aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2012-09-03 09:28:30 -0400
committerPablo Neira Ayuso <pablo@netfilter.org>2012-09-03 09:34:51 -0400
commitace1fe1231bdfffd60b5e703aa5b7283fbf98dbd (patch)
tree06c7492a8f3cc65f916768616ca24c6bc7171761 /net
parentce9f3f31efb88841e4df98794b13dbac8c4901da (diff)
parenta2dc375e12334b3d8f787a48b2fb6172ccfb80ae (diff)
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
This merges (3f509c6 netfilter: nf_nat_sip: fix incorrect handling of EBUSY for RTCP expectation) to Patrick McHardy's IPv6 NAT changes.
Diffstat (limited to 'net')
-rw-r--r--net/8021q/vlan_core.c6
-rw-r--r--net/appletalk/atalk_proc.c3
-rw-r--r--net/atm/resources.c2
-rw-r--r--net/ax25/ax25_uid.c21
-rw-r--r--net/batman-adv/bat_iv_ogm.c96
-rw-r--r--net/batman-adv/bridge_loop_avoidance.c214
-rw-r--r--net/batman-adv/bridge_loop_avoidance.h11
-rw-r--r--net/batman-adv/debugfs.c12
-rw-r--r--net/batman-adv/gateway_client.c53
-rw-r--r--net/batman-adv/hard-interface.c13
-rw-r--r--net/batman-adv/main.c27
-rw-r--r--net/batman-adv/main.h29
-rw-r--r--net/batman-adv/packet.h35
-rw-r--r--net/batman-adv/routing.c85
-rw-r--r--net/batman-adv/send.c8
-rw-r--r--net/batman-adv/soft-interface.c79
-rw-r--r--net/batman-adv/soft-interface.h5
-rw-r--r--net/batman-adv/translation-table.c416
-rw-r--r--net/batman-adv/translation-table.h4
-rw-r--r--net/batman-adv/types.h120
-rw-r--r--net/batman-adv/unicast.c16
-rw-r--r--net/batman-adv/vis.c144
-rw-r--r--net/batman-adv/vis.h2
-rw-r--r--net/ceph/ceph_common.c1
-rw-r--r--net/ceph/debugfs.c4
-rw-r--r--net/ceph/messenger.c11
-rw-r--r--net/ceph/mon_client.c51
-rw-r--r--net/core/dev.c24
-rw-r--r--net/core/fib_rules.c3
-rw-r--r--net/core/link_watch.c8
-rw-r--r--net/core/netpoll.c13
-rw-r--r--net/core/request_sock.c95
-rw-r--r--net/core/scm.c31
-rw-r--r--net/core/sock.c12
-rw-r--r--net/decnet/af_decnet.c4
-rw-r--r--net/ieee802154/6lowpan.c53
-rw-r--r--net/ipv4/af_inet.c28
-rw-r--r--net/ipv4/devinet.c6
-rw-r--r--net/ipv4/fib_frontend.c7
-rw-r--r--net/ipv4/inet_connection_sock.c57
-rw-r--r--net/ipv4/inet_diag.c21
-rw-r--r--net/ipv4/ipmr.c14
-rw-r--r--net/ipv4/ping.c22
-rw-r--r--net/ipv4/proc.c4
-rw-r--r--net/ipv4/raw.c4
-rw-r--r--net/ipv4/route.c11
-rw-r--r--net/ipv4/syncookies.c1
-rw-r--r--net/ipv4/sysctl_net_ipv4.c87
-rw-r--r--net/ipv4/tcp.c49
-rw-r--r--net/ipv4/tcp_fastopen.c83
-rw-r--r--net/ipv4/tcp_input.c90
-rw-r--r--net/ipv4/tcp_ipv4.c275
-rw-r--r--net/ipv4/tcp_minisocks.c61
-rw-r--r--net/ipv4/tcp_output.c21
-rw-r--r--net/ipv4/tcp_timer.c39
-rw-r--r--net/ipv4/udp.c4
-rw-r--r--net/ipv4/udp_diag.c5
-rw-r--r--net/ipv6/addrconf.c35
-rw-r--r--net/ipv6/ip6_flowlabel.c47
-rw-r--r--net/ipv6/raw.c3
-rw-r--r--net/ipv6/syncookies.c1
-rw-r--r--net/ipv6/tcp_ipv6.c11
-rw-r--r--net/ipv6/udp.c3
-rw-r--r--net/ipx/ipx_proc.c3
-rw-r--r--net/key/af_key.c2
-rw-r--r--net/l2tp/l2tp_core.c3
-rw-r--r--net/l2tp/l2tp_core.h1
-rw-r--r--net/llc/llc_proc.c2
-rw-r--r--net/mac80211/aes_cmac.c6
-rw-r--r--net/mac80211/cfg.c66
-rw-r--r--net/mac80211/debugfs.c32
-rw-r--r--net/mac80211/driver-ops.h11
-rw-r--r--net/mac80211/ibss.c15
-rw-r--r--net/mac80211/ieee80211_i.h30
-rw-r--r--net/mac80211/iface.c289
-rw-r--r--net/mac80211/main.c21
-rw-r--r--net/mac80211/mesh.c28
-rw-r--r--net/mac80211/mesh.h3
-rw-r--r--net/mac80211/mesh_hwmp.c2
-rw-r--r--net/mac80211/mesh_pathtbl.c44
-rw-r--r--net/mac80211/mesh_plink.c38
-rw-r--r--net/mac80211/mlme.c240
-rw-r--r--net/mac80211/offchannel.c6
-rw-r--r--net/mac80211/rate.h2
-rw-r--r--net/mac80211/rx.c58
-rw-r--r--net/mac80211/scan.c12
-rw-r--r--net/mac80211/status.c22
-rw-r--r--net/mac80211/trace.h11
-rw-r--r--net/mac80211/tx.c109
-rw-r--r--net/mac80211/util.c57
-rw-r--r--net/netfilter/ipvs/ip_vs_ctl.c4
-rw-r--r--net/netfilter/nf_conntrack_core.c16
-rw-r--r--net/netfilter/nf_conntrack_netlink.c3
-rw-r--r--net/netfilter/nf_nat_sip.c5
-rw-r--r--net/netfilter/nfnetlink_log.c20
-rw-r--r--net/netfilter/xt_LOG.c16
-rw-r--r--net/netfilter/xt_owner.c30
-rw-r--r--net/netfilter/xt_recent.c13
-rw-r--r--net/netlink/af_netlink.c10
-rw-r--r--net/openvswitch/flow.c10
-rw-r--r--net/packet/af_packet.c4
-rw-r--r--net/phonet/socket.c6
-rw-r--r--net/rfkill/core.c14
-rw-r--r--net/sched/cls_api.c2
-rw-r--r--net/sched/cls_basic.c3
-rw-r--r--net/sched/cls_cgroup.c3
-rw-r--r--net/sched/cls_flow.c19
-rw-r--r--net/sched/cls_fw.c3
-rw-r--r--net/sched/cls_route.c3
-rw-r--r--net/sched/cls_rsvp.h3
-rw-r--r--net/sched/cls_tcindex.c3
-rw-r--r--net/sched/cls_u32.c3
-rw-r--r--net/sctp/proc.c6
-rw-r--r--net/unix/af_unix.c12
-rw-r--r--net/wireless/chan.c7
-rw-r--r--net/wireless/core.c53
-rw-r--r--net/wireless/mlme.c10
-rw-r--r--net/wireless/nl80211.c122
-rw-r--r--net/wireless/radiotap.c2
-rw-r--r--net/wireless/util.c36
120 files changed, 2941 insertions, 1313 deletions
diff --git a/net/8021q/vlan_core.c b/net/8021q/vlan_core.c
index 8ca533c95de0..b258da88f675 100644
--- a/net/8021q/vlan_core.c
+++ b/net/8021q/vlan_core.c
@@ -368,3 +368,9 @@ void vlan_vids_del_by_dev(struct net_device *dev,
368 vlan_vid_del(dev, vid_info->vid); 368 vlan_vid_del(dev, vid_info->vid);
369} 369}
370EXPORT_SYMBOL(vlan_vids_del_by_dev); 370EXPORT_SYMBOL(vlan_vids_del_by_dev);
371
372bool vlan_uses_dev(const struct net_device *dev)
373{
374 return rtnl_dereference(dev->vlan_info) ? true : false;
375}
376EXPORT_SYMBOL(vlan_uses_dev);
diff --git a/net/appletalk/atalk_proc.c b/net/appletalk/atalk_proc.c
index b5b1a221c242..c30f3a0717fb 100644
--- a/net/appletalk/atalk_proc.c
+++ b/net/appletalk/atalk_proc.c
@@ -183,7 +183,8 @@ static int atalk_seq_socket_show(struct seq_file *seq, void *v)
183 ntohs(at->dest_net), at->dest_node, at->dest_port, 183 ntohs(at->dest_net), at->dest_node, at->dest_port,
184 sk_wmem_alloc_get(s), 184 sk_wmem_alloc_get(s),
185 sk_rmem_alloc_get(s), 185 sk_rmem_alloc_get(s),
186 s->sk_state, SOCK_INODE(s->sk_socket)->i_uid); 186 s->sk_state,
187 from_kuid_munged(seq_user_ns(seq), sock_i_uid(s)));
187out: 188out:
188 return 0; 189 return 0;
189} 190}
diff --git a/net/atm/resources.c b/net/atm/resources.c
index 23f45ce6f351..0447d5d0b639 100644
--- a/net/atm/resources.c
+++ b/net/atm/resources.c
@@ -432,7 +432,7 @@ int atm_dev_ioctl(unsigned int cmd, void __user *arg, int compat)
432 size = dev->ops->ioctl(dev, cmd, buf); 432 size = dev->ops->ioctl(dev, cmd, buf);
433 } 433 }
434 if (size < 0) { 434 if (size < 0) {
435 error = (size == -ENOIOCTLCMD ? -EINVAL : size); 435 error = (size == -ENOIOCTLCMD ? -ENOTTY : size);
436 goto done; 436 goto done;
437 } 437 }
438 } 438 }
diff --git a/net/ax25/ax25_uid.c b/net/ax25/ax25_uid.c
index e3c579ba6325..957999e43ff7 100644
--- a/net/ax25/ax25_uid.c
+++ b/net/ax25/ax25_uid.c
@@ -51,14 +51,14 @@ int ax25_uid_policy;
51 51
52EXPORT_SYMBOL(ax25_uid_policy); 52EXPORT_SYMBOL(ax25_uid_policy);
53 53
54ax25_uid_assoc *ax25_findbyuid(uid_t uid) 54ax25_uid_assoc *ax25_findbyuid(kuid_t uid)
55{ 55{
56 ax25_uid_assoc *ax25_uid, *res = NULL; 56 ax25_uid_assoc *ax25_uid, *res = NULL;
57 struct hlist_node *node; 57 struct hlist_node *node;
58 58
59 read_lock(&ax25_uid_lock); 59 read_lock(&ax25_uid_lock);
60 ax25_uid_for_each(ax25_uid, node, &ax25_uid_list) { 60 ax25_uid_for_each(ax25_uid, node, &ax25_uid_list) {
61 if (ax25_uid->uid == uid) { 61 if (uid_eq(ax25_uid->uid, uid)) {
62 ax25_uid_hold(ax25_uid); 62 ax25_uid_hold(ax25_uid);
63 res = ax25_uid; 63 res = ax25_uid;
64 break; 64 break;
@@ -84,7 +84,7 @@ int ax25_uid_ioctl(int cmd, struct sockaddr_ax25 *sax)
84 read_lock(&ax25_uid_lock); 84 read_lock(&ax25_uid_lock);
85 ax25_uid_for_each(ax25_uid, node, &ax25_uid_list) { 85 ax25_uid_for_each(ax25_uid, node, &ax25_uid_list) {
86 if (ax25cmp(&sax->sax25_call, &ax25_uid->call) == 0) { 86 if (ax25cmp(&sax->sax25_call, &ax25_uid->call) == 0) {
87 res = ax25_uid->uid; 87 res = from_kuid_munged(current_user_ns(), ax25_uid->uid);
88 break; 88 break;
89 } 89 }
90 } 90 }
@@ -93,9 +93,14 @@ int ax25_uid_ioctl(int cmd, struct sockaddr_ax25 *sax)
93 return res; 93 return res;
94 94
95 case SIOCAX25ADDUID: 95 case SIOCAX25ADDUID:
96 {
97 kuid_t sax25_kuid;
96 if (!capable(CAP_NET_ADMIN)) 98 if (!capable(CAP_NET_ADMIN))
97 return -EPERM; 99 return -EPERM;
98 user = ax25_findbyuid(sax->sax25_uid); 100 sax25_kuid = make_kuid(current_user_ns(), sax->sax25_uid);
101 if (!uid_valid(sax25_kuid))
102 return -EINVAL;
103 user = ax25_findbyuid(sax25_kuid);
99 if (user) { 104 if (user) {
100 ax25_uid_put(user); 105 ax25_uid_put(user);
101 return -EEXIST; 106 return -EEXIST;
@@ -106,7 +111,7 @@ int ax25_uid_ioctl(int cmd, struct sockaddr_ax25 *sax)
106 return -ENOMEM; 111 return -ENOMEM;
107 112
108 atomic_set(&ax25_uid->refcount, 1); 113 atomic_set(&ax25_uid->refcount, 1);
109 ax25_uid->uid = sax->sax25_uid; 114 ax25_uid->uid = sax25_kuid;
110 ax25_uid->call = sax->sax25_call; 115 ax25_uid->call = sax->sax25_call;
111 116
112 write_lock(&ax25_uid_lock); 117 write_lock(&ax25_uid_lock);
@@ -114,7 +119,7 @@ int ax25_uid_ioctl(int cmd, struct sockaddr_ax25 *sax)
114 write_unlock(&ax25_uid_lock); 119 write_unlock(&ax25_uid_lock);
115 120
116 return 0; 121 return 0;
117 122 }
118 case SIOCAX25DELUID: 123 case SIOCAX25DELUID:
119 if (!capable(CAP_NET_ADMIN)) 124 if (!capable(CAP_NET_ADMIN))
120 return -EPERM; 125 return -EPERM;
@@ -172,7 +177,9 @@ static int ax25_uid_seq_show(struct seq_file *seq, void *v)
172 struct ax25_uid_assoc *pt; 177 struct ax25_uid_assoc *pt;
173 178
174 pt = hlist_entry(v, struct ax25_uid_assoc, uid_node); 179 pt = hlist_entry(v, struct ax25_uid_assoc, uid_node);
175 seq_printf(seq, "%6d %s\n", pt->uid, ax2asc(buf, &pt->call)); 180 seq_printf(seq, "%6d %s\n",
181 from_kuid_munged(seq_user_ns(seq), pt->uid),
182 ax2asc(buf, &pt->call));
176 } 183 }
177 return 0; 184 return 0;
178} 185}
diff --git a/net/batman-adv/bat_iv_ogm.c b/net/batman-adv/bat_iv_ogm.c
index e877af8bdd1e..df79300dcb7b 100644
--- a/net/batman-adv/bat_iv_ogm.c
+++ b/net/batman-adv/bat_iv_ogm.c
@@ -166,13 +166,15 @@ static void batadv_iv_ogm_send_to_if(struct batadv_forw_packet *forw_packet,
166 int16_t buff_pos; 166 int16_t buff_pos;
167 struct batadv_ogm_packet *batadv_ogm_packet; 167 struct batadv_ogm_packet *batadv_ogm_packet;
168 struct sk_buff *skb; 168 struct sk_buff *skb;
169 uint8_t *packet_pos;
169 170
170 if (hard_iface->if_status != BATADV_IF_ACTIVE) 171 if (hard_iface->if_status != BATADV_IF_ACTIVE)
171 return; 172 return;
172 173
173 packet_num = 0; 174 packet_num = 0;
174 buff_pos = 0; 175 buff_pos = 0;
175 batadv_ogm_packet = (struct batadv_ogm_packet *)forw_packet->skb->data; 176 packet_pos = forw_packet->skb->data;
177 batadv_ogm_packet = (struct batadv_ogm_packet *)packet_pos;
176 178
177 /* adjust all flags and log packets */ 179 /* adjust all flags and log packets */
178 while (batadv_iv_ogm_aggr_packet(buff_pos, forw_packet->packet_len, 180 while (batadv_iv_ogm_aggr_packet(buff_pos, forw_packet->packet_len,
@@ -181,15 +183,17 @@ static void batadv_iv_ogm_send_to_if(struct batadv_forw_packet *forw_packet,
181 /* we might have aggregated direct link packets with an 183 /* we might have aggregated direct link packets with an
182 * ordinary base packet 184 * ordinary base packet
183 */ 185 */
184 if ((forw_packet->direct_link_flags & (1 << packet_num)) && 186 if (forw_packet->direct_link_flags & BIT(packet_num) &&
185 (forw_packet->if_incoming == hard_iface)) 187 forw_packet->if_incoming == hard_iface)
186 batadv_ogm_packet->flags |= BATADV_DIRECTLINK; 188 batadv_ogm_packet->flags |= BATADV_DIRECTLINK;
187 else 189 else
188 batadv_ogm_packet->flags &= ~BATADV_DIRECTLINK; 190 batadv_ogm_packet->flags &= ~BATADV_DIRECTLINK;
189 191
190 fwd_str = (packet_num > 0 ? "Forwarding" : (forw_packet->own ? 192 if (packet_num > 0 || !forw_packet->own)
191 "Sending own" : 193 fwd_str = "Forwarding";
192 "Forwarding")); 194 else
195 fwd_str = "Sending own";
196
193 batadv_dbg(BATADV_DBG_BATMAN, bat_priv, 197 batadv_dbg(BATADV_DBG_BATMAN, bat_priv,
194 "%s %spacket (originator %pM, seqno %u, TQ %d, TTL %d, IDF %s, ttvn %d) on interface %s [%pM]\n", 198 "%s %spacket (originator %pM, seqno %u, TQ %d, TTL %d, IDF %s, ttvn %d) on interface %s [%pM]\n",
195 fwd_str, (packet_num > 0 ? "aggregated " : ""), 199 fwd_str, (packet_num > 0 ? "aggregated " : ""),
@@ -204,8 +208,8 @@ static void batadv_iv_ogm_send_to_if(struct batadv_forw_packet *forw_packet,
204 buff_pos += BATADV_OGM_HLEN; 208 buff_pos += BATADV_OGM_HLEN;
205 buff_pos += batadv_tt_len(batadv_ogm_packet->tt_num_changes); 209 buff_pos += batadv_tt_len(batadv_ogm_packet->tt_num_changes);
206 packet_num++; 210 packet_num++;
207 batadv_ogm_packet = (struct batadv_ogm_packet *) 211 packet_pos = forw_packet->skb->data + buff_pos;
208 (forw_packet->skb->data + buff_pos); 212 batadv_ogm_packet = (struct batadv_ogm_packet *)packet_pos;
209 } 213 }
210 214
211 /* create clone because function is called more than once */ 215 /* create clone because function is called more than once */
@@ -227,9 +231,10 @@ static void batadv_iv_ogm_emit(struct batadv_forw_packet *forw_packet)
227 struct batadv_hard_iface *primary_if = NULL; 231 struct batadv_hard_iface *primary_if = NULL;
228 struct batadv_ogm_packet *batadv_ogm_packet; 232 struct batadv_ogm_packet *batadv_ogm_packet;
229 unsigned char directlink; 233 unsigned char directlink;
234 uint8_t *packet_pos;
230 235
231 batadv_ogm_packet = (struct batadv_ogm_packet *) 236 packet_pos = forw_packet->skb->data;
232 (forw_packet->skb->data); 237 batadv_ogm_packet = (struct batadv_ogm_packet *)packet_pos;
233 directlink = (batadv_ogm_packet->flags & BATADV_DIRECTLINK ? 1 : 0); 238 directlink = (batadv_ogm_packet->flags & BATADV_DIRECTLINK ? 1 : 0);
234 239
235 if (!forw_packet->if_incoming) { 240 if (!forw_packet->if_incoming) {
@@ -454,6 +459,7 @@ static void batadv_iv_ogm_aggregate(struct batadv_forw_packet *forw_packet_aggr,
454 int packet_len, bool direct_link) 459 int packet_len, bool direct_link)
455{ 460{
456 unsigned char *skb_buff; 461 unsigned char *skb_buff;
462 unsigned long new_direct_link_flag;
457 463
458 skb_buff = skb_put(forw_packet_aggr->skb, packet_len); 464 skb_buff = skb_put(forw_packet_aggr->skb, packet_len);
459 memcpy(skb_buff, packet_buff, packet_len); 465 memcpy(skb_buff, packet_buff, packet_len);
@@ -461,9 +467,10 @@ static void batadv_iv_ogm_aggregate(struct batadv_forw_packet *forw_packet_aggr,
461 forw_packet_aggr->num_packets++; 467 forw_packet_aggr->num_packets++;
462 468
463 /* save packet direct link flag status */ 469 /* save packet direct link flag status */
464 if (direct_link) 470 if (direct_link) {
465 forw_packet_aggr->direct_link_flags |= 471 new_direct_link_flag = BIT(forw_packet_aggr->num_packets);
466 (1 << forw_packet_aggr->num_packets); 472 forw_packet_aggr->direct_link_flags |= new_direct_link_flag;
473 }
467} 474}
468 475
469static void batadv_iv_ogm_queue_add(struct batadv_priv *bat_priv, 476static void batadv_iv_ogm_queue_add(struct batadv_priv *bat_priv,
@@ -586,6 +593,8 @@ static void batadv_iv_ogm_schedule(struct batadv_hard_iface *hard_iface)
586 struct batadv_ogm_packet *batadv_ogm_packet; 593 struct batadv_ogm_packet *batadv_ogm_packet;
587 struct batadv_hard_iface *primary_if; 594 struct batadv_hard_iface *primary_if;
588 int vis_server, tt_num_changes = 0; 595 int vis_server, tt_num_changes = 0;
596 uint32_t seqno;
597 uint8_t bandwidth;
589 598
590 vis_server = atomic_read(&bat_priv->vis_mode); 599 vis_server = atomic_read(&bat_priv->vis_mode);
591 primary_if = batadv_primary_if_get_selected(bat_priv); 600 primary_if = batadv_primary_if_get_selected(bat_priv);
@@ -599,12 +608,12 @@ static void batadv_iv_ogm_schedule(struct batadv_hard_iface *hard_iface)
599 batadv_ogm_packet = (struct batadv_ogm_packet *)hard_iface->packet_buff; 608 batadv_ogm_packet = (struct batadv_ogm_packet *)hard_iface->packet_buff;
600 609
601 /* change sequence number to network order */ 610 /* change sequence number to network order */
602 batadv_ogm_packet->seqno = 611 seqno = (uint32_t)atomic_read(&hard_iface->seqno);
603 htonl((uint32_t)atomic_read(&hard_iface->seqno)); 612 batadv_ogm_packet->seqno = htonl(seqno);
604 atomic_inc(&hard_iface->seqno); 613 atomic_inc(&hard_iface->seqno);
605 614
606 batadv_ogm_packet->ttvn = atomic_read(&bat_priv->ttvn); 615 batadv_ogm_packet->ttvn = atomic_read(&bat_priv->tt.vn);
607 batadv_ogm_packet->tt_crc = htons(bat_priv->tt_crc); 616 batadv_ogm_packet->tt_crc = htons(bat_priv->tt.local_crc);
608 if (tt_num_changes >= 0) 617 if (tt_num_changes >= 0)
609 batadv_ogm_packet->tt_num_changes = tt_num_changes; 618 batadv_ogm_packet->tt_num_changes = tt_num_changes;
610 619
@@ -613,12 +622,13 @@ static void batadv_iv_ogm_schedule(struct batadv_hard_iface *hard_iface)
613 else 622 else
614 batadv_ogm_packet->flags &= ~BATADV_VIS_SERVER; 623 batadv_ogm_packet->flags &= ~BATADV_VIS_SERVER;
615 624
616 if ((hard_iface == primary_if) && 625 if (hard_iface == primary_if &&
617 (atomic_read(&bat_priv->gw_mode) == BATADV_GW_MODE_SERVER)) 626 atomic_read(&bat_priv->gw_mode) == BATADV_GW_MODE_SERVER) {
618 batadv_ogm_packet->gw_flags = 627 bandwidth = (uint8_t)atomic_read(&bat_priv->gw_bandwidth);
619 (uint8_t)atomic_read(&bat_priv->gw_bandwidth); 628 batadv_ogm_packet->gw_flags = bandwidth;
620 else 629 } else {
621 batadv_ogm_packet->gw_flags = BATADV_NO_FLAGS; 630 batadv_ogm_packet->gw_flags = BATADV_NO_FLAGS;
631 }
622 632
623 batadv_slide_own_bcast_window(hard_iface); 633 batadv_slide_own_bcast_window(hard_iface);
624 batadv_iv_ogm_queue_add(bat_priv, hard_iface->packet_buff, 634 batadv_iv_ogm_queue_add(bat_priv, hard_iface->packet_buff,
@@ -642,8 +652,9 @@ batadv_iv_ogm_orig_update(struct batadv_priv *bat_priv,
642 struct batadv_neigh_node *router = NULL; 652 struct batadv_neigh_node *router = NULL;
643 struct batadv_orig_node *orig_node_tmp; 653 struct batadv_orig_node *orig_node_tmp;
644 struct hlist_node *node; 654 struct hlist_node *node;
645 uint8_t bcast_own_sum_orig, bcast_own_sum_neigh; 655 uint8_t sum_orig, sum_neigh;
646 uint8_t *neigh_addr; 656 uint8_t *neigh_addr;
657 uint8_t tq_avg;
647 658
648 batadv_dbg(BATADV_DBG_BATMAN, bat_priv, 659 batadv_dbg(BATADV_DBG_BATMAN, bat_priv,
649 "update_originator(): Searching and updating originator entry of received packet\n"); 660 "update_originator(): Searching and updating originator entry of received packet\n");
@@ -667,8 +678,8 @@ batadv_iv_ogm_orig_update(struct batadv_priv *bat_priv,
667 spin_lock_bh(&tmp_neigh_node->lq_update_lock); 678 spin_lock_bh(&tmp_neigh_node->lq_update_lock);
668 batadv_ring_buffer_set(tmp_neigh_node->tq_recv, 679 batadv_ring_buffer_set(tmp_neigh_node->tq_recv,
669 &tmp_neigh_node->tq_index, 0); 680 &tmp_neigh_node->tq_index, 0);
670 tmp_neigh_node->tq_avg = 681 tq_avg = batadv_ring_buffer_avg(tmp_neigh_node->tq_recv);
671 batadv_ring_buffer_avg(tmp_neigh_node->tq_recv); 682 tmp_neigh_node->tq_avg = tq_avg;
672 spin_unlock_bh(&tmp_neigh_node->lq_update_lock); 683 spin_unlock_bh(&tmp_neigh_node->lq_update_lock);
673 } 684 }
674 685
@@ -727,17 +738,15 @@ batadv_iv_ogm_orig_update(struct batadv_priv *bat_priv,
727 if (router && (neigh_node->tq_avg == router->tq_avg)) { 738 if (router && (neigh_node->tq_avg == router->tq_avg)) {
728 orig_node_tmp = router->orig_node; 739 orig_node_tmp = router->orig_node;
729 spin_lock_bh(&orig_node_tmp->ogm_cnt_lock); 740 spin_lock_bh(&orig_node_tmp->ogm_cnt_lock);
730 bcast_own_sum_orig = 741 sum_orig = orig_node_tmp->bcast_own_sum[if_incoming->if_num];
731 orig_node_tmp->bcast_own_sum[if_incoming->if_num];
732 spin_unlock_bh(&orig_node_tmp->ogm_cnt_lock); 742 spin_unlock_bh(&orig_node_tmp->ogm_cnt_lock);
733 743
734 orig_node_tmp = neigh_node->orig_node; 744 orig_node_tmp = neigh_node->orig_node;
735 spin_lock_bh(&orig_node_tmp->ogm_cnt_lock); 745 spin_lock_bh(&orig_node_tmp->ogm_cnt_lock);
736 bcast_own_sum_neigh = 746 sum_neigh = orig_node_tmp->bcast_own_sum[if_incoming->if_num];
737 orig_node_tmp->bcast_own_sum[if_incoming->if_num];
738 spin_unlock_bh(&orig_node_tmp->ogm_cnt_lock); 747 spin_unlock_bh(&orig_node_tmp->ogm_cnt_lock);
739 748
740 if (bcast_own_sum_orig >= bcast_own_sum_neigh) 749 if (sum_orig >= sum_neigh)
741 goto update_tt; 750 goto update_tt;
742 } 751 }
743 752
@@ -835,8 +844,10 @@ static int batadv_iv_ogm_calc_tq(struct batadv_orig_node *orig_node,
835 spin_unlock_bh(&orig_node->ogm_cnt_lock); 844 spin_unlock_bh(&orig_node->ogm_cnt_lock);
836 845
837 /* pay attention to not get a value bigger than 100 % */ 846 /* pay attention to not get a value bigger than 100 % */
838 total_count = (orig_eq_count > neigh_rq_count ? 847 if (orig_eq_count > neigh_rq_count)
839 neigh_rq_count : orig_eq_count); 848 total_count = neigh_rq_count;
849 else
850 total_count = orig_eq_count;
840 851
841 /* if we have too few packets (too less data) we set tq_own to zero 852 /* if we have too few packets (too less data) we set tq_own to zero
842 * if we receive too few packets it is not considered bidirectional 853 * if we receive too few packets it is not considered bidirectional
@@ -910,6 +921,7 @@ batadv_iv_ogm_update_seqnos(const struct ethhdr *ethhdr,
910 int set_mark, ret = -1; 921 int set_mark, ret = -1;
911 uint32_t seqno = ntohl(batadv_ogm_packet->seqno); 922 uint32_t seqno = ntohl(batadv_ogm_packet->seqno);
912 uint8_t *neigh_addr; 923 uint8_t *neigh_addr;
924 uint8_t packet_count;
913 925
914 orig_node = batadv_get_orig_node(bat_priv, batadv_ogm_packet->orig); 926 orig_node = batadv_get_orig_node(bat_priv, batadv_ogm_packet->orig);
915 if (!orig_node) 927 if (!orig_node)
@@ -944,9 +956,9 @@ batadv_iv_ogm_update_seqnos(const struct ethhdr *ethhdr,
944 tmp_neigh_node->real_bits, 956 tmp_neigh_node->real_bits,
945 seq_diff, set_mark); 957 seq_diff, set_mark);
946 958
947 tmp_neigh_node->real_packet_count = 959 packet_count = bitmap_weight(tmp_neigh_node->real_bits,
948 bitmap_weight(tmp_neigh_node->real_bits, 960 BATADV_TQ_LOCAL_WINDOW_SIZE);
949 BATADV_TQ_LOCAL_WINDOW_SIZE); 961 tmp_neigh_node->real_packet_count = packet_count;
950 } 962 }
951 rcu_read_unlock(); 963 rcu_read_unlock();
952 964
@@ -1163,9 +1175,12 @@ static void batadv_iv_ogm_process(const struct ethhdr *ethhdr,
1163 /* if sender is a direct neighbor the sender mac equals 1175 /* if sender is a direct neighbor the sender mac equals
1164 * originator mac 1176 * originator mac
1165 */ 1177 */
1166 orig_neigh_node = (is_single_hop_neigh ? 1178 if (is_single_hop_neigh)
1167 orig_node : 1179 orig_neigh_node = orig_node;
1168 batadv_get_orig_node(bat_priv, ethhdr->h_source)); 1180 else
1181 orig_neigh_node = batadv_get_orig_node(bat_priv,
1182 ethhdr->h_source);
1183
1169 if (!orig_neigh_node) 1184 if (!orig_neigh_node)
1170 goto out; 1185 goto out;
1171 1186
@@ -1251,6 +1266,7 @@ static int batadv_iv_ogm_receive(struct sk_buff *skb,
1251 int buff_pos = 0, packet_len; 1266 int buff_pos = 0, packet_len;
1252 unsigned char *tt_buff, *packet_buff; 1267 unsigned char *tt_buff, *packet_buff;
1253 bool ret; 1268 bool ret;
1269 uint8_t *packet_pos;
1254 1270
1255 ret = batadv_check_management_packet(skb, if_incoming, BATADV_OGM_HLEN); 1271 ret = batadv_check_management_packet(skb, if_incoming, BATADV_OGM_HLEN);
1256 if (!ret) 1272 if (!ret)
@@ -1281,8 +1297,8 @@ static int batadv_iv_ogm_receive(struct sk_buff *skb,
1281 buff_pos += BATADV_OGM_HLEN; 1297 buff_pos += BATADV_OGM_HLEN;
1282 buff_pos += batadv_tt_len(batadv_ogm_packet->tt_num_changes); 1298 buff_pos += batadv_tt_len(batadv_ogm_packet->tt_num_changes);
1283 1299
1284 batadv_ogm_packet = (struct batadv_ogm_packet *) 1300 packet_pos = packet_buff + buff_pos;
1285 (packet_buff + buff_pos); 1301 batadv_ogm_packet = (struct batadv_ogm_packet *)packet_pos;
1286 } while (batadv_iv_ogm_aggr_packet(buff_pos, packet_len, 1302 } while (batadv_iv_ogm_aggr_packet(buff_pos, packet_len,
1287 batadv_ogm_packet->tt_num_changes)); 1303 batadv_ogm_packet->tt_num_changes));
1288 1304
diff --git a/net/batman-adv/bridge_loop_avoidance.c b/net/batman-adv/bridge_loop_avoidance.c
index 6705d35b17ce..0a9084ad19a6 100644
--- a/net/batman-adv/bridge_loop_avoidance.c
+++ b/net/batman-adv/bridge_loop_avoidance.c
@@ -133,7 +133,7 @@ static void batadv_claim_free_ref(struct batadv_claim *claim)
133static struct batadv_claim *batadv_claim_hash_find(struct batadv_priv *bat_priv, 133static struct batadv_claim *batadv_claim_hash_find(struct batadv_priv *bat_priv,
134 struct batadv_claim *data) 134 struct batadv_claim *data)
135{ 135{
136 struct batadv_hashtable *hash = bat_priv->claim_hash; 136 struct batadv_hashtable *hash = bat_priv->bla.claim_hash;
137 struct hlist_head *head; 137 struct hlist_head *head;
138 struct hlist_node *node; 138 struct hlist_node *node;
139 struct batadv_claim *claim; 139 struct batadv_claim *claim;
@@ -174,7 +174,7 @@ static struct batadv_backbone_gw *
174batadv_backbone_hash_find(struct batadv_priv *bat_priv, 174batadv_backbone_hash_find(struct batadv_priv *bat_priv,
175 uint8_t *addr, short vid) 175 uint8_t *addr, short vid)
176{ 176{
177 struct batadv_hashtable *hash = bat_priv->backbone_hash; 177 struct batadv_hashtable *hash = bat_priv->bla.backbone_hash;
178 struct hlist_head *head; 178 struct hlist_head *head;
179 struct hlist_node *node; 179 struct hlist_node *node;
180 struct batadv_backbone_gw search_entry, *backbone_gw; 180 struct batadv_backbone_gw search_entry, *backbone_gw;
@@ -218,7 +218,7 @@ batadv_bla_del_backbone_claims(struct batadv_backbone_gw *backbone_gw)
218 int i; 218 int i;
219 spinlock_t *list_lock; /* protects write access to the hash lists */ 219 spinlock_t *list_lock; /* protects write access to the hash lists */
220 220
221 hash = backbone_gw->bat_priv->claim_hash; 221 hash = backbone_gw->bat_priv->bla.claim_hash;
222 if (!hash) 222 if (!hash)
223 return; 223 return;
224 224
@@ -265,7 +265,7 @@ static void batadv_bla_send_claim(struct batadv_priv *bat_priv, uint8_t *mac,
265 if (!primary_if) 265 if (!primary_if)
266 return; 266 return;
267 267
268 memcpy(&local_claim_dest, &bat_priv->claim_dest, 268 memcpy(&local_claim_dest, &bat_priv->bla.claim_dest,
269 sizeof(local_claim_dest)); 269 sizeof(local_claim_dest));
270 local_claim_dest.type = claimtype; 270 local_claim_dest.type = claimtype;
271 271
@@ -281,7 +281,7 @@ static void batadv_bla_send_claim(struct batadv_priv *bat_priv, uint8_t *mac,
281 NULL, 281 NULL,
282 /* Ethernet SRC/HW SRC: originator mac */ 282 /* Ethernet SRC/HW SRC: originator mac */
283 primary_if->net_dev->dev_addr, 283 primary_if->net_dev->dev_addr,
284 /* HW DST: FF:43:05:XX:00:00 284 /* HW DST: FF:43:05:XX:YY:YY
285 * with XX = claim type 285 * with XX = claim type
286 * and YY:YY = group id 286 * and YY:YY = group id
287 */ 287 */
@@ -295,7 +295,7 @@ static void batadv_bla_send_claim(struct batadv_priv *bat_priv, uint8_t *mac,
295 295
296 /* now we pretend that the client would have sent this ... */ 296 /* now we pretend that the client would have sent this ... */
297 switch (claimtype) { 297 switch (claimtype) {
298 case BATADV_CLAIM_TYPE_ADD: 298 case BATADV_CLAIM_TYPE_CLAIM:
299 /* normal claim frame 299 /* normal claim frame
300 * set Ethernet SRC to the clients mac 300 * set Ethernet SRC to the clients mac
301 */ 301 */
@@ -303,7 +303,7 @@ static void batadv_bla_send_claim(struct batadv_priv *bat_priv, uint8_t *mac,
303 batadv_dbg(BATADV_DBG_BLA, bat_priv, 303 batadv_dbg(BATADV_DBG_BLA, bat_priv,
304 "bla_send_claim(): CLAIM %pM on vid %d\n", mac, vid); 304 "bla_send_claim(): CLAIM %pM on vid %d\n", mac, vid);
305 break; 305 break;
306 case BATADV_CLAIM_TYPE_DEL: 306 case BATADV_CLAIM_TYPE_UNCLAIM:
307 /* unclaim frame 307 /* unclaim frame
308 * set HW SRC to the clients mac 308 * set HW SRC to the clients mac
309 */ 309 */
@@ -323,7 +323,8 @@ static void batadv_bla_send_claim(struct batadv_priv *bat_priv, uint8_t *mac,
323 break; 323 break;
324 case BATADV_CLAIM_TYPE_REQUEST: 324 case BATADV_CLAIM_TYPE_REQUEST:
325 /* request frame 325 /* request frame
326 * set HW SRC to the special mac containg the crc 326 * set HW SRC and header destination to the receiving backbone
327 * gws mac
327 */ 328 */
328 memcpy(hw_src, mac, ETH_ALEN); 329 memcpy(hw_src, mac, ETH_ALEN);
329 memcpy(ethhdr->h_dest, mac, ETH_ALEN); 330 memcpy(ethhdr->h_dest, mac, ETH_ALEN);
@@ -339,8 +340,9 @@ static void batadv_bla_send_claim(struct batadv_priv *bat_priv, uint8_t *mac,
339 340
340 skb_reset_mac_header(skb); 341 skb_reset_mac_header(skb);
341 skb->protocol = eth_type_trans(skb, soft_iface); 342 skb->protocol = eth_type_trans(skb, soft_iface);
342 bat_priv->stats.rx_packets++; 343 batadv_inc_counter(bat_priv, BATADV_CNT_RX);
343 bat_priv->stats.rx_bytes += skb->len + ETH_HLEN; 344 batadv_add_counter(bat_priv, BATADV_CNT_RX_BYTES,
345 skb->len + ETH_HLEN);
344 soft_iface->last_rx = jiffies; 346 soft_iface->last_rx = jiffies;
345 347
346 netif_rx(skb); 348 netif_rx(skb);
@@ -389,7 +391,7 @@ batadv_bla_get_backbone_gw(struct batadv_priv *bat_priv, uint8_t *orig,
389 /* one for the hash, one for returning */ 391 /* one for the hash, one for returning */
390 atomic_set(&entry->refcount, 2); 392 atomic_set(&entry->refcount, 2);
391 393
392 hash_added = batadv_hash_add(bat_priv->backbone_hash, 394 hash_added = batadv_hash_add(bat_priv->bla.backbone_hash,
393 batadv_compare_backbone_gw, 395 batadv_compare_backbone_gw,
394 batadv_choose_backbone_gw, entry, 396 batadv_choose_backbone_gw, entry,
395 &entry->hash_entry); 397 &entry->hash_entry);
@@ -456,7 +458,7 @@ static void batadv_bla_answer_request(struct batadv_priv *bat_priv,
456 if (!backbone_gw) 458 if (!backbone_gw)
457 return; 459 return;
458 460
459 hash = bat_priv->claim_hash; 461 hash = bat_priv->bla.claim_hash;
460 for (i = 0; i < hash->size; i++) { 462 for (i = 0; i < hash->size; i++) {
461 head = &hash->table[i]; 463 head = &hash->table[i];
462 464
@@ -467,7 +469,7 @@ static void batadv_bla_answer_request(struct batadv_priv *bat_priv,
467 continue; 469 continue;
468 470
469 batadv_bla_send_claim(bat_priv, claim->addr, claim->vid, 471 batadv_bla_send_claim(bat_priv, claim->addr, claim->vid,
470 BATADV_CLAIM_TYPE_ADD); 472 BATADV_CLAIM_TYPE_CLAIM);
471 } 473 }
472 rcu_read_unlock(); 474 rcu_read_unlock();
473 } 475 }
@@ -497,7 +499,7 @@ static void batadv_bla_send_request(struct batadv_backbone_gw *backbone_gw)
497 499
498 /* no local broadcasts should be sent or received, for now. */ 500 /* no local broadcasts should be sent or received, for now. */
499 if (!atomic_read(&backbone_gw->request_sent)) { 501 if (!atomic_read(&backbone_gw->request_sent)) {
500 atomic_inc(&backbone_gw->bat_priv->bla_num_requests); 502 atomic_inc(&backbone_gw->bat_priv->bla.num_requests);
501 atomic_set(&backbone_gw->request_sent, 1); 503 atomic_set(&backbone_gw->request_sent, 1);
502 } 504 }
503} 505}
@@ -557,7 +559,7 @@ static void batadv_bla_add_claim(struct batadv_priv *bat_priv,
557 batadv_dbg(BATADV_DBG_BLA, bat_priv, 559 batadv_dbg(BATADV_DBG_BLA, bat_priv,
558 "bla_add_claim(): adding new entry %pM, vid %d to hash ...\n", 560 "bla_add_claim(): adding new entry %pM, vid %d to hash ...\n",
559 mac, vid); 561 mac, vid);
560 hash_added = batadv_hash_add(bat_priv->claim_hash, 562 hash_added = batadv_hash_add(bat_priv->bla.claim_hash,
561 batadv_compare_claim, 563 batadv_compare_claim,
562 batadv_choose_claim, claim, 564 batadv_choose_claim, claim,
563 &claim->hash_entry); 565 &claim->hash_entry);
@@ -577,8 +579,7 @@ static void batadv_bla_add_claim(struct batadv_priv *bat_priv,
577 "bla_add_claim(): changing ownership for %pM, vid %d\n", 579 "bla_add_claim(): changing ownership for %pM, vid %d\n",
578 mac, vid); 580 mac, vid);
579 581
580 claim->backbone_gw->crc ^= 582 claim->backbone_gw->crc ^= crc16(0, claim->addr, ETH_ALEN);
581 crc16(0, claim->addr, ETH_ALEN);
582 batadv_backbone_gw_free_ref(claim->backbone_gw); 583 batadv_backbone_gw_free_ref(claim->backbone_gw);
583 584
584 } 585 }
@@ -610,7 +611,7 @@ static void batadv_bla_del_claim(struct batadv_priv *bat_priv,
610 batadv_dbg(BATADV_DBG_BLA, bat_priv, "bla_del_claim(): %pM, vid %d\n", 611 batadv_dbg(BATADV_DBG_BLA, bat_priv, "bla_del_claim(): %pM, vid %d\n",
611 mac, vid); 612 mac, vid);
612 613
613 batadv_hash_remove(bat_priv->claim_hash, batadv_compare_claim, 614 batadv_hash_remove(bat_priv->bla.claim_hash, batadv_compare_claim,
614 batadv_choose_claim, claim); 615 batadv_choose_claim, claim);
615 batadv_claim_free_ref(claim); /* reference from the hash is gone */ 616 batadv_claim_free_ref(claim); /* reference from the hash is gone */
616 617
@@ -657,7 +658,7 @@ static int batadv_handle_announce(struct batadv_priv *bat_priv,
657 * we can allow traffic again. 658 * we can allow traffic again.
658 */ 659 */
659 if (atomic_read(&backbone_gw->request_sent)) { 660 if (atomic_read(&backbone_gw->request_sent)) {
660 atomic_dec(&backbone_gw->bat_priv->bla_num_requests); 661 atomic_dec(&backbone_gw->bat_priv->bla.num_requests);
661 atomic_set(&backbone_gw->request_sent, 0); 662 atomic_set(&backbone_gw->request_sent, 0);
662 } 663 }
663 } 664 }
@@ -702,7 +703,7 @@ static int batadv_handle_unclaim(struct batadv_priv *bat_priv,
702 if (primary_if && batadv_compare_eth(backbone_addr, 703 if (primary_if && batadv_compare_eth(backbone_addr,
703 primary_if->net_dev->dev_addr)) 704 primary_if->net_dev->dev_addr))
704 batadv_bla_send_claim(bat_priv, claim_addr, vid, 705 batadv_bla_send_claim(bat_priv, claim_addr, vid,
705 BATADV_CLAIM_TYPE_DEL); 706 BATADV_CLAIM_TYPE_UNCLAIM);
706 707
707 backbone_gw = batadv_backbone_hash_find(bat_priv, backbone_addr, vid); 708 backbone_gw = batadv_backbone_hash_find(bat_priv, backbone_addr, vid);
708 709
@@ -738,7 +739,7 @@ static int batadv_handle_claim(struct batadv_priv *bat_priv,
738 batadv_bla_add_claim(bat_priv, claim_addr, vid, backbone_gw); 739 batadv_bla_add_claim(bat_priv, claim_addr, vid, backbone_gw);
739 if (batadv_compare_eth(backbone_addr, primary_if->net_dev->dev_addr)) 740 if (batadv_compare_eth(backbone_addr, primary_if->net_dev->dev_addr))
740 batadv_bla_send_claim(bat_priv, claim_addr, vid, 741 batadv_bla_send_claim(bat_priv, claim_addr, vid,
741 BATADV_CLAIM_TYPE_ADD); 742 BATADV_CLAIM_TYPE_CLAIM);
742 743
743 /* TODO: we could call something like tt_local_del() here. */ 744 /* TODO: we could call something like tt_local_del() here. */
744 745
@@ -772,7 +773,7 @@ static int batadv_check_claim_group(struct batadv_priv *bat_priv,
772 struct batadv_bla_claim_dst *bla_dst, *bla_dst_own; 773 struct batadv_bla_claim_dst *bla_dst, *bla_dst_own;
773 774
774 bla_dst = (struct batadv_bla_claim_dst *)hw_dst; 775 bla_dst = (struct batadv_bla_claim_dst *)hw_dst;
775 bla_dst_own = &bat_priv->claim_dest; 776 bla_dst_own = &bat_priv->bla.claim_dest;
776 777
777 /* check if it is a claim packet in general */ 778 /* check if it is a claim packet in general */
778 if (memcmp(bla_dst->magic, bla_dst_own->magic, 779 if (memcmp(bla_dst->magic, bla_dst_own->magic,
@@ -783,12 +784,12 @@ static int batadv_check_claim_group(struct batadv_priv *bat_priv,
783 * otherwise assume it is in the hw_src 784 * otherwise assume it is in the hw_src
784 */ 785 */
785 switch (bla_dst->type) { 786 switch (bla_dst->type) {
786 case BATADV_CLAIM_TYPE_ADD: 787 case BATADV_CLAIM_TYPE_CLAIM:
787 backbone_addr = hw_src; 788 backbone_addr = hw_src;
788 break; 789 break;
789 case BATADV_CLAIM_TYPE_REQUEST: 790 case BATADV_CLAIM_TYPE_REQUEST:
790 case BATADV_CLAIM_TYPE_ANNOUNCE: 791 case BATADV_CLAIM_TYPE_ANNOUNCE:
791 case BATADV_CLAIM_TYPE_DEL: 792 case BATADV_CLAIM_TYPE_UNCLAIM:
792 backbone_addr = ethhdr->h_source; 793 backbone_addr = ethhdr->h_source;
793 break; 794 break;
794 default: 795 default:
@@ -904,12 +905,12 @@ static int batadv_bla_process_claim(struct batadv_priv *bat_priv,
904 905
905 /* check for the different types of claim frames ... */ 906 /* check for the different types of claim frames ... */
906 switch (bla_dst->type) { 907 switch (bla_dst->type) {
907 case BATADV_CLAIM_TYPE_ADD: 908 case BATADV_CLAIM_TYPE_CLAIM:
908 if (batadv_handle_claim(bat_priv, primary_if, hw_src, 909 if (batadv_handle_claim(bat_priv, primary_if, hw_src,
909 ethhdr->h_source, vid)) 910 ethhdr->h_source, vid))
910 return 1; 911 return 1;
911 break; 912 break;
912 case BATADV_CLAIM_TYPE_DEL: 913 case BATADV_CLAIM_TYPE_UNCLAIM:
913 if (batadv_handle_unclaim(bat_priv, primary_if, 914 if (batadv_handle_unclaim(bat_priv, primary_if,
914 ethhdr->h_source, hw_src, vid)) 915 ethhdr->h_source, hw_src, vid))
915 return 1; 916 return 1;
@@ -945,7 +946,7 @@ static void batadv_bla_purge_backbone_gw(struct batadv_priv *bat_priv, int now)
945 spinlock_t *list_lock; /* protects write access to the hash lists */ 946 spinlock_t *list_lock; /* protects write access to the hash lists */
946 int i; 947 int i;
947 948
948 hash = bat_priv->backbone_hash; 949 hash = bat_priv->bla.backbone_hash;
949 if (!hash) 950 if (!hash)
950 return; 951 return;
951 952
@@ -969,7 +970,7 @@ static void batadv_bla_purge_backbone_gw(struct batadv_priv *bat_priv, int now)
969purge_now: 970purge_now:
970 /* don't wait for the pending request anymore */ 971 /* don't wait for the pending request anymore */
971 if (atomic_read(&backbone_gw->request_sent)) 972 if (atomic_read(&backbone_gw->request_sent))
972 atomic_dec(&bat_priv->bla_num_requests); 973 atomic_dec(&bat_priv->bla.num_requests);
973 974
974 batadv_bla_del_backbone_claims(backbone_gw); 975 batadv_bla_del_backbone_claims(backbone_gw);
975 976
@@ -999,7 +1000,7 @@ static void batadv_bla_purge_claims(struct batadv_priv *bat_priv,
999 struct batadv_hashtable *hash; 1000 struct batadv_hashtable *hash;
1000 int i; 1001 int i;
1001 1002
1002 hash = bat_priv->claim_hash; 1003 hash = bat_priv->bla.claim_hash;
1003 if (!hash) 1004 if (!hash)
1004 return; 1005 return;
1005 1006
@@ -1046,11 +1047,12 @@ void batadv_bla_update_orig_address(struct batadv_priv *bat_priv,
1046 struct hlist_node *node; 1047 struct hlist_node *node;
1047 struct hlist_head *head; 1048 struct hlist_head *head;
1048 struct batadv_hashtable *hash; 1049 struct batadv_hashtable *hash;
1050 __be16 group;
1049 int i; 1051 int i;
1050 1052
1051 /* reset bridge loop avoidance group id */ 1053 /* reset bridge loop avoidance group id */
1052 bat_priv->claim_dest.group = 1054 group = htons(crc16(0, primary_if->net_dev->dev_addr, ETH_ALEN));
1053 htons(crc16(0, primary_if->net_dev->dev_addr, ETH_ALEN)); 1055 bat_priv->bla.claim_dest.group = group;
1054 1056
1055 if (!oldif) { 1057 if (!oldif) {
1056 batadv_bla_purge_claims(bat_priv, NULL, 1); 1058 batadv_bla_purge_claims(bat_priv, NULL, 1);
@@ -1058,7 +1060,7 @@ void batadv_bla_update_orig_address(struct batadv_priv *bat_priv,
1058 return; 1060 return;
1059 } 1061 }
1060 1062
1061 hash = bat_priv->backbone_hash; 1063 hash = bat_priv->bla.backbone_hash;
1062 if (!hash) 1064 if (!hash)
1063 return; 1065 return;
1064 1066
@@ -1088,8 +1090,8 @@ void batadv_bla_update_orig_address(struct batadv_priv *bat_priv,
1088/* (re)start the timer */ 1090/* (re)start the timer */
1089static void batadv_bla_start_timer(struct batadv_priv *bat_priv) 1091static void batadv_bla_start_timer(struct batadv_priv *bat_priv)
1090{ 1092{
1091 INIT_DELAYED_WORK(&bat_priv->bla_work, batadv_bla_periodic_work); 1093 INIT_DELAYED_WORK(&bat_priv->bla.work, batadv_bla_periodic_work);
1092 queue_delayed_work(batadv_event_workqueue, &bat_priv->bla_work, 1094 queue_delayed_work(batadv_event_workqueue, &bat_priv->bla.work,
1093 msecs_to_jiffies(BATADV_BLA_PERIOD_LENGTH)); 1095 msecs_to_jiffies(BATADV_BLA_PERIOD_LENGTH));
1094} 1096}
1095 1097
@@ -1099,9 +1101,9 @@ static void batadv_bla_start_timer(struct batadv_priv *bat_priv)
1099 */ 1101 */
1100static void batadv_bla_periodic_work(struct work_struct *work) 1102static void batadv_bla_periodic_work(struct work_struct *work)
1101{ 1103{
1102 struct delayed_work *delayed_work = 1104 struct delayed_work *delayed_work;
1103 container_of(work, struct delayed_work, work);
1104 struct batadv_priv *bat_priv; 1105 struct batadv_priv *bat_priv;
1106 struct batadv_priv_bla *priv_bla;
1105 struct hlist_node *node; 1107 struct hlist_node *node;
1106 struct hlist_head *head; 1108 struct hlist_head *head;
1107 struct batadv_backbone_gw *backbone_gw; 1109 struct batadv_backbone_gw *backbone_gw;
@@ -1109,7 +1111,9 @@ static void batadv_bla_periodic_work(struct work_struct *work)
1109 struct batadv_hard_iface *primary_if; 1111 struct batadv_hard_iface *primary_if;
1110 int i; 1112 int i;
1111 1113
1112 bat_priv = container_of(delayed_work, struct batadv_priv, bla_work); 1114 delayed_work = container_of(work, struct delayed_work, work);
1115 priv_bla = container_of(delayed_work, struct batadv_priv_bla, work);
1116 bat_priv = container_of(priv_bla, struct batadv_priv, bla);
1113 primary_if = batadv_primary_if_get_selected(bat_priv); 1117 primary_if = batadv_primary_if_get_selected(bat_priv);
1114 if (!primary_if) 1118 if (!primary_if)
1115 goto out; 1119 goto out;
@@ -1120,7 +1124,7 @@ static void batadv_bla_periodic_work(struct work_struct *work)
1120 if (!atomic_read(&bat_priv->bridge_loop_avoidance)) 1124 if (!atomic_read(&bat_priv->bridge_loop_avoidance))
1121 goto out; 1125 goto out;
1122 1126
1123 hash = bat_priv->backbone_hash; 1127 hash = bat_priv->bla.backbone_hash;
1124 if (!hash) 1128 if (!hash)
1125 goto out; 1129 goto out;
1126 1130
@@ -1160,40 +1164,41 @@ int batadv_bla_init(struct batadv_priv *bat_priv)
1160 int i; 1164 int i;
1161 uint8_t claim_dest[ETH_ALEN] = {0xff, 0x43, 0x05, 0x00, 0x00, 0x00}; 1165 uint8_t claim_dest[ETH_ALEN] = {0xff, 0x43, 0x05, 0x00, 0x00, 0x00};
1162 struct batadv_hard_iface *primary_if; 1166 struct batadv_hard_iface *primary_if;
1167 uint16_t crc;
1168 unsigned long entrytime;
1163 1169
1164 batadv_dbg(BATADV_DBG_BLA, bat_priv, "bla hash registering\n"); 1170 batadv_dbg(BATADV_DBG_BLA, bat_priv, "bla hash registering\n");
1165 1171
1166 /* setting claim destination address */ 1172 /* setting claim destination address */
1167 memcpy(&bat_priv->claim_dest.magic, claim_dest, 3); 1173 memcpy(&bat_priv->bla.claim_dest.magic, claim_dest, 3);
1168 bat_priv->claim_dest.type = 0; 1174 bat_priv->bla.claim_dest.type = 0;
1169 primary_if = batadv_primary_if_get_selected(bat_priv); 1175 primary_if = batadv_primary_if_get_selected(bat_priv);
1170 if (primary_if) { 1176 if (primary_if) {
1171 bat_priv->claim_dest.group = 1177 crc = crc16(0, primary_if->net_dev->dev_addr, ETH_ALEN);
1172 htons(crc16(0, primary_if->net_dev->dev_addr, 1178 bat_priv->bla.claim_dest.group = htons(crc);
1173 ETH_ALEN));
1174 batadv_hardif_free_ref(primary_if); 1179 batadv_hardif_free_ref(primary_if);
1175 } else { 1180 } else {
1176 bat_priv->claim_dest.group = 0; /* will be set later */ 1181 bat_priv->bla.claim_dest.group = 0; /* will be set later */
1177 } 1182 }
1178 1183
1179 /* initialize the duplicate list */ 1184 /* initialize the duplicate list */
1185 entrytime = jiffies - msecs_to_jiffies(BATADV_DUPLIST_TIMEOUT);
1180 for (i = 0; i < BATADV_DUPLIST_SIZE; i++) 1186 for (i = 0; i < BATADV_DUPLIST_SIZE; i++)
1181 bat_priv->bcast_duplist[i].entrytime = 1187 bat_priv->bla.bcast_duplist[i].entrytime = entrytime;
1182 jiffies - msecs_to_jiffies(BATADV_DUPLIST_TIMEOUT); 1188 bat_priv->bla.bcast_duplist_curr = 0;
1183 bat_priv->bcast_duplist_curr = 0;
1184 1189
1185 if (bat_priv->claim_hash) 1190 if (bat_priv->bla.claim_hash)
1186 return 0; 1191 return 0;
1187 1192
1188 bat_priv->claim_hash = batadv_hash_new(128); 1193 bat_priv->bla.claim_hash = batadv_hash_new(128);
1189 bat_priv->backbone_hash = batadv_hash_new(32); 1194 bat_priv->bla.backbone_hash = batadv_hash_new(32);
1190 1195
1191 if (!bat_priv->claim_hash || !bat_priv->backbone_hash) 1196 if (!bat_priv->bla.claim_hash || !bat_priv->bla.backbone_hash)
1192 return -ENOMEM; 1197 return -ENOMEM;
1193 1198
1194 batadv_hash_set_lock_class(bat_priv->claim_hash, 1199 batadv_hash_set_lock_class(bat_priv->bla.claim_hash,
1195 &batadv_claim_hash_lock_class_key); 1200 &batadv_claim_hash_lock_class_key);
1196 batadv_hash_set_lock_class(bat_priv->backbone_hash, 1201 batadv_hash_set_lock_class(bat_priv->bla.backbone_hash,
1197 &batadv_backbone_hash_lock_class_key); 1202 &batadv_backbone_hash_lock_class_key);
1198 1203
1199 batadv_dbg(BATADV_DBG_BLA, bat_priv, "bla hashes initialized\n"); 1204 batadv_dbg(BATADV_DBG_BLA, bat_priv, "bla hashes initialized\n");
@@ -1234,8 +1239,9 @@ int batadv_bla_check_bcast_duplist(struct batadv_priv *bat_priv,
1234 crc = crc16(0, content, length); 1239 crc = crc16(0, content, length);
1235 1240
1236 for (i = 0; i < BATADV_DUPLIST_SIZE; i++) { 1241 for (i = 0; i < BATADV_DUPLIST_SIZE; i++) {
1237 curr = (bat_priv->bcast_duplist_curr + i) % BATADV_DUPLIST_SIZE; 1242 curr = (bat_priv->bla.bcast_duplist_curr + i);
1238 entry = &bat_priv->bcast_duplist[curr]; 1243 curr %= BATADV_DUPLIST_SIZE;
1244 entry = &bat_priv->bla.bcast_duplist[curr];
1239 1245
1240 /* we can stop searching if the entry is too old ; 1246 /* we can stop searching if the entry is too old ;
1241 * later entries will be even older 1247 * later entries will be even older
@@ -1256,13 +1262,13 @@ int batadv_bla_check_bcast_duplist(struct batadv_priv *bat_priv,
1256 return 1; 1262 return 1;
1257 } 1263 }
1258 /* not found, add a new entry (overwrite the oldest entry) */ 1264 /* not found, add a new entry (overwrite the oldest entry) */
1259 curr = (bat_priv->bcast_duplist_curr + BATADV_DUPLIST_SIZE - 1); 1265 curr = (bat_priv->bla.bcast_duplist_curr + BATADV_DUPLIST_SIZE - 1);
1260 curr %= BATADV_DUPLIST_SIZE; 1266 curr %= BATADV_DUPLIST_SIZE;
1261 entry = &bat_priv->bcast_duplist[curr]; 1267 entry = &bat_priv->bla.bcast_duplist[curr];
1262 entry->crc = crc; 1268 entry->crc = crc;
1263 entry->entrytime = jiffies; 1269 entry->entrytime = jiffies;
1264 memcpy(entry->orig, bcast_packet->orig, ETH_ALEN); 1270 memcpy(entry->orig, bcast_packet->orig, ETH_ALEN);
1265 bat_priv->bcast_duplist_curr = curr; 1271 bat_priv->bla.bcast_duplist_curr = curr;
1266 1272
1267 /* allow it, its the first occurence. */ 1273 /* allow it, its the first occurence. */
1268 return 0; 1274 return 0;
@@ -1279,7 +1285,7 @@ int batadv_bla_check_bcast_duplist(struct batadv_priv *bat_priv,
1279 */ 1285 */
1280int batadv_bla_is_backbone_gw_orig(struct batadv_priv *bat_priv, uint8_t *orig) 1286int batadv_bla_is_backbone_gw_orig(struct batadv_priv *bat_priv, uint8_t *orig)
1281{ 1287{
1282 struct batadv_hashtable *hash = bat_priv->backbone_hash; 1288 struct batadv_hashtable *hash = bat_priv->bla.backbone_hash;
1283 struct hlist_head *head; 1289 struct hlist_head *head;
1284 struct hlist_node *node; 1290 struct hlist_node *node;
1285 struct batadv_backbone_gw *backbone_gw; 1291 struct batadv_backbone_gw *backbone_gw;
@@ -1339,8 +1345,7 @@ int batadv_bla_is_backbone_gw(struct sk_buff *skb,
1339 if (!pskb_may_pull(skb, hdr_size + sizeof(struct vlan_ethhdr))) 1345 if (!pskb_may_pull(skb, hdr_size + sizeof(struct vlan_ethhdr)))
1340 return 0; 1346 return 0;
1341 1347
1342 vhdr = (struct vlan_ethhdr *)(((uint8_t *)skb->data) + 1348 vhdr = (struct vlan_ethhdr *)(skb->data + hdr_size);
1343 hdr_size);
1344 vid = ntohs(vhdr->h_vlan_TCI) & VLAN_VID_MASK; 1349 vid = ntohs(vhdr->h_vlan_TCI) & VLAN_VID_MASK;
1345 } 1350 }
1346 1351
@@ -1359,18 +1364,18 @@ void batadv_bla_free(struct batadv_priv *bat_priv)
1359{ 1364{
1360 struct batadv_hard_iface *primary_if; 1365 struct batadv_hard_iface *primary_if;
1361 1366
1362 cancel_delayed_work_sync(&bat_priv->bla_work); 1367 cancel_delayed_work_sync(&bat_priv->bla.work);
1363 primary_if = batadv_primary_if_get_selected(bat_priv); 1368 primary_if = batadv_primary_if_get_selected(bat_priv);
1364 1369
1365 if (bat_priv->claim_hash) { 1370 if (bat_priv->bla.claim_hash) {
1366 batadv_bla_purge_claims(bat_priv, primary_if, 1); 1371 batadv_bla_purge_claims(bat_priv, primary_if, 1);
1367 batadv_hash_destroy(bat_priv->claim_hash); 1372 batadv_hash_destroy(bat_priv->bla.claim_hash);
1368 bat_priv->claim_hash = NULL; 1373 bat_priv->bla.claim_hash = NULL;
1369 } 1374 }
1370 if (bat_priv->backbone_hash) { 1375 if (bat_priv->bla.backbone_hash) {
1371 batadv_bla_purge_backbone_gw(bat_priv, 1); 1376 batadv_bla_purge_backbone_gw(bat_priv, 1);
1372 batadv_hash_destroy(bat_priv->backbone_hash); 1377 batadv_hash_destroy(bat_priv->bla.backbone_hash);
1373 bat_priv->backbone_hash = NULL; 1378 bat_priv->bla.backbone_hash = NULL;
1374 } 1379 }
1375 if (primary_if) 1380 if (primary_if)
1376 batadv_hardif_free_ref(primary_if); 1381 batadv_hardif_free_ref(primary_if);
@@ -1409,7 +1414,7 @@ int batadv_bla_rx(struct batadv_priv *bat_priv, struct sk_buff *skb, short vid,
1409 goto allow; 1414 goto allow;
1410 1415
1411 1416
1412 if (unlikely(atomic_read(&bat_priv->bla_num_requests))) 1417 if (unlikely(atomic_read(&bat_priv->bla.num_requests)))
1413 /* don't allow broadcasts while requests are in flight */ 1418 /* don't allow broadcasts while requests are in flight */
1414 if (is_multicast_ether_addr(ethhdr->h_dest) && is_bcast) 1419 if (is_multicast_ether_addr(ethhdr->h_dest) && is_bcast)
1415 goto handled; 1420 goto handled;
@@ -1508,7 +1513,7 @@ int batadv_bla_tx(struct batadv_priv *bat_priv, struct sk_buff *skb, short vid)
1508 1513
1509 ethhdr = (struct ethhdr *)skb_mac_header(skb); 1514 ethhdr = (struct ethhdr *)skb_mac_header(skb);
1510 1515
1511 if (unlikely(atomic_read(&bat_priv->bla_num_requests))) 1516 if (unlikely(atomic_read(&bat_priv->bla.num_requests)))
1512 /* don't allow broadcasts while requests are in flight */ 1517 /* don't allow broadcasts while requests are in flight */
1513 if (is_multicast_ether_addr(ethhdr->h_dest)) 1518 if (is_multicast_ether_addr(ethhdr->h_dest))
1514 goto handled; 1519 goto handled;
@@ -1564,7 +1569,7 @@ int batadv_bla_claim_table_seq_print_text(struct seq_file *seq, void *offset)
1564{ 1569{
1565 struct net_device *net_dev = (struct net_device *)seq->private; 1570 struct net_device *net_dev = (struct net_device *)seq->private;
1566 struct batadv_priv *bat_priv = netdev_priv(net_dev); 1571 struct batadv_priv *bat_priv = netdev_priv(net_dev);
1567 struct batadv_hashtable *hash = bat_priv->claim_hash; 1572 struct batadv_hashtable *hash = bat_priv->bla.claim_hash;
1568 struct batadv_claim *claim; 1573 struct batadv_claim *claim;
1569 struct batadv_hard_iface *primary_if; 1574 struct batadv_hard_iface *primary_if;
1570 struct hlist_node *node; 1575 struct hlist_node *node;
@@ -1593,7 +1598,7 @@ int batadv_bla_claim_table_seq_print_text(struct seq_file *seq, void *offset)
1593 seq_printf(seq, 1598 seq_printf(seq,
1594 "Claims announced for the mesh %s (orig %pM, group id %04x)\n", 1599 "Claims announced for the mesh %s (orig %pM, group id %04x)\n",
1595 net_dev->name, primary_addr, 1600 net_dev->name, primary_addr,
1596 ntohs(bat_priv->claim_dest.group)); 1601 ntohs(bat_priv->bla.claim_dest.group));
1597 seq_printf(seq, " %-17s %-5s %-17s [o] (%-4s)\n", 1602 seq_printf(seq, " %-17s %-5s %-17s [o] (%-4s)\n",
1598 "Client", "VID", "Originator", "CRC"); 1603 "Client", "VID", "Originator", "CRC");
1599 for (i = 0; i < hash->size; i++) { 1604 for (i = 0; i < hash->size; i++) {
@@ -1616,3 +1621,68 @@ out:
1616 batadv_hardif_free_ref(primary_if); 1621 batadv_hardif_free_ref(primary_if);
1617 return ret; 1622 return ret;
1618} 1623}
1624
1625int batadv_bla_backbone_table_seq_print_text(struct seq_file *seq, void *offset)
1626{
1627 struct net_device *net_dev = (struct net_device *)seq->private;
1628 struct batadv_priv *bat_priv = netdev_priv(net_dev);
1629 struct batadv_hashtable *hash = bat_priv->bla.backbone_hash;
1630 struct batadv_backbone_gw *backbone_gw;
1631 struct batadv_hard_iface *primary_if;
1632 struct hlist_node *node;
1633 struct hlist_head *head;
1634 int secs, msecs;
1635 uint32_t i;
1636 bool is_own;
1637 int ret = 0;
1638 uint8_t *primary_addr;
1639
1640 primary_if = batadv_primary_if_get_selected(bat_priv);
1641 if (!primary_if) {
1642 ret = seq_printf(seq,
1643 "BATMAN mesh %s disabled - please specify interfaces to enable it\n",
1644 net_dev->name);
1645 goto out;
1646 }
1647
1648 if (primary_if->if_status != BATADV_IF_ACTIVE) {
1649 ret = seq_printf(seq,
1650 "BATMAN mesh %s disabled - primary interface not active\n",
1651 net_dev->name);
1652 goto out;
1653 }
1654
1655 primary_addr = primary_if->net_dev->dev_addr;
1656 seq_printf(seq,
1657 "Backbones announced for the mesh %s (orig %pM, group id %04x)\n",
1658 net_dev->name, primary_addr,
1659 ntohs(bat_priv->bla.claim_dest.group));
1660 seq_printf(seq, " %-17s %-5s %-9s (%-4s)\n",
1661 "Originator", "VID", "last seen", "CRC");
1662 for (i = 0; i < hash->size; i++) {
1663 head = &hash->table[i];
1664
1665 rcu_read_lock();
1666 hlist_for_each_entry_rcu(backbone_gw, node, head, hash_entry) {
1667 msecs = jiffies_to_msecs(jiffies -
1668 backbone_gw->lasttime);
1669 secs = msecs / 1000;
1670 msecs = msecs % 1000;
1671
1672 is_own = batadv_compare_eth(backbone_gw->orig,
1673 primary_addr);
1674 if (is_own)
1675 continue;
1676
1677 seq_printf(seq,
1678 " * %pM on % 5d % 4i.%03is (%04x)\n",
1679 backbone_gw->orig, backbone_gw->vid,
1680 secs, msecs, backbone_gw->crc);
1681 }
1682 rcu_read_unlock();
1683 }
1684out:
1685 if (primary_if)
1686 batadv_hardif_free_ref(primary_if);
1687 return ret;
1688}
diff --git a/net/batman-adv/bridge_loop_avoidance.h b/net/batman-adv/bridge_loop_avoidance.h
index 563cfbf94a7f..789cb73bde67 100644
--- a/net/batman-adv/bridge_loop_avoidance.h
+++ b/net/batman-adv/bridge_loop_avoidance.h
@@ -27,6 +27,8 @@ int batadv_bla_tx(struct batadv_priv *bat_priv, struct sk_buff *skb, short vid);
27int batadv_bla_is_backbone_gw(struct sk_buff *skb, 27int batadv_bla_is_backbone_gw(struct sk_buff *skb,
28 struct batadv_orig_node *orig_node, int hdr_size); 28 struct batadv_orig_node *orig_node, int hdr_size);
29int batadv_bla_claim_table_seq_print_text(struct seq_file *seq, void *offset); 29int batadv_bla_claim_table_seq_print_text(struct seq_file *seq, void *offset);
30int batadv_bla_backbone_table_seq_print_text(struct seq_file *seq,
31 void *offset);
30int batadv_bla_is_backbone_gw_orig(struct batadv_priv *bat_priv, uint8_t *orig); 32int batadv_bla_is_backbone_gw_orig(struct batadv_priv *bat_priv, uint8_t *orig);
31int batadv_bla_check_bcast_duplist(struct batadv_priv *bat_priv, 33int batadv_bla_check_bcast_duplist(struct batadv_priv *bat_priv,
32 struct batadv_bcast_packet *bcast_packet, 34 struct batadv_bcast_packet *bcast_packet,
@@ -41,8 +43,7 @@ void batadv_bla_free(struct batadv_priv *bat_priv);
41#else /* ifdef CONFIG_BATMAN_ADV_BLA */ 43#else /* ifdef CONFIG_BATMAN_ADV_BLA */
42 44
43static inline int batadv_bla_rx(struct batadv_priv *bat_priv, 45static inline int batadv_bla_rx(struct batadv_priv *bat_priv,
44 struct sk_buff *skb, short vid, 46 struct sk_buff *skb, short vid, bool is_bcast)
45 bool is_bcast)
46{ 47{
47 return 0; 48 return 0;
48} 49}
@@ -66,6 +67,12 @@ static inline int batadv_bla_claim_table_seq_print_text(struct seq_file *seq,
66 return 0; 67 return 0;
67} 68}
68 69
70static inline int batadv_bla_backbone_table_seq_print_text(struct seq_file *seq,
71 void *offset)
72{
73 return 0;
74}
75
69static inline int batadv_bla_is_backbone_gw_orig(struct batadv_priv *bat_priv, 76static inline int batadv_bla_is_backbone_gw_orig(struct batadv_priv *bat_priv,
70 uint8_t *orig) 77 uint8_t *orig)
71{ 78{
diff --git a/net/batman-adv/debugfs.c b/net/batman-adv/debugfs.c
index 34fbb1667bcd..391d4fb2026f 100644
--- a/net/batman-adv/debugfs.c
+++ b/net/batman-adv/debugfs.c
@@ -267,6 +267,15 @@ static int batadv_bla_claim_table_open(struct inode *inode, struct file *file)
267 return single_open(file, batadv_bla_claim_table_seq_print_text, 267 return single_open(file, batadv_bla_claim_table_seq_print_text,
268 net_dev); 268 net_dev);
269} 269}
270
271static int batadv_bla_backbone_table_open(struct inode *inode,
272 struct file *file)
273{
274 struct net_device *net_dev = (struct net_device *)inode->i_private;
275 return single_open(file, batadv_bla_backbone_table_seq_print_text,
276 net_dev);
277}
278
270#endif 279#endif
271 280
272static int batadv_transtable_local_open(struct inode *inode, struct file *file) 281static int batadv_transtable_local_open(struct inode *inode, struct file *file)
@@ -305,6 +314,8 @@ static BATADV_DEBUGINFO(transtable_global, S_IRUGO,
305 batadv_transtable_global_open); 314 batadv_transtable_global_open);
306#ifdef CONFIG_BATMAN_ADV_BLA 315#ifdef CONFIG_BATMAN_ADV_BLA
307static BATADV_DEBUGINFO(bla_claim_table, S_IRUGO, batadv_bla_claim_table_open); 316static BATADV_DEBUGINFO(bla_claim_table, S_IRUGO, batadv_bla_claim_table_open);
317static BATADV_DEBUGINFO(bla_backbone_table, S_IRUGO,
318 batadv_bla_backbone_table_open);
308#endif 319#endif
309static BATADV_DEBUGINFO(transtable_local, S_IRUGO, 320static BATADV_DEBUGINFO(transtable_local, S_IRUGO,
310 batadv_transtable_local_open); 321 batadv_transtable_local_open);
@@ -316,6 +327,7 @@ static struct batadv_debuginfo *batadv_mesh_debuginfos[] = {
316 &batadv_debuginfo_transtable_global, 327 &batadv_debuginfo_transtable_global,
317#ifdef CONFIG_BATMAN_ADV_BLA 328#ifdef CONFIG_BATMAN_ADV_BLA
318 &batadv_debuginfo_bla_claim_table, 329 &batadv_debuginfo_bla_claim_table,
330 &batadv_debuginfo_bla_backbone_table,
319#endif 331#endif
320 &batadv_debuginfo_transtable_local, 332 &batadv_debuginfo_transtable_local,
321 &batadv_debuginfo_vis_data, 333 &batadv_debuginfo_vis_data,
diff --git a/net/batman-adv/gateway_client.c b/net/batman-adv/gateway_client.c
index fc866f2e4528..15d67abc10a4 100644
--- a/net/batman-adv/gateway_client.c
+++ b/net/batman-adv/gateway_client.c
@@ -48,7 +48,7 @@ batadv_gw_get_selected_gw_node(struct batadv_priv *bat_priv)
48 struct batadv_gw_node *gw_node; 48 struct batadv_gw_node *gw_node;
49 49
50 rcu_read_lock(); 50 rcu_read_lock();
51 gw_node = rcu_dereference(bat_priv->curr_gw); 51 gw_node = rcu_dereference(bat_priv->gw.curr_gw);
52 if (!gw_node) 52 if (!gw_node)
53 goto out; 53 goto out;
54 54
@@ -91,23 +91,23 @@ static void batadv_gw_select(struct batadv_priv *bat_priv,
91{ 91{
92 struct batadv_gw_node *curr_gw_node; 92 struct batadv_gw_node *curr_gw_node;
93 93
94 spin_lock_bh(&bat_priv->gw_list_lock); 94 spin_lock_bh(&bat_priv->gw.list_lock);
95 95
96 if (new_gw_node && !atomic_inc_not_zero(&new_gw_node->refcount)) 96 if (new_gw_node && !atomic_inc_not_zero(&new_gw_node->refcount))
97 new_gw_node = NULL; 97 new_gw_node = NULL;
98 98
99 curr_gw_node = rcu_dereference_protected(bat_priv->curr_gw, 1); 99 curr_gw_node = rcu_dereference_protected(bat_priv->gw.curr_gw, 1);
100 rcu_assign_pointer(bat_priv->curr_gw, new_gw_node); 100 rcu_assign_pointer(bat_priv->gw.curr_gw, new_gw_node);
101 101
102 if (curr_gw_node) 102 if (curr_gw_node)
103 batadv_gw_node_free_ref(curr_gw_node); 103 batadv_gw_node_free_ref(curr_gw_node);
104 104
105 spin_unlock_bh(&bat_priv->gw_list_lock); 105 spin_unlock_bh(&bat_priv->gw.list_lock);
106} 106}
107 107
108void batadv_gw_deselect(struct batadv_priv *bat_priv) 108void batadv_gw_deselect(struct batadv_priv *bat_priv)
109{ 109{
110 atomic_set(&bat_priv->gw_reselect, 1); 110 atomic_set(&bat_priv->gw.reselect, 1);
111} 111}
112 112
113static struct batadv_gw_node * 113static struct batadv_gw_node *
@@ -117,12 +117,17 @@ batadv_gw_get_best_gw_node(struct batadv_priv *bat_priv)
117 struct hlist_node *node; 117 struct hlist_node *node;
118 struct batadv_gw_node *gw_node, *curr_gw = NULL; 118 struct batadv_gw_node *gw_node, *curr_gw = NULL;
119 uint32_t max_gw_factor = 0, tmp_gw_factor = 0; 119 uint32_t max_gw_factor = 0, tmp_gw_factor = 0;
120 uint32_t gw_divisor;
120 uint8_t max_tq = 0; 121 uint8_t max_tq = 0;
121 int down, up; 122 int down, up;
123 uint8_t tq_avg;
122 struct batadv_orig_node *orig_node; 124 struct batadv_orig_node *orig_node;
123 125
126 gw_divisor = BATADV_TQ_LOCAL_WINDOW_SIZE * BATADV_TQ_LOCAL_WINDOW_SIZE;
127 gw_divisor *= 64;
128
124 rcu_read_lock(); 129 rcu_read_lock();
125 hlist_for_each_entry_rcu(gw_node, node, &bat_priv->gw_list, list) { 130 hlist_for_each_entry_rcu(gw_node, node, &bat_priv->gw.list, list) {
126 if (gw_node->deleted) 131 if (gw_node->deleted)
127 continue; 132 continue;
128 133
@@ -134,19 +139,19 @@ batadv_gw_get_best_gw_node(struct batadv_priv *bat_priv)
134 if (!atomic_inc_not_zero(&gw_node->refcount)) 139 if (!atomic_inc_not_zero(&gw_node->refcount))
135 goto next; 140 goto next;
136 141
142 tq_avg = router->tq_avg;
143
137 switch (atomic_read(&bat_priv->gw_sel_class)) { 144 switch (atomic_read(&bat_priv->gw_sel_class)) {
138 case 1: /* fast connection */ 145 case 1: /* fast connection */
139 batadv_gw_bandwidth_to_kbit(orig_node->gw_flags, 146 batadv_gw_bandwidth_to_kbit(orig_node->gw_flags,
140 &down, &up); 147 &down, &up);
141 148
142 tmp_gw_factor = (router->tq_avg * router->tq_avg * 149 tmp_gw_factor = tq_avg * tq_avg * down * 100 * 100;
143 down * 100 * 100) / 150 tmp_gw_factor /= gw_divisor;
144 (BATADV_TQ_LOCAL_WINDOW_SIZE *
145 BATADV_TQ_LOCAL_WINDOW_SIZE * 64);
146 151
147 if ((tmp_gw_factor > max_gw_factor) || 152 if ((tmp_gw_factor > max_gw_factor) ||
148 ((tmp_gw_factor == max_gw_factor) && 153 ((tmp_gw_factor == max_gw_factor) &&
149 (router->tq_avg > max_tq))) { 154 (tq_avg > max_tq))) {
150 if (curr_gw) 155 if (curr_gw)
151 batadv_gw_node_free_ref(curr_gw); 156 batadv_gw_node_free_ref(curr_gw);
152 curr_gw = gw_node; 157 curr_gw = gw_node;
@@ -161,7 +166,7 @@ batadv_gw_get_best_gw_node(struct batadv_priv *bat_priv)
161 * soon as a better gateway appears which has 166 * soon as a better gateway appears which has
162 * $routing_class more tq points) 167 * $routing_class more tq points)
163 */ 168 */
164 if (router->tq_avg > max_tq) { 169 if (tq_avg > max_tq) {
165 if (curr_gw) 170 if (curr_gw)
166 batadv_gw_node_free_ref(curr_gw); 171 batadv_gw_node_free_ref(curr_gw);
167 curr_gw = gw_node; 172 curr_gw = gw_node;
@@ -170,8 +175,8 @@ batadv_gw_get_best_gw_node(struct batadv_priv *bat_priv)
170 break; 175 break;
171 } 176 }
172 177
173 if (router->tq_avg > max_tq) 178 if (tq_avg > max_tq)
174 max_tq = router->tq_avg; 179 max_tq = tq_avg;
175 180
176 if (tmp_gw_factor > max_gw_factor) 181 if (tmp_gw_factor > max_gw_factor)
177 max_gw_factor = tmp_gw_factor; 182 max_gw_factor = tmp_gw_factor;
@@ -202,7 +207,7 @@ void batadv_gw_election(struct batadv_priv *bat_priv)
202 207
203 curr_gw = batadv_gw_get_selected_gw_node(bat_priv); 208 curr_gw = batadv_gw_get_selected_gw_node(bat_priv);
204 209
205 if (!batadv_atomic_dec_not_zero(&bat_priv->gw_reselect) && curr_gw) 210 if (!batadv_atomic_dec_not_zero(&bat_priv->gw.reselect) && curr_gw)
206 goto out; 211 goto out;
207 212
208 next_gw = batadv_gw_get_best_gw_node(bat_priv); 213 next_gw = batadv_gw_get_best_gw_node(bat_priv);
@@ -321,9 +326,9 @@ static void batadv_gw_node_add(struct batadv_priv *bat_priv,
321 gw_node->orig_node = orig_node; 326 gw_node->orig_node = orig_node;
322 atomic_set(&gw_node->refcount, 1); 327 atomic_set(&gw_node->refcount, 1);
323 328
324 spin_lock_bh(&bat_priv->gw_list_lock); 329 spin_lock_bh(&bat_priv->gw.list_lock);
325 hlist_add_head_rcu(&gw_node->list, &bat_priv->gw_list); 330 hlist_add_head_rcu(&gw_node->list, &bat_priv->gw.list);
326 spin_unlock_bh(&bat_priv->gw_list_lock); 331 spin_unlock_bh(&bat_priv->gw.list_lock);
327 332
328 batadv_gw_bandwidth_to_kbit(new_gwflags, &down, &up); 333 batadv_gw_bandwidth_to_kbit(new_gwflags, &down, &up);
329 batadv_dbg(BATADV_DBG_BATMAN, bat_priv, 334 batadv_dbg(BATADV_DBG_BATMAN, bat_priv,
@@ -350,7 +355,7 @@ void batadv_gw_node_update(struct batadv_priv *bat_priv,
350 curr_gw = batadv_gw_get_selected_gw_node(bat_priv); 355 curr_gw = batadv_gw_get_selected_gw_node(bat_priv);
351 356
352 rcu_read_lock(); 357 rcu_read_lock();
353 hlist_for_each_entry_rcu(gw_node, node, &bat_priv->gw_list, list) { 358 hlist_for_each_entry_rcu(gw_node, node, &bat_priv->gw.list, list) {
354 if (gw_node->orig_node != orig_node) 359 if (gw_node->orig_node != orig_node)
355 continue; 360 continue;
356 361
@@ -404,10 +409,10 @@ void batadv_gw_node_purge(struct batadv_priv *bat_priv)
404 409
405 curr_gw = batadv_gw_get_selected_gw_node(bat_priv); 410 curr_gw = batadv_gw_get_selected_gw_node(bat_priv);
406 411
407 spin_lock_bh(&bat_priv->gw_list_lock); 412 spin_lock_bh(&bat_priv->gw.list_lock);
408 413
409 hlist_for_each_entry_safe(gw_node, node, node_tmp, 414 hlist_for_each_entry_safe(gw_node, node, node_tmp,
410 &bat_priv->gw_list, list) { 415 &bat_priv->gw.list, list) {
411 if (((!gw_node->deleted) || 416 if (((!gw_node->deleted) ||
412 (time_before(jiffies, gw_node->deleted + timeout))) && 417 (time_before(jiffies, gw_node->deleted + timeout))) &&
413 atomic_read(&bat_priv->mesh_state) == BATADV_MESH_ACTIVE) 418 atomic_read(&bat_priv->mesh_state) == BATADV_MESH_ACTIVE)
@@ -420,7 +425,7 @@ void batadv_gw_node_purge(struct batadv_priv *bat_priv)
420 batadv_gw_node_free_ref(gw_node); 425 batadv_gw_node_free_ref(gw_node);
421 } 426 }
422 427
423 spin_unlock_bh(&bat_priv->gw_list_lock); 428 spin_unlock_bh(&bat_priv->gw.list_lock);
424 429
425 /* gw_deselect() needs to acquire the gw_list_lock */ 430 /* gw_deselect() needs to acquire the gw_list_lock */
426 if (do_deselect) 431 if (do_deselect)
@@ -496,7 +501,7 @@ int batadv_gw_client_seq_print_text(struct seq_file *seq, void *offset)
496 primary_if->net_dev->dev_addr, net_dev->name); 501 primary_if->net_dev->dev_addr, net_dev->name);
497 502
498 rcu_read_lock(); 503 rcu_read_lock();
499 hlist_for_each_entry_rcu(gw_node, node, &bat_priv->gw_list, list) { 504 hlist_for_each_entry_rcu(gw_node, node, &bat_priv->gw.list, list) {
500 if (gw_node->deleted) 505 if (gw_node->deleted)
501 continue; 506 continue;
502 507
diff --git a/net/batman-adv/hard-interface.c b/net/batman-adv/hard-interface.c
index 282bf6e9353e..d112fd6750b0 100644
--- a/net/batman-adv/hard-interface.c
+++ b/net/batman-adv/hard-interface.c
@@ -103,13 +103,14 @@ static void batadv_primary_if_update_addr(struct batadv_priv *bat_priv,
103{ 103{
104 struct batadv_vis_packet *vis_packet; 104 struct batadv_vis_packet *vis_packet;
105 struct batadv_hard_iface *primary_if; 105 struct batadv_hard_iface *primary_if;
106 struct sk_buff *skb;
106 107
107 primary_if = batadv_primary_if_get_selected(bat_priv); 108 primary_if = batadv_primary_if_get_selected(bat_priv);
108 if (!primary_if) 109 if (!primary_if)
109 goto out; 110 goto out;
110 111
111 vis_packet = (struct batadv_vis_packet *) 112 skb = bat_priv->vis.my_info->skb_packet;
112 bat_priv->my_vis_info->skb_packet->data; 113 vis_packet = (struct batadv_vis_packet *)skb->data;
113 memcpy(vis_packet->vis_orig, primary_if->net_dev->dev_addr, ETH_ALEN); 114 memcpy(vis_packet->vis_orig, primary_if->net_dev->dev_addr, ETH_ALEN);
114 memcpy(vis_packet->sender_orig, 115 memcpy(vis_packet->sender_orig,
115 primary_if->net_dev->dev_addr, ETH_ALEN); 116 primary_if->net_dev->dev_addr, ETH_ALEN);
@@ -313,7 +314,13 @@ int batadv_hardif_enable_interface(struct batadv_hard_iface *hard_iface,
313 hard_iface->if_num = bat_priv->num_ifaces; 314 hard_iface->if_num = bat_priv->num_ifaces;
314 bat_priv->num_ifaces++; 315 bat_priv->num_ifaces++;
315 hard_iface->if_status = BATADV_IF_INACTIVE; 316 hard_iface->if_status = BATADV_IF_INACTIVE;
316 batadv_orig_hash_add_if(hard_iface, bat_priv->num_ifaces); 317 ret = batadv_orig_hash_add_if(hard_iface, bat_priv->num_ifaces);
318 if (ret < 0) {
319 bat_priv->bat_algo_ops->bat_iface_disable(hard_iface);
320 bat_priv->num_ifaces--;
321 hard_iface->if_status = BATADV_IF_NOT_IN_USE;
322 goto err_dev;
323 }
317 324
318 hard_iface->batman_adv_ptype.type = ethertype; 325 hard_iface->batman_adv_ptype.type = ethertype;
319 hard_iface->batman_adv_ptype.func = batadv_batman_skb_recv; 326 hard_iface->batman_adv_ptype.func = batadv_batman_skb_recv;
diff --git a/net/batman-adv/main.c b/net/batman-adv/main.c
index 13c88b25ab31..b4aa470bc4a6 100644
--- a/net/batman-adv/main.c
+++ b/net/batman-adv/main.c
@@ -58,9 +58,6 @@ static int __init batadv_init(void)
58 58
59 batadv_iv_init(); 59 batadv_iv_init();
60 60
61 /* the name should not be longer than 10 chars - see
62 * http://lwn.net/Articles/23634/
63 */
64 batadv_event_workqueue = create_singlethread_workqueue("bat_events"); 61 batadv_event_workqueue = create_singlethread_workqueue("bat_events");
65 62
66 if (!batadv_event_workqueue) 63 if (!batadv_event_workqueue)
@@ -97,20 +94,20 @@ int batadv_mesh_init(struct net_device *soft_iface)
97 94
98 spin_lock_init(&bat_priv->forw_bat_list_lock); 95 spin_lock_init(&bat_priv->forw_bat_list_lock);
99 spin_lock_init(&bat_priv->forw_bcast_list_lock); 96 spin_lock_init(&bat_priv->forw_bcast_list_lock);
100 spin_lock_init(&bat_priv->tt_changes_list_lock); 97 spin_lock_init(&bat_priv->tt.changes_list_lock);
101 spin_lock_init(&bat_priv->tt_req_list_lock); 98 spin_lock_init(&bat_priv->tt.req_list_lock);
102 spin_lock_init(&bat_priv->tt_roam_list_lock); 99 spin_lock_init(&bat_priv->tt.roam_list_lock);
103 spin_lock_init(&bat_priv->tt_buff_lock); 100 spin_lock_init(&bat_priv->tt.last_changeset_lock);
104 spin_lock_init(&bat_priv->gw_list_lock); 101 spin_lock_init(&bat_priv->gw.list_lock);
105 spin_lock_init(&bat_priv->vis_hash_lock); 102 spin_lock_init(&bat_priv->vis.hash_lock);
106 spin_lock_init(&bat_priv->vis_list_lock); 103 spin_lock_init(&bat_priv->vis.list_lock);
107 104
108 INIT_HLIST_HEAD(&bat_priv->forw_bat_list); 105 INIT_HLIST_HEAD(&bat_priv->forw_bat_list);
109 INIT_HLIST_HEAD(&bat_priv->forw_bcast_list); 106 INIT_HLIST_HEAD(&bat_priv->forw_bcast_list);
110 INIT_HLIST_HEAD(&bat_priv->gw_list); 107 INIT_HLIST_HEAD(&bat_priv->gw.list);
111 INIT_LIST_HEAD(&bat_priv->tt_changes_list); 108 INIT_LIST_HEAD(&bat_priv->tt.changes_list);
112 INIT_LIST_HEAD(&bat_priv->tt_req_list); 109 INIT_LIST_HEAD(&bat_priv->tt.req_list);
113 INIT_LIST_HEAD(&bat_priv->tt_roam_list); 110 INIT_LIST_HEAD(&bat_priv->tt.roam_list);
114 111
115 ret = batadv_originator_init(bat_priv); 112 ret = batadv_originator_init(bat_priv);
116 if (ret < 0) 113 if (ret < 0)
@@ -131,7 +128,7 @@ int batadv_mesh_init(struct net_device *soft_iface)
131 if (ret < 0) 128 if (ret < 0)
132 goto err; 129 goto err;
133 130
134 atomic_set(&bat_priv->gw_reselect, 0); 131 atomic_set(&bat_priv->gw.reselect, 0);
135 atomic_set(&bat_priv->mesh_state, BATADV_MESH_ACTIVE); 132 atomic_set(&bat_priv->mesh_state, BATADV_MESH_ACTIVE);
136 133
137 return 0; 134 return 0;
diff --git a/net/batman-adv/main.h b/net/batman-adv/main.h
index 5d8fa0757947..d57b746219de 100644
--- a/net/batman-adv/main.h
+++ b/net/batman-adv/main.h
@@ -26,7 +26,7 @@
26#define BATADV_DRIVER_DEVICE "batman-adv" 26#define BATADV_DRIVER_DEVICE "batman-adv"
27 27
28#ifndef BATADV_SOURCE_VERSION 28#ifndef BATADV_SOURCE_VERSION
29#define BATADV_SOURCE_VERSION "2012.3.0" 29#define BATADV_SOURCE_VERSION "2012.4.0"
30#endif 30#endif
31 31
32/* B.A.T.M.A.N. parameters */ 32/* B.A.T.M.A.N. parameters */
@@ -41,13 +41,14 @@
41 * -> TODO: check influence on BATADV_TQ_LOCAL_WINDOW_SIZE 41 * -> TODO: check influence on BATADV_TQ_LOCAL_WINDOW_SIZE
42 */ 42 */
43#define BATADV_PURGE_TIMEOUT 200000 /* 200 seconds */ 43#define BATADV_PURGE_TIMEOUT 200000 /* 200 seconds */
44#define BATADV_TT_LOCAL_TIMEOUT 3600000 /* in miliseconds */ 44#define BATADV_TT_LOCAL_TIMEOUT 3600000 /* in milliseconds */
45#define BATADV_TT_CLIENT_ROAM_TIMEOUT 600000 /* in miliseconds */ 45#define BATADV_TT_CLIENT_ROAM_TIMEOUT 600000 /* in milliseconds */
46#define BATADV_TT_CLIENT_TEMP_TIMEOUT 600000 /* in milliseconds */
46/* sliding packet range of received originator messages in sequence numbers 47/* sliding packet range of received originator messages in sequence numbers
47 * (should be a multiple of our word size) 48 * (should be a multiple of our word size)
48 */ 49 */
49#define BATADV_TQ_LOCAL_WINDOW_SIZE 64 50#define BATADV_TQ_LOCAL_WINDOW_SIZE 64
50/* miliseconds we have to keep pending tt_req */ 51/* milliseconds we have to keep pending tt_req */
51#define BATADV_TT_REQUEST_TIMEOUT 3000 52#define BATADV_TT_REQUEST_TIMEOUT 3000
52 53
53#define BATADV_TQ_GLOBAL_WINDOW_SIZE 5 54#define BATADV_TQ_GLOBAL_WINDOW_SIZE 5
@@ -59,7 +60,7 @@
59#define BATADV_TT_OGM_APPEND_MAX 3 60#define BATADV_TT_OGM_APPEND_MAX 3
60 61
61/* Time in which a client can roam at most ROAMING_MAX_COUNT times in 62/* Time in which a client can roam at most ROAMING_MAX_COUNT times in
62 * miliseconds 63 * milliseconds
63 */ 64 */
64#define BATADV_ROAMING_MAX_TIME 20000 65#define BATADV_ROAMING_MAX_TIME 20000
65#define BATADV_ROAMING_MAX_COUNT 5 66#define BATADV_ROAMING_MAX_COUNT 5
@@ -123,15 +124,6 @@ enum batadv_uev_type {
123/* Append 'batman-adv: ' before kernel messages */ 124/* Append 'batman-adv: ' before kernel messages */
124#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 125#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
125 126
126/* all messages related to routing / flooding / broadcasting / etc */
127enum batadv_dbg_level {
128 BATADV_DBG_BATMAN = 1 << 0,
129 BATADV_DBG_ROUTES = 1 << 1, /* route added / changed / deleted */
130 BATADV_DBG_TT = 1 << 2, /* translation table operations */
131 BATADV_DBG_BLA = 1 << 3, /* bridge loop avoidance */
132 BATADV_DBG_ALL = 15,
133};
134
135/* Kernel headers */ 127/* Kernel headers */
136 128
137#include <linux/mutex.h> /* mutex */ 129#include <linux/mutex.h> /* mutex */
@@ -173,6 +165,15 @@ int batadv_algo_register(struct batadv_algo_ops *bat_algo_ops);
173int batadv_algo_select(struct batadv_priv *bat_priv, char *name); 165int batadv_algo_select(struct batadv_priv *bat_priv, char *name);
174int batadv_algo_seq_print_text(struct seq_file *seq, void *offset); 166int batadv_algo_seq_print_text(struct seq_file *seq, void *offset);
175 167
168/* all messages related to routing / flooding / broadcasting / etc */
169enum batadv_dbg_level {
170 BATADV_DBG_BATMAN = BIT(0),
171 BATADV_DBG_ROUTES = BIT(1), /* route added / changed / deleted */
172 BATADV_DBG_TT = BIT(2), /* translation table operations */
173 BATADV_DBG_BLA = BIT(3), /* bridge loop avoidance */
174 BATADV_DBG_ALL = 15,
175};
176
176#ifdef CONFIG_BATMAN_ADV_DEBUG 177#ifdef CONFIG_BATMAN_ADV_DEBUG
177int batadv_debug_log(struct batadv_priv *bat_priv, const char *fmt, ...) 178int batadv_debug_log(struct batadv_priv *bat_priv, const char *fmt, ...)
