aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
Diffstat (limited to 'net')
-rw-r--r--net/8021q/vlan.c20
-rw-r--r--net/8021q/vlan.h5
-rw-r--r--net/8021q/vlan_dev.c17
-rw-r--r--net/8021q/vlanproc.c5
-rw-r--r--net/9p/trans_fd.c2
-rw-r--r--net/atm/lec.c29
-rw-r--r--net/ax25/TODO4
-rw-r--r--net/bluetooth/af_bluetooth.c40
-rw-r--r--net/bluetooth/hci_sock.c2
-rw-r--r--net/bluetooth/l2cap.c2
-rw-r--r--net/bluetooth/rfcomm/core.c2
-rw-r--r--net/bluetooth/rfcomm/sock.c2
-rw-r--r--net/bluetooth/rfcomm/tty.c5
-rw-r--r--net/bluetooth/sco.c2
-rw-r--r--net/core/dev.c4
-rw-r--r--net/core/neighbour.c23
-rw-r--r--net/ieee80211/ieee80211_rx.c43
-rw-r--r--net/ipv4/Kconfig8
-rw-r--r--net/ipv4/esp4.c2
-rw-r--r--net/ipv4/icmp.c24
-rw-r--r--net/ipv4/inet_fragment.c3
-rw-r--r--net/ipv4/inet_timewait_sock.c1
-rw-r--r--net/ipv4/ip_forward.c2
-rw-r--r--net/ipv4/ip_sockglue.c2
-rw-r--r--net/ipv4/ipconfig.c2
-rw-r--r--net/ipv4/netfilter/ip_queue.c8
-rw-r--r--net/ipv4/netfilter/ipt_CLUSTERIP.c5
-rw-r--r--net/ipv4/netfilter/ipt_recent.c3
-rw-r--r--net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c7
-rw-r--r--net/ipv4/netfilter/nf_nat_core.c2
-rw-r--r--net/ipv4/tcp_input.c65
-rw-r--r--net/ipv4/tcp_output.c3
-rw-r--r--net/ipv4/udp.c4
-rw-r--r--net/ipv4/xfrm4_mode_beet.c11
-rw-r--r--net/ipv4/xfrm4_mode_tunnel.c2
-rw-r--r--net/ipv4/xfrm4_output.c2
-rw-r--r--net/ipv4/xfrm4_state.c2
-rw-r--r--net/ipv6/addrconf.c31
-rw-r--r--net/ipv6/anycast.c9
-rw-r--r--net/ipv6/esp6.c2
-rw-r--r--net/ipv6/icmp.c22
-rw-r--r--net/ipv6/ip6_input.c3
-rw-r--r--net/ipv6/ndisc.c22
-rw-r--r--net/ipv6/netfilter/ip6_queue.c8
-rw-r--r--net/ipv6/netfilter/nf_conntrack_reasm.c2
-rw-r--r--net/ipv6/xfrm6_mode_beet.c1
-rw-r--r--net/ipv6/xfrm6_mode_tunnel.c2
-rw-r--r--net/ipv6/xfrm6_output.c2
-rw-r--r--net/ipv6/xfrm6_state.c2
-rw-r--r--net/irda/irnet/irnet.h2
-rw-r--r--net/key/af_key.c2
-rw-r--r--net/llc/af_llc.c3
-rw-r--r--net/llc/llc_c_ac.c47
-rw-r--r--net/llc/llc_core.c9
-rw-r--r--net/llc/llc_input.c6
-rw-r--r--net/llc/llc_pdu.c2
-rw-r--r--net/llc/llc_s_ac.c9
-rw-r--r--net/llc/llc_sap.c27
-rw-r--r--net/llc/llc_station.c19
-rw-r--r--net/mac80211/ieee80211.c12
-rw-r--r--net/mac80211/ieee80211_sta.c50
-rw-r--r--net/netfilter/nf_conntrack_standalone.c9
-rw-r--r--net/netfilter/nf_log.c8
-rw-r--r--net/netfilter/nf_queue.c7
-rw-r--r--net/netfilter/nfnetlink_log.c9
-rw-r--r--net/netfilter/nfnetlink_queue.c9
-rw-r--r--net/netfilter/xt_hashlimit.c39
-rw-r--r--net/rose/af_rose.c9
-rw-r--r--net/rxrpc/ar-internal.h4
-rw-r--r--net/rxrpc/rxkad.c27
-rw-r--r--net/sched/sch_generic.c18
-rw-r--r--net/sunrpc/clnt.c4
-rw-r--r--net/sunrpc/xdr.c9
-rw-r--r--net/wireless/nl80211.c2
-rw-r--r--net/xfrm/xfrm_input.c22
-rw-r--r--net/xfrm/xfrm_output.c18
-rw-r--r--net/xfrm/xfrm_state.c54
-rw-r--r--net/xfrm/xfrm_user.c5
78 files changed, 612 insertions, 300 deletions
diff --git a/net/8021q/vlan.c b/net/8021q/vlan.c
index dbc81b965096..b33410abfd6b 100644
--- a/net/8021q/vlan.c
+++ b/net/8021q/vlan.c
@@ -374,17 +374,35 @@ static void vlan_sync_address(struct net_device *dev,
374 memcpy(vlan->real_dev_addr, dev->dev_addr, ETH_ALEN); 374 memcpy(vlan->real_dev_addr, dev->dev_addr, ETH_ALEN);
375} 375}
376 376
377static void __vlan_device_event(struct net_device *dev, unsigned long event)
378{
379 switch (event) {
380 case NETDEV_CHANGENAME:
381 vlan_proc_rem_dev(dev);
382 if (vlan_proc_add_dev(dev) < 0)
383 pr_warning("8021q: failed to change proc name for %s\n",
384 dev->name);
385 break;
386 }
387}
388
377static int vlan_device_event(struct notifier_block *unused, unsigned long event, 389static int vlan_device_event(struct notifier_block *unused, unsigned long event,
378 void *ptr) 390 void *ptr)
379{ 391{
380 struct net_device *dev = ptr; 392 struct net_device *dev = ptr;
381 struct vlan_group *grp = __vlan_find_group(dev->ifindex); 393 struct vlan_group *grp;
382 int i, flgs; 394 int i, flgs;
383 struct net_device *vlandev; 395 struct net_device *vlandev;
384 396
385 if (dev->nd_net != &init_net) 397 if (dev->nd_net != &init_net)
386 return NOTIFY_DONE; 398 return NOTIFY_DONE;
387 399
400 if (is_vlan_dev(dev)) {
401 __vlan_device_event(dev, event);
402 goto out;
403 }
404
405 grp = __vlan_find_group(dev->ifindex);
388 if (!grp) 406 if (!grp)
389 goto out; 407 goto out;
390 408
diff --git a/net/8021q/vlan.h b/net/8021q/vlan.h
index 73efcc715ccb..51271aea402b 100644
--- a/net/8021q/vlan.h
+++ b/net/8021q/vlan.h
@@ -45,4 +45,9 @@ void vlan_netlink_fini(void);
45 45
46extern struct rtnl_link_ops vlan_link_ops; 46extern struct rtnl_link_ops vlan_link_ops;
47 47
48static inline int is_vlan_dev(struct net_device *dev)
49{
50 return dev->priv_flags & IFF_802_1Q_VLAN;
51}
52
48#endif /* !(__BEN_VLAN_802_1Q_INC__) */ 53#endif /* !(__BEN_VLAN_802_1Q_INC__) */
diff --git a/net/8021q/vlan_dev.c b/net/8021q/vlan_dev.c
index 8fbcefe10c9f..41a76a05e6fd 100644
--- a/net/8021q/vlan_dev.c
+++ b/net/8021q/vlan_dev.c
@@ -660,7 +660,7 @@ static int vlan_dev_init(struct net_device *dev)
660 int subclass = 0; 660 int subclass = 0;
661 661
662 /* IFF_BROADCAST|IFF_MULTICAST; ??? */ 662 /* IFF_BROADCAST|IFF_MULTICAST; ??? */
663 dev->flags = real_dev->flags & ~IFF_UP; 663 dev->flags = real_dev->flags & ~(IFF_UP | IFF_PROMISC | IFF_ALLMULTI);
664 dev->iflink = real_dev->ifindex; 664 dev->iflink = real_dev->ifindex;
665 dev->state = (real_dev->state & ((1<<__LINK_STATE_NOCARRIER) | 665 dev->state = (real_dev->state & ((1<<__LINK_STATE_NOCARRIER) |
666 (1<<__LINK_STATE_DORMANT))) | 666 (1<<__LINK_STATE_DORMANT))) |
@@ -692,6 +692,20 @@ static int vlan_dev_init(struct net_device *dev)
692 return 0; 692 return 0;
693} 693}
694 694
695static void vlan_dev_uninit(struct net_device *dev)
696{
697 struct vlan_priority_tci_mapping *pm;
698 struct vlan_dev_info *vlan = vlan_dev_info(dev);
699 int i;
700
701 for (i = 0; i < ARRAY_SIZE(vlan->egress_priority_map); i++) {
702 while ((pm = vlan->egress_priority_map[i]) != NULL) {
703 vlan->egress_priority_map[i] = pm->next;
704 kfree(pm);
705 }
706 }
707}
708
695void vlan_setup(struct net_device *dev) 709void vlan_setup(struct net_device *dev)
696{ 710{
697 ether_setup(dev); 711 ether_setup(dev);
@@ -701,6 +715,7 @@ void vlan_setup(struct net_device *dev)
701 715
702 dev->change_mtu = vlan_dev_change_mtu; 716 dev->change_mtu = vlan_dev_change_mtu;
703 dev->init = vlan_dev_init; 717 dev->init = vlan_dev_init;
718 dev->uninit = vlan_dev_uninit;
704 dev->open = vlan_dev_open; 719 dev->open = vlan_dev_open;
705 dev->stop = vlan_dev_stop; 720 dev->stop = vlan_dev_stop;
706 dev->set_mac_address = vlan_dev_set_mac_address; 721 dev->set_mac_address = vlan_dev_set_mac_address;
diff --git a/net/8021q/vlanproc.c b/net/8021q/vlanproc.c
index 146cfb0e9882..9671aa51af2c 100644
--- a/net/8021q/vlanproc.c
+++ b/net/8021q/vlanproc.c
@@ -210,11 +210,6 @@ int vlan_proc_rem_dev(struct net_device *vlandev)
210 * The following few functions build the content of /proc/net/vlan/config 210 * The following few functions build the content of /proc/net/vlan/config
211 */ 211 */
212 212
213static inline int is_vlan_dev(struct net_device *dev)
214{
215 return dev->priv_flags & IFF_802_1Q_VLAN;
216}
217
218/* start read of /proc/net/vlan/config */ 213/* start read of /proc/net/vlan/config */
219static void *vlan_seq_start(struct seq_file *seq, loff_t *pos) 214static void *vlan_seq_start(struct seq_file *seq, loff_t *pos)
220 __acquires(dev_base_lock) 215 __acquires(dev_base_lock)
diff --git a/net/9p/trans_fd.c b/net/9p/trans_fd.c
index 4e8d4e724b96..f624dff76852 100644
--- a/net/9p/trans_fd.c
+++ b/net/9p/trans_fd.c
@@ -1520,7 +1520,7 @@ static int __init p9_trans_fd_init(void)
1520 v9fs_register_trans(&p9_unix_trans); 1520 v9fs_register_trans(&p9_unix_trans);
1521 v9fs_register_trans(&p9_fd_trans); 1521 v9fs_register_trans(&p9_fd_trans);
1522 1522
1523 return 1; 1523 return 0;
1524} 1524}
1525 1525
1526module_init(p9_trans_fd_init); 1526module_init(p9_trans_fd_init);
diff --git a/net/atm/lec.c b/net/atm/lec.c
index a2efa7ff41f1..3235c57615e4 100644
--- a/net/atm/lec.c
+++ b/net/atm/lec.c
@@ -266,7 +266,6 @@ static int lec_start_xmit(struct sk_buff *skb, struct net_device *dev)
266 char buf[300]; 266 char buf[300];
267 int i = 0; 267 int i = 0;
268#endif /* DUMP_PACKETS >0 */ 268#endif /* DUMP_PACKETS >0 */
269 DECLARE_MAC_BUF(mac);
270 269
271 pr_debug("lec_start_xmit called\n"); 270 pr_debug("lec_start_xmit called\n");
272 if (!priv->lecd) { 271 if (!priv->lecd) {
@@ -374,15 +373,19 @@ static int lec_start_xmit(struct sk_buff *skb, struct net_device *dev)
374 if (entry && (entry->tx_wait.qlen < LEC_UNRES_QUE_LEN)) { 373 if (entry && (entry->tx_wait.qlen < LEC_UNRES_QUE_LEN)) {
375 pr_debug("%s:lec_start_xmit: queuing packet, ", 374 pr_debug("%s:lec_start_xmit: queuing packet, ",
376 dev->name); 375 dev->name);
377 pr_debug("MAC address %s\n", 376 pr_debug("MAC address " MAC_FMT "\n",
378 print_mac(mac, lec_h->h_dest)); 377 lec_h->h_dest[0], lec_h->h_dest[1],
378 lec_h->h_dest[2], lec_h->h_dest[3],
379 lec_h->h_dest[4], lec_h->h_dest[5]);
379 skb_queue_tail(&entry->tx_wait, skb); 380 skb_queue_tail(&entry->tx_wait, skb);
380 } else { 381 } else {
381 pr_debug 382 pr_debug
382 ("%s:lec_start_xmit: tx queue full or no arp entry, dropping, ", 383 ("%s:lec_start_xmit: tx queue full or no arp entry, dropping, ",
383 dev->name); 384 dev->name);
384 pr_debug("MAC address %s\n", 385 pr_debug("MAC address " MAC_FMT "\n",
385 print_mac(mac, lec_h->h_dest)); 386 lec_h->h_dest[0], lec_h->h_dest[1],
387 lec_h->h_dest[2], lec_h->h_dest[3],
388 lec_h->h_dest[4], lec_h->h_dest[5]);
386 priv->stats.tx_dropped++; 389 priv->stats.tx_dropped++;
387 dev_kfree_skb(skb); 390 dev_kfree_skb(skb);
388 } 391 }
@@ -394,8 +397,10 @@ static int lec_start_xmit(struct sk_buff *skb, struct net_device *dev)
394 397
395 while (entry && (skb2 = skb_dequeue(&entry->tx_wait))) { 398 while (entry && (skb2 = skb_dequeue(&entry->tx_wait))) {
396 pr_debug("lec.c: emptying tx queue, "); 399 pr_debug("lec.c: emptying tx queue, ");
397 pr_debug("MAC address %s\n", 400 pr_debug("MAC address " MAC_FMT "\n",
398 print_mac(mac, lec_h->h_dest)); 401 lec_h->h_dest[0], lec_h->h_dest[1],
402 lec_h->h_dest[2], lec_h->h_dest[3],
403 lec_h->h_dest[4], lec_h->h_dest[5]);
399 lec_send(vcc, skb2, priv); 404 lec_send(vcc, skb2, priv);
400 } 405 }
401 406
@@ -449,7 +454,6 @@ static int lec_atm_send(struct atm_vcc *vcc, struct sk_buff *skb)
449 struct lec_arp_table *entry; 454 struct lec_arp_table *entry;
450 int i; 455 int i;
451 char *tmp; /* FIXME */ 456 char *tmp; /* FIXME */
452 DECLARE_MAC_BUF(mac);
453 457
454 atomic_sub(skb->truesize, &sk_atm(vcc)->sk_wmem_alloc); 458 atomic_sub(skb->truesize, &sk_atm(vcc)->sk_wmem_alloc);
455 mesg = (struct atmlec_msg *)skb->data; 459 mesg = (struct atmlec_msg *)skb->data;
@@ -536,9 +540,14 @@ static int lec_atm_send(struct atm_vcc *vcc, struct sk_buff *skb)
536 struct net_bridge_fdb_entry *f; 540 struct net_bridge_fdb_entry *f;
537 541
538 pr_debug 542 pr_debug
539 ("%s: bridge zeppelin asks about %s\n", 543 ("%s: bridge zeppelin asks about " MAC_FMT "\n",
540 dev->name, 544 dev->name,
541 print_mac(mac, mesg->content.proxy.mac_addr)); 545 mesg->content.proxy.mac_addr[0],
546 mesg->content.proxy.mac_addr[1],
547 mesg->content.proxy.mac_addr[2],
548 mesg->content.proxy.mac_addr[3],
549 mesg->content.proxy.mac_addr[4],
550 mesg->content.proxy.mac_addr[5]);
542 551
543 if (br_fdb_get_hook == NULL || dev->br_port == NULL) 552 if (br_fdb_get_hook == NULL || dev->br_port == NULL)
544 break; 553 break;
diff --git a/net/ax25/TODO b/net/ax25/TODO
index 4089c49e45cc..69fb4e368d92 100644
--- a/net/ax25/TODO
+++ b/net/ax25/TODO
@@ -9,10 +9,6 @@ being used.
9Routes to a device being taken down might be deleted by ax25_rt_device_down 9Routes to a device being taken down might be deleted by ax25_rt_device_down
10but added by somebody else before the device has been deleted fully. 10but added by somebody else before the device has been deleted fully.
11 11
12Massive amounts of lock_kernel / unlock_kernel are just a temporary solution to
13get around the removal of SOCKOPS_WRAP. A serious locking strategy has to be
14implemented.
15
16The ax25_rt_find_route synopsys is pervert but I somehow had to deal with 12The ax25_rt_find_route synopsys is pervert but I somehow had to deal with
17the race caused by the static variable in it's previous implementation. 13the race caused by the static variable in it's previous implementation.
