aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--arch/x86_64/kernel/functionlist1
-rw-r--r--include/linux/skbuff.h10
-rw-r--r--net/bridge/br_stp_if.c9
-rw-r--r--net/core/neighbour.c5
-rw-r--r--net/core/netpoll.c7
-rw-r--r--net/core/skbuff.c55
-rw-r--r--net/key/af_key.c90
-rw-r--r--net/sctp/socket.c54
8 files changed, 150 insertions, 81 deletions
diff --git a/arch/x86_64/kernel/functionlist b/arch/x86_64/kernel/functionlist
index 01fa23580c85..7ae18ec12454 100644
--- a/arch/x86_64/kernel/functionlist
+++ b/arch/x86_64/kernel/functionlist
@@ -514,7 +514,6 @@
514*(.text.dentry_open) 514*(.text.dentry_open)
515*(.text.dentry_iput) 515*(.text.dentry_iput)
516*(.text.bio_alloc) 516*(.text.bio_alloc)
517*(.text.alloc_skb_from_cache)
518*(.text.wait_on_page_bit) 517*(.text.wait_on_page_bit)
519*(.text.vfs_readdir) 518*(.text.vfs_readdir)
520*(.text.vfs_lstat) 519*(.text.vfs_lstat)
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
index 82f43ad478c7..5992f65b4184 100644
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -346,9 +346,6 @@ static inline struct sk_buff *alloc_skb_fclone(unsigned int size,
346 return __alloc_skb(size, priority, 1, -1); 346 return __alloc_skb(size, priority, 1, -1);
347} 347}
348 348
349extern struct sk_buff *alloc_skb_from_cache(struct kmem_cache *cp,
350 unsigned int size,
351 gfp_t priority);
352extern void kfree_skbmem(struct sk_buff *skb); 349extern void kfree_skbmem(struct sk_buff *skb);
353extern struct sk_buff *skb_clone(struct sk_buff *skb, 350extern struct sk_buff *skb_clone(struct sk_buff *skb,
354 gfp_t priority); 351 gfp_t priority);
@@ -622,6 +619,13 @@ static inline void skb_queue_head_init(struct sk_buff_head *list)
622 list->qlen = 0; 619 list->qlen = 0;
623} 620}
624 621
622static inline void skb_queue_head_init_class(struct sk_buff_head *list,
623 struct lock_class_key *class)
624{
625 skb_queue_head_init(list);
626 lockdep_set_class(&list->lock, class);
627}
628
625/* 629/*
626 * Insert an sk_buff at the start of a list. 630 * Insert an sk_buff at the start of a list.
627 * 631 *
diff --git a/net/bridge/br_stp_if.c b/net/bridge/br_stp_if.c
index 58d13f2bd121..a285897a2fb4 100644
--- a/net/bridge/br_stp_if.c
+++ b/net/bridge/br_stp_if.c
@@ -126,7 +126,9 @@ void br_stp_disable_port(struct net_bridge_port *p)
126/* called under bridge lock */ 126/* called under bridge lock */
127void br_stp_change_bridge_id(struct net_bridge *br, const unsigned char *addr) 127void br_stp_change_bridge_id(struct net_bridge *br, const unsigned char *addr)
128{ 128{
129 unsigned char oldaddr[6]; 129 /* should be aligned on 2 bytes for compare_ether_addr() */
130 unsigned short oldaddr_aligned[ETH_ALEN >> 1];
131 unsigned char *oldaddr = (unsigned char *)oldaddr_aligned;
130 struct net_bridge_port *p; 132 struct net_bridge_port *p;
131 int wasroot; 133 int wasroot;
132 134
@@ -151,11 +153,14 @@ void br_stp_change_bridge_id(struct net_bridge *br, const unsigned char *addr)
151 br_become_root_bridge(br); 153 br_become_root_bridge(br);
152} 154}
153 155
154static const unsigned char br_mac_zero[6]; 156/* should be aligned on 2 bytes for compare_ether_addr() */
