aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorTakashi Iwai <tiwai@suse.de>2014-03-11 02:50:33 -0400
committerTakashi Iwai <tiwai@suse.de>2014-03-11 02:50:33 -0400
commit5e3a227a64a1c9add0a4091989ef490342f716cf (patch)
treeeb3394fc6b58ac26caaacca4f1e3c2e55aac057f /net
parent9b745ab897199c2af9f21ca9681ef86d5b971002 (diff)
parent7f35afd44b14a39307757629ebc0a199aade52d9 (diff)
Merge tag 'asoc-v3.14-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus
ASoC: Fixes for v3.14 A few things here: - Avoid memory leaks in error cases with DPCM, this code has never been that well tested in mainline due to the lack of mainline drivers but we now have one queued for the merge window! - Fix the N810 audio driver to load when booted with DT since the platform was converted to DT during the merge window. - Fixes for initialisation of some MFD drivers that are probably unused in mainline
Diffstat (limited to 'net')
-rw-r--r--net/batman-adv/bat_iv_ogm.c30
-rw-r--r--net/batman-adv/hard-interface.c22
-rw-r--r--net/batman-adv/originator.c36
-rw-r--r--net/batman-adv/originator.h4
-rw-r--r--net/batman-adv/routing.c4
-rw-r--r--net/batman-adv/send.c9
-rw-r--r--net/batman-adv/translation-table.c23
-rw-r--r--net/bluetooth/hidp/core.c16
-rw-r--r--net/bluetooth/hidp/hidp.h4
-rw-r--r--net/can/raw.c26
-rw-r--r--net/core/dev.c22
-rw-r--r--net/core/flow_dissector.c20
-rw-r--r--net/core/neighbour.c8
-rw-r--r--net/core/rtnetlink.c19
-rw-r--r--net/core/skbuff.c3
-rw-r--r--net/dccp/ccids/lib/tfrc.c2
-rw-r--r--net/dccp/ccids/lib/tfrc.h1
-rw-r--r--net/hsr/hsr_framereg.c2
-rw-r--r--net/ipv4/af_inet.c7
-rw-r--r--net/ipv4/ip_forward.c71
-rw-r--r--net/ipv4/ip_output.c3
-rw-r--r--net/ipv4/ip_tunnel.c53
-rw-r--r--net/ipv4/ip_tunnel_core.c47
-rw-r--r--net/ipv4/ipconfig.c2
-rw-r--r--net/ipv4/netfilter/nf_nat_snmp_basic.c4
-rw-r--r--net/ipv4/route.c13
-rw-r--r--net/ipv4/tcp.c8
-rw-r--r--net/ipv4/tcp_cong.c3
-rw-r--r--net/ipv4/tcp_input.c3
-rw-r--r--net/ipv4/tcp_output.c22
-rw-r--r--net/ipv6/Kconfig1
-rw-r--r--net/ipv6/addrconf.c2
-rw-r--r--net/ipv6/exthdrs_core.c2
-rw-r--r--net/ipv6/ip6_offload.c20
-rw-r--r--net/ipv6/ip6_output.c20
-rw-r--r--net/ipv6/ping.c1
-rw-r--r--net/ipv6/sit.c19
-rw-r--r--net/ipv6/udp_offload.c2
-rw-r--r--net/mac80211/ieee80211_i.h10
-rw-r--r--net/mac80211/iface.c6
-rw-r--r--net/mac80211/mlme.c24
-rw-r--r--net/mac80211/rx.c7
-rw-r--r--net/mac80211/sta_info.c66
-rw-r--r--net/mac80211/sta_info.h7
-rw-r--r--net/mac80211/tx.c15
-rw-r--r--net/mac80211/util.c48
-rw-r--r--net/mac80211/wme.c5
-rw-r--r--net/netfilter/nf_conntrack_netlink.c35
-rw-r--r--net/netfilter/nf_nat_core.c56
-rw-r--r--net/netfilter/nft_meta.c4
-rw-r--r--net/netfilter/nft_payload.c3
-rw-r--r--net/netfilter/nft_reject_inet.c4
-rw-r--r--net/netlink/af_netlink.c4
-rw-r--r--net/nfc/nci/core.c2
-rw-r--r--net/packet/af_packet.c26
-rw-r--r--net/sched/sch_pie.c21
-rw-r--r--net/sched/sch_tbf.c24
-rw-r--r--net/sctp/associola.c211
-rw-r--r--net/sctp/sm_sideeffect.c7
-rw-r--r--net/sctp/sm_statefuns.c9
-rw-r--r--net/sctp/socket.c47
-rw-r--r--net/sctp/sysctl.c18
-rw-r--r--net/sctp/ulpevent.c8
-rw-r--r--net/sunrpc/auth_gss/auth_gss.c19
-rw-r--r--net/sunrpc/backchannel_rqst.c6
-rw-r--r--net/sunrpc/xprtsock.c6
-rw-r--r--net/tipc/bearer.c7
-rw-r--r--net/tipc/config.c2
-rw-r--r--net/tipc/core.c109
-rw-r--r--net/tipc/core.h2
-rw-r--r--net/tipc/link.c7
-rw-r--r--net/tipc/name_table.c3
-rw-r--r--net/tipc/netlink.c8
-rw-r--r--net/tipc/ref.c3
-rw-r--r--net/tipc/server.c5
-rw-r--r--net/tipc/server.h2
-rw-r--r--net/tipc/socket.c8
-rw-r--r--net/wireless/reg.c12
-rw-r--r--net/xfrm/xfrm_policy.c2
-rw-r--r--net/xfrm/xfrm_state.c23
-rw-r--r--net/xfrm/xfrm_user.c5
81 files changed, 887 insertions, 563 deletions
diff --git a/net/batman-adv/bat_iv_ogm.c b/net/batman-adv/bat_iv_ogm.c
index 512159bf607f..8323bced8e5b 100644
--- a/net/batman-adv/bat_iv_ogm.c
+++ b/net/batman-adv/bat_iv_ogm.c
@@ -241,19 +241,19 @@ batadv_iv_ogm_orig_get(struct batadv_priv *bat_priv, const uint8_t *addr)
241 size = bat_priv->num_ifaces * sizeof(uint8_t); 241 size = bat_priv->num_ifaces * sizeof(uint8_t);
242 orig_node->bat_iv.bcast_own_sum = kzalloc(size, GFP_ATOMIC); 242 orig_node->bat_iv.bcast_own_sum = kzalloc(size, GFP_ATOMIC);
243 if (!orig_node->bat_iv.bcast_own_sum) 243 if (!orig_node->bat_iv.bcast_own_sum)
244 goto free_bcast_own; 244 goto free_orig_node;
245 245
246 hash_added = batadv_hash_add(bat_priv->orig_hash, batadv_compare_orig, 246 hash_added = batadv_hash_add(bat_priv->orig_hash, batadv_compare_orig,
247 batadv_choose_orig, orig_node, 247 batadv_choose_orig, orig_node,
248 &orig_node->hash_entry); 248 &orig_node->hash_entry);
249 if (hash_added != 0) 249 if (hash_added != 0)
250 goto free_bcast_own; 250 goto free_orig_node;
251 251
252 return orig_node; 252 return orig_node;
253 253
254free_bcast_own:
255 kfree(orig_node->bat_iv.bcast_own);
256free_orig_node: 254free_orig_node:
255 /* free twice, as batadv_orig_node_new sets refcount to 2 */
256 batadv_orig_node_free_ref(orig_node);
257 batadv_orig_node_free_ref(orig_node); 257 batadv_orig_node_free_ref(orig_node);
258 258
259 return NULL; 259 return NULL;
@@ -266,7 +266,7 @@ batadv_iv_ogm_neigh_new(struct batadv_hard_iface *hard_iface,
266 struct batadv_orig_node *orig_neigh) 266 struct batadv_orig_node *orig_neigh)
267{ 267{
268 struct batadv_priv *bat_priv = netdev_priv(hard_iface->soft_iface); 268 struct batadv_priv *bat_priv = netdev_priv(hard_iface->soft_iface);
269 struct batadv_neigh_node *neigh_node; 269 struct batadv_neigh_node *neigh_node, *tmp_neigh_node;
270 270
271 neigh_node = batadv_neigh_node_new(hard_iface, neigh_addr, orig_node); 271 neigh_node = batadv_neigh_node_new(hard_iface, neigh_addr, orig_node);
272 if (!neigh_node) 272 if (!neigh_node)
@@ -281,14 +281,24 @@ batadv_iv_ogm_neigh_new(struct batadv_hard_iface *hard_iface,
281 neigh_node->orig_node = orig_neigh; 281 neigh_node->orig_node = orig_neigh;
282 neigh_node->if_incoming = hard_iface; 282 neigh_node->if_incoming = hard_iface;
283 283
284 batadv_dbg(BATADV_DBG_BATMAN, bat_priv,
285 "Creating new neighbor %pM for orig_node %pM on interface %s\n",
286 neigh_addr, orig_node->orig, hard_iface->net_dev->name);
287
288 spin_lock_bh(&orig_node->neigh_list_lock); 284 spin_lock_bh(&orig_node->neigh_list_lock);
289 hlist_add_head_rcu(&neigh_node->list, &orig_node->neigh_list); 285 tmp_neigh_node = batadv_neigh_node_get(orig_node, hard_iface,
286 neigh_addr);
287 if (!tmp_neigh_node) {
288 hlist_add_head_rcu(&neigh_node->list, &orig_node->neigh_list);
289 } else {
290 kfree(neigh_node);
291 batadv_hardif_free_ref(hard_iface);
292 neigh_node = tmp_neigh_node;
293 }
290 spin_unlock_bh(&orig_node->neigh_list_lock); 294 spin_unlock_bh(&orig_node->neigh_list_lock);
291 295
296 if (!tmp_neigh_node)
297 batadv_dbg(BATADV_DBG_BATMAN, bat_priv,
298 "Creating new neighbor %pM for orig_node %pM on interface %s\n",
299 neigh_addr, orig_node->orig,
300 hard_iface->net_dev->name);
301
292out: 302out:
293 return neigh_node; 303 return neigh_node;
294} 304}
diff --git a/net/batman-adv/hard-interface.c b/net/batman-adv/hard-interface.c
index 3d417d3641c6..b851cc580853 100644
--- a/net/batman-adv/hard-interface.c
+++ b/net/batman-adv/hard-interface.c
@@ -241,7 +241,7 @@ int batadv_hardif_min_mtu(struct net_device *soft_iface)
241{ 241{
242 struct batadv_priv *bat_priv = netdev_priv(soft_iface); 242 struct batadv_priv *bat_priv = netdev_priv(soft_iface);
243 const struct batadv_hard_iface *hard_iface; 243 const struct batadv_hard_iface *hard_iface;
244 int min_mtu = ETH_DATA_LEN; 244 int min_mtu = INT_MAX;
245 245
246 rcu_read_lock(); 246 rcu_read_lock();
247 list_for_each_entry_rcu(hard_iface, &batadv_hardif_list, list) { 247 list_for_each_entry_rcu(hard_iface, &batadv_hardif_list, list) {
@@ -256,8 +256,6 @@ int batadv_hardif_min_mtu(struct net_device *soft_iface)
256 } 256 }
257 rcu_read_unlock(); 257 rcu_read_unlock();
258 258
259 atomic_set(&bat_priv->packet_size_max, min_mtu);
260
261 if (atomic_read(&bat_priv->fragmentation) == 0) 259 if (atomic_read(&bat_priv->fragmentation) == 0)
262 goto out; 260 goto out;
263 261
@@ -268,13 +266,21 @@ int batadv_hardif_min_mtu(struct net_device *soft_iface)
268 min_mtu = min_t(int, min_mtu, BATADV_FRAG_MAX_FRAG_SIZE); 266 min_mtu = min_t(int, min_mtu, BATADV_FRAG_MAX_FRAG_SIZE);
269 min_mtu -= sizeof(struct batadv_frag_packet); 267 min_mtu -= sizeof(struct batadv_frag_packet);
270 min_mtu *= BATADV_FRAG_MAX_FRAGMENTS; 268 min_mtu *= BATADV_FRAG_MAX_FRAGMENTS;
271 atomic_set(&bat_priv->packet_size_max, min_mtu);
272
273 /* with fragmentation enabled we can fragment external packets easily */
274 min_mtu = min_t(int, min_mtu, ETH_DATA_LEN);
275 269
276out: 270out:
277 return min_mtu - batadv_max_header_len(); 271 /* report to the other components the maximum amount of bytes that
272 * batman-adv can send over the wire (without considering the payload
273 * overhead). For example, this value is used by TT to compute the
274 * maximum local table table size
275 */
276 atomic_set(&bat_priv->packet_size_max, min_mtu);
277
278 /* the real soft-interface MTU is computed by removing the payload
279 * overhead from the maximum amount of bytes that was just computed.
280 *
281 * However batman-adv does not support MTUs bigger than ETH_DATA_LEN
282 */
283 return min_t(int, min_mtu - batadv_max_header_len(), ETH_DATA_LEN);
278} 284}
279 285
280/* adjusts the MTU if a new interface with a smaller MTU appeared. */ 286/* adjusts the MTU if a new interface with a smaller MTU appeared. */
diff --git a/net/batman-adv/originator.c b/net/batman-adv/originator.c
index 6df12a2e3605..853941629dc1 100644
--- a/net/batman-adv/originator.c
+++ b/net/batman-adv/originator.c
@@ -458,6 +458,42 @@ out:
458} 458}
459 459
460/** 460/**
461 * batadv_neigh_node_get - retrieve a neighbour from the list
462 * @orig_node: originator which the neighbour belongs to
463 * @hard_iface: the interface where this neighbour is connected to
464 * @addr: the address of the neighbour
465 *
466 * Looks for and possibly returns a neighbour belonging to this originator list
467 * which is connected through the provided hard interface.
468 * Returns NULL if the neighbour is not found.
469 */
470struct batadv_neigh_node *
471batadv_neigh_node_get(const struct batadv_orig_node *orig_node,
472 const struct batadv_hard_iface *hard_iface,
473 const uint8_t *addr)
474{
475 struct batadv_neigh_node *tmp_neigh_node, *res = NULL;
476
477 rcu_read_lock();
478 hlist_for_each_entry_rcu(tmp_neigh_node, &orig_node->neigh_list, list) {
479 if (!batadv_compare_eth(tmp_neigh_node->addr, addr))
480 continue;
481
482 if (tmp_neigh_node->if_incoming != hard_iface)
483 continue;
484
485 if (!atomic_inc_not_zero(&tmp_neigh_node->refcount))
486 continue;
487
488 res = tmp_neigh_node;
489 break;
490 }
491 rcu_read_unlock();
492
493 return res;
494}
495
496/**
461 * batadv_orig_ifinfo_free_rcu - free the orig_ifinfo object 497 * batadv_orig_ifinfo_free_rcu - free the orig_ifinfo object
462 * @rcu: rcu pointer of the orig_ifinfo object 498 * @rcu: rcu pointer of the orig_ifinfo object
463 */ 499 */
diff --git a/net/batman-adv/originator.h b/net/batman-adv/originator.h
index 37be290f63f6..db3a9ed734cb 100644
--- a/net/batman-adv/originator.h
+++ b/net/batman-adv/originator.h
@@ -29,6 +29,10 @@ void batadv_orig_node_free_ref_now(struct batadv_orig_node *orig_node);
29struct batadv_orig_node *batadv_orig_node_new(struct batadv_priv *bat_priv, 29struct batadv_orig_node *batadv_orig_node_new(struct batadv_priv *bat_priv,
30 const uint8_t *addr); 30 const uint8_t *addr);
31struct batadv_neigh_node * 31struct batadv_neigh_node *
32batadv_neigh_node_get(const struct batadv_orig_node *orig_node,
33 const struct batadv_hard_iface *hard_iface,
34 const uint8_t *addr);
35struct batadv_neigh_node *
32batadv_neigh_node_new(struct batadv_hard_iface *hard_iface, 36batadv_neigh_node_new(struct batadv_hard_iface *hard_iface,
33 const uint8_t *neigh_addr, 37 const uint8_t *neigh_addr,
34 struct batadv_orig_node *orig_node); 38 struct batadv_orig_node *orig_node);
diff --git a/net/batman-adv/routing.c b/net/batman-adv/routing.c
index 1ed9f7c9ecea..a953d5b196a3 100644
--- a/net/batman-adv/routing.c
+++ b/net/batman-adv/routing.c
@@ -688,7 +688,7 @@ static int batadv_check_unicast_ttvn(struct batadv_priv *bat_priv,
688 int is_old_ttvn; 688 int is_old_ttvn;
689 689
690 /* check if there is enough data before accessing it */ 690 /* check if there is enough data before accessing it */
691 if (pskb_may_pull(skb, hdr_len + ETH_HLEN) < 0) 691 if (!pskb_may_pull(skb, hdr_len + ETH_HLEN))
692 return 0; 692 return 0;
693 693
694 /* create a copy of the skb (in case of for re-routing) to modify it. */ 694 /* create a copy of the skb (in case of for re-routing) to modify it. */
@@ -918,6 +918,8 @@ int batadv_recv_unicast_tvlv(struct sk_buff *skb,
918 918
919 if (ret != NET_RX_SUCCESS) 919 if (ret != NET_RX_SUCCESS)
920 ret = batadv_route_unicast_packet(skb, recv_if); 920 ret = batadv_route_unicast_packet(skb, recv_if);
921 else
922 consume_skb(skb);
921 923
922 return ret; 924 return ret;
923} 925}
diff --git a/net/batman-adv/send.c b/net/batman-adv/send.c
index 579f5f00a385..843febd1e519 100644
--- a/net/batman-adv/send.c
+++ b/net/batman-adv/send.c
@@ -254,9 +254,9 @@ static int batadv_send_skb_unicast(struct batadv_priv *bat_priv,
254 struct batadv_orig_node *orig_node, 254 struct batadv_orig_node *orig_node,
255 unsigned short vid) 255 unsigned short vid)
256{ 256{
257 struct ethhdr *ethhdr = (struct ethhdr *)skb->data; 257 struct ethhdr *ethhdr;
258 struct batadv_unicast_packet *unicast_packet; 258 struct batadv_unicast_packet *unicast_packet;
259 int ret = NET_XMIT_DROP; 259 int ret = NET_XMIT_DROP, hdr_size;
260 260
261 if (!orig_node) 261 if (!orig_node)
262 goto out; 262 goto out;
@@ -265,12 +265,16 @@ static int batadv_send_skb_unicast(struct batadv_priv *bat_priv,
265 case BATADV_UNICAST: 265 case BATADV_UNICAST:
266 if (!batadv_send_skb_prepare_unicast(skb, orig_node)) 266 if (!batadv_send_skb_prepare_unicast(skb, orig_node))
267 goto out; 267 goto out;
268
269 hdr_size = sizeof(*unicast_packet);
268 break; 270 break;
269 case BATADV_UNICAST_4ADDR: 271 case BATADV_UNICAST_4ADDR:
270 if (!batadv_send_skb_prepare_unicast_4addr(bat_priv, skb, 272 if (!batadv_send_skb_prepare_unicast_4addr(bat_priv, skb,
271 orig_node, 273 orig_node,
272 packet_subtype)) 274 packet_subtype))
273 goto out; 275 goto out;
276
277 hdr_size = sizeof(struct batadv_unicast_4addr_packet);
274 break; 278 break;
275 default: 279 default:
276 /* this function supports UNICAST and UNICAST_4ADDR only. It 280 /* this function supports UNICAST and UNICAST_4ADDR only. It
@@ -279,6 +283,7 @@ static int batadv_send_skb_unicast(struct batadv_priv *bat_priv,
279 goto out; 283 goto out;
280 } 284 }
281 285
286 ethhdr = (struct ethhdr *)(skb->data + hdr_size);
282 unicast_packet = (struct batadv_unicast_packet *)skb->data; 287 unicast_packet = (struct batadv_unicast_packet *)skb->data;
283 288
284 /* inform the destination node that we are still missing a correct route 289 /* inform the destination node that we are still missing a correct route
diff --git a/net/batman-adv/translation-table.c b/net/batman-adv/translation-table.c
index b6071f675a3e..959dde721c46 100644
--- a/net/batman-adv/translation-table.c
+++ b/net/batman-adv/translation-table.c
@@ -1975,6 +1975,7 @@ static uint32_t batadv_tt_global_crc(struct batadv_priv *bat_priv,
1975 struct hlist_head *head; 1975 struct hlist_head *head;
1976 uint32_t i, crc_tmp, crc = 0; 1976 uint32_t i, crc_tmp, crc = 0;
1977 uint8_t flags; 1977 uint8_t flags;
1978 __be16 tmp_vid;
1978 1979
1979 for (i = 0; i < hash->size; i++) { 1980 for (i = 0; i < hash->size; i++) {
1980 head = &hash->table[i]; 1981 head = &hash->table[i];
@@ -2011,8 +2012,11 @@ static uint32_t batadv_tt_global_crc(struct batadv_priv *bat_priv,
2011 orig_node)) 2012 orig_node))
2012 continue; 2013 continue;
2013 2014
2014 crc_tmp = crc32c(0, &tt_common->vid, 2015 /* use network order to read the VID: this ensures that
2015 sizeof(tt_common->vid)); 2016 * every node reads the bytes in the same order.
2017 */
2018 tmp_vid = htons(tt_common->vid);
2019 crc_tmp = crc32c(0, &tmp_vid, sizeof(tmp_vid));
2016 2020
2017 /* compute the CRC on flags that have to be kept in sync 2021 /* compute the CRC on flags that have to be kept in sync
2018 * among nodes 2022 * among nodes
@@ -2046,6 +2050,7 @@ static uint32_t batadv_tt_local_crc(struct batadv_priv *bat_priv,
2046 struct hlist_head *head; 2050 struct hlist_head *head;
2047 uint32_t i, crc_tmp, crc = 0; 2051 uint32_t i, crc_tmp, crc = 0;
2048 uint8_t flags; 2052 uint8_t flags;
2053 __be16 tmp_vid;
2049 2054
2050 for (i = 0; i < hash->size; i++) { 2055 for (i = 0; i < hash->size; i++) {
2051 head = &hash->table[i]; 2056 head = &hash->table[i];
@@ -2064,8 +2069,11 @@ static uint32_t batadv_tt_local_crc(struct batadv_priv *bat_priv,
2064 if (tt_common->flags & BATADV_TT_CLIENT_NEW) 2069 if (tt_common->flags & BATADV_TT_CLIENT_NEW)
2065 continue; 2070 continue;
2066 2071
2067 crc_tmp = crc32c(0, &tt_common->vid, 2072 /* use network order to read the VID: this ensures that
2068 sizeof(tt_common->vid)); 2073 * every node reads the bytes in the same order.
