aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
Diffstat (limited to 'net')
-rw-r--r--net/802/tr.c2
-rw-r--r--net/8021q/vlan_core.c10
-rw-r--r--net/8021q/vlan_dev.c3
-rw-r--r--net/core/dev.c74
-rw-r--r--net/core/net-sysfs.c4
-rw-r--r--net/core/net_namespace.c89
-rw-r--r--net/core/skbuff.c8
-rw-r--r--net/core/sock.c3
-rw-r--r--net/ipv4/cipso_ipv4.c9
-rw-r--r--net/ipv4/icmp.c2
-rw-r--r--net/ipv4/ip_fragment.c3
-rw-r--r--net/ipv4/tcp_input.c9
-rw-r--r--net/ipv4/tcp_ipv4.c2
-rw-r--r--net/ipv4/tcp_output.c1
-rw-r--r--net/ipv4/tcp_scalable.c2
-rw-r--r--net/ipv6/addrconf.c53
-rw-r--r--net/ipv6/af_inet6.c24
-rw-r--r--net/ipv6/inet6_hashtables.c4
-rw-r--r--net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c5
-rw-r--r--net/ipv6/netfilter/nf_conntrack_reasm.c8
-rw-r--r--net/ipv6/reassembly.c7
-rw-r--r--net/ipv6/sit.c2
-rw-r--r--net/mac80211/tx.c2
-rw-r--r--net/netfilter/nf_conntrack_core.c2
-rw-r--r--net/netfilter/nf_conntrack_netlink.c1
-rw-r--r--net/netfilter/nf_conntrack_proto_tcp.c4
-rw-r--r--net/netfilter/nfnetlink_log.c8
-rw-r--r--net/netfilter/x_tables.c199
-rw-r--r--net/netfilter/xt_recent.c2
-rw-r--r--net/netlink/af_netlink.c10
-rw-r--r--net/sched/act_police.c13
-rw-r--r--net/sched/sch_drr.c6
-rw-r--r--net/sctp/endpointola.c3
-rw-r--r--net/sctp/protocol.c16
-rw-r--r--net/sctp/sm_sideeffect.c54
-rw-r--r--net/sctp/sm_statefuns.c16
-rw-r--r--net/sunrpc/sched.c33
-rw-r--r--net/sunrpc/xprt.c2
-rw-r--r--net/sunrpc/xprtsock.c23
-rw-r--r--net/wireless/Kconfig10
-rw-r--r--net/wireless/lib80211_crypt_ccmp.c2
-rw-r--r--net/wireless/lib80211_crypt_tkip.c4
-rw-r--r--net/wireless/nl80211.c11
-rw-r--r--net/wireless/reg.c3
-rw-r--r--net/xfrm/xfrm_state.c90
45 files changed, 529 insertions, 309 deletions
diff --git a/net/802/tr.c b/net/802/tr.c
index 158150fee462..f47ae289d83b 100644
--- a/net/802/tr.c
+++ b/net/802/tr.c
@@ -668,3 +668,5 @@ module_init(rif_init);
668 668
669EXPORT_SYMBOL(tr_type_trans); 669EXPORT_SYMBOL(tr_type_trans);
670EXPORT_SYMBOL(alloc_trdev); 670EXPORT_SYMBOL(alloc_trdev);
671
672MODULE_LICENSE("GPL");
diff --git a/net/8021q/vlan_core.c b/net/8021q/vlan_core.c
index e9db889d6222..2886d2fb9ab5 100644
--- a/net/8021q/vlan_core.c
+++ b/net/8021q/vlan_core.c
@@ -1,12 +1,16 @@
1#include <linux/skbuff.h> 1#include <linux/skbuff.h>
2#include <linux/netdevice.h> 2#include <linux/netdevice.h>
3#include <linux/if_vlan.h> 3#include <linux/if_vlan.h>
4#include <linux/netpoll.h>
4#include "vlan.h" 5#include "vlan.h"
5 6
6/* VLAN rx hw acceleration helper. This acts like netif_{rx,receive_skb}(). */ 7/* VLAN rx hw acceleration helper. This acts like netif_{rx,receive_skb}(). */
7int __vlan_hwaccel_rx(struct sk_buff *skb, struct vlan_group *grp, 8int __vlan_hwaccel_rx(struct sk_buff *skb, struct vlan_group *grp,
8 u16 vlan_tci, int polling) 9 u16 vlan_tci, int polling)
9{ 10{
11 if (netpoll_rx(skb))
12 return NET_RX_DROP;
13
10 if (skb_bond_should_drop(skb)) 14 if (skb_bond_should_drop(skb))
11 goto drop; 15 goto drop;
12 16
@@ -100,6 +104,9 @@ int vlan_gro_receive(struct napi_struct *napi, struct vlan_group *grp,
100{ 104{
101 int err = NET_RX_SUCCESS; 105 int err = NET_RX_SUCCESS;
102 106
107 if (netpoll_receive_skb(skb))
108 return NET_RX_DROP;
109
103 switch (vlan_gro_common(napi, grp, vlan_tci, skb)) { 110 switch (vlan_gro_common(napi, grp, vlan_tci, skb)) {
104 case -1: 111 case -1:
105 return netif_receive_skb(skb); 112 return netif_receive_skb(skb);
@@ -126,6 +133,9 @@ int vlan_gro_frags(struct napi_struct *napi, struct vlan_group *grp,
126 if (!skb) 133 if (!skb)
127 goto out; 134 goto out;
128 135
136 if (netpoll_receive_skb(skb))
137 goto out;
138
129 err = NET_RX_SUCCESS; 139 err = NET_RX_SUCCESS;
130 140
131 switch (vlan_gro_common(napi, grp, vlan_tci, skb)) { 141 switch (vlan_gro_common(napi, grp, vlan_tci, skb)) {
diff --git a/net/8021q/vlan_dev.c b/net/8021q/vlan_dev.c
index 4a19acd3a32b..1b34135cf990 100644
--- a/net/8021q/vlan_dev.c
+++ b/net/8021q/vlan_dev.c
@@ -553,7 +553,7 @@ static int vlan_dev_neigh_setup(struct net_device *dev, struct neigh_parms *pa)
553 int err = 0; 553 int err = 0;
554 554
555 if (netif_device_present(real_dev) && ops->ndo_neigh_setup) 555 if (netif_device_present(real_dev) && ops->ndo_neigh_setup)
556 err = ops->ndo_neigh_setup(dev, pa); 556 err = ops->ndo_neigh_setup(real_dev, pa);
557 557
558 return err; 558 return err;
559} 559}
@@ -639,6 +639,7 @@ static int vlan_dev_init(struct net_device *dev)
639 dev->hard_header_len = real_dev->hard_header_len + VLAN_HLEN; 639 dev->hard_header_len = real_dev->hard_header_len + VLAN_HLEN;
640 dev->netdev_ops = &vlan_netdev_ops; 640 dev->netdev_ops = &vlan_netdev_ops;
641 } 641 }
642 netdev_resync_ops(dev);
642 643
643 if (is_vlan_dev(real_dev)) 644 if (is_vlan_dev(real_dev))
644 subclass = 1; 645 subclass = 1;
diff --git a/net/core/dev.c b/net/core/dev.c
index a17e00662363..e3fe5c705606 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -2267,12 +2267,6 @@ int netif_receive_skb(struct sk_buff *skb)
2267 2267
2268 rcu_read_lock(); 2268 rcu_read_lock();
2269 2269
2270 /* Don't receive packets in an exiting network namespace */
2271 if (!net_alive(dev_net(skb->dev))) {
2272 kfree_skb(skb);
2273 goto out;
2274 }
2275
2276#ifdef CONFIG_NET_CLS_ACT 2270#ifdef CONFIG_NET_CLS_ACT
2277 if (skb->tc_verd & TC_NCLS) { 2271 if (skb->tc_verd & TC_NCLS) {
2278 skb->tc_verd = CLR_TC_NCLS(skb->tc_verd); 2272 skb->tc_verd = CLR_TC_NCLS(skb->tc_verd);
@@ -2488,6 +2482,9 @@ static int __napi_gro_receive(struct napi_struct *napi, struct sk_buff *skb)
2488 2482
2489int napi_gro_receive(struct napi_struct *napi, struct sk_buff *skb) 2483int napi_gro_receive(struct napi_struct *napi, struct sk_buff *skb)
2490{ 2484{
2485 if (netpoll_receive_skb(skb))
2486 return NET_RX_DROP;
2487
2491 switch (__napi_gro_receive(napi, skb)) { 2488 switch (__napi_gro_receive(napi, skb)) {
2492 case -1: 2489 case -1:
2493 return netif_receive_skb(skb); 2490 return netif_receive_skb(skb);
@@ -2558,6 +2555,9 @@ int napi_gro_frags(struct napi_struct *napi, struct napi_gro_fraginfo *info)
2558 if (!skb) 2555 if (!skb)
2559 goto out; 2556 goto out;
2560 2557
2558 if (netpoll_receive_skb(skb))
2559 goto out;
2560
2561 err = NET_RX_SUCCESS; 2561 err = NET_RX_SUCCESS;
2562 2562
2563 switch (__napi_gro_receive(napi, skb)) { 2563 switch (__napi_gro_receive(napi, skb)) {
@@ -2588,9 +2588,9 @@ static int process_backlog(struct napi_struct *napi, int quota)
2588 local_irq_disable(); 2588 local_irq_disable();
2589 skb = __skb_dequeue(&queue->input_pkt_queue); 2589 skb = __skb_dequeue(&queue->input_pkt_queue);
2590 if (!skb) { 2590 if (!skb) {
2591 __napi_complete(napi);
2592 local_irq_enable(); 2591 local_irq_enable();
2593 break; 2592 napi_complete(napi);
2593 goto out;
2594 } 2594 }
2595 local_irq_enable(); 2595 local_irq_enable();
2596 2596
@@ -2599,6 +2599,7 @@ static int process_backlog(struct napi_struct *napi, int quota)
2599 2599
2600 napi_gro_flush(napi); 2600 napi_gro_flush(napi);
2601 2601
2602out:
2602 return work; 2603 return work;
2603} 2604}
2604 2605
@@ -2671,7 +2672,7 @@ void netif_napi_del(struct napi_struct *napi)
2671 struct sk_buff *skb, *next; 2672 struct sk_buff *skb, *next;
2672 2673
2673 list_del_init(&napi->dev_list); 2674 list_del_init(&napi->dev_list);
2674 kfree(napi->skb); 2675 kfree_skb(napi->skb);
2675 2676
2676 for (skb = napi->gro_list; skb; skb = next) { 2677 for (skb = napi->gro_list; skb; skb = next) {
2677 next = skb->next; 2678 next = skb->next;
@@ -4282,6 +4283,39 @@ unsigned long netdev_fix_features(unsigned long features, const char *name)
4282} 4283}
4283EXPORT_SYMBOL(netdev_fix_features); 4284EXPORT_SYMBOL(netdev_fix_features);
4284 4285
4286/* Some devices need to (re-)set their netdev_ops inside
4287 * ->init() or similar. If that happens, we have to setup
4288 * the compat pointers again.
4289 */
4290void netdev_resync_ops(struct net_device *dev)
4291{
4292#ifdef CONFIG_COMPAT_NET_DEV_OPS
4293 const struct net_device_ops *ops = dev->netdev_ops;
4294
4295 dev->init = ops->ndo_init;
4296 dev->uninit = ops->ndo_uninit;
4297 dev->open = ops->ndo_open;
4298 dev->change_rx_flags = ops->ndo_change_rx_flags;
4299 dev->set_rx_mode = ops->ndo_set_rx_mode;
4300 dev->set_multicast_list = ops->ndo_set_multicast_list;
4301 dev->set_mac_address = ops->ndo_set_mac_address;
4302 dev->validate_addr = ops->ndo_validate_addr;
4303 dev->do_ioctl = ops->ndo_do_ioctl;
4304 dev->set_config = ops->ndo_set_config;
4305 dev->change_mtu = ops->ndo_change_mtu;
4306 dev->neigh_setup = ops->ndo_neigh_setup;
4307 dev->tx_timeout = ops->ndo_tx_timeout;
4308 dev->get_stats = ops->ndo_get_stats;
4309 dev->vlan_rx_register = ops->ndo_vlan_rx_register;
4310 dev->vlan_rx_add_vid = ops->ndo_vlan_rx_add_vid;
4311 dev->vlan_rx_kill_vid = ops->ndo_vlan_rx_kill_vid;
4312#ifdef CONFIG_NET_POLL_CONTROLLER
4313 dev->poll_controller = ops->ndo_poll_controller;
4314#endif
4315#endif
4316}
4317EXPORT_SYMBOL(netdev_resync_ops);
4318
4285/** 4319/**
4286 * register_netdevice - register a network device 4320 * register_netdevice - register a network device
4287 * @dev: device to register 4321 * @dev: device to register
@@ -4326,27 +4360,7 @@ int register_netdevice(struct net_device *dev)
4326 * This is temporary until all network devices are converted. 4360 * This is temporary until all network devices are converted.
