aboutsummaryrefslogtreecommitdiffstats
path: root/net/sctp
diff options
context:
space:
mode:
Diffstat (limited to 'net/sctp')
-rw-r--r--net/sctp/associola.c8
-rw-r--r--net/sctp/auth.c6
-rw-r--r--net/sctp/input.c5
-rw-r--r--net/sctp/ipv6.c42
-rw-r--r--net/sctp/output.c2
-rw-r--r--net/sctp/outqueue.c8
-rw-r--r--net/sctp/protocol.c37
-rw-r--r--net/sctp/sm_make_chunk.c17
-rw-r--r--net/sctp/sm_sideeffect.c2
-rw-r--r--net/sctp/sm_statefuns.c20
-rw-r--r--net/sctp/socket.c13
-rw-r--r--net/sctp/tsnmap.c2
-rw-r--r--net/sctp/ulpevent.c2
-rw-r--r--net/sctp/ulpqueue.c9
14 files changed, 81 insertions, 92 deletions
diff --git a/net/sctp/associola.c b/net/sctp/associola.c
index 5f1fb8bd862d..1a21c571aa03 100644
--- a/net/sctp/associola.c
+++ b/net/sctp/associola.c
@@ -569,6 +569,8 @@ void sctp_assoc_rm_peer(struct sctp_association *asoc,
569 sctp_assoc_set_primary(asoc, transport); 569 sctp_assoc_set_primary(asoc, transport);
570 if (asoc->peer.active_path == peer) 570 if (asoc->peer.active_path == peer)
571 asoc->peer.active_path = transport; 571 asoc->peer.active_path = transport;
572 if (asoc->peer.retran_path == peer)
573 asoc->peer.retran_path = transport;
572 if (asoc->peer.last_data_from == peer) 574 if (asoc->peer.last_data_from == peer)
573 asoc->peer.last_data_from = transport; 575 asoc->peer.last_data_from = transport;
574 576
@@ -1089,7 +1091,6 @@ static void sctp_assoc_bh_rcv(struct work_struct *work)
1089 base.inqueue.immediate); 1091 base.inqueue.immediate);
1090 struct sctp_endpoint *ep; 1092 struct sctp_endpoint *ep;
1091 struct sctp_chunk *chunk; 1093 struct sctp_chunk *chunk;
1092 struct sock *sk;
1093 struct sctp_inq *inqueue; 1094 struct sctp_inq *inqueue;
1094 int state; 1095 int state;
1095 sctp_subtype_t subtype; 1096 sctp_subtype_t subtype;
@@ -1097,7 +1098,6 @@ static void sctp_assoc_bh_rcv(struct work_struct *work)
1097 1098
1098 /* The association should be held so we should be safe. */ 1099 /* The association should be held so we should be safe. */
1099 ep = asoc->ep; 1100 ep = asoc->ep;
1100 sk = asoc->base.sk;
1101 1101
1102 inqueue = &asoc->base.inqueue; 1102 inqueue = &asoc->base.inqueue;
1103 sctp_association_hold(asoc); 1103 sctp_association_hold(asoc);
@@ -1325,6 +1325,8 @@ void sctp_assoc_update_retran_path(struct sctp_association *asoc)
1325 1325
1326 if (t) 1326 if (t)
1327 asoc->peer.retran_path = t; 1327 asoc->peer.retran_path = t;
1328 else
1329 t = asoc->peer.retran_path;
1328 1330
1329 SCTP_DEBUG_PRINTK_IPADDR("sctp_assoc_update_retran_path:association" 1331 SCTP_DEBUG_PRINTK_IPADDR("sctp_assoc_update_retran_path:association"
1330 " %p addr: ", 1332 " %p addr: ",
@@ -1595,7 +1597,7 @@ void sctp_assoc_clean_asconf_ack_cache(const struct sctp_association *asoc)
1595 struct sctp_chunk *ack; 1597 struct sctp_chunk *ack;
1596 struct sctp_chunk *tmp; 1598 struct sctp_chunk *tmp;
1597 1599
1598 /* We can remove all the entries from the queue upto 1600 /* We can remove all the entries from the queue up to
1599 * the "Peer-Sequence-Number". 1601 * the "Peer-Sequence-Number".
1600 */ 1602 */
1601 list_for_each_entry_safe(ack, tmp, &asoc->asconf_ack_list, 1603 list_for_each_entry_safe(ack, tmp, &asoc->asconf_ack_list,
diff --git a/net/sctp/auth.c b/net/sctp/auth.c
index ddbbf7c81fa1..865e68fef21c 100644
--- a/net/sctp/auth.c
+++ b/net/sctp/auth.c
@@ -113,7 +113,7 @@ struct sctp_shared_key *sctp_auth_shkey_create(__u16 key_id, gfp_t gfp)
113 return new; 113 return new;
114} 114}
115 115
116/* Free the shared key stucture */ 116/* Free the shared key structure */
117static void sctp_auth_shkey_free(struct sctp_shared_key *sh_key) 117static void sctp_auth_shkey_free(struct sctp_shared_key *sh_key)
118{ 118{
119 BUG_ON(!list_empty(&sh_key->key_list)); 119 BUG_ON(!list_empty(&sh_key->key_list));
@@ -122,7 +122,7 @@ static void sctp_auth_shkey_free(struct sctp_shared_key *sh_key)
122 kfree(sh_key); 122 kfree(sh_key);
123} 123}
124 124
125/* Destory the entire key list. This is done during the 125/* Destroy the entire key list. This is done during the
126 * associon and endpoint free process. 126 * associon and endpoint free process.
