Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

Conflicts: drivers/net/ethernet/altera/altera_sgdma.c net/netlink/af_netlink.c net/sched/cls_api.c net/sched/sch_api.c The netlink conflict dealt with moving to netlink_capable() and netlink_ns_capable() in the 'net' tree vs. supporting 'tc' operations in non-init namespaces. These were simple transformations from netlink_capable to netlink_ns_capable. The Altera driver conflict was simply code removal overlapping some void pointer cast cleanups in net-next. Signed-off-by: David S. Miller <davem@davemloft.net>
author: David S. Miller <davem@davemloft.net> 2014-05-12 13:19:14 -0400
committer: David S. Miller <davem@davemloft.net> 2014-05-12 13:19:14 -0400
commit: 5f013c9bc70214dcacd5fbed5a06c217d6ff9c59 (patch)
tree: 34c3a633000e03bca57d0ce55d8759f86edecc03 /net
parent: 51ee42efa0829cf9e46f8e1c0ab7a9ab6facf3f2 (diff)
parent: 1a466ae96e9f749d02a73315a3e66375e61a61dd (diff)
53 files changed, 426 insertions, 227 deletions
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index 55a174317925..095943c02d6e 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -884,14 +884,17 @@ static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
        if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
                struct hci_cp_auth_requested cp;
-                /* encrypt must be pending if auth is also pending */
-                set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
                cp.handle = cpu_to_le16(conn->handle);
                hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
                             sizeof(cp), &cp);
+                /* If we're already encrypted set the REAUTH_PEND flag,
+                 * otherwise set the ENCRYPT_PEND.
+                 */
                if (conn->key_type != 0xff)
                        set_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
+                else
+                        set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
        }
        return 0;
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 07c37d0cecb2..ca19fd4bbb8f 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -3388,6 +3388,12 @@ static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
        if (!conn)
                goto unlock;
+        /* For BR/EDR the necessary steps are taken through the
+         * auth_complete event.
+         */
+        if (conn->type != LE_LINK)
+                goto unlock;
        if (!ev->status)
                conn->sec_level = conn->pending_sec_level;
diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c
index 80e1b0f60a30..2acf7fa1fec6 100644
--- a/net/bridge/br_netfilter.c
+++ b/net/bridge/br_netfilter.c
@@ -859,12 +859,12 @@ static unsigned int br_nf_forward_arp(const struct nf_hook_ops *ops,
        return NF_STOLEN;
 }
-#if IS_ENABLED(CONFIG_NF_CONNTRACK_IPV4)
+#if IS_ENABLED(CONFIG_NF_DEFRAG_IPV4)
 static int br_nf_dev_queue_xmit(struct sk_buff *skb)
 {
        int ret;
-        if (skb->nfct != NULL && skb->protocol == htons(ETH_P_IP) &&
+        if (skb->protocol == htons(ETH_P_IP) &&
            skb->len + nf_bridge_mtu_reduction(skb) > skb->dev->mtu &&
            !skb_is_gso(skb)) {
                if (br_parse_ip_options(skb))
diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c
index e74b6d530cb6..e8844d975b32 100644
--- a/net/bridge/br_netlink.c
+++ b/net/bridge/br_netlink.c
@@ -445,6 +445,20 @@ static int br_validate(struct nlattr *tb[], struct nlattr *data[])
        return 0;
 }
+static int br_dev_newlink(struct net *src_net, struct net_device *dev,
+                          struct nlattr *tb[], struct nlattr *data[])
+{
+        struct net_bridge *br = netdev_priv(dev);
+        if (tb[IFLA_ADDRESS]) {
+                spin_lock_bh(&br->lock);
+                br_stp_change_bridge_id(br, nla_data(tb[IFLA_ADDRESS]));
+                spin_unlock_bh(&br->lock);
+        }
+        return register_netdevice(dev);
+}
 static size_t br_get_link_af_size(const struct net_device *dev)
 {
        struct net_port_vlans *pv;
@@ -473,6 +487,7 @@ struct rtnl_link_ops br_link_ops __read_mostly = {
        .priv_size      = sizeof(struct net_bridge),
        .setup          = br_dev_setup,
        .validate       = br_validate,
+        .newlink        = br_dev_newlink,
        .dellink        = br_dev_delete,
 };
diff --git a/net/can/gw.c b/net/can/gw.c
index ac31891967da..050a2110d43f 100644
--- a/net/can/gw.c
+++ b/net/can/gw.c
@@ -804,7 +804,7 @@ static int cgw_create_job(struct sk_buff *skb,  struct nlmsghdr *nlh)
        u8 limhops = 0;
        int err = 0;
-        if (!capable(CAP_NET_ADMIN))
+        if (!netlink_capable(skb, CAP_NET_ADMIN))
                return -EPERM;
        if (nlmsg_len(nlh) < sizeof(*r))
@@ -893,7 +893,7 @@ static int cgw_remove_job(struct sk_buff *skb, struct nlmsghdr *nlh)
        u8 limhops = 0;
        int err = 0;
-        if (!capable(CAP_NET_ADMIN))
+        if (!netlink_capable(skb, CAP_NET_ADMIN))
                return -EPERM;
        if (nlmsg_len(nlh) < sizeof(*r))
diff --git a/net/ceph/osdmap.c b/net/ceph/osdmap.c
index e632b5a52f5b..8b8a5a24b223 100644
--- a/net/ceph/osdmap.c
+++ b/net/ceph/osdmap.c
@@ -1548,8 +1548,10 @@ static void apply_primary_affinity(struct ceph_osdmap *osdmap, u32 pps,
                return;
        for (i = 0; i < len; i++) {
-                if (osds[i] != CRUSH_ITEM_NONE &&
+                int osd = osds[i];
-                    osdmap->osd_primary_affinity[i] !=
+                if (osd != CRUSH_ITEM_NONE &&
+                    osdmap->osd_primary_affinity[osd] !=
                                        CEPH_OSD_DEFAULT_PRIMARY_AFFINITY) {
                        break;
                }
@@ -1563,10 +1565,9 @@ static void apply_primary_affinity(struct ceph_osdmap *osdmap, u32 pps,
         * osd's pgs get rejected as primary.
         */
        for (i = 0; i < len; i++) {
-                int osd;
+                int osd = osds[i];
                u32 aff;
-                osd = osds[i];
                if (osd == CRUSH_ITEM_NONE)
                        continue;
diff --git a/net/core/dev.c b/net/core/dev.c
index fe0b9cd69cb6..867adb25b5b8 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -2424,7 +2424,7 @@ EXPORT_SYMBOL(netdev_rx_csum_fault);
 * 2. No high memory really exists on this machine.
