Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

Pull networking fixes from David Miller: "I'm sending a pull request of these lingering bug fixes for networking before the normal merge window material because some of this stuff I'd like to get to -stable ASAP" 1) cxgb3 stopped working on 32-bit machines, fix from Ben Hutchings. 2) Structures passed via netlink for netfilter logging are not fully initialized. From Mathias Krause. 3) Properly unlink upper openvswitch device during notifications, from Alexei Starovoitov. 4) Fix race conditions involving access to the IP compression scratch buffer, from Michal Kubrecek. 5) We don't handle the expiration of MTU information contained in ipv6 routes sometimes, fix from Hannes Frederic Sowa. 6) With Fast Open we can miscompute the TCP SYN/ACK RTT, from Yuchung Cheng. 7) Don't take TCP RTT sample when an ACK doesn't acknowledge new data, also from Yuchung Cheng. 8) The decreased IPSEC garbage collection threshold causes problems for some people, bump it back up. From Steffen Klassert. 9) Fix skb->truesize calculated by tcp_tso_segment(), from Eric Dumazet. 10) flow_dissector doesn't validate packet lengths sufficiently, from Jason Wang * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (41 commits) net/mlx4_core: Fix call to __mlx4_unregister_mac net: sctp: do not trigger BUG_ON in sctp_cmd_delete_tcb net: flow_dissector: fail on evil iph->ihl xfrm: Fix null pointer dereference when decoding sessions can: kvaser_usb: fix usb endpoints detection can: c_can: Fix RX message handling, handle lost message before EOB doc:net: Fix typo in Documentation/networking bgmac: don't update slot on skb alloc/dma mapping error ibm emac: Fix locking for enable/disable eob irq ibm emac: Don't call napi_complete if napi_reschedule failed virtio-net: correctly handle cpu hotplug notifier during resuming bridge: pass correct vlan id to multicast code net: x25: Fix dead URLs in Kconfig netfilter: xt_NFQUEUE: fix --queue-bypass regression xen-netback: use jiffies_64 value to calculate credit timeout cxgb3: Fix length calculation in write_ofld_wr() on 32-bit architectures bnx2x: Disable VF access on PF removal bnx2x: prevent FW assert on low mem during unload tcp: gso: fix truesize tracking xfrm: Increase the garbage collector threshold ...
author: Linus Torvalds <torvalds@linux-foundation.org> 2013-11-04 09:40:55 -0500
committer: Linus Torvalds <torvalds@linux-foundation.org> 2013-11-04 09:40:55 -0500
commit: be408cd3e1fef73e9408b196a79b9934697fe3b1 (patch)
tree: 8923594afd1e556360986cd2bc417f5fe0a72118 /net
parent: 5e01dc7b26d9f24f39abace5da98ccbd6a5ceb52 (diff)
parent: c32b7dfbb1dfb3f0a68f250deff65103c8bb704a (diff)
26 files changed, 154 insertions, 96 deletions
diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c
index ca04163635da..e6b7fecb3af1 100644
--- a/net/bridge/br_device.c
+++ b/net/bridge/br_device.c
@@ -64,7 +64,7 @@ netdev_tx_t br_dev_xmit(struct sk_buff *skb, struct net_device *dev)
                        br_flood_deliver(br, skb, false);
                        goto out;
                }
-                if (br_multicast_rcv(br, NULL, skb)) {
+                if (br_multicast_rcv(br, NULL, skb, vid)) {
                        kfree_skb(skb);
                        goto out;
                }
diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c
index a2fd37ec35f7..7e73c32e205d 100644
--- a/net/bridge/br_input.c
+++ b/net/bridge/br_input.c
@@ -80,7 +80,7 @@ int br_handle_frame_finish(struct sk_buff *skb)
                br_fdb_update(br, p, eth_hdr(skb)->h_source, vid);
        if (!is_broadcast_ether_addr(dest) && is_multicast_ether_addr(dest) &&
-            br_multicast_rcv(br, p, skb))
+            br_multicast_rcv(br, p, skb, vid))
                goto drop;
        if (p->state == BR_STATE_LEARNING)
diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c
index 8b0b610ca2c9..686284ff3d6a 100644
--- a/net/bridge/br_multicast.c
+++ b/net/bridge/br_multicast.c
@@ -947,7 +947,8 @@ void br_multicast_disable_port(struct net_bridge_port *port)
 static int br_ip4_multicast_igmp3_report(struct net_bridge *br,
                                         struct net_bridge_port *port,
-                                         struct sk_buff *skb)
+                                         struct sk_buff *skb,
+                                         u16 vid)
 {
        struct igmpv3_report *ih;
        struct igmpv3_grec *grec;
@@ -957,12 +958,10 @@ static int br_ip4_multicast_igmp3_report(struct net_bridge *br,
        int type;
        int err = 0;
        __be32 group;
-        u16 vid = 0;
        if (!pskb_may_pull(skb, sizeof(*ih)))
                return -EINVAL;
-        br_vlan_get_tag(skb, &vid);
        ih = igmpv3_report_hdr(skb);
        num = ntohs(ih->ngrec);
        len = sizeof(*ih);
@@ -1005,7 +1004,8 @@ static int br_ip4_multicast_igmp3_report(struct net_bridge *br,
 #if IS_ENABLED(CONFIG_IPV6)
 static int br_ip6_multicast_mld2_report(struct net_bridge *br,
                                        struct net_bridge_port *port,
-                                        struct sk_buff *skb)
+                                        struct sk_buff *skb,
+                                        u16 vid)
 {
        struct icmp6hdr *icmp6h;
        struct mld2_grec *grec;
@@ -1013,12 +1013,10 @@ static int br_ip6_multicast_mld2_report(struct net_bridge *br,