4327 */ 4361 */
4328 if (dev->netdev_ops) { 4362 if (dev->netdev_ops) {
4329 const struct net_device_ops *ops = dev->netdev_ops; 4363 netdev_resync_ops(dev);
4330
4331 dev->init = ops->ndo_init;
4332 dev->uninit = ops->ndo_uninit;
4333 dev->open = ops->ndo_open;
4334 dev->change_rx_flags = ops->ndo_change_rx_flags;
4335 dev->set_rx_mode = ops->ndo_set_rx_mode;
4336 dev->set_multicast_list = ops->ndo_set_multicast_list;
4337 dev->set_mac_address = ops->ndo_set_mac_address;
4338 dev->validate_addr = ops->ndo_validate_addr;
4339 dev->do_ioctl = ops->ndo_do_ioctl;
4340 dev->set_config = ops->ndo_set_config;
4341 dev->change_mtu = ops->ndo_change_mtu;
4342 dev->tx_timeout = ops->ndo_tx_timeout;
4343 dev->get_stats = ops->ndo_get_stats;
4344 dev->vlan_rx_register = ops->ndo_vlan_rx_register;
4345 dev->vlan_rx_add_vid = ops->ndo_vlan_rx_add_vid;
4346 dev->vlan_rx_kill_vid = ops->ndo_vlan_rx_kill_vid;
4347#ifdef CONFIG_NET_POLL_CONTROLLER
4348 dev->poll_controller = ops->ndo_poll_controller;
4349#endif
4350 } else { 4364 } else {
4351 char drivername[64]; 4365 char drivername[64];
4352 pr_info("%s (%s): not using net_device_ops yet\n", 4366 pr_info("%s (%s): not using net_device_ops yet\n",
diff --git a/net/core/net-sysfs.c b/net/core/net-sysfs.c
index 6ac29a46e23e..484f58750eba 100644
--- a/net/core/net-sysfs.c
+++ b/net/core/net-sysfs.c
@@ -77,7 +77,9 @@ static ssize_t netdev_store(struct device *dev, struct device_attribute *attr,
77 if (endp == buf) 77 if (endp == buf)
78 goto err; 78 goto err;
79 79
80 rtnl_lock(); 80 if (!rtnl_trylock())
81 return -ERESTARTSYS;
82
81 if (dev_isalive(net)) { 83 if (dev_isalive(net)) {
82 if ((ret = (*set)(net, new)) == 0) 84 if ((ret = (*set)(net, new)) == 0)
83 ret = len; 85 ret = len;
diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c
index 55151faaf90c..e3bebd36f053 100644
--- a/net/core/net_namespace.c
+++ b/net/core/net_namespace.c
@@ -32,24 +32,14 @@ static __net_init int setup_net(struct net *net)
32{ 32{
33 /* Must be called with net_mutex held */ 33 /* Must be called with net_mutex held */
34 struct pernet_operations *ops; 34 struct pernet_operations *ops;
35 int error; 35 int error = 0;
36 struct net_generic *ng;
37 36
38 atomic_set(&net->count, 1); 37 atomic_set(&net->count, 1);
38
39#ifdef NETNS_REFCNT_DEBUG 39#ifdef NETNS_REFCNT_DEBUG
40 atomic_set(&net->use_count, 0); 40 atomic_set(&net->use_count, 0);
41#endif 41#endif
42 42
43 error = -ENOMEM;
44 ng = kzalloc(sizeof(struct net_generic) +
45 INITIAL_NET_GEN_PTRS * sizeof(void *), GFP_KERNEL);
46 if (ng == NULL)
47 goto out;
48
49 ng->len = INITIAL_NET_GEN_PTRS;
50 rcu_assign_pointer(net->gen, ng);
51
52 error = 0;
53 list_for_each_entry(ops, &pernet_list, list) { 43 list_for_each_entry(ops, &pernet_list, list) {
54 if (ops->init) { 44 if (ops->init) {
55 error = ops->init(net); 45 error = ops->init(net);
@@ -70,24 +60,50 @@ out_undo:
70 } 60 }
71 61
72 rcu_barrier(); 62 rcu_barrier();
73 kfree(ng);
74 goto out; 63 goto out;
75} 64}
76 65
66static struct net_generic *net_alloc_generic(void)
67{
68 struct net_generic *ng;
69 size_t generic_size = sizeof(struct net_generic) +
70 INITIAL_NET_GEN_PTRS * sizeof(void *);
71
72 ng = kzalloc(generic_size, GFP_KERNEL);
73 if (ng)
74 ng->len = INITIAL_NET_GEN_PTRS;
75
76 return ng;
77}
78
77#ifdef CONFIG_NET_NS 79#ifdef CONFIG_NET_NS
78static struct kmem_cache *net_cachep; 80static struct kmem_cache *net_cachep;
79static struct workqueue_struct *netns_wq; 81static struct workqueue_struct *netns_wq;
80 82
81static struct net *net_alloc(void) 83static struct net *net_alloc(void)
82{ 84{
83 return kmem_cache_zalloc(net_cachep, GFP_KERNEL); 85 struct net *net = NULL;
86 struct net_generic *ng;
87
88 ng = net_alloc_generic();
89 if (!ng)
90 goto out;
91
92 net = kmem_cache_zalloc(net_cachep, GFP_KERNEL);
93 if (!net)
94 goto out_free;
95
96 rcu_assign_pointer(net->gen, ng);
97out:
98 return net;
99
100out_free:
101 kfree(ng);
102 goto out;
84} 103}
85 104
86static void net_free(struct net *net) 105static void net_free(struct net *net)
87{ 106{
88 if (!net)
89 return;
90
91#ifdef NETNS_REFCNT_DEBUG 107#ifdef NETNS_REFCNT_DEBUG
92 if (unlikely(atomic_read(&net->use_count) != 0)) { 108 if (unlikely(atomic_read(&net->use_count) != 0)) {
93 printk(KERN_EMERG "network namespace not free! Usage: %d\n", 109 printk(KERN_EMERG "network namespace not free! Usage: %d\n",
@@ -112,27 +128,28 @@ struct net *copy_net_ns(unsigned long flags, struct net *old_net)
112 err = -ENOMEM; 128 err = -ENOMEM;
113 new_net = net_alloc(); 129 new_net = net_alloc();
114 if (!new_net) 130 if (!new_net)
115 goto out; 131 goto out_err;
116 132
117 mutex_lock(&net_mutex); 133 mutex_lock(&net_mutex);
118 err = setup_net(new_net); 134 err = setup_net(new_net);
119 if (err) 135 if (!err) {
120 goto out_unlock; 136 rtnl_lock();
121 137 list_add_tail(&new_net->list, &net_namespace_list);
122 rtnl_lock(); 138 rtnl_unlock();
123 list_add_tail(&new_net->list, &net_namespace_list); 139 }
124 rtnl_unlock();
125
126
127out_unlock:
128 mutex_unlock(&net_mutex); 140 mutex_unlock(&net_mutex);
141
142 if (err)
143 goto out_free;
129out: 144out:
130 put_net(old_net); 145 put_net(old_net);
131 if (err) {
132 net_free(new_net);
133 new_net = ERR_PTR(err);
134 }
135 return new_net; 146 return new_net;
147
148out_free:
149 net_free(new_net);
150out_err:
151 new_net = ERR_PTR(err);
152 goto out;
136} 153}
137 154
138static void cleanup_net(struct work_struct *work) 155static void cleanup_net(struct work_struct *work)
@@ -140,9 +157,6 @@ static void cleanup_net(struct work_struct *work)
140 struct pernet_operations *ops; 157 struct pernet_operations *ops;
141 struct net *net; 158 struct net *net;
142 159
143 /* Be very certain incoming network packets will not find us */
144 rcu_barrier();
145
146 net = container_of(work, struct net, work); 160 net = container_of(work, struct net, work);
147 161
148 mutex_lock(&net_mutex); 162 mutex_lock(&net_mutex);
@@ -188,6 +202,7 @@ struct net *copy_net_ns(unsigned long flags, struct net *old_net)
188 202
189static int __init net_ns_init(void) 203static int __init net_ns_init(void)
190{ 204{
205 struct net_generic *ng;
191 int err; 206 int err;
192 207
193 printk(KERN_INFO "net_namespace: %zd bytes\n", sizeof(struct net)); 208 printk(KERN_INFO "net_namespace: %zd bytes\n", sizeof(struct net));
@@ -202,6 +217,12 @@ static int __init net_ns_init(void)
202 panic("Could not create netns workq"); 217 panic("Could not create netns workq");
203#endif 218#endif
204 219
220 ng = net_alloc_generic();
221 if (!ng)
222 panic("Could not allocate generic netns");
223
224 rcu_assign_pointer(init_net.gen, ng);
225
205 mutex_lock(&net_mutex); 226 mutex_lock(&net_mutex);
206 err = setup_net(&init_net); 227 err = setup_net(&init_net);
207 228
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index da74b844f4ea..c6a6b166f8d6 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -143,14 +143,6 @@ void skb_under_panic(struct sk_buff *skb, int sz, void *here)
143 BUG(); 143 BUG();
144} 144}
145 145
146void skb_truesize_bug(struct sk_buff *skb)
147{
148 WARN(net_ratelimit(), KERN_ERR "SKB BUG: Invalid truesize (%u) "
149 "len=%u, sizeof(sk_buff)=%Zd\n",
150 skb->truesize, skb->len, sizeof(struct sk_buff));
151}
152EXPORT_SYMBOL(skb_truesize_bug);
153
154/* Allocate a new skbuff. We do this ourselves so we can fill in a few 146/* Allocate a new skbuff. We do this ourselves so we can fill in a few
155 * 'private' fields and also do memory statistics to find all the 147 * 'private' fields and also do memory statistics to find all the
156 * [BEEP] leaks. 148 * [BEEP] leaks.
diff --git a/net/core/sock.c b/net/core/sock.c
index 6f2e1337975d..5f97caa158e8 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -696,7 +696,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
696 if (len < 0) 696 if (len < 0)
697 return -EINVAL; 697 return -EINVAL;
698 698
699 v.val = 0; 699 memset(&v, 0, sizeof(v));
700 700
701 switch(optname) { 701 switch(optname) {
702 case SO_DEBUG: 702 case SO_DEBUG:
@@ -1137,7 +1137,6 @@ void sock_rfree(struct sk_buff *skb)
1137{ 1137{
1138 struct sock *sk = skb->sk; 1138 struct sock *sk = skb->sk;
1139 1139
1140 skb_truesize_check(skb);
1141 atomic_sub(skb->truesize, &sk->sk_rmem_alloc); 1140 atomic_sub(skb->truesize, &sk->sk_rmem_alloc);
1142 sk_mem_uncharge(skb->sk, skb->truesize); 1141 sk_mem_uncharge(skb->sk, skb->truesize);
1143} 1142}
diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c
index 6bb2635b5ded..7bc992976d29 100644
--- a/net/ipv4/cipso_ipv4.c
+++ b/net/ipv4/cipso_ipv4.c
@@ -3,11 +3,16 @@
3 * 3 *
4 * This is an implementation of the CIPSO 2.2 protocol as specified in 4 * This is an implementation of the CIPSO 2.2 protocol as specified in
5 * draft-ietf-cipso-ipsecurity-01.txt with additional tag types as found in 5 * draft-ietf-cipso-ipsecurity-01.txt with additional tag types as found in
6 * FIPS-188, copies of both documents can be found in the Documentation 6 * FIPS-188. While CIPSO never became a full IETF RFC standard many vendors
7 * directory. While CIPSO never became a full IETF RFC standard many vendors
8 * have chosen to adopt the protocol and over the years it has become a 7 * have chosen to adopt the protocol and over the years it has become a
9 * de-facto standard for labeled networking. 8 * de-facto standard for labeled networking.