2074 */
2075 tmp_vid = htons(tt_common->vid);
2076 crc_tmp = crc32c(0, &tmp_vid, sizeof(tmp_vid));
2069 2077
2070 /* compute the CRC on flags that have to be kept in sync 2078 /* compute the CRC on flags that have to be kept in sync
2071 * among nodes 2079 * among nodes
@@ -2262,6 +2270,7 @@ static bool batadv_tt_global_check_crc(struct batadv_orig_node *orig_node,
2262{ 2270{
2263 struct batadv_tvlv_tt_vlan_data *tt_vlan_tmp; 2271 struct batadv_tvlv_tt_vlan_data *tt_vlan_tmp;
2264 struct batadv_orig_node_vlan *vlan; 2272 struct batadv_orig_node_vlan *vlan;
2273 uint32_t crc;
2265 int i; 2274 int i;
2266 2275
2267 /* check if each received CRC matches the locally stored one */ 2276 /* check if each received CRC matches the locally stored one */
@@ -2281,7 +2290,10 @@ static bool batadv_tt_global_check_crc(struct batadv_orig_node *orig_node,
2281 if (!vlan) 2290 if (!vlan)
2282 return false; 2291 return false;
2283 2292
2284 if (vlan->tt.crc != ntohl(tt_vlan_tmp->crc)) 2293 crc = vlan->tt.crc;
2294 batadv_orig_node_vlan_free_ref(vlan);
2295
2296 if (crc != ntohl(tt_vlan_tmp->crc))
2285 return false; 2297 return false;
2286 } 2298 }
2287 2299
@@ -3218,7 +3230,6 @@ static void batadv_tt_update_orig(struct batadv_priv *bat_priv,
3218 3230
3219 spin_lock_bh(&orig_node->tt_lock); 3231 spin_lock_bh(&orig_node->tt_lock);
3220 3232
3221 tt_change = (struct batadv_tvlv_tt_change *)tt_buff;
3222 batadv_tt_update_changes(bat_priv, orig_node, tt_num_changes, 3233 batadv_tt_update_changes(bat_priv, orig_node, tt_num_changes,
3223 ttvn, tt_change); 3234 ttvn, tt_change);
3224 3235
diff --git a/net/bluetooth/hidp/core.c b/net/bluetooth/hidp/core.c
index 292e619db896..d9fb93451442 100644
--- a/net/bluetooth/hidp/core.c
+++ b/net/bluetooth/hidp/core.c
@@ -430,6 +430,16 @@ static void hidp_del_timer(struct hidp_session *session)
430 del_timer(&session->timer); 430 del_timer(&session->timer);
431} 431}
432 432
433static void hidp_process_report(struct hidp_session *session,
434 int type, const u8 *data, int len, int intr)
435{
436 if (len > HID_MAX_BUFFER_SIZE)
437 len = HID_MAX_BUFFER_SIZE;
438
439 memcpy(session->input_buf, data, len);
440 hid_input_report(session->hid, type, session->input_buf, len, intr);
441}
442
433static void hidp_process_handshake(struct hidp_session *session, 443static void hidp_process_handshake(struct hidp_session *session,
434 unsigned char param) 444 unsigned char param)
435{ 445{
@@ -502,7 +512,8 @@ static int hidp_process_data(struct hidp_session *session, struct sk_buff *skb,
502 hidp_input_report(session, skb); 512 hidp_input_report(session, skb);
503 513
504 if (session->hid) 514 if (session->hid)
505 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 0); 515 hidp_process_report(session, HID_INPUT_REPORT,
516 skb->data, skb->len, 0);
506 break; 517 break;
507 518
508 case HIDP_DATA_RTYPE_OTHER: 519 case HIDP_DATA_RTYPE_OTHER:
@@ -584,7 +595,8 @@ static void hidp_recv_intr_frame(struct hidp_session *session,
584 hidp_input_report(session, skb); 595 hidp_input_report(session, skb);
585 596
586 if (session->hid) { 597 if (session->hid) {
587 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 1); 598 hidp_process_report(session, HID_INPUT_REPORT,
599 skb->data, skb->len, 1);
588 BT_DBG("report len %d", skb->len); 600 BT_DBG("report len %d", skb->len);
589 } 601 }
590 } else { 602 } else {
diff --git a/net/bluetooth/hidp/hidp.h b/net/bluetooth/hidp/hidp.h
index ab5241400cf7..8798492a6e99 100644
--- a/net/bluetooth/hidp/hidp.h
+++ b/net/bluetooth/hidp/hidp.h
@@ -24,6 +24,7 @@
24#define __HIDP_H 24#define __HIDP_H
25 25
26#include <linux/types.h> 26#include <linux/types.h>
27#include <linux/hid.h>
27#include <linux/kref.h> 28#include <linux/kref.h>
28#include <net/bluetooth/bluetooth.h> 29#include <net/bluetooth/bluetooth.h>
29#include <net/bluetooth/l2cap.h> 30#include <net/bluetooth/l2cap.h>
@@ -179,6 +180,9 @@ struct hidp_session {
179 180
180 /* Used in hidp_output_raw_report() */ 181 /* Used in hidp_output_raw_report() */
181 int output_report_success; /* boolean */ 182 int output_report_success; /* boolean */
183
184 /* temporary input buffer */
185 u8 input_buf[HID_MAX_BUFFER_SIZE];
182}; 186};
183 187
184/* HIDP init defines */ 188/* HIDP init defines */
diff --git a/net/can/raw.c b/net/can/raw.c
index 8be757cca2ec..081e81fd017f 100644
--- a/net/can/raw.c
+++ b/net/can/raw.c
@@ -121,13 +121,9 @@ static void raw_rcv(struct sk_buff *oskb, void *data)
121 if (!ro->recv_own_msgs && oskb->sk == sk) 121 if (!ro->recv_own_msgs && oskb->sk == sk)
122 return; 122 return;
123 123
124 /* do not pass frames with DLC > 8 to a legacy socket */ 124 /* do not pass non-CAN2.0 frames to a legacy socket */
125 if (!ro->fd_frames) { 125 if (!ro->fd_frames && oskb->len != CAN_MTU)
126 struct canfd_frame *cfd = (struct canfd_frame *)oskb->data; 126 return;
127
128 if (unlikely(cfd->len > CAN_MAX_DLEN))
129 return;
130 }
131 127
132 /* clone the given skb to be able to enqueue it into the rcv queue */ 128 /* clone the given skb to be able to enqueue it into the rcv queue */
133 skb = skb_clone(oskb, GFP_ATOMIC); 129 skb = skb_clone(oskb, GFP_ATOMIC);
@@ -738,9 +734,7 @@ static int raw_recvmsg(struct kiocb *iocb, struct socket *sock,
738 struct msghdr *msg, size_t size, int flags) 734 struct msghdr *msg, size_t size, int flags)
739{ 735{
740 struct sock *sk = sock->sk; 736 struct sock *sk = sock->sk;
741 struct raw_sock *ro = raw_sk(sk);
742 struct sk_buff *skb; 737 struct sk_buff *skb;
743 int rxmtu;
744 int err = 0; 738 int err = 0;
745 int noblock; 739 int noblock;
746 740
@@ -751,20 +745,10 @@ static int raw_recvmsg(struct kiocb *iocb, struct socket *sock,
751 if (!skb) 745 if (!skb)
752 return err; 746 return err;
753 747
754 /* 748 if (size < skb->len)
755 * when serving a legacy socket the DLC <= 8 is already checked inside
756 * raw_rcv(). Now check if we need to pass a canfd_frame to a legacy
757 * socket and cut the possible CANFD_MTU/CAN_MTU length to CAN_MTU
758 */
759 if (!ro->fd_frames)
760 rxmtu = CAN_MTU;
761 else
762 rxmtu = skb->len;
763
764 if (size < rxmtu)
765 msg->msg_flags |= MSG_TRUNC; 749 msg->msg_flags |= MSG_TRUNC;
766 else 750 else
767 size = rxmtu; 751 size = skb->len;
768 752
769 err = memcpy_toiovec(msg->msg_iov, skb->data, size); 753 err = memcpy_toiovec(msg->msg_iov, skb->data, size);
770 if (err < 0) { 754 if (err < 0) {
diff --git a/net/core/dev.c b/net/core/dev.c
index 4ad1b78c9c77..b1b0c8d4d7df 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -2420,7 +2420,7 @@ EXPORT_SYMBOL(netdev_rx_csum_fault);
2420 * 2. No high memory really exists on this machine. 2420 * 2. No high memory really exists on this machine.
2421 */ 2421 */
2422 2422
2423static int illegal_highdma(struct net_device *dev, struct sk_buff *skb) 2423static int illegal_highdma(const struct net_device *dev, struct sk_buff *skb)
2424{ 2424{
2425#ifdef CONFIG_HIGHMEM 2425#ifdef CONFIG_HIGHMEM
2426 int i; 2426 int i;
@@ -2495,34 +2495,36 @@ static int dev_gso_segment(struct sk_buff *skb, netdev_features_t features)
2495} 2495}
2496 2496
2497static netdev_features_t harmonize_features(struct sk_buff *skb, 2497static netdev_features_t harmonize_features(struct sk_buff *skb,
2498 netdev_features_t features) 2498 const struct net_device *dev,
2499 netdev_features_t features)
2499{ 2500{
2500 if (skb->ip_summed != CHECKSUM_NONE && 2501 if (skb->ip_summed != CHECKSUM_NONE &&
2501 !can_checksum_protocol(features, skb_network_protocol(skb))) { 2502 !can_checksum_protocol(features, skb_network_protocol(skb))) {
2502 features &= ~NETIF_F_ALL_CSUM; 2503 features &= ~NETIF_F_ALL_CSUM;
2503 } else if (illegal_highdma(skb->dev, skb)) { 2504 } else if (illegal_highdma(dev, skb)) {
2504 features &= ~NETIF_F_SG; 2505 features &= ~NETIF_F_SG;
2505 } 2506 }
2506 2507
2507 return features; 2508 return features;
2508} 2509}
2509 2510
2510netdev_features_t netif_skb_features(struct sk_buff *skb) 2511netdev_features_t netif_skb_dev_features(struct sk_buff *skb,
2512 const struct net_device *dev)
2511{ 2513{
2512 __be16 protocol = skb->protocol; 2514 __be16 protocol = skb->protocol;
2513 netdev_features_t features = skb->dev->features; 2515 netdev_features_t features = dev->features;
2514 2516
2515 if (skb_shinfo(skb)->gso_segs > skb->dev->gso_max_segs) 2517 if (skb_shinfo(skb)->gso_segs > dev->gso_max_segs)
2516 features &= ~NETIF_F_GSO_MASK; 2518 features &= ~NETIF_F_GSO_MASK;
2517 2519
2518 if (protocol == htons(ETH_P_8021Q) || protocol == htons(ETH_P_8021AD)) { 2520 if (protocol == htons(ETH_P_8021Q) || protocol == htons(ETH_P_8021AD)) {
2519 struct vlan_ethhdr *veh = (struct vlan_ethhdr *)skb->data; 2521 struct vlan_ethhdr *veh = (struct vlan_ethhdr *)skb->data;
2520 protocol = veh->h_vlan_encapsulated_proto; 2522 protocol = veh->h_vlan_encapsulated_proto;
2521 } else if (!vlan_tx_tag_present(skb)) { 2523 } else if (!vlan_tx_tag_present(skb)) {
2522 return harmonize_features(skb, features); 2524 return harmonize_features(skb, dev, features);
2523 } 2525 }
2524 2526
2525 features &= (skb->dev->vlan_features | NETIF_F_HW_VLAN_CTAG_TX | 2527 features &= (dev->vlan_features | NETIF_F_HW_VLAN_CTAG_TX |
2526 NETIF_F_HW_VLAN_STAG_TX); 2528 NETIF_F_HW_VLAN_STAG_TX);
2527 2529
2528 if (protocol == htons(ETH_P_8021Q) || protocol == htons(ETH_P_8021AD)) 2530 if (protocol == htons(ETH_P_8021Q) || protocol == htons(ETH_P_8021AD))
@@ -2530,9 +2532,9 @@ netdev_features_t netif_skb_features(struct sk_buff *skb)
2530 NETIF_F_GEN_CSUM | NETIF_F_HW_VLAN_CTAG_TX | 2532 NETIF_F_GEN_CSUM | NETIF_F_HW_VLAN_CTAG_TX |
2531 NETIF_F_HW_VLAN_STAG_TX; 2533 NETIF_F_HW_VLAN_STAG_TX;
2532 2534
2533 return harmonize_features(skb, features); 2535 return harmonize_features(skb, dev, features);
2534} 2536}
2535EXPORT_SYMBOL(netif_skb_features); 2537EXPORT_SYMBOL(netif_skb_dev_features);
2536 2538
2537int dev_hard_start_xmit(struct sk_buff *skb, struct net_device *dev, 2539int dev_hard_start_xmit(struct sk_buff *skb, struct net_device *dev,
2538 struct netdev_queue *txq) 2540 struct netdev_queue *txq)
diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
index 87577d447554..e29e810663d7 100644
--- a/net/core/flow_dissector.c
+++ b/net/core/flow_dissector.c
@@ -323,17 +323,6 @@ u32 __skb_get_poff(const struct sk_buff *skb)
323 return poff; 323 return poff;
324} 324}
325 325
326static inline u16 dev_cap_txqueue(struct net_device *dev, u16 queue_index)
327{
328 if (unlikely(queue_index >= dev->real_num_tx_queues)) {
329 net_warn_ratelimited("%s selects TX queue %d, but real number of TX queues is %d\n",
330 dev->name, queue_index,
331 dev->real_num_tx_queues);
332 return 0;
333 }
334 return queue_index;
335}
336
337static inline int get_xps_queue(struct net_device *dev, struct sk_buff *skb) 326static inline int get_xps_queue(struct net_device *dev, struct sk_buff *skb)
338{ 327{
339#ifdef CONFIG_XPS 328#ifdef CONFIG_XPS
@@ -372,7 +361,7 @@ static inline int get_xps_queue(struct net_device *dev, struct sk_buff *skb)
372#endif 361#endif
373} 362}
374 363
375u16 __netdev_pick_tx(struct net_device *dev, struct sk_buff *skb) 364static u16 __netdev_pick_tx(struct net_device *dev, struct sk_buff *skb)
376{ 365{
377 struct sock *sk = skb->sk; 366 struct sock *sk = skb->sk;
378 int queue_index = sk_tx_queue_get(sk); 367 int queue_index = sk_tx_queue_get(sk);
@@ -392,7 +381,6 @@ u16 __netdev_pick_tx(struct net_device *dev, struct sk_buff *skb)
392 381
393 return queue_index; 382 return queue_index;
394} 383}
395EXPORT_SYMBOL(__netdev_pick_tx);
396 384
397struct netdev_queue *netdev_pick_tx(struct net_device *dev, 385struct netdev_queue *netdev_pick_tx(struct net_device *dev,
398 struct sk_buff *skb, 386 struct sk_buff *skb,
@@ -403,13 +391,13 @@ struct netdev_queue *netdev_pick_tx(struct net_device *dev,
403 if (dev->real_num_tx_queues != 1) { 391 if (dev->real_num_tx_queues != 1) {
404 const struct net_device_ops *ops = dev->netdev_ops; 392 const struct net_device_ops *ops = dev->netdev_ops;
405 if (ops->ndo_select_queue) 393 if (ops->ndo_select_queue)
406 queue_index = ops->ndo_select_queue(dev, skb, 394 queue_index = ops->ndo_select_queue(dev, skb, accel_priv,
407 accel_priv); 395 __netdev_pick_tx);
408 else 396 else
409 queue_index = __netdev_pick_tx(dev, skb); 397 queue_index = __netdev_pick_tx(dev, skb);
410 398
411 if (!accel_priv) 399 if (!accel_priv)
412 queue_index = dev_cap_txqueue(dev, queue_index); 400 queue_index = netdev_cap_txqueue(dev, queue_index);
413 } 401 }
414 402
415 skb_set_queue_mapping(skb, queue_index); 403 skb_set_queue_mapping(skb, queue_index);
diff --git a/net/core/neighbour.c b/net/core/neighbour.c
index b9e9e0d38672..e16129019c66 100644
--- a/net/core/neighbour.c
+++ b/net/core/neighbour.c
@@ -766,9 +766,6 @@ static void neigh_periodic_work(struct work_struct *work)
766 nht = rcu_dereference_protected(tbl->nht, 766 nht = rcu_dereference_protected(tbl->nht,
767 lockdep_is_held(&tbl->lock)); 767 lockdep_is_held(&tbl->lock));
768 768
769 if (atomic_read(&tbl->entries) < tbl->gc_thresh1)
770 goto out;
771
772 /* 769 /*
773 * periodically recompute ReachableTime from random function 770 * periodically recompute ReachableTime from random function
774 */ 771 */
@@ -781,6 +778,9 @@ static void neigh_periodic_work(struct work_struct *work)
781 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME)); 778 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
782 } 779 }
783 780
781 if (atomic_read(&tbl->entries) < tbl->gc_thresh1)
782 goto out;
783
784 for (i = 0 ; i < (1 << nht->hash_shift); i++) { 784 for (i = 0 ; i < (1 << nht->hash_shift); i++) {
785 np = &nht->hash_buckets[i]; 785 np = &nht->hash_buckets[i];
786 786
@@ -3046,7 +3046,7 @@ int neigh_sysctl_register(struct net_device *dev, struct neigh_parms *p,
3046 if (!t) 3046 if (!t)
3047 goto err; 3047 goto err;
3048 3048
3049 for (i = 0; i < ARRAY_SIZE(t->neigh_vars); i++) { 3049 for (i = 0; i < NEIGH_VAR_GC_INTERVAL; i++) {
3050 t->neigh_vars[i].data += (long) p; 3050 t->neigh_vars[i].data += (long) p;
3051 t->neigh_vars[i].extra1 = dev; 3051 t->neigh_vars[i].extra1 = dev;
3052 t->neigh_vars[i].extra2 = p; 3052 t->neigh_vars[i].extra2 = p;
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index 048dc8d183aa..1a0dac2ef9ad 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -1963,16 +1963,21 @@ replay:
1963 1963
1964 dev->ifindex = ifm->ifi_index; 1964 dev->ifindex = ifm->ifi_index;
1965 1965
1966 if (ops->newlink) 1966 if (ops->newlink) {
1967 err = ops->newlink(net, dev, tb, data); 1967 err = ops->newlink(net, dev, tb, data);
1968 else 1968 /* Drivers should call free_netdev() in ->destructor
1969 * and unregister it on failure so that device could be
1970 * finally freed in rtnl_unlock.
1971 */
1972 if (err < 0)
1973 goto out;
1974 } else {
1969 err = register_netdevice(dev); 1975 err = register_netdevice(dev);
1970 1976 if (err < 0) {
1971 if (err < 0) { 1977 free_netdev(dev);
1972 free_netdev(dev); 1978 goto out;
1973 goto out; 1979 }
1974 } 1980 }
1975
1976 err = rtnl_configure_link(dev, ifm); 1981 err = rtnl_configure_link(dev, ifm);
1977 if (err < 0) 1982 if (err < 0)
1978 unregister_netdevice(dev); 1983 unregister_netdevice(dev);
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 5976ef0846bd..5d6236d9fdce 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -707,9 +707,6 @@ static void __copy_skb_header(struct sk_buff *new, const struct sk_buff *old)
707 new->mark = old->mark; 707 new->mark = old->mark;
708 new->skb_iif = old->skb_iif; 708 new->skb_iif = old->skb_iif;
709 __nf_copy(new, old); 709 __nf_copy(new, old);
710#if IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TRACE)
711 new->nf_trace = old->nf_trace;
712#endif
713#ifdef CONFIG_NET_SCHED 710#ifdef CONFIG_NET_SCHED
714 new->tc_index = old->tc_index; 711 new->tc_index = old->tc_index;
715#ifdef CONFIG_NET_CLS_ACT 712#ifdef CONFIG_NET_CLS_ACT
diff --git a/net/dccp/ccids/lib/tfrc.c b/net/dccp/ccids/lib/tfrc.c
index c073b81a1f3e..62b5828acde0 100644
--- a/net/dccp/ccids/lib/tfrc.c
+++ b/net/dccp/ccids/lib/tfrc.c
@@ -8,7 +8,7 @@
8#include "tfrc.h" 8#include "tfrc.h"
9 9
10#ifdef CONFIG_IP_DCCP_TFRC_DEBUG 10#ifdef CONFIG_IP_DCCP_TFRC_DEBUG
11static bool tfrc_debug; 11bool tfrc_debug;
12module_param(tfrc_debug, bool, 0644); 12module_param(tfrc_debug, bool, 0644);
13MODULE_PARM_DESC(tfrc_debug, "Enable TFRC debug messages"); 13MODULE_PARM_DESC(tfrc_debug, "Enable TFRC debug messages");
14#endif 14#endif
diff --git a/net/dccp/ccids/lib/tfrc.h b/net/dccp/ccids/lib/tfrc.h
index a3d8f7c76ae0..40ee7d62b652 100644
--- a/net/dccp/ccids/lib/tfrc.h
+++ b/net/dccp/ccids/lib/tfrc.h
@@ -21,6 +21,7 @@
21#include "packet_history.h" 21#include "packet_history.h"
22 22
23#ifdef CONFIG_IP_DCCP_TFRC_DEBUG 23#ifdef CONFIG_IP_DCCP_TFRC_DEBUG
24extern bool tfrc_debug;
24#define tfrc_pr_debug(format, a...) DCCP_PR_DEBUG(tfrc_debug, format, ##a) 25#define tfrc_pr_debug(format, a...) DCCP_PR_DEBUG(tfrc_debug, format, ##a)
25#else 26#else
26#define tfrc_pr_debug(format, a...) 27#define tfrc_pr_debug(format, a...)
diff --git a/net/hsr/hsr_framereg.c b/net/hsr/hsr_framereg.c
index 327060c6c874..7ae0d7f6dbd0 100644
--- a/net/hsr/hsr_framereg.c
+++ b/net/hsr/hsr_framereg.c
@@ -297,7 +297,7 @@ static bool seq_nr_after(u16 a, u16 b)
297 297
298void hsr_register_frame_in(struct node_entry *node, enum hsr_dev_idx dev_idx) 298void hsr_register_frame_in(struct node_entry *node, enum hsr_dev_idx dev_idx)
299{ 299{
300 if ((dev_idx < 0) || (dev_idx >= HSR_MAX_DEV)) { 300 if ((dev_idx < 0) || (dev_idx >= HSR_MAX_SLAVE)) {
301 WARN_ONCE(1, "%s: Invalid dev_idx (%d)\n", __func__, dev_idx); 301 WARN_ONCE(1, "%s: Invalid dev_idx (%d)\n", __func__, dev_idx);
302 return; 302 return;
303 } 303 }
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index ecd2c3f245ce..19ab78aca547 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -1296,8 +1296,11 @@ static struct sk_buff *inet_gso_segment(struct sk_buff *skb,
1296 1296
1297 segs = ERR_PTR(-EPROTONOSUPPORT); 1297 segs = ERR_PTR(-EPROTONOSUPPORT);
1298 1298
1299 /* Note : following gso_segment() might change skb->encapsulation */ 1299 if (skb->encapsulation &&
1300 udpfrag = !skb->encapsulation && proto == IPPROTO_UDP; 1300 skb_shinfo(skb)->gso_type & (SKB_GSO_SIT|SKB_GSO_IPIP))
1301 udpfrag = proto == IPPROTO_UDP && encap;
1302 else
1303 udpfrag = proto == IPPROTO_UDP && !skb->encapsulation;
1301 1304
1302 ops = rcu_dereference(inet_offloads[proto]); 1305 ops = rcu_dereference(inet_offloads[proto]);
1303 if (likely(ops && ops->callbacks.gso_segment)) 1306 if (likely(ops && ops->callbacks.gso_segment))
diff --git a/net/ipv4/ip_forward.c b/net/ipv4/ip_forward.c
index e9f1217a8afd..f3869c186d97 100644
--- a/net/ipv4/ip_forward.c
+++ b/net/ipv4/ip_forward.c
@@ -39,6 +39,71 @@
39#include <net/route.h> 39#include <net/route.h>
40#include <net/xfrm.h> 40#include <net/xfrm.h>
41 41
42static bool ip_may_fragment(const struct sk_buff *skb)
43{
44 return unlikely((ip_hdr(skb)->frag_off & htons(IP_DF)) == 0) ||
45 !skb->local_df;
46}
47
48static bool ip_exceeds_mtu(const struct sk_buff *skb, unsigned int mtu)
49{
50 if (skb->len <= mtu || skb->local_df)
51 return false;
52
53 if (skb_is_gso(skb) && skb_gso_network_seglen(skb) <= mtu)
54 return false;
55
56 return true;
57}
58
59static bool ip_gso_exceeds_dst_mtu(const struct sk_buff *skb)
60{
61 unsigned int mtu;
62
63 if (skb->local_df || !skb_is_gso(skb))
64 return false;
65
66 mtu = ip_dst_mtu_maybe_forward(skb_dst(skb), true);
67
68 /* if seglen > mtu, do software segmentation for IP fragmentation on
69 * output. DF bit cannot be set since ip_forward would have sent
70 * icmp error.
