Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: tproxy: fixe a possible read from an invalid location in the socket match zd1211rw: use unaligned safe memcmp() in-place of compare_ether_addr() mac80211: use unaligned safe memcmp() in-place of compare_ether_addr() ipw2200: fix netif_*_queue() removal regression iwlwifi: clean key table in iwl_clear_stations_table function tcp: tcp_vegas ssthresh bug fix can: omit received RTR frames for single ID filter lists ATM: CVE-2008-5079: duplicate listen() on socket corrupts the vcc table netx-eth: initialize per device spinlock tcp: make urg+gso work for real this time enc28j60: Fix sporadic packet loss (corrected again) hysdn: fix writing outside the field on 64 bits b1isa: fix b1isa_exit() to really remove registered capi controllers can: Fix CAN_(EFF|RTR)_FLAG handling in can_filter Phonet: do not dump addresses from other namespaces netlabel: Fix a potential NULL pointer dereference bnx2: Add workaround to handle missed MSI. xfrm: Fix kernel panic when flush and dump SPD entries
author: Linus Torvalds <torvalds@linux-foundation.org> 2008-12-08 22:52:43 -0500
committer: Linus Torvalds <torvalds@linux-foundation.org> 2008-12-08 22:52:43 -0500
commit: f7a8db89c1f42e504bb12d2ae399cd96f755a7db (patch)
tree: 0b98001ee746784e95a0809a8499483ace2450d5 /net
parent: 6f84b4dbe92e3ffb00f4d8cbe9a31b5be5ecd8ca (diff)
parent: c49b9f295e513753e6d9bb4444ba502f1aa59b29 (diff)
10 files changed, 85 insertions, 38 deletions
diff --git a/net/atm/svc.c b/net/atm/svc.c
index de1e4f2f3a43..8fb54dc870b3 100644
--- a/net/atm/svc.c
+++ b/net/atm/svc.c
@@ -293,7 +293,10 @@ static int svc_listen(struct socket *sock,int backlog)
                error = -EINVAL;
                goto out;
        }
-        vcc_insert_socket(sk);
+        if (test_bit(ATM_VF_LISTEN, &vcc->flags)) {
+                error = -EADDRINUSE;
+                goto out;
+        }
        set_bit(ATM_VF_WAITING, &vcc->flags);
        prepare_to_wait(sk->sk_sleep, &wait, TASK_UNINTERRUPTIBLE);
        sigd_enq(vcc,as_listen,NULL,NULL,&vcc->local);
@@ -307,6 +310,7 @@ static int svc_listen(struct socket *sock,int backlog)
                goto out;
        }
        set_bit(ATM_VF_LISTEN,&vcc->flags);
+        vcc_insert_socket(sk);
        sk->sk_max_ack_backlog = backlog > 0 ? backlog : ATM_BACKLOG_DEFAULT;
        error = -sk->sk_err;
 out:
diff --git a/net/can/af_can.c b/net/can/af_can.c
index 7d4d2b3c137e..3dadb338addd 100644
--- a/net/can/af_can.c
+++ b/net/can/af_can.c
@@ -319,23 +319,52 @@ static struct dev_rcv_lists *find_dev_rcv_lists(struct net_device *dev)
        return n ? d : NULL;
 }
+/**
+ * find_rcv_list - determine optimal filterlist inside device filter struct
+ * @can_id: pointer to CAN identifier of a given can_filter
+ * @mask: pointer to CAN mask of a given can_filter
+ * @d: pointer to the device filter struct
+ *
+ * Description:
+ *  Returns the optimal filterlist to reduce the filter handling in the
+ *  receive path. This function is called by service functions that need
+ *  to register or unregister a can_filter in the filter lists.
+ *
+ *  A filter matches in general, when
+ *
+ *          <received_can_id> & mask == can_id & mask
+ *
+ *  so every bit set in the mask (even CAN_EFF_FLAG, CAN_RTR_FLAG) describe
+ *  relevant bits for the filter.
+ *
+ *  The filter can be inverted (CAN_INV_FILTER bit set in can_id) or it can
+ *  filter for error frames (CAN_ERR_FLAG bit set in mask). For error frames
+ *  there is a special filterlist and a special rx path filter handling.
+ *
+ * Return:
+ *  Pointer to optimal filterlist for the given can_id/mask pair.
+ *  Constistency checked mask.
+ *  Reduced can_id to have a preprocessed filter compare value.
