aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
Diffstat (limited to 'net')
-rw-r--r--net/can/raw.c26
-rw-r--r--net/core/neighbour.c8
-rw-r--r--net/core/skbuff.c3
-rw-r--r--net/hsr/hsr_framereg.c2
-rw-r--r--net/ipv4/af_inet.c7
-rw-r--r--net/ipv4/ip_output.c3
-rw-r--r--net/ipv4/ip_tunnel.c53
-rw-r--r--net/ipv4/ip_tunnel_core.c47
-rw-r--r--net/ipv4/netfilter/nf_nat_snmp_basic.c4
-rw-r--r--net/ipv4/tcp.c8
-rw-r--r--net/ipv4/tcp_cong.c3
-rw-r--r--net/ipv4/tcp_input.c3
-rw-r--r--net/ipv4/tcp_output.c22
-rw-r--r--net/ipv6/Kconfig1
-rw-r--r--net/ipv6/exthdrs_core.c2
-rw-r--r--net/ipv6/ip6_offload.c20
-rw-r--r--net/ipv6/ip6_output.c3
-rw-r--r--net/ipv6/ping.c1
-rw-r--r--net/ipv6/sit.c19
-rw-r--r--net/ipv6/udp_offload.c2
-rw-r--r--net/mac80211/ieee80211_i.h10
-rw-r--r--net/mac80211/mlme.c24
-rw-r--r--net/mac80211/rx.c7
-rw-r--r--net/mac80211/sta_info.c66
-rw-r--r--net/mac80211/sta_info.h7
-rw-r--r--net/mac80211/tx.c15
-rw-r--r--net/mac80211/util.c48
-rw-r--r--net/mac80211/wme.c5
-rw-r--r--net/netfilter/nf_conntrack_netlink.c35
-rw-r--r--net/netfilter/nf_nat_core.c56
-rw-r--r--net/netfilter/nft_meta.c4
-rw-r--r--net/netfilter/nft_payload.c3
-rw-r--r--net/netfilter/nft_reject_inet.c4
-rw-r--r--net/netlink/af_netlink.c4
-rw-r--r--net/nfc/nci/core.c2
-rw-r--r--net/sched/sch_tbf.c24
-rw-r--r--net/sctp/associola.c129
-rw-r--r--net/sctp/sm_sideeffect.c7
-rw-r--r--net/sctp/sm_statefuns.c7
-rw-r--r--net/sunrpc/auth_gss/auth_gss.c19
-rw-r--r--net/sunrpc/backchannel_rqst.c6
-rw-r--r--net/sunrpc/xprtsock.c6
-rw-r--r--net/tipc/bearer.c7
-rw-r--r--net/tipc/config.c2
-rw-r--r--net/tipc/core.c109
-rw-r--r--net/tipc/core.h1
-rw-r--r--net/tipc/name_table.c3
-rw-r--r--net/tipc/netlink.c8
-rw-r--r--net/tipc/ref.c3
-rw-r--r--net/tipc/server.c5
-rw-r--r--net/tipc/server.h2
-rw-r--r--net/tipc/socket.c8
-rw-r--r--net/wireless/reg.c12
-rw-r--r--net/xfrm/xfrm_policy.c2
-rw-r--r--net/xfrm/xfrm_state.c23
-rw-r--r--net/xfrm/xfrm_user.c5
56 files changed, 525 insertions, 390 deletions
diff --git a/net/can/raw.c b/net/can/raw.c
index 8be757cca2ec..081e81fd017f 100644
--- a/net/can/raw.c
+++ b/net/can/raw.c
@@ -121,13 +121,9 @@ static void raw_rcv(struct sk_buff *oskb, void *data)
121 if (!ro->recv_own_msgs && oskb->sk == sk) 121 if (!ro->recv_own_msgs && oskb->sk == sk)
122 return; 122 return;
123 123
124 /* do not pass frames with DLC > 8 to a legacy socket */ 124 /* do not pass non-CAN2.0 frames to a legacy socket */
125 if (!ro->fd_frames) { 125 if (!ro->fd_frames && oskb->len != CAN_MTU)
126 struct canfd_frame *cfd = (struct canfd_frame *)oskb->data; 126 return;
127
128 if (unlikely(cfd->len > CAN_MAX_DLEN))
129 return;
130 }
131 127
132 /* clone the given skb to be able to enqueue it into the rcv queue */ 128 /* clone the given skb to be able to enqueue it into the rcv queue */
133 skb = skb_clone(oskb, GFP_ATOMIC); 129 skb = skb_clone(oskb, GFP_ATOMIC);
@@ -738,9 +734,7 @@ static int raw_recvmsg(struct kiocb *iocb, struct socket *sock,
738 struct msghdr *msg, size_t size, int flags) 734 struct msghdr *msg, size_t size, int flags)
739{ 735{
740 struct sock *sk = sock->sk; 736 struct sock *sk = sock->sk;
741 struct raw_sock *ro = raw_sk(sk);
742 struct sk_buff *skb; 737 struct sk_buff *skb;
743 int rxmtu;
744 int err = 0; 738 int err = 0;
745 int noblock; 739 int noblock;
746 740
@@ -751,20 +745,10 @@ static int raw_recvmsg(struct kiocb *iocb, struct socket *sock,
751 if (!skb) 745 if (!skb)
752 return err; 746 return err;
753 747
754 /* 748 if (size < skb->len)
755 * when serving a legacy socket the DLC <= 8 is already checked inside
756 * raw_rcv(). Now check if we need to pass a canfd_frame to a legacy
757 * socket and cut the possible CANFD_MTU/CAN_MTU length to CAN_MTU
758 */
759 if (!ro->fd_frames)
760 rxmtu = CAN_MTU;
761 else
762 rxmtu = skb->len;
763
764 if (size < rxmtu)
765 msg->msg_flags |= MSG_TRUNC; 749 msg->msg_flags |= MSG_TRUNC;
766 else 750 else
767 size = rxmtu; 751 size = skb->len;
768 752
769 err = memcpy_toiovec(msg->msg_iov, skb->data, size); 753 err = memcpy_toiovec(msg->msg_iov, skb->data, size);
770 if (err < 0) { 754 if (err < 0) {
diff --git a/net/core/neighbour.c b/net/core/neighbour.c
index fbde4e3ce802..8f8a96ef9f3f 100644
--- a/net/core/neighbour.c
+++ b/net/core/neighbour.c
@@ -766,9 +766,6 @@ static void neigh_periodic_work(struct work_struct *work)
766 nht = rcu_dereference_protected(tbl->nht, 766 nht = rcu_dereference_protected(tbl->nht,
767 lockdep_is_held(&tbl->lock)); 767 lockdep_is_held(&tbl->lock));
768 768
769 if (atomic_read(&tbl->entries) < tbl->gc_thresh1)
770 goto out;
771
772 /* 769 /*
773 * periodically recompute ReachableTime from random function 770 * periodically recompute ReachableTime from random function
774 */ 771 */
@@ -781,6 +778,9 @@ static void neigh_periodic_work(struct work_struct *work)
781 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME)); 778 neigh_rand_reach_time(NEIGH_VAR(p, BASE_REACHABLE_TIME));
782 } 779 }
783 780
781 if (atomic_read(&tbl->entries) < tbl->gc_thresh1)
782 goto out;
783
784 for (i = 0 ; i < (1 << nht->hash_shift); i++) { 784 for (i = 0 ; i < (1 << nht->hash_shift); i++) {
785 np = &nht->hash_buckets[i]; 785 np = &nht->hash_buckets[i];
786 786
@@ -3047,7 +3047,7 @@ int neigh_sysctl_register(struct net_device *dev, struct neigh_parms *p,
3047 if (!t) 3047 if (!t)
3048 goto err; 3048 goto err;
3049 3049
3050 for (i = 0; i < ARRAY_SIZE(t->neigh_vars); i++) { 3050 for (i = 0; i < NEIGH_VAR_GC_INTERVAL; i++) {
3051 t->neigh_vars[i].data += (long) p; 3051 t->neigh_vars[i].data += (long) p;
3052 t->neigh_vars[i].extra1 = dev; 3052 t->neigh_vars[i].extra1 = dev;
3053 t->neigh_vars[i].extra2 = p; 3053 t->neigh_vars[i].extra2 = p;
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index f28c37996aad..465a01c97c76 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -707,9 +707,6 @@ static void __copy_skb_header(struct sk_buff *new, const struct sk_buff *old)
707 new->mark = old->mark; 707 new->mark = old->mark;
708 new->skb_iif = old->skb_iif; 708 new->skb_iif = old->skb_iif;
709 __nf_copy(new, old); 709 __nf_copy(new, old);
710#if IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TRACE)
711 new->nf_trace = old->nf_trace;
712#endif
713#ifdef CONFIG_NET_SCHED 710#ifdef CONFIG_NET_SCHED
714 new->tc_index = old->tc_index; 711 new->tc_index = old->tc_index;
715#ifdef CONFIG_NET_CLS_ACT 712#ifdef CONFIG_NET_CLS_ACT
diff --git a/net/hsr/hsr_framereg.c b/net/hsr/hsr_framereg.c
index 3d0100f0bae3..83e58449366a 100644
--- a/net/hsr/hsr_framereg.c
+++ b/net/hsr/hsr_framereg.c
@@ -297,7 +297,7 @@ static bool seq_nr_after(u16 a, u16 b)
297 297
298void hsr_register_frame_in(struct node_entry *node, enum hsr_dev_idx dev_idx) 298void hsr_register_frame_in(struct node_entry *node, enum hsr_dev_idx dev_idx)
299{ 299{
300 if ((dev_idx < 0) || (dev_idx >= HSR_MAX_DEV)) { 300 if ((dev_idx < 0) || (dev_idx >= HSR_MAX_SLAVE)) {
301 WARN_ONCE(1, "%s: Invalid dev_idx (%d)\n", __func__, dev_idx); 301 WARN_ONCE(1, "%s: Invalid dev_idx (%d)\n", __func__, dev_idx);
302 return; 302 return;
303 } 303 }
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index ecd2c3f245ce..19ab78aca547 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -1296,8 +1296,11 @@ static struct sk_buff *inet_gso_segment(struct sk_buff *skb,
1296 1296
1297 segs = ERR_PTR(-EPROTONOSUPPORT); 1297 segs = ERR_PTR(-EPROTONOSUPPORT);
1298 1298
1299 /* Note : following gso_segment() might change skb->encapsulation */ 1299 if (skb->encapsulation &&
1300 udpfrag = !skb->encapsulation && proto == IPPROTO_UDP; 1300 skb_shinfo(skb)->gso_type & (SKB_GSO_SIT|SKB_GSO_IPIP))
1301 udpfrag = proto == IPPROTO_UDP && encap;
1302 else
1303 udpfrag = proto == IPPROTO_UDP && !skb->encapsulation;
1301 1304
1302 ops = rcu_dereference(inet_offloads[proto]); 1305 ops = rcu_dereference(inet_offloads[proto]);
1303 if (likely(ops && ops->callbacks.gso_segment)) 1306 if (likely(ops && ops->callbacks.gso_segment))
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index e85445b2b102..1a0755fea491 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -422,9 +422,6 @@ static void ip_copy_metadata(struct sk_buff *to, struct sk_buff *from)
422 to->tc_index = from->tc_index; 422 to->tc_index = from->tc_index;
423#endif 423#endif
424 nf_copy(to, from); 424 nf_copy(to, from);
425#if IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TRACE)
426 to->nf_trace = from->nf_trace;
427#endif
428#if defined(CONFIG_IP_VS) || defined(CONFIG_IP_VS_MODULE) 425#if defined(CONFIG_IP_VS) || defined(CONFIG_IP_VS_MODULE)
429 to->ipvs_property = from->ipvs_property; 426 to->ipvs_property = from->ipvs_property;
430#endif 427#endif
diff --git a/net/ipv4/ip_tunnel.c b/net/ipv4/ip_tunnel.c
index 4fff64418fb2..66aaf506fbef 100644
--- a/net/ipv4/ip_tunnel.c
+++ b/net/ipv4/ip_tunnel.c
@@ -93,13 +93,14 @@ static void tunnel_dst_reset(struct ip_tunnel *t)
93 tunnel_dst_set(t, NULL); 93 tunnel_dst_set(t, NULL);
94} 94}
95 95
96static void tunnel_dst_reset_all(struct ip_tunnel *t) 96void ip_tunnel_dst_reset_all(struct ip_tunnel *t)
97{ 97{
98 int i; 98 int i;
99 99
100 for_each_possible_cpu(i) 100 for_each_possible_cpu(i)
101 __tunnel_dst_set(per_cpu_ptr(t->dst_cache, i), NULL); 101 __tunnel_dst_set(per_cpu_ptr(t->dst_cache, i), NULL);
102} 102}
103EXPORT_SYMBOL(ip_tunnel_dst_reset_all);
103 104
104static struct rtable *tunnel_rtable_get(struct ip_tunnel *t, u32 cookie) 105static struct rtable *tunnel_rtable_get(struct ip_tunnel *t, u32 cookie)
105{ 106{
@@ -119,52 +120,6 @@ static struct rtable *tunnel_rtable_get(struct ip_tunnel *t, u32 cookie)
119 return (struct rtable *)dst; 120 return (struct rtable *)dst;
120} 121}
121 122
122/* Often modified stats are per cpu, other are shared (netdev->stats) */
123struct rtnl_link_stats64 *ip_tunnel_get_stats64(struct net_device *dev,
124 struct rtnl_link_stats64 *tot)
125{
126 int i;
127
128 for_each_possible_cpu(i) {
129 const struct pcpu_sw_netstats *tstats =
130 per_cpu_ptr(dev->tstats, i);
131 u64 rx_packets, rx_bytes, tx_packets, tx_bytes;
132 unsigned int start;
133
134 do {
135 start = u64_stats_fetch_begin_bh(&tstats->syncp);
136 rx_packets = tstats->rx_packets;
137 tx_packets = tstats->tx_packets;
138 rx_bytes = tstats->rx_bytes;
139 tx_bytes = tstats->tx_bytes;
140 } while (u64_stats_fetch_retry_bh(&tstats->syncp, start));
141
142 tot->rx_packets += rx_packets;
143 tot->tx_packets += tx_packets;
144 tot->rx_bytes += rx_bytes;
145 tot->tx_bytes += tx_bytes;
146 }
147
148 tot->multicast = dev->stats.multicast;
149
150 tot->rx_crc_errors = dev->stats.rx_crc_errors;
151 tot->rx_fifo_errors = dev->stats.rx_fifo_errors;
152 tot->rx_length_errors = dev->stats.rx_length_errors;
153 tot->rx_frame_errors = dev->stats.rx_frame_errors;
154 tot->rx_errors = dev->stats.rx_errors;
155
156 tot->tx_fifo_errors = dev->stats.tx_fifo_errors;
157 tot->tx_carrier_errors = dev->stats.tx_carrier_errors;
158 tot->tx_dropped = dev->stats.tx_dropped;
159 tot->tx_aborted_errors = dev->stats.tx_aborted_errors;
160 tot->tx_errors = dev->stats.tx_errors;
161
162 tot->collisions = dev->stats.collisions;
163
164 return tot;
165}
166EXPORT_SYMBOL_GPL(ip_tunnel_get_stats64);
167
168static bool ip_tunnel_key_match(const struct ip_tunnel_parm *p, 123static bool ip_tunnel_key_match(const struct ip_tunnel_parm *p,