10 * 9 *
10 * The CIPSO draft specification can be found in the kernel's Documentation
11 * directory as well as the following URL:
12 * http://netlabel.sourceforge.net/files/draft-ietf-cipso-ipsecurity-01.txt
13 * The FIPS-188 specification can be found at the following URL:
14 * http://www.itl.nist.gov/fipspubs/fip188.htm
15 *
11 * Author: Paul Moore <paul.moore@hp.com> 16 * Author: Paul Moore <paul.moore@hp.com>
12 * 17 *
13 */ 18 */
diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c
index 705b33b184a3..fc562d29cc46 100644
--- a/net/ipv4/icmp.c
+++ b/net/ipv4/icmp.c
@@ -1205,7 +1205,7 @@ static struct pernet_operations __net_initdata icmp_sk_ops = {
1205 1205
1206int __init icmp_init(void) 1206int __init icmp_init(void)
1207{ 1207{
1208 return register_pernet_device(&icmp_sk_ops); 1208 return register_pernet_subsys(&icmp_sk_ops);
1209} 1209}
1210 1210
1211EXPORT_SYMBOL(icmp_err_convert); 1211EXPORT_SYMBOL(icmp_err_convert);
diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
index 6659ac000eeb..7985346653bd 100644
--- a/net/ipv4/ip_fragment.c
+++ b/net/ipv4/ip_fragment.c
@@ -463,6 +463,7 @@ err:
463static int ip_frag_reasm(struct ipq *qp, struct sk_buff *prev, 463static int ip_frag_reasm(struct ipq *qp, struct sk_buff *prev,
464 struct net_device *dev) 464 struct net_device *dev)
465{ 465{
466 struct net *net = container_of(qp->q.net, struct net, ipv4.frags);
466 struct iphdr *iph; 467 struct iphdr *iph;
467 struct sk_buff *fp, *head = qp->q.fragments; 468 struct sk_buff *fp, *head = qp->q.fragments;
468 int len; 469 int len;
@@ -548,7 +549,7 @@ static int ip_frag_reasm(struct ipq *qp, struct sk_buff *prev,
548 iph = ip_hdr(head); 549 iph = ip_hdr(head);
549 iph->frag_off = 0; 550 iph->frag_off = 0;
550 iph->tot_len = htons(len); 551 iph->tot_len = htons(len);
551 IP_INC_STATS_BH(dev_net(dev), IPSTATS_MIB_REASMOKS); 552 IP_INC_STATS_BH(net, IPSTATS_MIB_REASMOKS);
552 qp->q.fragments = NULL; 553 qp->q.fragments = NULL;
553 return 0; 554 return 0;
554 555
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index a6961d75c7ea..c28976a7e596 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -1374,7 +1374,8 @@ static u8 tcp_sacktag_one(struct sk_buff *skb, struct sock *sk,
1374 1374
1375static int tcp_shifted_skb(struct sock *sk, struct sk_buff *skb, 1375static int tcp_shifted_skb(struct sock *sk, struct sk_buff *skb,
1376 struct tcp_sacktag_state *state, 1376 struct tcp_sacktag_state *state,
1377 unsigned int pcount, int shifted, int mss) 1377 unsigned int pcount, int shifted, int mss,
1378 int dup_sack)
1378{ 1379{
1379 struct tcp_sock *tp = tcp_sk(sk); 1380 struct tcp_sock *tp = tcp_sk(sk);
1380 struct sk_buff *prev = tcp_write_queue_prev(sk, skb); 1381 struct sk_buff *prev = tcp_write_queue_prev(sk, skb);
@@ -1410,7 +1411,7 @@ static int tcp_shifted_skb(struct sock *sk, struct sk_buff *skb,
1410 } 1411 }
1411 1412
1412 /* We discard results */ 1413 /* We discard results */
1413 tcp_sacktag_one(skb, sk, state, 0, pcount); 1414 tcp_sacktag_one(skb, sk, state, dup_sack, pcount);
1414 1415
1415 /* Difference in this won't matter, both ACKed by the same cumul. ACK */ 1416 /* Difference in this won't matter, both ACKed by the same cumul. ACK */
1416 TCP_SKB_CB(prev)->sacked |= (TCP_SKB_CB(skb)->sacked & TCPCB_EVER_RETRANS); 1417 TCP_SKB_CB(prev)->sacked |= (TCP_SKB_CB(skb)->sacked & TCPCB_EVER_RETRANS);
@@ -1561,7 +1562,7 @@ static struct sk_buff *tcp_shift_skb_data(struct sock *sk, struct sk_buff *skb,
1561 1562
1562 if (!skb_shift(prev, skb, len)) 1563 if (!skb_shift(prev, skb, len))
1563 goto fallback; 1564 goto fallback;
1564 if (!tcp_shifted_skb(sk, skb, state, pcount, len, mss)) 1565 if (!tcp_shifted_skb(sk, skb, state, pcount, len, mss, dup_sack))
1565 goto out; 1566 goto out;
1566 1567
1567 /* Hole filled allows collapsing with the next as well, this is very 1568 /* Hole filled allows collapsing with the next as well, this is very
@@ -1580,7 +1581,7 @@ static struct sk_buff *tcp_shift_skb_data(struct sock *sk, struct sk_buff *skb,
1580 len = skb->len; 1581 len = skb->len;
1581 if (skb_shift(prev, skb, len)) { 1582 if (skb_shift(prev, skb, len)) {
1582 pcount += tcp_skb_pcount(skb); 1583 pcount += tcp_skb_pcount(skb);
1583 tcp_shifted_skb(sk, skb, state, tcp_skb_pcount(skb), len, mss); 1584 tcp_shifted_skb(sk, skb, state, tcp_skb_pcount(skb), len, mss, 0);
1584 } 1585 }
1585 1586
1586out: 1587out:
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 19d7b429a262..cf74c416831a 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -2443,7 +2443,7 @@ static struct pernet_operations __net_initdata tcp_sk_ops = {
2443void __init tcp_v4_init(void) 2443void __init tcp_v4_init(void)
2444{ 2444{
2445 inet_hashinfo_init(&tcp_hashinfo); 2445 inet_hashinfo_init(&tcp_hashinfo);
2446 if (register_pernet_device(&tcp_sk_ops)) 2446 if (register_pernet_subsys(&tcp_sk_ops))
2447 panic("Failed to create the TCP control socket.\n"); 2447 panic("Failed to create the TCP control socket.\n");
2448} 2448}
2449 2449
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index dda42f0bd7a3..da2c3b8794f2 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -2023,7 +2023,6 @@ void tcp_xmit_retransmit_queue(struct sock *sk)
2023 last_lost = tp->snd_una; 2023 last_lost = tp->snd_una;
2024 } 2024 }
2025 2025
2026 /* First pass: retransmit lost packets. */
2027 tcp_for_write_queue_from(skb, sk) { 2026 tcp_for_write_queue_from(skb, sk) {
2028 __u8 sacked = TCP_SKB_CB(skb)->sacked; 2027 __u8 sacked = TCP_SKB_CB(skb)->sacked;
2029 2028
diff --git a/net/ipv4/tcp_scalable.c b/net/ipv4/tcp_scalable.c
index 2747ec7bfb63..4660b088a8ce 100644
--- a/net/ipv4/tcp_scalable.c
+++ b/net/ipv4/tcp_scalable.c
@@ -1,6 +1,6 @@
1/* Tom Kelly's Scalable TCP 1/* Tom Kelly's Scalable TCP
2 * 2 *
3 * See htt://www-lce.eng.cam.ac.uk/~ctk21/scalable/ 3 * See http://www.deneholme.net/tom/scalable/
4 * 4 *
5 * John Heffner <jheffner@sc.edu> 5 * John Heffner <jheffner@sc.edu>
6 */ 6 */
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index f9afb452249c..1220e2c7831e 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -493,15 +493,17 @@ static void addrconf_forward_change(struct net *net, __s32 newf)
493 read_unlock(&dev_base_lock); 493 read_unlock(&dev_base_lock);
494} 494}
495 495
496static void addrconf_fixup_forwarding(struct ctl_table *table, int *p, int old) 496static int addrconf_fixup_forwarding(struct ctl_table *table, int *p, int old)
497{ 497{
498 struct net *net; 498 struct net *net;
499 499
500 net = (struct net *)table->extra2; 500 net = (struct net *)table->extra2;
501 if (p == &net->ipv6.devconf_dflt->forwarding) 501 if (p == &net->ipv6.devconf_dflt->forwarding)
502 return; 502 return 0;
503
504 if (!rtnl_trylock())
505 return -ERESTARTSYS;
503 506
504 rtnl_lock();
505 if (p == &net->ipv6.devconf_all->forwarding) { 507 if (p == &net->ipv6.devconf_all->forwarding) {
506 __s32 newf = net->ipv6.devconf_all->forwarding; 508 __s32 newf = net->ipv6.devconf_all->forwarding;
507 net->ipv6.devconf_dflt->forwarding = newf; 509 net->ipv6.devconf_dflt->forwarding = newf;
@@ -512,6 +514,7 @@ static void addrconf_fixup_forwarding(struct ctl_table *table, int *p, int old)
512 514
513 if (*p) 515 if (*p)
514 rt6_purge_dflt_routers(net); 516 rt6_purge_dflt_routers(net);
517 return 1;
515} 518}
516#endif 519#endif
517 520
@@ -2608,9 +2611,6 @@ static int addrconf_ifdown(struct net_device *dev, int how)
2608 2611
2609 ASSERT_RTNL(); 2612 ASSERT_RTNL();
2610 2613
2611 if ((dev->flags & IFF_LOOPBACK) && how == 1)
2612 how = 0;
2613
2614 rt6_ifdown(net, dev); 2614 rt6_ifdown(net, dev);
2615 neigh_ifdown(&nd_tbl, dev); 2615 neigh_ifdown(&nd_tbl, dev);
2616 2616
@@ -3983,7 +3983,7 @@ int addrconf_sysctl_forward(ctl_table *ctl, int write, struct file * filp,
3983 ret = proc_dointvec(ctl, write, filp, buffer, lenp, ppos); 3983 ret = proc_dointvec(ctl, write, filp, buffer, lenp, ppos);
3984 3984
3985 if (write) 3985 if (write)
3986 addrconf_fixup_forwarding(ctl, valp, val); 3986 ret = addrconf_fixup_forwarding(ctl, valp, val);
3987 return ret; 3987 return ret;
3988} 3988}
3989 3989
@@ -4019,8 +4019,7 @@ static int addrconf_sysctl_forward_strategy(ctl_table *table,
4019 } 4019 }
4020 4020
4021 *valp = new; 4021 *valp = new;
4022 addrconf_fixup_forwarding(table, valp, val); 4022 return addrconf_fixup_forwarding(table, valp, val);
4023 return 1;
4024} 4023}
4025 4024
4026static struct addrconf_sysctl_table 4025static struct addrconf_sysctl_table
@@ -4446,25 +4445,6 @@ int unregister_inet6addr_notifier(struct notifier_block *nb)
4446 4445
4447EXPORT_SYMBOL(unregister_inet6addr_notifier); 4446EXPORT_SYMBOL(unregister_inet6addr_notifier);
4448 4447
4449static void addrconf_net_exit(struct net *net)
4450{
4451 struct net_device *dev;
4452
4453 rtnl_lock();
4454 /* clean dev list */
4455 for_each_netdev(net, dev) {
4456 if (__in6_dev_get(dev) == NULL)
4457 continue;
4458 addrconf_ifdown(dev, 1);
4459 }
4460 addrconf_ifdown(net->loopback_dev, 2);
4461 rtnl_unlock();
4462}
4463
4464static struct pernet_operations addrconf_net_ops = {
4465 .exit = addrconf_net_exit,
4466};
4467
4468/* 4448/*
4469 * Init / cleanup code 4449 * Init / cleanup code
4470 */ 4450 */
@@ -4506,10 +4486,6 @@ int __init addrconf_init(void)
4506 if (err) 4486 if (err)
4507 goto errlo; 4487 goto errlo;
4508 4488
4509 err = register_pernet_device(&addrconf_net_ops);
4510 if (err)
4511 return err;
4512
4513 register_netdevice_notifier(&ipv6_dev_notf); 4489 register_netdevice_notifier(&ipv6_dev_notf);
4514 4490
4515 addrconf_verify(0); 4491 addrconf_verify(0);
@@ -4539,15 +4515,22 @@ errlo:
4539void addrconf_cleanup(void) 4515void addrconf_cleanup(void)
4540{ 4516{
4541 struct inet6_ifaddr *ifa; 4517 struct inet6_ifaddr *ifa;
4518 struct net_device *dev;
4542 int i; 4519 int i;
4543 4520
4544 unregister_netdevice_notifier(&ipv6_dev_notf); 4521 unregister_netdevice_notifier(&ipv6_dev_notf);
4545 unregister_pernet_device(&addrconf_net_ops);
4546
4547 unregister_pernet_subsys(&addrconf_ops); 4522 unregister_pernet_subsys(&addrconf_ops);
4548 4523
4549 rtnl_lock(); 4524 rtnl_lock();
4550 4525
4526 /* clean dev list */
4527 for_each_netdev(&init_net, dev) {
4528 if (__in6_dev_get(dev) == NULL)
4529 continue;
4530 addrconf_ifdown(dev, 1);
4531 }
4532 addrconf_ifdown(init_net.loopback_dev, 2);
4533
4551 /* 4534 /*
4552 * Check hash table. 4535 * Check hash table.
