1 files changed, 26 insertions, 33 deletions

diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c
index da5bd0ed83df..6d4292ff5854 100644
--- a/net/ipv6/reassembly.c
+++ b/net/ipv6/reassembly.c
@@ -41,6 +41,7 @@
 #include <linux/random.h>
 #include <linux/jhash.h>
 #include <linux/skbuff.h>
+#include <linux/slab.h>
 
 #include <net/sock.h>
 #include <net/snmp.h>
@@ -72,6 +73,7 @@ struct frag_queue
         struct inet_frag_queue  q;
 
         __be32                  id;             /* fragment id          */
+        u32                     user;
         struct in6_addr         saddr;
         struct in6_addr         daddr;
 
@@ -141,7 +143,7 @@ int ip6_frag_match(struct inet_frag_queue *q, void *a)
         struct ip6_create_arg *arg = a;
 
         fq = container_of(q, struct frag_queue, q);
-        return (fq->id == arg->id &&
+        return (fq->id == arg->id && fq->user == arg->user &&
                         ipv6_addr_equal(&fq->saddr, arg->src) &&
                         ipv6_addr_equal(&fq->daddr, arg->dst));
 }
@@ -163,6 +165,7 @@ void ip6_frag_init(struct inet_frag_queue *q, void *a)
         struct ip6_create_arg *arg = a;
 
         fq->id = arg->id;
+        fq->user = arg->user;
         ipv6_addr_copy(&fq->saddr, arg->src);
         ipv6_addr_copy(&fq->daddr, arg->dst);
 }
@@ -208,18 +211,17 @@ static void ip6_frag_expire(unsigned long data)
         fq_kill(fq);
 
         net = container_of(fq->q.net, struct net, ipv6.frags);
-        dev = dev_get_by_index(net, fq->iif);
+        rcu_read_lock();
+        dev = dev_get_by_index_rcu(net, fq->iif);
         if (!dev)
-                goto out;
+                goto out_rcu_unlock;
 
-        rcu_read_lock();
         IP6_INC_STATS_BH(net, __in6_dev_get(dev), IPSTATS_MIB_REASMTIMEOUT);
         IP6_INC_STATS_BH(net, __in6_dev_get(dev), IPSTATS_MIB_REASMFAILS);
-        rcu_read_unlock();
 
         /* Don't send error if the first segment did not arrive. */
         if (!(fq->q.last_in & INET_FRAG_FIRST_IN) || !fq->q.fragments)
-                goto out;
+                goto out_rcu_unlock;
 
         /*
            But use as source device on which LAST ARRIVED
@@ -227,23 +229,23 @@ static void ip6_frag_expire(unsigned long data)
            pointer directly, device might already disappeared.
          */
         fq->q.fragments->dev = dev;
-        icmpv6_send(fq->q.fragments, ICMPV6_TIME_EXCEED, ICMPV6_EXC_FRAGTIME, 0, dev);
+        icmpv6_send(fq->q.fragments, ICMPV6_TIME_EXCEED, ICMPV6_EXC_FRAGTIME, 0);
+out_rcu_unlock:
+        rcu_read_unlock();
 out:
-        if (dev)
-                dev_put(dev);
         spin_unlock(&fq->q.lock);
         fq_put(fq);
 }
 
 static __inline__ struct frag_queue *
-fq_find(struct net *net, __be32 id, struct in6_addr *src, struct in6_addr *dst,
-        struct inet6_dev *idev)
+fq_find(struct net *net, __be32 id, struct in6_addr *src, struct in6_addr *dst)
 {
         struct inet_frag_queue *q;
         struct ip6_create_arg arg;
         unsigned int hash;
 
         arg.id = id;
+        arg.user = IP6_DEFRAG_LOCAL_DELIVER;
         arg.src = src;
         arg.dst = dst;
 
@@ -252,13 +254,9 @@ fq_find(struct net *net, __be32 id, struct in6_addr *src, struct in6_addr *dst,
 
         q = inet_frag_find(&net->ipv6.frags, &ip6_frags, &arg, hash);
         if (q == NULL)
-                goto oom;
+                return NULL;
 
         return container_of(q, struct frag_queue, q);
-
-oom:
-        IP6_INC_STATS_BH(net, idev, IPSTATS_MIB_REASMFAILS);
-        return NULL;
 }
 
 static int ip6_frag_queue(struct frag_queue *fq, struct sk_buff *skb,
@@ -604,8 +602,8 @@ static int ipv6_frag_rcv(struct sk_buff *skb)
         if (atomic_read(&net->ipv6.frags.mem) > net->ipv6.frags.high_thresh)
                 ip6_evictor(net, ip6_dst_idev(skb_dst(skb)));
 
