aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
Diffstat (limited to 'net')
-rw-r--r--net/8021q/vlan_dev.c2
-rw-r--r--net/compat.c3
-rw-r--r--net/core/flow.c42
-rw-r--r--net/core/rtnetlink.c2
-rw-r--r--net/core/scm.c3
-rw-r--r--net/dccp/ipv4.c6
-rw-r--r--net/dccp/ipv6.c6
-rw-r--r--net/decnet/af_decnet.c4
-rw-r--r--net/decnet/dn_route.c11
-rw-r--r--net/ipv4/cipso_ipv4.c18
-rw-r--r--net/ipv4/ip_gre.c4
-rw-r--r--net/ipv4/ipvs/ip_vs_ftp.c2
-rw-r--r--net/ipv4/route.c12
-rw-r--r--net/ipv4/tcp_ipv4.c18
-rw-r--r--net/ipv4/tcp_output.c31
-rw-r--r--net/ipv4/xfrm4_policy.c2
-rw-r--r--net/ipv6/Kconfig13
-rw-r--r--net/ipv6/Makefile3
-rw-r--r--net/ipv6/addrconf.c18
-rw-r--r--net/ipv6/af_inet6.c2
-rw-r--r--net/ipv6/sit.c3
-rw-r--r--net/ipv6/tcp_ipv6.c13
-rw-r--r--net/ipv6/xfrm6_policy.c2
-rw-r--r--net/irda/irias_object.c2
-rw-r--r--net/key/af_key.c5
-rw-r--r--net/netlabel/netlabel_kapi.c2
-rw-r--r--net/sched/sch_htb.c5
-rw-r--r--net/sctp/proc.c2
-rw-r--r--net/sctp/socket.c22
-rw-r--r--net/sctp/ulpevent.c25
-rw-r--r--net/sctp/ulpqueue.c2
-rw-r--r--net/sunrpc/auth_gss/svcauth_gss.c5
-rw-r--r--net/sunrpc/svc.c17
-rw-r--r--net/sunrpc/svcsock.c28
-rw-r--r--net/tipc/socket.c6
-rw-r--r--net/xfrm/xfrm_policy.c101
-rw-r--r--net/xfrm/xfrm_user.c9
37 files changed, 285 insertions, 166 deletions
diff --git a/net/8021q/vlan_dev.c b/net/8021q/vlan_dev.c
index da9cfe927158..60a508eb1945 100644
--- a/net/8021q/vlan_dev.c
+++ b/net/8021q/vlan_dev.c
@@ -62,7 +62,7 @@ int vlan_dev_rebuild_header(struct sk_buff *skb)
62 default: 62 default:
63 printk(VLAN_DBG 63 printk(VLAN_DBG
64 "%s: unable to resolve type %X addresses.\n", 64 "%s: unable to resolve type %X addresses.\n",
65 dev->name, (int)veth->h_vlan_encapsulated_proto); 65 dev->name, ntohs(veth->h_vlan_encapsulated_proto));
66 66
67 memcpy(veth->h_source, dev->dev_addr, ETH_ALEN); 67 memcpy(veth->h_source, dev->dev_addr, ETH_ALEN);
68 break; 68 break;
diff --git a/net/compat.c b/net/compat.c
index d5d69fa15d07..52d32f1bc728 100644
--- a/net/compat.c
+++ b/net/compat.c
@@ -285,8 +285,7 @@ void scm_detach_fds_compat(struct msghdr *kmsg, struct scm_cookie *scm)
285 285
286 if (i > 0) { 286 if (i > 0) {
287 int cmlen = CMSG_COMPAT_LEN(i * sizeof(int)); 287 int cmlen = CMSG_COMPAT_LEN(i * sizeof(int));
288 if (!err) 288 err = put_user(SOL_SOCKET, &cm->cmsg_level);
289 err = put_user(SOL_SOCKET, &cm->cmsg_level);
290 if (!err) 289 if (!err)
291 err = put_user(SCM_RIGHTS, &cm->cmsg_type); 290 err = put_user(SCM_RIGHTS, &cm->cmsg_type);
292 if (!err) 291 if (!err)
diff --git a/net/core/flow.c b/net/core/flow.c
index f23e7e386543..b16d31ae5e54 100644
--- a/net/core/flow.c
+++ b/net/core/flow.c
@@ -85,6 +85,14 @@ static void flow_cache_new_hashrnd(unsigned long arg)
85 add_timer(&flow_hash_rnd_timer); 85 add_timer(&flow_hash_rnd_timer);
86} 86}
87 87
88static void flow_entry_kill(int cpu, struct flow_cache_entry *fle)
89{
90 if (fle->object)
91 atomic_dec(fle->object_ref);
92 kmem_cache_free(flow_cachep, fle);
93 flow_count(cpu)--;
94}
95
88static void __flow_cache_shrink(int cpu, int shrink_to) 96static void __flow_cache_shrink(int cpu, int shrink_to)
89{ 97{
90 struct flow_cache_entry *fle, **flp; 98 struct flow_cache_entry *fle, **flp;
@@ -100,10 +108,7 @@ static void __flow_cache_shrink(int cpu, int shrink_to)
100 } 108 }
101 while ((fle = *flp) != NULL) { 109 while ((fle = *flp) != NULL) {
102 *flp = fle->next; 110 *flp = fle->next;
103 if (fle->object) 111 flow_entry_kill(cpu, fle);
104 atomic_dec(fle->object_ref);
105 kmem_cache_free(flow_cachep, fle);
106 flow_count(cpu)--;
107 } 112 }
108 } 113 }
109} 114}
@@ -220,24 +225,33 @@ void *flow_cache_lookup(struct flowi *key, u16 family, u8 dir,
220 225
221nocache: 226nocache:
222 { 227 {
228 int err;
223 void *obj; 229 void *obj;
224 atomic_t *obj_ref; 230 atomic_t *obj_ref;
225 231
226 resolver(key, family, dir, &obj, &obj_ref); 232 err = resolver(key, family, dir, &obj, &obj_ref);
227 233
228 if (fle) { 234 if (fle) {
229 fle->genid = atomic_read(&flow_cache_genid); 235 if (err) {
230 236 /* Force security policy check on next lookup */
231 if (fle->object) 237 *head = fle->next;
232 atomic_dec(fle->object_ref); 238 flow_entry_kill(cpu, fle);
233 239 } else {
234 fle->object = obj; 240 fle->genid = atomic_read(&flow_cache_genid);
235 fle->object_ref = obj_ref; 241
236 if (obj) 242 if (fle->object)
237 atomic_inc(fle->object_ref); 243 atomic_dec(fle->object_ref);
244
245 fle->object = obj;
246 fle->object_ref = obj_ref;
247 if (obj)
248 atomic_inc(fle->object_ref);
249 }
238 } 250 }
239 local_bh_enable(); 251 local_bh_enable();
240 252
253 if (err)
254 obj = ERR_PTR(err);
241 return obj; 255 return obj;
242 } 256 }
243} 257}
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index 221e4038216b..02f3c7947898 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -602,7 +602,7 @@ static int rtnl_getlink(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg)
602 goto errout; 602 goto errout;
603 } 603 }
604 604
605 err = rtnl_unicast(skb, NETLINK_CB(skb).pid); 605 err = rtnl_unicast(nskb, NETLINK_CB(skb).pid);
606errout: 606errout:
607 kfree(iw_buf); 607 kfree(iw_buf);
608 dev_put(dev); 608 dev_put(dev);
diff --git a/net/core/scm.c b/net/core/scm.c
index 649d01ef35b6..271cf060ef8c 100644
--- a/net/core/scm.c
+++ b/net/core/scm.c
@@ -245,8 +245,7 @@ void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm)
245 if (i > 0) 245 if (i > 0)
246 { 246 {
247 int cmlen = CMSG_LEN(i*sizeof(int)); 247 int cmlen = CMSG_LEN(i*sizeof(int));
248 if (!err) 248 err = put_user(SOL_SOCKET, &cm->cmsg_level);
249 err = put_user(SOL_SOCKET, &cm->cmsg_level);
250 if (!err) 249 if (!err)
251 err = put_user(SCM_RIGHTS, &cm->cmsg_type); 250 err = put_user(SCM_RIGHTS, &cm->cmsg_type);
252 if (!err) 251 if (!err)
diff --git a/net/dccp/ipv4.c b/net/dccp/ipv4.c
index bf692c1c116f..7e746c4c1688 100644
--- a/net/dccp/ipv4.c
+++ b/net/dccp/ipv4.c
@@ -311,7 +311,7 @@ static void dccp_v4_err(struct sk_buff *skb, u32 info)
311 } 311 }
312 312
313 if (sk->sk_state == DCCP_TIME_WAIT) { 313 if (sk->sk_state == DCCP_TIME_WAIT) {
314 inet_twsk_put((struct inet_timewait_sock *)sk); 314 inet_twsk_put(inet_twsk(sk));
315 return; 315 return;
316 } 316 }
317 317
@@ -614,7 +614,7 @@ static struct sock *dccp_v4_hnd_req(struct sock *sk, struct sk_buff *skb)
614 bh_lock_sock(nsk); 614 bh_lock_sock(nsk);
615 return nsk; 615 return nsk;
616 } 616 }
617 inet_twsk_put((struct inet_timewait_sock *)nsk); 617 inet_twsk_put(inet_twsk(nsk));
618 return NULL; 618 return NULL;
619 } 619 }
620 620
@@ -980,7 +980,7 @@ discard_and_relse:
980 goto discard_it; 980 goto discard_it;
981 981
982do_time_wait: 982do_time_wait:
983 inet_twsk_put((struct inet_timewait_sock *)sk); 983 inet_twsk_put(inet_twsk(sk));
984 goto no_dccp_socket; 984 goto no_dccp_socket;
985} 985}
986 986
diff --git a/net/dccp/ipv6.c b/net/dccp/ipv6.c
index 7a47399cf31f..7171a78671aa 100644
--- a/net/dccp/ipv6.c
+++ b/net/dccp/ipv6.c
@@ -285,7 +285,7 @@ static void dccp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
285 } 285 }
286 286
287 if (sk->sk_state == DCCP_TIME_WAIT) { 287 if (sk->sk_state == DCCP_TIME_WAIT) {
288 inet_twsk_put((struct inet_timewait_sock *)sk); 288 inet_twsk_put(inet_twsk(sk));
289 return; 289 return;
290 } 290 }
291 291
@@ -663,7 +663,7 @@ static struct sock *dccp_v6_hnd_req(struct sock *sk,struct sk_buff *skb)
663 bh_lock_sock(nsk); 663 bh_lock_sock(nsk);
664 return nsk; 664 return nsk;
665 } 665 }
666 inet_twsk_put((struct inet_timewait_sock *)nsk); 666 inet_twsk_put(inet_twsk(nsk));
667 return NULL; 667 return NULL;
668 } 668 }
669 669
@@ -1109,7 +1109,7 @@ discard_and_relse:
1109 goto discard_it; 1109 goto discard_it;
1110 1110
1111do_time_wait: 1111do_time_wait:
1112 inet_twsk_put((struct inet_timewait_sock *)sk); 1112 inet_twsk_put(inet_twsk(sk));
1113 goto no_dccp_socket; 1113 goto no_dccp_socket;
1114} 1114}
1115 1115
diff --git a/net/decnet/af_decnet.c b/net/decnet/af_decnet.c
index 70e027375682..3456cd331835 100644
--- a/net/decnet/af_decnet.c
+++ b/net/decnet/af_decnet.c
@@ -1178,8 +1178,10 @@ static int dn_getname(struct socket *sock, struct sockaddr *uaddr,int *uaddr_len
