diff options
Diffstat (limited to 'net')
30 files changed, 184 insertions, 102 deletions
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c index 5ad7da217474..3c094e78dde9 100644 --- a/net/bluetooth/hci_conn.c +++ b/net/bluetooth/hci_conn.c | |||
| @@ -29,6 +29,7 @@ | |||
| 29 | #include <net/bluetooth/bluetooth.h> | 29 | #include <net/bluetooth/bluetooth.h> |
| 30 | #include <net/bluetooth/hci_core.h> | 30 | #include <net/bluetooth/hci_core.h> |
| 31 | #include <net/bluetooth/a2mp.h> | 31 | #include <net/bluetooth/a2mp.h> |
| 32 | #include <net/bluetooth/smp.h> | ||
| 32 | 33 | ||
| 33 | static void hci_le_connect(struct hci_conn *conn) | 34 | static void hci_le_connect(struct hci_conn *conn) |
| 34 | { | 35 | { |
| @@ -619,6 +620,9 @@ int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type) | |||
| 619 | { | 620 | { |
| 620 | BT_DBG("hcon %p", conn); | 621 | BT_DBG("hcon %p", conn); |
| 621 | 622 | ||
| 623 | if (conn->type == LE_LINK) | ||
| 624 | return smp_conn_security(conn, sec_level); | ||
| 625 | |||
| 622 | /* For sdp we don't need the link key. */ | 626 | /* For sdp we don't need the link key. */ |
| 623 | if (sec_level == BT_SECURITY_SDP) | 627 | if (sec_level == BT_SECURITY_SDP) |
| 624 | return 1; | 628 | return 1; |
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c index daa149b7003c..4ea1710a4783 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c | |||
| @@ -1199,14 +1199,15 @@ clean: | |||
| 1199 | static void l2cap_conn_ready(struct l2cap_conn *conn) | 1199 | static void l2cap_conn_ready(struct l2cap_conn *conn) |
| 1200 | { | 1200 | { |
| 1201 | struct l2cap_chan *chan; | 1201 | struct l2cap_chan *chan; |
| 1202 | struct hci_conn *hcon = conn->hcon; | ||
| 1202 | 1203 | ||
| 1203 | BT_DBG("conn %p", conn); | 1204 | BT_DBG("conn %p", conn); |
| 1204 | 1205 | ||
| 1205 | if (!conn->hcon->out && conn->hcon->type == LE_LINK) | 1206 | if (!hcon->out && hcon->type == LE_LINK) |
| 1206 | l2cap_le_conn_ready(conn); | 1207 | l2cap_le_conn_ready(conn); |
| 1207 | 1208 | ||
| 1208 | if (conn->hcon->out && conn->hcon->type == LE_LINK) | 1209 | if (hcon->out && hcon->type == LE_LINK) |
| 1209 | smp_conn_security(conn, conn->hcon->pending_sec_level); | 1210 | smp_conn_security(hcon, hcon->pending_sec_level); |
| 1210 | 1211 | ||
| 1211 | mutex_lock(&conn->chan_lock); | 1212 | mutex_lock(&conn->chan_lock); |
| 1212 | 1213 | ||
| @@ -1219,8 +1220,8 @@ static void l2cap_conn_ready(struct l2cap_conn *conn) | |||
| 1219 | continue; | 1220 | continue; |
| 1220 | } | 1221 | } |
| 1221 | 1222 | ||
| 1222 | if (conn->hcon->type == LE_LINK) { | 1223 | if (hcon->type == LE_LINK) { |
| 1223 | if (smp_conn_security(conn, chan->sec_level)) | 1224 | if (smp_conn_security(hcon, chan->sec_level)) |
| 1224 | l2cap_chan_ready(chan); | 1225 | l2cap_chan_ready(chan); |
| 1225 | 1226 | ||
| 1226 | } else if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) { | 1227 | } else if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) { |
diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c index 1497edd191a2..34bbe1c5e389 100644 --- a/net/bluetooth/l2cap_sock.c +++ b/net/bluetooth/l2cap_sock.c | |||
| @@ -616,7 +616,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, ch | |||
| 616 | break; | 616 | break; |
| 617 | } | 617 | } |
| 618 | 618 | ||
| 619 | if (smp_conn_security(conn, sec.level)) | 619 | if (smp_conn_security(conn->hcon, sec.level)) |
| 620 | break; | 620 | break; |
| 621 | sk->sk_state = BT_CONFIG; | 621 | sk->sk_state = BT_CONFIG; |
| 622 | chan->state = BT_CONFIG; | 622 | chan->state = BT_CONFIG; |
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c index 901a616c8083..8c225ef349cd 100644 --- a/net/bluetooth/smp.c +++ b/net/bluetooth/smp.c | |||
| @@ -267,10 +267,10 @@ static void smp_failure(struct l2cap_conn *conn, u8 reason, u8 send) | |||
| 267 | mgmt_auth_failed(conn->hcon->hdev, conn->dst, hcon->type, | 267 | mgmt_auth_failed(conn->hcon->hdev, conn->dst, hcon->type, |
| 268 | hcon->dst_type, reason); | 268 | hcon->dst_type, reason); |
| 269 | 269 | ||
| 270 | if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags)) { | 270 | cancel_delayed_work_sync(&conn->security_timer); |
| 271 | cancel_delayed_work_sync(&conn->security_timer); | 271 | |
| 272 | if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags)) | ||
| 272 | smp_chan_destroy(conn); | 273 | smp_chan_destroy(conn); |
| 273 | } | ||
| 274 | } | 274 | } |
| 275 | 275 | ||
| 276 | #define JUST_WORKS 0x00 | 276 | #define JUST_WORKS 0x00 |
| @@ -760,9 +760,9 @@ static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb) | |||
| 760 | return 0; | 760 | return 0; |
| 761 | } | 761 | } |
| 762 | 762 | ||
| 763 | int smp_conn_security(struct l2cap_conn *conn, __u8 sec_level) | 763 | int smp_conn_security(struct hci_conn *hcon, __u8 sec_level) |
| 764 | { | 764 | { |
| 765 | struct hci_conn *hcon = conn->hcon; | 765 | struct l2cap_conn *conn = hcon->l2cap_data; |
| 766 | struct smp_chan *smp = conn->smp_chan; | 766 | struct smp_chan *smp = conn->smp_chan; |
| 767 | __u8 authreq; | 767 | __u8 authreq; |
| 768 | 768 | ||
diff --git a/net/bridge/netfilter/ebt_log.c b/net/bridge/netfilter/ebt_log.c index f88ee537fb2b..92de5e5f9db2 100644 --- a/net/bridge/netfilter/ebt_log.c +++ b/net/bridge/netfilter/ebt_log.c | |||
| @@ -80,7 +80,7 @@ ebt_log_packet(u_int8_t pf, unsigned int hooknum, | |||
| 80 | unsigned int bitmask; | 80 | unsigned int bitmask; |
| 81 | 81 | ||
| 82 | spin_lock_bh(&ebt_log_lock); | 82 | spin_lock_bh(&ebt_log_lock); |
| 83 | printk("<%c>%s IN=%s OUT=%s MAC source = %pM MAC dest = %pM proto = 0x%04x", | 83 | printk(KERN_SOH "%c%s IN=%s OUT=%s MAC source = %pM MAC dest = %pM proto = 0x%04x", |
| 84 | '0' + loginfo->u.log.level, prefix, | 84 | '0' + loginfo->u.log.level, prefix, |
| 85 | in ? in->name : "", out ? out->name : "", | 85 | in ? in->name : "", out ? out->name : "", |
| 86 | eth_hdr(skb)->h_source, eth_hdr(skb)->h_dest, | 86 | eth_hdr(skb)->h_source, eth_hdr(skb)->h_dest, |
diff --git a/net/caif/cfsrvl.c b/net/caif/cfsrvl.c index dd485f6128e8..ba217e90765e 100644 --- a/net/caif/cfsrvl.c +++ b/net/caif/cfsrvl.c | |||
