Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

Pull networking fixes from David Miller: 1) If the user gives us a msg_namelen of 0, don't try to interpret anything pointed to by msg_name. From Ani Sinha. 2) Fix some bnx2i/bnx2fc randconfig compilation errors. The gist of the issue is that we firstly have drivers that span both SCSI and networking. And at the top of that chain of dependencies we have things like SCSI_FC_ATTRS and SCSI_NETLINK which are selected. But since select is a sledgehammer and ignores dependencies, everything to select's SCSI_FC_ATTRS and/or SCSI_NETLINK has to also explicitly select their dependencies and so on and so forth. Generally speaking 'select' is supposed to only be used for child nodes, those which have no dependencies of their own. And this whole chain of dependencies in the scsi layer violates that rather strongly. So just make SCSI_NETLINK depend upon it's dependencies, and so on and so forth for the things selecting it (either directly or indirectly). From Anish Bhatt and Randy Dunlap. 3) Fix generation of blackhole routes in IPSEC, from Steffen Klassert. 4) Actually notice netdev feature changes in rtl_open() code, from Hayes Wang. 5) Fix divide by zero in bond enslaving, from Nikolay Aleksandrov. 6) Missing memory barrier in sunvnet driver, from David Stevens. 7) Don't leave anycast addresses around when ipv6 interface is destroyed, from Sabrina Dubroca. 8) Don't call efx_{arch}_filter_sync_rx_mode before addr_list_lock is initialized in SFC driver, from Edward Cree. 9) Fix missing DMA error checking in 3c59x, from Neal Horman. 10) Openvswitch doesn't emit OVS_FLOW_CMD_NEW notifications accidently, fix from Samuel Gauthier. 11) pch_gbe needs to select NET_PTP_CLASSIFY otherwise we can get a build error. 12) Fix macvlan regression wherein we stopped emitting broadcast/multicast frames over software devices. From Nicolas Dichtel. 13) Fix infiniband bug due to unintended overflow of skb->cb[], from Eric Dumazet. And add an assertion so this doesn't happen again. 14) dm9000_parse_dt() should return error pointers, not NULL. From Tobias Klauser. 15) IP tunneling code uses this_cpu_ptr() in preemptible contexts, fix from Eric Dumazet. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (87 commits) net: bcmgenet: call bcmgenet_dma_teardown in bcmgenet_fini_dma net: bcmgenet: fix TX reclaim accounting for fragments ipv4: do not use this_cpu_ptr() in preemptible context dm9000: Return an ERR_PTR() in all error conditions of dm9000_parse_dt() r8169: fix an if condition r8152: disable ALDPS ipoib: validate struct ipoib_cb size net: sched: shrink struct qdisc_skb_cb to 28 bytes tg3: Work around HW/FW limitations with vlan encapsulated frames macvlan: allow to enqueue broadcast pkt on virtual device pch_gbe: 'select' NET_PTP_CLASSIFY. scsi: Use 'depends' with LIBFC instead of 'select'. openvswitch: restore OVS_FLOW_CMD_NEW notifications genetlink: add function genl_has_listeners() lib: rhashtable: remove second linux/log2.h inclusion net: allow macvlans to move to net namespace 3c59x: Fix bad offset spec in skb_frag_dma_map 3c59x: Add dma error checking and recovery sparc: bpf_jit: fix support for ldx/stx mem and SKF_AD_VLAN_TAG can: at91_can: add missing prepare and unprepare of the clock ...
