aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--drivers/block/aoe/aoecmd.c1
-rw-r--r--drivers/net/can/janz-ican3.c4
-rw-r--r--drivers/net/can/ti_hecc.c2
-rw-r--r--drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c12
-rw-r--r--drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c11
-rw-r--r--drivers/net/ethernet/cadence/at91_ether.c2
-rw-r--r--drivers/net/ethernet/freescale/gianfar_ethtool.c1
-rw-r--r--drivers/net/ethernet/freescale/gianfar_ptp.c4
-rw-r--r--drivers/net/ethernet/intel/e1000/e1000_main.c11
-rw-r--r--drivers/net/ethernet/qlogic/netxen/netxen_nic_main.c4
-rw-r--r--drivers/net/ethernet/stmicro/stmmac/stmmac_main.c10
-rw-r--r--drivers/net/ethernet/stmicro/stmmac/stmmac_timer.c8
-rw-r--r--drivers/net/irda/sh_sir.c2
-rw-r--r--drivers/net/usb/asix_devices.c4
-rw-r--r--drivers/net/usb/qmi_wwan.c11
-rw-r--r--drivers/net/wireless/ath/ath9k/ar9003_eeprom.c4
-rw-r--r--drivers/net/wireless/ath/ath9k/debug.c2
-rw-r--r--drivers/net/wireless/ath/ath9k/hw.c4
-rw-r--r--drivers/net/wireless/ath/ath9k/hw.h3
-rw-r--r--drivers/net/wireless/ath/ath9k/link.c2
-rw-r--r--drivers/net/wireless/brcm80211/brcmfmac/bcmsdh_sdmmc.c2
-rw-r--r--drivers/net/wireless/brcm80211/brcmfmac/dhd_common.c26
-rw-r--r--drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.c6
-rw-r--r--drivers/net/wireless/brcm80211/brcmsmac/channel.c2
-rw-r--r--drivers/net/wireless/rtlwifi/rtl8192ce/def.h1
-rw-r--r--drivers/net/wireless/rtlwifi/rtl8192ce/hw.c12
-rw-r--r--drivers/net/wireless/rtlwifi/rtl8192ce/sw.c6
-rw-r--r--include/linux/xfrm.h2
-rw-r--r--include/net/ip6_fib.h5
-rw-r--r--include/net/net_namespace.h10
-rw-r--r--include/net/netns/ipv4.h1
-rw-r--r--include/net/route.h2
-rw-r--r--net/batman-adv/bitarray.h6
-rw-r--r--net/bluetooth/bnep/sock.c4
-rw-r--r--net/bluetooth/cmtp/sock.c4
-rw-r--r--net/bluetooth/hci_sock.c16
-rw-r--r--net/bluetooth/hidp/sock.c4
-rw-r--r--net/core/dev.c5
-rw-r--r--net/core/skbuff.c4
-rw-r--r--net/ipv4/arp.c2
-rw-r--r--net/ipv4/devinet.c10
-rw-r--r--net/ipv4/fib_frontend.c20
-rw-r--r--net/ipv4/fib_rules.c2
-rw-r--r--net/ipv4/fib_trie.c6
-rw-r--r--net/ipv4/route.c43
-rw-r--r--net/ipv4/tcp.c23
-rw-r--r--net/ipv4/tcp_input.c5
-rw-r--r--net/ipv6/inet6_connection_sock.c23
-rw-r--r--net/ipv6/ip6_fib.c4
-rw-r--r--net/ipv6/route.c19
-rw-r--r--net/netrom/af_netrom.c2
-rw-r--r--net/sched/sch_qfq.c5
-rw-r--r--net/xfrm/xfrm_policy.c3
-rw-r--r--net/xfrm/xfrm_user.c57
-rw-r--r--security/selinux/include/xfrm.h1
55 files changed, 253 insertions, 192 deletions
diff --git a/drivers/block/aoe/aoecmd.c b/drivers/block/aoe/aoecmd.c
index de0435e63b02..887f68f6d79a 100644
--- a/drivers/block/aoe/aoecmd.c
+++ b/drivers/block/aoe/aoecmd.c
@@ -35,6 +35,7 @@ new_skb(ulong len)
35 skb_reset_mac_header(skb); 35 skb_reset_mac_header(skb);
36 skb_reset_network_header(skb); 36 skb_reset_network_header(skb);
37 skb->protocol = __constant_htons(ETH_P_AOE); 37 skb->protocol = __constant_htons(ETH_P_AOE);
38 skb_checksum_none_assert(skb);
38 } 39 }
39 return skb; 40 return skb;
40} 41}
diff --git a/drivers/net/can/janz-ican3.c b/drivers/net/can/janz-ican3.c
index 98ee43819911..7edadee487ba 100644
--- a/drivers/net/can/janz-ican3.c
+++ b/drivers/net/can/janz-ican3.c
@@ -1391,7 +1391,6 @@ static irqreturn_t ican3_irq(int irq, void *dev_id)
1391 */ 1391 */
1392static int ican3_reset_module(struct ican3_dev *mod) 1392static int ican3_reset_module(struct ican3_dev *mod)
1393{ 1393{
1394 u8 val = 1 << mod->num;
1395 unsigned long start; 1394 unsigned long start;
1396 u8 runold, runnew; 1395 u8 runold, runnew;
1397 1396
@@ -1405,8 +1404,7 @@ static int ican3_reset_module(struct ican3_dev *mod)
1405 runold = ioread8(mod->dpm + TARGET_RUNNING); 1404 runold = ioread8(mod->dpm + TARGET_RUNNING);
1406 1405
1407 /* reset the module */ 1406 /* reset the module */
1408 iowrite8(val, &mod->ctrl->reset_assert); 1407 iowrite8(0x00, &mod->dpmctrl->hwreset);
1409 iowrite8(val, &mod->ctrl->reset_deassert);
1410 1408
1411 /* wait until the module has finished resetting and is running */ 1409 /* wait until the module has finished resetting and is running */
1412 start = jiffies; 1410 start = jiffies;
diff --git a/drivers/net/can/ti_hecc.c b/drivers/net/can/ti_hecc.c
index 527dbcf95335..9ded21e79db5 100644
--- a/drivers/net/can/ti_hecc.c
+++ b/drivers/net/can/ti_hecc.c
@@ -984,12 +984,12 @@ static int __devexit ti_hecc_remove(struct platform_device *pdev)
984 struct net_device *ndev = platform_get_drvdata(pdev); 984 struct net_device *ndev = platform_get_drvdata(pdev);
985 struct ti_hecc_priv *priv = netdev_priv(ndev); 985 struct ti_hecc_priv *priv = netdev_priv(ndev);
986 986
987 unregister_candev(ndev);
987 clk_disable(priv->clk); 988 clk_disable(priv->clk);
988 clk_put(priv->clk); 989 clk_put(priv->clk);
989 res = platform_get_resource(pdev, IORESOURCE_MEM, 0); 990 res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
990 iounmap(priv->base); 991 iounmap(priv->base);
991 release_mem_region(res->start, resource_size(res)); 992 release_mem_region(res->start, resource_size(res));
992 unregister_candev(ndev);
993 free_candev(ndev); 993 free_candev(ndev);
994 platform_set_drvdata(pdev, NULL); 994 platform_set_drvdata(pdev, NULL);
995 995
diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c
index af20c6ee2cd9..e8e97a7d1d06 100644
--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c
+++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c
@@ -662,14 +662,16 @@ void bnx2x_csum_validate(struct sk_buff *skb, union eth_rx_cqe *cqe,
662 struct bnx2x_fastpath *fp, 662 struct bnx2x_fastpath *fp,
663 struct bnx2x_eth_q_stats *qstats) 663 struct bnx2x_eth_q_stats *qstats)
664{ 664{
665 /* Do nothing if no IP/L4 csum validation was done */ 665 /* Do nothing if no L4 csum validation was done.
666 666 * We do not check whether IP csum was validated. For IPv4 we assume
667 * that if the card got as far as validating the L4 csum, it also
668 * validated the IP csum. IPv6 has no IP csum.
669 */
667 if (cqe->fast_path_cqe.status_flags & 670 if (cqe->fast_path_cqe.status_flags &
668 (ETH_FAST_PATH_RX_CQE_IP_XSUM_NO_VALIDATION_FLG | 671 ETH_FAST_PATH_RX_CQE_L4_XSUM_NO_VALIDATION_FLG)
669 ETH_FAST_PATH_RX_CQE_L4_XSUM_NO_VALIDATION_FLG))
670 return; 672 return;
671 673
672 /* If both IP/L4 validation were done, check if an error was found. */ 674 /* If L4 validation was done, check if an error was found. */
673 675
674 if (cqe->fast_path_cqe.type_error_flags & 676 if (cqe->fast_path_cqe.type_error_flags &
675 (ETH_FAST_PATH_RX_CQE_IP_BAD_XSUM_FLG | 677 (ETH_FAST_PATH_RX_CQE_IP_BAD_XSUM_FLG |
diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c
index 211753e01f81..0875ecfe3372 100644
--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c
+++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c
@@ -9831,12 +9831,13 @@ static void __devinit bnx2x_get_igu_cam_info(struct bnx2x *bp)
9831 } 9831 }
9832 9832
9833#ifdef CONFIG_PCI_MSI 9833#ifdef CONFIG_PCI_MSI
9834 /* 9834 /* Due to new PF resource allocation by MFW T7.4 and above, it's
9835 * It's expected that number of CAM entries for this functions is equal 9835 * optional that number of CAM entries will not be equal to the value
9836 * to the number evaluated based on the MSI-X table size. We want a 9836 * advertised in PCI.
9837 * harsh warning if these values are different! 9837 * Driver should use the minimal value of both as the actual status
9838 * block count
9838 */ 9839 */
9839 WARN_ON(bp->igu_sb_cnt != igu_sb_cnt); 9840 bp->igu_sb_cnt = min_t(int, bp->igu_sb_cnt, igu_sb_cnt);
9840#endif 9841#endif
9841 9842
9842 if (igu_sb_cnt == 0) 9843 if (igu_sb_cnt == 0)
diff --git a/drivers/net/ethernet/cadence/at91_ether.c b/drivers/net/ethernet/cadence/at91_ether.c
index 77884191a8c6..4e980a7886fb 100644
--- a/drivers/net/ethernet/cadence/at91_ether.c
+++ b/drivers/net/ethernet/cadence/at91_ether.c
@@ -1086,7 +1086,7 @@ static int __init at91ether_probe(struct platform_device *pdev)
1086 /* Clock */ 1086 /* Clock */
1087 lp->ether_clk = clk_get(&pdev->dev, "ether_clk"); 1087 lp->ether_clk = clk_get(&pdev->dev, "ether_clk");
1088 if (IS_ERR(lp->ether_clk)) { 1088 if (IS_ERR(lp->ether_clk)) {
1089 res = -ENODEV; 1089 res = PTR_ERR(lp->ether_clk);
1090 goto err_ioumap; 1090 goto err_ioumap;
1091 } 1091 }
1092 clk_enable(lp->ether_clk); 1092 clk_enable(lp->ether_clk);
diff --git a/drivers/net/ethernet/freescale/gianfar_ethtool.c b/drivers/net/ethernet/freescale/gianfar_ethtool.c
index 8971921cc1c8..ab6762caa957 100644
--- a/drivers/net/ethernet/freescale/gianfar_ethtool.c
+++ b/drivers/net/ethernet/freescale/gianfar_ethtool.c
@@ -1773,6 +1773,7 @@ static int gfar_get_nfc(struct net_device *dev, struct ethtool_rxnfc *cmd,
1773} 1773}
1774 1774
1775int gfar_phc_index = -1; 1775int gfar_phc_index = -1;
1776EXPORT_SYMBOL(gfar_phc_index);
1776 1777
1777static int gfar_get_ts_info(struct net_device *dev, 1778static int gfar_get_ts_info(struct net_device *dev,
1778 struct ethtool_ts_info *info) 1779 struct ethtool_ts_info *info)
diff --git a/drivers/net/ethernet/freescale/gianfar_ptp.c b/drivers/net/ethernet/freescale/gianfar_ptp.c
index c08e5d40fecb..0daa66b8eca0 100644
--- a/drivers/net/ethernet/freescale/gianfar_ptp.c
+++ b/drivers/net/ethernet/freescale/gianfar_ptp.c
@@ -515,7 +515,7 @@ static int gianfar_ptp_probe(struct platform_device *dev)
515 err = PTR_ERR(etsects->clock); 515 err = PTR_ERR(etsects->clock);
516 goto no_clock; 516 goto no_clock;
517 } 517 }
518 gfar_phc_clock = ptp_clock_index(etsects->clock); 518 gfar_phc_index = ptp_clock_index(etsects->clock);
519 519
520 dev_set_drvdata(&dev->dev, etsects); 520 dev_set_drvdata(&dev->dev, etsects);
521 521
@@ -539,7 +539,7 @@ static int gianfar_ptp_remove(struct platform_device *dev)
539 gfar_write(&etsects->regs->tmr_temask, 0); 539 gfar_write(&etsects->regs->tmr_temask, 0);
540 gfar_write(&etsects->regs->tmr_ctrl, 0); 540 gfar_write(&etsects->regs->tmr_ctrl, 0);
541 541
542 gfar_phc_clock = -1; 542 gfar_phc_index = -1;
543 ptp_clock_unregister(etsects->clock); 543 ptp_clock_unregister(etsects->clock);
544 iounmap(etsects->regs); 544 iounmap(etsects->regs);
545 release_resource(etsects->rsrc); 545 release_resource(etsects->rsrc);
diff --git a/drivers/net/ethernet/intel/e1000/e1000_main.c b/drivers/net/ethernet/intel/e1000/e1000_main.c
index 3bfbb8df8989..bde337ee1a34 100644
--- a/drivers/net/ethernet/intel/e1000/e1000_main.c
+++ b/drivers/net/ethernet/intel/e1000/e1000_main.c
@@ -3149,6 +3149,17 @@ static netdev_tx_t e1000_xmit_frame(struct sk_buff *skb,
3149 return NETDEV_TX_OK; 3149 return NETDEV_TX_OK;
3150 } 3150 }
3151 3151
3152 /* On PCI/PCI-X HW, if packet size is less than ETH_ZLEN,
3153 * packets may get corrupted during padding by HW.