18 14
diff --git a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c
index 1220d8a41eb5..d366423c8392 100644
--- a/net/bluetooth/af_bluetooth.c
+++ b/net/bluetooth/af_bluetooth.c
@@ -53,6 +53,30 @@
53/* Bluetooth sockets */ 53/* Bluetooth sockets */
54#define BT_MAX_PROTO 8 54#define BT_MAX_PROTO 8
55static struct net_proto_family *bt_proto[BT_MAX_PROTO]; 55static struct net_proto_family *bt_proto[BT_MAX_PROTO];
56
57static struct lock_class_key bt_slock_key[BT_MAX_PROTO];
58static struct lock_class_key bt_lock_key[BT_MAX_PROTO];
59static const char *bt_key_strings[BT_MAX_PROTO] = {
60 "sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP",
61 "sk_lock-AF_BLUETOOTH-BTPROTO_HCI",
62 "sk_lock-AF_BLUETOOTH-BTPROTO_SCO",
63 "sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM",
64 "sk_lock-AF_BLUETOOTH-BTPROTO_BNEP",
65 "sk_lock-AF_BLUETOOTH-BTPROTO_CMTP",
66 "sk_lock-AF_BLUETOOTH-BTPROTO_HIDP",
67 "sk_lock-AF_BLUETOOTH-BTPROTO_AVDTP",
68};
69
70static const char *bt_slock_key_strings[BT_MAX_PROTO] = {
71 "slock-AF_BLUETOOTH-BTPROTO_L2CAP",
72 "slock-AF_BLUETOOTH-BTPROTO_HCI",
73 "slock-AF_BLUETOOTH-BTPROTO_SCO",
74 "slock-AF_BLUETOOTH-BTPROTO_RFCOMM",
75 "slock-AF_BLUETOOTH-BTPROTO_BNEP",
76 "slock-AF_BLUETOOTH-BTPROTO_CMTP",
77 "slock-AF_BLUETOOTH-BTPROTO_HIDP",
78 "slock-AF_BLUETOOTH-BTPROTO_AVDTP",
79};
56static DEFINE_RWLOCK(bt_proto_lock); 80static DEFINE_RWLOCK(bt_proto_lock);
57 81
58int bt_sock_register(int proto, struct net_proto_family *ops) 82int bt_sock_register(int proto, struct net_proto_family *ops)
@@ -95,6 +119,21 @@ int bt_sock_unregister(int proto)
95} 119}
96EXPORT_SYMBOL(bt_sock_unregister); 120EXPORT_SYMBOL(bt_sock_unregister);
97 121
122static void bt_reclassify_sock_lock(struct socket *sock, int proto)
123{
124 struct sock *sk = sock->sk;
125
126 if (!sk)
127 return;
128 BUG_ON(sock_owned_by_user(sk));
129
130 sock_lock_init_class_and_name(sk,
131 bt_slock_key_strings[proto],
132 &bt_slock_key[proto],
133 bt_key_strings[proto],
134 &bt_lock_key[proto]);
135}
136
98static int bt_sock_create(struct net *net, struct socket *sock, int proto) 137static int bt_sock_create(struct net *net, struct socket *sock, int proto)
99{ 138{
100 int err; 139 int err;
@@ -117,6 +156,7 @@ static int bt_sock_create(struct net *net, struct socket *sock, int proto)
117 156
118 if (bt_proto[proto] && try_module_get(bt_proto[proto]->owner)) { 157 if (bt_proto[proto] && try_module_get(bt_proto[proto]->owner)) {
119 err = bt_proto[proto]->create(net, sock, proto); 158 err = bt_proto[proto]->create(net, sock, proto);
159 bt_reclassify_sock_lock(sock, proto);
120 module_put(bt_proto[proto]->owner); 160 module_put(bt_proto[proto]->owner);
121 } 161 }
122 162
diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c
index b5d4019d3572..1d36c093523b 100644
--- a/net/bluetooth/hci_sock.c
+++ b/net/bluetooth/hci_sock.c
@@ -84,7 +84,7 @@ static struct hci_sec_filter hci_sec_filter = {
84}; 84};
85 85
86static struct bt_sock_list hci_sk_list = { 86static struct bt_sock_list hci_sk_list = {
87 .lock = RW_LOCK_UNLOCKED 87 .lock = __RW_LOCK_UNLOCKED(hci_sk_list.lock)
88}; 88};
89 89
90/* Send frame to RAW socket */ 90/* Send frame to RAW socket */
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index 34f8bf98bc05..2957df4b6c0b 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -62,7 +62,7 @@ static u32 l2cap_feat_mask = 0x0000;
62static const struct proto_ops l2cap_sock_ops; 62static const struct proto_ops l2cap_sock_ops;
63 63
64static struct bt_sock_list l2cap_sk_list = { 64static struct bt_sock_list l2cap_sk_list = {
65 .lock = RW_LOCK_UNLOCKED 65 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
66}; 66};
67 67
68static void __l2cap_sock_close(struct sock *sk, int reason); 68static void __l2cap_sock_close(struct sock *sk, int reason);
diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c
index 0c2c93735e93..eb62558e9b09 100644
--- a/net/bluetooth/rfcomm/core.c
+++ b/net/bluetooth/rfcomm/core.c
@@ -423,8 +423,8 @@ static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
423 423
424 rfcomm_dlc_lock(d); 424 rfcomm_dlc_lock(d);
425 d->state = BT_CLOSED; 425 d->state = BT_CLOSED;
426 d->state_change(d, err);
427 rfcomm_dlc_unlock(d); 426 rfcomm_dlc_unlock(d);
427 d->state_change(d, err);
428 428
429 skb_queue_purge(&d->tx_queue); 429 skb_queue_purge(&d->tx_queue);
430 rfcomm_dlc_unlink(d); 430 rfcomm_dlc_unlink(d);
diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c
index c46d51035e77..af4e3934ee84 100644
--- a/net/bluetooth/rfcomm/sock.c
+++ b/net/bluetooth/rfcomm/sock.c
@@ -60,7 +60,7 @@
60static const struct proto_ops rfcomm_sock_ops; 60static const struct proto_ops rfcomm_sock_ops;
61 61
62static struct bt_sock_list rfcomm_sk_list = { 62static struct bt_sock_list rfcomm_sk_list = {
63 .lock = RW_LOCK_UNLOCKED 63 .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock)
64}; 64};
65 65
66static void rfcomm_sock_close(struct sock *sk); 66static void rfcomm_sock_close(struct sock *sk);
diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c
index e4c779bb8d76..c3f749abb2d0 100644
--- a/net/bluetooth/rfcomm/tty.c
+++ b/net/bluetooth/rfcomm/tty.c
@@ -570,12 +570,7 @@ static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err)
570 return; 570 return;
571 571
572 rfcomm_dev_del(dev); 572 rfcomm_dev_del(dev);
573 /* We have to drop DLC lock here, otherwise
574 rfcomm_dev_put() will dead lock if it's
575 the last reference. */
576 rfcomm_dlc_unlock(dlc);
577 rfcomm_dev_put(dev); 573 rfcomm_dev_put(dev);
578 rfcomm_dlc_lock(dlc);
579 } 574 }
580 } else 575 } else
581 tty_hangup(dev->tty); 576 tty_hangup(dev->tty);
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index b91d3c81a73c..cd887cdca426 100644
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -58,7 +58,7 @@
58static const struct proto_ops sco_sock_ops; 58static const struct proto_ops sco_sock_ops;
59 59
60static struct bt_sock_list sco_sk_list = { 60static struct bt_sock_list sco_sk_list = {
61 .lock = RW_LOCK_UNLOCKED 61 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock)
62}; 62};
63 63
64static void __sco_chan_add(struct sco_conn *conn, struct sock *sk, struct sock *parent); 64static void __sco_chan_add(struct sco_conn *conn, struct sock *sk, struct sock *parent);
diff --git a/net/core/dev.c b/net/core/dev.c
index fcdf03cf3b3f..460e7f99ce3e 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -3329,7 +3329,7 @@ static int dev_ifsioc(struct net *net, struct ifreq *ifr, unsigned int cmd)
3329 return -EOPNOTSUPP; 3329 return -EOPNOTSUPP;
3330 3330
3331 case SIOCADDMULTI: 3331 case SIOCADDMULTI:
3332 if (!dev->set_multicast_list || 3332 if ((!dev->set_multicast_list && !dev->set_rx_mode) ||
3333 ifr->ifr_hwaddr.sa_family != AF_UNSPEC) 3333 ifr->ifr_hwaddr.sa_family != AF_UNSPEC)
3334 return -EINVAL; 3334 return -EINVAL;
3335 if (!netif_device_present(dev)) 3335 if (!netif_device_present(dev))
@@ -3338,7 +3338,7 @@ static int dev_ifsioc(struct net *net, struct ifreq *ifr, unsigned int cmd)
3338 dev->addr_len, 1); 3338 dev->addr_len, 1);
3339 3339
3340 case SIOCDELMULTI: 3340 case SIOCDELMULTI:
3341 if (!dev->set_multicast_list || 3341 if ((!dev->set_multicast_list && !dev->set_rx_mode) ||
3342 ifr->ifr_hwaddr.sa_family != AF_UNSPEC) 3342 ifr->ifr_hwaddr.sa_family != AF_UNSPEC)
3343 return -EINVAL; 3343 return -EINVAL;
3344 if (!netif_device_present(dev)) 3344 if (!netif_device_present(dev))
diff --git a/net/core/neighbour.c b/net/core/neighbour.c
index d9a02b2cc289..19b8e003f150 100644
--- a/net/core/neighbour.c
+++ b/net/core/neighbour.c
@@ -466,6 +466,28 @@ out_neigh_release:
466 goto out; 466 goto out;
467} 467}
468 468
469struct pneigh_entry *__pneigh_lookup(struct neigh_table *tbl,
470 struct net *net, const void *pkey, struct net_device *dev)
471{
472 struct pneigh_entry *n;
473 int key_len = tbl->key_len;
474 u32 hash_val = *(u32 *)(pkey + key_len - 4);
475
476 hash_val ^= (hash_val >> 16);
477 hash_val ^= hash_val >> 8;
478 hash_val ^= hash_val >> 4;
479 hash_val &= PNEIGH_HASHMASK;
480
481 for (n = tbl->phash_buckets[hash_val]; n; n = n->next) {
482 if (!memcmp(n->key, pkey, key_len) &&
483 (n->net == net) &&
484 (n->dev == dev || !n->dev))
485 break;
486 }
487
488 return n;
489}
490
469struct pneigh_entry * pneigh_lookup(struct neigh_table *tbl, 491struct pneigh_entry * pneigh_lookup(struct neigh_table *tbl,
470 struct net *net, const void *pkey, 492 struct net *net, const void *pkey,
471 struct net_device *dev, int creat) 493 struct net_device *dev, int creat)
@@ -2803,6 +2825,7 @@ EXPORT_SYMBOL(neigh_table_init_no_netlink);
2803EXPORT_SYMBOL(neigh_update); 2825EXPORT_SYMBOL(neigh_update);
2804EXPORT_SYMBOL(pneigh_enqueue); 2826EXPORT_SYMBOL(pneigh_enqueue);
2805EXPORT_SYMBOL(pneigh_lookup); 2827EXPORT_SYMBOL(pneigh_lookup);
2828EXPORT_SYMBOL_GPL(__pneigh_lookup);
2806 2829
2807#ifdef CONFIG_ARPD 2830#ifdef CONFIG_ARPD
2808EXPORT_SYMBOL(neigh_app_ns); 2831EXPORT_SYMBOL(neigh_app_ns);
diff --git a/net/ieee80211/ieee80211_rx.c b/net/ieee80211/ieee80211_rx.c
index 1e3f87c8c012..200ee1e63728 100644
--- a/net/ieee80211/ieee80211_rx.c
+++ b/net/ieee80211/ieee80211_rx.c
@@ -271,7 +271,6 @@ ieee80211_rx_frame_decrypt(struct ieee80211_device *ieee, struct sk_buff *skb,
271{ 271{
272 struct ieee80211_hdr_3addr *hdr; 272 struct ieee80211_hdr_3addr *hdr;
273 int res, hdrlen; 273 int res, hdrlen;
274 DECLARE_MAC_BUF(mac);
275 274
276 if (crypt == NULL || crypt->ops->decrypt_mpdu == NULL) 275 if (crypt == NULL || crypt->ops->decrypt_mpdu == NULL)
277 return 0; 276 return 0;
@@ -283,8 +282,12 @@ ieee80211_rx_frame_decrypt(struct ieee80211_device *ieee, struct sk_buff *skb,
283 res = crypt->ops->decrypt_mpdu(skb, hdrlen, crypt->priv); 282 res = crypt->ops->decrypt_mpdu(skb, hdrlen, crypt->priv);
284 atomic_dec(&crypt->refcnt); 283 atomic_dec(&crypt->refcnt);
285 if (res < 0) { 284 if (res < 0) {
286 IEEE80211_DEBUG_DROP("decryption failed (SA=%s" 285 IEEE80211_DEBUG_DROP("decryption failed (SA=" MAC_FMT
287 ") res=%d\n", print_mac(mac, hdr->addr2), res); 286 ") res=%d\n",
287 hdr->addr2[0], hdr->addr2[1],
288 hdr->addr2[2], hdr->addr2[3],
289 hdr->addr2[4], hdr->addr2[5],
290 res);
288 if (res == -2) 291 if (res == -2)
289 IEEE80211_DEBUG_DROP("Decryption failed ICV " 292 IEEE80211_DEBUG_DROP("Decryption failed ICV "
290 "mismatch (key %d)\n", 293 "mismatch (key %d)\n",
@@ -304,7 +307,6 @@ ieee80211_rx_frame_decrypt_msdu(struct ieee80211_device *ieee,
304{ 307{
305 struct ieee80211_hdr_3addr *hdr; 308 struct ieee80211_hdr_3addr *hdr;
306 int res, hdrlen; 309 int res, hdrlen;
307 DECLARE_MAC_BUF(mac);
308 310
309 if (crypt == NULL || crypt->ops->decrypt_msdu == NULL) 311 if (crypt == NULL || crypt->ops->decrypt_msdu == NULL)
310 return 0; 312 return 0;
@@ -317,8 +319,12 @@ ieee80211_rx_frame_decrypt_msdu(struct ieee80211_device *ieee,
317 atomic_dec(&crypt->refcnt); 319 atomic_dec(&crypt->refcnt);
318 if (res < 0) { 320 if (res < 0) {
319 printk(KERN_DEBUG "%s: MSDU decryption/MIC verification failed" 321 printk(KERN_DEBUG "%s: MSDU decryption/MIC verification failed"
320 " (SA=%s keyidx=%d)\n", 322 " (SA=" MAC_FMT " keyidx=%d)\n",
321 ieee->dev->name, print_mac(mac, hdr->addr2), keyidx); 323 ieee->dev->name,
324 hdr->addr2[0], hdr->addr2[1],
325 hdr->addr2[2], hdr->addr2[3],
326 hdr->addr2[4], hdr->addr2[5],
327 keyidx);
322 return -1; 328 return -1;
323 } 329 }
324 330
@@ -462,8 +468,10 @@ int ieee80211_rx(struct ieee80211_device *ieee, struct sk_buff *skb,
462 * frames silently instead of filling system log with 468 * frames silently instead of filling system log with
463 * these reports. */ 469 * these reports. */
464 IEEE80211_DEBUG_DROP("Decryption failed (not set)" 470 IEEE80211_DEBUG_DROP("Decryption failed (not set)"
465 " (SA=%s)\n", 471 " (SA=" MAC_FMT ")\n",
466 print_mac(mac, hdr->addr2)); 472 hdr->addr2[0], hdr->addr2[1],
473 hdr->addr2[2], hdr->addr2[3],
474 hdr->addr2[4], hdr->addr2[5]);
467 ieee->ieee_stats.rx_discards_undecryptable++; 475 ieee->ieee_stats.rx_discards_undecryptable++;
468 goto rx_dropped; 476 goto rx_dropped;
469 } 477 }
@@ -474,8 +482,10 @@ int ieee80211_rx(struct ieee80211_device *ieee, struct sk_buff *skb,
474 fc & IEEE80211_FCTL_PROTECTED && ieee->host_decrypt && 482 fc & IEEE80211_FCTL_PROTECTED && ieee->host_decrypt &&
475 (keyidx = hostap_rx_frame_decrypt(ieee, skb, crypt)) < 0) { 483 (keyidx = hostap_rx_frame_decrypt(ieee, skb, crypt)) < 0) {
476 printk(KERN_DEBUG "%s: failed to decrypt mgmt::auth " 484 printk(KERN_DEBUG "%s: failed to decrypt mgmt::auth "
477 "from %s\n", dev->name, 485 "from " MAC_FMT "\n", dev->name,
478 print_mac(mac, hdr->addr2)); 486 hdr->addr2[0], hdr->addr2[1],
487 hdr->addr2[2], hdr->addr2[3],
488 hdr->addr2[4], hdr->addr2[5]);
479 /* TODO: could inform hostapd about this so that it 489 /* TODO: could inform hostapd about this so that it
480 * could send auth failure report */ 490 * could send auth failure report */
481 goto rx_dropped; 491 goto rx_dropped;
@@ -653,8 +663,11 @@ int ieee80211_rx(struct ieee80211_device *ieee, struct sk_buff *skb,
653 * configured */ 663 * configured */
654 } else { 664 } else {
655 IEEE80211_DEBUG_DROP("encryption configured, but RX " 665 IEEE80211_DEBUG_DROP("encryption configured, but RX "
656 "frame not encrypted (SA=%s" 666 "frame not encrypted (SA="
657 ")\n", print_mac(mac, hdr->addr2)); 667 MAC_FMT ")\n",
668 hdr->addr2[0], hdr->addr2[1],
669 hdr->addr2[2], hdr->addr2[3],
670 hdr->addr2[4], hdr->addr2[5]);
658 goto rx_dropped; 671 goto rx_dropped;
659 } 672 }
660 } 673 }
@@ -662,9 +675,11 @@ int ieee80211_rx(struct ieee80211_device *ieee, struct sk_buff *skb,
662 if (crypt && !(fc & IEEE80211_FCTL_PROTECTED) && !ieee->open_wep && 675 if (crypt && !(fc & IEEE80211_FCTL_PROTECTED) && !ieee->open_wep &&
663 !ieee80211_is_eapol_frame(ieee, skb)) { 676 !ieee80211_is_eapol_frame(ieee, skb)) {
664 IEEE80211_DEBUG_DROP("dropped unencrypted RX data " 677 IEEE80211_DEBUG_DROP("dropped unencrypted RX data "
665 "frame from %s" 678 "frame from " MAC_FMT
666 " (drop_unencrypted=1)\n", 679 " (drop_unencrypted=1)\n",
667 print_mac(mac, hdr->addr2)); 680 hdr->addr2[0], hdr->addr2[1],
681 hdr->addr2[2], hdr->addr2[3],
682 hdr->addr2[4], hdr->addr2[5]);
668 goto rx_dropped; 683 goto rx_dropped;
669 } 684 }
670 685
diff --git a/net/ipv4/Kconfig b/net/ipv4/Kconfig
index 9c7e5ffb223d..4670683b4688 100644
--- a/net/ipv4/Kconfig
+++ b/net/ipv4/Kconfig
@@ -160,7 +160,7 @@ config IP_PNP_DHCP
160 160
161 If unsure, say Y. Note that if you want to use DHCP, a DHCP server 161 If unsure, say Y. Note that if you want to use DHCP, a DHCP server
162 must be operating on your network. Read 162 must be operating on your network. Read
163 <file:Documentation/nfsroot.txt> for details. 163 <file:Documentation/filesystems/nfsroot.txt> for details.
164 164
165config IP_PNP_BOOTP 165config IP_PNP_BOOTP
166 bool "IP: BOOTP support" 166 bool "IP: BOOTP support"
@@ -175,7 +175,7 @@ config IP_PNP_BOOTP
175 does BOOTP itself, providing all necessary information on the kernel 175 does BOOTP itself, providing all necessary information on the kernel
176 command line, you can say N here. If unsure, say Y. Note that if you 176 command line, you can say N here. If unsure, say Y. Note that if you
177 want to use BOOTP, a BOOTP server must be operating on your network. 177 want to use BOOTP, a BOOTP server must be operating on your network.
178 Read <file:Documentation/nfsroot.txt> for details. 178 Read <file:Documentation/filesystems/nfsroot.txt> for details.
179 179
180config IP_PNP_RARP 180config IP_PNP_RARP
181 bool "IP: RARP support" 181 bool "IP: RARP support"
@@ -187,8 +187,8 @@ config IP_PNP_RARP
187 discovered automatically at boot time using the RARP protocol (an 187 discovered automatically at boot time using the RARP protocol (an
188 older protocol which is being obsoleted by BOOTP and DHCP), say Y 188 older protocol which is being obsoleted by BOOTP and DHCP), say Y
189 here. Note that if you want to use RARP, a RARP server must be 189 here. Note that if you want to use RARP, a RARP server must be
190 operating on your network. Read <file:Documentation/nfsroot.txt> for 190 operating on your network. Read
191 details. 191 <file:Documentation/filesystems/nfsroot.txt> for details.
192 192
193# not yet ready.. 193# not yet ready..
