aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorTony Lindgren <tony@atomide.com>2013-06-12 10:00:35 -0400
committerTony Lindgren <tony@atomide.com>2013-06-12 10:00:35 -0400
commitf445d05328a2d627c2fb70c79d8b01455c254609 (patch)
treee46c5f112ba429f836c0c63719b928a8e14fb131 /net
parent668468b161745df666b75fbfb76d14155b0f9df6 (diff)
parent3d85f548d3c84a13dc54cc9c79249c5fdae2ad36 (diff)
Merge branch 'dss-regulator' into omap-for-v3.11/fixes-non-critical
Diffstat (limited to 'net')
-rw-r--r--net/802/mrp.c4
-rw-r--r--net/batman-adv/distributed-arp-table.c13
-rw-r--r--net/batman-adv/main.c19
-rw-r--r--net/batman-adv/network-coding.c8
-rw-r--r--net/batman-adv/originator.c16
-rw-r--r--net/batman-adv/originator.h1
-rw-r--r--net/batman-adv/soft-interface.c1
-rw-r--r--net/batman-adv/translation-table.c7
-rw-r--r--net/bridge/netfilter/ebt_log.c11
-rw-r--r--net/bridge/netfilter/ebt_ulog.c18
-rw-r--r--net/ceph/osd_client.c5
-rw-r--r--net/compat.c13
-rw-r--r--net/core/dev_addr_lists.c17
-rw-r--r--net/core/iovec.c50
-rw-r--r--net/core/skbuff.c4
-rw-r--r--net/core/sock.c18
-rw-r--r--net/ipv4/ip_gre.c3
-rw-r--r--net/ipv4/ip_output.c2
-rw-r--r--net/ipv4/ip_tunnel.c2
-rw-r--r--net/ipv4/netfilter/ipt_ULOG.c19
-rw-r--r--net/ipv4/route.c7
-rw-r--r--net/ipv4/tcp.c29
-rw-r--r--net/ipv4/tcp_input.c23
-rw-r--r--net/ipv4/tcp_output.c10
-rw-r--r--net/ipv6/addrconf.c6
-rw-r--r--net/ipv6/ip6_gre.c2
-rw-r--r--net/ipv6/ip6_output.c2
-rw-r--r--net/ipv6/netfilter.c7
-rw-r--r--net/ipv6/proc.c2
-rw-r--r--net/ipv6/tcp_ipv6.c12
-rw-r--r--net/ipv6/udp.c13
-rw-r--r--net/ipv6/udp_impl.h2
-rw-r--r--net/ipv6/udp_offload.c20
-rw-r--r--net/ipv6/udplite.c2
-rw-r--r--net/ipv6/xfrm6_policy.c4
-rw-r--r--net/irda/irlap_frame.c2
-rw-r--r--net/key/af_key.c4
-rw-r--r--net/mac80211/ieee80211_i.h1
-rw-r--r--net/mac80211/iface.c44
-rw-r--r--net/mac80211/mlme.c73
-rw-r--r--net/mac80211/rate.c9
-rw-r--r--net/mac80211/rx.c3
-rw-r--r--net/mac80211/tkip.c4
-rw-r--r--net/mac80211/util.c7
-rw-r--r--net/netfilter/core.c2
-rw-r--r--net/netfilter/ipvs/ip_vs_core.c35
-rw-r--r--net/netfilter/ipvs/ip_vs_sh.c2
-rw-r--r--net/netfilter/nf_log.c7
-rw-r--r--net/netfilter/nfnetlink_log.c6
-rw-r--r--net/netfilter/nfnetlink_queue_core.c2
-rw-r--r--net/netfilter/xt_LOG.c15
-rw-r--r--net/netfilter/xt_NFLOG.c3
-rw-r--r--net/netfilter/xt_TCPOPTSTRIP.c17
-rw-r--r--net/netfilter/xt_addrtype.c27
-rw-r--r--net/netlabel/netlabel_domainhash.c69
-rw-r--r--net/netlink/af_netlink.c2
-rw-r--r--net/nfc/Makefile1
-rw-r--r--net/sched/act_police.c8
-rw-r--r--net/sched/sch_generic.c8
-rw-r--r--net/sched/sch_htb.c42
-rw-r--r--net/sched/sch_tbf.c8
-rw-r--r--net/socket.c61
-rw-r--r--net/sunrpc/auth_gss/auth_gss.c62
-rw-r--r--net/sunrpc/auth_gss/svcauth_gss.c8
-rw-r--r--net/sunrpc/netns.h4
-rw-r--r--net/sunrpc/rpc_pipe.c5
-rw-r--r--net/sunrpc/sched.c8
-rw-r--r--net/sunrpc/svcauth_unix.c12
-rw-r--r--net/wireless/core.c17
-rw-r--r--net/wireless/nl80211.c6
-rw-r--r--net/wireless/sme.c6
-rw-r--r--net/wireless/trace.h23
-rw-r--r--net/xfrm/xfrm_output.c1
-rw-r--r--net/xfrm/xfrm_policy.c3
-rw-r--r--net/xfrm/xfrm_user.c2
75 files changed, 692 insertions, 299 deletions
diff --git a/net/802/mrp.c b/net/802/mrp.c
index e085bcc754f6..1eb05d80b07b 100644
--- a/net/802/mrp.c
+++ b/net/802/mrp.c
@@ -871,10 +871,10 @@ void mrp_uninit_applicant(struct net_device *dev, struct mrp_application *appl)
871 */ 871 */
872 del_timer_sync(&app->join_timer); 872 del_timer_sync(&app->join_timer);
873 873
874 spin_lock(&app->lock); 874 spin_lock_bh(&app->lock);
875 mrp_mad_event(app, MRP_EVENT_TX); 875 mrp_mad_event(app, MRP_EVENT_TX);
876 mrp_pdu_queue(app); 876 mrp_pdu_queue(app);
877 spin_unlock(&app->lock); 877 spin_unlock_bh(&app->lock);
878 878
879 mrp_queue_xmit(app); 879 mrp_queue_xmit(app);
880 880
diff --git a/net/batman-adv/distributed-arp-table.c b/net/batman-adv/distributed-arp-table.c
index 8e15d966d9b0..239992021b1d 100644
--- a/net/batman-adv/distributed-arp-table.c
+++ b/net/batman-adv/distributed-arp-table.c
@@ -837,6 +837,19 @@ bool batadv_dat_snoop_outgoing_arp_request(struct batadv_priv *bat_priv,
837 837
838 dat_entry = batadv_dat_entry_hash_find(bat_priv, ip_dst); 838 dat_entry = batadv_dat_entry_hash_find(bat_priv, ip_dst);
839 if (dat_entry) { 839 if (dat_entry) {
840 /* If the ARP request is destined for a local client the local
841 * client will answer itself. DAT would only generate a
842 * duplicate packet.
843 *
844 * Moreover, if the soft-interface is enslaved into a bridge, an
845 * additional DAT answer may trigger kernel warnings about
846 * a packet coming from the wrong port.
847 */
848 if (batadv_is_my_client(bat_priv, dat_entry->mac_addr)) {
849 ret = true;
850 goto out;
851 }
852
840 skb_new = arp_create(ARPOP_REPLY, ETH_P_ARP, ip_src, 853 skb_new = arp_create(ARPOP_REPLY, ETH_P_ARP, ip_src,
841 bat_priv->soft_iface, ip_dst, hw_src, 854 bat_priv->soft_iface, ip_dst, hw_src,
842 dat_entry->mac_addr, hw_src); 855 dat_entry->mac_addr, hw_src);
diff --git a/net/batman-adv/main.c b/net/batman-adv/main.c
index 3e30a0f1b908..51aafd669cbb 100644
--- a/net/batman-adv/main.c
+++ b/net/batman-adv/main.c
@@ -163,16 +163,25 @@ void batadv_mesh_free(struct net_device *soft_iface)
163 batadv_vis_quit(bat_priv); 163 batadv_vis_quit(bat_priv);
164 164
165 batadv_gw_node_purge(bat_priv); 165 batadv_gw_node_purge(bat_priv);
166 batadv_originator_free(bat_priv);
167 batadv_nc_free(bat_priv); 166 batadv_nc_free(bat_priv);
167 batadv_dat_free(bat_priv);
168 batadv_bla_free(bat_priv);
168 169
170 /* Free the TT and the originator tables only after having terminated
171 * all the other depending components which may use these structures for
172 * their purposes.
173 */
169 batadv_tt_free(bat_priv); 174 batadv_tt_free(bat_priv);
170 175
171 batadv_bla_free(bat_priv); 176 /* Since the originator table clean up routine is accessing the TT
172 177 * tables as well, it has to be invoked after the TT tables have been
173 batadv_dat_free(bat_priv); 178 * freed and marked as empty. This ensures that no cleanup RCU callbacks
179 * accessing the TT data are scheduled for later execution.
180 */
181 batadv_originator_free(bat_priv);
174 182
175 free_percpu(bat_priv->bat_counters); 183 free_percpu(bat_priv->bat_counters);
184 bat_priv->bat_counters = NULL;
176 185
177 atomic_set(&bat_priv->mesh_state, BATADV_MESH_INACTIVE); 186 atomic_set(&bat_priv->mesh_state, BATADV_MESH_INACTIVE);
178} 187}
@@ -475,7 +484,7 @@ static int batadv_param_set_ra(const char *val, const struct kernel_param *kp)
475 char *algo_name = (char *)val; 484 char *algo_name = (char *)val;
476 size_t name_len = strlen(algo_name); 485 size_t name_len = strlen(algo_name);
477 486
478 if (algo_name[name_len - 1] == '\n') 487 if (name_len > 0 && algo_name[name_len - 1] == '\n')
479 algo_name[name_len - 1] = '\0'; 488 algo_name[name_len - 1] = '\0';
480 489
481 bat_algo_ops = batadv_algo_get(algo_name); 490 bat_algo_ops = batadv_algo_get(algo_name);
diff --git a/net/batman-adv/network-coding.c b/net/batman-adv/network-coding.c
index f7c54305a918..e84629ece9b7 100644
--- a/net/batman-adv/network-coding.c
+++ b/net/batman-adv/network-coding.c
@@ -1514,6 +1514,7 @@ batadv_nc_skb_decode_packet(struct batadv_priv *bat_priv, struct sk_buff *skb,
1514 struct ethhdr *ethhdr, ethhdr_tmp; 1514 struct ethhdr *ethhdr, ethhdr_tmp;
1515 uint8_t *orig_dest, ttl, ttvn; 1515 uint8_t *orig_dest, ttl, ttvn;
1516 unsigned int coding_len; 1516 unsigned int coding_len;
1517 int err;
1517 1518
1518 /* Save headers temporarily */ 1519 /* Save headers temporarily */
1519 memcpy(&coded_packet_tmp, skb->data, sizeof(coded_packet_tmp)); 1520 memcpy(&coded_packet_tmp, skb->data, sizeof(coded_packet_tmp));
@@ -1568,8 +1569,11 @@ batadv_nc_skb_decode_packet(struct batadv_priv *bat_priv, struct sk_buff *skb,
1568 coding_len); 1569 coding_len);
1569 1570
1570 /* Resize decoded skb if decoded with larger packet */ 1571 /* Resize decoded skb if decoded with larger packet */
1571 if (nc_packet->skb->len > coding_len + h_size) 1572 if (nc_packet->skb->len > coding_len + h_size) {
1572 pskb_trim_rcsum(skb, coding_len + h_size); 1573 err = pskb_trim_rcsum(skb, coding_len + h_size);
1574 if (err)
1575 return NULL;
1576 }
1573 1577
1574 /* Create decoded unicast packet */ 1578 /* Create decoded unicast packet */
1575 unicast_packet = (struct batadv_unicast_packet *)skb->data; 1579 unicast_packet = (struct batadv_unicast_packet *)skb->data;
diff --git a/net/batman-adv/originator.c b/net/batman-adv/originator.c
index 2f3452546636..fad1a2093e15 100644
--- a/net/batman-adv/originator.c
+++ b/net/batman-adv/originator.c
@@ -156,12 +156,28 @@ static void batadv_orig_node_free_rcu(struct rcu_head *rcu)
156 kfree(orig_node); 156 kfree(orig_node);
157} 157}
158 158
159/**
160 * batadv_orig_node_free_ref - decrement the orig node refcounter and possibly
161 * schedule an rcu callback for freeing it
162 * @orig_node: the orig node to free
163 */
159void batadv_orig_node_free_ref(struct batadv_orig_node *orig_node) 164void batadv_orig_node_free_ref(struct batadv_orig_node *orig_node)
160{ 165{
161 if (atomic_dec_and_test(&orig_node->refcount)) 166 if (atomic_dec_and_test(&orig_node->refcount))
162 call_rcu(&orig_node->rcu, batadv_orig_node_free_rcu); 167 call_rcu(&orig_node->rcu, batadv_orig_node_free_rcu);
163} 168}
164 169
170/**
171 * batadv_orig_node_free_ref_now - decrement the orig node refcounter and
172 * possibly free it (without rcu callback)
173 * @orig_node: the orig node to free
174 */
175void batadv_orig_node_free_ref_now(struct batadv_orig_node *orig_node)
176{
177 if (atomic_dec_and_test(&orig_node->refcount))
178 batadv_orig_node_free_rcu(&orig_node->rcu);
179}
180
165void batadv_originator_free(struct batadv_priv *bat_priv) 181void batadv_originator_free(struct batadv_priv *bat_priv)
166{ 182{
167 struct batadv_hashtable *hash = bat_priv->orig_hash; 183 struct batadv_hashtable *hash = bat_priv->orig_hash;
diff --git a/net/batman-adv/originator.h b/net/batman-adv/originator.h
index 7df48fa7669d..734e5a3d8a5b 100644
--- a/net/batman-adv/originator.h
+++ b/net/batman-adv/originator.h
@@ -26,6 +26,7 @@ int batadv_originator_init(struct batadv_priv *bat_priv);
26void batadv_originator_free(struct batadv_priv *bat_priv); 26void batadv_originator_free(struct batadv_priv *bat_priv);
27void batadv_purge_orig_ref(struct batadv_priv *bat_priv); 27void batadv_purge_orig_ref(struct batadv_priv *bat_priv);
28void batadv_orig_node_free_ref(struct batadv_orig_node *orig_node); 28void batadv_orig_node_free_ref(struct batadv_orig_node *orig_node);
29void batadv_orig_node_free_ref_now(struct batadv_orig_node *orig_node);
29struct batadv_orig_node *batadv_get_orig_node(struct batadv_priv *bat_priv, 30struct batadv_orig_node *batadv_get_orig_node(struct batadv_priv *bat_priv,
30 const uint8_t *addr); 31 const uint8_t *addr);
31struct batadv_neigh_node * 32struct batadv_neigh_node *
diff --git a/net/batman-adv/soft-interface.c b/net/batman-adv/soft-interface.c
index 6f20d339e33a..819dfb006cdf 100644
--- a/net/batman-adv/soft-interface.c
+++ b/net/batman-adv/soft-interface.c
@@ -505,6 +505,7 @@ unreg_debugfs:
505 batadv_debugfs_del_meshif(dev); 505 batadv_debugfs_del_meshif(dev);
506free_bat_counters: 506free_bat_counters:
507 free_percpu(bat_priv->bat_counters); 507 free_percpu(bat_priv->bat_counters);
508 bat_priv->bat_counters = NULL;
508 509
509 return ret; 510 return ret;
510} 511}
diff --git a/net/batman-adv/translation-table.c b/net/batman-adv/translation-table.c
index 5e89deeb9542..9e8748575845 100644
--- a/net/batman-adv/translation-table.c
+++ b/net/batman-adv/translation-table.c
@@ -144,7 +144,12 @@ static void batadv_tt_orig_list_entry_free_rcu(struct rcu_head *rcu)
144 struct batadv_tt_orig_list_entry *orig_entry; 144 struct batadv_tt_orig_list_entry *orig_entry;
145 145
146 orig_entry = container_of(rcu, struct batadv_tt_orig_list_entry, rcu); 146 orig_entry = container_of(rcu, struct batadv_tt_orig_list_entry, rcu);
147 batadv_orig_node_free_ref(orig_entry->orig_node); 147
148 /* We are in an rcu callback here, therefore we cannot use
149 * batadv_orig_node_free_ref() and its call_rcu():
150 * An rcu_barrier() wouldn't wait for that to finish
151 */
152 batadv_orig_node_free_ref_now(orig_entry->orig_node);
148 kfree(orig_entry); 153 kfree(orig_entry);
149} 154}
150 155
diff --git a/net/bridge/netfilter/ebt_log.c b/net/bridge/netfilter/ebt_log.c
index 9878eb8204c5..19c37a4929bc 100644
--- a/net/bridge/netfilter/ebt_log.c
+++ b/net/bridge/netfilter/ebt_log.c
@@ -72,13 +72,12 @@ print_ports(const struct sk_buff *skb, uint8_t protocol, int offset)
72} 72}
73 73
74static void 74static void
75ebt_log_packet(u_int8_t pf, unsigned int hooknum, 75ebt_log_packet(struct net *net, u_int8_t pf, unsigned int hooknum,
76 const struct sk_buff *skb, const struct net_device *in, 76 const struct sk_buff *skb, const struct net_device *in,
77 const struct net_device *out, const struct nf_loginfo *loginfo, 77 const struct net_device *out, const struct nf_loginfo *loginfo,
78 const char *prefix) 78 const char *prefix)
79{ 79{
80 unsigned int bitmask; 80 unsigned int bitmask;
81 struct net *net = dev_net(in ? in : out);
82 81
83 /* FIXME: Disabled from containers until syslog ns is supported */ 82 /* FIXME: Disabled from containers until syslog ns is supported */
84 if (!net_eq(net, &init_net)) 83 if (!net_eq(net, &init_net))
@@ -191,7 +190,7 @@ ebt_log_tg(struct sk_buff *skb, const struct xt_action_param *par)
191 nf_log_packet(net, NFPROTO_BRIDGE, par->hooknum, skb, 190 nf_log_packet(net, NFPROTO_BRIDGE, par->hooknum, skb,
192 par->in, par->out, &li, "%s", info->prefix); 191 par->in, par->out, &li, "%s", info->prefix);
193 else 192 else
194 ebt_log_packet(NFPROTO_BRIDGE, par->hooknum, skb, par->in, 193 ebt_log_packet(net, NFPROTO_BRIDGE, par->hooknum, skb, par->in,
195 par->out, &li, info->prefix); 194 par->out, &li, info->prefix);
196 return EBT_CONTINUE; 195 return EBT_CONTINUE;
197} 196}
diff --git a/net/bridge/netfilter/ebt_ulog.c b/net/bridge/netfilter/ebt_ulog.c
index fc1905c51417..df0364aa12d5 100644
--- a/net/bridge/netfilter/ebt_ulog.c
+++ b/net/bridge/netfilter/ebt_ulog.c
@@ -131,14 +131,16 @@ static struct sk_buff *ulog_alloc_skb(unsigned int size)
131 return skb; 131 return skb;
132} 132}
133 133
134static void ebt_ulog_packet(unsigned int hooknr, const struct sk_buff *skb, 134static void ebt_ulog_packet(struct net *net, unsigned int hooknr,
135 const struct net_device *in, const struct net_device *out, 135 const struct sk_buff *skb,
136 const struct ebt_ulog_info *uloginfo, const char *prefix) 136 const struct net_device *in,
137 const struct net_device *out,
138 const struct ebt_ulog_info *uloginfo,
139 const char *prefix)
137{ 140{
138 ebt_ulog_packet_msg_t *pm; 141 ebt_ulog_packet_msg_t *pm;
139 size_t size, copy_len; 142 size_t size, copy_len;
140 struct nlmsghdr *nlh; 143 struct nlmsghdr *nlh;
141 struct net *net = dev_net(in ? in : out);
142 struct ebt_ulog_net *ebt = ebt_ulog_pernet(net); 144 struct ebt_ulog_net *ebt = ebt_ulog_pernet(net);
143 unsigned int group = uloginfo->nlgroup; 145 unsigned int group = uloginfo->nlgroup;
144 ebt_ulog_buff_t *ub = &ebt->ulog_buffers[group]; 146 ebt_ulog_buff_t *ub = &ebt->ulog_buffers[group];
@@ -233,7 +235,7 @@ unlock:
233} 235}
234 236
235/* this function is registered with the netfilter core */ 237/* this function is registered with the netfilter core */
236static void ebt_log_packet(u_int8_t pf, unsigned int hooknum, 238static void ebt_log_packet(struct net *net, u_int8_t pf, unsigned int hooknum,
237 const struct sk_buff *skb, const struct net_device *in, 239 const struct sk_buff *skb, const struct net_device *in,
238 const struct net_device *out, const struct nf_loginfo *li, 240 const struct net_device *out, const struct nf_loginfo *li,
239 const char *prefix) 241 const char *prefix)
@@ -252,13 +254,15 @@ static void ebt_log_packet(u_int8_t pf, unsigned int hooknum,
252 strlcpy(loginfo.prefix, prefix, sizeof(loginfo.prefix)); 254 strlcpy(loginfo.prefix, prefix, sizeof(loginfo.prefix));
253 } 255 }
254 256
255 ebt_ulog_packet(hooknum, skb, in, out, &loginfo, prefix); 257 ebt_ulog_packet(net, hooknum, skb, in, out, &loginfo, prefix);
256} 258}
257 259
258static unsigned int 260static unsigned int
259ebt_ulog_tg(struct sk_buff *skb, const struct xt_action_param *par) 261ebt_ulog_tg(struct sk_buff *skb, const struct xt_action_param *par)
260{ 262{
261 ebt_ulog_packet(par->hooknum, skb, par->in, par->out, 263 struct net *net = dev_net(par->in ? par->in : par->out);
264
265 ebt_ulog_packet(net, par->hooknum, skb, par->in, par->out,
262 par->targinfo, NULL); 266 par->targinfo, NULL);
263 return EBT_CONTINUE; 267 return EBT_CONTINUE;
264} 268}
diff --git a/net/ceph/osd_client.c b/net/ceph/osd_client.c
index a3395fdfbd4f..d5953b87918c 100644
--- a/net/ceph/osd_client.c
+++ b/net/ceph/osd_client.c
@@ -1204,6 +1204,7 @@ void ceph_osdc_unregister_linger_request(struct ceph_osd_client *osdc,
1204 mutex_lock(&osdc->request_mutex); 1204 mutex_lock(&osdc->request_mutex);
1205 if (req->r_linger) { 1205 if (req->r_linger) {
1206 __unregister_linger_request(osdc, req); 1206 __unregister_linger_request(osdc, req);
1207 req->r_linger = 0;
1207 ceph_osdc_put_request(req); 1208 ceph_osdc_put_request(req);
1208 } 1209 }
1209 mutex_unlock(&osdc->request_mutex); 1210 mutex_unlock(&osdc->request_mutex);
@@ -2120,7 +2121,9 @@ int ceph_osdc_start_request(struct ceph_osd_client *osdc,
2120 down_read(&osdc->map_sem); 2121 down_read(&osdc->map_sem);
2121 mutex_lock(&osdc->request_mutex); 2122 mutex_lock(&osdc->request_mutex);
2122 __register_request(osdc, req); 2123 __register_request(osdc, req);
2123 WARN_ON(req->r_sent); 2124 req->r_sent = 0;
2125 req->r_got_reply = 0;
2126 req->r_completed = 0;
2124 rc = __map_request(osdc, req, 0); 2127 rc = __map_request(osdc, req, 0);
2125 if (rc < 0) { 2128 if (rc < 0) {
2126 if (nofail) { 2129 if (nofail) {
diff --git a/net/compat.c b/net/compat.c
index 79ae88485001..f0a1ba6c8086 100644
--- a/net/compat.c
+++ b/net/compat.c
@@ -734,19 +734,25 @@ static unsigned char nas[21] = {
734 734
735asmlinkage long compat_sys_sendmsg(int fd, struct compat_msghdr __user *msg, unsigned int flags) 735asmlinkage long compat_sys_sendmsg(int fd, struct compat_msghdr __user *msg, unsigned int flags)
736{ 736{
737 return sys_sendmsg(fd, (struct msghdr __user *)msg, flags | MSG_CMSG_COMPAT); 737 if (flags & MSG_CMSG_COMPAT)
738 return -EINVAL;
739 return __sys_sendmsg(fd, (struct msghdr __user *)msg, flags | MSG_CMSG_COMPAT);
