aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
Diffstat (limited to 'net')
-rw-r--r--net/9p/client.c393
-rw-r--r--net/9p/protocol.c72
-rw-r--r--net/atm/pppoatm.c2
-rw-r--r--net/bluetooth/l2cap.c11
-rw-r--r--net/core/dev.c7
-rw-r--r--net/ipv4/tcp_input.c2
-rw-r--r--net/ipv6/netfilter/nf_conntrack_reasm.c2
-rw-r--r--net/irda/irnet/irnet_ppp.c2
-rw-r--r--net/l2tp/l2tp_ppp.c5
-rw-r--r--net/netfilter/ipvs/ip_vs_lblc.c2
-rw-r--r--net/netfilter/ipvs/ip_vs_lblcr.c2
-rw-r--r--net/rxrpc/ar-ack.c3
-rw-r--r--net/rxrpc/ar-call.c6
-rw-r--r--net/sched/act_nat.c23
-rw-r--r--net/sched/cls_flow.c96
-rw-r--r--net/sched/cls_rsvp.h12
-rw-r--r--net/sched/sch_sfq.c36
-rw-r--r--net/sctp/associola.c2
-rw-r--r--net/sctp/protocol.c2
-rw-r--r--net/sunrpc/auth.c2
-rw-r--r--net/sunrpc/xprtsock.c38
-rw-r--r--net/wireless/mlme.c8
22 files changed, 616 insertions, 112 deletions
diff --git a/net/9p/client.c b/net/9p/client.c
index 37c8da07a80b..dc6f2f26d023 100644
--- a/net/9p/client.c
+++ b/net/9p/client.c
@@ -460,7 +460,8 @@ static int p9_check_errors(struct p9_client *c, struct p9_req_t *req)
460 return err; 460 return err;
461 } 461 }
462 462
463 if (p9_is_proto_dotu(c)) 463 if (p9_is_proto_dotu(c) ||
464 p9_is_proto_dotl(c))
464 err = -ecode; 465 err = -ecode;
465 466
466 if (!err || !IS_ERR_VALUE(err)) 467 if (!err || !IS_ERR_VALUE(err))
@@ -1015,14 +1016,18 @@ int p9_client_open(struct p9_fid *fid, int mode)
1015 struct p9_qid qid; 1016 struct p9_qid qid;
1016 int iounit; 1017 int iounit;
1017 1018
1018 P9_DPRINTK(P9_DEBUG_9P, ">>> TOPEN fid %d mode %d\n", fid->fid, mode);
1019 err = 0;
1020 clnt = fid->clnt; 1019 clnt = fid->clnt;
1020 P9_DPRINTK(P9_DEBUG_9P, ">>> %s fid %d mode %d\n",
1021 p9_is_proto_dotl(clnt) ? "TLOPEN" : "TOPEN", fid->fid, mode);
1022 err = 0;
1021 1023
1022 if (fid->mode != -1) 1024 if (fid->mode != -1)
1023 return -EINVAL; 1025 return -EINVAL;
1024 1026
1025 req = p9_client_rpc(clnt, P9_TOPEN, "db", fid->fid, mode); 1027 if (p9_is_proto_dotl(clnt))
1028 req = p9_client_rpc(clnt, P9_TLOPEN, "dd", fid->fid, mode);
1029 else
1030 req = p9_client_rpc(clnt, P9_TOPEN, "db", fid->fid, mode);
1026 if (IS_ERR(req)) { 1031 if (IS_ERR(req)) {
1027 err = PTR_ERR(req); 1032 err = PTR_ERR(req);
1028 goto error; 1033 goto error;
@@ -1034,10 +1039,9 @@ int p9_client_open(struct p9_fid *fid, int mode)
1034 goto free_and_error; 1039 goto free_and_error;
1035 } 1040 }
1036 1041
1037 P9_DPRINTK(P9_DEBUG_9P, "<<< ROPEN qid %x.%llx.%x iounit %x\n", 1042 P9_DPRINTK(P9_DEBUG_9P, "<<< %s qid %x.%llx.%x iounit %x\n",
1038 qid.type, 1043 p9_is_proto_dotl(clnt) ? "RLOPEN" : "ROPEN", qid.type,
1039 (unsigned long long)qid.path, 1044 (unsigned long long)qid.path, qid.version, iounit);
1040 qid.version, iounit);
1041 1045
1042 fid->mode = mode; 1046 fid->mode = mode;
1043 fid->iounit = iounit; 1047 fid->iounit = iounit;
@@ -1049,6 +1053,50 @@ error:
1049} 1053}
1050EXPORT_SYMBOL(p9_client_open); 1054EXPORT_SYMBOL(p9_client_open);
1051 1055
1056int p9_client_create_dotl(struct p9_fid *ofid, char *name, u32 flags, u32 mode,
1057 gid_t gid, struct p9_qid *qid)
1058{
1059 int err = 0;
1060 struct p9_client *clnt;
1061 struct p9_req_t *req;
1062 int iounit;
1063
1064 P9_DPRINTK(P9_DEBUG_9P,
1065 ">>> TLCREATE fid %d name %s flags %d mode %d gid %d\n",
1066 ofid->fid, name, flags, mode, gid);
1067 clnt = ofid->clnt;
1068
1069 if (ofid->mode != -1)
1070 return -EINVAL;
1071
1072 req = p9_client_rpc(clnt, P9_TLCREATE, "dsddd", ofid->fid, name, flags,
1073 mode, gid);
1074 if (IS_ERR(req)) {
1075 err = PTR_ERR(req);
1076 goto error;
1077 }
1078
1079 err = p9pdu_readf(req->rc, clnt->proto_version, "Qd", qid, &iounit);
1080 if (err) {
1081 p9pdu_dump(1, req->rc);
1082 goto free_and_error;
1083 }
1084
1085 P9_DPRINTK(P9_DEBUG_9P, "<<< RLCREATE qid %x.%llx.%x iounit %x\n",
1086 qid->type,
1087 (unsigned long long)qid->path,
1088 qid->version, iounit);
1089
1090 ofid->mode = mode;
1091 ofid->iounit = iounit;
1092
1093free_and_error:
1094 p9_free_req(clnt, req);
1095error:
1096 return err;
1097}
1098EXPORT_SYMBOL(p9_client_create_dotl);
1099
1052int p9_client_fcreate(struct p9_fid *fid, char *name, u32 perm, int mode, 1100int p9_client_fcreate(struct p9_fid *fid, char *name, u32 perm, int mode,
1053 char *extension) 1101 char *extension)
1054{ 1102{
@@ -1094,6 +1142,59 @@ error:
1094} 1142}
1095EXPORT_SYMBOL(p9_client_fcreate); 1143EXPORT_SYMBOL(p9_client_fcreate);
1096 1144
1145int p9_client_symlink(struct p9_fid *dfid, char *name, char *symtgt, gid_t gid,
1146 struct p9_qid *qid)
1147{
1148 int err = 0;
1149 struct p9_client *clnt;
1150 struct p9_req_t *req;
1151
1152 P9_DPRINTK(P9_DEBUG_9P, ">>> TSYMLINK dfid %d name %s symtgt %s\n",
1153 dfid->fid, name, symtgt);
1154 clnt = dfid->clnt;
1155
1156 req = p9_client_rpc(clnt, P9_TSYMLINK, "dssd", dfid->fid, name, symtgt,
1157 gid);
1158 if (IS_ERR(req)) {
1159 err = PTR_ERR(req);
1160 goto error;
1161 }
1162
1163 err = p9pdu_readf(req->rc, clnt->proto_version, "Q", qid);
1164 if (err) {
1165 p9pdu_dump(1, req->rc);
1166 goto free_and_error;
1167 }
1168
1169 P9_DPRINTK(P9_DEBUG_9P, "<<< RSYMLINK qid %x.%llx.%x\n",
1170 qid->type, (unsigned long long)qid->path, qid->version);
1171
1172free_and_error:
1173 p9_free_req(clnt, req);
1174error:
1175 return err;
1176}
1177EXPORT_SYMBOL(p9_client_symlink);
1178
1179int p9_client_link(struct p9_fid *dfid, struct p9_fid *oldfid, char *newname)
1180{
1181 struct p9_client *clnt;
1182 struct p9_req_t *req;
1183
1184 P9_DPRINTK(P9_DEBUG_9P, ">>> TLINK dfid %d oldfid %d newname %s\n",
1185 dfid->fid, oldfid->fid, newname);
1186 clnt = dfid->clnt;
1187 req = p9_client_rpc(clnt, P9_TLINK, "dds", dfid->fid, oldfid->fid,
1188 newname);
1189 if (IS_ERR(req))
1190 return PTR_ERR(req);
1191
1192 P9_DPRINTK(P9_DEBUG_9P, "<<< RLINK\n");
1193 p9_free_req(clnt, req);
1194 return 0;
1195}
1196EXPORT_SYMBOL(p9_client_link);
1197
1097int p9_client_clunk(struct p9_fid *fid) 1198int p9_client_clunk(struct p9_fid *fid)
1098{ 1199{
1099 int err; 1200 int err;
@@ -1139,9 +1240,8 @@ int p9_client_remove(struct p9_fid *fid)
1139 P9_DPRINTK(P9_DEBUG_9P, "<<< RREMOVE fid %d\n", fid->fid); 1240 P9_DPRINTK(P9_DEBUG_9P, "<<< RREMOVE fid %d\n", fid->fid);
1140 1241
1141 p9_free_req(clnt, req); 1242 p9_free_req(clnt, req);
1142 p9_fid_destroy(fid);
1143
1144error: 1243error:
1244 p9_fid_destroy(fid);
1145 return err; 1245 return err;