194# bool ' IP: ARP support' CONFIG_IP_PNP_ARP 194# bool ' IP: ARP support' CONFIG_IP_PNP_ARP
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
index f3ceca31aa45..4e73e5708e70 100644
--- a/net/ipv4/esp4.c
+++ b/net/ipv4/esp4.c
@@ -336,7 +336,7 @@ static int esp_input(struct xfrm_state *x, struct sk_buff *skb)
336 struct scatterlist *asg; 336 struct scatterlist *asg;
337 int err = -EINVAL; 337 int err = -EINVAL;
338 338
339 if (!pskb_may_pull(skb, sizeof(*esph))) 339 if (!pskb_may_pull(skb, sizeof(*esph) + crypto_aead_ivsize(aead)))
340 goto out; 340 goto out;
341 341
342 if (elen <= 0) 342 if (elen <= 0)
diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c
index a13c074dac09..40508babad8c 100644
--- a/net/ipv4/icmp.c
+++ b/net/ipv4/icmp.c
@@ -591,7 +591,7 @@ void icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info)
591 } 591 }
592 592
593 if (xfrm_decode_session_reverse(skb_in, &fl, AF_INET)) 593 if (xfrm_decode_session_reverse(skb_in, &fl, AF_INET))
594 goto out_unlock; 594 goto relookup_failed;
595 595
596 if (inet_addr_type(net, fl.fl4_src) == RTN_LOCAL) 596 if (inet_addr_type(net, fl.fl4_src) == RTN_LOCAL)
597 err = __ip_route_output_key(net, &rt2, &fl); 597 err = __ip_route_output_key(net, &rt2, &fl);
@@ -601,7 +601,7 @@ void icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info)
601 601
602 fl2.fl4_dst = fl.fl4_src; 602 fl2.fl4_dst = fl.fl4_src;
603 if (ip_route_output_key(net, &rt2, &fl2)) 603 if (ip_route_output_key(net, &rt2, &fl2))
604 goto out_unlock; 604 goto relookup_failed;
605 605
606 /* Ugh! */ 606 /* Ugh! */
607 odst = skb_in->dst; 607 odst = skb_in->dst;
@@ -614,21 +614,23 @@ void icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info)
614 } 614 }
615 615
616 if (err) 616 if (err)
617 goto out_unlock; 617 goto relookup_failed;
618 618
619 err = xfrm_lookup((struct dst_entry **)&rt2, &fl, NULL, 619 err = xfrm_lookup((struct dst_entry **)&rt2, &fl, NULL,
620 XFRM_LOOKUP_ICMP); 620 XFRM_LOOKUP_ICMP);
621 if (err == -ENOENT) { 621 switch (err) {
622 case 0:
623 dst_release(&rt->u.dst);
624 rt = rt2;
625 break;
626 case -EPERM:
627 goto ende;
628 default:
629relookup_failed:
622 if (!rt) 630 if (!rt)
623 goto out_unlock; 631 goto out_unlock;
624 goto route_done; 632 break;
625 } 633 }
626
627 dst_release(&rt->u.dst);
628 rt = rt2;
629
630 if (err)
631 goto out_unlock;
632 } 634 }
633 635
634route_done: 636route_done:
diff --git a/net/ipv4/inet_fragment.c b/net/ipv4/inet_fragment.c
index 724d69aed031..a0a3c78cb5e0 100644
--- a/net/ipv4/inet_fragment.c
+++ b/net/ipv4/inet_fragment.c
@@ -86,7 +86,10 @@ EXPORT_SYMBOL(inet_frags_fini);
86void inet_frags_exit_net(struct netns_frags *nf, struct inet_frags *f) 86void inet_frags_exit_net(struct netns_frags *nf, struct inet_frags *f)
87{ 87{
88 nf->low_thresh = 0; 88 nf->low_thresh = 0;
89
90 local_bh_disable();
89 inet_frag_evictor(nf, f); 91 inet_frag_evictor(nf, f);
92 local_bh_enable();
90} 93}
91EXPORT_SYMBOL(inet_frags_exit_net); 94EXPORT_SYMBOL(inet_frags_exit_net);
92 95
diff --git a/net/ipv4/inet_timewait_sock.c b/net/ipv4/inet_timewait_sock.c
index 876169f3a528..717c411a5c6b 100644
--- a/net/ipv4/inet_timewait_sock.c
+++ b/net/ipv4/inet_timewait_sock.c
@@ -124,6 +124,7 @@ struct inet_timewait_sock *inet_twsk_alloc(const struct sock *sk, const int stat
124 tw->tw_hash = sk->sk_hash; 124 tw->tw_hash = sk->sk_hash;
125 tw->tw_ipv6only = 0; 125 tw->tw_ipv6only = 0;
126 tw->tw_prot = sk->sk_prot_creator; 126 tw->tw_prot = sk->sk_prot_creator;
127 tw->tw_net = sk->sk_net;
127 atomic_set(&tw->tw_refcnt, 1); 128 atomic_set(&tw->tw_refcnt, 1);
128 inet_twsk_dead_node_init(tw); 129 inet_twsk_dead_node_init(tw);
129 __module_get(tw->tw_prot->owner); 130 __module_get(tw->tw_prot->owner);
diff --git a/net/ipv4/ip_forward.c b/net/ipv4/ip_forward.c
index 0b3b328d82db..a4506c8cfef0 100644
--- a/net/ipv4/ip_forward.c
+++ b/net/ipv4/ip_forward.c
@@ -85,7 +85,7 @@ int ip_forward(struct sk_buff *skb)
85 if (opt->is_strictroute && rt->rt_dst != rt->rt_gateway) 85 if (opt->is_strictroute && rt->rt_dst != rt->rt_gateway)
86 goto sr_failed; 86 goto sr_failed;
87 87
88 if (unlikely(skb->len > dst_mtu(&rt->u.dst) && 88 if (unlikely(skb->len > dst_mtu(&rt->u.dst) && !skb_is_gso(skb) &&
89 (ip_hdr(skb)->frag_off & htons(IP_DF))) && !skb->local_df) { 89 (ip_hdr(skb)->frag_off & htons(IP_DF))) && !skb->local_df) {
90 IP_INC_STATS(IPSTATS_MIB_FRAGFAILS); 90 IP_INC_STATS(IPSTATS_MIB_FRAGFAILS);
91 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, 91 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED,
diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
index f72457b4b0a7..c2921d01e925 100644
--- a/net/ipv4/ip_sockglue.c
+++ b/net/ipv4/ip_sockglue.c
@@ -1132,7 +1132,7 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname,
1132 } 1132 }
1133 release_sock(sk); 1133 release_sock(sk);
1134 1134
1135 if (len < sizeof(int) && len > 0 && val>=0 && val<255) { 1135 if (len < sizeof(int) && len > 0 && val>=0 && val<=255) {
1136 unsigned char ucval = (unsigned char)val; 1136 unsigned char ucval = (unsigned char)val;
1137 len = 1; 1137 len = 1;
1138 if (put_user(len, optlen)) 1138 if (put_user(len, optlen))
diff --git a/net/ipv4/ipconfig.c b/net/ipv4/ipconfig.c
index 7c992fbbc2c3..4824fe8996bf 100644
--- a/net/ipv4/ipconfig.c
+++ b/net/ipv4/ipconfig.c
@@ -1411,7 +1411,7 @@ late_initcall(ip_auto_config);
1411 1411
1412/* 1412/*
1413 * Decode any IP configuration options in the "ip=" or "nfsaddrs=" kernel 1413 * Decode any IP configuration options in the "ip=" or "nfsaddrs=" kernel
1414 * command line parameter. See Documentation/nfsroot.txt. 1414 * command line parameter. See Documentation/filesystems/nfsroot.txt.
1415 */ 1415 */
1416static int __init ic_proto_name(char *name) 1416static int __init ic_proto_name(char *name)
1417{ 1417{
diff --git a/net/ipv4/netfilter/ip_queue.c b/net/ipv4/netfilter/ip_queue.c
index fe05da41d6ba..4dc162894cb2 100644
--- a/net/ipv4/netfilter/ip_queue.c
+++ b/net/ipv4/netfilter/ip_queue.c
@@ -588,11 +588,9 @@ static int __init ip_queue_init(void)
588 } 588 }
589 589
590#ifdef CONFIG_PROC_FS 590#ifdef CONFIG_PROC_FS
591 proc = create_proc_entry(IPQ_PROC_FS_NAME, 0, init_net.proc_net); 591 proc = proc_create(IPQ_PROC_FS_NAME, 0, init_net.proc_net,
592 if (proc) { 592 &ip_queue_proc_fops);
593 proc->owner = THIS_MODULE; 593 if (!proc) {
594 proc->proc_fops = &ip_queue_proc_fops;
595 } else {
596 printk(KERN_ERR "ip_queue: failed to create proc entry\n"); 594 printk(KERN_ERR "ip_queue: failed to create proc entry\n");
597 goto cleanup_ipqnl; 595 goto cleanup_ipqnl;
598 } 596 }
diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c
index c6cf84c77611..52926c8e3cc1 100644
--- a/net/ipv4/netfilter/ipt_CLUSTERIP.c
+++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c
@@ -167,14 +167,13 @@ clusterip_config_init(struct ipt_clusterip_tgt_info *i, __be32 ip,
167 167
168 /* create proc dir entry */ 168 /* create proc dir entry */
169 sprintf(buffer, "%u.%u.%u.%u", NIPQUAD(ip)); 169 sprintf(buffer, "%u.%u.%u.%u", NIPQUAD(ip));
170 c->pde = create_proc_entry(buffer, S_IWUSR|S_IRUSR, 170 c->pde = proc_create(buffer, S_IWUSR|S_IRUSR,
171 clusterip_procdir); 171 clusterip_procdir, &clusterip_proc_fops);
172 if (!c->pde) { 172 if (!c->pde) {
173 kfree(c); 173 kfree(c);
174 return NULL; 174 return NULL;
175 } 175 }
176 } 176 }
177 c->pde->proc_fops = &clusterip_proc_fops;
178 c->pde->data = c; 177 c->pde->data = c;
179#endif 178#endif
180 179
diff --git a/net/ipv4/netfilter/ipt_recent.c b/net/ipv4/netfilter/ipt_recent.c
index 8e8f0425a8ed..50e06690eb5b 100644
--- a/net/ipv4/netfilter/ipt_recent.c
+++ b/net/ipv4/netfilter/ipt_recent.c
@@ -276,12 +276,11 @@ recent_mt_check(const char *tablename, const void *ip,
276 for (i = 0; i < ip_list_hash_size; i++) 276 for (i = 0; i < ip_list_hash_size; i++)
277 INIT_LIST_HEAD(&t->iphash[i]); 277 INIT_LIST_HEAD(&t->iphash[i]);
278#ifdef CONFIG_PROC_FS 278#ifdef CONFIG_PROC_FS
279 t->proc = create_proc_entry(t->name, ip_list_perms, proc_dir); 279 t->proc = proc_create(t->name, ip_list_perms, proc_dir, &recent_fops);
280 if (t->proc == NULL) { 280 if (t->proc == NULL) {
281 kfree(t); 281 kfree(t);
282 goto out; 282 goto out;
283 } 283 }
284 t->proc->proc_fops = &recent_fops;
285 t->proc->uid = ip_list_uid; 284 t->proc->uid = ip_list_uid;
286 t->proc->gid = ip_list_gid; 285 t->proc->gid = ip_list_gid;
287 t->proc->data = t; 286 t->proc->data = t;
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c
index 089252e82c01..f500b0fdaef4 100644
--- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c
+++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c
@@ -395,13 +395,10 @@ int __init nf_conntrack_ipv4_compat_init(void)
395 if (!proc_exp) 395 if (!proc_exp)
396 goto err2; 396 goto err2;
397 397
398 proc_stat = create_proc_entry("ip_conntrack", S_IRUGO, init_net.proc_net_stat); 398 proc_stat = proc_create("ip_conntrack", S_IRUGO,
399 init_net.proc_net_stat, &ct_cpu_seq_fops);
399 if (!proc_stat) 400 if (!proc_stat)
400 goto err3; 401 goto err3;
401
402 proc_stat->proc_fops = &ct_cpu_seq_fops;
403 proc_stat->owner = THIS_MODULE;
404
405 return 0; 402 return 0;
406 403
407err3: 404err3:
diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c
index 0d5fa3a54d04..36b4e3bb056f 100644
--- a/net/ipv4/netfilter/nf_nat_core.c
+++ b/net/ipv4/netfilter/nf_nat_core.c
@@ -629,6 +629,8 @@ static int __init nf_nat_init(void)
629 size_t i; 629 size_t i;
630 int ret; 630 int ret;
631 631
632 need_ipv4_conntrack();
633
632 ret = nf_ct_extend_register(&nat_extend); 634 ret = nf_ct_extend_register(&nat_extend);
633 if (ret < 0) { 635 if (ret < 0) {
634 printk(KERN_ERR "nf_nat_core: Unable to register extension\n"); 636 printk(KERN_ERR "nf_nat_core: Unable to register extension\n");
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index 7facdb0f6960..5119856017ab 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -1625,13 +1625,11 @@ out:
1625 return flag; 1625 return flag;
1626} 1626}
1627 1627
1628/* If we receive more dupacks than we expected counting segments 1628/* Limits sacked_out so that sum with lost_out isn't ever larger than
1629 * in assumption of absent reordering, interpret this as reordering. 1629 * packets_out. Returns zero if sacked_out adjustement wasn't necessary.
1630 * The only another reason could be bug in receiver TCP.
1631 */ 1630 */
1632static void tcp_check_reno_reordering(struct sock *sk, const int addend) 1631int tcp_limit_reno_sacked(struct tcp_sock *tp)
1633{ 1632{
1634 struct tcp_sock *tp = tcp_sk(sk);
1635 u32 holes; 1633 u32 holes;
1636 1634
1637 holes = max(tp->lost_out, 1U); 1635 holes = max(tp->lost_out, 1U);
@@ -1639,8 +1637,20 @@ static void tcp_check_reno_reordering(struct sock *sk, const int addend)
1639 1637
1640 if ((tp->sacked_out + holes) > tp->packets_out) { 1638 if ((tp->sacked_out + holes) > tp->packets_out) {
1641 tp->sacked_out = tp->packets_out - holes; 1639 tp->sacked_out = tp->packets_out - holes;
1642 tcp_update_reordering(sk, tp->packets_out + addend, 0); 1640 return 1;
1643 } 1641 }
1642 return 0;
1643}
1644
1645/* If we receive more dupacks than we expected counting segments
1646 * in assumption of absent reordering, interpret this as reordering.
1647 * The only another reason could be bug in receiver TCP.
1648 */
1649static void tcp_check_reno_reordering(struct sock *sk, const int addend)
1650{
1651 struct tcp_sock *tp = tcp_sk(sk);
1652 if (tcp_limit_reno_sacked(tp))
1653 tcp_update_reordering(sk, tp->packets_out + addend, 0);
1644} 1654}
1645 1655
1646/* Emulate SACKs for SACKless connection: account for a new dupack. */ 1656/* Emulate SACKs for SACKless connection: account for a new dupack. */
@@ -1681,11 +1691,16 @@ static inline void tcp_reset_reno_sack(struct tcp_sock *tp)
1681int tcp_use_frto(struct sock *sk) 1691int tcp_use_frto(struct sock *sk)
1682{ 1692{
1683 const struct tcp_sock *tp = tcp_sk(sk); 1693 const struct tcp_sock *tp = tcp_sk(sk);
1694 const struct inet_connection_sock *icsk = inet_csk(sk);
1684 struct sk_buff *skb; 1695 struct sk_buff *skb;
1685 1696
1686 if (!sysctl_tcp_frto) 1697 if (!sysctl_tcp_frto)
1687 return 0; 1698 return 0;
1688 1699
1700 /* MTU probe and F-RTO won't really play nicely along currently */
1701 if (icsk->icsk_mtup.probe_size)
1702 return 0;
1703
1689 if (IsSackFrto()) 1704 if (IsSackFrto())
1690 return 1; 1705 return 1;
1691 1706
@@ -2134,11 +2149,13 @@ static void tcp_verify_retransmit_hint(struct tcp_sock *tp, struct sk_buff *skb)
2134/* Mark head of queue up as lost. With RFC3517 SACK, the packets is 2149/* Mark head of queue up as lost. With RFC3517 SACK, the packets is
2135 * is against sacked "cnt", otherwise it's against facked "cnt" 2150 * is against sacked "cnt", otherwise it's against facked "cnt"
2136 */ 2151 */
2137static void tcp_mark_head_lost(struct sock *sk, int packets, int fast_rexmit) 2152static void tcp_mark_head_lost(struct sock *sk, int packets)
2138{ 2153{
2139 struct tcp_sock *tp = tcp_sk(sk); 2154 struct tcp_sock *tp = tcp_sk(sk);
2140 struct sk_buff *skb; 2155 struct sk_buff *skb;
2141 int cnt; 2156 int cnt, oldcnt;
2157 int err;
2158 unsigned int mss;
2142 2159
2143 BUG_TRAP(packets <= tp->packets_out); 2160 BUG_TRAP(packets <= tp->packets_out);
2144 if (tp->lost_skb_hint) { 2161 if (tp->lost_skb_hint) {
@@ -2157,13 +2174,25 @@ static void tcp_mark_head_lost(struct sock *sk, int packets, int fast_rexmit)
2157 tp->lost_skb_hint = skb; 2174 tp->lost_skb_hint = skb;
2158 tp->lost_cnt_hint = cnt; 2175 tp->lost_cnt_hint = cnt;
2159 2176
2177 if (after(TCP_SKB_CB(skb)->end_seq, tp->high_seq))
2178 break;
2179
2180 oldcnt = cnt;
2160 if (tcp_is_fack(tp) || tcp_is_reno(tp) || 2181 if (tcp_is_fack(tp) || tcp_is_reno(tp) ||
2161 (TCP_SKB_CB(skb)->sacked & TCPCB_SACKED_ACKED)) 2182 (TCP_SKB_CB(skb)->sacked & TCPCB_SACKED_ACKED))
2162 cnt += tcp_skb_pcount(skb); 2183 cnt += tcp_skb_pcount(skb);
2163 2184
2164 if (((!fast_rexmit || (tp->lost_out > 0)) && (cnt > packets)) || 2185 if (cnt > packets) {
2165 after(TCP_SKB_CB(skb)->end_seq, tp->high_seq)) 2186 if (tcp_is_sack(tp) || (oldcnt >= packets))
2166 break; 2187 break;
2188
2189 mss = skb_shinfo(skb)->gso_size;
2190 err = tcp_fragment(sk, skb, (packets - oldcnt) * mss, mss);
2191 if (err < 0)
2192 break;
2193 cnt = packets;
2194 }
2195
2167 if (!(TCP_SKB_CB(skb)->sacked & (TCPCB_SACKED_ACKED|TCPCB_LOST))) { 2196 if (!(TCP_SKB_CB(skb)->sacked & (TCPCB_SACKED_ACKED|TCPCB_LOST))) {
2168 TCP_SKB_CB(skb)->sacked |= TCPCB_LOST; 2197 TCP_SKB_CB(skb)->sacked |= TCPCB_LOST;
2169 tp->lost_out += tcp_skb_pcount(skb); 2198 tp->lost_out += tcp_skb_pcount(skb);
@@ -2180,17 +2209,17 @@ static void tcp_update_scoreboard(struct sock *sk, int fast_rexmit)
2180 struct tcp_sock *tp = tcp_sk(sk); 2209 struct tcp_sock *tp = tcp_sk(sk);
2181 2210
2182 if (tcp_is_reno(tp)) { 2211 if (tcp_is_reno(tp)) {
2183 tcp_mark_head_lost(sk, 1, fast_rexmit); 2212 tcp_mark_head_lost(sk, 1);
2184 } else if (tcp_is_fack(tp)) { 2213 } else if (tcp_is_fack(tp)) {
2185 int lost = tp->fackets_out - tp->reordering; 2214 int lost = tp->fackets_out - tp->reordering;
2186 if (lost <= 0) 2215 if (lost <= 0)
2187 lost = 1; 2216 lost = 1;
2188 tcp_mark_head_lost(sk, lost, fast_rexmit); 2217 tcp_mark_head_lost(sk, lost);
2189 } else { 2218 } else {
2190 int sacked_upto = tp->sacked_out - tp->reordering; 2219 int sacked_upto = tp->sacked_out - tp->reordering;
2191 if (sacked_upto < 0) 2220 if (sacked_upto < fast_rexmit)
2192 sacked_upto = 0; 2221 sacked_upto = fast_rexmit;
2193 tcp_mark_head_lost(sk, sacked_upto, fast_rexmit); 2222 tcp_mark_head_lost(sk, sacked_upto);
2194 } 2223 }
2195 2224
2196 /* New heuristics: it is possible only after we switched 2225 /* New heuristics: it is possible only after we switched
@@ -2524,7 +2553,7 @@ static void tcp_fastretrans_alert(struct sock *sk, int pkts_acked, int flag)
2524 before(tp->snd_una, tp->high_seq) && 2553 before(tp->snd_una, tp->high_seq) &&
2525 icsk->icsk_ca_state != TCP_CA_Open && 2554 icsk->icsk_ca_state != TCP_CA_Open &&
2526 tp->fackets_out > tp->reordering) { 2555 tp->fackets_out > tp->reordering) {
2527 tcp_mark_head_lost(sk, tp->fackets_out - tp->reordering, 0); 2556 tcp_mark_head_lost(sk, tp->fackets_out - tp->reordering);
2528 NET_INC_STATS_BH(LINUX_MIB_TCPLOSS); 2557 NET_INC_STATS_BH(LINUX_MIB_TCPLOSS);
2529 } 2558 }
2530 2559
@@ -2586,6 +2615,8 @@ static void tcp_fastretrans_alert(struct sock *sk, int pkts_acked, int flag)
2586 case TCP_CA_Loss: 2615 case TCP_CA_Loss:
2587 if (flag & FLAG_DATA_ACKED) 2616 if (flag & FLAG_DATA_ACKED)
2588 icsk->icsk_retransmits = 0; 2617 icsk->icsk_retransmits = 0;
2618 if (tcp_is_reno(tp) && flag & FLAG_SND_UNA_ADVANCED)
2619 tcp_reset_reno_sack(tp);
2589 if (!tcp_try_undo_loss(sk)) { 2620 if (!tcp_try_undo_loss(sk)) {
2590 tcp_moderate_cwnd(tp); 2621 tcp_moderate_cwnd(tp);
2591 tcp_xmit_retransmit_queue(sk); 2622 tcp_xmit_retransmit_queue(sk);
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index 72b9350006fe..d29ef79c00ca 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -1808,6 +1808,9 @@ void tcp_simple_retransmit(struct sock *sk)
1808 if (!lost) 1808 if (!lost)
1809 return; 1809 return;
1810 1810
1811 if (tcp_is_reno(tp))
1812 tcp_limit_reno_sacked(tp);
1813
1811 tcp_verify_left_out(tp); 1814 tcp_verify_left_out(tp);
1812 1815
1813 /* Don't muck with the congestion window here. 1816 /* Don't muck with the congestion window here.
diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
index 7ea1b67b6de1..1704c1474ea1 100644
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -1556,14 +1556,14 @@ static void *udp_seq_start(struct seq_file *seq, loff_t *pos)
1556 __acquires(udp_hash_lock) 1556 __acquires(udp_hash_lock)
1557{ 1557{
1558 read_lock(&udp_hash_lock); 1558 read_lock(&udp_hash_lock);
1559 return *pos ? udp_get_idx(seq, *pos-1) : (void *)1; 1559 return *pos ? udp_get_idx(seq, *pos-1) : SEQ_START_TOKEN;
1560} 1560}
1561 1561
1562static void *udp_seq_next(struct seq_file *seq, void *v, loff_t *pos) 1562static void *udp_seq_next(struct seq_file *seq, void *v, loff_t *pos)
1563{ 1563{
1564 struct sock *sk; 1564 struct sock *sk;
1565 1565
1566 if (v == (void *)1) 1566 if (v == SEQ_START_TOKEN)
1567 sk = udp_get_idx(seq, 0); 1567 sk = udp_get_idx(seq, 0);
1568 else 1568 else
1569 sk = udp_get_next(seq, v); 1569 sk = udp_get_next(seq, v);
diff --git a/net/ipv4/xfrm4_mode_beet.c b/net/ipv4/xfrm4_mode_beet.c
index b47030ba162b..9c798abce736 100644
--- a/net/ipv4/xfrm4_mode_beet.c
+++ b/net/ipv4/xfrm4_mode_beet.c
@@ -39,13 +39,11 @@ static void xfrm4_beet_make_header(struct sk_buff *skb)
39static int xfrm4_beet_output(struct xfrm_state *x, struct sk_buff *skb) 39static int xfrm4_beet_output(struct xfrm_state *x, struct sk_buff *skb)
40{ 40{
41 struct ip_beet_phdr *ph; 41 struct ip_beet_phdr *ph;
42 struct iphdr *iph, *top_iph; 42 struct iphdr *top_iph;
43 int hdrlen, optlen; 43 int hdrlen, optlen;
44 44
45 iph = ip_hdr(skb);
46
47 hdrlen = 0; 45 hdrlen = 0;
48 optlen = iph->ihl * 4 - sizeof(*iph); 46 optlen = XFRM_MODE_SKB_CB(skb)->optlen;
49 if (unlikely(optlen)) 47 if (unlikely(optlen))
50 hdrlen += IPV4_BEET_PHMAXLEN - (optlen & 4); 48 hdrlen += IPV4_BEET_PHMAXLEN - (optlen & 4);
51 49
@@ -53,11 +51,12 @@ static int xfrm4_beet_output(struct xfrm_state *x, struct sk_buff *skb)
53 hdrlen); 51 hdrlen);
54 skb->mac_header = skb->network_header + 52 skb->mac_header = skb->network_header +
55 offsetof(struct iphdr, protocol); 53 offsetof(struct iphdr, protocol);
56 skb->transport_header = skb->network_header + sizeof(*iph); 54 skb->transport_header = skb->network_header + sizeof(*top_iph);
57 55
58 xfrm4_beet_make_header(skb); 56 xfrm4_beet_make_header(skb);
59 57
60 ph = (struct ip_beet_phdr *)__skb_pull(skb, sizeof(*iph) - hdrlen); 58 ph = (struct ip_beet_phdr *)
59 __skb_pull(skb, XFRM_MODE_SKB_CB(skb)->ihl - hdrlen);
61 60
62 top_iph = ip_hdr(skb); 61 top_iph = ip_hdr(skb);
63 62
diff --git a/net/ipv4/xfrm4_mode_tunnel.c b/net/ipv4/xfrm4_mode_tunnel.c
index 8dee617ee900..584e6d74e3a9 100644
--- a/net/ipv4/xfrm4_mode_tunnel.c
+++ b/net/ipv4/xfrm4_mode_tunnel.c
@@ -41,7 +41,7 @@ static int xfrm4_mode_tunnel_output(struct xfrm_state *x, struct sk_buff *skb)
41 top_iph->ihl = 5; 41 top_iph->ihl = 5;
42 top_iph->version = 4; 42 top_iph->version = 4;
43 43
44 top_iph->protocol = x->inner_mode->afinfo->proto; 44 top_iph->protocol = xfrm_af2proto(skb->dst->ops->family);
45 45
46 /* DS disclosed */ 46 /* DS disclosed */
47 top_iph->tos = INET_ECN_encapsulate(XFRM_MODE_SKB_CB(skb)->tos, 47 top_iph->tos = INET_ECN_encapsulate(XFRM_MODE_SKB_CB(skb)->tos,
diff --git a/net/ipv4/xfrm4_output.c b/net/ipv4/xfrm4_output.c
index d5a58a818021..8c3180adddbf 100644
--- a/net/ipv4/xfrm4_output.c
+++ b/net/ipv4/xfrm4_output.c
@@ -56,7 +56,7 @@ int xfrm4_prepare_output(struct xfrm_state *x, struct sk_buff *skb)
56{ 56{
57 int err; 57 int err;
58 58
59 err = x->inner_mode->afinfo->extract_output(x, skb); 59 err = xfrm_inner_extract_output(x, skb);
60 if (err) 60 if (err)
61 return err; 61 return err;
62 62
diff --git a/net/ipv4/xfrm4_state.c b/net/ipv4/xfrm4_state.c
index fdeebe68a379..07735ed280d7 100644
--- a/net/ipv4/xfrm4_state.c
+++ b/net/ipv4/xfrm4_state.c
@@ -52,10 +52,12 @@ int xfrm4_extract_header(struct sk_buff *skb)
52{ 52{
53 struct iphdr *iph = ip_hdr(skb); 53 struct iphdr *iph = ip_hdr(skb);
54 54
55 XFRM_MODE_SKB_CB(skb)->ihl = sizeof(*iph);
55 XFRM_MODE_SKB_CB(skb)->id = iph->id; 56 XFRM_MODE_SKB_CB(skb)->id = iph->id;
56 XFRM_MODE_SKB_CB(skb)->frag_off = iph->frag_off; 57 XFRM_MODE_SKB_CB(skb)->frag_off = iph->frag_off;
57 XFRM_MODE_SKB_CB(skb)->tos = iph->tos; 58 XFRM_MODE_SKB_CB(skb)->tos = iph->tos;
58 XFRM_MODE_SKB_CB(skb)->ttl = iph->ttl; 59 XFRM_MODE_SKB_CB(skb)->ttl = iph->ttl;
60 XFRM_MODE_SKB_CB(skb)->optlen = iph->ihl * 4 - sizeof(*iph);
59 memset(XFRM_MODE_SKB_CB(skb)->flow_lbl, 0, 61 memset(XFRM_MODE_SKB_CB(skb)->flow_lbl, 0,
60 sizeof(XFRM_MODE_SKB_CB(skb)->flow_lbl)); 62 sizeof(XFRM_MODE_SKB_CB(skb)->flow_lbl));
61 63
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 101e0e70ba27..a65935a9afd9 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -776,6 +776,7 @@ static int ipv6_create_tempaddr(struct inet6_ifaddr *ifp, struct inet6_ifaddr *i
776 struct inet6_dev *idev = ifp->idev; 776 struct inet6_dev *idev = ifp->idev;
777 struct in6_addr addr, *tmpaddr; 777 struct in6_addr addr, *tmpaddr;
778 unsigned long tmp_prefered_lft, tmp_valid_lft, tmp_cstamp, tmp_tstamp; 778 unsigned long tmp_prefered_lft, tmp_valid_lft, tmp_cstamp, tmp_tstamp;
779 unsigned long regen_advance;
779 int tmp_plen; 780 int tmp_plen;
780 int ret = 0; 781 int ret = 0;
781 int max_addresses; 782 int max_addresses;
@@ -836,8 +837,23 @@ retry:
836 tmp_tstamp = ifp->tstamp; 837 tmp_tstamp = ifp->tstamp;
837 spin_unlock_bh(&ifp->lock); 838 spin_unlock_bh(&ifp->lock);
838 839
840 regen_advance = idev->cnf.regen_max_retry *
841 idev->cnf.dad_transmits *
842 idev->nd_parms->retrans_time / HZ;
839 write_unlock(&idev->lock); 843 write_unlock(&idev->lock);
840 844
845 /* A temporary address is created only if this calculated Preferred
846 * Lifetime is greater than REGEN_ADVANCE time units. In particular,
847 * an implementation must not create a temporary address with a zero
848 * Preferred Lifetime.
849 */
850 if (tmp_prefered_lft <= regen_advance) {
851 in6_ifa_put(ifp);
852 in6_dev_put(idev);
853 ret = -1;
854 goto out;
855 }
856
841 addr_flags = IFA_F_TEMPORARY; 857 addr_flags = IFA_F_TEMPORARY;
842 /* set in addrconf_prefix_rcv() */ 858 /* set in addrconf_prefix_rcv() */
843 if (ifp->flags & IFA_F_OPTIMISTIC) 859 if (ifp->flags & IFA_F_OPTIMISTIC)
@@ -1831,6 +1847,9 @@ ok:
1831 * lifetimes of an existing temporary address 1847 * lifetimes of an existing temporary address
1832 * when processing a Prefix Information Option. 1848 * when processing a Prefix Information Option.
1833 */ 1849 */
1850 if (ifp != ift->ifpub)
1851 continue;
1852
1834 spin_lock(&ift->lock); 1853 spin_lock(&ift->lock);
1835 flags = ift->flags; 1854 flags = ift->flags;
1836 if (ift->valid_lft > valid_lft && 1855 if (ift->valid_lft > valid_lft &&
@@ -2437,7 +2456,7 @@ static int addrconf_ifdown(struct net_device *dev, int how)
2437 2456
2438 ASSERT_RTNL(); 2457 ASSERT_RTNL();
2439 2458
2440 if (dev == init_net.loopback_dev && how == 1) 2459 if ((dev->flags & IFF_LOOPBACK) && how == 1)
2441 how = 0; 2460 how = 0;
2442 2461
2443 rt6_ifdown(dev); 2462 rt6_ifdown(dev);
@@ -2450,7 +2469,7 @@ static int addrconf_ifdown(struct net_device *dev, int how)
2450 /* Step 1: remove reference to ipv6 device from parent device. 2469 /* Step 1: remove reference to ipv6 device from parent device.
2451 Do not dev_put! 2470 Do not dev_put!
2452 */ 2471 */
2453 if (how == 1) { 2472 if (how) {
2454 idev->dead = 1; 2473 idev->dead = 1;
2455 2474
2456 /* protected by rtnl_lock */ 2475 /* protected by rtnl_lock */
@@ -2482,12 +2501,12 @@ static int addrconf_ifdown(struct net_device *dev, int how)
2482 write_lock_bh(&idev->lock); 2501 write_lock_bh(&idev->lock);
2483 2502
2484 /* Step 3: clear flags for stateless addrconf */ 2503 /* Step 3: clear flags for stateless addrconf */
2485 if (how != 1) 2504 if (!how)
2486 idev->if_flags &= ~(IF_RS_SENT|IF_RA_RCVD|IF_READY); 2505 idev->if_flags &= ~(IF_RS_SENT|IF_RA_RCVD|IF_READY);
2487 2506
2488 /* Step 4: clear address list */ 2507 /* Step 4: clear address list */
2489#ifdef CONFIG_IPV6_PRIVACY 2508#ifdef CONFIG_IPV6_PRIVACY
2490 if (how == 1 && del_timer(&idev->regen_timer)) 2509 if (how && del_timer(&idev->regen_timer))
2491 in6_dev_put(idev); 2510 in6_dev_put(idev);
2492 2511
2493 /* clear tempaddr list */ 2512 /* clear tempaddr list */
@@ -2524,7 +2543,7 @@ static int addrconf_ifdown(struct net_device *dev, int how)
2524 2543
2525 /* Step 5: Discard multicast list */ 2544 /* Step 5: Discard multicast list */
2526 2545
2527 if (how == 1) 2546 if (how)
2528 ipv6_mc_destroy_dev(idev); 2547 ipv6_mc_destroy_dev(idev);
2529 else 2548 else
2530 ipv6_mc_down(idev); 2549 ipv6_mc_down(idev);
@@ -2533,7 +2552,7 @@ static int addrconf_ifdown(struct net_device *dev, int how)
2533 2552
2534 /* Shot the device (if unregistered) */ 2553 /* Shot the device (if unregistered) */
2535 2554
2536 if (how == 1) { 2555 if (how) {
2537 addrconf_sysctl_unregister(idev); 2556 addrconf_sysctl_unregister(idev);
2538 neigh_parms_release(&nd_tbl, idev->nd_parms); 2557 neigh_parms_release(&nd_tbl, idev->nd_parms);
2539 neigh_ifdown(&nd_tbl, dev); 2558 neigh_ifdown(&nd_tbl, dev);
diff --git a/net/ipv6/anycast.c b/net/ipv6/anycast.c
index 9c7f83fbc3a1..e5f56c953b58 100644
--- a/net/ipv6/anycast.c
+++ b/net/ipv6/anycast.c
@@ -334,9 +334,7 @@ int ipv6_dev_ac_inc(struct net_device *dev, struct in6_addr *addr)
334 idev->ac_list = aca; 334 idev->ac_list = aca;
335 write_unlock_bh(&idev->lock); 335 write_unlock_bh(&idev->lock);
336 336
337 dst_hold(&rt->u.dst); 337 ip6_ins_rt(rt);
338 if (ip6_ins_rt(rt))
339 dst_release(&rt->u.dst);
340 338
341 addrconf_join_solict(dev, &aca->aca_addr); 339 addrconf_join_solict(dev, &aca->aca_addr);
342 340
@@ -378,10 +376,7 @@ int __ipv6_dev_ac_dec(struct inet6_dev *idev, struct in6_addr *addr)
378 addrconf_leave_solict(idev, &aca->aca_addr); 376 addrconf_leave_solict(idev, &aca->aca_addr);
379 377
380 dst_hold(&aca->aca_rt->u.dst); 378 dst_hold(&aca->aca_rt->u.dst);
381 if (ip6_del_rt(aca->aca_rt)) 379 ip6_del_rt(aca->aca_rt);
382 dst_free(&aca->aca_rt->u.dst);
383 else
384 dst_release(&aca->aca_rt->u.dst);
385 380
386 aca_put(aca); 381 aca_put(aca);
387 return 0; 382 return 0;
diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c
index 0ec1402320ea..c6bb4c6d24b3 100644
--- a/net/ipv6/esp6.c
+++ b/net/ipv6/esp6.c
@@ -282,7 +282,7 @@ static int esp6_input(struct xfrm_state *x, struct sk_buff *skb)
282 struct scatterlist *sg; 282 struct scatterlist *sg;
283 struct scatterlist *asg; 283 struct scatterlist *asg;
284 284
285 if (!pskb_may_pull(skb, sizeof(*esph))) { 285 if (!pskb_may_pull(skb, sizeof(*esph) + crypto_aead_ivsize(aead))) {
286 ret = -EINVAL; 286 ret = -EINVAL;
287 goto out; 287 goto out;
288 } 288 }
diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c
index 121d517bf91c..893287ecc628 100644
--- a/net/ipv6/icmp.c
+++ b/net/ipv6/icmp.c
@@ -436,24 +436,26 @@ void icmpv6_send(struct sk_buff *skb, int type, int code, __u32 info,
436 } 436 }
437 437
438 if (xfrm_decode_session_reverse(skb, &fl2, AF_INET6)) 438 if (xfrm_decode_session_reverse(skb, &fl2, AF_INET6))
439 goto out; 439 goto relookup_failed;
440 440
441 if (ip6_dst_lookup(sk, &dst2, &fl)) 441 if (ip6_dst_lookup(sk, &dst2, &fl))
442 goto out; 442 goto relookup_failed;
443 443
444 err = xfrm_lookup(&dst2, &fl, sk, XFRM_LOOKUP_ICMP); 444 err = xfrm_lookup(&dst2, &fl, sk, XFRM_LOOKUP_ICMP);
445 if (err == -ENOENT) { 445 switch (err) {
446 case 0:
447 dst_release(dst);
448 dst = dst2;
449 break;
450 case -EPERM:
451 goto out_dst_release;
452 default:
453relookup_failed:
446 if (!dst) 454 if (!dst)
447 goto out; 455 goto out;
448 goto route_done; 456 break;
449 } 457 }
450 458
451 dst_release(dst);
452 dst = dst2;
453
454 if (err)
455 goto out;
456
457route_done: 459route_done:
458 if (ipv6_addr_is_multicast(&fl.fl6_dst)) 460 if (ipv6_addr_is_multicast(&fl.fl6_dst))
459 hlimit = np->mcast_hops; 461 hlimit = np->mcast_hops;
diff --git a/net/ipv6/ip6_input.c b/net/ipv6/ip6_input.c
index 178aebc0427a..98ab4f459905 100644
--- a/net/ipv6/ip6_input.c
+++ b/net/ipv6/ip6_input.c
@@ -239,8 +239,7 @@ int ip6_mc_input(struct sk_buff *skb)
239 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), IPSTATS_MIB_INMCASTPKTS); 239 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), IPSTATS_MIB_INMCASTPKTS);
240 240
241 hdr = ipv6_hdr(skb); 241 hdr = ipv6_hdr(skb);
242 deliver = unlikely(skb->dev->flags & (IFF_PROMISC|IFF_ALLMULTI)) || 242 deliver = ipv6_chk_mcast_addr(skb->dev, &hdr->daddr, NULL);
243 ipv6_chk_mcast_addr(skb->dev, &hdr->daddr, NULL);
244 243
245 /* 244 /*
246 * IPv6 multicast router mode isnt currently supported. 245 * IPv6 multicast router mode isnt currently supported.
diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
index 51557c27a0cd..452a2ac4eec8 100644
--- a/net/ipv6/ndisc.c
+++ b/net/ipv6/ndisc.c
@@ -676,6 +676,20 @@ static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
676 } 676 }
677} 677}
678 678
679static struct pneigh_entry *pndisc_check_router(struct net_device *dev,
680 struct in6_addr *addr, int *is_router)
681{
682 struct pneigh_entry *n;
683
684 read_lock_bh(&nd_tbl.lock);
685 n = __pneigh_lookup(&nd_tbl, &init_net, addr, dev);
686 if (n != NULL)
687 *is_router = (n->flags & NTF_ROUTER);
688 read_unlock_bh(&nd_tbl.lock);
689
690 return n;
691}
692
679static void ndisc_recv_ns(struct sk_buff *skb) 693static void ndisc_recv_ns(struct sk_buff *skb)
680{ 694{
681 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb); 695 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
@@ -692,7 +706,7 @@ static void ndisc_recv_ns(struct sk_buff *skb)
692 struct pneigh_entry *pneigh = NULL; 706 struct pneigh_entry *pneigh = NULL;
693 int dad = ipv6_addr_any(saddr); 707 int dad = ipv6_addr_any(saddr);
694 int inc; 708 int inc;
695 int is_router; 709 int is_router = 0;
696 710
697 if (ipv6_addr_is_multicast(&msg->target)) { 711 if (ipv6_addr_is_multicast(&msg->target)) {
698 ND_PRINTK2(KERN_WARNING 712 ND_PRINTK2(KERN_WARNING
@@ -790,8 +804,8 @@ static void ndisc_recv_ns(struct sk_buff *skb)
790 if (ipv6_chk_acast_addr(dev, &msg->target) || 804 if (ipv6_chk_acast_addr(dev, &msg->target) ||
791 (idev->cnf.forwarding && 805 (idev->cnf.forwarding &&
792 (ipv6_devconf.proxy_ndp || idev->cnf.proxy_ndp) && 806 (ipv6_devconf.proxy_ndp || idev->cnf.proxy_ndp) &&
793 (pneigh = pneigh_lookup(&nd_tbl, &init_net, 807 (pneigh = pndisc_check_router(dev, &msg->target,
794 &msg->target, dev, 0)) != NULL)) { 808 &is_router)) != NULL)) {
795 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) && 809 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
796 skb->pkt_type != PACKET_HOST && 810 skb->pkt_type != PACKET_HOST &&
797 inc != 0 && 811 inc != 0 &&
@@ -812,7 +826,7 @@ static void ndisc_recv_ns(struct sk_buff *skb)
812 goto out; 826 goto out;
813 } 827 }
814 828
815 is_router = !!(pneigh ? pneigh->flags & NTF_ROUTER : idev->cnf.forwarding); 829 is_router = !!(pneigh ? is_router : idev->cnf.forwarding);
816 830
817 if (dad) { 831 if (dad) {
818 struct in6_addr maddr; 832 struct in6_addr maddr;
diff --git a/net/ipv6/netfilter/ip6_queue.c b/net/ipv6/netfilter/ip6_queue.c
index cc2f9afcf808..8d366f7f2a9a 100644
--- a/net/ipv6/netfilter/ip6_queue.c
+++ b/net/ipv6/netfilter/ip6_queue.c
@@ -591,11 +591,9 @@ static int __init ip6_queue_init(void)
591 } 591 }
592 592
593#ifdef CONFIG_PROC_FS 593#ifdef CONFIG_PROC_FS
594 proc = create_proc_entry(IPQ_PROC_FS_NAME, 0, init_net.proc_net); 594 proc = proc_create(IPQ_PROC_FS_NAME, 0, init_net.proc_net,
595 if (proc) { 595 &ip6_queue_proc_fops);
596 proc->owner = THIS_MODULE; 596 if (!proc) {
597 proc->proc_fops = &ip6_queue_proc_fops;
598 } else {
599 printk(KERN_ERR "ip6_queue: failed to create proc entry\n"); 597 printk(KERN_ERR "ip6_queue: failed to create proc entry\n");
600 goto cleanup_ipqnl; 598 goto cleanup_ipqnl;
601 } 599 }
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
index 2a0d698b24d5..24c0d03095bf 100644
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -171,7 +171,9 @@ static __inline__ void fq_kill(struct nf_ct_frag6_queue *fq)
171 171
172static void nf_ct_frag6_evictor(void) 172static void nf_ct_frag6_evictor(void)
173{ 173{
174 local_bh_disable();
174 inet_frag_evictor(&nf_init_frags, &nf_frags); 175 inet_frag_evictor(&nf_init_frags, &nf_frags);
176 local_bh_enable();
175} 177}
176 178
177static void nf_ct_frag6_expire(unsigned long data) 179static void nf_ct_frag6_expire(unsigned long data)
diff --git a/net/ipv6/xfrm6_mode_beet.c b/net/ipv6/xfrm6_mode_beet.c
index 0527d11c1ae3..d6ce400f585f 100644
--- a/net/ipv6/xfrm6_mode_beet.c
+++ b/net/ipv6/xfrm6_mode_beet.c
@@ -45,6 +45,7 @@ static int xfrm6_beet_output(struct xfrm_state *x, struct sk_buff *skb)
45 skb->mac_header = skb->network_header + 45 skb->mac_header = skb->network_header +
46 offsetof(struct ipv6hdr, nexthdr); 46 offsetof(struct ipv6hdr, nexthdr);
47 skb->transport_header = skb->network_header + sizeof(*top_iph); 47 skb->transport_header = skb->network_header + sizeof(*top_iph);
48 __skb_pull(skb, XFRM_MODE_SKB_CB(skb)->ihl);
48 49
49 xfrm6_beet_make_header(skb); 50 xfrm6_beet_make_header(skb);
50 51
diff --git a/net/ipv6/xfrm6_mode_tunnel.c b/net/ipv6/xfrm6_mode_tunnel.c
index 0c742faaa30b..e20529b4c825 100644
--- a/net/ipv6/xfrm6_mode_tunnel.c
+++ b/net/ipv6/xfrm6_mode_tunnel.c
@@ -45,7 +45,7 @@ static int xfrm6_mode_tunnel_output(struct xfrm_state *x, struct sk_buff *skb)
45 45
46 memcpy(top_iph->flow_lbl, XFRM_MODE_SKB_CB(skb)->flow_lbl, 46 memcpy(top_iph->flow_lbl, XFRM_MODE_SKB_CB(skb)->flow_lbl,
47 sizeof(top_iph->flow_lbl)); 47 sizeof(top_iph->flow_lbl));
48 top_iph->nexthdr = x->inner_mode->afinfo->proto; 48 top_iph->nexthdr = xfrm_af2proto(skb->dst->ops->family);
49 49
50 dsfield = XFRM_MODE_SKB_CB(skb)->tos; 50 dsfield = XFRM_MODE_SKB_CB(skb)->tos;
51 dsfield = INET_ECN_encapsulate(dsfield, dsfield); 51 dsfield = INET_ECN_encapsulate(dsfield, dsfield);
diff --git a/net/ipv6/xfrm6_output.c b/net/ipv6/xfrm6_output.c
index 79ccfb080733..0af823cf7f1f 100644
--- a/net/ipv6/xfrm6_output.c
+++ b/net/ipv6/xfrm6_output.c
@@ -62,7 +62,7 @@ int xfrm6_prepare_output(struct xfrm_state *x, struct sk_buff *skb)
62{ 62{
63 int err; 63 int err;
64 64
65 err = x->inner_mode->afinfo->extract_output(x, skb); 65 err = xfrm_inner_extract_output(x, skb);
66 if (err) 66 if (err)
67 return err; 67 return err;
68 68
diff --git a/net/ipv6/xfrm6_state.c b/net/ipv6/xfrm6_state.c
index dc817e035e23..ff1e1db8e236 100644
--- a/net/ipv6/xfrm6_state.c
+++ b/net/ipv6/xfrm6_state.c
@@ -174,10 +174,12 @@ int xfrm6_extract_header(struct sk_buff *skb)
174{ 174{
175 struct ipv6hdr *iph = ipv6_hdr(skb); 175 struct ipv6hdr *iph = ipv6_hdr(skb);
176 176
177 XFRM_MODE_SKB_CB(skb)->ihl = sizeof(*iph);
177 XFRM_MODE_SKB_CB(skb)->id = 0; 178 XFRM_MODE_SKB_CB(skb)->id = 0;
178 XFRM_MODE_SKB_CB(skb)->frag_off = htons(IP_DF); 179 XFRM_MODE_SKB_CB(skb)->frag_off = htons(IP_DF);
179 XFRM_MODE_SKB_CB(skb)->tos = ipv6_get_dsfield(iph); 180 XFRM_MODE_SKB_CB(skb)->tos = ipv6_get_dsfield(iph);
180 XFRM_MODE_SKB_CB(skb)->ttl = iph->hop_limit; 181 XFRM_MODE_SKB_CB(skb)->ttl = iph->hop_limit;
182 XFRM_MODE_SKB_CB(skb)->optlen = 0;
181 memcpy(XFRM_MODE_SKB_CB(skb)->flow_lbl, iph->flow_lbl, 183 memcpy(XFRM_MODE_SKB_CB(skb)->flow_lbl, iph->flow_lbl,
182 sizeof(XFRM_MODE_SKB_CB(skb)->flow_lbl)); 184 sizeof(XFRM_MODE_SKB_CB(skb)->flow_lbl));
183 185
diff --git a/net/irda/irnet/irnet.h b/net/irda/irnet/irnet.h
index bc2e15ce7004..7873c392ab4c 100644
--- a/net/irda/irnet/irnet.h
+++ b/net/irda/irnet/irnet.h
@@ -405,7 +405,7 @@ typedef struct irnet_socket
405 /* "pppd" interact directly with us on a /dev/ file */ 405 /* "pppd" interact directly with us on a /dev/ file */
406 struct file * file; /* File descriptor of this instance */ 406 struct file * file; /* File descriptor of this instance */
407 /* TTY stuff - to keep "pppd" happy */ 407 /* TTY stuff - to keep "pppd" happy */
408 struct termios termios; /* Various tty flags */ 408 struct ktermios termios; /* Various tty flags */
409 /* Stuff for the control channel */ 409 /* Stuff for the control channel */
410 int event_index; /* Last read in the event log */ 410 int event_index; /* Last read in the event log */
411 411
diff --git a/net/key/af_key.c b/net/key/af_key.c
index 8b5f486ac80f..e9ef9af4a53b 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -1219,7 +1219,7 @@ static struct xfrm_state * pfkey_msg2xfrm_state(struct sadb_msg *hdr,
1219 x->sel.prefixlen_s = addr->sadb_address_prefixlen; 1219 x->sel.prefixlen_s = addr->sadb_address_prefixlen;
1220 } 1220 }
1221 1221
1222 if (!x->sel.family) 1222 if (x->props.mode == XFRM_MODE_TRANSPORT)
1223 x->sel.family = x->props.family; 1223 x->sel.family = x->props.family;
1224 1224
1225 if (ext_hdrs[SADB_X_EXT_NAT_T_TYPE-1]) { 1225 if (ext_hdrs[SADB_X_EXT_NAT_T_TYPE-1]) {
diff --git a/net/llc/af_llc.c b/net/llc/af_llc.c
index 46cf962f7f88..8c50eb430c19 100644
--- a/net/llc/af_llc.c
+++ b/net/llc/af_llc.c
@@ -155,6 +155,9 @@ static int llc_ui_create(struct net *net, struct socket *sock, int protocol)
155 struct sock *sk; 155 struct sock *sk;
156 int rc = -ESOCKTNOSUPPORT; 156 int rc = -ESOCKTNOSUPPORT;
157 157
158 if (!capable(CAP_NET_RAW))
159 return -EPERM;
160
158 if (net != &init_net) 161 if (net != &init_net)
159 return -EAFNOSUPPORT; 162 return -EAFNOSUPPORT;
160 163
diff --git a/net/llc/llc_c_ac.c b/net/llc/llc_c_ac.c
index 860140caa6e0..71a00225bdb3 100644
--- a/net/llc/llc_c_ac.c
+++ b/net/llc/llc_c_ac.c
@@ -198,7 +198,7 @@ int llc_conn_ac_send_disc_cmd_p_set_x(struct sock *sk, struct sk_buff *skb)
198{ 198{
199 int rc = -ENOBUFS; 199 int rc = -ENOBUFS;
200 struct llc_sock *llc = llc_sk(sk); 200 struct llc_sock *llc = llc_sk(sk);
201 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev); 201 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_U, 0);
202 202
203 if (nskb) { 203 if (nskb) {
204 struct llc_sap *sap = llc->sap; 204 struct llc_sap *sap = llc->sap;
@@ -223,7 +223,7 @@ int llc_conn_ac_send_dm_rsp_f_set_p(struct sock *sk, struct sk_buff *skb)
223{ 223{
224 int rc = -ENOBUFS; 224 int rc = -ENOBUFS;
225 struct llc_sock *llc = llc_sk(sk); 225 struct llc_sock *llc = llc_sk(sk);
226 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev); 226 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_U, 0);
227 227
228 if (nskb) { 228 if (nskb) {
229 struct llc_sap *sap = llc->sap; 229 struct llc_sap *sap = llc->sap;
@@ -249,7 +249,7 @@ int llc_conn_ac_send_dm_rsp_f_set_1(struct sock *sk, struct sk_buff *skb)
249{ 249{
250 int rc = -ENOBUFS; 250 int rc = -ENOBUFS;
251 struct llc_sock *llc = llc_sk(sk); 251 struct llc_sock *llc = llc_sk(sk);
252 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev); 252 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_U, 0);
253 253
254 if (nskb) { 254 if (nskb) {
255 struct llc_sap *sap = llc->sap; 255 struct llc_sap *sap = llc->sap;
@@ -282,7 +282,8 @@ int llc_conn_ac_send_frmr_rsp_f_set_x(struct sock *sk, struct sk_buff *skb)
282 llc_pdu_decode_pf_bit(skb, &f_bit); 282 llc_pdu_decode_pf_bit(skb, &f_bit);
283 else 283 else
284 f_bit = 0; 284 f_bit = 0;
285 nskb = llc_alloc_frame(sk, llc->dev); 285 nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_U,
286 sizeof(struct llc_frmr_info));
286 if (nskb) { 287 if (nskb) {
287 struct llc_sap *sap = llc->sap; 288 struct llc_sap *sap = llc->sap;
288 289
@@ -306,7 +307,8 @@ int llc_conn_ac_resend_frmr_rsp_f_set_0(struct sock *sk, struct sk_buff *skb)
306{ 307{
307 int rc = -ENOBUFS; 308 int rc = -ENOBUFS;
308 struct llc_sock *llc = llc_sk(sk); 309 struct llc_sock *llc = llc_sk(sk);
309 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev); 310 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_U,
311 sizeof(struct llc_frmr_info));
310 312
311 if (nskb) { 313 if (nskb) {
312 struct llc_sap *sap = llc->sap; 314 struct llc_sap *sap = llc->sap;
@@ -336,7 +338,8 @@ int llc_conn_ac_resend_frmr_rsp_f_set_p(struct sock *sk, struct sk_buff *skb)
336 struct llc_sock *llc = llc_sk(sk); 338 struct llc_sock *llc = llc_sk(sk);
337 339
338 llc_pdu_decode_pf_bit(skb, &f_bit); 340 llc_pdu_decode_pf_bit(skb, &f_bit);
339 nskb = llc_alloc_frame(sk, llc->dev); 341 nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_U,
342 sizeof(struct llc_frmr_info));
340 if (nskb) { 343 if (nskb) {
341 struct llc_sap *sap = llc->sap; 344 struct llc_sap *sap = llc->sap;
342 struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb); 345 struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb);
@@ -424,7 +427,7 @@ int llc_conn_ac_resend_i_xxx_x_set_0_or_send_rr(struct sock *sk,
424 struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb); 427 struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb);
425 int rc = -ENOBUFS; 428 int rc = -ENOBUFS;
426 struct llc_sock *llc = llc_sk(sk); 429 struct llc_sock *llc = llc_sk(sk);
427 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev); 430 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_U, 0);
428 431
429 if (nskb) { 432 if (nskb) {
430 struct llc_sap *sap = llc->sap; 433 struct llc_sap *sap = llc->sap;
@@ -459,7 +462,7 @@ int llc_conn_ac_send_rej_cmd_p_set_1(struct sock *sk, struct sk_buff *skb)
459{ 462{
460 int rc = -ENOBUFS; 463 int rc = -ENOBUFS;
461 struct llc_sock *llc = llc_sk(sk); 464 struct llc_sock *llc = llc_sk(sk);
462 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev); 465 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_S, 0);
463 466
464 if (nskb) { 467 if (nskb) {
465 struct llc_sap *sap = llc->sap; 468 struct llc_sap *sap = llc->sap;
@@ -483,7 +486,7 @@ int llc_conn_ac_send_rej_rsp_f_set_1(struct sock *sk, struct sk_buff *skb)
483{ 486{
484 int rc = -ENOBUFS; 487 int rc = -ENOBUFS;
485 struct llc_sock *llc = llc_sk(sk); 488 struct llc_sock *llc = llc_sk(sk);
486 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev); 489 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_S, 0);
487 490
488 if (nskb) { 491 if (nskb) {
489 struct llc_sap *sap = llc->sap; 492 struct llc_sap *sap = llc->sap;
@@ -507,7 +510,7 @@ int llc_conn_ac_send_rej_xxx_x_set_0(struct sock *sk, struct sk_buff *skb)
507{ 510{
508 int rc = -ENOBUFS; 511 int rc = -ENOBUFS;
509 struct llc_sock *llc = llc_sk(sk); 512 struct llc_sock *llc = llc_sk(sk);
510 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev); 513 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_S, 0);
511 514
512 if (nskb) { 515 if (nskb) {
513 struct llc_sap *sap = llc->sap; 516 struct llc_sap *sap = llc->sap;
@@ -531,7 +534,7 @@ int llc_conn_ac_send_rnr_cmd_p_set_1(struct sock *sk, struct sk_buff *skb)
531{ 534{
532 int rc = -ENOBUFS; 535 int rc = -ENOBUFS;
533 struct llc_sock *llc = llc_sk(sk); 536 struct llc_sock *llc = llc_sk(sk);
534 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev); 537 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_S, 0);
535 538
536 if (nskb) { 539 if (nskb) {
537 struct llc_sap *sap = llc->sap; 540 struct llc_sap *sap = llc->sap;
@@ -555,7 +558,7 @@ int llc_conn_ac_send_rnr_rsp_f_set_1(struct sock *sk, struct sk_buff *skb)
555{ 558{
556 int rc = -ENOBUFS; 559 int rc = -ENOBUFS;
557 struct llc_sock *llc = llc_sk(sk); 560 struct llc_sock *llc = llc_sk(sk);
558 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev); 561 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_S, 0);
559 562
560 if (nskb) { 563 if (nskb) {
561 struct llc_sap *sap = llc->sap; 564 struct llc_sap *sap = llc->sap;
@@ -579,7 +582,7 @@ int llc_conn_ac_send_rnr_xxx_x_set_0(struct sock *sk, struct sk_buff *skb)
579{ 582{
580 int rc = -ENOBUFS; 583 int rc = -ENOBUFS;
581 struct llc_sock *llc = llc_sk(sk); 584 struct llc_sock *llc = llc_sk(sk);
582 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev); 585 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_S, 0);
583 586
584 if (nskb) { 587 if (nskb) {
585 struct llc_sap *sap = llc->sap; 588 struct llc_sap *sap = llc->sap;
@@ -615,7 +618,7 @@ int llc_conn_ac_opt_send_rnr_xxx_x_set_0(struct sock *sk, struct sk_buff *skb)
615{ 618{
616 int rc = -ENOBUFS; 619 int rc = -ENOBUFS;
617 struct llc_sock *llc = llc_sk(sk); 620 struct llc_sock *llc = llc_sk(sk);
618 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev); 621 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_S, 0);
619 622
620 if (nskb) { 623 if (nskb) {
621 struct llc_sap *sap = llc->sap; 624 struct llc_sap *sap = llc->sap;
@@ -639,7 +642,7 @@ int llc_conn_ac_send_rr_cmd_p_set_1(struct sock *sk, struct sk_buff *skb)
639{ 642{
640 int rc = -ENOBUFS; 643 int rc = -ENOBUFS;
641 struct llc_sock *llc = llc_sk(sk); 644 struct llc_sock *llc = llc_sk(sk);
642 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev); 645 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_S, 0);
643 646
644 if (nskb) { 647 if (nskb) {
645 struct llc_sap *sap = llc->sap; 648 struct llc_sap *sap = llc->sap;
@@ -663,7 +666,7 @@ int llc_conn_ac_send_rr_rsp_f_set_1(struct sock *sk, struct sk_buff *skb)
663{ 666{
664 int rc = -ENOBUFS; 667 int rc = -ENOBUFS;
665 struct llc_sock *llc = llc_sk(sk); 668 struct llc_sock *llc = llc_sk(sk);
666 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev); 669 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_S, 0);
667 670
668 if (nskb) { 671 if (nskb) {
669 struct llc_sap *sap = llc->sap; 672 struct llc_sap *sap = llc->sap;
@@ -688,7 +691,7 @@ int llc_conn_ac_send_ack_rsp_f_set_1(struct sock *sk, struct sk_buff *skb)
688{ 691{
689 int rc = -ENOBUFS; 692 int rc = -ENOBUFS;
690 struct llc_sock *llc = llc_sk(sk); 693 struct llc_sock *llc = llc_sk(sk);
691 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev); 694 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_S, 0);
692 695
693 if (nskb) { 696 if (nskb) {
694 struct llc_sap *sap = llc->sap; 697 struct llc_sap *sap = llc->sap;
@@ -712,7 +715,7 @@ int llc_conn_ac_send_rr_xxx_x_set_0(struct sock *sk, struct sk_buff *skb)
712{ 715{
713 int rc = -ENOBUFS; 716 int rc = -ENOBUFS;
714 struct llc_sock *llc = llc_sk(sk); 717 struct llc_sock *llc = llc_sk(sk);
715 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev); 718 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_S, 0);
716 719
717 if (nskb) { 720 if (nskb) {
718 struct llc_sap *sap = llc->sap; 721 struct llc_sap *sap = llc->sap;
@@ -736,7 +739,7 @@ int llc_conn_ac_send_ack_xxx_x_set_0(struct sock *sk, struct sk_buff *skb)
736{ 739{
737 int rc = -ENOBUFS; 740 int rc = -ENOBUFS;
738 struct llc_sock *llc = llc_sk(sk); 741 struct llc_sock *llc = llc_sk(sk);
739 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev); 742 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_S, 0);
740 743
741 if (nskb) { 744 if (nskb) {
742 struct llc_sap *sap = llc->sap; 745 struct llc_sap *sap = llc->sap;
@@ -770,7 +773,7 @@ int llc_conn_ac_send_sabme_cmd_p_set_x(struct sock *sk, struct sk_buff *skb)
770{ 773{
771 int rc = -ENOBUFS; 774 int rc = -ENOBUFS;
772 struct llc_sock *llc = llc_sk(sk); 775 struct llc_sock *llc = llc_sk(sk);
773 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev); 776 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_U, 0);
774 777
775 if (nskb) { 778 if (nskb) {
776 struct llc_sap *sap = llc->sap; 779 struct llc_sap *sap = llc->sap;
@@ -799,7 +802,7 @@ int llc_conn_ac_send_ua_rsp_f_set_p(struct sock *sk, struct sk_buff *skb)
799 u8 f_bit; 802 u8 f_bit;
800 int rc = -ENOBUFS; 803 int rc = -ENOBUFS;
801 struct llc_sock *llc = llc_sk(sk); 804 struct llc_sock *llc = llc_sk(sk);
802 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev); 805 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_U, 0);
803 806
804 llc_pdu_decode_pf_bit(skb, &f_bit); 807 llc_pdu_decode_pf_bit(skb, &f_bit);
805 if (nskb) { 808 if (nskb) {
@@ -956,7 +959,7 @@ static int llc_conn_ac_send_rr_rsp_f_set_ackpf(struct sock *sk,
956{ 959{
957 int rc = -ENOBUFS; 960 int rc = -ENOBUFS;
958 struct llc_sock *llc = llc_sk(sk); 961 struct llc_sock *llc = llc_sk(sk);
959 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev); 962 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_S, 0);
960 963
961 if (nskb) { 964 if (nskb) {
962 struct llc_sap *sap = llc->sap; 965 struct llc_sap *sap = llc->sap;
diff --git a/net/llc/llc_core.c b/net/llc/llc_core.c
index 248b5903bb13..50d5b10e23a2 100644
--- a/net/llc/llc_core.c
+++ b/net/llc/llc_core.c
@@ -25,8 +25,6 @@
25LIST_HEAD(llc_sap_list); 25LIST_HEAD(llc_sap_list);
26DEFINE_RWLOCK(llc_sap_list_lock); 26DEFINE_RWLOCK(llc_sap_list_lock);
27 27
28unsigned char llc_station_mac_sa[ETH_ALEN];
29
30/** 28/**
31 * llc_sap_alloc - allocates and initializes sap. 29 * llc_sap_alloc - allocates and initializes sap.