1178 if (peer) { 1178 if (peer) {
1179 if ((sock->state != SS_CONNECTED && 1179 if ((sock->state != SS_CONNECTED &&
1180 sock->state != SS_CONNECTING) && 1180 sock->state != SS_CONNECTING) &&
1181 scp->accept_mode == ACC_IMMED) 1181 scp->accept_mode == ACC_IMMED) {
1182 release_sock(sk);
1182 return -ENOTCONN; 1183 return -ENOTCONN;
1184 }
1183 1185
1184 memcpy(sa, &scp->peer, sizeof(struct sockaddr_dn)); 1186 memcpy(sa, &scp->peer, sizeof(struct sockaddr_dn));
1185 } else { 1187 } else {
diff --git a/net/decnet/dn_route.c b/net/decnet/dn_route.c
index dd0761e3d280..a2a43d8d93fe 100644
--- a/net/decnet/dn_route.c
+++ b/net/decnet/dn_route.c
@@ -267,9 +267,14 @@ static void dn_dst_link_failure(struct sk_buff *skb)
267 267
268static inline int compare_keys(struct flowi *fl1, struct flowi *fl2) 268static inline int compare_keys(struct flowi *fl1, struct flowi *fl2)
269{ 269{
270 return memcmp(&fl1->nl_u.dn_u, &fl2->nl_u.dn_u, sizeof(fl1->nl_u.dn_u)) == 0 && 270 return ((fl1->nl_u.dn_u.daddr ^ fl2->nl_u.dn_u.daddr) |
271 fl1->oif == fl2->oif && 271 (fl1->nl_u.dn_u.saddr ^ fl2->nl_u.dn_u.saddr) |
272 fl1->iif == fl2->iif; 272#ifdef CONFIG_IP_ROUTE_FWMARK
273 (fl1->nl_u.dn_u.fwmark ^ fl2->nl_u.dn_u.fwmark) |
274#endif
275 (fl1->nl_u.dn_u.scope ^ fl2->nl_u.dn_u.scope) |
276 (fl1->oif ^ fl2->oif) |
277 (fl1->iif ^ fl2->iif)) == 0;
273} 278}
274 279
275static int dn_insert_route(struct dn_route *rt, unsigned hash, struct dn_route **rp) 280static int dn_insert_route(struct dn_route *rt, unsigned hash, struct dn_route **rp)
diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c
index a8e2e879a647..bde8ccaa1531 100644
--- a/net/ipv4/cipso_ipv4.c
+++ b/net/ipv4/cipso_ipv4.c
@@ -43,6 +43,7 @@
43#include <net/tcp.h> 43#include <net/tcp.h>
44#include <net/netlabel.h> 44#include <net/netlabel.h>
45#include <net/cipso_ipv4.h> 45#include <net/cipso_ipv4.h>
46#include <asm/atomic.h>
46#include <asm/bug.h> 47#include <asm/bug.h>
47 48
48struct cipso_v4_domhsh_entry { 49struct cipso_v4_domhsh_entry {
@@ -79,7 +80,7 @@ struct cipso_v4_map_cache_entry {
79 unsigned char *key; 80 unsigned char *key;
80 size_t key_len; 81 size_t key_len;
81 82
82 struct netlbl_lsm_cache lsm_data; 83 struct netlbl_lsm_cache *lsm_data;
83 84
84 u32 activity; 85 u32 activity;
85 struct list_head list; 86 struct list_head list;
@@ -188,13 +189,14 @@ static void cipso_v4_doi_domhsh_free(struct rcu_head *entry)
188 * @entry: the entry to free 189 * @entry: the entry to free
189 * 190 *
190 * Description: 191 * Description:
191 * This function frees the memory associated with a cache entry. 192 * This function frees the memory associated with a cache entry including the
193 * LSM cache data if there are no longer any users, i.e. reference count == 0.
192 * 194 *
193 */ 195 */
194static void cipso_v4_cache_entry_free(struct cipso_v4_map_cache_entry *entry) 196static void cipso_v4_cache_entry_free(struct cipso_v4_map_cache_entry *entry)
195{ 197{
196 if (entry->lsm_data.free) 198 if (entry->lsm_data)
197 entry->lsm_data.free(entry->lsm_data.data); 199 netlbl_secattr_cache_free(entry->lsm_data);
198 kfree(entry->key); 200 kfree(entry->key);
199 kfree(entry); 201 kfree(entry);
200} 202}
@@ -315,8 +317,8 @@ static int cipso_v4_cache_check(const unsigned char *key,
315 entry->key_len == key_len && 317 entry->key_len == key_len &&
316 memcmp(entry->key, key, key_len) == 0) { 318 memcmp(entry->key, key, key_len) == 0) {
317 entry->activity += 1; 319 entry->activity += 1;
318 secattr->cache.free = entry->lsm_data.free; 320 atomic_inc(&entry->lsm_data->refcount);
319 secattr->cache.data = entry->lsm_data.data; 321 secattr->cache = entry->lsm_data;
320 if (prev_entry == NULL) { 322 if (prev_entry == NULL) {
321 spin_unlock_bh(&cipso_v4_cache[bkt].lock); 323 spin_unlock_bh(&cipso_v4_cache[bkt].lock);
322 return 0; 324 return 0;
@@ -383,8 +385,8 @@ int cipso_v4_cache_add(const struct sk_buff *skb,
383 memcpy(entry->key, cipso_ptr, cipso_ptr_len); 385 memcpy(entry->key, cipso_ptr, cipso_ptr_len);
384 entry->key_len = cipso_ptr_len; 386 entry->key_len = cipso_ptr_len;
385 entry->hash = cipso_v4_map_cache_hash(cipso_ptr, cipso_ptr_len); 387 entry->hash = cipso_v4_map_cache_hash(cipso_ptr, cipso_ptr_len);
386 entry->lsm_data.free = secattr->cache.free; 388 atomic_inc(&secattr->cache->refcount);
387 entry->lsm_data.data = secattr->cache.data; 389 entry->lsm_data = secattr->cache;
388 390
389 bkt = entry->hash & (CIPSO_V4_CACHE_BUCKETBITS - 1); 391 bkt = entry->hash & (CIPSO_V4_CACHE_BUCKETBITS - 1);
390 spin_lock_bh(&cipso_v4_cache[bkt].lock); 392 spin_lock_bh(&cipso_v4_cache[bkt].lock);
diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
index f5fba051df3d..d5b5dec075b8 100644
--- a/net/ipv4/ip_gre.c
+++ b/net/ipv4/ip_gre.c
@@ -611,8 +611,8 @@ static int ipgre_rcv(struct sk_buff *skb)
611 * - When dealing with WCCPv2, Skip extra 4 bytes in GRE header 611 * - When dealing with WCCPv2, Skip extra 4 bytes in GRE header
612 */ 612 */
613 if (flags == 0 && 613 if (flags == 0 &&
614 skb->protocol == __constant_htons(ETH_P_WCCP)) { 614 skb->protocol == htons(ETH_P_WCCP)) {
615 skb->protocol = __constant_htons(ETH_P_IP); 615 skb->protocol = htons(ETH_P_IP);
616 if ((*(h + offset) & 0xF0) != 0x40) 616 if ((*(h + offset) & 0xF0) != 0x40)
617 offset += 4; 617 offset += 4;
618 } 618 }
diff --git a/net/ipv4/ipvs/ip_vs_ftp.c b/net/ipv4/ipvs/ip_vs_ftp.c
index e433cb0ff894..6d398f10aa91 100644
--- a/net/ipv4/ipvs/ip_vs_ftp.c
+++ b/net/ipv4/ipvs/ip_vs_ftp.c
@@ -274,7 +274,7 @@ static int ip_vs_ftp_in(struct ip_vs_app *app, struct ip_vs_conn *cp,
274 while (data <= data_limit - 6) { 274 while (data <= data_limit - 6) {
275 if (strnicmp(data, "PASV\r\n", 6) == 0) { 275 if (strnicmp(data, "PASV\r\n", 6) == 0) {
276 /* Passive mode on */ 276 /* Passive mode on */
277 IP_VS_DBG(7, "got PASV at %zd of %zd\n", 277 IP_VS_DBG(7, "got PASV at %td of %td\n",
278 data - data_start, 278 data - data_start,
279 data_limit - data_start); 279 data_limit - data_start);
280 cp->app_data = &ip_vs_ftp_pasv; 280 cp->app_data = &ip_vs_ftp_pasv;
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index c41ddba02e9d..925ee4dfc32c 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -566,9 +566,15 @@ static inline u32 rt_score(struct rtable *rt)
566 566
567static inline int compare_keys(struct flowi *fl1, struct flowi *fl2) 567static inline int compare_keys(struct flowi *fl1, struct flowi *fl2)
568{ 568{
569 return memcmp(&fl1->nl_u.ip4_u, &fl2->nl_u.ip4_u, sizeof(fl1->nl_u.ip4_u)) == 0 && 569 return ((fl1->nl_u.ip4_u.daddr ^ fl2->nl_u.ip4_u.daddr) |
570 fl1->oif == fl2->oif && 570 (fl1->nl_u.ip4_u.saddr ^ fl2->nl_u.ip4_u.saddr) |
571 fl1->iif == fl2->iif; 571#ifdef CONFIG_IP_ROUTE_FWMARK
572 (fl1->nl_u.ip4_u.fwmark ^ fl2->nl_u.ip4_u.fwmark) |
573#endif
574 (*(u16 *)&fl1->nl_u.ip4_u.tos ^
575 *(u16 *)&fl2->nl_u.ip4_u.tos) |
576 (fl1->oif ^ fl2->oif) |
577 (fl1->iif ^ fl2->iif)) == 0;
572} 578}
573 579
574#ifdef CONFIG_IP_ROUTE_MULTIPATH_CACHED 580#ifdef CONFIG_IP_ROUTE_MULTIPATH_CACHED
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index c83938b8fcb1..6bbd98575172 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -355,7 +355,7 @@ void tcp_v4_err(struct sk_buff *skb, u32 info)
355 return; 355 return;
356 } 356 }
357 if (sk->sk_state == TCP_TIME_WAIT) { 357 if (sk->sk_state == TCP_TIME_WAIT) {
358 inet_twsk_put((struct inet_timewait_sock *)sk); 358 inet_twsk_put(inet_twsk(sk));
359 return; 359 return;
360 } 360 }
361 361
@@ -578,7 +578,7 @@ static void tcp_v4_send_ack(struct sk_buff *skb, u32 seq, u32 ack,
578 struct tcphdr *th = skb->h.th; 578 struct tcphdr *th = skb->h.th;
579 struct { 579 struct {
580 struct tcphdr th; 580 struct tcphdr th;
581 u32 tsopt[3]; 581 u32 tsopt[TCPOLEN_TSTAMP_ALIGNED >> 2];
582 } rep; 582 } rep;
583 struct ip_reply_arg arg; 583 struct ip_reply_arg arg;
584 584
@@ -960,7 +960,7 @@ static struct sock *tcp_v4_hnd_req(struct sock *sk, struct sk_buff *skb)
960 bh_lock_sock(nsk); 960 bh_lock_sock(nsk);
961 return nsk; 961 return nsk;
962 } 962 }