169 __be16 flags, __be32 key) 124 __be16 flags, __be32 key)
170{ 125{
@@ -763,7 +718,7 @@ static void ip_tunnel_update(struct ip_tunnel_net *itn,
763 if (set_mtu) 718 if (set_mtu)
764 dev->mtu = mtu; 719 dev->mtu = mtu;
765 } 720 }
766 tunnel_dst_reset_all(t); 721 ip_tunnel_dst_reset_all(t);
767 netdev_state_change(dev); 722 netdev_state_change(dev);
768} 723}
769 724
@@ -1091,7 +1046,7 @@ void ip_tunnel_uninit(struct net_device *dev)
1091 if (itn->fb_tunnel_dev != dev) 1046 if (itn->fb_tunnel_dev != dev)
1092 ip_tunnel_del(netdev_priv(dev)); 1047 ip_tunnel_del(netdev_priv(dev));
1093 1048
1094 tunnel_dst_reset_all(tunnel); 1049 ip_tunnel_dst_reset_all(tunnel);
1095} 1050}
1096EXPORT_SYMBOL_GPL(ip_tunnel_uninit); 1051EXPORT_SYMBOL_GPL(ip_tunnel_uninit);
1097 1052
diff --git a/net/ipv4/ip_tunnel_core.c b/net/ipv4/ip_tunnel_core.c
index 6156f4ef5e91..6f847dd56dbc 100644
--- a/net/ipv4/ip_tunnel_core.c
+++ b/net/ipv4/ip_tunnel_core.c
@@ -108,7 +108,6 @@ int iptunnel_pull_header(struct sk_buff *skb, int hdr_len, __be16 inner_proto)
108 nf_reset(skb); 108 nf_reset(skb);
109 secpath_reset(skb); 109 secpath_reset(skb);
110 skb_clear_hash_if_not_l4(skb); 110 skb_clear_hash_if_not_l4(skb);
111 skb_dst_drop(skb);
112 skb->vlan_tci = 0; 111 skb->vlan_tci = 0;
113 skb_set_queue_mapping(skb, 0); 112 skb_set_queue_mapping(skb, 0);
114 skb->pkt_type = PACKET_HOST; 113 skb->pkt_type = PACKET_HOST;
@@ -148,3 +147,49 @@ error:
148 return ERR_PTR(err); 147 return ERR_PTR(err);
149} 148}
150EXPORT_SYMBOL_GPL(iptunnel_handle_offloads); 149EXPORT_SYMBOL_GPL(iptunnel_handle_offloads);
150
151/* Often modified stats are per cpu, other are shared (netdev->stats) */
152struct rtnl_link_stats64 *ip_tunnel_get_stats64(struct net_device *dev,
153 struct rtnl_link_stats64 *tot)
154{
155 int i;
156
157 for_each_possible_cpu(i) {
158 const struct pcpu_sw_netstats *tstats =
159 per_cpu_ptr(dev->tstats, i);
160 u64 rx_packets, rx_bytes, tx_packets, tx_bytes;
161 unsigned int start;
162
163 do {
164 start = u64_stats_fetch_begin_bh(&tstats->syncp);
165 rx_packets = tstats->rx_packets;
166 tx_packets = tstats->tx_packets;
167 rx_bytes = tstats->rx_bytes;
168 tx_bytes = tstats->tx_bytes;
169 } while (u64_stats_fetch_retry_bh(&tstats->syncp, start));
170
171 tot->rx_packets += rx_packets;
172 tot->tx_packets += tx_packets;
173 tot->rx_bytes += rx_bytes;
174 tot->tx_bytes += tx_bytes;
175 }
176
177 tot->multicast = dev->stats.multicast;
178
179 tot->rx_crc_errors = dev->stats.rx_crc_errors;
180 tot->rx_fifo_errors = dev->stats.rx_fifo_errors;
181 tot->rx_length_errors = dev->stats.rx_length_errors;
182 tot->rx_frame_errors = dev->stats.rx_frame_errors;
183 tot->rx_errors = dev->stats.rx_errors;
184
185 tot->tx_fifo_errors = dev->stats.tx_fifo_errors;
186 tot->tx_carrier_errors = dev->stats.tx_carrier_errors;
187 tot->tx_dropped = dev->stats.tx_dropped;
188 tot->tx_aborted_errors = dev->stats.tx_aborted_errors;
189 tot->tx_errors = dev->stats.tx_errors;
190
191 tot->collisions = dev->stats.collisions;
192
193 return tot;
194}
195EXPORT_SYMBOL_GPL(ip_tunnel_get_stats64);
diff --git a/net/ipv4/netfilter/nf_nat_snmp_basic.c b/net/ipv4/netfilter/nf_nat_snmp_basic.c
index d551e31b416e..7c676671329d 100644
--- a/net/ipv4/netfilter/nf_nat_snmp_basic.c
+++ b/net/ipv4/netfilter/nf_nat_snmp_basic.c
@@ -1198,8 +1198,8 @@ static int snmp_translate(struct nf_conn *ct,
1198 map.to = NOCT1(&ct->tuplehash[!dir].tuple.dst.u3.ip); 1198 map.to = NOCT1(&ct->tuplehash[!dir].tuple.dst.u3.ip);
1199 } else { 1199 } else {
1200 /* DNAT replies */ 1200 /* DNAT replies */
1201 map.from = NOCT1(&ct->tuplehash[dir].tuple.src.u3.ip); 1201 map.from = NOCT1(&ct->tuplehash[!dir].tuple.src.u3.ip);
1202 map.to = NOCT1(&ct->tuplehash[!dir].tuple.dst.u3.ip); 1202 map.to = NOCT1(&ct->tuplehash[dir].tuple.dst.u3.ip);
1203 } 1203 }
1204 1204
1205 if (map.from == map.to) 1205 if (map.from == map.to)
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index 7374905b3701..4bd6d52eeffb 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -1044,7 +1044,8 @@ void tcp_free_fastopen_req(struct tcp_sock *tp)
1044 } 1044 }
1045} 1045}
1046 1046
1047static int tcp_sendmsg_fastopen(struct sock *sk, struct msghdr *msg, int *size) 1047static int tcp_sendmsg_fastopen(struct sock *sk, struct msghdr *msg,
1048 int *copied, size_t size)
1048{ 1049{
1049 struct tcp_sock *tp = tcp_sk(sk); 1050 struct tcp_sock *tp = tcp_sk(sk);
1050 int err, flags; 1051 int err, flags;
@@ -1059,11 +1060,12 @@ static int tcp_sendmsg_fastopen(struct sock *sk, struct msghdr *msg, int *size)
1059 if (unlikely(tp->fastopen_req == NULL)) 1060 if (unlikely(tp->fastopen_req == NULL))
1060 return -ENOBUFS; 1061 return -ENOBUFS;
1061 tp->fastopen_req->data = msg; 1062 tp->fastopen_req->data = msg;
1063 tp->fastopen_req->size = size;
1062 1064
1063 flags = (msg->msg_flags & MSG_DONTWAIT) ? O_NONBLOCK : 0; 1065 flags = (msg->msg_flags & MSG_DONTWAIT) ? O_NONBLOCK : 0;
1064 err = __inet_stream_connect(sk->sk_socket, msg->msg_name, 1066 err = __inet_stream_connect(sk->sk_socket, msg->msg_name,
1065 msg->msg_namelen, flags); 1067 msg->msg_namelen, flags);
1066 *size = tp->fastopen_req->copied; 1068 *copied = tp->fastopen_req->copied;
1067 tcp_free_fastopen_req(tp); 1069 tcp_free_fastopen_req(tp);
1068 return err; 1070 return err;
1069} 1071}
@@ -1083,7 +1085,7 @@ int tcp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
1083 1085
1084 flags = msg->msg_flags; 1086 flags = msg->msg_flags;
1085 if (flags & MSG_FASTOPEN) { 1087 if (flags & MSG_FASTOPEN) {
1086 err = tcp_sendmsg_fastopen(sk, msg, &copied_syn); 1088 err = tcp_sendmsg_fastopen(sk, msg, &copied_syn, size);
1087 if (err == -EINPROGRESS && copied_syn > 0) 1089 if (err == -EINPROGRESS && copied_syn > 0)
1088 goto out; 1090 goto out;
1089 else if (err) 1091 else if (err)
diff --git a/net/ipv4/tcp_cong.c b/net/ipv4/tcp_cong.c
index f49351edf97d..2b9464c93b88 100644
--- a/net/ipv4/tcp_cong.c
+++ b/net/ipv4/tcp_cong.c
@@ -290,8 +290,7 @@ bool tcp_is_cwnd_limited(const struct sock *sk, u32 in_flight)
290 left = tp->snd_cwnd - in_flight; 290 left = tp->snd_cwnd - in_flight;
291 if (sk_can_gso(sk) && 291 if (sk_can_gso(sk) &&
292 left * sysctl_tcp_tso_win_divisor < tp->snd_cwnd && 292 left * sysctl_tcp_tso_win_divisor < tp->snd_cwnd &&
293 left * tp->mss_cache < sk->sk_gso_max_size && 293 left < tp->xmit_size_goal_segs)
294 left < sk->sk_gso_max_segs)
295 return true; 294 return true;
296 return left <= tcp_max_tso_deferred_mss(tp); 295 return left <= tcp_max_tso_deferred_mss(tp);
297} 296}
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index 6e4809389cbf..b99003f556d8 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -1944,8 +1944,9 @@ void tcp_enter_loss(struct sock *sk, int how)
1944 if (skb == tcp_send_head(sk)) 1944 if (skb == tcp_send_head(sk))
1945 break; 1945 break;
1946 1946
1947 if (TCP_SKB_CB(skb)->sacked & TCPCB_RETRANS) 1947 if (TCP_SKB_CB(skb)->sacked & TCPCB_SACKED_RETRANS)
1948 tp->undo_marker = 0; 1948 tp->undo_marker = 0;
1949
1949 TCP_SKB_CB(skb)->sacked &= (~TCPCB_TAGBITS)|TCPCB_SACKED_ACKED; 1950 TCP_SKB_CB(skb)->sacked &= (~TCPCB_TAGBITS)|TCPCB_SACKED_ACKED;
1950 if (!(TCP_SKB_CB(skb)->sacked&TCPCB_SACKED_ACKED) || how) { 1951 if (!(TCP_SKB_CB(skb)->sacked&TCPCB_SACKED_ACKED) || how) {
1951 TCP_SKB_CB(skb)->sacked &= ~TCPCB_SACKED_ACKED; 1952 TCP_SKB_CB(skb)->sacked &= ~TCPCB_SACKED_ACKED;
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index aaa68f5b1055..5286228679bd 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -873,8 +873,8 @@ static int tcp_transmit_skb(struct sock *sk, struct sk_buff *skb, int clone_it,
873 873
874 if (unlikely(skb->fclone == SKB_FCLONE_ORIG && 874 if (unlikely(skb->fclone == SKB_FCLONE_ORIG &&
875 fclone->fclone == SKB_FCLONE_CLONE)) 875 fclone->fclone == SKB_FCLONE_CLONE))
876 NET_INC_STATS_BH(sock_net(sk), 876 NET_INC_STATS(sock_net(sk),
877 LINUX_MIB_TCPSPURIOUS_RTX_HOSTQUEUES); 877 LINUX_MIB_TCPSPURIOUS_RTX_HOSTQUEUES);
878 878
879 if (unlikely(skb_cloned(skb))) 879 if (unlikely(skb_cloned(skb)))
880 skb = pskb_copy(skb, gfp_mask); 880 skb = pskb_copy(skb, gfp_mask);
@@ -2358,6 +2358,7 @@ int __tcp_retransmit_skb(struct sock *sk, struct sk_buff *skb)
2358 struct tcp_sock *tp = tcp_sk(sk); 2358 struct tcp_sock *tp = tcp_sk(sk);
2359 struct inet_connection_sock *icsk = inet_csk(sk); 2359 struct inet_connection_sock *icsk = inet_csk(sk);
2360 unsigned int cur_mss; 2360 unsigned int cur_mss;
2361 int err;
2361 2362
2362 /* Inconslusive MTU probe */ 2363 /* Inconslusive MTU probe */
2363 if (icsk->icsk_mtup.probe_size) { 2364 if (icsk->icsk_mtup.probe_size) {
@@ -2421,11 +2422,15 @@ int __tcp_retransmit_skb(struct sock *sk, struct sk_buff *skb)
2421 skb_headroom(skb) >= 0xFFFF)) { 2422 skb_headroom(skb) >= 0xFFFF)) {
2422 struct sk_buff *nskb = __pskb_copy(skb, MAX_TCP_HEADER, 2423 struct sk_buff *nskb = __pskb_copy(skb, MAX_TCP_HEADER,
2423 GFP_ATOMIC); 2424 GFP_ATOMIC);
2424 return nskb ? tcp_transmit_skb(sk, nskb, 0, GFP_ATOMIC) : 2425 err = nskb ? tcp_transmit_skb(sk, nskb, 0, GFP_ATOMIC) :
2425 -ENOBUFS; 2426 -ENOBUFS;
2426 } else { 2427 } else {
2427 return tcp_transmit_skb(sk, skb, 1, GFP_ATOMIC); 2428 err = tcp_transmit_skb(sk, skb, 1, GFP_ATOMIC);
2428 } 2429 }
2430
2431 if (likely(!err))
2432 TCP_SKB_CB(skb)->sacked |= TCPCB_EVER_RETRANS;
2433 return err;
2429} 2434}
2430 2435
2431int tcp_retransmit_skb(struct sock *sk, struct sk_buff *skb) 2436int tcp_retransmit_skb(struct sock *sk, struct sk_buff *skb)
@@ -2930,7 +2935,12 @@ static int tcp_send_syn_data(struct sock *sk, struct sk_buff *syn)
2930 space = __tcp_mtu_to_mss(sk, inet_csk(sk)->icsk_pmtu_cookie) - 2935 space = __tcp_mtu_to_mss(sk, inet_csk(sk)->icsk_pmtu_cookie) -
2931 MAX_TCP_OPTION_SPACE; 2936 MAX_TCP_OPTION_SPACE;
2932 2937
2933 syn_data = skb_copy_expand(syn, skb_headroom(syn), space, 2938 space = min_t(size_t, space, fo->size);
2939
2940 /* limit to order-0 allocations */
2941 space = min_t(size_t, space, SKB_MAX_HEAD(MAX_TCP_HEADER));
2942
2943 syn_data = skb_copy_expand(syn, MAX_TCP_HEADER, space,
2934 sk->sk_allocation); 2944 sk->sk_allocation);
2935 if (syn_data == NULL) 2945 if (syn_data == NULL)
2936 goto fallback; 2946 goto fallback;
diff --git a/net/ipv6/Kconfig b/net/ipv6/Kconfig
index d92e5586783e..438a73aa777c 100644
--- a/net/ipv6/Kconfig
+++ b/net/ipv6/Kconfig
@@ -138,6 +138,7 @@ config INET6_XFRM_MODE_ROUTEOPTIMIZATION
138config IPV6_VTI 138config IPV6_VTI
139tristate "Virtual (secure) IPv6: tunneling" 139tristate "Virtual (secure) IPv6: tunneling"
140 select IPV6_TUNNEL 140 select IPV6_TUNNEL
141 select NET_IP_TUNNEL
141 depends on INET6_XFRM_MODE_TUNNEL 142 depends on INET6_XFRM_MODE_TUNNEL
142 ---help--- 143 ---help---
143 Tunneling means encapsulating data of one protocol type within 144 Tunneling means encapsulating data of one protocol type within
diff --git a/net/ipv6/exthdrs_core.c b/net/ipv6/exthdrs_core.c
index 140748debc4a..8af3eb57f438 100644
--- a/net/ipv6/exthdrs_core.c
+++ b/net/ipv6/exthdrs_core.c
@@ -212,7 +212,7 @@ int ipv6_find_hdr(const struct sk_buff *skb, unsigned int *offset,
212 found = (nexthdr == target); 212 found = (nexthdr == target);
213 213
214 if ((!ipv6_ext_hdr(nexthdr)) || nexthdr == NEXTHDR_NONE) { 214 if ((!ipv6_ext_hdr(nexthdr)) || nexthdr == NEXTHDR_NONE) {