| @@ -211,9 +211,10 @@ void caif_client_register_refcnt(struct cflayer *adapt_layer, | |||
| 211 | void (*put)(struct cflayer *lyr)) | 211 | void (*put)(struct cflayer *lyr)) |
| 212 | { | 212 | { |
| 213 | struct cfsrvl *service; | 213 | struct cfsrvl *service; |
| 214 | service = container_of(adapt_layer->dn, struct cfsrvl, layer); | ||
| 215 | 214 | ||
| 216 | WARN_ON(adapt_layer == NULL || adapt_layer->dn == NULL); | 215 | if (WARN_ON(adapt_layer == NULL || adapt_layer->dn == NULL)) |
| 216 | return; | ||
| 217 | service = container_of(adapt_layer->dn, struct cfsrvl, layer); | ||
| 217 | service->hold = hold; | 218 | service->hold = hold; |
| 218 | service->put = put; | 219 | service->put = put; |
| 219 | } | 220 | } |
diff --git a/net/core/dev.c b/net/core/dev.c index 83988362805e..d7fe32c946c1 100644 --- a/net/core/dev.c +++ b/net/core/dev.c | |||
| @@ -2647,15 +2647,16 @@ void __skb_get_rxhash(struct sk_buff *skb) | |||
| 2647 | if (!skb_flow_dissect(skb, &keys)) | 2647 | if (!skb_flow_dissect(skb, &keys)) |
| 2648 | return; | 2648 | return; |
| 2649 | 2649 | ||
| 2650 | if (keys.ports) { | 2650 | if (keys.ports) |
| 2651 | if ((__force u16)keys.port16[1] < (__force u16)keys.port16[0]) | ||
| 2652 | swap(keys.port16[0], keys.port16[1]); | ||
| 2653 | skb->l4_rxhash = 1; | 2651 | skb->l4_rxhash = 1; |
| 2654 | } | ||
| 2655 | 2652 | ||
| 2656 | /* get a consistent hash (same value on both flow directions) */ | 2653 | /* get a consistent hash (same value on both flow directions) */ |
| 2657 | if ((__force u32)keys.dst < (__force u32)keys.src) | 2654 | if (((__force u32)keys.dst < (__force u32)keys.src) || |
| 2655 | (((__force u32)keys.dst == (__force u32)keys.src) && | ||
| 2656 | ((__force u16)keys.port16[1] < (__force u16)keys.port16[0]))) { | ||
| 2658 | swap(keys.dst, keys.src); | 2657 | swap(keys.dst, keys.src); |
| 2658 | swap(keys.port16[0], keys.port16[1]); | ||
| 2659 | } | ||
| 2659 | 2660 | ||
| 2660 | hash = jhash_3words((__force u32)keys.dst, | 2661 | hash = jhash_3words((__force u32)keys.dst, |
| 2661 | (__force u32)keys.src, | 2662 | (__force u32)keys.src, |
diff --git a/net/core/pktgen.c b/net/core/pktgen.c index cce9e53528b1..148e73d2c451 100644 --- a/net/core/pktgen.c +++ b/net/core/pktgen.c | |||
| @@ -2721,7 +2721,7 @@ static struct sk_buff *fill_packet_ipv4(struct net_device *odev, | |||
| 2721 | /* Eth + IPh + UDPh + mpls */ | 2721 | /* Eth + IPh + UDPh + mpls */ |
| 2722 | datalen = pkt_dev->cur_pkt_size - 14 - 20 - 8 - | 2722 | datalen = pkt_dev->cur_pkt_size - 14 - 20 - 8 - |
| 2723 | pkt_dev->pkt_overhead; | 2723 | pkt_dev->pkt_overhead; |
| 2724 | if (datalen < sizeof(struct pktgen_hdr)) | 2724 | if (datalen < 0 || datalen < sizeof(struct pktgen_hdr)) |
| 2725 | datalen = sizeof(struct pktgen_hdr); | 2725 | datalen = sizeof(struct pktgen_hdr); |
| 2726 | 2726 | ||
| 2727 | udph->source = htons(pkt_dev->cur_udp_src); | 2727 | udph->source = htons(pkt_dev->cur_udp_src); |