738} 740}
739 741
740asmlinkage long compat_sys_sendmmsg(int fd, struct compat_mmsghdr __user *mmsg, 742asmlinkage long compat_sys_sendmmsg(int fd, struct compat_mmsghdr __user *mmsg,
741 unsigned int vlen, unsigned int flags) 743 unsigned int vlen, unsigned int flags)
742{ 744{
745 if (flags & MSG_CMSG_COMPAT)
746 return -EINVAL;
743 return __sys_sendmmsg(fd, (struct mmsghdr __user *)mmsg, vlen, 747 return __sys_sendmmsg(fd, (struct mmsghdr __user *)mmsg, vlen,
744 flags | MSG_CMSG_COMPAT); 748 flags | MSG_CMSG_COMPAT);
745} 749}
746 750
747asmlinkage long compat_sys_recvmsg(int fd, struct compat_msghdr __user *msg, unsigned int flags) 751asmlinkage long compat_sys_recvmsg(int fd, struct compat_msghdr __user *msg, unsigned int flags)
748{ 752{
749 return sys_recvmsg(fd, (struct msghdr __user *)msg, flags | MSG_CMSG_COMPAT); 753 if (flags & MSG_CMSG_COMPAT)
754 return -EINVAL;
755 return __sys_recvmsg(fd, (struct msghdr __user *)msg, flags | MSG_CMSG_COMPAT);
750} 756}
751 757
752asmlinkage long compat_sys_recv(int fd, void __user *buf, size_t len, unsigned int flags) 758asmlinkage long compat_sys_recv(int fd, void __user *buf, size_t len, unsigned int flags)
@@ -768,6 +774,9 @@ asmlinkage long compat_sys_recvmmsg(int fd, struct compat_mmsghdr __user *mmsg,
768 int datagrams; 774 int datagrams;
769 struct timespec ktspec; 775 struct timespec ktspec;
770 776
777 if (flags & MSG_CMSG_COMPAT)
778 return -EINVAL;
779
771 if (COMPAT_USE_64BIT_TIME) 780 if (COMPAT_USE_64BIT_TIME)
772 return __sys_recvmmsg(fd, (struct mmsghdr __user *)mmsg, vlen, 781 return __sys_recvmmsg(fd, (struct mmsghdr __user *)mmsg, vlen,
773 flags | MSG_CMSG_COMPAT, 782 flags | MSG_CMSG_COMPAT,
diff --git a/net/core/dev_addr_lists.c b/net/core/dev_addr_lists.c
index c013f38482a1..6cda4e2c2132 100644
--- a/net/core/dev_addr_lists.c
+++ b/net/core/dev_addr_lists.c
@@ -39,6 +39,7 @@ static int __hw_addr_create_ex(struct netdev_hw_addr_list *list,
39 ha->refcount = 1; 39 ha->refcount = 1;
40 ha->global_use = global; 40 ha->global_use = global;
41 ha->synced = sync; 41 ha->synced = sync;
42 ha->sync_cnt = 0;
42 list_add_tail_rcu(&ha->list, &list->list); 43 list_add_tail_rcu(&ha->list, &list->list);
43 list->count++; 44 list->count++;
44 45
@@ -66,7 +67,7 @@ static int __hw_addr_add_ex(struct netdev_hw_addr_list *list,
66 } 67 }
67 if (sync) { 68 if (sync) {
68 if (ha->synced) 69 if (ha->synced)
69 return 0; 70 return -EEXIST;
70 else 71 else
71 ha->synced = true; 72 ha->synced = true;
72 } 73 }
@@ -139,10 +140,13 @@ static int __hw_addr_sync_one(struct netdev_hw_addr_list *to_list,
139 140
140 err = __hw_addr_add_ex(to_list, ha->addr, addr_len, ha->type, 141 err = __hw_addr_add_ex(to_list, ha->addr, addr_len, ha->type,
141 false, true); 142 false, true);
142 if (err) 143 if (err && err != -EEXIST)
143 return err; 144 return err;
144 ha->sync_cnt++; 145
145 ha->refcount++; 146 if (!err) {
147 ha->sync_cnt++;
148 ha->refcount++;
149 }
146 150
147 return 0; 151 return 0;
148} 152}
@@ -159,7 +163,8 @@ static void __hw_addr_unsync_one(struct netdev_hw_addr_list *to_list,
159 if (err) 163 if (err)
160 return; 164 return;
161 ha->sync_cnt--; 165 ha->sync_cnt--;
162 __hw_addr_del_entry(from_list, ha, false, true); 166 /* address on from list is not marked synced */
167 __hw_addr_del_entry(from_list, ha, false, false);
163} 168}
164 169
165static int __hw_addr_sync_multiple(struct netdev_hw_addr_list *to_list, 170static int __hw_addr_sync_multiple(struct netdev_hw_addr_list *to_list,
@@ -796,7 +801,7 @@ int dev_mc_sync_multiple(struct net_device *to, struct net_device *from)
796 return -EINVAL; 801 return -EINVAL;
797 802
798 netif_addr_lock_nested(to); 803 netif_addr_lock_nested(to);
799 err = __hw_addr_sync(&to->mc, &from->mc, to->addr_len); 804 err = __hw_addr_sync_multiple(&to->mc, &from->mc, to->addr_len);
800 if (!err) 805 if (!err)
801 __dev_set_rx_mode(to); 806 __dev_set_rx_mode(to);
802 netif_addr_unlock(to); 807 netif_addr_unlock(to);
diff --git a/net/core/iovec.c b/net/core/iovec.c
index 7e7aeb01de45..de178e462682 100644
--- a/net/core/iovec.c
+++ b/net/core/iovec.c
@@ -75,31 +75,6 @@ int verify_iovec(struct msghdr *m, struct iovec *iov, struct sockaddr_storage *a
75 75
76/* 76/*
77 * Copy kernel to iovec. Returns -EFAULT on error. 77 * Copy kernel to iovec. Returns -EFAULT on error.
78 *
79 * Note: this modifies the original iovec.
80 */
81
82int memcpy_toiovec(struct iovec *iov, unsigned char *kdata, int len)
83{
84 while (len > 0) {
85 if (iov->iov_len) {
86 int copy = min_t(unsigned int, iov->iov_len, len);
87 if (copy_to_user(iov->iov_base, kdata, copy))
88 return -EFAULT;
89 kdata += copy;
90 len -= copy;
91 iov->iov_len -= copy;
92 iov->iov_base += copy;
93 }
94 iov++;
95 }
96
97 return 0;
98}
99EXPORT_SYMBOL(memcpy_toiovec);
100
101/*
102 * Copy kernel to iovec. Returns -EFAULT on error.
103 */ 78 */
104 79
105int memcpy_toiovecend(const struct iovec *iov, unsigned char *kdata, 80int memcpy_toiovecend(const struct iovec *iov, unsigned char *kdata,
@@ -125,31 +100,6 @@ int memcpy_toiovecend(const struct iovec *iov, unsigned char *kdata,
125EXPORT_SYMBOL(memcpy_toiovecend); 100EXPORT_SYMBOL(memcpy_toiovecend);
126 101
127/* 102/*
128 * Copy iovec to kernel. Returns -EFAULT on error.
129 *
130 * Note: this modifies the original iovec.
131 */
132
133int memcpy_fromiovec(unsigned char *kdata, struct iovec *iov, int len)
134{
135 while (len > 0) {
136 if (iov->iov_len) {
137 int copy = min_t(unsigned int, len, iov->iov_len);
138 if (copy_from_user(kdata, iov->iov_base, copy))
139 return -EFAULT;
140 len -= copy;
141 kdata += copy;
142 iov->iov_base += copy;
143 iov->iov_len -= copy;
144 }
145 iov++;
146 }
147
148 return 0;
149}
150EXPORT_SYMBOL(memcpy_fromiovec);
151
152/*
153 * Copy iovec from kernel. Returns -EFAULT on error. 103 * Copy iovec from kernel. Returns -EFAULT on error.
154 */ 104 */
155 105
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index af9185d0be6a..cfd777bd6bd0 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -195,7 +195,7 @@ struct sk_buff *__alloc_skb_head(gfp_t gfp_mask, int node)
195 * the tail pointer in struct sk_buff! 195 * the tail pointer in struct sk_buff!
196 */ 196 */
197 memset(skb, 0, offsetof(struct sk_buff, tail)); 197 memset(skb, 0, offsetof(struct sk_buff, tail));
198 skb->data = NULL; 198 skb->head = NULL;
199 skb->truesize = sizeof(struct sk_buff); 199 skb->truesize = sizeof(struct sk_buff);
200 atomic_set(&skb->users, 1); 200 atomic_set(&skb->users, 1);
201 201
@@ -611,7 +611,7 @@ static void skb_release_head_state(struct sk_buff *skb)
611static void skb_release_all(struct sk_buff *skb) 611static void skb_release_all(struct sk_buff *skb)
612{ 612{
613 skb_release_head_state(skb); 613 skb_release_head_state(skb);
614 if (likely(skb->data)) 614 if (likely(skb->head))
615 skb_release_data(skb); 615 skb_release_data(skb);
616} 616}
617 617
diff --git a/net/core/sock.c b/net/core/sock.c
index d4f4cea726e7..88868a9d21da 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -210,7 +210,7 @@ static const char *const af_family_key_strings[AF_MAX+1] = {
210 "sk_lock-AF_TIPC" , "sk_lock-AF_BLUETOOTH", "sk_lock-IUCV" , 210 "sk_lock-AF_TIPC" , "sk_lock-AF_BLUETOOTH", "sk_lock-IUCV" ,
211 "sk_lock-AF_RXRPC" , "sk_lock-AF_ISDN" , "sk_lock-AF_PHONET" , 211 "sk_lock-AF_RXRPC" , "sk_lock-AF_ISDN" , "sk_lock-AF_PHONET" ,
212 "sk_lock-AF_IEEE802154", "sk_lock-AF_CAIF" , "sk_lock-AF_ALG" , 212 "sk_lock-AF_IEEE802154", "sk_lock-AF_CAIF" , "sk_lock-AF_ALG" ,
213 "sk_lock-AF_NFC" , "sk_lock-AF_MAX" 213 "sk_lock-AF_NFC" , "sk_lock-AF_VSOCK" , "sk_lock-AF_MAX"
214}; 214};
215static const char *const af_family_slock_key_strings[AF_MAX+1] = { 215static const char *const af_family_slock_key_strings[AF_MAX+1] = {
216 "slock-AF_UNSPEC", "slock-AF_UNIX" , "slock-AF_INET" , 216 "slock-AF_UNSPEC", "slock-AF_UNIX" , "slock-AF_INET" ,
@@ -226,7 +226,7 @@ static const char *const af_family_slock_key_strings[AF_MAX+1] = {
226 "slock-AF_TIPC" , "slock-AF_BLUETOOTH", "slock-AF_IUCV" , 226 "slock-AF_TIPC" , "slock-AF_BLUETOOTH", "slock-AF_IUCV" ,
227 "slock-AF_RXRPC" , "slock-AF_ISDN" , "slock-AF_PHONET" , 227 "slock-AF_RXRPC" , "slock-AF_ISDN" , "slock-AF_PHONET" ,
228 "slock-AF_IEEE802154", "slock-AF_CAIF" , "slock-AF_ALG" , 228 "slock-AF_IEEE802154", "slock-AF_CAIF" , "slock-AF_ALG" ,
229 "slock-AF_NFC" , "slock-AF_MAX" 229 "slock-AF_NFC" , "slock-AF_VSOCK" ,"slock-AF_MAX"
230}; 230};
231static const char *const af_family_clock_key_strings[AF_MAX+1] = { 231static const char *const af_family_clock_key_strings[AF_MAX+1] = {
232 "clock-AF_UNSPEC", "clock-AF_UNIX" , "clock-AF_INET" , 232 "clock-AF_UNSPEC", "clock-AF_UNIX" , "clock-AF_INET" ,
@@ -242,7 +242,7 @@ static const char *const af_family_clock_key_strings[AF_MAX+1] = {
242 "clock-AF_TIPC" , "clock-AF_BLUETOOTH", "clock-AF_IUCV" , 242 "clock-AF_TIPC" , "clock-AF_BLUETOOTH", "clock-AF_IUCV" ,
243 "clock-AF_RXRPC" , "clock-AF_ISDN" , "clock-AF_PHONET" , 243 "clock-AF_RXRPC" , "clock-AF_ISDN" , "clock-AF_PHONET" ,
244 "clock-AF_IEEE802154", "clock-AF_CAIF" , "clock-AF_ALG" , 244 "clock-AF_IEEE802154", "clock-AF_CAIF" , "clock-AF_ALG" ,
245 "clock-AF_NFC" , "clock-AF_MAX" 245 "clock-AF_NFC" , "clock-AF_VSOCK" , "clock-AF_MAX"
246}; 246};
247 247
248/* 248/*
@@ -1217,18 +1217,6 @@ static void sock_copy(struct sock *nsk, const struct sock *osk)
1217#endif 1217#endif
1218} 1218}
1219 1219
1220/*
1221 * caches using SLAB_DESTROY_BY_RCU should let .next pointer from nulls nodes
1222 * un-modified. Special care is taken when initializing object to zero.
1223 */
1224static inline void sk_prot_clear_nulls(struct sock *sk, int size)
1225{
1226 if (offsetof(struct sock, sk_node.next) != 0)
1227 memset(sk, 0, offsetof(struct sock, sk_node.next));
1228 memset(&sk->sk_node.pprev, 0,
1229 size - offsetof(struct sock, sk_node.pprev));
1230}
1231
1232void sk_prot_clear_portaddr_nulls(struct sock *sk, int size) 1220void sk_prot_clear_portaddr_nulls(struct sock *sk, int size)
1233{ 1221{
1234 unsigned long nulls1, nulls2; 1222 unsigned long nulls1, nulls2;
diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
index c625e4dad4b0..2a83591492dd 100644
--- a/net/ipv4/ip_gre.c
+++ b/net/ipv4/ip_gre.c
@@ -235,7 +235,7 @@ static void ipgre_err(struct sk_buff *skb, u32 info)
235 */ 235 */
236 struct net *net = dev_net(skb->dev); 236 struct net *net = dev_net(skb->dev);
237 struct ip_tunnel_net *itn; 237 struct ip_tunnel_net *itn;
238 const struct iphdr *iph = (const struct iphdr *)skb->data; 238 const struct iphdr *iph;
239 const int type = icmp_hdr(skb)->type; 239 const int type = icmp_hdr(skb)->type;
240 const int code = icmp_hdr(skb)->code; 240 const int code = icmp_hdr(skb)->code;
241 struct ip_tunnel *t; 241 struct ip_tunnel *t;
@@ -281,6 +281,7 @@ static void ipgre_err(struct sk_buff *skb, u32 info)
281 else 281 else
282 itn = net_generic(net, ipgre_net_id); 282 itn = net_generic(net, ipgre_net_id);
283 283
284 iph = (const struct iphdr *)skb->data;
284 t = ip_tunnel_lookup(itn, skb->dev->ifindex, tpi.flags, 285 t = ip_tunnel_lookup(itn, skb->dev->ifindex, tpi.flags,
285 iph->daddr, iph->saddr, tpi.key); 286 iph->daddr, iph->saddr, tpi.key);
286 287
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index 147abf5275aa..4bcabf3ab4ca 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -84,7 +84,7 @@ int sysctl_ip_default_ttl __read_mostly = IPDEFTTL;
84EXPORT_SYMBOL(sysctl_ip_default_ttl); 84EXPORT_SYMBOL(sysctl_ip_default_ttl);
85 85
86/* Generate a checksum for an outgoing IP datagram. */ 86/* Generate a checksum for an outgoing IP datagram. */
87__inline__ void ip_send_check(struct iphdr *iph) 87void ip_send_check(struct iphdr *iph)
88{ 88{
89 iph->check = 0; 89 iph->check = 0;
90 iph->check = ip_fast_csum((unsigned char *)iph, iph->ihl); 90 iph->check = ip_fast_csum((unsigned char *)iph, iph->ihl);
diff --git a/net/ipv4/ip_tunnel.c b/net/ipv4/ip_tunnel.c
index e4147ec1665a..be2f8da0ae8e 100644
--- a/net/ipv4/ip_tunnel.c
+++ b/net/ipv4/ip_tunnel.c
@@ -503,6 +503,7 @@ void ip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev,
503 503
504 inner_iph = (const struct iphdr *)skb_inner_network_header(skb); 504 inner_iph = (const struct iphdr *)skb_inner_network_header(skb);
505 505
506 memset(IPCB(skb), 0, sizeof(*IPCB(skb)));
506 dst = tnl_params->daddr; 507 dst = tnl_params->daddr;
507 if (dst == 0) { 508 if (dst == 0) {
508 /* NBMA tunnel */ 509 /* NBMA tunnel */
@@ -658,7 +659,6 @@ void ip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev,
658 659
659 skb_dst_drop(skb); 660 skb_dst_drop(skb);
660 skb_dst_set(skb, &rt->dst); 661 skb_dst_set(skb, &rt->dst);
661 memset(IPCB(skb), 0, sizeof(*IPCB(skb)));
662 662
663 /* Push down and install the IP header. */ 663 /* Push down and install the IP header. */
664 skb_push(skb, sizeof(struct iphdr)); 664 skb_push(skb, sizeof(struct iphdr));
diff --git a/net/ipv4/netfilter/ipt_ULOG.c b/net/ipv4/netfilter/ipt_ULOG.c
index f8a222cb6448..ff4b781b1056 100644
--- a/net/ipv4/netfilter/ipt_ULOG.c
+++ b/net/ipv4/netfilter/ipt_ULOG.c
@@ -162,7 +162,8 @@ static struct sk_buff *ulog_alloc_skb(unsigned int size)
162 return skb; 162 return skb;
163} 163}
164 164
165static void ipt_ulog_packet(unsigned int hooknum, 165static void ipt_ulog_packet(struct net *net,
166 unsigned int hooknum,
166 const struct sk_buff *skb, 167 const struct sk_buff *skb,
167 const struct net_device *in, 168 const struct net_device *in,
168 const struct net_device *out, 169 const struct net_device *out,
@@ -174,7 +175,6 @@ static void ipt_ulog_packet(unsigned int hooknum,
174 size_t size, copy_len; 175 size_t size, copy_len;
175 struct nlmsghdr *nlh; 176 struct nlmsghdr *nlh;
176 struct timeval tv; 177 struct timeval tv;
177 struct net *net = dev_net(in ? in : out);
178 struct ulog_net *ulog = ulog_pernet(net); 178 struct ulog_net *ulog = ulog_pernet(net);
179 179
180 /* ffs == find first bit set, necessary because userspace 180 /* ffs == find first bit set, necessary because userspace
@@ -231,8 +231,10 @@ static void ipt_ulog_packet(unsigned int hooknum,
231 put_unaligned(tv.tv_usec, &pm->timestamp_usec); 231 put_unaligned(tv.tv_usec, &pm->timestamp_usec);
232 put_unaligned(skb->mark, &pm->mark); 232 put_unaligned(skb->mark, &pm->mark);
233 pm->hook = hooknum; 233 pm->hook = hooknum;
234 if (prefix != NULL) 234 if (prefix != NULL) {
235 strncpy(pm->prefix, prefix, sizeof(pm->prefix)); 235 strncpy(pm->prefix, prefix, sizeof(pm->prefix) - 1);
236 pm->prefix[sizeof(pm->prefix) - 1] = '\0';
237 }
236 else if (loginfo->prefix[0] != '\0') 238 else if (loginfo->prefix[0] != '\0')
237 strncpy(pm->prefix, loginfo->prefix, sizeof(pm->prefix)); 239 strncpy(pm->prefix, loginfo->prefix, sizeof(pm->prefix));
238 else 240 else
@@ -291,12 +293,15 @@ alloc_failure:
291static unsigned int 293static unsigned int
292ulog_tg(struct sk_buff *skb, const struct xt_action_param *par) 294ulog_tg(struct sk_buff *skb, const struct xt_action_param *par)
293{ 295{
294 ipt_ulog_packet(par->hooknum, skb, par->in, par->out, 296 struct net *net = dev_net(par->in ? par->in : par->out);
297
298 ipt_ulog_packet(net, par->hooknum, skb, par->in, par->out,
295 par->targinfo, NULL); 299 par->targinfo, NULL);
296 return XT_CONTINUE; 300 return XT_CONTINUE;
297} 301}
298 302
299static void ipt_logfn(u_int8_t pf, 303static void ipt_logfn(struct net *net,
304 u_int8_t pf,
300 unsigned int hooknum, 305 unsigned int hooknum,
301 const struct sk_buff *skb, 306 const struct sk_buff *skb,
302 const struct net_device *in, 307 const struct net_device *in,
@@ -318,7 +323,7 @@ static void ipt_logfn(u_int8_t pf,
318 strlcpy(loginfo.prefix, prefix, sizeof(loginfo.prefix)); 323 strlcpy(loginfo.prefix, prefix, sizeof(loginfo.prefix));
319 } 324 }
320 325
321 ipt_ulog_packet(hooknum, skb, in, out, &loginfo, prefix); 326 ipt_ulog_packet(net, hooknum, skb, in, out, &loginfo, prefix);
322} 327}
323 328
324static int ulog_tg_check(const struct xt_tgchk_param *par) 329static int ulog_tg_check(const struct xt_tgchk_param *par)
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index 550781a17b34..d35bbf0cf404 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -737,10 +737,15 @@ static void ip_do_redirect(struct dst_entry *dst, struct sock *sk, struct sk_buf
737{ 737{
738 struct rtable *rt; 738 struct rtable *rt;
739 struct flowi4 fl4; 739 struct flowi4 fl4;
740 const struct iphdr *iph = (const struct iphdr *) skb->data;
741 int oif = skb->dev->ifindex;
742 u8 tos = RT_TOS(iph->tos);
743 u8 prot = iph->protocol;
744 u32 mark = skb->mark;
740 745
741 rt = (struct rtable *) dst; 746 rt = (struct rtable *) dst;
742 747
743 ip_rt_build_flow_key(&fl4, sk, skb); 748 __build_flow_key(&fl4, sk, iph, oif, tos, prot, mark, 0);
744 __ip_do_redirect(rt, skb, &fl4, true); 749 __ip_do_redirect(rt, skb, &fl4, true);
745} 750}
746 751
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index dcb116dde216..ab450c099aa4 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -2887,6 +2887,7 @@ struct sk_buff *tcp_tso_segment(struct sk_buff *skb,
2887 unsigned int mss; 2887 unsigned int mss;
2888 struct sk_buff *gso_skb = skb; 2888 struct sk_buff *gso_skb = skb;
2889 __sum16 newcheck; 2889 __sum16 newcheck;
2890 bool ooo_okay, copy_destructor;
2890 2891
2891 if (!pskb_may_pull(skb, sizeof(*th))) 2892 if (!pskb_may_pull(skb, sizeof(*th)))
2892 goto out; 2893 goto out;
@@ -2927,10 +2928,18 @@ struct sk_buff *tcp_tso_segment(struct sk_buff *skb,
2927 goto out; 2928 goto out;
2928 } 2929 }
2929 2930
2931 copy_destructor = gso_skb->destructor == tcp_wfree;
2932 ooo_okay = gso_skb->ooo_okay;
2933 /* All segments but the first should have ooo_okay cleared */
2934 skb->ooo_okay = 0;
2935
2930 segs = skb_segment(skb, features); 2936 segs = skb_segment(skb, features);
2931 if (IS_ERR(segs)) 2937 if (IS_ERR(segs))
2932 goto out; 2938 goto out;
2933 2939
2940 /* Only first segment might have ooo_okay set */
2941 segs->ooo_okay = ooo_okay;
2942
2934 delta = htonl(oldlen + (thlen + mss)); 2943 delta = htonl(oldlen + (thlen + mss));
2935 2944
2936 skb = segs; 2945 skb = segs;
@@ -2950,6 +2959,17 @@ struct sk_buff *tcp_tso_segment(struct sk_buff *skb,
2950 thlen, skb->csum)); 2959 thlen, skb->csum));
2951 2960
2952 seq += mss; 2961 seq += mss;
2962 if (copy_destructor) {
2963 skb->destructor = gso_skb->destructor;
2964 skb->sk = gso_skb->sk;
2965 /* {tcp|sock}_wfree() use exact truesize accounting :
2966 * sum(skb->truesize) MUST be exactly be gso_skb->truesize
2967 * So we account mss bytes of 'true size' for each segment.