+ */
 static struct hlist_head *find_rcv_list(canid_t *can_id, canid_t *mask,
                                        struct dev_rcv_lists *d)
 {
        canid_t inv = *can_id & CAN_INV_FILTER; /* save flag before masking */
-        /* filter error frames */
+        /* filter for error frames in extra filterlist */
        if (*mask & CAN_ERR_FLAG) {
-                /* clear CAN_ERR_FLAG in list entry */
+                /* clear CAN_ERR_FLAG in filter entry */
                *mask &= CAN_ERR_MASK;
                return &d->rx[RX_ERR];
        }
-        /* ensure valid values in can_mask */
+        /* with cleared CAN_ERR_FLAG we have a simple mask/value filterpair */
-        if (*mask & CAN_EFF_FLAG)
-                *mask &= (CAN_EFF_MASK | CAN_EFF_FLAG | CAN_RTR_FLAG);
+#define CAN_EFF_RTR_FLAGS (CAN_EFF_FLAG | CAN_RTR_FLAG)
-        else
-                *mask &= (CAN_SFF_MASK | CAN_RTR_FLAG);
+        /* ensure valid values in can_mask for 'SFF only' frame filtering */
+        if ((*mask & CAN_EFF_FLAG) && !(*can_id & CAN_EFF_FLAG))
+                *mask &= (CAN_SFF_MASK | CAN_EFF_RTR_FLAGS);
        /* reduce condition testing at receive time */
        *can_id &= *mask;
@@ -348,15 +377,19 @@ static struct hlist_head *find_rcv_list(canid_t *can_id, canid_t *mask,
        if (!(*mask))
                return &d->rx[RX_ALL];
-        /* use extra filterset for the subscription of exactly *ONE* can_id */
+        /* extra filterlists for the subscription of a single non-RTR can_id */
-        if (*can_id & CAN_EFF_FLAG) {
+        if (((*mask & CAN_EFF_RTR_FLAGS) == CAN_EFF_RTR_FLAGS)
-                if (*mask == (CAN_EFF_MASK | CAN_EFF_FLAG)) {
+            && !(*can_id & CAN_RTR_FLAG)) {
-                        /* RFC: a use-case for hash-tables in the future? */
-                        return &d->rx[RX_EFF];
+                if (*can_id & CAN_EFF_FLAG) {
+                        if (*mask == (CAN_EFF_MASK | CAN_EFF_RTR_FLAGS)) {
+                                /* RFC: a future use-case for hash-tables? */
+                                return &d->rx[RX_EFF];
+                        }
+                } else {
+                        if (*mask == (CAN_SFF_MASK | CAN_EFF_RTR_FLAGS))
+                                return &d->rx_sff[*can_id];
                }
-        } else {
-                if (*mask == CAN_SFF_MASK)
-                        return &d->rx_sff[*can_id];
        }
        /* default: filter via can_id/can_mask */
@@ -589,7 +622,10 @@ static int can_rcv_filter(struct dev_rcv_lists *d, struct sk_buff *skb)
                }
        }
-        /* check CAN_ID specific entries */
+        /* check filterlists for single non-RTR can_ids */
+        if (can_id & CAN_RTR_FLAG)
+                return matches;
        if (can_id & CAN_EFF_FLAG) {
                hlist_for_each_entry_rcu(r, n, &d->rx[RX_EFF], list) {
                        if (r->can_id == can_id) {
diff --git a/net/can/bcm.c b/net/can/bcm.c
index d0dd382001e2..da0d426c0ce4 100644
--- a/net/can/bcm.c
+++ b/net/can/bcm.c
@@ -64,10 +64,11 @@
 #define BCM_CAN_DLC_MASK 0x0F /* clean private flags in can_dlc by masking */
 /* get best masking value for can_rx_register() for a given single can_id */
-#define REGMASK(id) ((id & CAN_RTR_FLAG) | ((id & CAN_EFF_FLAG) ? \
+#define REGMASK(id) ((id & CAN_EFF_FLAG) ? \
-                        (CAN_EFF_MASK | CAN_EFF_FLAG) : CAN_SFF_MASK))
+                     (CAN_EFF_MASK | CAN_EFF_FLAG | CAN_RTR_FLAG) : \
+                     (CAN_SFF_MASK | CAN_EFF_FLAG | CAN_RTR_FLAG))
-#define CAN_BCM_VERSION "20080415"
+#define CAN_BCM_VERSION CAN_VERSION
 static __initdata const char banner[] = KERN_INFO
        "can: broadcast manager protocol (rev " CAN_BCM_VERSION ")\n";
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index 85b07eba1879..fe3b4bdfd251 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -722,8 +722,7 @@ static void tcp_queue_skb(struct sock *sk, struct sk_buff *skb)
 static void tcp_set_skb_tso_segs(struct sock *sk, struct sk_buff *skb,
                                 unsigned int mss_now)
 {
-        if (skb->len <= mss_now || !sk_can_gso(sk) ||
+        if (skb->len <= mss_now || !sk_can_gso(sk)) {
-            tcp_urg_mode(tcp_sk(sk))) {
                /* Avoid the costly divide in the normal
                 * non-TSO case.
                 */
@@ -1029,10 +1028,6 @@ unsigned int tcp_sync_mss(struct sock *sk, u32 pmtu)
 /* Compute the current effective MSS, taking SACKs and IP options,
 * and even PMTU discovery events into account.
- *
- * LARGESEND note: !tcp_urg_mode is overkill, only frames up to snd_up
- * cannot be large. However, taking into account rare use of URG, this
- * is not a big flaw.