71 */
72 return skb_gso_network_seglen(skb) > mtu;
73}
74
75/* called if GSO skb needs to be fragmented on forward */
76static int ip_forward_finish_gso(struct sk_buff *skb)
77{
78 struct dst_entry *dst = skb_dst(skb);
79 netdev_features_t features;
80 struct sk_buff *segs;
81 int ret = 0;
82
83 features = netif_skb_dev_features(skb, dst->dev);
84 segs = skb_gso_segment(skb, features & ~NETIF_F_GSO_MASK);
85 if (IS_ERR(segs)) {
86 kfree_skb(skb);
87 return -ENOMEM;
88 }
89
90 consume_skb(skb);
91
92 do {
93 struct sk_buff *nskb = segs->next;
94 int err;
95
96 segs->next = NULL;
97 err = dst_output(segs);
98
99 if (err && ret == 0)
100 ret = err;
101 segs = nskb;
102 } while (segs);
103
104 return ret;
105}
106
42static int ip_forward_finish(struct sk_buff *skb) 107static int ip_forward_finish(struct sk_buff *skb)
43{ 108{
44 struct ip_options *opt = &(IPCB(skb)->opt); 109 struct ip_options *opt = &(IPCB(skb)->opt);
@@ -49,6 +114,9 @@ static int ip_forward_finish(struct sk_buff *skb)
49 if (unlikely(opt->optlen)) 114 if (unlikely(opt->optlen))
50 ip_forward_options(skb); 115 ip_forward_options(skb);
51 116
117 if (ip_gso_exceeds_dst_mtu(skb))
118 return ip_forward_finish_gso(skb);
119
52 return dst_output(skb); 120 return dst_output(skb);
53} 121}
54 122
@@ -91,8 +159,7 @@ int ip_forward(struct sk_buff *skb)
91 159
92 IPCB(skb)->flags |= IPSKB_FORWARDED; 160 IPCB(skb)->flags |= IPSKB_FORWARDED;
93 mtu = ip_dst_mtu_maybe_forward(&rt->dst, true); 161 mtu = ip_dst_mtu_maybe_forward(&rt->dst, true);
94 if (unlikely(skb->len > mtu && !skb_is_gso(skb) && 162 if (!ip_may_fragment(skb) && ip_exceeds_mtu(skb, mtu)) {
95 (ip_hdr(skb)->frag_off & htons(IP_DF))) && !skb->local_df) {
96 IP_INC_STATS(dev_net(rt->dst.dev), IPSTATS_MIB_FRAGFAILS); 163 IP_INC_STATS(dev_net(rt->dst.dev), IPSTATS_MIB_FRAGFAILS);
97 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, 164 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED,
98 htonl(mtu)); 165 htonl(mtu));
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index 8971780aec7c..73c6b63bba74 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -422,9 +422,6 @@ static void ip_copy_metadata(struct sk_buff *to, struct sk_buff *from)
422 to->tc_index = from->tc_index; 422 to->tc_index = from->tc_index;
423#endif 423#endif
424 nf_copy(to, from); 424 nf_copy(to, from);
425#if IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TRACE)
426 to->nf_trace = from->nf_trace;
427#endif
428#if defined(CONFIG_IP_VS) || defined(CONFIG_IP_VS_MODULE) 425#if defined(CONFIG_IP_VS) || defined(CONFIG_IP_VS_MODULE)
429 to->ipvs_property = from->ipvs_property; 426 to->ipvs_property = from->ipvs_property;
430#endif 427#endif
diff --git a/net/ipv4/ip_tunnel.c b/net/ipv4/ip_tunnel.c
index 50228be5c17b..78a89e61925d 100644
--- a/net/ipv4/ip_tunnel.c
+++ b/net/ipv4/ip_tunnel.c
@@ -93,13 +93,14 @@ static void tunnel_dst_reset(struct ip_tunnel *t)
93 tunnel_dst_set(t, NULL); 93 tunnel_dst_set(t, NULL);
94} 94}
95 95
96static void tunnel_dst_reset_all(struct ip_tunnel *t) 96void ip_tunnel_dst_reset_all(struct ip_tunnel *t)
97{ 97{
98 int i; 98 int i;
99 99
100 for_each_possible_cpu(i) 100 for_each_possible_cpu(i)
101 __tunnel_dst_set(per_cpu_ptr(t->dst_cache, i), NULL); 101 __tunnel_dst_set(per_cpu_ptr(t->dst_cache, i), NULL);
102} 102}
103EXPORT_SYMBOL(ip_tunnel_dst_reset_all);
103 104
104static struct rtable *tunnel_rtable_get(struct ip_tunnel *t, u32 cookie) 105static struct rtable *tunnel_rtable_get(struct ip_tunnel *t, u32 cookie)
105{ 106{
@@ -119,52 +120,6 @@ static struct rtable *tunnel_rtable_get(struct ip_tunnel *t, u32 cookie)
119 return (struct rtable *)dst; 120 return (struct rtable *)dst;
120} 121}
121 122
122/* Often modified stats are per cpu, other are shared (netdev->stats) */
123struct rtnl_link_stats64 *ip_tunnel_get_stats64(struct net_device *dev,
124 struct rtnl_link_stats64 *tot)
125{
126 int i;
127
128 for_each_possible_cpu(i) {
129 const struct pcpu_sw_netstats *tstats =
130 per_cpu_ptr(dev->tstats, i);
131 u64 rx_packets, rx_bytes, tx_packets, tx_bytes;
132 unsigned int start;
133
134 do {
135 start = u64_stats_fetch_begin_bh(&tstats->syncp);
136 rx_packets = tstats->rx_packets;
137 tx_packets = tstats->tx_packets;
138 rx_bytes = tstats->rx_bytes;
139 tx_bytes = tstats->tx_bytes;
140 } while (u64_stats_fetch_retry_bh(&tstats->syncp, start));
141
142 tot->rx_packets += rx_packets;
143 tot->tx_packets += tx_packets;
144 tot->rx_bytes += rx_bytes;
145 tot->tx_bytes += tx_bytes;
146 }
147
148 tot->multicast = dev->stats.multicast;
149
150 tot->rx_crc_errors = dev->stats.rx_crc_errors;
151 tot->rx_fifo_errors = dev->stats.rx_fifo_errors;
152 tot->rx_length_errors = dev->stats.rx_length_errors;
153 tot->rx_frame_errors = dev->stats.rx_frame_errors;
154 tot->rx_errors = dev->stats.rx_errors;
155
156 tot->tx_fifo_errors = dev->stats.tx_fifo_errors;
157 tot->tx_carrier_errors = dev->stats.tx_carrier_errors;
158 tot->tx_dropped = dev->stats.tx_dropped;
159 tot->tx_aborted_errors = dev->stats.tx_aborted_errors;
160 tot->tx_errors = dev->stats.tx_errors;
161
162 tot->collisions = dev->stats.collisions;
163
164 return tot;
165}
166EXPORT_SYMBOL_GPL(ip_tunnel_get_stats64);
167
168static bool ip_tunnel_key_match(const struct ip_tunnel_parm *p, 123static bool ip_tunnel_key_match(const struct ip_tunnel_parm *p,
169 __be16 flags, __be32 key) 124 __be16 flags, __be32 key)
170{ 125{
@@ -759,7 +714,7 @@ static void ip_tunnel_update(struct ip_tunnel_net *itn,
759 if (set_mtu) 714 if (set_mtu)
760 dev->mtu = mtu; 715 dev->mtu = mtu;
761 } 716 }
762 tunnel_dst_reset_all(t); 717 ip_tunnel_dst_reset_all(t);
763 netdev_state_change(dev); 718 netdev_state_change(dev);
764} 719}
765 720
@@ -1088,7 +1043,7 @@ void ip_tunnel_uninit(struct net_device *dev)
1088 if (itn->fb_tunnel_dev != dev) 1043 if (itn->fb_tunnel_dev != dev)
1089 ip_tunnel_del(netdev_priv(dev)); 1044 ip_tunnel_del(netdev_priv(dev));
1090 1045
1091 tunnel_dst_reset_all(tunnel); 1046 ip_tunnel_dst_reset_all(tunnel);
1092} 1047}
1093EXPORT_SYMBOL_GPL(ip_tunnel_uninit); 1048EXPORT_SYMBOL_GPL(ip_tunnel_uninit);
1094 1049
diff --git a/net/ipv4/ip_tunnel_core.c b/net/ipv4/ip_tunnel_core.c
index 6156f4ef5e91..6f847dd56dbc 100644
--- a/net/ipv4/ip_tunnel_core.c
+++ b/net/ipv4/ip_tunnel_core.c
@@ -108,7 +108,6 @@ int iptunnel_pull_header(struct sk_buff *skb, int hdr_len, __be16 inner_proto)
108 nf_reset(skb); 108 nf_reset(skb);
109 secpath_reset(skb); 109 secpath_reset(skb);
110 skb_clear_hash_if_not_l4(skb); 110 skb_clear_hash_if_not_l4(skb);
111 skb_dst_drop(skb);
112 skb->vlan_tci = 0; 111 skb->vlan_tci = 0;
113 skb_set_queue_mapping(skb, 0); 112 skb_set_queue_mapping(skb, 0);
114 skb->pkt_type = PACKET_HOST; 113 skb->pkt_type = PACKET_HOST;
@@ -148,3 +147,49 @@ error:
148 return ERR_PTR(err); 147 return ERR_PTR(err);
149} 148}
150EXPORT_SYMBOL_GPL(iptunnel_handle_offloads); 149EXPORT_SYMBOL_GPL(iptunnel_handle_offloads);
150
151/* Often modified stats are per cpu, other are shared (netdev->stats) */
152struct rtnl_link_stats64 *ip_tunnel_get_stats64(struct net_device *dev,
153 struct rtnl_link_stats64 *tot)
154{
155 int i;
156
157 for_each_possible_cpu(i) {
158 const struct pcpu_sw_netstats *tstats =
159 per_cpu_ptr(dev->tstats, i);
160 u64 rx_packets, rx_bytes, tx_packets, tx_bytes;
161 unsigned int start;
162
163 do {
164 start = u64_stats_fetch_begin_bh(&tstats->syncp);
165 rx_packets = tstats->rx_packets;
166 tx_packets = tstats->tx_packets;
167 rx_bytes = tstats->rx_bytes;
168 tx_bytes = tstats->tx_bytes;
169 } while (u64_stats_fetch_retry_bh(&tstats->syncp, start));
170
171 tot->rx_packets += rx_packets;
172 tot->tx_packets += tx_packets;
173 tot->rx_bytes += rx_bytes;
174 tot->tx_bytes += tx_bytes;
175 }
176
177 tot->multicast = dev->stats.multicast;
178
179 tot->rx_crc_errors = dev->stats.rx_crc_errors;
180 tot->rx_fifo_errors = dev->stats.rx_fifo_errors;
181 tot->rx_length_errors = dev->stats.rx_length_errors;
182 tot->rx_frame_errors = dev->stats.rx_frame_errors;
183 tot->rx_errors = dev->stats.rx_errors;
184
185 tot->tx_fifo_errors = dev->stats.tx_fifo_errors;
186 tot->tx_carrier_errors = dev->stats.tx_carrier_errors;
187 tot->tx_dropped = dev->stats.tx_dropped;
188 tot->tx_aborted_errors = dev->stats.tx_aborted_errors;
189 tot->tx_errors = dev->stats.tx_errors;
190
191 tot->collisions = dev->stats.collisions;
192
193 return tot;
194}
195EXPORT_SYMBOL_GPL(ip_tunnel_get_stats64);
diff --git a/net/ipv4/ipconfig.c b/net/ipv4/ipconfig.c
index efa1138fa523..b3e86ea7b71b 100644
--- a/net/ipv4/ipconfig.c
+++ b/net/ipv4/ipconfig.c
@@ -273,7 +273,7 @@ static int __init ic_open_devs(void)
273 273
274 msleep(1); 274 msleep(1);
275 275
276 if time_before(jiffies, next_msg) 276 if (time_before(jiffies, next_msg))
277 continue; 277 continue;
278 278
279 elapsed = jiffies_to_msecs(jiffies - start); 279 elapsed = jiffies_to_msecs(jiffies - start);
diff --git a/net/ipv4/netfilter/nf_nat_snmp_basic.c b/net/ipv4/netfilter/nf_nat_snmp_basic.c
index d551e31b416e..7c676671329d 100644
--- a/net/ipv4/netfilter/nf_nat_snmp_basic.c
+++ b/net/ipv4/netfilter/nf_nat_snmp_basic.c
@@ -1198,8 +1198,8 @@ static int snmp_translate(struct nf_conn *ct,
1198 map.to = NOCT1(&ct->tuplehash[!dir].tuple.dst.u3.ip); 1198 map.to = NOCT1(&ct->tuplehash[!dir].tuple.dst.u3.ip);
1199 } else { 1199 } else {
1200 /* DNAT replies */ 1200 /* DNAT replies */
1201 map.from = NOCT1(&ct->tuplehash[dir].tuple.src.u3.ip); 1201 map.from = NOCT1(&ct->tuplehash[!dir].tuple.src.u3.ip);
1202 map.to = NOCT1(&ct->tuplehash[!dir].tuple.dst.u3.ip); 1202 map.to = NOCT1(&ct->tuplehash[dir].tuple.dst.u3.ip);
1203 } 1203 }
1204 1204
1205 if (map.from == map.to) 1205 if (map.from == map.to)
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index 25071b48921c..4c011ec69ed4 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -1597,6 +1597,7 @@ static int __mkroute_input(struct sk_buff *skb,
1597 rth->rt_gateway = 0; 1597 rth->rt_gateway = 0;
1598 rth->rt_uses_gateway = 0; 1598 rth->rt_uses_gateway = 0;
1599 INIT_LIST_HEAD(&rth->rt_uncached); 1599 INIT_LIST_HEAD(&rth->rt_uncached);
1600 RT_CACHE_STAT_INC(in_slow_tot);
1600 1601
1601 rth->dst.input = ip_forward; 1602 rth->dst.input = ip_forward;
1602 rth->dst.output = ip_output; 1603 rth->dst.output = ip_output;
@@ -1695,10 +1696,11 @@ static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr,
1695 fl4.daddr = daddr; 1696 fl4.daddr = daddr;
1696 fl4.saddr = saddr; 1697 fl4.saddr = saddr;
1697 err = fib_lookup(net, &fl4, &res); 1698 err = fib_lookup(net, &fl4, &res);
1698 if (err != 0) 1699 if (err != 0) {
1700 if (!IN_DEV_FORWARD(in_dev))
1701 err = -EHOSTUNREACH;
1699 goto no_route; 1702 goto no_route;
1700 1703 }
1701 RT_CACHE_STAT_INC(in_slow_tot);
1702 1704
1703 if (res.type == RTN_BROADCAST) 1705 if (res.type == RTN_BROADCAST)
1704 goto brd_input; 1706 goto brd_input;
@@ -1712,8 +1714,10 @@ static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr,
1712 goto local_input; 1714 goto local_input;
1713 } 1715 }
1714 1716
1715 if (!IN_DEV_FORWARD(in_dev)) 1717 if (!IN_DEV_FORWARD(in_dev)) {
1718 err = -EHOSTUNREACH;
1716 goto no_route; 1719 goto no_route;
1720 }
1717 if (res.type != RTN_UNICAST) 1721 if (res.type != RTN_UNICAST)
1718 goto martian_destination; 1722 goto martian_destination;
1719 1723
@@ -1768,6 +1772,7 @@ local_input:
1768 rth->rt_gateway = 0; 1772 rth->rt_gateway = 0;
1769 rth->rt_uses_gateway = 0; 1773 rth->rt_uses_gateway = 0;
1770 INIT_LIST_HEAD(&rth->rt_uncached); 1774 INIT_LIST_HEAD(&rth->rt_uncached);
1775 RT_CACHE_STAT_INC(in_slow_tot);
1771 if (res.type == RTN_UNREACHABLE) { 1776 if (res.type == RTN_UNREACHABLE) {
1772 rth->dst.input= ip_error; 1777 rth->dst.input= ip_error;
1773 rth->dst.error= -err; 1778 rth->dst.error= -err;
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index 9f3a2db9109e..97c8f5620c43 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -1044,7 +1044,8 @@ void tcp_free_fastopen_req(struct tcp_sock *tp)
1044 } 1044 }
1045} 1045}
1046 1046
1047static int tcp_sendmsg_fastopen(struct sock *sk, struct msghdr *msg, int *size) 1047static int tcp_sendmsg_fastopen(struct sock *sk, struct msghdr *msg,
1048 int *copied, size_t size)
1048{ 1049{
1049 struct tcp_sock *tp = tcp_sk(sk); 1050 struct tcp_sock *tp = tcp_sk(sk);
1050 int err, flags; 1051 int err, flags;
@@ -1059,11 +1060,12 @@ static int tcp_sendmsg_fastopen(struct sock *sk, struct msghdr *msg, int *size)
1059 if (unlikely(tp->fastopen_req == NULL)) 1060 if (unlikely(tp->fastopen_req == NULL))
1060 return -ENOBUFS; 1061 return -ENOBUFS;
1061 tp->fastopen_req->data = msg; 1062 tp->fastopen_req->data = msg;
1063 tp->fastopen_req->size = size;
1062 1064
1063 flags = (msg->msg_flags & MSG_DONTWAIT) ? O_NONBLOCK : 0; 1065 flags = (msg->msg_flags & MSG_DONTWAIT) ? O_NONBLOCK : 0;
1064 err = __inet_stream_connect(sk->sk_socket, msg->msg_name, 1066 err = __inet_stream_connect(sk->sk_socket, msg->msg_name,
1065 msg->msg_namelen, flags); 1067 msg->msg_namelen, flags);
1066 *size = tp->fastopen_req->copied; 1068 *copied = tp->fastopen_req->copied;
1067 tcp_free_fastopen_req(tp); 1069 tcp_free_fastopen_req(tp);
1068 return err; 1070 return err;
1069} 1071}
@@ -1083,7 +1085,7 @@ int tcp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
1083 1085
1084 flags = msg->msg_flags; 1086 flags = msg->msg_flags;
1085 if (flags & MSG_FASTOPEN) { 1087 if (flags & MSG_FASTOPEN) {
1086 err = tcp_sendmsg_fastopen(sk, msg, &copied_syn); 1088 err = tcp_sendmsg_fastopen(sk, msg, &copied_syn, size);
1087 if (err == -EINPROGRESS && copied_syn > 0) 1089 if (err == -EINPROGRESS && copied_syn > 0)
1088 goto out; 1090 goto out;
1089 else if (err) 1091 else if (err)
diff --git a/net/ipv4/tcp_cong.c b/net/ipv4/tcp_cong.c
index ad37bf18ae4b..2388275adb9b 100644
--- a/net/ipv4/tcp_cong.c
+++ b/net/ipv4/tcp_cong.c
@@ -290,8 +290,7 @@ bool tcp_is_cwnd_limited(const struct sock *sk, u32 in_flight)
290 left = tp->snd_cwnd - in_flight; 290 left = tp->snd_cwnd - in_flight;
291 if (sk_can_gso(sk) && 291 if (sk_can_gso(sk) &&
292 left * sysctl_tcp_tso_win_divisor < tp->snd_cwnd && 292 left * sysctl_tcp_tso_win_divisor < tp->snd_cwnd &&
293 left * tp->mss_cache < sk->sk_gso_max_size && 293 left < tp->xmit_size_goal_segs)
294 left < sk->sk_gso_max_segs)
295 return true; 294 return true;
296 return left <= tcp_max_tso_deferred_mss(tp); 295 return left <= tcp_max_tso_deferred_mss(tp);
297} 296}
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index 227cba79fa6b..eeaac399420d 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -1945,8 +1945,9 @@ void tcp_enter_loss(struct sock *sk, int how)
1945 if (skb == tcp_send_head(sk)) 1945 if (skb == tcp_send_head(sk))
1946 break; 1946 break;
1947 1947
1948 if (TCP_SKB_CB(skb)->sacked & TCPCB_RETRANS) 1948 if (TCP_SKB_CB(skb)->sacked & TCPCB_SACKED_RETRANS)
1949 tp->undo_marker = 0; 1949 tp->undo_marker = 0;
1950
1950 TCP_SKB_CB(skb)->sacked &= (~TCPCB_TAGBITS)|TCPCB_SACKED_ACKED; 1951 TCP_SKB_CB(skb)->sacked &= (~TCPCB_TAGBITS)|TCPCB_SACKED_ACKED;
1951 if (!(TCP_SKB_CB(skb)->sacked&TCPCB_SACKED_ACKED) || how) { 1952 if (!(TCP_SKB_CB(skb)->sacked&TCPCB_SACKED_ACKED) || how) {
1952 TCP_SKB_CB(skb)->sacked &= ~TCPCB_SACKED_ACKED; 1953 TCP_SKB_CB(skb)->sacked &= ~TCPCB_SACKED_ACKED;
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index 3be16727f058..f0eb4e337ec8 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -864,8 +864,8 @@ static int tcp_transmit_skb(struct sock *sk, struct sk_buff *skb, int clone_it,
864 864
865 if (unlikely(skb->fclone == SKB_FCLONE_ORIG && 865 if (unlikely(skb->fclone == SKB_FCLONE_ORIG &&
866 fclone->fclone == SKB_FCLONE_CLONE)) 866 fclone->fclone == SKB_FCLONE_CLONE))
867 NET_INC_STATS_BH(sock_net(sk), 867 NET_INC_STATS(sock_net(sk),
868 LINUX_MIB_TCPSPURIOUS_RTX_HOSTQUEUES); 868 LINUX_MIB_TCPSPURIOUS_RTX_HOSTQUEUES);
869 869
870 if (unlikely(skb_cloned(skb))) 870 if (unlikely(skb_cloned(skb)))
871 skb = pskb_copy(skb, gfp_mask); 871 skb = pskb_copy(skb, gfp_mask);
@@ -2337,6 +2337,7 @@ int __tcp_retransmit_skb(struct sock *sk, struct sk_buff *skb)
2337 struct tcp_sock *tp = tcp_sk(sk); 2337 struct tcp_sock *tp = tcp_sk(sk);
2338 struct inet_connection_sock *icsk = inet_csk(sk); 2338 struct inet_connection_sock *icsk = inet_csk(sk);
2339 unsigned int cur_mss; 2339 unsigned int cur_mss;
2340 int err;
2340 2341
2341 /* Inconslusive MTU probe */ 2342 /* Inconslusive MTU probe */
2342 if (icsk->icsk_mtup.probe_size) { 2343 if (icsk->icsk_mtup.probe_size) {
@@ -2400,11 +2401,15 @@ int __tcp_retransmit_skb(struct sock *sk, struct sk_buff *skb)
2400 skb_headroom(skb) >= 0xFFFF)) { 2401 skb_headroom(skb) >= 0xFFFF)) {
2401 struct sk_buff *nskb = __pskb_copy(skb, MAX_TCP_HEADER, 2402 struct sk_buff *nskb = __pskb_copy(skb, MAX_TCP_HEADER,
2402 GFP_ATOMIC); 2403 GFP_ATOMIC);
2403 return nskb ? tcp_transmit_skb(sk, nskb, 0, GFP_ATOMIC) : 2404 err = nskb ? tcp_transmit_skb(sk, nskb, 0, GFP_ATOMIC) :
2404 -ENOBUFS; 2405 -ENOBUFS;
2405 } else { 2406 } else {
2406 return tcp_transmit_skb(sk, skb, 1, GFP_ATOMIC); 2407 err = tcp_transmit_skb(sk, skb, 1, GFP_ATOMIC);
2407 } 2408 }
2409
2410 if (likely(!err))
2411 TCP_SKB_CB(skb)->sacked |= TCPCB_EVER_RETRANS;
2412 return err;
2408} 2413}
2409 2414
2410int tcp_retransmit_skb(struct sock *sk, struct sk_buff *skb) 2415int tcp_retransmit_skb(struct sock *sk, struct sk_buff *skb)
@@ -2908,7 +2913,12 @@ static int tcp_send_syn_data(struct sock *sk, struct sk_buff *syn)
2908 space = __tcp_mtu_to_mss(sk, inet_csk(sk)->icsk_pmtu_cookie) - 2913 space = __tcp_mtu_to_mss(sk, inet_csk(sk)->icsk_pmtu_cookie) -
2909 MAX_TCP_OPTION_SPACE; 2914 MAX_TCP_OPTION_SPACE;
2910 2915
2911 syn_data = skb_copy_expand(syn, skb_headroom(syn), space, 2916 space = min_t(size_t, space, fo->size);
