aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
Diffstat (limited to 'net')
-rw-r--r--net/8021q/vlan.c20
-rw-r--r--net/8021q/vlan.h5
-rw-r--r--net/8021q/vlan_dev.c15
-rw-r--r--net/8021q/vlanproc.c5
-rw-r--r--net/atm/lec.c29
-rw-r--r--net/bluetooth/af_bluetooth.c40
-rw-r--r--net/bluetooth/hci_sock.c2
-rw-r--r--net/bluetooth/l2cap.c2
-rw-r--r--net/bluetooth/rfcomm/core.c2
-rw-r--r--net/bluetooth/rfcomm/sock.c2
-rw-r--r--net/bluetooth/rfcomm/tty.c5
-rw-r--r--net/bluetooth/sco.c2
-rw-r--r--net/ieee80211/ieee80211_rx.c43
-rw-r--r--net/ipv4/esp4.c2
-rw-r--r--net/ipv4/icmp.c24
-rw-r--r--net/ipv4/inet_fragment.c3
-rw-r--r--net/ipv4/inet_timewait_sock.c1
-rw-r--r--net/ipv4/ip_forward.c2
-rw-r--r--net/ipv4/ip_sockglue.c2
-rw-r--r--net/ipv4/netfilter/ip_queue.c8
-rw-r--r--net/ipv4/netfilter/ipt_CLUSTERIP.c5
-rw-r--r--net/ipv4/netfilter/ipt_recent.c3
-rw-r--r--net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c7
-rw-r--r--net/ipv4/netfilter/nf_nat_core.c2
-rw-r--r--net/ipv4/tcp_input.c65
-rw-r--r--net/ipv4/tcp_output.c3
-rw-r--r--net/ipv4/udp.c4
-rw-r--r--net/ipv6/addrconf.c31
-rw-r--r--net/ipv6/anycast.c9
-rw-r--r--net/ipv6/esp6.c2
-rw-r--r--net/ipv6/icmp.c22
-rw-r--r--net/ipv6/ip6_input.c3
-rw-r--r--net/ipv6/netfilter/ip6_queue.c8
-rw-r--r--net/ipv6/netfilter/nf_conntrack_reasm.c2
-rw-r--r--net/llc/af_llc.c3
-rw-r--r--net/llc/llc_c_ac.c47
-rw-r--r--net/llc/llc_core.c9
-rw-r--r--net/llc/llc_input.c6
-rw-r--r--net/llc/llc_pdu.c2
-rw-r--r--net/llc/llc_s_ac.c9
-rw-r--r--net/llc/llc_sap.c27
-rw-r--r--net/llc/llc_station.c19
-rw-r--r--net/mac80211/ieee80211.c12
-rw-r--r--net/mac80211/ieee80211_sta.c50
-rw-r--r--net/netfilter/nf_conntrack_standalone.c9
-rw-r--r--net/netfilter/nf_log.c8
-rw-r--r--net/netfilter/nf_queue.c7
-rw-r--r--net/netfilter/nfnetlink_log.c9
-rw-r--r--net/netfilter/nfnetlink_queue.c9
-rw-r--r--net/netfilter/xt_hashlimit.c39
-rw-r--r--net/rose/af_rose.c9
-rw-r--r--net/rxrpc/ar-internal.h4
-rw-r--r--net/rxrpc/rxkad.c27
-rw-r--r--net/sched/sch_generic.c18
-rw-r--r--net/sunrpc/clnt.c4
-rw-r--r--net/sunrpc/xdr.c9
-rw-r--r--net/wireless/nl80211.c2
-rw-r--r--net/xfrm/xfrm_user.c2
58 files changed, 463 insertions, 257 deletions
diff --git a/net/8021q/vlan.c b/net/8021q/vlan.c
index dbc81b965096..b33410abfd6b 100644
--- a/net/8021q/vlan.c
+++ b/net/8021q/vlan.c
@@ -374,17 +374,35 @@ static void vlan_sync_address(struct net_device *dev,
374 memcpy(vlan->real_dev_addr, dev->dev_addr, ETH_ALEN); 374 memcpy(vlan->real_dev_addr, dev->dev_addr, ETH_ALEN);
375} 375}
376 376
377static void __vlan_device_event(struct net_device *dev, unsigned long event)
378{
379 switch (event) {
380 case NETDEV_CHANGENAME:
381 vlan_proc_rem_dev(dev);
382 if (vlan_proc_add_dev(dev) < 0)
383 pr_warning("8021q: failed to change proc name for %s\n",
384 dev->name);
385 break;
386 }
387}
388
377static int vlan_device_event(struct notifier_block *unused, unsigned long event, 389static int vlan_device_event(struct notifier_block *unused, unsigned long event,
378 void *ptr) 390 void *ptr)
379{ 391{
380 struct net_device *dev = ptr; 392 struct net_device *dev = ptr;
381 struct vlan_group *grp = __vlan_find_group(dev->ifindex); 393 struct vlan_group *grp;
382 int i, flgs; 394 int i, flgs;
383 struct net_device *vlandev; 395 struct net_device *vlandev;
384 396
385 if (dev->nd_net != &init_net) 397 if (dev->nd_net != &init_net)
386 return NOTIFY_DONE; 398 return NOTIFY_DONE;
387 399
400 if (is_vlan_dev(dev)) {
401 __vlan_device_event(dev, event);
402 goto out;
403 }
404
405 grp = __vlan_find_group(dev->ifindex);
388 if (!grp) 406 if (!grp)
389 goto out; 407 goto out;
390 408
diff --git a/net/8021q/vlan.h b/net/8021q/vlan.h
index 73efcc715ccb..51271aea402b 100644
--- a/net/8021q/vlan.h
+++ b/net/8021q/vlan.h
@@ -45,4 +45,9 @@ void vlan_netlink_fini(void);
45 45
46extern struct rtnl_link_ops vlan_link_ops; 46extern struct rtnl_link_ops vlan_link_ops;
47 47
48static inline int is_vlan_dev(struct net_device *dev)
49{
50 return dev->priv_flags & IFF_802_1Q_VLAN;
51}
52
48#endif /* !(__BEN_VLAN_802_1Q_INC__) */ 53#endif /* !(__BEN_VLAN_802_1Q_INC__) */
diff --git a/net/8021q/vlan_dev.c b/net/8021q/vlan_dev.c
index 480ea90e7dcd..41a76a05e6fd 100644
--- a/net/8021q/vlan_dev.c
+++ b/net/8021q/vlan_dev.c
@@ -692,6 +692,20 @@ static int vlan_dev_init(struct net_device *dev)
692 return 0; 692 return 0;
693} 693}
694 694
695static void vlan_dev_uninit(struct net_device *dev)
696{
697 struct vlan_priority_tci_mapping *pm;
698 struct vlan_dev_info *vlan = vlan_dev_info(dev);
699 int i;
700
701 for (i = 0; i < ARRAY_SIZE(vlan->egress_priority_map); i++) {
702 while ((pm = vlan->egress_priority_map[i]) != NULL) {
703 vlan->egress_priority_map[i] = pm->next;
704 kfree(pm);
705 }
706 }
707}
708
695void vlan_setup(struct net_device *dev) 709void vlan_setup(struct net_device *dev)
696{ 710{
697 ether_setup(dev); 711 ether_setup(dev);
@@ -701,6 +715,7 @@ void vlan_setup(struct net_device *dev)
701 715
702 dev->change_mtu = vlan_dev_change_mtu; 716 dev->change_mtu = vlan_dev_change_mtu;
703 dev->init = vlan_dev_init; 717 dev->init = vlan_dev_init;
718 dev->uninit = vlan_dev_uninit;
704 dev->open = vlan_dev_open; 719 dev->open = vlan_dev_open;
705 dev->stop = vlan_dev_stop; 720 dev->stop = vlan_dev_stop;
706 dev->set_mac_address = vlan_dev_set_mac_address; 721 dev->set_mac_address = vlan_dev_set_mac_address;
diff --git a/net/8021q/vlanproc.c b/net/8021q/vlanproc.c
index 146cfb0e9882..9671aa51af2c 100644
--- a/net/8021q/vlanproc.c
+++ b/net/8021q/vlanproc.c
@@ -210,11 +210,6 @@ int vlan_proc_rem_dev(struct net_device *vlandev)
210 * The following few functions build the content of /proc/net/vlan/config 210 * The following few functions build the content of /proc/net/vlan/config
211 */ 211 */
212 212
213static inline int is_vlan_dev(struct net_device *dev)
214{
215 return dev->priv_flags & IFF_802_1Q_VLAN;
216}
217
218/* start read of /proc/net/vlan/config */ 213/* start read of /proc/net/vlan/config */
219static void *vlan_seq_start(struct seq_file *seq, loff_t *pos) 214static void *vlan_seq_start(struct seq_file *seq, loff_t *pos)
220 __acquires(dev_base_lock) 215 __acquires(dev_base_lock)
diff --git a/net/atm/lec.c b/net/atm/lec.c
index a2efa7ff41f1..3235c57615e4 100644
--- a/net/atm/lec.c
+++ b/net/atm/lec.c
@@ -266,7 +266,6 @@ static int lec_start_xmit(struct sk_buff *skb, struct net_device *dev)
266 char buf[300]; 266 char buf[300];
267 int i = 0; 267 int i = 0;
268#endif /* DUMP_PACKETS >0 */ 268#endif /* DUMP_PACKETS >0 */
269 DECLARE_MAC_BUF(mac);
270 269
271 pr_debug("lec_start_xmit called\n"); 270 pr_debug("lec_start_xmit called\n");
272 if (!priv->lecd) { 271 if (!priv->lecd) {
@@ -374,15 +373,19 @@ static int lec_start_xmit(struct sk_buff *skb, struct net_device *dev)
374 if (entry && (entry->tx_wait.qlen < LEC_UNRES_QUE_LEN)) { 373 if (entry && (entry->tx_wait.qlen < LEC_UNRES_QUE_LEN)) {
375 pr_debug("%s:lec_start_xmit: queuing packet, ", 374 pr_debug("%s:lec_start_xmit: queuing packet, ",
376 dev->name); 375 dev->name);
377 pr_debug("MAC address %s\n", 376 pr_debug("MAC address " MAC_FMT "\n",
378 print_mac(mac, lec_h->h_dest)); 377 lec_h->h_dest[0], lec_h->h_dest[1],
378 lec_h->h_dest[2], lec_h->h_dest[3],
379 lec_h->h_dest[4], lec_h->h_dest[5]);
379 skb_queue_tail(&entry->tx_wait, skb); 380 skb_queue_tail(&entry->tx_wait, skb);
380 } else { 381 } else {
381 pr_debug 382 pr_debug
382 ("%s:lec_start_xmit: tx queue full or no arp entry, dropping, ", 383 ("%s:lec_start_xmit: tx queue full or no arp entry, dropping, ",
383 dev->name); 384 dev->name);
384 pr_debug("MAC address %s\n", 385 pr_debug("MAC address " MAC_FMT "\n",
385 print_mac(mac, lec_h->h_dest)); 386 lec_h->h_dest[0], lec_h->h_dest[1],
387 lec_h->h_dest[2], lec_h->h_dest[3],
388 lec_h->h_dest[4], lec_h->h_dest[5]);
386 priv->stats.tx_dropped++; 389 priv->stats.tx_dropped++;
387 dev_kfree_skb(skb); 390 dev_kfree_skb(skb);
388 } 391 }
@@ -394,8 +397,10 @@ static int lec_start_xmit(struct sk_buff *skb, struct net_device *dev)
394 397
395 while (entry && (skb2 = skb_dequeue(&entry->tx_wait))) { 398 while (entry && (skb2 = skb_dequeue(&entry->tx_wait))) {
396 pr_debug("lec.c: emptying tx queue, "); 399 pr_debug("lec.c: emptying tx queue, ");
397 pr_debug("MAC address %s\n", 400 pr_debug("MAC address " MAC_FMT "\n",
398 print_mac(mac, lec_h->h_dest)); 401 lec_h->h_dest[0], lec_h->h_dest[1],
402 lec_h->h_dest[2], lec_h->h_dest[3],
403 lec_h->h_dest[4], lec_h->h_dest[5]);
399 lec_send(vcc, skb2, priv); 404 lec_send(vcc, skb2, priv);
400 } 405 }
401 406
@@ -449,7 +454,6 @@ static int lec_atm_send(struct atm_vcc *vcc, struct sk_buff *skb)
449 struct lec_arp_table *entry; 454 struct lec_arp_table *entry;
450 int i; 455 int i;
451 char *tmp; /* FIXME */ 456 char *tmp; /* FIXME */
452 DECLARE_MAC_BUF(mac);
453 457
454 atomic_sub(skb->truesize, &sk_atm(vcc)->sk_wmem_alloc); 458 atomic_sub(skb->truesize, &sk_atm(vcc)->sk_wmem_alloc);
455 mesg = (struct atmlec_msg *)skb->data; 459 mesg = (struct atmlec_msg *)skb->data;
@@ -536,9 +540,14 @@ static int lec_atm_send(struct atm_vcc *vcc, struct sk_buff *skb)
536 struct net_bridge_fdb_entry *f; 540 struct net_bridge_fdb_entry *f;
537 541
538 pr_debug 542 pr_debug
539 ("%s: bridge zeppelin asks about %s\n", 543 ("%s: bridge zeppelin asks about " MAC_FMT "\n",
540 dev->name, 544 dev->name,
541 print_mac(mac, mesg->content.proxy.mac_addr)); 545 mesg->content.proxy.mac_addr[0],
546 mesg->content.proxy.mac_addr[1],
547 mesg->content.proxy.mac_addr[2],
548 mesg->content.proxy.mac_addr[3],
549 mesg->content.proxy.mac_addr[4],
550 mesg->content.proxy.mac_addr[5]);
542 551
543 if (br_fdb_get_hook == NULL || dev->br_port == NULL) 552 if (br_fdb_get_hook == NULL || dev->br_port == NULL)
544 break; 553 break;
diff --git a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c
index 1220d8a41eb5..d366423c8392 100644
--- a/net/bluetooth/af_bluetooth.c
+++ b/net/bluetooth/af_bluetooth.c
@@ -53,6 +53,30 @@
53/* Bluetooth sockets */ 53/* Bluetooth sockets */
54#define BT_MAX_PROTO 8 54#define BT_MAX_PROTO 8
55static struct net_proto_family *bt_proto[BT_MAX_PROTO]; 55static struct net_proto_family *bt_proto[BT_MAX_PROTO];
56
57static struct lock_class_key bt_slock_key[BT_MAX_PROTO];
58static struct lock_class_key bt_lock_key[BT_MAX_PROTO];
59static const char *bt_key_strings[BT_MAX_PROTO] = {
60 "sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP",
61 "sk_lock-AF_BLUETOOTH-BTPROTO_HCI",
62 "sk_lock-AF_BLUETOOTH-BTPROTO_SCO",
63 "sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM",
64 "sk_lock-AF_BLUETOOTH-BTPROTO_BNEP",
65 "sk_lock-AF_BLUETOOTH-BTPROTO_CMTP",