diff --git a/net/core/sock.c b/net/core/sock.c index 8f67ced8d6a8..305792076121 100644 --- a/net/core/sock.c +++ b/net/core/sock.c | |||
| @@ -1523,7 +1523,14 @@ EXPORT_SYMBOL(sock_rfree); | |||
| 1523 | 1523 | ||
| 1524 | void sock_edemux(struct sk_buff *skb) | 1524 | void sock_edemux(struct sk_buff *skb) |
| 1525 | { | 1525 | { |
| 1526 | sock_put(skb->sk); | 1526 | struct sock *sk = skb->sk; |
| 1527 | |||
| 1528 | #ifdef CONFIG_INET | ||
| 1529 | if (sk->sk_state == TCP_TIME_WAIT) | ||
| 1530 | inet_twsk_put(inet_twsk(sk)); | ||
| 1531 | else | ||
| 1532 | #endif | ||
| 1533 | sock_put(sk); | ||
| 1527 | } | 1534 | } |
| 1528 | EXPORT_SYMBOL(sock_edemux); | 1535 | EXPORT_SYMBOL(sock_edemux); |
| 1529 | 1536 | ||
diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c index 6f6d1aca3c3d..2814f66dac64 100644 --- a/net/ipv4/udp.c +++ b/net/ipv4/udp.c | |||
| @@ -1226,6 +1226,11 @@ try_again: | |||
| 1226 | 1226 | ||
| 1227 | if (unlikely(err)) { | 1227 | if (unlikely(err)) { |
| 1228 | trace_kfree_skb(skb, udp_recvmsg); | 1228 | trace_kfree_skb(skb, udp_recvmsg); |
| 1229 | if (!peeked) { | ||
| 1230 | atomic_inc(&sk->sk_drops); | ||
| 1231 | UDP_INC_STATS_USER(sock_net(sk), | ||
| 1232 | UDP_MIB_INERRORS, is_udplite); | ||
| 1233 | } | ||
| 1229 | goto out_free; | 1234 | goto out_free; |
| 1230 | } | 1235 | } |
| 1231 | 1236 | ||
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index a3e60cc04a8a..acd32e3f1b68 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c | |||
| @@ -403,8 +403,9 @@ static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, | |||
| 403 | tp->mtu_info = ntohl(info); | 403 | tp->mtu_info = ntohl(info); |
| 404 | if (!sock_owned_by_user(sk)) | 404 | if (!sock_owned_by_user(sk)) |
| 405 | tcp_v6_mtu_reduced(sk); | 405 | tcp_v6_mtu_reduced(sk); |
| 406 | else | 406 | else if (!test_and_set_bit(TCP_MTU_REDUCED_DEFERRED, |
| 407 | set_bit(TCP_MTU_REDUCED_DEFERRED, &tp->tsq_flags); | 407 | &tp->tsq_flags)) |
| 408 | sock_hold(sk); | ||
| 408 | goto out; | 409 | goto out; |
| 409 | } | 410 | } |
| 410 | 411 | ||
diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c index 99d0077b56b8..07e2bfef6845 100644 --- a/net/ipv6/udp.c +++ b/net/ipv6/udp.c | |||
| @@ -394,6 +394,17 @@ try_again: | |||
| 394 | } | 394 | } |
| 395 | if (unlikely(err)) { | 395 | if (unlikely(err)) { |
| 396 | trace_kfree_skb(skb, udpv6_recvmsg); | 396 | trace_kfree_skb(skb, udpv6_recvmsg); |
| 397 | if (!peeked) { | ||
| 398 | atomic_inc(&sk->sk_drops); | ||
| 399 | if (is_udp4) | ||
| 400 | UDP_INC_STATS_USER(sock_net(sk), | ||
| 401 | UDP_MIB_INERRORS, | ||
| 402 | is_udplite); | ||
| 403 | else | ||
| 404 | UDP6_INC_STATS_USER(sock_net(sk), | ||
| 405 | UDP_MIB_INERRORS, | ||
| 406 | is_udplite); | ||
| 407 | } | ||
| 397 | goto out_free; | 408 | goto out_free; |
| 398 | } | 409 | } |
| 399 | if (!peeked) { | 410 | if (!peeked) { |
diff --git a/net/l2tp/l2tp_core.c b/net/l2tp/l2tp_core.c index 513cab08a986..1a9f3723c13c 100644 --- a/net/l2tp/l2tp_core.c +++ b/net/l2tp/l2tp_core.c | |||
| @@ -1501,6 +1501,8 @@ out: | |||
| 1501 | return err; | 1501 | return err; |
