diff options
89 files changed, 520 insertions, 148 deletions
diff --git a/arch/x86_64/kernel/functionlist b/arch/x86_64/kernel/functionlist index 2bcebdc3eedb..01fa23580c85 100644 --- a/arch/x86_64/kernel/functionlist +++ b/arch/x86_64/kernel/functionlist | |||
@@ -384,7 +384,6 @@ | |||
384 | *(.text.__end_that_request_first) | 384 | *(.text.__end_that_request_first) |
385 | *(.text.wake_up_bit) | 385 | *(.text.wake_up_bit) |
386 | *(.text.unuse_mm) | 386 | *(.text.unuse_mm) |
387 | *(.text.skb_release_data) | ||
388 | *(.text.shrink_icache_memory) | 387 | *(.text.shrink_icache_memory) |
389 | *(.text.sched_balance_self) | 388 | *(.text.sched_balance_self) |
390 | *(.text.__pmd_alloc) | 389 | *(.text.__pmd_alloc) |
diff --git a/drivers/atm/he.c b/drivers/atm/he.c index fde9334059af..a486eb1f1640 100644 --- a/drivers/atm/he.c +++ b/drivers/atm/he.c | |||
@@ -1018,7 +1018,7 @@ he_init_irq(struct he_dev *he_dev) | |||
1018 | return 0; | 1018 | return 0; |
1019 | } | 1019 | } |
1020 | 1020 | ||
1021 | static int __init | 1021 | static int __devinit |
1022 | he_start(struct atm_dev *dev) | 1022 | he_start(struct atm_dev *dev) |
1023 | { | 1023 | { |
1024 | struct he_dev *he_dev; | 1024 | struct he_dev *he_dev; |
diff --git a/drivers/atm/idt77105.c b/drivers/atm/idt77105.c index 0aabfc2a59d9..325325afabec 100644 --- a/drivers/atm/idt77105.c +++ b/drivers/atm/idt77105.c | |||
@@ -358,7 +358,7 @@ static const struct atmphy_ops idt77105_ops = { | |||
358 | }; | 358 | }; |
359 | 359 | ||
360 | 360 | ||
361 | int idt77105_init(struct atm_dev *dev) | 361 | int __devinit idt77105_init(struct atm_dev *dev) |
362 | { | 362 | { |
363 | dev->phy = &idt77105_ops; | 363 | dev->phy = &idt77105_ops; |
364 | return 0; | 364 | return 0; |
diff --git a/drivers/atm/idt77105.h b/drivers/atm/idt77105.h index 8ba8218aaefe..3fd2bc899761 100644 --- a/drivers/atm/idt77105.h +++ b/drivers/atm/idt77105.h | |||
@@ -76,7 +76,7 @@ | |||
76 | #define IDT77105_CTRSEL_RHEC 0x01 /* W, Rx HEC Error Counter */ | 76 | #define IDT77105_CTRSEL_RHEC 0x01 /* W, Rx HEC Error Counter */ |
77 | 77 | ||
78 | #ifdef __KERNEL__ | 78 | #ifdef __KERNEL__ |
79 | int idt77105_init(struct atm_dev *dev) __init; | 79 | int idt77105_init(struct atm_dev *dev); |
80 | #endif | 80 | #endif |
81 | 81 | ||
82 | /* | 82 | /* |
diff --git a/drivers/atm/iphase.c b/drivers/atm/iphase.c index 2e2e50e1167a..333a7bc609d2 100644 --- a/drivers/atm/iphase.c +++ b/drivers/atm/iphase.c | |||
@@ -2284,7 +2284,7 @@ static int reset_sar(struct atm_dev *dev) | |||
2284 | } | 2284 | } |
2285 | 2285 | ||
2286 | 2286 | ||
2287 | static int __init ia_init(struct atm_dev *dev) | 2287 | static int __devinit ia_init(struct atm_dev *dev) |
2288 | { | 2288 | { |
2289 | IADEV *iadev; | 2289 | IADEV *iadev; |
2290 | unsigned long real_base; | 2290 | unsigned long real_base; |
@@ -2480,7 +2480,7 @@ static void ia_free_rx(IADEV *iadev) | |||
2480 | iadev->rx_dle_dma); | 2480 | iadev->rx_dle_dma); |
2481 | } | 2481 | } |
2482 | 2482 | ||
2483 | static int __init ia_start(struct atm_dev *dev) | 2483 | static int __devinit ia_start(struct atm_dev *dev) |
2484 | { | 2484 | { |
2485 | IADEV *iadev; | 2485 | IADEV *iadev; |
2486 | int error; | 2486 | int error; |
diff --git a/drivers/atm/suni.c b/drivers/atm/suni.c index b1d063cc4fbe..f04f39c00833 100644 --- a/drivers/atm/suni.c +++ b/drivers/atm/suni.c | |||
@@ -289,7 +289,7 @@ static const struct atmphy_ops suni_ops = { | |||
289 | }; | 289 | }; |
290 | 290 | ||
291 | 291 | ||
292 | int suni_init(struct atm_dev *dev) | 292 | int __devinit suni_init(struct atm_dev *dev) |
293 | { | 293 | { |
294 | unsigned char mri; | 294 | unsigned char mri; |
295 | 295 | ||
diff --git a/drivers/net/bnx2.c b/drivers/net/bnx2.c index 7635736cc791..d55b0f7939a6 100644 --- a/drivers/net/bnx2.c +++ b/drivers/net/bnx2.c | |||
@@ -57,8 +57,8 @@ | |||
57 | 57 | ||
58 | #define DRV_MODULE_NAME "bnx2" | 58 | #define DRV_MODULE_NAME "bnx2" |
59 | #define PFX DRV_MODULE_NAME ": " | 59 | #define PFX DRV_MODULE_NAME ": " |
60 | #define DRV_MODULE_VERSION "1.4.42" | 60 | #define DRV_MODULE_VERSION "1.4.43" |
61 | #define DRV_MODULE_RELDATE "June 12, 2006" | 61 | #define DRV_MODULE_RELDATE "June 28, 2006" |
62 | 62 | ||
63 | #define RUN_AT(x) (jiffies + (x)) | 63 | #define RUN_AT(x) (jiffies + (x)) |
64 | 64 | ||
@@ -1676,7 +1676,7 @@ bnx2_tx_int(struct bnx2 *bp) | |||
1676 | 1676 | ||
1677 | tx_free_bd += last + 1; | 1677 | tx_free_bd += last + 1; |
1678 | 1678 | ||
1679 | dev_kfree_skb_irq(skb); | 1679 | dev_kfree_skb(skb); |
1680 | 1680 | ||
1681 | hw_cons = bp->hw_tx_cons = | 1681 | hw_cons = bp->hw_tx_cons = |
1682 | sblk->status_tx_quick_consumer_index0; | 1682 | sblk->status_tx_quick_consumer_index0; |
@@ -1824,7 +1824,7 @@ reuse_rx: | |||
1824 | if ((len > (bp->dev->mtu + ETH_HLEN)) && | 1824 | if ((len > (bp->dev->mtu + ETH_HLEN)) && |
1825 | (ntohs(skb->protocol) != 0x8100)) { | 1825 | (ntohs(skb->protocol) != 0x8100)) { |
1826 | 1826 | ||
1827 | dev_kfree_skb_irq(skb); | 1827 | dev_kfree_skb(skb); |
1828 | goto next_rx; | 1828 | goto next_rx; |
1829 | 1829 | ||
1830 | } | 1830 | } |
@@ -3643,7 +3643,7 @@ bnx2_free_tx_skbs(struct bnx2 *bp) | |||
3643 | skb_shinfo(skb)->frags[j].size, | 3643 | skb_shinfo(skb)->frags[j].size, |
3644 | PCI_DMA_TODEVICE); | 3644 | PCI_DMA_TODEVICE); |
3645 | } | 3645 | } |
3646 | dev_kfree_skb_any(skb); | 3646 | dev_kfree_skb(skb); |
3647 | i += j + 1; | 3647 | i += j + 1; |
3648 | } | 3648 | } |
3649 | 3649 | ||
@@ -3669,7 +3669,7 @@ bnx2_free_rx_skbs(struct bnx2 *bp) | |||
3669 | 3669 | ||
3670 | rx_buf->skb = NULL; | 3670 | rx_buf->skb = NULL; |
3671 | 3671 | ||
3672 | dev_kfree_skb_any(skb); | 3672 | dev_kfree_skb(skb); |
3673 | } | 3673 | } |
3674 | } | 3674 | } |
3675 | 3675 | ||
@@ -3999,7 +3999,7 @@ bnx2_run_loopback(struct bnx2 *bp, int loopback_mode) | |||
3999 | udelay(5); | 3999 | udelay(5); |
4000 | 4000 | ||
4001 | pci_unmap_single(bp->pdev, map, pkt_size, PCI_DMA_TODEVICE); | 4001 | pci_unmap_single(bp->pdev, map, pkt_size, PCI_DMA_TODEVICE); |
4002 | dev_kfree_skb_irq(skb); | 4002 | dev_kfree_skb(skb); |
4003 | 4003 | ||
4004 | if (bp->status_blk->status_tx_quick_consumer_index0 != bp->tx_prod) { | 4004 | if (bp->status_blk->status_tx_quick_consumer_index0 != bp->tx_prod) { |
4005 | goto loopback_test_done; | 4005 | goto loopback_test_done; |
@@ -4541,7 +4541,7 @@ bnx2_close(struct net_device *dev) | |||
4541 | bnx2_netif_stop(bp); | 4541 | bnx2_netif_stop(bp); |
4542 | del_timer_sync(&bp->timer); | 4542 | del_timer_sync(&bp->timer); |
4543 | if (bp->flags & NO_WOL_FLAG) | 4543 | if (bp->flags & NO_WOL_FLAG) |
4544 | reset_code = BNX2_DRV_MSG_CODE_UNLOAD; | 4544 | reset_code = BNX2_DRV_MSG_CODE_UNLOAD_LNK_DN; |
4545 | else if (bp->wol) | 4545 | else if (bp->wol) |
4546 | reset_code = BNX2_DRV_MSG_CODE_SUSPEND_WOL; | 4546 | reset_code = BNX2_DRV_MSG_CODE_SUSPEND_WOL; |
4547 | else | 4547 | else |
@@ -5128,6 +5128,16 @@ bnx2_set_rx_csum(struct net_device *dev, u32 data) | |||
5128 | return 0; | 5128 | return 0; |
5129 | } | 5129 | } |
5130 | 5130 | ||
5131 | static int | ||
5132 | bnx2_set_tso(struct net_device *dev, u32 data) | ||
5133 | { | ||
5134 | if (data) | ||
5135 | dev->features |= NETIF_F_TSO | NETIF_F_TSO_ECN; | ||
5136 | else | ||
5137 | dev->features &= ~(NETIF_F_TSO | NETIF_F_TSO_ECN); | ||
5138 | return 0; | ||
5139 | } | ||
5140 | |||
5131 | #define BNX2_NUM_STATS 46 | 5141 | #define BNX2_NUM_STATS 46 |
5132 | 5142 | ||
5133 | static struct { | 5143 | static struct { |
@@ -5445,7 +5455,7 @@ static struct ethtool_ops bnx2_ethtool_ops = { | |||
5445 | .set_sg = ethtool_op_set_sg, | 5455 | .set_sg = ethtool_op_set_sg, |
5446 | #ifdef BCM_TSO | 5456 | #ifdef BCM_TSO |
5447 | .get_tso = ethtool_op_get_tso, | 5457 | .get_tso = ethtool_op_get_tso, |
5448 | .set_tso = ethtool_op_set_tso, | 5458 | .set_tso = bnx2_set_tso, |
5449 | #endif | 5459 | #endif |
5450 | .self_test_count = bnx2_self_test_count, | 5460 | .self_test_count = bnx2_self_test_count, |
5451 | .self_test = bnx2_self_test, | 5461 | .self_test = bnx2_self_test, |
@@ -5926,7 +5936,7 @@ bnx2_init_one(struct pci_dev *pdev, const struct pci_device_id *ent) | |||
5926 | dev->features |= NETIF_F_HW_VLAN_TX | NETIF_F_HW_VLAN_RX; | 5936 | dev->features |= NETIF_F_HW_VLAN_TX | NETIF_F_HW_VLAN_RX; |
5927 | #endif | 5937 | #endif |
5928 | #ifdef BCM_TSO | 5938 | #ifdef BCM_TSO |
5929 | dev->features |= NETIF_F_TSO; | 5939 | dev->features |= NETIF_F_TSO | NETIF_F_TSO_ECN; |
5930 | #endif | 5940 | #endif |
5931 | 5941 | ||
5932 | netif_carrier_off(bp->dev); | 5942 | netif_carrier_off(bp->dev); |
@@ -5968,7 +5978,7 @@ bnx2_suspend(struct pci_dev *pdev, pm_message_t state) | |||
5968 | netif_device_detach(dev); | 5978 | netif_device_detach(dev); |
5969 | del_timer_sync(&bp->timer); | 5979 | del_timer_sync(&bp->timer); |
5970 | if (bp->flags & NO_WOL_FLAG) | 5980 | if (bp->flags & NO_WOL_FLAG) |
5971 | reset_code = BNX2_DRV_MSG_CODE_UNLOAD; | 5981 | reset_code = BNX2_DRV_MSG_CODE_UNLOAD_LNK_DN; |
5972 | else if (bp->wol) | 5982 | else if (bp->wol) |
5973 | reset_code = BNX2_DRV_MSG_CODE_SUSPEND_WOL; | 5983 | reset_code = BNX2_DRV_MSG_CODE_SUSPEND_WOL; |
5974 | else | 5984 | else |
diff --git a/drivers/net/bnx2.h b/drivers/net/bnx2.h index 5845e334941b..658c5ee95c73 100644 --- a/drivers/net/bnx2.h +++ b/drivers/net/bnx2.h | |||
@@ -4174,6 +4174,7 @@ struct fw_info { | |||
4174 | #define BNX2_DRV_MSG_CODE_PULSE 0x06000000 | 4174 | #define BNX2_DRV_MSG_CODE_PULSE 0x06000000 |
4175 | #define BNX2_DRV_MSG_CODE_DIAG 0x07000000 | 4175 | #define BNX2_DRV_MSG_CODE_DIAG 0x07000000 |
4176 | #define BNX2_DRV_MSG_CODE_SUSPEND_NO_WOL 0x09000000 | 4176 | #define BNX2_DRV_MSG_CODE_SUSPEND_NO_WOL 0x09000000 |
4177 | #define BNX2_DRV_MSG_CODE_UNLOAD_LNK_DN 0x0b000000 | ||
4177 | 4178 | ||
4178 | #define BNX2_DRV_MSG_DATA 0x00ff0000 | 4179 | #define BNX2_DRV_MSG_DATA 0x00ff0000 |
4179 | #define BNX2_DRV_MSG_DATA_WAIT0 0x00010000 | 4180 | #define BNX2_DRV_MSG_DATA_WAIT0 0x00010000 |
diff --git a/drivers/net/irda/Kconfig b/drivers/net/irda/Kconfig index d2ce4896abff..e9e6d99a9add 100644 --- a/drivers/net/irda/Kconfig +++ b/drivers/net/irda/Kconfig | |||
@@ -350,7 +350,7 @@ config TOSHIBA_FIR | |||
350 | 350 | ||
351 | config AU1000_FIR | 351 | config AU1000_FIR |
352 | tristate "Alchemy Au1000 SIR/FIR" | 352 | tristate "Alchemy Au1000 SIR/FIR" |
353 | depends on MIPS_AU1000 && IRDA | 353 | depends on SOC_AU1000 && IRDA |
354 | 354 | ||
355 | config SMC_IRCC_FIR | 355 | config SMC_IRCC_FIR |
356 | tristate "SMSC IrCC (EXPERIMENTAL)" | 356 | tristate "SMSC IrCC (EXPERIMENTAL)" |
diff --git a/drivers/net/irda/mcs7780.c b/drivers/net/irda/mcs7780.c index 754297fc8f22..47f6f64d604c 100644 --- a/drivers/net/irda/mcs7780.c +++ b/drivers/net/irda/mcs7780.c | |||
@@ -101,7 +101,7 @@ static int transceiver_type = MCS_TSC_VISHAY; | |||
101 | module_param(transceiver_type, int, 0444); | 101 | module_param(transceiver_type, int, 0444); |
102 | MODULE_PARM_DESC(transceiver_type, "IR transceiver type, see mcs7780.h."); | 102 | MODULE_PARM_DESC(transceiver_type, "IR transceiver type, see mcs7780.h."); |
103 | 103 | ||
104 | struct usb_driver mcs_driver = { | 104 | static struct usb_driver mcs_driver = { |
105 | .name = "mcs7780", | 105 | .name = "mcs7780", |
106 | .probe = mcs_probe, | 106 | .probe = mcs_probe, |
107 | .disconnect = mcs_disconnect, | 107 | .disconnect = mcs_disconnect, |
diff --git a/include/asm-alpha/socket.h b/include/asm-alpha/socket.h index b5193229132a..d22ab97ea72e 100644 --- a/include/asm-alpha/socket.h +++ b/include/asm-alpha/socket.h | |||
@@ -51,6 +51,7 @@ | |||
51 | #define SCM_TIMESTAMP SO_TIMESTAMP | 51 | #define SCM_TIMESTAMP SO_TIMESTAMP |
52 | 52 | ||
53 | #define SO_PEERSEC 30 | 53 | #define SO_PEERSEC 30 |
54 | #define SO_PASSSEC 34 | ||
54 | 55 | ||
55 | /* Security levels - as per NRL IPv6 - don't actually do anything */ | 56 | /* Security levels - as per NRL IPv6 - don't actually do anything */ |
56 | #define SO_SECURITY_AUTHENTICATION 19 | 57 | #define SO_SECURITY_AUTHENTICATION 19 |
diff --git a/include/asm-arm/socket.h b/include/asm-arm/socket.h index 3c51da6438c9..19f7df702b06 100644 --- a/include/asm-arm/socket.h +++ b/include/asm-arm/socket.h | |||
@@ -48,5 +48,6 @@ | |||
48 | #define SO_ACCEPTCONN 30 | 48 | #define SO_ACCEPTCONN 30 |
49 | 49 | ||
50 | #define SO_PEERSEC 31 | 50 | #define SO_PEERSEC 31 |
51 | #define SO_PASSSEC 34 | ||
51 | 52 | ||
52 | #endif /* _ASM_SOCKET_H */ | 53 | #endif /* _ASM_SOCKET_H */ |
diff --git a/include/asm-arm26/socket.h b/include/asm-arm26/socket.h index 3c51da6438c9..19f7df702b06 100644 --- a/include/asm-arm26/socket.h +++ b/include/asm-arm26/socket.h | |||