        int len;
        int num;
        int err = 0;
-        u16 vid = 0;
        if (!pskb_may_pull(skb, sizeof(*icmp6h)))
                return -EINVAL;
-        br_vlan_get_tag(skb, &vid);
        icmp6h = icmp6_hdr(skb);
        num = ntohs(icmp6h->icmp6_dataun.un_data16[1]);
        len = sizeof(*icmp6h);
@@ -1141,7 +1139,8 @@ static void br_multicast_query_received(struct net_bridge *br,
 static int br_ip4_multicast_query(struct net_bridge *br,
                                  struct net_bridge_port *port,
-                                  struct sk_buff *skb)
+                                  struct sk_buff *skb,
+                                  u16 vid)
 {
        const struct iphdr *iph = ip_hdr(skb);
        struct igmphdr *ih = igmp_hdr(skb);
@@ -1153,7 +1152,6 @@ static int br_ip4_multicast_query(struct net_bridge *br,
        unsigned long now = jiffies;
        __be32 group;
        int err = 0;
-        u16 vid = 0;
        spin_lock(&br->multicast_lock);
        if (!netif_running(br->dev) ||
@@ -1189,7 +1187,6 @@ static int br_ip4_multicast_query(struct net_bridge *br,
        if (!group)
                goto out;
-        br_vlan_get_tag(skb, &vid);
        mp = br_mdb_ip4_get(mlock_dereference(br->mdb, br), group, vid);
        if (!mp)
                goto out;
@@ -1219,7 +1216,8 @@ out:
 #if IS_ENABLED(CONFIG_IPV6)
 static int br_ip6_multicast_query(struct net_bridge *br,
                                  struct net_bridge_port *port,
-                                  struct sk_buff *skb)
+                                  struct sk_buff *skb,
+                                  u16 vid)
 {
        const struct ipv6hdr *ip6h = ipv6_hdr(skb);
        struct mld_msg *mld;
@@ -1231,7 +1229,6 @@ static int br_ip6_multicast_query(struct net_bridge *br,
        unsigned long now = jiffies;
        const struct in6_addr *group = NULL;
        int err = 0;
-        u16 vid = 0;
        spin_lock(&br->multicast_lock);
        if (!netif_running(br->dev) ||
@@ -1265,7 +1262,6 @@ static int br_ip6_multicast_query(struct net_bridge *br,
        if (!group)
                goto out;
-        br_vlan_get_tag(skb, &vid);
        mp = br_mdb_ip6_get(mlock_dereference(br->mdb, br), group, vid);
        if (!mp)
                goto out;
@@ -1439,7 +1435,8 @@ static void br_ip6_multicast_leave_group(struct net_bridge *br,
 static int br_multicast_ipv4_rcv(struct net_bridge *br,
                                 struct net_bridge_port *port,
-                                 struct sk_buff *skb)
+                                 struct sk_buff *skb,
+                                 u16 vid)
 {
        struct sk_buff *skb2 = skb;
        const struct iphdr *iph;
@@ -1447,7 +1444,6 @@ static int br_multicast_ipv4_rcv(struct net_bridge *br,
        unsigned int len;
        unsigned int offset;
        int err;
-        u16 vid = 0;
        /* We treat OOM as packet loss for now. */
        if (!pskb_may_pull(skb, sizeof(*iph)))
@@ -1508,7 +1504,6 @@ static int br_multicast_ipv4_rcv(struct net_bridge *br,
        err = 0;
-        br_vlan_get_tag(skb2, &vid);
        BR_INPUT_SKB_CB(skb)->igmp = 1;
        ih = igmp_hdr(skb2);
@@ -1519,10 +1514,10 @@ static int br_multicast_ipv4_rcv(struct net_bridge *br,
                err = br_ip4_multicast_add_group(br, port, ih->group, vid);
                break;
        case IGMPV3_HOST_MEMBERSHIP_REPORT:
-                err = br_ip4_multicast_igmp3_report(br, port, skb2);
+                err = br_ip4_multicast_igmp3_report(br, port, skb2, vid);
                break;
        case IGMP_HOST_MEMBERSHIP_QUERY:
-                err = br_ip4_multicast_query(br, port, skb2);
+                err = br_ip4_multicast_query(br, port, skb2, vid);
                break;
        case IGMP_HOST_LEAVE_MESSAGE:
                br_ip4_multicast_leave_group(br, port, ih->group, vid);
@@ -1540,7 +1535,8 @@ err_out:
 #if IS_ENABLED(CONFIG_IPV6)
 static int br_multicast_ipv6_rcv(struct net_bridge *br,
                                 struct net_bridge_port *port,
-                                 struct sk_buff *skb)
+                                 struct sk_buff *skb,
+                                 u16 vid)
 {
        struct sk_buff *skb2;
        const struct ipv6hdr *ip6h;
@@ -1550,7 +1546,6 @@ static int br_multicast_ipv6_rcv(struct net_bridge *br,
        unsigned int len;
        int offset;
        int err;
-        u16 vid = 0;
        if (!pskb_may_pull(skb, sizeof(*ip6h)))
                return -EINVAL;
@@ -1640,7 +1635,6 @@ static int br_multicast_ipv6_rcv(struct net_bridge *br,
        err = 0;
-        br_vlan_get_tag(skb, &vid);
        BR_INPUT_SKB_CB(skb)->igmp = 1;
        switch (icmp6_type) {
@@ -1657,10 +1651,10 @@ static int br_multicast_ipv6_rcv(struct net_bridge *br,
                break;
            }
        case ICMPV6_MLD2_REPORT:
-                err = br_ip6_multicast_mld2_report(br, port, skb2);
+                err = br_ip6_multicast_mld2_report(br, port, skb2, vid);
                break;
        case ICMPV6_MGM_QUERY:
-                err = br_ip6_multicast_query(br, port, skb2);
+                err = br_ip6_multicast_query(br, port, skb2, vid);
                break;
        case ICMPV6_MGM_REDUCTION:
            {
@@ -1681,7 +1675,7 @@ out:
 #endif
 int br_multicast_rcv(struct net_bridge *br, struct net_bridge_port *port,