127 */ 127 */
128void sctp_auth_destroy_keys(struct list_head *keys) 128void sctp_auth_destroy_keys(struct list_head *keys)
@@ -324,7 +324,7 @@ static struct sctp_auth_bytes *sctp_auth_asoc_create_secret(
324 if (!peer_key_vector || !local_key_vector) 324 if (!peer_key_vector || !local_key_vector)
325 goto out; 325 goto out;
326 326
327 /* Figure out the order in wich the key_vectors will be 327 /* Figure out the order in which the key_vectors will be
328 * added to the endpoint shared key. 328 * added to the endpoint shared key.
329 * SCTP-AUTH, Section 6.1: 329 * SCTP-AUTH, Section 6.1:
330 * This is performed by selecting the numerically smaller key 330 * This is performed by selecting the numerically smaller key
diff --git a/net/sctp/input.c b/net/sctp/input.c
index ea2192444ce6..5436c6921167 100644
--- a/net/sctp/input.c
+++ b/net/sctp/input.c
@@ -948,14 +948,11 @@ static struct sctp_association *__sctp_rcv_init_lookup(struct sk_buff *skb,
948 union sctp_addr addr; 948 union sctp_addr addr;
949 union sctp_addr *paddr = &addr; 949 union sctp_addr *paddr = &addr;
950 struct sctphdr *sh = sctp_hdr(skb); 950 struct sctphdr *sh = sctp_hdr(skb);
951 sctp_chunkhdr_t *ch;
952 union sctp_params params; 951 union sctp_params params;
953 sctp_init_chunk_t *init; 952 sctp_init_chunk_t *init;
954 struct sctp_transport *transport; 953 struct sctp_transport *transport;
955 struct sctp_af *af; 954 struct sctp_af *af;
956 955
957 ch = (sctp_chunkhdr_t *) skb->data;
958
959 /* 956 /*
960 * This code will NOT touch anything inside the chunk--it is 957 * This code will NOT touch anything inside the chunk--it is
961 * strictly READ-ONLY. 958 * strictly READ-ONLY.
@@ -1037,7 +1034,7 @@ static struct sctp_association *__sctp_rcv_asconf_lookup(
1037* association. 1034* association.
1038* 1035*
1039* This means that any chunks that can help us identify the association need 1036* This means that any chunks that can help us identify the association need
1040* to be looked at to find this assocation. 1037* to be looked at to find this association.
1041*/ 1038*/
1042static struct sctp_association *__sctp_rcv_walk_lookup(struct sk_buff *skb, 1039static struct sctp_association *__sctp_rcv_walk_lookup(struct sk_buff *skb,
1043 const union sctp_addr *laddr, 1040 const union sctp_addr *laddr,
diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c
index 95e0c8eda1a0..865ce7ba4e14 100644
--- a/net/sctp/ipv6.c
+++ b/net/sctp/ipv6.c
@@ -201,40 +201,40 @@ static int sctp_v6_xmit(struct sk_buff *skb, struct sctp_transport *transport)
201{ 201{
202 struct sock *sk = skb->sk; 202 struct sock *sk = skb->sk;
203 struct ipv6_pinfo *np = inet6_sk(sk); 203 struct ipv6_pinfo *np = inet6_sk(sk);
204 struct flowi fl; 204 struct flowi6 fl6;
205 205
206 memset(&fl, 0, sizeof(fl)); 206 memset(&fl6, 0, sizeof(fl6));
207 207
208 fl.proto = sk->sk_protocol; 208 fl6.flowi6_proto = sk->sk_protocol;
209 209
210 /* Fill in the dest address from the route entry passed with the skb 210 /* Fill in the dest address from the route entry passed with the skb
211 * and the source address from the transport. 211 * and the source address from the transport.
212 */ 212 */
213 ipv6_addr_copy(&fl.fl6_dst, &transport->ipaddr.v6.sin6_addr); 213 ipv6_addr_copy(&fl6.daddr, &transport->ipaddr.v6.sin6_addr);
214 ipv6_addr_copy(&fl.fl6_src, &transport->saddr.v6.sin6_addr); 214 ipv6_addr_copy(&fl6.saddr, &transport->saddr.v6.sin6_addr);
215 215
216 fl.fl6_flowlabel = np->flow_label; 216 fl6.flowlabel = np->flow_label;
217 IP6_ECN_flow_xmit(sk, fl.fl6_flowlabel); 217 IP6_ECN_flow_xmit(sk, fl6.flowlabel);
218 if (ipv6_addr_type(&fl.fl6_src) & IPV6_ADDR_LINKLOCAL) 218 if (ipv6_addr_type(&fl6.saddr) & IPV6_ADDR_LINKLOCAL)
219 fl.oif = transport->saddr.v6.sin6_scope_id; 219 fl6.flowi6_oif = transport->saddr.v6.sin6_scope_id;
220 else 220 else
221 fl.oif = sk->sk_bound_dev_if; 221 fl6.flowi6_oif = sk->sk_bound_dev_if;
222 222
223 if (np->opt && np->opt->srcrt) { 223 if (np->opt && np->opt->srcrt) {