1146} 1246}
1147EXPORT_SYMBOL(p9_client_remove); 1247EXPORT_SYMBOL(p9_client_remove);
@@ -1302,6 +1402,65 @@ error:
1302} 1402}
1303EXPORT_SYMBOL(p9_client_stat); 1403EXPORT_SYMBOL(p9_client_stat);
1304 1404
1405struct p9_stat_dotl *p9_client_getattr_dotl(struct p9_fid *fid,
1406 u64 request_mask)
1407{
1408 int err;
1409 struct p9_client *clnt;
1410 struct p9_stat_dotl *ret = kmalloc(sizeof(struct p9_stat_dotl),
1411 GFP_KERNEL);
1412 struct p9_req_t *req;
1413
1414 P9_DPRINTK(P9_DEBUG_9P, ">>> TGETATTR fid %d, request_mask %lld\n",
1415 fid->fid, request_mask);
1416
1417 if (!ret)
1418 return ERR_PTR(-ENOMEM);
1419
1420 err = 0;
1421 clnt = fid->clnt;
1422
1423 req = p9_client_rpc(clnt, P9_TGETATTR, "dq", fid->fid, request_mask);
1424 if (IS_ERR(req)) {
1425 err = PTR_ERR(req);
1426 goto error;
1427 }
1428
1429 err = p9pdu_readf(req->rc, clnt->proto_version, "A", ret);
1430 if (err) {
1431 p9pdu_dump(1, req->rc);
1432 p9_free_req(clnt, req);
1433 goto error;
1434 }
1435
1436 P9_DPRINTK(P9_DEBUG_9P,
1437 "<<< RGETATTR st_result_mask=%lld\n"
1438 "<<< qid=%x.%llx.%x\n"
1439 "<<< st_mode=%8.8x st_nlink=%llu\n"
1440 "<<< st_uid=%d st_gid=%d\n"
1441 "<<< st_rdev=%llx st_size=%llx st_blksize=%llu st_blocks=%llu\n"
1442 "<<< st_atime_sec=%lld st_atime_nsec=%lld\n"
1443 "<<< st_mtime_sec=%lld st_mtime_nsec=%lld\n"
1444 "<<< st_ctime_sec=%lld st_ctime_nsec=%lld\n"
1445 "<<< st_btime_sec=%lld st_btime_nsec=%lld\n"
1446 "<<< st_gen=%lld st_data_version=%lld",
1447 ret->st_result_mask, ret->qid.type, ret->qid.path,
1448 ret->qid.version, ret->st_mode, ret->st_nlink, ret->st_uid,
1449 ret->st_gid, ret->st_rdev, ret->st_size, ret->st_blksize,
1450 ret->st_blocks, ret->st_atime_sec, ret->st_atime_nsec,
1451 ret->st_mtime_sec, ret->st_mtime_nsec, ret->st_ctime_sec,
1452 ret->st_ctime_nsec, ret->st_btime_sec, ret->st_btime_nsec,
1453 ret->st_gen, ret->st_data_version);
1454
1455 p9_free_req(clnt, req);
1456 return ret;
1457
1458error:
1459 kfree(ret);
1460 return ERR_PTR(err);
1461}
1462EXPORT_SYMBOL(p9_client_getattr_dotl);
1463
1305static int p9_client_statsize(struct p9_wstat *wst, int proto_version) 1464static int p9_client_statsize(struct p9_wstat *wst, int proto_version)
1306{ 1465{
1307 int ret; 1466 int ret;
@@ -1366,6 +1525,36 @@ error:
1366} 1525}
1367EXPORT_SYMBOL(p9_client_wstat); 1526EXPORT_SYMBOL(p9_client_wstat);
1368 1527
1528int p9_client_setattr(struct p9_fid *fid, struct p9_iattr_dotl *p9attr)
1529{
1530 int err;
1531 struct p9_req_t *req;
1532 struct p9_client *clnt;
1533
1534 err = 0;
1535 clnt = fid->clnt;
1536 P9_DPRINTK(P9_DEBUG_9P, ">>> TSETATTR fid %d\n", fid->fid);
1537 P9_DPRINTK(P9_DEBUG_9P,
1538 " valid=%x mode=%x uid=%d gid=%d size=%lld\n"
1539 " atime_sec=%lld atime_nsec=%lld\n"
1540 " mtime_sec=%lld mtime_nsec=%lld\n",
1541 p9attr->valid, p9attr->mode, p9attr->uid, p9attr->gid,
1542 p9attr->size, p9attr->atime_sec, p9attr->atime_nsec,
1543 p9attr->mtime_sec, p9attr->mtime_nsec);
1544
1545 req = p9_client_rpc(clnt, P9_TSETATTR, "dI", fid->fid, p9attr);
1546
1547 if (IS_ERR(req)) {
1548 err = PTR_ERR(req);
1549 goto error;
1550 }
1551 P9_DPRINTK(P9_DEBUG_9P, "<<< RSETATTR fid %d\n", fid->fid);
1552 p9_free_req(clnt, req);
1553error:
1554 return err;
1555}
1556EXPORT_SYMBOL(p9_client_setattr);
1557
1369int p9_client_statfs(struct p9_fid *fid, struct p9_rstatfs *sb) 1558int p9_client_statfs(struct p9_fid *fid, struct p9_rstatfs *sb)
1370{ 1559{
1371 int err; 1560 int err;
@@ -1432,3 +1621,187 @@ error:
1432} 1621}
1433EXPORT_SYMBOL(p9_client_rename); 1622EXPORT_SYMBOL(p9_client_rename);
1434 1623
1624/*
1625 * An xattrwalk without @attr_name gives the fid for the lisxattr namespace
1626 */
1627struct p9_fid *p9_client_xattrwalk(struct p9_fid *file_fid,
1628 const char *attr_name, u64 *attr_size)
1629{
1630 int err;
1631 struct p9_req_t *req;
1632 struct p9_client *clnt;
1633 struct p9_fid *attr_fid;
1634
1635 err = 0;
1636 clnt = file_fid->clnt;
1637 attr_fid = p9_fid_create(clnt);
1638 if (IS_ERR(attr_fid)) {
1639 err = PTR_ERR(attr_fid);
1640 attr_fid = NULL;
1641 goto error;
1642 }
1643 P9_DPRINTK(P9_DEBUG_9P,
1644 ">>> TXATTRWALK file_fid %d, attr_fid %d name %s\n",
1645 file_fid->fid, attr_fid->fid, attr_name);
1646
1647 req = p9_client_rpc(clnt, P9_TXATTRWALK, "dds",
1648 file_fid->fid, attr_fid->fid, attr_name);
1649 if (IS_ERR(req)) {
1650 err = PTR_ERR(req);
1651 goto error;
1652 }
1653 err = p9pdu_readf(req->rc, clnt->proto_version, "q", attr_size);
1654 if (err) {
1655 p9pdu_dump(1, req->rc);
1656 p9_free_req(clnt, req);
1657 goto clunk_fid;
1658 }
1659 p9_free_req(clnt, req);
1660 P9_DPRINTK(P9_DEBUG_9P, "<<< RXATTRWALK fid %d size %llu\n",
1661 attr_fid->fid, *attr_size);
1662 return attr_fid;
1663clunk_fid:
1664 p9_client_clunk(attr_fid);
1665 attr_fid = NULL;
1666error:
1667 if (attr_fid && (attr_fid != file_fid))
1668 p9_fid_destroy(attr_fid);
1669
1670 return ERR_PTR(err);
1671}
1672EXPORT_SYMBOL_GPL(p9_client_xattrwalk);
1673
1674int p9_client_xattrcreate(struct p9_fid *fid, const char *name,
1675 u64 attr_size, int flags)
1676{
1677 int err;
1678 struct p9_req_t *req;
1679 struct p9_client *clnt;
1680
1681 P9_DPRINTK(P9_DEBUG_9P,
1682 ">>> TXATTRCREATE fid %d name %s size %lld flag %d\n",
1683 fid->fid, name, (long long)attr_size, flags);
1684 err = 0;
1685 clnt = fid->clnt;
1686 req = p9_client_rpc(clnt, P9_TXATTRCREATE, "dsqd",
1687 fid->fid, name, attr_size, flags);
1688 if (IS_ERR(req)) {
1689 err = PTR_ERR(req);
1690 goto error;
1691 }
1692 P9_DPRINTK(P9_DEBUG_9P, "<<< RXATTRCREATE fid %d\n", fid->fid);
1693 p9_free_req(clnt, req);
1694error:
1695 return err;
1696}
1697EXPORT_SYMBOL_GPL(p9_client_xattrcreate);
1698
1699int p9_client_readdir(struct p9_fid *fid, char *data, u32 count, u64 offset)
1700{
1701 int err, rsize, total;
1702 struct p9_client *clnt;
1703 struct p9_req_t *req;
1704 char *dataptr;
1705
1706 P9_DPRINTK(P9_DEBUG_9P, ">>> TREADDIR fid %d offset %llu count %d\n",
1707 fid->fid, (long long unsigned) offset, count);
1708
1709 err = 0;
1710 clnt = fid->clnt;
1711 total = 0;
1712
1713 rsize = fid->iounit;
1714 if (!rsize || rsize > clnt->msize-P9_READDIRHDRSZ)
1715 rsize = clnt->msize - P9_READDIRHDRSZ;
1716
1717 if (count < rsize)
1718 rsize = count;
1719
1720 req = p9_client_rpc(clnt, P9_TREADDIR, "dqd", fid->fid, offset, rsize);
1721 if (IS_ERR(req)) {
1722 err = PTR_ERR(req);
1723 goto error;
