aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorStefan Richter <stefanr@s5r6.in-berlin.de>2010-02-24 14:31:04 -0500
committerStefan Richter <stefanr@s5r6.in-berlin.de>2010-02-24 14:33:45 -0500
commit109d28152b6e9d5de64cd23e3bc08885ccb3d1ef (patch)
treeb7b8863faa05254781acfb85cc41da3eef467c6b /net
parent168cf9af699e87d5a6f44b684583714ecabb8e71 (diff)
parent60b341b778cc2929df16c0a504c91621b3c6a4ad (diff)
Merge tag 'v2.6.33' for its firewire changes since last branch point
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Diffstat (limited to 'net')
-rw-r--r--net/8021q/vlan_dev.c2
-rw-r--r--net/9p/client.c53
-rw-r--r--net/9p/trans_fd.c10
-rw-r--r--net/9p/trans_rdma.c9
-rw-r--r--net/9p/trans_virtio.c4
-rw-r--r--net/appletalk/aarp.c2
-rw-r--r--net/ax25/ax25_out.c6
-rw-r--r--net/bluetooth/hci_conn.c3
-rw-r--r--net/bluetooth/hci_event.c1
-rw-r--r--net/bluetooth/hidp/core.c119
-rw-r--r--net/bluetooth/hidp/hidp.h4
-rw-r--r--net/bluetooth/l2cap.c14
-rw-r--r--net/bluetooth/rfcomm/core.c8
-rw-r--r--net/bridge/netfilter/ebtables.c6
-rw-r--r--net/core/dev.c2
-rw-r--r--net/core/dst.c2
-rw-r--r--net/core/ethtool.c1
-rw-r--r--net/core/net-sysfs.c3
-rw-r--r--net/core/pktgen.c10
-rw-r--r--net/core/sock.c4
-rw-r--r--net/dccp/ccid.c20
-rw-r--r--net/dccp/ccid.h6
-rw-r--r--net/dccp/probe.c3
-rw-r--r--net/ipv4/devinet.c8
-rw-r--r--net/ipv4/fib_frontend.c2
-rw-r--r--net/ipv4/igmp.c2
-rw-r--r--net/ipv4/inet_diag.c2
-rw-r--r--net/ipv4/ip_output.c2
-rw-r--r--net/ipv4/ipcomp.c6
-rw-r--r--net/ipv4/netfilter/arp_tables.c4
-rw-r--r--net/ipv4/netfilter/ip_tables.c4
-rw-r--r--net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c2
-rw-r--r--net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c4
-rw-r--r--net/ipv4/netfilter/nf_nat_core.c22
-rw-r--r--net/ipv4/route.c2
-rw-r--r--net/ipv4/tcp_input.c6
-rw-r--r--net/ipv4/tcp_probe.c19
-rw-r--r--net/ipv4/xfrm4_policy.c14
-rw-r--r--net/ipv6/addrconf.c16
-rw-r--r--net/ipv6/exthdrs.c7
-rw-r--r--net/ipv6/ip6_output.c3
-rw-r--r--net/ipv6/ipcomp6.c6
-rw-r--r--net/ipv6/netfilter/ip6_tables.c4
-rw-r--r--net/ipv6/netfilter/nf_conntrack_reasm.c1
-rw-r--r--net/ipv6/xfrm6_policy.c25
-rw-r--r--net/irda/irnet/irnet_ppp.c5
-rw-r--r--net/key/af_key.c15
-rw-r--r--net/mac80211/cfg.c3
-rw-r--r--net/mac80211/driver-trace.h2
-rw-r--r--net/mac80211/ht.c25
-rw-r--r--net/mac80211/ibss.c6
-rw-r--r--net/mac80211/iface.c47
-rw-r--r--net/mac80211/main.c2
-rw-r--r--net/mac80211/mlme.c16
-rw-r--r--net/mac80211/rate.c3
-rw-r--r--net/mac80211/rc80211_pid_algo.c2
-rw-r--r--net/mac80211/rx.c8
-rw-r--r--net/mac80211/scan.c28
-rw-r--r--net/mac80211/tx.c9
-rw-r--r--net/mac80211/util.c24
-rw-r--r--net/mac80211/wme.c96
-rw-r--r--net/mac80211/wme.h8
-rw-r--r--net/netfilter/ipvs/Kconfig3
-rw-r--r--net/netfilter/ipvs/ip_vs_ctl.c14
-rw-r--r--net/netfilter/ipvs/ip_vs_wrr.c15
-rw-r--r--net/netfilter/nf_conntrack_core.c116
-rw-r--r--net/netfilter/nf_conntrack_expect.c4
-rw-r--r--net/netfilter/nf_conntrack_ftp.c18
-rw-r--r--net/netfilter/nf_conntrack_helper.c2
-rw-r--r--net/netfilter/nf_conntrack_netlink.c5
-rw-r--r--net/netfilter/nf_conntrack_sip.c2
-rw-r--r--net/netfilter/nf_conntrack_standalone.c7
-rw-r--r--net/netlink/af_netlink.c5
-rw-r--r--net/netrom/nr_route.c11
-rw-r--r--net/packet/af_packet.c19
-rw-r--r--net/rose/rose_link.c8
-rw-r--r--net/rose/rose_loopback.c2
-rw-r--r--net/rose/rose_route.c5
-rw-r--r--net/sched/Kconfig16
-rw-r--r--net/sctp/socket.c3
-rw-r--r--net/sunrpc/auth_gss/auth_gss.c17
-rw-r--r--net/sunrpc/auth_gss/gss_krb5_mech.c4
-rw-r--r--net/sunrpc/auth_gss/gss_mech_switch.c2
-rw-r--r--net/sunrpc/svc_xprt.c3
-rw-r--r--net/wireless/core.c4
-rw-r--r--net/wireless/mlme.c13
-rw-r--r--net/wireless/reg.c2
-rw-r--r--net/wireless/scan.c13
-rw-r--r--net/wireless/sme.c1
-rw-r--r--net/xfrm/xfrm_policy.c77
-rw-r--r--net/xfrm/xfrm_state.c18
-rw-r--r--net/xfrm/xfrm_user.c14
92 files changed, 771 insertions, 404 deletions
diff --git a/net/8021q/vlan_dev.c b/net/8021q/vlan_dev.c
index b7889782047e..c1b92cab46c7 100644
--- a/net/8021q/vlan_dev.c
+++ b/net/8021q/vlan_dev.c
@@ -163,7 +163,7 @@ int vlan_skb_recv(struct sk_buff *skb, struct net_device *dev,
163 goto err_unlock; 163 goto err_unlock;
164 } 164 }
165 165
166 rx_stats = per_cpu_ptr(vlan_dev_info(dev)->vlan_rx_stats, 166 rx_stats = per_cpu_ptr(vlan_dev_info(skb->dev)->vlan_rx_stats,
167 smp_processor_id()); 167 smp_processor_id());
168 rx_stats->rx_packets++; 168 rx_stats->rx_packets++;
169 rx_stats->rx_bytes += skb->len; 169 rx_stats->rx_bytes += skb->len;
diff --git a/net/9p/client.c b/net/9p/client.c
index 8af95b2dddd6..09d4f1e2e4a8 100644
--- a/net/9p/client.c
+++ b/net/9p/client.c
@@ -69,7 +69,7 @@ p9_client_rpc(struct p9_client *c, int8_t type, const char *fmt, ...);
69 69
70static int parse_opts(char *opts, struct p9_client *clnt) 70static int parse_opts(char *opts, struct p9_client *clnt)
71{ 71{
72 char *options; 72 char *options, *tmp_options;
73 char *p; 73 char *p;
74 substring_t args[MAX_OPT_ARGS]; 74 substring_t args[MAX_OPT_ARGS];
75 int option; 75 int option;
@@ -81,12 +81,13 @@ static int parse_opts(char *opts, struct p9_client *clnt)
81 if (!opts) 81 if (!opts)
82 return 0; 82 return 0;
83 83
84 options = kstrdup(opts, GFP_KERNEL); 84 tmp_options = kstrdup(opts, GFP_KERNEL);
85 if (!options) { 85 if (!tmp_options) {
86 P9_DPRINTK(P9_DEBUG_ERROR, 86 P9_DPRINTK(P9_DEBUG_ERROR,
87 "failed to allocate copy of option string\n"); 87 "failed to allocate copy of option string\n");
88 return -ENOMEM; 88 return -ENOMEM;
89 } 89 }
90 options = tmp_options;
90 91
91 while ((p = strsep(&options, ",")) != NULL) { 92 while ((p = strsep(&options, ",")) != NULL) {
92 int token; 93 int token;
@@ -108,6 +109,13 @@ static int parse_opts(char *opts, struct p9_client *clnt)
108 break; 109 break;
109 case Opt_trans: 110 case Opt_trans:
110 clnt->trans_mod = v9fs_get_trans_by_name(&args[0]); 111 clnt->trans_mod = v9fs_get_trans_by_name(&args[0]);
112 if(clnt->trans_mod == NULL) {
113 P9_DPRINTK(P9_DEBUG_ERROR,
114 "Could not find request transport: %s\n",
115 (char *) &args[0]);
116 ret = -EINVAL;
117 goto free_and_return;
118 }
111 break; 119 break;
112 case Opt_legacy: 120 case Opt_legacy:
113 clnt->dotu = 0; 121 clnt->dotu = 0;
@@ -117,7 +125,8 @@ static int parse_opts(char *opts, struct p9_client *clnt)
117 } 125 }
118 } 126 }
119 127
120 kfree(options); 128free_and_return:
129 kfree(tmp_options);
121 return ret; 130 return ret;
122} 131}
123 132
@@ -667,18 +676,12 @@ struct p9_client *p9_client_create(const char *dev_name, char *options)
667 clnt->trans = NULL; 676 clnt->trans = NULL;
668 spin_lock_init(&clnt->lock); 677 spin_lock_init(&clnt->lock);
669 INIT_LIST_HEAD(&clnt->fidlist); 678 INIT_LIST_HEAD(&clnt->fidlist);
670 clnt->fidpool = p9_idpool_create();
671 if (IS_ERR(clnt->fidpool)) {
672 err = PTR_ERR(clnt->fidpool);
673 clnt->fidpool = NULL;
674 goto error;
675 }
676 679
677 p9_tag_init(clnt); 680 p9_tag_init(clnt);
678 681
679 err = parse_opts(options, clnt); 682 err = parse_opts(options, clnt);
680 if (err < 0) 683 if (err < 0)
681 goto error; 684 goto free_client;
682 685
683 if (!clnt->trans_mod) 686 if (!clnt->trans_mod)
684 clnt->trans_mod = v9fs_get_default_trans(); 687 clnt->trans_mod = v9fs_get_default_trans();
@@ -687,7 +690,14 @@ struct p9_client *p9_client_create(const char *dev_name, char *options)
687 err = -EPROTONOSUPPORT; 690 err = -EPROTONOSUPPORT;
688 P9_DPRINTK(P9_DEBUG_ERROR, 691 P9_DPRINTK(P9_DEBUG_ERROR,
689 "No transport defined or default transport\n"); 692 "No transport defined or default transport\n");
690 goto error; 693 goto free_client;
694 }
695
696 clnt->fidpool = p9_idpool_create();
697 if (IS_ERR(clnt->fidpool)) {
698 err = PTR_ERR(clnt->fidpool);
699 clnt->fidpool = NULL;
700 goto put_trans;
691 } 701 }
692 702
693 P9_DPRINTK(P9_DEBUG_MUX, "clnt %p trans %p msize %d dotu %d\n", 703 P9_DPRINTK(P9_DEBUG_MUX, "clnt %p trans %p msize %d dotu %d\n",
@@ -695,19 +705,25 @@ struct p9_client *p9_client_create(const char *dev_name, char *options)
695 705
696 err = clnt->trans_mod->create(clnt, dev_name, options); 706 err = clnt->trans_mod->create(clnt, dev_name, options);
697 if (err) 707 if (err)
698 goto error; 708 goto destroy_fidpool;
699 709
700 if ((clnt->msize+P9_IOHDRSZ) > clnt->trans_mod->maxsize) 710 if ((clnt->msize+P9_IOHDRSZ) > clnt->trans_mod->maxsize)
701 clnt->msize = clnt->trans_mod->maxsize-P9_IOHDRSZ; 711 clnt->msize = clnt->trans_mod->maxsize-P9_IOHDRSZ;
702 712
703 err = p9_client_version(clnt); 713 err = p9_client_version(clnt);
704 if (err) 714 if (err)
705 goto error; 715 goto close_trans;
706 716
707 return clnt; 717 return clnt;
708 718
709error: 719close_trans:
710 p9_client_destroy(clnt); 720 clnt->trans_mod->close(clnt);
721destroy_fidpool:
722 p9_idpool_destroy(clnt->fidpool);
723put_trans:
724 v9fs_put_trans(clnt->trans_mod);
725free_client:
726 kfree(clnt);
711 return ERR_PTR(err); 727 return ERR_PTR(err);
712} 728}
713EXPORT_SYMBOL(p9_client_create); 729EXPORT_SYMBOL(p9_client_create);
@@ -1214,10 +1230,11 @@ static int p9_client_statsize(struct p9_wstat *wst, int optional)
1214{ 1230{
1215 int ret; 1231 int ret;
1216 1232
1233 /* NOTE: size shouldn't include its own length */
1217 /* size[2] type[2] dev[4] qid[13] */ 1234 /* size[2] type[2] dev[4] qid[13] */
1218 /* mode[4] atime[4] mtime[4] length[8]*/ 1235 /* mode[4] atime[4] mtime[4] length[8]*/
1219 /* name[s] uid[s] gid[s] muid[s] */ 1236 /* name[s] uid[s] gid[s] muid[s] */
1220 ret = 2+2+4+13+4+4+4+8+2+2+2+2; 1237 ret = 2+4+13+4+4+4+8+2+2+2+2;
1221 1238
1222 if (wst->name) 1239 if (wst->name)
1223 ret += strlen(wst->name); 1240 ret += strlen(wst->name);
@@ -1258,7 +1275,7 @@ int p9_client_wstat(struct p9_fid *fid, struct p9_wstat *wst)
1258 wst->name, wst->uid, wst->gid, wst->muid, wst->extension, 1275 wst->name, wst->uid, wst->gid, wst->muid, wst->extension,
1259 wst->n_uid, wst->n_gid, wst->n_muid); 1276 wst->n_uid, wst->n_gid, wst->n_muid);
1260 1277
1261 req = p9_client_rpc(clnt, P9_TWSTAT, "dwS", fid->fid, wst->size, wst); 1278 req = p9_client_rpc(clnt, P9_TWSTAT, "dwS", fid->fid, wst->size+2, wst);
1262 if (IS_ERR(req)) { 1279 if (IS_ERR(req)) {
1263 err = PTR_ERR(req); 1280 err = PTR_ERR(req);
1264 goto error; 1281 goto error;
diff --git a/net/9p/trans_fd.c b/net/9p/trans_fd.c
index be1cb909d8c0..31d0b05582a9 100644
--- a/net/9p/trans_fd.c
+++ b/net/9p/trans_fd.c
@@ -714,7 +714,7 @@ static int parse_opts(char *params, struct p9_fd_opts *opts)
714 char *p; 714 char *p;
715 substring_t args[MAX_OPT_ARGS]; 715 substring_t args[MAX_OPT_ARGS];
716 int option; 716 int option;
717 char *options; 717 char *options, *tmp_options;
718 int ret; 718 int ret;
719 719
720 opts->port = P9_PORT; 720 opts->port = P9_PORT;
@@ -724,12 +724,13 @@ static int parse_opts(char *params, struct p9_fd_opts *opts)
724 if (!params) 724 if (!params)
725 return 0; 725 return 0;
726 726
727 options = kstrdup(params, GFP_KERNEL); 727 tmp_options = kstrdup(params, GFP_KERNEL);
728 if (!options) { 728 if (!tmp_options) {
729 P9_DPRINTK(P9_DEBUG_ERROR, 729 P9_DPRINTK(P9_DEBUG_ERROR,
730 "failed to allocate copy of option string\n"); 730 "failed to allocate copy of option string\n");
731 return -ENOMEM; 731 return -ENOMEM;
732 } 732 }
733 options = tmp_options;
733 734
734 while ((p = strsep(&options, ",")) != NULL) { 735 while ((p = strsep(&options, ",")) != NULL) {
735 int token; 736 int token;
@@ -760,7 +761,8 @@ static int parse_opts(char *params, struct p9_fd_opts *opts)
760 continue; 761 continue;
761 } 762 }
762 } 763 }
763 kfree(options); 764
765 kfree(tmp_options);
764 return 0; 766 return 0;
765} 767}
766 768
diff --git a/net/9p/trans_rdma.c b/net/9p/trans_rdma.c
index 65cb29db03f8..2c95a89c0f46 100644
--- a/net/9p/trans_rdma.c
+++ b/net/9p/trans_rdma.c
@@ -166,7 +166,7 @@ static int parse_opts(char *params, struct p9_rdma_opts *opts)
166 char *p; 166 char *p;
167 substring_t args[MAX_OPT_ARGS]; 167 substring_t args[MAX_OPT_ARGS];
168 int option; 168 int option;
169 char *options; 169 char *options, *tmp_options;
170 int ret; 170 int ret;
171 171
172 opts->port = P9_PORT; 172 opts->port = P9_PORT;
@@ -177,12 +177,13 @@ static int parse_opts(char *params, struct p9_rdma_opts *opts)
177 if (!params) 177 if (!params)
178 return 0; 178 return 0;
179 179
180 options = kstrdup(params, GFP_KERNEL); 180 tmp_options = kstrdup(params, GFP_KERNEL);
181 if (!options) { 181 if (!tmp_options) {
182 P9_DPRINTK(P9_DEBUG_ERROR, 182 P9_DPRINTK(P9_DEBUG_ERROR,
183 "failed to allocate copy of option string\n"); 183 "failed to allocate copy of option string\n");
184 return -ENOMEM; 184 return -ENOMEM;
185 } 185 }
186 options = tmp_options;
186 187
187 while ((p = strsep(&options, ",")) != NULL) { 188 while ((p = strsep(&options, ",")) != NULL) {
188 int token; 189 int token;
@@ -216,7 +217,7 @@ static int parse_opts(char *params, struct p9_rdma_opts *opts)
216 } 217 }
217 /* RQ must be at least as large as the SQ */ 218 /* RQ must be at least as large as the SQ */
218 opts->rq_depth = max(opts->rq_depth, opts->sq_depth); 219 opts->rq_depth = max(opts->rq_depth, opts->sq_depth);
219 kfree(options); 220 kfree(tmp_options);
220 return 0; 221 return 0;
221} 222}
222 223
diff --git a/net/9p/trans_virtio.c b/net/9p/trans_virtio.c
index ea1e3daabefe..cb50f4ae5eef 100644
--- a/net/9p/trans_virtio.c
+++ b/net/9p/trans_virtio.c
@@ -102,7 +102,8 @@ static void p9_virtio_close(struct p9_client *client)
102 struct virtio_chan *chan = client->trans; 102 struct virtio_chan *chan = client->trans;
103 103
104 mutex_lock(&virtio_9p_lock); 104 mutex_lock(&virtio_9p_lock);
105 chan->inuse = false; 105 if (chan)
106 chan->inuse = false;
106 mutex_unlock(&virtio_9p_lock); 107 mutex_unlock(&virtio_9p_lock);
107} 108}
108 109
@@ -311,6 +312,7 @@ p9_virtio_create(struct p9_client *client, const char *devname, char *args)
311 } 312 }
312 313
313 client->trans = (void *)chan; 314 client->trans = (void *)chan;
315 client->status = Connected;
314 chan->client = client; 316 chan->client = client;
315 317
316 return 0; 318 return 0;
diff --git a/net/appletalk/aarp.c b/net/appletalk/aarp.c
index 9d4adfd22757..f2b3b56aa779 100644
--- a/net/appletalk/aarp.c
+++ b/net/appletalk/aarp.c
@@ -819,7 +819,7 @@ static int aarp_rcv(struct sk_buff *skb, struct net_device *dev,
819 ma = &ifa->address; 819 ma = &ifa->address;
820 else { /* We need to make a copy of the entry. */ 820 else { /* We need to make a copy of the entry. */
821 da.s_node = sa.s_node; 821 da.s_node = sa.s_node;
822 da.s_net = da.s_net; 822 da.s_net = sa.s_net;
823 ma = &da; 823 ma = &da;
824 } 824 }
825 825
diff --git a/net/ax25/ax25_out.c b/net/ax25/ax25_out.c
index bf706f83a5c9..14912600ec57 100644
--- a/net/ax25/ax25_out.c
+++ b/net/ax25/ax25_out.c
@@ -92,6 +92,12 @@ ax25_cb *ax25_send_frame(struct sk_buff *skb, int paclen, ax25_address *src, ax2
92#endif 92#endif
93 } 93 }
94 94
95 /*
96 * There is one ref for the state machine; a caller needs
97 * one more to put it back, just like with the existing one.