224 struct rt0_hdr *rt0 = (struct rt0_hdr *) np->opt->srcrt; 224 struct rt0_hdr *rt0 = (struct rt0_hdr *) np->opt->srcrt;
225 ipv6_addr_copy(&fl.fl6_dst, rt0->addr); 225 ipv6_addr_copy(&fl6.daddr, rt0->addr);
226 } 226 }
227 227
228 SCTP_DEBUG_PRINTK("%s: skb:%p, len:%d, src:%pI6 dst:%pI6\n", 228 SCTP_DEBUG_PRINTK("%s: skb:%p, len:%d, src:%pI6 dst:%pI6\n",
229 __func__, skb, skb->len, 229 __func__, skb, skb->len,
230 &fl.fl6_src, &fl.fl6_dst); 230 &fl6.saddr, &fl6.daddr);
231 231
232 SCTP_INC_STATS(SCTP_MIB_OUTSCTPPACKS); 232 SCTP_INC_STATS(SCTP_MIB_OUTSCTPPACKS);
233 233
234 if (!(transport->param_flags & SPP_PMTUD_ENABLE)) 234 if (!(transport->param_flags & SPP_PMTUD_ENABLE))
235 skb->local_df = 1; 235 skb->local_df = 1;
236 236
237 return ip6_xmit(sk, skb, &fl, np->opt); 237 return ip6_xmit(sk, skb, &fl6, np->opt);
238} 238}
239 239
240/* Returns the dst cache entry for the given source and destination ip 240/* Returns the dst cache entry for the given source and destination ip
@@ -245,22 +245,22 @@ static struct dst_entry *sctp_v6_get_dst(struct sctp_association *asoc,
245 union sctp_addr *saddr) 245 union sctp_addr *saddr)
246{ 246{
247 struct dst_entry *dst; 247 struct dst_entry *dst;
248 struct flowi fl; 248 struct flowi6 fl6;
249 249
250 memset(&fl, 0, sizeof(fl)); 250 memset(&fl6, 0, sizeof(fl6));
251 ipv6_addr_copy(&fl.fl6_dst, &daddr->v6.sin6_addr); 251 ipv6_addr_copy(&fl6.daddr, &daddr->v6.sin6_addr);
252 if (ipv6_addr_type(&daddr->v6.sin6_addr) & IPV6_ADDR_LINKLOCAL) 252 if (ipv6_addr_type(&daddr->v6.sin6_addr) & IPV6_ADDR_LINKLOCAL)
253 fl.oif = daddr->v6.sin6_scope_id; 253 fl6.flowi6_oif = daddr->v6.sin6_scope_id;
254 254
255 255
256 SCTP_DEBUG_PRINTK("%s: DST=%pI6 ", __func__, &fl.fl6_dst); 256 SCTP_DEBUG_PRINTK("%s: DST=%pI6 ", __func__, &fl6.daddr);
257 257
258 if (saddr) { 258 if (saddr) {
259 ipv6_addr_copy(&fl.fl6_src, &saddr->v6.sin6_addr); 259 ipv6_addr_copy(&fl6.saddr, &saddr->v6.sin6_addr);
260 SCTP_DEBUG_PRINTK("SRC=%pI6 - ", &fl.fl6_src); 260 SCTP_DEBUG_PRINTK("SRC=%pI6 - ", &fl6.saddr);
261 } 261 }
262 262
263 dst = ip6_route_output(&init_net, NULL, &fl); 263 dst = ip6_route_output(&init_net, NULL, &fl6);
264 if (!dst->error) { 264 if (!dst->error) {
265 struct rt6_info *rt; 265 struct rt6_info *rt;
266 rt = (struct rt6_info *)dst; 266 rt = (struct rt6_info *)dst;
diff --git a/net/sctp/output.c b/net/sctp/output.c
index 60600d337a3a..b4f3cf06d8da 100644
--- a/net/sctp/output.c
+++ b/net/sctp/output.c
@@ -510,7 +510,7 @@ int sctp_packet_transmit(struct sctp_packet *packet)
510 sh->checksum = sctp_end_cksum(crc32); 510 sh->checksum = sctp_end_cksum(crc32);
511 } else { 511 } else {
512 if (dst->dev->features & NETIF_F_SCTP_CSUM) { 512 if (dst->dev->features & NETIF_F_SCTP_CSUM) {
513 /* no need to seed psuedo checksum for SCTP */ 513 /* no need to seed pseudo checksum for SCTP */
514 nskb->ip_summed = CHECKSUM_PARTIAL; 514 nskb->ip_summed = CHECKSUM_PARTIAL;
515 nskb->csum_start = (skb_transport_header(nskb) - 515 nskb->csum_start = (skb_transport_header(nskb) -
516 nskb->head); 516 nskb->head);
diff --git a/net/sctp/outqueue.c b/net/sctp/outqueue.c
index 8c6d379b4bb6..bf92a5b68f8b 100644
--- a/net/sctp/outqueue.c
+++ b/net/sctp/outqueue.c
@@ -177,13 +177,13 @@ static inline int sctp_cacc_skip_3_2(struct sctp_transport *primary, __u32 tsn)
177 * 3) If the missing report count for TSN t is to be 177 * 3) If the missing report count for TSN t is to be
178 * incremented according to [RFC2960] and 178 * incremented according to [RFC2960] and
179 * [SCTP_STEWART-2002], and CHANGEOVER_ACTIVE is set, 179 * [SCTP_STEWART-2002], and CHANGEOVER_ACTIVE is set,
180 * then the sender MUST futher execute steps 3.1 and 180 * then the sender MUST further execute steps 3.1 and
181 * 3.2 to determine if the missing report count for 181 * 3.2 to determine if the missing report count for
182 * TSN t SHOULD NOT be incremented. 182 * TSN t SHOULD NOT be incremented.