215 if (target < 0) 215 if (target < 0 || found)
216 break; 216 break;
217 return -ENOENT; 217 return -ENOENT;
218 } 218 }
diff --git a/net/ipv6/ip6_offload.c b/net/ipv6/ip6_offload.c
index 1e8683b135bb..59f95affceb0 100644
--- a/net/ipv6/ip6_offload.c
+++ b/net/ipv6/ip6_offload.c
@@ -89,7 +89,7 @@ static struct sk_buff *ipv6_gso_segment(struct sk_buff *skb,
89 unsigned int unfrag_ip6hlen; 89 unsigned int unfrag_ip6hlen;
90 u8 *prevhdr; 90 u8 *prevhdr;
91 int offset = 0; 91 int offset = 0;
92 bool tunnel; 92 bool encap, udpfrag;
93 int nhoff; 93 int nhoff;
94 94
95 if (unlikely(skb_shinfo(skb)->gso_type & 95 if (unlikely(skb_shinfo(skb)->gso_type &
@@ -110,8 +110,8 @@ static struct sk_buff *ipv6_gso_segment(struct sk_buff *skb,
110 if (unlikely(!pskb_may_pull(skb, sizeof(*ipv6h)))) 110 if (unlikely(!pskb_may_pull(skb, sizeof(*ipv6h))))
111 goto out; 111 goto out;
112 112
113 tunnel = SKB_GSO_CB(skb)->encap_level > 0; 113 encap = SKB_GSO_CB(skb)->encap_level > 0;
114 if (tunnel) 114 if (encap)
115 features = skb->dev->hw_enc_features & netif_skb_features(skb); 115 features = skb->dev->hw_enc_features & netif_skb_features(skb);
116 SKB_GSO_CB(skb)->encap_level += sizeof(*ipv6h); 116 SKB_GSO_CB(skb)->encap_level += sizeof(*ipv6h);
117 117
@@ -121,6 +121,12 @@ static struct sk_buff *ipv6_gso_segment(struct sk_buff *skb,
121 121
122 proto = ipv6_gso_pull_exthdrs(skb, ipv6h->nexthdr); 122 proto = ipv6_gso_pull_exthdrs(skb, ipv6h->nexthdr);
123 123
124 if (skb->encapsulation &&
125 skb_shinfo(skb)->gso_type & (SKB_GSO_SIT|SKB_GSO_IPIP))
126 udpfrag = proto == IPPROTO_UDP && encap;
127 else
128 udpfrag = proto == IPPROTO_UDP && !skb->encapsulation;
129
124 ops = rcu_dereference(inet6_offloads[proto]); 130 ops = rcu_dereference(inet6_offloads[proto]);
125 if (likely(ops && ops->callbacks.gso_segment)) { 131 if (likely(ops && ops->callbacks.gso_segment)) {
126 skb_reset_transport_header(skb); 132 skb_reset_transport_header(skb);
@@ -133,13 +139,9 @@ static struct sk_buff *ipv6_gso_segment(struct sk_buff *skb,
133 for (skb = segs; skb; skb = skb->next) { 139 for (skb = segs; skb; skb = skb->next) {
134 ipv6h = (struct ipv6hdr *)(skb_mac_header(skb) + nhoff); 140 ipv6h = (struct ipv6hdr *)(skb_mac_header(skb) + nhoff);
135 ipv6h->payload_len = htons(skb->len - nhoff - sizeof(*ipv6h)); 141 ipv6h->payload_len = htons(skb->len - nhoff - sizeof(*ipv6h));
136 if (tunnel) {
137 skb_reset_inner_headers(skb);
138 skb->encapsulation = 1;
139 }
140 skb->network_header = (u8 *)ipv6h - skb->head; 142 skb->network_header = (u8 *)ipv6h - skb->head;
141 143
142 if (!tunnel && proto == IPPROTO_UDP) { 144 if (udpfrag) {
143 unfrag_ip6hlen = ip6_find_1stfragopt(skb, &prevhdr); 145 unfrag_ip6hlen = ip6_find_1stfragopt(skb, &prevhdr);
144 fptr = (struct frag_hdr *)((u8 *)ipv6h + unfrag_ip6hlen); 146 fptr = (struct frag_hdr *)((u8 *)ipv6h + unfrag_ip6hlen);
145 fptr->frag_off = htons(offset); 147 fptr->frag_off = htons(offset);
@@ -148,6 +150,8 @@ static struct sk_buff *ipv6_gso_segment(struct sk_buff *skb,
148 offset += (ntohs(ipv6h->payload_len) - 150 offset += (ntohs(ipv6h->payload_len) -
149 sizeof(struct frag_hdr)); 151 sizeof(struct frag_hdr));
150 } 152 }
153 if (encap)
154 skb_reset_inner_headers(skb);
151 } 155 }
152 156
153out: 157out:
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index be1b7f5a3a54..2bc10701182b 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -530,9 +530,6 @@ static void ip6_copy_metadata(struct sk_buff *to, struct sk_buff *from)
530 to->tc_index = from->tc_index; 530 to->tc_index = from->tc_index;
531#endif 531#endif
532 nf_copy(to, from); 532 nf_copy(to, from);
533#if IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TRACE)
534 to->nf_trace = from->nf_trace;
535#endif
536 skb_copy_secmark(to, from); 533 skb_copy_secmark(to, from);
537} 534}
538 535
diff --git a/net/ipv6/ping.c b/net/ipv6/ping.c
index fb9beb78f00b..587bbdcb22b4 100644
--- a/net/ipv6/ping.c
+++ b/net/ipv6/ping.c
@@ -135,6 +135,7 @@ int ping_v6_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
135 fl6.flowi6_proto = IPPROTO_ICMPV6; 135 fl6.flowi6_proto = IPPROTO_ICMPV6;
136 fl6.saddr = np->saddr; 136 fl6.saddr = np->saddr;
137 fl6.daddr = *daddr; 137 fl6.daddr = *daddr;
138 fl6.flowi6_mark = sk->sk_mark;
138 fl6.fl6_icmp_type = user_icmph.icmp6_type; 139 fl6.fl6_icmp_type = user_icmph.icmp6_type;
139 fl6.fl6_icmp_code = user_icmph.icmp6_code; 140 fl6.fl6_icmp_code = user_icmph.icmp6_code;
140 security_sk_classify_flow(sk, flowi6_to_flowi(&fl6)); 141 security_sk_classify_flow(sk, flowi6_to_flowi(&fl6));
diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c
index 958027be0e94..1693c8d885f0 100644
--- a/net/ipv6/sit.c
+++ b/net/ipv6/sit.c
@@ -475,6 +475,7 @@ static void ipip6_tunnel_uninit(struct net_device *dev)
475 ipip6_tunnel_unlink(sitn, tunnel); 475 ipip6_tunnel_unlink(sitn, tunnel);
476 ipip6_tunnel_del_prl(tunnel, NULL); 476 ipip6_tunnel_del_prl(tunnel, NULL);
477 } 477 }
478 ip_tunnel_dst_reset_all(tunnel);
478 dev_put(dev); 479 dev_put(dev);
479} 480}
480 481
@@ -1082,6 +1083,7 @@ static void ipip6_tunnel_update(struct ip_tunnel *t, struct ip_tunnel_parm *p)
1082 t->parms.link = p->link; 1083 t->parms.link = p->link;
1083 ipip6_tunnel_bind_dev(t->dev); 1084 ipip6_tunnel_bind_dev(t->dev);
1084 } 1085 }
1086 ip_tunnel_dst_reset_all(t);
1085 netdev_state_change(t->dev); 1087 netdev_state_change(t->dev);
1086} 1088}
1087 1089
@@ -1112,6 +1114,7 @@ static int ipip6_tunnel_update_6rd(struct ip_tunnel *t,
1112 t->ip6rd.relay_prefix = relay_prefix; 1114 t->ip6rd.relay_prefix = relay_prefix;
1113 t->ip6rd.prefixlen = ip6rd->prefixlen; 1115 t->ip6rd.prefixlen = ip6rd->prefixlen;
1114 t->ip6rd.relay_prefixlen = ip6rd->relay_prefixlen; 1116 t->ip6rd.relay_prefixlen = ip6rd->relay_prefixlen;
1117 ip_tunnel_dst_reset_all(t);
1115 netdev_state_change(t->dev); 1118 netdev_state_change(t->dev);
1116 return 0; 1119 return 0;
1117} 1120}
@@ -1271,6 +1274,7 @@ ipip6_tunnel_ioctl (struct net_device *dev, struct ifreq *ifr, int cmd)
1271 err = ipip6_tunnel_add_prl(t, &prl, cmd == SIOCCHGPRL); 1274 err = ipip6_tunnel_add_prl(t, &prl, cmd == SIOCCHGPRL);
1272 break; 1275 break;
1273 } 1276 }
1277 ip_tunnel_dst_reset_all(t);
1274 netdev_state_change(dev); 1278 netdev_state_change(dev);
1275 break; 1279 break;
1276 1280
@@ -1326,6 +1330,9 @@ static const struct net_device_ops ipip6_netdev_ops = {
1326 1330
1327static void ipip6_dev_free(struct net_device *dev) 1331static void ipip6_dev_free(struct net_device *dev)
1328{ 1332{
1333 struct ip_tunnel *tunnel = netdev_priv(dev);
1334
1335 free_percpu(tunnel->dst_cache);
1329 free_percpu(dev->tstats); 1336 free_percpu(dev->tstats);
1330 free_netdev(dev); 1337 free_netdev(dev);
1331} 1338}
@@ -1368,6 +1375,12 @@ static int ipip6_tunnel_init(struct net_device *dev)
1368 if (!dev->tstats) 1375 if (!dev->tstats)
1369 return -ENOMEM; 1376 return -ENOMEM;
1370 1377
1378 tunnel->dst_cache = alloc_percpu(struct ip_tunnel_dst);
1379 if (!tunnel->dst_cache) {
1380 free_percpu(dev->tstats);
1381 return -ENOMEM;
1382 }
1383
1371 return 0; 1384 return 0;
1372} 1385}
1373 1386
@@ -1391,6 +1404,12 @@ static int __net_init ipip6_fb_tunnel_init(struct net_device *dev)
1391 if (!dev->tstats) 1404 if (!dev->tstats)
1392 return -ENOMEM; 1405 return -ENOMEM;
1393 1406
1407 tunnel->dst_cache = alloc_percpu(struct ip_tunnel_dst);
1408 if (!tunnel->dst_cache) {
1409 free_percpu(dev->tstats);
1410 return -ENOMEM;
1411 }
1412
1394 dev_hold(dev); 1413 dev_hold(dev);
1395 rcu_assign_pointer(sitn->tunnels_wc[0], tunnel); 1414 rcu_assign_pointer(sitn->tunnels_wc[0], tunnel);
1396 return 0; 1415 return 0;
diff --git a/net/ipv6/udp_offload.c b/net/ipv6/udp_offload.c
index e7359f9eaa8d..b261ee8b83fc 100644
--- a/net/ipv6/udp_offload.c
+++ b/net/ipv6/udp_offload.c
@@ -113,7 +113,7 @@ static struct sk_buff *udp6_ufo_fragment(struct sk_buff *skb,
113 fptr = (struct frag_hdr *)(skb_network_header(skb) + unfrag_ip6hlen); 113 fptr = (struct frag_hdr *)(skb_network_header(skb) + unfrag_ip6hlen);
114 fptr->nexthdr = nexthdr; 114 fptr->nexthdr = nexthdr;
115 fptr->reserved = 0; 115 fptr->reserved = 0;
116 ipv6_select_ident(fptr, (struct rt6_info *)skb_dst(skb)); 116 fptr->identification = skb_shinfo(skb)->ip6_frag_id;
117 117
118 /* Fragment the skb. ipv6 header and the remaining fields of the 118 /* Fragment the skb. ipv6 header and the remaining fields of the
119 * fragment header are updated in ipv6_gso_segment() 119 * fragment header are updated in ipv6_gso_segment()
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index 0014b5396ce5..906e211b1dd1 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -1698,14 +1698,8 @@ void ieee80211_stop_queue_by_reason(struct ieee80211_hw *hw, int queue,
1698void ieee80211_propagate_queue_wake(struct ieee80211_local *local, int queue); 1698void ieee80211_propagate_queue_wake(struct ieee80211_local *local, int queue);
1699void ieee80211_add_pending_skb(struct ieee80211_local *local, 1699void ieee80211_add_pending_skb(struct ieee80211_local *local,
1700 struct sk_buff *skb); 1700 struct sk_buff *skb);
1701void ieee80211_add_pending_skbs_fn(struct ieee80211_local *local, 1701void ieee80211_add_pending_skbs(struct ieee80211_local *local,
1702 struct sk_buff_head *skbs, 1702 struct sk_buff_head *skbs);
1703 void (*fn)(void *data), void *data);
1704static inline void ieee80211_add_pending_skbs(struct ieee80211_local *local,
1705 struct sk_buff_head *skbs)
1706{
1707 ieee80211_add_pending_skbs_fn(local, skbs, NULL, NULL);
1708}
1709void ieee80211_flush_queues(struct ieee80211_local *local, 1703void ieee80211_flush_queues(struct ieee80211_local *local,
1710 struct ieee80211_sub_if_data *sdata); 1704 struct ieee80211_sub_if_data *sdata);
1711 1705
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index 61604834b914..4bc227550f25 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -222,6 +222,7 @@ ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata,
222 switch (vht_oper->chan_width) { 222 switch (vht_oper->chan_width) {
223 case IEEE80211_VHT_CHANWIDTH_USE_HT: 223 case IEEE80211_VHT_CHANWIDTH_USE_HT:
224 vht_chandef.width = chandef->width; 224 vht_chandef.width = chandef->width;
225 vht_chandef.center_freq1 = chandef->center_freq1;
225 break; 226 break;
226 case IEEE80211_VHT_CHANWIDTH_80MHZ: 227 case IEEE80211_VHT_CHANWIDTH_80MHZ:
227 vht_chandef.width = NL80211_CHAN_WIDTH_80; 228 vht_chandef.width = NL80211_CHAN_WIDTH_80;
@@ -271,6 +272,28 @@ ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata,
271 ret = 0; 272 ret = 0;
272 273
273out: 274out:
275 /*
276 * When tracking the current AP, don't do any further checks if the
277 * new chandef is identical to the one we're currently using for the
278 * connection. This keeps us from playing ping-pong with regulatory,
279 * without it the following can happen (for example):
280 * - connect to an AP with 80 MHz, world regdom allows 80 MHz
281 * - AP advertises regdom US
282 * - CRDA loads regdom US with 80 MHz prohibited (old database)
283 * - the code below detects an unsupported channel, downgrades, and
284 * we disconnect from the AP in the caller
285 * - disconnect causes CRDA to reload world regdomain and the game
286 * starts anew.
