Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (29 commits) drivers/net: Correct NULL test MAINTAINERS: networking drivers - Add git net-next tree net/sched: Fix module name in Kconfig cxgb3: fix GRO checksum check dst: call cond_resched() in dst_gc_task() netfilter: nf_conntrack: fix hash resizing with namespaces netfilter: xtables: compat out of scope fix netfilter: nf_conntrack: restrict runtime expect hashsize modifications netfilter: nf_conntrack: per netns nf_conntrack_cachep netfilter: nf_conntrack: fix memory corruption with multiple namespaces Bluetooth: Keep a copy of each HID device's report descriptor pktgen: Fix freezing problem igb: make certain to reassign legacy interrupt vectors after reset irda: add missing BKL in irnet_ppp ioctl irda: unbalanced lock_kernel in irnet_ppp ixgbe: Fix return of invalid txq ixgbe: Fix ixgbe_tx_map error path netxen: protect resource cleanup by rtnl lock netxen: fix tx timeout recovery for NX2031 chip Bluetooth: Enter active mode before establishing a SCO link. ...
author: Linus Torvalds <torvalds@linux-foundation.org> 2010-02-10 10:15:21 -0500
committer: Linus Torvalds <torvalds@linux-foundation.org> 2010-02-10 10:15:21 -0500
commit: 0ea457839d050370e0f7c75c81f9abd573e1f420 (patch)
tree: 02446fa44f2f20885fe5739c571029fed4d283b7 /net
parent: ac73fddfc523bf3c3525d16356b44527c44fae6d (diff)
parent: 44bfce5c3ec91baf8ffcd075c66711740f29a949 (diff)
25 files changed, 162 insertions, 132 deletions
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index b7c4224f4e7d..b10e3cdb08f8 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -377,6 +377,9 @@ struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, __u8
        if (acl->state == BT_CONNECTED &&
                        (sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
+                acl->power_save = 1;
+                hci_conn_enter_active_mode(acl);
                if (lmp_esco_capable(hdev))
                        hci_setup_sync(sco, acl->handle);
                else
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 28517bad796c..592da5c909c1 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -1699,6 +1699,7 @@ static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_bu
                break;
        case 0x1c:      /* SCO interval rejected */
+        case 0x1a:      /* Unsupported Remote Feature */
        case 0x1f:      /* Unspecified error */
                if (conn->out && conn->attempt < 2) {
                        conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
diff --git a/net/bluetooth/hidp/core.c b/net/bluetooth/hidp/core.c
index 6cf526d06e21..fc6ec1e72652 100644
--- a/net/bluetooth/hidp/core.c
+++ b/net/bluetooth/hidp/core.c
@@ -703,29 +703,9 @@ static void hidp_close(struct hid_device *hid)
 static int hidp_parse(struct hid_device *hid)
 {
        struct hidp_session *session = hid->driver_data;
-        struct hidp_connadd_req *req = session->req;
-        unsigned char *buf;
-        int ret;
-        buf = kmalloc(req->rd_size, GFP_KERNEL);
-        if (!buf)
-                return -ENOMEM;
-        if (copy_from_user(buf, req->rd_data, req->rd_size)) {
-                kfree(buf);
-                return -EFAULT;
-        }
-        ret = hid_parse_report(session->hid, buf, req->rd_size);
-        kfree(buf);
-        if (ret)
-                return ret;
-        session->req = NULL;
-        return 0;
+        return hid_parse_report(session->hid, session->rd_data,
+                        session->rd_size);
 }
 static int hidp_start(struct hid_device *hid)
@@ -770,12 +750,24 @@ static int hidp_setup_hid(struct hidp_session *session,
        bdaddr_t src, dst;
        int err;
+        session->rd_data = kzalloc(req->rd_size, GFP_KERNEL);
+        if (!session->rd_data)
+                return -ENOMEM;
+        if (copy_from_user(session->rd_data, req->rd_data, req->rd_size)) {
+                err = -EFAULT;
+                goto fault;
+        }
+        session->rd_size = req->rd_size;
        hid = hid_allocate_device();
-        if (IS_ERR(hid))
+        if (IS_ERR(hid)) {
-                return PTR_ERR(hid);
+                err = PTR_ERR(hid);
+                goto fault;
+        }
        session->hid = hid;
-        session->req = req;
        hid->driver_data = session;
        baswap(&src, &bt_sk(session->ctrl_sock->sk)->src);
@@ -806,6 +798,10 @@ failed:
        hid_destroy_device(hid);
        session->hid = NULL;
+fault:
+        kfree(session->rd_data);
+        session->rd_data = NULL;
        return err;
 }
@@ -900,6 +896,9 @@ unlink:
                session->hid = NULL;
        }
+        kfree(session->rd_data);
+        session->rd_data = NULL;
 purge:
        skb_queue_purge(&session->ctrl_transmit);
        skb_queue_purge(&session->intr_transmit);
diff --git a/net/bluetooth/hidp/hidp.h b/net/bluetooth/hidp/hidp.h
index faf3d74c3586..a4e215d50c10 100644
--- a/net/bluetooth/hidp/hidp.h
+++ b/net/bluetooth/hidp/hidp.h
@@ -154,7 +154,9 @@ struct hidp_session {
        struct sk_buff_head ctrl_transmit;
        struct sk_buff_head intr_transmit;
-        struct hidp_connadd_req *req;
+        /* Report descriptor */
+        __u8 *rd_data;
+        uint rd_size;