3154 * To WA this issue, pad all small packets manually.
3155 */
3156 if (skb->len < ETH_ZLEN) {
3157 if (skb_pad(skb, ETH_ZLEN - skb->len))
3158 return NETDEV_TX_OK;
3159 skb->len = ETH_ZLEN;
3160 skb_set_tail_pointer(skb, ETH_ZLEN);
3161 }
3162
3152 mss = skb_shinfo(skb)->gso_size; 3163 mss = skb_shinfo(skb)->gso_size;
3153 /* The controller does a simple calculation to 3164 /* The controller does a simple calculation to
3154 * make sure there is enough room in the FIFO before 3165 * make sure there is enough room in the FIFO before
diff --git a/drivers/net/ethernet/qlogic/netxen/netxen_nic_main.c b/drivers/net/ethernet/qlogic/netxen/netxen_nic_main.c
index 342b3a79bd0f..a77c558d8f40 100644
--- a/drivers/net/ethernet/qlogic/netxen/netxen_nic_main.c
+++ b/drivers/net/ethernet/qlogic/netxen/netxen_nic_main.c
@@ -1378,6 +1378,10 @@ static void netxen_mask_aer_correctable(struct netxen_adapter *adapter)
1378 struct pci_dev *root = pdev->bus->self; 1378 struct pci_dev *root = pdev->bus->self;
1379 u32 aer_pos; 1379 u32 aer_pos;
1380 1380
1381 /* root bus? */
1382 if (!root)
1383 return;
1384
1381 if (adapter->ahw.board_type != NETXEN_BRDTYPE_P3_4_GB_MM && 1385 if (adapter->ahw.board_type != NETXEN_BRDTYPE_P3_4_GB_MM &&
1382 adapter->ahw.board_type != NETXEN_BRDTYPE_P3_10G_TP) 1386 adapter->ahw.board_type != NETXEN_BRDTYPE_P3_10G_TP)
1383 return; 1387 return;
diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
index c136162e6473..3be88331d17a 100644
--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
+++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
@@ -1066,7 +1066,7 @@ static int stmmac_open(struct net_device *dev)
1066 } else 1066 } else
1067 priv->tm->enable = 1; 1067 priv->tm->enable = 1;
1068#endif 1068#endif
1069 clk_enable(priv->stmmac_clk); 1069 clk_prepare_enable(priv->stmmac_clk);
1070 1070
1071 stmmac_check_ether_addr(priv); 1071 stmmac_check_ether_addr(priv);
1072 1072
@@ -1188,7 +1188,7 @@ open_error:
1188 if (priv->phydev) 1188 if (priv->phydev)
1189 phy_disconnect(priv->phydev); 1189 phy_disconnect(priv->phydev);
1190 1190
1191 clk_disable(priv->stmmac_clk); 1191 clk_disable_unprepare(priv->stmmac_clk);
1192 1192
1193 return ret; 1193 return ret;
1194} 1194}
@@ -1246,7 +1246,7 @@ static int stmmac_release(struct net_device *dev)
1246#ifdef CONFIG_STMMAC_DEBUG_FS 1246#ifdef CONFIG_STMMAC_DEBUG_FS
1247 stmmac_exit_fs(); 1247 stmmac_exit_fs();
1248#endif 1248#endif
1249 clk_disable(priv->stmmac_clk); 1249 clk_disable_unprepare(priv->stmmac_clk);
1250 1250
1251 return 0; 1251 return 0;
1252} 1252}
@@ -2178,7 +2178,7 @@ int stmmac_suspend(struct net_device *ndev)
2178 else { 2178 else {
2179 stmmac_set_mac(priv->ioaddr, false); 2179 stmmac_set_mac(priv->ioaddr, false);
2180 /* Disable clock in case of PWM is off */ 2180 /* Disable clock in case of PWM is off */
2181 clk_disable(priv->stmmac_clk); 2181 clk_disable_unprepare(priv->stmmac_clk);
2182 } 2182 }
2183 spin_unlock_irqrestore(&priv->lock, flags); 2183 spin_unlock_irqrestore(&priv->lock, flags);
2184 return 0; 2184 return 0;
@@ -2203,7 +2203,7 @@ int stmmac_resume(struct net_device *ndev)
2203 priv->hw->mac->pmt(priv->ioaddr, 0); 2203 priv->hw->mac->pmt(priv->ioaddr, 0);
2204 else 2204 else
2205 /* enable the clk prevously disabled */ 2205 /* enable the clk prevously disabled */
2206 clk_enable(priv->stmmac_clk); 2206 clk_prepare_enable(priv->stmmac_clk);
2207 2207
2208 netif_device_attach(ndev); 2208 netif_device_attach(ndev);
2209 2209
diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_timer.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_timer.c
index 2a0e1abde7e7..4ccd4e2977b7 100644
--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_timer.c
+++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_timer.c
@@ -97,19 +97,19 @@ static struct clk *timer_clock;
97static void stmmac_tmu_start(unsigned int new_freq) 97static void stmmac_tmu_start(unsigned int new_freq)
98{ 98{
99 clk_set_rate(timer_clock, new_freq); 99 clk_set_rate(timer_clock, new_freq);
100 clk_enable(timer_clock); 100 clk_prepare_enable(timer_clock);
101} 101}
102 102
103static void stmmac_tmu_stop(void) 103static void stmmac_tmu_stop(void)
104{ 104{
105 clk_disable(timer_clock); 105 clk_disable_unprepare(timer_clock);
106} 106}
107 107
108int stmmac_open_ext_timer(struct net_device *dev, struct stmmac_timer *tm) 108int stmmac_open_ext_timer(struct net_device *dev, struct stmmac_timer *tm)
109{ 109{
110 timer_clock = clk_get(NULL, TMU_CHANNEL); 110 timer_clock = clk_get(NULL, TMU_CHANNEL);
111 111
112 if (timer_clock == NULL) 112 if (IS_ERR(timer_clock))
113 return -1; 113 return -1;
114 114
115 if (tmu2_register_user(stmmac_timer_handler, (void *)dev) < 0) { 115 if (tmu2_register_user(stmmac_timer_handler, (void *)dev) < 0) {
@@ -126,7 +126,7 @@ int stmmac_open_ext_timer(struct net_device *dev, struct stmmac_timer *tm)
126 126
127int stmmac_close_ext_timer(void) 127int stmmac_close_ext_timer(void)
128{ 128{
129 clk_disable(timer_clock); 129 clk_disable_unprepare(timer_clock);
130 tmu2_unregister_user(); 130 tmu2_unregister_user();
131 clk_put(timer_clock); 131 clk_put(timer_clock);
132 return 0; 132 return 0;
diff --git a/drivers/net/irda/sh_sir.c b/drivers/net/irda/sh_sir.c
index 256eddf1f75a..795109425568 100644
--- a/drivers/net/irda/sh_sir.c
+++ b/drivers/net/irda/sh_sir.c
@@ -280,7 +280,7 @@ static int sh_sir_set_baudrate(struct sh_sir_self *self, u32 baudrate)
280 } 280 }
281 281
282 clk = clk_get(NULL, "irda_clk"); 282 clk = clk_get(NULL, "irda_clk");
283 if (!clk) { 283 if (IS_ERR(clk)) {
284 dev_err(dev, "can not get irda_clk\n"); 284 dev_err(dev, "can not get irda_clk\n");
285 return -EIO; 285 return -EIO;
286 } 286 }
diff --git a/drivers/net/usb/asix_devices.c b/drivers/net/usb/asix_devices.c
index 4fd48df6b989..32e31c5c5dc6 100644
--- a/drivers/net/usb/asix_devices.c
+++ b/drivers/net/usb/asix_devices.c
@@ -962,6 +962,10 @@ static const struct usb_device_id products [] = {
962 USB_DEVICE (0x2001, 0x3c05), 962 USB_DEVICE (0x2001, 0x3c05),
963 .driver_info = (unsigned long) &ax88772_info, 963 .driver_info = (unsigned long) &ax88772_info,
964}, { 964}, {
965 // DLink DUB-E100 H/W Ver C1
966 USB_DEVICE (0x2001, 0x1a02),
967 .driver_info = (unsigned long) &ax88772_info,
968}, {
965 // Linksys USB1000 969 // Linksys USB1000
966 USB_DEVICE (0x1737, 0x0039), 970 USB_DEVICE (0x1737, 0x0039),
967 .driver_info = (unsigned long) &ax88178_info, 971 .driver_info = (unsigned long) &ax88178_info,
diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c
index b1ba68f1a049..3543c9e57824 100644
--- a/drivers/net/usb/qmi_wwan.c
+++ b/drivers/net/usb/qmi_wwan.c
@@ -366,16 +366,20 @@ static const struct usb_device_id products[] = {
366 }, 366 },
367 367
368 /* 2. Combined interface devices matching on class+protocol */ 368 /* 2. Combined interface devices matching on class+protocol */
369 { /* Huawei E367 and possibly others in "Windows mode" */
370 USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, USB_CLASS_VENDOR_SPEC, 1, 7),
371 .driver_info = (unsigned long)&qmi_wwan_info,
372 },
369 { /* Huawei E392, E398 and possibly others in "Windows mode" */ 373 { /* Huawei E392, E398 and possibly others in "Windows mode" */
370 USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, USB_CLASS_VENDOR_SPEC, 1, 17), 374 USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, USB_CLASS_VENDOR_SPEC, 1, 17),
371 .driver_info = (unsigned long)&qmi_wwan_shared, 375 .driver_info = (unsigned long)&qmi_wwan_shared,
372 }, 376 },
373 { /* Pantech UML290 */ 377 { /* Pantech UML290, P4200 and more */
374 USB_DEVICE_AND_INTERFACE_INFO(0x106c, 0x3718, USB_CLASS_VENDOR_SPEC, 0xf0, 0xff), 378 USB_VENDOR_AND_INTERFACE_INFO(0x106c, USB_CLASS_VENDOR_SPEC, 0xf0, 0xff),
375 .driver_info = (unsigned long)&qmi_wwan_shared, 379 .driver_info = (unsigned long)&qmi_wwan_shared,
376 }, 380 },
377 { /* Pantech UML290 - newer firmware */ 381 { /* Pantech UML290 - newer firmware */
378 USB_DEVICE_AND_INTERFACE_INFO(0x106c, 0x3718, USB_CLASS_VENDOR_SPEC, 0xf1, 0xff), 382 USB_VENDOR_AND_INTERFACE_INFO(0x106c, USB_CLASS_VENDOR_SPEC, 0xf1, 0xff),
379 .driver_info = (unsigned long)&qmi_wwan_shared, 383 .driver_info = (unsigned long)&qmi_wwan_shared,
380 }, 384 },
381 385
@@ -383,6 +387,7 @@ static const struct usb_device_id products[] = {
383 {QMI_FIXED_INTF(0x19d2, 0x0055, 1)}, /* ZTE (Vodafone) K3520-Z */ 387 {QMI_FIXED_INTF(0x19d2, 0x0055, 1)}, /* ZTE (Vodafone) K3520-Z */
384 {QMI_FIXED_INTF(0x19d2, 0x0063, 4)}, /* ZTE (Vodafone) K3565-Z */ 388 {QMI_FIXED_INTF(0x19d2, 0x0063, 4)}, /* ZTE (Vodafone) K3565-Z */
385 {QMI_FIXED_INTF(0x19d2, 0x0104, 4)}, /* ZTE (Vodafone) K4505-Z */ 389 {QMI_FIXED_INTF(0x19d2, 0x0104, 4)}, /* ZTE (Vodafone) K4505-Z */
390 {QMI_FIXED_INTF(0x19d2, 0x0157, 5)}, /* ZTE MF683 */
386 {QMI_FIXED_INTF(0x19d2, 0x0167, 4)}, /* ZTE MF820D */ 391 {QMI_FIXED_INTF(0x19d2, 0x0167, 4)}, /* ZTE MF820D */
387 {QMI_FIXED_INTF(0x19d2, 0x0326, 4)}, /* ZTE MF821D */ 392 {QMI_FIXED_INTF(0x19d2, 0x0326, 4)}, /* ZTE MF821D */
388 {QMI_FIXED_INTF(0x19d2, 0x1008, 4)}, /* ZTE (Vodafone) K3570-Z */ 393 {QMI_FIXED_INTF(0x19d2, 0x1008, 4)}, /* ZTE (Vodafone) K3570-Z */
diff --git a/drivers/net/wireless/ath/ath9k/ar9003_eeprom.c b/drivers/net/wireless/ath/ath9k/ar9003_eeprom.c