4553 */ 4536 */
@@ -4568,6 +4551,4 @@ void addrconf_cleanup(void)
4568 4551
4569 del_timer(&addr_chk_timer); 4552 del_timer(&addr_chk_timer);
4570 rtnl_unlock(); 4553 rtnl_unlock();
4571
4572 unregister_pernet_subsys(&addrconf_net_ops);
4573} 4554}
diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
index c802bc1658a8..9c8309ed35cf 100644
--- a/net/ipv6/af_inet6.c
+++ b/net/ipv6/af_inet6.c
@@ -72,6 +72,10 @@ MODULE_LICENSE("GPL");
72static struct list_head inetsw6[SOCK_MAX]; 72static struct list_head inetsw6[SOCK_MAX];
73static DEFINE_SPINLOCK(inetsw6_lock); 73static DEFINE_SPINLOCK(inetsw6_lock);
74 74
75static int disable_ipv6 = 0;
76module_param_named(disable, disable_ipv6, int, 0);
77MODULE_PARM_DESC(disable, "Disable IPv6 such that it is non-functional");
78
75static __inline__ struct ipv6_pinfo *inet6_sk_generic(struct sock *sk) 79static __inline__ struct ipv6_pinfo *inet6_sk_generic(struct sock *sk)
76{ 80{
77 const int offset = sk->sk_prot->obj_size - sizeof(struct ipv6_pinfo); 81 const int offset = sk->sk_prot->obj_size - sizeof(struct ipv6_pinfo);
@@ -991,10 +995,21 @@ static int __init inet6_init(void)
991{ 995{
992 struct sk_buff *dummy_skb; 996 struct sk_buff *dummy_skb;
993 struct list_head *r; 997 struct list_head *r;
994 int err; 998 int err = 0;
995 999
996 BUILD_BUG_ON(sizeof(struct inet6_skb_parm) > sizeof(dummy_skb->cb)); 1000 BUILD_BUG_ON(sizeof(struct inet6_skb_parm) > sizeof(dummy_skb->cb));
997 1001
1002 /* Register the socket-side information for inet6_create. */
1003 for(r = &inetsw6[0]; r < &inetsw6[SOCK_MAX]; ++r)
1004 INIT_LIST_HEAD(r);
1005
1006 if (disable_ipv6) {
1007 printk(KERN_INFO
1008 "IPv6: Loaded, but administratively disabled, "
1009 "reboot required to enable\n");
1010 goto out;
1011 }
1012
998 err = proto_register(&tcpv6_prot, 1); 1013 err = proto_register(&tcpv6_prot, 1);
999 if (err) 1014 if (err)
1000 goto out; 1015 goto out;
@@ -1012,10 +1027,6 @@ static int __init inet6_init(void)
1012 goto out_unregister_udplite_proto; 1027 goto out_unregister_udplite_proto;
1013 1028
1014 1029
1015 /* Register the socket-side information for inet6_create. */
1016 for(r = &inetsw6[0]; r < &inetsw6[SOCK_MAX]; ++r)
1017 INIT_LIST_HEAD(r);
1018
1019 /* We MUST register RAW sockets before we create the ICMP6, 1030 /* We MUST register RAW sockets before we create the ICMP6,
1020 * IGMP6, or NDISC control sockets. 1031 * IGMP6, or NDISC control sockets.
1021 */ 1032 */
@@ -1181,6 +1192,9 @@ module_init(inet6_init);
1181 1192
1182static void __exit inet6_exit(void) 1193static void __exit inet6_exit(void)
1183{ 1194{
1195 if (disable_ipv6)
1196 return;
1197
1184 /* First of all disallow new sockets creation. */ 1198 /* First of all disallow new sockets creation. */
1185 sock_unregister(PF_INET6); 1199 sock_unregister(PF_INET6);
1186 /* Disallow any further netlink messages */ 1200 /* Disallow any further netlink messages */
diff --git a/net/ipv6/inet6_hashtables.c b/net/ipv6/inet6_hashtables.c
index 8fe267feb81e..1bcc3431859e 100644
--- a/net/ipv6/inet6_hashtables.c
+++ b/net/ipv6/inet6_hashtables.c
@@ -258,11 +258,11 @@ unique:
258 258
259 if (twp != NULL) { 259 if (twp != NULL) {
260 *twp = tw; 260 *twp = tw;
261 NET_INC_STATS_BH(twsk_net(tw), LINUX_MIB_TIMEWAITRECYCLED); 261 NET_INC_STATS_BH(net, LINUX_MIB_TIMEWAITRECYCLED);
262 } else if (tw != NULL) { 262 } else if (tw != NULL) {
263 /* Silly. Should hash-dance instead... */ 263 /* Silly. Should hash-dance instead... */
264 inet_twsk_deschedule(tw, death_row); 264 inet_twsk_deschedule(tw, death_row);
265 NET_INC_STATS_BH(twsk_net(tw), LINUX_MIB_TIMEWAITRECYCLED); 265 NET_INC_STATS_BH(net, LINUX_MIB_TIMEWAITRECYCLED);
266 266
267 inet_twsk_put(tw); 267 inet_twsk_put(tw);
268 } 268 }
diff --git a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
index c323643ffcf9..72dbb6d1a6b3 100644
--- a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
+++ b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
@@ -201,8 +201,9 @@ icmpv6_error(struct net *net, struct sk_buff *skb, unsigned int dataoff,
201 201
202 if (net->ct.sysctl_checksum && hooknum == NF_INET_PRE_ROUTING && 202 if (net->ct.sysctl_checksum && hooknum == NF_INET_PRE_ROUTING &&
203 nf_ip6_checksum(skb, hooknum, dataoff, IPPROTO_ICMPV6)) { 203 nf_ip6_checksum(skb, hooknum, dataoff, IPPROTO_ICMPV6)) {
204 nf_log_packet(PF_INET6, 0, skb, NULL, NULL, NULL, 204 if (LOG_INVALID(net, IPPROTO_ICMPV6))
205 "nf_ct_icmpv6: ICMPv6 checksum failed\n"); 205 nf_log_packet(PF_INET6, 0, skb, NULL, NULL, NULL,
206 "nf_ct_icmpv6: ICMPv6 checksum failed ");
206 return -NF_ACCEPT; 207 return -NF_ACCEPT;
207 } 208 }
208 209
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
index ed4d79a9e4a6..058a5e4a60c3 100644
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -528,14 +528,14 @@ find_prev_fhdr(struct sk_buff *skb, u8 *prevhdrp, int *prevhoff, int *fhoff)
528 if (!ipv6_ext_hdr(nexthdr)) { 528 if (!ipv6_ext_hdr(nexthdr)) {
529 return -1; 529 return -1;
530 } 530 }
531 if (len < (int)sizeof(struct ipv6_opt_hdr)) {
532 pr_debug("too short\n");
533 return -1;
534 }
535 if (nexthdr == NEXTHDR_NONE) { 531 if (nexthdr == NEXTHDR_NONE) {
536 pr_debug("next header is none\n"); 532 pr_debug("next header is none\n");
537 return -1; 533 return -1;
538 } 534 }
535 if (len < (int)sizeof(struct ipv6_opt_hdr)) {
536 pr_debug("too short\n");
537 return -1;
538 }
539 if (skb_copy_bits(skb, start, &hdr, sizeof(hdr))) 539 if (skb_copy_bits(skb, start, &hdr, sizeof(hdr)))
540 BUG(); 540 BUG();
541 if (nexthdr == NEXTHDR_AUTH) 541 if (nexthdr == NEXTHDR_AUTH)
diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c
index 3c575118fca5..e9ac7a12f595 100644
--- a/net/ipv6/reassembly.c
+++ b/net/ipv6/reassembly.c
@@ -452,6 +452,7 @@ err:
452static int ip6_frag_reasm(struct frag_queue *fq, struct sk_buff *prev, 452static int ip6_frag_reasm(struct frag_queue *fq, struct sk_buff *prev,
453 struct net_device *dev) 453 struct net_device *dev)
454{ 454{
455 struct net *net = container_of(fq->q.net, struct net, ipv6.frags);
455 struct sk_buff *fp, *head = fq->q.fragments; 456 struct sk_buff *fp, *head = fq->q.fragments;
456 int payload_len; 457 int payload_len;
457 unsigned int nhoff; 458 unsigned int nhoff;
@@ -551,8 +552,7 @@ static int ip6_frag_reasm(struct frag_queue *fq, struct sk_buff *prev,
551 head->csum); 552 head->csum);
552 553
553 rcu_read_lock(); 554 rcu_read_lock();
554 IP6_INC_STATS_BH(dev_net(dev), 555 IP6_INC_STATS_BH(net, __in6_dev_get(dev), IPSTATS_MIB_REASMOKS);
555 __in6_dev_get(dev), IPSTATS_MIB_REASMOKS);
556 rcu_read_unlock(); 556 rcu_read_unlock();
557 fq->q.fragments = NULL; 557 fq->q.fragments = NULL;
558 return 1; 558 return 1;
@@ -566,8 +566,7 @@ out_oom:
566 printk(KERN_DEBUG "ip6_frag_reasm: no memory for reassembly\n"); 566 printk(KERN_DEBUG "ip6_frag_reasm: no memory for reassembly\n");
567out_fail: 567out_fail:
568 rcu_read_lock(); 568 rcu_read_lock();
569 IP6_INC_STATS_BH(dev_net(dev), 569 IP6_INC_STATS_BH(net, __in6_dev_get(dev), IPSTATS_MIB_REASMFAILS);
570 __in6_dev_get(dev), IPSTATS_MIB_REASMFAILS);
571 rcu_read_unlock(); 570 rcu_read_unlock();
572 return -1; 571 return -1;
573} 572}
diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c
index d3467e563f02..5cee2bcbcece 100644
--- a/net/ipv6/sit.c
+++ b/net/ipv6/sit.c
@@ -188,9 +188,9 @@ static struct ip_tunnel * ipip6_tunnel_locate(struct net *net,
188 } 188 }
189 189
190 nt = netdev_priv(dev); 190 nt = netdev_priv(dev);
191 ipip6_tunnel_init(dev);
192 191
193 nt->parms = *parms; 192 nt->parms = *parms;
193 ipip6_tunnel_init(dev);
194 194
195 if (parms->i_flags & SIT_ISATAP) 195 if (parms->i_flags & SIT_ISATAP)
196 dev->priv_flags |= IFF_ISATAP; 196 dev->priv_flags |= IFF_ISATAP;
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index 94de5033f0b6..37e3d5ef7e3f 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -752,6 +752,8 @@ ieee80211_tx_h_fragment(struct ieee80211_tx_data *tx)
752 skb_copy_queue_mapping(frag, first); 752 skb_copy_queue_mapping(frag, first);
753 753
754 frag->do_not_encrypt = first->do_not_encrypt; 754 frag->do_not_encrypt = first->do_not_encrypt;
755 frag->dev = first->dev;
756 frag->iif = first->iif;
755 757
756 pos += copylen; 758 pos += copylen;
757 left -= copylen; 759 left -= copylen;
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 90ce9ddb9451..f4935e344b61 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -726,7 +726,7 @@ nf_conntrack_in(struct net *net, u_int8_t pf, unsigned int hooknum,
726 NF_CT_ASSERT(skb->nfct); 726 NF_CT_ASSERT(skb->nfct);
727 727
728 ret = l4proto->packet(ct, skb, dataoff, ctinfo, pf, hooknum); 728 ret = l4proto->packet(ct, skb, dataoff, ctinfo, pf, hooknum);
729 if (ret < 0) { 729 if (ret <= 0) {
730 /* Invalid: inverse of the return code tells 730 /* Invalid: inverse of the return code tells
731 * the netfilter core what to do */ 731 * the netfilter core what to do */
732 pr_debug("nf_conntrack_in: Can't track with proto module\n"); 732 pr_debug("nf_conntrack_in: Can't track with proto module\n");
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index cb78aa00399e..ed6d873ad384 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -1780,6 +1780,7 @@ ctnetlink_create_expect(struct nlattr *cda[], u_int8_t u3, u32 pid, int report)
1780 goto out; 1780 goto out;
1781 } 1781 }
1782 1782
1783 exp->class = 0;
1783 exp->expectfn = NULL; 1784 exp->expectfn = NULL;
1784 exp->flags = 0; 1785 exp->flags = 0;
1785 exp->master = ct; 1786 exp->master = ct;
diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c
index a1edb9c1adee..f3fd154d1ddd 100644
--- a/net/netfilter/nf_conntrack_proto_tcp.c
+++ b/net/netfilter/nf_conntrack_proto_tcp.c
@@ -859,7 +859,7 @@ static int tcp_packet(struct nf_conn *ct,
859 */ 859 */
860 if (nf_ct_kill(ct)) 860 if (nf_ct_kill(ct))
861 return -NF_REPEAT; 861 return -NF_REPEAT;
862 return -NF_DROP; 862 return NF_DROP;
863 } 863 }
864 /* Fall through */ 864 /* Fall through */
865 case TCP_CONNTRACK_IGNORE: 865 case TCP_CONNTRACK_IGNORE:
@@ -892,7 +892,7 @@ static int tcp_packet(struct nf_conn *ct,
892 nf_log_packet(pf, 0, skb, NULL, NULL, NULL, 892 nf_log_packet(pf, 0, skb, NULL, NULL, NULL,
893 "nf_ct_tcp: killing out of sync session "); 893 "nf_ct_tcp: killing out of sync session ");
894 nf_ct_kill(ct); 894 nf_ct_kill(ct);
895 return -NF_DROP; 895 return NF_DROP;
896 } 896 }
897 ct->proto.tcp.last_index = index; 897 ct->proto.tcp.last_index = index;
898 ct->proto.tcp.last_dir = dir; 898 ct->proto.tcp.last_dir = dir;
diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c
index fa49dc7fe100..c712e9fc6bba 100644
--- a/net/netfilter/nfnetlink_log.c
+++ b/net/netfilter/nfnetlink_log.c
@@ -39,7 +39,7 @@
39#endif 39#endif
40 40
41#define NFULNL_NLBUFSIZ_DEFAULT NLMSG_GOODSIZE 41#define NFULNL_NLBUFSIZ_DEFAULT NLMSG_GOODSIZE
42#define NFULNL_TIMEOUT_DEFAULT HZ /* every second */ 42#define NFULNL_TIMEOUT_DEFAULT 100 /* every second */
43#define NFULNL_QTHRESH_DEFAULT 100 /* 100 packets */ 43#define NFULNL_QTHRESH_DEFAULT 100 /* 100 packets */
44#define NFULNL_COPY_RANGE_MAX 0xFFFF /* max packet size is limited by 16-bit struct nfattr nfa_len field */ 44#define NFULNL_COPY_RANGE_MAX 0xFFFF /* max packet size is limited by 16-bit struct nfattr nfa_len field */
45 45
@@ -590,8 +590,10 @@ nfulnl_log_packet(u_int8_t pf,
590 590
591 qthreshold = inst->qthreshold; 591 qthreshold = inst->qthreshold;
592 /* per-rule qthreshold overrides per-instance */ 592 /* per-rule qthreshold overrides per-instance */
593 if (qthreshold > li->u.ulog.qthreshold) 593 if (li->u.ulog.qthreshold)
594 qthreshold = li->u.ulog.qthreshold; 594 if (qthreshold > li->u.ulog.qthreshold)
595 qthreshold = li->u.ulog.qthreshold;
596
595 597
596 switch (inst->copy_mode) { 598 switch (inst->copy_mode) {
597 case NFULNL_COPY_META: 599 case NFULNL_COPY_META:
diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
index bfbf521f6ea5..5baccfa5a0de 100644
--- a/net/netfilter/x_tables.c
+++ b/net/netfilter/x_tables.c
@@ -827,59 +827,143 @@ static const struct file_operations xt_table_ops = {
827 .release = seq_release_net, 827 .release = seq_release_net,
828}; 828};
829 829
830static void *xt_match_seq_start(struct seq_file *seq, loff_t *pos) 830/*
831 * Traverse state for ip{,6}_{tables,matches} for helping crossing
832 * the multi-AF mutexes.