2968 * The last segment will contain the remaining.
2969 */
2970 skb->truesize = mss;
2971 gso_skb->truesize -= mss;
2972 }
2953 skb = skb->next; 2973 skb = skb->next;
2954 th = tcp_hdr(skb); 2974 th = tcp_hdr(skb);
2955 2975
@@ -2962,7 +2982,7 @@ struct sk_buff *tcp_tso_segment(struct sk_buff *skb,
2962 * is freed at TX completion, and not right now when gso_skb 2982 * is freed at TX completion, and not right now when gso_skb
2963 * is freed by GSO engine 2983 * is freed by GSO engine
2964 */ 2984 */
2965 if (gso_skb->destructor == tcp_wfree) { 2985 if (copy_destructor) {
2966 swap(gso_skb->sk, skb->sk); 2986 swap(gso_skb->sk, skb->sk);
2967 swap(gso_skb->destructor, skb->destructor); 2987 swap(gso_skb->destructor, skb->destructor);
2968 swap(gso_skb->truesize, skb->truesize); 2988 swap(gso_skb->truesize, skb->truesize);
@@ -3269,8 +3289,11 @@ int tcp_md5_hash_skb_data(struct tcp_md5sig_pool *hp,
3269 3289
3270 for (i = 0; i < shi->nr_frags; ++i) { 3290 for (i = 0; i < shi->nr_frags; ++i) {
3271 const struct skb_frag_struct *f = &shi->frags[i]; 3291 const struct skb_frag_struct *f = &shi->frags[i];
3272 struct page *page = skb_frag_page(f); 3292 unsigned int offset = f->page_offset;
3273 sg_set_page(&sg, page, skb_frag_size(f), f->page_offset); 3293 struct page *page = skb_frag_page(f) + (offset >> PAGE_SHIFT);
3294
3295 sg_set_page(&sg, page, skb_frag_size(f),
3296 offset_in_page(offset));
3274 if (crypto_hash_update(desc, &sg, skb_frag_size(f))) 3297 if (crypto_hash_update(desc, &sg, skb_frag_size(f)))
3275 return 1; 3298 return 1;
3276 } 3299 }
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index 08bbe6096528..9c6225780bd5 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -2743,8 +2743,8 @@ static void tcp_process_loss(struct sock *sk, int flag, bool is_dupack)
2743 * tcp_xmit_retransmit_queue(). 2743 * tcp_xmit_retransmit_queue().
2744 */ 2744 */
2745static void tcp_fastretrans_alert(struct sock *sk, int pkts_acked, 2745static void tcp_fastretrans_alert(struct sock *sk, int pkts_acked,
2746 int prior_sacked, bool is_dupack, 2746 int prior_sacked, int prior_packets,
2747 int flag) 2747 bool is_dupack, int flag)
2748{ 2748{
2749 struct inet_connection_sock *icsk = inet_csk(sk); 2749 struct inet_connection_sock *icsk = inet_csk(sk);
2750 struct tcp_sock *tp = tcp_sk(sk); 2750 struct tcp_sock *tp = tcp_sk(sk);
@@ -2804,7 +2804,8 @@ static void tcp_fastretrans_alert(struct sock *sk, int pkts_acked,
2804 tcp_add_reno_sack(sk); 2804 tcp_add_reno_sack(sk);
2805 } else 2805 } else
2806 do_lost = tcp_try_undo_partial(sk, pkts_acked); 2806 do_lost = tcp_try_undo_partial(sk, pkts_acked);
2807 newly_acked_sacked = pkts_acked + tp->sacked_out - prior_sacked; 2807 newly_acked_sacked = prior_packets - tp->packets_out +
2808 tp->sacked_out - prior_sacked;
2808 break; 2809 break;
2809 case TCP_CA_Loss: 2810 case TCP_CA_Loss:
2810 tcp_process_loss(sk, flag, is_dupack); 2811 tcp_process_loss(sk, flag, is_dupack);
@@ -2818,7 +2819,8 @@ static void tcp_fastretrans_alert(struct sock *sk, int pkts_acked,
2818 if (is_dupack) 2819 if (is_dupack)
2819 tcp_add_reno_sack(sk); 2820 tcp_add_reno_sack(sk);
2820 } 2821 }
2821 newly_acked_sacked = pkts_acked + tp->sacked_out - prior_sacked; 2822 newly_acked_sacked = prior_packets - tp->packets_out +
2823 tp->sacked_out - prior_sacked;
2822 2824
2823 if (icsk->icsk_ca_state <= TCP_CA_Disorder) 2825 if (icsk->icsk_ca_state <= TCP_CA_Disorder)
2824 tcp_try_undo_dsack(sk); 2826 tcp_try_undo_dsack(sk);
@@ -3330,9 +3332,10 @@ static int tcp_ack(struct sock *sk, const struct sk_buff *skb, int flag)
3330 bool is_dupack = false; 3332 bool is_dupack = false;
3331 u32 prior_in_flight; 3333 u32 prior_in_flight;
3332 u32 prior_fackets; 3334 u32 prior_fackets;
3333 int prior_packets; 3335 int prior_packets = tp->packets_out;
3334 int prior_sacked = tp->sacked_out; 3336 int prior_sacked = tp->sacked_out;
3335 int pkts_acked = 0; 3337 int pkts_acked = 0;
3338 int previous_packets_out = 0;
3336 3339
3337 /* If the ack is older than previous acks 3340 /* If the ack is older than previous acks
3338 * then we can probably ignore it. 3341 * then we can probably ignore it.
@@ -3403,14 +3406,14 @@ static int tcp_ack(struct sock *sk, const struct sk_buff *skb, int flag)
3403 sk->sk_err_soft = 0; 3406 sk->sk_err_soft = 0;
3404 icsk->icsk_probes_out = 0; 3407 icsk->icsk_probes_out = 0;
3405 tp->rcv_tstamp = tcp_time_stamp; 3408 tp->rcv_tstamp = tcp_time_stamp;
3406 prior_packets = tp->packets_out;
3407 if (!prior_packets) 3409 if (!prior_packets)
3408 goto no_queue; 3410 goto no_queue;
3409 3411
3410 /* See if we can take anything off of the retransmit queue. */ 3412 /* See if we can take anything off of the retransmit queue. */
3413 previous_packets_out = tp->packets_out;
3411 flag |= tcp_clean_rtx_queue(sk, prior_fackets, prior_snd_una); 3414 flag |= tcp_clean_rtx_queue(sk, prior_fackets, prior_snd_una);
3412 3415
3413 pkts_acked = prior_packets - tp->packets_out; 3416 pkts_acked = previous_packets_out - tp->packets_out;
3414 3417
3415 if (tcp_ack_is_dubious(sk, flag)) { 3418 if (tcp_ack_is_dubious(sk, flag)) {
3416 /* Advance CWND, if state allows this. */ 3419 /* Advance CWND, if state allows this. */
@@ -3418,7 +3421,7 @@ static int tcp_ack(struct sock *sk, const struct sk_buff *skb, int flag)
3418 tcp_cong_avoid(sk, ack, prior_in_flight); 3421 tcp_cong_avoid(sk, ack, prior_in_flight);
3419 is_dupack = !(flag & (FLAG_SND_UNA_ADVANCED | FLAG_NOT_DUP)); 3422 is_dupack = !(flag & (FLAG_SND_UNA_ADVANCED | FLAG_NOT_DUP));
3420 tcp_fastretrans_alert(sk, pkts_acked, prior_sacked, 3423 tcp_fastretrans_alert(sk, pkts_acked, prior_sacked,
3421 is_dupack, flag); 3424 prior_packets, is_dupack, flag);
3422 } else { 3425 } else {
3423 if (flag & FLAG_DATA_ACKED) 3426 if (flag & FLAG_DATA_ACKED)
3424 tcp_cong_avoid(sk, ack, prior_in_flight); 3427 tcp_cong_avoid(sk, ack, prior_in_flight);
@@ -3441,7 +3444,7 @@ no_queue:
3441 /* If data was DSACKed, see if we can undo a cwnd reduction. */ 3444 /* If data was DSACKed, see if we can undo a cwnd reduction. */
3442 if (flag & FLAG_DSACKING_ACK) 3445 if (flag & FLAG_DSACKING_ACK)
3443 tcp_fastretrans_alert(sk, pkts_acked, prior_sacked, 3446 tcp_fastretrans_alert(sk, pkts_acked, prior_sacked,
3444 is_dupack, flag); 3447 prior_packets, is_dupack, flag);
3445 /* If this ack opens up a zero window, clear backoff. It was 3448 /* If this ack opens up a zero window, clear backoff. It was
3446 * being used to time the probes, and is probably far higher than 3449 * being used to time the probes, and is probably far higher than
3447 * it needs to be for normal retransmission. 3450 * it needs to be for normal retransmission.
@@ -3464,7 +3467,7 @@ old_ack:
3464 if (TCP_SKB_CB(skb)->sacked) { 3467 if (TCP_SKB_CB(skb)->sacked) {
3465 flag |= tcp_sacktag_write_queue(sk, skb, prior_snd_una); 3468 flag |= tcp_sacktag_write_queue(sk, skb, prior_snd_una);
3466 tcp_fastretrans_alert(sk, pkts_acked, prior_sacked, 3469 tcp_fastretrans_alert(sk, pkts_acked, prior_sacked,
3467 is_dupack, flag); 3470 prior_packets, is_dupack, flag);
3468 } 3471 }
3469 3472
3470 SOCK_DEBUG(sk, "Ack %u before %u:%u\n", ack, tp->snd_una, tp->snd_nxt); 3473 SOCK_DEBUG(sk, "Ack %u before %u:%u\n", ack, tp->snd_una, tp->snd_nxt);
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index 536d40929ba6..ec335fabd5cc 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -874,11 +874,13 @@ static int tcp_transmit_skb(struct sock *sk, struct sk_buff *skb, int clone_it,
874 &md5); 874 &md5);
875 tcp_header_size = tcp_options_size + sizeof(struct tcphdr); 875 tcp_header_size = tcp_options_size + sizeof(struct tcphdr);
876 876
877 if (tcp_packets_in_flight(tp) == 0) { 877 if (tcp_packets_in_flight(tp) == 0)
878 tcp_ca_event(sk, CA_EVENT_TX_START); 878 tcp_ca_event(sk, CA_EVENT_TX_START);
879 skb->ooo_okay = 1; 879
880 } else 880 /* if no packet is in qdisc/device queue, then allow XPS to select
881 skb->ooo_okay = 0; 881 * another queue.
882 */
883 skb->ooo_okay = sk_wmem_alloc_get(sk) == 0;
882 884
883 skb_push(skb, tcp_header_size); 885 skb_push(skb, tcp_header_size);
884 skb_reset_transport_header(skb); 886 skb_reset_transport_header(skb);
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index d1ab6ab29a55..1bbf744c2cc3 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -1487,7 +1487,7 @@ static int ipv6_count_addresses(struct inet6_dev *idev)
1487} 1487}
1488 1488
1489int ipv6_chk_addr(struct net *net, const struct in6_addr *addr, 1489int ipv6_chk_addr(struct net *net, const struct in6_addr *addr,
1490 struct net_device *dev, int strict) 1490 const struct net_device *dev, int strict)
1491{ 1491{
1492 struct inet6_ifaddr *ifp; 1492 struct inet6_ifaddr *ifp;
1493 unsigned int hash = inet6_addr_hash(addr); 1493 unsigned int hash = inet6_addr_hash(addr);
@@ -2658,8 +2658,10 @@ static void init_loopback(struct net_device *dev)
2658 sp_rt = addrconf_dst_alloc(idev, &sp_ifa->addr, 0); 2658 sp_rt = addrconf_dst_alloc(idev, &sp_ifa->addr, 0);
2659 2659
2660 /* Failure cases are ignored */ 2660 /* Failure cases are ignored */
2661 if (!IS_ERR(sp_rt)) 2661 if (!IS_ERR(sp_rt)) {
2662 sp_ifa->rt = sp_rt;
2662 ip6_ins_rt(sp_rt); 2663 ip6_ins_rt(sp_rt);
2664 }
2663 } 2665 }
2664 read_unlock_bh(&idev->lock); 2666 read_unlock_bh(&idev->lock);
2665 } 2667 }
diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c
index d3ddd8400354..ecd60733e5e2 100644
--- a/net/ipv6/ip6_gre.c
+++ b/net/ipv6/ip6_gre.c
@@ -1081,6 +1081,7 @@ static int ip6gre_tunnel_ioctl(struct net_device *dev,
1081 } 1081 }
1082 if (t == NULL) 1082 if (t == NULL)
1083 t = netdev_priv(dev); 1083 t = netdev_priv(dev);
1084 memset(&p, 0, sizeof(p));
1084 ip6gre_tnl_parm_to_user(&p, &t->parms); 1085 ip6gre_tnl_parm_to_user(&p, &t->parms);
1085 if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p))) 1086 if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p)))
1086 err = -EFAULT; 1087 err = -EFAULT;
@@ -1128,6 +1129,7 @@ static int ip6gre_tunnel_ioctl(struct net_device *dev,
1128 if (t) { 1129 if (t) {
1129 err = 0; 1130 err = 0;
1130 1131
1132 memset(&p, 0, sizeof(p));
1131 ip6gre_tnl_parm_to_user(&p, &t->parms); 1133 ip6gre_tnl_parm_to_user(&p, &t->parms);
1132 if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p))) 1134 if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p)))
1133 err = -EFAULT; 1135 err = -EFAULT;
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index d2eedf192330..dae1949019d7 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -1147,7 +1147,7 @@ int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to,
1147 if (WARN_ON(np->cork.opt)) 1147 if (WARN_ON(np->cork.opt))
1148 return -EINVAL; 1148 return -EINVAL;
1149 1149
1150 np->cork.opt = kmalloc(opt->tot_len, sk->sk_allocation); 1150 np->cork.opt = kzalloc(opt->tot_len, sk->sk_allocation);
1151 if (unlikely(np->cork.opt == NULL)) 1151 if (unlikely(np->cork.opt == NULL))
1152 return -ENOBUFS; 1152 return -ENOBUFS;
1153 1153
diff --git a/net/ipv6/netfilter.c b/net/ipv6/netfilter.c
index 72836f40b730..95f3f1da0d7f 100644
--- a/net/ipv6/netfilter.c
+++ b/net/ipv6/netfilter.c
@@ -10,6 +10,7 @@
10#include <linux/netfilter.h> 10#include <linux/netfilter.h>
11#include <linux/netfilter_ipv6.h> 11#include <linux/netfilter_ipv6.h>
12#include <linux/export.h> 12#include <linux/export.h>
13#include <net/addrconf.h>
13#include <net/dst.h> 14#include <net/dst.h>
14#include <net/ipv6.h> 15#include <net/ipv6.h>
15#include <net/ip6_route.h> 16#include <net/ip6_route.h>
@@ -186,6 +187,10 @@ static __sum16 nf_ip6_checksum_partial(struct sk_buff *skb, unsigned int hook,
186 return csum; 187 return csum;
187}; 188};
188 189
190static const struct nf_ipv6_ops ipv6ops = {
191 .chk_addr = ipv6_chk_addr,
192};
193
189static const struct nf_afinfo nf_ip6_afinfo = { 194static const struct nf_afinfo nf_ip6_afinfo = {
190 .family = AF_INET6, 195 .family = AF_INET6,
191 .checksum = nf_ip6_checksum, 196 .checksum = nf_ip6_checksum,
@@ -198,6 +203,7 @@ static const struct nf_afinfo nf_ip6_afinfo = {
198 203
199int __init ipv6_netfilter_init(void) 204int __init ipv6_netfilter_init(void)
200{ 205{
206 RCU_INIT_POINTER(nf_ipv6_ops, &ipv6ops);
201 return nf_register_afinfo(&nf_ip6_afinfo); 207 return nf_register_afinfo(&nf_ip6_afinfo);
202} 208}
203 209
@@ -206,5 +212,6 @@ int __init ipv6_netfilter_init(void)
206 */ 212 */
207void ipv6_netfilter_fini(void) 213void ipv6_netfilter_fini(void)
208{ 214{
215 RCU_INIT_POINTER(nf_ipv6_ops, NULL);
209 nf_unregister_afinfo(&nf_ip6_afinfo); 216 nf_unregister_afinfo(&nf_ip6_afinfo);
210} 217}
diff --git a/net/ipv6/proc.c b/net/ipv6/proc.c
index f3c1ff4357ff..51c3285b5d9b 100644
--- a/net/ipv6/proc.c
+++ b/net/ipv6/proc.c
@@ -90,7 +90,7 @@ static const struct snmp_mib snmp6_ipstats_list[] = {
90 SNMP_MIB_ITEM("Ip6OutMcastOctets", IPSTATS_MIB_OUTMCASTOCTETS), 90 SNMP_MIB_ITEM("Ip6OutMcastOctets", IPSTATS_MIB_OUTMCASTOCTETS),
91 SNMP_MIB_ITEM("Ip6InBcastOctets", IPSTATS_MIB_INBCASTOCTETS), 91 SNMP_MIB_ITEM("Ip6InBcastOctets", IPSTATS_MIB_INBCASTOCTETS),
92 SNMP_MIB_ITEM("Ip6OutBcastOctets", IPSTATS_MIB_OUTBCASTOCTETS), 92 SNMP_MIB_ITEM("Ip6OutBcastOctets", IPSTATS_MIB_OUTBCASTOCTETS),
93 SNMP_MIB_ITEM("InCsumErrors", IPSTATS_MIB_CSUMERRORS), 93 /* IPSTATS_MIB_CSUMERRORS is not relevant in IPv6 (no checksum) */
94 SNMP_MIB_SENTINEL 94 SNMP_MIB_SENTINEL
95}; 95};
96 96
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index 71167069b394..0a17ed9eaf39 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -1890,6 +1890,17 @@ void tcp6_proc_exit(struct net *net)
1890} 1890}
1891#endif 1891#endif
1892 1892
1893static void tcp_v6_clear_sk(struct sock *sk, int size)
1894{
1895 struct inet_sock *inet = inet_sk(sk);
1896
1897 /* we do not want to clear pinet6 field, because of RCU lookups */
1898 sk_prot_clear_nulls(sk, offsetof(struct inet_sock, pinet6));
1899
1900 size -= offsetof(struct inet_sock, pinet6) + sizeof(inet->pinet6);
1901 memset(&inet->pinet6 + 1, 0, size);
1902}
1903
1893struct proto tcpv6_prot = { 1904struct proto tcpv6_prot = {
1894 .name = "TCPv6", 1905 .name = "TCPv6",
1895 .owner = THIS_MODULE, 1906 .owner = THIS_MODULE,
@@ -1933,6 +1944,7 @@ struct proto tcpv6_prot = {
1933#ifdef CONFIG_MEMCG_KMEM 1944#ifdef CONFIG_MEMCG_KMEM
1934 .proto_cgroup = tcp_proto_cgroup, 1945 .proto_cgroup = tcp_proto_cgroup,
1935#endif 1946#endif
1947 .clear_sk = tcp_v6_clear_sk,
1936}; 1948};
1937 1949
1938static const struct inet6_protocol tcpv6_protocol = { 1950static const struct inet6_protocol tcpv6_protocol = {
diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
index d4defdd44937..42923b14dfa6 100644
--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -1432,6 +1432,17 @@ void udp6_proc_exit(struct net *net) {
1432} 1432}
1433#endif /* CONFIG_PROC_FS */ 1433#endif /* CONFIG_PROC_FS */
1434 1434
1435void udp_v6_clear_sk(struct sock *sk, int size)
1436{
1437 struct inet_sock *inet = inet_sk(sk);
1438
1439 /* we do not want to clear pinet6 field, because of RCU lookups */
1440 sk_prot_clear_portaddr_nulls(sk, offsetof(struct inet_sock, pinet6));
1441
1442 size -= offsetof(struct inet_sock, pinet6) + sizeof(inet->pinet6);
1443 memset(&inet->pinet6 + 1, 0, size);
1444}
1445
1435/* ------------------------------------------------------------------------ */ 1446/* ------------------------------------------------------------------------ */
1436 1447
1437struct proto udpv6_prot = { 1448struct proto udpv6_prot = {
@@ -1462,7 +1473,7 @@ struct proto udpv6_prot = {
1462 .compat_setsockopt = compat_udpv6_setsockopt, 1473 .compat_setsockopt = compat_udpv6_setsockopt,
1463 .compat_getsockopt = compat_udpv6_getsockopt, 1474 .compat_getsockopt = compat_udpv6_getsockopt,
1464#endif 1475#endif
1465 .clear_sk = sk_prot_clear_portaddr_nulls, 1476 .clear_sk = udp_v6_clear_sk,
1466}; 1477};
1467 1478
1468static struct inet_protosw udpv6_protosw = { 1479static struct inet_protosw udpv6_protosw = {
diff --git a/net/ipv6/udp_impl.h b/net/ipv6/udp_impl.h
index d7571046bfc4..4691ed50a928 100644
--- a/net/ipv6/udp_impl.h
+++ b/net/ipv6/udp_impl.h
@@ -31,6 +31,8 @@ extern int udpv6_recvmsg(struct kiocb *iocb, struct sock *sk,
31extern int udpv6_queue_rcv_skb(struct sock * sk, struct sk_buff *skb); 31extern int udpv6_queue_rcv_skb(struct sock * sk, struct sk_buff *skb);
32extern void udpv6_destroy_sock(struct sock *sk); 32extern void udpv6_destroy_sock(struct sock *sk);
33 33
34extern void udp_v6_clear_sk(struct sock *sk, int size);
35
34#ifdef CONFIG_PROC_FS 36#ifdef CONFIG_PROC_FS
35extern int udp6_seq_show(struct seq_file *seq, void *v); 37extern int udp6_seq_show(struct seq_file *seq, void *v);
36#endif 38#endif
diff --git a/net/ipv6/udp_offload.c b/net/ipv6/udp_offload.c
index 3bb3a891a424..d3cfaf9c7a08 100644
--- a/net/ipv6/udp_offload.c
+++ b/net/ipv6/udp_offload.c
@@ -46,11 +46,12 @@ static struct sk_buff *udp6_ufo_fragment(struct sk_buff *skb,
46 unsigned int mss; 46 unsigned int mss;
47 unsigned int unfrag_ip6hlen, unfrag_len; 47 unsigned int unfrag_ip6hlen, unfrag_len;
48 struct frag_hdr *fptr; 48 struct frag_hdr *fptr;
49 u8 *mac_start, *prevhdr; 49 u8 *packet_start, *prevhdr;
50 u8 nexthdr; 50 u8 nexthdr;
51 u8 frag_hdr_sz = sizeof(struct frag_hdr); 51 u8 frag_hdr_sz = sizeof(struct frag_hdr);
52 int offset; 52 int offset;
53 __wsum csum; 53 __wsum csum;
54 int tnl_hlen;
54 55
55 mss = skb_shinfo(skb)->gso_size; 56 mss = skb_shinfo(skb)->gso_size;
56 if (unlikely(skb->len <= mss)) 57 if (unlikely(skb->len <= mss))
@@ -83,9 +84,11 @@ static struct sk_buff *udp6_ufo_fragment(struct sk_buff *skb,
83 skb->ip_summed = CHECKSUM_NONE; 84 skb->ip_summed = CHECKSUM_NONE;
84 85
85 /* Check if there is enough headroom to insert fragment header. */ 86 /* Check if there is enough headroom to insert fragment header. */
86 if ((skb_mac_header(skb) < skb->head + frag_hdr_sz) && 87 tnl_hlen = skb_tnl_header_len(skb);
87 pskb_expand_head(skb, frag_hdr_sz, 0, GFP_ATOMIC)) 88 if (skb_headroom(skb) < (tnl_hlen + frag_hdr_sz)) {
88 goto out; 89 if (gso_pskb_expand_head(skb, tnl_hlen + frag_hdr_sz))
90 goto out;
91 }
89 92
90 /* Find the unfragmentable header and shift it left by frag_hdr_sz 93 /* Find the unfragmentable header and shift it left by frag_hdr_sz
91 * bytes to insert fragment header. 94 * bytes to insert fragment header.
