb_queue_purge(&sk->sk_receive_queue);
352 352
353 BUG_TRAP(!atomic_read(&sk->sk_wmem_alloc)); 353 WARN_ON(atomic_read(&sk->sk_wmem_alloc));
354 BUG_TRAP(sk_unhashed(sk)); 354 WARN_ON(!sk_unhashed(sk));
355 BUG_TRAP(!sk->sk_socket); 355 WARN_ON(sk->sk_socket);
356 if (!sock_flag(sk, SOCK_DEAD)) { 356 if (!sock_flag(sk, SOCK_DEAD)) {
357 printk("Attempt to release alive unix socket: %p\n", sk); 357 printk("Attempt to release alive unix socket: %p\n", sk);
358 return; 358 return;
@@ -603,7 +603,7 @@ static struct sock * unix_create1(struct net *net, struct socket *sock)
603 u->dentry = NULL; 603 u->dentry = NULL;
604 u->mnt = NULL; 604 u->mnt = NULL;
605 spin_lock_init(&u->lock); 605 spin_lock_init(&u->lock);
606 atomic_set(&u->inflight, 0); 606 atomic_long_set(&u->inflight, 0);
607 INIT_LIST_HEAD(&u->link); 607 INIT_LIST_HEAD(&u->link);
608 mutex_init(&u->readlock); /* single task reading lock */ 608 mutex_init(&u->readlock); /* single task reading lock */
609 init_waitqueue_head(&u->peer_wait); 609 init_waitqueue_head(&u->peer_wait);
diff --git a/net/unix/garbage.c b/net/unix/garbage.c
index ebdff3d877a1..2a27b84f740b 100644
--- a/net/unix/garbage.c
+++ b/net/unix/garbage.c
@@ -127,7 +127,7 @@ void unix_inflight(struct file *fp)
127 if(s) { 127 if(s) {
128 struct unix_sock *u = unix_sk(s); 128 struct unix_sock *u = unix_sk(s);
129 spin_lock(&unix_gc_lock); 129 spin_lock(&unix_gc_lock);
130 if (atomic_inc_return(&u->inflight) == 1) { 130 if (atomic_long_inc_return(&u->inflight) == 1) {
131 BUG_ON(!list_empty(&u->link)); 131 BUG_ON(!list_empty(&u->link));
132 list_add_tail(&u->link, &gc_inflight_list); 132 list_add_tail(&u->link, &gc_inflight_list);
133 } else { 133 } else {
@@ -145,7 +145,7 @@ void unix_notinflight(struct file *fp)
145 struct unix_sock *u = unix_sk(s); 145 struct unix_sock *u = unix_sk(s);
146 spin_lock(&unix_gc_lock); 146 spin_lock(&unix_gc_lock);
147 BUG_ON(list_empty(&u->link)); 147 BUG_ON(list_empty(&u->link));
148 if (atomic_dec_and_test(&u->inflight)) 148 if (atomic_long_dec_and_test(&u->inflight))
149 list_del_init(&u->link); 149 list_del_init(&u->link);
150 unix_tot_inflight--; 150 unix_tot_inflight--;
151 spin_unlock(&unix_gc_lock); 151 spin_unlock(&unix_gc_lock);
@@ -237,17 +237,17 @@ static void scan_children(struct sock *x, void (*func)(struct unix_sock *),
237 237
238static void dec_inflight(struct unix_sock *usk) 238static void dec_inflight(struct unix_sock *usk)
239{ 239{
240 atomic_dec(&usk->inflight); 240 atomic_long_dec(&usk->inflight);
241} 241}
242 242
243static void inc_inflight(struct unix_sock *usk) 243static void inc_inflight(struct unix_sock *usk)
244{ 244{
245 atomic_inc(&usk->inflight); 245 atomic_long_inc(&usk->inflight);
246} 246}
247 247
248static void inc_inflight_move_tail(struct unix_sock *u) 248static void inc_inflight_move_tail(struct unix_sock *u)
249{ 249{
250 atomic_inc(&u->inflight); 250 atomic_long_inc(&u->inflight);
251 /* 251 /*
252 * If this is still a candidate, move it to the end of the 252 * If this is still a candidate, move it to the end of the
253 * list, so that it's checked even if it was already passed 253 * list, so that it's checked even if it was already passed
@@ -288,11 +288,11 @@ void unix_gc(void)
288 * before the detach without atomicity guarantees. 288 * before the detach without atomicity guarantees.