 };
 static inline void hidp_schedule(struct hidp_session *session)
diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c
index fc5ee3296e22..89f4a59eb82b 100644
--- a/net/bluetooth/rfcomm/core.c
+++ b/net/bluetooth/rfcomm/core.c
@@ -252,7 +252,6 @@ static void rfcomm_session_timeout(unsigned long arg)
        BT_DBG("session %p state %ld", s, s->state);
        set_bit(RFCOMM_TIMED_OUT, &s->flags);
-        rfcomm_session_put(s);
        rfcomm_schedule(RFCOMM_SCHED_TIMEO);
 }
@@ -1151,7 +1150,11 @@ static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
                        break;
                case BT_DISCONN:
-                        rfcomm_session_put(s);
+                        /* When socket is closed and we are not RFCOMM
+                         * initiator rfcomm_process_rx already calls
+                         * rfcomm_session_put() */
+                        if (s->sock->sk->sk_state != BT_CLOSED)
+                                rfcomm_session_put(s);
                        break;
                }
        }
@@ -1920,6 +1923,7 @@ static inline void rfcomm_process_sessions(void)
                if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) {
                        s->state = BT_DISCONN;
                        rfcomm_send_disc(s, 0);
+                        rfcomm_session_put(s);
                        continue;
                }
diff --git a/net/core/dst.c b/net/core/dst.c
index 57bc4d5b8d08..cb1b3488b739 100644
--- a/net/core/dst.c
+++ b/net/core/dst.c
@@ -17,6 +17,7 @@
 #include <linux/string.h>
 #include <linux/types.h>
 #include <net/net_namespace.h>
+#include <linux/sched.h>
 #include <net/dst.h>
@@ -79,6 +80,7 @@ loop:
        while ((dst = next) != NULL) {
                next = dst->next;
                prefetch(&next->next);
+                cond_resched();
                if (likely(atomic_read(&dst->__refcnt))) {
                        last->next = dst;
                        last = dst;
diff --git a/net/core/pktgen.c b/net/core/pktgen.c
index de0c2c726420..2e692afdc55d 100644
--- a/net/core/pktgen.c
+++ b/net/core/pktgen.c
@@ -3524,6 +3524,7 @@ static int pktgen_thread_worker(void *arg)
                        wait_event_interruptible_timeout(t->queue,
                                                         t->control != 0,
                                                         HZ/10);
+                        try_to_freeze();
                        continue;
                }
diff --git a/net/dccp/ccid.c b/net/dccp/ccid.c
index 57dfb9c8c4f2..ff16e9df1969 100644
--- a/net/dccp/ccid.c
+++ b/net/dccp/ccid.c
@@ -83,7 +83,7 @@ static struct kmem_cache *ccid_kmem_cache_create(int obj_size, char *slab_name_f
        va_list args;
        va_start(args, fmt);
-        vsnprintf(slab_name_fmt, sizeof(slab_name_fmt), fmt, args);
+        vsnprintf(slab_name_fmt, CCID_SLAB_NAME_LENGTH, fmt, args);
        va_end(args);
        slab = kmem_cache_create(slab_name_fmt, sizeof(struct ccid) + obj_size, 0,
diff --git a/net/dccp/ccid.h b/net/dccp/ccid.h
index 269958bf7fe9..6df6f8ac9636 100644
--- a/net/dccp/ccid.h
+++ b/net/dccp/ccid.h
@@ -19,7 +19,9 @@
 #include <linux/list.h>
 #include <linux/module.h>
-#define CCID_MAX 255
+/* maximum value for a CCID (RFC 4340, 19.5) */
+#define CCID_MAX                255
+#define CCID_SLAB_NAME_LENGTH   32
 struct tcp_info;
@@ -49,8 +51,8 @@ struct ccid_operations {
        const char              *ccid_name;
        struct kmem_cache       *ccid_hc_rx_slab,
                                *ccid_hc_tx_slab;
-        char                    ccid_hc_rx_slab_name[32];
+        char                    ccid_hc_rx_slab_name[CCID_SLAB_NAME_LENGTH];
-        char                    ccid_hc_tx_slab_name[32];
+        char                    ccid_hc_tx_slab_name[CCID_SLAB_NAME_LENGTH];
        __u32                   ccid_hc_rx_obj_size,
                                ccid_hc_tx_obj_size;
        /* Interface Routines */
diff --git a/net/dccp/probe.c b/net/dccp/probe.c
index bace1d8cbcfd..f5b3464f1242 100644
--- a/net/dccp/probe.c
+++ b/net/dccp/probe.c
@@ -161,8 +161,8 @@ static __init int dccpprobe_init(void)
        if (!proc_net_fops_create(&init_net, procname, S_IRUSR, &dccpprobe_fops))
                goto err0;
-        ret = try_then_request_module((register_jprobe(&dccp_send_probe) == 0),
+        try_then_request_module((ret = register_jprobe(&dccp_send_probe)) == 0,
-                                        "dccp");
+                                "dccp");
        if (ret)
                goto err1;
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
index 06632762ba5f..90203e1b9187 100644
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -925,10 +925,10 @@ static int get_info(struct net *net, void __user *user, int *len, int compat)
        if (t && !IS_ERR(t)) {
                struct arpt_getinfo info;
                const struct xt_table_info *private = t->private;
 #ifdef CONFIG_COMPAT
+                struct xt_table_info tmp;
                if (compat) {
-                        struct xt_table_info tmp;
                        ret = compat_table_info(private, &tmp);
                        xt_compat_flush_offsets(NFPROTO_ARP);