author: Linus Torvalds <torvalds@linux-foundation.org> 2014-09-22 21:23:33 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2014-09-22 21:23:33 -0400
commit: 98f75b8291a89ba6bf73e322ee467ce0bfeb91c1 (patch)
tree: c9f61617d49973d2d8fc684183be0ce1820a0338 /net
parent: 9478303619bc87c575e894d867049b25f33bf124 (diff)
parent: e18b7faae15dbd47e5811ed748bd5b500dcfaa2d (diff)
17 files changed, 133 insertions, 40 deletions
diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h
index 62a7fa2e3569..b6c04cbcfdc5 100644
--- a/net/bridge/br_private.h
+++ b/net/bridge/br_private.h
@@ -309,6 +309,9 @@ struct br_input_skb_cb {
        int igmp;
        int mrouters_only;
 #endif
+#ifdef CONFIG_BRIDGE_VLAN_FILTERING
+        bool vlan_filtered;
+#endif
 };
 #define BR_INPUT_SKB_CB(__skb)  ((struct br_input_skb_cb *)(__skb)->cb)
diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c
index e1bcd653899b..3ba57fcdcd13 100644
--- a/net/bridge/br_vlan.c
+++ b/net/bridge/br_vlan.c
@@ -27,9 +27,13 @@ static void __vlan_add_flags(struct net_port_vlans *v, u16 vid, u16 flags)
 {
        if (flags & BRIDGE_VLAN_INFO_PVID)
                __vlan_add_pvid(v, vid);
+        else
+                __vlan_delete_pvid(v, vid);
        if (flags & BRIDGE_VLAN_INFO_UNTAGGED)
                set_bit(vid, v->untagged_bitmap);
+        else
+                clear_bit(vid, v->untagged_bitmap);
 }
 static int __vlan_add(struct net_port_vlans *v, u16 vid, u16 flags)
@@ -125,7 +129,8 @@ struct sk_buff *br_handle_vlan(struct net_bridge *br,
 {
        u16 vid;
-        if (!br->vlan_enabled)
+        /* If this packet was not filtered at input, let it pass */
+        if (!BR_INPUT_SKB_CB(skb)->vlan_filtered)
                goto out;
        /* Vlan filter table must be configured at this point.  The
@@ -164,8 +169,10 @@ bool br_allowed_ingress(struct net_bridge *br, struct net_port_vlans *v,
        /* If VLAN filtering is disabled on the bridge, all packets are
         * permitted.
         */
-        if (!br->vlan_enabled)
+        if (!br->vlan_enabled) {
+                BR_INPUT_SKB_CB(skb)->vlan_filtered = false;
                return true;
+        }
        /* If there are no vlan in the permitted list, all packets are
         * rejected.
@@ -173,6 +180,7 @@ bool br_allowed_ingress(struct net_bridge *br, struct net_port_vlans *v,
        if (!v)
                goto drop;
+        BR_INPUT_SKB_CB(skb)->vlan_filtered = true;
        proto = br->vlan_proto;
        /* If vlan tx offload is disabled on bridge device and frame was
@@ -251,7 +259,8 @@ bool br_allowed_egress(struct net_bridge *br,
 {
        u16 vid;
-        if (!br->vlan_enabled)
+        /* If this packet was not filtered at input, let it pass */
+        if (!BR_INPUT_SKB_CB(skb)->vlan_filtered)
                return true;
        if (!v)
@@ -270,6 +279,7 @@ bool br_should_learn(struct net_bridge_port *p, struct sk_buff *skb, u16 *vid)
        struct net_bridge *br = p->br;
        struct net_port_vlans *v;
+        /* If filtering was disabled at input, let it pass. */
        if (!br->vlan_enabled)
                return true;
diff --git a/net/core/dev.c b/net/core/dev.c
index ab9a16530c36..cf8a95f48cff 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -4809,9 +4809,14 @@ static void netdev_adjacent_sysfs_del(struct net_device *dev,
        sysfs_remove_link(&(dev->dev.kobj), linkname);
 }
-#define netdev_adjacent_is_neigh_list(dev, dev_list) \
+static inline bool netdev_adjacent_is_neigh_list(struct net_device *dev,
-                (dev_list == &dev->adj_list.upper || \
+                                                 struct net_device *adj_dev,
-                 dev_list == &dev->adj_list.lower)