98 */
99 ax25_cb_hold(ax25);
100
95 ax25_cb_add(ax25); 101 ax25_cb_add(ax25);
96 102
97 ax25->state = AX25_STATE_1; 103 ax25->state = AX25_STATE_1;
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index b7c4224f4e7d..b10e3cdb08f8 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -377,6 +377,9 @@ struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, __u8
377 377
378 if (acl->state == BT_CONNECTED && 378 if (acl->state == BT_CONNECTED &&
379 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) { 379 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
380 acl->power_save = 1;
381 hci_conn_enter_active_mode(acl);
382
380 if (lmp_esco_capable(hdev)) 383 if (lmp_esco_capable(hdev))
381 hci_setup_sync(sco, acl->handle); 384 hci_setup_sync(sco, acl->handle);
382 else 385 else
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 28517bad796c..592da5c909c1 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -1699,6 +1699,7 @@ static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_bu
1699 break; 1699 break;
1700 1700
1701 case 0x1c: /* SCO interval rejected */ 1701 case 0x1c: /* SCO interval rejected */
1702 case 0x1a: /* Unsupported Remote Feature */
1702 case 0x1f: /* Unspecified error */ 1703 case 0x1f: /* Unspecified error */
1703 if (conn->out && conn->attempt < 2) { 1704 if (conn->out && conn->attempt < 2) {
1704 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) | 1705 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
diff --git a/net/bluetooth/hidp/core.c b/net/bluetooth/hidp/core.c
index 18e7f5a43dc4..fc6ec1e72652 100644
--- a/net/bluetooth/hidp/core.c
+++ b/net/bluetooth/hidp/core.c
@@ -243,6 +243,39 @@ static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb)
243 input_sync(dev); 243 input_sync(dev);
244} 244}
245 245
246static int __hidp_send_ctrl_message(struct hidp_session *session,
247 unsigned char hdr, unsigned char *data, int size)
248{
249 struct sk_buff *skb;
250
251 BT_DBG("session %p data %p size %d", session, data, size);
252
253 if (!(skb = alloc_skb(size + 1, GFP_ATOMIC))) {
254 BT_ERR("Can't allocate memory for new frame");
255 return -ENOMEM;
256 }
257
258 *skb_put(skb, 1) = hdr;
259 if (data && size > 0)
260 memcpy(skb_put(skb, size), data, size);
261
262 skb_queue_tail(&session->ctrl_transmit, skb);
263
264 return 0;
265}
266
267static inline int hidp_send_ctrl_message(struct hidp_session *session,
268 unsigned char hdr, unsigned char *data, int size)
269{
270 int err;
271
272 err = __hidp_send_ctrl_message(session, hdr, data, size);
273
274 hidp_schedule(session);
275
276 return err;
277}
278
246static int hidp_queue_report(struct hidp_session *session, 279static int hidp_queue_report(struct hidp_session *session,
247 unsigned char *data, int size) 280 unsigned char *data, int size)
248{ 281{
@@ -282,7 +315,9 @@ static int hidp_send_report(struct hidp_session *session, struct hid_report *rep
282 315
283static int hidp_output_raw_report(struct hid_device *hid, unsigned char *data, size_t count) 316static int hidp_output_raw_report(struct hid_device *hid, unsigned char *data, size_t count)
284{ 317{
285 if (hidp_queue_report(hid->driver_data, data, count)) 318 if (hidp_send_ctrl_message(hid->driver_data,
319 HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_FEATURE,
320 data, count))
286 return -ENOMEM; 321 return -ENOMEM;
287 return count; 322 return count;
288} 323}
@@ -307,39 +342,6 @@ static inline void hidp_del_timer(struct hidp_session *session)
307 del_timer(&session->timer); 342 del_timer(&session->timer);
308} 343}
309 344
310static int __hidp_send_ctrl_message(struct hidp_session *session,
311 unsigned char hdr, unsigned char *data, int size)
312{
313 struct sk_buff *skb;
314
315 BT_DBG("session %p data %p size %d", session, data, size);
316
317 if (!(skb = alloc_skb(size + 1, GFP_ATOMIC))) {
318 BT_ERR("Can't allocate memory for new frame");
319 return -ENOMEM;
320 }
321
322 *skb_put(skb, 1) = hdr;
323 if (data && size > 0)
324 memcpy(skb_put(skb, size), data, size);
325
326 skb_queue_tail(&session->ctrl_transmit, skb);
327
328 return 0;
329}
330
331static inline int hidp_send_ctrl_message(struct hidp_session *session,
332 unsigned char hdr, unsigned char *data, int size)
333{
334 int err;
335
336 err = __hidp_send_ctrl_message(session, hdr, data, size);
337
338 hidp_schedule(session);
339
340 return err;
341}
342
343static void hidp_process_handshake(struct hidp_session *session, 345static void hidp_process_handshake(struct hidp_session *session,
344 unsigned char param) 346 unsigned char param)
345{ 347{
@@ -701,29 +703,9 @@ static void hidp_close(struct hid_device *hid)
701static int hidp_parse(struct hid_device *hid) 703static int hidp_parse(struct hid_device *hid)
702{ 704{
703 struct hidp_session *session = hid->driver_data; 705 struct hidp_session *session = hid->driver_data;
704 struct hidp_connadd_req *req = session->req;
705 unsigned char *buf;
706 int ret;
707
708 buf = kmalloc(req->rd_size, GFP_KERNEL);
709 if (!buf)
710 return -ENOMEM;
711
712 if (copy_from_user(buf, req->rd_data, req->rd_size)) {
713 kfree(buf);
714 return -EFAULT;
715 }
716
717 ret = hid_parse_report(session->hid, buf, req->rd_size);
718
719 kfree(buf);
720
721 if (ret)
722 return ret;
723 706
724 session->req = NULL; 707 return hid_parse_report(session->hid, session->rd_data,
725 708 session->rd_size);
726 return 0;
727} 709}
728 710
729static int hidp_start(struct hid_device *hid) 711static int hidp_start(struct hid_device *hid)
@@ -768,12 +750,24 @@ static int hidp_setup_hid(struct hidp_session *session,
768 bdaddr_t src, dst; 750 bdaddr_t src, dst;
769 int err; 751 int err;
770 752
753 session->rd_data = kzalloc(req->rd_size, GFP_KERNEL);
754 if (!session->rd_data)
755 return -ENOMEM;
756
757 if (copy_from_user(session->rd_data, req->rd_data, req->rd_size)) {
758 err = -EFAULT;
759 goto fault;
760 }
761 session->rd_size = req->rd_size;
762
771 hid = hid_allocate_device(); 763 hid = hid_allocate_device();
772 if (IS_ERR(hid)) 764 if (IS_ERR(hid)) {
773 return PTR_ERR(hid); 765 err = PTR_ERR(hid);
766 goto fault;
767 }
774 768
775 session->hid = hid; 769 session->hid = hid;
776 session->req = req; 770
777 hid->driver_data = session; 771 hid->driver_data = session;
778 772
779 baswap(&src, &bt_sk(session->ctrl_sock->sk)->src); 773 baswap(&src, &bt_sk(session->ctrl_sock->sk)->src);
@@ -804,6 +798,10 @@ failed:
804 hid_destroy_device(hid); 798 hid_destroy_device(hid);
805 session->hid = NULL; 799 session->hid = NULL;
806 800
801fault:
802 kfree(session->rd_data);
803 session->rd_data = NULL;
804
807 return err; 805 return err;
808} 806}
809 807
@@ -898,6 +896,9 @@ unlink:
898 session->hid = NULL; 896 session->hid = NULL;
899 } 897 }
900 898
899 kfree(session->rd_data);
900 session->rd_data = NULL;
901
901purge: 902purge:
902 skb_queue_purge(&session->ctrl_transmit); 903 skb_queue_purge(&session->ctrl_transmit);
903 skb_queue_purge(&session->intr_transmit); 904 skb_queue_purge(&session->intr_transmit);
diff --git a/net/bluetooth/hidp/hidp.h b/net/bluetooth/hidp/hidp.h
index faf3d74c3586..a4e215d50c10 100644
--- a/net/bluetooth/hidp/hidp.h
+++ b/net/bluetooth/hidp/hidp.h
@@ -154,7 +154,9 @@ struct hidp_session {
154 struct sk_buff_head ctrl_transmit; 154 struct sk_buff_head ctrl_transmit;
155 struct sk_buff_head intr_transmit; 155 struct sk_buff_head intr_transmit;
156 156
157 struct hidp_connadd_req *req; 157 /* Report descriptor */
158 __u8 *rd_data;
159 uint rd_size;
158}; 160};
159 161
160static inline void hidp_schedule(struct hidp_session *session) 162static inline void hidp_schedule(struct hidp_session *session)
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index 1120cf14a548..400efa26ddba 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -1368,7 +1368,6 @@ static int l2cap_ertm_send(struct sock *sk)
1368 1368
1369 while ((skb = sk->sk_send_head) && (!l2cap_tx_window_full(sk)) && 1369 while ((skb = sk->sk_send_head) && (!l2cap_tx_window_full(sk)) &&
1370 !(pi->conn_state & L2CAP_CONN_REMOTE_BUSY)) { 1370 !(pi->conn_state & L2CAP_CONN_REMOTE_BUSY)) {
1371 tx_skb = skb_clone(skb, GFP_ATOMIC);
1372 1371
1373 if (pi->remote_max_tx && 1372 if (pi->remote_max_tx &&
1374 bt_cb(skb)->retries == pi->remote_max_tx) { 1373 bt_cb(skb)->retries == pi->remote_max_tx) {
@@ -1376,6 +1375,8 @@ static int l2cap_ertm_send(struct sock *sk)
1376 break; 1375 break;
1377 } 1376 }
1378 1377
1378 tx_skb = skb_clone(skb, GFP_ATOMIC);
1379
1379 bt_cb(skb)->retries++; 1380 bt_cb(skb)->retries++;
1380 1381
1381 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE); 1382 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
@@ -3518,7 +3519,6 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk
3518 struct l2cap_pinfo *pi; 3519 struct l2cap_pinfo *pi;
3519 u16 control, len; 3520 u16 control, len;
3520 u8 tx_seq; 3521 u8 tx_seq;
3521 int err;
3522 3522
3523 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid); 3523 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid);
3524 if (!sk) { 3524 if (!sk) {
@@ -3570,13 +3570,11 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk
3570 goto drop; 3570 goto drop;
3571 3571
3572 if (__is_iframe(control)) 3572 if (__is_iframe(control))
3573 err = l2cap_data_channel_iframe(sk, control, skb); 3573 l2cap_data_channel_iframe(sk, control, skb);
3574 else 3574 else
3575 err = l2cap_data_channel_sframe(sk, control, skb); 3575 l2cap_data_channel_sframe(sk, control, skb);
3576 3576
3577 if (!err) 3577 goto done;
3578 goto done;
3579 break;
3580 3578
3581 case L2CAP_MODE_STREAMING: 3579 case L2CAP_MODE_STREAMING:
3582 control = get_unaligned_le16(skb->data); 3580 control = get_unaligned_le16(skb->data);
@@ -3602,7 +3600,7 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk
3602 else 3600 else
3603 pi->expected_tx_seq = tx_seq + 1; 3601 pi->expected_tx_seq = tx_seq + 1;
3604 3602
3605 err = l2cap_sar_reassembly_sdu(sk, skb, control); 3603 l2cap_sar_reassembly_sdu(sk, skb, control);
3606 3604
3607 goto done; 3605 goto done;
3608 3606
diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c
index fc5ee3296e22..89f4a59eb82b 100644
--- a/net/bluetooth/rfcomm/core.c
+++ b/net/bluetooth/rfcomm/core.c
@@ -252,7 +252,6 @@ static void rfcomm_session_timeout(unsigned long arg)
252 BT_DBG("session %p state %ld", s, s->state); 252 BT_DBG("session %p state %ld", s, s->state);
253 253
254 set_bit(RFCOMM_TIMED_OUT, &s->flags); 254 set_bit(RFCOMM_TIMED_OUT, &s->flags);
255 rfcomm_session_put(s);
256 rfcomm_schedule(RFCOMM_SCHED_TIMEO); 255 rfcomm_schedule(RFCOMM_SCHED_TIMEO);
257} 256}
258 257
@@ -1151,7 +1150,11 @@ static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1151 break; 1150 break;
1152 1151
1153 case BT_DISCONN: 1152 case BT_DISCONN:
1154 rfcomm_session_put(s); 1153 /* When socket is closed and we are not RFCOMM
1154 * initiator rfcomm_process_rx already calls
1155 * rfcomm_session_put() */
1156 if (s->sock->sk->sk_state != BT_CLOSED)
1157 rfcomm_session_put(s);
1155 break; 1158 break;
1156 } 1159 }
1157 } 1160 }
@@ -1920,6 +1923,7 @@ static inline void rfcomm_process_sessions(void)
1920 if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) { 1923 if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) {
1921 s->state = BT_DISCONN; 1924 s->state = BT_DISCONN;
1922 rfcomm_send_disc(s, 0); 1925 rfcomm_send_disc(s, 0);
1926 rfcomm_session_put(s);
1923 continue; 1927 continue;
1924 } 1928 }
1925 1929
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index bd1c65425d4f..0b7f262cd148 100644
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -1406,6 +1406,9 @@ static int do_ebt_set_ctl(struct sock *sk,
1406{ 1406{
1407 int ret; 1407 int ret;
1408 1408
1409 if (!capable(CAP_NET_ADMIN))
1410 return -EPERM;
1411
1409 switch(cmd) { 1412 switch(cmd) {
1410 case EBT_SO_SET_ENTRIES: 1413 case EBT_SO_SET_ENTRIES:
1411 ret = do_replace(sock_net(sk), user, len); 1414 ret = do_replace(sock_net(sk), user, len);
@@ -1425,6 +1428,9 @@ static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
1425 struct ebt_replace tmp; 1428 struct ebt_replace tmp;
1426 struct ebt_table *t; 1429 struct ebt_table *t;
1427 1430
1431 if (!capable(CAP_NET_ADMIN))
1432 return -EPERM;
1433
1428 if (copy_from_user(&tmp, user, sizeof(tmp))) 1434 if (copy_from_user(&tmp, user, sizeof(tmp)))
1429 return -EFAULT; 1435 return -EFAULT;
1430 1436
diff --git a/net/core/dev.c b/net/core/dev.c
index be9924f60ec3..ec874218b206 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -2761,7 +2761,7 @@ gro_result_t napi_frags_finish(struct napi_struct *napi, struct sk_buff *skb,
2761 switch (ret) { 2761 switch (ret) {
2762 case GRO_NORMAL: 2762 case GRO_NORMAL:
2763 case GRO_HELD: 2763 case GRO_HELD:
2764 skb->protocol = eth_type_trans(skb, napi->dev); 2764 skb->protocol = eth_type_trans(skb, skb->dev);
2765 2765
2766 if (ret == GRO_HELD) 2766 if (ret == GRO_HELD)
2767 skb_gro_pull(skb, -ETH_HLEN); 2767 skb_gro_pull(skb, -ETH_HLEN);
diff --git a/net/core/dst.c b/net/core/dst.c
index 57bc4d5b8d08..cb1b3488b739 100644
--- a/net/core/dst.c
+++ b/net/core/dst.c
@@ -17,6 +17,7 @@
17#include <linux/string.h> 17#include <linux/string.h>
18#include <linux/types.h> 18#include <linux/types.h>
19#include <net/net_namespace.h> 19#include <net/net_namespace.h>
20#include <linux/sched.h>
20 21
21#include <net/dst.h> 22#include <net/dst.h>
22 23
@@ -79,6 +80,7 @@ loop:
79 while ((dst = next) != NULL) { 80 while ((dst = next) != NULL) {
80 next = dst->next; 81 next = dst->next;
81 prefetch(&next->next); 82 prefetch(&next->next);
83 cond_resched();
82 if (likely(atomic_read(&dst->__refcnt))) { 84 if (likely(atomic_read(&dst->__refcnt))) {
83 last->next = dst; 85 last->next = dst;
84 last = dst; 86 last = dst;
diff --git a/net/core/ethtool.c b/net/core/ethtool.c
index d8aee584e8d1..236a9988ea91 100644
--- a/net/core/ethtool.c
+++ b/net/core/ethtool.c
@@ -927,6 +927,7 @@ int dev_ethtool(struct net *net, struct ifreq *ifr)
927 case ETHTOOL_GPERMADDR: 927 case ETHTOOL_GPERMADDR:
928 case ETHTOOL_GUFO: 928 case ETHTOOL_GUFO:
929 case ETHTOOL_GGSO: 929 case ETHTOOL_GGSO:
930 case ETHTOOL_GGRO:
930 case ETHTOOL_GFLAGS: 931 case ETHTOOL_GFLAGS:
931 case ETHTOOL_GPFLAGS: 932 case ETHTOOL_GPFLAGS:
932 case ETHTOOL_GRXFH: 933 case ETHTOOL_GRXFH:
diff --git a/net/core/net-sysfs.c b/net/core/net-sysfs.c
index fbc1c7472c5e..099c753c4213 100644
--- a/net/core/net-sysfs.c
+++ b/net/core/net-sysfs.c
@@ -410,7 +410,8 @@ static ssize_t wireless_show(struct device *d, char *buf,
410 const struct iw_statistics *iw; 410 const struct iw_statistics *iw;
411 ssize_t ret = -EINVAL; 411 ssize_t ret = -EINVAL;
412 412
413 rtnl_lock(); 413 if (!rtnl_trylock())
414 return restart_syscall();
414 if (dev_isalive(dev)) { 415 if (dev_isalive(dev)) {
415 iw = get_wireless_stats(dev); 416 iw = get_wireless_stats(dev);
416 if (iw) 417 if (iw)
diff --git a/net/core/pktgen.c b/net/core/pktgen.c
index a23b45f08ec9..2e692afdc55d 100644
--- a/net/core/pktgen.c
+++ b/net/core/pktgen.c
@@ -250,8 +250,7 @@ struct pktgen_dev {
250 __u64 count; /* Default No packets to send */ 250 __u64 count; /* Default No packets to send */
251 __u64 sofar; /* How many pkts we've sent so far */ 251 __u64 sofar; /* How many pkts we've sent so far */
252 __u64 tx_bytes; /* How many bytes we've transmitted */ 252 __u64 tx_bytes; /* How many bytes we've transmitted */
253 __u64 errors; /* Errors when trying to transmit, 253 __u64 errors; /* Errors when trying to transmit, */
254 pkts will be re-sent */
255 254
256 /* runtime counters relating to clone_skb */ 255 /* runtime counters relating to clone_skb */
257 256
@@ -3465,6 +3464,12 @@ static void pktgen_xmit(struct pktgen_dev *pkt_dev)
3465 pkt_dev->seq_num++; 3464 pkt_dev->seq_num++;
3466 pkt_dev->tx_bytes += pkt_dev->last_pkt_size; 3465 pkt_dev->tx_bytes += pkt_dev->last_pkt_size;
3467 break; 3466 break;
3467 case NET_XMIT_DROP:
3468 case NET_XMIT_CN:
3469 case NET_XMIT_POLICED:
3470 /* skb has been consumed */
3471 pkt_dev->errors++;
3472 break;
3468 default: /* Drivers are not supposed to return other values! */ 3473 default: /* Drivers are not supposed to return other values! */
3469 if (net_ratelimit()) 3474 if (net_ratelimit())
3470 pr_info("pktgen: %s xmit error: %d\n", 3475 pr_info("pktgen: %s xmit error: %d\n",
@@ -3519,6 +3524,7 @@ static int pktgen_thread_worker(void *arg)
3519 wait_event_interruptible_timeout(t->queue, 3524 wait_event_interruptible_timeout(t->queue,
3520 t->control != 0, 3525 t->control != 0,
3521 HZ/10); 3526 HZ/10);
3527 try_to_freeze();
3522 continue; 3528 continue;
3523 } 3529 }
3524 3530
diff --git a/net/core/sock.c b/net/core/sock.c
index 76ff58d43e26..e1f6f225f012 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -1205,6 +1205,10 @@ struct sock *sk_clone(const struct sock *sk, const gfp_t priority)
1205 1205
1206 if (newsk->sk_prot->sockets_allocated) 1206 if (newsk->sk_prot->sockets_allocated)
1207 percpu_counter_inc(newsk->sk_prot->sockets_allocated); 1207 percpu_counter_inc(newsk->sk_prot->sockets_allocated);
1208
1209 if (sock_flag(newsk, SOCK_TIMESTAMP) ||
1210 sock_flag(newsk, SOCK_TIMESTAMPING_RX_SOFTWARE))
1211 net_enable_timestamp();
1208 } 1212 }
1209out: 1213out:
1210 return newsk; 1214 return newsk;
diff --git a/net/dccp/ccid.c b/net/dccp/ccid.c
index f3e9ba1cfd01..ff16e9df1969 100644
--- a/net/dccp/ccid.c
+++ b/net/dccp/ccid.c
@@ -77,34 +77,24 @@ int ccid_getsockopt_builtin_ccids(struct sock *sk, int len,
77 return err; 77 return err;
78} 78}
79 79
80static struct kmem_cache *ccid_kmem_cache_create(int obj_size, const char *fmt,...) 80static struct kmem_cache *ccid_kmem_cache_create(int obj_size, char *slab_name_fmt, const char *fmt,...)
81{ 81{
82 struct kmem_cache *slab; 82 struct kmem_cache *slab;
83 char slab_name_fmt[32], *slab_name;
84 va_list args; 83 va_list args;
85 84
86 va_start(args, fmt); 85 va_start(args, fmt);
87 vsnprintf(slab_name_fmt, sizeof(slab_name_fmt), fmt, args); 86 vsnprintf(slab_name_fmt, CCID_SLAB_NAME_LENGTH, fmt, args);
88 va_end(args); 87 va_end(args);
89 88
90 slab_name = kstrdup(slab_name_fmt, GFP_KERNEL); 89 slab = kmem_cache_create(slab_name_fmt, sizeof(struct ccid) + obj_size, 0,
91 if (slab_name == NULL)
92 return NULL;
93 slab = kmem_cache_create(slab_name, sizeof(struct ccid) + obj_size, 0,
94 SLAB_HWCACHE_ALIGN, NULL); 90 SLAB_HWCACHE_ALIGN, NULL);
95 if (slab == NULL)
96 kfree(slab_name);
97 return slab; 91 return slab;
98} 92}
99 93
100static void ccid_kmem_cache_destroy(struct kmem_cache *slab) 94static void ccid_kmem_cache_destroy(struct kmem_cache *slab)
101{ 95{
102 if (slab != NULL) { 96 if (slab != NULL)
103 const char *name = kmem_cache_name(slab);
104
105 kmem_cache_destroy(slab); 97 kmem_cache_destroy(slab);
106 kfree(name);
107 }
108} 98}
109 99
110static int ccid_activate(struct ccid_operations *ccid_ops) 100static int ccid_activate(struct ccid_operations *ccid_ops)
@@ -113,6 +103,7 @@ static int ccid_activate(struct ccid_operations *ccid_ops)
113 103
114 ccid_ops->ccid_hc_rx_slab = 104 ccid_ops->ccid_hc_rx_slab =
115 ccid_kmem_cache_create(ccid_ops->ccid_hc_rx_obj_size, 105 ccid_kmem_cache_create(ccid_ops->ccid_hc_rx_obj_size,
106 ccid_ops->ccid_hc_rx_slab_name,
116 "ccid%u_hc_rx_sock", 107 "ccid%u_hc_rx_sock",
117 ccid_ops->ccid_id); 108 ccid_ops->ccid_id);
118 if (ccid_ops->ccid_hc_rx_slab == NULL) 109 if (ccid_ops->ccid_hc_rx_slab == NULL)
@@ -120,6 +111,7 @@ static int ccid_activate(struct ccid_operations *ccid_ops)
120 111
121 ccid_ops->ccid_hc_tx_slab = 112 ccid_ops->ccid_hc_tx_slab =
122 ccid_kmem_cache_create(ccid_ops->ccid_hc_tx_obj_size, 113 ccid_kmem_cache_create(ccid_ops->ccid_hc_tx_obj_size,
114 ccid_ops->ccid_hc_tx_slab_name,
123 "ccid%u_hc_tx_sock", 115 "ccid%u_hc_tx_sock",
124 ccid_ops->ccid_id); 116 ccid_ops->ccid_id);
125 if (ccid_ops->ccid_hc_tx_slab == NULL) 117 if (ccid_ops->ccid_hc_tx_slab == NULL)
diff --git a/net/dccp/ccid.h b/net/dccp/ccid.h
index facedd20b531..6df6f8ac9636 100644
--- a/net/dccp/ccid.h
+++ b/net/dccp/ccid.h
@@ -19,7 +19,9 @@
19#include <linux/list.h> 19#include <linux/list.h>
20#include <linux/module.h> 20#include <linux/module.h>
21 21
22#define CCID_MAX 255 22/* maximum value for a CCID (RFC 4340, 19.5) */
23#define CCID_MAX 255
24#define CCID_SLAB_NAME_LENGTH 32
23 25
24struct tcp_info; 26struct tcp_info;
25 27
@@ -49,6 +51,8 @@ struct ccid_operations {
49 const char *ccid_name; 51 const char *ccid_name;
50 struct kmem_cache *ccid_hc_rx_slab, 52 struct kmem_cache *ccid_hc_rx_slab,
51 *ccid_hc_tx_slab; 53 *ccid_hc_tx_slab;
54 char ccid_hc_rx_slab_name[CCID_SLAB_NAME_LENGTH];
55 char ccid_hc_tx_slab_name[CCID_SLAB_NAME_LENGTH];
52 __u32 ccid_hc_rx_obj_size, 56 __u32 ccid_hc_rx_obj_size,
53 ccid_hc_tx_obj_size; 57 ccid_hc_tx_obj_size;
54 /* Interface Routines */ 58 /* Interface Routines */
diff --git a/net/dccp/probe.c b/net/dccp/probe.c
index a1362dc8abb0..f5b3464f1242 100644
--- a/net/dccp/probe.c
+++ b/net/dccp/probe.c
@@ -161,7 +161,8 @@ static __init int dccpprobe_init(void)
161 if (!proc_net_fops_create(&init_net, procname, S_IRUSR, &dccpprobe_fops)) 161 if (!proc_net_fops_create(&init_net, procname, S_IRUSR, &dccpprobe_fops))
162 goto err0; 162 goto err0;
163 163
164 ret = register_jprobe(&dccp_send_probe); 164 try_then_request_module((ret = register_jprobe(&dccp_send_probe)) == 0,
165 "dccp");
165 if (ret) 166 if (ret)
166 goto err1; 167 goto err1;
167 168
diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
index 5cdbc102a418..26dec2be9615 100644
--- a/net/ipv4/devinet.c
+++ b/net/ipv4/devinet.c
@@ -1317,14 +1317,19 @@ static int devinet_sysctl_forward(ctl_table *ctl, int write,
1317{ 1317{
1318 int *valp = ctl->data; 1318 int *valp = ctl->data;
1319 int val = *valp; 1319 int val = *valp;
1320 loff_t pos = *ppos;
1320 int ret = proc_dointvec(ctl, write, buffer, lenp, ppos); 1321 int ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