@@ -93,11 +96,12 @@ static struct sk_buff *udp6_ufo_fragment(struct sk_buff *skb,
93 unfrag_ip6hlen = ip6_find_1stfragopt(skb, &prevhdr); 96 unfrag_ip6hlen = ip6_find_1stfragopt(skb, &prevhdr);
94 nexthdr = *prevhdr; 97 nexthdr = *prevhdr;
95 *prevhdr = NEXTHDR_FRAGMENT; 98 *prevhdr = NEXTHDR_FRAGMENT;
96 unfrag_len = skb_network_header(skb) - skb_mac_header(skb) + 99 unfrag_len = (skb_network_header(skb) - skb_mac_header(skb)) +
97 unfrag_ip6hlen; 100 unfrag_ip6hlen + tnl_hlen;
98 mac_start = skb_mac_header(skb); 101 packet_start = (u8 *) skb->head + SKB_GSO_CB(skb)->mac_offset;
99 memmove(mac_start-frag_hdr_sz, mac_start, unfrag_len); 102 memmove(packet_start-frag_hdr_sz, packet_start, unfrag_len);
100 103
104 SKB_GSO_CB(skb)->mac_offset -= frag_hdr_sz;
101 skb->mac_header -= frag_hdr_sz; 105 skb->mac_header -= frag_hdr_sz;
102 skb->network_header -= frag_hdr_sz; 106 skb->network_header -= frag_hdr_sz;
103 107
diff --git a/net/ipv6/udplite.c b/net/ipv6/udplite.c
index 1d08e21d9f69..dfcc4be46898 100644
--- a/net/ipv6/udplite.c
+++ b/net/ipv6/udplite.c
@@ -56,7 +56,7 @@ struct proto udplitev6_prot = {
56 .compat_setsockopt = compat_udpv6_setsockopt, 56 .compat_setsockopt = compat_udpv6_setsockopt,
57 .compat_getsockopt = compat_udpv6_getsockopt, 57 .compat_getsockopt = compat_udpv6_getsockopt,
58#endif 58#endif
59 .clear_sk = sk_prot_clear_portaddr_nulls, 59 .clear_sk = udp_v6_clear_sk,
60}; 60};
61 61
62static struct inet_protosw udplite6_protosw = { 62static struct inet_protosw udplite6_protosw = {
diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c
index 4ef7bdb65440..23ed03d786c8 100644
--- a/net/ipv6/xfrm6_policy.c
+++ b/net/ipv6/xfrm6_policy.c
@@ -103,8 +103,10 @@ static int xfrm6_fill_dst(struct xfrm_dst *xdst, struct net_device *dev,
103 dev_hold(dev); 103 dev_hold(dev);
104 104
105 xdst->u.rt6.rt6i_idev = in6_dev_get(dev); 105 xdst->u.rt6.rt6i_idev = in6_dev_get(dev);
106 if (!xdst->u.rt6.rt6i_idev) 106 if (!xdst->u.rt6.rt6i_idev) {
107 dev_put(dev);
107 return -ENODEV; 108 return -ENODEV;
109 }
108 110
109 rt6_transfer_peer(&xdst->u.rt6, rt); 111 rt6_transfer_peer(&xdst->u.rt6, rt);
110 112
diff --git a/net/irda/irlap_frame.c b/net/irda/irlap_frame.c
index 8c004161a843..9ea0c933b9ff 100644
--- a/net/irda/irlap_frame.c
+++ b/net/irda/irlap_frame.c
@@ -544,7 +544,7 @@ static void irlap_recv_discovery_xid_cmd(struct irlap_cb *self,
544 /* 544 /*
545 * We now have some discovery info to deliver! 545 * We now have some discovery info to deliver!
546 */ 546 */
547 discovery = kmalloc(sizeof(discovery_t), GFP_ATOMIC); 547 discovery = kzalloc(sizeof(discovery_t), GFP_ATOMIC);
548 if (!discovery) { 548 if (!discovery) {
549 IRDA_WARNING("%s: unable to malloc!\n", __func__); 549 IRDA_WARNING("%s: unable to malloc!\n", __func__);
550 return; 550 return;
diff --git a/net/key/af_key.c b/net/key/af_key.c
index 5b1e5af25713..c5fbd7589681 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -2366,6 +2366,8 @@ static int pfkey_spddelete(struct sock *sk, struct sk_buff *skb, const struct sa
2366 2366
2367out: 2367out:
2368 xfrm_pol_put(xp); 2368 xfrm_pol_put(xp);
2369 if (err == 0)
2370 xfrm_garbage_collect(net);
2369 return err; 2371 return err;
2370} 2372}
2371 2373
@@ -2615,6 +2617,8 @@ static int pfkey_spdget(struct sock *sk, struct sk_buff *skb, const struct sadb_
2615 2617
2616out: 2618out:
2617 xfrm_pol_put(xp); 2619 xfrm_pol_put(xp);
2620 if (delete && err == 0)
2621 xfrm_garbage_collect(net);
2618 return err; 2622 return err;
2619} 2623}
2620 2624
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index 158e6eb188d3..44be28cfc6c4 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -1267,6 +1267,7 @@ void ieee80211_sta_reset_conn_monitor(struct ieee80211_sub_if_data *sdata);
1267void ieee80211_mgd_stop(struct ieee80211_sub_if_data *sdata); 1267void ieee80211_mgd_stop(struct ieee80211_sub_if_data *sdata);
1268void ieee80211_mgd_conn_tx_status(struct ieee80211_sub_if_data *sdata, 1268void ieee80211_mgd_conn_tx_status(struct ieee80211_sub_if_data *sdata,
1269 __le16 fc, bool acked); 1269 __le16 fc, bool acked);
1270void ieee80211_sta_restart(struct ieee80211_sub_if_data *sdata);
1270 1271
1271/* IBSS code */ 1272/* IBSS code */
1272void ieee80211_ibss_notify_scan_completed(struct ieee80211_local *local); 1273void ieee80211_ibss_notify_scan_completed(struct ieee80211_local *local);
diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
index 60f1ce5e5e52..98d20c0f6fed 100644
--- a/net/mac80211/iface.c
+++ b/net/mac80211/iface.c
@@ -159,9 +159,10 @@ static int ieee80211_change_mtu(struct net_device *dev, int new_mtu)
159 return 0; 159 return 0;
160} 160}
161 161
162static int ieee80211_verify_mac(struct ieee80211_local *local, u8 *addr) 162static int ieee80211_verify_mac(struct ieee80211_sub_if_data *sdata, u8 *addr)
163{ 163{
164 struct ieee80211_sub_if_data *sdata; 164 struct ieee80211_local *local = sdata->local;
165 struct ieee80211_sub_if_data *iter;
165 u64 new, mask, tmp; 166 u64 new, mask, tmp;
166 u8 *m; 167 u8 *m;
167 int ret = 0; 168 int ret = 0;
@@ -181,11 +182,14 @@ static int ieee80211_verify_mac(struct ieee80211_local *local, u8 *addr)
181 182
182 183
183 mutex_lock(&local->iflist_mtx); 184 mutex_lock(&local->iflist_mtx);
184 list_for_each_entry(sdata, &local->interfaces, list) { 185 list_for_each_entry(iter, &local->interfaces, list) {
185 if (sdata->vif.type == NL80211_IFTYPE_MONITOR) 186 if (iter == sdata)
187 continue;
188
189 if (iter->vif.type == NL80211_IFTYPE_MONITOR)
186 continue; 190 continue;
187 191
188 m = sdata->vif.addr; 192 m = iter->vif.addr;
189 tmp = ((u64)m[0] << 5*8) | ((u64)m[1] << 4*8) | 193 tmp = ((u64)m[0] << 5*8) | ((u64)m[1] << 4*8) |
190 ((u64)m[2] << 3*8) | ((u64)m[3] << 2*8) | 194 ((u64)m[2] << 3*8) | ((u64)m[3] << 2*8) |
191 ((u64)m[4] << 1*8) | ((u64)m[5] << 0*8); 195 ((u64)m[4] << 1*8) | ((u64)m[5] << 0*8);
@@ -209,7 +213,7 @@ static int ieee80211_change_mac(struct net_device *dev, void *addr)
209 if (ieee80211_sdata_running(sdata)) 213 if (ieee80211_sdata_running(sdata))
210 return -EBUSY; 214 return -EBUSY;
211 215
212 ret = ieee80211_verify_mac(sdata->local, sa->sa_data); 216 ret = ieee80211_verify_mac(sdata, sa->sa_data);
213 if (ret) 217 if (ret)
214 return ret; 218 return ret;
215 219
@@ -474,6 +478,9 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up)
474 master->control_port_protocol; 478 master->control_port_protocol;
475 sdata->control_port_no_encrypt = 479 sdata->control_port_no_encrypt =
476 master->control_port_no_encrypt; 480 master->control_port_no_encrypt;
481 sdata->vif.cab_queue = master->vif.cab_queue;
482 memcpy(sdata->vif.hw_queue, master->vif.hw_queue,
483 sizeof(sdata->vif.hw_queue));
477 break; 484 break;
478 } 485 }
479 case NL80211_IFTYPE_AP: 486 case NL80211_IFTYPE_AP:
@@ -653,7 +660,11 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up)
653 660
654 ieee80211_recalc_ps(local, -1); 661 ieee80211_recalc_ps(local, -1);
655 662
656 if (dev) { 663 if (sdata->vif.type == NL80211_IFTYPE_MONITOR ||
664 sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
665 /* XXX: for AP_VLAN, actually track AP queues */
666 netif_tx_start_all_queues(dev);
667 } else if (dev) {
657 unsigned long flags; 668 unsigned long flags;
658 int n_acs = IEEE80211_NUM_ACS; 669 int n_acs = IEEE80211_NUM_ACS;
659 int ac; 670 int ac;
@@ -1479,7 +1490,17 @@ static void ieee80211_assign_perm_addr(struct ieee80211_local *local,
1479 break; 1490 break;
1480 } 1491 }
1481 1492
1493 /*
1494 * Pick address of existing interface in case user changed
1495 * MAC address manually, default to perm_addr.
1496 */
1482 m = local->hw.wiphy->perm_addr; 1497 m = local->hw.wiphy->perm_addr;
1498 list_for_each_entry(sdata, &local->interfaces, list) {
1499 if (sdata->vif.type == NL80211_IFTYPE_MONITOR)
1500 continue;
1501 m = sdata->vif.addr;
1502 break;
1503 }
1483 start = ((u64)m[0] << 5*8) | ((u64)m[1] << 4*8) | 1504 start = ((u64)m[0] << 5*8) | ((u64)m[1] << 4*8) |
1484 ((u64)m[2] << 3*8) | ((u64)m[3] << 2*8) | 1505 ((u64)m[2] << 3*8) | ((u64)m[3] << 2*8) |
1485 ((u64)m[4] << 1*8) | ((u64)m[5] << 0*8); 1506 ((u64)m[4] << 1*8) | ((u64)m[5] << 0*8);
@@ -1696,6 +1717,15 @@ void ieee80211_remove_interfaces(struct ieee80211_local *local)
1696 1717
1697 ASSERT_RTNL(); 1718 ASSERT_RTNL();
1698 1719
1720 /*
1721 * Close all AP_VLAN interfaces first, as otherwise they
1722 * might be closed while the AP interface they belong to
1723 * is closed, causing unregister_netdevice_many() to crash.
1724 */
1725 list_for_each_entry(sdata, &local->interfaces, list)
1726 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
1727 dev_close(sdata->dev);
1728
1699 mutex_lock(&local->iflist_mtx); 1729 mutex_lock(&local->iflist_mtx);
1700 list_for_each_entry_safe(sdata, tmp, &local->interfaces, list) { 1730 list_for_each_entry_safe(sdata, tmp, &local->interfaces, list) {
1701 list_del(&sdata->list); 1731 list_del(&sdata->list);
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index 29620bfc7a69..a8c2130c8ba4 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -1015,7 +1015,8 @@ static void ieee80211_chswitch_timer(unsigned long data)
1015 1015
1016static void 1016static void
1017ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata, 1017ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata,
1018 u64 timestamp, struct ieee802_11_elems *elems) 1018 u64 timestamp, struct ieee802_11_elems *elems,
1019 bool beacon)
1019{ 1020{
1020 struct ieee80211_local *local = sdata->local; 1021 struct ieee80211_local *local = sdata->local;
1021 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1022 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
@@ -1032,6 +1033,7 @@ ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata,
1032 struct cfg80211_chan_def new_vht_chandef = {}; 1033 struct cfg80211_chan_def new_vht_chandef = {};
1033 const struct ieee80211_sec_chan_offs_ie *sec_chan_offs; 1034 const struct ieee80211_sec_chan_offs_ie *sec_chan_offs;
1034 const struct ieee80211_wide_bw_chansw_ie *wide_bw_chansw_ie; 1035 const struct ieee80211_wide_bw_chansw_ie *wide_bw_chansw_ie;
1036 const struct ieee80211_ht_operation *ht_oper;
1035 int secondary_channel_offset = -1; 1037 int secondary_channel_offset = -1;
1036 1038
1037 ASSERT_MGD_MTX(ifmgd); 1039 ASSERT_MGD_MTX(ifmgd);
@@ -1048,11 +1050,14 @@ ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata,
1048 1050
1049 sec_chan_offs = elems->sec_chan_offs; 1051 sec_chan_offs = elems->sec_chan_offs;
1050 wide_bw_chansw_ie = elems->wide_bw_chansw_ie; 1052 wide_bw_chansw_ie = elems->wide_bw_chansw_ie;
1053 ht_oper = elems->ht_operation;
1051 1054
1052 if (ifmgd->flags & (IEEE80211_STA_DISABLE_HT | 1055 if (ifmgd->flags & (IEEE80211_STA_DISABLE_HT |
1053 IEEE80211_STA_DISABLE_40MHZ)) { 1056 IEEE80211_STA_DISABLE_40MHZ)) {
1054 sec_chan_offs = NULL; 1057 sec_chan_offs = NULL;
1055 wide_bw_chansw_ie = NULL; 1058 wide_bw_chansw_ie = NULL;
1059 /* only used for bandwidth here */
1060 ht_oper = NULL;
1056 } 1061 }
1057 1062
1058 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT) 1063 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT)
@@ -1094,10 +1099,20 @@ ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata,
1094 return; 1099 return;
1095 } 1100 }
1096 1101
1097 if (sec_chan_offs) { 1102 if (!beacon && sec_chan_offs) {
1098 secondary_channel_offset = sec_chan_offs->sec_chan_offs; 1103 secondary_channel_offset = sec_chan_offs->sec_chan_offs;
1104 } else if (beacon && ht_oper) {
1105 secondary_channel_offset =
1106 ht_oper->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET;
1099 } else if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) { 1107 } else if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) {
1100 /* if HT is enabled and the IE not present, it's still HT */ 1108 /*
1109 * If it's not a beacon, HT is enabled and the IE not present,
1110 * it's 20 MHz, 802.11-2012 8.5.2.6:
1111 * This element [the Secondary Channel Offset Element] is
1112 * present when switching to a 40 MHz channel. It may be
1113 * present when switching to a 20 MHz channel (in which
1114 * case the secondary channel offset is set to SCN).
1115 */
1101 secondary_channel_offset = IEEE80211_HT_PARAM_CHA_SEC_NONE; 1116 secondary_channel_offset = IEEE80211_HT_PARAM_CHA_SEC_NONE;
1102 } 1117 }
1103 1118
@@ -2796,7 +2811,8 @@ static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
2796 mutex_unlock(&local->iflist_mtx); 2811 mutex_unlock(&local->iflist_mtx);
2797 } 2812 }
2798 2813
2799 ieee80211_sta_process_chanswitch(sdata, rx_status->mactime, elems); 2814 ieee80211_sta_process_chanswitch(sdata, rx_status->mactime,
2815 elems, true);
2800 2816
2801} 2817}
2802 2818
@@ -3210,7 +3226,7 @@ void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
3210 3226
3211 ieee80211_sta_process_chanswitch(sdata, 3227 ieee80211_sta_process_chanswitch(sdata,
3212 rx_status->mactime, 3228 rx_status->mactime,
3213 &elems); 3229 &elems, false);
3214 } else if (mgmt->u.action.category == WLAN_CATEGORY_PUBLIC) { 3230 } else if (mgmt->u.action.category == WLAN_CATEGORY_PUBLIC) {
3215 ies_len = skb->len - 3231 ies_len = skb->len -
3216 offsetof(struct ieee80211_mgmt, 3232 offsetof(struct ieee80211_mgmt,
@@ -3232,7 +3248,7 @@ void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
3232 3248
3233 ieee80211_sta_process_chanswitch(sdata, 3249 ieee80211_sta_process_chanswitch(sdata,
3234 rx_status->mactime, 3250 rx_status->mactime,
3235 &elems); 3251 &elems, false);
3236 } 3252 }
3237 break; 3253 break;
3238 } 3254 }
@@ -3305,10 +3321,6 @@ static int ieee80211_probe_auth(struct ieee80211_sub_if_data *sdata)
3305 if (WARN_ON_ONCE(!auth_data)) 3321 if (WARN_ON_ONCE(!auth_data))
3306 return -EINVAL; 3322 return -EINVAL;
3307 3323
3308 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)
3309 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS |
3310 IEEE80211_TX_INTFL_MLME_CONN_TX;
3311
3312 auth_data->tries++; 3324 auth_data->tries++;
3313 3325
3314 if (auth_data->tries > IEEE80211_AUTH_MAX_TRIES) { 3326 if (auth_data->tries > IEEE80211_AUTH_MAX_TRIES) {
@@ -3342,6 +3354,10 @@ static int ieee80211_probe_auth(struct ieee80211_sub_if_data *sdata)
3342 auth_data->expected_transaction = trans; 3354 auth_data->expected_transaction = trans;
3343 } 3355 }
3344 3356
3357 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)
3358 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS |
3359 IEEE80211_TX_INTFL_MLME_CONN_TX;
3360
3345 ieee80211_send_auth(sdata, trans, auth_data->algorithm, status, 3361 ieee80211_send_auth(sdata, trans, auth_data->algorithm, status,
3346 auth_data->data, auth_data->data_len, 3362 auth_data->data, auth_data->data_len,
3347 auth_data->bss->bssid, 3363 auth_data->bss->bssid,
@@ -3365,12 +3381,12 @@ static int ieee80211_probe_auth(struct ieee80211_sub_if_data *sdata)
3365 * will not answer to direct packet in unassociated state. 3381 * will not answer to direct packet in unassociated state.