183 * 183 *
184 * 3.3) If 3.1 and 3.2 do not dictate that the missing 184 * 3.3) If 3.1 and 3.2 do not dictate that the missing
185 * report count for t should not be incremented, then 185 * report count for t should not be incremented, then
186 * the sender SOULD increment missing report count for 186 * the sender SHOULD increment missing report count for
187 * t (according to [RFC2960] and [SCTP_STEWART_2002]). 187 * t (according to [RFC2960] and [SCTP_STEWART_2002]).
188 */ 188 */
189static inline int sctp_cacc_skip(struct sctp_transport *primary, 189static inline int sctp_cacc_skip(struct sctp_transport *primary,
@@ -545,13 +545,11 @@ static int sctp_outq_flush_rtx(struct sctp_outq *q, struct sctp_packet *pkt,
545 struct sctp_transport *transport = pkt->transport; 545 struct sctp_transport *transport = pkt->transport;
546 sctp_xmit_t status; 546 sctp_xmit_t status;
547 struct sctp_chunk *chunk, *chunk1; 547 struct sctp_chunk *chunk, *chunk1;
548 struct sctp_association *asoc;
549 int fast_rtx; 548 int fast_rtx;
550 int error = 0; 549 int error = 0;
551 int timer = 0; 550 int timer = 0;
552 int done = 0; 551 int done = 0;
553 552
554 asoc = q->asoc;
555 lqueue = &q->retransmit; 553 lqueue = &q->retransmit;
556 fast_rtx = q->fast_rtx; 554 fast_rtx = q->fast_rtx;
557 555
@@ -845,7 +843,7 @@ static int sctp_outq_flush(struct sctp_outq *q, int rtx_timeout)
845 case SCTP_CID_ECN_CWR: 843 case SCTP_CID_ECN_CWR:
846 case SCTP_CID_ASCONF_ACK: 844 case SCTP_CID_ASCONF_ACK:
847 one_packet = 1; 845 one_packet = 1;
848 /* Fall throught */ 846 /* Fall through */
849 847
850 case SCTP_CID_SACK: 848 case SCTP_CID_SACK:
851 case SCTP_CID_HEARTBEAT: 849 case SCTP_CID_HEARTBEAT:
diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c
index e58f9476f29c..d5bf91d04f63 100644
--- a/net/sctp/protocol.c
+++ b/net/sctp/protocol.c
@@ -468,32 +468,32 @@ static struct dst_entry *sctp_v4_get_dst(struct sctp_association *asoc,
468 union sctp_addr *saddr) 468 union sctp_addr *saddr)
469{ 469{
470 struct rtable *rt; 470 struct rtable *rt;
471 struct flowi fl; 471 struct flowi4 fl4;
472 struct sctp_bind_addr *bp; 472 struct sctp_bind_addr *bp;
473 struct sctp_sockaddr_entry *laddr; 473 struct sctp_sockaddr_entry *laddr;
474 struct dst_entry *dst = NULL; 474 struct dst_entry *dst = NULL;
475 union sctp_addr dst_saddr; 475 union sctp_addr dst_saddr;
476 476
477 memset(&fl, 0x0, sizeof(struct flowi)); 477 memset(&fl4, 0x0, sizeof(struct flowi4));
478 fl.fl4_dst = daddr->v4.sin_addr.s_addr; 478 fl4.daddr = daddr->v4.sin_addr.s_addr;
479 fl.fl_ip_dport = daddr->v4.sin_port; 479 fl4.fl4_dport = daddr->v4.sin_port;
480 fl.proto = IPPROTO_SCTP; 480 fl4.flowi4_proto = IPPROTO_SCTP;
481 if (asoc) { 481 if (asoc) {
482 fl.fl4_tos = RT_CONN_FLAGS(asoc->base.sk); 482 fl4.flowi4_tos = RT_CONN_FLAGS(asoc->base.sk);
483 fl.oif = asoc->base.sk->sk_bound_dev_if; 483 fl4.flowi4_oif = asoc->base.sk->sk_bound_dev_if;
484 fl.fl_ip_sport = htons(asoc->base.bind_addr.port); 484 fl4.fl4_sport = htons(asoc->base.bind_addr.port);
485 } 485 }
486 if (saddr) { 486 if (saddr) {
487 fl.fl4_src = saddr->v4.sin_addr.s_addr; 487 fl4.saddr = saddr->v4.sin_addr.s_addr;
488 fl.fl_ip_sport = saddr->v4.sin_port; 488 fl4.fl4_sport = saddr->v4.sin_port;
489 } 489 }
490 490
491 SCTP_DEBUG_PRINTK("%s: DST:%pI4, SRC:%pI4 - ", 491 SCTP_DEBUG_PRINTK("%s: DST:%pI4, SRC:%pI4 - ",
492 __func__, &fl.fl4_dst, &fl.fl4_src); 492 __func__, &fl4.daddr, &fl4.saddr);
493 493
494 if (!ip_route_output_key(&init_net, &rt, &fl)) { 494 rt = ip_route_output_key(&init_net, &fl4);
495 if (!IS_ERR(rt))
495 dst = &rt->dst; 496 dst = &rt->dst;
496 }
497 497
498 /* If there is no association or if a source address is passed, no 498 /* If there is no association or if a source address is passed, no
499 * more validation is required. 499 * more validation is required.
