16 files changed, 128 insertions, 72 deletions
diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c
index f2eccd531746..17ff9fd7cdda 100644
--- a/net/ipv4/icmp.c
+++ b/net/ipv4/icmp.c
@@ -257,7 +257,8 @@ static inline bool icmpv4_xrlim_allow(struct net *net, struct rtable *rt,
                struct inet_peer *peer = inet_getpeer_v4(net->ipv4.peers, fl4->daddr, 1);
                rc = inet_peer_xrlim_allow(peer,
                                           net->ipv4.sysctl_icmp_ratelimit);
-                inet_putpeer(peer);
+                if (peer)
+                        inet_putpeer(peer);
        }
 out:
        return rc;
diff --git a/net/ipv4/inet_diag.c b/net/ipv4/inet_diag.c
index 535584c00f91..0c34bfabc11f 100644
--- a/net/ipv4/inet_diag.c
+++ b/net/ipv4/inet_diag.c
@@ -892,13 +892,16 @@ static int __inet_diag_dump(struct sk_buff *skb, struct netlink_callback *cb,
                struct inet_diag_req_v2 *r, struct nlattr *bc)
 {
        const struct inet_diag_handler *handler;
+        int err = 0;
        handler = inet_diag_lock_handler(r->sdiag_protocol);
        if (!IS_ERR(handler))
                handler->dump(skb, cb, r, bc);
+        else
+                err = PTR_ERR(handler);
        inet_diag_unlock_handler(handler);
-        return skb->len;
+        return err ? : skb->len;
 }
 static int inet_diag_dump(struct sk_buff *skb, struct netlink_callback *cb)
diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
index 5eea4a811042..14bbfcf717ac 100644
--- a/net/ipv4/ip_sockglue.c
+++ b/net/ipv4/ip_sockglue.c
@@ -457,19 +457,28 @@ static int do_ip_setsockopt(struct sock *sk, int level,
        struct inet_sock *inet = inet_sk(sk);
        int val = 0, err;
-        if (((1<<optname) & ((1<<IP_PKTINFO) | (1<<IP_RECVTTL) |
+        switch (optname) {
-                             (1<<IP_RECVOPTS) | (1<<IP_RECVTOS) |
+        case IP_PKTINFO:
-                             (1<<IP_RETOPTS) | (1<<IP_TOS) |
+        case IP_RECVTTL:
-                             (1<<IP_TTL) | (1<<IP_HDRINCL) |
+        case IP_RECVOPTS:
-                             (1<<IP_MTU_DISCOVER) | (1<<IP_RECVERR) |
+        case IP_RECVTOS:
-                             (1<<IP_ROUTER_ALERT) | (1<<IP_FREEBIND) |
+        case IP_RETOPTS:
-                             (1<<IP_PASSSEC) | (1<<IP_TRANSPARENT) |
+        case IP_TOS:
-                             (1<<IP_MINTTL) | (1<<IP_NODEFRAG))) ||
+        case IP_TTL:
-            optname == IP_UNICAST_IF ||
+        case IP_HDRINCL:
-            optname == IP_MULTICAST_TTL ||
+        case IP_MTU_DISCOVER:
-            optname == IP_MULTICAST_ALL ||
+        case IP_RECVERR:
-            optname == IP_MULTICAST_LOOP ||
+        case IP_ROUTER_ALERT:
-            optname == IP_RECVORIGDSTADDR) {
+        case IP_FREEBIND:
+        case IP_PASSSEC:
+        case IP_TRANSPARENT:
+        case IP_MINTTL:
+        case IP_NODEFRAG:
+        case IP_UNICAST_IF:
+        case IP_MULTICAST_TTL:
+        case IP_MULTICAST_ALL:
+        case IP_MULTICAST_LOOP:
+        case IP_RECVORIGDSTADDR:
                if (optlen >= sizeof(int)) {
                        if (get_user(val, (int __user *) optval))
                                return -EFAULT;
diff --git a/net/ipv4/ip_vti.c b/net/ipv4/ip_vti.c
index 1831092f999f..858fddf6482a 100644
--- a/net/ipv4/ip_vti.c
+++ b/net/ipv4/ip_vti.c
@@ -338,12 +338,17 @@ static int vti_rcv(struct sk_buff *skb)
        if (tunnel != NULL) {
                struct pcpu_tstats *tstats;
+                if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb))
+                        return -1;
                tstats = this_cpu_ptr(tunnel->dev->tstats);
                u64_stats_update_begin(&tstats->syncp);
                tstats->rx_packets++;
                tstats->rx_bytes += skb->len;
                u64_stats_update_end(&tstats->syncp);