32 * 30 *
@@ -37,8 +35,8 @@ static struct llc_sap *llc_sap_alloc(void)
37 struct llc_sap *sap = kzalloc(sizeof(*sap), GFP_ATOMIC); 35 struct llc_sap *sap = kzalloc(sizeof(*sap), GFP_ATOMIC);
38 36
39 if (sap) { 37 if (sap) {
38 /* sap->laddr.mac - leave as a null, it's filled by bind */
40 sap->state = LLC_SAP_STATE_ACTIVE; 39 sap->state = LLC_SAP_STATE_ACTIVE;
41 memcpy(sap->laddr.mac, llc_station_mac_sa, ETH_ALEN);
42 rwlock_init(&sap->sk_list.lock); 40 rwlock_init(&sap->sk_list.lock);
43 atomic_set(&sap->refcnt, 1); 41 atomic_set(&sap->refcnt, 1);
44 } 42 }
@@ -167,10 +165,6 @@ static int __init llc_init(void)
167 if (dev != NULL) 165 if (dev != NULL)
168 dev = next_net_device(dev); 166 dev = next_net_device(dev);
169 167
170 if (dev != NULL)
171 memcpy(llc_station_mac_sa, dev->dev_addr, ETH_ALEN);
172 else
173 memset(llc_station_mac_sa, 0, ETH_ALEN);
174 dev_add_pack(&llc_packet_type); 168 dev_add_pack(&llc_packet_type);
175 dev_add_pack(&llc_tr_packet_type); 169 dev_add_pack(&llc_tr_packet_type);
176 return 0; 170 return 0;
@@ -185,7 +179,6 @@ static void __exit llc_exit(void)
185module_init(llc_init); 179module_init(llc_init);
186module_exit(llc_exit); 180module_exit(llc_exit);
187 181
188EXPORT_SYMBOL(llc_station_mac_sa);
189EXPORT_SYMBOL(llc_sap_list); 182EXPORT_SYMBOL(llc_sap_list);
190EXPORT_SYMBOL(llc_sap_list_lock); 183EXPORT_SYMBOL(llc_sap_list_lock);
191EXPORT_SYMBOL(llc_sap_find); 184EXPORT_SYMBOL(llc_sap_find);
diff --git a/net/llc/llc_input.c b/net/llc/llc_input.c
index c40c9b2a345a..bfd2567dd365 100644
--- a/net/llc/llc_input.c
+++ b/net/llc/llc_input.c
@@ -117,8 +117,12 @@ static inline int llc_fixup_skb(struct sk_buff *skb)
117 skb_pull(skb, llc_len); 117 skb_pull(skb, llc_len);
118 if (skb->protocol == htons(ETH_P_802_2)) { 118 if (skb->protocol == htons(ETH_P_802_2)) {
119 __be16 pdulen = eth_hdr(skb)->h_proto; 119 __be16 pdulen = eth_hdr(skb)->h_proto;
120 u16 data_size = ntohs(pdulen) - llc_len; 120 s32 data_size = ntohs(pdulen) - llc_len;
121 121
122 if (data_size < 0 ||
123 ((skb_tail_pointer(skb) -
124 (u8 *)pdu) - llc_len) < data_size)
125 return 0;
122 if (unlikely(pskb_trim_rcsum(skb, data_size))) 126 if (unlikely(pskb_trim_rcsum(skb, data_size)))
123 return 0; 127 return 0;
124 } 128 }
diff --git a/net/llc/llc_pdu.c b/net/llc/llc_pdu.c
index fa8324396db3..2e6cb79196bb 100644
--- a/net/llc/llc_pdu.c
+++ b/net/llc/llc_pdu.c
@@ -241,7 +241,7 @@ void llc_pdu_init_as_frmr_rsp(struct sk_buff *skb, struct llc_pdu_sn *prev_pdu,
241 FRMR_INFO_SET_PDU_INFO_2LONG_IND(frmr_info, vzyxw); 241 FRMR_INFO_SET_PDU_INFO_2LONG_IND(frmr_info, vzyxw);
242 FRMR_INFO_SET_PDU_INVALID_Nr_IND(frmr_info, vzyxw); 242 FRMR_INFO_SET_PDU_INVALID_Nr_IND(frmr_info, vzyxw);
243 FRMR_INFO_SET_PDU_INVALID_Ns_IND(frmr_info, vzyxw); 243 FRMR_INFO_SET_PDU_INVALID_Ns_IND(frmr_info, vzyxw);
244 skb_put(skb, 5); 244 skb_put(skb, sizeof(struct llc_frmr_info));
245} 245}
246 246
247/** 247/**
diff --git a/net/llc/llc_s_ac.c b/net/llc/llc_s_ac.c
index ac3d93b210d2..a94bd56bcac6 100644
--- a/net/llc/llc_s_ac.c
+++ b/net/llc/llc_s_ac.c
@@ -103,7 +103,8 @@ int llc_sap_action_send_xid_r(struct llc_sap *sap, struct sk_buff *skb)
103 llc_pdu_decode_sa(skb, mac_da); 103 llc_pdu_decode_sa(skb, mac_da);
104 llc_pdu_decode_da(skb, mac_sa); 104 llc_pdu_decode_da(skb, mac_sa);
105 llc_pdu_decode_ssap(skb, &dsap); 105 llc_pdu_decode_ssap(skb, &dsap);
106 nskb = llc_alloc_frame(NULL, skb->dev); 106 nskb = llc_alloc_frame(NULL, skb->dev, LLC_PDU_TYPE_U,
107 sizeof(struct llc_xid_info));
107 if (!nskb) 108 if (!nskb)
108 goto out; 109 goto out;
109 llc_pdu_header_init(nskb, LLC_PDU_TYPE_U, sap->laddr.lsap, dsap, 110 llc_pdu_header_init(nskb, LLC_PDU_TYPE_U, sap->laddr.lsap, dsap,
@@ -144,11 +145,15 @@ int llc_sap_action_send_test_r(struct llc_sap *sap, struct sk_buff *skb)
144 u8 mac_da[ETH_ALEN], mac_sa[ETH_ALEN], dsap; 145 u8 mac_da[ETH_ALEN], mac_sa[ETH_ALEN], dsap;
145 struct sk_buff *nskb; 146 struct sk_buff *nskb;
146 int rc = 1; 147 int rc = 1;
148 u32 data_size;
147 149
148 llc_pdu_decode_sa(skb, mac_da); 150 llc_pdu_decode_sa(skb, mac_da);
149 llc_pdu_decode_da(skb, mac_sa); 151 llc_pdu_decode_da(skb, mac_sa);
150 llc_pdu_decode_ssap(skb, &dsap); 152 llc_pdu_decode_ssap(skb, &dsap);
151 nskb = llc_alloc_frame(NULL, skb->dev); 153
154 /* The test request command is type U (llc_len = 3) */
155 data_size = ntohs(eth_hdr(skb)->h_proto) - 3;
156 nskb = llc_alloc_frame(NULL, skb->dev, LLC_PDU_TYPE_U, data_size);
152 if (!nskb) 157 if (!nskb)
153 goto out; 158 goto out;
154 llc_pdu_header_init(nskb, LLC_PDU_TYPE_U, sap->laddr.lsap, dsap, 159 llc_pdu_header_init(nskb, LLC_PDU_TYPE_U, sap->laddr.lsap, dsap,
diff --git a/net/llc/llc_sap.c b/net/llc/llc_sap.c
index 2525165e2e8f..e2ddde755019 100644
--- a/net/llc/llc_sap.c
+++ b/net/llc/llc_sap.c
@@ -24,20 +24,41 @@
24#include <net/tcp_states.h> 24#include <net/tcp_states.h>
25#include <linux/llc.h> 25#include <linux/llc.h>
26 26
27static int llc_mac_header_len(unsigned short devtype)
28{
29 switch (devtype) {
30 case ARPHRD_ETHER:
31 case ARPHRD_LOOPBACK:
32 return sizeof(struct ethhdr);
33#ifdef CONFIG_TR
34 case ARPHRD_IEEE802_TR:
35 return sizeof(struct trh_hdr);
36#endif
37 }
38 return 0;
39}
40
27/** 41/**
28 * llc_alloc_frame - allocates sk_buff for frame 42 * llc_alloc_frame - allocates sk_buff for frame
29 * @dev: network device this skb will be sent over 43 * @dev: network device this skb will be sent over
44 * @type: pdu type to allocate
45 * @data_size: data size to allocate
30 * 46 *
31 * Allocates an sk_buff for frame and initializes sk_buff fields. 47 * Allocates an sk_buff for frame and initializes sk_buff fields.
32 * Returns allocated skb or %NULL when out of memory. 48 * Returns allocated skb or %NULL when out of memory.
33 */ 49 */
34struct sk_buff *llc_alloc_frame(struct sock *sk, struct net_device *dev) 50struct sk_buff *llc_alloc_frame(struct sock *sk, struct net_device *dev,
51 u8 type, u32 data_size)
35{ 52{
36 struct sk_buff *skb = alloc_skb(128, GFP_ATOMIC); 53 int hlen = type == LLC_PDU_TYPE_U ? 3 : 4;
54 struct sk_buff *skb;
55
56 hlen += llc_mac_header_len(dev->type);
57 skb = alloc_skb(hlen + data_size, GFP_ATOMIC);
37 58
38 if (skb) { 59 if (skb) {
39 skb_reset_mac_header(skb); 60 skb_reset_mac_header(skb);
40 skb_reserve(skb, 50); 61 skb_reserve(skb, hlen);
41 skb_reset_network_header(skb); 62 skb_reset_network_header(skb);
42 skb_reset_transport_header(skb); 63 skb_reset_transport_header(skb);
43 skb->protocol = htons(ETH_P_802_2); 64 skb->protocol = htons(ETH_P_802_2);
diff --git a/net/llc/llc_station.c b/net/llc/llc_station.c
index 6f2ea2090322..83da13339490 100644
--- a/net/llc/llc_station.c
+++ b/net/llc/llc_station.c
@@ -253,13 +253,14 @@ static int llc_station_ac_inc_xid_r_cnt_by_1(struct sk_buff *skb)
253static int llc_station_ac_send_null_dsap_xid_c(struct sk_buff *skb) 253static int llc_station_ac_send_null_dsap_xid_c(struct sk_buff *skb)
254{ 254{
255 int rc = 1; 255 int rc = 1;
256 struct sk_buff *nskb = llc_alloc_frame(NULL, skb->dev); 256 struct sk_buff *nskb = llc_alloc_frame(NULL, skb->dev, LLC_PDU_TYPE_U,
257 sizeof(struct llc_xid_info));
257 258
258 if (!nskb) 259 if (!nskb)
259 goto out; 260 goto out;
260 llc_pdu_header_init(nskb, LLC_PDU_TYPE_U, 0, 0, LLC_PDU_CMD); 261 llc_pdu_header_init(nskb, LLC_PDU_TYPE_U, 0, 0, LLC_PDU_CMD);
261 llc_pdu_init_as_xid_cmd(nskb, LLC_XID_NULL_CLASS_2, 127); 262 llc_pdu_init_as_xid_cmd(nskb, LLC_XID_NULL_CLASS_2, 127);
262 rc = llc_mac_hdr_init(nskb, llc_station_mac_sa, llc_station_mac_sa); 263 rc = llc_mac_hdr_init(nskb, skb->dev->dev_addr, skb->dev->dev_addr);
263 if (unlikely(rc)) 264 if (unlikely(rc))
264 goto free; 265 goto free;
265 llc_station_send_pdu(nskb); 266 llc_station_send_pdu(nskb);
@@ -274,7 +275,8 @@ static int llc_station_ac_send_xid_r(struct sk_buff *skb)
274{ 275{
275 u8 mac_da[ETH_ALEN], dsap; 276 u8 mac_da[ETH_ALEN], dsap;
276 int rc = 1; 277 int rc = 1;
277 struct sk_buff* nskb = llc_alloc_frame(NULL, skb->dev); 278 struct sk_buff *nskb = llc_alloc_frame(NULL, skb->dev, LLC_PDU_TYPE_U,
279 sizeof(struct llc_xid_info));
278 280
279 if (!nskb) 281 if (!nskb)
280 goto out; 282 goto out;
@@ -283,7 +285,7 @@ static int llc_station_ac_send_xid_r(struct sk_buff *skb)
283 llc_pdu_decode_ssap(skb, &dsap); 285 llc_pdu_decode_ssap(skb, &dsap);
284 llc_pdu_header_init(nskb, LLC_PDU_TYPE_U, 0, dsap, LLC_PDU_RSP); 286 llc_pdu_header_init(nskb, LLC_PDU_TYPE_U, 0, dsap, LLC_PDU_RSP);
285 llc_pdu_init_as_xid_rsp(nskb, LLC_XID_NULL_CLASS_2, 127); 287 llc_pdu_init_as_xid_rsp(nskb, LLC_XID_NULL_CLASS_2, 127);
286 rc = llc_mac_hdr_init(nskb, llc_station_mac_sa, mac_da); 288 rc = llc_mac_hdr_init(nskb, skb->dev->dev_addr, mac_da);
287 if (unlikely(rc)) 289 if (unlikely(rc))
288 goto free; 290 goto free;
289 llc_station_send_pdu(nskb); 291 llc_station_send_pdu(nskb);
@@ -298,7 +300,12 @@ static int llc_station_ac_send_test_r(struct sk_buff *skb)
298{ 300{
299 u8 mac_da[ETH_ALEN], dsap; 301 u8 mac_da[ETH_ALEN], dsap;
300 int rc = 1; 302 int rc = 1;
301 struct sk_buff *nskb = llc_alloc_frame(NULL, skb->dev); 303 u32 data_size;
304 struct sk_buff *nskb;
305
306 /* The test request command is type U (llc_len = 3) */
307 data_size = ntohs(eth_hdr(skb)->h_proto) - 3;
308 nskb = llc_alloc_frame(NULL, skb->dev, LLC_PDU_TYPE_U, data_size);
302 309
303 if (!nskb) 310 if (!nskb)
304 goto out; 311 goto out;
@@ -307,7 +314,7 @@ static int llc_station_ac_send_test_r(struct sk_buff *skb)
307 llc_pdu_decode_ssap(skb, &dsap); 314 llc_pdu_decode_ssap(skb, &dsap);
308 llc_pdu_header_init(nskb, LLC_PDU_TYPE_U, 0, dsap, LLC_PDU_RSP); 315 llc_pdu_header_init(nskb, LLC_PDU_TYPE_U, 0, dsap, LLC_PDU_RSP);
309 llc_pdu_init_as_test_rsp(nskb, skb); 316 llc_pdu_init_as_test_rsp(nskb, skb);
310 rc = llc_mac_hdr_init(nskb, llc_station_mac_sa, mac_da); 317 rc = llc_mac_hdr_init(nskb, skb->dev->dev_addr, mac_da);
311 if (unlikely(rc)) 318 if (unlikely(rc))
312 goto free; 319 goto free;
313 llc_station_send_pdu(nskb); 320 llc_station_send_pdu(nskb);
diff --git a/net/mac80211/ieee80211.c b/net/mac80211/ieee80211.c
index 28bcdf9fc3df..8e586390a2ef 100644
--- a/net/mac80211/ieee80211.c
+++ b/net/mac80211/ieee80211.c
@@ -286,6 +286,18 @@ static int ieee80211_open(struct net_device *dev)
286 if (need_hw_reconfig) 286 if (need_hw_reconfig)
287 ieee80211_hw_config(local); 287 ieee80211_hw_config(local);
288 288
289 /*
290 * ieee80211_sta_work is disabled while network interface
291 * is down. Therefore, some configuration changes may not
292 * yet be effective. Trigger execution of ieee80211_sta_work
293 * to fix this.