index 2588848f4a82..d066f2516e47 100644
--- a/drivers/net/wireless/ath/ath9k/ar9003_eeprom.c
+++ b/drivers/net/wireless/ath/ath9k/ar9003_eeprom.c
@@ -2982,6 +2982,10 @@ static u32 ath9k_hw_ar9300_get_eeprom(struct ath_hw *ah,
2982 case EEP_RX_MASK: 2982 case EEP_RX_MASK:
2983 return pBase->txrxMask & 0xf; 2983 return pBase->txrxMask & 0xf;
2984 case EEP_PAPRD: 2984 case EEP_PAPRD:
2985 if (AR_SREV_9462(ah))
2986 return false;
2987 if (!ah->config.enable_paprd);
2988 return false;
2985 return !!(pBase->featureEnable & BIT(5)); 2989 return !!(pBase->featureEnable & BIT(5));
2986 case EEP_CHAIN_MASK_REDUCE: 2990 case EEP_CHAIN_MASK_REDUCE:
2987 return (pBase->miscConfiguration >> 0x3) & 0x1; 2991 return (pBase->miscConfiguration >> 0x3) & 0x1;
diff --git a/drivers/net/wireless/ath/ath9k/debug.c b/drivers/net/wireless/ath/ath9k/debug.c
index 68b643c8943c..c8ef30127adb 100644
--- a/drivers/net/wireless/ath/ath9k/debug.c
+++ b/drivers/net/wireless/ath/ath9k/debug.c
@@ -1577,6 +1577,8 @@ int ath9k_init_debug(struct ath_hw *ah)
1577 sc->debug.debugfs_phy, sc, &fops_tx_chainmask); 1577 sc->debug.debugfs_phy, sc, &fops_tx_chainmask);
1578 debugfs_create_file("disable_ani", S_IRUSR | S_IWUSR, 1578 debugfs_create_file("disable_ani", S_IRUSR | S_IWUSR,
1579 sc->debug.debugfs_phy, sc, &fops_disable_ani); 1579 sc->debug.debugfs_phy, sc, &fops_disable_ani);
1580 debugfs_create_bool("paprd", S_IRUSR | S_IWUSR, sc->debug.debugfs_phy,
1581 &sc->sc_ah->config.enable_paprd);
1580 debugfs_create_file("regidx", S_IRUSR | S_IWUSR, sc->debug.debugfs_phy, 1582 debugfs_create_file("regidx", S_IRUSR | S_IWUSR, sc->debug.debugfs_phy,
1581 sc, &fops_regidx); 1583 sc, &fops_regidx);
1582 debugfs_create_file("regval", S_IRUSR | S_IWUSR, sc->debug.debugfs_phy, 1584 debugfs_create_file("regval", S_IRUSR | S_IWUSR, sc->debug.debugfs_phy,
diff --git a/drivers/net/wireless/ath/ath9k/hw.c b/drivers/net/wireless/ath/ath9k/hw.c
index 48af40151d23..4faf0a395876 100644
--- a/drivers/net/wireless/ath/ath9k/hw.c
+++ b/drivers/net/wireless/ath/ath9k/hw.c
@@ -2497,10 +2497,6 @@ int ath9k_hw_fill_cap_info(struct ath_hw *ah)
2497 pCap->rx_status_len = sizeof(struct ar9003_rxs); 2497 pCap->rx_status_len = sizeof(struct ar9003_rxs);
2498 pCap->tx_desc_len = sizeof(struct ar9003_txc); 2498 pCap->tx_desc_len = sizeof(struct ar9003_txc);
2499 pCap->txs_len = sizeof(struct ar9003_txs); 2499 pCap->txs_len = sizeof(struct ar9003_txs);
2500 if (!ah->config.paprd_disable &&
2501 ah->eep_ops->get_eeprom(ah, EEP_PAPRD) &&
2502 !AR_SREV_9462(ah))
2503 pCap->hw_caps |= ATH9K_HW_CAP_PAPRD;
2504 } else { 2500 } else {
2505 pCap->tx_desc_len = sizeof(struct ath_desc); 2501 pCap->tx_desc_len = sizeof(struct ath_desc);
2506 if (AR_SREV_9280_20(ah)) 2502 if (AR_SREV_9280_20(ah))
diff --git a/drivers/net/wireless/ath/ath9k/hw.h b/drivers/net/wireless/ath/ath9k/hw.h
index 6599a75f01fe..de6968fc64f4 100644
--- a/drivers/net/wireless/ath/ath9k/hw.h
+++ b/drivers/net/wireless/ath/ath9k/hw.h
@@ -236,7 +236,6 @@ enum ath9k_hw_caps {
236 ATH9K_HW_CAP_LDPC = BIT(6), 236 ATH9K_HW_CAP_LDPC = BIT(6),
237 ATH9K_HW_CAP_FASTCLOCK = BIT(7), 237 ATH9K_HW_CAP_FASTCLOCK = BIT(7),
238 ATH9K_HW_CAP_SGI_20 = BIT(8), 238 ATH9K_HW_CAP_SGI_20 = BIT(8),
239 ATH9K_HW_CAP_PAPRD = BIT(9),
240 ATH9K_HW_CAP_ANT_DIV_COMB = BIT(10), 239 ATH9K_HW_CAP_ANT_DIV_COMB = BIT(10),
241 ATH9K_HW_CAP_2GHZ = BIT(11), 240 ATH9K_HW_CAP_2GHZ = BIT(11),
242 ATH9K_HW_CAP_5GHZ = BIT(12), 241 ATH9K_HW_CAP_5GHZ = BIT(12),
@@ -287,12 +286,12 @@ struct ath9k_ops_config {
287 u8 pcie_clock_req; 286 u8 pcie_clock_req;
288 u32 pcie_waen; 287 u32 pcie_waen;
289 u8 analog_shiftreg; 288 u8 analog_shiftreg;
290 u8 paprd_disable;
291 u32 ofdm_trig_low; 289 u32 ofdm_trig_low;
292 u32 ofdm_trig_high; 290 u32 ofdm_trig_high;
293 u32 cck_trig_high; 291 u32 cck_trig_high;
294 u32 cck_trig_low; 292 u32 cck_trig_low;
295 u32 enable_ani; 293 u32 enable_ani;
294 u32 enable_paprd;
296 int serialize_regmode; 295 int serialize_regmode;
297 bool rx_intr_mitigation; 296 bool rx_intr_mitigation;
298 bool tx_intr_mitigation; 297 bool tx_intr_mitigation;
diff --git a/drivers/net/wireless/ath/ath9k/link.c b/drivers/net/wireless/ath/ath9k/link.c
index 825a29cc9313..7b88b9c39ccd 100644
--- a/drivers/net/wireless/ath/ath9k/link.c
+++ b/drivers/net/wireless/ath/ath9k/link.c
@@ -423,7 +423,7 @@ set_timer:
423 cal_interval = min(cal_interval, (u32)short_cal_interval); 423 cal_interval = min(cal_interval, (u32)short_cal_interval);
424 424
425 mod_timer(&common->ani.timer, jiffies + msecs_to_jiffies(cal_interval)); 425 mod_timer(&common->ani.timer, jiffies + msecs_to_jiffies(cal_interval));
426 if ((sc->sc_ah->caps.hw_caps & ATH9K_HW_CAP_PAPRD) && ah->caldata) { 426 if (ah->eep_ops->get_eeprom(ah, EEP_PAPRD) && ah->caldata) {
427 if (!ah->caldata->paprd_done) 427 if (!ah->caldata->paprd_done)
428 ieee80211_queue_work(sc->hw, &sc->paprd_work); 428 ieee80211_queue_work(sc->hw, &sc->paprd_work);
429 else if (!ah->paprd_table_write_done) 429 else if (!ah->paprd_table_write_done)
diff --git a/drivers/net/wireless/brcm80211/brcmfmac/bcmsdh_sdmmc.c b/drivers/net/wireless/brcm80211/brcmfmac/bcmsdh_sdmmc.c
index 49765d34b4e0..7c4ee72f9d56 100644
--- a/drivers/net/wireless/brcm80211/brcmfmac/bcmsdh_sdmmc.c
+++ b/drivers/net/wireless/brcm80211/brcmfmac/bcmsdh_sdmmc.c
@@ -638,6 +638,8 @@ static int brcmf_sdio_pd_probe(struct platform_device *pdev)
638 638
639 oobirq_entry = kzalloc(sizeof(struct brcmf_sdio_oobirq), 639 oobirq_entry = kzalloc(sizeof(struct brcmf_sdio_oobirq),
640 GFP_KERNEL); 640 GFP_KERNEL);
641 if (!oobirq_entry)
642 return -ENOMEM;
641 oobirq_entry->irq = res->start; 643 oobirq_entry->irq = res->start;
642 oobirq_entry->flags = res->flags & IRQF_TRIGGER_MASK; 644 oobirq_entry->flags = res->flags & IRQF_TRIGGER_MASK;
643 list_add_tail(&oobirq_entry->list, &oobirq_lh); 645 list_add_tail(&oobirq_entry->list, &oobirq_lh);
diff --git a/drivers/net/wireless/brcm80211/brcmfmac/dhd_common.c b/drivers/net/wireless/brcm80211/brcmfmac/dhd_common.c
index 2621dd3d7dcd..6f70953f0bad 100644
--- a/drivers/net/wireless/brcm80211/brcmfmac/dhd_common.c
+++ b/drivers/net/wireless/brcm80211/brcmfmac/dhd_common.c
@@ -764,8 +764,11 @@ static void brcmf_c_arp_offload_set(struct brcmf_pub *drvr, int arp_mode)
764{ 764{
765 char iovbuf[32]; 765 char iovbuf[32];
766 int retcode; 766 int retcode;
767 __le32 arp_mode_le;
767 768
768 brcmf_c_mkiovar("arp_ol", (char *)&arp_mode, 4, iovbuf, sizeof(iovbuf)); 769 arp_mode_le = cpu_to_le32(arp_mode);
770 brcmf_c_mkiovar("arp_ol", (char *)&arp_mode_le, 4, iovbuf,
771 sizeof(iovbuf));
769 retcode = brcmf_proto_cdc_set_dcmd(drvr, 0, BRCMF_C_SET_VAR, 772 retcode = brcmf_proto_cdc_set_dcmd(drvr, 0, BRCMF_C_SET_VAR,
770 iovbuf, sizeof(iovbuf)); 773 iovbuf, sizeof(iovbuf));
771 retcode = retcode >= 0 ? 0 : retcode; 774 retcode = retcode >= 0 ? 0 : retcode;
@@ -781,8 +784,11 @@ static void brcmf_c_arp_offload_enable(struct brcmf_pub *drvr, int arp_enable)
781{ 784{
782 char iovbuf[32]; 785 char iovbuf[32];
783 int retcode; 786 int retcode;
787 __le32 arp_enable_le;
784 788
785 brcmf_c_mkiovar("arpoe", (char *)&arp_enable, 4, 789 arp_enable_le = cpu_to_le32(arp_enable);
790
791 brcmf_c_mkiovar("arpoe", (char *)&arp_enable_le, 4,
786 iovbuf, sizeof(iovbuf)); 792 iovbuf, sizeof(iovbuf));
787 retcode = brcmf_proto_cdc_set_dcmd(drvr, 0, BRCMF_C_SET_VAR, 793 retcode = brcmf_proto_cdc_set_dcmd(drvr, 0, BRCMF_C_SET_VAR,
788 iovbuf, sizeof(iovbuf)); 794 iovbuf, sizeof(iovbuf));
@@ -800,10 +806,10 @@ int brcmf_c_preinit_dcmds(struct brcmf_pub *drvr)
800 char iovbuf[BRCMF_EVENTING_MASK_LEN + 12]; /* Room for 806 char iovbuf[BRCMF_EVENTING_MASK_LEN + 12]; /* Room for
801 "event_msgs" + '\0' + bitvec */ 807 "event_msgs" + '\0' + bitvec */
802 char buf[128], *ptr; 808 char buf[128], *ptr;
803 u32 roaming = 1; 809 __le32 roaming_le = cpu_to_le32(1);
804 uint bcn_timeout = 3; 810 __le32 bcn_timeout_le = cpu_to_le32(3);
805 int scan_assoc_time = 40; 811 __le32 scan_assoc_time_le = cpu_to_le32(40);
806 int scan_unassoc_time = 40; 812 __le32 scan_unassoc_time_le = cpu_to_le32(40);
807 int i; 813 int i;
808 struct brcmf_bus_dcmd *cmdlst; 814 struct brcmf_bus_dcmd *cmdlst;
809 struct list_head *cur, *q; 815 struct list_head *cur, *q;
@@ -829,14 +835,14 @@ int brcmf_c_preinit_dcmds(struct brcmf_pub *drvr)
829 835
830 /* Setup timeout if Beacons are lost and roam is off to report 836 /* Setup timeout if Beacons are lost and roam is off to report
831 link down */ 837 link down */
832 brcmf_c_mkiovar("bcn_timeout", (char *)&bcn_timeout, 4, iovbuf, 838 brcmf_c_mkiovar("bcn_timeout", (char *)&bcn_timeout_le, 4, iovbuf,
833 sizeof(iovbuf)); 839 sizeof(iovbuf));
834 brcmf_proto_cdc_set_dcmd(drvr, 0, BRCMF_C_SET_VAR, iovbuf, 840 brcmf_proto_cdc_set_dcmd(drvr, 0, BRCMF_C_SET_VAR, iovbuf,
835 sizeof(iovbuf)); 841 sizeof(iovbuf));
836 842
837 /* Enable/Disable build-in roaming to allowed ext supplicant to take 843 /* Enable/Disable build-in roaming to allowed ext supplicant to take
838 of romaing */ 844 of romaing */
839 brcmf_c_mkiovar("roam_off", (char *)&roaming, 4, 845 brcmf_c_mkiovar("roam_off", (char *)&roaming_le, 4,
840 iovbuf, sizeof(iovbuf)); 846 iovbuf, sizeof(iovbuf));