2917
2918 /* limit to order-0 allocations */
2919 space = min_t(size_t, space, SKB_MAX_HEAD(MAX_TCP_HEADER));
2920
2921 syn_data = skb_copy_expand(syn, MAX_TCP_HEADER, space,
2912 sk->sk_allocation); 2922 sk->sk_allocation);
2913 if (syn_data == NULL) 2923 if (syn_data == NULL)
2914 goto fallback; 2924 goto fallback;
diff --git a/net/ipv6/Kconfig b/net/ipv6/Kconfig
index d92e5586783e..438a73aa777c 100644
--- a/net/ipv6/Kconfig
+++ b/net/ipv6/Kconfig
@@ -138,6 +138,7 @@ config INET6_XFRM_MODE_ROUTEOPTIMIZATION
138config IPV6_VTI 138config IPV6_VTI
139tristate "Virtual (secure) IPv6: tunneling" 139tristate "Virtual (secure) IPv6: tunneling"
140 select IPV6_TUNNEL 140 select IPV6_TUNNEL
141 select NET_IP_TUNNEL
141 depends on INET6_XFRM_MODE_TUNNEL 142 depends on INET6_XFRM_MODE_TUNNEL
142 ---help--- 143 ---help---
143 Tunneling means encapsulating data of one protocol type within 144 Tunneling means encapsulating data of one protocol type within
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index ad235690684c..fdbfeca36d63 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -2783,6 +2783,8 @@ static void addrconf_gre_config(struct net_device *dev)
2783 ipv6_addr_set(&addr, htonl(0xFE800000), 0, 0, 0); 2783 ipv6_addr_set(&addr, htonl(0xFE800000), 0, 0, 0);
2784 if (!ipv6_generate_eui64(addr.s6_addr + 8, dev)) 2784 if (!ipv6_generate_eui64(addr.s6_addr + 8, dev))
2785 addrconf_add_linklocal(idev, &addr); 2785 addrconf_add_linklocal(idev, &addr);
2786 else
2787 addrconf_prefix_route(&addr, 64, dev, 0, 0);
2786} 2788}
2787#endif 2789#endif
2788 2790
diff --git a/net/ipv6/exthdrs_core.c b/net/ipv6/exthdrs_core.c
index 140748debc4a..8af3eb57f438 100644
--- a/net/ipv6/exthdrs_core.c
+++ b/net/ipv6/exthdrs_core.c
@@ -212,7 +212,7 @@ int ipv6_find_hdr(const struct sk_buff *skb, unsigned int *offset,
212 found = (nexthdr == target); 212 found = (nexthdr == target);
213 213
214 if ((!ipv6_ext_hdr(nexthdr)) || nexthdr == NEXTHDR_NONE) { 214 if ((!ipv6_ext_hdr(nexthdr)) || nexthdr == NEXTHDR_NONE) {
215 if (target < 0) 215 if (target < 0 || found)
216 break; 216 break;
217 return -ENOENT; 217 return -ENOENT;
218 } 218 }
diff --git a/net/ipv6/ip6_offload.c b/net/ipv6/ip6_offload.c
index 1e8683b135bb..59f95affceb0 100644
--- a/net/ipv6/ip6_offload.c
+++ b/net/ipv6/ip6_offload.c
@@ -89,7 +89,7 @@ static struct sk_buff *ipv6_gso_segment(struct sk_buff *skb,
89 unsigned int unfrag_ip6hlen; 89 unsigned int unfrag_ip6hlen;
90 u8 *prevhdr; 90 u8 *prevhdr;
91 int offset = 0; 91 int offset = 0;
92 bool tunnel; 92 bool encap, udpfrag;
93 int nhoff; 93 int nhoff;
94 94
95 if (unlikely(skb_shinfo(skb)->gso_type & 95 if (unlikely(skb_shinfo(skb)->gso_type &
@@ -110,8 +110,8 @@ static struct sk_buff *ipv6_gso_segment(struct sk_buff *skb,
110 if (unlikely(!pskb_may_pull(skb, sizeof(*ipv6h)))) 110 if (unlikely(!pskb_may_pull(skb, sizeof(*ipv6h))))
111 goto out; 111 goto out;
112 112
113 tunnel = SKB_GSO_CB(skb)->encap_level > 0; 113 encap = SKB_GSO_CB(skb)->encap_level > 0;
114 if (tunnel) 114 if (encap)
115 features = skb->dev->hw_enc_features & netif_skb_features(skb); 115 features = skb->dev->hw_enc_features & netif_skb_features(skb);
116 SKB_GSO_CB(skb)->encap_level += sizeof(*ipv6h); 116 SKB_GSO_CB(skb)->encap_level += sizeof(*ipv6h);
117 117
@@ -121,6 +121,12 @@ static struct sk_buff *ipv6_gso_segment(struct sk_buff *skb,
121 121
122 proto = ipv6_gso_pull_exthdrs(skb, ipv6h->nexthdr); 122 proto = ipv6_gso_pull_exthdrs(skb, ipv6h->nexthdr);
123 123
124 if (skb->encapsulation &&
125 skb_shinfo(skb)->gso_type & (SKB_GSO_SIT|SKB_GSO_IPIP))
126 udpfrag = proto == IPPROTO_UDP && encap;
127 else
128 udpfrag = proto == IPPROTO_UDP && !skb->encapsulation;
129
124 ops = rcu_dereference(inet6_offloads[proto]); 130 ops = rcu_dereference(inet6_offloads[proto]);
125 if (likely(ops && ops->callbacks.gso_segment)) { 131 if (likely(ops && ops->callbacks.gso_segment)) {
126 skb_reset_transport_header(skb); 132 skb_reset_transport_header(skb);
@@ -133,13 +139,9 @@ static struct sk_buff *ipv6_gso_segment(struct sk_buff *skb,
133 for (skb = segs; skb; skb = skb->next) { 139 for (skb = segs; skb; skb = skb->next) {
134 ipv6h = (struct ipv6hdr *)(skb_mac_header(skb) + nhoff); 140 ipv6h = (struct ipv6hdr *)(skb_mac_header(skb) + nhoff);
135 ipv6h->payload_len = htons(skb->len - nhoff - sizeof(*ipv6h)); 141 ipv6h->payload_len = htons(skb->len - nhoff - sizeof(*ipv6h));
136 if (tunnel) {
137 skb_reset_inner_headers(skb);
138 skb->encapsulation = 1;
139 }
140 skb->network_header = (u8 *)ipv6h - skb->head; 142 skb->network_header = (u8 *)ipv6h - skb->head;
141 143
142 if (!tunnel && proto == IPPROTO_UDP) { 144 if (udpfrag) {
143 unfrag_ip6hlen = ip6_find_1stfragopt(skb, &prevhdr); 145 unfrag_ip6hlen = ip6_find_1stfragopt(skb, &prevhdr);
144 fptr = (struct frag_hdr *)((u8 *)ipv6h + unfrag_ip6hlen); 146 fptr = (struct frag_hdr *)((u8 *)ipv6h + unfrag_ip6hlen);
145 fptr->frag_off = htons(offset); 147 fptr->frag_off = htons(offset);
@@ -148,6 +150,8 @@ static struct sk_buff *ipv6_gso_segment(struct sk_buff *skb,
148 offset += (ntohs(ipv6h->payload_len) - 150 offset += (ntohs(ipv6h->payload_len) -
149 sizeof(struct frag_hdr)); 151 sizeof(struct frag_hdr));
150 } 152 }
153 if (encap)
154 skb_reset_inner_headers(skb);
151 } 155 }
152 156
153out: 157out:
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index ef02b26ccf81..16f91a2e7888 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -342,6 +342,20 @@ static unsigned int ip6_dst_mtu_forward(const struct dst_entry *dst)
342 return mtu; 342 return mtu;
343} 343}
344 344
345static bool ip6_pkt_too_big(const struct sk_buff *skb, unsigned int mtu)
346{
347 if (skb->len <= mtu || skb->local_df)
348 return false;
349
350 if (IP6CB(skb)->frag_max_size && IP6CB(skb)->frag_max_size > mtu)
351 return true;
352
353 if (skb_is_gso(skb) && skb_gso_network_seglen(skb) <= mtu)
354 return false;
355
356 return true;
357}
358
345int ip6_forward(struct sk_buff *skb) 359int ip6_forward(struct sk_buff *skb)
346{ 360{
347 struct dst_entry *dst = skb_dst(skb); 361 struct dst_entry *dst = skb_dst(skb);
@@ -466,8 +480,7 @@ int ip6_forward(struct sk_buff *skb)
466 if (mtu < IPV6_MIN_MTU) 480 if (mtu < IPV6_MIN_MTU)
467 mtu = IPV6_MIN_MTU; 481 mtu = IPV6_MIN_MTU;
468 482
469 if ((!skb->local_df && skb->len > mtu && !skb_is_gso(skb)) || 483 if (ip6_pkt_too_big(skb, mtu)) {
470 (IP6CB(skb)->frag_max_size && IP6CB(skb)->frag_max_size > mtu)) {
471 /* Again, force OUTPUT device used as source address */ 484 /* Again, force OUTPUT device used as source address */
472 skb->dev = dst->dev; 485 skb->dev = dst->dev;
473 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu); 486 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
@@ -517,9 +530,6 @@ static void ip6_copy_metadata(struct sk_buff *to, struct sk_buff *from)
517 to->tc_index = from->tc_index; 530 to->tc_index = from->tc_index;
518#endif 531#endif
519 nf_copy(to, from); 532 nf_copy(to, from);
520#if IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TRACE)
521 to->nf_trace = from->nf_trace;
522#endif
523 skb_copy_secmark(to, from); 533 skb_copy_secmark(to, from);
524} 534}
525 535
diff --git a/net/ipv6/ping.c b/net/ipv6/ping.c
index fb9beb78f00b..587bbdcb22b4 100644
--- a/net/ipv6/ping.c
+++ b/net/ipv6/ping.c
@@ -135,6 +135,7 @@ int ping_v6_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
135 fl6.flowi6_proto = IPPROTO_ICMPV6; 135 fl6.flowi6_proto = IPPROTO_ICMPV6;
136 fl6.saddr = np->saddr; 136 fl6.saddr = np->saddr;
137 fl6.daddr = *daddr; 137 fl6.daddr = *daddr;
138 fl6.flowi6_mark = sk->sk_mark;
138 fl6.fl6_icmp_type = user_icmph.icmp6_type; 139 fl6.fl6_icmp_type = user_icmph.icmp6_type;
139 fl6.fl6_icmp_code = user_icmph.icmp6_code; 140 fl6.fl6_icmp_code = user_icmph.icmp6_code;
140 security_sk_classify_flow(sk, flowi6_to_flowi(&fl6)); 141 security_sk_classify_flow(sk, flowi6_to_flowi(&fl6));
diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c
index 3dfbcf1dcb1c..b4d74c86586c 100644
--- a/net/ipv6/sit.c
+++ b/net/ipv6/sit.c
@@ -475,6 +475,7 @@ static void ipip6_tunnel_uninit(struct net_device *dev)
475 ipip6_tunnel_unlink(sitn, tunnel); 475 ipip6_tunnel_unlink(sitn, tunnel);
476 ipip6_tunnel_del_prl(tunnel, NULL); 476 ipip6_tunnel_del_prl(tunnel, NULL);
477 } 477 }
478 ip_tunnel_dst_reset_all(tunnel);
478 dev_put(dev); 479 dev_put(dev);
479} 480}
480 481
@@ -1082,6 +1083,7 @@ static void ipip6_tunnel_update(struct ip_tunnel *t, struct ip_tunnel_parm *p)
1082 t->parms.link = p->link; 1083 t->parms.link = p->link;
1083 ipip6_tunnel_bind_dev(t->dev); 1084 ipip6_tunnel_bind_dev(t->dev);
1084 } 1085 }
1086 ip_tunnel_dst_reset_all(t);
1085 netdev_state_change(t->dev); 1087 netdev_state_change(t->dev);
1086} 1088}
1087 1089
@@ -1112,6 +1114,7 @@ static int ipip6_tunnel_update_6rd(struct ip_tunnel *t,
1112 t->ip6rd.relay_prefix = relay_prefix; 1114 t->ip6rd.relay_prefix = relay_prefix;
1113 t->ip6rd.prefixlen = ip6rd->prefixlen; 1115 t->ip6rd.prefixlen = ip6rd->prefixlen;
1114 t->ip6rd.relay_prefixlen = ip6rd->relay_prefixlen; 1116 t->ip6rd.relay_prefixlen = ip6rd->relay_prefixlen;
1117 ip_tunnel_dst_reset_all(t);
1115 netdev_state_change(t->dev); 1118 netdev_state_change(t->dev);
1116 return 0; 1119 return 0;
1117} 1120}
@@ -1271,6 +1274,7 @@ ipip6_tunnel_ioctl (struct net_device *dev, struct ifreq *ifr, int cmd)
1271 err = ipip6_tunnel_add_prl(t, &prl, cmd == SIOCCHGPRL); 1274 err = ipip6_tunnel_add_prl(t, &prl, cmd == SIOCCHGPRL);
1272 break; 1275 break;
1273 } 1276 }
1277 ip_tunnel_dst_reset_all(t);
1274 netdev_state_change(dev); 1278 netdev_state_change(dev);
1275 break; 1279 break;
1276 1280
@@ -1326,6 +1330,9 @@ static const struct net_device_ops ipip6_netdev_ops = {
1326 1330
1327static void ipip6_dev_free(struct net_device *dev) 1331static void ipip6_dev_free(struct net_device *dev)
1328{ 1332{
1333 struct ip_tunnel *tunnel = netdev_priv(dev);
1334
1335 free_percpu(tunnel->dst_cache);
1329 free_percpu(dev->tstats); 1336 free_percpu(dev->tstats);
1330 free_netdev(dev); 1337 free_netdev(dev);
1331} 1338}
@@ -1375,6 +1382,12 @@ static int ipip6_tunnel_init(struct net_device *dev)
1375 u64_stats_init(&ipip6_tunnel_stats->syncp); 1382 u64_stats_init(&ipip6_tunnel_stats->syncp);
1376 } 1383 }
1377 1384
1385 tunnel->dst_cache = alloc_percpu(struct ip_tunnel_dst);
1386 if (!tunnel->dst_cache) {
1387 free_percpu(dev->tstats);
1388 return -ENOMEM;
1389 }
1390
1378 return 0; 1391 return 0;
1379} 1392}
1380 1393
@@ -1405,6 +1418,12 @@ static int __net_init ipip6_fb_tunnel_init(struct net_device *dev)
1405 u64_stats_init(&ipip6_fb_stats->syncp); 1418 u64_stats_init(&ipip6_fb_stats->syncp);
1406 } 1419 }
1407 1420
1421 tunnel->dst_cache = alloc_percpu(struct ip_tunnel_dst);
1422 if (!tunnel->dst_cache) {
1423 free_percpu(dev->tstats);
1424 return -ENOMEM;
1425 }
1426
1408 dev_hold(dev); 1427 dev_hold(dev);
1409 rcu_assign_pointer(sitn->tunnels_wc[0], tunnel); 1428 rcu_assign_pointer(sitn->tunnels_wc[0], tunnel);
1410 return 0; 1429 return 0;
diff --git a/net/ipv6/udp_offload.c b/net/ipv6/udp_offload.c
index e7359f9eaa8d..b261ee8b83fc 100644
--- a/net/ipv6/udp_offload.c
+++ b/net/ipv6/udp_offload.c
@@ -113,7 +113,7 @@ static struct sk_buff *udp6_ufo_fragment(struct sk_buff *skb,
113 fptr = (struct frag_hdr *)(skb_network_header(skb) + unfrag_ip6hlen); 113 fptr = (struct frag_hdr *)(skb_network_header(skb) + unfrag_ip6hlen);
114 fptr->nexthdr = nexthdr; 114 fptr->nexthdr = nexthdr;
115 fptr->reserved = 0; 115 fptr->reserved = 0;
116 ipv6_select_ident(fptr, (struct rt6_info *)skb_dst(skb)); 116 fptr->identification = skb_shinfo(skb)->ip6_frag_id;
117 117
118 /* Fragment the skb. ipv6 header and the remaining fields of the 118 /* Fragment the skb. ipv6 header and the remaining fields of the
119 * fragment header are updated in ipv6_gso_segment() 119 * fragment header are updated in ipv6_gso_segment()
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index 3701930c6649..5e44e3179e02 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -1692,14 +1692,8 @@ void ieee80211_stop_queue_by_reason(struct ieee80211_hw *hw, int queue,
1692void ieee80211_propagate_queue_wake(struct ieee80211_local *local, int queue); 1692void ieee80211_propagate_queue_wake(struct ieee80211_local *local, int queue);
1693void ieee80211_add_pending_skb(struct ieee80211_local *local, 1693void ieee80211_add_pending_skb(struct ieee80211_local *local,
1694 struct sk_buff *skb); 1694 struct sk_buff *skb);
1695void ieee80211_add_pending_skbs_fn(struct ieee80211_local *local, 1695void ieee80211_add_pending_skbs(struct ieee80211_local *local,
1696 struct sk_buff_head *skbs, 1696 struct sk_buff_head *skbs);
1697 void (*fn)(void *data), void *data);
1698static inline void ieee80211_add_pending_skbs(struct ieee80211_local *local,
1699 struct sk_buff_head *skbs)
1700{
1701 ieee80211_add_pending_skbs_fn(local, skbs, NULL, NULL);
1702}
1703void ieee80211_flush_queues(struct ieee80211_local *local, 1697void ieee80211_flush_queues(struct ieee80211_local *local,
1704 struct ieee80211_sub_if_data *sdata); 1698 struct ieee80211_sub_if_data *sdata);
1705 1699
diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
index d6d1f1df9119..ce1c44370610 100644
--- a/net/mac80211/iface.c
+++ b/net/mac80211/iface.c
@@ -1057,7 +1057,8 @@ static void ieee80211_uninit(struct net_device *dev)
1057 1057
1058static u16 ieee80211_netdev_select_queue(struct net_device *dev, 1058static u16 ieee80211_netdev_select_queue(struct net_device *dev,
1059 struct sk_buff *skb, 1059 struct sk_buff *skb,
1060 void *accel_priv) 1060 void *accel_priv,
1061 select_queue_fallback_t fallback)
1061{ 1062{
1062 return ieee80211_select_queue(IEEE80211_DEV_TO_SUB_IF(dev), skb); 1063 return ieee80211_select_queue(IEEE80211_DEV_TO_SUB_IF(dev), skb);
1063} 1064}
@@ -1075,7 +1076,8 @@ static const struct net_device_ops ieee80211_dataif_ops = {
1075 1076
1076static u16 ieee80211_monitor_select_queue(struct net_device *dev, 1077static u16 ieee80211_monitor_select_queue(struct net_device *dev,
1077 struct sk_buff *skb, 1078 struct sk_buff *skb,
1078 void *accel_priv) 1079 void *accel_priv,
1080 select_queue_fallback_t fallback)
1079{ 1081{
1080 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1082 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1081 struct ieee80211_local *local = sdata->local; 1083 struct ieee80211_local *local = sdata->local;
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index fc1d82465b3c..245dce969b31 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -222,6 +222,7 @@ ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata,
222 switch (vht_oper->chan_width) { 222 switch (vht_oper->chan_width) {
223 case IEEE80211_VHT_CHANWIDTH_USE_HT: 223 case IEEE80211_VHT_CHANWIDTH_USE_HT:
224 vht_chandef.width = chandef->width; 224 vht_chandef.width = chandef->width;
225 vht_chandef.center_freq1 = chandef->center_freq1;
225 break; 226 break;
226 case IEEE80211_VHT_CHANWIDTH_80MHZ: 227 case IEEE80211_VHT_CHANWIDTH_80MHZ:
227 vht_chandef.width = NL80211_CHAN_WIDTH_80; 228 vht_chandef.width = NL80211_CHAN_WIDTH_80;
@@ -271,6 +272,28 @@ ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata,
271 ret = 0; 272 ret = 0;
272 273
273out: 274out:
275 /*
276 * When tracking the current AP, don't do any further checks if the
277 * new chandef is identical to the one we're currently using for the
278 * connection. This keeps us from playing ping-pong with regulatory,
279 * without it the following can happen (for example):
280 * - connect to an AP with 80 MHz, world regdom allows 80 MHz
281 * - AP advertises regdom US
282 * - CRDA loads regdom US with 80 MHz prohibited (old database)
283 * - the code below detects an unsupported channel, downgrades, and
284 * we disconnect from the AP in the caller
285 * - disconnect causes CRDA to reload world regdomain and the game
286 * starts anew.
287 * (see https://bugzilla.kernel.org/show_bug.cgi?id=70881)
288 *
289 * It seems possible that there are still scenarios with CSA or real
290 * bandwidth changes where a this could happen, but those cases are
291 * less common and wouldn't completely prevent using the AP.
292 */
293 if (tracking &&
294 cfg80211_chandef_identical(chandef, &sdata->vif.bss_conf.chandef))
295 return ret;
296
274 /* don't print the message below for VHT mismatch if VHT is disabled */ 297 /* don't print the message below for VHT mismatch if VHT is disabled */
275 if (ret & IEEE80211_STA_DISABLE_VHT) 298 if (ret & IEEE80211_STA_DISABLE_VHT)
276 vht_chandef = *chandef; 299 vht_chandef = *chandef;
@@ -3753,6 +3776,7 @@ static int ieee80211_prep_connection(struct ieee80211_sub_if_data *sdata,
3753 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf); 3776 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
3754 if (WARN_ON(!chanctx_conf)) { 3777 if (WARN_ON(!chanctx_conf)) {
3755 rcu_read_unlock(); 3778 rcu_read_unlock();
3779 sta_info_free(local, new_sta);
3756 return -EINVAL; 3780 return -EINVAL;
3757 } 3781 }
3758 rate_flags = ieee80211_chandef_rate_flags(&chanctx_conf->def); 3782 rate_flags = ieee80211_chandef_rate_flags(&chanctx_conf->def);
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index c24ca0d0f469..3e57f96c9666 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -1128,6 +1128,13 @@ static void sta_ps_end(struct sta_info *sta)
1128 sta->sta.addr, sta->sta.aid); 1128 sta->sta.addr, sta->sta.aid);
1129 1129
1130 if (test_sta_flag(sta, WLAN_STA_PS_DRIVER)) { 1130 if (test_sta_flag(sta, WLAN_STA_PS_DRIVER)) {
1131 /*
1132 * Clear the flag only if the other one is still set
1133 * so that the TX path won't start TX'ing new frames
1134 * directly ... In the case that the driver flag isn't
1135 * set ieee80211_sta_ps_deliver_wakeup() will clear it.