 */
 unsigned int tcp_current_mss(struct sock *sk, int large_allowed)
 {
@@ -1047,7 +1042,7 @@ unsigned int tcp_current_mss(struct sock *sk, int large_allowed)
        mss_now = tp->mss_cache;
-        if (large_allowed && sk_can_gso(sk) && !tcp_urg_mode(tp))
+        if (large_allowed && sk_can_gso(sk))
                doing_tso = 1;
        if (dst) {
@@ -1164,9 +1159,7 @@ static int tcp_init_tso_segs(struct sock *sk, struct sk_buff *skb,
 {
        int tso_segs = tcp_skb_pcount(skb);
-        if (!tso_segs ||
+        if (!tso_segs || (tso_segs > 1 && tcp_skb_mss(skb) != mss_now)) {
-            (tso_segs > 1 && (tcp_skb_mss(skb) != mss_now ||
-                              tcp_urg_mode(tcp_sk(sk))))) {
                tcp_set_skb_tso_segs(sk, skb, mss_now);
                tso_segs = tcp_skb_pcount(skb);
        }
@@ -1519,6 +1512,10 @@ static int tcp_mtu_probe(struct sock *sk)
 * send_head.  This happens as incoming acks open up the remote
 * window for us.
 *
+ * LARGESEND note: !tcp_urg_mode is overkill, only frames between
+ * snd_up-64k-mss .. snd_up cannot be large. However, taking into
+ * account rare use of URG, this is not a big flaw.
+ *
 * Returns 1, if no segments are in flight and we have queued segments, but
 * cannot send anything now because of SWS or another problem.
 */
@@ -1570,7 +1567,7 @@ static int tcp_write_xmit(struct sock *sk, unsigned int mss_now, int nonagle)
                }
                limit = mss_now;
-                if (tso_segs > 1)
+                if (tso_segs > 1 && !tcp_urg_mode(tp))
                        limit = tcp_mss_split_point(sk, skb, mss_now,
                                                    cwnd_quota);
@@ -1619,6 +1616,7 @@ void __tcp_push_pending_frames(struct sock *sk, unsigned int cur_mss,
 */
 void tcp_push_one(struct sock *sk, unsigned int mss_now)
 {
+        struct tcp_sock *tp = tcp_sk(sk);
        struct sk_buff *skb = tcp_send_head(sk);
        unsigned int tso_segs, cwnd_quota;
@@ -1633,7 +1631,7 @@ void tcp_push_one(struct sock *sk, unsigned int mss_now)
                BUG_ON(!tso_segs);
                limit = mss_now;
-                if (tso_segs > 1)
+                if (tso_segs > 1 && !tcp_urg_mode(tp))
                        limit = tcp_mss_split_point(sk, skb, mss_now,
                                                    cwnd_quota);
diff --git a/net/ipv4/tcp_vegas.c b/net/ipv4/tcp_vegas.c
index 14504dada116..7cd22262de3a 100644
--- a/net/ipv4/tcp_vegas.c
+++ b/net/ipv4/tcp_vegas.c
@@ -326,6 +326,8 @@ static void tcp_vegas_cong_avoid(struct sock *sk, u32 ack, u32 in_flight)
                                tp->snd_cwnd = 2;
                        else if (tp->snd_cwnd > tp->snd_cwnd_clamp)
                                tp->snd_cwnd = tp->snd_cwnd_clamp;
+                        tp->snd_ssthresh = tcp_current_ssthresh(sk);
                }
                /* Wipe the slate clean for the next RTT. */
diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c
index 7fef8ea1f5ec..d254446b85b5 100644
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -99,7 +99,7 @@ struct sta_info *sta_info_get(struct ieee80211_local *local, const u8 *addr)
        sta = rcu_dereference(local->sta_hash[STA_HASH(addr)]);
        while (sta) {
-                if (compare_ether_addr(sta->sta.addr, addr) == 0)
+                if (memcmp(sta->sta.addr, addr, ETH_ALEN) == 0)
                        break;
                sta = rcu_dereference(sta->hnext);
        }
diff --git a/net/netfilter/xt_socket.c b/net/netfilter/xt_socket.c
index 02a8fed21082..1acc089be7e9 100644
--- a/net/netfilter/xt_socket.c
+++ b/net/netfilter/xt_socket.c
@@ -141,7 +141,7 @@ socket_mt(const struct sk_buff *skb, const struct xt_match_param *par)
        sk = nf_tproxy_get_sock_v4(dev_net(skb->dev), protocol,
                                   saddr, daddr, sport, dport, par->in, false);
        if (sk != NULL) {
-                bool wildcard = (inet_sk(sk)->rcv_saddr == 0);
+                bool wildcard = (sk->sk_state != TCP_TIME_WAIT && inet_sk(sk)->rcv_saddr == 0);
                nf_tproxy_put_sock(sk);
                if (wildcard)
diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c
index e8a5c32b0f10..90c8506a0aac 100644
--- a/net/netlabel/netlabel_unlabeled.c
+++ b/net/netlabel/netlabel_unlabeled.c
@@ -574,9 +574,10 @@ static int netlbl_unlhsh_remove_addr4(struct net *net,
        list_entry = netlbl_af4list_remove(addr->s_addr, mask->s_addr,
                                           &iface->addr4_list);
        spin_unlock(&netlbl_unlhsh_lock);
-        if (list_entry == NULL)
+        if (list_entry != NULL)