1724 }
1725
1726 err = p9pdu_readf(req->rc, clnt->proto_version, "D", &count, &dataptr);
1727 if (err) {
1728 p9pdu_dump(1, req->rc);
1729 goto free_and_error;
1730 }
1731
1732 P9_DPRINTK(P9_DEBUG_9P, "<<< RREADDIR count %d\n", count);
1733
1734 if (data)
1735 memmove(data, dataptr, count);
1736
1737 p9_free_req(clnt, req);
1738 return count;
1739
1740free_and_error:
1741 p9_free_req(clnt, req);
1742error:
1743 return err;
1744}
1745EXPORT_SYMBOL(p9_client_readdir);
1746
1747int p9_client_mknod_dotl(struct p9_fid *fid, char *name, int mode,
1748 dev_t rdev, gid_t gid, struct p9_qid *qid)
1749{
1750 int err;
1751 struct p9_client *clnt;
1752 struct p9_req_t *req;
1753
1754 err = 0;
1755 clnt = fid->clnt;
1756 P9_DPRINTK(P9_DEBUG_9P, ">>> TMKNOD fid %d name %s mode %d major %d "
1757 "minor %d\n", fid->fid, name, mode, MAJOR(rdev), MINOR(rdev));
1758 req = p9_client_rpc(clnt, P9_TMKNOD, "dsdddd", fid->fid, name, mode,
1759 MAJOR(rdev), MINOR(rdev), gid);
1760 if (IS_ERR(req))
1761 return PTR_ERR(req);
1762
1763 err = p9pdu_readf(req->rc, clnt->proto_version, "Q", qid);
1764 if (err) {
1765 p9pdu_dump(1, req->rc);
1766 goto error;
1767 }
1768 P9_DPRINTK(P9_DEBUG_9P, "<<< RMKNOD qid %x.%llx.%x\n", qid->type,
1769 (unsigned long long)qid->path, qid->version);
1770
1771error:
1772 p9_free_req(clnt, req);
1773 return err;
1774
1775}
1776EXPORT_SYMBOL(p9_client_mknod_dotl);
1777
1778int p9_client_mkdir_dotl(struct p9_fid *fid, char *name, int mode,
1779 gid_t gid, struct p9_qid *qid)
1780{
1781 int err;
1782 struct p9_client *clnt;
1783 struct p9_req_t *req;
1784
1785 err = 0;
1786 clnt = fid->clnt;
1787 P9_DPRINTK(P9_DEBUG_9P, ">>> TMKDIR fid %d name %s mode %d gid %d\n",
1788 fid->fid, name, mode, gid);
1789 req = p9_client_rpc(clnt, P9_TMKDIR, "dsdd", fid->fid, name, mode,
1790 gid);
1791 if (IS_ERR(req))
1792 return PTR_ERR(req);
1793
1794 err = p9pdu_readf(req->rc, clnt->proto_version, "Q", qid);
1795 if (err) {
1796 p9pdu_dump(1, req->rc);
1797 goto error;
1798 }
1799 P9_DPRINTK(P9_DEBUG_9P, "<<< RMKDIR qid %x.%llx.%x\n", qid->type,
1800 (unsigned long long)qid->path, qid->version);
1801
1802error:
1803 p9_free_req(clnt, req);
1804 return err;
1805
1806}
1807EXPORT_SYMBOL(p9_client_mkdir_dotl);
diff --git a/net/9p/protocol.c b/net/9p/protocol.c
index 149f82160130..3acd3afb20c8 100644
--- a/net/9p/protocol.c
+++ b/net/9p/protocol.c
@@ -141,6 +141,7 @@ pdu_write_u(struct p9_fcall *pdu, const char __user *udata, size_t size)
141 D - data blob (int32_t size followed by void *, results are not freed) 141 D - data blob (int32_t size followed by void *, results are not freed)
142 T - array of strings (int16_t count, followed by strings) 142 T - array of strings (int16_t count, followed by strings)
143 R - array of qids (int16_t count, followed by qids) 143 R - array of qids (int16_t count, followed by qids)
144 A - stat for 9p2000.L (p9_stat_dotl)
144 ? - if optional = 1, continue parsing 145 ? - if optional = 1, continue parsing
145*/ 146*/
146 147
@@ -340,6 +341,33 @@ p9pdu_vreadf(struct p9_fcall *pdu, int proto_version, const char *fmt,
340 } 341 }
341 } 342 }
342 break; 343 break;
344 case 'A': {
345 struct p9_stat_dotl *stbuf =
346 va_arg(ap, struct p9_stat_dotl *);
347
348 memset(stbuf, 0, sizeof(struct p9_stat_dotl));
349 errcode =
350 p9pdu_readf(pdu, proto_version,
351 "qQdddqqqqqqqqqqqqqqq",
352 &stbuf->st_result_mask,
353 &stbuf->qid,
354 &stbuf->st_mode,
355 &stbuf->st_uid, &stbuf->st_gid,
356 &stbuf->st_nlink,
357 &stbuf->st_rdev, &stbuf->st_size,
358 &stbuf->st_blksize, &stbuf->st_blocks,
359 &stbuf->st_atime_sec,
360 &stbuf->st_atime_nsec,
361 &stbuf->st_mtime_sec,
362 &stbuf->st_mtime_nsec,
363 &stbuf->st_ctime_sec,
364 &stbuf->st_ctime_nsec,
365 &stbuf->st_btime_sec,
366 &stbuf->st_btime_nsec,
367 &stbuf->st_gen,
368 &stbuf->st_data_version);
369 }
370 break;
343 case '?': 371 case '?':
344 if ((proto_version != p9_proto_2000u) && 372 if ((proto_version != p9_proto_2000u) &&
345 (proto_version != p9_proto_2000L)) 373 (proto_version != p9_proto_2000L))
@@ -488,6 +516,23 @@ p9pdu_vwritef(struct p9_fcall *pdu, int proto_version, const char *fmt,
488 } 516 }
489 } 517 }
490 break; 518 break;
519 case 'I':{
520 struct p9_iattr_dotl *p9attr = va_arg(ap,
521 struct p9_iattr_dotl *);
522
523 errcode = p9pdu_writef(pdu, proto_version,
524 "ddddqqqqq",
525 p9attr->valid,
526 p9attr->mode,
527 p9attr->uid,
528 p9attr->gid,
529 p9attr->size,
530 p9attr->atime_sec,
531 p9attr->atime_nsec,
532 p9attr->mtime_sec,
533 p9attr->mtime_nsec);
534 }
535 break;
491 case '?': 536 case '?':
492 if ((proto_version != p9_proto_2000u) && 537 if ((proto_version != p9_proto_2000u) &&
493 (proto_version != p9_proto_2000L)) 538 (proto_version != p9_proto_2000L))
@@ -580,3 +625,30 @@ void p9pdu_reset(struct p9_fcall *pdu)
580 pdu->offset = 0; 625 pdu->offset = 0;
581 pdu->size = 0; 626 pdu->size = 0;
582} 627}
628
629int p9dirent_read(char *buf, int len, struct p9_dirent *dirent,
630 int proto_version)
631{
632 struct p9_fcall fake_pdu;
633 int ret;
634 char *nameptr;
635
636 fake_pdu.size = len;
637 fake_pdu.capacity = len;
638 fake_pdu.sdata = buf;
639 fake_pdu.offset = 0;
640
641 ret = p9pdu_readf(&fake_pdu, proto_version, "Qqbs", &dirent->qid,
642 &dirent->d_off, &dirent->d_type, &nameptr);
643 if (ret) {
644 P9_DPRINTK(P9_DEBUG_9P, "<<< p9dirent_read failed: %d\n", ret);
645 p9pdu_dump(1, &fake_pdu);
646 goto out;
647 }
648
649 strcpy(dirent->d_name, nameptr);
650
651out:
652 return fake_pdu.offset;
653}
654EXPORT_SYMBOL(p9dirent_read);
diff --git a/net/atm/pppoatm.c b/net/atm/pppoatm.c
index e49bb6d948a1..e9aced0ec56b 100644
--- a/net/atm/pppoatm.c
+++ b/net/atm/pppoatm.c
@@ -260,7 +260,7 @@ static int pppoatm_devppp_ioctl(struct ppp_channel *chan, unsigned int cmd,
260 return -ENOTTY; 260 return -ENOTTY;
261} 261}
262 262
263static /*const*/ struct ppp_channel_ops pppoatm_ops = { 263static const struct ppp_channel_ops pppoatm_ops = {
264 .start_xmit = pppoatm_send, 264 .start_xmit = pppoatm_send,
265 .ioctl = pppoatm_devppp_ioctl, 265 .ioctl = pppoatm_devppp_ioctl,
266}; 266};
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index 3e3cd9d4e52c..fadf26b4ed7c 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -2705,8 +2705,9 @@ done:
2705 case L2CAP_MODE_ERTM: 2705 case L2CAP_MODE_ERTM:
2706 pi->remote_tx_win = rfc.txwin_size; 2706 pi->remote_tx_win = rfc.txwin_size;