                        private = &tmp;
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index 572330a552ef..3ce53cf13d5a 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -1132,10 +1132,10 @@ static int get_info(struct net *net, void __user *user, int *len, int compat)
        if (t && !IS_ERR(t)) {
                struct ipt_getinfo info;
                const struct xt_table_info *private = t->private;
 #ifdef CONFIG_COMPAT
+                struct xt_table_info tmp;
                if (compat) {
-                        struct xt_table_info tmp;
                        ret = compat_table_info(private, &tmp);
                        xt_compat_flush_offsets(AF_INET);
                        private = &tmp;
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
index d171b123a656..d1ea38a7c490 100644
--- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
+++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
@@ -210,7 +210,7 @@ static ctl_table ip_ct_sysctl_table[] = {
        },
        {
                .procname       = "ip_conntrack_buckets",
-                .data           = &nf_conntrack_htable_size,
+                .data           = &init_net.ct.htable_size,
                .maxlen         = sizeof(unsigned int),
                .mode           = 0444,
                .proc_handler   = proc_dointvec,
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c
index 8668a3defda6..2fb7b76da94f 100644
--- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c
+++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c
@@ -32,7 +32,7 @@ static struct hlist_nulls_node *ct_get_first(struct seq_file *seq)
        struct hlist_nulls_node *n;
        for (st->bucket = 0;
-             st->bucket < nf_conntrack_htable_size;
+             st->bucket < net->ct.htable_size;
             st->bucket++) {
                n = rcu_dereference(net->ct.hash[st->bucket].first);
                if (!is_a_nulls(n))
@@ -50,7 +50,7 @@ static struct hlist_nulls_node *ct_get_next(struct seq_file *seq,
        head = rcu_dereference(head->next);
        while (is_a_nulls(head)) {
                if (likely(get_nulls_value(head) == st->bucket)) {
-                        if (++st->bucket >= nf_conntrack_htable_size)
+                        if (++st->bucket >= net->ct.htable_size)
                                return NULL;
                }
                head = rcu_dereference(net->ct.hash[st->bucket].first);
diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c
index fe1a64479dd0..26066a2327ad 100644
--- a/net/ipv4/netfilter/nf_nat_core.c
+++ b/net/ipv4/netfilter/nf_nat_core.c
@@ -35,9 +35,6 @@ static DEFINE_SPINLOCK(nf_nat_lock);
 static struct nf_conntrack_l3proto *l3proto __read_mostly;
-/* Calculated at init based on memory size */
-static unsigned int nf_nat_htable_size __read_mostly;
 #define MAX_IP_NAT_PROTO 256
 static const struct nf_nat_protocol *nf_nat_protos[MAX_IP_NAT_PROTO]
                                                __read_mostly;
@@ -72,7 +69,7 @@ EXPORT_SYMBOL_GPL(nf_nat_proto_put);
 /* We keep an extra hash for each conntrack, for fast searching. */
 static inline unsigned int
-hash_by_src(const struct nf_conntrack_tuple *tuple)
+hash_by_src(const struct net *net, const struct nf_conntrack_tuple *tuple)
 {
        unsigned int hash;
@@ -80,7 +77,7 @@ hash_by_src(const struct nf_conntrack_tuple *tuple)
        hash = jhash_3words((__force u32)tuple->src.u3.ip,
                            (__force u32)tuple->src.u.all,
                            tuple->dst.protonum, 0);
-        return ((u64)hash * nf_nat_htable_size) >> 32;
+        return ((u64)hash * net->ipv4.nat_htable_size) >> 32;
 }
 /* Is this tuple already taken? (not by us) */
@@ -147,7 +144,7 @@ find_appropriate_src(struct net *net,
                     struct nf_conntrack_tuple *result,
                     const struct nf_nat_range *range)
 {
-        unsigned int h = hash_by_src(tuple);
+        unsigned int h = hash_by_src(net, tuple);
        const struct nf_conn_nat *nat;
        const struct nf_conn *ct;
        const struct hlist_node *n;
@@ -330,7 +327,7 @@ nf_nat_setup_info(struct nf_conn *ct,
        if (have_to_hash) {
                unsigned int srchash;
-                srchash = hash_by_src(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple);
+                srchash = hash_by_src(net, &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple);
                spin_lock_bh(&nf_nat_lock);
                /* nf_conntrack_alter_reply might re-allocate exntension aera */
                nat = nfct_nat(ct);
@@ -679,8 +676,10 @@ nfnetlink_parse_nat_setup(struct nf_conn *ct,
 static int __net_init nf_nat_net_init(struct net *net)
 {
-        net->ipv4.nat_bysource = nf_ct_alloc_hashtable(&nf_nat_htable_size,
+        /* Leave them the same for the moment. */
-                                                      &net->ipv4.nat_vmalloced, 0);
+        net->ipv4.nat_htable_size = net->ct.htable_size;
+        net->ipv4.nat_bysource = nf_ct_alloc_hashtable(&net->ipv4.nat_htable_size,
+                                                       &net->ipv4.nat_vmalloced, 0);
        if (!net->ipv4.nat_bysource)
                return -ENOMEM;