+                entry = netlbl_unlhsh_addr4_entry(list_entry);
+        else
                ret_val = -ENOENT;
-        entry = netlbl_unlhsh_addr4_entry(list_entry);
        audit_buf = netlbl_audit_start_common(AUDIT_MAC_UNLBL_STCDEL,
                                              audit_info);
@@ -634,9 +635,10 @@ static int netlbl_unlhsh_remove_addr6(struct net *net,
        spin_lock(&netlbl_unlhsh_lock);
        list_entry = netlbl_af6list_remove(addr, mask, &iface->addr6_list);
        spin_unlock(&netlbl_unlhsh_lock);
-        if (list_entry == NULL)
+        if (list_entry != NULL)
+                entry = netlbl_unlhsh_addr6_entry(list_entry);
+        else
                ret_val = -ENOENT;
-        entry = netlbl_unlhsh_addr6_entry(list_entry);
        audit_buf = netlbl_audit_start_common(AUDIT_MAC_UNLBL_STCDEL,
                                              audit_info);
diff --git a/net/phonet/pn_netlink.c b/net/phonet/pn_netlink.c
index b1770d66bc8d..242fe8f8c322 100644
--- a/net/phonet/pn_netlink.c
+++ b/net/phonet/pn_netlink.c
@@ -123,6 +123,7 @@ nla_put_failure:
 static int getaddr_dumpit(struct sk_buff *skb, struct netlink_callback *cb)
 {
+        struct net *net = sock_net(skb->sk);
        struct phonet_device *pnd;
        int dev_idx = 0, dev_start_idx = cb->args[0];
        int addr_idx = 0, addr_start_idx = cb->args[1];
@@ -131,6 +132,8 @@ static int getaddr_dumpit(struct sk_buff *skb, struct netlink_callback *cb)
        list_for_each_entry(pnd, &pndevs.list, list) {
                u8 addr;
+                if (!net_eq(dev_net(pnd->netdev), net))
+                        continue;
                if (dev_idx > dev_start_idx)
                        addr_start_idx = 0;
                if (dev_idx++ < dev_start_idx)
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 058f04f54b90..fb216c9adf86 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -817,6 +817,7 @@ int xfrm_policy_flush(u8 type, struct xfrm_audit *audit_info)
                                continue;
                        hlist_del(&pol->bydst);
                        hlist_del(&pol->byidx);
+                        list_del(&pol->walk.all);
                        write_unlock_bh(&xfrm_policy_lock);
                        xfrm_audit_policy_delete(pol, 1, audit_info->loginuid,
author	Linus Torvalds <torvalds@linux-foundation.org>	2008-12-08 22:52:43 -0500
committer	Linus Torvalds <torvalds@linux-foundation.org>	2008-12-08 22:52:43 -0500
commit	f7a8db89c1f42e504bb12d2ae399cd96f755a7db (patch)
tree	0b98001ee746784e95a0809a8499483ace2450d5 /net
parent	6f84b4dbe92e3ffb00f4d8cbe9a31b5be5ecd8ca (diff)
parent	c49b9f295e513753e6d9bb4444ba502f1aa59b29 (diff)

diff --git a/net/atm/svc.c b/net/atm/svc.c index de1e4f2f3a43..8fb54dc870b3 100644 --- a/net/atm/svc.c +++ b/net/atm/svc.c
@@ -293,7 +293,10 @@ static int svc_listen(struct socket *sock,int backlog)
293	error = -EINVAL;	293	error = -EINVAL;
294	goto out;	294	goto out;
295	}	295	}
296	vcc_insert_socket(sk);	296	if (test_bit(ATM_VF_LISTEN, &vcc->flags)) {
		297	error = -EADDRINUSE;
		298	goto out;
		299	}
297	set_bit(ATM_VF_WAITING, &vcc->flags);	300	set_bit(ATM_VF_WAITING, &vcc->flags);
298	prepare_to_wait(sk->sk_sleep, &wait, TASK_UNINTERRUPTIBLE);	301	prepare_to_wait(sk->sk_sleep, &wait, TASK_UNINTERRUPTIBLE);
299	sigd_enq(vcc,as_listen,NULL,NULL,&vcc->local);	302	sigd_enq(vcc,as_listen,NULL,NULL,&vcc->local);
@@ -307,6 +310,7 @@ static int svc_listen(struct socket *sock,int backlog)
307	goto out;	310	goto out;
308	}	311	}
309	set_bit(ATM_VF_LISTEN,&vcc->flags);	312	set_bit(ATM_VF_LISTEN,&vcc->flags);
		313	vcc_insert_socket(sk);
310	sk->sk_max_ack_backlog = backlog > 0 ? backlog : ATM_BACKLOG_DEFAULT;	314	sk->sk_max_ack_backlog = backlog > 0 ? backlog : ATM_BACKLOG_DEFAULT;
311	error = -sk->sk_err;	315	error = -sk->sk_err;
312	out:	316	out:


diff --git a/net/can/af_can.c b/net/can/af_can.c index 7d4d2b3c137e..3dadb338addd 100644 --- a/net/can/af_can.c +++ b/net/can/af_can.c
@@ -319,23 +319,52 @@ static struct dev_rcv_lists find_dev_rcv_lists(struct net_device dev)
319	return n ? d : NULL;	319	return n ? d : NULL;
320	}	320	}
321		321
		322	/**
		323	* find_rcv_list - determine optimal filterlist inside device filter struct
		324	* @can_id: pointer to CAN identifier of a given can_filter
		325	* @mask: pointer to CAN mask of a given can_filter
		326	* @d: pointer to the device filter struct
		327	*
		328	* Description:
		329	* Returns the optimal filterlist to reduce the filter handling in the
		330	* receive path. This function is called by service functions that need
		331	* to register or unregister a can_filter in the filter lists.
