aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorDavid S. Miller <davem@davemloft.net>2012-09-28 14:40:49 -0400
committerDavid S. Miller <davem@davemloft.net>2012-09-28 14:40:49 -0400
commit6a06e5e1bb217be077e1f8ee2745b4c5b1aa02db (patch)
tree8faea23112a11f52524eb413f71b7b02712d8b53 /net
parentd9f72f359e00a45a6cd7cc2d5121b04b9dc927e1 (diff)
parent6672d90fe779dc0dfffe027c3ede12609df091c2 (diff)
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Conflicts: drivers/net/team/team.c drivers/net/usb/qmi_wwan.c net/batman-adv/bat_iv_ogm.c net/ipv4/fib_frontend.c net/ipv4/route.c net/l2tp/l2tp_netlink.c The team, fib_frontend, route, and l2tp_netlink conflicts were simply overlapping changes. qmi_wwan and bat_iv_ogm were of the "use HEAD" variety. With help from Antonio Quartulli. Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r--net/batman-adv/bat_iv_ogm.c7
-rw-r--r--net/batman-adv/bitarray.h6
-rw-r--r--net/batman-adv/soft-interface.c7
-rw-r--r--net/bluetooth/bnep/sock.c4
-rw-r--r--net/bluetooth/cmtp/sock.c4
-rw-r--r--net/bluetooth/hci_core.c2
-rw-r--r--net/bluetooth/hci_sock.c16
-rw-r--r--net/bluetooth/hidp/sock.c4
-rw-r--r--net/bluetooth/l2cap_core.c2
-rw-r--r--net/bluetooth/mgmt.c16
-rw-r--r--net/ceph/messenger.c5
-rw-r--r--net/core/dev.c5
-rw-r--r--net/core/skbuff.c4
-rw-r--r--net/core/sock.c3
-rw-r--r--net/ipv4/devinet.c4
-rw-r--r--net/ipv4/inetpeer.c5
-rw-r--r--net/ipv4/raw.c14
-rw-r--r--net/ipv4/route.c9
-rw-r--r--net/ipv4/tcp.c23
-rw-r--r--net/ipv4/tcp_input.c5
-rw-r--r--net/ipv6/inet6_connection_sock.c23
-rw-r--r--net/ipv6/ip6_fib.c4
-rw-r--r--net/ipv6/mip6.c20
-rw-r--r--net/ipv6/raw.c21
-rw-r--r--net/ipv6/route.c19
-rw-r--r--net/l2tp/l2tp_netlink.c12
-rw-r--r--net/netfilter/xt_limit.c8
-rw-r--r--net/netrom/af_netrom.c2
-rw-r--r--net/sched/sch_qfq.c5
-rw-r--r--net/wireless/reg.c12
-rw-r--r--net/xfrm/xfrm_policy.c3
-rw-r--r--net/xfrm/xfrm_user.c57
32 files changed, 197 insertions, 134 deletions
diff --git a/net/batman-adv/bat_iv_ogm.c b/net/batman-adv/bat_iv_ogm.c
index df79300dcb7b..b02b75dae3a8 100644
--- a/net/batman-adv/bat_iv_ogm.c
+++ b/net/batman-adv/bat_iv_ogm.c
@@ -652,6 +652,7 @@ batadv_iv_ogm_orig_update(struct batadv_priv *bat_priv,
652 struct batadv_neigh_node *router = NULL; 652 struct batadv_neigh_node *router = NULL;
653 struct batadv_orig_node *orig_node_tmp; 653 struct batadv_orig_node *orig_node_tmp;
654 struct hlist_node *node; 654 struct hlist_node *node;
655 int if_num;
655 uint8_t sum_orig, sum_neigh; 656 uint8_t sum_orig, sum_neigh;
656 uint8_t *neigh_addr; 657 uint8_t *neigh_addr;
657 uint8_t tq_avg; 658 uint8_t tq_avg;
@@ -738,12 +739,14 @@ batadv_iv_ogm_orig_update(struct batadv_priv *bat_priv,
738 if (router && (neigh_node->tq_avg == router->tq_avg)) { 739 if (router && (neigh_node->tq_avg == router->tq_avg)) {
739 orig_node_tmp = router->orig_node; 740 orig_node_tmp = router->orig_node;
740 spin_lock_bh(&orig_node_tmp->ogm_cnt_lock); 741 spin_lock_bh(&orig_node_tmp->ogm_cnt_lock);
741 sum_orig = orig_node_tmp->bcast_own_sum[if_incoming->if_num]; 742 if_num = router->if_incoming->if_num;
743 sum_orig = orig_node_tmp->bcast_own_sum[if_num];
742 spin_unlock_bh(&orig_node_tmp->ogm_cnt_lock); 744 spin_unlock_bh(&orig_node_tmp->ogm_cnt_lock);
743 745
744 orig_node_tmp = neigh_node->orig_node; 746 orig_node_tmp = neigh_node->orig_node;
745 spin_lock_bh(&orig_node_tmp->ogm_cnt_lock); 747 spin_lock_bh(&orig_node_tmp->ogm_cnt_lock);
746 sum_neigh = orig_node_tmp->bcast_own_sum[if_incoming->if_num]; 748 if_num = neigh_node->if_incoming->if_num;
749 sum_neigh = orig_node_tmp->bcast_own_sum[if_num];
747 spin_unlock_bh(&orig_node_tmp->ogm_cnt_lock); 750 spin_unlock_bh(&orig_node_tmp->ogm_cnt_lock);
748 751
749 if (sum_orig >= sum_neigh) 752 if (sum_orig >= sum_neigh)
diff --git a/net/batman-adv/bitarray.h b/net/batman-adv/bitarray.h
index a081ce1c0514..cebaae7e148b 100644
--- a/net/batman-adv/bitarray.h
+++ b/net/batman-adv/bitarray.h
@@ -20,8 +20,8 @@
20#ifndef _NET_BATMAN_ADV_BITARRAY_H_ 20#ifndef _NET_BATMAN_ADV_BITARRAY_H_
21#define _NET_BATMAN_ADV_BITARRAY_H_ 21#define _NET_BATMAN_ADV_BITARRAY_H_
22 22
23/* returns true if the corresponding bit in the given seq_bits indicates true 23/* Returns 1 if the corresponding bit in the given seq_bits indicates true
24 * and curr_seqno is within range of last_seqno 24 * and curr_seqno is within range of last_seqno. Otherwise returns 0.