66 "sk_lock-AF_BLUETOOTH-BTPROTO_HIDP",
67 "sk_lock-AF_BLUETOOTH-BTPROTO_AVDTP",
68};
69
70static const char *bt_slock_key_strings[BT_MAX_PROTO] = {
71 "slock-AF_BLUETOOTH-BTPROTO_L2CAP",
72 "slock-AF_BLUETOOTH-BTPROTO_HCI",
73 "slock-AF_BLUETOOTH-BTPROTO_SCO",
74 "slock-AF_BLUETOOTH-BTPROTO_RFCOMM",
75 "slock-AF_BLUETOOTH-BTPROTO_BNEP",
76 "slock-AF_BLUETOOTH-BTPROTO_CMTP",
77 "slock-AF_BLUETOOTH-BTPROTO_HIDP",
78 "slock-AF_BLUETOOTH-BTPROTO_AVDTP",
79};
56static DEFINE_RWLOCK(bt_proto_lock); 80static DEFINE_RWLOCK(bt_proto_lock);
57 81
58int bt_sock_register(int proto, struct net_proto_family *ops) 82int bt_sock_register(int proto, struct net_proto_family *ops)
@@ -95,6 +119,21 @@ int bt_sock_unregister(int proto)
95} 119}
96EXPORT_SYMBOL(bt_sock_unregister); 120EXPORT_SYMBOL(bt_sock_unregister);
97 121
122static void bt_reclassify_sock_lock(struct socket *sock, int proto)
123{
124 struct sock *sk = sock->sk;
125
126 if (!sk)
127 return;
128 BUG_ON(sock_owned_by_user(sk));
129
130 sock_lock_init_class_and_name(sk,
131 bt_slock_key_strings[proto],
132 &bt_slock_key[proto],
133 bt_key_strings[proto],
134 &bt_lock_key[proto]);
135}
136
98static int bt_sock_create(struct net *net, struct socket *sock, int proto) 137static int bt_sock_create(struct net *net, struct socket *sock, int proto)
99{ 138{
100 int err; 139 int err;
@@ -117,6 +156,7 @@ static int bt_sock_create(struct net *net, struct socket *sock, int proto)
117 156
118 if (bt_proto[proto] && try_module_get(bt_proto[proto]->owner)) { 157 if (bt_proto[proto] && try_module_get(bt_proto[proto]->owner)) {
119 err = bt_proto[proto]->create(net, sock, proto); 158 err = bt_proto[proto]->create(net, sock, proto);
159 bt_reclassify_sock_lock(sock, proto);
120 module_put(bt_proto[proto]->owner); 160 module_put(bt_proto[proto]->owner);
121 } 161 }
122 162
diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c
index b5d4019d3572..1d36c093523b 100644
--- a/net/bluetooth/hci_sock.c
+++ b/net/bluetooth/hci_sock.c
@@ -84,7 +84,7 @@ static struct hci_sec_filter hci_sec_filter = {
84}; 84};
85 85
86static struct bt_sock_list hci_sk_list = { 86static struct bt_sock_list hci_sk_list = {
87 .lock = RW_LOCK_UNLOCKED 87 .lock = __RW_LOCK_UNLOCKED(hci_sk_list.lock)
88}; 88};
89 89
90/* Send frame to RAW socket */ 90/* Send frame to RAW socket */
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index 34f8bf98bc05..2957df4b6c0b 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -62,7 +62,7 @@ static u32 l2cap_feat_mask = 0x0000;
62static const struct proto_ops l2cap_sock_ops; 62static const struct proto_ops l2cap_sock_ops;
63 63
64static struct bt_sock_list l2cap_sk_list = { 64static struct bt_sock_list l2cap_sk_list = {
65 .lock = RW_LOCK_UNLOCKED 65 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
66}; 66};
67 67
68static void __l2cap_sock_close(struct sock *sk, int reason); 68static void __l2cap_sock_close(struct sock *sk, int reason);
diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c
index 0c2c93735e93..eb62558e9b09 100644
--- a/net/bluetooth/rfcomm/core.c
+++ b/net/bluetooth/rfcomm/core.c
@@ -423,8 +423,8 @@ static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
423 423
424 rfcomm_dlc_lock(d); 424 rfcomm_dlc_lock(d);
425 d->state = BT_CLOSED; 425 d->state = BT_CLOSED;
426 d->state_change(d, err);
427 rfcomm_dlc_unlock(d); 426 rfcomm_dlc_unlock(d);
427 d->state_change(d, err);
428 428
429 skb_queue_purge(&d->tx_queue); 429 skb_queue_purge(&d->tx_queue);
430 rfcomm_dlc_unlink(d); 430 rfcomm_dlc_unlink(d);
diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c
index c46d51035e77..af4e3934ee84 100644
--- a/net/bluetooth/rfcomm/sock.c
+++ b/net/bluetooth/rfcomm/sock.c
@@ -60,7 +60,7 @@
60static const struct proto_ops rfcomm_sock_ops; 60static const struct proto_ops rfcomm_sock_ops;
61 61
62static struct bt_sock_list rfcomm_sk_list = { 62static struct bt_sock_list rfcomm_sk_list = {
63 .lock = RW_LOCK_UNLOCKED 63 .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock)
64}; 64};
65 65
66static void rfcomm_sock_close(struct sock *sk); 66static void rfcomm_sock_close(struct sock *sk);
diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c
index e4c779bb8d76..c3f749abb2d0 100644
--- a/net/bluetooth/rfcomm/tty.c
+++ b/net/bluetooth/rfcomm/tty.c
@@ -570,12 +570,7 @@ static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err)
570 return; 570 return;
571 571
572 rfcomm_dev_del(dev); 572 rfcomm_dev_del(dev);
573 /* We have to drop DLC lock here, otherwise
574 rfcomm_dev_put() will dead lock if it's
575 the last reference. */
576 rfcomm_dlc_unlock(dlc);
577 rfcomm_dev_put(dev); 573 rfcomm_dev_put(dev);
578 rfcomm_dlc_lock(dlc);
579 } 574 }
580 } else 575 } else
581 tty_hangup(dev->tty); 576 tty_hangup(dev->tty);
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index b91d3c81a73c..cd887cdca426 100644
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -58,7 +58,7 @@
58static const struct proto_ops sco_sock_ops; 58static const struct proto_ops sco_sock_ops;
59 59
60static struct bt_sock_list sco_sk_list = { 60static struct bt_sock_list sco_sk_list = {
61 .lock = RW_LOCK_UNLOCKED 61 .lock = __RW_LOCK_UNLOCKED(sco_sk_list.lock)
62}; 62};
63 63
64static void __sco_chan_add(struct sco_conn *conn, struct sock *sk, struct sock *parent); 64static void __sco_chan_add(struct sco_conn *conn, struct sock *sk, struct sock *parent);
diff --git a/net/ieee80211/ieee80211_rx.c b/net/ieee80211/ieee80211_rx.c
index 1e3f87c8c012..200ee1e63728 100644
--- a/net/ieee80211/ieee80211_rx.c
+++ b/net/ieee80211/ieee80211_rx.c
@@ -271,7 +271,6 @@ ieee80211_rx_frame_decrypt(struct ieee80211_device *ieee, struct sk_buff *skb,
271{ 271{
272 struct ieee80211_hdr_3addr *hdr; 272 struct ieee80211_hdr_3addr *hdr;
273 int res, hdrlen; 273 int res, hdrlen;
274 DECLARE_MAC_BUF(mac);
275 274
276 if (crypt == NULL || crypt->ops->decrypt_mpdu == NULL) 275 if (crypt == NULL || crypt->ops->decrypt_mpdu == NULL)
277 return 0; 276 return 0;
@@ -283,8 +282,12 @@ ieee80211_rx_frame_decrypt(struct ieee80211_device *ieee, struct sk_buff *skb,
283 res = crypt->ops->decrypt_mpdu(skb, hdrlen, crypt->priv); 282 res = crypt->ops->decrypt_mpdu(skb, hdrlen, crypt->priv);
284 atomic_dec(&crypt->refcnt); 283 atomic_dec(&crypt->refcnt);
285 if (res < 0) { 284 if (res < 0) {
286 IEEE80211_DEBUG_DROP("decryption failed (SA=%s" 285 IEEE80211_DEBUG_DROP("decryption failed (SA=" MAC_FMT
287 ") res=%d\n", print_mac(mac, hdr->addr2), res); 286 ") res=%d\n",
287 hdr->addr2[0], hdr->addr2[1],
288 hdr->addr2[2], hdr->addr2[3],
289 hdr->addr2[4], hdr->addr2[5],
290 res);
288 if (res == -2) 291 if (res == -2)
289 IEEE80211_DEBUG_DROP("Decryption failed ICV " 292 IEEE80211_DEBUG_DROP("Decryption failed ICV "
290 "mismatch (key %d)\n", 293 "mismatch (key %d)\n",
@@ -304,7 +307,6 @@ ieee80211_rx_frame_decrypt_msdu(struct ieee80211_device *ieee,
304{ 307{
305 struct ieee80211_hdr_3addr *hdr; 308 struct ieee80211_hdr_3addr *hdr;
306 int res, hdrlen; 309 int res, hdrlen;
307 DECLARE_MAC_BUF(mac);
308 310
309 if (crypt == NULL || crypt->ops->decrypt_msdu == NULL) 311 if (crypt == NULL || crypt->ops->decrypt_msdu == NULL)
310 return 0; 312 return 0;
@@ -317,8 +319,12 @@ ieee80211_rx_frame_decrypt_msdu(struct ieee80211_device *ieee,
317 atomic_dec(&crypt->refcnt); 319 atomic_dec(&crypt->refcnt);
318 if (res < 0) { 320 if (res < 0) {
319 printk(KERN_DEBUG "%s: MSDU decryption/MIC verification failed" 321 printk(KERN_DEBUG "%s: MSDU decryption/MIC verification failed"
320 " (SA=%s keyidx=%d)\n", 322 " (SA=" MAC_FMT " keyidx=%d)\n",
321 ieee->dev->name, print_mac(mac, hdr->addr2), keyidx); 323 ieee->dev->name,
324 hdr->addr2[0], hdr->addr2[1],
325 hdr->addr2[2], hdr->addr2[3],
326 hdr->addr2[4], hdr->addr2[5],
327 keyidx);
322 return -1; 328 return -1;
323 } 329 }
324 330
@@ -462,8 +468,10 @@ int ieee80211_rx(struct ieee80211_device *ieee, struct sk_buff *skb,
462 * frames silently instead of filling system log with 468 * frames silently instead of filling system log with
463 * these reports. */ 469 * these reports. */
464 IEEE80211_DEBUG_DROP("Decryption failed (not set)" 470 IEEE80211_DEBUG_DROP("Decryption failed (not set)"
465 " (SA=%s)\n", 471 " (SA=" MAC_FMT ")\n",
466 print_mac(mac, hdr->addr2)); 472 hdr->addr2[0], hdr->addr2[1],
473 hdr->addr2[2], hdr->addr2[3],
474 hdr->addr2[4], hdr->addr2[5]);
467 ieee->ieee_stats.rx_discards_undecryptable++; 475 ieee->ieee_stats.rx_discards_undecryptable++;
468 goto rx_dropped; 476 goto rx_dropped;
469 } 477 }
@@ -474,8 +482,10 @@ int ieee80211_rx(struct ieee80211_device *ieee, struct sk_buff *skb,
474 fc & IEEE80211_FCTL_PROTECTED && ieee->host_decrypt && 482 fc & IEEE80211_FCTL_PROTECTED && ieee->host_decrypt &&
475 (keyidx = hostap_rx_frame_decrypt(ieee, skb, crypt)) < 0) { 483 (keyidx = hostap_rx_frame_decrypt(ieee, skb, crypt)) < 0) {
476 printk(KERN_DEBUG "%s: failed to decrypt mgmt::auth " 484 printk(KERN_DEBUG "%s: failed to decrypt mgmt::auth "
477 "from %s\n", dev->name, 485 "from " MAC_FMT "\n", dev->name,
478 print_mac(mac, hdr->addr2)); 486 hdr->addr2[0], hdr->addr2[1],
487 hdr->addr2[2], hdr->addr2[3],
488 hdr->addr2[4], hdr->addr2[5]);
479 /* TODO: could inform hostapd about this so that it 489 /* TODO: could inform hostapd about this so that it
480 * could send auth failure report */ 490 * could send auth failure report */
481 goto rx_dropped; 491 goto rx_dropped;
@@ -653,8 +663,11 @@ int ieee80211_rx(struct ieee80211_device *ieee, struct sk_buff *skb,
653 * configured */ 663 * configured */
654 } else { 664 } else {
655 IEEE80211_DEBUG_DROP("encryption configured, but RX " 665 IEEE80211_DEBUG_DROP("encryption configured, but RX "
656 "frame not encrypted (SA=%s" 666 "frame not encrypted (SA="
657 ")\n", print_mac(mac, hdr->addr2)); 667 MAC_FMT ")\n",
668 hdr->addr2[0], hdr->addr2[1],
669 hdr->addr2[2], hdr->addr2[3],
670 hdr->addr2[4], hdr->addr2[5]);
658 goto rx_dropped; 671 goto rx_dropped;
659 } 672 }
660 } 673 }
@@ -662,9 +675,11 @@ int ieee80211_rx(struct ieee80211_device *ieee, struct sk_buff *skb,
662 if (crypt && !(fc & IEEE80211_FCTL_PROTECTED) && !ieee->open_wep && 675 if (crypt && !(fc & IEEE80211_FCTL_PROTECTED) && !ieee->open_wep &&
663 !ieee80211_is_eapol_frame(ieee, skb)) { 676 !ieee80211_is_eapol_frame(ieee, skb)) {
664 IEEE80211_DEBUG_DROP("dropped unencrypted RX data " 677 IEEE80211_DEBUG_DROP("dropped unencrypted RX data "
665 "frame from %s" 678 "frame from " MAC_FMT
666 " (drop_unencrypted=1)\n", 679 " (drop_unencrypted=1)\n",
667 print_mac(mac, hdr->addr2)); 680 hdr->addr2[0], hdr->addr2[1],
681 hdr->addr2[2], hdr->addr2[3],
682 hdr->addr2[4], hdr->addr2[5]);