+                                                 struct list_head *dev_list)
+{
+        return (dev_list == &dev->adj_list.upper ||
+                dev_list == &dev->adj_list.lower) &&
+                net_eq(dev_net(dev), dev_net(adj_dev));
+}
 static int __netdev_adjacent_dev_insert(struct net_device *dev,
                                        struct net_device *adj_dev,
@@ -4841,7 +4846,7 @@ static int __netdev_adjacent_dev_insert(struct net_device *dev,
        pr_debug("dev_hold for %s, because of link added from %s to %s\n",
                 adj_dev->name, dev->name, adj_dev->name);
-        if (netdev_adjacent_is_neigh_list(dev, dev_list)) {
+        if (netdev_adjacent_is_neigh_list(dev, adj_dev, dev_list)) {
                ret = netdev_adjacent_sysfs_add(dev, adj_dev, dev_list);
                if (ret)
                        goto free_adj;
@@ -4862,7 +4867,7 @@ static int __netdev_adjacent_dev_insert(struct net_device *dev,
        return 0;
 remove_symlinks:
-        if (netdev_adjacent_is_neigh_list(dev, dev_list))
+        if (netdev_adjacent_is_neigh_list(dev, adj_dev, dev_list))
                netdev_adjacent_sysfs_del(dev, adj_dev->name, dev_list);
 free_adj:
        kfree(adj);
@@ -4895,8 +4900,7 @@ static void __netdev_adjacent_dev_remove(struct net_device *dev,
        if (adj->master)
                sysfs_remove_link(&(dev->dev.kobj), "master");
-        if (netdev_adjacent_is_neigh_list(dev, dev_list) &&
+        if (netdev_adjacent_is_neigh_list(dev, adj_dev, dev_list))
-            net_eq(dev_net(dev),dev_net(adj_dev)))
                netdev_adjacent_sysfs_del(dev, adj_dev->name, dev_list);
        list_del_rcu(&adj->list);
diff --git a/net/core/sock.c b/net/core/sock.c
index d372b4bd3f99..9c3f823e76a9 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -1866,7 +1866,7 @@ EXPORT_SYMBOL(sock_alloc_send_skb);
 * skb_page_frag_refill - check that a page_frag contains enough room
 * @sz: minimum size of the fragment we want to get
 * @pfrag: pointer to page_frag
- * @prio: priority for memory allocation
+ * @gfp: priority for memory allocation
 *
 * Note: While this allocator tries to use high order pages, there is
 * no guarantee that allocations succeed. Therefore, @sz MUST be
diff --git a/net/ipv4/ip_tunnel.c b/net/ipv4/ip_tunnel.c
index afed1aac2638..bd41dd1948b6 100644
--- a/net/ipv4/ip_tunnel.c
+++ b/net/ipv4/ip_tunnel.c
@@ -79,10 +79,10 @@ static void __tunnel_dst_set(struct ip_tunnel_dst *idst,
        idst->saddr = saddr;
 }
-static void tunnel_dst_set(struct ip_tunnel *t,
+static noinline void tunnel_dst_set(struct ip_tunnel *t,
                           struct dst_entry *dst, __be32 saddr)
 {
-        __tunnel_dst_set(this_cpu_ptr(t->dst_cache), dst, saddr);
+        __tunnel_dst_set(raw_cpu_ptr(t->dst_cache), dst, saddr);
 }
 static void tunnel_dst_reset(struct ip_tunnel *t)
@@ -106,7 +106,7 @@ static struct rtable *tunnel_rtable_get(struct ip_tunnel *t,
        struct dst_entry *dst;
        rcu_read_lock();
-        idst = this_cpu_ptr(t->dst_cache);
+        idst = raw_cpu_ptr(t->dst_cache);
        dst = rcu_dereference(idst->dst);
        if (dst && !atomic_inc_not_zero(&dst->__refcnt))
                dst = NULL;
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index eaa4b000c7b4..173e7ea54c70 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -2265,9 +2265,9 @@ struct rtable *ip_route_output_flow(struct net *net, struct flowi4 *flp4,
                return rt;
        if (flp4->flowi4_proto)
-                rt = (struct rtable *) xfrm_lookup(net, &rt->dst,
+                rt = (struct rtable *)xfrm_lookup_route(net, &rt->dst,