963 inet_twsk_put((struct inet_timewait_sock *)nsk); 963 inet_twsk_put(inet_twsk(nsk));
964 return NULL; 964 return NULL;
965 } 965 }
966 966
@@ -1154,26 +1154,24 @@ discard_and_relse:
1154 1154
1155do_time_wait: 1155do_time_wait:
1156 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) { 1156 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1157 inet_twsk_put((struct inet_timewait_sock *) sk); 1157 inet_twsk_put(inet_twsk(sk));
1158 goto discard_it; 1158 goto discard_it;
1159 } 1159 }
1160 1160
1161 if (skb->len < (th->doff << 2) || tcp_checksum_complete(skb)) { 1161 if (skb->len < (th->doff << 2) || tcp_checksum_complete(skb)) {
1162 TCP_INC_STATS_BH(TCP_MIB_INERRS); 1162 TCP_INC_STATS_BH(TCP_MIB_INERRS);
1163 inet_twsk_put((struct inet_timewait_sock *) sk); 1163 inet_twsk_put(inet_twsk(sk));
1164 goto discard_it; 1164 goto discard_it;
1165 } 1165 }
1166 switch (tcp_timewait_state_process((struct inet_timewait_sock *)sk, 1166 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
1167 skb, th)) {
1168 case TCP_TW_SYN: { 1167 case TCP_TW_SYN: {
1169 struct sock *sk2 = inet_lookup_listener(&tcp_hashinfo, 1168 struct sock *sk2 = inet_lookup_listener(&tcp_hashinfo,
1170 skb->nh.iph->daddr, 1169 skb->nh.iph->daddr,
1171 th->dest, 1170 th->dest,
1172 inet_iif(skb)); 1171 inet_iif(skb));
1173 if (sk2) { 1172 if (sk2) {
1174 inet_twsk_deschedule((struct inet_timewait_sock *)sk, 1173 inet_twsk_deschedule(inet_twsk(sk), &tcp_death_row);
1175 &tcp_death_row); 1174 inet_twsk_put(inet_twsk(sk));
1176 inet_twsk_put((struct inet_timewait_sock *)sk);
1177 sk = sk2; 1175 sk = sk2;
1178 goto process; 1176 goto process;
1179 } 1177 }
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index 9a253faefc81..f22536e32cb1 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -273,10 +273,10 @@ static void tcp_build_and_update_options(__be32 *ptr, struct tcp_sock *tp,
273 __u32 tstamp) 273 __u32 tstamp)
274{ 274{
275 if (tp->rx_opt.tstamp_ok) { 275 if (tp->rx_opt.tstamp_ok) {
276 *ptr++ = __constant_htonl((TCPOPT_NOP << 24) | 276 *ptr++ = htonl((TCPOPT_NOP << 24) |
277 (TCPOPT_NOP << 16) | 277 (TCPOPT_NOP << 16) |
278 (TCPOPT_TIMESTAMP << 8) | 278 (TCPOPT_TIMESTAMP << 8) |
279 TCPOLEN_TIMESTAMP); 279 TCPOLEN_TIMESTAMP);
280 *ptr++ = htonl(tstamp); 280 *ptr++ = htonl(tstamp);
281 *ptr++ = htonl(tp->rx_opt.ts_recent); 281 *ptr++ = htonl(tp->rx_opt.ts_recent);
282 } 282 }
@@ -325,18 +325,27 @@ static void tcp_syn_build_options(__be32 *ptr, int mss, int ts, int sack,
325 *ptr++ = htonl((TCPOPT_MSS << 24) | (TCPOLEN_MSS << 16) | mss); 325 *ptr++ = htonl((TCPOPT_MSS << 24) | (TCPOLEN_MSS << 16) | mss);
326 if (ts) { 326 if (ts) {
327 if(sack) 327 if(sack)
328 *ptr++ = __constant_htonl((TCPOPT_SACK_PERM << 24) | (TCPOLEN_SACK_PERM << 16) | 328 *ptr++ = htonl((TCPOPT_SACK_PERM << 24) |
329 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP); 329 (TCPOLEN_SACK_PERM << 16) |
330 (TCPOPT_TIMESTAMP << 8) |
331 TCPOLEN_TIMESTAMP);
330 else 332 else
331 *ptr++ = __constant_htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) | 333 *ptr++ = htonl((TCPOPT_NOP << 24) |
332 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP); 334 (TCPOPT_NOP << 16) |
335 (TCPOPT_TIMESTAMP << 8) |
336 TCPOLEN_TIMESTAMP);
333 *ptr++ = htonl(tstamp); /* TSVAL */ 337 *ptr++ = htonl(tstamp); /* TSVAL */
334 *ptr++ = htonl(ts_recent); /* TSECR */ 338 *ptr++ = htonl(ts_recent); /* TSECR */
335 } else if(sack) 339 } else if(sack)
336 *ptr++ = __constant_htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) | 340 *ptr++ = htonl((TCPOPT_NOP << 24) |
337 (TCPOPT_SACK_PERM << 8) | TCPOLEN_SACK_PERM); 341 (TCPOPT_NOP << 16) |
342 (TCPOPT_SACK_PERM << 8) |
343 TCPOLEN_SACK_PERM);
338 if (offer_wscale) 344 if (offer_wscale)
339 *ptr++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_WINDOW << 16) | (TCPOLEN_WINDOW << 8) | (wscale)); 345 *ptr++ = htonl((TCPOPT_NOP << 24) |
346 (TCPOPT_WINDOW << 16) |
347 (TCPOLEN_WINDOW << 8) |
348 (wscale));
340} 349}
341 350
342/* This routine actually transmits TCP packets queued in by 351/* This routine actually transmits TCP packets queued in by
diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c
index 7a7a00147e55..1bed0cdf53e3 100644
--- a/net/ipv4/xfrm4_policy.c
+++ b/net/ipv4/xfrm4_policy.c
@@ -52,7 +52,7 @@ __xfrm4_find_bundle(struct flowi *fl, struct xfrm_policy *policy)
52 xdst->u.rt.fl.fl4_dst == fl->fl4_dst && 52 xdst->u.rt.fl.fl4_dst == fl->fl4_dst &&
53 xdst->u.rt.fl.fl4_src == fl->fl4_src && 53 xdst->u.rt.fl.fl4_src == fl->fl4_src &&
54 xdst->u.rt.fl.fl4_tos == fl->fl4_tos && 54 xdst->u.rt.fl.fl4_tos == fl->fl4_tos &&
55 xfrm_bundle_ok(xdst, fl, AF_INET, 0)) { 55 xfrm_bundle_ok(policy, xdst, fl, AF_INET, 0)) {
56 dst_clone(dst); 56 dst_clone(dst);
57 break; 57 break;
58 } 58 }
diff --git a/net/ipv6/Kconfig b/net/ipv6/Kconfig
index a460e8132b4d..ef5eaad44851 100644
--- a/net/ipv6/Kconfig
+++ b/net/ipv6/Kconfig
@@ -153,6 +153,19 @@ config INET6_XFRM_MODE_ROUTEOPTIMIZATION
153 ---help--- 153 ---help---
154 Support for MIPv6 route optimization mode. 154 Support for MIPv6 route optimization mode.
155 155
156config IPV6_SIT
157 tristate "IPv6: IPv6-in-IPv4 tunnel (SIT driver)"
158 depends on IPV6
159 default y
160 ---help---
161 Tunneling means encapsulating data of one protocol type within
162 another protocol and sending it over a channel that understands the
163 encapsulating protocol. This driver implements encapsulation of IPv6
164 into IPv4 packets. This is useful if you want to connect two IPv6
165 networks over an IPv4-only path.
166
167 Saying M here will produce a module called sit.ko. If unsure, say Y.
168
156config IPV6_TUNNEL 169config IPV6_TUNNEL
157 tristate "IPv6: IPv6-in-IPv6 tunnel" 170 tristate "IPv6: IPv6-in-IPv6 tunnel"
158 select INET6_TUNNEL 171 select INET6_TUNNEL
diff --git a/net/ipv6/Makefile b/net/ipv6/Makefile
index 87274e47fe32..addcc011bc01 100644
--- a/net/ipv6/Makefile
+++ b/net/ipv6/Makefile
@@ -4,7 +4,7 @@
4 4
5obj-$(CONFIG_IPV6) += ipv6.o 5obj-$(CONFIG_IPV6) += ipv6.o
6 6
7ipv6-objs := af_inet6.o anycast.o ip6_output.o ip6_input.o addrconf.o sit.o \ 7ipv6-objs := af_inet6.o anycast.o ip6_output.o ip6_input.o addrconf.o \
8 route.o ip6_fib.o ipv6_sockglue.o ndisc.o udp.o raw.o \ 8 route.o ip6_fib.o ipv6_sockglue.o ndisc.o udp.o raw.o \
9 protocol.o icmp.o mcast.o reassembly.o tcp_ipv6.o \ 9 protocol.o icmp.o mcast.o reassembly.o tcp_ipv6.o \
10 exthdrs.o sysctl_net_ipv6.o datagram.o proc.o \ 10 exthdrs.o sysctl_net_ipv6.o datagram.o proc.o \
@@ -29,6 +29,7 @@ obj-$(CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION) += xfrm6_mode_ro.o
29obj-$(CONFIG_INET6_XFRM_MODE_BEET) += xfrm6_mode_beet.o 29obj-$(CONFIG_INET6_XFRM_MODE_BEET) += xfrm6_mode_beet.o
30obj-$(CONFIG_NETFILTER) += netfilter/ 30obj-$(CONFIG_NETFILTER) += netfilter/
31 31
32obj-$(CONFIG_IPV6_SIT) += sit.o
32obj-$(CONFIG_IPV6_TUNNEL) += ip6_tunnel.o 33obj-$(CONFIG_IPV6_TUNNEL) += ip6_tunnel.o
33 34
34obj-y += exthdrs_core.o 35obj-y += exthdrs_core.o
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index e03c33b2465b..b312a5f7a759 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -396,8 +396,10 @@ static struct inet6_dev * ipv6_add_dev(struct net_device *dev)
396 ndev->regen_timer.data = (unsigned long) ndev; 396 ndev->regen_timer.data = (unsigned long) ndev;
397 if ((dev->flags&IFF_LOOPBACK) || 397 if ((dev->flags&IFF_LOOPBACK) ||
398 dev->type == ARPHRD_TUNNEL || 398 dev->type == ARPHRD_TUNNEL ||
399 dev->type == ARPHRD_NONE || 399#if defined(CONFIG_IPV6_SIT) || defined(CONFIG_IPV6_SIT_MODULE)
400 dev->type == ARPHRD_SIT) { 400 dev->type == ARPHRD_SIT ||
401#endif
402 dev->type == ARPHRD_NONE) {
401 printk(KERN_INFO 403 printk(KERN_INFO
402 "%s: Disabled Privacy Extensions\n", 404 "%s: Disabled Privacy Extensions\n",
403 dev->name); 405 dev->name);
@@ -1546,8 +1548,10 @@ addrconf_prefix_route(struct in6_addr *pfx, int plen, struct net_device *dev,
1546 This thing is done here expecting that the whole 1548 This thing is done here expecting that the whole
1547 class of non-broadcast devices need not cloning. 1549 class of non-broadcast devices need not cloning.