833 */
834struct nf_mttg_trav {
835 struct list_head *head, *curr;
836 uint8_t class, nfproto;
837};
838
839enum {
840 MTTG_TRAV_INIT,
841 MTTG_TRAV_NFP_UNSPEC,
842 MTTG_TRAV_NFP_SPEC,
843 MTTG_TRAV_DONE,
844};
845
846static void *xt_mttg_seq_next(struct seq_file *seq, void *v, loff_t *ppos,
847 bool is_target)
831{ 848{
832 struct proc_dir_entry *pde = (struct proc_dir_entry *)seq->private; 849 static const uint8_t next_class[] = {
833 u_int16_t af = (unsigned long)pde->data; 850 [MTTG_TRAV_NFP_UNSPEC] = MTTG_TRAV_NFP_SPEC,
851 [MTTG_TRAV_NFP_SPEC] = MTTG_TRAV_DONE,
852 };
853 struct nf_mttg_trav *trav = seq->private;
854
855 switch (trav->class) {
856 case MTTG_TRAV_INIT:
857 trav->class = MTTG_TRAV_NFP_UNSPEC;
858 mutex_lock(&xt[NFPROTO_UNSPEC].mutex);
859 trav->head = trav->curr = is_target ?
860 &xt[NFPROTO_UNSPEC].target : &xt[NFPROTO_UNSPEC].match;
861 break;
862 case MTTG_TRAV_NFP_UNSPEC:
863 trav->curr = trav->curr->next;
864 if (trav->curr != trav->head)
865 break;
866 mutex_unlock(&xt[NFPROTO_UNSPEC].mutex);
867 mutex_lock(&xt[trav->nfproto].mutex);
868 trav->head = trav->curr = is_target ?
869 &xt[trav->nfproto].target : &xt[trav->nfproto].match;
870 trav->class = next_class[trav->class];
871 break;
872 case MTTG_TRAV_NFP_SPEC:
873 trav->curr = trav->curr->next;
874 if (trav->curr != trav->head)
875 break;
876 /* fallthru, _stop will unlock */
877 default:
878 return NULL;
879 }
834 880
835 mutex_lock(&xt[af].mutex); 881 if (ppos != NULL)
836 return seq_list_start(&xt[af].match, *pos); 882 ++*ppos;
883 return trav;
837} 884}
838 885
839static void *xt_match_seq_next(struct seq_file *seq, void *v, loff_t *pos) 886static void *xt_mttg_seq_start(struct seq_file *seq, loff_t *pos,
887 bool is_target)
840{ 888{
841 struct proc_dir_entry *pde = (struct proc_dir_entry *)seq->private; 889 struct nf_mttg_trav *trav = seq->private;
842 u_int16_t af = (unsigned long)pde->data; 890 unsigned int j;
843 891
844 return seq_list_next(v, &xt[af].match, pos); 892 trav->class = MTTG_TRAV_INIT;
893 for (j = 0; j < *pos; ++j)
894 if (xt_mttg_seq_next(seq, NULL, NULL, is_target) == NULL)
895 return NULL;
896 return trav;
845} 897}
846 898
847static void xt_match_seq_stop(struct seq_file *seq, void *v) 899static void xt_mttg_seq_stop(struct seq_file *seq, void *v)
848{ 900{
849 struct proc_dir_entry *pde = seq->private; 901 struct nf_mttg_trav *trav = seq->private;
850 u_int16_t af = (unsigned long)pde->data; 902
903 switch (trav->class) {
904 case MTTG_TRAV_NFP_UNSPEC:
905 mutex_unlock(&xt[NFPROTO_UNSPEC].mutex);
906 break;
907 case MTTG_TRAV_NFP_SPEC:
908 mutex_unlock(&xt[trav->nfproto].mutex);
909 break;
910 }
911}
851 912
852 mutex_unlock(&xt[af].mutex); 913static void *xt_match_seq_start(struct seq_file *seq, loff_t *pos)
914{
915 return xt_mttg_seq_start(seq, pos, false);
853} 916}
854 917
855static int xt_match_seq_show(struct seq_file *seq, void *v) 918static void *xt_match_seq_next(struct seq_file *seq, void *v, loff_t *ppos)
856{ 919{
857 struct xt_match *match = list_entry(v, struct xt_match, list); 920 return xt_mttg_seq_next(seq, v, ppos, false);
921}
858 922
859 if (strlen(match->name)) 923static int xt_match_seq_show(struct seq_file *seq, void *v)
860 return seq_printf(seq, "%s\n", match->name); 924{
861 else 925 const struct nf_mttg_trav *trav = seq->private;
862 return 0; 926 const struct xt_match *match;
927
928 switch (trav->class) {
929 case MTTG_TRAV_NFP_UNSPEC:
930 case MTTG_TRAV_NFP_SPEC:
931 if (trav->curr == trav->head)
932 return 0;
933 match = list_entry(trav->curr, struct xt_match, list);
934 return (*match->name == '\0') ? 0 :
935 seq_printf(seq, "%s\n", match->name);
936 }
937 return 0;
863} 938}
864 939
865static const struct seq_operations xt_match_seq_ops = { 940static const struct seq_operations xt_match_seq_ops = {
866 .start = xt_match_seq_start, 941 .start = xt_match_seq_start,
867 .next = xt_match_seq_next, 942 .next = xt_match_seq_next,
868 .stop = xt_match_seq_stop, 943 .stop = xt_mttg_seq_stop,
869 .show = xt_match_seq_show, 944 .show = xt_match_seq_show,
870}; 945};
871 946
872static int xt_match_open(struct inode *inode, struct file *file) 947static int xt_match_open(struct inode *inode, struct file *file)
873{ 948{
949 struct seq_file *seq;
950 struct nf_mttg_trav *trav;
874 int ret; 951 int ret;
875 952
876 ret = seq_open(file, &xt_match_seq_ops); 953 trav = kmalloc(sizeof(*trav), GFP_KERNEL);
877 if (!ret) { 954 if (trav == NULL)
878 struct seq_file *seq = file->private_data; 955 return -ENOMEM;
879 956
880 seq->private = PDE(inode); 957 ret = seq_open(file, &xt_match_seq_ops);
958 if (ret < 0) {
959 kfree(trav);
960 return ret;
881 } 961 }
882 return ret; 962
963 seq = file->private_data;
964 seq->private = trav;
965 trav->nfproto = (unsigned long)PDE(inode)->data;
966 return 0;
883} 967}
884 968
885static const struct file_operations xt_match_ops = { 969static const struct file_operations xt_match_ops = {
@@ -887,62 +971,63 @@ static const struct file_operations xt_match_ops = {
887 .open = xt_match_open, 971 .open = xt_match_open,
888 .read = seq_read, 972 .read = seq_read,
889 .llseek = seq_lseek, 973 .llseek = seq_lseek,
890 .release = seq_release, 974 .release = seq_release_private,
891}; 975};
892 976
893static void *xt_target_seq_start(struct seq_file *seq, loff_t *pos) 977static void *xt_target_seq_start(struct seq_file *seq, loff_t *pos)
894{ 978{
895 struct proc_dir_entry *pde = (struct proc_dir_entry *)seq->private; 979 return xt_mttg_seq_start(seq, pos, true);
896 u_int16_t af = (unsigned long)pde->data;
897
898 mutex_lock(&xt[af].mutex);
899 return seq_list_start(&xt[af].target, *pos);
900} 980}
901 981
902static void *xt_target_seq_next(struct seq_file *seq, void *v, loff_t *pos) 982static void *xt_target_seq_next(struct seq_file *seq, void *v, loff_t *ppos)
903{ 983{
904 struct proc_dir_entry *pde = (struct proc_dir_entry *)seq->private; 984 return xt_mttg_seq_next(seq, v, ppos, true);
905 u_int16_t af = (unsigned long)pde->data;
906
907 return seq_list_next(v, &xt[af].target, pos);
908}
909
910static void xt_target_seq_stop(struct seq_file *seq, void *v)
911{
912 struct proc_dir_entry *pde = seq->private;
913 u_int16_t af = (unsigned long)pde->data;
914
915 mutex_unlock(&xt[af].mutex);
916} 985}
917 986
918static int xt_target_seq_show(struct seq_file *seq, void *v) 987static int xt_target_seq_show(struct seq_file *seq, void *v)
919{ 988{
920 struct xt_target *target = list_entry(v, struct xt_target, list); 989 const struct nf_mttg_trav *trav = seq->private;
921 990 const struct xt_target *target;
922 if (strlen(target->name)) 991
923 return seq_printf(seq, "%s\n", target->name); 992 switch (trav->class) {
924 else 993 case MTTG_TRAV_NFP_UNSPEC:
925 return 0; 994 case MTTG_TRAV_NFP_SPEC:
995 if (trav->curr == trav->head)
996 return 0;
997 target = list_entry(trav->curr, struct xt_target, list);
998 return (*target->name == '\0') ? 0 :
999 seq_printf(seq, "%s\n", target->name);
1000 }
1001 return 0;
926} 1002}
927 1003
928static const struct seq_operations xt_target_seq_ops = { 1004static const struct seq_operations xt_target_seq_ops = {
929 .start = xt_target_seq_start, 1005 .start = xt_target_seq_start,
930 .next = xt_target_seq_next, 1006 .next = xt_target_seq_next,
931 .stop = xt_target_seq_stop, 1007 .stop = xt_mttg_seq_stop,
932 .show = xt_target_seq_show, 1008 .show = xt_target_seq_show,
933}; 1009};
934 1010
935static int xt_target_open(struct inode *inode, struct file *file) 1011static int xt_target_open(struct inode *inode, struct file *file)
936{ 1012{
1013 struct seq_file *seq;
1014 struct nf_mttg_trav *trav;
937 int ret; 1015 int ret;
938 1016
939 ret = seq_open(file, &xt_target_seq_ops); 1017 trav = kmalloc(sizeof(*trav), GFP_KERNEL);
940 if (!ret) { 1018 if (trav == NULL)
941 struct seq_file *seq = file->private_data; 1019 return -ENOMEM;
942 1020
943 seq->private = PDE(inode); 1021 ret = seq_open(file, &xt_target_seq_ops);
1022 if (ret < 0) {
1023 kfree(trav);
1024 return ret;
944 } 1025 }
945 return ret; 1026
1027 seq = file->private_data;
1028 seq->private = trav;
1029 trav->nfproto = (unsigned long)PDE(inode)->data;
1030 return 0;
946} 1031}
947 1032
948static const struct file_operations xt_target_ops = { 1033static const struct file_operations xt_target_ops = {
@@ -950,7 +1035,7 @@ static const struct file_operations xt_target_ops = {
950 .open = xt_target_open, 1035 .open = xt_target_open,
951 .read = seq_read, 1036 .read = seq_read,
952 .llseek = seq_lseek, 1037 .llseek = seq_lseek,
953 .release = seq_release, 1038 .release = seq_release_private,
954}; 1039};
955 1040
956#define FORMAT_TABLES "_tables_names" 1041#define FORMAT_TABLES "_tables_names"
diff --git a/net/netfilter/xt_recent.c b/net/netfilter/xt_recent.c
index fe80b614a400..791e030ea903 100644
--- a/net/netfilter/xt_recent.c
+++ b/net/netfilter/xt_recent.c