@@ -48,5 +48,6 @@ | |||
48 | #define SO_ACCEPTCONN 30 | 48 | #define SO_ACCEPTCONN 30 |
49 | 49 | ||
50 | #define SO_PEERSEC 31 | 50 | #define SO_PEERSEC 31 |
51 | #define SO_PASSSEC 34 | ||
51 | 52 | ||
52 | #endif /* _ASM_SOCKET_H */ | 53 | #endif /* _ASM_SOCKET_H */ |
diff --git a/include/asm-cris/socket.h b/include/asm-cris/socket.h index 8b1da3e58c55..01cfdf1d6d33 100644 --- a/include/asm-cris/socket.h +++ b/include/asm-cris/socket.h | |||
@@ -50,6 +50,7 @@ | |||
50 | #define SO_ACCEPTCONN 30 | 50 | #define SO_ACCEPTCONN 30 |
51 | 51 | ||
52 | #define SO_PEERSEC 31 | 52 | #define SO_PEERSEC 31 |
53 | #define SO_PASSSEC 34 | ||
53 | 54 | ||
54 | #endif /* _ASM_SOCKET_H */ | 55 | #endif /* _ASM_SOCKET_H */ |
55 | 56 | ||
diff --git a/include/asm-frv/socket.h b/include/asm-frv/socket.h index 7177f8b9817c..31db18fc871f 100644 --- a/include/asm-frv/socket.h +++ b/include/asm-frv/socket.h | |||
@@ -48,6 +48,7 @@ | |||
48 | #define SO_ACCEPTCONN 30 | 48 | #define SO_ACCEPTCONN 30 |
49 | 49 | ||
50 | #define SO_PEERSEC 31 | 50 | #define SO_PEERSEC 31 |
51 | #define SO_PASSSEC 34 | ||
51 | 52 | ||
52 | #endif /* _ASM_SOCKET_H */ | 53 | #endif /* _ASM_SOCKET_H */ |
53 | 54 | ||
diff --git a/include/asm-h8300/socket.h b/include/asm-h8300/socket.h index d98cf85bafc1..ebc830fee0d0 100644 --- a/include/asm-h8300/socket.h +++ b/include/asm-h8300/socket.h | |||
@@ -48,5 +48,6 @@ | |||
48 | #define SO_ACCEPTCONN 30 | 48 | #define SO_ACCEPTCONN 30 |
49 | 49 | ||
50 | #define SO_PEERSEC 31 | 50 | #define SO_PEERSEC 31 |
51 | #define SO_PASSSEC 34 | ||
51 | 52 | ||
52 | #endif /* _ASM_SOCKET_H */ | 53 | #endif /* _ASM_SOCKET_H */ |
diff --git a/include/asm-i386/socket.h b/include/asm-i386/socket.h index 802ae76195b7..5755d57c4e95 100644 --- a/include/asm-i386/socket.h +++ b/include/asm-i386/socket.h | |||
@@ -48,5 +48,6 @@ | |||
48 | #define SO_ACCEPTCONN 30 | 48 | #define SO_ACCEPTCONN 30 |
49 | 49 | ||
50 | #define SO_PEERSEC 31 | 50 | #define SO_PEERSEC 31 |
51 | #define SO_PASSSEC 34 | ||
51 | 52 | ||
52 | #endif /* _ASM_SOCKET_H */ | 53 | #endif /* _ASM_SOCKET_H */ |
diff --git a/include/asm-ia64/socket.h b/include/asm-ia64/socket.h index a255006fb7b5..d638ef3d50c3 100644 --- a/include/asm-ia64/socket.h +++ b/include/asm-ia64/socket.h | |||
@@ -57,5 +57,6 @@ | |||
57 | #define SO_ACCEPTCONN 30 | 57 | #define SO_ACCEPTCONN 30 |
58 | 58 | ||
59 | #define SO_PEERSEC 31 | 59 | #define SO_PEERSEC 31 |
60 | #define SO_PASSSEC 34 | ||
60 | 61 | ||
61 | #endif /* _ASM_IA64_SOCKET_H */ | 62 | #endif /* _ASM_IA64_SOCKET_H */ |
diff --git a/include/asm-m32r/socket.h b/include/asm-m32r/socket.h index 8b6680f223c0..acdf748fcdc8 100644 --- a/include/asm-m32r/socket.h +++ b/include/asm-m32r/socket.h | |||
@@ -48,5 +48,6 @@ | |||
48 | #define SO_ACCEPTCONN 30 | 48 | #define SO_ACCEPTCONN 30 |
49 | 49 | ||
50 | #define SO_PEERSEC 31 | 50 | #define SO_PEERSEC 31 |
51 | #define SO_PASSSEC 34 | ||
51 | 52 | ||
52 | #endif /* _ASM_M32R_SOCKET_H */ | 53 | #endif /* _ASM_M32R_SOCKET_H */ |
diff --git a/include/asm-m68k/socket.h b/include/asm-m68k/socket.h index f578ca4b776a..a5966ec005ae 100644 --- a/include/asm-m68k/socket.h +++ b/include/asm-m68k/socket.h | |||
@@ -48,5 +48,6 @@ | |||
48 | #define SO_ACCEPTCONN 30 | 48 | #define SO_ACCEPTCONN 30 |
49 | 49 | ||
50 | #define SO_PEERSEC 31 | 50 | #define SO_PEERSEC 31 |
51 | #define SO_PASSSEC 34 | ||
51 | 52 | ||
52 | #endif /* _ASM_SOCKET_H */ | 53 | #endif /* _ASM_SOCKET_H */ |
diff --git a/include/asm-mips/socket.h b/include/asm-mips/socket.h index 0bb31e5aaca6..36ebe4e186a7 100644 --- a/include/asm-mips/socket.h +++ b/include/asm-mips/socket.h | |||
@@ -69,6 +69,7 @@ To add: #define SO_REUSEPORT 0x0200 /* Allow local address and port reuse. */ | |||
69 | #define SO_PEERSEC 30 | 69 | #define SO_PEERSEC 30 |
70 | #define SO_SNDBUFFORCE 31 | 70 | #define SO_SNDBUFFORCE 31 |
71 | #define SO_RCVBUFFORCE 33 | 71 | #define SO_RCVBUFFORCE 33 |
72 | #define SO_PASSSEC 34 | ||
72 | 73 | ||
73 | #ifdef __KERNEL__ | 74 | #ifdef __KERNEL__ |
74 | 75 | ||
diff --git a/include/asm-parisc/socket.h b/include/asm-parisc/socket.h index 1bf54dc53c10..ce2eae1708b5 100644 --- a/include/asm-parisc/socket.h +++ b/include/asm-parisc/socket.h | |||
@@ -48,5 +48,6 @@ | |||
48 | #define SO_ACCEPTCONN 0x401c | 48 | #define SO_ACCEPTCONN 0x401c |
49 | 49 | ||
50 | #define SO_PEERSEC 0x401d | 50 | #define SO_PEERSEC 0x401d |
51 | #define SO_PASSSEC 0x401e | ||
51 | 52 | ||
52 | #endif /* _ASM_SOCKET_H */ | 53 | #endif /* _ASM_SOCKET_H */ |
diff --git a/include/asm-powerpc/socket.h b/include/asm-powerpc/socket.h index e4b8177d4acc..c8b1da50e72d 100644 --- a/include/asm-powerpc/socket.h +++ b/include/asm-powerpc/socket.h | |||
@@ -55,5 +55,6 @@ | |||
55 | #define SO_ACCEPTCONN 30 | 55 | #define SO_ACCEPTCONN 30 |
56 | 56 | ||
57 | #define SO_PEERSEC 31 | 57 | #define SO_PEERSEC 31 |
58 | #define SO_PASSSEC 34 | ||
58 | 59 | ||
59 | #endif /* _ASM_POWERPC_SOCKET_H */ | 60 | #endif /* _ASM_POWERPC_SOCKET_H */ |
diff --git a/include/asm-s390/socket.h b/include/asm-s390/socket.h index 15a5298c8744..1778a49a74c5 100644 --- a/include/asm-s390/socket.h +++ b/include/asm-s390/socket.h | |||
@@ -56,5 +56,6 @@ | |||
56 | #define SO_ACCEPTCONN 30 | 56 | #define SO_ACCEPTCONN 30 |
57 | 57 | ||
58 | #define SO_PEERSEC 31 | 58 | #define SO_PEERSEC 31 |
59 | #define SO_PASSSEC 34 | ||
59 | 60 | ||
60 | #endif /* _ASM_SOCKET_H */ | 61 | #endif /* _ASM_SOCKET_H */ |
diff --git a/include/asm-sh/socket.h b/include/asm-sh/socket.h index 553904ff9336..ca70362eb563 100644 --- a/include/asm-sh/socket.h +++ b/include/asm-sh/socket.h | |||
@@ -48,5 +48,6 @@ | |||
48 | #define SO_ACCEPTCONN 30 | 48 | #define SO_ACCEPTCONN 30 |
49 | 49 | ||
50 | #define SO_PEERSEC 31 | 50 | #define SO_PEERSEC 31 |
51 | #define SO_PASSSEC 34 | ||
51 | 52 | ||
52 | #endif /* __ASM_SH_SOCKET_H */ | 53 | #endif /* __ASM_SH_SOCKET_H */ |
diff --git a/include/asm-sparc/socket.h b/include/asm-sparc/socket.h index 4e0ce3a35ea9..f6c4e5baf3f7 100644 --- a/include/asm-sparc/socket.h +++ b/include/asm-sparc/socket.h | |||
@@ -48,6 +48,7 @@ | |||
48 | #define SCM_TIMESTAMP SO_TIMESTAMP | 48 | #define SCM_TIMESTAMP SO_TIMESTAMP |
49 | 49 | ||
50 | #define SO_PEERSEC 0x001e | 50 | #define SO_PEERSEC 0x001e |
51 | #define SO_PASSSEC 0x001f | ||
51 | 52 | ||
52 | /* Security levels - as per NRL IPv6 - don't actually do anything */ | 53 | /* Security levels - as per NRL IPv6 - don't actually do anything */ |
53 | #define SO_SECURITY_AUTHENTICATION 0x5001 | 54 | #define SO_SECURITY_AUTHENTICATION 0x5001 |
diff --git a/include/asm-sparc64/socket.h b/include/asm-sparc64/socket.h index 59987dad3359..754d46a50af3 100644 --- a/include/asm-sparc64/socket.h +++ b/include/asm-sparc64/socket.h | |||
@@ -48,6 +48,7 @@ | |||
48 | #define SCM_TIMESTAMP SO_TIMESTAMP | 48 | #define SCM_TIMESTAMP SO_TIMESTAMP |
49 | 49 | ||
50 | #define SO_PEERSEC 0x001e | 50 | #define SO_PEERSEC 0x001e |
51 | #define SO_PASSSEC 0x001f | ||
51 | 52 | ||
52 | /* Security levels - as per NRL IPv6 - don't actually do anything */ | 53 | /* Security levels - as per NRL IPv6 - don't actually do anything */ |
53 | #define SO_SECURITY_AUTHENTICATION 0x5001 | 54 | #define SO_SECURITY_AUTHENTICATION 0x5001 |
diff --git a/include/asm-v850/socket.h b/include/asm-v850/socket.h index 0240d366a0a4..0dfe55ac2ef2 100644 --- a/include/asm-v850/socket.h +++ b/include/asm-v850/socket.h | |||
@@ -48,5 +48,6 @@ | |||
48 | #define SO_ACCEPTCONN 30 | 48 | #define SO_ACCEPTCONN 30 |
49 | 49 | ||
50 | #define SO_PEERSEC 31 | 50 | #define SO_PEERSEC 31 |
51 | #define SO_PASSSEC 34 | ||
51 | 52 | ||
52 | #endif /* __V850_SOCKET_H__ */ | 53 | #endif /* __V850_SOCKET_H__ */ |
diff --git a/include/asm-x86_64/socket.h b/include/asm-x86_64/socket.h index f2cdbeae5d5b..b46702607933 100644 --- a/include/asm-x86_64/socket.h +++ b/include/asm-x86_64/socket.h | |||
@@ -48,5 +48,6 @@ | |||
48 | #define SO_ACCEPTCONN 30 | 48 | #define SO_ACCEPTCONN 30 |
49 | 49 | ||
50 | #define SO_PEERSEC 31 | 50 | #define SO_PEERSEC 31 |
51 | #define SO_PASSSEC 34 | ||
51 | 52 | ||
52 | #endif /* _ASM_SOCKET_H */ | 53 | #endif /* _ASM_SOCKET_H */ |
diff --git a/include/asm-xtensa/socket.h b/include/asm-xtensa/socket.h index 00f83f3a6d72..971d231be60e 100644 --- a/include/asm-xtensa/socket.h +++ b/include/asm-xtensa/socket.h | |||
@@ -59,5 +59,6 @@ | |||
59 | 59 | ||
60 | #define SO_ACCEPTCONN 30 | 60 | #define SO_ACCEPTCONN 30 |
61 | #define SO_PEERSEC 31 | 61 | #define SO_PEERSEC 31 |
62 | #define SO_PASSSEC 34 | ||
62 | 63 | ||
63 | #endif /* _XTENSA_SOCKET_H */ | 64 | #endif /* _XTENSA_SOCKET_H */ |
diff --git a/include/linux/atmdev.h b/include/linux/atmdev.h index 1eb238affb12..41788a31c438 100644 --- a/include/linux/atmdev.h +++ b/include/linux/atmdev.h | |||
@@ -7,6 +7,7 @@ | |||
7 | #define LINUX_ATMDEV_H | 7 | #define LINUX_ATMDEV_H |
8 | 8 | ||
9 | 9 | ||
10 | #include <linux/device.h> | ||
10 | #include <linux/atmapi.h> | 11 | #include <linux/atmapi.h> |
11 | #include <linux/atm.h> | 12 | #include <linux/atm.h> |
12 | #include <linux/atmioc.h> | 13 | #include <linux/atmioc.h> |
@@ -358,6 +359,7 @@ struct atm_dev { | |||
358 | struct proc_dir_entry *proc_entry; /* proc entry */ | 359 | struct proc_dir_entry *proc_entry; /* proc entry */ |
359 | char *proc_name; /* proc entry name */ | 360 | char *proc_name; /* proc entry name */ |
360 | #endif | 361 | #endif |
362 | struct class_device class_dev; /* sysfs class device */ | ||
361 | struct list_head dev_list; /* linkage */ | 363 | struct list_head dev_list; /* linkage */ |
362 | }; | 364 | }; |
363 | 365 | ||
@@ -459,7 +461,7 @@ static inline void atm_dev_put(struct atm_dev *dev) | |||
459 | BUG_ON(!test_bit(ATM_DF_REMOVED, &dev->flags)); | 461 | BUG_ON(!test_bit(ATM_DF_REMOVED, &dev->flags)); |
460 | if (dev->ops->dev_close) | 462 | if (dev->ops->dev_close) |
461 | dev->ops->dev_close(dev); | 463 | dev->ops->dev_close(dev); |
462 | kfree(dev); | 464 | class_device_put(&dev->class_dev); |
463 | } | 465 | } |
464 | } | 466 | } |
465 | 467 | ||
diff --git a/include/linux/net.h b/include/linux/net.h index 385e68f5bd93..b20c53c74413 100644 --- a/include/linux/net.h +++ b/include/linux/net.h | |||
@@ -61,6 +61,7 @@ typedef enum { | |||
61 | #define SOCK_ASYNC_WAITDATA 1 | 61 | #define SOCK_ASYNC_WAITDATA 1 |
62 | #define SOCK_NOSPACE 2 | 62 | #define SOCK_NOSPACE 2 |
63 | #define SOCK_PASSCRED 3 | 63 | #define SOCK_PASSCRED 3 |
64 | #define SOCK_PASSSEC 4 | ||
64 | 65 | ||
65 | #ifndef ARCH_HAS_SOCKET_TYPES | 66 | #ifndef ARCH_HAS_SOCKET_TYPES |
66 | /** | 67 | /** |
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h index 03cd7551a7a1..aa2d3c12c4d8 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h | |||
@@ -315,6 +315,8 @@ struct net_device | |||
315 | #define NETIF_F_GSO_SHIFT 16 | 315 | #define NETIF_F_GSO_SHIFT 16 |
316 | #define NETIF_F_TSO (SKB_GSO_TCPV4 << NETIF_F_GSO_SHIFT) | 316 | #define NETIF_F_TSO (SKB_GSO_TCPV4 << NETIF_F_GSO_SHIFT) |
317 | #define NETIF_F_UFO (SKB_GSO_UDPV4 << NETIF_F_GSO_SHIFT) | 317 | #define NETIF_F_UFO (SKB_GSO_UDPV4 << NETIF_F_GSO_SHIFT) |
318 | #define NETIF_F_GSO_ROBUST (SKB_GSO_DODGY << NETIF_F_GSO_SHIFT) | ||
319 | #define NETIF_F_TSO_ECN (SKB_GSO_TCPV4_ECN << NETIF_F_GSO_SHIFT) | ||
318 | 320 | ||
319 | #define NETIF_F_GEN_CSUM (NETIF_F_NO_CSUM | NETIF_F_HW_CSUM) | 321 | #define NETIF_F_GEN_CSUM (NETIF_F_NO_CSUM | NETIF_F_HW_CSUM) |
320 | #define NETIF_F_ALL_CSUM (NETIF_F_IP_CSUM | NETIF_F_GEN_CSUM) | 322 | #define NETIF_F_ALL_CSUM (NETIF_F_IP_CSUM | NETIF_F_GEN_CSUM) |
@@ -543,7 +545,8 @@ struct packet_type { | |||
543 | struct net_device *, | 545 | struct net_device *, |
544 | struct packet_type *, | 546 | struct packet_type *, |
545 | struct net_device *); | 547 | struct net_device *); |
546 | struct sk_buff *(*gso_segment)(struct sk_buff *skb, int sg); | 548 | struct sk_buff *(*gso_segment)(struct sk_buff *skb, |
549 | int features); | ||
547 | void *af_packet_priv; | 550 | void *af_packet_priv; |
548 | struct list_head list; | 551 | struct list_head list; |
549 | }; | 552 | }; |
@@ -968,7 +971,7 @@ extern int netdev_max_backlog; | |||
968 | extern int weight_p; | 971 | extern int weight_p; |
969 | extern int netdev_set_master(struct net_device *dev, struct net_device *master); | 972 | extern int netdev_set_master(struct net_device *dev, struct net_device *master); |
970 | extern int skb_checksum_help(struct sk_buff *skb, int inward); | 973 | extern int skb_checksum_help(struct sk_buff *skb, int inward); |
971 | extern struct sk_buff *skb_gso_segment(struct sk_buff *skb, int sg); | 974 | extern struct sk_buff *skb_gso_segment(struct sk_buff *skb, int features); |