668 goto rx_dropped; 683 goto rx_dropped;
669 } 684 }
670 685
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
index f3ceca31aa45..4e73e5708e70 100644
--- a/net/ipv4/esp4.c
+++ b/net/ipv4/esp4.c
@@ -336,7 +336,7 @@ static int esp_input(struct xfrm_state *x, struct sk_buff *skb)
336 struct scatterlist *asg; 336 struct scatterlist *asg;
337 int err = -EINVAL; 337 int err = -EINVAL;
338 338
339 if (!pskb_may_pull(skb, sizeof(*esph))) 339 if (!pskb_may_pull(skb, sizeof(*esph) + crypto_aead_ivsize(aead)))
340 goto out; 340 goto out;
341 341
342 if (elen <= 0) 342 if (elen <= 0)
diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c
index a944e8053e28..40508babad8c 100644
--- a/net/ipv4/icmp.c
+++ b/net/ipv4/icmp.c
@@ -591,7 +591,7 @@ void icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info)
591 } 591 }
592 592
593 if (xfrm_decode_session_reverse(skb_in, &fl, AF_INET)) 593 if (xfrm_decode_session_reverse(skb_in, &fl, AF_INET))
594 goto ende; 594 goto relookup_failed;
595 595
596 if (inet_addr_type(net, fl.fl4_src) == RTN_LOCAL) 596 if (inet_addr_type(net, fl.fl4_src) == RTN_LOCAL)
597 err = __ip_route_output_key(net, &rt2, &fl); 597 err = __ip_route_output_key(net, &rt2, &fl);
@@ -601,7 +601,7 @@ void icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info)
601 601
602 fl2.fl4_dst = fl.fl4_src; 602 fl2.fl4_dst = fl.fl4_src;
603 if (ip_route_output_key(net, &rt2, &fl2)) 603 if (ip_route_output_key(net, &rt2, &fl2))
604 goto ende; 604 goto relookup_failed;
605 605
606 /* Ugh! */ 606 /* Ugh! */
607 odst = skb_in->dst; 607 odst = skb_in->dst;
@@ -614,21 +614,23 @@ void icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info)
614 } 614 }
615 615
616 if (err) 616 if (err)
617 goto ende; 617 goto relookup_failed;
618 618
619 err = xfrm_lookup((struct dst_entry **)&rt2, &fl, NULL, 619 err = xfrm_lookup((struct dst_entry **)&rt2, &fl, NULL,
620 XFRM_LOOKUP_ICMP); 620 XFRM_LOOKUP_ICMP);
621 if (err == -ENOENT) { 621 switch (err) {
622 case 0:
623 dst_release(&rt->u.dst);
624 rt = rt2;
625 break;
626 case -EPERM:
627 goto ende;
628 default:
629relookup_failed:
622 if (!rt) 630 if (!rt)
623 goto out_unlock; 631 goto out_unlock;
624 goto route_done; 632 break;
625 } 633 }
626
627 dst_release(&rt->u.dst);
628 rt = rt2;
629
630 if (err)
631 goto out_unlock;
632 } 634 }
633 635
634route_done: 636route_done:
diff --git a/net/ipv4/inet_fragment.c b/net/ipv4/inet_fragment.c
index 724d69aed031..a0a3c78cb5e0 100644
--- a/net/ipv4/inet_fragment.c
+++ b/net/ipv4/inet_fragment.c
@@ -86,7 +86,10 @@ EXPORT_SYMBOL(inet_frags_fini);
86void inet_frags_exit_net(struct netns_frags *nf, struct inet_frags *f) 86void inet_frags_exit_net(struct netns_frags *nf, struct inet_frags *f)
87{ 87{
88 nf->low_thresh = 0; 88 nf->low_thresh = 0;
89
90 local_bh_disable();
89 inet_frag_evictor(nf, f); 91 inet_frag_evictor(nf, f);
92 local_bh_enable();
90} 93}
91EXPORT_SYMBOL(inet_frags_exit_net); 94EXPORT_SYMBOL(inet_frags_exit_net);
92 95
diff --git a/net/ipv4/inet_timewait_sock.c b/net/ipv4/inet_timewait_sock.c
index 876169f3a528..717c411a5c6b 100644
--- a/net/ipv4/inet_timewait_sock.c
+++ b/net/ipv4/inet_timewait_sock.c
@@ -124,6 +124,7 @@ struct inet_timewait_sock *inet_twsk_alloc(const struct sock *sk, const int stat
124 tw->tw_hash = sk->sk_hash; 124 tw->tw_hash = sk->sk_hash;
125 tw->tw_ipv6only = 0; 125 tw->tw_ipv6only = 0;
126 tw->tw_prot = sk->sk_prot_creator; 126 tw->tw_prot = sk->sk_prot_creator;
127 tw->tw_net = sk->sk_net;
127 atomic_set(&tw->tw_refcnt, 1); 128 atomic_set(&tw->tw_refcnt, 1);
128 inet_twsk_dead_node_init(tw); 129 inet_twsk_dead_node_init(tw);
129 __module_get(tw->tw_prot->owner); 130 __module_get(tw->tw_prot->owner);
diff --git a/net/ipv4/ip_forward.c b/net/ipv4/ip_forward.c
index 0b3b328d82db..a4506c8cfef0 100644
--- a/net/ipv4/ip_forward.c
+++ b/net/ipv4/ip_forward.c
@@ -85,7 +85,7 @@ int ip_forward(struct sk_buff *skb)
85 if (opt->is_strictroute && rt->rt_dst != rt->rt_gateway) 85 if (opt->is_strictroute && rt->rt_dst != rt->rt_gateway)
86 goto sr_failed; 86 goto sr_failed;
87 87
88 if (unlikely(skb->len > dst_mtu(&rt->u.dst) && 88 if (unlikely(skb->len > dst_mtu(&rt->u.dst) && !skb_is_gso(skb) &&
89 (ip_hdr(skb)->frag_off & htons(IP_DF))) && !skb->local_df) { 89 (ip_hdr(skb)->frag_off & htons(IP_DF))) && !skb->local_df) {
90 IP_INC_STATS(IPSTATS_MIB_FRAGFAILS); 90 IP_INC_STATS(IPSTATS_MIB_FRAGFAILS);
91 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, 91 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED,
diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
index f72457b4b0a7..c2921d01e925 100644
--- a/net/ipv4/ip_sockglue.c
+++ b/net/ipv4/ip_sockglue.c
@@ -1132,7 +1132,7 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname,
1132 } 1132 }
1133 release_sock(sk); 1133 release_sock(sk);
1134 1134
1135 if (len < sizeof(int) && len > 0 && val>=0 && val<255) { 1135 if (len < sizeof(int) && len > 0 && val>=0 && val<=255) {
1136 unsigned char ucval = (unsigned char)val; 1136 unsigned char ucval = (unsigned char)val;
1137 len = 1; 1137 len = 1;
1138 if (put_user(len, optlen)) 1138 if (put_user(len, optlen))
diff --git a/net/ipv4/netfilter/ip_queue.c b/net/ipv4/netfilter/ip_queue.c
index fe05da41d6ba..4dc162894cb2 100644
--- a/net/ipv4/netfilter/ip_queue.c
+++ b/net/ipv4/netfilter/ip_queue.c
@@ -588,11 +588,9 @@ static int __init ip_queue_init(void)
588 } 588 }
589 589
590#ifdef CONFIG_PROC_FS 590#ifdef CONFIG_PROC_FS
591 proc = create_proc_entry(IPQ_PROC_FS_NAME, 0, init_net.proc_net); 591 proc = proc_create(IPQ_PROC_FS_NAME, 0, init_net.proc_net,
592 if (proc) { 592 &ip_queue_proc_fops);
593 proc->owner = THIS_MODULE; 593 if (!proc) {
594 proc->proc_fops = &ip_queue_proc_fops;
595 } else {
596 printk(KERN_ERR "ip_queue: failed to create proc entry\n"); 594 printk(KERN_ERR "ip_queue: failed to create proc entry\n");
597 goto cleanup_ipqnl; 595 goto cleanup_ipqnl;
598 } 596 }
diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c
index c6cf84c77611..52926c8e3cc1 100644
--- a/net/ipv4/netfilter/ipt_CLUSTERIP.c
+++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c
@@ -167,14 +167,13 @@ clusterip_config_init(struct ipt_clusterip_tgt_info *i, __be32 ip,
167 167
168 /* create proc dir entry */ 168 /* create proc dir entry */
169 sprintf(buffer, "%u.%u.%u.%u", NIPQUAD(ip)); 169 sprintf(buffer, "%u.%u.%u.%u", NIPQUAD(ip));
170 c->pde = create_proc_entry(buffer, S_IWUSR|S_IRUSR, 170 c->pde = proc_create(buffer, S_IWUSR|S_IRUSR,
171 clusterip_procdir); 171 clusterip_procdir, &clusterip_proc_fops);
172 if (!c->pde) { 172 if (!c->pde) {
173 kfree(c); 173 kfree(c);
174 return NULL; 174 return NULL;
175 } 175 }
176 } 176 }
177 c->pde->proc_fops = &clusterip_proc_fops;
178 c->pde->data = c; 177 c->pde->data = c;
179#endif 178#endif
180 179
diff --git a/net/ipv4/netfilter/ipt_recent.c b/net/ipv4/netfilter/ipt_recent.c
index 8e8f0425a8ed..50e06690eb5b 100644
--- a/net/ipv4/netfilter/ipt_recent.c
+++ b/net/ipv4/netfilter/ipt_recent.c
@@ -276,12 +276,11 @@ recent_mt_check(const char *tablename, const void *ip,
276 for (i = 0; i < ip_list_hash_size; i++) 276 for (i = 0; i < ip_list_hash_size; i++)
277 INIT_LIST_HEAD(&t->iphash[i]); 277 INIT_LIST_HEAD(&t->iphash[i]);
278#ifdef CONFIG_PROC_FS 278#ifdef CONFIG_PROC_FS
279 t->proc = create_proc_entry(t->name, ip_list_perms, proc_dir); 279 t->proc = proc_create(t->name, ip_list_perms, proc_dir, &recent_fops);
280 if (t->proc == NULL) { 280 if (t->proc == NULL) {
281 kfree(t); 281 kfree(t);
282 goto out; 282 goto out;
283 } 283 }
284 t->proc->proc_fops = &recent_fops;
285 t->proc->uid = ip_list_uid; 284 t->proc->uid = ip_list_uid;
286 t->proc->gid = ip_list_gid; 285 t->proc->gid = ip_list_gid;
287 t->proc->data = t; 286 t->proc->data = t;
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c
index 089252e82c01..f500b0fdaef4 100644
--- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c
+++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c
@@ -395,13 +395,10 @@ int __init nf_conntrack_ipv4_compat_init(void)
395 if (!proc_exp) 395 if (!proc_exp)
396 goto err2; 396 goto err2;
397 397
398 proc_stat = create_proc_entry("ip_conntrack", S_IRUGO, init_net.proc_net_stat); 398 proc_stat = proc_create("ip_conntrack", S_IRUGO,
399 init_net.proc_net_stat, &ct_cpu_seq_fops);
399 if (!proc_stat) 400 if (!proc_stat)
400 goto err3; 401 goto err3;
401
402 proc_stat->proc_fops = &ct_cpu_seq_fops;
403 proc_stat->owner = THIS_MODULE;
404
405 return 0; 402 return 0;
406 403
407err3: 404err3:
diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c
index 0d5fa3a54d04..36b4e3bb056f 100644
--- a/net/ipv4/netfilter/nf_nat_core.c
+++ b/net/ipv4/netfilter/nf_nat_core.c
@@ -629,6 +629,8 @@ static int __init nf_nat_init(void)
629 size_t i; 629 size_t i;
630 int ret; 630 int ret;
631 631
632 need_ipv4_conntrack();
633
632 ret = nf_ct_extend_register(&nat_extend); 634 ret = nf_ct_extend_register(&nat_extend);
633 if (ret < 0) { 635 if (ret < 0) {
634 printk(KERN_ERR "nf_nat_core: Unable to register extension\n"); 636 printk(KERN_ERR "nf_nat_core: Unable to register extension\n");
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index 7facdb0f6960..5119856017ab 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -1625,13 +1625,11 @@ out:
1625 return flag; 1625 return flag;
1626} 1626}
1627 1627
1628/* If we receive more dupacks than we expected counting segments 1628/* Limits sacked_out so that sum with lost_out isn't ever larger than
1629 * in assumption of absent reordering, interpret this as reordering. 1629 * packets_out. Returns zero if sacked_out adjustement wasn't necessary.
1630 * The only another reason could be bug in receiver TCP.
1631 */ 1630 */
1632static void tcp_check_reno_reordering(struct sock *sk, const int addend) 1631int tcp_limit_reno_sacked(struct tcp_sock *tp)
1633{ 1632{
1634 struct tcp_sock *tp = tcp_sk(sk);
1635 u32 holes; 1633 u32 holes;
1636 1634
1637 holes = max(tp->lost_out, 1U); 1635 holes = max(tp->lost_out, 1U);
@@ -1639,8 +1637,20 @@ static void tcp_check_reno_reordering(struct sock *sk, const int addend)
1639 1637
1640 if ((tp->sacked_out + holes) > tp->packets_out) { 1638 if ((tp->sacked_out + holes) > tp->packets_out) {
1641 tp->sacked_out = tp->packets_out - holes; 1639 tp->sacked_out = tp->packets_out - holes;
1642 tcp_update_reordering(sk, tp->packets_out + addend, 0); 1640 return 1;
1643 } 1641 }
1642 return 0;
1643}
1644
1645/* If we receive more dupacks than we expected counting segments
1646 * in assumption of absent reordering, interpret this as reordering.
1647 * The only another reason could be bug in receiver TCP.