287 * (see https://bugzilla.kernel.org/show_bug.cgi?id=70881)
288 *
289 * It seems possible that there are still scenarios with CSA or real
290 * bandwidth changes where a this could happen, but those cases are
291 * less common and wouldn't completely prevent using the AP.
292 */
293 if (tracking &&
294 cfg80211_chandef_identical(chandef, &sdata->vif.bss_conf.chandef))
295 return ret;
296
274 /* don't print the message below for VHT mismatch if VHT is disabled */ 297 /* don't print the message below for VHT mismatch if VHT is disabled */
275 if (ret & IEEE80211_STA_DISABLE_VHT) 298 if (ret & IEEE80211_STA_DISABLE_VHT)
276 vht_chandef = *chandef; 299 vht_chandef = *chandef;
@@ -3792,6 +3815,7 @@ static int ieee80211_prep_connection(struct ieee80211_sub_if_data *sdata,
3792 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf); 3815 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
3793 if (WARN_ON(!chanctx_conf)) { 3816 if (WARN_ON(!chanctx_conf)) {
3794 rcu_read_unlock(); 3817 rcu_read_unlock();
3818 sta_info_free(local, new_sta);
3795 return -EINVAL; 3819 return -EINVAL;
3796 } 3820 }
3797 rate_flags = ieee80211_chandef_rate_flags(&chanctx_conf->def); 3821 rate_flags = ieee80211_chandef_rate_flags(&chanctx_conf->def);
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 593062109c50..282440216a87 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -1092,6 +1092,13 @@ static void sta_ps_end(struct sta_info *sta)
1092 sta->sta.addr, sta->sta.aid); 1092 sta->sta.addr, sta->sta.aid);
1093 1093
1094 if (test_sta_flag(sta, WLAN_STA_PS_DRIVER)) { 1094 if (test_sta_flag(sta, WLAN_STA_PS_DRIVER)) {
1095 /*
1096 * Clear the flag only if the other one is still set
1097 * so that the TX path won't start TX'ing new frames
1098 * directly ... In the case that the driver flag isn't
1099 * set ieee80211_sta_ps_deliver_wakeup() will clear it.
1100 */
1101 clear_sta_flag(sta, WLAN_STA_PS_STA);
1095 ps_dbg(sta->sdata, "STA %pM aid %d driver-ps-blocked\n", 1102 ps_dbg(sta->sdata, "STA %pM aid %d driver-ps-blocked\n",
1096 sta->sta.addr, sta->sta.aid); 1103 sta->sta.addr, sta->sta.aid);
1097 return; 1104 return;
diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c
index decd30c1e290..a023b432143b 100644
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -91,7 +91,7 @@ static int sta_info_hash_del(struct ieee80211_local *local,
91 return -ENOENT; 91 return -ENOENT;
92} 92}
93 93
94static void cleanup_single_sta(struct sta_info *sta) 94static void __cleanup_single_sta(struct sta_info *sta)
95{ 95{
96 int ac, i; 96 int ac, i;
97 struct tid_ampdu_tx *tid_tx; 97 struct tid_ampdu_tx *tid_tx;
@@ -99,7 +99,8 @@ static void cleanup_single_sta(struct sta_info *sta)
99 struct ieee80211_local *local = sdata->local; 99 struct ieee80211_local *local = sdata->local;
100 struct ps_data *ps; 100 struct ps_data *ps;
101 101
102 if (test_sta_flag(sta, WLAN_STA_PS_STA)) { 102 if (test_sta_flag(sta, WLAN_STA_PS_STA) ||
103 test_sta_flag(sta, WLAN_STA_PS_DRIVER)) {
103 if (sta->sdata->vif.type == NL80211_IFTYPE_AP || 104 if (sta->sdata->vif.type == NL80211_IFTYPE_AP ||
104 sta->sdata->vif.type == NL80211_IFTYPE_AP_VLAN) 105 sta->sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
105 ps = &sdata->bss->ps; 106 ps = &sdata->bss->ps;
@@ -109,6 +110,7 @@ static void cleanup_single_sta(struct sta_info *sta)
109 return; 110 return;
110 111
111 clear_sta_flag(sta, WLAN_STA_PS_STA); 112 clear_sta_flag(sta, WLAN_STA_PS_STA);
113 clear_sta_flag(sta, WLAN_STA_PS_DRIVER);
112 114
113 atomic_dec(&ps->num_sta_ps); 115 atomic_dec(&ps->num_sta_ps);
114 sta_info_recalc_tim(sta); 116 sta_info_recalc_tim(sta);
@@ -139,7 +141,14 @@ static void cleanup_single_sta(struct sta_info *sta)
139 ieee80211_purge_tx_queue(&local->hw, &tid_tx->pending); 141 ieee80211_purge_tx_queue(&local->hw, &tid_tx->pending);
140 kfree(tid_tx); 142 kfree(tid_tx);
141 } 143 }
144}
142 145
146static void cleanup_single_sta(struct sta_info *sta)
147{
148 struct ieee80211_sub_if_data *sdata = sta->sdata;
149 struct ieee80211_local *local = sdata->local;
150
151 __cleanup_single_sta(sta);
143 sta_info_free(local, sta); 152 sta_info_free(local, sta);
144} 153}
145 154
@@ -330,6 +339,7 @@ struct sta_info *sta_info_alloc(struct ieee80211_sub_if_data *sdata,
330 rcu_read_unlock(); 339 rcu_read_unlock();
331 340
332 spin_lock_init(&sta->lock); 341 spin_lock_init(&sta->lock);
342 spin_lock_init(&sta->ps_lock);
333 INIT_WORK(&sta->drv_unblock_wk, sta_unblock); 343 INIT_WORK(&sta->drv_unblock_wk, sta_unblock);
334 INIT_WORK(&sta->ampdu_mlme.work, ieee80211_ba_session_work); 344 INIT_WORK(&sta->ampdu_mlme.work, ieee80211_ba_session_work);
335 mutex_init(&sta->ampdu_mlme.mtx); 345 mutex_init(&sta->ampdu_mlme.mtx);
@@ -487,21 +497,26 @@ static int sta_info_insert_finish(struct sta_info *sta) __acquires(RCU)
487 goto out_err; 497 goto out_err;
488 } 498 }
489 499
490 /* notify driver */
491 err = sta_info_insert_drv_state(local, sdata, sta);
492 if (err)
493 goto out_err;
494
495 local->num_sta++; 500 local->num_sta++;
496 local->sta_generation++; 501 local->sta_generation++;
497 smp_mb(); 502 smp_mb();
498 503
504 /* simplify things and don't accept BA sessions yet */
505 set_sta_flag(sta, WLAN_STA_BLOCK_BA);
506
499 /* make the station visible */ 507 /* make the station visible */
500 sta_info_hash_add(local, sta); 508 sta_info_hash_add(local, sta);
501 509
502 list_add_rcu(&sta->list, &local->sta_list); 510 list_add_rcu(&sta->list, &local->sta_list);
503 511
512 /* notify driver */
513 err = sta_info_insert_drv_state(local, sdata, sta);
514 if (err)
515 goto out_remove;
516
504 set_sta_flag(sta, WLAN_STA_INSERTED); 517 set_sta_flag(sta, WLAN_STA_INSERTED);
518 /* accept BA sessions now */
519 clear_sta_flag(sta, WLAN_STA_BLOCK_BA);
505 520
506 ieee80211_recalc_min_chandef(sdata); 521 ieee80211_recalc_min_chandef(sdata);
507 ieee80211_sta_debugfs_add(sta); 522 ieee80211_sta_debugfs_add(sta);
@@ -522,6 +537,12 @@ static int sta_info_insert_finish(struct sta_info *sta) __acquires(RCU)
522 mesh_accept_plinks_update(sdata); 537 mesh_accept_plinks_update(sdata);
523 538
524 return 0; 539 return 0;
540 out_remove:
541 sta_info_hash_del(local, sta);
542 list_del_rcu(&sta->list);
543 local->num_sta--;
544 synchronize_net();
545 __cleanup_single_sta(sta);
525 out_err: 546 out_err:
526 mutex_unlock(&local->sta_mtx); 547 mutex_unlock(&local->sta_mtx);
527 rcu_read_lock(); 548 rcu_read_lock();
@@ -1071,10 +1092,14 @@ struct ieee80211_sta *ieee80211_find_sta(struct ieee80211_vif *vif,
1071} 1092}
1072EXPORT_SYMBOL(ieee80211_find_sta); 1093EXPORT_SYMBOL(ieee80211_find_sta);
1073 1094
1074static void clear_sta_ps_flags(void *_sta) 1095/* powersave support code */
1096void ieee80211_sta_ps_deliver_wakeup(struct sta_info *sta)
1075{ 1097{
1076 struct sta_info *sta = _sta;
1077 struct ieee80211_sub_if_data *sdata = sta->sdata; 1098 struct ieee80211_sub_if_data *sdata = sta->sdata;
1099 struct ieee80211_local *local = sdata->local;
1100 struct sk_buff_head pending;
1101 int filtered = 0, buffered = 0, ac;
1102 unsigned long flags;
1078 struct ps_data *ps; 1103 struct ps_data *ps;
1079 1104
1080 if (sdata->vif.type == NL80211_IFTYPE_AP || 1105 if (sdata->vif.type == NL80211_IFTYPE_AP ||
@@ -1085,20 +1110,6 @@ static void clear_sta_ps_flags(void *_sta)
1085 else 1110 else
1086 return; 1111 return;
1087 1112
1088 clear_sta_flag(sta, WLAN_STA_PS_DRIVER);
1089 if (test_and_clear_sta_flag(sta, WLAN_STA_PS_STA))
1090 atomic_dec(&ps->num_sta_ps);
1091}
1092
1093/* powersave support code */
1094void ieee80211_sta_ps_deliver_wakeup(struct sta_info *sta)
1095{
1096 struct ieee80211_sub_if_data *sdata = sta->sdata;
1097 struct ieee80211_local *local = sdata->local;
1098 struct sk_buff_head pending;
1099 int filtered = 0, buffered = 0, ac;
1100 unsigned long flags;
1101
1102 clear_sta_flag(sta, WLAN_STA_SP); 1113 clear_sta_flag(sta, WLAN_STA_SP);
1103 1114
1104 BUILD_BUG_ON(BITS_TO_LONGS(IEEE80211_NUM_TIDS) > 1); 1115 BUILD_BUG_ON(BITS_TO_LONGS(IEEE80211_NUM_TIDS) > 1);
@@ -1109,6 +1120,8 @@ void ieee80211_sta_ps_deliver_wakeup(struct sta_info *sta)
1109 1120
1110 skb_queue_head_init(&pending); 1121 skb_queue_head_init(&pending);
1111 1122
1123 /* sync with ieee80211_tx_h_unicast_ps_buf */
1124 spin_lock(&sta->ps_lock);
1112 /* Send all buffered frames to the station */ 1125 /* Send all buffered frames to the station */
1113 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) { 1126 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
1114 int count = skb_queue_len(&pending), tmp; 1127 int count = skb_queue_len(&pending), tmp;
@@ -1127,7 +1140,12 @@ void ieee80211_sta_ps_deliver_wakeup(struct sta_info *sta)
1127 buffered += tmp - count; 1140 buffered += tmp - count;
1128 } 1141 }
1129 1142
1130 ieee80211_add_pending_skbs_fn(local, &pending, clear_sta_ps_flags, sta); 1143 ieee80211_add_pending_skbs(local, &pending);
1144 clear_sta_flag(sta, WLAN_STA_PS_DRIVER);
1145 clear_sta_flag(sta, WLAN_STA_PS_STA);
1146 spin_unlock(&sta->ps_lock);
1147
1148 atomic_dec(&ps->num_sta_ps);
1131 1149
1132 /* This station just woke up and isn't aware of our SMPS state */ 1150 /* This station just woke up and isn't aware of our SMPS state */
1133 if (!ieee80211_smps_is_restrictive(sta->known_smps_mode, 1151 if (!ieee80211_smps_is_restrictive(sta->known_smps_mode,
diff --git a/net/mac80211/sta_info.h b/net/mac80211/sta_info.h
index d4d85de0d75d..4acc5fc402fa 100644
--- a/net/mac80211/sta_info.h
+++ b/net/mac80211/sta_info.h
@@ -268,6 +268,7 @@ struct ieee80211_tx_latency_stat {
268 * @drv_unblock_wk: used for driver PS unblocking 268 * @drv_unblock_wk: used for driver PS unblocking
269 * @listen_interval: listen interval of this station, when we're acting as AP 269 * @listen_interval: listen interval of this station, when we're acting as AP
270 * @_flags: STA flags, see &enum ieee80211_sta_info_flags, do not use directly 270 * @_flags: STA flags, see &enum ieee80211_sta_info_flags, do not use directly
271 * @ps_lock: used for powersave (when mac80211 is the AP) related locking
271 * @ps_tx_buf: buffers (per AC) of frames to transmit to this station 272 * @ps_tx_buf: buffers (per AC) of frames to transmit to this station
272 * when it leaves power saving state or polls 273 * when it leaves power saving state or polls
273 * @tx_filtered: buffers (per AC) of frames we already tried to 274 * @tx_filtered: buffers (per AC) of frames we already tried to
@@ -357,10 +358,8 @@ struct sta_info {
357 /* use the accessors defined below */ 358 /* use the accessors defined below */
358 unsigned long _flags; 359 unsigned long _flags;
359 360
360 /* 361 /* STA powersave lock and frame queues */
361 * STA powersave frame queues, no more than the internal 362 spinlock_t ps_lock;
362 * locking required.
363 */
364 struct sk_buff_head ps_tx_buf[IEEE80211_NUM_ACS]; 363 struct sk_buff_head ps_tx_buf[IEEE80211_NUM_ACS];
365 struct sk_buff_head tx_filtered[IEEE80211_NUM_ACS]; 364 struct sk_buff_head tx_filtered[IEEE80211_NUM_ACS];
366 unsigned long driver_buffered_tids; 365 unsigned long driver_buffered_tids;
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index 722151fa5dce..cd9f80498c48 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -477,6 +477,20 @@ ieee80211_tx_h_unicast_ps_buf(struct ieee80211_tx_data *tx)
477 sta->sta.addr, sta->sta.aid, ac); 477 sta->sta.addr, sta->sta.aid, ac);
478 if (tx->local->total_ps_buffered >= TOTAL_MAX_TX_BUFFER) 478 if (tx->local->total_ps_buffered >= TOTAL_MAX_TX_BUFFER)
479 purge_old_ps_buffers(tx->local); 479 purge_old_ps_buffers(tx->local);
480
481 /* sync with ieee80211_sta_ps_deliver_wakeup */
482 spin_lock(&sta->ps_lock);
483 /*
484 * STA woke up the meantime and all the frames on ps_tx_buf have
485 * been queued to pending queue. No reordering can happen, go
486 * ahead and Tx the packet.