-                     struct sk_buff *skb)
+                     struct sk_buff *skb, u16 vid)
 {
        BR_INPUT_SKB_CB(skb)->igmp = 0;
        BR_INPUT_SKB_CB(skb)->mrouters_only = 0;
@@ -1691,10 +1685,10 @@ int br_multicast_rcv(struct net_bridge *br, struct net_bridge_port *port,
        switch (skb->protocol) {
        case htons(ETH_P_IP):
-                return br_multicast_ipv4_rcv(br, port, skb);
+                return br_multicast_ipv4_rcv(br, port, skb, vid);
 #if IS_ENABLED(CONFIG_IPV6)
        case htons(ETH_P_IPV6):
-                return br_multicast_ipv6_rcv(br, port, skb);
+                return br_multicast_ipv6_rcv(br, port, skb, vid);
 #endif
        }
diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h
index e14c33b42f75..2e8244efb262 100644
--- a/net/bridge/br_private.h
+++ b/net/bridge/br_private.h
@@ -451,7 +451,8 @@ extern int br_ioctl_deviceless_stub(struct net *net, unsigned int cmd, void __us
 extern unsigned int br_mdb_rehash_seq;
 extern int br_multicast_rcv(struct net_bridge *br,
                            struct net_bridge_port *port,
-                            struct sk_buff *skb);
+                            struct sk_buff *skb,
+                            u16 vid);
 extern struct net_bridge_mdb_entry *br_mdb_get(struct net_bridge *br,
                                               struct sk_buff *skb, u16 vid);
 extern void br_multicast_add_port(struct net_bridge_port *port);
@@ -522,7 +523,8 @@ static inline bool br_multicast_querier_exists(struct net_bridge *br,
 #else
 static inline int br_multicast_rcv(struct net_bridge *br,
                                   struct net_bridge_port *port,
-                                   struct sk_buff *skb)
+                                   struct sk_buff *skb,
+                                   u16 vid)
 {
        return 0;
 }
diff --git a/net/bridge/netfilter/ebt_ulog.c b/net/bridge/netfilter/ebt_ulog.c
index 518093802d1d..7c470c371e14 100644
--- a/net/bridge/netfilter/ebt_ulog.c
+++ b/net/bridge/netfilter/ebt_ulog.c
@@ -181,6 +181,7 @@ static void ebt_ulog_packet(struct net *net, unsigned int hooknr,
        ub->qlen++;
        pm = nlmsg_data(nlh);
+        memset(pm, 0, sizeof(*pm));
        /* Fill in the ulog data */
        pm->version = EBT_ULOG_VERSION;
@@ -193,8 +194,6 @@ static void ebt_ulog_packet(struct net *net, unsigned int hooknr,
        pm->hook = hooknr;
        if (uloginfo->prefix != NULL)
                strcpy(pm->prefix, uloginfo->prefix);
-        else
-                *(pm->prefix) = '\0';
        if (in) {
                strcpy(pm->physindev, in->name);
@@ -204,16 +203,14 @@ static void ebt_ulog_packet(struct net *net, unsigned int hooknr,
                        strcpy(pm->indev, br_port_get_rcu(in)->br->dev->name);
                else
                        strcpy(pm->indev, in->name);
-        } else
+        }
-                pm->indev[0] = pm->physindev[0] = '\0';
        if (out) {
                /* If out exists, then out is a bridge port */
                strcpy(pm->physoutdev, out->name);
                /* rcu_read_lock()ed by nf_hook_slow */
                strcpy(pm->outdev, br_port_get_rcu(out)->br->dev->name);
-        } else
+        }
-                pm->outdev[0] = pm->physoutdev[0] = '\0';
        if (skb_copy_bits(skb, -ETH_HLEN, pm->data, copy_len) < 0)
                BUG();
diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
index 8d7d0dd72db2..143b6fdb9647 100644
--- a/net/core/flow_dissector.c
+++ b/net/core/flow_dissector.c
@@ -40,7 +40,7 @@ again:
                struct iphdr _iph;
 ip:
                iph = skb_header_pointer(skb, nhoff, sizeof(_iph), &_iph);
-                if (!iph)
+                if (!iph || iph->ihl < 5)
                        return false;
                if (ip_is_fragment(iph))
diff --git a/net/core/netpoll.c b/net/core/netpoll.c
index fc75c9e461b8..8f971990677c 100644
--- a/net/core/netpoll.c
+++ b/net/core/netpoll.c
@@ -636,8 +636,9 @@ static void netpoll_neigh_reply(struct sk_buff *skb, struct netpoll_info *npinfo
                        netpoll_send_skb(np, send_skb);
-                        /* If there are several rx_hooks for the same address,
+                        /* If there are several rx_skb_hooks for the same
-                           we're fine by sending a single reply */
+                         * address we're fine by sending a single reply
+                         */
                        break;
                }
                spin_unlock_irqrestore(&npinfo->rx_lock, flags);
@@ -719,8 +720,9 @@ static void netpoll_neigh_reply(struct sk_buff *skb, struct netpoll_info *npinfo
                        netpoll_send_skb(np, send_skb);
-                        /* If there are several rx_hooks for the same address,
+                        /* If there are several rx_skb_hooks for the same
-                           we're fine by sending a single reply */
+                         * address, we're fine by sending a single reply
+                         */
                        break;
                }
                spin_unlock_irqrestore(&npinfo->rx_lock, flags);
@@ -756,11 +758,12 @@ static bool pkt_is_ns(struct sk_buff *skb)
 int __netpoll_rx(struct sk_buff *skb, struct netpoll_info *npinfo)
 {
-        int proto, len, ulen;
+        int proto, len, ulen, data_len;
-        int hits = 0;
