aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorGrant Likely <grant.likely@linaro.org>2013-08-28 15:18:13 -0400
committerGrant Likely <grant.likely@linaro.org>2013-08-28 15:18:13 -0400
commit8be137f2664f0abb096626a9d2ce0fcdd955b109 (patch)
tree2c53a5535265a58eb397d6fbbab2ec26e92e6931 /net
parent8851b9f1625ce0858e9b1bb0ae4a57d4b43178b1 (diff)
parentd8dfad3876e4386666b759da3c833d62fb8b2267 (diff)
Merge tag 'v3.11-rc7' into devicetree/next
Linux 3.11-rc7
Diffstat (limited to 'net')
-rw-r--r--net/8021q/vlan_core.c7
-rw-r--r--net/Kconfig2
-rw-r--r--net/batman-adv/bridge_loop_avoidance.c2
-rw-r--r--net/batman-adv/gateway_client.c13
-rw-r--r--net/batman-adv/gateway_client.h3
-rw-r--r--net/batman-adv/soft-interface.c9
-rw-r--r--net/batman-adv/unicast.c23
-rw-r--r--net/bluetooth/hci_core.c26
-rw-r--r--net/bridge/br_device.c3
-rw-r--r--net/bridge/br_fdb.c10
-rw-r--r--net/bridge/br_input.c3
-rw-r--r--net/bridge/br_multicast.c46
-rw-r--r--net/bridge/br_netlink.c4
-rw-r--r--net/bridge/br_private.h12
-rw-r--r--net/bridge/br_sysfs_br.c2
-rw-r--r--net/bridge/br_vlan.c4
-rw-r--r--net/core/flow_dissector.c1
-rw-r--r--net/core/neighbour.c39
-rw-r--r--net/core/rtnetlink.c4
-rw-r--r--net/core/skbuff.c5
-rw-r--r--net/core/sock.c6
-rw-r--r--net/core/sysctl_net_core.c8
-rw-r--r--net/ipv4/devinet.c4
-rw-r--r--net/ipv4/esp4.c2
-rw-r--r--net/ipv4/fib_trie.c7
-rw-r--r--net/ipv4/ip_gre.c2
-rw-r--r--net/ipv4/ip_tunnel_core.c4
-rw-r--r--net/ipv4/proc.c2
-rw-r--r--net/ipv4/sysctl_net_ipv4.c6
-rw-r--r--net/ipv4/tcp.c7
-rw-r--r--net/ipv4/tcp_cubic.c12
-rw-r--r--net/ipv6/addrconf.c47
-rw-r--r--net/ipv6/esp6.c2
-rw-r--r--net/ipv6/ip6_fib.c41
-rw-r--r--net/ipv6/ip6mr.c5
-rw-r--r--net/ipv6/ndisc.c8
-rw-r--r--net/ipv6/reassembly.c5
-rw-r--r--net/ipv6/route.c29
-rw-r--r--net/key/af_key.c4
-rw-r--r--net/mac80211/cfg.c2
-rw-r--r--net/mac80211/mesh_ps.c4
-rw-r--r--net/mac80211/mlme.c54
-rw-r--r--net/mac80211/pm.c7
-rw-r--r--net/mac80211/rc80211_minstrel.c3
-rw-r--r--net/mac80211/rc80211_minstrel_ht.c10
-rw-r--r--net/mac80211/rx.c10
-rw-r--r--net/netfilter/nf_conntrack_expect.c5
-rw-r--r--net/netfilter/nf_conntrack_proto_tcp.c12
-rw-r--r--net/netfilter/nfnetlink_log.c6
-rw-r--r--net/netfilter/nfnetlink_queue_core.c5
-rw-r--r--net/netfilter/xt_TCPMSS.c28
-rw-r--r--net/netfilter/xt_TCPOPTSTRIP.c10
-rw-r--r--net/netfilter/xt_socket.c10
-rw-r--r--net/netlabel/netlabel_cipso_v4.c4
-rw-r--r--net/netlabel/netlabel_domainhash.c104
-rw-r--r--net/netlabel/netlabel_domainhash.h46
-rw-r--r--net/netlabel/netlabel_kapi.c88
-rw-r--r--net/netlabel/netlabel_mgmt.c44
-rw-r--r--net/netlabel/netlabel_unlabeled.c2
-rw-r--r--net/netlink/genetlink.c4
-rw-r--r--net/nfc/core.c20
-rw-r--r--net/nfc/hci/core.c8
-rw-r--r--net/nfc/nci/Kconfig1
-rw-r--r--net/nfc/netlink.c12
-rw-r--r--net/nfc/nfc.h6
-rw-r--r--net/openvswitch/actions.c1
-rw-r--r--net/openvswitch/datapath.c3
-rw-r--r--net/openvswitch/flow.c2
-rw-r--r--net/packet/af_packet.c2
-rw-r--r--net/sched/sch_api.c41
-rw-r--r--net/sched/sch_atm.c1
-rw-r--r--net/sched/sch_cbq.c1
-rw-r--r--net/sched/sch_generic.c8
-rw-r--r--net/sched/sch_htb.c15
-rw-r--r--net/sctp/associola.c4
-rw-r--r--net/sctp/transport.c4
-rw-r--r--net/socket.c2
-rw-r--r--net/sunrpc/auth_gss/gss_rpc_upcall.c3
-rw-r--r--net/sunrpc/auth_gss/gss_rpc_xdr.c9
-rw-r--r--net/sunrpc/auth_gss/svcauth_gss.c2
-rw-r--r--net/sunrpc/clnt.c4
-rw-r--r--net/sunrpc/netns.h1
-rw-r--r--net/sunrpc/rpcb_clnt.c48
-rw-r--r--net/sunrpc/svcsock.c4
-rw-r--r--net/tipc/bearer.c9
-rw-r--r--net/tipc/server.c15
-rw-r--r--net/vmw_vsock/af_vsock.c2
-rw-r--r--net/wireless/core.c1
-rw-r--r--net/wireless/nl80211.c39
-rw-r--r--net/wireless/reg.c7
-rw-r--r--net/wireless/sme.c39
91 files changed, 763 insertions, 428 deletions
diff --git a/net/8021q/vlan_core.c b/net/8021q/vlan_core.c
index 4a78c4de9f20..6ee48aac776f 100644
--- a/net/8021q/vlan_core.c
+++ b/net/8021q/vlan_core.c
@@ -91,7 +91,12 @@ EXPORT_SYMBOL(__vlan_find_dev_deep);
91 91
92struct net_device *vlan_dev_real_dev(const struct net_device *dev) 92struct net_device *vlan_dev_real_dev(const struct net_device *dev)
93{ 93{
94 return vlan_dev_priv(dev)->real_dev; 94 struct net_device *ret = vlan_dev_priv(dev)->real_dev;
95
96 while (is_vlan_dev(ret))
97 ret = vlan_dev_priv(ret)->real_dev;
98
99 return ret;
95} 100}
96EXPORT_SYMBOL(vlan_dev_real_dev); 101EXPORT_SYMBOL(vlan_dev_real_dev);
97 102
diff --git a/net/Kconfig b/net/Kconfig
index 37702491abe9..2b406608a1a4 100644
--- a/net/Kconfig
+++ b/net/Kconfig
@@ -244,7 +244,7 @@ config NETPRIO_CGROUP
244 Cgroup subsystem for use in assigning processes to network priorities on 244 Cgroup subsystem for use in assigning processes to network priorities on
245 a per-interface basis 245 a per-interface basis
246 246
247config NET_LL_RX_POLL 247config NET_RX_BUSY_POLL
248 boolean 248 boolean
249 default y 249 default y
250 250
diff --git a/net/batman-adv/bridge_loop_avoidance.c b/net/batman-adv/bridge_loop_avoidance.c
index e14531f1ce1c..264de88db320 100644
--- a/net/batman-adv/bridge_loop_avoidance.c
+++ b/net/batman-adv/bridge_loop_avoidance.c
@@ -1529,6 +1529,8 @@ out:
1529 * in these cases, the skb is further handled by this function and 1529 * in these cases, the skb is further handled by this function and
1530 * returns 1, otherwise it returns 0 and the caller shall further 1530 * returns 1, otherwise it returns 0 and the caller shall further
1531 * process the skb. 1531 * process the skb.
1532 *
1533 * This call might reallocate skb data.
1532 */ 1534 */
1533int batadv_bla_tx(struct batadv_priv *bat_priv, struct sk_buff *skb, 1535int batadv_bla_tx(struct batadv_priv *bat_priv, struct sk_buff *skb,
1534 unsigned short vid) 1536 unsigned short vid)
diff --git a/net/batman-adv/gateway_client.c b/net/batman-adv/gateway_client.c
index f105219f4a4b..7614af31daff 100644
--- a/net/batman-adv/gateway_client.c
+++ b/net/batman-adv/gateway_client.c
@@ -508,6 +508,7 @@ out:
508 return 0; 508 return 0;
509} 509}
510 510
511/* this call might reallocate skb data */
511static bool batadv_is_type_dhcprequest(struct sk_buff *skb, int header_len) 512static bool batadv_is_type_dhcprequest(struct sk_buff *skb, int header_len)
512{ 513{
513 int ret = false; 514 int ret = false;
@@ -568,6 +569,7 @@ out:
568 return ret; 569 return ret;
569} 570}
570 571
572/* this call might reallocate skb data */
571bool batadv_gw_is_dhcp_target(struct sk_buff *skb, unsigned int *header_len) 573bool batadv_gw_is_dhcp_target(struct sk_buff *skb, unsigned int *header_len)
572{ 574{
573 struct ethhdr *ethhdr; 575 struct ethhdr *ethhdr;
@@ -619,6 +621,12 @@ bool batadv_gw_is_dhcp_target(struct sk_buff *skb, unsigned int *header_len)
619 621
620 if (!pskb_may_pull(skb, *header_len + sizeof(*udphdr))) 622 if (!pskb_may_pull(skb, *header_len + sizeof(*udphdr)))
621 return false; 623 return false;
624
625 /* skb->data might have been reallocated by pskb_may_pull() */
626 ethhdr = (struct ethhdr *)skb->data;
627 if (ntohs(ethhdr->h_proto) == ETH_P_8021Q)
628 ethhdr = (struct ethhdr *)(skb->data + VLAN_HLEN);
629
622 udphdr = (struct udphdr *)(skb->data + *header_len); 630 udphdr = (struct udphdr *)(skb->data + *header_len);
623 *header_len += sizeof(*udphdr); 631 *header_len += sizeof(*udphdr);
624 632
@@ -634,12 +642,14 @@ bool batadv_gw_is_dhcp_target(struct sk_buff *skb, unsigned int *header_len)
634 return true; 642 return true;
635} 643}
636 644
645/* this call might reallocate skb data */
637bool batadv_gw_out_of_range(struct batadv_priv *bat_priv, 646bool batadv_gw_out_of_range(struct batadv_priv *bat_priv,
638 struct sk_buff *skb, struct ethhdr *ethhdr) 647 struct sk_buff *skb)
639{ 648{
640 struct batadv_neigh_node *neigh_curr = NULL, *neigh_old = NULL; 649 struct batadv_neigh_node *neigh_curr = NULL, *neigh_old = NULL;
641 struct batadv_orig_node *orig_dst_node = NULL; 650 struct batadv_orig_node *orig_dst_node = NULL;
642 struct batadv_gw_node *curr_gw = NULL; 651 struct batadv_gw_node *curr_gw = NULL;
652 struct ethhdr *ethhdr;
643 bool ret, out_of_range = false; 653 bool ret, out_of_range = false;
644 unsigned int header_len = 0; 654 unsigned int header_len = 0;
645 uint8_t curr_tq_avg; 655 uint8_t curr_tq_avg;
@@ -648,6 +658,7 @@ bool batadv_gw_out_of_range(struct batadv_priv *bat_priv,
648 if (!ret) 658 if (!ret)
649 goto out; 659 goto out;
650 660
661 ethhdr = (struct ethhdr *)skb->data;
651 orig_dst_node = batadv_transtable_search(bat_priv, ethhdr->h_source, 662 orig_dst_node = batadv_transtable_search(bat_priv, ethhdr->h_source,
652 ethhdr->h_dest); 663 ethhdr->h_dest);
653 if (!orig_dst_node) 664 if (!orig_dst_node)
diff --git a/net/batman-adv/gateway_client.h b/net/batman-adv/gateway_client.h
index 039902dca4a6..1037d75da51f 100644
--- a/net/batman-adv/gateway_client.h
+++ b/net/batman-adv/gateway_client.h
@@ -34,7 +34,6 @@ void batadv_gw_node_delete(struct batadv_priv *bat_priv,
34void batadv_gw_node_purge(struct batadv_priv *bat_priv); 34void batadv_gw_node_purge(struct batadv_priv *bat_priv);
35int batadv_gw_client_seq_print_text(struct seq_file *seq, void *offset); 35int batadv_gw_client_seq_print_text(struct seq_file *seq, void *offset);
36bool batadv_gw_is_dhcp_target(struct sk_buff *skb, unsigned int *header_len); 36bool batadv_gw_is_dhcp_target(struct sk_buff *skb, unsigned int *header_len);
37bool batadv_gw_out_of_range(struct batadv_priv *bat_priv, 37bool batadv_gw_out_of_range(struct batadv_priv *bat_priv, struct sk_buff *skb);
38 struct sk_buff *skb, struct ethhdr *ethhdr);
39 38
40#endif /* _NET_BATMAN_ADV_GATEWAY_CLIENT_H_ */ 39#endif /* _NET_BATMAN_ADV_GATEWAY_CLIENT_H_ */
diff --git a/net/batman-adv/soft-interface.c b/net/batman-adv/soft-interface.c
index 700d0b49742d..0f04e1c302b4 100644
--- a/net/batman-adv/soft-interface.c
+++ b/net/batman-adv/soft-interface.c
@@ -180,6 +180,9 @@ static int batadv_interface_tx(struct sk_buff *skb,
180 if (batadv_bla_tx(bat_priv, skb, vid)) 180 if (batadv_bla_tx(bat_priv, skb, vid))
181 goto dropped; 181 goto dropped;
182 182
183 /* skb->data might have been reallocated by batadv_bla_tx() */
184 ethhdr = (struct ethhdr *)skb->data;
185
183 /* Register the client MAC in the transtable */ 186 /* Register the client MAC in the transtable */
184 if (!is_multicast_ether_addr(ethhdr->h_source)) 187 if (!is_multicast_ether_addr(ethhdr->h_source))
185 batadv_tt_local_add(soft_iface, ethhdr->h_source, skb->skb_iif); 188 batadv_tt_local_add(soft_iface, ethhdr->h_source, skb->skb_iif);
@@ -220,6 +223,10 @@ static int batadv_interface_tx(struct sk_buff *skb,
220 default: 223 default:
221 break; 224 break;
222 } 225 }
226
227 /* reminder: ethhdr might have become unusable from here on
228 * (batadv_gw_is_dhcp_target() might have reallocated skb data)
229 */
223 } 230 }
224 231
225 /* ethernet packet should be broadcasted */ 232 /* ethernet packet should be broadcasted */
@@ -266,7 +273,7 @@ static int batadv_interface_tx(struct sk_buff *skb,
266 /* unicast packet */ 273 /* unicast packet */
267 } else { 274 } else {
268 if (atomic_read(&bat_priv->gw_mode) != BATADV_GW_MODE_OFF) { 275 if (atomic_read(&bat_priv->gw_mode) != BATADV_GW_MODE_OFF) {
269 ret = batadv_gw_out_of_range(bat_priv, skb, ethhdr); 276 ret = batadv_gw_out_of_range(bat_priv, skb);
270 if (ret) 277 if (ret)
271 goto dropped; 278 goto dropped;
272 } 279 }
diff --git a/net/batman-adv/unicast.c b/net/batman-adv/unicast.c
index dc8b5d4dd636..857e1b8349ee 100644
--- a/net/batman-adv/unicast.c
+++ b/net/batman-adv/unicast.c
@@ -326,7 +326,9 @@ static bool batadv_unicast_push_and_fill_skb(struct sk_buff *skb, int hdr_size,
326 * @skb: the skb containing the payload to encapsulate 326 * @skb: the skb containing the payload to encapsulate
327 * @orig_node: the destination node 327 * @orig_node: the destination node
328 * 328 *
329 * Returns false if the payload could not be encapsulated or true otherwise 329 * Returns false if the payload could not be encapsulated or true otherwise.
330 *
331 * This call might reallocate skb data.
330 */ 332 */
331static bool batadv_unicast_prepare_skb(struct sk_buff *skb, 333static bool batadv_unicast_prepare_skb(struct sk_buff *skb,
332 struct batadv_orig_node *orig_node) 334 struct batadv_orig_node *orig_node)
@@ -343,7 +345,9 @@ static bool batadv_unicast_prepare_skb(struct sk_buff *skb,
343 * @orig_node: the destination node 345 * @orig_node: the destination node
344 * @packet_subtype: the batman 4addr packet subtype to use 346 * @packet_subtype: the batman 4addr packet subtype to use
345 * 347 *
346 * Returns false if the payload could not be encapsulated or true otherwise 348 * Returns false if the payload could not be encapsulated or true otherwise.
349 *
350 * This call might reallocate skb data.
347 */ 351 */
348bool batadv_unicast_4addr_prepare_skb(struct batadv_priv *bat_priv, 352bool batadv_unicast_4addr_prepare_skb(struct batadv_priv *bat_priv,
349 struct sk_buff *skb, 353 struct sk_buff *skb,
@@ -401,7 +405,7 @@ int batadv_unicast_generic_send_skb(struct batadv_priv *bat_priv,
401 struct batadv_neigh_node *neigh_node; 405 struct batadv_neigh_node *neigh_node;
402 int data_len = skb->len; 406 int data_len = skb->len;
403 int ret = NET_RX_DROP; 407 int ret = NET_RX_DROP;
404 unsigned int dev_mtu; 408 unsigned int dev_mtu, header_len;
405 409
406 /* get routing information */ 410 /* get routing information */
407 if (is_multicast_ether_addr(ethhdr->h_dest)) { 411 if (is_multicast_ether_addr(ethhdr->h_dest)) {
@@ -428,11 +432,17 @@ find_router:
428 432
429 switch (packet_type) { 433 switch (packet_type) {
430 case BATADV_UNICAST: 434 case BATADV_UNICAST:
431 batadv_unicast_prepare_skb(skb, orig_node); 435 if (!batadv_unicast_prepare_skb(skb, orig_node))
436 goto out;
437
438 header_len = sizeof(struct batadv_unicast_packet);
432 break; 439 break;
433 case BATADV_UNICAST_4ADDR: 440 case BATADV_UNICAST_4ADDR:
434 batadv_unicast_4addr_prepare_skb(bat_priv, skb, orig_node, 441 if (!batadv_unicast_4addr_prepare_skb(bat_priv, skb, orig_node,
435 packet_subtype); 442 packet_subtype))
443 goto out;
444
445 header_len = sizeof(struct batadv_unicast_4addr_packet);
436 break; 446 break;
437 default: 447 default:
438 /* this function supports UNICAST and UNICAST_4ADDR only. It 448 /* this function supports UNICAST and UNICAST_4ADDR only. It
@@ -441,6 +451,7 @@ find_router:
441 goto out; 451 goto out;
442 } 452 }
443 453
454 ethhdr = (struct ethhdr *)(skb->data + header_len);
444 unicast_packet = (struct batadv_unicast_packet *)skb->data; 455 unicast_packet = (struct batadv_unicast_packet *)skb->data;
445 456
446 /* inform the destination node that we are still missing a correct route 457 /* inform the destination node that we are still missing a correct route
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index e3a349977595..cc27297da5a9 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -513,7 +513,10 @@ static void hci_init2_req(struct hci_request *req, unsigned long opt)
513 513
514 hci_setup_event_mask(req); 514 hci_setup_event_mask(req);
515 515
516 if (hdev->hci_ver > BLUETOOTH_VER_1_1) 516 /* AVM Berlin (31), aka "BlueFRITZ!", doesn't support the read
517 * local supported commands HCI command.
518 */
519 if (hdev->manufacturer != 31 && hdev->hci_ver > BLUETOOTH_VER_1_1)
517 hci_req_add(req, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL); 520 hci_req_add(req, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
518 521
519 if (lmp_ssp_capable(hdev)) { 522 if (lmp_ssp_capable(hdev)) {
@@ -2165,10 +2168,6 @@ int hci_register_dev(struct hci_dev *hdev)
2165 2168
2166 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus); 2169 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
2167 2170
2168 write_lock(&hci_dev_list_lock);
2169 list_add(&hdev->list, &hci_dev_list);
2170 write_unlock(&hci_dev_list_lock);
2171
2172 hdev->workqueue = alloc_workqueue("%s", WQ_HIGHPRI | WQ_UNBOUND | 2171 hdev->workqueue = alloc_workqueue("%s", WQ_HIGHPRI | WQ_UNBOUND |
2173 WQ_MEM_RECLAIM, 1, hdev->name); 2172 WQ_MEM_RECLAIM, 1, hdev->name);
2174 if (!hdev->workqueue) { 2173 if (!hdev->workqueue) {
@@ -2203,6 +2202,10 @@ int hci_register_dev(struct hci_dev *hdev)
2203 if (hdev->dev_type != HCI_AMP) 2202 if (hdev->dev_type != HCI_AMP)
2204 set_bit(HCI_AUTO_OFF, &hdev->dev_flags); 2203 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
2205 2204
2205 write_lock(&hci_dev_list_lock);
2206 list_add(&hdev->list, &hci_dev_list);
2207 write_unlock(&hci_dev_list_lock);
2208
2206 hci_notify(hdev, HCI_DEV_REG); 2209 hci_notify(hdev, HCI_DEV_REG);
2207 hci_dev_hold(hdev); 2210 hci_dev_hold(hdev);
2208 2211
@@ -2215,9 +2218,6 @@ err_wqueue:
2215 destroy_workqueue(hdev->req_workqueue); 2218 destroy_workqueue(hdev->req_workqueue);
2216err: 2219err:
2217 ida_simple_remove(&hci_index_ida, hdev->id); 2220 ida_simple_remove(&hci_index_ida, hdev->id);
2218 write_lock(&hci_dev_list_lock);
2219 list_del(&hdev->list);
2220 write_unlock(&hci_dev_list_lock);
2221 2221
2222 return error; 2222 return error;
2223} 2223}
@@ -3399,8 +3399,16 @@ void hci_req_cmd_complete(struct hci_dev *hdev, u16 opcode, u8 status)
3399 */ 3399 */
3400 if (hdev->sent_cmd) { 3400 if (hdev->sent_cmd) {
3401 req_complete = bt_cb(hdev->sent_cmd)->req.complete; 3401 req_complete = bt_cb(hdev->sent_cmd)->req.complete;
3402 if (req_complete) 3402
3403 if (req_complete) {
3404 /* We must set the complete callback to NULL to
3405 * avoid calling the callback more than once if
3406 * this function gets called again.
3407 */
3408 bt_cb(hdev->sent_cmd)->req.complete = NULL;
3409
3403 goto call_complete; 3410 goto call_complete;
3411 }
3404 } 3412 }
3405 3413
3406 /* Remove all pending commands belonging to this request */ 3414 /* Remove all pending commands belonging to this request */
diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c
index 2ef66781fedb..69363bd37f64 100644
--- a/net/bridge/br_device.c
+++ b/net/bridge/br_device.c
@@ -70,7 +70,8 @@ netdev_tx_t br_dev_xmit(struct sk_buff *skb, struct net_device *dev)
70 } 70 }
71 71
72 mdst = br_mdb_get(br, skb, vid); 72 mdst = br_mdb_get(br, skb, vid);
73 if (mdst || BR_INPUT_SKB_CB_MROUTERS_ONLY(skb)) 73 if ((mdst || BR_INPUT_SKB_CB_MROUTERS_ONLY(skb)) &&
74 br_multicast_querier_exists(br))
74 br_multicast_deliver(mdst, skb); 75 br_multicast_deliver(mdst, skb);
75 else 76 else
76 br_flood_deliver(br, skb, false); 77 br_flood_deliver(br, skb, false);
diff --git a/net/bridge/br_fdb.c b/net/bridge/br_fdb.c
index 60aca9109a50..ffd5874f2592 100644
--- a/net/bridge/br_fdb.c
+++ b/net/bridge/br_fdb.c
@@ -161,7 +161,7 @@ void br_fdb_change_mac_address(struct net_bridge *br, const u8 *newaddr)
161 if (!pv) 161 if (!pv)
162 return; 162 return;
163 163
164 for_each_set_bit_from(vid, pv->vlan_bitmap, BR_VLAN_BITMAP_LEN) { 164 for_each_set_bit_from(vid, pv->vlan_bitmap, VLAN_N_VID) {
165 f = __br_fdb_get(br, br->dev->dev_addr, vid); 165 f = __br_fdb_get(br, br->dev->dev_addr, vid);
166 if (f && f->is_local && !f->dst) 166 if (f && f->is_local && !f->dst)
167 fdb_delete(br, f); 167 fdb_delete(br, f);
@@ -730,7 +730,7 @@ int br_fdb_add(struct ndmsg *ndm, struct nlattr *tb[],
730 /* VID was specified, so use it. */ 730 /* VID was specified, so use it. */
731 err = __br_fdb_add(ndm, p, addr, nlh_flags, vid); 731 err = __br_fdb_add(ndm, p, addr, nlh_flags, vid);
732 } else { 732 } else {
733 if (!pv || bitmap_empty(pv->vlan_bitmap, BR_VLAN_BITMAP_LEN)) { 733 if (!pv || bitmap_empty(pv->vlan_bitmap, VLAN_N_VID)) {
734 err = __br_fdb_add(ndm, p, addr, nlh_flags, 0); 734 err = __br_fdb_add(ndm, p, addr, nlh_flags, 0);
735 goto out; 735 goto out;
736 } 736 }
@@ -739,7 +739,7 @@ int br_fdb_add(struct ndmsg *ndm, struct nlattr *tb[],
739 * specify a VLAN. To be nice, add/update entry for every 739 * specify a VLAN. To be nice, add/update entry for every
740 * vlan on this port. 740 * vlan on this port.
741 */ 741 */
742 for_each_set_bit(vid, pv->vlan_bitmap, BR_VLAN_BITMAP_LEN) { 742 for_each_set_bit(vid, pv->vlan_bitmap, VLAN_N_VID) {
743 err = __br_fdb_add(ndm, p, addr, nlh_flags, vid); 743 err = __br_fdb_add(ndm, p, addr, nlh_flags, vid);
744 if (err) 744 if (err)
745 goto out; 745 goto out;
@@ -817,7 +817,7 @@ int br_fdb_delete(struct ndmsg *ndm, struct nlattr *tb[],
817 817
818 err = __br_fdb_delete(p, addr, vid); 818 err = __br_fdb_delete(p, addr, vid);
819 } else { 819 } else {
820 if (!pv || bitmap_empty(pv->vlan_bitmap, BR_VLAN_BITMAP_LEN)) { 820 if (!pv || bitmap_empty(pv->vlan_bitmap, VLAN_N_VID)) {
821 err = __br_fdb_delete(p, addr, 0); 821 err = __br_fdb_delete(p, addr, 0);
822 goto out; 822 goto out;
823 } 823 }
@@ -827,7 +827,7 @@ int br_fdb_delete(struct ndmsg *ndm, struct nlattr *tb[],
827 * vlan on this port. 827 * vlan on this port.