178__printf(2, 3); 179__printf(2, 3);
diff --git a/net/batman-adv/packet.h b/net/batman-adv/packet.h
index 8d3e55a96adc..2d23a14c220e 100644
--- a/net/batman-adv/packet.h
+++ b/net/batman-adv/packet.h
@@ -37,10 +37,10 @@ enum batadv_packettype {
37#define BATADV_COMPAT_VERSION 14 37#define BATADV_COMPAT_VERSION 14
38 38
39enum batadv_iv_flags { 39enum batadv_iv_flags {
40 BATADV_NOT_BEST_NEXT_HOP = 1 << 3, 40 BATADV_NOT_BEST_NEXT_HOP = BIT(3),
41 BATADV_PRIMARIES_FIRST_HOP = 1 << 4, 41 BATADV_PRIMARIES_FIRST_HOP = BIT(4),
42 BATADV_VIS_SERVER = 1 << 5, 42 BATADV_VIS_SERVER = BIT(5),
43 BATADV_DIRECTLINK = 1 << 6, 43 BATADV_DIRECTLINK = BIT(6),
44}; 44};
45 45
46/* ICMP message types */ 46/* ICMP message types */
@@ -60,8 +60,8 @@ enum batadv_vis_packettype {
60 60
61/* fragmentation defines */ 61/* fragmentation defines */
62enum batadv_unicast_frag_flags { 62enum batadv_unicast_frag_flags {
63 BATADV_UNI_FRAG_HEAD = 1 << 0, 63 BATADV_UNI_FRAG_HEAD = BIT(0),
64 BATADV_UNI_FRAG_LARGETAIL = 1 << 1, 64 BATADV_UNI_FRAG_LARGETAIL = BIT(1),
65}; 65};
66 66
67/* TT_QUERY subtypes */ 67/* TT_QUERY subtypes */
@@ -74,26 +74,27 @@ enum batadv_tt_query_packettype {
74 74
75/* TT_QUERY flags */ 75/* TT_QUERY flags */
76enum batadv_tt_query_flags { 76enum batadv_tt_query_flags {
77 BATADV_TT_FULL_TABLE = 1 << 2, 77 BATADV_TT_FULL_TABLE = BIT(2),
78}; 78};
79 79
80/* BATADV_TT_CLIENT flags. 80/* BATADV_TT_CLIENT flags.
81 * Flags from 1 to 1 << 7 are sent on the wire, while flags from 1 << 8 to 81 * Flags from BIT(0) to BIT(7) are sent on the wire, while flags from BIT(8) to
82 * 1 << 15 are used for local computation only 82 * BIT(15) are used for local computation only
83 */ 83 */
84enum batadv_tt_client_flags { 84enum batadv_tt_client_flags {
85 BATADV_TT_CLIENT_DEL = 1 << 0, 85 BATADV_TT_CLIENT_DEL = BIT(0),
86 BATADV_TT_CLIENT_ROAM = 1 << 1, 86 BATADV_TT_CLIENT_ROAM = BIT(1),
87 BATADV_TT_CLIENT_WIFI = 1 << 2, 87 BATADV_TT_CLIENT_WIFI = BIT(2),
88 BATADV_TT_CLIENT_NOPURGE = 1 << 8, 88 BATADV_TT_CLIENT_TEMP = BIT(3),
89 BATADV_TT_CLIENT_NEW = 1 << 9, 89 BATADV_TT_CLIENT_NOPURGE = BIT(8),
90 BATADV_TT_CLIENT_PENDING = 1 << 10, 90 BATADV_TT_CLIENT_NEW = BIT(9),
91 BATADV_TT_CLIENT_PENDING = BIT(10),
91}; 92};
92 93
93/* claim frame types for the bridge loop avoidance */ 94/* claim frame types for the bridge loop avoidance */
94enum batadv_bla_claimframe { 95enum batadv_bla_claimframe {
95 BATADV_CLAIM_TYPE_ADD = 0x00, 96 BATADV_CLAIM_TYPE_CLAIM = 0x00,
96 BATADV_CLAIM_TYPE_DEL = 0x01, 97 BATADV_CLAIM_TYPE_UNCLAIM = 0x01,
97 BATADV_CLAIM_TYPE_ANNOUNCE = 0x02, 98 BATADV_CLAIM_TYPE_ANNOUNCE = 0x02,
98 BATADV_CLAIM_TYPE_REQUEST = 0x03, 99 BATADV_CLAIM_TYPE_REQUEST = 0x03,
99}; 100};
diff --git a/net/batman-adv/routing.c b/net/batman-adv/routing.c
index bc2b88bbea1f..939fc01371df 100644
--- a/net/batman-adv/routing.c
+++ b/net/batman-adv/routing.c
@@ -579,32 +579,45 @@ batadv_find_ifalter_router(struct batadv_orig_node *primary_orig,
579 return router; 579 return router;
580} 580}
581 581
582int batadv_recv_tt_query(struct sk_buff *skb, struct batadv_hard_iface *recv_if) 582static int batadv_check_unicast_packet(struct sk_buff *skb, int hdr_size)
583{ 583{
584 struct batadv_priv *bat_priv = netdev_priv(recv_if->soft_iface);
585 struct batadv_tt_query_packet *tt_query;
586 uint16_t tt_size;
587 struct ethhdr *ethhdr; 584 struct ethhdr *ethhdr;
588 char tt_flag;
589 size_t packet_size;
590 585
591 /* drop packet if it has not necessary minimum size */ 586 /* drop packet if it has not necessary minimum size */
592 if (unlikely(!pskb_may_pull(skb, 587 if (unlikely(!pskb_may_pull(skb, hdr_size)))
593 sizeof(struct batadv_tt_query_packet)))) 588 return -1;
594 goto out;
595
596 /* I could need to modify it */
597 if (skb_cow(skb, sizeof(struct batadv_tt_query_packet)) < 0)
598 goto out;
599 589
600 ethhdr = (struct ethhdr *)skb_mac_header(skb); 590 ethhdr = (struct ethhdr *)skb_mac_header(skb);
601 591
602 /* packet with unicast indication but broadcast recipient */ 592 /* packet with unicast indication but broadcast recipient */
603 if (is_broadcast_ether_addr(ethhdr->h_dest)) 593 if (is_broadcast_ether_addr(ethhdr->h_dest))
604 goto out; 594 return -1;
605 595
606 /* packet with broadcast sender address */ 596 /* packet with broadcast sender address */
607 if (is_broadcast_ether_addr(ethhdr->h_source)) 597 if (is_broadcast_ether_addr(ethhdr->h_source))
598 return -1;
599
600 /* not for me */
601 if (!batadv_is_my_mac(ethhdr->h_dest))
602 return -1;
603
604 return 0;
605}
606
607int batadv_recv_tt_query(struct sk_buff *skb, struct batadv_hard_iface *recv_if)
608{
609 struct batadv_priv *bat_priv = netdev_priv(recv_if->soft_iface);
610 struct batadv_tt_query_packet *tt_query;
611 uint16_t tt_size;
612 int hdr_size = sizeof(*tt_query);
613 char tt_flag;
614 size_t packet_size;
615
616 if (batadv_check_unicast_packet(skb, hdr_size) < 0)
617 return NET_RX_DROP;
618
619 /* I could need to modify it */
620 if (skb_cow(skb, sizeof(struct batadv_tt_query_packet)) < 0)
608 goto out; 621 goto out;
609 622
610 tt_query = (struct batadv_tt_query_packet *)skb->data; 623 tt_query = (struct batadv_tt_query_packet *)skb->data;
@@ -721,7 +734,7 @@ int batadv_recv_roam_adv(struct sk_buff *skb, struct batadv_hard_iface *recv_if)
721 * been incremented yet. This flag will make me check all the incoming 734 * been incremented yet. This flag will make me check all the incoming
722 * packets for the correct destination. 735 * packets for the correct destination.
723 */ 736 */
724 bat_priv->tt_poss_change = true; 737 bat_priv->tt.poss_change = true;
725 738
726 batadv_orig_node_free_ref(orig_node); 739 batadv_orig_node_free_ref(orig_node);
727out: 740out:
@@ -819,31 +832,6 @@ err:
819 return NULL; 832 return NULL;
820} 833}
821 834
822static int batadv_check_unicast_packet(struct sk_buff *skb, int hdr_size)
823{
824 struct ethhdr *ethhdr;
825
826 /* drop packet if it has not necessary minimum size */
827 if (unlikely(!pskb_may_pull(skb, hdr_size)))
828 return -1;
829
830 ethhdr = (struct ethhdr *)skb_mac_header(skb);
831
832 /* packet with unicast indication but broadcast recipient */
833 if (is_broadcast_ether_addr(ethhdr->h_dest))
834 return -1;
835
836 /* packet with broadcast sender address */
837 if (is_broadcast_ether_addr(ethhdr->h_source))
838 return -1;
839
840 /* not for me */
841 if (!batadv_is_my_mac(ethhdr->h_dest))
842 return -1;
843
844 return 0;
845}
846
847static int batadv_route_unicast_packet(struct sk_buff *skb, 835static int batadv_route_unicast_packet(struct sk_buff *skb,
848 struct batadv_hard_iface *recv_if) 836 struct batadv_hard_iface *recv_if)
849{ 837{
@@ -947,8 +935,8 @@ static int batadv_check_unicast_ttvn(struct batadv_priv *bat_priv,
947 unicast_packet = (struct batadv_unicast_packet *)skb->data; 935 unicast_packet = (struct batadv_unicast_packet *)skb->data;
948 936
949 if (batadv_is_my_mac(unicast_packet->dest)) { 937 if (batadv_is_my_mac(unicast_packet->dest)) {
950 tt_poss_change = bat_priv->tt_poss_change; 938 tt_poss_change = bat_priv->tt.poss_change;
951 curr_ttvn = (uint8_t)atomic_read(&bat_priv->ttvn); 939 curr_ttvn = (uint8_t)atomic_read(&bat_priv->tt.vn);
952 } else { 940 } else {
953 orig_node = batadv_orig_hash_find(bat_priv, 941 orig_node = batadv_orig_hash_find(bat_priv,
954 unicast_packet->dest); 942 unicast_packet->dest);
@@ -993,8 +981,7 @@ static int batadv_check_unicast_ttvn(struct batadv_priv *bat_priv,
993 } else { 981 } else {
994 memcpy(unicast_packet->dest, orig_node->orig, 982 memcpy(unicast_packet->dest, orig_node->orig,
995 ETH_ALEN); 983 ETH_ALEN);
996 curr_ttvn = (uint8_t) 984 curr_ttvn = (uint8_t)atomic_read(&orig_node->last_ttvn);
997 atomic_read(&orig_node->last_ttvn);
998 batadv_orig_node_free_ref(orig_node); 985 batadv_orig_node_free_ref(orig_node);
999 } 986 }
1000 987
@@ -1025,8 +1012,9 @@ int batadv_recv_unicast_packet(struct sk_buff *skb,
1025 1012
1026 /* packet for me */ 1013 /* packet for me */
1027 if (batadv_is_my_mac(unicast_packet->dest)) { 1014 if (batadv_is_my_mac(unicast_packet->dest)) {
1028 batadv_interface_rx(recv_if->soft_iface, skb, recv_if, 1015 batadv_interface_rx(recv_if->soft_iface, skb, recv_if, hdr_size,
1029 hdr_size); 1016 NULL);
1017
1030 return NET_RX_SUCCESS; 1018 return NET_RX_SUCCESS;
1031 } 1019 }
1032 1020
@@ -1063,7 +1051,7 @@ int batadv_recv_ucast_frag_packet(struct sk_buff *skb,
1063 return NET_RX_SUCCESS; 1051 return NET_RX_SUCCESS;
1064 1052
1065 batadv_interface_rx(recv_if->soft_iface, new_skb, recv_if, 1053 batadv_interface_rx(recv_if->soft_iface, new_skb, recv_if,
1066 sizeof(struct batadv_unicast_packet)); 1054 sizeof(struct batadv_unicast_packet), NULL);
1067 return NET_RX_SUCCESS; 1055 return NET_RX_SUCCESS;
1068 } 1056 }
1069 1057
@@ -1150,7 +1138,8 @@ int batadv_recv_bcast_packet(struct sk_buff *skb,
1150 goto out; 1138 goto out;
1151 1139
1152 /* broadcast for me */ 1140 /* broadcast for me */
1153 batadv_interface_rx(recv_if->soft_iface, skb, recv_if, hdr_size); 1141 batadv_interface_rx(recv_if->soft_iface, skb, recv_if, hdr_size,
1142 orig_node);
1154 ret = NET_RX_SUCCESS; 1143 ret = NET_RX_SUCCESS;
1155 goto out; 1144 goto out;
1156 1145
diff --git a/net/batman-adv/send.c b/net/batman-adv/send.c
index 3b4b2daa3b3e..570a8bce0364 100644
--- a/net/batman-adv/send.c
+++ b/net/batman-adv/send.c
@@ -190,13 +190,13 @@ out:
190static void batadv_send_outstanding_bcast_packet(struct work_struct *work) 190static void batadv_send_outstanding_bcast_packet(struct work_struct *work)
191{ 191{
192 struct batadv_hard_iface *hard_iface; 192 struct batadv_hard_iface *hard_iface;
193 struct delayed_work *delayed_work = 193 struct delayed_work *delayed_work;
194 container_of(work, struct delayed_work, work);
195 struct batadv_forw_packet *forw_packet; 194 struct batadv_forw_packet *forw_packet;
196 struct sk_buff *skb1; 195 struct sk_buff *skb1;
197 struct net_device *soft_iface; 196 struct net_device *soft_iface;
198 struct batadv_priv *bat_priv; 197 struct batadv_priv *bat_priv;
199 198
199 delayed_work = container_of(work, struct delayed_work, work);
200 forw_packet = container_of(delayed_work, struct batadv_forw_packet, 200 forw_packet = container_of(delayed_work, struct batadv_forw_packet,
201 delayed_work); 201 delayed_work);
202 soft_iface = forw_packet->if_incoming->soft_iface; 202 soft_iface = forw_packet->if_incoming->soft_iface;
@@ -239,11 +239,11 @@ out:
239 239
240void batadv_send_outstanding_bat_ogm_packet(struct work_struct *work) 240void batadv_send_outstanding_bat_ogm_packet(struct work_struct *work)
241{ 241{
242 struct delayed_work *delayed_work = 242 struct delayed_work *delayed_work;
243 container_of(work, struct delayed_work, work);
244 struct batadv_forw_packet *forw_packet; 243 struct batadv_forw_packet *forw_packet;
245 struct batadv_priv *bat_priv; 244 struct batadv_priv *bat_priv;
246 245
246 delayed_work = container_of(work, struct delayed_work, work);
247 forw_packet = container_of(delayed_work, struct batadv_forw_packet, 247 forw_packet = container_of(delayed_work, struct batadv_forw_packet,
248 delayed_work); 248 delayed_work);
249 bat_priv = netdev_priv(forw_packet->if_incoming->soft_iface); 249 bat_priv = netdev_priv(forw_packet->if_incoming->soft_iface);
diff --git a/net/batman-adv/soft-interface.c b/net/batman-adv/soft-interface.c
index 109ea2aae96c..7b683e0bd668 100644
--- a/net/batman-adv/soft-interface.c
+++ b/net/batman-adv/soft-interface.c
@@ -93,7 +93,14 @@ static int batadv_interface_release(struct net_device *dev)
93static struct net_device_stats *batadv_interface_stats(struct net_device *dev) 93static struct net_device_stats *batadv_interface_stats(struct net_device *dev)
94{ 94{
95 struct batadv_priv *bat_priv = netdev_priv(dev); 95 struct batadv_priv *bat_priv = netdev_priv(dev);
96 return &bat_priv->stats; 96 struct net_device_stats *stats = &bat_priv->stats;
97
98 stats->tx_packets = batadv_sum_counter(bat_priv, BATADV_CNT_TX);
99 stats->tx_bytes = batadv_sum_counter(bat_priv, BATADV_CNT_TX_BYTES);
100 stats->tx_dropped = batadv_sum_counter(bat_priv, BATADV_CNT_TX_DROPPED);
101 stats->rx_packets = batadv_sum_counter(bat_priv, BATADV_CNT_RX);
102 stats->rx_bytes = batadv_sum_counter(bat_priv, BATADV_CNT_RX_BYTES);
103 return stats;
97} 104}
98 105
99static int batadv_interface_set_mac_addr(struct net_device *dev, void *p) 106static int batadv_interface_set_mac_addr(struct net_device *dev, void *p)
@@ -142,6 +149,7 @@ static int batadv_interface_tx(struct sk_buff *skb,
142 int data_len = skb->len, ret; 149 int data_len = skb->len, ret;
143 short vid __maybe_unused = -1; 150 short vid __maybe_unused = -1;
144 bool do_bcast = false; 151 bool do_bcast = false;
152 uint32_t seqno;
145 153
146 if (atomic_read(&bat_priv->mesh_state) != BATADV_MESH_ACTIVE) 154 if (atomic_read(&bat_priv->mesh_state) != BATADV_MESH_ACTIVE)
147 goto dropped; 155 goto dropped;
@@ -223,8 +231,8 @@ static int batadv_interface_tx(struct sk_buff *skb,
223 primary_if->net_dev->dev_addr, ETH_ALEN); 231 primary_if->net_dev->dev_addr, ETH_ALEN);
224 232
225 /* set broadcast sequence number */ 233 /* set broadcast sequence number */
226 bcast_packet->seqno = 234 seqno = atomic_inc_return(&bat_priv->bcast_seqno);
227 htonl(atomic_inc_return(&bat_priv->bcast_seqno)); 235 bcast_packet->seqno = htonl(seqno);
228 236
229 batadv_add_bcast_packet_to_list(bat_priv, skb, 1); 237 batadv_add_bcast_packet_to_list(bat_priv, skb, 1);
230 238
@@ -246,14 +254,14 @@ static int batadv_interface_tx(struct sk_buff *skb,
246 goto dropped_freed; 254 goto dropped_freed;
247 } 255 }
248 256
249 bat_priv->stats.tx_packets++; 257 batadv_inc_counter(bat_priv, BATADV_CNT_TX);
250 bat_priv->stats.tx_bytes += data_len; 258 batadv_add_counter(bat_priv, BATADV_CNT_TX_BYTES, data_len);
251 goto end; 259 goto end;
252 260
253dropped: 261dropped:
254 kfree_skb(skb); 262 kfree_skb(skb);
255dropped_freed: 263dropped_freed:
256 bat_priv->stats.tx_dropped++; 264 batadv_inc_counter(bat_priv, BATADV_CNT_TX_DROPPED);
257end: 265end:
258 if (primary_if) 266 if (primary_if)
259 batadv_hardif_free_ref(primary_if); 267 batadv_hardif_free_ref(primary_if);
@@ -262,7 +270,7 @@ end:
262 270
263void batadv_interface_rx(struct net_device *soft_iface, 271void batadv_interface_rx(struct net_device *soft_iface,
264 struct sk_buff *skb, struct batadv_hard_iface *recv_if, 272 struct sk_buff *skb, struct batadv_hard_iface *recv_if,
265 int hdr_size) 273 int hdr_size, struct batadv_orig_node *orig_node)
266{ 274{
267 struct batadv_priv *bat_priv = netdev_priv(soft_iface); 275 struct batadv_priv *bat_priv = netdev_priv(soft_iface);
268 struct ethhdr *ethhdr; 276 struct ethhdr *ethhdr;
@@ -308,11 +316,16 @@ void batadv_interface_rx(struct net_device *soft_iface,
308 316
309 /* skb->ip_summed = CHECKSUM_UNNECESSARY; */ 317 /* skb->ip_summed = CHECKSUM_UNNECESSARY; */
310 318
311 bat_priv->stats.rx_packets++; 319 batadv_inc_counter(bat_priv, BATADV_CNT_RX);
312 bat_priv->stats.rx_bytes += skb->len + ETH_HLEN; 320 batadv_add_counter(bat_priv, BATADV_CNT_RX_BYTES,
321 skb->len + ETH_HLEN);
313 322
314 soft_iface->last_rx = jiffies; 323 soft_iface->last_rx = jiffies;
315 324
325 if (orig_node)
326 batadv_tt_add_temporary_global_entry(bat_priv, orig_node,
327 ethhdr->h_source);
328
316 if (batadv_is_ap_isolated(bat_priv, ethhdr->h_source, ethhdr->h_dest)) 329 if (batadv_is_ap_isolated(bat_priv, ethhdr->h_source, ethhdr->h_dest))
317 goto dropped; 330 goto dropped;
318 331
@@ -379,15 +392,22 @@ struct net_device *batadv_softif_create(const char *name)
379 if (!soft_iface) 392 if (!soft_iface)
380 goto out; 393 goto out;
381 394
395 bat_priv = netdev_priv(soft_iface);
396
397 /* batadv_interface_stats() needs to be available as soon as
398 * register_netdevice() has been called
399 */
400 bat_priv->bat_counters = __alloc_percpu(cnt_len, __alignof__(uint64_t));
401 if (!bat_priv->bat_counters)
402 goto free_soft_iface;
403
382 ret = register_netdevice(soft_iface); 404 ret = register_netdevice(soft_iface);
383 if (ret < 0) { 405 if (ret < 0) {
384 pr_err("Unable to register the batman interface '%s': %i\n", 406 pr_err("Unable to register the batman interface '%s': %i\n",
385 name, ret); 407 name, ret);
386 goto free_soft_iface; 408 goto free_bat_counters;
387 } 409 }
388 410
389 bat_priv = netdev_priv(soft_iface);
390
391 atomic_set(&bat_priv->aggregated_ogms, 1); 411 atomic_set(&bat_priv->aggregated_ogms, 1);
392 atomic_set(&bat_priv->bonding, 0); 412 atomic_set(&bat_priv->bonding, 0);
393 atomic_set(&bat_priv->bridge_loop_avoidance, 0); 413 atomic_set(&bat_priv->bridge_loop_avoidance, 0);
@@ -405,29 +425,26 @@ struct net_device *batadv_softif_create(const char *name)
405 425
406 atomic_set(&bat_priv->mesh_state, BATADV_MESH_INACTIVE); 426 atomic_set(&bat_priv->mesh_state, BATADV_MESH_INACTIVE);
407 atomic_set(&bat_priv->bcast_seqno, 1); 427 atomic_set(&bat_priv->bcast_seqno, 1);
408 atomic_set(&bat_priv->ttvn, 0); 428 atomic_set(&bat_priv->tt.vn, 0);
409 atomic_set(&bat_priv->tt_local_changes, 0); 429 atomic_set(&bat_priv->tt.local_changes, 0);
410 atomic_set(&bat_priv->tt_ogm_append_cnt, 0); 430 atomic_set(&bat_priv->tt.ogm_append_cnt, 0);
411 atomic_set(&bat_priv->bla_num_requests, 0); 431#ifdef CONFIG_BATMAN_ADV_BLA
412 432 atomic_set(&bat_priv->bla.num_requests, 0);
413 bat_priv->tt_buff = NULL; 433#endif
414 bat_priv->tt_buff_len = 0; 434 bat_priv->tt.last_changeset = NULL;
415 bat_priv->tt_poss_change = false; 435 bat_priv->tt.last_changeset_len = 0;
436 bat_priv->tt.poss_change = false;
416 437
417 bat_priv->primary_if = NULL; 438 bat_priv->primary_if = NULL;
418 bat_priv->num_ifaces = 0; 439 bat_priv->num_ifaces = 0;
419 440
420 bat_priv->bat_counters = __alloc_percpu(cnt_len, __alignof__(uint64_t));
421 if (!bat_priv->bat_counters)
422 goto unreg_soft_iface;
423
424 ret = batadv_algo_select(bat_priv, batadv_routing_algo); 441 ret = batadv_algo_select(bat_priv, batadv_routing_algo);
425 if (ret < 0) 442 if (ret < 0)
426 goto free_bat_counters; 443 goto unreg_soft_iface;
427 444
428 ret = batadv_sysfs_add_meshif(soft_iface); 445 ret = batadv_sysfs_add_meshif(soft_iface);
429 if (ret < 0) 446 if (ret < 0)
430 goto free_bat_counters; 447 goto unreg_soft_iface;
431 448
432 ret = batadv_debugfs_add_meshif(soft_iface); 449 ret = batadv_debugfs_add_meshif(soft_iface);
433 if (ret < 0) 450 if (ret < 0)
@@ -443,12 +460,13 @@ unreg_debugfs:
443 batadv_debugfs_del_meshif(soft_iface); 460 batadv_debugfs_del_meshif(soft_iface);
444unreg_sysfs: 461unreg_sysfs:
445 batadv_sysfs_del_meshif(soft_iface); 462 batadv_sysfs_del_meshif(soft_iface);
446free_bat_counters:
447 free_percpu(bat_priv->bat_counters);
448unreg_soft_iface: 463unreg_soft_iface:
464 free_percpu(bat_priv->bat_counters);
449 unregister_netdevice(soft_iface); 465 unregister_netdevice(soft_iface);
450 return NULL; 466 return NULL;
451 467
468free_bat_counters:
469 free_percpu(bat_priv->bat_counters);
452free_soft_iface: 470free_soft_iface:
453 free_netdev(soft_iface); 471 free_netdev(soft_iface);
454out: 472out:
@@ -518,6 +536,11 @@ static u32 batadv_get_link(struct net_device *dev)
518static const struct { 536static const struct {
519 const char name[ETH_GSTRING_LEN]; 537 const char name[ETH_GSTRING_LEN];
520} batadv_counters_strings[] = { 538} batadv_counters_strings[] = {
539 { "tx" },
540 { "tx_bytes" },
541 { "tx_dropped" },
542 { "rx" },
543 { "rx_bytes" },
521 { "forward" }, 544 { "forward" },
522 { "forward_bytes" }, 545 { "forward_bytes" },
523 { "mgmt_tx" }, 546 { "mgmt_tx" },
diff --git a/net/batman-adv/soft-interface.h b/net/batman-adv/soft-interface.h
index 852c683b06a1..07a08fed28b9 100644
--- a/net/batman-adv/soft-interface.h
+++ b/net/batman-adv/soft-interface.h
@@ -21,8 +21,9 @@
21#define _NET_BATMAN_ADV_SOFT_INTERFACE_H_ 21#define _NET_BATMAN_ADV_SOFT_INTERFACE_H_
22 22
23int batadv_skb_head_push(struct sk_buff *skb, unsigned int len); 23int batadv_skb_head_push(struct sk_buff *skb, unsigned int len);
24void batadv_interface_rx(struct net_device *soft_iface, struct sk_buff *skb, 24void batadv_interface_rx(struct net_device *soft_iface,
25 struct batadv_hard_iface *recv_if, int hdr_size); 25 struct sk_buff *skb, struct batadv_hard_iface *recv_if,
26 int hdr_size, struct batadv_orig_node *orig_node);
26struct net_device *batadv_softif_create(const char *name); 27struct net_device *batadv_softif_create(const char *name);
27void batadv_softif_destroy(struct net_device *soft_iface); 28void batadv_softif_destroy(struct net_device *soft_iface);
28int batadv_softif_is_valid(const struct net_device *net_dev); 29int batadv_softif_is_valid(const struct net_device *net_dev);
diff --git a/net/batman-adv/translation-table.c b/net/batman-adv/translation-table.c
index 99dd8f75b3ff..112edd371b2f 100644
--- a/net/batman-adv/translation-table.c
+++ b/net/batman-adv/translation-table.c
@@ -34,6 +34,10 @@ static void batadv_send_roam_adv(struct batadv_priv *bat_priv, uint8_t *client,
34static void batadv_tt_purge(struct work_struct *work); 34static void batadv_tt_purge(struct work_struct *work);
35static void 35static void
36batadv_tt_global_del_orig_list(struct batadv_tt_global_entry *tt_global_entry); 36batadv_tt_global_del_orig_list(struct batadv_tt_global_entry *tt_global_entry);
37static void batadv_tt_global_del(struct batadv_priv *bat_priv,
38 struct batadv_orig_node *orig_node,
39 const unsigned char *addr,
40 const char *message, bool roaming);
37 41
38/* returns 1 if they are the same mac addr */ 42/* returns 1 if they are the same mac addr */
39static int batadv_compare_tt(const struct hlist_node *node, const void *data2) 43static int batadv_compare_tt(const struct hlist_node *node, const void *data2)
@@ -46,8 +50,8 @@ static int batadv_compare_tt(const struct hlist_node *node, const void *data2)
46 50
47static void batadv_tt_start_timer(struct batadv_priv *bat_priv) 51static void batadv_tt_start_timer(struct batadv_priv *bat_priv)
48{ 52{
49 INIT_DELAYED_WORK(&bat_priv->tt_work, batadv_tt_purge); 53 INIT_DELAYED_WORK(&bat_priv->tt.work, batadv_tt_purge);
50 queue_delayed_work(batadv_event_workqueue, &bat_priv->tt_work, 54 queue_delayed_work(batadv_event_workqueue, &bat_priv->tt.work,
51 msecs_to_jiffies(5000)); 55 msecs_to_jiffies(5000));
52} 56}
53 57
@@ -88,7 +92,7 @@ batadv_tt_local_hash_find(struct batadv_priv *bat_priv, const void *data)
88 struct batadv_tt_common_entry *tt_common_entry; 92 struct batadv_tt_common_entry *tt_common_entry;
89 struct batadv_tt_local_entry *tt_local_entry = NULL; 93 struct batadv_tt_local_entry *tt_local_entry = NULL;
90 94
91 tt_common_entry = batadv_tt_hash_find(bat_priv->tt_local_hash, data); 95 tt_common_entry = batadv_tt_hash_find(bat_priv->tt.local_hash, data);
92 if (tt_common_entry) 96 if (tt_common_entry)
93 tt_local_entry = container_of(tt_common_entry, 97 tt_local_entry = container_of(tt_common_entry,
94 struct batadv_tt_local_entry, 98 struct batadv_tt_local_entry,
@@ -102,7 +106,7 @@ batadv_tt_global_hash_find(struct batadv_priv *bat_priv, const void *data)
102 struct batadv_tt_common_entry *tt_common_entry; 106 struct batadv_tt_common_entry *tt_common_entry;
103 struct batadv_tt_global_entry *tt_global_entry = NULL; 107 struct batadv_tt_global_entry *tt_global_entry = NULL;
104 108
105 tt_common_entry = batadv_tt_hash_find(bat_priv->tt_global_hash, data); 109 tt_common_entry = batadv_tt_hash_find(bat_priv->tt.global_hash, data);
106 if (tt_common_entry) 110 if (tt_common_entry)
107 tt_global_entry = container_of(tt_common_entry, 111 tt_global_entry = container_of(tt_common_entry,
108 struct batadv_tt_global_entry, 112 struct batadv_tt_global_entry,
@@ -152,6 +156,8 @@ static void batadv_tt_orig_list_entry_free_rcu(struct rcu_head *rcu)
152static void 156static void
153batadv_tt_orig_list_entry_free_ref(struct batadv_tt_orig_list_entry *orig_entry) 157batadv_tt_orig_list_entry_free_ref(struct batadv_tt_orig_list_entry *orig_entry)
154{ 158{
159 if (!atomic_dec_and_test(&orig_entry->refcount))
160 return;
155 /* to avoid race conditions, immediately decrease the tt counter */ 161 /* to avoid race conditions, immediately decrease the tt counter */
156 atomic_dec(&orig_entry->orig_node->tt_size); 162 atomic_dec(&orig_entry->orig_node->tt_size);
157 call_rcu(&orig_entry->rcu, batadv_tt_orig_list_entry_free_rcu); 163 call_rcu(&orig_entry->rcu, batadv_tt_orig_list_entry_free_rcu);
@@ -175,8 +181,8 @@ static void batadv_tt_local_event(struct batadv_priv *bat_priv,
175 del_op_requested = flags & BATADV_TT_CLIENT_DEL; 181 del_op_requested = flags & BATADV_TT_CLIENT_DEL;
176 182
177 /* check for ADD+DEL or DEL+ADD events */ 183 /* check for ADD+DEL or DEL+ADD events */
178 spin_lock_bh(&bat_priv->tt_changes_list_lock); 184 spin_lock_bh(&bat_priv->tt.changes_list_lock);
179 list_for_each_entry_safe(entry, safe, &bat_priv->tt_changes_list, 185 list_for_each_entry_safe(entry, safe, &bat_priv->tt.changes_list,
180 list) { 186 list) {
181 if (!batadv_compare_eth(entry->change.addr, addr)) 187 if (!batadv_compare_eth(entry->change.addr, addr))
182 continue; 188 continue;
@@ -203,15 +209,15 @@ del:
203 } 209 }
204 210
205 /* track the change in the OGMinterval list */ 211 /* track the change in the OGMinterval list */
206 list_add_tail(&tt_change_node->list, &bat_priv->tt_changes_list); 212 list_add_tail(&tt_change_node->list, &bat_priv->tt.changes_list);
207 213
208unlock: 214unlock:
209 spin_unlock_bh(&bat_priv->tt_changes_list_lock); 215 spin_unlock_bh(&bat_priv->tt.changes_list_lock);
210 216
211 if (event_removed) 217 if (event_removed)
212 atomic_dec(&bat_priv->tt_local_changes); 218 atomic_dec(&bat_priv->tt.local_changes);
213 else 219 else
214 atomic_inc(&bat_priv->tt_local_changes); 220 atomic_inc(&bat_priv->tt.local_changes);
215} 221}
216 222
217int batadv_tt_len(int changes_num) 223int batadv_tt_len(int changes_num)
@@ -221,12 +227,12 @@ int batadv_tt_len(int changes_num)
221 227
222static int batadv_tt_local_init(struct batadv_priv *bat_priv) 228static int batadv_tt_local_init(struct batadv_priv *bat_priv)
223{ 229{
224 if (bat_priv->tt_local_hash) 230 if (bat_priv->tt.local_hash)
225 return 0; 231 return 0;
226 232
227 bat_priv->tt_local_hash = batadv_hash_new(1024); 233 bat_priv->tt.local_hash = batadv_hash_new(1024);
228 234
229 if (!bat_priv->tt_local_hash) 235 if (!bat_priv->tt.local_hash)
230 return -ENOMEM; 236 return -ENOMEM;
231 237
232 return 0; 238 return 0;
@@ -258,7 +264,7 @@ void batadv_tt_local_add(struct net_device *soft_iface, const uint8_t *addr,
258 264
259 batadv_dbg(BATADV_DBG_TT, bat_priv, 265 batadv_dbg(BATADV_DBG_TT, bat_priv,
260 "Creating new local tt entry: %pM (ttvn: %d)\n", addr, 266 "Creating new local tt entry: %pM (ttvn: %d)\n", addr,
261 (uint8_t)atomic_read(&bat_priv->ttvn)); 267 (uint8_t)atomic_read(&bat_priv->tt.vn));
262 268
263 memcpy(tt_local_entry->common.addr, addr, ETH_ALEN); 269 memcpy(tt_local_entry->common.addr, addr, ETH_ALEN);
264 tt_local_entry->common.flags = BATADV_NO_FLAGS; 270 tt_local_entry->common.flags = BATADV_NO_FLAGS;
@@ -266,6 +272,7 @@ void batadv_tt_local_add(struct net_device *soft_iface, const uint8_t *addr,
266 tt_local_entry->common.flags |= BATADV_TT_CLIENT_WIFI; 272 tt_local_entry->common.flags |= BATADV_TT_CLIENT_WIFI;
267 atomic_set(&tt_local_entry->common.refcount, 2); 273 atomic_set(&tt_local_entry->common.refcount, 2);
268 tt_local_entry->last_seen = jiffies; 274 tt_local_entry->last_seen = jiffies;
275 tt_local_entry->common.added_at = tt_local_entry->last_seen;
269 276
270 /* the batman interface mac address should never be purged */ 277 /* the batman interface mac address should never be purged */
271 if (batadv_compare_eth(addr, soft_iface->dev_addr)) 278 if (batadv_compare_eth(addr, soft_iface->dev_addr))
@@ -277,7 +284,7 @@ void batadv_tt_local_add(struct net_device *soft_iface, const uint8_t *addr,
277 */ 284 */
278 tt_local_entry->common.flags |= BATADV_TT_CLIENT_NEW; 285 tt_local_entry->common.flags |= BATADV_TT_CLIENT_NEW;
279 286
280 hash_added = batadv_hash_add(bat_priv->tt_local_hash, batadv_compare_tt, 287 hash_added = batadv_hash_add(bat_priv->tt.local_hash, batadv_compare_tt,
281 batadv_choose_orig, 288 batadv_choose_orig,
282 &tt_local_entry->common, 289 &tt_local_entry->common,
283 &tt_local_entry->common.hash_entry); 290 &tt_local_entry->common.hash_entry);
@@ -348,7 +355,7 @@ static void batadv_tt_prepare_packet_buff(struct batadv_priv *bat_priv,
348 primary_if = batadv_primary_if_get_selected(bat_priv); 355 primary_if = batadv_primary_if_get_selected(bat_priv);
349 356
350 req_len = min_packet_len; 357 req_len = min_packet_len;
351 req_len += batadv_tt_len(atomic_read(&bat_priv->tt_local_changes)); 358 req_len += batadv_tt_len(atomic_read(&bat_priv->tt.local_changes));
352 359
353 /* if we have too many changes for one packet don't send any 360 /* if we have too many changes for one packet don't send any
354 * and wait for the tt table request which will be fragmented 361 * and wait for the tt table request which will be fragmented
@@ -381,10 +388,10 @@ static int batadv_tt_changes_fill_buff(struct batadv_priv *bat_priv,
381 if (new_len > 0) 388 if (new_len > 0)
382 tot_changes = new_len / batadv_tt_len(1); 389 tot_changes = new_len / batadv_tt_len(1);
383 390
384 spin_lock_bh(&bat_priv->tt_changes_list_lock); 391 spin_lock_bh(&bat_priv->tt.changes_list_lock);
385 atomic_set(&bat_priv->tt_local_changes, 0); 392 atomic_set(&bat_priv->tt.local_changes, 0);
386 393
387 list_for_each_entry_safe(entry, safe, &bat_priv->tt_changes_list, 394 list_for_each_entry_safe(entry, safe, &bat_priv->tt.changes_list,
388 list) { 395 list) {
389 if (count < tot_changes) { 396 if (count < tot_changes) {
390 memcpy(tt_buff + batadv_tt_len(count), 397 memcpy(tt_buff + batadv_tt_len(count),
@@ -394,25 +401,25 @@ static int batadv_tt_changes_fill_buff(struct batadv_priv *bat_priv,
394 list_del(&entry->list); 401 list_del(&entry->list);
395 kfree(entry); 402 kfree(entry);
396 } 403 }
397 spin_unlock_bh(&bat_priv->tt_changes_list_lock); 404 spin_unlock_bh(&bat_priv->tt.changes_list_lock);
398 405
399 /* Keep the buffer for possible tt_request */ 406 /* Keep the buffer for possible tt_request */
400 spin_lock_bh(&bat_priv->tt_buff_lock); 407 spin_lock_bh(&bat_priv->tt.last_changeset_lock);
401 kfree(bat_priv->tt_buff); 408 kfree(bat_priv->tt.last_changeset);
402 bat_priv->tt_buff_len = 0; 409 bat_priv->tt.last_changeset_len = 0;
403 bat_priv->tt_buff = NULL; 410 bat_priv->tt.last_changeset = NULL;
404 /* check whether this new OGM has no changes due to size problems */ 411 /* check whether this new OGM has no changes due to size problems */
405 if (new_len > 0) { 412 if (new_len > 0) {
406 /* if kmalloc() fails we will reply with the full table 413 /* if kmalloc() fails we will reply with the full table
407 * instead of providing the diff 414 * instead of providing the diff
408 */ 415 */
409 bat_priv->tt_buff = kmalloc(new_len, GFP_ATOMIC); 416 bat_priv->tt.last_changeset = kmalloc(new_len, GFP_ATOMIC);
410 if (bat_priv->tt_buff) { 417 if (bat_priv->tt.last_changeset) {
411 memcpy(bat_priv->tt_buff, tt_buff, new_len); 418 memcpy(bat_priv->tt.last_changeset, tt_buff, new_len);
412 bat_priv->tt_buff_len = new_len; 419 bat_priv->tt.last_changeset_len = new_len;
413 } 420 }
414 } 421 }
415 spin_unlock_bh(&bat_priv->tt_buff_lock); 422 spin_unlock_bh(&bat_priv->tt.last_changeset_lock);
416 423
417 return count; 424 return count;
418} 425}
@@ -421,7 +428,7 @@ int batadv_tt_local_seq_print_text(struct seq_file *seq, void *offset)
421{ 428{
422 struct net_device *net_dev = (struct net_device *)seq->private; 429 struct net_device *net_dev = (struct net_device *)seq->private;
423 struct batadv_priv *bat_priv = netdev_priv(net_dev); 430 struct batadv_priv *bat_priv = netdev_priv(net_dev);
424 struct batadv_hashtable *hash = bat_priv->tt_local_hash; 431 struct batadv_hashtable *hash = bat_priv->tt.local_hash;
425 struct batadv_tt_common_entry *tt_common_entry; 432 struct batadv_tt_common_entry *tt_common_entry;
426 struct batadv_hard_iface *primary_if; 433 struct batadv_hard_iface *primary_if;
427 struct hlist_node *node; 434 struct hlist_node *node;
@@ -446,7 +453,7 @@ int batadv_tt_local_seq_print_text(struct seq_file *seq, void *offset)
446 453
447 seq_printf(seq, 454 seq_printf(seq,
448 "Locally retrieved addresses (from %s) announced via TT (TTVN: %u):\n", 455 "Locally retrieved addresses (from %s) announced via TT (TTVN: %u):\n",
449 net_dev->name, (uint8_t)atomic_read(&bat_priv->ttvn)); 456 net_dev->name, (uint8_t)atomic_read(&bat_priv->tt.vn));
450 457
451 for (i = 0; i < hash->size; i++) { 458 for (i = 0; i < hash->size; i++) {
452 head = &hash->table[i]; 459 head = &hash->table[i];
@@ -544,7 +551,7 @@ static void batadv_tt_local_purge_list(struct batadv_priv *bat_priv,
544 551
545static void batadv_tt_local_purge(struct batadv_priv *bat_priv) 552static void batadv_tt_local_purge(struct batadv_priv *bat_priv)
546{ 553{
547 struct batadv_hashtable *hash = bat_priv->tt_local_hash; 554 struct batadv_hashtable *hash = bat_priv->tt.local_hash;
548 struct hlist_head *head; 555 struct hlist_head *head;
549 spinlock_t *list_lock; /* protects write access to the hash lists */ 556 spinlock_t *list_lock; /* protects write access to the hash lists */
550 uint32_t i; 557 uint32_t i;
@@ -570,10 +577,10 @@ static void batadv_tt_local_table_free(struct batadv_priv *bat_priv)
570 struct hlist_head *head; 577 struct hlist_head *head;
571 uint32_t i; 578 uint32_t i;
572 579
573 if (!bat_priv->tt_local_hash) 580 if (!bat_priv->tt.local_hash)
574 return; 581 return;
575 582
576 hash = bat_priv->tt_local_hash; 583 hash = bat_priv->tt.local_hash;
577 584
578 for (i = 0; i < hash->size; i++) { 585 for (i = 0; i < hash->size; i++) {
579 head = &hash->table[i]; 586 head = &hash->table[i];
@@ -593,17 +600,17 @@ static void batadv_tt_local_table_free(struct batadv_priv *bat_priv)
593 600
594 batadv_hash_destroy(hash); 601 batadv_hash_destroy(hash);
595 602
596 bat_priv->tt_local_hash = NULL; 603 bat_priv->tt.local_hash = NULL;
597} 604}
598 605
599static int batadv_tt_global_init(struct batadv_priv *bat_priv) 606static int batadv_tt_global_init(struct batadv_priv *bat_priv)
600{ 607{
601 if (bat_priv->tt_global_hash) 608 if (bat_priv->tt.global_hash)
602 return 0; 609 return 0;
603 610
604 bat_priv->tt_global_hash = batadv_hash_new(1024); 611 bat_priv->tt.global_hash = batadv_hash_new(1024);
605 612
606 if (!bat_priv->tt_global_hash) 613 if (!bat_priv->tt.global_hash)
607 return -ENOMEM; 614 return -ENOMEM;
608 615
609 return 0; 616 return 0;
@@ -613,62 +620,99 @@ static void batadv_tt_changes_list_free(struct batadv_priv *bat_priv)
613{ 620{
614 struct batadv_tt_change_node *entry, *safe; 621 struct batadv_tt_change_node *entry, *safe;
615 622
616 spin_lock_bh(&bat_priv->tt_changes_list_lock); 623 spin_lock_bh(&bat_priv->tt.changes_list_lock);
617 624
618 list_for_each_entry_safe(entry, safe, &bat_priv->tt_changes_list, 625 list_for_each_entry_safe(entry, safe, &bat_priv->tt.changes_list,
619 list) { 626 list) {
620 list_del(&entry->list); 627 list_del(&entry->list);
621 kfree(entry); 628 kfree(entry);
622 } 629 }
623 630
624 atomic_set(&bat_priv->tt_local_changes, 0); 631 atomic_set(&bat_priv->tt.local_changes, 0);
625 spin_unlock_bh(&bat_priv->tt_changes_list_lock); 632 spin_unlock_bh(&bat_priv->tt.changes_list_lock);
626} 633}
627 634
628/* find out if an orig_node is already in the list of a tt_global_entry. 635/* retrieves the orig_tt_list_entry belonging to orig_node from the
629 * returns 1 if found, 0 otherwise 636 * batadv_tt_global_entry list
637 *
638 * returns it with an increased refcounter, NULL if not found
630 */ 639 */
631static bool 640static struct batadv_tt_orig_list_entry *
632batadv_tt_global_entry_has_orig(const struct batadv_tt_global_entry *entry, 641batadv_tt_global_orig_entry_find(const struct batadv_tt_global_entry *entry,
633 const struct batadv_orig_node *orig_node) 642 const struct batadv_orig_node *orig_node)
634{ 643{
635 struct batadv_tt_orig_list_entry *tmp_orig_entry; 644 struct batadv_tt_orig_list_entry *tmp_orig_entry, *orig_entry = NULL;
636 const struct hlist_head *head; 645 const struct hlist_head *head;
637 struct hlist_node *node; 646 struct hlist_node *node;
638 bool found = false;
639 647
640 rcu_read_lock(); 648 rcu_read_lock();
641 head = &entry->orig_list; 649 head = &entry->orig_list;
642 hlist_for_each_entry_rcu(tmp_orig_entry, node, head, list) { 650 hlist_for_each_entry_rcu(tmp_orig_entry, node, head, list) {
643 if (tmp_orig_entry->orig_node == orig_node) { 651 if (tmp_orig_entry->orig_node != orig_node)
644 found = true; 652 continue;
645 break; 653 if (!atomic_inc_not_zero(&tmp_orig_entry->refcount))
646 } 654 continue;
655
656 orig_entry = tmp_orig_entry;
657 break;
647 } 658 }
648 rcu_read_unlock(); 659 rcu_read_unlock();
660
661 return orig_entry;
662}
663
664/* find out if an orig_node is already in the list of a tt_global_entry.
665 * returns true if found, false otherwise
666 */
667static bool
668batadv_tt_global_entry_has_orig(const struct batadv_tt_global_entry *entry,
669 const struct batadv_orig_node *orig_node)
670{
671 struct batadv_tt_orig_list_entry *orig_entry;
672 bool found = false;
673
674 orig_entry = batadv_tt_global_orig_entry_find(entry, orig_node);
675 if (orig_entry) {
676 found = true;
677 batadv_tt_orig_list_entry_free_ref(orig_entry);
678 }
679
649 return found; 680 return found;
650} 681}
651 682
652static void 683static void
653batadv_tt_global_add_orig_entry(struct batadv_tt_global_entry *tt_global_entry, 684batadv_tt_global_orig_entry_add(struct batadv_tt_global_entry *tt_global,
654 struct batadv_orig_node *orig_node, int ttvn) 685 struct batadv_orig_node *orig_node, int ttvn)
655{ 686{
656 struct batadv_tt_orig_list_entry *orig_entry; 687 struct batadv_tt_orig_list_entry *orig_entry;
657 688
689 orig_entry = batadv_tt_global_orig_entry_find(tt_global, orig_node);
690 if (orig_entry) {
691 /* refresh the ttvn: the current value could be a bogus one that
692 * was added during a "temporary client detection"
693 */
694 orig_entry->ttvn = ttvn;
695 goto out;
696 }
697
658 orig_entry = kzalloc(sizeof(*orig_entry), GFP_ATOMIC); 698 orig_entry = kzalloc(sizeof(*orig_entry), GFP_ATOMIC);
659 if (!orig_entry) 699 if (!orig_entry)
660 return; 700 goto out;
661 701
662 INIT_HLIST_NODE(&orig_entry->list); 702 INIT_HLIST_NODE(&orig_entry->list);
663 atomic_inc(&orig_node->refcount); 703 atomic_inc(&orig_node->refcount);
664 atomic_inc(&orig_node->tt_size); 704 atomic_inc(&orig_node->tt_size);
665 orig_entry->orig_node = orig_node; 705 orig_entry->orig_node = orig_node;
666 orig_entry->ttvn = ttvn; 706 orig_entry->ttvn = ttvn;
707 atomic_set(&orig_entry->refcount, 2);
667 708
668 spin_lock_bh(&tt_global_entry->list_lock); 709 spin_lock_bh(&tt_global->list_lock);
669 hlist_add_head_rcu(&orig_entry->list, 710 hlist_add_head_rcu(&orig_entry->list,
670 &tt_global_entry->orig_list); 711 &tt_global->orig_list);
671 spin_unlock_bh(&tt_global_entry->list_lock); 712 spin_unlock_bh(&tt_global->list_lock);
713out:
714 if (orig_entry)
715 batadv_tt_orig_list_entry_free_ref(orig_entry);
672} 716}
673 717
674/* caller must hold orig_node refcount */ 718/* caller must hold orig_node refcount */
@@ -695,11 +739,12 @@ int batadv_tt_global_add(struct batadv_priv *bat_priv,
695 common->flags = flags; 739 common->flags = flags;
696 tt_global_entry->roam_at = 0; 740 tt_global_entry->roam_at = 0;
697 atomic_set(&common->refcount, 2); 741 atomic_set(&common->refcount, 2);
742 common->added_at = jiffies;
698 743
699 INIT_HLIST_HEAD(&tt_global_entry->orig_list); 744 INIT_HLIST_HEAD(&tt_global_entry->orig_list);
700 spin_lock_init(&tt_global_entry->list_lock); 745 spin_lock_init(&tt_global_entry->list_lock);
701 746
702 hash_added = batadv_hash_add(bat_priv->tt_global_hash, 747 hash_added = batadv_hash_add(bat_priv->tt.global_hash,
703 batadv_compare_tt, 748 batadv_compare_tt,
704 batadv_choose_orig, common, 749 batadv_choose_orig, common,
705 &common->hash_entry); 750 &common->hash_entry);
@@ -709,11 +754,20 @@ int batadv_tt_global_add(struct batadv_priv *bat_priv,
709 batadv_tt_global_entry_free_ref(tt_global_entry); 754 batadv_tt_global_entry_free_ref(tt_global_entry);
710 goto out_remove; 755 goto out_remove;
711 } 756 }
712
713 batadv_tt_global_add_orig_entry(tt_global_entry, orig_node,
714 ttvn);
715 } else { 757 } else {
716 /* there is already a global entry, use this one. */ 758 /* If there is already a global entry, we can use this one for
759 * our processing.