1136 */
1137 clear_sta_flag(sta, WLAN_STA_PS_STA);
1131 ps_dbg(sta->sdata, "STA %pM aid %d driver-ps-blocked\n", 1138 ps_dbg(sta->sdata, "STA %pM aid %d driver-ps-blocked\n",
1132 sta->sta.addr, sta->sta.aid); 1139 sta->sta.addr, sta->sta.aid);
1133 return; 1140 return;
diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c
index decd30c1e290..a023b432143b 100644
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -91,7 +91,7 @@ static int sta_info_hash_del(struct ieee80211_local *local,
91 return -ENOENT; 91 return -ENOENT;
92} 92}
93 93
94static void cleanup_single_sta(struct sta_info *sta) 94static void __cleanup_single_sta(struct sta_info *sta)
95{ 95{
96 int ac, i; 96 int ac, i;
97 struct tid_ampdu_tx *tid_tx; 97 struct tid_ampdu_tx *tid_tx;
@@ -99,7 +99,8 @@ static void cleanup_single_sta(struct sta_info *sta)
99 struct ieee80211_local *local = sdata->local; 99 struct ieee80211_local *local = sdata->local;
100 struct ps_data *ps; 100 struct ps_data *ps;
101 101
102 if (test_sta_flag(sta, WLAN_STA_PS_STA)) { 102 if (test_sta_flag(sta, WLAN_STA_PS_STA) ||
103 test_sta_flag(sta, WLAN_STA_PS_DRIVER)) {
103 if (sta->sdata->vif.type == NL80211_IFTYPE_AP || 104 if (sta->sdata->vif.type == NL80211_IFTYPE_AP ||
104 sta->sdata->vif.type == NL80211_IFTYPE_AP_VLAN) 105 sta->sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
105 ps = &sdata->bss->ps; 106 ps = &sdata->bss->ps;
@@ -109,6 +110,7 @@ static void cleanup_single_sta(struct sta_info *sta)
109 return; 110 return;
110 111
111 clear_sta_flag(sta, WLAN_STA_PS_STA); 112 clear_sta_flag(sta, WLAN_STA_PS_STA);
113 clear_sta_flag(sta, WLAN_STA_PS_DRIVER);
112 114
113 atomic_dec(&ps->num_sta_ps); 115 atomic_dec(&ps->num_sta_ps);
114 sta_info_recalc_tim(sta); 116 sta_info_recalc_tim(sta);
@@ -139,7 +141,14 @@ static void cleanup_single_sta(struct sta_info *sta)
139 ieee80211_purge_tx_queue(&local->hw, &tid_tx->pending); 141 ieee80211_purge_tx_queue(&local->hw, &tid_tx->pending);
140 kfree(tid_tx); 142 kfree(tid_tx);
141 } 143 }
144}
142 145
146static void cleanup_single_sta(struct sta_info *sta)
147{
148 struct ieee80211_sub_if_data *sdata = sta->sdata;
149 struct ieee80211_local *local = sdata->local;
150
151 __cleanup_single_sta(sta);
143 sta_info_free(local, sta); 152 sta_info_free(local, sta);
144} 153}
145 154
@@ -330,6 +339,7 @@ struct sta_info *sta_info_alloc(struct ieee80211_sub_if_data *sdata,
330 rcu_read_unlock(); 339 rcu_read_unlock();
331 340
332 spin_lock_init(&sta->lock); 341 spin_lock_init(&sta->lock);
342 spin_lock_init(&sta->ps_lock);
333 INIT_WORK(&sta->drv_unblock_wk, sta_unblock); 343 INIT_WORK(&sta->drv_unblock_wk, sta_unblock);
334 INIT_WORK(&sta->ampdu_mlme.work, ieee80211_ba_session_work); 344 INIT_WORK(&sta->ampdu_mlme.work, ieee80211_ba_session_work);
335 mutex_init(&sta->ampdu_mlme.mtx); 345 mutex_init(&sta->ampdu_mlme.mtx);
@@ -487,21 +497,26 @@ static int sta_info_insert_finish(struct sta_info *sta) __acquires(RCU)
487 goto out_err; 497 goto out_err;
488 } 498 }
489 499
490 /* notify driver */
491 err = sta_info_insert_drv_state(local, sdata, sta);
492 if (err)
493 goto out_err;
494
495 local->num_sta++; 500 local->num_sta++;
496 local->sta_generation++; 501 local->sta_generation++;
497 smp_mb(); 502 smp_mb();
498 503
504 /* simplify things and don't accept BA sessions yet */
505 set_sta_flag(sta, WLAN_STA_BLOCK_BA);
506
499 /* make the station visible */ 507 /* make the station visible */
500 sta_info_hash_add(local, sta); 508 sta_info_hash_add(local, sta);
501 509
502 list_add_rcu(&sta->list, &local->sta_list); 510 list_add_rcu(&sta->list, &local->sta_list);
503 511
512 /* notify driver */
513 err = sta_info_insert_drv_state(local, sdata, sta);
514 if (err)
515 goto out_remove;
516
504 set_sta_flag(sta, WLAN_STA_INSERTED); 517 set_sta_flag(sta, WLAN_STA_INSERTED);
518 /* accept BA sessions now */
519 clear_sta_flag(sta, WLAN_STA_BLOCK_BA);
505 520
506 ieee80211_recalc_min_chandef(sdata); 521 ieee80211_recalc_min_chandef(sdata);
507 ieee80211_sta_debugfs_add(sta); 522 ieee80211_sta_debugfs_add(sta);
@@ -522,6 +537,12 @@ static int sta_info_insert_finish(struct sta_info *sta) __acquires(RCU)
522 mesh_accept_plinks_update(sdata); 537 mesh_accept_plinks_update(sdata);
523 538
524 return 0; 539 return 0;
540 out_remove:
541 sta_info_hash_del(local, sta);
542 list_del_rcu(&sta->list);
543 local->num_sta--;
544 synchronize_net();
545 __cleanup_single_sta(sta);
525 out_err: 546 out_err:
526 mutex_unlock(&local->sta_mtx); 547 mutex_unlock(&local->sta_mtx);
527 rcu_read_lock(); 548 rcu_read_lock();
@@ -1071,10 +1092,14 @@ struct ieee80211_sta *ieee80211_find_sta(struct ieee80211_vif *vif,
1071} 1092}
1072EXPORT_SYMBOL(ieee80211_find_sta); 1093EXPORT_SYMBOL(ieee80211_find_sta);
1073 1094
1074static void clear_sta_ps_flags(void *_sta) 1095/* powersave support code */
1096void ieee80211_sta_ps_deliver_wakeup(struct sta_info *sta)
1075{ 1097{
1076 struct sta_info *sta = _sta;
1077 struct ieee80211_sub_if_data *sdata = sta->sdata; 1098 struct ieee80211_sub_if_data *sdata = sta->sdata;
1099 struct ieee80211_local *local = sdata->local;
1100 struct sk_buff_head pending;
1101 int filtered = 0, buffered = 0, ac;
1102 unsigned long flags;
1078 struct ps_data *ps; 1103 struct ps_data *ps;
1079 1104
1080 if (sdata->vif.type == NL80211_IFTYPE_AP || 1105 if (sdata->vif.type == NL80211_IFTYPE_AP ||
@@ -1085,20 +1110,6 @@ static void clear_sta_ps_flags(void *_sta)
1085 else 1110 else
1086 return; 1111 return;
1087 1112
1088 clear_sta_flag(sta, WLAN_STA_PS_DRIVER);
1089 if (test_and_clear_sta_flag(sta, WLAN_STA_PS_STA))
1090 atomic_dec(&ps->num_sta_ps);
1091}
1092
1093/* powersave support code */
1094void ieee80211_sta_ps_deliver_wakeup(struct sta_info *sta)
1095{
1096 struct ieee80211_sub_if_data *sdata = sta->sdata;
1097 struct ieee80211_local *local = sdata->local;
1098 struct sk_buff_head pending;
1099 int filtered = 0, buffered = 0, ac;
1100 unsigned long flags;
1101
1102 clear_sta_flag(sta, WLAN_STA_SP); 1113 clear_sta_flag(sta, WLAN_STA_SP);
1103 1114
1104 BUILD_BUG_ON(BITS_TO_LONGS(IEEE80211_NUM_TIDS) > 1); 1115 BUILD_BUG_ON(BITS_TO_LONGS(IEEE80211_NUM_TIDS) > 1);
@@ -1109,6 +1120,8 @@ void ieee80211_sta_ps_deliver_wakeup(struct sta_info *sta)
1109 1120
1110 skb_queue_head_init(&pending); 1121 skb_queue_head_init(&pending);
1111 1122
1123 /* sync with ieee80211_tx_h_unicast_ps_buf */
1124 spin_lock(&sta->ps_lock);
1112 /* Send all buffered frames to the station */ 1125 /* Send all buffered frames to the station */
1113 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) { 1126 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
1114 int count = skb_queue_len(&pending), tmp; 1127 int count = skb_queue_len(&pending), tmp;
@@ -1127,7 +1140,12 @@ void ieee80211_sta_ps_deliver_wakeup(struct sta_info *sta)
1127 buffered += tmp - count; 1140 buffered += tmp - count;
1128 } 1141 }
1129 1142
1130 ieee80211_add_pending_skbs_fn(local, &pending, clear_sta_ps_flags, sta); 1143 ieee80211_add_pending_skbs(local, &pending);
1144 clear_sta_flag(sta, WLAN_STA_PS_DRIVER);
1145 clear_sta_flag(sta, WLAN_STA_PS_STA);
1146 spin_unlock(&sta->ps_lock);
1147
1148 atomic_dec(&ps->num_sta_ps);
1131 1149
1132 /* This station just woke up and isn't aware of our SMPS state */ 1150 /* This station just woke up and isn't aware of our SMPS state */
1133 if (!ieee80211_smps_is_restrictive(sta->known_smps_mode, 1151 if (!ieee80211_smps_is_restrictive(sta->known_smps_mode,
diff --git a/net/mac80211/sta_info.h b/net/mac80211/sta_info.h
index d77ff7090630..d3a6d8208f2f 100644
--- a/net/mac80211/sta_info.h
+++ b/net/mac80211/sta_info.h
@@ -267,6 +267,7 @@ struct ieee80211_tx_latency_stat {
267 * @drv_unblock_wk: used for driver PS unblocking 267 * @drv_unblock_wk: used for driver PS unblocking
268 * @listen_interval: listen interval of this station, when we're acting as AP 268 * @listen_interval: listen interval of this station, when we're acting as AP
269 * @_flags: STA flags, see &enum ieee80211_sta_info_flags, do not use directly 269 * @_flags: STA flags, see &enum ieee80211_sta_info_flags, do not use directly
270 * @ps_lock: used for powersave (when mac80211 is the AP) related locking
270 * @ps_tx_buf: buffers (per AC) of frames to transmit to this station 271 * @ps_tx_buf: buffers (per AC) of frames to transmit to this station
271 * when it leaves power saving state or polls 272 * when it leaves power saving state or polls
272 * @tx_filtered: buffers (per AC) of frames we already tried to 273 * @tx_filtered: buffers (per AC) of frames we already tried to
@@ -356,10 +357,8 @@ struct sta_info {
356 /* use the accessors defined below */ 357 /* use the accessors defined below */
357 unsigned long _flags; 358 unsigned long _flags;
358 359
359 /* 360 /* STA powersave lock and frame queues */
360 * STA powersave frame queues, no more than the internal 361 spinlock_t ps_lock;
361 * locking required.
362 */
363 struct sk_buff_head ps_tx_buf[IEEE80211_NUM_ACS]; 362 struct sk_buff_head ps_tx_buf[IEEE80211_NUM_ACS];
364 struct sk_buff_head tx_filtered[IEEE80211_NUM_ACS]; 363 struct sk_buff_head tx_filtered[IEEE80211_NUM_ACS];
365 unsigned long driver_buffered_tids; 364 unsigned long driver_buffered_tids;
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index 97a02d3f7d87..4080c615636f 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -478,6 +478,20 @@ ieee80211_tx_h_unicast_ps_buf(struct ieee80211_tx_data *tx)
478 sta->sta.addr, sta->sta.aid, ac); 478 sta->sta.addr, sta->sta.aid, ac);
479 if (tx->local->total_ps_buffered >= TOTAL_MAX_TX_BUFFER) 479 if (tx->local->total_ps_buffered >= TOTAL_MAX_TX_BUFFER)
480 purge_old_ps_buffers(tx->local); 480 purge_old_ps_buffers(tx->local);
481
482 /* sync with ieee80211_sta_ps_deliver_wakeup */
483 spin_lock(&sta->ps_lock);
484 /*
485 * STA woke up the meantime and all the frames on ps_tx_buf have
486 * been queued to pending queue. No reordering can happen, go
487 * ahead and Tx the packet.
488 */
489 if (!test_sta_flag(sta, WLAN_STA_PS_STA) &&
490 !test_sta_flag(sta, WLAN_STA_PS_DRIVER)) {
491 spin_unlock(&sta->ps_lock);
492 return TX_CONTINUE;
493 }
494
481 if (skb_queue_len(&sta->ps_tx_buf[ac]) >= STA_MAX_TX_BUFFER) { 495 if (skb_queue_len(&sta->ps_tx_buf[ac]) >= STA_MAX_TX_BUFFER) {
482 struct sk_buff *old = skb_dequeue(&sta->ps_tx_buf[ac]); 496 struct sk_buff *old = skb_dequeue(&sta->ps_tx_buf[ac]);
483 ps_dbg(tx->sdata, 497 ps_dbg(tx->sdata,
@@ -492,6 +506,7 @@ ieee80211_tx_h_unicast_ps_buf(struct ieee80211_tx_data *tx)
492 info->flags |= IEEE80211_TX_INTFL_NEED_TXPROCESSING; 506 info->flags |= IEEE80211_TX_INTFL_NEED_TXPROCESSING;
493 info->flags &= ~IEEE80211_TX_TEMPORARY_FLAGS; 507 info->flags &= ~IEEE80211_TX_TEMPORARY_FLAGS;
494 skb_queue_tail(&sta->ps_tx_buf[ac], tx->skb); 508 skb_queue_tail(&sta->ps_tx_buf[ac], tx->skb);
509 spin_unlock(&sta->ps_lock);
495 510
496 if (!timer_pending(&local->sta_cleanup)) 511 if (!timer_pending(&local->sta_cleanup))
497 mod_timer(&local->sta_cleanup, 512 mod_timer(&local->sta_cleanup,
diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index 676dc0967f37..b8700d417a9c 100644
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -435,9 +435,8 @@ void ieee80211_add_pending_skb(struct ieee80211_local *local,
435 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); 435 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
436} 436}
437 437
438void ieee80211_add_pending_skbs_fn(struct ieee80211_local *local, 438void ieee80211_add_pending_skbs(struct ieee80211_local *local,
439 struct sk_buff_head *skbs, 439 struct sk_buff_head *skbs)
440 void (*fn)(void *data), void *data)
441{ 440{
442 struct ieee80211_hw *hw = &local->hw; 441 struct ieee80211_hw *hw = &local->hw;
443 struct sk_buff *skb; 442 struct sk_buff *skb;
@@ -461,9 +460,6 @@ void ieee80211_add_pending_skbs_fn(struct ieee80211_local *local,
461 __skb_queue_tail(&local->pending[queue], skb); 460 __skb_queue_tail(&local->pending[queue], skb);
462 } 461 }
463 462
464 if (fn)
465 fn(data);
466
467 for (i = 0; i < hw->queues; i++) 463 for (i = 0; i < hw->queues; i++)
468 __ieee80211_wake_queue(hw, i, 464 __ieee80211_wake_queue(hw, i,
469 IEEE80211_QUEUE_STOP_REASON_SKB_ADD); 465 IEEE80211_QUEUE_STOP_REASON_SKB_ADD);
@@ -1741,6 +1737,26 @@ int ieee80211_reconfig(struct ieee80211_local *local)
1741 IEEE80211_QUEUE_STOP_REASON_SUSPEND); 1737 IEEE80211_QUEUE_STOP_REASON_SUSPEND);
1742 1738
1743 /* 1739 /*
1740 * Reconfigure sched scan if it was interrupted by FW restart or
1741 * suspend.
1742 */
1743 mutex_lock(&local->mtx);
1744 sched_scan_sdata = rcu_dereference_protected(local->sched_scan_sdata,
1745 lockdep_is_held(&local->mtx));
1746 if (sched_scan_sdata && local->sched_scan_req)
1747 /*
1748 * Sched scan stopped, but we don't want to report it. Instead,
1749 * we're trying to reschedule.
1750 */
1751 if (__ieee80211_request_sched_scan_start(sched_scan_sdata,
1752 local->sched_scan_req))
1753 sched_scan_stopped = true;
1754 mutex_unlock(&local->mtx);
1755
1756 if (sched_scan_stopped)
1757 cfg80211_sched_scan_stopped(local->hw.wiphy);
1758
1759 /*
1744 * If this is for hw restart things are still running. 1760 * If this is for hw restart things are still running.
1745 * We may want to change that later, however. 1761 * We may want to change that later, however.
1746 */ 1762 */
@@ -1768,26 +1784,6 @@ int ieee80211_reconfig(struct ieee80211_local *local)
1768 WARN_ON(1); 1784 WARN_ON(1);
1769#endif 1785#endif
1770 1786
1771 /*
1772 * Reconfigure sched scan if it was interrupted by FW restart or
1773 * suspend.
1774 */
1775 mutex_lock(&local->mtx);
1776 sched_scan_sdata = rcu_dereference_protected(local->sched_scan_sdata,
1777 lockdep_is_held(&local->mtx));
1778 if (sched_scan_sdata && local->sched_scan_req)
1779 /*
1780 * Sched scan stopped, but we don't want to report it. Instead,
1781 * we're trying to reschedule.
1782 */
1783 if (__ieee80211_request_sched_scan_start(sched_scan_sdata,
1784 local->sched_scan_req))
1785 sched_scan_stopped = true;
1786 mutex_unlock(&local->mtx);
1787
1788 if (sched_scan_stopped)
1789 cfg80211_sched_scan_stopped(local->hw.wiphy);
1790
1791 return 0; 1787 return 0;
1792} 1788}
1793 1789
diff --git a/net/mac80211/wme.c b/net/mac80211/wme.c
index 21211c60ca98..d51422c778de 100644
--- a/net/mac80211/wme.c
+++ b/net/mac80211/wme.c
@@ -154,6 +154,11 @@ u16 ieee80211_select_queue(struct ieee80211_sub_if_data *sdata,
154 return IEEE80211_AC_BE; 154 return IEEE80211_AC_BE;
155 } 155 }
156 156
157 if (skb->protocol == sdata->control_port_protocol) {
158 skb->priority = 7;
159 return ieee80211_downgrade_queue(sdata, skb);
160 }
161
157 /* use the data classifier to determine what 802.1d tag the 162 /* use the data classifier to determine what 802.1d tag the
158 * data frame has */ 163 * data frame has */
159 rcu_read_lock(); 164 rcu_read_lock();
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index bb322d0beb48..b9f0e0374322 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -1310,27 +1310,22 @@ ctnetlink_change_status(struct nf_conn *ct, const struct nlattr * const cda[])
1310} 1310}
1311 1311
1312static int 1312static int
1313ctnetlink_change_nat(struct nf_conn *ct, const struct nlattr * const cda[]) 1313ctnetlink_setup_nat(struct nf_conn *ct, const struct nlattr * const cda[])
1314{ 1314{
1315#ifdef CONFIG_NF_NAT_NEEDED 1315#ifdef CONFIG_NF_NAT_NEEDED
1316 int ret; 1316 int ret;
1317 1317
1318 if (cda[CTA_NAT_DST]) { 1318 ret = ctnetlink_parse_nat_setup(ct, NF_NAT_MANIP_DST,
1319 ret = ctnetlink_parse_nat_setup(ct, 1319 cda[CTA_NAT_DST]);
1320 NF_NAT_MANIP_DST, 1320 if (ret < 0)
1321 cda[CTA_NAT_DST]); 1321 return ret;
1322 if (ret < 0) 1322
1323 return ret; 1323 ret = ctnetlink_parse_nat_setup(ct, NF_NAT_MANIP_SRC,
1324 } 1324 cda[CTA_NAT_SRC]);
1325 if (cda[CTA_NAT_SRC]) { 1325 return ret;
1326 ret = ctnetlink_parse_nat_setup(ct,
1327 NF_NAT_MANIP_SRC,
1328 cda[CTA_NAT_SRC]);
1329 if (ret < 0)
1330 return ret;
1331 }
1332 return 0;
1333#else 1326#else
1327 if (!cda[CTA_NAT_DST] && !cda[CTA_NAT_SRC])
1328 return 0;
1334 return -EOPNOTSUPP; 1329 return -EOPNOTSUPP;
1335#endif 1330#endif
1336} 1331}
@@ -1659,11 +1654,9 @@ ctnetlink_create_conntrack(struct net *net, u16 zone,
1659 goto err2; 1654 goto err2;
1660 } 1655 }
1661 1656
1662 if (cda[CTA_NAT_SRC] || cda[CTA_NAT_DST]) { 1657 err = ctnetlink_setup_nat(ct, cda);
1663 err = ctnetlink_change_nat(ct, cda); 1658 if (err < 0)
1664 if (err < 0) 1659 goto err2;
1665 goto err2;
1666 }
1667 1660
1668 nf_ct_acct_ext_add(ct, GFP_ATOMIC); 1661 nf_ct_acct_ext_add(ct, GFP_ATOMIC);
1669 nf_ct_tstamp_ext_add(ct, GFP_ATOMIC); 1662 nf_ct_tstamp_ext_add(ct, GFP_ATOMIC);
diff --git a/net/netfilter/nf_nat_core.c b/net/netfilter/nf_nat_core.c
index d3f5cd6dd962..52ca952b802c 100644
--- a/net/netfilter/nf_nat_core.c
+++ b/net/netfilter/nf_nat_core.c
@@ -432,15 +432,15 @@ nf_nat_setup_info(struct nf_conn *ct,
432} 432}
433EXPORT_SYMBOL(nf_nat_setup_info); 433EXPORT_SYMBOL(nf_nat_setup_info);
434 434
435unsigned int 435static unsigned int
436nf_nat_alloc_null_binding(struct nf_conn *ct, unsigned int hooknum) 436__nf_nat_alloc_null_binding(struct nf_conn *ct, enum nf_nat_manip_type manip)
437{ 437{
438 /* Force range to this IP; let proto decide mapping for 438 /* Force range to this IP; let proto decide mapping for
439 * per-proto parts (hence not IP_NAT_RANGE_PROTO_SPECIFIED). 439 * per-proto parts (hence not IP_NAT_RANGE_PROTO_SPECIFIED).
440 * Use reply in case it's already been mangled (eg local packet). 440 * Use reply in case it's already been mangled (eg local packet).
441 */ 441 */
442 union nf_inet_addr ip = 442 union nf_inet_addr ip =
443 (HOOK2MANIP(hooknum) == NF_NAT_MANIP_SRC ? 443 (manip == NF_NAT_MANIP_SRC ?
444 ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u3 : 444 ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u3 :
445 ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.u3); 445 ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.u3);
446 struct nf_nat_range range = { 446 struct nf_nat_range range = {
@@ -448,7 +448,13 @@ nf_nat_alloc_null_binding(struct nf_conn *ct, unsigned int hooknum)
448 .min_addr = ip, 448 .min_addr = ip,
449 .max_addr = ip, 449 .max_addr = ip,
450 }; 450 };
451 return nf_nat_setup_info(ct, &range, HOOK2MANIP(hooknum)); 451 return nf_nat_setup_info(ct, &range, manip);
452}
453
454unsigned int
455nf_nat_alloc_null_binding(struct nf_conn *ct, unsigned int hooknum)
456{
457 return __nf_nat_alloc_null_binding(ct, HOOK2MANIP(hooknum));
452} 458}
453EXPORT_SYMBOL_GPL(nf_nat_alloc_null_binding); 459EXPORT_SYMBOL_GPL(nf_nat_alloc_null_binding);
454 460
@@ -702,9 +708,9 @@ static const struct nla_policy nat_nla_policy[CTA_NAT_MAX+1] = {
702 708
703static int 709static int
704nfnetlink_parse_nat(const struct nlattr *nat, 710nfnetlink_parse_nat(const struct nlattr *nat,
705 const struct nf_conn *ct, struct nf_nat_range *range) 711 const struct nf_conn *ct, struct nf_nat_range *range,
712 const struct nf_nat_l3proto *l3proto)
706{ 713{
707 const struct nf_nat_l3proto *l3proto;
708 struct nlattr *tb[CTA_NAT_MAX+1]; 714 struct nlattr *tb[CTA_NAT_MAX+1];
709 int err; 715 int err;
710 716
@@ -714,38 +720,46 @@ nfnetlink_parse_nat(const struct nlattr *nat,
714 if (err < 0) 720 if (err < 0)
715 return err; 721 return err;
716 722
717 rcu_read_lock();
718 l3proto = __nf_nat_l3proto_find(nf_ct_l3num(ct));
719 if (l3proto == NULL) {
720 err = -EAGAIN;
721 goto out;
722 }
723 err = l3proto->nlattr_to_range(tb, range); 723 err = l3proto->nlattr_to_range(tb, range);
724 if (err < 0) 724 if (err < 0)
725 goto out; 725 return err;
726 726
727 if (!tb[CTA_NAT_PROTO]) 727 if (!tb[CTA_NAT_PROTO])
728 goto out; 728 return 0;
729 729
730 err = nfnetlink_parse_nat_proto(tb[CTA_NAT_PROTO], ct, range); 730 return nfnetlink_parse_nat_proto(tb[CTA_NAT_PROTO], ct, range);
731out:
732 rcu_read_unlock();
733 return err;
734} 731}
735 732
733/* This function is called under rcu_read_lock() */
736static int 734static int
737nfnetlink_parse_nat_setup(struct nf_conn *ct, 735nfnetlink_parse_nat_setup(struct nf_conn *ct,
738 enum nf_nat_manip_type manip, 736 enum nf_nat_manip_type manip,
739 const struct nlattr *attr) 737 const struct nlattr *attr)
740{ 738{
741 struct nf_nat_range range; 739 struct nf_nat_range range;
740 const struct nf_nat_l3proto *l3proto;
742 int err; 741 int err;
743 742
744 err = nfnetlink_parse_nat(attr, ct, &range); 743 /* Should not happen, restricted to creating new conntracks
744 * via ctnetlink.