294 */
295 if(sdata->vif.type == IEEE80211_IF_TYPE_STA ||
296 sdata->vif.type == IEEE80211_IF_TYPE_IBSS) {
297 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
298 queue_work(local->hw.workqueue, &ifsta->work);
299 }
300
289 netif_start_queue(dev); 301 netif_start_queue(dev);
290 302
291 return 0; 303 return 0;
diff --git a/net/mac80211/ieee80211_sta.c b/net/mac80211/ieee80211_sta.c
index 9aeed5320228..c1706855460a 100644
--- a/net/mac80211/ieee80211_sta.c
+++ b/net/mac80211/ieee80211_sta.c
@@ -312,14 +312,12 @@ static void ieee80211_sta_wmm_params(struct net_device *dev,
312 } 312 }
313} 313}
314 314
315 315static u32 ieee80211_handle_protect_preamb(struct ieee80211_sub_if_data *sdata,
316static u32 ieee80211_handle_erp_ie(struct ieee80211_sub_if_data *sdata, 316 bool use_protection,
317 u8 erp_value) 317 bool use_short_preamble)
318{ 318{
319 struct ieee80211_bss_conf *bss_conf = &sdata->bss_conf; 319 struct ieee80211_bss_conf *bss_conf = &sdata->bss_conf;
320 struct ieee80211_if_sta *ifsta = &sdata->u.sta; 320 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
321 bool use_protection = (erp_value & WLAN_ERP_USE_PROTECTION) != 0;
322 bool preamble_mode = (erp_value & WLAN_ERP_BARKER_PREAMBLE) != 0;
323 DECLARE_MAC_BUF(mac); 321 DECLARE_MAC_BUF(mac);
324 u32 changed = 0; 322 u32 changed = 0;
325 323
@@ -335,22 +333,47 @@ static u32 ieee80211_handle_erp_ie(struct ieee80211_sub_if_data *sdata,
335 changed |= BSS_CHANGED_ERP_CTS_PROT; 333 changed |= BSS_CHANGED_ERP_CTS_PROT;
336 } 334 }
337 335
338 if (preamble_mode != bss_conf->use_short_preamble) { 336 if (use_short_preamble != bss_conf->use_short_preamble) {
339 if (net_ratelimit()) { 337 if (net_ratelimit()) {
340 printk(KERN_DEBUG "%s: switched to %s barker preamble" 338 printk(KERN_DEBUG "%s: switched to %s barker preamble"
341 " (BSSID=%s)\n", 339 " (BSSID=%s)\n",
342 sdata->dev->name, 340 sdata->dev->name,
343 (preamble_mode == WLAN_ERP_PREAMBLE_SHORT) ? 341 use_short_preamble ? "short" : "long",
344 "short" : "long",
345 print_mac(mac, ifsta->bssid)); 342 print_mac(mac, ifsta->bssid));
346 } 343 }
347 bss_conf->use_short_preamble = preamble_mode; 344 bss_conf->use_short_preamble = use_short_preamble;
348 changed |= BSS_CHANGED_ERP_PREAMBLE; 345 changed |= BSS_CHANGED_ERP_PREAMBLE;
349 } 346 }
350 347
351 return changed; 348 return changed;
352} 349}
353 350
351static u32 ieee80211_handle_erp_ie(struct ieee80211_sub_if_data *sdata,
352 u8 erp_value)
353{
354 bool use_protection = (erp_value & WLAN_ERP_USE_PROTECTION) != 0;
355 bool use_short_preamble = (erp_value & WLAN_ERP_BARKER_PREAMBLE) == 0;
356
357 return ieee80211_handle_protect_preamb(sdata,
358 use_protection, use_short_preamble);
359}
360
361static u32 ieee80211_handle_bss_capability(struct ieee80211_sub_if_data *sdata,
362 struct ieee80211_sta_bss *bss)
363{
364 u32 changed = 0;
365
366 if (bss->has_erp_value)
367 changed |= ieee80211_handle_erp_ie(sdata, bss->erp_value);
368 else {
369 u16 capab = bss->capability;
370 changed |= ieee80211_handle_protect_preamb(sdata, false,
371 (capab & WLAN_CAPABILITY_SHORT_PREAMBLE) != 0);
372 }
373
374 return changed;
375}
376
354int ieee80211_ht_cap_ie_to_ht_info(struct ieee80211_ht_cap *ht_cap_ie, 377int ieee80211_ht_cap_ie_to_ht_info(struct ieee80211_ht_cap *ht_cap_ie,
355 struct ieee80211_ht_info *ht_info) 378 struct ieee80211_ht_info *ht_info)
356{ 379{
@@ -469,9 +492,7 @@ static void ieee80211_set_associated(struct net_device *dev,
469 local->hw.conf.channel, 492 local->hw.conf.channel,
470 ifsta->ssid, ifsta->ssid_len); 493 ifsta->ssid, ifsta->ssid_len);
471 if (bss) { 494 if (bss) {
472 if (bss->has_erp_value) 495 changed |= ieee80211_handle_bss_capability(sdata, bss);
473 changed |= ieee80211_handle_erp_ie(
474 sdata, bss->erp_value);
475 ieee80211_rx_bss_put(dev, bss); 496 ieee80211_rx_bss_put(dev, bss);
476 } 497 }
477 498
@@ -2117,6 +2138,11 @@ static void ieee80211_rx_mgmt_beacon(struct net_device *dev,
2117 2138
2118 if (elems.erp_info && elems.erp_info_len >= 1) 2139 if (elems.erp_info && elems.erp_info_len >= 1)
2119 changed |= ieee80211_handle_erp_ie(sdata, elems.erp_info[0]); 2140 changed |= ieee80211_handle_erp_ie(sdata, elems.erp_info[0]);
2141 else {
2142 u16 capab = le16_to_cpu(mgmt->u.beacon.capab_info);
2143 changed |= ieee80211_handle_protect_preamb(sdata, false,
2144 (capab & WLAN_CAPABILITY_SHORT_PREAMBLE) != 0);
2145 }
2120 2146
2121 if (elems.ht_cap_elem && elems.ht_info_elem && 2147 if (elems.ht_cap_elem && elems.ht_info_elem &&
2122 elems.wmm_param && local->ops->conf_ht && 2148 elems.wmm_param && local->ops->conf_ht &&
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
index e88e96af613d..8599068050ec 100644
--- a/net/netfilter/nf_conntrack_standalone.c
+++ b/net/netfilter/nf_conntrack_standalone.c
@@ -395,7 +395,7 @@ EXPORT_SYMBOL_GPL(nf_ct_log_invalid);
395static int __init nf_conntrack_standalone_init(void) 395static int __init nf_conntrack_standalone_init(void)
396{ 396{
397#ifdef CONFIG_PROC_FS 397#ifdef CONFIG_PROC_FS
398 struct proc_dir_entry *proc, *proc_stat; 398 struct proc_dir_entry *proc;
399#endif 399#endif
400 int ret = 0; 400 int ret = 0;
401 401
@@ -407,12 +407,9 @@ static int __init nf_conntrack_standalone_init(void)
407 proc = proc_net_fops_create(&init_net, "nf_conntrack", 0440, &ct_file_ops); 407 proc = proc_net_fops_create(&init_net, "nf_conntrack", 0440, &ct_file_ops);
408 if (!proc) goto cleanup_init; 408 if (!proc) goto cleanup_init;
409 409
410 proc_stat = create_proc_entry("nf_conntrack", S_IRUGO, init_net.proc_net_stat); 410 if (!proc_create("nf_conntrack", S_IRUGO,
411 if (!proc_stat) 411 init_net.proc_net_stat, &ct_cpu_seq_fops))
412 goto cleanup_proc; 412 goto cleanup_proc;
413
414 proc_stat->proc_fops = &ct_cpu_seq_fops;
415 proc_stat->owner = THIS_MODULE;
416#endif 413#endif
417#ifdef CONFIG_SYSCTL 414#ifdef CONFIG_SYSCTL
418 nf_ct_sysctl_header = register_sysctl_paths(nf_ct_path, 415 nf_ct_sysctl_header = register_sysctl_paths(nf_ct_path,
diff --git a/net/netfilter/nf_log.c b/net/netfilter/nf_log.c
index cec9976aecbf..bc11d7092032 100644
--- a/net/netfilter/nf_log.c
+++ b/net/netfilter/nf_log.c
@@ -168,13 +168,9 @@ static const struct file_operations nflog_file_ops = {
168int __init netfilter_log_init(void) 168int __init netfilter_log_init(void)
169{ 169{
170#ifdef CONFIG_PROC_FS 170#ifdef CONFIG_PROC_FS
171 struct proc_dir_entry *pde; 171 if (!proc_create("nf_log", S_IRUGO,
172 172 proc_net_netfilter, &nflog_file_ops))
173 pde = create_proc_entry("nf_log", S_IRUGO, proc_net_netfilter);
174 if (!pde)
175 return -1; 173 return -1;
176
177 pde->proc_fops = &nflog_file_ops;
178#endif 174#endif
179 return 0; 175 return 0;
180} 176}
diff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c
index ddc80ea114cd..bbd26893c0c4 100644
--- a/net/netfilter/nf_queue.c
+++ b/net/netfilter/nf_queue.c
@@ -348,12 +348,9 @@ static const struct file_operations nfqueue_file_ops = {
348int __init netfilter_queue_init(void) 348int __init netfilter_queue_init(void)
349{ 349{
350#ifdef CONFIG_PROC_FS 350#ifdef CONFIG_PROC_FS
351 struct proc_dir_entry *pde; 351 if (!proc_create("nf_queue", S_IRUGO,
352 352 proc_net_netfilter, &nfqueue_file_ops))
353 pde = create_proc_entry("nf_queue", S_IRUGO, proc_net_netfilter);
354 if (!pde)
355 return -1; 353 return -1;
356 pde->proc_fops = &nfqueue_file_ops;
357#endif 354#endif
358 return 0; 355 return 0;
359} 356}
diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c
index bf3f19b21fe4..b8173af8c24a 100644
--- a/net/netfilter/nfnetlink_log.c
+++ b/net/netfilter/nfnetlink_log.c
@@ -923,9 +923,6 @@ static const struct file_operations nful_file_ops = {
923static int __init nfnetlink_log_init(void) 923static int __init nfnetlink_log_init(void)
924{ 924{
925 int i, status = -ENOMEM; 925 int i, status = -ENOMEM;
926#ifdef CONFIG_PROC_FS
927 struct proc_dir_entry *proc_nful;
928#endif
929 926
930 for (i = 0; i < INSTANCE_BUCKETS; i++) 927 for (i = 0; i < INSTANCE_BUCKETS; i++)
931 INIT_HLIST_HEAD(&instance_table[i]); 928 INIT_HLIST_HEAD(&instance_table[i]);
@@ -943,11 +940,9 @@ static int __init nfnetlink_log_init(void)
943 } 940 }
944 941
945#ifdef CONFIG_PROC_FS 942#ifdef CONFIG_PROC_FS
946 proc_nful = create_proc_entry("nfnetlink_log", 0440, 943 if (!proc_create("nfnetlink_log", 0440,
947 proc_net_netfilter); 944 proc_net_netfilter, &nful_file_ops))
948 if (!proc_nful)
949 goto cleanup_subsys; 945 goto cleanup_subsys;
950 proc_nful->proc_fops = &nful_file_ops;
951#endif 946#endif
952 return status; 947 return status;
953 948
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index 012cb6910820..10522c04ed24 100644
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -896,9 +896,6 @@ static const struct file_operations nfqnl_file_ops = {
896static int __init nfnetlink_queue_init(void) 896static int __init nfnetlink_queue_init(void)
897{ 897{
898 int i, status = -ENOMEM; 898 int i, status = -ENOMEM;
899#ifdef CONFIG_PROC_FS
900 struct proc_dir_entry *proc_nfqueue;
901#endif
902 899
903 for (i = 0; i < INSTANCE_BUCKETS; i++) 900 for (i = 0; i < INSTANCE_BUCKETS; i++)
904 INIT_HLIST_HEAD(&instance_table[i]); 901 INIT_HLIST_HEAD(&instance_table[i]);
@@ -911,11 +908,9 @@ static int __init nfnetlink_queue_init(void)
911 } 908 }
912 909
913#ifdef CONFIG_PROC_FS 910#ifdef CONFIG_PROC_FS
914 proc_nfqueue = create_proc_entry("nfnetlink_queue", 0440, 911 if (!proc_create("nfnetlink_queue", 0440,
915 proc_net_netfilter); 912 proc_net_netfilter, &nfqnl_file_ops))
916 if (!proc_nfqueue)
917 goto cleanup_subsys; 913 goto cleanup_subsys;
918 proc_nfqueue->proc_fops = &nfqnl_file_ops;
919#endif 914#endif
920 915
921 register_netdevice_notifier(&nfqnl_dev_notifier); 916 register_netdevice_notifier(&nfqnl_dev_notifier);
diff --git a/net/netfilter/xt_hashlimit.c b/net/netfilter/xt_hashlimit.c
index 5418ce59ac3a..40d344b21453 100644
--- a/net/netfilter/xt_hashlimit.c
+++ b/net/netfilter/xt_hashlimit.c
@@ -237,14 +237,14 @@ static int htable_create_v0(struct xt_hashlimit_info *minfo, int family)
237 hinfo->family = family; 237 hinfo->family = family;
238 hinfo->rnd_initialized = 0; 238 hinfo->rnd_initialized = 0;
239 spin_lock_init(&hinfo->lock); 239 spin_lock_init(&hinfo->lock);
240 hinfo->pde = create_proc_entry(minfo->name, 0, 240 hinfo->pde = proc_create(minfo->name, 0,
241 family == AF_INET ? hashlimit_procdir4 : 241 family == AF_INET ? hashlimit_procdir4 :
242 hashlimit_procdir6); 242 hashlimit_procdir6,
243 &dl_file_ops);
243 if (!hinfo->pde) { 244 if (!hinfo->pde) {
244 vfree(hinfo); 245 vfree(hinfo);
245 return -1; 246 return -1;
246 } 247 }
247 hinfo->pde->proc_fops = &dl_file_ops;
248 hinfo->pde->data = hinfo; 248 hinfo->pde->data = hinfo;
249 249
250 setup_timer(&hinfo->timer, htable_gc, (unsigned long )hinfo); 250 setup_timer(&hinfo->timer, htable_gc, (unsigned long )hinfo);
@@ -301,14 +301,14 @@ static int htable_create(struct xt_hashlimit_mtinfo1 *minfo,
301 hinfo->rnd_initialized = 0; 301 hinfo->rnd_initialized = 0;
302 spin_lock_init(&hinfo->lock); 302 spin_lock_init(&hinfo->lock);
303 303
304 hinfo->pde = create_proc_entry(minfo->name, 0, 304 hinfo->pde = proc_create(minfo->name, 0,
305 family == AF_INET ? hashlimit_procdir4 : 305 family == AF_INET ? hashlimit_procdir4 :
306 hashlimit_procdir6); 306 hashlimit_procdir6,
307 &dl_file_ops);
307 if (hinfo->pde == NULL) { 308 if (hinfo->pde == NULL) {
308 vfree(hinfo); 309 vfree(hinfo);
309 return -1; 310 return -1;
310 } 311 }
311 hinfo->pde->proc_fops = &dl_file_ops;
312 hinfo->pde->data = hinfo; 312 hinfo->pde->data = hinfo;
313 313
314 setup_timer(&hinfo->timer, htable_gc, (unsigned long)hinfo); 314 setup_timer(&hinfo->timer, htable_gc, (unsigned long)hinfo);
@@ -466,38 +466,25 @@ static inline void rateinfo_recalc(struct dsthash_ent *dh, unsigned long now)
466 466
467static inline __be32 maskl(__be32 a, unsigned int l) 467static inline __be32 maskl(__be32 a, unsigned int l)
468{ 468{
469 return htonl(ntohl(a) & ~(~(u_int32_t)0 >> l)); 469 return l ? htonl(ntohl(a) & ~0 << (32 - l)) : 0;
470} 470}
471 471
472#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE) 472#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)
473static void hashlimit_ipv6_mask(__be32 *i, unsigned int p) 473static void hashlimit_ipv6_mask(__be32 *i, unsigned int p)
474{ 474{
475 switch (p) { 475 switch (p) {
476 case 0: 476 case 0 ... 31:
477 i[0] = i[1] = 0;
478 i[2] = i[3] = 0;
479 break;
480 case 1 ... 31:
481 i[0] = maskl(i[0], p); 477 i[0] = maskl(i[0], p);
482 i[1] = i[2] = i[3] = 0; 478 i[1] = i[2] = i[3] = 0;
483 break; 479 break;
484 case 32: 480 case 32 ... 63:
485 i[1] = i[2] = i[3] = 0;
486 break;
487 case 33 ... 63:
488 i[1] = maskl(i[1], p - 32); 481 i[1] = maskl(i[1], p - 32);
489 i[2] = i[3] = 0; 482 i[2] = i[3] = 0;
490 break; 483 break;
491 case 64: 484 case 64 ... 95:
492 i[2] = i[3] = 0;
493 break;
494 case 65 ... 95:
495 i[2] = maskl(i[2], p - 64); 485 i[2] = maskl(i[2], p - 64);
496 i[3] = 0; 486 i[3] = 0;
497 case 96: 487 case 96 ... 127:
498 i[3] = 0;
499 break;
500 case 97 ... 127:
501 i[3] = maskl(i[3], p - 96); 488 i[3] = maskl(i[3], p - 96);
502 break; 489 break;
503 case 128: 490 case 128:
diff --git a/net/rose/af_rose.c b/net/rose/af_rose.c
index 4a31a81059ab..063cbc5c26b1 100644
--- a/net/rose/af_rose.c
+++ b/net/rose/af_rose.c
@@ -598,17 +598,24 @@ static int rose_release(struct socket *sock)
598 598
599 if (sk == NULL) return 0; 599 if (sk == NULL) return 0;
600 600
601 sock_hold(sk);
602 sock_orphan(sk);
603 lock_sock(sk);
601 rose = rose_sk(sk); 604 rose = rose_sk(sk);
602 605
603 switch (rose->state) { 606 switch (rose->state) {
604 case ROSE_STATE_0: 607 case ROSE_STATE_0:
608 release_sock(sk);
605 rose_disconnect(sk, 0, -1, -1); 609 rose_disconnect(sk, 0, -1, -1);
610 lock_sock(sk);
606 rose_destroy_socket(sk); 611 rose_destroy_socket(sk);
607 break; 612 break;
608 613
609 case ROSE_STATE_2: 614 case ROSE_STATE_2:
610 rose->neighbour->use--; 615 rose->neighbour->use--;
616 release_sock(sk);
611 rose_disconnect(sk, 0, -1, -1); 617 rose_disconnect(sk, 0, -1, -1);
618 lock_sock(sk);
612 rose_destroy_socket(sk); 619 rose_destroy_socket(sk);
613 break; 620 break;
614 621
@@ -633,6 +640,8 @@ static int rose_release(struct socket *sock)
633 } 640 }
634 641
635 sock->sk = NULL; 642 sock->sk = NULL;
643 release_sock(sk);
644 sock_put(sk);
636 645
637 return 0; 646 return 0;
638} 647}
diff --git a/net/rxrpc/ar-internal.h b/net/rxrpc/ar-internal.h
index 1aaa2e804b0d..53fe94c9d36b 100644
--- a/net/rxrpc/ar-internal.h
+++ b/net/rxrpc/ar-internal.h
@@ -23,7 +23,7 @@
23struct rxrpc_crypt { 23struct rxrpc_crypt {
24 union { 24 union {
25 u8 x[FCRYPT_BSIZE]; 25 u8 x[FCRYPT_BSIZE];
26 u32 n[2]; 26 __be32 n[2];
27 }; 27 };
28} __attribute__((aligned(8))); 28} __attribute__((aligned(8)));
29 29
@@ -611,7 +611,7 @@ extern struct rxrpc_transport *rxrpc_find_transport(struct rxrpc_local *,
611extern unsigned rxrpc_debug; 611extern unsigned rxrpc_debug;
612 612
613#define dbgprintk(FMT,...) \ 613#define dbgprintk(FMT,...) \