+                skb->mark = 0;
+                secpath_reset(skb);
                skb->dev = tunnel->dev;
                return 1;
        }
diff --git a/net/ipv4/ipmr.c b/net/ipv4/ipmr.c
index 6168c4dc58b1..3eab2b2ffd34 100644
--- a/net/ipv4/ipmr.c
+++ b/net/ipv4/ipmr.c
@@ -1318,6 +1318,10 @@ int ip_mroute_setsockopt(struct sock *sk, int optname, char __user *optval, unsi
                if (get_user(v, (u32 __user *)optval))
                        return -EFAULT;
+                /* "pimreg%u" should not exceed 16 bytes (IFNAMSIZ) */
+                if (v != RT_TABLE_DEFAULT && v >= 1000000000)
+                        return -EINVAL;
                rtnl_lock();
                ret = 0;
                if (sk == rtnl_dereference(mrt->mroute_sk)) {
diff --git a/net/ipv4/netfilter/iptable_nat.c b/net/ipv4/netfilter/iptable_nat.c
index 9e0ffaf1d942..a82047282dbb 100644
--- a/net/ipv4/netfilter/iptable_nat.c
+++ b/net/ipv4/netfilter/iptable_nat.c
@@ -184,7 +184,8 @@ nf_nat_ipv4_out(unsigned int hooknum,
                if ((ct->tuplehash[dir].tuple.src.u3.ip !=
                     ct->tuplehash[!dir].tuple.dst.u3.ip) ||
-                    (ct->tuplehash[dir].tuple.src.u.all !=
+                    (ct->tuplehash[dir].tuple.dst.protonum != IPPROTO_ICMP &&
+                     ct->tuplehash[dir].tuple.src.u.all !=
                     ct->tuplehash[!dir].tuple.dst.u.all))
                        if (nf_xfrm_me_harder(skb, AF_INET) < 0)
                                ret = NF_DROP;
@@ -221,6 +222,7 @@ nf_nat_ipv4_local_fn(unsigned int hooknum,
                }
 #ifdef CONFIG_XFRM
                else if (!(IPCB(skb)->flags & IPSKB_XFRM_TRANSFORMED) &&
+                         ct->tuplehash[dir].tuple.dst.protonum != IPPROTO_ICMP &&
                         ct->tuplehash[dir].tuple.dst.u.all !=
                         ct->tuplehash[!dir].tuple.src.u.all)
                        if (nf_xfrm_me_harder(skb, AF_INET) < 0)
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index 432f4bb77238..df251424d816 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -1163,8 +1163,12 @@ static bool rt_bind_exception(struct rtable *rt, struct fib_nh_exception *fnhe,
        spin_lock_bh(&fnhe_lock);
        if (daddr == fnhe->fnhe_daddr) {
-                struct rtable *orig;
+                struct rtable *orig = rcu_dereference(fnhe->fnhe_rth);
+                if (orig && rt_is_expired(orig)) {
+                        fnhe->fnhe_gw = 0;
+                        fnhe->fnhe_pmtu = 0;
+                        fnhe->fnhe_expires = 0;
+                }
                if (fnhe->fnhe_pmtu) {
                        unsigned long expires = fnhe->fnhe_expires;
                        unsigned long diff = expires - jiffies;
@@ -1181,7 +1185,6 @@ static bool rt_bind_exception(struct rtable *rt, struct fib_nh_exception *fnhe,
                } else if (!rt->rt_gateway)
                        rt->rt_gateway = daddr;
-                orig = rcu_dereference(fnhe->fnhe_rth);
                rcu_assign_pointer(fnhe->fnhe_rth, rt);
                if (orig)
                        rt_free(orig);
@@ -1782,6 +1785,7 @@ static struct rtable *__mkroute_output(const struct fib_result *res,
        if (dev_out->flags & IFF_LOOPBACK)
                flags |= RTCF_LOCAL;
+        do_cache = true;
        if (type == RTN_BROADCAST) {
                flags |= RTCF_BROADCAST | RTCF_LOCAL;
                fi = NULL;
@@ -1790,6 +1794,8 @@ static struct rtable *__mkroute_output(const struct fib_result *res,
                if (!ip_check_mc_rcu(in_dev, fl4->daddr, fl4->saddr,
                                     fl4->flowi4_proto))
                        flags &= ~RTCF_LOCAL;
+                else
+                        do_cache = false;
                /* If multicast route do not exist use
                 * default one, but do not gateway in this case.