1548 */ 1550 */
1551#if defined(CONFIG_IPV6_SIT) || defined(CONFIG_IPV6_SIT_MODULE)
1549 if (dev->type == ARPHRD_SIT && (dev->flags & IFF_POINTOPOINT)) 1552 if (dev->type == ARPHRD_SIT && (dev->flags & IFF_POINTOPOINT))
1550 cfg.fc_flags |= RTF_NONEXTHOP; 1553 cfg.fc_flags |= RTF_NONEXTHOP;
1554#endif
1551 1555
1552 ip6_route_add(&cfg); 1556 ip6_route_add(&cfg);
1553} 1557}
@@ -1569,6 +1573,7 @@ static void addrconf_add_mroute(struct net_device *dev)
1569 ip6_route_add(&cfg); 1573 ip6_route_add(&cfg);
1570} 1574}
1571 1575
1576#if defined(CONFIG_IPV6_SIT) || defined(CONFIG_IPV6_SIT_MODULE)
1572static void sit_route_add(struct net_device *dev) 1577static void sit_route_add(struct net_device *dev)
1573{ 1578{
1574 struct fib6_config cfg = { 1579 struct fib6_config cfg = {
@@ -1582,6 +1587,7 @@ static void sit_route_add(struct net_device *dev)
1582 /* prefix length - 96 bits "::d.d.d.d" */ 1587 /* prefix length - 96 bits "::d.d.d.d" */
1583 ip6_route_add(&cfg); 1588 ip6_route_add(&cfg);
1584} 1589}
1590#endif
1585 1591
1586static void addrconf_add_lroute(struct net_device *dev) 1592static void addrconf_add_lroute(struct net_device *dev)
1587{ 1593{
@@ -1852,6 +1858,7 @@ int addrconf_set_dstaddr(void __user *arg)
1852 if (dev == NULL) 1858 if (dev == NULL)
1853 goto err_exit; 1859 goto err_exit;
1854 1860
1861#if defined(CONFIG_IPV6_SIT) || defined(CONFIG_IPV6_SIT_MODULE)
1855 if (dev->type == ARPHRD_SIT) { 1862 if (dev->type == ARPHRD_SIT) {
1856 struct ifreq ifr; 1863 struct ifreq ifr;
1857 mm_segment_t oldfs; 1864 mm_segment_t oldfs;
@@ -1881,6 +1888,7 @@ int addrconf_set_dstaddr(void __user *arg)
1881 err = dev_open(dev); 1888 err = dev_open(dev);
1882 } 1889 }
1883 } 1890 }
1891#endif
1884 1892
1885err_exit: 1893err_exit:
1886 rtnl_unlock(); 1894 rtnl_unlock();
@@ -2010,6 +2018,7 @@ int addrconf_del_ifaddr(void __user *arg)
2010 return err; 2018 return err;
2011} 2019}
2012 2020
2021#if defined(CONFIG_IPV6_SIT) || defined(CONFIG_IPV6_SIT_MODULE)
2013static void sit_add_v4_addrs(struct inet6_dev *idev) 2022static void sit_add_v4_addrs(struct inet6_dev *idev)
2014{ 2023{
2015 struct inet6_ifaddr * ifp; 2024 struct inet6_ifaddr * ifp;
@@ -2078,6 +2087,7 @@ static void sit_add_v4_addrs(struct inet6_dev *idev)
2078 } 2087 }
2079 } 2088 }
2080} 2089}
2090#endif
2081 2091
2082static void init_loopback(struct net_device *dev) 2092static void init_loopback(struct net_device *dev)
2083{ 2093{
@@ -2141,6 +2151,7 @@ static void addrconf_dev_config(struct net_device *dev)
2141 addrconf_add_linklocal(idev, &addr); 2151 addrconf_add_linklocal(idev, &addr);
2142} 2152}
2143 2153
2154#if defined(CONFIG_IPV6_SIT) || defined(CONFIG_IPV6_SIT_MODULE)
2144static void addrconf_sit_config(struct net_device *dev) 2155static void addrconf_sit_config(struct net_device *dev)
2145{ 2156{
2146 struct inet6_dev *idev; 2157 struct inet6_dev *idev;
@@ -2166,6 +2177,7 @@ static void addrconf_sit_config(struct net_device *dev)
2166 } else 2177 } else
2167 sit_route_add(dev); 2178 sit_route_add(dev);
2168} 2179}
2180#endif
2169 2181
2170static inline int 2182static inline int
2171ipv6_inherit_linklocal(struct inet6_dev *idev, struct net_device *link_dev) 2183ipv6_inherit_linklocal(struct inet6_dev *idev, struct net_device *link_dev)
@@ -2260,9 +2272,11 @@ static int addrconf_notify(struct notifier_block *this, unsigned long event,
2260 } 2272 }
2261 2273
2262 switch(dev->type) { 2274 switch(dev->type) {
2275#if defined(CONFIG_IPV6_SIT) || defined(CONFIG_IPV6_SIT_MODULE)
2263 case ARPHRD_SIT: 2276 case ARPHRD_SIT:
2264 addrconf_sit_config(dev); 2277 addrconf_sit_config(dev);
2265 break; 2278 break;
2279#endif
2266 case ARPHRD_TUNNEL6: 2280 case ARPHRD_TUNNEL6:
2267 addrconf_ip6_tnl_config(dev); 2281 addrconf_ip6_tnl_config(dev);
2268 break; 2282 break;
diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
index e94eccb99707..858cae29581c 100644
--- a/net/ipv6/af_inet6.c
+++ b/net/ipv6/af_inet6.c
@@ -850,7 +850,6 @@ static int __init inet6_init(void)
850 err = addrconf_init(); 850 err = addrconf_init();
851 if (err) 851 if (err)
852 goto addrconf_fail; 852 goto addrconf_fail;
853 sit_init();
854 853
855 /* Init v6 extension headers. */ 854 /* Init v6 extension headers. */
856 ipv6_rthdr_init(); 855 ipv6_rthdr_init();
@@ -927,7 +926,6 @@ static void __exit inet6_exit(void)
927 mip6_fini(); 926 mip6_fini();
928#endif 927#endif
929 /* Cleanup code parts. */ 928 /* Cleanup code parts. */
930 sit_cleanup();
931 ip6_flowlabel_cleanup(); 929 ip6_flowlabel_cleanup();
932 addrconf_cleanup(); 930 addrconf_cleanup();
933 ip6_route_cleanup(); 931 ip6_route_cleanup();
diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c
index 836eecd7e62b..dc5765b62b87 100644
--- a/net/ipv6/sit.c
+++ b/net/ipv6/sit.c
@@ -850,3 +850,6 @@ int __init sit_init(void)
850 inet_del_protocol(&sit_protocol, IPPROTO_IPV6); 850 inet_del_protocol(&sit_protocol, IPPROTO_IPV6);
851 goto out; 851 goto out;
852} 852}
853
854module_init(sit_init);
855module_exit(sit_cleanup);
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index 3b6575478fcc..4c2a7c0cafef 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -329,7 +329,7 @@ static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
329 } 329 }
330 330
331 if (sk->sk_state == TCP_TIME_WAIT) { 331 if (sk->sk_state == TCP_TIME_WAIT) {
332 inet_twsk_put((struct inet_timewait_sock *)sk); 332 inet_twsk_put(inet_twsk(sk));
333 return; 333 return;
334 } 334 }
335 335
@@ -653,7 +653,7 @@ static void tcp_v6_send_ack(struct sk_buff *skb, u32 seq, u32 ack, u32 win, u32
653 int tot_len = sizeof(struct tcphdr); 653 int tot_len = sizeof(struct tcphdr);
654 654
655 if (ts) 655 if (ts)
656 tot_len += 3*4; 656 tot_len += TCPOLEN_TSTAMP_ALIGNED;
657 657
658 buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len, 658 buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
659 GFP_ATOMIC); 659 GFP_ATOMIC);
@@ -749,7 +749,7 @@ static struct sock *tcp_v6_hnd_req(struct sock *sk,struct sk_buff *skb)
749 bh_lock_sock(nsk); 749 bh_lock_sock(nsk);
750 return nsk; 750 return nsk;
751 } 751 }
752 inet_twsk_put((struct inet_timewait_sock *)nsk); 752 inet_twsk_put(inet_twsk(nsk));
753 return NULL; 753 return NULL;
754 } 754 }
755 755
@@ -1283,18 +1283,17 @@ discard_and_relse:
1283 1283
1284do_time_wait: 1284do_time_wait:
1285 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) { 1285 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1286 inet_twsk_put((struct inet_timewait_sock *)sk); 1286 inet_twsk_put(inet_twsk(sk));
1287 goto discard_it; 1287 goto discard_it;
1288 } 1288 }
1289 1289
1290 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) { 1290 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1291 TCP_INC_STATS_BH(TCP_MIB_INERRS); 1291 TCP_INC_STATS_BH(TCP_MIB_INERRS);
1292 inet_twsk_put((struct inet_timewait_sock *)sk); 1292 inet_twsk_put(inet_twsk(sk));
1293 goto discard_it; 1293 goto discard_it;
1294 } 1294 }
1295 1295
1296 switch (tcp_timewait_state_process((struct inet_timewait_sock *)sk, 1296 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
1297 skb, th)) {
1298 case TCP_TW_SYN: 1297 case TCP_TW_SYN:
1299 { 1298 {
1300 struct sock *sk2; 1299 struct sock *sk2;
diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c
index 6a252e2134d1..73cee2ec07e8 100644
--- a/net/ipv6/xfrm6_policy.c
+++ b/net/ipv6/xfrm6_policy.c
@@ -73,7 +73,7 @@ __xfrm6_find_bundle(struct flowi *fl, struct xfrm_policy *policy)
73 xdst->u.rt6.rt6i_src.plen); 73 xdst->u.rt6.rt6i_src.plen);
74 if (ipv6_addr_equal(&xdst->u.rt6.rt6i_dst.addr, &fl_dst_prefix) && 74 if (ipv6_addr_equal(&xdst->u.rt6.rt6i_dst.addr, &fl_dst_prefix) &&
75 ipv6_addr_equal(&xdst->u.rt6.rt6i_src.addr, &fl_src_prefix) && 75 ipv6_addr_equal(&xdst->u.rt6.rt6i_src.addr, &fl_src_prefix) &&
76 xfrm_bundle_ok(xdst, fl, AF_INET6, 76 xfrm_bundle_ok(policy, xdst, fl, AF_INET6,
77 (xdst->u.rt6.rt6i_dst.plen != 128 || 77 (xdst->u.rt6.rt6i_dst.plen != 128 ||
78 xdst->u.rt6.rt6i_src.plen != 128))) { 78 xdst->u.rt6.rt6i_src.plen != 128))) {
79 dst_clone(dst); 79 dst_clone(dst);
diff --git a/net/irda/irias_object.c b/net/irda/irias_object.c
index a154b1d71c0f..56292ab7d652 100644
--- a/net/irda/irias_object.c
+++ b/net/irda/irias_object.c
@@ -43,7 +43,7 @@ struct ias_value irias_missing = { IAS_MISSING, 0, 0, 0, {0}};
43 * 43 *
44 * Faster, check boundary... Jean II 44 * Faster, check boundary... Jean II
45 */ 45 */
46static char *strndup(char *str, int max) 46static char *strndup(char *str, size_t max)
47{ 47{
48 char *new_str; 48 char *new_str;
49 int len; 49 int len;
diff --git a/net/key/af_key.c b/net/key/af_key.c
index ff98e70b0931..20ff7cca1d07 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -2928,11 +2928,6 @@ static struct xfrm_policy *pfkey_compile_policy(struct sock *sk, int opt,
2928 if (*dir) 2928 if (*dir)
2929 goto out; 2929 goto out;
2930 } 2930 }