828 */ 828 */
829 err = -ENOENT; 829 err = -ENOENT;
830 for_each_set_bit(vid, pv->vlan_bitmap, BR_VLAN_BITMAP_LEN) { 830 for_each_set_bit(vid, pv->vlan_bitmap, VLAN_N_VID) {
831 err &= __br_fdb_delete(p, addr, vid); 831 err &= __br_fdb_delete(p, addr, vid);
832 } 832 }
833 } 833 }
diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c
index 1b8b8b824cd7..8c561c0aa636 100644
--- a/net/bridge/br_input.c
+++ b/net/bridge/br_input.c
@@ -101,7 +101,8 @@ int br_handle_frame_finish(struct sk_buff *skb)
101 unicast = false; 101 unicast = false;
102 } else if (is_multicast_ether_addr(dest)) { 102 } else if (is_multicast_ether_addr(dest)) {
103 mdst = br_mdb_get(br, skb, vid); 103 mdst = br_mdb_get(br, skb, vid);
104 if (mdst || BR_INPUT_SKB_CB_MROUTERS_ONLY(skb)) { 104 if ((mdst || BR_INPUT_SKB_CB_MROUTERS_ONLY(skb)) &&
105 br_multicast_querier_exists(br)) {
105 if ((mdst && mdst->mglist) || 106 if ((mdst && mdst->mglist) ||
106 br_multicast_is_router(br)) 107 br_multicast_is_router(br))
107 skb2 = skb; 108 skb2 = skb;
diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c
index 69af490cce44..08e576ada0b2 100644
--- a/net/bridge/br_multicast.c
+++ b/net/bridge/br_multicast.c
@@ -619,6 +619,9 @@ rehash:
619 mp->br = br; 619 mp->br = br;
620 mp->addr = *group; 620 mp->addr = *group;
621 621
622 setup_timer(&mp->timer, br_multicast_group_expired,
623 (unsigned long)mp);
624
622 hlist_add_head_rcu(&mp->hlist[mdb->ver], &mdb->mhash[hash]); 625 hlist_add_head_rcu(&mp->hlist[mdb->ver], &mdb->mhash[hash]);
623 mdb->size++; 626 mdb->size++;
624 627
@@ -1011,6 +1014,16 @@ static int br_ip6_multicast_mld2_report(struct net_bridge *br,
1011} 1014}
1012#endif 1015#endif
1013 1016
1017static void br_multicast_update_querier_timer(struct net_bridge *br,
1018 unsigned long max_delay)
1019{
1020 if (!timer_pending(&br->multicast_querier_timer))
1021 br->multicast_querier_delay_time = jiffies + max_delay;
1022
1023 mod_timer(&br->multicast_querier_timer,
1024 jiffies + br->multicast_querier_interval);
1025}
1026
1014/* 1027/*
1015 * Add port to router_list 1028 * Add port to router_list
1016 * list is maintained ordered by pointer value 1029 * list is maintained ordered by pointer value
@@ -1061,11 +1074,11 @@ timer:
1061 1074
1062static void br_multicast_query_received(struct net_bridge *br, 1075static void br_multicast_query_received(struct net_bridge *br,
1063 struct net_bridge_port *port, 1076 struct net_bridge_port *port,
1064 int saddr) 1077 int saddr,
1078 unsigned long max_delay)
1065{ 1079{
1066 if (saddr) 1080 if (saddr)
1067 mod_timer(&br->multicast_querier_timer, 1081 br_multicast_update_querier_timer(br, max_delay);
1068 jiffies + br->multicast_querier_interval);
1069 else if (timer_pending(&br->multicast_querier_timer)) 1082 else if (timer_pending(&br->multicast_querier_timer))
1070 return; 1083 return;
1071 1084
@@ -1093,8 +1106,6 @@ static int br_ip4_multicast_query(struct net_bridge *br,
1093 (port && port->state == BR_STATE_DISABLED)) 1106 (port && port->state == BR_STATE_DISABLED))
1094 goto out; 1107 goto out;
1095 1108
1096 br_multicast_query_received(br, port, !!iph->saddr);
1097
1098 group = ih->group; 1109 group = ih->group;
1099 1110
1100 if (skb->len == sizeof(*ih)) { 1111 if (skb->len == sizeof(*ih)) {
@@ -1118,6 +1129,8 @@ static int br_ip4_multicast_query(struct net_bridge *br,
1118 IGMPV3_MRC(ih3->code) * (HZ / IGMP_TIMER_SCALE) : 1; 1129 IGMPV3_MRC(ih3->code) * (HZ / IGMP_TIMER_SCALE) : 1;
1119 } 1130 }
1120 1131
1132 br_multicast_query_received(br, port, !!iph->saddr, max_delay);
1133
1121 if (!group) 1134 if (!group)
1122 goto out; 1135 goto out;
1123 1136
@@ -1126,7 +1139,6 @@ static int br_ip4_multicast_query(struct net_bridge *br,
1126 if (!mp) 1139 if (!mp)
1127 goto out; 1140 goto out;
1128 1141
1129 setup_timer(&mp->timer, br_multicast_group_expired, (unsigned long)mp);
1130 mod_timer(&mp->timer, now + br->multicast_membership_interval); 1142 mod_timer(&mp->timer, now + br->multicast_membership_interval);
1131 mp->timer_armed = true; 1143 mp->timer_armed = true;
1132 1144
@@ -1174,8 +1186,6 @@ static int br_ip6_multicast_query(struct net_bridge *br,
1174 (port && port->state == BR_STATE_DISABLED)) 1186 (port && port->state == BR_STATE_DISABLED))
1175 goto out; 1187 goto out;
1176 1188
1177 br_multicast_query_received(br, port, !ipv6_addr_any(&ip6h->saddr));
1178
1179 if (skb->len == sizeof(*mld)) { 1189 if (skb->len == sizeof(*mld)) {
1180 if (!pskb_may_pull(skb, sizeof(*mld))) { 1190 if (!pskb_may_pull(skb, sizeof(*mld))) {
1181 err = -EINVAL; 1191 err = -EINVAL;
@@ -1185,7 +1195,7 @@ static int br_ip6_multicast_query(struct net_bridge *br,
1185 max_delay = msecs_to_jiffies(ntohs(mld->mld_maxdelay)); 1195 max_delay = msecs_to_jiffies(ntohs(mld->mld_maxdelay));
1186 if (max_delay) 1196 if (max_delay)
1187 group = &mld->mld_mca; 1197 group = &mld->mld_mca;
1188 } else if (skb->len >= sizeof(*mld2q)) { 1198 } else {
1189 if (!pskb_may_pull(skb, sizeof(*mld2q))) { 1199 if (!pskb_may_pull(skb, sizeof(*mld2q))) {
1190 err = -EINVAL; 1200 err = -EINVAL;
1191 goto out; 1201 goto out;
@@ -1196,6 +1206,9 @@ static int br_ip6_multicast_query(struct net_bridge *br,
1196 max_delay = mld2q->mld2q_mrc ? MLDV2_MRC(ntohs(mld2q->mld2q_mrc)) : 1; 1206 max_delay = mld2q->mld2q_mrc ? MLDV2_MRC(ntohs(mld2q->mld2q_mrc)) : 1;
1197 } 1207 }
1198 1208
1209 br_multicast_query_received(br, port, !ipv6_addr_any(&ip6h->saddr),
1210 max_delay);
1211
1199 if (!group) 1212 if (!group)
1200 goto out; 1213 goto out;
1201 1214
@@ -1204,7 +1217,6 @@ static int br_ip6_multicast_query(struct net_bridge *br,
1204 if (!mp) 1217 if (!mp)
1205 goto out; 1218 goto out;
1206 1219
1207 setup_timer(&mp->timer, br_multicast_group_expired, (unsigned long)mp);
1208 mod_timer(&mp->timer, now + br->multicast_membership_interval); 1220 mod_timer(&mp->timer, now + br->multicast_membership_interval);
1209 mp->timer_armed = true; 1221 mp->timer_armed = true;
1210 1222
@@ -1642,6 +1654,8 @@ void br_multicast_init(struct net_bridge *br)
1642 br->multicast_querier_interval = 255 * HZ; 1654 br->multicast_querier_interval = 255 * HZ;
1643 br->multicast_membership_interval = 260 * HZ; 1655 br->multicast_membership_interval = 260 * HZ;
1644 1656
1657 br->multicast_querier_delay_time = 0;
1658
1645 spin_lock_init(&br->multicast_lock); 1659 spin_lock_init(&br->multicast_lock);
1646 setup_timer(&br->multicast_router_timer, 1660 setup_timer(&br->multicast_router_timer,
1647 br_multicast_local_router_expired, 0); 1661 br_multicast_local_router_expired, 0);
@@ -1830,6 +1844,8 @@ unlock:
1830 1844
1831int br_multicast_set_querier(struct net_bridge *br, unsigned long val) 1845int br_multicast_set_querier(struct net_bridge *br, unsigned long val)
1832{ 1846{
1847 unsigned long max_delay;
1848
1833 val = !!val; 1849 val = !!val;
1834 1850
1835 spin_lock_bh(&br->multicast_lock); 1851 spin_lock_bh(&br->multicast_lock);
@@ -1837,8 +1853,14 @@ int br_multicast_set_querier(struct net_bridge *br, unsigned long val)
1837 goto unlock; 1853 goto unlock;
1838 1854
1839 br->multicast_querier = val; 1855 br->multicast_querier = val;
1840 if (val) 1856 if (!val)
1841 br_multicast_start_querier(br); 1857 goto unlock;
1858
1859 max_delay = br->multicast_query_response_interval;
1860 if (!timer_pending(&br->multicast_querier_timer))
1861 br->multicast_querier_delay_time = jiffies + max_delay;
1862
1863 br_multicast_start_querier(br);
1842 1864
1843unlock: 1865unlock:
1844 spin_unlock_bh(&br->multicast_lock); 1866 spin_unlock_bh(&br->multicast_lock);
diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c
index 1fc30abd3a52..b9259efa636e 100644
--- a/net/bridge/br_netlink.c
+++ b/net/bridge/br_netlink.c
@@ -132,7 +132,7 @@ static int br_fill_ifinfo(struct sk_buff *skb,
132 else 132 else
133 pv = br_get_vlan_info(br); 133 pv = br_get_vlan_info(br);
134 134
135 if (!pv || bitmap_empty(pv->vlan_bitmap, BR_VLAN_BITMAP_LEN)) 135 if (!pv || bitmap_empty(pv->vlan_bitmap, VLAN_N_VID))
136 goto done; 136 goto done;
137 137
138 af = nla_nest_start(skb, IFLA_AF_SPEC); 138 af = nla_nest_start(skb, IFLA_AF_SPEC);
@@ -140,7 +140,7 @@ static int br_fill_ifinfo(struct sk_buff *skb,
140 goto nla_put_failure; 140 goto nla_put_failure;
141 141
142 pvid = br_get_pvid(pv); 142 pvid = br_get_pvid(pv);
143 for_each_set_bit(vid, pv->vlan_bitmap, BR_VLAN_BITMAP_LEN) { 143 for_each_set_bit(vid, pv->vlan_bitmap, VLAN_N_VID) {
144 vinfo.vid = vid; 144 vinfo.vid = vid;
145 vinfo.flags = 0; 145 vinfo.flags = 0;
146 if (vid == pvid) 146 if (vid == pvid)
diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h
index 3be89b3ce17b..2f7da41851bf 100644
--- a/net/bridge/br_private.h
+++ b/net/bridge/br_private.h
@@ -267,6 +267,7 @@ struct net_bridge
267 unsigned long multicast_query_interval; 267 unsigned long multicast_query_interval;
268 unsigned long multicast_query_response_interval; 268 unsigned long multicast_query_response_interval;
269 unsigned long multicast_startup_query_interval; 269 unsigned long multicast_startup_query_interval;
270 unsigned long multicast_querier_delay_time;
270 271
271 spinlock_t multicast_lock; 272 spinlock_t multicast_lock;
272 struct net_bridge_mdb_htable __rcu *mdb; 273 struct net_bridge_mdb_htable __rcu *mdb;
@@ -501,6 +502,13 @@ static inline bool br_multicast_is_router(struct net_bridge *br)
501 (br->multicast_router == 1 && 502 (br->multicast_router == 1 &&
502 timer_pending(&br->multicast_router_timer)); 503 timer_pending(&br->multicast_router_timer));
503} 504}
505
506static inline bool br_multicast_querier_exists(struct net_bridge *br)
507{
508 return time_is_before_jiffies(br->multicast_querier_delay_time) &&
509 (br->multicast_querier ||
510 timer_pending(&br->multicast_querier_timer));
511}
504#else 512#else
505static inline int br_multicast_rcv(struct net_bridge *br, 513static inline int br_multicast_rcv(struct net_bridge *br,
506 struct net_bridge_port *port, 514 struct net_bridge_port *port,
@@ -557,6 +565,10 @@ static inline bool br_multicast_is_router(struct net_bridge *br)
557{ 565{
558 return 0; 566 return 0;
559} 567}
568static inline bool br_multicast_querier_exists(struct net_bridge *br)
569{
570 return false;
571}
560static inline void br_mdb_init(void) 572static inline void br_mdb_init(void)
561{ 573{
562} 574}
diff --git a/net/bridge/br_sysfs_br.c b/net/bridge/br_sysfs_br.c
index 394bb96b6087..3b9637fb7939 100644
--- a/net/bridge/br_sysfs_br.c
+++ b/net/bridge/br_sysfs_br.c
@@ -1,5 +1,5 @@
1/* 1/*
2 * Sysfs attributes of bridge ports 2 * Sysfs attributes of bridge
3 * Linux ethernet bridge 3 * Linux ethernet bridge
4 * 4 *
5 * Authors: 5 * Authors:
diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c
index bd58b45f5f90..9a9ffe7e4019 100644
--- a/net/bridge/br_vlan.c
+++ b/net/bridge/br_vlan.c
@@ -108,7 +108,7 @@ static int __vlan_del(struct net_port_vlans *v, u16 vid)
108 108
109 clear_bit(vid, v->vlan_bitmap); 109 clear_bit(vid, v->vlan_bitmap);
110 v->num_vlans--; 110 v->num_vlans--;
111 if (bitmap_empty(v->vlan_bitmap, BR_VLAN_BITMAP_LEN)) { 111 if (bitmap_empty(v->vlan_bitmap, VLAN_N_VID)) {
112 if (v->port_idx) 112 if (v->port_idx)
113 rcu_assign_pointer(v->parent.port->vlan_info, NULL); 113 rcu_assign_pointer(v->parent.port->vlan_info, NULL);
114 else 114 else
@@ -122,7 +122,7 @@ static void __vlan_flush(struct net_port_vlans *v)
122{ 122{
123 smp_wmb(); 123 smp_wmb();
124 v->pvid = 0; 124 v->pvid = 0;
125 bitmap_zero(v->vlan_bitmap, BR_VLAN_BITMAP_LEN); 125 bitmap_zero(v->vlan_bitmap, VLAN_N_VID);
126 if (v->port_idx) 126 if (v->port_idx)
127 rcu_assign_pointer(v->parent.port->vlan_info, NULL); 127 rcu_assign_pointer(v->parent.port->vlan_info, NULL);
128 else 128 else
diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
index 00ee068efc1c..b84a1b155bc1 100644
--- a/net/core/flow_dissector.c
+++ b/net/core/flow_dissector.c
@@ -65,6 +65,7 @@ ipv6:
65 nhoff += sizeof(struct ipv6hdr); 65 nhoff += sizeof(struct ipv6hdr);
66 break; 66 break;
67 } 67 }
68 case __constant_htons(ETH_P_8021AD):
68 case __constant_htons(ETH_P_8021Q): { 69 case __constant_htons(ETH_P_8021Q): {
69 const struct vlan_hdr *vlan; 70 const struct vlan_hdr *vlan;
70 struct vlan_hdr _vlan; 71 struct vlan_hdr _vlan;
diff --git a/net/core/neighbour.c b/net/core/neighbour.c
index b7de821f98df..60533db8b72d 100644
--- a/net/core/neighbour.c
+++ b/net/core/neighbour.c
@@ -1441,16 +1441,18 @@ struct neigh_parms *neigh_parms_alloc(struct net_device *dev,
1441 atomic_set(&p->refcnt, 1); 1441 atomic_set(&p->refcnt, 1);
1442 p->reachable_time = 1442 p->reachable_time =
1443 neigh_rand_reach_time(p->base_reachable_time); 1443 neigh_rand_reach_time(p->base_reachable_time);
1444 dev_hold(dev);
1445 p->dev = dev;
1446 write_pnet(&p->net, hold_net(net));
1447 p->sysctl_table = NULL;
1444 1448
1445 if (ops->ndo_neigh_setup && ops->ndo_neigh_setup(dev, p)) { 1449 if (ops->ndo_neigh_setup && ops->ndo_neigh_setup(dev, p)) {
1450 release_net(net);
1451 dev_put(dev);
1446 kfree(p); 1452 kfree(p);
1447 return NULL; 1453 return NULL;
1448 } 1454 }
1449 1455
1450 dev_hold(dev);
1451 p->dev = dev;
1452 write_pnet(&p->net, hold_net(net));
1453 p->sysctl_table = NULL;
1454 write_lock_bh(&tbl->lock); 1456 write_lock_bh(&tbl->lock);
1455 p->next = tbl->parms.next; 1457 p->next = tbl->parms.next;
1456 tbl->parms.next = p; 1458 tbl->parms.next = p;
@@ -2767,6 +2769,7 @@ EXPORT_SYMBOL(neigh_app_ns);
2767 2769
2768#ifdef CONFIG_SYSCTL 2770#ifdef CONFIG_SYSCTL
2769static int zero; 2771static int zero;
2772static int int_max = INT_MAX;
2770static int unres_qlen_max = INT_MAX / SKB_TRUESIZE(ETH_FRAME_LEN); 2773static int unres_qlen_max = INT_MAX / SKB_TRUESIZE(ETH_FRAME_LEN);
2771 2774
2772static int proc_unres_qlen(struct ctl_table *ctl, int write, 2775static int proc_unres_qlen(struct ctl_table *ctl, int write,
@@ -2819,19 +2822,25 @@ static struct neigh_sysctl_table {
2819 .procname = "mcast_solicit", 2822 .procname = "mcast_solicit",
2820 .maxlen = sizeof(int), 2823 .maxlen = sizeof(int),
2821 .mode = 0644, 2824 .mode = 0644,
2822 .proc_handler = proc_dointvec, 2825 .extra1 = &zero,
2826 .extra2 = &int_max,
2827 .proc_handler = proc_dointvec_minmax,
2823 }, 2828 },
2824 [NEIGH_VAR_UCAST_PROBE] = { 2829 [NEIGH_VAR_UCAST_PROBE] = {
2825 .procname = "ucast_solicit", 2830 .procname = "ucast_solicit",
2826 .maxlen = sizeof(int), 2831 .maxlen = sizeof(int),
2827 .mode = 0644, 2832 .mode = 0644,
2828 .proc_handler = proc_dointvec, 2833 .extra1 = &zero,
2834 .extra2 = &int_max,
2835 .proc_handler = proc_dointvec_minmax,
2829 }, 2836 },
2830 [NEIGH_VAR_APP_PROBE] = { 2837 [NEIGH_VAR_APP_PROBE] = {
2831 .procname = "app_solicit", 2838 .procname = "app_solicit",
2832 .maxlen = sizeof(int), 2839 .maxlen = sizeof(int),
2833 .mode = 0644, 2840 .mode = 0644,
2834 .proc_handler = proc_dointvec, 2841 .extra1 = &zero,
2842 .extra2 = &int_max,
2843 .proc_handler = proc_dointvec_minmax,
2835 }, 2844 },
2836 [NEIGH_VAR_RETRANS_TIME] = { 2845 [NEIGH_VAR_RETRANS_TIME] = {
2837 .procname = "retrans_time", 2846 .procname = "retrans_time",
@@ -2874,7 +2883,9 @@ static struct neigh_sysctl_table {
2874 .procname = "proxy_qlen", 2883 .procname = "proxy_qlen",
2875 .maxlen = sizeof(int), 2884 .maxlen = sizeof(int),
2876 .mode = 0644, 2885 .mode = 0644,
2877 .proc_handler = proc_dointvec, 2886 .extra1 = &zero,
2887 .extra2 = &int_max,
2888 .proc_handler = proc_dointvec_minmax,
2878 }, 2889 },
2879 [NEIGH_VAR_ANYCAST_DELAY] = { 2890 [NEIGH_VAR_ANYCAST_DELAY] = {
2880 .procname = "anycast_delay", 2891 .procname = "anycast_delay",
@@ -2916,19 +2927,25 @@ static struct neigh_sysctl_table {
2916 .procname = "gc_thresh1", 2927 .procname = "gc_thresh1",
2917 .maxlen = sizeof(int), 2928 .maxlen = sizeof(int),
2918 .mode = 0644, 2929 .mode = 0644,
2919 .proc_handler = proc_dointvec, 2930 .extra1 = &zero,
2931 .extra2 = &int_max,
2932 .proc_handler = proc_dointvec_minmax,
2920 }, 2933 },
2921 [NEIGH_VAR_GC_THRESH2] = { 2934 [NEIGH_VAR_GC_THRESH2] = {
2922 .procname = "gc_thresh2", 2935 .procname = "gc_thresh2",
2923 .maxlen = sizeof(int), 2936 .maxlen = sizeof(int),
2924 .mode = 0644, 2937 .mode = 0644,
2925 .proc_handler = proc_dointvec, 2938 .extra1 = &zero,
2939 .extra2 = &int_max,
2940 .proc_handler = proc_dointvec_minmax,
2926 }, 2941 },
2927 [NEIGH_VAR_GC_THRESH3] = { 2942 [NEIGH_VAR_GC_THRESH3] = {
2928 .procname = "gc_thresh3", 2943 .procname = "gc_thresh3",
2929 .maxlen = sizeof(int), 2944 .maxlen = sizeof(int),
2930 .mode = 0644, 2945 .mode = 0644,
2931 .proc_handler = proc_dointvec, 2946 .extra1 = &zero,
2947 .extra2 = &int_max,
2948 .proc_handler = proc_dointvec_minmax,
2932 }, 2949 },
2933 {}, 2950 {},
2934 }, 2951 },
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index 3de740834d1f..ca198c1d1d30 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -2156,7 +2156,7 @@ int ndo_dflt_fdb_del(struct ndmsg *ndm,
2156 /* If aging addresses are supported device will need to 2156 /* If aging addresses are supported device will need to
2157 * implement its own handler for this. 2157 * implement its own handler for this.
2158 */ 2158 */
2159 if (ndm->ndm_state & NUD_PERMANENT) { 2159 if (!(ndm->ndm_state & NUD_PERMANENT)) {
2160 pr_info("%s: FDB only supports static addresses\n", dev->name); 2160 pr_info("%s: FDB only supports static addresses\n", dev->name);
2161 return -EINVAL; 2161 return -EINVAL;
2162 } 2162 }
@@ -2384,7 +2384,7 @@ static int rtnl_bridge_getlink(struct sk_buff *skb, struct netlink_callback *cb)
2384 struct nlattr *extfilt; 2384 struct nlattr *extfilt;
2385 u32 filter_mask = 0; 2385 u32 filter_mask = 0;
2386 2386
2387 extfilt = nlmsg_find_attr(cb->nlh, sizeof(struct rtgenmsg), 2387 extfilt = nlmsg_find_attr(cb->nlh, sizeof(struct ifinfomsg),
2388 IFLA_EXT_MASK); 2388 IFLA_EXT_MASK);
2389 if (extfilt) 2389 if (extfilt)
2390 filter_mask = nla_get_u32(extfilt); 2390 filter_mask = nla_get_u32(extfilt);
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 20e02d2605ec..2c3d0f53d198 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -309,7 +309,8 @@ EXPORT_SYMBOL(__alloc_skb);
309 * @frag_size: size of fragment, or 0 if head was kmalloced 309 * @frag_size: size of fragment, or 0 if head was kmalloced
310 * 310 *
311 * Allocate a new &sk_buff. Caller provides space holding head and 311 * Allocate a new &sk_buff. Caller provides space holding head and
312 * skb_shared_info. @data must have been allocated by kmalloc() 312 * skb_shared_info. @data must have been allocated by kmalloc() only if
313 * @frag_size is 0, otherwise data should come from the page allocator.
313 * The return is the new skb buffer. 314 * The return is the new skb buffer.
314 * On a failure the return is %NULL, and @data is not freed. 315 * On a failure the return is %NULL, and @data is not freed.
315 * Notes : 316 * Notes :
@@ -739,7 +740,7 @@ static void __copy_skb_header(struct sk_buff *new, const struct sk_buff *old)
739 740
740 skb_copy_secmark(new, old); 741 skb_copy_secmark(new, old);
741 742
742#ifdef CONFIG_NET_LL_RX_POLL 743#ifdef CONFIG_NET_RX_BUSY_POLL
743 new->napi_id = old->napi_id; 744 new->napi_id = old->napi_id;
744#endif 745#endif
745} 746}
diff --git a/net/core/sock.c b/net/core/sock.c
index 548d716c5f62..2c097c5a35dd 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -900,7 +900,7 @@ set_rcvbuf:
900 sock_valbool_flag(sk, SOCK_SELECT_ERR_QUEUE, valbool); 900 sock_valbool_flag(sk, SOCK_SELECT_ERR_QUEUE, valbool);
901 break; 901 break;
902 902
903#ifdef CONFIG_NET_LL_RX_POLL 903#ifdef CONFIG_NET_RX_BUSY_POLL
904 case SO_BUSY_POLL: 904 case SO_BUSY_POLL:
905 /* allow unprivileged users to decrease the value */ 905 /* allow unprivileged users to decrease the value */
906 if ((val > sk->sk_ll_usec) && !capable(CAP_NET_ADMIN)) 906 if ((val > sk->sk_ll_usec) && !capable(CAP_NET_ADMIN))
@@ -1170,7 +1170,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
1170 v.val = sock_flag(sk, SOCK_SELECT_ERR_QUEUE); 1170 v.val = sock_flag(sk, SOCK_SELECT_ERR_QUEUE);
1171 break; 1171 break;
1172 1172
1173#ifdef CONFIG_NET_LL_RX_POLL 1173#ifdef CONFIG_NET_RX_BUSY_POLL
1174 case SO_BUSY_POLL: 1174 case SO_BUSY_POLL:
1175 v.val = sk->sk_ll_usec; 1175 v.val = sk->sk_ll_usec;
1176 break; 1176 break;
@@ -2292,7 +2292,7 @@ void sock_init_data(struct socket *sock, struct sock *sk)
2292 2292
2293 sk->sk_stamp = ktime_set(-1L, 0); 2293 sk->sk_stamp = ktime_set(-1L, 0);
2294 2294
2295#ifdef CONFIG_NET_LL_RX_POLL 2295#ifdef CONFIG_NET_RX_BUSY_POLL
2296 sk->sk_napi_id = 0; 2296 sk->sk_napi_id = 0;
2297 sk->sk_ll_usec = sysctl_net_busy_read; 2297 sk->sk_ll_usec = sysctl_net_busy_read;
2298#endif 2298#endif
diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c
index 660968616637..31107abd2783 100644
--- a/net/core/sysctl_net_core.c
+++ b/net/core/sysctl_net_core.c
@@ -21,7 +21,9 @@
21#include <net/net_ratelimit.h> 21#include <net/net_ratelimit.h>
22#include <net/busy_poll.h> 22#include <net/busy_poll.h>
23 23
24static int zero = 0;
24static int one = 1; 25static int one = 1;
26static int ushort_max = USHRT_MAX;
25 27
26#ifdef CONFIG_RPS 28#ifdef CONFIG_RPS
27static int rps_sock_flow_sysctl(struct ctl_table *table, int write, 29static int rps_sock_flow_sysctl(struct ctl_table *table, int write,
@@ -298,7 +300,7 @@ static struct ctl_table net_core_table[] = {
298 .proc_handler = flow_limit_table_len_sysctl 300 .proc_handler = flow_limit_table_len_sysctl
299 }, 301 },
300#endif /* CONFIG_NET_FLOW_LIMIT */ 302#endif /* CONFIG_NET_FLOW_LIMIT */
301#ifdef CONFIG_NET_LL_RX_POLL 303#ifdef CONFIG_NET_RX_BUSY_POLL
302 { 304 {
303 .procname = "busy_poll", 305 .procname = "busy_poll",
304 .data = &sysctl_net_busy_poll, 306 .data = &sysctl_net_busy_poll,
@@ -339,7 +341,9 @@ static struct ctl_table netns_core_table[] = {
339 .data = &init_net.core.sysctl_somaxconn, 341 .data = &init_net.core.sysctl_somaxconn,
340 .maxlen = sizeof(int), 342 .maxlen = sizeof(int),
341 .mode = 0644, 343 .mode = 0644,
342 .proc_handler = proc_dointvec 344 .extra1 = &zero,
345 .extra2 = &ushort_max,
346 .proc_handler = proc_dointvec_minmax
343 }, 347 },
344 { } 348 { }
345}; 349};
diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
index 8d48c392adcc..34ca6d5a3a4b 100644
--- a/net/ipv4/devinet.c
+++ b/net/ipv4/devinet.c
@@ -772,7 +772,7 @@ static struct in_ifaddr *rtm_to_ifaddr(struct net *net, struct nlmsghdr *nlh,
772 ci = nla_data(tb[IFA_CACHEINFO]); 772 ci = nla_data(tb[IFA_CACHEINFO]);
773 if (!ci->ifa_valid || ci->ifa_prefered > ci->ifa_valid) { 773 if (!ci->ifa_valid || ci->ifa_prefered > ci->ifa_valid) {
774 err = -EINVAL; 774 err = -EINVAL;
775 goto errout; 775 goto errout_free;
776 } 776 }
777 *pvalid_lft = ci->ifa_valid; 777 *pvalid_lft = ci->ifa_valid;
778 *pprefered_lft = ci->ifa_prefered; 778 *pprefered_lft = ci->ifa_prefered;
@@ -780,6 +780,8 @@ static struct in_ifaddr *rtm_to_ifaddr(struct net *net, struct nlmsghdr *nlh,
780 780
781 return ifa; 781 return ifa;
782 782
783errout_free:
784 inet_free_ifa(ifa);
783errout: 785errout:
784 return ERR_PTR(err); 786 return ERR_PTR(err);
785} 787}
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
index ab3d814bc80a..109ee89f123e 100644
--- a/net/ipv4/esp4.c
+++ b/net/ipv4/esp4.c
@@ -477,7 +477,7 @@ static u32 esp4_get_mtu(struct xfrm_state *x, int mtu)
477 } 477 }
478 478
479 return ((mtu - x->props.header_len - crypto_aead_authsize(esp->aead) - 479 return ((mtu - x->props.header_len - crypto_aead_authsize(esp->aead) -
480 net_adj) & ~(align - 1)) + (net_adj - 2); 480 net_adj) & ~(align - 1)) + net_adj - 2;
481} 481}
482 482
483static void esp4_err(struct sk_buff *skb, u32 info) 483static void esp4_err(struct sk_buff *skb, u32 info)
diff --git a/net/ipv4/fib_trie.c b/net/ipv4/fib_trie.c
index 49616fed9340..3df6d3edb2a1 100644
--- a/net/ipv4/fib_trie.c
+++ b/net/ipv4/fib_trie.c
@@ -71,7 +71,6 @@
71#include <linux/init.h> 71#include <linux/init.h>
72#include <linux/list.h> 72#include <linux/list.h>
73#include <linux/slab.h> 73#include <linux/slab.h>
74#include <linux/prefetch.h>
75#include <linux/export.h> 74#include <linux/export.h>
76#include <net/net_namespace.h> 75#include <net/net_namespace.h>
77#include <net/ip.h> 76#include <net/ip.h>
@@ -1761,10 +1760,8 @@ static struct leaf *leaf_walk_rcu(struct tnode *p, struct rt_trie_node *c)
1761 if (!c) 1760 if (!c)
1762 continue; 1761 continue;
1763 1762
1764 if (IS_LEAF(c)) { 1763 if (IS_LEAF(c))
1765 prefetch(rcu_dereference_rtnl(p->child[idx]));
1766 return (struct leaf *) c; 1764 return (struct leaf *) c;
1767 }
1768 1765
1769 /* Rescan start scanning in new node */ 1766 /* Rescan start scanning in new node */
1770 p = (struct tnode *) c; 1767 p = (struct tnode *) c;
@@ -2133,7 +2130,7 @@ static void trie_show_stats(struct seq_file *seq, struct trie_stat *stat)
2133 max--; 2130 max--;
2134 2131
2135 pointers = 0; 2132 pointers = 0;
2136 for (i = 1; i <= max; i++) 2133 for (i = 1; i < max; i++)
2137 if (stat->nodesizes[i] != 0) { 2134 if (stat->nodesizes[i] != 0) {
2138 seq_printf(seq, " %u: %u", i, stat->nodesizes[i]); 2135 seq_printf(seq, " %u: %u", i, stat->nodesizes[i]);
2139 pointers += (1<<i) * stat->nodesizes[i]; 2136 pointers += (1<<i) * stat->nodesizes[i];
diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
index 1f6eab66f7ce..8d6939eeb492 100644
--- a/net/ipv4/ip_gre.c
+++ b/net/ipv4/ip_gre.c
@@ -383,7 +383,7 @@ static int ipgre_header(struct sk_buff *skb, struct net_device *dev,
383 if (daddr) 383 if (daddr)
384 memcpy(&iph->daddr, daddr, 4); 384 memcpy(&iph->daddr, daddr, 4);
385 if (iph->daddr) 385 if (iph->daddr)
386 return t->hlen; 386 return t->hlen + sizeof(*iph);
387 387
388 return -(t->hlen + sizeof(*iph)); 388 return -(t->hlen + sizeof(*iph));
389} 389}
diff --git a/net/ipv4/ip_tunnel_core.c b/net/ipv4/ip_tunnel_core.c
index 7167b08977df..850525b34899 100644
--- a/net/ipv4/ip_tunnel_core.c
+++ b/net/ipv4/ip_tunnel_core.c
@@ -76,9 +76,7 @@ int iptunnel_xmit(struct net *net, struct rtable *rt,
76 iph->daddr = dst; 76 iph->daddr = dst;
77 iph->saddr = src; 77 iph->saddr = src;
78 iph->ttl = ttl; 78 iph->ttl = ttl;
79 tunnel_ip_select_ident(skb, 79 __ip_select_ident(iph, &rt->dst, (skb_shinfo(skb)->gso_segs ?: 1) - 1);
80 (const struct iphdr *)skb_inner_network_header(skb),
81 &rt->dst);
82 80
83 err = ip_local_out(skb); 81 err = ip_local_out(skb);
84 if (unlikely(net_xmit_eval(err))) 82 if (unlikely(net_xmit_eval(err)))
diff --git a/net/ipv4/proc.c b/net/ipv4/proc.c
index 6577a1149a47..463bd1273346 100644
--- a/net/ipv4/proc.c
+++ b/net/ipv4/proc.c
@@ -273,7 +273,7 @@ static const struct snmp_mib snmp4_net_list[] = {
273 SNMP_MIB_ITEM("TCPFastOpenListenOverflow", LINUX_MIB_TCPFASTOPENLISTENOVERFLOW), 273 SNMP_MIB_ITEM("TCPFastOpenListenOverflow", LINUX_MIB_TCPFASTOPENLISTENOVERFLOW),
274 SNMP_MIB_ITEM("TCPFastOpenCookieReqd", LINUX_MIB_TCPFASTOPENCOOKIEREQD), 274 SNMP_MIB_ITEM("TCPFastOpenCookieReqd", LINUX_MIB_TCPFASTOPENCOOKIEREQD),
275 SNMP_MIB_ITEM("TCPSpuriousRtxHostQueues", LINUX_MIB_TCPSPURIOUS_RTX_HOSTQUEUES), 275 SNMP_MIB_ITEM("TCPSpuriousRtxHostQueues", LINUX_MIB_TCPSPURIOUS_RTX_HOSTQUEUES),
276 SNMP_MIB_ITEM("LowLatencyRxPackets", LINUX_MIB_LOWLATENCYRXPACKETS), 276 SNMP_MIB_ITEM("BusyPollRxPackets", LINUX_MIB_BUSYPOLLRXPACKETS),
277 SNMP_MIB_SENTINEL 277 SNMP_MIB_SENTINEL
278}; 278};
279 279
diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c
index b2c123c44d69..610e324348d1 100644
--- a/net/ipv4/sysctl_net_ipv4.c
+++ b/net/ipv4/sysctl_net_ipv4.c
@@ -36,6 +36,8 @@ static int tcp_adv_win_scale_min = -31;
36static int tcp_adv_win_scale_max = 31; 36static int tcp_adv_win_scale_max = 31;
37static int ip_ttl_min = 1; 37static int ip_ttl_min = 1;
38static int ip_ttl_max = 255; 38static int ip_ttl_max = 255;
39static int tcp_syn_retries_min = 1;
40static int tcp_syn_retries_max = MAX_TCP_SYNCNT;
39static int ip_ping_group_range_min[] = { 0, 0 }; 41static int ip_ping_group_range_min[] = { 0, 0 };
40static int ip_ping_group_range_max[] = { GID_T_MAX, GID_T_MAX }; 42static int ip_ping_group_range_max[] = { GID_T_MAX, GID_T_MAX };
41 43
@@ -332,7 +334,9 @@ static struct ctl_table ipv4_table[] = {
332 .data = &sysctl_tcp_syn_retries, 334 .data = &sysctl_tcp_syn_retries,
333 .maxlen = sizeof(int), 335 .maxlen = sizeof(int),
334 .mode = 0644, 336 .mode = 0644,
335 .proc_handler = proc_dointvec 337 .proc_handler = proc_dointvec_minmax,
338 .extra1 = &tcp_syn_retries_min,
339 .extra2 = &tcp_syn_retries_max
336 }, 340 },
337 { 341 {
338 .procname = "tcp_synack_retries", 342 .procname = "tcp_synack_retries",
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index 5423223e93c2..b2f6c74861af 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -1121,6 +1121,13 @@ new_segment:
1121 goto wait_for_memory; 1121 goto wait_for_memory;
1122 1122
1123 /* 1123 /*
1124 * All packets are restored as if they have
1125 * already been sent.