                 * Yes, it is hack.
@@ -1799,8 +1805,8 @@ static struct rtable *__mkroute_output(const struct fib_result *res,
        }
        fnhe = NULL;
-        do_cache = fi != NULL;
+        do_cache &= fi != NULL;
-        if (fi) {
+        if (do_cache) {
                struct rtable __rcu **prth;
                struct fib_nh *nh = &FIB_RES_NH(*res);
@@ -2594,7 +2600,7 @@ int __init ip_rt_init(void)
                pr_err("Unable to create route proc files\n");
 #ifdef CONFIG_XFRM
        xfrm_init();
-        xfrm4_init(ip_rt_max_size);
+        xfrm4_init();
 #endif
        rtnl_register(PF_INET, RTM_GETROUTE, inet_rtm_getroute, NULL, NULL);
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index f32c02e2a543..e457c7ab2e28 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -549,14 +549,12 @@ int tcp_ioctl(struct sock *sk, int cmd, unsigned long arg)
                         !tp->urg_data ||
                         before(tp->urg_seq, tp->copied_seq) ||
                         !before(tp->urg_seq, tp->rcv_nxt)) {
-                        struct sk_buff *skb;
                        answ = tp->rcv_nxt - tp->copied_seq;
-                        /* Subtract 1, if FIN is in queue. */
+                        /* Subtract 1, if FIN was received */
-                        skb = skb_peek_tail(&sk->sk_receive_queue);
+                        if (answ && sock_flag(sk, SOCK_DONE))
-                        if (answ && skb)
+                                answ--;
-                                answ -= tcp_hdr(skb)->fin;
                } else
                        answ = tp->urg_seq - tp->copied_seq;
                release_sock(sk);
@@ -832,8 +830,8 @@ static int tcp_send_mss(struct sock *sk, int *size_goal, int flags)
        return mss_now;
 }
-static ssize_t do_tcp_sendpages(struct sock *sk, struct page **pages, int poffset,
+static ssize_t do_tcp_sendpages(struct sock *sk, struct page *page, int offset,
-                         size_t psize, int flags)
+                                size_t size, int flags)
 {
        struct tcp_sock *tp = tcp_sk(sk);
        int mss_now, size_goal;
@@ -860,12 +858,9 @@ static ssize_t do_tcp_sendpages(struct sock *sk, struct page **pages, int poffse
        if (sk->sk_err || (sk->sk_shutdown & SEND_SHUTDOWN))
                goto out_err;
-        while (psize > 0) {
+        while (size > 0) {
                struct sk_buff *skb = tcp_write_queue_tail(sk);
-                struct page *page = pages[poffset / PAGE_SIZE];
                int copy, i;
-                int offset = poffset % PAGE_SIZE;
-                int size = min_t(size_t, psize, PAGE_SIZE - offset);
                bool can_coalesce;
                if (!tcp_send_head(sk) || (copy = size_goal - skb->len) <= 0) {
@@ -914,8 +909,8 @@ new_segment:
                        TCP_SKB_CB(skb)->tcp_flags &= ~TCPHDR_PSH;
                copied += copy;
-                poffset += copy;
+                offset += copy;
-                if (!(psize -= copy))
+                if (!(size -= copy))
                        goto out;
                if (skb->len < size_goal || (flags & MSG_OOB))
@@ -962,7 +957,7 @@ int tcp_sendpage(struct sock *sk, struct page *page, int offset,
                                        flags);
        lock_sock(sk);
-        res = do_tcp_sendpages(sk, &page, offset, size, flags);
+        res = do_tcp_sendpages(sk, page, offset, size, flags);
        release_sock(sk);
        return res;
 }
@@ -1214,7 +1209,7 @@ new_segment:
 wait_for_sndbuf:
                        set_bit(SOCK_NOSPACE, &sk->sk_socket->flags);
 wait_for_memory:
-                        if (copied && likely(!tp->repair))
+                        if (copied)
                                tcp_push(sk, flags & ~MSG_MORE, mss_now, TCP_NAGLE_PUSH);
                        if ((err = sk_stream_wait_memory(sk, &timeo)) != 0)
@@ -1225,7 +1220,7 @@ wait_for_memory:
        }
 out:
-        if (copied && likely(!tp->repair))
+        if (copied)
                tcp_push(sk, flags, mss_now, tp->nonagle);
        release_sock(sk);
        return copied + copied_syn;