760 * But if we are trying to add a temporary client we can exit
761 * directly because the temporary information should never
762 * override any already known client state (whatever it is)
763 */
764 if (flags & BATADV_TT_CLIENT_TEMP)
765 goto out;
766
767 /* if the client was temporary added before receiving the first
768 * OGM announcing it, we have to clear the TEMP flag
769 */
770 tt_global_entry->common.flags &= ~BATADV_TT_CLIENT_TEMP;
717 771
718 /* If there is the BATADV_TT_CLIENT_ROAM flag set, there is only 772 /* If there is the BATADV_TT_CLIENT_ROAM flag set, there is only
719 * one originator left in the list and we previously received a 773 * one originator left in the list and we previously received a
@@ -727,12 +781,9 @@ int batadv_tt_global_add(struct batadv_priv *bat_priv,
727 tt_global_entry->common.flags &= ~BATADV_TT_CLIENT_ROAM; 781 tt_global_entry->common.flags &= ~BATADV_TT_CLIENT_ROAM;
728 tt_global_entry->roam_at = 0; 782 tt_global_entry->roam_at = 0;
729 } 783 }
730
731 if (!batadv_tt_global_entry_has_orig(tt_global_entry,
732 orig_node))
733 batadv_tt_global_add_orig_entry(tt_global_entry,
734 orig_node, ttvn);
735 } 784 }
785 /* add the new orig_entry (if needed) or update it */
786 batadv_tt_global_orig_entry_add(tt_global_entry, orig_node, ttvn);
736 787
737 batadv_dbg(BATADV_DBG_TT, bat_priv, 788 batadv_dbg(BATADV_DBG_TT, bat_priv,
738 "Creating new global tt entry: %pM (via %pM)\n", 789 "Creating new global tt entry: %pM (via %pM)\n",
@@ -771,11 +822,12 @@ batadv_tt_global_print_entry(struct batadv_tt_global_entry *tt_global_entry,
771 hlist_for_each_entry_rcu(orig_entry, node, head, list) { 822 hlist_for_each_entry_rcu(orig_entry, node, head, list) {
772 flags = tt_common_entry->flags; 823 flags = tt_common_entry->flags;
773 last_ttvn = atomic_read(&orig_entry->orig_node->last_ttvn); 824 last_ttvn = atomic_read(&orig_entry->orig_node->last_ttvn);
774 seq_printf(seq, " * %pM (%3u) via %pM (%3u) [%c%c]\n", 825 seq_printf(seq, " * %pM (%3u) via %pM (%3u) [%c%c%c]\n",
775 tt_global_entry->common.addr, orig_entry->ttvn, 826 tt_global_entry->common.addr, orig_entry->ttvn,
776 orig_entry->orig_node->orig, last_ttvn, 827 orig_entry->orig_node->orig, last_ttvn,
777 (flags & BATADV_TT_CLIENT_ROAM ? 'R' : '.'), 828 (flags & BATADV_TT_CLIENT_ROAM ? 'R' : '.'),
778 (flags & BATADV_TT_CLIENT_WIFI ? 'W' : '.')); 829 (flags & BATADV_TT_CLIENT_WIFI ? 'W' : '.'),
830 (flags & BATADV_TT_CLIENT_TEMP ? 'T' : '.'));
779 } 831 }
780} 832}
781 833
@@ -783,7 +835,7 @@ int batadv_tt_global_seq_print_text(struct seq_file *seq, void *offset)
783{ 835{
784 struct net_device *net_dev = (struct net_device *)seq->private; 836 struct net_device *net_dev = (struct net_device *)seq->private;
785 struct batadv_priv *bat_priv = netdev_priv(net_dev); 837 struct batadv_priv *bat_priv = netdev_priv(net_dev);
786 struct batadv_hashtable *hash = bat_priv->tt_global_hash; 838 struct batadv_hashtable *hash = bat_priv->tt.global_hash;
787 struct batadv_tt_common_entry *tt_common_entry; 839 struct batadv_tt_common_entry *tt_common_entry;
788 struct batadv_tt_global_entry *tt_global; 840 struct batadv_tt_global_entry *tt_global;
789 struct batadv_hard_iface *primary_if; 841 struct batadv_hard_iface *primary_if;
@@ -884,7 +936,7 @@ batadv_tt_global_del_struct(struct batadv_priv *bat_priv,
884 "Deleting global tt entry %pM: %s\n", 936 "Deleting global tt entry %pM: %s\n",
885 tt_global_entry->common.addr, message); 937 tt_global_entry->common.addr, message);
886 938
887 batadv_hash_remove(bat_priv->tt_global_hash, batadv_compare_tt, 939 batadv_hash_remove(bat_priv->tt.global_hash, batadv_compare_tt,
888 batadv_choose_orig, tt_global_entry->common.addr); 940 batadv_choose_orig, tt_global_entry->common.addr);
889 batadv_tt_global_entry_free_ref(tt_global_entry); 941 batadv_tt_global_entry_free_ref(tt_global_entry);
890 942
@@ -995,7 +1047,7 @@ void batadv_tt_global_del_orig(struct batadv_priv *bat_priv,
995 struct batadv_tt_global_entry *tt_global; 1047 struct batadv_tt_global_entry *tt_global;
996 struct batadv_tt_common_entry *tt_common_entry; 1048 struct batadv_tt_common_entry *tt_common_entry;
997 uint32_t i; 1049 uint32_t i;
998 struct batadv_hashtable *hash = bat_priv->tt_global_hash; 1050 struct batadv_hashtable *hash = bat_priv->tt.global_hash;
999 struct hlist_node *node, *safe; 1051 struct hlist_node *node, *safe;
1000 struct hlist_head *head; 1052 struct hlist_head *head;
1001 spinlock_t *list_lock; /* protects write access to the hash lists */ 1053 spinlock_t *list_lock; /* protects write access to the hash lists */
@@ -1030,49 +1082,63 @@ void batadv_tt_global_del_orig(struct batadv_priv *bat_priv,
1030 orig_node->tt_initialised = false; 1082 orig_node->tt_initialised = false;
1031} 1083}
1032 1084
1033static void batadv_tt_global_roam_purge_list(struct batadv_priv *bat_priv, 1085static bool batadv_tt_global_to_purge(struct batadv_tt_global_entry *tt_global,
1034 struct hlist_head *head) 1086 char **msg)
1035{ 1087{
1036 struct batadv_tt_common_entry *tt_common_entry; 1088 bool purge = false;
1037 struct batadv_tt_global_entry *tt_global_entry; 1089 unsigned long roam_timeout = BATADV_TT_CLIENT_ROAM_TIMEOUT;
1038 struct hlist_node *node, *node_tmp; 1090 unsigned long temp_timeout = BATADV_TT_CLIENT_TEMP_TIMEOUT;
1039
1040 hlist_for_each_entry_safe(tt_common_entry, node, node_tmp, head,
1041 hash_entry) {
1042 tt_global_entry = container_of(tt_common_entry,
1043 struct batadv_tt_global_entry,
1044 common);
1045 if (!(tt_global_entry->common.flags & BATADV_TT_CLIENT_ROAM))
1046 continue;
1047 if (!batadv_has_timed_out(tt_global_entry->roam_at,
1048 BATADV_TT_CLIENT_ROAM_TIMEOUT))
1049 continue;
1050 1091
1051 batadv_dbg(BATADV_DBG_TT, bat_priv, 1092 if ((tt_global->common.flags & BATADV_TT_CLIENT_ROAM) &&
1052 "Deleting global tt entry (%pM): Roaming timeout\n", 1093 batadv_has_timed_out(tt_global->roam_at, roam_timeout)) {
1053 tt_global_entry->common.addr); 1094 purge = true;
1095 *msg = "Roaming timeout\n";
1096 }
1054 1097
1055 hlist_del_rcu(node); 1098 if ((tt_global->common.flags & BATADV_TT_CLIENT_TEMP) &&
1056 batadv_tt_global_entry_free_ref(tt_global_entry); 1099 batadv_has_timed_out(tt_global->common.added_at, temp_timeout)) {
1100 purge = true;
1101 *msg = "Temporary client timeout\n";
1057 } 1102 }
1103
1104 return purge;
1058} 1105}
1059 1106
1060static void batadv_tt_global_roam_purge(struct batadv_priv *bat_priv) 1107static void batadv_tt_global_purge(struct batadv_priv *bat_priv)
1061{ 1108{
1062 struct batadv_hashtable *hash = bat_priv->tt_global_hash; 1109 struct batadv_hashtable *hash = bat_priv->tt.global_hash;
1063 struct hlist_head *head; 1110 struct hlist_head *head;
1111 struct hlist_node *node, *node_tmp;
1064 spinlock_t *list_lock; /* protects write access to the hash lists */ 1112 spinlock_t *list_lock; /* protects write access to the hash lists */
1065 uint32_t i; 1113 uint32_t i;
1114 char *msg = NULL;
1115 struct batadv_tt_common_entry *tt_common;
1116 struct batadv_tt_global_entry *tt_global;
1066 1117
1067 for (i = 0; i < hash->size; i++) { 1118 for (i = 0; i < hash->size; i++) {
1068 head = &hash->table[i]; 1119 head = &hash->table[i];
1069 list_lock = &hash->list_locks[i]; 1120 list_lock = &hash->list_locks[i];
1070 1121
1071 spin_lock_bh(list_lock); 1122 spin_lock_bh(list_lock);
1072 batadv_tt_global_roam_purge_list(bat_priv, head); 1123 hlist_for_each_entry_safe(tt_common, node, node_tmp, head,
1124 hash_entry) {
1125 tt_global = container_of(tt_common,
1126 struct batadv_tt_global_entry,
1127 common);
1128
1129 if (!batadv_tt_global_to_purge(tt_global, &msg))
1130 continue;
1131
1132 batadv_dbg(BATADV_DBG_TT, bat_priv,
1133 "Deleting global tt entry (%pM): %s\n",
1134 tt_global->common.addr, msg);
1135
1136 hlist_del_rcu(node);
1137
1138 batadv_tt_global_entry_free_ref(tt_global);
1139 }
1073 spin_unlock_bh(list_lock); 1140 spin_unlock_bh(list_lock);
1074 } 1141 }
1075
1076} 1142}
1077 1143
1078static void batadv_tt_global_table_free(struct batadv_priv *bat_priv) 1144static void batadv_tt_global_table_free(struct batadv_priv *bat_priv)
@@ -1085,10 +1151,10 @@ static void batadv_tt_global_table_free(struct batadv_priv *bat_priv)
1085 struct hlist_head *head; 1151 struct hlist_head *head;
1086 uint32_t i; 1152 uint32_t i;
1087 1153
1088 if (!bat_priv->tt_global_hash) 1154 if (!bat_priv->tt.global_hash)
1089 return; 1155 return;
1090 1156
1091 hash = bat_priv->tt_global_hash; 1157 hash = bat_priv->tt.global_hash;
1092 1158
1093 for (i = 0; i < hash->size; i++) { 1159 for (i = 0; i < hash->size; i++) {
1094 head = &hash->table[i]; 1160 head = &hash->table[i];
@@ -1108,7 +1174,7 @@ static void batadv_tt_global_table_free(struct batadv_priv *bat_priv)
1108 1174
1109 batadv_hash_destroy(hash); 1175 batadv_hash_destroy(hash);
1110 1176
1111 bat_priv->tt_global_hash = NULL; 1177 bat_priv->tt.global_hash = NULL;
1112} 1178}
1113 1179
1114static bool 1180static bool
@@ -1187,7 +1253,7 @@ static uint16_t batadv_tt_global_crc(struct batadv_priv *bat_priv,
1187 struct batadv_orig_node *orig_node) 1253 struct batadv_orig_node *orig_node)
1188{ 1254{
1189 uint16_t total = 0, total_one; 1255 uint16_t total = 0, total_one;
1190 struct batadv_hashtable *hash = bat_priv->tt_global_hash; 1256 struct batadv_hashtable *hash = bat_priv->tt.global_hash;
1191 struct batadv_tt_common_entry *tt_common; 1257 struct batadv_tt_common_entry *tt_common;
1192 struct batadv_tt_global_entry *tt_global; 1258 struct batadv_tt_global_entry *tt_global;
1193 struct hlist_node *node; 1259 struct hlist_node *node;
@@ -1210,6 +1276,12 @@ static uint16_t batadv_tt_global_crc(struct batadv_priv *bat_priv,
1210 */ 1276 */
1211 if (tt_common->flags & BATADV_TT_CLIENT_ROAM) 1277 if (tt_common->flags & BATADV_TT_CLIENT_ROAM)
1212 continue; 1278 continue;
1279 /* Temporary clients have not been announced yet, so
1280 * they have to be skipped while computing the global
1281 * crc
1282 */
1283 if (tt_common->flags & BATADV_TT_CLIENT_TEMP)
1284 continue;
1213 1285
1214 /* find out if this global entry is announced by this 1286 /* find out if this global entry is announced by this
1215 * originator 1287 * originator
@@ -1234,7 +1306,7 @@ static uint16_t batadv_tt_global_crc(struct batadv_priv *bat_priv,
1234static uint16_t batadv_tt_local_crc(struct batadv_priv *bat_priv) 1306static uint16_t batadv_tt_local_crc(struct batadv_priv *bat_priv)
1235{ 1307{
1236 uint16_t total = 0, total_one; 1308 uint16_t total = 0, total_one;
1237 struct batadv_hashtable *hash = bat_priv->tt_local_hash; 1309 struct batadv_hashtable *hash = bat_priv->tt.local_hash;
1238 struct batadv_tt_common_entry *tt_common; 1310 struct batadv_tt_common_entry *tt_common;
1239 struct hlist_node *node; 1311 struct hlist_node *node;
1240 struct hlist_head *head; 1312 struct hlist_head *head;
@@ -1267,14 +1339,14 @@ static void batadv_tt_req_list_free(struct batadv_priv *bat_priv)
1267{ 1339{
1268 struct batadv_tt_req_node *node, *safe; 1340 struct batadv_tt_req_node *node, *safe;
1269 1341
1270 spin_lock_bh(&bat_priv->tt_req_list_lock); 1342 spin_lock_bh(&bat_priv->tt.req_list_lock);
1271 1343
1272 list_for_each_entry_safe(node, safe, &bat_priv->tt_req_list, list) { 1344 list_for_each_entry_safe(node, safe, &bat_priv->tt.req_list, list) {
1273 list_del(&node->list); 1345 list_del(&node->list);
1274 kfree(node); 1346 kfree(node);
1275 } 1347 }
1276 1348
1277 spin_unlock_bh(&bat_priv->tt_req_list_lock); 1349 spin_unlock_bh(&bat_priv->tt.req_list_lock);
1278} 1350}
1279 1351
1280static void batadv_tt_save_orig_buffer(struct batadv_priv *bat_priv, 1352static void batadv_tt_save_orig_buffer(struct batadv_priv *bat_priv,
@@ -1304,15 +1376,15 @@ static void batadv_tt_req_purge(struct batadv_priv *bat_priv)
1304{ 1376{
1305 struct batadv_tt_req_node *node, *safe; 1377 struct batadv_tt_req_node *node, *safe;
1306 1378
1307 spin_lock_bh(&bat_priv->tt_req_list_lock); 1379 spin_lock_bh(&bat_priv->tt.req_list_lock);
1308 list_for_each_entry_safe(node, safe, &bat_priv->tt_req_list, list) { 1380 list_for_each_entry_safe(node, safe, &bat_priv->tt.req_list, list) {
1309 if (batadv_has_timed_out(node->issued_at, 1381 if (batadv_has_timed_out(node->issued_at,
1310 BATADV_TT_REQUEST_TIMEOUT)) { 1382 BATADV_TT_REQUEST_TIMEOUT)) {
1311 list_del(&node->list); 1383 list_del(&node->list);
1312 kfree(node); 1384 kfree(node);
1313 } 1385 }
1314 } 1386 }
1315 spin_unlock_bh(&bat_priv->tt_req_list_lock); 1387 spin_unlock_bh(&bat_priv->tt.req_list_lock);
1316} 1388}
1317 1389
1318/* returns the pointer to the new tt_req_node struct if no request 1390/* returns the pointer to the new tt_req_node struct if no request
@@ -1324,8 +1396,8 @@ batadv_new_tt_req_node(struct batadv_priv *bat_priv,
1324{ 1396{
1325 struct batadv_tt_req_node *tt_req_node_tmp, *tt_req_node = NULL; 1397 struct batadv_tt_req_node *tt_req_node_tmp, *tt_req_node = NULL;
1326 1398
1327 spin_lock_bh(&bat_priv->tt_req_list_lock); 1399 spin_lock_bh(&bat_priv->tt.req_list_lock);
1328 list_for_each_entry(tt_req_node_tmp, &bat_priv->tt_req_list, list) { 1400 list_for_each_entry(tt_req_node_tmp, &bat_priv->tt.req_list, list) {
1329 if (batadv_compare_eth(tt_req_node_tmp, orig_node) && 1401 if (batadv_compare_eth(tt_req_node_tmp, orig_node) &&
1330 !batadv_has_timed_out(tt_req_node_tmp->issued_at, 1402 !batadv_has_timed_out(tt_req_node_tmp->issued_at,
1331 BATADV_TT_REQUEST_TIMEOUT)) 1403 BATADV_TT_REQUEST_TIMEOUT))
@@ -1339,9 +1411,9 @@ batadv_new_tt_req_node(struct batadv_priv *bat_priv,
1339 memcpy(tt_req_node->addr, orig_node->orig, ETH_ALEN); 1411 memcpy(tt_req_node->addr, orig_node->orig, ETH_ALEN);
1340 tt_req_node->issued_at = jiffies; 1412 tt_req_node->issued_at = jiffies;
1341 1413
1342 list_add(&tt_req_node->list, &bat_priv->tt_req_list); 1414 list_add(&tt_req_node->list, &bat_priv->tt.req_list);
1343unlock: 1415unlock:
1344 spin_unlock_bh(&bat_priv->tt_req_list_lock); 1416 spin_unlock_bh(&bat_priv->tt.req_list_lock);
1345 return tt_req_node; 1417 return tt_req_node;
1346} 1418}
1347 1419
@@ -1363,7 +1435,8 @@ static int batadv_tt_global_valid(const void *entry_ptr,
1363 const struct batadv_tt_global_entry *tt_global_entry; 1435 const struct batadv_tt_global_entry *tt_global_entry;
1364 const struct batadv_orig_node *orig_node = data_ptr; 1436 const struct batadv_orig_node *orig_node = data_ptr;
1365 1437
1366 if (tt_common_entry->flags & BATADV_TT_CLIENT_ROAM) 1438 if (tt_common_entry->flags & BATADV_TT_CLIENT_ROAM ||
1439 tt_common_entry->flags & BATADV_TT_CLIENT_TEMP)
1367 return 0; 1440 return 0;
1368 1441
1369 tt_global_entry = container_of(tt_common_entry, 1442 tt_global_entry = container_of(tt_common_entry,
@@ -1507,9 +1580,9 @@ out:
1507 if (ret) 1580 if (ret)
1508 kfree_skb(skb); 1581 kfree_skb(skb);
1509 if (ret && tt_req_node) { 1582 if (ret && tt_req_node) {
1510 spin_lock_bh(&bat_priv->tt_req_list_lock); 1583 spin_lock_bh(&bat_priv->tt.req_list_lock);
1511 list_del(&tt_req_node->list); 1584 list_del(&tt_req_node->list);
1512 spin_unlock_bh(&bat_priv->tt_req_list_lock); 1585 spin_unlock_bh(&bat_priv->tt.req_list_lock);
1513 kfree(tt_req_node); 1586 kfree(tt_req_node);
1514 } 1587 }
1515 return ret; 1588 return ret;
@@ -1530,6 +1603,7 @@ batadv_send_other_tt_response(struct batadv_priv *bat_priv,
1530 uint16_t tt_len, tt_tot; 1603 uint16_t tt_len, tt_tot;
1531 struct sk_buff *skb = NULL; 1604 struct sk_buff *skb = NULL;
1532 struct batadv_tt_query_packet *tt_response; 1605 struct batadv_tt_query_packet *tt_response;
1606 uint8_t *packet_pos;
1533 size_t len; 1607 size_t len;
1534 1608
1535 batadv_dbg(BATADV_DBG_TT, bat_priv, 1609 batadv_dbg(BATADV_DBG_TT, bat_priv,
@@ -1583,8 +1657,8 @@ batadv_send_other_tt_response(struct batadv_priv *bat_priv,
1583 goto unlock; 1657 goto unlock;
1584 1658
1585 skb_reserve(skb, ETH_HLEN); 1659 skb_reserve(skb, ETH_HLEN);
1586 tt_response = (struct batadv_tt_query_packet *)skb_put(skb, 1660 packet_pos = skb_put(skb, len);
1587 len); 1661 tt_response = (struct batadv_tt_query_packet *)packet_pos;
1588 tt_response->ttvn = req_ttvn; 1662 tt_response->ttvn = req_ttvn;
1589 tt_response->tt_data = htons(tt_tot); 1663 tt_response->tt_data = htons(tt_tot);
1590 1664
@@ -1600,7 +1674,7 @@ batadv_send_other_tt_response(struct batadv_priv *bat_priv,
1600 ttvn = (uint8_t)atomic_read(&req_dst_orig_node->last_ttvn); 1674 ttvn = (uint8_t)atomic_read(&req_dst_orig_node->last_ttvn);
1601 1675
1602 skb = batadv_tt_response_fill_table(tt_len, ttvn, 1676 skb = batadv_tt_response_fill_table(tt_len, ttvn,
1603 bat_priv->tt_global_hash, 1677 bat_priv->tt.global_hash,
1604 primary_if, 1678 primary_if,
1605 batadv_tt_global_valid, 1679 batadv_tt_global_valid,
1606 req_dst_orig_node); 1680 req_dst_orig_node);
@@ -1663,6 +1737,7 @@ batadv_send_my_tt_response(struct batadv_priv *bat_priv,
1663 uint16_t tt_len, tt_tot; 1737 uint16_t tt_len, tt_tot;
1664 struct sk_buff *skb = NULL; 1738 struct sk_buff *skb = NULL;
1665 struct batadv_tt_query_packet *tt_response; 1739 struct batadv_tt_query_packet *tt_response;
1740 uint8_t *packet_pos;
1666 size_t len; 1741 size_t len;
1667 1742
1668 batadv_dbg(BATADV_DBG_TT, bat_priv, 1743 batadv_dbg(BATADV_DBG_TT, bat_priv,
@@ -1671,7 +1746,7 @@ batadv_send_my_tt_response(struct batadv_priv *bat_priv,
1671 (tt_request->flags & BATADV_TT_FULL_TABLE ? 'F' : '.')); 1746 (tt_request->flags & BATADV_TT_FULL_TABLE ? 'F' : '.'));
1672 1747
1673 1748
1674 my_ttvn = (uint8_t)atomic_read(&bat_priv->ttvn); 1749 my_ttvn = (uint8_t)atomic_read(&bat_priv->tt.vn);
1675 req_ttvn = tt_request->ttvn; 1750 req_ttvn = tt_request->ttvn;
1676 1751
1677 orig_node = batadv_orig_hash_find(bat_priv, tt_request->src); 1752 orig_node = batadv_orig_hash_find(bat_priv, tt_request->src);
@@ -1690,7 +1765,7 @@ batadv_send_my_tt_response(struct batadv_priv *bat_priv,
1690 * is too big send the whole local translation table 1765 * is too big send the whole local translation table
1691 */ 1766 */
1692 if (tt_request->flags & BATADV_TT_FULL_TABLE || my_ttvn != req_ttvn || 1767 if (tt_request->flags & BATADV_TT_FULL_TABLE || my_ttvn != req_ttvn ||
1693 !bat_priv->tt_buff) 1768 !bat_priv->tt.last_changeset)
1694 full_table = true; 1769 full_table = true;
1695 else 1770 else
1696 full_table = false; 1771 full_table = false;
@@ -1699,8 +1774,8 @@ batadv_send_my_tt_response(struct batadv_priv *bat_priv,
1699 * I'll send only one packet with as much TT entries as I can 1774 * I'll send only one packet with as much TT entries as I can
1700 */ 1775 */
1701 if (!full_table) { 1776 if (!full_table) {
1702 spin_lock_bh(&bat_priv->tt_buff_lock); 1777 spin_lock_bh(&bat_priv->tt.last_changeset_lock);
1703 tt_len = bat_priv->tt_buff_len; 1778 tt_len = bat_priv->tt.last_changeset_len;
1704 tt_tot = tt_len / sizeof(struct batadv_tt_change); 1779 tt_tot = tt_len / sizeof(struct batadv_tt_change);
1705 1780
1706 len = sizeof(*tt_response) + tt_len; 1781 len = sizeof(*tt_response) + tt_len;
@@ -1709,22 +1784,22 @@ batadv_send_my_tt_response(struct batadv_priv *bat_priv,
1709 goto unlock; 1784 goto unlock;
1710 1785
1711 skb_reserve(skb, ETH_HLEN); 1786 skb_reserve(skb, ETH_HLEN);
1712 tt_response = (struct batadv_tt_query_packet *)skb_put(skb, 1787 packet_pos = skb_put(skb, len);
1713 len); 1788 tt_response = (struct batadv_tt_query_packet *)packet_pos;
1714 tt_response->ttvn = req_ttvn; 1789 tt_response->ttvn = req_ttvn;
1715 tt_response->tt_data = htons(tt_tot); 1790 tt_response->tt_data = htons(tt_tot);
1716 1791
1717 tt_buff = skb->data + sizeof(*tt_response); 1792 tt_buff = skb->data + sizeof(*tt_response);
1718 memcpy(tt_buff, bat_priv->tt_buff, 1793 memcpy(tt_buff, bat_priv->tt.last_changeset,
1719 bat_priv->tt_buff_len); 1794 bat_priv->tt.last_changeset_len);
1720 spin_unlock_bh(&bat_priv->tt_buff_lock); 1795 spin_unlock_bh(&bat_priv->tt.last_changeset_lock);
1721 } else { 1796 } else {
1722 tt_len = (uint16_t)atomic_read(&bat_priv->num_local_tt); 1797 tt_len = (uint16_t)atomic_read(&bat_priv->tt.local_entry_num);
1723 tt_len *= sizeof(struct batadv_tt_change); 1798 tt_len *= sizeof(struct batadv_tt_change);
1724 ttvn = (uint8_t)atomic_read(&bat_priv->ttvn); 1799 ttvn = (uint8_t)atomic_read(&bat_priv->tt.vn);
1725 1800
1726 skb = batadv_tt_response_fill_table(tt_len, ttvn, 1801 skb = batadv_tt_response_fill_table(tt_len, ttvn,
1727 bat_priv->tt_local_hash, 1802 bat_priv->tt.local_hash,
1728 primary_if, 1803 primary_if,
1729 batadv_tt_local_valid_entry, 1804 batadv_tt_local_valid_entry,
1730 NULL); 1805 NULL);
@@ -1756,7 +1831,7 @@ batadv_send_my_tt_response(struct batadv_priv *bat_priv,
1756 goto out; 1831 goto out;
1757 1832
1758unlock: 1833unlock:
1759 spin_unlock_bh(&bat_priv->tt_buff_lock); 1834 spin_unlock_bh(&bat_priv->tt.last_changeset_lock);
1760out: 1835out:
1761 if (orig_node) 1836 if (orig_node)
1762 batadv_orig_node_free_ref(orig_node); 1837 batadv_orig_node_free_ref(orig_node);
@@ -1909,14 +1984,14 @@ void batadv_handle_tt_response(struct batadv_priv *bat_priv,
1909 } 1984 }
1910 1985
1911 /* Delete the tt_req_node from pending tt_requests list */ 1986 /* Delete the tt_req_node from pending tt_requests list */
1912 spin_lock_bh(&bat_priv->tt_req_list_lock); 1987 spin_lock_bh(&bat_priv->tt.req_list_lock);
1913 list_for_each_entry_safe(node, safe, &bat_priv->tt_req_list, list) { 1988 list_for_each_entry_safe(node, safe, &bat_priv->tt.req_list, list) {
1914 if (!batadv_compare_eth(node->addr, tt_response->src)) 1989 if (!batadv_compare_eth(node->addr, tt_response->src))
1915 continue; 1990 continue;
1916 list_del(&node->list); 1991 list_del(&node->list);
1917 kfree(node); 1992 kfree(node);
1918 } 1993 }
1919 spin_unlock_bh(&bat_priv->tt_req_list_lock); 1994 spin_unlock_bh(&bat_priv->tt.req_list_lock);
1920 1995
1921 /* Recalculate the CRC for this orig_node and store it */ 1996 /* Recalculate the CRC for this orig_node and store it */
1922 orig_node->tt_crc = batadv_tt_global_crc(bat_priv, orig_node); 1997 orig_node->tt_crc = batadv_tt_global_crc(bat_priv, orig_node);
@@ -1950,22 +2025,22 @@ static void batadv_tt_roam_list_free(struct batadv_priv *bat_priv)
1950{ 2025{
1951 struct batadv_tt_roam_node *node, *safe; 2026 struct batadv_tt_roam_node *node, *safe;
1952 2027
1953 spin_lock_bh(&bat_priv->tt_roam_list_lock); 2028 spin_lock_bh(&bat_priv->tt.roam_list_lock);
1954 2029
1955 list_for_each_entry_safe(node, safe, &bat_priv->tt_roam_list, list) { 2030 list_for_each_entry_safe(node, safe, &bat_priv->tt.roam_list, list) {
1956 list_del(&node->list); 2031 list_del(&node->list);
1957 kfree(node); 2032 kfree(node);
1958 } 2033 }
1959 2034
1960 spin_unlock_bh(&bat_priv->tt_roam_list_lock); 2035 spin_unlock_bh(&bat_priv->tt.roam_list_lock);
1961} 2036}
1962 2037
1963static void batadv_tt_roam_purge(struct batadv_priv *bat_priv) 2038static void batadv_tt_roam_purge(struct batadv_priv *bat_priv)
1964{ 2039{
1965 struct batadv_tt_roam_node *node, *safe; 2040 struct batadv_tt_roam_node *node, *safe;
1966 2041
1967 spin_lock_bh(&bat_priv->tt_roam_list_lock); 2042 spin_lock_bh(&bat_priv->tt.roam_list_lock);
1968 list_for_each_entry_safe(node, safe, &bat_priv->tt_roam_list, list) { 2043 list_for_each_entry_safe(node, safe, &bat_priv->tt.roam_list, list) {
1969 if (!batadv_has_timed_out(node->first_time, 2044 if (!batadv_has_timed_out(node->first_time,
1970 BATADV_ROAMING_MAX_TIME)) 2045 BATADV_ROAMING_MAX_TIME))
1971 continue; 2046 continue;
@@ -1973,7 +2048,7 @@ static void batadv_tt_roam_purge(struct batadv_priv *bat_priv)
1973 list_del(&node->list); 2048 list_del(&node->list);
1974 kfree(node); 2049 kfree(node);
1975 } 2050 }
1976 spin_unlock_bh(&bat_priv->tt_roam_list_lock); 2051 spin_unlock_bh(&bat_priv->tt.roam_list_lock);
1977} 2052}
1978 2053
1979/* This function checks whether the client already reached the 2054/* This function checks whether the client already reached the
@@ -1988,11 +2063,11 @@ static bool batadv_tt_check_roam_count(struct batadv_priv *bat_priv,
1988 struct batadv_tt_roam_node *tt_roam_node; 2063 struct batadv_tt_roam_node *tt_roam_node;
1989 bool ret = false; 2064 bool ret = false;
1990 2065
1991 spin_lock_bh(&bat_priv->tt_roam_list_lock); 2066 spin_lock_bh(&bat_priv->tt.roam_list_lock);
1992 /* The new tt_req will be issued only if I'm not waiting for a 2067 /* The new tt_req will be issued only if I'm not waiting for a
1993 * reply from the same orig_node yet 2068 * reply from the same orig_node yet
1994 */ 2069 */
1995 list_for_each_entry(tt_roam_node, &bat_priv->tt_roam_list, list) { 2070 list_for_each_entry(tt_roam_node, &bat_priv->tt.roam_list, list) {
1996 if (!batadv_compare_eth(tt_roam_node->addr, client)) 2071 if (!batadv_compare_eth(tt_roam_node->addr, client))
1997 continue; 2072 continue;
1998 2073
@@ -2017,12 +2092,12 @@ static bool batadv_tt_check_roam_count(struct batadv_priv *bat_priv,
2017 BATADV_ROAMING_MAX_COUNT - 1); 2092 BATADV_ROAMING_MAX_COUNT - 1);
2018 memcpy(tt_roam_node->addr, client, ETH_ALEN); 2093 memcpy(tt_roam_node->addr, client, ETH_ALEN);
2019 2094
2020 list_add(&tt_roam_node->list, &bat_priv->tt_roam_list); 2095 list_add(&tt_roam_node->list, &bat_priv->tt.roam_list);
2021 ret = true; 2096 ret = true;
2022 } 2097 }
2023 2098
2024unlock: 2099unlock:
2025 spin_unlock_bh(&bat_priv->tt_roam_list_lock); 2100 spin_unlock_bh(&bat_priv->tt.roam_list_lock);
2026 return ret; 2101 return ret;
2027} 2102}
2028 2103
@@ -2086,13 +2161,15 @@ out:
2086static void batadv_tt_purge(struct work_struct *work) 2161static void batadv_tt_purge(struct work_struct *work)
2087{ 2162{
2088 struct delayed_work *delayed_work; 2163 struct delayed_work *delayed_work;
2164 struct batadv_priv_tt *priv_tt;
2089 struct batadv_priv *bat_priv; 2165 struct batadv_priv *bat_priv;
2090 2166
2091 delayed_work = container_of(work, struct delayed_work, work); 2167 delayed_work = container_of(work, struct delayed_work, work);
2092 bat_priv = container_of(delayed_work, struct batadv_priv, tt_work); 2168 priv_tt = container_of(delayed_work, struct batadv_priv_tt, work);
2169 bat_priv = container_of(priv_tt, struct batadv_priv, tt);
2093 2170
2094 batadv_tt_local_purge(bat_priv); 2171 batadv_tt_local_purge(bat_priv);
2095 batadv_tt_global_roam_purge(bat_priv); 2172 batadv_tt_global_purge(bat_priv);
2096 batadv_tt_req_purge(bat_priv); 2173 batadv_tt_req_purge(bat_priv);
2097 batadv_tt_roam_purge(bat_priv); 2174 batadv_tt_roam_purge(bat_priv);
2098 2175
@@ -2101,7 +2178,7 @@ static void batadv_tt_purge(struct work_struct *work)
2101 2178
2102void batadv_tt_free(struct batadv_priv *bat_priv) 2179void batadv_tt_free(struct batadv_priv *bat_priv)
2103{ 2180{
2104 cancel_delayed_work_sync(&bat_priv->tt_work); 2181 cancel_delayed_work_sync(&bat_priv->tt.work);
2105 2182
2106 batadv_tt_local_table_free(bat_priv); 2183 batadv_tt_local_table_free(bat_priv);
2107 batadv_tt_global_table_free(bat_priv); 2184 batadv_tt_global_table_free(bat_priv);
@@ -2109,7 +2186,7 @@ void batadv_tt_free(struct batadv_priv *bat_priv)
2109 batadv_tt_changes_list_free(bat_priv); 2186 batadv_tt_changes_list_free(bat_priv);
2110 batadv_tt_roam_list_free(bat_priv); 2187 batadv_tt_roam_list_free(bat_priv);
2111 2188
2112 kfree(bat_priv->tt_buff); 2189 kfree(bat_priv->tt.last_changeset);
2113} 2190}
2114 2191
2115/* This function will enable or disable the specified flags for all the entries 2192/* This function will enable or disable the specified flags for all the entries
@@ -2153,7 +2230,7 @@ out:
2153/* Purge out all the tt local entries marked with BATADV_TT_CLIENT_PENDING */ 2230/* Purge out all the tt local entries marked with BATADV_TT_CLIENT_PENDING */
2154static void batadv_tt_local_purge_pending_clients(struct batadv_priv *bat_priv) 2231static void batadv_tt_local_purge_pending_clients(struct batadv_priv *bat_priv)
2155{ 2232{
2156 struct batadv_hashtable *hash = bat_priv->tt_local_hash; 2233 struct batadv_hashtable *hash = bat_priv->tt.local_hash;
2157 struct batadv_tt_common_entry *tt_common; 2234 struct batadv_tt_common_entry *tt_common;
2158 struct batadv_tt_local_entry *tt_local; 2235 struct batadv_tt_local_entry *tt_local;
2159 struct hlist_node *node, *node_tmp; 2236 struct hlist_node *node, *node_tmp;
@@ -2178,7 +2255,7 @@ static void batadv_tt_local_purge_pending_clients(struct batadv_priv *bat_priv)
2178 "Deleting local tt entry (%pM): pending\n", 2255 "Deleting local tt entry (%pM): pending\n",
2179 tt_common->addr); 2256 tt_common->addr);
2180 2257
2181 atomic_dec(&bat_priv->num_local_tt); 2258 atomic_dec(&bat_priv->tt.local_entry_num);
2182 hlist_del_rcu(node); 2259 hlist_del_rcu(node);
2183 tt_local = container_of(tt_common, 2260 tt_local = container_of(tt_common,
2184 struct batadv_tt_local_entry, 2261 struct batadv_tt_local_entry,
@@ -2196,26 +2273,26 @@ static int batadv_tt_commit_changes(struct batadv_priv *bat_priv,
2196{ 2273{
2197 uint16_t changed_num = 0; 2274 uint16_t changed_num = 0;
2198 2275
2199 if (atomic_read(&bat_priv->tt_local_changes) < 1) 2276 if (atomic_read(&bat_priv->tt.local_changes) < 1)
2200 return -ENOENT; 2277 return -ENOENT;
2201 2278
2202 changed_num = batadv_tt_set_flags(bat_priv->tt_local_hash, 2279 changed_num = batadv_tt_set_flags(bat_priv->tt.local_hash,
2203 BATADV_TT_CLIENT_NEW, false); 2280 BATADV_TT_CLIENT_NEW, false);
2204 2281
2205 /* all reset entries have to be counted as local entries */ 2282 /* all reset entries have to be counted as local entries */
2206 atomic_add(changed_num, &bat_priv->num_local_tt); 2283 atomic_add(changed_num, &bat_priv->tt.local_entry_num);
2207 batadv_tt_local_purge_pending_clients(bat_priv); 2284 batadv_tt_local_purge_pending_clients(bat_priv);
2208 bat_priv->tt_crc = batadv_tt_local_crc(bat_priv); 2285 bat_priv->tt.local_crc = batadv_tt_local_crc(bat_priv);
2209 2286
2210 /* Increment the TTVN only once per OGM interval */ 2287 /* Increment the TTVN only once per OGM interval */
2211 atomic_inc(&bat_priv->ttvn); 2288 atomic_inc(&bat_priv->tt.vn);
2212 batadv_dbg(BATADV_DBG_TT, bat_priv, 2289 batadv_dbg(BATADV_DBG_TT, bat_priv,
2213 "Local changes committed, updating to ttvn %u\n", 2290 "Local changes committed, updating to ttvn %u\n",
2214 (uint8_t)atomic_read(&bat_priv->ttvn)); 2291 (uint8_t)atomic_read(&bat_priv->tt.vn));
2215 bat_priv->tt_poss_change = false; 2292 bat_priv->tt.poss_change = false;
2216 2293
2217 /* reset the sending counter */ 2294 /* reset the sending counter */
2218 atomic_set(&bat_priv->tt_ogm_append_cnt, BATADV_TT_OGM_APPEND_MAX); 2295 atomic_set(&bat_priv->tt.ogm_append_cnt, BATADV_TT_OGM_APPEND_MAX);
2219 2296
2220 return batadv_tt_changes_fill_buff(bat_priv, packet_buff, 2297 return batadv_tt_changes_fill_buff(bat_priv, packet_buff,
2221 packet_buff_len, packet_min_len); 2298 packet_buff_len, packet_min_len);
@@ -2235,7 +2312,7 @@ int batadv_tt_append_diff(struct batadv_priv *bat_priv,
2235 2312
2236 /* if the changes have been sent often enough */ 2313 /* if the changes have been sent often enough */
2237 if ((tt_num_changes < 0) && 2314 if ((tt_num_changes < 0) &&
2238 (!batadv_atomic_dec_not_zero(&bat_priv->tt_ogm_append_cnt))) { 2315 (!batadv_atomic_dec_not_zero(&bat_priv->tt.ogm_append_cnt))) {
2239 batadv_tt_realloc_packet_buff(packet_buff, packet_buff_len, 2316 batadv_tt_realloc_packet_buff(packet_buff, packet_buff_len,
2240 packet_min_len, packet_min_len); 2317 packet_min_len, packet_min_len);
2241 tt_num_changes = 0; 2318 tt_num_changes = 0;
@@ -2366,3 +2443,22 @@ bool batadv_tt_global_client_is_roaming(struct batadv_priv *bat_priv,
2366out: 2443out:
2367 return ret; 2444 return ret;
2368} 2445}
2446
2447bool batadv_tt_add_temporary_global_entry(struct batadv_priv *bat_priv,
2448 struct batadv_orig_node *orig_node,
2449 const unsigned char *addr)
2450{
2451 bool ret = false;
2452
2453 if (!batadv_tt_global_add(bat_priv, orig_node, addr,
2454 BATADV_TT_CLIENT_TEMP,
2455 atomic_read(&orig_node->last_ttvn)))
2456 goto out;
2457
2458 batadv_dbg(BATADV_DBG_TT, bat_priv,
2459 "Added temporary global client (addr: %pM orig: %pM)\n",
2460 addr, orig_node->orig);
2461 ret = true;
2462out:
2463 return ret;
2464}
diff --git a/net/batman-adv/translation-table.h b/net/batman-adv/translation-table.h
index ffa87355096b..811fffd4760c 100644
--- a/net/batman-adv/translation-table.h
+++ b/net/batman-adv/translation-table.h
@@ -59,6 +59,8 @@ int batadv_tt_append_diff(struct batadv_priv *bat_priv,
59 int packet_min_len); 59 int packet_min_len);
60bool batadv_tt_global_client_is_roaming(struct batadv_priv *bat_priv, 60bool batadv_tt_global_client_is_roaming(struct batadv_priv *bat_priv,
61 uint8_t *addr); 61 uint8_t *addr);
62 62bool batadv_tt_add_temporary_global_entry(struct batadv_priv *bat_priv,
63 struct batadv_orig_node *orig_node,
64 const unsigned char *addr);
63 65
64#endif /* _NET_BATMAN_ADV_TRANSLATION_TABLE_H_ */ 66#endif /* _NET_BATMAN_ADV_TRANSLATION_TABLE_H_ */
diff --git a/net/batman-adv/types.h b/net/batman-adv/types.h
index 12635fd2c3d3..2ed82caacdca 100644
--- a/net/batman-adv/types.h
+++ b/net/batman-adv/types.h
@@ -145,6 +145,11 @@ struct batadv_bcast_duplist_entry {
145#endif 145#endif
146 146
147enum batadv_counters { 147enum batadv_counters {
148 BATADV_CNT_TX,
149 BATADV_CNT_TX_BYTES,
150 BATADV_CNT_TX_DROPPED,
151 BATADV_CNT_RX,
152 BATADV_CNT_RX_BYTES,
148 BATADV_CNT_FORWARD, 153 BATADV_CNT_FORWARD,
149 BATADV_CNT_FORWARD_BYTES, 154 BATADV_CNT_FORWARD_BYTES,
150 BATADV_CNT_MGMT_TX, 155 BATADV_CNT_MGMT_TX,
@@ -160,6 +165,67 @@ enum batadv_counters {
160 BATADV_CNT_NUM, 165 BATADV_CNT_NUM,
161}; 166};
162 167
168/**
169 * struct batadv_priv_tt - per mesh interface translation table data
170 * @vn: translation table version number
171 * @local_changes: changes registered in an originator interval
172 * @poss_change: Detect an ongoing roaming phase. If true, then this node
173 * received a roaming_adv and has to inspect every packet directed to it to
174 * check whether it still is the true destination or not. This flag will be
175 * reset to false as soon as the this node's ttvn is increased
176 * @changes_list: tracks tt local changes within an originator interval
177 * @req_list: list of pending tt_requests
178 * @local_crc: Checksum of the local table, recomputed before sending a new OGM
179 */
180struct batadv_priv_tt {
181 atomic_t vn;
182 atomic_t ogm_append_cnt;
183 atomic_t local_changes;
184 bool poss_change;
185 struct list_head changes_list;
186 struct batadv_hashtable *local_hash;
187 struct batadv_hashtable *global_hash;
188 struct list_head req_list;
189 struct list_head roam_list;
190 spinlock_t changes_list_lock; /* protects changes */
191 spinlock_t req_list_lock; /* protects req_list */
192 spinlock_t roam_list_lock; /* protects roam_list */
193 atomic_t local_entry_num;
194 uint16_t local_crc;
195 unsigned char *last_changeset;
196 int16_t last_changeset_len;
197 spinlock_t last_changeset_lock; /* protects last_changeset */
198 struct delayed_work work;
199};
200
201#ifdef CONFIG_BATMAN_ADV_BLA
202struct batadv_priv_bla {
203 atomic_t num_requests; /* number of bla requests in flight */
204 struct batadv_hashtable *claim_hash;
205 struct batadv_hashtable *backbone_hash;
206 struct batadv_bcast_duplist_entry bcast_duplist[BATADV_DUPLIST_SIZE];
207 int bcast_duplist_curr;
208 struct batadv_bla_claim_dst claim_dest;
209 struct delayed_work work;
210};
211#endif
212
213struct batadv_priv_gw {
214 struct hlist_head list;
215 spinlock_t list_lock; /* protects gw_list and curr_gw */
216 struct batadv_gw_node __rcu *curr_gw; /* rcu protected pointer */
217 atomic_t reselect;
218};
219
220struct batadv_priv_vis {
221 struct list_head send_list;
222 struct batadv_hashtable *hash;
223 spinlock_t hash_lock; /* protects hash */
224 spinlock_t list_lock; /* protects info::recv_list */
225 struct delayed_work work;
226 struct batadv_vis_info *my_info;
227};
228
163struct batadv_priv { 229struct batadv_priv {
164 atomic_t mesh_state; 230 atomic_t mesh_state;
165 struct net_device_stats stats; 231 struct net_device_stats stats;
@@ -179,64 +245,24 @@ struct batadv_priv {
179 atomic_t bcast_seqno; 245 atomic_t bcast_seqno;
180 atomic_t bcast_queue_left; 246 atomic_t bcast_queue_left;
181 atomic_t batman_queue_left; 247 atomic_t batman_queue_left;
182 atomic_t ttvn; /* translation table version number */
183 atomic_t tt_ogm_append_cnt;
184 atomic_t tt_local_changes; /* changes registered in a OGM interval */
185 atomic_t bla_num_requests; /* number of bla requests in flight */
186 /* The tt_poss_change flag is used to detect an ongoing roaming phase.
187 * If true, then I received a Roaming_adv and I have to inspect every
188 * packet directed to me to check whether I am still the true
189 * destination or not. This flag will be reset to false as soon as I
190 * increase my TTVN
191 */
192 bool tt_poss_change;
193 char num_ifaces; 248 char num_ifaces;
194 struct batadv_debug_log *debug_log; 249 struct batadv_debug_log *debug_log;
195 struct kobject *mesh_obj; 250 struct kobject *mesh_obj;
196 struct dentry *debug_dir; 251 struct dentry *debug_dir;
197 struct hlist_head forw_bat_list; 252 struct hlist_head forw_bat_list;
198 struct hlist_head forw_bcast_list; 253 struct hlist_head forw_bcast_list;
199 struct hlist_head gw_list;
200 struct list_head tt_changes_list; /* tracks changes in a OGM int */
201 struct list_head vis_send_list;
202 struct batadv_hashtable *orig_hash; 254 struct batadv_hashtable *orig_hash;
203 struct batadv_hashtable *tt_local_hash;
204 struct batadv_hashtable *tt_global_hash;
205#ifdef CONFIG_BATMAN_ADV_BLA
206 struct batadv_hashtable *claim_hash;
207 struct batadv_hashtable *backbone_hash;
208#endif
209 struct list_head tt_req_list; /* list of pending tt_requests */
210 struct list_head tt_roam_list;
211 struct batadv_hashtable *vis_hash;
212#ifdef CONFIG_BATMAN_ADV_BLA
213 struct batadv_bcast_duplist_entry bcast_duplist[BATADV_DUPLIST_SIZE];
214 int bcast_duplist_curr;
215 struct batadv_bla_claim_dst claim_dest;
216#endif
217 spinlock_t forw_bat_list_lock; /* protects forw_bat_list */ 255 spinlock_t forw_bat_list_lock; /* protects forw_bat_list */
218 spinlock_t forw_bcast_list_lock; /* protects */ 256 spinlock_t forw_bcast_list_lock; /* protects */
219 spinlock_t tt_changes_list_lock; /* protects tt_changes */
220 spinlock_t tt_req_list_lock; /* protects tt_req_list */
221 spinlock_t tt_roam_list_lock; /* protects tt_roam_list */
222 spinlock_t gw_list_lock; /* protects gw_list and curr_gw */
223 spinlock_t vis_hash_lock; /* protects vis_hash */
224 spinlock_t vis_list_lock; /* protects vis_info::recv_list */
225 atomic_t num_local_tt;
226 /* Checksum of the local table, recomputed before sending a new OGM */
227 uint16_t tt_crc;
228 unsigned char *tt_buff;
229 int16_t tt_buff_len;
230 spinlock_t tt_buff_lock; /* protects tt_buff */
231 struct delayed_work tt_work;
232 struct delayed_work orig_work; 257 struct delayed_work orig_work;
233 struct delayed_work vis_work;
234 struct delayed_work bla_work;
235 struct batadv_gw_node __rcu *curr_gw; /* rcu protected pointer */
236 atomic_t gw_reselect;
237 struct batadv_hard_iface __rcu *primary_if; /* rcu protected pointer */ 258 struct batadv_hard_iface __rcu *primary_if; /* rcu protected pointer */
238 struct batadv_vis_info *my_vis_info;
239 struct batadv_algo_ops *bat_algo_ops; 259 struct batadv_algo_ops *bat_algo_ops;
260#ifdef CONFIG_BATMAN_ADV_BLA
261 struct batadv_priv_bla bla;
262#endif
263 struct batadv_priv_gw gw;
264 struct batadv_priv_tt tt;
265 struct batadv_priv_vis vis;
240}; 266};
241 267
242struct batadv_socket_client { 268struct batadv_socket_client {
@@ -258,6 +284,7 @@ struct batadv_tt_common_entry {
258 uint8_t addr[ETH_ALEN]; 284 uint8_t addr[ETH_ALEN];
259 struct hlist_node hash_entry; 285 struct hlist_node hash_entry;
260 uint16_t flags; 286 uint16_t flags;
287 unsigned long added_at;
261 atomic_t refcount; 288 atomic_t refcount;
262 struct rcu_head rcu; 289 struct rcu_head rcu;
263}; 290};
@@ -277,6 +304,7 @@ struct batadv_tt_global_entry {
277struct batadv_tt_orig_list_entry { 304struct batadv_tt_orig_list_entry {
278 struct batadv_orig_node *orig_node; 305 struct batadv_orig_node *orig_node;
279 uint8_t ttvn; 306 uint8_t ttvn;
307 atomic_t refcount;
280 struct rcu_head rcu; 308 struct rcu_head rcu;
281 struct hlist_node list; 309 struct hlist_node list;
282}; 310};
diff --git a/net/batman-adv/unicast.c b/net/batman-adv/unicast.c
index 00164645b3f7..f39723281ca1 100644
--- a/net/batman-adv/unicast.c
+++ b/net/batman-adv/unicast.c
@@ -39,6 +39,7 @@ batadv_frag_merge_packet(struct list_head *head,
39 struct batadv_unicast_packet *unicast_packet; 39 struct batadv_unicast_packet *unicast_packet;
40 int hdr_len = sizeof(*unicast_packet); 40 int hdr_len = sizeof(*unicast_packet);
41 int uni_diff = sizeof(*up) - hdr_len; 41 int uni_diff = sizeof(*up) - hdr_len;
42 uint8_t *packet_pos;
42 43
43 up = (struct batadv_unicast_frag_packet *)skb->data; 44 up = (struct batadv_unicast_frag_packet *)skb->data;
44 /* set skb to the first part and tmp_skb to the second part */ 45 /* set skb to the first part and tmp_skb to the second part */
@@ -65,8 +66,8 @@ batadv_frag_merge_packet(struct list_head *head,
65 kfree_skb(tmp_skb); 66 kfree_skb(tmp_skb);
66 67
67 memmove(skb->data + uni_diff, skb->data, hdr_len); 68 memmove(skb->data + uni_diff, skb->data, hdr_len);
68 unicast_packet = (struct batadv_unicast_packet *)skb_pull(skb, 69 packet_pos = skb_pull(skb, uni_diff);
69 uni_diff); 70 unicast_packet = (struct batadv_unicast_packet *)packet_pos;
70 unicast_packet->header.packet_type = BATADV_UNICAST; 71 unicast_packet->header.packet_type = BATADV_UNICAST;
71 72
72 return skb; 73 return skb;
@@ -121,6 +122,7 @@ batadv_frag_search_packet(struct list_head *head,
121{ 122{
122 struct batadv_frag_packet_list_entry *tfp; 123 struct batadv_frag_packet_list_entry *tfp;
123 struct batadv_unicast_frag_packet *tmp_up = NULL; 124 struct batadv_unicast_frag_packet *tmp_up = NULL;
125 int is_head_tmp, is_head;
124 uint16_t search_seqno; 126 uint16_t search_seqno;
125 127
126 if (up->flags & BATADV_UNI_FRAG_HEAD) 128 if (up->flags & BATADV_UNI_FRAG_HEAD)
@@ -128,6 +130,8 @@ batadv_frag_search_packet(struct list_head *head,
128 else 130 else
129 search_seqno = ntohs(up->seqno)-1; 131 search_seqno = ntohs(up->seqno)-1;
130 132
133 is_head = !!(up->flags & BATADV_UNI_FRAG_HEAD);
134
131 list_for_each_entry(tfp, head, list) { 135 list_for_each_entry(tfp, head, list) {
132 136
133 if (!tfp->skb) 137 if (!tfp->skb)
@@ -139,9 +143,8 @@ batadv_frag_search_packet(struct list_head *head,
139 tmp_up = (struct batadv_unicast_frag_packet *)tfp->skb->data; 143 tmp_up = (struct batadv_unicast_frag_packet *)tfp->skb->data;
140 144
141 if (tfp->seqno == search_seqno) { 145 if (tfp->seqno == search_seqno) {
142 146 is_head_tmp = !!(tmp_up->flags & BATADV_UNI_FRAG_HEAD);
143 if ((tmp_up->flags & BATADV_UNI_FRAG_HEAD) != 147 if (is_head_tmp != is_head)
144 (up->flags & BATADV_UNI_FRAG_HEAD))
145 return tfp; 148 return tfp;
146 else 149 else
147 goto mov_tail; 150 goto mov_tail;
@@ -334,8 +337,7 @@ find_router:
334 /* copy the destination for faster routing */ 337 /* copy the destination for faster routing */
335 memcpy(unicast_packet->dest, orig_node->orig, ETH_ALEN); 338 memcpy(unicast_packet->dest, orig_node->orig, ETH_ALEN);
336 /* set the destination tt version number */ 339 /* set the destination tt version number */
337 unicast_packet->ttvn = 340 unicast_packet->ttvn = (uint8_t)atomic_read(&orig_node->last_ttvn);
338 (uint8_t)atomic_read(&orig_node->last_ttvn);
339 341
340 /* inform the destination node that we are still missing a correct route 342 /* inform the destination node that we are still missing a correct route
341 * for this client. The destination will receive this packet and will 343 * for this client. The destination will receive this packet and will
diff --git a/net/batman-adv/vis.c b/net/batman-adv/vis.c
index 2a2ea0681469..5abd1454fb07 100644
--- a/net/batman-adv/vis.c
+++ b/net/batman-adv/vis.c
@@ -41,13 +41,13 @@ static void batadv_free_info(struct kref *ref)
41 bat_priv = info->bat_priv; 41 bat_priv = info->bat_priv;
42 42
43 list_del_init(&info->send_list); 43 list_del_init(&info->send_list);
44 spin_lock_bh(&bat_priv->vis_list_lock); 44 spin_lock_bh(&bat_priv->vis.list_lock);
45 list_for_each_entry_safe(entry, tmp, &info->recv_list, list) { 45 list_for_each_entry_safe(entry, tmp, &info->recv_list, list) {
46 list_del(&entry->list); 46 list_del(&entry->list);
47 kfree(entry); 47 kfree(entry);
48 } 48 }
49 49
50 spin_unlock_bh(&bat_priv->vis_list_lock); 50 spin_unlock_bh(&bat_priv->vis.list_lock);
51 kfree_skb(info->skb_packet); 51 kfree_skb(info->skb_packet);
52 kfree(info); 52 kfree(info);
53} 53}
@@ -94,7 +94,7 @@ static uint32_t batadv_vis_info_choose(const void *data, uint32_t size)
94static struct batadv_vis_info * 94static struct batadv_vis_info *
95batadv_vis_hash_find(struct batadv_priv *bat_priv, const void *data) 95batadv_vis_hash_find(struct batadv_priv *bat_priv, const void *data)
96{ 96{
97 struct batadv_hashtable *hash = bat_priv->vis_hash; 97 struct batadv_hashtable *hash = bat_priv->vis.hash;
98 struct hlist_head *head; 98 struct hlist_head *head;
99 struct hlist_node *node; 99 struct hlist_node *node;
100 struct batadv_vis_info *vis_info, *vis_info_tmp = NULL; 100 struct batadv_vis_info *vis_info, *vis_info_tmp = NULL;
@@ -252,7 +252,7 @@ int batadv_vis_seq_print_text(struct seq_file *seq, void *offset)
252 struct hlist_head *head; 252 struct hlist_head *head;
253 struct net_device *net_dev = (struct net_device *)seq->private; 253 struct net_device *net_dev = (struct net_device *)seq->private;
254 struct batadv_priv *bat_priv = netdev_priv(net_dev); 254 struct batadv_priv *bat_priv = netdev_priv(net_dev);
255 struct batadv_hashtable *hash = bat_priv->vis_hash; 255 struct batadv_hashtable *hash = bat_priv->vis.hash;
256 uint32_t i; 256 uint32_t i;
257 int ret = 0; 257 int ret = 0;
258 int vis_server = atomic_read(&bat_priv->vis_mode); 258 int vis_server = atomic_read(&bat_priv->vis_mode);
@@ -264,12 +264,12 @@ int batadv_vis_seq_print_text(struct seq_file *seq, void *offset)
264 if (vis_server == BATADV_VIS_TYPE_CLIENT_UPDATE) 264 if (vis_server == BATADV_VIS_TYPE_CLIENT_UPDATE)
265 goto out; 265 goto out;
266 266
267 spin_lock_bh(&bat_priv->vis_hash_lock); 267 spin_lock_bh(&bat_priv->vis.hash_lock);
268 for (i = 0; i < hash->size; i++) { 268 for (i = 0; i < hash->size; i++) {
269 head = &hash->table[i]; 269 head = &hash->table[i];
270 batadv_vis_seq_print_text_bucket(seq, head); 270 batadv_vis_seq_print_text_bucket(seq, head);
271 } 271 }
272 spin_unlock_bh(&bat_priv->vis_hash_lock); 272 spin_unlock_bh(&bat_priv->vis.hash_lock);
273 273
274out: 274out:
275 if (primary_if) 275 if (primary_if)
@@ -285,7 +285,7 @@ static void batadv_send_list_add(struct batadv_priv *bat_priv,
285{ 285{
286 if (list_empty(&info->send_list)) { 286 if (list_empty(&info->send_list)) {
287 kref_get(&info->refcount); 287 kref_get(&info->refcount);
288 list_add_tail(&info->send_list, &bat_priv->vis_send_list); 288 list_add_tail(&info->send_list, &bat_priv->vis.send_list);
289 } 289 }
290} 290}
291 291
@@ -311,9 +311,9 @@ static void batadv_recv_list_add(struct batadv_priv *bat_priv,
311 return; 311 return;
312 312
313 memcpy(entry->mac, mac, ETH_ALEN); 313 memcpy(entry->mac, mac, ETH_ALEN);
314 spin_lock_bh(&bat_priv->vis_list_lock); 314 spin_lock_bh(&bat_priv->vis.list_lock);
315 list_add_tail(&entry->list, recv_list); 315 list_add_tail(&entry->list, recv_list);
316 spin_unlock_bh(&bat_priv->vis_list_lock); 316 spin_unlock_bh(&bat_priv->vis.list_lock);
317} 317}
318 318
319/* returns 1 if this mac is in the recv_list */ 319/* returns 1 if this mac is in the recv_list */
@@ -323,14 +323,14 @@ static int batadv_recv_list_is_in(struct batadv_priv *bat_priv,
323{ 323{
324 const struct batadv_recvlist_node *entry; 324 const struct batadv_recvlist_node *entry;
325 325
326 spin_lock_bh(&bat_priv->vis_list_lock); 326 spin_lock_bh(&bat_priv->vis.list_lock);
327 list_for_each_entry(entry, recv_list, list) { 327 list_for_each_entry(entry, recv_list, list) {
328 if (batadv_compare_eth(entry->mac, mac)) { 328 if (batadv_compare_eth(entry->mac, mac)) {
329 spin_unlock_bh(&bat_priv->vis_list_lock); 329 spin_unlock_bh(&bat_priv->vis.list_lock);
330 return 1; 330 return 1;
331 } 331 }
332 } 332 }
333 spin_unlock_bh(&bat_priv->vis_list_lock); 333 spin_unlock_bh(&bat_priv->vis.list_lock);
334 return 0; 334 return 0;
335} 335}
336 336
@@ -354,7 +354,7 @@ batadv_add_packet(struct batadv_priv *bat_priv,
354 354
355 *is_new = 0; 355 *is_new = 0;
356 /* sanity check */ 356 /* sanity check */
357 if (!bat_priv->vis_hash) 357 if (!bat_priv->vis.hash)
358 return NULL; 358 return NULL;
359 359
360 /* see if the packet is already in vis_hash */ 360 /* see if the packet is already in vis_hash */
@@ -385,7 +385,7 @@ batadv_add_packet(struct batadv_priv *bat_priv,
385 } 385 }
386 } 386 }
387 /* remove old entry */ 387 /* remove old entry */
388 batadv_hash_remove(bat_priv->vis_hash, batadv_vis_info_cmp, 388 batadv_hash_remove(bat_priv->vis.hash, batadv_vis_info_cmp,
389 batadv_vis_info_choose, old_info); 389 batadv_vis_info_choose, old_info);
390 batadv_send_list_del(old_info); 390 batadv_send_list_del(old_info);
391 kref_put(&old_info->refcount, batadv_free_info); 391 kref_put(&old_info->refcount, batadv_free_info);
@@ -426,7 +426,7 @@ batadv_add_packet(struct batadv_priv *bat_priv,
426 batadv_recv_list_add(bat_priv, &info->recv_list, packet->sender_orig); 426 batadv_recv_list_add(bat_priv, &info->recv_list, packet->sender_orig);
427 427
428 /* try to add it */ 428 /* try to add it */
429 hash_added = batadv_hash_add(bat_priv->vis_hash, batadv_vis_info_cmp, 429 hash_added = batadv_hash_add(bat_priv->vis.hash, batadv_vis_info_cmp,
430 batadv_vis_info_choose, info, 430 batadv_vis_info_choose, info,
431 &info->hash_entry); 431 &info->hash_entry);
432 if (hash_added != 0) { 432 if (hash_added != 0) {
@@ -449,7 +449,7 @@ void batadv_receive_server_sync_packet(struct batadv_priv *bat_priv,
449 449
450 make_broadcast = (vis_server == BATADV_VIS_TYPE_SERVER_SYNC); 450 make_broadcast = (vis_server == BATADV_VIS_TYPE_SERVER_SYNC);
451 451
452 spin_lock_bh(&bat_priv->vis_hash_lock); 452 spin_lock_bh(&bat_priv->vis.hash_lock);
453 info = batadv_add_packet(bat_priv, vis_packet, vis_info_len, 453 info = batadv_add_packet(bat_priv, vis_packet, vis_info_len,
454 &is_new, make_broadcast); 454 &is_new, make_broadcast);
455 if (!info) 455 if (!info)
@@ -461,7 +461,7 @@ void batadv_receive_server_sync_packet(struct batadv_priv *bat_priv,
461 if (vis_server == BATADV_VIS_TYPE_SERVER_SYNC && is_new) 461 if (vis_server == BATADV_VIS_TYPE_SERVER_SYNC && is_new)
462 batadv_send_list_add(bat_priv, info); 462 batadv_send_list_add(bat_priv, info);
463end: 463end:
464 spin_unlock_bh(&bat_priv->vis_hash_lock); 464 spin_unlock_bh(&bat_priv->vis.hash_lock);
465} 465}
466 466
467/* handle an incoming client update packet and schedule forward if needed. */ 467/* handle an incoming client update packet and schedule forward if needed. */
@@ -484,7 +484,7 @@ void batadv_receive_client_update_packet(struct batadv_priv *bat_priv,
484 batadv_is_my_mac(vis_packet->target_orig)) 484 batadv_is_my_mac(vis_packet->target_orig))
485 are_target = 1; 485 are_target = 1;
486 486
487 spin_lock_bh(&bat_priv->vis_hash_lock); 487 spin_lock_bh(&bat_priv->vis.hash_lock);
488 info = batadv_add_packet(bat_priv, vis_packet, vis_info_len, 488 info = batadv_add_packet(bat_priv, vis_packet, vis_info_len,
489 &is_new, are_target); 489 &is_new, are_target);
490 490
@@ -505,7 +505,7 @@ void batadv_receive_client_update_packet(struct batadv_priv *bat_priv,
505 } 505 }
506 506
507end: 507end:
508 spin_unlock_bh(&bat_priv->vis_hash_lock); 508 spin_unlock_bh(&bat_priv->vis.hash_lock);
509} 509}
510 510
511/* Walk the originators and find the VIS server with the best tq. Set the packet 511/* Walk the originators and find the VIS server with the best tq. Set the packet
@@ -574,10 +574,11 @@ static int batadv_generate_vis_packet(struct batadv_priv *bat_priv)
574 struct hlist_head *head; 574 struct hlist_head *head;
575 struct batadv_orig_node *orig_node; 575 struct batadv_orig_node *orig_node;
576 struct batadv_neigh_node *router; 576 struct batadv_neigh_node *router;
577 struct batadv_vis_info *info = bat_priv->my_vis_info; 577 struct batadv_vis_info *info = bat_priv->vis.my_info;
578 struct batadv_vis_packet *packet; 578 struct batadv_vis_packet *packet;
579 struct batadv_vis_info_entry *entry; 579 struct batadv_vis_info_entry *entry;
580 struct batadv_tt_common_entry *tt_common_entry; 580 struct batadv_tt_common_entry *tt_common_entry;
581 uint8_t *packet_pos;
581 int best_tq = -1; 582 int best_tq = -1;
582 uint32_t i; 583 uint32_t i;
583 584
@@ -618,8 +619,8 @@ static int batadv_generate_vis_packet(struct batadv_priv *bat_priv)
618 goto next; 619 goto next;
619 620
620 /* fill one entry into buffer. */ 621 /* fill one entry into buffer. */
621 entry = (struct batadv_vis_info_entry *) 622 packet_pos = skb_put(info->skb_packet, sizeof(*entry));
622 skb_put(info->skb_packet, sizeof(*entry)); 623 entry = (struct batadv_vis_info_entry *)packet_pos;
623 memcpy(entry->src, 624 memcpy(entry->src,
624 router->if_incoming->net_dev->dev_addr, 625 router->if_incoming->net_dev->dev_addr,
625 ETH_ALEN); 626 ETH_ALEN);
@@ -636,7 +637,7 @@ next:
636 rcu_read_unlock(); 637 rcu_read_unlock();
637 } 638 }
638 639
639 hash = bat_priv->tt_local_hash; 640 hash = bat_priv->tt.local_hash;
640 641
641 for (i = 0; i < hash->size; i++) { 642 for (i = 0; i < hash->size; i++) {
642 head = &hash->table[i]; 643 head = &hash->table[i];
@@ -644,9 +645,8 @@ next:
644 rcu_read_lock(); 645 rcu_read_lock();
645 hlist_for_each_entry_rcu(tt_common_entry, node, head, 646 hlist_for_each_entry_rcu(tt_common_entry, node, head,
646 hash_entry) { 647 hash_entry) {
647 entry = (struct batadv_vis_info_entry *) 648 packet_pos = skb_put(info->skb_packet, sizeof(*entry));
648 skb_put(info->skb_packet, 649 entry = (struct batadv_vis_info_entry *)packet_pos;
649 sizeof(*entry));
650 memset(entry->src, 0, ETH_ALEN); 650 memset(entry->src, 0, ETH_ALEN);
651 memcpy(entry->dest, tt_common_entry->addr, ETH_ALEN); 651 memcpy(entry->dest, tt_common_entry->addr, ETH_ALEN);
652 entry->quality = 0; /* 0 means TT */ 652 entry->quality = 0; /* 0 means TT */
@@ -671,7 +671,7 @@ unlock:
671static void batadv_purge_vis_packets(struct batadv_priv *bat_priv) 671static void batadv_purge_vis_packets(struct batadv_priv *bat_priv)
672{ 672{
673 uint32_t i; 673 uint32_t i;
674 struct batadv_hashtable *hash = bat_priv->vis_hash; 674 struct batadv_hashtable *hash = bat_priv->vis.hash;
675 struct hlist_node *node, *node_tmp; 675 struct hlist_node *node, *node_tmp;
676 struct hlist_head *head; 676 struct hlist_head *head;
677 struct batadv_vis_info *info; 677 struct batadv_vis_info *info;
@@ -682,7 +682,7 @@ static void batadv_purge_vis_packets(struct batadv_priv *bat_priv)
682 hlist_for_each_entry_safe(info, node, node_tmp, 682 hlist_for_each_entry_safe(info, node, node_tmp,
683 head, hash_entry) { 683 head, hash_entry) {
684 /* never purge own data. */ 684 /* never purge own data. */
685 if (info == bat_priv->my_vis_info) 685 if (info == bat_priv->vis.my_info)
686 continue; 686 continue;
687 687
688 if (batadv_has_timed_out(info->first_seen, 688 if (batadv_has_timed_out(info->first_seen,
@@ -814,34 +814,36 @@ out:
814/* called from timer; send (and maybe generate) vis packet. */ 814/* called from timer; send (and maybe generate) vis packet. */
815static void batadv_send_vis_packets(struct work_struct *work) 815static void batadv_send_vis_packets(struct work_struct *work)
816{ 816{
817 struct delayed_work *delayed_work = 817 struct delayed_work *delayed_work;
818 container_of(work, struct delayed_work, work);
819 struct batadv_priv *bat_priv; 818 struct batadv_priv *bat_priv;
819 struct batadv_priv_vis *priv_vis;
820 struct batadv_vis_info *info; 820 struct batadv_vis_info *info;
821 821
822 bat_priv = container_of(delayed_work, struct batadv_priv, vis_work); 822 delayed_work = container_of(work, struct delayed_work, work);
823 spin_lock_bh(&bat_priv->vis_hash_lock); 823 priv_vis = container_of(delayed_work, struct batadv_priv_vis, work);
824 bat_priv = container_of(priv_vis, struct batadv_priv, vis);
825 spin_lock_bh(&bat_priv->vis.hash_lock);
824 batadv_purge_vis_packets(bat_priv); 826 batadv_purge_vis_packets(bat_priv);
825 827
826 if (batadv_generate_vis_packet(bat_priv) == 0) { 828 if (batadv_generate_vis_packet(bat_priv) == 0) {
827 /* schedule if generation was successful */ 829 /* schedule if generation was successful */
828 batadv_send_list_add(bat_priv, bat_priv->my_vis_info); 830 batadv_send_list_add(bat_priv, bat_priv->vis.my_info);
829 } 831 }
830 832
831 while (!list_empty(&bat_priv->vis_send_list)) { 833 while (!list_empty(&bat_priv->vis.send_list)) {
832 info = list_first_entry(&bat_priv->vis_send_list, 834 info = list_first_entry(&bat_priv->vis.send_list,
833 typeof(*info), send_list); 835 typeof(*info), send_list);
834 836
835 kref_get(&info->refcount); 837 kref_get(&info->refcount);
836 spin_unlock_bh(&bat_priv->vis_hash_lock); 838 spin_unlock_bh(&bat_priv->vis.hash_lock);
837 839
838 batadv_send_vis_packet(bat_priv, info); 840 batadv_send_vis_packet(bat_priv, info);
839 841
840 spin_lock_bh(&bat_priv->vis_hash_lock); 842 spin_lock_bh(&bat_priv->vis.hash_lock);
841 batadv_send_list_del(info); 843 batadv_send_list_del(info);
842 kref_put(&info->refcount, batadv_free_info); 844 kref_put(&info->refcount, batadv_free_info);
843 } 845 }
844 spin_unlock_bh(&bat_priv->vis_hash_lock); 846 spin_unlock_bh(&bat_priv->vis.hash_lock);
845 batadv_start_vis_timer(bat_priv); 847 batadv_start_vis_timer(bat_priv);
846} 848}
847 849
@@ -856,37 +858,37 @@ int batadv_vis_init(struct batadv_priv *bat_priv)
856 unsigned long first_seen; 858 unsigned long first_seen;
857 struct sk_buff *tmp_skb; 859 struct sk_buff *tmp_skb;
858 860
859 if (bat_priv->vis_hash) 861 if (bat_priv->vis.hash)
860 return 0; 862 return 0;
861 863
862 spin_lock_bh(&bat_priv->vis_hash_lock); 864 spin_lock_bh(&bat_priv->vis.hash_lock);
863 865
864 bat_priv->vis_hash = batadv_hash_new(256); 866 bat_priv->vis.hash = batadv_hash_new(256);
865 if (!bat_priv->vis_hash) { 867 if (!bat_priv->vis.hash) {
866 pr_err("Can't initialize vis_hash\n"); 868 pr_err("Can't initialize vis_hash\n");
867 goto err; 869 goto err;
868 } 870 }
869 871
870 bat_priv->my_vis_info = kmalloc(BATADV_MAX_VIS_PACKET_SIZE, GFP_ATOMIC); 872 bat_priv->vis.my_info = kmalloc(BATADV_MAX_VIS_PACKET_SIZE, GFP_ATOMIC);
871 if (!bat_priv->my_vis_info) 873 if (!bat_priv->vis.my_info)
872 goto err; 874 goto err;
873 875
874 len = sizeof(*packet) + BATADV_MAX_VIS_PACKET_SIZE + ETH_HLEN; 876 len = sizeof(*packet) + BATADV_MAX_VIS_PACKET_SIZE + ETH_HLEN;
875 bat_priv->my_vis_info->skb_packet = dev_alloc_skb(len); 877 bat_priv->vis.my_info->skb_packet = dev_alloc_skb(len);
876 if (!bat_priv->my_vis_info->skb_packet) 878 if (!bat_priv->vis.my_info->skb_packet)
877 goto free_info; 879 goto free_info;
878 880
879 skb_reserve(bat_priv->my_vis_info->skb_packet, ETH_HLEN); 881 skb_reserve(bat_priv->vis.my_info->skb_packet, ETH_HLEN);
880 tmp_skb = bat_priv->my_vis_info->skb_packet; 882 tmp_skb = bat_priv->vis.my_info->skb_packet;
881 packet = (struct batadv_vis_packet *)skb_put(tmp_skb, sizeof(*packet)); 883 packet = (struct batadv_vis_packet *)skb_put(tmp_skb, sizeof(*packet));
882 884
883 /* prefill the vis info */ 885 /* prefill the vis info */
884 first_seen = jiffies - msecs_to_jiffies(BATADV_VIS_INTERVAL); 886 first_seen = jiffies - msecs_to_jiffies(BATADV_VIS_INTERVAL);
885 bat_priv->my_vis_info->first_seen = first_seen; 887 bat_priv->vis.my_info->first_seen = first_seen;
886 INIT_LIST_HEAD(&bat_priv->my_vis_info->recv_list); 888 INIT_LIST_HEAD(&bat_priv->vis.my_info->recv_list);
887 INIT_LIST_HEAD(&bat_priv->my_vis_info->send_list); 889 INIT_LIST_HEAD(&bat_priv->vis.my_info->send_list);
888 kref_init(&bat_priv->my_vis_info->refcount); 890 kref_init(&bat_priv->vis.my_info->refcount);
889 bat_priv->my_vis_info->bat_priv = bat_priv; 891 bat_priv->vis.my_info->bat_priv = bat_priv;
890 packet->header.version = BATADV_COMPAT_VERSION; 892 packet->header.version = BATADV_COMPAT_VERSION;
891 packet->header.packet_type = BATADV_VIS; 893 packet->header.packet_type = BATADV_VIS;
892 packet->header.ttl = BATADV_TTL; 894 packet->header.ttl = BATADV_TTL;
@@ -894,28 +896,28 @@ int batadv_vis_init(struct batadv_priv *bat_priv)
894 packet->reserved = 0; 896 packet->reserved = 0;
895 packet->entries = 0; 897 packet->entries = 0;
896 898
897 INIT_LIST_HEAD(&bat_priv->vis_send_list); 899 INIT_LIST_HEAD(&bat_priv->vis.send_list);
898 900
899 hash_added = batadv_hash_add(bat_priv->vis_hash, batadv_vis_info_cmp, 901 hash_added = batadv_hash_add(bat_priv->vis.hash, batadv_vis_info_cmp,
900 batadv_vis_info_choose, 902 batadv_vis_info_choose,
901 bat_priv->my_vis_info, 903 bat_priv->vis.my_info,
902 &bat_priv->my_vis_info->hash_entry); 904 &bat_priv->vis.my_info->hash_entry);
903 if (hash_added != 0) { 905 if (hash_added != 0) {
904 pr_err("Can't add own vis packet into hash\n"); 906 pr_err("Can't add own vis packet into hash\n");
905 /* not in hash, need to remove it manually. */ 907 /* not in hash, need to remove it manually. */
906 kref_put(&bat_priv->my_vis_info->refcount, batadv_free_info); 908 kref_put(&bat_priv->vis.my_info->refcount, batadv_free_info);
907 goto err; 909 goto err;
908 } 910 }
909 911
910 spin_unlock_bh(&bat_priv->vis_hash_lock); 912 spin_unlock_bh(&bat_priv->vis.hash_lock);
911 batadv_start_vis_timer(bat_priv); 913 batadv_start_vis_timer(bat_priv);
912 return 0; 914 return 0;
913 915
914free_info: 916free_info:
915 kfree(bat_priv->my_vis_info); 917 kfree(bat_priv->vis.my_info);
916 bat_priv->my_vis_info = NULL; 918 bat_priv->vis.my_info = NULL;
917err: 919err:
918 spin_unlock_bh(&bat_priv->vis_hash_lock); 920 spin_unlock_bh(&bat_priv->vis.hash_lock);
919 batadv_vis_quit(bat_priv); 921 batadv_vis_quit(bat_priv);
920 return -ENOMEM; 922 return -ENOMEM;
921} 923}
@@ -933,23 +935,23 @@ static void batadv_free_info_ref(struct hlist_node *node, void *arg)
933/* shutdown vis-server */ 935/* shutdown vis-server */
934void batadv_vis_quit(struct batadv_priv *bat_priv) 936void batadv_vis_quit(struct batadv_priv *bat_priv)
935{ 937{
936 if (!bat_priv->vis_hash) 938 if (!bat_priv->vis.hash)
937 return; 939 return;
938 940
939 cancel_delayed_work_sync(&bat_priv->vis_work); 941 cancel_delayed_work_sync(&bat_priv->vis.work);
940 942
941 spin_lock_bh(&bat_priv->vis_hash_lock); 943 spin_lock_bh(&bat_priv->vis.hash_lock);
942 /* properly remove, kill timers ... */ 944 /* properly remove, kill timers ... */
943 batadv_hash_delete(bat_priv->vis_hash, batadv_free_info_ref, NULL); 945 batadv_hash_delete(bat_priv->vis.hash, batadv_free_info_ref, NULL);
944 bat_priv->vis_hash = NULL; 946 bat_priv->vis.hash = NULL;
945 bat_priv->my_vis_info = NULL; 947 bat_priv->vis.my_info = NULL;
946 spin_unlock_bh(&bat_priv->vis_hash_lock); 948 spin_unlock_bh(&bat_priv->vis.hash_lock);
947} 949}
948 950
949/* schedule packets for (re)transmission */ 951/* schedule packets for (re)transmission */
950static void batadv_start_vis_timer(struct batadv_priv *bat_priv) 952static void batadv_start_vis_timer(struct batadv_priv *bat_priv)
951{ 953{
952 INIT_DELAYED_WORK(&bat_priv->vis_work, batadv_send_vis_packets); 954 INIT_DELAYED_WORK(&bat_priv->vis.work, batadv_send_vis_packets);
953 queue_delayed_work(batadv_event_workqueue, &bat_priv->vis_work, 955 queue_delayed_work(batadv_event_workqueue, &bat_priv->vis.work,
954 msecs_to_jiffies(BATADV_VIS_INTERVAL)); 956 msecs_to_jiffies(BATADV_VIS_INTERVAL));
955} 957}
diff --git a/net/batman-adv/vis.h b/net/batman-adv/vis.h
index 84e716ed8963..873282fa86da 100644
--- a/net/batman-adv/vis.h
+++ b/net/batman-adv/vis.h
@@ -20,7 +20,7 @@
20#ifndef _NET_BATMAN_ADV_VIS_H_ 20#ifndef _NET_BATMAN_ADV_VIS_H_
21#define _NET_BATMAN_ADV_VIS_H_ 21#define _NET_BATMAN_ADV_VIS_H_
22 22
23/* timeout of vis packets in miliseconds */ 23/* timeout of vis packets in milliseconds */
24#define BATADV_VIS_TIMEOUT 200000 24#define BATADV_VIS_TIMEOUT 200000
25 25
26int batadv_vis_seq_print_text(struct seq_file *seq, void *offset); 26int batadv_vis_seq_print_text(struct seq_file *seq, void *offset);
diff --git a/net/ceph/ceph_common.c b/net/ceph/ceph_common.c
index 69e38db28e5f..a8020293f342 100644
--- a/net/ceph/ceph_common.c
+++ b/net/ceph/ceph_common.c
@@ -84,7 +84,6 @@ int ceph_check_fsid(struct ceph_client *client, struct ceph_fsid *fsid)
84 return -1; 84 return -1;
85 } 85 }
86 } else { 86 } else {
87 pr_info("client%lld fsid %pU\n", ceph_client_id(client), fsid);
88 memcpy(&client->fsid, fsid, sizeof(*fsid)); 87 memcpy(&client->fsid, fsid, sizeof(*fsid));
89 } 88 }
90 return 0; 89 return 0;
diff --git a/net/ceph/debugfs.c b/net/ceph/debugfs.c
index 54b531a01121..38b5dc1823d4 100644
--- a/net/ceph/debugfs.c
+++ b/net/ceph/debugfs.c
@@ -189,6 +189,9 @@ int ceph_debugfs_client_init(struct ceph_client *client)
189 snprintf(name, sizeof(name), "%pU.client%lld", &client->fsid, 189 snprintf(name, sizeof(name), "%pU.client%lld", &client->fsid,
190 client->monc.auth->global_id); 190 client->monc.auth->global_id);
191 191
192 dout("ceph_debugfs_client_init %p %s\n", client, name);
193
194 BUG_ON(client->debugfs_dir);
192 client->debugfs_dir = debugfs_create_dir(name, ceph_debugfs_dir); 195 client->debugfs_dir = debugfs_create_dir(name, ceph_debugfs_dir);
193 if (!client->debugfs_dir) 196 if (!client->debugfs_dir)
194 goto out; 197 goto out;
@@ -234,6 +237,7 @@ out:
234 237
235void ceph_debugfs_client_cleanup(struct ceph_client *client) 238void ceph_debugfs_client_cleanup(struct ceph_client *client)
236{ 239{
240 dout("ceph_debugfs_client_cleanup %p\n", client);
237 debugfs_remove(client->debugfs_osdmap); 241 debugfs_remove(client->debugfs_osdmap);
238 debugfs_remove(client->debugfs_monmap); 242 debugfs_remove(client->debugfs_monmap);
239 debugfs_remove(client->osdc.debugfs_file); 243 debugfs_remove(client->osdc.debugfs_file);
diff --git a/net/ceph/messenger.c b/net/ceph/messenger.c
index b9796750034a..24c5eea8c45b 100644
--- a/net/ceph/messenger.c
+++ b/net/ceph/messenger.c
@@ -915,7 +915,6 @@ static int prepare_write_connect(struct ceph_connection *con)
915 con->out_connect.authorizer_len = auth ? 915 con->out_connect.authorizer_len = auth ?
916 cpu_to_le32(auth->authorizer_buf_len) : 0; 916 cpu_to_le32(auth->authorizer_buf_len) : 0;
917 917
918 con_out_kvec_reset(con);
919 con_out_kvec_add(con, sizeof (con->out_connect), 918 con_out_kvec_add(con, sizeof (con->out_connect),
920 &con->out_connect); 919 &con->out_connect);
921 if (auth && auth->authorizer_buf_len) 920 if (auth && auth->authorizer_buf_len)
@@ -1557,6 +1556,7 @@ static int process_connect(struct ceph_connection *con)
1557 return -1; 1556 return -1;
1558 } 1557 }
1559 con->auth_retry = 1; 1558 con->auth_retry = 1;
1559 con_out_kvec_reset(con);
1560 ret = prepare_write_connect(con); 1560 ret = prepare_write_connect(con);
1561 if (ret < 0) 1561 if (ret < 0)
1562 return ret; 1562 return ret;
@@ -1577,6 +1577,7 @@ static int process_connect(struct ceph_connection *con)
1577 ENTITY_NAME(con->peer_name), 1577 ENTITY_NAME(con->peer_name),
1578 ceph_pr_addr(&con->peer_addr.in_addr)); 1578 ceph_pr_addr(&con->peer_addr.in_addr));
1579 reset_connection(con); 1579 reset_connection(con);
1580 con_out_kvec_reset(con);
1580 ret = prepare_write_connect(con); 1581 ret = prepare_write_connect(con);
1581 if (ret < 0) 1582 if (ret < 0)
1582 return ret; 1583 return ret;
@@ -1601,6 +1602,7 @@ static int process_connect(struct ceph_connection *con)
1601 le32_to_cpu(con->out_connect.connect_seq), 1602 le32_to_cpu(con->out_connect.connect_seq),
1602 le32_to_cpu(con->in_reply.connect_seq)); 1603 le32_to_cpu(con->in_reply.connect_seq));
1603 con->connect_seq = le32_to_cpu(con->in_reply.connect_seq); 1604 con->connect_seq = le32_to_cpu(con->in_reply.connect_seq);
1605 con_out_kvec_reset(con);
1604 ret = prepare_write_connect(con); 1606 ret = prepare_write_connect(con);
1605 if (ret < 0) 1607 if (ret < 0)
1606 return ret; 1608 return ret;
@@ -1617,6 +1619,7 @@ static int process_connect(struct ceph_connection *con)
1617 le32_to_cpu(con->in_reply.global_seq)); 1619 le32_to_cpu(con->in_reply.global_seq));
1618 get_global_seq(con->msgr, 1620 get_global_seq(con->msgr,
1619 le32_to_cpu(con->in_reply.global_seq)); 1621 le32_to_cpu(con->in_reply.global_seq));
1622 con_out_kvec_reset(con);
1620 ret = prepare_write_connect(con); 1623 ret = prepare_write_connect(con);
1621 if (ret < 0) 1624 if (ret < 0)
1622 return ret; 1625 return ret;
@@ -2135,7 +2138,11 @@ more:
2135 BUG_ON(con->state != CON_STATE_CONNECTING); 2138 BUG_ON(con->state != CON_STATE_CONNECTING);
2136 con->state = CON_STATE_NEGOTIATING; 2139 con->state = CON_STATE_NEGOTIATING;
2137 2140
2138 /* Banner is good, exchange connection info */ 2141 /*
2142 * Received banner is good, exchange connection info.
2143 * Do not reset out_kvec, as sending our banner raced
2144 * with receiving peer banner after connect completed.
2145 */
2139 ret = prepare_write_connect(con); 2146 ret = prepare_write_connect(con);
2140 if (ret < 0) 2147 if (ret < 0)
2141 goto out; 2148 goto out;
diff --git a/net/ceph/mon_client.c b/net/ceph/mon_client.c
index 105d533b55f3..900ea0f043fc 100644
--- a/net/ceph/mon_client.c
+++ b/net/ceph/mon_client.c
@@ -311,6 +311,17 @@ int ceph_monc_open_session(struct ceph_mon_client *monc)
311EXPORT_SYMBOL(ceph_monc_open_session); 311EXPORT_SYMBOL(ceph_monc_open_session);
312 312
313/* 313/*
314 * We require the fsid and global_id in order to initialize our
315 * debugfs dir.
316 */
317static bool have_debugfs_info(struct ceph_mon_client *monc)
318{
319 dout("have_debugfs_info fsid %d globalid %lld\n",
320 (int)monc->client->have_fsid, monc->auth->global_id);
321 return monc->client->have_fsid && monc->auth->global_id > 0;
322}
323
324/*
314 * The monitor responds with mount ack indicate mount success. The 325 * The monitor responds with mount ack indicate mount success. The
315 * included client ticket allows the client to talk to MDSs and OSDs. 326 * included client ticket allows the client to talk to MDSs and OSDs.