289 */ 289 */
290 list_for_each_entry_safe(u, next, &gc_inflight_list, link) { 290 list_for_each_entry_safe(u, next, &gc_inflight_list, link) {
291 int total_refs; 291 long total_refs;
292 int inflight_refs; 292 long inflight_refs;
293 293
294 total_refs = file_count(u->sk.sk_socket->file); 294 total_refs = file_count(u->sk.sk_socket->file);
295 inflight_refs = atomic_read(&u->inflight); 295 inflight_refs = atomic_long_read(&u->inflight);
296 296
297 BUG_ON(inflight_refs < 1); 297 BUG_ON(inflight_refs < 1);
298 BUG_ON(total_refs < inflight_refs); 298 BUG_ON(total_refs < inflight_refs);
@@ -324,7 +324,7 @@ void unix_gc(void)
324 /* Move cursor to after the current position. */ 324 /* Move cursor to after the current position. */
325 list_move(&cursor, &u->link); 325 list_move(&cursor, &u->link);
326 326
327 if (atomic_read(&u->inflight) > 0) { 327 if (atomic_long_read(&u->inflight) > 0) {
328 list_move_tail(&u->link, &gc_inflight_list); 328 list_move_tail(&u->link, &gc_inflight_list);
329 u->gc_candidate = 0; 329 u->gc_candidate = 0;
330 scan_children(&u->sk, inc_inflight_move_tail, NULL); 330 scan_children(&u->sk, inc_inflight_move_tail, NULL);
diff --git a/net/wanrouter/wanmain.c b/net/wanrouter/wanmain.c
index b210a88d0960..7f07152bc109 100644
--- a/net/wanrouter/wanmain.c
+++ b/net/wanrouter/wanmain.c
@@ -57,7 +57,6 @@
57#include <linux/vmalloc.h> /* vmalloc, vfree */ 57#include <linux/vmalloc.h> /* vmalloc, vfree */
58#include <asm/uaccess.h> /* copy_to/from_user */ 58#include <asm/uaccess.h> /* copy_to/from_user */
59#include <linux/init.h> /* __initfunc et al. */ 59#include <linux/init.h> /* __initfunc et al. */
60#include <net/syncppp.h>
61 60
62#define KMEM_SAFETYZONE 8 61#define KMEM_SAFETYZONE 8
63 62
@@ -567,9 +566,6 @@ static int wanrouter_device_new_if(struct wan_device *wandev,
567{ 566{
568 wanif_conf_t *cnf; 567 wanif_conf_t *cnf;
569 struct net_device *dev = NULL; 568 struct net_device *dev = NULL;
570#ifdef CONFIG_WANPIPE_MULTPPP
571 struct ppp_device *pppdev=NULL;
572#endif
573 int err; 569 int err;
574 570
575 if ((wandev->state == WAN_UNCONFIGURED) || (wandev->new_if == NULL)) 571 if ((wandev->state == WAN_UNCONFIGURED) || (wandev->new_if == NULL))
@@ -588,25 +584,10 @@ static int wanrouter_device_new_if(struct wan_device *wandev,
588 goto out; 584 goto out;
589 585
590 if (cnf->config_id == WANCONFIG_MPPP) { 586 if (cnf->config_id == WANCONFIG_MPPP) {
591#ifdef CONFIG_WANPIPE_MULTPPP
592 pppdev = kzalloc(sizeof(struct ppp_device), GFP_KERNEL);
593 err = -ENOBUFS;
594 if (pppdev == NULL)
595 goto out;
596 pppdev->dev = kzalloc(sizeof(struct net_device), GFP_KERNEL);
597 if (pppdev->dev == NULL) {
598 kfree(pppdev);
599 err = -ENOBUFS;
600 goto out;
601 }
602 err = wandev->new_if(wandev, (struct net_device *)pppdev, cnf);
603 dev = pppdev->dev;
604#else
605 printk(KERN_INFO "%s: Wanpipe Mulit-Port PPP support has not been compiled in!\n", 587 printk(KERN_INFO "%s: Wanpipe Mulit-Port PPP support has not been compiled in!\n",
606 wandev->name); 588 wandev->name);
607 err = -EPROTONOSUPPORT; 589 err = -EPROTONOSUPPORT;
608 goto out; 590 goto out;
609#endif
610 } else { 591 } else {
611 dev = kzalloc(sizeof(struct net_device), GFP_KERNEL); 592 dev = kzalloc(sizeof(struct net_device), GFP_KERNEL);
612 err = -ENOBUFS; 593 err = -ENOBUFS;
@@ -661,17 +642,9 @@ static int wanrouter_device_new_if(struct wan_device *wandev,
661 kfree(dev->priv); 642 kfree(dev->priv);
662 dev->priv = NULL; 643 dev->priv = NULL;
663 644
664#ifdef CONFIG_WANPIPE_MULTPPP
665 if (cnf->config_id == WANCONFIG_MPPP)
666 kfree(pppdev);
667 else
668 kfree(dev);
669#else
670 /* Sync PPP is disabled */ 645 /* Sync PPP is disabled */
671 if (cnf->config_id != WANCONFIG_MPPP) 646 if (cnf->config_id != WANCONFIG_MPPP)
672 kfree(dev); 647 kfree(dev);
673#endif
674
675out: 648out:
676 kfree(cnf); 649 kfree(cnf);
677 return err; 650 return err;
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index b7fefffd2d0d..59eb2cf42e5f 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -29,16 +29,16 @@ static struct genl_family nl80211_fam = {
29}; 29};
30 30
31/* internal helper: get drv and dev */ 31/* internal helper: get drv and dev */
32static int get_drv_dev_by_info_ifindex(struct genl_info *info, 32static int get_drv_dev_by_info_ifindex(struct nlattr **attrs,
33 struct cfg80211_registered_device **drv, 33 struct cfg80211_registered_device **drv,
34 struct net_device **dev) 34 struct net_device **dev)
35{ 35{
36 int ifindex; 36 int ifindex;
37 37
38 if (!info->attrs[NL80211_ATTR_IFINDEX]) 38 if (!attrs[NL80211_ATTR_IFINDEX])
39 return -EINVAL; 39 return -EINVAL;
40 40
41 ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]); 41 ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
42 *dev = dev_get_by_index(&init_net, ifindex); 42 *dev = dev_get_by_index(&init_net, ifindex);
43 if (!*dev) 43 if (!*dev)
44 return -ENODEV; 44 return -ENODEV;
@@ -291,21 +291,31 @@ static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *
291 291
292 mutex_lock(&cfg80211_drv_mutex); 292 mutex_lock(&cfg80211_drv_mutex);
293 list_for_each_entry(dev, &cfg80211_drv_list, list) { 293 list_for_each_entry(dev, &cfg80211_drv_list, list) {
294 if (++wp_idx < wp_start) 294 if (wp_idx < wp_start) {