-                                                   flowi4_to_flowi(flp4),
+                                                        flowi4_to_flowi(flp4),
-                                                   sk, 0);
+                                                        sk, 0);
        return rt;
 }
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index fc1fac2a0528..3342ee64f2e3 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -3094,11 +3094,13 @@ static int addrconf_ifdown(struct net_device *dev, int how)
        write_unlock_bh(&idev->lock);
-        /* Step 5: Discard multicast list */
+        /* Step 5: Discard anycast and multicast list */
-        if (how)
+        if (how) {
+                ipv6_ac_destroy_dev(idev);
                ipv6_mc_destroy_dev(idev);
-        else
+        } else {
                ipv6_mc_down(idev);
+        }
        idev->tstamp = jiffies;
diff --git a/net/ipv6/anycast.c b/net/ipv6/anycast.c
index ff2de7d9d8e6..9a386842fd62 100644
--- a/net/ipv6/anycast.c
+++ b/net/ipv6/anycast.c
@@ -351,6 +351,27 @@ static int ipv6_dev_ac_dec(struct net_device *dev, const struct in6_addr *addr)
        return __ipv6_dev_ac_dec(idev, addr);
 }
+void ipv6_ac_destroy_dev(struct inet6_dev *idev)
+{
+        struct ifacaddr6 *aca;
+        write_lock_bh(&idev->lock);
+        while ((aca = idev->ac_list) != NULL) {
+                idev->ac_list = aca->aca_next;
+                write_unlock_bh(&idev->lock);
+                addrconf_leave_solict(idev, &aca->aca_addr);
+                dst_hold(&aca->aca_rt->dst);
+                ip6_del_rt(aca->aca_rt);
+                aca_put(aca);
+                write_lock_bh(&idev->lock);
+        }
+        write_unlock_bh(&idev->lock);
+}
 /*
 *      check if the interface has this anycast address
 *      called with rcu_read_lock()
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index 315a55d66079..0a3448b2888f 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -1009,7 +1009,7 @@ struct dst_entry *ip6_dst_lookup_flow(struct sock *sk, struct flowi6 *fl6,
        if (final_dst)
                fl6->daddr = *final_dst;
-        return xfrm_lookup(sock_net(sk), dst, flowi6_to_flowi(fl6), sk, 0);
+        return xfrm_lookup_route(sock_net(sk), dst, flowi6_to_flowi(fl6), sk, 0);
 }
 EXPORT_SYMBOL_GPL(ip6_dst_lookup_flow);
@@ -1041,7 +1041,7 @@ struct dst_entry *ip6_sk_dst_lookup_flow(struct sock *sk, struct flowi6 *fl6,
        if (final_dst)
                fl6->daddr = *final_dst;
-        return xfrm_lookup(sock_net(sk), dst, flowi6_to_flowi(fl6), sk, 0);
+        return xfrm_lookup_route(sock_net(sk), dst, flowi6_to_flowi(fl6), sk, 0);
 }
 EXPORT_SYMBOL_GPL(ip6_sk_dst_lookup_flow);
diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c
index 441875f03750..a1e433b88c66 100644
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -1822,7 +1822,7 @@ void sta_set_sinfo(struct sta_info *sta, struct station_info *sinfo)
                sinfo->bss_param.flags |= BSS_PARAM_FLAGS_SHORT_PREAMBLE;
        if (sdata->vif.bss_conf.use_short_slot)
                sinfo->bss_param.flags |= BSS_PARAM_FLAGS_SHORT_SLOT_TIME;
-        sinfo->bss_param.dtim_period = sdata->local->hw.conf.ps_dtim_period;
+        sinfo->bss_param.dtim_period = sdata->vif.bss_conf.dtim_period;
        sinfo->bss_param.beacon_interval = sdata->vif.bss_conf.beacon_int;
        sinfo->sta_flags.set = 0;
diff --git a/net/openvswitch/datapath.c b/net/openvswitch/datapath.c
index 91d66b7e64ac..64dc864a417f 100644
--- a/net/openvswitch/datapath.c
+++ b/net/openvswitch/datapath.c
@@ -78,11 +78,12 @@ static const struct genl_multicast_group ovs_dp_vport_multicast_group = {
 /* Check if need to build a reply message.