316 */ 327 */
@@ -320,9 +331,12 @@ static void ceph_monc_handle_map(struct ceph_mon_client *monc,
320 struct ceph_client *client = monc->client; 331 struct ceph_client *client = monc->client;
321 struct ceph_monmap *monmap = NULL, *old = monc->monmap; 332 struct ceph_monmap *monmap = NULL, *old = monc->monmap;
322 void *p, *end; 333 void *p, *end;
334 int had_debugfs_info, init_debugfs = 0;
323 335
324 mutex_lock(&monc->mutex); 336 mutex_lock(&monc->mutex);
325 337
338 had_debugfs_info = have_debugfs_info(monc);
339
326 dout("handle_monmap\n"); 340 dout("handle_monmap\n");
327 p = msg->front.iov_base; 341 p = msg->front.iov_base;
328 end = p + msg->front.iov_len; 342 end = p + msg->front.iov_len;
@@ -344,12 +358,22 @@ static void ceph_monc_handle_map(struct ceph_mon_client *monc,
344 358
345 if (!client->have_fsid) { 359 if (!client->have_fsid) {
346 client->have_fsid = true; 360 client->have_fsid = true;
361 if (!had_debugfs_info && have_debugfs_info(monc)) {
362 pr_info("client%lld fsid %pU\n",
363 ceph_client_id(monc->client),
364 &monc->client->fsid);
365 init_debugfs = 1;
366 }
347 mutex_unlock(&monc->mutex); 367 mutex_unlock(&monc->mutex);
348 /* 368
349 * do debugfs initialization without mutex to avoid 369 if (init_debugfs) {
350 * creating a locking dependency 370 /*
351 */ 371 * do debugfs initialization without mutex to avoid
352 ceph_debugfs_client_init(client); 372 * creating a locking dependency
373 */
374 ceph_debugfs_client_init(monc->client);
375 }
376
353 goto out_unlocked; 377 goto out_unlocked;
354 } 378 }
355out: 379out:
@@ -865,8 +889,10 @@ static void handle_auth_reply(struct ceph_mon_client *monc,
865{ 889{
866 int ret; 890 int ret;
867 int was_auth = 0; 891 int was_auth = 0;
892 int had_debugfs_info, init_debugfs = 0;
868 893
869 mutex_lock(&monc->mutex); 894 mutex_lock(&monc->mutex);
895 had_debugfs_info = have_debugfs_info(monc);
870 if (monc->auth->ops) 896 if (monc->auth->ops)
871 was_auth = monc->auth->ops->is_authenticated(monc->auth); 897 was_auth = monc->auth->ops->is_authenticated(monc->auth);
872 monc->pending_auth = 0; 898 monc->pending_auth = 0;
@@ -889,7 +915,22 @@ static void handle_auth_reply(struct ceph_mon_client *monc,
889 __send_subscribe(monc); 915 __send_subscribe(monc);
890 __resend_generic_request(monc); 916 __resend_generic_request(monc);
891 } 917 }
918
919 if (!had_debugfs_info && have_debugfs_info(monc)) {
920 pr_info("client%lld fsid %pU\n",
921 ceph_client_id(monc->client),
922 &monc->client->fsid);
923 init_debugfs = 1;
924 }
892 mutex_unlock(&monc->mutex); 925 mutex_unlock(&monc->mutex);
926
927 if (init_debugfs) {
928 /*
929 * do debugfs initialization without mutex to avoid
930 * creating a locking dependency
931 */
932 ceph_debugfs_client_init(monc->client);
933 }
893} 934}
894 935
895static int __validate_auth(struct ceph_mon_client *monc) 936static int __validate_auth(struct ceph_mon_client *monc)
diff --git a/net/core/dev.c b/net/core/dev.c
index 0640d2a859c6..b1e6d6385516 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -1466,8 +1466,7 @@ EXPORT_SYMBOL(unregister_netdevice_notifier);
1466 1466
1467int call_netdevice_notifiers(unsigned long val, struct net_device *dev) 1467int call_netdevice_notifiers(unsigned long val, struct net_device *dev)
1468{ 1468{
1469 if (val != NETDEV_UNREGISTER_FINAL) 1469 ASSERT_RTNL();
1470 ASSERT_RTNL();
1471 return raw_notifier_call_chain(&netdev_chain, val, dev); 1470 return raw_notifier_call_chain(&netdev_chain, val, dev);
1472} 1471}
1473EXPORT_SYMBOL(call_netdevice_notifiers); 1472EXPORT_SYMBOL(call_netdevice_notifiers);
@@ -2185,9 +2184,7 @@ EXPORT_SYMBOL(netif_skb_features);
2185/* 2184/*
2186 * Returns true if either: 2185 * Returns true if either:
2187 * 1. skb has frag_list and the device doesn't support FRAGLIST, or 2186 * 1. skb has frag_list and the device doesn't support FRAGLIST, or
2188 * 2. skb is fragmented and the device does not support SG, or if 2187 * 2. skb is fragmented and the device does not support SG.
2189 * at least one of fragments is in highmem and device does not
2190 * support DMA from it.
2191 */ 2188 */
2192static inline int skb_needs_linearize(struct sk_buff *skb, 2189static inline int skb_needs_linearize(struct sk_buff *skb,
2193 int features) 2190 int features)
@@ -4521,8 +4518,8 @@ static void dev_change_rx_flags(struct net_device *dev, int flags)
4521static int __dev_set_promiscuity(struct net_device *dev, int inc) 4518static int __dev_set_promiscuity(struct net_device *dev, int inc)
4522{ 4519{
4523 unsigned int old_flags = dev->flags; 4520 unsigned int old_flags = dev->flags;
4524 uid_t uid; 4521 kuid_t uid;
4525 gid_t gid; 4522 kgid_t gid;
4526 4523
4527 ASSERT_RTNL(); 4524 ASSERT_RTNL();
4528 4525
@@ -4554,7 +4551,8 @@ static int __dev_set_promiscuity(struct net_device *dev, int inc)
4554 dev->name, (dev->flags & IFF_PROMISC), 4551 dev->name, (dev->flags & IFF_PROMISC),
4555 (old_flags & IFF_PROMISC), 4552 (old_flags & IFF_PROMISC),
4556 audit_get_loginuid(current), 4553 audit_get_loginuid(current),
4557 uid, gid, 4554 from_kuid(&init_user_ns, uid),
4555 from_kgid(&init_user_ns, gid),
4558 audit_get_sessionid(current)); 4556 audit_get_sessionid(current));
4559 } 4557 }
4560 4558
@@ -5649,6 +5647,8 @@ int register_netdevice(struct net_device *dev)
5649 5647
5650 set_bit(__LINK_STATE_PRESENT, &dev->state); 5648 set_bit(__LINK_STATE_PRESENT, &dev->state);
5651 5649
5650 linkwatch_init_dev(dev);
5651
5652 dev_init_scheduler(dev); 5652 dev_init_scheduler(dev);
5653 dev_hold(dev); 5653 dev_hold(dev);
5654 list_netdevice(dev); 5654 list_netdevice(dev);
@@ -5782,7 +5782,11 @@ static void netdev_wait_allrefs(struct net_device *dev)
5782 5782
5783 /* Rebroadcast unregister notification */ 5783 /* Rebroadcast unregister notification */
5784 call_netdevice_notifiers(NETDEV_UNREGISTER, dev); 5784 call_netdevice_notifiers(NETDEV_UNREGISTER, dev);
5785
5786 __rtnl_unlock();
5785 rcu_barrier(); 5787 rcu_barrier();
5788 rtnl_lock();
5789
5786 call_netdevice_notifiers(NETDEV_UNREGISTER_FINAL, dev); 5790 call_netdevice_notifiers(NETDEV_UNREGISTER_FINAL, dev);
5787 if (test_bit(__LINK_STATE_LINKWATCH_PENDING, 5791 if (test_bit(__LINK_STATE_LINKWATCH_PENDING,
5788 &dev->state)) { 5792 &dev->state)) {
@@ -5855,7 +5859,9 @@ void netdev_run_todo(void)
5855 = list_first_entry(&list, struct net_device, todo_list); 5859 = list_first_entry(&list, struct net_device, todo_list);
5856 list_del(&dev->todo_list); 5860 list_del(&dev->todo_list);
5857 5861
5862 rtnl_lock();
5858 call_netdevice_notifiers(NETDEV_UNREGISTER_FINAL, dev); 5863 call_netdevice_notifiers(NETDEV_UNREGISTER_FINAL, dev);
5864 __rtnl_unlock();
5859 5865
5860 if (unlikely(dev->reg_state != NETREG_UNREGISTERING)) { 5866 if (unlikely(dev->reg_state != NETREG_UNREGISTERING)) {
5861 pr_err("network todo '%s' but state %d\n", 5867 pr_err("network todo '%s' but state %d\n",
@@ -6251,6 +6257,8 @@ int dev_change_net_namespace(struct net_device *dev, struct net *net, const char
6251 the device is just moving and can keep their slaves up. 6257 the device is just moving and can keep their slaves up.
6252 */ 6258 */
6253 call_netdevice_notifiers(NETDEV_UNREGISTER, dev); 6259 call_netdevice_notifiers(NETDEV_UNREGISTER, dev);
6260 rcu_barrier();
6261 call_netdevice_notifiers(NETDEV_UNREGISTER_FINAL, dev);
6254 rtmsg_ifinfo(RTM_DELLINK, dev, ~0U); 6262 rtmsg_ifinfo(RTM_DELLINK, dev, ~0U);
6255 6263
6256 /* 6264 /*
diff --git a/net/core/fib_rules.c b/net/core/fib_rules.c
index 585093755c23..ab7db83236c9 100644
--- a/net/core/fib_rules.c
+++ b/net/core/fib_rules.c
@@ -711,16 +711,15 @@ static int fib_rules_event(struct notifier_block *this, unsigned long event,
711 struct net *net = dev_net(dev); 711 struct net *net = dev_net(dev);
712 struct fib_rules_ops *ops; 712 struct fib_rules_ops *ops;
713 713
714 ASSERT_RTNL();
714 715
715 switch (event) { 716 switch (event) {
716 case NETDEV_REGISTER: 717 case NETDEV_REGISTER:
717 ASSERT_RTNL();
718 list_for_each_entry(ops, &net->rules_ops, list) 718 list_for_each_entry(ops, &net->rules_ops, list)
719 attach_rules(&ops->rules_list, dev); 719 attach_rules(&ops->rules_list, dev);
720 break; 720 break;
721 721
722 case NETDEV_UNREGISTER: 722 case NETDEV_UNREGISTER:
723 ASSERT_RTNL();
724 list_for_each_entry(ops, &net->rules_ops, list) 723 list_for_each_entry(ops, &net->rules_ops, list)
725 detach_rules(&ops->rules_list, dev); 724 detach_rules(&ops->rules_list, dev);
726 break; 725 break;
diff --git a/net/core/link_watch.c b/net/core/link_watch.c
index c3519c6d1b16..a01922219a23 100644
--- a/net/core/link_watch.c
+++ b/net/core/link_watch.c
@@ -76,6 +76,14 @@ static void rfc2863_policy(struct net_device *dev)
76} 76}
77 77
78 78
79void linkwatch_init_dev(struct net_device *dev)
80{
81 /* Handle pre-registration link state changes */
82 if (!netif_carrier_ok(dev) || netif_dormant(dev))
83 rfc2863_policy(dev);
84}
85
86
79static bool linkwatch_urgent_event(struct net_device *dev) 87static bool linkwatch_urgent_event(struct net_device *dev)
80{ 88{
81 if (!netif_running(dev)) 89 if (!netif_running(dev))
diff --git a/net/core/netpoll.c b/net/core/netpoll.c
index 346b1eb83a1f..dd67818025d1 100644
--- a/net/core/netpoll.c
+++ b/net/core/netpoll.c
@@ -168,24 +168,16 @@ static void poll_napi(struct net_device *dev)
168 struct napi_struct *napi; 168 struct napi_struct *napi;
169 int budget = 16; 169 int budget = 16;
170 170
171 WARN_ON_ONCE(!irqs_disabled());
172
173 list_for_each_entry(napi, &dev->napi_list, dev_list) { 171 list_for_each_entry(napi, &dev->napi_list, dev_list) {
174 local_irq_enable();
175 if (napi->poll_owner != smp_processor_id() && 172 if (napi->poll_owner != smp_processor_id() &&
176 spin_trylock(&napi->poll_lock)) { 173 spin_trylock(&napi->poll_lock)) {
177 rcu_read_lock_bh();
178 budget = poll_one_napi(rcu_dereference_bh(dev->npinfo), 174 budget = poll_one_napi(rcu_dereference_bh(dev->npinfo),
179 napi, budget); 175 napi, budget);
180 rcu_read_unlock_bh();
181 spin_unlock(&napi->poll_lock); 176 spin_unlock(&napi->poll_lock);
182 177
183 if (!budget) { 178 if (!budget)
184 local_irq_disable();
185 break; 179 break;
186 }
187 } 180 }
188 local_irq_disable();
189 } 181 }
190} 182}
191 183
@@ -388,6 +380,7 @@ void netpoll_send_udp(struct netpoll *np, const char *msg, int len)
388 struct udphdr *udph; 380 struct udphdr *udph;
389 struct iphdr *iph; 381 struct iphdr *iph;
390 struct ethhdr *eth; 382 struct ethhdr *eth;
383 static atomic_t ip_ident;
391 384
392 udp_len = len + sizeof(*udph); 385 udp_len = len + sizeof(*udph);
393 ip_len = udp_len + sizeof(*iph); 386 ip_len = udp_len + sizeof(*iph);
@@ -423,7 +416,7 @@ void netpoll_send_udp(struct netpoll *np, const char *msg, int len)
423 put_unaligned(0x45, (unsigned char *)iph); 416 put_unaligned(0x45, (unsigned char *)iph);
424 iph->tos = 0; 417 iph->tos = 0;
425 put_unaligned(htons(ip_len), &(iph->tot_len)); 418 put_unaligned(htons(ip_len), &(iph->tot_len));
426 iph->id = 0; 419 iph->id = htons(atomic_inc_return(&ip_ident));
427 iph->frag_off = 0; 420 iph->frag_off = 0;
428 iph->ttl = 64; 421 iph->ttl = 64;
429 iph->protocol = IPPROTO_UDP; 422 iph->protocol = IPPROTO_UDP;
diff --git a/net/core/request_sock.c b/net/core/request_sock.c
index 9b570a6a33c5..c31d9e8668c3 100644
--- a/net/core/request_sock.c
+++ b/net/core/request_sock.c
@@ -15,6 +15,7 @@
15#include <linux/random.h> 15#include <linux/random.h>
16#include <linux/slab.h> 16#include <linux/slab.h>
17#include <linux/string.h> 17#include <linux/string.h>
18#include <linux/tcp.h>
18#include <linux/vmalloc.h> 19#include <linux/vmalloc.h>
19 20
20#include <net/request_sock.h> 21#include <net/request_sock.h>
@@ -130,3 +131,97 @@ void reqsk_queue_destroy(struct request_sock_queue *queue)
130 kfree(lopt); 131 kfree(lopt);
131} 132}
132 133
134/*
135 * This function is called to set a Fast Open socket's "fastopen_rsk" field
136 * to NULL when a TFO socket no longer needs to access the request_sock.
137 * This happens only after 3WHS has been either completed or aborted (e.g.,
138 * RST is received).
139 *
140 * Before TFO, a child socket is created only after 3WHS is completed,
141 * hence it never needs to access the request_sock. things get a lot more
142 * complex with TFO. A child socket, accepted or not, has to access its
143 * request_sock for 3WHS processing, e.g., to retransmit SYN-ACK pkts,
144 * until 3WHS is either completed or aborted. Afterwards the req will stay
145 * until either the child socket is accepted, or in the rare case when the
146 * listener is closed before the child is accepted.
147 *
148 * In short, a request socket is only freed after BOTH 3WHS has completed
149 * (or aborted) and the child socket has been accepted (or listener closed).
150 * When a child socket is accepted, its corresponding req->sk is set to
151 * NULL since it's no longer needed. More importantly, "req->sk == NULL"
152 * will be used by the code below to determine if a child socket has been
153 * accepted or not, and the check is protected by the fastopenq->lock
154 * described below.
155 *
156 * Note that fastopen_rsk is only accessed from the child socket's context
157 * with its socket lock held. But a request_sock (req) can be accessed by
158 * both its child socket through fastopen_rsk, and a listener socket through
159 * icsk_accept_queue.rskq_accept_head. To protect the access a simple spin
160 * lock per listener "icsk->icsk_accept_queue.fastopenq->lock" is created.
161 * only in the rare case when both the listener and the child locks are held,
162 * e.g., in inet_csk_listen_stop() do we not need to acquire the lock.
163 * The lock also protects other fields such as fastopenq->qlen, which is
164 * decremented by this function when fastopen_rsk is no longer needed.
165 *
166 * Note that another solution was to simply use the existing socket lock
167 * from the listener. But first socket lock is difficult to use. It is not
168 * a simple spin lock - one must consider sock_owned_by_user() and arrange
169 * to use sk_add_backlog() stuff. But what really makes it infeasible is the
170 * locking hierarchy violation. E.g., inet_csk_listen_stop() may try to
171 * acquire a child's lock while holding listener's socket lock. A corner
172 * case might also exist in tcp_v4_hnd_req() that will trigger this locking
173 * order.
174 *
175 * When a TFO req is created, it needs to sock_hold its listener to prevent
176 * the latter data structure from going away.
177 *
178 * This function also sets "treq->listener" to NULL and unreference listener
179 * socket. treq->listener is used by the listener so it is protected by the
180 * fastopenq->lock in this function.
181 */
182void reqsk_fastopen_remove(struct sock *sk, struct request_sock *req,
183 bool reset)
184{
185 struct sock *lsk = tcp_rsk(req)->listener;
186 struct fastopen_queue *fastopenq =
187 inet_csk(lsk)->icsk_accept_queue.fastopenq;
188
189 BUG_ON(!spin_is_locked(&sk->sk_lock.slock) && !sock_owned_by_user(sk));
190
191 tcp_sk(sk)->fastopen_rsk = NULL;
192 spin_lock_bh(&fastopenq->lock);
193 fastopenq->qlen--;
194 tcp_rsk(req)->listener = NULL;
195 if (req->sk) /* the child socket hasn't been accepted yet */
196 goto out;
197
198 if (!reset || lsk->sk_state != TCP_LISTEN) {
199 /* If the listener has been closed don't bother with the
200 * special RST handling below.
201 */
202 spin_unlock_bh(&fastopenq->lock);
203 sock_put(lsk);
204 reqsk_free(req);
205 return;
206 }
207 /* Wait for 60secs before removing a req that has triggered RST.
208 * This is a simple defense against TFO spoofing attack - by
209 * counting the req against fastopen.max_qlen, and disabling
210 * TFO when the qlen exceeds max_qlen.
211 *
212 * For more details see CoNext'11 "TCP Fast Open" paper.
213 */
214 req->expires = jiffies + 60*HZ;
215 if (fastopenq->rskq_rst_head == NULL)
216 fastopenq->rskq_rst_head = req;
217 else
218 fastopenq->rskq_rst_tail->dl_next = req;
219
220 req->dl_next = NULL;
221 fastopenq->rskq_rst_tail = req;
222 fastopenq->qlen++;
223out:
224 spin_unlock_bh(&fastopenq->lock);
225 sock_put(lsk);
226 return;
227}
diff --git a/net/core/scm.c b/net/core/scm.c
index 040cebeed45b..6ab491d6c26f 100644
--- a/net/core/scm.c
+++ b/net/core/scm.c
@@ -45,12 +45,17 @@
45static __inline__ int scm_check_creds(struct ucred *creds) 45static __inline__ int scm_check_creds(struct ucred *creds)
46{ 46{
47 const struct cred *cred = current_cred(); 47 const struct cred *cred = current_cred();
48 kuid_t uid = make_kuid(cred->user_ns, creds->uid);
49 kgid_t gid = make_kgid(cred->user_ns, creds->gid);
50
51 if (!uid_valid(uid) || !gid_valid(gid))
52 return -EINVAL;
48 53
49 if ((creds->pid == task_tgid_vnr(current) || capable(CAP_SYS_ADMIN)) && 54 if ((creds->pid == task_tgid_vnr(current) || capable(CAP_SYS_ADMIN)) &&
50 ((creds->uid == cred->uid || creds->uid == cred->euid || 55 ((uid_eq(uid, cred->uid) || uid_eq(uid, cred->euid) ||
51 creds->uid == cred->suid) || capable(CAP_SETUID)) && 56 uid_eq(uid, cred->suid)) || capable(CAP_SETUID)) &&
52 ((creds->gid == cred->gid || creds->gid == cred->egid || 57 ((gid_eq(gid, cred->gid) || gid_eq(gid, cred->egid) ||
53 creds->gid == cred->sgid) || capable(CAP_SETGID))) { 58 gid_eq(gid, cred->sgid)) || capable(CAP_SETGID))) {
54 return 0; 59 return 0;
55 } 60 }
56 return -EPERM; 61 return -EPERM;
@@ -149,6 +154,9 @@ int __scm_send(struct socket *sock, struct msghdr *msg, struct scm_cookie *p)
149 goto error; 154 goto error;
150 break; 155 break;
151 case SCM_CREDENTIALS: 156 case SCM_CREDENTIALS:
157 {
158 kuid_t uid;
159 kgid_t gid;
152 if (cmsg->cmsg_len != CMSG_LEN(sizeof(struct ucred))) 160 if (cmsg->cmsg_len != CMSG_LEN(sizeof(struct ucred)))
153 goto error; 161 goto error;
154 memcpy(&p->creds, CMSG_DATA(cmsg), sizeof(struct ucred)); 162 memcpy(&p->creds, CMSG_DATA(cmsg), sizeof(struct ucred));
@@ -166,22 +174,29 @@ int __scm_send(struct socket *sock, struct msghdr *msg, struct scm_cookie *p)
166 p->pid = pid; 174 p->pid = pid;
167 } 175 }
168 176
177 err = -EINVAL;
178 uid = make_kuid(current_user_ns(), p->creds.uid);
179 gid = make_kgid(current_user_ns(), p->creds.gid);
180 if (!uid_valid(uid) || !gid_valid(gid))
181 goto error;
182
169 if (!p->cred || 183 if (!p->cred ||
170 (p->cred->euid != p->creds.uid) || 184 !uid_eq(p->cred->euid, uid) ||
171 (p->cred->egid != p->creds.gid)) { 185 !gid_eq(p->cred->egid, gid)) {
172 struct cred *cred; 186 struct cred *cred;
173 err = -ENOMEM; 187 err = -ENOMEM;
174 cred = prepare_creds(); 188 cred = prepare_creds();
175 if (!cred) 189 if (!cred)
176 goto error; 190 goto error;
177 191
178 cred->uid = cred->euid = p->creds.uid; 192 cred->uid = cred->euid = uid;
179 cred->gid = cred->egid = p->creds.gid; 193 cred->gid = cred->egid = gid;
180 if (p->cred) 194 if (p->cred)
181 put_cred(p->cred); 195 put_cred(p->cred);
182 p->cred = cred; 196 p->cred = cred;
183 } 197 }
184 break; 198 break;
199 }
185 default: 200 default:
186 goto error; 201 goto error;
187 } 202 }
diff --git a/net/core/sock.c b/net/core/sock.c
index 8f67ced8d6a8..d765156eab65 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -868,8 +868,8 @@ void cred_to_ucred(struct pid *pid, const struct cred *cred,
868 if (cred) { 868 if (cred) {
869 struct user_namespace *current_ns = current_user_ns(); 869 struct user_namespace *current_ns = current_user_ns();
870 870
871 ucred->uid = from_kuid(current_ns, cred->euid); 871 ucred->uid = from_kuid_munged(current_ns, cred->euid);
872 ucred->gid = from_kgid(current_ns, cred->egid); 872 ucred->gid = from_kgid_munged(current_ns, cred->egid);
873 } 873 }
874} 874}
875EXPORT_SYMBOL_GPL(cred_to_ucred); 875EXPORT_SYMBOL_GPL(cred_to_ucred);
@@ -1230,7 +1230,7 @@ void sock_update_classid(struct sock *sk)
1230 rcu_read_lock(); /* doing current task, which cannot vanish. */ 1230 rcu_read_lock(); /* doing current task, which cannot vanish. */
1231 classid = task_cls_classid(current); 1231 classid = task_cls_classid(current);
1232 rcu_read_unlock(); 1232 rcu_read_unlock();
1233 if (classid && classid != sk->sk_classid) 1233 if (classid != sk->sk_classid)
1234 sk->sk_classid = classid; 1234 sk->sk_classid = classid;
1235} 1235}
1236EXPORT_SYMBOL(sock_update_classid); 1236EXPORT_SYMBOL(sock_update_classid);
@@ -1527,12 +1527,12 @@ void sock_edemux(struct sk_buff *skb)
1527} 1527}
1528EXPORT_SYMBOL(sock_edemux); 1528EXPORT_SYMBOL(sock_edemux);
1529 1529
1530int sock_i_uid(struct sock *sk) 1530kuid_t sock_i_uid(struct sock *sk)
1531{ 1531{
1532 int uid; 1532 kuid_t uid;
1533 1533
1534 read_lock_bh(&sk->sk_callback_lock); 1534 read_lock_bh(&sk->sk_callback_lock);
1535 uid = sk->sk_socket ? SOCK_INODE(sk->sk_socket)->i_uid : 0; 1535 uid = sk->sk_socket ? SOCK_INODE(sk->sk_socket)->i_uid : GLOBAL_ROOT_UID;
1536 read_unlock_bh(&sk->sk_callback_lock); 1536 read_unlock_bh(&sk->sk_callback_lock);
1537 return uid; 1537 return uid;
1538} 1538}
diff --git a/net/decnet/af_decnet.c b/net/decnet/af_decnet.c
index 2ba1a2814c24..307c322d53bb 100644
--- a/net/decnet/af_decnet.c
+++ b/net/decnet/af_decnet.c
@@ -1313,10 +1313,10 @@ static int dn_shutdown(struct socket *sock, int how)
1313 if (scp->state == DN_O) 1313 if (scp->state == DN_O)
1314 goto out; 1314 goto out;
1315 1315
1316 if (how != SHUTDOWN_MASK) 1316 if (how != SHUT_RDWR)
1317 goto out; 1317 goto out;
1318 1318
1319 sk->sk_shutdown = how; 1319 sk->sk_shutdown = SHUTDOWN_MASK;
1320 dn_destroy_sock(sk); 1320 dn_destroy_sock(sk);
1321 err = 0; 1321 err = 0;
1322 1322
diff --git a/net/ieee802154/6lowpan.c b/net/ieee802154/6lowpan.c
index 6a095225148e..d5291113584f 100644
--- a/net/ieee802154/6lowpan.c
+++ b/net/ieee802154/6lowpan.c
@@ -1063,12 +1063,6 @@ out:
1063 return (err < 0 ? NETDEV_TX_BUSY : NETDEV_TX_OK); 1063 return (err < 0 ? NETDEV_TX_BUSY : NETDEV_TX_OK);
1064} 1064}
1065 1065
1066static void lowpan_dev_free(struct net_device *dev)
1067{
1068 dev_put(lowpan_dev_info(dev)->real_dev);
1069 free_netdev(dev);
1070}
1071
1072static struct wpan_phy *lowpan_get_phy(const struct net_device *dev) 1066static struct wpan_phy *lowpan_get_phy(const struct net_device *dev)
1073{ 1067{
1074 struct net_device *real_dev = lowpan_dev_info(dev)->real_dev; 1068 struct net_device *real_dev = lowpan_dev_info(dev)->real_dev;
@@ -1118,7 +1112,7 @@ static void lowpan_setup(struct net_device *dev)
1118 dev->netdev_ops = &lowpan_netdev_ops; 1112 dev->netdev_ops = &lowpan_netdev_ops;
1119 dev->header_ops = &lowpan_header_ops; 1113 dev->header_ops = &lowpan_header_ops;
1120 dev->ml_priv = &lowpan_mlme; 1114 dev->ml_priv = &lowpan_mlme;
1121 dev->destructor = lowpan_dev_free; 1115 dev->destructor = free_netdev;
1122} 1116}
1123 1117
1124static int lowpan_validate(struct nlattr *tb[], struct nlattr *data[]) 1118static int lowpan_validate(struct nlattr *tb[], struct nlattr *data[])
@@ -1133,6 +1127,8 @@ static int lowpan_validate(struct nlattr *tb[], struct nlattr *data[])
1133static int lowpan_rcv(struct sk_buff *skb, struct net_device *dev, 1127static int lowpan_rcv(struct sk_buff *skb, struct net_device *dev,
1134 struct packet_type *pt, struct net_device *orig_dev) 1128 struct packet_type *pt, struct net_device *orig_dev)
1135{ 1129{
1130 struct sk_buff *local_skb;
1131
1136 if (!netif_running(dev)) 1132 if (!netif_running(dev))
1137 goto drop; 1133 goto drop;
1138 1134
@@ -1144,7 +1140,12 @@ static int lowpan_rcv(struct sk_buff *skb, struct net_device *dev,
1144 case LOWPAN_DISPATCH_IPHC: /* ipv6 datagram */ 1140 case LOWPAN_DISPATCH_IPHC: /* ipv6 datagram */
1145 case LOWPAN_DISPATCH_FRAG1: /* first fragment header */ 1141 case LOWPAN_DISPATCH_FRAG1: /* first fragment header */
1146 case LOWPAN_DISPATCH_FRAGN: /* next fragments headers */ 1142 case LOWPAN_DISPATCH_FRAGN: /* next fragments headers */
1147 lowpan_process_data(skb); 1143 local_skb = skb_clone(skb, GFP_ATOMIC);
1144 if (!local_skb)
1145 goto drop;
1146 lowpan_process_data(local_skb);
1147
1148 kfree_skb(skb);
1148 break; 1149 break;
1149 default: 1150 default:
1150 break; 1151 break;
@@ -1237,6 +1238,34 @@ static inline void __init lowpan_netlink_fini(void)
1237 rtnl_link_unregister(&lowpan_link_ops); 1238 rtnl_link_unregister(&lowpan_link_ops);
1238} 1239}
1239 1240
1241static int lowpan_device_event(struct notifier_block *unused,
1242 unsigned long event,
1243 void *ptr)
1244{
1245 struct net_device *dev = ptr;
1246 LIST_HEAD(del_list);
1247 struct lowpan_dev_record *entry, *tmp;
1248
1249 if (dev->type != ARPHRD_IEEE802154)
1250 goto out;
1251
1252 if (event == NETDEV_UNREGISTER) {
1253 list_for_each_entry_safe(entry, tmp, &lowpan_devices, list) {
1254 if (lowpan_dev_info(entry->ldev)->real_dev == dev)
1255 lowpan_dellink(entry->ldev, &del_list);
1256 }
1257
1258 unregister_netdevice_many(&del_list);
1259 };
1260
1261out:
1262 return NOTIFY_DONE;
1263}
1264
1265static struct notifier_block lowpan_dev_notifier = {
1266 .notifier_call = lowpan_device_event,
1267};
1268
1240static struct packet_type lowpan_packet_type = { 1269static struct packet_type lowpan_packet_type = {
1241 .type = __constant_htons(ETH_P_IEEE802154), 1270 .type = __constant_htons(ETH_P_IEEE802154),
1242 .func = lowpan_rcv, 1271 .func = lowpan_rcv,
@@ -1251,6 +1280,12 @@ static int __init lowpan_init_module(void)
1251 goto out; 1280 goto out;
1252 1281
1253 dev_add_pack(&lowpan_packet_type); 1282 dev_add_pack(&lowpan_packet_type);
1283
1284 err = register_netdevice_notifier(&lowpan_dev_notifier);
1285 if (err < 0) {
1286 dev_remove_pack(&lowpan_packet_type);
1287 lowpan_netlink_fini();
1288 }
1254out: 1289out:
1255 return err; 1290 return err;
1256} 1291}
@@ -1263,6 +1298,8 @@ static void __exit lowpan_cleanup_module(void)
1263 1298
1264 dev_remove_pack(&lowpan_packet_type); 1299 dev_remove_pack(&lowpan_packet_type);
1265 1300
1301 unregister_netdevice_notifier(&lowpan_dev_notifier);
1302
1266 /* Now 6lowpan packet_type is removed, so no new fragments are 1303 /* Now 6lowpan packet_type is removed, so no new fragments are
1267 * expected on RX, therefore that's the time to clean incomplete 1304 * expected on RX, therefore that's the time to clean incomplete
1268 * fragments. 1305 * fragments.
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index 6681ccf5c3ee..4f70ef0b946d 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -149,6 +149,11 @@ void inet_sock_destruct(struct sock *sk)
149 pr_err("Attempt to release alive inet socket %p\n", sk); 149 pr_err("Attempt to release alive inet socket %p\n", sk);
150 return; 150 return;
151 } 151 }
152 if (sk->sk_type == SOCK_STREAM) {
153 struct fastopen_queue *fastopenq =
154 inet_csk(sk)->icsk_accept_queue.fastopenq;
155 kfree(fastopenq);
156 }
152 157
153 WARN_ON(atomic_read(&sk->sk_rmem_alloc)); 158 WARN_ON(atomic_read(&sk->sk_rmem_alloc));
154 WARN_ON(atomic_read(&sk->sk_wmem_alloc)); 159 WARN_ON(atomic_read(&sk->sk_wmem_alloc));
@@ -212,6 +217,26 @@ int inet_listen(struct socket *sock, int backlog)
212 * we can only allow the backlog to be adjusted. 217 * we can only allow the backlog to be adjusted.
213 */ 218 */
214 if (old_state != TCP_LISTEN) { 219 if (old_state != TCP_LISTEN) {
220 /* Check special setups for testing purpose to enable TFO w/o
221 * requiring TCP_FASTOPEN sockopt.
222 * Note that only TCP sockets (SOCK_STREAM) will reach here.
223 * Also fastopenq may already been allocated because this
224 * socket was in TCP_LISTEN state previously but was
225 * shutdown() (rather than close()).
226 */
227 if ((sysctl_tcp_fastopen & TFO_SERVER_ENABLE) != 0 &&
228 inet_csk(sk)->icsk_accept_queue.fastopenq == NULL) {
229 if ((sysctl_tcp_fastopen & TFO_SERVER_WO_SOCKOPT1) != 0)
230 err = fastopen_init_queue(sk, backlog);
231 else if ((sysctl_tcp_fastopen &
232 TFO_SERVER_WO_SOCKOPT2) != 0)
233 err = fastopen_init_queue(sk,
234 ((uint)sysctl_tcp_fastopen) >> 16);
235 else
236 err = 0;
237 if (err)
238 goto out;
239 }
215 err = inet_csk_listen_start(sk, backlog); 240 err = inet_csk_listen_start(sk, backlog);
216 if (err) 241 if (err)
217 goto out; 242 goto out;
@@ -701,7 +726,8 @@ int inet_accept(struct socket *sock, struct socket *newsock, int flags)
701 726
702 sock_rps_record_flow(sk2); 727 sock_rps_record_flow(sk2);
703 WARN_ON(!((1 << sk2->sk_state) & 728 WARN_ON(!((1 << sk2->sk_state) &
704 (TCPF_ESTABLISHED | TCPF_CLOSE_WAIT | TCPF_CLOSE))); 729 (TCPF_ESTABLISHED | TCPF_SYN_RECV |
730 TCPF_CLOSE_WAIT | TCPF_CLOSE)));
705 731
706 sock_graft(sk2, newsock); 732 sock_graft(sk2, newsock);
707 733
diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
index 6a5e6e4b142c..adf273f8ad2e 100644
--- a/net/ipv4/devinet.c
+++ b/net/ipv4/devinet.c
@@ -1147,12 +1147,8 @@ static int inetdev_event(struct notifier_block *this, unsigned long event,
1147 void *ptr) 1147 void *ptr)
1148{ 1148{
1149 struct net_device *dev = ptr; 1149 struct net_device *dev = ptr;
1150 struct in_device *in_dev; 1150 struct in_device *in_dev = __in_dev_get_rtnl(dev);
1151
1152 if (event == NETDEV_UNREGISTER_FINAL)
1153 goto out;
1154 1151
1155 in_dev = __in_dev_get_rtnl(dev);
1156 ASSERT_RTNL(); 1152 ASSERT_RTNL();
1157 1153
1158 if (!in_dev) { 1154 if (!in_dev) {
diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c
index fd7d9ae64f16..acdee325d972 100644
--- a/net/ipv4/fib_frontend.c
+++ b/net/ipv4/fib_frontend.c
@@ -1050,9 +1050,6 @@ static int fib_netdev_event(struct notifier_block *this, unsigned long event, vo
1050 return NOTIFY_DONE; 1050 return NOTIFY_DONE;
1051 } 1051 }
1052 1052
1053 if (event == NETDEV_UNREGISTER_FINAL)
1054 return NOTIFY_DONE;
1055
1056 in_dev = __in_dev_get_rtnl(dev); 1053 in_dev = __in_dev_get_rtnl(dev);
1057 1054
1058 switch (event) { 1055 switch (event) {
@@ -1064,14 +1061,14 @@ static int fib_netdev_event(struct notifier_block *this, unsigned long event, vo
1064 fib_sync_up(dev); 1061 fib_sync_up(dev);
1065#endif 1062#endif
1066 atomic_inc(&net->ipv4.dev_addr_genid); 1063 atomic_inc(&net->ipv4.dev_addr_genid);
1067 rt_cache_flush(dev_net(dev), -1); 1064 rt_cache_flush(net, -1);
1068 break; 1065 break;
1069 case NETDEV_DOWN: 1066 case NETDEV_DOWN:
1070 fib_disable_ip(dev, 0, 0); 1067 fib_disable_ip(dev, 0, 0);
1071 break; 1068 break;
1072 case NETDEV_CHANGEMTU: 1069 case NETDEV_CHANGEMTU:
1073 case NETDEV_CHANGE: 1070 case NETDEV_CHANGE:
1074 rt_cache_flush(dev_net(dev), 0); 1071 rt_cache_flush(net, 0);
1075 break; 1072 break;
1076 } 1073 }
1077 return NOTIFY_DONE; 1074 return NOTIFY_DONE;
diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c
index 7f75f21d7b83..8464b79c493f 100644
--- a/net/ipv4/inet_connection_sock.c
+++ b/net/ipv4/inet_connection_sock.c
@@ -283,7 +283,9 @@ static int inet_csk_wait_for_connect(struct sock *sk, long timeo)
283struct sock *inet_csk_accept(struct sock *sk, int flags, int *err) 283struct sock *inet_csk_accept(struct sock *sk, int flags, int *err)
284{ 284{
285 struct inet_connection_sock *icsk = inet_csk(sk); 285 struct inet_connection_sock *icsk = inet_csk(sk);
286 struct request_sock_queue *queue = &icsk->icsk_accept_queue;
286 struct sock *newsk; 287 struct sock *newsk;
288 struct request_sock *req;
287 int error; 289 int error;
288 290
289 lock_sock(sk); 291 lock_sock(sk);
@@ -296,7 +298,7 @@ struct sock *inet_csk_accept(struct sock *sk, int flags, int *err)
296 goto out_err; 298 goto out_err;
297 299
298 /* Find already established connection */ 300 /* Find already established connection */
299 if (reqsk_queue_empty(&icsk->icsk_accept_queue)) { 301 if (reqsk_queue_empty(queue)) {
300 long timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 302 long timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
301 303
302 /* If this is a non blocking socket don't sleep */ 304 /* If this is a non blocking socket don't sleep */
@@ -308,14 +310,32 @@ struct sock *inet_csk_accept(struct sock *sk, int flags, int *err)
308 if (error) 310 if (error)
309 goto out_err; 311 goto out_err;
310 } 312 }
311 313 req = reqsk_queue_remove(queue);
312 newsk = reqsk_queue_get_child(&icsk->icsk_accept_queue, sk); 314 newsk = req->sk;
313 WARN_ON(newsk->sk_state == TCP_SYN_RECV); 315
316 sk_acceptq_removed(sk);
317 if (sk->sk_type == SOCK_STREAM && queue->fastopenq != NULL) {
318 spin_lock_bh(&queue->fastopenq->lock);
319 if (tcp_rsk(req)->listener) {
320 /* We are still waiting for the final ACK from 3WHS
321 * so can't free req now. Instead, we set req->sk to
322 * NULL to signify that the child socket is taken
323 * so reqsk_fastopen_remove() will free the req
324 * when 3WHS finishes (or is aborted).
325 */
326 req->sk = NULL;
327 req = NULL;
328 }
329 spin_unlock_bh(&queue->fastopenq->lock);
330 }
314out: 331out:
315 release_sock(sk); 332 release_sock(sk);
333 if (req)
334 __reqsk_free(req);
316 return newsk; 335 return newsk;
317out_err: 336out_err:
318 newsk = NULL; 337 newsk = NULL;
338 req = NULL;
319 *err = error; 339 *err = error;
320 goto out; 340 goto out;
321} 341}
@@ -720,13 +740,14 @@ EXPORT_SYMBOL_GPL(inet_csk_listen_start);
720void inet_csk_listen_stop(struct sock *sk) 740void inet_csk_listen_stop(struct sock *sk)
721{ 741{
722 struct inet_connection_sock *icsk = inet_csk(sk); 742 struct inet_connection_sock *icsk = inet_csk(sk);
743 struct request_sock_queue *queue = &icsk->icsk_accept_queue;
723 struct request_sock *acc_req; 744 struct request_sock *acc_req;
724 struct request_sock *req; 745 struct request_sock *req;
725 746
726 inet_csk_delete_keepalive_timer(sk); 747 inet_csk_delete_keepalive_timer(sk);
727 748
728 /* make all the listen_opt local to us */ 749 /* make all the listen_opt local to us */
729 acc_req = reqsk_queue_yank_acceptq(&icsk->icsk_accept_queue); 750 acc_req = reqsk_queue_yank_acceptq(queue);
730 751
731 /* Following specs, it would be better either to send FIN 752 /* Following specs, it would be better either to send FIN
732 * (and enter FIN-WAIT-1, it is normal close) 753 * (and enter FIN-WAIT-1, it is normal close)
@@ -736,7 +757,7 @@ void inet_csk_listen_stop(struct sock *sk)
736 * To be honest, we are not able to make either 757 * To be honest, we are not able to make either
737 * of the variants now. --ANK 758 * of the variants now. --ANK
738 */ 759 */
739 reqsk_queue_destroy(&icsk->icsk_accept_queue); 760 reqsk_queue_destroy(queue);
740 761
741 while ((req = acc_req) != NULL) { 762 while ((req = acc_req) != NULL) {
742 struct sock *child = req->sk; 763 struct sock *child = req->sk;
@@ -754,6 +775,19 @@ void inet_csk_listen_stop(struct sock *sk)
754 775
755 percpu_counter_inc(sk->sk_prot->orphan_count); 776 percpu_counter_inc(sk->sk_prot->orphan_count);
756 777
778 if (sk->sk_type == SOCK_STREAM && tcp_rsk(req)->listener) {
779 BUG_ON(tcp_sk(child)->fastopen_rsk != req);
780 BUG_ON(sk != tcp_rsk(req)->listener);
781
782 /* Paranoid, to prevent race condition if
783 * an inbound pkt destined for child is
784 * blocked by sock lock in tcp_v4_rcv().
785 * Also to satisfy an assertion in
786 * tcp_v4_destroy_sock().
787 */
788 tcp_sk(child)->fastopen_rsk = NULL;
789 sock_put(sk);
790 }
757 inet_csk_destroy_sock(child); 791 inet_csk_destroy_sock(child);
758 792
759 bh_unlock_sock(child); 793 bh_unlock_sock(child);
@@ -763,6 +797,17 @@ void inet_csk_listen_stop(struct sock *sk)
763 sk_acceptq_removed(sk); 797 sk_acceptq_removed(sk);
764 __reqsk_free(req); 798 __reqsk_free(req);
765 } 799 }
800 if (queue->fastopenq != NULL) {
801 /* Free all the reqs queued in rskq_rst_head. */
802 spin_lock_bh(&queue->fastopenq->lock);
803 acc_req = queue->fastopenq->rskq_rst_head;
804 queue->fastopenq->rskq_rst_head = NULL;
805 spin_unlock_bh(&queue->fastopenq->lock);
806 while ((req = acc_req) != NULL) {
807 acc_req = req->dl_next;
808 __reqsk_free(req);
809 }
810 }
766 WARN_ON(sk->sk_ack_backlog); 811 WARN_ON(sk->sk_ack_backlog);
767} 812}
768EXPORT_SYMBOL_GPL(inet_csk_listen_stop); 813EXPORT_SYMBOL_GPL(inet_csk_listen_stop);
diff --git a/net/ipv4/inet_diag.c b/net/ipv4/inet_diag.c
index 570e61f9611f..8bc005b1435f 100644
--- a/net/ipv4/inet_diag.c
+++ b/net/ipv4/inet_diag.c
@@ -69,6 +69,7 @@ static inline void inet_diag_unlock_handler(
69 69
70int inet_sk_diag_fill(struct sock *sk, struct inet_connection_sock *icsk, 70int inet_sk_diag_fill(struct sock *sk, struct inet_connection_sock *icsk,
71 struct sk_buff *skb, struct inet_diag_req_v2 *req, 71 struct sk_buff *skb, struct inet_diag_req_v2 *req,
72 struct user_namespace *user_ns,
72 u32 pid, u32 seq, u16 nlmsg_flags, 73 u32 pid, u32 seq, u16 nlmsg_flags,
73 const struct nlmsghdr *unlh) 74 const struct nlmsghdr *unlh)
74{ 75{
@@ -124,7 +125,7 @@ int inet_sk_diag_fill(struct sock *sk, struct inet_connection_sock *icsk,
124 } 125 }
125#endif 126#endif
126 127
127 r->idiag_uid = sock_i_uid(sk); 128 r->idiag_uid = from_kuid_munged(user_ns, sock_i_uid(sk));
128 r->idiag_inode = sock_i_ino(sk); 129 r->idiag_inode = sock_i_ino(sk);
129 130
130 if (ext & (1 << (INET_DIAG_MEMINFO - 1))) { 131 if (ext & (1 << (INET_DIAG_MEMINFO - 1))) {
@@ -199,11 +200,12 @@ EXPORT_SYMBOL_GPL(inet_sk_diag_fill);
199 200
200static int inet_csk_diag_fill(struct sock *sk, 201static int inet_csk_diag_fill(struct sock *sk,
201 struct sk_buff *skb, struct inet_diag_req_v2 *req, 202 struct sk_buff *skb, struct inet_diag_req_v2 *req,
203 struct user_namespace *user_ns,
202 u32 pid, u32 seq, u16 nlmsg_flags, 204 u32 pid, u32 seq, u16 nlmsg_flags,
203 const struct nlmsghdr *unlh) 205 const struct nlmsghdr *unlh)
204{ 206{
205 return inet_sk_diag_fill(sk, inet_csk(sk), 207 return inet_sk_diag_fill(sk, inet_csk(sk),
206 skb, req, pid, seq, nlmsg_flags, unlh); 208 skb, req, user_ns, pid, seq, nlmsg_flags, unlh);
207} 209}
208 210
209static int inet_twsk_diag_fill(struct inet_timewait_sock *tw, 211static int inet_twsk_diag_fill(struct inet_timewait_sock *tw,
@@ -256,14 +258,16 @@ static int inet_twsk_diag_fill(struct inet_timewait_sock *tw,
256} 258}
257 259
258static int sk_diag_fill(struct sock *sk, struct sk_buff *skb, 260static int sk_diag_fill(struct sock *sk, struct sk_buff *skb,
259 struct inet_diag_req_v2 *r, u32 pid, u32 seq, u16 nlmsg_flags, 261 struct inet_diag_req_v2 *r,
262 struct user_namespace *user_ns,
263 u32 pid, u32 seq, u16 nlmsg_flags,
260 const struct nlmsghdr *unlh) 264 const struct nlmsghdr *unlh)
261{ 265{
262 if (sk->sk_state == TCP_TIME_WAIT) 266 if (sk->sk_state == TCP_TIME_WAIT)
263 return inet_twsk_diag_fill((struct inet_timewait_sock *)sk, 267 return inet_twsk_diag_fill((struct inet_timewait_sock *)sk,
264 skb, r, pid, seq, nlmsg_flags, 268 skb, r, pid, seq, nlmsg_flags,
265 unlh); 269 unlh);
266 return inet_csk_diag_fill(sk, skb, r, pid, seq, nlmsg_flags, unlh); 270 return inet_csk_diag_fill(sk, skb, r, user_ns, pid, seq, nlmsg_flags, unlh);
267} 271}
268 272
269int inet_diag_dump_one_icsk(struct inet_hashinfo *hashinfo, struct sk_buff *in_skb, 273int inet_diag_dump_one_icsk(struct inet_hashinfo *hashinfo, struct sk_buff *in_skb,
@@ -311,6 +315,7 @@ int inet_diag_dump_one_icsk(struct inet_hashinfo *hashinfo, struct sk_buff *in_s
311 } 315 }
312 316
313 err = sk_diag_fill(sk, rep, req, 317 err = sk_diag_fill(sk, rep, req,
318 sk_user_ns(NETLINK_CB(in_skb).ssk),
314 NETLINK_CB(in_skb).pid, 319 NETLINK_CB(in_skb).pid,
315 nlh->nlmsg_seq, 0, nlh); 320 nlh->nlmsg_seq, 0, nlh);
316 if (err < 0) { 321 if (err < 0) {
@@ -551,6 +556,7 @@ static int inet_csk_diag_dump(struct sock *sk,
551 return 0; 556 return 0;
552 557
553 return inet_csk_diag_fill(sk, skb, r, 558 return inet_csk_diag_fill(sk, skb, r,
559 sk_user_ns(NETLINK_CB(cb->skb).ssk),
554 NETLINK_CB(cb->skb).pid, 560 NETLINK_CB(cb->skb).pid,
555 cb->nlh->nlmsg_seq, NLM_F_MULTI, cb->nlh); 561 cb->nlh->nlmsg_seq, NLM_F_MULTI, cb->nlh);
556} 562}
@@ -591,7 +597,9 @@ static int inet_twsk_diag_dump(struct inet_timewait_sock *tw,
591} 597}
592 598
593static int inet_diag_fill_req(struct sk_buff *skb, struct sock *sk, 599static int inet_diag_fill_req(struct sk_buff *skb, struct sock *sk,
594 struct request_sock *req, u32 pid, u32 seq, 600 struct request_sock *req,
601 struct user_namespace *user_ns,
602 u32 pid, u32 seq,
595 const struct nlmsghdr *unlh) 603 const struct nlmsghdr *unlh)
596{ 604{
597 const struct inet_request_sock *ireq = inet_rsk(req); 605 const struct inet_request_sock *ireq = inet_rsk(req);
@@ -625,7 +633,7 @@ static int inet_diag_fill_req(struct sk_buff *skb, struct sock *sk,
625 r->idiag_expires = jiffies_to_msecs(tmo); 633 r->idiag_expires = jiffies_to_msecs(tmo);
626 r->idiag_rqueue = 0; 634 r->idiag_rqueue = 0;
627 r->idiag_wqueue = 0; 635 r->idiag_wqueue = 0;
628 r->idiag_uid = sock_i_uid(sk); 636 r->idiag_uid = from_kuid_munged(user_ns, sock_i_uid(sk));
629 r->idiag_inode = 0; 637 r->idiag_inode = 0;
630#if IS_ENABLED(CONFIG_IPV6) 638#if IS_ENABLED(CONFIG_IPV6)
631 if (r->idiag_family == AF_INET6) { 639 if (r->idiag_family == AF_INET6) {
@@ -702,6 +710,7 @@ static int inet_diag_dump_reqs(struct sk_buff *skb, struct sock *sk,
702 } 710 }
703 711
704 err = inet_diag_fill_req(skb, sk, req, 712 err = inet_diag_fill_req(skb, sk, req,
713 sk_user_ns(NETLINK_CB(cb->skb).ssk),
705 NETLINK_CB(cb->skb).pid, 714 NETLINK_CB(cb->skb).pid,
706 cb->nlh->nlmsg_seq, cb->nlh); 715 cb->nlh->nlmsg_seq, cb->nlh);
707 if (err < 0) { 716 if (err < 0) {
diff --git a/net/ipv4/ipmr.c b/net/ipv4/ipmr.c
index 3a57570c8ee5..8aa7a4cf9139 100644
--- a/net/ipv4/ipmr.c
+++ b/net/ipv4/ipmr.c
@@ -124,6 +124,8 @@ static DEFINE_SPINLOCK(mfc_unres_lock);
124static struct kmem_cache *mrt_cachep __read_mostly; 124static struct kmem_cache *mrt_cachep __read_mostly;
125 125
126static struct mr_table *ipmr_new_table(struct net *net, u32 id); 126static struct mr_table *ipmr_new_table(struct net *net, u32 id);
127static void ipmr_free_table(struct mr_table *mrt);
128
127static int ip_mr_forward(struct net *net, struct mr_table *mrt, 129static int ip_mr_forward(struct net *net, struct mr_table *mrt,
128 struct sk_buff *skb, struct mfc_cache *cache, 130 struct sk_buff *skb, struct mfc_cache *cache,
129 int local); 131 int local);
@@ -131,6 +133,7 @@ static int ipmr_cache_report(struct mr_table *mrt,
131 struct sk_buff *pkt, vifi_t vifi, int assert); 133 struct sk_buff *pkt, vifi_t vifi, int assert);
132static int __ipmr_fill_mroute(struct mr_table *mrt, struct sk_buff *skb, 134static int __ipmr_fill_mroute(struct mr_table *mrt, struct sk_buff *skb,
133 struct mfc_cache *c, struct rtmsg *rtm); 135 struct mfc_cache *c, struct rtmsg *rtm);
136static void mroute_clean_tables(struct mr_table *mrt);
134static void ipmr_expire_process(unsigned long arg); 137static void ipmr_expire_process(unsigned long arg);
135 138
136#ifdef CONFIG_IP_MROUTE_MULTIPLE_TABLES 139#ifdef CONFIG_IP_MROUTE_MULTIPLE_TABLES
@@ -271,7 +274,7 @@ static void __net_exit ipmr_rules_exit(struct net *net)
271 274
272 list_for_each_entry_safe(mrt, next, &net->ipv4.mr_tables, list) { 275 list_for_each_entry_safe(mrt, next, &net->ipv4.mr_tables, list) {
273 list_del(&mrt->list); 276 list_del(&mrt->list);
274 kfree(mrt); 277 ipmr_free_table(mrt);
275 } 278 }
276 fib_rules_unregister(net->ipv4.mr_rules_ops); 279 fib_rules_unregister(net->ipv4.mr_rules_ops);
277} 280}
@@ -299,7 +302,7 @@ static int __net_init ipmr_rules_init(struct net *net)
299 302
300static void __net_exit ipmr_rules_exit(struct net *net) 303static void __net_exit ipmr_rules_exit(struct net *net)
301{ 304{
302 kfree(net->ipv4.mrt); 305 ipmr_free_table(net->ipv4.mrt);
303} 306}
304#endif 307#endif
305 308
@@ -336,6 +339,13 @@ static struct mr_table *ipmr_new_table(struct net *net, u32 id)
336 return mrt; 339 return mrt;
337} 340}
338 341
342static void ipmr_free_table(struct mr_table *mrt)
343{
344 del_timer_sync(&mrt->ipmr_expire_timer);
345 mroute_clean_tables(mrt);
346 kfree(mrt);
347}
348
339/* Service routines creating virtual interfaces: DVMRP tunnels and PIMREG */ 349/* Service routines creating virtual interfaces: DVMRP tunnels and PIMREG */
340 350
341static void ipmr_del_tunnel(struct net_device *dev, struct vifctl *v) 351static void ipmr_del_tunnel(struct net_device *dev, struct vifctl *v)
diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c
index 6232d476f37e..8f3d05424a3e 100644
--- a/net/ipv4/ping.c
+++ b/net/ipv4/ping.c
@@ -185,10 +185,10 @@ exit:
185 return sk; 185 return sk;
186} 186}
187 187
188static void inet_get_ping_group_range_net(struct net *net, gid_t *low, 188static void inet_get_ping_group_range_net(struct net *net, kgid_t *low,
189 gid_t *high) 189 kgid_t *high)
190{ 190{
191 gid_t *data = net->ipv4.sysctl_ping_group_range; 191 kgid_t *data = net->ipv4.sysctl_ping_group_range;
192 unsigned int seq; 192 unsigned int seq;
193 193
194 do { 194 do {
@@ -203,19 +203,13 @@ static void inet_get_ping_group_range_net(struct net *net, gid_t *low,
203static int ping_init_sock(struct sock *sk) 203static int ping_init_sock(struct sock *sk)
204{ 204{
205 struct net *net = sock_net(sk); 205 struct net *net = sock_net(sk);
206 gid_t group = current_egid(); 206 kgid_t group = current_egid();
207 gid_t range[2];
208 struct group_info *group_info = get_current_groups(); 207 struct group_info *group_info = get_current_groups();
209 int i, j, count = group_info->ngroups; 208 int i, j, count = group_info->ngroups;
210 kgid_t low, high; 209 kgid_t low, high;
211 210
212 inet_get_ping_group_range_net(net, range, range+1); 211 inet_get_ping_group_range_net(net, &low, &high);
213 low = make_kgid(&init_user_ns, range[0]); 212 if (gid_lte(low, group) && gid_lte(group, high))
214 high = make_kgid(&init_user_ns, range[1]);
215 if (!gid_valid(low) || !gid_valid(high) || gid_lt(high, low))
216 return -EACCES;
217
218 if (range[0] <= group && group <= range[1])
219 return 0; 213 return 0;
220 214
221 for (i = 0; i < group_info->nblocks; i++) { 215 for (i = 0; i < group_info->nblocks; i++) {
@@ -845,7 +839,9 @@ static void ping_format_sock(struct sock *sp, struct seq_file *f,
845 bucket, src, srcp, dest, destp, sp->sk_state, 839 bucket, src, srcp, dest, destp, sp->sk_state,
846 sk_wmem_alloc_get(sp), 840 sk_wmem_alloc_get(sp),
847 sk_rmem_alloc_get(sp), 841 sk_rmem_alloc_get(sp),
848 0, 0L, 0, sock_i_uid(sp), 0, sock_i_ino(sp), 842 0, 0L, 0,
843 from_kuid_munged(seq_user_ns(f), sock_i_uid(sp)),
844 0, sock_i_ino(sp),
849 atomic_read(&sp->sk_refcnt), sp, 845 atomic_read(&sp->sk_refcnt), sp,
850 atomic_read(&sp->sk_drops), len); 846 atomic_read(&sp->sk_drops), len);
851} 847}
diff --git a/net/ipv4/proc.c b/net/ipv4/proc.c
index 957acd12250b..8de53e1ddd54 100644
--- a/net/ipv4/proc.c
+++ b/net/ipv4/proc.c
@@ -263,6 +263,10 @@ static const struct snmp_mib snmp4_net_list[] = {
263 SNMP_MIB_ITEM("TCPChallengeACK", LINUX_MIB_TCPCHALLENGEACK), 263 SNMP_MIB_ITEM("TCPChallengeACK", LINUX_MIB_TCPCHALLENGEACK),
264 SNMP_MIB_ITEM("TCPSYNChallenge", LINUX_MIB_TCPSYNCHALLENGE), 264 SNMP_MIB_ITEM("TCPSYNChallenge", LINUX_MIB_TCPSYNCHALLENGE),
265 SNMP_MIB_ITEM("TCPFastOpenActive", LINUX_MIB_TCPFASTOPENACTIVE), 265 SNMP_MIB_ITEM("TCPFastOpenActive", LINUX_MIB_TCPFASTOPENACTIVE),
266 SNMP_MIB_ITEM("TCPFastOpenPassive", LINUX_MIB_TCPFASTOPENPASSIVE),
267 SNMP_MIB_ITEM("TCPFastOpenPassiveFail", LINUX_MIB_TCPFASTOPENPASSIVEFAIL),
268 SNMP_MIB_ITEM("TCPFastOpenListenOverflow", LINUX_MIB_TCPFASTOPENLISTENOVERFLOW),
269 SNMP_MIB_ITEM("TCPFastOpenCookieReqd", LINUX_MIB_TCPFASTOPENCOOKIEREQD),
266 SNMP_MIB_SENTINEL 270 SNMP_MIB_SENTINEL
267}; 271};
268 272
diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c
index ff0f071969ea..f2425785d40a 100644
--- a/net/ipv4/raw.c
+++ b/net/ipv4/raw.c
@@ -992,7 +992,9 @@ static void raw_sock_seq_show(struct seq_file *seq, struct sock *sp, int i)
992 i, src, srcp, dest, destp, sp->sk_state, 992 i, src, srcp, dest, destp, sp->sk_state,
993 sk_wmem_alloc_get(sp), 993 sk_wmem_alloc_get(sp),
994 sk_rmem_alloc_get(sp), 994 sk_rmem_alloc_get(sp),
995 0, 0L, 0, sock_i_uid(sp), 0, sock_i_ino(sp), 995 0, 0L, 0,
996 from_kuid_munged(seq_user_ns(seq), sock_i_uid(sp)),
997 0, sock_i_ino(sp),
996 atomic_read(&sp->sk_refcnt), sp, atomic_read(&sp->sk_drops)); 998 atomic_read(&sp->sk_refcnt), sp, atomic_read(&sp->sk_drops));
997} 999}
998 1000
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index 50f6d3adb474..dc9549b5eb1c 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -934,12 +934,14 @@ static u32 __ip_rt_update_pmtu(struct rtable *rt, struct flowi4 *fl4, u32 mtu)
934 if (mtu < ip_rt_min_pmtu) 934 if (mtu < ip_rt_min_pmtu)
935 mtu = ip_rt_min_pmtu; 935 mtu = ip_rt_min_pmtu;
936 936
937 rcu_read_lock();
937 if (fib_lookup(dev_net(rt->dst.dev), fl4, &res) == 0) { 938 if (fib_lookup(dev_net(rt->dst.dev), fl4, &res) == 0) {
938 struct fib_nh *nh = &FIB_RES_NH(res); 939 struct fib_nh *nh = &FIB_RES_NH(res);
939 940
940 update_or_create_fnhe(nh, fl4->daddr, 0, mtu, 941 update_or_create_fnhe(nh, fl4->daddr, 0, mtu,
941 jiffies + ip_rt_mtu_expires); 942 jiffies + ip_rt_mtu_expires);
942 } 943 }
944 rcu_read_unlock();
943 return mtu; 945 return mtu;
944} 946}
945 947
@@ -956,7 +958,7 @@ static void ip_rt_update_pmtu(struct dst_entry *dst, struct sock *sk,
956 dst->obsolete = DST_OBSOLETE_KILL; 958 dst->obsolete = DST_OBSOLETE_KILL;
957 } else { 959 } else {
958 rt->rt_pmtu = mtu; 960 rt->rt_pmtu = mtu;
959 dst_set_expires(&rt->dst, ip_rt_mtu_expires); 961 rt->dst.expires = max(1UL, jiffies + ip_rt_mtu_expires);
960 } 962 }
961} 963}
962 964
@@ -1132,10 +1134,7 @@ static unsigned int ipv4_mtu(const struct dst_entry *dst)
1132 const struct rtable *rt = (const struct rtable *) dst; 1134 const struct rtable *rt = (const struct rtable *) dst;
1133 unsigned int mtu = rt->rt_pmtu; 1135 unsigned int mtu = rt->rt_pmtu;
1134 1136
1135 if (mtu && time_after_eq(jiffies, rt->dst.expires)) 1137 if (!mtu || time_after_eq(jiffies, rt->dst.expires))
1136 mtu = 0;
1137
1138 if (!mtu)
1139 mtu = dst_metric_raw(dst, RTAX_MTU); 1138 mtu = dst_metric_raw(dst, RTAX_MTU);
1140 1139
1141 if (mtu && rt_is_output_route(rt)) 1140 if (mtu && rt_is_output_route(rt))
@@ -1263,7 +1262,7 @@ static void ipv4_dst_destroy(struct dst_entry *dst)
1263{ 1262{
1264 struct rtable *rt = (struct rtable *) dst; 1263 struct rtable *rt = (struct rtable *) dst;
1265 1264
1266 if (dst->flags & DST_NOCACHE) { 1265 if (!list_empty(&rt->rt_uncached)) {
1267 spin_lock_bh(&rt_uncached_lock); 1266 spin_lock_bh(&rt_uncached_lock);
1268 list_del(&rt->rt_uncached); 1267 list_del(&rt->rt_uncached);
1269 spin_unlock_bh(&rt_uncached_lock); 1268 spin_unlock_bh(&rt_uncached_lock);
diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c
index 650e1528e1e6..ba48e799b031 100644
--- a/net/ipv4/syncookies.c
+++ b/net/ipv4/syncookies.c
@@ -319,6 +319,7 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
319 ireq->tstamp_ok = tcp_opt.saw_tstamp; 319 ireq->tstamp_ok = tcp_opt.saw_tstamp;
320 req->ts_recent = tcp_opt.saw_tstamp ? tcp_opt.rcv_tsval : 0; 320 req->ts_recent = tcp_opt.saw_tstamp ? tcp_opt.rcv_tsval : 0;
321 treq->snt_synack = tcp_opt.saw_tstamp ? tcp_opt.rcv_tsecr : 0; 321 treq->snt_synack = tcp_opt.saw_tstamp ? tcp_opt.rcv_tsecr : 0;
322 treq->listener = NULL;
322 323
323 /* We throwed the options of the initial SYN away, so we hope 324 /* We throwed the options of the initial SYN away, so we hope
324 * the ACK carries the same options again (see RFC1122 4.2.3.8) 325 * the ACK carries the same options again (see RFC1122 4.2.3.8)
diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c
index 1b5ce96707a3..9205e492dc9d 100644
--- a/net/ipv4/sysctl_net_ipv4.c
+++ b/net/ipv4/sysctl_net_ipv4.c
@@ -76,9 +76,9 @@ static int ipv4_local_port_range(ctl_table *table, int write,
76} 76}
77 77
78 78
79static void inet_get_ping_group_range_table(struct ctl_table *table, gid_t *low, gid_t *high) 79static void inet_get_ping_group_range_table(struct ctl_table *table, kgid_t *low, kgid_t *high)
80{ 80{
81 gid_t *data = table->data; 81 kgid_t *data = table->data;
82 unsigned int seq; 82 unsigned int seq;
83 do { 83 do {
84 seq = read_seqbegin(&sysctl_local_ports.lock); 84 seq = read_seqbegin(&sysctl_local_ports.lock);
@@ -89,12 +89,12 @@ static void inet_get_ping_group_range_table(struct ctl_table *table, gid_t *low,
89} 89}
90 90
91/* Update system visible IP port range */ 91/* Update system visible IP port range */
92static void set_ping_group_range(struct ctl_table *table, gid_t range[2]) 92static void set_ping_group_range(struct ctl_table *table, kgid_t low, kgid_t high)
93{ 93{
94 gid_t *data = table->data; 94 kgid_t *data = table->data;
95 write_seqlock(&sysctl_local_ports.lock); 95 write_seqlock(&sysctl_local_ports.lock);
96 data[0] = range[0]; 96 data[0] = low;
97 data[1] = range[1]; 97 data[1] = high;
98 write_sequnlock(&sysctl_local_ports.lock); 98 write_sequnlock(&sysctl_local_ports.lock);
99} 99}
100 100
@@ -103,21 +103,33 @@ static int ipv4_ping_group_range(ctl_table *table, int write,
103 void __user *buffer, 103 void __user *buffer,
104 size_t *lenp, loff_t *ppos) 104 size_t *lenp, loff_t *ppos)
105{ 105{
106 struct user_namespace *user_ns = current_user_ns();
106 int ret; 107 int ret;
107 gid_t range[2]; 108 gid_t urange[2];
109 kgid_t low, high;
108 ctl_table tmp = { 110 ctl_table tmp = {
109 .data = &range, 111 .data = &urange,
110 .maxlen = sizeof(range), 112 .maxlen = sizeof(urange),
111 .mode = table->mode, 113 .mode = table->mode,
112 .extra1 = &ip_ping_group_range_min, 114 .extra1 = &ip_ping_group_range_min,
113 .extra2 = &ip_ping_group_range_max, 115 .extra2 = &ip_ping_group_range_max,
114 }; 116 };
115 117
116 inet_get_ping_group_range_table(table, range, range + 1); 118 inet_get_ping_group_range_table(table, &low, &high);
119 urange[0] = from_kgid_munged(user_ns, low);
120 urange[1] = from_kgid_munged(user_ns, high);
117 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); 121 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
118 122
119 if (write && ret == 0) 123 if (write && ret == 0) {
120 set_ping_group_range(table, range); 124 low = make_kgid(user_ns, urange[0]);
125 high = make_kgid(user_ns, urange[1]);
126 if (!gid_valid(low) || !gid_valid(high) ||
127 (urange[1] < urange[0]) || gid_lt(high, low)) {
128 low = make_kgid(&init_user_ns, 1);
129 high = make_kgid(&init_user_ns, 0);
130 }
131 set_ping_group_range(table, low, high);
132 }
121 133
122 return ret; 134 return ret;
123} 135}
@@ -220,6 +232,45 @@ static int ipv4_tcp_mem(ctl_table *ctl, int write,
220 return 0; 232 return 0;
221} 233}
222 234
235int proc_tcp_fastopen_key(ctl_table *ctl, int write, void __user *buffer,
236 size_t *lenp, loff_t *ppos)
237{
238 ctl_table tbl = { .maxlen = (TCP_FASTOPEN_KEY_LENGTH * 2 + 10) };
239 struct tcp_fastopen_context *ctxt;
240 int ret;
241 u32 user_key[4]; /* 16 bytes, matching TCP_FASTOPEN_KEY_LENGTH */
242
243 tbl.data = kmalloc(tbl.maxlen, GFP_KERNEL);
244 if (!tbl.data)
245 return -ENOMEM;
246
247 rcu_read_lock();
248 ctxt = rcu_dereference(tcp_fastopen_ctx);
249 if (ctxt)
250 memcpy(user_key, ctxt->key, TCP_FASTOPEN_KEY_LENGTH);
251 rcu_read_unlock();
252
253 snprintf(tbl.data, tbl.maxlen, "%08x-%08x-%08x-%08x",
254 user_key[0], user_key[1], user_key[2], user_key[3]);
255 ret = proc_dostring(&tbl, write, buffer, lenp, ppos);
256
257 if (write && ret == 0) {
258 if (sscanf(tbl.data, "%x-%x-%x-%x", user_key, user_key + 1,
259 user_key + 2, user_key + 3) != 4) {
260 ret = -EINVAL;
261 goto bad_key;
262 }
263 tcp_fastopen_reset_cipher(user_key, TCP_FASTOPEN_KEY_LENGTH);
264 }
265
266bad_key:
267 pr_debug("proc FO key set 0x%x-%x-%x-%x <- 0x%s: %u\n",
268 user_key[0], user_key[1], user_key[2], user_key[3],
269 (char *)tbl.data, ret);
270 kfree(tbl.data);
271 return ret;
272}
273
223static struct ctl_table ipv4_table[] = { 274static struct ctl_table ipv4_table[] = {
224 { 275 {
225 .procname = "tcp_timestamps", 276 .procname = "tcp_timestamps",
@@ -374,6 +425,12 @@ static struct ctl_table ipv4_table[] = {
374 .proc_handler = proc_dointvec, 425 .proc_handler = proc_dointvec,
375 }, 426 },
376 { 427 {
428 .procname = "tcp_fastopen_key",
429 .mode = 0600,
430 .maxlen = ((TCP_FASTOPEN_KEY_LENGTH * 2) + 10),
431 .proc_handler = proc_tcp_fastopen_key,
432 },
433 {
377 .procname = "tcp_tw_recycle", 434 .procname = "tcp_tw_recycle",
378 .data = &tcp_death_row.sysctl_tw_recycle, 435 .data = &tcp_death_row.sysctl_tw_recycle,
379 .maxlen = sizeof(int), 436 .maxlen = sizeof(int),
@@ -786,7 +843,7 @@ static struct ctl_table ipv4_net_table[] = {
786 { 843 {
787 .procname = "ping_group_range", 844 .procname = "ping_group_range",
788 .data = &init_net.ipv4.sysctl_ping_group_range, 845 .data = &init_net.ipv4.sysctl_ping_group_range,
789 .maxlen = sizeof(init_net.ipv4.sysctl_ping_group_range), 846 .maxlen = sizeof(gid_t)*2,
790 .mode = 0644, 847 .mode = 0644,
791 .proc_handler = ipv4_ping_group_range, 848 .proc_handler = ipv4_ping_group_range,
792 }, 849 },
@@ -830,8 +887,8 @@ static __net_init int ipv4_sysctl_init_net(struct net *net)
830 * Sane defaults - nobody may create ping sockets. 887 * Sane defaults - nobody may create ping sockets.
831 * Boot scripts should set this to distro-specific group. 888 * Boot scripts should set this to distro-specific group.
832 */ 889 */
833 net->ipv4.sysctl_ping_group_range[0] = 1; 890 net->ipv4.sysctl_ping_group_range[0] = make_kgid(&init_user_ns, 1);
834 net->ipv4.sysctl_ping_group_range[1] = 0; 891 net->ipv4.sysctl_ping_group_range[1] = make_kgid(&init_user_ns, 0);
835 892
836 tcp_init_mem(net); 893 tcp_init_mem(net);
837 894
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index 2109ff4a1daf..df83d744e380 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -486,8 +486,9 @@ unsigned int tcp_poll(struct file *file, struct socket *sock, poll_table *wait)
486 if (sk->sk_shutdown & RCV_SHUTDOWN) 486 if (sk->sk_shutdown & RCV_SHUTDOWN)
487 mask |= POLLIN | POLLRDNORM | POLLRDHUP; 487 mask |= POLLIN | POLLRDNORM | POLLRDHUP;
488 488
489 /* Connected? */ 489 /* Connected or passive Fast Open socket? */
490 if ((1 << sk->sk_state) & ~(TCPF_SYN_SENT | TCPF_SYN_RECV)) { 490 if (sk->sk_state != TCP_SYN_SENT &&
491 (sk->sk_state != TCP_SYN_RECV || tp->fastopen_rsk != NULL)) {
491 int target = sock_rcvlowat(sk, 0, INT_MAX); 492 int target = sock_rcvlowat(sk, 0, INT_MAX);
492 493
493 if (tp->urg_seq == tp->copied_seq && 494 if (tp->urg_seq == tp->copied_seq &&
@@ -840,10 +841,15 @@ static ssize_t do_tcp_sendpages(struct sock *sk, struct page **pages, int poffse
840 ssize_t copied; 841 ssize_t copied;
841 long timeo = sock_sndtimeo(sk, flags & MSG_DONTWAIT); 842 long timeo = sock_sndtimeo(sk, flags & MSG_DONTWAIT);
842 843
843 /* Wait for a connection to finish. */ 844 /* Wait for a connection to finish. One exception is TCP Fast Open
844 if ((1 << sk->sk_state) & ~(TCPF_ESTABLISHED | TCPF_CLOSE_WAIT)) 845 * (passive side) where data is allowed to be sent before a connection
846 * is fully established.
847 */
848 if (((1 << sk->sk_state) & ~(TCPF_ESTABLISHED | TCPF_CLOSE_WAIT)) &&
849 !tcp_passive_fastopen(sk)) {
845 if ((err = sk_stream_wait_connect(sk, &timeo)) != 0) 850 if ((err = sk_stream_wait_connect(sk, &timeo)) != 0)
846 goto out_err; 851 goto out_err;
852 }
847 853
848 clear_bit(SOCK_ASYNC_NOSPACE, &sk->sk_socket->flags); 854 clear_bit(SOCK_ASYNC_NOSPACE, &sk->sk_socket->flags);
849 855
@@ -1042,10 +1048,15 @@ int tcp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
1042 1048
1043 timeo = sock_sndtimeo(sk, flags & MSG_DONTWAIT); 1049 timeo = sock_sndtimeo(sk, flags & MSG_DONTWAIT);
1044 1050
1045 /* Wait for a connection to finish. */ 1051 /* Wait for a connection to finish. One exception is TCP Fast Open
1046 if ((1 << sk->sk_state) & ~(TCPF_ESTABLISHED | TCPF_CLOSE_WAIT)) 1052 * (passive side) where data is allowed to be sent before a connection
1053 * is fully established.
1054 */
1055 if (((1 << sk->sk_state) & ~(TCPF_ESTABLISHED | TCPF_CLOSE_WAIT)) &&
1056 !tcp_passive_fastopen(sk)) {
1047 if ((err = sk_stream_wait_connect(sk, &timeo)) != 0) 1057 if ((err = sk_stream_wait_connect(sk, &timeo)) != 0)
1048 goto do_error; 1058 goto do_error;
1059 }
1049 1060
1050 if (unlikely(tp->repair)) { 1061 if (unlikely(tp->repair)) {
1051 if (tp->repair_queue == TCP_RECV_QUEUE) { 1062 if (tp->repair_queue == TCP_RECV_QUEUE) {
@@ -2144,6 +2155,10 @@ void tcp_close(struct sock *sk, long timeout)
2144 * they look as CLOSING or LAST_ACK for Linux) 2155 * they look as CLOSING or LAST_ACK for Linux)
2145 * Probably, I missed some more holelets. 2156 * Probably, I missed some more holelets.
2146 * --ANK 2157 * --ANK
2158 * XXX (TFO) - To start off we don't support SYN+ACK+FIN
2159 * in a single packet! (May consider it later but will
2160 * probably need API support or TCP_CORK SYN-ACK until
2161 * data is written and socket is closed.)
2147 */ 2162 */
2148 tcp_send_fin(sk); 2163 tcp_send_fin(sk);
2149 } 2164 }
@@ -2215,8 +2230,16 @@ adjudge_to_death:
2215 } 2230 }
2216 } 2231 }
2217 2232
2218 if (sk->sk_state == TCP_CLOSE) 2233 if (sk->sk_state == TCP_CLOSE) {
2234 struct request_sock *req = tcp_sk(sk)->fastopen_rsk;
2235 /* We could get here with a non-NULL req if the socket is
2236 * aborted (e.g., closed with unread data) before 3WHS
2237 * finishes.