295 wp_idx++;
295 continue; 296 continue;
297 }
296 if_idx = 0; 298 if_idx = 0;
297 299
298 mutex_lock(&dev->devlist_mtx); 300 mutex_lock(&dev->devlist_mtx);
299 list_for_each_entry(wdev, &dev->netdev_list, list) { 301 list_for_each_entry(wdev, &dev->netdev_list, list) {
300 if (++if_idx < if_start) 302 if (if_idx < if_start) {
303 if_idx++;
301 continue; 304 continue;
305 }
302 if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).pid, 306 if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).pid,
303 cb->nlh->nlmsg_seq, NLM_F_MULTI, 307 cb->nlh->nlmsg_seq, NLM_F_MULTI,
304 wdev->netdev) < 0) 308 wdev->netdev) < 0) {
305 break; 309 mutex_unlock(&dev->devlist_mtx);
310 goto out;
311 }
312 if_idx++;
306 } 313 }
307 mutex_unlock(&dev->devlist_mtx); 314 mutex_unlock(&dev->devlist_mtx);
315
316 wp_idx++;
308 } 317 }
318 out:
309 mutex_unlock(&cfg80211_drv_mutex); 319 mutex_unlock(&cfg80211_drv_mutex);
310 320
311 cb->args[0] = wp_idx; 321 cb->args[0] = wp_idx;
@@ -321,7 +331,7 @@ static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
321 struct net_device *netdev; 331 struct net_device *netdev;
322 int err; 332 int err;
323 333
324 err = get_drv_dev_by_info_ifindex(info, &dev, &netdev); 334 err = get_drv_dev_by_info_ifindex(info->attrs, &dev, &netdev);
325 if (err) 335 if (err)
326 return err; 336 return err;
327 337
@@ -392,7 +402,7 @@ static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
392 } else 402 } else
393 return -EINVAL; 403 return -EINVAL;
394 404
395 err = get_drv_dev_by_info_ifindex(info, &drv, &dev); 405 err = get_drv_dev_by_info_ifindex(info->attrs, &drv, &dev);
396 if (err) 406 if (err)
397 return err; 407 return err;
398 ifindex = dev->ifindex; 408 ifindex = dev->ifindex;
@@ -477,7 +487,7 @@ static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
477 int ifindex, err; 487 int ifindex, err;
478 struct net_device *dev; 488 struct net_device *dev;
479 489
480 err = get_drv_dev_by_info_ifindex(info, &drv, &dev); 490 err = get_drv_dev_by_info_ifindex(info->attrs, &drv, &dev);
481 if (err) 491 if (err)
482 return err; 492 return err;
483 ifindex = dev->ifindex; 493 ifindex = dev->ifindex;
@@ -545,7 +555,7 @@ static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
545 if (info->attrs[NL80211_ATTR_MAC]) 555 if (info->attrs[NL80211_ATTR_MAC])
546 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 556 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
547 557
548 err = get_drv_dev_by_info_ifindex(info, &drv, &dev); 558 err = get_drv_dev_by_info_ifindex(info->attrs, &drv, &dev);
549 if (err) 559 if (err)
550 return err; 560 return err;
551 561
@@ -618,7 +628,7 @@ static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
618 if (!info->attrs[NL80211_ATTR_KEY_DEFAULT]) 628 if (!info->attrs[NL80211_ATTR_KEY_DEFAULT])
619 return -EINVAL; 629 return -EINVAL;
620 630
621 err = get_drv_dev_by_info_ifindex(info, &drv, &dev); 631 err = get_drv_dev_by_info_ifindex(info->attrs, &drv, &dev);
622 if (err) 632 if (err)
623 return err; 633 return err;
624 634
@@ -699,7 +709,7 @@ static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
699 return -EINVAL; 709 return -EINVAL;
700 } 710 }
701 711
702 err = get_drv_dev_by_info_ifindex(info, &drv, &dev); 712 err = get_drv_dev_by_info_ifindex(info->attrs, &drv, &dev);
703 if (err) 713 if (err)
704 return err; 714 return err;
705 715
@@ -735,7 +745,7 @@ static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
735 if (info->attrs[NL80211_ATTR_MAC]) 745 if (info->attrs[NL80211_ATTR_MAC])
736 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 746 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
737 747
738 err = get_drv_dev_by_info_ifindex(info, &drv, &dev); 748 err = get_drv_dev_by_info_ifindex(info->attrs, &drv, &dev);
739 if (err) 749 if (err)
740 return err; 750 return err;
741 751
@@ -764,7 +774,7 @@ static int nl80211_addset_beacon(struct sk_buff *skb, struct genl_info *info)
764 struct beacon_parameters params; 774 struct beacon_parameters params;
765 int haveinfo = 0; 775 int haveinfo = 0;
766 776
767 err = get_drv_dev_by_info_ifindex(info, &drv, &dev); 777 err = get_drv_dev_by_info_ifindex(info->attrs, &drv, &dev);
768 if (err) 778 if (err)
769 return err; 779 return err;
770 780
@@ -843,7 +853,7 @@ static int nl80211_del_beacon(struct sk_buff *skb, struct genl_info *info)
843 int err; 853 int err;
844 struct net_device *dev; 854 struct net_device *dev;
845 855
846 err = get_drv_dev_by_info_ifindex(info, &drv, &dev); 856 err = get_drv_dev_by_info_ifindex(info->attrs, &drv, &dev);
847 if (err) 857 if (err)
848 return err; 858 return err;
849 859
@@ -937,67 +947,78 @@ static int nl80211_send_station(struct sk_buff *msg, u32 pid, u32 seq,
937} 947}
938 948
939static int nl80211_dump_station(struct sk_buff *skb, 949static int nl80211_dump_station(struct sk_buff *skb,
940 struct netlink_callback *cb) 950 struct netlink_callback *cb)
941{ 951{
942 int wp_idx = 0;
943 int if_idx = 0;
944 int sta_idx = cb->args[2];
945 int wp_start = cb->args[0];
946 int if_start = cb->args[1];
947 struct station_info sinfo; 952 struct station_info sinfo;
948 struct cfg80211_registered_device *dev; 953 struct cfg80211_registered_device *dev;