972 | #ifdef CONFIG_BUG | 975 | #ifdef CONFIG_BUG |
973 | extern void netdev_rx_csum_fault(struct net_device *dev); | 976 | extern void netdev_rx_csum_fault(struct net_device *dev); |
974 | #else | 977 | #else |
@@ -988,11 +991,16 @@ extern void dev_seq_stop(struct seq_file *seq, void *v); | |||
988 | 991 | ||
989 | extern void linkwatch_run_queue(void); | 992 | extern void linkwatch_run_queue(void); |
990 | 993 | ||
994 | static inline int skb_gso_ok(struct sk_buff *skb, int features) | ||
995 | { | ||
996 | int feature = skb_shinfo(skb)->gso_size ? | ||
997 | skb_shinfo(skb)->gso_type << NETIF_F_GSO_SHIFT : 0; | ||
998 | return (features & feature) == feature; | ||
999 | } | ||
1000 | |||
991 | static inline int netif_needs_gso(struct net_device *dev, struct sk_buff *skb) | 1001 | static inline int netif_needs_gso(struct net_device *dev, struct sk_buff *skb) |
992 | { | 1002 | { |
993 | int feature = skb_shinfo(skb)->gso_type << NETIF_F_GSO_SHIFT; | 1003 | return !skb_gso_ok(skb, dev->features); |
994 | return skb_shinfo(skb)->gso_size && | ||
995 | (dev->features & feature) != feature; | ||
996 | } | 1004 | } |
997 | 1005 | ||
998 | #endif /* __KERNEL__ */ | 1006 | #endif /* __KERNEL__ */ |
diff --git a/include/linux/security.h b/include/linux/security.h index 51805806f974..c7ea15716dce 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
@@ -67,7 +67,7 @@ struct xfrm_state; | |||
67 | struct xfrm_user_sec_ctx; | 67 | struct xfrm_user_sec_ctx; |
68 | 68 | ||
69 | extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb); | 69 | extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb); |
70 | extern int cap_netlink_recv(struct sk_buff *skb); | 70 | extern int cap_netlink_recv(struct sk_buff *skb, int cap); |
71 | 71 | ||
72 | /* | 72 | /* |
73 | * Values used in the task_security_ops calls | 73 | * Values used in the task_security_ops calls |
@@ -656,6 +656,7 @@ struct swap_info_struct; | |||
656 | * Check permission before processing the received netlink message in | 656 | * Check permission before processing the received netlink message in |
657 | * @skb. | 657 | * @skb. |
658 | * @skb contains the sk_buff structure for the netlink message. | 658 | * @skb contains the sk_buff structure for the netlink message. |
659 | * @cap indicates the capability required | ||
659 | * Return 0 if permission is granted. | 660 | * Return 0 if permission is granted. |
660 | * | 661 | * |
661 | * Security hooks for Unix domain networking. | 662 | * Security hooks for Unix domain networking. |
@@ -1266,7 +1267,7 @@ struct security_operations { | |||
1266 | struct sembuf * sops, unsigned nsops, int alter); | 1267 | struct sembuf * sops, unsigned nsops, int alter); |
1267 | 1268 | ||
1268 | int (*netlink_send) (struct sock * sk, struct sk_buff * skb); | 1269 | int (*netlink_send) (struct sock * sk, struct sk_buff * skb); |
1269 | int (*netlink_recv) (struct sk_buff * skb); | 1270 | int (*netlink_recv) (struct sk_buff * skb, int cap); |
1270 | 1271 | ||
1271 | /* allow module stacking */ | 1272 | /* allow module stacking */ |
1272 | int (*register_security) (const char *name, | 1273 | int (*register_security) (const char *name, |
@@ -2032,9 +2033,9 @@ static inline int security_netlink_send(struct sock *sk, struct sk_buff * skb) | |||
2032 | return security_ops->netlink_send(sk, skb); | 2033 | return security_ops->netlink_send(sk, skb); |
2033 | } | 2034 | } |
2034 | 2035 | ||
2035 | static inline int security_netlink_recv(struct sk_buff * skb) | 2036 | static inline int security_netlink_recv(struct sk_buff * skb, int cap) |
2036 | { | 2037 | { |
2037 | return security_ops->netlink_recv(skb); | 2038 | return security_ops->netlink_recv(skb, cap); |
2038 | } | 2039 | } |
2039 | 2040 | ||
2040 | /* prototypes */ | 2041 | /* prototypes */ |
@@ -2670,9 +2671,9 @@ static inline int security_netlink_send (struct sock *sk, struct sk_buff *skb) | |||
2670 | return cap_netlink_send (sk, skb); | 2671 | return cap_netlink_send (sk, skb); |
2671 | } | 2672 | } |
2672 | 2673 | ||
2673 | static inline int security_netlink_recv (struct sk_buff *skb) | 2674 | static inline int security_netlink_recv (struct sk_buff *skb, int cap) |
2674 | { | 2675 | { |
2675 | return cap_netlink_recv (skb); | 2676 | return cap_netlink_recv (skb, cap); |
2676 | } | 2677 | } |
2677 | 2678 | ||
2678 | static inline struct dentry *securityfs_create_dir(const char *name, | 2679 | static inline struct dentry *securityfs_create_dir(const char *name, |
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h index 16eef03ce0eb..59918be91d0a 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h | |||
@@ -172,6 +172,12 @@ enum { | |||
172 | enum { | 172 | enum { |
173 | SKB_GSO_TCPV4 = 1 << 0, | 173 | SKB_GSO_TCPV4 = 1 << 0, |
174 | SKB_GSO_UDPV4 = 1 << 1, | 174 | SKB_GSO_UDPV4 = 1 << 1, |
175 | |||
176 | /* This indicates the skb is from an untrusted source. */ | ||
177 | SKB_GSO_DODGY = 1 << 2, | ||
178 | |||
179 | /* This indicates the tcp segment has CWR set. */ | ||
180 | SKB_GSO_TCPV4_ECN = 1 << 3, | ||
175 | }; | 181 | }; |
176 | 182 | ||
177 | /** | 183 | /** |
@@ -1298,8 +1304,7 @@ extern void skb_copy_and_csum_dev(const struct sk_buff *skb, u8 *to); | |||
1298 | extern void skb_split(struct sk_buff *skb, | 1304 | extern void skb_split(struct sk_buff *skb, |
1299 | struct sk_buff *skb1, const u32 len); | 1305 | struct sk_buff *skb1, const u32 len); |
1300 | 1306 | ||
1301 | extern void skb_release_data(struct sk_buff *skb); | 1307 | extern struct sk_buff *skb_segment(struct sk_buff *skb, int features); |
1302 | extern struct sk_buff *skb_segment(struct sk_buff *skb, int sg); | ||
1303 | 1308 | ||
1304 | static inline void *skb_header_pointer(const struct sk_buff *skb, int offset, | 1309 | static inline void *skb_header_pointer(const struct sk_buff *skb, int offset, |
1305 | int len, void *buffer) | 1310 | int len, void *buffer) |
diff --git a/include/net/af_unix.h b/include/net/af_unix.h index 795f81f9ec7f..5ba72d95280c 100644 --- a/include/net/af_unix.h +++ b/include/net/af_unix.h | |||
@@ -53,10 +53,16 @@ struct unix_address { | |||
53 | struct unix_skb_parms { | 53 | struct unix_skb_parms { |
54 | struct ucred creds; /* Skb credentials */ | 54 | struct ucred creds; /* Skb credentials */ |
55 | struct scm_fp_list *fp; /* Passed files */ | 55 | struct scm_fp_list *fp; /* Passed files */ |
56 | #ifdef CONFIG_SECURITY_NETWORK | ||
57 | char *secdata; /* Security context */ | ||
58 | u32 seclen; /* Security length */ | ||
59 | #endif | ||
56 | }; | 60 | }; |
57 | 61 | ||
58 | #define UNIXCB(skb) (*(struct unix_skb_parms*)&((skb)->cb)) | 62 | #define UNIXCB(skb) (*(struct unix_skb_parms*)&((skb)->cb)) |
59 | #define UNIXCREDS(skb) (&UNIXCB((skb)).creds) | 63 | #define UNIXCREDS(skb) (&UNIXCB((skb)).creds) |
64 | #define UNIXSECDATA(skb) (&UNIXCB((skb)).secdata) | ||
65 | #define UNIXSECLEN(skb) (&UNIXCB((skb)).seclen) | ||
60 | 66 | ||
61 | #define unix_state_rlock(s) spin_lock(&unix_sk(s)->lock) | 67 | #define unix_state_rlock(s) spin_lock(&unix_sk(s)->lock) |
62 | #define unix_state_runlock(s) spin_unlock(&unix_sk(s)->lock) | 68 | #define unix_state_runlock(s) spin_unlock(&unix_sk(s)->lock) |
diff --git a/include/net/pkt_sched.h b/include/net/pkt_sched.h index 75b5b9333fc7..1925c65e617b 100644 --- a/include/net/pkt_sched.h +++ b/include/net/pkt_sched.h | |||
@@ -169,17 +169,23 @@ psched_tod_diff(int delta_sec, int bound) | |||
169 | 169 | ||
170 | #define PSCHED_TADD2(tv, delta, tv_res) \ | 170 | #define PSCHED_TADD2(tv, delta, tv_res) \ |
171 | ({ \ | 171 | ({ \ |
172 | int __delta = (tv).tv_usec + (delta); \ | 172 | int __delta = (delta); \ |
173 | (tv_res).tv_sec = (tv).tv_sec; \ | 173 | (tv_res) = (tv); \ |
174 | if (__delta > USEC_PER_SEC) { (tv_res).tv_sec++; __delta -= USEC_PER_SEC; } \ | 174 | while(__delta >= USEC_PER_SEC){ \ |
175 | (tv_res).tv_sec++; \ | ||
176 | __delta -= USEC_PER_SEC; \ | ||
177 | } \ | ||
175 | (tv_res).tv_usec = __delta; \ | 178 | (tv_res).tv_usec = __delta; \ |
176 | }) | 179 | }) |
177 | 180 | ||
178 | #define PSCHED_TADD(tv, delta) \ | 181 | #define PSCHED_TADD(tv, delta) \ |
179 | ({ \ | 182 | ({ \ |
180 | (tv).tv_usec += (delta); \ | 183 | int __delta = (delta); \ |
181 | if ((tv).tv_usec > USEC_PER_SEC) { (tv).tv_sec++; \ | 184 | while(__delta >= USEC_PER_SEC){ \ |
182 | (tv).tv_usec -= USEC_PER_SEC; } \ | 185 | (tv).tv_sec++; \ |
186 | __delta -= USEC_PER_SEC; \ | ||
187 | } \ | ||
188 | (tv).tv_usec = __delta; \ | ||
183 | }) | 189 | }) |
184 | 190 | ||
185 | /* Set/check that time is in the "past perfect"; | 191 | /* Set/check that time is in the "past perfect"; |
diff --git a/include/net/protocol.h b/include/net/protocol.h index 3b6dc15c68a5..40b6b9c9973f 100644 --- a/include/net/protocol.h +++ b/include/net/protocol.h | |||
@@ -36,7 +36,8 @@ | |||
36 | struct net_protocol { | 36 | struct net_protocol { |
37 | int (*handler)(struct sk_buff *skb); | 37 | int (*handler)(struct sk_buff *skb); |
38 | void (*err_handler)(struct sk_buff *skb, u32 info); | 38 | void (*err_handler)(struct sk_buff *skb, u32 info); |
39 | struct sk_buff *(*gso_segment)(struct sk_buff *skb, int sg); | 39 | struct sk_buff *(*gso_segment)(struct sk_buff *skb, |
40 | int features); | ||
40 | int no_policy; | 41 | int no_policy; |
41 | }; | 42 | }; |
42 | 43 | ||
diff --git a/include/net/scm.h b/include/net/scm.h index 540619cb7160..02daa097cdcd 100644 --- a/include/net/scm.h +++ b/include/net/scm.h | |||
@@ -19,6 +19,10 @@ struct scm_cookie | |||
19 | { | 19 | { |
20 | struct ucred creds; /* Skb credentials */ | 20 | struct ucred creds; /* Skb credentials */ |
21 | struct scm_fp_list *fp; /* Passed files */ | 21 | struct scm_fp_list *fp; /* Passed files */ |
22 | #ifdef CONFIG_SECURITY_NETWORK | ||
23 | char *secdata; /* Security context */ | ||
24 | u32 seclen; /* Security length */ | ||
25 | #endif | ||
22 | unsigned long seq; /* Connection seqno */ | 26 | unsigned long seq; /* Connection seqno */ |
23 | }; | 27 | }; |
24 | 28 | ||
@@ -48,6 +52,17 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg, | |||
48 | return __scm_send(sock, msg, scm); | 52 | return __scm_send(sock, msg, scm); |
49 | } | 53 | } |
50 | 54 | ||
55 | #ifdef CONFIG_SECURITY_NETWORK | ||
56 | static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) | ||
57 | { | ||
58 | if (test_bit(SOCK_PASSSEC, &sock->flags) && scm->secdata != NULL) | ||
59 | put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, scm->seclen, scm->secdata); | ||
60 | } | ||
61 | #else | ||
62 | static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) | ||
63 | { } | ||
64 | #endif /* CONFIG_SECURITY_NETWORK */ | ||
65 | |||
51 | static __inline__ void scm_recv(struct socket *sock, struct msghdr *msg, | 66 | static __inline__ void scm_recv(struct socket *sock, struct msghdr *msg, |
52 | struct scm_cookie *scm, int flags) | 67 | struct scm_cookie *scm, int flags) |
53 | { | 68 | { |
@@ -62,6 +77,8 @@ static __inline__ void scm_recv(struct socket *sock, struct msghdr *msg, | |||
62 | if (test_bit(SOCK_PASSCRED, &sock->flags)) | 77 | if (test_bit(SOCK_PASSCRED, &sock->flags)) |
63 | put_cmsg(msg, SOL_SOCKET, SCM_CREDENTIALS, sizeof(scm->creds), &scm->creds); | 78 | put_cmsg(msg, SOL_SOCKET, SCM_CREDENTIALS, sizeof(scm->creds), &scm->creds); |
64 | 79 | ||
80 | scm_passec(sock, msg, scm); | ||
81 | |||
65 | if (!scm->fp) | 82 | if (!scm->fp) |
66 | return; | 83 | return; |
67 | 84 | ||
diff --git a/include/net/sock.h b/include/net/sock.h index 2d8d6adf1616..7136bae48c2f 100644 --- a/include/net/sock.h +++ b/include/net/sock.h | |||
@@ -383,7 +383,6 @@ enum sock_flags { | |||
383 | SOCK_USE_WRITE_QUEUE, /* whether to call sk->sk_write_space in sock_wfree */ | 383 | SOCK_USE_WRITE_QUEUE, /* whether to call sk->sk_write_space in sock_wfree */ |
384 | SOCK_DBG, /* %SO_DEBUG setting */ | 384 | SOCK_DBG, /* %SO_DEBUG setting */ |
385 | SOCK_RCVTSTAMP, /* %SO_TIMESTAMP setting */ | 385 | SOCK_RCVTSTAMP, /* %SO_TIMESTAMP setting */ |
386 | SOCK_NO_LARGESEND, /* whether to sent large segments or not */ | ||
387 | SOCK_LOCALROUTE, /* route locally only, %SO_DONTROUTE setting */ | 386 | SOCK_LOCALROUTE, /* route locally only, %SO_DONTROUTE setting */ |
388 | SOCK_QUEUE_SHRUNK, /* write queue has been shrunk recently */ | 387 | SOCK_QUEUE_SHRUNK, /* write queue has been shrunk recently */ |
389 | }; | 388 | }; |
@@ -1033,7 +1032,7 @@ static inline void sk_setup_caps(struct sock *sk, struct dst_entry *dst) | |||
1033 | if (sk->sk_route_caps & NETIF_F_GSO) | 1032 | if (sk->sk_route_caps & NETIF_F_GSO) |
1034 | sk->sk_route_caps |= NETIF_F_TSO; | 1033 | sk->sk_route_caps |= NETIF_F_TSO; |