2238 */
2239 if (req != NULL)
2240 reqsk_fastopen_remove(sk, req, false);
2219 inet_csk_destroy_sock(sk); 2241 inet_csk_destroy_sock(sk);
2242 }
2220 /* Otherwise, socket is reprieved until protocol close. */ 2243 /* Otherwise, socket is reprieved until protocol close. */
2221 2244
2222out: 2245out:
@@ -2688,6 +2711,14 @@ static int do_tcp_setsockopt(struct sock *sk, int level,
2688 else 2711 else
2689 icsk->icsk_user_timeout = msecs_to_jiffies(val); 2712 icsk->icsk_user_timeout = msecs_to_jiffies(val);
2690 break; 2713 break;
2714
2715 case TCP_FASTOPEN:
2716 if (val >= 0 && ((1 << sk->sk_state) & (TCPF_CLOSE |
2717 TCPF_LISTEN)))
2718 err = fastopen_init_queue(sk, val);
2719 else
2720 err = -EINVAL;
2721 break;
2691 default: 2722 default:
2692 err = -ENOPROTOOPT; 2723 err = -ENOPROTOOPT;
2693 break; 2724 break;
@@ -3501,11 +3532,15 @@ EXPORT_SYMBOL(tcp_cookie_generator);
3501 3532
3502void tcp_done(struct sock *sk) 3533void tcp_done(struct sock *sk)
3503{ 3534{
3535 struct request_sock *req = tcp_sk(sk)->fastopen_rsk;
3536
3504 if (sk->sk_state == TCP_SYN_SENT || sk->sk_state == TCP_SYN_RECV) 3537 if (sk->sk_state == TCP_SYN_SENT || sk->sk_state == TCP_SYN_RECV)
3505 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_ATTEMPTFAILS); 3538 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_ATTEMPTFAILS);
3506 3539
3507 tcp_set_state(sk, TCP_CLOSE); 3540 tcp_set_state(sk, TCP_CLOSE);
3508 tcp_clear_xmit_timers(sk); 3541 tcp_clear_xmit_timers(sk);
3542 if (req != NULL)
3543 reqsk_fastopen_remove(sk, req, false);
3509 3544
3510 sk->sk_shutdown = SHUTDOWN_MASK; 3545 sk->sk_shutdown = SHUTDOWN_MASK;
3511 3546
diff --git a/net/ipv4/tcp_fastopen.c b/net/ipv4/tcp_fastopen.c
index a7f729c409d7..8f7ef0ad80e5 100644
--- a/net/ipv4/tcp_fastopen.c
+++ b/net/ipv4/tcp_fastopen.c
@@ -1,10 +1,91 @@
1#include <linux/err.h>
1#include <linux/init.h> 2#include <linux/init.h>
2#include <linux/kernel.h> 3#include <linux/kernel.h>
4#include <linux/list.h>
5#include <linux/tcp.h>
6#include <linux/rcupdate.h>
7#include <linux/rculist.h>
8#include <net/inetpeer.h>
9#include <net/tcp.h>
3 10
4int sysctl_tcp_fastopen; 11int sysctl_tcp_fastopen __read_mostly;
12
13struct tcp_fastopen_context __rcu *tcp_fastopen_ctx;
14
15static DEFINE_SPINLOCK(tcp_fastopen_ctx_lock);
16
17static void tcp_fastopen_ctx_free(struct rcu_head *head)
18{
19 struct tcp_fastopen_context *ctx =
20 container_of(head, struct tcp_fastopen_context, rcu);
21 crypto_free_cipher(ctx->tfm);
22 kfree(ctx);
23}
24
25int tcp_fastopen_reset_cipher(void *key, unsigned int len)
26{
27 int err;
28 struct tcp_fastopen_context *ctx, *octx;
29
30 ctx = kmalloc(sizeof(*ctx), GFP_KERNEL);
31 if (!ctx)
32 return -ENOMEM;
33 ctx->tfm = crypto_alloc_cipher("aes", 0, 0);
34
35 if (IS_ERR(ctx->tfm)) {
36 err = PTR_ERR(ctx->tfm);
37error: kfree(ctx);
38 pr_err("TCP: TFO aes cipher alloc error: %d\n", err);
39 return err;
40 }
41 err = crypto_cipher_setkey(ctx->tfm, key, len);
42 if (err) {
43 pr_err("TCP: TFO cipher key error: %d\n", err);
44 crypto_free_cipher(ctx->tfm);
45 goto error;
46 }
47 memcpy(ctx->key, key, len);
48
49 spin_lock(&tcp_fastopen_ctx_lock);
50
51 octx = rcu_dereference_protected(tcp_fastopen_ctx,
52 lockdep_is_held(&tcp_fastopen_ctx_lock));
53 rcu_assign_pointer(tcp_fastopen_ctx, ctx);
54 spin_unlock(&tcp_fastopen_ctx_lock);
55
56 if (octx)
57 call_rcu(&octx->rcu, tcp_fastopen_ctx_free);
58 return err;
59}
60
61/* Computes the fastopen cookie for the peer.
62 * The peer address is a 128 bits long (pad with zeros for IPv4).
63 *
64 * The caller must check foc->len to determine if a valid cookie
65 * has been generated successfully.
66*/
67void tcp_fastopen_cookie_gen(__be32 addr, struct tcp_fastopen_cookie *foc)
68{
69 __be32 peer_addr[4] = { addr, 0, 0, 0 };
70 struct tcp_fastopen_context *ctx;
71
72 rcu_read_lock();
73 ctx = rcu_dereference(tcp_fastopen_ctx);
74 if (ctx) {
75 crypto_cipher_encrypt_one(ctx->tfm,
76 foc->val,
77 (__u8 *)peer_addr);
78 foc->len = TCP_FASTOPEN_COOKIE_SIZE;
79 }
80 rcu_read_unlock();
81}
5 82
6static int __init tcp_fastopen_init(void) 83static int __init tcp_fastopen_init(void)
7{ 84{
85 __u8 key[TCP_FASTOPEN_KEY_LENGTH];
86
87 get_random_bytes(key, sizeof(key));
88 tcp_fastopen_reset_cipher(key, sizeof(key));
8 return 0; 89 return 0;
9} 90}
10 91
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index bcfccc5cb8d0..8c304a400798 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -378,7 +378,7 @@ static void tcp_fixup_rcvbuf(struct sock *sk)
378/* 4. Try to fixup all. It is made immediately after connection enters 378/* 4. Try to fixup all. It is made immediately after connection enters
379 * established state. 379 * established state.
380 */ 380 */
381static void tcp_init_buffer_space(struct sock *sk) 381void tcp_init_buffer_space(struct sock *sk)
382{ 382{
383 struct tcp_sock *tp = tcp_sk(sk); 383 struct tcp_sock *tp = tcp_sk(sk);
384 int maxwin; 384 int maxwin;
@@ -2930,13 +2930,14 @@ static void tcp_enter_recovery(struct sock *sk, bool ece_ack)
2930 * tcp_xmit_retransmit_queue(). 2930 * tcp_xmit_retransmit_queue().
2931 */ 2931 */
2932static void tcp_fastretrans_alert(struct sock *sk, int pkts_acked, 2932static void tcp_fastretrans_alert(struct sock *sk, int pkts_acked,
2933 int newly_acked_sacked, bool is_dupack, 2933 int prior_sacked, bool is_dupack,
2934 int flag) 2934 int flag)
2935{ 2935{
2936 struct inet_connection_sock *icsk = inet_csk(sk); 2936 struct inet_connection_sock *icsk = inet_csk(sk);
2937 struct tcp_sock *tp = tcp_sk(sk); 2937 struct tcp_sock *tp = tcp_sk(sk);
2938 int do_lost = is_dupack || ((flag & FLAG_DATA_SACKED) && 2938 int do_lost = is_dupack || ((flag & FLAG_DATA_SACKED) &&
2939 (tcp_fackets_out(tp) > tp->reordering)); 2939 (tcp_fackets_out(tp) > tp->reordering));
2940 int newly_acked_sacked = 0;
2940 int fast_rexmit = 0; 2941 int fast_rexmit = 0;
2941 2942
2942 if (WARN_ON(!tp->packets_out && tp->sacked_out)) 2943 if (WARN_ON(!tp->packets_out && tp->sacked_out))
@@ -2996,6 +2997,7 @@ static void tcp_fastretrans_alert(struct sock *sk, int pkts_acked,
2996 tcp_add_reno_sack(sk); 2997 tcp_add_reno_sack(sk);
2997 } else 2998 } else
2998 do_lost = tcp_try_undo_partial(sk, pkts_acked); 2999 do_lost = tcp_try_undo_partial(sk, pkts_acked);
3000 newly_acked_sacked = pkts_acked + tp->sacked_out - prior_sacked;
2999 break; 3001 break;
3000 case TCP_CA_Loss: 3002 case TCP_CA_Loss:
3001 if (flag & FLAG_DATA_ACKED) 3003 if (flag & FLAG_DATA_ACKED)
@@ -3017,6 +3019,7 @@ static void tcp_fastretrans_alert(struct sock *sk, int pkts_acked,
3017 if (is_dupack) 3019 if (is_dupack)
3018 tcp_add_reno_sack(sk); 3020 tcp_add_reno_sack(sk);
3019 } 3021 }
3022 newly_acked_sacked = pkts_acked + tp->sacked_out - prior_sacked;
3020 3023
3021 if (icsk->icsk_ca_state <= TCP_CA_Disorder) 3024 if (icsk->icsk_ca_state <= TCP_CA_Disorder)
3022 tcp_try_undo_dsack(sk); 3025 tcp_try_undo_dsack(sk);
@@ -3124,6 +3127,12 @@ void tcp_rearm_rto(struct sock *sk)
3124{ 3127{
3125 struct tcp_sock *tp = tcp_sk(sk); 3128 struct tcp_sock *tp = tcp_sk(sk);
3126 3129
3130 /* If the retrans timer is currently being used by Fast Open
3131 * for SYN-ACK retrans purpose, stay put.
3132 */
3133 if (tp->fastopen_rsk)
3134 return;
3135
3127 if (!tp->packets_out) { 3136 if (!tp->packets_out) {
3128 inet_csk_clear_xmit_timer(sk, ICSK_TIME_RETRANS); 3137 inet_csk_clear_xmit_timer(sk, ICSK_TIME_RETRANS);
3129 } else { 3138 } else {
@@ -3594,7 +3603,6 @@ static int tcp_ack(struct sock *sk, const struct sk_buff *skb, int flag)
3594 int prior_packets; 3603 int prior_packets;
3595 int prior_sacked = tp->sacked_out; 3604 int prior_sacked = tp->sacked_out;
3596 int pkts_acked = 0; 3605 int pkts_acked = 0;
3597 int newly_acked_sacked = 0;
3598 bool frto_cwnd = false; 3606 bool frto_cwnd = false;
3599 3607
3600 /* If the ack is older than previous acks 3608 /* If the ack is older than previous acks
@@ -3670,8 +3678,6 @@ static int tcp_ack(struct sock *sk, const struct sk_buff *skb, int flag)
3670 flag |= tcp_clean_rtx_queue(sk, prior_fackets, prior_snd_una); 3678 flag |= tcp_clean_rtx_queue(sk, prior_fackets, prior_snd_una);
3671 3679
3672 pkts_acked = prior_packets - tp->packets_out; 3680 pkts_acked = prior_packets - tp->packets_out;
3673 newly_acked_sacked = (prior_packets - prior_sacked) -
3674 (tp->packets_out - tp->sacked_out);
3675 3681
3676 if (tp->frto_counter) 3682 if (tp->frto_counter)
3677 frto_cwnd = tcp_process_frto(sk, flag); 3683 frto_cwnd = tcp_process_frto(sk, flag);
@@ -3685,7 +3691,7 @@ static int tcp_ack(struct sock *sk, const struct sk_buff *skb, int flag)
3685 tcp_may_raise_cwnd(sk, flag)) 3691 tcp_may_raise_cwnd(sk, flag))
3686 tcp_cong_avoid(sk, ack, prior_in_flight); 3692 tcp_cong_avoid(sk, ack, prior_in_flight);
3687 is_dupack = !(flag & (FLAG_SND_UNA_ADVANCED | FLAG_NOT_DUP)); 3693 is_dupack = !(flag & (FLAG_SND_UNA_ADVANCED | FLAG_NOT_DUP));
3688 tcp_fastretrans_alert(sk, pkts_acked, newly_acked_sacked, 3694 tcp_fastretrans_alert(sk, pkts_acked, prior_sacked,
3689 is_dupack, flag); 3695 is_dupack, flag);
3690 } else { 3696 } else {
3691 if ((flag & FLAG_DATA_ACKED) && !frto_cwnd) 3697 if ((flag & FLAG_DATA_ACKED) && !frto_cwnd)
@@ -3702,7 +3708,7 @@ static int tcp_ack(struct sock *sk, const struct sk_buff *skb, int flag)
3702no_queue: 3708no_queue:
3703 /* If data was DSACKed, see if we can undo a cwnd reduction. */ 3709 /* If data was DSACKed, see if we can undo a cwnd reduction. */
3704 if (flag & FLAG_DSACKING_ACK) 3710 if (flag & FLAG_DSACKING_ACK)
3705 tcp_fastretrans_alert(sk, pkts_acked, newly_acked_sacked, 3711 tcp_fastretrans_alert(sk, pkts_acked, prior_sacked,
3706 is_dupack, flag); 3712 is_dupack, flag);
3707 /* If this ack opens up a zero window, clear backoff. It was 3713 /* If this ack opens up a zero window, clear backoff. It was
3708 * being used to time the probes, and is probably far higher than 3714 * being used to time the probes, and is probably far higher than
@@ -3722,8 +3728,7 @@ old_ack:
3722 */ 3728 */
3723 if (TCP_SKB_CB(skb)->sacked) { 3729 if (TCP_SKB_CB(skb)->sacked) {
3724 flag |= tcp_sacktag_write_queue(sk, skb, prior_snd_una); 3730 flag |= tcp_sacktag_write_queue(sk, skb, prior_snd_una);
3725 newly_acked_sacked = tp->sacked_out - prior_sacked; 3731 tcp_fastretrans_alert(sk, pkts_acked, prior_sacked,
3726 tcp_fastretrans_alert(sk, pkts_acked, newly_acked_sacked,
3727 is_dupack, flag); 3732 is_dupack, flag);
3728 } 3733 }
3729 3734
@@ -4039,7 +4044,7 @@ static inline bool tcp_sequence(const struct tcp_sock *tp, u32 seq, u32 end_seq)
4039} 4044}
4040 4045
4041/* When we get a reset we do this. */ 4046/* When we get a reset we do this. */
4042static void tcp_reset(struct sock *sk) 4047void tcp_reset(struct sock *sk)
4043{ 4048{
4044 /* We want the right error as BSD sees it (and indeed as we do). */ 4049 /* We want the right error as BSD sees it (and indeed as we do). */
4045 switch (sk->sk_state) { 4050 switch (sk->sk_state) {
@@ -5896,7 +5901,9 @@ discard:
5896 tcp_send_synack(sk); 5901 tcp_send_synack(sk);
5897#if 0 5902#if 0
5898 /* Note, we could accept data and URG from this segment. 5903 /* Note, we could accept data and URG from this segment.
5899 * There are no obstacles to make this. 5904 * There are no obstacles to make this (except that we must
5905 * either change tcp_recvmsg() to prevent it from returning data
5906 * before 3WHS completes per RFC793, or employ TCP Fast Open).
5900 * 5907 *
5901 * However, if we ignore data in ACKless segments sometimes, 5908 * However, if we ignore data in ACKless segments sometimes,
5902 * we have no reasons to accept it sometimes. 5909 * we have no reasons to accept it sometimes.
@@ -5936,6 +5943,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
5936{ 5943{
5937 struct tcp_sock *tp = tcp_sk(sk); 5944 struct tcp_sock *tp = tcp_sk(sk);
5938 struct inet_connection_sock *icsk = inet_csk(sk); 5945 struct inet_connection_sock *icsk = inet_csk(sk);
5946 struct request_sock *req;
5939 int queued = 0; 5947 int queued = 0;
5940 5948
5941 tp->rx_opt.saw_tstamp = 0; 5949 tp->rx_opt.saw_tstamp = 0;
@@ -5991,7 +5999,14 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
5991 return 0; 5999 return 0;
5992 } 6000 }
5993 6001
5994 if (!tcp_validate_incoming(sk, skb, th, 0)) 6002 req = tp->fastopen_rsk;
6003 if (req != NULL) {
6004 BUG_ON(sk->sk_state != TCP_SYN_RECV &&
6005 sk->sk_state != TCP_FIN_WAIT1);
6006
6007 if (tcp_check_req(sk, skb, req, NULL, true) == NULL)
6008 goto discard;
6009 } else if (!tcp_validate_incoming(sk, skb, th, 0))
5995 return 0; 6010 return 0;
5996 6011
5997 /* step 5: check the ACK field */ 6012 /* step 5: check the ACK field */
@@ -6001,7 +6016,22 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
6001 switch (sk->sk_state) { 6016 switch (sk->sk_state) {
6002 case TCP_SYN_RECV: 6017 case TCP_SYN_RECV:
6003 if (acceptable) { 6018 if (acceptable) {
6004 tp->copied_seq = tp->rcv_nxt; 6019 /* Once we leave TCP_SYN_RECV, we no longer
6020 * need req so release it.
6021 */
6022 if (req) {
6023 reqsk_fastopen_remove(sk, req, false);
6024 } else {
6025 /* Make sure socket is routed, for
6026 * correct metrics.
6027 */
6028 icsk->icsk_af_ops->rebuild_header(sk);
6029 tcp_init_congestion_control(sk);
6030
6031 tcp_mtup_init(sk);
6032 tcp_init_buffer_space(sk);
6033 tp->copied_seq = tp->rcv_nxt;
6034 }
6005 smp_mb(); 6035 smp_mb();
6006 tcp_set_state(sk, TCP_ESTABLISHED); 6036 tcp_set_state(sk, TCP_ESTABLISHED);
6007 sk->sk_state_change(sk); 6037 sk->sk_state_change(sk);
@@ -6023,23 +6053,27 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
6023 if (tp->rx_opt.tstamp_ok) 6053 if (tp->rx_opt.tstamp_ok)
6024 tp->advmss -= TCPOLEN_TSTAMP_ALIGNED; 6054 tp->advmss -= TCPOLEN_TSTAMP_ALIGNED;
6025 6055
6026 /* Make sure socket is routed, for 6056 if (req) {
6027 * correct metrics. 6057 /* Re-arm the timer because data may
6028 */ 6058 * have been sent out. This is similar
6029 icsk->icsk_af_ops->rebuild_header(sk); 6059 * to the regular data transmission case
6030 6060 * when new data has just been ack'ed.
6031 tcp_init_metrics(sk); 6061 *
6032 6062 * (TFO) - we could try to be more
6033 tcp_init_congestion_control(sk); 6063 * aggressive and retranmitting any data
6064 * sooner based on when they were sent
6065 * out.
6066 */
6067 tcp_rearm_rto(sk);
6068 } else
6069 tcp_init_metrics(sk);
6034 6070
6035 /* Prevent spurious tcp_cwnd_restart() on 6071 /* Prevent spurious tcp_cwnd_restart() on
6036 * first data packet. 6072 * first data packet.
6037 */ 6073 */
6038 tp->lsndtime = tcp_time_stamp; 6074 tp->lsndtime = tcp_time_stamp;
6039 6075
6040 tcp_mtup_init(sk);
6041 tcp_initialize_rcv_mss(sk); 6076 tcp_initialize_rcv_mss(sk);
6042 tcp_init_buffer_space(sk);
6043 tcp_fast_path_on(tp); 6077 tcp_fast_path_on(tp);
6044 } else { 6078 } else {
6045 return 1; 6079 return 1;
@@ -6047,6 +6081,16 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
6047 break; 6081 break;
6048 6082
6049 case TCP_FIN_WAIT1: 6083 case TCP_FIN_WAIT1:
6084 /* If we enter the TCP_FIN_WAIT1 state and we are a
6085 * Fast Open socket and this is the first acceptable
6086 * ACK we have received, this would have acknowledged
6087 * our SYNACK so stop the SYNACK timer.
6088 */
6089 if (acceptable && req != NULL) {
6090 /* We no longer need the request sock. */
6091 reqsk_fastopen_remove(sk, req, false);
6092 tcp_rearm_rto(sk);
6093 }
6050 if (tp->snd_una == tp->write_seq) { 6094 if (tp->snd_una == tp->write_seq) {
6051 struct dst_entry *dst; 6095 struct dst_entry *dst;
6052 6096
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 1e15c5be04e7..e64abed249cc 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -352,6 +352,7 @@ void tcp_v4_err(struct sk_buff *icmp_skb, u32 info)
352 const int code = icmp_hdr(icmp_skb)->code; 352 const int code = icmp_hdr(icmp_skb)->code;
353 struct sock *sk; 353 struct sock *sk;
354 struct sk_buff *skb; 354 struct sk_buff *skb;
355 struct request_sock *req;
355 __u32 seq; 356 __u32 seq;
356 __u32 remaining; 357 __u32 remaining;
357 int err; 358 int err;
@@ -394,9 +395,12 @@ void tcp_v4_err(struct sk_buff *icmp_skb, u32 info)
394 395
395 icsk = inet_csk(sk); 396 icsk = inet_csk(sk);
396 tp = tcp_sk(sk); 397 tp = tcp_sk(sk);
398 req = tp->fastopen_rsk;
397 seq = ntohl(th->seq); 399 seq = ntohl(th->seq);
398 if (sk->sk_state != TCP_LISTEN && 400 if (sk->sk_state != TCP_LISTEN &&
399 !between(seq, tp->snd_una, tp->snd_nxt)) { 401 !between(seq, tp->snd_una, tp->snd_nxt) &&
402 (req == NULL || seq != tcp_rsk(req)->snt_isn)) {
403 /* For a Fast Open socket, allow seq to be snt_isn. */
400 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS); 404 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
401 goto out; 405 goto out;
402 } 406 }
@@ -435,6 +439,8 @@ void tcp_v4_err(struct sk_buff *icmp_skb, u32 info)
435 !icsk->icsk_backoff) 439 !icsk->icsk_backoff)
436 break; 440 break;
437 441
442 /* XXX (TFO) - revisit the following logic for TFO */
443
438 if (sock_owned_by_user(sk)) 444 if (sock_owned_by_user(sk))
439 break; 445 break;
440 446
@@ -466,6 +472,14 @@ void tcp_v4_err(struct sk_buff *icmp_skb, u32 info)
466 goto out; 472 goto out;
467 } 473 }
468 474
475 /* XXX (TFO) - if it's a TFO socket and has been accepted, rather
476 * than following the TCP_SYN_RECV case and closing the socket,
477 * we ignore the ICMP error and keep trying like a fully established
478 * socket. Is this the right thing to do?
479 */
480 if (req && req->sk == NULL)
481 goto out;
482
469 switch (sk->sk_state) { 483 switch (sk->sk_state) {
470 struct request_sock *req, **prev; 484 struct request_sock *req, **prev;
471 case TCP_LISTEN: 485 case TCP_LISTEN:
@@ -498,7 +512,8 @@ void tcp_v4_err(struct sk_buff *icmp_skb, u32 info)
498 512
499 case TCP_SYN_SENT: 513 case TCP_SYN_SENT:
500 case TCP_SYN_RECV: /* Cannot happen. 514 case TCP_SYN_RECV: /* Cannot happen.
501 It can f.e. if SYNs crossed. 515 It can f.e. if SYNs crossed,
516 or Fast Open.
502 */ 517 */
503 if (!sock_owned_by_user(sk)) { 518 if (!sock_owned_by_user(sk)) {
504 sk->sk_err = err; 519 sk->sk_err = err;
@@ -809,8 +824,12 @@ static void tcp_v4_timewait_ack(struct sock *sk, struct sk_buff *skb)
809static void tcp_v4_reqsk_send_ack(struct sock *sk, struct sk_buff *skb, 824static void tcp_v4_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
810 struct request_sock *req) 825 struct request_sock *req)
811{ 826{
812 tcp_v4_send_ack(skb, tcp_rsk(req)->snt_isn + 1, 827 /* sk->sk_state == TCP_LISTEN -> for regular TCP_SYN_RECV
813 tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd, 828 * sk->sk_state == TCP_SYN_RECV -> for Fast Open.
829 */
830 tcp_v4_send_ack(skb, (sk->sk_state == TCP_LISTEN) ?
831 tcp_rsk(req)->snt_isn + 1 : tcp_sk(sk)->snd_nxt,
832 tcp_rsk(req)->rcv_nxt, req->rcv_wnd,
814 req->ts_recent, 833 req->ts_recent,
815 0, 834 0,
816 tcp_md5_do_lookup(sk, (union tcp_md5_addr *)&ip_hdr(skb)->daddr, 835 tcp_md5_do_lookup(sk, (union tcp_md5_addr *)&ip_hdr(skb)->daddr,
@@ -839,7 +858,7 @@ static int tcp_v4_send_synack(struct sock *sk, struct dst_entry *dst,
839 if (!dst && (dst = inet_csk_route_req(sk, &fl4, req)) == NULL) 858 if (!dst && (dst = inet_csk_route_req(sk, &fl4, req)) == NULL)
840 return -1; 859 return -1;
841 860
842 skb = tcp_make_synack(sk, dst, req, rvp); 861 skb = tcp_make_synack(sk, dst, req, rvp, NULL);
843 862
844 if (skb) { 863 if (skb) {
845 __tcp_v4_send_check(skb, ireq->loc_addr, ireq->rmt_addr); 864 __tcp_v4_send_check(skb, ireq->loc_addr, ireq->rmt_addr);
@@ -1272,6 +1291,178 @@ static const struct tcp_request_sock_ops tcp_request_sock_ipv4_ops = {
1272}; 1291};
1273#endif 1292#endif
1274 1293
1294static bool tcp_fastopen_check(struct sock *sk, struct sk_buff *skb,
1295 struct request_sock *req,
1296 struct tcp_fastopen_cookie *foc,
1297 struct tcp_fastopen_cookie *valid_foc)
1298{
1299 bool skip_cookie = false;
1300 struct fastopen_queue *fastopenq;
1301
1302 if (likely(!fastopen_cookie_present(foc))) {
1303 /* See include/net/tcp.h for the meaning of these knobs */
1304 if ((sysctl_tcp_fastopen & TFO_SERVER_ALWAYS) ||
1305 ((sysctl_tcp_fastopen & TFO_SERVER_COOKIE_NOT_REQD) &&
1306 (TCP_SKB_CB(skb)->end_seq != TCP_SKB_CB(skb)->seq + 1)))
1307 skip_cookie = true; /* no cookie to validate */
1308 else
1309 return false;
1310 }
1311 fastopenq = inet_csk(sk)->icsk_accept_queue.fastopenq;
1312 /* A FO option is present; bump the counter. */
1313 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPFASTOPENPASSIVE);
1314
1315 /* Make sure the listener has enabled fastopen, and we don't
1316 * exceed the max # of pending TFO requests allowed before trying
1317 * to validating the cookie in order to avoid burning CPU cycles
1318 * unnecessarily.
1319 *
1320 * XXX (TFO) - The implication of checking the max_qlen before
1321 * processing a cookie request is that clients can't differentiate
1322 * between qlen overflow causing Fast Open to be disabled
1323 * temporarily vs a server not supporting Fast Open at all.
1324 */
1325 if ((sysctl_tcp_fastopen & TFO_SERVER_ENABLE) == 0 ||
1326 fastopenq == NULL || fastopenq->max_qlen == 0)
1327 return false;
1328
1329 if (fastopenq->qlen >= fastopenq->max_qlen) {
1330 struct request_sock *req1;
1331 spin_lock(&fastopenq->lock);
1332 req1 = fastopenq->rskq_rst_head;
1333 if ((req1 == NULL) || time_after(req1->expires, jiffies)) {
1334 spin_unlock(&fastopenq->lock);
1335 NET_INC_STATS_BH(sock_net(sk),
1336 LINUX_MIB_TCPFASTOPENLISTENOVERFLOW);
1337 /* Avoid bumping LINUX_MIB_TCPFASTOPENPASSIVEFAIL*/
1338 foc->len = -1;
1339 return false;
1340 }
1341 fastopenq->rskq_rst_head = req1->dl_next;
1342 fastopenq->qlen--;
1343 spin_unlock(&fastopenq->lock);
1344 reqsk_free(req1);
1345 }
1346 if (skip_cookie) {
1347 tcp_rsk(req)->rcv_nxt = TCP_SKB_CB(skb)->end_seq;
1348 return true;
1349 }
1350 if (foc->len == TCP_FASTOPEN_COOKIE_SIZE) {
1351 if ((sysctl_tcp_fastopen & TFO_SERVER_COOKIE_NOT_CHKED) == 0) {
1352 tcp_fastopen_cookie_gen(ip_hdr(skb)->saddr, valid_foc);
1353 if ((valid_foc->len != TCP_FASTOPEN_COOKIE_SIZE) ||
1354 memcmp(&foc->val[0], &valid_foc->val[0],
1355 TCP_FASTOPEN_COOKIE_SIZE) != 0)
1356 return false;
1357 valid_foc->len = -1;
1358 }
1359 /* Acknowledge the data received from the peer. */
1360 tcp_rsk(req)->rcv_nxt = TCP_SKB_CB(skb)->end_seq;
1361 return true;
1362 } else if (foc->len == 0) { /* Client requesting a cookie */
1363 tcp_fastopen_cookie_gen(ip_hdr(skb)->saddr, valid_foc);
1364 NET_INC_STATS_BH(sock_net(sk),
1365 LINUX_MIB_TCPFASTOPENCOOKIEREQD);
1366 } else {
1367 /* Client sent a cookie with wrong size. Treat it
1368 * the same as invalid and return a valid one.
1369 */
1370 tcp_fastopen_cookie_gen(ip_hdr(skb)->saddr, valid_foc);
1371 }
1372 return false;
1373}
1374
1375static int tcp_v4_conn_req_fastopen(struct sock *sk,
1376 struct sk_buff *skb,
1377 struct sk_buff *skb_synack,
1378 struct request_sock *req,
1379 struct request_values *rvp)
1380{
1381 struct tcp_sock *tp = tcp_sk(sk);
1382 struct request_sock_queue *queue = &inet_csk(sk)->icsk_accept_queue;
1383 const struct inet_request_sock *ireq = inet_rsk(req);
1384 struct sock *child;
1385
1386 req->retrans = 0;
1387 req->sk = NULL;
1388
1389 child = inet_csk(sk)->icsk_af_ops->syn_recv_sock(sk, skb, req, NULL);
1390 if (child == NULL) {
1391 NET_INC_STATS_BH(sock_net(sk),
1392 LINUX_MIB_TCPFASTOPENPASSIVEFAIL);
1393 kfree_skb(skb_synack);
1394 return -1;
1395 }
1396 ip_build_and_send_pkt(skb_synack, sk, ireq->loc_addr,
1397 ireq->rmt_addr, ireq->opt);
1398 /* XXX (TFO) - is it ok to ignore error and continue? */
1399
1400 spin_lock(&queue->fastopenq->lock);
1401 queue->fastopenq->qlen++;
1402 spin_unlock(&queue->fastopenq->lock);
1403
1404 /* Initialize the child socket. Have to fix some values to take
1405 * into account the child is a Fast Open socket and is created
1406 * only out of the bits carried in the SYN packet.
1407 */
1408 tp = tcp_sk(child);
1409
1410 tp->fastopen_rsk = req;
1411 /* Do a hold on the listner sk so that if the listener is being
1412 * closed, the child that has been accepted can live on and still
1413 * access listen_lock.
1414 */
1415 sock_hold(sk);
1416 tcp_rsk(req)->listener = sk;
1417
1418 /* RFC1323: The window in SYN & SYN/ACK segments is never
1419 * scaled. So correct it appropriately.
1420 */
1421 tp->snd_wnd = ntohs(tcp_hdr(skb)->window);
1422
1423 /* Activate the retrans timer so that SYNACK can be retransmitted.
1424 * The request socket is not added to the SYN table of the parent
1425 * because it's been added to the accept queue directly.
1426 */
1427 inet_csk_reset_xmit_timer(child, ICSK_TIME_RETRANS,
1428 TCP_TIMEOUT_INIT, TCP_RTO_MAX);
1429
1430 /* Add the child socket directly into the accept queue */
1431 inet_csk_reqsk_queue_add(sk, req, child);
1432
1433 /* Now finish processing the fastopen child socket. */
1434 inet_csk(child)->icsk_af_ops->rebuild_header(child);
1435 tcp_init_congestion_control(child);
1436 tcp_mtup_init(child);
1437 tcp_init_buffer_space(child);
1438 tcp_init_metrics(child);
1439
1440 /* Queue the data carried in the SYN packet. We need to first
1441 * bump skb's refcnt because the caller will attempt to free it.
1442 *
1443 * XXX (TFO) - we honor a zero-payload TFO request for now.
1444 * (Any reason not to?)
1445 */
1446 if (TCP_SKB_CB(skb)->end_seq == TCP_SKB_CB(skb)->seq + 1) {
1447 /* Don't queue the skb if there is no payload in SYN.
1448 * XXX (TFO) - How about SYN+FIN?
1449 */
1450 tp->rcv_nxt = TCP_SKB_CB(skb)->end_seq;
1451 } else {
1452 skb = skb_get(skb);
1453 skb_dst_drop(skb);
1454 __skb_pull(skb, tcp_hdr(skb)->doff * 4);
1455 skb_set_owner_r(skb, child);
1456 __skb_queue_tail(&child->sk_receive_queue, skb);
1457 tp->rcv_nxt = TCP_SKB_CB(skb)->end_seq;
1458 }
1459 sk->sk_data_ready(sk, 0);
1460 bh_unlock_sock(child);
1461 sock_put(child);
1462 WARN_ON(req->sk == NULL);
1463 return 0;
1464}
1465
1275int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb) 1466int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
1276{ 1467{
1277 struct tcp_extend_values tmp_ext; 1468 struct tcp_extend_values tmp_ext;
@@ -1285,6 +1476,11 @@ int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
1285 __be32 daddr = ip_hdr(skb)->daddr; 1476 __be32 daddr = ip_hdr(skb)->daddr;
1286 __u32 isn = TCP_SKB_CB(skb)->when; 1477 __u32 isn = TCP_SKB_CB(skb)->when;
1287 bool want_cookie = false; 1478 bool want_cookie = false;
1479 struct flowi4 fl4;
1480 struct tcp_fastopen_cookie foc = { .len = -1 };
1481 struct tcp_fastopen_cookie valid_foc = { .len = -1 };
1482 struct sk_buff *skb_synack;
1483 int do_fastopen;
1288 1484
1289 /* Never answer to SYNs send to broadcast or multicast */ 1485 /* Never answer to SYNs send to broadcast or multicast */
1290 if (skb_rtable(skb)->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST)) 1486 if (skb_rtable(skb)->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST))
@@ -1319,7 +1515,8 @@ int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
1319 tcp_clear_options(&tmp_opt); 1515 tcp_clear_options(&tmp_opt);
1320 tmp_opt.mss_clamp = TCP_MSS_DEFAULT; 1516 tmp_opt.mss_clamp = TCP_MSS_DEFAULT;
1321 tmp_opt.user_mss = tp->rx_opt.user_mss; 1517 tmp_opt.user_mss = tp->rx_opt.user_mss;
1322 tcp_parse_options(skb, &tmp_opt, &hash_location, 0, NULL); 1518 tcp_parse_options(skb, &tmp_opt, &hash_location, 0,
1519 want_cookie ? NULL : &foc);
1323 1520
1324 if (tmp_opt.cookie_plus > 0 && 1521 if (tmp_opt.cookie_plus > 0 &&
1325 tmp_opt.saw_tstamp && 1522 tmp_opt.saw_tstamp &&
@@ -1377,8 +1574,6 @@ int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
1377 isn = cookie_v4_init_sequence(sk, skb, &req->mss); 1574 isn = cookie_v4_init_sequence(sk, skb, &req->mss);
1378 req->cookie_ts = tmp_opt.tstamp_ok; 1575 req->cookie_ts = tmp_opt.tstamp_ok;
1379 } else if (!isn) { 1576 } else if (!isn) {
1380 struct flowi4 fl4;
1381
1382 /* VJ's idea. We save last timestamp seen 1577 /* VJ's idea. We save last timestamp seen
1383 * from the destination in peer table, when entering 1578 * from the destination in peer table, when entering
1384 * state TIME-WAIT, and check against it before 1579 * state TIME-WAIT, and check against it before
@@ -1419,14 +1614,52 @@ int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
1419 tcp_rsk(req)->snt_isn = isn; 1614 tcp_rsk(req)->snt_isn = isn;
1420 tcp_rsk(req)->snt_synack = tcp_time_stamp; 1615 tcp_rsk(req)->snt_synack = tcp_time_stamp;
1421 1616
1422 if (tcp_v4_send_synack(sk, dst, req, 1617 if (dst == NULL) {
1423 (struct request_values *)&tmp_ext, 1618 dst = inet_csk_route_req(sk, &fl4, req);
1424 skb_get_queue_mapping(skb), 1619 if (dst == NULL)
1425 want_cookie) || 1620 goto drop_and_free;
1426 want_cookie) 1621 }
1622 do_fastopen = tcp_fastopen_check(sk, skb, req, &foc, &valid_foc);
1623
1624 /* We don't call tcp_v4_send_synack() directly because we need
1625 * to make sure a child socket can be created successfully before
1626 * sending back synack!
1627 *
1628 * XXX (TFO) - Ideally one would simply call tcp_v4_send_synack()
1629 * (or better yet, call tcp_send_synack() in the child context
1630 * directly, but will have to fix bunch of other code first)
1631 * after syn_recv_sock() except one will need to first fix the
1632 * latter to remove its dependency on the current implementation
1633 * of tcp_v4_send_synack()->tcp_select_initial_window().
1634 */
1635 skb_synack = tcp_make_synack(sk, dst, req,
1636 (struct request_values *)&tmp_ext,
1637 fastopen_cookie_present(&valid_foc) ? &valid_foc : NULL);
1638
1639 if (skb_synack) {
1640 __tcp_v4_send_check(skb_synack, ireq->loc_addr, ireq->rmt_addr);
1641 skb_set_queue_mapping(skb_synack, skb_get_queue_mapping(skb));
1642 } else
1643 goto drop_and_free;
1644
1645 if (likely(!do_fastopen)) {
1646 int err;
1647 err = ip_build_and_send_pkt(skb_synack, sk, ireq->loc_addr,
1648 ireq->rmt_addr, ireq->opt);
1649 err = net_xmit_eval(err);
1650 if (err || want_cookie)
1651 goto drop_and_free;
1652
1653 tcp_rsk(req)->listener = NULL;
1654 /* Add the request_sock to the SYN table */
1655 inet_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT);
1656 if (fastopen_cookie_present(&foc) && foc.len != 0)
1657 NET_INC_STATS_BH(sock_net(sk),
1658 LINUX_MIB_TCPFASTOPENPASSIVEFAIL);
1659 } else if (tcp_v4_conn_req_fastopen(sk, skb, skb_synack, req,
1660 (struct request_values *)&tmp_ext))
1427 goto drop_and_free; 1661 goto drop_and_free;
1428 1662
1429 inet_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT);
1430 return 0; 1663 return 0;
1431 1664
1432drop_and_release: 1665drop_and_release:
@@ -1554,7 +1787,7 @@ static struct sock *tcp_v4_hnd_req(struct sock *sk, struct sk_buff *skb)
1554 struct request_sock *req = inet_csk_search_req(sk, &prev, th->source, 1787 struct request_sock *req = inet_csk_search_req(sk, &prev, th->source,
1555 iph->saddr, iph->daddr); 1788 iph->saddr, iph->daddr);
1556 if (req) 1789 if (req)
1557 return tcp_check_req(sk, skb, req, prev); 1790 return tcp_check_req(sk, skb, req, prev, false);
1558 1791
1559 nsk = inet_lookup_established(sock_net(sk), &tcp_hashinfo, iph->saddr, 1792 nsk = inet_lookup_established(sock_net(sk), &tcp_hashinfo, iph->saddr,
1560 th->source, iph->daddr, th->dest, inet_iif(skb)); 1793 th->source, iph->daddr, th->dest, inet_iif(skb));
@@ -1977,6 +2210,7 @@ void tcp_v4_destroy_sock(struct sock *sk)
1977 tcp_cookie_values_release); 2210 tcp_cookie_values_release);
1978 tp->cookie_values = NULL; 2211 tp->cookie_values = NULL;
1979 } 2212 }
2213 BUG_ON(tp->fastopen_rsk != NULL);
1980 2214
1981 /* If socket is aborted during connect operation */ 2215 /* If socket is aborted during connect operation */
1982 tcp_free_fastopen_req(tp); 2216 tcp_free_fastopen_req(tp);
@@ -2393,7 +2627,7 @@ void tcp_proc_unregister(struct net *net, struct tcp_seq_afinfo *afinfo)
2393EXPORT_SYMBOL(tcp_proc_unregister); 2627EXPORT_SYMBOL(tcp_proc_unregister);
2394 2628
2395static void get_openreq4(const struct sock *sk, const struct request_sock *req, 2629static void get_openreq4(const struct sock *sk, const struct request_sock *req,
2396 struct seq_file *f, int i, int uid, int *len) 2630 struct seq_file *f, int i, kuid_t uid, int *len)
2397{ 2631{
2398 const struct inet_request_sock *ireq = inet_rsk(req); 2632 const struct inet_request_sock *ireq = inet_rsk(req);
2399 long delta = req->expires - jiffies; 2633 long delta = req->expires - jiffies;
@@ -2410,7 +2644,7 @@ static void get_openreq4(const struct sock *sk, const struct request_sock *req,
2410 1, /* timers active (only the expire timer) */ 2644 1, /* timers active (only the expire timer) */
2411 jiffies_delta_to_clock_t(delta), 2645 jiffies_delta_to_clock_t(delta),
2412 req->retrans, 2646 req->retrans,
2413 uid, 2647 from_kuid_munged(seq_user_ns(f), uid),
2414 0, /* non standard timer */ 2648 0, /* non standard timer */
2415 0, /* open_requests have no inode */ 2649 0, /* open_requests have no inode */
2416 atomic_read(&sk->sk_refcnt), 2650 atomic_read(&sk->sk_refcnt),
@@ -2425,6 +2659,7 @@ static void get_tcp4_sock(struct sock *sk, struct seq_file *f, int i, int *len)
2425 const struct tcp_sock *tp = tcp_sk(sk); 2659 const struct tcp_sock *tp = tcp_sk(sk);
2426 const struct inet_connection_sock *icsk = inet_csk(sk); 2660 const struct inet_connection_sock *icsk = inet_csk(sk);
2427 const struct inet_sock *inet = inet_sk(sk); 2661 const struct inet_sock *inet = inet_sk(sk);
2662 struct fastopen_queue *fastopenq = icsk->icsk_accept_queue.fastopenq;
2428 __be32 dest = inet->inet_daddr; 2663 __be32 dest = inet->inet_daddr;
2429 __be32 src = inet->inet_rcv_saddr; 2664 __be32 src = inet->inet_rcv_saddr;
2430 __u16 destp = ntohs(inet->inet_dport); 2665 __u16 destp = ntohs(inet->inet_dport);
@@ -2461,7 +2696,7 @@ static void get_tcp4_sock(struct sock *sk, struct seq_file *f, int i, int *len)
2461 timer_active, 2696 timer_active,
2462 jiffies_delta_to_clock_t(timer_expires - jiffies), 2697 jiffies_delta_to_clock_t(timer_expires - jiffies),
2463 icsk->icsk_retransmits, 2698 icsk->icsk_retransmits,
2464 sock_i_uid(sk), 2699 from_kuid_munged(seq_user_ns(f), sock_i_uid(sk)),
2465 icsk->icsk_probes_out, 2700 icsk->icsk_probes_out,
2466 sock_i_ino(sk), 2701 sock_i_ino(sk),
2467 atomic_read(&sk->sk_refcnt), sk, 2702 atomic_read(&sk->sk_refcnt), sk,
@@ -2469,7 +2704,9 @@ static void get_tcp4_sock(struct sock *sk, struct seq_file *f, int i, int *len)
2469 jiffies_to_clock_t(icsk->icsk_ack.ato), 2704 jiffies_to_clock_t(icsk->icsk_ack.ato),
2470 (icsk->icsk_ack.quick << 1) | icsk->icsk_ack.pingpong, 2705 (icsk->icsk_ack.quick << 1) | icsk->icsk_ack.pingpong,
2471 tp->snd_cwnd, 2706 tp->snd_cwnd,
2472 tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh, 2707 sk->sk_state == TCP_LISTEN ?
2708 (fastopenq ? fastopenq->max_qlen : 0) :
2709 (tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh),
2473 len); 2710 len);
2474} 2711}
2475 2712
diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c
index 6ff7f10dce9d..e965319d610b 100644
--- a/net/ipv4/tcp_minisocks.c
+++ b/net/ipv4/tcp_minisocks.c
@@ -507,6 +507,7 @@ struct sock *tcp_create_openreq_child(struct sock *sk, struct request_sock *req,
507 newicsk->icsk_ack.last_seg_size = skb->len - newtp->tcp_header_len; 507 newicsk->icsk_ack.last_seg_size = skb->len - newtp->tcp_header_len;
508 newtp->rx_opt.mss_clamp = req->mss; 508 newtp->rx_opt.mss_clamp = req->mss;
509 TCP_ECN_openreq_child(newtp, req); 509 TCP_ECN_openreq_child(newtp, req);
510 newtp->fastopen_rsk = NULL;
510 511
511 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_PASSIVEOPENS); 512 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_PASSIVEOPENS);
512 } 513 }
@@ -515,13 +516,18 @@ struct sock *tcp_create_openreq_child(struct sock *sk, struct request_sock *req,
515EXPORT_SYMBOL(tcp_create_openreq_child); 516EXPORT_SYMBOL(tcp_create_openreq_child);
516 517
517/* 518/*
518 * Process an incoming packet for SYN_RECV sockets represented 519 * Process an incoming packet for SYN_RECV sockets represented as a
519 * as a request_sock. 520 * request_sock. Normally sk is the listener socket but for TFO it
521 * points to the child socket.
522 *
523 * XXX (TFO) - The current impl contains a special check for ack
524 * validation and inside tcp_v4_reqsk_send_ack(). Can we do better?
520 */ 525 */
521 526
522struct sock *tcp_check_req(struct sock *sk, struct sk_buff *skb, 527struct sock *tcp_check_req(struct sock *sk, struct sk_buff *skb,
523 struct request_sock *req, 528 struct request_sock *req,
524 struct request_sock **prev) 529 struct request_sock **prev,
530 bool fastopen)
525{ 531{
526 struct tcp_options_received tmp_opt; 532 struct tcp_options_received tmp_opt;
527 const u8 *hash_location; 533 const u8 *hash_location;
@@ -530,6 +536,8 @@ struct sock *tcp_check_req(struct sock *sk, struct sk_buff *skb,
530 __be32 flg = tcp_flag_word(th) & (TCP_FLAG_RST|TCP_FLAG_SYN|TCP_FLAG_ACK); 536 __be32 flg = tcp_flag_word(th) & (TCP_FLAG_RST|TCP_FLAG_SYN|TCP_FLAG_ACK);
531 bool paws_reject = false; 537 bool paws_reject = false;
532 538
539 BUG_ON(fastopen == (sk->sk_state == TCP_LISTEN));
540
533 tmp_opt.saw_tstamp = 0; 541 tmp_opt.saw_tstamp = 0;
534 if (th->doff > (sizeof(struct tcphdr)>>2)) { 542 if (th->doff > (sizeof(struct tcphdr)>>2)) {
535 tcp_parse_options(skb, &tmp_opt, &hash_location, 0, NULL); 543 tcp_parse_options(skb, &tmp_opt, &hash_location, 0, NULL);
@@ -565,6 +573,9 @@ struct sock *tcp_check_req(struct sock *sk, struct sk_buff *skb,
565 * 573 *
566 * Enforce "SYN-ACK" according to figure 8, figure 6 574 * Enforce "SYN-ACK" according to figure 8, figure 6
567 * of RFC793, fixed by RFC1122. 575 * of RFC793, fixed by RFC1122.
576 *
577 * Note that even if there is new data in the SYN packet
578 * they will be thrown away too.
568 */ 579 */
569 req->rsk_ops->rtx_syn_ack(sk, req, NULL); 580 req->rsk_ops->rtx_syn_ack(sk, req, NULL);
570 return NULL; 581 return NULL;
@@ -622,9 +633,12 @@ struct sock *tcp_check_req(struct sock *sk, struct sk_buff *skb,
622 * sent (the segment carries an unacceptable ACK) ... 633 * sent (the segment carries an unacceptable ACK) ...
623 * a reset is sent." 634 * a reset is sent."
624 * 635 *
625 * Invalid ACK: reset will be sent by listening socket 636 * Invalid ACK: reset will be sent by listening socket.
637 * Note that the ACK validity check for a Fast Open socket is done
638 * elsewhere and is checked directly against the child socket rather
639 * than req because user data may have been sent out.
626 */ 640 */
627 if ((flg & TCP_FLAG_ACK) && 641 if ((flg & TCP_FLAG_ACK) && !fastopen &&
628 (TCP_SKB_CB(skb)->ack_seq != 642 (TCP_SKB_CB(skb)->ack_seq !=
629 tcp_rsk(req)->snt_isn + 1 + tcp_s_data_size(tcp_sk(sk)))) 643 tcp_rsk(req)->snt_isn + 1 + tcp_s_data_size(tcp_sk(sk))))
630 return sk; 644 return sk;
@@ -637,7 +651,7 @@ struct sock *tcp_check_req(struct sock *sk, struct sk_buff *skb,
637 /* RFC793: "first check sequence number". */ 651 /* RFC793: "first check sequence number". */
638 652
639 if (paws_reject || !tcp_in_window(TCP_SKB_CB(skb)->seq, TCP_SKB_CB(skb)->end_seq, 653 if (paws_reject || !tcp_in_window(TCP_SKB_CB(skb)->seq, TCP_SKB_CB(skb)->end_seq,
640 tcp_rsk(req)->rcv_isn + 1, tcp_rsk(req)->rcv_isn + 1 + req->rcv_wnd)) { 654 tcp_rsk(req)->rcv_nxt, tcp_rsk(req)->rcv_nxt + req->rcv_wnd)) {
641 /* Out of window: send ACK and drop. */ 655 /* Out of window: send ACK and drop. */
642 if (!(flg & TCP_FLAG_RST)) 656 if (!(flg & TCP_FLAG_RST))
643 req->rsk_ops->send_ack(sk, skb, req); 657 req->rsk_ops->send_ack(sk, skb, req);
@@ -648,7 +662,7 @@ struct sock *tcp_check_req(struct sock *sk, struct sk_buff *skb,
648 662
649 /* In sequence, PAWS is OK. */ 663 /* In sequence, PAWS is OK. */
650 664
651 if (tmp_opt.saw_tstamp && !after(TCP_SKB_CB(skb)->seq, tcp_rsk(req)->rcv_isn + 1)) 665 if (tmp_opt.saw_tstamp && !after(TCP_SKB_CB(skb)->seq, tcp_rsk(req)->rcv_nxt))
652 req->ts_recent = tmp_opt.rcv_tsval; 666 req->ts_recent = tmp_opt.rcv_tsval;
653 667
654 if (TCP_SKB_CB(skb)->seq == tcp_rsk(req)->rcv_isn) { 668 if (TCP_SKB_CB(skb)->seq == tcp_rsk(req)->rcv_isn) {
@@ -667,10 +681,19 @@ struct sock *tcp_check_req(struct sock *sk, struct sk_buff *skb,
667 681
668 /* ACK sequence verified above, just make sure ACK is 682 /* ACK sequence verified above, just make sure ACK is
669 * set. If ACK not set, just silently drop the packet. 683 * set. If ACK not set, just silently drop the packet.
684 *
685 * XXX (TFO) - if we ever allow "data after SYN", the
686 * following check needs to be removed.
670 */ 687 */
671 if (!(flg & TCP_FLAG_ACK)) 688 if (!(flg & TCP_FLAG_ACK))
672 return NULL; 689 return NULL;
673 690
691 /* For Fast Open no more processing is needed (sk is the
692 * child socket).
693 */
694 if (fastopen)
695 return sk;
696
674 /* While TCP_DEFER_ACCEPT is active, drop bare ACK. */ 697 /* While TCP_DEFER_ACCEPT is active, drop bare ACK. */
675 if (req->retrans < inet_csk(sk)->icsk_accept_queue.rskq_defer_accept && 698 if (req->retrans < inet_csk(sk)->icsk_accept_queue.rskq_defer_accept &&
676 TCP_SKB_CB(skb)->end_seq == tcp_rsk(req)->rcv_isn + 1) { 699 TCP_SKB_CB(skb)->end_seq == tcp_rsk(req)->rcv_isn + 1) {
@@ -706,11 +729,21 @@ listen_overflow:
706 } 729 }
707 730
708embryonic_reset: 731embryonic_reset:
709 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_EMBRYONICRSTS); 732 if (!(flg & TCP_FLAG_RST)) {
710 if (!(flg & TCP_FLAG_RST)) 733 /* Received a bad SYN pkt - for TFO We try not to reset
734 * the local connection unless it's really necessary to
735 * avoid becoming vulnerable to outside attack aiming at
736 * resetting legit local connections.
737 */
711 req->rsk_ops->send_reset(sk, skb); 738 req->rsk_ops->send_reset(sk, skb);
712 739 } else if (fastopen) { /* received a valid RST pkt */
713 inet_csk_reqsk_queue_drop(sk, req, prev); 740 reqsk_fastopen_remove(sk, req, true);
741 tcp_reset(sk);
742 }
743 if (!fastopen) {
744 inet_csk_reqsk_queue_drop(sk, req, prev);
745 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_EMBRYONICRSTS);
746 }
714 return NULL; 747 return NULL;
715} 748}
716EXPORT_SYMBOL(tcp_check_req); 749EXPORT_SYMBOL(tcp_check_req);
@@ -719,6 +752,12 @@ EXPORT_SYMBOL(tcp_check_req);
719 * Queue segment on the new socket if the new socket is active, 752 * Queue segment on the new socket if the new socket is active,
720 * otherwise we just shortcircuit this and continue with 753 * otherwise we just shortcircuit this and continue with
721 * the new socket. 754 * the new socket.
755 *
756 * For the vast majority of cases child->sk_state will be TCP_SYN_RECV
757 * when entering. But other states are possible due to a race condition
758 * where after __inet_lookup_established() fails but before the listener
759 * locked is obtained, other packets cause the same connection to
760 * be created.
722 */ 761 */
723 762
724int tcp_child_process(struct sock *parent, struct sock *child, 763int tcp_child_process(struct sock *parent, struct sock *child,
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index d04632673a9e..9383b51f3efc 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -702,7 +702,8 @@ static unsigned int tcp_synack_options(struct sock *sk,
702 unsigned int mss, struct sk_buff *skb, 702 unsigned int mss, struct sk_buff *skb,
703 struct tcp_out_options *opts, 703 struct tcp_out_options *opts,
704 struct tcp_md5sig_key **md5, 704 struct tcp_md5sig_key **md5,
705 struct tcp_extend_values *xvp) 705 struct tcp_extend_values *xvp,
706 struct tcp_fastopen_cookie *foc)
706{ 707{
707 struct inet_request_sock *ireq = inet_rsk(req); 708 struct inet_request_sock *ireq = inet_rsk(req);
708 unsigned int remaining = MAX_TCP_OPTION_SPACE; 709 unsigned int remaining = MAX_TCP_OPTION_SPACE;
@@ -747,7 +748,15 @@ static unsigned int tcp_synack_options(struct sock *sk,
747 if (unlikely(!ireq->tstamp_ok)) 748 if (unlikely(!ireq->tstamp_ok))
748 remaining -= TCPOLEN_SACKPERM_ALIGNED; 749 remaining -= TCPOLEN_SACKPERM_ALIGNED;
749 } 750 }
750 751 if (foc != NULL) {
752 u32 need = TCPOLEN_EXP_FASTOPEN_BASE + foc->len;
753 need = (need + 3) & ~3U; /* Align to 32 bits */
754 if (remaining >= need) {
755 opts->options |= OPTION_FAST_OPEN_COOKIE;
756 opts->fastopen_cookie = foc;
757 remaining -= need;
758 }
759 }
751 /* Similar rationale to tcp_syn_options() applies here, too. 760 /* Similar rationale to tcp_syn_options() applies here, too.
752 * If the <SYN> options fit, the same options should fit now! 761 * If the <SYN> options fit, the same options should fit now!
753 */ 762 */
@@ -2658,7 +2667,8 @@ int tcp_send_synack(struct sock *sk)
2658 */ 2667 */
2659struct sk_buff *tcp_make_synack(struct sock *sk, struct dst_entry *dst, 2668struct sk_buff *tcp_make_synack(struct sock *sk, struct dst_entry *dst,
2660 struct request_sock *req, 2669 struct request_sock *req,
2661 struct request_values *rvp) 2670 struct request_values *rvp,
2671 struct tcp_fastopen_cookie *foc)
2662{ 2672{
2663 struct tcp_out_options opts; 2673 struct tcp_out_options opts;
2664 struct tcp_extend_values *xvp = tcp_xv(rvp); 2674 struct tcp_extend_values *xvp = tcp_xv(rvp);
@@ -2718,7 +2728,7 @@ struct sk_buff *tcp_make_synack(struct sock *sk, struct dst_entry *dst,
2718#endif 2728#endif
2719 TCP_SKB_CB(skb)->when = tcp_time_stamp; 2729 TCP_SKB_CB(skb)->when = tcp_time_stamp;
2720 tcp_header_size = tcp_synack_options(sk, req, mss, 2730 tcp_header_size = tcp_synack_options(sk, req, mss,
2721 skb, &opts, &md5, xvp) 2731 skb, &opts, &md5, xvp, foc)
2722 + sizeof(*th); 2732 + sizeof(*th);
2723 2733
2724 skb_push(skb, tcp_header_size); 2734 skb_push(skb, tcp_header_size);
@@ -2772,7 +2782,8 @@ struct sk_buff *tcp_make_synack(struct sock *sk, struct dst_entry *dst,
2772 } 2782 }
2773 2783
2774 th->seq = htonl(TCP_SKB_CB(skb)->seq); 2784 th->seq = htonl(TCP_SKB_CB(skb)->seq);
2775 th->ack_seq = htonl(tcp_rsk(req)->rcv_isn + 1); 2785 /* XXX data is queued and acked as is. No buffer/window check */
2786 th->ack_seq = htonl(tcp_rsk(req)->rcv_nxt);
2776 2787
2777 /* RFC1323: The window in SYN & SYN/ACK segments is never scaled. */ 2788 /* RFC1323: The window in SYN & SYN/ACK segments is never scaled. */
2778 th->window = htons(min(req->rcv_wnd, 65535U)); 2789 th->window = htons(min(req->rcv_wnd, 65535U));
diff --git a/net/ipv4/tcp_timer.c b/net/ipv4/tcp_timer.c
index b774a03bd1dc..fc04711e80c8 100644
--- a/net/ipv4/tcp_timer.c
+++ b/net/ipv4/tcp_timer.c
@@ -305,6 +305,35 @@ static void tcp_probe_timer(struct sock *sk)
305} 305}
306 306
307/* 307/*
308 * Timer for Fast Open socket to retransmit SYNACK. Note that the
309 * sk here is the child socket, not the parent (listener) socket.
310 */
311static void tcp_fastopen_synack_timer(struct sock *sk)
312{
313 struct inet_connection_sock *icsk = inet_csk(sk);
314 int max_retries = icsk->icsk_syn_retries ? :
315 sysctl_tcp_synack_retries + 1; /* add one more retry for fastopen */
316 struct request_sock *req;
317
318 req = tcp_sk(sk)->fastopen_rsk;
319 req->rsk_ops->syn_ack_timeout(sk, req);
320
321 if (req->retrans >= max_retries) {
322 tcp_write_err(sk);
323 return;
324 }
325 /* XXX (TFO) - Unlike regular SYN-ACK retransmit, we ignore error
326 * returned from rtx_syn_ack() to make it more persistent like
327 * regular retransmit because if the child socket has been accepted
328 * it's not good to give up too easily.
329 */
330 req->rsk_ops->rtx_syn_ack(sk, req, NULL);
331 req->retrans++;
332 inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS,
333 TCP_TIMEOUT_INIT << req->retrans, TCP_RTO_MAX);
334}
335
336/*
308 * The TCP retransmit timer. 337 * The TCP retransmit timer.
309 */ 338 */
310 339
@@ -317,7 +346,15 @@ void tcp_retransmit_timer(struct sock *sk)
317 tcp_resume_early_retransmit(sk); 346 tcp_resume_early_retransmit(sk);
318 return; 347 return;
319 } 348 }
320 349 if (tp->fastopen_rsk) {
350 BUG_ON(sk->sk_state != TCP_SYN_RECV &&
351 sk->sk_state != TCP_FIN_WAIT1);
352 tcp_fastopen_synack_timer(sk);
353 /* Before we receive ACK to our SYN-ACK don't retransmit
354 * anything else (e.g., data or FIN segments).
355 */
356 return;
357 }
321 if (!tp->packets_out) 358 if (!tp->packets_out)
322 goto out; 359 goto out;
323 360
diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
index 6f6d1aca3c3d..c4e64328d8ba 100644
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -2110,7 +2110,9 @@ static void udp4_format_sock(struct sock *sp, struct seq_file *f,
2110 bucket, src, srcp, dest, destp, sp->sk_state, 2110 bucket, src, srcp, dest, destp, sp->sk_state,
2111 sk_wmem_alloc_get(sp), 2111 sk_wmem_alloc_get(sp),
2112 sk_rmem_alloc_get(sp), 2112 sk_rmem_alloc_get(sp),
2113 0, 0L, 0, sock_i_uid(sp), 0, sock_i_ino(sp), 2113 0, 0L, 0,
2114 from_kuid_munged(seq_user_ns(f), sock_i_uid(sp)),
2115 0, sock_i_ino(sp),
2114 atomic_read(&sp->sk_refcnt), sp, 2116 atomic_read(&sp->sk_refcnt), sp,
2115 atomic_read(&sp->sk_drops), len); 2117 atomic_read(&sp->sk_drops), len);
2116} 2118}
diff --git a/net/ipv4/udp_diag.c b/net/ipv4/udp_diag.c
index 16d0960062be..d2f336ea82ca 100644
--- a/net/ipv4/udp_diag.c
+++ b/net/ipv4/udp_diag.c
@@ -24,7 +24,9 @@ static int sk_diag_dump(struct sock *sk, struct sk_buff *skb,
24 if (!inet_diag_bc_sk(bc, sk)) 24 if (!inet_diag_bc_sk(bc, sk))
25 return 0; 25 return 0;
26 26
27 return inet_sk_diag_fill(sk, NULL, skb, req, NETLINK_CB(cb->skb).pid, 27 return inet_sk_diag_fill(sk, NULL, skb, req,
28 sk_user_ns(NETLINK_CB(cb->skb).ssk),
29 NETLINK_CB(cb->skb).pid,
28 cb->nlh->nlmsg_seq, NLM_F_MULTI, cb->nlh); 30 cb->nlh->nlmsg_seq, NLM_F_MULTI, cb->nlh);
29} 31}
30 32
@@ -69,6 +71,7 @@ static int udp_dump_one(struct udp_table *tbl, struct sk_buff *in_skb,
69 goto out; 71 goto out;
70 72
71 err = inet_sk_diag_fill(sk, NULL, rep, req, 73 err = inet_sk_diag_fill(sk, NULL, rep, req,
74 sk_user_ns(NETLINK_CB(in_skb).ssk),
72 NETLINK_CB(in_skb).pid, 75 NETLINK_CB(in_skb).pid,
73 nlh->nlmsg_seq, 0, nlh); 76 nlh->nlmsg_seq, 0, nlh);
74 if (err < 0) { 77 if (err < 0) {
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 19d4bffda9d7..572cb660837b 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -127,8 +127,8 @@ static inline void addrconf_sysctl_unregister(struct inet6_dev *idev)
127#endif 127#endif
128 128
129#ifdef CONFIG_IPV6_PRIVACY 129#ifdef CONFIG_IPV6_PRIVACY
130static int __ipv6_regen_rndid(struct inet6_dev *idev); 130static void __ipv6_regen_rndid(struct inet6_dev *idev);
131static int __ipv6_try_regen_rndid(struct inet6_dev *idev, struct in6_addr *tmpaddr); 131static void __ipv6_try_regen_rndid(struct inet6_dev *idev, struct in6_addr *tmpaddr);
132static void ipv6_regen_rndid(unsigned long data); 132static void ipv6_regen_rndid(unsigned long data);
133#endif 133#endif
134 134
@@ -852,16 +852,7 @@ retry:
852 } 852 }
853 in6_ifa_hold(ifp); 853 in6_ifa_hold(ifp);
854 memcpy(addr.s6_addr, ifp->addr.s6_addr, 8); 854 memcpy(addr.s6_addr, ifp->addr.s6_addr, 8);
855 if (__ipv6_try_regen_rndid(idev, tmpaddr) < 0) { 855 __ipv6_try_regen_rndid(idev, tmpaddr);
856 spin_unlock_bh(&ifp->lock);
857 write_unlock(&idev->lock);
858 pr_warn("%s: regeneration of randomized interface id failed\n",
859 __func__);
860 in6_ifa_put(ifp);
861 in6_dev_put(idev);
862 ret = -1;
863 goto out;
864 }
865 memcpy(&addr.s6_addr[8], idev->rndid, 8); 856 memcpy(&addr.s6_addr[8], idev->rndid, 8);
866 age = (now - ifp->tstamp) / HZ; 857 age = (now - ifp->tstamp) / HZ;
867 tmp_valid_lft = min_t(__u32, 858 tmp_valid_lft = min_t(__u32,
@@ -1600,7 +1591,7 @@ static int ipv6_inherit_eui64(u8 *eui, struct inet6_dev *idev)
1600 1591
1601#ifdef CONFIG_IPV6_PRIVACY 1592#ifdef CONFIG_IPV6_PRIVACY
1602/* (re)generation of randomized interface identifier (RFC 3041 3.2, 3.5) */ 1593/* (re)generation of randomized interface identifier (RFC 3041 3.2, 3.5) */
1603static int __ipv6_regen_rndid(struct inet6_dev *idev) 1594static void __ipv6_regen_rndid(struct inet6_dev *idev)
1604{ 1595{
1605regen: 1596regen:
1606 get_random_bytes(idev->rndid, sizeof(idev->rndid)); 1597 get_random_bytes(idev->rndid, sizeof(idev->rndid));
@@ -1627,8 +1618,6 @@ regen:
1627 if ((idev->rndid[2]|idev->rndid[3]|idev->rndid[4]|idev->rndid[5]|idev->rndid[6]|idev->rndid[7]) == 0x00) 1618 if ((idev->rndid[2]|idev->rndid[3]|idev->rndid[4]|idev->rndid[5]|idev->rndid[6]|idev->rndid[7]) == 0x00)
1628 goto regen; 1619 goto regen;
1629 } 1620 }
1630
1631 return 0;
1632} 1621}
1633 1622
1634static void ipv6_regen_rndid(unsigned long data) 1623static void ipv6_regen_rndid(unsigned long data)
@@ -1642,8 +1631,7 @@ static void ipv6_regen_rndid(unsigned long data)
1642 if (idev->dead) 1631 if (idev->dead)
1643 goto out; 1632 goto out;
1644 1633
1645 if (__ipv6_regen_rndid(idev) < 0) 1634 __ipv6_regen_rndid(idev);
1646 goto out;
1647 1635
1648 expires = jiffies + 1636 expires = jiffies +
1649 idev->cnf.temp_prefered_lft * HZ - 1637 idev->cnf.temp_prefered_lft * HZ -
@@ -1664,13 +1652,10 @@ out:
1664 in6_dev_put(idev); 1652 in6_dev_put(idev);
1665} 1653}
1666 1654
1667static int __ipv6_try_regen_rndid(struct inet6_dev *idev, struct in6_addr *tmpaddr) 1655static void __ipv6_try_regen_rndid(struct inet6_dev *idev, struct in6_addr *tmpaddr)
1668{ 1656{
1669 int ret = 0;
1670
1671 if (tmpaddr && memcmp(idev->rndid, &tmpaddr->s6_addr[8], 8) == 0) 1657 if (tmpaddr && memcmp(idev->rndid, &tmpaddr->s6_addr[8], 8) == 0)
1672 ret = __ipv6_regen_rndid(idev); 1658 __ipv6_regen_rndid(idev);
1673 return ret;
1674} 1659}
1675#endif 1660#endif
1676 1661
@@ -2566,14 +2551,10 @@ static int addrconf_notify(struct notifier_block *this, unsigned long event,
2566 void *data) 2551 void *data)
2567{ 2552{
2568 struct net_device *dev = (struct net_device *) data; 2553 struct net_device *dev = (struct net_device *) data;
2569 struct inet6_dev *idev; 2554 struct inet6_dev *idev = __in6_dev_get(dev);
2570 int run_pending = 0; 2555 int run_pending = 0;
2571 int err; 2556 int err;
2572 2557
2573 if (event == NETDEV_UNREGISTER_FINAL)
2574 return NOTIFY_DONE;
2575
2576 idev = __in6_dev_get(dev);
2577 switch (event) { 2558 switch (event) {
2578 case NETDEV_REGISTER: 2559 case NETDEV_REGISTER:
2579 if (!idev && dev->mtu >= IPV6_MIN_MTU) { 2560 if (!idev && dev->mtu >= IPV6_MIN_MTU) {
diff --git a/net/ipv6/ip6_flowlabel.c b/net/ipv6/ip6_flowlabel.c
index 9772fbd8a3f5..90bbefb57943 100644
--- a/net/ipv6/ip6_flowlabel.c
+++ b/net/ipv6/ip6_flowlabel.c
@@ -22,6 +22,7 @@
22#include <linux/seq_file.h> 22#include <linux/seq_file.h>
23#include <linux/slab.h> 23#include <linux/slab.h>
24#include <linux/export.h> 24#include <linux/export.h>
25#include <linux/pid_namespace.h>
25 26
26#include <net/net_namespace.h> 27#include <net/net_namespace.h>
27#include <net/sock.h> 28#include <net/sock.h>
@@ -91,6 +92,8 @@ static struct ip6_flowlabel *fl_lookup(struct net *net, __be32 label)
91static void fl_free(struct ip6_flowlabel *fl) 92static void fl_free(struct ip6_flowlabel *fl)
92{ 93{
93 if (fl) { 94 if (fl) {
95 if (fl->share == IPV6_FL_S_PROCESS)
96 put_pid(fl->owner.pid);
94 release_net(fl->fl_net); 97 release_net(fl->fl_net);
95 kfree(fl->opt); 98 kfree(fl->opt);
96 } 99 }
@@ -394,10 +397,10 @@ fl_create(struct net *net, struct sock *sk, struct in6_flowlabel_req *freq,
394 case IPV6_FL_S_ANY: 397 case IPV6_FL_S_ANY:
395 break; 398 break;
396 case IPV6_FL_S_PROCESS: 399 case IPV6_FL_S_PROCESS:
397 fl->owner = current->pid; 400 fl->owner.pid = get_task_pid(current, PIDTYPE_PID);
398 break; 401 break;
399 case IPV6_FL_S_USER: 402 case IPV6_FL_S_USER:
400 fl->owner = current_euid(); 403 fl->owner.uid = current_euid();
401 break; 404 break;
402 default: 405 default:
403 err = -EINVAL; 406 err = -EINVAL;
@@ -561,7 +564,10 @@ recheck:
561 err = -EPERM; 564 err = -EPERM;
562 if (fl1->share == IPV6_FL_S_EXCL || 565 if (fl1->share == IPV6_FL_S_EXCL ||
563 fl1->share != fl->share || 566 fl1->share != fl->share ||
564 fl1->owner != fl->owner) 567 ((fl1->share == IPV6_FL_S_PROCESS) &&
568 (fl1->owner.pid == fl->owner.pid)) ||
569 ((fl1->share == IPV6_FL_S_USER) &&
570 uid_eq(fl1->owner.uid, fl->owner.uid)))
565 goto release; 571 goto release;
566 572
567 err = -EINVAL; 573 err = -EINVAL;
@@ -621,6 +627,7 @@ done:
621 627
622struct ip6fl_iter_state { 628struct ip6fl_iter_state {
623 struct seq_net_private p; 629 struct seq_net_private p;
630 struct pid_namespace *pid_ns;
624 int bucket; 631 int bucket;
625}; 632};
626 633
@@ -699,6 +706,7 @@ static void ip6fl_seq_stop(struct seq_file *seq, void *v)
699 706
700static int ip6fl_seq_show(struct seq_file *seq, void *v) 707static int ip6fl_seq_show(struct seq_file *seq, void *v)
701{ 708{
709 struct ip6fl_iter_state *state = ip6fl_seq_private(seq);
702 if (v == SEQ_START_TOKEN) 710 if (v == SEQ_START_TOKEN)
703 seq_printf(seq, "%-5s %-1s %-6s %-6s %-6s %-8s %-32s %s\n", 711 seq_printf(seq, "%-5s %-1s %-6s %-6s %-6s %-8s %-32s %s\n",
704 "Label", "S", "Owner", "Users", "Linger", "Expires", "Dst", "Opt"); 712 "Label", "S", "Owner", "Users", "Linger", "Expires", "Dst", "Opt");
@@ -708,7 +716,11 @@ static int ip6fl_seq_show(struct seq_file *seq, void *v)
708 "%05X %-1d %-6d %-6d %-6ld %-8ld %pi6 %-4d\n", 716 "%05X %-1d %-6d %-6d %-6ld %-8ld %pi6 %-4d\n",
709 (unsigned int)ntohl(fl->label), 717 (unsigned int)ntohl(fl->label),
710 fl->share, 718 fl->share,
711 (int)fl->owner, 719 ((fl->share == IPV6_FL_S_PROCESS) ?
720 pid_nr_ns(fl->owner.pid, state->pid_ns) :
721 ((fl->share == IPV6_FL_S_USER) ?