2707 pi->remote_max_tx = rfc.max_transmit; 2707 pi->remote_max_tx = rfc.max_transmit;
2708 if (rfc.max_pdu_size > pi->conn->mtu - 10) 2708
2709 rfc.max_pdu_size = le16_to_cpu(pi->conn->mtu - 10); 2709 if (le16_to_cpu(rfc.max_pdu_size) > pi->conn->mtu - 10)
2710 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10);
2710 2711
2711 pi->remote_mps = le16_to_cpu(rfc.max_pdu_size); 2712 pi->remote_mps = le16_to_cpu(rfc.max_pdu_size);
2712 2713
@@ -2723,8 +2724,8 @@ done:
2723 break; 2724 break;
2724 2725
2725 case L2CAP_MODE_STREAMING: 2726 case L2CAP_MODE_STREAMING:
2726 if (rfc.max_pdu_size > pi->conn->mtu - 10) 2727 if (le16_to_cpu(rfc.max_pdu_size) > pi->conn->mtu - 10)
2727 rfc.max_pdu_size = le16_to_cpu(pi->conn->mtu - 10); 2728 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10);
2728 2729
2729 pi->remote_mps = le16_to_cpu(rfc.max_pdu_size); 2730 pi->remote_mps = le16_to_cpu(rfc.max_pdu_size);
2730 2731
@@ -2806,7 +2807,6 @@ static int l2cap_parse_conf_rsp(struct sock *sk, void *rsp, int len, void *data,
2806 if (*result == L2CAP_CONF_SUCCESS) { 2807 if (*result == L2CAP_CONF_SUCCESS) {
2807 switch (rfc.mode) { 2808 switch (rfc.mode) {
2808 case L2CAP_MODE_ERTM: 2809 case L2CAP_MODE_ERTM:
2809 pi->remote_tx_win = rfc.txwin_size;
2810 pi->retrans_timeout = le16_to_cpu(rfc.retrans_timeout); 2810 pi->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
2811 pi->monitor_timeout = le16_to_cpu(rfc.monitor_timeout); 2811 pi->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
2812 pi->mps = le16_to_cpu(rfc.max_pdu_size); 2812 pi->mps = le16_to_cpu(rfc.max_pdu_size);
@@ -2862,7 +2862,6 @@ static void l2cap_conf_rfc_get(struct sock *sk, void *rsp, int len)
2862done: 2862done:
2863 switch (rfc.mode) { 2863 switch (rfc.mode) {
2864 case L2CAP_MODE_ERTM: 2864 case L2CAP_MODE_ERTM:
2865 pi->remote_tx_win = rfc.txwin_size;
2866 pi->retrans_timeout = le16_to_cpu(rfc.retrans_timeout); 2865 pi->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
2867 pi->monitor_timeout = le16_to_cpu(rfc.monitor_timeout); 2866 pi->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
2868 pi->mps = le16_to_cpu(rfc.max_pdu_size); 2867 pi->mps = le16_to_cpu(rfc.max_pdu_size);
diff --git a/net/core/dev.c b/net/core/dev.c
index e1c1cdcc2bb0..1ae654391442 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -2517,6 +2517,7 @@ int netif_rx(struct sk_buff *skb)
2517 struct rps_dev_flow voidflow, *rflow = &voidflow; 2517 struct rps_dev_flow voidflow, *rflow = &voidflow;
2518 int cpu; 2518 int cpu;
2519 2519
2520 preempt_disable();
2520 rcu_read_lock(); 2521 rcu_read_lock();
2521 2522
2522 cpu = get_rps_cpu(skb->dev, skb, &rflow); 2523 cpu = get_rps_cpu(skb->dev, skb, &rflow);
@@ -2526,6 +2527,7 @@ int netif_rx(struct sk_buff *skb)
2526 ret = enqueue_to_backlog(skb, cpu, &rflow->last_qtail); 2527 ret = enqueue_to_backlog(skb, cpu, &rflow->last_qtail);
2527 2528
2528 rcu_read_unlock(); 2529 rcu_read_unlock();
2530 preempt_enable();
2529 } 2531 }
2530#else 2532#else
2531 { 2533 {
@@ -3072,7 +3074,7 @@ enum gro_result dev_gro_receive(struct napi_struct *napi, struct sk_buff *skb)
3072 int mac_len; 3074 int mac_len;
3073 enum gro_result ret; 3075 enum gro_result ret;
3074 3076
3075 if (!(skb->dev->features & NETIF_F_GRO)) 3077 if (!(skb->dev->features & NETIF_F_GRO) || netpoll_rx_on(skb))
3076 goto normal; 3078 goto normal;
3077 3079
3078 if (skb_is_gso(skb) || skb_has_frags(skb)) 3080 if (skb_is_gso(skb) || skb_has_frags(skb))
@@ -3159,9 +3161,6 @@ __napi_gro_receive(struct napi_struct *napi, struct sk_buff *skb)
3159{ 3161{
3160 struct sk_buff *p; 3162 struct sk_buff *p;
3161 3163
3162 if (netpoll_rx_on(skb))
3163 return GRO_NORMAL;
3164
3165 for (p = napi->gro_list; p; p = p->next) { 3164 for (p = napi->gro_list; p; p = p->next) {
3166 NAPI_GRO_CB(p)->same_flow = 3165 NAPI_GRO_CB(p)->same_flow =
3167 (p->dev == skb->dev) && 3166 (p->dev == skb->dev) &&
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index 3c426cb318e7..e663b78a2ef6 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -3930,7 +3930,7 @@ u8 *tcp_parse_md5sig_option(struct tcphdr *th)
3930 if (opsize < 2 || opsize > length) 3930 if (opsize < 2 || opsize > length)
3931 return NULL; 3931 return NULL;
3932 if (opcode == TCPOPT_MD5SIG) 3932 if (opcode == TCPOPT_MD5SIG)
3933 return ptr; 3933 return opsize == TCPOLEN_MD5SIG ? ptr : NULL;
3934 } 3934 }
3935 ptr += opsize - 2; 3935 ptr += opsize - 2;
3936 length -= opsize; 3936 length -= opsize;
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
index 098a050a20b0..13ef5bc05cf5 100644
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -199,7 +199,7 @@ static int nf_ct_frag6_queue(struct nf_ct_frag6_queue *fq, struct sk_buff *skb,
199 int offset, end; 199 int offset, end;
200 200
201 if (fq->q.last_in & INET_FRAG_COMPLETE) { 201 if (fq->q.last_in & INET_FRAG_COMPLETE) {
202 pr_debug("Allready completed\n"); 202 pr_debug("Already completed\n");
203 goto err; 203 goto err;
204 } 204 }
205 205
diff --git a/net/irda/irnet/irnet_ppp.c b/net/irda/irnet/irnet_ppp.c
index 800bc53b7f63..dfe7b38dd4af 100644
--- a/net/irda/irnet/irnet_ppp.c
+++ b/net/irda/irnet/irnet_ppp.c
@@ -20,7 +20,7 @@
20/* Please put other headers in irnet.h - Thanks */ 20/* Please put other headers in irnet.h - Thanks */
21 21
22/* Generic PPP callbacks (to call us) */ 22/* Generic PPP callbacks (to call us) */
23static struct ppp_channel_ops irnet_ppp_ops = { 23static const struct ppp_channel_ops irnet_ppp_ops = {
24 .start_xmit = ppp_irnet_send, 24 .start_xmit = ppp_irnet_send,
25 .ioctl = ppp_irnet_ioctl 25 .ioctl = ppp_irnet_ioctl
26}; 26};
diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c
index 90d82b3f2889..ff954b3e94b6 100644
--- a/net/l2tp/l2tp_ppp.c
+++ b/net/l2tp/l2tp_ppp.c
@@ -135,7 +135,10 @@ struct pppol2tp_session {
135 135
136static int pppol2tp_xmit(struct ppp_channel *chan, struct sk_buff *skb); 136static int pppol2tp_xmit(struct ppp_channel *chan, struct sk_buff *skb);
137 137
138static struct ppp_channel_ops pppol2tp_chan_ops = { pppol2tp_xmit , NULL }; 138static const struct ppp_channel_ops pppol2tp_chan_ops = {
139 .start_xmit = pppol2tp_xmit,
140};
141
139static const struct proto_ops pppol2tp_ops; 142static const struct proto_ops pppol2tp_ops;
140 143
141/* Helpers to obtain tunnel/session contexts from sockets. 144/* Helpers to obtain tunnel/session contexts from sockets.