487 */
488 if (!test_sta_flag(sta, WLAN_STA_PS_STA) &&
489 !test_sta_flag(sta, WLAN_STA_PS_DRIVER)) {
490 spin_unlock(&sta->ps_lock);
491 return TX_CONTINUE;
492 }
493
480 if (skb_queue_len(&sta->ps_tx_buf[ac]) >= STA_MAX_TX_BUFFER) { 494 if (skb_queue_len(&sta->ps_tx_buf[ac]) >= STA_MAX_TX_BUFFER) {
481 struct sk_buff *old = skb_dequeue(&sta->ps_tx_buf[ac]); 495 struct sk_buff *old = skb_dequeue(&sta->ps_tx_buf[ac]);
482 ps_dbg(tx->sdata, 496 ps_dbg(tx->sdata,
@@ -491,6 +505,7 @@ ieee80211_tx_h_unicast_ps_buf(struct ieee80211_tx_data *tx)
491 info->flags |= IEEE80211_TX_INTFL_NEED_TXPROCESSING; 505 info->flags |= IEEE80211_TX_INTFL_NEED_TXPROCESSING;
492 info->flags &= ~IEEE80211_TX_TEMPORARY_FLAGS; 506 info->flags &= ~IEEE80211_TX_TEMPORARY_FLAGS;
493 skb_queue_tail(&sta->ps_tx_buf[ac], tx->skb); 507 skb_queue_tail(&sta->ps_tx_buf[ac], tx->skb);
508 spin_unlock(&sta->ps_lock);
494 509
495 if (!timer_pending(&local->sta_cleanup)) 510 if (!timer_pending(&local->sta_cleanup))
496 mod_timer(&local->sta_cleanup, 511 mod_timer(&local->sta_cleanup,
diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index d842af5c8a95..275c94f995f7 100644
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -435,9 +435,8 @@ void ieee80211_add_pending_skb(struct ieee80211_local *local,
435 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); 435 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
436} 436}
437 437
438void ieee80211_add_pending_skbs_fn(struct ieee80211_local *local, 438void ieee80211_add_pending_skbs(struct ieee80211_local *local,
439 struct sk_buff_head *skbs, 439 struct sk_buff_head *skbs)
440 void (*fn)(void *data), void *data)
441{ 440{
442 struct ieee80211_hw *hw = &local->hw; 441 struct ieee80211_hw *hw = &local->hw;
443 struct sk_buff *skb; 442 struct sk_buff *skb;
@@ -461,9 +460,6 @@ void ieee80211_add_pending_skbs_fn(struct ieee80211_local *local,
461 __skb_queue_tail(&local->pending[queue], skb); 460 __skb_queue_tail(&local->pending[queue], skb);
462 } 461 }
463 462
464 if (fn)
465 fn(data);
466
467 for (i = 0; i < hw->queues; i++) 463 for (i = 0; i < hw->queues; i++)
468 __ieee80211_wake_queue(hw, i, 464 __ieee80211_wake_queue(hw, i,
469 IEEE80211_QUEUE_STOP_REASON_SKB_ADD); 465 IEEE80211_QUEUE_STOP_REASON_SKB_ADD);
@@ -1767,6 +1763,26 @@ int ieee80211_reconfig(struct ieee80211_local *local)
1767 IEEE80211_QUEUE_STOP_REASON_SUSPEND); 1763 IEEE80211_QUEUE_STOP_REASON_SUSPEND);
1768 1764
1769 /* 1765 /*
1766 * Reconfigure sched scan if it was interrupted by FW restart or
1767 * suspend.
1768 */
1769 mutex_lock(&local->mtx);
1770 sched_scan_sdata = rcu_dereference_protected(local->sched_scan_sdata,
1771 lockdep_is_held(&local->mtx));
1772 if (sched_scan_sdata && local->sched_scan_req)
1773 /*
1774 * Sched scan stopped, but we don't want to report it. Instead,
1775 * we're trying to reschedule.
1776 */
1777 if (__ieee80211_request_sched_scan_start(sched_scan_sdata,
1778 local->sched_scan_req))
1779 sched_scan_stopped = true;
1780 mutex_unlock(&local->mtx);
1781
1782 if (sched_scan_stopped)
1783 cfg80211_sched_scan_stopped(local->hw.wiphy);
1784
1785 /*
1770 * If this is for hw restart things are still running. 1786 * If this is for hw restart things are still running.
1771 * We may want to change that later, however. 1787 * We may want to change that later, however.
1772 */ 1788 */
@@ -1794,26 +1810,6 @@ int ieee80211_reconfig(struct ieee80211_local *local)
1794 WARN_ON(1); 1810 WARN_ON(1);
1795#endif 1811#endif
1796 1812
1797 /*
1798 * Reconfigure sched scan if it was interrupted by FW restart or
1799 * suspend.
1800 */
1801 mutex_lock(&local->mtx);
1802 sched_scan_sdata = rcu_dereference_protected(local->sched_scan_sdata,
1803 lockdep_is_held(&local->mtx));
1804 if (sched_scan_sdata && local->sched_scan_req)
1805 /*
1806 * Sched scan stopped, but we don't want to report it. Instead,
1807 * we're trying to reschedule.
1808 */
1809 if (__ieee80211_request_sched_scan_start(sched_scan_sdata,
1810 local->sched_scan_req))
1811 sched_scan_stopped = true;
1812 mutex_unlock(&local->mtx);
1813
1814 if (sched_scan_stopped)
1815 cfg80211_sched_scan_stopped(local->hw.wiphy);
1816
1817 return 0; 1813 return 0;
1818} 1814}
1819 1815
diff --git a/net/mac80211/wme.c b/net/mac80211/wme.c
index 21211c60ca98..d51422c778de 100644
--- a/net/mac80211/wme.c
+++ b/net/mac80211/wme.c
@@ -154,6 +154,11 @@ u16 ieee80211_select_queue(struct ieee80211_sub_if_data *sdata,
154 return IEEE80211_AC_BE; 154 return IEEE80211_AC_BE;
155 } 155 }
156 156
157 if (skb->protocol == sdata->control_port_protocol) {
158 skb->priority = 7;
159 return ieee80211_downgrade_queue(sdata, skb);
160 }
161
157 /* use the data classifier to determine what 802.1d tag the 162 /* use the data classifier to determine what 802.1d tag the
158 * data frame has */ 163 * data frame has */
159 rcu_read_lock(); 164 rcu_read_lock();
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index bb322d0beb48..b9f0e0374322 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -1310,27 +1310,22 @@ ctnetlink_change_status(struct nf_conn *ct, const struct nlattr * const cda[])
1310} 1310}
1311 1311
1312static int 1312static int
1313ctnetlink_change_nat(struct nf_conn *ct, const struct nlattr * const cda[]) 1313ctnetlink_setup_nat(struct nf_conn *ct, const struct nlattr * const cda[])
1314{ 1314{
1315#ifdef CONFIG_NF_NAT_NEEDED 1315#ifdef CONFIG_NF_NAT_NEEDED
1316 int ret; 1316 int ret;
1317 1317
1318 if (cda[CTA_NAT_DST]) { 1318 ret = ctnetlink_parse_nat_setup(ct, NF_NAT_MANIP_DST,
1319 ret = ctnetlink_parse_nat_setup(ct, 1319 cda[CTA_NAT_DST]);
1320 NF_NAT_MANIP_DST, 1320 if (ret < 0)
1321 cda[CTA_NAT_DST]); 1321 return ret;
1322 if (ret < 0) 1322
1323 return ret; 1323 ret = ctnetlink_parse_nat_setup(ct, NF_NAT_MANIP_SRC,
1324 } 1324 cda[CTA_NAT_SRC]);
1325 if (cda[CTA_NAT_SRC]) { 1325 return ret;
1326 ret = ctnetlink_parse_nat_setup(ct,
1327 NF_NAT_MANIP_SRC,
1328 cda[CTA_NAT_SRC]);
1329 if (ret < 0)
1330 return ret;
1331 }
1332 return 0;
1333#else 1326#else
1327 if (!cda[CTA_NAT_DST] && !cda[CTA_NAT_SRC])
1328 return 0;
1334 return -EOPNOTSUPP; 1329 return -EOPNOTSUPP;
1335#endif 1330#endif
1336} 1331}
@@ -1659,11 +1654,9 @@ ctnetlink_create_conntrack(struct net *net, u16 zone,
1659 goto err2; 1654 goto err2;
1660 } 1655 }
1661 1656
1662 if (cda[CTA_NAT_SRC] || cda[CTA_NAT_DST]) { 1657 err = ctnetlink_setup_nat(ct, cda);
1663 err = ctnetlink_change_nat(ct, cda); 1658 if (err < 0)
1664 if (err < 0) 1659 goto err2;
1665 goto err2;
1666 }
1667 1660
1668 nf_ct_acct_ext_add(ct, GFP_ATOMIC); 1661 nf_ct_acct_ext_add(ct, GFP_ATOMIC);
1669 nf_ct_tstamp_ext_add(ct, GFP_ATOMIC); 1662 nf_ct_tstamp_ext_add(ct, GFP_ATOMIC);
diff --git a/net/netfilter/nf_nat_core.c b/net/netfilter/nf_nat_core.c
index d3f5cd6dd962..52ca952b802c 100644
--- a/net/netfilter/nf_nat_core.c
+++ b/net/netfilter/nf_nat_core.c
@@ -432,15 +432,15 @@ nf_nat_setup_info(struct nf_conn *ct,
432} 432}
433EXPORT_SYMBOL(nf_nat_setup_info); 433EXPORT_SYMBOL(nf_nat_setup_info);
434 434
435unsigned int 435static unsigned int
436nf_nat_alloc_null_binding(struct nf_conn *ct, unsigned int hooknum) 436__nf_nat_alloc_null_binding(struct nf_conn *ct, enum nf_nat_manip_type manip)
437{ 437{
438 /* Force range to this IP; let proto decide mapping for 438 /* Force range to this IP; let proto decide mapping for
439 * per-proto parts (hence not IP_NAT_RANGE_PROTO_SPECIFIED). 439 * per-proto parts (hence not IP_NAT_RANGE_PROTO_SPECIFIED).
440 * Use reply in case it's already been mangled (eg local packet). 440 * Use reply in case it's already been mangled (eg local packet).
441 */ 441 */
442 union nf_inet_addr ip = 442 union nf_inet_addr ip =
443 (HOOK2MANIP(hooknum) == NF_NAT_MANIP_SRC ? 443 (manip == NF_NAT_MANIP_SRC ?
444 ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u3 : 444 ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u3 :
445 ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.u3); 445 ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.u3);
446 struct nf_nat_range range = { 446 struct nf_nat_range range = {
@@ -448,7 +448,13 @@ nf_nat_alloc_null_binding(struct nf_conn *ct, unsigned int hooknum)
448 .min_addr = ip, 448 .min_addr = ip,
449 .max_addr = ip, 449 .max_addr = ip,
450 }; 450 };
451 return nf_nat_setup_info(ct, &range, HOOK2MANIP(hooknum)); 451 return nf_nat_setup_info(ct, &range, manip);
452}
453
454unsigned int
455nf_nat_alloc_null_binding(struct nf_conn *ct, unsigned int hooknum)
456{
457 return __nf_nat_alloc_null_binding(ct, HOOK2MANIP(hooknum));
452} 458}
453EXPORT_SYMBOL_GPL(nf_nat_alloc_null_binding); 459EXPORT_SYMBOL_GPL(nf_nat_alloc_null_binding);
454 460
@@ -702,9 +708,9 @@ static const struct nla_policy nat_nla_policy[CTA_NAT_MAX+1] = {
702 708
703static int 709static int
704nfnetlink_parse_nat(const struct nlattr *nat, 710nfnetlink_parse_nat(const struct nlattr *nat,
705 const struct nf_conn *ct, struct nf_nat_range *range) 711 const struct nf_conn *ct, struct nf_nat_range *range,
712 const struct nf_nat_l3proto *l3proto)
706{ 713{
707 const struct nf_nat_l3proto *l3proto;
708 struct nlattr *tb[CTA_NAT_MAX+1]; 714 struct nlattr *tb[CTA_NAT_MAX+1];
709 int err; 715 int err;
710 716
@@ -714,38 +720,46 @@ nfnetlink_parse_nat(const struct nlattr *nat,
714 if (err < 0) 720 if (err < 0)
715 return err; 721 return err;
716 722
717 rcu_read_lock();
718 l3proto = __nf_nat_l3proto_find(nf_ct_l3num(ct));
719 if (l3proto == NULL) {
720 err = -EAGAIN;
721 goto out;
722 }
723 err = l3proto->nlattr_to_range(tb, range); 723 err = l3proto->nlattr_to_range(tb, range);
724 if (err < 0) 724 if (err < 0)
725 goto out; 725 return err;
726 726
727 if (!tb[CTA_NAT_PROTO]) 727 if (!tb[CTA_NAT_PROTO])
728 goto out; 728 return 0;
729 729
730 err = nfnetlink_parse_nat_proto(tb[CTA_NAT_PROTO], ct, range); 730 return nfnetlink_parse_nat_proto(tb[CTA_NAT_PROTO], ct, range);
731out:
732 rcu_read_unlock();
733 return err;
734} 731}
735 732
733/* This function is called under rcu_read_lock() */
736static int 734static int
737nfnetlink_parse_nat_setup(struct nf_conn *ct, 735nfnetlink_parse_nat_setup(struct nf_conn *ct,
738 enum nf_nat_manip_type manip, 736 enum nf_nat_manip_type manip,
739 const struct nlattr *attr) 737 const struct nlattr *attr)
740{ 738{
741 struct nf_nat_range range; 739 struct nf_nat_range range;
740 const struct nf_nat_l3proto *l3proto;
742 int err; 741 int err;
743 742
744 err = nfnetlink_parse_nat(attr, ct, &range); 743 /* Should not happen, restricted to creating new conntracks
744 * via ctnetlink.
745 */
746 if (WARN_ON_ONCE(nf_nat_initialized(ct, manip)))
747 return -EEXIST;
748
749 /* Make sure that L3 NAT is there by when we call nf_nat_setup_info to
750 * attach the null binding, otherwise this may oops.