 */
-static int illegal_highdma(const struct net_device *dev, struct sk_buff *skb)
+static int illegal_highdma(struct net_device *dev, struct sk_buff *skb)
 {
 #ifdef CONFIG_HIGHMEM
        int i;
@@ -2499,38 +2499,36 @@ static int dev_gso_segment(struct sk_buff *skb, netdev_features_t features)
 }
 static netdev_features_t harmonize_features(struct sk_buff *skb,
-                                            const struct net_device *dev,
+        netdev_features_t features)
-                                            netdev_features_t features)
 {
        int tmp;
        if (skb->ip_summed != CHECKSUM_NONE &&
            !can_checksum_protocol(features, skb_network_protocol(skb, &tmp))) {
                features &= ~NETIF_F_ALL_CSUM;
-        } else if (illegal_highdma(dev, skb)) {
+        } else if (illegal_highdma(skb->dev, skb)) {
                features &= ~NETIF_F_SG;
        }
        return features;
 }
-netdev_features_t netif_skb_dev_features(struct sk_buff *skb,
+netdev_features_t netif_skb_features(struct sk_buff *skb)
-                                         const struct net_device *dev)
 {
        __be16 protocol = skb->protocol;
-        netdev_features_t features = dev->features;
+        netdev_features_t features = skb->dev->features;
-        if (skb_shinfo(skb)->gso_segs > dev->gso_max_segs)
+        if (skb_shinfo(skb)->gso_segs > skb->dev->gso_max_segs)
                features &= ~NETIF_F_GSO_MASK;
        if (protocol == htons(ETH_P_8021Q) || protocol == htons(ETH_P_8021AD)) {
                struct vlan_ethhdr *veh = (struct vlan_ethhdr *)skb->data;
                protocol = veh->h_vlan_encapsulated_proto;
        } else if (!vlan_tx_tag_present(skb)) {
-                return harmonize_features(skb, dev, features);
+                return harmonize_features(skb, features);
        }
-        features &= (dev->vlan_features | NETIF_F_HW_VLAN_CTAG_TX |
+        features &= (skb->dev->vlan_features | NETIF_F_HW_VLAN_CTAG_TX |
                                               NETIF_F_HW_VLAN_STAG_TX);
        if (protocol == htons(ETH_P_8021Q) || protocol == htons(ETH_P_8021AD))
@@ -2538,9 +2536,9 @@ netdev_features_t netif_skb_dev_features(struct sk_buff *skb,
                                NETIF_F_GEN_CSUM | NETIF_F_HW_VLAN_CTAG_TX |
                                NETIF_F_HW_VLAN_STAG_TX;
-        return harmonize_features(skb, dev, features);
+        return harmonize_features(skb, features);
 }
-EXPORT_SYMBOL(netif_skb_dev_features);
+EXPORT_SYMBOL(netif_skb_features);
 int dev_hard_start_xmit(struct sk_buff *skb, struct net_device *dev,
                        struct netdev_queue *txq)
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index d4ff41739b0f..9837bebf93ce 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -774,7 +774,8 @@ static inline int rtnl_vfinfo_size(const struct net_device *dev,
                return 0;
 }
-static size_t rtnl_port_size(const struct net_device *dev)
+static size_t rtnl_port_size(const struct net_device *dev,
+                             u32 ext_filter_mask)
 {
        size_t port_size = nla_total_size(4)            /* PORT_VF */
                + nla_total_size(PORT_PROFILE_MAX)      /* PORT_PROFILE */
@@ -790,7 +791,8 @@ static size_t rtnl_port_size(const struct net_device *dev)
        size_t port_self_size = nla_total_size(sizeof(struct nlattr))
                + port_size;
-        if (!dev->netdev_ops->ndo_get_vf_port || !dev->dev.parent)
+        if (!dev->netdev_ops->ndo_get_vf_port || !dev->dev.parent ||
+            !(ext_filter_mask & RTEXT_FILTER_VF))
                return 0;
        if (dev_num_vf(dev->dev.parent))
                return port_self_size + vf_ports_size +
@@ -826,7 +828,7 @@ static noinline size_t if_nlmsg_size(const struct net_device *dev,
               + nla_total_size(ext_filter_mask
                                & RTEXT_FILTER_VF ? 4 : 0) /* IFLA_NUM_VF */
               + rtnl_vfinfo_size(dev, ext_filter_mask) /* IFLA_VFINFO_LIST */
-               + rtnl_port_size(dev) /* IFLA_VF_PORTS + IFLA_PORT_SELF */
+               + rtnl_port_size(dev, ext_filter_mask) /* IFLA_VF_PORTS + IFLA_PORT_SELF */
               + rtnl_link_get_size(dev) /* IFLA_LINKINFO */
               + rtnl_link_get_af_size(dev) /* IFLA_AF_SPEC */
               + nla_total_size(MAX_PHYS_PORT_ID_LEN); /* IFLA_PHYS_PORT_ID */
@@ -888,11 +890,13 @@ static int rtnl_port_self_fill(struct sk_buff *skb, struct net_device *dev)
        return 0;
 }
-static int rtnl_port_fill(struct sk_buff *skb, struct net_device *dev)
+static int rtnl_port_fill(struct sk_buff *skb, struct net_device *dev,
+                          u32 ext_filter_mask)
 {
        int err;
-        if (!dev->netdev_ops->ndo_get_vf_port || !dev->dev.parent)
+        if (!dev->netdev_ops->ndo_get_vf_port || !dev->dev.parent ||
+            !(ext_filter_mask & RTEXT_FILTER_VF))
                return 0;
        err = rtnl_port_self_fill(skb, dev);
@@ -1079,7 +1083,7 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb, struct net_device *dev,
                nla_nest_end(skb, vfinfo);
        }
-        if (rtnl_port_fill(skb, dev))
+        if (rtnl_port_fill(skb, dev, ext_filter_mask))
                goto nla_put_failure;
        if (dev->rtnl_link_ops || rtnl_have_link_slave_info(dev)) {
@@ -1198,6 +1202,7 @@ static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb)
        struct hlist_head *head;
        struct nlattr *tb[IFLA_MAX+1];
        u32 ext_filter_mask = 0;
+        int err;
        s_h = cb->args[0];
        s_idx = cb->args[1];
@@ -1218,11 +1223,17 @@ static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb)
                hlist_for_each_entry_rcu(dev, head, index_hlist) {
                        if (idx < s_idx)
                                goto cont;
-                        if (rtnl_fill_ifinfo(skb, dev, RTM_NEWLINK,
+                        err = rtnl_fill_ifinfo(skb, dev, RTM_NEWLINK,
-                                             NETLINK_CB(cb->skb).portid,
+                                               NETLINK_CB(cb->skb).portid,
-                                             cb->nlh->nlmsg_seq, 0,
+                                               cb->nlh->nlmsg_seq, 0,
-                                             NLM_F_MULTI,
+                                               NLM_F_MULTI,
-                                             ext_filter_mask) <= 0)
+                                               ext_filter_mask);
+                        /* If we ran out of room on the first message,
+                         * we're in trouble
+                         */
+                        WARN_ON((err == -EMSGSIZE) && (skb->len == 0));
+                        if (err <= 0)
                                goto out;
                        nl_dump_check_consistent(cb, nlmsg_hdr(skb));
@@ -1395,7 +1406,8 @@ static int do_set_master(struct net_device *dev, int ifindex)
        return 0;
 }
-static int do_setlink(struct net_device *dev, struct ifinfomsg *ifm,
+static int do_setlink(const struct sk_buff *skb,
+                      struct net_device *dev, struct ifinfomsg *ifm,
                      struct nlattr **tb, char *ifname, int modified)
 {
        const struct net_device_ops *ops = dev->netdev_ops;
@@ -1407,7 +1419,7 @@ static int do_setlink(struct net_device *dev, struct ifinfomsg *ifm,
                        err = PTR_ERR(net);
                        goto errout;
                }
-                if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) {
+                if (!netlink_ns_capable(skb, net->user_ns, CAP_NET_ADMIN)) {
                        err = -EPERM;
                        goto errout;
                }
@@ -1661,7 +1673,7 @@ static int rtnl_setlink(struct sk_buff *skb, struct nlmsghdr *nlh)
        if (err < 0)
                goto errout;
-        err = do_setlink(dev, ifm, tb, ifname, 0);
+        err = do_setlink(skb, dev, ifm, tb, ifname, 0);
 errout:
        return err;
 }
@@ -1778,7 +1790,8 @@ err:
 }
 EXPORT_SYMBOL(rtnl_create_link);
-static int rtnl_group_changelink(struct net *net, int group,
+static int rtnl_group_changelink(const struct sk_buff *skb,
+                struct net *net, int group,
                struct ifinfomsg *ifm,
                struct nlattr **tb)
 {
@@ -1787,7 +1800,7 @@ static int rtnl_group_changelink(struct net *net, int group,
        for_each_netdev(net, dev) {
                if (dev->group == group) {
-                        err = do_setlink(dev, ifm, tb, NULL, 0);
+                        err = do_setlink(skb, dev, ifm, tb, NULL, 0);
                        if (err < 0)
                                return err;
                }
@@ -1929,12 +1942,12 @@ replay:
                                modified = 1;
                        }
-                        return do_setlink(dev, ifm, tb, ifname, modified);
+                        return do_setlink(skb, dev, ifm, tb, ifname, modified);
                }
                if (!(nlh->nlmsg_flags & NLM_F_CREATE)) {
                        if (ifm->ifi_index == 0 && tb[IFLA_GROUP])
-                                return rtnl_group_changelink(net,
+                                return rtnl_group_changelink(skb, net,
                                                nla_get_u32(tb[IFLA_GROUP]),
                                                ifm, tb);
                        return -ENODEV;
@@ -2321,7 +2334,7 @@ static int rtnl_fdb_del(struct sk_buff *skb, struct nlmsghdr *nlh)
        int err = -EINVAL;
        __u8 *addr;
-        if (!capable(CAP_NET_ADMIN))
+        if (!netlink_capable(skb, CAP_NET_ADMIN))
                return -EPERM;
        err = nlmsg_parse(nlh, sizeof(*ndm), tb, NDA_MAX, NULL);
@@ -2773,7 +2786,7 @@ static int rtnetlink_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
        sz_idx = type>>2;
        kind = type&3;
-        if (kind != 2 && !ns_capable(net->user_ns, CAP_NET_ADMIN))
+        if (kind != 2 && !netlink_net_capable(skb, CAP_NET_ADMIN))
                return -EPERM;
        if (kind == 2 && nlh->nlmsg_flags&NLM_F_DUMP) {
diff --git a/net/core/sock.c b/net/core/sock.c
index b4fff008136f..664ee4295b6f 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -145,6 +145,55 @@
 static DEFINE_MUTEX(proto_list_mutex);
 static LIST_HEAD(proto_list);
+/**
+ * sk_ns_capable - General socket capability test
+ * @sk: Socket to use a capability on or through
+ * @user_ns: The user namespace of the capability to use
+ * @cap: The capability to use
+ *
+ * Test to see if the opener of the socket had when the socket was
+ * created and the current process has the capability @cap in the user
+ * namespace @user_ns.
+ */
+bool sk_ns_capable(const struct sock *sk,
+                   struct user_namespace *user_ns, int cap)
+{
+        return file_ns_capable(sk->sk_socket->file, user_ns, cap) &&
+                ns_capable(user_ns, cap);
+}
+EXPORT_SYMBOL(sk_ns_capable);
+/**
+ * sk_capable - Socket global capability test
+ * @sk: Socket to use a capability on or through
+ * @cap: The global capbility to use
+ *
+ * Test to see if the opener of the socket had when the socket was
+ * created and the current process has the capability @cap in all user
+ * namespaces.