949 struct wireless_dev *wdev; 954 struct net_device *netdev;
950 u8 mac_addr[ETH_ALEN]; 955 u8 mac_addr[ETH_ALEN];
956 int ifidx = cb->args[0];
957 int sta_idx = cb->args[1];
951 int err; 958 int err;
952 int exit = 0;
953 959
954 /* TODO: filter by device */ 960 if (!ifidx) {
955 mutex_lock(&cfg80211_drv_mutex); 961 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
956 list_for_each_entry(dev, &cfg80211_drv_list, list) { 962 nl80211_fam.attrbuf, nl80211_fam.maxattr,
957 if (exit) 963 nl80211_policy);
964 if (err)
965 return err;
966
967 if (!nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX])
968 return -EINVAL;
969
970 ifidx = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]);
971 if (!ifidx)
972 return -EINVAL;
973 }
974
975 netdev = dev_get_by_index(&init_net, ifidx);
976 if (!netdev)
977 return -ENODEV;
978
979 dev = cfg80211_get_dev_from_ifindex(ifidx);
980 if (IS_ERR(dev)) {
981 err = PTR_ERR(dev);
982 goto out_put_netdev;
983 }
984
985 if (!dev->ops->dump_station) {
986 err = -ENOSYS;
987 goto out_err;
988 }
989
990 rtnl_lock();
991
992 while (1) {
993 err = dev->ops->dump_station(&dev->wiphy, netdev, sta_idx,
994 mac_addr, &sinfo);
995 if (err == -ENOENT)
958 break; 996 break;
959 if (++wp_idx < wp_start) 997 if (err)
960 continue; 998 goto out_err_rtnl;
961 if_idx = 0;
962 999
963 mutex_lock(&dev->devlist_mtx); 1000 if (nl80211_send_station(skb,
964 list_for_each_entry(wdev, &dev->netdev_list, list) { 1001 NETLINK_CB(cb->skb).pid,
965 if (exit) 1002 cb->nlh->nlmsg_seq, NLM_F_MULTI,
966 break; 1003 netdev, mac_addr,
967 if (++if_idx < if_start) 1004 &sinfo) < 0)
968 continue; 1005 goto out;
969 if (!dev->ops->dump_station)
970 continue;
971 1006
972 for (;; ++sta_idx) { 1007 sta_idx++;
973 rtnl_lock();
974 err = dev->ops->dump_station(&dev->wiphy,
975 wdev->netdev, sta_idx, mac_addr,
976 &sinfo);
977 rtnl_unlock();
978 if (err) {
979 sta_idx = 0;
980 break;
981 }
982 if (nl80211_send_station(skb,
983 NETLINK_CB(cb->skb).pid,
984 cb->nlh->nlmsg_seq, NLM_F_MULTI,
985 wdev->netdev, mac_addr,
986 &sinfo) < 0) {
987 exit = 1;
988 break;
989 }
990 }
991 }
992 mutex_unlock(&dev->devlist_mtx);
993 } 1008 }
994 mutex_unlock(&cfg80211_drv_mutex);
995 1009
996 cb->args[0] = wp_idx;
997 cb->args[1] = if_idx;
998 cb->args[2] = sta_idx;
999 1010
1000 return skb->len; 1011 out:
1012 cb->args[1] = sta_idx;
1013 err = skb->len;
1014 out_err_rtnl:
1015 rtnl_unlock();
1016 out_err:
1017 cfg80211_put_dev(dev);
1018 out_put_netdev:
1019 dev_put(netdev);
1020
1021 return err;
1001} 1022}
1002 1023
1003static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info) 1024static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
@@ -1016,7 +1037,7 @@ static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
1016 1037
1017 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 1038 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
1018 1039
1019 err = get_drv_dev_by_info_ifindex(info, &drv, &dev); 1040 err = get_drv_dev_by_info_ifindex(info->attrs, &drv, &dev);
1020 if (err) 1041 if (err)
1021 return err; 1042 return err;
1022 1043
@@ -1112,7 +1133,7 @@ static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
1112 params.plink_action = 1133 params.plink_action =
1113 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]); 1134 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
1114 1135
1115 err = get_drv_dev_by_info_ifindex(info, &drv, &dev); 1136 err = get_drv_dev_by_info_ifindex(info->attrs, &drv, &dev);
1116 if (err) 1137 if (err)
1117 return err; 1138 return err;
1118 1139
@@ -1172,7 +1193,7 @@ static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
1172 &params.station_flags)) 1193 &params.station_flags))
1173 return -EINVAL; 1194 return -EINVAL;
1174 1195
1175 err = get_drv_dev_by_info_ifindex(info, &drv, &dev); 1196 err = get_drv_dev_by_info_ifindex(info->attrs, &drv, &dev);
1176 if (err) 1197 if (err)
1177 return err; 1198 return err;
1178 1199
@@ -1207,7 +1228,7 @@ static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
1207 if (info->attrs[NL80211_ATTR_MAC]) 1228 if (info->attrs[NL80211_ATTR_MAC])
1208 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 1229 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
1209 1230
1210 err = get_drv_dev_by_info_ifindex(info, &drv, &dev); 1231 err = get_drv_dev_by_info_ifindex(info->attrs, &drv, &dev);
1211 if (err) 1232 if (err)
1212 return err; 1233 return err;
1213 1234
@@ -1277,68 +1298,78 @@ static int nl80211_send_mpath(struct sk_buff *msg, u32 pid, u32 seq,
1277} 1298}
1278 1299
1279static int nl80211_dump_mpath(struct sk_buff *skb, 1300static int nl80211_dump_mpath(struct sk_buff *skb,
1280 struct netlink_callback *cb) 1301 struct netlink_callback *cb)
1281{ 1302{
1282 int wp_idx = 0;
1283 int if_idx = 0;
1284 int sta_idx = cb->args[2];
1285 int wp_start = cb->args[0];
1286 int if_start = cb->args[1];
1287 struct mpath_info pinfo; 1303 struct mpath_info pinfo;
1288 struct cfg80211_registered_device *dev; 1304 struct cfg80211_registered_device *dev;
1289 struct wireless_dev *wdev; 1305 struct net_device *netdev;
1290 u8 dst[ETH_ALEN]; 1306 u8 dst[ETH_ALEN];
1291 u8 next_hop[ETH_ALEN]; 1307 u8 next_hop[ETH_ALEN];
1308 int ifidx = cb->args[0];