1035 | if (sk->sk_route_caps & NETIF_F_TSO) { | 1034 | if (sk->sk_route_caps & NETIF_F_TSO) { |
1036 | if (sock_flag(sk, SOCK_NO_LARGESEND) || dst->header_len) | 1035 | if (dst->header_len) |
1037 | sk->sk_route_caps &= ~NETIF_F_TSO; | 1036 | sk->sk_route_caps &= ~NETIF_F_TSO; |
1038 | else | 1037 | else |
1039 | sk->sk_route_caps |= NETIF_F_SG | NETIF_F_HW_CSUM; | 1038 | sk->sk_route_caps |= NETIF_F_SG | NETIF_F_HW_CSUM; |
diff --git a/include/net/tcp.h b/include/net/tcp.h index ca3d38dfc00b..624921e76332 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h | |||
@@ -1086,7 +1086,7 @@ extern struct request_sock_ops tcp_request_sock_ops; | |||
1086 | 1086 | ||
1087 | extern int tcp_v4_destroy_sock(struct sock *sk); | 1087 | extern int tcp_v4_destroy_sock(struct sock *sk); |
1088 | 1088 | ||
1089 | extern struct sk_buff *tcp_tso_segment(struct sk_buff *skb, int sg); | 1089 | extern struct sk_buff *tcp_tso_segment(struct sk_buff *skb, int features); |
1090 | 1090 | ||
1091 | #ifdef CONFIG_PROC_FS | 1091 | #ifdef CONFIG_PROC_FS |
1092 | extern int tcp4_proc_init(void); | 1092 | extern int tcp4_proc_init(void); |
diff --git a/include/net/tcp_ecn.h b/include/net/tcp_ecn.h index c6b84397448d..7bb366f70934 100644 --- a/include/net/tcp_ecn.h +++ b/include/net/tcp_ecn.h | |||
@@ -31,10 +31,9 @@ static inline void TCP_ECN_send_syn(struct sock *sk, struct tcp_sock *tp, | |||
31 | struct sk_buff *skb) | 31 | struct sk_buff *skb) |
32 | { | 32 | { |
33 | tp->ecn_flags = 0; | 33 | tp->ecn_flags = 0; |
34 | if (sysctl_tcp_ecn && !(sk->sk_route_caps & NETIF_F_TSO)) { | 34 | if (sysctl_tcp_ecn) { |
35 | TCP_SKB_CB(skb)->flags |= TCPCB_FLAG_ECE|TCPCB_FLAG_CWR; | 35 | TCP_SKB_CB(skb)->flags |= TCPCB_FLAG_ECE|TCPCB_FLAG_CWR; |
36 | tp->ecn_flags = TCP_ECN_OK; | 36 | tp->ecn_flags = TCP_ECN_OK; |
37 | sock_set_flag(sk, SOCK_NO_LARGESEND); | ||
38 | } | 37 | } |
39 | } | 38 | } |
40 | 39 | ||
@@ -56,6 +55,9 @@ static inline void TCP_ECN_send(struct sock *sk, struct tcp_sock *tp, | |||
56 | if (tp->ecn_flags&TCP_ECN_QUEUE_CWR) { | 55 | if (tp->ecn_flags&TCP_ECN_QUEUE_CWR) { |
57 | tp->ecn_flags &= ~TCP_ECN_QUEUE_CWR; | 56 | tp->ecn_flags &= ~TCP_ECN_QUEUE_CWR; |
58 | skb->h.th->cwr = 1; | 57 | skb->h.th->cwr = 1; |
58 | if (skb_shinfo(skb)->gso_type & SKB_GSO_TCPV4) | ||
59 | skb_shinfo(skb)->gso_type |= | ||
60 | SKB_GSO_TCPV4_ECN; | ||
59 | } | 61 | } |
60 | } else { | 62 | } else { |
61 | /* ACK or retransmitted segment: clear ECT|CE */ | 63 | /* ACK or retransmitted segment: clear ECT|CE */ |
diff --git a/kernel/audit.c b/kernel/audit.c index 82443fb433ef..d417ca1db79b 100644 --- a/kernel/audit.c +++ b/kernel/audit.c | |||
@@ -445,7 +445,7 @@ void audit_send_reply(int pid, int seq, int type, int done, int multi, | |||
445 | * Check for appropriate CAP_AUDIT_ capabilities on incoming audit | 445 | * Check for appropriate CAP_AUDIT_ capabilities on incoming audit |
446 | * control messages. | 446 | * control messages. |
447 | */ | 447 | */ |
448 | static int audit_netlink_ok(kernel_cap_t eff_cap, u16 msg_type) | 448 | static int audit_netlink_ok(struct sk_buff *skb, u16 msg_type) |
449 | { | 449 | { |
450 | int err = 0; | 450 | int err = 0; |
451 | 451 | ||
@@ -459,13 +459,13 @@ static int audit_netlink_ok(kernel_cap_t eff_cap, u16 msg_type) | |||
459 | case AUDIT_DEL: | 459 | case AUDIT_DEL: |
460 | case AUDIT_DEL_RULE: | 460 | case AUDIT_DEL_RULE: |
461 | case AUDIT_SIGNAL_INFO: | 461 | case AUDIT_SIGNAL_INFO: |
462 | if (!cap_raised(eff_cap, CAP_AUDIT_CONTROL)) | 462 | if (security_netlink_recv(skb, CAP_AUDIT_CONTROL)) |
463 | err = -EPERM; | 463 | err = -EPERM; |
464 | break; | 464 | break; |
465 | case AUDIT_USER: | 465 | case AUDIT_USER: |
466 | case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG: | 466 | case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG: |
467 | case AUDIT_FIRST_USER_MSG2...AUDIT_LAST_USER_MSG2: | 467 | case AUDIT_FIRST_USER_MSG2...AUDIT_LAST_USER_MSG2: |
468 | if (!cap_raised(eff_cap, CAP_AUDIT_WRITE)) | 468 | if (security_netlink_recv(skb, CAP_AUDIT_WRITE)) |
469 | err = -EPERM; | 469 | err = -EPERM; |
470 | break; | 470 | break; |
471 | default: /* bad msg */ | 471 | default: /* bad msg */ |
@@ -488,7 +488,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
488 | char *ctx; | 488 | char *ctx; |
489 | u32 len; | 489 | u32 len; |
490 | 490 | ||
491 | err = audit_netlink_ok(NETLINK_CB(skb).eff_cap, msg_type); | 491 | err = audit_netlink_ok(skb, msg_type); |
492 | if (err) | 492 | if (err) |
493 | return err; | 493 | return err; |
494 | 494 | ||
diff --git a/net/atm/Makefile b/net/atm/Makefile index d5818751f6ba..89656d6c0b90 100644 --- a/net/atm/Makefile +++ b/net/atm/Makefile | |||
@@ -2,7 +2,7 @@ | |||
2 | # Makefile for the ATM Protocol Families. | 2 | # Makefile for the ATM Protocol Families. |
3 | # | 3 | # |
4 | 4 | ||
5 | atm-y := addr.o pvc.o signaling.o svc.o ioctl.o common.o atm_misc.o raw.o resources.o | 5 | atm-y := addr.o pvc.o signaling.o svc.o ioctl.o common.o atm_misc.o raw.o resources.o atm_sysfs.o |
6 | mpoa-objs := mpc.o mpoa_caches.o mpoa_proc.o | 6 | mpoa-objs := mpc.o mpoa_caches.o mpoa_proc.o |
7 | 7 | ||
8 | obj-$(CONFIG_ATM) += atm.o | 8 | obj-$(CONFIG_ATM) += atm.o |
diff --git a/net/atm/atm_sysfs.c b/net/atm/atm_sysfs.c new file mode 100644 index 000000000000..5df4b9a068bb --- /dev/null +++ b/net/atm/atm_sysfs.c | |||
@@ -0,0 +1,176 @@ | |||
1 | /* ATM driver model support. */ | ||
2 | |||
3 | #include <linux/config.h> | ||
4 | #include <linux/kernel.h> | ||
5 | #include <linux/init.h> | ||
6 | #include <linux/kobject.h> | ||
7 | #include <linux/atmdev.h> | ||
8 | #include "common.h" | ||
9 | #include "resources.h" | ||
10 | |||
11 | #define to_atm_dev(cldev) container_of(cldev, struct atm_dev, class_dev) | ||
12 | |||
13 | static ssize_t show_type(struct class_device *cdev, char *buf) | ||
14 | { | ||
15 | struct atm_dev *adev = to_atm_dev(cdev); | ||
16 | return sprintf(buf, "%s\n", adev->type); | ||
17 | } | ||
18 | |||
19 | static ssize_t show_address(struct class_device *cdev, char *buf) | ||
20 | { | ||
21 | char *pos = buf; | ||
22 | struct atm_dev *adev = to_atm_dev(cdev); | ||
23 | int i; | ||
24 | |||
25 | for (i = 0; i < (ESI_LEN - 1); i++) | ||
26 | pos += sprintf(pos, "%02x:", adev->esi[i]); | ||
27 | pos += sprintf(pos, "%02x\n", adev->esi[i]); | ||
28 | |||
29 | return pos - buf; | ||
30 | } | ||
31 | |||
32 | static ssize_t show_atmaddress(struct class_device *cdev, char *buf) | ||
33 | { | ||
34 | unsigned long flags; | ||
35 | char *pos = buf; | ||
36 | struct atm_dev *adev = to_atm_dev(cdev); | ||
37 | struct atm_dev_addr *aaddr; | ||
38 | int bin[] = { 1, 2, 10, 6, 1 }, *fmt = bin; | ||
39 | int i, j; | ||
40 | |||
41 | spin_lock_irqsave(&adev->lock, flags); | ||
42 | list_for_each_entry(aaddr, &adev->local, entry) { | ||
43 | for(i = 0, j = 0; i < ATM_ESA_LEN; ++i, ++j) { | ||
44 | if (j == *fmt) { | ||
45 | pos += sprintf(pos, "."); | ||
46 | ++fmt; | ||
47 | j = 0; | ||
48 | } | ||
49 | pos += sprintf(pos, "%02x", aaddr->addr.sas_addr.prv[i]); | ||
50 | } | ||
51 | pos += sprintf(pos, "\n"); | ||
52 | } | ||
53 | spin_unlock_irqrestore(&adev->lock, flags); | ||
54 | |||
55 | return pos - buf; | ||
56 | } | ||
57 | |||
58 | static ssize_t show_carrier(struct class_device *cdev, char *buf) | ||
59 | { | ||
60 | char *pos = buf; | ||
61 | struct atm_dev *adev = to_atm_dev(cdev); | ||
62 | |||
63 | pos += sprintf(pos, "%d\n", | ||
64 | adev->signal == ATM_PHY_SIG_LOST ? 0 : 1); | ||
65 | |||
66 | return pos - buf; | ||
67 | } | ||
68 | |||
69 | static ssize_t show_link_rate(struct class_device *cdev, char *buf) | ||
70 | { | ||
71 | char *pos = buf; | ||
72 | struct atm_dev *adev = to_atm_dev(cdev); | ||
73 | int link_rate; | ||
74 | |||
75 | /* show the link rate, not the data rate */ | ||
76 | switch (adev->link_rate) { | ||
77 | case ATM_OC3_PCR: | ||
78 | link_rate = 155520000; | ||
79 | break; | ||
80 | case ATM_OC12_PCR: | ||
81 | link_rate = 622080000; | ||
82 | break; | ||
83 | case ATM_25_PCR: | ||
84 | link_rate = 25600000; | ||
85 | break; | ||
86 | default: | ||
87 | link_rate = adev->link_rate * 8 * 53; | ||
88 | } | ||
89 | pos += sprintf(pos, "%d\n", link_rate); | ||
90 | |||
91 | return pos - buf; | ||
92 | } | ||
93 | |||
94 | static CLASS_DEVICE_ATTR(address, S_IRUGO, show_address, NULL); | ||
95 | static CLASS_DEVICE_ATTR(atmaddress, S_IRUGO, show_atmaddress, NULL); | ||
96 | static CLASS_DEVICE_ATTR(carrier, S_IRUGO, show_carrier, NULL); | ||
97 | static CLASS_DEVICE_ATTR(type, S_IRUGO, show_type, NULL); | ||
98 | static CLASS_DEVICE_ATTR(link_rate, S_IRUGO, show_link_rate, NULL); | ||
99 | |||
100 | static struct class_device_attribute *atm_attrs[] = { | ||
101 | &class_device_attr_atmaddress, | ||
102 | &class_device_attr_address, | ||
103 | &class_device_attr_carrier, | ||
104 | &class_device_attr_type, | ||
105 | &class_device_attr_link_rate, | ||
106 | NULL | ||
107 | }; | ||
108 | |||
109 | static int atm_uevent(struct class_device *cdev, char **envp, int num_envp, char *buf, int size) | ||
110 | { | ||
111 | struct atm_dev *adev; | ||
112 | int i = 0, len = 0; | ||
113 | |||
114 | if (!cdev) | ||
115 | return -ENODEV; | ||
116 | |||
117 | adev = to_atm_dev(cdev); | ||
118 | if (!adev) | ||
119 | return -ENODEV; | ||
120 | |||
121 | if (add_uevent_var(envp, num_envp, &i, buf, size, &len, | ||
122 | "NAME=%s%d", adev->type, adev->number)) | ||
123 | return -ENOMEM; | ||
124 | |||
125 | envp[i] = NULL; | ||
126 | return 0; | ||
127 | } | ||
128 | |||
129 | static void atm_release(struct class_device *cdev) | ||
130 | { | ||
131 | struct atm_dev *adev = to_atm_dev(cdev); | ||
132 | |||
133 | kfree(adev); | ||
134 | } | ||
135 | |||
136 | static struct class atm_class = { | ||
137 | .name = "atm", | ||
138 | .release = atm_release, | ||
139 | .uevent = atm_uevent, | ||
140 | }; | ||
141 | |||
142 | int atm_register_sysfs(struct atm_dev *adev) | ||
143 | { | ||
144 | struct class_device *cdev = &adev->class_dev; | ||
145 | int i, err; | ||
146 | |||
147 | cdev->class = &atm_class; | ||
148 | class_set_devdata(cdev, adev); | ||
149 | |||
150 | snprintf(cdev->class_id, BUS_ID_SIZE, "%s%d", adev->type, adev->number); | ||
151 | err = class_device_register(cdev); | ||
152 | if (err < 0) | ||
153 | return err; | ||
154 | |||
155 | for (i = 0; atm_attrs[i]; i++) | ||
156 | class_device_create_file(cdev, atm_attrs[i]); | ||
157 | |||
158 | return 0; | ||
159 | } | ||
160 | |||
161 | void atm_unregister_sysfs(struct atm_dev *adev) | ||
162 | { | ||
163 | struct class_device *cdev = &adev->class_dev; | ||
164 | |||
165 | class_device_del(cdev); | ||
166 | } | ||
167 | |||
168 | int __init atm_sysfs_init(void) | ||
169 | { | ||
170 | return class_register(&atm_class); | ||
171 | } | ||
172 | |||
173 | void __exit atm_sysfs_exit(void) | ||
174 | { | ||
175 | class_unregister(&atm_class); | ||
176 | } | ||
diff --git a/net/atm/common.c b/net/atm/common.c index ae002220fa99..35ab1a61e831 100644 --- a/net/atm/common.c +++ b/net/atm/common.c | |||
@@ -791,8 +791,14 @@ static int __init atm_init(void) | |||
791 | printk(KERN_ERR "atm_proc_init() failed with %d\n",error); | 791 | printk(KERN_ERR "atm_proc_init() failed with %d\n",error); |
792 | goto out_atmsvc_exit; | 792 | goto out_atmsvc_exit; |
793 | } | 793 | } |
794 | if ((error = atm_sysfs_init()) < 0) { | ||
795 | printk(KERN_ERR "atm_sysfs_init() failed with %d\n",error); | ||
796 | goto out_atmproc_exit; | ||
797 | } | ||
794 | out: | 798 | out: |
795 | return error; | 799 | return error; |
800 | out_atmproc_exit: | ||
801 | atm_proc_exit(); | ||
796 | out_atmsvc_exit: | 802 | out_atmsvc_exit: |
797 | atmsvc_exit(); | 803 | atmsvc_exit(); |
798 | out_atmpvc_exit: | 804 | out_atmpvc_exit: |
@@ -805,6 +811,7 @@ out_unregister_vcc_proto: | |||
805 | static void __exit atm_exit(void) | 811 | static void __exit atm_exit(void) |
806 | { | 812 | { |
807 | atm_proc_exit(); | 813 | atm_proc_exit(); |
814 | atm_sysfs_exit(); | ||
808 | atmsvc_exit(); | 815 | atmsvc_exit(); |
809 | atmpvc_exit(); | 816 | atmpvc_exit(); |
810 | proto_unregister(&vcc_proto); | 817 | proto_unregister(&vcc_proto); |
diff --git a/net/atm/common.h b/net/atm/common.h index 4887c317cefe..a422da7788fb 100644 --- a/net/atm/common.h +++ b/net/atm/common.h | |||
@@ -28,6 +28,8 @@ int atmpvc_init(void); | |||
28 | void atmpvc_exit(void); | 28 | void atmpvc_exit(void); |
29 | int atmsvc_init(void); | 29 | int atmsvc_init(void); |
30 | void atmsvc_exit(void); | 30 | void atmsvc_exit(void); |
31 | int atm_sysfs_init(void); | ||
32 | void atm_sysfs_exit(void); | ||
31 | 33 | ||
32 | #ifdef CONFIG_PROC_FS | 34 | #ifdef CONFIG_PROC_FS |
33 | int atm_proc_init(void); | 35 | int atm_proc_init(void); |