25 */ 25 */
26static inline int batadv_test_bit(const unsigned long *seq_bits, 26static inline int batadv_test_bit(const unsigned long *seq_bits,
27 uint32_t last_seqno, uint32_t curr_seqno) 27 uint32_t last_seqno, uint32_t curr_seqno)
@@ -32,7 +32,7 @@ static inline int batadv_test_bit(const unsigned long *seq_bits,
32 if (diff < 0 || diff >= BATADV_TQ_LOCAL_WINDOW_SIZE) 32 if (diff < 0 || diff >= BATADV_TQ_LOCAL_WINDOW_SIZE)
33 return 0; 33 return 0;
34 else 34 else
35 return test_bit(diff, seq_bits); 35 return test_bit(diff, seq_bits) != 0;
36} 36}
37 37
38/* turn corresponding bit on, so we can remember that we got the packet */ 38/* turn corresponding bit on, so we can remember that we got the packet */
diff --git a/net/batman-adv/soft-interface.c b/net/batman-adv/soft-interface.c
index 7b683e0bd668..b9a28d2dd3e8 100644
--- a/net/batman-adv/soft-interface.c
+++ b/net/batman-adv/soft-interface.c
@@ -107,18 +107,21 @@ static int batadv_interface_set_mac_addr(struct net_device *dev, void *p)
107{ 107{
108 struct batadv_priv *bat_priv = netdev_priv(dev); 108 struct batadv_priv *bat_priv = netdev_priv(dev);
109 struct sockaddr *addr = p; 109 struct sockaddr *addr = p;
110 uint8_t old_addr[ETH_ALEN];
110 111
111 if (!is_valid_ether_addr(addr->sa_data)) 112 if (!is_valid_ether_addr(addr->sa_data))
112 return -EADDRNOTAVAIL; 113 return -EADDRNOTAVAIL;
113 114
115 memcpy(old_addr, dev->dev_addr, ETH_ALEN);
116 memcpy(dev->dev_addr, addr->sa_data, ETH_ALEN);
117
114 /* only modify transtable if it has been initialized before */ 118 /* only modify transtable if it has been initialized before */
115 if (atomic_read(&bat_priv->mesh_state) == BATADV_MESH_ACTIVE) { 119 if (atomic_read(&bat_priv->mesh_state) == BATADV_MESH_ACTIVE) {
116 batadv_tt_local_remove(bat_priv, dev->dev_addr, 120 batadv_tt_local_remove(bat_priv, old_addr,
117 "mac address changed", false); 121 "mac address changed", false);
118 batadv_tt_local_add(dev, addr->sa_data, BATADV_NULL_IFINDEX); 122 batadv_tt_local_add(dev, addr->sa_data, BATADV_NULL_IFINDEX);
119 } 123 }
120 124
121 memcpy(dev->dev_addr, addr->sa_data, ETH_ALEN);
122 dev->addr_assign_type &= ~NET_ADDR_RANDOM; 125 dev->addr_assign_type &= ~NET_ADDR_RANDOM;
123 return 0; 126 return 0;
124} 127}
diff --git a/net/bluetooth/bnep/sock.c b/net/bluetooth/bnep/sock.c
index 5b6cc0bf4dec..e7154a58465f 100644
--- a/net/bluetooth/bnep/sock.c
+++ b/net/bluetooth/bnep/sock.c
@@ -64,7 +64,7 @@ static int bnep_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long
64 switch (cmd) { 64 switch (cmd) {
65 case BNEPCONNADD: 65 case BNEPCONNADD:
66 if (!capable(CAP_NET_ADMIN)) 66 if (!capable(CAP_NET_ADMIN))
67 return -EACCES; 67 return -EPERM;
68 68
69 if (copy_from_user(&ca, argp, sizeof(ca))) 69 if (copy_from_user(&ca, argp, sizeof(ca)))
70 return -EFAULT; 70 return -EFAULT;
@@ -90,7 +90,7 @@ static int bnep_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long
90 90
91 case BNEPCONNDEL: 91 case BNEPCONNDEL:
92 if (!capable(CAP_NET_ADMIN)) 92 if (!capable(CAP_NET_ADMIN))
93 return -EACCES; 93 return -EPERM;
94 94
95 if (copy_from_user(&cd, argp, sizeof(cd))) 95 if (copy_from_user(&cd, argp, sizeof(cd)))
96 return -EFAULT; 96 return -EFAULT;
diff --git a/net/bluetooth/cmtp/sock.c b/net/bluetooth/cmtp/sock.c
index d5cacef52748..aacb802d1ee4 100644
--- a/net/bluetooth/cmtp/sock.c
+++ b/net/bluetooth/cmtp/sock.c
@@ -78,7 +78,7 @@ static int cmtp_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long
78 switch (cmd) { 78 switch (cmd) {
79 case CMTPCONNADD: 79 case CMTPCONNADD:
80 if (!capable(CAP_NET_ADMIN)) 80 if (!capable(CAP_NET_ADMIN))
81 return -EACCES; 81 return -EPERM;
82 82
83 if (copy_from_user(&ca, argp, sizeof(ca))) 83 if (copy_from_user(&ca, argp, sizeof(ca)))
84 return -EFAULT; 84 return -EFAULT;
@@ -103,7 +103,7 @@ static int cmtp_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long
103 103
104 case CMTPCONNDEL: 104 case CMTPCONNDEL:
105 if (!capable(CAP_NET_ADMIN)) 105 if (!capable(CAP_NET_ADMIN))
106 return -EACCES; 106 return -EPERM;
107 107
108 if (copy_from_user(&cd, argp, sizeof(cd))) 108 if (copy_from_user(&cd, argp, sizeof(cd)))
109 return -EFAULT; 109 return -EFAULT;
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index fa974a19d365..8806869ad4d6 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -735,6 +735,8 @@ static int hci_dev_do_close(struct hci_dev *hdev)
735 735
736 cancel_work_sync(&hdev->le_scan); 736 cancel_work_sync(&hdev->le_scan);
737 737
738 cancel_delayed_work(&hdev->power_off);
739
738 hci_req_cancel(hdev, ENODEV); 740 hci_req_cancel(hdev, ENODEV);
739 hci_req_lock(hdev); 741 hci_req_lock(hdev);
740 742
diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c
index bb64331db3b7..07f073935811 100644
--- a/net/bluetooth/hci_sock.c
+++ b/net/bluetooth/hci_sock.c
@@ -490,7 +490,7 @@ static int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd,
490 switch (cmd) { 490 switch (cmd) {
491 case HCISETRAW: 491 case HCISETRAW:
492 if (!capable(CAP_NET_ADMIN)) 492 if (!capable(CAP_NET_ADMIN))
493 return -EACCES; 493 return -EPERM;
494 494
495 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks)) 495 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
496 return -EPERM; 496 return -EPERM;
@@ -510,12 +510,12 @@ static int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd,
510 510
511 case HCIBLOCKADDR: 511 case HCIBLOCKADDR:
512 if (!capable(CAP_NET_ADMIN)) 512 if (!capable(CAP_NET_ADMIN))
513 return -EACCES; 513 return -EPERM;
514 return hci_sock_blacklist_add(hdev, (void __user *) arg); 514 return hci_sock_blacklist_add(hdev, (void __user *) arg);
515 515
516 case HCIUNBLOCKADDR: 516 case HCIUNBLOCKADDR:
517 if (!capable(CAP_NET_ADMIN)) 517 if (!capable(CAP_NET_ADMIN))
518 return -EACCES; 518 return -EPERM;
519 return hci_sock_blacklist_del(hdev, (void __user *) arg); 519 return hci_sock_blacklist_del(hdev, (void __user *) arg);
520 520
521 default: 521 default:
@@ -546,22 +546,22 @@ static int hci_sock_ioctl(struct socket *sock, unsigned int cmd,
546 546
547 case HCIDEVUP: 547 case HCIDEVUP:
548 if (!capable(CAP_NET_ADMIN)) 548 if (!capable(CAP_NET_ADMIN))
549 return -EACCES; 549 return -EPERM;
550 return hci_dev_open(arg); 550 return hci_dev_open(arg);
551 551
552 case HCIDEVDOWN: 552 case HCIDEVDOWN:
553 if (!capable(CAP_NET_ADMIN)) 553 if (!capable(CAP_NET_ADMIN))
554 return -EACCES; 554 return -EPERM;
555 return hci_dev_close(arg); 555 return hci_dev_close(arg);
556 556
557 case HCIDEVRESET: 557 case HCIDEVRESET:
558 if (!capable(CAP_NET_ADMIN)) 558 if (!capable(CAP_NET_ADMIN))
559 return -EACCES; 559 return -EPERM;
560 return hci_dev_reset(arg); 560 return hci_dev_reset(arg);
561 561
562 case HCIDEVRESTAT: 562 case HCIDEVRESTAT:
563 if (!capable(CAP_NET_ADMIN)) 563 if (!capable(CAP_NET_ADMIN))
564 return -EACCES; 564 return -EPERM;
565 return hci_dev_reset_stat(arg); 565 return hci_dev_reset_stat(arg);
566 566
567 case HCISETSCAN: 567 case HCISETSCAN:
@@ -573,7 +573,7 @@ static int hci_sock_ioctl(struct socket *sock, unsigned int cmd,
573 case HCISETACLMTU: 573 case HCISETACLMTU:
574 case HCISETSCOMTU: 574 case HCISETSCOMTU:
575 if (!capable(CAP_NET_ADMIN)) 575 if (!capable(CAP_NET_ADMIN))
576 return -EACCES; 576 return -EPERM;
577 return hci_dev_cmd(cmd, argp); 577 return hci_dev_cmd(cmd, argp);
578 578
579 case HCIINQUIRY: 579 case HCIINQUIRY:
diff --git a/net/bluetooth/hidp/sock.c b/net/bluetooth/hidp/sock.c
index eca3889371c4..82a829d90b0f 100644
--- a/net/bluetooth/hidp/sock.c
+++ b/net/bluetooth/hidp/sock.c