1309 int path_idx = cb->args[1];
1292 int err; 1310 int err;
1293 int exit = 0;
1294 1311
1295 /* TODO: filter by device */ 1312 if (!ifidx) {
1296 mutex_lock(&cfg80211_drv_mutex); 1313 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
1297 list_for_each_entry(dev, &cfg80211_drv_list, list) { 1314 nl80211_fam.attrbuf, nl80211_fam.maxattr,
1298 if (exit) 1315 nl80211_policy);
1316 if (err)
1317 return err;
1318
1319 if (!nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX])
1320 return -EINVAL;
1321
1322 ifidx = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]);
1323 if (!ifidx)
1324 return -EINVAL;
1325 }
1326
1327 netdev = dev_get_by_index(&init_net, ifidx);
1328 if (!netdev)
1329 return -ENODEV;
1330
1331 dev = cfg80211_get_dev_from_ifindex(ifidx);
1332 if (IS_ERR(dev)) {
1333 err = PTR_ERR(dev);
1334 goto out_put_netdev;
1335 }
1336
1337 if (!dev->ops->dump_mpath) {
1338 err = -ENOSYS;
1339 goto out_err;
1340 }
1341
1342 rtnl_lock();
1343
1344 while (1) {
1345 err = dev->ops->dump_mpath(&dev->wiphy, netdev, path_idx,
1346 dst, next_hop, &pinfo);
1347 if (err == -ENOENT)
1299 break; 1348 break;
1300 if (++wp_idx < wp_start) 1349 if (err)
1301 continue; 1350 goto out_err_rtnl;
1302 if_idx = 0;
1303 1351
1304 mutex_lock(&dev->devlist_mtx); 1352 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).pid,
1305 list_for_each_entry(wdev, &dev->netdev_list, list) { 1353 cb->nlh->nlmsg_seq, NLM_F_MULTI,
1306 if (exit) 1354 netdev, dst, next_hop,
1307 break; 1355 &pinfo) < 0)
1308 if (++if_idx < if_start) 1356 goto out;
1309 continue;
1310 if (!dev->ops->dump_mpath)
1311 continue;
1312 1357
1313 for (;; ++sta_idx) { 1358 path_idx++;
1314 rtnl_lock();
1315 err = dev->ops->dump_mpath(&dev->wiphy,
1316 wdev->netdev, sta_idx, dst,
1317 next_hop, &pinfo);
1318 rtnl_unlock();
1319 if (err) {
1320 sta_idx = 0;
1321 break;
1322 }
1323 if (nl80211_send_mpath(skb,
1324 NETLINK_CB(cb->skb).pid,
1325 cb->nlh->nlmsg_seq, NLM_F_MULTI,
1326 wdev->netdev, dst, next_hop,
1327 &pinfo) < 0) {
1328 exit = 1;
1329 break;
1330 }
1331 }
1332 }
1333 mutex_unlock(&dev->devlist_mtx);
1334 } 1359 }
1335 mutex_unlock(&cfg80211_drv_mutex);
1336 1360
1337 cb->args[0] = wp_idx;
1338 cb->args[1] = if_idx;
1339 cb->args[2] = sta_idx;
1340 1361
1341 return skb->len; 1362 out:
1363 cb->args[1] = path_idx;
1364 err = skb->len;
1365 out_err_rtnl:
1366 rtnl_unlock();
1367 out_err:
1368 cfg80211_put_dev(dev);
1369 out_put_netdev:
1370 dev_put(netdev);
1371
1372 return err;
1342} 1373}
1343 1374
1344static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info) 1375static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
@@ -1358,7 +1389,7 @@ static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
1358 1389
1359 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 1390 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
1360 1391
1361 err = get_drv_dev_by_info_ifindex(info, &drv, &dev); 1392 err = get_drv_dev_by_info_ifindex(info->attrs, &drv, &dev);
1362 if (err) 1393 if (err)
1363 return err; 1394 return err;
1364 1395
@@ -1411,7 +1442,7 @@ static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
1411 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 1442 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
1412 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]); 1443 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
1413 1444
1414 err = get_drv_dev_by_info_ifindex(info, &drv, &dev); 1445 err = get_drv_dev_by_info_ifindex(info->attrs, &drv, &dev);
1415 if (err) 1446 if (err)
1416 return err; 1447 return err;
1417 1448
@@ -1446,7 +1477,7 @@ static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
1446 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 1477 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
1447 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]); 1478 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
1448 1479
1449 err = get_drv_dev_by_info_ifindex(info, &drv, &dev); 1480 err = get_drv_dev_by_info_ifindex(info->attrs, &drv, &dev);
1450 if (err) 1481 if (err)
1451 return err; 1482 return err;
1452 1483
@@ -1475,7 +1506,7 @@ static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
1475 if (info->attrs[NL80211_ATTR_MAC]) 1506 if (info->attrs[NL80211_ATTR_MAC])
1476 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 1507 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
1477 1508
1478 err = get_drv_dev_by_info_ifindex(info, &drv, &dev); 1509 err = get_drv_dev_by_info_ifindex(info->attrs, &drv, &dev);
1479 if (err) 1510 if (err)
1480 return err; 1511 return err;
1481 1512
diff --git a/net/wireless/wext.c b/net/wireless/wext.c
index df5b3886c36b..d98ffb75119a 100644
--- a/net/wireless/wext.c
+++ b/net/wireless/wext.c
@@ -1277,6 +1277,7 @@ static int rtnetlink_fill_iwinfo(struct sk_buff *skb, struct net_device *dev,
1277 r->ifi_flags = dev_get_flags(dev); 1277 r->ifi_flags = dev_get_flags(dev);
1278 r->ifi_change = 0; /* Wireless changes don't affect those flags */ 1278 r->ifi_change = 0; /* Wireless changes don't affect those flags */
1279 1279
1280 NLA_PUT_STRING(skb, IFLA_IFNAME, dev->name);
1280 /* Add the wireless events in the netlink packet */ 1281 /* Add the wireless events in the netlink packet */