diff --git a/net/atm/resources.c b/net/atm/resources.c index 18ac80698f83..534baf704056 100644 --- a/net/atm/resources.c +++ b/net/atm/resources.c | |||
@@ -114,14 +114,27 @@ struct atm_dev *atm_dev_register(const char *type, const struct atmdev_ops *ops, | |||
114 | printk(KERN_ERR "atm_dev_register: " | 114 | printk(KERN_ERR "atm_dev_register: " |
115 | "atm_proc_dev_register failed for dev %s\n", | 115 | "atm_proc_dev_register failed for dev %s\n", |
116 | type); | 116 | type); |
117 | mutex_unlock(&atm_dev_mutex); | 117 | goto out_fail; |
118 | kfree(dev); | 118 | } |
119 | return NULL; | 119 | |
120 | if (atm_register_sysfs(dev) < 0) { | ||
121 | printk(KERN_ERR "atm_dev_register: " | ||
122 | "atm_register_sysfs failed for dev %s\n", | ||
123 | type); | ||
124 | atm_proc_dev_deregister(dev); | ||
125 | goto out_fail; | ||
120 | } | 126 | } |
127 | |||
121 | list_add_tail(&dev->dev_list, &atm_devs); | 128 | list_add_tail(&dev->dev_list, &atm_devs); |
122 | mutex_unlock(&atm_dev_mutex); | ||
123 | 129 | ||
130 | out: | ||
131 | mutex_unlock(&atm_dev_mutex); | ||
124 | return dev; | 132 | return dev; |
133 | |||
134 | out_fail: | ||
135 | kfree(dev); | ||
136 | dev = NULL; | ||
137 | goto out; | ||
125 | } | 138 | } |
126 | 139 | ||
127 | 140 | ||
@@ -140,6 +153,7 @@ void atm_dev_deregister(struct atm_dev *dev) | |||
140 | mutex_unlock(&atm_dev_mutex); | 153 | mutex_unlock(&atm_dev_mutex); |
141 | 154 | ||
142 | atm_dev_release_vccs(dev); | 155 | atm_dev_release_vccs(dev); |
156 | atm_unregister_sysfs(dev); | ||
143 | atm_proc_dev_deregister(dev); | 157 | atm_proc_dev_deregister(dev); |
144 | 158 | ||
145 | atm_dev_put(dev); | 159 | atm_dev_put(dev); |
diff --git a/net/atm/resources.h b/net/atm/resources.h index ac7222fee7a8..644989980c37 100644 --- a/net/atm/resources.h +++ b/net/atm/resources.h | |||
@@ -43,4 +43,6 @@ static inline void atm_proc_dev_deregister(struct atm_dev *dev) | |||
43 | 43 | ||
44 | #endif /* CONFIG_PROC_FS */ | 44 | #endif /* CONFIG_PROC_FS */ |
45 | 45 | ||
46 | int atm_register_sysfs(struct atm_dev *adev); | ||
47 | void atm_unregister_sysfs(struct atm_dev *adev); | ||
46 | #endif | 48 | #endif |
diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c index 2afdc7c0736c..f8dbcee80eba 100644 --- a/net/bridge/br_device.c +++ b/net/bridge/br_device.c | |||
@@ -184,6 +184,6 @@ void br_dev_setup(struct net_device *dev) | |||
184 | dev->set_mac_address = br_set_mac_address; | 184 | dev->set_mac_address = br_set_mac_address; |
185 | dev->priv_flags = IFF_EBRIDGE; | 185 | dev->priv_flags = IFF_EBRIDGE; |
186 | 186 | ||
187 | dev->features = NETIF_F_SG | NETIF_F_FRAGLIST | 187 | dev->features = NETIF_F_SG | NETIF_F_FRAGLIST | NETIF_F_HIGHDMA | |
188 | | NETIF_F_HIGHDMA | NETIF_F_TSO | NETIF_F_NO_CSUM; | 188 | NETIF_F_TSO | NETIF_F_NO_CSUM | NETIF_F_GSO_ROBUST; |
189 | } | 189 | } |
diff --git a/net/bridge/br_if.c b/net/bridge/br_if.c index 07956ecf545e..f55ef682ef84 100644 --- a/net/bridge/br_if.c +++ b/net/bridge/br_if.c | |||
@@ -392,7 +392,8 @@ void br_features_recompute(struct net_bridge *br) | |||
392 | features &= feature; | 392 | features &= feature; |
393 | } | 393 | } |
394 | 394 | ||
395 | br->dev->features = features | checksum | NETIF_F_LLTX; | 395 | br->dev->features = features | checksum | NETIF_F_LLTX | |
396 | NETIF_F_GSO_ROBUST; | ||
396 | } | 397 | } |
397 | 398 | ||
398 | /* called with RTNL */ | 399 | /* called with RTNL */ |
diff --git a/net/core/dev.c b/net/core/dev.c index f1c52cbd6ef7..08976b08df5b 100644 --- a/net/core/dev.c +++ b/net/core/dev.c | |||
@@ -1190,11 +1190,14 @@ out: | |||
1190 | /** | 1190 | /** |
1191 | * skb_gso_segment - Perform segmentation on skb. | 1191 | * skb_gso_segment - Perform segmentation on skb. |
1192 | * @skb: buffer to segment | 1192 | * @skb: buffer to segment |
1193 | * @sg: whether scatter-gather is supported on the target. | 1193 | * @features: features for the output path (see dev->features) |
1194 | * | 1194 | * |
1195 | * This function segments the given skb and returns a list of segments. | 1195 | * This function segments the given skb and returns a list of segments. |
1196 | * | ||
1197 | * It may return NULL if the skb requires no segmentation. This is | ||
1198 | * only possible when GSO is used for verifying header integrity. | ||
1196 | */ | 1199 | */ |
1197 | struct sk_buff *skb_gso_segment(struct sk_buff *skb, int sg) | 1200 | struct sk_buff *skb_gso_segment(struct sk_buff *skb, int features) |
1198 | { | 1201 | { |
1199 | struct sk_buff *segs = ERR_PTR(-EPROTONOSUPPORT); | 1202 | struct sk_buff *segs = ERR_PTR(-EPROTONOSUPPORT); |
1200 | struct packet_type *ptype; | 1203 | struct packet_type *ptype; |
@@ -1210,12 +1213,14 @@ struct sk_buff *skb_gso_segment(struct sk_buff *skb, int sg) | |||
1210 | rcu_read_lock(); | 1213 | rcu_read_lock(); |
1211 | list_for_each_entry_rcu(ptype, &ptype_base[ntohs(type) & 15], list) { | 1214 | list_for_each_entry_rcu(ptype, &ptype_base[ntohs(type) & 15], list) { |
1212 | if (ptype->type == type && !ptype->dev && ptype->gso_segment) { | 1215 | if (ptype->type == type && !ptype->dev && ptype->gso_segment) { |
1213 | segs = ptype->gso_segment(skb, sg); | 1216 | segs = ptype->gso_segment(skb, features); |
1214 | break; | 1217 | break; |
1215 | } | 1218 | } |
1216 | } | 1219 | } |
1217 | rcu_read_unlock(); | 1220 | rcu_read_unlock(); |
1218 | 1221 | ||
1222 | __skb_push(skb, skb->data - skb->mac.raw); | ||
1223 | |||
1219 | return segs; | 1224 | return segs; |
1220 | } | 1225 | } |
1221 | 1226 | ||
@@ -1234,7 +1239,6 @@ void netdev_rx_csum_fault(struct net_device *dev) | |||
1234 | EXPORT_SYMBOL(netdev_rx_csum_fault); | 1239 | EXPORT_SYMBOL(netdev_rx_csum_fault); |
1235 | #endif | 1240 | #endif |
1236 | 1241 | ||
1237 | #ifdef CONFIG_HIGHMEM | ||
1238 | /* Actually, we should eliminate this check as soon as we know, that: | 1242 | /* Actually, we should eliminate this check as soon as we know, that: |
1239 | * 1. IOMMU is present and allows to map all the memory. | 1243 | * 1. IOMMU is present and allows to map all the memory. |
1240 | * 2. No high memory really exists on this machine. | 1244 | * 2. No high memory really exists on this machine. |
@@ -1242,6 +1246,7 @@ EXPORT_SYMBOL(netdev_rx_csum_fault); | |||
1242 | 1246 | ||
1243 | static inline int illegal_highdma(struct net_device *dev, struct sk_buff *skb) | 1247 | static inline int illegal_highdma(struct net_device *dev, struct sk_buff *skb) |
1244 | { | 1248 | { |
1249 | #ifdef CONFIG_HIGHMEM | ||
1245 | int i; | 1250 | int i; |
1246 | 1251 | ||
1247 | if (dev->features & NETIF_F_HIGHDMA) | 1252 | if (dev->features & NETIF_F_HIGHDMA) |
@@ -1251,11 +1256,9 @@ static inline int illegal_highdma(struct net_device *dev, struct sk_buff *skb) | |||
1251 | if (PageHighMem(skb_shinfo(skb)->frags[i].page)) | 1256 | if (PageHighMem(skb_shinfo(skb)->frags[i].page)) |
1252 | return 1; | 1257 | return 1; |
1253 | 1258 | ||
1259 | #endif | ||
1254 | return 0; | 1260 | return 0; |
1255 | } | 1261 | } |
1256 | #else | ||
1257 | #define illegal_highdma(dev, skb) (0) | ||
1258 | #endif | ||
1259 | 1262 | ||
1260 | struct dev_gso_cb { | 1263 | struct dev_gso_cb { |
1261 | void (*destructor)(struct sk_buff *skb); | 1264 | void (*destructor)(struct sk_buff *skb); |
@@ -1291,9 +1294,15 @@ static int dev_gso_segment(struct sk_buff *skb) | |||
1291 | { | 1294 | { |
1292 | struct net_device *dev = skb->dev; | 1295 | struct net_device *dev = skb->dev; |
1293 | struct sk_buff *segs; | 1296 | struct sk_buff *segs; |
1297 | int features = dev->features & ~(illegal_highdma(dev, skb) ? | ||
1298 | NETIF_F_SG : 0); | ||
1299 | |||
1300 | segs = skb_gso_segment(skb, features); | ||
1301 | |||
1302 | /* Verifying header integrity only. */ | ||
1303 | if (!segs) | ||
1304 | return 0; | ||
1294 | 1305 | ||
1295 | segs = skb_gso_segment(skb, dev->features & NETIF_F_SG && | ||
1296 | !illegal_highdma(dev, skb)); | ||
1297 | if (unlikely(IS_ERR(segs))) | 1306 | if (unlikely(IS_ERR(segs))) |
1298 | return PTR_ERR(segs); | 1307 | return PTR_ERR(segs); |
1299 | 1308 | ||
@@ -1310,13 +1319,17 @@ int dev_hard_start_xmit(struct sk_buff *skb, struct net_device *dev) | |||
1310 | if (netdev_nit) | 1319 | if (netdev_nit) |
1311 | dev_queue_xmit_nit(skb, dev); | 1320 | dev_queue_xmit_nit(skb, dev); |
1312 | 1321 | ||
1313 | if (!netif_needs_gso(dev, skb)) | 1322 | if (netif_needs_gso(dev, skb)) { |
1314 | return dev->hard_start_xmit(skb, dev); | 1323 | if (unlikely(dev_gso_segment(skb))) |
1324 | goto out_kfree_skb; | ||
1325 | if (skb->next) | ||
1326 | goto gso; | ||
1327 | } | ||
1315 | 1328 | ||
1316 | if (unlikely(dev_gso_segment(skb))) | 1329 | return dev->hard_start_xmit(skb, dev); |
1317 | goto out_kfree_skb; | ||
1318 | } | 1330 | } |
1319 | 1331 | ||
1332 | gso: | ||
1320 | do { | 1333 | do { |
1321 | struct sk_buff *nskb = skb->next; | 1334 | struct sk_buff *nskb = skb->next; |
1322 | int rc; | 1335 | int rc; |
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c index 3fcfa9c59e1f..f25aac17497a 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c | |||
@@ -663,7 +663,7 @@ rtnetlink_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh, int *errp) | |||
663 | sz_idx = type>>2; | 663 | sz_idx = type>>2; |
664 | kind = type&3; | 664 | kind = type&3; |
665 | 665 | ||
666 | if (kind != 2 && security_netlink_recv(skb)) { | 666 | if (kind != 2 && security_netlink_recv(skb, CAP_NET_ADMIN)) { |
667 | *errp = -EPERM; | 667 | *errp = -EPERM; |
668 | return -1; | 668 | return -1; |
669 | } | 669 | } |
diff --git a/net/core/skbuff.c b/net/core/skbuff.c index 6edbb90cbcec..a1c9ecf4f1e0 100644 --- a/net/core/skbuff.c +++ b/net/core/skbuff.c | |||
@@ -272,7 +272,7 @@ static void skb_clone_fraglist(struct sk_buff *skb) | |||
272 | skb_get(list); | 272 | skb_get(list); |
273 | } | 273 | } |
274 | 274 | ||
275 | void skb_release_data(struct sk_buff *skb) | 275 | static void skb_release_data(struct sk_buff *skb) |
276 | { | 276 | { |
277 | if (!skb->cloned || | 277 | if (!skb->cloned || |
278 | !atomic_sub_return(skb->nohdr ? (1 << SKB_DATAREF_SHIFT) + 1 : 1, | 278 | !atomic_sub_return(skb->nohdr ? (1 << SKB_DATAREF_SHIFT) + 1 : 1, |
@@ -1848,13 +1848,13 @@ EXPORT_SYMBOL_GPL(skb_pull_rcsum); | |||
1848 | /** | 1848 | /** |
1849 | * skb_segment - Perform protocol segmentation on skb. | 1849 | * skb_segment - Perform protocol segmentation on skb. |
1850 | * @skb: buffer to segment | 1850 | * @skb: buffer to segment |
1851 | * @sg: whether scatter-gather can be used for generated segments | 1851 | * @features: features for the output path (see dev->features) |
1852 | * | 1852 | * |
1853 | * This function performs segmentation on the given skb. It returns | 1853 | * This function performs segmentation on the given skb. It returns |
1854 | * the segment at the given position. It returns NULL if there are | 1854 | * the segment at the given position. It returns NULL if there are |
1855 | * no more segments to generate, or when an error is encountered. | 1855 | * no more segments to generate, or when an error is encountered. |
1856 | */ | 1856 | */ |
1857 | struct sk_buff *skb_segment(struct sk_buff *skb, int sg) | 1857 | struct sk_buff *skb_segment(struct sk_buff *skb, int features) |
1858 | { | 1858 | { |
1859 | struct sk_buff *segs = NULL; | 1859 | struct sk_buff *segs = NULL; |
1860 | struct sk_buff *tail = NULL; | 1860 | struct sk_buff *tail = NULL; |
@@ -1863,6 +1863,7 @@ struct sk_buff *skb_segment(struct sk_buff *skb, int sg) | |||
1863 | unsigned int offset = doffset; | 1863 | unsigned int offset = doffset; |
1864 | unsigned int headroom; | 1864 | unsigned int headroom; |
1865 | unsigned int len; | 1865 | unsigned int len; |
1866 | int sg = features & NETIF_F_SG; | ||
1866 | int nfrags = skb_shinfo(skb)->nr_frags; | 1867 | int nfrags = skb_shinfo(skb)->nr_frags; |
1867 | int err = -ENOMEM; | 1868 | int err = -ENOMEM; |
1868 | int i = 0; | 1869 | int i = 0; |
diff --git a/net/core/sock.c b/net/core/sock.c index 5d820c376653..204a8dec65cc 100644 --- a/net/core/sock.c +++ b/net/core/sock.c | |||
@@ -565,6 +565,13 @@ set_rcvbuf: | |||
565 | ret = -ENONET; | 565 | ret = -ENONET; |
566 | break; | 566 | break; |
567 | 567 | ||
568 | case SO_PASSSEC: | ||
569 | if (valbool) | ||
570 | set_bit(SOCK_PASSSEC, &sock->flags); | ||
571 | else | ||
572 | clear_bit(SOCK_PASSSEC, &sock->flags); | ||
573 | break; | ||
574 | |||
568 | /* We implement the SO_SNDLOWAT etc to | 575 | /* We implement the SO_SNDLOWAT etc to |
569 | not be settable (1003.1g 5.3) */ | 576 | not be settable (1003.1g 5.3) */ |
570 | default: | 577 | default: |
@@ -723,6 +730,10 @@ int sock_getsockopt(struct socket *sock, int level, int optname, | |||