614 printk("[%x%-6.6s] "FMT"\n", smp_processor_id(), current->comm ,##__VA_ARGS__) 614 printk("[%-6.6s] "FMT"\n", current->comm ,##__VA_ARGS__)
615 615
616/* make sure we maintain the format strings, even when debugging is disabled */ 616/* make sure we maintain the format strings, even when debugging is disabled */
617static inline __attribute__((format(printf,1,2))) 617static inline __attribute__((format(printf,1,2)))
diff --git a/net/rxrpc/rxkad.c b/net/rxrpc/rxkad.c
index f48434adb7c2..d1c296f2d617 100644
--- a/net/rxrpc/rxkad.c
+++ b/net/rxrpc/rxkad.c
@@ -261,6 +261,7 @@ static int rxkad_secure_packet(const struct rxrpc_call *call,
261 __be32 x[2]; 261 __be32 x[2];
262 } tmpbuf __attribute__((aligned(8))); /* must all be in same page */ 262 } tmpbuf __attribute__((aligned(8))); /* must all be in same page */
263 __be32 x; 263 __be32 x;
264 u32 y;
264 int ret; 265 int ret;
265 266
266 sp = rxrpc_skb(skb); 267 sp = rxrpc_skb(skb);
@@ -292,11 +293,11 @@ static int rxkad_secure_packet(const struct rxrpc_call *call,
292 sg_init_one(&sg[1], &tmpbuf, sizeof(tmpbuf)); 293 sg_init_one(&sg[1], &tmpbuf, sizeof(tmpbuf));
293 crypto_blkcipher_encrypt_iv(&desc, &sg[0], &sg[1], sizeof(tmpbuf)); 294 crypto_blkcipher_encrypt_iv(&desc, &sg[0], &sg[1], sizeof(tmpbuf));
294 295
295 x = ntohl(tmpbuf.x[1]); 296 y = ntohl(tmpbuf.x[1]);
296 x = (x >> 16) & 0xffff; 297 y = (y >> 16) & 0xffff;
297 if (x == 0) 298 if (y == 0)
298 x = 1; /* zero checksums are not permitted */ 299 y = 1; /* zero checksums are not permitted */
299 sp->hdr.cksum = htons(x); 300 sp->hdr.cksum = htons(y);
300 301
301 switch (call->conn->security_level) { 302 switch (call->conn->security_level) {
302 case RXRPC_SECURITY_PLAIN: 303 case RXRPC_SECURITY_PLAIN:
@@ -314,7 +315,7 @@ static int rxkad_secure_packet(const struct rxrpc_call *call,
314 break; 315 break;
315 } 316 }
316 317
317 _leave(" = %d [set %hx]", ret, x); 318 _leave(" = %d [set %hx]", ret, y);
318 return ret; 319 return ret;
319} 320}
320 321
@@ -492,6 +493,7 @@ static int rxkad_verify_packet(const struct rxrpc_call *call,
492 __be32 x[2]; 493 __be32 x[2];
493 } tmpbuf __attribute__((aligned(8))); /* must all be in same page */ 494 } tmpbuf __attribute__((aligned(8))); /* must all be in same page */
494 __be32 x; 495 __be32 x;
496 u16 y;
495 __be16 cksum; 497 __be16 cksum;
496 int ret; 498 int ret;
497 499
@@ -526,12 +528,12 @@ static int rxkad_verify_packet(const struct rxrpc_call *call,
526 sg_init_one(&sg[1], &tmpbuf, sizeof(tmpbuf)); 528 sg_init_one(&sg[1], &tmpbuf, sizeof(tmpbuf));
527 crypto_blkcipher_encrypt_iv(&desc, &sg[0], &sg[1], sizeof(tmpbuf)); 529 crypto_blkcipher_encrypt_iv(&desc, &sg[0], &sg[1], sizeof(tmpbuf));
528 530
529 x = ntohl(tmpbuf.x[1]); 531 y = ntohl(tmpbuf.x[1]);
530 x = (x >> 16) & 0xffff; 532 y = (y >> 16) & 0xffff;
531 if (x == 0) 533 if (y == 0)
532 x = 1; /* zero checksums are not permitted */ 534 y = 1; /* zero checksums are not permitted */
533 535
534 cksum = htons(x); 536 cksum = htons(y);
535 if (sp->hdr.cksum != cksum) { 537 if (sp->hdr.cksum != cksum) {
536 *_abort_code = RXKADSEALEDINCON; 538 *_abort_code = RXKADSEALEDINCON;
537 _leave(" = -EPROTO [csum failed]"); 539 _leave(" = -EPROTO [csum failed]");
@@ -1001,7 +1003,8 @@ static int rxkad_verify_response(struct rxrpc_connection *conn,
1001 struct rxrpc_crypt session_key; 1003 struct rxrpc_crypt session_key;
1002 time_t expiry; 1004 time_t expiry;
1003 void *ticket; 1005 void *ticket;
1004 u32 abort_code, version, kvno, ticket_len, csum, level; 1006 u32 abort_code, version, kvno, ticket_len, level;
1007 __be32 csum;
1005 int ret; 1008 int ret;
1006 1009
1007 _enter("{%d,%x}", conn->debug_id, key_serial(conn->server_key)); 1010 _enter("{%d,%x}", conn->debug_id, key_serial(conn->server_key));
diff --git a/net/sched/sch_generic.c b/net/sched/sch_generic.c
index 10b5c0887fff..b741618e4d54 100644
--- a/net/sched/sch_generic.c
+++ b/net/sched/sch_generic.c
@@ -184,10 +184,22 @@ static inline int qdisc_restart(struct net_device *dev)
184 184
185void __qdisc_run(struct net_device *dev) 185void __qdisc_run(struct net_device *dev)
186{ 186{
187 do { 187 unsigned long start_time = jiffies;
188 if (!qdisc_restart(dev)) 188
189 while (qdisc_restart(dev)) {
190 if (netif_queue_stopped(dev))
191 break;
192
193 /*
194 * Postpone processing if
195 * 1. another process needs the CPU;
196 * 2. we've been doing it for too long.
197 */
198 if (need_resched() || jiffies != start_time) {
199 netif_schedule(dev);
189 break; 200 break;
190 } while (!netif_queue_stopped(dev)); 201 }
202 }
191 203
192 clear_bit(__LINK_STATE_QDISC_RUNNING, &dev->state); 204 clear_bit(__LINK_STATE_QDISC_RUNNING, &dev->state);
193} 205}
diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c
index 8c6a7f1a25e9..8834d68972cb 100644
--- a/net/sunrpc/clnt.c
+++ b/net/sunrpc/clnt.c
@@ -261,10 +261,6 @@ struct rpc_clnt *rpc_create(struct rpc_create_args *args)
261 }; 261 };
262 char servername[48]; 262 char servername[48];
263 263
264 xprt = xprt_create_transport(&xprtargs);
265 if (IS_ERR(xprt))
266 return (struct rpc_clnt *)xprt;
267
268 /* 264 /*
269 * If the caller chooses not to specify a hostname, whip 265 * If the caller chooses not to specify a hostname, whip
270 * up a string representation of the passed-in address. 266 * up a string representation of the passed-in address.
diff --git a/net/sunrpc/xdr.c b/net/sunrpc/xdr.c
index 995c3fdc16c2..79a55d56cc98 100644
--- a/net/sunrpc/xdr.c
+++ b/net/sunrpc/xdr.c
@@ -244,7 +244,7 @@ _copy_to_pages(struct page **pages, size_t pgbase, const char *p, size_t len)
244 pgto = pages + (pgbase >> PAGE_CACHE_SHIFT); 244 pgto = pages + (pgbase >> PAGE_CACHE_SHIFT);
245 pgbase &= ~PAGE_CACHE_MASK; 245 pgbase &= ~PAGE_CACHE_MASK;
246 246
247 do { 247 for (;;) {
248 copy = PAGE_CACHE_SIZE - pgbase; 248 copy = PAGE_CACHE_SIZE - pgbase;
249 if (copy > len) 249 if (copy > len)
250 copy = len; 250 copy = len;
@@ -253,6 +253,10 @@ _copy_to_pages(struct page **pages, size_t pgbase, const char *p, size_t len)
253 memcpy(vto + pgbase, p, copy); 253 memcpy(vto + pgbase, p, copy);
254 kunmap_atomic(vto, KM_USER0); 254 kunmap_atomic(vto, KM_USER0);
255 255
256 len -= copy;
257 if (len == 0)
258 break;
259
256 pgbase += copy; 260 pgbase += copy;
257 if (pgbase == PAGE_CACHE_SIZE) { 261 if (pgbase == PAGE_CACHE_SIZE) {
258 flush_dcache_page(*pgto); 262 flush_dcache_page(*pgto);
@@ -260,8 +264,7 @@ _copy_to_pages(struct page **pages, size_t pgbase, const char *p, size_t len)
260 pgto++; 264 pgto++;
261 } 265 }
262 p += copy; 266 p += copy;
263 267 }
264 } while ((len -= copy) != 0);
265 flush_dcache_page(*pgto); 268 flush_dcache_page(*pgto);
266} 269}
267 270
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index e3a214f63f91..f68a5c8f2147 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -945,7 +945,7 @@ static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
945 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 945 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
946 params.listen_interval = 946 params.listen_interval =
947 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]); 947 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
948 params.listen_interval = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]); 948 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
949 949
950 if (parse_station_flags(info->attrs[NL80211_ATTR_STA_FLAGS], 950 if (parse_station_flags(info->attrs[NL80211_ATTR_STA_FLAGS],
951 &params.station_flags)) 951 &params.station_flags))
diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c
index 62188c6a06dd..75279402ccf4 100644
--- a/net/xfrm/xfrm_input.c
+++ b/net/xfrm/xfrm_input.c
@@ -84,14 +84,21 @@ int xfrm_parse_spi(struct sk_buff *skb, u8 nexthdr, __be32 *spi, __be32 *seq)
84 84
85int xfrm_prepare_input(struct xfrm_state *x, struct sk_buff *skb) 85int xfrm_prepare_input(struct xfrm_state *x, struct sk_buff *skb)
86{ 86{
87 struct xfrm_mode *inner_mode = x->inner_mode;
87 int err; 88 int err;
88 89
89 err = x->outer_mode->afinfo->extract_input(x, skb); 90 err = x->outer_mode->afinfo->extract_input(x, skb);
90 if (err) 91 if (err)
91 return err; 92 return err;
92 93
93 skb->protocol = x->inner_mode->afinfo->eth_proto; 94 if (x->sel.family == AF_UNSPEC) {
94 return x->inner_mode->input2(x, skb); 95 inner_mode = xfrm_ip2inner_mode(x, XFRM_MODE_SKB_CB(skb)->protocol);
96 if (inner_mode == NULL)
97 return -EAFNOSUPPORT;
98 }
99
100 skb->protocol = inner_mode->afinfo->eth_proto;
101 return inner_mode->input2(x, skb);
95} 102}
96EXPORT_SYMBOL(xfrm_prepare_input); 103EXPORT_SYMBOL(xfrm_prepare_input);
97 104
@@ -101,6 +108,7 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
101 __be32 seq; 108 __be32 seq;
102 struct xfrm_state *x; 109 struct xfrm_state *x;
103 xfrm_address_t *daddr; 110 xfrm_address_t *daddr;
111 struct xfrm_mode *inner_mode;
104 unsigned int family; 112 unsigned int family;
105 int decaps = 0; 113 int decaps = 0;
106 int async = 0; 114 int async = 0;
@@ -207,7 +215,15 @@ resume:
207 215
208 XFRM_MODE_SKB_CB(skb)->protocol = nexthdr; 216 XFRM_MODE_SKB_CB(skb)->protocol = nexthdr;
209 217
210 if (x->inner_mode->input(x, skb)) { 218 inner_mode = x->inner_mode;
219
220 if (x->sel.family == AF_UNSPEC) {
221 inner_mode = xfrm_ip2inner_mode(x, XFRM_MODE_SKB_CB(skb)->protocol);
222 if (inner_mode == NULL)
223 goto drop;
224 }
225
226 if (inner_mode->input(x, skb)) {
211 XFRM_INC_STATS(LINUX_MIB_XFRMINSTATEMODEERROR); 227 XFRM_INC_STATS(LINUX_MIB_XFRMINSTATEMODEERROR);
212 goto drop; 228 goto drop;
213 } 229 }
diff --git a/net/xfrm/xfrm_output.c b/net/xfrm/xfrm_output.c
index 569d377932c4..2519129c6d21 100644
--- a/net/xfrm/xfrm_output.c
+++ b/net/xfrm/xfrm_output.c
@@ -124,7 +124,7 @@ int xfrm_output_resume(struct sk_buff *skb, int err)
124 if (!x) 124 if (!x)
125 return dst_output(skb); 125 return dst_output(skb);
126 126
127 err = nf_hook(x->inner_mode->afinfo->family, 127 err = nf_hook(skb->dst->ops->family,
128 NF_INET_POST_ROUTING, skb, 128 NF_INET_POST_ROUTING, skb,
129 NULL, skb->dst->dev, xfrm_output2); 129 NULL, skb->dst->dev, xfrm_output2);
130 if (unlikely(err != 1)) 130 if (unlikely(err != 1))
@@ -193,4 +193,20 @@ int xfrm_output(struct sk_buff *skb)
193 193
194 return xfrm_output2(skb); 194 return xfrm_output2(skb);
195} 195}
196
197int xfrm_inner_extract_output(struct xfrm_state *x, struct sk_buff *skb)
198{
199 struct xfrm_mode *inner_mode;
200 if (x->sel.family == AF_UNSPEC)
201 inner_mode = xfrm_ip2inner_mode(x,
202 xfrm_af2proto(skb->dst->ops->family));
203 else
204 inner_mode = x->inner_mode;
205
206 if (inner_mode == NULL)
207 return -EAFNOSUPPORT;
208 return inner_mode->afinfo->extract_output(x, skb);
209}
210
196EXPORT_SYMBOL_GPL(xfrm_output); 211EXPORT_SYMBOL_GPL(xfrm_output);
212EXPORT_SYMBOL_GPL(xfrm_inner_extract_output);
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 7ba65e82941c..58f1f9347b54 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -388,6 +388,8 @@ static void xfrm_state_gc_destroy(struct xfrm_state *x)
388 kfree(x->coaddr); 388 kfree(x->coaddr);
389 if (x->inner_mode) 389 if (x->inner_mode)
390 xfrm_put_mode(x->inner_mode); 390 xfrm_put_mode(x->inner_mode);
391 if (x->inner_mode_iaf)
392 xfrm_put_mode(x->inner_mode_iaf);
391 if (x->outer_mode) 393 if (x->outer_mode)
392 xfrm_put_mode(x->outer_mode); 394 xfrm_put_mode(x->outer_mode);
393 if (x->type) { 395 if (x->type) {
@@ -523,6 +525,8 @@ struct xfrm_state *xfrm_state_alloc(void)
523 x->lft.hard_packet_limit = XFRM_INF; 525 x->lft.hard_packet_limit = XFRM_INF;
524 x->replay_maxage = 0; 526 x->replay_maxage = 0;
525 x->replay_maxdiff = 0; 527 x->replay_maxdiff = 0;
528 x->inner_mode = NULL;
529 x->inner_mode_iaf = NULL;
526 spin_lock_init(&x->lock); 530 spin_lock_init(&x->lock);
527 } 531 }
528 return x; 532 return x;
@@ -796,7 +800,7 @@ xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
796 selector. 800 selector.
797 */ 801 */
798 if (x->km.state == XFRM_STATE_VALID) { 802 if (x->km.state == XFRM_STATE_VALID) {
799 if (!xfrm_selector_match(&x->sel, fl, x->sel.family) || 803 if ((x->sel.family && !xfrm_selector_match(&x->sel, fl, x->sel.family)) ||
800 !security_xfrm_state_pol_flow_match(x, pol, fl)) 804 !security_xfrm_state_pol_flow_match(x, pol, fl))
801 continue; 805 continue;
802 if (!best || 806 if (!best ||
@@ -1944,6 +1948,7 @@ int xfrm_state_mtu(struct xfrm_state *x, int mtu)
1944int xfrm_init_state(struct xfrm_state *x) 1948int xfrm_init_state(struct xfrm_state *x)
1945{ 1949{
1946 struct xfrm_state_afinfo *afinfo; 1950 struct xfrm_state_afinfo *afinfo;
1951 struct xfrm_mode *inner_mode;
1947 int family = x->props.family; 1952 int family = x->props.family;
1948 int err; 1953 int err;
1949 1954
@@ -1962,13 +1967,48 @@ int xfrm_init_state(struct xfrm_state *x)
1962 goto error; 1967 goto error;
1963 1968
1964 err = -EPROTONOSUPPORT; 1969 err = -EPROTONOSUPPORT;
1965 x->inner_mode = xfrm_get_mode(x->props.mode, x->sel.family);
1966 if (x->inner_mode == NULL)
1967 goto error;
1968 1970
1969 if (!(x->inner_mode->flags & XFRM_MODE_FLAG_TUNNEL) && 1971 if (x->sel.family != AF_UNSPEC) {
1970 family != x->sel.family) 1972 inner_mode = xfrm_get_mode(x->props.mode, x->sel.family);
1971 goto error; 1973 if (inner_mode == NULL)
1974 goto error;
1975
1976 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL) &&
1977 family != x->sel.family) {
1978 xfrm_put_mode(inner_mode);
1979 goto error;
1980 }
1981
1982 x->inner_mode = inner_mode;
1983 } else {
1984 struct xfrm_mode *inner_mode_iaf;
1985
1986 inner_mode = xfrm_get_mode(x->props.mode, AF_INET);
1987 if (inner_mode == NULL)
1988 goto error;
1989
1990 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL)) {
1991 xfrm_put_mode(inner_mode);
1992 goto error;
1993 }
1994
1995 inner_mode_iaf = xfrm_get_mode(x->props.mode, AF_INET6);
1996 if (inner_mode_iaf == NULL)
1997 goto error;
1998
1999 if (!(inner_mode_iaf->flags & XFRM_MODE_FLAG_TUNNEL)) {
2000 xfrm_put_mode(inner_mode_iaf);
2001 goto error;
2002 }
2003
2004 if (x->props.family == AF_INET) {
2005 x->inner_mode = inner_mode;
2006 x->inner_mode_iaf = inner_mode_iaf;
2007 } else {
2008 x->inner_mode = inner_mode_iaf;
2009 x->inner_mode_iaf = inner_mode;
2010 }
2011 }
1972 2012
1973 x->type = xfrm_get_type(x->id.proto, family); 2013 x->type = xfrm_get_type(x->id.proto, family);
1974 if (x->type == NULL) 2014 if (x->type == NULL)
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index f971ca5645f8..019d21de19b3 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -288,12 +288,9 @@ static void copy_from_user_state(struct xfrm_state *x, struct xfrm_usersa_info *
288 memcpy(&x->props.saddr, &p->saddr, sizeof(x->props.saddr)); 288 memcpy(&x->props.saddr, &p->saddr, sizeof(x->props.saddr));
289 x->props.flags = p->flags; 289 x->props.flags = p->flags;
290 290
291 /*
292 * Set inner address family if the KM left it as zero.
293 * See comment in validate_tmpl.
294 */
295 if (!x->sel.family) 291 if (!x->sel.family)
296 x->sel.family = p->family; 292 x->sel.family = p->family;
293
297} 294}
298 295
299/* 296/*