		332	*
		333	* A filter matches in general, when
		334	*
		335	* <received_can_id> & mask == can_id & mask
		336	*
		337	* so every bit set in the mask (even CAN_EFF_FLAG, CAN_RTR_FLAG) describe
		338	* relevant bits for the filter.
		339	*
		340	* The filter can be inverted (CAN_INV_FILTER bit set in can_id) or it can
		341	* filter for error frames (CAN_ERR_FLAG bit set in mask). For error frames
		342	* there is a special filterlist and a special rx path filter handling.
		343	*
		344	* Return:
		345	* Pointer to optimal filterlist for the given can_id/mask pair.
		346	* Constistency checked mask.
		347	* Reduced can_id to have a preprocessed filter compare value.
		348	*/
322	static struct hlist_head find_rcv_list(canid_t can_id, canid_t *mask,	349	static struct hlist_head find_rcv_list(canid_t can_id, canid_t *mask,
323	struct dev_rcv_lists *d)	350	struct dev_rcv_lists *d)
324	{	351	{
325	canid_t inv = can_id & CAN_INV_FILTER; / save flag before masking */	352	canid_t inv = can_id & CAN_INV_FILTER; / save flag before masking */
326		353
327	/* filter error frames */	354	/* filter for error frames in extra filterlist */
328	if (*mask & CAN_ERR_FLAG) {	355	if (*mask & CAN_ERR_FLAG) {
329	/* clear CAN_ERR_FLAG in list entry */	356	/* clear CAN_ERR_FLAG in filter entry */
330	*mask &= CAN_ERR_MASK;	357	*mask &= CAN_ERR_MASK;
331	return &d->rx[RX_ERR];	358	return &d->rx[RX_ERR];
332	}	359	}
333		360
334	/* ensure valid values in can_mask */	361	/* with cleared CAN_ERR_FLAG we have a simple mask/value filterpair */
335	if (*mask & CAN_EFF_FLAG)	362
336	*mask &= (CAN_EFF_MASK \| CAN_EFF_FLAG \| CAN_RTR_FLAG);	363	#define CAN_EFF_RTR_FLAGS (CAN_EFF_FLAG \| CAN_RTR_FLAG)
337	else	364
338	*mask &= (CAN_SFF_MASK \| CAN_RTR_FLAG);	365	/* ensure valid values in can_mask for 'SFF only' frame filtering */
		366	if ((mask & CAN_EFF_FLAG) && !(can_id & CAN_EFF_FLAG))
		367	*mask &= (CAN_SFF_MASK \| CAN_EFF_RTR_FLAGS);
339		368
340	/* reduce condition testing at receive time */	369	/* reduce condition testing at receive time */
341	can_id &= mask;	370	can_id &= mask;
@@ -348,15 +377,19 @@ static struct hlist_head find_rcv_list(canid_t can_id, canid_t *mask,
348	if (!(*mask))	377	if (!(*mask))
349	return &d->rx[RX_ALL];	378	return &d->rx[RX_ALL];
350		379
351	/* use extra filterset for the subscription of exactly ONE can_id */	380	/* extra filterlists for the subscription of a single non-RTR can_id */
352	if (*can_id & CAN_EFF_FLAG) {	381	if (((*mask & CAN_EFF_RTR_FLAGS) == CAN_EFF_RTR_FLAGS)
353	if (*mask == (CAN_EFF_MASK \| CAN_EFF_FLAG)) {	382	&& !(*can_id & CAN_RTR_FLAG)) {
354	/* RFC: a use-case for hash-tables in the future? */	383
355	return &d->rx[RX_EFF];	384	if (*can_id & CAN_EFF_FLAG) {
		385	if (*mask == (CAN_EFF_MASK \| CAN_EFF_RTR_FLAGS)) {
		386	/* RFC: a future use-case for hash-tables? */
		387	return &d->rx[RX_EFF];
		388	}
		389	} else {
		390	if (*mask == (CAN_SFF_MASK \| CAN_EFF_RTR_FLAGS))
		391	return &d->rx_sff[*can_id];
356	}	392	}
357	} else {
358	if (*mask == CAN_SFF_MASK)
359	return &d->rx_sff[*can_id];
360	}	393	}
361		394
362	/* default: filter via can_id/can_mask */	395	/* default: filter via can_id/can_mask */
@@ -589,7 +622,10 @@ static int can_rcv_filter(struct dev_rcv_lists d, struct sk_buff skb)
589	}	622	}
590	}	623	}
591		624
592	/* check CAN_ID specific entries */	625	/* check filterlists for single non-RTR can_ids */
		626	if (can_id & CAN_RTR_FLAG)
		627	return matches;
		628
593	if (can_id & CAN_EFF_FLAG) {	629	if (can_id & CAN_EFF_FLAG) {
594	hlist_for_each_entry_rcu(r, n, &d->rx[RX_EFF], list) {	630	hlist_for_each_entry_rcu(r, n, &d->rx[RX_EFF], list) {
595	if (r->can_id == can_id) {	631	if (r->can_id == can_id) {