841 brcmf_proto_cdc_set_dcmd(drvr, 0, BRCMF_C_SET_VAR, iovbuf, 847 brcmf_proto_cdc_set_dcmd(drvr, 0, BRCMF_C_SET_VAR, iovbuf,
842 sizeof(iovbuf)); 848 sizeof(iovbuf));
@@ -848,9 +854,9 @@ int brcmf_c_preinit_dcmds(struct brcmf_pub *drvr)
848 sizeof(iovbuf)); 854 sizeof(iovbuf));
849 855
850 brcmf_proto_cdc_set_dcmd(drvr, 0, BRCMF_C_SET_SCAN_CHANNEL_TIME, 856 brcmf_proto_cdc_set_dcmd(drvr, 0, BRCMF_C_SET_SCAN_CHANNEL_TIME,
851 (char *)&scan_assoc_time, sizeof(scan_assoc_time)); 857 (char *)&scan_assoc_time_le, sizeof(scan_assoc_time_le));
852 brcmf_proto_cdc_set_dcmd(drvr, 0, BRCMF_C_SET_SCAN_UNASSOC_TIME, 858 brcmf_proto_cdc_set_dcmd(drvr, 0, BRCMF_C_SET_SCAN_UNASSOC_TIME,
853 (char *)&scan_unassoc_time, sizeof(scan_unassoc_time)); 859 (char *)&scan_unassoc_time_le, sizeof(scan_unassoc_time_le));
854 860
855 /* Set and enable ARP offload feature */ 861 /* Set and enable ARP offload feature */
856 brcmf_c_arp_offload_set(drvr, BRCMF_ARPOL_MODE); 862 brcmf_c_arp_offload_set(drvr, BRCMF_ARPOL_MODE);
diff --git a/drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.c b/drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.c
index c36e92312443..50b5553b6964 100644
--- a/drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.c
+++ b/drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.c
@@ -500,8 +500,10 @@ static void wl_iscan_prep(struct brcmf_scan_params_le *params_le,
500 params_le->active_time = cpu_to_le32(-1); 500 params_le->active_time = cpu_to_le32(-1);
501 params_le->passive_time = cpu_to_le32(-1); 501 params_le->passive_time = cpu_to_le32(-1);
502 params_le->home_time = cpu_to_le32(-1); 502 params_le->home_time = cpu_to_le32(-1);
503 if (ssid && ssid->SSID_len) 503 if (ssid && ssid->SSID_len) {
504 memcpy(&params_le->ssid_le, ssid, sizeof(struct brcmf_ssid)); 504 params_le->ssid_le.SSID_len = cpu_to_le32(ssid->SSID_len);
505 memcpy(&params_le->ssid_le.SSID, ssid->SSID, ssid->SSID_len);
506 }
505} 507}
506 508
507static s32 509static s32
diff --git a/drivers/net/wireless/brcm80211/brcmsmac/channel.c b/drivers/net/wireless/brcm80211/brcmsmac/channel.c
index 7ed7d7577024..64a48f06d68b 100644
--- a/drivers/net/wireless/brcm80211/brcmsmac/channel.c
+++ b/drivers/net/wireless/brcm80211/brcmsmac/channel.c
@@ -77,7 +77,7 @@
77 NL80211_RRF_NO_IBSS) 77 NL80211_RRF_NO_IBSS)
78 78
79static const struct ieee80211_regdomain brcms_regdom_x2 = { 79static const struct ieee80211_regdomain brcms_regdom_x2 = {
80 .n_reg_rules = 7, 80 .n_reg_rules = 6,
81 .alpha2 = "X2", 81 .alpha2 = "X2",
82 .reg_rules = { 82 .reg_rules = {
83 BRCM_2GHZ_2412_2462, 83 BRCM_2GHZ_2412_2462,
diff --git a/drivers/net/wireless/rtlwifi/rtl8192ce/def.h b/drivers/net/wireless/rtlwifi/rtl8192ce/def.h
index 04c3aef8a4f6..2925094b2d91 100644
--- a/drivers/net/wireless/rtlwifi/rtl8192ce/def.h
+++ b/drivers/net/wireless/rtlwifi/rtl8192ce/def.h
@@ -117,6 +117,7 @@
117 117
118#define CHIP_VER_B BIT(4) 118#define CHIP_VER_B BIT(4)
119#define CHIP_92C_BITMASK BIT(0) 119#define CHIP_92C_BITMASK BIT(0)
120#define CHIP_UNKNOWN BIT(7)
120#define CHIP_92C_1T2R 0x03 121#define CHIP_92C_1T2R 0x03
121#define CHIP_92C 0x01 122#define CHIP_92C 0x01
122#define CHIP_88C 0x00 123#define CHIP_88C 0x00
diff --git a/drivers/net/wireless/rtlwifi/rtl8192ce/hw.c b/drivers/net/wireless/rtlwifi/rtl8192ce/hw.c
index bd0da7ef290b..dd4bb0950a57 100644
--- a/drivers/net/wireless/rtlwifi/rtl8192ce/hw.c
+++ b/drivers/net/wireless/rtlwifi/rtl8192ce/hw.c
@@ -994,8 +994,16 @@ static enum version_8192c _rtl92ce_read_chip_version(struct ieee80211_hw *hw)
994 version = (value32 & TYPE_ID) ? VERSION_A_CHIP_92C : 994 version = (value32 & TYPE_ID) ? VERSION_A_CHIP_92C :
995 VERSION_A_CHIP_88C; 995 VERSION_A_CHIP_88C;
996 } else { 996 } else {
997 version = (value32 & TYPE_ID) ? VERSION_B_CHIP_92C : 997 version = (enum version_8192c) (CHIP_VER_B |
998 VERSION_B_CHIP_88C; 998 ((value32 & TYPE_ID) ? CHIP_92C_BITMASK : 0) |
999 ((value32 & VENDOR_ID) ? CHIP_VENDOR_UMC : 0));
1000 if ((!IS_CHIP_VENDOR_UMC(version)) && (value32 &
1001 CHIP_VER_RTL_MASK)) {
1002 version = (enum version_8192c)(version |
1003 ((((value32 & CHIP_VER_RTL_MASK) == BIT(12))
1004 ? CHIP_VENDOR_UMC_B_CUT : CHIP_UNKNOWN) |
1005 CHIP_VENDOR_UMC));
1006 }
999 } 1007 }
1000 1008
1001 switch (version) { 1009 switch (version) {
diff --git a/drivers/net/wireless/rtlwifi/rtl8192ce/sw.c b/drivers/net/wireless/rtlwifi/rtl8192ce/sw.c
index 3aa927f8b9b9..7d8f96405f42 100644
--- a/drivers/net/wireless/rtlwifi/rtl8192ce/sw.c
+++ b/drivers/net/wireless/rtlwifi/rtl8192ce/sw.c
@@ -162,10 +162,12 @@ int rtl92c_init_sw_vars(struct ieee80211_hw *hw)
162 162
163 /* request fw */ 163 /* request fw */
164 if (IS_VENDOR_UMC_A_CUT(rtlhal->version) && 164 if (IS_VENDOR_UMC_A_CUT(rtlhal->version) &&
165 !IS_92C_SERIAL(rtlhal->version)) 165 !IS_92C_SERIAL(rtlhal->version)) {
166 rtlpriv->cfg->fw_name = "rtlwifi/rtl8192cfwU.bin"; 166 rtlpriv->cfg->fw_name = "rtlwifi/rtl8192cfwU.bin";
167 else if (IS_81xxC_VENDOR_UMC_B_CUT(rtlhal->version)) 167 } else if (IS_81xxC_VENDOR_UMC_B_CUT(rtlhal->version)) {
168 rtlpriv->cfg->fw_name = "rtlwifi/rtl8192cfwU_B.bin"; 168 rtlpriv->cfg->fw_name = "rtlwifi/rtl8192cfwU_B.bin";
169 pr_info("****** This B_CUT device may not work with kernels 3.6 and earlier\n");
170 }
169 171
170 rtlpriv->max_fw_size = 0x4000; 172 rtlpriv->max_fw_size = 0x4000;
171 pr_info("Using firmware %s\n", rtlpriv->cfg->fw_name); 173 pr_info("Using firmware %s\n", rtlpriv->cfg->fw_name);
diff --git a/include/linux/xfrm.h b/include/linux/xfrm.h
index 22e61fdf75a2..28e493b5b94c 100644
--- a/include/linux/xfrm.h
+++ b/include/linux/xfrm.h
@@ -84,6 +84,8 @@ struct xfrm_replay_state {
84 __u32 bitmap; 84 __u32 bitmap;
85}; 85};
86 86
87#define XFRMA_REPLAY_ESN_MAX 4096
88
87struct xfrm_replay_state_esn { 89struct xfrm_replay_state_esn {
88 unsigned int bmp_len; 90 unsigned int bmp_len;
89 __u32 oseq; 91 __u32 oseq;
diff --git a/include/net/ip6_fib.h b/include/net/ip6_fib.h
index 0fedbd8d747a..9fc7114159e8 100644
--- a/include/net/ip6_fib.h
+++ b/include/net/ip6_fib.h
@@ -111,9 +111,8 @@ struct rt6_info {
111 struct inet6_dev *rt6i_idev; 111 struct inet6_dev *rt6i_idev;
112 unsigned long _rt6i_peer; 112 unsigned long _rt6i_peer;
113 113
114#ifdef CONFIG_XFRM 114 u32 rt6i_genid;
115 u32 rt6i_flow_cache_genid; 115
116#endif
117 /* more non-fragment space at head required */ 116 /* more non-fragment space at head required */
118 unsigned short rt6i_nfheader_len; 117 unsigned short rt6i_nfheader_len;
119 118
diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h
index ae1cd6c9ba52..fd87963a0ea5 100644
--- a/include/net/net_namespace.h
+++ b/include/net/net_namespace.h
@@ -102,6 +102,7 @@ struct net {
102#endif 102#endif
103 struct netns_ipvs *ipvs; 103 struct netns_ipvs *ipvs;
104 struct sock *diag_nlsk; 104 struct sock *diag_nlsk;
105 atomic_t rt_genid;
105}; 106};
106 107
107 108
@@ -300,5 +301,14 @@ static inline void unregister_net_sysctl_table(struct ctl_table_header *header)
300} 301}
301#endif 302#endif
302 303
304static inline int rt_genid(struct net *net)
305{
306 return atomic_read(&net->rt_genid);
307}
308
309static inline void rt_genid_bump(struct net *net)
310{
311 atomic_inc(&net->rt_genid);
312}
303 313
304#endif /* __NET_NET_NAMESPACE_H */ 314#endif /* __NET_NET_NAMESPACE_H */
diff --git a/include/net/netns/ipv4.h b/include/net/netns/ipv4.h
index 1474dd65c66f..eb24dbccd81e 100644
--- a/include/net/netns/ipv4.h
+++ b/include/net/netns/ipv4.h
@@ -65,7 +65,6 @@ struct netns_ipv4 {
65 unsigned int sysctl_ping_group_range[2]; 65 unsigned int sysctl_ping_group_range[2];
66 long sysctl_tcp_mem[3]; 66 long sysctl_tcp_mem[3];
67 67
68 atomic_t rt_genid;
69 atomic_t dev_addr_genid; 68 atomic_t dev_addr_genid;
70 69
71#ifdef CONFIG_IP_MROUTE 70#ifdef CONFIG_IP_MROUTE
diff --git a/include/net/route.h b/include/net/route.h
index 776a27f1ab78..da22243d2760 100644
--- a/include/net/route.h
+++ b/include/net/route.h
@@ -108,7 +108,7 @@ extern struct ip_rt_acct __percpu *ip_rt_acct;
108 108
109struct in_device; 109struct in_device;
110extern int ip_rt_init(void); 110extern int ip_rt_init(void);
111extern void rt_cache_flush(struct net *net, int how); 111extern void rt_cache_flush(struct net *net);
112extern void rt_flush_dev(struct net_device *dev); 112extern void rt_flush_dev(struct net_device *dev);
113extern struct rtable *__ip_route_output_key(struct net *, struct flowi4 *flp); 113extern struct rtable *__ip_route_output_key(struct net *, struct flowi4 *flp);
114extern struct rtable *ip_route_output_flow(struct net *, struct flowi4 *flp, 114extern struct rtable *ip_route_output_flow(struct net *, struct flowi4 *flp,
diff --git a/net/batman-adv/bitarray.h b/net/batman-adv/bitarray.h
index a081ce1c0514..cebaae7e148b 100644
--- a/net/batman-adv/bitarray.h
+++ b/net/batman-adv/bitarray.h
@@ -20,8 +20,8 @@
20#ifndef _NET_BATMAN_ADV_BITARRAY_H_ 20#ifndef _NET_BATMAN_ADV_BITARRAY_H_
21#define _NET_BATMAN_ADV_BITARRAY_H_ 21#define _NET_BATMAN_ADV_BITARRAY_H_
22 22
23/* returns true if the corresponding bit in the given seq_bits indicates true 23/* Returns 1 if the corresponding bit in the given seq_bits indicates true
24 * and curr_seqno is within range of last_seqno 24 * and curr_seqno is within range of last_seqno. Otherwise returns 0.