723 | v.val = sk->sk_state == TCP_LISTEN; | 730 | v.val = sk->sk_state == TCP_LISTEN; |
724 | break; | 731 | break; |
725 | 732 | ||
733 | case SO_PASSSEC: | ||
734 | v.val = test_bit(SOCK_PASSSEC, &sock->flags) ? 1 : 0; | ||
735 | break; | ||
736 | |||
726 | case SO_PEERSEC: | 737 | case SO_PEERSEC: |
727 | return security_socket_getpeersec_stream(sock, optval, optlen, len); | 738 | return security_socket_getpeersec_stream(sock, optval, optlen, len); |
728 | 739 | ||
diff --git a/net/decnet/netfilter/dn_rtmsg.c b/net/decnet/netfilter/dn_rtmsg.c index 74133ecd7700..8b99bd33540d 100644 --- a/net/decnet/netfilter/dn_rtmsg.c +++ b/net/decnet/netfilter/dn_rtmsg.c | |||
@@ -107,7 +107,7 @@ static inline void dnrmg_receive_user_skb(struct sk_buff *skb) | |||
107 | if (nlh->nlmsg_len < sizeof(*nlh) || skb->len < nlh->nlmsg_len) | 107 | if (nlh->nlmsg_len < sizeof(*nlh) || skb->len < nlh->nlmsg_len) |
108 | return; | 108 | return; |
109 | 109 | ||
110 | if (!cap_raised(NETLINK_CB(skb).eff_cap, CAP_NET_ADMIN)) | 110 | if (security_netlink_recv(skb, CAP_NET_ADMIN)) |
111 | RCV_SKB_FAIL(-EPERM); | 111 | RCV_SKB_FAIL(-EPERM); |
112 | 112 | ||
113 | /* Eventually we might send routing messages too */ | 113 | /* Eventually we might send routing messages too */ |
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c index 461216b47948..8d157157bf8e 100644 --- a/net/ipv4/af_inet.c +++ b/net/ipv4/af_inet.c | |||
@@ -1097,7 +1097,7 @@ int inet_sk_rebuild_header(struct sock *sk) | |||
1097 | 1097 | ||
1098 | EXPORT_SYMBOL(inet_sk_rebuild_header); | 1098 | EXPORT_SYMBOL(inet_sk_rebuild_header); |
1099 | 1099 | ||
1100 | static struct sk_buff *inet_gso_segment(struct sk_buff *skb, int sg) | 1100 | static struct sk_buff *inet_gso_segment(struct sk_buff *skb, int features) |
1101 | { | 1101 | { |
1102 | struct sk_buff *segs = ERR_PTR(-EINVAL); | 1102 | struct sk_buff *segs = ERR_PTR(-EINVAL); |
1103 | struct iphdr *iph; | 1103 | struct iphdr *iph; |
@@ -1126,10 +1126,10 @@ static struct sk_buff *inet_gso_segment(struct sk_buff *skb, int sg) | |||
1126 | rcu_read_lock(); | 1126 | rcu_read_lock(); |
1127 | ops = rcu_dereference(inet_protos[proto]); | 1127 | ops = rcu_dereference(inet_protos[proto]); |
1128 | if (ops && ops->gso_segment) | 1128 | if (ops && ops->gso_segment) |
1129 | segs = ops->gso_segment(skb, sg); | 1129 | segs = ops->gso_segment(skb, features); |
1130 | rcu_read_unlock(); | 1130 | rcu_read_unlock(); |
1131 | 1131 | ||
1132 | if (IS_ERR(segs)) | 1132 | if (!segs || unlikely(IS_ERR(segs))) |
1133 | goto out; | 1133 | goto out; |
1134 | 1134 | ||
1135 | skb = segs; | 1135 | skb = segs; |
diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig index e1d7f5fbc526..ef0b5aac5838 100644 --- a/net/ipv4/netfilter/Kconfig +++ b/net/ipv4/netfilter/Kconfig | |||
@@ -332,7 +332,7 @@ config IP_NF_MATCH_HASHLIMIT | |||
332 | help | 332 | help |
333 | This option adds a new iptables `hashlimit' match. | 333 | This option adds a new iptables `hashlimit' match. |
334 | 334 | ||
335 | As opposed to `limit', this match dynamically crates a hash table | 335 | As opposed to `limit', this match dynamically creates a hash table |
336 | of limit buckets, based on your selection of source/destination | 336 | of limit buckets, based on your selection of source/destination |
337 | ip addresses and/or ports. | 337 | ip addresses and/or ports. |
338 | 338 | ||
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c index d0d19192026d..ad39bf640567 100644 --- a/net/ipv4/netfilter/arp_tables.c +++ b/net/ipv4/netfilter/arp_tables.c | |||
@@ -1120,7 +1120,8 @@ int arpt_register_table(struct arpt_table *table, | |||
1120 | return ret; | 1120 | return ret; |
1121 | } | 1121 | } |
1122 | 1122 | ||
1123 | if (xt_register_table(table, &bootstrap, newinfo) != 0) { | 1123 | ret = xt_register_table(table, &bootstrap, newinfo); |
1124 | if (ret != 0) { | ||
1124 | xt_free_table_info(newinfo); | 1125 | xt_free_table_info(newinfo); |
1125 | return ret; | 1126 | return ret; |
1126 | } | 1127 | } |
diff --git a/net/ipv4/netfilter/ip_queue.c b/net/ipv4/netfilter/ip_queue.c index b93f0494362f..198ac36db861 100644 --- a/net/ipv4/netfilter/ip_queue.c +++ b/net/ipv4/netfilter/ip_queue.c | |||
@@ -457,11 +457,19 @@ dev_cmp(struct ipq_queue_entry *entry, unsigned long ifindex) | |||
457 | if (entry->info->indev) | 457 | if (entry->info->indev) |
458 | if (entry->info->indev->ifindex == ifindex) | 458 | if (entry->info->indev->ifindex == ifindex) |
459 | return 1; | 459 | return 1; |
460 | |||
461 | if (entry->info->outdev) | 460 | if (entry->info->outdev) |
462 | if (entry->info->outdev->ifindex == ifindex) | 461 | if (entry->info->outdev->ifindex == ifindex) |
463 | return 1; | 462 | return 1; |
464 | 463 | #ifdef CONFIG_BRIDGE_NETFILTER | |
464 | if (entry->skb->nf_bridge) { | ||
465 | if (entry->skb->nf_bridge->physindev && | ||
466 | entry->skb->nf_bridge->physindev->ifindex == ifindex) | ||
467 | return 1; | ||
468 | if (entry->skb->nf_bridge->physoutdev && | ||
469 | entry->skb->nf_bridge->physoutdev->ifindex == ifindex) | ||
470 | return 1; | ||
471 | } | ||
472 | #endif | ||
465 | return 0; | 473 | return 0; |
466 | } | 474 | } |
467 | 475 | ||
@@ -507,7 +515,7 @@ ipq_rcv_skb(struct sk_buff *skb) | |||
507 | if (type <= IPQM_BASE) | 515 | if (type <= IPQM_BASE) |
508 | return; | 516 | return; |
509 | 517 | ||
510 | if (security_netlink_recv(skb)) | 518 | if (security_netlink_recv(skb, CAP_NET_ADMIN)) |
511 | RCV_SKB_FAIL(-EPERM); | 519 | RCV_SKB_FAIL(-EPERM); |
512 | 520 | ||
513 | write_lock_bh(&queue_lock); | 521 | write_lock_bh(&queue_lock); |
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index 706c0025ec5e..7aaaf92efb59 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c | |||
@@ -2113,7 +2113,8 @@ int ipt_register_table(struct xt_table *table, const struct ipt_replace *repl) | |||
2113 | return ret; | 2113 | return ret; |
2114 | } | 2114 | } |
2115 | 2115 | ||
2116 | if (xt_register_table(table, &bootstrap, newinfo) != 0) { | 2116 | ret = xt_register_table(table, &bootstrap, newinfo); |
2117 | if (ret != 0) { | ||
2117 | xt_free_table_info(newinfo); | 2118 | xt_free_table_info(newinfo); |
2118 | return ret; | 2119 | return ret; |
2119 | } | 2120 | } |
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c index c04176be7ed1..0336422c88a0 100644 --- a/net/ipv4/tcp.c +++ b/net/ipv4/tcp.c | |||
@@ -2145,7 +2145,7 @@ int compat_tcp_getsockopt(struct sock *sk, int level, int optname, | |||
2145 | EXPORT_SYMBOL(compat_tcp_getsockopt); | 2145 | EXPORT_SYMBOL(compat_tcp_getsockopt); |
2146 | #endif | 2146 | #endif |
2147 | 2147 | ||
2148 | struct sk_buff *tcp_tso_segment(struct sk_buff *skb, int sg) | 2148 | struct sk_buff *tcp_tso_segment(struct sk_buff *skb, int features) |
2149 | { | 2149 | { |
2150 | struct sk_buff *segs = ERR_PTR(-EINVAL); | 2150 | struct sk_buff *segs = ERR_PTR(-EINVAL); |
2151 | struct tcphdr *th; | 2151 | struct tcphdr *th; |
@@ -2166,10 +2166,14 @@ struct sk_buff *tcp_tso_segment(struct sk_buff *skb, int sg) | |||
2166 | if (!pskb_may_pull(skb, thlen)) | 2166 | if (!pskb_may_pull(skb, thlen)) |
2167 | goto out; | 2167 | goto out; |
2168 | 2168 | ||
2169 | segs = NULL; | ||
2170 | if (skb_gso_ok(skb, features | NETIF_F_GSO_ROBUST)) | ||
2171 | goto out; | ||
2172 | |||
2169 | oldlen = (u16)~skb->len; | 2173 | oldlen = (u16)~skb->len; |
2170 | __skb_pull(skb, thlen); | 2174 | __skb_pull(skb, thlen); |
2171 | 2175 | ||
2172 | segs = skb_segment(skb, sg); | 2176 | segs = skb_segment(skb, features); |
2173 | if (IS_ERR(segs)) | 2177 | if (IS_ERR(segs)) |
2174 | goto out; | 2178 | goto out; |
2175 | 2179 | ||
diff --git a/net/ipv4/tcp_diag.c b/net/ipv4/tcp_diag.c index c148c1081880..b56399c7cc12 100644 --- a/net/ipv4/tcp_diag.c +++ b/net/ipv4/tcp_diag.c | |||
@@ -26,7 +26,10 @@ static void tcp_diag_get_info(struct sock *sk, struct inet_diag_msg *r, | |||
26 | const struct tcp_sock *tp = tcp_sk(sk); | 26 | const struct tcp_sock *tp = tcp_sk(sk); |
27 | struct tcp_info *info = _info; | 27 | struct tcp_info *info = _info; |
28 | 28 | ||
29 | r->idiag_rqueue = tp->rcv_nxt - tp->copied_seq; | 29 | if (sk->sk_state == TCP_LISTEN) |
30 | r->idiag_rqueue = sk->sk_ack_backlog; | ||
31 | else | ||
32 | r->idiag_rqueue = tp->rcv_nxt - tp->copied_seq; | ||
30 | r->idiag_wqueue = tp->write_seq - tp->snd_una; | 33 | r->idiag_wqueue = tp->write_seq - tp->snd_una; |
31 | if (info != NULL) | 34 | if (info != NULL) |
32 | tcp_get_info(sk, info); | 35 | tcp_get_info(sk, info); |
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index 94fe5b1f9dcb..7fa0b4a8a389 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c | |||
@@ -4178,8 +4178,6 @@ static int tcp_rcv_synsent_state_process(struct sock *sk, struct sk_buff *skb, | |||
4178 | */ | 4178 | */ |
4179 | 4179 | ||
4180 | TCP_ECN_rcv_synack(tp, th); | 4180 | TCP_ECN_rcv_synack(tp, th); |
4181 | if (tp->ecn_flags&TCP_ECN_OK) | ||
4182 | sock_set_flag(sk, SOCK_NO_LARGESEND); | ||
4183 | 4181 | ||
4184 | tp->snd_wl1 = TCP_SKB_CB(skb)->seq; | 4182 | tp->snd_wl1 = TCP_SKB_CB(skb)->seq; |
4185 | tcp_ack(sk, skb, FLAG_SLOWPATH); | 4183 | tcp_ack(sk, skb, FLAG_SLOWPATH); |
@@ -4322,8 +4320,6 @@ discard: | |||
4322 | tp->max_window = tp->snd_wnd; | 4320 | tp->max_window = tp->snd_wnd; |
4323 | 4321 | ||
4324 | TCP_ECN_rcv_syn(tp, th); | 4322 | TCP_ECN_rcv_syn(tp, th); |
4325 | if (tp->ecn_flags&TCP_ECN_OK) | ||
4326 | sock_set_flag(sk, SOCK_NO_LARGESEND); | ||
4327 | 4323 | ||
4328 | tcp_mtup_init(sk); | 4324 | tcp_mtup_init(sk); |
4329 | tcp_sync_mss(sk, icsk->icsk_pmtu_cookie); | 4325 | tcp_sync_mss(sk, icsk->icsk_pmtu_cookie); |
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index 25ecc6e2478b..4c6ef47eb1c3 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c | |||
@@ -1726,7 +1726,8 @@ static void get_tcp4_sock(struct sock *sp, char *tmpbuf, int i) | |||
1726 | sprintf(tmpbuf, "%4d: %08X:%04X %08X:%04X %02X %08X:%08X %02X:%08lX " | 1726 | sprintf(tmpbuf, "%4d: %08X:%04X %08X:%04X %02X %08X:%08X %02X:%08lX " |
1727 | "%08X %5d %8d %lu %d %p %u %u %u %u %d", | 1727 | "%08X %5d %8d %lu %d %p %u %u %u %u %d", |
1728 | i, src, srcp, dest, destp, sp->sk_state, | 1728 | i, src, srcp, dest, destp, sp->sk_state, |
1729 | tp->write_seq - tp->snd_una, tp->rcv_nxt - tp->copied_seq, | 1729 | tp->write_seq - tp->snd_una, |
1730 | (sp->sk_state == TCP_LISTEN) ? sp->sk_ack_backlog : (tp->rcv_nxt - tp->copied_seq), | ||
1730 | timer_active, | 1731 | timer_active, |
1731 | jiffies_to_clock_t(timer_expires - jiffies), | 1732 | jiffies_to_clock_t(timer_expires - jiffies), |
1732 | icsk->icsk_retransmits, | 1733 | icsk->icsk_retransmits, |
diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c index 2b9b7f6c7f7c..54b2ef7d3efe 100644 --- a/net/ipv4/tcp_minisocks.c +++ b/net/ipv4/tcp_minisocks.c | |||
@@ -440,8 +440,6 @@ struct sock *tcp_create_openreq_child(struct sock *sk, struct request_sock *req, | |||
440 | newicsk->icsk_ack.last_seg_size = skb->len - newtp->tcp_header_len; | 440 | newicsk->icsk_ack.last_seg_size = skb->len - newtp->tcp_header_len; |
441 | newtp->rx_opt.mss_clamp = req->mss; | 441 | newtp->rx_opt.mss_clamp = req->mss; |
442 | TCP_ECN_openreq_child(newtp, req); | 442 | TCP_ECN_openreq_child(newtp, req); |
443 | if (newtp->ecn_flags&TCP_ECN_OK) | ||
444 | sock_set_flag(newsk, SOCK_NO_LARGESEND); | ||
445 | 443 | ||
446 | TCP_INC_STATS_BH(TCP_MIB_PASSIVEOPENS); | 444 | TCP_INC_STATS_BH(TCP_MIB_PASSIVEOPENS); |
447 | } | 445 | } |
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c index bdd71db8bf90..5a7cb4a9c867 100644 --- a/net/ipv4/tcp_output.c +++ b/net/ipv4/tcp_output.c | |||
@@ -2044,8 +2044,6 @@ struct sk_buff * tcp_make_synack(struct sock *sk, struct dst_entry *dst, | |||
2044 | memset(th, 0, sizeof(struct tcphdr)); | 2044 | memset(th, 0, sizeof(struct tcphdr)); |
2045 | th->syn = 1; | 2045 | th->syn = 1; |
2046 | th->ack = 1; | 2046 | th->ack = 1; |
2047 | if (dst->dev->features&NETIF_F_TSO) | ||
2048 | ireq->ecn_ok = 0; | ||
2049 | TCP_ECN_make_synack(req, th); | 2047 | TCP_ECN_make_synack(req, th); |
2050 | th->source = inet_sk(sk)->sport; | 2048 | th->source = inet_sk(sk)->sport; |
2051 | th->dest = ireq->rmt_port; | 2049 | th->dest = ireq->rmt_port; |
diff --git a/net/ipv6/netfilter/ip6_queue.c b/net/ipv6/netfilter/ip6_queue.c index b4b7d441af25..968a14be0d05 100644 --- a/net/ipv6/netfilter/ip6_queue.c +++ b/net/ipv6/netfilter/ip6_queue.c | |||
@@ -505,7 +505,7 @@ ipq_rcv_skb(struct sk_buff *skb) | |||
505 | if (type <= IPQM_BASE) | 505 | if (type <= IPQM_BASE) |
506 | return; | 506 | return; |
507 | 507 | ||
508 | if (security_netlink_recv(skb)) | 508 | if (security_netlink_recv(skb, CAP_NET_ADMIN)) |