+        int hits = 0, offset;
        const struct iphdr *iph;
        struct udphdr *uh;
        struct netpoll *np, *tmp;
+        uint16_t source;
        if (list_empty(&npinfo->rx_np))
                goto out;
@@ -820,7 +823,10 @@ int __netpoll_rx(struct sk_buff *skb, struct netpoll_info *npinfo)
                len -= iph->ihl*4;
                uh = (struct udphdr *)(((char *)iph) + iph->ihl*4);
+                offset = (unsigned char *)(uh + 1) - skb->data;
                ulen = ntohs(uh->len);
+                data_len = skb->len - offset;
+                source = ntohs(uh->source);
                if (ulen != len)
                        goto out;
@@ -834,9 +840,7 @@ int __netpoll_rx(struct sk_buff *skb, struct netpoll_info *npinfo)
                        if (np->local_port && np->local_port != ntohs(uh->dest))
                                continue;
-                        np->rx_hook(np, ntohs(uh->source),
+                        np->rx_skb_hook(np, source, skb, offset, data_len);
-                                       (char *)(uh+1),
-                                       ulen - sizeof(struct udphdr));
                        hits++;
                }
        } else {
@@ -859,7 +863,10 @@ int __netpoll_rx(struct sk_buff *skb, struct netpoll_info *npinfo)
                if (!pskb_may_pull(skb, sizeof(struct udphdr)))
                        goto out;
                uh = udp_hdr(skb);
+                offset = (unsigned char *)(uh + 1) - skb->data;
                ulen = ntohs(uh->len);
+                data_len = skb->len - offset;
+                source = ntohs(uh->source);
                if (ulen != skb->len)
                        goto out;
                if (udp6_csum_init(skb, uh, IPPROTO_UDP))
@@ -872,9 +879,7 @@ int __netpoll_rx(struct sk_buff *skb, struct netpoll_info *npinfo)
                        if (np->local_port && np->local_port != ntohs(uh->dest))
                                continue;
-                        np->rx_hook(np, ntohs(uh->source),
+                        np->rx_skb_hook(np, source, skb, offset, data_len);
-                                       (char *)(uh+1),
-                                       ulen - sizeof(struct udphdr));
                        hits++;
                }
 #endif
@@ -1062,7 +1067,7 @@ int __netpoll_setup(struct netpoll *np, struct net_device *ndev, gfp_t gfp)
        npinfo->netpoll = np;
-        if (np->rx_hook) {
+        if (np->rx_skb_hook) {
                spin_lock_irqsave(&npinfo->rx_lock, flags);
                npinfo->rx_flags |= NETPOLL_RX_ENABLED;
                list_add_tail(&np->rx, &npinfo->rx_np);
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
index 85a4f21aac1a..59da7cde0724 100644
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -271,6 +271,11 @@ unsigned int arpt_do_table(struct sk_buff *skb,
        local_bh_disable();
        addend = xt_write_recseq_begin();
        private = table->private;
+        /*
+         * Ensure we load private-> members after we've fetched the base
+         * pointer.
+         */
+        smp_read_barrier_depends();
        table_base = private->entries[smp_processor_id()];
        e = get_entry(table_base, private->hook_entry[hook]);
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index d23118d95ff9..718dfbd30cbe 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -327,6 +327,11 @@ ipt_do_table(struct sk_buff *skb,
        addend = xt_write_recseq_begin();
        private = table->private;
        cpu        = smp_processor_id();
+        /*
+         * Ensure we load private-> members after we've fetched the base
+         * pointer.
+         */
+        smp_read_barrier_depends();
        table_base = private->entries[cpu];
        jumpstack  = (struct ipt_entry **)private->jumpstack[cpu];
        stackptr   = per_cpu_ptr(private->stackptr, cpu);
diff --git a/net/ipv4/netfilter/ipt_ULOG.c b/net/ipv4/netfilter/ipt_ULOG.c
index cbc22158af49..9cb993cd224b 100644
--- a/net/ipv4/netfilter/ipt_ULOG.c
+++ b/net/ipv4/netfilter/ipt_ULOG.c
@@ -220,6 +220,7 @@ static void ipt_ulog_packet(struct net *net,
        ub->qlen++;
        pm = nlmsg_data(nlh);
+        memset(pm, 0, sizeof(*pm));
        /* We might not have a timestamp, get one */
        if (skb->tstamp.tv64 == 0)
@@ -238,8 +239,6 @@ static void ipt_ulog_packet(struct net *net,
        }
        else if (loginfo->prefix[0] != '\0')
                strncpy(pm->prefix, loginfo->prefix, sizeof(pm->prefix));
-        else
-                *(pm->prefix) = '\0';
        if (in && in->hard_header_len > 0 &&
            skb->mac_header != skb->network_header &&
@@ -251,13 +250,9 @@ static void ipt_ulog_packet(struct net *net,
        if (in)
                strncpy(pm->indev_name, in->name, sizeof(pm->indev_name));
-        else
-                pm->indev_name[0] = '\0';
        if (out)
                strncpy(pm->outdev_name, out->name, sizeof(pm->outdev_name));
-        else
-                pm->outdev_name[0] = '\0';
        /* copy_len <= skb->len, so can't fail. */
        if (skb_copy_bits(skb, 0, pm->payload, copy_len) < 0)
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index a16b01b537ba..068c8fb0d158 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -2856,7 +2856,8 @@ static inline bool tcp_ack_update_rtt(struct sock *sk, const int flag,
         * left edge of the send window.