+ */
+bool sk_capable(const struct sock *sk, int cap)
+{
+        return sk_ns_capable(sk, &init_user_ns, cap);
+}
+EXPORT_SYMBOL(sk_capable);
+/**
+ * sk_net_capable - Network namespace socket capability test
+ * @sk: Socket to use a capability on or through
+ * @cap: The capability to use
+ *
+ * Test to see if the opener of the socket had when the socke was created
+ * and the current process has the capability @cap over the network namespace
+ * the socket is a member of.
+ */
+bool sk_net_capable(const struct sock *sk, int cap)
+{
+        return sk_ns_capable(sk, sock_net(sk)->user_ns, cap);
+}
+EXPORT_SYMBOL(sk_net_capable);
 #ifdef CONFIG_MEMCG_KMEM
 int mem_cgroup_sockets_init(struct mem_cgroup *memcg, struct cgroup_subsys *ss)
 {
diff --git a/net/core/sock_diag.c b/net/core/sock_diag.c
index 9deb6abd6cf6..a4216a4c9572 100644
--- a/net/core/sock_diag.c
+++ b/net/core/sock_diag.c
@@ -49,7 +49,7 @@ int sock_diag_put_meminfo(struct sock *sk, struct sk_buff *skb, int attrtype)
 }
 EXPORT_SYMBOL_GPL(sock_diag_put_meminfo);
-int sock_diag_put_filterinfo(struct sock *sk,
+int sock_diag_put_filterinfo(bool may_report_filterinfo, struct sock *sk,
                             struct sk_buff *skb, int attrtype)
 {
        struct sock_fprog_kern *fprog;
@@ -58,7 +58,7 @@ int sock_diag_put_filterinfo(struct sock *sk,
        unsigned int flen;
        int err = 0;
-        if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) {
+        if (!may_report_filterinfo) {
                nla_reserve(skb, attrtype, 0);
                return 0;
        }
diff --git a/net/dcb/dcbnl.c b/net/dcb/dcbnl.c
index 553644402670..f8b98d89c285 100644
--- a/net/dcb/dcbnl.c
+++ b/net/dcb/dcbnl.c
@@ -1669,7 +1669,7 @@ static int dcb_doit(struct sk_buff *skb, struct nlmsghdr *nlh)
        struct nlmsghdr *reply_nlh = NULL;
        const struct reply_func *fn;
-        if ((nlh->nlmsg_type == RTM_SETDCB) && !capable(CAP_NET_ADMIN))
+        if ((nlh->nlmsg_type == RTM_SETDCB) && !netlink_capable(skb, CAP_NET_ADMIN))
                return -EPERM;
        ret = nlmsg_parse(nlh, sizeof(*dcb), tb, DCB_ATTR_MAX,
diff --git a/net/decnet/dn_dev.c b/net/decnet/dn_dev.c
index a603823a3e27..3b726f31c64c 100644
--- a/net/decnet/dn_dev.c
+++ b/net/decnet/dn_dev.c
@@ -574,7 +574,7 @@ static int dn_nl_deladdr(struct sk_buff *skb, struct nlmsghdr *nlh)
        struct dn_ifaddr __rcu **ifap;
        int err = -EINVAL;
-        if (!capable(CAP_NET_ADMIN))
+        if (!netlink_capable(skb, CAP_NET_ADMIN))
                return -EPERM;
        if (!net_eq(net, &init_net))
@@ -618,7 +618,7 @@ static int dn_nl_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh)
        struct dn_ifaddr *ifa;
        int err;
-        if (!capable(CAP_NET_ADMIN))
+        if (!netlink_capable(skb, CAP_NET_ADMIN))
                return -EPERM;
        if (!net_eq(net, &init_net))
diff --git a/net/decnet/dn_fib.c b/net/decnet/dn_fib.c
index 57dc159245ec..d332aefb0846 100644
--- a/net/decnet/dn_fib.c
+++ b/net/decnet/dn_fib.c
@@ -505,7 +505,7 @@ static int dn_fib_rtm_delroute(struct sk_buff *skb, struct nlmsghdr *nlh)
        struct nlattr *attrs[RTA_MAX+1];
        int err;
-        if (!capable(CAP_NET_ADMIN))
+        if (!netlink_capable(skb, CAP_NET_ADMIN))
                return -EPERM;
        if (!net_eq(net, &init_net))
@@ -530,7 +530,7 @@ static int dn_fib_rtm_newroute(struct sk_buff *skb, struct nlmsghdr *nlh)
        struct nlattr *attrs[RTA_MAX+1];
        int err;
-        if (!capable(CAP_NET_ADMIN))
+        if (!netlink_capable(skb, CAP_NET_ADMIN))
                return -EPERM;
        if (!net_eq(net, &init_net))
diff --git a/net/decnet/netfilter/dn_rtmsg.c b/net/decnet/netfilter/dn_rtmsg.c
index e83015cecfa7..e4d9560a910b 100644
--- a/net/decnet/netfilter/dn_rtmsg.c
+++ b/net/decnet/netfilter/dn_rtmsg.c
@@ -107,7 +107,7 @@ static inline void dnrmg_receive_user_skb(struct sk_buff *skb)
        if (nlh->nlmsg_len < sizeof(*nlh) || skb->len < nlh->nlmsg_len)
                return;
-        if (!capable(CAP_NET_ADMIN))
+        if (!netlink_capable(skb, CAP_NET_ADMIN))
                RCV_SKB_FAIL(-EPERM);
        /* Eventually we might send routing messages too */
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index 6765d91b8e75..211c0cc6c3d3 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -1619,6 +1619,39 @@ static int __init init_ipv4_mibs(void)
        return register_pernet_subsys(&ipv4_mib_ops);
 }
+static __net_init int inet_init_net(struct net *net)
+{
+        /*
+         * Set defaults for local port range
+         */
+        seqlock_init(&net->ipv4.ip_local_ports.lock);
+        net->ipv4.ip_local_ports.range[0] =  32768;
+        net->ipv4.ip_local_ports.range[1] =  61000;
+        seqlock_init(&net->ipv4.ping_group_range.lock);
+        /*
+         * Sane defaults - nobody may create ping sockets.
+         * Boot scripts should set this to distro-specific group.
+         */
+        net->ipv4.ping_group_range.range[0] = make_kgid(&init_user_ns, 1);
+        net->ipv4.ping_group_range.range[1] = make_kgid(&init_user_ns, 0);
+        return 0;
+}
+static __net_exit void inet_exit_net(struct net *net)
+{
+}
+static __net_initdata struct pernet_operations af_inet_ops = {
+        .init = inet_init_net,
+        .exit = inet_exit_net,
+};
+static int __init init_inet_pernet_ops(void)
+{
+        return register_pernet_subsys(&af_inet_ops);
+}
 static int ipv4_proc_init(void);
 /*
@@ -1763,6 +1796,9 @@ static int __init inet_init(void)
        if (ip_mr_init())
                pr_crit("%s: Cannot init ipv4 mroute\n", __func__);
 #endif
+        if (init_inet_pernet_ops())
+                pr_crit("%s: Cannot init ipv4 inet pernet ops\n", __func__);
        /*
         *      Initialise per-cpu ipv4 mibs
         */
diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c
index 8a043f03c88e..b10cd43a4722 100644
--- a/net/ipv4/fib_semantics.c
+++ b/net/ipv4/fib_semantics.c
@@ -821,13 +821,13 @@ struct fib_info *fib_create_info(struct fib_config *cfg)
        fi = kzalloc(sizeof(*fi)+nhs*sizeof(struct fib_nh), GFP_KERNEL);
        if (fi == NULL)
                goto failure;
+        fib_info_cnt++;
        if (cfg->fc_mx) {
                fi->fib_metrics = kzalloc(sizeof(u32) * RTAX_MAX, GFP_KERNEL);
                if (!fi->fib_metrics)
                        goto failure;
        } else
                fi->fib_metrics = (u32 *) dst_default_metrics;
-        fib_info_cnt++;
        fi->fib_net = hold_net(net);
        fi->fib_protocol = cfg->fc_protocol;
diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c
index 0d1e2cb877ec..a56b8e6e866a 100644
--- a/net/ipv4/inet_connection_sock.c
+++ b/net/ipv4/inet_connection_sock.c
@@ -37,11 +37,11 @@ void inet_get_local_port_range(struct net *net, int *low, int *high)
        unsigned int seq;
        do {
-                seq = read_seqbegin(&net->ipv4.sysctl_local_ports.lock);
+                seq = read_seqbegin(&net->ipv4.ip_local_ports.lock);
-                *low = net->ipv4.sysctl_local_ports.range[0];
+                *low = net->ipv4.ip_local_ports.range[0];
-                *high = net->ipv4.sysctl_local_ports.range[1];
+                *high = net->ipv4.ip_local_ports.range[1];
-        } while (read_seqretry(&net->ipv4.sysctl_local_ports.lock, seq));
+        } while (read_seqretry(&net->ipv4.ip_local_ports.lock, seq));
 }
 EXPORT_SYMBOL(inet_get_local_port_range);
diff --git a/net/ipv4/ip_forward.c b/net/ipv4/ip_forward.c
index be8abe73bb9f..6f111e48e11c 100644
--- a/net/ipv4/ip_forward.c
+++ b/net/ipv4/ip_forward.c
@@ -42,12 +42,12 @@
 static bool ip_may_fragment(const struct sk_buff *skb)
 {
        return unlikely((ip_hdr(skb)->frag_off & htons(IP_DF)) == 0) ||
-               !skb->local_df;
+                skb->local_df;
 }
 static bool ip_exceeds_mtu(const struct sk_buff *skb, unsigned int mtu)
 {
-        if (skb->len <= mtu || skb->local_df)
+        if (skb->len <= mtu)
                return false;
        if (skb_is_gso(skb) && skb_gso_network_seglen(skb) <= mtu)
@@ -56,53 +56,6 @@ static bool ip_exceeds_mtu(const struct sk_buff *skb, unsigned int mtu)
        return true;
 }
-static bool ip_gso_exceeds_dst_mtu(const struct sk_buff *skb)
-{
-        unsigned int mtu;
-        if (skb->local_df || !skb_is_gso(skb))
-                return false;
-        mtu = ip_dst_mtu_maybe_forward(skb_dst(skb), true);
-        /* if seglen > mtu, do software segmentation for IP fragmentation on
-         * output.  DF bit cannot be set since ip_forward would have sent
-         * icmp error.