2931 else {
2932 *dir = security_xfrm_sock_policy_alloc(xp, sk);
2933 if (*dir)
2934 goto out;
2935 }
2936 2931
2937 *dir = pol->sadb_x_policy_dir-1; 2932 *dir = pol->sadb_x_policy_dir-1;
2938 return xp; 2933 return xp;
diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c
index 54fb7de3c2b1..ff971103fd0c 100644
--- a/net/netlabel/netlabel_kapi.c
+++ b/net/netlabel/netlabel_kapi.c
@@ -200,7 +200,7 @@ void netlbl_cache_invalidate(void)
200int netlbl_cache_add(const struct sk_buff *skb, 200int netlbl_cache_add(const struct sk_buff *skb,
201 const struct netlbl_lsm_secattr *secattr) 201 const struct netlbl_lsm_secattr *secattr)
202{ 202{
203 if (secattr->cache.data == NULL) 203 if (secattr->cache == NULL)
204 return -ENOMSG; 204 return -ENOMSG;
205 205
206 if (CIPSO_V4_OPTEXIST(skb)) 206 if (CIPSO_V4_OPTEXIST(skb))
diff --git a/net/sched/sch_htb.c b/net/sched/sch_htb.c
index bb3ddd4784b1..9b9c555c713f 100644
--- a/net/sched/sch_htb.c
+++ b/net/sched/sch_htb.c
@@ -786,11 +786,10 @@ static long htb_do_events(struct htb_sched *q, int level)
786 for (i = 0; i < 500; i++) { 786 for (i = 0; i < 500; i++) {
787 struct htb_class *cl; 787 struct htb_class *cl;
788 long diff; 788 long diff;
789 struct rb_node *p = q->wait_pq[level].rb_node; 789 struct rb_node *p = rb_first(&q->wait_pq[level]);
790
790 if (!p) 791 if (!p)
791 return 0; 792 return 0;
792 while (p->rb_left)
793 p = p->rb_left;
794 793
795 cl = rb_entry(p, struct htb_class, pq_node); 794 cl = rb_entry(p, struct htb_class, pq_node);
796 if (time_after(cl->pq_key, q->jiffies)) { 795 if (time_after(cl->pq_key, q->jiffies)) {
diff --git a/net/sctp/proc.c b/net/sctp/proc.c
index a356d8d310a9..7f49e769080e 100644
--- a/net/sctp/proc.c
+++ b/net/sctp/proc.c
@@ -344,7 +344,7 @@ static int sctp_assocs_seq_show(struct seq_file *seq, void *v)
344 assoc, sk, sctp_sk(sk)->type, sk->sk_state, 344 assoc, sk, sctp_sk(sk)->type, sk->sk_state,
345 assoc->state, hash, assoc->assoc_id, 345 assoc->state, hash, assoc->assoc_id,
346 assoc->sndbuf_used, 346 assoc->sndbuf_used,
347 (sk->sk_rcvbuf - assoc->rwnd), 347 atomic_read(&assoc->rmem_alloc),
348 sock_i_uid(sk), sock_i_ino(sk), 348 sock_i_uid(sk), sock_i_ino(sk),
349 epb->bind_addr.port, 349 epb->bind_addr.port,
350 assoc->peer.port); 350 assoc->peer.port);
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index 3fe906d65069..9deec4391187 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -5362,6 +5362,20 @@ static void sctp_wfree(struct sk_buff *skb)
5362 sctp_association_put(asoc); 5362 sctp_association_put(asoc);
5363} 5363}
5364 5364
5365/* Do accounting for the receive space on the socket.
5366 * Accounting for the association is done in ulpevent.c
5367 * We set this as a destructor for the cloned data skbs so that
5368 * accounting is done at the correct time.
5369 */
5370void sctp_sock_rfree(struct sk_buff *skb)
5371{
5372 struct sock *sk = skb->sk;
5373 struct sctp_ulpevent *event = sctp_skb2event(skb);
5374
5375 atomic_sub(event->rmem_len, &sk->sk_rmem_alloc);
5376}
5377
5378
5365/* Helper function to wait for space in the sndbuf. */ 5379/* Helper function to wait for space in the sndbuf. */
5366static int sctp_wait_for_sndbuf(struct sctp_association *asoc, long *timeo_p, 5380static int sctp_wait_for_sndbuf(struct sctp_association *asoc, long *timeo_p,
5367 size_t msg_len) 5381 size_t msg_len)
@@ -5634,10 +5648,10 @@ static void sctp_sock_migrate(struct sock *oldsk, struct sock *newsk,
5634 sctp_skb_for_each(skb, &oldsk->sk_receive_queue, tmp) { 5648 sctp_skb_for_each(skb, &oldsk->sk_receive_queue, tmp) {
5635 event = sctp_skb2event(skb); 5649 event = sctp_skb2event(skb);
5636 if (event->asoc == assoc) { 5650 if (event->asoc == assoc) {
5637 sock_rfree(skb); 5651 sctp_sock_rfree(skb);
5638 __skb_unlink(skb, &oldsk->sk_receive_queue); 5652 __skb_unlink(skb, &oldsk->sk_receive_queue);
5639 __skb_queue_tail(&newsk->sk_receive_queue, skb); 5653 __skb_queue_tail(&newsk->sk_receive_queue, skb);
5640 skb_set_owner_r(skb, newsk); 5654 sctp_skb_set_owner_r(skb, newsk);
5641 } 5655 }
5642 } 5656 }
5643 5657
@@ -5665,10 +5679,10 @@ static void sctp_sock_migrate(struct sock *oldsk, struct sock *newsk,
5665 sctp_skb_for_each(skb, &oldsp->pd_lobby, tmp) { 5679 sctp_skb_for_each(skb, &oldsp->pd_lobby, tmp) {
5666 event = sctp_skb2event(skb); 5680 event = sctp_skb2event(skb);
5667 if (event->asoc == assoc) { 5681 if (event->asoc == assoc) {
5668 sock_rfree(skb); 5682 sctp_sock_rfree(skb);
5669 __skb_unlink(skb, &oldsp->pd_lobby); 5683 __skb_unlink(skb, &oldsp->pd_lobby);
5670 __skb_queue_tail(queue, skb); 5684 __skb_queue_tail(queue, skb);
5671 skb_set_owner_r(skb, newsk); 5685 sctp_skb_set_owner_r(skb, newsk);
5672 } 5686 }
5673 } 5687 }
5674 5688
diff --git a/net/sctp/ulpevent.c b/net/sctp/ulpevent.c
index ee236784a6bb..a015283a9087 100644
--- a/net/sctp/ulpevent.c
+++ b/net/sctp/ulpevent.c
@@ -55,10 +55,13 @@ static void sctp_ulpevent_release_frag_data(struct sctp_ulpevent *event);
55 55
56 56
57/* Initialize an ULP event from an given skb. */ 57/* Initialize an ULP event from an given skb. */
58SCTP_STATIC void sctp_ulpevent_init(struct sctp_ulpevent *event, int msg_flags) 58SCTP_STATIC void sctp_ulpevent_init(struct sctp_ulpevent *event,
59 int msg_flags,
60 unsigned int len)
59{ 61{
60 memset(event, 0, sizeof(struct sctp_ulpevent)); 62 memset(event, 0, sizeof(struct sctp_ulpevent));
61 event->msg_flags = msg_flags; 63 event->msg_flags = msg_flags;
64 event->rmem_len = len;
62} 65}
63 66
64/* Create a new sctp_ulpevent. */ 67/* Create a new sctp_ulpevent. */
@@ -73,7 +76,7 @@ SCTP_STATIC struct sctp_ulpevent *sctp_ulpevent_new(int size, int msg_flags,
73 goto fail; 76 goto fail;
74 77
75 event = sctp_skb2event(skb); 78 event = sctp_skb2event(skb);
76 sctp_ulpevent_init(event, msg_flags); 79 sctp_ulpevent_init(event, msg_flags, skb->truesize);
77 80
78 return event; 81 return event;
79 82
@@ -101,17 +104,16 @@ static inline void sctp_ulpevent_set_owner(struct sctp_ulpevent *event,
101 sctp_association_hold((struct sctp_association *)asoc); 104 sctp_association_hold((struct sctp_association *)asoc);
102 skb = sctp_event2skb(event); 105 skb = sctp_event2skb(event);
103 event->asoc = (struct sctp_association *)asoc; 106 event->asoc = (struct sctp_association *)asoc;
104 atomic_add(skb->truesize, &event->asoc->rmem_alloc); 107 atomic_add(event->rmem_len, &event->asoc->rmem_alloc);
105 skb_set_owner_r(skb, asoc->base.sk); 108 sctp_skb_set_owner_r(skb, asoc->base.sk);
106} 109}
107 110
108/* A simple destructor to give up the reference to the association. */ 111/* A simple destructor to give up the reference to the association. */
109static inline void sctp_ulpevent_release_owner(struct sctp_ulpevent *event) 112static inline void sctp_ulpevent_release_owner(struct sctp_ulpevent *event)
110{ 113{
111 struct sctp_association *asoc = event->asoc; 114 struct sctp_association *asoc = event->asoc;
112 struct sk_buff *skb = sctp_event2skb(event);
113 115
114 atomic_sub(skb->truesize, &asoc->rmem_alloc); 116 atomic_sub(event->rmem_len, &asoc->rmem_alloc);
115 sctp_association_put(asoc); 117 sctp_association_put(asoc);
116} 118}
117 119
@@ -372,7 +374,7 @@ struct sctp_ulpevent *sctp_ulpevent_make_remote_error(
372 374
373 /* Embed the event fields inside the cloned skb. */ 375 /* Embed the event fields inside the cloned skb. */
374 event = sctp_skb2event(skb); 376 event = sctp_skb2event(skb);
375 sctp_ulpevent_init(event, MSG_NOTIFICATION); 377 sctp_ulpevent_init(event, MSG_NOTIFICATION, skb->truesize);
376 378
377 sre = (struct sctp_remote_error *) 379 sre = (struct sctp_remote_error *)
378 skb_push(skb, sizeof(struct sctp_remote_error)); 380 skb_push(skb, sizeof(struct sctp_remote_error));
@@ -464,7 +466,7 @@ struct sctp_ulpevent *sctp_ulpevent_make_send_failed(
464 466
465 /* Embed the event fields inside the cloned skb. */ 467 /* Embed the event fields inside the cloned skb. */
466 event = sctp_skb2event(skb); 468 event = sctp_skb2event(skb);
467 sctp_ulpevent_init(event, MSG_NOTIFICATION); 469 sctp_ulpevent_init(event, MSG_NOTIFICATION, skb->truesize);
468 470
469 ssf = (struct sctp_send_failed *) 471 ssf = (struct sctp_send_failed *)
470 skb_push(skb, sizeof(struct sctp_send_failed)); 472 skb_push(skb, sizeof(struct sctp_send_failed));
@@ -682,8 +684,11 @@ struct sctp_ulpevent *sctp_ulpevent_make_rcvmsg(struct sctp_association *asoc,
682 /* Embed the event fields inside the cloned skb. */ 684 /* Embed the event fields inside the cloned skb. */
683 event = sctp_skb2event(skb); 685 event = sctp_skb2event(skb);
684 686
685 /* Initialize event with flags 0. */ 687 /* Initialize event with flags 0 and correct length
686 sctp_ulpevent_init(event, 0); 688 * Since this is a clone of the original skb, only account for
689 * the data of this chunk as other chunks will be accounted separately.