@@ -62,7 +62,7 @@ static int hidp_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long
62 switch (cmd) { 62 switch (cmd) {
63 case HIDPCONNADD: 63 case HIDPCONNADD:
64 if (!capable(CAP_NET_ADMIN)) 64 if (!capable(CAP_NET_ADMIN))
65 return -EACCES; 65 return -EPERM;
66 66
67 if (copy_from_user(&ca, argp, sizeof(ca))) 67 if (copy_from_user(&ca, argp, sizeof(ca)))
68 return -EFAULT; 68 return -EFAULT;
@@ -97,7 +97,7 @@ static int hidp_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long
97 97
98 case HIDPCONNDEL: 98 case HIDPCONNDEL:
99 if (!capable(CAP_NET_ADMIN)) 99 if (!capable(CAP_NET_ADMIN))
100 return -EACCES; 100 return -EPERM;
101 101
102 if (copy_from_user(&cd, argp, sizeof(cd))) 102 if (copy_from_user(&cd, argp, sizeof(cd)))
103 return -EFAULT; 103 return -EFAULT;
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index e0abaf3cb6a5..bda526edfb9e 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -1025,7 +1025,7 @@ static void l2cap_send_disconn_req(struct l2cap_conn *conn, struct l2cap_chan *c
1025 if (!conn) 1025 if (!conn)
1026 return; 1026 return;
1027 1027
1028 if (chan->mode == L2CAP_MODE_ERTM) { 1028 if (chan->mode == L2CAP_MODE_ERTM && chan->state == BT_CONNECTED) {
1029 __clear_retrans_timer(chan); 1029 __clear_retrans_timer(chan);
1030 __clear_monitor_timer(chan); 1030 __clear_monitor_timer(chan);
1031 __clear_ack_timer(chan); 1031 __clear_ack_timer(chan);
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index a3329cbd3e4d..e3296319606b 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -2891,6 +2891,22 @@ int mgmt_powered(struct hci_dev *hdev, u8 powered)
2891 if (scan) 2891 if (scan)
2892 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan); 2892 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2893 2893
2894 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
2895 u8 ssp = 1;
2896
2897 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
2898 }
2899
2900 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2901 struct hci_cp_write_le_host_supported cp;
2902
2903 cp.le = 1;
2904 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
2905
2906 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED,
2907 sizeof(cp), &cp);
2908 }
2909
2894 update_class(hdev); 2910 update_class(hdev);
2895 update_name(hdev, hdev->dev_name); 2911 update_name(hdev, hdev->dev_name);
2896 update_eir(hdev); 2912 update_eir(hdev);
diff --git a/net/ceph/messenger.c b/net/ceph/messenger.c
index 24c5eea8c45b..159aa8bef9e7 100644
--- a/net/ceph/messenger.c
+++ b/net/ceph/messenger.c
@@ -1073,16 +1073,13 @@ static int write_partial_msg_pages(struct ceph_connection *con)
1073 BUG_ON(kaddr == NULL); 1073 BUG_ON(kaddr == NULL);
1074 base = kaddr + con->out_msg_pos.page_pos + bio_offset; 1074 base = kaddr + con->out_msg_pos.page_pos + bio_offset;
1075 crc = crc32c(crc, base, len); 1075 crc = crc32c(crc, base, len);
1076 kunmap(page);
1076 msg->footer.data_crc = cpu_to_le32(crc); 1077 msg->footer.data_crc = cpu_to_le32(crc);
1077 con->out_msg_pos.did_page_crc = true; 1078 con->out_msg_pos.did_page_crc = true;
1078 } 1079 }
1079 ret = ceph_tcp_sendpage(con->sock, page, 1080 ret = ceph_tcp_sendpage(con->sock, page,
1080 con->out_msg_pos.page_pos + bio_offset, 1081 con->out_msg_pos.page_pos + bio_offset,
1081 len, 1); 1082 len, 1);
1082
1083 if (do_datacrc)
1084 kunmap(page);
1085
1086 if (ret <= 0) 1083 if (ret <= 0)
1087 goto out; 1084 goto out;
1088 1085
diff --git a/net/core/dev.c b/net/core/dev.c
index 707b12425a79..3e645f3751bf 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -2156,7 +2156,8 @@ static bool can_checksum_protocol(netdev_features_t features, __be16 protocol)
2156static netdev_features_t harmonize_features(struct sk_buff *skb, 2156static netdev_features_t harmonize_features(struct sk_buff *skb,
2157 __be16 protocol, netdev_features_t features) 2157 __be16 protocol, netdev_features_t features)
2158{ 2158{
2159 if (!can_checksum_protocol(features, protocol)) { 2159 if (skb->ip_summed != CHECKSUM_NONE &&
2160 !can_checksum_protocol(features, protocol)) {
2160 features &= ~NETIF_F_ALL_CSUM; 2161 features &= ~NETIF_F_ALL_CSUM;
2161 features &= ~NETIF_F_SG; 2162 features &= ~NETIF_F_SG;
2162 } else if (illegal_highdma(skb->dev, skb)) { 2163 } else if (illegal_highdma(skb->dev, skb)) {
@@ -3345,7 +3346,7 @@ ncls:
3345 3346
3346 if (pt_prev) { 3347 if (pt_prev) {
3347 if (unlikely(skb_orphan_frags(skb, GFP_ATOMIC))) 3348 if (unlikely(skb_orphan_frags(skb, GFP_ATOMIC)))
3348 ret = -ENOMEM; 3349 goto drop;
3349 else 3350 else
3350 ret = pt_prev->func(skb, skb->dev, pt_prev, orig_dev); 3351 ret = pt_prev->func(skb, skb->dev, pt_prev, orig_dev);
3351 } else { 3352 } else {
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 607a70ff2cc2..d607bae075d5 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -3497,7 +3497,9 @@ bool skb_try_coalesce(struct sk_buff *to, struct sk_buff *from,
3497 if (!skb_cloned(from)) 3497 if (!skb_cloned(from))
3498 skb_shinfo(from)->nr_frags = 0; 3498 skb_shinfo(from)->nr_frags = 0;
3499 3499
3500 /* if the skb is cloned this does nothing since we set nr_frags to 0 */ 3500 /* if the skb is not cloned this does nothing
3501 * since we set nr_frags to 0.
3502 */
3501 for (i = 0; i < skb_shinfo(from)->nr_frags; i++) 3503 for (i = 0; i < skb_shinfo(from)->nr_frags; i++)
3502 skb_frag_ref(from, i); 3504 skb_frag_ref(from, i);
3503 3505
diff --git a/net/core/sock.c b/net/core/sock.c
index f5a426097236..7eac86463eb2 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -691,7 +691,8 @@ set_rcvbuf:
691 691
692 case SO_KEEPALIVE: 692 case SO_KEEPALIVE:
693#ifdef CONFIG_INET 693#ifdef CONFIG_INET
694 if (sk->sk_protocol == IPPROTO_TCP) 694 if (sk->sk_protocol == IPPROTO_TCP &&
695 sk->sk_type == SOCK_STREAM)
695 tcp_set_keepalive(sk, valbool); 696 tcp_set_keepalive(sk, valbool);
696#endif 697#endif
697 sock_valbool_flag(sk, SOCK_KEEPOPEN, valbool); 698 sock_valbool_flag(sk, SOCK_KEEPOPEN, valbool);
diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
index 7b00556e184b..2a6abc163ed2 100644
--- a/net/ipv4/devinet.c
+++ b/net/ipv4/devinet.c
@@ -722,7 +722,7 @@ int devinet_ioctl(struct net *net, unsigned int cmd, void __user *arg)
722 break; 722 break;
723 723
724 case SIOCSIFFLAGS: 724 case SIOCSIFFLAGS:
725 ret = -EACCES; 725 ret = -EPERM;
726 if (!capable(CAP_NET_ADMIN)) 726 if (!capable(CAP_NET_ADMIN))
727 goto out; 727 goto out;
728 break; 728 break;
@@ -730,7 +730,7 @@ int devinet_ioctl(struct net *net, unsigned int cmd, void __user *arg)
730 case SIOCSIFBRDADDR: /* Set the broadcast address */ 730 case SIOCSIFBRDADDR: /* Set the broadcast address */
731 case SIOCSIFDSTADDR: /* Set the destination address */ 731 case SIOCSIFDSTADDR: /* Set the destination address */
732 case SIOCSIFNETMASK: /* Set the netmask for the interface */ 732 case SIOCSIFNETMASK: /* Set the netmask for the interface */
733 ret = -EACCES; 733 ret = -EPERM;
734 if (!capable(CAP_NET_ADMIN)) 734 if (!capable(CAP_NET_ADMIN))
735 goto out; 735 goto out;
736 ret = -EINVAL; 736 ret = -EINVAL;
diff --git a/net/ipv4/inetpeer.c b/net/ipv4/inetpeer.c
index e1e0a4e8fd34..c7527f6b9ad9 100644
--- a/net/ipv4/inetpeer.c
+++ b/net/ipv4/inetpeer.c
@@ -510,7 +510,10 @@ relookup:
510 secure_ipv6_id(daddr->addr.a6)); 510 secure_ipv6_id(daddr->addr.a6));
511 p->metrics[RTAX_LOCK-1] = INETPEER_METRICS_NEW; 511 p->metrics[RTAX_LOCK-1] = INETPEER_METRICS_NEW;
512 p->rate_tokens = 0; 512 p->rate_tokens = 0;
513 p->rate_last = 0; 513 /* 60*HZ is arbitrary, but chosen enough high so that the first
514 * calculation of tokens is at its maximum.