| 1502 | } | 1502 | } |
| 1503 | 1503 | ||
| 1504 | static struct lock_class_key l2tp_socket_class; | ||
| 1505 | |||
| 1504 | int l2tp_tunnel_create(struct net *net, int fd, int version, u32 tunnel_id, u32 peer_tunnel_id, struct l2tp_tunnel_cfg *cfg, struct l2tp_tunnel **tunnelp) | 1506 | int l2tp_tunnel_create(struct net *net, int fd, int version, u32 tunnel_id, u32 peer_tunnel_id, struct l2tp_tunnel_cfg *cfg, struct l2tp_tunnel **tunnelp) |
| 1505 | { | 1507 | { |
| 1506 | struct l2tp_tunnel *tunnel = NULL; | 1508 | struct l2tp_tunnel *tunnel = NULL; |
| @@ -1605,6 +1607,8 @@ int l2tp_tunnel_create(struct net *net, int fd, int version, u32 tunnel_id, u32 | |||
| 1605 | tunnel->old_sk_destruct = sk->sk_destruct; | 1607 | tunnel->old_sk_destruct = sk->sk_destruct; |
| 1606 | sk->sk_destruct = &l2tp_tunnel_destruct; | 1608 | sk->sk_destruct = &l2tp_tunnel_destruct; |
| 1607 | tunnel->sock = sk; | 1609 | tunnel->sock = sk; |
| 1610 | lockdep_set_class_and_name(&sk->sk_lock.slock, &l2tp_socket_class, "l2tp_sock"); | ||
| 1611 | |||
| 1608 | sk->sk_allocation = GFP_ATOMIC; | 1612 | sk->sk_allocation = GFP_ATOMIC; |
| 1609 | 1613 | ||
| 1610 | /* Add tunnel to our list */ | 1614 | /* Add tunnel to our list */ |
diff --git a/net/l2tp/l2tp_eth.c b/net/l2tp/l2tp_eth.c index f9ee74deeac2..3bfb34aaee29 100644 --- a/net/l2tp/l2tp_eth.c +++ b/net/l2tp/l2tp_eth.c | |||
| @@ -153,7 +153,7 @@ static void l2tp_eth_dev_recv(struct l2tp_session *session, struct sk_buff *skb, | |||
| 153 | print_hex_dump_bytes("", DUMP_PREFIX_OFFSET, skb->data, length); | 153 | print_hex_dump_bytes("", DUMP_PREFIX_OFFSET, skb->data, length); |
| 154 | } | 154 | } |
| 155 | 155 | ||
| 156 | if (!pskb_may_pull(skb, sizeof(ETH_HLEN))) | 156 | if (!pskb_may_pull(skb, ETH_HLEN)) |
| 157 | goto error; | 157 | goto error; |
| 158 | 158 | ||
| 159 | secpath_reset(skb); | 159 | secpath_reset(skb); |
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c index d41974aacf51..a58c0b649ba1 100644 --- a/net/mac80211/cfg.c +++ b/net/mac80211/cfg.c | |||
| @@ -1378,6 +1378,8 @@ static void mpath_set_pinfo(struct mesh_path *mpath, u8 *next_hop, | |||
| 1378 | else | 1378 | else |
| 1379 | memset(next_hop, 0, ETH_ALEN); | 1379 | memset(next_hop, 0, ETH_ALEN); |
| 1380 | 1380 | ||
| 1381 | memset(pinfo, 0, sizeof(*pinfo)); | ||
| 1382 | |||
| 1381 | pinfo->generation = mesh_paths_generation; | 1383 | pinfo->generation = mesh_paths_generation; |
| 1382 | 1384 | ||
| 1383 | pinfo->filled = MPATH_INFO_FRAME_QLEN | | 1385 | pinfo->filled = MPATH_INFO_FRAME_QLEN | |
| @@ -1396,7 +1398,6 @@ static void mpath_set_pinfo(struct mesh_path *mpath, u8 *next_hop, | |||
| 1396 | pinfo->discovery_timeout = | 1398 | pinfo->discovery_timeout = |
| 1397 | jiffies_to_msecs(mpath->discovery_timeout); | 1399 | jiffies_to_msecs(mpath->discovery_timeout); |
| 1398 | pinfo->discovery_retries = mpath->discovery_retries; | 1400 | pinfo->discovery_retries = mpath->discovery_retries; |
| 1399 | pinfo->flags = 0; | ||
| 1400 | if (mpath->flags & MESH_PATH_ACTIVE) | 1401 | if (mpath->flags & MESH_PATH_ACTIVE) |