diff --git a/net/can/bcm.c b/net/can/bcm.c index d0dd382001e2..da0d426c0ce4 100644 --- a/net/can/bcm.c +++ b/net/can/bcm.c
@@ -64,10 +64,11 @@
64	#define BCM_CAN_DLC_MASK 0x0F /* clean private flags in can_dlc by masking */	64	#define BCM_CAN_DLC_MASK 0x0F /* clean private flags in can_dlc by masking */
65		65
66	/* get best masking value for can_rx_register() for a given single can_id */	66	/* get best masking value for can_rx_register() for a given single can_id */
67	#define REGMASK(id) ((id & CAN_RTR_FLAG) \| ((id & CAN_EFF_FLAG) ? \	67	#define REGMASK(id) ((id & CAN_EFF_FLAG) ? \
68	(CAN_EFF_MASK \| CAN_EFF_FLAG) : CAN_SFF_MASK))	68	(CAN_EFF_MASK \| CAN_EFF_FLAG \| CAN_RTR_FLAG) : \
		69	(CAN_SFF_MASK \| CAN_EFF_FLAG \| CAN_RTR_FLAG))
69		70
70	#define CAN_BCM_VERSION "20080415"	71	#define CAN_BCM_VERSION CAN_VERSION
71	static __initdata const char banner[] = KERN_INFO	72	static __initdata const char banner[] = KERN_INFO
72	"can: broadcast manager protocol (rev " CAN_BCM_VERSION ")\n";	73	"can: broadcast manager protocol (rev " CAN_BCM_VERSION ")\n";
73		74


diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c index 85b07eba1879..fe3b4bdfd251 100644 --- a/net/ipv4/tcp_output.c +++ b/net/ipv4/tcp_output.c
@@ -722,8 +722,7 @@ static void tcp_queue_skb(struct sock sk, struct sk_buff skb)
722	static void tcp_set_skb_tso_segs(struct sock sk, struct sk_buff skb,	722	static void tcp_set_skb_tso_segs(struct sock sk, struct sk_buff skb,
723	unsigned int mss_now)	723	unsigned int mss_now)
724	{	724	{
725	if (skb->len <= mss_now \|\| !sk_can_gso(sk) \|\|	725	if (skb->len <= mss_now \|\| !sk_can_gso(sk)) {
726	tcp_urg_mode(tcp_sk(sk))) {
727	/* Avoid the costly divide in the normal	726	/* Avoid the costly divide in the normal
728	* non-TSO case.	727	* non-TSO case.
729	*/	728	*/
@@ -1029,10 +1028,6 @@ unsigned int tcp_sync_mss(struct sock *sk, u32 pmtu)
1029		1028
1030	/* Compute the current effective MSS, taking SACKs and IP options,	1029	/* Compute the current effective MSS, taking SACKs and IP options,
1031	* and even PMTU discovery events into account.	1030	* and even PMTU discovery events into account.
1032	*
1033	* LARGESEND note: !tcp_urg_mode is overkill, only frames up to snd_up
1034	* cannot be large. However, taking into account rare use of URG, this
1035	* is not a big flaw.
1036	*/	1031	*/
1037	unsigned int tcp_current_mss(struct sock *sk, int large_allowed)	1032	unsigned int tcp_current_mss(struct sock *sk, int large_allowed)
1038	{	1033	{
@@ -1047,7 +1042,7 @@ unsigned int tcp_current_mss(struct sock *sk, int large_allowed)
1047		1042
1048	mss_now = tp->mss_cache;	1043	mss_now = tp->mss_cache;
1049		1044
1050	if (large_allowed && sk_can_gso(sk) && !tcp_urg_mode(tp))	1045	if (large_allowed && sk_can_gso(sk))
1051	doing_tso = 1;	1046	doing_tso = 1;
1052		1047
1053	if (dst) {	1048	if (dst) {
@@ -1164,9 +1159,7 @@ static int tcp_init_tso_segs(struct sock sk, struct sk_buff skb,
1164	{	1159	{
1165	int tso_segs = tcp_skb_pcount(skb);	1160	int tso_segs = tcp_skb_pcount(skb);
1166		1161
1167	if (!tso_segs \|\|	1162	if (!tso_segs \|\| (tso_segs > 1 && tcp_skb_mss(skb) != mss_now)) {
1168	(tso_segs > 1 && (tcp_skb_mss(skb) != mss_now \|\|
1169	tcp_urg_mode(tcp_sk(sk))))) {
1170	tcp_set_skb_tso_segs(sk, skb, mss_now);	1163	tcp_set_skb_tso_segs(sk, skb, mss_now);
1171	tso_segs = tcp_skb_pcount(skb);	1164	tso_segs = tcp_skb_pcount(skb);
1172	}	1165	}
@@ -1519,6 +1512,10 @@ static int tcp_mtu_probe(struct sock *sk)
1519	* send_head. This happens as incoming acks open up the remote	1512	* send_head. This happens as incoming acks open up the remote
1520	* window for us.	1513	* window for us.