1281 NLA_PUT(skb, IFLA_WIRELESS, event_len, event); 1282 NLA_PUT(skb, IFLA_WIRELESS, event_len, event);
1282 1283
diff --git a/net/xfrm/Kconfig b/net/xfrm/Kconfig
index 9201ef8ad90e..6d081674515f 100644
--- a/net/xfrm/Kconfig
+++ b/net/xfrm/Kconfig
@@ -46,6 +46,12 @@ config XFRM_STATISTICS
46 46
47 If unsure, say N. 47 If unsure, say N.
48 48
49config XFRM_IPCOMP
50 tristate
51 select XFRM
52 select CRYPTO
53 select CRYPTO_DEFLATE
54
49config NET_KEY 55config NET_KEY
50 tristate "PF_KEY sockets" 56 tristate "PF_KEY sockets"
51 select XFRM 57 select XFRM
diff --git a/net/xfrm/Makefile b/net/xfrm/Makefile
index 332cfb0ff566..0f439a72ccab 100644
--- a/net/xfrm/Makefile
+++ b/net/xfrm/Makefile
@@ -6,4 +6,5 @@ obj-$(CONFIG_XFRM) := xfrm_policy.o xfrm_state.o xfrm_hash.o \
6 xfrm_input.o xfrm_output.o xfrm_algo.o 6 xfrm_input.o xfrm_output.o xfrm_algo.o
7obj-$(CONFIG_XFRM_STATISTICS) += xfrm_proc.o 7obj-$(CONFIG_XFRM_STATISTICS) += xfrm_proc.o
8obj-$(CONFIG_XFRM_USER) += xfrm_user.o 8obj-$(CONFIG_XFRM_USER) += xfrm_user.o
9obj-$(CONFIG_XFRM_IPCOMP) += xfrm_ipcomp.o
9 10
diff --git a/net/xfrm/xfrm_algo.c b/net/xfrm/xfrm_algo.c
index 23a2cc04b8cd..96036cf2216d 100644
--- a/net/xfrm/xfrm_algo.c
+++ b/net/xfrm/xfrm_algo.c
@@ -718,7 +718,7 @@ int skb_icv_walk(const struct sk_buff *skb, struct hash_desc *desc,
718 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) { 718 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
719 int end; 719 int end;
720 720
721 BUG_TRAP(start <= offset + len); 721 WARN_ON(start > offset + len);
722 722
723 end = start + skb_shinfo(skb)->frags[i].size; 723 end = start + skb_shinfo(skb)->frags[i].size;
724 if ((copy = end - offset) > 0) { 724 if ((copy = end - offset) > 0) {
@@ -748,7 +748,7 @@ int skb_icv_walk(const struct sk_buff *skb, struct hash_desc *desc,
748 for (; list; list = list->next) { 748 for (; list; list = list->next) {
749 int end; 749 int end;
750 750
751 BUG_TRAP(start <= offset + len); 751 WARN_ON(start > offset + len);
752 752
753 end = start + list->len; 753 end = start + list->len;
754 if ((copy = end - offset) > 0) { 754 if ((copy = end - offset) > 0) {
diff --git a/net/xfrm/xfrm_ipcomp.c b/net/xfrm/xfrm_ipcomp.c
new file mode 100644
index 000000000000..c609a4b98e15
--- /dev/null
+++ b/net/xfrm/xfrm_ipcomp.c
@@ -0,0 +1,384 @@
1/*
2 * IP Payload Compression Protocol (IPComp) - RFC3173.
3 *
4 * Copyright (c) 2003 James Morris <jmorris@intercode.com.au>
5 * Copyright (c) 2003-2008 Herbert Xu <herbert@gondor.apana.org.au>
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the Free
9 * Software Foundation; either version 2 of the License, or (at your option)
10 * any later version.
11 *
12 * Todo:
13 * - Tunable compression parameters.
14 * - Compression stats.
15 * - Adaptive compression.