1648 */
1649static void tcp_check_reno_reordering(struct sock *sk, const int addend)
1650{
1651 struct tcp_sock *tp = tcp_sk(sk);
1652 if (tcp_limit_reno_sacked(tp))
1653 tcp_update_reordering(sk, tp->packets_out + addend, 0);
1644} 1654}
1645 1655
1646/* Emulate SACKs for SACKless connection: account for a new dupack. */ 1656/* Emulate SACKs for SACKless connection: account for a new dupack. */
@@ -1681,11 +1691,16 @@ static inline void tcp_reset_reno_sack(struct tcp_sock *tp)
1681int tcp_use_frto(struct sock *sk) 1691int tcp_use_frto(struct sock *sk)
1682{ 1692{
1683 const struct tcp_sock *tp = tcp_sk(sk); 1693 const struct tcp_sock *tp = tcp_sk(sk);
1694 const struct inet_connection_sock *icsk = inet_csk(sk);
1684 struct sk_buff *skb; 1695 struct sk_buff *skb;
1685 1696
1686 if (!sysctl_tcp_frto) 1697 if (!sysctl_tcp_frto)
1687 return 0; 1698 return 0;
1688 1699
1700 /* MTU probe and F-RTO won't really play nicely along currently */
1701 if (icsk->icsk_mtup.probe_size)
1702 return 0;
1703
1689 if (IsSackFrto()) 1704 if (IsSackFrto())
1690 return 1; 1705 return 1;
1691 1706
@@ -2134,11 +2149,13 @@ static void tcp_verify_retransmit_hint(struct tcp_sock *tp, struct sk_buff *skb)
2134/* Mark head of queue up as lost. With RFC3517 SACK, the packets is 2149/* Mark head of queue up as lost. With RFC3517 SACK, the packets is
2135 * is against sacked "cnt", otherwise it's against facked "cnt" 2150 * is against sacked "cnt", otherwise it's against facked "cnt"
2136 */ 2151 */
2137static void tcp_mark_head_lost(struct sock *sk, int packets, int fast_rexmit) 2152static void tcp_mark_head_lost(struct sock *sk, int packets)
2138{ 2153{
2139 struct tcp_sock *tp = tcp_sk(sk); 2154 struct tcp_sock *tp = tcp_sk(sk);
2140 struct sk_buff *skb; 2155 struct sk_buff *skb;
2141 int cnt; 2156 int cnt, oldcnt;
2157 int err;
2158 unsigned int mss;
2142 2159
2143 BUG_TRAP(packets <= tp->packets_out); 2160 BUG_TRAP(packets <= tp->packets_out);
2144 if (tp->lost_skb_hint) { 2161 if (tp->lost_skb_hint) {
@@ -2157,13 +2174,25 @@ static void tcp_mark_head_lost(struct sock *sk, int packets, int fast_rexmit)
2157 tp->lost_skb_hint = skb; 2174 tp->lost_skb_hint = skb;
2158 tp->lost_cnt_hint = cnt; 2175 tp->lost_cnt_hint = cnt;
2159 2176
2177 if (after(TCP_SKB_CB(skb)->end_seq, tp->high_seq))
2178 break;
2179
2180 oldcnt = cnt;
2160 if (tcp_is_fack(tp) || tcp_is_reno(tp) || 2181 if (tcp_is_fack(tp) || tcp_is_reno(tp) ||
2161 (TCP_SKB_CB(skb)->sacked & TCPCB_SACKED_ACKED)) 2182 (TCP_SKB_CB(skb)->sacked & TCPCB_SACKED_ACKED))
2162 cnt += tcp_skb_pcount(skb); 2183 cnt += tcp_skb_pcount(skb);
2163 2184
2164 if (((!fast_rexmit || (tp->lost_out > 0)) && (cnt > packets)) || 2185 if (cnt > packets) {
2165 after(TCP_SKB_CB(skb)->end_seq, tp->high_seq)) 2186 if (tcp_is_sack(tp) || (oldcnt >= packets))
2166 break; 2187 break;
2188
2189 mss = skb_shinfo(skb)->gso_size;
2190 err = tcp_fragment(sk, skb, (packets - oldcnt) * mss, mss);
2191 if (err < 0)
2192 break;
2193 cnt = packets;
2194 }
2195
2167 if (!(TCP_SKB_CB(skb)->sacked & (TCPCB_SACKED_ACKED|TCPCB_LOST))) { 2196 if (!(TCP_SKB_CB(skb)->sacked & (TCPCB_SACKED_ACKED|TCPCB_LOST))) {
2168 TCP_SKB_CB(skb)->sacked |= TCPCB_LOST; 2197 TCP_SKB_CB(skb)->sacked |= TCPCB_LOST;
2169 tp->lost_out += tcp_skb_pcount(skb); 2198 tp->lost_out += tcp_skb_pcount(skb);
@@ -2180,17 +2209,17 @@ static void tcp_update_scoreboard(struct sock *sk, int fast_rexmit)
2180 struct tcp_sock *tp = tcp_sk(sk); 2209 struct tcp_sock *tp = tcp_sk(sk);
2181 2210
2182 if (tcp_is_reno(tp)) { 2211 if (tcp_is_reno(tp)) {
2183 tcp_mark_head_lost(sk, 1, fast_rexmit); 2212 tcp_mark_head_lost(sk, 1);
2184 } else if (tcp_is_fack(tp)) { 2213 } else if (tcp_is_fack(tp)) {
2185 int lost = tp->fackets_out - tp->reordering; 2214 int lost = tp->fackets_out - tp->reordering;
2186 if (lost <= 0) 2215 if (lost <= 0)
2187 lost = 1; 2216 lost = 1;
2188 tcp_mark_head_lost(sk, lost, fast_rexmit); 2217 tcp_mark_head_lost(sk, lost);
2189 } else { 2218 } else {
2190 int sacked_upto = tp->sacked_out - tp->reordering; 2219 int sacked_upto = tp->sacked_out - tp->reordering;
2191 if (sacked_upto < 0) 2220 if (sacked_upto < fast_rexmit)
2192 sacked_upto = 0; 2221 sacked_upto = fast_rexmit;
2193 tcp_mark_head_lost(sk, sacked_upto, fast_rexmit); 2222 tcp_mark_head_lost(sk, sacked_upto);
2194 } 2223 }
2195 2224
2196 /* New heuristics: it is possible only after we switched 2225 /* New heuristics: it is possible only after we switched
@@ -2524,7 +2553,7 @@ static void tcp_fastretrans_alert(struct sock *sk, int pkts_acked, int flag)
2524 before(tp->snd_una, tp->high_seq) && 2553 before(tp->snd_una, tp->high_seq) &&
2525 icsk->icsk_ca_state != TCP_CA_Open && 2554 icsk->icsk_ca_state != TCP_CA_Open &&
2526 tp->fackets_out > tp->reordering) { 2555 tp->fackets_out > tp->reordering) {
2527 tcp_mark_head_lost(sk, tp->fackets_out - tp->reordering, 0); 2556 tcp_mark_head_lost(sk, tp->fackets_out - tp->reordering);
2528 NET_INC_STATS_BH(LINUX_MIB_TCPLOSS); 2557 NET_INC_STATS_BH(LINUX_MIB_TCPLOSS);
2529 } 2558 }
2530 2559
@@ -2586,6 +2615,8 @@ static void tcp_fastretrans_alert(struct sock *sk, int pkts_acked, int flag)
2586 case TCP_CA_Loss: 2615 case TCP_CA_Loss:
2587 if (flag & FLAG_DATA_ACKED) 2616 if (flag & FLAG_DATA_ACKED)
2588 icsk->icsk_retransmits = 0; 2617 icsk->icsk_retransmits = 0;
2618 if (tcp_is_reno(tp) && flag & FLAG_SND_UNA_ADVANCED)
2619 tcp_reset_reno_sack(tp);
2589 if (!tcp_try_undo_loss(sk)) { 2620 if (!tcp_try_undo_loss(sk)) {
2590 tcp_moderate_cwnd(tp); 2621 tcp_moderate_cwnd(tp);
2591 tcp_xmit_retransmit_queue(sk); 2622 tcp_xmit_retransmit_queue(sk);
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index 72b9350006fe..d29ef79c00ca 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -1808,6 +1808,9 @@ void tcp_simple_retransmit(struct sock *sk)
1808 if (!lost) 1808 if (!lost)
1809 return; 1809 return;
1810 1810
1811 if (tcp_is_reno(tp))
1812 tcp_limit_reno_sacked(tp);
1813
1811 tcp_verify_left_out(tp); 1814 tcp_verify_left_out(tp);
1812 1815
1813 /* Don't muck with the congestion window here. 1816 /* Don't muck with the congestion window here.
diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
index 7ea1b67b6de1..1704c1474ea1 100644
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -1556,14 +1556,14 @@ static void *udp_seq_start(struct seq_file *seq, loff_t *pos)
1556 __acquires(udp_hash_lock) 1556 __acquires(udp_hash_lock)
1557{ 1557{
1558 read_lock(&udp_hash_lock); 1558 read_lock(&udp_hash_lock);
1559 return *pos ? udp_get_idx(seq, *pos-1) : (void *)1; 1559 return *pos ? udp_get_idx(seq, *pos-1) : SEQ_START_TOKEN;
1560} 1560}
1561 1561
1562static void *udp_seq_next(struct seq_file *seq, void *v, loff_t *pos) 1562static void *udp_seq_next(struct seq_file *seq, void *v, loff_t *pos)
1563{ 1563{
1564 struct sock *sk; 1564 struct sock *sk;
1565 1565
1566 if (v == (void *)1) 1566 if (v == SEQ_START_TOKEN)
1567 sk = udp_get_idx(seq, 0); 1567 sk = udp_get_idx(seq, 0);
1568 else 1568 else
1569 sk = udp_get_next(seq, v); 1569 sk = udp_get_next(seq, v);
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 101e0e70ba27..a65935a9afd9 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -776,6 +776,7 @@ static int ipv6_create_tempaddr(struct inet6_ifaddr *ifp, struct inet6_ifaddr *i
776 struct inet6_dev *idev = ifp->idev; 776 struct inet6_dev *idev = ifp->idev;
777 struct in6_addr addr, *tmpaddr; 777 struct in6_addr addr, *tmpaddr;
778 unsigned long tmp_prefered_lft, tmp_valid_lft, tmp_cstamp, tmp_tstamp; 778 unsigned long tmp_prefered_lft, tmp_valid_lft, tmp_cstamp, tmp_tstamp;
779 unsigned long regen_advance;
779 int tmp_plen; 780 int tmp_plen;
780 int ret = 0; 781 int ret = 0;
781 int max_addresses; 782 int max_addresses;
@@ -836,8 +837,23 @@ retry:
836 tmp_tstamp = ifp->tstamp; 837 tmp_tstamp = ifp->tstamp;
837 spin_unlock_bh(&ifp->lock); 838 spin_unlock_bh(&ifp->lock);
838 839
840 regen_advance = idev->cnf.regen_max_retry *
841 idev->cnf.dad_transmits *
842 idev->nd_parms->retrans_time / HZ;
839 write_unlock(&idev->lock); 843 write_unlock(&idev->lock);
840 844
845 /* A temporary address is created only if this calculated Preferred
846 * Lifetime is greater than REGEN_ADVANCE time units. In particular,
847 * an implementation must not create a temporary address with a zero
848 * Preferred Lifetime.
849 */
850 if (tmp_prefered_lft <= regen_advance) {
851 in6_ifa_put(ifp);
852 in6_dev_put(idev);
853 ret = -1;
854 goto out;
855 }
856
841 addr_flags = IFA_F_TEMPORARY; 857 addr_flags = IFA_F_TEMPORARY;
842 /* set in addrconf_prefix_rcv() */ 858 /* set in addrconf_prefix_rcv() */
843 if (ifp->flags & IFA_F_OPTIMISTIC) 859 if (ifp->flags & IFA_F_OPTIMISTIC)
@@ -1831,6 +1847,9 @@ ok:
1831 * lifetimes of an existing temporary address 1847 * lifetimes of an existing temporary address
1832 * when processing a Prefix Information Option. 1848 * when processing a Prefix Information Option.
1833 */ 1849 */
1850 if (ifp != ift->ifpub)
1851 continue;
1852
1834 spin_lock(&ift->lock); 1853 spin_lock(&ift->lock);
1835 flags = ift->flags; 1854 flags = ift->flags;
1836 if (ift->valid_lft > valid_lft && 1855 if (ift->valid_lft > valid_lft &&
@@ -2437,7 +2456,7 @@ static int addrconf_ifdown(struct net_device *dev, int how)
2437 2456
2438 ASSERT_RTNL(); 2457 ASSERT_RTNL();
2439 2458
2440 if (dev == init_net.loopback_dev && how == 1) 2459 if ((dev->flags & IFF_LOOPBACK) && how == 1)
2441 how = 0; 2460 how = 0;
2442 2461
2443 rt6_ifdown(dev); 2462 rt6_ifdown(dev);
@@ -2450,7 +2469,7 @@ static int addrconf_ifdown(struct net_device *dev, int how)
2450 /* Step 1: remove reference to ipv6 device from parent device. 2469 /* Step 1: remove reference to ipv6 device from parent device.
2451 Do not dev_put! 2470 Do not dev_put!
2452 */ 2471 */
2453 if (how == 1) { 2472 if (how) {
2454 idev->dead = 1; 2473 idev->dead = 1;
2455 2474
2456 /* protected by rtnl_lock */ 2475 /* protected by rtnl_lock */
@@ -2482,12 +2501,12 @@ static int addrconf_ifdown(struct net_device *dev, int how)
2482 write_lock_bh(&idev->lock); 2501 write_lock_bh(&idev->lock);
2483 2502
2484 /* Step 3: clear flags for stateless addrconf */ 2503 /* Step 3: clear flags for stateless addrconf */
2485 if (how != 1) 2504 if (!how)
2486 idev->if_flags &= ~(IF_RS_SENT|IF_RA_RCVD|IF_READY); 2505 idev->if_flags &= ~(IF_RS_SENT|IF_RA_RCVD|IF_READY);
2487 2506
2488 /* Step 4: clear address list */ 2507 /* Step 4: clear address list */
2489#ifdef CONFIG_IPV6_PRIVACY 2508#ifdef CONFIG_IPV6_PRIVACY
2490 if (how == 1 && del_timer(&idev->regen_timer)) 2509 if (how && del_timer(&idev->regen_timer))
2491 in6_dev_put(idev); 2510 in6_dev_put(idev);
2492 2511
2493 /* clear tempaddr list */ 2512 /* clear tempaddr list */
@@ -2524,7 +2543,7 @@ static int addrconf_ifdown(struct net_device *dev, int how)
2524 2543
2525 /* Step 5: Discard multicast list */ 2544 /* Step 5: Discard multicast list */
2526 2545
2527 if (how == 1) 2546 if (how)
2528 ipv6_mc_destroy_dev(idev); 2547 ipv6_mc_destroy_dev(idev);
2529 else 2548 else
2530 ipv6_mc_down(idev); 2549 ipv6_mc_down(idev);
@@ -2533,7 +2552,7 @@ static int addrconf_ifdown(struct net_device *dev, int how)
2533 2552
2534 /* Shot the device (if unregistered) */ 2553 /* Shot the device (if unregistered) */
2535 2554
2536 if (how == 1) { 2555 if (how) {
2537 addrconf_sysctl_unregister(idev); 2556 addrconf_sysctl_unregister(idev);
2538 neigh_parms_release(&nd_tbl, idev->nd_parms); 2557 neigh_parms_release(&nd_tbl, idev->nd_parms);
2539 neigh_ifdown(&nd_tbl, dev); 2558 neigh_ifdown(&nd_tbl, dev);
diff --git a/net/ipv6/anycast.c b/net/ipv6/anycast.c
index 9c7f83fbc3a1..e5f56c953b58 100644
--- a/net/ipv6/anycast.c
+++ b/net/ipv6/anycast.c
@@ -334,9 +334,7 @@ int ipv6_dev_ac_inc(struct net_device *dev, struct in6_addr *addr)
334 idev->ac_list = aca; 334 idev->ac_list = aca;
335 write_unlock_bh(&idev->lock); 335 write_unlock_bh(&idev->lock);
336 336
337 dst_hold(&rt->u.dst); 337 ip6_ins_rt(rt);
338 if (ip6_ins_rt(rt))
339 dst_release(&rt->u.dst);
340 338
341 addrconf_join_solict(dev, &aca->aca_addr); 339 addrconf_join_solict(dev, &aca->aca_addr);
342 340
@@ -378,10 +376,7 @@ int __ipv6_dev_ac_dec(struct inet6_dev *idev, struct in6_addr *addr)
378 addrconf_leave_solict(idev, &aca->aca_addr); 376 addrconf_leave_solict(idev, &aca->aca_addr);
379 377
380 dst_hold(&aca->aca_rt->u.dst); 378 dst_hold(&aca->aca_rt->u.dst);
381 if (ip6_del_rt(aca->aca_rt)) 379 ip6_del_rt(aca->aca_rt);
382 dst_free(&aca->aca_rt->u.dst);
383 else
384 dst_release(&aca->aca_rt->u.dst);
385 380
386 aca_put(aca); 381 aca_put(aca);
387 return 0; 382 return 0;
diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c
index 0ec1402320ea..c6bb4c6d24b3 100644
--- a/net/ipv6/esp6.c
+++ b/net/ipv6/esp6.c
@@ -282,7 +282,7 @@ static int esp6_input(struct xfrm_state *x, struct sk_buff *skb)
282 struct scatterlist *sg; 282 struct scatterlist *sg;
283 struct scatterlist *asg; 283 struct scatterlist *asg;
284 284
285 if (!pskb_may_pull(skb, sizeof(*esph))) { 285 if (!pskb_may_pull(skb, sizeof(*esph) + crypto_aead_ivsize(aead))) {
286 ret = -EINVAL; 286 ret = -EINVAL;
287 goto out; 287 goto out;
288 } 288 }
diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c
index 121d517bf91c..893287ecc628 100644
--- a/net/ipv6/icmp.c
+++ b/net/ipv6/icmp.c
@@ -436,24 +436,26 @@ void icmpv6_send(struct sk_buff *skb, int type, int code, __u32 info,
436 } 436 }
437 437
438 if (xfrm_decode_session_reverse(skb, &fl2, AF_INET6)) 438 if (xfrm_decode_session_reverse(skb, &fl2, AF_INET6))
439 goto out; 439 goto relookup_failed;
440 440
441 if (ip6_dst_lookup(sk, &dst2, &fl)) 441 if (ip6_dst_lookup(sk, &dst2, &fl))
442 goto out; 442 goto relookup_failed;
443 443
444 err = xfrm_lookup(&dst2, &fl, sk, XFRM_LOOKUP_ICMP); 444 err = xfrm_lookup(&dst2, &fl, sk, XFRM_LOOKUP_ICMP);
445 if (err == -ENOENT) { 445 switch (err) {
446 case 0:
447 dst_release(dst);
448 dst = dst2;
449 break;
450 case -EPERM:
451 goto out_dst_release;
452 default:
453relookup_failed:
446 if (!dst) 454 if (!dst)
447 goto out; 455 goto out;
448 goto route_done; 456 break;
449 } 457 }
450 458
451 dst_release(dst);
452 dst = dst2;
453
454 if (err)
455 goto out;
456
457route_done: 459route_done:
458 if (ipv6_addr_is_multicast(&fl.fl6_dst)) 460 if (ipv6_addr_is_multicast(&fl.fl6_dst))
459 hlimit = np->mcast_hops; 461 hlimit = np->mcast_hops;
diff --git a/net/ipv6/ip6_input.c b/net/ipv6/ip6_input.c
index 178aebc0427a..98ab4f459905 100644
--- a/net/ipv6/ip6_input.c
+++ b/net/ipv6/ip6_input.c
@@ -239,8 +239,7 @@ int ip6_mc_input(struct sk_buff *skb)
239 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), IPSTATS_MIB_INMCASTPKTS); 239 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), IPSTATS_MIB_INMCASTPKTS);
240 240
241 hdr = ipv6_hdr(skb); 241 hdr = ipv6_hdr(skb);
242 deliver = unlikely(skb->dev->flags & (IFF_PROMISC|IFF_ALLMULTI)) || 242 deliver = ipv6_chk_mcast_addr(skb->dev, &hdr->daddr, NULL);
243 ipv6_chk_mcast_addr(skb->dev, &hdr->daddr, NULL);
244 243
245 /* 244 /*
246 * IPv6 multicast router mode isnt currently supported. 245 * IPv6 multicast router mode isnt currently supported.