-         */
-        return skb_gso_network_seglen(skb) > mtu;
-}
-/* called if GSO skb needs to be fragmented on forward */
-static int ip_forward_finish_gso(struct sk_buff *skb)
-{
-        struct dst_entry *dst = skb_dst(skb);
-        netdev_features_t features;
-        struct sk_buff *segs;
-        int ret = 0;
-        features = netif_skb_dev_features(skb, dst->dev);
-        segs = skb_gso_segment(skb, features & ~NETIF_F_GSO_MASK);
-        if (IS_ERR(segs)) {
-                kfree_skb(skb);
-                return -ENOMEM;
-        }
-        consume_skb(skb);
-        do {
-                struct sk_buff *nskb = segs->next;
-                int err;
-                segs->next = NULL;
-                err = dst_output(segs);
-                if (err && ret == 0)
-                        ret = err;
-                segs = nskb;
-        } while (segs);
-        return ret;
-}
 static int ip_forward_finish(struct sk_buff *skb)
 {
@@ -114,9 +67,6 @@ static int ip_forward_finish(struct sk_buff *skb)
        if (unlikely(opt->optlen))
                ip_forward_options(skb);
-        if (ip_gso_exceeds_dst_mtu(skb))
-                return ip_forward_finish_gso(skb);
        return dst_output(skb);
 }
diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
index c10a3ce5cbff..ed32313e307c 100644
--- a/net/ipv4/ip_fragment.c
+++ b/net/ipv4/ip_fragment.c
@@ -232,8 +232,9 @@ static void ip_expire(unsigned long arg)
                 * "Fragment Reassembly Timeout" message, per RFC792.
                 */
                if (qp->user == IP_DEFRAG_AF_PACKET ||
-                    (qp->user == IP_DEFRAG_CONNTRACK_IN &&
+                    ((qp->user >= IP_DEFRAG_CONNTRACK_IN) &&
-                     skb_rtable(head)->rt_type != RTN_LOCAL))
+                     (qp->user <= __IP_DEFRAG_CONNTRACK_IN_END) &&
+                     (skb_rtable(head)->rt_type != RTN_LOCAL)))
                        goto out_rcu_unlock;
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index 1cbeba5edff9..a52f50187b54 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -211,6 +211,48 @@ static inline int ip_finish_output2(struct sk_buff *skb)
        return -EINVAL;
 }
+static int ip_finish_output_gso(struct sk_buff *skb)
+{
+        netdev_features_t features;
+        struct sk_buff *segs;
+        int ret = 0;
+        /* common case: locally created skb or seglen is <= mtu */
+        if (((IPCB(skb)->flags & IPSKB_FORWARDED) == 0) ||
+              skb_gso_network_seglen(skb) <= ip_skb_dst_mtu(skb))
+                return ip_finish_output2(skb);
+        /* Slowpath -  GSO segment length is exceeding the dst MTU.
+         *
+         * This can happen in two cases:
+         * 1) TCP GRO packet, DF bit not set
+         * 2) skb arrived via virtio-net, we thus get TSO/GSO skbs directly
+         * from host network stack.
+         */
+        features = netif_skb_features(skb);
+        segs = skb_gso_segment(skb, features & ~NETIF_F_GSO_MASK);
+        if (IS_ERR(segs)) {
+                kfree_skb(skb);
+                return -ENOMEM;
+        }
+        consume_skb(skb);
+        do {
+                struct sk_buff *nskb = segs->next;
+                int err;
+                segs->next = NULL;
+                err = ip_fragment(segs, ip_finish_output2);
+                if (err && ret == 0)
+                        ret = err;
+                segs = nskb;
+        } while (segs);
+        return ret;
+}
 static int ip_finish_output(struct sk_buff *skb)
 {
 #if defined(CONFIG_NETFILTER) && defined(CONFIG_XFRM)
@@ -220,10 +262,13 @@ static int ip_finish_output(struct sk_buff *skb)
                return dst_output(skb);
        }
 #endif
-        if (skb->len > ip_skb_dst_mtu(skb) && !skb_is_gso(skb))
+        if (skb_is_gso(skb))
+                return ip_finish_output_gso(skb);
+        if (skb->len > ip_skb_dst_mtu(skb))
                return ip_fragment(skb, ip_finish_output2);
-        else
-                return ip_finish_output2(skb);
+        return ip_finish_output2(skb);
 }
 int ip_mc_output(struct sock *sk, struct sk_buff *skb)
diff --git a/net/ipv4/ip_tunnel.c b/net/ipv4/ip_tunnel.c
index fa5b7519765f..b3f859731c60 100644
--- a/net/ipv4/ip_tunnel.c
+++ b/net/ipv4/ip_tunnel.c
@@ -442,6 +442,8 @@ int ip_tunnel_rcv(struct ip_tunnel *tunnel, struct sk_buff *skb,
                tunnel->i_seqno = ntohl(tpi->seq) + 1;
        }
+        skb_reset_network_header(skb);
        err = IP_ECN_decapsulate(iph, skb);
        if (unlikely(err)) {
                if (log_ecn_error)
diff --git a/net/ipv4/netfilter/nf_defrag_ipv4.c b/net/ipv4/netfilter/nf_defrag_ipv4.c
index 12e13bd82b5b..f40f321b41fc 100644
--- a/net/ipv4/netfilter/nf_defrag_ipv4.c
+++ b/net/ipv4/netfilter/nf_defrag_ipv4.c
@@ -22,7 +22,6 @@
 #endif
 #include <net/netfilter/nf_conntrack_zones.h>
-/* Returns new sk_buff, or NULL */
 static int nf_ct_ipv4_gather_frags(struct sk_buff *skb, u_int32_t user)
 {
        int err;
@@ -33,8 +32,10 @@ static int nf_ct_ipv4_gather_frags(struct sk_buff *skb, u_int32_t user)
        err = ip_defrag(skb, user);
        local_bh_enable();
-        if (!err)
+        if (!err) {
                ip_send_check(ip_hdr(skb));
+                skb->local_df = 1;
+        }
        return err;
 }
diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c
index 8210964a9f19..044a0ddf6a79 100644
--- a/net/ipv4/ping.c
+++ b/net/ipv4/ping.c
@@ -236,15 +236,15 @@ exit:
 static void inet_get_ping_group_range_net(struct net *net, kgid_t *low,
                                          kgid_t *high)
 {
-        kgid_t *data = net->ipv4.sysctl_ping_group_range;
+        kgid_t *data = net->ipv4.ping_group_range.range;
        unsigned int seq;
        do {
-                seq = read_seqbegin(&net->ipv4.sysctl_local_ports.lock);
+                seq = read_seqbegin(&net->ipv4.ping_group_range.lock);
                *low = data[0];
                *high = data[1];
-        } while (read_seqretry(&net->ipv4.sysctl_local_ports.lock, seq));
+        } while (read_seqretry(&net->ipv4.ping_group_range.lock, seq));
 }
diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c
index 44eba052b43d..5cde8f263d40 100644
--- a/net/ipv4/sysctl_net_ipv4.c
+++ b/net/ipv4/sysctl_net_ipv4.c
@@ -45,10 +45,10 @@ static int ip_ping_group_range_max[] = { GID_T_MAX, GID_T_MAX };
 /* Update system visible IP port range */
 static void set_local_port_range(struct net *net, int range[2])
 {
-        write_seqlock(&net->ipv4.sysctl_local_ports.lock);
+        write_seqlock(&net->ipv4.ip_local_ports.lock);
-        net->ipv4.sysctl_local_ports.range[0] = range[0];
+        net->ipv4.ip_local_ports.range[0] = range[0];
-        net->ipv4.sysctl_local_ports.range[1] = range[1];
+        net->ipv4.ip_local_ports.range[1] = range[1];
-        write_sequnlock(&net->ipv4.sysctl_local_ports.lock);
+        write_sequnlock(&net->ipv4.ip_local_ports.lock);
 }
 /* Validate changes from /proc interface. */
@@ -57,7 +57,7 @@ static int ipv4_local_port_range(struct ctl_table *table, int write,
                                 size_t *lenp, loff_t *ppos)
 {
        struct net *net =
-                container_of(table->data, struct net, ipv4.sysctl_local_ports.range);
+                container_of(table->data, struct net, ipv4.ip_local_ports.range);
        int ret;
        int range[2];
        struct ctl_table tmp = {
@@ -87,14 +87,14 @@ static void inet_get_ping_group_range_table(struct ctl_table *table, kgid_t *low
 {
        kgid_t *data = table->data;
        struct net *net =
-                container_of(table->data, struct net, ipv4.sysctl_ping_group_range);
+                container_of(table->data, struct net, ipv4.ping_group_range.range);
        unsigned int seq;
        do {
-                seq = read_seqbegin(&net->ipv4.sysctl_local_ports.lock);
+                seq = read_seqbegin(&net->ipv4.ip_local_ports.lock);
                *low = data[0];
                *high = data[1];
-        } while (read_seqretry(&net->ipv4.sysctl_local_ports.lock, seq));