25 */ 25 */
26static inline int batadv_test_bit(const unsigned long *seq_bits, 26static inline int batadv_test_bit(const unsigned long *seq_bits,
27 uint32_t last_seqno, uint32_t curr_seqno) 27 uint32_t last_seqno, uint32_t curr_seqno)
@@ -32,7 +32,7 @@ static inline int batadv_test_bit(const unsigned long *seq_bits,
32 if (diff < 0 || diff >= BATADV_TQ_LOCAL_WINDOW_SIZE) 32 if (diff < 0 || diff >= BATADV_TQ_LOCAL_WINDOW_SIZE)
33 return 0; 33 return 0;
34 else 34 else
35 return test_bit(diff, seq_bits); 35 return test_bit(diff, seq_bits) != 0;
36} 36}
37 37
38/* turn corresponding bit on, so we can remember that we got the packet */ 38/* turn corresponding bit on, so we can remember that we got the packet */
diff --git a/net/bluetooth/bnep/sock.c b/net/bluetooth/bnep/sock.c
index 5e5f5b410e0b..1eaacf10d19d 100644
--- a/net/bluetooth/bnep/sock.c
+++ b/net/bluetooth/bnep/sock.c
@@ -58,7 +58,7 @@ static int bnep_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long
58 switch (cmd) { 58 switch (cmd) {
59 case BNEPCONNADD: 59 case BNEPCONNADD:
60 if (!capable(CAP_NET_ADMIN)) 60 if (!capable(CAP_NET_ADMIN))
61 return -EACCES; 61 return -EPERM;
62 62
63 if (copy_from_user(&ca, argp, sizeof(ca))) 63 if (copy_from_user(&ca, argp, sizeof(ca)))
64 return -EFAULT; 64 return -EFAULT;
@@ -84,7 +84,7 @@ static int bnep_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long
84 84
85 case BNEPCONNDEL: 85 case BNEPCONNDEL:
86 if (!capable(CAP_NET_ADMIN)) 86 if (!capable(CAP_NET_ADMIN))
87 return -EACCES; 87 return -EPERM;
88 88
89 if (copy_from_user(&cd, argp, sizeof(cd))) 89 if (copy_from_user(&cd, argp, sizeof(cd)))
90 return -EFAULT; 90 return -EFAULT;
diff --git a/net/bluetooth/cmtp/sock.c b/net/bluetooth/cmtp/sock.c
index 311668d14571..32dc83dcb6b2 100644
--- a/net/bluetooth/cmtp/sock.c
+++ b/net/bluetooth/cmtp/sock.c
@@ -72,7 +72,7 @@ static int cmtp_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long
72 switch (cmd) { 72 switch (cmd) {
73 case CMTPCONNADD: 73 case CMTPCONNADD:
74 if (!capable(CAP_NET_ADMIN)) 74 if (!capable(CAP_NET_ADMIN))
75 return -EACCES; 75 return -EPERM;
76 76
77 if (copy_from_user(&ca, argp, sizeof(ca))) 77 if (copy_from_user(&ca, argp, sizeof(ca)))
78 return -EFAULT; 78 return -EFAULT;
@@ -97,7 +97,7 @@ static int cmtp_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long
97 97
98 case CMTPCONNDEL: 98 case CMTPCONNDEL:
99 if (!capable(CAP_NET_ADMIN)) 99 if (!capable(CAP_NET_ADMIN))
100 return -EACCES; 100 return -EPERM;
101 101
102 if (copy_from_user(&cd, argp, sizeof(cd))) 102 if (copy_from_user(&cd, argp, sizeof(cd)))
103 return -EFAULT; 103 return -EFAULT;
diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c
index 19fdac78e555..d5ace1eda3ed 100644
--- a/net/bluetooth/hci_sock.c
+++ b/net/bluetooth/hci_sock.c
@@ -490,7 +490,7 @@ static int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd,
490 switch (cmd) { 490 switch (cmd) {
491 case HCISETRAW: 491 case HCISETRAW:
492 if (!capable(CAP_NET_ADMIN)) 492 if (!capable(CAP_NET_ADMIN))
493 return -EACCES; 493 return -EPERM;
494 494
495 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks)) 495 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
496 return -EPERM; 496 return -EPERM;
@@ -510,12 +510,12 @@ static int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd,
510 510
511 case HCIBLOCKADDR: 511 case HCIBLOCKADDR:
512 if (!capable(CAP_NET_ADMIN)) 512 if (!capable(CAP_NET_ADMIN))
513 return -EACCES; 513 return -EPERM;
514 return hci_sock_blacklist_add(hdev, (void __user *) arg); 514 return hci_sock_blacklist_add(hdev, (void __user *) arg);
515 515
516 case HCIUNBLOCKADDR: 516 case HCIUNBLOCKADDR:
517 if (!capable(CAP_NET_ADMIN)) 517 if (!capable(CAP_NET_ADMIN))
518 return -EACCES; 518 return -EPERM;
519 return hci_sock_blacklist_del(hdev, (void __user *) arg); 519 return hci_sock_blacklist_del(hdev, (void __user *) arg);
520 520
521 default: 521 default:
@@ -546,22 +546,22 @@ static int hci_sock_ioctl(struct socket *sock, unsigned int cmd,
546 546
547 case HCIDEVUP: 547 case HCIDEVUP:
548 if (!capable(CAP_NET_ADMIN)) 548 if (!capable(CAP_NET_ADMIN))
549 return -EACCES; 549 return -EPERM;
550 return hci_dev_open(arg); 550 return hci_dev_open(arg);
551 551
552 case HCIDEVDOWN: 552 case HCIDEVDOWN:
553 if (!capable(CAP_NET_ADMIN)) 553 if (!capable(CAP_NET_ADMIN))
554 return -EACCES; 554 return -EPERM;
555 return hci_dev_close(arg); 555 return hci_dev_close(arg);
556 556
557 case HCIDEVRESET: 557 case HCIDEVRESET:
558 if (!capable(CAP_NET_ADMIN)) 558 if (!capable(CAP_NET_ADMIN))
559 return -EACCES; 559 return -EPERM;
560 return hci_dev_reset(arg); 560 return hci_dev_reset(arg);
561 561
562 case HCIDEVRESTAT: 562 case HCIDEVRESTAT:
563 if (!capable(CAP_NET_ADMIN)) 563 if (!capable(CAP_NET_ADMIN))
564 return -EACCES; 564 return -EPERM;
565 return hci_dev_reset_stat(arg); 565 return hci_dev_reset_stat(arg);
566 566
567 case HCISETSCAN: 567 case HCISETSCAN:
@@ -573,7 +573,7 @@ static int hci_sock_ioctl(struct socket *sock, unsigned int cmd,
573 case HCISETACLMTU: 573 case HCISETACLMTU:
574 case HCISETSCOMTU: 574 case HCISETSCOMTU:
575 if (!capable(CAP_NET_ADMIN)) 575 if (!capable(CAP_NET_ADMIN))
576 return -EACCES; 576 return -EPERM;
577 return hci_dev_cmd(cmd, argp); 577 return hci_dev_cmd(cmd, argp);
578 578
579 case HCIINQUIRY: 579 case HCIINQUIRY:
diff --git a/net/bluetooth/hidp/sock.c b/net/bluetooth/hidp/sock.c
index 18b3f6892a36..b24fb3bd8625 100644
--- a/net/bluetooth/hidp/sock.c
+++ b/net/bluetooth/hidp/sock.c
@@ -56,7 +56,7 @@ static int hidp_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long
56 switch (cmd) { 56 switch (cmd) {
57 case HIDPCONNADD: 57 case HIDPCONNADD:
58 if (!capable(CAP_NET_ADMIN)) 58 if (!capable(CAP_NET_ADMIN))
59 return -EACCES; 59 return -EPERM;
60 60
61 if (copy_from_user(&ca, argp, sizeof(ca))) 61 if (copy_from_user(&ca, argp, sizeof(ca)))
62 return -EFAULT; 62 return -EFAULT;
@@ -91,7 +91,7 @@ static int hidp_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long
91 91
92 case HIDPCONNDEL: 92 case HIDPCONNDEL:
93 if (!capable(CAP_NET_ADMIN)) 93 if (!capable(CAP_NET_ADMIN))
94 return -EACCES; 94 return -EPERM;
95 95
96 if (copy_from_user(&cd, argp, sizeof(cd))) 96 if (copy_from_user(&cd, argp, sizeof(cd)))
97 return -EFAULT; 97 return -EFAULT;
diff --git a/net/core/dev.c b/net/core/dev.c
index d7fe32c946c1..89e33a5d4d93 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -2134,7 +2134,8 @@ static bool can_checksum_protocol(netdev_features_t features, __be16 protocol)
2134static netdev_features_t harmonize_features(struct sk_buff *skb, 2134static netdev_features_t harmonize_features(struct sk_buff *skb,
2135 __be16 protocol, netdev_features_t features) 2135 __be16 protocol, netdev_features_t features)
2136{ 2136{
2137 if (!can_checksum_protocol(features, protocol)) { 2137 if (skb->ip_summed != CHECKSUM_NONE &&
2138 !can_checksum_protocol(features, protocol)) {
2138 features &= ~NETIF_F_ALL_CSUM; 2139 features &= ~NETIF_F_ALL_CSUM;
2139 features &= ~NETIF_F_SG; 2140 features &= ~NETIF_F_SG;
2140 } else if (illegal_highdma(skb->dev, skb)) { 2141 } else if (illegal_highdma(skb->dev, skb)) {
@@ -3322,7 +3323,7 @@ ncls:
3322 3323
3323 if (pt_prev) { 3324 if (pt_prev) {
3324 if (unlikely(skb_orphan_frags(skb, GFP_ATOMIC))) 3325 if (unlikely(skb_orphan_frags(skb, GFP_ATOMIC)))
3325 ret = -ENOMEM; 3326 goto drop;
3326 else 3327 else
3327 ret = pt_prev->func(skb, skb->dev, pt_prev, orig_dev); 3328 ret = pt_prev->func(skb, skb->dev, pt_prev, orig_dev);
3328 } else { 3329 } else {
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index fe00d1208167..e33ebae519c8 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -3502,7 +3502,9 @@ bool skb_try_coalesce(struct sk_buff *to, struct sk_buff *from,
3502 if (!skb_cloned(from)) 3502 if (!skb_cloned(from))
3503 skb_shinfo(from)->nr_frags = 0; 3503 skb_shinfo(from)->nr_frags = 0;
3504 3504
3505 /* if the skb is cloned this does nothing since we set nr_frags to 0 */ 3505 /* if the skb is not cloned this does nothing
3506 * since we set nr_frags to 0.