1521	*	1514	*
		1515	* LARGESEND note: !tcp_urg_mode is overkill, only frames between
		1516	* snd_up-64k-mss .. snd_up cannot be large. However, taking into
		1517	* account rare use of URG, this is not a big flaw.
		1518	*
1522	* Returns 1, if no segments are in flight and we have queued segments, but	1519	* Returns 1, if no segments are in flight and we have queued segments, but
1523	* cannot send anything now because of SWS or another problem.	1520	* cannot send anything now because of SWS or another problem.
1524	*/	1521	*/
@@ -1570,7 +1567,7 @@ static int tcp_write_xmit(struct sock *sk, unsigned int mss_now, int nonagle)
1570	}	1567	}
1571		1568
1572	limit = mss_now;	1569	limit = mss_now;
1573	if (tso_segs > 1)	1570	if (tso_segs > 1 && !tcp_urg_mode(tp))
1574	limit = tcp_mss_split_point(sk, skb, mss_now,	1571	limit = tcp_mss_split_point(sk, skb, mss_now,
1575	cwnd_quota);	1572	cwnd_quota);
1576		1573
@@ -1619,6 +1616,7 @@ void __tcp_push_pending_frames(struct sock *sk, unsigned int cur_mss,
1619	*/	1616	*/
1620	void tcp_push_one(struct sock *sk, unsigned int mss_now)	1617	void tcp_push_one(struct sock *sk, unsigned int mss_now)
1621	{	1618	{
		1619	struct tcp_sock *tp = tcp_sk(sk);
1622	struct sk_buff *skb = tcp_send_head(sk);	1620	struct sk_buff *skb = tcp_send_head(sk);
1623	unsigned int tso_segs, cwnd_quota;	1621	unsigned int tso_segs, cwnd_quota;
1624		1622
@@ -1633,7 +1631,7 @@ void tcp_push_one(struct sock *sk, unsigned int mss_now)
1633	BUG_ON(!tso_segs);	1631	BUG_ON(!tso_segs);
1634		1632
1635	limit = mss_now;	1633	limit = mss_now;
1636	if (tso_segs > 1)	1634	if (tso_segs > 1 && !tcp_urg_mode(tp))
1637	limit = tcp_mss_split_point(sk, skb, mss_now,	1635	limit = tcp_mss_split_point(sk, skb, mss_now,
1638	cwnd_quota);	1636	cwnd_quota);
1639		1637


diff --git a/net/ipv4/tcp_vegas.c b/net/ipv4/tcp_vegas.c index 14504dada116..7cd22262de3a 100644 --- a/net/ipv4/tcp_vegas.c +++ b/net/ipv4/tcp_vegas.c
@@ -326,6 +326,8 @@ static void tcp_vegas_cong_avoid(struct sock *sk, u32 ack, u32 in_flight)
326	tp->snd_cwnd = 2;	326	tp->snd_cwnd = 2;
327	else if (tp->snd_cwnd > tp->snd_cwnd_clamp)	327	else if (tp->snd_cwnd > tp->snd_cwnd_clamp)
328	tp->snd_cwnd = tp->snd_cwnd_clamp;	328	tp->snd_cwnd = tp->snd_cwnd_clamp;
		329
		330	tp->snd_ssthresh = tcp_current_ssthresh(sk);
329	}	331	}
330		332
331	/* Wipe the slate clean for the next RTT. */	333	/* Wipe the slate clean for the next RTT. */


diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c index 7fef8ea1f5ec..d254446b85b5 100644 --- a/net/mac80211/sta_info.c +++ b/net/mac80211/sta_info.c
@@ -99,7 +99,7 @@ struct sta_info sta_info_get(struct ieee80211_local local, const u8 *addr)
99		99
100	sta = rcu_dereference(local->sta_hash[STA_HASH(addr)]);	100	sta = rcu_dereference(local->sta_hash[STA_HASH(addr)]);
101	while (sta) {	101	while (sta) {
102	if (compare_ether_addr(sta->sta.addr, addr) == 0)	102	if (memcmp(sta->sta.addr, addr, ETH_ALEN) == 0)
103	break;	103	break;
104	sta = rcu_dereference(sta->hnext);	104	sta = rcu_dereference(sta->hnext);
105	}	105	}


diff --git a/net/netfilter/xt_socket.c b/net/netfilter/xt_socket.c index 02a8fed21082..1acc089be7e9 100644 --- a/net/netfilter/xt_socket.c +++ b/net/netfilter/xt_socket.c
@@ -141,7 +141,7 @@ socket_mt(const struct sk_buff skb, const struct xt_match_param par)
141	sk = nf_tproxy_get_sock_v4(dev_net(skb->dev), protocol,	141	sk = nf_tproxy_get_sock_v4(dev_net(skb->dev), protocol,
142	saddr, daddr, sport, dport, par->in, false);	142	saddr, daddr, sport, dport, par->in, false);
143	if (sk != NULL) {	143	if (sk != NULL) {