@@ -533,9 +533,10 @@ static struct dst_entry *sctp_v4_get_dst(struct sctp_association *asoc,
533 continue; 533 continue;
534 if ((laddr->state == SCTP_ADDR_SRC) && 534 if ((laddr->state == SCTP_ADDR_SRC) &&
535 (AF_INET == laddr->a.sa.sa_family)) { 535 (AF_INET == laddr->a.sa.sa_family)) {
536 fl.fl4_src = laddr->a.v4.sin_addr.s_addr; 536 fl4.saddr = laddr->a.v4.sin_addr.s_addr;
537 fl.fl_ip_sport = laddr->a.v4.sin_port; 537 fl4.fl4_sport = laddr->a.v4.sin_port;
538 if (!ip_route_output_key(&init_net, &rt, &fl)) { 538 rt = ip_route_output_key(&init_net, &fl4);
539 if (!IS_ERR(rt)) {
539 dst = &rt->dst; 540 dst = &rt->dst;
540 goto out_unlock; 541 goto out_unlock;
541 } 542 }
@@ -1204,7 +1205,7 @@ SCTP_STATIC __init int sctp_init(void)
1204 if ((sctp_assoc_hashsize > (64 * 1024)) && order > 0) 1205 if ((sctp_assoc_hashsize > (64 * 1024)) && order > 0)
1205 continue; 1206 continue;
1206 sctp_assoc_hashtable = (struct sctp_hashbucket *) 1207 sctp_assoc_hashtable = (struct sctp_hashbucket *)
1207 __get_free_pages(GFP_ATOMIC, order); 1208 __get_free_pages(GFP_ATOMIC|__GFP_NOWARN, order);
1208 } while (!sctp_assoc_hashtable && --order > 0); 1209 } while (!sctp_assoc_hashtable && --order > 0);
1209 if (!sctp_assoc_hashtable) { 1210 if (!sctp_assoc_hashtable) {
1210 pr_err("Failed association hash alloc\n"); 1211 pr_err("Failed association hash alloc\n");
@@ -1237,7 +1238,7 @@ SCTP_STATIC __init int sctp_init(void)
1237 if ((sctp_port_hashsize > (64 * 1024)) && order > 0) 1238 if ((sctp_port_hashsize > (64 * 1024)) && order > 0)
1238 continue; 1239 continue;
1239 sctp_port_hashtable = (struct sctp_bind_hashbucket *) 1240 sctp_port_hashtable = (struct sctp_bind_hashbucket *)
1240 __get_free_pages(GFP_ATOMIC, order); 1241 __get_free_pages(GFP_ATOMIC|__GFP_NOWARN, order);
1241 } while (!sctp_port_hashtable && --order > 0); 1242 } while (!sctp_port_hashtable && --order > 0);
1242 if (!sctp_port_hashtable) { 1243 if (!sctp_port_hashtable) {
1243 pr_err("Failed bind hash alloc\n"); 1244 pr_err("Failed bind hash alloc\n");
diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c
index 2cc46f0962ca..b3434cc7d0cf 100644
--- a/net/sctp/sm_make_chunk.c
+++ b/net/sctp/sm_make_chunk.c
@@ -2029,11 +2029,11 @@ static sctp_ierror_t sctp_process_unk_param(const struct sctp_association *asoc,
2029 *errp = sctp_make_op_error_fixed(asoc, chunk); 2029 *errp = sctp_make_op_error_fixed(asoc, chunk);
2030 2030
2031 if (*errp) { 2031 if (*errp) {
2032 sctp_init_cause_fixed(*errp, SCTP_ERROR_UNKNOWN_PARAM, 2032 if (!sctp_init_cause_fixed(*errp, SCTP_ERROR_UNKNOWN_PARAM,
2033 WORD_ROUND(ntohs(param.p->length))); 2033 WORD_ROUND(ntohs(param.p->length))))
2034 sctp_addto_chunk_fixed(*errp, 2034 sctp_addto_chunk_fixed(*errp,
2035 WORD_ROUND(ntohs(param.p->length)), 2035 WORD_ROUND(ntohs(param.p->length)),
2036 param.v); 2036 param.v);
2037 } else { 2037 } else {
2038 /* If there is no memory for generating the ERROR 2038 /* If there is no memory for generating the ERROR
2039 * report as specified, an ABORT will be triggered 2039 * report as specified, an ABORT will be triggered
@@ -3106,10 +3106,10 @@ struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc,
3106 3106
3107 /* create an ASCONF_ACK chunk. 3107 /* create an ASCONF_ACK chunk.
3108 * Based on the definitions of parameters, we know that the size of 3108 * Based on the definitions of parameters, we know that the size of
3109 * ASCONF_ACK parameters are less than or equal to the twice of ASCONF 3109 * ASCONF_ACK parameters are less than or equal to the fourfold of ASCONF
3110 * parameters. 3110 * parameters.