@@ -542,7 +542,7 @@ recent_mt_proc_write(struct file *file, const char __user *input,
542 struct recent_entry *e; 542 struct recent_entry *e;
543 char buf[sizeof("+b335:1d35:1e55:dead:c0de:1715:5afe:c0de")]; 543 char buf[sizeof("+b335:1d35:1e55:dead:c0de:1715:5afe:c0de")];
544 const char *c = buf; 544 const char *c = buf;
545 union nf_inet_addr addr; 545 union nf_inet_addr addr = {};
546 u_int16_t family; 546 u_int16_t family;
547 bool add, succ; 547 bool add, succ;
548 548
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index 9eb895c7a2a9..3ae3cb816563 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -1084,6 +1084,13 @@ out:
1084 return 0; 1084 return 0;
1085} 1085}
1086 1086
1087/**
1088 * netlink_set_err - report error to broadcast listeners
1089 * @ssk: the kernel netlink socket, as returned by netlink_kernel_create()
1090 * @pid: the PID of a process that we want to skip (if any)
1091 * @groups: the broadcast group that will notice the error
1092 * @code: error code, must be negative (as usual in kernelspace)
1093 */
1087void netlink_set_err(struct sock *ssk, u32 pid, u32 group, int code) 1094void netlink_set_err(struct sock *ssk, u32 pid, u32 group, int code)
1088{ 1095{
1089 struct netlink_set_err_data info; 1096 struct netlink_set_err_data info;
@@ -1093,7 +1100,8 @@ void netlink_set_err(struct sock *ssk, u32 pid, u32 group, int code)
1093 info.exclude_sk = ssk; 1100 info.exclude_sk = ssk;
1094 info.pid = pid; 1101 info.pid = pid;
1095 info.group = group; 1102 info.group = group;
1096 info.code = code; 1103 /* sk->sk_err wants a positive error value */
1104 info.code = -code;
1097 1105
1098 read_lock(&nl_table_lock); 1106 read_lock(&nl_table_lock);
1099 1107
diff --git a/net/sched/act_police.c b/net/sched/act_police.c
index 5c72a116b1a4..f8f047b61245 100644
--- a/net/sched/act_police.c
+++ b/net/sched/act_police.c
@@ -183,13 +183,6 @@ override:
183 if (R_tab == NULL) 183 if (R_tab == NULL)
184 goto failure; 184 goto failure;
185 185
186 if (!est && (ret == ACT_P_CREATED ||
187 !gen_estimator_active(&police->tcf_bstats,
188 &police->tcf_rate_est))) {
189 err = -EINVAL;
190 goto failure;
191 }
192
193 if (parm->peakrate.rate) { 186 if (parm->peakrate.rate) {
194 P_tab = qdisc_get_rtab(&parm->peakrate, 187 P_tab = qdisc_get_rtab(&parm->peakrate,
195 tb[TCA_POLICE_PEAKRATE]); 188 tb[TCA_POLICE_PEAKRATE]);
@@ -205,6 +198,12 @@ override:
205 &police->tcf_lock, est); 198 &police->tcf_lock, est);
206 if (err) 199 if (err)
207 goto failure_unlock; 200 goto failure_unlock;
201 } else if (tb[TCA_POLICE_AVRATE] &&
202 (ret == ACT_P_CREATED ||
203 !gen_estimator_active(&police->tcf_bstats,
204 &police->tcf_rate_est))) {
205 err = -EINVAL;
206 goto failure_unlock;
208 } 207 }
209 208
210 /* No failure allowed after this point */ 209 /* No failure allowed after this point */
diff --git a/net/sched/sch_drr.c b/net/sched/sch_drr.c
index f6b4fa97df70..e36e94ab4e10 100644
--- a/net/sched/sch_drr.c
+++ b/net/sched/sch_drr.c
@@ -66,11 +66,15 @@ static int drr_change_class(struct Qdisc *sch, u32 classid, u32 parentid,
66{ 66{
67 struct drr_sched *q = qdisc_priv(sch); 67 struct drr_sched *q = qdisc_priv(sch);
68 struct drr_class *cl = (struct drr_class *)*arg; 68 struct drr_class *cl = (struct drr_class *)*arg;
69 struct nlattr *opt = tca[TCA_OPTIONS];
69 struct nlattr *tb[TCA_DRR_MAX + 1]; 70 struct nlattr *tb[TCA_DRR_MAX + 1];
70 u32 quantum; 71 u32 quantum;
71 int err; 72 int err;
72 73
73 err = nla_parse_nested(tb, TCA_DRR_MAX, tca[TCA_OPTIONS], drr_policy); 74 if (!opt)
75 return -EINVAL;
76
77 err = nla_parse_nested(tb, TCA_DRR_MAX, opt, drr_policy);
74 if (err < 0) 78 if (err < 0)
75 return err; 79 return err;
76 80
diff --git a/net/sctp/endpointola.c b/net/sctp/endpointola.c
index 4c8d9f45ce09..905fda582b92 100644
--- a/net/sctp/endpointola.c
+++ b/net/sctp/endpointola.c
@@ -111,7 +111,8 @@ static struct sctp_endpoint *sctp_endpoint_init(struct sctp_endpoint *ep,
111 if (sctp_addip_enable) { 111 if (sctp_addip_enable) {
112 auth_chunks->chunks[0] = SCTP_CID_ASCONF; 112 auth_chunks->chunks[0] = SCTP_CID_ASCONF;
113 auth_chunks->chunks[1] = SCTP_CID_ASCONF_ACK; 113 auth_chunks->chunks[1] = SCTP_CID_ASCONF_ACK;
114 auth_chunks->param_hdr.length += htons(2); 114 auth_chunks->param_hdr.length =
115 htons(sizeof(sctp_paramhdr_t) + 2);
115 } 116 }
116 } 117 }
117 118
diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c
index b78e3be69013..c4986d0f7419 100644
--- a/net/sctp/protocol.c
+++ b/net/sctp/protocol.c
@@ -717,15 +717,20 @@ static int sctp_inetaddr_event(struct notifier_block *this, unsigned long ev,
717static int sctp_ctl_sock_init(void) 717static int sctp_ctl_sock_init(void)
718{ 718{
719 int err; 719 int err;
720 sa_family_t family; 720 sa_family_t family = PF_INET;
721 721
722 if (sctp_get_pf_specific(PF_INET6)) 722 if (sctp_get_pf_specific(PF_INET6))
723 family = PF_INET6; 723 family = PF_INET6;
724 else
725 family = PF_INET;
726 724
727 err = inet_ctl_sock_create(&sctp_ctl_sock, family, 725 err = inet_ctl_sock_create(&sctp_ctl_sock, family,
728 SOCK_SEQPACKET, IPPROTO_SCTP, &init_net); 726 SOCK_SEQPACKET, IPPROTO_SCTP, &init_net);
727
728 /* If IPv6 socket could not be created, try the IPv4 socket */
729 if (err < 0 && family == PF_INET6)
730 err = inet_ctl_sock_create(&sctp_ctl_sock, AF_INET,
731 SOCK_SEQPACKET, IPPROTO_SCTP,
732 &init_net);
733
729 if (err < 0) { 734 if (err < 0) {
730 printk(KERN_ERR 735 printk(KERN_ERR
731 "SCTP: Failed to create the SCTP control socket.\n"); 736 "SCTP: Failed to create the SCTP control socket.\n");
@@ -1322,9 +1327,8 @@ SCTP_STATIC __init int sctp_init(void)
1322out: 1327out:
1323 return status; 1328 return status;
1324err_v6_add_protocol: 1329err_v6_add_protocol:
1325 sctp_v6_del_protocol();
1326err_add_protocol:
1327 sctp_v4_del_protocol(); 1330 sctp_v4_del_protocol();
1331err_add_protocol:
1328 inet_ctl_sock_destroy(sctp_ctl_sock); 1332 inet_ctl_sock_destroy(sctp_ctl_sock);
1329err_ctl_sock_init: 1333err_ctl_sock_init:
1330 sctp_v6_protosw_exit(); 1334 sctp_v6_protosw_exit();
@@ -1335,7 +1339,6 @@ err_protosw_init:
1335 sctp_v4_pf_exit(); 1339 sctp_v4_pf_exit();
1336 sctp_v6_pf_exit(); 1340 sctp_v6_pf_exit();
1337 sctp_sysctl_unregister(); 1341 sctp_sysctl_unregister();
1338 list_del(&sctp_af_inet.list);
1339 free_pages((unsigned long)sctp_port_hashtable, 1342 free_pages((unsigned long)sctp_port_hashtable,
1340 get_order(sctp_port_hashsize * 1343 get_order(sctp_port_hashsize *
1341 sizeof(struct sctp_bind_hashbucket))); 1344 sizeof(struct sctp_bind_hashbucket)));
@@ -1383,7 +1386,6 @@ SCTP_STATIC __exit void sctp_exit(void)
1383 sctp_v4_pf_exit(); 1386 sctp_v4_pf_exit();
1384 1387
1385 sctp_sysctl_unregister(); 1388 sctp_sysctl_unregister();
1386 list_del(&sctp_af_inet.list);
1387 1389
1388 free_pages((unsigned long)sctp_assoc_hashtable, 1390 free_pages((unsigned long)sctp_assoc_hashtable,
1389 get_order(sctp_assoc_hashsize * 1391 get_order(sctp_assoc_hashsize *
diff --git a/net/sctp/sm_sideeffect.c b/net/sctp/sm_sideeffect.c
index e1d6076b4f59..b5495aecab60 100644
--- a/net/sctp/sm_sideeffect.c
+++ b/net/sctp/sm_sideeffect.c
@@ -787,36 +787,48 @@ static void sctp_cmd_process_operr(sctp_cmd_seq_t *cmds,
787 struct sctp_association *asoc, 787 struct sctp_association *asoc,
788 struct sctp_chunk *chunk) 788 struct sctp_chunk *chunk)
789{ 789{
790 struct sctp_operr_chunk *operr_chunk;
791 struct sctp_errhdr *err_hdr; 790 struct sctp_errhdr *err_hdr;
791 struct sctp_ulpevent *ev;
792 792
793 operr_chunk = (struct sctp_operr_chunk *)chunk->chunk_hdr; 793 while (chunk->chunk_end > chunk->skb->data) {
794 err_hdr = &operr_chunk->err_hdr; 794 err_hdr = (struct sctp_errhdr *)(chunk->skb->data);
795 795
796 switch (err_hdr->cause) { 796 ev = sctp_ulpevent_make_remote_error(asoc, chunk, 0,
797 case SCTP_ERROR_UNKNOWN_CHUNK: 797 GFP_ATOMIC);
798 { 798 if (!ev)
799 struct sctp_chunkhdr *unk_chunk_hdr; 799 return;
800 800
801 unk_chunk_hdr = (struct sctp_chunkhdr *)err_hdr->variable; 801 sctp_ulpq_tail_event(&asoc->ulpq, ev);
802 switch (unk_chunk_hdr->type) { 802
803 /* ADDIP 4.1 A9) If the peer responds to an ASCONF with an 803 switch (err_hdr->cause) {
804 * ERROR chunk reporting that it did not recognized the ASCONF 804 case SCTP_ERROR_UNKNOWN_CHUNK:
805 * chunk type, the sender of the ASCONF MUST NOT send any 805 {
806 * further ASCONF chunks and MUST stop its T-4 timer. 806 sctp_chunkhdr_t *unk_chunk_hdr;
807 */ 807
808 case SCTP_CID_ASCONF: 808 unk_chunk_hdr = (sctp_chunkhdr_t *)err_hdr->variable;
809 asoc->peer.asconf_capable = 0; 809 switch (unk_chunk_hdr->type) {
810 sctp_add_cmd_sf(cmds, SCTP_CMD_TIMER_STOP, 810 /* ADDIP 4.1 A9) If the peer responds to an ASCONF with
811 * an ERROR chunk reporting that it did not recognized
812 * the ASCONF chunk type, the sender of the ASCONF MUST
813 * NOT send any further ASCONF chunks and MUST stop its
814 * T-4 timer.