1126 */
1127 if (tp->repair)
1128 TCP_SKB_CB(skb)->when = tcp_time_stamp;
1129
1130 /*
1124 * Check whether we can use HW checksum. 1131 * Check whether we can use HW checksum.
1125 */ 1132 */
1126 if (sk->sk_route_caps & NETIF_F_ALL_CSUM) 1133 if (sk->sk_route_caps & NETIF_F_ALL_CSUM)
diff --git a/net/ipv4/tcp_cubic.c b/net/ipv4/tcp_cubic.c
index a9077f441cb2..b6ae92a51f58 100644
--- a/net/ipv4/tcp_cubic.c
+++ b/net/ipv4/tcp_cubic.c
@@ -206,8 +206,8 @@ static u32 cubic_root(u64 a)
206 */ 206 */
207static inline void bictcp_update(struct bictcp *ca, u32 cwnd) 207static inline void bictcp_update(struct bictcp *ca, u32 cwnd)
208{ 208{
209 u64 offs; 209 u32 delta, bic_target, max_cnt;
210 u32 delta, t, bic_target, max_cnt; 210 u64 offs, t;
211 211
212 ca->ack_cnt++; /* count the number of ACKs */ 212 ca->ack_cnt++; /* count the number of ACKs */
213 213
@@ -250,9 +250,11 @@ static inline void bictcp_update(struct bictcp *ca, u32 cwnd)
250 * if the cwnd < 1 million packets !!! 250 * if the cwnd < 1 million packets !!!
251 */ 251 */
252 252
253 t = (s32)(tcp_time_stamp - ca->epoch_start);
254 t += msecs_to_jiffies(ca->delay_min >> 3);
253 /* change the unit from HZ to bictcp_HZ */ 255 /* change the unit from HZ to bictcp_HZ */
254 t = ((tcp_time_stamp + msecs_to_jiffies(ca->delay_min>>3) 256 t <<= BICTCP_HZ;
255 - ca->epoch_start) << BICTCP_HZ) / HZ; 257 do_div(t, HZ);
256 258
257 if (t < ca->bic_K) /* t - K */ 259 if (t < ca->bic_K) /* t - K */
258 offs = ca->bic_K - t; 260 offs = ca->bic_K - t;
@@ -414,7 +416,7 @@ static void bictcp_acked(struct sock *sk, u32 cnt, s32 rtt_us)
414 return; 416 return;
415 417
416 /* Discard delay samples right after fast recovery */ 418 /* Discard delay samples right after fast recovery */
417 if ((s32)(tcp_time_stamp - ca->epoch_start) < HZ) 419 if (ca->epoch_start && (s32)(tcp_time_stamp - ca->epoch_start) < HZ)
418 return; 420 return;
419 421
420 delay = (rtt_us << 3) / USEC_PER_MSEC; 422 delay = (rtt_us << 3) / USEC_PER_MSEC;
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index cfdcf7b2daf6..498ea99194af 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -813,8 +813,9 @@ static u32 inet6_addr_hash(const struct in6_addr *addr)
813/* On success it returns ifp with increased reference count */ 813/* On success it returns ifp with increased reference count */
814 814
815static struct inet6_ifaddr * 815static struct inet6_ifaddr *
816ipv6_add_addr(struct inet6_dev *idev, const struct in6_addr *addr, int pfxlen, 816ipv6_add_addr(struct inet6_dev *idev, const struct in6_addr *addr,
817 int scope, u32 flags) 817 const struct in6_addr *peer_addr, int pfxlen,
818 int scope, u32 flags, u32 valid_lft, u32 prefered_lft)
818{ 819{
819 struct inet6_ifaddr *ifa = NULL; 820 struct inet6_ifaddr *ifa = NULL;
820 struct rt6_info *rt; 821 struct rt6_info *rt;
@@ -863,6 +864,8 @@ ipv6_add_addr(struct inet6_dev *idev, const struct in6_addr *addr, int pfxlen,
863 } 864 }
864 865
865 ifa->addr = *addr; 866 ifa->addr = *addr;
867 if (peer_addr)
868 ifa->peer_addr = *peer_addr;
866 869
867 spin_lock_init(&ifa->lock); 870 spin_lock_init(&ifa->lock);
868 spin_lock_init(&ifa->state_lock); 871 spin_lock_init(&ifa->state_lock);
@@ -872,6 +875,8 @@ ipv6_add_addr(struct inet6_dev *idev, const struct in6_addr *addr, int pfxlen,
872 ifa->scope = scope; 875 ifa->scope = scope;
873 ifa->prefix_len = pfxlen; 876 ifa->prefix_len = pfxlen;
874 ifa->flags = flags | IFA_F_TENTATIVE; 877 ifa->flags = flags | IFA_F_TENTATIVE;
878 ifa->valid_lft = valid_lft;
879 ifa->prefered_lft = prefered_lft;
875 ifa->cstamp = ifa->tstamp = jiffies; 880 ifa->cstamp = ifa->tstamp = jiffies;
876 ifa->tokenized = false; 881 ifa->tokenized = false;
877 882
@@ -1121,11 +1126,10 @@ retry:
1121 if (ifp->flags & IFA_F_OPTIMISTIC) 1126 if (ifp->flags & IFA_F_OPTIMISTIC)
1122 addr_flags |= IFA_F_OPTIMISTIC; 1127 addr_flags |= IFA_F_OPTIMISTIC;
1123 1128
1124 ift = !max_addresses || 1129 ift = ipv6_add_addr(idev, &addr, NULL, tmp_plen,
1125 ipv6_count_addresses(idev) < max_addresses ? 1130 ipv6_addr_scope(&addr), addr_flags,
1126 ipv6_add_addr(idev, &addr, tmp_plen, ipv6_addr_scope(&addr), 1131 tmp_valid_lft, tmp_prefered_lft);
1127 addr_flags) : NULL; 1132 if (IS_ERR(ift)) {
1128 if (IS_ERR_OR_NULL(ift)) {
1129 in6_ifa_put(ifp); 1133 in6_ifa_put(ifp);
1130 in6_dev_put(idev); 1134 in6_dev_put(idev);
1131 pr_info("%s: retry temporary address regeneration\n", __func__); 1135 pr_info("%s: retry temporary address regeneration\n", __func__);
@@ -1136,8 +1140,6 @@ retry:
1136 1140
1137 spin_lock_bh(&ift->lock); 1141 spin_lock_bh(&ift->lock);
1138 ift->ifpub = ifp; 1142 ift->ifpub = ifp;
1139 ift->valid_lft = tmp_valid_lft;
1140 ift->prefered_lft = tmp_prefered_lft;
1141 ift->cstamp = now; 1143 ift->cstamp = now;
1142 ift->tstamp = tmp_tstamp; 1144 ift->tstamp = tmp_tstamp;
1143 spin_unlock_bh(&ift->lock); 1145 spin_unlock_bh(&ift->lock);
@@ -2179,16 +2181,19 @@ ok:
2179 */ 2181 */
2180 if (!max_addresses || 2182 if (!max_addresses ||
2181 ipv6_count_addresses(in6_dev) < max_addresses) 2183 ipv6_count_addresses(in6_dev) < max_addresses)
2182 ifp = ipv6_add_addr(in6_dev, &addr, pinfo->prefix_len, 2184 ifp = ipv6_add_addr(in6_dev, &addr, NULL,
2185 pinfo->prefix_len,
2183 addr_type&IPV6_ADDR_SCOPE_MASK, 2186 addr_type&IPV6_ADDR_SCOPE_MASK,
2184 addr_flags); 2187 addr_flags, valid_lft,
2188 prefered_lft);
2185 2189
2186 if (IS_ERR_OR_NULL(ifp)) { 2190 if (IS_ERR_OR_NULL(ifp)) {
2187 in6_dev_put(in6_dev); 2191 in6_dev_put(in6_dev);
2188 return; 2192 return;
2189 } 2193 }
2190 2194
2191 update_lft = create = 1; 2195 update_lft = 0;
2196 create = 1;
2192 ifp->cstamp = jiffies; 2197 ifp->cstamp = jiffies;
2193 ifp->tokenized = tokenized; 2198 ifp->tokenized = tokenized;
2194 addrconf_dad_start(ifp); 2199 addrconf_dad_start(ifp);
@@ -2209,7 +2214,7 @@ ok:
2209 stored_lft = ifp->valid_lft - (now - ifp->tstamp) / HZ; 2214 stored_lft = ifp->valid_lft - (now - ifp->tstamp) / HZ;
2210 else 2215 else
2211 stored_lft = 0; 2216 stored_lft = 0;
2212 if (!update_lft && stored_lft) { 2217 if (!update_lft && !create && stored_lft) {
2213 if (valid_lft > MIN_VALID_LIFETIME || 2218 if (valid_lft > MIN_VALID_LIFETIME ||
2214 valid_lft > stored_lft) 2219 valid_lft > stored_lft)
2215 update_lft = 1; 2220 update_lft = 1;
@@ -2455,17 +2460,10 @@ static int inet6_addr_add(struct net *net, int ifindex, const struct in6_addr *p
2455 prefered_lft = timeout; 2460 prefered_lft = timeout;
2456 } 2461 }
2457 2462
2458 ifp = ipv6_add_addr(idev, pfx, plen, scope, ifa_flags); 2463 ifp = ipv6_add_addr(idev, pfx, peer_pfx, plen, scope, ifa_flags,
2464 valid_lft, prefered_lft);
2459 2465
2460 if (!IS_ERR(ifp)) { 2466 if (!IS_ERR(ifp)) {
2461 spin_lock_bh(&ifp->lock);
2462 ifp->valid_lft = valid_lft;
2463 ifp->prefered_lft = prefered_lft;
2464 ifp->tstamp = jiffies;
2465 if (peer_pfx)
2466 ifp->peer_addr = *peer_pfx;
2467 spin_unlock_bh(&ifp->lock);
2468
2469 addrconf_prefix_route(&ifp->addr, ifp->prefix_len, dev, 2467 addrconf_prefix_route(&ifp->addr, ifp->prefix_len, dev,
2470 expires, flags); 2468 expires, flags);
2471 /* 2469 /*
@@ -2557,7 +2555,8 @@ static void add_addr(struct inet6_dev *idev, const struct in6_addr *addr,
2557{ 2555{
2558 struct inet6_ifaddr *ifp; 2556 struct inet6_ifaddr *ifp;
2559 2557
2560 ifp = ipv6_add_addr(idev, addr, plen, scope, IFA_F_PERMANENT); 2558 ifp = ipv6_add_addr(idev, addr, NULL, plen,
2559 scope, IFA_F_PERMANENT, 0, 0);
2561 if (!IS_ERR(ifp)) { 2560 if (!IS_ERR(ifp)) {
2562 spin_lock_bh(&ifp->lock); 2561 spin_lock_bh(&ifp->lock);
2563 ifp->flags &= ~IFA_F_TENTATIVE; 2562 ifp->flags &= ~IFA_F_TENTATIVE;
@@ -2683,7 +2682,7 @@ static void addrconf_add_linklocal(struct inet6_dev *idev, const struct in6_addr
2683#endif 2682#endif
2684 2683
2685 2684
2686 ifp = ipv6_add_addr(idev, addr, 64, IFA_LINK, addr_flags); 2685 ifp = ipv6_add_addr(idev, addr, NULL, 64, IFA_LINK, addr_flags, 0, 0);
2687 if (!IS_ERR(ifp)) { 2686 if (!IS_ERR(ifp)) {
2688 addrconf_prefix_route(&ifp->addr, ifp->prefix_len, idev->dev, 0, 0); 2687 addrconf_prefix_route(&ifp->addr, ifp->prefix_len, idev->dev, 0, 0);
2689 addrconf_dad_start(ifp); 2688 addrconf_dad_start(ifp);
diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c
index 40ffd72243a4..aeac0dc3635d 100644
--- a/net/ipv6/esp6.c
+++ b/net/ipv6/esp6.c
@@ -425,7 +425,7 @@ static u32 esp6_get_mtu(struct xfrm_state *x, int mtu)
425 net_adj = 0; 425 net_adj = 0;
426 426
427 return ((mtu - x->props.header_len - crypto_aead_authsize(esp->aead) - 427 return ((mtu - x->props.header_len - crypto_aead_authsize(esp->aead) -
428 net_adj) & ~(align - 1)) + (net_adj - 2); 428 net_adj) & ~(align - 1)) + net_adj - 2;
429} 429}
430 430
431static void esp6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, 431static void esp6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
diff --git a/net/ipv6/ip6_fib.c b/net/ipv6/ip6_fib.c
index 5fc9c7a68d8d..c4ff5bbb45c4 100644
--- a/net/ipv6/ip6_fib.c
+++ b/net/ipv6/ip6_fib.c
@@ -993,14 +993,22 @@ static struct fib6_node * fib6_lookup_1(struct fib6_node *root,
993 993
994 if (ipv6_prefix_equal(&key->addr, args->addr, key->plen)) { 994 if (ipv6_prefix_equal(&key->addr, args->addr, key->plen)) {
995#ifdef CONFIG_IPV6_SUBTREES 995#ifdef CONFIG_IPV6_SUBTREES
996 if (fn->subtree) 996 if (fn->subtree) {
997 fn = fib6_lookup_1(fn->subtree, args + 1); 997 struct fib6_node *sfn;
998 sfn = fib6_lookup_1(fn->subtree,
999 args + 1);
1000 if (!sfn)
1001 goto backtrack;
1002 fn = sfn;
1003 }
998#endif 1004#endif
999 if (!fn || fn->fn_flags & RTN_RTINFO) 1005 if (fn->fn_flags & RTN_RTINFO)
1000 return fn; 1006 return fn;
1001 } 1007 }
1002 } 1008 }
1003 1009#ifdef CONFIG_IPV6_SUBTREES
1010backtrack:
1011#endif
1004 if (fn->fn_flags & RTN_ROOT) 1012 if (fn->fn_flags & RTN_ROOT)
1005 break; 1013 break;
1006 1014
@@ -1632,27 +1640,28 @@ static int fib6_age(struct rt6_info *rt, void *arg)
1632 1640
1633static DEFINE_SPINLOCK(fib6_gc_lock); 1641static DEFINE_SPINLOCK(fib6_gc_lock);
1634 1642
1635void fib6_run_gc(unsigned long expires, struct net *net) 1643void fib6_run_gc(unsigned long expires, struct net *net, bool force)
1636{ 1644{
1637 if (expires != ~0UL) { 1645 unsigned long now;
1646
1647 if (force) {
1638 spin_lock_bh(&fib6_gc_lock); 1648 spin_lock_bh(&fib6_gc_lock);
1639 gc_args.timeout = expires ? (int)expires : 1649 } else if (!spin_trylock_bh(&fib6_gc_lock)) {
1640 net->ipv6.sysctl.ip6_rt_gc_interval; 1650 mod_timer(&net->ipv6.ip6_fib_timer, jiffies + HZ);
1641 } else { 1651 return;
1642 if (!spin_trylock_bh(&fib6_gc_lock)) {
1643 mod_timer(&net->ipv6.ip6_fib_timer, jiffies + HZ);
1644 return;
1645 }
1646 gc_args.timeout = net->ipv6.sysctl.ip6_rt_gc_interval;
1647 } 1652 }
1653 gc_args.timeout = expires ? (int)expires :
1654 net->ipv6.sysctl.ip6_rt_gc_interval;
1648 1655
1649 gc_args.more = icmp6_dst_gc(); 1656 gc_args.more = icmp6_dst_gc();
1650 1657
1651 fib6_clean_all(net, fib6_age, 0, NULL); 1658 fib6_clean_all(net, fib6_age, 0, NULL);
1659 now = jiffies;
1660 net->ipv6.ip6_rt_last_gc = now;
1652 1661
1653 if (gc_args.more) 1662 if (gc_args.more)
1654 mod_timer(&net->ipv6.ip6_fib_timer, 1663 mod_timer(&net->ipv6.ip6_fib_timer,
1655 round_jiffies(jiffies 1664 round_jiffies(now
1656 + net->ipv6.sysctl.ip6_rt_gc_interval)); 1665 + net->ipv6.sysctl.ip6_rt_gc_interval));
1657 else 1666 else
1658 del_timer(&net->ipv6.ip6_fib_timer); 1667 del_timer(&net->ipv6.ip6_fib_timer);
@@ -1661,7 +1670,7 @@ void fib6_run_gc(unsigned long expires, struct net *net)
1661 1670
1662static void fib6_gc_timer_cb(unsigned long arg) 1671static void fib6_gc_timer_cb(unsigned long arg)
1663{ 1672{
1664 fib6_run_gc(0, (struct net *)arg); 1673 fib6_run_gc(0, (struct net *)arg, true);
1665} 1674}
1666 1675
1667static int __net_init fib6_net_init(struct net *net) 1676static int __net_init fib6_net_init(struct net *net)
diff --git a/net/ipv6/ip6mr.c b/net/ipv6/ip6mr.c
index 583e8d435f9a..03986d31fa41 100644
--- a/net/ipv6/ip6mr.c
+++ b/net/ipv6/ip6mr.c
@@ -259,10 +259,12 @@ static void __net_exit ip6mr_rules_exit(struct net *net)
259{ 259{
260 struct mr6_table *mrt, *next; 260 struct mr6_table *mrt, *next;
261 261
262 rtnl_lock();
262 list_for_each_entry_safe(mrt, next, &net->ipv6.mr6_tables, list) { 263 list_for_each_entry_safe(mrt, next, &net->ipv6.mr6_tables, list) {
263 list_del(&mrt->list); 264 list_del(&mrt->list);
264 ip6mr_free_table(mrt); 265 ip6mr_free_table(mrt);
265 } 266 }
267 rtnl_unlock();
266 fib_rules_unregister(net->ipv6.mr6_rules_ops); 268 fib_rules_unregister(net->ipv6.mr6_rules_ops);
267} 269}
268#else 270#else
@@ -289,7 +291,10 @@ static int __net_init ip6mr_rules_init(struct net *net)
289 291
290static void __net_exit ip6mr_rules_exit(struct net *net) 292static void __net_exit ip6mr_rules_exit(struct net *net)
291{ 293{
294 rtnl_lock();
292 ip6mr_free_table(net->ipv6.mrt6); 295 ip6mr_free_table(net->ipv6.mrt6);
296 net->ipv6.mrt6 = NULL;
297 rtnl_unlock();
293} 298}
294#endif 299#endif
295 300
diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
index 24c03396e008..04d31c2fbef1 100644
--- a/net/ipv6/ndisc.c
+++ b/net/ipv6/ndisc.c
@@ -1369,8 +1369,10 @@ static void ndisc_redirect_rcv(struct sk_buff *skb)
1369 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) 1369 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts))
1370 return; 1370 return;
1371 1371
1372 if (!ndopts.nd_opts_rh) 1372 if (!ndopts.nd_opts_rh) {
1373 ip6_redirect_no_header(skb, dev_net(skb->dev), 0, 0);
1373 return; 1374 return;
1375 }
1374 1376
1375 hdr = (u8 *)ndopts.nd_opts_rh; 1377 hdr = (u8 *)ndopts.nd_opts_rh;
1376 hdr += 8; 1378 hdr += 8;
@@ -1576,7 +1578,7 @@ static int ndisc_netdev_event(struct notifier_block *this, unsigned long event,
1576 switch (event) { 1578 switch (event) {
1577 case NETDEV_CHANGEADDR: 1579 case NETDEV_CHANGEADDR:
1578 neigh_changeaddr(&nd_tbl, dev); 1580 neigh_changeaddr(&nd_tbl, dev);
1579 fib6_run_gc(~0UL, net); 1581 fib6_run_gc(0, net, false);
1580 idev = in6_dev_get(dev); 1582 idev = in6_dev_get(dev);
1581 if (!idev) 1583 if (!idev)
1582 break; 1584 break;
@@ -1586,7 +1588,7 @@ static int ndisc_netdev_event(struct notifier_block *this, unsigned long event,
1586 break; 1588 break;
1587 case NETDEV_DOWN: 1589 case NETDEV_DOWN:
1588 neigh_ifdown(&nd_tbl, dev); 1590 neigh_ifdown(&nd_tbl, dev);
1589 fib6_run_gc(~0UL, net); 1591 fib6_run_gc(0, net, false);
1590 break; 1592 break;
1591 case NETDEV_NOTIFY_PEERS: 1593 case NETDEV_NOTIFY_PEERS:
1592 ndisc_send_unsol_na(dev); 1594 ndisc_send_unsol_na(dev);
diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c
index 790d9f4b8b0b..1aeb473b2cc6 100644
--- a/net/ipv6/reassembly.c
+++ b/net/ipv6/reassembly.c
@@ -490,6 +490,7 @@ static int ip6_frag_reasm(struct frag_queue *fq, struct sk_buff *prev,
490 ipv6_hdr(head)->payload_len = htons(payload_len); 490 ipv6_hdr(head)->payload_len = htons(payload_len);
491 ipv6_change_dsfield(ipv6_hdr(head), 0xff, ecn); 491 ipv6_change_dsfield(ipv6_hdr(head), 0xff, ecn);
492 IP6CB(head)->nhoff = nhoff; 492 IP6CB(head)->nhoff = nhoff;
493 IP6CB(head)->flags |= IP6SKB_FRAGMENTED;
493 494
494 /* Yes, and fold redundant checksum back. 8) */ 495 /* Yes, and fold redundant checksum back. 8) */
495 if (head->ip_summed == CHECKSUM_COMPLETE) 496 if (head->ip_summed == CHECKSUM_COMPLETE)
@@ -524,6 +525,9 @@ static int ipv6_frag_rcv(struct sk_buff *skb)
524 struct net *net = dev_net(skb_dst(skb)->dev); 525 struct net *net = dev_net(skb_dst(skb)->dev);
525 int evicted; 526 int evicted;
526 527
528 if (IP6CB(skb)->flags & IP6SKB_FRAGMENTED)
529 goto fail_hdr;
530
527 IP6_INC_STATS_BH(net, ip6_dst_idev(skb_dst(skb)), IPSTATS_MIB_REASMREQDS); 531 IP6_INC_STATS_BH(net, ip6_dst_idev(skb_dst(skb)), IPSTATS_MIB_REASMREQDS);
528 532
529 /* Jumbo payload inhibits frag. header */ 533 /* Jumbo payload inhibits frag. header */
@@ -544,6 +548,7 @@ static int ipv6_frag_rcv(struct sk_buff *skb)
544 ip6_dst_idev(skb_dst(skb)), IPSTATS_MIB_REASMOKS); 548 ip6_dst_idev(skb_dst(skb)), IPSTATS_MIB_REASMOKS);
545 549
546 IP6CB(skb)->nhoff = (u8 *)fhdr - skb_network_header(skb); 550 IP6CB(skb)->nhoff = (u8 *)fhdr - skb_network_header(skb);
551 IP6CB(skb)->flags |= IP6SKB_FRAGMENTED;
547 return 1; 552 return 1;
548 } 553 }
549 554
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index a8c891aa2464..8d9a93ed9c59 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -1178,6 +1178,27 @@ void ip6_redirect(struct sk_buff *skb, struct net *net, int oif, u32 mark)
1178} 1178}
1179EXPORT_SYMBOL_GPL(ip6_redirect); 1179EXPORT_SYMBOL_GPL(ip6_redirect);
1180 1180
1181void ip6_redirect_no_header(struct sk_buff *skb, struct net *net, int oif,
1182 u32 mark)
1183{
1184 const struct ipv6hdr *iph = ipv6_hdr(skb);
1185 const struct rd_msg *msg = (struct rd_msg *)icmp6_hdr(skb);
1186 struct dst_entry *dst;
1187 struct flowi6 fl6;
1188
1189 memset(&fl6, 0, sizeof(fl6));
1190 fl6.flowi6_oif = oif;
1191 fl6.flowi6_mark = mark;
1192 fl6.flowi6_flags = 0;
1193 fl6.daddr = msg->dest;
1194 fl6.saddr = iph->daddr;
1195
1196 dst = ip6_route_output(net, NULL, &fl6);
1197 if (!dst->error)
1198 rt6_do_redirect(dst, NULL, skb);
1199 dst_release(dst);
1200}
1201
1181void ip6_sk_redirect(struct sk_buff *skb, struct sock *sk) 1202void ip6_sk_redirect(struct sk_buff *skb, struct sock *sk)
1182{ 1203{
1183 ip6_redirect(skb, sock_net(sk), sk->sk_bound_dev_if, sk->sk_mark); 1204 ip6_redirect(skb, sock_net(sk), sk->sk_bound_dev_if, sk->sk_mark);
@@ -1311,7 +1332,6 @@ static void icmp6_clean_all(int (*func)(struct rt6_info *rt, void *arg),
1311 1332
1312static int ip6_dst_gc(struct dst_ops *ops) 1333static int ip6_dst_gc(struct dst_ops *ops)
1313{ 1334{
1314 unsigned long now = jiffies;
1315 struct net *net = container_of(ops, struct net, ipv6.ip6_dst_ops); 1335 struct net *net = container_of(ops, struct net, ipv6.ip6_dst_ops);
1316 int rt_min_interval = net->ipv6.sysctl.ip6_rt_gc_min_interval; 1336 int rt_min_interval = net->ipv6.sysctl.ip6_rt_gc_min_interval;
1317 int rt_max_size = net->ipv6.sysctl.ip6_rt_max_size; 1337 int rt_max_size = net->ipv6.sysctl.ip6_rt_max_size;
@@ -1321,13 +1341,12 @@ static int ip6_dst_gc(struct dst_ops *ops)
1321 int entries; 1341 int entries;
1322 1342
1323 entries = dst_entries_get_fast(ops); 1343 entries = dst_entries_get_fast(ops);
1324 if (time_after(rt_last_gc + rt_min_interval, now) && 1344 if (time_after(rt_last_gc + rt_min_interval, jiffies) &&
1325 entries <= rt_max_size) 1345 entries <= rt_max_size)
1326 goto out; 1346 goto out;
1327 1347
1328 net->ipv6.ip6_rt_gc_expire++; 1348 net->ipv6.ip6_rt_gc_expire++;
1329 fib6_run_gc(net->ipv6.ip6_rt_gc_expire, net); 1349 fib6_run_gc(net->ipv6.ip6_rt_gc_expire, net, entries > rt_max_size);
1330 net->ipv6.ip6_rt_last_gc = now;
1331 entries = dst_entries_get_slow(ops); 1350 entries = dst_entries_get_slow(ops);
1332 if (entries < ops->gc_thresh) 1351 if (entries < ops->gc_thresh)
1333 net->ipv6.ip6_rt_gc_expire = rt_gc_timeout>>1; 1352 net->ipv6.ip6_rt_gc_expire = rt_gc_timeout>>1;
@@ -2827,7 +2846,7 @@ int ipv6_sysctl_rtcache_flush(struct ctl_table *ctl, int write,
2827 net = (struct net *)ctl->extra1; 2846 net = (struct net *)ctl->extra1;
2828 delay = net->ipv6.sysctl.flush_delay; 2847 delay = net->ipv6.sysctl.flush_delay;
2829 proc_dointvec(ctl, write, buffer, lenp, ppos); 2848 proc_dointvec(ctl, write, buffer, lenp, ppos);
2830 fib6_run_gc(delay <= 0 ? ~0UL : (unsigned long)delay, net); 2849 fib6_run_gc(delay <= 0 ? 0 : (unsigned long)delay, net, delay > 0);
2831 return 0; 2850 return 0;
2832} 2851}
2833 2852
diff --git a/net/key/af_key.c b/net/key/af_key.c
index 9da862070dd8..ab8bd2cabfa0 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -2081,6 +2081,7 @@ static int pfkey_xfrm_policy2msg(struct sk_buff *skb, const struct xfrm_policy *
2081 pol->sadb_x_policy_type = IPSEC_POLICY_NONE; 2081 pol->sadb_x_policy_type = IPSEC_POLICY_NONE;
2082 } 2082 }
2083 pol->sadb_x_policy_dir = dir+1; 2083 pol->sadb_x_policy_dir = dir+1;
2084 pol->sadb_x_policy_reserved = 0;
2084 pol->sadb_x_policy_id = xp->index; 2085 pol->sadb_x_policy_id = xp->index;
2085 pol->sadb_x_policy_priority = xp->priority; 2086 pol->sadb_x_policy_priority = xp->priority;
2086 2087
@@ -3137,7 +3138,9 @@ static int pfkey_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *t, struct
3137 pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY; 3138 pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
3138 pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC; 3139 pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC;
3139 pol->sadb_x_policy_dir = XFRM_POLICY_OUT + 1; 3140 pol->sadb_x_policy_dir = XFRM_POLICY_OUT + 1;
3141 pol->sadb_x_policy_reserved = 0;
3140 pol->sadb_x_policy_id = xp->index; 3142 pol->sadb_x_policy_id = xp->index;
3143 pol->sadb_x_policy_priority = xp->priority;
3141 3144
3142 /* Set sadb_comb's. */ 3145 /* Set sadb_comb's. */
3143 if (x->id.proto == IPPROTO_AH) 3146 if (x->id.proto == IPPROTO_AH)
@@ -3525,6 +3528,7 @@ static int pfkey_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
3525 pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY; 3528 pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
3526 pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC; 3529 pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC;
3527 pol->sadb_x_policy_dir = dir + 1; 3530 pol->sadb_x_policy_dir = dir + 1;
3531 pol->sadb_x_policy_reserved = 0;
3528 pol->sadb_x_policy_id = 0; 3532 pol->sadb_x_policy_id = 0;
3529 pol->sadb_x_policy_priority = 0; 3533 pol->sadb_x_policy_priority = 0;
3530 3534
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index 8184d121ff09..43dd7525bfcb 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -666,6 +666,8 @@ static void ieee80211_get_et_stats(struct wiphy *wiphy,
666 if (sta->sdata->dev != dev) 666 if (sta->sdata->dev != dev)
667 continue; 667 continue;
668 668
669 sinfo.filled = 0;
670 sta_set_sinfo(sta, &sinfo);
669 i = 0; 671 i = 0;
670 ADD_STA_STATS(sta); 672 ADD_STA_STATS(sta);
671 } 673 }
diff --git a/net/mac80211/mesh_ps.c b/net/mac80211/mesh_ps.c
index 3b7bfc01ee36..22290a929b94 100644
--- a/net/mac80211/mesh_ps.c
+++ b/net/mac80211/mesh_ps.c
@@ -229,6 +229,10 @@ void ieee80211_mps_sta_status_update(struct sta_info *sta)
229 enum nl80211_mesh_power_mode pm; 229 enum nl80211_mesh_power_mode pm;
230 bool do_buffer; 230 bool do_buffer;
231 231
232 /* For non-assoc STA, prevent buffering or frame transmission */
233 if (sta->sta_state < IEEE80211_STA_ASSOC)
234 return;
235
232 /* 236 /*
233 * use peer-specific power mode if peering is established and the 237 * use peer-specific power mode if peering is established and the
234 * peer's power mode is known 238 * peer's power mode is known
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index ae31968d42d3..cc9e02d79b55 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -31,10 +31,12 @@
31#include "led.h" 31#include "led.h"
32 32
33#define IEEE80211_AUTH_TIMEOUT (HZ / 5) 33#define IEEE80211_AUTH_TIMEOUT (HZ / 5)
34#define IEEE80211_AUTH_TIMEOUT_LONG (HZ / 2)
34#define IEEE80211_AUTH_TIMEOUT_SHORT (HZ / 10) 35#define IEEE80211_AUTH_TIMEOUT_SHORT (HZ / 10)
35#define IEEE80211_AUTH_MAX_TRIES 3 36#define IEEE80211_AUTH_MAX_TRIES 3
36#define IEEE80211_AUTH_WAIT_ASSOC (HZ * 5) 37#define IEEE80211_AUTH_WAIT_ASSOC (HZ * 5)
37#define IEEE80211_ASSOC_TIMEOUT (HZ / 5) 38#define IEEE80211_ASSOC_TIMEOUT (HZ / 5)
39#define IEEE80211_ASSOC_TIMEOUT_LONG (HZ / 2)
38#define IEEE80211_ASSOC_TIMEOUT_SHORT (HZ / 10) 40#define IEEE80211_ASSOC_TIMEOUT_SHORT (HZ / 10)
39#define IEEE80211_ASSOC_MAX_TRIES 3 41#define IEEE80211_ASSOC_MAX_TRIES 3
40 42
@@ -209,8 +211,9 @@ ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata,
209 struct ieee80211_channel *channel, 211 struct ieee80211_channel *channel,
210 const struct ieee80211_ht_operation *ht_oper, 212 const struct ieee80211_ht_operation *ht_oper,
211 const struct ieee80211_vht_operation *vht_oper, 213 const struct ieee80211_vht_operation *vht_oper,
212 struct cfg80211_chan_def *chandef, bool verbose) 214 struct cfg80211_chan_def *chandef, bool tracking)
213{ 215{
216 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
214 struct cfg80211_chan_def vht_chandef; 217 struct cfg80211_chan_def vht_chandef;
215 u32 ht_cfreq, ret; 218 u32 ht_cfreq, ret;
216 219
@@ -229,7 +232,7 @@ ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata,
229 ht_cfreq = ieee80211_channel_to_frequency(ht_oper->primary_chan, 232 ht_cfreq = ieee80211_channel_to_frequency(ht_oper->primary_chan,
230 channel->band); 233 channel->band);
231 /* check that channel matches the right operating channel */ 234 /* check that channel matches the right operating channel */
232 if (channel->center_freq != ht_cfreq) { 235 if (!tracking && channel->center_freq != ht_cfreq) {
233 /* 236 /*
234 * It's possible that some APs are confused here; 237 * It's possible that some APs are confused here;
235 * Netgear WNDR3700 sometimes reports 4 higher than 238 * Netgear WNDR3700 sometimes reports 4 higher than
@@ -237,11 +240,10 @@ ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata,
237 * since we look at probe response/beacon data here 240 * since we look at probe response/beacon data here
238 * it should be OK. 241 * it should be OK.