157static const unsigned short br_mac_zero_aligned[ETH_ALEN >> 1];
155 158
156/* called under bridge lock */ 159/* called under bridge lock */
157void br_stp_recalculate_bridge_id(struct net_bridge *br) 160void br_stp_recalculate_bridge_id(struct net_bridge *br)
158{ 161{
162 const unsigned char *br_mac_zero =
163 (const unsigned char *)br_mac_zero_aligned;
159 const unsigned char *addr = br_mac_zero; 164 const unsigned char *addr = br_mac_zero;
160 struct net_bridge_port *p; 165 struct net_bridge_port *p;
161 166
diff --git a/net/core/neighbour.c b/net/core/neighbour.c
index cfc60019cf92..841e3f32cab1 100644
--- a/net/core/neighbour.c
+++ b/net/core/neighbour.c
@@ -1331,6 +1331,8 @@ void neigh_parms_destroy(struct neigh_parms *parms)
1331 kfree(parms); 1331 kfree(parms);
1332} 1332}
1333 1333
1334static struct lock_class_key neigh_table_proxy_queue_class;
1335
1334void neigh_table_init_no_netlink(struct neigh_table *tbl) 1336void neigh_table_init_no_netlink(struct neigh_table *tbl)
1335{ 1337{
1336 unsigned long now = jiffies; 1338 unsigned long now = jiffies;
@@ -1379,7 +1381,8 @@ void neigh_table_init_no_netlink(struct neigh_table *tbl)
1379 init_timer(&tbl->proxy_timer); 1381 init_timer(&tbl->proxy_timer);
1380 tbl->proxy_timer.data = (unsigned long)tbl; 1382 tbl->proxy_timer.data = (unsigned long)tbl;
1381 tbl->proxy_timer.function = neigh_proxy_process; 1383 tbl->proxy_timer.function = neigh_proxy_process;
1382 skb_queue_head_init(&tbl->proxy_queue); 1384 skb_queue_head_init_class(&tbl->proxy_queue,
1385 &neigh_table_proxy_queue_class);
1383 1386
1384 tbl->last_flush = now; 1387 tbl->last_flush = now;
1385 tbl->last_rand = now + tbl->parms.reachable_time * 20; 1388 tbl->last_rand = now + tbl->parms.reachable_time * 20;
diff --git a/net/core/netpoll.c b/net/core/netpoll.c
index da1019451ccb..4581ece48bb2 100644
--- a/net/core/netpoll.c
+++ b/net/core/netpoll.c
@@ -471,6 +471,13 @@ int __netpoll_rx(struct sk_buff *skb)
471 if (skb->len < len || len < iph->ihl*4) 471 if (skb->len < len || len < iph->ihl*4)
472 goto out; 472 goto out;
473 473
474 /*
475 * Our transport medium may have padded the buffer out.
476 * Now We trim to the true length of the frame.
477 */
478 if (pskb_trim_rcsum(skb, len))
479 goto out;
480
474 if (iph->protocol != IPPROTO_UDP) 481 if (iph->protocol != IPPROTO_UDP)
475 goto out; 482 goto out;
476 483
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 87573ae35b02..336958fbbcb2 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -197,61 +197,6 @@ nodata:
197} 197}
198 198
199/** 199/**
200 * alloc_skb_from_cache - allocate a network buffer
201 * @cp: kmem_cache from which to allocate the data area
202 * (object size must be big enough for @size bytes + skb overheads)
203 * @size: size to allocate
204 * @gfp_mask: allocation mask
205 *
206 * Allocate a new &sk_buff. The returned buffer has no headroom and
207 * tail room of size bytes. The object has a reference count of one.
208 * The return is the buffer. On a failure the return is %NULL.
209 *
210 * Buffers may only be allocated from interrupts using a @gfp_mask of
211 * %GFP_ATOMIC.