+        } while (read_seqretry(&net->ipv4.ip_local_ports.lock, seq));
 }
 /* Update system visible IP port range */
@@ -102,11 +102,11 @@ static void set_ping_group_range(struct ctl_table *table, kgid_t low, kgid_t hig
 {
        kgid_t *data = table->data;
        struct net *net =
-                container_of(table->data, struct net, ipv4.sysctl_ping_group_range);
+                container_of(table->data, struct net, ipv4.ping_group_range.range);
-        write_seqlock(&net->ipv4.sysctl_local_ports.lock);
+        write_seqlock(&net->ipv4.ip_local_ports.lock);
        data[0] = low;
        data[1] = high;
-        write_sequnlock(&net->ipv4.sysctl_local_ports.lock);
+        write_sequnlock(&net->ipv4.ip_local_ports.lock);
 }
 /* Validate changes from /proc interface. */
@@ -805,7 +805,7 @@ static struct ctl_table ipv4_net_table[] = {
        },
        {
                .procname       = "ping_group_range",
-                .data           = &init_net.ipv4.sysctl_ping_group_range,
+                .data           = &init_net.ipv4.ping_group_range.range,
                .maxlen         = sizeof(gid_t)*2,
                .mode           = 0644,
                .proc_handler   = ipv4_ping_group_range,
@@ -819,8 +819,8 @@ static struct ctl_table ipv4_net_table[] = {
        },
        {
                .procname       = "ip_local_port_range",
-                .maxlen         = sizeof(init_net.ipv4.sysctl_local_ports.range),
+                .maxlen         = sizeof(init_net.ipv4.ip_local_ports.range),
-                .data           = &init_net.ipv4.sysctl_local_ports.range,
+                .data           = &init_net.ipv4.ip_local_ports.range,
                .mode           = 0644,
                .proc_handler   = ipv4_local_port_range,
        },
@@ -858,20 +858,6 @@ static __net_init int ipv4_sysctl_init_net(struct net *net)
                        table[i].data += (void *)net - (void *)&init_net;
        }
-        /*
-         * Sane defaults - nobody may create ping sockets.
-         * Boot scripts should set this to distro-specific group.
-         */
-        net->ipv4.sysctl_ping_group_range[0] = make_kgid(&init_user_ns, 1);
-        net->ipv4.sysctl_ping_group_range[1] = make_kgid(&init_user_ns, 0);
-        /*
-         * Set defaults for local port range
-         */
-        seqlock_init(&net->ipv4.sysctl_local_ports.lock);
-        net->ipv4.sysctl_local_ports.range[0] =  32768;
-        net->ipv4.sysctl_local_ports.range[1] =  61000;
        net->ipv4.ipv4_hdr = register_net_sysctl(net, "net/ipv4", table);
        if (net->ipv4.ipv4_hdr == NULL)
                goto err_reg;
diff --git a/net/ipv4/tcp_cubic.c b/net/ipv4/tcp_cubic.c
index ba2a4f3a6a1e..a9bd8a4828a9 100644
--- a/net/ipv4/tcp_cubic.c
+++ b/net/ipv4/tcp_cubic.c
@@ -408,7 +408,7 @@ static void bictcp_acked(struct sock *sk, u32 cnt, s32 rtt_us)
                ratio -= ca->delayed_ack >> ACK_RATIO_SHIFT;
                ratio += cnt;
-                ca->delayed_ack = min(ratio, ACK_RATIO_LIMIT);
+                ca->delayed_ack = clamp(ratio, 1U, ACK_RATIO_LIMIT);
        }
        /* Some calls are for duplicates without timetamps */
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index 89277a34f2c9..694711a140d4 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -2488,8 +2488,14 @@ int __tcp_retransmit_skb(struct sock *sk, struct sk_buff *skb)
                err = tcp_transmit_skb(sk, skb, 1, GFP_ATOMIC);
        }
-        if (likely(!err))
+        if (likely(!err)) {
                TCP_SKB_CB(skb)->sacked |= TCPCB_EVER_RETRANS;
+                /* Update global TCP statistics. */
+                TCP_INC_STATS(sock_net(sk), TCP_MIB_RETRANSSEGS);
+                if (TCP_SKB_CB(skb)->tcp_flags & TCPHDR_SYN)
+                        NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPSYNRETRANS);
+                tp->total_retrans++;
+        }
        return err;
 }
@@ -2499,12 +2505,6 @@ int tcp_retransmit_skb(struct sock *sk, struct sk_buff *skb)
        int err = __tcp_retransmit_skb(sk, skb);
        if (err == 0) {
-                /* Update global TCP statistics. */
-                TCP_INC_STATS(sock_net(sk), TCP_MIB_RETRANSSEGS);
-                if (TCP_SKB_CB(skb)->tcp_flags & TCPHDR_SYN)
-                        NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPSYNRETRANS);
-                tp->total_retrans++;
 #if FASTRETRANS_DEBUG > 0
                if (TCP_SKB_CB(skb)->sacked & TCPCB_SACKED_RETRANS) {
                        net_dbg_ratelimited("retrans_out leaked\n");
diff --git a/net/ipv6/ip6_fib.c b/net/ipv6/ip6_fib.c
index 6fefd44abbf5..cb4459bd1d29 100644
--- a/net/ipv6/ip6_fib.c
+++ b/net/ipv6/ip6_fib.c
@@ -1458,7 +1458,7 @@ static int fib6_walk_continue(struct fib6_walker_t *w)
                                if (w->skip) {
                                        w->skip--;
-                                        continue;
+                                        goto skip;
                                }
                                err = w->func(w);
@@ -1468,6 +1468,7 @@ static int fib6_walk_continue(struct fib6_walker_t *w)
                                w->count++;
                                continue;
                        }
+skip:
                        w->state = FWS_U;
                case FWS_U:
                        if (fn == w->root)
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index 40e7581374f7..31a38bde69ef 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -344,12 +344,16 @@ static unsigned int ip6_dst_mtu_forward(const struct dst_entry *dst)
 static bool ip6_pkt_too_big(const struct sk_buff *skb, unsigned int mtu)
 {
-        if (skb->len <= mtu || skb->local_df)
+        if (skb->len <= mtu)
                return false;
+        /* ipv6 conntrack defrag sets max_frag_size + local_df */
        if (IP6CB(skb)->frag_max_size && IP6CB(skb)->frag_max_size > mtu)
                return true;
+        if (skb->local_df)
+                return false;
        if (skb_is_gso(skb) && skb_gso_network_seglen(skb) <= mtu)
                return false;
diff --git a/net/ipv6/ip6mr.c b/net/ipv6/ip6mr.c
index 8659067da28e..8250474ab7dc 100644
--- a/net/ipv6/ip6mr.c
+++ b/net/ipv6/ip6mr.c
@@ -1633,7 +1633,7 @@ struct sock *mroute6_socket(struct net *net, struct sk_buff *skb)
 {
        struct mr6_table *mrt;
        struct flowi6 fl6 = {
-                .flowi6_iif     = skb->skb_iif,
+                .flowi6_iif     = skb->skb_iif ? : LOOPBACK_IFINDEX,
                .flowi6_oif     = skb->dev->ifindex,
                .flowi6_mark    = skb->mark,
        };
diff --git a/net/ipv6/netfilter.c b/net/ipv6/netfilter.c
index 95f3f1da0d7f..d38e6a8d8b9f 100644
--- a/net/ipv6/netfilter.c
+++ b/net/ipv6/netfilter.c
@@ -30,13 +30,15 @@ int ip6_route_me_harder(struct sk_buff *skb)
                .daddr = iph->daddr,
                .saddr = iph->saddr,
        };
+        int err;
        dst = ip6_route_output(net, skb->sk, &fl6);
-        if (dst->error) {
+        err = dst->error;
+        if (err) {
                IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTNOROUTES);
                LIMIT_NETDEBUG(KERN_DEBUG "ip6_route_me_harder: No more route.\n");
                dst_release(dst);
-                return dst->error;
+                return err;
        }
        /* Drop old route. */
diff --git a/net/ipv6/netfilter/ip6t_rpfilter.c b/net/ipv6/netfilter/ip6t_rpfilter.c
index e0983f3648a6..790e0c6b19e1 100644
--- a/net/ipv6/netfilter/ip6t_rpfilter.c
+++ b/net/ipv6/netfilter/ip6t_rpfilter.c
@@ -33,6 +33,7 @@ static bool rpfilter_lookup_reverse6(const struct sk_buff *skb,
        struct ipv6hdr *iph = ipv6_hdr(skb);
        bool ret = false;
        struct flowi6 fl6 = {
+                .flowi6_iif = LOOPBACK_IFINDEX,
                .flowlabel = (* (__be32 *) iph) & IPV6_FLOWINFO_MASK,
                .flowi6_proto = iph->nexthdr,
                .daddr = iph->saddr,