239 */ 242 */
240 if (verbose) 243 sdata_info(sdata,
241 sdata_info(sdata, 244 "Wrong control channel: center-freq: %d ht-cfreq: %d ht->primary_chan: %d band: %d - Disabling HT\n",
242 "Wrong control channel: center-freq: %d ht-cfreq: %d ht->primary_chan: %d band: %d - Disabling HT\n", 245 channel->center_freq, ht_cfreq,
243 channel->center_freq, ht_cfreq, 246 ht_oper->primary_chan, channel->band);
244 ht_oper->primary_chan, channel->band);
245 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT; 247 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT;
246 goto out; 248 goto out;
247 } 249 }
@@ -295,7 +297,7 @@ ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata,
295 channel->band); 297 channel->band);
296 break; 298 break;
297 default: 299 default:
298 if (verbose) 300 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
299 sdata_info(sdata, 301 sdata_info(sdata,
300 "AP VHT operation IE has invalid channel width (%d), disable VHT\n", 302 "AP VHT operation IE has invalid channel width (%d), disable VHT\n",
301 vht_oper->chan_width); 303 vht_oper->chan_width);
@@ -304,7 +306,7 @@ ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata,
304 } 306 }
305 307
306 if (!cfg80211_chandef_valid(&vht_chandef)) { 308 if (!cfg80211_chandef_valid(&vht_chandef)) {
307 if (verbose) 309 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
308 sdata_info(sdata, 310 sdata_info(sdata,
309 "AP VHT information is invalid, disable VHT\n"); 311 "AP VHT information is invalid, disable VHT\n");
310 ret = IEEE80211_STA_DISABLE_VHT; 312 ret = IEEE80211_STA_DISABLE_VHT;
@@ -317,7 +319,7 @@ ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata,
317 } 319 }
318 320
319 if (!cfg80211_chandef_compatible(chandef, &vht_chandef)) { 321 if (!cfg80211_chandef_compatible(chandef, &vht_chandef)) {
320 if (verbose) 322 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
321 sdata_info(sdata, 323 sdata_info(sdata,
322 "AP VHT information doesn't match HT, disable VHT\n"); 324 "AP VHT information doesn't match HT, disable VHT\n");
323 ret = IEEE80211_STA_DISABLE_VHT; 325 ret = IEEE80211_STA_DISABLE_VHT;
@@ -333,18 +335,27 @@ out:
333 if (ret & IEEE80211_STA_DISABLE_VHT) 335 if (ret & IEEE80211_STA_DISABLE_VHT)
334 vht_chandef = *chandef; 336 vht_chandef = *chandef;
335 337
338 /*
339 * Ignore the DISABLED flag when we're already connected and only
340 * tracking the APs beacon for bandwidth changes - otherwise we
341 * might get disconnected here if we connect to an AP, update our
342 * regulatory information based on the AP's country IE and the
343 * information we have is wrong/outdated and disables the channel
344 * that we're actually using for the connection to the AP.
345 */
336 while (!cfg80211_chandef_usable(sdata->local->hw.wiphy, chandef, 346 while (!cfg80211_chandef_usable(sdata->local->hw.wiphy, chandef,
337 IEEE80211_CHAN_DISABLED)) { 347 tracking ? 0 :
348 IEEE80211_CHAN_DISABLED)) {
338 if (WARN_ON(chandef->width == NL80211_CHAN_WIDTH_20_NOHT)) { 349 if (WARN_ON(chandef->width == NL80211_CHAN_WIDTH_20_NOHT)) {
339 ret = IEEE80211_STA_DISABLE_HT | 350 ret = IEEE80211_STA_DISABLE_HT |
340 IEEE80211_STA_DISABLE_VHT; 351 IEEE80211_STA_DISABLE_VHT;
341 goto out; 352 break;
342 } 353 }
343 354
344 ret |= chandef_downgrade(chandef); 355 ret |= chandef_downgrade(chandef);
345 } 356 }
346 357
347 if (chandef->width != vht_chandef.width && verbose) 358 if (chandef->width != vht_chandef.width && !tracking)
348 sdata_info(sdata, 359 sdata_info(sdata,
349 "capabilities/regulatory prevented using AP HT/VHT configuration, downgraded\n"); 360 "capabilities/regulatory prevented using AP HT/VHT configuration, downgraded\n");
350 361
@@ -384,7 +395,7 @@ static int ieee80211_config_bw(struct ieee80211_sub_if_data *sdata,
384 395
385 /* calculate new channel (type) based on HT/VHT operation IEs */ 396 /* calculate new channel (type) based on HT/VHT operation IEs */
386 flags = ieee80211_determine_chantype(sdata, sband, chan, ht_oper, 397 flags = ieee80211_determine_chantype(sdata, sband, chan, ht_oper,
387 vht_oper, &chandef, false); 398 vht_oper, &chandef, true);
388 399
389 /* 400 /*
390 * Downgrade the new channel if we associated with restricted 401 * Downgrade the new channel if we associated with restricted
@@ -3394,10 +3405,13 @@ static int ieee80211_probe_auth(struct ieee80211_sub_if_data *sdata)
3394 3405
3395 if (tx_flags == 0) { 3406 if (tx_flags == 0) {
3396 auth_data->timeout = jiffies + IEEE80211_AUTH_TIMEOUT; 3407 auth_data->timeout = jiffies + IEEE80211_AUTH_TIMEOUT;
3397 ifmgd->auth_data->timeout_started = true; 3408 auth_data->timeout_started = true;
3398 run_again(sdata, auth_data->timeout); 3409 run_again(sdata, auth_data->timeout);
3399 } else { 3410 } else {
3400 auth_data->timeout_started = false; 3411 auth_data->timeout =
3412 round_jiffies_up(jiffies + IEEE80211_AUTH_TIMEOUT_LONG);
3413 auth_data->timeout_started = true;
3414 run_again(sdata, auth_data->timeout);
3401 } 3415 }
3402 3416
3403 return 0; 3417 return 0;
@@ -3434,7 +3448,11 @@ static int ieee80211_do_assoc(struct ieee80211_sub_if_data *sdata)
3434 assoc_data->timeout_started = true; 3448 assoc_data->timeout_started = true;
3435 run_again(sdata, assoc_data->timeout); 3449 run_again(sdata, assoc_data->timeout);
3436 } else { 3450 } else {
3437 assoc_data->timeout_started = false; 3451 assoc_data->timeout =
3452 round_jiffies_up(jiffies +
3453 IEEE80211_ASSOC_TIMEOUT_LONG);
3454 assoc_data->timeout_started = true;
3455 run_again(sdata, assoc_data->timeout);
3438 } 3456 }
3439 3457
3440 return 0; 3458 return 0;
@@ -3829,7 +3847,7 @@ static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata,
3829 ifmgd->flags |= ieee80211_determine_chantype(sdata, sband, 3847 ifmgd->flags |= ieee80211_determine_chantype(sdata, sband,
3830 cbss->channel, 3848 cbss->channel,
3831 ht_oper, vht_oper, 3849 ht_oper, vht_oper,
3832 &chandef, true); 3850 &chandef, false);
3833 3851
3834 sdata->needed_rx_chains = min(ieee80211_ht_vht_rx_chains(sdata, cbss), 3852 sdata->needed_rx_chains = min(ieee80211_ht_vht_rx_chains(sdata, cbss),
3835 local->rx_chains); 3853 local->rx_chains);
diff --git a/net/mac80211/pm.c b/net/mac80211/pm.c
index 7fc5d0d8149a..340126204343 100644
--- a/net/mac80211/pm.c
+++ b/net/mac80211/pm.c
@@ -99,10 +99,13 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan)
99 } 99 }
100 mutex_unlock(&local->sta_mtx); 100 mutex_unlock(&local->sta_mtx);
101 101
102 /* remove all interfaces */ 102 /* remove all interfaces that were created in the driver */
103 list_for_each_entry(sdata, &local->interfaces, list) { 103 list_for_each_entry(sdata, &local->interfaces, list) {
104 if (!ieee80211_sdata_running(sdata)) 104 if (!ieee80211_sdata_running(sdata) ||
105 sdata->vif.type == NL80211_IFTYPE_AP_VLAN ||
106 sdata->vif.type == NL80211_IFTYPE_MONITOR)
105 continue; 107 continue;
108
106 drv_remove_interface(local, sdata); 109 drv_remove_interface(local, sdata);
107 } 110 }
108 111
diff --git a/net/mac80211/rc80211_minstrel.c b/net/mac80211/rc80211_minstrel.c
index ac7ef5414bde..e6512e2ffd20 100644
--- a/net/mac80211/rc80211_minstrel.c
+++ b/net/mac80211/rc80211_minstrel.c
@@ -290,7 +290,7 @@ minstrel_get_rate(void *priv, struct ieee80211_sta *sta,
290 struct minstrel_rate *msr, *mr; 290 struct minstrel_rate *msr, *mr;
291 unsigned int ndx; 291 unsigned int ndx;
292 bool mrr_capable; 292 bool mrr_capable;
293 bool prev_sample = mi->prev_sample; 293 bool prev_sample;
294 int delta; 294 int delta;
295 int sampling_ratio; 295 int sampling_ratio;
296 296
@@ -314,6 +314,7 @@ minstrel_get_rate(void *priv, struct ieee80211_sta *sta,
314 (mi->sample_count + mi->sample_deferred / 2); 314 (mi->sample_count + mi->sample_deferred / 2);
315 315
316 /* delta < 0: no sampling required */ 316 /* delta < 0: no sampling required */
317 prev_sample = mi->prev_sample;
317 mi->prev_sample = false; 318 mi->prev_sample = false;
318 if (delta < 0 || (!mrr_capable && prev_sample)) 319 if (delta < 0 || (!mrr_capable && prev_sample))
319 return; 320 return;
diff --git a/net/mac80211/rc80211_minstrel_ht.c b/net/mac80211/rc80211_minstrel_ht.c
index 5b2d3012b983..f5aed963b22e 100644
--- a/net/mac80211/rc80211_minstrel_ht.c
+++ b/net/mac80211/rc80211_minstrel_ht.c
@@ -804,10 +804,18 @@ minstrel_ht_get_rate(void *priv, struct ieee80211_sta *sta, void *priv_sta,
804 804
805 sample_group = &minstrel_mcs_groups[sample_idx / MCS_GROUP_RATES]; 805 sample_group = &minstrel_mcs_groups[sample_idx / MCS_GROUP_RATES];
806 info->flags |= IEEE80211_TX_CTL_RATE_CTRL_PROBE; 806 info->flags |= IEEE80211_TX_CTL_RATE_CTRL_PROBE;
807 rate->count = 1;
808
809 if (sample_idx / MCS_GROUP_RATES == MINSTREL_CCK_GROUP) {
810 int idx = sample_idx % ARRAY_SIZE(mp->cck_rates);
811 rate->idx = mp->cck_rates[idx];
812 rate->flags = 0;
813 return;
814 }
815
807 rate->idx = sample_idx % MCS_GROUP_RATES + 816 rate->idx = sample_idx % MCS_GROUP_RATES +
808 (sample_group->streams - 1) * MCS_GROUP_RATES; 817 (sample_group->streams - 1) * MCS_GROUP_RATES;
809 rate->flags = IEEE80211_TX_RC_MCS | sample_group->flags; 818 rate->flags = IEEE80211_TX_RC_MCS | sample_group->flags;
810 rate->count = 1;
811} 819}
812 820
813static void 821static void
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 23dbcfc69b3b..2c5a79bd3777 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -936,8 +936,14 @@ ieee80211_rx_h_check(struct ieee80211_rx_data *rx)
936 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data; 936 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
937 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb); 937 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb);
938 938
939 /* Drop duplicate 802.11 retransmissions (IEEE 802.11 Chap. 9.2.9) */ 939 /*
940 if (rx->sta && !is_multicast_ether_addr(hdr->addr1)) { 940 * Drop duplicate 802.11 retransmissions
941 * (IEEE 802.11-2012: 9.3.2.10 "Duplicate detection and recovery")
942 */
943 if (rx->skb->len >= 24 && rx->sta &&
944 !ieee80211_is_ctl(hdr->frame_control) &&
945 !ieee80211_is_qos_nullfunc(hdr->frame_control) &&
946 !is_multicast_ether_addr(hdr->addr1)) {
941 if (unlikely(ieee80211_has_retry(hdr->frame_control) && 947 if (unlikely(ieee80211_has_retry(hdr->frame_control) &&
942 rx->sta->last_seq_ctrl[rx->seqno_idx] == 948 rx->sta->last_seq_ctrl[rx->seqno_idx] ==
943 hdr->seq_ctrl)) { 949 hdr->seq_ctrl)) {
diff --git a/net/netfilter/nf_conntrack_expect.c b/net/netfilter/nf_conntrack_expect.c
index c63b618cd619..4fd1ca94fd4a 100644
--- a/net/netfilter/nf_conntrack_expect.c
+++ b/net/netfilter/nf_conntrack_expect.c
@@ -293,6 +293,11 @@ void nf_ct_expect_init(struct nf_conntrack_expect *exp, unsigned int class,
293 sizeof(exp->tuple.dst.u3) - len); 293 sizeof(exp->tuple.dst.u3) - len);
294 294
295 exp->tuple.dst.u.all = *dst; 295 exp->tuple.dst.u.all = *dst;
296
297#ifdef CONFIG_NF_NAT_NEEDED
298 memset(&exp->saved_addr, 0, sizeof(exp->saved_addr));
299 memset(&exp->saved_proto, 0, sizeof(exp->saved_proto));
300#endif
296} 301}
297EXPORT_SYMBOL_GPL(nf_ct_expect_init); 302EXPORT_SYMBOL_GPL(nf_ct_expect_init);
298 303
diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c
index 7dcc376eea5f..2f8010707d01 100644
--- a/net/netfilter/nf_conntrack_proto_tcp.c
+++ b/net/netfilter/nf_conntrack_proto_tcp.c
@@ -526,7 +526,7 @@ static bool tcp_in_window(const struct nf_conn *ct,
526 const struct nf_conntrack_tuple *tuple = &ct->tuplehash[dir].tuple; 526 const struct nf_conntrack_tuple *tuple = &ct->tuplehash[dir].tuple;
527 __u32 seq, ack, sack, end, win, swin; 527 __u32 seq, ack, sack, end, win, swin;
528 s16 receiver_offset; 528 s16 receiver_offset;
529 bool res; 529 bool res, in_recv_win;
530 530
531 /* 531 /*
532 * Get the required data from the packet. 532 * Get the required data from the packet.
@@ -649,14 +649,18 @@ static bool tcp_in_window(const struct nf_conn *ct,
649 receiver->td_end, receiver->td_maxend, receiver->td_maxwin, 649 receiver->td_end, receiver->td_maxend, receiver->td_maxwin,
650 receiver->td_scale); 650 receiver->td_scale);
651 651
652 /* Is the ending sequence in the receive window (if available)? */
653 in_recv_win = !receiver->td_maxwin ||
654 after(end, sender->td_end - receiver->td_maxwin - 1);
655
652 pr_debug("tcp_in_window: I=%i II=%i III=%i IV=%i\n", 656 pr_debug("tcp_in_window: I=%i II=%i III=%i IV=%i\n",
653 before(seq, sender->td_maxend + 1), 657 before(seq, sender->td_maxend + 1),
654 after(end, sender->td_end - receiver->td_maxwin - 1), 658 (in_recv_win ? 1 : 0),
655 before(sack, receiver->td_end + 1), 659 before(sack, receiver->td_end + 1),
656 after(sack, receiver->td_end - MAXACKWINDOW(sender) - 1)); 660 after(sack, receiver->td_end - MAXACKWINDOW(sender) - 1));
657 661
658 if (before(seq, sender->td_maxend + 1) && 662 if (before(seq, sender->td_maxend + 1) &&
659 after(end, sender->td_end - receiver->td_maxwin - 1) && 663 in_recv_win &&
660 before(sack, receiver->td_end + 1) && 664 before(sack, receiver->td_end + 1) &&
661 after(sack, receiver->td_end - MAXACKWINDOW(sender) - 1)) { 665 after(sack, receiver->td_end - MAXACKWINDOW(sender) - 1)) {
662 /* 666 /*
@@ -725,7 +729,7 @@ static bool tcp_in_window(const struct nf_conn *ct,
725 nf_log_packet(net, pf, 0, skb, NULL, NULL, NULL, 729 nf_log_packet(net, pf, 0, skb, NULL, NULL, NULL,
726 "nf_ct_tcp: %s ", 730 "nf_ct_tcp: %s ",
727 before(seq, sender->td_maxend + 1) ? 731 before(seq, sender->td_maxend + 1) ?
728 after(end, sender->td_end - receiver->td_maxwin - 1) ? 732 in_recv_win ?
729 before(sack, receiver->td_end + 1) ? 733 before(sack, receiver->td_end + 1) ?
730 after(sack, receiver->td_end - MAXACKWINDOW(sender) - 1) ? "BUG" 734 after(sack, receiver->td_end - MAXACKWINDOW(sender) - 1) ? "BUG"
731 : "ACK is under the lower bound (possible overly delayed ACK)" 735 : "ACK is under the lower bound (possible overly delayed ACK)"
diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c
index 962e9792e317..d92cc317bf8b 100644
--- a/net/netfilter/nfnetlink_log.c
+++ b/net/netfilter/nfnetlink_log.c
@@ -419,6 +419,7 @@ __build_packet_message(struct nfnl_log_net *log,
419 nfmsg->version = NFNETLINK_V0; 419 nfmsg->version = NFNETLINK_V0;
420 nfmsg->res_id = htons(inst->group_num); 420 nfmsg->res_id = htons(inst->group_num);
421 421
422 memset(&pmsg, 0, sizeof(pmsg));
422 pmsg.hw_protocol = skb->protocol; 423 pmsg.hw_protocol = skb->protocol;
423 pmsg.hook = hooknum; 424 pmsg.hook = hooknum;
424 425
@@ -498,7 +499,10 @@ __build_packet_message(struct nfnl_log_net *log,
498 if (indev && skb->dev && 499 if (indev && skb->dev &&
499 skb->mac_header != skb->network_header) { 500 skb->mac_header != skb->network_header) {
500 struct nfulnl_msg_packet_hw phw; 501 struct nfulnl_msg_packet_hw phw;
501 int len = dev_parse_header(skb, phw.hw_addr); 502 int len;
503
504 memset(&phw, 0, sizeof(phw));
505 len = dev_parse_header(skb, phw.hw_addr);
502 if (len > 0) { 506 if (len > 0) {
503 phw.hw_addrlen = htons(len); 507 phw.hw_addrlen = htons(len);
504 if (nla_put(inst->skb, NFULA_HWADDR, sizeof(phw), &phw)) 508 if (nla_put(inst->skb, NFULA_HWADDR, sizeof(phw), &phw))
diff --git a/net/netfilter/nfnetlink_queue_core.c b/net/netfilter/nfnetlink_queue_core.c
index 971ea145ab3e..8a703c3dd318 100644
--- a/net/netfilter/nfnetlink_queue_core.c
+++ b/net/netfilter/nfnetlink_queue_core.c
@@ -463,7 +463,10 @@ nfqnl_build_packet_message(struct nfqnl_instance *queue,
463 if (indev && entskb->dev && 463 if (indev && entskb->dev &&
464 entskb->mac_header != entskb->network_header) { 464 entskb->mac_header != entskb->network_header) {
465 struct nfqnl_msg_packet_hw phw; 465 struct nfqnl_msg_packet_hw phw;
466 int len = dev_parse_header(entskb, phw.hw_addr); 466 int len;
467
468 memset(&phw, 0, sizeof(phw));
469 len = dev_parse_header(entskb, phw.hw_addr);
467 if (len) { 470 if (len) {
468 phw.hw_addrlen = htons(len); 471 phw.hw_addrlen = htons(len);
469 if (nla_put(skb, NFQA_HWADDR, sizeof(phw), &phw)) 472 if (nla_put(skb, NFQA_HWADDR, sizeof(phw), &phw))
diff --git a/net/netfilter/xt_TCPMSS.c b/net/netfilter/xt_TCPMSS.c
index 7011c71646f0..6113cc7efffc 100644
--- a/net/netfilter/xt_TCPMSS.c
+++ b/net/netfilter/xt_TCPMSS.c
@@ -52,7 +52,8 @@ tcpmss_mangle_packet(struct sk_buff *skb,
52{ 52{
53 const struct xt_tcpmss_info *info = par->targinfo; 53 const struct xt_tcpmss_info *info = par->targinfo;
54 struct tcphdr *tcph; 54 struct tcphdr *tcph;
55 unsigned int tcplen, i; 55 int len, tcp_hdrlen;
56 unsigned int i;
56 __be16 oldval; 57 __be16 oldval;
57 u16 newmss; 58 u16 newmss;
58 u8 *opt; 59 u8 *opt;
@@ -64,11 +65,14 @@ tcpmss_mangle_packet(struct sk_buff *skb,
64 if (!skb_make_writable(skb, skb->len)) 65 if (!skb_make_writable(skb, skb->len))
65 return -1; 66 return -1;
66 67
67 tcplen = skb->len - tcphoff; 68 len = skb->len - tcphoff;
69 if (len < (int)sizeof(struct tcphdr))
70 return -1;
71
68 tcph = (struct tcphdr *)(skb_network_header(skb) + tcphoff); 72 tcph = (struct tcphdr *)(skb_network_header(skb) + tcphoff);
73 tcp_hdrlen = tcph->doff * 4;
69 74
70 /* Header cannot be larger than the packet */ 75 if (len < tcp_hdrlen)
71 if (tcplen < tcph->doff*4)
72 return -1; 76 return -1;
73 77
74 if (info->mss == XT_TCPMSS_CLAMP_PMTU) { 78 if (info->mss == XT_TCPMSS_CLAMP_PMTU) {
@@ -87,9 +91,8 @@ tcpmss_mangle_packet(struct sk_buff *skb,
87 newmss = info->mss; 91 newmss = info->mss;
88 92
89 opt = (u_int8_t *)tcph; 93 opt = (u_int8_t *)tcph;
90 for (i = sizeof(struct tcphdr); i < tcph->doff*4; i += optlen(opt, i)) { 94 for (i = sizeof(struct tcphdr); i <= tcp_hdrlen - TCPOLEN_MSS; i += optlen(opt, i)) {
91 if (opt[i] == TCPOPT_MSS && tcph->doff*4 - i >= TCPOLEN_MSS && 95 if (opt[i] == TCPOPT_MSS && opt[i+1] == TCPOLEN_MSS) {
92 opt[i+1] == TCPOLEN_MSS) {
93 u_int16_t oldmss; 96 u_int16_t oldmss;
94 97
95 oldmss = (opt[i+2] << 8) | opt[i+3]; 98 oldmss = (opt[i+2] << 8) | opt[i+3];
@@ -112,9 +115,10 @@ tcpmss_mangle_packet(struct sk_buff *skb,
112 } 115 }
113 116
114 /* There is data after the header so the option can't be added 117 /* There is data after the header so the option can't be added
115 without moving it, and doing so may make the SYN packet 118 * without moving it, and doing so may make the SYN packet
116 itself too large. Accept the packet unmodified instead. */ 119 * itself too large. Accept the packet unmodified instead.