        return 0;
@@ -703,7 +702,7 @@ static void __net_exit nf_nat_net_exit(struct net *net)
        nf_ct_iterate_cleanup(net, &clean_nat, NULL);
        synchronize_rcu();
        nf_ct_free_hashtable(net->ipv4.nat_bysource, net->ipv4.nat_vmalloced,
-                             nf_nat_htable_size);
+                             net->ipv4.nat_htable_size);
 }
 static struct pernet_operations nf_nat_net_ops = {
@@ -724,9 +723,6 @@ static int __init nf_nat_init(void)
                return ret;
        }
-        /* Leave them the same for the moment. */
-        nf_nat_htable_size = nf_conntrack_htable_size;
        ret = register_pernet_subsys(&nf_nat_net_ops);
        if (ret < 0)
                goto cleanup_extend;
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index 480d7f8c9802..8a7e0f52e177 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -1164,10 +1164,10 @@ static int get_info(struct net *net, void __user *user, int *len, int compat)
        if (t && !IS_ERR(t)) {
                struct ip6t_getinfo info;
                const struct xt_table_info *private = t->private;
 #ifdef CONFIG_COMPAT
+                struct xt_table_info tmp;
                if (compat) {
-                        struct xt_table_info tmp;
                        ret = compat_table_info(private, &tmp);
                        xt_compat_flush_offsets(AF_INET6);
                        private = &tmp;
diff --git a/net/irda/irnet/irnet_ppp.c b/net/irda/irnet/irnet_ppp.c
index 156020d138b5..6b3602de359a 100644
--- a/net/irda/irnet/irnet_ppp.c
+++ b/net/irda/irnet/irnet_ppp.c
@@ -698,15 +698,18 @@ dev_irnet_ioctl(
      /* Query PPP channel and unit number */
    case PPPIOCGCHAN:
+      lock_kernel();
      if(ap->ppp_open && !put_user(ppp_channel_index(&ap->chan),
                                                (int __user *)argp))
        err = 0;
+      unlock_kernel();
      break;
    case PPPIOCGUNIT:
      lock_kernel();
      if(ap->ppp_open && !put_user(ppp_unit_number(&ap->chan),
                                                (int __user *)argp))
-      err = 0;
+        err = 0;
+      unlock_kernel();
      break;
      /* All these ioctls can be passed both directly and from ppp_generic,
diff --git a/net/key/af_key.c b/net/key/af_key.c
index 76fa6fef6473..539f43bc97db 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -3794,9 +3794,9 @@ static struct pernet_operations pfkey_net_ops = {
 static void __exit ipsec_pfkey_exit(void)
 {
-        unregister_pernet_subsys(&pfkey_net_ops);
        xfrm_unregister_km(&pfkeyv2_mgr);
        sock_unregister(PF_KEY);
+        unregister_pernet_subsys(&pfkey_net_ops);
        proto_unregister(&key_proto);
 }
@@ -3807,21 +3807,22 @@ static int __init ipsec_pfkey_init(void)
        if (err != 0)
                goto out;
-        err = sock_register(&pfkey_family_ops);
+        err = register_pernet_subsys(&pfkey_net_ops);
        if (err != 0)
                goto out_unregister_key_proto;
+        err = sock_register(&pfkey_family_ops);
+        if (err != 0)
+                goto out_unregister_pernet;
        err = xfrm_register_km(&pfkeyv2_mgr);
        if (err != 0)
                goto out_sock_unregister;
-        err = register_pernet_subsys(&pfkey_net_ops);
-        if (err != 0)
-                goto out_xfrm_unregister_km;
 out:
        return err;
-out_xfrm_unregister_km:
-        xfrm_unregister_km(&pfkeyv2_mgr);
 out_sock_unregister:
        sock_unregister(PF_KEY);
+out_unregister_pernet:
+        unregister_pernet_subsys(&pfkey_net_ops);
 out_unregister_key_proto:
        proto_unregister(&key_proto);
        goto out;
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 0e98c3282d42..4d79e3c1616c 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -30,6 +30,7 @@
 #include <linux/netdevice.h>
 #include <linux/socket.h>
 #include <linux/mm.h>
+#include <linux/nsproxy.h>
 #include <linux/rculist_nulls.h>
 #include <net/netfilter/nf_conntrack.h>
@@ -63,8 +64,6 @@ EXPORT_SYMBOL_GPL(nf_conntrack_max);
 struct nf_conn nf_conntrack_untracked __read_mostly;
 EXPORT_SYMBOL_GPL(nf_conntrack_untracked);
-static struct kmem_cache *nf_conntrack_cachep __read_mostly;
 static int nf_conntrack_hash_rnd_initted;
 static unsigned int nf_conntrack_hash_rnd;
@@ -86,9 +85,10 @@ static u_int32_t __hash_conntrack(const struct nf_conntrack_tuple *tuple,
        return ((u64)h * size) >> 32;
 }
-static inline u_int32_t hash_conntrack(const struct nf_conntrack_tuple *tuple)
+static inline u_int32_t hash_conntrack(const struct net *net,
+                                       const struct nf_conntrack_tuple *tuple)
 {
-        return __hash_conntrack(tuple, nf_conntrack_htable_size,
+        return __hash_conntrack(tuple, net->ct.htable_size,
                                nf_conntrack_hash_rnd);
 }
@@ -296,7 +296,7 @@ __nf_conntrack_find(struct net *net, const struct nf_conntrack_tuple *tuple)
 {
        struct nf_conntrack_tuple_hash *h;
        struct hlist_nulls_node *n;
-        unsigned int hash = hash_conntrack(tuple);
+        unsigned int hash = hash_conntrack(net, tuple);
        /* Disable BHs the entire time since we normally need to disable them
         * at least once for the stats anyway.