690 */
691 sctp_ulpevent_init(event, 0, skb->len + sizeof(struct sk_buff));
687 692
688 sctp_ulpevent_receive_data(event, asoc); 693 sctp_ulpevent_receive_data(event, asoc);
689 694
diff --git a/net/sctp/ulpqueue.c b/net/sctp/ulpqueue.c
index 575e556aeb3e..e1d144275f97 100644
--- a/net/sctp/ulpqueue.c
+++ b/net/sctp/ulpqueue.c
@@ -309,7 +309,7 @@ static struct sctp_ulpevent *sctp_make_reassembled_event(struct sk_buff_head *qu
309 if (!new) 309 if (!new)
310 return NULL; /* try again later */ 310 return NULL; /* try again later */
311 311
312 new->sk = f_frag->sk; 312 sctp_skb_set_owner_r(new, f_frag->sk);
313 313
314 skb_shinfo(new)->frag_list = pos; 314 skb_shinfo(new)->frag_list = pos;
315 } else 315 } else
diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c
index 447d9aef4605..1f0f079ffa65 100644
--- a/net/sunrpc/auth_gss/svcauth_gss.c
+++ b/net/sunrpc/auth_gss/svcauth_gss.c
@@ -1146,10 +1146,11 @@ out:
1146 return ret; 1146 return ret;
1147} 1147}
1148 1148
1149u32 * 1149static __be32 *
1150svcauth_gss_prepare_to_wrap(struct xdr_buf *resbuf, struct gss_svc_data *gsd) 1150svcauth_gss_prepare_to_wrap(struct xdr_buf *resbuf, struct gss_svc_data *gsd)
1151{ 1151{
1152 u32 *p, verf_len; 1152 __be32 *p;
1153 u32 verf_len;
1153 1154
1154 p = gsd->verf_start; 1155 p = gsd->verf_start;
1155 gsd->verf_start = NULL; 1156 gsd->verf_start = NULL;
diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c
index c2c8bb20d07f..2807fa0eab40 100644
--- a/net/sunrpc/svc.c
+++ b/net/sunrpc/svc.c
@@ -282,7 +282,10 @@ __svc_create(struct svc_program *prog, unsigned int bufsize, int npools,
282 serv->sv_program = prog; 282 serv->sv_program = prog;
283 serv->sv_nrthreads = 1; 283 serv->sv_nrthreads = 1;
284 serv->sv_stats = prog->pg_stats; 284 serv->sv_stats = prog->pg_stats;
285 serv->sv_bufsz = bufsize? bufsize : 4096; 285 if (bufsize > RPCSVC_MAXPAYLOAD)
286 bufsize = RPCSVC_MAXPAYLOAD;
287 serv->sv_max_payload = bufsize? bufsize : 4096;
288 serv->sv_max_mesg = roundup(serv->sv_max_payload + PAGE_SIZE, PAGE_SIZE);
286 serv->sv_shutdown = shutdown; 289 serv->sv_shutdown = shutdown;
287 xdrsize = 0; 290 xdrsize = 0;
288 while (prog) { 291 while (prog) {
@@ -414,9 +417,9 @@ svc_init_buffer(struct svc_rqst *rqstp, unsigned int size)
414 int pages; 417 int pages;
415 int arghi; 418 int arghi;
416 419
417 if (size > RPCSVC_MAXPAYLOAD) 420 pages = size / PAGE_SIZE + 1; /* extra page as we hold both request and reply.
418 size = RPCSVC_MAXPAYLOAD; 421 * We assume one is at most one page
419 pages = 2 + (size+ PAGE_SIZE -1) / PAGE_SIZE; 422 */
420 arghi = 0; 423 arghi = 0;
421 BUG_ON(pages > RPCSVC_MAXPAGES); 424 BUG_ON(pages > RPCSVC_MAXPAGES);
422 while (pages) { 425 while (pages) {
@@ -463,7 +466,7 @@ __svc_create_thread(svc_thread_fn func, struct svc_serv *serv,
463 466
464 if (!(rqstp->rq_argp = kmalloc(serv->sv_xdrsize, GFP_KERNEL)) 467 if (!(rqstp->rq_argp = kmalloc(serv->sv_xdrsize, GFP_KERNEL))
465 || !(rqstp->rq_resp = kmalloc(serv->sv_xdrsize, GFP_KERNEL)) 468 || !(rqstp->rq_resp = kmalloc(serv->sv_xdrsize, GFP_KERNEL))
466 || !svc_init_buffer(rqstp, serv->sv_bufsz)) 469 || !svc_init_buffer(rqstp, serv->sv_max_mesg))
467 goto out_thread; 470 goto out_thread;
468 471
469 serv->sv_nrthreads++; 472 serv->sv_nrthreads++;
@@ -938,8 +941,8 @@ u32 svc_max_payload(const struct svc_rqst *rqstp)
938 941
939 if (rqstp->rq_sock->sk_sock->type == SOCK_DGRAM) 942 if (rqstp->rq_sock->sk_sock->type == SOCK_DGRAM)
940 max = RPCSVC_MAXPAYLOAD_UDP; 943 max = RPCSVC_MAXPAYLOAD_UDP;
941 if (rqstp->rq_server->sv_bufsz < max) 944 if (rqstp->rq_server->sv_max_payload < max)
942 max = rqstp->rq_server->sv_bufsz; 945 max = rqstp->rq_server->sv_max_payload;
943 return max; 946 return max;
944} 947}
945EXPORT_SYMBOL_GPL(svc_max_payload); 948EXPORT_SYMBOL_GPL(svc_max_payload);
diff --git a/net/sunrpc/svcsock.c b/net/sunrpc/svcsock.c
index b39e7e2b648f..61e307cca13d 100644
--- a/net/sunrpc/svcsock.c
+++ b/net/sunrpc/svcsock.c
@@ -192,13 +192,13 @@ svc_sock_enqueue(struct svc_sock *svsk)
192 svsk->sk_pool = pool; 192 svsk->sk_pool = pool;
193 193
194 set_bit(SOCK_NOSPACE, &svsk->sk_sock->flags); 194 set_bit(SOCK_NOSPACE, &svsk->sk_sock->flags);
195 if (((atomic_read(&svsk->sk_reserved) + serv->sv_bufsz)*2 195 if (((atomic_read(&svsk->sk_reserved) + serv->sv_max_mesg)*2
196 > svc_sock_wspace(svsk)) 196 > svc_sock_wspace(svsk))
197 && !test_bit(SK_CLOSE, &svsk->sk_flags) 197 && !test_bit(SK_CLOSE, &svsk->sk_flags)
198 && !test_bit(SK_CONN, &svsk->sk_flags)) { 198 && !test_bit(SK_CONN, &svsk->sk_flags)) {
199 /* Don't enqueue while not enough space for reply */ 199 /* Don't enqueue while not enough space for reply */
200 dprintk("svc: socket %p no space, %d*2 > %ld, not enqueued\n", 200 dprintk("svc: socket %p no space, %d*2 > %ld, not enqueued\n",
201 svsk->sk_sk, atomic_read(&svsk->sk_reserved)+serv->sv_bufsz, 201 svsk->sk_sk, atomic_read(&svsk->sk_reserved)+serv->sv_max_mesg,
202 svc_sock_wspace(svsk)); 202 svc_sock_wspace(svsk));
203 svsk->sk_pool = NULL; 203 svsk->sk_pool = NULL;
204 clear_bit(SK_BUSY, &svsk->sk_flags); 204 clear_bit(SK_BUSY, &svsk->sk_flags);
@@ -220,7 +220,7 @@ svc_sock_enqueue(struct svc_sock *svsk)
220 rqstp, rqstp->rq_sock); 220 rqstp, rqstp->rq_sock);
221 rqstp->rq_sock = svsk; 221 rqstp->rq_sock = svsk;
222 atomic_inc(&svsk->sk_inuse); 222 atomic_inc(&svsk->sk_inuse);
223 rqstp->rq_reserved = serv->sv_bufsz; 223 rqstp->rq_reserved = serv->sv_max_mesg;
224 atomic_add(rqstp->rq_reserved, &svsk->sk_reserved); 224 atomic_add(rqstp->rq_reserved, &svsk->sk_reserved);
225 BUG_ON(svsk->sk_pool != pool); 225 BUG_ON(svsk->sk_pool != pool);
226 wake_up(&rqstp->rq_wait); 226 wake_up(&rqstp->rq_wait);
@@ -639,8 +639,8 @@ svc_udp_recvfrom(struct svc_rqst *rqstp)
639 * which will access the socket. 639 * which will access the socket.