117 if (tcplen > tcph->doff*4) 120 */
121 if (len > tcp_hdrlen)
118 return 0; 122 return 0;
119 123
120 /* 124 /*
@@ -143,10 +147,10 @@ tcpmss_mangle_packet(struct sk_buff *skb,
143 newmss = min(newmss, (u16)1220); 147 newmss = min(newmss, (u16)1220);
144 148
145 opt = (u_int8_t *)tcph + sizeof(struct tcphdr); 149 opt = (u_int8_t *)tcph + sizeof(struct tcphdr);
146 memmove(opt + TCPOLEN_MSS, opt, tcplen - sizeof(struct tcphdr)); 150 memmove(opt + TCPOLEN_MSS, opt, len - sizeof(struct tcphdr));
147 151
148 inet_proto_csum_replace2(&tcph->check, skb, 152 inet_proto_csum_replace2(&tcph->check, skb,
149 htons(tcplen), htons(tcplen + TCPOLEN_MSS), 1); 153 htons(len), htons(len + TCPOLEN_MSS), 1);
150 opt[0] = TCPOPT_MSS; 154 opt[0] = TCPOPT_MSS;
151 opt[1] = TCPOLEN_MSS; 155 opt[1] = TCPOLEN_MSS;
152 opt[2] = (newmss & 0xff00) >> 8; 156 opt[2] = (newmss & 0xff00) >> 8;
diff --git a/net/netfilter/xt_TCPOPTSTRIP.c b/net/netfilter/xt_TCPOPTSTRIP.c
index b68fa191710f..625fa1d636a0 100644
--- a/net/netfilter/xt_TCPOPTSTRIP.c
+++ b/net/netfilter/xt_TCPOPTSTRIP.c
@@ -38,7 +38,7 @@ tcpoptstrip_mangle_packet(struct sk_buff *skb,
38 struct tcphdr *tcph; 38 struct tcphdr *tcph;
39 u_int16_t n, o; 39 u_int16_t n, o;
40 u_int8_t *opt; 40 u_int8_t *opt;
41 int len; 41 int len, tcp_hdrlen;
42 42
43 /* This is a fragment, no TCP header is available */ 43 /* This is a fragment, no TCP header is available */
44 if (par->fragoff != 0) 44 if (par->fragoff != 0)
@@ -52,7 +52,9 @@ tcpoptstrip_mangle_packet(struct sk_buff *skb,
52 return NF_DROP; 52 return NF_DROP;
53 53
54 tcph = (struct tcphdr *)(skb_network_header(skb) + tcphoff); 54 tcph = (struct tcphdr *)(skb_network_header(skb) + tcphoff);
55 if (tcph->doff * 4 > len) 55 tcp_hdrlen = tcph->doff * 4;
56
57 if (len < tcp_hdrlen)
56 return NF_DROP; 58 return NF_DROP;
57 59
58 opt = (u_int8_t *)tcph; 60 opt = (u_int8_t *)tcph;
@@ -61,10 +63,10 @@ tcpoptstrip_mangle_packet(struct sk_buff *skb,
61 * Walk through all TCP options - if we find some option to remove, 63 * Walk through all TCP options - if we find some option to remove,
62 * set all octets to %TCPOPT_NOP and adjust checksum. 64 * set all octets to %TCPOPT_NOP and adjust checksum.
63 */ 65 */
64 for (i = sizeof(struct tcphdr); i < tcp_hdrlen(skb); i += optl) { 66 for (i = sizeof(struct tcphdr); i < tcp_hdrlen - 1; i += optl) {
65 optl = optlen(opt, i); 67 optl = optlen(opt, i);
66 68
67 if (i + optl > tcp_hdrlen(skb)) 69 if (i + optl > tcp_hdrlen)
68 break; 70 break;
69 71
70 if (!tcpoptstrip_test_bit(info->strip_bmap, opt[i])) 72 if (!tcpoptstrip_test_bit(info->strip_bmap, opt[i]))
diff --git a/net/netfilter/xt_socket.c b/net/netfilter/xt_socket.c
index f8b71911037a..20b15916f403 100644
--- a/net/netfilter/xt_socket.c
+++ b/net/netfilter/xt_socket.c
@@ -172,7 +172,7 @@ socket_match(const struct sk_buff *skb, struct xt_action_param *par,
172 172
173 /* Ignore non-transparent sockets, 173 /* Ignore non-transparent sockets,
174 if XT_SOCKET_TRANSPARENT is used */ 174 if XT_SOCKET_TRANSPARENT is used */
175 if (info && info->flags & XT_SOCKET_TRANSPARENT) 175 if (info->flags & XT_SOCKET_TRANSPARENT)
176 transparent = ((sk->sk_state != TCP_TIME_WAIT && 176 transparent = ((sk->sk_state != TCP_TIME_WAIT &&
177 inet_sk(sk)->transparent) || 177 inet_sk(sk)->transparent) ||
178 (sk->sk_state == TCP_TIME_WAIT && 178 (sk->sk_state == TCP_TIME_WAIT &&
@@ -196,7 +196,11 @@ socket_match(const struct sk_buff *skb, struct xt_action_param *par,
196static bool 196static bool
197socket_mt4_v0(const struct sk_buff *skb, struct xt_action_param *par) 197socket_mt4_v0(const struct sk_buff *skb, struct xt_action_param *par)
198{ 198{
199 return socket_match(skb, par, NULL); 199 static struct xt_socket_mtinfo1 xt_info_v0 = {
200 .flags = 0,
201 };
202
203 return socket_match(skb, par, &xt_info_v0);
200} 204}
201 205
202static bool 206static bool
@@ -314,7 +318,7 @@ socket_mt6_v1_v2(const struct sk_buff *skb, struct xt_action_param *par)
314 318
315 /* Ignore non-transparent sockets, 319 /* Ignore non-transparent sockets,
316 if XT_SOCKET_TRANSPARENT is used */ 320 if XT_SOCKET_TRANSPARENT is used */
317 if (info && info->flags & XT_SOCKET_TRANSPARENT) 321 if (info->flags & XT_SOCKET_TRANSPARENT)
318 transparent = ((sk->sk_state != TCP_TIME_WAIT && 322 transparent = ((sk->sk_state != TCP_TIME_WAIT &&
319 inet_sk(sk)->transparent) || 323 inet_sk(sk)->transparent) ||
320 (sk->sk_state == TCP_TIME_WAIT && 324 (sk->sk_state == TCP_TIME_WAIT &&
diff --git a/net/netlabel/netlabel_cipso_v4.c b/net/netlabel/netlabel_cipso_v4.c
index c15042f987bd..a1100640495d 100644
--- a/net/netlabel/netlabel_cipso_v4.c
+++ b/net/netlabel/netlabel_cipso_v4.c
@@ -691,8 +691,8 @@ static int netlbl_cipsov4_remove_cb(struct netlbl_dom_map *entry, void *arg)
691{ 691{
692 struct netlbl_domhsh_walk_arg *cb_arg = arg; 692 struct netlbl_domhsh_walk_arg *cb_arg = arg;
693 693
694 if (entry->type == NETLBL_NLTYPE_CIPSOV4 && 694 if (entry->def.type == NETLBL_NLTYPE_CIPSOV4 &&
695 entry->type_def.cipsov4->doi == cb_arg->doi) 695 entry->def.cipso->doi == cb_arg->doi)
696 return netlbl_domhsh_remove_entry(entry, cb_arg->audit_info); 696 return netlbl_domhsh_remove_entry(entry, cb_arg->audit_info);
697 697
698 return 0; 698 return 0;
diff --git a/net/netlabel/netlabel_domainhash.c b/net/netlabel/netlabel_domainhash.c
index 6bb1d42f0fac..85d842e6e431 100644
--- a/net/netlabel/netlabel_domainhash.c
+++ b/net/netlabel/netlabel_domainhash.c
@@ -84,15 +84,15 @@ static void netlbl_domhsh_free_entry(struct rcu_head *entry)
84#endif /* IPv6 */ 84#endif /* IPv6 */
85 85
86 ptr = container_of(entry, struct netlbl_dom_map, rcu); 86 ptr = container_of(entry, struct netlbl_dom_map, rcu);
87 if (ptr->type == NETLBL_NLTYPE_ADDRSELECT) { 87 if (ptr->def.type == NETLBL_NLTYPE_ADDRSELECT) {
88 netlbl_af4list_foreach_safe(iter4, tmp4, 88 netlbl_af4list_foreach_safe(iter4, tmp4,
89 &ptr->type_def.addrsel->list4) { 89 &ptr->def.addrsel->list4) {
90 netlbl_af4list_remove_entry(iter4); 90 netlbl_af4list_remove_entry(iter4);
91 kfree(netlbl_domhsh_addr4_entry(iter4)); 91 kfree(netlbl_domhsh_addr4_entry(iter4));
92 } 92 }
93#if IS_ENABLED(CONFIG_IPV6) 93#if IS_ENABLED(CONFIG_IPV6)
94 netlbl_af6list_foreach_safe(iter6, tmp6, 94 netlbl_af6list_foreach_safe(iter6, tmp6,
95 &ptr->type_def.addrsel->list6) { 95 &ptr->def.addrsel->list6) {
96 netlbl_af6list_remove_entry(iter6); 96 netlbl_af6list_remove_entry(iter6);
97 kfree(netlbl_domhsh_addr6_entry(iter6)); 97 kfree(netlbl_domhsh_addr6_entry(iter6));
98 } 98 }
@@ -213,21 +213,21 @@ static void netlbl_domhsh_audit_add(struct netlbl_dom_map *entry,
213 if (addr4 != NULL) { 213 if (addr4 != NULL) {
214 struct netlbl_domaddr4_map *map4; 214 struct netlbl_domaddr4_map *map4;
215 map4 = netlbl_domhsh_addr4_entry(addr4); 215 map4 = netlbl_domhsh_addr4_entry(addr4);
216 type = map4->type; 216 type = map4->def.type;
217 cipsov4 = map4->type_def.cipsov4; 217 cipsov4 = map4->def.cipso;
218 netlbl_af4list_audit_addr(audit_buf, 0, NULL, 218 netlbl_af4list_audit_addr(audit_buf, 0, NULL,
219 addr4->addr, addr4->mask); 219 addr4->addr, addr4->mask);
220#if IS_ENABLED(CONFIG_IPV6) 220#if IS_ENABLED(CONFIG_IPV6)
221 } else if (addr6 != NULL) { 221 } else if (addr6 != NULL) {
222 struct netlbl_domaddr6_map *map6; 222 struct netlbl_domaddr6_map *map6;
223 map6 = netlbl_domhsh_addr6_entry(addr6); 223 map6 = netlbl_domhsh_addr6_entry(addr6);
224 type = map6->type; 224 type = map6->def.type;
225 netlbl_af6list_audit_addr(audit_buf, 0, NULL, 225 netlbl_af6list_audit_addr(audit_buf, 0, NULL,
226 &addr6->addr, &addr6->mask); 226 &addr6->addr, &addr6->mask);
227#endif /* IPv6 */ 227#endif /* IPv6 */
228 } else { 228 } else {
229 type = entry->type; 229 type = entry->def.type;
230 cipsov4 = entry->type_def.cipsov4; 230 cipsov4 = entry->def.cipso;
231 } 231 }
232 switch (type) { 232 switch (type) {
233 case NETLBL_NLTYPE_UNLABELED: 233 case NETLBL_NLTYPE_UNLABELED:
@@ -265,26 +265,25 @@ static int netlbl_domhsh_validate(const struct netlbl_dom_map *entry)
265 if (entry == NULL) 265 if (entry == NULL)
266 return -EINVAL; 266 return -EINVAL;
267 267
268 switch (entry->type) { 268 switch (entry->def.type) {
269 case NETLBL_NLTYPE_UNLABELED: 269 case NETLBL_NLTYPE_UNLABELED:
270 if (entry->type_def.cipsov4 != NULL || 270 if (entry->def.cipso != NULL || entry->def.addrsel != NULL)
271 entry->type_def.addrsel != NULL)
272 return -EINVAL; 271 return -EINVAL;
273 break; 272 break;
274 case NETLBL_NLTYPE_CIPSOV4: 273 case NETLBL_NLTYPE_CIPSOV4:
275 if (entry->type_def.cipsov4 == NULL) 274 if (entry->def.cipso == NULL)
276 return -EINVAL; 275 return -EINVAL;
277 break; 276 break;
278 case NETLBL_NLTYPE_ADDRSELECT: 277 case NETLBL_NLTYPE_ADDRSELECT:
279 netlbl_af4list_foreach(iter4, &entry->type_def.addrsel->list4) { 278 netlbl_af4list_foreach(iter4, &entry->def.addrsel->list4) {
280 map4 = netlbl_domhsh_addr4_entry(iter4); 279 map4 = netlbl_domhsh_addr4_entry(iter4);
281 switch (map4->type) { 280 switch (map4->def.type) {
282 case NETLBL_NLTYPE_UNLABELED: 281 case NETLBL_NLTYPE_UNLABELED:
283 if (map4->type_def.cipsov4 != NULL) 282 if (map4->def.cipso != NULL)
284 return -EINVAL; 283 return -EINVAL;
285 break; 284 break;
286 case NETLBL_NLTYPE_CIPSOV4: 285 case NETLBL_NLTYPE_CIPSOV4:
287 if (map4->type_def.cipsov4 == NULL) 286 if (map4->def.cipso == NULL)
288 return -EINVAL; 287 return -EINVAL;
289 break; 288 break;
290 default: 289 default:
@@ -292,9 +291,9 @@ static int netlbl_domhsh_validate(const struct netlbl_dom_map *entry)
292 } 291 }
293 } 292 }
294#if IS_ENABLED(CONFIG_IPV6) 293#if IS_ENABLED(CONFIG_IPV6)
295 netlbl_af6list_foreach(iter6, &entry->type_def.addrsel->list6) { 294 netlbl_af6list_foreach(iter6, &entry->def.addrsel->list6) {
296 map6 = netlbl_domhsh_addr6_entry(iter6); 295 map6 = netlbl_domhsh_addr6_entry(iter6);
297 switch (map6->type) { 296 switch (map6->def.type) {
298 case NETLBL_NLTYPE_UNLABELED: 297 case NETLBL_NLTYPE_UNLABELED:
299 break; 298 break;
300 default: 299 default:
@@ -402,32 +401,31 @@ int netlbl_domhsh_add(struct netlbl_dom_map *entry,
402 rcu_assign_pointer(netlbl_domhsh_def, entry); 401 rcu_assign_pointer(netlbl_domhsh_def, entry);
403 } 402 }
404 403
405 if (entry->type == NETLBL_NLTYPE_ADDRSELECT) { 404 if (entry->def.type == NETLBL_NLTYPE_ADDRSELECT) {
406 netlbl_af4list_foreach_rcu(iter4, 405 netlbl_af4list_foreach_rcu(iter4,
407 &entry->type_def.addrsel->list4) 406 &entry->def.addrsel->list4)
408 netlbl_domhsh_audit_add(entry, iter4, NULL, 407 netlbl_domhsh_audit_add(entry, iter4, NULL,
409 ret_val, audit_info); 408 ret_val, audit_info);
410#if IS_ENABLED(CONFIG_IPV6) 409#if IS_ENABLED(CONFIG_IPV6)
411 netlbl_af6list_foreach_rcu(iter6, 410 netlbl_af6list_foreach_rcu(iter6,
412 &entry->type_def.addrsel->list6) 411 &entry->def.addrsel->list6)
413 netlbl_domhsh_audit_add(entry, NULL, iter6, 412 netlbl_domhsh_audit_add(entry, NULL, iter6,
414 ret_val, audit_info); 413 ret_val, audit_info);
415#endif /* IPv6 */ 414#endif /* IPv6 */
416 } else 415 } else
417 netlbl_domhsh_audit_add(entry, NULL, NULL, 416 netlbl_domhsh_audit_add(entry, NULL, NULL,
418 ret_val, audit_info); 417 ret_val, audit_info);
419 } else if (entry_old->type == NETLBL_NLTYPE_ADDRSELECT && 418 } else if (entry_old->def.type == NETLBL_NLTYPE_ADDRSELECT &&
420 entry->type == NETLBL_NLTYPE_ADDRSELECT) { 419 entry->def.type == NETLBL_NLTYPE_ADDRSELECT) {
421 struct list_head *old_list4; 420 struct list_head *old_list4;
422 struct list_head *old_list6; 421 struct list_head *old_list6;
423 422
424 old_list4 = &entry_old->type_def.addrsel->list4; 423 old_list4 = &entry_old->def.addrsel->list4;
425 old_list6 = &entry_old->type_def.addrsel->list6; 424 old_list6 = &entry_old->def.addrsel->list6;
426 425
427 /* we only allow the addition of address selectors if all of 426 /* we only allow the addition of address selectors if all of
428 * the selectors do not exist in the existing domain map */ 427 * the selectors do not exist in the existing domain map */
429 netlbl_af4list_foreach_rcu(iter4, 428 netlbl_af4list_foreach_rcu(iter4, &entry->def.addrsel->list4)
430 &entry->type_def.addrsel->list4)
431 if (netlbl_af4list_search_exact(iter4->addr, 429 if (netlbl_af4list_search_exact(iter4->addr,
432 iter4->mask, 430 iter4->mask,
433 old_list4)) { 431 old_list4)) {
@@ -435,8 +433,7 @@ int netlbl_domhsh_add(struct netlbl_dom_map *entry,
435 goto add_return; 433 goto add_return;
436 } 434 }
437#if IS_ENABLED(CONFIG_IPV6) 435#if IS_ENABLED(CONFIG_IPV6)
438 netlbl_af6list_foreach_rcu(iter6, 436 netlbl_af6list_foreach_rcu(iter6, &entry->def.addrsel->list6)
439 &entry->type_def.addrsel->list6)
440 if (netlbl_af6list_search_exact(&iter6->addr, 437 if (netlbl_af6list_search_exact(&iter6->addr,
441 &iter6->mask, 438 &iter6->mask,
442 old_list6)) { 439 old_list6)) {
@@ -446,7 +443,7 @@ int netlbl_domhsh_add(struct netlbl_dom_map *entry,
446#endif /* IPv6 */ 443#endif /* IPv6 */
447 444
448 netlbl_af4list_foreach_safe(iter4, tmp4, 445 netlbl_af4list_foreach_safe(iter4, tmp4,
449 &entry->type_def.addrsel->list4) { 446 &entry->def.addrsel->list4) {
450 netlbl_af4list_remove_entry(iter4); 447 netlbl_af4list_remove_entry(iter4);
451 iter4->valid = 1; 448 iter4->valid = 1;
452 ret_val = netlbl_af4list_add(iter4, old_list4); 449 ret_val = netlbl_af4list_add(iter4, old_list4);
@@ -457,7 +454,7 @@ int netlbl_domhsh_add(struct netlbl_dom_map *entry,
457 } 454 }
458#if IS_ENABLED(CONFIG_IPV6) 455#if IS_ENABLED(CONFIG_IPV6)
459 netlbl_af6list_foreach_safe(iter6, tmp6, 456 netlbl_af6list_foreach_safe(iter6, tmp6,
460 &entry->type_def.addrsel->list6) { 457 &entry->def.addrsel->list6) {
461 netlbl_af6list_remove_entry(iter6); 458 netlbl_af6list_remove_entry(iter6);
462 iter6->valid = 1; 459 iter6->valid = 1;
463 ret_val = netlbl_af6list_add(iter6, old_list6); 460 ret_val = netlbl_af6list_add(iter6, old_list6);
@@ -538,18 +535,18 @@ int netlbl_domhsh_remove_entry(struct netlbl_dom_map *entry,
538 struct netlbl_af4list *iter4; 535 struct netlbl_af4list *iter4;
539 struct netlbl_domaddr4_map *map4; 536 struct netlbl_domaddr4_map *map4;
540 537
541 switch (entry->type) { 538 switch (entry->def.type) {
542 case NETLBL_NLTYPE_ADDRSELECT: 539 case NETLBL_NLTYPE_ADDRSELECT:
543 netlbl_af4list_foreach_rcu(iter4, 540 netlbl_af4list_foreach_rcu(iter4,
544 &entry->type_def.addrsel->list4) { 541 &entry->def.addrsel->list4) {
545 map4 = netlbl_domhsh_addr4_entry(iter4); 542 map4 = netlbl_domhsh_addr4_entry(iter4);
546 cipso_v4_doi_putdef(map4->type_def.cipsov4); 543 cipso_v4_doi_putdef(map4->def.cipso);
547 } 544 }
548 /* no need to check the IPv6 list since we currently 545 /* no need to check the IPv6 list since we currently
549 * support only unlabeled protocols for IPv6 */ 546 * support only unlabeled protocols for IPv6 */
550 break; 547 break;
551 case NETLBL_NLTYPE_CIPSOV4: 548 case NETLBL_NLTYPE_CIPSOV4:
552 cipso_v4_doi_putdef(entry->type_def.cipsov4); 549 cipso_v4_doi_putdef(entry->def.cipso);
553 break; 550 break;
554 } 551 }
555 call_rcu(&entry->rcu, netlbl_domhsh_free_entry); 552 call_rcu(&entry->rcu, netlbl_domhsh_free_entry);
@@ -590,20 +587,21 @@ int netlbl_domhsh_remove_af4(const char *domain,
590 entry_map = netlbl_domhsh_search(domain); 587 entry_map = netlbl_domhsh_search(domain);
591 else 588 else
592 entry_map = netlbl_domhsh_search_def(domain); 589 entry_map = netlbl_domhsh_search_def(domain);
593 if (entry_map == NULL || entry_map->type != NETLBL_NLTYPE_ADDRSELECT) 590 if (entry_map == NULL ||
591 entry_map->def.type != NETLBL_NLTYPE_ADDRSELECT)
594 goto remove_af4_failure; 592 goto remove_af4_failure;
595 593
596 spin_lock(&netlbl_domhsh_lock); 594 spin_lock(&netlbl_domhsh_lock);
597 entry_addr = netlbl_af4list_remove(addr->s_addr, mask->s_addr, 595 entry_addr = netlbl_af4list_remove(addr->s_addr, mask->s_addr,
598 &entry_map->type_def.addrsel->list4); 596 &entry_map->def.addrsel->list4);
599 spin_unlock(&netlbl_domhsh_lock); 597 spin_unlock(&netlbl_domhsh_lock);
600 598
601 if (entry_addr == NULL) 599 if (entry_addr == NULL)
602 goto remove_af4_failure; 600 goto remove_af4_failure;
603 netlbl_af4list_foreach_rcu(iter4, &entry_map->type_def.addrsel->list4) 601 netlbl_af4list_foreach_rcu(iter4, &entry_map->def.addrsel->list4)
604 goto remove_af4_single_addr; 602 goto remove_af4_single_addr;
605#if IS_ENABLED(CONFIG_IPV6) 603#if IS_ENABLED(CONFIG_IPV6)
606 netlbl_af6list_foreach_rcu(iter6, &entry_map->type_def.addrsel->list6) 604 netlbl_af6list_foreach_rcu(iter6, &entry_map->def.addrsel->list6)
607 goto remove_af4_single_addr; 605 goto remove_af4_single_addr;
608#endif /* IPv6 */ 606#endif /* IPv6 */
609 /* the domain mapping is empty so remove it from the mapping table */ 607 /* the domain mapping is empty so remove it from the mapping table */
@@ -616,7 +614,7 @@ remove_af4_single_addr:
616 * shouldn't be a problem */ 614 * shouldn't be a problem */
617 synchronize_rcu(); 615 synchronize_rcu();
618 entry = netlbl_domhsh_addr4_entry(entry_addr); 616 entry = netlbl_domhsh_addr4_entry(entry_addr);
619 cipso_v4_doi_putdef(entry->type_def.cipsov4); 617 cipso_v4_doi_putdef(entry->def.cipso);
620 kfree(entry); 618 kfree(entry);
621 return 0; 619 return 0;
622 620
@@ -693,8 +691,8 @@ struct netlbl_dom_map *netlbl_domhsh_getentry(const char *domain)
693 * responsible for ensuring that rcu_read_[un]lock() is called. 691 * responsible for ensuring that rcu_read_[un]lock() is called.
694 * 692 *
695 */ 693 */
696struct netlbl_domaddr4_map *netlbl_domhsh_getentry_af4(const char *domain, 694struct netlbl_dommap_def *netlbl_domhsh_getentry_af4(const char *domain,
697 __be32 addr) 695 __be32 addr)
698{ 696{
699 struct netlbl_dom_map *dom_iter; 697 struct netlbl_dom_map *dom_iter;
700 struct netlbl_af4list *addr_iter; 698 struct netlbl_af4list *addr_iter;
@@ -702,15 +700,13 @@ struct netlbl_domaddr4_map *netlbl_domhsh_getentry_af4(const char *domain,
702 dom_iter = netlbl_domhsh_search_def(domain); 700 dom_iter = netlbl_domhsh_search_def(domain);
703 if (dom_iter == NULL) 701 if (dom_iter == NULL)
704 return NULL; 702 return NULL;
705 if (dom_iter->type != NETLBL_NLTYPE_ADDRSELECT)
706 return NULL;
707 703
708 addr_iter = netlbl_af4list_search(addr, 704 if (dom_iter->def.type != NETLBL_NLTYPE_ADDRSELECT)
709 &dom_iter->type_def.addrsel->list4); 705 return &dom_iter->def;
706 addr_iter = netlbl_af4list_search(addr, &dom_iter->def.addrsel->list4);
710 if (addr_iter == NULL) 707 if (addr_iter == NULL)
711 return NULL; 708 return NULL;
712 709 return &(netlbl_domhsh_addr4_entry(addr_iter)->def);
713 return netlbl_domhsh_addr4_entry(addr_iter);
714} 710}
715 711
716#if IS_ENABLED(CONFIG_IPV6) 712#if IS_ENABLED(CONFIG_IPV6)
@@ -725,7 +721,7 @@ struct netlbl_domaddr4_map *netlbl_domhsh_getentry_af4(const char *domain,
725 * responsible for ensuring that rcu_read_[un]lock() is called. 721 * responsible for ensuring that rcu_read_[un]lock() is called.