1321 1322
1322 if (write && *valp != val) { 1323 if (write && *valp != val) {
1323 struct net *net = ctl->extra2; 1324 struct net *net = ctl->extra2;
1324 1325
1325 if (valp != &IPV4_DEVCONF_DFLT(net, FORWARDING)) { 1326 if (valp != &IPV4_DEVCONF_DFLT(net, FORWARDING)) {
1326 if (!rtnl_trylock()) 1327 if (!rtnl_trylock()) {
1328 /* Restore the original values before restarting */
1329 *valp = val;
1330 *ppos = pos;
1327 return restart_syscall(); 1331 return restart_syscall();
1332 }
1328 if (valp == &IPV4_DEVCONF_ALL(net, FORWARDING)) { 1333 if (valp == &IPV4_DEVCONF_ALL(net, FORWARDING)) {
1329 inet_forward_change(net); 1334 inet_forward_change(net);
1330 } else if (*valp) { 1335 } else if (*valp) {
@@ -1397,6 +1402,7 @@ static struct devinet_sysctl_table {
1397 DEVINET_SYSCTL_RW_ENTRY(ACCEPT_SOURCE_ROUTE, 1402 DEVINET_SYSCTL_RW_ENTRY(ACCEPT_SOURCE_ROUTE,
1398 "accept_source_route"), 1403 "accept_source_route"),
1399 DEVINET_SYSCTL_RW_ENTRY(ACCEPT_LOCAL, "accept_local"), 1404 DEVINET_SYSCTL_RW_ENTRY(ACCEPT_LOCAL, "accept_local"),
1405 DEVINET_SYSCTL_RW_ENTRY(SRC_VMARK, "src_valid_mark"),
1400 DEVINET_SYSCTL_RW_ENTRY(PROXY_ARP, "proxy_arp"), 1406 DEVINET_SYSCTL_RW_ENTRY(PROXY_ARP, "proxy_arp"),
1401 DEVINET_SYSCTL_RW_ENTRY(MEDIUM_ID, "medium_id"), 1407 DEVINET_SYSCTL_RW_ENTRY(MEDIUM_ID, "medium_id"),
1402 DEVINET_SYSCTL_RW_ENTRY(BOOTP_RELAY, "bootp_relay"), 1408 DEVINET_SYSCTL_RW_ENTRY(BOOTP_RELAY, "bootp_relay"),
diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c
index 3323168ee52d..82dbf711d6d0 100644
--- a/net/ipv4/fib_frontend.c
+++ b/net/ipv4/fib_frontend.c
@@ -252,6 +252,8 @@ int fib_validate_source(__be32 src, __be32 dst, u8 tos, int oif,
252 no_addr = in_dev->ifa_list == NULL; 252 no_addr = in_dev->ifa_list == NULL;
253 rpf = IN_DEV_RPFILTER(in_dev); 253 rpf = IN_DEV_RPFILTER(in_dev);
254 accept_local = IN_DEV_ACCEPT_LOCAL(in_dev); 254 accept_local = IN_DEV_ACCEPT_LOCAL(in_dev);
255 if (mark && !IN_DEV_SRC_VMARK(in_dev))
256 fl.mark = 0;
255 } 257 }
256 rcu_read_unlock(); 258 rcu_read_unlock();
257 259
diff --git a/net/ipv4/igmp.c b/net/ipv4/igmp.c
index 76c08402c933..a42f658e756a 100644
--- a/net/ipv4/igmp.c
+++ b/net/ipv4/igmp.c
@@ -946,7 +946,6 @@ int igmp_rcv(struct sk_buff *skb)
946 break; 946 break;
947 case IGMP_HOST_MEMBERSHIP_REPORT: 947 case IGMP_HOST_MEMBERSHIP_REPORT:
948 case IGMPV2_HOST_MEMBERSHIP_REPORT: 948 case IGMPV2_HOST_MEMBERSHIP_REPORT:
949 case IGMPV3_HOST_MEMBERSHIP_REPORT:
950 /* Is it our report looped back? */ 949 /* Is it our report looped back? */
951 if (skb_rtable(skb)->fl.iif == 0) 950 if (skb_rtable(skb)->fl.iif == 0)
952 break; 951 break;
@@ -960,6 +959,7 @@ int igmp_rcv(struct sk_buff *skb)
960 in_dev_put(in_dev); 959 in_dev_put(in_dev);
961 return pim_rcv_v1(skb); 960 return pim_rcv_v1(skb);
962#endif 961#endif
962 case IGMPV3_HOST_MEMBERSHIP_REPORT:
963 case IGMP_DVMRP: 963 case IGMP_DVMRP:
964 case IGMP_TRACE: 964 case IGMP_TRACE:
965 case IGMP_HOST_LEAVE_MESSAGE: 965 case IGMP_HOST_LEAVE_MESSAGE:
diff --git a/net/ipv4/inet_diag.c b/net/ipv4/inet_diag.c
index bdb78dd180ce..1aaa8110d84b 100644
--- a/net/ipv4/inet_diag.c
+++ b/net/ipv4/inet_diag.c
@@ -368,7 +368,7 @@ static int inet_diag_bc_run(const void *bc, int len,
368 yes = entry->sport >= op[1].no; 368 yes = entry->sport >= op[1].no;
369 break; 369 break;
370 case INET_DIAG_BC_S_LE: 370 case INET_DIAG_BC_S_LE:
371 yes = entry->dport <= op[1].no; 371 yes = entry->sport <= op[1].no;
372 break; 372 break;
373 case INET_DIAG_BC_D_GE: 373 case INET_DIAG_BC_D_GE:
374 yes = entry->dport >= op[1].no; 374 yes = entry->dport >= op[1].no;
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index e34013a78ef4..3451799e3dbf 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -254,7 +254,7 @@ int ip_mc_output(struct sk_buff *skb)
254 */ 254 */
255 255
256 if (rt->rt_flags&RTCF_MULTICAST) { 256 if (rt->rt_flags&RTCF_MULTICAST) {
257 if ((!sk || inet_sk(sk)->mc_loop) 257 if (sk_mc_loop(sk)
258#ifdef CONFIG_IP_MROUTE 258#ifdef CONFIG_IP_MROUTE
259 /* Small optimization: do not loopback not local frames, 259 /* Small optimization: do not loopback not local frames,
260 which returned after forwarding; they will be dropped 260 which returned after forwarding; they will be dropped
diff --git a/net/ipv4/ipcomp.c b/net/ipv4/ipcomp.c
index 38fbf04150ae..544ce0876f12 100644
--- a/net/ipv4/ipcomp.c
+++ b/net/ipv4/ipcomp.c
@@ -124,16 +124,12 @@ static int ipcomp4_init_state(struct xfrm_state *x)
124 if (x->props.mode == XFRM_MODE_TUNNEL) { 124 if (x->props.mode == XFRM_MODE_TUNNEL) {
125 err = ipcomp_tunnel_attach(x); 125 err = ipcomp_tunnel_attach(x);
126 if (err) 126 if (err)
127 goto error_tunnel; 127 goto out;
128 } 128 }
129 129
130 err = 0; 130 err = 0;
131out: 131out:
132 return err; 132 return err;
133
134error_tunnel:
135 ipcomp_destroy(x);
136 goto out;
137} 133}
138 134
139static const struct xfrm_type ipcomp_type = { 135static const struct xfrm_type ipcomp_type = {
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
index 06632762ba5f..90203e1b9187 100644
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -925,10 +925,10 @@ static int get_info(struct net *net, void __user *user, int *len, int compat)
925 if (t && !IS_ERR(t)) { 925 if (t && !IS_ERR(t)) {
926 struct arpt_getinfo info; 926 struct arpt_getinfo info;
927 const struct xt_table_info *private = t->private; 927 const struct xt_table_info *private = t->private;
928
929#ifdef CONFIG_COMPAT 928#ifdef CONFIG_COMPAT
929 struct xt_table_info tmp;
930
930 if (compat) { 931 if (compat) {
931 struct xt_table_info tmp;
932 ret = compat_table_info(private, &tmp); 932 ret = compat_table_info(private, &tmp);
933 xt_compat_flush_offsets(NFPROTO_ARP); 933 xt_compat_flush_offsets(NFPROTO_ARP);
934 private = &tmp; 934 private = &tmp;
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index 572330a552ef..3ce53cf13d5a 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -1132,10 +1132,10 @@ static int get_info(struct net *net, void __user *user, int *len, int compat)
1132 if (t && !IS_ERR(t)) { 1132 if (t && !IS_ERR(t)) {
1133 struct ipt_getinfo info; 1133 struct ipt_getinfo info;
1134 const struct xt_table_info *private = t->private; 1134 const struct xt_table_info *private = t->private;
1135
1136#ifdef CONFIG_COMPAT 1135#ifdef CONFIG_COMPAT
1136 struct xt_table_info tmp;
1137
1137 if (compat) { 1138 if (compat) {
1138 struct xt_table_info tmp;
1139 ret = compat_table_info(private, &tmp); 1139 ret = compat_table_info(private, &tmp);
1140 xt_compat_flush_offsets(AF_INET); 1140 xt_compat_flush_offsets(AF_INET);
1141 private = &tmp; 1141 private = &tmp;
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
index d171b123a656..d1ea38a7c490 100644
--- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
+++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
@@ -210,7 +210,7 @@ static ctl_table ip_ct_sysctl_table[] = {
210 }, 210 },
211 { 211 {
212 .procname = "ip_conntrack_buckets", 212 .procname = "ip_conntrack_buckets",
213 .data = &nf_conntrack_htable_size, 213 .data = &init_net.ct.htable_size,
214 .maxlen = sizeof(unsigned int), 214 .maxlen = sizeof(unsigned int),
215 .mode = 0444, 215 .mode = 0444,
216 .proc_handler = proc_dointvec, 216 .proc_handler = proc_dointvec,
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c
index 8668a3defda6..2fb7b76da94f 100644
--- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c
+++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c
@@ -32,7 +32,7 @@ static struct hlist_nulls_node *ct_get_first(struct seq_file *seq)
32 struct hlist_nulls_node *n; 32 struct hlist_nulls_node *n;
33 33
34 for (st->bucket = 0; 34 for (st->bucket = 0;
35 st->bucket < nf_conntrack_htable_size; 35 st->bucket < net->ct.htable_size;
36 st->bucket++) { 36 st->bucket++) {
37 n = rcu_dereference(net->ct.hash[st->bucket].first); 37 n = rcu_dereference(net->ct.hash[st->bucket].first);
38 if (!is_a_nulls(n)) 38 if (!is_a_nulls(n))
@@ -50,7 +50,7 @@ static struct hlist_nulls_node *ct_get_next(struct seq_file *seq,
50 head = rcu_dereference(head->next); 50 head = rcu_dereference(head->next);
51 while (is_a_nulls(head)) { 51 while (is_a_nulls(head)) {
52 if (likely(get_nulls_value(head) == st->bucket)) { 52 if (likely(get_nulls_value(head) == st->bucket)) {
53 if (++st->bucket >= nf_conntrack_htable_size) 53 if (++st->bucket >= net->ct.htable_size)
54 return NULL; 54 return NULL;
55 } 55 }
56 head = rcu_dereference(net->ct.hash[st->bucket].first); 56 head = rcu_dereference(net->ct.hash[st->bucket].first);
diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c
index fe1a64479dd0..26066a2327ad 100644
--- a/net/ipv4/netfilter/nf_nat_core.c
+++ b/net/ipv4/netfilter/nf_nat_core.c
@@ -35,9 +35,6 @@ static DEFINE_SPINLOCK(nf_nat_lock);
35 35
36static struct nf_conntrack_l3proto *l3proto __read_mostly; 36static struct nf_conntrack_l3proto *l3proto __read_mostly;
37 37
38/* Calculated at init based on memory size */
39static unsigned int nf_nat_htable_size __read_mostly;
40
41#define MAX_IP_NAT_PROTO 256 38#define MAX_IP_NAT_PROTO 256
42static const struct nf_nat_protocol *nf_nat_protos[MAX_IP_NAT_PROTO] 39static const struct nf_nat_protocol *nf_nat_protos[MAX_IP_NAT_PROTO]
43 __read_mostly; 40 __read_mostly;
@@ -72,7 +69,7 @@ EXPORT_SYMBOL_GPL(nf_nat_proto_put);
72 69
73/* We keep an extra hash for each conntrack, for fast searching. */ 70/* We keep an extra hash for each conntrack, for fast searching. */
74static inline unsigned int 71static inline unsigned int
75hash_by_src(const struct nf_conntrack_tuple *tuple) 72hash_by_src(const struct net *net, const struct nf_conntrack_tuple *tuple)
76{ 73{
77 unsigned int hash; 74 unsigned int hash;
78 75
@@ -80,7 +77,7 @@ hash_by_src(const struct nf_conntrack_tuple *tuple)
80 hash = jhash_3words((__force u32)tuple->src.u3.ip, 77 hash = jhash_3words((__force u32)tuple->src.u3.ip,
81 (__force u32)tuple->src.u.all, 78 (__force u32)tuple->src.u.all,
82 tuple->dst.protonum, 0); 79 tuple->dst.protonum, 0);
83 return ((u64)hash * nf_nat_htable_size) >> 32; 80 return ((u64)hash * net->ipv4.nat_htable_size) >> 32;
84} 81}
85 82
86/* Is this tuple already taken? (not by us) */ 83/* Is this tuple already taken? (not by us) */
@@ -147,7 +144,7 @@ find_appropriate_src(struct net *net,
147 struct nf_conntrack_tuple *result, 144 struct nf_conntrack_tuple *result,
148 const struct nf_nat_range *range) 145 const struct nf_nat_range *range)
149{ 146{
150 unsigned int h = hash_by_src(tuple); 147 unsigned int h = hash_by_src(net, tuple);
151 const struct nf_conn_nat *nat; 148 const struct nf_conn_nat *nat;
152 const struct nf_conn *ct; 149 const struct nf_conn *ct;
153 const struct hlist_node *n; 150 const struct hlist_node *n;
@@ -330,7 +327,7 @@ nf_nat_setup_info(struct nf_conn *ct,
330 if (have_to_hash) { 327 if (have_to_hash) {
331 unsigned int srchash; 328 unsigned int srchash;
332 329
333 srchash = hash_by_src(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple); 330 srchash = hash_by_src(net, &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple);
334 spin_lock_bh(&nf_nat_lock); 331 spin_lock_bh(&nf_nat_lock);
335 /* nf_conntrack_alter_reply might re-allocate exntension aera */ 332 /* nf_conntrack_alter_reply might re-allocate exntension aera */
336 nat = nfct_nat(ct); 333 nat = nfct_nat(ct);
@@ -679,8 +676,10 @@ nfnetlink_parse_nat_setup(struct nf_conn *ct,
679 676
680static int __net_init nf_nat_net_init(struct net *net) 677static int __net_init nf_nat_net_init(struct net *net)
681{ 678{
682 net->ipv4.nat_bysource = nf_ct_alloc_hashtable(&nf_nat_htable_size, 679 /* Leave them the same for the moment. */
683 &net->ipv4.nat_vmalloced, 0); 680 net->ipv4.nat_htable_size = net->ct.htable_size;
681 net->ipv4.nat_bysource = nf_ct_alloc_hashtable(&net->ipv4.nat_htable_size,
682 &net->ipv4.nat_vmalloced, 0);
684 if (!net->ipv4.nat_bysource) 683 if (!net->ipv4.nat_bysource)
685 return -ENOMEM; 684 return -ENOMEM;
686 return 0; 685 return 0;
@@ -703,7 +702,7 @@ static void __net_exit nf_nat_net_exit(struct net *net)
703 nf_ct_iterate_cleanup(net, &clean_nat, NULL); 702 nf_ct_iterate_cleanup(net, &clean_nat, NULL);
704 synchronize_rcu(); 703 synchronize_rcu();
705 nf_ct_free_hashtable(net->ipv4.nat_bysource, net->ipv4.nat_vmalloced, 704 nf_ct_free_hashtable(net->ipv4.nat_bysource, net->ipv4.nat_vmalloced,
706 nf_nat_htable_size); 705 net->ipv4.nat_htable_size);
707} 706}
708 707
709static struct pernet_operations nf_nat_net_ops = { 708static struct pernet_operations nf_nat_net_ops = {
@@ -724,9 +723,6 @@ static int __init nf_nat_init(void)
724 return ret; 723 return ret;
725 } 724 }
726 725
727 /* Leave them the same for the moment. */
728 nf_nat_htable_size = nf_conntrack_htable_size;
729
730 ret = register_pernet_subsys(&nf_nat_net_ops); 726 ret = register_pernet_subsys(&nf_nat_net_ops);
731 if (ret < 0) 727 if (ret < 0)
732 goto cleanup_extend; 728 goto cleanup_extend;
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index e446496f564f..d62b05d33384 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -586,7 +586,9 @@ static void __net_exit ip_rt_do_proc_exit(struct net *net)
586{ 586{
587 remove_proc_entry("rt_cache", net->proc_net_stat); 587 remove_proc_entry("rt_cache", net->proc_net_stat);
588 remove_proc_entry("rt_cache", net->proc_net); 588 remove_proc_entry("rt_cache", net->proc_net);
589#ifdef CONFIG_NET_CLS_ROUTE
589 remove_proc_entry("rt_acct", net->proc_net); 590 remove_proc_entry("rt_acct", net->proc_net);
591#endif
590} 592}
591 593
592static struct pernet_operations ip_rt_proc_ops __net_initdata = { 594static struct pernet_operations ip_rt_proc_ops __net_initdata = {
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index 28e029632493..3fddc69ccccc 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -5783,11 +5783,9 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
5783 5783
5784 /* tcp_ack considers this ACK as duplicate 5784 /* tcp_ack considers this ACK as duplicate
5785 * and does not calculate rtt. 5785 * and does not calculate rtt.
5786 * Fix it at least with timestamps. 5786 * Force it here.
5787 */ 5787 */
5788 if (tp->rx_opt.saw_tstamp && 5788 tcp_ack_update_rtt(sk, 0, 0);
5789 tp->rx_opt.rcv_tsecr && !tp->srtt)
5790 tcp_ack_saw_tstamp(sk, 0);
5791 5789
5792 if (tp->rx_opt.tstamp_ok) 5790 if (tp->rx_opt.tstamp_ok)
5793 tp->advmss -= TCPOLEN_TSTAMP_ALIGNED; 5791 tp->advmss -= TCPOLEN_TSTAMP_ALIGNED;
diff --git a/net/ipv4/tcp_probe.c b/net/ipv4/tcp_probe.c
index bb110c5ce1d2..9bc805df95d2 100644
--- a/net/ipv4/tcp_probe.c
+++ b/net/ipv4/tcp_probe.c
@@ -39,9 +39,9 @@ static int port __read_mostly = 0;
39MODULE_PARM_DESC(port, "Port to match (0=all)"); 39MODULE_PARM_DESC(port, "Port to match (0=all)");
40module_param(port, int, 0); 40module_param(port, int, 0);
41 41
42static int bufsize __read_mostly = 4096; 42static unsigned int bufsize __read_mostly = 4096;
43MODULE_PARM_DESC(bufsize, "Log buffer size in packets (4096)"); 43MODULE_PARM_DESC(bufsize, "Log buffer size in packets (4096)");
44module_param(bufsize, int, 0); 44module_param(bufsize, uint, 0);
45 45
46static int full __read_mostly; 46static int full __read_mostly;
47MODULE_PARM_DESC(full, "Full log (1=every ack packet received, 0=only cwnd changes)"); 47MODULE_PARM_DESC(full, "Full log (1=every ack packet received, 0=only cwnd changes)");
@@ -75,12 +75,12 @@ static struct {
75 75
76static inline int tcp_probe_used(void) 76static inline int tcp_probe_used(void)
77{ 77{
78 return (tcp_probe.head - tcp_probe.tail) % bufsize; 78 return (tcp_probe.head - tcp_probe.tail) & (bufsize - 1);
79} 79}
80 80
81static inline int tcp_probe_avail(void) 81static inline int tcp_probe_avail(void)
82{ 82{
83 return bufsize - tcp_probe_used(); 83 return bufsize - tcp_probe_used() - 1;
84} 84}
85 85
86/* 86/*
@@ -116,7 +116,7 @@ static int jtcp_rcv_established(struct sock *sk, struct sk_buff *skb,
116 p->ssthresh = tcp_current_ssthresh(sk); 116 p->ssthresh = tcp_current_ssthresh(sk);
117 p->srtt = tp->srtt >> 3; 117 p->srtt = tp->srtt >> 3;
118 118
119 tcp_probe.head = (tcp_probe.head + 1) % bufsize; 119 tcp_probe.head = (tcp_probe.head + 1) & (bufsize - 1);
120 } 120 }
121 tcp_probe.lastcwnd = tp->snd_cwnd; 121 tcp_probe.lastcwnd = tp->snd_cwnd;
122 spin_unlock(&tcp_probe.lock); 122 spin_unlock(&tcp_probe.lock);
@@ -149,7 +149,7 @@ static int tcpprobe_open(struct inode * inode, struct file * file)
149static int tcpprobe_sprint(char *tbuf, int n) 149static int tcpprobe_sprint(char *tbuf, int n)
150{ 150{
151 const struct tcp_log *p 151 const struct tcp_log *p
152 = tcp_probe.log + tcp_probe.tail % bufsize; 152 = tcp_probe.log + tcp_probe.tail;
153 struct timespec tv 153 struct timespec tv
154 = ktime_to_timespec(ktime_sub(p->tstamp, tcp_probe.start)); 154 = ktime_to_timespec(ktime_sub(p->tstamp, tcp_probe.start));
155 155
@@ -192,7 +192,7 @@ static ssize_t tcpprobe_read(struct file *file, char __user *buf,
192 width = tcpprobe_sprint(tbuf, sizeof(tbuf)); 192 width = tcpprobe_sprint(tbuf, sizeof(tbuf));
193 193
194 if (cnt + width < len) 194 if (cnt + width < len)
195 tcp_probe.tail = (tcp_probe.tail + 1) % bufsize; 195 tcp_probe.tail = (tcp_probe.tail + 1) & (bufsize - 1);
196 196
197 spin_unlock_bh(&tcp_probe.lock); 197 spin_unlock_bh(&tcp_probe.lock);
198 198
@@ -222,9 +222,10 @@ static __init int tcpprobe_init(void)
222 init_waitqueue_head(&tcp_probe.wait); 222 init_waitqueue_head(&tcp_probe.wait);
223 spin_lock_init(&tcp_probe.lock); 223 spin_lock_init(&tcp_probe.lock);
224 224
225 if (bufsize < 0) 225 if (bufsize == 0)
226 return -EINVAL; 226 return -EINVAL;
227 227
228 bufsize = roundup_pow_of_two(bufsize);
228 tcp_probe.log = kcalloc(bufsize, sizeof(struct tcp_log), GFP_KERNEL); 229 tcp_probe.log = kcalloc(bufsize, sizeof(struct tcp_log), GFP_KERNEL);
229 if (!tcp_probe.log) 230 if (!tcp_probe.log)
230 goto err0; 231 goto err0;
@@ -236,7 +237,7 @@ static __init int tcpprobe_init(void)
236 if (ret) 237 if (ret)
237 goto err1; 238 goto err1;
238 239
239 pr_info("TCP probe registered (port=%d)\n", port); 240 pr_info("TCP probe registered (port=%d) bufsize=%u\n", port, bufsize);
240 return 0; 241 return 0;
241 err1: 242 err1:
242 proc_net_remove(&init_net, procname); 243 proc_net_remove(&init_net, procname);
diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c
index 8c08a28d8f83..67107d63c1cd 100644
--- a/net/ipv4/xfrm4_policy.c
+++ b/net/ipv4/xfrm4_policy.c
@@ -15,7 +15,6 @@
15#include <net/xfrm.h> 15#include <net/xfrm.h>
16#include <net/ip.h> 16#include <net/ip.h>
17 17
18static struct dst_ops xfrm4_dst_ops;
19static struct xfrm_policy_afinfo xfrm4_policy_afinfo; 18static struct xfrm_policy_afinfo xfrm4_policy_afinfo;
20 19
21static struct dst_entry *xfrm4_dst_lookup(struct net *net, int tos, 20static struct dst_entry *xfrm4_dst_lookup(struct net *net, int tos,
@@ -190,8 +189,10 @@ _decode_session4(struct sk_buff *skb, struct flowi *fl, int reverse)
190 189
191static inline int xfrm4_garbage_collect(struct dst_ops *ops) 190static inline int xfrm4_garbage_collect(struct dst_ops *ops)
192{ 191{
193 xfrm4_policy_afinfo.garbage_collect(&init_net); 192 struct net *net = container_of(ops, struct net, xfrm.xfrm4_dst_ops);
194 return (atomic_read(&xfrm4_dst_ops.entries) > xfrm4_dst_ops.gc_thresh*2); 193
194 xfrm4_policy_afinfo.garbage_collect(net);
195 return (atomic_read(&ops->entries) > ops->gc_thresh * 2);
195} 196}
196 197
197static void xfrm4_update_pmtu(struct dst_entry *dst, u32 mtu) 198static void xfrm4_update_pmtu(struct dst_entry *dst, u32 mtu)
@@ -268,7 +269,7 @@ static struct xfrm_policy_afinfo xfrm4_policy_afinfo = {
268static struct ctl_table xfrm4_policy_table[] = { 269static struct ctl_table xfrm4_policy_table[] = {
269 { 270 {
270 .procname = "xfrm4_gc_thresh", 271 .procname = "xfrm4_gc_thresh",
271 .data = &xfrm4_dst_ops.gc_thresh, 272 .data = &init_net.xfrm.xfrm4_dst_ops.gc_thresh,
272 .maxlen = sizeof(int), 273 .maxlen = sizeof(int),
273 .mode = 0644, 274 .mode = 0644,
274 .proc_handler = proc_dointvec, 275 .proc_handler = proc_dointvec,
@@ -295,8 +296,6 @@ static void __exit xfrm4_policy_fini(void)
295 296
296void __init xfrm4_init(int rt_max_size) 297void __init xfrm4_init(int rt_max_size)
297{ 298{
298 xfrm4_state_init();
299 xfrm4_policy_init();
300 /* 299 /*
301 * Select a default value for the gc_thresh based on the main route 300 * Select a default value for the gc_thresh based on the main route
302 * table hash size. It seems to me the worst case scenario is when 301 * table hash size. It seems to me the worst case scenario is when
@@ -308,6 +307,9 @@ void __init xfrm4_init(int rt_max_size)
308 * and start cleaning when were 1/2 full 307 * and start cleaning when were 1/2 full
309 */ 308 */
310 xfrm4_dst_ops.gc_thresh = rt_max_size/2; 309 xfrm4_dst_ops.gc_thresh = rt_max_size/2;
310
311 xfrm4_state_init();
312 xfrm4_policy_init();
311#ifdef CONFIG_SYSCTL 313#ifdef CONFIG_SYSCTL
312 sysctl_hdr = register_net_sysctl_table(&init_net, net_ipv4_ctl_path, 314 sysctl_hdr = register_net_sysctl_table(&init_net, net_ipv4_ctl_path,
313 xfrm4_policy_table); 315 xfrm4_policy_table);
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index de7a194a64ab..143791da062c 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -502,8 +502,11 @@ static int addrconf_fixup_forwarding(struct ctl_table *table, int *p, int old)
502 if (p == &net->ipv6.devconf_dflt->forwarding) 502 if (p == &net->ipv6.devconf_dflt->forwarding)
503 return 0; 503 return 0;
504 504
505 if (!rtnl_trylock()) 505 if (!rtnl_trylock()) {
506 /* Restore the original values before restarting */
507 *p = old;
506 return restart_syscall(); 508 return restart_syscall();
509 }
507 510
508 if (p == &net->ipv6.devconf_all->forwarding) { 511 if (p == &net->ipv6.devconf_all->forwarding) {