16 */
17
18#include <linux/crypto.h>
19#include <linux/err.h>
20#include <linux/gfp.h>
21#include <linux/list.h>
22#include <linux/module.h>
23#include <linux/mutex.h>
24#include <linux/percpu.h>
25#include <linux/smp.h>
26#include <linux/vmalloc.h>
27#include <net/ip.h>
28#include <net/ipcomp.h>
29#include <net/xfrm.h>
30
31struct ipcomp_tfms {
32 struct list_head list;
33 struct crypto_comp **tfms;
34 int users;
35};
36
37static DEFINE_MUTEX(ipcomp_resource_mutex);
38static void **ipcomp_scratches;
39static int ipcomp_scratch_users;
40static LIST_HEAD(ipcomp_tfms_list);
41
42static int ipcomp_decompress(struct xfrm_state *x, struct sk_buff *skb)
43{
44 struct ipcomp_data *ipcd = x->data;
45 const int plen = skb->len;
46 int dlen = IPCOMP_SCRATCH_SIZE;
47 const u8 *start = skb->data;
48 const int cpu = get_cpu();
49 u8 *scratch = *per_cpu_ptr(ipcomp_scratches, cpu);
50 struct crypto_comp *tfm = *per_cpu_ptr(ipcd->tfms, cpu);
51 int err = crypto_comp_decompress(tfm, start, plen, scratch, &dlen);
52 int len;
53
54 if (err)
55 goto out;
56
57 if (dlen < (plen + sizeof(struct ip_comp_hdr))) {
58 err = -EINVAL;
59 goto out;
60 }
61
62 len = dlen - plen;
63 if (len > skb_tailroom(skb))
64 len = skb_tailroom(skb);
65
66 skb->truesize += len;
67 __skb_put(skb, len);
68
69 len += plen;
70 skb_copy_to_linear_data(skb, scratch, len);
71
72 while ((scratch += len, dlen -= len) > 0) {
73 skb_frag_t *frag;
74
75 err = -EMSGSIZE;
76 if (WARN_ON(skb_shinfo(skb)->nr_frags >= MAX_SKB_FRAGS))
77 goto out;
78
79 frag = skb_shinfo(skb)->frags + skb_shinfo(skb)->nr_frags;
80 frag->page = alloc_page(GFP_ATOMIC);
81
82 err = -ENOMEM;
83 if (!frag->page)
84 goto out;
85
86 len = PAGE_SIZE;
87 if (dlen < len)
88 len = dlen;
89
90 memcpy(page_address(frag->page), scratch, len);
91
92 frag->page_offset = 0;
93 frag->size = len;
94 skb->truesize += len;
95 skb->data_len += len;
96 skb->len += len;
97
98 skb_shinfo(skb)->nr_frags++;
99 }
100
101 err = 0;
102
103out:
104 put_cpu();
105 return err;
106}
107
108int ipcomp_input(struct xfrm_state *x, struct sk_buff *skb)
109{
110 int nexthdr;
111 int err = -ENOMEM;
112 struct ip_comp_hdr *ipch;
113
114 if (skb_linearize_cow(skb))
115 goto out;
116
117 skb->ip_summed = CHECKSUM_NONE;
118
119 /* Remove ipcomp header and decompress original payload */
120 ipch = (void *)skb->data;
121 nexthdr = ipch->nexthdr;
122
123 skb->transport_header = skb->network_header + sizeof(*ipch);
124 __skb_pull(skb, sizeof(*ipch));
125 err = ipcomp_decompress(x, skb);
126 if (err)
127 goto out;
128
129 err = nexthdr;
130
131out:
132 return err;
133}
134EXPORT_SYMBOL_GPL(ipcomp_input);
135
136static int ipcomp_compress(struct xfrm_state *x, struct sk_buff *skb)
137{
138 struct ipcomp_data *ipcd = x->data;
139 const int plen = skb->len;
140 int dlen = IPCOMP_SCRATCH_SIZE;
141 u8 *start = skb->data;
142 const int cpu = get_cpu();
143 u8 *scratch = *per_cpu_ptr(ipcomp_scratches, cpu);
144 struct crypto_comp *tfm = *per_cpu_ptr(ipcd->tfms, cpu);
145 int err;
146
147 local_bh_disable();
148 err = crypto_comp_compress(tfm, start, plen, scratch, &dlen);
149 local_bh_enable();
150 if (err)
151 goto out;
152
153 if ((dlen + sizeof(struct ip_comp_hdr)) >= plen) {
154 err = -EMSGSIZE;
155 goto out;
156 }
157
158 memcpy(start + sizeof(struct ip_comp_hdr), scratch, dlen);
159 put_cpu();
160
161 pskb_trim(skb, dlen + sizeof(struct ip_comp_hdr));
162 return 0;
163
164out:
165 put_cpu();
166 return err;
167}
168
169int ipcomp_output(struct xfrm_state *x, struct sk_buff *skb)
170{
171 int err;
172 struct ip_comp_hdr *ipch;
173 struct ipcomp_data *ipcd = x->data;
174
175 if (skb->len < ipcd->threshold) {
176 /* Don't bother compressing */
177 goto out_ok;
178 }
179
180 if (skb_linearize_cow(skb))
181 goto out_ok;
182
183 err = ipcomp_compress(x, skb);
184
185 if (err) {
186 goto out_ok;
187 }
188
189 /* Install ipcomp header, convert into ipcomp datagram. */
190 ipch = ip_comp_hdr(skb);
191 ipch->nexthdr = *skb_mac_header(skb);
192 ipch->flags = 0;
193 ipch->cpi = htons((u16 )ntohl(x->id.spi));
194 *skb_mac_header(skb) = IPPROTO_COMP;
195out_ok:
196 skb_push(skb, -skb_network_offset(skb));
197 return 0;
198}
199EXPORT_SYMBOL_GPL(ipcomp_output);
200
201static void ipcomp_free_scratches(void)
202{
203 int i;
204 void **scratches;
205
206 if (--ipcomp_scratch_users)
207 return;
208
209 scratches = ipcomp_scratches;
210 if (!scratches)
211 return;
212
213 for_each_possible_cpu(i)
214 vfree(*per_cpu_ptr(scratches, i));
215
216 free_percpu(scratches);
217}
218
219static void **ipcomp_alloc_scratches(void)
220{
221 int i;
222 void **scratches;
223
224 if (ipcomp_scratch_users++)
225 return ipcomp_scratches;
226
227 scratches = alloc_percpu(void *);
228 if (!scratches)
229 return NULL;
230
231 ipcomp_scratches = scratches;
232
233 for_each_possible_cpu(i) {