         * See draft-ietf-tcplw-high-performance-00, section 3.3.
         */
-        if (seq_rtt < 0 && tp->rx_opt.saw_tstamp && tp->rx_opt.rcv_tsecr)
+        if (seq_rtt < 0 && tp->rx_opt.saw_tstamp && tp->rx_opt.rcv_tsecr &&
+            flag & FLAG_ACKED)
                seq_rtt = tcp_time_stamp - tp->rx_opt.rcv_tsecr;
        if (seq_rtt < 0)
@@ -2871,14 +2872,19 @@ static inline bool tcp_ack_update_rtt(struct sock *sk, const int flag,
 }
 /* Compute time elapsed between (last) SYNACK and the ACK completing 3WHS. */
-static void tcp_synack_rtt_meas(struct sock *sk, struct request_sock *req)
+static void tcp_synack_rtt_meas(struct sock *sk, const u32 synack_stamp)
 {
        struct tcp_sock *tp = tcp_sk(sk);
        s32 seq_rtt = -1;
-        if (tp->lsndtime && !tp->total_retrans)
+        if (synack_stamp && !tp->total_retrans)
-                seq_rtt = tcp_time_stamp - tp->lsndtime;
+                seq_rtt = tcp_time_stamp - synack_stamp;
-        tcp_ack_update_rtt(sk, FLAG_SYN_ACKED, seq_rtt, -1);
+        /* If the ACK acks both the SYNACK and the (Fast Open'd) data packets
+         * sent in SYN_RECV, SYNACK RTT is the smooth RTT computed in tcp_ack()
+         */
+        if (!tp->srtt)
+                tcp_ack_update_rtt(sk, FLAG_SYN_ACKED, seq_rtt, -1);
 }
 static void tcp_cong_avoid(struct sock *sk, u32 ack, u32 in_flight)
@@ -2981,6 +2987,7 @@ static int tcp_clean_rtx_queue(struct sock *sk, int prior_fackets,
        s32 seq_rtt = -1;
        s32 ca_seq_rtt = -1;
        ktime_t last_ackt = net_invalid_timestamp();
+        bool rtt_update;
        while ((skb = tcp_write_queue_head(sk)) && skb != tcp_send_head(sk)) {
                struct tcp_skb_cb *scb = TCP_SKB_CB(skb);
@@ -3057,14 +3064,13 @@ static int tcp_clean_rtx_queue(struct sock *sk, int prior_fackets,
        if (skb && (TCP_SKB_CB(skb)->sacked & TCPCB_SACKED_ACKED))
                flag |= FLAG_SACK_RENEGING;
-        if (tcp_ack_update_rtt(sk, flag, seq_rtt, sack_rtt) ||
+        rtt_update = tcp_ack_update_rtt(sk, flag, seq_rtt, sack_rtt);
-            (flag & FLAG_ACKED))
-                tcp_rearm_rto(sk);
        if (flag & FLAG_ACKED) {
                const struct tcp_congestion_ops *ca_ops
                        = inet_csk(sk)->icsk_ca_ops;
+                tcp_rearm_rto(sk);
                if (unlikely(icsk->icsk_mtup.probe_size &&
                             !after(tp->mtu_probe.probe_seq_end, tp->snd_una))) {
                        tcp_mtup_probe_success(sk);
@@ -3103,6 +3109,13 @@ static int tcp_clean_rtx_queue(struct sock *sk, int prior_fackets,
                        ca_ops->pkts_acked(sk, pkts_acked, rtt_us);
                }
+        } else if (skb && rtt_update && sack_rtt >= 0 &&
+                   sack_rtt > (s32)(now - TCP_SKB_CB(skb)->when)) {
+                /* Do not re-arm RTO if the sack RTT is measured from data sent
+                 * after when the head was last (re)transmitted. Otherwise the
+                 * timeout may continue to extend in loss recovery.
+                 */
+                tcp_rearm_rto(sk);
        }
 #if FASTRETRANS_DEBUG > 0
@@ -5587,6 +5600,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
        struct request_sock *req;
        int queued = 0;
        bool acceptable;
+        u32 synack_stamp;
        tp->rx_opt.saw_tstamp = 0;
@@ -5669,9 +5683,11 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
                 * so release it.