3507 */
3506 for (i = 0; i < skb_shinfo(from)->nr_frags; i++) 3508 for (i = 0; i < skb_shinfo(from)->nr_frags; i++)
3507 skb_frag_ref(from, i); 3509 skb_frag_ref(from, i);
3508 3510
diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c
index 77e87aff419a..47800459e4cb 100644
--- a/net/ipv4/arp.c
+++ b/net/ipv4/arp.c
@@ -1225,7 +1225,7 @@ static int arp_netdev_event(struct notifier_block *this, unsigned long event,
1225 switch (event) { 1225 switch (event) {
1226 case NETDEV_CHANGEADDR: 1226 case NETDEV_CHANGEADDR:
1227 neigh_changeaddr(&arp_tbl, dev); 1227 neigh_changeaddr(&arp_tbl, dev);
1228 rt_cache_flush(dev_net(dev), 0); 1228 rt_cache_flush(dev_net(dev));
1229 break; 1229 break;
1230 default: 1230 default:
1231 break; 1231 break;
diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
index 44bf82e3aef7..e12fad773852 100644
--- a/net/ipv4/devinet.c
+++ b/net/ipv4/devinet.c
@@ -725,7 +725,7 @@ int devinet_ioctl(struct net *net, unsigned int cmd, void __user *arg)
725 break; 725 break;
726 726
727 case SIOCSIFFLAGS: 727 case SIOCSIFFLAGS:
728 ret = -EACCES; 728 ret = -EPERM;
729 if (!capable(CAP_NET_ADMIN)) 729 if (!capable(CAP_NET_ADMIN))
730 goto out; 730 goto out;
731 break; 731 break;
@@ -733,7 +733,7 @@ int devinet_ioctl(struct net *net, unsigned int cmd, void __user *arg)
733 case SIOCSIFBRDADDR: /* Set the broadcast address */ 733 case SIOCSIFBRDADDR: /* Set the broadcast address */
734 case SIOCSIFDSTADDR: /* Set the destination address */ 734 case SIOCSIFDSTADDR: /* Set the destination address */
735 case SIOCSIFNETMASK: /* Set the netmask for the interface */ 735 case SIOCSIFNETMASK: /* Set the netmask for the interface */
736 ret = -EACCES; 736 ret = -EPERM;
737 if (!capable(CAP_NET_ADMIN)) 737 if (!capable(CAP_NET_ADMIN))
738 goto out; 738 goto out;
739 ret = -EINVAL; 739 ret = -EINVAL;
@@ -1503,7 +1503,7 @@ static int devinet_conf_proc(ctl_table *ctl, int write,
1503 if (i == IPV4_DEVCONF_ACCEPT_LOCAL - 1 || 1503 if (i == IPV4_DEVCONF_ACCEPT_LOCAL - 1 ||
1504 i == IPV4_DEVCONF_ROUTE_LOCALNET - 1) 1504 i == IPV4_DEVCONF_ROUTE_LOCALNET - 1)
1505 if ((new_value == 0) && (old_value != 0)) 1505 if ((new_value == 0) && (old_value != 0))
1506 rt_cache_flush(net, 0); 1506 rt_cache_flush(net);
1507 } 1507 }
1508 1508
1509 return ret; 1509 return ret;
@@ -1537,7 +1537,7 @@ static int devinet_sysctl_forward(ctl_table *ctl, int write,
1537 dev_disable_lro(idev->dev); 1537 dev_disable_lro(idev->dev);
1538 } 1538 }
1539 rtnl_unlock(); 1539 rtnl_unlock();
1540 rt_cache_flush(net, 0); 1540 rt_cache_flush(net);
1541 } 1541 }
1542 } 1542 }
1543 1543
@@ -1554,7 +1554,7 @@ static int ipv4_doint_and_flush(ctl_table *ctl, int write,
1554 struct net *net = ctl->extra2; 1554 struct net *net = ctl->extra2;
1555 1555
1556 if (write && *valp != val) 1556 if (write && *valp != val)
1557 rt_cache_flush(net, 0); 1557 rt_cache_flush(net);
1558 1558
1559 return ret; 1559 return ret;
1560} 1560}
diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c
index c43ae3fba792..8e2b475da9fa 100644
--- a/net/ipv4/fib_frontend.c
+++ b/net/ipv4/fib_frontend.c
@@ -148,7 +148,7 @@ static void fib_flush(struct net *net)
148 } 148 }
149 149
150 if (flushed) 150 if (flushed)
151 rt_cache_flush(net, -1); 151 rt_cache_flush(net);
152} 152}
153 153
154/* 154/*
@@ -999,11 +999,11 @@ static void nl_fib_lookup_exit(struct net *net)
999 net->ipv4.fibnl = NULL; 999 net->ipv4.fibnl = NULL;
1000} 1000}
1001 1001
1002static void fib_disable_ip(struct net_device *dev, int force, int delay) 1002static void fib_disable_ip(struct net_device *dev, int force)
1003{ 1003{
1004 if (fib_sync_down_dev(dev, force)) 1004 if (fib_sync_down_dev(dev, force))
1005 fib_flush(dev_net(dev)); 1005 fib_flush(dev_net(dev));
1006 rt_cache_flush(dev_net(dev), delay); 1006 rt_cache_flush(dev_net(dev));
1007 arp_ifdown(dev); 1007 arp_ifdown(dev);
1008} 1008}
1009 1009
@@ -1020,7 +1020,7 @@ static int fib_inetaddr_event(struct notifier_block *this, unsigned long event,
1020 fib_sync_up(dev); 1020 fib_sync_up(dev);
1021#endif 1021#endif
1022 atomic_inc(&net->ipv4.dev_addr_genid); 1022 atomic_inc(&net->ipv4.dev_addr_genid);
1023 rt_cache_flush(dev_net(dev), -1); 1023 rt_cache_flush(dev_net(dev));
1024 break; 1024 break;
1025 case NETDEV_DOWN: 1025 case NETDEV_DOWN:
1026 fib_del_ifaddr(ifa, NULL); 1026 fib_del_ifaddr(ifa, NULL);
@@ -1029,9 +1029,9 @@ static int fib_inetaddr_event(struct notifier_block *this, unsigned long event,
1029 /* Last address was deleted from this interface. 1029 /* Last address was deleted from this interface.
1030 * Disable IP. 1030 * Disable IP.
1031 */ 1031 */
1032 fib_disable_ip(dev, 1, 0); 1032 fib_disable_ip(dev, 1);
1033 } else { 1033 } else {
1034 rt_cache_flush(dev_net(dev), -1); 1034 rt_cache_flush(dev_net(dev));
1035 } 1035 }
1036 break; 1036 break;
1037 } 1037 }
@@ -1045,7 +1045,7 @@ static int fib_netdev_event(struct notifier_block *this, unsigned long event, vo
1045 struct net *net = dev_net(dev); 1045 struct net *net = dev_net(dev);
1046 1046
1047 if (event == NETDEV_UNREGISTER) { 1047 if (event == NETDEV_UNREGISTER) {
1048 fib_disable_ip(dev, 2, -1); 1048 fib_disable_ip(dev, 2);
1049 rt_flush_dev(dev); 1049 rt_flush_dev(dev);
1050 return NOTIFY_DONE; 1050 return NOTIFY_DONE;
1051 } 1051 }
@@ -1062,14 +1062,14 @@ static int fib_netdev_event(struct notifier_block *this, unsigned long event, vo
1062 fib_sync_up(dev); 1062 fib_sync_up(dev);
1063#endif 1063#endif
1064 atomic_inc(&net->ipv4.dev_addr_genid); 1064 atomic_inc(&net->ipv4.dev_addr_genid);
1065 rt_cache_flush(dev_net(dev), -1); 1065 rt_cache_flush(dev_net(dev));
1066 break; 1066 break;
1067 case NETDEV_DOWN: 1067 case NETDEV_DOWN:
1068 fib_disable_ip(dev, 0, 0); 1068 fib_disable_ip(dev, 0);
1069 break; 1069 break;
1070 case NETDEV_CHANGEMTU: 1070 case NETDEV_CHANGEMTU:
1071 case NETDEV_CHANGE: 1071 case NETDEV_CHANGE:
1072 rt_cache_flush(dev_net(dev), 0); 1072 rt_cache_flush(dev_net(dev));
1073 break; 1073 break;
1074 case NETDEV_UNREGISTER_BATCH: 1074 case NETDEV_UNREGISTER_BATCH:
1075 break; 1075 break;
diff --git a/net/ipv4/fib_rules.c b/net/ipv4/fib_rules.c
index a83d74e498d2..274309d3aded 100644
--- a/net/ipv4/fib_rules.c
+++ b/net/ipv4/fib_rules.c
@@ -259,7 +259,7 @@ static size_t fib4_rule_nlmsg_payload(struct fib_rule *rule)
259 259
260static void fib4_rule_flush_cache(struct fib_rules_ops *ops) 260static void fib4_rule_flush_cache(struct fib_rules_ops *ops)
261{ 261{
262 rt_cache_flush(ops->fro_net, -1); 262 rt_cache_flush(ops->fro_net);
263} 263}
264 264
265static const struct fib_rules_ops __net_initdata fib4_rules_ops_template = { 265static const struct fib_rules_ops __net_initdata fib4_rules_ops_template = {
diff --git a/net/ipv4/fib_trie.c b/net/ipv4/fib_trie.c
index 57bd978483e1..d1b93595b4a7 100644
--- a/net/ipv4/fib_trie.c
+++ b/net/ipv4/fib_trie.c
@@ -1286,7 +1286,7 @@ int fib_table_insert(struct fib_table *tb, struct fib_config *cfg)
1286 1286
1287 fib_release_info(fi_drop); 1287 fib_release_info(fi_drop);
1288 if (state & FA_S_ACCESSED) 1288 if (state & FA_S_ACCESSED)
1289 rt_cache_flush(cfg->fc_nlinfo.nl_net, -1); 1289 rt_cache_flush(cfg->fc_nlinfo.nl_net);
1290 rtmsg_fib(RTM_NEWROUTE, htonl(key), new_fa, plen, 1290 rtmsg_fib(RTM_NEWROUTE, htonl(key), new_fa, plen,
1291 tb->tb_id, &cfg->fc_nlinfo, NLM_F_REPLACE); 1291 tb->tb_id, &cfg->fc_nlinfo, NLM_F_REPLACE);
1292 1292
@@ -1333,7 +1333,7 @@ int fib_table_insert(struct fib_table *tb, struct fib_config *cfg)
1333 list_add_tail_rcu(&new_fa->fa_list, 1333 list_add_tail_rcu(&new_fa->fa_list,
1334 (fa ? &fa->fa_list : fa_head)); 1334 (fa ? &fa->fa_list : fa_head));
1335 1335
1336 rt_cache_flush(cfg->fc_nlinfo.nl_net, -1); 1336 rt_cache_flush(cfg->fc_nlinfo.nl_net);
1337 rtmsg_fib(RTM_NEWROUTE, htonl(key), new_fa, plen, tb->tb_id, 1337 rtmsg_fib(RTM_NEWROUTE, htonl(key), new_fa, plen, tb->tb_id,
1338 &cfg->fc_nlinfo, 0); 1338 &cfg->fc_nlinfo, 0);
1339succeeded: 1339succeeded:
@@ -1708,7 +1708,7 @@ int fib_table_delete(struct fib_table *tb, struct fib_config *cfg)
1708 trie_leaf_remove(t, l); 1708 trie_leaf_remove(t, l);
1709 1709
1710 if (fa->fa_state & FA_S_ACCESSED) 1710 if (fa->fa_state & FA_S_ACCESSED)
1711 rt_cache_flush(cfg->fc_nlinfo.nl_net, -1); 1711 rt_cache_flush(cfg->fc_nlinfo.nl_net);
1712 1712
1713 fib_release_info(fa->fa_info); 1713 fib_release_info(fa->fa_info);
1714 alias_free_mem_rcu(fa); 1714 alias_free_mem_rcu(fa);
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index 82cf2a722b23..fd9af60397b5 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -202,11 +202,6 @@ EXPORT_SYMBOL(ip_tos2prio);
202static DEFINE_PER_CPU(struct rt_cache_stat, rt_cache_stat); 202static DEFINE_PER_CPU(struct rt_cache_stat, rt_cache_stat);
203#define RT_CACHE_STAT_INC(field) __this_cpu_inc(rt_cache_stat.field) 203#define RT_CACHE_STAT_INC(field) __this_cpu_inc(rt_cache_stat.field)
204 204
205static inline int rt_genid(struct net *net)
206{
207 return atomic_read(&net->ipv4.rt_genid);
208}
209
210#ifdef CONFIG_PROC_FS 205#ifdef CONFIG_PROC_FS
211static void *rt_cache_seq_start(struct seq_file *seq, loff_t *pos) 206static void *rt_cache_seq_start(struct seq_file *seq, loff_t *pos)
212{ 207{
@@ -447,27 +442,9 @@ static inline bool rt_is_expired(const struct rtable *rth)
447 return rth->rt_genid != rt_genid(dev_net(rth->dst.dev)); 442 return rth->rt_genid != rt_genid(dev_net(rth->dst.dev));
448} 443}
449 444
450/* 445void rt_cache_flush(struct net *net)
451 * Perturbation of rt_genid by a small quantity [1..256]
452 * Using 8 bits of shuffling ensure we can call rt_cache_invalidate()
453 * many times (2^24) without giving recent rt_genid.
454 * Jenkins hash is strong enough that litle changes of rt_genid are OK.