515 */
516 p->rate_last = jiffies - 60*HZ;
514 INIT_LIST_HEAD(&p->gc_list); 517 INIT_LIST_HEAD(&p->gc_list);
515 518
516 /* Link the node. */ 519 /* Link the node. */
diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c
index f2425785d40a..73d1e4df4bf6 100644
--- a/net/ipv4/raw.c
+++ b/net/ipv4/raw.c
@@ -131,18 +131,20 @@ found:
131 * 0 - deliver 131 * 0 - deliver
132 * 1 - block 132 * 1 - block
133 */ 133 */
134static __inline__ int icmp_filter(struct sock *sk, struct sk_buff *skb) 134static int icmp_filter(const struct sock *sk, const struct sk_buff *skb)
135{ 135{
136 int type; 136 struct icmphdr _hdr;
137 const struct icmphdr *hdr;
137 138
138 if (!pskb_may_pull(skb, sizeof(struct icmphdr))) 139 hdr = skb_header_pointer(skb, skb_transport_offset(skb),
140 sizeof(_hdr), &_hdr);
141 if (!hdr)
139 return 1; 142 return 1;
140 143
141 type = icmp_hdr(skb)->type; 144 if (hdr->type < 32) {
142 if (type < 32) {
143 __u32 data = raw_sk(sk)->filter.data; 145 __u32 data = raw_sk(sk)->filter.data;
144 146
145 return ((1 << type) & data) != 0; 147 return ((1U << hdr->type) & data) != 0;
146 } 148 }
147 149
148 /* Do not block unknown ICMP types */ 150 /* Do not block unknown ICMP types */
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index 940f4f4cb201..ff622069fcef 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -202,11 +202,6 @@ EXPORT_SYMBOL(ip_tos2prio);
202static DEFINE_PER_CPU(struct rt_cache_stat, rt_cache_stat); 202static DEFINE_PER_CPU(struct rt_cache_stat, rt_cache_stat);
203#define RT_CACHE_STAT_INC(field) __this_cpu_inc(rt_cache_stat.field) 203#define RT_CACHE_STAT_INC(field) __this_cpu_inc(rt_cache_stat.field)
204 204
205static inline int rt_genid(struct net *net)
206{
207 return atomic_read(&net->ipv4.rt_genid);
208}
209
210#ifdef CONFIG_PROC_FS 205#ifdef CONFIG_PROC_FS
211static void *rt_cache_seq_start(struct seq_file *seq, loff_t *pos) 206static void *rt_cache_seq_start(struct seq_file *seq, loff_t *pos)
212{ 207{
@@ -449,7 +444,7 @@ static inline bool rt_is_expired(const struct rtable *rth)
449 444
450void rt_cache_flush(struct net *net) 445void rt_cache_flush(struct net *net)
451{ 446{
452 atomic_inc(&net->ipv4.rt_genid); 447 rt_genid_bump(net);
453} 448}
454 449
455static struct neighbour *ipv4_neigh_lookup(const struct dst_entry *dst, 450static struct neighbour *ipv4_neigh_lookup(const struct dst_entry *dst,
@@ -2506,7 +2501,7 @@ static __net_initdata struct pernet_operations sysctl_route_ops = {
2506 2501
2507static __net_init int rt_genid_init(struct net *net) 2502static __net_init int rt_genid_init(struct net *net)
2508{ 2503{
2509 atomic_set(&net->ipv4.rt_genid, 0); 2504 atomic_set(&net->rt_genid, 0);
2510 get_random_bytes(&net->ipv4.dev_addr_genid, 2505 get_random_bytes(&net->ipv4.dev_addr_genid,
2511 sizeof(net->ipv4.dev_addr_genid)); 2506 sizeof(net->ipv4.dev_addr_genid));
2512 return 0; 2507 return 0;
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index 72ea4752f21b..f32c02e2a543 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -1738,8 +1738,14 @@ int tcp_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
1738 } 1738 }
1739 1739
1740#ifdef CONFIG_NET_DMA 1740#ifdef CONFIG_NET_DMA
1741 if (tp->ucopy.dma_chan) 1741 if (tp->ucopy.dma_chan) {
1742 dma_async_memcpy_issue_pending(tp->ucopy.dma_chan); 1742 if (tp->rcv_wnd == 0 &&
1743 !skb_queue_empty(&sk->sk_async_wait_queue)) {
1744 tcp_service_net_dma(sk, true);
1745 tcp_cleanup_rbuf(sk, copied);
1746 } else
1747 dma_async_memcpy_issue_pending(tp->ucopy.dma_chan);
1748 }
1743#endif 1749#endif
1744 if (copied >= target) { 1750 if (copied >= target) {
1745 /* Do not sleep, just process backlog. */ 1751 /* Do not sleep, just process backlog. */
@@ -2320,10 +2326,17 @@ static int tcp_repair_options_est(struct tcp_sock *tp,
2320 tp->rx_opt.mss_clamp = opt.opt_val; 2326 tp->rx_opt.mss_clamp = opt.opt_val;
2321 break; 2327 break;
2322 case TCPOPT_WINDOW: 2328 case TCPOPT_WINDOW:
2323 if (opt.opt_val > 14) 2329 {
2324 return -EFBIG; 2330 u16 snd_wscale = opt.opt_val & 0xFFFF;
2331 u16 rcv_wscale = opt.opt_val >> 16;
2332
2333 if (snd_wscale > 14 || rcv_wscale > 14)
2334 return -EFBIG;
2325 2335
2326 tp->rx_opt.snd_wscale = opt.opt_val; 2336 tp->rx_opt.snd_wscale = snd_wscale;
2337 tp->rx_opt.rcv_wscale = rcv_wscale;
2338 tp->rx_opt.wscale_ok = 1;
2339 }
2327 break; 2340 break;
2328 case TCPOPT_SACK_PERM: 2341 case TCPOPT_SACK_PERM:
2329 if (opt.opt_val != 0) 2342 if (opt.opt_val != 0)
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index e037697c3b77..432c36649db3 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -4634,7 +4634,7 @@ queue_and_out:
4634 4634
4635 if (eaten > 0) 4635 if (eaten > 0)
4636 kfree_skb_partial(skb, fragstolen); 4636 kfree_skb_partial(skb, fragstolen);
4637 else if (!sock_flag(sk, SOCK_DEAD)) 4637 if (!sock_flag(sk, SOCK_DEAD))
4638 sk->sk_data_ready(sk, 0); 4638 sk->sk_data_ready(sk, 0);
4639 return; 4639 return;
4640 } 4640 }
@@ -5529,8 +5529,7 @@ no_ack:
5529#endif 5529#endif
5530 if (eaten) 5530 if (eaten)
5531 kfree_skb_partial(skb, fragstolen); 5531 kfree_skb_partial(skb, fragstolen);
5532 else 5532 sk->sk_data_ready(sk, 0);
5533 sk->sk_data_ready(sk, 0);
5534 return 0; 5533 return 0;
5535 } 5534 }
5536 } 5535 }
diff --git a/net/ipv6/inet6_connection_sock.c b/net/ipv6/inet6_connection_sock.c
index 0251a6005be8..c4f934176cab 100644
--- a/net/ipv6/inet6_connection_sock.c
+++ b/net/ipv6/inet6_connection_sock.c
@@ -175,33 +175,12 @@ void __inet6_csk_dst_store(struct sock *sk, struct dst_entry *dst,
175 const struct in6_addr *saddr) 175 const struct in6_addr *saddr)
176{ 176{
177 __ip6_dst_store(sk, dst, daddr, saddr); 177 __ip6_dst_store(sk, dst, daddr, saddr);
178
179#ifdef CONFIG_XFRM
180 {
181 struct rt6_info *rt = (struct rt6_info *)dst;
182 rt->rt6i_flow_cache_genid = atomic_read(&flow_cache_genid);
183 }
184#endif
185} 178}
186 179
187static inline 180static inline
188struct dst_entry *__inet6_csk_dst_check(struct sock *sk, u32 cookie) 181struct dst_entry *__inet6_csk_dst_check(struct sock *sk, u32 cookie)
189{ 182{
190 struct dst_entry *dst; 183 return __sk_dst_check(sk, cookie);
191
192 dst = __sk_dst_check(sk, cookie);
193
194#ifdef CONFIG_XFRM
195 if (dst) {
196 struct rt6_info *rt = (struct rt6_info *)dst;
197 if (rt->rt6i_flow_cache_genid != atomic_read(&flow_cache_genid)) {
198 __sk_dst_reset(sk);
199 dst = NULL;
200 }
201 }
202#endif
203
204 return dst;
205} 184}
206 185
207static struct dst_entry *inet6_csk_route_socket(struct sock *sk, 186static struct dst_entry *inet6_csk_route_socket(struct sock *sk,