                 */
                if (req) {
+                        synack_stamp = tcp_rsk(req)->snt_synack;
                        tp->total_retrans = req->num_retrans;
                        reqsk_fastopen_remove(sk, req, false);
                } else {
+                        synack_stamp = tp->lsndtime;
                        /* Make sure socket is routed, for correct metrics. */
                        icsk->icsk_af_ops->rebuild_header(sk);
                        tcp_init_congestion_control(sk);
@@ -5694,7 +5710,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
                tp->snd_una = TCP_SKB_CB(skb)->ack_seq;
                tp->snd_wnd = ntohs(th->window) << tp->rx_opt.snd_wscale;
                tcp_init_wl(tp, TCP_SKB_CB(skb)->seq);
-                tcp_synack_rtt_meas(sk, req);
+                tcp_synack_rtt_meas(sk, synack_stamp);
                if (tp->rx_opt.tstamp_ok)
                        tp->advmss -= TCPOLEN_TSTAMP_ALIGNED;
diff --git a/net/ipv4/tcp_offload.c b/net/ipv4/tcp_offload.c
index 3a7525e6c086..533c58a5cfb7 100644
--- a/net/ipv4/tcp_offload.c
+++ b/net/ipv4/tcp_offload.c
@@ -18,6 +18,7 @@ struct sk_buff *tcp_tso_segment(struct sk_buff *skb,
                                netdev_features_t features)
 {
        struct sk_buff *segs = ERR_PTR(-EINVAL);
+        unsigned int sum_truesize = 0;
        struct tcphdr *th;
        unsigned int thlen;
        unsigned int seq;
@@ -102,13 +103,7 @@ struct sk_buff *tcp_tso_segment(struct sk_buff *skb,
                if (copy_destructor) {
                        skb->destructor = gso_skb->destructor;
                        skb->sk = gso_skb->sk;
-                        /* {tcp|sock}_wfree() use exact truesize accounting :
+                        sum_truesize += skb->truesize;
-                         * sum(skb->truesize) MUST be exactly be gso_skb->truesize
-                         * So we account mss bytes of 'true size' for each segment.
-                         * The last segment will contain the remaining.
-                         */
-                        skb->truesize = mss;
-                        gso_skb->truesize -= mss;
                }
                skb = skb->next;
                th = tcp_hdr(skb);
@@ -125,7 +120,9 @@ struct sk_buff *tcp_tso_segment(struct sk_buff *skb,
        if (copy_destructor) {
                swap(gso_skb->sk, skb->sk);
                swap(gso_skb->destructor, skb->destructor);
-                swap(gso_skb->truesize, skb->truesize);
+                sum_truesize += skb->truesize;
+                atomic_add(sum_truesize - gso_skb->truesize,
+                           &skb->sk->sk_wmem_alloc);
        }
        delta = htonl(oldlen + (skb_tail_pointer(skb) -
diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c
index ccde54248c8c..e1a63930a967 100644
--- a/net/ipv4/xfrm4_policy.c
+++ b/net/ipv4/xfrm4_policy.c
@@ -104,10 +104,14 @@ _decode_session4(struct sk_buff *skb, struct flowi *fl, int reverse)
        const struct iphdr *iph = ip_hdr(skb);
        u8 *xprth = skb_network_header(skb) + iph->ihl * 4;
        struct flowi4 *fl4 = &fl->u.ip4;
+        int oif = 0;
+        if (skb_dst(skb))
+                oif = skb_dst(skb)->dev->ifindex;
        memset(fl4, 0, sizeof(struct flowi4));
        fl4->flowi4_mark = skb->mark;
-        fl4->flowi4_oif = skb_dst(skb)->dev->ifindex;
+        fl4->flowi4_oif = reverse ? skb->skb_iif : oif;
        if (!ip_is_fragment(iph)) {
                switch (iph->protocol) {
@@ -236,7 +240,7 @@ static struct dst_ops xfrm4_dst_ops = {
        .destroy =              xfrm4_dst_destroy,
        .ifdown =               xfrm4_dst_ifdown,
        .local_out =            __ip_local_out,
-        .gc_thresh =            1024,
+        .gc_thresh =            32768,
 };
 static struct xfrm_policy_afinfo xfrm4_policy_afinfo = {
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index 44400c216dc6..710238f58aa9 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -349,6 +349,11 @@ ip6t_do_table(struct sk_buff *skb,
        local_bh_disable();
        addend = xt_write_recseq_begin();
        private = table->private;
+        /*
+         * Ensure we load private-> members after we've fetched the base
+         * pointer.
+         */
+        smp_read_barrier_depends();
        cpu        = smp_processor_id();
        table_base = private->entries[cpu];
        jumpstack  = (struct ip6t_entry **)private->jumpstack[cpu];
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index f54e3a101098..04e17b3309fb 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -1087,10 +1087,13 @@ static struct dst_entry *ip6_dst_check(struct dst_entry *dst, u32 cookie)
        if (rt->rt6i_genid != rt_genid_ipv6(dev_net(rt->dst.dev)))
                return NULL;
-        if (rt->rt6i_node && (rt->rt6i_node->fn_sernum == cookie))
+        if (!rt->rt6i_node || (rt->rt6i_node->fn_sernum != cookie))
-                return dst;
+                return NULL;
-        return NULL;
+        if (rt6_check_expired(rt))
+                return NULL;
+        return dst;
 }
 static struct dst_entry *ip6_negative_advice(struct dst_entry *dst)
diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c
index 08ed2772b7aa..5f8e128c512d 100644
--- a/net/ipv6/xfrm6_policy.c
+++ b/net/ipv6/xfrm6_policy.c
@@ -135,10 +135,14 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse)
        struct ipv6_opt_hdr *exthdr;
        const unsigned char *nh = skb_network_header(skb);
        u8 nexthdr = nh[IP6CB(skb)->nhoff];
+        int oif = 0;
+        if (skb_dst(skb))
+                oif = skb_dst(skb)->dev->ifindex;
        memset(fl6, 0, sizeof(struct flowi6));
        fl6->flowi6_mark = skb->mark;
-        fl6->flowi6_oif = skb_dst(skb)->dev->ifindex;
+        fl6->flowi6_oif = reverse ? skb->skb_iif : oif;
        fl6->daddr = reverse ? hdr->saddr : hdr->daddr;
        fl6->saddr = reverse ? hdr->daddr : hdr->saddr;
@@ -285,7 +289,7 @@ static struct dst_ops xfrm6_dst_ops = {
        .destroy =              xfrm6_dst_destroy,
        .ifdown =               xfrm6_dst_ifdown,
        .local_out =            __ip6_local_out,
-        .gc_thresh =            1024,
+        .gc_thresh =            32768,
 };
 static struct xfrm_policy_afinfo xfrm6_policy_afinfo = {
diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
index 8b03028cca69..227aa11e8409 100644
--- a/net/netfilter/x_tables.c
+++ b/net/netfilter/x_tables.c
@@ -845,8 +845,13 @@ xt_replace_table(struct xt_table *table,
                return NULL;
        }
-        table->private = newinfo;
        newinfo->initial_entries = private->initial_entries;
+        /*
+         * Ensure contents of newinfo are visible before assigning to
+         * private.