509 | RCV_SKB_FAIL(-EPERM); | 509 | RCV_SKB_FAIL(-EPERM); |
510 | 510 | ||
511 | write_lock_bh(&queue_lock); | 511 | write_lock_bh(&queue_lock); |
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index 2e72f89a7019..0b5bd5587a3e 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c | |||
@@ -1281,7 +1281,8 @@ int ip6t_register_table(struct xt_table *table, | |||
1281 | return ret; | 1281 | return ret; |
1282 | } | 1282 | } |
1283 | 1283 | ||
1284 | if (xt_register_table(table, &bootstrap, newinfo) != 0) { | 1284 | ret = xt_register_table(table, &bootstrap, newinfo); |
1285 | if (ret != 0) { | ||
1285 | xt_free_table_info(newinfo); | 1286 | xt_free_table_info(newinfo); |
1286 | return ret; | 1287 | return ret; |
1287 | } | 1288 | } |
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index a50eb306e9e2..b36d5b2e7c30 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c | |||
@@ -1469,7 +1469,8 @@ static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i) | |||
1469 | dest->s6_addr32[0], dest->s6_addr32[1], | 1469 | dest->s6_addr32[0], dest->s6_addr32[1], |
1470 | dest->s6_addr32[2], dest->s6_addr32[3], destp, | 1470 | dest->s6_addr32[2], dest->s6_addr32[3], destp, |
1471 | sp->sk_state, | 1471 | sp->sk_state, |
1472 | tp->write_seq-tp->snd_una, tp->rcv_nxt-tp->copied_seq, | 1472 | tp->write_seq-tp->snd_una, |
1473 | (sp->sk_state == TCP_LISTEN) ? sp->sk_ack_backlog : (tp->rcv_nxt - tp->copied_seq), | ||
1473 | timer_active, | 1474 | timer_active, |
1474 | jiffies_to_clock_t(timer_expires - jiffies), | 1475 | jiffies_to_clock_t(timer_expires - jiffies), |
1475 | icsk->icsk_retransmits, | 1476 | icsk->icsk_retransmits, |
diff --git a/net/irda/irlan/irlan_client.c b/net/irda/irlan/irlan_client.c index f8e6cb0db04b..95cf1234ea17 100644 --- a/net/irda/irlan/irlan_client.c +++ b/net/irda/irlan/irlan_client.c | |||
@@ -173,13 +173,14 @@ void irlan_client_discovery_indication(discinfo_t *discovery, | |||
173 | rcu_read_lock(); | 173 | rcu_read_lock(); |
174 | self = irlan_get_any(); | 174 | self = irlan_get_any(); |
175 | if (self) { | 175 | if (self) { |
176 | IRDA_ASSERT(self->magic == IRLAN_MAGIC, return;); | 176 | IRDA_ASSERT(self->magic == IRLAN_MAGIC, goto out;); |
177 | 177 | ||
178 | IRDA_DEBUG(1, "%s(), Found instance (%08x)!\n", __FUNCTION__ , | 178 | IRDA_DEBUG(1, "%s(), Found instance (%08x)!\n", __FUNCTION__ , |
179 | daddr); | 179 | daddr); |
180 | 180 | ||
181 | irlan_client_wakeup(self, saddr, daddr); | 181 | irlan_client_wakeup(self, saddr, daddr); |
182 | } | 182 | } |
183 | IRDA_ASSERT_LABEL(out:) | ||
183 | rcu_read_unlock(); | 184 | rcu_read_unlock(); |
184 | } | 185 | } |
185 | 186 | ||
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig index b1622b7de1cf..42a178aa30f9 100644 --- a/net/netfilter/Kconfig +++ b/net/netfilter/Kconfig | |||
@@ -411,7 +411,10 @@ config NETFILTER_XT_MATCH_STATISTIC | |||
411 | tristate '"statistic" match support' | 411 | tristate '"statistic" match support' |
412 | depends on NETFILTER_XTABLES | 412 | depends on NETFILTER_XTABLES |
413 | help | 413 | help |
414 | statistic module | 414 | This option adds a `statistic' match, which allows you to match |
415 | on packets periodically or randomly with a given percentage. | ||
416 | |||
417 | To compile it as a module, choose M here. If unsure, say N. | ||
415 | 418 | ||
416 | config NETFILTER_XT_MATCH_STRING | 419 | config NETFILTER_XT_MATCH_STRING |
417 | tristate '"string" match support' | 420 | tristate '"string" match support' |
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index b8c7c567c9df..af4845971f70 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c | |||
@@ -29,6 +29,7 @@ | |||
29 | #include <linux/errno.h> | 29 | #include <linux/errno.h> |
30 | #include <linux/netlink.h> | 30 | #include <linux/netlink.h> |
31 | #include <linux/spinlock.h> | 31 | #include <linux/spinlock.h> |
32 | #include <linux/interrupt.h> | ||
32 | #include <linux/notifier.h> | 33 | #include <linux/notifier.h> |
33 | 34 | ||
34 | #include <linux/netfilter.h> | 35 | #include <linux/netfilter.h> |
diff --git a/net/netfilter/nf_conntrack_proto_sctp.c b/net/netfilter/nf_conntrack_proto_sctp.c index 0c6da496cfa9..0839b701b930 100644 --- a/net/netfilter/nf_conntrack_proto_sctp.c +++ b/net/netfilter/nf_conntrack_proto_sctp.c | |||
@@ -28,6 +28,8 @@ | |||
28 | #include <linux/sctp.h> | 28 | #include <linux/sctp.h> |
29 | #include <linux/string.h> | 29 | #include <linux/string.h> |
30 | #include <linux/seq_file.h> | 30 | #include <linux/seq_file.h> |
31 | #include <linux/spinlock.h> | ||
32 | #include <linux/interrupt.h> | ||
31 | 33 | ||
32 | #include <net/netfilter/nf_conntrack.h> | 34 | #include <net/netfilter/nf_conntrack.h> |
33 | #include <net/netfilter/nf_conntrack_protocol.h> | 35 | #include <net/netfilter/nf_conntrack_protocol.h> |
diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c index b88e82a1a987..ec9f0efea6bb 100644 --- a/net/netfilter/nfnetlink.c +++ b/net/netfilter/nfnetlink.c | |||
@@ -229,7 +229,7 @@ static int nfnetlink_rcv_msg(struct sk_buff *skb, | |||
229 | NFNL_SUBSYS_ID(nlh->nlmsg_type), | 229 | NFNL_SUBSYS_ID(nlh->nlmsg_type), |
230 | NFNL_MSG_TYPE(nlh->nlmsg_type)); | 230 | NFNL_MSG_TYPE(nlh->nlmsg_type)); |
231 | 231 | ||
232 | if (!cap_raised(NETLINK_CB(skb).eff_cap, CAP_NET_ADMIN)) { | 232 | if (security_netlink_recv(skb, CAP_NET_ADMIN)) { |
233 | DEBUGP("missing CAP_NET_ADMIN\n"); | 233 | DEBUGP("missing CAP_NET_ADMIN\n"); |
234 | *errp = -EPERM; | 234 | *errp = -EPERM; |
235 | return -1; | 235 | return -1; |
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index 86a4ac33de34..49ef41e34c48 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c | |||
@@ -680,11 +680,19 @@ dev_cmp(struct nfqnl_queue_entry *entry, unsigned long ifindex) | |||
680 | if (entinf->indev) | 680 | if (entinf->indev) |
681 | if (entinf->indev->ifindex == ifindex) | 681 | if (entinf->indev->ifindex == ifindex) |
682 | return 1; | 682 | return 1; |
683 | |||
684 | if (entinf->outdev) | 683 | if (entinf->outdev) |
685 | if (entinf->outdev->ifindex == ifindex) | 684 | if (entinf->outdev->ifindex == ifindex) |
686 | return 1; | 685 | return 1; |
687 | 686 | #ifdef CONFIG_BRIDGE_NETFILTER | |
687 | if (entry->skb->nf_bridge) { | ||
688 | if (entry->skb->nf_bridge->physindev && | ||
689 | entry->skb->nf_bridge->physindev->ifindex == ifindex) | ||
690 | return 1; | ||
691 | if (entry->skb->nf_bridge->physoutdev && | ||
692 | entry->skb->nf_bridge->physoutdev->ifindex == ifindex) | ||
693 | return 1; | ||
694 | } | ||
695 | #endif | ||
688 | return 0; | 696 | return 0; |
689 | } | 697 | } |
690 | 698 | ||
diff --git a/net/netfilter/xt_sctp.c b/net/netfilter/xt_sctp.c index 9316c753692f..843383e01d41 100644 --- a/net/netfilter/xt_sctp.c +++ b/net/netfilter/xt_sctp.c | |||
@@ -151,7 +151,7 @@ match(const struct sk_buff *skb, | |||
151 | && SCCHECK(((ntohs(sh->dest) >= info->dpts[0]) | 151 | && SCCHECK(((ntohs(sh->dest) >= info->dpts[0]) |
152 | && (ntohs(sh->dest) <= info->dpts[1])), | 152 | && (ntohs(sh->dest) <= info->dpts[1])), |
153 | XT_SCTP_DEST_PORTS, info->flags, info->invflags) | 153 | XT_SCTP_DEST_PORTS, info->flags, info->invflags) |
154 | && SCCHECK(match_packet(skb, protoff, | 154 | && SCCHECK(match_packet(skb, protoff + sizeof (sctp_sctphdr_t), |
155 | info->chunkmap, info->chunk_match_type, | 155 | info->chunkmap, info->chunk_match_type, |
156 | info->flag_info, info->flag_count, | 156 | info->flag_info, info->flag_count, |
157 | hotdrop), | 157 | hotdrop), |
diff --git a/net/netfilter/xt_tcpudp.c b/net/netfilter/xt_tcpudp.c index 1b61dac9c873..a9a63aa68936 100644 --- a/net/netfilter/xt_tcpudp.c +++ b/net/netfilter/xt_tcpudp.c | |||
@@ -260,7 +260,7 @@ static int __init xt_tcpudp_init(void) | |||
260 | return ret; | 260 | return ret; |
261 | 261 | ||
262 | out_unreg_udp: | 262 | out_unreg_udp: |
263 | xt_unregister_match(&tcp_matchstruct); | 263 | xt_unregister_match(&udp_matchstruct); |
264 | out_unreg_tcp6: | 264 | out_unreg_tcp6: |
265 | xt_unregister_match(&tcp6_matchstruct); | 265 | xt_unregister_match(&tcp6_matchstruct); |
266 | out_unreg_tcp: | 266 | out_unreg_tcp: |
diff --git a/net/netlink/genetlink.c b/net/netlink/genetlink.c index f329b72578f5..edf084becd5e 100644 --- a/net/netlink/genetlink.c +++ b/net/netlink/genetlink.c | |||
@@ -320,7 +320,7 @@ static int genl_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
320 | goto errout; | 320 | goto errout; |
321 | } | 321 | } |
322 | 322 | ||
323 | if ((ops->flags & GENL_ADMIN_PERM) && security_netlink_recv(skb)) { | 323 | if ((ops->flags & GENL_ADMIN_PERM) && security_netlink_recv(skb, CAP_NET_ADMIN)) { |
324 | err = -EPERM; | 324 | err = -EPERM; |
325 | goto errout; | 325 | goto errout; |
326 | } | 326 | } |
diff --git a/net/tipc/core.c b/net/tipc/core.c index 5003acb15919..0539a8362858 100644 --- a/net/tipc/core.c +++ b/net/tipc/core.c | |||
@@ -191,7 +191,8 @@ static int __init tipc_init(void) | |||
191 | int res; | 191 | int res; |
192 | 192 | ||
193 | tipc_log_reinit(CONFIG_TIPC_LOG); | 193 | tipc_log_reinit(CONFIG_TIPC_LOG); |
194 | info("Activated (compiled " __DATE__ " " __TIME__ ")\n"); | 194 | info("Activated (version " TIPC_MOD_VER |
195 | " compiled " __DATE__ " " __TIME__ ")\n"); | ||
195 | 196 | ||
196 | tipc_own_addr = 0; | 197 | tipc_own_addr = 0; |
197 | tipc_remote_management = 1; | 198 | tipc_remote_management = 1; |
diff --git a/net/tipc/link.c b/net/tipc/link.c index d64658053746..c6831c75cfa4 100644 --- a/net/tipc/link.c +++ b/net/tipc/link.c | |||
@@ -2,7 +2,7 @@ | |||
2 | * net/tipc/link.c: TIPC link code | 2 | * net/tipc/link.c: TIPC link code |
3 | * | 3 | * |
4 | * Copyright (c) 1996-2006, Ericsson AB | 4 | * Copyright (c) 1996-2006, Ericsson AB |
5 | * Copyright (c) 2004-2005, Wind River Systems | 5 | * Copyright (c) 2004-2006, Wind River Systems |
6 | * All rights reserved. | 6 | * All rights reserved. |
7 | * | 7 | * |
8 | * Redistribution and use in source and binary forms, with or without | 8 | * Redistribution and use in source and binary forms, with or without |
@@ -988,17 +988,18 @@ static int link_bundle_buf(struct link *l_ptr, | |||
988 | struct tipc_msg *bundler_msg = buf_msg(bundler); | 988 | struct tipc_msg *bundler_msg = buf_msg(bundler); |
989 | struct tipc_msg *msg = buf_msg(buf); | 989 | struct tipc_msg *msg = buf_msg(buf); |
990 | u32 size = msg_size(msg); | 990 | u32 size = msg_size(msg); |
991 | u32 to_pos = align(msg_size(bundler_msg)); | 991 | u32 bundle_size = msg_size(bundler_msg); |
992 | u32 rest = link_max_pkt(l_ptr) - to_pos; | 992 | u32 to_pos = align(bundle_size); |
993 | u32 pad = to_pos - bundle_size; | ||
993 | 994 | ||
994 | if (msg_user(bundler_msg) != MSG_BUNDLER) | 995 | if (msg_user(bundler_msg) != MSG_BUNDLER) |
995 | return 0; | 996 | return 0; |
996 | if (msg_type(bundler_msg) != OPEN_MSG) | 997 | if (msg_type(bundler_msg) != OPEN_MSG) |
997 | return 0; | 998 | return 0; |
998 | if (rest < align(size)) | 999 | if (skb_tailroom(bundler) < (pad + size)) |
999 | return 0; | 1000 | return 0; |
1000 | 1001 | ||
1001 | skb_put(bundler, (to_pos - msg_size(bundler_msg)) + size); | 1002 | skb_put(bundler, pad + size); |
1002 | memcpy(bundler->data + to_pos, buf->data, size); | 1003 | memcpy(bundler->data + to_pos, buf->data, size); |
1003 | msg_set_size(bundler_msg, to_pos + size); | 1004 | msg_set_size(bundler_msg, to_pos + size); |
1004 | msg_set_msgcnt(bundler_msg, msg_msgcnt(bundler_msg) + 1); | 1005 | msg_set_msgcnt(bundler_msg, msg_msgcnt(bundler_msg) + 1); |
diff --git a/net/tipc/node.c b/net/tipc/node.c index 861322b935da..fc6d09630ccd 100644 --- a/net/tipc/node.c +++ b/net/tipc/node.c | |||
@@ -2,7 +2,7 @@ | |||
2 | * net/tipc/node.c: TIPC node management routines | 2 | * net/tipc/node.c: TIPC node management routines |
3 | * | 3 | * |
4 | * Copyright (c) 2000-2006, Ericsson AB | 4 | * Copyright (c) 2000-2006, Ericsson AB |
5 | * Copyright (c) 2005, Wind River Systems | 5 | * Copyright (c) 2005-2006, Wind River Systems |
6 | * All rights reserved. | 6 | * All rights reserved. |
7 | * | 7 | * |
8 | * Redistribution and use in source and binary forms, with or without | 8 | * Redistribution and use in source and binary forms, with or without |
@@ -592,6 +592,7 @@ struct sk_buff *tipc_node_get_nodes(const void *req_tlv_area, int req_tlv_space) | |||
592 | struct sk_buff *buf; | 592 | struct sk_buff *buf; |
593 | struct node *n_ptr; | 593 | struct node *n_ptr; |
594 | struct tipc_node_info node_info; | 594 | struct tipc_node_info node_info; |
595 | u32 payload_size; | ||
595 | 596 | ||
596 | if (!TLV_CHECK(req_tlv_area, req_tlv_space, TIPC_TLV_NET_ADDR)) | 597 | if (!TLV_CHECK(req_tlv_area, req_tlv_space, TIPC_TLV_NET_ADDR)) |