726 * 722 *
727 */ 723 */
728struct netlbl_domaddr6_map *netlbl_domhsh_getentry_af6(const char *domain, 724struct netlbl_dommap_def *netlbl_domhsh_getentry_af6(const char *domain,
729 const struct in6_addr *addr) 725 const struct in6_addr *addr)
730{ 726{
731 struct netlbl_dom_map *dom_iter; 727 struct netlbl_dom_map *dom_iter;
@@ -734,15 +730,13 @@ struct netlbl_domaddr6_map *netlbl_domhsh_getentry_af6(const char *domain,
734 dom_iter = netlbl_domhsh_search_def(domain); 730 dom_iter = netlbl_domhsh_search_def(domain);
735 if (dom_iter == NULL) 731 if (dom_iter == NULL)
736 return NULL; 732 return NULL;
737 if (dom_iter->type != NETLBL_NLTYPE_ADDRSELECT)
738 return NULL;
739 733
740 addr_iter = netlbl_af6list_search(addr, 734 if (dom_iter->def.type != NETLBL_NLTYPE_ADDRSELECT)
741 &dom_iter->type_def.addrsel->list6); 735 return &dom_iter->def;
736 addr_iter = netlbl_af6list_search(addr, &dom_iter->def.addrsel->list6);
742 if (addr_iter == NULL) 737 if (addr_iter == NULL)
743 return NULL; 738 return NULL;
744 739 return &(netlbl_domhsh_addr6_entry(addr_iter)->def);
745 return netlbl_domhsh_addr6_entry(addr_iter);
746} 740}
747#endif /* IPv6 */ 741#endif /* IPv6 */
748 742
diff --git a/net/netlabel/netlabel_domainhash.h b/net/netlabel/netlabel_domainhash.h
index 90872c4ca30f..b9be0eed8980 100644
--- a/net/netlabel/netlabel_domainhash.h
+++ b/net/netlabel/netlabel_domainhash.h
@@ -43,37 +43,35 @@
43#define NETLBL_DOMHSH_BITSIZE 7 43#define NETLBL_DOMHSH_BITSIZE 7
44 44
45/* Domain mapping definition structures */ 45/* Domain mapping definition structures */
46struct netlbl_domaddr_map {
47 struct list_head list4;
48 struct list_head list6;
49};
50struct netlbl_dommap_def {
51 u32 type;
52 union {
53 struct netlbl_domaddr_map *addrsel;
54 struct cipso_v4_doi *cipso;
55 };
56};
46#define netlbl_domhsh_addr4_entry(iter) \ 57#define netlbl_domhsh_addr4_entry(iter) \
47 container_of(iter, struct netlbl_domaddr4_map, list) 58 container_of(iter, struct netlbl_domaddr4_map, list)
48struct netlbl_domaddr4_map { 59struct netlbl_domaddr4_map {
49 u32 type; 60 struct netlbl_dommap_def def;
50 union {
51 struct cipso_v4_doi *cipsov4;
52 } type_def;
53 61
54 struct netlbl_af4list list; 62 struct netlbl_af4list list;
55}; 63};
56#define netlbl_domhsh_addr6_entry(iter) \ 64#define netlbl_domhsh_addr6_entry(iter) \
57 container_of(iter, struct netlbl_domaddr6_map, list) 65 container_of(iter, struct netlbl_domaddr6_map, list)
58struct netlbl_domaddr6_map { 66struct netlbl_domaddr6_map {
59 u32 type; 67 struct netlbl_dommap_def def;
60
61 /* NOTE: no 'type_def' union needed at present since we don't currently
62 * support any IPv6 labeling protocols */
63 68
64 struct netlbl_af6list list; 69 struct netlbl_af6list list;
65}; 70};
66struct netlbl_domaddr_map { 71
67 struct list_head list4;
68 struct list_head list6;
69};
70struct netlbl_dom_map { 72struct netlbl_dom_map {
71 char *domain; 73 char *domain;
72 u32 type; 74 struct netlbl_dommap_def def;
73 union {
74 struct cipso_v4_doi *cipsov4;
75 struct netlbl_domaddr_map *addrsel;
76 } type_def;
77 75
78 u32 valid; 76 u32 valid;
79 struct list_head list; 77 struct list_head list;
@@ -97,16 +95,16 @@ int netlbl_domhsh_remove_af4(const char *domain,
97int netlbl_domhsh_remove(const char *domain, struct netlbl_audit *audit_info); 95int netlbl_domhsh_remove(const char *domain, struct netlbl_audit *audit_info);
98int netlbl_domhsh_remove_default(struct netlbl_audit *audit_info); 96int netlbl_domhsh_remove_default(struct netlbl_audit *audit_info);
99struct netlbl_dom_map *netlbl_domhsh_getentry(const char *domain); 97struct netlbl_dom_map *netlbl_domhsh_getentry(const char *domain);
100struct netlbl_domaddr4_map *netlbl_domhsh_getentry_af4(const char *domain, 98struct netlbl_dommap_def *netlbl_domhsh_getentry_af4(const char *domain,
101 __be32 addr); 99 __be32 addr);
100#if IS_ENABLED(CONFIG_IPV6)
101struct netlbl_dommap_def *netlbl_domhsh_getentry_af6(const char *domain,
102 const struct in6_addr *addr);
103#endif /* IPv6 */
104
102int netlbl_domhsh_walk(u32 *skip_bkt, 105int netlbl_domhsh_walk(u32 *skip_bkt,
103 u32 *skip_chain, 106 u32 *skip_chain,
104 int (*callback) (struct netlbl_dom_map *entry, void *arg), 107 int (*callback) (struct netlbl_dom_map *entry, void *arg),
105 void *cb_arg); 108 void *cb_arg);
106 109
107#if IS_ENABLED(CONFIG_IPV6)
108struct netlbl_domaddr6_map *netlbl_domhsh_getentry_af6(const char *domain,
109 const struct in6_addr *addr);
110#endif /* IPv6 */
111
112#endif 110#endif
diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c
index 7c94aedd0912..96a458e12f60 100644
--- a/net/netlabel/netlabel_kapi.c
+++ b/net/netlabel/netlabel_kapi.c
@@ -122,7 +122,7 @@ int netlbl_cfg_unlbl_map_add(const char *domain,
122 } 122 }
123 123
124 if (addr == NULL && mask == NULL) 124 if (addr == NULL && mask == NULL)
125 entry->type = NETLBL_NLTYPE_UNLABELED; 125 entry->def.type = NETLBL_NLTYPE_UNLABELED;
126 else if (addr != NULL && mask != NULL) { 126 else if (addr != NULL && mask != NULL) {
127 addrmap = kzalloc(sizeof(*addrmap), GFP_ATOMIC); 127 addrmap = kzalloc(sizeof(*addrmap), GFP_ATOMIC);
128 if (addrmap == NULL) 128 if (addrmap == NULL)
@@ -137,7 +137,7 @@ int netlbl_cfg_unlbl_map_add(const char *domain,
137 map4 = kzalloc(sizeof(*map4), GFP_ATOMIC); 137 map4 = kzalloc(sizeof(*map4), GFP_ATOMIC);
138 if (map4 == NULL) 138 if (map4 == NULL)
139 goto cfg_unlbl_map_add_failure; 139 goto cfg_unlbl_map_add_failure;
140 map4->type = NETLBL_NLTYPE_UNLABELED; 140 map4->def.type = NETLBL_NLTYPE_UNLABELED;
141 map4->list.addr = addr4->s_addr & mask4->s_addr; 141 map4->list.addr = addr4->s_addr & mask4->s_addr;
142 map4->list.mask = mask4->s_addr; 142 map4->list.mask = mask4->s_addr;
143 map4->list.valid = 1; 143 map4->list.valid = 1;
@@ -154,7 +154,7 @@ int netlbl_cfg_unlbl_map_add(const char *domain,
154 map6 = kzalloc(sizeof(*map6), GFP_ATOMIC); 154 map6 = kzalloc(sizeof(*map6), GFP_ATOMIC);
155 if (map6 == NULL) 155 if (map6 == NULL)
156 goto cfg_unlbl_map_add_failure; 156 goto cfg_unlbl_map_add_failure;
157 map6->type = NETLBL_NLTYPE_UNLABELED; 157 map6->def.type = NETLBL_NLTYPE_UNLABELED;
158 map6->list.addr = *addr6; 158 map6->list.addr = *addr6;
159 map6->list.addr.s6_addr32[0] &= mask6->s6_addr32[0]; 159 map6->list.addr.s6_addr32[0] &= mask6->s6_addr32[0];
160 map6->list.addr.s6_addr32[1] &= mask6->s6_addr32[1]; 160 map6->list.addr.s6_addr32[1] &= mask6->s6_addr32[1];
@@ -174,8 +174,8 @@ int netlbl_cfg_unlbl_map_add(const char *domain,
174 break; 174 break;
175 } 175 }
176 176
177 entry->type_def.addrsel = addrmap; 177 entry->def.addrsel = addrmap;
178 entry->type = NETLBL_NLTYPE_ADDRSELECT; 178 entry->def.type = NETLBL_NLTYPE_ADDRSELECT;
179 } else { 179 } else {
180 ret_val = -EINVAL; 180 ret_val = -EINVAL;
181 goto cfg_unlbl_map_add_failure; 181 goto cfg_unlbl_map_add_failure;
@@ -355,8 +355,8 @@ int netlbl_cfg_cipsov4_map_add(u32 doi,
355 } 355 }
356 356
357 if (addr == NULL && mask == NULL) { 357 if (addr == NULL && mask == NULL) {
358 entry->type_def.cipsov4 = doi_def; 358 entry->def.cipso = doi_def;
359 entry->type = NETLBL_NLTYPE_CIPSOV4; 359 entry->def.type = NETLBL_NLTYPE_CIPSOV4;
360 } else if (addr != NULL && mask != NULL) { 360 } else if (addr != NULL && mask != NULL) {
361 addrmap = kzalloc(sizeof(*addrmap), GFP_ATOMIC); 361 addrmap = kzalloc(sizeof(*addrmap), GFP_ATOMIC);
362 if (addrmap == NULL) 362 if (addrmap == NULL)
@@ -367,8 +367,8 @@ int netlbl_cfg_cipsov4_map_add(u32 doi,
367 addrinfo = kzalloc(sizeof(*addrinfo), GFP_ATOMIC); 367 addrinfo = kzalloc(sizeof(*addrinfo), GFP_ATOMIC);
368 if (addrinfo == NULL) 368 if (addrinfo == NULL)
369 goto out_addrinfo; 369 goto out_addrinfo;
370 addrinfo->type_def.cipsov4 = doi_def; 370 addrinfo->def.cipso = doi_def;
371 addrinfo->type = NETLBL_NLTYPE_CIPSOV4; 371 addrinfo->def.type = NETLBL_NLTYPE_CIPSOV4;
372 addrinfo->list.addr = addr->s_addr & mask->s_addr; 372 addrinfo->list.addr = addr->s_addr & mask->s_addr;
373 addrinfo->list.mask = mask->s_addr; 373 addrinfo->list.mask = mask->s_addr;
374 addrinfo->list.valid = 1; 374 addrinfo->list.valid = 1;
@@ -376,8 +376,8 @@ int netlbl_cfg_cipsov4_map_add(u32 doi,
376 if (ret_val != 0) 376 if (ret_val != 0)
377 goto cfg_cipsov4_map_add_failure; 377 goto cfg_cipsov4_map_add_failure;
378 378
379 entry->type_def.addrsel = addrmap; 379 entry->def.addrsel = addrmap;
380 entry->type = NETLBL_NLTYPE_ADDRSELECT; 380 entry->def.type = NETLBL_NLTYPE_ADDRSELECT;
381 } else { 381 } else {
382 ret_val = -EINVAL; 382 ret_val = -EINVAL;
383 goto out_addrmap; 383 goto out_addrmap;
@@ -657,14 +657,14 @@ int netlbl_sock_setattr(struct sock *sk,
657 } 657 }
658 switch (family) { 658 switch (family) {
659 case AF_INET: 659 case AF_INET:
660 switch (dom_entry->type) { 660 switch (dom_entry->def.type) {
661 case NETLBL_NLTYPE_ADDRSELECT: 661 case NETLBL_NLTYPE_ADDRSELECT:
662 ret_val = -EDESTADDRREQ; 662 ret_val = -EDESTADDRREQ;
663 break; 663 break;
664 case NETLBL_NLTYPE_CIPSOV4: 664 case NETLBL_NLTYPE_CIPSOV4:
665 ret_val = cipso_v4_sock_setattr(sk, 665 ret_val = cipso_v4_sock_setattr(sk,
666 dom_entry->type_def.cipsov4, 666 dom_entry->def.cipso,
667 secattr); 667 secattr);
668 break; 668 break;
669 case NETLBL_NLTYPE_UNLABELED: 669 case NETLBL_NLTYPE_UNLABELED:
670 ret_val = 0; 670 ret_val = 0;
@@ -754,23 +754,22 @@ int netlbl_conn_setattr(struct sock *sk,
754{ 754{
755 int ret_val; 755 int ret_val;
756 struct sockaddr_in *addr4; 756 struct sockaddr_in *addr4;
757 struct netlbl_domaddr4_map *af4_entry; 757 struct netlbl_dommap_def *entry;
758 758
759 rcu_read_lock(); 759 rcu_read_lock();
760 switch (addr->sa_family) { 760 switch (addr->sa_family) {
761 case AF_INET: 761 case AF_INET:
762 addr4 = (struct sockaddr_in *)addr; 762 addr4 = (struct sockaddr_in *)addr;
763 af4_entry = netlbl_domhsh_getentry_af4(secattr->domain, 763 entry = netlbl_domhsh_getentry_af4(secattr->domain,
764 addr4->sin_addr.s_addr); 764 addr4->sin_addr.s_addr);
765 if (af4_entry == NULL) { 765 if (entry == NULL) {
766 ret_val = -ENOENT; 766 ret_val = -ENOENT;
767 goto conn_setattr_return; 767 goto conn_setattr_return;
768 } 768 }
769 switch (af4_entry->type) { 769 switch (entry->type) {
770 case NETLBL_NLTYPE_CIPSOV4: 770 case NETLBL_NLTYPE_CIPSOV4:
771 ret_val = cipso_v4_sock_setattr(sk, 771 ret_val = cipso_v4_sock_setattr(sk,
772 af4_entry->type_def.cipsov4, 772 entry->cipso, secattr);
773 secattr);
774 break; 773 break;
775 case NETLBL_NLTYPE_UNLABELED: 774 case NETLBL_NLTYPE_UNLABELED:
776 /* just delete the protocols we support for right now 775 /* just delete the protocols we support for right now
@@ -812,36 +811,21 @@ int netlbl_req_setattr(struct request_sock *req,
812 const struct netlbl_lsm_secattr *secattr) 811 const struct netlbl_lsm_secattr *secattr)
813{ 812{
814 int ret_val; 813 int ret_val;
815 struct netlbl_dom_map *dom_entry; 814 struct netlbl_dommap_def *entry;
816 struct netlbl_domaddr4_map *af4_entry;
817 u32 proto_type;
818 struct cipso_v4_doi *proto_cv4;
819 815
820 rcu_read_lock(); 816 rcu_read_lock();
821 dom_entry = netlbl_domhsh_getentry(secattr->domain);
822 if (dom_entry == NULL) {
823 ret_val = -ENOENT;
824 goto req_setattr_return;
825 }
826 switch (req->rsk_ops->family) { 817 switch (req->rsk_ops->family) {
827 case AF_INET: 818 case AF_INET:
828 if (dom_entry->type == NETLBL_NLTYPE_ADDRSELECT) { 819 entry = netlbl_domhsh_getentry_af4(secattr->domain,
829 struct inet_request_sock *req_inet = inet_rsk(req); 820 inet_rsk(req)->rmt_addr);
830 af4_entry = netlbl_domhsh_getentry_af4(secattr->domain, 821 if (entry == NULL) {
831 req_inet->rmt_addr); 822 ret_val = -ENOENT;
832 if (af4_entry == NULL) { 823 goto req_setattr_return;
833 ret_val = -ENOENT;
834 goto req_setattr_return;
835 }
836 proto_type = af4_entry->type;
837 proto_cv4 = af4_entry->type_def.cipsov4;
838 } else {
839 proto_type = dom_entry->type;
840 proto_cv4 = dom_entry->type_def.cipsov4;
841 } 824 }
842 switch (proto_type) { 825 switch (entry->type) {
843 case NETLBL_NLTYPE_CIPSOV4: 826 case NETLBL_NLTYPE_CIPSOV4:
844 ret_val = cipso_v4_req_setattr(req, proto_cv4, secattr); 827 ret_val = cipso_v4_req_setattr(req,
828 entry->cipso, secattr);
845 break; 829 break;
846 case NETLBL_NLTYPE_UNLABELED: 830 case NETLBL_NLTYPE_UNLABELED:
847 /* just delete the protocols we support for right now 831 /* just delete the protocols we support for right now
@@ -899,23 +883,21 @@ int netlbl_skbuff_setattr(struct sk_buff *skb,
899{ 883{
900 int ret_val; 884 int ret_val;
901 struct iphdr *hdr4; 885 struct iphdr *hdr4;
902 struct netlbl_domaddr4_map *af4_entry; 886 struct netlbl_dommap_def *entry;
903 887
904 rcu_read_lock(); 888 rcu_read_lock();
905 switch (family) { 889 switch (family) {
906 case AF_INET: 890 case AF_INET:
907 hdr4 = ip_hdr(skb); 891 hdr4 = ip_hdr(skb);
908 af4_entry = netlbl_domhsh_getentry_af4(secattr->domain, 892 entry = netlbl_domhsh_getentry_af4(secattr->domain,hdr4->daddr);
909 hdr4->daddr); 893 if (entry == NULL) {
910 if (af4_entry == NULL) {
911 ret_val = -ENOENT; 894 ret_val = -ENOENT;
912 goto skbuff_setattr_return; 895 goto skbuff_setattr_return;
913 } 896 }
914 switch (af4_entry->type) { 897 switch (entry->type) {
915 case NETLBL_NLTYPE_CIPSOV4: 898 case NETLBL_NLTYPE_CIPSOV4:
916 ret_val = cipso_v4_skbuff_setattr(skb, 899 ret_val = cipso_v4_skbuff_setattr(skb, entry->cipso,
917 af4_entry->type_def.cipsov4, 900 secattr);
918 secattr);
919 break; 901 break;
920 case NETLBL_NLTYPE_UNLABELED: 902 case NETLBL_NLTYPE_UNLABELED:
921 /* just delete the protocols we support for right now 903 /* just delete the protocols we support for right now
diff --git a/net/netlabel/netlabel_mgmt.c b/net/netlabel/netlabel_mgmt.c
index c5384ffc6146..dd1c37d7acbc 100644
--- a/net/netlabel/netlabel_mgmt.c
+++ b/net/netlabel/netlabel_mgmt.c
@@ -104,7 +104,7 @@ static int netlbl_mgmt_add_common(struct genl_info *info,
104 ret_val = -ENOMEM; 104 ret_val = -ENOMEM;
105 goto add_failure; 105 goto add_failure;
106 } 106 }
107 entry->type = nla_get_u32(info->attrs[NLBL_MGMT_A_PROTOCOL]); 107 entry->def.type = nla_get_u32(info->attrs[NLBL_MGMT_A_PROTOCOL]);
108 if (info->attrs[NLBL_MGMT_A_DOMAIN]) { 108 if (info->attrs[NLBL_MGMT_A_DOMAIN]) {
109 size_t tmp_size = nla_len(info->attrs[NLBL_MGMT_A_DOMAIN]); 109 size_t tmp_size = nla_len(info->attrs[NLBL_MGMT_A_DOMAIN]);
110 entry->domain = kmalloc(tmp_size, GFP_KERNEL); 110 entry->domain = kmalloc(tmp_size, GFP_KERNEL);
@@ -116,12 +116,12 @@ static int netlbl_mgmt_add_common(struct genl_info *info,
116 info->attrs[NLBL_MGMT_A_DOMAIN], tmp_size); 116 info->attrs[NLBL_MGMT_A_DOMAIN], tmp_size);
117 } 117 }
118 118
119 /* NOTE: internally we allow/use a entry->type value of 119 /* NOTE: internally we allow/use a entry->def.type value of
120 * NETLBL_NLTYPE_ADDRSELECT but we don't currently allow users 120 * NETLBL_NLTYPE_ADDRSELECT but we don't currently allow users
121 * to pass that as a protocol value because we need to know the 121 * to pass that as a protocol value because we need to know the
122 * "real" protocol */ 122 * "real" protocol */
123 123
124 switch (entry->type) { 124 switch (entry->def.type) {
125 case NETLBL_NLTYPE_UNLABELED: 125 case NETLBL_NLTYPE_UNLABELED:
126 break; 126 break;
127 case NETLBL_NLTYPE_CIPSOV4: 127 case NETLBL_NLTYPE_CIPSOV4:
@@ -132,7 +132,7 @@ static int netlbl_mgmt_add_common(struct genl_info *info,
132 cipsov4 = cipso_v4_doi_getdef(tmp_val); 132 cipsov4 = cipso_v4_doi_getdef(tmp_val);
133 if (cipsov4 == NULL) 133 if (cipsov4 == NULL)
134 goto add_failure; 134 goto add_failure;
135 entry->type_def.cipsov4 = cipsov4; 135 entry->def.cipso = cipsov4;
136 break; 136 break;
137 default: 137 default:
138 goto add_failure; 138 goto add_failure;
@@ -172,9 +172,9 @@ static int netlbl_mgmt_add_common(struct genl_info *info,
172 map->list.addr = addr->s_addr & mask->s_addr; 172 map->list.addr = addr->s_addr & mask->s_addr;
173 map->list.mask = mask->s_addr; 173 map->list.mask = mask->s_addr;
174 map->list.valid = 1; 174 map->list.valid = 1;
175 map->type = entry->type; 175 map->def.type = entry->def.type;
176 if (cipsov4) 176 if (cipsov4)
177 map->type_def.cipsov4 = cipsov4; 177 map->def.cipso = cipsov4;
178 178
179 ret_val = netlbl_af4list_add(&map->list, &addrmap->list4); 179 ret_val = netlbl_af4list_add(&map->list, &addrmap->list4);
180 if (ret_val != 0) { 180 if (ret_val != 0) {
@@ -182,8 +182,8 @@ static int netlbl_mgmt_add_common(struct genl_info *info,
182 goto add_failure; 182 goto add_failure;
183 } 183 }
184 184
185 entry->type = NETLBL_NLTYPE_ADDRSELECT; 185 entry->def.type = NETLBL_NLTYPE_ADDRSELECT;
186 entry->type_def.addrsel = addrmap; 186 entry->def.addrsel = addrmap;
187#if IS_ENABLED(CONFIG_IPV6) 187#if IS_ENABLED(CONFIG_IPV6)
188 } else if (info->attrs[NLBL_MGMT_A_IPV6ADDR]) { 188 } else if (info->attrs[NLBL_MGMT_A_IPV6ADDR]) {
189 struct in6_addr *addr; 189 struct in6_addr *addr;
@@ -223,7 +223,7 @@ static int netlbl_mgmt_add_common(struct genl_info *info,
223 map->list.addr.s6_addr32[3] &= mask->s6_addr32[3]; 223 map->list.addr.s6_addr32[3] &= mask->s6_addr32[3];
224 map->list.mask = *mask; 224 map->list.mask = *mask;
225 map->list.valid = 1; 225 map->list.valid = 1;
226 map->type = entry->type; 226 map->def.type = entry->def.type;
227 227
228 ret_val = netlbl_af6list_add(&map->list, &addrmap->list6); 228 ret_val = netlbl_af6list_add(&map->list, &addrmap->list6);
229 if (ret_val != 0) { 229 if (ret_val != 0) {
@@ -231,8 +231,8 @@ static int netlbl_mgmt_add_common(struct genl_info *info,
231 goto add_failure; 231 goto add_failure;
232 } 232 }
233 233
234 entry->type = NETLBL_NLTYPE_ADDRSELECT; 234 entry->def.type = NETLBL_NLTYPE_ADDRSELECT;
235 entry->type_def.addrsel = addrmap; 235 entry->def.addrsel = addrmap;
236#endif /* IPv6 */ 236#endif /* IPv6 */
237 } 237 }
238 238
@@ -281,14 +281,13 @@ static int netlbl_mgmt_listentry(struct sk_buff *skb,
281 return ret_val; 281 return ret_val;
282 } 282 }
283 283
284 switch (entry->type) { 284 switch (entry->def.type) {
285 case NETLBL_NLTYPE_ADDRSELECT: 285 case NETLBL_NLTYPE_ADDRSELECT:
286 nla_a = nla_nest_start(skb, NLBL_MGMT_A_SELECTORLIST); 286 nla_a = nla_nest_start(skb, NLBL_MGMT_A_SELECTORLIST);
287 if (nla_a == NULL) 287 if (nla_a == NULL)
288 return -ENOMEM; 288 return -ENOMEM;
289 289
290 netlbl_af4list_foreach_rcu(iter4, 290 netlbl_af4list_foreach_rcu(iter4, &entry->def.addrsel->list4) {
291 &entry->type_def.addrsel->list4) {
292 struct netlbl_domaddr4_map *map4; 291 struct netlbl_domaddr4_map *map4;
293 struct in_addr addr_struct; 292 struct in_addr addr_struct;
294 293
@@ -310,13 +309,13 @@ static int netlbl_mgmt_listentry(struct sk_buff *skb,
310 return ret_val; 309 return ret_val;
311 map4 = netlbl_domhsh_addr4_entry(iter4); 310 map4 = netlbl_domhsh_addr4_entry(iter4);
312 ret_val = nla_put_u32(skb, NLBL_MGMT_A_PROTOCOL, 311 ret_val = nla_put_u32(skb, NLBL_MGMT_A_PROTOCOL,
313 map4->type); 312 map4->def.type);
314 if (ret_val != 0) 313 if (ret_val != 0)
315 return ret_val; 314 return ret_val;
316 switch (map4->type) { 315 switch (map4->def.type) {
317 case NETLBL_NLTYPE_CIPSOV4: 316 case NETLBL_NLTYPE_CIPSOV4:
318 ret_val = nla_put_u32(skb, NLBL_MGMT_A_CV4DOI, 317 ret_val = nla_put_u32(skb, NLBL_MGMT_A_CV4DOI,
319 map4->type_def.cipsov4->doi); 318 map4->def.cipso->doi);
320 if (ret_val != 0) 319 if (ret_val != 0)
321 return ret_val; 320 return ret_val;
322 break; 321 break;
@@ -325,8 +324,7 @@ static int netlbl_mgmt_listentry(struct sk_buff *skb,
325 nla_nest_end(skb, nla_b); 324 nla_nest_end(skb, nla_b);
326 } 325 }
327#if IS_ENABLED(CONFIG_IPV6) 326#if IS_ENABLED(CONFIG_IPV6)
328 netlbl_af6list_foreach_rcu(iter6, 327 netlbl_af6list_foreach_rcu(iter6, &entry->def.addrsel->list6) {
329 &entry->type_def.addrsel->list6) {
330 struct netlbl_domaddr6_map *map6; 328 struct netlbl_domaddr6_map *map6;
331 329
332 nla_b = nla_nest_start(skb, NLBL_MGMT_A_ADDRSELECTOR); 330 nla_b = nla_nest_start(skb, NLBL_MGMT_A_ADDRSELECTOR);
@@ -345,7 +343,7 @@ static int netlbl_mgmt_listentry(struct sk_buff *skb,
345 return ret_val; 343 return ret_val;
346 map6 = netlbl_domhsh_addr6_entry(iter6); 344 map6 = netlbl_domhsh_addr6_entry(iter6);
347 ret_val = nla_put_u32(skb, NLBL_MGMT_A_PROTOCOL, 345 ret_val = nla_put_u32(skb, NLBL_MGMT_A_PROTOCOL,
348 map6->type); 346 map6->def.type);
349 if (ret_val != 0) 347 if (ret_val != 0)
350 return ret_val; 348 return ret_val;
351 349
@@ -356,14 +354,14 @@ static int netlbl_mgmt_listentry(struct sk_buff *skb,
356 nla_nest_end(skb, nla_a); 354 nla_nest_end(skb, nla_a);
357 break; 355 break;
358 case NETLBL_NLTYPE_UNLABELED: 356 case NETLBL_NLTYPE_UNLABELED:
359 ret_val = nla_put_u32(skb, NLBL_MGMT_A_PROTOCOL, entry->type); 357 ret_val = nla_put_u32(skb,NLBL_MGMT_A_PROTOCOL,entry->def.type);
360 break; 358 break;
361 case NETLBL_NLTYPE_CIPSOV4: 359 case NETLBL_NLTYPE_CIPSOV4:
362 ret_val = nla_put_u32(skb, NLBL_MGMT_A_PROTOCOL, entry->type); 360 ret_val = nla_put_u32(skb,NLBL_MGMT_A_PROTOCOL,entry->def.type);
363 if (ret_val != 0) 361 if (ret_val != 0)
364 return ret_val; 362 return ret_val;
365 ret_val = nla_put_u32(skb, NLBL_MGMT_A_CV4DOI, 363 ret_val = nla_put_u32(skb, NLBL_MGMT_A_CV4DOI,
366 entry->type_def.cipsov4->doi); 364 entry->def.cipso->doi);
367 break; 365 break;
368 } 366 }
369 367
diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c
index af3531926ee0..8f0897407a2c 100644
--- a/net/netlabel/netlabel_unlabeled.c
+++ b/net/netlabel/netlabel_unlabeled.c
@@ -1541,7 +1541,7 @@ int __init netlbl_unlabel_defconf(void)
1541 entry = kzalloc(sizeof(*entry), GFP_KERNEL); 1541 entry = kzalloc(sizeof(*entry), GFP_KERNEL);
1542 if (entry == NULL) 1542 if (entry == NULL)
1543 return -ENOMEM; 1543 return -ENOMEM;
1544 entry->type = NETLBL_NLTYPE_UNLABELED; 1544 entry->def.type = NETLBL_NLTYPE_UNLABELED;
1545 ret_val = netlbl_domhsh_add_default(entry, &audit_info); 1545 ret_val = netlbl_domhsh_add_default(entry, &audit_info);
1546 if (ret_val != 0) 1546 if (ret_val != 0)
1547 return ret_val; 1547 return ret_val;
diff --git a/net/netlink/genetlink.c b/net/netlink/genetlink.c
index 2fd6dbea327a..512718adb0d5 100644
--- a/net/netlink/genetlink.c
+++ b/net/netlink/genetlink.c
@@ -571,7 +571,7 @@ static int genl_family_rcv_msg(struct genl_family *family,
571 !capable(CAP_NET_ADMIN)) 571 !capable(CAP_NET_ADMIN))
572 return -EPERM; 572 return -EPERM;
573 573
574 if (nlh->nlmsg_flags & NLM_F_DUMP) { 574 if ((nlh->nlmsg_flags & NLM_F_DUMP) == NLM_F_DUMP) {
575 struct netlink_dump_control c = { 575 struct netlink_dump_control c = {
576 .dump = ops->dumpit, 576 .dump = ops->dumpit,
577 .done = ops->done, 577 .done = ops->done,
@@ -877,8 +877,10 @@ static int ctrl_getfamily(struct sk_buff *skb, struct genl_info *info)
877#ifdef CONFIG_MODULES 877#ifdef CONFIG_MODULES
878 if (res == NULL) { 878 if (res == NULL) {
879 genl_unlock(); 879 genl_unlock();
880 up_read(&cb_lock);
880 request_module("net-pf-%d-proto-%d-family-%s", 881 request_module("net-pf-%d-proto-%d-family-%s",
881 PF_NETLINK, NETLINK_GENERIC, name); 882 PF_NETLINK, NETLINK_GENERIC, name);
883 down_read(&cb_lock);
882 genl_lock(); 884 genl_lock();
883 res = genl_family_find_byname(name); 885 res = genl_family_find_byname(name);
884 } 886 }
diff --git a/net/nfc/core.c b/net/nfc/core.c
index dc96a83aa6ab..1d074dd1650f 100644
--- a/net/nfc/core.c
+++ b/net/nfc/core.c
@@ -44,7 +44,7 @@ DEFINE_MUTEX(nfc_devlist_mutex);
44/* NFC device ID bitmap */ 44/* NFC device ID bitmap */
45static DEFINE_IDA(nfc_index_ida); 45static DEFINE_IDA(nfc_index_ida);
46 46
47int nfc_fw_upload(struct nfc_dev *dev, const char *firmware_name) 47int nfc_fw_download(struct nfc_dev *dev, const char *firmware_name)
48{ 48{
49 int rc = 0; 49 int rc = 0;
50 50
@@ -62,28 +62,28 @@ int nfc_fw_upload(struct nfc_dev *dev, const char *firmware_name)
62 goto error; 62 goto error;
63 } 63 }
64 64
65 if (!dev->ops->fw_upload) { 65 if (!dev->ops->fw_download) {
66 rc = -EOPNOTSUPP; 66 rc = -EOPNOTSUPP;
67 goto error; 67 goto error;
68 } 68 }
69 69
70 dev->fw_upload_in_progress = true; 70 dev->fw_download_in_progress = true;
71 rc = dev->ops->fw_upload(dev, firmware_name); 71 rc = dev->ops->fw_download(dev, firmware_name);
72 if (rc) 72 if (rc)
73 dev->fw_upload_in_progress = false; 73 dev->fw_download_in_progress = false;
74 74
75error: 75error:
76 device_unlock(&dev->dev); 76 device_unlock(&dev->dev);
77 return rc; 77 return rc;
78} 78}
79 79