722 from_kuid_munged(seq_user_ns(seq), fl->owner.uid) :
723 0)),
712 atomic_read(&fl->users), 724 atomic_read(&fl->users),
713 fl->linger/HZ, 725 fl->linger/HZ,
714 (long)(fl->expires - jiffies)/HZ, 726 (long)(fl->expires - jiffies)/HZ,
@@ -727,8 +739,29 @@ static const struct seq_operations ip6fl_seq_ops = {
727 739
728static int ip6fl_seq_open(struct inode *inode, struct file *file) 740static int ip6fl_seq_open(struct inode *inode, struct file *file)
729{ 741{
730 return seq_open_net(inode, file, &ip6fl_seq_ops, 742 struct seq_file *seq;
731 sizeof(struct ip6fl_iter_state)); 743 struct ip6fl_iter_state *state;
744 int err;
745
746 err = seq_open_net(inode, file, &ip6fl_seq_ops,
747 sizeof(struct ip6fl_iter_state));
748
749 if (!err) {
750 seq = file->private_data;
751 state = ip6fl_seq_private(seq);
752 rcu_read_lock();
753 state->pid_ns = get_pid_ns(task_active_pid_ns(current));
754 rcu_read_unlock();
755 }
756 return err;
757}
758
759static int ip6fl_seq_release(struct inode *inode, struct file *file)
760{
761 struct seq_file *seq = file->private_data;
762 struct ip6fl_iter_state *state = ip6fl_seq_private(seq);
763 put_pid_ns(state->pid_ns);
764 return seq_release_net(inode, file);
732} 765}
733 766
734static const struct file_operations ip6fl_seq_fops = { 767static const struct file_operations ip6fl_seq_fops = {
@@ -736,7 +769,7 @@ static const struct file_operations ip6fl_seq_fops = {
736 .open = ip6fl_seq_open, 769 .open = ip6fl_seq_open,
737 .read = seq_read, 770 .read = seq_read,
738 .llseek = seq_lseek, 771 .llseek = seq_lseek,
739 .release = seq_release_net, 772 .release = ip6fl_seq_release,
740}; 773};
741 774
742static int __net_init ip6_flowlabel_proc_init(struct net *net) 775static int __net_init ip6_flowlabel_proc_init(struct net *net)
diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c
index ef0579d5bca6..7af88ef01657 100644
--- a/net/ipv6/raw.c
+++ b/net/ipv6/raw.c
@@ -1251,7 +1251,8 @@ static void raw6_sock_seq_show(struct seq_file *seq, struct sock *sp, int i)
1251 sk_wmem_alloc_get(sp), 1251 sk_wmem_alloc_get(sp),
1252 sk_rmem_alloc_get(sp), 1252 sk_rmem_alloc_get(sp),
1253 0, 0L, 0, 1253 0, 0L, 0,
1254 sock_i_uid(sp), 0, 1254 from_kuid_munged(seq_user_ns(seq), sock_i_uid(sp)),
1255 0,
1255 sock_i_ino(sp), 1256 sock_i_ino(sp),
1256 atomic_read(&sp->sk_refcnt), sp, atomic_read(&sp->sk_drops)); 1257 atomic_read(&sp->sk_refcnt), sp, atomic_read(&sp->sk_drops));
1257} 1258}
diff --git a/net/ipv6/syncookies.c b/net/ipv6/syncookies.c
index bb46061c813a..182ab9a85d6c 100644
--- a/net/ipv6/syncookies.c
+++ b/net/ipv6/syncookies.c
@@ -190,6 +190,7 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb)
190 ireq = inet_rsk(req); 190 ireq = inet_rsk(req);
191 ireq6 = inet6_rsk(req); 191 ireq6 = inet6_rsk(req);
192 treq = tcp_rsk(req); 192 treq = tcp_rsk(req);
193 treq->listener = NULL;
193 194
194 if (security_inet_conn_request(sk, skb, req)) 195 if (security_inet_conn_request(sk, skb, req))
195 goto out_free; 196 goto out_free;
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index cd49de3678fb..09078b9bc6f6 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -475,7 +475,7 @@ static int tcp_v6_send_synack(struct sock *sk, struct dst_entry *dst,
475 if (!dst && (dst = inet6_csk_route_req(sk, fl6, req)) == NULL) 475 if (!dst && (dst = inet6_csk_route_req(sk, fl6, req)) == NULL)
476 goto done; 476 goto done;
477 477
478 skb = tcp_make_synack(sk, dst, req, rvp); 478 skb = tcp_make_synack(sk, dst, req, rvp, NULL);
479 479
480 if (skb) { 480 if (skb) {
481 __tcp_v6_send_check(skb, &treq->loc_addr, &treq->rmt_addr); 481 __tcp_v6_send_check(skb, &treq->loc_addr, &treq->rmt_addr);
@@ -987,7 +987,7 @@ static struct sock *tcp_v6_hnd_req(struct sock *sk,struct sk_buff *skb)
987 &ipv6_hdr(skb)->saddr, 987 &ipv6_hdr(skb)->saddr,
988 &ipv6_hdr(skb)->daddr, inet6_iif(skb)); 988 &ipv6_hdr(skb)->daddr, inet6_iif(skb));
989 if (req) 989 if (req)
990 return tcp_check_req(sk, skb, req, prev); 990 return tcp_check_req(sk, skb, req, prev, false);
991 991
992 nsk = __inet6_lookup_established(sock_net(sk), &tcp_hashinfo, 992 nsk = __inet6_lookup_established(sock_net(sk), &tcp_hashinfo,
993 &ipv6_hdr(skb)->saddr, th->source, 993 &ipv6_hdr(skb)->saddr, th->source,
@@ -1179,6 +1179,7 @@ have_isn:
1179 want_cookie) 1179 want_cookie)
1180 goto drop_and_free; 1180 goto drop_and_free;
1181 1181
1182 tcp_rsk(req)->listener = NULL;
1182 inet6_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT); 1183 inet6_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT);
1183 return 0; 1184 return 0;
1184 1185
@@ -1828,7 +1829,7 @@ static void tcp_v6_destroy_sock(struct sock *sk)
1828#ifdef CONFIG_PROC_FS 1829#ifdef CONFIG_PROC_FS
1829/* Proc filesystem TCPv6 sock list dumping. */ 1830/* Proc filesystem TCPv6 sock list dumping. */
1830static void get_openreq6(struct seq_file *seq, 1831static void get_openreq6(struct seq_file *seq,
1831 const struct sock *sk, struct request_sock *req, int i, int uid) 1832 const struct sock *sk, struct request_sock *req, int i, kuid_t uid)
1832{ 1833{
1833 int ttd = req->expires - jiffies; 1834 int ttd = req->expires - jiffies;
1834 const struct in6_addr *src = &inet6_rsk(req)->loc_addr; 1835 const struct in6_addr *src = &inet6_rsk(req)->loc_addr;
@@ -1852,7 +1853,7 @@ static void get_openreq6(struct seq_file *seq,
1852 1, /* timers active (only the expire timer) */ 1853 1, /* timers active (only the expire timer) */
1853 jiffies_to_clock_t(ttd), 1854 jiffies_to_clock_t(ttd),
1854 req->retrans, 1855 req->retrans,
1855 uid, 1856 from_kuid_munged(seq_user_ns(seq), uid),
1856 0, /* non standard timer */ 1857 0, /* non standard timer */
1857 0, /* open_requests have no inode */ 1858 0, /* open_requests have no inode */
1858 0, req); 1859 0, req);
@@ -1902,7 +1903,7 @@ static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
1902 timer_active, 1903 timer_active,
1903 jiffies_delta_to_clock_t(timer_expires - jiffies), 1904 jiffies_delta_to_clock_t(timer_expires - jiffies),
1904 icsk->icsk_retransmits, 1905 icsk->icsk_retransmits,
1905 sock_i_uid(sp), 1906 from_kuid_munged(seq_user_ns(seq), sock_i_uid(sp)),
1906 icsk->icsk_probes_out, 1907 icsk->icsk_probes_out,
1907 sock_i_ino(sp), 1908 sock_i_ino(sp),
1908 atomic_read(&sp->sk_refcnt), sp, 1909 atomic_read(&sp->sk_refcnt), sp,
diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
index 99d0077b56b8..bbdff07eebe1 100644
--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -1458,7 +1458,8 @@ static void udp6_sock_seq_show(struct seq_file *seq, struct sock *sp, int bucket
1458 sk_wmem_alloc_get(sp), 1458 sk_wmem_alloc_get(sp),
1459 sk_rmem_alloc_get(sp), 1459 sk_rmem_alloc_get(sp),
1460 0, 0L, 0, 1460 0, 0L, 0,
1461 sock_i_uid(sp), 0, 1461 from_kuid_munged(seq_user_ns(seq), sock_i_uid(sp)),
1462 0,
1462 sock_i_ino(sp), 1463 sock_i_ino(sp),
1463 atomic_read(&sp->sk_refcnt), sp, 1464 atomic_read(&sp->sk_refcnt), sp,
1464 atomic_read(&sp->sk_drops)); 1465 atomic_read(&sp->sk_drops));
diff --git a/net/ipx/ipx_proc.c b/net/ipx/ipx_proc.c
index f8ba30dfecae..02ff7f2f60d4 100644
--- a/net/ipx/ipx_proc.c
+++ b/net/ipx/ipx_proc.c
@@ -217,7 +217,8 @@ static int ipx_seq_socket_show(struct seq_file *seq, void *v)
217 seq_printf(seq, "%08X %08X %02X %03d\n", 217 seq_printf(seq, "%08X %08X %02X %03d\n",
218 sk_wmem_alloc_get(s), 218 sk_wmem_alloc_get(s),
219 sk_rmem_alloc_get(s), 219 sk_rmem_alloc_get(s),
220 s->sk_state, SOCK_INODE(s->sk_socket)->i_uid); 220 s->sk_state,
221 from_kuid_munged(seq_user_ns(seq), sock_i_uid(s)));
221out: 222out:
222 return 0; 223 return 0;
223} 224}
diff --git a/net/key/af_key.c b/net/key/af_key.c
index ec7d161c129b..334f93b8cfcb 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -3661,7 +3661,7 @@ static int pfkey_seq_show(struct seq_file *f, void *v)
3661 atomic_read(&s->sk_refcnt), 3661 atomic_read(&s->sk_refcnt),
3662 sk_rmem_alloc_get(s), 3662 sk_rmem_alloc_get(s),
3663 sk_wmem_alloc_get(s), 3663 sk_wmem_alloc_get(s),
3664 sock_i_uid(s), 3664 from_kuid_munged(seq_user_ns(f), sock_i_uid(s)),
3665 sock_i_ino(s) 3665 sock_i_ino(s)
3666 ); 3666 );
3667 return 0; 3667 return 0;
diff --git a/net/l2tp/l2tp_core.c b/net/l2tp/l2tp_core.c
index 393355d37b47..513cab08a986 100644
--- a/net/l2tp/l2tp_core.c
+++ b/net/l2tp/l2tp_core.c
@@ -1347,11 +1347,10 @@ static void l2tp_tunnel_free(struct l2tp_tunnel *tunnel)
1347 /* Remove from tunnel list */ 1347 /* Remove from tunnel list */
1348 spin_lock_bh(&pn->l2tp_tunnel_list_lock); 1348 spin_lock_bh(&pn->l2tp_tunnel_list_lock);
1349 list_del_rcu(&tunnel->list); 1349 list_del_rcu(&tunnel->list);
1350 kfree_rcu(tunnel, rcu);
1350 spin_unlock_bh(&pn->l2tp_tunnel_list_lock); 1351 spin_unlock_bh(&pn->l2tp_tunnel_list_lock);
1351 synchronize_rcu();
1352 1352
1353 atomic_dec(&l2tp_tunnel_count); 1353 atomic_dec(&l2tp_tunnel_count);
1354 kfree(tunnel);
1355} 1354}
1356 1355
1357/* Create a socket for the tunnel, if one isn't set up by 1356/* Create a socket for the tunnel, if one isn't set up by
diff --git a/net/l2tp/l2tp_core.h b/net/l2tp/l2tp_core.h
index a38ec6cdeee1..56d583e083a7 100644
--- a/net/l2tp/l2tp_core.h
+++ b/net/l2tp/l2tp_core.h
@@ -163,6 +163,7 @@ struct l2tp_tunnel_cfg {
163 163
164struct l2tp_tunnel { 164struct l2tp_tunnel {
165 int magic; /* Should be L2TP_TUNNEL_MAGIC */ 165 int magic; /* Should be L2TP_TUNNEL_MAGIC */
166 struct rcu_head rcu;
166 rwlock_t hlist_lock; /* protect session_hlist */ 167 rwlock_t hlist_lock; /* protect session_hlist */
167 struct hlist_head session_hlist[L2TP_HASH_SIZE]; 168 struct hlist_head session_hlist[L2TP_HASH_SIZE];
168 /* hashed list of sessions, 169 /* hashed list of sessions,
diff --git a/net/llc/llc_proc.c b/net/llc/llc_proc.c
index a1839c004357..7b4799cfbf8d 100644
--- a/net/llc/llc_proc.c
+++ b/net/llc/llc_proc.c
@@ -151,7 +151,7 @@ static int llc_seq_socket_show(struct seq_file *seq, void *v)
151 sk_wmem_alloc_get(sk), 151 sk_wmem_alloc_get(sk),
152 sk_rmem_alloc_get(sk) - llc->copied_seq, 152 sk_rmem_alloc_get(sk) - llc->copied_seq,
153 sk->sk_state, 153 sk->sk_state,
154 sk->sk_socket ? SOCK_INODE(sk->sk_socket)->i_uid : -1, 154 from_kuid_munged(seq_user_ns(seq), sock_i_uid(sk)),
155 llc->link); 155 llc->link);
156out: 156out:
157 return 0; 157 return 0;
diff --git a/net/mac80211/aes_cmac.c b/net/mac80211/aes_cmac.c
index 8dfd70d8fcfb..a04752e91023 100644
--- a/net/mac80211/aes_cmac.c
+++ b/net/mac80211/aes_cmac.c
@@ -38,14 +38,10 @@ static void gf_mulx(u8 *pad)
38static void aes_128_cmac_vector(struct crypto_cipher *tfm, size_t num_elem, 38static void aes_128_cmac_vector(struct crypto_cipher *tfm, size_t num_elem,
39 const u8 *addr[], const size_t *len, u8 *mac) 39 const u8 *addr[], const size_t *len, u8 *mac)
40{ 40{
41 u8 scratch[2 * AES_BLOCK_SIZE]; 41 u8 cbc[AES_BLOCK_SIZE], pad[AES_BLOCK_SIZE];
42 u8 *cbc, *pad;
43 const u8 *pos, *end; 42 const u8 *pos, *end;
44 size_t i, e, left, total_len; 43 size_t i, e, left, total_len;
45 44
46 cbc = scratch;
47 pad = scratch + AES_BLOCK_SIZE;
48
49 memset(cbc, 0, AES_BLOCK_SIZE); 45 memset(cbc, 0, AES_BLOCK_SIZE);
50 46
51 total_len = 0; 47 total_len = 0;
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index d41974aacf51..929f897a8ded 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -102,6 +102,18 @@ static int ieee80211_change_iface(struct wiphy *wiphy,
102 return 0; 102 return 0;
103} 103}
104 104
105static int ieee80211_start_p2p_device(struct wiphy *wiphy,
106 struct wireless_dev *wdev)
107{
108 return ieee80211_do_open(wdev, true);
109}
110
111static void ieee80211_stop_p2p_device(struct wiphy *wiphy,
112 struct wireless_dev *wdev)
113{
114 ieee80211_sdata_stop(IEEE80211_WDEV_TO_SUB_IF(wdev));
115}
116
105static int ieee80211_set_noack_map(struct wiphy *wiphy, 117static int ieee80211_set_noack_map(struct wiphy *wiphy,
106 struct net_device *dev, 118 struct net_device *dev,
107 u16 noack_map) 119 u16 noack_map)
@@ -330,7 +342,7 @@ static void rate_idx_to_bitrate(struct rate_info *rate, struct sta_info *sta, in
330 if (!(rate->flags & RATE_INFO_FLAGS_MCS)) { 342 if (!(rate->flags & RATE_INFO_FLAGS_MCS)) {
331 struct ieee80211_supported_band *sband; 343 struct ieee80211_supported_band *sband;
332 sband = sta->local->hw.wiphy->bands[ 344 sband = sta->local->hw.wiphy->bands[
333 sta->local->hw.conf.channel->band]; 345 sta->local->oper_channel->band];
334 rate->legacy = sband->bitrates[idx].bitrate; 346 rate->legacy = sband->bitrates[idx].bitrate;
335 } else 347 } else
336 rate->mcs = idx; 348 rate->mcs = idx;
@@ -725,25 +737,23 @@ static int ieee80211_set_monitor_channel(struct wiphy *wiphy,
725static int ieee80211_set_probe_resp(struct ieee80211_sub_if_data *sdata, 737static int ieee80211_set_probe_resp(struct ieee80211_sub_if_data *sdata,
726 const u8 *resp, size_t resp_len) 738 const u8 *resp, size_t resp_len)
727{ 739{
728 struct sk_buff *new, *old; 740 struct probe_resp *new, *old;
729 741
730 if (!resp || !resp_len) 742 if (!resp || !resp_len)
731 return 1; 743 return 1;
732 744
733 old = rtnl_dereference(sdata->u.ap.probe_resp); 745 old = rtnl_dereference(sdata->u.ap.probe_resp);
734 746
735 new = dev_alloc_skb(resp_len); 747 new = kzalloc(sizeof(struct probe_resp) + resp_len, GFP_KERNEL);
736 if (!new) 748 if (!new)
737 return -ENOMEM; 749 return -ENOMEM;
738 750
739 memcpy(skb_put(new, resp_len), resp, resp_len); 751 new->len = resp_len;
752 memcpy(new->data, resp, resp_len);
740 753
741 rcu_assign_pointer(sdata->u.ap.probe_resp, new); 754 rcu_assign_pointer(sdata->u.ap.probe_resp, new);
742 if (old) { 755 if (old)
743 /* TODO: use call_rcu() */ 756 kfree_rcu(old, rcu_head);
744 synchronize_rcu();
745 dev_kfree_skb(old);
746 }
747 757
748 return 0; 758 return 0;
749} 759}
@@ -950,7 +960,7 @@ static void ieee80211_send_layer2_update(struct sta_info *sta)
950 /* 802.2 Type 1 Logical Link Control (LLC) Exchange Identifier (XID) 960 /* 802.2 Type 1 Logical Link Control (LLC) Exchange Identifier (XID)
951 * Update response frame; IEEE Std 802.2-1998, 5.4.1.2.1 */ 961 * Update response frame; IEEE Std 802.2-1998, 5.4.1.2.1 */
952 962
953 memset(msg->da, 0xff, ETH_ALEN); 963 eth_broadcast_addr(msg->da);
954 memcpy(msg->sa, sta->sta.addr, ETH_ALEN); 964 memcpy(msg->sa, sta->sta.addr, ETH_ALEN);
955 msg->len = htons(6); 965 msg->len = htons(6);
956 msg->dsap = 0; 966 msg->dsap = 0;
@@ -1285,9 +1295,10 @@ static int ieee80211_change_station(struct wiphy *wiphy,
1285 mutex_unlock(&local->sta_mtx); 1295 mutex_unlock(&local->sta_mtx);
1286 1296
1287 if (sdata->vif.type == NL80211_IFTYPE_STATION && 1297 if (sdata->vif.type == NL80211_IFTYPE_STATION &&
1288 params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED)) 1298 params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED)) {
1289 ieee80211_recalc_ps(local, -1); 1299 ieee80211_recalc_ps(local, -1);
1290 1300 ieee80211_recalc_ps_vif(sdata);
1301 }
1291 return 0; 1302 return 0;
1292} 1303}
1293 1304
@@ -1661,7 +1672,7 @@ static int ieee80211_change_bss(struct wiphy *wiphy,
1661 } 1672 }
1662 1673
1663 if (!sdata->vif.bss_conf.use_short_slot && 1674 if (!sdata->vif.bss_conf.use_short_slot &&
1664 sdata->local->hw.conf.channel->band == IEEE80211_BAND_5GHZ) { 1675 sdata->local->oper_channel->band == IEEE80211_BAND_5GHZ) {
1665 sdata->vif.bss_conf.use_short_slot = true; 1676 sdata->vif.bss_conf.use_short_slot = true;
1666 changed |= BSS_CHANGED_ERP_SLOT; 1677 changed |= BSS_CHANGED_ERP_SLOT;
1667 } 1678 }
@@ -1775,6 +1786,7 @@ static int ieee80211_scan(struct wiphy *wiphy,
1775 case NL80211_IFTYPE_ADHOC: 1786 case NL80211_IFTYPE_ADHOC:
1776 case NL80211_IFTYPE_MESH_POINT: 1787 case NL80211_IFTYPE_MESH_POINT:
1777 case NL80211_IFTYPE_P2P_CLIENT: 1788 case NL80211_IFTYPE_P2P_CLIENT:
1789 case NL80211_IFTYPE_P2P_DEVICE:
1778 break; 1790 break;
1779 case NL80211_IFTYPE_P2P_GO: 1791 case NL80211_IFTYPE_P2P_GO:
1780 if (sdata->local->ops->hw_scan) 1792 if (sdata->local->ops->hw_scan)
@@ -1927,7 +1939,7 @@ static int ieee80211_set_tx_power(struct wiphy *wiphy,
1927 enum nl80211_tx_power_setting type, int mbm) 1939 enum nl80211_tx_power_setting type, int mbm)
1928{ 1940{
1929 struct ieee80211_local *local = wiphy_priv(wiphy); 1941 struct ieee80211_local *local = wiphy_priv(wiphy);
1930 struct ieee80211_channel *chan = local->hw.conf.channel; 1942 struct ieee80211_channel *chan = local->oper_channel;
1931 u32 changes = 0; 1943 u32 changes = 0;
1932 1944
1933 switch (type) { 1945 switch (type) {
@@ -2079,6 +2091,7 @@ static int ieee80211_set_power_mgmt(struct wiphy *wiphy, struct net_device *dev,
2079 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 2091 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
2080 2092
2081 ieee80211_recalc_ps(local, -1); 2093 ieee80211_recalc_ps(local, -1);
2094 ieee80211_recalc_ps_vif(sdata);
2082 2095
2083 return 0; 2096 return 0;
2084} 2097}
@@ -2461,6 +2474,9 @@ static int ieee80211_mgmt_tx(struct wiphy *wiphy, struct wireless_dev *wdev,
2461 if (!sdata->u.mgd.associated) 2474 if (!sdata->u.mgd.associated)
2462 need_offchan = true; 2475 need_offchan = true;
2463 break; 2476 break;
2477 case NL80211_IFTYPE_P2P_DEVICE:
2478 need_offchan = true;
2479 break;
2464 default: 2480 default:
2465 return -EOPNOTSUPP; 2481 return -EOPNOTSUPP;
2466 } 2482 }
@@ -2653,6 +2669,7 @@ ieee80211_prep_tdls_encap_data(struct wiphy *wiphy, struct net_device *dev,
2653 u16 status_code, struct sk_buff *skb) 2669 u16 status_code, struct sk_buff *skb)
2654{ 2670{
2655 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 2671 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2672 struct ieee80211_local *local = sdata->local;
2656 struct ieee80211_tdls_data *tf; 2673 struct ieee80211_tdls_data *tf;
2657 2674
2658 tf = (void *)skb_put(skb, offsetof(struct ieee80211_tdls_data, u)); 2675 tf = (void *)skb_put(skb, offsetof(struct ieee80211_tdls_data, u));
@@ -2672,8 +2689,10 @@ ieee80211_prep_tdls_encap_data(struct wiphy *wiphy, struct net_device *dev,
2672 tf->u.setup_req.capability = 2689 tf->u.setup_req.capability =
2673 cpu_to_le16(ieee80211_get_tdls_sta_capab(sdata)); 2690 cpu_to_le16(ieee80211_get_tdls_sta_capab(sdata));
2674 2691
2675 ieee80211_add_srates_ie(sdata, skb, false); 2692 ieee80211_add_srates_ie(sdata, skb, false,
2676 ieee80211_add_ext_srates_ie(sdata, skb, false); 2693 local->oper_channel->band);
2694 ieee80211_add_ext_srates_ie(sdata, skb, false,
2695 local->oper_channel->band);
2677 ieee80211_tdls_add_ext_capab(skb); 2696 ieee80211_tdls_add_ext_capab(skb);
2678 break; 2697 break;
2679 case WLAN_TDLS_SETUP_RESPONSE: 2698 case WLAN_TDLS_SETUP_RESPONSE:
@@ -2686,8 +2705,10 @@ ieee80211_prep_tdls_encap_data(struct wiphy *wiphy, struct net_device *dev,
2686 tf->u.setup_resp.capability = 2705 tf->u.setup_resp.capability =
2687 cpu_to_le16(ieee80211_get_tdls_sta_capab(sdata)); 2706 cpu_to_le16(ieee80211_get_tdls_sta_capab(sdata));
2688 2707
2689 ieee80211_add_srates_ie(sdata, skb, false); 2708 ieee80211_add_srates_ie(sdata, skb, false,
2690 ieee80211_add_ext_srates_ie(sdata, skb, false); 2709 local->oper_channel->band);
2710 ieee80211_add_ext_srates_ie(sdata, skb, false,
2711 local->oper_channel->band);
2691 ieee80211_tdls_add_ext_capab(skb); 2712 ieee80211_tdls_add_ext_capab(skb);
2692 break; 2713 break;
2693 case WLAN_TDLS_SETUP_CONFIRM: 2714 case WLAN_TDLS_SETUP_CONFIRM:
@@ -2725,6 +2746,7 @@ ieee80211_prep_tdls_direct(struct wiphy *wiphy, struct net_device *dev,
2725 u16 status_code, struct sk_buff *skb) 2746 u16 status_code, struct sk_buff *skb)
2726{ 2747{
2727 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 2748 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2749 struct ieee80211_local *local = sdata->local;
2728 struct ieee80211_mgmt *mgmt; 2750 struct ieee80211_mgmt *mgmt;
2729 2751
2730 mgmt = (void *)skb_put(skb, 24); 2752 mgmt = (void *)skb_put(skb, 24);
@@ -2747,8 +2769,10 @@ ieee80211_prep_tdls_direct(struct wiphy *wiphy, struct net_device *dev,
2747 mgmt->u.action.u.tdls_discover_resp.capability = 2769 mgmt->u.action.u.tdls_discover_resp.capability =
2748 cpu_to_le16(ieee80211_get_tdls_sta_capab(sdata)); 2770 cpu_to_le16(ieee80211_get_tdls_sta_capab(sdata));
2749 2771
2750 ieee80211_add_srates_ie(sdata, skb, false); 2772 ieee80211_add_srates_ie(sdata, skb, false,
2751 ieee80211_add_ext_srates_ie(sdata, skb, false); 2773 local->oper_channel->band);
2774 ieee80211_add_ext_srates_ie(sdata, skb, false,
2775 local->oper_channel->band);
2752 ieee80211_tdls_add_ext_capab(skb); 2776 ieee80211_tdls_add_ext_capab(skb);
2753 break; 2777 break;
2754 default: 2778 default:
@@ -3005,6 +3029,8 @@ struct cfg80211_ops mac80211_config_ops = {
3005 .add_virtual_intf = ieee80211_add_iface, 3029 .add_virtual_intf = ieee80211_add_iface,
3006 .del_virtual_intf = ieee80211_del_iface, 3030 .del_virtual_intf = ieee80211_del_iface,
3007 .change_virtual_intf = ieee80211_change_iface, 3031 .change_virtual_intf = ieee80211_change_iface,
3032 .start_p2p_device = ieee80211_start_p2p_device,
3033 .stop_p2p_device = ieee80211_stop_p2p_device,
3008 .add_key = ieee80211_add_key, 3034 .add_key = ieee80211_add_key,
3009 .del_key = ieee80211_del_key, 3035 .del_key = ieee80211_del_key,
3010 .get_key = ieee80211_get_key, 3036 .get_key = ieee80211_get_key,
diff --git a/net/mac80211/debugfs.c b/net/mac80211/debugfs.c
index b8dfb440c8ef..97173f8144d4 100644
--- a/net/mac80211/debugfs.c
+++ b/net/mac80211/debugfs.c
@@ -63,8 +63,6 @@ DEBUGFS_READONLY_FILE(user_power, "%d",
63 local->user_power_level); 63 local->user_power_level);
64DEBUGFS_READONLY_FILE(power, "%d", 64DEBUGFS_READONLY_FILE(power, "%d",
65 local->hw.conf.power_level); 65 local->hw.conf.power_level);
66DEBUGFS_READONLY_FILE(frequency, "%d",
67 local->hw.conf.channel->center_freq);
68DEBUGFS_READONLY_FILE(total_ps_buffered, "%d", 66DEBUGFS_READONLY_FILE(total_ps_buffered, "%d",
69 local->total_ps_buffered); 67 local->total_ps_buffered);
70DEBUGFS_READONLY_FILE(wep_iv, "%#08x", 68DEBUGFS_READONLY_FILE(wep_iv, "%#08x",
@@ -91,33 +89,6 @@ static const struct file_operations reset_ops = {
91 .llseek = noop_llseek, 89 .llseek = noop_llseek,
92}; 90};
93 91
94static ssize_t channel_type_read(struct file *file, char __user *user_buf,
95 size_t count, loff_t *ppos)
96{
97 struct ieee80211_local *local = file->private_data;
98 const char *buf;
99
100 switch (local->hw.conf.channel_type) {
101 case NL80211_CHAN_NO_HT:
102 buf = "no ht\n";
103 break;
104 case NL80211_CHAN_HT20:
105 buf = "ht20\n";
106 break;
107 case NL80211_CHAN_HT40MINUS:
108 buf = "ht40-\n";
109 break;
110 case NL80211_CHAN_HT40PLUS:
111 buf = "ht40+\n";
112 break;
113 default:
114 buf = "???";
115 break;
116 }
117
118 return simple_read_from_buffer(user_buf, count, ppos, buf, strlen(buf));
119}
120
121static ssize_t hwflags_read(struct file *file, char __user *user_buf, 92static ssize_t hwflags_read(struct file *file, char __user *user_buf,
122 size_t count, loff_t *ppos) 93 size_t count, loff_t *ppos)
123{ 94{
@@ -205,7 +176,6 @@ static ssize_t queues_read(struct file *file, char __user *user_buf,
205} 176}
206 177
207DEBUGFS_READONLY_FILE_OPS(hwflags); 178DEBUGFS_READONLY_FILE_OPS(hwflags);
208DEBUGFS_READONLY_FILE_OPS(channel_type);
209DEBUGFS_READONLY_FILE_OPS(queues); 179DEBUGFS_READONLY_FILE_OPS(queues);
210 180
211/* statistics stuff */ 181/* statistics stuff */
@@ -272,12 +242,10 @@ void debugfs_hw_add(struct ieee80211_local *local)
272 242
273 local->debugfs.keys = debugfs_create_dir("keys", phyd); 243 local->debugfs.keys = debugfs_create_dir("keys", phyd);
274 244
275 DEBUGFS_ADD(frequency);
276 DEBUGFS_ADD(total_ps_buffered); 245 DEBUGFS_ADD(total_ps_buffered);
277 DEBUGFS_ADD(wep_iv); 246 DEBUGFS_ADD(wep_iv);
278 DEBUGFS_ADD(queues); 247 DEBUGFS_ADD(queues);
279 DEBUGFS_ADD_MODE(reset, 0200); 248 DEBUGFS_ADD_MODE(reset, 0200);
280 DEBUGFS_ADD(channel_type);
281 DEBUGFS_ADD(hwflags); 249 DEBUGFS_ADD(hwflags);
282 DEBUGFS_ADD(user_power); 250 DEBUGFS_ADD(user_power);
283 DEBUGFS_ADD(power); 251 DEBUGFS_ADD(power);
diff --git a/net/mac80211/driver-ops.h b/net/mac80211/driver-ops.h
index df9203199102..da9003b20004 100644
--- a/net/mac80211/driver-ops.h
+++ b/net/mac80211/driver-ops.h
@@ -9,7 +9,7 @@ static inline void check_sdata_in_driver(struct ieee80211_sub_if_data *sdata)
9{ 9{
10 WARN(!(sdata->flags & IEEE80211_SDATA_IN_DRIVER), 10 WARN(!(sdata->flags & IEEE80211_SDATA_IN_DRIVER),
11 "%s: Failed check-sdata-in-driver check, flags: 0x%x\n", 11 "%s: Failed check-sdata-in-driver check, flags: 0x%x\n",
12 sdata->dev->name, sdata->flags); 12 sdata->dev ? sdata->dev->name : sdata->name, sdata->flags);
13} 13}
14 14
15static inline struct ieee80211_sub_if_data * 15static inline struct ieee80211_sub_if_data *
@@ -22,9 +22,11 @@ get_bss_sdata(struct ieee80211_sub_if_data *sdata)
22 return sdata; 22 return sdata;
23} 23}
24 24
25static inline void drv_tx(struct ieee80211_local *local, struct sk_buff *skb) 25static inline void drv_tx(struct ieee80211_local *local,
26 struct ieee80211_tx_control *control,
27 struct sk_buff *skb)
26{ 28{
27 local->ops->tx(&local->hw, skb); 29 local->ops->tx(&local->hw, control, skb);
28} 30}
29 31
30static inline void drv_get_et_strings(struct ieee80211_sub_if_data *sdata, 32static inline void drv_get_et_strings(struct ieee80211_sub_if_data *sdata,
@@ -526,6 +528,9 @@ static inline void drv_sta_rc_update(struct ieee80211_local *local,
526 sdata = get_bss_sdata(sdata); 528 sdata = get_bss_sdata(sdata);
527 check_sdata_in_driver(sdata); 529 check_sdata_in_driver(sdata);
528 530
531 WARN_ON(changed & IEEE80211_RC_SUPP_RATES_CHANGED &&
532 sdata->vif.type != NL80211_IFTYPE_ADHOC);
533
529 trace_drv_sta_rc_update(local, sdata, sta, changed); 534 trace_drv_sta_rc_update(local, sdata, sta, changed);
530 if (local->ops->sta_rc_update) 535 if (local->ops->sta_rc_update)
531 local->ops->sta_rc_update(&local->hw, &sdata->vif, 536 local->ops->sta_rc_update(&local->hw, &sdata->vif,
diff --git a/net/mac80211/ibss.c b/net/mac80211/ibss.c
index 5746d62faba1..a9d93285dba7 100644
--- a/net/mac80211/ibss.c
+++ b/net/mac80211/ibss.c
@@ -109,7 +109,7 @@ static void __ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata,
109 memset(mgmt, 0, 24 + sizeof(mgmt->u.beacon)); 109 memset(mgmt, 0, 24 + sizeof(mgmt->u.beacon));
110 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 110 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
111 IEEE80211_STYPE_PROBE_RESP); 111 IEEE80211_STYPE_PROBE_RESP);
112 memset(mgmt->da, 0xff, ETH_ALEN); 112 eth_broadcast_addr(mgmt->da);
113 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 113 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
114 memcpy(mgmt->bssid, ifibss->bssid, ETH_ALEN); 114 memcpy(mgmt->bssid, ifibss->bssid, ETH_ALEN);
115 mgmt->u.beacon.beacon_int = cpu_to_le16(beacon_int); 115 mgmt->u.beacon.beacon_int = cpu_to_le16(beacon_int);
@@ -205,7 +205,7 @@ static void __ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata,
205 mod_timer(&ifibss->timer, 205 mod_timer(&ifibss->timer,
206 round_jiffies(jiffies + IEEE80211_IBSS_MERGE_INTERVAL)); 206 round_jiffies(jiffies + IEEE80211_IBSS_MERGE_INTERVAL));
207 207
208 bss = cfg80211_inform_bss_frame(local->hw.wiphy, local->hw.conf.channel, 208 bss = cfg80211_inform_bss_frame(local->hw.wiphy, chan,
209 mgmt, skb->len, 0, GFP_KERNEL); 209 mgmt, skb->len, 0, GFP_KERNEL);
210 cfg80211_put_bss(bss); 210 cfg80211_put_bss(bss);
211 netif_carrier_on(sdata->dev); 211 netif_carrier_on(sdata->dev);
@@ -294,7 +294,7 @@ ieee80211_ibss_add_sta(struct ieee80211_sub_if_data *sdata,
294 struct ieee80211_if_ibss *ifibss = &sdata->u.ibss; 294 struct ieee80211_if_ibss *ifibss = &sdata->u.ibss;
295 struct ieee80211_local *local = sdata->local; 295 struct ieee80211_local *local = sdata->local;
296 struct sta_info *sta; 296 struct sta_info *sta;
297 int band = local->hw.conf.channel->band; 297 int band = local->oper_channel->band;
298 298
299 /* 299 /*
300 * XXX: Consider removing the least recently used entry and 300 * XXX: Consider removing the least recently used entry and
@@ -459,8 +459,11 @@ static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
459 } 459 }
460 } 460 }
461 461
462 if (sta && rates_updated) 462 if (sta && rates_updated) {
463 drv_sta_rc_update(local, sdata, &sta->sta,
464 IEEE80211_RC_SUPP_RATES_CHANGED);
463 rate_control_rate_init(sta); 465 rate_control_rate_init(sta);
466 }
464 467
465 rcu_read_unlock(); 468 rcu_read_unlock();
466 } 469 }
@@ -561,7 +564,7 @@ void ieee80211_ibss_rx_no_sta(struct ieee80211_sub_if_data *sdata,
561 struct ieee80211_if_ibss *ifibss = &sdata->u.ibss; 564 struct ieee80211_if_ibss *ifibss = &sdata->u.ibss;
562 struct ieee80211_local *local = sdata->local; 565 struct ieee80211_local *local = sdata->local;
563 struct sta_info *sta; 566 struct sta_info *sta;
564 int band = local->hw.conf.channel->band; 567 int band = local->oper_channel->band;
565 568
566 /* 569 /*
567 * XXX: Consider removing the least recently used entry and 570 * XXX: Consider removing the least recently used entry and
@@ -759,7 +762,7 @@ static void ieee80211_sta_find_ibss(struct ieee80211_sub_if_data *sdata)
759 return; 762 return;
760 } 763 }
761 sdata_info(sdata, "IBSS not allowed on %d MHz\n", 764 sdata_info(sdata, "IBSS not allowed on %d MHz\n",
762 local->hw.conf.channel->center_freq); 765 local->oper_channel->center_freq);
763 766
764 /* No IBSS found - decrease scan interval and continue 767 /* No IBSS found - decrease scan interval and continue
765 * scanning. */ 768 * scanning. */
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index bb61f7718c4c..204bfedba306 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -193,8 +193,6 @@ struct ieee80211_tx_data {
193 struct sta_info *sta; 193 struct sta_info *sta;
194 struct ieee80211_key *key; 194 struct ieee80211_key *key;
195 195
196 struct ieee80211_channel *channel;
197
198 unsigned int flags; 196 unsigned int flags;
199}; 197};
200 198
@@ -274,9 +272,15 @@ struct beacon_data {
274 struct rcu_head rcu_head; 272 struct rcu_head rcu_head;
275}; 273};
276 274
275struct probe_resp {
276 struct rcu_head rcu_head;
277 int len;
278 u8 data[0];
279};
280
277struct ieee80211_if_ap { 281struct ieee80211_if_ap {
278 struct beacon_data __rcu *beacon; 282 struct beacon_data __rcu *beacon;
279 struct sk_buff __rcu *probe_resp; 283 struct probe_resp __rcu *probe_resp;
280 284
281 struct list_head vlans; 285 struct list_head vlans;
282 286
@@ -359,6 +363,7 @@ enum ieee80211_sta_flags {
359 IEEE80211_STA_NULLFUNC_ACKED = BIT(8), 363 IEEE80211_STA_NULLFUNC_ACKED = BIT(8),
360 IEEE80211_STA_RESET_SIGNAL_AVE = BIT(9), 364 IEEE80211_STA_RESET_SIGNAL_AVE = BIT(9),
361 IEEE80211_STA_DISABLE_40MHZ = BIT(10), 365 IEEE80211_STA_DISABLE_40MHZ = BIT(10),
366 IEEE80211_STA_DISABLE_VHT = BIT(11),
362}; 367};
363 368
364struct ieee80211_mgd_auth_data { 369struct ieee80211_mgd_auth_data {
@@ -1075,6 +1080,8 @@ struct ieee80211_local {
1075 struct idr ack_status_frames; 1080 struct idr ack_status_frames;
1076 spinlock_t ack_status_lock; 1081 spinlock_t ack_status_lock;
1077 1082
1083 struct ieee80211_sub_if_data __rcu *p2p_sdata;
1084
1078 /* dummy netdev for use w/ NAPI */ 1085 /* dummy netdev for use w/ NAPI */
1079 struct net_device napi_dev; 1086 struct net_device napi_dev;
1080 1087
@@ -1131,7 +1138,7 @@ struct ieee802_11_elems {
1131 u8 *prep; 1138 u8 *prep;
1132 u8 *perr; 1139 u8 *perr;
1133 struct ieee80211_rann_ie *rann; 1140 struct ieee80211_rann_ie *rann;
1134 u8 *ch_switch_elem; 1141 struct ieee80211_channel_sw_ie *ch_switch_ie;
1135 u8 *country_elem; 1142 u8 *country_elem;
1136 u8 *pwr_constr_elem; 1143 u8 *pwr_constr_elem;
1137 u8 *quiet_elem; /* first quite element */ 1144 u8 *quiet_elem; /* first quite element */
@@ -1157,7 +1164,6 @@ struct ieee802_11_elems {
1157 u8 preq_len; 1164 u8 preq_len;
1158 u8 prep_len; 1165 u8 prep_len;
1159 u8 perr_len; 1166 u8 perr_len;
1160 u8 ch_switch_elem_len;
1161 u8 country_elem_len; 1167 u8 country_elem_len;
1162 u8 pwr_constr_elem_len; 1168 u8 pwr_constr_elem_len;
1163 u8 quiet_elem_len; 1169 u8 quiet_elem_len;
@@ -1202,6 +1208,7 @@ int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata,
1202void ieee80211_send_pspoll(struct ieee80211_local *local, 1208void ieee80211_send_pspoll(struct ieee80211_local *local,
1203 struct ieee80211_sub_if_data *sdata); 1209 struct ieee80211_sub_if_data *sdata);
1204void ieee80211_recalc_ps(struct ieee80211_local *local, s32 latency); 1210void ieee80211_recalc_ps(struct ieee80211_local *local, s32 latency);
1211void ieee80211_recalc_ps_vif(struct ieee80211_sub_if_data *sdata);
1205int ieee80211_max_network_latency(struct notifier_block *nb, 1212int ieee80211_max_network_latency(struct notifier_block *nb,
1206 unsigned long data, void *dummy); 1213 unsigned long data, void *dummy);
1207int ieee80211_set_arp_filter(struct ieee80211_sub_if_data *sdata); 1214int ieee80211_set_arp_filter(struct ieee80211_sub_if_data *sdata);
@@ -1291,6 +1298,8 @@ void ieee80211_remove_interfaces(struct ieee80211_local *local);
1291void ieee80211_recalc_idle(struct ieee80211_local *local); 1298void ieee80211_recalc_idle(struct ieee80211_local *local);
1292void ieee80211_adjust_monitor_flags(struct ieee80211_sub_if_data *sdata, 1299void ieee80211_adjust_monitor_flags(struct ieee80211_sub_if_data *sdata,
1293 const int offset); 1300 const int offset);
1301int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up);
1302void ieee80211_sdata_stop(struct ieee80211_sub_if_data *sdata);
1294 1303
1295static inline bool ieee80211_sdata_running(struct ieee80211_sub_if_data *sdata) 1304static inline bool ieee80211_sdata_running(struct ieee80211_sub_if_data *sdata)
1296{ 1305{
@@ -1425,7 +1434,6 @@ void ieee80211_sta_rx_notify(struct ieee80211_sub_if_data *sdata,
1425 struct ieee80211_hdr *hdr); 1434 struct ieee80211_hdr *hdr);
1426void ieee80211_sta_tx_notify(struct ieee80211_sub_if_data *sdata, 1435void ieee80211_sta_tx_notify(struct ieee80211_sub_if_data *sdata,
1427 struct ieee80211_hdr *hdr, bool ack); 1436 struct ieee80211_hdr *hdr, bool ack);
1428void ieee80211_beacon_connection_loss_work(struct work_struct *work);
1429 1437
1430void ieee80211_wake_queues_by_reason(struct ieee80211_hw *hw, 1438void ieee80211_wake_queues_by_reason(struct ieee80211_hw *hw,
1431 enum queue_stop_reason reason); 1439 enum queue_stop_reason reason);
@@ -1457,13 +1465,15 @@ int ieee80211_build_preq_ies(struct ieee80211_local *local, u8 *buffer,
1457 u8 channel); 1465 u8 channel);
1458struct sk_buff *ieee80211_build_probe_req(struct ieee80211_sub_if_data *sdata, 1466struct sk_buff *ieee80211_build_probe_req(struct ieee80211_sub_if_data *sdata,
1459 u8 *dst, u32 ratemask, 1467 u8 *dst, u32 ratemask,
1468 struct ieee80211_channel *chan,
1460 const u8 *ssid, size_t ssid_len, 1469 const u8 *ssid, size_t ssid_len,
1461 const u8 *ie, size_t ie_len, 1470 const u8 *ie, size_t ie_len,
1462 bool directed); 1471 bool directed);
1463void ieee80211_send_probe_req(struct ieee80211_sub_if_data *sdata, u8 *dst, 1472void ieee80211_send_probe_req(struct ieee80211_sub_if_data *sdata, u8 *dst,
1464 const u8 *ssid, size_t ssid_len, 1473 const u8 *ssid, size_t ssid_len,
1465 const u8 *ie, size_t ie_len, 1474 const u8 *ie, size_t ie_len,
1466 u32 ratemask, bool directed, bool no_cck); 1475 u32 ratemask, bool directed, bool no_cck,
1476 struct ieee80211_channel *channel);
1467 1477
1468void ieee80211_sta_def_wmm_params(struct ieee80211_sub_if_data *sdata, 1478void ieee80211_sta_def_wmm_params(struct ieee80211_sub_if_data *sdata,
1469 const size_t supp_rates_len, 1479 const size_t supp_rates_len,
@@ -1487,9 +1497,11 @@ u8 *ieee80211_ie_build_ht_oper(u8 *pos, struct ieee80211_sta_ht_cap *ht_cap,
1487u8 *ieee80211_ie_build_vht_cap(u8 *pos, struct ieee80211_sta_vht_cap *vht_cap, 1497u8 *ieee80211_ie_build_vht_cap(u8 *pos, struct ieee80211_sta_vht_cap *vht_cap,
1488 u32 cap); 1498 u32 cap);
1489int ieee80211_add_srates_ie(struct ieee80211_sub_if_data *sdata, 1499int ieee80211_add_srates_ie(struct ieee80211_sub_if_data *sdata,
1490 struct sk_buff *skb, bool need_basic); 1500 struct sk_buff *skb, bool need_basic,
1501 enum ieee80211_band band);
1491int ieee80211_add_ext_srates_ie(struct ieee80211_sub_if_data *sdata, 1502int ieee80211_add_ext_srates_ie(struct ieee80211_sub_if_data *sdata,
1492 struct sk_buff *skb, bool need_basic); 1503 struct sk_buff *skb, bool need_basic,
1504 enum ieee80211_band band);
1493 1505
1494/* channel management */ 1506/* channel management */
1495enum ieee80211_chan_mode { 1507enum ieee80211_chan_mode {
diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
index bfb57dcc1538..59f8adc2aa5f 100644
--- a/net/mac80211/iface.c
+++ b/net/mac80211/iface.c
@@ -100,6 +100,10 @@ static u32 __ieee80211_recalc_idle(struct ieee80211_local *local)
100 sdata->vif.bss_conf.idle = true; 100 sdata->vif.bss_conf.idle = true;
101 continue; 101 continue;
102 } 102 }
103
104 if (sdata->vif.type == NL80211_IFTYPE_P2P_DEVICE)
105 continue;
106
103 /* count everything else */ 107 /* count everything else */
104 sdata->vif.bss_conf.idle = false; 108 sdata->vif.bss_conf.idle = false;
105 count++; 109 count++;
@@ -121,7 +125,8 @@ static u32 __ieee80211_recalc_idle(struct ieee80211_local *local)
121 125
122 list_for_each_entry(sdata, &local->interfaces, list) { 126 list_for_each_entry(sdata, &local->interfaces, list) {
123 if (sdata->vif.type == NL80211_IFTYPE_MONITOR || 127 if (sdata->vif.type == NL80211_IFTYPE_MONITOR ||
124 sdata->vif.type == NL80211_IFTYPE_AP_VLAN) 128 sdata->vif.type == NL80211_IFTYPE_AP_VLAN ||
129 sdata->vif.type == NL80211_IFTYPE_P2P_DEVICE)
125 continue; 130 continue;
126 if (sdata->old_idle == sdata->vif.bss_conf.idle) 131 if (sdata->old_idle == sdata->vif.bss_conf.idle)
127 continue; 132 continue;
@@ -204,6 +209,8 @@ static inline int identical_mac_addr_allowed(int type1, int type2)
204{ 209{
205 return type1 == NL80211_IFTYPE_MONITOR || 210 return type1 == NL80211_IFTYPE_MONITOR ||
206 type2 == NL80211_IFTYPE_MONITOR || 211 type2 == NL80211_IFTYPE_MONITOR ||
212 type1 == NL80211_IFTYPE_P2P_DEVICE ||
213 type2 == NL80211_IFTYPE_P2P_DEVICE ||
207 (type1 == NL80211_IFTYPE_AP && type2 == NL80211_IFTYPE_WDS) || 214 (type1 == NL80211_IFTYPE_AP && type2 == NL80211_IFTYPE_WDS) ||
208 (type1 == NL80211_IFTYPE_WDS && 215 (type1 == NL80211_IFTYPE_WDS &&
209 (type2 == NL80211_IFTYPE_WDS || 216 (type2 == NL80211_IFTYPE_WDS ||
@@ -406,9 +413,10 @@ static void ieee80211_del_virtual_monitor(struct ieee80211_local *local)
406 * an error on interface type changes that have been pre-checked, so most 413 * an error on interface type changes that have been pre-checked, so most
407 * checks should be in ieee80211_check_concurrent_iface. 414 * checks should be in ieee80211_check_concurrent_iface.
408 */ 415 */
409static int ieee80211_do_open(struct net_device *dev, bool coming_up) 416int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up)
410{ 417{
411 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 418 struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
419 struct net_device *dev = wdev->netdev;
412 struct ieee80211_local *local = sdata->local; 420 struct ieee80211_local *local = sdata->local;
413 struct sta_info *sta; 421 struct sta_info *sta;
414 u32 changed = 0; 422 u32 changed = 0;
@@ -443,6 +451,7 @@ static int ieee80211_do_open(struct net_device *dev, bool coming_up)
443 case NL80211_IFTYPE_STATION: 451 case NL80211_IFTYPE_STATION:
444 case NL80211_IFTYPE_MONITOR: 452 case NL80211_IFTYPE_MONITOR:
445 case NL80211_IFTYPE_ADHOC: 453 case NL80211_IFTYPE_ADHOC:
454 case NL80211_IFTYPE_P2P_DEVICE:
446 /* no special treatment */ 455 /* no special treatment */
447 break; 456 break;
448 case NL80211_IFTYPE_UNSPECIFIED: 457 case NL80211_IFTYPE_UNSPECIFIED:
@@ -471,7 +480,7 @@ static int ieee80211_do_open(struct net_device *dev, bool coming_up)
471 * Copy the hopefully now-present MAC address to 480 * Copy the hopefully now-present MAC address to
472 * this interface, if it has the special null one. 481 * this interface, if it has the special null one.
473 */ 482 */
474 if (is_zero_ether_addr(dev->dev_addr)) { 483 if (dev && is_zero_ether_addr(dev->dev_addr)) {
475 memcpy(dev->dev_addr, 484 memcpy(dev->dev_addr,
476 local->hw.wiphy->perm_addr, 485 local->hw.wiphy->perm_addr,
477 ETH_ALEN); 486 ETH_ALEN);
@@ -536,15 +545,23 @@ static int ieee80211_do_open(struct net_device *dev, bool coming_up)
536 local->fif_probe_req++; 545 local->fif_probe_req++;
537 } 546 }
538 547
539 changed |= ieee80211_reset_erp_info(sdata); 548 if (sdata->vif.type != NL80211_IFTYPE_P2P_DEVICE)
549 changed |= ieee80211_reset_erp_info(sdata);
540 ieee80211_bss_info_change_notify(sdata, changed); 550 ieee80211_bss_info_change_notify(sdata, changed);
541 551
542 if (sdata->vif.type == NL80211_IFTYPE_STATION || 552 switch (sdata->vif.type) {
543 sdata->vif.type == NL80211_IFTYPE_ADHOC || 553 case NL80211_IFTYPE_STATION:
544 sdata->vif.type == NL80211_IFTYPE_AP) 554 case NL80211_IFTYPE_ADHOC:
555 case NL80211_IFTYPE_AP:
556 case NL80211_IFTYPE_MESH_POINT:
545 netif_carrier_off(dev); 557 netif_carrier_off(dev);
546 else 558 break;
559 case NL80211_IFTYPE_WDS:
560 case NL80211_IFTYPE_P2P_DEVICE:
561 break;
562 default:
547 netif_carrier_on(dev); 563 netif_carrier_on(dev);
564 }
548 565
549 /* 566 /*
550 * set default queue parameters so drivers don't 567 * set default queue parameters so drivers don't
@@ -576,6 +593,9 @@ static int ieee80211_do_open(struct net_device *dev, bool coming_up)
576 } 593 }
577 594
578 rate_control_rate_init(sta); 595 rate_control_rate_init(sta);
596 netif_carrier_on(dev);
597 } else if (sdata->vif.type == NL80211_IFTYPE_P2P_DEVICE) {
598 rcu_assign_pointer(local->p2p_sdata, sdata);
579 } 599 }
580 600
581 /* 601 /*
@@ -601,7 +621,8 @@ static int ieee80211_do_open(struct net_device *dev, bool coming_up)
601 621
602 ieee80211_recalc_ps(local, -1); 622 ieee80211_recalc_ps(local, -1);
603 623
604 netif_tx_start_all_queues(dev); 624 if (dev)
625 netif_tx_start_all_queues(dev);
605 626
606 return 0; 627 return 0;
607 err_del_interface: 628 err_del_interface:
@@ -631,7 +652,7 @@ static int ieee80211_open(struct net_device *dev)
631 if (err) 652 if (err)
632 return err; 653 return err;
633 654
634 return ieee80211_do_open(dev, true); 655 return ieee80211_do_open(&sdata->wdev, true);
635} 656}
636 657
637static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, 658static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
@@ -652,7 +673,8 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
652 /* 673 /*
653 * Stop TX on this interface first. 674 * Stop TX on this interface first.
654 */ 675 */
655 netif_tx_stop_all_queues(sdata->dev); 676 if (sdata->dev)
677 netif_tx_stop_all_queues(sdata->dev);
656 678
657 ieee80211_roc_purge(sdata); 679 ieee80211_roc_purge(sdata);
658 680
@@ -691,14 +713,16 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
691 local->fif_probe_req--; 713 local->fif_probe_req--;
692 } 714 }
693 715
694 netif_addr_lock_bh(sdata->dev); 716 if (sdata->dev) {
695 spin_lock_bh(&local->filter_lock); 717 netif_addr_lock_bh(sdata->dev);
696 __hw_addr_unsync(&local->mc_list, &sdata->dev->mc, 718 spin_lock_bh(&local->filter_lock);
697 sdata->dev->addr_len); 719 __hw_addr_unsync(&local->mc_list, &sdata->dev->mc,
698 spin_unlock_bh(&local->filter_lock); 720 sdata->dev->addr_len);
699 netif_addr_unlock_bh(sdata->dev); 721 spin_unlock_bh(&local->filter_lock);
722 netif_addr_unlock_bh(sdata->dev);
700 723
701 ieee80211_configure_filter(local); 724 ieee80211_configure_filter(local);
725 }
702 726
703 del_timer_sync(&local->dynamic_ps_timer); 727 del_timer_sync(&local->dynamic_ps_timer);
704 cancel_work_sync(&local->dynamic_ps_enable_work); 728 cancel_work_sync(&local->dynamic_ps_enable_work);
@@ -708,7 +732,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
708 struct ieee80211_sub_if_data *vlan, *tmpsdata; 732 struct ieee80211_sub_if_data *vlan, *tmpsdata;
709 struct beacon_data *old_beacon = 733 struct beacon_data *old_beacon =
710 rtnl_dereference(sdata->u.ap.beacon); 734 rtnl_dereference(sdata->u.ap.beacon);
711 struct sk_buff *old_probe_resp = 735 struct probe_resp *old_probe_resp =
712 rtnl_dereference(sdata->u.ap.probe_resp); 736 rtnl_dereference(sdata->u.ap.probe_resp);
713 737
714 /* sdata_running will return false, so this will disable */ 738 /* sdata_running will return false, so this will disable */
@@ -720,7 +744,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
720 RCU_INIT_POINTER(sdata->u.ap.probe_resp, NULL); 744 RCU_INIT_POINTER(sdata->u.ap.probe_resp, NULL);
721 synchronize_rcu(); 745 synchronize_rcu();
722 kfree(old_beacon); 746 kfree(old_beacon);
723 kfree_skb(old_probe_resp); 747 kfree(old_probe_resp);
724 748
725 /* down all dependent devices, that is VLANs */ 749 /* down all dependent devices, that is VLANs */
726 list_for_each_entry_safe(vlan, tmpsdata, &sdata->u.ap.vlans, 750 list_for_each_entry_safe(vlan, tmpsdata, &sdata->u.ap.vlans,
@@ -759,6 +783,10 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
759 ieee80211_adjust_monitor_flags(sdata, -1); 783 ieee80211_adjust_monitor_flags(sdata, -1);
760 ieee80211_configure_filter(local); 784 ieee80211_configure_filter(local);
761 break; 785 break;
786 case NL80211_IFTYPE_P2P_DEVICE:
787 /* relies on synchronize_rcu() below */
788 rcu_assign_pointer(local->p2p_sdata, NULL);
789 /* fall through */
762 default: 790 default:
763 flush_work(&sdata->work); 791 flush_work(&sdata->work);
764 /* 792 /*
@@ -771,14 +799,6 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
771 skb_queue_purge(&sdata->skb_queue); 799 skb_queue_purge(&sdata->skb_queue);
772 800
773 /* 801 /*
774 * Disable beaconing here for mesh only, AP and IBSS
775 * are already taken care of.
776 */
777 if (sdata->vif.type == NL80211_IFTYPE_MESH_POINT)
778 ieee80211_bss_info_change_notify(sdata,
779 BSS_CHANGED_BEACON_ENABLED);
780
781 /*
782 * Free all remaining keys, there shouldn't be any, 802 * Free all remaining keys, there shouldn't be any,
783 * except maybe group keys in AP more or WDS? 803 * except maybe group keys in AP more or WDS?
784 */ 804 */
@@ -877,9 +897,8 @@ static void ieee80211_set_multicast_list(struct net_device *dev)
877 * Called when the netdev is removed or, by the code below, before 897 * Called when the netdev is removed or, by the code below, before
878 * the interface type changes. 898 * the interface type changes.
879 */ 899 */
880static void ieee80211_teardown_sdata(struct net_device *dev) 900static void ieee80211_teardown_sdata(struct ieee80211_sub_if_data *sdata)
881{ 901{
882 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
883 struct ieee80211_local *local = sdata->local; 902 struct ieee80211_local *local = sdata->local;
884 int flushed; 903 int flushed;
885 int i; 904 int i;
@@ -900,6 +919,11 @@ static void ieee80211_teardown_sdata(struct net_device *dev)
900 WARN_ON(flushed); 919 WARN_ON(flushed);
901} 920}
902 921
922static void ieee80211_uninit(struct net_device *dev)
923{
924 ieee80211_teardown_sdata(IEEE80211_DEV_TO_SUB_IF(dev));
925}
926
903static u16 ieee80211_netdev_select_queue(struct net_device *dev, 927static u16 ieee80211_netdev_select_queue(struct net_device *dev,
904 struct sk_buff *skb) 928 struct sk_buff *skb)
905{ 929{
@@ -909,7 +933,7 @@ static u16 ieee80211_netdev_select_queue(struct net_device *dev,
909static const struct net_device_ops ieee80211_dataif_ops = { 933static const struct net_device_ops ieee80211_dataif_ops = {
910 .ndo_open = ieee80211_open, 934 .ndo_open = ieee80211_open,
911 .ndo_stop = ieee80211_stop, 935 .ndo_stop = ieee80211_stop,
912 .ndo_uninit = ieee80211_teardown_sdata, 936 .ndo_uninit = ieee80211_uninit,
913 .ndo_start_xmit = ieee80211_subif_start_xmit, 937 .ndo_start_xmit = ieee80211_subif_start_xmit,
914 .ndo_set_rx_mode = ieee80211_set_multicast_list, 938 .ndo_set_rx_mode = ieee80211_set_multicast_list,
915 .ndo_change_mtu = ieee80211_change_mtu, 939 .ndo_change_mtu = ieee80211_change_mtu,
@@ -940,7 +964,7 @@ static u16 ieee80211_monitor_select_queue(struct net_device *dev,
940static const struct net_device_ops ieee80211_monitorif_ops = { 964static const struct net_device_ops ieee80211_monitorif_ops = {
941 .ndo_open = ieee80211_open, 965 .ndo_open = ieee80211_open,
942 .ndo_stop = ieee80211_stop, 966 .ndo_stop = ieee80211_stop,
943 .ndo_uninit = ieee80211_teardown_sdata, 967 .ndo_uninit = ieee80211_uninit,
944 .ndo_start_xmit = ieee80211_monitor_start_xmit, 968 .ndo_start_xmit = ieee80211_monitor_start_xmit,
945 .ndo_set_rx_mode = ieee80211_set_multicast_list, 969 .ndo_set_rx_mode = ieee80211_set_multicast_list,
946 .ndo_change_mtu = ieee80211_change_mtu, 970 .ndo_change_mtu = ieee80211_change_mtu,
@@ -1099,7 +1123,6 @@ static void ieee80211_setup_sdata(struct ieee80211_sub_if_data *sdata,
1099 /* and set some type-dependent values */ 1123 /* and set some type-dependent values */
1100 sdata->vif.type = type; 1124 sdata->vif.type = type;
1101 sdata->vif.p2p = false; 1125 sdata->vif.p2p = false;
1102 sdata->dev->netdev_ops = &ieee80211_dataif_ops;
1103 sdata->wdev.iftype = type; 1126 sdata->wdev.iftype = type;
1104 1127
1105 sdata->control_port_protocol = cpu_to_be16(ETH_P_PAE); 1128 sdata->control_port_protocol = cpu_to_be16(ETH_P_PAE);
@@ -1107,8 +1130,11 @@ static void ieee80211_setup_sdata(struct ieee80211_sub_if_data *sdata,
1107 1130
1108 sdata->noack_map = 0; 1131 sdata->noack_map = 0;
1109 1132
1110 /* only monitor differs */ 1133 /* only monitor/p2p-device differ */
1111 sdata->dev->type = ARPHRD_ETHER; 1134 if (sdata->dev) {
1135 sdata->dev->netdev_ops = &ieee80211_dataif_ops;
1136 sdata->dev->type = ARPHRD_ETHER;
1137 }
1112 1138
1113 skb_queue_head_init(&sdata->skb_queue); 1139 skb_queue_head_init(&sdata->skb_queue);
1114 INIT_WORK(&sdata->work, ieee80211_iface_work); 1140 INIT_WORK(&sdata->work, ieee80211_iface_work);
@@ -1146,6 +1172,7 @@ static void ieee80211_setup_sdata(struct ieee80211_sub_if_data *sdata,
1146 break; 1172 break;
1147 case NL80211_IFTYPE_WDS: 1173 case NL80211_IFTYPE_WDS:
1148 case NL80211_IFTYPE_AP_VLAN: 1174 case NL80211_IFTYPE_AP_VLAN:
1175 case NL80211_IFTYPE_P2P_DEVICE:
1149 break; 1176 break;
1150 case NL80211_IFTYPE_UNSPECIFIED: 1177 case NL80211_IFTYPE_UNSPECIFIED:
1151 case NUM_NL80211_IFTYPES: 1178 case NUM_NL80211_IFTYPES:
@@ -1156,18 +1183,6 @@ static void ieee80211_setup_sdata(struct ieee80211_sub_if_data *sdata,
1156 ieee80211_debugfs_add_netdev(sdata); 1183 ieee80211_debugfs_add_netdev(sdata);
1157} 1184}
1158 1185
1159static void ieee80211_clean_sdata(struct ieee80211_sub_if_data *sdata)
1160{
1161 switch (sdata->vif.type) {
1162 case NL80211_IFTYPE_MESH_POINT:
1163 mesh_path_flush_by_iface(sdata);
1164 break;
1165
1166 default:
1167 break;
1168 }
1169}
1170
1171static int ieee80211_runtime_change_iftype(struct ieee80211_sub_if_data *sdata, 1186static int ieee80211_runtime_change_iftype(struct ieee80211_sub_if_data *sdata,
1172 enum nl80211_iftype type) 1187 enum nl80211_iftype type)
1173{ 1188{
@@ -1225,7 +1240,7 @@ static int ieee80211_runtime_change_iftype(struct ieee80211_sub_if_data *sdata,
1225 1240
1226 ieee80211_do_stop(sdata, false); 1241 ieee80211_do_stop(sdata, false);
1227 1242
1228 ieee80211_teardown_sdata(sdata->dev); 1243 ieee80211_teardown_sdata(sdata);
1229 1244
1230 ret = drv_change_interface(local, sdata, internal_type, p2p); 1245 ret = drv_change_interface(local, sdata, internal_type, p2p);
1231 if (ret) 1246 if (ret)
@@ -1240,7 +1255,7 @@ static int ieee80211_runtime_change_iftype(struct ieee80211_sub_if_data *sdata,
1240 1255
1241 ieee80211_setup_sdata(sdata, type); 1256 ieee80211_setup_sdata(sdata, type);
1242 1257
1243 err = ieee80211_do_open(sdata->dev, false); 1258 err = ieee80211_do_open(&sdata->wdev, false);
1244 WARN(err, "type change: do_open returned %d", err); 1259 WARN(err, "type change: do_open returned %d", err);
1245 1260
1246 return ret; 1261 return ret;
@@ -1267,14 +1282,14 @@ int ieee80211_if_change_type(struct ieee80211_sub_if_data *sdata,
1267 return ret; 1282 return ret;
1268 } else { 1283 } else {
1269 /* Purge and reset type-dependent state. */ 1284 /* Purge and reset type-dependent state. */
1270 ieee80211_teardown_sdata(sdata->dev); 1285 ieee80211_teardown_sdata(sdata);
1271 ieee80211_setup_sdata(sdata, type); 1286 ieee80211_setup_sdata(sdata, type);
1272 } 1287 }
1273 1288
1274 /* reset some values that shouldn't be kept across type changes */ 1289 /* reset some values that shouldn't be kept across type changes */
1275 sdata->vif.bss_conf.basic_rates = 1290 sdata->vif.bss_conf.basic_rates =
1276 ieee80211_mandatory_rates(sdata->local, 1291 ieee80211_mandatory_rates(sdata->local,
1277 sdata->local->hw.conf.channel->band); 1292 sdata->local->oper_channel->band);
1278 sdata->drop_unencrypted = 0; 1293 sdata->drop_unencrypted = 0;
1279 if (type == NL80211_IFTYPE_STATION) 1294 if (type == NL80211_IFTYPE_STATION)
1280 sdata->u.mgd.use_4addr = false; 1295 sdata->u.mgd.use_4addr = false;
@@ -1283,8 +1298,7 @@ int ieee80211_if_change_type(struct ieee80211_sub_if_data *sdata,
1283} 1298}
1284 1299
1285static void ieee80211_assign_perm_addr(struct ieee80211_local *local, 1300static void ieee80211_assign_perm_addr(struct ieee80211_local *local,
1286 struct net_device *dev, 1301 u8 *perm_addr, enum nl80211_iftype type)
1287 enum nl80211_iftype type)
1288{ 1302{
1289 struct ieee80211_sub_if_data *sdata; 1303 struct ieee80211_sub_if_data *sdata;
1290 u64 mask, start, addr, val, inc; 1304 u64 mask, start, addr, val, inc;
@@ -1293,13 +1307,12 @@ static void ieee80211_assign_perm_addr(struct ieee80211_local *local,
1293 int i; 1307 int i;
1294 1308
1295 /* default ... something at least */ 1309 /* default ... something at least */
1296 memcpy(dev->perm_addr, local->hw.wiphy->perm_addr, ETH_ALEN); 1310 memcpy(perm_addr, local->hw.wiphy->perm_addr, ETH_ALEN);
1297 1311
1298 if (is_zero_ether_addr(local->hw.wiphy->addr_mask) && 1312 if (is_zero_ether_addr(local->hw.wiphy->addr_mask) &&
1299 local->hw.wiphy->n_addresses <= 1) 1313 local->hw.wiphy->n_addresses <= 1)
1300 return; 1314 return;
1301 1315
1302
1303 mutex_lock(&local->iflist_mtx); 1316 mutex_lock(&local->iflist_mtx);
1304 1317
1305 switch (type) { 1318 switch (type) {
@@ -1312,11 +1325,24 @@ static void ieee80211_assign_perm_addr(struct ieee80211_local *local,
1312 list_for_each_entry(sdata, &local->interfaces, list) { 1325 list_for_each_entry(sdata, &local->interfaces, list) {
1313 if (sdata->vif.type != NL80211_IFTYPE_AP) 1326 if (sdata->vif.type != NL80211_IFTYPE_AP)
1314 continue; 1327 continue;
1315 memcpy(dev->perm_addr, sdata->vif.addr, ETH_ALEN); 1328 memcpy(perm_addr, sdata->vif.addr, ETH_ALEN);
1316 break; 1329 break;
1317 } 1330 }
1318 /* keep default if no AP interface present */ 1331 /* keep default if no AP interface present */
1319 break; 1332 break;
1333 case NL80211_IFTYPE_P2P_CLIENT:
1334 case NL80211_IFTYPE_P2P_GO:
1335 if (local->hw.flags & IEEE80211_HW_P2P_DEV_ADDR_FOR_INTF) {
1336 list_for_each_entry(sdata, &local->interfaces, list) {
1337 if (sdata->vif.type != NL80211_IFTYPE_P2P_DEVICE)
1338 continue;
1339 if (!ieee80211_sdata_running(sdata))
1340 continue;
1341 memcpy(perm_addr, sdata->vif.addr, ETH_ALEN);
1342 goto out_unlock;
1343 }
1344 }
1345 /* otherwise fall through */
1320 default: 1346 default:
1321 /* assign a new address if possible -- try n_addresses first */ 1347 /* assign a new address if possible -- try n_addresses first */
1322 for (i = 0; i < local->hw.wiphy->n_addresses; i++) { 1348 for (i = 0; i < local->hw.wiphy->n_addresses; i++) {
@@ -1331,7 +1357,7 @@ static void ieee80211_assign_perm_addr(struct ieee80211_local *local,
1331 } 1357 }
1332 1358
1333 if (!used) { 1359 if (!used) {
1334 memcpy(dev->perm_addr, 1360 memcpy(perm_addr,
1335 local->hw.wiphy->addresses[i].addr, 1361 local->hw.wiphy->addresses[i].addr,
1336 ETH_ALEN); 1362 ETH_ALEN);
1337 break; 1363 break;
@@ -1382,7 +1408,7 @@ static void ieee80211_assign_perm_addr(struct ieee80211_local *local,
1382 } 1408 }
1383 1409
1384 if (!used) { 1410 if (!used) {
1385 memcpy(dev->perm_addr, tmp_addr, ETH_ALEN); 1411 memcpy(perm_addr, tmp_addr, ETH_ALEN);
1386 break; 1412 break;
1387 } 1413 }
1388 addr = (start & ~mask) | (val & mask); 1414 addr = (start & ~mask) | (val & mask);
@@ -1391,6 +1417,7 @@ static void ieee80211_assign_perm_addr(struct ieee80211_local *local,
1391 break; 1417 break;
1392 } 1418 }
1393 1419
1420 out_unlock:
1394 mutex_unlock(&local->iflist_mtx); 1421 mutex_unlock(&local->iflist_mtx);
1395} 1422}
1396 1423
@@ -1398,49 +1425,68 @@ int ieee80211_if_add(struct ieee80211_local *local, const char *name,
1398 struct wireless_dev **new_wdev, enum nl80211_iftype type, 1425 struct wireless_dev **new_wdev, enum nl80211_iftype type,
1399 struct vif_params *params) 1426 struct vif_params *params)
1400{ 1427{
1401 struct net_device *ndev; 1428 struct net_device *ndev = NULL;
1402 struct ieee80211_sub_if_data *sdata = NULL; 1429 struct ieee80211_sub_if_data *sdata = NULL;
1403 int ret, i; 1430 int ret, i;
1404 int txqs = 1; 1431 int txqs = 1;
1405 1432
1406 ASSERT_RTNL(); 1433 ASSERT_RTNL();
1407 1434
1408 if (local->hw.queues >= IEEE80211_NUM_ACS) 1435 if (type == NL80211_IFTYPE_P2P_DEVICE) {
1409 txqs = IEEE80211_NUM_ACS; 1436 struct wireless_dev *wdev;
1410 1437
1411 ndev = alloc_netdev_mqs(sizeof(*sdata) + local->hw.vif_data_size, 1438 sdata = kzalloc(sizeof(*sdata) + local->hw.vif_data_size,
1412 name, ieee80211_if_setup, txqs, 1); 1439 GFP_KERNEL);
1413 if (!ndev) 1440 if (!sdata)
1414 return -ENOMEM; 1441 return -ENOMEM;
1415 dev_net_set(ndev, wiphy_net(local->hw.wiphy)); 1442 wdev = &sdata->wdev;
1416 1443
1417 ndev->needed_headroom = local->tx_headroom + 1444 sdata->dev = NULL;
1418 4*6 /* four MAC addresses */ 1445 strlcpy(sdata->name, name, IFNAMSIZ);
1419 + 2 + 2 + 2 + 2 /* ctl, dur, seq, qos */ 1446 ieee80211_assign_perm_addr(local, wdev->address, type);
1420 + 6 /* mesh */ 1447 memcpy(sdata->vif.addr, wdev->address, ETH_ALEN);
1421 + 8 /* rfc1042/bridge tunnel */ 1448 } else {
1422 - ETH_HLEN /* ethernet hard_header_len */ 1449 if (local->hw.queues >= IEEE80211_NUM_ACS)
1423 + IEEE80211_ENCRYPT_HEADROOM; 1450 txqs = IEEE80211_NUM_ACS;
1424 ndev->needed_tailroom = IEEE80211_ENCRYPT_TAILROOM; 1451
1425 1452 ndev = alloc_netdev_mqs(sizeof(*sdata) +
1426 ret = dev_alloc_name(ndev, ndev->name); 1453 local->hw.vif_data_size,
1427 if (ret < 0) 1454 name, ieee80211_if_setup, txqs, 1);
1428 goto fail; 1455 if (!ndev)
1429 1456 return -ENOMEM;
1430 ieee80211_assign_perm_addr(local, ndev, type); 1457 dev_net_set(ndev, wiphy_net(local->hw.wiphy));
1431 memcpy(ndev->dev_addr, ndev->perm_addr, ETH_ALEN); 1458
1432 SET_NETDEV_DEV(ndev, wiphy_dev(local->hw.wiphy)); 1459 ndev->needed_headroom = local->tx_headroom +
1433 1460 4*6 /* four MAC addresses */
1434 /* don't use IEEE80211_DEV_TO_SUB_IF because it checks too much */ 1461 + 2 + 2 + 2 + 2 /* ctl, dur, seq, qos */
1435 sdata = netdev_priv(ndev); 1462 + 6 /* mesh */
1436 ndev->ieee80211_ptr = &sdata->wdev; 1463 + 8 /* rfc1042/bridge tunnel */
1437 memcpy(sdata->vif.addr, ndev->dev_addr, ETH_ALEN); 1464 - ETH_HLEN /* ethernet hard_header_len */
1438 memcpy(sdata->name, ndev->name, IFNAMSIZ); 1465 + IEEE80211_ENCRYPT_HEADROOM;
1466 ndev->needed_tailroom = IEEE80211_ENCRYPT_TAILROOM;
1467
1468 ret = dev_alloc_name(ndev, ndev->name);
1469 if (ret < 0) {
1470 free_netdev(ndev);
1471 return ret;
1472 }
1473
1474 ieee80211_assign_perm_addr(local, ndev->perm_addr, type);
1475 memcpy(ndev->dev_addr, ndev->perm_addr, ETH_ALEN);
1476 SET_NETDEV_DEV(ndev, wiphy_dev(local->hw.wiphy));
1477
1478 /* don't use IEEE80211_DEV_TO_SUB_IF -- it checks too much */
1479 sdata = netdev_priv(ndev);
1480 ndev->ieee80211_ptr = &sdata->wdev;
1481 memcpy(sdata->vif.addr, ndev->dev_addr, ETH_ALEN);
1482 memcpy(sdata->name, ndev->name, IFNAMSIZ);
1483
1484 sdata->dev = ndev;
1485 }
1439 1486
1440 /* initialise type-independent data */ 1487 /* initialise type-independent data */
1441 sdata->wdev.wiphy = local->hw.wiphy; 1488 sdata->wdev.wiphy = local->hw.wiphy;
1442 sdata->local = local; 1489 sdata->local = local;
1443 sdata->dev = ndev;
1444#ifdef CONFIG_INET 1490#ifdef CONFIG_INET
1445 sdata->arp_filter_state = true; 1491 sdata->arp_filter_state = true;
1446#endif 1492#endif
@@ -1469,17 +1515,21 @@ int ieee80211_if_add(struct ieee80211_local *local, const char *name,
1469 /* setup type-dependent data */ 1515 /* setup type-dependent data */
1470 ieee80211_setup_sdata(sdata, type); 1516 ieee80211_setup_sdata(sdata, type);
1471 1517
1472 if (params) { 1518 if (ndev) {
1473 ndev->ieee80211_ptr->use_4addr = params->use_4addr; 1519 if (params) {
1474 if (type == NL80211_IFTYPE_STATION) 1520 ndev->ieee80211_ptr->use_4addr = params->use_4addr;
1475 sdata->u.mgd.use_4addr = params->use_4addr; 1521 if (type == NL80211_IFTYPE_STATION)
1476 } 1522 sdata->u.mgd.use_4addr = params->use_4addr;
1523 }
1477 1524
1478 ndev->features |= local->hw.netdev_features; 1525 ndev->features |= local->hw.netdev_features;
1479 1526
1480 ret = register_netdevice(ndev); 1527 ret = register_netdevice(ndev);
1481 if (ret) 1528 if (ret) {
1482 goto fail; 1529 free_netdev(ndev);
1530 return ret;
1531 }
1532 }
1483 1533
1484 mutex_lock(&local->iflist_mtx); 1534 mutex_lock(&local->iflist_mtx);
1485 list_add_tail_rcu(&sdata->list, &local->interfaces); 1535 list_add_tail_rcu(&sdata->list, &local->interfaces);
@@ -1489,10 +1539,6 @@ int ieee80211_if_add(struct ieee80211_local *local, const char *name,
1489 *new_wdev = &sdata->wdev; 1539 *new_wdev = &sdata->wdev;
1490 1540
1491 return 0; 1541 return 0;
1492
1493 fail:
1494 free_netdev(ndev);
1495 return ret;
1496} 1542}
1497 1543
1498void ieee80211_if_remove(struct ieee80211_sub_if_data *sdata) 1544void ieee80211_if_remove(struct ieee80211_sub_if_data *sdata)
@@ -1503,11 +1549,22 @@ void ieee80211_if_remove(struct ieee80211_sub_if_data *sdata)
1503 list_del_rcu(&sdata->list); 1549 list_del_rcu(&sdata->list);
1504 mutex_unlock(&sdata->local->iflist_mtx); 1550 mutex_unlock(&sdata->local->iflist_mtx);
1505 1551
1506 /* clean up type-dependent data */
1507 ieee80211_clean_sdata(sdata);
1508
1509 synchronize_rcu(); 1552 synchronize_rcu();
1510 unregister_netdevice(sdata->dev); 1553