 * OVS userspace sets the NLM_F_ECHO flag if it needs the reply. */
-static bool ovs_must_notify(struct genl_info *info,
+static bool ovs_must_notify(struct genl_family *family, struct genl_info *info,
-                            const struct genl_multicast_group *grp)
+                            unsigned int group)
 {
        return info->nlhdr->nlmsg_flags & NLM_F_ECHO ||
-                netlink_has_listeners(genl_info_net(info)->genl_sock, 0);
+               genl_has_listeners(family, genl_info_net(info)->genl_sock,
+                                  group);
 }
 static void ovs_notify(struct genl_family *family,
@@ -763,7 +764,7 @@ static struct sk_buff *ovs_flow_cmd_alloc_info(const struct sw_flow_actions *act
 {
        struct sk_buff *skb;
-        if (!always && !ovs_must_notify(info, &ovs_dp_flow_multicast_group))
+        if (!always && !ovs_must_notify(&dp_flow_genl_family, info, 0))
                return NULL;
        skb = genlmsg_new_unicast(ovs_flow_cmd_msg_size(acts), info, GFP_KERNEL);
diff --git a/net/rfkill/rfkill-gpio.c b/net/rfkill/rfkill-gpio.c
index 02a86a27fd84..5fa54dd78e25 100644
--- a/net/rfkill/rfkill-gpio.c
+++ b/net/rfkill/rfkill-gpio.c
@@ -163,6 +163,7 @@ static const struct acpi_device_id rfkill_acpi_match[] = {
        { "LNV4752", RFKILL_TYPE_GPS },
        { },
 };
+MODULE_DEVICE_TABLE(acpi, rfkill_acpi_match);
 #endif
 static struct platform_driver rfkill_gpio_driver = {
diff --git a/net/rxrpc/ar-key.c b/net/rxrpc/ar-key.c
index b45d080e64a7..1b24191167f1 100644
--- a/net/rxrpc/ar-key.c
+++ b/net/rxrpc/ar-key.c
@@ -1143,7 +1143,7 @@ static long rxrpc_read(const struct key *key,
                if (copy_to_user(xdr, (s), _l) != 0)                    \
                        goto fault;                                     \
                if (_l & 3 &&                                           \
-                    copy_to_user((u8 *)xdr + _l, &zero, 4 - (_l & 3)) != 0) \
+                    copy_to_user((u8 __user *)xdr + _l, &zero, 4 - (_l & 3)) != 0) \
                        goto fault;                                     \
                xdr += (_l + 3) >> 2;                                   \
        } while(0)
diff --git a/net/sched/sch_choke.c b/net/sched/sch_choke.c
index ed30e436128b..fb666d1e4de3 100644
--- a/net/sched/sch_choke.c
+++ b/net/sched/sch_choke.c
@@ -133,10 +133,16 @@ static void choke_drop_by_idx(struct Qdisc *sch, unsigned int idx)
        --sch->q.qlen;
 }
+/* private part of skb->cb[] that a qdisc is allowed to use
+ * is limited to QDISC_CB_PRIV_LEN bytes.
+ * As a flow key might be too large, we store a part of it only.
+ */
+#define CHOKE_K_LEN min_t(u32, sizeof(struct flow_keys), QDISC_CB_PRIV_LEN - 3)
 struct choke_skb_cb {
        u16                     classid;
        u8                      keys_valid;
-        struct flow_keys        keys;
+        u8                      keys[QDISC_CB_PRIV_LEN - 3];
 };
 static inline struct choke_skb_cb *choke_skb_cb(const struct sk_buff *skb)
@@ -163,22 +169,26 @@ static u16 choke_get_classid(const struct sk_buff *skb)
 static bool choke_match_flow(struct sk_buff *skb1,
                             struct sk_buff *skb2)
 {
+        struct flow_keys temp;
        if (skb1->protocol != skb2->protocol)
                return false;
        if (!choke_skb_cb(skb1)->keys_valid) {
                choke_skb_cb(skb1)->keys_valid = 1;
-                skb_flow_dissect(skb1, &choke_skb_cb(skb1)->keys);
+                skb_flow_dissect(skb1, &temp);
+                memcpy(&choke_skb_cb(skb1)->keys, &temp, CHOKE_K_LEN);
        }
        if (!choke_skb_cb(skb2)->keys_valid) {
                choke_skb_cb(skb2)->keys_valid = 1;
-                skb_flow_dissect(skb2, &choke_skb_cb(skb2)->keys);