diff --git a/net/netfilter/ipvs/ip_vs_lblc.c b/net/netfilter/ipvs/ip_vs_lblc.c
index 94a45213faa6..9323f8944199 100644
--- a/net/netfilter/ipvs/ip_vs_lblc.c
+++ b/net/netfilter/ipvs/ip_vs_lblc.c
@@ -11,7 +11,7 @@
11 * Changes: 11 * Changes:
12 * Martin Hamilton : fixed the terrible locking bugs 12 * Martin Hamilton : fixed the terrible locking bugs
13 * *lock(tbl->lock) ==> *lock(&tbl->lock) 13 * *lock(tbl->lock) ==> *lock(&tbl->lock)
14 * Wensong Zhang : fixed the uninitilized tbl->lock bug 14 * Wensong Zhang : fixed the uninitialized tbl->lock bug
15 * Wensong Zhang : added doing full expiration check to 15 * Wensong Zhang : added doing full expiration check to
16 * collect stale entries of 24+ hours when 16 * collect stale entries of 24+ hours when
17 * no partial expire check in a half hour 17 * no partial expire check in a half hour
diff --git a/net/netfilter/ipvs/ip_vs_lblcr.c b/net/netfilter/ipvs/ip_vs_lblcr.c
index 535dc2b419d8..dbeed8ea421a 100644
--- a/net/netfilter/ipvs/ip_vs_lblcr.c
+++ b/net/netfilter/ipvs/ip_vs_lblcr.c
@@ -386,7 +386,7 @@ ip_vs_lblcr_new(struct ip_vs_lblcr_table *tbl, const union nf_inet_addr *daddr,
386 ip_vs_addr_copy(dest->af, &en->addr, daddr); 386 ip_vs_addr_copy(dest->af, &en->addr, daddr);
387 en->lastuse = jiffies; 387 en->lastuse = jiffies;
388 388
389 /* initilize its dest set */ 389 /* initialize its dest set */
390 atomic_set(&(en->set.size), 0); 390 atomic_set(&(en->set.size), 0);
391 INIT_LIST_HEAD(&en->set.list); 391 INIT_LIST_HEAD(&en->set.list);
392 rwlock_init(&en->set.lock); 392 rwlock_init(&en->set.lock);
diff --git a/net/rxrpc/ar-ack.c b/net/rxrpc/ar-ack.c
index 2714da167fb8..b6ffe4e1b84a 100644
--- a/net/rxrpc/ar-ack.c
+++ b/net/rxrpc/ar-ack.c
@@ -245,6 +245,9 @@ static void rxrpc_resend_timer(struct rxrpc_call *call)
245 _enter("%d,%d,%d", 245 _enter("%d,%d,%d",
246 call->acks_tail, call->acks_unacked, call->acks_head); 246 call->acks_tail, call->acks_unacked, call->acks_head);
247 247
248 if (call->state >= RXRPC_CALL_COMPLETE)
249 return;
250
248 resend = 0; 251 resend = 0;
249 resend_at = 0; 252 resend_at = 0;
250 253
diff --git a/net/rxrpc/ar-call.c b/net/rxrpc/ar-call.c
index 909d092de9f4..bf656c230ba9 100644
--- a/net/rxrpc/ar-call.c
+++ b/net/rxrpc/ar-call.c
@@ -786,6 +786,7 @@ static void rxrpc_call_life_expired(unsigned long _call)
786 786
787/* 787/*
788 * handle resend timer expiry 788 * handle resend timer expiry
789 * - may not take call->state_lock as this can deadlock against del_timer_sync()
789 */ 790 */
790static void rxrpc_resend_time_expired(unsigned long _call) 791static void rxrpc_resend_time_expired(unsigned long _call)
791{ 792{
@@ -796,12 +797,9 @@ static void rxrpc_resend_time_expired(unsigned long _call)
796 if (call->state >= RXRPC_CALL_COMPLETE) 797 if (call->state >= RXRPC_CALL_COMPLETE)
797 return; 798 return;
798 799
799 read_lock_bh(&call->state_lock);
800 clear_bit(RXRPC_CALL_RUN_RTIMER, &call->flags); 800 clear_bit(RXRPC_CALL_RUN_RTIMER, &call->flags);
801 if (call->state < RXRPC_CALL_COMPLETE && 801 if (!test_and_set_bit(RXRPC_CALL_RESEND_TIMER, &call->events))
802 !test_and_set_bit(RXRPC_CALL_RESEND_TIMER, &call->events))
803 rxrpc_queue_call(call); 802 rxrpc_queue_call(call);
804 read_unlock_bh(&call->state_lock);
805} 803}
806 804
807/* 805/*
diff --git a/net/sched/act_nat.c b/net/sched/act_nat.c
index d0386a413e8d..509a2d53a99d 100644
--- a/net/sched/act_nat.c
+++ b/net/sched/act_nat.c
@@ -114,6 +114,7 @@ static int tcf_nat(struct sk_buff *skb, struct tc_action *a,
114 int egress; 114 int egress;
115 int action; 115 int action;
116 int ihl; 116 int ihl;
117 int noff;
117 118
118 spin_lock(&p->tcf_lock); 119 spin_lock(&p->tcf_lock);
119 120
@@ -132,7 +133,8 @@ static int tcf_nat(struct sk_buff *skb, struct tc_action *a,
132 if (unlikely(action == TC_ACT_SHOT)) 133 if (unlikely(action == TC_ACT_SHOT))
133 goto drop; 134 goto drop;
134 135
135 if (!pskb_may_pull(skb, sizeof(*iph))) 136 noff = skb_network_offset(skb);
137 if (!pskb_may_pull(skb, sizeof(*iph) + noff))
136 goto drop; 138 goto drop;
137 139
138 iph = ip_hdr(skb); 140 iph = ip_hdr(skb);
@@ -144,7 +146,7 @@ static int tcf_nat(struct sk_buff *skb, struct tc_action *a,
144 146
145 if (!((old_addr ^ addr) & mask)) { 147 if (!((old_addr ^ addr) & mask)) {
146 if (skb_cloned(skb) && 148 if (skb_cloned(skb) &&
147 !skb_clone_writable(skb, sizeof(*iph)) && 149 !skb_clone_writable(skb, sizeof(*iph) + noff) &&
148 pskb_expand_head(skb, 0, 0, GFP_ATOMIC)) 150 pskb_expand_head(skb, 0, 0, GFP_ATOMIC))
149 goto drop; 151 goto drop;
150 152
@@ -172,9 +174,9 @@ static int tcf_nat(struct sk_buff *skb, struct tc_action *a,
172 { 174 {
173 struct tcphdr *tcph; 175 struct tcphdr *tcph;
174 176
175 if (!pskb_may_pull(skb, ihl + sizeof(*tcph)) || 177 if (!pskb_may_pull(skb, ihl + sizeof(*tcph) + noff) ||
176 (skb_cloned(skb) && 178 (skb_cloned(skb) &&
177 !skb_clone_writable(skb, ihl + sizeof(*tcph)) && 179 !skb_clone_writable(skb, ihl + sizeof(*tcph) + noff) &&
178 pskb_expand_head(skb, 0, 0, GFP_ATOMIC))) 180 pskb_expand_head(skb, 0, 0, GFP_ATOMIC)))
179 goto drop; 181 goto drop;
180 182
@@ -186,9 +188,9 @@ static int tcf_nat(struct sk_buff *skb, struct tc_action *a,
186 { 188 {
187 struct udphdr *udph; 189 struct udphdr *udph;
188 190
189 if (!pskb_may_pull(skb, ihl + sizeof(*udph)) || 191 if (!pskb_may_pull(skb, ihl + sizeof(*udph) + noff) ||
190 (skb_cloned(skb) && 192 (skb_cloned(skb) &&
191 !skb_clone_writable(skb, ihl + sizeof(*udph)) && 193 !skb_clone_writable(skb, ihl + sizeof(*udph) + noff) &&
192 pskb_expand_head(skb, 0, 0, GFP_ATOMIC))) 194 pskb_expand_head(skb, 0, 0, GFP_ATOMIC)))
193 goto drop; 195 goto drop;
194 196
@@ -205,7 +207,7 @@ static int tcf_nat(struct sk_buff *skb, struct tc_action *a,
205 { 207 {
206 struct icmphdr *icmph; 208 struct icmphdr *icmph;
207 209
208 if (!pskb_may_pull(skb, ihl + sizeof(*icmph))) 210 if (!pskb_may_pull(skb, ihl + sizeof(*icmph) + noff))
209 goto drop; 211 goto drop;
210 212
211 icmph = (void *)(skb_network_header(skb) + ihl); 213 icmph = (void *)(skb_network_header(skb) + ihl);
@@ -215,7 +217,8 @@ static int tcf_nat(struct sk_buff *skb, struct tc_action *a,
215 (icmph->type != ICMP_PARAMETERPROB)) 217 (icmph->type != ICMP_PARAMETERPROB))
216 break; 218 break;
217 219
218 if (!pskb_may_pull(skb, ihl + sizeof(*icmph) + sizeof(*iph))) 220 if (!pskb_may_pull(skb, ihl + sizeof(*icmph) + sizeof(*iph) +
221 noff))
219 goto drop; 222 goto drop;
220 223
221 icmph = (void *)(skb_network_header(skb) + ihl); 224 icmph = (void *)(skb_network_header(skb) + ihl);
@@ -229,8 +232,8 @@ static int tcf_nat(struct sk_buff *skb, struct tc_action *a,