509 __s32 newf = net->ipv6.devconf_all->forwarding; 512 __s32 newf = net->ipv6.devconf_all->forwarding;
@@ -4028,12 +4031,15 @@ int addrconf_sysctl_forward(ctl_table *ctl, int write,
4028{ 4031{
4029 int *valp = ctl->data; 4032 int *valp = ctl->data;
4030 int val = *valp; 4033 int val = *valp;
4034 loff_t pos = *ppos;
4031 int ret; 4035 int ret;
4032 4036
4033 ret = proc_dointvec(ctl, write, buffer, lenp, ppos); 4037 ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
4034 4038
4035 if (write) 4039 if (write)
4036 ret = addrconf_fixup_forwarding(ctl, valp, val); 4040 ret = addrconf_fixup_forwarding(ctl, valp, val);
4041 if (ret)
4042 *ppos = pos;
4037 return ret; 4043 return ret;
4038} 4044}
4039 4045
@@ -4075,8 +4081,11 @@ static int addrconf_disable_ipv6(struct ctl_table *table, int *p, int old)
4075 if (p == &net->ipv6.devconf_dflt->disable_ipv6) 4081 if (p == &net->ipv6.devconf_dflt->disable_ipv6)
4076 return 0; 4082 return 0;
4077 4083
4078 if (!rtnl_trylock()) 4084 if (!rtnl_trylock()) {
4085 /* Restore the original values before restarting */
4086 *p = old;
4079 return restart_syscall(); 4087 return restart_syscall();
4088 }
4080 4089
4081 if (p == &net->ipv6.devconf_all->disable_ipv6) { 4090 if (p == &net->ipv6.devconf_all->disable_ipv6) {
4082 __s32 newf = net->ipv6.devconf_all->disable_ipv6; 4091 __s32 newf = net->ipv6.devconf_all->disable_ipv6;
@@ -4095,12 +4104,15 @@ int addrconf_sysctl_disable(ctl_table *ctl, int write,
4095{ 4104{
4096 int *valp = ctl->data; 4105 int *valp = ctl->data;
4097 int val = *valp; 4106 int val = *valp;
4107 loff_t pos = *ppos;
4098 int ret; 4108 int ret;
4099 4109
4100 ret = proc_dointvec(ctl, write, buffer, lenp, ppos); 4110 ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
4101 4111
4102 if (write) 4112 if (write)
4103 ret = addrconf_disable_ipv6(ctl, valp, val); 4113 ret = addrconf_disable_ipv6(ctl, valp, val);
4114 if (ret)
4115 *ppos = pos;
4104 return ret; 4116 return ret;
4105} 4117}
4106 4118
diff --git a/net/ipv6/exthdrs.c b/net/ipv6/exthdrs.c
index df159fffe4bc..4bac362b1335 100644
--- a/net/ipv6/exthdrs.c
+++ b/net/ipv6/exthdrs.c
@@ -559,6 +559,11 @@ static inline struct inet6_dev *ipv6_skb_idev(struct sk_buff *skb)
559 return skb_dst(skb) ? ip6_dst_idev(skb_dst(skb)) : __in6_dev_get(skb->dev); 559 return skb_dst(skb) ? ip6_dst_idev(skb_dst(skb)) : __in6_dev_get(skb->dev);
560} 560}
561 561
562static inline struct net *ipv6_skb_net(struct sk_buff *skb)
563{
564 return skb_dst(skb) ? dev_net(skb_dst(skb)->dev) : dev_net(skb->dev);
565}
566
562/* Router Alert as of RFC 2711 */ 567/* Router Alert as of RFC 2711 */
563 568
564static int ipv6_hop_ra(struct sk_buff *skb, int optoff) 569static int ipv6_hop_ra(struct sk_buff *skb, int optoff)
@@ -580,8 +585,8 @@ static int ipv6_hop_ra(struct sk_buff *skb, int optoff)
580static int ipv6_hop_jumbo(struct sk_buff *skb, int optoff) 585static int ipv6_hop_jumbo(struct sk_buff *skb, int optoff)
581{ 586{
582 const unsigned char *nh = skb_network_header(skb); 587 const unsigned char *nh = skb_network_header(skb);
588 struct net *net = ipv6_skb_net(skb);
583 u32 pkt_len; 589 u32 pkt_len;
584 struct net *net = dev_net(skb_dst(skb)->dev);
585 590
586 if (nh[optoff + 1] != 4 || (optoff & 3) != 2) { 591 if (nh[optoff + 1] != 4 || (optoff & 3) != 2) {
587 LIMIT_NETDEBUG(KERN_DEBUG "ipv6_hop_jumbo: wrong jumbo opt length/alignment %d\n", 592 LIMIT_NETDEBUG(KERN_DEBUG "ipv6_hop_jumbo: wrong jumbo opt length/alignment %d\n",
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index cd48801a8d6f..eb6d09728633 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -121,10 +121,9 @@ static int ip6_output2(struct sk_buff *skb)
121 skb->dev = dev; 121 skb->dev = dev;
122 122
123 if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr)) { 123 if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr)) {
124 struct ipv6_pinfo* np = skb->sk ? inet6_sk(skb->sk) : NULL;
125 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb)); 124 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
126 125
127 if (!(dev->flags & IFF_LOOPBACK) && (!np || np->mc_loop) && 126 if (!(dev->flags & IFF_LOOPBACK) && sk_mc_loop(skb->sk) &&
128 ((mroute6_socket(dev_net(dev)) && 127 ((mroute6_socket(dev_net(dev)) &&
129 !(IP6CB(skb)->flags & IP6SKB_FORWARDED)) || 128 !(IP6CB(skb)->flags & IP6SKB_FORWARDED)) ||
130 ipv6_chk_mcast_addr(dev, &ipv6_hdr(skb)->daddr, 129 ipv6_chk_mcast_addr(dev, &ipv6_hdr(skb)->daddr,
diff --git a/net/ipv6/ipcomp6.c b/net/ipv6/ipcomp6.c
index 2f2a5ca2c878..002e6eef9120 100644
--- a/net/ipv6/ipcomp6.c
+++ b/net/ipv6/ipcomp6.c
@@ -154,16 +154,12 @@ static int ipcomp6_init_state(struct xfrm_state *x)
154 if (x->props.mode == XFRM_MODE_TUNNEL) { 154 if (x->props.mode == XFRM_MODE_TUNNEL) {
155 err = ipcomp6_tunnel_attach(x); 155 err = ipcomp6_tunnel_attach(x);
156 if (err) 156 if (err)
157 goto error_tunnel; 157 goto out;
158 } 158 }
159 159
160 err = 0; 160 err = 0;
161out: 161out:
162 return err; 162 return err;
163error_tunnel:
164 ipcomp_destroy(x);
165
166 goto out;
167} 163}
168 164
169static const struct xfrm_type ipcomp6_type = 165static const struct xfrm_type ipcomp6_type =
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index 480d7f8c9802..8a7e0f52e177 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -1164,10 +1164,10 @@ static int get_info(struct net *net, void __user *user, int *len, int compat)
1164 if (t && !IS_ERR(t)) { 1164 if (t && !IS_ERR(t)) {
1165 struct ip6t_getinfo info; 1165 struct ip6t_getinfo info;
1166 const struct xt_table_info *private = t->private; 1166 const struct xt_table_info *private = t->private;
1167
1168#ifdef CONFIG_COMPAT 1167#ifdef CONFIG_COMPAT
1168 struct xt_table_info tmp;
1169
1169 if (compat) { 1170 if (compat) {
1170 struct xt_table_info tmp;
1171 ret = compat_table_info(private, &tmp); 1171 ret = compat_table_info(private, &tmp);
1172 xt_compat_flush_offsets(AF_INET6); 1172 xt_compat_flush_offsets(AF_INET6);
1173 private = &tmp; 1173 private = &tmp;
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
index 312c20adc83f..624a54832a7c 100644
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -63,6 +63,7 @@ struct nf_ct_frag6_queue
63 struct inet_frag_queue q; 63 struct inet_frag_queue q;
64 64
65 __be32 id; /* fragment id */ 65 __be32 id; /* fragment id */
66 u32 user;
66 struct in6_addr saddr; 67 struct in6_addr saddr;
67 struct in6_addr daddr; 68 struct in6_addr daddr;
68 69
diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c
index 7254e3f899a7..dbdc696f5fc5 100644
--- a/net/ipv6/xfrm6_policy.c
+++ b/net/ipv6/xfrm6_policy.c
@@ -24,7 +24,6 @@
24#include <net/mip6.h> 24#include <net/mip6.h>
25#endif 25#endif
26 26
27static struct dst_ops xfrm6_dst_ops;
28static struct xfrm_policy_afinfo xfrm6_policy_afinfo; 27static struct xfrm_policy_afinfo xfrm6_policy_afinfo;
29 28
30static struct dst_entry *xfrm6_dst_lookup(struct net *net, int tos, 29static struct dst_entry *xfrm6_dst_lookup(struct net *net, int tos,
@@ -224,8 +223,10 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse)
224 223
225static inline int xfrm6_garbage_collect(struct dst_ops *ops) 224static inline int xfrm6_garbage_collect(struct dst_ops *ops)
226{ 225{
227 xfrm6_policy_afinfo.garbage_collect(&init_net); 226 struct net *net = container_of(ops, struct net, xfrm.xfrm6_dst_ops);
228 return (atomic_read(&xfrm6_dst_ops.entries) > xfrm6_dst_ops.gc_thresh*2); 227
228 xfrm6_policy_afinfo.garbage_collect(net);
229 return (atomic_read(&ops->entries) > ops->gc_thresh * 2);
229} 230}
230 231
231static void xfrm6_update_pmtu(struct dst_entry *dst, u32 mtu) 232static void xfrm6_update_pmtu(struct dst_entry *dst, u32 mtu)
@@ -310,7 +311,7 @@ static void xfrm6_policy_fini(void)
310static struct ctl_table xfrm6_policy_table[] = { 311static struct ctl_table xfrm6_policy_table[] = {
311 { 312 {
312 .procname = "xfrm6_gc_thresh", 313 .procname = "xfrm6_gc_thresh",
313 .data = &xfrm6_dst_ops.gc_thresh, 314 .data = &init_net.xfrm.xfrm6_dst_ops.gc_thresh,
314 .maxlen = sizeof(int), 315 .maxlen = sizeof(int),
315 .mode = 0644, 316 .mode = 0644,
316 .proc_handler = proc_dointvec, 317 .proc_handler = proc_dointvec,
@@ -326,13 +327,6 @@ int __init xfrm6_init(void)
326 int ret; 327 int ret;
327 unsigned int gc_thresh; 328 unsigned int gc_thresh;
328 329
329 ret = xfrm6_policy_init();
330 if (ret)
331 goto out;
332
333 ret = xfrm6_state_init();
334 if (ret)
335 goto out_policy;
336 /* 330 /*
337 * We need a good default value for the xfrm6 gc threshold. 331 * We need a good default value for the xfrm6 gc threshold.
338 * In ipv4 we set it to the route hash table size * 8, which 332 * In ipv4 we set it to the route hash table size * 8, which
@@ -346,6 +340,15 @@ int __init xfrm6_init(void)
346 */ 340 */
347 gc_thresh = FIB6_TABLE_HASHSZ * 8; 341 gc_thresh = FIB6_TABLE_HASHSZ * 8;
348 xfrm6_dst_ops.gc_thresh = (gc_thresh < 1024) ? 1024 : gc_thresh; 342 xfrm6_dst_ops.gc_thresh = (gc_thresh < 1024) ? 1024 : gc_thresh;
343
344 ret = xfrm6_policy_init();
345 if (ret)
346 goto out;
347
348 ret = xfrm6_state_init();
349 if (ret)
350 goto out_policy;
351
349#ifdef CONFIG_SYSCTL 352#ifdef CONFIG_SYSCTL
350 sysctl_hdr = register_net_sysctl_table(&init_net, net_ipv6_ctl_path, 353 sysctl_hdr = register_net_sysctl_table(&init_net, net_ipv6_ctl_path,
351 xfrm6_policy_table); 354 xfrm6_policy_table);
diff --git a/net/irda/irnet/irnet_ppp.c b/net/irda/irnet/irnet_ppp.c
index 156020d138b5..6b3602de359a 100644
--- a/net/irda/irnet/irnet_ppp.c
+++ b/net/irda/irnet/irnet_ppp.c
@@ -698,15 +698,18 @@ dev_irnet_ioctl(
698 698
699 /* Query PPP channel and unit number */ 699 /* Query PPP channel and unit number */
700 case PPPIOCGCHAN: 700 case PPPIOCGCHAN:
701 lock_kernel();
701 if(ap->ppp_open && !put_user(ppp_channel_index(&ap->chan), 702 if(ap->ppp_open && !put_user(ppp_channel_index(&ap->chan),
702 (int __user *)argp)) 703 (int __user *)argp))
703 err = 0; 704 err = 0;
705 unlock_kernel();
704 break; 706 break;
705 case PPPIOCGUNIT: 707 case PPPIOCGUNIT:
706 lock_kernel(); 708 lock_kernel();
707 if(ap->ppp_open && !put_user(ppp_unit_number(&ap->chan), 709 if(ap->ppp_open && !put_user(ppp_unit_number(&ap->chan),
708 (int __user *)argp)) 710 (int __user *)argp))
709 err = 0; 711 err = 0;
712 unlock_kernel();
710 break; 713 break;
711 714
712 /* All these ioctls can be passed both directly and from ppp_generic, 715 /* All these ioctls can be passed both directly and from ppp_generic,
diff --git a/net/key/af_key.c b/net/key/af_key.c
index 76fa6fef6473..539f43bc97db 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -3794,9 +3794,9 @@ static struct pernet_operations pfkey_net_ops = {
3794 3794
3795static void __exit ipsec_pfkey_exit(void) 3795static void __exit ipsec_pfkey_exit(void)
3796{ 3796{
3797 unregister_pernet_subsys(&pfkey_net_ops);
3798 xfrm_unregister_km(&pfkeyv2_mgr); 3797 xfrm_unregister_km(&pfkeyv2_mgr);
3799 sock_unregister(PF_KEY); 3798 sock_unregister(PF_KEY);
3799 unregister_pernet_subsys(&pfkey_net_ops);
3800 proto_unregister(&key_proto); 3800 proto_unregister(&key_proto);
3801} 3801}
3802 3802
@@ -3807,21 +3807,22 @@ static int __init ipsec_pfkey_init(void)
3807 if (err != 0) 3807 if (err != 0)
3808 goto out; 3808 goto out;
3809 3809
3810 err = sock_register(&pfkey_family_ops); 3810 err = register_pernet_subsys(&pfkey_net_ops);
3811 if (err != 0) 3811 if (err != 0)
3812 goto out_unregister_key_proto; 3812 goto out_unregister_key_proto;
3813 err = sock_register(&pfkey_family_ops);
3814 if (err != 0)
3815 goto out_unregister_pernet;
3813 err = xfrm_register_km(&pfkeyv2_mgr); 3816 err = xfrm_register_km(&pfkeyv2_mgr);
3814 if (err != 0) 3817 if (err != 0)
3815 goto out_sock_unregister; 3818 goto out_sock_unregister;
3816 err = register_pernet_subsys(&pfkey_net_ops);
3817 if (err != 0)
3818 goto out_xfrm_unregister_km;
3819out: 3819out:
3820 return err; 3820 return err;
3821out_xfrm_unregister_km: 3821
3822 xfrm_unregister_km(&pfkeyv2_mgr);
3823out_sock_unregister: 3822out_sock_unregister:
3824 sock_unregister(PF_KEY); 3823 sock_unregister(PF_KEY);
3824out_unregister_pernet:
3825 unregister_pernet_subsys(&pfkey_net_ops);
3825out_unregister_key_proto: 3826out_unregister_key_proto:
3826 proto_unregister(&key_proto); 3827 proto_unregister(&key_proto);
3827 goto out; 3828 goto out;
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index 6dc3579c0ac5..9ae1a4760b58 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -1331,6 +1331,9 @@ static int ieee80211_set_power_mgmt(struct wiphy *wiphy, struct net_device *dev,
1331 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 1331 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1332 struct ieee80211_conf *conf = &local->hw.conf; 1332 struct ieee80211_conf *conf = &local->hw.conf;
1333 1333
1334 if (sdata->vif.type != NL80211_IFTYPE_STATION)
1335 return -EOPNOTSUPP;
1336
1334 if (!(local->hw.flags & IEEE80211_HW_SUPPORTS_PS)) 1337 if (!(local->hw.flags & IEEE80211_HW_SUPPORTS_PS))
1335 return -EOPNOTSUPP; 1338 return -EOPNOTSUPP;
1336 1339
diff --git a/net/mac80211/driver-trace.h b/net/mac80211/driver-trace.h
index ee94ea0c67e9..da8497ef7063 100644
--- a/net/mac80211/driver-trace.h
+++ b/net/mac80211/driver-trace.h
@@ -680,7 +680,7 @@ TRACE_EVENT(drv_ampdu_action,
680 __entry->ret = ret; 680 __entry->ret = ret;
681 __entry->action = action; 681 __entry->action = action;
682 __entry->tid = tid; 682 __entry->tid = tid;
683 __entry->ssn = *ssn; 683 __entry->ssn = ssn ? *ssn : 0;
684 ), 684 ),
685 685
686 TP_printk( 686 TP_printk(
diff --git a/net/mac80211/ht.c b/net/mac80211/ht.c
index 3787455fb696..d7dcee680728 100644
--- a/net/mac80211/ht.c
+++ b/net/mac80211/ht.c
@@ -34,9 +34,28 @@ void ieee80211_ht_cap_ie_to_sta_ht_cap(struct ieee80211_supported_band *sband,
34 34
35 ht_cap->ht_supported = true; 35 ht_cap->ht_supported = true;
36 36
37 ht_cap->cap = le16_to_cpu(ht_cap_ie->cap_info) & sband->ht_cap.cap; 37 /*
38 ht_cap->cap &= ~IEEE80211_HT_CAP_SM_PS; 38 * The bits listed in this expression should be
39 ht_cap->cap |= sband->ht_cap.cap & IEEE80211_HT_CAP_SM_PS; 39 * the same for the peer and us, if the station
40 * advertises more then we can't use those thus
41 * we mask them out.
42 */
43 ht_cap->cap = le16_to_cpu(ht_cap_ie->cap_info) &
44 (sband->ht_cap.cap |
45 ~(IEEE80211_HT_CAP_LDPC_CODING |
46 IEEE80211_HT_CAP_SUP_WIDTH_20_40 |
47 IEEE80211_HT_CAP_GRN_FLD |
48 IEEE80211_HT_CAP_SGI_20 |
49 IEEE80211_HT_CAP_SGI_40 |
50 IEEE80211_HT_CAP_DSSSCCK40));
51 /*
52 * The STBC bits are asymmetric -- if we don't have
53 * TX then mask out the peer's RX and vice versa.
54 */
55 if (!(sband->ht_cap.cap & IEEE80211_HT_CAP_TX_STBC))
56 ht_cap->cap &= ~IEEE80211_HT_CAP_RX_STBC;
57 if (!(sband->ht_cap.cap & IEEE80211_HT_CAP_RX_STBC))
58 ht_cap->cap &= ~IEEE80211_HT_CAP_TX_STBC;
40 59
41 ampdu_info = ht_cap_ie->ampdu_params_info; 60 ampdu_info = ht_cap_ie->ampdu_params_info;
42 ht_cap->ampdu_factor = 61 ht_cap->ampdu_factor =
diff --git a/net/mac80211/ibss.c b/net/mac80211/ibss.c
index 10d13856f86c..22f0c2aa7a89 100644
--- a/net/mac80211/ibss.c
+++ b/net/mac80211/ibss.c
@@ -382,6 +382,7 @@ static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
382struct sta_info *ieee80211_ibss_add_sta(struct ieee80211_sub_if_data *sdata, 382struct sta_info *ieee80211_ibss_add_sta(struct ieee80211_sub_if_data *sdata,
383 u8 *bssid,u8 *addr, u32 supp_rates) 383 u8 *bssid,u8 *addr, u32 supp_rates)
384{ 384{
385 struct ieee80211_if_ibss *ifibss = &sdata->u.ibss;
385 struct ieee80211_local *local = sdata->local; 386 struct ieee80211_local *local = sdata->local;
386 struct sta_info *sta; 387 struct sta_info *sta;
387 int band = local->hw.conf.channel->band; 388 int band = local->hw.conf.channel->band;
@@ -397,6 +398,9 @@ struct sta_info *ieee80211_ibss_add_sta(struct ieee80211_sub_if_data *sdata,
397 return NULL; 398 return NULL;
398 } 399 }
399 400
401 if (ifibss->state == IEEE80211_IBSS_MLME_SEARCH)
402 return NULL;
403
400 if (compare_ether_addr(bssid, sdata->u.ibss.bssid)) 404 if (compare_ether_addr(bssid, sdata->u.ibss.bssid))
401 return NULL; 405 return NULL;
402 406
@@ -643,7 +647,7 @@ static void ieee80211_rx_mgmt_probe_req(struct ieee80211_sub_if_data *sdata,
643 } 647 }
644 if (pos[1] != 0 && 648 if (pos[1] != 0 &&
645 (pos[1] != ifibss->ssid_len || 649 (pos[1] != ifibss->ssid_len ||
646 !memcmp(pos + 2, ifibss->ssid, ifibss->ssid_len))) { 650 memcmp(pos + 2, ifibss->ssid, ifibss->ssid_len))) {
647 /* Ignore ProbeReq for foreign SSID */ 651 /* Ignore ProbeReq for foreign SSID */
648 return; 652 return;
649 } 653 }
diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
index 80c16f6e2af6..32abae3ce32a 100644
--- a/net/mac80211/iface.c
+++ b/net/mac80211/iface.c
@@ -15,12 +15,14 @@
15#include <linux/netdevice.h> 15#include <linux/netdevice.h>
16#include <linux/rtnetlink.h> 16#include <linux/rtnetlink.h>
17#include <net/mac80211.h> 17#include <net/mac80211.h>
18#include <net/ieee80211_radiotap.h>
18#include "ieee80211_i.h" 19#include "ieee80211_i.h"
19#include "sta_info.h" 20#include "sta_info.h"
20#include "debugfs_netdev.h" 21#include "debugfs_netdev.h"
21#include "mesh.h" 22#include "mesh.h"
22#include "led.h" 23#include "led.h"
23#include "driver-ops.h" 24#include "driver-ops.h"
25#include "wme.h"
24 26
25/** 27/**
26 * DOC: Interface list locking 28 * DOC: Interface list locking
@@ -314,7 +316,7 @@ static int ieee80211_open(struct net_device *dev)
314 if (sdata->vif.type == NL80211_IFTYPE_STATION) 316 if (sdata->vif.type == NL80211_IFTYPE_STATION)
315 ieee80211_queue_work(&local->hw, &sdata->u.mgd.work); 317 ieee80211_queue_work(&local->hw, &sdata->u.mgd.work);
316 318
317 netif_start_queue(dev); 319 netif_tx_start_all_queues(dev);
318 320
319 return 0; 321 return 0;
320 err_del_interface: 322 err_del_interface:
@@ -343,7 +345,7 @@ static int ieee80211_stop(struct net_device *dev)
343 /* 345 /*
344 * Stop TX on this interface first. 346 * Stop TX on this interface first.
345 */ 347 */
346 netif_stop_queue(dev); 348 netif_tx_stop_all_queues(dev);
347 349
348 /* 350 /*
349 * Now delete all active aggregation sessions. 351 * Now delete all active aggregation sessions.
@@ -644,6 +646,12 @@ static void ieee80211_teardown_sdata(struct net_device *dev)
644 WARN_ON(flushed); 646 WARN_ON(flushed);
645} 647}
646 648
649static u16 ieee80211_netdev_select_queue(struct net_device *dev,
650 struct sk_buff *skb)
651{
652 return ieee80211_select_queue(IEEE80211_DEV_TO_SUB_IF(dev), skb);
653}
654
647static const struct net_device_ops ieee80211_dataif_ops = { 655static const struct net_device_ops ieee80211_dataif_ops = {
648 .ndo_open = ieee80211_open, 656 .ndo_open = ieee80211_open,
649 .ndo_stop = ieee80211_stop, 657 .ndo_stop = ieee80211_stop,
@@ -652,8 +660,38 @@ static const struct net_device_ops ieee80211_dataif_ops = {
652 .ndo_set_multicast_list = ieee80211_set_multicast_list, 660 .ndo_set_multicast_list = ieee80211_set_multicast_list,
653 .ndo_change_mtu = ieee80211_change_mtu, 661 .ndo_change_mtu = ieee80211_change_mtu,
654 .ndo_set_mac_address = eth_mac_addr, 662 .ndo_set_mac_address = eth_mac_addr,
663 .ndo_select_queue = ieee80211_netdev_select_queue,
655}; 664};
656 665
666static u16 ieee80211_monitor_select_queue(struct net_device *dev,
667 struct sk_buff *skb)
668{
669 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
670 struct ieee80211_local *local = sdata->local;
671 struct ieee80211_hdr *hdr;
672 struct ieee80211_radiotap_header *rtap = (void *)skb->data;
673 u8 *p;
674
675 if (local->hw.queues < 4)
676 return 0;
677
678 if (skb->len < 4 ||
679 skb->len < le16_to_cpu(rtap->it_len) + 2 /* frame control */)
680 return 0; /* doesn't matter, frame will be dropped */
681
682 hdr = (void *)((u8 *)skb->data + le16_to_cpu(rtap->it_len));
683
684 if (!ieee80211_is_data_qos(hdr->frame_control)) {
685 skb->priority = 7;
686 return ieee802_1d_to_ac[skb->priority];
687 }
688
689 p = ieee80211_get_qos_ctl(hdr);
690 skb->priority = *p & IEEE80211_QOS_CTL_TAG1D_MASK;
691
692 return ieee80211_downgrade_queue(local, skb);
693}
694
657static const struct net_device_ops ieee80211_monitorif_ops = { 695static const struct net_device_ops ieee80211_monitorif_ops = {
658 .ndo_open = ieee80211_open, 696 .ndo_open = ieee80211_open,
659 .ndo_stop = ieee80211_stop, 697 .ndo_stop = ieee80211_stop,
@@ -662,6 +700,7 @@ static const struct net_device_ops ieee80211_monitorif_ops = {
662 .ndo_set_multicast_list = ieee80211_set_multicast_list, 700 .ndo_set_multicast_list = ieee80211_set_multicast_list,
663 .ndo_change_mtu = ieee80211_change_mtu, 701 .ndo_change_mtu = ieee80211_change_mtu,
664 .ndo_set_mac_address = eth_mac_addr, 702 .ndo_set_mac_address = eth_mac_addr,
703 .ndo_select_queue = ieee80211_monitor_select_queue,
665}; 704};
666 705
667static void ieee80211_if_setup(struct net_device *dev) 706static void ieee80211_if_setup(struct net_device *dev)
@@ -768,8 +807,8 @@ int ieee80211_if_add(struct ieee80211_local *local, const char *name,
768 807
769 ASSERT_RTNL(); 808 ASSERT_RTNL();
770 809
771 ndev = alloc_netdev(sizeof(*sdata) + local->hw.vif_data_size, 810 ndev = alloc_netdev_mq(sizeof(*sdata) + local->hw.vif_data_size,
772 name, ieee80211_if_setup); 811 name, ieee80211_if_setup, local->hw.queues);
773 if (!ndev) 812 if (!ndev)
774 return -ENOMEM; 813 return -ENOMEM;
775 dev_net_set(ndev, wiphy_net(local->hw.wiphy)); 814 dev_net_set(ndev, wiphy_net(local->hw.wiphy));
diff --git a/net/mac80211/main.c b/net/mac80211/main.c
index 8116d1a96a4a..0d2d94881f1f 100644
--- a/net/mac80211/main.c
+++ b/net/mac80211/main.c
@@ -515,6 +515,8 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
515 * and we need some headroom for passing the frame to monitor 515 * and we need some headroom for passing the frame to monitor
516 * interfaces, but never both at the same time. 516 * interfaces, but never both at the same time.