3111 */ 3111 */
3112 asconf_ack = sctp_make_asconf_ack(asoc, serial, chunk_len * 2); 3112 asconf_ack = sctp_make_asconf_ack(asoc, serial, chunk_len * 4);
3113 if (!asconf_ack) 3113 if (!asconf_ack)
3114 goto done; 3114 goto done;
3115 3115
@@ -3375,7 +3375,6 @@ struct sctp_chunk *sctp_make_fwdtsn(const struct sctp_association *asoc,
3375 struct sctp_fwdtsn_skip *skiplist) 3375 struct sctp_fwdtsn_skip *skiplist)
3376{ 3376{
3377 struct sctp_chunk *retval = NULL; 3377 struct sctp_chunk *retval = NULL;
3378 struct sctp_fwdtsn_chunk *ftsn_chunk;
3379 struct sctp_fwdtsn_hdr ftsn_hdr; 3378 struct sctp_fwdtsn_hdr ftsn_hdr;
3380 struct sctp_fwdtsn_skip skip; 3379 struct sctp_fwdtsn_skip skip;
3381 size_t hint; 3380 size_t hint;
@@ -3388,8 +3387,6 @@ struct sctp_chunk *sctp_make_fwdtsn(const struct sctp_association *asoc,
3388 if (!retval) 3387 if (!retval)
3389 return NULL; 3388 return NULL;
3390 3389
3391 ftsn_chunk = (struct sctp_fwdtsn_chunk *)retval->subh.fwdtsn_hdr;
3392
3393 ftsn_hdr.new_cum_tsn = htonl(new_cum_tsn); 3390 ftsn_hdr.new_cum_tsn = htonl(new_cum_tsn);
3394 retval->subh.fwdtsn_hdr = 3391 retval->subh.fwdtsn_hdr =
3395 sctp_addto_chunk(retval, sizeof(ftsn_hdr), &ftsn_hdr); 3392 sctp_addto_chunk(retval, sizeof(ftsn_hdr), &ftsn_hdr);
diff --git a/net/sctp/sm_sideeffect.c b/net/sctp/sm_sideeffect.c
index b21b218d564f..5f86ee4b54c1 100644
--- a/net/sctp/sm_sideeffect.c
+++ b/net/sctp/sm_sideeffect.c
@@ -482,7 +482,7 @@ static void sctp_do_8_2_transport_strike(struct sctp_association *asoc,
482 * If the timer was a heartbeat, we only increment error counts 482 * If the timer was a heartbeat, we only increment error counts
483 * when we already have an outstanding HEARTBEAT that has not 483 * when we already have an outstanding HEARTBEAT that has not
484 * been acknowledged. 484 * been acknowledged.
485 * Additionaly, some tranport states inhibit error increments. 485 * Additionally, some tranport states inhibit error increments.
486 */ 486 */
487 if (!is_hb) { 487 if (!is_hb) {
488 asoc->overall_error_count++; 488 asoc->overall_error_count++;
diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
index 4b4eb7c96bbd..76792083c379 100644
--- a/net/sctp/sm_statefuns.c
+++ b/net/sctp/sm_statefuns.c
@@ -551,7 +551,7 @@ sctp_disposition_t sctp_sf_do_5_1C_ack(const struct sctp_endpoint *ep,
551 * 551 *
552 * This means that if we only want to abort associations 552 * This means that if we only want to abort associations
553 * in an authenticated way (i.e AUTH+ABORT), then we 553 * in an authenticated way (i.e AUTH+ABORT), then we
554 * can't destroy this association just becuase the packet 554 * can't destroy this association just because the packet
555 * was malformed. 555 * was malformed.
556 */ 556 */
557 if (sctp_auth_recv_cid(SCTP_CID_ABORT, asoc)) 557 if (sctp_auth_recv_cid(SCTP_CID_ABORT, asoc))
@@ -1546,7 +1546,7 @@ cleanup:
1546} 1546}
1547 1547
1548/* 1548/*
1549 * Handle simultanous INIT. 1549 * Handle simultaneous INIT.
1550 * This means we started an INIT and then we got an INIT request from 1550 * This means we started an INIT and then we got an INIT request from
1551 * our peer. 1551 * our peer.
1552 * 1552 *
@@ -2079,7 +2079,7 @@ sctp_disposition_t sctp_sf_shutdown_pending_abort(
2079 * RFC 2960, Section 3.3.7 2079 * RFC 2960, Section 3.3.7
2080 * If an endpoint receives an ABORT with a format error or for an 2080 * If an endpoint receives an ABORT with a format error or for an
2081 * association that doesn't exist, it MUST silently discard it. 2081 * association that doesn't exist, it MUST silently discard it.
2082 * Becasue the length is "invalid", we can't really discard just 2082 * Because the length is "invalid", we can't really discard just
2083 * as we do not know its true length. So, to be safe, discard the 2083 * as we do not know its true length. So, to be safe, discard the
2084 * packet. 2084 * packet.
2085 */ 2085 */
@@ -2120,7 +2120,7 @@ sctp_disposition_t sctp_sf_shutdown_sent_abort(const struct sctp_endpoint *ep,
2120 * RFC 2960, Section 3.3.7 2120 * RFC 2960, Section 3.3.7
2121 * If an endpoint receives an ABORT with a format error or for an 2121 * If an endpoint receives an ABORT with a format error or for an
2122 * association that doesn't exist, it MUST silently discard it. 2122 * association that doesn't exist, it MUST silently discard it.
2123 * Becasue the length is "invalid", we can't really discard just 2123 * Because the length is "invalid", we can't really discard just
2124 * as we do not know its true length. So, to be safe, discard the 2124 * as we do not know its true length. So, to be safe, discard the
2125 * packet. 2125 * packet.
2126 */ 2126 */
@@ -2381,7 +2381,7 @@ sctp_disposition_t sctp_sf_do_9_1_abort(const struct sctp_endpoint *ep,
2381 * RFC 2960, Section 3.3.7 2381 * RFC 2960, Section 3.3.7
2382 * If an endpoint receives an ABORT with a format error or for an 2382 * If an endpoint receives an ABORT with a format error or for an
2383 * association that doesn't exist, it MUST silently discard it. 2383 * association that doesn't exist, it MUST silently discard it.
2384 * Becasue the length is "invalid", we can't really discard just 2384 * Because the length is "invalid", we can't really discard just
2385 * as we do not know its true length. So, to be safe, discard the 2385 * as we do not know its true length. So, to be safe, discard the
2386 * packet. 2386 * packet.