diff --git a/net/ipv6/ip6_fib.c b/net/ipv6/ip6_fib.c
index 13690d650c3e..286acfc21250 100644
--- a/net/ipv6/ip6_fib.c
+++ b/net/ipv6/ip6_fib.c
@@ -819,6 +819,10 @@ int fib6_add(struct fib6_node *root, struct rt6_info *rt, struct nl_info *info)
819 offsetof(struct rt6_info, rt6i_src), 819 offsetof(struct rt6_info, rt6i_src),
820 allow_create, replace_required); 820 allow_create, replace_required);
821 821
822 if (IS_ERR(sn)) {
823 err = PTR_ERR(sn);
824 sn = NULL;
825 }
822 if (!sn) { 826 if (!sn) {
823 /* If it is failed, discard just allocated 827 /* If it is failed, discard just allocated
824 root, and then (in st_failure) stale node 828 root, and then (in st_failure) stale node
diff --git a/net/ipv6/mip6.c b/net/ipv6/mip6.c
index 5b087c31d87b..0f9bdc5ee9f3 100644
--- a/net/ipv6/mip6.c
+++ b/net/ipv6/mip6.c
@@ -86,28 +86,30 @@ static int mip6_mh_len(int type)
86 86
87static int mip6_mh_filter(struct sock *sk, struct sk_buff *skb) 87static int mip6_mh_filter(struct sock *sk, struct sk_buff *skb)
88{ 88{
89 struct ip6_mh *mh; 89 struct ip6_mh _hdr;
90 const struct ip6_mh *mh;
90 91
91 if (!pskb_may_pull(skb, (skb_transport_offset(skb)) + 8) || 92 mh = skb_header_pointer(skb, skb_transport_offset(skb),
92 !pskb_may_pull(skb, (skb_transport_offset(skb) + 93 sizeof(_hdr), &_hdr);
93 ((skb_transport_header(skb)[1] + 1) << 3)))) 94 if (!mh)
94 return -1; 95 return -1;
95 96
96 mh = (struct ip6_mh *)skb_transport_header(skb); 97 if (((mh->ip6mh_hdrlen + 1) << 3) > skb->len)
98 return -1;
97 99
98 if (mh->ip6mh_hdrlen < mip6_mh_len(mh->ip6mh_type)) { 100 if (mh->ip6mh_hdrlen < mip6_mh_len(mh->ip6mh_type)) {
99 LIMIT_NETDEBUG(KERN_DEBUG "mip6: MH message too short: %d vs >=%d\n", 101 LIMIT_NETDEBUG(KERN_DEBUG "mip6: MH message too short: %d vs >=%d\n",
100 mh->ip6mh_hdrlen, mip6_mh_len(mh->ip6mh_type)); 102 mh->ip6mh_hdrlen, mip6_mh_len(mh->ip6mh_type));
101 mip6_param_prob(skb, 0, ((&mh->ip6mh_hdrlen) - 103 mip6_param_prob(skb, 0, offsetof(struct ip6_mh, ip6mh_hdrlen) +
102 skb_network_header(skb))); 104 skb_network_header_len(skb));
103 return -1; 105 return -1;
104 } 106 }
105 107
106 if (mh->ip6mh_proto != IPPROTO_NONE) { 108 if (mh->ip6mh_proto != IPPROTO_NONE) {
107 LIMIT_NETDEBUG(KERN_DEBUG "mip6: MH invalid payload proto = %d\n", 109 LIMIT_NETDEBUG(KERN_DEBUG "mip6: MH invalid payload proto = %d\n",
108 mh->ip6mh_proto); 110 mh->ip6mh_proto);
109 mip6_param_prob(skb, 0, ((&mh->ip6mh_proto) - 111 mip6_param_prob(skb, 0, offsetof(struct ip6_mh, ip6mh_proto) +
110 skb_network_header(skb))); 112 skb_network_header_len(skb));
111 return -1; 113 return -1;
112 } 114 }
113 115
diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c
index 7af88ef01657..d8e95c77db99 100644
--- a/net/ipv6/raw.c
+++ b/net/ipv6/raw.c
@@ -107,21 +107,20 @@ found:
107 * 0 - deliver 107 * 0 - deliver
108 * 1 - block 108 * 1 - block
109 */ 109 */
110static __inline__ int icmpv6_filter(struct sock *sk, struct sk_buff *skb) 110static int icmpv6_filter(const struct sock *sk, const struct sk_buff *skb)
111{ 111{
112 struct icmp6hdr *icmph; 112 struct icmp6hdr *_hdr;
113 struct raw6_sock *rp = raw6_sk(sk); 113 const struct icmp6hdr *hdr;
114
115 if (pskb_may_pull(skb, sizeof(struct icmp6hdr))) {
116 __u32 *data = &rp->filter.data[0];
117 int bit_nr;
118 114
119 icmph = (struct icmp6hdr *) skb->data; 115 hdr = skb_header_pointer(skb, skb_transport_offset(skb),
120 bit_nr = icmph->icmp6_type; 116 sizeof(_hdr), &_hdr);
117 if (hdr) {
118 const __u32 *data = &raw6_sk(sk)->filter.data[0];
119 unsigned int type = hdr->icmp6_type;
121 120
122 return (data[bit_nr >> 5] & (1 << (bit_nr & 31))) != 0; 121 return (data[type >> 5] & (1U << (type & 31))) != 0;
123 } 122 }
124 return 0; 123 return 1;
125} 124}
126 125
127#if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE) 126#if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE)
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index 0607ee3a0eac..d1ddbc6ddac5 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -226,7 +226,7 @@ static const struct rt6_info ip6_null_entry_template = {
226 .dst = { 226 .dst = {
227 .__refcnt = ATOMIC_INIT(1), 227 .__refcnt = ATOMIC_INIT(1),
228 .__use = 1, 228 .__use = 1,
229 .obsolete = -1, 229 .obsolete = DST_OBSOLETE_FORCE_CHK,
230 .error = -ENETUNREACH, 230 .error = -ENETUNREACH,
231 .input = ip6_pkt_discard, 231 .input = ip6_pkt_discard,
232 .output = ip6_pkt_discard_out, 232 .output = ip6_pkt_discard_out,
@@ -246,7 +246,7 @@ static const struct rt6_info ip6_prohibit_entry_template = {
246 .dst = { 246 .dst = {
247 .__refcnt = ATOMIC_INIT(1), 247 .__refcnt = ATOMIC_INIT(1),
248 .__use = 1, 248 .__use = 1,
249 .obsolete = -1, 249 .obsolete = DST_OBSOLETE_FORCE_CHK,
250 .error = -EACCES, 250 .error = -EACCES,
251 .input = ip6_pkt_prohibit, 251 .input = ip6_pkt_prohibit,
252 .output = ip6_pkt_prohibit_out, 252 .output = ip6_pkt_prohibit_out,
@@ -261,7 +261,7 @@ static const struct rt6_info ip6_blk_hole_entry_template = {
261 .dst = { 261 .dst = {
262 .__refcnt = ATOMIC_INIT(1), 262 .__refcnt = ATOMIC_INIT(1),
263 .__use = 1, 263 .__use = 1,
264 .obsolete = -1, 264 .obsolete = DST_OBSOLETE_FORCE_CHK,
265 .error = -EINVAL, 265 .error = -EINVAL,
266 .input = dst_discard, 266 .input = dst_discard,
267 .output = dst_discard, 267 .output = dst_discard,
@@ -281,13 +281,14 @@ static inline struct rt6_info *ip6_dst_alloc(struct net *net,
281 struct fib6_table *table) 281 struct fib6_table *table)
282{ 282{
283 struct rt6_info *rt = dst_alloc(&net->ipv6.ip6_dst_ops, dev, 283 struct rt6_info *rt = dst_alloc(&net->ipv6.ip6_dst_ops, dev,
284 0, DST_OBSOLETE_NONE, flags); 284 0, DST_OBSOLETE_FORCE_CHK, flags);
285 285
286 if (rt) { 286 if (rt) {
287 struct dst_entry *dst = &rt->dst; 287 struct dst_entry *dst = &rt->dst;
288 288
289 memset(dst + 1, 0, sizeof(*rt) - sizeof(*dst)); 289 memset(dst + 1, 0, sizeof(*rt) - sizeof(*dst));
290 rt6_init_peer(rt, table ? &table->tb6_peers : net->ipv6.peers); 290 rt6_init_peer(rt, table ? &table->tb6_peers : net->ipv6.peers);
291 rt->rt6i_genid = rt_genid(net);
291 } 292 }
292 return rt; 293 return rt;
293} 294}
@@ -1022,6 +1023,13 @@ static struct dst_entry *ip6_dst_check(struct dst_entry *dst, u32 cookie)
1022 1023
1023 rt = (struct rt6_info *) dst; 1024 rt = (struct rt6_info *) dst;
1024 1025
1026 /* All IPV6 dsts are created with ->obsolete set to the value
1027 * DST_OBSOLETE_FORCE_CHK which forces validation calls down
1028 * into this function always.