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index 4011617cca68..004fffb6c221 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -1273,6 +1273,7 @@ void ip6_redirect(struct sk_buff *skb, struct net *net, int oif, u32 mark)
        struct flowi6 fl6;
        memset(&fl6, 0, sizeof(fl6));
+        fl6.flowi6_iif = LOOPBACK_IFINDEX;
        fl6.flowi6_oif = oif;
        fl6.flowi6_mark = mark;
        fl6.daddr = iph->daddr;
@@ -1294,6 +1295,7 @@ void ip6_redirect_no_header(struct sk_buff *skb, struct net *net, int oif,
        struct flowi6 fl6;
        memset(&fl6, 0, sizeof(fl6));
+        fl6.flowi6_iif = LOOPBACK_IFINDEX;
        fl6.flowi6_oif = oif;
        fl6.flowi6_mark = mark;
        fl6.daddr = msg->dest;
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 0e5b67015650..394e201cde6d 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -1232,7 +1232,8 @@ ieee80211_rx_h_sta_process(struct ieee80211_rx_data *rx)
                if (ether_addr_equal(bssid, rx->sdata->u.ibss.bssid) &&
                    test_sta_flag(sta, WLAN_STA_AUTHORIZED)) {
                        sta->last_rx = jiffies;
-                        if (ieee80211_is_data(hdr->frame_control)) {
+                        if (ieee80211_is_data(hdr->frame_control) &&
+                            !is_multicast_ether_addr(hdr->addr1)) {
                                sta->last_rx_rate_idx = status->rate_idx;
                                sta->last_rx_rate_flag = status->flag;
                                sta->last_rx_rate_vht_flag = status->vht_flag;
diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c
index c34a5f97abc7..632d372bb511 100644
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -1147,7 +1147,8 @@ void ieee80211_sta_ps_deliver_wakeup(struct sta_info *sta)
        atomic_dec(&ps->num_sta_ps);
        /* This station just woke up and isn't aware of our SMPS state */
-        if (!ieee80211_smps_is_restrictive(sta->known_smps_mode,
+        if (!ieee80211_vif_is_mesh(&sdata->vif) &&
+            !ieee80211_smps_is_restrictive(sta->known_smps_mode,
                                           sdata->smps_mode) &&
            sta->known_smps_mode != sdata->bss->req_smps &&
            sta_info_tx_streams(sta) != 1) {
diff --git a/net/mac80211/status.c b/net/mac80211/status.c
index 00ba90b02ab2..60cb7a665976 100644
--- a/net/mac80211/status.c
+++ b/net/mac80211/status.c
@@ -314,10 +314,9 @@ ieee80211_add_tx_radiotap_header(struct ieee80211_local *local,
            !is_multicast_ether_addr(hdr->addr1))
                txflags |= IEEE80211_RADIOTAP_F_TX_FAIL;
-        if ((info->status.rates[0].flags & IEEE80211_TX_RC_USE_RTS_CTS) ||
+        if (info->status.rates[0].flags & IEEE80211_TX_RC_USE_CTS_PROTECT)
-            (info->status.rates[0].flags & IEEE80211_TX_RC_USE_CTS_PROTECT))
                txflags |= IEEE80211_RADIOTAP_F_TX_CTS;
-        else if (info->status.rates[0].flags & IEEE80211_TX_RC_USE_RTS_CTS)
+        if (info->status.rates[0].flags & IEEE80211_TX_RC_USE_RTS_CTS)
                txflags |= IEEE80211_RADIOTAP_F_TX_RTS;
        put_unaligned_le16(txflags, pos);
diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index ad058759e85e..c08bd4aca6bb 100644
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -1777,7 +1777,7 @@ int ieee80211_reconfig(struct ieee80211_local *local)
        mutex_unlock(&local->mtx);
        if (sched_scan_stopped)
-                cfg80211_sched_scan_stopped(local->hw.wiphy);
+                cfg80211_sched_scan_stopped_rtnl(local->hw.wiphy);
        /*
         * If this is for hw restart things are still running.
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index ccc46fa5edbc..58579634427d 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -1336,6 +1336,9 @@ ctnetlink_setup_nat(struct nf_conn *ct, const struct nlattr * const cda[])
 #ifdef CONFIG_NF_NAT_NEEDED
        int ret;
+        if (!cda[CTA_NAT_DST] && !cda[CTA_NAT_SRC])
+                return 0;
        ret = ctnetlink_parse_nat_setup(ct, NF_NAT_MANIP_DST,
                                        cda[CTA_NAT_DST]);
        if (ret < 0)
diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c
index 6e42dcfad40a..c138b8fbe280 100644
--- a/net/netfilter/nfnetlink.c
+++ b/net/netfilter/nfnetlink.c
@@ -256,15 +256,15 @@ replay:
 #endif
                {
                        nfnl_unlock(subsys_id);
-                        kfree_skb(nskb);
+                        netlink_ack(skb, nlh, -EOPNOTSUPP);
-                        return netlink_ack(skb, nlh, -EOPNOTSUPP);
+                        return kfree_skb(nskb);
                }
        }
        if (!ss->commit || !ss->abort) {
                nfnl_unlock(subsys_id);
-                kfree_skb(nskb);
+                netlink_ack(skb, nlh, -EOPNOTSUPP);
-                return netlink_ack(skb, nlh, -EOPNOTSUPP);
+                return kfree_skb(skb);
        }
        while (skb->len >= nlmsg_total_size(0)) {
@@ -368,14 +368,13 @@ done:
 static void nfnetlink_rcv(struct sk_buff *skb)
 {
        struct nlmsghdr *nlh = nlmsg_hdr(skb);
-        struct net *net = sock_net(skb->sk);
        int msglen;
        if (nlh->nlmsg_len < NLMSG_HDRLEN ||
            skb->len < nlh->nlmsg_len)
                return;
-        if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) {
+        if (!netlink_net_capable(skb, CAP_NET_ADMIN)) {
                netlink_ack(skb, nlh, -EPERM);
                return;
        }
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index 92f4b6915e89..e0ccd84d4d67 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -1364,7 +1364,72 @@ retry:
        return err;
 }
-static inline int netlink_capable(const struct socket *sock, unsigned int flag)
+/**
+ * __netlink_ns_capable - General netlink message capability test
+ * @nsp: NETLINK_CB of the socket buffer holding a netlink command from userspace.
+ * @user_ns: The user namespace of the capability to use
+ * @cap: The capability to use
+ *
+ * Test to see if the opener of the socket we received the message
+ * from had when the netlink socket was created and the sender of the
+ * message has has the capability @cap in the user namespace @user_ns.
+ */
+bool __netlink_ns_capable(const struct netlink_skb_parms *nsp,
+                        struct user_namespace *user_ns, int cap)
+{
+        return sk_ns_capable(nsp->sk, user_ns, cap);
+}
+EXPORT_SYMBOL(__netlink_ns_capable);
+/**
+ * netlink_ns_capable - General netlink message capability test
+ * @skb: socket buffer holding a netlink command from userspace
+ * @user_ns: The user namespace of the capability to use
+ * @cap: The capability to use
+ *
+ * Test to see if the opener of the socket we received the message
+ * from had when the netlink socket was created and the sender of the
+ * message has has the capability @cap in the user namespace @user_ns.
+ */
+bool netlink_ns_capable(const struct sk_buff *skb,
+                        struct user_namespace *user_ns, int cap)
+{
+        return __netlink_ns_capable(&NETLINK_CB(skb), user_ns, cap);
+}
+EXPORT_SYMBOL(netlink_ns_capable);
+/**
+ * netlink_capable - Netlink global message capability test
+ * @skb: socket buffer holding a netlink command from userspace
+ * @cap: The capability to use
+ *
+ * Test to see if the opener of the socket we received the message
+ * from had when the netlink socket was created and the sender of the
+ * message has has the capability @cap in all user namespaces.
+ */
+bool netlink_capable(const struct sk_buff *skb, int cap)
+{
+        return netlink_ns_capable(skb, &init_user_ns, cap);
+}
+EXPORT_SYMBOL(netlink_capable);
+/**
+ * netlink_net_capable - Netlink network namespace message capability test
+ * @skb: socket buffer holding a netlink command from userspace
+ * @cap: The capability to use
+ *
+ * Test to see if the opener of the socket we received the message
+ * from had when the netlink socket was created and the sender of the
+ * message has has the capability @cap over the network namespace of
+ * the socket we received the message from.