+         */
+        smp_wmb();
+        table->private = newinfo;
        /*
         * Even though table entries have now been swapped, other CPU's
diff --git a/net/netfilter/xt_NFQUEUE.c b/net/netfilter/xt_NFQUEUE.c
index 1e2fae32f81b..ed00fef58996 100644
--- a/net/netfilter/xt_NFQUEUE.c
+++ b/net/netfilter/xt_NFQUEUE.c
@@ -147,6 +147,7 @@ nfqueue_tg_v3(struct sk_buff *skb, const struct xt_action_param *par)
 {
        const struct xt_NFQ_info_v3 *info = par->targinfo;
        u32 queue = info->queuenum;
+        int ret;
        if (info->queues_total > 1) {
                if (info->flags & NFQ_FLAG_CPU_FANOUT) {
@@ -157,7 +158,11 @@ nfqueue_tg_v3(struct sk_buff *skb, const struct xt_action_param *par)
                        queue = nfqueue_hash(skb, par);
        }
-        return NF_QUEUE_NR(queue);
+        ret = NF_QUEUE_NR(queue);
+        if (info->flags & NFQ_FLAG_BYPASS)
+                ret |= NF_VERDICT_FLAG_QUEUE_BYPASS;
+        return ret;
 }
 static struct xt_target nfqueue_tg_reg[] __read_mostly = {
diff --git a/net/openvswitch/dp_notify.c b/net/openvswitch/dp_notify.c
index c3235675f359..5c2dab276109 100644
--- a/net/openvswitch/dp_notify.c
+++ b/net/openvswitch/dp_notify.c
@@ -65,8 +65,7 @@ void ovs_dp_notify_wq(struct work_struct *work)
                                        continue;
                                netdev_vport = netdev_vport_priv(vport);
-                                if (netdev_vport->dev->reg_state == NETREG_UNREGISTERED ||
+                                if (!(netdev_vport->dev->priv_flags & IFF_OVS_DATAPATH))
-                                    netdev_vport->dev->reg_state == NETREG_UNREGISTERING)
                                        dp_detach_port_notify(vport);
                        }
                }
@@ -88,6 +87,10 @@ static int dp_device_event(struct notifier_block *unused, unsigned long event,
                return NOTIFY_DONE;
        if (event == NETDEV_UNREGISTER) {
+                /* upper_dev_unlink and decrement promisc immediately */
+                ovs_netdev_detach_dev(vport);
+                /* schedule vport destroy, dev_put and genl notification */
                ovs_net = net_generic(dev_net(dev), ovs_net_id);
                queue_work(system_wq, &ovs_net->dp_notify_work);
        }
diff --git a/net/openvswitch/vport-netdev.c b/net/openvswitch/vport-netdev.c
index 09d93c13cfd6..d21f77d875ba 100644
--- a/net/openvswitch/vport-netdev.c
+++ b/net/openvswitch/vport-netdev.c
@@ -150,15 +150,25 @@ static void free_port_rcu(struct rcu_head *rcu)
        ovs_vport_free(vport_from_priv(netdev_vport));
 }
-static void netdev_destroy(struct vport *vport)
+void ovs_netdev_detach_dev(struct vport *vport)
 {
        struct netdev_vport *netdev_vport = netdev_vport_priv(vport);
-        rtnl_lock();
+        ASSERT_RTNL();
        netdev_vport->dev->priv_flags &= ~IFF_OVS_DATAPATH;
        netdev_rx_handler_unregister(netdev_vport->dev);
-        netdev_upper_dev_unlink(netdev_vport->dev, get_dpdev(vport->dp));
+        netdev_upper_dev_unlink(netdev_vport->dev,
+                                netdev_master_upper_dev_get(netdev_vport->dev));
        dev_set_promiscuity(netdev_vport->dev, -1);
+}
+static void netdev_destroy(struct vport *vport)
+{
+        struct netdev_vport *netdev_vport = netdev_vport_priv(vport);
+        rtnl_lock();
+        if (netdev_vport->dev->priv_flags & IFF_OVS_DATAPATH)
+                ovs_netdev_detach_dev(vport);
        rtnl_unlock();
        call_rcu(&netdev_vport->rcu, free_port_rcu);
diff --git a/net/openvswitch/vport-netdev.h b/net/openvswitch/vport-netdev.h
index dd298b5c5cdb..8df01c1127e5 100644
--- a/net/openvswitch/vport-netdev.h
+++ b/net/openvswitch/vport-netdev.h
@@ -39,5 +39,6 @@ netdev_vport_priv(const struct vport *vport)
 }
 const char *ovs_netdev_get_name(const struct vport *);
+void ovs_netdev_detach_dev(struct vport *);
 #endif /* vport_netdev.h */
diff --git a/net/sched/sch_fq.c b/net/sched/sch_fq.c
index a9dfdda9ed1d..fdc041c57853 100644
--- a/net/sched/sch_fq.c
+++ b/net/sched/sch_fq.c