1029 */
1030 if (rt->rt6i_genid != rt_genid(dev_net(rt->dst.dev)))
1031 return NULL;
1032
1025 if (rt->rt6i_node && (rt->rt6i_node->fn_sernum == cookie)) { 1033 if (rt->rt6i_node && (rt->rt6i_node->fn_sernum == cookie)) {
1026 if (rt->rt6i_peer_genid != rt6_peer_genid()) { 1034 if (rt->rt6i_peer_genid != rt6_peer_genid()) {
1027 if (!rt6_has_peer(rt)) 1035 if (!rt6_has_peer(rt))
@@ -1388,8 +1396,6 @@ int ip6_route_add(struct fib6_config *cfg)
1388 goto out; 1396 goto out;
1389 } 1397 }
1390 1398
1391 rt->dst.obsolete = -1;
1392
1393 if (cfg->fc_flags & RTF_EXPIRES) 1399 if (cfg->fc_flags & RTF_EXPIRES)
1394 rt6_set_expires(rt, jiffies + 1400 rt6_set_expires(rt, jiffies +
1395 clock_t_to_jiffies(cfg->fc_expires)); 1401 clock_t_to_jiffies(cfg->fc_expires));
@@ -2084,7 +2090,6 @@ struct rt6_info *addrconf_dst_alloc(struct inet6_dev *idev,
2084 rt->dst.input = ip6_input; 2090 rt->dst.input = ip6_input;
2085 rt->dst.output = ip6_output; 2091 rt->dst.output = ip6_output;
2086 rt->rt6i_idev = idev; 2092 rt->rt6i_idev = idev;
2087 rt->dst.obsolete = -1;
2088 2093
2089 rt->rt6i_flags = RTF_UP | RTF_NONEXTHOP; 2094 rt->rt6i_flags = RTF_UP | RTF_NONEXTHOP;
2090 if (anycast) 2095 if (anycast)
diff --git a/net/l2tp/l2tp_netlink.c b/net/l2tp/l2tp_netlink.c
index 6ec3f67ad3f1..6c4cc12c7414 100644
--- a/net/l2tp/l2tp_netlink.c
+++ b/net/l2tp/l2tp_netlink.c
@@ -80,8 +80,8 @@ static int l2tp_nl_cmd_noop(struct sk_buff *skb, struct genl_info *info)
80 80
81 hdr = genlmsg_put(msg, info->snd_portid, info->snd_seq, 81 hdr = genlmsg_put(msg, info->snd_portid, info->snd_seq,
82 &l2tp_nl_family, 0, L2TP_CMD_NOOP); 82 &l2tp_nl_family, 0, L2TP_CMD_NOOP);
83 if (IS_ERR(hdr)) { 83 if (!hdr) {
84 ret = PTR_ERR(hdr); 84 ret = -EMSGSIZE;
85 goto err_out; 85 goto err_out;
86 } 86 }
87 87
@@ -250,8 +250,8 @@ static int l2tp_nl_tunnel_send(struct sk_buff *skb, u32 portid, u32 seq, int fla
250 250
251 hdr = genlmsg_put(skb, portid, seq, &l2tp_nl_family, flags, 251 hdr = genlmsg_put(skb, portid, seq, &l2tp_nl_family, flags,
252 L2TP_CMD_TUNNEL_GET); 252 L2TP_CMD_TUNNEL_GET);
253 if (IS_ERR(hdr)) 253 if (!hdr)
254 return PTR_ERR(hdr); 254 return -EMSGSIZE;
255 255
256 if (nla_put_u8(skb, L2TP_ATTR_PROTO_VERSION, tunnel->version) || 256 if (nla_put_u8(skb, L2TP_ATTR_PROTO_VERSION, tunnel->version) ||
257 nla_put_u32(skb, L2TP_ATTR_CONN_ID, tunnel->tunnel_id) || 257 nla_put_u32(skb, L2TP_ATTR_CONN_ID, tunnel->tunnel_id) ||
@@ -617,8 +617,8 @@ static int l2tp_nl_session_send(struct sk_buff *skb, u32 portid, u32 seq, int fl
617 sk = tunnel->sock; 617 sk = tunnel->sock;
618 618
619 hdr = genlmsg_put(skb, portid, seq, &l2tp_nl_family, flags, L2TP_CMD_SESSION_GET); 619 hdr = genlmsg_put(skb, portid, seq, &l2tp_nl_family, flags, L2TP_CMD_SESSION_GET);
620 if (IS_ERR(hdr)) 620 if (!hdr)
621 return PTR_ERR(hdr); 621 return -EMSGSIZE;
622 622
623 if (nla_put_u32(skb, L2TP_ATTR_CONN_ID, tunnel->tunnel_id) || 623 if (nla_put_u32(skb, L2TP_ATTR_CONN_ID, tunnel->tunnel_id) ||
624 nla_put_u32(skb, L2TP_ATTR_SESSION_ID, session->session_id) || 624 nla_put_u32(skb, L2TP_ATTR_SESSION_ID, session->session_id) ||
diff --git a/net/netfilter/xt_limit.c b/net/netfilter/xt_limit.c
index 5c22ce8ab309..a4c1e4528cac 100644
--- a/net/netfilter/xt_limit.c
+++ b/net/netfilter/xt_limit.c
@@ -117,11 +117,11 @@ static int limit_mt_check(const struct xt_mtchk_param *par)
117 117
118 /* For SMP, we only want to use one set of state. */ 118 /* For SMP, we only want to use one set of state. */
119 r->master = priv; 119 r->master = priv;
120 /* User avg in seconds * XT_LIMIT_SCALE: convert to jiffies *
121 128. */
122 priv->prev = jiffies;
123 priv->credit = user2credits(r->avg * r->burst); /* Credits full. */
120 if (r->cost == 0) { 124 if (r->cost == 0) {
121 /* User avg in seconds * XT_LIMIT_SCALE: convert to jiffies *
122 128. */
123 priv->prev = jiffies;
124 priv->credit = user2credits(r->avg * r->burst); /* Credits full. */
125 r->credit_cap = priv->credit; /* Credits full. */ 125 r->credit_cap = priv->credit; /* Credits full. */
126 r->cost = user2credits(r->avg); 126 r->cost = user2credits(r->avg);
127 } 127 }
diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c
index 1b9024ee963c..7261eb81974f 100644
--- a/net/netrom/af_netrom.c
+++ b/net/netrom/af_netrom.c
@@ -601,7 +601,7 @@ static int nr_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
601 if (!capable(CAP_NET_BIND_SERVICE)) { 601 if (!capable(CAP_NET_BIND_SERVICE)) {
602 dev_put(dev); 602 dev_put(dev);
603 release_sock(sk); 603 release_sock(sk);
604 return -EACCES; 604 return -EPERM;
605 } 605 }
606 nr->user_addr = addr->fsa_digipeater[0]; 606 nr->user_addr = addr->fsa_digipeater[0];
607 nr->source_addr = addr->fsa_ax25.sax25_call; 607 nr->source_addr = addr->fsa_ax25.sax25_call;
diff --git a/net/sched/sch_qfq.c b/net/sched/sch_qfq.c
index 25566208f12b..f0dd83cff906 100644
--- a/net/sched/sch_qfq.c
+++ b/net/sched/sch_qfq.c
@@ -865,7 +865,10 @@ static void qfq_update_start(struct qfq_sched *q, struct qfq_class *cl)
865 if (mask) { 865 if (mask) {
866 struct qfq_group *next = qfq_ffs(q, mask); 866 struct qfq_group *next = qfq_ffs(q, mask);
867 if (qfq_gt(roundedF, next->F)) { 867 if (qfq_gt(roundedF, next->F)) {
868 cl->S = next->F; 868 if (qfq_gt(limit, next->F))
869 cl->S = next->F;
870 else /* preserve timestamp correctness */
871 cl->S = limit;
869 return; 872 return;
870 } 873 }
871 } 874 }
diff --git a/net/wireless/reg.c b/net/wireless/reg.c