597 | return tipc_cfg_reply_error_string(TIPC_CFG_TLV_ERROR); | 598 | return tipc_cfg_reply_error_string(TIPC_CFG_TLV_ERROR); |
@@ -608,8 +609,11 @@ struct sk_buff *tipc_node_get_nodes(const void *req_tlv_area, int req_tlv_space) | |||
608 | /* For now, get space for all other nodes | 609 | /* For now, get space for all other nodes |
609 | (will need to modify this when slave nodes are supported */ | 610 | (will need to modify this when slave nodes are supported */ |
610 | 611 | ||
611 | buf = tipc_cfg_reply_alloc(TLV_SPACE(sizeof(node_info)) * | 612 | payload_size = TLV_SPACE(sizeof(node_info)) * (tipc_max_nodes - 1); |
612 | (tipc_max_nodes - 1)); | 613 | if (payload_size > 32768u) |
614 | return tipc_cfg_reply_error_string(TIPC_CFG_NOT_SUPPORTED | ||
615 | " (too many nodes)"); | ||
616 | buf = tipc_cfg_reply_alloc(payload_size); | ||
613 | if (!buf) | 617 | if (!buf) |
614 | return NULL; | 618 | return NULL; |
615 | 619 | ||
@@ -633,6 +637,7 @@ struct sk_buff *tipc_node_get_links(const void *req_tlv_area, int req_tlv_space) | |||
633 | struct sk_buff *buf; | 637 | struct sk_buff *buf; |
634 | struct node *n_ptr; | 638 | struct node *n_ptr; |
635 | struct tipc_link_info link_info; | 639 | struct tipc_link_info link_info; |
640 | u32 payload_size; | ||
636 | 641 | ||
637 | if (!TLV_CHECK(req_tlv_area, req_tlv_space, TIPC_TLV_NET_ADDR)) | 642 | if (!TLV_CHECK(req_tlv_area, req_tlv_space, TIPC_TLV_NET_ADDR)) |
638 | return tipc_cfg_reply_error_string(TIPC_CFG_TLV_ERROR); | 643 | return tipc_cfg_reply_error_string(TIPC_CFG_TLV_ERROR); |
@@ -645,12 +650,15 @@ struct sk_buff *tipc_node_get_links(const void *req_tlv_area, int req_tlv_space) | |||
645 | 650 | ||
646 | if (!tipc_nodes) | 651 | if (!tipc_nodes) |
647 | return tipc_cfg_reply_none(); | 652 | return tipc_cfg_reply_none(); |
648 | 653 | ||
649 | /* For now, get space for 2 links to all other nodes + bcast link | 654 | /* Get space for all unicast links + multicast link */ |
650 | (will need to modify this when slave nodes are supported */ | 655 | |
651 | 656 | payload_size = TLV_SPACE(sizeof(link_info)) * | |
652 | buf = tipc_cfg_reply_alloc(TLV_SPACE(sizeof(link_info)) * | 657 | (tipc_net.zones[tipc_zone(tipc_own_addr)]->links + 1); |
653 | (2 * (tipc_max_nodes - 1) + 1)); | 658 | if (payload_size > 32768u) |
659 | return tipc_cfg_reply_error_string(TIPC_CFG_NOT_SUPPORTED | ||
660 | " (too many links)"); | ||
661 | buf = tipc_cfg_reply_alloc(payload_size); | ||
654 | if (!buf) | 662 | if (!buf) |
655 | return NULL; | 663 | return NULL; |
656 | 664 | ||
diff --git a/net/tipc/zone.h b/net/tipc/zone.h index 267999c5a240..5ab3d08602e2 100644 --- a/net/tipc/zone.h +++ b/net/tipc/zone.h | |||
@@ -2,7 +2,7 @@ | |||
2 | * net/tipc/zone.h: Include file for TIPC zone management routines | 2 | * net/tipc/zone.h: Include file for TIPC zone management routines |
3 | * | 3 | * |
4 | * Copyright (c) 2000-2006, Ericsson AB | 4 | * Copyright (c) 2000-2006, Ericsson AB |
5 | * Copyright (c) 2005, Wind River Systems | 5 | * Copyright (c) 2005-2006, Wind River Systems |
6 | * All rights reserved. | 6 | * All rights reserved. |
7 | * | 7 | * |
8 | * Redistribution and use in source and binary forms, with or without | 8 | * Redistribution and use in source and binary forms, with or without |
@@ -45,7 +45,7 @@ | |||
45 | * struct _zone - TIPC zone structure | 45 | * struct _zone - TIPC zone structure |
46 | * @addr: network address of zone | 46 | * @addr: network address of zone |
47 | * @clusters: array of pointers to all clusters within zone | 47 | * @clusters: array of pointers to all clusters within zone |
48 | * @links: (used for inter-zone communication) | 48 | * @links: number of (unicast) links to zone |
49 | */ | 49 | */ |
50 | 50 | ||
51 | struct _zone { | 51 | struct _zone { |
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c index d901465ce013..fd11d4048b52 100644 --- a/net/unix/af_unix.c +++ b/net/unix/af_unix.c | |||
@@ -128,6 +128,30 @@ static atomic_t unix_nr_socks = ATOMIC_INIT(0); | |||
128 | 128 | ||
129 | #define UNIX_ABSTRACT(sk) (unix_sk(sk)->addr->hash != UNIX_HASH_SIZE) | 129 | #define UNIX_ABSTRACT(sk) (unix_sk(sk)->addr->hash != UNIX_HASH_SIZE) |
130 | 130 | ||
131 | #ifdef CONFIG_SECURITY_NETWORK | ||
132 | static void unix_get_peersec_dgram(struct sk_buff *skb) | ||
133 | { | ||
134 | int err; | ||
135 | |||
136 | err = security_socket_getpeersec_dgram(skb, UNIXSECDATA(skb), | ||
137 | UNIXSECLEN(skb)); | ||
138 | if (err) | ||
139 | *(UNIXSECDATA(skb)) = NULL; | ||
140 | } | ||
141 | |||
142 | static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb) | ||
143 | { | ||
144 | scm->secdata = *UNIXSECDATA(skb); | ||
145 | scm->seclen = *UNIXSECLEN(skb); | ||
146 | } | ||
147 | #else | ||
148 | static void unix_get_peersec_dgram(struct sk_buff *skb) | ||
149 | { } | ||
150 | |||
151 | static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb) | ||
152 | { } | ||
153 | #endif /* CONFIG_SECURITY_NETWORK */ | ||
154 | |||
131 | /* | 155 | /* |
132 | * SMP locking strategy: | 156 | * SMP locking strategy: |
133 | * hash table is protected with spinlock unix_table_lock | 157 | * hash table is protected with spinlock unix_table_lock |
@@ -1291,6 +1315,8 @@ static int unix_dgram_sendmsg(struct kiocb *kiocb, struct socket *sock, | |||
1291 | if (siocb->scm->fp) | 1315 | if (siocb->scm->fp) |
1292 | unix_attach_fds(siocb->scm, skb); | 1316 | unix_attach_fds(siocb->scm, skb); |
1293 | 1317 | ||
1318 | unix_get_peersec_dgram(skb); | ||
1319 | |||
1294 | skb->h.raw = skb->data; | 1320 | skb->h.raw = skb->data; |
1295 | err = memcpy_fromiovec(skb_put(skb,len), msg->msg_iov, len); | 1321 | err = memcpy_fromiovec(skb_put(skb,len), msg->msg_iov, len); |
1296 | if (err) | 1322 | if (err) |
@@ -1570,6 +1596,7 @@ static int unix_dgram_recvmsg(struct kiocb *iocb, struct socket *sock, | |||
1570 | memset(&tmp_scm, 0, sizeof(tmp_scm)); | 1596 | memset(&tmp_scm, 0, sizeof(tmp_scm)); |
1571 | } | 1597 | } |
1572 | siocb->scm->creds = *UNIXCREDS(skb); | 1598 | siocb->scm->creds = *UNIXCREDS(skb); |
1599 | unix_set_secdata(siocb->scm, skb); | ||
1573 | 1600 | ||
1574 | if (!(flags & MSG_PEEK)) | 1601 | if (!(flags & MSG_PEEK)) |
1575 | { | 1602 | { |
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 17b29ec3c417..43f00fc28a3d 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c | |||
@@ -1164,8 +1164,6 @@ int xfrm_state_mtu(struct xfrm_state *x, int mtu) | |||
1164 | return res; | 1164 | return res; |
1165 | } | 1165 | } |
1166 | 1166 | ||
1167 | EXPORT_SYMBOL(xfrm_state_mtu); | ||
1168 | |||
1169 | int xfrm_init_state(struct xfrm_state *x) | 1167 | int xfrm_init_state(struct xfrm_state *x) |
1170 | { | 1168 | { |
1171 | struct xfrm_state_afinfo *afinfo; | 1169 | struct xfrm_state_afinfo *afinfo; |
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index c21dc26141ea..3e6a722d072e 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c | |||
@@ -1435,7 +1435,7 @@ static int xfrm_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh, int *err | |||
1435 | link = &xfrm_dispatch[type]; | 1435 | link = &xfrm_dispatch[type]; |
1436 | 1436 | ||
1437 | /* All operations require privileges, even GET */ | 1437 | /* All operations require privileges, even GET */ |
1438 | if (security_netlink_recv(skb)) { | 1438 | if (security_netlink_recv(skb, CAP_NET_ADMIN)) { |
1439 | *errp = -EPERM; | 1439 | *errp = -EPERM; |
1440 | return -1; | 1440 | return -1; |
1441 | } | 1441 | } |
diff --git a/security/commoncap.c b/security/commoncap.c index 841eb4e5c62b..57673ee07ceb 100644 --- a/security/commoncap.c +++ b/security/commoncap.c | |||
@@ -33,9 +33,9 @@ int cap_netlink_send(struct sock *sk, struct sk_buff *skb) | |||
33 | 33 | ||
34 | EXPORT_SYMBOL(cap_netlink_send); | 34 | EXPORT_SYMBOL(cap_netlink_send); |
35 | 35 | ||
36 | int cap_netlink_recv(struct sk_buff *skb) | 36 | int cap_netlink_recv(struct sk_buff *skb, int cap) |
37 | { | 37 | { |
38 | if (!cap_raised(NETLINK_CB(skb).eff_cap, CAP_NET_ADMIN)) | 38 | if (!cap_raised(NETLINK_CB(skb).eff_cap, cap)) |
39 | return -EPERM; | 39 | return -EPERM; |
40 | return 0; | 40 | return 0; |
41 | } | 41 | } |
diff --git a/security/dummy.c b/security/dummy.c index 310fcdf7b749..913540808577 100644 --- a/security/dummy.c +++ b/security/dummy.c | |||
@@ -675,9 +675,9 @@ static int dummy_netlink_send (struct sock *sk, struct sk_buff *skb) | |||
675 | return 0; | 675 | return 0; |
676 | } | 676 | } |
677 | 677 | ||
678 | static int dummy_netlink_recv (struct sk_buff *skb) | 678 | static int dummy_netlink_recv (struct sk_buff *skb, int cap) |
679 | { | 679 | { |
680 | if (!cap_raised (NETLINK_CB (skb).eff_cap, CAP_NET_ADMIN)) | 680 | if (!cap_raised (NETLINK_CB (skb).eff_cap, cap)) |
681 | return -EPERM; | 681 | return -EPERM; |
682 | return 0; | 682 | return 0; |
683 | } | 683 | } |
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 28832e689800..b85afcf38527 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -69,6 +69,7 @@ | |||
69 | #include <linux/sysctl.h> | 69 | #include <linux/sysctl.h> |
70 | #include <linux/audit.h> | 70 | #include <linux/audit.h> |
71 | #include <linux/string.h> | 71 | #include <linux/string.h> |
72 | #include <linux/selinux.h> | ||
72 | 73 | ||
73 | #include "avc.h" | 74 | #include "avc.h" |
74 | #include "objsec.h" | 75 | #include "objsec.h" |
@@ -3420,7 +3421,13 @@ out: | |||
3420 | static int selinux_socket_getpeersec_dgram(struct sk_buff *skb, char **secdata, u32 *seclen) | 3421 | static int selinux_socket_getpeersec_dgram(struct sk_buff *skb, char **secdata, u32 *seclen) |
3421 | { | 3422 | { |
3422 | int err = 0; | 3423 | int err = 0; |
3423 | u32 peer_sid = selinux_socket_getpeer_dgram(skb); | 3424 | u32 peer_sid; |
3425 | |||
3426 | if (skb->sk->sk_family == PF_UNIX) | ||
3427 | selinux_get_inode_sid(SOCK_INODE(skb->sk->sk_socket), | ||
3428 | &peer_sid); | ||
3429 | else | ||
3430 | peer_sid = selinux_socket_getpeer_dgram(skb); | ||
3424 | 3431 | ||
3425 | if (peer_sid == SECSID_NULL) | 3432 | if (peer_sid == SECSID_NULL) |
3426 | return -EINVAL; | 3433 | return -EINVAL; |
@@ -3432,8 +3439,6 @@ static int selinux_socket_getpeersec_dgram(struct sk_buff *skb, char **secdata, | |||
3432 | return 0; | 3439 | return 0; |
3433 | } | 3440 | } |
3434 | 3441 | ||
3435 | |||
3436 | |||
3437 | static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority) | 3442 | static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority) |
3438 | { | 3443 | { |
3439 | return sk_alloc_security(sk, family, priority); | 3444 | return sk_alloc_security(sk, family, priority); |
@@ -3641,32 +3646,32 @@ static unsigned int selinux_ipv6_postroute_last(unsigned int hooknum, | |||
3641 | 3646 | ||
3642 | static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb) | 3647 | static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb) |
3643 | { | 3648 | { |
3644 | struct task_security_struct *tsec; | ||
3645 | struct av_decision avd; | ||
3646 | int err; | 3649 | int err; |
3647 | 3650 | ||
3648 | err = secondary_ops->netlink_send(sk, skb); | 3651 | err = secondary_ops->netlink_send(sk, skb); |
3649 | if (err) | 3652 | if (err) |
3650 | return err; | 3653 | return err; |
3651 | 3654 | ||
3652 | tsec = current->security; | ||
3653 | |||
3654 | avd.allowed = 0; | ||
3655 | avc_has_perm_noaudit(tsec->sid, tsec->sid, | ||
3656 | SECCLASS_CAPABILITY, ~0, &avd); | ||
3657 | cap_mask(NETLINK_CB(skb).eff_cap, avd.allowed); | ||
3658 | |||
3659 | if (policydb_loaded_version >= POLICYDB_VERSION_NLCLASS) | 3655 | if (policydb_loaded_version >= POLICYDB_VERSION_NLCLASS) |
3660 | err = selinux_nlmsg_perm(sk, skb); | 3656 | err = selinux_nlmsg_perm(sk, skb); |
3661 | 3657 | ||
3662 | return err; | 3658 | return err; |
3663 | } | 3659 | } |
3664 | 3660 | ||
3665 | static int selinux_netlink_recv(struct sk_buff *skb) | 3661 | static int selinux_netlink_recv(struct sk_buff *skb, int capability) |
3666 | { | 3662 | { |
3667 | if (!cap_raised(NETLINK_CB(skb).eff_cap, CAP_NET_ADMIN)) | 3663 | int err; |
3668 | return -EPERM; | 3664 | struct avc_audit_data ad; |
3669 | return 0; | 3665 | |
3666 | err = secondary_ops->netlink_recv(skb, capability); | ||
3667 | if (err) | ||
3668 | return err; | ||
3669 | |||
3670 | AVC_AUDIT_DATA_INIT(&ad, CAP); | ||
3671 | ad.u.cap = capability; | ||
3672 | |||
3673 | return avc_has_perm(NETLINK_CB(skb).sid, NETLINK_CB(skb).sid, | ||
3674 | SECCLASS_CAPABILITY, CAP_TO_MASK(capability), &ad); | ||
3670 | } | 3675 | } |
3671 | 3676 | ||
3672 | static int ipc_alloc_security(struct task_struct *task, | 3677 | static int ipc_alloc_security(struct task_struct *task, |