212 */
213struct sk_buff *alloc_skb_from_cache(struct kmem_cache *cp,
214 unsigned int size,
215 gfp_t gfp_mask)
216{
217 struct sk_buff *skb;
218 u8 *data;
219
220 /* Get the HEAD */
221 skb = kmem_cache_alloc(skbuff_head_cache,
222 gfp_mask & ~__GFP_DMA);
223 if (!skb)
224 goto out;
225
226 /* Get the DATA. */
227 size = SKB_DATA_ALIGN(size);
228 data = kmem_cache_alloc(cp, gfp_mask);
229 if (!data)
230 goto nodata;
231
232 memset(skb, 0, offsetof(struct sk_buff, truesize));
233 skb->truesize = size + sizeof(struct sk_buff);
234 atomic_set(&skb->users, 1);
235 skb->head = data;
236 skb->data = data;
237 skb->tail = data;
238 skb->end = data + size;
239
240 atomic_set(&(skb_shinfo(skb)->dataref), 1);
241 skb_shinfo(skb)->nr_frags = 0;
242 skb_shinfo(skb)->gso_size = 0;
243 skb_shinfo(skb)->gso_segs = 0;
244 skb_shinfo(skb)->gso_type = 0;
245 skb_shinfo(skb)->frag_list = NULL;
246out:
247 return skb;
248nodata:
249 kmem_cache_free(skbuff_head_cache, skb);
250 skb = NULL;
251 goto out;
252}
253
254/**
255 * __netdev_alloc_skb - allocate an skbuff for rx on a specific device 200 * __netdev_alloc_skb - allocate an skbuff for rx on a specific device
256 * @dev: network device to receive on 201 * @dev: network device to receive on
257 * @length: length to allocate 202 * @length: length to allocate
diff --git a/net/key/af_key.c b/net/key/af_key.c
index a4e7e2db0ff3..cf77930ee516 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -630,6 +630,35 @@ pfkey_sockaddr_size(sa_family_t family)
630 /* NOTREACHED */ 630 /* NOTREACHED */
631} 631}
632 632
633static inline int pfkey_mode_from_xfrm(int mode)
634{
635 switch(mode) {
636 case XFRM_MODE_TRANSPORT:
637 return IPSEC_MODE_TRANSPORT;
638 case XFRM_MODE_TUNNEL:
639 return IPSEC_MODE_TUNNEL;
640 case XFRM_MODE_BEET:
641 return IPSEC_MODE_BEET;
642 default:
643 return -1;
644 }
645}
646
647static inline int pfkey_mode_to_xfrm(int mode)
648{
649 switch(mode) {
650 case IPSEC_MODE_ANY: /*XXX*/
651 case IPSEC_MODE_TRANSPORT:
652 return XFRM_MODE_TRANSPORT;
653 case IPSEC_MODE_TUNNEL:
654 return XFRM_MODE_TUNNEL;
655 case IPSEC_MODE_BEET:
656 return XFRM_MODE_BEET;
657 default:
658 return -1;
659 }
660}
661
633static struct sk_buff * pfkey_xfrm_state2msg(struct xfrm_state *x, int add_keys, int hsc) 662static struct sk_buff * pfkey_xfrm_state2msg(struct xfrm_state *x, int add_keys, int hsc)
634{ 663{
635 struct sk_buff *skb; 664 struct sk_buff *skb;
@@ -651,6 +680,7 @@ static struct sk_buff * pfkey_xfrm_state2msg(struct xfrm_state *x, int add_keys,
651 int encrypt_key_size = 0; 680 int encrypt_key_size = 0;
652 int sockaddr_size; 681 int sockaddr_size;
653 struct xfrm_encap_tmpl *natt = NULL; 682 struct xfrm_encap_tmpl *natt = NULL;
683 int mode;
654 684
655 /* address family check */ 685 /* address family check */
656 sockaddr_size = pfkey_sockaddr_size(x->props.family); 686 sockaddr_size = pfkey_sockaddr_size(x->props.family);
@@ -928,7 +958,11 @@ static struct sk_buff * pfkey_xfrm_state2msg(struct xfrm_state *x, int add_keys,