517 */ 517 */
518 BUILD_BUG_ON(IEEE80211_TX_STATUS_HEADROOM !=
519 sizeof(struct ieee80211_tx_status_rtap_hdr));
518 local->tx_headroom = max_t(unsigned int , local->hw.extra_tx_headroom, 520 local->tx_headroom = max_t(unsigned int , local->hw.extra_tx_headroom,
519 sizeof(struct ieee80211_tx_status_rtap_hdr)); 521 sizeof(struct ieee80211_tx_status_rtap_hdr));
520 522
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index d8d50fb5e823..05a18f43e1bf 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -915,6 +915,14 @@ static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata,
915 sdata->u.mgd.flags &= ~(IEEE80211_STA_CONNECTION_POLL | 915 sdata->u.mgd.flags &= ~(IEEE80211_STA_CONNECTION_POLL |
916 IEEE80211_STA_BEACON_POLL); 916 IEEE80211_STA_BEACON_POLL);
917 917
918 /*
919 * Always handle WMM once after association regardless
920 * of the first value the AP uses. Setting -1 here has
921 * that effect because the AP values is an unsigned
922 * 4-bit value.
923 */
924 sdata->u.mgd.wmm_last_param_set = -1;
925
918 ieee80211_led_assoc(local, 1); 926 ieee80211_led_assoc(local, 1);
919 927
920 sdata->vif.bss_conf.assoc = 1; 928 sdata->vif.bss_conf.assoc = 1;
@@ -934,7 +942,7 @@ static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata,
934 ieee80211_recalc_ps(local, -1); 942 ieee80211_recalc_ps(local, -1);
935 mutex_unlock(&local->iflist_mtx); 943 mutex_unlock(&local->iflist_mtx);
936 944
937 netif_start_queue(sdata->dev); 945 netif_tx_start_all_queues(sdata->dev);
938 netif_carrier_on(sdata->dev); 946 netif_carrier_on(sdata->dev);
939} 947}
940 948
@@ -1066,7 +1074,7 @@ static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
1066 * time -- we don't want the scan code to enable queues. 1074 * time -- we don't want the scan code to enable queues.
1067 */ 1075 */
1068 1076
1069 netif_stop_queue(sdata->dev); 1077 netif_tx_stop_all_queues(sdata->dev);
1070 netif_carrier_off(sdata->dev); 1078 netif_carrier_off(sdata->dev);
1071 1079
1072 rcu_read_lock(); 1080 rcu_read_lock();
@@ -1955,7 +1963,9 @@ static void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
1955 rma = ieee80211_rx_mgmt_disassoc(sdata, mgmt, skb->len); 1963 rma = ieee80211_rx_mgmt_disassoc(sdata, mgmt, skb->len);
1956 break; 1964 break;
1957 case IEEE80211_STYPE_ACTION: 1965 case IEEE80211_STYPE_ACTION:
1958 /* XXX: differentiate, can only happen for CSA now! */ 1966 if (mgmt->u.action.category != WLAN_CATEGORY_SPECTRUM_MGMT)
1967 break;
1968
1959 ieee80211_sta_process_chanswitch(sdata, 1969 ieee80211_sta_process_chanswitch(sdata,
1960 &mgmt->u.action.u.chan_switch.sw_elem, 1970 &mgmt->u.action.u.chan_switch.sw_elem,
1961 ifmgd->associated); 1971 ifmgd->associated);
diff --git a/net/mac80211/rate.c b/net/mac80211/rate.c
index b9007f80cb92..12a2bff7dcdb 100644
--- a/net/mac80211/rate.c
+++ b/net/mac80211/rate.c
@@ -245,6 +245,9 @@ void rate_control_get_rate(struct ieee80211_sub_if_data *sdata,
245 info->control.rates[i].count = 1; 245 info->control.rates[i].count = 1;
246 } 246 }
247 247
248 if (sdata->local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL)
249 return;
250
248 if (sta && sdata->force_unicast_rateidx > -1) { 251 if (sta && sdata->force_unicast_rateidx > -1) {
249 info->control.rates[0].idx = sdata->force_unicast_rateidx; 252 info->control.rates[0].idx = sdata->force_unicast_rateidx;
250 } else { 253 } else {
diff --git a/net/mac80211/rc80211_pid_algo.c b/net/mac80211/rc80211_pid_algo.c
index 699d3ed869c4..29bc4c516238 100644
--- a/net/mac80211/rc80211_pid_algo.c
+++ b/net/mac80211/rc80211_pid_algo.c
@@ -190,7 +190,7 @@ static void rate_control_pid_sample(struct rc_pid_info *pinfo,
190 rate_control_pid_normalize(pinfo, sband->n_bitrates); 190 rate_control_pid_normalize(pinfo, sband->n_bitrates);
191 191
192 /* Compute the proportional, integral and derivative errors. */ 192 /* Compute the proportional, integral and derivative errors. */
193 err_prop = (pinfo->target << RC_PID_ARITH_SHIFT) - pf; 193 err_prop = (pinfo->target - pf) << RC_PID_ARITH_SHIFT;
194 194
195 err_avg = spinfo->err_avg_sc >> pinfo->smoothing_shift; 195 err_avg = spinfo->err_avg_sc >> pinfo->smoothing_shift;
196 spinfo->err_avg_sc = spinfo->err_avg_sc - err_avg + err_prop; 196 spinfo->err_avg_sc = spinfo->err_avg_sc - err_avg + err_prop;
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 9f2807aeaf52..82a30c1bf3ab 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -1746,7 +1746,9 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx)
1746 memset(info, 0, sizeof(*info)); 1746 memset(info, 0, sizeof(*info));
1747 info->flags |= IEEE80211_TX_INTFL_NEED_TXPROCESSING; 1747 info->flags |= IEEE80211_TX_INTFL_NEED_TXPROCESSING;
1748 info->control.vif = &rx->sdata->vif; 1748 info->control.vif = &rx->sdata->vif;
1749 ieee80211_select_queue(local, fwd_skb); 1749 skb_set_queue_mapping(skb,
1750 ieee80211_select_queue(rx->sdata, fwd_skb));
1751 ieee80211_set_qos_hdr(local, skb);
1750 if (is_multicast_ether_addr(fwd_hdr->addr1)) 1752 if (is_multicast_ether_addr(fwd_hdr->addr1))
1751 IEEE80211_IFSTA_MESH_CTR_INC(&sdata->u.mesh, 1753 IEEE80211_IFSTA_MESH_CTR_INC(&sdata->u.mesh,
1752 fwded_mcast); 1754 fwded_mcast);
@@ -2013,6 +2015,10 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
2013 } 2015 }
2014 break; 2016 break;
2015 default: 2017 default:
2018 /* do not process rejected action frames */
2019 if (mgmt->u.action.category & 0x80)
2020 return RX_DROP_MONITOR;
2021
2016 return RX_CONTINUE; 2022 return RX_CONTINUE;
2017 } 2023 }
2018 2024
diff --git a/net/mac80211/scan.c b/net/mac80211/scan.c
index f1a4c7160300..bc17cf7d68db 100644
--- a/net/mac80211/scan.c
+++ b/net/mac80211/scan.c
@@ -353,10 +353,10 @@ void ieee80211_scan_completed(struct ieee80211_hw *hw, bool aborted)
353 if (sdata->vif.type == NL80211_IFTYPE_STATION) { 353 if (sdata->vif.type == NL80211_IFTYPE_STATION) {
354 if (sdata->u.mgd.associated) { 354 if (sdata->u.mgd.associated) {
355 ieee80211_scan_ps_disable(sdata); 355 ieee80211_scan_ps_disable(sdata);
356 netif_wake_queue(sdata->dev); 356 netif_tx_wake_all_queues(sdata->dev);
357 } 357 }
358 } else 358 } else
359 netif_wake_queue(sdata->dev); 359 netif_tx_wake_all_queues(sdata->dev);
360 360
361 /* re-enable beaconing */ 361 /* re-enable beaconing */
362 if (sdata->vif.type == NL80211_IFTYPE_AP || 362 if (sdata->vif.type == NL80211_IFTYPE_AP ||
@@ -411,7 +411,7 @@ static int ieee80211_start_sw_scan(struct ieee80211_local *local)
411 * are handled in the scan state machine 411 * are handled in the scan state machine
412 */ 412 */
413 if (sdata->vif.type != NL80211_IFTYPE_STATION) 413 if (sdata->vif.type != NL80211_IFTYPE_STATION)
414 netif_stop_queue(sdata->dev); 414 netif_tx_stop_all_queues(sdata->dev);
415 } 415 }
416 mutex_unlock(&local->iflist_mtx); 416 mutex_unlock(&local->iflist_mtx);
417 417
@@ -439,6 +439,16 @@ static int __ieee80211_start_scan(struct ieee80211_sub_if_data *sdata,
439 if (local->scan_req) 439 if (local->scan_req)
440 return -EBUSY; 440 return -EBUSY;
441 441
442 if (req != local->int_scan_req &&
443 sdata->vif.type == NL80211_IFTYPE_STATION &&
444 !list_empty(&ifmgd->work_list)) {
445 /* actually wait for the work it's doing to finish/time out */
446 set_bit(IEEE80211_STA_REQ_SCAN, &ifmgd->request);
447 local->scan_req = req;
448 local->scan_sdata = sdata;
449 return 0;
450 }
451
442 if (local->ops->hw_scan) { 452 if (local->ops->hw_scan) {
443 u8 *ies; 453 u8 *ies;
444 454
@@ -463,14 +473,6 @@ static int __ieee80211_start_scan(struct ieee80211_sub_if_data *sdata,
463 local->scan_req = req; 473 local->scan_req = req;
464 local->scan_sdata = sdata; 474 local->scan_sdata = sdata;
465 475
466 if (req != local->int_scan_req &&
467 sdata->vif.type == NL80211_IFTYPE_STATION &&
468 !list_empty(&ifmgd->work_list)) {
469 /* actually wait for the work it's doing to finish/time out */
470 set_bit(IEEE80211_STA_REQ_SCAN, &ifmgd->request);
471 return 0;
472 }
473
474 if (local->ops->hw_scan) 476 if (local->ops->hw_scan)
475 __set_bit(SCAN_HW_SCANNING, &local->scanning); 477 __set_bit(SCAN_HW_SCANNING, &local->scanning);
476 else 478 else
@@ -575,7 +577,7 @@ static void ieee80211_scan_state_leave_oper_channel(struct ieee80211_local *loca
575 continue; 577 continue;
576 578
577 if (sdata->vif.type == NL80211_IFTYPE_STATION) { 579 if (sdata->vif.type == NL80211_IFTYPE_STATION) {
578 netif_stop_queue(sdata->dev); 580 netif_tx_stop_all_queues(sdata->dev);
579 if (sdata->u.mgd.associated) 581 if (sdata->u.mgd.associated)
580 ieee80211_scan_ps_enable(sdata); 582 ieee80211_scan_ps_enable(sdata);
581 } 583 }
@@ -610,7 +612,7 @@ static void ieee80211_scan_state_enter_oper_channel(struct ieee80211_local *loca
610 if (sdata->vif.type == NL80211_IFTYPE_STATION) { 612 if (sdata->vif.type == NL80211_IFTYPE_STATION) {
611 if (sdata->u.mgd.associated) 613 if (sdata->u.mgd.associated)
612 ieee80211_scan_ps_disable(sdata); 614 ieee80211_scan_ps_disable(sdata);
613 netif_wake_queue(sdata->dev); 615 netif_tx_wake_all_queues(sdata->dev);
614 } 616 }
615 } 617 }
616 mutex_unlock(&local->iflist_mtx); 618 mutex_unlock(&local->iflist_mtx);
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index 8834cc93c716..ac210b586702 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -1419,6 +1419,10 @@ static bool need_dynamic_ps(struct ieee80211_local *local)
1419 if (!local->ps_sdata) 1419 if (!local->ps_sdata)
1420 return false; 1420 return false;
1421 1421
1422 /* No point if we're going to suspend */
1423 if (local->quiescing)
1424 return false;
1425
1422 return true; 1426 return true;
1423} 1427}
1424 1428
@@ -1508,7 +1512,7 @@ static void ieee80211_xmit(struct ieee80211_sub_if_data *sdata,
1508 return; 1512 return;
1509 } 1513 }
1510 1514
1511 ieee80211_select_queue(local, skb); 1515 ieee80211_set_qos_hdr(local, skb);
1512 ieee80211_tx(sdata, skb, false); 1516 ieee80211_tx(sdata, skb, false);
1513 rcu_read_unlock(); 1517 rcu_read_unlock();
1514} 1518}
@@ -2287,6 +2291,9 @@ void ieee80211_tx_skb(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb)
2287 skb_set_network_header(skb, 0); 2291 skb_set_network_header(skb, 0);
2288 skb_set_transport_header(skb, 0); 2292 skb_set_transport_header(skb, 0);
2289 2293
2294 /* send all internal mgmt frames on VO */
2295 skb_set_queue_mapping(skb, 0);
2296
2290 /* 2297 /*
2291 * The other path calling ieee80211_xmit is from the tasklet, 2298 * The other path calling ieee80211_xmit is from the tasklet,
2292 * and while we can handle concurrent transmissions locking 2299 * and while we can handle concurrent transmissions locking
diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index 78a6e924c7e1..3848140313f5 100644
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -269,6 +269,7 @@ static void __ieee80211_wake_queue(struct ieee80211_hw *hw, int queue,
269 enum queue_stop_reason reason) 269 enum queue_stop_reason reason)
270{ 270{
271 struct ieee80211_local *local = hw_to_local(hw); 271 struct ieee80211_local *local = hw_to_local(hw);
272 struct ieee80211_sub_if_data *sdata;
272 273
273 if (WARN_ON(queue >= hw->queues)) 274 if (WARN_ON(queue >= hw->queues))
274 return; 275 return;
@@ -281,6 +282,11 @@ static void __ieee80211_wake_queue(struct ieee80211_hw *hw, int queue,
281 282
282 if (!skb_queue_empty(&local->pending[queue])) 283 if (!skb_queue_empty(&local->pending[queue]))
283 tasklet_schedule(&local->tx_pending_tasklet); 284 tasklet_schedule(&local->tx_pending_tasklet);
285
286 rcu_read_lock();
287 list_for_each_entry_rcu(sdata, &local->interfaces, list)
288 netif_tx_wake_queue(netdev_get_tx_queue(sdata->dev, queue));
289 rcu_read_unlock();
284} 290}
285 291
286void ieee80211_wake_queue_by_reason(struct ieee80211_hw *hw, int queue, 292void ieee80211_wake_queue_by_reason(struct ieee80211_hw *hw, int queue,
@@ -305,11 +311,17 @@ static void __ieee80211_stop_queue(struct ieee80211_hw *hw, int queue,
305 enum queue_stop_reason reason) 311 enum queue_stop_reason reason)
306{ 312{
307 struct ieee80211_local *local = hw_to_local(hw); 313 struct ieee80211_local *local = hw_to_local(hw);
314 struct ieee80211_sub_if_data *sdata;
308 315
309 if (WARN_ON(queue >= hw->queues)) 316 if (WARN_ON(queue >= hw->queues))
310 return; 317 return;
311 318
312 __set_bit(reason, &local->queue_stop_reasons[queue]); 319 __set_bit(reason, &local->queue_stop_reasons[queue]);
320
321 rcu_read_lock();
322 list_for_each_entry_rcu(sdata, &local->interfaces, list)
323 netif_tx_stop_queue(netdev_get_tx_queue(sdata->dev, queue));
324 rcu_read_unlock();
313} 325}
314 326
315void ieee80211_stop_queue_by_reason(struct ieee80211_hw *hw, int queue, 327void ieee80211_stop_queue_by_reason(struct ieee80211_hw *hw, int queue,
@@ -1039,7 +1051,19 @@ int ieee80211_reconfig(struct ieee80211_local *local)
1039 1051
1040 /* restart hardware */ 1052 /* restart hardware */
1041 if (local->open_count) { 1053 if (local->open_count) {
1054 /*
1055 * Upon resume hardware can sometimes be goofy due to
1056 * various platform / driver / bus issues, so restarting
1057 * the device may at times not work immediately. Propagate
1058 * the error.
1059 */
1042 res = drv_start(local); 1060 res = drv_start(local);
1061 if (res) {
1062 WARN(local->suspended, "Harware became unavailable "
1063 "upon resume. This is could be a software issue"
1064 "prior to suspend or a harware issue\n");
1065 return res;
1066 }
1043 1067
1044 ieee80211_led_radio(local, true); 1068 ieee80211_led_radio(local, true);
1045 } 1069 }
diff --git a/net/mac80211/wme.c b/net/mac80211/wme.c
index b19b7696f3a2..79d887dae738 100644
--- a/net/mac80211/wme.c
+++ b/net/mac80211/wme.c
@@ -44,22 +44,69 @@ static int wme_downgrade_ac(struct sk_buff *skb)
44} 44}
45 45
46 46
47/* Indicate which queue to use. */ 47/* Indicate which queue to use. */
48static u16 classify80211(struct ieee80211_local *local, struct sk_buff *skb) 48u16 ieee80211_select_queue(struct ieee80211_sub_if_data *sdata,
49 struct sk_buff *skb)
49{ 50{
50 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 51 struct ieee80211_local *local = sdata->local;
52 struct sta_info *sta = NULL;
53 u32 sta_flags = 0;
54 const u8 *ra = NULL;
55 bool qos = false;
51 56
52 if (!ieee80211_is_data(hdr->frame_control)) { 57 if (local->hw.queues < 4 || skb->len < 6) {
53 /* management frames go on AC_VO queue, but are sent 58 skb->priority = 0; /* required for correct WPA/11i MIC */
54 * without QoS control fields */ 59 return min_t(u16, local->hw.queues - 1,
55 return 0; 60 ieee802_1d_to_ac[skb->priority]);
61 }
62
63 rcu_read_lock();
64 switch (sdata->vif.type) {
65 case NL80211_IFTYPE_AP_VLAN:
66 rcu_read_lock();
67 sta = rcu_dereference(sdata->u.vlan.sta);
68 if (sta)
69 sta_flags = get_sta_flags(sta);
70 rcu_read_unlock();
71 if (sta)
72 break;
73 case NL80211_IFTYPE_AP:
74 ra = skb->data;
75 break;
76 case NL80211_IFTYPE_WDS:
77 ra = sdata->u.wds.remote_addr;
78 break;
79#ifdef CONFIG_MAC80211_MESH
80 case NL80211_IFTYPE_MESH_POINT:
81 /*
82 * XXX: This is clearly broken ... but already was before,
83 * because ieee80211_fill_mesh_addresses() would clear A1
84 * except for multicast addresses.
85 */
86 break;
87#endif
88 case NL80211_IFTYPE_STATION:
89 ra = sdata->u.mgd.bssid;
90 break;
91 case NL80211_IFTYPE_ADHOC:
92 ra = skb->data;
93 break;
94 default:
95 break;
56 } 96 }
57 97
58 if (0 /* injected */) { 98 if (!sta && ra && !is_multicast_ether_addr(ra)) {
59 /* use AC from radiotap */ 99 sta = sta_info_get(local, ra);
100 if (sta)
101 sta_flags = get_sta_flags(sta);
60 } 102 }
61 103
62 if (!ieee80211_is_data_qos(hdr->frame_control)) { 104 if (sta_flags & WLAN_STA_WME)
105 qos = true;
106
107 rcu_read_unlock();
108
109 if (!qos) {
63 skb->priority = 0; /* required for correct WPA/11i MIC */ 110 skb->priority = 0; /* required for correct WPA/11i MIC */
64 return ieee802_1d_to_ac[skb->priority]; 111 return ieee802_1d_to_ac[skb->priority];
65 } 112 }
@@ -68,6 +115,12 @@ static u16 classify80211(struct ieee80211_local *local, struct sk_buff *skb)
68 * data frame has */ 115 * data frame has */
69 skb->priority = cfg80211_classify8021d(skb); 116 skb->priority = cfg80211_classify8021d(skb);
70 117
118 return ieee80211_downgrade_queue(local, skb);
119}
120
121u16 ieee80211_downgrade_queue(struct ieee80211_local *local,
122 struct sk_buff *skb)
123{
71 /* in case we are a client verify acm is not set for this ac */ 124 /* in case we are a client verify acm is not set for this ac */
72 while (unlikely(local->wmm_acm & BIT(skb->priority))) { 125 while (unlikely(local->wmm_acm & BIT(skb->priority))) {
73 if (wme_downgrade_ac(skb)) { 126 if (wme_downgrade_ac(skb)) {
@@ -85,24 +138,17 @@ static u16 classify80211(struct ieee80211_local *local, struct sk_buff *skb)
85 return ieee802_1d_to_ac[skb->priority]; 138 return ieee802_1d_to_ac[skb->priority];
86} 139}
87 140
88void ieee80211_select_queue(struct ieee80211_local *local, struct sk_buff *skb) 141void ieee80211_set_qos_hdr(struct ieee80211_local *local, struct sk_buff *skb)
89{ 142{
90 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 143 struct ieee80211_hdr *hdr = (void *)skb->data;
91 u16 queue; 144
92 u8 tid; 145 /* Fill in the QoS header if there is one. */
93
94 queue = classify80211(local, skb);
95 if (unlikely(queue >= local->hw.queues))
96 queue = local->hw.queues - 1;
97
98 /*
99 * Now we know the 1d priority, fill in the QoS header if
100 * there is one (and we haven't done this before).
101 */
102 if (ieee80211_is_data_qos(hdr->frame_control)) { 146 if (ieee80211_is_data_qos(hdr->frame_control)) {
103 u8 *p = ieee80211_get_qos_ctl(hdr); 147 u8 *p = ieee80211_get_qos_ctl(hdr);
104 u8 ack_policy = 0; 148 u8 ack_policy = 0, tid;
149
105 tid = skb->priority & IEEE80211_QOS_CTL_TAG1D_MASK; 150 tid = skb->priority & IEEE80211_QOS_CTL_TAG1D_MASK;
151
106 if (unlikely(local->wifi_wme_noack_test)) 152 if (unlikely(local->wifi_wme_noack_test))
107 ack_policy |= QOS_CONTROL_ACK_POLICY_NOACK << 153 ack_policy |= QOS_CONTROL_ACK_POLICY_NOACK <<
108 QOS_CONTROL_ACK_POLICY_SHIFT; 154 QOS_CONTROL_ACK_POLICY_SHIFT;
@@ -110,6 +156,4 @@ void ieee80211_select_queue(struct ieee80211_local *local, struct sk_buff *skb)
110 *p++ = ack_policy | tid; 156 *p++ = ack_policy | tid;
111 *p = 0; 157 *p = 0;
112 } 158 }
113
114 skb_set_queue_mapping(skb, queue);
115} 159}
diff --git a/net/mac80211/wme.h b/net/mac80211/wme.h
index d4fd87ca5118..6053b1c9feee 100644
--- a/net/mac80211/wme.h
+++ b/net/mac80211/wme.h
@@ -20,7 +20,11 @@
20 20
21extern const int ieee802_1d_to_ac[8]; 21extern const int ieee802_1d_to_ac[8];
22 22
23void ieee80211_select_queue(struct ieee80211_local *local, 23u16 ieee80211_select_queue(struct ieee80211_sub_if_data *sdata,
24 struct sk_buff *skb); 24 struct sk_buff *skb);
25void ieee80211_set_qos_hdr(struct ieee80211_local *local, struct sk_buff *skb);
26u16 ieee80211_downgrade_queue(struct ieee80211_local *local,
27 struct sk_buff *skb);
28
25 29
26#endif /* _WME_H */ 30#endif /* _WME_H */
diff --git a/net/netfilter/ipvs/Kconfig b/net/netfilter/ipvs/Kconfig
index 79a698052218..f2d76238b9b5 100644
--- a/net/netfilter/ipvs/Kconfig
+++ b/net/netfilter/ipvs/Kconfig
@@ -112,7 +112,8 @@ config IP_VS_RR
112 module, choose M here. If unsure, say N. 112 module, choose M here. If unsure, say N.