@@ -255,6 +255,7 @@ static struct fq_flow *fq_classify(struct sk_buff *skb, struct fq_sched_data *q)
                                     f->socket_hash != sk->sk_hash)) {
                                f->credit = q->initial_quantum;
                                f->socket_hash = sk->sk_hash;
+                                f->time_next_packet = 0ULL;
                        }
                        return f;
                }
diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c
index e7b2d4fe2b6a..96a55910262c 100644
--- a/net/sctp/ipv6.c
+++ b/net/sctp/ipv6.c
@@ -279,7 +279,9 @@ static void sctp_v6_get_dst(struct sctp_transport *t, union sctp_addr *saddr,
                sctp_v6_to_addr(&dst_saddr, &fl6->saddr, htons(bp->port));
                rcu_read_lock();
                list_for_each_entry_rcu(laddr, &bp->address_list, list) {
-                        if (!laddr->valid || (laddr->state != SCTP_ADDR_SRC))
+                        if (!laddr->valid || laddr->state == SCTP_ADDR_DEL ||
+                            (laddr->state != SCTP_ADDR_SRC &&
+                             !asoc->src_out_of_asoc_ok))
                                continue;
                        /* Do not compare against v4 addrs */
diff --git a/net/sctp/sm_sideeffect.c b/net/sctp/sm_sideeffect.c
index 666c66842799..1a6eef39ab2f 100644
--- a/net/sctp/sm_sideeffect.c
+++ b/net/sctp/sm_sideeffect.c
@@ -860,7 +860,6 @@ static void sctp_cmd_delete_tcb(sctp_cmd_seq_t *cmds,
            (!asoc->temp) && (sk->sk_shutdown != SHUTDOWN_MASK))
                return;
-        BUG_ON(asoc->peer.primary_path == NULL);
        sctp_unhash_established(asoc);
        sctp_association_free(asoc);
 }
diff --git a/net/x25/Kconfig b/net/x25/Kconfig
index c959312c45e3..e2fa133f9fba 100644
--- a/net/x25/Kconfig
+++ b/net/x25/Kconfig
@@ -16,8 +16,8 @@ config X25
          if you want that) and the lower level data link layer protocol LAPB
          (say Y to "LAPB Data Link Driver" below if you want that).
-          You can read more about X.25 at <http://www.sangoma.com/x25.htm> and
+          You can read more about X.25 at <http://www.sangoma.com/tutorials/x25/> and
-          <http://www.cisco.com/univercd/cc/td/doc/product/software/ios11/cbook/cx25.htm>.
+          <http://docwiki.cisco.com/wiki/X.25>.
          Information about X.25 for Linux is contained in the files
          <file:Documentation/networking/x25.txt> and
          <file:Documentation/networking/x25-iface.txt>.
diff --git a/net/xfrm/xfrm_ipcomp.c b/net/xfrm/xfrm_ipcomp.c
index 2906d520eea7..3be02b680268 100644
--- a/net/xfrm/xfrm_ipcomp.c
+++ b/net/xfrm/xfrm_ipcomp.c
@@ -141,14 +141,14 @@ static int ipcomp_compress(struct xfrm_state *x, struct sk_buff *skb)
        const int plen = skb->len;
        int dlen = IPCOMP_SCRATCH_SIZE;
        u8 *start = skb->data;
-        const int cpu = get_cpu();
+        struct crypto_comp *tfm;
-        u8 *scratch = *per_cpu_ptr(ipcomp_scratches, cpu);
+        u8 *scratch;
-        struct crypto_comp *tfm = *per_cpu_ptr(ipcd->tfms, cpu);
        int err;
        local_bh_disable();
+        scratch = *this_cpu_ptr(ipcomp_scratches);
+        tfm = *this_cpu_ptr(ipcd->tfms);
        err = crypto_comp_compress(tfm, start, plen, scratch, &dlen);
-        local_bh_enable();
        if (err)
                goto out;
@@ -158,13 +158,13 @@ static int ipcomp_compress(struct xfrm_state *x, struct sk_buff *skb)
        }
        memcpy(start + sizeof(struct ip_comp_hdr), scratch, dlen);
-        put_cpu();
+        local_bh_enable();
        pskb_trim(skb, dlen + sizeof(struct ip_comp_hdr));
        return 0;
 out:
-        put_cpu();
+        local_bh_enable();
        return err;
 }
author	Linus Torvalds <torvalds@linux-foundation.org>	2013-11-04 09:40:55 -0500
committer	Linus Torvalds <torvalds@linux-foundation.org>	2013-11-04 09:40:55 -0500
commit	be408cd3e1fef73e9408b196a79b9934697fe3b1 (patch)
tree	8923594afd1e556360986cd2bc417f5fe0a72118 /net
parent	5e01dc7b26d9f24f39abace5da98ccbd6a5ceb52 (diff)
parent	c32b7dfbb1dfb3f0a68f250deff65103c8bb704a (diff)