928 sa2 = (struct sadb_x_sa2 *) skb_put(skb, sizeof(struct sadb_x_sa2)); 958 sa2 = (struct sadb_x_sa2 *) skb_put(skb, sizeof(struct sadb_x_sa2));
929 sa2->sadb_x_sa2_len = sizeof(struct sadb_x_sa2)/sizeof(uint64_t); 959 sa2->sadb_x_sa2_len = sizeof(struct sadb_x_sa2)/sizeof(uint64_t);
930 sa2->sadb_x_sa2_exttype = SADB_X_EXT_SA2; 960 sa2->sadb_x_sa2_exttype = SADB_X_EXT_SA2;
931 sa2->sadb_x_sa2_mode = x->props.mode + 1; 961 if ((mode = pfkey_mode_from_xfrm(x->props.mode)) < 0) {
962 kfree_skb(skb);
963 return ERR_PTR(-EINVAL);
964 }
965 sa2->sadb_x_sa2_mode = mode;
932 sa2->sadb_x_sa2_reserved1 = 0; 966 sa2->sadb_x_sa2_reserved1 = 0;
933 sa2->sadb_x_sa2_reserved2 = 0; 967 sa2->sadb_x_sa2_reserved2 = 0;
934 sa2->sadb_x_sa2_sequence = 0; 968 sa2->sadb_x_sa2_sequence = 0;
@@ -1155,9 +1189,12 @@ static struct xfrm_state * pfkey_msg2xfrm_state(struct sadb_msg *hdr,
1155 1189
1156 if (ext_hdrs[SADB_X_EXT_SA2-1]) { 1190 if (ext_hdrs[SADB_X_EXT_SA2-1]) {
1157 struct sadb_x_sa2 *sa2 = (void*)ext_hdrs[SADB_X_EXT_SA2-1]; 1191 struct sadb_x_sa2 *sa2 = (void*)ext_hdrs[SADB_X_EXT_SA2-1];
1158 x->props.mode = sa2->sadb_x_sa2_mode; 1192 int mode = pfkey_mode_to_xfrm(sa2->sadb_x_sa2_mode);
1159 if (x->props.mode) 1193 if (mode < 0) {
1160 x->props.mode--; 1194 err = -EINVAL;
1195 goto out;
1196 }
1197 x->props.mode = mode;
1161 x->props.reqid = sa2->sadb_x_sa2_reqid; 1198 x->props.reqid = sa2->sadb_x_sa2_reqid;
1162 } 1199 }
1163 1200
@@ -1218,7 +1255,7 @@ static int pfkey_getspi(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h
1218 struct sadb_address *saddr, *daddr; 1255 struct sadb_address *saddr, *daddr;
1219 struct sadb_msg *out_hdr; 1256 struct sadb_msg *out_hdr;
1220 struct xfrm_state *x = NULL; 1257 struct xfrm_state *x = NULL;
1221 u8 mode; 1258 int mode;
1222 u32 reqid; 1259 u32 reqid;
1223 u8 proto; 1260 u8 proto;
1224 unsigned short family; 1261 unsigned short family;
@@ -1233,7 +1270,9 @@ static int pfkey_getspi(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h
1233 return -EINVAL; 1270 return -EINVAL;
1234 1271
1235 if ((sa2 = ext_hdrs[SADB_X_EXT_SA2-1]) != NULL) { 1272 if ((sa2 = ext_hdrs[SADB_X_EXT_SA2-1]) != NULL) {
1236 mode = sa2->sadb_x_sa2_mode - 1; 1273 mode = pfkey_mode_to_xfrm(sa2->sadb_x_sa2_mode);
1274 if (mode < 0)
1275 return -EINVAL;
1237 reqid = sa2->sadb_x_sa2_reqid; 1276 reqid = sa2->sadb_x_sa2_reqid;
1238 } else { 1277 } else {
1239 mode = 0; 1278 mode = 0;
@@ -1756,6 +1795,7 @@ parse_ipsecrequest(struct xfrm_policy *xp, struct sadb_x_ipsecrequest *rq)
1756#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 1795#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
1757 struct sockaddr_in6 *sin6; 1796 struct sockaddr_in6 *sin6;
1758#endif 1797#endif
1798 int mode;
1759 1799
1760 if (xp->xfrm_nr >= XFRM_MAX_DEPTH) 1800 if (xp->xfrm_nr >= XFRM_MAX_DEPTH)
1761 return -ELOOP; 1801 return -ELOOP;
@@ -1764,7 +1804,9 @@ parse_ipsecrequest(struct xfrm_policy *xp, struct sadb_x_ipsecrequest *rq)
1764 return -EINVAL; 1804 return -EINVAL;