1554 if (sdata->dev) {
1555 unregister_netdevice(sdata->dev);
1556 } else {
1557 cfg80211_unregister_wdev(&sdata->wdev);
1558 kfree(sdata);
1559 }
1560}
1561
1562void ieee80211_sdata_stop(struct ieee80211_sub_if_data *sdata)
1563{
1564 if (WARN_ON_ONCE(!test_bit(SDATA_STATE_RUNNING, &sdata->state)))
1565 return;
1566 ieee80211_do_stop(sdata, true);
1567 ieee80211_teardown_sdata(sdata);
1511} 1568}
1512 1569
1513/* 1570/*
@@ -1518,6 +1575,7 @@ void ieee80211_remove_interfaces(struct ieee80211_local *local)
1518{ 1575{
1519 struct ieee80211_sub_if_data *sdata, *tmp; 1576 struct ieee80211_sub_if_data *sdata, *tmp;
1520 LIST_HEAD(unreg_list); 1577 LIST_HEAD(unreg_list);
1578 LIST_HEAD(wdev_list);
1521 1579
1522 ASSERT_RTNL(); 1580 ASSERT_RTNL();
1523 1581
@@ -1525,13 +1583,20 @@ void ieee80211_remove_interfaces(struct ieee80211_local *local)
1525 list_for_each_entry_safe(sdata, tmp, &local->interfaces, list) { 1583 list_for_each_entry_safe(sdata, tmp, &local->interfaces, list) {
1526 list_del(&sdata->list); 1584 list_del(&sdata->list);
1527 1585
1528 ieee80211_clean_sdata(sdata); 1586 if (sdata->dev)
1529 1587 unregister_netdevice_queue(sdata->dev, &unreg_list);
1530 unregister_netdevice_queue(sdata->dev, &unreg_list); 1588 else
1589 list_add(&sdata->list, &wdev_list);
1531 } 1590 }
1532 mutex_unlock(&local->iflist_mtx); 1591 mutex_unlock(&local->iflist_mtx);
1533 unregister_netdevice_many(&unreg_list); 1592 unregister_netdevice_many(&unreg_list);
1534 list_del(&unreg_list); 1593 list_del(&unreg_list);
1594
1595 list_for_each_entry_safe(sdata, tmp, &wdev_list, list) {
1596 list_del(&sdata->list);
1597 cfg80211_unregister_wdev(&sdata->wdev);
1598 kfree(sdata);
1599 }
1535} 1600}
1536 1601
1537static int netdev_notify(struct notifier_block *nb, 1602static int netdev_notify(struct notifier_block *nb,
diff --git a/net/mac80211/main.c b/net/mac80211/main.c
index c26e231c733a..bd7529363193 100644
--- a/net/mac80211/main.c
+++ b/net/mac80211/main.c
@@ -207,6 +207,10 @@ void ieee80211_bss_info_change_notify(struct ieee80211_sub_if_data *sdata,
207 sdata->vif.bss_conf.bssid = NULL; 207 sdata->vif.bss_conf.bssid = NULL;
208 else if (ieee80211_vif_is_mesh(&sdata->vif)) { 208 else if (ieee80211_vif_is_mesh(&sdata->vif)) {
209 sdata->vif.bss_conf.bssid = zero; 209 sdata->vif.bss_conf.bssid = zero;
210 } else if (sdata->vif.type == NL80211_IFTYPE_P2P_DEVICE) {
211 sdata->vif.bss_conf.bssid = sdata->vif.addr;
212 WARN_ONCE(changed & ~(BSS_CHANGED_IDLE),
213 "P2P Device BSS changed %#x", changed);
210 } else { 214 } else {
211 WARN_ON(1); 215 WARN_ON(1);
212 return; 216 return;
@@ -514,6 +518,11 @@ ieee80211_default_mgmt_stypes[NUM_NL80211_IFTYPES] = {
514 BIT(IEEE80211_STYPE_AUTH >> 4) | 518 BIT(IEEE80211_STYPE_AUTH >> 4) |
515 BIT(IEEE80211_STYPE_DEAUTH >> 4), 519 BIT(IEEE80211_STYPE_DEAUTH >> 4),
516 }, 520 },
521 [NL80211_IFTYPE_P2P_DEVICE] = {
522 .tx = 0xffff,
523 .rx = BIT(IEEE80211_STYPE_ACTION >> 4) |
524 BIT(IEEE80211_STYPE_PROBE_REQ >> 4),
525 },
517}; 526};
518 527
519static const struct ieee80211_ht_cap mac80211_ht_capa_mod_mask = { 528static const struct ieee80211_ht_cap mac80211_ht_capa_mod_mask = {
@@ -536,6 +545,11 @@ struct ieee80211_hw *ieee80211_alloc_hw(size_t priv_data_len,
536 int priv_size, i; 545 int priv_size, i;
537 struct wiphy *wiphy; 546 struct wiphy *wiphy;
538 547
548 if (WARN_ON(!ops->tx || !ops->start || !ops->stop || !ops->config ||
549 !ops->add_interface || !ops->remove_interface ||
550 !ops->configure_filter))
551 return NULL;
552
539 if (WARN_ON(ops->sta_state && (ops->sta_add || ops->sta_remove))) 553 if (WARN_ON(ops->sta_state && (ops->sta_add || ops->sta_remove)))
540 return NULL; 554 return NULL;
541 555
@@ -588,13 +602,6 @@ struct ieee80211_hw *ieee80211_alloc_hw(size_t priv_data_len,
588 602
589 local->hw.priv = (char *)local + ALIGN(sizeof(*local), NETDEV_ALIGN); 603 local->hw.priv = (char *)local + ALIGN(sizeof(*local), NETDEV_ALIGN);
590 604
591 BUG_ON(!ops->tx);
592 BUG_ON(!ops->start);
593 BUG_ON(!ops->stop);
594 BUG_ON(!ops->config);
595 BUG_ON(!ops->add_interface);
596 BUG_ON(!ops->remove_interface);
597 BUG_ON(!ops->configure_filter);
598 local->ops = ops; 605 local->ops = ops;
599 606
600 /* set up some defaults */ 607 /* set up some defaults */
diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c
index 0e2f83e71277..ff0296c7bab8 100644
--- a/net/mac80211/mesh.c
+++ b/net/mac80211/mesh.c
@@ -109,11 +109,11 @@ bool mesh_matches_local(struct ieee80211_sub_if_data *sdata,
109 109
110 /* Disallow HT40+/- mismatch */ 110 /* Disallow HT40+/- mismatch */
111 if (ie->ht_operation && 111 if (ie->ht_operation &&
112 (local->_oper_channel_type == NL80211_CHAN_HT40MINUS || 112 (sdata->vif.bss_conf.channel_type == NL80211_CHAN_HT40MINUS ||
113 local->_oper_channel_type == NL80211_CHAN_HT40PLUS) && 113 sdata->vif.bss_conf.channel_type == NL80211_CHAN_HT40PLUS) &&
114 (sta_channel_type == NL80211_CHAN_HT40MINUS || 114 (sta_channel_type == NL80211_CHAN_HT40MINUS ||
115 sta_channel_type == NL80211_CHAN_HT40PLUS) && 115 sta_channel_type == NL80211_CHAN_HT40PLUS) &&
116 local->_oper_channel_type != sta_channel_type) 116 sdata->vif.bss_conf.channel_type != sta_channel_type)
117 goto mismatch; 117 goto mismatch;
118 118
119 return true; 119 return true;
@@ -355,17 +355,18 @@ int mesh_add_ds_params_ie(struct sk_buff *skb,
355{ 355{
356 struct ieee80211_local *local = sdata->local; 356 struct ieee80211_local *local = sdata->local;
357 struct ieee80211_supported_band *sband; 357 struct ieee80211_supported_band *sband;
358 struct ieee80211_channel *chan = local->oper_channel;
358 u8 *pos; 359 u8 *pos;
359 360
360 if (skb_tailroom(skb) < 3) 361 if (skb_tailroom(skb) < 3)
361 return -ENOMEM; 362 return -ENOMEM;
362 363
363 sband = local->hw.wiphy->bands[local->hw.conf.channel->band]; 364 sband = local->hw.wiphy->bands[chan->band];
364 if (sband->band == IEEE80211_BAND_2GHZ) { 365 if (sband->band == IEEE80211_BAND_2GHZ) {
365 pos = skb_put(skb, 2 + 1); 366 pos = skb_put(skb, 2 + 1);
366 *pos++ = WLAN_EID_DS_PARAMS; 367 *pos++ = WLAN_EID_DS_PARAMS;
367 *pos++ = 1; 368 *pos++ = 1;
368 *pos++ = ieee80211_frequency_to_channel(local->hw.conf.channel->center_freq); 369 *pos++ = ieee80211_frequency_to_channel(chan->center_freq);
369 } 370 }
370 371
371 return 0; 372 return 0;
@@ -380,7 +381,7 @@ int mesh_add_ht_cap_ie(struct sk_buff *skb,
380 381
381 sband = local->hw.wiphy->bands[local->oper_channel->band]; 382 sband = local->hw.wiphy->bands[local->oper_channel->band];
382 if (!sband->ht_cap.ht_supported || 383 if (!sband->ht_cap.ht_supported ||
383 local->_oper_channel_type == NL80211_CHAN_NO_HT) 384 sdata->vif.bss_conf.channel_type == NL80211_CHAN_NO_HT)
384 return 0; 385 return 0;
385 386
386 if (skb_tailroom(skb) < 2 + sizeof(struct ieee80211_ht_cap)) 387 if (skb_tailroom(skb) < 2 + sizeof(struct ieee80211_ht_cap))
@@ -397,7 +398,8 @@ int mesh_add_ht_oper_ie(struct sk_buff *skb,
397{ 398{
398 struct ieee80211_local *local = sdata->local; 399 struct ieee80211_local *local = sdata->local;
399 struct ieee80211_channel *channel = local->oper_channel; 400 struct ieee80211_channel *channel = local->oper_channel;
400 enum nl80211_channel_type channel_type = local->_oper_channel_type; 401 enum nl80211_channel_type channel_type =
402 sdata->vif.bss_conf.channel_type;
401 struct ieee80211_supported_band *sband = 403 struct ieee80211_supported_band *sband =
402 local->hw.wiphy->bands[channel->band]; 404 local->hw.wiphy->bands[channel->band];
403 struct ieee80211_sta_ht_cap *ht_cap = &sband->ht_cap; 405 struct ieee80211_sta_ht_cap *ht_cap = &sband->ht_cap;
@@ -608,12 +610,14 @@ void ieee80211_start_mesh(struct ieee80211_sub_if_data *sdata)
608 sdata->vif.bss_conf.beacon_int = MESH_DEFAULT_BEACON_INTERVAL; 610 sdata->vif.bss_conf.beacon_int = MESH_DEFAULT_BEACON_INTERVAL;
609 sdata->vif.bss_conf.basic_rates = 611 sdata->vif.bss_conf.basic_rates =
610 ieee80211_mandatory_rates(sdata->local, 612 ieee80211_mandatory_rates(sdata->local,
611 sdata->local->hw.conf.channel->band); 613 sdata->local->oper_channel->band);
612 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON | 614 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON |
613 BSS_CHANGED_BEACON_ENABLED | 615 BSS_CHANGED_BEACON_ENABLED |
614 BSS_CHANGED_HT | 616 BSS_CHANGED_HT |
615 BSS_CHANGED_BASIC_RATES | 617 BSS_CHANGED_BASIC_RATES |
616 BSS_CHANGED_BEACON_INT); 618 BSS_CHANGED_BEACON_INT);
619
620 netif_carrier_on(sdata->dev);
617} 621}
618 622
619void ieee80211_stop_mesh(struct ieee80211_sub_if_data *sdata) 623void ieee80211_stop_mesh(struct ieee80211_sub_if_data *sdata)
@@ -621,9 +625,15 @@ void ieee80211_stop_mesh(struct ieee80211_sub_if_data *sdata)
621 struct ieee80211_local *local = sdata->local; 625 struct ieee80211_local *local = sdata->local;
622 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh; 626 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
623 627
628 netif_carrier_off(sdata->dev);
629
630 /* stop the beacon */
624 ifmsh->mesh_id_len = 0; 631 ifmsh->mesh_id_len = 0;
625 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON_ENABLED); 632 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON_ENABLED);
626 sta_info_flush(local, NULL); 633
634 /* flush STAs and mpaths on this iface */
635 sta_info_flush(sdata->local, sdata);
636 mesh_path_flush_by_iface(sdata);
627 637
628 del_timer_sync(&sdata->u.mesh.housekeeping_timer); 638 del_timer_sync(&sdata->u.mesh.housekeeping_timer);
629 del_timer_sync(&sdata->u.mesh.mesh_path_root_timer); 639 del_timer_sync(&sdata->u.mesh.mesh_path_root_timer);
diff --git a/net/mac80211/mesh.h b/net/mac80211/mesh.h
index 13fd5b5fdb0a..25d0f17dec71 100644
--- a/net/mac80211/mesh.h
+++ b/net/mac80211/mesh.h
@@ -215,6 +215,9 @@ struct mesh_rmc {
215/* Maximum number of paths per interface */ 215/* Maximum number of paths per interface */
216#define MESH_MAX_MPATHS 1024 216#define MESH_MAX_MPATHS 1024
217 217
218/* Number of frames buffered per destination for unresolved destinations */
219#define MESH_FRAME_QUEUE_LEN 10
220
218/* Public interfaces */ 221/* Public interfaces */
219/* Various */ 222/* Various */
220int ieee80211_fill_mesh_addresses(struct ieee80211_hdr *hdr, __le16 *fc, 223int ieee80211_fill_mesh_addresses(struct ieee80211_hdr *hdr, __le16 *fc,
diff --git a/net/mac80211/mesh_hwmp.c b/net/mac80211/mesh_hwmp.c
index 494bc39f61a4..47aeee2d8db1 100644
--- a/net/mac80211/mesh_hwmp.c
+++ b/net/mac80211/mesh_hwmp.c
@@ -17,8 +17,6 @@
17#define MAX_METRIC 0xffffffff 17#define MAX_METRIC 0xffffffff
18#define ARITH_SHIFT 8 18#define ARITH_SHIFT 8
19 19
20/* Number of frames buffered per destination for unresolved destinations */
21#define MESH_FRAME_QUEUE_LEN 10
22#define MAX_PREQ_QUEUE_LEN 64 20#define MAX_PREQ_QUEUE_LEN 64
23 21
24/* Destination only */ 22/* Destination only */
diff --git a/net/mac80211/mesh_pathtbl.c b/net/mac80211/mesh_pathtbl.c
index 075bc535c601..aa749818860e 100644
--- a/net/mac80211/mesh_pathtbl.c
+++ b/net/mac80211/mesh_pathtbl.c
@@ -203,23 +203,17 @@ void mesh_path_assign_nexthop(struct mesh_path *mpath, struct sta_info *sta)
203{ 203{
204 struct sk_buff *skb; 204 struct sk_buff *skb;
205 struct ieee80211_hdr *hdr; 205 struct ieee80211_hdr *hdr;
206 struct sk_buff_head tmpq;
207 unsigned long flags; 206 unsigned long flags;
208 207
209 rcu_assign_pointer(mpath->next_hop, sta); 208 rcu_assign_pointer(mpath->next_hop, sta);
210 209
211 __skb_queue_head_init(&tmpq);
212
213 spin_lock_irqsave(&mpath->frame_queue.lock, flags); 210 spin_lock_irqsave(&mpath->frame_queue.lock, flags);
214 211 skb_queue_walk(&mpath->frame_queue, skb) {
215 while ((skb = __skb_dequeue(&mpath->frame_queue)) != NULL) {
216 hdr = (struct ieee80211_hdr *) skb->data; 212 hdr = (struct ieee80211_hdr *) skb->data;
217 memcpy(hdr->addr1, sta->sta.addr, ETH_ALEN); 213 memcpy(hdr->addr1, sta->sta.addr, ETH_ALEN);
218 memcpy(hdr->addr2, mpath->sdata->vif.addr, ETH_ALEN); 214 memcpy(hdr->addr2, mpath->sdata->vif.addr, ETH_ALEN);
219 __skb_queue_tail(&tmpq, skb);
220 } 215 }
221 216
222 skb_queue_splice(&tmpq, &mpath->frame_queue);
223 spin_unlock_irqrestore(&mpath->frame_queue.lock, flags); 217 spin_unlock_irqrestore(&mpath->frame_queue.lock, flags);
224} 218}
225 219
@@ -285,40 +279,42 @@ static void mesh_path_move_to_queue(struct mesh_path *gate_mpath,
285 struct mesh_path *from_mpath, 279 struct mesh_path *from_mpath,
286 bool copy) 280 bool copy)
287{ 281{
288 struct sk_buff *skb, *cp_skb = NULL; 282 struct sk_buff *skb, *fskb, *tmp;
289 struct sk_buff_head gateq, failq; 283 struct sk_buff_head failq;
290 unsigned long flags; 284 unsigned long flags;
291 int num_skbs;
292 285
293 BUG_ON(gate_mpath == from_mpath); 286 BUG_ON(gate_mpath == from_mpath);
294 BUG_ON(!gate_mpath->next_hop); 287 BUG_ON(!gate_mpath->next_hop);
295 288
296 __skb_queue_head_init(&gateq);
297 __skb_queue_head_init(&failq); 289 __skb_queue_head_init(&failq);
298 290
299 spin_lock_irqsave(&from_mpath->frame_queue.lock, flags); 291 spin_lock_irqsave(&from_mpath->frame_queue.lock, flags);
300 skb_queue_splice_init(&from_mpath->frame_queue, &failq); 292 skb_queue_splice_init(&from_mpath->frame_queue, &failq);
301 spin_unlock_irqrestore(&from_mpath->frame_queue.lock, flags); 293 spin_unlock_irqrestore(&from_mpath->frame_queue.lock, flags);
302 294
303 num_skbs = skb_queue_len(&failq); 295 skb_queue_walk_safe(&failq, fskb, tmp) {
304 296 if (skb_queue_len(&gate_mpath->frame_queue) >=
305 while (num_skbs--) { 297 MESH_FRAME_QUEUE_LEN) {
306 skb = __skb_dequeue(&failq); 298 mpath_dbg(gate_mpath->sdata, "mpath queue full!\n");
307 if (copy) { 299 break;
308 cp_skb = skb_copy(skb, GFP_ATOMIC);
309 if (cp_skb)
310 __skb_queue_tail(&failq, cp_skb);
311 } 300 }
312 301
302 skb = skb_copy(fskb, GFP_ATOMIC);
303 if (WARN_ON(!skb))
304 break;
305
313 prepare_for_gate(skb, gate_mpath->dst, gate_mpath); 306 prepare_for_gate(skb, gate_mpath->dst, gate_mpath);
314 __skb_queue_tail(&gateq, skb); 307 skb_queue_tail(&gate_mpath->frame_queue, skb);
308
309 if (copy)
310 continue;
311
312 __skb_unlink(fskb, &failq);
313 kfree_skb(fskb);
315 } 314 }
316 315
317 spin_lock_irqsave(&gate_mpath->frame_queue.lock, flags);
318 skb_queue_splice(&gateq, &gate_mpath->frame_queue);
319 mpath_dbg(gate_mpath->sdata, "Mpath queue for gate %pM has %d frames\n", 316 mpath_dbg(gate_mpath->sdata, "Mpath queue for gate %pM has %d frames\n",
320 gate_mpath->dst, skb_queue_len(&gate_mpath->frame_queue)); 317 gate_mpath->dst, skb_queue_len(&gate_mpath->frame_queue));
321 spin_unlock_irqrestore(&gate_mpath->frame_queue.lock, flags);
322 318
323 if (!copy) 319 if (!copy)
324 return; 320 return;
@@ -531,7 +527,7 @@ int mesh_path_add(u8 *dst, struct ieee80211_sub_if_data *sdata)
531 527
532 read_lock_bh(&pathtbl_resize_lock); 528 read_lock_bh(&pathtbl_resize_lock);
533 memcpy(new_mpath->dst, dst, ETH_ALEN); 529 memcpy(new_mpath->dst, dst, ETH_ALEN);
534 memset(new_mpath->rann_snd_addr, 0xff, ETH_ALEN); 530 eth_broadcast_addr(new_mpath->rann_snd_addr);
535 new_mpath->is_root = false; 531 new_mpath->is_root = false;
536 new_mpath->sdata = sdata; 532 new_mpath->sdata = sdata;
537 new_mpath->flags = 0; 533 new_mpath->flags = 0;
diff --git a/net/mac80211/mesh_plink.c b/net/mac80211/mesh_plink.c
index f20e9f26d137..9d7ad366ef09 100644
--- a/net/mac80211/mesh_plink.c
+++ b/net/mac80211/mesh_plink.c
@@ -117,7 +117,7 @@ static u32 mesh_set_ht_prot_mode(struct ieee80211_sub_if_data *sdata)
117 u16 ht_opmode; 117 u16 ht_opmode;
118 bool non_ht_sta = false, ht20_sta = false; 118 bool non_ht_sta = false, ht20_sta = false;
119 119
120 if (local->_oper_channel_type == NL80211_CHAN_NO_HT) 120 if (sdata->vif.bss_conf.channel_type == NL80211_CHAN_NO_HT)
121 return 0; 121 return 0;
122 122
123 rcu_read_lock(); 123 rcu_read_lock();
@@ -147,7 +147,8 @@ out:
147 147
148 if (non_ht_sta) 148 if (non_ht_sta)
149 ht_opmode = IEEE80211_HT_OP_MODE_PROTECTION_NONHT_MIXED; 149 ht_opmode = IEEE80211_HT_OP_MODE_PROTECTION_NONHT_MIXED;
150 else if (ht20_sta && local->_oper_channel_type > NL80211_CHAN_HT20) 150 else if (ht20_sta &&
151 sdata->vif.bss_conf.channel_type > NL80211_CHAN_HT20)
151 ht_opmode = IEEE80211_HT_OP_MODE_PROTECTION_20MHZ; 152 ht_opmode = IEEE80211_HT_OP_MODE_PROTECTION_20MHZ;
152 else 153 else
153 ht_opmode = IEEE80211_HT_OP_MODE_PROTECTION_NONE; 154 ht_opmode = IEEE80211_HT_OP_MODE_PROTECTION_NONE;
@@ -215,12 +216,14 @@ static int mesh_plink_frame_tx(struct ieee80211_sub_if_data *sdata,
215 u8 *da, __le16 llid, __le16 plid, __le16 reason) { 216 u8 *da, __le16 llid, __le16 plid, __le16 reason) {
216 struct ieee80211_local *local = sdata->local; 217 struct ieee80211_local *local = sdata->local;
217 struct sk_buff *skb; 218 struct sk_buff *skb;
219 struct ieee80211_tx_info *info;
218 struct ieee80211_mgmt *mgmt; 220 struct ieee80211_mgmt *mgmt;
219 bool include_plid = false; 221 bool include_plid = false;
220 u16 peering_proto = 0; 222 u16 peering_proto = 0;
221 u8 *pos, ie_len = 4; 223 u8 *pos, ie_len = 4;
222 int hdr_len = offsetof(struct ieee80211_mgmt, u.action.u.self_prot) + 224 int hdr_len = offsetof(struct ieee80211_mgmt, u.action.u.self_prot) +
223 sizeof(mgmt->u.action.u.self_prot); 225 sizeof(mgmt->u.action.u.self_prot);
226 int err = -ENOMEM;
224 227
225 skb = dev_alloc_skb(local->tx_headroom + 228 skb = dev_alloc_skb(local->tx_headroom +
226 hdr_len + 229 hdr_len +
@@ -236,6 +239,7 @@ static int mesh_plink_frame_tx(struct ieee80211_sub_if_data *sdata,
236 sdata->u.mesh.ie_len); 239 sdata->u.mesh.ie_len);
237 if (!skb) 240 if (!skb)
238 return -1; 241 return -1;
242 info = IEEE80211_SKB_CB(skb);
239 skb_reserve(skb, local->tx_headroom); 243 skb_reserve(skb, local->tx_headroom);
240 mgmt = (struct ieee80211_mgmt *) skb_put(skb, hdr_len); 244 mgmt = (struct ieee80211_mgmt *) skb_put(skb, hdr_len);
241 memset(mgmt, 0, hdr_len); 245 memset(mgmt, 0, hdr_len);
@@ -256,15 +260,18 @@ static int mesh_plink_frame_tx(struct ieee80211_sub_if_data *sdata,
256 pos = skb_put(skb, 2); 260 pos = skb_put(skb, 2);
257 memcpy(pos + 2, &plid, 2); 261 memcpy(pos + 2, &plid, 2);
258 } 262 }
259 if (ieee80211_add_srates_ie(sdata, skb, true) || 263 if (ieee80211_add_srates_ie(sdata, skb, true,
260 ieee80211_add_ext_srates_ie(sdata, skb, true) || 264 local->oper_channel->band) ||
265 ieee80211_add_ext_srates_ie(sdata, skb, true,
266 local->oper_channel->band) ||
261 mesh_add_rsn_ie(skb, sdata) || 267 mesh_add_rsn_ie(skb, sdata) ||
262 mesh_add_meshid_ie(skb, sdata) || 268 mesh_add_meshid_ie(skb, sdata) ||
263 mesh_add_meshconf_ie(skb, sdata)) 269 mesh_add_meshconf_ie(skb, sdata))
264 return -1; 270 goto free;
265 } else { /* WLAN_SP_MESH_PEERING_CLOSE */ 271 } else { /* WLAN_SP_MESH_PEERING_CLOSE */
272 info->flags |= IEEE80211_TX_CTL_NO_ACK;
266 if (mesh_add_meshid_ie(skb, sdata)) 273 if (mesh_add_meshid_ie(skb, sdata))
267 return -1; 274 goto free;
268 } 275 }
269 276
270 /* Add Mesh Peering Management element */ 277 /* Add Mesh Peering Management element */
@@ -283,11 +290,12 @@ static int mesh_plink_frame_tx(struct ieee80211_sub_if_data *sdata,
283 ie_len += 2; /* reason code */ 290 ie_len += 2; /* reason code */
284 break; 291 break;
285 default: 292 default:
286 return -EINVAL; 293 err = -EINVAL;
294 goto free;
287 } 295 }
288 296
289 if (WARN_ON(skb_tailroom(skb) < 2 + ie_len)) 297 if (WARN_ON(skb_tailroom(skb) < 2 + ie_len))
290 return -ENOMEM; 298 goto free;
291 299
292 pos = skb_put(skb, 2 + ie_len); 300 pos = skb_put(skb, 2 + ie_len);
293 *pos++ = WLAN_EID_PEER_MGMT; 301 *pos++ = WLAN_EID_PEER_MGMT;
@@ -308,14 +316,17 @@ static int mesh_plink_frame_tx(struct ieee80211_sub_if_data *sdata,
308 if (action != WLAN_SP_MESH_PEERING_CLOSE) { 316 if (action != WLAN_SP_MESH_PEERING_CLOSE) {
309 if (mesh_add_ht_cap_ie(skb, sdata) || 317 if (mesh_add_ht_cap_ie(skb, sdata) ||
310 mesh_add_ht_oper_ie(skb, sdata)) 318 mesh_add_ht_oper_ie(skb, sdata))
311 return -1; 319 goto free;
312 } 320 }
313 321
314 if (mesh_add_vendor_ies(skb, sdata)) 322 if (mesh_add_vendor_ies(skb, sdata))
315 return -1; 323 goto free;
316 324
317 ieee80211_tx_skb(sdata, skb); 325 ieee80211_tx_skb(sdata, skb);
318 return 0; 326 return 0;
327free:
328 kfree_skb(skb);
329 return err;
319} 330}
320 331
321/** 332/**
@@ -360,9 +371,14 @@ static struct sta_info *mesh_peer_init(struct ieee80211_sub_if_data *sdata,
360 371
361 spin_lock_bh(&sta->lock); 372 spin_lock_bh(&sta->lock);
362 sta->last_rx = jiffies; 373 sta->last_rx = jiffies;
374 if (sta->plink_state == NL80211_PLINK_ESTAB) {
375 spin_unlock_bh(&sta->lock);
376 return sta;
377 }
378
363 sta->sta.supp_rates[band] = rates; 379 sta->sta.supp_rates[band] = rates;
364 if (elems->ht_cap_elem && 380 if (elems->ht_cap_elem &&
365 sdata->local->_oper_channel_type != NL80211_CHAN_NO_HT) 381 sdata->vif.bss_conf.channel_type != NL80211_CHAN_NO_HT)
366 ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband, 382 ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband,
367 elems->ht_cap_elem, 383 elems->ht_cap_elem,
368 &sta->sta.ht_cap); 384 &sta->sta.ht_cap);
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index a4a5acdbaa4d..a8cf70bf1cba 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -146,6 +146,9 @@ void ieee80211_sta_reset_beacon_monitor(struct ieee80211_sub_if_data *sdata)
146 if (sdata->vif.driver_flags & IEEE80211_VIF_BEACON_FILTER) 146 if (sdata->vif.driver_flags & IEEE80211_VIF_BEACON_FILTER)
147 return; 147 return;
148 148
149 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR)
150 return;
151
149 mod_timer(&sdata->u.mgd.bcn_mon_timer, 152 mod_timer(&sdata->u.mgd.bcn_mon_timer,
150 round_jiffies_up(jiffies + sdata->u.mgd.beacon_timeout)); 153 round_jiffies_up(jiffies + sdata->u.mgd.beacon_timeout));
151} 154}
@@ -182,15 +185,15 @@ static u32 ieee80211_config_ht_tx(struct ieee80211_sub_if_data *sdata,
182 u16 ht_opmode; 185 u16 ht_opmode;
183 bool disable_40 = false; 186 bool disable_40 = false;
184 187
185 sband = local->hw.wiphy->bands[local->hw.conf.channel->band]; 188 sband = local->hw.wiphy->bands[local->oper_channel->band];
186 189
187 switch (sdata->vif.bss_conf.channel_type) { 190 switch (sdata->vif.bss_conf.channel_type) {
188 case NL80211_CHAN_HT40PLUS: 191 case NL80211_CHAN_HT40PLUS:
189 if (local->hw.conf.channel->flags & IEEE80211_CHAN_NO_HT40PLUS) 192 if (local->oper_channel->flags & IEEE80211_CHAN_NO_HT40PLUS)
190 disable_40 = true; 193 disable_40 = true;
191 break; 194 break;
192 case NL80211_CHAN_HT40MINUS: 195 case NL80211_CHAN_HT40MINUS:
193 if (local->hw.conf.channel->flags & IEEE80211_CHAN_NO_HT40MINUS) 196 if (local->oper_channel->flags & IEEE80211_CHAN_NO_HT40MINUS)
194 disable_40 = true; 197 disable_40 = true;
195 break; 198 break;
196 default: 199 default:
@@ -326,6 +329,26 @@ static void ieee80211_add_ht_ie(struct ieee80211_sub_if_data *sdata,
326 ieee80211_ie_build_ht_cap(pos, &ht_cap, cap); 329 ieee80211_ie_build_ht_cap(pos, &ht_cap, cap);
327} 330}
328 331
332static void ieee80211_add_vht_ie(struct ieee80211_sub_if_data *sdata,
333 struct sk_buff *skb,
334 struct ieee80211_supported_band *sband)
335{
336 u8 *pos;
337 u32 cap;
338 struct ieee80211_sta_vht_cap vht_cap;
339
340 BUILD_BUG_ON(sizeof(vht_cap) != sizeof(sband->vht_cap));
341
342 memcpy(&vht_cap, &sband->vht_cap, sizeof(vht_cap));
343
344 /* determine capability flags */
345 cap = vht_cap.cap;
346
347 /* reserve and fill IE */
348 pos = skb_put(skb, sizeof(struct ieee80211_vht_capabilities) + 2);
349 ieee80211_ie_build_vht_cap(pos, &vht_cap, cap);
350}
351
329static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata) 352static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata)
330{ 353{
331 struct ieee80211_local *local = sdata->local; 354 struct ieee80211_local *local = sdata->local;
@@ -371,6 +394,7 @@ static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata)
371 4 + /* power capability */ 394 4 + /* power capability */
372 2 + 2 * sband->n_channels + /* supported channels */ 395 2 + 2 * sband->n_channels + /* supported channels */
373 2 + sizeof(struct ieee80211_ht_cap) + /* HT */ 396 2 + sizeof(struct ieee80211_ht_cap) + /* HT */
397 2 + sizeof(struct ieee80211_vht_capabilities) + /* VHT */
374 assoc_data->ie_len + /* extra IEs */ 398 assoc_data->ie_len + /* extra IEs */
375 9, /* WMM */ 399 9, /* WMM */
376 GFP_KERNEL); 400 GFP_KERNEL);
@@ -503,6 +527,9 @@ static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata)
503 ieee80211_add_ht_ie(sdata, skb, assoc_data->ap_ht_param, 527 ieee80211_add_ht_ie(sdata, skb, assoc_data->ap_ht_param,
504 sband, local->oper_channel, ifmgd->ap_smps); 528 sband, local->oper_channel, ifmgd->ap_smps);
505 529
530 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
531 ieee80211_add_vht_ie(sdata, skb, sband);
532
506 /* if present, add any custom non-vendor IEs that go after HT */ 533 /* if present, add any custom non-vendor IEs that go after HT */
507 if (assoc_data->ie_len && assoc_data->ie) { 534 if (assoc_data->ie_len && assoc_data->ie) {
508 noffset = ieee80211_ie_split_vendor(assoc_data->ie, 535 noffset = ieee80211_ie_split_vendor(assoc_data->ie,
@@ -583,8 +610,6 @@ static void ieee80211_send_deauth_disassoc(struct ieee80211_sub_if_data *sdata,
583 IEEE80211_SKB_CB(skb)->flags |= 610 IEEE80211_SKB_CB(skb)->flags |=
584 IEEE80211_TX_INTFL_DONT_ENCRYPT; 611 IEEE80211_TX_INTFL_DONT_ENCRYPT;
585 612
586 drv_mgd_prepare_tx(local, sdata);
587
588 ieee80211_tx_skb(sdata, skb); 613 ieee80211_tx_skb(sdata, skb);
589 } 614 }
590} 615}
@@ -687,6 +712,7 @@ static void ieee80211_chswitch_work(struct work_struct *work)
687 /* XXX: shouldn't really modify cfg80211-owned data! */ 712 /* XXX: shouldn't really modify cfg80211-owned data! */
688 ifmgd->associated->channel = sdata->local->oper_channel; 713 ifmgd->associated->channel = sdata->local->oper_channel;
689 714
715 /* XXX: wait for a beacon first? */
690 ieee80211_wake_queues_by_reason(&sdata->local->hw, 716 ieee80211_wake_queues_by_reason(&sdata->local->hw,
691 IEEE80211_QUEUE_STOP_REASON_CSA); 717 IEEE80211_QUEUE_STOP_REASON_CSA);
692 out: 718 out:
@@ -763,36 +789,32 @@ void ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata,
763 789
764 sdata->local->csa_channel = new_ch; 790 sdata->local->csa_channel = new_ch;
765 791
792 ifmgd->flags |= IEEE80211_STA_CSA_RECEIVED;
793
794 if (sw_elem->mode)
795 ieee80211_stop_queues_by_reason(&sdata->local->hw,
796 IEEE80211_QUEUE_STOP_REASON_CSA);
797
766 if (sdata->local->ops->channel_switch) { 798 if (sdata->local->ops->channel_switch) {
767 /* use driver's channel switch callback */ 799 /* use driver's channel switch callback */
768 struct ieee80211_channel_switch ch_switch; 800 struct ieee80211_channel_switch ch_switch = {
769 memset(&ch_switch, 0, sizeof(ch_switch)); 801 .timestamp = timestamp,
770 ch_switch.timestamp = timestamp; 802 .block_tx = sw_elem->mode,
771 if (sw_elem->mode) { 803 .channel = new_ch,
772 ch_switch.block_tx = true; 804 .count = sw_elem->count,
773 ieee80211_stop_queues_by_reason(&sdata->local->hw, 805 };
774 IEEE80211_QUEUE_STOP_REASON_CSA); 806
775 }
776 ch_switch.channel = new_ch;
777 ch_switch.count = sw_elem->count;
778 ifmgd->flags |= IEEE80211_STA_CSA_RECEIVED;
779 drv_channel_switch(sdata->local, &ch_switch); 807 drv_channel_switch(sdata->local, &ch_switch);
780 return; 808 return;
781 } 809 }
782 810
783 /* channel switch handled in software */ 811 /* channel switch handled in software */
784 if (sw_elem->count <= 1) { 812 if (sw_elem->count <= 1)
785 ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work); 813 ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work);
786 } else { 814 else
787 if (sw_elem->mode)
788 ieee80211_stop_queues_by_reason(&sdata->local->hw,
789 IEEE80211_QUEUE_STOP_REASON_CSA);
790 ifmgd->flags |= IEEE80211_STA_CSA_RECEIVED;
791 mod_timer(&ifmgd->chswitch_timer, 815 mod_timer(&ifmgd->chswitch_timer,
792 jiffies + 816 TU_TO_EXP_TIME(sw_elem->count *
793 msecs_to_jiffies(sw_elem->count * 817 cbss->beacon_interval));
794 cbss->beacon_interval));
795 }
796} 818}
797 819
798static void ieee80211_handle_pwr_constr(struct ieee80211_sub_if_data *sdata, 820static void ieee80211_handle_pwr_constr(struct ieee80211_sub_if_data *sdata,
@@ -1007,6 +1029,16 @@ void ieee80211_recalc_ps(struct ieee80211_local *local, s32 latency)
1007 ieee80211_change_ps(local); 1029 ieee80211_change_ps(local);
1008} 1030}
1009 1031
1032void ieee80211_recalc_ps_vif(struct ieee80211_sub_if_data *sdata)
1033{
1034 bool ps_allowed = ieee80211_powersave_allowed(sdata);
1035
1036 if (sdata->vif.bss_conf.ps != ps_allowed) {
1037 sdata->vif.bss_conf.ps = ps_allowed;
1038 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_PS);
1039 }
1040}
1041
1010void ieee80211_dynamic_ps_disable_work(struct work_struct *work) 1042void ieee80211_dynamic_ps_disable_work(struct work_struct *work)
1011{ 1043{
1012 struct ieee80211_local *local = 1044 struct ieee80211_local *local =
@@ -1239,7 +1271,7 @@ static u32 ieee80211_handle_bss_capability(struct ieee80211_sub_if_data *sdata,
1239 } 1271 }
1240 1272
1241 use_short_slot = !!(capab & WLAN_CAPABILITY_SHORT_SLOT_TIME); 1273 use_short_slot = !!(capab & WLAN_CAPABILITY_SHORT_SLOT_TIME);
1242 if (sdata->local->hw.conf.channel->band == IEEE80211_BAND_5GHZ) 1274 if (sdata->local->oper_channel->band == IEEE80211_BAND_5GHZ)
1243 use_short_slot = true; 1275 use_short_slot = true;
1244 1276
1245 if (use_protection != bss_conf->use_cts_prot) { 1277 if (use_protection != bss_conf->use_cts_prot) {
@@ -1310,6 +1342,8 @@ static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata,
1310 ieee80211_recalc_smps(local); 1342 ieee80211_recalc_smps(local);
1311 mutex_unlock(&local->iflist_mtx); 1343 mutex_unlock(&local->iflist_mtx);
1312 1344
1345 ieee80211_recalc_ps_vif(sdata);
1346
1313 netif_tx_start_all_queues(sdata->dev); 1347 netif_tx_start_all_queues(sdata->dev);
1314 netif_carrier_on(sdata->dev); 1348 netif_carrier_on(sdata->dev);
1315} 1349}
@@ -1371,6 +1405,9 @@ static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
1371 } 1405 }
1372 local->ps_sdata = NULL; 1406 local->ps_sdata = NULL;
1373 1407
1408 /* disable per-vif ps */
1409 ieee80211_recalc_ps_vif(sdata);
1410
1374 /* flush out any pending frame (e.g. DELBA) before deauth/disassoc */ 1411 /* flush out any pending frame (e.g. DELBA) before deauth/disassoc */
1375 if (tx) 1412 if (tx)
1376 drv_flush(local, false); 1413 drv_flush(local, false);
@@ -1542,7 +1579,8 @@ static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata)
1542 ssid_len = ssid[1]; 1579 ssid_len = ssid[1];
1543 1580
1544 ieee80211_send_probe_req(sdata, dst, ssid + 2, ssid_len, NULL, 1581 ieee80211_send_probe_req(sdata, dst, ssid + 2, ssid_len, NULL,
1545 0, (u32) -1, true, false); 1582 0, (u32) -1, true, false,
1583 ifmgd->associated->channel);
1546 } 1584 }
1547 1585
1548 ifmgd->probe_timeout = jiffies + msecs_to_jiffies(probe_wait_ms); 1586 ifmgd->probe_timeout = jiffies + msecs_to_jiffies(probe_wait_ms);
@@ -1645,7 +1683,9 @@ struct sk_buff *ieee80211_ap_probereq_get(struct ieee80211_hw *hw,
1645 ssid_len = ssid[1]; 1683 ssid_len = ssid[1];
1646 1684
1647 skb = ieee80211_build_probe_req(sdata, cbss->bssid, 1685 skb = ieee80211_build_probe_req(sdata, cbss->bssid,
1648 (u32) -1, ssid + 2, ssid_len, 1686 (u32) -1,
1687 sdata->local->oper_channel,
1688 ssid + 2, ssid_len,
1649 NULL, 0, true); 1689 NULL, 0, true);
1650 1690
1651 return skb; 1691 return skb;
@@ -1656,7 +1696,6 @@ static void __ieee80211_connection_loss(struct ieee80211_sub_if_data *sdata)
1656{ 1696{
1657 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1697 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1658 struct ieee80211_local *local = sdata->local; 1698 struct ieee80211_local *local = sdata->local;
1659 u8 bssid[ETH_ALEN];
1660 u8 frame_buf[DEAUTH_DISASSOC_LEN]; 1699 u8 frame_buf[DEAUTH_DISASSOC_LEN];
1661 1700
1662 mutex_lock(&ifmgd->mtx); 1701 mutex_lock(&ifmgd->mtx);
@@ -1665,9 +1704,8 @@ static void __ieee80211_connection_loss(struct ieee80211_sub_if_data *sdata)
1665 return; 1704 return;
1666 } 1705 }
1667 1706
1668 memcpy(bssid, ifmgd->associated->bssid, ETH_ALEN); 1707 sdata_info(sdata, "Connection to AP %pM lost\n",
1669 1708 ifmgd->associated->bssid);
1670 sdata_info(sdata, "Connection to AP %pM lost\n", bssid);
1671 1709
1672 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 1710 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
1673 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, 1711 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
@@ -1685,7 +1723,7 @@ static void __ieee80211_connection_loss(struct ieee80211_sub_if_data *sdata)
1685 mutex_unlock(&local->mtx); 1723 mutex_unlock(&local->mtx);
1686} 1724}
1687 1725
1688void ieee80211_beacon_connection_loss_work(struct work_struct *work) 1726static void ieee80211_beacon_connection_loss_work(struct work_struct *work)
1689{ 1727{
1690 struct ieee80211_sub_if_data *sdata = 1728 struct ieee80211_sub_if_data *sdata =
1691 container_of(work, struct ieee80211_sub_if_data, 1729 container_of(work, struct ieee80211_sub_if_data,
@@ -2232,14 +2270,10 @@ static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
2232 mutex_unlock(&local->iflist_mtx); 2270 mutex_unlock(&local->iflist_mtx);
2233 } 2271 }
2234 2272
2235 if (elems->ch_switch_elem && (elems->ch_switch_elem_len == 3) && 2273 if (elems->ch_switch_ie &&
2236 (memcmp(mgmt->bssid, sdata->u.mgd.associated->bssid, 2274 memcmp(mgmt->bssid, sdata->u.mgd.associated->bssid, ETH_ALEN) == 0)
2237 ETH_ALEN) == 0)) { 2275 ieee80211_sta_process_chanswitch(sdata, elems->ch_switch_ie,
2238 struct ieee80211_channel_sw_ie *sw_elem =
2239 (struct ieee80211_channel_sw_ie *)elems->ch_switch_elem;
2240 ieee80211_sta_process_chanswitch(sdata, sw_elem,
2241 bss, rx_status->mactime); 2276 bss, rx_status->mactime);
2242 }
2243} 2277}
2244 2278
2245 2279
@@ -2326,7 +2360,7 @@ static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata,
2326 if (baselen > len) 2360 if (baselen > len)
2327 return; 2361 return;
2328 2362
2329 if (rx_status->freq != local->hw.conf.channel->center_freq) 2363 if (rx_status->freq != local->oper_channel->center_freq)
2330 return; 2364 return;
2331 2365
2332 if (ifmgd->assoc_data && !ifmgd->assoc_data->have_beacon && 2366 if (ifmgd->assoc_data && !ifmgd->assoc_data->have_beacon &&
@@ -2490,7 +2524,7 @@ static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata,
2490 !(ifmgd->flags & IEEE80211_STA_DISABLE_11N)) { 2524 !(ifmgd->flags & IEEE80211_STA_DISABLE_11N)) {
2491 struct ieee80211_supported_band *sband; 2525 struct ieee80211_supported_band *sband;
2492 2526
2493 sband = local->hw.wiphy->bands[local->hw.conf.channel->band]; 2527 sband = local->hw.wiphy->bands[local->oper_channel->band];
2494 2528
2495 changed |= ieee80211_config_ht_tx(sdata, elems.ht_operation, 2529 changed |= ieee80211_config_ht_tx(sdata, elems.ht_operation,
2496 bssid, true); 2530 bssid, true);
@@ -2673,7 +2707,8 @@ static int ieee80211_probe_auth(struct ieee80211_sub_if_data *sdata)
2673 * will not answer to direct packet in unassociated state. 2707 * will not answer to direct packet in unassociated state.
2674 */ 2708 */
2675 ieee80211_send_probe_req(sdata, NULL, ssidie + 2, ssidie[1], 2709 ieee80211_send_probe_req(sdata, NULL, ssidie + 2, ssidie[1],
2676 NULL, 0, (u32) -1, true, false); 2710 NULL, 0, (u32) -1, true, false,
2711 auth_data->bss->channel);
2677 } 2712 }
2678 2713
2679 auth_data->timeout = jiffies + IEEE80211_AUTH_TIMEOUT; 2714 auth_data->timeout = jiffies + IEEE80211_AUTH_TIMEOUT;
@@ -3000,41 +3035,17 @@ int ieee80211_max_network_latency(struct notifier_block *nb,
3000 return 0; 3035 return 0;
3001} 3036}
3002 3037
3003static int ieee80211_prep_connection(struct ieee80211_sub_if_data *sdata, 3038static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata,
3004 struct cfg80211_bss *cbss, bool assoc) 3039 struct cfg80211_bss *cbss)
3005{ 3040{
3006 struct ieee80211_local *local = sdata->local; 3041 struct ieee80211_local *local = sdata->local;
3007 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3042 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3008 struct ieee80211_bss *bss = (void *)cbss->priv;
3009 struct sta_info *sta = NULL;
3010 bool have_sta = false;
3011 int err;
3012 int ht_cfreq; 3043 int ht_cfreq;
3013 enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT; 3044 enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT;
3014 const u8 *ht_oper_ie; 3045 const u8 *ht_oper_ie;
3015 const struct ieee80211_ht_operation *ht_oper = NULL; 3046 const struct ieee80211_ht_operation *ht_oper = NULL;
3016 struct ieee80211_supported_band *sband; 3047 struct ieee80211_supported_band *sband;
3017 3048
3018 if (WARN_ON(!ifmgd->auth_data && !ifmgd->assoc_data))
3019 return -EINVAL;
3020
3021 if (assoc) {
3022 rcu_read_lock();
3023 have_sta = sta_info_get(sdata, cbss->bssid);
3024 rcu_read_unlock();
3025 }
3026
3027 if (!have_sta) {
3028 sta = sta_info_alloc(sdata, cbss->bssid, GFP_KERNEL);
3029 if (!sta)
3030 return -ENOMEM;
3031 }
3032
3033 mutex_lock(&local->mtx);
3034 ieee80211_recalc_idle(sdata->local);
3035 mutex_unlock(&local->mtx);
3036
3037 /* switch to the right channel */
3038 sband = local->hw.wiphy->bands[cbss->channel->band]; 3049 sband = local->hw.wiphy->bands[cbss->channel->band];
3039 3050
3040 ifmgd->flags &= ~IEEE80211_STA_DISABLE_40MHZ; 3051 ifmgd->flags &= ~IEEE80211_STA_DISABLE_40MHZ;
@@ -3097,10 +3108,51 @@ static int ieee80211_prep_connection(struct ieee80211_sub_if_data *sdata,
3097 local->oper_channel = cbss->channel; 3108 local->oper_channel = cbss->channel;
3098 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL); 3109 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL);
3099 3110
3100 if (sta) { 3111 return 0;
3112}
3113
3114static int ieee80211_prep_connection(struct ieee80211_sub_if_data *sdata,
3115 struct cfg80211_bss *cbss, bool assoc)
3116{
3117 struct ieee80211_local *local = sdata->local;
3118 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3119 struct ieee80211_bss *bss = (void *)cbss->priv;
3120 struct sta_info *new_sta = NULL;
3121 bool have_sta = false;
3122 int err;
3123
3124 if (WARN_ON(!ifmgd->auth_data && !ifmgd->assoc_data))
3125 return -EINVAL;
3126
3127 if (assoc) {
3128 rcu_read_lock();
3129 have_sta = sta_info_get(sdata, cbss->bssid);
3130 rcu_read_unlock();
3131 }
3132
3133 if (!have_sta) {
3134 new_sta = sta_info_alloc(sdata, cbss->bssid, GFP_KERNEL);
3135 if (!new_sta)
3136 return -ENOMEM;
3137 }
3138
3139 mutex_lock(&local->mtx);
3140 ieee80211_recalc_idle(sdata->local);
3141 mutex_unlock(&local->mtx);
3142
3143 if (new_sta) {
3101 u32 rates = 0, basic_rates = 0; 3144 u32 rates = 0, basic_rates = 0;
3102 bool have_higher_than_11mbit; 3145 bool have_higher_than_11mbit;
3103 int min_rate = INT_MAX, min_rate_index = -1; 3146 int min_rate = INT_MAX, min_rate_index = -1;
3147 struct ieee80211_supported_band *sband;
3148
3149 sband = local->hw.wiphy->bands[cbss->channel->band];
3150
3151 err = ieee80211_prep_channel(sdata, cbss);
3152 if (err) {
3153 sta_info_free(local, new_sta);
3154 return err;
3155 }
3104 3156
3105 ieee80211_get_rates(sband, bss->supp_rates, 3157 ieee80211_get_rates(sband, bss->supp_rates,
3106 bss->supp_rates_len, 3158 bss->supp_rates_len,
@@ -3122,7 +3174,7 @@ static int ieee80211_prep_connection(struct ieee80211_sub_if_data *sdata,
3122 basic_rates = BIT(min_rate_index); 3174 basic_rates = BIT(min_rate_index);
3123 } 3175 }
3124 3176
3125 sta->sta.supp_rates[cbss->channel->band] = rates; 3177 new_sta->sta.supp_rates[cbss->channel->band] = rates;
3126 sdata->vif.bss_conf.basic_rates = basic_rates; 3178 sdata->vif.bss_conf.basic_rates = basic_rates;
3127 3179
3128 /* cf. IEEE 802.11 9.2.12 */ 3180 /* cf. IEEE 802.11 9.2.12 */
@@ -3145,10 +3197,10 @@ static int ieee80211_prep_connection(struct ieee80211_sub_if_data *sdata,
3145 BSS_CHANGED_BEACON_INT); 3197 BSS_CHANGED_BEACON_INT);
3146 3198
3147 if (assoc) 3199 if (assoc)
3148 sta_info_pre_move_state(sta, IEEE80211_STA_AUTH); 3200 sta_info_pre_move_state(new_sta, IEEE80211_STA_AUTH);
3149 3201
3150 err = sta_info_insert(sta); 3202 err = sta_info_insert(new_sta);
3151 sta = NULL; 3203 new_sta = NULL;
3152 if (err) { 3204 if (err) {
3153 sdata_info(sdata, 3205 sdata_info(sdata,
3154 "failed to insert STA entry for the AP (error %d)\n", 3206 "failed to insert STA entry for the AP (error %d)\n",
@@ -3300,9 +3352,13 @@ int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata,
3300 } 3352 }
3301 3353
3302 /* prepare assoc data */ 3354 /* prepare assoc data */
3303 3355
3304 ifmgd->flags &= ~IEEE80211_STA_DISABLE_11N; 3356 /*
3305 ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED; 3357 * keep only the 40 MHz disable bit set as it might have
3358 * been set during authentication already, all other bits
3359 * should be reset for a new connection
3360 */
3361 ifmgd->flags &= IEEE80211_STA_DISABLE_40MHZ;
3306 3362
3307 ifmgd->beacon_crc_valid = false; 3363 ifmgd->beacon_crc_valid = false;
3308 3364
@@ -3318,21 +3374,34 @@ int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata,
3318 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_TKIP || 3374 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_TKIP ||
3319 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP104) { 3375 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP104) {
3320 ifmgd->flags |= IEEE80211_STA_DISABLE_11N; 3376 ifmgd->flags |= IEEE80211_STA_DISABLE_11N;
3377 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
3321 netdev_info(sdata->dev, 3378 netdev_info(sdata->dev,
3322 "disabling HT due to WEP/TKIP use\n"); 3379 "disabling HT/VHT due to WEP/TKIP use\n");
3323 } 3380 }
3324 } 3381 }
3325 3382
3326 if (req->flags & ASSOC_REQ_DISABLE_HT) 3383 if (req->flags & ASSOC_REQ_DISABLE_HT) {
3327 ifmgd->flags |= IEEE80211_STA_DISABLE_11N; 3384 ifmgd->flags |= IEEE80211_STA_DISABLE_11N;
3385 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
3386 }
3328 3387
3329 /* Also disable HT if we don't support it or the AP doesn't use WMM */ 3388 /* Also disable HT if we don't support it or the AP doesn't use WMM */
3330 sband = local->hw.wiphy->bands[req->bss->channel->band]; 3389 sband = local->hw.wiphy->bands[req->bss->channel->band];
3331 if (!sband->ht_cap.ht_supported || 3390 if (!sband->ht_cap.ht_supported ||
3332 local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used) { 3391 local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used) {
3333 ifmgd->flags |= IEEE80211_STA_DISABLE_11N; 3392 ifmgd->flags |= IEEE80211_STA_DISABLE_11N;
3334 netdev_info(sdata->dev, 3393 if (!bss->wmm_used)
3335 "disabling HT as WMM/QoS is not supported\n"); 3394 netdev_info(sdata->dev,
3395 "disabling HT as WMM/QoS is not supported by the AP\n");
3396 }
3397
3398 /* disable VHT if we don't support it or the AP doesn't use WMM */
3399 if (!sband->vht_cap.vht_supported ||
3400 local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used) {
3401 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
3402 if (!bss->wmm_used)
3403 netdev_info(sdata->dev,
3404 "disabling VHT as WMM/QoS is not supported by the AP\n");
3336 } 3405 }
3337 3406
3338 memcpy(&ifmgd->ht_capa, &req->ht_capa, sizeof(ifmgd->ht_capa)); 3407 memcpy(&ifmgd->ht_capa, &req->ht_capa, sizeof(ifmgd->ht_capa));
@@ -3467,14 +3536,17 @@ int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,
3467 req->bssid, req->reason_code); 3536 req->bssid, req->reason_code);
3468 3537
3469 if (ifmgd->associated && 3538 if (ifmgd->associated &&
3470 ether_addr_equal(ifmgd->associated->bssid, req->bssid)) 3539 ether_addr_equal(ifmgd->associated->bssid, req->bssid)) {
3471 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 3540 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
3472 req->reason_code, true, frame_buf); 3541 req->reason_code, true, frame_buf);
3473 else 3542 } else {
3543 drv_mgd_prepare_tx(sdata->local, sdata);
3474 ieee80211_send_deauth_disassoc(sdata, req->bssid, 3544 ieee80211_send_deauth_disassoc(sdata, req->bssid,
3475 IEEE80211_STYPE_DEAUTH, 3545 IEEE80211_STYPE_DEAUTH,
3476 req->reason_code, true, 3546 req->reason_code, true,
3477 frame_buf); 3547 frame_buf);
3548 }
3549
3478 mutex_unlock(&ifmgd->mtx); 3550 mutex_unlock(&ifmgd->mtx);
3479 3551
3480 __cfg80211_send_deauth(sdata->dev, frame_buf, DEAUTH_DISASSOC_LEN); 3552 __cfg80211_send_deauth(sdata->dev, frame_buf, DEAUTH_DISASSOC_LEN);
diff --git a/net/mac80211/offchannel.c b/net/mac80211/offchannel.c
index 635c3250c668..507121dad082 100644
--- a/net/mac80211/offchannel.c
+++ b/net/mac80211/offchannel.c
@@ -116,6 +116,9 @@ void ieee80211_offchannel_stop_vifs(struct ieee80211_local *local,
116 if (!ieee80211_sdata_running(sdata)) 116 if (!ieee80211_sdata_running(sdata))
117 continue; 117 continue;
118 118
119 if (sdata->vif.type == NL80211_IFTYPE_P2P_DEVICE)
120 continue;
121
119 if (sdata->vif.type != NL80211_IFTYPE_MONITOR) 122 if (sdata->vif.type != NL80211_IFTYPE_MONITOR)
120 set_bit(SDATA_STATE_OFFCHANNEL, &sdata->state); 123 set_bit(SDATA_STATE_OFFCHANNEL, &sdata->state);
121 124
@@ -144,6 +147,9 @@ void ieee80211_offchannel_return(struct ieee80211_local *local,
144 147
145 mutex_lock(&local->iflist_mtx); 148 mutex_lock(&local->iflist_mtx);
146 list_for_each_entry(sdata, &local->interfaces, list) { 149 list_for_each_entry(sdata, &local->interfaces, list) {
150 if (sdata->vif.type == NL80211_IFTYPE_P2P_DEVICE)
151 continue;
152
147 if (sdata->vif.type != NL80211_IFTYPE_MONITOR) 153 if (sdata->vif.type != NL80211_IFTYPE_MONITOR)
148 clear_bit(SDATA_STATE_OFFCHANNEL, &sdata->state); 154 clear_bit(SDATA_STATE_OFFCHANNEL, &sdata->state);
149 155
diff --git a/net/mac80211/rate.h b/net/mac80211/rate.h
index 6e4fd32c6617..10de668eb9f6 100644
--- a/net/mac80211/rate.h
+++ b/net/mac80211/rate.h
@@ -56,7 +56,7 @@ static inline void rate_control_rate_init(struct sta_info *sta)
56 if (!ref) 56 if (!ref)
57 return; 57 return;
58 58
59 sband = local->hw.wiphy->bands[local->hw.conf.channel->band]; 59 sband = local->hw.wiphy->bands[local->oper_channel->band];
60 60
61 ref->ops->rate_init(ref->priv, sband, ista, priv_sta); 61 ref->ops->rate_init(ref->priv, sband, ista, priv_sta);
62 set_sta_flag(sta, WLAN_STA_RATE_CONTROL); 62 set_sta_flag(sta, WLAN_STA_RATE_CONTROL);
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 0cb4edee6af5..b382605c5733 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -60,7 +60,9 @@ static inline int should_drop_frame(struct sk_buff *skb,
60 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); 60 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
61 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; 61 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
62 62
63 if (status->flag & (RX_FLAG_FAILED_FCS_CRC | RX_FLAG_FAILED_PLCP_CRC)) 63 if (status->flag & (RX_FLAG_FAILED_FCS_CRC |
64 RX_FLAG_FAILED_PLCP_CRC |
65 RX_FLAG_AMPDU_IS_ZEROLEN))
64 return 1; 66 return 1;
65 if (unlikely(skb->len < 16 + present_fcs_len)) 67 if (unlikely(skb->len < 16 + present_fcs_len))
66 return 1; 68 return 1;
@@ -91,6 +93,13 @@ ieee80211_rx_radiotap_len(struct ieee80211_local *local,
91 if (status->flag & RX_FLAG_HT) /* HT info */ 93 if (status->flag & RX_FLAG_HT) /* HT info */
92 len += 3; 94 len += 3;
93 95
96 if (status->flag & RX_FLAG_AMPDU_DETAILS) {
97 /* padding */
98 while (len & 3)
99 len++;
100 len += 8;
101 }
102
94 return len; 103 return len;
95} 104}
96 105
@@ -215,6 +224,37 @@ ieee80211_add_rx_radiotap_header(struct ieee80211_local *local,
215 pos++; 224 pos++;
216 *pos++ = status->rate_idx; 225 *pos++ = status->rate_idx;
217 } 226 }
227
228 if (status->flag & RX_FLAG_AMPDU_DETAILS) {
229 u16 flags = 0;
230
231 /* ensure 4 byte alignment */
232 while ((pos - (u8 *)rthdr) & 3)
233 pos++;
234 rthdr->it_present |=
235 cpu_to_le32(1 << IEEE80211_RADIOTAP_AMPDU_STATUS);
236 put_unaligned_le32(status->ampdu_reference, pos);
237 pos += 4;
238 if (status->flag & RX_FLAG_AMPDU_REPORT_ZEROLEN)
239 flags |= IEEE80211_RADIOTAP_AMPDU_REPORT_ZEROLEN;
240 if (status->flag & RX_FLAG_AMPDU_IS_ZEROLEN)
241 flags |= IEEE80211_RADIOTAP_AMPDU_IS_ZEROLEN;
242 if (status->flag & RX_FLAG_AMPDU_LAST_KNOWN)
243 flags |= IEEE80211_RADIOTAP_AMPDU_LAST_KNOWN;
244 if (status->flag & RX_FLAG_AMPDU_IS_LAST)
245 flags |= IEEE80211_RADIOTAP_AMPDU_IS_LAST;
246 if (status->flag & RX_FLAG_AMPDU_DELIM_CRC_ERROR)
247 flags |= IEEE80211_RADIOTAP_AMPDU_DELIM_CRC_ERR;
248 if (status->flag & RX_FLAG_AMPDU_DELIM_CRC_KNOWN)
249 flags |= IEEE80211_RADIOTAP_AMPDU_DELIM_CRC_KNOWN;
250 put_unaligned_le16(flags, pos);
251 pos += 2;
252 if (status->flag & RX_FLAG_AMPDU_DELIM_CRC_KNOWN)
253 *pos++ = status->ampdu_delimiter_crc;
254 else
255 *pos++ = 0;
256 *pos++ = 0;
257 }
218} 258}
219 259
220/* 260/*
@@ -2268,7 +2308,7 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
2268 2308
2269 goto queue; 2309 goto queue;
2270 case WLAN_CATEGORY_SPECTRUM_MGMT: 2310 case WLAN_CATEGORY_SPECTRUM_MGMT:
2271 if (local->hw.conf.channel->band != IEEE80211_BAND_5GHZ) 2311 if (status->band != IEEE80211_BAND_5GHZ)
2272 break; 2312 break;
2273 2313
2274 if (sdata->vif.type != NL80211_IFTYPE_STATION) 2314 if (sdata->vif.type != NL80211_IFTYPE_STATION)
@@ -2772,8 +2812,7 @@ static int prepare_for_handlers(struct ieee80211_rx_data *rx,
2772 if (!bssid) { 2812 if (!bssid) {
2773 if (!ether_addr_equal(sdata->vif.addr, hdr->addr1)) 2813 if (!ether_addr_equal(sdata->vif.addr, hdr->addr1))
2774 return 0; 2814 return 0;
2775 } else if (!ieee80211_bssid_match(bssid, 2815 } else if (!ieee80211_bssid_match(bssid, sdata->vif.addr)) {
2776 sdata->vif.addr)) {
2777 /* 2816 /*
2778 * Accept public action frames even when the 2817 * Accept public action frames even when the
2779 * BSSID doesn't match, this is used for P2P 2818 * BSSID doesn't match, this is used for P2P
@@ -2793,9 +2832,18 @@ static int prepare_for_handlers(struct ieee80211_rx_data *rx,
2793 if (!ether_addr_equal(sdata->u.wds.remote_addr, hdr->addr2)) 2832 if (!ether_addr_equal(sdata->u.wds.remote_addr, hdr->addr2))
2794 return 0; 2833 return 0;
2795 break; 2834 break;
2835 case NL80211_IFTYPE_P2P_DEVICE:
2836 if (!ieee80211_is_public_action(hdr, skb->len) &&
2837 !ieee80211_is_probe_req(hdr->frame_control) &&
2838 !ieee80211_is_probe_resp(hdr->frame_control) &&
2839 !ieee80211_is_beacon(hdr->frame_control))
2840 return 0;
2841 if (!ether_addr_equal(sdata->vif.addr, hdr->addr1))
2842 status->rx_flags &= ~IEEE80211_RX_RA_MATCH;
2843 break;
2796 default: 2844 default:
2797 /* should never get here */ 2845 /* should never get here */
2798 WARN_ON(1); 2846 WARN_ON_ONCE(1);
2799 break; 2847 break;
2800 } 2848 }
2801 2849
diff --git a/net/mac80211/scan.c b/net/mac80211/scan.c
index 839dd9737989..740e414d44f4 100644
--- a/net/mac80211/scan.c
+++ b/net/mac80211/scan.c
@@ -416,7 +416,8 @@ static void ieee80211_scan_state_send_probe(struct ieee80211_local *local,
416 local->scan_req->ssids[i].ssid_len, 416 local->scan_req->ssids[i].ssid_len,
417 local->scan_req->ie, local->scan_req->ie_len, 417 local->scan_req->ie, local->scan_req->ie_len,
418 local->scan_req->rates[band], false, 418 local->scan_req->rates[band], false,
419 local->scan_req->no_cck); 419 local->scan_req->no_cck,
420 local->hw.conf.channel);
420 421
421 /* 422 /*
422 * After sending probe requests, wait for probe responses 423 * After sending probe requests, wait for probe responses
@@ -479,11 +480,10 @@ static int __ieee80211_start_scan(struct ieee80211_sub_if_data *sdata,
479 if (local->ops->hw_scan) { 480 if (local->ops->hw_scan) {
480 __set_bit(SCAN_HW_SCANNING, &local->scanning); 481 __set_bit(SCAN_HW_SCANNING, &local->scanning);
481 } else if ((req->n_channels == 1) && 482 } else if ((req->n_channels == 1) &&
482 (req->channels[0]->center_freq == 483 (req->channels[0] == local->oper_channel)) {
483 local->hw.conf.channel->center_freq)) { 484 /*
484 485 * If we are scanning only on the operating channel
485 /* If we are scanning only on the current channel, then 486 * then we do not need to stop normal activities
486 * we do not need to stop normal activities
487 */ 487 */
488 unsigned long next_delay; 488 unsigned long next_delay;
489 489
diff --git a/net/mac80211/status.c b/net/mac80211/status.c
index 8cd72914cdaf..b0801b7d572d 100644
--- a/net/mac80211/status.c
+++ b/net/mac80211/status.c
@@ -519,19 +519,27 @@ void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb)
519 u64 cookie = (unsigned long)skb; 519 u64 cookie = (unsigned long)skb;
520 acked = info->flags & IEEE80211_TX_STAT_ACK; 520 acked = info->flags & IEEE80211_TX_STAT_ACK;
521 521
522 /*
523 * TODO: When we have non-netdev frame TX,
524 * we cannot use skb->dev->ieee80211_ptr
525 */
526
527 if (ieee80211_is_nullfunc(hdr->frame_control) || 522 if (ieee80211_is_nullfunc(hdr->frame_control) ||
528 ieee80211_is_qos_nullfunc(hdr->frame_control)) 523 ieee80211_is_qos_nullfunc(hdr->frame_control)) {
529 cfg80211_probe_status(skb->dev, hdr->addr1, 524 cfg80211_probe_status(skb->dev, hdr->addr1,
530 cookie, acked, GFP_ATOMIC); 525 cookie, acked, GFP_ATOMIC);
531 else 526 } else if (skb->dev) {
532 cfg80211_mgmt_tx_status( 527 cfg80211_mgmt_tx_status(
533 skb->dev->ieee80211_ptr, cookie, skb->data, 528 skb->dev->ieee80211_ptr, cookie, skb->data,
534 skb->len, acked, GFP_ATOMIC); 529 skb->len, acked, GFP_ATOMIC);
530 } else {
531 struct ieee80211_sub_if_data *p2p_sdata;
532
533 rcu_read_lock();
534
535 p2p_sdata = rcu_dereference(local->p2p_sdata);
536 if (p2p_sdata) {
537 cfg80211_mgmt_tx_status(
538 &p2p_sdata->wdev, cookie, skb->data,
539 skb->len, acked, GFP_ATOMIC);
540 }
541 rcu_read_unlock();
542 }
535 } 543 }
536 544
537 if (unlikely(info->ack_frame_id)) { 545 if (unlikely(info->ack_frame_id)) {
diff --git a/net/mac80211/trace.h b/net/mac80211/trace.h
index c6d33b55b2df..18d9c8a52e9e 100644
--- a/net/mac80211/trace.h
+++ b/net/mac80211/trace.h
@@ -24,7 +24,7 @@
24 __string(vif_name, sdata->dev ? sdata->dev->name : "<nodev>") 24 __string(vif_name, sdata->dev ? sdata->dev->name : "<nodev>")
25#define VIF_ASSIGN __entry->vif_type = sdata->vif.type; __entry->sdata = sdata; \ 25#define VIF_ASSIGN __entry->vif_type = sdata->vif.type; __entry->sdata = sdata; \
26 __entry->p2p = sdata->vif.p2p; \ 26 __entry->p2p = sdata->vif.p2p; \
27 __assign_str(vif_name, sdata->dev ? sdata->dev->name : "<nodev>") 27 __assign_str(vif_name, sdata->dev ? sdata->dev->name : sdata->name)
28#define VIF_PR_FMT " vif:%s(%d%s)" 28#define VIF_PR_FMT " vif:%s(%d%s)"
29#define VIF_PR_ARG __get_str(vif_name), __entry->vif_type, __entry->p2p ? "/p2p" : "" 29#define VIF_PR_ARG __get_str(vif_name), __entry->vif_type, __entry->p2p ? "/p2p" : ""
30 30
@@ -274,9 +274,12 @@ TRACE_EVENT(drv_config,
274 __entry->dynamic_ps_timeout = local->hw.conf.dynamic_ps_timeout; 274 __entry->dynamic_ps_timeout = local->hw.conf.dynamic_ps_timeout;
275 __entry->max_sleep_period = local->hw.conf.max_sleep_period; 275 __entry->max_sleep_period = local->hw.conf.max_sleep_period;
276 __entry->listen_interval = local->hw.conf.listen_interval; 276 __entry->listen_interval = local->hw.conf.listen_interval;
277 __entry->long_frame_max_tx_count = local->hw.conf.long_frame_max_tx_count; 277 __entry->long_frame_max_tx_count =
278 __entry->short_frame_max_tx_count = local->hw.conf.short_frame_max_tx_count; 278 local->hw.conf.long_frame_max_tx_count;
279 __entry->center_freq = local->hw.conf.channel->center_freq; 279 __entry->short_frame_max_tx_count =
280 local->hw.conf.short_frame_max_tx_count;
281 __entry->center_freq = local->hw.conf.channel ?
282 local->hw.conf.channel->center_freq : 0;
280 __entry->channel_type = local->hw.conf.channel_type; 283 __entry->channel_type = local->hw.conf.channel_type;
281 __entry->smps = local->hw.conf.smps_mode; 284 __entry->smps = local->hw.conf.smps_mode;
282 ), 285 ),
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index acf712ffb5e6..29eb4e678235 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -55,7 +55,7 @@ static __le16 ieee80211_duration(struct ieee80211_tx_data *tx,
55 if (WARN_ON_ONCE(info->control.rates[0].idx < 0)) 55 if (WARN_ON_ONCE(info->control.rates[0].idx < 0))
56 return 0; 56 return 0;
57 57
58 sband = local->hw.wiphy->bands[tx->channel->band]; 58 sband = local->hw.wiphy->bands[info->band];
59 txrate = &sband->bitrates[info->control.rates[0].idx]; 59 txrate = &sband->bitrates[info->control.rates[0].idx];
60 60
61 erp = txrate->flags & IEEE80211_RATE_ERP_G; 61 erp = txrate->flags & IEEE80211_RATE_ERP_G;
@@ -615,7 +615,7 @@ ieee80211_tx_h_rate_ctrl(struct ieee80211_tx_data *tx)
615 615
616 memset(&txrc, 0, sizeof(txrc)); 616 memset(&txrc, 0, sizeof(txrc));
617 617
618 sband = tx->local->hw.wiphy->bands[tx->channel->band]; 618 sband = tx->local->hw.wiphy->bands[info->band];
619 619
620 len = min_t(u32, tx->skb->len + FCS_LEN, 620 len = min_t(u32, tx->skb->len + FCS_LEN,
621 tx->local->hw.wiphy->frag_threshold); 621 tx->local->hw.wiphy->frag_threshold);
@@ -626,13 +626,13 @@ ieee80211_tx_h_rate_ctrl(struct ieee80211_tx_data *tx)
626 txrc.bss_conf = &tx->sdata->vif.bss_conf; 626 txrc.bss_conf = &tx->sdata->vif.bss_conf;
627 txrc.skb = tx->skb; 627 txrc.skb = tx->skb;
628 txrc.reported_rate.idx = -1; 628 txrc.reported_rate.idx = -1;
629 txrc.rate_idx_mask = tx->sdata->rc_rateidx_mask[tx->channel->band]; 629 txrc.rate_idx_mask = tx->sdata->rc_rateidx_mask[info->band];
630 if (txrc.rate_idx_mask == (1 << sband->n_bitrates) - 1) 630 if (txrc.rate_idx_mask == (1 << sband->n_bitrates) - 1)
631 txrc.max_rate_idx = -1; 631 txrc.max_rate_idx = -1;
632 else 632 else
633 txrc.max_rate_idx = fls(txrc.rate_idx_mask) - 1; 633 txrc.max_rate_idx = fls(txrc.rate_idx_mask) - 1;
634 memcpy(txrc.rate_idx_mcs_mask, 634 memcpy(txrc.rate_idx_mcs_mask,
635 tx->sdata->rc_rateidx_mcs_mask[tx->channel->band], 635 tx->sdata->rc_rateidx_mcs_mask[info->band],
636 sizeof(txrc.rate_idx_mcs_mask)); 636 sizeof(txrc.rate_idx_mcs_mask));
637 txrc.bss = (tx->sdata->vif.type == NL80211_IFTYPE_AP || 637 txrc.bss = (tx->sdata->vif.type == NL80211_IFTYPE_AP ||
638 tx->sdata->vif.type == NL80211_IFTYPE_MESH_POINT || 638 tx->sdata->vif.type == NL80211_IFTYPE_MESH_POINT ||
@@ -667,7 +667,7 @@ ieee80211_tx_h_rate_ctrl(struct ieee80211_tx_data *tx)
667 "scanning and associated. Target station: " 667 "scanning and associated. Target station: "
668 "%pM on %d GHz band\n", 668 "%pM on %d GHz band\n",
669 tx->sdata->name, hdr->addr1, 669 tx->sdata->name, hdr->addr1,
670 tx->channel->band ? 5 : 2)) 670 info->band ? 5 : 2))
671 return TX_DROP; 671 return TX_DROP;
672 672
673 /* 673 /*
@@ -1131,7 +1131,6 @@ ieee80211_tx_prepare(struct ieee80211_sub_if_data *sdata,
1131 tx->skb = skb; 1131 tx->skb = skb;
1132 tx->local = local; 1132 tx->local = local;
1133 tx->sdata = sdata; 1133 tx->sdata = sdata;
1134 tx->channel = local->hw.conf.channel;
1135 __skb_queue_head_init(&tx->skbs); 1134 __skb_queue_head_init(&tx->skbs);
1136 1135
1137 /* 1136 /*
@@ -1204,6 +1203,7 @@ static bool ieee80211_tx_frags(struct ieee80211_local *local,
1204 struct sk_buff_head *skbs, 1203 struct sk_buff_head *skbs,
1205 bool txpending) 1204 bool txpending)
1206{ 1205{
1206 struct ieee80211_tx_control control;
1207 struct sk_buff *skb, *tmp; 1207 struct sk_buff *skb, *tmp;
1208 unsigned long flags; 1208 unsigned long flags;
1209 1209
@@ -1240,10 +1240,10 @@ static bool ieee80211_tx_frags(struct ieee80211_local *local,
1240 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); 1240 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
1241 1241
1242 info->control.vif = vif; 1242 info->control.vif = vif;
1243 info->control.sta = sta; 1243 control.sta = sta;
1244 1244
1245 __skb_unlink(skb, skbs); 1245 __skb_unlink(skb, skbs);
1246 drv_tx(local, skb); 1246 drv_tx(local, &control, skb);
1247 } 1247 }
1248 1248
1249 return true; 1249 return true;
@@ -1399,8 +1399,7 @@ static bool ieee80211_tx(struct ieee80211_sub_if_data *sdata,
1399 goto out; 1399 goto out;
1400 } 1400 }
1401 1401
1402 tx.channel = local->hw.conf.channel; 1402 info->band = local->hw.conf.channel->band;
1403 info->band = tx.channel->band;
1404 1403
1405 /* set up hw_queue value early */ 1404 /* set up hw_queue value early */
1406 if (!(info->flags & IEEE80211_TX_CTL_TX_OFFCHAN) || 1405 if (!(info->flags & IEEE80211_TX_CTL_TX_OFFCHAN) ||
@@ -1720,7 +1719,7 @@ netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb,
1720 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1719 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1721 struct ieee80211_local *local = sdata->local; 1720 struct ieee80211_local *local = sdata->local;
1722 struct ieee80211_tx_info *info; 1721 struct ieee80211_tx_info *info;
1723 int ret = NETDEV_TX_BUSY, head_need; 1722 int head_need;
1724 u16 ethertype, hdrlen, meshhdrlen = 0; 1723 u16 ethertype, hdrlen, meshhdrlen = 0;
1725 __le16 fc; 1724 __le16 fc;
1726 struct ieee80211_hdr hdr; 1725 struct ieee80211_hdr hdr;
@@ -1736,10 +1735,8 @@ netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb,
1736 u32 info_flags = 0; 1735 u32 info_flags = 0;
1737 u16 info_id = 0; 1736 u16 info_id = 0;
1738 1737
1739 if (unlikely(skb->len < ETH_HLEN)) { 1738 if (unlikely(skb->len < ETH_HLEN))
1740 ret = NETDEV_TX_OK;
1741 goto fail; 1739 goto fail;
1742 }
1743 1740
1744 /* convert Ethernet header to proper 802.11 header (based on 1741 /* convert Ethernet header to proper 802.11 header (based on
1745 * operation mode) */ 1742 * operation mode) */
@@ -1787,7 +1784,6 @@ netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb,
1787 if (!sdata->u.mesh.mshcfg.dot11MeshTTL) { 1784 if (!sdata->u.mesh.mshcfg.dot11MeshTTL) {
1788 /* Do not send frames with mesh_ttl == 0 */ 1785 /* Do not send frames with mesh_ttl == 0 */
1789 sdata->u.mesh.mshstats.dropped_frames_ttl++; 1786 sdata->u.mesh.mshstats.dropped_frames_ttl++;
1790 ret = NETDEV_TX_OK;
1791 goto fail; 1787 goto fail;
1792 } 1788 }
1793 rcu_read_lock(); 1789 rcu_read_lock();
@@ -1811,37 +1807,31 @@ netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb,
1811 meshhdrlen = ieee80211_new_mesh_header(&mesh_hdr, 1807 meshhdrlen = ieee80211_new_mesh_header(&mesh_hdr,
1812 sdata, NULL, NULL); 1808 sdata, NULL, NULL);
1813 } else { 1809 } else {
1814 int is_mesh_mcast = 1; 1810 /* DS -> MBSS (802.11-2012 13.11.3.3).