113 113
114config IP_VS_WRR 114config IP_VS_WRR
115 tristate "weighted round-robin scheduling" 115 tristate "weighted round-robin scheduling"
116 select GCD
116 ---help--- 117 ---help---
117 The weighted robin-robin scheduling algorithm directs network 118 The weighted robin-robin scheduling algorithm directs network
118 connections to different real servers based on server weights 119 connections to different real servers based on server weights
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index 6bde12da2fe0..c37ac2d7bec4 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -2077,6 +2077,10 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len)
2077 if (!capable(CAP_NET_ADMIN)) 2077 if (!capable(CAP_NET_ADMIN))
2078 return -EPERM; 2078 return -EPERM;
2079 2079
2080 if (cmd < IP_VS_BASE_CTL || cmd > IP_VS_SO_SET_MAX)
2081 return -EINVAL;
2082 if (len < 0 || len > MAX_ARG_LEN)
2083 return -EINVAL;
2080 if (len != set_arglen[SET_CMDID(cmd)]) { 2084 if (len != set_arglen[SET_CMDID(cmd)]) {
2081 pr_err("set_ctl: len %u != %u\n", 2085 pr_err("set_ctl: len %u != %u\n",
2082 len, set_arglen[SET_CMDID(cmd)]); 2086 len, set_arglen[SET_CMDID(cmd)]);
@@ -2352,17 +2356,25 @@ do_ip_vs_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
2352{ 2356{
2353 unsigned char arg[128]; 2357 unsigned char arg[128];
2354 int ret = 0; 2358 int ret = 0;
2359 unsigned int copylen;
2355 2360
2356 if (!capable(CAP_NET_ADMIN)) 2361 if (!capable(CAP_NET_ADMIN))
2357 return -EPERM; 2362 return -EPERM;
2358 2363
2364 if (cmd < IP_VS_BASE_CTL || cmd > IP_VS_SO_GET_MAX)
2365 return -EINVAL;
2366
2359 if (*len < get_arglen[GET_CMDID(cmd)]) { 2367 if (*len < get_arglen[GET_CMDID(cmd)]) {
2360 pr_err("get_ctl: len %u < %u\n", 2368 pr_err("get_ctl: len %u < %u\n",
2361 *len, get_arglen[GET_CMDID(cmd)]); 2369 *len, get_arglen[GET_CMDID(cmd)]);
2362 return -EINVAL; 2370 return -EINVAL;
2363 } 2371 }
2364 2372
2365 if (copy_from_user(arg, user, get_arglen[GET_CMDID(cmd)]) != 0) 2373 copylen = get_arglen[GET_CMDID(cmd)];
2374 if (copylen > 128)
2375 return -EINVAL;
2376
2377 if (copy_from_user(arg, user, copylen) != 0)
2366 return -EFAULT; 2378 return -EFAULT;
2367 2379
2368 if (mutex_lock_interruptible(&__ip_vs_mutex)) 2380 if (mutex_lock_interruptible(&__ip_vs_mutex))
diff --git a/net/netfilter/ipvs/ip_vs_wrr.c b/net/netfilter/ipvs/ip_vs_wrr.c
index 6182e8ea0be7..3c115fc19784 100644
--- a/net/netfilter/ipvs/ip_vs_wrr.c
+++ b/net/netfilter/ipvs/ip_vs_wrr.c
@@ -24,6 +24,7 @@
24#include <linux/module.h> 24#include <linux/module.h>
25#include <linux/kernel.h> 25#include <linux/kernel.h>
26#include <linux/net.h> 26#include <linux/net.h>
27#include <linux/gcd.h>
27 28
28#include <net/ip_vs.h> 29#include <net/ip_vs.h>
29 30
@@ -38,20 +39,6 @@ struct ip_vs_wrr_mark {
38}; 39};
39 40
40 41
41/*
42 * Get the gcd of server weights
43 */
44static int gcd(int a, int b)
45{
46 int c;
47
48 while ((c = a % b)) {
49 a = b;
50 b = c;
51 }
52 return b;
53}
54
55static int ip_vs_wrr_gcd_weight(struct ip_vs_service *svc) 42static int ip_vs_wrr_gcd_weight(struct ip_vs_service *svc)
56{ 43{
57 struct ip_vs_dest *dest; 44 struct ip_vs_dest *dest;
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 0e98c3282d42..4d79e3c1616c 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -30,6 +30,7 @@
30#include <linux/netdevice.h> 30#include <linux/netdevice.h>
31#include <linux/socket.h> 31#include <linux/socket.h>
32#include <linux/mm.h> 32#include <linux/mm.h>
33#include <linux/nsproxy.h>
33#include <linux/rculist_nulls.h> 34#include <linux/rculist_nulls.h>
34 35
35#include <net/netfilter/nf_conntrack.h> 36#include <net/netfilter/nf_conntrack.h>
@@ -63,8 +64,6 @@ EXPORT_SYMBOL_GPL(nf_conntrack_max);
63struct nf_conn nf_conntrack_untracked __read_mostly; 64struct nf_conn nf_conntrack_untracked __read_mostly;
64EXPORT_SYMBOL_GPL(nf_conntrack_untracked); 65EXPORT_SYMBOL_GPL(nf_conntrack_untracked);
65 66
66static struct kmem_cache *nf_conntrack_cachep __read_mostly;
67
68static int nf_conntrack_hash_rnd_initted; 67static int nf_conntrack_hash_rnd_initted;
69static unsigned int nf_conntrack_hash_rnd; 68static unsigned int nf_conntrack_hash_rnd;
70 69
@@ -86,9 +85,10 @@ static u_int32_t __hash_conntrack(const struct nf_conntrack_tuple *tuple,
86 return ((u64)h * size) >> 32; 85 return ((u64)h * size) >> 32;
87} 86}
88 87
89static inline u_int32_t hash_conntrack(const struct nf_conntrack_tuple *tuple) 88static inline u_int32_t hash_conntrack(const struct net *net,
89 const struct nf_conntrack_tuple *tuple)
90{ 90{
91 return __hash_conntrack(tuple, nf_conntrack_htable_size, 91 return __hash_conntrack(tuple, net->ct.htable_size,
92 nf_conntrack_hash_rnd); 92 nf_conntrack_hash_rnd);
93} 93}
94 94
@@ -296,7 +296,7 @@ __nf_conntrack_find(struct net *net, const struct nf_conntrack_tuple *tuple)
296{ 296{
297 struct nf_conntrack_tuple_hash *h; 297 struct nf_conntrack_tuple_hash *h;
298 struct hlist_nulls_node *n; 298 struct hlist_nulls_node *n;
299 unsigned int hash = hash_conntrack(tuple); 299 unsigned int hash = hash_conntrack(net, tuple);
300 300
301 /* Disable BHs the entire time since we normally need to disable them 301 /* Disable BHs the entire time since we normally need to disable them
302 * at least once for the stats anyway. 302 * at least once for the stats anyway.
@@ -366,10 +366,11 @@ static void __nf_conntrack_hash_insert(struct nf_conn *ct,
366 366
367void nf_conntrack_hash_insert(struct nf_conn *ct) 367void nf_conntrack_hash_insert(struct nf_conn *ct)
368{ 368{
369 struct net *net = nf_ct_net(ct);
369 unsigned int hash, repl_hash; 370 unsigned int hash, repl_hash;
370 371
371 hash = hash_conntrack(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple); 372 hash = hash_conntrack(net, &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple);
372 repl_hash = hash_conntrack(&ct->tuplehash[IP_CT_DIR_REPLY].tuple); 373 repl_hash = hash_conntrack(net, &ct->tuplehash[IP_CT_DIR_REPLY].tuple);
373 374
374 __nf_conntrack_hash_insert(ct, hash, repl_hash); 375 __nf_conntrack_hash_insert(ct, hash, repl_hash);
375} 376}
@@ -397,8 +398,8 @@ __nf_conntrack_confirm(struct sk_buff *skb)
397 if (CTINFO2DIR(ctinfo) != IP_CT_DIR_ORIGINAL) 398 if (CTINFO2DIR(ctinfo) != IP_CT_DIR_ORIGINAL)
398 return NF_ACCEPT; 399 return NF_ACCEPT;
399 400
400 hash = hash_conntrack(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple); 401 hash = hash_conntrack(net, &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple);
401 repl_hash = hash_conntrack(&ct->tuplehash[IP_CT_DIR_REPLY].tuple); 402 repl_hash = hash_conntrack(net, &ct->tuplehash[IP_CT_DIR_REPLY].tuple);
402 403
403 /* We're not in hash table, and we refuse to set up related 404 /* We're not in hash table, and we refuse to set up related
404 connections for unconfirmed conns. But packet copies and 405 connections for unconfirmed conns. But packet copies and
@@ -468,7 +469,7 @@ nf_conntrack_tuple_taken(const struct nf_conntrack_tuple *tuple,
468 struct net *net = nf_ct_net(ignored_conntrack); 469 struct net *net = nf_ct_net(ignored_conntrack);
469 struct nf_conntrack_tuple_hash *h; 470 struct nf_conntrack_tuple_hash *h;
470 struct hlist_nulls_node *n; 471 struct hlist_nulls_node *n;
471 unsigned int hash = hash_conntrack(tuple); 472 unsigned int hash = hash_conntrack(net, tuple);
472 473
473 /* Disable BHs the entire time since we need to disable them at 474 /* Disable BHs the entire time since we need to disable them at
474 * least once for the stats anyway. 475 * least once for the stats anyway.
@@ -503,7 +504,7 @@ static noinline int early_drop(struct net *net, unsigned int hash)
503 int dropped = 0; 504 int dropped = 0;
504 505
505 rcu_read_lock(); 506 rcu_read_lock();
506 for (i = 0; i < nf_conntrack_htable_size; i++) { 507 for (i = 0; i < net->ct.htable_size; i++) {
507 hlist_nulls_for_each_entry_rcu(h, n, &net->ct.hash[hash], 508 hlist_nulls_for_each_entry_rcu(h, n, &net->ct.hash[hash],
508 hnnode) { 509 hnnode) {
509 tmp = nf_ct_tuplehash_to_ctrack(h); 510 tmp = nf_ct_tuplehash_to_ctrack(h);
@@ -523,7 +524,7 @@ static noinline int early_drop(struct net *net, unsigned int hash)
523 if (cnt >= NF_CT_EVICTION_RANGE) 524 if (cnt >= NF_CT_EVICTION_RANGE)
524 break; 525 break;
525 526
526 hash = (hash + 1) % nf_conntrack_htable_size; 527 hash = (hash + 1) % net->ct.htable_size;
527 } 528 }
528 rcu_read_unlock(); 529 rcu_read_unlock();
529 530
@@ -557,7 +558,7 @@ struct nf_conn *nf_conntrack_alloc(struct net *net,
557 558
558 if (nf_conntrack_max && 559 if (nf_conntrack_max &&
559 unlikely(atomic_read(&net->ct.count) > nf_conntrack_max)) { 560 unlikely(atomic_read(&net->ct.count) > nf_conntrack_max)) {
560 unsigned int hash = hash_conntrack(orig); 561 unsigned int hash = hash_conntrack(net, orig);
561 if (!early_drop(net, hash)) { 562 if (!early_drop(net, hash)) {
562 atomic_dec(&net->ct.count); 563 atomic_dec(&net->ct.count);
563 if (net_ratelimit()) 564 if (net_ratelimit())
@@ -572,7 +573,7 @@ struct nf_conn *nf_conntrack_alloc(struct net *net,
572 * Do not use kmem_cache_zalloc(), as this cache uses 573 * Do not use kmem_cache_zalloc(), as this cache uses
573 * SLAB_DESTROY_BY_RCU. 574 * SLAB_DESTROY_BY_RCU.
574 */ 575 */
575 ct = kmem_cache_alloc(nf_conntrack_cachep, gfp); 576 ct = kmem_cache_alloc(net->ct.nf_conntrack_cachep, gfp);
576 if (ct == NULL) { 577 if (ct == NULL) {
577 pr_debug("nf_conntrack_alloc: Can't alloc conntrack.\n"); 578 pr_debug("nf_conntrack_alloc: Can't alloc conntrack.\n");
578 atomic_dec(&net->ct.count); 579 atomic_dec(&net->ct.count);
@@ -611,7 +612,7 @@ void nf_conntrack_free(struct nf_conn *ct)
611 nf_ct_ext_destroy(ct); 612 nf_ct_ext_destroy(ct);
612 atomic_dec(&net->ct.count); 613 atomic_dec(&net->ct.count);
613 nf_ct_ext_free(ct); 614 nf_ct_ext_free(ct);
614 kmem_cache_free(nf_conntrack_cachep, ct); 615 kmem_cache_free(net->ct.nf_conntrack_cachep, ct);
615} 616}
616EXPORT_SYMBOL_GPL(nf_conntrack_free); 617EXPORT_SYMBOL_GPL(nf_conntrack_free);
617 618
@@ -1014,7 +1015,7 @@ get_next_corpse(struct net *net, int (*iter)(struct nf_conn *i, void *data),
1014 struct hlist_nulls_node *n; 1015 struct hlist_nulls_node *n;
1015 1016
1016 spin_lock_bh(&nf_conntrack_lock); 1017 spin_lock_bh(&nf_conntrack_lock);
1017 for (; *bucket < nf_conntrack_htable_size; (*bucket)++) { 1018 for (; *bucket < net->ct.htable_size; (*bucket)++) {
1018 hlist_nulls_for_each_entry(h, n, &net->ct.hash[*bucket], hnnode) { 1019 hlist_nulls_for_each_entry(h, n, &net->ct.hash[*bucket], hnnode) {
1019 ct = nf_ct_tuplehash_to_ctrack(h); 1020 ct = nf_ct_tuplehash_to_ctrack(h);
1020 if (iter(ct, data)) 1021 if (iter(ct, data))
@@ -1113,9 +1114,12 @@ static void nf_ct_release_dying_list(struct net *net)
1113 1114
1114static void nf_conntrack_cleanup_init_net(void) 1115static void nf_conntrack_cleanup_init_net(void)
1115{ 1116{
1117 /* wait until all references to nf_conntrack_untracked are dropped */
1118 while (atomic_read(&nf_conntrack_untracked.ct_general.use) > 1)
1119 schedule();
1120
1116 nf_conntrack_helper_fini(); 1121 nf_conntrack_helper_fini();
1117 nf_conntrack_proto_fini(); 1122 nf_conntrack_proto_fini();
1118 kmem_cache_destroy(nf_conntrack_cachep);
1119} 1123}
1120 1124
1121static void nf_conntrack_cleanup_net(struct net *net) 1125static void nf_conntrack_cleanup_net(struct net *net)
@@ -1127,15 +1131,14 @@ static void nf_conntrack_cleanup_net(struct net *net)
1127 schedule(); 1131 schedule();
1128 goto i_see_dead_people; 1132 goto i_see_dead_people;
1129 } 1133 }
1130 /* wait until all references to nf_conntrack_untracked are dropped */
1131 while (atomic_read(&nf_conntrack_untracked.ct_general.use) > 1)
1132 schedule();
1133 1134
1134 nf_ct_free_hashtable(net->ct.hash, net->ct.hash_vmalloc, 1135 nf_ct_free_hashtable(net->ct.hash, net->ct.hash_vmalloc,
1135 nf_conntrack_htable_size); 1136 net->ct.htable_size);
1136 nf_conntrack_ecache_fini(net); 1137 nf_conntrack_ecache_fini(net);
1137 nf_conntrack_acct_fini(net); 1138 nf_conntrack_acct_fini(net);
1138 nf_conntrack_expect_fini(net); 1139 nf_conntrack_expect_fini(net);
1140 kmem_cache_destroy(net->ct.nf_conntrack_cachep);
1141 kfree(net->ct.slabname);
1139 free_percpu(net->ct.stat); 1142 free_percpu(net->ct.stat);
1140} 1143}
1141 1144
@@ -1190,10 +1193,12 @@ int nf_conntrack_set_hashsize(const char *val, struct kernel_param *kp)
1190{ 1193{
1191 int i, bucket, vmalloced, old_vmalloced; 1194 int i, bucket, vmalloced, old_vmalloced;
1192 unsigned int hashsize, old_size; 1195 unsigned int hashsize, old_size;
1193 int rnd;
1194 struct hlist_nulls_head *hash, *old_hash; 1196 struct hlist_nulls_head *hash, *old_hash;
1195 struct nf_conntrack_tuple_hash *h; 1197 struct nf_conntrack_tuple_hash *h;
1196 1198
1199 if (current->nsproxy->net_ns != &init_net)
1200 return -EOPNOTSUPP;
1201
1197 /* On boot, we can set this without any fancy locking. */ 1202 /* On boot, we can set this without any fancy locking. */
1198 if (!nf_conntrack_htable_size) 1203 if (!nf_conntrack_htable_size)
1199 return param_set_uint(val, kp); 1204 return param_set_uint(val, kp);
@@ -1206,33 +1211,29 @@ int nf_conntrack_set_hashsize(const char *val, struct kernel_param *kp)
1206 if (!hash) 1211 if (!hash)
1207 return -ENOMEM; 1212 return -ENOMEM;
1208 1213
1209 /* We have to rehahs for the new table anyway, so we also can
1210 * use a newrandom seed */
1211 get_random_bytes(&rnd, sizeof(rnd));
1212
1213 /* Lookups in the old hash might happen in parallel, which means we 1214 /* Lookups in the old hash might happen in parallel, which means we
1214 * might get false negatives during connection lookup. New connections 1215 * might get false negatives during connection lookup. New connections
1215 * created because of a false negative won't make it into the hash 1216 * created because of a false negative won't make it into the hash
1216 * though since that required taking the lock. 1217 * though since that required taking the lock.
1217 */ 1218 */
1218 spin_lock_bh(&nf_conntrack_lock); 1219 spin_lock_bh(&nf_conntrack_lock);
1219 for (i = 0; i < nf_conntrack_htable_size; i++) { 1220 for (i = 0; i < init_net.ct.htable_size; i++) {
1220 while (!hlist_nulls_empty(&init_net.ct.hash[i])) { 1221 while (!hlist_nulls_empty(&init_net.ct.hash[i])) {
1221 h = hlist_nulls_entry(init_net.ct.hash[i].first, 1222 h = hlist_nulls_entry(init_net.ct.hash[i].first,
1222 struct nf_conntrack_tuple_hash, hnnode); 1223 struct nf_conntrack_tuple_hash, hnnode);
1223 hlist_nulls_del_rcu(&h->hnnode); 1224 hlist_nulls_del_rcu(&h->hnnode);
1224 bucket = __hash_conntrack(&h->tuple, hashsize, rnd); 1225 bucket = __hash_conntrack(&h->tuple, hashsize,
1226 nf_conntrack_hash_rnd);
1225 hlist_nulls_add_head_rcu(&h->hnnode, &hash[bucket]); 1227 hlist_nulls_add_head_rcu(&h->hnnode, &hash[bucket]);
1226 } 1228 }
1227 } 1229 }
1228 old_size = nf_conntrack_htable_size; 1230 old_size = init_net.ct.htable_size;
1229 old_vmalloced = init_net.ct.hash_vmalloc; 1231 old_vmalloced = init_net.ct.hash_vmalloc;
1230 old_hash = init_net.ct.hash; 1232 old_hash = init_net.ct.hash;
1231 1233
1232 nf_conntrack_htable_size = hashsize; 1234 init_net.ct.htable_size = nf_conntrack_htable_size = hashsize;
1233 init_net.ct.hash_vmalloc = vmalloced; 1235 init_net.ct.hash_vmalloc = vmalloced;
1234 init_net.ct.hash = hash; 1236 init_net.ct.hash = hash;
1235 nf_conntrack_hash_rnd = rnd;
1236 spin_unlock_bh(&nf_conntrack_lock); 1237 spin_unlock_bh(&nf_conntrack_lock);
1237 1238
1238 nf_ct_free_hashtable(old_hash, old_vmalloced, old_size); 1239 nf_ct_free_hashtable(old_hash, old_vmalloced, old_size);
@@ -1271,15 +1272,6 @@ static int nf_conntrack_init_init_net(void)
1271 NF_CONNTRACK_VERSION, nf_conntrack_htable_size, 1272 NF_CONNTRACK_VERSION, nf_conntrack_htable_size,
1272 nf_conntrack_max); 1273 nf_conntrack_max);
1273 1274
1274 nf_conntrack_cachep = kmem_cache_create("nf_conntrack",
1275 sizeof(struct nf_conn),
1276 0, SLAB_DESTROY_BY_RCU, NULL);
1277 if (!nf_conntrack_cachep) {
1278 printk(KERN_ERR "Unable to create nf_conn slab cache\n");
1279 ret = -ENOMEM;
1280 goto err_cache;
1281 }
1282
1283 ret = nf_conntrack_proto_init(); 1275 ret = nf_conntrack_proto_init();
1284 if (ret < 0) 1276 if (ret < 0)
1285 goto err_proto; 1277 goto err_proto;
@@ -1288,13 +1280,19 @@ static int nf_conntrack_init_init_net(void)
1288 if (ret < 0) 1280 if (ret < 0)
1289 goto err_helper; 1281 goto err_helper;
1290 1282
1283 /* Set up fake conntrack: to never be deleted, not in any hashes */
1284#ifdef CONFIG_NET_NS
1285 nf_conntrack_untracked.ct_net = &init_net;
1286#endif
1287 atomic_set(&nf_conntrack_untracked.ct_general.use, 1);
1288 /* - and look it like as a confirmed connection */
1289 set_bit(IPS_CONFIRMED_BIT, &nf_conntrack_untracked.status);
1290
1291 return 0; 1291 return 0;
1292 1292
1293err_helper: 1293err_helper:
1294 nf_conntrack_proto_fini(); 1294 nf_conntrack_proto_fini();
1295err_proto: 1295err_proto:
1296 kmem_cache_destroy(nf_conntrack_cachep);
1297err_cache:
1298 return ret; 1296 return ret;
1299} 1297}
1300 1298
@@ -1316,7 +1314,24 @@ static int nf_conntrack_init_net(struct net *net)
1316 ret = -ENOMEM; 1314 ret = -ENOMEM;
1317 goto err_stat; 1315 goto err_stat;
1318 } 1316 }
1319 net->ct.hash = nf_ct_alloc_hashtable(&nf_conntrack_htable_size, 1317
1318 net->ct.slabname = kasprintf(GFP_KERNEL, "nf_conntrack_%p", net);
1319 if (!net->ct.slabname) {
1320 ret = -ENOMEM;
1321 goto err_slabname;
1322 }
1323
1324 net->ct.nf_conntrack_cachep = kmem_cache_create(net->ct.slabname,
1325 sizeof(struct nf_conn), 0,
1326 SLAB_DESTROY_BY_RCU, NULL);
1327 if (!net->ct.nf_conntrack_cachep) {
1328 printk(KERN_ERR "Unable to create nf_conn slab cache\n");
1329 ret = -ENOMEM;
1330 goto err_cache;
1331 }
1332
1333 net->ct.htable_size = nf_conntrack_htable_size;
1334 net->ct.hash = nf_ct_alloc_hashtable(&net->ct.htable_size,
1320 &net->ct.hash_vmalloc, 1); 1335 &net->ct.hash_vmalloc, 1);
1321 if (!net->ct.hash) { 1336 if (!net->ct.hash) {
1322 ret = -ENOMEM; 1337 ret = -ENOMEM;
@@ -1333,15 +1348,6 @@ static int nf_conntrack_init_net(struct net *net)
1333 if (ret < 0) 1348 if (ret < 0)
1334 goto err_ecache; 1349 goto err_ecache;
1335 1350
1336 /* Set up fake conntrack:
1337 - to never be deleted, not in any hashes */
1338#ifdef CONFIG_NET_NS
1339 nf_conntrack_untracked.ct_net = &init_net;
1340#endif
1341 atomic_set(&nf_conntrack_untracked.ct_general.use, 1);
1342 /* - and look it like as a confirmed connection */
1343 set_bit(IPS_CONFIRMED_BIT, &nf_conntrack_untracked.status);
1344
1345 return 0; 1351 return 0;
1346 1352
1347err_ecache: 1353err_ecache:
@@ -1350,8 +1356,12 @@ err_acct:
1350 nf_conntrack_expect_fini(net); 1356 nf_conntrack_expect_fini(net);
1351err_expect: 1357err_expect:
1352 nf_ct_free_hashtable(net->ct.hash, net->ct.hash_vmalloc, 1358 nf_ct_free_hashtable(net->ct.hash, net->ct.hash_vmalloc,
1353 nf_conntrack_htable_size); 1359 net->ct.htable_size);