@@ -366,10 +366,11 @@ static void __nf_conntrack_hash_insert(struct nf_conn *ct,
 void nf_conntrack_hash_insert(struct nf_conn *ct)
 {
+        struct net *net = nf_ct_net(ct);
        unsigned int hash, repl_hash;
-        hash = hash_conntrack(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple);
+        hash = hash_conntrack(net, &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple);
-        repl_hash = hash_conntrack(&ct->tuplehash[IP_CT_DIR_REPLY].tuple);
+        repl_hash = hash_conntrack(net, &ct->tuplehash[IP_CT_DIR_REPLY].tuple);
        __nf_conntrack_hash_insert(ct, hash, repl_hash);
 }
@@ -397,8 +398,8 @@ __nf_conntrack_confirm(struct sk_buff *skb)
        if (CTINFO2DIR(ctinfo) != IP_CT_DIR_ORIGINAL)
                return NF_ACCEPT;
-        hash = hash_conntrack(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple);
+        hash = hash_conntrack(net, &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple);
-        repl_hash = hash_conntrack(&ct->tuplehash[IP_CT_DIR_REPLY].tuple);
+        repl_hash = hash_conntrack(net, &ct->tuplehash[IP_CT_DIR_REPLY].tuple);
        /* We're not in hash table, and we refuse to set up related
           connections for unconfirmed conns.  But packet copies and
@@ -468,7 +469,7 @@ nf_conntrack_tuple_taken(const struct nf_conntrack_tuple *tuple,
        struct net *net = nf_ct_net(ignored_conntrack);
        struct nf_conntrack_tuple_hash *h;
        struct hlist_nulls_node *n;
-        unsigned int hash = hash_conntrack(tuple);
+        unsigned int hash = hash_conntrack(net, tuple);
        /* Disable BHs the entire time since we need to disable them at
         * least once for the stats anyway.
@@ -503,7 +504,7 @@ static noinline int early_drop(struct net *net, unsigned int hash)
        int dropped = 0;
        rcu_read_lock();
-        for (i = 0; i < nf_conntrack_htable_size; i++) {
+        for (i = 0; i < net->ct.htable_size; i++) {
                hlist_nulls_for_each_entry_rcu(h, n, &net->ct.hash[hash],
                                         hnnode) {
                        tmp = nf_ct_tuplehash_to_ctrack(h);
@@ -523,7 +524,7 @@ static noinline int early_drop(struct net *net, unsigned int hash)
                if (cnt >= NF_CT_EVICTION_RANGE)
                        break;
-                hash = (hash + 1) % nf_conntrack_htable_size;
+                hash = (hash + 1) % net->ct.htable_size;
        }
        rcu_read_unlock();
@@ -557,7 +558,7 @@ struct nf_conn *nf_conntrack_alloc(struct net *net,
        if (nf_conntrack_max &&
            unlikely(atomic_read(&net->ct.count) > nf_conntrack_max)) {
-                unsigned int hash = hash_conntrack(orig);
+                unsigned int hash = hash_conntrack(net, orig);
                if (!early_drop(net, hash)) {
                        atomic_dec(&net->ct.count);
                        if (net_ratelimit())
@@ -572,7 +573,7 @@ struct nf_conn *nf_conntrack_alloc(struct net *net,
         * Do not use kmem_cache_zalloc(), as this cache uses
         * SLAB_DESTROY_BY_RCU.