2387 */ 2387 */
@@ -2448,7 +2448,7 @@ sctp_disposition_t sctp_sf_cookie_wait_abort(const struct sctp_endpoint *ep,
2448 * RFC 2960, Section 3.3.7 2448 * RFC 2960, Section 3.3.7
2449 * If an endpoint receives an ABORT with a format error or for an 2449 * If an endpoint receives an ABORT with a format error or for an
2450 * association that doesn't exist, it MUST silently discard it. 2450 * association that doesn't exist, it MUST silently discard it.
2451 * Becasue the length is "invalid", we can't really discard just 2451 * Because the length is "invalid", we can't really discard just
2452 * as we do not know its true length. So, to be safe, discard the 2452 * as we do not know its true length. So, to be safe, discard the
2453 * packet. 2453 * packet.
2454 */ 2454 */
@@ -3855,7 +3855,7 @@ gen_shutdown:
3855} 3855}
3856 3856
3857/* 3857/*
3858 * SCTP-AUTH Section 6.3 Receving authenticated chukns 3858 * SCTP-AUTH Section 6.3 Receiving authenticated chukns
3859 * 3859 *
3860 * The receiver MUST use the HMAC algorithm indicated in the HMAC 3860 * The receiver MUST use the HMAC algorithm indicated in the HMAC
3861 * Identifier field. If this algorithm was not specified by the 3861 * Identifier field. If this algorithm was not specified by the
@@ -4231,7 +4231,7 @@ static sctp_disposition_t sctp_sf_abort_violation(
4231 * 4231 *
4232 * This means that if we only want to abort associations 4232 * This means that if we only want to abort associations
4233 * in an authenticated way (i.e AUTH+ABORT), then we 4233 * in an authenticated way (i.e AUTH+ABORT), then we
4234 * can't destroy this association just becuase the packet 4234 * can't destroy this association just because the packet
4235 * was malformed. 4235 * was malformed.
4236 */ 4236 */
4237 if (sctp_auth_recv_cid(SCTP_CID_ABORT, asoc)) 4237 if (sctp_auth_recv_cid(SCTP_CID_ABORT, asoc))
@@ -4402,9 +4402,9 @@ static sctp_disposition_t sctp_sf_violation_ctsn(
4402} 4402}
4403 4403
4404/* Handle protocol violation of an invalid chunk bundling. For example, 4404/* Handle protocol violation of an invalid chunk bundling. For example,
4405 * when we have an association and we recieve bundled INIT-ACK, or 4405 * when we have an association and we receive bundled INIT-ACK, or
4406 * SHUDOWN-COMPLETE, our peer is clearly violationg the "MUST NOT bundle" 4406 * SHUDOWN-COMPLETE, our peer is clearly violationg the "MUST NOT bundle"
4407 * statement from the specs. Additinally, there might be an attacker 4407 * statement from the specs. Additionally, there might be an attacker
4408 * on the path and we may not want to continue this communication. 4408 * on the path and we may not want to continue this communication.
4409 */ 4409 */
4410static sctp_disposition_t sctp_sf_violation_chunk( 4410static sctp_disposition_t sctp_sf_violation_chunk(
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index 8e02550ff3e8..deb82e35a107 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -1193,7 +1193,7 @@ out_free:
1193 * an endpoint that is multi-homed. Much like sctp_bindx() this call 1193 * an endpoint that is multi-homed. Much like sctp_bindx() this call
1194 * allows a caller to specify multiple addresses at which a peer can be 1194 * allows a caller to specify multiple addresses at which a peer can be
1195 * reached. The way the SCTP stack uses the list of addresses to set up 1195 * reached. The way the SCTP stack uses the list of addresses to set up
1196 * the association is implementation dependant. This function only 1196 * the association is implementation dependent. This function only
1197 * specifies that the stack will try to make use of all the addresses in 1197 * specifies that the stack will try to make use of all the addresses in
1198 * the list when needed. 1198 * the list when needed.
1199 * 1199 *
@@ -2928,7 +2928,6 @@ static int sctp_setsockopt_peer_primary_addr(struct sock *sk, char __user *optva
2928 unsigned int optlen) 2928 unsigned int optlen)
2929{ 2929{
2930 struct sctp_sock *sp; 2930 struct sctp_sock *sp;
2931 struct sctp_endpoint *ep;
2932 struct sctp_association *asoc = NULL; 2931 struct sctp_association *asoc = NULL;
2933 struct sctp_setpeerprim prim; 2932 struct sctp_setpeerprim prim;
2934 struct sctp_chunk *chunk; 2933 struct sctp_chunk *chunk;
@@ -2936,7 +2935,6 @@ static int sctp_setsockopt_peer_primary_addr(struct sock *sk, char __user *optva
2936 int err; 2935 int err;
2937 2936
2938 sp = sctp_sk(sk); 2937 sp = sctp_sk(sk);
2939 ep = sp->ep;
2940 2938
2941 if (!sctp_addip_enable) 2939 if (!sctp_addip_enable)
2942 return -EPERM; 2940 return -EPERM;
@@ -6102,15 +6100,16 @@ static void __sctp_write_space(struct sctp_association *asoc)
6102 wake_up_interruptible(&asoc->wait); 6100 wake_up_interruptible(&asoc->wait);
6103 6101
6104 if (sctp_writeable(sk)) { 6102 if (sctp_writeable(sk)) {
6105 if (sk_sleep(sk) && waitqueue_active(sk_sleep(sk))) 6103 wait_queue_head_t *wq = sk_sleep(sk);
6106 wake_up_interruptible(sk_sleep(sk)); 6104
6105 if (wq && waitqueue_active(wq))
6106 wake_up_interruptible(wq);
6107 6107
6108 /* Note that we try to include the Async I/O support 6108 /* Note that we try to include the Async I/O support
6109 * here by modeling from the current TCP/UDP code. 6109 * here by modeling from the current TCP/UDP code.