455 */
456static void rt_cache_invalidate(struct net *net)
457{ 446{
458 unsigned char shuffle; 447 rt_genid_bump(net);
459
460 get_random_bytes(&shuffle, sizeof(shuffle));
461 atomic_add(shuffle + 1U, &net->ipv4.rt_genid);
462}
463
464/*
465 * delay < 0 : invalidate cache (fast : entries will be deleted later)
466 * delay >= 0 : invalidate & flush cache (can be long)
467 */
468void rt_cache_flush(struct net *net, int delay)
469{
470 rt_cache_invalidate(net);
471} 448}
472 449
473static struct neighbour *ipv4_neigh_lookup(const struct dst_entry *dst, 450static struct neighbour *ipv4_neigh_lookup(const struct dst_entry *dst,
@@ -2345,7 +2322,7 @@ int ip_rt_dump(struct sk_buff *skb, struct netlink_callback *cb)
2345 2322
2346void ip_rt_multicast_event(struct in_device *in_dev) 2323void ip_rt_multicast_event(struct in_device *in_dev)
2347{ 2324{
2348 rt_cache_flush(dev_net(in_dev->dev), 0); 2325 rt_cache_flush(dev_net(in_dev->dev));
2349} 2326}
2350 2327
2351#ifdef CONFIG_SYSCTL 2328#ifdef CONFIG_SYSCTL
@@ -2354,16 +2331,7 @@ static int ipv4_sysctl_rtcache_flush(ctl_table *__ctl, int write,
2354 size_t *lenp, loff_t *ppos) 2331 size_t *lenp, loff_t *ppos)
2355{ 2332{
2356 if (write) { 2333 if (write) {
2357 int flush_delay; 2334 rt_cache_flush((struct net *)__ctl->extra1);
2358 ctl_table ctl;
2359 struct net *net;
2360
2361 memcpy(&ctl, __ctl, sizeof(ctl));
2362 ctl.data = &flush_delay;
2363 proc_dointvec(&ctl, write, buffer, lenp, ppos);
2364
2365 net = (struct net *)__ctl->extra1;
2366 rt_cache_flush(net, flush_delay);
2367 return 0; 2335 return 0;
2368 } 2336 }
2369 2337
@@ -2533,8 +2501,7 @@ static __net_initdata struct pernet_operations sysctl_route_ops = {
2533 2501
2534static __net_init int rt_genid_init(struct net *net) 2502static __net_init int rt_genid_init(struct net *net)
2535{ 2503{
2536 get_random_bytes(&net->ipv4.rt_genid, 2504 atomic_set(&net->rt_genid, 0);
2537 sizeof(net->ipv4.rt_genid));
2538 get_random_bytes(&net->ipv4.dev_addr_genid, 2505 get_random_bytes(&net->ipv4.dev_addr_genid,
2539 sizeof(net->ipv4.dev_addr_genid)); 2506 sizeof(net->ipv4.dev_addr_genid));
2540 return 0; 2507 return 0;
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index 2109ff4a1daf..5f6419341821 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -1762,8 +1762,14 @@ int tcp_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
1762 } 1762 }
1763 1763
1764#ifdef CONFIG_NET_DMA 1764#ifdef CONFIG_NET_DMA
1765 if (tp->ucopy.dma_chan) 1765 if (tp->ucopy.dma_chan) {
1766 dma_async_memcpy_issue_pending(tp->ucopy.dma_chan); 1766 if (tp->rcv_wnd == 0 &&
1767 !skb_queue_empty(&sk->sk_async_wait_queue)) {
1768 tcp_service_net_dma(sk, true);
1769 tcp_cleanup_rbuf(sk, copied);
1770 } else
1771 dma_async_memcpy_issue_pending(tp->ucopy.dma_chan);
1772 }
1767#endif 1773#endif
1768 if (copied >= target) { 1774 if (copied >= target) {
1769 /* Do not sleep, just process backlog. */ 1775 /* Do not sleep, just process backlog. */
@@ -2325,10 +2331,17 @@ static int tcp_repair_options_est(struct tcp_sock *tp,
2325 tp->rx_opt.mss_clamp = opt.opt_val; 2331 tp->rx_opt.mss_clamp = opt.opt_val;
2326 break; 2332 break;
2327 case TCPOPT_WINDOW: 2333 case TCPOPT_WINDOW:
2328 if (opt.opt_val > 14) 2334 {
2329 return -EFBIG; 2335 u16 snd_wscale = opt.opt_val & 0xFFFF;
2336 u16 rcv_wscale = opt.opt_val >> 16;
2337
2338 if (snd_wscale > 14 || rcv_wscale > 14)
2339 return -EFBIG;
2330 2340
2331 tp->rx_opt.snd_wscale = opt.opt_val; 2341 tp->rx_opt.snd_wscale = snd_wscale;
2342 tp->rx_opt.rcv_wscale = rcv_wscale;
2343 tp->rx_opt.wscale_ok = 1;
2344 }
2332 break; 2345 break;
2333 case TCPOPT_SACK_PERM: 2346 case TCPOPT_SACK_PERM:
2334 if (opt.opt_val != 0) 2347 if (opt.opt_val != 0)
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index 6e38c6c23caa..d377f4854cb8 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -4661,7 +4661,7 @@ queue_and_out:
4661 4661
4662 if (eaten > 0) 4662 if (eaten > 0)
4663 kfree_skb_partial(skb, fragstolen); 4663 kfree_skb_partial(skb, fragstolen);
4664 else if (!sock_flag(sk, SOCK_DEAD)) 4664 if (!sock_flag(sk, SOCK_DEAD))
4665 sk->sk_data_ready(sk, 0); 4665 sk->sk_data_ready(sk, 0);
4666 return; 4666 return;
4667 } 4667 }
@@ -5556,8 +5556,7 @@ no_ack:
5556#endif 5556#endif
5557 if (eaten) 5557 if (eaten)
5558 kfree_skb_partial(skb, fragstolen); 5558 kfree_skb_partial(skb, fragstolen);
5559 else 5559 sk->sk_data_ready(sk, 0);
5560 sk->sk_data_ready(sk, 0);
5561 return 0; 5560 return 0;
5562 } 5561 }
5563 } 5562 }
diff --git a/net/ipv6/inet6_connection_sock.c b/net/ipv6/inet6_connection_sock.c
index 0251a6005be8..c4f934176cab 100644
--- a/net/ipv6/inet6_connection_sock.c
+++ b/net/ipv6/inet6_connection_sock.c
@@ -175,33 +175,12 @@ void __inet6_csk_dst_store(struct sock *sk, struct dst_entry *dst,
175 const struct in6_addr *saddr) 175 const struct in6_addr *saddr)
176{ 176{
177 __ip6_dst_store(sk, dst, daddr, saddr); 177 __ip6_dst_store(sk, dst, daddr, saddr);
178
179#ifdef CONFIG_XFRM
180 {
181 struct rt6_info *rt = (struct rt6_info *)dst;
182 rt->rt6i_flow_cache_genid = atomic_read(&flow_cache_genid);
183 }
184#endif
185} 178}
186 179
187static inline 180static inline
188struct dst_entry *__inet6_csk_dst_check(struct sock *sk, u32 cookie) 181struct dst_entry *__inet6_csk_dst_check(struct sock *sk, u32 cookie)
189{ 182{
190 struct dst_entry *dst; 183 return __sk_dst_check(sk, cookie);
191
192 dst = __sk_dst_check(sk, cookie);
193
194#ifdef CONFIG_XFRM
195 if (dst) {
196 struct rt6_info *rt = (struct rt6_info *)dst;
197 if (rt->rt6i_flow_cache_genid != atomic_read(&flow_cache_genid)) {
198 __sk_dst_reset(sk);
199 dst = NULL;
200 }
201 }
202#endif
203
204 return dst;
205} 184}
206 185
207static struct dst_entry *inet6_csk_route_socket(struct sock *sk, 186static struct dst_entry *inet6_csk_route_socket(struct sock *sk,
diff --git a/net/ipv6/ip6_fib.c b/net/ipv6/ip6_fib.c
index 13690d650c3e..286acfc21250 100644
--- a/net/ipv6/ip6_fib.c
+++ b/net/ipv6/ip6_fib.c
@@ -819,6 +819,10 @@ int fib6_add(struct fib6_node *root, struct rt6_info *rt, struct nl_info *info)
819 offsetof(struct rt6_info, rt6i_src), 819 offsetof(struct rt6_info, rt6i_src),
820 allow_create, replace_required); 820 allow_create, replace_required);
821 821
822 if (IS_ERR(sn)) {
823 err = PTR_ERR(sn);
824 sn = NULL;
825 }
822 if (!sn) { 826 if (!sn) {
823 /* If it is failed, discard just allocated 827 /* If it is failed, discard just allocated
824 root, and then (in st_failure) stale node 828 root, and then (in st_failure) stale node
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index 8e80fd279100..854e4018d205 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -226,7 +226,7 @@ static struct rt6_info ip6_null_entry_template = {
226 .dst = { 226 .dst = {
227 .__refcnt = ATOMIC_INIT(1), 227 .__refcnt = ATOMIC_INIT(1),
228 .__use = 1, 228 .__use = 1,
229 .obsolete = -1, 229 .obsolete = DST_OBSOLETE_FORCE_CHK,
230 .error = -ENETUNREACH, 230 .error = -ENETUNREACH,
231 .input = ip6_pkt_discard, 231 .input = ip6_pkt_discard,
232 .output = ip6_pkt_discard_out, 232 .output = ip6_pkt_discard_out,
@@ -246,7 +246,7 @@ static struct rt6_info ip6_prohibit_entry_template = {
246 .dst = { 246 .dst = {
247 .__refcnt = ATOMIC_INIT(1), 247 .__refcnt = ATOMIC_INIT(1),
248 .__use = 1, 248 .__use = 1,
249 .obsolete = -1, 249 .obsolete = DST_OBSOLETE_FORCE_CHK,
250 .error = -EACCES, 250 .error = -EACCES,
251 .input = ip6_pkt_prohibit, 251 .input = ip6_pkt_prohibit,
252 .output = ip6_pkt_prohibit_out, 252 .output = ip6_pkt_prohibit_out,
@@ -261,7 +261,7 @@ static struct rt6_info ip6_blk_hole_entry_template = {
261 .dst = { 261 .dst = {
262 .__refcnt = ATOMIC_INIT(1), 262 .__refcnt = ATOMIC_INIT(1),
263 .__use = 1, 263 .__use = 1,
264 .obsolete = -1, 264 .obsolete = DST_OBSOLETE_FORCE_CHK,
265 .error = -EINVAL, 265 .error = -EINVAL,
266 .input = dst_discard, 266 .input = dst_discard,
267 .output = dst_discard, 267 .output = dst_discard,
@@ -281,13 +281,14 @@ static inline struct rt6_info *ip6_dst_alloc(struct net *net,
281 struct fib6_table *table) 281 struct fib6_table *table)
282{ 282{
283 struct rt6_info *rt = dst_alloc(&net->ipv6.ip6_dst_ops, dev, 283 struct rt6_info *rt = dst_alloc(&net->ipv6.ip6_dst_ops, dev,
284 0, DST_OBSOLETE_NONE, flags); 284 0, DST_OBSOLETE_FORCE_CHK, flags);
285 285
286 if (rt) { 286 if (rt) {
287 struct dst_entry *dst = &rt->dst; 287 struct dst_entry *dst = &rt->dst;
288 288
289 memset(dst + 1, 0, sizeof(*rt) - sizeof(*dst)); 289 memset(dst + 1, 0, sizeof(*rt) - sizeof(*dst));
290 rt6_init_peer(rt, table ? &table->tb6_peers : net->ipv6.peers); 290 rt6_init_peer(rt, table ? &table->tb6_peers : net->ipv6.peers);
291 rt->rt6i_genid = rt_genid(net);
291 } 292 }
292 return rt; 293 return rt;
293} 294}
@@ -1031,6 +1032,13 @@ static struct dst_entry *ip6_dst_check(struct dst_entry *dst, u32 cookie)
1031 1032
1032 rt = (struct rt6_info *) dst; 1033 rt = (struct rt6_info *) dst;
1033 1034
1035 /* All IPV6 dsts are created with ->obsolete set to the value
1036 * DST_OBSOLETE_FORCE_CHK which forces validation calls down
1037 * into this function always.