         */
-        ct = kmem_cache_alloc(nf_conntrack_cachep, gfp);
+        ct = kmem_cache_alloc(net->ct.nf_conntrack_cachep, gfp);
        if (ct == NULL) {
                pr_debug("nf_conntrack_alloc: Can't alloc conntrack.\n");
                atomic_dec(&net->ct.count);
@@ -611,7 +612,7 @@ void nf_conntrack_free(struct nf_conn *ct)
        nf_ct_ext_destroy(ct);
        atomic_dec(&net->ct.count);
        nf_ct_ext_free(ct);
-        kmem_cache_free(nf_conntrack_cachep, ct);
+        kmem_cache_free(net->ct.nf_conntrack_cachep, ct);
 }
 EXPORT_SYMBOL_GPL(nf_conntrack_free);
@@ -1014,7 +1015,7 @@ get_next_corpse(struct net *net, int (*iter)(struct nf_conn *i, void *data),
        struct hlist_nulls_node *n;
        spin_lock_bh(&nf_conntrack_lock);
-        for (; *bucket < nf_conntrack_htable_size; (*bucket)++) {
+        for (; *bucket < net->ct.htable_size; (*bucket)++) {
                hlist_nulls_for_each_entry(h, n, &net->ct.hash[*bucket], hnnode) {
                        ct = nf_ct_tuplehash_to_ctrack(h);
                        if (iter(ct, data))
@@ -1113,9 +1114,12 @@ static void nf_ct_release_dying_list(struct net *net)
 static void nf_conntrack_cleanup_init_net(void)
 {
+        /* wait until all references to nf_conntrack_untracked are dropped */
+        while (atomic_read(&nf_conntrack_untracked.ct_general.use) > 1)
+                schedule();
        nf_conntrack_helper_fini();
        nf_conntrack_proto_fini();
-        kmem_cache_destroy(nf_conntrack_cachep);
 }
 static void nf_conntrack_cleanup_net(struct net *net)
@@ -1127,15 +1131,14 @@ static void nf_conntrack_cleanup_net(struct net *net)
                schedule();
                goto i_see_dead_people;
        }
-        /* wait until all references to nf_conntrack_untracked are dropped */
-        while (atomic_read(&nf_conntrack_untracked.ct_general.use) > 1)
-                schedule();
        nf_ct_free_hashtable(net->ct.hash, net->ct.hash_vmalloc,
-                             nf_conntrack_htable_size);
+                             net->ct.htable_size);
        nf_conntrack_ecache_fini(net);
        nf_conntrack_acct_fini(net);
        nf_conntrack_expect_fini(net);
+        kmem_cache_destroy(net->ct.nf_conntrack_cachep);
+        kfree(net->ct.slabname);
        free_percpu(net->ct.stat);
 }
@@ -1190,10 +1193,12 @@ int nf_conntrack_set_hashsize(const char *val, struct kernel_param *kp)
 {
        int i, bucket, vmalloced, old_vmalloced;
        unsigned int hashsize, old_size;
-        int rnd;
        struct hlist_nulls_head *hash, *old_hash;
        struct nf_conntrack_tuple_hash *h;
+        if (current->nsproxy->net_ns != &init_net)
+                return -EOPNOTSUPP;
        /* On boot, we can set this without any fancy locking. */
        if (!nf_conntrack_htable_size)
                return param_set_uint(val, kp);
@@ -1206,33 +1211,29 @@ int nf_conntrack_set_hashsize(const char *val, struct kernel_param *kp)
        if (!hash)
                return -ENOMEM;
-        /* We have to rehahs for the new table anyway, so we also can
-         * use a newrandom seed */
-        get_random_bytes(&rnd, sizeof(rnd));
        /* Lookups in the old hash might happen in parallel, which means we
         * might get false negatives during connection lookup. New connections
         * created because of a false negative won't make it into the hash
         * though since that required taking the lock.
         */
        spin_lock_bh(&nf_conntrack_lock);
-        for (i = 0; i < nf_conntrack_htable_size; i++) {
+        for (i = 0; i < init_net.ct.htable_size; i++) {
                while (!hlist_nulls_empty(&init_net.ct.hash[i])) {
                        h = hlist_nulls_entry(init_net.ct.hash[i].first,
                                        struct nf_conntrack_tuple_hash, hnnode);
                        hlist_nulls_del_rcu(&h->hnnode);
-                        bucket = __hash_conntrack(&h->tuple, hashsize, rnd);
+                        bucket = __hash_conntrack(&h->tuple, hashsize,
+                                                  nf_conntrack_hash_rnd);
                        hlist_nulls_add_head_rcu(&h->hnnode, &hash[bucket]);
                }
        }
-        old_size = nf_conntrack_htable_size;
+        old_size = init_net.ct.htable_size;
        old_vmalloced = init_net.ct.hash_vmalloc;
        old_hash = init_net.ct.hash;
-        nf_conntrack_htable_size = hashsize;
+        init_net.ct.htable_size = nf_conntrack_htable_size = hashsize;
        init_net.ct.hash_vmalloc = vmalloced;
        init_net.ct.hash = hash;
-        nf_conntrack_hash_rnd = rnd;
        spin_unlock_bh(&nf_conntrack_lock);
        nf_ct_free_hashtable(old_hash, old_vmalloced, old_size);
@@ -1271,15 +1272,6 @@ static int nf_conntrack_init_init_net(void)
               NF_CONNTRACK_VERSION, nf_conntrack_htable_size,
               nf_conntrack_max);
-        nf_conntrack_cachep = kmem_cache_create("nf_conntrack",
-                                                sizeof(struct nf_conn),
-                                                0, SLAB_DESTROY_BY_RCU, NULL);
-        if (!nf_conntrack_cachep) {