3366 */ 3382 */
3367 ieee80211_send_probe_req(sdata, NULL, ssidie + 2, ssidie[1], 3383 ieee80211_send_probe_req(sdata, NULL, ssidie + 2, ssidie[1],
3368 NULL, 0, (u32) -1, true, tx_flags, 3384 NULL, 0, (u32) -1, true, 0,
3369 auth_data->bss->channel, false); 3385 auth_data->bss->channel, false);
3370 rcu_read_unlock(); 3386 rcu_read_unlock();
3371 } 3387 }
3372 3388
3373 if (!(local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)) { 3389 if (tx_flags == 0) {
3374 auth_data->timeout = jiffies + IEEE80211_AUTH_TIMEOUT; 3390 auth_data->timeout = jiffies + IEEE80211_AUTH_TIMEOUT;
3375 ifmgd->auth_data->timeout_started = true; 3391 ifmgd->auth_data->timeout_started = true;
3376 run_again(ifmgd, auth_data->timeout); 3392 run_again(ifmgd, auth_data->timeout);
@@ -3623,6 +3639,31 @@ static void ieee80211_restart_sta_timer(struct ieee80211_sub_if_data *sdata)
3623 } 3639 }
3624} 3640}
3625 3641
3642#ifdef CONFIG_PM
3643void ieee80211_sta_restart(struct ieee80211_sub_if_data *sdata)
3644{
3645 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3646
3647 mutex_lock(&ifmgd->mtx);
3648 if (!ifmgd->associated) {
3649 mutex_unlock(&ifmgd->mtx);
3650 return;
3651 }
3652
3653 if (sdata->flags & IEEE80211_SDATA_DISCONNECT_RESUME) {
3654 sdata->flags &= ~IEEE80211_SDATA_DISCONNECT_RESUME;
3655 mlme_dbg(sdata, "driver requested disconnect after resume\n");
3656 ieee80211_sta_connection_lost(sdata,
3657 ifmgd->associated->bssid,
3658 WLAN_REASON_UNSPECIFIED,
3659 true);
3660 mutex_unlock(&ifmgd->mtx);
3661 return;
3662 }
3663 mutex_unlock(&ifmgd->mtx);
3664}
3665#endif
3666
3626/* interface setup */ 3667/* interface setup */
3627void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata) 3668void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata)
3628{ 3669{
@@ -4329,7 +4370,7 @@ int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,
4329 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4370 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4330 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4371 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
4331 bool tx = !req->local_state_change; 4372 bool tx = !req->local_state_change;
4332 bool sent_frame = false; 4373 bool report_frame = false;
4333 4374
4334 mutex_lock(&ifmgd->mtx); 4375 mutex_lock(&ifmgd->mtx);
4335 4376
@@ -4346,7 +4387,7 @@ int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,
4346 ieee80211_destroy_auth_data(sdata, false); 4387 ieee80211_destroy_auth_data(sdata, false);
4347 mutex_unlock(&ifmgd->mtx); 4388 mutex_unlock(&ifmgd->mtx);
4348 4389
4349 sent_frame = tx; 4390 report_frame = true;
4350 goto out; 4391 goto out;
4351 } 4392 }
4352 4393
@@ -4354,12 +4395,12 @@ int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,
4354 ether_addr_equal(ifmgd->associated->bssid, req->bssid)) { 4395 ether_addr_equal(ifmgd->associated->bssid, req->bssid)) {
4355 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 4396 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
4356 req->reason_code, tx, frame_buf); 4397 req->reason_code, tx, frame_buf);
4357 sent_frame = tx; 4398 report_frame = true;
4358 } 4399 }
4359 mutex_unlock(&ifmgd->mtx); 4400 mutex_unlock(&ifmgd->mtx);
4360 4401
4361 out: 4402 out:
4362 if (sent_frame) 4403 if (report_frame)
4363 __cfg80211_send_deauth(sdata->dev, frame_buf, 4404 __cfg80211_send_deauth(sdata->dev, frame_buf,
4364 IEEE80211_DEAUTH_FRAME_LEN); 4405 IEEE80211_DEAUTH_FRAME_LEN);
4365 4406
diff --git a/net/mac80211/rate.c b/net/mac80211/rate.c
index 0d51877efdb7..d3f414fe67e0 100644
--- a/net/mac80211/rate.c
+++ b/net/mac80211/rate.c
@@ -688,8 +688,15 @@ int rate_control_set_rates(struct ieee80211_hw *hw,
688 struct ieee80211_sta *pubsta, 688 struct ieee80211_sta *pubsta,
689 struct ieee80211_sta_rates *rates) 689 struct ieee80211_sta_rates *rates)
690{ 690{
691 struct ieee80211_sta_rates *old = rcu_dereference(pubsta->rates); 691 struct ieee80211_sta_rates *old;
692 692
693 /*
694 * mac80211 guarantees that this function will not be called
695 * concurrently, so the following RCU access is safe, even without
696 * extra locking. This can not be checked easily, so we just set
697 * the condition to true.
698 */
699 old = rcu_dereference_protected(pubsta->rates, true);
693 rcu_assign_pointer(pubsta->rates, rates); 700 rcu_assign_pointer(pubsta->rates, rates);
694 if (old) 701 if (old)
695 kfree_rcu(old, rcu_head); 702 kfree_rcu(old, rcu_head);
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index c8447af76ead..8e2952620256 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -3036,6 +3036,9 @@ static int prepare_for_handlers(struct ieee80211_rx_data *rx,
3036 * and location updates. Note that mac80211 3036 * and location updates. Note that mac80211
3037 * itself never looks at these frames. 3037 * itself never looks at these frames.
3038 */ 3038 */
3039 if (!multicast &&
3040 !ether_addr_equal(sdata->vif.addr, hdr->addr1))
3041 return 0;
3039 if (ieee80211_is_public_action(hdr, skb->len)) 3042 if (ieee80211_is_public_action(hdr, skb->len))
3040 return 1; 3043 return 1;
3041 if (!ieee80211_is_beacon(hdr->frame_control)) 3044 if (!ieee80211_is_beacon(hdr->frame_control))
diff --git a/net/mac80211/tkip.c b/net/mac80211/tkip.c
index 3ed801d90f1e..124b1fdc20d0 100644
--- a/net/mac80211/tkip.c
+++ b/net/mac80211/tkip.c
@@ -208,10 +208,10 @@ void ieee80211_get_tkip_p2k(struct ieee80211_key_conf *keyconf,
208 u32 iv32 = get_unaligned_le32(&data[4]); 208 u32 iv32 = get_unaligned_le32(&data[4]);
209 u16 iv16 = data[2] | (data[0] << 8); 209 u16 iv16 = data[2] | (data[0] << 8);
210 210
211 spin_lock_bh(&key->u.tkip.txlock); 211 spin_lock(&key->u.tkip.txlock);
212 ieee80211_compute_tkip_p1k(key, iv32); 212 ieee80211_compute_tkip_p1k(key, iv32);
213 tkip_mixing_phase2(tk, ctx, iv16, p2k); 213 tkip_mixing_phase2(tk, ctx, iv16, p2k);
214 spin_unlock_bh(&key->u.tkip.txlock); 214 spin_unlock(&key->u.tkip.txlock);
215} 215}
216EXPORT_SYMBOL(ieee80211_get_tkip_p2k); 216EXPORT_SYMBOL(ieee80211_get_tkip_p2k);
217 217
diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index 3f87fa468b1f..27e07150eb46 100644
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -1740,6 +1740,13 @@ int ieee80211_reconfig(struct ieee80211_local *local)
1740 mb(); 1740 mb();
1741 local->resuming = false; 1741 local->resuming = false;
1742 1742
1743 list_for_each_entry(sdata, &local->interfaces, list) {
1744 if (!ieee80211_sdata_running(sdata))
1745 continue;
1746 if (sdata->vif.type == NL80211_IFTYPE_STATION)
1747 ieee80211_sta_restart(sdata);
1748 }
1749
1743 mod_timer(&local->sta_cleanup, jiffies + 1); 1750 mod_timer(&local->sta_cleanup, jiffies + 1);
1744#else 1751#else
1745 WARN_ON(1); 1752 WARN_ON(1);
diff --git a/net/netfilter/core.c b/net/netfilter/core.c
index 07c865a31a3d..857ca9f35177 100644
--- a/net/netfilter/core.c
+++ b/net/netfilter/core.c
@@ -30,6 +30,8 @@ static DEFINE_MUTEX(afinfo_mutex);
30 30
31const struct nf_afinfo __rcu *nf_afinfo[NFPROTO_NUMPROTO] __read_mostly; 31const struct nf_afinfo __rcu *nf_afinfo[NFPROTO_NUMPROTO] __read_mostly;
32EXPORT_SYMBOL(nf_afinfo); 32EXPORT_SYMBOL(nf_afinfo);
33const struct nf_ipv6_ops __rcu *nf_ipv6_ops __read_mostly;
34EXPORT_SYMBOL_GPL(nf_ipv6_ops);
33 35
34int nf_register_afinfo(const struct nf_afinfo *afinfo) 36int nf_register_afinfo(const struct nf_afinfo *afinfo)
35{ 37{
diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
index 085b5880ab0d..05565d2b3a61 100644
--- a/net/netfilter/ipvs/ip_vs_core.c
+++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -1001,6 +1001,32 @@ static inline int is_tcp_reset(const struct sk_buff *skb, int nh_len)
1001 return th->rst; 1001 return th->rst;
1002} 1002}
1003 1003
1004static inline bool is_new_conn(const struct sk_buff *skb,
1005 struct ip_vs_iphdr *iph)
1006{
1007 switch (iph->protocol) {
1008 case IPPROTO_TCP: {
1009 struct tcphdr _tcph, *th;
1010
1011 th = skb_header_pointer(skb, iph->len, sizeof(_tcph), &_tcph);
1012 if (th == NULL)
1013 return false;
1014 return th->syn;
1015 }
1016 case IPPROTO_SCTP: {
1017 sctp_chunkhdr_t *sch, schunk;
1018
1019 sch = skb_header_pointer(skb, iph->len + sizeof(sctp_sctphdr_t),
1020 sizeof(schunk), &schunk);
1021 if (sch == NULL)
1022 return false;
1023 return sch->type == SCTP_CID_INIT;
1024 }
1025 default:
1026 return false;
1027 }
1028}
1029
1004/* Handle response packets: rewrite addresses and send away... 1030/* Handle response packets: rewrite addresses and send away...
1005 */ 1031 */
1006static unsigned int 1032static unsigned int
@@ -1612,6 +1638,15 @@ ip_vs_in(unsigned int hooknum, struct sk_buff *skb, int af)
1612 * Check if the packet belongs to an existing connection entry 1638 * Check if the packet belongs to an existing connection entry
1613 */ 1639 */
1614 cp = pp->conn_in_get(af, skb, &iph, 0); 1640 cp = pp->conn_in_get(af, skb, &iph, 0);
1641
1642 if (unlikely(sysctl_expire_nodest_conn(ipvs)) && cp && cp->dest &&
1643 unlikely(!atomic_read(&cp->dest->weight)) && !iph.fragoffs &&
1644 is_new_conn(skb, &iph)) {
1645 ip_vs_conn_expire_now(cp);
1646 __ip_vs_conn_put(cp);
1647 cp = NULL;
1648 }
1649
1615 if (unlikely(!cp) && !iph.fragoffs) { 1650 if (unlikely(!cp) && !iph.fragoffs) {
1616 /* No (second) fragments need to enter here, as nf_defrag_ipv6 1651 /* No (second) fragments need to enter here, as nf_defrag_ipv6
1617 * replayed fragment zero will already have created the cp 1652 * replayed fragment zero will already have created the cp
diff --git a/net/netfilter/ipvs/ip_vs_sh.c b/net/netfilter/ipvs/ip_vs_sh.c
index 0df269d7c99f..a65edfe4b16c 100644
--- a/net/netfilter/ipvs/ip_vs_sh.c
+++ b/net/netfilter/ipvs/ip_vs_sh.c
@@ -67,8 +67,8 @@ struct ip_vs_sh_bucket {
67#define IP_VS_SH_TAB_MASK (IP_VS_SH_TAB_SIZE - 1) 67#define IP_VS_SH_TAB_MASK (IP_VS_SH_TAB_SIZE - 1)
68 68
69struct ip_vs_sh_state { 69struct ip_vs_sh_state {
70 struct ip_vs_sh_bucket buckets[IP_VS_SH_TAB_SIZE];
71 struct rcu_head rcu_head; 70 struct rcu_head rcu_head;
71 struct ip_vs_sh_bucket buckets[IP_VS_SH_TAB_SIZE];
72}; 72};
73 73
74/* 74/*
diff --git a/net/netfilter/nf_log.c b/net/netfilter/nf_log.c
index 388656d5a9ec..3b18dd1be7d9 100644
--- a/net/netfilter/nf_log.c
+++ b/net/netfilter/nf_log.c
@@ -148,7 +148,7 @@ void nf_log_packet(struct net *net,
148 va_start(args, fmt); 148 va_start(args, fmt);
149 vsnprintf(prefix, sizeof(prefix), fmt, args); 149 vsnprintf(prefix, sizeof(prefix), fmt, args);
150 va_end(args); 150 va_end(args);
151 logger->logfn(pf, hooknum, skb, in, out, loginfo, prefix); 151 logger->logfn(net, pf, hooknum, skb, in, out, loginfo, prefix);
152 } 152 }
153 rcu_read_unlock(); 153 rcu_read_unlock();
154} 154}
@@ -368,17 +368,20 @@ static int __net_init nf_log_net_init(struct net *net)
368 return 0; 368 return 0;
369 369
370out_sysctl: 370out_sysctl:
371#ifdef CONFIG_PROC_FS
371 /* For init_net: errors will trigger panic, don't unroll on error. */ 372 /* For init_net: errors will trigger panic, don't unroll on error. */
372 if (!net_eq(net, &init_net)) 373 if (!net_eq(net, &init_net))
373 remove_proc_entry("nf_log", net->nf.proc_netfilter); 374 remove_proc_entry("nf_log", net->nf.proc_netfilter);
374 375#endif
375 return ret; 376 return ret;
376} 377}
377 378
378static void __net_exit nf_log_net_exit(struct net *net) 379static void __net_exit nf_log_net_exit(struct net *net)
379{ 380{
380 netfilter_log_sysctl_exit(net); 381 netfilter_log_sysctl_exit(net);
382#ifdef CONFIG_PROC_FS
381 remove_proc_entry("nf_log", net->nf.proc_netfilter); 383 remove_proc_entry("nf_log", net->nf.proc_netfilter);
384#endif
382} 385}
383 386
384static struct pernet_operations nf_log_net_ops = { 387static struct pernet_operations nf_log_net_ops = {
diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c
index faf1e9300d8a..962e9792e317 100644
--- a/net/netfilter/nfnetlink_log.c
+++ b/net/netfilter/nfnetlink_log.c
@@ -602,7 +602,8 @@ static struct nf_loginfo default_loginfo = {
602 602
603/* log handler for internal netfilter logging api */ 603/* log handler for internal netfilter logging api */
604void 604void
605nfulnl_log_packet(u_int8_t pf, 605nfulnl_log_packet(struct net *net,
606 u_int8_t pf,
606 unsigned int hooknum, 607 unsigned int hooknum,
607 const struct sk_buff *skb, 608 const struct sk_buff *skb,
608 const struct net_device *in, 609 const struct net_device *in,
@@ -615,7 +616,6 @@ nfulnl_log_packet(u_int8_t pf,
615 const struct nf_loginfo *li; 616 const struct nf_loginfo *li;
616 unsigned int qthreshold; 617 unsigned int qthreshold;
617 unsigned int plen; 618 unsigned int plen;
618 struct net *net = dev_net(in ? in : out);
619 struct nfnl_log_net *log = nfnl_log_pernet(net); 619 struct nfnl_log_net *log = nfnl_log_pernet(net);
620 620
621 if (li_user && li_user->type == NF_LOG_TYPE_ULOG) 621 if (li_user && li_user->type == NF_LOG_TYPE_ULOG)
@@ -1045,7 +1045,9 @@ static int __net_init nfnl_log_net_init(struct net *net)
1045 1045
1046static void __net_exit nfnl_log_net_exit(struct net *net) 1046static void __net_exit nfnl_log_net_exit(struct net *net)
1047{ 1047{
1048#ifdef CONFIG_PROC_FS
1048 remove_proc_entry("nfnetlink_log", net->nf.proc_netfilter); 1049 remove_proc_entry("nfnetlink_log", net->nf.proc_netfilter);
1050#endif
1049} 1051}
1050 1052
1051static struct pernet_operations nfnl_log_net_ops = { 1053static struct pernet_operations nfnl_log_net_ops = {
diff --git a/net/netfilter/nfnetlink_queue_core.c b/net/netfilter/nfnetlink_queue_core.c
index 2e0e835baf72..4e27fa035814 100644
--- a/net/netfilter/nfnetlink_queue_core.c
+++ b/net/netfilter/nfnetlink_queue_core.c
@@ -1285,7 +1285,9 @@ static int __net_init nfnl_queue_net_init(struct net *net)
1285 1285
1286static void __net_exit nfnl_queue_net_exit(struct net *net) 1286static void __net_exit nfnl_queue_net_exit(struct net *net)
1287{ 1287{
1288#ifdef CONFIG_PROC_FS
1288 remove_proc_entry("nfnetlink_queue", net->nf.proc_netfilter); 1289 remove_proc_entry("nfnetlink_queue", net->nf.proc_netfilter);
1290#endif
1289} 1291}
1290 1292
1291static struct pernet_operations nfnl_queue_net_ops = { 1293static struct pernet_operations nfnl_queue_net_ops = {
diff --git a/net/netfilter/xt_LOG.c b/net/netfilter/xt_LOG.c
index fe573f6c9e91..5ab24843370a 100644
--- a/net/netfilter/xt_LOG.c
+++ b/net/netfilter/xt_LOG.c
@@ -466,7 +466,8 @@ log_packet_common(struct sbuff *m,
466 466
467 467
468static void 468static void
469ipt_log_packet(u_int8_t pf, 469ipt_log_packet(struct net *net,
470 u_int8_t pf,
470 unsigned int hooknum, 471 unsigned int hooknum,
471 const struct sk_buff *skb, 472 const struct sk_buff *skb,
472 const struct net_device *in, 473 const struct net_device *in,
@@ -475,7 +476,6 @@ ipt_log_packet(u_int8_t pf,
475 const char *prefix) 476 const char *prefix)
476{ 477{
477 struct sbuff *m; 478 struct sbuff *m;
478 struct net *net = dev_net(in ? in : out);
479 479
480 /* FIXME: Disabled from containers until syslog ns is supported */ 480 /* FIXME: Disabled from containers until syslog ns is supported */
481 if (!net_eq(net, &init_net)) 481 if (!net_eq(net, &init_net))
@@ -737,7 +737,7 @@ static void dump_ipv6_packet(struct sbuff *m,
737 dump_sk_uid_gid(m, skb->sk); 737 dump_sk_uid_gid(m, skb->sk);
738 738
739 /* Max length: 16 "MARK=0xFFFFFFFF " */ 739 /* Max length: 16 "MARK=0xFFFFFFFF " */
740 if (!recurse && skb->mark) 740 if (recurse && skb->mark)
741 sb_add(m, "MARK=0x%x ", skb->mark); 741 sb_add(m, "MARK=0x%x ", skb->mark);
742} 742}
743 743
@@ -797,7 +797,8 @@ fallback:
797} 797}
798 798
799static void 799static void
800ip6t_log_packet(u_int8_t pf, 800ip6t_log_packet(struct net *net,
801 u_int8_t pf,
801 unsigned int hooknum, 802 unsigned int hooknum,
802 const struct sk_buff *skb, 803 const struct sk_buff *skb,
803 const struct net_device *in, 804 const struct net_device *in,
@@ -806,7 +807,6 @@ ip6t_log_packet(u_int8_t pf,
806 const char *prefix) 807 const char *prefix)
807{ 808{
808 struct sbuff *m; 809 struct sbuff *m;
809 struct net *net = dev_net(in ? in : out);
810 810
811 /* FIXME: Disabled from containers until syslog ns is supported */ 811 /* FIXME: Disabled from containers until syslog ns is supported */
812 if (!net_eq(net, &init_net)) 812 if (!net_eq(net, &init_net))
@@ -833,17 +833,18 @@ log_tg(struct sk_buff *skb, const struct xt_action_param *par)
833{ 833{
834 const struct xt_log_info *loginfo = par->targinfo; 834 const struct xt_log_info *loginfo = par->targinfo;
835 struct nf_loginfo li; 835 struct nf_loginfo li;
836 struct net *net = dev_net(par->in ? par->in : par->out);
836 837
837 li.type = NF_LOG_TYPE_LOG; 838 li.type = NF_LOG_TYPE_LOG;