144	bool wildcard = (inet_sk(sk)->rcv_saddr == 0);	144	bool wildcard = (sk->sk_state != TCP_TIME_WAIT && inet_sk(sk)->rcv_saddr == 0);
145		145
146	nf_tproxy_put_sock(sk);	146	nf_tproxy_put_sock(sk);
147	if (wildcard)	147	if (wildcard)


diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index e8a5c32b0f10..90c8506a0aac 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c
@@ -574,9 +574,10 @@ static int netlbl_unlhsh_remove_addr4(struct net *net,
574	list_entry = netlbl_af4list_remove(addr->s_addr, mask->s_addr,	574	list_entry = netlbl_af4list_remove(addr->s_addr, mask->s_addr,
575	&iface->addr4_list);	575	&iface->addr4_list);
576	spin_unlock(&netlbl_unlhsh_lock);	576	spin_unlock(&netlbl_unlhsh_lock);
577	if (list_entry == NULL)	577	if (list_entry != NULL)
		578	entry = netlbl_unlhsh_addr4_entry(list_entry);
		579	else
578	ret_val = -ENOENT;	580	ret_val = -ENOENT;
579	entry = netlbl_unlhsh_addr4_entry(list_entry);
580		581
581	audit_buf = netlbl_audit_start_common(AUDIT_MAC_UNLBL_STCDEL,	582	audit_buf = netlbl_audit_start_common(AUDIT_MAC_UNLBL_STCDEL,
582	audit_info);	583	audit_info);
@@ -634,9 +635,10 @@ static int netlbl_unlhsh_remove_addr6(struct net *net,
634	spin_lock(&netlbl_unlhsh_lock);	635	spin_lock(&netlbl_unlhsh_lock);
635	list_entry = netlbl_af6list_remove(addr, mask, &iface->addr6_list);	636	list_entry = netlbl_af6list_remove(addr, mask, &iface->addr6_list);
636	spin_unlock(&netlbl_unlhsh_lock);	637	spin_unlock(&netlbl_unlhsh_lock);
637	if (list_entry == NULL)	638	if (list_entry != NULL)
		639	entry = netlbl_unlhsh_addr6_entry(list_entry);
		640	else
638	ret_val = -ENOENT;	641	ret_val = -ENOENT;
639	entry = netlbl_unlhsh_addr6_entry(list_entry);
640		642
641	audit_buf = netlbl_audit_start_common(AUDIT_MAC_UNLBL_STCDEL,	643	audit_buf = netlbl_audit_start_common(AUDIT_MAC_UNLBL_STCDEL,
642	audit_info);	644	audit_info);


diff --git a/net/phonet/pn_netlink.c b/net/phonet/pn_netlink.c index b1770d66bc8d..242fe8f8c322 100644 --- a/net/phonet/pn_netlink.c +++ b/net/phonet/pn_netlink.c
@@ -123,6 +123,7 @@ nla_put_failure:
123		123
124	static int getaddr_dumpit(struct sk_buff skb, struct netlink_callback cb)	124	static int getaddr_dumpit(struct sk_buff skb, struct netlink_callback cb)
125	{	125	{
		126	struct net *net = sock_net(skb->sk);
126	struct phonet_device *pnd;	127	struct phonet_device *pnd;
127	int dev_idx = 0, dev_start_idx = cb->args[0];	128	int dev_idx = 0, dev_start_idx = cb->args[0];
128	int addr_idx = 0, addr_start_idx = cb->args[1];	129	int addr_idx = 0, addr_start_idx = cb->args[1];
@@ -131,6 +132,8 @@ static int getaddr_dumpit(struct sk_buff skb, struct netlink_callback cb)
131	list_for_each_entry(pnd, &pndevs.list, list) {	132	list_for_each_entry(pnd, &pndevs.list, list) {
132	u8 addr;	133	u8 addr;
133		134
		135	if (!net_eq(dev_net(pnd->netdev), net))
		136	continue;
134	if (dev_idx > dev_start_idx)	137	if (dev_idx > dev_start_idx)
135	addr_start_idx = 0;	138	addr_start_idx = 0;
136	if (dev_idx++ < dev_start_idx)	139	if (dev_idx++ < dev_start_idx)


diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 058f04f54b90..fb216c9adf86 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c
@@ -817,6 +817,7 @@ int xfrm_policy_flush(u8 type, struct xfrm_audit *audit_info)
817	continue;	817	continue;
818	hlist_del(&pol->bydst);	818	hlist_del(&pol->bydst);
819	hlist_del(&pol->byidx);	819	hlist_del(&pol->byidx);
		820	list_del(&pol->walk.all);
820	write_unlock_bh(&xfrm_policy_lock);	821	write_unlock_bh(&xfrm_policy_lock);
821		822
822	xfrm_audit_policy_delete(pol, 1, audit_info->loginuid,	823	xfrm_audit_policy_delete(pol, 1, audit_info->loginuid,