815 */
816 case SCTP_CID_ASCONF:
817 if (asoc->peer.asconf_capable == 0)
818 break;
819
820 asoc->peer.asconf_capable = 0;
821 sctp_add_cmd_sf(cmds, SCTP_CMD_TIMER_STOP,
811 SCTP_TO(SCTP_EVENT_TIMEOUT_T4_RTO)); 822 SCTP_TO(SCTP_EVENT_TIMEOUT_T4_RTO));
823 break;
824 default:
825 break;
826 }
812 break; 827 break;
828 }
813 default: 829 default:
814 break; 830 break;
815 } 831 }
816 break;
817 }
818 default:
819 break;
820 } 832 }
821} 833}
822 834
diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
index 3a0cd075914f..f88dfded0e3a 100644
--- a/net/sctp/sm_statefuns.c
+++ b/net/sctp/sm_statefuns.c
@@ -3163,7 +3163,6 @@ sctp_disposition_t sctp_sf_operr_notify(const struct sctp_endpoint *ep,
3163 sctp_cmd_seq_t *commands) 3163 sctp_cmd_seq_t *commands)
3164{ 3164{
3165 struct sctp_chunk *chunk = arg; 3165 struct sctp_chunk *chunk = arg;
3166 struct sctp_ulpevent *ev;
3167 3166
3168 if (!sctp_vtag_verify(chunk, asoc)) 3167 if (!sctp_vtag_verify(chunk, asoc))
3169 return sctp_sf_pdiscard(ep, asoc, type, arg, commands); 3168 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
@@ -3173,21 +3172,10 @@ sctp_disposition_t sctp_sf_operr_notify(const struct sctp_endpoint *ep,
3173 return sctp_sf_violation_chunklen(ep, asoc, type, arg, 3172 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
3174 commands); 3173 commands);
3175 3174
3176 while (chunk->chunk_end > chunk->skb->data) { 3175 sctp_add_cmd_sf(commands, SCTP_CMD_PROCESS_OPERR,
3177 ev = sctp_ulpevent_make_remote_error(asoc, chunk, 0, 3176 SCTP_CHUNK(chunk));
3178 GFP_ATOMIC);
3179 if (!ev)
3180 goto nomem;
3181 3177
3182 sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP,
3183 SCTP_ULPEVENT(ev));
3184 sctp_add_cmd_sf(commands, SCTP_CMD_PROCESS_OPERR,
3185 SCTP_CHUNK(chunk));
3186 }
3187 return SCTP_DISPOSITION_CONSUME; 3178 return SCTP_DISPOSITION_CONSUME;
3188
3189nomem:
3190 return SCTP_DISPOSITION_NOMEM;
3191} 3179}
3192 3180
3193/* 3181/*
diff --git a/net/sunrpc/sched.c b/net/sunrpc/sched.c
index 385f427bedad..ff50a0546865 100644
--- a/net/sunrpc/sched.c
+++ b/net/sunrpc/sched.c
@@ -293,11 +293,6 @@ static void rpc_make_runnable(struct rpc_task *task)
293 rpc_clear_queued(task); 293 rpc_clear_queued(task);
294 if (rpc_test_and_set_running(task)) 294 if (rpc_test_and_set_running(task))
295 return; 295 return;
296 /* We might have raced */
297 if (RPC_IS_QUEUED(task)) {
298 rpc_clear_running(task);
299 return;
300 }
301 if (RPC_IS_ASYNC(task)) { 296 if (RPC_IS_ASYNC(task)) {
302 int status; 297 int status;
303 298
@@ -607,7 +602,9 @@ void rpc_release_calldata(const struct rpc_call_ops *ops, void *calldata)
607 */ 602 */
608static void __rpc_execute(struct rpc_task *task) 603static void __rpc_execute(struct rpc_task *task)
609{ 604{
610 int status = 0; 605 struct rpc_wait_queue *queue;
606 int task_is_async = RPC_IS_ASYNC(task);
607 int status = 0;
611 608
612 dprintk("RPC: %5u __rpc_execute flags=0x%x\n", 609 dprintk("RPC: %5u __rpc_execute flags=0x%x\n",
613 task->tk_pid, task->tk_flags); 610 task->tk_pid, task->tk_flags);
@@ -647,15 +644,25 @@ static void __rpc_execute(struct rpc_task *task)
647 */ 644 */
648 if (!RPC_IS_QUEUED(task)) 645 if (!RPC_IS_QUEUED(task))
649 continue; 646 continue;
650 rpc_clear_running(task); 647 /*
651 if (RPC_IS_ASYNC(task)) { 648 * The queue->lock protects against races with
652 /* Careful! we may have raced... */ 649 * rpc_make_runnable().
653 if (RPC_IS_QUEUED(task)) 650 *
654 return; 651 * Note that once we clear RPC_TASK_RUNNING on an asynchronous
655 if (rpc_test_and_set_running(task)) 652 * rpc_task, rpc_make_runnable() can assign it to a
656 return; 653 * different workqueue. We therefore cannot assume that the
654 * rpc_task pointer may still be dereferenced.
655 */
656 queue = task->tk_waitqueue;
657 spin_lock_bh(&queue->lock);
658 if (!RPC_IS_QUEUED(task)) {
659 spin_unlock_bh(&queue->lock);
657 continue; 660 continue;
658 } 661 }
662 rpc_clear_running(task);
663 spin_unlock_bh(&queue->lock);
664 if (task_is_async)
665 return;
659 666
660 /* sync task: sleep here */ 667 /* sync task: sleep here */
661 dprintk("RPC: %5u sync task going to sleep\n", task->tk_pid); 668 dprintk("RPC: %5u sync task going to sleep\n", task->tk_pid);
diff --git a/net/sunrpc/xprt.c b/net/sunrpc/xprt.c
index 29e401bb612e..62098d101a1f 100644
--- a/net/sunrpc/xprt.c
+++ b/net/sunrpc/xprt.c
@@ -663,7 +663,7 @@ void xprt_connect(struct rpc_task *task)
663 xprt, (xprt_connected(xprt) ? "is" : "is not")); 663 xprt, (xprt_connected(xprt) ? "is" : "is not"));
664 664
665 if (!xprt_bound(xprt)) { 665 if (!xprt_bound(xprt)) {
666 task->tk_status = -EIO; 666 task->tk_status = -EAGAIN;
667 return; 667 return;
668 } 668 }
669 if (!xprt_lock_write(xprt, task)) 669 if (!xprt_lock_write(xprt, task))
diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c
index 5cbb404c4cdf..29c71e645b27 100644
--- a/net/sunrpc/xprtsock.c
+++ b/net/sunrpc/xprtsock.c
@@ -467,7 +467,7 @@ static int xs_sendpages(struct socket *sock, struct sockaddr *addr, int addrlen,
467 int err, sent = 0; 467 int err, sent = 0;
468 468
469 if (unlikely(!sock)) 469 if (unlikely(!sock))
470 return -ENOTCONN; 470 return -ENOTSOCK;
471 471
472 clear_bit(SOCK_ASYNC_NOSPACE, &sock->flags); 472 clear_bit(SOCK_ASYNC_NOSPACE, &sock->flags);
473 if (base != 0) { 473 if (base != 0) {
@@ -577,6 +577,8 @@ static int xs_udp_send_request(struct rpc_task *task)
577 req->rq_svec->iov_base, 577 req->rq_svec->iov_base,
578 req->rq_svec->iov_len); 578 req->rq_svec->iov_len);
579 579
580 if (!xprt_bound(xprt))
581 return -ENOTCONN;
580 status = xs_sendpages(transport->sock, 582 status = xs_sendpages(transport->sock,
581 xs_addr(xprt), 583 xs_addr(xprt),
582 xprt->addrlen, xdr, 584 xprt->addrlen, xdr,
@@ -594,6 +596,10 @@ static int xs_udp_send_request(struct rpc_task *task)
594 } 596 }
595 597
596 switch (status) { 598 switch (status) {
599 case -ENOTSOCK:
600 status = -ENOTCONN;
601 /* Should we call xs_close() here? */
602 break;
597 case -EAGAIN: 603 case -EAGAIN:
598 xs_nospace(task); 604 xs_nospace(task);
599 break; 605 break;
@@ -693,6 +699,10 @@ static int xs_tcp_send_request(struct rpc_task *task)
693 } 699 }
694 700
695 switch (status) { 701 switch (status) {
702 case -ENOTSOCK:
703 status = -ENOTCONN;
704 /* Should we call xs_close() here? */
705 break;
696 case -EAGAIN: 706 case -EAGAIN:
697 xs_nospace(task); 707 xs_nospace(task);
698 break; 708 break;
@@ -1523,7 +1533,7 @@ static void xs_udp_connect_worker4(struct work_struct *work)
1523 struct socket *sock = transport->sock; 1533 struct socket *sock = transport->sock;
1524 int err, status = -EIO; 1534 int err, status = -EIO;
1525 1535
1526 if (xprt->shutdown || !xprt_bound(xprt)) 1536 if (xprt->shutdown)
1527 goto out; 1537 goto out;
1528 1538
1529 /* Start by resetting any existing state */ 1539 /* Start by resetting any existing state */
@@ -1564,7 +1574,7 @@ static void xs_udp_connect_worker6(struct work_struct *work)
1564 struct socket *sock = transport->sock; 1574 struct socket *sock = transport->sock;
1565 int err, status = -EIO; 1575 int err, status = -EIO;
1566 1576
1567 if (xprt->shutdown || !xprt_bound(xprt)) 1577 if (xprt->shutdown)
1568 goto out; 1578 goto out;
1569 1579
1570 /* Start by resetting any existing state */ 1580 /* Start by resetting any existing state */
@@ -1648,6 +1658,9 @@ static int xs_tcp_finish_connecting(struct rpc_xprt *xprt, struct socket *sock)
1648 write_unlock_bh(&sk->sk_callback_lock); 1658 write_unlock_bh(&sk->sk_callback_lock);
1649 } 1659 }
1650 1660
1661 if (!xprt_bound(xprt))
1662 return -ENOTCONN;
1663
1651 /* Tell the socket layer to start connecting... */ 1664 /* Tell the socket layer to start connecting... */
1652 xprt->stat.connect_count++; 1665 xprt->stat.connect_count++;
1653 xprt->stat.connect_start = jiffies; 1666 xprt->stat.connect_start = jiffies;
@@ -1668,7 +1681,7 @@ static void xs_tcp_connect_worker4(struct work_struct *work)
1668 struct socket *sock = transport->sock; 1681 struct socket *sock = transport->sock;
1669 int err, status = -EIO; 1682 int err, status = -EIO;
1670 1683
1671 if (xprt->shutdown || !xprt_bound(xprt)) 1684 if (xprt->shutdown)
1672 goto out; 1685 goto out;
1673 1686
1674 if (!sock) { 1687 if (!sock) {
@@ -1728,7 +1741,7 @@ static void xs_tcp_connect_worker6(struct work_struct *work)
1728 struct socket *sock = transport->sock; 1741 struct socket *sock = transport->sock;
1729 int err, status = -EIO; 1742 int err, status = -EIO;
1730 1743
1731 if (xprt->shutdown || !xprt_bound(xprt)) 1744 if (xprt->shutdown)
1732 goto out; 1745 goto out;
1733 1746
1734 if (!sock) { 1747 if (!sock) {
diff --git a/net/wireless/Kconfig b/net/wireless/Kconfig
index e28e2b8fa436..092ae6faccca 100644
--- a/net/wireless/Kconfig
+++ b/net/wireless/Kconfig
@@ -102,3 +102,13 @@ config LIB80211_CRYPT_CCMP
102 102
103config LIB80211_CRYPT_TKIP 103config LIB80211_CRYPT_TKIP
104 tristate 104 tristate
105
106config LIB80211_DEBUG
107 bool "lib80211 debugging messages"
108 depends on LIB80211
109 default n
110 ---help---
111 You can enable this if you want verbose debugging messages
112 from lib80211.