diff --git a/net/ipv6/netfilter/ip6_queue.c b/net/ipv6/netfilter/ip6_queue.c
index cc2f9afcf808..8d366f7f2a9a 100644
--- a/net/ipv6/netfilter/ip6_queue.c
+++ b/net/ipv6/netfilter/ip6_queue.c
@@ -591,11 +591,9 @@ static int __init ip6_queue_init(void)
591 } 591 }
592 592
593#ifdef CONFIG_PROC_FS 593#ifdef CONFIG_PROC_FS
594 proc = create_proc_entry(IPQ_PROC_FS_NAME, 0, init_net.proc_net); 594 proc = proc_create(IPQ_PROC_FS_NAME, 0, init_net.proc_net,
595 if (proc) { 595 &ip6_queue_proc_fops);
596 proc->owner = THIS_MODULE; 596 if (!proc) {
597 proc->proc_fops = &ip6_queue_proc_fops;
598 } else {
599 printk(KERN_ERR "ip6_queue: failed to create proc entry\n"); 597 printk(KERN_ERR "ip6_queue: failed to create proc entry\n");
600 goto cleanup_ipqnl; 598 goto cleanup_ipqnl;
601 } 599 }
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
index 2a0d698b24d5..24c0d03095bf 100644
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -171,7 +171,9 @@ static __inline__ void fq_kill(struct nf_ct_frag6_queue *fq)
171 171
172static void nf_ct_frag6_evictor(void) 172static void nf_ct_frag6_evictor(void)
173{ 173{
174 local_bh_disable();
174 inet_frag_evictor(&nf_init_frags, &nf_frags); 175 inet_frag_evictor(&nf_init_frags, &nf_frags);
176 local_bh_enable();
175} 177}
176 178
177static void nf_ct_frag6_expire(unsigned long data) 179static void nf_ct_frag6_expire(unsigned long data)
diff --git a/net/llc/af_llc.c b/net/llc/af_llc.c
index 46cf962f7f88..8c50eb430c19 100644
--- a/net/llc/af_llc.c
+++ b/net/llc/af_llc.c
@@ -155,6 +155,9 @@ static int llc_ui_create(struct net *net, struct socket *sock, int protocol)
155 struct sock *sk; 155 struct sock *sk;
156 int rc = -ESOCKTNOSUPPORT; 156 int rc = -ESOCKTNOSUPPORT;
157 157
158 if (!capable(CAP_NET_RAW))
159 return -EPERM;
160
158 if (net != &init_net) 161 if (net != &init_net)
159 return -EAFNOSUPPORT; 162 return -EAFNOSUPPORT;
160 163
diff --git a/net/llc/llc_c_ac.c b/net/llc/llc_c_ac.c
index 860140caa6e0..71a00225bdb3 100644
--- a/net/llc/llc_c_ac.c
+++ b/net/llc/llc_c_ac.c
@@ -198,7 +198,7 @@ int llc_conn_ac_send_disc_cmd_p_set_x(struct sock *sk, struct sk_buff *skb)
198{ 198{
199 int rc = -ENOBUFS; 199 int rc = -ENOBUFS;
200 struct llc_sock *llc = llc_sk(sk); 200 struct llc_sock *llc = llc_sk(sk);
201 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev); 201 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_U, 0);
202 202
203 if (nskb) { 203 if (nskb) {
204 struct llc_sap *sap = llc->sap; 204 struct llc_sap *sap = llc->sap;
@@ -223,7 +223,7 @@ int llc_conn_ac_send_dm_rsp_f_set_p(struct sock *sk, struct sk_buff *skb)
223{ 223{
224 int rc = -ENOBUFS; 224 int rc = -ENOBUFS;
225 struct llc_sock *llc = llc_sk(sk); 225 struct llc_sock *llc = llc_sk(sk);
226 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev); 226 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_U, 0);
227 227
228 if (nskb) { 228 if (nskb) {
229 struct llc_sap *sap = llc->sap; 229 struct llc_sap *sap = llc->sap;
@@ -249,7 +249,7 @@ int llc_conn_ac_send_dm_rsp_f_set_1(struct sock *sk, struct sk_buff *skb)
249{ 249{
250 int rc = -ENOBUFS; 250 int rc = -ENOBUFS;
251 struct llc_sock *llc = llc_sk(sk); 251 struct llc_sock *llc = llc_sk(sk);
252 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev); 252 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_U, 0);
253 253
254 if (nskb) { 254 if (nskb) {
255 struct llc_sap *sap = llc->sap; 255 struct llc_sap *sap = llc->sap;
@@ -282,7 +282,8 @@ int llc_conn_ac_send_frmr_rsp_f_set_x(struct sock *sk, struct sk_buff *skb)
282 llc_pdu_decode_pf_bit(skb, &f_bit); 282 llc_pdu_decode_pf_bit(skb, &f_bit);
283 else 283 else
284 f_bit = 0; 284 f_bit = 0;
285 nskb = llc_alloc_frame(sk, llc->dev); 285 nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_U,
286 sizeof(struct llc_frmr_info));
286 if (nskb) { 287 if (nskb) {
287 struct llc_sap *sap = llc->sap; 288 struct llc_sap *sap = llc->sap;
288 289
@@ -306,7 +307,8 @@ int llc_conn_ac_resend_frmr_rsp_f_set_0(struct sock *sk, struct sk_buff *skb)
306{ 307{
307 int rc = -ENOBUFS; 308 int rc = -ENOBUFS;
308 struct llc_sock *llc = llc_sk(sk); 309 struct llc_sock *llc = llc_sk(sk);
309 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev); 310 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_U,
311 sizeof(struct llc_frmr_info));
310 312
311 if (nskb) { 313 if (nskb) {
312 struct llc_sap *sap = llc->sap; 314 struct llc_sap *sap = llc->sap;
@@ -336,7 +338,8 @@ int llc_conn_ac_resend_frmr_rsp_f_set_p(struct sock *sk, struct sk_buff *skb)
336 struct llc_sock *llc = llc_sk(sk); 338 struct llc_sock *llc = llc_sk(sk);
337 339
338 llc_pdu_decode_pf_bit(skb, &f_bit); 340 llc_pdu_decode_pf_bit(skb, &f_bit);
339 nskb = llc_alloc_frame(sk, llc->dev); 341 nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_U,
342 sizeof(struct llc_frmr_info));
340 if (nskb) { 343 if (nskb) {
341 struct llc_sap *sap = llc->sap; 344 struct llc_sap *sap = llc->sap;
342 struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb); 345 struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb);
@@ -424,7 +427,7 @@ int llc_conn_ac_resend_i_xxx_x_set_0_or_send_rr(struct sock *sk,
424 struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb); 427 struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb);
425 int rc = -ENOBUFS; 428 int rc = -ENOBUFS;
426 struct llc_sock *llc = llc_sk(sk); 429 struct llc_sock *llc = llc_sk(sk);
427 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev); 430 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_U, 0);
428 431
429 if (nskb) { 432 if (nskb) {
430 struct llc_sap *sap = llc->sap; 433 struct llc_sap *sap = llc->sap;
@@ -459,7 +462,7 @@ int llc_conn_ac_send_rej_cmd_p_set_1(struct sock *sk, struct sk_buff *skb)
459{ 462{
460 int rc = -ENOBUFS; 463 int rc = -ENOBUFS;
461 struct llc_sock *llc = llc_sk(sk); 464 struct llc_sock *llc = llc_sk(sk);
462 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev); 465 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_S, 0);
463 466
464 if (nskb) { 467 if (nskb) {
465 struct llc_sap *sap = llc->sap; 468 struct llc_sap *sap = llc->sap;
@@ -483,7 +486,7 @@ int llc_conn_ac_send_rej_rsp_f_set_1(struct sock *sk, struct sk_buff *skb)
483{ 486{
484 int rc = -ENOBUFS; 487 int rc = -ENOBUFS;
485 struct llc_sock *llc = llc_sk(sk); 488 struct llc_sock *llc = llc_sk(sk);
486 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev); 489 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_S, 0);
487 490
488 if (nskb) { 491 if (nskb) {
489 struct llc_sap *sap = llc->sap; 492 struct llc_sap *sap = llc->sap;
@@ -507,7 +510,7 @@ int llc_conn_ac_send_rej_xxx_x_set_0(struct sock *sk, struct sk_buff *skb)
507{ 510{
508 int rc = -ENOBUFS; 511 int rc = -ENOBUFS;
509 struct llc_sock *llc = llc_sk(sk); 512 struct llc_sock *llc = llc_sk(sk);
510 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev); 513 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_S, 0);
511 514
512 if (nskb) { 515 if (nskb) {
513 struct llc_sap *sap = llc->sap; 516 struct llc_sap *sap = llc->sap;
@@ -531,7 +534,7 @@ int llc_conn_ac_send_rnr_cmd_p_set_1(struct sock *sk, struct sk_buff *skb)
531{ 534{
532 int rc = -ENOBUFS; 535 int rc = -ENOBUFS;
533 struct llc_sock *llc = llc_sk(sk); 536 struct llc_sock *llc = llc_sk(sk);
534 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev); 537 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_S, 0);
535 538
536 if (nskb) { 539 if (nskb) {
537 struct llc_sap *sap = llc->sap; 540 struct llc_sap *sap = llc->sap;
@@ -555,7 +558,7 @@ int llc_conn_ac_send_rnr_rsp_f_set_1(struct sock *sk, struct sk_buff *skb)
555{ 558{
556 int rc = -ENOBUFS; 559 int rc = -ENOBUFS;
557 struct llc_sock *llc = llc_sk(sk); 560 struct llc_sock *llc = llc_sk(sk);
558 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev); 561 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_S, 0);
559 562
560 if (nskb) { 563 if (nskb) {
561 struct llc_sap *sap = llc->sap; 564 struct llc_sap *sap = llc->sap;
@@ -579,7 +582,7 @@ int llc_conn_ac_send_rnr_xxx_x_set_0(struct sock *sk, struct sk_buff *skb)
579{ 582{
580 int rc = -ENOBUFS; 583 int rc = -ENOBUFS;
581 struct llc_sock *llc = llc_sk(sk); 584 struct llc_sock *llc = llc_sk(sk);
582 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev); 585 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_S, 0);
583 586
584 if (nskb) { 587 if (nskb) {
585 struct llc_sap *sap = llc->sap; 588 struct llc_sap *sap = llc->sap;
@@ -615,7 +618,7 @@ int llc_conn_ac_opt_send_rnr_xxx_x_set_0(struct sock *sk, struct sk_buff *skb)
615{ 618{
616 int rc = -ENOBUFS; 619 int rc = -ENOBUFS;
617 struct llc_sock *llc = llc_sk(sk); 620 struct llc_sock *llc = llc_sk(sk);
618 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev); 621 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_S, 0);
619 622
620 if (nskb) { 623 if (nskb) {
621 struct llc_sap *sap = llc->sap; 624 struct llc_sap *sap = llc->sap;
@@ -639,7 +642,7 @@ int llc_conn_ac_send_rr_cmd_p_set_1(struct sock *sk, struct sk_buff *skb)
639{ 642{
640 int rc = -ENOBUFS; 643 int rc = -ENOBUFS;
641 struct llc_sock *llc = llc_sk(sk); 644 struct llc_sock *llc = llc_sk(sk);
642 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev); 645 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_S, 0);
643 646
644 if (nskb) { 647 if (nskb) {
645 struct llc_sap *sap = llc->sap; 648 struct llc_sap *sap = llc->sap;
@@ -663,7 +666,7 @@ int llc_conn_ac_send_rr_rsp_f_set_1(struct sock *sk, struct sk_buff *skb)
663{ 666{
664 int rc = -ENOBUFS; 667 int rc = -ENOBUFS;
665 struct llc_sock *llc = llc_sk(sk); 668 struct llc_sock *llc = llc_sk(sk);
666 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev); 669 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_S, 0);
667 670
668 if (nskb) { 671 if (nskb) {
669 struct llc_sap *sap = llc->sap; 672 struct llc_sap *sap = llc->sap;
@@ -688,7 +691,7 @@ int llc_conn_ac_send_ack_rsp_f_set_1(struct sock *sk, struct sk_buff *skb)
688{ 691{
689 int rc = -ENOBUFS; 692 int rc = -ENOBUFS;
690 struct llc_sock *llc = llc_sk(sk); 693 struct llc_sock *llc = llc_sk(sk);
691 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev); 694 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_S, 0);
692 695
693 if (nskb) { 696 if (nskb) {
694 struct llc_sap *sap = llc->sap; 697 struct llc_sap *sap = llc->sap;
@@ -712,7 +715,7 @@ int llc_conn_ac_send_rr_xxx_x_set_0(struct sock *sk, struct sk_buff *skb)
712{ 715{
713 int rc = -ENOBUFS; 716 int rc = -ENOBUFS;
714 struct llc_sock *llc = llc_sk(sk); 717 struct llc_sock *llc = llc_sk(sk);
715 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev); 718 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_S, 0);
716 719
717 if (nskb) { 720 if (nskb) {
718 struct llc_sap *sap = llc->sap; 721 struct llc_sap *sap = llc->sap;
@@ -736,7 +739,7 @@ int llc_conn_ac_send_ack_xxx_x_set_0(struct sock *sk, struct sk_buff *skb)
736{ 739{
737 int rc = -ENOBUFS; 740 int rc = -ENOBUFS;
738 struct llc_sock *llc = llc_sk(sk); 741 struct llc_sock *llc = llc_sk(sk);
739 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev); 742 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_S, 0);
740 743
741 if (nskb) { 744 if (nskb) {
742 struct llc_sap *sap = llc->sap; 745 struct llc_sap *sap = llc->sap;
@@ -770,7 +773,7 @@ int llc_conn_ac_send_sabme_cmd_p_set_x(struct sock *sk, struct sk_buff *skb)
770{ 773{
771 int rc = -ENOBUFS; 774 int rc = -ENOBUFS;
772 struct llc_sock *llc = llc_sk(sk); 775 struct llc_sock *llc = llc_sk(sk);
773 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev); 776 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_U, 0);
774 777
775 if (nskb) { 778 if (nskb) {
776 struct llc_sap *sap = llc->sap; 779 struct llc_sap *sap = llc->sap;
@@ -799,7 +802,7 @@ int llc_conn_ac_send_ua_rsp_f_set_p(struct sock *sk, struct sk_buff *skb)
799 u8 f_bit; 802 u8 f_bit;
800 int rc = -ENOBUFS; 803 int rc = -ENOBUFS;
801 struct llc_sock *llc = llc_sk(sk); 804 struct llc_sock *llc = llc_sk(sk);
802 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev); 805 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_U, 0);
803 806
804 llc_pdu_decode_pf_bit(skb, &f_bit); 807 llc_pdu_decode_pf_bit(skb, &f_bit);
805 if (nskb) { 808 if (nskb) {
@@ -956,7 +959,7 @@ static int llc_conn_ac_send_rr_rsp_f_set_ackpf(struct sock *sk,
956{ 959{
957 int rc = -ENOBUFS; 960 int rc = -ENOBUFS;
958 struct llc_sock *llc = llc_sk(sk); 961 struct llc_sock *llc = llc_sk(sk);
959 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev); 962 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_S, 0);
960 963
961 if (nskb) { 964 if (nskb) {
962 struct llc_sap *sap = llc->sap; 965 struct llc_sap *sap = llc->sap;
diff --git a/net/llc/llc_core.c b/net/llc/llc_core.c
index 248b5903bb13..50d5b10e23a2 100644
--- a/net/llc/llc_core.c
+++ b/net/llc/llc_core.c
@@ -25,8 +25,6 @@
25LIST_HEAD(llc_sap_list); 25LIST_HEAD(llc_sap_list);
26DEFINE_RWLOCK(llc_sap_list_lock); 26DEFINE_RWLOCK(llc_sap_list_lock);
27 27
28unsigned char llc_station_mac_sa[ETH_ALEN];
29
30/** 28/**
31 * llc_sap_alloc - allocates and initializes sap. 29 * llc_sap_alloc - allocates and initializes sap.