745 */
746 if (WARN_ON_ONCE(nf_nat_initialized(ct, manip)))
747 return -EEXIST;
748
749 /* Make sure that L3 NAT is there by when we call nf_nat_setup_info to
750 * attach the null binding, otherwise this may oops.
751 */
752 l3proto = __nf_nat_l3proto_find(nf_ct_l3num(ct));
753 if (l3proto == NULL)
754 return -EAGAIN;
755
756 /* No NAT information has been passed, allocate the null-binding */
757 if (attr == NULL)
758 return __nf_nat_alloc_null_binding(ct, manip);
759
760 err = nfnetlink_parse_nat(attr, ct, &range, l3proto);
745 if (err < 0) 761 if (err < 0)
746 return err; 762 return err;
747 if (nf_nat_initialized(ct, manip))
748 return -EEXIST;
749 763
750 return nf_nat_setup_info(ct, &range, manip); 764 return nf_nat_setup_info(ct, &range, manip);
751} 765}
diff --git a/net/netfilter/nft_meta.c b/net/netfilter/nft_meta.c
index e8254ad2e5a9..425cf39af890 100644
--- a/net/netfilter/nft_meta.c
+++ b/net/netfilter/nft_meta.c
@@ -116,7 +116,7 @@ static void nft_meta_get_eval(const struct nft_expr *expr,
116 skb->sk->sk_socket->file->f_cred->fsgid); 116 skb->sk->sk_socket->file->f_cred->fsgid);
117 read_unlock_bh(&skb->sk->sk_callback_lock); 117 read_unlock_bh(&skb->sk->sk_callback_lock);
118 break; 118 break;
119#ifdef CONFIG_NET_CLS_ROUTE 119#ifdef CONFIG_IP_ROUTE_CLASSID
120 case NFT_META_RTCLASSID: { 120 case NFT_META_RTCLASSID: {
121 const struct dst_entry *dst = skb_dst(skb); 121 const struct dst_entry *dst = skb_dst(skb);
122 122
@@ -199,7 +199,7 @@ static int nft_meta_init_validate_get(uint32_t key)
199 case NFT_META_OIFTYPE: 199 case NFT_META_OIFTYPE:
200 case NFT_META_SKUID: 200 case NFT_META_SKUID:
201 case NFT_META_SKGID: 201 case NFT_META_SKGID:
202#ifdef CONFIG_NET_CLS_ROUTE 202#ifdef CONFIG_IP_ROUTE_CLASSID
203 case NFT_META_RTCLASSID: 203 case NFT_META_RTCLASSID:
204#endif 204#endif
205#ifdef CONFIG_NETWORK_SECMARK 205#ifdef CONFIG_NETWORK_SECMARK
diff --git a/net/netfilter/nft_payload.c b/net/netfilter/nft_payload.c
index a2aeb318678f..85daa84bfdfe 100644
--- a/net/netfilter/nft_payload.c
+++ b/net/netfilter/nft_payload.c
@@ -135,7 +135,8 @@ nft_payload_select_ops(const struct nft_ctx *ctx,
135 if (len == 0 || len > FIELD_SIZEOF(struct nft_data, data)) 135 if (len == 0 || len > FIELD_SIZEOF(struct nft_data, data))
136 return ERR_PTR(-EINVAL); 136 return ERR_PTR(-EINVAL);
137 137
138 if (len <= 4 && IS_ALIGNED(offset, len) && base != NFT_PAYLOAD_LL_HEADER) 138 if (len <= 4 && is_power_of_2(len) && IS_ALIGNED(offset, len) &&
139 base != NFT_PAYLOAD_LL_HEADER)
139 return &nft_payload_fast_ops; 140 return &nft_payload_fast_ops;
140 else 141 else
141 return &nft_payload_ops; 142 return &nft_payload_ops;
diff --git a/net/netfilter/nft_reject_inet.c b/net/netfilter/nft_reject_inet.c
index 8a310f239c93..b718a52a4654 100644
--- a/net/netfilter/nft_reject_inet.c
+++ b/net/netfilter/nft_reject_inet.c
@@ -21,9 +21,9 @@ static void nft_reject_inet_eval(const struct nft_expr *expr,
21{ 21{
22 switch (pkt->ops->pf) { 22 switch (pkt->ops->pf) {
23 case NFPROTO_IPV4: 23 case NFPROTO_IPV4:
24 nft_reject_ipv4_eval(expr, data, pkt); 24 return nft_reject_ipv4_eval(expr, data, pkt);
25 case NFPROTO_IPV6: 25 case NFPROTO_IPV6:
26 nft_reject_ipv6_eval(expr, data, pkt); 26 return nft_reject_ipv6_eval(expr, data, pkt);
27 } 27 }
28} 28}
29 29
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index fdf51353cf78..04748ab649c2 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -1489,8 +1489,8 @@ static int netlink_connect(struct socket *sock, struct sockaddr *addr,
1489 if (addr->sa_family != AF_NETLINK) 1489 if (addr->sa_family != AF_NETLINK)
1490 return -EINVAL; 1490 return -EINVAL;
1491 1491
1492 /* Only superuser is allowed to send multicasts */ 1492 if ((nladdr->nl_groups || nladdr->nl_pid) &&
1493 if (nladdr->nl_groups && !netlink_capable(sock, NL_CFG_F_NONROOT_SEND)) 1493 !netlink_capable(sock, NL_CFG_F_NONROOT_SEND))
1494 return -EPERM; 1494 return -EPERM;
1495 1495
1496 if (!nlk->portid) 1496 if (!nlk->portid)
diff --git a/net/nfc/nci/core.c b/net/nfc/nci/core.c
index 46bda010bf11..56db888b1cd5 100644
--- a/net/nfc/nci/core.c
+++ b/net/nfc/nci/core.c
@@ -301,7 +301,7 @@ static int nci_open_device(struct nci_dev *ndev)
301 rc = __nci_request(ndev, nci_reset_req, 0, 301 rc = __nci_request(ndev, nci_reset_req, 0,
302 msecs_to_jiffies(NCI_RESET_TIMEOUT)); 302 msecs_to_jiffies(NCI_RESET_TIMEOUT));
303 303
304 if (ndev->ops->setup(ndev)) 304 if (ndev->ops->setup)
305 ndev->ops->setup(ndev); 305 ndev->ops->setup(ndev);
306 306
307 if (!rc) { 307 if (!rc) {
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
index 6a2bb37506c5..48a6a93db296 100644
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -308,11 +308,27 @@ static bool packet_use_direct_xmit(const struct packet_sock *po)
308 return po->xmit == packet_direct_xmit; 308 return po->xmit == packet_direct_xmit;
309} 309}
310 310
311static u16 packet_pick_tx_queue(struct net_device *dev) 311static u16 __packet_pick_tx_queue(struct net_device *dev, struct sk_buff *skb)
312{ 312{
313 return (u16) raw_smp_processor_id() % dev->real_num_tx_queues; 313 return (u16) raw_smp_processor_id() % dev->real_num_tx_queues;
314} 314}
315 315
316static void packet_pick_tx_queue(struct net_device *dev, struct sk_buff *skb)
317{
318 const struct net_device_ops *ops = dev->netdev_ops;
319 u16 queue_index;
320
321 if (ops->ndo_select_queue) {
322 queue_index = ops->ndo_select_queue(dev, skb, NULL,
323 __packet_pick_tx_queue);
324 queue_index = netdev_cap_txqueue(dev, queue_index);
325 } else {
326 queue_index = __packet_pick_tx_queue(dev, skb);
327 }
328
329 skb_set_queue_mapping(skb, queue_index);
330}
331
316/* register_prot_hook must be invoked with the po->bind_lock held, 332/* register_prot_hook must be invoked with the po->bind_lock held,
317 * or from a context in which asynchronous accesses to the packet 333 * or from a context in which asynchronous accesses to the packet
318 * socket is not possible (packet_create()). 334 * socket is not possible (packet_create()).
@@ -2285,7 +2301,8 @@ static int tpacket_snd(struct packet_sock *po, struct msghdr *msg)
2285 } 2301 }
2286 } 2302 }
2287 2303
2288 skb_set_queue_mapping(skb, packet_pick_tx_queue(dev)); 2304 packet_pick_tx_queue(dev, skb);
2305
2289 skb->destructor = tpacket_destruct_skb; 2306 skb->destructor = tpacket_destruct_skb;
2290 __packet_set_status(po, ph, TP_STATUS_SENDING); 2307 __packet_set_status(po, ph, TP_STATUS_SENDING);
2291 packet_inc_pending(&po->tx_ring); 2308 packet_inc_pending(&po->tx_ring);
@@ -2499,7 +2516,8 @@ static int packet_snd(struct socket *sock, struct msghdr *msg, size_t len)
2499 skb->dev = dev; 2516 skb->dev = dev;
2500 skb->priority = sk->sk_priority; 2517 skb->priority = sk->sk_priority;
2501 skb->mark = sk->sk_mark; 2518 skb->mark = sk->sk_mark;
2502 skb_set_queue_mapping(skb, packet_pick_tx_queue(dev)); 2519
2520 packet_pick_tx_queue(dev, skb);
2503 2521
2504 if (po->has_vnet_hdr) { 2522 if (po->has_vnet_hdr) {
2505 if (vnet_hdr.flags & VIRTIO_NET_HDR_F_NEEDS_CSUM) { 2523 if (vnet_hdr.flags & VIRTIO_NET_HDR_F_NEEDS_CSUM) {
@@ -3786,7 +3804,7 @@ static int packet_set_ring(struct sock *sk, union tpacket_req_u *req_u,
3786 */ 3804 */
3787 if (!tx_ring) 3805 if (!tx_ring)
3788 init_prb_bdqc(po, rb, pg_vec, req_u, tx_ring); 3806 init_prb_bdqc(po, rb, pg_vec, req_u, tx_ring);
3789 break; 3807 break;
3790 default: 3808 default:
3791 break; 3809 break;
3792 } 3810 }
diff --git a/net/sched/sch_pie.c b/net/sched/sch_pie.c
index a255d0200a59..fefeeb73f15f 100644
--- a/net/sched/sch_pie.c
+++ b/net/sched/sch_pie.c
@@ -15,6 +15,11 @@
15 * 15 *
16 * ECN support is added by Naeem Khademi <naeemk@ifi.uio.no> 16 * ECN support is added by Naeem Khademi <naeemk@ifi.uio.no>
17 * University of Oslo, Norway. 17 * University of Oslo, Norway.
18 *
19 * References:
20 * IETF draft submission: http://tools.ietf.org/html/draft-pan-aqm-pie-00
21 * IEEE Conference on High Performance Switching and Routing 2013 :
22 * "PIE: A * Lightweight Control Scheme to Address the Bufferbloat Problem"
18 */ 23 */
19 24
20#include <linux/module.h> 25#include <linux/module.h>
@@ -36,7 +41,7 @@ struct pie_params {
36 psched_time_t target; /* user specified target delay in pschedtime */ 41 psched_time_t target; /* user specified target delay in pschedtime */
37 u32 tupdate; /* timer frequency (in jiffies) */ 42 u32 tupdate; /* timer frequency (in jiffies) */
38 u32 limit; /* number of packets that can be enqueued */ 43 u32 limit; /* number of packets that can be enqueued */
39 u32 alpha; /* alpha and beta are between -4 and 4 */ 44 u32 alpha; /* alpha and beta are between 0 and 32 */
40 u32 beta; /* and are used for shift relative to 1 */ 45 u32 beta; /* and are used for shift relative to 1 */
41 bool ecn; /* true if ecn is enabled */ 46 bool ecn; /* true if ecn is enabled */
42 bool bytemode; /* to scale drop early prob based on pkt size */ 47 bool bytemode; /* to scale drop early prob based on pkt size */
@@ -326,10 +331,16 @@ static void calculate_probability(struct Qdisc *sch)
326 if (qdelay == 0 && qlen != 0) 331 if (qdelay == 0 && qlen != 0)
327 update_prob = false; 332 update_prob = false;
328 333
329 /* Add ranges for alpha and beta, more aggressive for high dropping 334 /* In the algorithm, alpha and beta are between 0 and 2 with typical
330 * mode and gentle steps for light dropping mode 335 * value for alpha as 0.125. In this implementation, we use values 0-32
331 * In light dropping mode, take gentle steps; in medium dropping mode, 336 * passed from user space to represent this. Also, alpha and beta have
332 * take medium steps; in high dropping mode, take big steps. 337 * unit of HZ and need to be scaled before they can used to update
338 * probability. alpha/beta are updated locally below by 1) scaling them
339 * appropriately 2) scaling down by 16 to come to 0-2 range.
340 * Please see paper for details.
341 *
342 * We scale alpha and beta differently depending on whether we are in
343 * light, medium or high dropping mode.
333 */ 344 */
334 if (q->vars.prob < MAX_PROB / 100) { 345 if (q->vars.prob < MAX_PROB / 100) {
335 alpha = 346 alpha =
diff --git a/net/sched/sch_tbf.c b/net/sched/sch_tbf.c
index 1cb413fead89..4f505a006896 100644
--- a/net/sched/sch_tbf.c
+++ b/net/sched/sch_tbf.c
@@ -334,18 +334,6 @@ static int tbf_change(struct Qdisc *sch, struct nlattr *opt)
334 qdisc_put_rtab(qdisc_get_rtab(&qopt->peakrate, 334 qdisc_put_rtab(qdisc_get_rtab(&qopt->peakrate,
335 tb[TCA_TBF_PTAB])); 335 tb[TCA_TBF_PTAB]));
336 336
337 if (q->qdisc != &noop_qdisc) {
338 err = fifo_set_limit(q->qdisc, qopt->limit);
339 if (err)
340 goto done;
341 } else if (qopt->limit > 0) {
342 child = fifo_create_dflt(sch, &bfifo_qdisc_ops, qopt->limit);
343 if (IS_ERR(child)) {
344 err = PTR_ERR(child);
345 goto done;
346 }
347 }
348
349 buffer = min_t(u64, PSCHED_TICKS2NS(qopt->buffer), ~0U); 337 buffer = min_t(u64, PSCHED_TICKS2NS(qopt->buffer), ~0U);
350 mtu = min_t(u64, PSCHED_TICKS2NS(qopt->mtu), ~0U); 338 mtu = min_t(u64, PSCHED_TICKS2NS(qopt->mtu), ~0U);
351 339
@@ -390,6 +378,18 @@ static int tbf_change(struct Qdisc *sch, struct nlattr *opt)
390 goto done; 378 goto done;
391 } 379 }
392 380
381 if (q->qdisc != &noop_qdisc) {
382 err = fifo_set_limit(q->qdisc, qopt->limit);
383 if (err)
384 goto done;
385 } else if (qopt->limit > 0) {
386 child = fifo_create_dflt(sch, &bfifo_qdisc_ops, qopt->limit);
387 if (IS_ERR(child)) {
388 err = PTR_ERR(child);
389 goto done;
390 }
391 }
392
393 sch_tree_lock(sch); 393 sch_tree_lock(sch);
394 if (child) { 394 if (child) {
395 qdisc_tree_decrease_qlen(q->qdisc, q->qdisc->q.qlen); 395 qdisc_tree_decrease_qlen(q->qdisc, q->qdisc->q.qlen);
diff --git a/net/sctp/associola.c b/net/sctp/associola.c
index 5ae609200674..ee13d28d39d1 100644
--- a/net/sctp/associola.c
+++ b/net/sctp/associola.c
@@ -1239,78 +1239,107 @@ void sctp_assoc_update(struct sctp_association *asoc,
1239} 1239}
1240 1240
1241/* Update the retran path for sending a retransmitted packet. 1241/* Update the retran path for sending a retransmitted packet.
1242 * Round-robin through the active transports, else round-robin 1242 * See also RFC4960, 6.4. Multi-Homed SCTP Endpoints:
1243 * through the inactive transports as this is the next best thing 1243 *
1244 * we can try. 1244 * When there is outbound data to send and the primary path
1245 * becomes inactive (e.g., due to failures), or where the
1246 * SCTP user explicitly requests to send data to an
1247 * inactive destination transport address, before reporting
1248 * an error to its ULP, the SCTP endpoint should try to send
1249 * the data to an alternate active destination transport
1250 * address if one exists.
1251 *
1252 * When retransmitting data that timed out, if the endpoint
1253 * is multihomed, it should consider each source-destination
1254 * address pair in its retransmission selection policy.
1255 * When retransmitting timed-out data, the endpoint should
1256 * attempt to pick the most divergent source-destination
1257 * pair from the original source-destination pair to which
1258 * the packet was transmitted.
1259 *
1260 * Note: Rules for picking the most divergent source-destination
1261 * pair are an implementation decision and are not specified
1262 * within this document.
1263 *
1264 * Our basic strategy is to round-robin transports in priorities
1265 * according to sctp_state_prio_map[] e.g., if no such
1266 * transport with state SCTP_ACTIVE exists, round-robin through
1267 * SCTP_UNKNOWN, etc. You get the picture.
1245 */ 1268 */
1246void sctp_assoc_update_retran_path(struct sctp_association *asoc) 1269static const u8 sctp_trans_state_to_prio_map[] = {
1270 [SCTP_ACTIVE] = 3, /* best case */
1271 [SCTP_UNKNOWN] = 2,
1272 [SCTP_PF] = 1,
1273 [SCTP_INACTIVE] = 0, /* worst case */
1274};
1275
1276static u8 sctp_trans_score(const struct sctp_transport *trans)
1247{ 1277{
1248 struct sctp_transport *t, *next; 1278 return sctp_trans_state_to_prio_map[trans->state];
1249 struct list_head *head = &asoc->peer.transport_addr_list; 1279}
1250 struct list_head *pos;
1251 1280
1252 if (asoc->peer.transport_count == 1) 1281static struct sctp_transport *sctp_trans_elect_best(struct sctp_transport *curr,
1253 return; 1282 struct sctp_transport *best)
1283{
1284 if (best == NULL)
1285 return curr;
1254 1286
1255 /* Find the next transport in a round-robin fashion. */ 1287 return sctp_trans_score(curr) > sctp_trans_score(best) ? curr : best;
1256 t = asoc->peer.retran_path; 1288}
1257 pos = &t->transports;
1258 next = NULL;
1259 1289
1260 while (1) { 1290void sctp_assoc_update_retran_path(struct sctp_association *asoc)
1261 /* Skip the head. */ 1291{
1262 if (pos->next == head) 1292 struct sctp_transport *trans = asoc->peer.retran_path;
1263 pos = head->next; 1293 struct sctp_transport *trans_next = NULL;
1264 else
1265 pos = pos->next;
1266 1294
1267 t = list_entry(pos, struct sctp_transport, transports); 1295 /* We're done as we only have the one and only path. */
1296 if (asoc->peer.transport_count == 1)
1297 return;
1298 /* If active_path and retran_path are the same and active,
1299 * then this is the only active path. Use it.
1300 */
1301 if (asoc->peer.active_path == asoc->peer.retran_path &&
1302 asoc->peer.active_path->state == SCTP_ACTIVE)
1303 return;
1268 1304
1269 /* We have exhausted the list, but didn't find any 1305 /* Iterate from retran_path's successor back to retran_path. */
1270 * other active transports. If so, use the next 1306 for (trans = list_next_entry(trans, transports); 1;
1271 * transport. 1307 trans = list_next_entry(trans, transports)) {
1272 */ 1308 /* Manually skip the head element. */
1273 if (t == asoc->peer.retran_path) { 1309 if (&trans->transports == &asoc->peer.transport_addr_list)
1274 t = next; 1310 continue;
1311 if (trans->state == SCTP_UNCONFIRMED)
1312 continue;
1313 trans_next = sctp_trans_elect_best(trans, trans_next);
1314 /* Active is good enough for immediate return. */
1315 if (trans_next->state == SCTP_ACTIVE)
1275 break; 1316 break;
1276 } 1317 /* We've reached the end, time to update path. */
1277 1318 if (trans == asoc->peer.retran_path)
1278 /* Try to find an active transport. */
1279
1280 if ((t->state == SCTP_ACTIVE) ||
1281 (t->state == SCTP_UNKNOWN)) {
1282 break; 1319 break;
1283 } else {
1284 /* Keep track of the next transport in case
1285 * we don't find any active transport.
1286 */
1287 if (t->state != SCTP_UNCONFIRMED && !next)
1288 next = t;
1289 }
1290 } 1320 }
1291 1321
1292 if (t) 1322 if (trans_next != NULL)
1293 asoc->peer.retran_path = t; 1323 asoc->peer.retran_path = trans_next;
1294 else
1295 t = asoc->peer.retran_path;
1296 1324
1297 pr_debug("%s: association:%p addr:%pISpc\n", __func__, asoc, 1325 pr_debug("%s: association:%p updated new path to addr:%pISpc\n",
1298 &t->ipaddr.sa); 1326 __func__, asoc, &asoc->peer.retran_path->ipaddr.sa);
1299} 1327}
1300 1328
1301/* Choose the transport for sending retransmit packet. */ 1329struct sctp_transport *
1302struct sctp_transport *sctp_assoc_choose_alter_transport( 1330sctp_assoc_choose_alter_transport(struct sctp_association *asoc,
1303 struct sctp_association *asoc, struct sctp_transport *last_sent_to) 1331 struct sctp_transport *last_sent_to)
1304{ 1332{
1305 /* If this is the first time packet is sent, use the active path, 1333 /* If this is the first time packet is sent, use the active path,
1306 * else use the retran path. If the last packet was sent over the 1334 * else use the retran path. If the last packet was sent over the
1307 * retran path, update the retran path and use it. 1335 * retran path, update the retran path and use it.
1308 */ 1336 */
1309 if (!last_sent_to) 1337 if (last_sent_to == NULL) {
1310 return asoc->peer.active_path; 1338 return asoc->peer.active_path;
1311 else { 1339 } else {
1312 if (last_sent_to == asoc->peer.retran_path) 1340 if (last_sent_to == asoc->peer.retran_path)
1313 sctp_assoc_update_retran_path(asoc); 1341 sctp_assoc_update_retran_path(asoc);
1342
1314 return asoc->peer.retran_path; 1343 return asoc->peer.retran_path;
1315 } 1344 }
1316} 1345}
@@ -1367,44 +1396,35 @@ static inline bool sctp_peer_needs_update(struct sctp_association *asoc)
1367 return false; 1396 return false;
1368} 1397}
1369 1398
1370/* Increase asoc's rwnd by len and send any window update SACK if needed. */ 1399/* Update asoc's rwnd for the approximated state in the buffer,
1371void sctp_assoc_rwnd_increase(struct sctp_association *asoc, unsigned int len) 1400 * and check whether SACK needs to be sent.