229 break; 232 break;
230 233
231 if (skb_cloned(skb) && 234 if (skb_cloned(skb) &&
232 !skb_clone_writable(skb, 235 !skb_clone_writable(skb, ihl + sizeof(*icmph) +
233 ihl + sizeof(*icmph) + sizeof(*iph)) && 236 sizeof(*iph) + noff) &&
234 pskb_expand_head(skb, 0, 0, GFP_ATOMIC)) 237 pskb_expand_head(skb, 0, 0, GFP_ATOMIC))
235 goto drop; 238 goto drop;
236 239
diff --git a/net/sched/cls_flow.c b/net/sched/cls_flow.c
index f73542d2cdd0..e17096e3913c 100644
--- a/net/sched/cls_flow.c
+++ b/net/sched/cls_flow.c
@@ -65,37 +65,47 @@ static inline u32 addr_fold(void *addr)
65 return (a & 0xFFFFFFFF) ^ (BITS_PER_LONG > 32 ? a >> 32 : 0); 65 return (a & 0xFFFFFFFF) ^ (BITS_PER_LONG > 32 ? a >> 32 : 0);
66} 66}
67 67
68static u32 flow_get_src(const struct sk_buff *skb) 68static u32 flow_get_src(struct sk_buff *skb)
69{ 69{
70 switch (skb->protocol) { 70 switch (skb->protocol) {
71 case htons(ETH_P_IP): 71 case htons(ETH_P_IP):
72 return ntohl(ip_hdr(skb)->saddr); 72 if (pskb_network_may_pull(skb, sizeof(struct iphdr)))
73 return ntohl(ip_hdr(skb)->saddr);
74 break;
73 case htons(ETH_P_IPV6): 75 case htons(ETH_P_IPV6):
74 return ntohl(ipv6_hdr(skb)->saddr.s6_addr32[3]); 76 if (pskb_network_may_pull(skb, sizeof(struct ipv6hdr)))
75 default: 77 return ntohl(ipv6_hdr(skb)->saddr.s6_addr32[3]);
76 return addr_fold(skb->sk); 78 break;
77 } 79 }
80
81 return addr_fold(skb->sk);
78} 82}
79 83
80static u32 flow_get_dst(const struct sk_buff *skb) 84static u32 flow_get_dst(struct sk_buff *skb)
81{ 85{
82 switch (skb->protocol) { 86 switch (skb->protocol) {
83 case htons(ETH_P_IP): 87 case htons(ETH_P_IP):
84 return ntohl(ip_hdr(skb)->daddr); 88 if (pskb_network_may_pull(skb, sizeof(struct iphdr)))
89 return ntohl(ip_hdr(skb)->daddr);
90 break;
85 case htons(ETH_P_IPV6): 91 case htons(ETH_P_IPV6):
86 return ntohl(ipv6_hdr(skb)->daddr.s6_addr32[3]); 92 if (pskb_network_may_pull(skb, sizeof(struct ipv6hdr)))
87 default: 93 return ntohl(ipv6_hdr(skb)->daddr.s6_addr32[3]);
88 return addr_fold(skb_dst(skb)) ^ (__force u16)skb->protocol; 94 break;
89 } 95 }
96
97 return addr_fold(skb_dst(skb)) ^ (__force u16)skb->protocol;
90} 98}
91 99
92static u32 flow_get_proto(const struct sk_buff *skb) 100static u32 flow_get_proto(struct sk_buff *skb)
93{ 101{
94 switch (skb->protocol) { 102 switch (skb->protocol) {
95 case htons(ETH_P_IP): 103 case htons(ETH_P_IP):
96 return ip_hdr(skb)->protocol; 104 return pskb_network_may_pull(skb, sizeof(struct iphdr)) ?
105 ip_hdr(skb)->protocol : 0;
97 case htons(ETH_P_IPV6): 106 case htons(ETH_P_IPV6):
98 return ipv6_hdr(skb)->nexthdr; 107 return pskb_network_may_pull(skb, sizeof(struct ipv6hdr)) ?
108 ipv6_hdr(skb)->nexthdr : 0;
99 default: 109 default:
100 return 0; 110 return 0;
101 } 111 }
@@ -116,58 +126,64 @@ static int has_ports(u8 protocol)
116 } 126 }
117} 127}
118 128
119static u32 flow_get_proto_src(const struct sk_buff *skb) 129static u32 flow_get_proto_src(struct sk_buff *skb)
120{ 130{
121 u32 res = 0;
122
123 switch (skb->protocol) { 131 switch (skb->protocol) {
124 case htons(ETH_P_IP): { 132 case htons(ETH_P_IP): {
125 struct iphdr *iph = ip_hdr(skb); 133 struct iphdr *iph;
126 134
135 if (!pskb_network_may_pull(skb, sizeof(*iph)))
136 break;
137 iph = ip_hdr(skb);
127 if (!(iph->frag_off&htons(IP_MF|IP_OFFSET)) && 138 if (!(iph->frag_off&htons(IP_MF|IP_OFFSET)) &&
128 has_ports(iph->protocol)) 139 has_ports(iph->protocol) &&
129 res = ntohs(*(__be16 *)((void *)iph + iph->ihl * 4)); 140 pskb_network_may_pull(skb, iph->ihl * 4 + 2))
141 return ntohs(*(__be16 *)((void *)iph + iph->ihl * 4));
130 break; 142 break;
131 } 143 }
132 case htons(ETH_P_IPV6): { 144 case htons(ETH_P_IPV6): {
133 struct ipv6hdr *iph = ipv6_hdr(skb); 145 struct ipv6hdr *iph;
134 146
147 if (!pskb_network_may_pull(skb, sizeof(*iph) + 2))
148 break;
149 iph = ipv6_hdr(skb);
135 if (has_ports(iph->nexthdr)) 150 if (has_ports(iph->nexthdr))
136 res = ntohs(*(__be16 *)&iph[1]); 151 return ntohs(*(__be16 *)&iph[1]);
137 break; 152 break;
138 } 153 }
139 default:
140 res = addr_fold(skb->sk);
141 } 154 }
142 155
143 return res; 156 return addr_fold(skb->sk);
144} 157}
145 158
146static u32 flow_get_proto_dst(const struct sk_buff *skb) 159static u32 flow_get_proto_dst(struct sk_buff *skb)
147{ 160{
148 u32 res = 0;
149
150 switch (skb->protocol) { 161 switch (skb->protocol) {
151 case htons(ETH_P_IP): { 162 case htons(ETH_P_IP): {
152 struct iphdr *iph = ip_hdr(skb); 163 struct iphdr *iph;
153 164
165 if (!pskb_network_may_pull(skb, sizeof(*iph)))
166 break;
167 iph = ip_hdr(skb);
154 if (!(iph->frag_off&htons(IP_MF|IP_OFFSET)) && 168 if (!(iph->frag_off&htons(IP_MF|IP_OFFSET)) &&
155 has_ports(iph->protocol)) 169 has_ports(iph->protocol) &&
156 res = ntohs(*(__be16 *)((void *)iph + iph->ihl * 4 + 2)); 170 pskb_network_may_pull(skb, iph->ihl * 4 + 4))
171 return ntohs(*(__be16 *)((void *)iph + iph->ihl * 4 + 2));
157 break; 172 break;
158 } 173 }
159 case htons(ETH_P_IPV6): { 174 case htons(ETH_P_IPV6): {
160 struct ipv6hdr *iph = ipv6_hdr(skb); 175 struct ipv6hdr *iph;
161 176
177 if (!pskb_network_may_pull(skb, sizeof(*iph) + 4))
178 break;
179 iph = ipv6_hdr(skb);
162 if (has_ports(iph->nexthdr)) 180 if (has_ports(iph->nexthdr))
163 res = ntohs(*(__be16 *)((void *)&iph[1] + 2)); 181 return ntohs(*(__be16 *)((void *)&iph[1] + 2));
164 break; 182 break;
165 } 183 }
166 default:
167 res = addr_fold(skb_dst(skb)) ^ (__force u16)skb->protocol;
168 } 184 }
169 185
170 return res; 186 return addr_fold(skb_dst(skb)) ^ (__force u16)skb->protocol;
171} 187}
172 188
173static u32 flow_get_iif(const struct sk_buff *skb) 189static u32 flow_get_iif(const struct sk_buff *skb)
@@ -211,7 +227,7 @@ static u32 flow_get_nfct(const struct sk_buff *skb)
211}) 227})
212#endif 228#endif
213 229
214static u32 flow_get_nfct_src(const struct sk_buff *skb) 230static u32 flow_get_nfct_src(struct sk_buff *skb)
215{ 231{
216 switch (skb->protocol) { 232 switch (skb->protocol) {
217 case htons(ETH_P_IP): 233 case htons(ETH_P_IP):
@@ -223,7 +239,7 @@ fallback:
223 return flow_get_src(skb); 239 return flow_get_src(skb);
224} 240}
225 241
226static u32 flow_get_nfct_dst(const struct sk_buff *skb) 242static u32 flow_get_nfct_dst(struct sk_buff *skb)
227{ 243{
228 switch (skb->protocol) { 244 switch (skb->protocol) {
229 case htons(ETH_P_IP): 245 case htons(ETH_P_IP):
@@ -235,14 +251,14 @@ fallback:
235 return flow_get_dst(skb); 251 return flow_get_dst(skb);
236} 252}
237 253
238static u32 flow_get_nfct_proto_src(const struct sk_buff *skb) 254static u32 flow_get_nfct_proto_src(struct sk_buff *skb)
239{ 255{