+ */
+bool netlink_net_capable(const struct sk_buff *skb, int cap)
+{
+        return netlink_ns_capable(skb, sock_net(skb->sk)->user_ns, cap);
+}
+EXPORT_SYMBOL(netlink_net_capable);
+static inline int netlink_allowed(const struct socket *sock, unsigned int flag)
 {
        return (nl_table[sock->sk->sk_protocol].flags & flag) ||
                ns_capable(sock_net(sock->sk)->user_ns, CAP_NET_ADMIN);
@@ -1446,7 +1511,7 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr,
        /* Only superuser is allowed to listen multicasts */
        if (groups) {
-                if (!netlink_capable(sock, NL_CFG_F_NONROOT_RECV))
+                if (!netlink_allowed(sock, NL_CFG_F_NONROOT_RECV))
                        return -EPERM;
                err = netlink_realloc_groups(sk);
                if (err)
@@ -1516,7 +1581,7 @@ static int netlink_connect(struct socket *sock, struct sockaddr *addr,
                return -EINVAL;
        if ((nladdr->nl_groups || nladdr->nl_pid) &&
-            !netlink_capable(sock, NL_CFG_F_NONROOT_SEND))
+            !netlink_allowed(sock, NL_CFG_F_NONROOT_SEND))
                return -EPERM;
        if (!nlk->portid)
@@ -2122,7 +2187,7 @@ static int netlink_setsockopt(struct socket *sock, int level, int optname,
                break;
        case NETLINK_ADD_MEMBERSHIP:
        case NETLINK_DROP_MEMBERSHIP: {
-                if (!netlink_capable(sock, NL_CFG_F_NONROOT_RECV))
+                if (!netlink_allowed(sock, NL_CFG_F_NONROOT_RECV))
                        return -EPERM;
                err = netlink_realloc_groups(sk);
                if (err)
@@ -2277,7 +2342,7 @@ static int netlink_sendmsg(struct kiocb *kiocb, struct socket *sock,
                dst_group = ffs(addr->nl_groups);
                err =  -EPERM;
                if ((dst_group || dst_portid) &&
-                    !netlink_capable(sock, NL_CFG_F_NONROOT_SEND))
+                    !netlink_allowed(sock, NL_CFG_F_NONROOT_SEND))
                        goto out;
        } else {
                dst_portid = nlk->dst_portid;
diff --git a/net/netlink/genetlink.c b/net/netlink/genetlink.c
index b1dcdb932a86..a3ba3ca0ff92 100644
--- a/net/netlink/genetlink.c
+++ b/net/netlink/genetlink.c
@@ -561,7 +561,7 @@ static int genl_family_rcv_msg(struct genl_family *family,
                return -EOPNOTSUPP;
        if ((ops->flags & GENL_ADMIN_PERM) &&
-            !capable(CAP_NET_ADMIN))
+            !netlink_capable(skb, CAP_NET_ADMIN))
                return -EPERM;
        if ((nlh->nlmsg_flags & NLM_F_DUMP) == NLM_F_DUMP) {
diff --git a/net/packet/diag.c b/net/packet/diag.c
index 435ff99ba8c7..92f2c7107eec 100644
--- a/net/packet/diag.c
+++ b/net/packet/diag.c
@@ -128,6 +128,7 @@ static int pdiag_put_fanout(struct packet_sock *po, struct sk_buff *nlskb)
 static int sk_diag_fill(struct sock *sk, struct sk_buff *skb,
                        struct packet_diag_req *req,
+                        bool may_report_filterinfo,
                        struct user_namespace *user_ns,
                        u32 portid, u32 seq, u32 flags, int sk_ino)
 {
@@ -172,7 +173,8 @@ static int sk_diag_fill(struct sock *sk, struct sk_buff *skb,
                goto out_nlmsg_trim;
        if ((req->pdiag_show & PACKET_SHOW_FILTER) &&
-            sock_diag_put_filterinfo(sk, skb, PACKET_DIAG_FILTER))
+            sock_diag_put_filterinfo(may_report_filterinfo, sk, skb,
+                                     PACKET_DIAG_FILTER))
                goto out_nlmsg_trim;
        return nlmsg_end(skb, nlh);
@@ -188,9 +190,11 @@ static int packet_diag_dump(struct sk_buff *skb, struct netlink_callback *cb)
        struct packet_diag_req *req;
        struct net *net;
        struct sock *sk;
+        bool may_report_filterinfo;
        net = sock_net(skb->sk);
        req = nlmsg_data(cb->nlh);
+        may_report_filterinfo = netlink_net_capable(cb->skb, CAP_NET_ADMIN);
        mutex_lock(&net->packet.sklist_lock);
        sk_for_each(sk, &net->packet.sklist) {
@@ -200,6 +204,7 @@ static int packet_diag_dump(struct sk_buff *skb, struct netlink_callback *cb)
                        goto next;
                if (sk_diag_fill(sk, skb, req,
+                                 may_report_filterinfo,
                                 sk_user_ns(NETLINK_CB(cb->skb).sk),
                                 NETLINK_CB(cb->skb).portid,
                                 cb->nlh->nlmsg_seq, NLM_F_MULTI,
diff --git a/net/phonet/pn_netlink.c b/net/phonet/pn_netlink.c
index dc15f4300808..b64151ade6b3 100644
--- a/net/phonet/pn_netlink.c
+++ b/net/phonet/pn_netlink.c
@@ -70,10 +70,10 @@ static int addr_doit(struct sk_buff *skb, struct nlmsghdr *nlh)
        int err;
        u8 pnaddr;
-        if (!capable(CAP_NET_ADMIN))
+        if (!netlink_capable(skb, CAP_NET_ADMIN))
                return -EPERM;
-        if (!capable(CAP_SYS_ADMIN))
+        if (!netlink_capable(skb, CAP_SYS_ADMIN))
                return -EPERM;
        ASSERT_RTNL();
@@ -233,10 +233,10 @@ static int route_doit(struct sk_buff *skb, struct nlmsghdr *nlh)
        int err;
        u8 dst;
-        if (!capable(CAP_NET_ADMIN))
+        if (!netlink_capable(skb, CAP_NET_ADMIN))
                return -EPERM;
-        if (!capable(CAP_SYS_ADMIN))
+        if (!netlink_capable(skb, CAP_SYS_ADMIN))
                return -EPERM;
        ASSERT_RTNL();
diff --git a/net/sched/act_api.c b/net/sched/act_api.c
index 8a5ba5add4bc..648778aef1a2 100644
--- a/net/sched/act_api.c
+++ b/net/sched/act_api.c
@@ -948,7 +948,7 @@ static int tc_ctl_action(struct sk_buff *skb, struct nlmsghdr *n)
        u32 portid = skb ? NETLINK_CB(skb).portid : 0;
        int ret = 0, ovr = 0;
-        if ((n->nlmsg_type != RTM_GETACTION) && !capable(CAP_NET_ADMIN))
+        if ((n->nlmsg_type != RTM_GETACTION) && !netlink_capable(skb, CAP_NET_ADMIN))
                return -EPERM;
        ret = nlmsg_parse(n, sizeof(struct tcamsg), tca, TCA_ACT_MAX, NULL);
diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c
index 1a4a20267787..45527e6b52db 100644
--- a/net/sched/cls_api.c
+++ b/net/sched/cls_api.c
@@ -135,7 +135,7 @@ static int tc_ctl_tfilter(struct sk_buff *skb, struct nlmsghdr *n)
        int tp_created = 0;
        if ((n->nlmsg_type != RTM_GETTFILTER) &&
-            !ns_capable(net->user_ns, CAP_NET_ADMIN))
+            !netlink_ns_capable(skb, net->user_ns, CAP_NET_ADMIN))
                return -EPERM;
 replay:
diff --git a/net/sched/sch_api.c b/net/sched/sch_api.c
index 86f8edfd6b8a..fd14df56e5ff 100644
--- a/net/sched/sch_api.c
+++ b/net/sched/sch_api.c
@@ -1085,7 +1085,7 @@ static int tc_get_qdisc(struct sk_buff *skb, struct nlmsghdr *n)
        int err;
        if ((n->nlmsg_type != RTM_GETQDISC) &&
-            !ns_capable(net->user_ns, CAP_NET_ADMIN))
+            !netlink_ns_capable(skb, net->user_ns, CAP_NET_ADMIN))
                return -EPERM;
        err = nlmsg_parse(n, sizeof(*tcm), tca, TCA_MAX, NULL);
@@ -1152,7 +1152,7 @@ static int tc_modify_qdisc(struct sk_buff *skb, struct nlmsghdr *n)
        struct Qdisc *q, *p;
        int err;
-        if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
+        if (!netlink_ns_capable(skb, net->user_ns, CAP_NET_ADMIN))
                return -EPERM;
 replay:
@@ -1492,7 +1492,7 @@ static int tc_ctl_tclass(struct sk_buff *skb, struct nlmsghdr *n)
        int err;
        if ((n->nlmsg_type != RTM_GETTCLASS) &&
-            !ns_capable(net->user_ns, CAP_NET_ADMIN))
+            !netlink_ns_capable(skb, net->user_ns, CAP_NET_ADMIN))
                return -EPERM;
        err = nlmsg_parse(n, sizeof(*tcm), tca, TCA_MAX, NULL);
diff --git a/net/sched/sch_hhf.c b/net/sched/sch_hhf.c
index edee03d922e2..6e957c3b9854 100644
--- a/net/sched/sch_hhf.c
+++ b/net/sched/sch_hhf.c
@@ -553,11 +553,6 @@ static int hhf_change(struct Qdisc *sch, struct nlattr *opt)
        if (err < 0)