-                printk(KERN_ERR "Unable to create nf_conn slab cache\n");
-                ret = -ENOMEM;
-                goto err_cache;
-        }
        ret = nf_conntrack_proto_init();
        if (ret < 0)
                goto err_proto;
@@ -1288,13 +1280,19 @@ static int nf_conntrack_init_init_net(void)
        if (ret < 0)
                goto err_helper;
+        /* Set up fake conntrack: to never be deleted, not in any hashes */
+#ifdef CONFIG_NET_NS
+        nf_conntrack_untracked.ct_net = &init_net;
+#endif
+        atomic_set(&nf_conntrack_untracked.ct_general.use, 1);
+        /*  - and look it like as a confirmed connection */
+        set_bit(IPS_CONFIRMED_BIT, &nf_conntrack_untracked.status);
        return 0;
 err_helper:
        nf_conntrack_proto_fini();
 err_proto:
-        kmem_cache_destroy(nf_conntrack_cachep);
-err_cache:
        return ret;
 }
@@ -1316,7 +1314,24 @@ static int nf_conntrack_init_net(struct net *net)
                ret = -ENOMEM;
                goto err_stat;
        }
-        net->ct.hash = nf_ct_alloc_hashtable(&nf_conntrack_htable_size,
+        net->ct.slabname = kasprintf(GFP_KERNEL, "nf_conntrack_%p", net);
+        if (!net->ct.slabname) {
+                ret = -ENOMEM;
+                goto err_slabname;
+        }
+        net->ct.nf_conntrack_cachep = kmem_cache_create(net->ct.slabname,
+                                                        sizeof(struct nf_conn), 0,
+                                                        SLAB_DESTROY_BY_RCU, NULL);
+        if (!net->ct.nf_conntrack_cachep) {
+                printk(KERN_ERR "Unable to create nf_conn slab cache\n");
+                ret = -ENOMEM;
+                goto err_cache;
+        }
+        net->ct.htable_size = nf_conntrack_htable_size;
+        net->ct.hash = nf_ct_alloc_hashtable(&net->ct.htable_size,
                                             &net->ct.hash_vmalloc, 1);
        if (!net->ct.hash) {
                ret = -ENOMEM;
@@ -1333,15 +1348,6 @@ static int nf_conntrack_init_net(struct net *net)
        if (ret < 0)
                goto err_ecache;
-        /* Set up fake conntrack:
-            - to never be deleted, not in any hashes */
-#ifdef CONFIG_NET_NS
-        nf_conntrack_untracked.ct_net = &init_net;
-#endif
-        atomic_set(&nf_conntrack_untracked.ct_general.use, 1);
-        /*  - and look it like as a confirmed connection */
-        set_bit(IPS_CONFIRMED_BIT, &nf_conntrack_untracked.status);
        return 0;
 err_ecache:
@@ -1350,8 +1356,12 @@ err_acct:
        nf_conntrack_expect_fini(net);
 err_expect:
        nf_ct_free_hashtable(net->ct.hash, net->ct.hash_vmalloc,
-                             nf_conntrack_htable_size);
+                             net->ct.htable_size);
 err_hash:
+        kmem_cache_destroy(net->ct.nf_conntrack_cachep);
+err_cache:
+        kfree(net->ct.slabname);
+err_slabname:
        free_percpu(net->ct.stat);
 err_stat:
        return ret;
diff --git a/net/netfilter/nf_conntrack_expect.c b/net/netfilter/nf_conntrack_expect.c
index fdf5d2a1d9b4..2f25ff610982 100644
--- a/net/netfilter/nf_conntrack_expect.c
+++ b/net/netfilter/nf_conntrack_expect.c
@@ -569,7 +569,7 @@ static void exp_proc_remove(struct net *net)
 #endif /* CONFIG_PROC_FS */
 }
-module_param_named(expect_hashsize, nf_ct_expect_hsize, uint, 0600);
+module_param_named(expect_hashsize, nf_ct_expect_hsize, uint, 0400);
 int nf_conntrack_expect_init(struct net *net)
 {
@@ -577,7 +577,7 @@ int nf_conntrack_expect_init(struct net *net)
        if (net_eq(net, &init_net)) {
                if (!nf_ct_expect_hsize) {
-                        nf_ct_expect_hsize = nf_conntrack_htable_size / 256;
+                        nf_ct_expect_hsize = net->ct.htable_size / 256;
                        if (!nf_ct_expect_hsize)
                                nf_ct_expect_hsize = 1;
                }
diff --git a/net/netfilter/nf_conntrack_helper.c b/net/netfilter/nf_conntrack_helper.c
index 65c2a7bc3afc..4b1a56bd074c 100644
--- a/net/netfilter/nf_conntrack_helper.c
+++ b/net/netfilter/nf_conntrack_helper.c
@@ -192,7 +192,7 @@ static void __nf_conntrack_helper_unregister(struct nf_conntrack_helper *me,
        /* Get rid of expecteds, set helpers to NULL. */
        hlist_nulls_for_each_entry(h, nn, &net->ct.unconfirmed, hnnode)
                unhelp(h, me);
-        for (i = 0; i < nf_conntrack_htable_size; i++) {
+        for (i = 0; i < net->ct.htable_size; i++) {
                hlist_nulls_for_each_entry(h, nn, &net->ct.hash[i], hnnode)
                        unhelp(h, me);
        }
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 42f21c01a93e..0ffe689dfe97 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -594,7 +594,7 @@ ctnetlink_dump_table(struct sk_buff *skb, struct netlink_callback *cb)
        rcu_read_lock();
        last = (struct nf_conn *)cb->args[1];
-        for (; cb->args[0] < nf_conntrack_htable_size; cb->args[0]++) {
+        for (; cb->args[0] < init_net.ct.htable_size; cb->args[0]++) {
 restart:
                hlist_nulls_for_each_entry_rcu(h, n, &init_net.ct.hash[cb->args[0]],
                                         hnnode) {
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