1765 1805
1766 t->id.proto = rq->sadb_x_ipsecrequest_proto; /* XXX check proto */ 1806 t->id.proto = rq->sadb_x_ipsecrequest_proto; /* XXX check proto */
1767 t->mode = rq->sadb_x_ipsecrequest_mode-1; 1807 if ((mode = pfkey_mode_to_xfrm(rq->sadb_x_ipsecrequest_mode)) < 0)
1808 return -EINVAL;
1809 t->mode = mode;
1768 if (rq->sadb_x_ipsecrequest_level == IPSEC_LEVEL_USE) 1810 if (rq->sadb_x_ipsecrequest_level == IPSEC_LEVEL_USE)
1769 t->optional = 1; 1811 t->optional = 1;
1770 else if (rq->sadb_x_ipsecrequest_level == IPSEC_LEVEL_UNIQUE) { 1812 else if (rq->sadb_x_ipsecrequest_level == IPSEC_LEVEL_UNIQUE) {
@@ -1877,7 +1919,7 @@ static struct sk_buff * pfkey_xfrm_policy2msg_prep(struct xfrm_policy *xp)
1877 return skb; 1919 return skb;
1878} 1920}
1879 1921
1880static void pfkey_xfrm_policy2msg(struct sk_buff *skb, struct xfrm_policy *xp, int dir) 1922static int pfkey_xfrm_policy2msg(struct sk_buff *skb, struct xfrm_policy *xp, int dir)
1881{ 1923{
1882 struct sadb_msg *hdr; 1924 struct sadb_msg *hdr;
1883 struct sadb_address *addr; 1925 struct sadb_address *addr;
@@ -2014,6 +2056,7 @@ static void pfkey_xfrm_policy2msg(struct sk_buff *skb, struct xfrm_policy *xp, i
2014 struct sadb_x_ipsecrequest *rq; 2056 struct sadb_x_ipsecrequest *rq;
2015 struct xfrm_tmpl *t = xp->xfrm_vec + i; 2057 struct xfrm_tmpl *t = xp->xfrm_vec + i;
2016 int req_size; 2058 int req_size;
2059 int mode;
2017 2060
2018 req_size = sizeof(struct sadb_x_ipsecrequest); 2061 req_size = sizeof(struct sadb_x_ipsecrequest);
2019 if (t->mode == XFRM_MODE_TUNNEL) 2062 if (t->mode == XFRM_MODE_TUNNEL)
@@ -2027,7 +2070,9 @@ static void pfkey_xfrm_policy2msg(struct sk_buff *skb, struct xfrm_policy *xp, i
2027 memset(rq, 0, sizeof(*rq)); 2070 memset(rq, 0, sizeof(*rq));
2028 rq->sadb_x_ipsecrequest_len = req_size; 2071 rq->sadb_x_ipsecrequest_len = req_size;
2029 rq->sadb_x_ipsecrequest_proto = t->id.proto; 2072 rq->sadb_x_ipsecrequest_proto = t->id.proto;
2030 rq->sadb_x_ipsecrequest_mode = t->mode+1; 2073 if ((mode = pfkey_mode_from_xfrm(t->mode)) < 0)
2074 return -EINVAL;
2075 mode = pfkey_mode_from_xfrm(t->mode);
2031 rq->sadb_x_ipsecrequest_level = IPSEC_LEVEL_REQUIRE; 2076 rq->sadb_x_ipsecrequest_level = IPSEC_LEVEL_REQUIRE;
2032 if (t->reqid) 2077 if (t->reqid)
2033 rq->sadb_x_ipsecrequest_level = IPSEC_LEVEL_UNIQUE; 2078 rq->sadb_x_ipsecrequest_level = IPSEC_LEVEL_UNIQUE;
@@ -2089,6 +2134,8 @@ static void pfkey_xfrm_policy2msg(struct sk_buff *skb, struct xfrm_policy *xp, i
2089 2134
2090 hdr->sadb_msg_len = size / sizeof(uint64_t); 2135 hdr->sadb_msg_len = size / sizeof(uint64_t);
2091 hdr->sadb_msg_reserved = atomic_read(&xp->refcnt); 2136 hdr->sadb_msg_reserved = atomic_read(&xp->refcnt);
2137
2138 return 0;
2092} 2139}
2093 2140
2094static int key_notify_policy(struct xfrm_policy *xp, int dir, struct km_event *c) 2141static int key_notify_policy(struct xfrm_policy *xp, int dir, struct km_event *c)
@@ -2102,7 +2149,9 @@ static int key_notify_policy(struct xfrm_policy *xp, int dir, struct km_event *c