80int nfc_fw_upload_done(struct nfc_dev *dev, const char *firmware_name) 80int nfc_fw_download_done(struct nfc_dev *dev, const char *firmware_name)
81{ 81{
82 dev->fw_upload_in_progress = false; 82 dev->fw_download_in_progress = false;
83 83
84 return nfc_genl_fw_upload_done(dev, firmware_name); 84 return nfc_genl_fw_download_done(dev, firmware_name);
85} 85}
86EXPORT_SYMBOL(nfc_fw_upload_done); 86EXPORT_SYMBOL(nfc_fw_download_done);
87 87
88/** 88/**
89 * nfc_dev_up - turn on the NFC device 89 * nfc_dev_up - turn on the NFC device
@@ -110,7 +110,7 @@ int nfc_dev_up(struct nfc_dev *dev)
110 goto error; 110 goto error;
111 } 111 }
112 112
113 if (dev->fw_upload_in_progress) { 113 if (dev->fw_download_in_progress) {
114 rc = -EBUSY; 114 rc = -EBUSY;
115 goto error; 115 goto error;
116 } 116 }
diff --git a/net/nfc/hci/core.c b/net/nfc/hci/core.c
index 7b1c186736eb..fe66908401f5 100644
--- a/net/nfc/hci/core.c
+++ b/net/nfc/hci/core.c
@@ -809,14 +809,14 @@ static void nfc_hci_recv_from_llc(struct nfc_hci_dev *hdev, struct sk_buff *skb)
809 } 809 }
810} 810}
811 811
812static int hci_fw_upload(struct nfc_dev *nfc_dev, const char *firmware_name) 812static int hci_fw_download(struct nfc_dev *nfc_dev, const char *firmware_name)
813{ 813{
814 struct nfc_hci_dev *hdev = nfc_get_drvdata(nfc_dev); 814 struct nfc_hci_dev *hdev = nfc_get_drvdata(nfc_dev);
815 815
816 if (!hdev->ops->fw_upload) 816 if (!hdev->ops->fw_download)
817 return -ENOTSUPP; 817 return -ENOTSUPP;
818 818
819 return hdev->ops->fw_upload(hdev, firmware_name); 819 return hdev->ops->fw_download(hdev, firmware_name);
820} 820}
821 821
822static struct nfc_ops hci_nfc_ops = { 822static struct nfc_ops hci_nfc_ops = {
@@ -831,7 +831,7 @@ static struct nfc_ops hci_nfc_ops = {
831 .im_transceive = hci_transceive, 831 .im_transceive = hci_transceive,
832 .tm_send = hci_tm_send, 832 .tm_send = hci_tm_send,
833 .check_presence = hci_check_presence, 833 .check_presence = hci_check_presence,
834 .fw_upload = hci_fw_upload, 834 .fw_download = hci_fw_download,
835 .discover_se = hci_discover_se, 835 .discover_se = hci_discover_se,
836 .enable_se = hci_enable_se, 836 .enable_se = hci_enable_se,
837 .disable_se = hci_disable_se, 837 .disable_se = hci_disable_se,
diff --git a/net/nfc/nci/Kconfig b/net/nfc/nci/Kconfig
index 2a2416080b4f..a4f1e42e3481 100644
--- a/net/nfc/nci/Kconfig
+++ b/net/nfc/nci/Kconfig
@@ -11,6 +11,7 @@ config NFC_NCI
11 11
12config NFC_NCI_SPI 12config NFC_NCI_SPI
13 depends on NFC_NCI && SPI 13 depends on NFC_NCI && SPI
14 select CRC_CCITT
14 bool "NCI over SPI protocol support" 15 bool "NCI over SPI protocol support"
15 default n 16 default n
16 help 17 help
diff --git a/net/nfc/netlink.c b/net/nfc/netlink.c
index b05ad909778f..f16fd59d4160 100644
--- a/net/nfc/netlink.c
+++ b/net/nfc/netlink.c
@@ -1089,7 +1089,7 @@ exit:
1089 return rc; 1089 return rc;
1090} 1090}
1091 1091
1092static int nfc_genl_fw_upload(struct sk_buff *skb, struct genl_info *info) 1092static int nfc_genl_fw_download(struct sk_buff *skb, struct genl_info *info)
1093{ 1093{
1094 struct nfc_dev *dev; 1094 struct nfc_dev *dev;
1095 int rc; 1095 int rc;
@@ -1108,13 +1108,13 @@ static int nfc_genl_fw_upload(struct sk_buff *skb, struct genl_info *info)
1108 nla_strlcpy(firmware_name, info->attrs[NFC_ATTR_FIRMWARE_NAME], 1108 nla_strlcpy(firmware_name, info->attrs[NFC_ATTR_FIRMWARE_NAME],
1109 sizeof(firmware_name)); 1109 sizeof(firmware_name));
1110 1110
1111 rc = nfc_fw_upload(dev, firmware_name); 1111 rc = nfc_fw_download(dev, firmware_name);
1112 1112
1113 nfc_put_device(dev); 1113 nfc_put_device(dev);
1114 return rc; 1114 return rc;
1115} 1115}
1116 1116
1117int nfc_genl_fw_upload_done(struct nfc_dev *dev, const char *firmware_name) 1117int nfc_genl_fw_download_done(struct nfc_dev *dev, const char *firmware_name)
1118{ 1118{
1119 struct sk_buff *msg; 1119 struct sk_buff *msg;
1120 void *hdr; 1120 void *hdr;
@@ -1124,7 +1124,7 @@ int nfc_genl_fw_upload_done(struct nfc_dev *dev, const char *firmware_name)
1124 return -ENOMEM; 1124 return -ENOMEM;
1125 1125
1126 hdr = genlmsg_put(msg, 0, 0, &nfc_genl_family, 0, 1126 hdr = genlmsg_put(msg, 0, 0, &nfc_genl_family, 0,
1127 NFC_CMD_FW_UPLOAD); 1127 NFC_CMD_FW_DOWNLOAD);
1128 if (!hdr) 1128 if (!hdr)
1129 goto free_msg; 1129 goto free_msg;
1130 1130
@@ -1251,8 +1251,8 @@ static struct genl_ops nfc_genl_ops[] = {
1251 .policy = nfc_genl_policy, 1251 .policy = nfc_genl_policy,
1252 }, 1252 },
1253 { 1253 {
1254 .cmd = NFC_CMD_FW_UPLOAD, 1254 .cmd = NFC_CMD_FW_DOWNLOAD,
1255 .doit = nfc_genl_fw_upload, 1255 .doit = nfc_genl_fw_download,
1256 .policy = nfc_genl_policy, 1256 .policy = nfc_genl_policy,
1257 }, 1257 },
1258 { 1258 {
diff --git a/net/nfc/nfc.h b/net/nfc/nfc.h
index ee85a1fc1b24..820a7850c36a 100644
--- a/net/nfc/nfc.h
+++ b/net/nfc/nfc.h
@@ -123,10 +123,10 @@ static inline void nfc_device_iter_exit(struct class_dev_iter *iter)
123 class_dev_iter_exit(iter); 123 class_dev_iter_exit(iter);
124} 124}
125 125
126int nfc_fw_upload(struct nfc_dev *dev, const char *firmware_name); 126int nfc_fw_download(struct nfc_dev *dev, const char *firmware_name);
127int nfc_genl_fw_upload_done(struct nfc_dev *dev, const char *firmware_name); 127int nfc_genl_fw_download_done(struct nfc_dev *dev, const char *firmware_name);
128 128
129int nfc_fw_upload_done(struct nfc_dev *dev, const char *firmware_name); 129int nfc_fw_download_done(struct nfc_dev *dev, const char *firmware_name);
130 130
131int nfc_dev_up(struct nfc_dev *dev); 131int nfc_dev_up(struct nfc_dev *dev);
132 132
diff --git a/net/openvswitch/actions.c b/net/openvswitch/actions.c
index 22c5f399f1cf..ab101f715447 100644
--- a/net/openvswitch/actions.c
+++ b/net/openvswitch/actions.c
@@ -535,6 +535,7 @@ int ovs_execute_actions(struct datapath *dp, struct sk_buff *skb)
535{ 535{
536 struct sw_flow_actions *acts = rcu_dereference(OVS_CB(skb)->flow->sf_acts); 536 struct sw_flow_actions *acts = rcu_dereference(OVS_CB(skb)->flow->sf_acts);
537 537
538 OVS_CB(skb)->tun_key = NULL;
538 return do_execute_actions(dp, skb, acts->actions, 539 return do_execute_actions(dp, skb, acts->actions,
539 acts->actions_len, false); 540 acts->actions_len, false);
540} 541}
diff --git a/net/openvswitch/datapath.c b/net/openvswitch/datapath.c
index f7e3a0d84c40..f2ed7600084e 100644
--- a/net/openvswitch/datapath.c
+++ b/net/openvswitch/datapath.c
@@ -2076,9 +2076,6 @@ static int ovs_vport_cmd_set(struct sk_buff *skb, struct genl_info *info)
2076 ovs_notify(reply, info, &ovs_dp_vport_multicast_group); 2076 ovs_notify(reply, info, &ovs_dp_vport_multicast_group);
2077 return 0; 2077 return 0;
2078 2078
2079 rtnl_unlock();
2080 return 0;
2081
2082exit_free: 2079exit_free:
2083 kfree_skb(reply); 2080 kfree_skb(reply);
2084exit_unlock: 2081exit_unlock:
diff --git a/net/openvswitch/flow.c b/net/openvswitch/flow.c
index 5c519b121e1b..1aa84dc58777 100644
--- a/net/openvswitch/flow.c
+++ b/net/openvswitch/flow.c
@@ -240,7 +240,7 @@ static struct flex_array *alloc_buckets(unsigned int n_buckets)
240 struct flex_array *buckets; 240 struct flex_array *buckets;
241 int i, err; 241 int i, err;
242 242
243 buckets = flex_array_alloc(sizeof(struct hlist_head *), 243 buckets = flex_array_alloc(sizeof(struct hlist_head),
244 n_buckets, GFP_KERNEL); 244 n_buckets, GFP_KERNEL);
245 if (!buckets) 245 if (!buckets)
246 return NULL; 246 return NULL;
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
index 4b66c752eae5..75c8bbf598c8 100644
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -3259,9 +3259,11 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
3259 3259
3260 if (po->tp_version == TPACKET_V3) { 3260 if (po->tp_version == TPACKET_V3) {
3261 lv = sizeof(struct tpacket_stats_v3); 3261 lv = sizeof(struct tpacket_stats_v3);
3262 st.stats3.tp_packets += st.stats3.tp_drops;
3262 data = &st.stats3; 3263 data = &st.stats3;
3263 } else { 3264 } else {
3264 lv = sizeof(struct tpacket_stats); 3265 lv = sizeof(struct tpacket_stats);
3266 st.stats1.tp_packets += st.stats1.tp_drops;
3265 data = &st.stats1; 3267 data = &st.stats1;
3266 } 3268 }
3267 3269
diff --git a/net/sched/sch_api.c b/net/sched/sch_api.c
index 281c1bded1f6..51b968d3febb 100644
--- a/net/sched/sch_api.c
+++ b/net/sched/sch_api.c
@@ -285,6 +285,45 @@ static struct Qdisc_ops *qdisc_lookup_ops(struct nlattr *kind)
285 return q; 285 return q;
286} 286}
287 287
288/* The linklayer setting were not transferred from iproute2, in older
289 * versions, and the rate tables lookup systems have been dropped in
290 * the kernel. To keep backward compatible with older iproute2 tc
291 * utils, we detect the linklayer setting by detecting if the rate
292 * table were modified.
293 *
294 * For linklayer ATM table entries, the rate table will be aligned to
295 * 48 bytes, thus some table entries will contain the same value. The
296 * mpu (min packet unit) is also encoded into the old rate table, thus
297 * starting from the mpu, we find low and high table entries for
298 * mapping this cell. If these entries contain the same value, when
299 * the rate tables have been modified for linklayer ATM.
300 *
301 * This is done by rounding mpu to the nearest 48 bytes cell/entry,
302 * and then roundup to the next cell, calc the table entry one below,
303 * and compare.
304 */
305static __u8 __detect_linklayer(struct tc_ratespec *r, __u32 *rtab)
306{
307 int low = roundup(r->mpu, 48);
308 int high = roundup(low+1, 48);
309 int cell_low = low >> r->cell_log;
310 int cell_high = (high >> r->cell_log) - 1;
311
312 /* rtab is too inaccurate at rates > 100Mbit/s */
313 if ((r->rate > (100000000/8)) || (rtab[0] == 0)) {
314 pr_debug("TC linklayer: Giving up ATM detection\n");
315 return TC_LINKLAYER_ETHERNET;
316 }
317
318 if ((cell_high > cell_low) && (cell_high < 256)
319 && (rtab[cell_low] == rtab[cell_high])) {
320 pr_debug("TC linklayer: Detected ATM, low(%d)=high(%d)=%u\n",
321 cell_low, cell_high, rtab[cell_high]);
322 return TC_LINKLAYER_ATM;
323 }
324 return TC_LINKLAYER_ETHERNET;
325}
326
288static struct qdisc_rate_table *qdisc_rtab_list; 327static struct qdisc_rate_table *qdisc_rtab_list;
289 328
290struct qdisc_rate_table *qdisc_get_rtab(struct tc_ratespec *r, struct nlattr *tab) 329struct qdisc_rate_table *qdisc_get_rtab(struct tc_ratespec *r, struct nlattr *tab)
@@ -308,6 +347,8 @@ struct qdisc_rate_table *qdisc_get_rtab(struct tc_ratespec *r, struct nlattr *ta
308 rtab->rate = *r; 347 rtab->rate = *r;
309 rtab->refcnt = 1; 348 rtab->refcnt = 1;
310 memcpy(rtab->data, nla_data(tab), 1024); 349 memcpy(rtab->data, nla_data(tab), 1024);
350 if (r->linklayer == TC_LINKLAYER_UNAWARE)
351 r->linklayer = __detect_linklayer(r, rtab->data);
311 rtab->next = qdisc_rtab_list; 352 rtab->next = qdisc_rtab_list;
312 qdisc_rtab_list = rtab; 353 qdisc_rtab_list = rtab;
313 } 354 }
diff --git a/net/sched/sch_atm.c b/net/sched/sch_atm.c
index ca8e0a57d945..1f9c31411f19 100644
--- a/net/sched/sch_atm.c
+++ b/net/sched/sch_atm.c
@@ -605,6 +605,7 @@ static int atm_tc_dump_class(struct Qdisc *sch, unsigned long cl,
605 struct sockaddr_atmpvc pvc; 605 struct sockaddr_atmpvc pvc;
606 int state; 606 int state;
607 607
608 memset(&pvc, 0, sizeof(pvc));
608 pvc.sap_family = AF_ATMPVC; 609 pvc.sap_family = AF_ATMPVC;
609 pvc.sap_addr.itf = flow->vcc->dev ? flow->vcc->dev->number : -1; 610 pvc.sap_addr.itf = flow->vcc->dev ? flow->vcc->dev->number : -1;
610 pvc.sap_addr.vpi = flow->vcc->vpi; 611 pvc.sap_addr.vpi = flow->vcc->vpi;
diff --git a/net/sched/sch_cbq.c b/net/sched/sch_cbq.c
index 71a568862557..7a42c81a19eb 100644
--- a/net/sched/sch_cbq.c
+++ b/net/sched/sch_cbq.c
@@ -1465,6 +1465,7 @@ static int cbq_dump_wrr(struct sk_buff *skb, struct cbq_class *cl)
1465 unsigned char *b = skb_tail_pointer(skb); 1465 unsigned char *b = skb_tail_pointer(skb);
1466 struct tc_cbq_wrropt opt; 1466 struct tc_cbq_wrropt opt;
1467 1467
1468 memset(&opt, 0, sizeof(opt));
1468 opt.flags = 0; 1469 opt.flags = 0;
1469 opt.allot = cl->allot; 1470 opt.allot = cl->allot;
1470 opt.priority = cl->priority + 1; 1471 opt.priority = cl->priority + 1;
diff --git a/net/sched/sch_generic.c b/net/sched/sch_generic.c
index 4626cef4b76e..48be3d5c0d92 100644
--- a/net/sched/sch_generic.c
+++ b/net/sched/sch_generic.c
@@ -25,6 +25,7 @@
25#include <linux/rcupdate.h> 25#include <linux/rcupdate.h>
26#include <linux/list.h> 26#include <linux/list.h>
27#include <linux/slab.h> 27#include <linux/slab.h>
28#include <linux/if_vlan.h>
28#include <net/sch_generic.h> 29#include <net/sch_generic.h>
29#include <net/pkt_sched.h> 30#include <net/pkt_sched.h>
30#include <net/dst.h> 31#include <net/dst.h>
@@ -207,15 +208,19 @@ void __qdisc_run(struct Qdisc *q)
207 208
208unsigned long dev_trans_start(struct net_device *dev) 209unsigned long dev_trans_start(struct net_device *dev)
209{ 210{
210 unsigned long val, res = dev->trans_start; 211 unsigned long val, res;
211 unsigned int i; 212 unsigned int i;
212 213
214 if (is_vlan_dev(dev))
215 dev = vlan_dev_real_dev(dev);
216 res = dev->trans_start;
213 for (i = 0; i < dev->num_tx_queues; i++) { 217 for (i = 0; i < dev->num_tx_queues; i++) {
214 val = netdev_get_tx_queue(dev, i)->trans_start; 218 val = netdev_get_tx_queue(dev, i)->trans_start;
215 if (val && time_after(val, res)) 219 if (val && time_after(val, res))
216 res = val; 220 res = val;
217 } 221 }
218 dev->trans_start = res; 222 dev->trans_start = res;
223
219 return res; 224 return res;
220} 225}
221EXPORT_SYMBOL(dev_trans_start); 226EXPORT_SYMBOL(dev_trans_start);
@@ -904,6 +909,7 @@ void psched_ratecfg_precompute(struct psched_ratecfg *r,
904 memset(r, 0, sizeof(*r)); 909 memset(r, 0, sizeof(*r));
905 r->overhead = conf->overhead; 910 r->overhead = conf->overhead;
906 r->rate_bytes_ps = conf->rate; 911 r->rate_bytes_ps = conf->rate;
912 r->linklayer = (conf->linklayer & TC_LINKLAYER_MASK);
907 r->mult = 1; 913 r->mult = 1;
908 /* 914 /*
909 * The deal here is to replace a divide by a reciprocal one 915 * The deal here is to replace a divide by a reciprocal one
diff --git a/net/sched/sch_htb.c b/net/sched/sch_htb.c
index c2124ea29f45..c2178b15ca6e 100644
--- a/net/sched/sch_htb.c
+++ b/net/sched/sch_htb.c
@@ -100,7 +100,7 @@ struct htb_class {
100 struct psched_ratecfg ceil; 100 struct psched_ratecfg ceil;
101 s64 buffer, cbuffer;/* token bucket depth/rate */ 101 s64 buffer, cbuffer;/* token bucket depth/rate */
102 s64 mbuffer; /* max wait time */ 102 s64 mbuffer; /* max wait time */
103 int prio; /* these two are used only by leaves... */ 103 u32 prio; /* these two are used only by leaves... */
104 int quantum; /* but stored for parent-to-leaf return */ 104 int quantum; /* but stored for parent-to-leaf return */
105 105
106 struct tcf_proto *filter_list; /* class attached filters */ 106 struct tcf_proto *filter_list; /* class attached filters */
@@ -1329,6 +1329,7 @@ static int htb_change_class(struct Qdisc *sch, u32 classid,
1329 struct htb_sched *q = qdisc_priv(sch); 1329 struct htb_sched *q = qdisc_priv(sch);
1330 struct htb_class *cl = (struct htb_class *)*arg, *parent; 1330 struct htb_class *cl = (struct htb_class *)*arg, *parent;
1331 struct nlattr *opt = tca[TCA_OPTIONS]; 1331 struct nlattr *opt = tca[TCA_OPTIONS];
1332 struct qdisc_rate_table *rtab = NULL, *ctab = NULL;
1332 struct nlattr *tb[TCA_HTB_MAX + 1]; 1333 struct nlattr *tb[TCA_HTB_MAX + 1];
1333 struct tc_htb_opt *hopt; 1334 struct tc_htb_opt *hopt;
1334 1335
@@ -1350,6 +1351,18 @@ static int htb_change_class(struct Qdisc *sch, u32 classid,
1350 if (!hopt->rate.rate || !hopt->ceil.rate) 1351 if (!hopt->rate.rate || !hopt->ceil.rate)
1351 goto failure; 1352 goto failure;
1352 1353
1354 /* Keeping backward compatible with rate_table based iproute2 tc */
1355 if (hopt->rate.linklayer == TC_LINKLAYER_UNAWARE) {
1356 rtab = qdisc_get_rtab(&hopt->rate, tb[TCA_HTB_RTAB]);
1357 if (rtab)
1358 qdisc_put_rtab(rtab);
1359 }
1360 if (hopt->ceil.linklayer == TC_LINKLAYER_UNAWARE) {
1361 ctab = qdisc_get_rtab(&hopt->ceil, tb[TCA_HTB_CTAB]);
1362 if (ctab)
1363 qdisc_put_rtab(ctab);
1364 }
1365
1353 if (!cl) { /* new class */ 1366 if (!cl) { /* new class */
1354 struct Qdisc *new_q; 1367 struct Qdisc *new_q;
1355 int prio; 1368 int prio;
diff --git a/net/sctp/associola.c b/net/sctp/associola.c
index bce5b79662a6..ab67efc64b24 100644
--- a/net/sctp/associola.c
+++ b/net/sctp/associola.c
@@ -846,12 +846,12 @@ void sctp_assoc_control_transport(struct sctp_association *asoc,
846 else 846 else
847 spc_state = SCTP_ADDR_AVAILABLE; 847 spc_state = SCTP_ADDR_AVAILABLE;
848 /* Don't inform ULP about transition from PF to 848 /* Don't inform ULP about transition from PF to
849 * active state and set cwnd to 1, see SCTP 849 * active state and set cwnd to 1 MTU, see SCTP
850 * Quick failover draft section 5.1, point 5 850 * Quick failover draft section 5.1, point 5
851 */ 851 */
852 if (transport->state == SCTP_PF) { 852 if (transport->state == SCTP_PF) {
853 ulp_notify = false; 853 ulp_notify = false;
854 transport->cwnd = 1; 854 transport->cwnd = asoc->pathmtu;
855 } 855 }
856 transport->state = SCTP_ACTIVE; 856 transport->state = SCTP_ACTIVE;
857 break; 857 break;
diff --git a/net/sctp/transport.c b/net/sctp/transport.c
index bdbbc3fd7c14..8fdd16046d66 100644
--- a/net/sctp/transport.c
+++ b/net/sctp/transport.c
@@ -181,12 +181,12 @@ static void sctp_transport_destroy(struct sctp_transport *transport)
181 return; 181 return;
182 } 182 }
183 183
184 call_rcu(&transport->rcu, sctp_transport_destroy_rcu);
185
186 sctp_packet_free(&transport->packet); 184 sctp_packet_free(&transport->packet);
187 185
188 if (transport->asoc) 186 if (transport->asoc)
189 sctp_association_put(transport->asoc); 187 sctp_association_put(transport->asoc);
188
189 call_rcu(&transport->rcu, sctp_transport_destroy_rcu);
190} 190}
191 191
192/* Start T3_rtx timer if it is not already running and update the heartbeat 192/* Start T3_rtx timer if it is not already running and update the heartbeat
diff --git a/net/socket.c b/net/socket.c
index 829b460acb87..b2d7c629eeb9 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -106,7 +106,7 @@
106#include <linux/atalk.h> 106#include <linux/atalk.h>
107#include <net/busy_poll.h> 107#include <net/busy_poll.h>
108 108
109#ifdef CONFIG_NET_LL_RX_POLL 109#ifdef CONFIG_NET_RX_BUSY_POLL
110unsigned int sysctl_net_busy_read __read_mostly; 110unsigned int sysctl_net_busy_read __read_mostly;
111unsigned int sysctl_net_busy_poll __read_mostly; 111unsigned int sysctl_net_busy_poll __read_mostly;
112#endif 112#endif
diff --git a/net/sunrpc/auth_gss/gss_rpc_upcall.c b/net/sunrpc/auth_gss/gss_rpc_upcall.c
index d304f41260f2..af7ffd447fee 100644
--- a/net/sunrpc/auth_gss/gss_rpc_upcall.c
+++ b/net/sunrpc/auth_gss/gss_rpc_upcall.c
@@ -120,7 +120,7 @@ static int gssp_rpc_create(struct net *net, struct rpc_clnt **_clnt)
120 if (IS_ERR(clnt)) { 120 if (IS_ERR(clnt)) {
121 dprintk("RPC: failed to create AF_LOCAL gssproxy " 121 dprintk("RPC: failed to create AF_LOCAL gssproxy "
122 "client (errno %ld).\n", PTR_ERR(clnt)); 122 "client (errno %ld).\n", PTR_ERR(clnt));
123 result = -PTR_ERR(clnt); 123 result = PTR_ERR(clnt);
124 *_clnt = NULL; 124 *_clnt = NULL;
125 goto out; 125 goto out;
126 } 126 }
@@ -328,7 +328,6 @@ void gssp_free_upcall_data(struct gssp_upcall_data *data)
328 kfree(data->in_handle.data); 328 kfree(data->in_handle.data);
329 kfree(data->out_handle.data); 329 kfree(data->out_handle.data);
330 kfree(data->out_token.data); 330 kfree(data->out_token.data);
331 kfree(data->mech_oid.data);
332 free_svc_cred(&data->creds); 331 free_svc_cred(&data->creds);
333} 332}
334 333
diff --git a/net/sunrpc/auth_gss/gss_rpc_xdr.c b/net/sunrpc/auth_gss/gss_rpc_xdr.c
index 357f613df7ff..3c85d1c8a028 100644
--- a/net/sunrpc/auth_gss/gss_rpc_xdr.c
+++ b/net/sunrpc/auth_gss/gss_rpc_xdr.c
@@ -430,7 +430,7 @@ static int dummy_enc_nameattr_array(struct xdr_stream *xdr,
430static int dummy_dec_nameattr_array(struct xdr_stream *xdr, 430static int dummy_dec_nameattr_array(struct xdr_stream *xdr,
431 struct gssx_name_attr_array *naa) 431 struct gssx_name_attr_array *naa)
432{ 432{
433 struct gssx_name_attr dummy; 433 struct gssx_name_attr dummy = { .attr = {.len = 0} };
434 u32 count, i; 434 u32 count, i;
435 __be32 *p; 435 __be32 *p;
436 436
@@ -493,12 +493,13 @@ static int gssx_enc_name(struct xdr_stream *xdr,
493 return err; 493 return err;
494} 494}
495 495
496
496static int gssx_dec_name(struct xdr_stream *xdr, 497static int gssx_dec_name(struct xdr_stream *xdr,
497 struct gssx_name *name) 498 struct gssx_name *name)
498{ 499{
499 struct xdr_netobj dummy_netobj; 500 struct xdr_netobj dummy_netobj = { .len = 0 };
500 struct gssx_name_attr_array dummy_name_attr_array; 501 struct gssx_name_attr_array dummy_name_attr_array = { .count = 0 };
501 struct gssx_option_array dummy_option_array; 502 struct gssx_option_array dummy_option_array = { .count = 0 };
502 int err; 503 int err;
503 504
504 /* name->display_name */ 505 /* name->display_name */
diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c
index d0347d148b34..09fb638bcaa4 100644
--- a/net/sunrpc/auth_gss/svcauth_gss.c
+++ b/net/sunrpc/auth_gss/svcauth_gss.c
@@ -1180,6 +1180,7 @@ static int gss_proxy_save_rsc(struct cache_detail *cd,
1180 gm = gss_mech_get_by_OID(&ud->mech_oid); 1180 gm = gss_mech_get_by_OID(&ud->mech_oid);
1181 if (!gm) 1181 if (!gm)
1182 goto out; 1182 goto out;
1183 rsci.cred.cr_gss_mech = gm;
1183 1184
1184 status = -EINVAL; 1185 status = -EINVAL;
1185 /* mech-specific data: */ 1186 /* mech-specific data: */
@@ -1195,7 +1196,6 @@ static int gss_proxy_save_rsc(struct cache_detail *cd,
1195 rscp = rsc_update(cd, &rsci, rscp); 1196 rscp = rsc_update(cd, &rsci, rscp);
1196 status = 0; 1197 status = 0;
1197out: 1198out:
1198 gss_mech_put(gm);
1199 rsc_free(&rsci); 1199 rsc_free(&rsci);
1200 if (rscp) 1200 if (rscp)
1201 cache_put(&rscp->h, cd); 1201 cache_put(&rscp->h, cd);
diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c
index 74f6a704e374..ecbc4e3d83ad 100644
--- a/net/sunrpc/clnt.c
+++ b/net/sunrpc/clnt.c
@@ -1660,6 +1660,10 @@ call_connect(struct rpc_task *task)
1660 task->tk_action = call_connect_status; 1660 task->tk_action = call_connect_status;
1661 if (task->tk_status < 0) 1661 if (task->tk_status < 0)
1662 return; 1662 return;
1663 if (task->tk_flags & RPC_TASK_NOCONNECT) {
1664 rpc_exit(task, -ENOTCONN);
1665 return;
1666 }
1663 xprt_connect(task); 1667 xprt_connect(task);
1664 } 1668 }
1665} 1669}
diff --git a/net/sunrpc/netns.h b/net/sunrpc/netns.h
index 74d948f5d5a1..779742cfc1ff 100644
--- a/net/sunrpc/netns.h
+++ b/net/sunrpc/netns.h
@@ -23,6 +23,7 @@ struct sunrpc_net {
23 struct rpc_clnt *rpcb_local_clnt4; 23 struct rpc_clnt *rpcb_local_clnt4;
24 spinlock_t rpcb_clnt_lock; 24 spinlock_t rpcb_clnt_lock;
25 unsigned int rpcb_users; 25 unsigned int rpcb_users;
26 unsigned int rpcb_is_af_local : 1;
26 27
27 struct mutex gssp_lock; 28 struct mutex gssp_lock;
28 wait_queue_head_t gssp_wq; 29 wait_queue_head_t gssp_wq;
diff --git a/net/sunrpc/rpcb_clnt.c b/net/sunrpc/rpcb_clnt.c
index 3df764dc330c..1891a1022c17 100644
--- a/net/sunrpc/rpcb_clnt.c
+++ b/net/sunrpc/rpcb_clnt.c
@@ -204,13 +204,15 @@ void rpcb_put_local(struct net *net)
204} 204}
205 205
206static void rpcb_set_local(struct net *net, struct rpc_clnt *clnt, 206static void rpcb_set_local(struct net *net, struct rpc_clnt *clnt,
207 struct rpc_clnt *clnt4) 207 struct rpc_clnt *clnt4,
208 bool is_af_local)
208{ 209{
209 struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); 210 struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
210 211
211 /* Protected by rpcb_create_local_mutex */ 212 /* Protected by rpcb_create_local_mutex */
212 sn->rpcb_local_clnt = clnt; 213 sn->rpcb_local_clnt = clnt;
213 sn->rpcb_local_clnt4 = clnt4; 214 sn->rpcb_local_clnt4 = clnt4;
215 sn->rpcb_is_af_local = is_af_local ? 1 : 0;
214 smp_wmb(); 216 smp_wmb();
215 sn->rpcb_users = 1; 217 sn->rpcb_users = 1;
216 dprintk("RPC: created new rpcb local clients (rpcb_local_clnt: " 218 dprintk("RPC: created new rpcb local clients (rpcb_local_clnt: "
@@ -238,6 +240,14 @@ static int rpcb_create_local_unix(struct net *net)
238 .program = &rpcb_program, 240 .program = &rpcb_program,
239 .version = RPCBVERS_2, 241 .version = RPCBVERS_2,
240 .authflavor = RPC_AUTH_NULL, 242 .authflavor = RPC_AUTH_NULL,
243 /*
244 * We turn off the idle timeout to prevent the kernel
245 * from automatically disconnecting the socket.