838 li.u.log.level = loginfo->level; 839 li.u.log.level = loginfo->level;
839 li.u.log.logflags = loginfo->logflags; 840 li.u.log.logflags = loginfo->logflags;
840 841
841 if (par->family == NFPROTO_IPV4) 842 if (par->family == NFPROTO_IPV4)
842 ipt_log_packet(NFPROTO_IPV4, par->hooknum, skb, par->in, 843 ipt_log_packet(net, NFPROTO_IPV4, par->hooknum, skb, par->in,
843 par->out, &li, loginfo->prefix); 844 par->out, &li, loginfo->prefix);
844#if IS_ENABLED(CONFIG_IP6_NF_IPTABLES) 845#if IS_ENABLED(CONFIG_IP6_NF_IPTABLES)
845 else if (par->family == NFPROTO_IPV6) 846 else if (par->family == NFPROTO_IPV6)
846 ip6t_log_packet(NFPROTO_IPV6, par->hooknum, skb, par->in, 847 ip6t_log_packet(net, NFPROTO_IPV6, par->hooknum, skb, par->in,
847 par->out, &li, loginfo->prefix); 848 par->out, &li, loginfo->prefix);
848#endif 849#endif
849 else 850 else
diff --git a/net/netfilter/xt_NFLOG.c b/net/netfilter/xt_NFLOG.c
index a17dd0f589b2..fb7497c928a0 100644
--- a/net/netfilter/xt_NFLOG.c
+++ b/net/netfilter/xt_NFLOG.c
@@ -26,13 +26,14 @@ nflog_tg(struct sk_buff *skb, const struct xt_action_param *par)
26{ 26{
27 const struct xt_nflog_info *info = par->targinfo; 27 const struct xt_nflog_info *info = par->targinfo;
28 struct nf_loginfo li; 28 struct nf_loginfo li;
29 struct net *net = dev_net(par->in ? par->in : par->out);
29 30
30 li.type = NF_LOG_TYPE_ULOG; 31 li.type = NF_LOG_TYPE_ULOG;
31 li.u.ulog.copy_len = info->len; 32 li.u.ulog.copy_len = info->len;
32 li.u.ulog.group = info->group; 33 li.u.ulog.group = info->group;
33 li.u.ulog.qthreshold = info->threshold; 34 li.u.ulog.qthreshold = info->threshold;
34 35
35 nfulnl_log_packet(par->family, par->hooknum, skb, par->in, 36 nfulnl_log_packet(net, par->family, par->hooknum, skb, par->in,
36 par->out, &li, info->prefix); 37 par->out, &li, info->prefix);
37 return XT_CONTINUE; 38 return XT_CONTINUE;
38} 39}
diff --git a/net/netfilter/xt_TCPOPTSTRIP.c b/net/netfilter/xt_TCPOPTSTRIP.c
index 25fd1c4e1eec..1eb1a44bfd3d 100644
--- a/net/netfilter/xt_TCPOPTSTRIP.c
+++ b/net/netfilter/xt_TCPOPTSTRIP.c
@@ -30,17 +30,28 @@ static inline unsigned int optlen(const u_int8_t *opt, unsigned int offset)
30 30
31static unsigned int 31static unsigned int
32tcpoptstrip_mangle_packet(struct sk_buff *skb, 32tcpoptstrip_mangle_packet(struct sk_buff *skb,
33 const struct xt_tcpoptstrip_target_info *info, 33 const struct xt_action_param *par,
34 unsigned int tcphoff, unsigned int minlen) 34 unsigned int tcphoff, unsigned int minlen)
35{ 35{
36 const struct xt_tcpoptstrip_target_info *info = par->targinfo;
36 unsigned int optl, i, j; 37 unsigned int optl, i, j;
37 struct tcphdr *tcph; 38 struct tcphdr *tcph;
38 u_int16_t n, o; 39 u_int16_t n, o;
39 u_int8_t *opt; 40 u_int8_t *opt;
41 int len;
42
43 /* This is a fragment, no TCP header is available */
44 if (par->fragoff != 0)
45 return XT_CONTINUE;
40 46
41 if (!skb_make_writable(skb, skb->len)) 47 if (!skb_make_writable(skb, skb->len))
42 return NF_DROP; 48 return NF_DROP;
43 49
50 len = skb->len - tcphoff;
51 if (len < (int)sizeof(struct tcphdr) ||
52 tcp_hdr(skb)->doff * 4 > len)
53 return NF_DROP;
54
44 tcph = (struct tcphdr *)(skb_network_header(skb) + tcphoff); 55 tcph = (struct tcphdr *)(skb_network_header(skb) + tcphoff);
45 opt = (u_int8_t *)tcph; 56 opt = (u_int8_t *)tcph;
46 57
@@ -76,7 +87,7 @@ tcpoptstrip_mangle_packet(struct sk_buff *skb,
76static unsigned int 87static unsigned int
77tcpoptstrip_tg4(struct sk_buff *skb, const struct xt_action_param *par) 88tcpoptstrip_tg4(struct sk_buff *skb, const struct xt_action_param *par)
78{ 89{
79 return tcpoptstrip_mangle_packet(skb, par->targinfo, ip_hdrlen(skb), 90 return tcpoptstrip_mangle_packet(skb, par, ip_hdrlen(skb),
80 sizeof(struct iphdr) + sizeof(struct tcphdr)); 91 sizeof(struct iphdr) + sizeof(struct tcphdr));
81} 92}
82 93
@@ -94,7 +105,7 @@ tcpoptstrip_tg6(struct sk_buff *skb, const struct xt_action_param *par)
94 if (tcphoff < 0) 105 if (tcphoff < 0)
95 return NF_DROP; 106 return NF_DROP;
96 107
97 return tcpoptstrip_mangle_packet(skb, par->targinfo, tcphoff, 108 return tcpoptstrip_mangle_packet(skb, par, tcphoff,
98 sizeof(*ipv6h) + sizeof(struct tcphdr)); 109 sizeof(*ipv6h) + sizeof(struct tcphdr));
99} 110}
100#endif 111#endif
diff --git a/net/netfilter/xt_addrtype.c b/net/netfilter/xt_addrtype.c
index 49c5ff7f6dd6..68ff29f60867 100644
--- a/net/netfilter/xt_addrtype.c
+++ b/net/netfilter/xt_addrtype.c
@@ -22,6 +22,7 @@
22#include <net/ip6_fib.h> 22#include <net/ip6_fib.h>
23#endif 23#endif
24 24
25#include <linux/netfilter_ipv6.h>
25#include <linux/netfilter/xt_addrtype.h> 26#include <linux/netfilter/xt_addrtype.h>
26#include <linux/netfilter/x_tables.h> 27#include <linux/netfilter/x_tables.h>
27 28
@@ -33,12 +34,12 @@ MODULE_ALIAS("ip6t_addrtype");
33 34
34#if IS_ENABLED(CONFIG_IP6_NF_IPTABLES) 35#if IS_ENABLED(CONFIG_IP6_NF_IPTABLES)
35static u32 match_lookup_rt6(struct net *net, const struct net_device *dev, 36static u32 match_lookup_rt6(struct net *net, const struct net_device *dev,
36 const struct in6_addr *addr) 37 const struct in6_addr *addr, u16 mask)
37{ 38{
38 const struct nf_afinfo *afinfo; 39 const struct nf_afinfo *afinfo;
39 struct flowi6 flow; 40 struct flowi6 flow;
40 struct rt6_info *rt; 41 struct rt6_info *rt;
41 u32 ret; 42 u32 ret = 0;
42 int route_err; 43 int route_err;
43 44
44 memset(&flow, 0, sizeof(flow)); 45 memset(&flow, 0, sizeof(flow));
@@ -49,12 +50,19 @@ static u32 match_lookup_rt6(struct net *net, const struct net_device *dev,
49 rcu_read_lock(); 50 rcu_read_lock();
50 51
51 afinfo = nf_get_afinfo(NFPROTO_IPV6); 52 afinfo = nf_get_afinfo(NFPROTO_IPV6);
52 if (afinfo != NULL) 53 if (afinfo != NULL) {
54 const struct nf_ipv6_ops *v6ops;
55
56 if (dev && (mask & XT_ADDRTYPE_LOCAL)) {
57 v6ops = nf_get_ipv6_ops();
58 if (v6ops && v6ops->chk_addr(net, addr, dev, true))
59 ret = XT_ADDRTYPE_LOCAL;
60 }
53 route_err = afinfo->route(net, (struct dst_entry **)&rt, 61 route_err = afinfo->route(net, (struct dst_entry **)&rt,
54 flowi6_to_flowi(&flow), !!dev); 62 flowi6_to_flowi(&flow), false);
55 else 63 } else {
56 route_err = 1; 64 route_err = 1;
57 65 }
58 rcu_read_unlock(); 66 rcu_read_unlock();
59 67
60 if (route_err) 68 if (route_err)
@@ -62,15 +70,12 @@ static u32 match_lookup_rt6(struct net *net, const struct net_device *dev,
62 70
63 if (rt->rt6i_flags & RTF_REJECT) 71 if (rt->rt6i_flags & RTF_REJECT)
64 ret = XT_ADDRTYPE_UNREACHABLE; 72 ret = XT_ADDRTYPE_UNREACHABLE;
65 else
66 ret = 0;
67 73
68 if (rt->rt6i_flags & RTF_LOCAL) 74 if (dev == NULL && rt->rt6i_flags & RTF_LOCAL)
69 ret |= XT_ADDRTYPE_LOCAL; 75 ret |= XT_ADDRTYPE_LOCAL;
70 if (rt->rt6i_flags & RTF_ANYCAST) 76 if (rt->rt6i_flags & RTF_ANYCAST)
71 ret |= XT_ADDRTYPE_ANYCAST; 77 ret |= XT_ADDRTYPE_ANYCAST;
72 78
73
74 dst_release(&rt->dst); 79 dst_release(&rt->dst);
75 return ret; 80 return ret;
76} 81}
@@ -90,7 +95,7 @@ static bool match_type6(struct net *net, const struct net_device *dev,
90 95
91 if ((XT_ADDRTYPE_LOCAL | XT_ADDRTYPE_ANYCAST | 96 if ((XT_ADDRTYPE_LOCAL | XT_ADDRTYPE_ANYCAST |
92 XT_ADDRTYPE_UNREACHABLE) & mask) 97 XT_ADDRTYPE_UNREACHABLE) & mask)
93 return !!(mask & match_lookup_rt6(net, dev, addr)); 98 return !!(mask & match_lookup_rt6(net, dev, addr, mask));
94 return true; 99 return true;
95} 100}
96 101
diff --git a/net/netlabel/netlabel_domainhash.c b/net/netlabel/netlabel_domainhash.c
index d8d424337550..6bb1d42f0fac 100644
--- a/net/netlabel/netlabel_domainhash.c
+++ b/net/netlabel/netlabel_domainhash.c
@@ -245,6 +245,71 @@ static void netlbl_domhsh_audit_add(struct netlbl_dom_map *entry,
245 } 245 }
246} 246}
247 247
248/**
249 * netlbl_domhsh_validate - Validate a new domain mapping entry
250 * @entry: the entry to validate
251 *
252 * This function validates the new domain mapping entry to ensure that it is
253 * a valid entry. Returns zero on success, negative values on failure.
254 *
255 */
256static int netlbl_domhsh_validate(const struct netlbl_dom_map *entry)
257{
258 struct netlbl_af4list *iter4;
259 struct netlbl_domaddr4_map *map4;
260#if IS_ENABLED(CONFIG_IPV6)
261 struct netlbl_af6list *iter6;
262 struct netlbl_domaddr6_map *map6;
263#endif /* IPv6 */
264
265 if (entry == NULL)
266 return -EINVAL;
267
268 switch (entry->type) {
269 case NETLBL_NLTYPE_UNLABELED:
270 if (entry->type_def.cipsov4 != NULL ||
271 entry->type_def.addrsel != NULL)
272 return -EINVAL;
273 break;
274 case NETLBL_NLTYPE_CIPSOV4:
275 if (entry->type_def.cipsov4 == NULL)
276 return -EINVAL;
277 break;
278 case NETLBL_NLTYPE_ADDRSELECT:
279 netlbl_af4list_foreach(iter4, &entry->type_def.addrsel->list4) {
280 map4 = netlbl_domhsh_addr4_entry(iter4);
281 switch (map4->type) {
282 case NETLBL_NLTYPE_UNLABELED:
283 if (map4->type_def.cipsov4 != NULL)
284 return -EINVAL;
285 break;
286 case NETLBL_NLTYPE_CIPSOV4:
287 if (map4->type_def.cipsov4 == NULL)
288 return -EINVAL;
289 break;
290 default:
291 return -EINVAL;
292 }
293 }
294#if IS_ENABLED(CONFIG_IPV6)
295 netlbl_af6list_foreach(iter6, &entry->type_def.addrsel->list6) {
296 map6 = netlbl_domhsh_addr6_entry(iter6);
297 switch (map6->type) {
298 case NETLBL_NLTYPE_UNLABELED:
299 break;
300 default:
301 return -EINVAL;
302 }
303 }
304#endif /* IPv6 */
305 break;
306 default:
307 return -EINVAL;
308 }
309
310 return 0;
311}
312
248/* 313/*
249 * Domain Hash Table Functions 314 * Domain Hash Table Functions
250 */ 315 */
@@ -311,6 +376,10 @@ int netlbl_domhsh_add(struct netlbl_dom_map *entry,
311 struct netlbl_af6list *tmp6; 376 struct netlbl_af6list *tmp6;
312#endif /* IPv6 */ 377#endif /* IPv6 */
313 378
379 ret_val = netlbl_domhsh_validate(entry);
380 if (ret_val != 0)
381 return ret_val;
382
314 /* XXX - we can remove this RCU read lock as the spinlock protects the 383 /* XXX - we can remove this RCU read lock as the spinlock protects the
315 * entire function, but before we do we need to fixup the 384 * entire function, but before we do we need to fixup the
316 * netlbl_af[4,6]list RCU functions to do "the right thing" with 385 * netlbl_af[4,6]list RCU functions to do "the right thing" with
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index 12ac6b47a35c..d0b3dd60d386 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -747,7 +747,7 @@ static void netlink_skb_destructor(struct sk_buff *skb)
747 atomic_dec(&ring->pending); 747 atomic_dec(&ring->pending);
748 sock_put(sk); 748 sock_put(sk);
749 749
750 skb->data = NULL; 750 skb->head = NULL;
751 } 751 }
752#endif 752#endif
753 if (skb->sk != NULL) 753 if (skb->sk != NULL)
diff --git a/net/nfc/Makefile b/net/nfc/Makefile
index fb799deaed4f..a76f4533cb6c 100644
--- a/net/nfc/Makefile
+++ b/net/nfc/Makefile
@@ -5,7 +5,6 @@
5obj-$(CONFIG_NFC) += nfc.o 5obj-$(CONFIG_NFC) += nfc.o
6obj-$(CONFIG_NFC_NCI) += nci/ 6obj-$(CONFIG_NFC_NCI) += nci/
7obj-$(CONFIG_NFC_HCI) += hci/ 7obj-$(CONFIG_NFC_HCI) += hci/
8#obj-$(CONFIG_NFC_LLCP) += llcp/
9 8
10nfc-objs := core.o netlink.o af_nfc.o rawsock.o llcp_core.o llcp_commands.o \ 9nfc-objs := core.o netlink.o af_nfc.o rawsock.o llcp_core.o llcp_commands.o \
11 llcp_sock.o 10 llcp_sock.o
diff --git a/net/sched/act_police.c b/net/sched/act_police.c
index 823463adbd21..189e3c5b3d09 100644
--- a/net/sched/act_police.c
+++ b/net/sched/act_police.c
@@ -231,14 +231,14 @@ override:
231 } 231 }
232 if (R_tab) { 232 if (R_tab) {
233 police->rate_present = true; 233 police->rate_present = true;
234 psched_ratecfg_precompute(&police->rate, R_tab->rate.rate); 234 psched_ratecfg_precompute(&police->rate, &R_tab->rate);
235 qdisc_put_rtab(R_tab); 235 qdisc_put_rtab(R_tab);
236 } else { 236 } else {
237 police->rate_present = false; 237 police->rate_present = false;
238 } 238 }
239 if (P_tab) { 239 if (P_tab) {
240 police->peak_present = true; 240 police->peak_present = true;
241 psched_ratecfg_precompute(&police->peak, P_tab->rate.rate); 241 psched_ratecfg_precompute(&police->peak, &P_tab->rate);
242 qdisc_put_rtab(P_tab); 242 qdisc_put_rtab(P_tab);
243 } else { 243 } else {
244 police->peak_present = false; 244 police->peak_present = false;
@@ -376,9 +376,9 @@ tcf_act_police_dump(struct sk_buff *skb, struct tc_action *a, int bind, int ref)
376 }; 376 };
377 377
378 if (police->rate_present) 378 if (police->rate_present)
379 opt.rate.rate = psched_ratecfg_getrate(&police->rate); 379 psched_ratecfg_getrate(&opt.rate, &police->rate);
380 if (police->peak_present) 380 if (police->peak_present)
381 opt.peakrate.rate = psched_ratecfg_getrate(&police->peak); 381 psched_ratecfg_getrate(&opt.peakrate, &police->peak);
382 if (nla_put(skb, TCA_POLICE_TBF, sizeof(opt), &opt)) 382 if (nla_put(skb, TCA_POLICE_TBF, sizeof(opt), &opt))
383 goto nla_put_failure; 383 goto nla_put_failure;
384 if (police->tcfp_result && 384 if (police->tcfp_result &&
diff --git a/net/sched/sch_generic.c b/net/sched/sch_generic.c
index eac7e0ee23c1..20224086cc28 100644
--- a/net/sched/sch_generic.c
+++ b/net/sched/sch_generic.c
@@ -898,14 +898,16 @@ void dev_shutdown(struct net_device *dev)
898 WARN_ON(timer_pending(&dev->watchdog_timer)); 898 WARN_ON(timer_pending(&dev->watchdog_timer));
899} 899}
900 900
901void psched_ratecfg_precompute(struct psched_ratecfg *r, u32 rate) 901void psched_ratecfg_precompute(struct psched_ratecfg *r,
902 const struct tc_ratespec *conf)
902{ 903{
903 u64 factor; 904 u64 factor;
904 u64 mult; 905 u64 mult;
905 int shift; 906 int shift;
906 907
907 r->rate_bps = (u64)rate << 3; 908 memset(r, 0, sizeof(*r));
908 r->shift = 0; 909 r->overhead = conf->overhead;
910 r->rate_bps = (u64)conf->rate << 3;
909 r->mult = 1; 911 r->mult = 1;
910 /* 912 /*
911 * Calibrate mult, shift so that token counting is accurate 913 * Calibrate mult, shift so that token counting is accurate
diff --git a/net/sched/sch_htb.c b/net/sched/sch_htb.c
index 79b1876b6cd2..adaedd79389c 100644
--- a/net/sched/sch_htb.c
+++ b/net/sched/sch_htb.c
@@ -109,7 +109,7 @@ struct htb_class {
109 } un; 109 } un;
110 struct rb_node node[TC_HTB_NUMPRIO]; /* node for self or feed tree */ 110 struct rb_node node[TC_HTB_NUMPRIO]; /* node for self or feed tree */
111 struct rb_node pq_node; /* node for event queue */ 111 struct rb_node pq_node; /* node for event queue */
112 psched_time_t pq_key; 112 s64 pq_key;
113 113
114 int prio_activity; /* for which prios are we active */ 114 int prio_activity; /* for which prios are we active */
115 enum htb_cmode cmode; /* current mode of the class */ 115 enum htb_cmode cmode; /* current mode of the class */
@@ -121,10 +121,10 @@ struct htb_class {
121 /* token bucket parameters */ 121 /* token bucket parameters */
122 struct psched_ratecfg rate; 122 struct psched_ratecfg rate;
123 struct psched_ratecfg ceil; 123 struct psched_ratecfg ceil;
124 s64 buffer, cbuffer; /* token bucket depth/rate */ 124 s64 buffer, cbuffer; /* token bucket depth/rate */
125 psched_tdiff_t mbuffer; /* max wait time */ 125 s64 mbuffer; /* max wait time */
126 s64 tokens, ctokens; /* current number of tokens */ 126 s64 tokens, ctokens; /* current number of tokens */
127 psched_time_t t_c; /* checkpoint time */ 127 s64 t_c; /* checkpoint time */
128}; 128};
129 129
130struct htb_sched { 130struct htb_sched {
@@ -141,15 +141,15 @@ struct htb_sched {
141 struct rb_root wait_pq[TC_HTB_MAXDEPTH]; 141 struct rb_root wait_pq[TC_HTB_MAXDEPTH];
142 142
143 /* time of nearest event per level (row) */ 143 /* time of nearest event per level (row) */
144 psched_time_t near_ev_cache[TC_HTB_MAXDEPTH]; 144 s64 near_ev_cache[TC_HTB_MAXDEPTH];
145 145
146 int defcls; /* class where unclassified flows go to */ 146 int defcls; /* class where unclassified flows go to */
147 147
148 /* filters for qdisc itself */ 148 /* filters for qdisc itself */
149 struct tcf_proto *filter_list; 149 struct tcf_proto *filter_list;
150 150
151 int rate2quantum; /* quant = rate / rate2quantum */ 151 int rate2quantum; /* quant = rate / rate2quantum */
152 psched_time_t now; /* cached dequeue time */ 152 s64 now; /* cached dequeue time */
153 struct qdisc_watchdog watchdog; 153 struct qdisc_watchdog watchdog;
154 154
155 /* non shaped skbs; let them go directly thru */ 155 /* non shaped skbs; let them go directly thru */
@@ -664,8 +664,8 @@ static void htb_charge_class(struct htb_sched *q, struct htb_class *cl,
664 * next pending event (0 for no event in pq, q->now for too many events). 664 * next pending event (0 for no event in pq, q->now for too many events).
665 * Note: Applied are events whose have cl->pq_key <= q->now. 665 * Note: Applied are events whose have cl->pq_key <= q->now.