+                skb_flow_dissect(skb2, &temp);
+                memcpy(&choke_skb_cb(skb2)->keys, &temp, CHOKE_K_LEN);
        }
        return !memcmp(&choke_skb_cb(skb1)->keys,
                       &choke_skb_cb(skb2)->keys,
-                       sizeof(struct flow_keys));
+                       CHOKE_K_LEN);
 }
 /*
diff --git a/net/socket.c b/net/socket.c
index 2e2586e2dee1..4cdbc107606f 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -1996,6 +1996,9 @@ static int copy_msghdr_from_user(struct msghdr *kmsg,
        if (copy_from_user(kmsg, umsg, sizeof(struct msghdr)))
                return -EFAULT;
+        if (kmsg->msg_name == NULL)
+                kmsg->msg_namelen = 0;
        if (kmsg->msg_namelen < 0)
                return -EINVAL;
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index df7b1332a1ec..7257164af91b 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -6969,6 +6969,9 @@ void __cfg80211_send_event_skb(struct sk_buff *skb, gfp_t gfp)
        struct nlattr *data = ((void **)skb->cb)[2];
        enum nl80211_multicast_groups mcgrp = NL80211_MCGRP_TESTMODE;
+        /* clear CB data for netlink core to own from now on */
+        memset(skb->cb, 0, sizeof(skb->cb));
        nla_nest_end(skb, data);
        genlmsg_end(skb, hdr);
@@ -9294,6 +9297,9 @@ int cfg80211_vendor_cmd_reply(struct sk_buff *skb)
        void *hdr = ((void **)skb->cb)[1];
        struct nlattr *data = ((void **)skb->cb)[2];
+        /* clear CB data for netlink core to own from now on */
+        memset(skb->cb, 0, sizeof(skb->cb));
        if (WARN_ON(!rdev->cur_cmd_info)) {
                kfree_skb(skb);
                return -EINVAL;
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index beeed602aeb3..fdde51f4271a 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -39,6 +39,11 @@
 #define XFRM_QUEUE_TMO_MAX ((unsigned)(60*HZ))
 #define XFRM_MAX_QUEUE_LEN      100
+struct xfrm_flo {
+        struct dst_entry *dst_orig;
+        u8 flags;
+};
 static DEFINE_SPINLOCK(xfrm_policy_afinfo_lock);
 static struct xfrm_policy_afinfo __rcu *xfrm_policy_afinfo[NPROTO]
                                                __read_mostly;
@@ -1877,13 +1882,14 @@ static int xdst_queue_output(struct sock *sk, struct sk_buff *skb)
 }
 static struct xfrm_dst *xfrm_create_dummy_bundle(struct net *net,
-                                                 struct dst_entry *dst,
+                                                 struct xfrm_flo *xflo,
                                                 const struct flowi *fl,
                                                 int num_xfrms,
                                                 u16 family)
 {
        int err;
        struct net_device *dev;
+        struct dst_entry *dst;
        struct dst_entry *dst1;
        struct xfrm_dst *xdst;
@@ -1891,9 +1897,12 @@ static struct xfrm_dst *xfrm_create_dummy_bundle(struct net *net,
        if (IS_ERR(xdst))
                return xdst;
-        if (net->xfrm.sysctl_larval_drop || num_xfrms <= 0)
+        if (!(xflo->flags & XFRM_LOOKUP_QUEUE) ||
+            net->xfrm.sysctl_larval_drop ||
+            num_xfrms <= 0)
                return xdst;
+        dst = xflo->dst_orig;
        dst1 = &xdst->u.dst;
        dst_hold(dst);
        xdst->route = dst;
@@ -1935,7 +1944,7 @@ static struct flow_cache_object *
 xfrm_bundle_lookup(struct net *net, const struct flowi *fl, u16 family, u8 dir,
                   struct flow_cache_object *oldflo, void *ctx)
 {
-        struct dst_entry *dst_orig = (struct dst_entry *)ctx;
+        struct xfrm_flo *xflo = (struct xfrm_flo *)ctx;
        struct xfrm_policy *pols[XFRM_POLICY_TYPE_MAX];
        struct xfrm_dst *xdst, *new_xdst;