113
114 If unsure, say N.
diff --git a/net/wireless/lib80211_crypt_ccmp.c b/net/wireless/lib80211_crypt_ccmp.c
index db428194c16a..2301dc1edc4c 100644
--- a/net/wireless/lib80211_crypt_ccmp.c
+++ b/net/wireless/lib80211_crypt_ccmp.c
@@ -337,6 +337,7 @@ static int lib80211_ccmp_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
337 pos += 8; 337 pos += 8;
338 338
339 if (ccmp_replay_check(pn, key->rx_pn)) { 339 if (ccmp_replay_check(pn, key->rx_pn)) {
340#ifdef CONFIG_LIB80211_DEBUG
340 if (net_ratelimit()) { 341 if (net_ratelimit()) {
341 printk(KERN_DEBUG "CCMP: replay detected: STA=%pM " 342 printk(KERN_DEBUG "CCMP: replay detected: STA=%pM "
342 "previous PN %02x%02x%02x%02x%02x%02x " 343 "previous PN %02x%02x%02x%02x%02x%02x "
@@ -346,6 +347,7 @@ static int lib80211_ccmp_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
346 key->rx_pn[3], key->rx_pn[4], key->rx_pn[5], 347 key->rx_pn[3], key->rx_pn[4], key->rx_pn[5],
347 pn[0], pn[1], pn[2], pn[3], pn[4], pn[5]); 348 pn[0], pn[1], pn[2], pn[3], pn[4], pn[5]);
348 } 349 }
350#endif
349 key->dot11RSNAStatsCCMPReplays++; 351 key->dot11RSNAStatsCCMPReplays++;
350 return -4; 352 return -4;
351 } 353 }
diff --git a/net/wireless/lib80211_crypt_tkip.c b/net/wireless/lib80211_crypt_tkip.c
index 7e8e22bfed90..c36287399d7e 100644
--- a/net/wireless/lib80211_crypt_tkip.c
+++ b/net/wireless/lib80211_crypt_tkip.c
@@ -465,12 +465,14 @@ static int lib80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
465 pos += 8; 465 pos += 8;
466 466
467 if (tkip_replay_check(iv32, iv16, tkey->rx_iv32, tkey->rx_iv16)) { 467 if (tkip_replay_check(iv32, iv16, tkey->rx_iv32, tkey->rx_iv16)) {
468#ifdef CONFIG_LIB80211_DEBUG
468 if (net_ratelimit()) { 469 if (net_ratelimit()) {
469 printk(KERN_DEBUG "TKIP: replay detected: STA=%pM" 470 printk(KERN_DEBUG "TKIP: replay detected: STA=%pM"
470 " previous TSC %08x%04x received TSC " 471 " previous TSC %08x%04x received TSC "
471 "%08x%04x\n", hdr->addr2, 472 "%08x%04x\n", hdr->addr2,
472 tkey->rx_iv32, tkey->rx_iv16, iv32, iv16); 473 tkey->rx_iv32, tkey->rx_iv16, iv32, iv16);
473 } 474 }
475#endif
474 tkey->dot11RSNAStatsTKIPReplays++; 476 tkey->dot11RSNAStatsTKIPReplays++;
475 return -4; 477 return -4;
476 } 478 }
@@ -505,10 +507,12 @@ static int lib80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
505 * it needs to be recalculated for the next packet. */ 507 * it needs to be recalculated for the next packet. */
506 tkey->rx_phase1_done = 0; 508 tkey->rx_phase1_done = 0;
507 } 509 }
510#ifdef CONFIG_LIB80211_DEBUG
508 if (net_ratelimit()) { 511 if (net_ratelimit()) {
509 printk(KERN_DEBUG "TKIP: ICV error detected: STA=" 512 printk(KERN_DEBUG "TKIP: ICV error detected: STA="
510 "%pM\n", hdr->addr2); 513 "%pM\n", hdr->addr2);
511 } 514 }
515#endif
512 tkey->dot11RSNAStatsTKIPICVErrors++; 516 tkey->dot11RSNAStatsTKIPICVErrors++;
513 return -5; 517 return -5;
514 } 518 }
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 1e728fff474e..31b807af3235 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -1908,6 +1908,11 @@ static int nl80211_get_mesh_params(struct sk_buff *skb,
1908 if (err) 1908 if (err)
1909 return err; 1909 return err;
1910 1910
1911 if (!drv->ops->get_mesh_params) {
1912 err = -EOPNOTSUPP;
1913 goto out;
1914 }
1915
1911 /* Get the mesh params */ 1916 /* Get the mesh params */
1912 rtnl_lock(); 1917 rtnl_lock();
1913 err = drv->ops->get_mesh_params(&drv->wiphy, dev, &cur_params); 1918 err = drv->ops->get_mesh_params(&drv->wiphy, dev, &cur_params);
@@ -2017,6 +2022,11 @@ static int nl80211_set_mesh_params(struct sk_buff *skb, struct genl_info *info)
2017 if (err) 2022 if (err)
2018 return err; 2023 return err;
2019 2024
2025 if (!drv->ops->set_mesh_params) {
2026 err = -EOPNOTSUPP;
2027 goto out;
2028 }
2029
2020 /* This makes sure that there aren't more than 32 mesh config 2030 /* This makes sure that there aren't more than 32 mesh config
2021 * parameters (otherwise our bitfield scheme would not work.) */ 2031 * parameters (otherwise our bitfield scheme would not work.) */
2022 BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32); 2032 BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
@@ -2061,6 +2071,7 @@ static int nl80211_set_mesh_params(struct sk_buff *skb, struct genl_info *info)
2061 err = drv->ops->set_mesh_params(&drv->wiphy, dev, &cfg, mask); 2071 err = drv->ops->set_mesh_params(&drv->wiphy, dev, &cfg, mask);
2062 rtnl_unlock(); 2072 rtnl_unlock();
2063 2073
2074 out:
2064 /* cleanup */ 2075 /* cleanup */
2065 cfg80211_put_dev(drv); 2076 cfg80211_put_dev(drv);
2066 dev_put(dev); 2077 dev_put(dev);
diff --git a/net/wireless/reg.c b/net/wireless/reg.c
index 85c9034c59b2..bd0a16c3de5e 100644
--- a/net/wireless/reg.c
+++ b/net/wireless/reg.c
@@ -380,7 +380,8 @@ static bool is_valid_reg_rule(const struct ieee80211_reg_rule *rule)
380 380
381 freq_diff = freq_range->end_freq_khz - freq_range->start_freq_khz; 381 freq_diff = freq_range->end_freq_khz - freq_range->start_freq_khz;
382 382
383 if (freq_diff <= 0 || freq_range->max_bandwidth_khz > freq_diff) 383 if (freq_range->end_freq_khz <= freq_range->start_freq_khz ||
384 freq_range->max_bandwidth_khz > freq_diff)
384 return false; 385 return false;
385 386
386 return true; 387 return true;
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index e25ff62ab2a6..62a5425cc6aa 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -748,12 +748,51 @@ static void xfrm_hash_grow_check(struct net *net, int have_hash_collision)
748 schedule_work(&net->xfrm.state_hash_work); 748 schedule_work(&net->xfrm.state_hash_work);
749} 749}
750 750
751static void xfrm_state_look_at(struct xfrm_policy *pol, struct xfrm_state *x,
752 struct flowi *fl, unsigned short family,
753 xfrm_address_t *daddr, xfrm_address_t *saddr,
754 struct xfrm_state **best, int *acq_in_progress,
755 int *error)
756{
757 /* Resolution logic:
758 * 1. There is a valid state with matching selector. Done.
759 * 2. Valid state with inappropriate selector. Skip.
760 *
761 * Entering area of "sysdeps".
762 *
763 * 3. If state is not valid, selector is temporary, it selects
764 * only session which triggered previous resolution. Key
765 * manager will do something to install a state with proper
766 * selector.
767 */
768 if (x->km.state == XFRM_STATE_VALID) {
769 if ((x->sel.family &&
770 !xfrm_selector_match(&x->sel, fl, x->sel.family)) ||
771 !security_xfrm_state_pol_flow_match(x, pol, fl))
772 return;
773
774 if (!*best ||
775 (*best)->km.dying > x->km.dying ||
776 ((*best)->km.dying == x->km.dying &&
777 (*best)->curlft.add_time < x->curlft.add_time))
778 *best = x;
779 } else if (x->km.state == XFRM_STATE_ACQ) {
780 *acq_in_progress = 1;
781 } else if (x->km.state == XFRM_STATE_ERROR ||
782 x->km.state == XFRM_STATE_EXPIRED) {
783 if (xfrm_selector_match(&x->sel, fl, x->sel.family) &&
784 security_xfrm_state_pol_flow_match(x, pol, fl))
785 *error = -ESRCH;
786 }
787}
788
751struct xfrm_state * 789struct xfrm_state *
752xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr, 790xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
753 struct flowi *fl, struct xfrm_tmpl *tmpl, 791 struct flowi *fl, struct xfrm_tmpl *tmpl,
754 struct xfrm_policy *pol, int *err, 792 struct xfrm_policy *pol, int *err,
755 unsigned short family) 793 unsigned short family)
756{ 794{
795 static xfrm_address_t saddr_wildcard = { };
757 struct net *net = xp_net(pol); 796 struct net *net = xp_net(pol);
758 unsigned int h; 797 unsigned int h;
759 struct hlist_node *entry; 798 struct hlist_node *entry;
@@ -773,40 +812,27 @@ xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
773 xfrm_state_addr_check(x, daddr, saddr, family) && 812 xfrm_state_addr_check(x, daddr, saddr, family) &&
774 tmpl->mode == x->props.mode && 813 tmpl->mode == x->props.mode &&
775 tmpl->id.proto == x->id.proto && 814 tmpl->id.proto == x->id.proto &&
776 (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) { 815 (tmpl->id.spi == x->id.spi || !tmpl->id.spi))
777 /* Resolution logic: 816 xfrm_state_look_at(pol, x, fl, family, daddr, saddr,
778 1. There is a valid state with matching selector. 817 &best, &acquire_in_progress, &error);
779 Done. 818 }
780 2. Valid state with inappropriate selector. Skip. 819 if (best)
781 820 goto found;
782 Entering area of "sysdeps". 821
783 822 h = xfrm_dst_hash(net, daddr, &saddr_wildcard, tmpl->reqid, family);
784 3. If state is not valid, selector is temporary, 823 hlist_for_each_entry(x, entry, net->xfrm.state_bydst+h, bydst) {
785 it selects only session which triggered 824 if (x->props.family == family &&
786 previous resolution. Key manager will do 825 x->props.reqid == tmpl->reqid &&
787 something to install a state with proper 826 !(x->props.flags & XFRM_STATE_WILDRECV) &&
788 selector. 827 xfrm_state_addr_check(x, daddr, saddr, family) &&
789 */ 828 tmpl->mode == x->props.mode &&
790 if (x->km.state == XFRM_STATE_VALID) { 829 tmpl->id.proto == x->id.proto &&
791 if ((x->sel.family && !xfrm_selector_match(&x->sel, fl, x->sel.family)) || 830 (tmpl->id.spi == x->id.spi || !tmpl->id.spi))
792 !security_xfrm_state_pol_flow_match(x, pol, fl)) 831 xfrm_state_look_at(pol, x, fl, family, daddr, saddr,
793 continue; 832 &best, &acquire_in_progress, &error);
794 if (!best ||
795 best->km.dying > x->km.dying ||
796 (best->km.dying == x->km.dying &&
797 best->curlft.add_time < x->curlft.add_time))
798 best = x;
799 } else if (x->km.state == XFRM_STATE_ACQ) {
800 acquire_in_progress = 1;
801 } else if (x->km.state == XFRM_STATE_ERROR ||
802 x->km.state == XFRM_STATE_EXPIRED) {
803 if (xfrm_selector_match(&x->sel, fl, x->sel.family) &&
804 security_xfrm_state_pol_flow_match(x, pol, fl))
805 error = -ESRCH;
806 }
807 }
808 } 833 }
809 834
835found:
810 x = best; 836 x = best;
811 if (!x && !error && !acquire_in_progress) { 837 if (!x && !error && !acquire_in_progress) {
812 if (tmpl->id.spi && 838 if (tmpl->id.spi &&
generated by cgit v1.2.2 (git 2.25.0) at 2024-12-27 12:18:45 -0500