32 * 30 *
@@ -37,8 +35,8 @@ static struct llc_sap *llc_sap_alloc(void)
37 struct llc_sap *sap = kzalloc(sizeof(*sap), GFP_ATOMIC); 35 struct llc_sap *sap = kzalloc(sizeof(*sap), GFP_ATOMIC);
38 36
39 if (sap) { 37 if (sap) {
38 /* sap->laddr.mac - leave as a null, it's filled by bind */
40 sap->state = LLC_SAP_STATE_ACTIVE; 39 sap->state = LLC_SAP_STATE_ACTIVE;
41 memcpy(sap->laddr.mac, llc_station_mac_sa, ETH_ALEN);
42 rwlock_init(&sap->sk_list.lock); 40 rwlock_init(&sap->sk_list.lock);
43 atomic_set(&sap->refcnt, 1); 41 atomic_set(&sap->refcnt, 1);
44 } 42 }
@@ -167,10 +165,6 @@ static int __init llc_init(void)
167 if (dev != NULL) 165 if (dev != NULL)
168 dev = next_net_device(dev); 166 dev = next_net_device(dev);
169 167
170 if (dev != NULL)
171 memcpy(llc_station_mac_sa, dev->dev_addr, ETH_ALEN);
172 else
173 memset(llc_station_mac_sa, 0, ETH_ALEN);
174 dev_add_pack(&llc_packet_type); 168 dev_add_pack(&llc_packet_type);
175 dev_add_pack(&llc_tr_packet_type); 169 dev_add_pack(&llc_tr_packet_type);
176 return 0; 170 return 0;
@@ -185,7 +179,6 @@ static void __exit llc_exit(void)
185module_init(llc_init); 179module_init(llc_init);
186module_exit(llc_exit); 180module_exit(llc_exit);
187 181
188EXPORT_SYMBOL(llc_station_mac_sa);
189EXPORT_SYMBOL(llc_sap_list); 182EXPORT_SYMBOL(llc_sap_list);
190EXPORT_SYMBOL(llc_sap_list_lock); 183EXPORT_SYMBOL(llc_sap_list_lock);
191EXPORT_SYMBOL(llc_sap_find); 184EXPORT_SYMBOL(llc_sap_find);
diff --git a/net/llc/llc_input.c b/net/llc/llc_input.c
index c40c9b2a345a..bfd2567dd365 100644
--- a/net/llc/llc_input.c
+++ b/net/llc/llc_input.c
@@ -117,8 +117,12 @@ static inline int llc_fixup_skb(struct sk_buff *skb)
117 skb_pull(skb, llc_len); 117 skb_pull(skb, llc_len);
118 if (skb->protocol == htons(ETH_P_802_2)) { 118 if (skb->protocol == htons(ETH_P_802_2)) {
119 __be16 pdulen = eth_hdr(skb)->h_proto; 119 __be16 pdulen = eth_hdr(skb)->h_proto;
120 u16 data_size = ntohs(pdulen) - llc_len; 120 s32 data_size = ntohs(pdulen) - llc_len;
121 121
122 if (data_size < 0 ||
123 ((skb_tail_pointer(skb) -
124 (u8 *)pdu) - llc_len) < data_size)
125 return 0;
122 if (unlikely(pskb_trim_rcsum(skb, data_size))) 126 if (unlikely(pskb_trim_rcsum(skb, data_size)))
123 return 0; 127 return 0;
124 } 128 }
diff --git a/net/llc/llc_pdu.c b/net/llc/llc_pdu.c
index fa8324396db3..2e6cb79196bb 100644
--- a/net/llc/llc_pdu.c
+++ b/net/llc/llc_pdu.c
@@ -241,7 +241,7 @@ void llc_pdu_init_as_frmr_rsp(struct sk_buff *skb, struct llc_pdu_sn *prev_pdu,
241 FRMR_INFO_SET_PDU_INFO_2LONG_IND(frmr_info, vzyxw); 241 FRMR_INFO_SET_PDU_INFO_2LONG_IND(frmr_info, vzyxw);
242 FRMR_INFO_SET_PDU_INVALID_Nr_IND(frmr_info, vzyxw); 242 FRMR_INFO_SET_PDU_INVALID_Nr_IND(frmr_info, vzyxw);
243 FRMR_INFO_SET_PDU_INVALID_Ns_IND(frmr_info, vzyxw); 243 FRMR_INFO_SET_PDU_INVALID_Ns_IND(frmr_info, vzyxw);
244 skb_put(skb, 5); 244 skb_put(skb, sizeof(struct llc_frmr_info));
245} 245}
246 246
247/** 247/**
diff --git a/net/llc/llc_s_ac.c b/net/llc/llc_s_ac.c
index ac3d93b210d2..a94bd56bcac6 100644
--- a/net/llc/llc_s_ac.c
+++ b/net/llc/llc_s_ac.c
@@ -103,7 +103,8 @@ int llc_sap_action_send_xid_r(struct llc_sap *sap, struct sk_buff *skb)
103 llc_pdu_decode_sa(skb, mac_da); 103 llc_pdu_decode_sa(skb, mac_da);
104 llc_pdu_decode_da(skb, mac_sa); 104 llc_pdu_decode_da(skb, mac_sa);
105 llc_pdu_decode_ssap(skb, &dsap); 105 llc_pdu_decode_ssap(skb, &dsap);
106 nskb = llc_alloc_frame(NULL, skb->dev); 106 nskb = llc_alloc_frame(NULL, skb->dev, LLC_PDU_TYPE_U,
107 sizeof(struct llc_xid_info));
107 if (!nskb) 108 if (!nskb)
108 goto out; 109 goto out;
109 llc_pdu_header_init(nskb, LLC_PDU_TYPE_U, sap->laddr.lsap, dsap, 110 llc_pdu_header_init(nskb, LLC_PDU_TYPE_U, sap->laddr.lsap, dsap,
@@ -144,11 +145,15 @@ int llc_sap_action_send_test_r(struct llc_sap *sap, struct sk_buff *skb)
144 u8 mac_da[ETH_ALEN], mac_sa[ETH_ALEN], dsap; 145 u8 mac_da[ETH_ALEN], mac_sa[ETH_ALEN], dsap;
145 struct sk_buff *nskb; 146 struct sk_buff *nskb;
146 int rc = 1; 147 int rc = 1;
148 u32 data_size;
147 149
148 llc_pdu_decode_sa(skb, mac_da); 150 llc_pdu_decode_sa(skb, mac_da);
149 llc_pdu_decode_da(skb, mac_sa); 151 llc_pdu_decode_da(skb, mac_sa);
150 llc_pdu_decode_ssap(skb, &dsap); 152 llc_pdu_decode_ssap(skb, &dsap);
151 nskb = llc_alloc_frame(NULL, skb->dev); 153
154 /* The test request command is type U (llc_len = 3) */
155 data_size = ntohs(eth_hdr(skb)->h_proto) - 3;
156 nskb = llc_alloc_frame(NULL, skb->dev, LLC_PDU_TYPE_U, data_size);
152 if (!nskb) 157 if (!nskb)
153 goto out; 158 goto out;
154 llc_pdu_header_init(nskb, LLC_PDU_TYPE_U, sap->laddr.lsap, dsap, 159 llc_pdu_header_init(nskb, LLC_PDU_TYPE_U, sap->laddr.lsap, dsap,
diff --git a/net/llc/llc_sap.c b/net/llc/llc_sap.c
index 2525165e2e8f..e2ddde755019 100644
--- a/net/llc/llc_sap.c
+++ b/net/llc/llc_sap.c
@@ -24,20 +24,41 @@
24#include <net/tcp_states.h> 24#include <net/tcp_states.h>
25#include <linux/llc.h> 25#include <linux/llc.h>
26 26
27static int llc_mac_header_len(unsigned short devtype)
28{
29 switch (devtype) {
30 case ARPHRD_ETHER:
31 case ARPHRD_LOOPBACK:
32 return sizeof(struct ethhdr);
33#ifdef CONFIG_TR
34 case ARPHRD_IEEE802_TR:
35 return sizeof(struct trh_hdr);
36#endif
37 }
38 return 0;
39}
40
27/** 41/**
28 * llc_alloc_frame - allocates sk_buff for frame 42 * llc_alloc_frame - allocates sk_buff for frame
29 * @dev: network device this skb will be sent over 43 * @dev: network device this skb will be sent over
44 * @type: pdu type to allocate
45 * @data_size: data size to allocate
30 * 46 *
31 * Allocates an sk_buff for frame and initializes sk_buff fields. 47 * Allocates an sk_buff for frame and initializes sk_buff fields.
32 * Returns allocated skb or %NULL when out of memory. 48 * Returns allocated skb or %NULL when out of memory.
33 */ 49 */
34struct sk_buff *llc_alloc_frame(struct sock *sk, struct net_device *dev) 50struct sk_buff *llc_alloc_frame(struct sock *sk, struct net_device *dev,
51 u8 type, u32 data_size)
35{ 52{
36 struct sk_buff *skb = alloc_skb(128, GFP_ATOMIC); 53 int hlen = type == LLC_PDU_TYPE_U ? 3 : 4;
54 struct sk_buff *skb;
55
56 hlen += llc_mac_header_len(dev->type);
57 skb = alloc_skb(hlen + data_size, GFP_ATOMIC);
37 58
38 if (skb) { 59 if (skb) {
39 skb_reset_mac_header(skb); 60 skb_reset_mac_header(skb);
40 skb_reserve(skb, 50); 61 skb_reserve(skb, hlen);
41 skb_reset_network_header(skb); 62 skb_reset_network_header(skb);
42 skb_reset_transport_header(skb); 63 skb_reset_transport_header(skb);
43 skb->protocol = htons(ETH_P_802_2); 64 skb->protocol = htons(ETH_P_802_2);
diff --git a/net/llc/llc_station.c b/net/llc/llc_station.c
index 6f2ea2090322..83da13339490 100644
--- a/net/llc/llc_station.c
+++ b/net/llc/llc_station.c
@@ -253,13 +253,14 @@ static int llc_station_ac_inc_xid_r_cnt_by_1(struct sk_buff *skb)
253static int llc_station_ac_send_null_dsap_xid_c(struct sk_buff *skb) 253static int llc_station_ac_send_null_dsap_xid_c(struct sk_buff *skb)
254{ 254{
255 int rc = 1; 255 int rc = 1;
256 struct sk_buff *nskb = llc_alloc_frame(NULL, skb->dev); 256 struct sk_buff *nskb = llc_alloc_frame(NULL, skb->dev, LLC_PDU_TYPE_U,
257 sizeof(struct llc_xid_info));
257 258
258 if (!nskb) 259 if (!nskb)
259 goto out; 260 goto out;
260 llc_pdu_header_init(nskb, LLC_PDU_TYPE_U, 0, 0, LLC_PDU_CMD); 261 llc_pdu_header_init(nskb, LLC_PDU_TYPE_U, 0, 0, LLC_PDU_CMD);
261 llc_pdu_init_as_xid_cmd(nskb, LLC_XID_NULL_CLASS_2, 127); 262 llc_pdu_init_as_xid_cmd(nskb, LLC_XID_NULL_CLASS_2, 127);
262 rc = llc_mac_hdr_init(nskb, llc_station_mac_sa, llc_station_mac_sa); 263 rc = llc_mac_hdr_init(nskb, skb->dev->dev_addr, skb->dev->dev_addr);
263 if (unlikely(rc)) 264 if (unlikely(rc))
264 goto free; 265 goto free;
265 llc_station_send_pdu(nskb); 266 llc_station_send_pdu(nskb);
@@ -274,7 +275,8 @@ static int llc_station_ac_send_xid_r(struct sk_buff *skb)
274{ 275{
275 u8 mac_da[ETH_ALEN], dsap; 276 u8 mac_da[ETH_ALEN], dsap;
276 int rc = 1; 277 int rc = 1;
277 struct sk_buff* nskb = llc_alloc_frame(NULL, skb->dev); 278 struct sk_buff *nskb = llc_alloc_frame(NULL, skb->dev, LLC_PDU_TYPE_U,
279 sizeof(struct llc_xid_info));
278 280
279 if (!nskb) 281 if (!nskb)
280 goto out; 282 goto out;
@@ -283,7 +285,7 @@ static int llc_station_ac_send_xid_r(struct sk_buff *skb)
283 llc_pdu_decode_ssap(skb, &dsap); 285 llc_pdu_decode_ssap(skb, &dsap);
284 llc_pdu_header_init(nskb, LLC_PDU_TYPE_U, 0, dsap, LLC_PDU_RSP); 286 llc_pdu_header_init(nskb, LLC_PDU_TYPE_U, 0, dsap, LLC_PDU_RSP);
285 llc_pdu_init_as_xid_rsp(nskb, LLC_XID_NULL_CLASS_2, 127); 287 llc_pdu_init_as_xid_rsp(nskb, LLC_XID_NULL_CLASS_2, 127);
286 rc = llc_mac_hdr_init(nskb, llc_station_mac_sa, mac_da); 288 rc = llc_mac_hdr_init(nskb, skb->dev->dev_addr, mac_da);
287 if (unlikely(rc)) 289 if (unlikely(rc))
288 goto free; 290 goto free;
289 llc_station_send_pdu(nskb); 291 llc_station_send_pdu(nskb);
@@ -298,7 +300,12 @@ static int llc_station_ac_send_test_r(struct sk_buff *skb)
298{ 300{
299 u8 mac_da[ETH_ALEN], dsap; 301 u8 mac_da[ETH_ALEN], dsap;
300 int rc = 1; 302 int rc = 1;
301 struct sk_buff *nskb = llc_alloc_frame(NULL, skb->dev); 303 u32 data_size;
304 struct sk_buff *nskb;
305
306 /* The test request command is type U (llc_len = 3) */
307 data_size = ntohs(eth_hdr(skb)->h_proto) - 3;
308 nskb = llc_alloc_frame(NULL, skb->dev, LLC_PDU_TYPE_U, data_size);
302 309
303 if (!nskb) 310 if (!nskb)
304 goto out; 311 goto out;
@@ -307,7 +314,7 @@ static int llc_station_ac_send_test_r(struct sk_buff *skb)
307 llc_pdu_decode_ssap(skb, &dsap); 314 llc_pdu_decode_ssap(skb, &dsap);
308 llc_pdu_header_init(nskb, LLC_PDU_TYPE_U, 0, dsap, LLC_PDU_RSP); 315 llc_pdu_header_init(nskb, LLC_PDU_TYPE_U, 0, dsap, LLC_PDU_RSP);
309 llc_pdu_init_as_test_rsp(nskb, skb); 316 llc_pdu_init_as_test_rsp(nskb, skb);
310 rc = llc_mac_hdr_init(nskb, llc_station_mac_sa, mac_da); 317 rc = llc_mac_hdr_init(nskb, skb->dev->dev_addr, mac_da);
311 if (unlikely(rc)) 318 if (unlikely(rc))
312 goto free; 319 goto free;
313 llc_station_send_pdu(nskb); 320 llc_station_send_pdu(nskb);
diff --git a/net/mac80211/ieee80211.c b/net/mac80211/ieee80211.c
index 28bcdf9fc3df..8e586390a2ef 100644
--- a/net/mac80211/ieee80211.c
+++ b/net/mac80211/ieee80211.c
@@ -286,6 +286,18 @@ static int ieee80211_open(struct net_device *dev)
286 if (need_hw_reconfig) 286 if (need_hw_reconfig)
287 ieee80211_hw_config(local); 287 ieee80211_hw_config(local);
288 288
289 /*
290 * ieee80211_sta_work is disabled while network interface
291 * is down. Therefore, some configuration changes may not
292 * yet be effective. Trigger execution of ieee80211_sta_work
293 * to fix this.