1815 const u8 *mesh_da; 1811 * For unicast with unknown forwarding information,
1812 * destination might be in the MBSS or if that fails
1813 * forwarded to another mesh gate. In either case
1814 * resolution will be handled in ieee80211_xmit(), so
1815 * leave the original DA. This also works for mcast */
1816 const u8 *mesh_da = skb->data;
1817
1818 if (mppath)
1819 mesh_da = mppath->mpp;
1820 else if (mpath)
1821 mesh_da = mpath->dst;
1822 rcu_read_unlock();
1816 1823
1817 if (is_multicast_ether_addr(skb->data))
1818 /* DA TA mSA AE:SA */
1819 mesh_da = skb->data;
1820 else {
1821 static const u8 bcast[ETH_ALEN] =
1822 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
1823 if (mppath) {
1824 /* RA TA mDA mSA AE:DA SA */
1825 mesh_da = mppath->mpp;
1826 is_mesh_mcast = 0;
1827 } else if (mpath) {
1828 mesh_da = mpath->dst;
1829 is_mesh_mcast = 0;
1830 } else {
1831 /* DA TA mSA AE:SA */
1832 mesh_da = bcast;
1833 }
1834 }
1835 hdrlen = ieee80211_fill_mesh_addresses(&hdr, &fc, 1824 hdrlen = ieee80211_fill_mesh_addresses(&hdr, &fc,
1836 mesh_da, sdata->vif.addr); 1825 mesh_da, sdata->vif.addr);
1837 rcu_read_unlock(); 1826 if (is_multicast_ether_addr(mesh_da))
1838 if (is_mesh_mcast) 1827 /* DA TA mSA AE:SA */
1839 meshhdrlen = 1828 meshhdrlen =
1840 ieee80211_new_mesh_header(&mesh_hdr, 1829 ieee80211_new_mesh_header(&mesh_hdr,
1841 sdata, 1830 sdata,
1842 skb->data + ETH_ALEN, 1831 skb->data + ETH_ALEN,
1843 NULL); 1832 NULL);
1844 else 1833 else
1834 /* RA TA mDA mSA AE:DA SA */
1845 meshhdrlen = 1835 meshhdrlen =
1846 ieee80211_new_mesh_header(&mesh_hdr, 1836 ieee80211_new_mesh_header(&mesh_hdr,
1847 sdata, 1837 sdata,
@@ -1880,10 +1870,8 @@ netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb,
1880 1870
1881 if (tdls_direct) { 1871 if (tdls_direct) {
1882 /* link during setup - throw out frames to peer */ 1872 /* link during setup - throw out frames to peer */
1883 if (!tdls_auth) { 1873 if (!tdls_auth)
1884 ret = NETDEV_TX_OK;
1885 goto fail; 1874 goto fail;
1886 }
1887 1875
1888 /* DA SA BSSID */ 1876 /* DA SA BSSID */
1889 memcpy(hdr.addr1, skb->data, ETH_ALEN); 1877 memcpy(hdr.addr1, skb->data, ETH_ALEN);
@@ -1917,7 +1905,6 @@ netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb,
1917 hdrlen = 24; 1905 hdrlen = 24;
1918 break; 1906 break;
1919 default: 1907 default:
1920 ret = NETDEV_TX_OK;
1921 goto fail; 1908 goto fail;
1922 } 1909 }
1923 1910
@@ -1962,7 +1949,6 @@ netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb,
1962 1949
1963 I802_DEBUG_INC(local->tx_handlers_drop_unauth_port); 1950 I802_DEBUG_INC(local->tx_handlers_drop_unauth_port);
1964 1951
1965 ret = NETDEV_TX_OK;
1966 goto fail; 1952 goto fail;
1967 } 1953 }
1968 1954
@@ -2017,10 +2003,8 @@ netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb,
2017 skb = skb_clone(skb, GFP_ATOMIC); 2003 skb = skb_clone(skb, GFP_ATOMIC);
2018 kfree_skb(tmp_skb); 2004 kfree_skb(tmp_skb);
2019 2005
2020 if (!skb) { 2006 if (!skb)
2021 ret = NETDEV_TX_OK;
2022 goto fail; 2007 goto fail;
2023 }
2024 } 2008 }
2025 2009
2026 hdr.frame_control = fc; 2010 hdr.frame_control = fc;
@@ -2123,10 +2107,8 @@ netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb,
2123 return NETDEV_TX_OK; 2107 return NETDEV_TX_OK;
2124 2108
2125 fail: 2109 fail:
2126 if (ret == NETDEV_TX_OK) 2110 dev_kfree_skb(skb);
2127 dev_kfree_skb(skb); 2111 return NETDEV_TX_OK;
2128
2129 return ret;
2130} 2112}
2131 2113
2132 2114
@@ -2301,12 +2283,9 @@ struct sk_buff *ieee80211_beacon_get_tim(struct ieee80211_hw *hw,
2301 struct ieee80211_sub_if_data *sdata = NULL; 2283 struct ieee80211_sub_if_data *sdata = NULL;
2302 struct ieee80211_if_ap *ap = NULL; 2284 struct ieee80211_if_ap *ap = NULL;
2303 struct beacon_data *beacon; 2285 struct beacon_data *beacon;
2304 struct ieee80211_supported_band *sband; 2286 enum ieee80211_band band = local->oper_channel->band;
2305 enum ieee80211_band band = local->hw.conf.channel->band;
2306 struct ieee80211_tx_rate_control txrc; 2287 struct ieee80211_tx_rate_control txrc;
2307 2288
2308 sband = local->hw.wiphy->bands[band];
2309
2310 rcu_read_lock(); 2289 rcu_read_lock();
2311 2290
2312 sdata = vif_to_sdata(vif); 2291 sdata = vif_to_sdata(vif);
@@ -2416,7 +2395,7 @@ struct sk_buff *ieee80211_beacon_get_tim(struct ieee80211_hw *hw,
2416 memset(mgmt, 0, hdr_len); 2395 memset(mgmt, 0, hdr_len);
2417 mgmt->frame_control = 2396 mgmt->frame_control =
2418 cpu_to_le16(IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_BEACON); 2397 cpu_to_le16(IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_BEACON);
2419 memset(mgmt->da, 0xff, ETH_ALEN); 2398 eth_broadcast_addr(mgmt->da);
2420 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 2399 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
2421 memcpy(mgmt->bssid, sdata->vif.addr, ETH_ALEN); 2400 memcpy(mgmt->bssid, sdata->vif.addr, ETH_ALEN);
2422 mgmt->u.beacon.beacon_int = 2401 mgmt->u.beacon.beacon_int =
@@ -2428,9 +2407,9 @@ struct sk_buff *ieee80211_beacon_get_tim(struct ieee80211_hw *hw,
2428 *pos++ = WLAN_EID_SSID; 2407 *pos++ = WLAN_EID_SSID;
2429 *pos++ = 0x0; 2408 *pos++ = 0x0;
2430 2409
2431 if (ieee80211_add_srates_ie(sdata, skb, true) || 2410 if (ieee80211_add_srates_ie(sdata, skb, true, band) ||
2432 mesh_add_ds_params_ie(skb, sdata) || 2411 mesh_add_ds_params_ie(skb, sdata) ||
2433 ieee80211_add_ext_srates_ie(sdata, skb, true) || 2412 ieee80211_add_ext_srates_ie(sdata, skb, true, band) ||
2434 mesh_add_rsn_ie(skb, sdata) || 2413 mesh_add_rsn_ie(skb, sdata) ||
2435 mesh_add_ht_cap_ie(skb, sdata) || 2414 mesh_add_ht_cap_ie(skb, sdata) ||
2436 mesh_add_ht_oper_ie(skb, sdata) || 2415 mesh_add_ht_oper_ie(skb, sdata) ||
@@ -2453,12 +2432,12 @@ struct sk_buff *ieee80211_beacon_get_tim(struct ieee80211_hw *hw,
2453 2432
2454 memset(&txrc, 0, sizeof(txrc)); 2433 memset(&txrc, 0, sizeof(txrc));
2455 txrc.hw = hw; 2434 txrc.hw = hw;
2456 txrc.sband = sband; 2435 txrc.sband = local->hw.wiphy->bands[band];
2457 txrc.bss_conf = &sdata->vif.bss_conf; 2436 txrc.bss_conf = &sdata->vif.bss_conf;
2458 txrc.skb = skb; 2437 txrc.skb = skb;
2459 txrc.reported_rate.idx = -1; 2438 txrc.reported_rate.idx = -1;
2460 txrc.rate_idx_mask = sdata->rc_rateidx_mask[band]; 2439 txrc.rate_idx_mask = sdata->rc_rateidx_mask[band];
2461 if (txrc.rate_idx_mask == (1 << sband->n_bitrates) - 1) 2440 if (txrc.rate_idx_mask == (1 << txrc.sband->n_bitrates) - 1)
2462 txrc.max_rate_idx = -1; 2441 txrc.max_rate_idx = -1;
2463 else 2442 else
2464 txrc.max_rate_idx = fls(txrc.rate_idx_mask) - 1; 2443 txrc.max_rate_idx = fls(txrc.rate_idx_mask) - 1;
@@ -2482,7 +2461,8 @@ struct sk_buff *ieee80211_proberesp_get(struct ieee80211_hw *hw,
2482 struct ieee80211_vif *vif) 2461 struct ieee80211_vif *vif)
2483{ 2462{
2484 struct ieee80211_if_ap *ap = NULL; 2463 struct ieee80211_if_ap *ap = NULL;
2485 struct sk_buff *presp = NULL, *skb = NULL; 2464 struct sk_buff *skb = NULL;
2465 struct probe_resp *presp = NULL;
2486 struct ieee80211_hdr *hdr; 2466 struct ieee80211_hdr *hdr;
2487 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 2467 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
2488 2468
@@ -2496,10 +2476,12 @@ struct sk_buff *ieee80211_proberesp_get(struct ieee80211_hw *hw,
2496 if (!presp) 2476 if (!presp)
2497 goto out; 2477 goto out;
2498 2478
2499 skb = skb_copy(presp, GFP_ATOMIC); 2479 skb = dev_alloc_skb(presp->len);
2500 if (!skb) 2480 if (!skb)
2501 goto out; 2481 goto out;
2502 2482
2483 memcpy(skb_put(skb, presp->len), presp->data, presp->len);
2484
2503 hdr = (struct ieee80211_hdr *) skb->data; 2485 hdr = (struct ieee80211_hdr *) skb->data;
2504 memset(hdr->addr1, 0, sizeof(hdr->addr1)); 2486 memset(hdr->addr1, 0, sizeof(hdr->addr1));
2505 2487
@@ -2610,9 +2592,9 @@ struct sk_buff *ieee80211_probereq_get(struct ieee80211_hw *hw,
2610 memset(hdr, 0, sizeof(*hdr)); 2592 memset(hdr, 0, sizeof(*hdr));
2611 hdr->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 2593 hdr->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
2612 IEEE80211_STYPE_PROBE_REQ); 2594 IEEE80211_STYPE_PROBE_REQ);
2613 memset(hdr->addr1, 0xff, ETH_ALEN); 2595 eth_broadcast_addr(hdr->addr1);
2614 memcpy(hdr->addr2, vif->addr, ETH_ALEN); 2596 memcpy(hdr->addr2, vif->addr, ETH_ALEN);
2615 memset(hdr->addr3, 0xff, ETH_ALEN); 2597 eth_broadcast_addr(hdr->addr3);
2616 2598
2617 pos = skb_put(skb, ie_ssid_len); 2599 pos = skb_put(skb, ie_ssid_len);
2618 *pos++ = WLAN_EID_SSID; 2600 *pos++ = WLAN_EID_SSID;
@@ -2709,8 +2691,7 @@ ieee80211_get_buffered_bc(struct ieee80211_hw *hw,
2709 info = IEEE80211_SKB_CB(skb); 2691 info = IEEE80211_SKB_CB(skb);
2710 2692
2711 tx.flags |= IEEE80211_TX_PS_BUFFERED; 2693 tx.flags |= IEEE80211_TX_PS_BUFFERED;
2712 tx.channel = local->hw.conf.channel; 2694 info->band = local->oper_channel->band;
2713 info->band = tx.channel->band;
2714 2695
2715 if (invoke_tx_handlers(&tx)) 2696 if (invoke_tx_handlers(&tx))
2716 skb = NULL; 2697 skb = NULL;
diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index 39b82fee4904..471fb0516c99 100644
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -276,6 +276,9 @@ void ieee80211_propagate_queue_wake(struct ieee80211_local *local, int queue)
276 list_for_each_entry_rcu(sdata, &local->interfaces, list) { 276 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
277 int ac; 277 int ac;
278 278
279 if (!sdata->dev)
280 continue;
281
279 if (test_bit(SDATA_STATE_OFFCHANNEL, &sdata->state)) 282 if (test_bit(SDATA_STATE_OFFCHANNEL, &sdata->state))
280 continue; 283 continue;
281 284
@@ -364,6 +367,9 @@ static void __ieee80211_stop_queue(struct ieee80211_hw *hw, int queue,
364 list_for_each_entry_rcu(sdata, &local->interfaces, list) { 367 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
365 int ac; 368 int ac;
366 369
370 if (!sdata->dev)
371 continue;
372
367 for (ac = 0; ac < n_acs; ac++) { 373 for (ac = 0; ac < n_acs; ac++) {
368 if (sdata->vif.hw_queue[ac] == queue || 374 if (sdata->vif.hw_queue[ac] == queue ||
369 sdata->vif.cab_queue == queue) 375 sdata->vif.cab_queue == queue)
@@ -768,8 +774,11 @@ u32 ieee802_11_parse_elems_crc(u8 *start, size_t len,
768 elem_parse_failed = true; 774 elem_parse_failed = true;
769 break; 775 break;
770 case WLAN_EID_CHANNEL_SWITCH: 776 case WLAN_EID_CHANNEL_SWITCH:
771 elems->ch_switch_elem = pos; 777 if (elen != sizeof(struct ieee80211_channel_sw_ie)) {
772 elems->ch_switch_elem_len = elen; 778 elem_parse_failed = true;
779 break;
780 }
781 elems->ch_switch_ie = (void *)pos;
773 break; 782 break;
774 case WLAN_EID_QUIET: 783 case WLAN_EID_QUIET:
775 if (!elems->quiet_elem) { 784 if (!elems->quiet_elem) {
@@ -832,7 +841,7 @@ void ieee80211_set_wmm_default(struct ieee80211_sub_if_data *sdata,
832 841
833 memset(&qparam, 0, sizeof(qparam)); 842 memset(&qparam, 0, sizeof(qparam));
834 843
835 use_11b = (local->hw.conf.channel->band == IEEE80211_BAND_2GHZ) && 844 use_11b = (local->oper_channel->band == IEEE80211_BAND_2GHZ) &&
836 !(sdata->flags & IEEE80211_SDATA_OPERATING_GMODE); 845 !(sdata->flags & IEEE80211_SDATA_OPERATING_GMODE);
837 846
838 /* 847 /*
@@ -899,7 +908,8 @@ void ieee80211_set_wmm_default(struct ieee80211_sub_if_data *sdata,
899 drv_conf_tx(local, sdata, ac, &qparam); 908 drv_conf_tx(local, sdata, ac, &qparam);
900 } 909 }
901 910
902 if (sdata->vif.type != NL80211_IFTYPE_MONITOR) { 911 if (sdata->vif.type != NL80211_IFTYPE_MONITOR &&
912 sdata->vif.type != NL80211_IFTYPE_P2P_DEVICE) {
903 sdata->vif.bss_conf.qos = enable_qos; 913 sdata->vif.bss_conf.qos = enable_qos;
904 if (bss_notify) 914 if (bss_notify)
905 ieee80211_bss_info_change_notify(sdata, 915 ieee80211_bss_info_change_notify(sdata,
@@ -919,7 +929,7 @@ void ieee80211_sta_def_wmm_params(struct ieee80211_sub_if_data *sdata,
919 if ((supp_rates[i] & 0x7f) * 5 > 110) 929 if ((supp_rates[i] & 0x7f) * 5 > 110)
920 have_higher_than_11mbit = 1; 930 have_higher_than_11mbit = 1;
921 931
922 if (local->hw.conf.channel->band == IEEE80211_BAND_2GHZ && 932 if (local->oper_channel->band == IEEE80211_BAND_2GHZ &&
923 have_higher_than_11mbit) 933 have_higher_than_11mbit)
924 sdata->flags |= IEEE80211_SDATA_OPERATING_GMODE; 934 sdata->flags |= IEEE80211_SDATA_OPERATING_GMODE;
925 else 935 else
@@ -1100,6 +1110,7 @@ int ieee80211_build_preq_ies(struct ieee80211_local *local, u8 *buffer,
1100 1110
1101struct sk_buff *ieee80211_build_probe_req(struct ieee80211_sub_if_data *sdata, 1111struct sk_buff *ieee80211_build_probe_req(struct ieee80211_sub_if_data *sdata,
1102 u8 *dst, u32 ratemask, 1112 u8 *dst, u32 ratemask,
1113 struct ieee80211_channel *chan,
1103 const u8 *ssid, size_t ssid_len, 1114 const u8 *ssid, size_t ssid_len,
1104 const u8 *ie, size_t ie_len, 1115 const u8 *ie, size_t ie_len,
1105 bool directed) 1116 bool directed)
@@ -1109,7 +1120,7 @@ struct sk_buff *ieee80211_build_probe_req(struct ieee80211_sub_if_data *sdata,
1109 struct ieee80211_mgmt *mgmt; 1120 struct ieee80211_mgmt *mgmt;
1110 size_t buf_len; 1121 size_t buf_len;
1111 u8 *buf; 1122 u8 *buf;
1112 u8 chan; 1123 u8 chan_no;
1113 1124
1114 /* FIXME: come up with a proper value */ 1125 /* FIXME: come up with a proper value */
1115 buf = kmalloc(200 + ie_len, GFP_KERNEL); 1126 buf = kmalloc(200 + ie_len, GFP_KERNEL);
@@ -1122,14 +1133,12 @@ struct sk_buff *ieee80211_build_probe_req(struct ieee80211_sub_if_data *sdata,
1122 * badly-behaved APs don't respond when this parameter is included. 1133 * badly-behaved APs don't respond when this parameter is included.
1123 */ 1134 */
1124 if (directed) 1135 if (directed)
1125 chan = 0; 1136 chan_no = 0;
1126 else 1137 else
1127 chan = ieee80211_frequency_to_channel( 1138 chan_no = ieee80211_frequency_to_channel(chan->center_freq);
1128 local->hw.conf.channel->center_freq);
1129 1139
1130 buf_len = ieee80211_build_preq_ies(local, buf, ie, ie_len, 1140 buf_len = ieee80211_build_preq_ies(local, buf, ie, ie_len, chan->band,
1131 local->hw.conf.channel->band, 1141 ratemask, chan_no);
1132 ratemask, chan);
1133 1142
1134 skb = ieee80211_probereq_get(&local->hw, &sdata->vif, 1143 skb = ieee80211_probereq_get(&local->hw, &sdata->vif,
1135 ssid, ssid_len, 1144 ssid, ssid_len,
@@ -1154,11 +1163,13 @@ struct sk_buff *ieee80211_build_probe_req(struct ieee80211_sub_if_data *sdata,
1154void ieee80211_send_probe_req(struct ieee80211_sub_if_data *sdata, u8 *dst, 1163void ieee80211_send_probe_req(struct ieee80211_sub_if_data *sdata, u8 *dst,
1155 const u8 *ssid, size_t ssid_len, 1164 const u8 *ssid, size_t ssid_len,
1156 const u8 *ie, size_t ie_len, 1165 const u8 *ie, size_t ie_len,
1157 u32 ratemask, bool directed, bool no_cck) 1166 u32 ratemask, bool directed, bool no_cck,
1167 struct ieee80211_channel *channel)
1158{ 1168{
1159 struct sk_buff *skb; 1169 struct sk_buff *skb;
1160 1170
1161 skb = ieee80211_build_probe_req(sdata, dst, ratemask, ssid, ssid_len, 1171 skb = ieee80211_build_probe_req(sdata, dst, ratemask, channel,
1172 ssid, ssid_len,
1162 ie, ie_len, directed); 1173 ie, ie_len, directed);
1163 if (skb) { 1174 if (skb) {
1164 if (no_cck) 1175 if (no_cck)
@@ -1359,7 +1370,8 @@ int ieee80211_reconfig(struct ieee80211_local *local)
1359 switch (sdata->vif.type) { 1370 switch (sdata->vif.type) {
1360 case NL80211_IFTYPE_STATION: 1371 case NL80211_IFTYPE_STATION:
1361 changed |= BSS_CHANGED_ASSOC | 1372 changed |= BSS_CHANGED_ASSOC |
1362 BSS_CHANGED_ARP_FILTER; 1373 BSS_CHANGED_ARP_FILTER |
1374 BSS_CHANGED_PS;
1363 mutex_lock(&sdata->u.mgd.mtx); 1375 mutex_lock(&sdata->u.mgd.mtx);
1364 ieee80211_bss_info_change_notify(sdata, changed); 1376 ieee80211_bss_info_change_notify(sdata, changed);
1365 mutex_unlock(&sdata->u.mgd.mtx); 1377 mutex_unlock(&sdata->u.mgd.mtx);
@@ -1385,6 +1397,9 @@ int ieee80211_reconfig(struct ieee80211_local *local)
1385 case NL80211_IFTYPE_MONITOR: 1397 case NL80211_IFTYPE_MONITOR:
1386 /* ignore virtual */ 1398 /* ignore virtual */
1387 break; 1399 break;
1400 case NL80211_IFTYPE_P2P_DEVICE:
1401 changed = BSS_CHANGED_IDLE;
1402 break;
1388 case NL80211_IFTYPE_UNSPECIFIED: 1403 case NL80211_IFTYPE_UNSPECIFIED:
1389 case NUM_NL80211_IFTYPES: 1404 case NUM_NL80211_IFTYPES:
1390 case NL80211_IFTYPE_P2P_CLIENT: 1405 case NL80211_IFTYPE_P2P_CLIENT:
@@ -1571,6 +1586,8 @@ void ieee80211_recalc_smps(struct ieee80211_local *local)
1571 list_for_each_entry(sdata, &local->interfaces, list) { 1586 list_for_each_entry(sdata, &local->interfaces, list) {
1572 if (!ieee80211_sdata_running(sdata)) 1587 if (!ieee80211_sdata_running(sdata))
1573 continue; 1588 continue;
1589 if (sdata->vif.type == NL80211_IFTYPE_P2P_DEVICE)
1590 continue;
1574 if (sdata->vif.type != NL80211_IFTYPE_STATION) 1591 if (sdata->vif.type != NL80211_IFTYPE_STATION)
1575 goto set; 1592 goto set;
1576 1593
@@ -1809,7 +1826,8 @@ ieee80211_ht_oper_to_channel_type(struct ieee80211_ht_operation *ht_oper)
1809} 1826}
1810 1827
1811int ieee80211_add_srates_ie(struct ieee80211_sub_if_data *sdata, 1828int ieee80211_add_srates_ie(struct ieee80211_sub_if_data *sdata,
1812 struct sk_buff *skb, bool need_basic) 1829 struct sk_buff *skb, bool need_basic,
1830 enum ieee80211_band band)
1813{ 1831{
1814 struct ieee80211_local *local = sdata->local; 1832 struct ieee80211_local *local = sdata->local;
1815 struct ieee80211_supported_band *sband; 1833 struct ieee80211_supported_band *sband;
@@ -1817,7 +1835,7 @@ int ieee80211_add_srates_ie(struct ieee80211_sub_if_data *sdata,
1817 u8 i, rates, *pos; 1835 u8 i, rates, *pos;
1818 u32 basic_rates = sdata->vif.bss_conf.basic_rates; 1836 u32 basic_rates = sdata->vif.bss_conf.basic_rates;
1819 1837
1820 sband = local->hw.wiphy->bands[local->hw.conf.channel->band]; 1838 sband = local->hw.wiphy->bands[band];
1821 rates = sband->n_bitrates; 1839 rates = sband->n_bitrates;
1822 if (rates > 8) 1840 if (rates > 8)
1823 rates = 8; 1841 rates = 8;
@@ -1840,7 +1858,8 @@ int ieee80211_add_srates_ie(struct ieee80211_sub_if_data *sdata,
1840} 1858}
1841 1859
1842int ieee80211_add_ext_srates_ie(struct ieee80211_sub_if_data *sdata, 1860int ieee80211_add_ext_srates_ie(struct ieee80211_sub_if_data *sdata,
1843 struct sk_buff *skb, bool need_basic) 1861 struct sk_buff *skb, bool need_basic,
1862 enum ieee80211_band band)
1844{ 1863{
1845 struct ieee80211_local *local = sdata->local; 1864 struct ieee80211_local *local = sdata->local;
1846 struct ieee80211_supported_band *sband; 1865 struct ieee80211_supported_band *sband;
@@ -1848,7 +1867,7 @@ int ieee80211_add_ext_srates_ie(struct ieee80211_sub_if_data *sdata,
1848 u8 i, exrates, *pos; 1867 u8 i, exrates, *pos;
1849 u32 basic_rates = sdata->vif.bss_conf.basic_rates; 1868 u32 basic_rates = sdata->vif.bss_conf.basic_rates;
1850 1869
1851 sband = local->hw.wiphy->bands[local->hw.conf.channel->band]; 1870 sband = local->hw.wiphy->bands[band];
1852 exrates = sband->n_bitrates; 1871 exrates = sband->n_bitrates;
1853 if (exrates > 8) 1872 if (exrates > 8)
1854 exrates -= 8; 1873 exrates -= 8;
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index 3c601378d27e..767cc12da0fe 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -1171,8 +1171,10 @@ ip_vs_add_service(struct net *net, struct ip_vs_service_user_kern *u,
1171 goto out_err; 1171 goto out_err;
1172 } 1172 }
1173 svc->stats.cpustats = alloc_percpu(struct ip_vs_cpu_stats); 1173 svc->stats.cpustats = alloc_percpu(struct ip_vs_cpu_stats);
1174 if (!svc->stats.cpustats) 1174 if (!svc->stats.cpustats) {
1175 ret = -ENOMEM;
1175 goto out_err; 1176 goto out_err;
1177 }
1176 1178
1177 /* I'm the first user of the service */ 1179 /* I'm the first user of the service */
1178 atomic_set(&svc->usecnt, 0); 1180 atomic_set(&svc->usecnt, 0);
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index c9bb994ae9ba..dcb27910ab3c 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -255,12 +255,15 @@ static void death_by_event(unsigned long ul_conntrack)
255{ 255{
256 struct nf_conn *ct = (void *)ul_conntrack; 256 struct nf_conn *ct = (void *)ul_conntrack;
257 struct net *net = nf_ct_net(ct); 257 struct net *net = nf_ct_net(ct);
258 struct nf_conntrack_ecache *ecache = nf_ct_ecache_find(ct);
259
260 BUG_ON(ecache == NULL);
258 261
259 if (nf_conntrack_event(IPCT_DESTROY, ct) < 0) { 262 if (nf_conntrack_event(IPCT_DESTROY, ct) < 0) {
260 /* bad luck, let's retry again */ 263 /* bad luck, let's retry again */
261 ct->timeout.expires = jiffies + 264 ecache->timeout.expires = jiffies +
262 (random32() % net->ct.sysctl_events_retry_timeout); 265 (random32() % net->ct.sysctl_events_retry_timeout);
263 add_timer(&ct->timeout); 266 add_timer(&ecache->timeout);
264 return; 267 return;
265 } 268 }
266 /* we've got the event delivered, now it's dying */ 269 /* we've got the event delivered, now it's dying */
@@ -274,6 +277,9 @@ static void death_by_event(unsigned long ul_conntrack)
274void nf_ct_insert_dying_list(struct nf_conn *ct) 277void nf_ct_insert_dying_list(struct nf_conn *ct)
275{ 278{
276 struct net *net = nf_ct_net(ct); 279 struct net *net = nf_ct_net(ct);
280 struct nf_conntrack_ecache *ecache = nf_ct_ecache_find(ct);
281
282 BUG_ON(ecache == NULL);
277 283
278 /* add this conntrack to the dying list */ 284 /* add this conntrack to the dying list */
279 spin_lock_bh(&nf_conntrack_lock); 285 spin_lock_bh(&nf_conntrack_lock);
@@ -281,10 +287,10 @@ void nf_ct_insert_dying_list(struct nf_conn *ct)
281 &net->ct.dying); 287 &net->ct.dying);
282 spin_unlock_bh(&nf_conntrack_lock); 288 spin_unlock_bh(&nf_conntrack_lock);
283 /* set a new timer to retry event delivery */ 289 /* set a new timer to retry event delivery */
284 setup_timer(&ct->timeout, death_by_event, (unsigned long)ct); 290 setup_timer(&ecache->timeout, death_by_event, (unsigned long)ct);
285 ct->timeout.expires = jiffies + 291 ecache->timeout.expires = jiffies +
286 (random32() % net->ct.sysctl_events_retry_timeout); 292 (random32() % net->ct.sysctl_events_retry_timeout);
287 add_timer(&ct->timeout); 293 add_timer(&ecache->timeout);
288} 294}
289EXPORT_SYMBOL_GPL(nf_ct_insert_dying_list); 295EXPORT_SYMBOL_GPL(nf_ct_insert_dying_list);
290 296
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 966f5133a384..a205bd6ce294 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -2813,7 +2813,8 @@ static int __init ctnetlink_init(void)
2813 goto err_unreg_subsys; 2813 goto err_unreg_subsys;
2814 } 2814 }
2815 2815
2816 if (register_pernet_subsys(&ctnetlink_net_ops)) { 2816 ret = register_pernet_subsys(&ctnetlink_net_ops);
2817 if (ret < 0) {
2817 pr_err("ctnetlink_init: cannot register pernet operations\n"); 2818 pr_err("ctnetlink_init: cannot register pernet operations\n");
2818 goto err_unreg_exp_subsys; 2819 goto err_unreg_exp_subsys;
2819 } 2820 }
diff --git a/net/netfilter/nf_nat_sip.c b/net/netfilter/nf_nat_sip.c
index f4db3a7bd285..16303c752213 100644
--- a/net/netfilter/nf_nat_sip.c
+++ b/net/netfilter/nf_nat_sip.c
@@ -542,7 +542,10 @@ static unsigned int nf_nat_sdp_media(struct sk_buff *skb, unsigned int protoff,
542 ret = nf_ct_expect_related(rtcp_exp); 542 ret = nf_ct_expect_related(rtcp_exp);
543 if (ret == 0) 543 if (ret == 0)
544 break; 544 break;
545 else if (ret != -EBUSY) { 545 else if (ret == -EBUSY) {
546 nf_ct_unexpect_related(rtp_exp);
547 continue;
548 } else if (ret < 0) {
546 nf_ct_unexpect_related(rtp_exp); 549 nf_ct_unexpect_related(rtp_exp);
547 port = 0; 550 port = 0;
548 break; 551 break;
diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c
index 169ab59ed9d4..be194b144297 100644
--- a/net/netfilter/nfnetlink_log.c
+++ b/net/netfilter/nfnetlink_log.c
@@ -55,6 +55,7 @@ struct nfulnl_instance {
55 unsigned int qlen; /* number of nlmsgs in skb */ 55 unsigned int qlen; /* number of nlmsgs in skb */
56 struct sk_buff *skb; /* pre-allocatd skb */ 56 struct sk_buff *skb; /* pre-allocatd skb */
57 struct timer_list timer; 57 struct timer_list timer;
58 struct user_namespace *peer_user_ns; /* User namespace of the peer process */
58 int peer_pid; /* PID of the peer process */ 59 int peer_pid; /* PID of the peer process */
59 60
60 /* configurable parameters */ 61 /* configurable parameters */
@@ -132,7 +133,7 @@ instance_put(struct nfulnl_instance *inst)
132static void nfulnl_timer(unsigned long data); 133static void nfulnl_timer(unsigned long data);
133 134
134static struct nfulnl_instance * 135static struct nfulnl_instance *
135instance_create(u_int16_t group_num, int pid) 136instance_create(u_int16_t group_num, int pid, struct user_namespace *user_ns)
136{ 137{
137 struct nfulnl_instance *inst; 138 struct nfulnl_instance *inst;
138 int err; 139 int err;
@@ -162,6 +163,7 @@ instance_create(u_int16_t group_num, int pid)
162 163
163 setup_timer(&inst->timer, nfulnl_timer, (unsigned long)inst); 164 setup_timer(&inst->timer, nfulnl_timer, (unsigned long)inst);
164 165
166 inst->peer_user_ns = user_ns;
165 inst->peer_pid = pid; 167 inst->peer_pid = pid;
166 inst->group_num = group_num; 168 inst->group_num = group_num;
167 169
@@ -480,7 +482,7 @@ __build_packet_message(struct nfulnl_instance *inst,
480 } 482 }
481 483
482 if (indev && skb_mac_header_was_set(skb)) { 484 if (indev && skb_mac_header_was_set(skb)) {
483 if (nla_put_be32(inst->skb, NFULA_HWTYPE, htons(skb->dev->type)) || 485 if (nla_put_be16(inst->skb, NFULA_HWTYPE, htons(skb->dev->type)) ||
484 nla_put_be16(inst->skb, NFULA_HWLEN, 486 nla_put_be16(inst->skb, NFULA_HWLEN,
485 htons(skb->dev->hard_header_len)) || 487 htons(skb->dev->hard_header_len)) ||
486 nla_put(inst->skb, NFULA_HWHEADER, skb->dev->hard_header_len, 488 nla_put(inst->skb, NFULA_HWHEADER, skb->dev->hard_header_len,
@@ -503,8 +505,11 @@ __build_packet_message(struct nfulnl_instance *inst,
503 read_lock_bh(&skb->sk->sk_callback_lock); 505 read_lock_bh(&skb->sk->sk_callback_lock);
504 if (skb->sk->sk_socket && skb->sk->sk_socket->file) { 506 if (skb->sk->sk_socket && skb->sk->sk_socket->file) {
505 struct file *file = skb->sk->sk_socket->file; 507 struct file *file = skb->sk->sk_socket->file;
506 __be32 uid = htonl(file->f_cred->fsuid); 508 __be32 uid = htonl(from_kuid_munged(inst->peer_user_ns,
507 __be32 gid = htonl(file->f_cred->fsgid); 509 file->f_cred->fsuid));
510 __be32 gid = htonl(from_kgid_munged(inst->peer_user_ns,
511 file->f_cred->fsgid));
512 /* need to unlock here since NLA_PUT may goto */
508 read_unlock_bh(&skb->sk->sk_callback_lock); 513 read_unlock_bh(&skb->sk->sk_callback_lock);
509 if (nla_put_be32(inst->skb, NFULA_UID, uid) || 514 if (nla_put_be32(inst->skb, NFULA_UID, uid) ||
510 nla_put_be32(inst->skb, NFULA_GID, gid)) 515 nla_put_be32(inst->skb, NFULA_GID, gid))
@@ -783,7 +788,8 @@ nfulnl_recv_config(struct sock *ctnl, struct sk_buff *skb,
783 } 788 }
784 789
785 inst = instance_create(group_num, 790 inst = instance_create(group_num,
786 NETLINK_CB(skb).pid); 791 NETLINK_CB(skb).pid,
792 sk_user_ns(NETLINK_CB(skb).ssk));
787 if (IS_ERR(inst)) { 793 if (IS_ERR(inst)) {
788 ret = PTR_ERR(inst); 794 ret = PTR_ERR(inst);
789 goto out; 795 goto out;
@@ -996,8 +1002,10 @@ static int __init nfnetlink_log_init(void)
996 1002
997#ifdef CONFIG_PROC_FS 1003#ifdef CONFIG_PROC_FS
998 if (!proc_create("nfnetlink_log", 0440, 1004 if (!proc_create("nfnetlink_log", 0440,
999 proc_net_netfilter, &nful_file_ops)) 1005 proc_net_netfilter, &nful_file_ops)) {
1006 status = -ENOMEM;
1000 goto cleanup_logger; 1007 goto cleanup_logger;
1008 }
1001#endif 1009#endif
1002 return status; 1010 return status;
1003 1011
diff --git a/net/netfilter/xt_LOG.c b/net/netfilter/xt_LOG.c
index ff5f75fddb15..02a2bf49dcbd 100644
--- a/net/netfilter/xt_LOG.c
+++ b/net/netfilter/xt_LOG.c
@@ -363,10 +363,12 @@ static void dump_ipv4_packet(struct sbuff *m,
363 /* Max length: 15 "UID=4294967295 " */ 363 /* Max length: 15 "UID=4294967295 " */
364 if ((logflags & XT_LOG_UID) && !iphoff && skb->sk) { 364 if ((logflags & XT_LOG_UID) && !iphoff && skb->sk) {
365 read_lock_bh(&skb->sk->sk_callback_lock); 365 read_lock_bh(&skb->sk->sk_callback_lock);
366 if (skb->sk->sk_socket && skb->sk->sk_socket->file) 366 if (skb->sk->sk_socket && skb->sk->sk_socket->file) {
367 const struct cred *cred = skb->sk->sk_socket->file->f_cred;
367 sb_add(m, "UID=%u GID=%u ", 368 sb_add(m, "UID=%u GID=%u ",
368 skb->sk->sk_socket->file->f_cred->fsuid, 369 from_kuid_munged(&init_user_ns, cred->fsuid),
369 skb->sk->sk_socket->file->f_cred->fsgid); 370 from_kgid_munged(&init_user_ns, cred->fsgid));
371 }
370 read_unlock_bh(&skb->sk->sk_callback_lock); 372 read_unlock_bh(&skb->sk->sk_callback_lock);
371 } 373 }
372 374
@@ -719,10 +721,12 @@ static void dump_ipv6_packet(struct sbuff *m,
719 /* Max length: 15 "UID=4294967295 " */ 721 /* Max length: 15 "UID=4294967295 " */
720 if ((logflags & XT_LOG_UID) && recurse && skb->sk) { 722 if ((logflags & XT_LOG_UID) && recurse && skb->sk) {
721 read_lock_bh(&skb->sk->sk_callback_lock); 723 read_lock_bh(&skb->sk->sk_callback_lock);
722 if (skb->sk->sk_socket && skb->sk->sk_socket->file) 724 if (skb->sk->sk_socket && skb->sk->sk_socket->file) {
725 const struct cred *cred = skb->sk->sk_socket->file->f_cred;
723 sb_add(m, "UID=%u GID=%u ", 726 sb_add(m, "UID=%u GID=%u ",
724 skb->sk->sk_socket->file->f_cred->fsuid, 727 from_kuid_munged(&init_user_ns, cred->fsuid),
725 skb->sk->sk_socket->file->f_cred->fsgid); 728 from_kgid_munged(&init_user_ns, cred->fsgid));
729 }
726 read_unlock_bh(&skb->sk->sk_callback_lock); 730 read_unlock_bh(&skb->sk->sk_callback_lock);
727 } 731 }
728 732
diff --git a/net/netfilter/xt_owner.c b/net/netfilter/xt_owner.c
index 772d7389b337..ca2e577ed8ac 100644
--- a/net/netfilter/xt_owner.c
+++ b/net/netfilter/xt_owner.c
@@ -17,6 +17,17 @@
17#include <linux/netfilter/x_tables.h> 17#include <linux/netfilter/x_tables.h>
18#include <linux/netfilter/xt_owner.h> 18#include <linux/netfilter/xt_owner.h>
19 19
20static int owner_check(const struct xt_mtchk_param *par)
21{
22 struct xt_owner_match_info *info = par->matchinfo;
23
24 /* For now only allow adding matches from the initial user namespace */
25 if ((info->match & (XT_OWNER_UID|XT_OWNER_GID)) &&
26 (current_user_ns() != &init_user_ns))
27 return -EINVAL;
28 return 0;
29}
30
20static bool 31static bool
21owner_mt(const struct sk_buff *skb, struct xt_action_param *par) 32owner_mt(const struct sk_buff *skb, struct xt_action_param *par)
22{ 33{
@@ -37,17 +48,23 @@ owner_mt(const struct sk_buff *skb, struct xt_action_param *par)
37 return ((info->match ^ info->invert) & 48 return ((info->match ^ info->invert) &
38 (XT_OWNER_UID | XT_OWNER_GID)) == 0; 49 (XT_OWNER_UID | XT_OWNER_GID)) == 0;
39 50
40 if (info->match & XT_OWNER_UID) 51 if (info->match & XT_OWNER_UID) {
41 if ((filp->f_cred->fsuid >= info->uid_min && 52 kuid_t uid_min = make_kuid(&init_user_ns, info->uid_min);
42 filp->f_cred->fsuid <= info->uid_max) ^ 53 kuid_t uid_max = make_kuid(&init_user_ns, info->uid_max);
54 if ((uid_gte(filp->f_cred->fsuid, uid_min) &&
55 uid_lte(filp->f_cred->fsuid, uid_max)) ^
43 !(info->invert & XT_OWNER_UID)) 56 !(info->invert & XT_OWNER_UID))
44 return false; 57 return false;
58 }
45 59
46 if (info->match & XT_OWNER_GID) 60 if (info->match & XT_OWNER_GID) {
47 if ((filp->f_cred->fsgid >= info->gid_min && 61 kgid_t gid_min = make_kgid(&init_user_ns, info->gid_min);
48 filp->f_cred->fsgid <= info->gid_max) ^ 62 kgid_t gid_max = make_kgid(&init_user_ns, info->gid_max);
63 if ((gid_gte(filp->f_cred->fsgid, gid_min) &&
64 gid_lte(filp->f_cred->fsgid, gid_max)) ^
49 !(info->invert & XT_OWNER_GID)) 65 !(info->invert & XT_OWNER_GID))
50 return false; 66 return false;
67 }
51 68
52 return true; 69 return true;
53} 70}
@@ -56,6 +73,7 @@ static struct xt_match owner_mt_reg __read_mostly = {
56 .name = "owner", 73 .name = "owner",
57 .revision = 1, 74 .revision = 1,
58 .family = NFPROTO_UNSPEC, 75 .family = NFPROTO_UNSPEC,
76 .checkentry = owner_check,
59 .match = owner_mt, 77 .match = owner_mt,
60 .matchsize = sizeof(struct xt_owner_match_info), 78 .matchsize = sizeof(struct xt_owner_match_info),
61 .hooks = (1 << NF_INET_LOCAL_OUT) | 79 .hooks = (1 << NF_INET_LOCAL_OUT) |
diff --git a/net/netfilter/xt_recent.c b/net/netfilter/xt_recent.c
index ae2ad1eec8d0..4635c9b00459 100644
--- a/net/netfilter/xt_recent.c
+++ b/net/netfilter/xt_recent.c
@@ -317,6 +317,8 @@ static int recent_mt_check(const struct xt_mtchk_param *par,
317 struct recent_table *t; 317 struct recent_table *t;
318#ifdef CONFIG_PROC_FS 318#ifdef CONFIG_PROC_FS
319 struct proc_dir_entry *pde; 319 struct proc_dir_entry *pde;
320 kuid_t uid;
321 kgid_t gid;
320#endif 322#endif
321 unsigned int i; 323 unsigned int i;
322 int ret = -EINVAL; 324 int ret = -EINVAL;
@@ -372,6 +374,13 @@ static int recent_mt_check(const struct xt_mtchk_param *par,
372 for (i = 0; i < ip_list_hash_size; i++) 374 for (i = 0; i < ip_list_hash_size; i++)
373 INIT_LIST_HEAD(&t->iphash[i]); 375 INIT_LIST_HEAD(&t->iphash[i]);
374#ifdef CONFIG_PROC_FS 376#ifdef CONFIG_PROC_FS
377 uid = make_kuid(&init_user_ns, ip_list_uid);
378 gid = make_kgid(&init_user_ns, ip_list_gid);
379 if (!uid_valid(uid) || !gid_valid(gid)) {
380 kfree(t);
381 ret = -EINVAL;
382 goto out;
383 }
375 pde = proc_create_data(t->name, ip_list_perms, recent_net->xt_recent, 384 pde = proc_create_data(t->name, ip_list_perms, recent_net->xt_recent,
376 &recent_mt_fops, t); 385 &recent_mt_fops, t);
377 if (pde == NULL) { 386 if (pde == NULL) {
@@ -379,8 +388,8 @@ static int recent_mt_check(const struct xt_mtchk_param *par,
379 ret = -ENOMEM; 388 ret = -ENOMEM;
380 goto out; 389 goto out;
381 } 390 }
382 pde->uid = ip_list_uid; 391 pde->uid = uid;
383 pde->gid = ip_list_gid; 392 pde->gid = gid;
384#endif 393#endif
385 spin_lock_bh(&recent_lock); 394 spin_lock_bh(&recent_lock);
386 list_add_tail(&t->list, &recent_net->tables); 395 list_add_tail(&t->list, &recent_net->tables);
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index 1445d73533ed..382119917166 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -912,7 +912,8 @@ static void netlink_rcv_wake(struct sock *sk)
912 wake_up_interruptible(&nlk->wait); 912 wake_up_interruptible(&nlk->wait);
913} 913}
914 914
915static int netlink_unicast_kernel(struct sock *sk, struct sk_buff *skb) 915static int netlink_unicast_kernel(struct sock *sk, struct sk_buff *skb,
916 struct sock *ssk)
916{ 917{
917 int ret; 918 int ret;
918 struct netlink_sock *nlk = nlk_sk(sk); 919 struct netlink_sock *nlk = nlk_sk(sk);
@@ -921,6 +922,7 @@ static int netlink_unicast_kernel(struct sock *sk, struct sk_buff *skb)
921 if (nlk->netlink_rcv != NULL) { 922 if (nlk->netlink_rcv != NULL) {
922 ret = skb->len; 923 ret = skb->len;
923 skb_set_owner_r(skb, sk); 924 skb_set_owner_r(skb, sk);
925 NETLINK_CB(skb).ssk = ssk;
924 nlk->netlink_rcv(skb); 926 nlk->netlink_rcv(skb);
925 consume_skb(skb); 927 consume_skb(skb);
926 } else { 928 } else {
@@ -947,7 +949,7 @@ retry:
947 return PTR_ERR(sk); 949 return PTR_ERR(sk);
948 } 950 }
949 if (netlink_is_kernel(sk)) 951 if (netlink_is_kernel(sk))
950 return netlink_unicast_kernel(sk, skb); 952 return netlink_unicast_kernel(sk, skb, ssk);
951 953
952 if (sk_filter(sk, skb)) { 954 if (sk_filter(sk, skb)) {
953 err = skb->len; 955 err = skb->len;
@@ -1373,7 +1375,8 @@ static int netlink_sendmsg(struct kiocb *kiocb, struct socket *sock,
1373 dst_pid = addr->nl_pid; 1375 dst_pid = addr->nl_pid;
1374 dst_group = ffs(addr->nl_groups); 1376 dst_group = ffs(addr->nl_groups);
1375 err = -EPERM; 1377 err = -EPERM;
1376 if (dst_group && !netlink_capable(sock, NL_NONROOT_SEND)) 1378 if ((dst_group || dst_pid) &&
1379 !netlink_capable(sock, NL_NONROOT_SEND))
1377 goto out; 1380 goto out;
1378 } else { 1381 } else {
1379 dst_pid = nlk->dst_pid; 1382 dst_pid = nlk->dst_pid;
@@ -2147,6 +2150,7 @@ static void __init netlink_add_usersock_entry(void)
2147 rcu_assign_pointer(nl_table[NETLINK_USERSOCK].listeners, listeners); 2150 rcu_assign_pointer(nl_table[NETLINK_USERSOCK].listeners, listeners);
2148 nl_table[NETLINK_USERSOCK].module = THIS_MODULE; 2151 nl_table[NETLINK_USERSOCK].module = THIS_MODULE;
2149 nl_table[NETLINK_USERSOCK].registered = 1; 2152 nl_table[NETLINK_USERSOCK].registered = 1;
2153 nl_table[NETLINK_USERSOCK].nl_nonroot = NL_NONROOT_SEND;
2150 2154
2151 netlink_table_ungrab(); 2155 netlink_table_ungrab();
2152} 2156}
diff --git a/net/openvswitch/flow.c b/net/openvswitch/flow.c
index b7f38b161909..c7bf2f26525a 100644
--- a/net/openvswitch/flow.c
+++ b/net/openvswitch/flow.c
@@ -427,19 +427,11 @@ void ovs_flow_deferred_free(struct sw_flow *flow)
427 call_rcu(&flow->rcu, rcu_free_flow_callback); 427 call_rcu(&flow->rcu, rcu_free_flow_callback);
428} 428}
429 429
430/* RCU callback used by ovs_flow_deferred_free_acts. */
431static void rcu_free_acts_callback(struct rcu_head *rcu)
432{
433 struct sw_flow_actions *sf_acts = container_of(rcu,
434 struct sw_flow_actions, rcu);
435 kfree(sf_acts);
436}
437
438/* Schedules 'sf_acts' to be freed after the next RCU grace period. 430/* Schedules 'sf_acts' to be freed after the next RCU grace period.
439 * The caller must hold rcu_read_lock for this to be sensible. */ 431 * The caller must hold rcu_read_lock for this to be sensible. */
440void ovs_flow_deferred_free_acts(struct sw_flow_actions *sf_acts) 432void ovs_flow_deferred_free_acts(struct sw_flow_actions *sf_acts)
441{ 433{
442 call_rcu(&sf_acts->rcu, rcu_free_acts_callback); 434 kfree_rcu(sf_acts, rcu);
443} 435}
444 436
445static int parse_vlan(struct sk_buff *skb, struct sw_flow_key *key) 437static int parse_vlan(struct sk_buff *skb, struct sw_flow_key *key)
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
index f220c5bdb71f..94060edbbd70 100644
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -1162,7 +1162,7 @@ static void __fanout_unlink(struct sock *sk, struct packet_sock *po)
1162 spin_unlock(&f->lock); 1162 spin_unlock(&f->lock);
1163} 1163}
1164 1164
1165bool match_fanout_group(struct packet_type *ptype, struct sock * sk) 1165static bool match_fanout_group(struct packet_type *ptype, struct sock * sk)
1166{ 1166{
1167 if (ptype->af_packet_priv == (void*)((struct packet_sock *)sk)->fanout) 1167 if (ptype->af_packet_priv == (void*)((struct packet_sock *)sk)->fanout)
1168 return true; 1168 return true;
@@ -3749,7 +3749,7 @@ static int packet_seq_show(struct seq_file *seq, void *v)
3749 po->ifindex, 3749 po->ifindex,
3750 po->running, 3750 po->running,
3751 atomic_read(&s->sk_rmem_alloc), 3751 atomic_read(&s->sk_rmem_alloc),
3752 sock_i_uid(s), 3752 from_kuid_munged(seq_user_ns(seq), sock_i_uid(s)),
3753 sock_i_ino(s)); 3753 sock_i_ino(s));
3754 } 3754 }
3755 3755
diff --git a/net/phonet/socket.c b/net/phonet/socket.c
index 0acc943f713a..b7e982782255 100644
--- a/net/phonet/socket.c
+++ b/net/phonet/socket.c
@@ -612,7 +612,8 @@ static int pn_sock_seq_show(struct seq_file *seq, void *v)
612 sk->sk_protocol, pn->sobject, pn->dobject, 612 sk->sk_protocol, pn->sobject, pn->dobject,
613 pn->resource, sk->sk_state, 613 pn->resource, sk->sk_state,
614 sk_wmem_alloc_get(sk), sk_rmem_alloc_get(sk), 614 sk_wmem_alloc_get(sk), sk_rmem_alloc_get(sk),
615 sock_i_uid(sk), sock_i_ino(sk), 615 from_kuid_munged(seq_user_ns(seq), sock_i_uid(sk)),
616 sock_i_ino(sk),
616 atomic_read(&sk->sk_refcnt), sk, 617 atomic_read(&sk->sk_refcnt), sk,
617 atomic_read(&sk->sk_drops), &len); 618 atomic_read(&sk->sk_drops), &len);
618 } 619 }
@@ -796,7 +797,8 @@ static int pn_res_seq_show(struct seq_file *seq, void *v)
796 struct sock *sk = *psk; 797 struct sock *sk = *psk;
797 798
798 seq_printf(seq, "%02X %5d %lu%n", 799 seq_printf(seq, "%02X %5d %lu%n",
799 (int) (psk - pnres.sk), sock_i_uid(sk), 800 (int) (psk - pnres.sk),
801 from_kuid_munged(seq_user_ns(seq), sock_i_uid(sk)),
800 sock_i_ino(sk), &len); 802 sock_i_ino(sk), &len);
801 } 803 }
802 seq_printf(seq, "%*s\n", 63 - len, ""); 804 seq_printf(seq, "%*s\n", 63 - len, "");
diff --git a/net/rfkill/core.c b/net/rfkill/core.c
index 752b72360ebc..c275bad12068 100644
--- a/net/rfkill/core.c
+++ b/net/rfkill/core.c
@@ -150,6 +150,20 @@ static void rfkill_led_trigger_activate(struct led_classdev *led)
150 rfkill_led_trigger_event(rfkill); 150 rfkill_led_trigger_event(rfkill);
151} 151}
152 152
153const char *rfkill_get_led_trigger_name(struct rfkill *rfkill)
154{
155 return rfkill->led_trigger.name;
156}
157EXPORT_SYMBOL(rfkill_get_led_trigger_name);
158
159void rfkill_set_led_trigger_name(struct rfkill *rfkill, const char *name)
160{
161 BUG_ON(!rfkill);
162
163 rfkill->ledtrigname = name;
164}
165EXPORT_SYMBOL(rfkill_set_led_trigger_name);
166
153static int rfkill_led_trigger_register(struct rfkill *rfkill) 167static int rfkill_led_trigger_register(struct rfkill *rfkill)
154{ 168{
155 rfkill->led_trigger.name = rfkill->ledtrigname 169 rfkill->led_trigger.name = rfkill->ledtrigname
diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c
index 6dd1131f2ec1..dc3ef5aef355 100644
--- a/net/sched/cls_api.c
+++ b/net/sched/cls_api.c
@@ -319,7 +319,7 @@ replay:
319 } 319 }
320 } 320 }
321 321
322 err = tp->ops->change(tp, cl, t->tcm_handle, tca, &fh); 322 err = tp->ops->change(skb, tp, cl, t->tcm_handle, tca, &fh);
323 if (err == 0) { 323 if (err == 0) {
324 if (tp_created) { 324 if (tp_created) {
325 spin_lock_bh(root_lock); 325 spin_lock_bh(root_lock);
diff --git a/net/sched/cls_basic.c b/net/sched/cls_basic.c
index 590960a22a77..344a11b342e5 100644
--- a/net/sched/cls_basic.c
+++ b/net/sched/cls_basic.c
@@ -162,7 +162,8 @@ errout:
162 return err; 162 return err;
163} 163}
164 164
165static int basic_change(struct tcf_proto *tp, unsigned long base, u32 handle, 165static int basic_change(struct sk_buff *in_skb,
166 struct tcf_proto *tp, unsigned long base, u32 handle,
166 struct nlattr **tca, unsigned long *arg) 167 struct nlattr **tca, unsigned long *arg)
167{ 168{
168 int err; 169 int err;
diff --git a/net/sched/cls_cgroup.c b/net/sched/cls_cgroup.c
index 7743ea8d1d38..91de66695b4a 100644
--- a/net/sched/cls_cgroup.c
+++ b/net/sched/cls_cgroup.c
@@ -151,7 +151,8 @@ static const struct nla_policy cgroup_policy[TCA_CGROUP_MAX + 1] = {
151 [TCA_CGROUP_EMATCHES] = { .type = NLA_NESTED }, 151 [TCA_CGROUP_EMATCHES] = { .type = NLA_NESTED },
152}; 152};
153 153
154static int cls_cgroup_change(struct tcf_proto *tp, unsigned long base, 154static int cls_cgroup_change(struct sk_buff *in_skb,
155 struct tcf_proto *tp, unsigned long base,
155 u32 handle, struct nlattr **tca, 156 u32 handle, struct nlattr **tca,
156 unsigned long *arg) 157 unsigned long *arg)
157{ 158{
diff --git a/net/sched/cls_flow.c b/net/sched/cls_flow.c
index ccd08c8dc6a7..ce82d0cb1b47 100644
--- a/net/sched/cls_flow.c
+++ b/net/sched/cls_flow.c
@@ -193,15 +193,19 @@ static u32 flow_get_rtclassid(const struct sk_buff *skb)
193 193
194static u32 flow_get_skuid(const struct sk_buff *skb) 194static u32 flow_get_skuid(const struct sk_buff *skb)
195{ 195{
196 if (skb->sk && skb->sk->sk_socket && skb->sk->sk_socket->file) 196 if (skb->sk && skb->sk->sk_socket && skb->sk->sk_socket->file) {
197 return skb->sk->sk_socket->file->f_cred->fsuid; 197 kuid_t skuid = skb->sk->sk_socket->file->f_cred->fsuid;
198 return from_kuid(&init_user_ns, skuid);
199 }
198 return 0; 200 return 0;
199} 201}
200 202
201static u32 flow_get_skgid(const struct sk_buff *skb) 203static u32 flow_get_skgid(const struct sk_buff *skb)
202{ 204{
203 if (skb->sk && skb->sk->sk_socket && skb->sk->sk_socket->file) 205 if (skb->sk && skb->sk->sk_socket && skb->sk->sk_socket->file) {
204 return skb->sk->sk_socket->file->f_cred->fsgid; 206 kgid_t skgid = skb->sk->sk_socket->file->f_cred->fsgid;
207 return from_kgid(&init_user_ns, skgid);
208 }
205 return 0; 209 return 0;
206} 210}
207 211
@@ -347,7 +351,8 @@ static const struct nla_policy flow_policy[TCA_FLOW_MAX + 1] = {
347 [TCA_FLOW_PERTURB] = { .type = NLA_U32 }, 351 [TCA_FLOW_PERTURB] = { .type = NLA_U32 },
348}; 352};
349 353
350static int flow_change(struct tcf_proto *tp, unsigned long base, 354static int flow_change(struct sk_buff *in_skb,
355 struct tcf_proto *tp, unsigned long base,
351 u32 handle, struct nlattr **tca, 356 u32 handle, struct nlattr **tca,
352 unsigned long *arg) 357 unsigned long *arg)
353{ 358{
@@ -386,6 +391,10 @@ static int flow_change(struct tcf_proto *tp, unsigned long base,
386 391
387 if (fls(keymask) - 1 > FLOW_KEY_MAX) 392 if (fls(keymask) - 1 > FLOW_KEY_MAX)
388 return -EOPNOTSUPP; 393 return -EOPNOTSUPP;
394
395 if ((keymask & (FLOW_KEY_SKUID|FLOW_KEY_SKGID)) &&
396 sk_user_ns(NETLINK_CB(in_skb).ssk) != &init_user_ns)
397 return -EOPNOTSUPP;
389 } 398 }
390 399
391 err = tcf_exts_validate(tp, tb, tca[TCA_RATE], &e, &flow_ext_map); 400 err = tcf_exts_validate(tp, tb, tca[TCA_RATE], &e, &flow_ext_map);
diff --git a/net/sched/cls_fw.c b/net/sched/cls_fw.c
index 8384a4797240..4075a0aef2aa 100644
--- a/net/sched/cls_fw.c
+++ b/net/sched/cls_fw.c
@@ -233,7 +233,8 @@ errout:
233 return err; 233 return err;
234} 234}
235 235
236static int fw_change(struct tcf_proto *tp, unsigned long base, 236static int fw_change(struct sk_buff *in_skb,
237 struct tcf_proto *tp, unsigned long base,
237 u32 handle, 238 u32 handle,
238 struct nlattr **tca, 239 struct nlattr **tca,
239 unsigned long *arg) 240 unsigned long *arg)
diff --git a/net/sched/cls_route.c b/net/sched/cls_route.c
index 44f405cb9aaf..c10d57bf98f2 100644
--- a/net/sched/cls_route.c
+++ b/net/sched/cls_route.c
@@ -427,7 +427,8 @@ errout:
427 return err; 427 return err;
428} 428}
429 429
430static int route4_change(struct tcf_proto *tp, unsigned long base, 430static int route4_change(struct sk_buff *in_skb,
431 struct tcf_proto *tp, unsigned long base,
431 u32 handle, 432 u32 handle,
432 struct nlattr **tca, 433 struct nlattr **tca,
433 unsigned long *arg) 434 unsigned long *arg)
diff --git a/net/sched/cls_rsvp.h b/net/sched/cls_rsvp.h
index 18ab93ec8d7e..494bbb90924a 100644
--- a/net/sched/cls_rsvp.h
+++ b/net/sched/cls_rsvp.h
@@ -416,7 +416,8 @@ static const struct nla_policy rsvp_policy[TCA_RSVP_MAX + 1] = {
416 [TCA_RSVP_PINFO] = { .len = sizeof(struct tc_rsvp_pinfo) }, 416 [TCA_RSVP_PINFO] = { .len = sizeof(struct tc_rsvp_pinfo) },
417}; 417};
418 418
419static int rsvp_change(struct tcf_proto *tp, unsigned long base, 419static int rsvp_change(struct sk_buff *in_skb,
420 struct tcf_proto *tp, unsigned long base,
420 u32 handle, 421 u32 handle,
421 struct nlattr **tca, 422 struct nlattr **tca,
422 unsigned long *arg) 423 unsigned long *arg)
diff --git a/net/sched/cls_tcindex.c b/net/sched/cls_tcindex.c
index fe29420d0b0e..a1293b4ab7a1 100644
--- a/net/sched/cls_tcindex.c
+++ b/net/sched/cls_tcindex.c
@@ -332,7 +332,8 @@ errout:
332} 332}
333 333
334static int 334static int
335tcindex_change(struct tcf_proto *tp, unsigned long base, u32 handle, 335tcindex_change(struct sk_buff *in_skb,
336 struct tcf_proto *tp, unsigned long base, u32 handle,
336 struct nlattr **tca, unsigned long *arg) 337 struct nlattr **tca, unsigned long *arg)
337{ 338{
338 struct nlattr *opt = tca[TCA_OPTIONS]; 339 struct nlattr *opt = tca[TCA_OPTIONS];
diff --git a/net/sched/cls_u32.c b/net/sched/cls_u32.c
index d45373fb00b9..c7c27bc91b5a 100644
--- a/net/sched/cls_u32.c
+++ b/net/sched/cls_u32.c
@@ -544,7 +544,8 @@ errout:
544 return err; 544 return err;
545} 545}
546 546
547static int u32_change(struct tcf_proto *tp, unsigned long base, u32 handle, 547static int u32_change(struct sk_buff *in_skb,
548 struct tcf_proto *tp, unsigned long base, u32 handle,
548 struct nlattr **tca, 549 struct nlattr **tca,
549 unsigned long *arg) 550 unsigned long *arg)
550{ 551{
diff --git a/net/sctp/proc.c b/net/sctp/proc.c
index d9cb2ab149fe..c3bea269faf4 100644
--- a/net/sctp/proc.c
+++ b/net/sctp/proc.c
@@ -220,7 +220,8 @@ static int sctp_eps_seq_show(struct seq_file *seq, void *v)
220 seq_printf(seq, "%8pK %8pK %-3d %-3d %-4d %-5d %5d %5lu ", ep, sk, 220 seq_printf(seq, "%8pK %8pK %-3d %-3d %-4d %-5d %5d %5lu ", ep, sk,
221 sctp_sk(sk)->type, sk->sk_state, hash, 221 sctp_sk(sk)->type, sk->sk_state, hash,
222 epb->bind_addr.port, 222 epb->bind_addr.port,
223 sock_i_uid(sk), sock_i_ino(sk)); 223 from_kuid_munged(seq_user_ns(seq), sock_i_uid(sk)),
224 sock_i_ino(sk));
224 225
225 sctp_seq_dump_local_addrs(seq, epb); 226 sctp_seq_dump_local_addrs(seq, epb);
226 seq_printf(seq, "\n"); 227 seq_printf(seq, "\n");
@@ -332,7 +333,8 @@ static int sctp_assocs_seq_show(struct seq_file *seq, void *v)
332 assoc->assoc_id, 333 assoc->assoc_id,
333 assoc->sndbuf_used, 334 assoc->sndbuf_used,
334 atomic_read(&assoc->rmem_alloc), 335 atomic_read(&assoc->rmem_alloc),
335 sock_i_uid(sk), sock_i_ino(sk), 336 from_kuid_munged(seq_user_ns(seq), sock_i_uid(sk)),
337 sock_i_ino(sk),
336 epb->bind_addr.port, 338 epb->bind_addr.port,
337 assoc->peer.port); 339 assoc->peer.port);
338 seq_printf(seq, " "); 340 seq_printf(seq, " ");
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index c5ee4ff61364..8a84ab64cafd 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -2060,10 +2060,14 @@ static int unix_shutdown(struct socket *sock, int mode)
2060 struct sock *sk = sock->sk; 2060 struct sock *sk = sock->sk;
2061 struct sock *other; 2061 struct sock *other;
2062 2062
2063 mode = (mode+1)&(RCV_SHUTDOWN|SEND_SHUTDOWN); 2063 if (mode < SHUT_RD || mode > SHUT_RDWR)
2064 2064 return -EINVAL;
2065 if (!mode) 2065 /* This maps:
2066 return 0; 2066 * SHUT_RD (0) -> RCV_SHUTDOWN (1)
2067 * SHUT_WR (1) -> SEND_SHUTDOWN (2)
2068 * SHUT_RDWR (2) -> SHUTDOWN_MASK (3)
2069 */
2070 ++mode;
2067 2071
2068 unix_state_lock(sk); 2072 unix_state_lock(sk);
2069 sk->sk_shutdown |= mode; 2073 sk->sk_shutdown |= mode;
diff --git a/net/wireless/chan.c b/net/wireless/chan.c
index d355f67d0cdd..2f876b9ee344 100644
--- a/net/wireless/chan.c
+++ b/net/wireless/chan.c
@@ -105,7 +105,7 @@ cfg80211_get_chan_state(struct wireless_dev *wdev,
105 105
106 ASSERT_WDEV_LOCK(wdev); 106 ASSERT_WDEV_LOCK(wdev);
107 107
108 if (!netif_running(wdev->netdev)) 108 if (wdev->netdev && !netif_running(wdev->netdev))
109 return; 109 return;
110 110
111 switch (wdev->iftype) { 111 switch (wdev->iftype) {
@@ -143,6 +143,11 @@ cfg80211_get_chan_state(struct wireless_dev *wdev,
143 case NL80211_IFTYPE_WDS: 143 case NL80211_IFTYPE_WDS:
144 /* these interface types don't really have a channel */ 144 /* these interface types don't really have a channel */
145 return; 145 return;
146 case NL80211_IFTYPE_P2P_DEVICE:
147 if (wdev->wiphy->features &
148 NL80211_FEATURE_P2P_DEVICE_NEEDS_CHANNEL)
149 *chanmode = CHAN_MODE_EXCLUSIVE;
150 return;
146 case NL80211_IFTYPE_UNSPECIFIED: 151 case NL80211_IFTYPE_UNSPECIFIED:
147 case NUM_NL80211_IFTYPES: 152 case NUM_NL80211_IFTYPES:
148 WARN_ON(1); 153 WARN_ON(1);
diff --git a/net/wireless/core.c b/net/wireless/core.c
index dcd64d5b07aa..443d4d7deea2 100644
--- a/net/wireless/core.c
+++ b/net/wireless/core.c
@@ -230,9 +230,24 @@ static int cfg80211_rfkill_set_block(void *data, bool blocked)
230 rtnl_lock(); 230 rtnl_lock();
231 mutex_lock(&rdev->devlist_mtx); 231 mutex_lock(&rdev->devlist_mtx);
232 232
233 list_for_each_entry(wdev, &rdev->wdev_list, list) 233 list_for_each_entry(wdev, &rdev->wdev_list, list) {
234 if (wdev->netdev) 234 if (wdev->netdev) {
235 dev_close(wdev->netdev); 235 dev_close(wdev->netdev);
236 continue;
237 }
238 /* otherwise, check iftype */
239 switch (wdev->iftype) {
240 case NL80211_IFTYPE_P2P_DEVICE:
241 if (!wdev->p2p_started)
242 break;
243 rdev->ops->stop_p2p_device(&rdev->wiphy, wdev);
244 wdev->p2p_started = false;
245 rdev->opencount--;
246 break;
247 default:
248 break;
249 }
250 }
236 251
237 mutex_unlock(&rdev->devlist_mtx); 252 mutex_unlock(&rdev->devlist_mtx);
238 rtnl_unlock(); 253 rtnl_unlock();
@@ -407,6 +422,11 @@ static int wiphy_verify_combinations(struct wiphy *wiphy)
407 if (WARN_ON(wiphy->software_iftypes & types)) 422 if (WARN_ON(wiphy->software_iftypes & types))
408 return -EINVAL; 423 return -EINVAL;
409 424
425 /* Only a single P2P_DEVICE can be allowed */
426 if (WARN_ON(types & BIT(NL80211_IFTYPE_P2P_DEVICE) &&
427 c->limits[j].max > 1))
428 return -EINVAL;
429
410 cnt += c->limits[j].max; 430 cnt += c->limits[j].max;
411 /* 431 /*
412 * Don't advertise an unsupported type 432 * Don't advertise an unsupported type
@@ -734,6 +754,35 @@ static void wdev_cleanup_work(struct work_struct *work)
734 dev_put(wdev->netdev); 754 dev_put(wdev->netdev);
735} 755}
736 756
757void cfg80211_unregister_wdev(struct wireless_dev *wdev)
758{
759 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
760
761 ASSERT_RTNL();
762
763 if (WARN_ON(wdev->netdev))
764 return;
765
766 mutex_lock(&rdev->devlist_mtx);
767 list_del_rcu(&wdev->list);
768 rdev->devlist_generation++;
769
770 switch (wdev->iftype) {
771 case NL80211_IFTYPE_P2P_DEVICE:
772 if (!wdev->p2p_started)
773 break;
774 rdev->ops->stop_p2p_device(&rdev->wiphy, wdev);
775 wdev->p2p_started = false;
776 rdev->opencount--;
777 break;
778 default:
779 WARN_ON_ONCE(1);
780 break;
781 }
782 mutex_unlock(&rdev->devlist_mtx);
783}
784EXPORT_SYMBOL(cfg80211_unregister_wdev);
785
737static struct device_type wiphy_type = { 786static struct device_type wiphy_type = {
738 .name = "wlan", 787 .name = "wlan",
739}; 788};
diff --git a/net/wireless/mlme.c b/net/wireless/mlme.c
index 1cdb1d5e6b0f..8fd0242ee169 100644
--- a/net/wireless/mlme.c
+++ b/net/wireless/mlme.c
@@ -736,7 +736,6 @@ int cfg80211_mlme_mgmt_tx(struct cfg80211_registered_device *rdev,
736 const u8 *buf, size_t len, bool no_cck, 736 const u8 *buf, size_t len, bool no_cck,
737 bool dont_wait_for_ack, u64 *cookie) 737 bool dont_wait_for_ack, u64 *cookie)
738{ 738{
739 struct net_device *dev = wdev->netdev;
740 const struct ieee80211_mgmt *mgmt; 739 const struct ieee80211_mgmt *mgmt;
741 u16 stype; 740 u16 stype;
742 741
@@ -796,7 +795,7 @@ int cfg80211_mlme_mgmt_tx(struct cfg80211_registered_device *rdev,
796 case NL80211_IFTYPE_AP: 795 case NL80211_IFTYPE_AP:
797 case NL80211_IFTYPE_P2P_GO: 796 case NL80211_IFTYPE_P2P_GO:
798 case NL80211_IFTYPE_AP_VLAN: 797 case NL80211_IFTYPE_AP_VLAN:
799 if (!ether_addr_equal(mgmt->bssid, dev->dev_addr)) 798 if (!ether_addr_equal(mgmt->bssid, wdev_address(wdev)))
800 err = -EINVAL; 799 err = -EINVAL;
801 break; 800 break;
802 case NL80211_IFTYPE_MESH_POINT: 801 case NL80211_IFTYPE_MESH_POINT:
@@ -809,6 +808,11 @@ int cfg80211_mlme_mgmt_tx(struct cfg80211_registered_device *rdev,
809 * cfg80211 doesn't track the stations 808 * cfg80211 doesn't track the stations
810 */ 809 */
811 break; 810 break;
811 case NL80211_IFTYPE_P2P_DEVICE:
812 /*
813 * fall through, P2P device only supports
814 * public action frames
815 */
812 default: 816 default:
813 err = -EOPNOTSUPP; 817 err = -EOPNOTSUPP;
814 break; 818 break;
@@ -819,7 +823,7 @@ int cfg80211_mlme_mgmt_tx(struct cfg80211_registered_device *rdev,
819 return err; 823 return err;
820 } 824 }
821 825
822 if (!ether_addr_equal(mgmt->sa, dev->dev_addr)) 826 if (!ether_addr_equal(mgmt->sa, wdev_address(wdev)))
823 return -EINVAL; 827 return -EINVAL;
824 828
825 /* Transmit the Action frame as requested by user space */ 829 /* Transmit the Action frame as requested by user space */
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 97026f3b215a..787aeaa902fe 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -1100,6 +1100,7 @@ static int nl80211_send_wiphy(struct sk_buff *msg, u32 pid, u32 seq, int flags,
1100 if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS)) 1100 if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS))
1101 goto nla_put_failure; 1101 goto nla_put_failure;
1102 } 1102 }
1103 CMD(start_p2p_device, START_P2P_DEVICE);
1103 1104
1104#ifdef CONFIG_NL80211_TESTMODE 1105#ifdef CONFIG_NL80211_TESTMODE
1105 CMD(testmode_cmd, TESTMODE); 1106 CMD(testmode_cmd, TESTMODE);
@@ -1748,13 +1749,13 @@ static int nl80211_send_iface(struct sk_buff *msg, u32 pid, u32 seq, int flags,
1748 1749
1749 if (dev && 1750 if (dev &&
1750 (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 1751 (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
1751 nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name) || 1752 nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name)))
1752 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dev->dev_addr)))
1753 goto nla_put_failure; 1753 goto nla_put_failure;
1754 1754
1755 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 1755 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
1756 nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) || 1756 nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) ||
1757 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) || 1757 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
1758 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) ||
1758 nla_put_u32(msg, NL80211_ATTR_GENERATION, 1759 nla_put_u32(msg, NL80211_ATTR_GENERATION,
1759 rdev->devlist_generation ^ 1760 rdev->devlist_generation ^
1760 (cfg80211_rdev_list_generation << 2))) 1761 (cfg80211_rdev_list_generation << 2)))
@@ -2021,8 +2022,10 @@ static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
2021 return PTR_ERR(wdev); 2022 return PTR_ERR(wdev);
2022 } 2023 }
2023 2024
2024 if (type == NL80211_IFTYPE_MESH_POINT && 2025 switch (type) {
2025 info->attrs[NL80211_ATTR_MESH_ID]) { 2026 case NL80211_IFTYPE_MESH_POINT:
2027 if (!info->attrs[NL80211_ATTR_MESH_ID])
2028 break;
2026 wdev_lock(wdev); 2029 wdev_lock(wdev);
2027 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN != 2030 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
2028 IEEE80211_MAX_MESH_ID_LEN); 2031 IEEE80211_MAX_MESH_ID_LEN);
@@ -2031,6 +2034,26 @@ static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
2031 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]), 2034 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
2032 wdev->mesh_id_up_len); 2035 wdev->mesh_id_up_len);
2033 wdev_unlock(wdev); 2036 wdev_unlock(wdev);
2037 break;
2038 case NL80211_IFTYPE_P2P_DEVICE:
2039 /*
2040 * P2P Device doesn't have a netdev, so doesn't go
2041 * through the netdev notifier and must be added here
2042 */
2043 mutex_init(&wdev->mtx);
2044 INIT_LIST_HEAD(&wdev->event_list);
2045 spin_lock_init(&wdev->event_lock);
2046 INIT_LIST_HEAD(&wdev->mgmt_registrations);
2047 spin_lock_init(&wdev->mgmt_registrations_lock);
2048
2049 mutex_lock(&rdev->devlist_mtx);
2050 wdev->identifier = ++rdev->wdev_id;
2051 list_add_rcu(&wdev->list, &rdev->wdev_list);
2052 rdev->devlist_generation++;
2053 mutex_unlock(&rdev->devlist_mtx);
2054 break;
2055 default:
2056 break;
2034 } 2057 }
2035 2058
2036 if (nl80211_send_iface(msg, info->snd_pid, info->snd_seq, 0, 2059 if (nl80211_send_iface(msg, info->snd_pid, info->snd_seq, 0,
@@ -6053,6 +6076,7 @@ static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
6053 case NL80211_IFTYPE_AP_VLAN: 6076 case NL80211_IFTYPE_AP_VLAN:
6054 case NL80211_IFTYPE_MESH_POINT: 6077 case NL80211_IFTYPE_MESH_POINT:
6055 case NL80211_IFTYPE_P2P_GO: 6078 case NL80211_IFTYPE_P2P_GO:
6079 case NL80211_IFTYPE_P2P_DEVICE:
6056 break; 6080 break;
6057 default: 6081 default:
6058 return -EOPNOTSUPP; 6082 return -EOPNOTSUPP;
@@ -6099,6 +6123,7 @@ static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
6099 case NL80211_IFTYPE_AP_VLAN: 6123 case NL80211_IFTYPE_AP_VLAN:
6100 case NL80211_IFTYPE_MESH_POINT: 6124 case NL80211_IFTYPE_MESH_POINT:
6101 case NL80211_IFTYPE_P2P_GO: 6125 case NL80211_IFTYPE_P2P_GO:
6126 case NL80211_IFTYPE_P2P_DEVICE:
6102 break; 6127 break;
6103 default: 6128 default:
6104 return -EOPNOTSUPP; 6129 return -EOPNOTSUPP;
@@ -6195,6 +6220,7 @@ static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *in
6195 case NL80211_IFTYPE_AP: 6220 case NL80211_IFTYPE_AP:
6196 case NL80211_IFTYPE_AP_VLAN: 6221 case NL80211_IFTYPE_AP_VLAN:
6197 case NL80211_IFTYPE_P2P_GO: 6222 case NL80211_IFTYPE_P2P_GO:
6223 case NL80211_IFTYPE_P2P_DEVICE:
6198 break; 6224 break;
6199 default: 6225 default:
6200 return -EOPNOTSUPP; 6226 return -EOPNOTSUPP;
@@ -6810,6 +6836,68 @@ static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info)
6810 return 0; 6836 return 0;
6811} 6837}
6812 6838
6839static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info)
6840{
6841 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6842 struct wireless_dev *wdev = info->user_ptr[1];
6843 int err;
6844
6845 if (!rdev->ops->start_p2p_device)
6846 return -EOPNOTSUPP;
6847
6848 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
6849 return -EOPNOTSUPP;
6850
6851 if (wdev->p2p_started)
6852 return 0;
6853
6854 mutex_lock(&rdev->devlist_mtx);
6855 err = cfg80211_can_add_interface(rdev, wdev->iftype);
6856 mutex_unlock(&rdev->devlist_mtx);
6857 if (err)
6858 return err;
6859
6860 err = rdev->ops->start_p2p_device(&rdev->wiphy, wdev);
6861 if (err)
6862 return err;
6863
6864 wdev->p2p_started = true;
6865 mutex_lock(&rdev->devlist_mtx);
6866 rdev->opencount++;
6867 mutex_unlock(&rdev->devlist_mtx);
6868
6869 return 0;
6870}
6871
6872static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info)
6873{
6874 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6875 struct wireless_dev *wdev = info->user_ptr[1];
6876
6877 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
6878 return -EOPNOTSUPP;
6879
6880 if (!rdev->ops->stop_p2p_device)
6881 return -EOPNOTSUPP;
6882
6883 if (!wdev->p2p_started)
6884 return 0;
6885
6886 rdev->ops->stop_p2p_device(&rdev->wiphy, wdev);
6887 wdev->p2p_started = false;
6888
6889 mutex_lock(&rdev->devlist_mtx);
6890 rdev->opencount--;
6891 mutex_unlock(&rdev->devlist_mtx);
6892
6893 if (WARN_ON(rdev->scan_req && rdev->scan_req->wdev == wdev)) {
6894 rdev->scan_req->aborted = true;
6895 ___cfg80211_scan_done(rdev, true);
6896 }
6897
6898 return 0;
6899}
6900
6813#define NL80211_FLAG_NEED_WIPHY 0x01 6901#define NL80211_FLAG_NEED_WIPHY 0x01
6814#define NL80211_FLAG_NEED_NETDEV 0x02 6902#define NL80211_FLAG_NEED_NETDEV 0x02
6815#define NL80211_FLAG_NEED_RTNL 0x04 6903#define NL80211_FLAG_NEED_RTNL 0x04
@@ -6817,7 +6905,7 @@ static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info)
6817#define NL80211_FLAG_NEED_NETDEV_UP (NL80211_FLAG_NEED_NETDEV |\ 6905#define NL80211_FLAG_NEED_NETDEV_UP (NL80211_FLAG_NEED_NETDEV |\
6818 NL80211_FLAG_CHECK_NETDEV_UP) 6906 NL80211_FLAG_CHECK_NETDEV_UP)
6819#define NL80211_FLAG_NEED_WDEV 0x10 6907#define NL80211_FLAG_NEED_WDEV 0x10
6820/* If a netdev is associated, it must be UP */ 6908/* If a netdev is associated, it must be UP, P2P must be started */
6821#define NL80211_FLAG_NEED_WDEV_UP (NL80211_FLAG_NEED_WDEV |\ 6909#define NL80211_FLAG_NEED_WDEV_UP (NL80211_FLAG_NEED_WDEV |\
6822 NL80211_FLAG_CHECK_NETDEV_UP) 6910 NL80211_FLAG_CHECK_NETDEV_UP)
6823 6911
@@ -6878,6 +6966,13 @@ static int nl80211_pre_doit(struct genl_ops *ops, struct sk_buff *skb,
6878 } 6966 }
6879 6967
6880 dev_hold(dev); 6968 dev_hold(dev);
6969 } else if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP) {
6970 if (!wdev->p2p_started) {
6971 mutex_unlock(&cfg80211_mutex);
6972 if (rtnl)
6973 rtnl_unlock();
6974 return -ENETDOWN;
6975 }
6881 } 6976 }
6882 6977
6883 cfg80211_lock_rdev(rdev); 6978 cfg80211_lock_rdev(rdev);
@@ -7439,7 +7534,22 @@ static struct genl_ops nl80211_ops[] = {
7439 .internal_flags = NL80211_FLAG_NEED_NETDEV | 7534 .internal_flags = NL80211_FLAG_NEED_NETDEV |
7440 NL80211_FLAG_NEED_RTNL, 7535 NL80211_FLAG_NEED_RTNL,
7441 }, 7536 },
7442 7537 {
7538 .cmd = NL80211_CMD_START_P2P_DEVICE,
7539 .doit = nl80211_start_p2p_device,
7540 .policy = nl80211_policy,
7541 .flags = GENL_ADMIN_PERM,
7542 .internal_flags = NL80211_FLAG_NEED_WDEV |
7543 NL80211_FLAG_NEED_RTNL,
7544 },
7545 {
7546 .cmd = NL80211_CMD_STOP_P2P_DEVICE,
7547 .doit = nl80211_stop_p2p_device,
7548 .policy = nl80211_policy,
7549 .flags = GENL_ADMIN_PERM,
7550 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
7551 NL80211_FLAG_NEED_RTNL,
7552 },
7443}; 7553};
7444 7554
7445static struct genl_multicast_group nl80211_mlme_mcgrp = { 7555static struct genl_multicast_group nl80211_mlme_mcgrp = {
diff --git a/net/wireless/radiotap.c b/net/wireless/radiotap.c
index c4ad7958af52..7d604c06c3dc 100644
--- a/net/wireless/radiotap.c
+++ b/net/wireless/radiotap.c
@@ -41,6 +41,8 @@ static const struct radiotap_align_size rtap_namespace_sizes[] = {
41 [IEEE80211_RADIOTAP_TX_FLAGS] = { .align = 2, .size = 2, }, 41 [IEEE80211_RADIOTAP_TX_FLAGS] = { .align = 2, .size = 2, },
42 [IEEE80211_RADIOTAP_RTS_RETRIES] = { .align = 1, .size = 1, }, 42 [IEEE80211_RADIOTAP_RTS_RETRIES] = { .align = 1, .size = 1, },
43 [IEEE80211_RADIOTAP_DATA_RETRIES] = { .align = 1, .size = 1, }, 43 [IEEE80211_RADIOTAP_DATA_RETRIES] = { .align = 1, .size = 1, },
44 [IEEE80211_RADIOTAP_MCS] = { .align = 1, .size = 3, },
45 [IEEE80211_RADIOTAP_AMPDU_STATUS] = { .align = 4, .size = 8, },
44 /* 46 /*
45 * add more here as they are defined in radiotap.h 47 * add more here as they are defined in radiotap.h
46 */ 48 */
diff --git a/net/wireless/util.c b/net/wireless/util.c
index 994e2f0cc7a8..ef35f4ef2aa6 100644
--- a/net/wireless/util.c
+++ b/net/wireless/util.c
@@ -684,22 +684,10 @@ EXPORT_SYMBOL(cfg80211_classify8021d);
684 684
685const u8 *ieee80211_bss_get_ie(struct cfg80211_bss *bss, u8 ie) 685const u8 *ieee80211_bss_get_ie(struct cfg80211_bss *bss, u8 ie)
686{ 686{
687 u8 *end, *pos; 687 if (bss->information_elements == NULL)
688
689 pos = bss->information_elements;
690 if (pos == NULL)
691 return NULL; 688 return NULL;
692 end = pos + bss->len_information_elements; 689 return cfg80211_find_ie(ie, bss->information_elements,
693 690 bss->len_information_elements);
694 while (pos + 1 < end) {
695 if (pos + 2 + pos[1] > end)
696 break;
697 if (pos[0] == ie)
698 return pos;
699 pos += 2 + pos[1];
700 }
701
702 return NULL;
703} 691}
704EXPORT_SYMBOL(ieee80211_bss_get_ie); 692EXPORT_SYMBOL(ieee80211_bss_get_ie);
705 693
@@ -812,6 +800,10 @@ int cfg80211_change_iface(struct cfg80211_registered_device *rdev,
812 if (otype == NL80211_IFTYPE_AP_VLAN) 800 if (otype == NL80211_IFTYPE_AP_VLAN)
813 return -EOPNOTSUPP; 801 return -EOPNOTSUPP;
814 802
803 /* cannot change into P2P device type */
804 if (ntype == NL80211_IFTYPE_P2P_DEVICE)
805 return -EOPNOTSUPP;
806
815 if (!rdev->ops->change_virtual_intf || 807 if (!rdev->ops->change_virtual_intf ||
816 !(rdev->wiphy.interface_modes & (1 << ntype))) 808 !(rdev->wiphy.interface_modes & (1 << ntype)))
817 return -EOPNOTSUPP; 809 return -EOPNOTSUPP;
@@ -889,6 +881,9 @@ int cfg80211_change_iface(struct cfg80211_registered_device *rdev,
889 case NUM_NL80211_IFTYPES: 881 case NUM_NL80211_IFTYPES:
890 /* not happening */ 882 /* not happening */
891 break; 883 break;
884 case NL80211_IFTYPE_P2P_DEVICE:
885 WARN_ON(1);
886 break;
892 } 887 }
893 } 888 }
894 889
@@ -1053,8 +1048,15 @@ int cfg80211_can_use_iftype_chan(struct cfg80211_registered_device *rdev,
1053 list_for_each_entry(wdev_iter, &rdev->wdev_list, list) { 1048 list_for_each_entry(wdev_iter, &rdev->wdev_list, list) {
1054 if (wdev_iter == wdev) 1049 if (wdev_iter == wdev)
1055 continue; 1050 continue;
1056 if (!netif_running(wdev_iter->netdev)) 1051 if (wdev_iter->netdev) {
1057 continue; 1052 if (!netif_running(wdev_iter->netdev))
1053 continue;
1054 } else if (wdev_iter->iftype == NL80211_IFTYPE_P2P_DEVICE) {
1055 if (!wdev_iter->p2p_started)
1056 continue;
1057 } else {
1058 WARN_ON(1);
1059 }
1058 1060
1059 if (rdev->wiphy.software_iftypes & BIT(wdev_iter->iftype)) 1061 if (rdev->wiphy.software_iftypes & BIT(wdev_iter->iftype))
1060 continue; 1062 continue;
generated by cgit v1.2.2 (git 2.25.0) at 2026-04-06 19:55:07 -0400