index 1ad04e54014c..4de18ae18d34 100644
--- a/net/wireless/reg.c
+++ b/net/wireless/reg.c
@@ -350,6 +350,9 @@ static void reg_regdb_search(struct work_struct *work)
350 struct reg_regdb_search_request *request; 350 struct reg_regdb_search_request *request;
351 const struct ieee80211_regdomain *curdom, *regdom; 351 const struct ieee80211_regdomain *curdom, *regdom;
352 int i, r; 352 int i, r;
353 bool set_reg = false;
354
355 mutex_lock(&cfg80211_mutex);
353 356
354 mutex_lock(&reg_regdb_search_mutex); 357 mutex_lock(&reg_regdb_search_mutex);
355 while (!list_empty(&reg_regdb_search_list)) { 358 while (!list_empty(&reg_regdb_search_list)) {
@@ -365,9 +368,7 @@ static void reg_regdb_search(struct work_struct *work)
365 r = reg_copy_regd(&regdom, curdom); 368 r = reg_copy_regd(&regdom, curdom);
366 if (r) 369 if (r)
367 break; 370 break;
368 mutex_lock(&cfg80211_mutex); 371 set_reg = true;
369 set_regdom(regdom);
370 mutex_unlock(&cfg80211_mutex);
371 break; 372 break;
372 } 373 }
373 } 374 }
@@ -375,6 +376,11 @@ static void reg_regdb_search(struct work_struct *work)
375 kfree(request); 376 kfree(request);
376 } 377 }
377 mutex_unlock(&reg_regdb_search_mutex); 378 mutex_unlock(&reg_regdb_search_mutex);
379
380 if (set_reg)
381 set_regdom(regdom);
382
383 mutex_unlock(&cfg80211_mutex);
378} 384}
379 385
380static DECLARE_WORK(reg_regdb_work, reg_regdb_search); 386static DECLARE_WORK(reg_regdb_work, reg_regdb_search);
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 741a32aa512e..f4e0a6a148a5 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -602,6 +602,7 @@ int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl)
602 xfrm_pol_hold(policy); 602 xfrm_pol_hold(policy);
603 net->xfrm.policy_count[dir]++; 603 net->xfrm.policy_count[dir]++;
604 atomic_inc(&flow_cache_genid); 604 atomic_inc(&flow_cache_genid);
605 rt_genid_bump(net);
605 if (delpol) 606 if (delpol)
606 __xfrm_policy_unlink(delpol, dir); 607 __xfrm_policy_unlink(delpol, dir);
607 policy->index = delpol ? delpol->index : xfrm_gen_index(net, dir); 608 policy->index = delpol ? delpol->index : xfrm_gen_index(net, dir);
@@ -1780,7 +1781,7 @@ static struct dst_entry *make_blackhole(struct net *net, u16 family,
1780 1781
1781 if (!afinfo) { 1782 if (!afinfo) {
1782 dst_release(dst_orig); 1783 dst_release(dst_orig);
1783 ret = ERR_PTR(-EINVAL); 1784 return ERR_PTR(-EINVAL);
1784 } else { 1785 } else {
1785 ret = afinfo->blackhole_route(net, dst_orig); 1786 ret = afinfo->blackhole_route(net, dst_orig);
1786 } 1787 }
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 5d6eb4b3c089..94a2a1f726f9 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -123,9 +123,21 @@ static inline int verify_replay(struct xfrm_usersa_info *p,
123 struct nlattr **attrs) 123 struct nlattr **attrs)
124{ 124{
125 struct nlattr *rt = attrs[XFRMA_REPLAY_ESN_VAL]; 125 struct nlattr *rt = attrs[XFRMA_REPLAY_ESN_VAL];
126 struct xfrm_replay_state_esn *rs;
126 127
127 if ((p->flags & XFRM_STATE_ESN) && !rt) 128 if (p->flags & XFRM_STATE_ESN) {
128 return -EINVAL; 129 if (!rt)
130 return -EINVAL;
131
132 rs = nla_data(rt);
133
134 if (rs->bmp_len > XFRMA_REPLAY_ESN_MAX / sizeof(rs->bmp[0]) / 8)
135 return -EINVAL;
136
137 if (nla_len(rt) < xfrm_replay_state_esn_len(rs) &&
138 nla_len(rt) != sizeof(*rs))
139 return -EINVAL;
140 }
129 141
130 if (!rt) 142 if (!rt)
131 return 0; 143 return 0;
@@ -370,14 +382,15 @@ static inline int xfrm_replay_verify_len(struct xfrm_replay_state_esn *replay_es
370 struct nlattr *rp) 382 struct nlattr *rp)
371{ 383{
372 struct xfrm_replay_state_esn *up; 384 struct xfrm_replay_state_esn *up;
385 int ulen;
373 386
374 if (!replay_esn || !rp) 387 if (!replay_esn || !rp)
375 return 0; 388 return 0;
376 389
377 up = nla_data(rp); 390 up = nla_data(rp);
391 ulen = xfrm_replay_state_esn_len(up);
378 392
379 if (xfrm_replay_state_esn_len(replay_esn) != 393 if (nla_len(rp) < ulen || xfrm_replay_state_esn_len(replay_esn) != ulen)
380 xfrm_replay_state_esn_len(up))
381 return -EINVAL; 394 return -EINVAL;
382 395
383 return 0; 396 return 0;
@@ -388,22 +401,28 @@ static int xfrm_alloc_replay_state_esn(struct xfrm_replay_state_esn **replay_esn
388 struct nlattr *rta) 401 struct nlattr *rta)
389{ 402{
390 struct xfrm_replay_state_esn *p, *pp, *up; 403 struct xfrm_replay_state_esn *p, *pp, *up;
404 int klen, ulen;
391 405
392 if (!rta) 406 if (!rta)
393 return 0; 407 return 0;
394 408
395 up = nla_data(rta); 409 up = nla_data(rta);
410 klen = xfrm_replay_state_esn_len(up);
411 ulen = nla_len(rta) >= klen ? klen : sizeof(*up);
396 412
397 p = kmemdup(up, xfrm_replay_state_esn_len(up), GFP_KERNEL); 413 p = kzalloc(klen, GFP_KERNEL);
398 if (!p) 414 if (!p)
399 return -ENOMEM; 415 return -ENOMEM;
400 416
401 pp = kmemdup(up, xfrm_replay_state_esn_len(up), GFP_KERNEL); 417 pp = kzalloc(klen, GFP_KERNEL);
402 if (!pp) { 418 if (!pp) {
403 kfree(p); 419 kfree(p);
404 return -ENOMEM; 420 return -ENOMEM;
405 } 421 }
406 422
423 memcpy(p, up, ulen);
424 memcpy(pp, up, ulen);
425
407 *replay_esn = p; 426 *replay_esn = p;
408 *preplay_esn = pp; 427 *preplay_esn = pp;
409 428
@@ -442,10 +461,11 @@ static void copy_from_user_state(struct xfrm_state *x, struct xfrm_usersa_info *
442 * somehow made shareable and move it to xfrm_state.c - JHS 461 * somehow made shareable and move it to xfrm_state.c - JHS
443 * 462 *
444*/ 463*/