294 */
295 if(sdata->vif.type == IEEE80211_IF_TYPE_STA ||
296 sdata->vif.type == IEEE80211_IF_TYPE_IBSS) {
297 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
298 queue_work(local->hw.workqueue, &ifsta->work);
299 }
300
289 netif_start_queue(dev); 301 netif_start_queue(dev);
290 302
291 return 0; 303 return 0;
diff --git a/net/mac80211/ieee80211_sta.c b/net/mac80211/ieee80211_sta.c
index 9aeed5320228..c1706855460a 100644
--- a/net/mac80211/ieee80211_sta.c
+++ b/net/mac80211/ieee80211_sta.c
@@ -312,14 +312,12 @@ static void ieee80211_sta_wmm_params(struct net_device *dev,
312 } 312 }
313} 313}
314 314
315 315static u32 ieee80211_handle_protect_preamb(struct ieee80211_sub_if_data *sdata,
316static u32 ieee80211_handle_erp_ie(struct ieee80211_sub_if_data *sdata, 316 bool use_protection,
317 u8 erp_value) 317 bool use_short_preamble)
318{ 318{
319 struct ieee80211_bss_conf *bss_conf = &sdata->bss_conf; 319 struct ieee80211_bss_conf *bss_conf = &sdata->bss_conf;
320 struct ieee80211_if_sta *ifsta = &sdata->u.sta; 320 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
321 bool use_protection = (erp_value & WLAN_ERP_USE_PROTECTION) != 0;
322 bool preamble_mode = (erp_value & WLAN_ERP_BARKER_PREAMBLE) != 0;
323 DECLARE_MAC_BUF(mac); 321 DECLARE_MAC_BUF(mac);
324 u32 changed = 0; 322 u32 changed = 0;
325 323
@@ -335,22 +333,47 @@ static u32 ieee80211_handle_erp_ie(struct ieee80211_sub_if_data *sdata,
335 changed |= BSS_CHANGED_ERP_CTS_PROT; 333 changed |= BSS_CHANGED_ERP_CTS_PROT;
336 } 334 }
337 335
338 if (preamble_mode != bss_conf->use_short_preamble) { 336 if (use_short_preamble != bss_conf->use_short_preamble) {
339 if (net_ratelimit()) { 337 if (net_ratelimit()) {
340 printk(KERN_DEBUG "%s: switched to %s barker preamble" 338 printk(KERN_DEBUG "%s: switched to %s barker preamble"
341 " (BSSID=%s)\n", 339 " (BSSID=%s)\n",
342 sdata->dev->name, 340 sdata->dev->name,
343 (preamble_mode == WLAN_ERP_PREAMBLE_SHORT) ? 341 use_short_preamble ? "short" : "long",
344 "short" : "long",
345 print_mac(mac, ifsta->bssid)); 342 print_mac(mac, ifsta->bssid));
346 } 343 }
347 bss_conf->use_short_preamble = preamble_mode; 344 bss_conf->use_short_preamble = use_short_preamble;
348 changed |= BSS_CHANGED_ERP_PREAMBLE; 345 changed |= BSS_CHANGED_ERP_PREAMBLE;
349 } 346 }
350 347
351 return changed; 348 return changed;
352} 349}
353 350
351static u32 ieee80211_handle_erp_ie(struct ieee80211_sub_if_data *sdata,
352 u8 erp_value)
353{
354 bool use_protection = (erp_value & WLAN_ERP_USE_PROTECTION) != 0;
355 bool use_short_preamble = (erp_value & WLAN_ERP_BARKER_PREAMBLE) == 0;
356
357 return ieee80211_handle_protect_preamb(sdata,
358 use_protection, use_short_preamble);
359}
360
361static u32 ieee80211_handle_bss_capability(struct ieee80211_sub_if_data *sdata,
362 struct ieee80211_sta_bss *bss)
363{
364 u32 changed = 0;
365
366 if (bss->has_erp_value)
367 changed |= ieee80211_handle_erp_ie(sdata, bss->erp_value);
368 else {
369 u16 capab = bss->capability;
370 changed |= ieee80211_handle_protect_preamb(sdata, false,
371 (capab & WLAN_CAPABILITY_SHORT_PREAMBLE) != 0);
372 }
373
374 return changed;
375}
376
354int ieee80211_ht_cap_ie_to_ht_info(struct ieee80211_ht_cap *ht_cap_ie, 377int ieee80211_ht_cap_ie_to_ht_info(struct ieee80211_ht_cap *ht_cap_ie,
355 struct ieee80211_ht_info *ht_info) 378 struct ieee80211_ht_info *ht_info)
356{ 379{
@@ -469,9 +492,7 @@ static void ieee80211_set_associated(struct net_device *dev,
469 local->hw.conf.channel, 492 local->hw.conf.channel,
470 ifsta->ssid, ifsta->ssid_len); 493 ifsta->ssid, ifsta->ssid_len);
471 if (bss) { 494 if (bss) {
472 if (bss->has_erp_value) 495 changed |= ieee80211_handle_bss_capability(sdata, bss);
473 changed |= ieee80211_handle_erp_ie(
474 sdata, bss->erp_value);
475 ieee80211_rx_bss_put(dev, bss); 496 ieee80211_rx_bss_put(dev, bss);
476 } 497 }
477 498
@@ -2117,6 +2138,11 @@ static void ieee80211_rx_mgmt_beacon(struct net_device *dev,
2117 2138
2118 if (elems.erp_info && elems.erp_info_len >= 1) 2139 if (elems.erp_info && elems.erp_info_len >= 1)
2119 changed |= ieee80211_handle_erp_ie(sdata, elems.erp_info[0]); 2140 changed |= ieee80211_handle_erp_ie(sdata, elems.erp_info[0]);
2141 else {
2142 u16 capab = le16_to_cpu(mgmt->u.beacon.capab_info);
2143 changed |= ieee80211_handle_protect_preamb(sdata, false,
2144 (capab & WLAN_CAPABILITY_SHORT_PREAMBLE) != 0);
2145 }
2120 2146
2121 if (elems.ht_cap_elem && elems.ht_info_elem && 2147 if (elems.ht_cap_elem && elems.ht_info_elem &&
2122 elems.wmm_param && local->ops->conf_ht && 2148 elems.wmm_param && local->ops->conf_ht &&
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
index e88e96af613d..8599068050ec 100644
--- a/net/netfilter/nf_conntrack_standalone.c
+++ b/net/netfilter/nf_conntrack_standalone.c
@@ -395,7 +395,7 @@ EXPORT_SYMBOL_GPL(nf_ct_log_invalid);
395static int __init nf_conntrack_standalone_init(void) 395static int __init nf_conntrack_standalone_init(void)
396{ 396{
397#ifdef CONFIG_PROC_FS 397#ifdef CONFIG_PROC_FS
398 struct proc_dir_entry *proc, *proc_stat; 398 struct proc_dir_entry *proc;
399#endif 399#endif
400 int ret = 0; 400 int ret = 0;
401 401
@@ -407,12 +407,9 @@ static int __init nf_conntrack_standalone_init(void)
407 proc = proc_net_fops_create(&init_net, "nf_conntrack", 0440, &ct_file_ops); 407 proc = proc_net_fops_create(&init_net, "nf_conntrack", 0440, &ct_file_ops);
408 if (!proc) goto cleanup_init; 408 if (!proc) goto cleanup_init;
409 409
410 proc_stat = create_proc_entry("nf_conntrack", S_IRUGO, init_net.proc_net_stat); 410 if (!proc_create("nf_conntrack", S_IRUGO,
411 if (!proc_stat) 411 init_net.proc_net_stat, &ct_cpu_seq_fops))
412 goto cleanup_proc; 412 goto cleanup_proc;
413
414 proc_stat->proc_fops = &ct_cpu_seq_fops;
415 proc_stat->owner = THIS_MODULE;
416#endif 413#endif
417#ifdef CONFIG_SYSCTL 414#ifdef CONFIG_SYSCTL
418 nf_ct_sysctl_header = register_sysctl_paths(nf_ct_path, 415 nf_ct_sysctl_header = register_sysctl_paths(nf_ct_path,
diff --git a/net/netfilter/nf_log.c b/net/netfilter/nf_log.c
index cec9976aecbf..bc11d7092032 100644
--- a/net/netfilter/nf_log.c
+++ b/net/netfilter/nf_log.c
@@ -168,13 +168,9 @@ static const struct file_operations nflog_file_ops = {
168int __init netfilter_log_init(void) 168int __init netfilter_log_init(void)
169{ 169{
170#ifdef CONFIG_PROC_FS 170#ifdef CONFIG_PROC_FS
171 struct proc_dir_entry *pde; 171 if (!proc_create("nf_log", S_IRUGO,
172 172 proc_net_netfilter, &nflog_file_ops))
173 pde = create_proc_entry("nf_log", S_IRUGO, proc_net_netfilter);
174 if (!pde)
175 return -1; 173 return -1;
176
177 pde->proc_fops = &nflog_file_ops;
178#endif 174#endif
179 return 0; 175 return 0;
180} 176}
diff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c
index ddc80ea114cd..bbd26893c0c4 100644
--- a/net/netfilter/nf_queue.c
+++ b/net/netfilter/nf_queue.c
@@ -348,12 +348,9 @@ static const struct file_operations nfqueue_file_ops = {
348int __init netfilter_queue_init(void) 348int __init netfilter_queue_init(void)
349{ 349{
350#ifdef CONFIG_PROC_FS 350#ifdef CONFIG_PROC_FS
351 struct proc_dir_entry *pde; 351 if (!proc_create("nf_queue", S_IRUGO,
352 352 proc_net_netfilter, &nfqueue_file_ops))
353 pde = create_proc_entry("nf_queue", S_IRUGO, proc_net_netfilter);
354 if (!pde)
355 return -1; 353 return -1;
356 pde->proc_fops = &nfqueue_file_ops;
357#endif 354#endif
358 return 0; 355 return 0;
359} 356}
diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c
index bf3f19b21fe4..b8173af8c24a 100644
--- a/net/netfilter/nfnetlink_log.c
+++ b/net/netfilter/nfnetlink_log.c
@@ -923,9 +923,6 @@ static const struct file_operations nful_file_ops = {
923static int __init nfnetlink_log_init(void) 923static int __init nfnetlink_log_init(void)
924{ 924{
925 int i, status = -ENOMEM; 925 int i, status = -ENOMEM;
926#ifdef CONFIG_PROC_FS
927 struct proc_dir_entry *proc_nful;
928#endif
929 926
930 for (i = 0; i < INSTANCE_BUCKETS; i++) 927 for (i = 0; i < INSTANCE_BUCKETS; i++)
931 INIT_HLIST_HEAD(&instance_table[i]); 928 INIT_HLIST_HEAD(&instance_table[i]);
@@ -943,11 +940,9 @@ static int __init nfnetlink_log_init(void)
943 } 940 }
944 941
945#ifdef CONFIG_PROC_FS 942#ifdef CONFIG_PROC_FS
946 proc_nful = create_proc_entry("nfnetlink_log", 0440, 943 if (!proc_create("nfnetlink_log", 0440,
947 proc_net_netfilter); 944 proc_net_netfilter, &nful_file_ops))
948 if (!proc_nful)
949 goto cleanup_subsys; 945 goto cleanup_subsys;
950 proc_nful->proc_fops = &nful_file_ops;
951#endif 946#endif
952 return status; 947 return status;
953 948
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index 012cb6910820..10522c04ed24 100644
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -896,9 +896,6 @@ static const struct file_operations nfqnl_file_ops = {
896static int __init nfnetlink_queue_init(void) 896static int __init nfnetlink_queue_init(void)
897{ 897{
898 int i, status = -ENOMEM; 898 int i, status = -ENOMEM;
899#ifdef CONFIG_PROC_FS
900 struct proc_dir_entry *proc_nfqueue;
901#endif
902 899
903 for (i = 0; i < INSTANCE_BUCKETS; i++) 900 for (i = 0; i < INSTANCE_BUCKETS; i++)
904 INIT_HLIST_HEAD(&instance_table[i]); 901 INIT_HLIST_HEAD(&instance_table[i]);
@@ -911,11 +908,9 @@ static int __init nfnetlink_queue_init(void)
911 } 908 }
912 909
913#ifdef CONFIG_PROC_FS 910#ifdef CONFIG_PROC_FS
914 proc_nfqueue = create_proc_entry("nfnetlink_queue", 0440, 911 if (!proc_create("nfnetlink_queue", 0440,
915 proc_net_netfilter); 912 proc_net_netfilter, &nfqnl_file_ops))
916 if (!proc_nfqueue)
917 goto cleanup_subsys; 913 goto cleanup_subsys;
918 proc_nfqueue->proc_fops = &nfqnl_file_ops;
919#endif 914#endif
920 915
921 register_netdevice_notifier(&nfqnl_dev_notifier); 916 register_netdevice_notifier(&nfqnl_dev_notifier);
diff --git a/net/netfilter/xt_hashlimit.c b/net/netfilter/xt_hashlimit.c
index 5418ce59ac3a..40d344b21453 100644
--- a/net/netfilter/xt_hashlimit.c
+++ b/net/netfilter/xt_hashlimit.c
@@ -237,14 +237,14 @@ static int htable_create_v0(struct xt_hashlimit_info *minfo, int family)
237 hinfo->family = family; 237 hinfo->family = family;
238 hinfo->rnd_initialized = 0; 238 hinfo->rnd_initialized = 0;
239 spin_lock_init(&hinfo->lock); 239 spin_lock_init(&hinfo->lock);
240 hinfo->pde = create_proc_entry(minfo->name, 0, 240 hinfo->pde = proc_create(minfo->name, 0,
241 family == AF_INET ? hashlimit_procdir4 : 241 family == AF_INET ? hashlimit_procdir4 :
242 hashlimit_procdir6); 242 hashlimit_procdir6,
243 &dl_file_ops);
243 if (!hinfo->pde) { 244 if (!hinfo->pde) {
244 vfree(hinfo); 245 vfree(hinfo);
245 return -1; 246 return -1;
246 } 247 }
247 hinfo->pde->proc_fops = &dl_file_ops;
248 hinfo->pde->data = hinfo; 248 hinfo->pde->data = hinfo;
249 249
250 setup_timer(&hinfo->timer, htable_gc, (unsigned long )hinfo); 250 setup_timer(&hinfo->timer, htable_gc, (unsigned long )hinfo);
@@ -301,14 +301,14 @@ static int htable_create(struct xt_hashlimit_mtinfo1 *minfo,
301 hinfo->rnd_initialized = 0; 301 hinfo->rnd_initialized = 0;
302 spin_lock_init(&hinfo->lock); 302 spin_lock_init(&hinfo->lock);
303 303
304 hinfo->pde = create_proc_entry(minfo->name, 0, 304 hinfo->pde = proc_create(minfo->name, 0,
305 family == AF_INET ? hashlimit_procdir4 : 305 family == AF_INET ? hashlimit_procdir4 :
306 hashlimit_procdir6); 306 hashlimit_procdir6,
307 &dl_file_ops);
307 if (hinfo->pde == NULL) { 308 if (hinfo->pde == NULL) {
308 vfree(hinfo); 309 vfree(hinfo);
309 return -1; 310 return -1;
310 } 311 }
311 hinfo->pde->proc_fops = &dl_file_ops;
312 hinfo->pde->data = hinfo; 312 hinfo->pde->data = hinfo;
313 313