751 */
752 l3proto = __nf_nat_l3proto_find(nf_ct_l3num(ct));
753 if (l3proto == NULL)
754 return -EAGAIN;
755
756 /* No NAT information has been passed, allocate the null-binding */
757 if (attr == NULL)
758 return __nf_nat_alloc_null_binding(ct, manip);
759
760 err = nfnetlink_parse_nat(attr, ct, &range, l3proto);
745 if (err < 0) 761 if (err < 0)
746 return err; 762 return err;
747 if (nf_nat_initialized(ct, manip))
748 return -EEXIST;
749 763
750 return nf_nat_setup_info(ct, &range, manip); 764 return nf_nat_setup_info(ct, &range, manip);
751} 765}
diff --git a/net/netfilter/nft_meta.c b/net/netfilter/nft_meta.c
index e8254ad2e5a9..425cf39af890 100644
--- a/net/netfilter/nft_meta.c
+++ b/net/netfilter/nft_meta.c
@@ -116,7 +116,7 @@ static void nft_meta_get_eval(const struct nft_expr *expr,
116 skb->sk->sk_socket->file->f_cred->fsgid); 116 skb->sk->sk_socket->file->f_cred->fsgid);
117 read_unlock_bh(&skb->sk->sk_callback_lock); 117 read_unlock_bh(&skb->sk->sk_callback_lock);
118 break; 118 break;
119#ifdef CONFIG_NET_CLS_ROUTE 119#ifdef CONFIG_IP_ROUTE_CLASSID
120 case NFT_META_RTCLASSID: { 120 case NFT_META_RTCLASSID: {
121 const struct dst_entry *dst = skb_dst(skb); 121 const struct dst_entry *dst = skb_dst(skb);
122 122
@@ -199,7 +199,7 @@ static int nft_meta_init_validate_get(uint32_t key)
199 case NFT_META_OIFTYPE: 199 case NFT_META_OIFTYPE:
200 case NFT_META_SKUID: 200 case NFT_META_SKUID:
201 case NFT_META_SKGID: 201 case NFT_META_SKGID:
202#ifdef CONFIG_NET_CLS_ROUTE 202#ifdef CONFIG_IP_ROUTE_CLASSID
203 case NFT_META_RTCLASSID: 203 case NFT_META_RTCLASSID:
204#endif 204#endif
205#ifdef CONFIG_NETWORK_SECMARK 205#ifdef CONFIG_NETWORK_SECMARK
diff --git a/net/netfilter/nft_payload.c b/net/netfilter/nft_payload.c
index a2aeb318678f..85daa84bfdfe 100644
--- a/net/netfilter/nft_payload.c
+++ b/net/netfilter/nft_payload.c
@@ -135,7 +135,8 @@ nft_payload_select_ops(const struct nft_ctx *ctx,
135 if (len == 0 || len > FIELD_SIZEOF(struct nft_data, data)) 135 if (len == 0 || len > FIELD_SIZEOF(struct nft_data, data))
136 return ERR_PTR(-EINVAL); 136 return ERR_PTR(-EINVAL);
137 137
138 if (len <= 4 && IS_ALIGNED(offset, len) && base != NFT_PAYLOAD_LL_HEADER) 138 if (len <= 4 && is_power_of_2(len) && IS_ALIGNED(offset, len) &&
139 base != NFT_PAYLOAD_LL_HEADER)
139 return &nft_payload_fast_ops; 140 return &nft_payload_fast_ops;
140 else 141 else
141 return &nft_payload_ops; 142 return &nft_payload_ops;
diff --git a/net/netfilter/nft_reject_inet.c b/net/netfilter/nft_reject_inet.c
index 8a310f239c93..b718a52a4654 100644
--- a/net/netfilter/nft_reject_inet.c
+++ b/net/netfilter/nft_reject_inet.c
@@ -21,9 +21,9 @@ static void nft_reject_inet_eval(const struct nft_expr *expr,
21{ 21{
22 switch (pkt->ops->pf) { 22 switch (pkt->ops->pf) {
23 case NFPROTO_IPV4: 23 case NFPROTO_IPV4:
24 nft_reject_ipv4_eval(expr, data, pkt); 24 return nft_reject_ipv4_eval(expr, data, pkt);
25 case NFPROTO_IPV6: 25 case NFPROTO_IPV6:
26 nft_reject_ipv6_eval(expr, data, pkt); 26 return nft_reject_ipv6_eval(expr, data, pkt);
27 } 27 }
28} 28}
29 29
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index e42214b932c3..9db8bab27fa2 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -1489,8 +1489,8 @@ static int netlink_connect(struct socket *sock, struct sockaddr *addr,
1489 if (addr->sa_family != AF_NETLINK) 1489 if (addr->sa_family != AF_NETLINK)
1490 return -EINVAL; 1490 return -EINVAL;
1491 1491
1492 /* Only superuser is allowed to send multicasts */ 1492 if ((nladdr->nl_groups || nladdr->nl_pid) &&
1493 if (nladdr->nl_groups && !netlink_capable(sock, NL_CFG_F_NONROOT_SEND)) 1493 !netlink_capable(sock, NL_CFG_F_NONROOT_SEND))
1494 return -EPERM; 1494 return -EPERM;
1495 1495
1496 if (!nlk->portid) 1496 if (!nlk->portid)
diff --git a/net/nfc/nci/core.c b/net/nfc/nci/core.c
index 46bda010bf11..56db888b1cd5 100644
--- a/net/nfc/nci/core.c
+++ b/net/nfc/nci/core.c
@@ -301,7 +301,7 @@ static int nci_open_device(struct nci_dev *ndev)
301 rc = __nci_request(ndev, nci_reset_req, 0, 301 rc = __nci_request(ndev, nci_reset_req, 0,
302 msecs_to_jiffies(NCI_RESET_TIMEOUT)); 302 msecs_to_jiffies(NCI_RESET_TIMEOUT));
303 303
304 if (ndev->ops->setup(ndev)) 304 if (ndev->ops->setup)
305 ndev->ops->setup(ndev); 305 ndev->ops->setup(ndev);
306 306
307 if (!rc) { 307 if (!rc) {
diff --git a/net/sched/sch_tbf.c b/net/sched/sch_tbf.c
index 0893161b0262..87a02bfa707b 100644
--- a/net/sched/sch_tbf.c
+++ b/net/sched/sch_tbf.c
@@ -338,18 +338,6 @@ static int tbf_change(struct Qdisc *sch, struct nlattr *opt)
338 qdisc_put_rtab(qdisc_get_rtab(&qopt->peakrate, 338 qdisc_put_rtab(qdisc_get_rtab(&qopt->peakrate,
339 tb[TCA_TBF_PTAB])); 339 tb[TCA_TBF_PTAB]));
340 340
341 if (q->qdisc != &noop_qdisc) {
342 err = fifo_set_limit(q->qdisc, qopt->limit);
343 if (err)
344 goto done;
345 } else if (qopt->limit > 0) {
346 child = fifo_create_dflt(sch, &bfifo_qdisc_ops, qopt->limit);
347 if (IS_ERR(child)) {
348 err = PTR_ERR(child);
349 goto done;
350 }
351 }
352
353 buffer = min_t(u64, PSCHED_TICKS2NS(qopt->buffer), ~0U); 341 buffer = min_t(u64, PSCHED_TICKS2NS(qopt->buffer), ~0U);
354 mtu = min_t(u64, PSCHED_TICKS2NS(qopt->mtu), ~0U); 342 mtu = min_t(u64, PSCHED_TICKS2NS(qopt->mtu), ~0U);
355 343
@@ -396,6 +384,18 @@ static int tbf_change(struct Qdisc *sch, struct nlattr *opt)
396 goto done; 384 goto done;
397 } 385 }
398 386
387 if (q->qdisc != &noop_qdisc) {
388 err = fifo_set_limit(q->qdisc, qopt->limit);
389 if (err)
390 goto done;
391 } else if (qopt->limit > 0) {
392 child = fifo_create_dflt(sch, &bfifo_qdisc_ops, qopt->limit);
393 if (IS_ERR(child)) {
394 err = PTR_ERR(child);
395 goto done;
396 }
397 }
398
399 sch_tree_lock(sch); 399 sch_tree_lock(sch);
400 if (child) { 400 if (child) {
401 qdisc_tree_decrease_qlen(q->qdisc, q->qdisc->q.qlen); 401 qdisc_tree_decrease_qlen(q->qdisc, q->qdisc->q.qlen);
diff --git a/net/sctp/associola.c b/net/sctp/associola.c
index f558433537b8..ee13d28d39d1 100644
--- a/net/sctp/associola.c
+++ b/net/sctp/associola.c
@@ -1239,78 +1239,107 @@ void sctp_assoc_update(struct sctp_association *asoc,
1239} 1239}
1240 1240
1241/* Update the retran path for sending a retransmitted packet. 1241/* Update the retran path for sending a retransmitted packet.
1242 * Round-robin through the active transports, else round-robin 1242 * See also RFC4960, 6.4. Multi-Homed SCTP Endpoints:
1243 * through the inactive transports as this is the next best thing 1243 *
1244 * we can try. 1244 * When there is outbound data to send and the primary path
1245 * becomes inactive (e.g., due to failures), or where the
1246 * SCTP user explicitly requests to send data to an
1247 * inactive destination transport address, before reporting
1248 * an error to its ULP, the SCTP endpoint should try to send
1249 * the data to an alternate active destination transport
1250 * address if one exists.
1251 *
1252 * When retransmitting data that timed out, if the endpoint
1253 * is multihomed, it should consider each source-destination
1254 * address pair in its retransmission selection policy.
1255 * When retransmitting timed-out data, the endpoint should
1256 * attempt to pick the most divergent source-destination
1257 * pair from the original source-destination pair to which
1258 * the packet was transmitted.
1259 *
1260 * Note: Rules for picking the most divergent source-destination
1261 * pair are an implementation decision and are not specified
1262 * within this document.
1263 *
1264 * Our basic strategy is to round-robin transports in priorities
1265 * according to sctp_state_prio_map[] e.g., if no such
1266 * transport with state SCTP_ACTIVE exists, round-robin through
1267 * SCTP_UNKNOWN, etc. You get the picture.
1245 */ 1268 */
1246void sctp_assoc_update_retran_path(struct sctp_association *asoc) 1269static const u8 sctp_trans_state_to_prio_map[] = {
1270 [SCTP_ACTIVE] = 3, /* best case */
1271 [SCTP_UNKNOWN] = 2,
1272 [SCTP_PF] = 1,
1273 [SCTP_INACTIVE] = 0, /* worst case */
1274};
1275
1276static u8 sctp_trans_score(const struct sctp_transport *trans)
1247{ 1277{
1248 struct sctp_transport *t, *next; 1278 return sctp_trans_state_to_prio_map[trans->state];
1249 struct list_head *head = &asoc->peer.transport_addr_list; 1279}
1250 struct list_head *pos;
1251 1280
1252 if (asoc->peer.transport_count == 1) 1281static struct sctp_transport *sctp_trans_elect_best(struct sctp_transport *curr,
1253 return; 1282 struct sctp_transport *best)
1283{
1284 if (best == NULL)
1285 return curr;
1254 1286
1255 /* Find the next transport in a round-robin fashion. */ 1287 return sctp_trans_score(curr) > sctp_trans_score(best) ? curr : best;
1256 t = asoc->peer.retran_path; 1288}
1257 pos = &t->transports;
1258 next = NULL;
1259 1289
1260 while (1) { 1290void sctp_assoc_update_retran_path(struct sctp_association *asoc)
1261 /* Skip the head. */ 1291{
1262 if (pos->next == head) 1292 struct sctp_transport *trans = asoc->peer.retran_path;
1263 pos = head->next; 1293 struct sctp_transport *trans_next = NULL;
1264 else
1265 pos = pos->next;
1266 1294
1267 t = list_entry(pos, struct sctp_transport, transports); 1295 /* We're done as we only have the one and only path. */
1296 if (asoc->peer.transport_count == 1)
1297 return;
1298 /* If active_path and retran_path are the same and active,
1299 * then this is the only active path. Use it.
1300 */
1301 if (asoc->peer.active_path == asoc->peer.retran_path &&
1302 asoc->peer.active_path->state == SCTP_ACTIVE)
1303 return;
1268 1304
1269 /* We have exhausted the list, but didn't find any 1305 /* Iterate from retran_path's successor back to retran_path. */
1270 * other active transports. If so, use the next 1306 for (trans = list_next_entry(trans, transports); 1;
1271 * transport. 1307 trans = list_next_entry(trans, transports)) {
1272 */ 1308 /* Manually skip the head element. */
1273 if (t == asoc->peer.retran_path) { 1309 if (&trans->transports == &asoc->peer.transport_addr_list)
1274 t = next; 1310 continue;
1311 if (trans->state == SCTP_UNCONFIRMED)
1312 continue;
1313 trans_next = sctp_trans_elect_best(trans, trans_next);
1314 /* Active is good enough for immediate return. */
1315 if (trans_next->state == SCTP_ACTIVE)
1275 break; 1316 break;
1276 } 1317 /* We've reached the end, time to update path. */
1277 1318 if (trans == asoc->peer.retran_path)
1278 /* Try to find an active transport. */
1279
1280 if ((t->state == SCTP_ACTIVE) ||
1281 (t->state == SCTP_UNKNOWN)) {
1282 break; 1319 break;
1283 } else {
1284 /* Keep track of the next transport in case
1285 * we don't find any active transport.
1286 */
1287 if (t->state != SCTP_UNCONFIRMED && !next)
1288 next = t;
1289 }
1290 } 1320 }
1291 1321
1292 if (t) 1322 if (trans_next != NULL)
1293 asoc->peer.retran_path = t; 1323 asoc->peer.retran_path = trans_next;
1294 else
1295 t = asoc->peer.retran_path;
1296 1324
1297 pr_debug("%s: association:%p addr:%pISpc\n", __func__, asoc, 1325 pr_debug("%s: association:%p updated new path to addr:%pISpc\n",
1298 &t->ipaddr.sa); 1326 __func__, asoc, &asoc->peer.retran_path->ipaddr.sa);
1299} 1327}
1300 1328
1301/* Choose the transport for sending retransmit packet. */ 1329struct sctp_transport *
1302struct sctp_transport *sctp_assoc_choose_alter_transport( 1330sctp_assoc_choose_alter_transport(struct sctp_association *asoc,
1303 struct sctp_association *asoc, struct sctp_transport *last_sent_to) 1331 struct sctp_transport *last_sent_to)
1304{ 1332{
1305 /* If this is the first time packet is sent, use the active path, 1333 /* If this is the first time packet is sent, use the active path,
1306 * else use the retran path. If the last packet was sent over the 1334 * else use the retran path. If the last packet was sent over the
1307 * retran path, update the retran path and use it. 1335 * retran path, update the retran path and use it.