2102 err = PTR_ERR(out_skb); 2149 err = PTR_ERR(out_skb);
2103 goto out; 2150 goto out;
2104 } 2151 }
2105 pfkey_xfrm_policy2msg(out_skb, xp, dir); 2152 err = pfkey_xfrm_policy2msg(out_skb, xp, dir);
2153 if (err < 0)
2154 return err;
2106 2155
2107 out_hdr = (struct sadb_msg *) out_skb->data; 2156 out_hdr = (struct sadb_msg *) out_skb->data;
2108 out_hdr->sadb_msg_version = PF_KEY_V2; 2157 out_hdr->sadb_msg_version = PF_KEY_V2;
@@ -2327,7 +2376,9 @@ static int key_pol_get_resp(struct sock *sk, struct xfrm_policy *xp, struct sadb
2327 err = PTR_ERR(out_skb); 2376 err = PTR_ERR(out_skb);
2328 goto out; 2377 goto out;
2329 } 2378 }
2330 pfkey_xfrm_policy2msg(out_skb, xp, dir); 2379 err = pfkey_xfrm_policy2msg(out_skb, xp, dir);
2380 if (err < 0)
2381 goto out;
2331 2382
2332 out_hdr = (struct sadb_msg *) out_skb->data; 2383 out_hdr = (struct sadb_msg *) out_skb->data;
2333 out_hdr->sadb_msg_version = hdr->sadb_msg_version; 2384 out_hdr->sadb_msg_version = hdr->sadb_msg_version;
@@ -2409,6 +2460,7 @@ static int ipsecrequests_to_migrate(struct sadb_x_ipsecrequest *rq1, int len,
2409{ 2460{
2410 int err; 2461 int err;
2411 struct sadb_x_ipsecrequest *rq2; 2462 struct sadb_x_ipsecrequest *rq2;
2463 int mode;
2412 2464
2413 if (len <= sizeof(struct sadb_x_ipsecrequest) || 2465 if (len <= sizeof(struct sadb_x_ipsecrequest) ||
2414 len < rq1->sadb_x_ipsecrequest_len) 2466 len < rq1->sadb_x_ipsecrequest_len)
@@ -2439,7 +2491,9 @@ static int ipsecrequests_to_migrate(struct sadb_x_ipsecrequest *rq1, int len,
2439 return -EINVAL; 2491 return -EINVAL;
2440 2492
2441 m->proto = rq1->sadb_x_ipsecrequest_proto; 2493 m->proto = rq1->sadb_x_ipsecrequest_proto;
2442 m->mode = rq1->sadb_x_ipsecrequest_mode - 1; 2494 if ((mode = pfkey_mode_to_xfrm(rq1->sadb_x_ipsecrequest_mode)) < 0)
2495 return -EINVAL;
2496 m->mode = mode;
2443 m->reqid = rq1->sadb_x_ipsecrequest_reqid; 2497 m->reqid = rq1->sadb_x_ipsecrequest_reqid;
2444 2498
2445 return ((int)(rq1->sadb_x_ipsecrequest_len + 2499 return ((int)(rq1->sadb_x_ipsecrequest_len +
@@ -2579,12 +2633,15 @@ static int dump_sp(struct xfrm_policy *xp, int dir, int count, void *ptr)
2579 struct pfkey_dump_data *data = ptr; 2633 struct pfkey_dump_data *data = ptr;
2580 struct sk_buff *out_skb; 2634 struct sk_buff *out_skb;
2581 struct sadb_msg *out_hdr; 2635 struct sadb_msg *out_hdr;
2636 int err;
2582 2637
2583 out_skb = pfkey_xfrm_policy2msg_prep(xp); 2638 out_skb = pfkey_xfrm_policy2msg_prep(xp);
2584 if (IS_ERR(out_skb)) 2639 if (IS_ERR(out_skb))
2585 return PTR_ERR(out_skb); 2640 return PTR_ERR(out_skb);
2586 2641
2587 pfkey_xfrm_policy2msg(out_skb, xp, dir); 2642 err = pfkey_xfrm_policy2msg(out_skb, xp, dir);
2643 if (err < 0)
2644 return err;
2588 2645
2589 out_hdr = (struct sadb_msg *) out_skb->data; 2646 out_hdr = (struct sadb_msg *) out_skb->data;
2590 out_hdr->sadb_msg_version = data->hdr->sadb_msg_version; 2647 out_hdr->sadb_msg_version = data->hdr->sadb_msg_version;