640 */ 640 */
641 svc_sock_setbufsize(svsk->sk_sock, 641 svc_sock_setbufsize(svsk->sk_sock,
642 (serv->sv_nrthreads+3) * serv->sv_bufsz, 642 (serv->sv_nrthreads+3) * serv->sv_max_mesg,
643 (serv->sv_nrthreads+3) * serv->sv_bufsz); 643 (serv->sv_nrthreads+3) * serv->sv_max_mesg);
644 644
645 if ((rqstp->rq_deferred = svc_deferred_dequeue(svsk))) { 645 if ((rqstp->rq_deferred = svc_deferred_dequeue(svsk))) {
646 svc_sock_received(svsk); 646 svc_sock_received(svsk);
@@ -749,8 +749,8 @@ svc_udp_init(struct svc_sock *svsk)
749 * svc_udp_recvfrom will re-adjust if necessary 749 * svc_udp_recvfrom will re-adjust if necessary
750 */ 750 */
751 svc_sock_setbufsize(svsk->sk_sock, 751 svc_sock_setbufsize(svsk->sk_sock,
752 3 * svsk->sk_server->sv_bufsz, 752 3 * svsk->sk_server->sv_max_mesg,
753 3 * svsk->sk_server->sv_bufsz); 753 3 * svsk->sk_server->sv_max_mesg);
754 754
755 set_bit(SK_DATA, &svsk->sk_flags); /* might have come in before data_ready set up */ 755 set_bit(SK_DATA, &svsk->sk_flags); /* might have come in before data_ready set up */
756 set_bit(SK_CHNGBUF, &svsk->sk_flags); 756 set_bit(SK_CHNGBUF, &svsk->sk_flags);
@@ -993,8 +993,8 @@ svc_tcp_recvfrom(struct svc_rqst *rqstp)
993 * as soon a a complete request arrives. 993 * as soon a a complete request arrives.
994 */ 994 */
995 svc_sock_setbufsize(svsk->sk_sock, 995 svc_sock_setbufsize(svsk->sk_sock,
996 (serv->sv_nrthreads+3) * serv->sv_bufsz, 996 (serv->sv_nrthreads+3) * serv->sv_max_mesg,
997 3 * serv->sv_bufsz); 997 3 * serv->sv_max_mesg);
998 998
999 clear_bit(SK_DATA, &svsk->sk_flags); 999 clear_bit(SK_DATA, &svsk->sk_flags);
1000 1000
@@ -1032,7 +1032,7 @@ svc_tcp_recvfrom(struct svc_rqst *rqstp)
1032 } 1032 }
1033 svsk->sk_reclen &= 0x7fffffff; 1033 svsk->sk_reclen &= 0x7fffffff;
1034 dprintk("svc: TCP record, %d bytes\n", svsk->sk_reclen); 1034 dprintk("svc: TCP record, %d bytes\n", svsk->sk_reclen);
1035 if (svsk->sk_reclen > serv->sv_bufsz) { 1035 if (svsk->sk_reclen > serv->sv_max_mesg) {
1036 printk(KERN_NOTICE "RPC: bad TCP reclen 0x%08lx (large)\n", 1036 printk(KERN_NOTICE "RPC: bad TCP reclen 0x%08lx (large)\n",
1037 (unsigned long) svsk->sk_reclen); 1037 (unsigned long) svsk->sk_reclen);
1038 goto err_delete; 1038 goto err_delete;
@@ -1171,8 +1171,8 @@ svc_tcp_init(struct svc_sock *svsk)
1171 * svc_tcp_recvfrom will re-adjust if necessary 1171 * svc_tcp_recvfrom will re-adjust if necessary
1172 */ 1172 */
1173 svc_sock_setbufsize(svsk->sk_sock, 1173 svc_sock_setbufsize(svsk->sk_sock,
1174 3 * svsk->sk_server->sv_bufsz, 1174 3 * svsk->sk_server->sv_max_mesg,
1175 3 * svsk->sk_server->sv_bufsz); 1175 3 * svsk->sk_server->sv_max_mesg);
1176 1176
1177 set_bit(SK_CHNGBUF, &svsk->sk_flags); 1177 set_bit(SK_CHNGBUF, &svsk->sk_flags);
1178 set_bit(SK_DATA, &svsk->sk_flags); 1178 set_bit(SK_DATA, &svsk->sk_flags);
@@ -1234,7 +1234,7 @@ svc_recv(struct svc_rqst *rqstp, long timeout)
1234 1234
1235 1235
1236 /* now allocate needed pages. If we get a failure, sleep briefly */ 1236 /* now allocate needed pages. If we get a failure, sleep briefly */
1237 pages = 2 + (serv->sv_bufsz + PAGE_SIZE -1) / PAGE_SIZE; 1237 pages = (serv->sv_max_mesg + PAGE_SIZE) / PAGE_SIZE;
1238 for (i=0; i < pages ; i++) 1238 for (i=0; i < pages ; i++)
1239 while (rqstp->rq_pages[i] == NULL) { 1239 while (rqstp->rq_pages[i] == NULL) {
1240 struct page *p = alloc_page(GFP_KERNEL); 1240 struct page *p = alloc_page(GFP_KERNEL);
@@ -1263,7 +1263,7 @@ svc_recv(struct svc_rqst *rqstp, long timeout)
1263 if ((svsk = svc_sock_dequeue(pool)) != NULL) { 1263 if ((svsk = svc_sock_dequeue(pool)) != NULL) {
1264 rqstp->rq_sock = svsk; 1264 rqstp->rq_sock = svsk;
1265 atomic_inc(&svsk->sk_inuse); 1265 atomic_inc(&svsk->sk_inuse);
1266 rqstp->rq_reserved = serv->sv_bufsz; 1266 rqstp->rq_reserved = serv->sv_max_mesg;
1267 atomic_add(rqstp->rq_reserved, &svsk->sk_reserved); 1267 atomic_add(rqstp->rq_reserved, &svsk->sk_reserved);
1268 } else { 1268 } else {
1269 /* No data pending. Go to sleep */ 1269 /* No data pending. Go to sleep */
diff --git a/net/tipc/socket.c b/net/tipc/socket.c
index 32d778448a00..acfb852e7c98 100644
--- a/net/tipc/socket.c
+++ b/net/tipc/socket.c
@@ -941,7 +941,7 @@ static int recv_stream(struct kiocb *iocb, struct socket *sock,
941 int sz_to_copy; 941 int sz_to_copy;
942 int sz_copied = 0; 942 int sz_copied = 0;
943 int needed; 943 int needed;
944 char *crs = m->msg_iov->iov_base; 944 char __user *crs = m->msg_iov->iov_base;
945 unsigned char *buf_crs; 945 unsigned char *buf_crs;
946 u32 err; 946 u32 err;
947 int res; 947 int res;
@@ -1496,7 +1496,7 @@ static int setsockopt(struct socket *sock,
1496 return -ENOPROTOOPT; 1496 return -ENOPROTOOPT;
1497 if (ol < sizeof(value)) 1497 if (ol < sizeof(value))
1498 return -EINVAL; 1498 return -EINVAL;
1499 if ((res = get_user(value, (u32 *)ov))) 1499 if ((res = get_user(value, (u32 __user *)ov)))
1500 return res; 1500 return res;
1501 1501
1502 if (down_interruptible(&tsock->sem)) 1502 if (down_interruptible(&tsock->sem))
@@ -1541,7 +1541,7 @@ static int setsockopt(struct socket *sock,
1541 */ 1541 */
1542 1542
1543static int getsockopt(struct socket *sock, 1543static int getsockopt(struct socket *sock,
1544 int lvl, int opt, char __user *ov, int *ol) 1544 int lvl, int opt, char __user *ov, int __user *ol)
1545{ 1545{
1546 struct tipc_sock *tsock = tipc_sk(sock->sk); 1546 struct tipc_sock *tsock = tipc_sk(sock->sk);
1547 int len; 1547 int len;
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 2a7861661f14..7736b23c3f03 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -883,30 +883,32 @@ out:
883} 883}
884EXPORT_SYMBOL(xfrm_policy_walk); 884EXPORT_SYMBOL(xfrm_policy_walk);
885 885
886/* Find policy to apply to this flow. */ 886/*
887 887 * Find policy to apply to this flow.
888 *
889 * Returns 0 if policy found, else an -errno.