246 * Otherwise, we'd have to cache the mount namespace
247 * of the caller and somehow pass that to the socket
248 * reconnect code.
249 */
250 .flags = RPC_CLNT_CREATE_NO_IDLE_TIMEOUT,
241 }; 251 };
242 struct rpc_clnt *clnt, *clnt4; 252 struct rpc_clnt *clnt, *clnt4;
243 int result = 0; 253 int result = 0;
@@ -263,7 +273,7 @@ static int rpcb_create_local_unix(struct net *net)
263 clnt4 = NULL; 273 clnt4 = NULL;
264 } 274 }
265 275
266 rpcb_set_local(net, clnt, clnt4); 276 rpcb_set_local(net, clnt, clnt4, true);
267 277
268out: 278out:
269 return result; 279 return result;
@@ -315,7 +325,7 @@ static int rpcb_create_local_net(struct net *net)
315 clnt4 = NULL; 325 clnt4 = NULL;
316 } 326 }
317 327
318 rpcb_set_local(net, clnt, clnt4); 328 rpcb_set_local(net, clnt, clnt4, false);
319 329
320out: 330out:
321 return result; 331 return result;
@@ -376,13 +386,16 @@ static struct rpc_clnt *rpcb_create(struct net *net, const char *hostname,
376 return rpc_create(&args); 386 return rpc_create(&args);
377} 387}
378 388
379static int rpcb_register_call(struct rpc_clnt *clnt, struct rpc_message *msg) 389static int rpcb_register_call(struct sunrpc_net *sn, struct rpc_clnt *clnt, struct rpc_message *msg, bool is_set)
380{ 390{
381 int result, error = 0; 391 int flags = RPC_TASK_NOCONNECT;
392 int error, result = 0;
382 393
394 if (is_set || !sn->rpcb_is_af_local)
395 flags = RPC_TASK_SOFTCONN;
383 msg->rpc_resp = &result; 396 msg->rpc_resp = &result;
384 397
385 error = rpc_call_sync(clnt, msg, RPC_TASK_SOFTCONN); 398 error = rpc_call_sync(clnt, msg, flags);
386 if (error < 0) { 399 if (error < 0) {
387 dprintk("RPC: failed to contact local rpcbind " 400 dprintk("RPC: failed to contact local rpcbind "
388 "server (errno %d).\n", -error); 401 "server (errno %d).\n", -error);
@@ -439,16 +452,19 @@ int rpcb_register(struct net *net, u32 prog, u32 vers, int prot, unsigned short
439 .rpc_argp = &map, 452 .rpc_argp = &map,
440 }; 453 };
441 struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); 454 struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
455 bool is_set = false;
442 456
443 dprintk("RPC: %sregistering (%u, %u, %d, %u) with local " 457 dprintk("RPC: %sregistering (%u, %u, %d, %u) with local "
444 "rpcbind\n", (port ? "" : "un"), 458 "rpcbind\n", (port ? "" : "un"),
445 prog, vers, prot, port); 459 prog, vers, prot, port);
446 460
447 msg.rpc_proc = &rpcb_procedures2[RPCBPROC_UNSET]; 461 msg.rpc_proc = &rpcb_procedures2[RPCBPROC_UNSET];
448 if (port) 462 if (port != 0) {
449 msg.rpc_proc = &rpcb_procedures2[RPCBPROC_SET]; 463 msg.rpc_proc = &rpcb_procedures2[RPCBPROC_SET];
464 is_set = true;
465 }
450 466
451 return rpcb_register_call(sn->rpcb_local_clnt, &msg); 467 return rpcb_register_call(sn, sn->rpcb_local_clnt, &msg, is_set);
452} 468}
453 469
454/* 470/*
@@ -461,6 +477,7 @@ static int rpcb_register_inet4(struct sunrpc_net *sn,
461 const struct sockaddr_in *sin = (const struct sockaddr_in *)sap; 477 const struct sockaddr_in *sin = (const struct sockaddr_in *)sap;
462 struct rpcbind_args *map = msg->rpc_argp; 478 struct rpcbind_args *map = msg->rpc_argp;
463 unsigned short port = ntohs(sin->sin_port); 479 unsigned short port = ntohs(sin->sin_port);
480 bool is_set = false;
464 int result; 481 int result;
465 482
466 map->r_addr = rpc_sockaddr2uaddr(sap, GFP_KERNEL); 483 map->r_addr = rpc_sockaddr2uaddr(sap, GFP_KERNEL);
@@ -471,10 +488,12 @@ static int rpcb_register_inet4(struct sunrpc_net *sn,
471 map->r_addr, map->r_netid); 488 map->r_addr, map->r_netid);
472 489
473 msg->rpc_proc = &rpcb_procedures4[RPCBPROC_UNSET]; 490 msg->rpc_proc = &rpcb_procedures4[RPCBPROC_UNSET];
474 if (port) 491 if (port != 0) {
475 msg->rpc_proc = &rpcb_procedures4[RPCBPROC_SET]; 492 msg->rpc_proc = &rpcb_procedures4[RPCBPROC_SET];
493 is_set = true;
494 }
476 495
477 result = rpcb_register_call(sn->rpcb_local_clnt4, msg); 496 result = rpcb_register_call(sn, sn->rpcb_local_clnt4, msg, is_set);
478 kfree(map->r_addr); 497 kfree(map->r_addr);
479 return result; 498 return result;
480} 499}
@@ -489,6 +508,7 @@ static int rpcb_register_inet6(struct sunrpc_net *sn,
489 const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)sap; 508 const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)sap;
490 struct rpcbind_args *map = msg->rpc_argp; 509 struct rpcbind_args *map = msg->rpc_argp;
491 unsigned short port = ntohs(sin6->sin6_port); 510 unsigned short port = ntohs(sin6->sin6_port);
511 bool is_set = false;
492 int result; 512 int result;
493 513
494 map->r_addr = rpc_sockaddr2uaddr(sap, GFP_KERNEL); 514 map->r_addr = rpc_sockaddr2uaddr(sap, GFP_KERNEL);
@@ -499,10 +519,12 @@ static int rpcb_register_inet6(struct sunrpc_net *sn,
499 map->r_addr, map->r_netid); 519 map->r_addr, map->r_netid);
500 520
501 msg->rpc_proc = &rpcb_procedures4[RPCBPROC_UNSET]; 521 msg->rpc_proc = &rpcb_procedures4[RPCBPROC_UNSET];
502 if (port) 522 if (port != 0) {
503 msg->rpc_proc = &rpcb_procedures4[RPCBPROC_SET]; 523 msg->rpc_proc = &rpcb_procedures4[RPCBPROC_SET];
524 is_set = true;
525 }
504 526
505 result = rpcb_register_call(sn->rpcb_local_clnt4, msg); 527 result = rpcb_register_call(sn, sn->rpcb_local_clnt4, msg, is_set);
506 kfree(map->r_addr); 528 kfree(map->r_addr);
507 return result; 529 return result;
508} 530}
@@ -519,7 +541,7 @@ static int rpcb_unregister_all_protofamilies(struct sunrpc_net *sn,
519 map->r_addr = ""; 541 map->r_addr = "";
520 msg->rpc_proc = &rpcb_procedures4[RPCBPROC_UNSET]; 542 msg->rpc_proc = &rpcb_procedures4[RPCBPROC_UNSET];
521 543
522 return rpcb_register_call(sn->rpcb_local_clnt4, msg); 544 return rpcb_register_call(sn, sn->rpcb_local_clnt4, msg, false);
523} 545}
524 546
525/** 547/**
diff --git a/net/sunrpc/svcsock.c b/net/sunrpc/svcsock.c
index 305374d4fb98..7762b9f8a8b7 100644
--- a/net/sunrpc/svcsock.c
+++ b/net/sunrpc/svcsock.c
@@ -1193,7 +1193,9 @@ static int svc_tcp_has_wspace(struct svc_xprt *xprt)
1193 if (test_bit(XPT_LISTENER, &xprt->xpt_flags)) 1193 if (test_bit(XPT_LISTENER, &xprt->xpt_flags))
1194 return 1; 1194 return 1;
1195 required = atomic_read(&xprt->xpt_reserved) + serv->sv_max_mesg; 1195 required = atomic_read(&xprt->xpt_reserved) + serv->sv_max_mesg;
1196 if (sk_stream_wspace(svsk->sk_sk) >= required) 1196 if (sk_stream_wspace(svsk->sk_sk) >= required ||
1197 (sk_stream_min_wspace(svsk->sk_sk) == 0 &&
1198 atomic_read(&xprt->xpt_reserved) == 0))
1197 return 1; 1199 return 1;
1198 set_bit(SOCK_NOSPACE, &svsk->sk_sock->flags); 1200 set_bit(SOCK_NOSPACE, &svsk->sk_sock->flags);
1199 return 0; 1201 return 0;
diff --git a/net/tipc/bearer.c b/net/tipc/bearer.c
index cb29ef7ba2f0..609c30c80816 100644
--- a/net/tipc/bearer.c
+++ b/net/tipc/bearer.c
@@ -460,6 +460,7 @@ static void bearer_disable(struct tipc_bearer *b_ptr)
460{ 460{
461 struct tipc_link *l_ptr; 461 struct tipc_link *l_ptr;
462 struct tipc_link *temp_l_ptr; 462 struct tipc_link *temp_l_ptr;
463 struct tipc_link_req *temp_req;
463 464
464 pr_info("Disabling bearer <%s>\n", b_ptr->name); 465 pr_info("Disabling bearer <%s>\n", b_ptr->name);
465 spin_lock_bh(&b_ptr->lock); 466 spin_lock_bh(&b_ptr->lock);
@@ -468,9 +469,13 @@ static void bearer_disable(struct tipc_bearer *b_ptr)
468 list_for_each_entry_safe(l_ptr, temp_l_ptr, &b_ptr->links, link_list) { 469 list_for_each_entry_safe(l_ptr, temp_l_ptr, &b_ptr->links, link_list) {
469 tipc_link_delete(l_ptr); 470 tipc_link_delete(l_ptr);
470 } 471 }
471 if (b_ptr->link_req) 472 temp_req = b_ptr->link_req;
472 tipc_disc_delete(b_ptr->link_req); 473 b_ptr->link_req = NULL;
473 spin_unlock_bh(&b_ptr->lock); 474 spin_unlock_bh(&b_ptr->lock);
475
476 if (temp_req)
477 tipc_disc_delete(temp_req);
478
474 memset(b_ptr, 0, sizeof(struct tipc_bearer)); 479 memset(b_ptr, 0, sizeof(struct tipc_bearer));
475} 480}
476 481
diff --git a/net/tipc/server.c b/net/tipc/server.c
index 19da5abe0fa6..fd3fa57a410e 100644
--- a/net/tipc/server.c
+++ b/net/tipc/server.c
@@ -355,8 +355,12 @@ static int tipc_open_listening_sock(struct tipc_server *s)
355 return PTR_ERR(con); 355 return PTR_ERR(con);
356 356
357 sock = tipc_create_listen_sock(con); 357 sock = tipc_create_listen_sock(con);
358 if (!sock) 358 if (!sock) {
359 idr_remove(&s->conn_idr, con->conid);
360 s->idr_in_use--;
361 kfree(con);
359 return -EINVAL; 362 return -EINVAL;
363 }
360 364
361 tipc_register_callbacks(sock, con); 365 tipc_register_callbacks(sock, con);
362 return 0; 366 return 0;
@@ -563,9 +567,14 @@ int tipc_server_start(struct tipc_server *s)
563 kmem_cache_destroy(s->rcvbuf_cache); 567 kmem_cache_destroy(s->rcvbuf_cache);
564 return ret; 568 return ret;
565 } 569 }
570 ret = tipc_open_listening_sock(s);
571 if (ret < 0) {
572 tipc_work_stop(s);
573 kmem_cache_destroy(s->rcvbuf_cache);
574 return ret;
575 }
566 s->enabled = 1; 576 s->enabled = 1;
567 577 return ret;
568 return tipc_open_listening_sock(s);
569} 578}
570 579
571void tipc_server_stop(struct tipc_server *s) 580void tipc_server_stop(struct tipc_server *s)
diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c
index 593071dabd1c..4d9334683f84 100644
--- a/net/vmw_vsock/af_vsock.c
+++ b/net/vmw_vsock/af_vsock.c
@@ -347,7 +347,7 @@ void vsock_for_each_connected_socket(void (*fn)(struct sock *sk))
347 for (i = 0; i < ARRAY_SIZE(vsock_connected_table); i++) { 347 for (i = 0; i < ARRAY_SIZE(vsock_connected_table); i++) {
348 struct vsock_sock *vsk; 348 struct vsock_sock *vsk;
349 list_for_each_entry(vsk, &vsock_connected_table[i], 349 list_for_each_entry(vsk, &vsock_connected_table[i],
350 connected_table); 350 connected_table)
351 fn(sk_vsock(vsk)); 351 fn(sk_vsock(vsk));
352 } 352 }
353 353
diff --git a/net/wireless/core.c b/net/wireless/core.c
index 4f9f216665e9..a8c29fa4f1b3 100644
--- a/net/wireless/core.c
+++ b/net/wireless/core.c
@@ -765,6 +765,7 @@ void cfg80211_leave(struct cfg80211_registered_device *rdev,
765 cfg80211_leave_mesh(rdev, dev); 765 cfg80211_leave_mesh(rdev, dev);
766 break; 766 break;
767 case NL80211_IFTYPE_AP: 767 case NL80211_IFTYPE_AP:
768 case NL80211_IFTYPE_P2P_GO:
768 cfg80211_stop_ap(rdev, dev); 769 cfg80211_stop_ap(rdev, dev);
769 break; 770 break;
770 default: 771 default:
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 1cc47aca7f05..5f6e982cdcf4 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -441,10 +441,12 @@ static int nl80211_prepare_wdev_dump(struct sk_buff *skb,
441 goto out_unlock; 441 goto out_unlock;
442 } 442 }
443 *rdev = wiphy_to_dev((*wdev)->wiphy); 443 *rdev = wiphy_to_dev((*wdev)->wiphy);
444 cb->args[0] = (*rdev)->wiphy_idx; 444 /* 0 is the first index - add 1 to parse only once */
445 cb->args[0] = (*rdev)->wiphy_idx + 1;
445 cb->args[1] = (*wdev)->identifier; 446 cb->args[1] = (*wdev)->identifier;
446 } else { 447 } else {
447 struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0]); 448 /* subtract the 1 again here */
449 struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
448 struct wireless_dev *tmp; 450 struct wireless_dev *tmp;
449 451
450 if (!wiphy) { 452 if (!wiphy) {
@@ -2620,8 +2622,8 @@ static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
2620 2622
2621 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 2623 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
2622 NL80211_CMD_NEW_KEY); 2624 NL80211_CMD_NEW_KEY);
2623 if (IS_ERR(hdr)) 2625 if (!hdr)
2624 return PTR_ERR(hdr); 2626 return -ENOBUFS;
2625 2627
2626 cookie.msg = msg; 2628 cookie.msg = msg;
2627 cookie.idx = key_idx; 2629 cookie.idx = key_idx;
@@ -4770,9 +4772,9 @@ do { \
4770 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, 0, 1, 4772 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, 0, 1,
4771 mask, NL80211_MESHCONF_FORWARDING, 4773 mask, NL80211_MESHCONF_FORWARDING,
4772 nla_get_u8); 4774 nla_get_u8);
4773 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, 1, 255, 4775 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, -255, 0,
4774 mask, NL80211_MESHCONF_RSSI_THRESHOLD, 4776 mask, NL80211_MESHCONF_RSSI_THRESHOLD,
4775 nla_get_u32); 4777 nla_get_s32);
4776 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, ht_opmode, 0, 16, 4778 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, ht_opmode, 0, 16,
4777 mask, NL80211_MESHCONF_HT_OPMODE, 4779 mask, NL80211_MESHCONF_HT_OPMODE,
4778 nla_get_u16); 4780 nla_get_u16);
@@ -6505,6 +6507,9 @@ static int nl80211_testmode_dump(struct sk_buff *skb,
6505 NL80211_CMD_TESTMODE); 6507 NL80211_CMD_TESTMODE);
6506 struct nlattr *tmdata; 6508 struct nlattr *tmdata;
6507 6509
6510 if (!hdr)
6511 break;
6512
6508 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) { 6513 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) {
6509 genlmsg_cancel(skb, hdr); 6514 genlmsg_cancel(skb, hdr);
6510 break; 6515 break;
@@ -6613,12 +6618,14 @@ EXPORT_SYMBOL(cfg80211_testmode_alloc_event_skb);
6613 6618
6614void cfg80211_testmode_event(struct sk_buff *skb, gfp_t gfp) 6619void cfg80211_testmode_event(struct sk_buff *skb, gfp_t gfp)
6615{ 6620{
6621 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
6616 void *hdr = ((void **)skb->cb)[1]; 6622 void *hdr = ((void **)skb->cb)[1];
6617 struct nlattr *data = ((void **)skb->cb)[2]; 6623 struct nlattr *data = ((void **)skb->cb)[2];
6618 6624
6619 nla_nest_end(skb, data); 6625 nla_nest_end(skb, data);
6620 genlmsg_end(skb, hdr); 6626 genlmsg_end(skb, hdr);
6621 genlmsg_multicast(skb, 0, nl80211_testmode_mcgrp.id, gfp); 6627 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), skb, 0,
6628 nl80211_testmode_mcgrp.id, gfp);
6622} 6629}
6623EXPORT_SYMBOL(cfg80211_testmode_event); 6630EXPORT_SYMBOL(cfg80211_testmode_event);
6624#endif 6631#endif
@@ -6947,9 +6954,8 @@ static int nl80211_remain_on_channel(struct sk_buff *skb,
6947 6954
6948 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 6955 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
6949 NL80211_CMD_REMAIN_ON_CHANNEL); 6956 NL80211_CMD_REMAIN_ON_CHANNEL);
6950 6957 if (!hdr) {
6951 if (IS_ERR(hdr)) { 6958 err = -ENOBUFS;
6952 err = PTR_ERR(hdr);
6953 goto free_msg; 6959 goto free_msg;
6954 } 6960 }
6955 6961
@@ -7247,9 +7253,8 @@ static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
7247 7253
7248 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 7254 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
7249 NL80211_CMD_FRAME); 7255 NL80211_CMD_FRAME);
7250 7256 if (!hdr) {
7251 if (IS_ERR(hdr)) { 7257 err = -ENOBUFS;
7252 err = PTR_ERR(hdr);
7253 goto free_msg; 7258 goto free_msg;
7254 } 7259 }
7255 } 7260 }
@@ -8128,9 +8133,8 @@ static int nl80211_probe_client(struct sk_buff *skb,
8128 8133
8129 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 8134 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
8130 NL80211_CMD_PROBE_CLIENT); 8135 NL80211_CMD_PROBE_CLIENT);
8131 8136 if (!hdr) {
8132 if (IS_ERR(hdr)) { 8137 err = -ENOBUFS;
8133 err = PTR_ERR(hdr);
8134 goto free_msg; 8138 goto free_msg;
8135 } 8139 }
8136 8140
@@ -10064,7 +10068,8 @@ void cfg80211_mgmt_tx_status(struct wireless_dev *wdev, u64 cookie,
10064 10068
10065 genlmsg_end(msg, hdr); 10069 genlmsg_end(msg, hdr);
10066 10070
10067 genlmsg_multicast(msg, 0, nl80211_mlme_mcgrp.id, gfp); 10071 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
10072 nl80211_mlme_mcgrp.id, gfp);
10068 return; 10073 return;
10069 10074
10070 nla_put_failure: 10075 nla_put_failure:
diff --git a/net/wireless/reg.c b/net/wireless/reg.c
index 5a24c986f34b..de06d5d1287f 100644
--- a/net/wireless/reg.c
+++ b/net/wireless/reg.c
@@ -2247,10 +2247,13 @@ int reg_device_uevent(struct device *dev, struct kobj_uevent_env *env)
2247 2247
2248void wiphy_regulatory_register(struct wiphy *wiphy) 2248void wiphy_regulatory_register(struct wiphy *wiphy)
2249{ 2249{
2250 struct regulatory_request *lr;
2251
2250 if (!reg_dev_ignore_cell_hint(wiphy)) 2252 if (!reg_dev_ignore_cell_hint(wiphy))
2251 reg_num_devs_support_basehint++; 2253 reg_num_devs_support_basehint++;
2252 2254
2253 wiphy_update_regulatory(wiphy, NL80211_REGDOM_SET_BY_CORE); 2255 lr = get_last_request();
2256 wiphy_update_regulatory(wiphy, lr->initiator);
2254} 2257}
2255 2258
2256void wiphy_regulatory_deregister(struct wiphy *wiphy) 2259void wiphy_regulatory_deregister(struct wiphy *wiphy)
@@ -2279,7 +2282,9 @@ void wiphy_regulatory_deregister(struct wiphy *wiphy)
2279static void reg_timeout_work(struct work_struct *work) 2282static void reg_timeout_work(struct work_struct *work)
2280{ 2283{
2281 REG_DBG_PRINT("Timeout while waiting for CRDA to reply, restoring regulatory settings\n"); 2284 REG_DBG_PRINT("Timeout while waiting for CRDA to reply, restoring regulatory settings\n");
2285 rtnl_lock();
2282 restore_regulatory_settings(true); 2286 restore_regulatory_settings(true);
2287 rtnl_unlock();
2283} 2288}
2284 2289
2285int __init regulatory_init(void) 2290int __init regulatory_init(void)
diff --git a/net/wireless/sme.c b/net/wireless/sme.c
index 1d3cfb1a3f28..20e86a95dc4e 100644
--- a/net/wireless/sme.c
+++ b/net/wireless/sme.c
@@ -34,8 +34,10 @@ struct cfg80211_conn {
34 CFG80211_CONN_SCAN_AGAIN, 34 CFG80211_CONN_SCAN_AGAIN,
35 CFG80211_CONN_AUTHENTICATE_NEXT, 35 CFG80211_CONN_AUTHENTICATE_NEXT,
36 CFG80211_CONN_AUTHENTICATING, 36 CFG80211_CONN_AUTHENTICATING,
37 CFG80211_CONN_AUTH_FAILED,
37 CFG80211_CONN_ASSOCIATE_NEXT, 38 CFG80211_CONN_ASSOCIATE_NEXT,
38 CFG80211_CONN_ASSOCIATING, 39 CFG80211_CONN_ASSOCIATING,
40 CFG80211_CONN_ASSOC_FAILED,
39 CFG80211_CONN_DEAUTH, 41 CFG80211_CONN_DEAUTH,
40 CFG80211_CONN_CONNECTED, 42 CFG80211_CONN_CONNECTED,
41 } state; 43 } state;
@@ -164,6 +166,8 @@ static int cfg80211_conn_do_work(struct wireless_dev *wdev)
164 NULL, 0, 166 NULL, 0,
165 params->key, params->key_len, 167 params->key, params->key_len,
166 params->key_idx, NULL, 0); 168 params->key_idx, NULL, 0);
169 case CFG80211_CONN_AUTH_FAILED:
170 return -ENOTCONN;
167 case CFG80211_CONN_ASSOCIATE_NEXT: 171 case CFG80211_CONN_ASSOCIATE_NEXT:
168 BUG_ON(!rdev->ops->assoc); 172 BUG_ON(!rdev->ops->assoc);
169 wdev->conn->state = CFG80211_CONN_ASSOCIATING; 173 wdev->conn->state = CFG80211_CONN_ASSOCIATING;
@@ -188,10 +192,17 @@ static int cfg80211_conn_do_work(struct wireless_dev *wdev)
188 WLAN_REASON_DEAUTH_LEAVING, 192 WLAN_REASON_DEAUTH_LEAVING,
189 false); 193 false);
190 return err; 194 return err;
195 case CFG80211_CONN_ASSOC_FAILED:
196 cfg80211_mlme_deauth(rdev, wdev->netdev, params->bssid,
197 NULL, 0,
198 WLAN_REASON_DEAUTH_LEAVING, false);
199 return -ENOTCONN;
191 case CFG80211_CONN_DEAUTH: 200 case CFG80211_CONN_DEAUTH:
192 cfg80211_mlme_deauth(rdev, wdev->netdev, params->bssid, 201 cfg80211_mlme_deauth(rdev, wdev->netdev, params->bssid,
193 NULL, 0, 202 NULL, 0,
194 WLAN_REASON_DEAUTH_LEAVING, false); 203 WLAN_REASON_DEAUTH_LEAVING, false);
204 /* free directly, disconnected event already sent */
205 cfg80211_sme_free(wdev);
195 return 0; 206 return 0;
196 default: 207 default:
197 return 0; 208 return 0;
@@ -371,7 +382,7 @@ bool cfg80211_sme_rx_assoc_resp(struct wireless_dev *wdev, u16 status)
371 return true; 382 return true;
372 } 383 }
373 384
374 wdev->conn->state = CFG80211_CONN_DEAUTH; 385 wdev->conn->state = CFG80211_CONN_ASSOC_FAILED;
375 schedule_work(&rdev->conn_work); 386 schedule_work(&rdev->conn_work);
376 return false; 387 return false;
377} 388}
@@ -383,7 +394,13 @@ void cfg80211_sme_deauth(struct wireless_dev *wdev)
383 394
384void cfg80211_sme_auth_timeout(struct wireless_dev *wdev) 395void cfg80211_sme_auth_timeout(struct wireless_dev *wdev)
385{ 396{
386 cfg80211_sme_free(wdev); 397 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
398
399 if (!wdev->conn)
400 return;
401
402 wdev->conn->state = CFG80211_CONN_AUTH_FAILED;
403 schedule_work(&rdev->conn_work);
387} 404}
388 405
389void cfg80211_sme_disassoc(struct wireless_dev *wdev) 406void cfg80211_sme_disassoc(struct wireless_dev *wdev)
@@ -399,7 +416,13 @@ void cfg80211_sme_disassoc(struct wireless_dev *wdev)
399 416
400void cfg80211_sme_assoc_timeout(struct wireless_dev *wdev) 417void cfg80211_sme_assoc_timeout(struct wireless_dev *wdev)
401{ 418{
402 cfg80211_sme_disassoc(wdev); 419 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
420
421 if (!wdev->conn)
422 return;
423
424 wdev->conn->state = CFG80211_CONN_ASSOC_FAILED;
425 schedule_work(&rdev->conn_work);
403} 426}
404 427
405static int cfg80211_sme_connect(struct wireless_dev *wdev, 428static int cfg80211_sme_connect(struct wireless_dev *wdev,
@@ -953,21 +976,19 @@ int cfg80211_disconnect(struct cfg80211_registered_device *rdev,
953 struct net_device *dev, u16 reason, bool wextev) 976 struct net_device *dev, u16 reason, bool wextev)
954{ 977{
955 struct wireless_dev *wdev = dev->ieee80211_ptr; 978 struct wireless_dev *wdev = dev->ieee80211_ptr;
956 int err; 979 int err = 0;
957 980
958 ASSERT_WDEV_LOCK(wdev); 981 ASSERT_WDEV_LOCK(wdev);
959 982
960 kfree(wdev->connect_keys); 983 kfree(wdev->connect_keys);
961 wdev->connect_keys = NULL; 984 wdev->connect_keys = NULL;
962 985
963 if (wdev->conn) { 986 if (wdev->conn)
964 err = cfg80211_sme_disconnect(wdev, reason); 987 err = cfg80211_sme_disconnect(wdev, reason);
965 } else if (!rdev->ops->disconnect) { 988 else if (!rdev->ops->disconnect)
966 cfg80211_mlme_down(rdev, dev); 989 cfg80211_mlme_down(rdev, dev);
967 err = 0; 990 else if (wdev->current_bss)
968 } else {
969 err = rdev_disconnect(rdev, dev, reason); 991 err = rdev_disconnect(rdev, dev, reason);
970 }
971 992
972 return err; 993 return err;
973} 994}
generated by cgit v1.2.2 (git 2.25.0) at 2025-01-08 12:22:20 -0500