1354err_hash: 1360err_hash:
1361 kmem_cache_destroy(net->ct.nf_conntrack_cachep);
1362err_cache:
1363 kfree(net->ct.slabname);
1364err_slabname:
1355 free_percpu(net->ct.stat); 1365 free_percpu(net->ct.stat);
1356err_stat: 1366err_stat:
1357 return ret; 1367 return ret;
diff --git a/net/netfilter/nf_conntrack_expect.c b/net/netfilter/nf_conntrack_expect.c
index fdf5d2a1d9b4..2f25ff610982 100644
--- a/net/netfilter/nf_conntrack_expect.c
+++ b/net/netfilter/nf_conntrack_expect.c
@@ -569,7 +569,7 @@ static void exp_proc_remove(struct net *net)
569#endif /* CONFIG_PROC_FS */ 569#endif /* CONFIG_PROC_FS */
570} 570}
571 571
572module_param_named(expect_hashsize, nf_ct_expect_hsize, uint, 0600); 572module_param_named(expect_hashsize, nf_ct_expect_hsize, uint, 0400);
573 573
574int nf_conntrack_expect_init(struct net *net) 574int nf_conntrack_expect_init(struct net *net)
575{ 575{
@@ -577,7 +577,7 @@ int nf_conntrack_expect_init(struct net *net)
577 577
578 if (net_eq(net, &init_net)) { 578 if (net_eq(net, &init_net)) {
579 if (!nf_ct_expect_hsize) { 579 if (!nf_ct_expect_hsize) {
580 nf_ct_expect_hsize = nf_conntrack_htable_size / 256; 580 nf_ct_expect_hsize = net->ct.htable_size / 256;
581 if (!nf_ct_expect_hsize) 581 if (!nf_ct_expect_hsize)
582 nf_ct_expect_hsize = 1; 582 nf_ct_expect_hsize = 1;
583 } 583 }
diff --git a/net/netfilter/nf_conntrack_ftp.c b/net/netfilter/nf_conntrack_ftp.c
index 38ea7ef3ccd2..f0732aa18e4f 100644
--- a/net/netfilter/nf_conntrack_ftp.c
+++ b/net/netfilter/nf_conntrack_ftp.c
@@ -323,24 +323,24 @@ static void update_nl_seq(struct nf_conn *ct, u32 nl_seq,
323 struct nf_ct_ftp_master *info, int dir, 323 struct nf_ct_ftp_master *info, int dir,
324 struct sk_buff *skb) 324 struct sk_buff *skb)
325{ 325{
326 unsigned int i, oldest = NUM_SEQ_TO_REMEMBER; 326 unsigned int i, oldest;
327 327
328 /* Look for oldest: if we find exact match, we're done. */ 328 /* Look for oldest: if we find exact match, we're done. */
329 for (i = 0; i < info->seq_aft_nl_num[dir]; i++) { 329 for (i = 0; i < info->seq_aft_nl_num[dir]; i++) {
330 if (info->seq_aft_nl[dir][i] == nl_seq) 330 if (info->seq_aft_nl[dir][i] == nl_seq)
331 return; 331 return;
332
333 if (oldest == info->seq_aft_nl_num[dir] ||
334 before(info->seq_aft_nl[dir][i],
335 info->seq_aft_nl[dir][oldest]))
336 oldest = i;
337 } 332 }
338 333
339 if (info->seq_aft_nl_num[dir] < NUM_SEQ_TO_REMEMBER) { 334 if (info->seq_aft_nl_num[dir] < NUM_SEQ_TO_REMEMBER) {
340 info->seq_aft_nl[dir][info->seq_aft_nl_num[dir]++] = nl_seq; 335 info->seq_aft_nl[dir][info->seq_aft_nl_num[dir]++] = nl_seq;
341 } else if (oldest != NUM_SEQ_TO_REMEMBER && 336 } else {
342 after(nl_seq, info->seq_aft_nl[dir][oldest])) { 337 if (before(info->seq_aft_nl[dir][0], info->seq_aft_nl[dir][1]))
343 info->seq_aft_nl[dir][oldest] = nl_seq; 338 oldest = 0;
339 else
340 oldest = 1;
341
342 if (after(nl_seq, info->seq_aft_nl[dir][oldest]))
343 info->seq_aft_nl[dir][oldest] = nl_seq;
344 } 344 }
345} 345}
346 346
diff --git a/net/netfilter/nf_conntrack_helper.c b/net/netfilter/nf_conntrack_helper.c
index 65c2a7bc3afc..4b1a56bd074c 100644
--- a/net/netfilter/nf_conntrack_helper.c
+++ b/net/netfilter/nf_conntrack_helper.c
@@ -192,7 +192,7 @@ static void __nf_conntrack_helper_unregister(struct nf_conntrack_helper *me,
192 /* Get rid of expecteds, set helpers to NULL. */ 192 /* Get rid of expecteds, set helpers to NULL. */
193 hlist_nulls_for_each_entry(h, nn, &net->ct.unconfirmed, hnnode) 193 hlist_nulls_for_each_entry(h, nn, &net->ct.unconfirmed, hnnode)
194 unhelp(h, me); 194 unhelp(h, me);
195 for (i = 0; i < nf_conntrack_htable_size; i++) { 195 for (i = 0; i < net->ct.htable_size; i++) {
196 hlist_nulls_for_each_entry(h, nn, &net->ct.hash[i], hnnode) 196 hlist_nulls_for_each_entry(h, nn, &net->ct.hash[i], hnnode)
197 unhelp(h, me); 197 unhelp(h, me);
198 } 198 }
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 59d8064eb522..0ffe689dfe97 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -594,7 +594,7 @@ ctnetlink_dump_table(struct sk_buff *skb, struct netlink_callback *cb)
594 594
595 rcu_read_lock(); 595 rcu_read_lock();
596 last = (struct nf_conn *)cb->args[1]; 596 last = (struct nf_conn *)cb->args[1];
597 for (; cb->args[0] < nf_conntrack_htable_size; cb->args[0]++) { 597 for (; cb->args[0] < init_net.ct.htable_size; cb->args[0]++) {
598restart: 598restart:
599 hlist_nulls_for_each_entry_rcu(h, n, &init_net.ct.hash[cb->args[0]], 599 hlist_nulls_for_each_entry_rcu(h, n, &init_net.ct.hash[cb->args[0]],
600 hnnode) { 600 hnnode) {
@@ -1437,8 +1437,9 @@ ctnetlink_exp_dump_mask(struct sk_buff *skb,
1437 struct nlattr *nest_parms; 1437 struct nlattr *nest_parms;
1438 1438
1439 memset(&m, 0xFF, sizeof(m)); 1439 memset(&m, 0xFF, sizeof(m));
1440 m.src.u.all = mask->src.u.all;
1441 memcpy(&m.src.u3, &mask->src.u3, sizeof(m.src.u3)); 1440 memcpy(&m.src.u3, &mask->src.u3, sizeof(m.src.u3));
1441 m.src.u.all = mask->src.u.all;
1442 m.dst.protonum = tuple->dst.protonum;
1442 1443
1443 nest_parms = nla_nest_start(skb, CTA_EXPECT_MASK | NLA_F_NESTED); 1444 nest_parms = nla_nest_start(skb, CTA_EXPECT_MASK | NLA_F_NESTED);
1444 if (!nest_parms) 1445 if (!nest_parms)
diff --git a/net/netfilter/nf_conntrack_sip.c b/net/netfilter/nf_conntrack_sip.c
index 4b572163784b..023966b569bf 100644
--- a/net/netfilter/nf_conntrack_sip.c
+++ b/net/netfilter/nf_conntrack_sip.c
@@ -376,7 +376,7 @@ int ct_sip_get_header(const struct nf_conn *ct, const char *dptr,
376 dptr += hdr->len; 376 dptr += hdr->len;
377 else if (hdr->cname && limit - dptr >= hdr->clen + 1 && 377 else if (hdr->cname && limit - dptr >= hdr->clen + 1 &&
378 strnicmp(dptr, hdr->cname, hdr->clen) == 0 && 378 strnicmp(dptr, hdr->cname, hdr->clen) == 0 &&
379 !isalpha(*(dptr + hdr->clen + 1))) 379 !isalpha(*(dptr + hdr->clen)))
380 dptr += hdr->clen; 380 dptr += hdr->clen;
381 else 381 else
382 continue; 382 continue;
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
index 028aba667ef7..e310f1561bb2 100644
--- a/net/netfilter/nf_conntrack_standalone.c
+++ b/net/netfilter/nf_conntrack_standalone.c
@@ -51,7 +51,7 @@ static struct hlist_nulls_node *ct_get_first(struct seq_file *seq)
51 struct hlist_nulls_node *n; 51 struct hlist_nulls_node *n;
52 52
53 for (st->bucket = 0; 53 for (st->bucket = 0;
54 st->bucket < nf_conntrack_htable_size; 54 st->bucket < net->ct.htable_size;
55 st->bucket++) { 55 st->bucket++) {
56 n = rcu_dereference(net->ct.hash[st->bucket].first); 56 n = rcu_dereference(net->ct.hash[st->bucket].first);
57 if (!is_a_nulls(n)) 57 if (!is_a_nulls(n))
@@ -69,7 +69,7 @@ static struct hlist_nulls_node *ct_get_next(struct seq_file *seq,
69 head = rcu_dereference(head->next); 69 head = rcu_dereference(head->next);
70 while (is_a_nulls(head)) { 70 while (is_a_nulls(head)) {
71 if (likely(get_nulls_value(head) == st->bucket)) { 71 if (likely(get_nulls_value(head) == st->bucket)) {
72 if (++st->bucket >= nf_conntrack_htable_size) 72 if (++st->bucket >= net->ct.htable_size)
73 return NULL; 73 return NULL;
74 } 74 }
75 head = rcu_dereference(net->ct.hash[st->bucket].first); 75 head = rcu_dereference(net->ct.hash[st->bucket].first);
@@ -355,7 +355,7 @@ static ctl_table nf_ct_sysctl_table[] = {
355 }, 355 },
356 { 356 {
357 .procname = "nf_conntrack_buckets", 357 .procname = "nf_conntrack_buckets",
358 .data = &nf_conntrack_htable_size, 358 .data = &init_net.ct.htable_size,
359 .maxlen = sizeof(unsigned int), 359 .maxlen = sizeof(unsigned int),
360 .mode = 0444, 360 .mode = 0444,
361 .proc_handler = proc_dointvec, 361 .proc_handler = proc_dointvec,
@@ -421,6 +421,7 @@ static int nf_conntrack_standalone_init_sysctl(struct net *net)
421 goto out_kmemdup; 421 goto out_kmemdup;
422 422
423 table[1].data = &net->ct.count; 423 table[1].data = &net->ct.count;
424 table[2].data = &net->ct.htable_size;
424 table[3].data = &net->ct.sysctl_checksum; 425 table[3].data = &net->ct.sysctl_checksum;
425 table[4].data = &net->ct.sysctl_log_invalid; 426 table[4].data = &net->ct.sysctl_log_invalid;
426 427
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index a4957bf2ca60..4c5972ba8c78 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -455,9 +455,14 @@ static int netlink_create(struct net *net, struct socket *sock, int protocol,
455 if (nl_table[protocol].registered && 455 if (nl_table[protocol].registered &&
456 try_module_get(nl_table[protocol].module)) 456 try_module_get(nl_table[protocol].module))
457 module = nl_table[protocol].module; 457 module = nl_table[protocol].module;
458 else
459 err = -EPROTONOSUPPORT;
458 cb_mutex = nl_table[protocol].cb_mutex; 460 cb_mutex = nl_table[protocol].cb_mutex;
459 netlink_unlock_table(); 461 netlink_unlock_table();
460 462
463 if (err < 0)
464 goto out;
465
461 err = __netlink_create(net, sock, cb_mutex, protocol); 466 err = __netlink_create(net, sock, cb_mutex, protocol);
462 if (err < 0) 467 if (err < 0)
463 goto out_module; 468 goto out_module;
diff --git a/net/netrom/nr_route.c b/net/netrom/nr_route.c
index aacba76070fc..e2e2d33cafdf 100644
--- a/net/netrom/nr_route.c
+++ b/net/netrom/nr_route.c
@@ -843,12 +843,13 @@ int nr_route_frame(struct sk_buff *skb, ax25_cb *ax25)
843 dptr = skb_push(skb, 1); 843 dptr = skb_push(skb, 1);
844 *dptr = AX25_P_NETROM; 844 *dptr = AX25_P_NETROM;
845 845
846 ax25s = ax25_send_frame(skb, 256, (ax25_address *)dev->dev_addr, &nr_neigh->callsign, nr_neigh->digipeat, nr_neigh->dev); 846 ax25s = nr_neigh->ax25;
847 if (nr_neigh->ax25 && ax25s) { 847 nr_neigh->ax25 = ax25_send_frame(skb, 256,
848 /* We were already holding this ax25_cb */ 848 (ax25_address *)dev->dev_addr,
849 &nr_neigh->callsign,
850 nr_neigh->digipeat, nr_neigh->dev);
851 if (ax25s)
849 ax25_cb_put(ax25s); 852 ax25_cb_put(ax25s);
850 }
851 nr_neigh->ax25 = ax25s;
852 853
853 dev_put(dev); 854 dev_put(dev);
854 ret = (nr_neigh->ax25 != NULL); 855 ret = (nr_neigh->ax25 != NULL);
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
index e0516a22be2e..f126d18dbdc4 100644
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -1021,8 +1021,20 @@ static int tpacket_snd(struct packet_sock *po, struct msghdr *msg)
1021 1021
1022 status = TP_STATUS_SEND_REQUEST; 1022 status = TP_STATUS_SEND_REQUEST;
1023 err = dev_queue_xmit(skb); 1023 err = dev_queue_xmit(skb);
1024 if (unlikely(err > 0 && (err = net_xmit_errno(err)) != 0)) 1024 if (unlikely(err > 0)) {
1025 goto out_xmit; 1025 err = net_xmit_errno(err);
1026 if (err && __packet_get_status(po, ph) ==
1027 TP_STATUS_AVAILABLE) {
1028 /* skb was destructed already */
1029 skb = NULL;
1030 goto out_status;
1031 }
1032 /*
1033 * skb was dropped but not destructed yet;
1034 * let's treat it like congestion or err < 0
1035 */
1036 err = 0;
1037 }
1026 packet_increment_head(&po->tx_ring); 1038 packet_increment_head(&po->tx_ring);
1027 len_sum += tp_len; 1039 len_sum += tp_len;
1028 } while (likely((ph != NULL) || 1040 } while (likely((ph != NULL) ||
@@ -1033,9 +1045,6 @@ static int tpacket_snd(struct packet_sock *po, struct msghdr *msg)
1033 err = len_sum; 1045 err = len_sum;
1034 goto out_put; 1046 goto out_put;
1035 1047
1036out_xmit:
1037 skb->destructor = sock_wfree;
1038 atomic_dec(&po->tx_ring.pending);
1039out_status: 1048out_status:
1040 __packet_set_status(po, ph, status); 1049 __packet_set_status(po, ph, status);
1041 kfree_skb(skb); 1050 kfree_skb(skb);
diff --git a/net/rose/rose_link.c b/net/rose/rose_link.c
index bd86a63960ce..5ef5f6988a2e 100644
--- a/net/rose/rose_link.c
+++ b/net/rose/rose_link.c
@@ -101,13 +101,17 @@ static void rose_t0timer_expiry(unsigned long param)
101static int rose_send_frame(struct sk_buff *skb, struct rose_neigh *neigh) 101static int rose_send_frame(struct sk_buff *skb, struct rose_neigh *neigh)
102{ 102{
103 ax25_address *rose_call; 103 ax25_address *rose_call;
104 ax25_cb *ax25s;
104 105
105 if (ax25cmp(&rose_callsign, &null_ax25_address) == 0) 106 if (ax25cmp(&rose_callsign, &null_ax25_address) == 0)
106 rose_call = (ax25_address *)neigh->dev->dev_addr; 107 rose_call = (ax25_address *)neigh->dev->dev_addr;
107 else 108 else
108 rose_call = &rose_callsign; 109 rose_call = &rose_callsign;
109 110
111 ax25s = neigh->ax25;
110 neigh->ax25 = ax25_send_frame(skb, 260, rose_call, &neigh->callsign, neigh->digipeat, neigh->dev); 112 neigh->ax25 = ax25_send_frame(skb, 260, rose_call, &neigh->callsign, neigh->digipeat, neigh->dev);
113 if (ax25s)
114 ax25_cb_put(ax25s);
111 115
112 return (neigh->ax25 != NULL); 116 return (neigh->ax25 != NULL);
113} 117}
@@ -120,13 +124,17 @@ static int rose_send_frame(struct sk_buff *skb, struct rose_neigh *neigh)
120static int rose_link_up(struct rose_neigh *neigh) 124static int rose_link_up(struct rose_neigh *neigh)
121{ 125{
122 ax25_address *rose_call; 126 ax25_address *rose_call;
127 ax25_cb *ax25s;
123 128
124 if (ax25cmp(&rose_callsign, &null_ax25_address) == 0) 129 if (ax25cmp(&rose_callsign, &null_ax25_address) == 0)
125 rose_call = (ax25_address *)neigh->dev->dev_addr; 130 rose_call = (ax25_address *)neigh->dev->dev_addr;
126 else 131 else
127 rose_call = &rose_callsign; 132 rose_call = &rose_callsign;
128 133
134 ax25s = neigh->ax25;
129 neigh->ax25 = ax25_find_cb(rose_call, &neigh->callsign, neigh->digipeat, neigh->dev); 135 neigh->ax25 = ax25_find_cb(rose_call, &neigh->callsign, neigh->digipeat, neigh->dev);
136 if (ax25s)
137 ax25_cb_put(ax25s);
130 138
131 return (neigh->ax25 != NULL); 139 return (neigh->ax25 != NULL);
132} 140}
diff --git a/net/rose/rose_loopback.c b/net/rose/rose_loopback.c
index 114df6eec8c3..968e8bac1b5d 100644
--- a/net/rose/rose_loopback.c
+++ b/net/rose/rose_loopback.c
@@ -75,7 +75,7 @@ static void rose_loopback_timer(unsigned long param)
75 lci_i = ((skb->data[0] << 8) & 0xF00) + ((skb->data[1] << 0) & 0x0FF); 75 lci_i = ((skb->data[0] << 8) & 0xF00) + ((skb->data[1] << 0) & 0x0FF);
76 frametype = skb->data[2]; 76 frametype = skb->data[2];
77 dest = (rose_address *)(skb->data + 4); 77 dest = (rose_address *)(skb->data + 4);
78 lci_o = 0xFFF - lci_i; 78 lci_o = ROSE_DEFAULT_MAXVC + 1 - lci_i;
79 79
80 skb_reset_transport_header(skb); 80 skb_reset_transport_header(skb);
81 81
diff --git a/net/rose/rose_route.c b/net/rose/rose_route.c
index 795c4b025e31..70a0b3b4b4d2 100644
--- a/net/rose/rose_route.c
+++ b/net/rose/rose_route.c
@@ -235,6 +235,8 @@ static void rose_remove_neigh(struct rose_neigh *rose_neigh)
235 235
236 if ((s = rose_neigh_list) == rose_neigh) { 236 if ((s = rose_neigh_list) == rose_neigh) {
237 rose_neigh_list = rose_neigh->next; 237 rose_neigh_list = rose_neigh->next;
238 if (rose_neigh->ax25)
239 ax25_cb_put(rose_neigh->ax25);
238 kfree(rose_neigh->digipeat); 240 kfree(rose_neigh->digipeat);
239 kfree(rose_neigh); 241 kfree(rose_neigh);
240 return; 242 return;
@@ -243,6 +245,8 @@ static void rose_remove_neigh(struct rose_neigh *rose_neigh)
243 while (s != NULL && s->next != NULL) { 245 while (s != NULL && s->next != NULL) {
244 if (s->next == rose_neigh) { 246 if (s->next == rose_neigh) {
245 s->next = rose_neigh->next; 247 s->next = rose_neigh->next;
248 if (rose_neigh->ax25)
249 ax25_cb_put(rose_neigh->ax25);
246 kfree(rose_neigh->digipeat); 250 kfree(rose_neigh->digipeat);
247 kfree(rose_neigh); 251 kfree(rose_neigh);
248 return; 252 return;
@@ -812,6 +816,7 @@ void rose_link_failed(ax25_cb *ax25, int reason)
812 816
813 if (rose_neigh != NULL) { 817 if (rose_neigh != NULL) {
814 rose_neigh->ax25 = NULL; 818 rose_neigh->ax25 = NULL;
819 ax25_cb_put(ax25);
815 820
816 rose_del_route_by_neigh(rose_neigh); 821 rose_del_route_by_neigh(rose_neigh);
817 rose_kill_by_neigh(rose_neigh); 822 rose_kill_by_neigh(rose_neigh);
diff --git a/net/sched/Kconfig b/net/sched/Kconfig
index 929218a47620..21f9c7678aa3 100644
--- a/net/sched/Kconfig
+++ b/net/sched/Kconfig
@@ -433,7 +433,7 @@ config NET_ACT_POLICE
433 module. 433 module.
434 434
435 To compile this code as a module, choose M here: the 435 To compile this code as a module, choose M here: the
436 module will be called police. 436 module will be called act_police.
437 437
438config NET_ACT_GACT 438config NET_ACT_GACT
439 tristate "Generic actions" 439 tristate "Generic actions"
@@ -443,7 +443,7 @@ config NET_ACT_GACT
443 accepting packets. 443 accepting packets.
444 444
445 To compile this code as a module, choose M here: the 445 To compile this code as a module, choose M here: the
446 module will be called gact. 446 module will be called act_gact.
447 447
448config GACT_PROB 448config GACT_PROB
449 bool "Probability support" 449 bool "Probability support"
@@ -459,7 +459,7 @@ config NET_ACT_MIRRED
459 other devices. 459 other devices.
460 460
461 To compile this code as a module, choose M here: the 461 To compile this code as a module, choose M here: the
462 module will be called mirred. 462 module will be called act_mirred.
463 463
464config NET_ACT_IPT 464config NET_ACT_IPT
465 tristate "IPtables targets" 465 tristate "IPtables targets"
@@ -469,7 +469,7 @@ config NET_ACT_IPT
469 classification. 469 classification.
470 470
471 To compile this code as a module, choose M here: the 471 To compile this code as a module, choose M here: the
472 module will be called ipt. 472 module will be called act_ipt.
473 473
474config NET_ACT_NAT 474config NET_ACT_NAT
475 tristate "Stateless NAT" 475 tristate "Stateless NAT"
@@ -479,7 +479,7 @@ config NET_ACT_NAT
479 netfilter for NAT unless you know what you are doing. 479 netfilter for NAT unless you know what you are doing.
480 480
481 To compile this code as a module, choose M here: the 481 To compile this code as a module, choose M here: the
482 module will be called nat. 482 module will be called act_nat.
483 483
484config NET_ACT_PEDIT 484config NET_ACT_PEDIT
485 tristate "Packet Editing" 485 tristate "Packet Editing"
@@ -488,7 +488,7 @@ config NET_ACT_PEDIT
488 Say Y here if you want to mangle the content of packets. 488 Say Y here if you want to mangle the content of packets.
489 489
490 To compile this code as a module, choose M here: the 490 To compile this code as a module, choose M here: the
491 module will be called pedit. 491 module will be called act_pedit.
492 492
493config NET_ACT_SIMP 493config NET_ACT_SIMP
494 tristate "Simple Example (Debug)" 494 tristate "Simple Example (Debug)"
@@ -502,7 +502,7 @@ config NET_ACT_SIMP
502 If unsure, say N. 502 If unsure, say N.
503 503
504 To compile this code as a module, choose M here: the 504 To compile this code as a module, choose M here: the
505 module will be called simple. 505 module will be called act_simple.
506 506
507config NET_ACT_SKBEDIT 507config NET_ACT_SKBEDIT
508 tristate "SKB Editing" 508 tristate "SKB Editing"
@@ -513,7 +513,7 @@ config NET_ACT_SKBEDIT
513 If unsure, say N. 513 If unsure, say N.
514 514
515 To compile this code as a module, choose M here: the 515 To compile this code as a module, choose M here: the
516 module will be called skbedit. 516 module will be called act_skbedit.