1038 */
1039 if (rt->rt6i_genid != rt_genid(dev_net(rt->dst.dev)))
1040 return NULL;
1041
1034 if (rt->rt6i_node && (rt->rt6i_node->fn_sernum == cookie)) { 1042 if (rt->rt6i_node && (rt->rt6i_node->fn_sernum == cookie)) {
1035 if (rt->rt6i_peer_genid != rt6_peer_genid()) { 1043 if (rt->rt6i_peer_genid != rt6_peer_genid()) {
1036 if (!rt6_has_peer(rt)) 1044 if (!rt6_has_peer(rt))
@@ -1397,8 +1405,6 @@ int ip6_route_add(struct fib6_config *cfg)
1397 goto out; 1405 goto out;
1398 } 1406 }
1399 1407
1400 rt->dst.obsolete = -1;
1401
1402 if (cfg->fc_flags & RTF_EXPIRES) 1408 if (cfg->fc_flags & RTF_EXPIRES)
1403 rt6_set_expires(rt, jiffies + 1409 rt6_set_expires(rt, jiffies +
1404 clock_t_to_jiffies(cfg->fc_expires)); 1410 clock_t_to_jiffies(cfg->fc_expires));
@@ -2080,7 +2086,6 @@ struct rt6_info *addrconf_dst_alloc(struct inet6_dev *idev,
2080 rt->dst.input = ip6_input; 2086 rt->dst.input = ip6_input;
2081 rt->dst.output = ip6_output; 2087 rt->dst.output = ip6_output;
2082 rt->rt6i_idev = idev; 2088 rt->rt6i_idev = idev;
2083 rt->dst.obsolete = -1;
2084 2089
2085 rt->rt6i_flags = RTF_UP | RTF_NONEXTHOP; 2090 rt->rt6i_flags = RTF_UP | RTF_NONEXTHOP;
2086 if (anycast) 2091 if (anycast)
diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c
index 1b9024ee963c..7261eb81974f 100644
--- a/net/netrom/af_netrom.c
+++ b/net/netrom/af_netrom.c
@@ -601,7 +601,7 @@ static int nr_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
601 if (!capable(CAP_NET_BIND_SERVICE)) { 601 if (!capable(CAP_NET_BIND_SERVICE)) {
602 dev_put(dev); 602 dev_put(dev);
603 release_sock(sk); 603 release_sock(sk);
604 return -EACCES; 604 return -EPERM;
605 } 605 }
606 nr->user_addr = addr->fsa_digipeater[0]; 606 nr->user_addr = addr->fsa_digipeater[0];
607 nr->source_addr = addr->fsa_ax25.sax25_call; 607 nr->source_addr = addr->fsa_ax25.sax25_call;
diff --git a/net/sched/sch_qfq.c b/net/sched/sch_qfq.c
index e4723d31fdd5..211a21217045 100644
--- a/net/sched/sch_qfq.c
+++ b/net/sched/sch_qfq.c
@@ -865,7 +865,10 @@ static void qfq_update_start(struct qfq_sched *q, struct qfq_class *cl)
865 if (mask) { 865 if (mask) {
866 struct qfq_group *next = qfq_ffs(q, mask); 866 struct qfq_group *next = qfq_ffs(q, mask);
867 if (qfq_gt(roundedF, next->F)) { 867 if (qfq_gt(roundedF, next->F)) {
868 cl->S = next->F; 868 if (qfq_gt(limit, next->F))
869 cl->S = next->F;
870 else /* preserve timestamp correctness */
871 cl->S = limit;
869 return; 872 return;
870 } 873 }
871 } 874 }
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 5a2aa17e4d3c..387848e90078 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -585,6 +585,7 @@ int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl)
585 xfrm_pol_hold(policy); 585 xfrm_pol_hold(policy);
586 net->xfrm.policy_count[dir]++; 586 net->xfrm.policy_count[dir]++;
587 atomic_inc(&flow_cache_genid); 587 atomic_inc(&flow_cache_genid);
588 rt_genid_bump(net);
588 if (delpol) 589 if (delpol)
589 __xfrm_policy_unlink(delpol, dir); 590 __xfrm_policy_unlink(delpol, dir);
590 policy->index = delpol ? delpol->index : xfrm_gen_index(net, dir); 591 policy->index = delpol ? delpol->index : xfrm_gen_index(net, dir);
@@ -1763,7 +1764,7 @@ static struct dst_entry *make_blackhole(struct net *net, u16 family,
1763 1764
1764 if (!afinfo) { 1765 if (!afinfo) {
1765 dst_release(dst_orig); 1766 dst_release(dst_orig);
1766 ret = ERR_PTR(-EINVAL); 1767 return ERR_PTR(-EINVAL);
1767 } else { 1768 } else {
1768 ret = afinfo->blackhole_route(net, dst_orig); 1769 ret = afinfo->blackhole_route(net, dst_orig);
1769 } 1770 }
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index e75d8e47f35c..289f4bf18ff0 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -123,9 +123,21 @@ static inline int verify_replay(struct xfrm_usersa_info *p,
123 struct nlattr **attrs) 123 struct nlattr **attrs)
124{ 124{
125 struct nlattr *rt = attrs[XFRMA_REPLAY_ESN_VAL]; 125 struct nlattr *rt = attrs[XFRMA_REPLAY_ESN_VAL];
126 struct xfrm_replay_state_esn *rs;
126 127
127 if ((p->flags & XFRM_STATE_ESN) && !rt) 128 if (p->flags & XFRM_STATE_ESN) {
128 return -EINVAL; 129 if (!rt)
130 return -EINVAL;
131
132 rs = nla_data(rt);
133
134 if (rs->bmp_len > XFRMA_REPLAY_ESN_MAX / sizeof(rs->bmp[0]) / 8)
135 return -EINVAL;
136
137 if (nla_len(rt) < xfrm_replay_state_esn_len(rs) &&
138 nla_len(rt) != sizeof(*rs))
139 return -EINVAL;
140 }
129 141
130 if (!rt) 142 if (!rt)
131 return 0; 143 return 0;
@@ -370,14 +382,15 @@ static inline int xfrm_replay_verify_len(struct xfrm_replay_state_esn *replay_es
370 struct nlattr *rp) 382 struct nlattr *rp)
371{ 383{
372 struct xfrm_replay_state_esn *up; 384 struct xfrm_replay_state_esn *up;
385 int ulen;
373 386
374 if (!replay_esn || !rp) 387 if (!replay_esn || !rp)
375 return 0; 388 return 0;
376 389
377 up = nla_data(rp); 390 up = nla_data(rp);
391 ulen = xfrm_replay_state_esn_len(up);
378 392
379 if (xfrm_replay_state_esn_len(replay_esn) != 393 if (nla_len(rp) < ulen || xfrm_replay_state_esn_len(replay_esn) != ulen)
380 xfrm_replay_state_esn_len(up))
381 return -EINVAL; 394 return -EINVAL;
382 395
383 return 0; 396 return 0;
@@ -388,22 +401,28 @@ static int xfrm_alloc_replay_state_esn(struct xfrm_replay_state_esn **replay_esn
388 struct nlattr *rta) 401 struct nlattr *rta)
389{ 402{
390 struct xfrm_replay_state_esn *p, *pp, *up; 403 struct xfrm_replay_state_esn *p, *pp, *up;
404 int klen, ulen;
391 405
392 if (!rta) 406 if (!rta)
393 return 0; 407 return 0;
394 408
395 up = nla_data(rta); 409 up = nla_data(rta);
410 klen = xfrm_replay_state_esn_len(up);
411 ulen = nla_len(rta) >= klen ? klen : sizeof(*up);
396 412
397 p = kmemdup(up, xfrm_replay_state_esn_len(up), GFP_KERNEL); 413 p = kzalloc(klen, GFP_KERNEL);
398 if (!p) 414 if (!p)
399 return -ENOMEM; 415 return -ENOMEM;
400 416
401 pp = kmemdup(up, xfrm_replay_state_esn_len(up), GFP_KERNEL); 417 pp = kzalloc(klen, GFP_KERNEL);
402 if (!pp) { 418 if (!pp) {
403 kfree(p); 419 kfree(p);
404 return -ENOMEM; 420 return -ENOMEM;
405 } 421 }
406 422
423 memcpy(p, up, ulen);
424 memcpy(pp, up, ulen);
425
407 *replay_esn = p; 426 *replay_esn = p;
408 *preplay_esn = pp; 427 *preplay_esn = pp;
409 428
@@ -442,10 +461,11 @@ static void copy_from_user_state(struct xfrm_state *x, struct xfrm_usersa_info *
442 * somehow made shareable and move it to xfrm_state.c - JHS 461 * somehow made shareable and move it to xfrm_state.c - JHS
443 * 462 *
444*/ 463*/
445static void xfrm_update_ae_params(struct xfrm_state *x, struct nlattr **attrs) 464static void xfrm_update_ae_params(struct xfrm_state *x, struct nlattr **attrs,
465 int update_esn)
446{ 466{
447 struct nlattr *rp = attrs[XFRMA_REPLAY_VAL]; 467 struct nlattr *rp = attrs[XFRMA_REPLAY_VAL];
448 struct nlattr *re = attrs[XFRMA_REPLAY_ESN_VAL]; 468 struct nlattr *re = update_esn ? attrs[XFRMA_REPLAY_ESN_VAL] : NULL;
449 struct nlattr *lt = attrs[XFRMA_LTIME_VAL]; 469 struct nlattr *lt = attrs[XFRMA_LTIME_VAL];
450 struct nlattr *et = attrs[XFRMA_ETIMER_THRESH]; 470 struct nlattr *et = attrs[XFRMA_ETIMER_THRESH];
451 struct nlattr *rt = attrs[XFRMA_REPLAY_THRESH]; 471 struct nlattr *rt = attrs[XFRMA_REPLAY_THRESH];
@@ -555,7 +575,7 @@ static struct xfrm_state *xfrm_state_construct(struct net *net,
555 goto error; 575 goto error;
556 576
557 /* override default values from above */ 577 /* override default values from above */
558 xfrm_update_ae_params(x, attrs); 578 xfrm_update_ae_params(x, attrs, 0);
559 579
560 return x; 580 return x;
561 581
@@ -689,6 +709,7 @@ out:
689 709
690static void copy_to_user_state(struct xfrm_state *x, struct xfrm_usersa_info *p) 710static void copy_to_user_state(struct xfrm_state *x, struct xfrm_usersa_info *p)
691{ 711{
712 memset(p, 0, sizeof(*p));
692 memcpy(&p->id, &x->id, sizeof(p->id)); 713 memcpy(&p->id, &x->id, sizeof(p->id));
693 memcpy(&p->sel, &x->sel, sizeof(p->sel)); 714 memcpy(&p->sel, &x->sel, sizeof(p->sel));
694 memcpy(&p->lft, &x->lft, sizeof(p->lft)); 715 memcpy(&p->lft, &x->lft, sizeof(p->lft));
@@ -742,7 +763,7 @@ static int copy_to_user_auth(struct xfrm_algo_auth *auth, struct sk_buff *skb)
742 return -EMSGSIZE; 763 return -EMSGSIZE;
743 764
744 algo = nla_data(nla); 765 algo = nla_data(nla);
745 strcpy(algo->alg_name, auth->alg_name); 766 strncpy(algo->alg_name, auth->alg_name, sizeof(algo->alg_name));
746 memcpy(algo->alg_key, auth->alg_key, (auth->alg_key_len + 7) / 8); 767 memcpy(algo->alg_key, auth->alg_key, (auth->alg_key_len + 7) / 8);
747 algo->alg_key_len = auth->alg_key_len; 768 algo->alg_key_len = auth->alg_key_len;
748 769
@@ -878,6 +899,7 @@ static struct sk_buff *xfrm_state_netlink(struct sk_buff *in_skb,
878{ 899{
879 struct xfrm_dump_info info; 900 struct xfrm_dump_info info;
880 struct sk_buff *skb; 901 struct sk_buff *skb;
902 int err;
881 903
882 skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC); 904 skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
883 if (!skb) 905 if (!skb)
@@ -888,9 +910,10 @@ static struct sk_buff *xfrm_state_netlink(struct sk_buff *in_skb,
888 info.nlmsg_seq = seq; 910 info.nlmsg_seq = seq;
889 info.nlmsg_flags = 0; 911 info.nlmsg_flags = 0;
890 912
891 if (dump_one_state(x, 0, &info)) { 913 err = dump_one_state(x, 0, &info);
914 if (err) {
892 kfree_skb(skb); 915 kfree_skb(skb);
893 return NULL; 916 return ERR_PTR(err);
894 } 917 }
895 918
896 return skb; 919 return skb;
@@ -1317,6 +1340,7 @@ static void copy_from_user_policy(struct xfrm_policy *xp, struct xfrm_userpolicy
1317 1340
1318static void copy_to_user_policy(struct xfrm_policy *xp, struct xfrm_userpolicy_info *p, int dir) 1341static void copy_to_user_policy(struct xfrm_policy *xp, struct xfrm_userpolicy_info *p, int dir)
1319{ 1342{
1343 memset(p, 0, sizeof(*p));
1320 memcpy(&p->sel, &xp->selector, sizeof(p->sel)); 1344 memcpy(&p->sel, &xp->selector, sizeof(p->sel));
1321 memcpy(&p->lft, &xp->lft, sizeof(p->lft)); 1345 memcpy(&p->lft, &xp->lft, sizeof(p->lft));
1322 memcpy(&p->curlft, &xp->curlft, sizeof(p->curlft)); 1346 memcpy(&p->curlft, &xp->curlft, sizeof(p->curlft));
@@ -1421,6 +1445,7 @@ static int copy_to_user_tmpl(struct xfrm_policy *xp, struct sk_buff *skb)
1421 struct xfrm_user_tmpl *up = &vec[i]; 1445 struct xfrm_user_tmpl *up = &vec[i];
1422 struct xfrm_tmpl *kp = &xp->xfrm_vec[i]; 1446 struct xfrm_tmpl *kp = &xp->xfrm_vec[i];
1423 1447
1448 memset(up, 0, sizeof(*up));
1424 memcpy(&up->id, &kp->id, sizeof(up->id)); 1449 memcpy(&up->id, &kp->id, sizeof(up->id));
1425 up->family = kp->encap_family; 1450 up->family = kp->encap_family;
1426 memcpy(&up->saddr, &kp->saddr, sizeof(up->saddr)); 1451 memcpy(&up->saddr, &kp->saddr, sizeof(up->saddr));
@@ -1546,6 +1571,7 @@ static struct sk_buff *xfrm_policy_netlink(struct sk_buff *in_skb,
1546{ 1571{
1547 struct xfrm_dump_info info; 1572 struct xfrm_dump_info info;
1548 struct sk_buff *skb; 1573 struct sk_buff *skb;
1574 int err;
1549 1575
1550 skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 1576 skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1551 if (!skb) 1577 if (!skb)
@@ -1556,9 +1582,10 @@ static struct sk_buff *xfrm_policy_netlink(struct sk_buff *in_skb,
1556 info.nlmsg_seq = seq; 1582 info.nlmsg_seq = seq;
1557 info.nlmsg_flags = 0; 1583 info.nlmsg_flags = 0;
1558 1584
1559 if (dump_one_policy(xp, dir, 0, &info) < 0) { 1585 err = dump_one_policy(xp, dir, 0, &info);
1586 if (err) {
1560 kfree_skb(skb); 1587 kfree_skb(skb);
1561 return NULL; 1588 return ERR_PTR(err);
1562 } 1589 }
1563 1590
1564 return skb; 1591 return skb;
@@ -1822,7 +1849,7 @@ static int xfrm_new_ae(struct sk_buff *skb, struct nlmsghdr *nlh,
1822 goto out; 1849 goto out;
1823 1850
1824 spin_lock_bh(&x->lock); 1851 spin_lock_bh(&x->lock);
1825 xfrm_update_ae_params(x, attrs); 1852 xfrm_update_ae_params(x, attrs, 1);
1826 spin_unlock_bh(&x->lock); 1853 spin_unlock_bh(&x->lock);
1827 1854
1828 c.event = nlh->nlmsg_type; 1855 c.event = nlh->nlmsg_type;
diff --git a/security/selinux/include/xfrm.h b/security/selinux/include/xfrm.h
index c220f314709c..65f67cb0aefb 100644
--- a/security/selinux/include/xfrm.h
+++ b/security/selinux/include/xfrm.h
@@ -51,6 +51,7 @@ int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall);
51static inline void selinux_xfrm_notify_policyload(void) 51static inline void selinux_xfrm_notify_policyload(void)
52{ 52{
53 atomic_inc(&flow_cache_genid); 53 atomic_inc(&flow_cache_genid);
54 rt_genid_bump(&init_net);
54} 55}
55#else 56#else
56static inline int selinux_xfrm_enabled(void) 57static inline int selinux_xfrm_enabled(void)
generated by cgit v1.2.2 (git 2.25.0) at 2025-12-30 00:56:36 -0500