-        if ((fq = fq_find(net, fhdr->identification, &hdr->saddr, &hdr->daddr,
-                          ip6_dst_idev(skb_dst(skb)))) != NULL) {
+        fq = fq_find(net, fhdr->identification, &hdr->saddr, &hdr->daddr);
+        if (fq != NULL) {
                 int ret;
 
                 spin_lock(&fq->q.lock);
@@ -636,7 +634,6 @@ static const struct inet6_protocol frag_protocol =
 #ifdef CONFIG_SYSCTL
 static struct ctl_table ip6_frags_ns_ctl_table[] = {
         {
-                .ctl_name       = NET_IPV6_IP6FRAG_HIGH_THRESH,
                 .procname       = "ip6frag_high_thresh",
                 .data           = &init_net.ipv6.frags.high_thresh,
                 .maxlen         = sizeof(int),
@@ -644,7 +641,6 @@ static struct ctl_table ip6_frags_ns_ctl_table[] = {
                 .proc_handler   = proc_dointvec
         },
         {
-                .ctl_name       = NET_IPV6_IP6FRAG_LOW_THRESH,
                 .procname       = "ip6frag_low_thresh",
                 .data           = &init_net.ipv6.frags.low_thresh,
                 .maxlen         = sizeof(int),
@@ -652,37 +648,33 @@ static struct ctl_table ip6_frags_ns_ctl_table[] = {
                 .proc_handler   = proc_dointvec
         },
         {
-                .ctl_name       = NET_IPV6_IP6FRAG_TIME,
                 .procname       = "ip6frag_time",
                 .data           = &init_net.ipv6.frags.timeout,
                 .maxlen         = sizeof(int),
                 .mode           = 0644,
                 .proc_handler   = proc_dointvec_jiffies,
-                .strategy       = sysctl_jiffies,
         },
         { }
 };
 
 static struct ctl_table ip6_frags_ctl_table[] = {
         {
-                .ctl_name       = NET_IPV6_IP6FRAG_SECRET_INTERVAL,
                 .procname       = "ip6frag_secret_interval",
                 .data           = &ip6_frags.secret_interval,
                 .maxlen         = sizeof(int),
                 .mode           = 0644,
                 .proc_handler   = proc_dointvec_jiffies,
-                .strategy       = sysctl_jiffies
         },
         { }
 };
 
-static int ip6_frags_ns_sysctl_register(struct net *net)
+static int __net_init ip6_frags_ns_sysctl_register(struct net *net)
 {
         struct ctl_table *table;
         struct ctl_table_header *hdr;
 
         table = ip6_frags_ns_ctl_table;
-        if (net != &init_net) {
+        if (!net_eq(net, &init_net)) {
                 table = kmemdup(table, sizeof(ip6_frags_ns_ctl_table), GFP_KERNEL);
                 if (table == NULL)
                         goto err_alloc;
@@ -700,19 +692,20 @@ static int ip6_frags_ns_sysctl_register(struct net *net)
         return 0;
 
 err_reg:
-        if (net != &init_net)
+        if (!net_eq(net, &init_net))
                 kfree(table);
 err_alloc:
         return -ENOMEM;
 }
 
-static void ip6_frags_ns_sysctl_unregister(struct net *net)
+static void __net_exit ip6_frags_ns_sysctl_unregister(struct net *net)
 {
         struct ctl_table *table;
 
         table = net->ipv6.sysctl.frags_hdr->ctl_table_arg;
         unregister_net_sysctl_table(net->ipv6.sysctl.frags_hdr);
-        kfree(table);
+        if (!net_eq(net, &init_net))
+                kfree(table);
 }
 
 static struct ctl_table_header *ip6_ctl_header;
@@ -748,10 +741,10 @@ static inline void ip6_frags_sysctl_unregister(void)
 }
 #endif
 
-static int ipv6_frags_init_net(struct net *net)
+static int __net_init ipv6_frags_init_net(struct net *net)
 {
-        net->ipv6.frags.high_thresh = 256 * 1024;
-        net->ipv6.frags.low_thresh = 192 * 1024;
+        net->ipv6.frags.high_thresh = IPV6_FRAG_HIGH_THRESH;
+        net->ipv6.frags.low_thresh = IPV6_FRAG_LOW_THRESH;
         net->ipv6.frags.timeout = IPV6_FRAG_TIMEOUT;
 
         inet_frags_init_net(&net->ipv6.frags);
@@ -759,7 +752,7 @@ static int ipv6_frags_init_net(struct net *net)
         return ip6_frags_ns_sysctl_register(net);
 }
 
-static void ipv6_frags_exit_net(struct net *net)
+static void __net_exit ipv6_frags_exit_net(struct net *net)
 {
         ip6_frags_ns_sysctl_unregister(net);
         inet_frags_exit_net(&net->ipv6.frags, &ip6_frags);