@@ -2766,6 +2761,8 @@ void tcp_get_info(const struct sock *sk, struct tcp_info *info)
                info->tcpi_options |= TCPI_OPT_ECN;
        if (tp->ecn_flags & TCP_ECN_SEEN)
                info->tcpi_options |= TCPI_OPT_ECN_SEEN;
+        if (tp->syn_data_acked)
+                info->tcpi_options |= TCPI_OPT_SYN_DATA;
        info->tcpi_rto = jiffies_to_usecs(icsk->icsk_rto);
        info->tcpi_ato = jiffies_to_usecs(icsk->icsk_ack.ato);
diff --git a/net/ipv4/tcp_illinois.c b/net/ipv4/tcp_illinois.c
index 813b43a76fec..834857f3c871 100644
--- a/net/ipv4/tcp_illinois.c
+++ b/net/ipv4/tcp_illinois.c
@@ -313,11 +313,13 @@ static void tcp_illinois_info(struct sock *sk, u32 ext,
                        .tcpv_rttcnt = ca->cnt_rtt,
                        .tcpv_minrtt = ca->base_rtt,
                };
-                u64 t = ca->sum_rtt;
-                do_div(t, ca->cnt_rtt);
+                if (info.tcpv_rttcnt > 0) {
-                info.tcpv_rtt = t;
+                        u64 t = ca->sum_rtt;
+                        do_div(t, info.tcpv_rttcnt);
+                        info.tcpv_rtt = t;
+                }
                nla_put(skb, INET_DIAG_VEGASINFO, sizeof(info), &info);
        }
 }
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index 432c36649db3..181fc8234a52 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -4529,6 +4529,9 @@ int tcp_send_rcvq(struct sock *sk, struct msghdr *msg, size_t size)
        struct tcphdr *th;
        bool fragstolen;
+        if (size == 0)
+                return 0;
        skb = alloc_skb(size + sizeof(*th), sk->sk_allocation);
        if (!skb)
                goto err;
@@ -5310,11 +5313,6 @@ static bool tcp_validate_incoming(struct sock *sk, struct sk_buff *skb,
                goto discard;
        }
-        /* ts_recent update must be made after we are sure that the packet
-         * is in window.
-         */
-        tcp_replace_ts_recent(tp, TCP_SKB_CB(skb)->seq);
        /* step 3: check security and precedence [ignored] */
        /* step 4: Check for a SYN
@@ -5549,6 +5547,11 @@ step5:
        if (th->ack && tcp_ack(sk, skb, FLAG_SLOWPATH) < 0)
                goto discard;
+        /* ts_recent update must be made after we are sure that the packet
+         * is in window.
+         */
+        tcp_replace_ts_recent(tp, TCP_SKB_CB(skb)->seq);
        tcp_rcv_rtt_measure_ts(sk, skb);
        /* Process urgent data. */
@@ -5642,10 +5645,15 @@ static bool tcp_rcv_fastopen_synack(struct sock *sk, struct sk_buff *synack,
        tcp_fastopen_cache_set(sk, mss, cookie, syn_drop);
        if (data) { /* Retransmit unacked data in SYN */
-                tcp_retransmit_skb(sk, data);
+                tcp_for_write_queue_from(data, sk) {
+                        if (data == tcp_send_head(sk) ||
+                            __tcp_retransmit_skb(sk, data))
+                                break;
+                }
                tcp_rearm_rto(sk);
                return true;
        }
+        tp->syn_data_acked = tp->syn_data;
        return false;
 }
@@ -5963,7 +5971,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
        req = tp->fastopen_rsk;
        if (req != NULL) {
-                BUG_ON(sk->sk_state != TCP_SYN_RECV &&
+                WARN_ON_ONCE(sk->sk_state != TCP_SYN_RECV &&
                    sk->sk_state != TCP_FIN_WAIT1);
                if (tcp_check_req(sk, skb, req, NULL, true) == NULL)
@@ -6052,7 +6060,15 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
                         * ACK we have received, this would have acknowledged
                         * our SYNACK so stop the SYNACK timer.
                         */
-                        if (acceptable && req != NULL) {
+                        if (req != NULL) {
+                                /* Return RST if ack_seq is invalid.
+                                 * Note that RFC793 only says to generate a
+                                 * DUPACK for it but for TCP Fast Open it seems
+                                 * better to treat this case like TCP_SYN_RECV
+                                 * above.