6110 * We have not tested with it yet. 6110 * We have not tested with it yet.
6111 */ 6111 */
6112 if (sock->wq->fasync_list && 6112 if (!(sk->sk_shutdown & SEND_SHUTDOWN))
6113 !(sk->sk_shutdown & SEND_SHUTDOWN))
6114 sock_wake_async(sock, 6113 sock_wake_async(sock,
6115 SOCK_WAKE_SPACE, POLL_OUT); 6114 SOCK_WAKE_SPACE, POLL_OUT);
6116 } 6115 }
diff --git a/net/sctp/tsnmap.c b/net/sctp/tsnmap.c
index 747d5412c463..f1e40cebc981 100644
--- a/net/sctp/tsnmap.c
+++ b/net/sctp/tsnmap.c
@@ -344,7 +344,7 @@ __u16 sctp_tsnmap_num_gabs(struct sctp_tsnmap *map,
344 344
345 /* Refresh the gap ack information. */ 345 /* Refresh the gap ack information. */
346 if (sctp_tsnmap_has_gap(map)) { 346 if (sctp_tsnmap_has_gap(map)) {
347 __u16 start, end; 347 __u16 start = 0, end = 0;
348 sctp_tsnmap_iter_init(map, &iter); 348 sctp_tsnmap_iter_init(map, &iter);
349 while (sctp_tsnmap_next_gap_ack(map, &iter, 349 while (sctp_tsnmap_next_gap_ack(map, &iter,
350 &start, 350 &start,
diff --git a/net/sctp/ulpevent.c b/net/sctp/ulpevent.c
index aa72e89c3ee1..61b1f5ada96a 100644
--- a/net/sctp/ulpevent.c
+++ b/net/sctp/ulpevent.c
@@ -554,7 +554,7 @@ struct sctp_ulpevent *sctp_ulpevent_make_send_failed(
554 memcpy(&ssf->ssf_info, &chunk->sinfo, sizeof(struct sctp_sndrcvinfo)); 554 memcpy(&ssf->ssf_info, &chunk->sinfo, sizeof(struct sctp_sndrcvinfo));
555 555
556 /* Per TSVWG discussion with Randy. Allow the application to 556 /* Per TSVWG discussion with Randy. Allow the application to
557 * ressemble a fragmented message. 557 * reassemble a fragmented message.
558 */ 558 */
559 ssf->ssf_info.sinfo_flags = chunk->chunk_hdr->flags; 559 ssf->ssf_info.sinfo_flags = chunk->chunk_hdr->flags;
560 560
diff --git a/net/sctp/ulpqueue.c b/net/sctp/ulpqueue.c
index c7f7e49609cb..f2d1de7f2ffb 100644
--- a/net/sctp/ulpqueue.c
+++ b/net/sctp/ulpqueue.c
@@ -105,11 +105,8 @@ int sctp_ulpq_tail_data(struct sctp_ulpq *ulpq, struct sctp_chunk *chunk,
105 gfp_t gfp) 105 gfp_t gfp)
106{ 106{
107 struct sk_buff_head temp; 107 struct sk_buff_head temp;
108 sctp_data_chunk_t *hdr;
109 struct sctp_ulpevent *event; 108 struct sctp_ulpevent *event;
110 109
111 hdr = (sctp_data_chunk_t *) chunk->chunk_hdr;
112
113 /* Create an event from the incoming chunk. */ 110 /* Create an event from the incoming chunk. */
114 event = sctp_ulpevent_make_rcvmsg(chunk->asoc, chunk, gfp); 111 event = sctp_ulpevent_make_rcvmsg(chunk->asoc, chunk, gfp);
115 if (!event) 112 if (!event)
@@ -243,7 +240,7 @@ int sctp_ulpq_tail_event(struct sctp_ulpq *ulpq, struct sctp_ulpevent *event)
243 } else { 240 } else {
244 /* 241 /*
245 * If fragment interleave is enabled, we 242 * If fragment interleave is enabled, we
246 * can queue this to the recieve queue instead 243 * can queue this to the receive queue instead
247 * of the lobby. 244 * of the lobby.
248 */ 245 */
249 if (sctp_sk(sk)->frag_interleave) 246 if (sctp_sk(sk)->frag_interleave)
@@ -743,11 +740,9 @@ static void sctp_ulpq_retrieve_ordered(struct sctp_ulpq *ulpq,
743 struct sk_buff *pos, *tmp; 740 struct sk_buff *pos, *tmp;
744 struct sctp_ulpevent *cevent; 741 struct sctp_ulpevent *cevent;
745 struct sctp_stream *in; 742 struct sctp_stream *in;
746 __u16 sid, csid; 743 __u16 sid, csid, cssn;
747 __u16 ssn, cssn;
748 744
749 sid = event->stream; 745 sid = event->stream;
750 ssn = event->ssn;
751 in = &ulpq->asoc->ssnmap->in; 746 in = &ulpq->asoc->ssnmap->in;
752 747
753 event_list = (struct sk_buff_head *) sctp_event2skb(event)->prev; 748 event_list = (struct sk_buff_head *) sctp_event2skb(event)->prev;
generated by cgit v1.2.2 (git 2.25.0) at 2025-09-02 19:46:08 -0400