                return err;
-        sch_tree_lock(sch);
-        if (tb[TCA_HHF_BACKLOG_LIMIT])
-                sch->limit = nla_get_u32(tb[TCA_HHF_BACKLOG_LIMIT]);
        if (tb[TCA_HHF_QUANTUM])
                new_quantum = nla_get_u32(tb[TCA_HHF_QUANTUM]);
@@ -567,6 +562,12 @@ static int hhf_change(struct Qdisc *sch, struct nlattr *opt)
        non_hh_quantum = (u64)new_quantum * new_hhf_non_hh_weight;
        if (non_hh_quantum > INT_MAX)
                return -EINVAL;
+        sch_tree_lock(sch);
+        if (tb[TCA_HHF_BACKLOG_LIMIT])
+                sch->limit = nla_get_u32(tb[TCA_HHF_BACKLOG_LIMIT]);
        q->quantum = new_quantum;
        q->hhf_non_hh_weight = new_hhf_non_hh_weight;
diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c
index 074b60e2faab..af5afca4b85a 100644
--- a/net/sctp/protocol.c
+++ b/net/sctp/protocol.c
@@ -491,8 +491,13 @@ static void sctp_v4_get_dst(struct sctp_transport *t, union sctp_addr *saddr,
                        continue;
                if ((laddr->state == SCTP_ADDR_SRC) &&
                    (AF_INET == laddr->a.sa.sa_family)) {
-                        fl4->saddr = laddr->a.v4.sin_addr.s_addr;
                        fl4->fl4_sport = laddr->a.v4.sin_port;
+                        flowi4_update_output(fl4,
+                                             asoc->base.sk->sk_bound_dev_if,
+                                             RT_CONN_FLAGS(asoc->base.sk),
+                                             daddr->v4.sin_addr.s_addr,
+                                             laddr->a.v4.sin_addr.s_addr);
                        rt = ip_route_output_key(sock_net(sk), fl4);
                        if (!IS_ERR(rt)) {
                                dst = &rt->dst;
diff --git a/net/sctp/sm_sideeffect.c b/net/sctp/sm_sideeffect.c
index 5d6883ff00c3..fef2acdf4a2e 100644
--- a/net/sctp/sm_sideeffect.c
+++ b/net/sctp/sm_sideeffect.c
@@ -496,11 +496,10 @@ static void sctp_do_8_2_transport_strike(sctp_cmd_seq_t *commands,
        /* If the transport error count is greater than the pf_retrans
         * threshold, and less than pathmaxrtx, and if the current state
-         * is not SCTP_UNCONFIRMED, then mark this transport as Partially
+         * is SCTP_ACTIVE, then mark this transport as Partially Failed,
-         * Failed, see SCTP Quick Failover Draft, section 5.1
+         * see SCTP Quick Failover Draft, section 5.1
         */
-        if ((transport->state != SCTP_PF) &&
+        if ((transport->state == SCTP_ACTIVE) &&
-           (transport->state != SCTP_UNCONFIRMED) &&
           (asoc->pf_retrans < transport->pathmaxrxt) &&
           (transport->error_count > asoc->pf_retrans)) {
diff --git a/net/tipc/netlink.c b/net/tipc/netlink.c
index 3aaf73de9e2d..ad844d365340 100644
--- a/net/tipc/netlink.c
+++ b/net/tipc/netlink.c
@@ -47,7 +47,7 @@ static int handle_cmd(struct sk_buff *skb, struct genl_info *info)
        int hdr_space = nlmsg_total_size(GENL_HDRLEN + TIPC_GENL_HDRLEN);
        u16 cmd;
-        if ((req_userhdr->cmd & 0xC000) && (!capable(CAP_NET_ADMIN)))
+        if ((req_userhdr->cmd & 0xC000) && (!netlink_capable(skb, CAP_NET_ADMIN)))
                cmd = TIPC_CMD_NOT_NET_ADMIN;
        else
                cmd = req_userhdr->cmd;
diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c
index 5adfd94c5b85..85d232bed87d 100644
--- a/net/vmw_vsock/af_vsock.c
+++ b/net/vmw_vsock/af_vsock.c
@@ -1925,9 +1925,23 @@ static struct miscdevice vsock_device = {
        .fops           = &vsock_device_ops,
 };
-static int __vsock_core_init(void)
+int __vsock_core_init(const struct vsock_transport *t, struct module *owner)
 {
-        int err;
+        int err = mutex_lock_interruptible(&vsock_register_mutex);
+        if (err)
+                return err;
+        if (transport) {
+                err = -EBUSY;
+                goto err_busy;
+        }
+        /* Transport must be the owner of the protocol so that it can't
+         * unload while there are open sockets.
+         */
+        vsock_proto.owner = owner;
+        transport = t;
        vsock_init_tables();
@@ -1951,36 +1965,19 @@ static int __vsock_core_init(void)
                goto err_unregister_proto;
        }
+        mutex_unlock(&vsock_register_mutex);
        return 0;
 err_unregister_proto:
        proto_unregister(&vsock_proto);
 err_misc_deregister:
        misc_deregister(&vsock_device);
-        return err;
+        transport = NULL;
-}
+err_busy:
-int vsock_core_init(const struct vsock_transport *t)
-{
-        int retval = mutex_lock_interruptible(&vsock_register_mutex);
-        if (retval)
-                return retval;
-        if (transport) {
-                retval = -EBUSY;
-                goto out;
-        }
-        transport = t;
-        retval = __vsock_core_init();
-        if (retval)
-                transport = NULL;
-out:
        mutex_unlock(&vsock_register_mutex);
-        return retval;
+        return err;
 }
-EXPORT_SYMBOL_GPL(vsock_core_init);
+EXPORT_SYMBOL_GPL(__vsock_core_init);
 void vsock_core_exit(void)
 {
@@ -2000,5 +1997,5 @@ EXPORT_SYMBOL_GPL(vsock_core_exit);
 MODULE_AUTHOR("VMware, Inc.");
 MODULE_DESCRIPTION("VMware Virtual Socket Family");
-MODULE_VERSION("1.0.0.0-k");
+MODULE_VERSION("1.0.1.0-k");
 MODULE_LICENSE("GPL v2");
diff --git a/net/wireless/scan.c b/net/wireless/scan.c
index 0f5da18cc619..e7329bb6a323 100644
--- a/net/wireless/scan.c
+++ b/net/wireless/scan.c
@@ -284,14 +284,22 @@ void cfg80211_sched_scan_results(struct wiphy *wiphy)
 }
 EXPORT_SYMBOL(cfg80211_sched_scan_results);
-void cfg80211_sched_scan_stopped(struct wiphy *wiphy)
+void cfg80211_sched_scan_stopped_rtnl(struct wiphy *wiphy)
 {
        struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
+        ASSERT_RTNL();
        trace_cfg80211_sched_scan_stopped(wiphy);
-        rtnl_lock();
        __cfg80211_stop_sched_scan(rdev, true);
+}
+EXPORT_SYMBOL(cfg80211_sched_scan_stopped_rtnl);
+void cfg80211_sched_scan_stopped(struct wiphy *wiphy)
+{
+        rtnl_lock();
+        cfg80211_sched_scan_stopped_rtnl(wiphy);
        rtnl_unlock();
 }
 EXPORT_SYMBOL(cfg80211_sched_scan_stopped);
diff --git a/net/wireless/sme.c b/net/wireless/sme.c
index e2923a3f2e5c..0c0844b585d1 100644
--- a/net/wireless/sme.c
+++ b/net/wireless/sme.c
@@ -234,7 +234,6 @@ void cfg80211_conn_work(struct work_struct *work)
                                        NULL, 0, NULL, 0,
                                        WLAN_STATUS_UNSPECIFIED_FAILURE,
                                        false, NULL);
-                        cfg80211_sme_free(wdev);
                }
                wdev_unlock(wdev);
        }
@@ -647,6 +646,7 @@ void __cfg80211_connect_result(struct net_device *dev, const u8 *bssid,
                        cfg80211_unhold_bss(bss_from_pub(bss));
                        cfg80211_put_bss(wdev->wiphy, bss);
                }
+                cfg80211_sme_free(wdev);
                return;
        }
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 8f131c10a6f3..51398ae6cda8 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -2377,7 +2377,7 @@ static int xfrm_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
        link = &xfrm_dispatch[type];
        /* All operations require privileges, even GET */
-        if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
+        if (!netlink_net_capable(skb, CAP_NET_ADMIN))
                return -EPERM;
        if ((type == (XFRM_MSG_GETSA - XFRM_MSG_BASE) ||
author	David S. Miller <davem@davemloft.net>	2014-05-12 13:19:14 -0400
committer	David S. Miller <davem@davemloft.net>	2014-05-12 13:19:14 -0400
commit	5f013c9bc70214dcacd5fbed5a06c217d6ff9c59 (patch)
tree	34c3a633000e03bca57d0ce55d8759f86edecc03 /net
parent	51ee42efa0829cf9e46f8e1c0ab7a9ab6facf3f2 (diff)
parent	1a466ae96e9f749d02a73315a3e66375e61a61dd (diff)