@@ -3513,7 +3570,10 @@ static int pfkey_send_migrate(struct xfrm_selector *sel, u8 dir, u8 type,
3513 3570
3514 for (i = 0, mp = m; i < num_bundles; i++, mp++) { 3571 for (i = 0, mp = m; i < num_bundles; i++, mp++) {
3515 /* old ipsecrequest */ 3572 /* old ipsecrequest */
3516 if (set_ipsecrequest(skb, mp->proto, mp->mode + 1, 3573 int mode = pfkey_mode_from_xfrm(mp->mode);
3574 if (mode < 0)
3575 return -EINVAL;
3576 if (set_ipsecrequest(skb, mp->proto, mode,
3517 (mp->reqid ? IPSEC_LEVEL_UNIQUE : IPSEC_LEVEL_REQUIRE), 3577 (mp->reqid ? IPSEC_LEVEL_UNIQUE : IPSEC_LEVEL_REQUIRE),
3518 mp->reqid, mp->old_family, 3578 mp->reqid, mp->old_family,
3519 &mp->old_saddr, &mp->old_daddr) < 0) { 3579 &mp->old_saddr, &mp->old_daddr) < 0) {
@@ -3521,7 +3581,7 @@ static int pfkey_send_migrate(struct xfrm_selector *sel, u8 dir, u8 type,
3521 } 3581 }
3522 3582
3523 /* new ipsecrequest */ 3583 /* new ipsecrequest */
3524 if (set_ipsecrequest(skb, mp->proto, mp->mode + 1, 3584 if (set_ipsecrequest(skb, mp->proto, mode,
3525 (mp->reqid ? IPSEC_LEVEL_UNIQUE : IPSEC_LEVEL_REQUIRE), 3585 (mp->reqid ? IPSEC_LEVEL_UNIQUE : IPSEC_LEVEL_REQUIRE),
3526 mp->reqid, mp->new_family, 3586 mp->reqid, mp->new_family,
3527 &mp->new_saddr, &mp->new_daddr) < 0) { 3587 &mp->new_saddr, &mp->new_daddr) < 0) {
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index 536298c2eda2..a1d026f12b0e 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -627,6 +627,12 @@ int sctp_bindx_rem(struct sock *sk, struct sockaddr *addrs, int addrcnt)
627 retval = -EINVAL; 627 retval = -EINVAL;
628 goto err_bindx_rem; 628 goto err_bindx_rem;
629 } 629 }
630
631 if (!af->addr_valid(sa_addr, sp, NULL)) {
632 retval = -EADDRNOTAVAIL;
633 goto err_bindx_rem;
634 }
635
630 if (sa_addr->v4.sin_port != htons(bp->port)) { 636 if (sa_addr->v4.sin_port != htons(bp->port)) {
631 retval = -EINVAL; 637 retval = -EINVAL;
632 goto err_bindx_rem; 638 goto err_bindx_rem;
@@ -5638,6 +5644,36 @@ void sctp_wait_for_close(struct sock *sk, long timeout)
5638 finish_wait(sk->sk_sleep, &wait); 5644 finish_wait(sk->sk_sleep, &wait);
5639} 5645}
5640 5646
5647static void sctp_sock_rfree_frag(struct sk_buff *skb)
5648{
5649 struct sk_buff *frag;
5650
5651 if (!skb->data_len)
5652 goto done;
5653
5654 /* Don't forget the fragments. */
5655 for (frag = skb_shinfo(skb)->frag_list; frag; frag = frag->next)
5656 sctp_sock_rfree_frag(frag);
5657
5658done:
5659 sctp_sock_rfree(skb);
5660}
5661
5662static void sctp_skb_set_owner_r_frag(struct sk_buff *skb, struct sock *sk)
5663{
5664 struct sk_buff *frag;
5665
5666 if (!skb->data_len)
5667 goto done;
5668
5669 /* Don't forget the fragments. */
5670 for (frag = skb_shinfo(skb)->frag_list; frag; frag = frag->next)
5671 sctp_skb_set_owner_r_frag(frag, sk);
5672
5673done:
5674 sctp_skb_set_owner_r(skb, sk);
5675}
5676
5641/* Populate the fields of the newsk from the oldsk and migrate the assoc 5677/* Populate the fields of the newsk from the oldsk and migrate the assoc
5642 * and its messages to the newsk. 5678 * and its messages to the newsk.