+                                 */
+                                if (!acceptable)
+                                        return 1;
                                /* We no longer need the request sock. */
                                reqsk_fastopen_remove(sk, req, false);
                                tcp_rearm_rto(sk);
@@ -6118,6 +6134,11 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
        } else
                goto discard;
+        /* ts_recent update must be made after we are sure that the packet
+         * is in window.
+         */
+        tcp_replace_ts_recent(tp, TCP_SKB_CB(skb)->seq);
        /* step 6: check the URG bit */
        tcp_urg(sk, skb, th);
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index ef998b008a57..0c4a64355603 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -1461,6 +1461,7 @@ static int tcp_v4_conn_req_fastopen(struct sock *sk,
                skb_set_owner_r(skb, child);
                __skb_queue_tail(&child->sk_receive_queue, skb);
                tp->rcv_nxt = TCP_SKB_CB(skb)->end_seq;
+                tp->syn_data_acked = 1;
        }
        sk->sk_data_ready(sk, 0);
        bh_unlock_sock(child);
diff --git a/net/ipv4/tcp_metrics.c b/net/ipv4/tcp_metrics.c
index 4c752a6e0bcd..f696d7c2e9fa 100644
--- a/net/ipv4/tcp_metrics.c
+++ b/net/ipv4/tcp_metrics.c
@@ -1,7 +1,6 @@
 #include <linux/rcupdate.h>
 #include <linux/spinlock.h>
 #include <linux/jiffies.h>
-#include <linux/bootmem.h>
 #include <linux/module.h>
 #include <linux/cache.h>
 #include <linux/slab.h>
@@ -9,6 +8,7 @@
 #include <linux/tcp.h>
 #include <linux/hash.h>
 #include <linux/tcp_metrics.h>
+#include <linux/vmalloc.h>
 #include <net/inet_connection_sock.h>
 #include <net/net_namespace.h>
@@ -864,7 +864,7 @@ static int parse_nl_addr(struct genl_info *info, struct inetpeer_addr *addr,
        }
        a = info->attrs[TCP_METRICS_ATTR_ADDR_IPV6];
        if (a) {
-                if (nla_len(a) != sizeof(sizeof(struct in6_addr)))
+                if (nla_len(a) != sizeof(struct in6_addr))
                        return -EINVAL;
                addr->family = AF_INET6;
                memcpy(addr->addr.a6, nla_data(a), sizeof(addr->addr.a6));
@@ -1034,7 +1034,10 @@ static int __net_init tcp_net_metrics_init(struct net *net)
        net->ipv4.tcp_metrics_hash_log = order_base_2(slots);
        size = sizeof(struct tcpm_hash_bucket) << net->ipv4.tcp_metrics_hash_log;
-        net->ipv4.tcp_metrics_hash = kzalloc(size, GFP_KERNEL);
+        net->ipv4.tcp_metrics_hash = kzalloc(size, GFP_KERNEL | __GFP_NOWARN);
+        if (!net->ipv4.tcp_metrics_hash)
+                net->ipv4.tcp_metrics_hash = vzalloc(size);
        if (!net->ipv4.tcp_metrics_hash)
                return -ENOMEM;
@@ -1055,7 +1058,10 @@ static void __net_exit tcp_net_metrics_exit(struct net *net)
                        tm = next;
                }
        }
-        kfree(net->ipv4.tcp_metrics_hash);
+        if (is_vmalloc_addr(net->ipv4.tcp_metrics_hash))
+                vfree(net->ipv4.tcp_metrics_hash);
+        else
+                kfree(net->ipv4.tcp_metrics_hash);
 }
 static __net_initdata struct pernet_operations tcp_net_metrics_ops = {
diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c
index 27536ba16c9d..a7302d974f32 100644
--- a/net/ipv4/tcp_minisocks.c
+++ b/net/ipv4/tcp_minisocks.c
@@ -510,6 +510,7 @@ struct sock *tcp_create_openreq_child(struct sock *sk, struct request_sock *req,
                newtp->rx_opt.mss_clamp = req->mss;
                TCP_ECN_openreq_child(newtp, req);
                newtp->fastopen_rsk = NULL;
+                newtp->syn_data_acked = 0;
                TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_PASSIVEOPENS);
        }
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index cfe6ffe1c177..948ac275b9b5 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -1986,6 +1986,9 @@ static bool tcp_write_xmit(struct sock *sk, unsigned int mss_now, int nonagle,
                tso_segs = tcp_init_tso_segs(sk, skb, mss_now);
                BUG_ON(!tso_segs);
+                if (unlikely(tp->repair) && tp->repair_queue == TCP_SEND_QUEUE)
+                        goto repair; /* Skip network transmission */
                cwnd_quota = tcp_cwnd_test(tp, skb);
                if (!cwnd_quota)
                        break;
@@ -2026,6 +2029,7 @@ static bool tcp_write_xmit(struct sock *sk, unsigned int mss_now, int nonagle,
                if (unlikely(tcp_transmit_skb(sk, skb, 1, gfp)))
                        break;
+repair:
                /* Advance the send_head.  This one is sent out.