        int num_pols = 0, num_xfrms = 0, i, err, pol_dead;
@@ -1976,7 +1985,8 @@ xfrm_bundle_lookup(struct net *net, const struct flowi *fl, u16 family, u8 dir,
                        goto make_dummy_bundle;
        }
-        new_xdst = xfrm_resolve_and_create_bundle(pols, num_pols, fl, family, dst_orig);
+        new_xdst = xfrm_resolve_and_create_bundle(pols, num_pols, fl, family,
+                                                  xflo->dst_orig);
        if (IS_ERR(new_xdst)) {
                err = PTR_ERR(new_xdst);
                if (err != -EAGAIN)
@@ -2010,7 +2020,7 @@ make_dummy_bundle:
        /* We found policies, but there's no bundles to instantiate:
         * either because the policy blocks, has no transformations or
         * we could not build template (no xfrm_states).*/
-        xdst = xfrm_create_dummy_bundle(net, dst_orig, fl, num_xfrms, family);
+        xdst = xfrm_create_dummy_bundle(net, xflo, fl, num_xfrms, family);
        if (IS_ERR(xdst)) {
                xfrm_pols_put(pols, num_pols);
                return ERR_CAST(xdst);
@@ -2104,13 +2114,18 @@ struct dst_entry *xfrm_lookup(struct net *net, struct dst_entry *dst_orig,
        }
        if (xdst == NULL) {
+                struct xfrm_flo xflo;
+                xflo.dst_orig = dst_orig;
+                xflo.flags = flags;
                /* To accelerate a bit...  */
                if ((dst_orig->flags & DST_NOXFRM) ||
                    !net->xfrm.policy_count[XFRM_POLICY_OUT])
                        goto nopol;
                flo = flow_cache_lookup(net, fl, family, dir,
-                                        xfrm_bundle_lookup, dst_orig);
+                                        xfrm_bundle_lookup, &xflo);
                if (flo == NULL)
                        goto nopol;
                if (IS_ERR(flo)) {
@@ -2138,7 +2153,7 @@ struct dst_entry *xfrm_lookup(struct net *net, struct dst_entry *dst_orig,
                        xfrm_pols_put(pols, drop_pols);
                        XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTNOSTATES);
-                        return make_blackhole(net, family, dst_orig);
+                        return ERR_PTR(-EREMOTE);
                }
                err = -EAGAIN;
@@ -2195,6 +2210,23 @@ dropdst:
 }
 EXPORT_SYMBOL(xfrm_lookup);
+/* Callers of xfrm_lookup_route() must ensure a call to dst_output().
+ * Otherwise we may send out blackholed packets.
+ */
+struct dst_entry *xfrm_lookup_route(struct net *net, struct dst_entry *dst_orig,
+                                    const struct flowi *fl,
+                                    struct sock *sk, int flags)
+{
+        struct dst_entry *dst = xfrm_lookup(net, dst_orig, fl, sk,
+                                            flags | XFRM_LOOKUP_QUEUE);
+        if (IS_ERR(dst) && PTR_ERR(dst) == -EREMOTE)
+                return make_blackhole(net, dst_orig->ops->family, dst_orig);
+        return dst;
+}
+EXPORT_SYMBOL(xfrm_lookup_route);
 static inline int
 xfrm_secpath_reject(int idx, struct sk_buff *skb, const struct flowi *fl)
 {
@@ -2460,7 +2492,7 @@ int __xfrm_route_forward(struct sk_buff *skb, unsigned short family)
        skb_dst_force(skb);
-        dst = xfrm_lookup(net, skb_dst(skb), &fl, NULL, 0);
+        dst = xfrm_lookup(net, skb_dst(skb), &fl, NULL, XFRM_LOOKUP_QUEUE);
        if (IS_ERR(dst)) {
                res = 0;
                dst = NULL;
author	Linus Torvalds <torvalds@linux-foundation.org>	2014-09-22 21:23:33 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2014-09-22 21:23:33 -0400
commit	98f75b8291a89ba6bf73e322ee467ce0bfeb91c1 (patch)
tree	c9f61617d49973d2d8fc684183be0ce1820a0338 /net
parent	9478303619bc87c575e894d867049b25f33bf124 (diff)
parent	e18b7faae15dbd47e5811ed748bd5b500dcfaa2d (diff)