666 */ 666 */
667static psched_time_t htb_do_events(struct htb_sched *q, int level, 667static s64 htb_do_events(struct htb_sched *q, int level,
668 unsigned long start) 668 unsigned long start)
669{ 669{
670 /* don't run for longer than 2 jiffies; 2 is used instead of 670 /* don't run for longer than 2 jiffies; 2 is used instead of
671 * 1 to simplify things when jiffy is going to be incremented 671 * 1 to simplify things when jiffy is going to be incremented
@@ -857,7 +857,7 @@ static struct sk_buff *htb_dequeue(struct Qdisc *sch)
857 struct sk_buff *skb; 857 struct sk_buff *skb;
858 struct htb_sched *q = qdisc_priv(sch); 858 struct htb_sched *q = qdisc_priv(sch);
859 int level; 859 int level;
860 psched_time_t next_event; 860 s64 next_event;
861 unsigned long start_at; 861 unsigned long start_at;
862 862
863 /* try to dequeue direct packets as high prio (!) to minimize cpu work */ 863 /* try to dequeue direct packets as high prio (!) to minimize cpu work */
@@ -880,7 +880,7 @@ ok:
880 for (level = 0; level < TC_HTB_MAXDEPTH; level++) { 880 for (level = 0; level < TC_HTB_MAXDEPTH; level++) {
881 /* common case optimization - skip event handler quickly */ 881 /* common case optimization - skip event handler quickly */
882 int m; 882 int m;
883 psched_time_t event; 883 s64 event;
884 884
885 if (q->now >= q->near_ev_cache[level]) { 885 if (q->now >= q->near_ev_cache[level]) {
886 event = htb_do_events(q, level, start_at); 886 event = htb_do_events(q, level, start_at);
@@ -1090,9 +1090,9 @@ static int htb_dump_class(struct Qdisc *sch, unsigned long arg,
1090 1090
1091 memset(&opt, 0, sizeof(opt)); 1091 memset(&opt, 0, sizeof(opt));
1092 1092
1093 opt.rate.rate = psched_ratecfg_getrate(&cl->rate); 1093 psched_ratecfg_getrate(&opt.rate, &cl->rate);
1094 opt.buffer = PSCHED_NS2TICKS(cl->buffer); 1094 opt.buffer = PSCHED_NS2TICKS(cl->buffer);
1095 opt.ceil.rate = psched_ratecfg_getrate(&cl->ceil); 1095 psched_ratecfg_getrate(&opt.ceil, &cl->ceil);
1096 opt.cbuffer = PSCHED_NS2TICKS(cl->cbuffer); 1096 opt.cbuffer = PSCHED_NS2TICKS(cl->cbuffer);
1097 opt.quantum = cl->quantum; 1097 opt.quantum = cl->quantum;
1098 opt.prio = cl->prio; 1098 opt.prio = cl->prio;
@@ -1117,8 +1117,8 @@ htb_dump_class_stats(struct Qdisc *sch, unsigned long arg, struct gnet_dump *d)
1117 1117
1118 if (!cl->level && cl->un.leaf.q) 1118 if (!cl->level && cl->un.leaf.q)
1119 cl->qstats.qlen = cl->un.leaf.q->q.qlen; 1119 cl->qstats.qlen = cl->un.leaf.q->q.qlen;
1120 cl->xstats.tokens = cl->tokens; 1120 cl->xstats.tokens = PSCHED_NS2TICKS(cl->tokens);
1121 cl->xstats.ctokens = cl->ctokens; 1121 cl->xstats.ctokens = PSCHED_NS2TICKS(cl->ctokens);
1122 1122
1123 if (gnet_stats_copy_basic(d, &cl->bstats) < 0 || 1123 if (gnet_stats_copy_basic(d, &cl->bstats) < 0 ||
1124 gnet_stats_copy_rate_est(d, NULL, &cl->rate_est) < 0 || 1124 gnet_stats_copy_rate_est(d, NULL, &cl->rate_est) < 0 ||
@@ -1200,7 +1200,7 @@ static void htb_parent_to_leaf(struct htb_sched *q, struct htb_class *cl,
1200 parent->un.leaf.q = new_q ? new_q : &noop_qdisc; 1200 parent->un.leaf.q = new_q ? new_q : &noop_qdisc;
1201 parent->tokens = parent->buffer; 1201 parent->tokens = parent->buffer;
1202 parent->ctokens = parent->cbuffer; 1202 parent->ctokens = parent->cbuffer;
1203 parent->t_c = psched_get_time(); 1203 parent->t_c = ktime_to_ns(ktime_get());
1204 parent->cmode = HTB_CAN_SEND; 1204 parent->cmode = HTB_CAN_SEND;
1205} 1205}
1206 1206
@@ -1417,8 +1417,8 @@ static int htb_change_class(struct Qdisc *sch, u32 classid,
1417 /* set class to be in HTB_CAN_SEND state */ 1417 /* set class to be in HTB_CAN_SEND state */
1418 cl->tokens = PSCHED_TICKS2NS(hopt->buffer); 1418 cl->tokens = PSCHED_TICKS2NS(hopt->buffer);
1419 cl->ctokens = PSCHED_TICKS2NS(hopt->cbuffer); 1419 cl->ctokens = PSCHED_TICKS2NS(hopt->cbuffer);
1420 cl->mbuffer = 60 * PSCHED_TICKS_PER_SEC; /* 1min */ 1420 cl->mbuffer = 60ULL * NSEC_PER_SEC; /* 1min */
1421 cl->t_c = psched_get_time(); 1421 cl->t_c = ktime_to_ns(ktime_get());
1422 cl->cmode = HTB_CAN_SEND; 1422 cl->cmode = HTB_CAN_SEND;
1423 1423
1424 /* attach to the hash list and parent's family */ 1424 /* attach to the hash list and parent's family */
@@ -1459,8 +1459,8 @@ static int htb_change_class(struct Qdisc *sch, u32 classid,
1459 cl->prio = TC_HTB_NUMPRIO - 1; 1459 cl->prio = TC_HTB_NUMPRIO - 1;
1460 } 1460 }
1461 1461
1462 psched_ratecfg_precompute(&cl->rate, hopt->rate.rate); 1462 psched_ratecfg_precompute(&cl->rate, &hopt->rate);
1463 psched_ratecfg_precompute(&cl->ceil, hopt->ceil.rate); 1463 psched_ratecfg_precompute(&cl->ceil, &hopt->ceil);
1464 1464
1465 cl->buffer = PSCHED_TICKS2NS(hopt->buffer); 1465 cl->buffer = PSCHED_TICKS2NS(hopt->buffer);
1466 cl->cbuffer = PSCHED_TICKS2NS(hopt->buffer); 1466 cl->cbuffer = PSCHED_TICKS2NS(hopt->buffer);
diff --git a/net/sched/sch_tbf.c b/net/sched/sch_tbf.c
index c8388f3c3426..e478d316602b 100644
--- a/net/sched/sch_tbf.c
+++ b/net/sched/sch_tbf.c
@@ -298,9 +298,9 @@ static int tbf_change(struct Qdisc *sch, struct nlattr *opt)
298 q->tokens = q->buffer; 298 q->tokens = q->buffer;
299 q->ptokens = q->mtu; 299 q->ptokens = q->mtu;
300 300
301 psched_ratecfg_precompute(&q->rate, rtab->rate.rate); 301 psched_ratecfg_precompute(&q->rate, &rtab->rate);
302 if (ptab) { 302 if (ptab) {
303 psched_ratecfg_precompute(&q->peak, ptab->rate.rate); 303 psched_ratecfg_precompute(&q->peak, &ptab->rate);
304 q->peak_present = true; 304 q->peak_present = true;
305 } else { 305 } else {
306 q->peak_present = false; 306 q->peak_present = false;
@@ -350,9 +350,9 @@ static int tbf_dump(struct Qdisc *sch, struct sk_buff *skb)
350 goto nla_put_failure; 350 goto nla_put_failure;
351 351
352 opt.limit = q->limit; 352 opt.limit = q->limit;
353 opt.rate.rate = psched_ratecfg_getrate(&q->rate); 353 psched_ratecfg_getrate(&opt.rate, &q->rate);
354 if (q->peak_present) 354 if (q->peak_present)
355 opt.peakrate.rate = psched_ratecfg_getrate(&q->peak); 355 psched_ratecfg_getrate(&opt.peakrate, &q->peak);
356 else 356 else
357 memset(&opt.peakrate, 0, sizeof(opt.peakrate)); 357 memset(&opt.peakrate, 0, sizeof(opt.peakrate));
358 opt.mtu = PSCHED_NS2TICKS(q->mtu); 358 opt.mtu = PSCHED_NS2TICKS(q->mtu);
diff --git a/net/socket.c b/net/socket.c
index 6b94633ca61d..4ca1526db756 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -1956,7 +1956,7 @@ struct used_address {
1956 unsigned int name_len; 1956 unsigned int name_len;
1957}; 1957};
1958 1958
1959static int __sys_sendmsg(struct socket *sock, struct msghdr __user *msg, 1959static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg,
1960 struct msghdr *msg_sys, unsigned int flags, 1960 struct msghdr *msg_sys, unsigned int flags,
1961 struct used_address *used_address) 1961 struct used_address *used_address)
1962{ 1962{
@@ -2071,22 +2071,30 @@ out:
2071 * BSD sendmsg interface 2071 * BSD sendmsg interface
2072 */ 2072 */
2073 2073
2074SYSCALL_DEFINE3(sendmsg, int, fd, struct msghdr __user *, msg, unsigned int, flags) 2074long __sys_sendmsg(int fd, struct msghdr __user *msg, unsigned flags)
2075{ 2075{
2076 int fput_needed, err; 2076 int fput_needed, err;
2077 struct msghdr msg_sys; 2077 struct msghdr msg_sys;
2078 struct socket *sock = sockfd_lookup_light(fd, &err, &fput_needed); 2078 struct socket *sock;
2079 2079
2080 sock = sockfd_lookup_light(fd, &err, &fput_needed);
2080 if (!sock) 2081 if (!sock)
2081 goto out; 2082 goto out;
2082 2083
2083 err = __sys_sendmsg(sock, msg, &msg_sys, flags, NULL); 2084 err = ___sys_sendmsg(sock, msg, &msg_sys, flags, NULL);
2084 2085
2085 fput_light(sock->file, fput_needed); 2086 fput_light(sock->file, fput_needed);
2086out: 2087out:
2087 return err; 2088 return err;
2088} 2089}
2089 2090
2091SYSCALL_DEFINE3(sendmsg, int, fd, struct msghdr __user *, msg, unsigned int, flags)
2092{
2093 if (flags & MSG_CMSG_COMPAT)
2094 return -EINVAL;
2095 return __sys_sendmsg(fd, msg, flags);
2096}
2097
2090/* 2098/*
2091 * Linux sendmmsg interface 2099 * Linux sendmmsg interface
2092 */ 2100 */
@@ -2117,15 +2125,16 @@ int __sys_sendmmsg(int fd, struct mmsghdr __user *mmsg, unsigned int vlen,
2117 2125
2118 while (datagrams < vlen) { 2126 while (datagrams < vlen) {
2119 if (MSG_CMSG_COMPAT & flags) { 2127 if (MSG_CMSG_COMPAT & flags) {
2120 err = __sys_sendmsg(sock, (struct msghdr __user *)compat_entry, 2128 err = ___sys_sendmsg(sock, (struct msghdr __user *)compat_entry,
2121 &msg_sys, flags, &used_address); 2129 &msg_sys, flags, &used_address);
2122 if (err < 0) 2130 if (err < 0)
2123 break; 2131 break;
2124 err = __put_user(err, &compat_entry->msg_len); 2132 err = __put_user(err, &compat_entry->msg_len);
2125 ++compat_entry; 2133 ++compat_entry;
2126 } else { 2134 } else {
2127 err = __sys_sendmsg(sock, (struct msghdr __user *)entry, 2135 err = ___sys_sendmsg(sock,
2128 &msg_sys, flags, &used_address); 2136 (struct msghdr __user *)entry,
2137 &msg_sys, flags, &used_address);
2129 if (err < 0) 2138 if (err < 0)
2130 break; 2139 break;
2131 err = put_user(err, &entry->msg_len); 2140 err = put_user(err, &entry->msg_len);
@@ -2149,10 +2158,12 @@ int __sys_sendmmsg(int fd, struct mmsghdr __user *mmsg, unsigned int vlen,
2149SYSCALL_DEFINE4(sendmmsg, int, fd, struct mmsghdr __user *, mmsg, 2158SYSCALL_DEFINE4(sendmmsg, int, fd, struct mmsghdr __user *, mmsg,
2150 unsigned int, vlen, unsigned int, flags) 2159 unsigned int, vlen, unsigned int, flags)
2151{ 2160{
2161 if (flags & MSG_CMSG_COMPAT)
2162 return -EINVAL;
2152 return __sys_sendmmsg(fd, mmsg, vlen, flags); 2163 return __sys_sendmmsg(fd, mmsg, vlen, flags);
2153} 2164}
2154 2165
2155static int __sys_recvmsg(struct socket *sock, struct msghdr __user *msg, 2166static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
2156 struct msghdr *msg_sys, unsigned int flags, int nosec) 2167 struct msghdr *msg_sys, unsigned int flags, int nosec)
2157{ 2168{
2158 struct compat_msghdr __user *msg_compat = 2169 struct compat_msghdr __user *msg_compat =
@@ -2244,23 +2255,31 @@ out:
2244 * BSD recvmsg interface 2255 * BSD recvmsg interface
2245 */ 2256 */
2246 2257
2247SYSCALL_DEFINE3(recvmsg, int, fd, struct msghdr __user *, msg, 2258long __sys_recvmsg(int fd, struct msghdr __user *msg, unsigned flags)
2248 unsigned int, flags)
2249{ 2259{
2250 int fput_needed, err; 2260 int fput_needed, err;
2251 struct msghdr msg_sys; 2261 struct msghdr msg_sys;
2252 struct socket *sock = sockfd_lookup_light(fd, &err, &fput_needed); 2262 struct socket *sock;
2253 2263
2264 sock = sockfd_lookup_light(fd, &err, &fput_needed);
2254 if (!sock) 2265 if (!sock)
2255 goto out; 2266 goto out;
2256 2267
2257 err = __sys_recvmsg(sock, msg, &msg_sys, flags, 0); 2268 err = ___sys_recvmsg(sock, msg, &msg_sys, flags, 0);
2258 2269
2259 fput_light(sock->file, fput_needed); 2270 fput_light(sock->file, fput_needed);
2260out: 2271out:
2261 return err; 2272 return err;
2262} 2273}
2263 2274
2275SYSCALL_DEFINE3(recvmsg, int, fd, struct msghdr __user *, msg,
2276 unsigned int, flags)
2277{
2278 if (flags & MSG_CMSG_COMPAT)
2279 return -EINVAL;
2280 return __sys_recvmsg(fd, msg, flags);
2281}
2282
2264/* 2283/*
2265 * Linux recvmmsg interface 2284 * Linux recvmmsg interface
2266 */ 2285 */
@@ -2298,17 +2317,18 @@ int __sys_recvmmsg(int fd, struct mmsghdr __user *mmsg, unsigned int vlen,
2298 * No need to ask LSM for more than the first datagram. 2317 * No need to ask LSM for more than the first datagram.
2299 */ 2318 */
2300 if (MSG_CMSG_COMPAT & flags) { 2319 if (MSG_CMSG_COMPAT & flags) {
2301 err = __sys_recvmsg(sock, (struct msghdr __user *)compat_entry, 2320 err = ___sys_recvmsg(sock, (struct msghdr __user *)compat_entry,
2302 &msg_sys, flags & ~MSG_WAITFORONE, 2321 &msg_sys, flags & ~MSG_WAITFORONE,
2303 datagrams); 2322 datagrams);
2304 if (err < 0) 2323 if (err < 0)
2305 break; 2324 break;
2306 err = __put_user(err, &compat_entry->msg_len); 2325 err = __put_user(err, &compat_entry->msg_len);
2307 ++compat_entry; 2326 ++compat_entry;
2308 } else { 2327 } else {
2309 err = __sys_recvmsg(sock, (struct msghdr __user *)entry, 2328 err = ___sys_recvmsg(sock,
2310 &msg_sys, flags & ~MSG_WAITFORONE, 2329 (struct msghdr __user *)entry,
2311 datagrams); 2330 &msg_sys, flags & ~MSG_WAITFORONE,
2331 datagrams);
2312 if (err < 0) 2332 if (err < 0)
2313 break; 2333 break;
2314 err = put_user(err, &entry->msg_len); 2334 err = put_user(err, &entry->msg_len);
@@ -2375,6 +2395,9 @@ SYSCALL_DEFINE5(recvmmsg, int, fd, struct mmsghdr __user *, mmsg,
2375 int datagrams; 2395 int datagrams;
2376 struct timespec timeout_sys; 2396 struct timespec timeout_sys;
2377 2397
2398 if (flags & MSG_CMSG_COMPAT)
2399 return -EINVAL;
2400
2378 if (!timeout) 2401 if (!timeout)
2379 return __sys_recvmmsg(fd, mmsg, vlen, flags, NULL); 2402 return __sys_recvmmsg(fd, mmsg, vlen, flags, NULL);
2380 2403
diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
index 7da6b457f66a..fc2f78d6a9b4 100644
--- a/net/sunrpc/auth_gss/auth_gss.c
+++ b/net/sunrpc/auth_gss/auth_gss.c
@@ -52,6 +52,8 @@
52#include <linux/sunrpc/gss_api.h> 52#include <linux/sunrpc/gss_api.h>
53#include <asm/uaccess.h> 53#include <asm/uaccess.h>
54 54
55#include "../netns.h"
56
55static const struct rpc_authops authgss_ops; 57static const struct rpc_authops authgss_ops;
56 58
57static const struct rpc_credops gss_credops; 59static const struct rpc_credops gss_credops;
@@ -85,8 +87,6 @@ struct gss_auth {
85}; 87};
86 88
87/* pipe_version >= 0 if and only if someone has a pipe open. */ 89/* pipe_version >= 0 if and only if someone has a pipe open. */
88static int pipe_version = -1;
89static atomic_t pipe_users = ATOMIC_INIT(0);
90static DEFINE_SPINLOCK(pipe_version_lock); 90static DEFINE_SPINLOCK(pipe_version_lock);
91static struct rpc_wait_queue pipe_version_rpc_waitqueue; 91static struct rpc_wait_queue pipe_version_rpc_waitqueue;
92static DECLARE_WAIT_QUEUE_HEAD(pipe_version_waitqueue); 92static DECLARE_WAIT_QUEUE_HEAD(pipe_version_waitqueue);
@@ -266,24 +266,27 @@ struct gss_upcall_msg {
266 char databuf[UPCALL_BUF_LEN]; 266 char databuf[UPCALL_BUF_LEN];
267}; 267};
268 268
269static int get_pipe_version(void) 269static int get_pipe_version(struct net *net)
270{ 270{
271 struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
271 int ret; 272 int ret;
272 273
273 spin_lock(&pipe_version_lock); 274 spin_lock(&pipe_version_lock);
274 if (pipe_version >= 0) { 275 if (sn->pipe_version >= 0) {
275 atomic_inc(&pipe_users); 276 atomic_inc(&sn->pipe_users);
276 ret = pipe_version; 277 ret = sn->pipe_version;
277 } else 278 } else
278 ret = -EAGAIN; 279 ret = -EAGAIN;
279 spin_unlock(&pipe_version_lock); 280 spin_unlock(&pipe_version_lock);
280 return ret; 281 return ret;
281} 282}
282 283
283static void put_pipe_version(void) 284static void put_pipe_version(struct net *net)
284{ 285{
285 if (atomic_dec_and_lock(&pipe_users, &pipe_version_lock)) { 286 struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
286 pipe_version = -1; 287
288 if (atomic_dec_and_lock(&sn->pipe_users, &pipe_version_lock)) {
289 sn->pipe_version = -1;
287 spin_unlock(&pipe_version_lock); 290 spin_unlock(&pipe_version_lock);
288 } 291 }
289} 292}
@@ -291,9 +294,10 @@ static void put_pipe_version(void)
291static void 294static void
292gss_release_msg(struct gss_upcall_msg *gss_msg) 295gss_release_msg(struct gss_upcall_msg *gss_msg)
293{ 296{
297 struct net *net = rpc_net_ns(gss_msg->auth->client);
294 if (!atomic_dec_and_test(&gss_msg->count)) 298 if (!atomic_dec_and_test(&gss_msg->count))
295 return; 299 return;
296 put_pipe_version(); 300 put_pipe_version(net);
297 BUG_ON(!list_empty(&gss_msg->list)); 301 BUG_ON(!list_empty(&gss_msg->list));
298 if (gss_msg->ctx != NULL) 302 if (gss_msg->ctx != NULL)
299 gss_put_ctx(gss_msg->ctx); 303 gss_put_ctx(gss_msg->ctx);
@@ -439,7 +443,10 @@ static void gss_encode_msg(struct gss_upcall_msg *gss_msg,
439 struct rpc_clnt *clnt, 443 struct rpc_clnt *clnt,
440 const char *service_name) 444 const char *service_name)
441{ 445{
442 if (pipe_version == 0) 446 struct net *net = rpc_net_ns(clnt);
447 struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
448
449 if (sn->pipe_version == 0)
443 gss_encode_v0_msg(gss_msg); 450 gss_encode_v0_msg(gss_msg);
444 else /* pipe_version == 1 */ 451 else /* pipe_version == 1 */
445 gss_encode_v1_msg(gss_msg, clnt, service_name); 452 gss_encode_v1_msg(gss_msg, clnt, service_name);
@@ -455,7 +462,7 @@ gss_alloc_msg(struct gss_auth *gss_auth, struct rpc_clnt *clnt,
455 gss_msg = kzalloc(sizeof(*gss_msg), GFP_NOFS); 462 gss_msg = kzalloc(sizeof(*gss_msg), GFP_NOFS);
456 if (gss_msg == NULL) 463 if (gss_msg == NULL)
457 return ERR_PTR(-ENOMEM); 464 return ERR_PTR(-ENOMEM);
458 vers = get_pipe_version(); 465 vers = get_pipe_version(rpc_net_ns(clnt));
459 if (vers < 0) { 466 if (vers < 0) {
460 kfree(gss_msg); 467 kfree(gss_msg);
461 return ERR_PTR(vers); 468 return ERR_PTR(vers);
@@ -559,24 +566,34 @@ out:
559static inline int 566static inline int
560gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred) 567gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred)
561{ 568{
569 struct net *net = rpc_net_ns(gss_auth->client);
570 struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
562 struct rpc_pipe *pipe; 571 struct rpc_pipe *pipe;
563 struct rpc_cred *cred = &gss_cred->gc_base; 572 struct rpc_cred *cred = &gss_cred->gc_base;
564 struct gss_upcall_msg *gss_msg; 573 struct gss_upcall_msg *gss_msg;
574 unsigned long timeout;
565 DEFINE_WAIT(wait); 575 DEFINE_WAIT(wait);
566 int err = 0; 576 int err;
567 577
568 dprintk("RPC: %s for uid %u\n", 578 dprintk("RPC: %s for uid %u\n",
569 __func__, from_kuid(&init_user_ns, cred->cr_uid)); 579 __func__, from_kuid(&init_user_ns, cred->cr_uid));
570retry: 580retry:
581 err = 0;
582 /* Default timeout is 15s unless we know that gssd is not running */
583 timeout = 15 * HZ;
584 if (!sn->gssd_running)
585 timeout = HZ >> 2;
571 gss_msg = gss_setup_upcall(gss_auth->client, gss_auth, cred); 586 gss_msg = gss_setup_upcall(gss_auth->client, gss_auth, cred);
572 if (PTR_ERR(gss_msg) == -EAGAIN) { 587 if (PTR_ERR(gss_msg) == -EAGAIN) {
573 err = wait_event_interruptible_timeout(pipe_version_waitqueue, 588 err = wait_event_interruptible_timeout(pipe_version_waitqueue,
574 pipe_version >= 0, 15*HZ); 589 sn->pipe_version >= 0, timeout);
575 if (pipe_version < 0) { 590 if (sn->pipe_version < 0) {
591 if (err == 0)
592 sn->gssd_running = 0;
576 warn_gssd(); 593 warn_gssd();