445static void xfrm_update_ae_params(struct xfrm_state *x, struct nlattr **attrs) 464static void xfrm_update_ae_params(struct xfrm_state *x, struct nlattr **attrs,
465 int update_esn)
446{ 466{
447 struct nlattr *rp = attrs[XFRMA_REPLAY_VAL]; 467 struct nlattr *rp = attrs[XFRMA_REPLAY_VAL];
448 struct nlattr *re = attrs[XFRMA_REPLAY_ESN_VAL]; 468 struct nlattr *re = update_esn ? attrs[XFRMA_REPLAY_ESN_VAL] : NULL;
449 struct nlattr *lt = attrs[XFRMA_LTIME_VAL]; 469 struct nlattr *lt = attrs[XFRMA_LTIME_VAL];
450 struct nlattr *et = attrs[XFRMA_ETIMER_THRESH]; 470 struct nlattr *et = attrs[XFRMA_ETIMER_THRESH];
451 struct nlattr *rt = attrs[XFRMA_REPLAY_THRESH]; 471 struct nlattr *rt = attrs[XFRMA_REPLAY_THRESH];
@@ -555,7 +575,7 @@ static struct xfrm_state *xfrm_state_construct(struct net *net,
555 goto error; 575 goto error;
556 576
557 /* override default values from above */ 577 /* override default values from above */
558 xfrm_update_ae_params(x, attrs); 578 xfrm_update_ae_params(x, attrs, 0);
559 579
560 return x; 580 return x;
561 581
@@ -689,6 +709,7 @@ out:
689 709
690static void copy_to_user_state(struct xfrm_state *x, struct xfrm_usersa_info *p) 710static void copy_to_user_state(struct xfrm_state *x, struct xfrm_usersa_info *p)
691{ 711{
712 memset(p, 0, sizeof(*p));
692 memcpy(&p->id, &x->id, sizeof(p->id)); 713 memcpy(&p->id, &x->id, sizeof(p->id));
693 memcpy(&p->sel, &x->sel, sizeof(p->sel)); 714 memcpy(&p->sel, &x->sel, sizeof(p->sel));
694 memcpy(&p->lft, &x->lft, sizeof(p->lft)); 715 memcpy(&p->lft, &x->lft, sizeof(p->lft));
@@ -742,7 +763,7 @@ static int copy_to_user_auth(struct xfrm_algo_auth *auth, struct sk_buff *skb)
742 return -EMSGSIZE; 763 return -EMSGSIZE;
743 764
744 algo = nla_data(nla); 765 algo = nla_data(nla);
745 strcpy(algo->alg_name, auth->alg_name); 766 strncpy(algo->alg_name, auth->alg_name, sizeof(algo->alg_name));
746 memcpy(algo->alg_key, auth->alg_key, (auth->alg_key_len + 7) / 8); 767 memcpy(algo->alg_key, auth->alg_key, (auth->alg_key_len + 7) / 8);
747 algo->alg_key_len = auth->alg_key_len; 768 algo->alg_key_len = auth->alg_key_len;
748 769
@@ -878,6 +899,7 @@ static struct sk_buff *xfrm_state_netlink(struct sk_buff *in_skb,
878{ 899{
879 struct xfrm_dump_info info; 900 struct xfrm_dump_info info;
880 struct sk_buff *skb; 901 struct sk_buff *skb;
902 int err;
881 903
882 skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC); 904 skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
883 if (!skb) 905 if (!skb)
@@ -888,9 +910,10 @@ static struct sk_buff *xfrm_state_netlink(struct sk_buff *in_skb,
888 info.nlmsg_seq = seq; 910 info.nlmsg_seq = seq;
889 info.nlmsg_flags = 0; 911 info.nlmsg_flags = 0;
890 912
891 if (dump_one_state(x, 0, &info)) { 913 err = dump_one_state(x, 0, &info);
914 if (err) {
892 kfree_skb(skb); 915 kfree_skb(skb);
893 return NULL; 916 return ERR_PTR(err);
894 } 917 }
895 918
896 return skb; 919 return skb;
@@ -1317,6 +1340,7 @@ static void copy_from_user_policy(struct xfrm_policy *xp, struct xfrm_userpolicy
1317 1340
1318static void copy_to_user_policy(struct xfrm_policy *xp, struct xfrm_userpolicy_info *p, int dir) 1341static void copy_to_user_policy(struct xfrm_policy *xp, struct xfrm_userpolicy_info *p, int dir)
1319{ 1342{
1343 memset(p, 0, sizeof(*p));
1320 memcpy(&p->sel, &xp->selector, sizeof(p->sel)); 1344 memcpy(&p->sel, &xp->selector, sizeof(p->sel));
1321 memcpy(&p->lft, &xp->lft, sizeof(p->lft)); 1345 memcpy(&p->lft, &xp->lft, sizeof(p->lft));
1322 memcpy(&p->curlft, &xp->curlft, sizeof(p->curlft)); 1346 memcpy(&p->curlft, &xp->curlft, sizeof(p->curlft));
@@ -1421,6 +1445,7 @@ static int copy_to_user_tmpl(struct xfrm_policy *xp, struct sk_buff *skb)
1421 struct xfrm_user_tmpl *up = &vec[i]; 1445 struct xfrm_user_tmpl *up = &vec[i];
1422 struct xfrm_tmpl *kp = &xp->xfrm_vec[i]; 1446 struct xfrm_tmpl *kp = &xp->xfrm_vec[i];
1423 1447
1448 memset(up, 0, sizeof(*up));
1424 memcpy(&up->id, &kp->id, sizeof(up->id)); 1449 memcpy(&up->id, &kp->id, sizeof(up->id));
1425 up->family = kp->encap_family; 1450 up->family = kp->encap_family;
1426 memcpy(&up->saddr, &kp->saddr, sizeof(up->saddr)); 1451 memcpy(&up->saddr, &kp->saddr, sizeof(up->saddr));
@@ -1546,6 +1571,7 @@ static struct sk_buff *xfrm_policy_netlink(struct sk_buff *in_skb,
1546{ 1571{
1547 struct xfrm_dump_info info; 1572 struct xfrm_dump_info info;
1548 struct sk_buff *skb; 1573 struct sk_buff *skb;
1574 int err;
1549 1575
1550 skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 1576 skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1551 if (!skb) 1577 if (!skb)
@@ -1556,9 +1582,10 @@ static struct sk_buff *xfrm_policy_netlink(struct sk_buff *in_skb,
1556 info.nlmsg_seq = seq; 1582 info.nlmsg_seq = seq;
1557 info.nlmsg_flags = 0; 1583 info.nlmsg_flags = 0;
1558 1584
1559 if (dump_one_policy(xp, dir, 0, &info) < 0) { 1585 err = dump_one_policy(xp, dir, 0, &info);
1586 if (err) {
1560 kfree_skb(skb); 1587 kfree_skb(skb);
1561 return NULL; 1588 return ERR_PTR(err);
1562 } 1589 }
1563 1590
1564 return skb; 1591 return skb;
@@ -1822,7 +1849,7 @@ static int xfrm_new_ae(struct sk_buff *skb, struct nlmsghdr *nlh,
1822 goto out; 1849 goto out;
1823 1850
1824 spin_lock_bh(&x->lock); 1851 spin_lock_bh(&x->lock);
1825 xfrm_update_ae_params(x, attrs); 1852 xfrm_update_ae_params(x, attrs, 1);
1826 spin_unlock_bh(&x->lock); 1853 spin_unlock_bh(&x->lock);
1827 1854
1828 c.event = nlh->nlmsg_type; 1855 c.event = nlh->nlmsg_type;
generated by cgit v1.2.2 (git 2.25.0) at 2024-12-28 08:02:13 -0500