1308 */ 1336 */
1309 if (!last_sent_to) 1337 if (last_sent_to == NULL) {
1310 return asoc->peer.active_path; 1338 return asoc->peer.active_path;
1311 else { 1339 } else {
1312 if (last_sent_to == asoc->peer.retran_path) 1340 if (last_sent_to == asoc->peer.retran_path)
1313 sctp_assoc_update_retran_path(asoc); 1341 sctp_assoc_update_retran_path(asoc);
1342
1314 return asoc->peer.retran_path; 1343 return asoc->peer.retran_path;
1315 } 1344 }
1316} 1345}
diff --git a/net/sctp/sm_sideeffect.c b/net/sctp/sm_sideeffect.c
index bd859154000e..5d6883ff00c3 100644
--- a/net/sctp/sm_sideeffect.c
+++ b/net/sctp/sm_sideeffect.c
@@ -495,11 +495,12 @@ static void sctp_do_8_2_transport_strike(sctp_cmd_seq_t *commands,
495 } 495 }
496 496
497 /* If the transport error count is greater than the pf_retrans 497 /* If the transport error count is greater than the pf_retrans
498 * threshold, and less than pathmaxrtx, then mark this transport 498 * threshold, and less than pathmaxrtx, and if the current state
499 * as Partially Failed, ee SCTP Quick Failover Draft, secon 5.1, 499 * is not SCTP_UNCONFIRMED, then mark this transport as Partially
500 * point 1 500 * Failed, see SCTP Quick Failover Draft, section 5.1
501 */ 501 */
502 if ((transport->state != SCTP_PF) && 502 if ((transport->state != SCTP_PF) &&
503 (transport->state != SCTP_UNCONFIRMED) &&
503 (asoc->pf_retrans < transport->pathmaxrxt) && 504 (asoc->pf_retrans < transport->pathmaxrxt) &&
504 (transport->error_count > asoc->pf_retrans)) { 505 (transport->error_count > asoc->pf_retrans)) {
505 506
diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
index 591b44d3b7de..ae65b6b5973a 100644
--- a/net/sctp/sm_statefuns.c
+++ b/net/sctp/sm_statefuns.c
@@ -758,6 +758,13 @@ sctp_disposition_t sctp_sf_do_5_1D_ce(struct net *net,
758 struct sctp_chunk auth; 758 struct sctp_chunk auth;
759 sctp_ierror_t ret; 759 sctp_ierror_t ret;
760 760
761 /* Make sure that we and the peer are AUTH capable */
762 if (!net->sctp.auth_enable || !new_asoc->peer.auth_capable) {
763 kfree_skb(chunk->auth_chunk);
764 sctp_association_free(new_asoc);
765 return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands);
766 }
767
761 /* set-up our fake chunk so that we can process it */ 768 /* set-up our fake chunk so that we can process it */
762 auth.skb = chunk->auth_chunk; 769 auth.skb = chunk->auth_chunk;
763 auth.asoc = chunk->asoc; 770 auth.asoc = chunk->asoc;
diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
index 6c0513a7f992..36e431ee1c90 100644
--- a/net/sunrpc/auth_gss/auth_gss.c
+++ b/net/sunrpc/auth_gss/auth_gss.c
@@ -108,6 +108,7 @@ struct gss_auth {
108static DEFINE_SPINLOCK(pipe_version_lock); 108static DEFINE_SPINLOCK(pipe_version_lock);
109static struct rpc_wait_queue pipe_version_rpc_waitqueue; 109static struct rpc_wait_queue pipe_version_rpc_waitqueue;
110static DECLARE_WAIT_QUEUE_HEAD(pipe_version_waitqueue); 110static DECLARE_WAIT_QUEUE_HEAD(pipe_version_waitqueue);
111static void gss_put_auth(struct gss_auth *gss_auth);
111 112
112static void gss_free_ctx(struct gss_cl_ctx *); 113static void gss_free_ctx(struct gss_cl_ctx *);
113static const struct rpc_pipe_ops gss_upcall_ops_v0; 114static const struct rpc_pipe_ops gss_upcall_ops_v0;
@@ -320,6 +321,7 @@ gss_release_msg(struct gss_upcall_msg *gss_msg)
320 if (gss_msg->ctx != NULL) 321 if (gss_msg->ctx != NULL)
321 gss_put_ctx(gss_msg->ctx); 322 gss_put_ctx(gss_msg->ctx);
322 rpc_destroy_wait_queue(&gss_msg->rpc_waitqueue); 323 rpc_destroy_wait_queue(&gss_msg->rpc_waitqueue);
324 gss_put_auth(gss_msg->auth);
323 kfree(gss_msg); 325 kfree(gss_msg);
324} 326}
325 327
@@ -498,9 +500,12 @@ gss_alloc_msg(struct gss_auth *gss_auth,
498 default: 500 default:
499 err = gss_encode_v1_msg(gss_msg, service_name, gss_auth->target_name); 501 err = gss_encode_v1_msg(gss_msg, service_name, gss_auth->target_name);
500 if (err) 502 if (err)
501 goto err_free_msg; 503 goto err_put_pipe_version;
502 }; 504 };
505 kref_get(&gss_auth->kref);
503 return gss_msg; 506 return gss_msg;
507err_put_pipe_version:
508 put_pipe_version(gss_auth->net);
504err_free_msg: 509err_free_msg:
505 kfree(gss_msg); 510 kfree(gss_msg);
506err: 511err:
@@ -991,6 +996,8 @@ gss_create_new(struct rpc_auth_create_args *args, struct rpc_clnt *clnt)
991 gss_auth->service = gss_pseudoflavor_to_service(gss_auth->mech, flavor); 996 gss_auth->service = gss_pseudoflavor_to_service(gss_auth->mech, flavor);
992 if (gss_auth->service == 0) 997 if (gss_auth->service == 0)
993 goto err_put_mech; 998 goto err_put_mech;
999 if (!gssd_running(gss_auth->net))
1000 goto err_put_mech;
994 auth = &gss_auth->rpc_auth; 1001 auth = &gss_auth->rpc_auth;
995 auth->au_cslack = GSS_CRED_SLACK >> 2; 1002 auth->au_cslack = GSS_CRED_SLACK >> 2;
996 auth->au_rslack = GSS_VERF_SLACK >> 2; 1003 auth->au_rslack = GSS_VERF_SLACK >> 2;
@@ -1062,6 +1069,12 @@ gss_free_callback(struct kref *kref)
1062} 1069}
1063 1070
1064static void 1071static void
1072gss_put_auth(struct gss_auth *gss_auth)
1073{
1074 kref_put(&gss_auth->kref, gss_free_callback);
1075}
1076
1077static void
1065gss_destroy(struct rpc_auth *auth) 1078gss_destroy(struct rpc_auth *auth)
1066{ 1079{
1067 struct gss_auth *gss_auth = container_of(auth, 1080 struct gss_auth *gss_auth = container_of(auth,
@@ -1082,7 +1095,7 @@ gss_destroy(struct rpc_auth *auth)
1082 gss_auth->gss_pipe[1] = NULL; 1095 gss_auth->gss_pipe[1] = NULL;
1083 rpcauth_destroy_credcache(auth); 1096 rpcauth_destroy_credcache(auth);
1084 1097
1085 kref_put(&gss_auth->kref, gss_free_callback); 1098 gss_put_auth(gss_auth);
1086} 1099}
1087 1100
1088/* 1101/*
@@ -1253,7 +1266,7 @@ gss_destroy_nullcred(struct rpc_cred *cred)
1253 call_rcu(&cred->cr_rcu, gss_free_cred_callback); 1266 call_rcu(&cred->cr_rcu, gss_free_cred_callback);
1254 if (ctx) 1267 if (ctx)
1255 gss_put_ctx(ctx); 1268 gss_put_ctx(ctx);
1256 kref_put(&gss_auth->kref, gss_free_callback); 1269 gss_put_auth(gss_auth);
1257} 1270}
1258 1271
1259static void 1272static void
diff --git a/net/sunrpc/backchannel_rqst.c b/net/sunrpc/backchannel_rqst.c
index 890a29912d5a..e860d4f7ed2a 100644
--- a/net/sunrpc/backchannel_rqst.c
+++ b/net/sunrpc/backchannel_rqst.c
@@ -64,7 +64,6 @@ static void xprt_free_allocation(struct rpc_rqst *req)
64 free_page((unsigned long)xbufp->head[0].iov_base); 64 free_page((unsigned long)xbufp->head[0].iov_base);
65 xbufp = &req->rq_snd_buf; 65 xbufp = &req->rq_snd_buf;
66 free_page((unsigned long)xbufp->head[0].iov_base); 66 free_page((unsigned long)xbufp->head[0].iov_base);
67 list_del(&req->rq_bc_pa_list);
68 kfree(req); 67 kfree(req);
69} 68}
70 69
@@ -168,8 +167,10 @@ out_free:
168 /* 167 /*
169 * Memory allocation failed, free the temporary list 168 * Memory allocation failed, free the temporary list
170 */ 169 */
171 list_for_each_entry_safe(req, tmp, &tmp_list, rq_bc_pa_list) 170 list_for_each_entry_safe(req, tmp, &tmp_list, rq_bc_pa_list) {
171 list_del(&req->rq_bc_pa_list);
172 xprt_free_allocation(req); 172 xprt_free_allocation(req);
173 }
173 174
174 dprintk("RPC: setup backchannel transport failed\n"); 175 dprintk("RPC: setup backchannel transport failed\n");
175 return -ENOMEM; 176 return -ENOMEM;
@@ -198,6 +199,7 @@ void xprt_destroy_backchannel(struct rpc_xprt *xprt, unsigned int max_reqs)
198 xprt_dec_alloc_count(xprt, max_reqs); 199 xprt_dec_alloc_count(xprt, max_reqs);
199 list_for_each_entry_safe(req, tmp, &xprt->bc_pa_list, rq_bc_pa_list) { 200 list_for_each_entry_safe(req, tmp, &xprt->bc_pa_list, rq_bc_pa_list) {
200 dprintk("RPC: req=%p\n", req); 201 dprintk("RPC: req=%p\n", req);
202 list_del(&req->rq_bc_pa_list);
201 xprt_free_allocation(req); 203 xprt_free_allocation(req);
202 if (--max_reqs == 0) 204 if (--max_reqs == 0)
203 break; 205 break;
diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c
index 817a1e523969..0addefca8e77 100644
--- a/net/sunrpc/xprtsock.c
+++ b/net/sunrpc/xprtsock.c
@@ -510,6 +510,7 @@ static int xs_nospace(struct rpc_task *task)
510 struct rpc_rqst *req = task->tk_rqstp; 510 struct rpc_rqst *req = task->tk_rqstp;
511 struct rpc_xprt *xprt = req->rq_xprt; 511 struct rpc_xprt *xprt = req->rq_xprt;
512 struct sock_xprt *transport = container_of(xprt, struct sock_xprt, xprt); 512 struct sock_xprt *transport = container_of(xprt, struct sock_xprt, xprt);
513 struct sock *sk = transport->inet;
513 int ret = -EAGAIN; 514 int ret = -EAGAIN;
514 515
515 dprintk("RPC: %5u xmit incomplete (%u left of %u)\n", 516 dprintk("RPC: %5u xmit incomplete (%u left of %u)\n",
@@ -527,7 +528,7 @@ static int xs_nospace(struct rpc_task *task)
527 * window size 528 * window size
528 */ 529 */
529 set_bit(SOCK_NOSPACE, &transport->sock->flags); 530 set_bit(SOCK_NOSPACE, &transport->sock->flags);
530 transport->inet->sk_write_pending++; 531 sk->sk_write_pending++;
531 /* ...and wait for more buffer space */ 532 /* ...and wait for more buffer space */
532 xprt_wait_for_buffer_space(task, xs_nospace_callback); 533 xprt_wait_for_buffer_space(task, xs_nospace_callback);
533 } 534 }
@@ -537,6 +538,9 @@ static int xs_nospace(struct rpc_task *task)
537 } 538 }
538 539
539 spin_unlock_bh(&xprt->transport_lock); 540 spin_unlock_bh(&xprt->transport_lock);
541
542 /* Race breaker in case memory is freed before above code is called */
543 sk->sk_write_space(sk);
540 return ret; 544 return ret;
541} 545}
542 546
diff --git a/net/tipc/bearer.c b/net/tipc/bearer.c
index 242cddd35a47..89c4c2d23ac0 100644
--- a/net/tipc/bearer.c
+++ b/net/tipc/bearer.c
@@ -586,8 +586,13 @@ static struct notifier_block notifier = {
586 586
587int tipc_bearer_setup(void) 587int tipc_bearer_setup(void)
588{ 588{
589 int err;
590
591 err = register_netdevice_notifier(&notifier);
592 if (err)
593 return err;
589 dev_add_pack(&tipc_packet_type); 594 dev_add_pack(&tipc_packet_type);
590 return register_netdevice_notifier(&notifier); 595 return 0;
591} 596}
592 597
593void tipc_bearer_cleanup(void) 598void tipc_bearer_cleanup(void)
diff --git a/net/tipc/config.c b/net/tipc/config.c
index c301a9a592d8..e74eef2e7490 100644
--- a/net/tipc/config.c
+++ b/net/tipc/config.c
@@ -181,7 +181,7 @@ static struct sk_buff *cfg_set_own_addr(void)
181 if (tipc_own_addr) 181 if (tipc_own_addr)
182 return tipc_cfg_reply_error_string(TIPC_CFG_NOT_SUPPORTED 182 return tipc_cfg_reply_error_string(TIPC_CFG_NOT_SUPPORTED
183 " (cannot change node address once assigned)"); 183 " (cannot change node address once assigned)");
184 tipc_core_start_net(addr); 184 tipc_net_start(addr);
185 return tipc_cfg_reply_none(); 185 return tipc_cfg_reply_none();
186} 186}
187 187
diff --git a/net/tipc/core.c b/net/tipc/core.c
index 3f76b98d2fed..e2491b341edb 100644
--- a/net/tipc/core.c
+++ b/net/tipc/core.c
@@ -77,37 +77,13 @@ struct sk_buff *tipc_buf_acquire(u32 size)
77} 77}
78 78
79/** 79/**
80 * tipc_core_stop_net - shut down TIPC networking sub-systems
81 */
82static void tipc_core_stop_net(void)
83{
84 tipc_net_stop();
85 tipc_bearer_cleanup();
86}
87
88/**
89 * start_net - start TIPC networking sub-systems
90 */
91int tipc_core_start_net(unsigned long addr)
92{
93 int res;
94
95 tipc_net_start(addr);
96 res = tipc_bearer_setup();
97 if (res < 0)
98 goto err;
99 return res;
100
101err:
102 tipc_core_stop_net();
103 return res;
104}
105
106/**
107 * tipc_core_stop - switch TIPC from SINGLE NODE to NOT RUNNING mode 80 * tipc_core_stop - switch TIPC from SINGLE NODE to NOT RUNNING mode
108 */ 81 */
109static void tipc_core_stop(void) 82static void tipc_core_stop(void)
110{ 83{
84 tipc_handler_stop();
85 tipc_net_stop();
86 tipc_bearer_cleanup();
111 tipc_netlink_stop(); 87 tipc_netlink_stop();
112 tipc_cfg_stop(); 88 tipc_cfg_stop();
113 tipc_subscr_stop(); 89 tipc_subscr_stop();
@@ -122,30 +98,65 @@ static void tipc_core_stop(void)
122 */ 98 */
123static int tipc_core_start(void) 99static int tipc_core_start(void)
124{ 100{
125 int res; 101 int err;
126 102
127 get_random_bytes(&tipc_random, sizeof(tipc_random)); 103 get_random_bytes(&tipc_random, sizeof(tipc_random));
128 104
129 res = tipc_handler_start(); 105 err = tipc_handler_start();
130 if (!res) 106 if (err)
131 res = tipc_ref_table_init(tipc_max_ports, tipc_random); 107 goto out_handler;
132 if (!res) 108
133 res = tipc_nametbl_init(); 109 err = tipc_ref_table_init(tipc_max_ports, tipc_random);
134 if (!res) 110 if (err)
135 res = tipc_netlink_start(); 111 goto out_reftbl;
136 if (!res) 112
137 res = tipc_socket_init(); 113 err = tipc_nametbl_init();
138 if (!res) 114 if (err)
139 res = tipc_register_sysctl(); 115 goto out_nametbl;
140 if (!res) 116
141 res = tipc_subscr_start(); 117 err = tipc_netlink_start();
142 if (!res) 118 if (err)
143 res = tipc_cfg_init(); 119 goto out_netlink;
144 if (res) { 120
145 tipc_handler_stop(); 121 err = tipc_socket_init();
146 tipc_core_stop(); 122 if (err)
147 } 123 goto out_socket;
148 return res; 124