577 err = -EACCES; 594 err = -EACCES;
578 } 595 }
579 if (err) 596 if (err < 0)
580 goto out; 597 goto out;
581 goto retry; 598 goto retry;
582 } 599 }
@@ -707,20 +724,22 @@ out:
707 724
708static int gss_pipe_open(struct inode *inode, int new_version) 725static int gss_pipe_open(struct inode *inode, int new_version)
709{ 726{
727 struct net *net = inode->i_sb->s_fs_info;
728 struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
710 int ret = 0; 729 int ret = 0;
711 730
712 spin_lock(&pipe_version_lock); 731 spin_lock(&pipe_version_lock);
713 if (pipe_version < 0) { 732 if (sn->pipe_version < 0) {
714 /* First open of any gss pipe determines the version: */ 733 /* First open of any gss pipe determines the version: */
715 pipe_version = new_version; 734 sn->pipe_version = new_version;
716 rpc_wake_up(&pipe_version_rpc_waitqueue); 735 rpc_wake_up(&pipe_version_rpc_waitqueue);
717 wake_up(&pipe_version_waitqueue); 736 wake_up(&pipe_version_waitqueue);
718 } else if (pipe_version != new_version) { 737 } else if (sn->pipe_version != new_version) {
719 /* Trying to open a pipe of a different version */ 738 /* Trying to open a pipe of a different version */
720 ret = -EBUSY; 739 ret = -EBUSY;
721 goto out; 740 goto out;
722 } 741 }
723 atomic_inc(&pipe_users); 742 atomic_inc(&sn->pipe_users);
724out: 743out:
725 spin_unlock(&pipe_version_lock); 744 spin_unlock(&pipe_version_lock);
726 return ret; 745 return ret;
@@ -740,6 +759,7 @@ static int gss_pipe_open_v1(struct inode *inode)
740static void 759static void
741gss_pipe_release(struct inode *inode) 760gss_pipe_release(struct inode *inode)
742{ 761{
762 struct net *net = inode->i_sb->s_fs_info;
743 struct rpc_pipe *pipe = RPC_I(inode)->pipe; 763 struct rpc_pipe *pipe = RPC_I(inode)->pipe;
744 struct gss_upcall_msg *gss_msg; 764 struct gss_upcall_msg *gss_msg;
745 765
@@ -758,7 +778,7 @@ restart:
758 } 778 }
759 spin_unlock(&pipe->lock); 779 spin_unlock(&pipe->lock);
760 780
761 put_pipe_version(); 781 put_pipe_version(net);
762} 782}
763 783
764static void 784static void
diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c
index 871c73c92165..29b4ba93ab3c 100644
--- a/net/sunrpc/auth_gss/svcauth_gss.c
+++ b/net/sunrpc/auth_gss/svcauth_gss.c
@@ -1287,7 +1287,7 @@ static bool use_gss_proxy(struct net *net)
1287 1287
1288#ifdef CONFIG_PROC_FS 1288#ifdef CONFIG_PROC_FS
1289 1289
1290static bool set_gss_proxy(struct net *net, int type) 1290static int set_gss_proxy(struct net *net, int type)
1291{ 1291{
1292 struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); 1292 struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
1293 int ret = 0; 1293 int ret = 0;
@@ -1317,10 +1317,12 @@ static inline bool gssp_ready(struct sunrpc_net *sn)
1317 return false; 1317 return false;
1318} 1318}
1319 1319
1320static int wait_for_gss_proxy(struct net *net) 1320static int wait_for_gss_proxy(struct net *net, struct file *file)
1321{ 1321{
1322 struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); 1322 struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
1323 1323
1324 if (file->f_flags & O_NONBLOCK && !gssp_ready(sn))
1325 return -EAGAIN;
1324 return wait_event_interruptible(sn->gssp_wq, gssp_ready(sn)); 1326 return wait_event_interruptible(sn->gssp_wq, gssp_ready(sn));
1325} 1327}
1326 1328
@@ -1362,7 +1364,7 @@ static ssize_t read_gssp(struct file *file, char __user *buf,
1362 size_t len; 1364 size_t len;
1363 int ret; 1365 int ret;
1364 1366
1365 ret = wait_for_gss_proxy(net); 1367 ret = wait_for_gss_proxy(net, file);
1366 if (ret) 1368 if (ret)
1367 return ret; 1369 return ret;
1368 1370
diff --git a/net/sunrpc/netns.h b/net/sunrpc/netns.h
index 7111a4c9113b..74d948f5d5a1 100644
--- a/net/sunrpc/netns.h
+++ b/net/sunrpc/netns.h
@@ -28,7 +28,11 @@ struct sunrpc_net {
28 wait_queue_head_t gssp_wq; 28 wait_queue_head_t gssp_wq;
29 struct rpc_clnt *gssp_clnt; 29 struct rpc_clnt *gssp_clnt;
30 int use_gss_proxy; 30 int use_gss_proxy;
31 int pipe_version;
32 atomic_t pipe_users;
31 struct proc_dir_entry *use_gssp_proc; 33 struct proc_dir_entry *use_gssp_proc;
34
35 unsigned int gssd_running;
32}; 36};
33 37
34extern int sunrpc_net_id; 38extern int sunrpc_net_id;
diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c
index a9129f8d7070..e7ce4b3eb0bd 100644
--- a/net/sunrpc/rpc_pipe.c
+++ b/net/sunrpc/rpc_pipe.c
@@ -216,11 +216,14 @@ rpc_destroy_inode(struct inode *inode)
216static int 216static int
217rpc_pipe_open(struct inode *inode, struct file *filp) 217rpc_pipe_open(struct inode *inode, struct file *filp)
218{ 218{
219 struct net *net = inode->i_sb->s_fs_info;
220 struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
219 struct rpc_pipe *pipe; 221 struct rpc_pipe *pipe;
220 int first_open; 222 int first_open;
221 int res = -ENXIO; 223 int res = -ENXIO;
222 224
223 mutex_lock(&inode->i_mutex); 225 mutex_lock(&inode->i_mutex);
226 sn->gssd_running = 1;
224 pipe = RPC_I(inode)->pipe; 227 pipe = RPC_I(inode)->pipe;
225 if (pipe == NULL) 228 if (pipe == NULL)
226 goto out; 229 goto out;
@@ -1069,6 +1072,8 @@ void rpc_pipefs_init_net(struct net *net)
1069 struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); 1072 struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
1070 1073
1071 mutex_init(&sn->pipefs_sb_lock); 1074 mutex_init(&sn->pipefs_sb_lock);
1075 sn->gssd_running = 1;
1076 sn->pipe_version = -1;
1072} 1077}
1073 1078
1074/* 1079/*
diff --git a/net/sunrpc/sched.c b/net/sunrpc/sched.c
index f8529fc8e542..5356b120dbf8 100644
--- a/net/sunrpc/sched.c
+++ b/net/sunrpc/sched.c
@@ -324,11 +324,17 @@ EXPORT_SYMBOL_GPL(__rpc_wait_for_completion_task);
324 * Note: If the task is ASYNC, and is being made runnable after sitting on an 324 * Note: If the task is ASYNC, and is being made runnable after sitting on an
325 * rpc_wait_queue, this must be called with the queue spinlock held to protect 325 * rpc_wait_queue, this must be called with the queue spinlock held to protect
326 * the wait queue operation. 326 * the wait queue operation.
327 * Note the ordering of rpc_test_and_set_running() and rpc_clear_queued(),
328 * which is needed to ensure that __rpc_execute() doesn't loop (due to the
329 * lockless RPC_IS_QUEUED() test) before we've had a chance to test
330 * the RPC_TASK_RUNNING flag.
327 */ 331 */
328static void rpc_make_runnable(struct rpc_task *task) 332static void rpc_make_runnable(struct rpc_task *task)
329{ 333{
334 bool need_wakeup = !rpc_test_and_set_running(task);
335
330 rpc_clear_queued(task); 336 rpc_clear_queued(task);
331 if (rpc_test_and_set_running(task)) 337 if (!need_wakeup)
332 return; 338 return;
333 if (RPC_IS_ASYNC(task)) { 339 if (RPC_IS_ASYNC(task)) {
334 INIT_WORK(&task->u.tk_work, rpc_async_schedule); 340 INIT_WORK(&task->u.tk_work, rpc_async_schedule);
diff --git a/net/sunrpc/svcauth_unix.c b/net/sunrpc/svcauth_unix.c
index c3f9e1ef7f53..06bdf5a1082c 100644
--- a/net/sunrpc/svcauth_unix.c
+++ b/net/sunrpc/svcauth_unix.c
@@ -810,11 +810,15 @@ svcauth_unix_accept(struct svc_rqst *rqstp, __be32 *authp)
810 goto badcred; 810 goto badcred;
811 argv->iov_base = (void*)((__be32*)argv->iov_base + slen); /* skip machname */ 811 argv->iov_base = (void*)((__be32*)argv->iov_base + slen); /* skip machname */
812 argv->iov_len -= slen*4; 812 argv->iov_len -= slen*4;
813 813 /*
814 * Note: we skip uid_valid()/gid_valid() checks here for
815 * backwards compatibility with clients that use -1 id's.
816 * Instead, -1 uid or gid is later mapped to the
817 * (export-specific) anonymous id by nfsd_setuser.
818 * Supplementary gid's will be left alone.
819 */
814 cred->cr_uid = make_kuid(&init_user_ns, svc_getnl(argv)); /* uid */ 820 cred->cr_uid = make_kuid(&init_user_ns, svc_getnl(argv)); /* uid */
815 cred->cr_gid = make_kgid(&init_user_ns, svc_getnl(argv)); /* gid */ 821 cred->cr_gid = make_kgid(&init_user_ns, svc_getnl(argv)); /* gid */
816 if (!uid_valid(cred->cr_uid) || !gid_valid(cred->cr_gid))
817 goto badcred;
818 slen = svc_getnl(argv); /* gids length */ 822 slen = svc_getnl(argv); /* gids length */
819 if (slen > 16 || (len -= (slen + 2)*4) < 0) 823 if (slen > 16 || (len -= (slen + 2)*4) < 0)
820 goto badcred; 824 goto badcred;
@@ -823,8 +827,6 @@ svcauth_unix_accept(struct svc_rqst *rqstp, __be32 *authp)
823 return SVC_CLOSE; 827 return SVC_CLOSE;
824 for (i = 0; i < slen; i++) { 828 for (i = 0; i < slen; i++) {
825 kgid_t kgid = make_kgid(&init_user_ns, svc_getnl(argv)); 829 kgid_t kgid = make_kgid(&init_user_ns, svc_getnl(argv));
826 if (!gid_valid(kgid))
827 goto badcred;
828 GROUP_AT(cred->cr_group_info, i) = kgid; 830 GROUP_AT(cred->cr_group_info, i) = kgid;
829 } 831 }
830 if (svc_getu32(argv) != htonl(RPC_AUTH_NULL) || svc_getu32(argv) != 0) { 832 if (svc_getu32(argv) != htonl(RPC_AUTH_NULL) || svc_getu32(argv) != 0) {
diff --git a/net/wireless/core.c b/net/wireless/core.c
index 84c9ad7e1dca..73405e00c800 100644
--- a/net/wireless/core.c
+++ b/net/wireless/core.c
@@ -638,17 +638,21 @@ int wiphy_register(struct wiphy *wiphy)
638 * cfg80211_mutex lock 638 * cfg80211_mutex lock
639 */ 639 */
640 res = rfkill_register(rdev->rfkill); 640 res = rfkill_register(rdev->rfkill);
641 if (res) 641 if (res) {
642 goto out_rm_dev; 642 device_del(&rdev->wiphy.dev);
643
644 mutex_lock(&cfg80211_mutex);
645 debugfs_remove_recursive(rdev->wiphy.debugfsdir);
646 list_del_rcu(&rdev->list);
647 wiphy_regulatory_deregister(wiphy);
648 mutex_unlock(&cfg80211_mutex);
649 return res;
650 }
643 651
644 rtnl_lock(); 652 rtnl_lock();
645 rdev->wiphy.registered = true; 653 rdev->wiphy.registered = true;
646 rtnl_unlock(); 654 rtnl_unlock();
647 return 0; 655 return 0;
648
649out_rm_dev:
650 device_del(&rdev->wiphy.dev);
651 return res;
652} 656}
653EXPORT_SYMBOL(wiphy_register); 657EXPORT_SYMBOL(wiphy_register);
654 658
@@ -866,7 +870,6 @@ void cfg80211_leave(struct cfg80211_registered_device *rdev,
866#endif 870#endif
867 __cfg80211_disconnect(rdev, dev, 871 __cfg80211_disconnect(rdev, dev,
868 WLAN_REASON_DEAUTH_LEAVING, true); 872 WLAN_REASON_DEAUTH_LEAVING, true);
869 cfg80211_mlme_down(rdev, dev);
870 wdev_unlock(wdev); 873 wdev_unlock(wdev);
871 break; 874 break;
872 case NL80211_IFTYPE_MESH_POINT: 875 case NL80211_IFTYPE_MESH_POINT:
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index afa283841e8c..d5aed3bb3945 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -3411,7 +3411,7 @@ static int nl80211_send_station(struct sk_buff *msg, u32 portid, u32 seq,
3411 (u32)sinfo->rx_bytes)) 3411 (u32)sinfo->rx_bytes))
3412 goto nla_put_failure; 3412 goto nla_put_failure;
3413 if ((sinfo->filled & (STATION_INFO_TX_BYTES | 3413 if ((sinfo->filled & (STATION_INFO_TX_BYTES |
3414 NL80211_STA_INFO_TX_BYTES64)) && 3414 STATION_INFO_TX_BYTES64)) &&
3415 nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES, 3415 nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
3416 (u32)sinfo->tx_bytes)) 3416 (u32)sinfo->tx_bytes))
3417 goto nla_put_failure; 3417 goto nla_put_failure;
@@ -7577,6 +7577,8 @@ static int nl80211_send_wowlan_tcp(struct sk_buff *msg,
7577 &tcp->payload_tok)) 7577 &tcp->payload_tok))
7578 return -ENOBUFS; 7578 return -ENOBUFS;
7579 7579
7580 nla_nest_end(msg, nl_tcp);
7581
7580 return 0; 7582 return 0;
7581} 7583}
7582 7584
@@ -9970,6 +9972,7 @@ int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
9970 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 9972 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
9971 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 9973 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
9972 netdev->ifindex)) || 9974 netdev->ifindex)) ||
9975 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
9973 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) || 9976 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) ||
9974 (sig_dbm && 9977 (sig_dbm &&
9975 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) || 9978 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
@@ -10010,6 +10013,7 @@ void cfg80211_mgmt_tx_status(struct wireless_dev *wdev, u64 cookie,
10010 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 10013 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10011 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 10014 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
10012 netdev->ifindex)) || 10015 netdev->ifindex)) ||
10016 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
10013 nla_put(msg, NL80211_ATTR_FRAME, len, buf) || 10017 nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
10014 nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie) || 10018 nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie) ||
10015 (ack && nla_put_flag(msg, NL80211_ATTR_ACK))) 10019 (ack && nla_put_flag(msg, NL80211_ATTR_ACK)))
diff --git a/net/wireless/sme.c b/net/wireless/sme.c
index a9dc5c736df0..3ed35c345cae 100644
--- a/net/wireless/sme.c
+++ b/net/wireless/sme.c
@@ -231,6 +231,9 @@ void cfg80211_conn_work(struct work_struct *work)
231 mutex_lock(&rdev->sched_scan_mtx); 231 mutex_lock(&rdev->sched_scan_mtx);
232 232
233 list_for_each_entry(wdev, &rdev->wdev_list, list) { 233 list_for_each_entry(wdev, &rdev->wdev_list, list) {
234 if (!wdev->netdev)
235 continue;
236
234 wdev_lock(wdev); 237 wdev_lock(wdev);
235 if (!netif_running(wdev->netdev)) { 238 if (!netif_running(wdev->netdev)) {
236 wdev_unlock(wdev); 239 wdev_unlock(wdev);
@@ -961,7 +964,7 @@ int __cfg80211_disconnect(struct cfg80211_registered_device *rdev,
961 /* was it connected by userspace SME? */ 964 /* was it connected by userspace SME? */
962 if (!wdev->conn) { 965 if (!wdev->conn) {
963 cfg80211_mlme_down(rdev, dev); 966 cfg80211_mlme_down(rdev, dev);
964 return 0; 967 goto disconnect;
965 } 968 }
966 969
967 if (wdev->sme_state == CFG80211_SME_CONNECTING && 970 if (wdev->sme_state == CFG80211_SME_CONNECTING &&
@@ -987,6 +990,7 @@ int __cfg80211_disconnect(struct cfg80211_registered_device *rdev,
987 return err; 990 return err;
988 } 991 }
989 992
993 disconnect:
990 if (wdev->sme_state == CFG80211_SME_CONNECTED) 994 if (wdev->sme_state == CFG80211_SME_CONNECTED)
991 __cfg80211_disconnected(dev, NULL, 0, 0, false); 995 __cfg80211_disconnected(dev, NULL, 0, 0, false);
992 else if (wdev->sme_state == CFG80211_SME_CONNECTING) 996 else if (wdev->sme_state == CFG80211_SME_CONNECTING)
diff --git a/net/wireless/trace.h b/net/wireless/trace.h
index ecd4fcec3c94..5755bc14abbd 100644
--- a/net/wireless/trace.h
+++ b/net/wireless/trace.h
@@ -2441,6 +2441,7 @@ TRACE_EVENT(cfg80211_report_wowlan_wakeup,
2441 TP_STRUCT__entry( 2441 TP_STRUCT__entry(
2442 WIPHY_ENTRY 2442 WIPHY_ENTRY
2443 WDEV_ENTRY 2443 WDEV_ENTRY
2444 __field(bool, non_wireless)
2444 __field(bool, disconnect) 2445 __field(bool, disconnect)
2445 __field(bool, magic_pkt) 2446 __field(bool, magic_pkt)
2446 __field(bool, gtk_rekey_failure) 2447 __field(bool, gtk_rekey_failure)
@@ -2449,20 +2450,22 @@ TRACE_EVENT(cfg80211_report_wowlan_wakeup,
2449 __field(bool, rfkill_release) 2450 __field(bool, rfkill_release)
2450 __field(s32, pattern_idx) 2451 __field(s32, pattern_idx)
2451 __field(u32, packet_len) 2452 __field(u32, packet_len)
2452 __dynamic_array(u8, packet, wakeup->packet_present_len) 2453 __dynamic_array(u8, packet,
2454 wakeup ? wakeup->packet_present_len : 0)
2453 ), 2455 ),
2454 TP_fast_assign( 2456 TP_fast_assign(
2455 WIPHY_ASSIGN; 2457 WIPHY_ASSIGN;
2456 WDEV_ASSIGN; 2458 WDEV_ASSIGN;
2457 __entry->disconnect = wakeup->disconnect; 2459 __entry->non_wireless = !wakeup;
2458 __entry->magic_pkt = wakeup->magic_pkt; 2460 __entry->disconnect = wakeup ? wakeup->disconnect : false;
2459 __entry->gtk_rekey_failure = wakeup->gtk_rekey_failure; 2461 __entry->magic_pkt = wakeup ? wakeup->magic_pkt : false;
2460 __entry->eap_identity_req = wakeup->eap_identity_req; 2462 __entry->gtk_rekey_failure = wakeup ? wakeup->gtk_rekey_failure : false;
2461 __entry->four_way_handshake = wakeup->four_way_handshake; 2463 __entry->eap_identity_req = wakeup ? wakeup->eap_identity_req : false;
2462 __entry->rfkill_release = wakeup->rfkill_release; 2464 __entry->four_way_handshake = wakeup ? wakeup->four_way_handshake : false;
2463 __entry->pattern_idx = wakeup->pattern_idx; 2465 __entry->rfkill_release = wakeup ? wakeup->rfkill_release : false;
2464 __entry->packet_len = wakeup->packet_len; 2466 __entry->pattern_idx = wakeup ? wakeup->pattern_idx : false;
2465 if (wakeup->packet && wakeup->packet_present_len) 2467 __entry->packet_len = wakeup ? wakeup->packet_len : false;
2468 if (wakeup && wakeup->packet && wakeup->packet_present_len)
2466 memcpy(__get_dynamic_array(packet), wakeup->packet, 2469 memcpy(__get_dynamic_array(packet), wakeup->packet,
2467 wakeup->packet_present_len); 2470 wakeup->packet_present_len);
2468 ), 2471 ),
diff --git a/net/xfrm/xfrm_output.c b/net/xfrm/xfrm_output.c
index bcfda8921b5b..0cf003dfa8fc 100644
--- a/net/xfrm/xfrm_output.c
+++ b/net/xfrm/xfrm_output.c
@@ -64,6 +64,7 @@ static int xfrm_output_one(struct sk_buff *skb, int err)
64 64
65 if (unlikely(x->km.state != XFRM_STATE_VALID)) { 65 if (unlikely(x->km.state != XFRM_STATE_VALID)) {
66 XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTSTATEINVALID); 66 XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTSTATEINVALID);
67 err = -EINVAL;
67 goto error; 68 goto error;
68 } 69 }
69 70
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 23cea0f74336..ea970b8002a2 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -2557,11 +2557,12 @@ static void __xfrm_garbage_collect(struct net *net)
2557 } 2557 }
2558} 2558}
2559 2559
2560static void xfrm_garbage_collect(struct net *net) 2560void xfrm_garbage_collect(struct net *net)
2561{ 2561{
2562 flow_cache_flush(); 2562 flow_cache_flush();
2563 __xfrm_garbage_collect(net); 2563 __xfrm_garbage_collect(net);
2564} 2564}
2565EXPORT_SYMBOL(xfrm_garbage_collect);
2565 2566
2566static void xfrm_garbage_collect_deferred(struct net *net) 2567static void xfrm_garbage_collect_deferred(struct net *net)
2567{ 2568{
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index aa778748c565..3f565e495ac6 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -1681,6 +1681,8 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
1681 1681
1682out: 1682out:
1683 xfrm_pol_put(xp); 1683 xfrm_pol_put(xp);
1684 if (delete && err == 0)
1685 xfrm_garbage_collect(net);
1684 return err; 1686 return err;
1685} 1687}
1686 1688
generated by cgit v1.2.2 (git 2.25.0) at 2025-08-18 21:56:31 -0400