index 028aba667ef7..e310f1561bb2 100644
--- a/net/netfilter/nf_conntrack_standalone.c
+++ b/net/netfilter/nf_conntrack_standalone.c
@@ -51,7 +51,7 @@ static struct hlist_nulls_node *ct_get_first(struct seq_file *seq)
        struct hlist_nulls_node *n;
        for (st->bucket = 0;
-             st->bucket < nf_conntrack_htable_size;
+             st->bucket < net->ct.htable_size;
             st->bucket++) {
                n = rcu_dereference(net->ct.hash[st->bucket].first);
                if (!is_a_nulls(n))
@@ -69,7 +69,7 @@ static struct hlist_nulls_node *ct_get_next(struct seq_file *seq,
        head = rcu_dereference(head->next);
        while (is_a_nulls(head)) {
                if (likely(get_nulls_value(head) == st->bucket)) {
-                        if (++st->bucket >= nf_conntrack_htable_size)
+                        if (++st->bucket >= net->ct.htable_size)
                                return NULL;
                }
                head = rcu_dereference(net->ct.hash[st->bucket].first);
@@ -355,7 +355,7 @@ static ctl_table nf_ct_sysctl_table[] = {
        },
        {
                .procname       = "nf_conntrack_buckets",
-                .data           = &nf_conntrack_htable_size,
+                .data           = &init_net.ct.htable_size,
                .maxlen         = sizeof(unsigned int),
                .mode           = 0444,
                .proc_handler   = proc_dointvec,
@@ -421,6 +421,7 @@ static int nf_conntrack_standalone_init_sysctl(struct net *net)
                goto out_kmemdup;
        table[1].data = &net->ct.count;
+        table[2].data = &net->ct.htable_size;
        table[3].data = &net->ct.sysctl_checksum;
        table[4].data = &net->ct.sysctl_log_invalid;
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index a4957bf2ca60..4c5972ba8c78 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -455,9 +455,14 @@ static int netlink_create(struct net *net, struct socket *sock, int protocol,
        if (nl_table[protocol].registered &&
            try_module_get(nl_table[protocol].module))
                module = nl_table[protocol].module;
+        else
+                err = -EPROTONOSUPPORT;
        cb_mutex = nl_table[protocol].cb_mutex;
        netlink_unlock_table();
+        if (err < 0)
+                goto out;
        err = __netlink_create(net, sock, cb_mutex, protocol);
        if (err < 0)
                goto out_module;
diff --git a/net/sched/Kconfig b/net/sched/Kconfig
index 929218a47620..21f9c7678aa3 100644
--- a/net/sched/Kconfig
+++ b/net/sched/Kconfig
@@ -433,7 +433,7 @@ config NET_ACT_POLICE
          module.
          To compile this code as a module, choose M here: the
-          module will be called police.
+          module will be called act_police.
 config NET_ACT_GACT
        tristate "Generic actions"
@@ -443,7 +443,7 @@ config NET_ACT_GACT
          accepting packets.
          To compile this code as a module, choose M here: the
-          module will be called gact.
+          module will be called act_gact.
 config GACT_PROB
        bool "Probability support"
@@ -459,7 +459,7 @@ config NET_ACT_MIRRED
          other devices.
          To compile this code as a module, choose M here: the
-          module will be called mirred.
+          module will be called act_mirred.
 config NET_ACT_IPT
        tristate "IPtables targets"
@@ -469,7 +469,7 @@ config NET_ACT_IPT
          classification.
          To compile this code as a module, choose M here: the
-          module will be called ipt.
+          module will be called act_ipt.
 config NET_ACT_NAT
        tristate "Stateless NAT"
@@ -479,7 +479,7 @@ config NET_ACT_NAT
          netfilter for NAT unless you know what you are doing.
          To compile this code as a module, choose M here: the
-          module will be called nat.
+          module will be called act_nat.
 config NET_ACT_PEDIT
        tristate "Packet Editing"
@@ -488,7 +488,7 @@ config NET_ACT_PEDIT
          Say Y here if you want to mangle the content of packets.
          To compile this code as a module, choose M here: the
-          module will be called pedit.
+          module will be called act_pedit.
 config NET_ACT_SIMP
        tristate "Simple Example (Debug)"
@@ -502,7 +502,7 @@ config NET_ACT_SIMP
          If unsure, say N.
          To compile this code as a module, choose M here: the
-          module will be called simple.
+          module will be called act_simple.
 config NET_ACT_SKBEDIT
        tristate "SKB Editing"
@@ -513,7 +513,7 @@ config NET_ACT_SKBEDIT
          If unsure, say N.
          To compile this code as a module, choose M here: the
-          module will be called skbedit.
+          module will be called act_skbedit.
 config NET_CLS_IND
        bool "Incoming device classification"
author	Linus Torvalds <torvalds@linux-foundation.org>	2010-02-10 10:15:21 -0500
committer	Linus Torvalds <torvalds@linux-foundation.org>	2010-02-10 10:15:21 -0500
commit	0ea457839d050370e0f7c75c81f9abd573e1f420 (patch)
tree	02446fa44f2f20885fe5739c571029fed4d283b7 /net
parent	ac73fddfc523bf3c3525d16356b44527c44fae6d (diff)
parent	44bfce5c3ec91baf8ffcd075c66711740f29a949 (diff)