234 void *scratch = vmalloc(IPCOMP_SCRATCH_SIZE);
235 if (!scratch)
236 return NULL;
237 *per_cpu_ptr(scratches, i) = scratch;
238 }
239
240 return scratches;
241}
242
243static void ipcomp_free_tfms(struct crypto_comp **tfms)
244{
245 struct ipcomp_tfms *pos;
246 int cpu;
247
248 list_for_each_entry(pos, &ipcomp_tfms_list, list) {
249 if (pos->tfms == tfms)
250 break;
251 }
252
253 WARN_ON(!pos);
254
255 if (--pos->users)
256 return;
257
258 list_del(&pos->list);
259 kfree(pos);
260
261 if (!tfms)
262 return;
263
264 for_each_possible_cpu(cpu) {
265 struct crypto_comp *tfm = *per_cpu_ptr(tfms, cpu);
266 crypto_free_comp(tfm);
267 }
268 free_percpu(tfms);
269}
270
271static struct crypto_comp **ipcomp_alloc_tfms(const char *alg_name)
272{
273 struct ipcomp_tfms *pos;
274 struct crypto_comp **tfms;
275 int cpu;
276
277 /* This can be any valid CPU ID so we don't need locking. */
278 cpu = raw_smp_processor_id();
279
280 list_for_each_entry(pos, &ipcomp_tfms_list, list) {
281 struct crypto_comp *tfm;
282
283 tfms = pos->tfms;
284 tfm = *per_cpu_ptr(tfms, cpu);
285
286 if (!strcmp(crypto_comp_name(tfm), alg_name)) {
287 pos->users++;
288 return tfms;
289 }
290 }
291
292 pos = kmalloc(sizeof(*pos), GFP_KERNEL);
293 if (!pos)
294 return NULL;
295
296 pos->users = 1;
297 INIT_LIST_HEAD(&pos->list);
298 list_add(&pos->list, &ipcomp_tfms_list);
299
300 pos->tfms = tfms = alloc_percpu(struct crypto_comp *);
301 if (!tfms)
302 goto error;
303
304 for_each_possible_cpu(cpu) {
305 struct crypto_comp *tfm = crypto_alloc_comp(alg_name, 0,
306 CRYPTO_ALG_ASYNC);
307 if (IS_ERR(tfm))
308 goto error;
309 *per_cpu_ptr(tfms, cpu) = tfm;
310 }
311
312 return tfms;
313
314error:
315 ipcomp_free_tfms(tfms);
316 return NULL;
317}
318
319static void ipcomp_free_data(struct ipcomp_data *ipcd)
320{
321 if (ipcd->tfms)
322 ipcomp_free_tfms(ipcd->tfms);
323 ipcomp_free_scratches();
324}
325
326void ipcomp_destroy(struct xfrm_state *x)
327{
328 struct ipcomp_data *ipcd = x->data;
329 if (!ipcd)
330 return;
331 xfrm_state_delete_tunnel(x);
332 mutex_lock(&ipcomp_resource_mutex);
333 ipcomp_free_data(ipcd);
334 mutex_unlock(&ipcomp_resource_mutex);
335 kfree(ipcd);
336}
337EXPORT_SYMBOL_GPL(ipcomp_destroy);
338
339int ipcomp_init_state(struct xfrm_state *x)
340{
341 int err;
342 struct ipcomp_data *ipcd;
343 struct xfrm_algo_desc *calg_desc;
344
345 err = -EINVAL;
346 if (!x->calg)
347 goto out;
348
349 if (x->encap)
350 goto out;
351
352 err = -ENOMEM;
353 ipcd = kzalloc(sizeof(*ipcd), GFP_KERNEL);
354 if (!ipcd)
355 goto out;
356
357 mutex_lock(&ipcomp_resource_mutex);
358 if (!ipcomp_alloc_scratches())
359 goto error;
360
361 ipcd->tfms = ipcomp_alloc_tfms(x->calg->alg_name);
362 if (!ipcd->tfms)
363 goto error;
364 mutex_unlock(&ipcomp_resource_mutex);
365
366 calg_desc = xfrm_calg_get_byname(x->calg->alg_name, 0);
367 BUG_ON(!calg_desc);
368 ipcd->threshold = calg_desc->uinfo.comp.threshold;
369 x->data = ipcd;
370 err = 0;
371out:
372 return err;
373
374error:
375 ipcomp_free_data(ipcd);
376 mutex_unlock(&ipcomp_resource_mutex);
377 kfree(ipcd);
378 goto out;
379}
380EXPORT_SYMBOL_GPL(ipcomp_init_state);
381
382MODULE_LICENSE("GPL");
383MODULE_DESCRIPTION("IP Payload Compression Protocol (IPComp) - RFC3173");
384MODULE_AUTHOR("James Morris <jmorris@intercode.com.au>");
diff --git a/net/xfrm/xfrm_output.c b/net/xfrm/xfrm_output.c
index 3f964db908a7..ac25b4c0e982 100644
--- a/net/xfrm/xfrm_output.c
+++ b/net/xfrm/xfrm_output.c
@@ -112,16 +112,13 @@ error_nolock:
112int xfrm_output_resume(struct sk_buff *skb, int err) 112int xfrm_output_resume(struct sk_buff *skb, int err)
113{ 113{
114 while (likely((err = xfrm_output_one(skb, err)) == 0)) { 114 while (likely((err = xfrm_output_one(skb, err)) == 0)) {
115 struct xfrm_state *x;
116
117 nf_reset(skb); 115 nf_reset(skb);
118 116
119 err = skb->dst->ops->local_out(skb); 117 err = skb->dst->ops->local_out(skb);
120 if (unlikely(err != 1)) 118 if (unlikely(err != 1))
121 goto out; 119 goto out;
122 120
123 x = skb->dst->xfrm; 121 if (!skb->dst->xfrm)
124 if (!x)
125 return dst_output(skb); 122 return dst_output(skb);
126 123
127 err = nf_hook(skb->dst->ops->family, 124 err = nf_hook(skb->dst->ops->family,
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 72fddafd891a..4c6914ef7d92 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -538,7 +538,7 @@ EXPORT_SYMBOL(xfrm_state_alloc);
538 538
539void __xfrm_state_destroy(struct xfrm_state *x) 539void __xfrm_state_destroy(struct xfrm_state *x)
540{ 540{
541 BUG_TRAP(x->km.state == XFRM_STATE_DEAD); 541 WARN_ON(x->km.state != XFRM_STATE_DEAD);
542 542
543 spin_lock_bh(&xfrm_state_lock); 543 spin_lock_bh(&xfrm_state_lock);
544 list_del(&x->all); 544 list_del(&x->all);
generated by cgit v1.2.2 (git 2.25.0) at 2025-08-14 18:22:46 -0400