125 err = tipc_register_sysctl();
126 if (err)
127 goto out_sysctl;
128
129 err = tipc_subscr_start();
130 if (err)
131 goto out_subscr;
132
133 err = tipc_cfg_init();
134 if (err)
135 goto out_cfg;
136
137 err = tipc_bearer_setup();
138 if (err)
139 goto out_bearer;
140
141 return 0;
142out_bearer:
143 tipc_cfg_stop();
144out_cfg:
145 tipc_subscr_stop();
146out_subscr:
147 tipc_unregister_sysctl();
148out_sysctl:
149 tipc_socket_stop();
150out_socket:
151 tipc_netlink_stop();
152out_netlink:
153 tipc_nametbl_stop();
154out_nametbl:
155 tipc_ref_table_stop();
156out_reftbl:
157 tipc_handler_stop();
158out_handler:
159 return err;
149} 160}
150 161
151static int __init tipc_init(void) 162static int __init tipc_init(void)
@@ -174,8 +185,6 @@ static int __init tipc_init(void)
174 185
175static void __exit tipc_exit(void) 186static void __exit tipc_exit(void)
176{ 187{
177 tipc_handler_stop();
178 tipc_core_stop_net();
179 tipc_core_stop(); 188 tipc_core_stop();
180 pr_info("Deactivated\n"); 189 pr_info("Deactivated\n");
181} 190}
diff --git a/net/tipc/core.h b/net/tipc/core.h
index 5569d96b4da3..4dfe137587bb 100644
--- a/net/tipc/core.h
+++ b/net/tipc/core.h
@@ -90,7 +90,6 @@ extern int tipc_random __read_mostly;
90/* 90/*
91 * Routines available to privileged subsystems 91 * Routines available to privileged subsystems
92 */ 92 */
93int tipc_core_start_net(unsigned long);
94int tipc_handler_start(void); 93int tipc_handler_start(void);
95void tipc_handler_stop(void); 94void tipc_handler_stop(void);
96int tipc_netlink_start(void); 95int tipc_netlink_start(void);
diff --git a/net/tipc/name_table.c b/net/tipc/name_table.c
index 92a1533af4e0..48302be175ce 100644
--- a/net/tipc/name_table.c
+++ b/net/tipc/name_table.c
@@ -945,9 +945,6 @@ void tipc_nametbl_stop(void)
945{ 945{
946 u32 i; 946 u32 i;
947 947
948 if (!table.types)
949 return;
950
951 /* Verify name table is empty, then release it */ 948 /* Verify name table is empty, then release it */
952 write_lock_bh(&tipc_nametbl_lock); 949 write_lock_bh(&tipc_nametbl_lock);
953 for (i = 0; i < TIPC_NAMETBL_SIZE; i++) { 950 for (i = 0; i < TIPC_NAMETBL_SIZE; i++) {
diff --git a/net/tipc/netlink.c b/net/tipc/netlink.c
index 9f72a6376362..3aaf73de9e2d 100644
--- a/net/tipc/netlink.c
+++ b/net/tipc/netlink.c
@@ -83,8 +83,6 @@ static struct genl_ops tipc_genl_ops[] = {
83 }, 83 },
84}; 84};
85 85
86static int tipc_genl_family_registered;
87
88int tipc_netlink_start(void) 86int tipc_netlink_start(void)
89{ 87{
90 int res; 88 int res;
@@ -94,16 +92,10 @@ int tipc_netlink_start(void)
94 pr_err("Failed to register netlink interface\n"); 92 pr_err("Failed to register netlink interface\n");
95 return res; 93 return res;
96 } 94 }
97
98 tipc_genl_family_registered = 1;
99 return 0; 95 return 0;
100} 96}
101 97
102void tipc_netlink_stop(void) 98void tipc_netlink_stop(void)
103{ 99{
104 if (!tipc_genl_family_registered)
105 return;
106
107 genl_unregister_family(&tipc_genl_family); 100 genl_unregister_family(&tipc_genl_family);
108 tipc_genl_family_registered = 0;
109} 101}
diff --git a/net/tipc/ref.c b/net/tipc/ref.c
index 2a2a938dc22c..de3d593e2fee 100644
--- a/net/tipc/ref.c
+++ b/net/tipc/ref.c
@@ -126,9 +126,6 @@ int tipc_ref_table_init(u32 requested_size, u32 start)
126 */ 126 */
127void tipc_ref_table_stop(void) 127void tipc_ref_table_stop(void)
128{ 128{
129 if (!tipc_ref_table.entries)
130 return;
131
132 vfree(tipc_ref_table.entries); 129 vfree(tipc_ref_table.entries);
133 tipc_ref_table.entries = NULL; 130 tipc_ref_table.entries = NULL;
134} 131}
diff --git a/net/tipc/server.c b/net/tipc/server.c
index b635ca347a87..373979789a73 100644
--- a/net/tipc/server.c
+++ b/net/tipc/server.c
@@ -573,7 +573,6 @@ int tipc_server_start(struct tipc_server *s)
573 kmem_cache_destroy(s->rcvbuf_cache); 573 kmem_cache_destroy(s->rcvbuf_cache);
574 return ret; 574 return ret;
575 } 575 }
576 s->enabled = 1;
577 return ret; 576 return ret;
578} 577}
579 578
@@ -583,10 +582,6 @@ void tipc_server_stop(struct tipc_server *s)
583 int total = 0; 582 int total = 0;
584 int id; 583 int id;
585 584
586 if (!s->enabled)
587 return;
588
589 s->enabled = 0;
590 spin_lock_bh(&s->idr_lock); 585 spin_lock_bh(&s->idr_lock);
591 for (id = 0; total < s->idr_in_use; id++) { 586 for (id = 0; total < s->idr_in_use; id++) {
592 con = idr_find(&s->conn_idr, id); 587 con = idr_find(&s->conn_idr, id);
diff --git a/net/tipc/server.h b/net/tipc/server.h
index 98b23f20bc0f..be817b0b547e 100644
--- a/net/tipc/server.h
+++ b/net/tipc/server.h
@@ -56,7 +56,6 @@
56 * @name: server name 56 * @name: server name
57 * @imp: message importance 57 * @imp: message importance
58 * @type: socket type 58 * @type: socket type
59 * @enabled: identify whether server is launched or not
60 */ 59 */
61struct tipc_server { 60struct tipc_server {
62 struct idr conn_idr; 61 struct idr conn_idr;
@@ -74,7 +73,6 @@ struct tipc_server {
74 const char name[TIPC_SERVER_NAME_LEN]; 73 const char name[TIPC_SERVER_NAME_LEN];
75 int imp; 74 int imp;
76 int type; 75 int type;
77 int enabled;
78}; 76};
79 77
80int tipc_conn_sendmsg(struct tipc_server *s, int conid, 78int tipc_conn_sendmsg(struct tipc_server *s, int conid,
diff --git a/net/tipc/socket.c b/net/tipc/socket.c
index fb885977bd2a..336e18d6cf46 100644
--- a/net/tipc/socket.c
+++ b/net/tipc/socket.c
@@ -70,8 +70,6 @@ static const struct proto_ops msg_ops;
70static struct proto tipc_proto; 70static struct proto tipc_proto;
71static struct proto tipc_proto_kern; 71static struct proto tipc_proto_kern;
72 72
73static int sockets_enabled;
74
75/* 73/*
76 * Revised TIPC socket locking policy: 74 * Revised TIPC socket locking policy:
77 * 75 *
@@ -2029,8 +2027,6 @@ int tipc_socket_init(void)
2029 proto_unregister(&tipc_proto); 2027 proto_unregister(&tipc_proto);
2030 goto out; 2028 goto out;
2031 } 2029 }
2032
2033 sockets_enabled = 1;
2034 out: 2030 out:
2035 return res; 2031 return res;
2036} 2032}
@@ -2040,10 +2036,6 @@ int tipc_socket_init(void)
2040 */ 2036 */
2041void tipc_socket_stop(void) 2037void tipc_socket_stop(void)
2042{ 2038{
2043 if (!sockets_enabled)
2044 return;
2045
2046 sockets_enabled = 0;
2047 sock_unregister(tipc_family_ops.family); 2039 sock_unregister(tipc_family_ops.family);
2048 proto_unregister(&tipc_proto); 2040 proto_unregister(&tipc_proto);
2049} 2041}
diff --git a/net/wireless/reg.c b/net/wireless/reg.c
index 27c5253e7a61..24c257cd706b 100644
--- a/net/wireless/reg.c
+++ b/net/wireless/reg.c
@@ -1788,7 +1788,7 @@ static void reg_process_hint(struct regulatory_request *reg_request)
1788 return; 1788 return;
1789 case NL80211_REGDOM_SET_BY_USER: 1789 case NL80211_REGDOM_SET_BY_USER:
1790 treatment = reg_process_hint_user(reg_request); 1790 treatment = reg_process_hint_user(reg_request);
1791 if (treatment == REG_REQ_OK || 1791 if (treatment == REG_REQ_IGNORE ||
1792 treatment == REG_REQ_ALREADY_SET) 1792 treatment == REG_REQ_ALREADY_SET)
1793 return; 1793 return;
1794 queue_delayed_work(system_power_efficient_wq, 1794 queue_delayed_work(system_power_efficient_wq,
@@ -2481,6 +2481,7 @@ static int reg_set_rd_country_ie(const struct ieee80211_regdomain *rd,
2481int set_regdom(const struct ieee80211_regdomain *rd) 2481int set_regdom(const struct ieee80211_regdomain *rd)
2482{ 2482{
2483 struct regulatory_request *lr; 2483 struct regulatory_request *lr;
2484 bool user_reset = false;
2484 int r; 2485 int r;
2485 2486
2486 if (!reg_is_valid_request(rd->alpha2)) { 2487 if (!reg_is_valid_request(rd->alpha2)) {
@@ -2497,6 +2498,7 @@ int set_regdom(const struct ieee80211_regdomain *rd)
2497 break; 2498 break;
2498 case NL80211_REGDOM_SET_BY_USER: 2499 case NL80211_REGDOM_SET_BY_USER:
2499 r = reg_set_rd_user(rd, lr); 2500 r = reg_set_rd_user(rd, lr);
2501 user_reset = true;
2500 break; 2502 break;
2501 case NL80211_REGDOM_SET_BY_DRIVER: 2503 case NL80211_REGDOM_SET_BY_DRIVER:
2502 r = reg_set_rd_driver(rd, lr); 2504 r = reg_set_rd_driver(rd, lr);
@@ -2510,8 +2512,14 @@ int set_regdom(const struct ieee80211_regdomain *rd)
2510 } 2512 }
2511 2513
2512 if (r) { 2514 if (r) {
2513 if (r == -EALREADY) 2515 switch (r) {
2516 case -EALREADY:
2514 reg_set_request_processed(); 2517 reg_set_request_processed();
2518 break;
2519 default:
2520 /* Back to world regulatory in case of errors */
2521 restore_regulatory_settings(user_reset);
2522 }
2515 2523
2516 kfree(rd); 2524 kfree(rd);
2517 return r; 2525 return r;
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index bb3669d973a7..a75fae4b045a 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -1156,7 +1156,7 @@ static struct xfrm_policy *__xfrm_policy_unlink(struct xfrm_policy *pol,
1156 if (hlist_unhashed(&pol->bydst)) 1156 if (hlist_unhashed(&pol->bydst))
1157 return NULL; 1157 return NULL;
1158 1158
1159 hlist_del(&pol->bydst); 1159 hlist_del_init(&pol->bydst);
1160 hlist_del(&pol->byidx); 1160 hlist_del(&pol->byidx);
1161 list_del(&pol->walk.all); 1161 list_del(&pol->walk.all);
1162 net->xfrm.policy_count[dir]--; 1162 net->xfrm.policy_count[dir]--;
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 5339c26bb0cf..06970fee9155 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -1171,6 +1171,11 @@ static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig)
1171 } 1171 }
1172 x->props.aalgo = orig->props.aalgo; 1172 x->props.aalgo = orig->props.aalgo;
1173 1173
1174 if (orig->aead) {
1175 x->aead = xfrm_algo_aead_clone(orig->aead);
1176 if (!x->aead)
1177 goto error;
1178 }
1174 if (orig->ealg) { 1179 if (orig->ealg) {
1175 x->ealg = xfrm_algo_clone(orig->ealg); 1180 x->ealg = xfrm_algo_clone(orig->ealg);
1176 if (!x->ealg) 1181 if (!x->ealg)
@@ -1211,6 +1216,9 @@ static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig)
1211 x->props.flags = orig->props.flags; 1216 x->props.flags = orig->props.flags;
1212 x->props.extra_flags = orig->props.extra_flags; 1217 x->props.extra_flags = orig->props.extra_flags;
1213 1218
1219 x->tfcpad = orig->tfcpad;
1220 x->replay_maxdiff = orig->replay_maxdiff;
1221 x->replay_maxage = orig->replay_maxage;
1214 x->curlft.add_time = orig->curlft.add_time; 1222 x->curlft.add_time = orig->curlft.add_time;
1215 x->km.state = orig->km.state; 1223 x->km.state = orig->km.state;
1216 x->km.seq = orig->km.seq; 1224 x->km.seq = orig->km.seq;
@@ -1223,11 +1231,12 @@ out:
1223 return NULL; 1231 return NULL;
1224} 1232}
1225 1233
1226/* net->xfrm.xfrm_state_lock is held */
1227struct xfrm_state *xfrm_migrate_state_find(struct xfrm_migrate *m, struct net *net) 1234struct xfrm_state *xfrm_migrate_state_find(struct xfrm_migrate *m, struct net *net)
1228{ 1235{
1229 unsigned int h; 1236 unsigned int h;
1230 struct xfrm_state *x; 1237 struct xfrm_state *x = NULL;
1238
1239 spin_lock_bh(&net->xfrm.xfrm_state_lock);
1231 1240
1232 if (m->reqid) { 1241 if (m->reqid) {
1233 h = xfrm_dst_hash(net, &m->old_daddr, &m->old_saddr, 1242 h = xfrm_dst_hash(net, &m->old_daddr, &m->old_saddr,
@@ -1244,7 +1253,7 @@ struct xfrm_state *xfrm_migrate_state_find(struct xfrm_migrate *m, struct net *n
1244 m->old_family)) 1253 m->old_family))
1245 continue; 1254 continue;
1246 xfrm_state_hold(x); 1255 xfrm_state_hold(x);
1247 return x; 1256 break;
1248 } 1257 }
1249 } else { 1258 } else {
1250 h = xfrm_src_hash(net, &m->old_daddr, &m->old_saddr, 1259 h = xfrm_src_hash(net, &m->old_daddr, &m->old_saddr,
@@ -1259,11 +1268,13 @@ struct xfrm_state *xfrm_migrate_state_find(struct xfrm_migrate *m, struct net *n
1259 m->old_family)) 1268 m->old_family))
1260 continue; 1269 continue;
1261 xfrm_state_hold(x); 1270 xfrm_state_hold(x);
1262 return x; 1271 break;
1263 } 1272 }
1264 } 1273 }
1265 1274
1266 return NULL; 1275 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1276
1277 return x;
1267} 1278}
1268EXPORT_SYMBOL(xfrm_migrate_state_find); 1279EXPORT_SYMBOL(xfrm_migrate_state_find);
1269 1280
@@ -1458,7 +1469,7 @@ xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n,
1458{ 1469{
1459 int err = 0; 1470 int err = 0;
1460 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family); 1471 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1461 struct net *net = xs_net(*dst); 1472 struct net *net = xs_net(*src);
1462 1473
1463 if (!afinfo) 1474 if (!afinfo)
1464 return -EAFNOSUPPORT; 1475 return -EAFNOSUPPORT;
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 023e5e7ea4c6..195dbe230b98 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -32,11 +32,6 @@
32#include <linux/in6.h> 32#include <linux/in6.h>
33#endif 33#endif
34 34
35static inline int aead_len(struct xfrm_algo_aead *alg)
36{
37 return sizeof(*alg) + ((alg->alg_key_len + 7) / 8);
38}
39
40static int verify_one_alg(struct nlattr **attrs, enum xfrm_attr_type_t type) 35static int verify_one_alg(struct nlattr **attrs, enum xfrm_attr_type_t type)
41{ 36{
42 struct nlattr *rt = attrs[type]; 37 struct nlattr *rt = attrs[type];