5643 */ 5679 */
@@ -5692,10 +5728,10 @@ static void sctp_sock_migrate(struct sock *oldsk, struct sock *newsk,
5692 sctp_skb_for_each(skb, &oldsk->sk_receive_queue, tmp) { 5728 sctp_skb_for_each(skb, &oldsk->sk_receive_queue, tmp) {
5693 event = sctp_skb2event(skb); 5729 event = sctp_skb2event(skb);
5694 if (event->asoc == assoc) { 5730 if (event->asoc == assoc) {
5695 sctp_sock_rfree(skb); 5731 sctp_sock_rfree_frag(skb);
5696 __skb_unlink(skb, &oldsk->sk_receive_queue); 5732 __skb_unlink(skb, &oldsk->sk_receive_queue);
5697 __skb_queue_tail(&newsk->sk_receive_queue, skb); 5733 __skb_queue_tail(&newsk->sk_receive_queue, skb);
5698 sctp_skb_set_owner_r(skb, newsk); 5734 sctp_skb_set_owner_r_frag(skb, newsk);
5699 } 5735 }
5700 } 5736 }
5701 5737
@@ -5723,10 +5759,10 @@ static void sctp_sock_migrate(struct sock *oldsk, struct sock *newsk,
5723 sctp_skb_for_each(skb, &oldsp->pd_lobby, tmp) { 5759 sctp_skb_for_each(skb, &oldsp->pd_lobby, tmp) {
5724 event = sctp_skb2event(skb); 5760 event = sctp_skb2event(skb);
5725 if (event->asoc == assoc) { 5761 if (event->asoc == assoc) {
5726 sctp_sock_rfree(skb); 5762 sctp_sock_rfree_frag(skb);
5727 __skb_unlink(skb, &oldsp->pd_lobby); 5763 __skb_unlink(skb, &oldsp->pd_lobby);
5728 __skb_queue_tail(queue, skb); 5764 __skb_queue_tail(queue, skb);
5729 sctp_skb_set_owner_r(skb, newsk); 5765 sctp_skb_set_owner_r_frag(skb, newsk);
5730 } 5766 }
5731 } 5767 }
5732 5768
@@ -5738,6 +5774,16 @@ static void sctp_sock_migrate(struct sock *oldsk, struct sock *newsk,
5738 5774
5739 } 5775 }
5740 5776
5777 sctp_skb_for_each(skb, &assoc->ulpq.reasm, tmp) {
5778 sctp_sock_rfree_frag(skb);
5779 sctp_skb_set_owner_r_frag(skb, newsk);
5780 }
5781
5782 sctp_skb_for_each(skb, &assoc->ulpq.lobby, tmp) {
5783 sctp_sock_rfree_frag(skb);
5784 sctp_skb_set_owner_r_frag(skb, newsk);
5785 }
5786
5741 /* Set the type of socket to indicate that it is peeled off from the 5787 /* Set the type of socket to indicate that it is peeled off from the
5742 * original UDP-style socket or created with the accept() call on a 5788 * original UDP-style socket or created with the accept() call on a
5743 * TCP-style socket.. 5789 * TCP-style socket..