                 * This call will increment packets_out.
                 */
@@ -2305,12 +2309,11 @@ static void tcp_retrans_try_collapse(struct sock *sk, struct sk_buff *to,
 * state updates are done by the caller.  Returns non-zero if an
 * error occurred which prevented the send.
 */
-int tcp_retransmit_skb(struct sock *sk, struct sk_buff *skb)
+int __tcp_retransmit_skb(struct sock *sk, struct sk_buff *skb)
 {
        struct tcp_sock *tp = tcp_sk(sk);
        struct inet_connection_sock *icsk = inet_csk(sk);
        unsigned int cur_mss;
-        int err;
        /* Inconslusive MTU probe */
        if (icsk->icsk_mtup.probe_size) {
@@ -2383,11 +2386,17 @@ int tcp_retransmit_skb(struct sock *sk, struct sk_buff *skb)
        if (unlikely(NET_IP_ALIGN && ((unsigned long)skb->data & 3))) {
                struct sk_buff *nskb = __pskb_copy(skb, MAX_TCP_HEADER,
                                                   GFP_ATOMIC);
-                err = nskb ? tcp_transmit_skb(sk, nskb, 0, GFP_ATOMIC) :
+                return nskb ? tcp_transmit_skb(sk, nskb, 0, GFP_ATOMIC) :
-                             -ENOBUFS;
+                              -ENOBUFS;
        } else {
-                err = tcp_transmit_skb(sk, skb, 1, GFP_ATOMIC);
+                return tcp_transmit_skb(sk, skb, 1, GFP_ATOMIC);
        }
+}
+int tcp_retransmit_skb(struct sock *sk, struct sk_buff *skb)
+{
+        struct tcp_sock *tp = tcp_sk(sk);
+        int err = __tcp_retransmit_skb(sk, skb);
        if (err == 0) {
                /* Update global TCP statistics. */
diff --git a/net/ipv4/tcp_timer.c b/net/ipv4/tcp_timer.c
index fc04711e80c8..d47c1b4421a3 100644
--- a/net/ipv4/tcp_timer.c
+++ b/net/ipv4/tcp_timer.c
@@ -347,8 +347,8 @@ void tcp_retransmit_timer(struct sock *sk)
                return;
        }
        if (tp->fastopen_rsk) {
-                BUG_ON(sk->sk_state != TCP_SYN_RECV &&
+                WARN_ON_ONCE(sk->sk_state != TCP_SYN_RECV &&
-                    sk->sk_state != TCP_FIN_WAIT1);
+                             sk->sk_state != TCP_FIN_WAIT1);
                tcp_fastopen_synack_timer(sk);
                /* Before we receive ACK to our SYN-ACK don't retransmit
                 * anything else (e.g., data or FIN segments).
diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c
index 05c5ab8d983c..3be0ac2c1920 100644
--- a/net/ipv4/xfrm4_policy.c
+++ b/net/ipv4/xfrm4_policy.c
@@ -279,19 +279,8 @@ static void __exit xfrm4_policy_fini(void)
        xfrm_policy_unregister_afinfo(&xfrm4_policy_afinfo);
 }
-void __init xfrm4_init(int rt_max_size)
+void __init xfrm4_init(void)
 {
-        /*
-         * Select a default value for the gc_thresh based on the main route
-         * table hash size.  It seems to me the worst case scenario is when
-         * we have ipsec operating in transport mode, in which we create a
-         * dst_entry per socket.  The xfrm gc algorithm starts trying to remove
-         * entries at gc_thresh, and prevents new allocations as 2*gc_thresh
-         * so lets set an initial xfrm gc_thresh value at the rt_max_size/2.
-         * That will let us store an ipsec connection per route table entry,
-         * and start cleaning when were 1/2 full
-         */
-        xfrm4_dst_ops.gc_thresh = rt_max_size/2;
        dst_entries_init(&xfrm4_dst_ops);
        xfrm4_state_init();