1401 */
1402void sctp_assoc_rwnd_update(struct sctp_association *asoc, bool update_peer)
1372{ 1403{
1404 int rx_count;
1373 struct sctp_chunk *sack; 1405 struct sctp_chunk *sack;
1374 struct timer_list *timer; 1406 struct timer_list *timer;
1375 1407
1376 if (asoc->rwnd_over) { 1408 if (asoc->ep->rcvbuf_policy)
1377 if (asoc->rwnd_over >= len) { 1409 rx_count = atomic_read(&asoc->rmem_alloc);
1378 asoc->rwnd_over -= len; 1410 else
1379 } else { 1411 rx_count = atomic_read(&asoc->base.sk->sk_rmem_alloc);
1380 asoc->rwnd += (len - asoc->rwnd_over);
1381 asoc->rwnd_over = 0;
1382 }
1383 } else {
1384 asoc->rwnd += len;
1385 }
1386 1412
1387 /* If we had window pressure, start recovering it 1413 if ((asoc->base.sk->sk_rcvbuf - rx_count) > 0)
1388 * once our rwnd had reached the accumulated pressure 1414 asoc->rwnd = (asoc->base.sk->sk_rcvbuf - rx_count) >> 1;
1389 * threshold. The idea is to recover slowly, but up 1415 else
1390 * to the initial advertised window. 1416 asoc->rwnd = 0;
1391 */
1392 if (asoc->rwnd_press && asoc->rwnd >= asoc->rwnd_press) {
1393 int change = min(asoc->pathmtu, asoc->rwnd_press);
1394 asoc->rwnd += change;
1395 asoc->rwnd_press -= change;
1396 }
1397 1417
1398 pr_debug("%s: asoc:%p rwnd increased by %d to (%u, %u) - %u\n", 1418 pr_debug("%s: asoc:%p rwnd=%u, rx_count=%d, sk_rcvbuf=%d\n",
1399 __func__, asoc, len, asoc->rwnd, asoc->rwnd_over, 1419 __func__, asoc, asoc->rwnd, rx_count,
1400 asoc->a_rwnd); 1420 asoc->base.sk->sk_rcvbuf);
1401 1421
1402 /* Send a window update SACK if the rwnd has increased by at least the 1422 /* Send a window update SACK if the rwnd has increased by at least the
1403 * minimum of the association's PMTU and half of the receive buffer. 1423 * minimum of the association's PMTU and half of the receive buffer.
1404 * The algorithm used is similar to the one described in 1424 * The algorithm used is similar to the one described in
1405 * Section 4.2.3.3 of RFC 1122. 1425 * Section 4.2.3.3 of RFC 1122.
1406 */ 1426 */
1407 if (sctp_peer_needs_update(asoc)) { 1427 if (update_peer && sctp_peer_needs_update(asoc)) {
1408 asoc->a_rwnd = asoc->rwnd; 1428 asoc->a_rwnd = asoc->rwnd;
1409 1429
1410 pr_debug("%s: sending window update SACK- asoc:%p rwnd:%u " 1430 pr_debug("%s: sending window update SACK- asoc:%p rwnd:%u "
@@ -1426,45 +1446,6 @@ void sctp_assoc_rwnd_increase(struct sctp_association *asoc, unsigned int len)
1426 } 1446 }
1427} 1447}
1428 1448
1429/* Decrease asoc's rwnd by len. */
1430void sctp_assoc_rwnd_decrease(struct sctp_association *asoc, unsigned int len)
1431{
1432 int rx_count;
1433 int over = 0;
1434
1435 if (unlikely(!asoc->rwnd || asoc->rwnd_over))
1436 pr_debug("%s: association:%p has asoc->rwnd:%u, "
1437 "asoc->rwnd_over:%u!\n", __func__, asoc,
1438 asoc->rwnd, asoc->rwnd_over);
1439
1440 if (asoc->ep->rcvbuf_policy)
1441 rx_count = atomic_read(&asoc->rmem_alloc);
1442 else
1443 rx_count = atomic_read(&asoc->base.sk->sk_rmem_alloc);
1444
1445 /* If we've reached or overflowed our receive buffer, announce
1446 * a 0 rwnd if rwnd would still be positive. Store the
1447 * the potential pressure overflow so that the window can be restored
1448 * back to original value.
1449 */
1450 if (rx_count >= asoc->base.sk->sk_rcvbuf)
1451 over = 1;
1452
1453 if (asoc->rwnd >= len) {
1454 asoc->rwnd -= len;
1455 if (over) {
1456 asoc->rwnd_press += asoc->rwnd;
1457 asoc->rwnd = 0;
1458 }
1459 } else {
1460 asoc->rwnd_over = len - asoc->rwnd;
1461 asoc->rwnd = 0;
1462 }
1463
1464 pr_debug("%s: asoc:%p rwnd decreased by %d to (%u, %u, %u)\n",
1465 __func__, asoc, len, asoc->rwnd, asoc->rwnd_over,
1466 asoc->rwnd_press);
1467}
1468 1449
1469/* Build the bind address list for the association based on info from the 1450/* Build the bind address list for the association based on info from the
1470 * local endpoint and the remote peer. 1451 * local endpoint and the remote peer.
diff --git a/net/sctp/sm_sideeffect.c b/net/sctp/sm_sideeffect.c
index bd859154000e..5d6883ff00c3 100644
--- a/net/sctp/sm_sideeffect.c
+++ b/net/sctp/sm_sideeffect.c
@@ -495,11 +495,12 @@ static void sctp_do_8_2_transport_strike(sctp_cmd_seq_t *commands,
495 } 495 }
496 496
497 /* If the transport error count is greater than the pf_retrans 497 /* If the transport error count is greater than the pf_retrans
498 * threshold, and less than pathmaxrtx, then mark this transport 498 * threshold, and less than pathmaxrtx, and if the current state
499 * as Partially Failed, ee SCTP Quick Failover Draft, secon 5.1, 499 * is not SCTP_UNCONFIRMED, then mark this transport as Partially
500 * point 1 500 * Failed, see SCTP Quick Failover Draft, section 5.1
501 */ 501 */
502 if ((transport->state != SCTP_PF) && 502 if ((transport->state != SCTP_PF) &&
503 (transport->state != SCTP_UNCONFIRMED) &&
503 (asoc->pf_retrans < transport->pathmaxrxt) && 504 (asoc->pf_retrans < transport->pathmaxrxt) &&
504 (transport->error_count > asoc->pf_retrans)) { 505 (transport->error_count > asoc->pf_retrans)) {
505 506
diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
index 483dcd71b3c5..ae65b6b5973a 100644
--- a/net/sctp/sm_statefuns.c
+++ b/net/sctp/sm_statefuns.c
@@ -758,6 +758,13 @@ sctp_disposition_t sctp_sf_do_5_1D_ce(struct net *net,
758 struct sctp_chunk auth; 758 struct sctp_chunk auth;
759 sctp_ierror_t ret; 759 sctp_ierror_t ret;
760 760
761 /* Make sure that we and the peer are AUTH capable */
762 if (!net->sctp.auth_enable || !new_asoc->peer.auth_capable) {
763 kfree_skb(chunk->auth_chunk);
764 sctp_association_free(new_asoc);
765 return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands);
766 }
767
761 /* set-up our fake chunk so that we can process it */ 768 /* set-up our fake chunk so that we can process it */
762 auth.skb = chunk->auth_chunk; 769 auth.skb = chunk->auth_chunk;
763 auth.asoc = chunk->asoc; 770 auth.asoc = chunk->asoc;
@@ -6176,7 +6183,7 @@ static int sctp_eat_data(const struct sctp_association *asoc,
6176 * PMTU. In cases, such as loopback, this might be a rather 6183 * PMTU. In cases, such as loopback, this might be a rather
6177 * large spill over. 6184 * large spill over.
6178 */ 6185 */
6179 if ((!chunk->data_accepted) && (!asoc->rwnd || asoc->rwnd_over || 6186 if ((!chunk->data_accepted) && (!asoc->rwnd ||
6180 (datalen > asoc->rwnd + asoc->frag_point))) { 6187 (datalen > asoc->rwnd + asoc->frag_point))) {
6181 6188
6182 /* If this is the next TSN, consider reneging to make 6189 /* If this is the next TSN, consider reneging to make
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index 9e91d6e5df63..981aaf8b6ace 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -64,6 +64,7 @@
64#include <linux/crypto.h> 64#include <linux/crypto.h>
65#include <linux/slab.h> 65#include <linux/slab.h>
66#include <linux/file.h> 66#include <linux/file.h>
67#include <linux/compat.h>
67 68
68#include <net/ip.h> 69#include <net/ip.h>
69#include <net/icmp.h> 70#include <net/icmp.h>
@@ -1368,11 +1369,19 @@ static int sctp_setsockopt_connectx(struct sock *sk,
1368/* 1369/*
1369 * New (hopefully final) interface for the API. 1370 * New (hopefully final) interface for the API.
1370 * We use the sctp_getaddrs_old structure so that use-space library 1371 * We use the sctp_getaddrs_old structure so that use-space library
1371 * can avoid any unnecessary allocations. The only defferent part 1372 * can avoid any unnecessary allocations. The only different part
1372 * is that we store the actual length of the address buffer into the 1373 * is that we store the actual length of the address buffer into the
1373 * addrs_num structure member. That way we can re-use the existing 1374 * addrs_num structure member. That way we can re-use the existing
1374 * code. 1375 * code.
1375 */ 1376 */
1377#ifdef CONFIG_COMPAT
1378struct compat_sctp_getaddrs_old {
1379 sctp_assoc_t assoc_id;
1380 s32 addr_num;
1381 compat_uptr_t addrs; /* struct sockaddr * */
1382};
1383#endif
1384
1376static int sctp_getsockopt_connectx3(struct sock *sk, int len, 1385static int sctp_getsockopt_connectx3(struct sock *sk, int len,
1377 char __user *optval, 1386 char __user *optval,
1378 int __user *optlen) 1387 int __user *optlen)
@@ -1381,16 +1390,30 @@ static int sctp_getsockopt_connectx3(struct sock *sk, int len,
1381 sctp_assoc_t assoc_id = 0; 1390 sctp_assoc_t assoc_id = 0;
1382 int err = 0; 1391 int err = 0;
1383 1392
1384 if (len < sizeof(param)) 1393#ifdef CONFIG_COMPAT
1385 return -EINVAL; 1394 if (is_compat_task()) {
1395 struct compat_sctp_getaddrs_old param32;
1386 1396
1387 if (copy_from_user(&param, optval, sizeof(param))) 1397 if (len < sizeof(param32))
1388 return -EFAULT; 1398 return -EINVAL;
1399 if (copy_from_user(&param32, optval, sizeof(param32)))
1400 return -EFAULT;
1389 1401
1390 err = __sctp_setsockopt_connectx(sk, 1402 param.assoc_id = param32.assoc_id;
1391 (struct sockaddr __user *)param.addrs, 1403 param.addr_num = param32.addr_num;
1392 param.addr_num, &assoc_id); 1404 param.addrs = compat_ptr(param32.addrs);
1405 } else
1406#endif
1407 {
1408 if (len < sizeof(param))
1409 return -EINVAL;
1410 if (copy_from_user(&param, optval, sizeof(param)))
1411 return -EFAULT;
1412 }
1393 1413
1414 err = __sctp_setsockopt_connectx(sk, (struct sockaddr __user *)
1415 param.addrs, param.addr_num,
1416 &assoc_id);
1394 if (err == 0 || err == -EINPROGRESS) { 1417 if (err == 0 || err == -EINPROGRESS) {
1395 if (copy_to_user(optval, &assoc_id, sizeof(assoc_id))) 1418 if (copy_to_user(optval, &assoc_id, sizeof(assoc_id)))
1396 return -EFAULT; 1419 return -EFAULT;
@@ -2092,12 +2115,6 @@ static int sctp_recvmsg(struct kiocb *iocb, struct sock *sk,
2092 sctp_skb_pull(skb, copied); 2115 sctp_skb_pull(skb, copied);
2093 skb_queue_head(&sk->sk_receive_queue, skb); 2116 skb_queue_head(&sk->sk_receive_queue, skb);
2094 2117
2095 /* When only partial message is copied to the user, increase
2096 * rwnd by that amount. If all the data in the skb is read,
2097 * rwnd is updated when the event is freed.
2098 */
2099 if (!sctp_ulpevent_is_notification(event))
2100 sctp_assoc_rwnd_increase(event->asoc, copied);
2101 goto out; 2118 goto out;
2102 } else if ((event->msg_flags & MSG_NOTIFICATION) || 2119 } else if ((event->msg_flags & MSG_NOTIFICATION) ||
2103 (event->msg_flags & MSG_EOR)) 2120 (event->msg_flags & MSG_EOR))
diff --git a/net/sctp/sysctl.c b/net/sctp/sysctl.c
index 7135e617ab0f..35c8923b5554 100644
--- a/net/sctp/sysctl.c
+++ b/net/sctp/sysctl.c
@@ -151,6 +151,7 @@ static struct ctl_table sctp_net_table[] = {
151 }, 151 },
152 { 152 {
153 .procname = "cookie_hmac_alg", 153 .procname = "cookie_hmac_alg",
154 .data = &init_net.sctp.sctp_hmac_alg,
154 .maxlen = 8, 155 .maxlen = 8,
155 .mode = 0644, 156 .mode = 0644,
156 .proc_handler = proc_sctp_do_hmac_alg, 157 .proc_handler = proc_sctp_do_hmac_alg,
@@ -401,15 +402,18 @@ static int proc_sctp_do_rto_max(struct ctl_table *ctl, int write,
401 402
402int sctp_sysctl_net_register(struct net *net) 403int sctp_sysctl_net_register(struct net *net)
403{ 404{
404 struct ctl_table *table; 405 struct ctl_table *table = sctp_net_table;
405 int i; 406
407 if (!net_eq(net, &init_net)) {
408 int i;
406 409
407 table = kmemdup(sctp_net_table, sizeof(sctp_net_table), GFP_KERNEL); 410 table = kmemdup(sctp_net_table, sizeof(sctp_net_table), GFP_KERNEL);
408 if (!table) 411 if (!table)
409 return -ENOMEM; 412 return -ENOMEM;
410 413
411 for (i = 0; table[i].data; i++) 414 for (i = 0; table[i].data; i++)
412 table[i].data += (char *)(&net->sctp) - (char *)&init_net.sctp; 415 table[i].data += (char *)(&net->sctp) - (char *)&init_net.sctp;
416 }
413 417
414 net->sctp.sysctl_header = register_net_sysctl(net, "net/sctp", table); 418 net->sctp.sysctl_header = register_net_sysctl(net, "net/sctp", table);
415 return 0; 419 return 0;
diff --git a/net/sctp/ulpevent.c b/net/sctp/ulpevent.c
index 85c64658bd0b..8d198ae03606 100644
--- a/net/sctp/ulpevent.c
+++ b/net/sctp/ulpevent.c
@@ -989,7 +989,7 @@ static void sctp_ulpevent_receive_data(struct sctp_ulpevent *event,
989 skb = sctp_event2skb(event); 989 skb = sctp_event2skb(event);
990 /* Set the owner and charge rwnd for bytes received. */ 990 /* Set the owner and charge rwnd for bytes received. */
991 sctp_ulpevent_set_owner(event, asoc); 991 sctp_ulpevent_set_owner(event, asoc);
992 sctp_assoc_rwnd_decrease(asoc, skb_headlen(skb)); 992 sctp_assoc_rwnd_update(asoc, false);
993 993
994 if (!skb->data_len) 994 if (!skb->data_len)
995 return; 995 return;
@@ -1011,6 +1011,7 @@ static void sctp_ulpevent_release_data(struct sctp_ulpevent *event)
1011{ 1011{
1012 struct sk_buff *skb, *frag; 1012 struct sk_buff *skb, *frag;
1013 unsigned int len; 1013 unsigned int len;
1014 struct sctp_association *asoc;
1014 1015
1015 /* Current stack structures assume that the rcv buffer is 1016 /* Current stack structures assume that the rcv buffer is
1016 * per socket. For UDP style sockets this is not true as 1017 * per socket. For UDP style sockets this is not true as
@@ -1035,8 +1036,11 @@ static void sctp_ulpevent_release_data(struct sctp_ulpevent *event)
1035 } 1036 }
1036 1037
1037done: 1038done:
1038 sctp_assoc_rwnd_increase(event->asoc, len); 1039 asoc = event->asoc;
1040 sctp_association_hold(asoc);
1039 sctp_ulpevent_release_owner(event); 1041 sctp_ulpevent_release_owner(event);
1042 sctp_assoc_rwnd_update(asoc, true);
1043 sctp_association_put(asoc);
1040} 1044}
1041 1045
1042static void sctp_ulpevent_release_frag_data(struct sctp_ulpevent *event) 1046static void sctp_ulpevent_release_frag_data(struct sctp_ulpevent *event)
diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
index 6c0513a7f992..36e431ee1c90 100644
--- a/net/sunrpc/auth_gss/auth_gss.c
+++ b/net/sunrpc/auth_gss/auth_gss.c
@@ -108,6 +108,7 @@ struct gss_auth {
108static DEFINE_SPINLOCK(pipe_version_lock); 108static DEFINE_SPINLOCK(pipe_version_lock);
109static struct rpc_wait_queue pipe_version_rpc_waitqueue; 109static struct rpc_wait_queue pipe_version_rpc_waitqueue;
110static DECLARE_WAIT_QUEUE_HEAD(pipe_version_waitqueue); 110static DECLARE_WAIT_QUEUE_HEAD(pipe_version_waitqueue);
111static void gss_put_auth(struct gss_auth *gss_auth);
111 112
112static void gss_free_ctx(struct gss_cl_ctx *); 113static void gss_free_ctx(struct gss_cl_ctx *);
113static const struct rpc_pipe_ops gss_upcall_ops_v0; 114static const struct rpc_pipe_ops gss_upcall_ops_v0;
@@ -320,6 +321,7 @@ gss_release_msg(struct gss_upcall_msg *gss_msg)
320 if (gss_msg->ctx != NULL) 321 if (gss_msg->ctx != NULL)
321 gss_put_ctx(gss_msg->ctx); 322 gss_put_ctx(gss_msg->ctx);
322 rpc_destroy_wait_queue(&gss_msg->rpc_waitqueue); 323 rpc_destroy_wait_queue(&gss_msg->rpc_waitqueue);
324 gss_put_auth(gss_msg->auth);
323 kfree(gss_msg); 325 kfree(gss_msg);
324} 326}
325 327
@@ -498,9 +500,12 @@ gss_alloc_msg(struct gss_auth *gss_auth,
498 default: 500 default:
499 err = gss_encode_v1_msg(gss_msg, service_name, gss_auth->target_name); 501 err = gss_encode_v1_msg(gss_msg, service_name, gss_auth->target_name);
500 if (err) 502 if (err)
501 goto err_free_msg; 503 goto err_put_pipe_version;
502 }; 504 };
505 kref_get(&gss_auth->kref);
503 return gss_msg; 506 return gss_msg;
507err_put_pipe_version:
508 put_pipe_version(gss_auth->net);
504err_free_msg: 509err_free_msg:
505 kfree(gss_msg); 510 kfree(gss_msg);
506err: 511err:
@@ -991,6 +996,8 @@ gss_create_new(struct rpc_auth_create_args *args, struct rpc_clnt *clnt)
991 gss_auth->service = gss_pseudoflavor_to_service(gss_auth->mech, flavor); 996 gss_auth->service = gss_pseudoflavor_to_service(gss_auth->mech, flavor);
992 if (gss_auth->service == 0) 997 if (gss_auth->service == 0)
993 goto err_put_mech; 998 goto err_put_mech;
999 if (!gssd_running(gss_auth->net))
1000 goto err_put_mech;
994 auth = &gss_auth->rpc_auth; 1001 auth = &gss_auth->rpc_auth;
995 auth->au_cslack = GSS_CRED_SLACK >> 2; 1002 auth->au_cslack = GSS_CRED_SLACK >> 2;
996 auth->au_rslack = GSS_VERF_SLACK >> 2; 1003 auth->au_rslack = GSS_VERF_SLACK >> 2;
@@ -1062,6 +1069,12 @@ gss_free_callback(struct kref *kref)
1062} 1069}
1063 1070
1064static void 1071static void
1072gss_put_auth(struct gss_auth *gss_auth)
1073{
1074 kref_put(&gss_auth->kref, gss_free_callback);
1075}
1076
1077static void
1065gss_destroy(struct rpc_auth *auth) 1078gss_destroy(struct rpc_auth *auth)
1066{ 1079{
1067 struct gss_auth *gss_auth = container_of(auth, 1080 struct gss_auth *gss_auth = container_of(auth,
@@ -1082,7 +1095,7 @@ gss_destroy(struct rpc_auth *auth)
1082 gss_auth->gss_pipe[1] = NULL; 1095 gss_auth->gss_pipe[1] = NULL;
1083 rpcauth_destroy_credcache(auth); 1096 rpcauth_destroy_credcache(auth);
1084 1097
1085 kref_put(&gss_auth->kref, gss_free_callback); 1098 gss_put_auth(gss_auth);
1086} 1099}
1087 1100
1088/* 1101/*
@@ -1253,7 +1266,7 @@ gss_destroy_nullcred(struct rpc_cred *cred)
1253 call_rcu(&cred->cr_rcu, gss_free_cred_callback); 1266 call_rcu(&cred->cr_rcu, gss_free_cred_callback);
1254 if (ctx) 1267 if (ctx)
1255 gss_put_ctx(ctx); 1268 gss_put_ctx(ctx);
1256 kref_put(&gss_auth->kref, gss_free_callback); 1269 gss_put_auth(gss_auth);
1257} 1270}
1258 1271
1259static void 1272static void
diff --git a/net/sunrpc/backchannel_rqst.c b/net/sunrpc/backchannel_rqst.c
index 890a29912d5a..e860d4f7ed2a 100644
--- a/net/sunrpc/backchannel_rqst.c
+++ b/net/sunrpc/backchannel_rqst.c
@@ -64,7 +64,6 @@ static void xprt_free_allocation(struct rpc_rqst *req)
64 free_page((unsigned long)xbufp->head[0].iov_base); 64 free_page((unsigned long)xbufp->head[0].iov_base);
65 xbufp = &req->rq_snd_buf; 65 xbufp = &req->rq_snd_buf;
66 free_page((unsigned long)xbufp->head[0].iov_base); 66 free_page((unsigned long)xbufp->head[0].iov_base);
67 list_del(&req->rq_bc_pa_list);
68 kfree(req); 67 kfree(req);
69} 68}
70 69
@@ -168,8 +167,10 @@ out_free:
168 /* 167 /*
169 * Memory allocation failed, free the temporary list 168 * Memory allocation failed, free the temporary list
170 */ 169 */
171 list_for_each_entry_safe(req, tmp, &tmp_list, rq_bc_pa_list) 170 list_for_each_entry_safe(req, tmp, &tmp_list, rq_bc_pa_list) {
171 list_del(&req->rq_bc_pa_list);
172 xprt_free_allocation(req); 172 xprt_free_allocation(req);
173 }
173 174
174 dprintk("RPC: setup backchannel transport failed\n"); 175 dprintk("RPC: setup backchannel transport failed\n");
175 return -ENOMEM; 176 return -ENOMEM;
@@ -198,6 +199,7 @@ void xprt_destroy_backchannel(struct rpc_xprt *xprt, unsigned int max_reqs)
198 xprt_dec_alloc_count(xprt, max_reqs); 199 xprt_dec_alloc_count(xprt, max_reqs);
199 list_for_each_entry_safe(req, tmp, &xprt->bc_pa_list, rq_bc_pa_list) { 200 list_for_each_entry_safe(req, tmp, &xprt->bc_pa_list, rq_bc_pa_list) {
200 dprintk("RPC: req=%p\n", req); 201 dprintk("RPC: req=%p\n", req);
202 list_del(&req->rq_bc_pa_list);
201 xprt_free_allocation(req); 203 xprt_free_allocation(req);
202 if (--max_reqs == 0) 204 if (--max_reqs == 0)
203 break; 205 break;
diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c
index 817a1e523969..0addefca8e77 100644
--- a/net/sunrpc/xprtsock.c
+++ b/net/sunrpc/xprtsock.c
@@ -510,6 +510,7 @@ static int xs_nospace(struct rpc_task *task)
510 struct rpc_rqst *req = task->tk_rqstp; 510 struct rpc_rqst *req = task->tk_rqstp;
511 struct rpc_xprt *xprt = req->rq_xprt; 511 struct rpc_xprt *xprt = req->rq_xprt;