314 setup_timer(&hinfo->timer, htable_gc, (unsigned long)hinfo); 314 setup_timer(&hinfo->timer, htable_gc, (unsigned long)hinfo);
@@ -466,38 +466,25 @@ static inline void rateinfo_recalc(struct dsthash_ent *dh, unsigned long now)
466 466
467static inline __be32 maskl(__be32 a, unsigned int l) 467static inline __be32 maskl(__be32 a, unsigned int l)
468{ 468{
469 return htonl(ntohl(a) & ~(~(u_int32_t)0 >> l)); 469 return l ? htonl(ntohl(a) & ~0 << (32 - l)) : 0;
470} 470}
471 471
472#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE) 472#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)
473static void hashlimit_ipv6_mask(__be32 *i, unsigned int p) 473static void hashlimit_ipv6_mask(__be32 *i, unsigned int p)
474{ 474{
475 switch (p) { 475 switch (p) {
476 case 0: 476 case 0 ... 31:
477 i[0] = i[1] = 0;
478 i[2] = i[3] = 0;
479 break;
480 case 1 ... 31:
481 i[0] = maskl(i[0], p); 477 i[0] = maskl(i[0], p);
482 i[1] = i[2] = i[3] = 0; 478 i[1] = i[2] = i[3] = 0;
483 break; 479 break;
484 case 32: 480 case 32 ... 63:
485 i[1] = i[2] = i[3] = 0;
486 break;
487 case 33 ... 63:
488 i[1] = maskl(i[1], p - 32); 481 i[1] = maskl(i[1], p - 32);
489 i[2] = i[3] = 0; 482 i[2] = i[3] = 0;
490 break; 483 break;
491 case 64: 484 case 64 ... 95:
492 i[2] = i[3] = 0;
493 break;
494 case 65 ... 95:
495 i[2] = maskl(i[2], p - 64); 485 i[2] = maskl(i[2], p - 64);
496 i[3] = 0; 486 i[3] = 0;
497 case 96: 487 case 96 ... 127:
498 i[3] = 0;
499 break;
500 case 97 ... 127:
501 i[3] = maskl(i[3], p - 96); 488 i[3] = maskl(i[3], p - 96);
502 break; 489 break;
503 case 128: 490 case 128:
diff --git a/net/rose/af_rose.c b/net/rose/af_rose.c
index 4a31a81059ab..063cbc5c26b1 100644
--- a/net/rose/af_rose.c
+++ b/net/rose/af_rose.c
@@ -598,17 +598,24 @@ static int rose_release(struct socket *sock)
598 598
599 if (sk == NULL) return 0; 599 if (sk == NULL) return 0;
600 600
601 sock_hold(sk);
602 sock_orphan(sk);
603 lock_sock(sk);
601 rose = rose_sk(sk); 604 rose = rose_sk(sk);
602 605
603 switch (rose->state) { 606 switch (rose->state) {
604 case ROSE_STATE_0: 607 case ROSE_STATE_0:
608 release_sock(sk);
605 rose_disconnect(sk, 0, -1, -1); 609 rose_disconnect(sk, 0, -1, -1);
610 lock_sock(sk);
606 rose_destroy_socket(sk); 611 rose_destroy_socket(sk);
607 break; 612 break;
608 613
609 case ROSE_STATE_2: 614 case ROSE_STATE_2:
610 rose->neighbour->use--; 615 rose->neighbour->use--;
616 release_sock(sk);
611 rose_disconnect(sk, 0, -1, -1); 617 rose_disconnect(sk, 0, -1, -1);
618 lock_sock(sk);
612 rose_destroy_socket(sk); 619 rose_destroy_socket(sk);
613 break; 620 break;
614 621
@@ -633,6 +640,8 @@ static int rose_release(struct socket *sock)
633 } 640 }
634 641
635 sock->sk = NULL; 642 sock->sk = NULL;
643 release_sock(sk);
644 sock_put(sk);
636 645
637 return 0; 646 return 0;
638} 647}
diff --git a/net/rxrpc/ar-internal.h b/net/rxrpc/ar-internal.h
index 1aaa2e804b0d..53fe94c9d36b 100644
--- a/net/rxrpc/ar-internal.h
+++ b/net/rxrpc/ar-internal.h
@@ -23,7 +23,7 @@
23struct rxrpc_crypt { 23struct rxrpc_crypt {
24 union { 24 union {
25 u8 x[FCRYPT_BSIZE]; 25 u8 x[FCRYPT_BSIZE];
26 u32 n[2]; 26 __be32 n[2];
27 }; 27 };
28} __attribute__((aligned(8))); 28} __attribute__((aligned(8)));
29 29
@@ -611,7 +611,7 @@ extern struct rxrpc_transport *rxrpc_find_transport(struct rxrpc_local *,
611extern unsigned rxrpc_debug; 611extern unsigned rxrpc_debug;
612 612
613#define dbgprintk(FMT,...) \ 613#define dbgprintk(FMT,...) \
614 printk("[%x%-6.6s] "FMT"\n", smp_processor_id(), current->comm ,##__VA_ARGS__) 614 printk("[%-6.6s] "FMT"\n", current->comm ,##__VA_ARGS__)
615 615
616/* make sure we maintain the format strings, even when debugging is disabled */ 616/* make sure we maintain the format strings, even when debugging is disabled */
617static inline __attribute__((format(printf,1,2))) 617static inline __attribute__((format(printf,1,2)))
diff --git a/net/rxrpc/rxkad.c b/net/rxrpc/rxkad.c
index f48434adb7c2..d1c296f2d617 100644
--- a/net/rxrpc/rxkad.c
+++ b/net/rxrpc/rxkad.c
@@ -261,6 +261,7 @@ static int rxkad_secure_packet(const struct rxrpc_call *call,
261 __be32 x[2]; 261 __be32 x[2];
262 } tmpbuf __attribute__((aligned(8))); /* must all be in same page */ 262 } tmpbuf __attribute__((aligned(8))); /* must all be in same page */
263 __be32 x; 263 __be32 x;
264 u32 y;
264 int ret; 265 int ret;
265 266
266 sp = rxrpc_skb(skb); 267 sp = rxrpc_skb(skb);
@@ -292,11 +293,11 @@ static int rxkad_secure_packet(const struct rxrpc_call *call,
292 sg_init_one(&sg[1], &tmpbuf, sizeof(tmpbuf)); 293 sg_init_one(&sg[1], &tmpbuf, sizeof(tmpbuf));
293 crypto_blkcipher_encrypt_iv(&desc, &sg[0], &sg[1], sizeof(tmpbuf)); 294 crypto_blkcipher_encrypt_iv(&desc, &sg[0], &sg[1], sizeof(tmpbuf));
294 295
295 x = ntohl(tmpbuf.x[1]); 296 y = ntohl(tmpbuf.x[1]);
296 x = (x >> 16) & 0xffff; 297 y = (y >> 16) & 0xffff;
297 if (x == 0) 298 if (y == 0)
298 x = 1; /* zero checksums are not permitted */ 299 y = 1; /* zero checksums are not permitted */
299 sp->hdr.cksum = htons(x); 300 sp->hdr.cksum = htons(y);
300 301
301 switch (call->conn->security_level) { 302 switch (call->conn->security_level) {
302 case RXRPC_SECURITY_PLAIN: 303 case RXRPC_SECURITY_PLAIN:
@@ -314,7 +315,7 @@ static int rxkad_secure_packet(const struct rxrpc_call *call,
314 break; 315 break;
315 } 316 }
316 317
317 _leave(" = %d [set %hx]", ret, x); 318 _leave(" = %d [set %hx]", ret, y);
318 return ret; 319 return ret;
319} 320}
320 321
@@ -492,6 +493,7 @@ static int rxkad_verify_packet(const struct rxrpc_call *call,
492 __be32 x[2]; 493 __be32 x[2];
493 } tmpbuf __attribute__((aligned(8))); /* must all be in same page */ 494 } tmpbuf __attribute__((aligned(8))); /* must all be in same page */
494 __be32 x; 495 __be32 x;
496 u16 y;
495 __be16 cksum; 497 __be16 cksum;
496 int ret; 498 int ret;
497 499
@@ -526,12 +528,12 @@ static int rxkad_verify_packet(const struct rxrpc_call *call,
526 sg_init_one(&sg[1], &tmpbuf, sizeof(tmpbuf)); 528 sg_init_one(&sg[1], &tmpbuf, sizeof(tmpbuf));
527 crypto_blkcipher_encrypt_iv(&desc, &sg[0], &sg[1], sizeof(tmpbuf)); 529 crypto_blkcipher_encrypt_iv(&desc, &sg[0], &sg[1], sizeof(tmpbuf));
528 530
529 x = ntohl(tmpbuf.x[1]); 531 y = ntohl(tmpbuf.x[1]);
530 x = (x >> 16) & 0xffff; 532 y = (y >> 16) & 0xffff;
531 if (x == 0) 533 if (y == 0)
532 x = 1; /* zero checksums are not permitted */ 534 y = 1; /* zero checksums are not permitted */
533 535
534 cksum = htons(x); 536 cksum = htons(y);
535 if (sp->hdr.cksum != cksum) { 537 if (sp->hdr.cksum != cksum) {
536 *_abort_code = RXKADSEALEDINCON; 538 *_abort_code = RXKADSEALEDINCON;
537 _leave(" = -EPROTO [csum failed]"); 539 _leave(" = -EPROTO [csum failed]");
@@ -1001,7 +1003,8 @@ static int rxkad_verify_response(struct rxrpc_connection *conn,
1001 struct rxrpc_crypt session_key; 1003 struct rxrpc_crypt session_key;
1002 time_t expiry; 1004 time_t expiry;
1003 void *ticket; 1005 void *ticket;
1004 u32 abort_code, version, kvno, ticket_len, csum, level; 1006 u32 abort_code, version, kvno, ticket_len, level;
1007 __be32 csum;
1005 int ret; 1008 int ret;
1006 1009
1007 _enter("{%d,%x}", conn->debug_id, key_serial(conn->server_key)); 1010 _enter("{%d,%x}", conn->debug_id, key_serial(conn->server_key));
diff --git a/net/sched/sch_generic.c b/net/sched/sch_generic.c
index 10b5c0887fff..b741618e4d54 100644
--- a/net/sched/sch_generic.c
+++ b/net/sched/sch_generic.c
@@ -184,10 +184,22 @@ static inline int qdisc_restart(struct net_device *dev)
184 184
185void __qdisc_run(struct net_device *dev) 185void __qdisc_run(struct net_device *dev)
186{ 186{
187 do { 187 unsigned long start_time = jiffies;
188 if (!qdisc_restart(dev)) 188
189 while (qdisc_restart(dev)) {
190 if (netif_queue_stopped(dev))
191 break;
192
193 /*
194 * Postpone processing if
195 * 1. another process needs the CPU;
196 * 2. we've been doing it for too long.
197 */
198 if (need_resched() || jiffies != start_time) {
199 netif_schedule(dev);
189 break; 200 break;
190 } while (!netif_queue_stopped(dev)); 201 }
202 }
191 203
192 clear_bit(__LINK_STATE_QDISC_RUNNING, &dev->state); 204 clear_bit(__LINK_STATE_QDISC_RUNNING, &dev->state);
193} 205}
diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c
index 8c6a7f1a25e9..8834d68972cb 100644
--- a/net/sunrpc/clnt.c
+++ b/net/sunrpc/clnt.c
@@ -261,10 +261,6 @@ struct rpc_clnt *rpc_create(struct rpc_create_args *args)
261 }; 261 };
262 char servername[48]; 262 char servername[48];
263 263
264 xprt = xprt_create_transport(&xprtargs);
265 if (IS_ERR(xprt))
266 return (struct rpc_clnt *)xprt;
267
268 /* 264 /*
269 * If the caller chooses not to specify a hostname, whip 265 * If the caller chooses not to specify a hostname, whip
270 * up a string representation of the passed-in address. 266 * up a string representation of the passed-in address.
diff --git a/net/sunrpc/xdr.c b/net/sunrpc/xdr.c
index 995c3fdc16c2..79a55d56cc98 100644
--- a/net/sunrpc/xdr.c
+++ b/net/sunrpc/xdr.c
@@ -244,7 +244,7 @@ _copy_to_pages(struct page **pages, size_t pgbase, const char *p, size_t len)
244 pgto = pages + (pgbase >> PAGE_CACHE_SHIFT); 244 pgto = pages + (pgbase >> PAGE_CACHE_SHIFT);
245 pgbase &= ~PAGE_CACHE_MASK; 245 pgbase &= ~PAGE_CACHE_MASK;
246 246
247 do { 247 for (;;) {
248 copy = PAGE_CACHE_SIZE - pgbase; 248 copy = PAGE_CACHE_SIZE - pgbase;
249 if (copy > len) 249 if (copy > len)
250 copy = len; 250 copy = len;
@@ -253,6 +253,10 @@ _copy_to_pages(struct page **pages, size_t pgbase, const char *p, size_t len)
253 memcpy(vto + pgbase, p, copy); 253 memcpy(vto + pgbase, p, copy);
254 kunmap_atomic(vto, KM_USER0); 254 kunmap_atomic(vto, KM_USER0);
255 255
256 len -= copy;
257 if (len == 0)
258 break;
259
256 pgbase += copy; 260 pgbase += copy;
257 if (pgbase == PAGE_CACHE_SIZE) { 261 if (pgbase == PAGE_CACHE_SIZE) {
258 flush_dcache_page(*pgto); 262 flush_dcache_page(*pgto);
@@ -260,8 +264,7 @@ _copy_to_pages(struct page **pages, size_t pgbase, const char *p, size_t len)
260 pgto++; 264 pgto++;
261 } 265 }
262 p += copy; 266 p += copy;
263 267 }
264 } while ((len -= copy) != 0);
265 flush_dcache_page(*pgto); 268 flush_dcache_page(*pgto);
266} 269}
267 270
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index e3a214f63f91..f68a5c8f2147 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -945,7 +945,7 @@ static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
945 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 945 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
946 params.listen_interval = 946 params.listen_interval =
947 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]); 947 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
948 params.listen_interval = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]); 948 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
949 949
950 if (parse_station_flags(info->attrs[NL80211_ATTR_STA_FLAGS], 950 if (parse_station_flags(info->attrs[NL80211_ATTR_STA_FLAGS],
951 &params.station_flags)) 951 &params.station_flags))
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 5d96f2728dc6..019d21de19b3 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -288,7 +288,7 @@ static void copy_from_user_state(struct xfrm_state *x, struct xfrm_usersa_info *
288 memcpy(&x->props.saddr, &p->saddr, sizeof(x->props.saddr)); 288 memcpy(&x->props.saddr, &p->saddr, sizeof(x->props.saddr));
289 x->props.flags = p->flags; 289 x->props.flags = p->flags;
290 290
291 if (x->props.mode == XFRM_MODE_TRANSPORT) 291 if (!x->sel.family)
292 x->sel.family = p->family; 292 x->sel.family = p->family;
293 293
294} 294}
generated by cgit v1.2.2 (git 2.25.0) at 2025-01-06 17:22:23 -0500