240 return ntohs(CTTUPLE(skb, src.u.all)); 256 return ntohs(CTTUPLE(skb, src.u.all));
241fallback: 257fallback:
242 return flow_get_proto_src(skb); 258 return flow_get_proto_src(skb);
243} 259}
244 260
245static u32 flow_get_nfct_proto_dst(const struct sk_buff *skb) 261static u32 flow_get_nfct_proto_dst(struct sk_buff *skb)
246{ 262{
247 return ntohs(CTTUPLE(skb, dst.u.all)); 263 return ntohs(CTTUPLE(skb, dst.u.all));
248fallback: 264fallback:
@@ -281,7 +297,7 @@ static u32 flow_get_vlan_tag(const struct sk_buff *skb)
281 return tag & VLAN_VID_MASK; 297 return tag & VLAN_VID_MASK;
282} 298}
283 299
284static u32 flow_key_get(const struct sk_buff *skb, int key) 300static u32 flow_key_get(struct sk_buff *skb, int key)
285{ 301{
286 switch (key) { 302 switch (key) {
287 case FLOW_KEY_SRC: 303 case FLOW_KEY_SRC:
diff --git a/net/sched/cls_rsvp.h b/net/sched/cls_rsvp.h
index dd9414e44200..425a1790b048 100644
--- a/net/sched/cls_rsvp.h
+++ b/net/sched/cls_rsvp.h
@@ -143,9 +143,17 @@ static int rsvp_classify(struct sk_buff *skb, struct tcf_proto *tp,
143 u8 tunnelid = 0; 143 u8 tunnelid = 0;
144 u8 *xprt; 144 u8 *xprt;
145#if RSVP_DST_LEN == 4 145#if RSVP_DST_LEN == 4
146 struct ipv6hdr *nhptr = ipv6_hdr(skb); 146 struct ipv6hdr *nhptr;
147
148 if (!pskb_network_may_pull(skb, sizeof(*nhptr)))
149 return -1;
150 nhptr = ipv6_hdr(skb);
147#else 151#else
148 struct iphdr *nhptr = ip_hdr(skb); 152 struct iphdr *nhptr;
153
154 if (!pskb_network_may_pull(skb, sizeof(*nhptr)))
155 return -1;
156 nhptr = ip_hdr(skb);
149#endif 157#endif
150 158
151restart: 159restart:
diff --git a/net/sched/sch_sfq.c b/net/sched/sch_sfq.c
index c65762823f5e..534f33231c17 100644
--- a/net/sched/sch_sfq.c
+++ b/net/sched/sch_sfq.c
@@ -122,7 +122,11 @@ static unsigned sfq_hash(struct sfq_sched_data *q, struct sk_buff *skb)
122 switch (skb->protocol) { 122 switch (skb->protocol) {
123 case htons(ETH_P_IP): 123 case htons(ETH_P_IP):
124 { 124 {
125 const struct iphdr *iph = ip_hdr(skb); 125 const struct iphdr *iph;
126
127 if (!pskb_network_may_pull(skb, sizeof(*iph)))
128 goto err;
129 iph = ip_hdr(skb);
126 h = (__force u32)iph->daddr; 130 h = (__force u32)iph->daddr;
127 h2 = (__force u32)iph->saddr ^ iph->protocol; 131 h2 = (__force u32)iph->saddr ^ iph->protocol;
128 if (!(iph->frag_off&htons(IP_MF|IP_OFFSET)) && 132 if (!(iph->frag_off&htons(IP_MF|IP_OFFSET)) &&
@@ -131,25 +135,32 @@ static unsigned sfq_hash(struct sfq_sched_data *q, struct sk_buff *skb)
131 iph->protocol == IPPROTO_UDPLITE || 135 iph->protocol == IPPROTO_UDPLITE ||
132 iph->protocol == IPPROTO_SCTP || 136 iph->protocol == IPPROTO_SCTP ||
133 iph->protocol == IPPROTO_DCCP || 137 iph->protocol == IPPROTO_DCCP ||
134 iph->protocol == IPPROTO_ESP)) 138 iph->protocol == IPPROTO_ESP) &&
139 pskb_network_may_pull(skb, iph->ihl * 4 + 4))
135 h2 ^= *(((u32*)iph) + iph->ihl); 140 h2 ^= *(((u32*)iph) + iph->ihl);
136 break; 141 break;
137 } 142 }
138 case htons(ETH_P_IPV6): 143 case htons(ETH_P_IPV6):
139 { 144 {
140 struct ipv6hdr *iph = ipv6_hdr(skb); 145 struct ipv6hdr *iph;
146
147 if (!pskb_network_may_pull(skb, sizeof(*iph)))
148 goto err;
149 iph = ipv6_hdr(skb);
141 h = (__force u32)iph->daddr.s6_addr32[3]; 150 h = (__force u32)iph->daddr.s6_addr32[3];
142 h2 = (__force u32)iph->saddr.s6_addr32[3] ^ iph->nexthdr; 151 h2 = (__force u32)iph->saddr.s6_addr32[3] ^ iph->nexthdr;
143 if (iph->nexthdr == IPPROTO_TCP || 152 if ((iph->nexthdr == IPPROTO_TCP ||
144 iph->nexthdr == IPPROTO_UDP || 153 iph->nexthdr == IPPROTO_UDP ||
145 iph->nexthdr == IPPROTO_UDPLITE || 154 iph->nexthdr == IPPROTO_UDPLITE ||
146 iph->nexthdr == IPPROTO_SCTP || 155 iph->nexthdr == IPPROTO_SCTP ||
147 iph->nexthdr == IPPROTO_DCCP || 156 iph->nexthdr == IPPROTO_DCCP ||
148 iph->nexthdr == IPPROTO_ESP) 157 iph->nexthdr == IPPROTO_ESP) &&
158 pskb_network_may_pull(skb, sizeof(*iph) + 4))
149 h2 ^= *(u32*)&iph[1]; 159 h2 ^= *(u32*)&iph[1];
150 break; 160 break;
151 } 161 }
152 default: 162 default:
163err:
153 h = (unsigned long)skb_dst(skb) ^ (__force u32)skb->protocol; 164 h = (unsigned long)skb_dst(skb) ^ (__force u32)skb->protocol;
154 h2 = (unsigned long)skb->sk; 165 h2 = (unsigned long)skb->sk;
155 } 166 }
@@ -502,6 +513,12 @@ static unsigned long sfq_get(struct Qdisc *sch, u32 classid)
502 return 0; 513 return 0;
503} 514}
504 515
516static unsigned long sfq_bind(struct Qdisc *sch, unsigned long parent,
517 u32 classid)
518{
519 return 0;
520}
521
505static struct tcf_proto **sfq_find_tcf(struct Qdisc *sch, unsigned long cl) 522static struct tcf_proto **sfq_find_tcf(struct Qdisc *sch, unsigned long cl)
506{ 523{
507 struct sfq_sched_data *q = qdisc_priv(sch); 524 struct sfq_sched_data *q = qdisc_priv(sch);
@@ -556,6 +573,7 @@ static void sfq_walk(struct Qdisc *sch, struct qdisc_walker *arg)
556static const struct Qdisc_class_ops sfq_class_ops = { 573static const struct Qdisc_class_ops sfq_class_ops = {
557 .get = sfq_get, 574 .get = sfq_get,
558 .tcf_chain = sfq_find_tcf, 575 .tcf_chain = sfq_find_tcf,
576 .bind_tcf = sfq_bind,
559 .dump = sfq_dump_class, 577 .dump = sfq_dump_class,
560 .dump_stats = sfq_dump_class_stats, 578 .dump_stats = sfq_dump_class_stats,
561 .walk = sfq_walk, 579 .walk = sfq_walk,
diff --git a/net/sctp/associola.c b/net/sctp/associola.c
index e41feff19e43..0b85e5256434 100644
--- a/net/sctp/associola.c
+++ b/net/sctp/associola.c
@@ -172,7 +172,7 @@ static struct sctp_association *sctp_association_init(struct sctp_association *a
172 asoc->timeouts[SCTP_EVENT_TIMEOUT_AUTOCLOSE] = 172 asoc->timeouts[SCTP_EVENT_TIMEOUT_AUTOCLOSE] =
173 (unsigned long)sp->autoclose * HZ; 173 (unsigned long)sp->autoclose * HZ;
174 174
175 /* Initilizes the timers */ 175 /* Initializes the timers */
176 for (i = SCTP_EVENT_TIMEOUT_NONE; i < SCTP_NUM_TIMEOUT_TYPES; ++i) 176 for (i = SCTP_EVENT_TIMEOUT_NONE; i < SCTP_NUM_TIMEOUT_TYPES; ++i)
177 setup_timer(&asoc->timers[i], sctp_timer_events[i], 177 setup_timer(&asoc->timers[i], sctp_timer_events[i],
178 (unsigned long)asoc); 178 (unsigned long)asoc);
diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c
index c0e162aeb0bd..5027b83f1cc0 100644
--- a/net/sctp/protocol.c
+++ b/net/sctp/protocol.c
@@ -1163,7 +1163,7 @@ SCTP_STATIC __init int sctp_init(void)
1163 /* Set the pressure threshold to be a fraction of global memory that 1163 /* Set the pressure threshold to be a fraction of global memory that
1164 * is up to 1/2 at 256 MB, decreasing toward zero with the amount of 1164 * is up to 1/2 at 256 MB, decreasing toward zero with the amount of
1165 * memory, with a floor of 128 pages. 1165 * memory, with a floor of 128 pages.