890 */
888static int xfrm_policy_match(struct xfrm_policy *pol, struct flowi *fl, 891static int xfrm_policy_match(struct xfrm_policy *pol, struct flowi *fl,
889 u8 type, u16 family, int dir) 892 u8 type, u16 family, int dir)
890{ 893{
891 struct xfrm_selector *sel = &pol->selector; 894 struct xfrm_selector *sel = &pol->selector;
892 int match; 895 int match, ret = -ESRCH;
893 896
894 if (pol->family != family || 897 if (pol->family != family ||
895 pol->type != type) 898 pol->type != type)
896 return 0; 899 return ret;
897 900
898 match = xfrm_selector_match(sel, fl, family); 901 match = xfrm_selector_match(sel, fl, family);
899 if (match) { 902 if (match)
900 if (!security_xfrm_policy_lookup(pol, fl->secid, dir)) 903 ret = security_xfrm_policy_lookup(pol, fl->secid, dir);
901 return 1;
902 }
903 904
904 return 0; 905 return ret;
905} 906}
906 907
907static struct xfrm_policy *xfrm_policy_lookup_bytype(u8 type, struct flowi *fl, 908static struct xfrm_policy *xfrm_policy_lookup_bytype(u8 type, struct flowi *fl,
908 u16 family, u8 dir) 909 u16 family, u8 dir)
909{ 910{
911 int err;
910 struct xfrm_policy *pol, *ret; 912 struct xfrm_policy *pol, *ret;
911 xfrm_address_t *daddr, *saddr; 913 xfrm_address_t *daddr, *saddr;
912 struct hlist_node *entry; 914 struct hlist_node *entry;
@@ -922,7 +924,15 @@ static struct xfrm_policy *xfrm_policy_lookup_bytype(u8 type, struct flowi *fl,
922 chain = policy_hash_direct(daddr, saddr, family, dir); 924 chain = policy_hash_direct(daddr, saddr, family, dir);
923 ret = NULL; 925 ret = NULL;
924 hlist_for_each_entry(pol, entry, chain, bydst) { 926 hlist_for_each_entry(pol, entry, chain, bydst) {
925 if (xfrm_policy_match(pol, fl, type, family, dir)) { 927 err = xfrm_policy_match(pol, fl, type, family, dir);
928 if (err) {
929 if (err == -ESRCH)
930 continue;
931 else {
932 ret = ERR_PTR(err);
933 goto fail;
934 }
935 } else {
926 ret = pol; 936 ret = pol;
927 priority = ret->priority; 937 priority = ret->priority;
928 break; 938 break;
@@ -930,36 +940,53 @@ static struct xfrm_policy *xfrm_policy_lookup_bytype(u8 type, struct flowi *fl,
930 } 940 }
931 chain = &xfrm_policy_inexact[dir]; 941 chain = &xfrm_policy_inexact[dir];
932 hlist_for_each_entry(pol, entry, chain, bydst) { 942 hlist_for_each_entry(pol, entry, chain, bydst) {
933 if (xfrm_policy_match(pol, fl, type, family, dir) && 943 err = xfrm_policy_match(pol, fl, type, family, dir);
934 pol->priority < priority) { 944 if (err) {
945 if (err == -ESRCH)
946 continue;
947 else {
948 ret = ERR_PTR(err);
949 goto fail;
950 }
951 } else if (pol->priority < priority) {
935 ret = pol; 952 ret = pol;
936 break; 953 break;
937 } 954 }
938 } 955 }
939 if (ret) 956 if (ret)
940 xfrm_pol_hold(ret); 957 xfrm_pol_hold(ret);
958fail:
941 read_unlock_bh(&xfrm_policy_lock); 959 read_unlock_bh(&xfrm_policy_lock);
942 960
943 return ret; 961 return ret;
944} 962}
945 963
946static void xfrm_policy_lookup(struct flowi *fl, u16 family, u8 dir, 964static int xfrm_policy_lookup(struct flowi *fl, u16 family, u8 dir,
947 void **objp, atomic_t **obj_refp) 965 void **objp, atomic_t **obj_refp)
948{ 966{
949 struct xfrm_policy *pol; 967 struct xfrm_policy *pol;
968 int err = 0;
950 969
951#ifdef CONFIG_XFRM_SUB_POLICY 970#ifdef CONFIG_XFRM_SUB_POLICY
952 pol = xfrm_policy_lookup_bytype(XFRM_POLICY_TYPE_SUB, fl, family, dir); 971 pol = xfrm_policy_lookup_bytype(XFRM_POLICY_TYPE_SUB, fl, family, dir);
953 if (pol) 972 if (IS_ERR(pol)) {
973 err = PTR_ERR(pol);
974 pol = NULL;
975 }
976 if (pol || err)
954 goto end; 977 goto end;
955#endif 978#endif
956 pol = xfrm_policy_lookup_bytype(XFRM_POLICY_TYPE_MAIN, fl, family, dir); 979 pol = xfrm_policy_lookup_bytype(XFRM_POLICY_TYPE_MAIN, fl, family, dir);
957 980 if (IS_ERR(pol)) {
981 err = PTR_ERR(pol);
982 pol = NULL;
983 }
958#ifdef CONFIG_XFRM_SUB_POLICY 984#ifdef CONFIG_XFRM_SUB_POLICY
959end: 985end:
960#endif 986#endif
961 if ((*objp = (void *) pol) != NULL) 987 if ((*objp = (void *) pol) != NULL)
962 *obj_refp = &pol->refcnt; 988 *obj_refp = &pol->refcnt;
989 return err;
963} 990}
964 991
965static inline int policy_to_flow_dir(int dir) 992static inline int policy_to_flow_dir(int dir)
@@ -989,12 +1016,16 @@ static struct xfrm_policy *xfrm_sk_policy_lookup(struct sock *sk, int dir, struc
989 sk->sk_family); 1016 sk->sk_family);
990 int err = 0; 1017 int err = 0;
991 1018
992 if (match) 1019 if (match) {
993 err = security_xfrm_policy_lookup(pol, fl->secid, policy_to_flow_dir(dir)); 1020 err = security_xfrm_policy_lookup(pol, fl->secid,
994 1021 policy_to_flow_dir(dir));
995 if (match && !err) 1022 if (!err)
996 xfrm_pol_hold(pol); 1023 xfrm_pol_hold(pol);
997 else 1024 else if (err == -ESRCH)
1025 pol = NULL;
1026 else
1027 pol = ERR_PTR(err);
1028 } else
998 pol = NULL; 1029 pol = NULL;
999 } 1030 }
1000 read_unlock_bh(&xfrm_policy_lock); 1031 read_unlock_bh(&xfrm_policy_lock);
@@ -1286,8 +1317,11 @@ restart:
1286 pol_dead = 0; 1317 pol_dead = 0;
1287 xfrm_nr = 0; 1318 xfrm_nr = 0;
1288 1319
1289 if (sk && sk->sk_policy[1]) 1320 if (sk && sk->sk_policy[1]) {
1290 policy = xfrm_sk_policy_lookup(sk, XFRM_POLICY_OUT, fl); 1321 policy = xfrm_sk_policy_lookup(sk, XFRM_POLICY_OUT, fl);
1322 if (IS_ERR(policy))
1323 return PTR_ERR(policy);
1324 }
1291 1325
1292 if (!policy) { 1326 if (!policy) {
1293 /* To accelerate a bit... */ 1327 /* To accelerate a bit... */
@@ -1297,6 +1331,8 @@ restart:
1297 1331
1298 policy = flow_cache_lookup(fl, dst_orig->ops->family, 1332 policy = flow_cache_lookup(fl, dst_orig->ops->family,
1299 dir, xfrm_policy_lookup); 1333 dir, xfrm_policy_lookup);
1334 if (IS_ERR(policy))
1335 return PTR_ERR(policy);
1300 } 1336 }
1301 1337
1302 if (!policy) 1338 if (!policy)
@@ -1343,6 +1379,10 @@ restart:
1343 fl, family, 1379 fl, family,
1344 XFRM_POLICY_OUT); 1380 XFRM_POLICY_OUT);
1345 if (pols[1]) { 1381 if (pols[1]) {
1382 if (IS_ERR(pols[1])) {
1383 err = PTR_ERR(pols[1]);
1384 goto error;
1385 }
1346 if (pols[1]->action == XFRM_POLICY_BLOCK) { 1386 if (pols[1]->action == XFRM_POLICY_BLOCK) {
1347 err = -EPERM; 1387 err = -EPERM;
1348 goto error; 1388 goto error;
@@ -1574,13 +1614,19 @@ int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb,
1574 } 1614 }
1575 1615
1576 pol = NULL; 1616 pol = NULL;
1577 if (sk && sk->sk_policy[dir]) 1617 if (sk && sk->sk_policy[dir]) {
1578 pol = xfrm_sk_policy_lookup(sk, dir, &fl); 1618 pol = xfrm_sk_policy_lookup(sk, dir, &fl);
1619 if (IS_ERR(pol))
1620 return 0;
1621 }
1579 1622
1580 if (!pol) 1623 if (!pol)
1581 pol = flow_cache_lookup(&fl, family, fl_dir, 1624 pol = flow_cache_lookup(&fl, family, fl_dir,
1582 xfrm_policy_lookup); 1625 xfrm_policy_lookup);
1583 1626
1627 if (IS_ERR(pol))
1628 return 0;
1629
1584 if (!pol) { 1630 if (!pol) {
1585 if (skb->sp && secpath_has_nontransport(skb->sp, 0, &xerr_idx)) { 1631 if (skb->sp && secpath_has_nontransport(skb->sp, 0, &xerr_idx)) {
1586 xfrm_secpath_reject(xerr_idx, skb, &fl); 1632 xfrm_secpath_reject(xerr_idx, skb, &fl);
@@ -1599,6 +1645,8 @@ int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb,
1599 &fl, family, 1645 &fl, family,
1600 XFRM_POLICY_IN); 1646 XFRM_POLICY_IN);
1601 if (pols[1]) { 1647 if (pols[1]) {
1648 if (IS_ERR(pols[1]))
1649 return 0;
1602 pols[1]->curlft.use_time = (unsigned long)xtime.tv_sec; 1650 pols[1]->curlft.use_time = (unsigned long)xtime.tv_sec;
1603 npols ++; 1651 npols ++;
1604 } 1652 }
@@ -1706,7 +1754,7 @@ static struct dst_entry *xfrm_dst_check(struct dst_entry *dst, u32 cookie)
1706 1754
1707static int stale_bundle(struct dst_entry *dst) 1755static int stale_bundle(struct dst_entry *dst)
1708{ 1756{
1709 return !xfrm_bundle_ok((struct xfrm_dst *)dst, NULL, AF_UNSPEC, 0); 1757 return !xfrm_bundle_ok(NULL, (struct xfrm_dst *)dst, NULL, AF_UNSPEC, 0);
1710} 1758}
1711 1759
1712void xfrm_dst_ifdown(struct dst_entry *dst, struct net_device *dev) 1760void xfrm_dst_ifdown(struct dst_entry *dst, struct net_device *dev)
@@ -1828,7 +1876,8 @@ EXPORT_SYMBOL(xfrm_init_pmtu);
1828 * still valid. 1876 * still valid.
1829 */ 1877 */
1830 1878
1831int xfrm_bundle_ok(struct xfrm_dst *first, struct flowi *fl, int family, int strict) 1879int xfrm_bundle_ok(struct xfrm_policy *pol, struct xfrm_dst *first,
1880 struct flowi *fl, int family, int strict)
1832{ 1881{
1833 struct dst_entry *dst = &first->u.dst; 1882 struct dst_entry *dst = &first->u.dst;
1834 struct xfrm_dst *last; 1883 struct xfrm_dst *last;
@@ -1845,7 +1894,7 @@ int xfrm_bundle_ok(struct xfrm_dst *first, struct flowi *fl, int family, int str
1845 1894
1846 if (fl && !xfrm_selector_match(&dst->xfrm->sel, fl, family)) 1895 if (fl && !xfrm_selector_match(&dst->xfrm->sel, fl, family))
1847 return 0; 1896 return 0;
1848 if (fl && !security_xfrm_flow_state_match(fl, dst->xfrm)) 1897 if (fl && !security_xfrm_flow_state_match(fl, dst->xfrm, pol))
1849 return 0; 1898 return 0;
1850 if (dst->xfrm->km.state != XFRM_STATE_VALID) 1899 if (dst->xfrm->km.state != XFRM_STATE_VALID)
1851 return 0; 1900 return 0;
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index d54b3a70d5df..2b2e59d8ffbc 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -1992,15 +1992,6 @@ static struct xfrm_policy *xfrm_compile_policy(struct sock *sk, int opt,
1992 xp->type = XFRM_POLICY_TYPE_MAIN; 1992 xp->type = XFRM_POLICY_TYPE_MAIN;
1993 copy_templates(xp, ut, nr); 1993 copy_templates(xp, ut, nr);
1994 1994
1995 if (!xp->security) {
1996 int err = security_xfrm_sock_policy_alloc(xp, sk);
1997 if (err) {
1998 kfree(xp);
1999 *dir = err;
2000 return NULL;
2001 }
2002 }
2003
2004 *dir = p->dir; 1995 *dir = p->dir;
2005 1996
2006 return xp; 1997 return xp;
generated by cgit v1.2.2 (git 2.25.0) at 2025-02-20 23:48:34 -0500