512 struct sock_xprt *transport = container_of(xprt, struct sock_xprt, xprt); 512 struct sock_xprt *transport = container_of(xprt, struct sock_xprt, xprt);
513 struct sock *sk = transport->inet;
513 int ret = -EAGAIN; 514 int ret = -EAGAIN;
514 515
515 dprintk("RPC: %5u xmit incomplete (%u left of %u)\n", 516 dprintk("RPC: %5u xmit incomplete (%u left of %u)\n",
@@ -527,7 +528,7 @@ static int xs_nospace(struct rpc_task *task)
527 * window size 528 * window size
528 */ 529 */
529 set_bit(SOCK_NOSPACE, &transport->sock->flags); 530 set_bit(SOCK_NOSPACE, &transport->sock->flags);
530 transport->inet->sk_write_pending++; 531 sk->sk_write_pending++;
531 /* ...and wait for more buffer space */ 532 /* ...and wait for more buffer space */
532 xprt_wait_for_buffer_space(task, xs_nospace_callback); 533 xprt_wait_for_buffer_space(task, xs_nospace_callback);
533 } 534 }
@@ -537,6 +538,9 @@ static int xs_nospace(struct rpc_task *task)
537 } 538 }
538 539
539 spin_unlock_bh(&xprt->transport_lock); 540 spin_unlock_bh(&xprt->transport_lock);
541
542 /* Race breaker in case memory is freed before above code is called */
543 sk->sk_write_space(sk);
540 return ret; 544 return ret;
541} 545}
542 546
diff --git a/net/tipc/bearer.c b/net/tipc/bearer.c
index a38c89969c68..574b86193b15 100644
--- a/net/tipc/bearer.c
+++ b/net/tipc/bearer.c
@@ -610,8 +610,13 @@ static struct notifier_block notifier = {
610 610
611int tipc_bearer_setup(void) 611int tipc_bearer_setup(void)
612{ 612{
613 int err;
614
615 err = register_netdevice_notifier(&notifier);
616 if (err)
617 return err;
613 dev_add_pack(&tipc_packet_type); 618 dev_add_pack(&tipc_packet_type);
614 return register_netdevice_notifier(&notifier); 619 return 0;
615} 620}
616 621
617void tipc_bearer_cleanup(void) 622void tipc_bearer_cleanup(void)
diff --git a/net/tipc/config.c b/net/tipc/config.c
index c301a9a592d8..e74eef2e7490 100644
--- a/net/tipc/config.c
+++ b/net/tipc/config.c
@@ -181,7 +181,7 @@ static struct sk_buff *cfg_set_own_addr(void)
181 if (tipc_own_addr) 181 if (tipc_own_addr)
182 return tipc_cfg_reply_error_string(TIPC_CFG_NOT_SUPPORTED 182 return tipc_cfg_reply_error_string(TIPC_CFG_NOT_SUPPORTED
183 " (cannot change node address once assigned)"); 183 " (cannot change node address once assigned)");
184 tipc_core_start_net(addr); 184 tipc_net_start(addr);
185 return tipc_cfg_reply_none(); 185 return tipc_cfg_reply_none();
186} 186}
187 187
diff --git a/net/tipc/core.c b/net/tipc/core.c
index f9e88d8b04ca..80c20647b3d2 100644
--- a/net/tipc/core.c
+++ b/net/tipc/core.c
@@ -77,37 +77,13 @@ struct sk_buff *tipc_buf_acquire(u32 size)
77} 77}
78 78
79/** 79/**
80 * tipc_core_stop_net - shut down TIPC networking sub-systems
81 */
82static void tipc_core_stop_net(void)
83{
84 tipc_net_stop();
85 tipc_bearer_cleanup();
86}
87
88/**
89 * start_net - start TIPC networking sub-systems
90 */
91int tipc_core_start_net(unsigned long addr)
92{
93 int res;
94
95 tipc_net_start(addr);
96 res = tipc_bearer_setup();
97 if (res < 0)
98 goto err;
99 return res;
100
101err:
102 tipc_core_stop_net();
103 return res;
104}
105
106/**
107 * tipc_core_stop - switch TIPC from SINGLE NODE to NOT RUNNING mode 80 * tipc_core_stop - switch TIPC from SINGLE NODE to NOT RUNNING mode
108 */ 81 */
109static void tipc_core_stop(void) 82static void tipc_core_stop(void)
110{ 83{
84 tipc_handler_stop();
85 tipc_net_stop();
86 tipc_bearer_cleanup();
111 tipc_netlink_stop(); 87 tipc_netlink_stop();
112 tipc_cfg_stop(); 88 tipc_cfg_stop();
113 tipc_subscr_stop(); 89 tipc_subscr_stop();
@@ -122,30 +98,65 @@ static void tipc_core_stop(void)
122 */ 98 */
123static int tipc_core_start(void) 99static int tipc_core_start(void)
124{ 100{
125 int res; 101 int err;
126 102
127 get_random_bytes(&tipc_random, sizeof(tipc_random)); 103 get_random_bytes(&tipc_random, sizeof(tipc_random));
128 104
129 res = tipc_handler_start(); 105 err = tipc_handler_start();
130 if (!res) 106 if (err)
131 res = tipc_ref_table_init(tipc_max_ports, tipc_random); 107 goto out_handler;
132 if (!res) 108
133 res = tipc_nametbl_init(); 109 err = tipc_ref_table_init(tipc_max_ports, tipc_random);
134 if (!res) 110 if (err)
135 res = tipc_netlink_start(); 111 goto out_reftbl;
136 if (!res) 112
137 res = tipc_socket_init(); 113 err = tipc_nametbl_init();
138 if (!res) 114 if (err)
139 res = tipc_register_sysctl(); 115 goto out_nametbl;
140 if (!res) 116
141 res = tipc_subscr_start(); 117 err = tipc_netlink_start();
142 if (!res) 118 if (err)
143 res = tipc_cfg_init(); 119 goto out_netlink;
144 if (res) { 120
145 tipc_handler_stop(); 121 err = tipc_socket_init();
146 tipc_core_stop(); 122 if (err)
147 } 123 goto out_socket;
148 return res; 124
125 err = tipc_register_sysctl();
126 if (err)
127 goto out_sysctl;
128
129 err = tipc_subscr_start();
130 if (err)
131 goto out_subscr;
132
133 err = tipc_cfg_init();
134 if (err)
135 goto out_cfg;
136
137 err = tipc_bearer_setup();
138 if (err)
139 goto out_bearer;
140
141 return 0;
142out_bearer:
143 tipc_cfg_stop();
144out_cfg:
145 tipc_subscr_stop();
146out_subscr:
147 tipc_unregister_sysctl();
148out_sysctl:
149 tipc_socket_stop();
150out_socket:
151 tipc_netlink_stop();
152out_netlink:
153 tipc_nametbl_stop();
154out_nametbl:
155 tipc_ref_table_stop();
156out_reftbl:
157 tipc_handler_stop();
158out_handler:
159 return err;
149} 160}
150 161
151static int __init tipc_init(void) 162static int __init tipc_init(void)
@@ -174,8 +185,6 @@ static int __init tipc_init(void)
174 185
175static void __exit tipc_exit(void) 186static void __exit tipc_exit(void)
176{ 187{
177 tipc_handler_stop();
178 tipc_core_stop_net();
179 tipc_core_stop(); 188 tipc_core_stop();
180 pr_info("Deactivated\n"); 189 pr_info("Deactivated\n");
181} 190}
diff --git a/net/tipc/core.h b/net/tipc/core.h
index 1ff477b0450d..4dfe137587bb 100644
--- a/net/tipc/core.h
+++ b/net/tipc/core.h
@@ -90,7 +90,6 @@ extern int tipc_random __read_mostly;
90/* 90/*
91 * Routines available to privileged subsystems 91 * Routines available to privileged subsystems
92 */ 92 */
93int tipc_core_start_net(unsigned long);
94int tipc_handler_start(void); 93int tipc_handler_start(void);
95void tipc_handler_stop(void); 94void tipc_handler_stop(void);
96int tipc_netlink_start(void); 95int tipc_netlink_start(void);
@@ -192,6 +191,7 @@ static inline void k_term_timer(struct timer_list *timer)
192 191
193struct tipc_skb_cb { 192struct tipc_skb_cb {
194 void *handle; 193 void *handle;
194 bool deferred;
195}; 195};
196 196
197#define TIPC_SKB_CB(__skb) ((struct tipc_skb_cb *)&((__skb)->cb[0])) 197#define TIPC_SKB_CB(__skb) ((struct tipc_skb_cb *)&((__skb)->cb[0]))
diff --git a/net/tipc/link.c b/net/tipc/link.c
index d4b5de41b682..da6018beb6eb 100644
--- a/net/tipc/link.c
+++ b/net/tipc/link.c
@@ -1391,6 +1391,12 @@ static int link_recv_buf_validate(struct sk_buff *buf)
1391 u32 hdr_size; 1391 u32 hdr_size;
1392 u32 min_hdr_size; 1392 u32 min_hdr_size;
1393 1393
1394 /* If this packet comes from the defer queue, the skb has already
1395 * been validated
1396 */
1397 if (unlikely(TIPC_SKB_CB(buf)->deferred))
1398 return 1;
1399
1394 if (unlikely(buf->len < MIN_H_SIZE)) 1400 if (unlikely(buf->len < MIN_H_SIZE))
1395 return 0; 1401 return 0;
1396 1402
@@ -1703,6 +1709,7 @@ static void link_handle_out_of_seq_msg(struct tipc_link *l_ptr,
1703 &l_ptr->newest_deferred_in, buf)) { 1709 &l_ptr->newest_deferred_in, buf)) {
1704 l_ptr->deferred_inqueue_sz++; 1710 l_ptr->deferred_inqueue_sz++;
1705 l_ptr->stats.deferred_recv++; 1711 l_ptr->stats.deferred_recv++;
1712 TIPC_SKB_CB(buf)->deferred = true;
1706 if ((l_ptr->deferred_inqueue_sz % 16) == 1) 1713 if ((l_ptr->deferred_inqueue_sz % 16) == 1)
1707 tipc_link_send_proto_msg(l_ptr, STATE_MSG, 0, 0, 0, 0, 0); 1714 tipc_link_send_proto_msg(l_ptr, STATE_MSG, 0, 0, 0, 0, 0);
1708 } else 1715 } else
diff --git a/net/tipc/name_table.c b/net/tipc/name_table.c
index 92a1533af4e0..48302be175ce 100644
--- a/net/tipc/name_table.c
+++ b/net/tipc/name_table.c
@@ -945,9 +945,6 @@ void tipc_nametbl_stop(void)
945{ 945{
946 u32 i; 946 u32 i;
947 947
948 if (!table.types)
949 return;
950
951 /* Verify name table is empty, then release it */ 948 /* Verify name table is empty, then release it */
952 write_lock_bh(&tipc_nametbl_lock); 949 write_lock_bh(&tipc_nametbl_lock);
953 for (i = 0; i < TIPC_NAMETBL_SIZE; i++) { 950 for (i = 0; i < TIPC_NAMETBL_SIZE; i++) {
diff --git a/net/tipc/netlink.c b/net/tipc/netlink.c
index 9f72a6376362..3aaf73de9e2d 100644
--- a/net/tipc/netlink.c
+++ b/net/tipc/netlink.c
@@ -83,8 +83,6 @@ static struct genl_ops tipc_genl_ops[] = {
83 }, 83 },
84}; 84};
85 85
86static int tipc_genl_family_registered;
87
88int tipc_netlink_start(void) 86int tipc_netlink_start(void)
89{ 87{
90 int res; 88 int res;
@@ -94,16 +92,10 @@ int tipc_netlink_start(void)
94 pr_err("Failed to register netlink interface\n"); 92 pr_err("Failed to register netlink interface\n");
95 return res; 93 return res;
96 } 94 }
97
98 tipc_genl_family_registered = 1;
99 return 0; 95 return 0;
100} 96}
101 97
102void tipc_netlink_stop(void) 98void tipc_netlink_stop(void)
103{ 99{
104 if (!tipc_genl_family_registered)
105 return;
106
107 genl_unregister_family(&tipc_genl_family); 100 genl_unregister_family(&tipc_genl_family);
108 tipc_genl_family_registered = 0;
109} 101}
diff --git a/net/tipc/ref.c b/net/tipc/ref.c
index 2a2a938dc22c..de3d593e2fee 100644
--- a/net/tipc/ref.c
+++ b/net/tipc/ref.c
@@ -126,9 +126,6 @@ int tipc_ref_table_init(u32 requested_size, u32 start)
126 */ 126 */
127void tipc_ref_table_stop(void) 127void tipc_ref_table_stop(void)
128{ 128{
129 if (!tipc_ref_table.entries)
130 return;
131
132 vfree(tipc_ref_table.entries); 129 vfree(tipc_ref_table.entries);
133 tipc_ref_table.entries = NULL; 130 tipc_ref_table.entries = NULL;
134} 131}
diff --git a/net/tipc/server.c b/net/tipc/server.c
index b635ca347a87..373979789a73 100644
--- a/net/tipc/server.c
+++ b/net/tipc/server.c
@@ -573,7 +573,6 @@ int tipc_server_start(struct tipc_server *s)
573 kmem_cache_destroy(s->rcvbuf_cache); 573 kmem_cache_destroy(s->rcvbuf_cache);
574 return ret; 574 return ret;
575 } 575 }
576 s->enabled = 1;
577 return ret; 576 return ret;
578} 577}
579 578
@@ -583,10 +582,6 @@ void tipc_server_stop(struct tipc_server *s)
583 int total = 0; 582 int total = 0;
584 int id; 583 int id;
585 584
586 if (!s->enabled)
587 return;
588
589 s->enabled = 0;
590 spin_lock_bh(&s->idr_lock); 585 spin_lock_bh(&s->idr_lock);
591 for (id = 0; total < s->idr_in_use; id++) { 586 for (id = 0; total < s->idr_in_use; id++) {
592 con = idr_find(&s->conn_idr, id); 587 con = idr_find(&s->conn_idr, id);
diff --git a/net/tipc/server.h b/net/tipc/server.h
index 98b23f20bc0f..be817b0b547e 100644
--- a/net/tipc/server.h
+++ b/net/tipc/server.h
@@ -56,7 +56,6 @@
56 * @name: server name 56 * @name: server name
57 * @imp: message importance 57 * @imp: message importance
58 * @type: socket type 58 * @type: socket type
59 * @enabled: identify whether server is launched or not
60 */ 59 */
61struct tipc_server { 60struct tipc_server {
62 struct idr conn_idr; 61 struct idr conn_idr;
@@ -74,7 +73,6 @@ struct tipc_server {
74 const char name[TIPC_SERVER_NAME_LEN]; 73 const char name[TIPC_SERVER_NAME_LEN];
75 int imp; 74 int imp;
76 int type; 75 int type;
77 int enabled;
78}; 76};
79 77
80int tipc_conn_sendmsg(struct tipc_server *s, int conid, 78int tipc_conn_sendmsg(struct tipc_server *s, int conid,
diff --git a/net/tipc/socket.c b/net/tipc/socket.c
index aab4948f0aff..a4cf274455aa 100644
--- a/net/tipc/socket.c
+++ b/net/tipc/socket.c
@@ -70,8 +70,6 @@ static const struct proto_ops msg_ops;
70static struct proto tipc_proto; 70static struct proto tipc_proto;
71static struct proto tipc_proto_kern; 71static struct proto tipc_proto_kern;
72 72
73static int sockets_enabled;
74
75/* 73/*
76 * Revised TIPC socket locking policy: 74 * Revised TIPC socket locking policy:
77 * 75 *
@@ -2027,8 +2025,6 @@ int tipc_socket_init(void)
2027 proto_unregister(&tipc_proto); 2025 proto_unregister(&tipc_proto);
2028 goto out; 2026 goto out;
2029 } 2027 }
2030
2031 sockets_enabled = 1;
2032 out: 2028 out:
2033 return res; 2029 return res;
2034} 2030}
@@ -2038,10 +2034,6 @@ int tipc_socket_init(void)
2038 */ 2034 */
2039void tipc_socket_stop(void) 2035void tipc_socket_stop(void)
2040{ 2036{
2041 if (!sockets_enabled)
2042 return;
2043
2044 sockets_enabled = 0;
2045 sock_unregister(tipc_family_ops.family); 2037 sock_unregister(tipc_family_ops.family);
2046 proto_unregister(&tipc_proto); 2038 proto_unregister(&tipc_proto);
2047} 2039}
diff --git a/net/wireless/reg.c b/net/wireless/reg.c
index 9b897fca7487..f0541370e68e 100644
--- a/net/wireless/reg.c
+++ b/net/wireless/reg.c
@@ -1700,7 +1700,7 @@ static void reg_process_hint(struct regulatory_request *reg_request)
1700 return; 1700 return;
1701 case NL80211_REGDOM_SET_BY_USER: 1701 case NL80211_REGDOM_SET_BY_USER:
1702 treatment = reg_process_hint_user(reg_request); 1702 treatment = reg_process_hint_user(reg_request);
1703 if (treatment == REG_REQ_OK || 1703 if (treatment == REG_REQ_IGNORE ||
1704 treatment == REG_REQ_ALREADY_SET) 1704 treatment == REG_REQ_ALREADY_SET)
1705 return; 1705 return;
1706 schedule_delayed_work(&reg_timeout, msecs_to_jiffies(3142)); 1706 schedule_delayed_work(&reg_timeout, msecs_to_jiffies(3142));
@@ -2373,6 +2373,7 @@ static int reg_set_rd_country_ie(const struct ieee80211_regdomain *rd,
2373int set_regdom(const struct ieee80211_regdomain *rd) 2373int set_regdom(const struct ieee80211_regdomain *rd)
2374{ 2374{
2375 struct regulatory_request *lr; 2375 struct regulatory_request *lr;
2376 bool user_reset = false;
2376 int r; 2377 int r;
2377 2378
2378 if (!reg_is_valid_request(rd->alpha2)) { 2379 if (!reg_is_valid_request(rd->alpha2)) {
@@ -2389,6 +2390,7 @@ int set_regdom(const struct ieee80211_regdomain *rd)
2389 break; 2390 break;
2390 case NL80211_REGDOM_SET_BY_USER: 2391 case NL80211_REGDOM_SET_BY_USER:
2391 r = reg_set_rd_user(rd, lr); 2392 r = reg_set_rd_user(rd, lr);
2393 user_reset = true;
2392 break; 2394 break;
2393 case NL80211_REGDOM_SET_BY_DRIVER: 2395 case NL80211_REGDOM_SET_BY_DRIVER:
2394 r = reg_set_rd_driver(rd, lr); 2396 r = reg_set_rd_driver(rd, lr);
@@ -2402,8 +2404,14 @@ int set_regdom(const struct ieee80211_regdomain *rd)
2402 } 2404 }
2403 2405
2404 if (r) { 2406 if (r) {
2405 if (r == -EALREADY) 2407 switch (r) {
2408 case -EALREADY:
2406 reg_set_request_processed(); 2409 reg_set_request_processed();
2410 break;
2411 default:
2412 /* Back to world regulatory in case of errors */
2413 restore_regulatory_settings(user_reset);
2414 }
2407 2415
2408 kfree(rd); 2416 kfree(rd);
2409 return r; 2417 return r;
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 4b98b25793c5..1d5c7bf29938 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -1158,7 +1158,7 @@ static struct xfrm_policy *__xfrm_policy_unlink(struct xfrm_policy *pol,
1158 if (hlist_unhashed(&pol->bydst)) 1158 if (hlist_unhashed(&pol->bydst))
1159 return NULL; 1159 return NULL;
1160 1160
1161 hlist_del(&pol->bydst); 1161 hlist_del_init(&pol->bydst);
1162 hlist_del(&pol->byidx); 1162 hlist_del(&pol->byidx);
1163 list_del(&pol->walk.all); 1163 list_del(&pol->walk.all);
1164 net->xfrm.policy_count[dir]--; 1164 net->xfrm.policy_count[dir]--;
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index a26b7aa79475..40f1b3e92e78 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -1159,6 +1159,11 @@ static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig, int *errp)
1159 } 1159 }
1160 x->props.aalgo = orig->props.aalgo; 1160 x->props.aalgo = orig->props.aalgo;
1161 1161
1162 if (orig->aead) {
1163 x->aead = xfrm_algo_aead_clone(orig->aead);
1164 if (!x->aead)
1165 goto error;
1166 }
1162 if (orig->ealg) { 1167 if (orig->ealg) {
1163 x->ealg = xfrm_algo_clone(orig->ealg); 1168 x->ealg = xfrm_algo_clone(orig->ealg);
1164 if (!x->ealg) 1169 if (!x->ealg)
@@ -1201,6 +1206,9 @@ static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig, int *errp)
1201 x->props.flags = orig->props.flags; 1206 x->props.flags = orig->props.flags;
1202 x->props.extra_flags = orig->props.extra_flags; 1207 x->props.extra_flags = orig->props.extra_flags;
1203 1208
1209 x->tfcpad = orig->tfcpad;
1210 x->replay_maxdiff = orig->replay_maxdiff;
1211 x->replay_maxage = orig->replay_maxage;
1204 x->curlft.add_time = orig->curlft.add_time; 1212 x->curlft.add_time = orig->curlft.add_time;
1205 x->km.state = orig->km.state; 1213 x->km.state = orig->km.state;
1206 x->km.seq = orig->km.seq; 1214 x->km.seq = orig->km.seq;
@@ -1215,11 +1223,12 @@ out:
1215 return NULL; 1223 return NULL;
1216} 1224}
1217 1225
1218/* net->xfrm.xfrm_state_lock is held */
1219struct xfrm_state *xfrm_migrate_state_find(struct xfrm_migrate *m, struct net *net) 1226struct xfrm_state *xfrm_migrate_state_find(struct xfrm_migrate *m, struct net *net)
1220{ 1227{
1221 unsigned int h; 1228 unsigned int h;
1222 struct xfrm_state *x; 1229 struct xfrm_state *x = NULL;
1230
1231 spin_lock_bh(&net->xfrm.xfrm_state_lock);
1223 1232
1224 if (m->reqid) { 1233 if (m->reqid) {
1225 h = xfrm_dst_hash(net, &m->old_daddr, &m->old_saddr, 1234 h = xfrm_dst_hash(net, &m->old_daddr, &m->old_saddr,
@@ -1236,7 +1245,7 @@ struct xfrm_state *xfrm_migrate_state_find(struct xfrm_migrate *m, struct net *n
1236 m->old_family)) 1245 m->old_family))
1237 continue; 1246 continue;
1238 xfrm_state_hold(x); 1247 xfrm_state_hold(x);
1239 return x; 1248 break;
1240 } 1249 }
1241 } else { 1250 } else {
1242 h = xfrm_src_hash(net, &m->old_daddr, &m->old_saddr, 1251 h = xfrm_src_hash(net, &m->old_daddr, &m->old_saddr,
@@ -1251,11 +1260,13 @@ struct xfrm_state *xfrm_migrate_state_find(struct xfrm_migrate *m, struct net *n
1251 m->old_family)) 1260 m->old_family))
1252 continue; 1261 continue;
1253 xfrm_state_hold(x); 1262 xfrm_state_hold(x);
1254 return x; 1263 break;
1255 } 1264 }
1256 } 1265 }
1257 1266
1258 return NULL; 1267 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1268
1269 return x;
1259} 1270}
1260EXPORT_SYMBOL(xfrm_migrate_state_find); 1271EXPORT_SYMBOL(xfrm_migrate_state_find);
1261 1272
@@ -1451,7 +1462,7 @@ xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n,
1451{ 1462{
1452 int err = 0; 1463 int err = 0;
1453 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family); 1464 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1454 struct net *net = xs_net(*dst); 1465 struct net *net = xs_net(*src);
1455 1466
1456 if (!afinfo) 1467 if (!afinfo)
1457 return -EAFNOSUPPORT; 1468 return -EAFNOSUPPORT;
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 1ae3ec7c18b0..c274179d60a2 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -32,11 +32,6 @@
32#include <linux/in6.h> 32#include <linux/in6.h>
33#endif 33#endif
34 34
35static inline int aead_len(struct xfrm_algo_aead *alg)
36{
37 return sizeof(*alg) + ((alg->alg_key_len + 7) / 8);
38}
39
40static int verify_one_alg(struct nlattr **attrs, enum xfrm_attr_type_t type) 35static int verify_one_alg(struct nlattr **attrs, enum xfrm_attr_type_t type)
41{ 36{
42 struct nlattr *rt = attrs[type]; 37 struct nlattr *rt = attrs[type];
generated by cgit v1.2.2 (git 2.25.0) at 2025-08-24 03:03:44 -0400