1166 * Note this initalizes the data in sctpv6_prot too 1166 * Note this initializes the data in sctpv6_prot too
1167 * Unabashedly stolen from tcp_init 1167 * Unabashedly stolen from tcp_init
1168 */ 1168 */
1169 nr_pages = totalram_pages - totalhigh_pages; 1169 nr_pages = totalram_pages - totalhigh_pages;
diff --git a/net/sunrpc/auth.c b/net/sunrpc/auth.c
index 73affb8624fa..8dc47f1d0001 100644
--- a/net/sunrpc/auth.c
+++ b/net/sunrpc/auth.c
@@ -267,7 +267,7 @@ rpcauth_prune_expired(struct list_head *free, int nr_to_scan)
267 * Run memory cache shrinker. 267 * Run memory cache shrinker.
268 */ 268 */
269static int 269static int
270rpcauth_cache_shrinker(int nr_to_scan, gfp_t gfp_mask) 270rpcauth_cache_shrinker(struct shrinker *shrink, int nr_to_scan, gfp_t gfp_mask)
271{ 271{
272 LIST_HEAD(free); 272 LIST_HEAD(free);
273 int res; 273 int res;
diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c
index 2a9675136c68..7ca65c7005ea 100644
--- a/net/sunrpc/xprtsock.c
+++ b/net/sunrpc/xprtsock.c
@@ -210,7 +210,8 @@ struct sock_xprt {
210 * State of TCP reply receive 210 * State of TCP reply receive
211 */ 211 */
212 __be32 tcp_fraghdr, 212 __be32 tcp_fraghdr,
213 tcp_xid; 213 tcp_xid,
214 tcp_calldir;
214 215
215 u32 tcp_offset, 216 u32 tcp_offset,
216 tcp_reclen; 217 tcp_reclen;
@@ -927,7 +928,7 @@ static inline void xs_tcp_read_calldir(struct sock_xprt *transport,
927{ 928{
928 size_t len, used; 929 size_t len, used;
929 u32 offset; 930 u32 offset;
930 __be32 calldir; 931 char *p;
931 932
932 /* 933 /*
933 * We want transport->tcp_offset to be 8 at the end of this routine 934 * We want transport->tcp_offset to be 8 at the end of this routine
@@ -936,26 +937,33 @@ static inline void xs_tcp_read_calldir(struct sock_xprt *transport,
936 * transport->tcp_offset is 4 (after having already read the xid). 937 * transport->tcp_offset is 4 (after having already read the xid).
937 */ 938 */
938 offset = transport->tcp_offset - sizeof(transport->tcp_xid); 939 offset = transport->tcp_offset - sizeof(transport->tcp_xid);
939 len = sizeof(calldir) - offset; 940 len = sizeof(transport->tcp_calldir) - offset;
940 dprintk("RPC: reading CALL/REPLY flag (%Zu bytes)\n", len); 941 dprintk("RPC: reading CALL/REPLY flag (%Zu bytes)\n", len);
941 used = xdr_skb_read_bits(desc, &calldir, len); 942 p = ((char *) &transport->tcp_calldir) + offset;
943 used = xdr_skb_read_bits(desc, p, len);
942 transport->tcp_offset += used; 944 transport->tcp_offset += used;
943 if (used != len) 945 if (used != len)
944 return; 946 return;
945 transport->tcp_flags &= ~TCP_RCV_READ_CALLDIR; 947 transport->tcp_flags &= ~TCP_RCV_READ_CALLDIR;
946 transport->tcp_flags |= TCP_RCV_COPY_CALLDIR;
947 transport->tcp_flags |= TCP_RCV_COPY_DATA;
948 /* 948 /*
949 * We don't yet have the XDR buffer, so we will write the calldir 949 * We don't yet have the XDR buffer, so we will write the calldir
950 * out after we get the buffer from the 'struct rpc_rqst' 950 * out after we get the buffer from the 'struct rpc_rqst'
951 */ 951 */
952 if (ntohl(calldir) == RPC_REPLY) 952 switch (ntohl(transport->tcp_calldir)) {
953 case RPC_REPLY:
954 transport->tcp_flags |= TCP_RCV_COPY_CALLDIR;
955 transport->tcp_flags |= TCP_RCV_COPY_DATA;
953 transport->tcp_flags |= TCP_RPC_REPLY; 956 transport->tcp_flags |= TCP_RPC_REPLY;
954 else 957 break;
958 case RPC_CALL:
959 transport->tcp_flags |= TCP_RCV_COPY_CALLDIR;
960 transport->tcp_flags |= TCP_RCV_COPY_DATA;
955 transport->tcp_flags &= ~TCP_RPC_REPLY; 961 transport->tcp_flags &= ~TCP_RPC_REPLY;
956 dprintk("RPC: reading %s CALL/REPLY flag %08x\n", 962 break;
957 (transport->tcp_flags & TCP_RPC_REPLY) ? 963 default:
958 "reply for" : "request with", calldir); 964 dprintk("RPC: invalid request message type\n");
965 xprt_force_disconnect(&transport->xprt);
966 }
959 xs_tcp_check_fraghdr(transport); 967 xs_tcp_check_fraghdr(transport);
960} 968}
961 969
@@ -975,12 +983,10 @@ static inline void xs_tcp_read_common(struct rpc_xprt *xprt,
975 /* 983 /*
976 * Save the RPC direction in the XDR buffer 984 * Save the RPC direction in the XDR buffer
977 */ 985 */
978 __be32 calldir = transport->tcp_flags & TCP_RPC_REPLY ?
979 htonl(RPC_REPLY) : 0;
980
981 memcpy(rcvbuf->head[0].iov_base + transport->tcp_copied, 986 memcpy(rcvbuf->head[0].iov_base + transport->tcp_copied,
982 &calldir, sizeof(calldir)); 987 &transport->tcp_calldir,
983 transport->tcp_copied += sizeof(calldir); 988 sizeof(transport->tcp_calldir));
989 transport->tcp_copied += sizeof(transport->tcp_calldir);
984 transport->tcp_flags &= ~TCP_RCV_COPY_CALLDIR; 990 transport->tcp_flags &= ~TCP_RCV_COPY_CALLDIR;
985 } 991 }
986 992
diff --git a/net/wireless/mlme.c b/net/wireless/mlme.c
index e74a1a2119d3..d1a3fb99fdf2 100644
--- a/net/wireless/mlme.c
+++ b/net/wireless/mlme.c
@@ -843,13 +843,19 @@ int cfg80211_mlme_action(struct cfg80211_registered_device *rdev,
843 return -EINVAL; 843 return -EINVAL;
844 if (mgmt->u.action.category != WLAN_CATEGORY_PUBLIC) { 844 if (mgmt->u.action.category != WLAN_CATEGORY_PUBLIC) {
845 /* Verify that we are associated with the destination AP */ 845 /* Verify that we are associated with the destination AP */
846 wdev_lock(wdev);
847
846 if (!wdev->current_bss || 848 if (!wdev->current_bss ||
847 memcmp(wdev->current_bss->pub.bssid, mgmt->bssid, 849 memcmp(wdev->current_bss->pub.bssid, mgmt->bssid,
848 ETH_ALEN) != 0 || 850 ETH_ALEN) != 0 ||
849 (wdev->iftype == NL80211_IFTYPE_STATION && 851 (wdev->iftype == NL80211_IFTYPE_STATION &&
850 memcmp(wdev->current_bss->pub.bssid, mgmt->da, 852 memcmp(wdev->current_bss->pub.bssid, mgmt->da,
851 ETH_ALEN) != 0)) 853 ETH_ALEN) != 0)) {
854 wdev_unlock(wdev);
852 return -ENOTCONN; 855 return -ENOTCONN;
856 }
857
858 wdev_unlock(wdev);
853 } 859 }
854 860
855 if (memcmp(mgmt->sa, dev->dev_addr, ETH_ALEN) != 0) 861 if (memcmp(mgmt->sa, dev->dev_addr, ETH_ALEN) != 0)