517 517
518config NET_CLS_IND 518config NET_CLS_IND
519 bool "Incoming device classification" 519 bool "Incoming device classification"
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index 89ab66e54740..67fdac9d2d33 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -2087,8 +2087,7 @@ static int sctp_setsockopt_autoclose(struct sock *sk, char __user *optval,
2087 if (copy_from_user(&sp->autoclose, optval, optlen)) 2087 if (copy_from_user(&sp->autoclose, optval, optlen))
2088 return -EFAULT; 2088 return -EFAULT;
2089 /* make sure it won't exceed MAX_SCHEDULE_TIMEOUT */ 2089 /* make sure it won't exceed MAX_SCHEDULE_TIMEOUT */
2090 if (sp->autoclose > (MAX_SCHEDULE_TIMEOUT / HZ) ) 2090 sp->autoclose = min_t(long, sp->autoclose, MAX_SCHEDULE_TIMEOUT / HZ);
2091 sp->autoclose = (__u32)(MAX_SCHEDULE_TIMEOUT / HZ) ;
2092 2091
2093 return 0; 2092 return 0;
2094} 2093}
diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
index 3c3c50f38a1c..f7a7f8380e38 100644
--- a/net/sunrpc/auth_gss/auth_gss.c
+++ b/net/sunrpc/auth_gss/auth_gss.c
@@ -644,7 +644,22 @@ gss_pipe_downcall(struct file *filp, const char __user *src, size_t mlen)
644 p = gss_fill_context(p, end, ctx, gss_msg->auth->mech); 644 p = gss_fill_context(p, end, ctx, gss_msg->auth->mech);
645 if (IS_ERR(p)) { 645 if (IS_ERR(p)) {
646 err = PTR_ERR(p); 646 err = PTR_ERR(p);
647 gss_msg->msg.errno = (err == -EAGAIN) ? -EAGAIN : -EACCES; 647 switch (err) {
648 case -EACCES:
649 gss_msg->msg.errno = err;
650 err = mlen;
651 break;
652 case -EFAULT:
653 case -ENOMEM:
654 case -EINVAL:
655 case -ENOSYS:
656 gss_msg->msg.errno = -EAGAIN;
657 break;
658 default:
659 printk(KERN_CRIT "%s: bad return from "
660 "gss_fill_context: %zd\n", __func__, err);
661 BUG();
662 }
648 goto err_release_msg; 663 goto err_release_msg;
649 } 664 }
650 gss_msg->ctx = gss_get_ctx(ctx); 665 gss_msg->ctx = gss_get_ctx(ctx);
diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_mech.c
index ef45eba22485..2deb0ed72ff4 100644
--- a/net/sunrpc/auth_gss/gss_krb5_mech.c
+++ b/net/sunrpc/auth_gss/gss_krb5_mech.c
@@ -131,8 +131,10 @@ gss_import_sec_context_kerberos(const void *p,
131 struct krb5_ctx *ctx; 131 struct krb5_ctx *ctx;
132 int tmp; 132 int tmp;
133 133
134 if (!(ctx = kzalloc(sizeof(*ctx), GFP_NOFS))) 134 if (!(ctx = kzalloc(sizeof(*ctx), GFP_NOFS))) {
135 p = ERR_PTR(-ENOMEM);
135 goto out_err; 136 goto out_err;
137 }
136 138
137 p = simple_get_bytes(p, end, &ctx->initiate, sizeof(ctx->initiate)); 139 p = simple_get_bytes(p, end, &ctx->initiate, sizeof(ctx->initiate));
138 if (IS_ERR(p)) 140 if (IS_ERR(p))
diff --git a/net/sunrpc/auth_gss/gss_mech_switch.c b/net/sunrpc/auth_gss/gss_mech_switch.c
index 6efbb0cd3c7c..76e4c6f4ac3c 100644
--- a/net/sunrpc/auth_gss/gss_mech_switch.c
+++ b/net/sunrpc/auth_gss/gss_mech_switch.c
@@ -252,7 +252,7 @@ gss_import_sec_context(const void *input_token, size_t bufsize,
252 struct gss_ctx **ctx_id) 252 struct gss_ctx **ctx_id)
253{ 253{
254 if (!(*ctx_id = kzalloc(sizeof(**ctx_id), GFP_KERNEL))) 254 if (!(*ctx_id = kzalloc(sizeof(**ctx_id), GFP_KERNEL)))
255 return GSS_S_FAILURE; 255 return -ENOMEM;
256 (*ctx_id)->mech_type = gss_mech_get(mech); 256 (*ctx_id)->mech_type = gss_mech_get(mech);
257 257
258 return mech->gm_ops 258 return mech->gm_ops
diff --git a/net/sunrpc/svc_xprt.c b/net/sunrpc/svc_xprt.c
index 1c924ee0a1ef..7d1f9e928f69 100644
--- a/net/sunrpc/svc_xprt.c
+++ b/net/sunrpc/svc_xprt.c
@@ -699,7 +699,8 @@ int svc_recv(struct svc_rqst *rqstp, long timeout)
699 spin_unlock_bh(&pool->sp_lock); 699 spin_unlock_bh(&pool->sp_lock);
700 700
701 len = 0; 701 len = 0;
702 if (test_bit(XPT_LISTENER, &xprt->xpt_flags)) { 702 if (test_bit(XPT_LISTENER, &xprt->xpt_flags) &&
703 !test_bit(XPT_CLOSE, &xprt->xpt_flags)) {
703 struct svc_xprt *newxpt; 704 struct svc_xprt *newxpt;
704 newxpt = xprt->xpt_ops->xpo_accept(xprt); 705 newxpt = xprt->xpt_ops->xpo_accept(xprt);
705 if (newxpt) { 706 if (newxpt) {
diff --git a/net/wireless/core.c b/net/wireless/core.c
index c2a2c563d21a..92b812442488 100644
--- a/net/wireless/core.c
+++ b/net/wireless/core.c
@@ -745,9 +745,9 @@ static int cfg80211_netdev_notifier_call(struct notifier_block * nb,
745 mutex_unlock(&rdev->devlist_mtx); 745 mutex_unlock(&rdev->devlist_mtx);
746 dev_put(dev); 746 dev_put(dev);
747 } 747 }
748#ifdef CONFIG_CFG80211_WEXT
749 cfg80211_lock_rdev(rdev); 748 cfg80211_lock_rdev(rdev);
750 mutex_lock(&rdev->devlist_mtx); 749 mutex_lock(&rdev->devlist_mtx);
750#ifdef CONFIG_CFG80211_WEXT
751 wdev_lock(wdev); 751 wdev_lock(wdev);
752 switch (wdev->iftype) { 752 switch (wdev->iftype) {
753 case NL80211_IFTYPE_ADHOC: 753 case NL80211_IFTYPE_ADHOC:
@@ -760,10 +760,10 @@ static int cfg80211_netdev_notifier_call(struct notifier_block * nb,
760 break; 760 break;
761 } 761 }
762 wdev_unlock(wdev); 762 wdev_unlock(wdev);
763#endif
763 rdev->opencount++; 764 rdev->opencount++;
764 mutex_unlock(&rdev->devlist_mtx); 765 mutex_unlock(&rdev->devlist_mtx);
765 cfg80211_unlock_rdev(rdev); 766 cfg80211_unlock_rdev(rdev);
766#endif
767 break; 767 break;
768 case NETDEV_UNREGISTER: 768 case NETDEV_UNREGISTER:
769 /* 769 /*
diff --git a/net/wireless/mlme.c b/net/wireless/mlme.c
index 1001db4912f7..82e6002c8d67 100644
--- a/net/wireless/mlme.c
+++ b/net/wireless/mlme.c
@@ -93,7 +93,18 @@ void cfg80211_send_rx_assoc(struct net_device *dev, const u8 *buf, size_t len)
93 } 93 }
94 } 94 }
95 95
96 WARN_ON(!bss); 96 /*
97 * We might be coming here because the driver reported
98 * a successful association at the same time as the
99 * user requested a deauth. In that case, we will have
100 * removed the BSS from the auth_bsses list due to the
101 * deauth request when the assoc response makes it. If
102 * the two code paths acquire the lock the other way
103 * around, that's just the standard situation of a
104 * deauth being requested while connected.
105 */
106 if (!bss)
107 goto out;
97 } else if (wdev->conn) { 108 } else if (wdev->conn) {
98 cfg80211_sme_failed_assoc(wdev); 109 cfg80211_sme_failed_assoc(wdev);
99 /* 110 /*
diff --git a/net/wireless/reg.c b/net/wireless/reg.c
index baa898add287..7a0754c92df4 100644
--- a/net/wireless/reg.c
+++ b/net/wireless/reg.c
@@ -1690,7 +1690,7 @@ int regulatory_hint_user(const char *alpha2)
1690 request->wiphy_idx = WIPHY_IDX_STALE; 1690 request->wiphy_idx = WIPHY_IDX_STALE;
1691 request->alpha2[0] = alpha2[0]; 1691 request->alpha2[0] = alpha2[0];
1692 request->alpha2[1] = alpha2[1]; 1692 request->alpha2[1] = alpha2[1];
1693 request->initiator = NL80211_REGDOM_SET_BY_USER, 1693 request->initiator = NL80211_REGDOM_SET_BY_USER;
1694 1694
1695 queue_regulatory_request(request); 1695 queue_regulatory_request(request);
1696 1696
diff --git a/net/wireless/scan.c b/net/wireless/scan.c
index 12dfa62aad18..0c2cbbebca95 100644
--- a/net/wireless/scan.c
+++ b/net/wireless/scan.c
@@ -601,7 +601,7 @@ int cfg80211_wext_siwscan(struct net_device *dev,
601 struct cfg80211_registered_device *rdev; 601 struct cfg80211_registered_device *rdev;
602 struct wiphy *wiphy; 602 struct wiphy *wiphy;
603 struct iw_scan_req *wreq = NULL; 603 struct iw_scan_req *wreq = NULL;
604 struct cfg80211_scan_request *creq; 604 struct cfg80211_scan_request *creq = NULL;
605 int i, err, n_channels = 0; 605 int i, err, n_channels = 0;
606 enum ieee80211_band band; 606 enum ieee80211_band band;
607 607
@@ -694,8 +694,10 @@ int cfg80211_wext_siwscan(struct net_device *dev,
694 /* translate "Scan for SSID" request */ 694 /* translate "Scan for SSID" request */
695 if (wreq) { 695 if (wreq) {
696 if (wrqu->data.flags & IW_SCAN_THIS_ESSID) { 696 if (wrqu->data.flags & IW_SCAN_THIS_ESSID) {
697 if (wreq->essid_len > IEEE80211_MAX_SSID_LEN) 697 if (wreq->essid_len > IEEE80211_MAX_SSID_LEN) {
698 return -EINVAL; 698 err = -EINVAL;
699 goto out;
700 }
699 memcpy(creq->ssids[0].ssid, wreq->essid, wreq->essid_len); 701 memcpy(creq->ssids[0].ssid, wreq->essid, wreq->essid_len);
700 creq->ssids[0].ssid_len = wreq->essid_len; 702 creq->ssids[0].ssid_len = wreq->essid_len;
701 } 703 }
@@ -707,12 +709,15 @@ int cfg80211_wext_siwscan(struct net_device *dev,
707 err = rdev->ops->scan(wiphy, dev, creq); 709 err = rdev->ops->scan(wiphy, dev, creq);
708 if (err) { 710 if (err) {
709 rdev->scan_req = NULL; 711 rdev->scan_req = NULL;
710 kfree(creq); 712 /* creq will be freed below */
711 } else { 713 } else {
712 nl80211_send_scan_start(rdev, dev); 714 nl80211_send_scan_start(rdev, dev);
715 /* creq now owned by driver */
716 creq = NULL;
713 dev_hold(dev); 717 dev_hold(dev);
714 } 718 }
715 out: 719 out:
720 kfree(creq);
716 cfg80211_unlock_rdev(rdev); 721 cfg80211_unlock_rdev(rdev);
717 return err; 722 return err;
718} 723}
diff --git a/net/wireless/sme.c b/net/wireless/sme.c
index 2333d78187e4..dc0fc4989d54 100644
--- a/net/wireless/sme.c
+++ b/net/wireless/sme.c
@@ -655,6 +655,7 @@ void __cfg80211_disconnected(struct net_device *dev, const u8 *ie,
655 memset(&wrqu, 0, sizeof(wrqu)); 655 memset(&wrqu, 0, sizeof(wrqu));
656 wrqu.ap_addr.sa_family = ARPHRD_ETHER; 656 wrqu.ap_addr.sa_family = ARPHRD_ETHER;
657 wireless_send_event(dev, SIOCGIWAP, &wrqu, NULL); 657 wireless_send_event(dev, SIOCGIWAP, &wrqu, NULL);
658 wdev->wext.connect.ssid_len = 0;
658#endif 659#endif
659} 660}
660 661
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index cb81ca35b0d6..0ecb16a9a883 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -469,16 +469,16 @@ static inline int xfrm_byidx_should_resize(struct net *net, int total)
469 return 0; 469 return 0;
470} 470}
471 471
472void xfrm_spd_getinfo(struct xfrmk_spdinfo *si) 472void xfrm_spd_getinfo(struct net *net, struct xfrmk_spdinfo *si)
473{ 473{
474 read_lock_bh(&xfrm_policy_lock); 474 read_lock_bh(&xfrm_policy_lock);
475 si->incnt = init_net.xfrm.policy_count[XFRM_POLICY_IN]; 475 si->incnt = net->xfrm.policy_count[XFRM_POLICY_IN];
476 si->outcnt = init_net.xfrm.policy_count[XFRM_POLICY_OUT]; 476 si->outcnt = net->xfrm.policy_count[XFRM_POLICY_OUT];
477 si->fwdcnt = init_net.xfrm.policy_count[XFRM_POLICY_FWD]; 477 si->fwdcnt = net->xfrm.policy_count[XFRM_POLICY_FWD];
478 si->inscnt = init_net.xfrm.policy_count[XFRM_POLICY_IN+XFRM_POLICY_MAX]; 478 si->inscnt = net->xfrm.policy_count[XFRM_POLICY_IN+XFRM_POLICY_MAX];
479 si->outscnt = init_net.xfrm.policy_count[XFRM_POLICY_OUT+XFRM_POLICY_MAX]; 479 si->outscnt = net->xfrm.policy_count[XFRM_POLICY_OUT+XFRM_POLICY_MAX];
480 si->fwdscnt = init_net.xfrm.policy_count[XFRM_POLICY_FWD+XFRM_POLICY_MAX]; 480 si->fwdscnt = net->xfrm.policy_count[XFRM_POLICY_FWD+XFRM_POLICY_MAX];
481 si->spdhcnt = init_net.xfrm.policy_idx_hmask; 481 si->spdhcnt = net->xfrm.policy_idx_hmask;
482 si->spdhmcnt = xfrm_policy_hashmax; 482 si->spdhmcnt = xfrm_policy_hashmax;
483 read_unlock_bh(&xfrm_policy_lock); 483 read_unlock_bh(&xfrm_policy_lock);
484} 484}
@@ -1309,15 +1309,28 @@ static inline int xfrm_get_tos(struct flowi *fl, int family)
1309 return tos; 1309 return tos;
1310} 1310}
1311 1311
1312static inline struct xfrm_dst *xfrm_alloc_dst(int family) 1312static inline struct xfrm_dst *xfrm_alloc_dst(struct net *net, int family)
1313{ 1313{
1314 struct xfrm_policy_afinfo *afinfo = xfrm_policy_get_afinfo(family); 1314 struct xfrm_policy_afinfo *afinfo = xfrm_policy_get_afinfo(family);
1315 struct dst_ops *dst_ops;
1315 struct xfrm_dst *xdst; 1316 struct xfrm_dst *xdst;
1316 1317
1317 if (!afinfo) 1318 if (!afinfo)
1318 return ERR_PTR(-EINVAL); 1319 return ERR_PTR(-EINVAL);
1319 1320
1320 xdst = dst_alloc(afinfo->dst_ops) ?: ERR_PTR(-ENOBUFS); 1321 switch (family) {
1322 case AF_INET:
1323 dst_ops = &net->xfrm.xfrm4_dst_ops;
1324 break;
1325#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
1326 case AF_INET6:
1327 dst_ops = &net->xfrm.xfrm6_dst_ops;
1328 break;
1329#endif
1330 default:
1331 BUG();
1332 }
1333 xdst = dst_alloc(dst_ops) ?: ERR_PTR(-ENOBUFS);
1321 1334
1322 xfrm_policy_put_afinfo(afinfo); 1335 xfrm_policy_put_afinfo(afinfo);
1323 1336
@@ -1366,6 +1379,7 @@ static struct dst_entry *xfrm_bundle_create(struct xfrm_policy *policy,
1366 struct flowi *fl, 1379 struct flowi *fl,
1367 struct dst_entry *dst) 1380 struct dst_entry *dst)
1368{ 1381{
1382 struct net *net = xp_net(policy);
1369 unsigned long now = jiffies; 1383 unsigned long now = jiffies;
1370 struct net_device *dev; 1384 struct net_device *dev;
1371 struct dst_entry *dst_prev = NULL; 1385 struct dst_entry *dst_prev = NULL;
@@ -1389,7 +1403,7 @@ static struct dst_entry *xfrm_bundle_create(struct xfrm_policy *policy,
1389 dst_hold(dst); 1403 dst_hold(dst);
1390 1404
1391 for (; i < nx; i++) { 1405 for (; i < nx; i++) {
1392 struct xfrm_dst *xdst = xfrm_alloc_dst(family); 1406 struct xfrm_dst *xdst = xfrm_alloc_dst(net, family);
1393 struct dst_entry *dst1 = &xdst->u.dst; 1407 struct dst_entry *dst1 = &xdst->u.dst;
1394 1408
1395 err = PTR_ERR(xdst); 1409 err = PTR_ERR(xdst);
@@ -1445,7 +1459,7 @@ static struct dst_entry *xfrm_bundle_create(struct xfrm_policy *policy,
1445 if (!dev) 1459 if (!dev)
1446 goto free_dst; 1460 goto free_dst;
1447 1461
1448 /* Copy neighbout for reachability confirmation */ 1462 /* Copy neighbour for reachability confirmation */
1449 dst0->neighbour = neigh_clone(dst->neighbour); 1463 dst0->neighbour = neigh_clone(dst->neighbour);
1450 1464
1451 xfrm_init_path((struct xfrm_dst *)dst0, dst, nfheader_len); 1465 xfrm_init_path((struct xfrm_dst *)dst0, dst, nfheader_len);
@@ -2279,6 +2293,7 @@ EXPORT_SYMBOL(xfrm_bundle_ok);
2279 2293
2280int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo) 2294int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo)
2281{ 2295{
2296 struct net *net;
2282 int err = 0; 2297 int err = 0;
2283 if (unlikely(afinfo == NULL)) 2298 if (unlikely(afinfo == NULL))
2284 return -EINVAL; 2299 return -EINVAL;
@@ -2302,6 +2317,27 @@ int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo)
2302 xfrm_policy_afinfo[afinfo->family] = afinfo; 2317 xfrm_policy_afinfo[afinfo->family] = afinfo;
2303 } 2318 }
2304 write_unlock_bh(&xfrm_policy_afinfo_lock); 2319 write_unlock_bh(&xfrm_policy_afinfo_lock);
2320
2321 rtnl_lock();
2322 for_each_net(net) {
2323 struct dst_ops *xfrm_dst_ops;
2324
2325 switch (afinfo->family) {
2326 case AF_INET:
2327 xfrm_dst_ops = &net->xfrm.xfrm4_dst_ops;
2328 break;
2329#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
2330 case AF_INET6:
2331 xfrm_dst_ops = &net->xfrm.xfrm6_dst_ops;
2332 break;
2333#endif
2334 default:
2335 BUG();
2336 }
2337 *xfrm_dst_ops = *afinfo->dst_ops;
2338 }
2339 rtnl_unlock();
2340
2305 return err; 2341 return err;
2306} 2342}
2307EXPORT_SYMBOL(xfrm_policy_register_afinfo); 2343EXPORT_SYMBOL(xfrm_policy_register_afinfo);
@@ -2332,6 +2368,22 @@ int xfrm_policy_unregister_afinfo(struct xfrm_policy_afinfo *afinfo)
2332} 2368}
2333EXPORT_SYMBOL(xfrm_policy_unregister_afinfo); 2369EXPORT_SYMBOL(xfrm_policy_unregister_afinfo);
2334 2370
2371static void __net_init xfrm_dst_ops_init(struct net *net)
2372{
2373 struct xfrm_policy_afinfo *afinfo;
2374
2375 read_lock_bh(&xfrm_policy_afinfo_lock);
2376 afinfo = xfrm_policy_afinfo[AF_INET];
2377 if (afinfo)
2378 net->xfrm.xfrm4_dst_ops = *afinfo->dst_ops;
2379#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
2380 afinfo = xfrm_policy_afinfo[AF_INET6];
2381 if (afinfo)
2382 net->xfrm.xfrm6_dst_ops = *afinfo->dst_ops;
2383#endif
2384 read_unlock_bh(&xfrm_policy_afinfo_lock);
2385}
2386
2335static struct xfrm_policy_afinfo *xfrm_policy_get_afinfo(unsigned short family) 2387static struct xfrm_policy_afinfo *xfrm_policy_get_afinfo(unsigned short family)
2336{ 2388{
2337 struct xfrm_policy_afinfo *afinfo; 2389 struct xfrm_policy_afinfo *afinfo;
@@ -2494,6 +2546,7 @@ static int __net_init xfrm_net_init(struct net *net)
2494 rv = xfrm_policy_init(net); 2546 rv = xfrm_policy_init(net);
2495 if (rv < 0) 2547 if (rv < 0)
2496 goto out_policy; 2548 goto out_policy;
2549 xfrm_dst_ops_init(net);
2497 rv = xfrm_sysctl_init(net); 2550 rv = xfrm_sysctl_init(net);
2498 if (rv < 0) 2551 if (rv < 0)
2499 goto out_sysctl; 2552 goto out_sysctl;
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index d847f1a52b44..f445ea1c5f52 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -641,11 +641,11 @@ out:
641} 641}
642EXPORT_SYMBOL(xfrm_state_flush); 642EXPORT_SYMBOL(xfrm_state_flush);
643 643
644void xfrm_sad_getinfo(struct xfrmk_sadinfo *si) 644void xfrm_sad_getinfo(struct net *net, struct xfrmk_sadinfo *si)
645{ 645{
646 spin_lock_bh(&xfrm_state_lock); 646 spin_lock_bh(&xfrm_state_lock);
647 si->sadcnt = init_net.xfrm.state_num; 647 si->sadcnt = net->xfrm.state_num;
648 si->sadhcnt = init_net.xfrm.state_hmask; 648 si->sadhcnt = net->xfrm.state_hmask;
649 si->sadhmcnt = xfrm_state_hashmax; 649 si->sadhmcnt = xfrm_state_hashmax;
650 spin_unlock_bh(&xfrm_state_lock); 650 spin_unlock_bh(&xfrm_state_lock);
651} 651}
@@ -1102,7 +1102,7 @@ static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig, int *errp)
1102 int err = -ENOMEM; 1102 int err = -ENOMEM;
1103 struct xfrm_state *x = xfrm_state_alloc(net); 1103 struct xfrm_state *x = xfrm_state_alloc(net);
1104 if (!x) 1104 if (!x)
1105 goto error; 1105 goto out;
1106 1106
1107 memcpy(&x->id, &orig->id, sizeof(x->id)); 1107 memcpy(&x->id, &orig->id, sizeof(x->id));
1108 memcpy(&x->sel, &orig->sel, sizeof(x->sel)); 1108 memcpy(&x->sel, &orig->sel, sizeof(x->sel));
@@ -1160,16 +1160,10 @@ static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig, int *errp)
1160 return x; 1160 return x;
1161 1161
1162 error: 1162 error:
1163 xfrm_state_put(x);
1164out:
1163 if (errp) 1165 if (errp)
1164 *errp = err; 1166 *errp = err;
1165 if (x) {
1166 kfree(x->aalg);
1167 kfree(x->ealg);
1168 kfree(x->calg);
1169 kfree(x->encap);
1170 kfree(x->coaddr);
1171 }
1172 kfree(x);
1173 return NULL; 1167 return NULL;
1174} 1168}
1175 1169
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 1ada6186933c..d5a712976004 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -781,7 +781,8 @@ static inline size_t xfrm_spdinfo_msgsize(void)
781 + nla_total_size(sizeof(struct xfrmu_spdhinfo)); 781 + nla_total_size(sizeof(struct xfrmu_spdhinfo));
782} 782}
783 783
784static int build_spdinfo(struct sk_buff *skb, u32 pid, u32 seq, u32 flags) 784static int build_spdinfo(struct sk_buff *skb, struct net *net,
785 u32 pid, u32 seq, u32 flags)
785{ 786{
786 struct xfrmk_spdinfo si; 787 struct xfrmk_spdinfo si;
787 struct xfrmu_spdinfo spc; 788 struct xfrmu_spdinfo spc;
@@ -795,7 +796,7 @@ static int build_spdinfo(struct sk_buff *skb, u32 pid, u32 seq, u32 flags)
795 796
796 f = nlmsg_data(nlh); 797 f = nlmsg_data(nlh);
797 *f = flags; 798 *f = flags;
798 xfrm_spd_getinfo(&si); 799 xfrm_spd_getinfo(net, &si);
799 spc.incnt = si.incnt; 800 spc.incnt = si.incnt;
800 spc.outcnt = si.outcnt; 801 spc.outcnt = si.outcnt;
801 spc.fwdcnt = si.fwdcnt; 802 spc.fwdcnt = si.fwdcnt;
@@ -828,7 +829,7 @@ static int xfrm_get_spdinfo(struct sk_buff *skb, struct nlmsghdr *nlh,
828 if (r_skb == NULL) 829 if (r_skb == NULL)
829 return -ENOMEM; 830 return -ENOMEM;
830 831
831 if (build_spdinfo(r_skb, spid, seq, *flags) < 0) 832 if (build_spdinfo(r_skb, net, spid, seq, *flags) < 0)
832 BUG(); 833 BUG();
833 834
834 return nlmsg_unicast(net->xfrm.nlsk, r_skb, spid); 835 return nlmsg_unicast(net->xfrm.nlsk, r_skb, spid);
@@ -841,7 +842,8 @@ static inline size_t xfrm_sadinfo_msgsize(void)
841 + nla_total_size(4); /* XFRMA_SAD_CNT */ 842 + nla_total_size(4); /* XFRMA_SAD_CNT */
842} 843}
843 844
844static int build_sadinfo(struct sk_buff *skb, u32 pid, u32 seq, u32 flags) 845static int build_sadinfo(struct sk_buff *skb, struct net *net,
846 u32 pid, u32 seq, u32 flags)
845{ 847{
846 struct xfrmk_sadinfo si; 848 struct xfrmk_sadinfo si;
847 struct xfrmu_sadhinfo sh; 849 struct xfrmu_sadhinfo sh;
@@ -854,7 +856,7 @@ static int build_sadinfo(struct sk_buff *skb, u32 pid, u32 seq, u32 flags)
854 856
855 f = nlmsg_data(nlh); 857 f = nlmsg_data(nlh);
856 *f = flags; 858 *f = flags;
857 xfrm_sad_getinfo(&si); 859 xfrm_sad_getinfo(net, &si);
858 860
859 sh.sadhmcnt = si.sadhmcnt; 861 sh.sadhmcnt = si.sadhmcnt;
860 sh.sadhcnt = si.sadhcnt; 862 sh.sadhcnt = si.sadhcnt;
@@ -882,7 +884,7 @@ static int xfrm_get_sadinfo(struct sk_buff *skb, struct nlmsghdr *nlh,
882 if (r_skb == NULL) 884 if (r_skb == NULL)
883 return -ENOMEM; 885 return -ENOMEM;
884 886
885 if (build_sadinfo(r_skb, spid, seq, *flags) < 0) 887 if (build_sadinfo(r_skb, net, spid, seq, *flags) < 0)
886 BUG(); 888 BUG();
887 889
888 return nlmsg_unicast(net->xfrm.nlsk, r_skb, spid); 890 return nlmsg_unicast(net->xfrm.nlsk, r_skb, spid);