| 1401 | pinfo->flags |= NL80211_MPATH_FLAG_ACTIVE; | 1402 | pinfo->flags |= NL80211_MPATH_FLAG_ACTIVE; |
| 1402 | if (mpath->flags & MESH_PATH_RESOLVING) | 1403 | if (mpath->flags & MESH_PATH_RESOLVING) |
| @@ -1405,10 +1406,8 @@ static void mpath_set_pinfo(struct mesh_path *mpath, u8 *next_hop, | |||
| 1405 | pinfo->flags |= NL80211_MPATH_FLAG_SN_VALID; | 1406 | pinfo->flags |= NL80211_MPATH_FLAG_SN_VALID; |
| 1406 | if (mpath->flags & MESH_PATH_FIXED) | 1407 | if (mpath->flags & MESH_PATH_FIXED) |
| 1407 | pinfo->flags |= NL80211_MPATH_FLAG_FIXED; | 1408 | pinfo->flags |= NL80211_MPATH_FLAG_FIXED; |
| 1408 | if (mpath->flags & MESH_PATH_RESOLVING) | 1409 | if (mpath->flags & MESH_PATH_RESOLVED) |
| 1409 | pinfo->flags |= NL80211_MPATH_FLAG_RESOLVING; | 1410 | pinfo->flags |= NL80211_MPATH_FLAG_RESOLVED; |
| 1410 | |||
| 1411 | pinfo->flags = mpath->flags; | ||
| 1412 | } | 1411 | } |
| 1413 | 1412 | ||
| 1414 | static int ieee80211_get_mpath(struct wiphy *wiphy, struct net_device *dev, | 1413 | static int ieee80211_get_mpath(struct wiphy *wiphy, struct net_device *dev, |
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c index a4a5acdbaa4d..f76b83341cf9 100644 --- a/net/mac80211/mlme.c +++ b/net/mac80211/mlme.c | |||
| @@ -3248,6 +3248,8 @@ int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata, | |||
| 3248 | goto out_unlock; | 3248 | goto out_unlock; |
| 3249 | 3249 | ||
| 3250 | err_clear: | 3250 | err_clear: |
| 3251 | memset(ifmgd->bssid, 0, ETH_ALEN); | ||
| 3252 | ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); | ||
| 3251 | ifmgd->auth_data = NULL; | 3253 | ifmgd->auth_data = NULL; |
| 3252 | err_free: | 3254 | err_free: |
| 3253 | kfree(auth_data); | 3255 | kfree(auth_data); |
| @@ -3439,6 +3441,8 @@ int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata, | |||
| 3439 | err = 0; | 3441 | err = 0; |
| 3440 | goto out; | 3442 | goto out; |
| 3441 | err_clear: | 3443 | err_clear: |
| 3444 | memset(ifmgd->bssid, 0, ETH_ALEN); | ||
| 3445 | ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); | ||
| 3442 | ifmgd->assoc_data = NULL; | 3446 | ifmgd->assoc_data = NULL; |
| 3443 | err_free: | 3447 | err_free: |
| 3444 | kfree(assoc_data); | 3448 | kfree(assoc_data); |
diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c index a5ac11ebef33..e046b3756aab 100644 --- a/net/netfilter/nf_conntrack_proto_tcp.c +++ b/net/netfilter/nf_conntrack_proto_tcp.c | |||
| @@ -158,21 +158,18 @@ static const u8 tcp_conntracks[2][6][TCP_CONNTRACK_MAX] = { | |||
| 158 | * sCL -> sSS | 158 | * sCL -> sSS |
| 159 | */ | 159 | */ |
| 160 | /* sNO, sSS, sSR, sES, sFW, sCW, sLA, sTW, sCL, sS2 */ | 160 | /* sNO, sSS, sSR, sES, sFW, sCW, sLA, sTW, sCL, sS2 */ |
| 161 | /*synack*/ { sIV, sIV, sIG, sIG, sIG, sIG, sIG, sIG, sIG, sSR }, | 161 | /*synack*/ { sIV, sIV, sSR, sIV, sIV, sIV, sIV, sIV, sIV, sSR }, |
| 162 | /* | 162 | /* |
| 163 | * sNO -> sIV Too late and no reason to do anything | 163 | * sNO -> sIV Too late and no reason to do anything |
| 164 | * sSS -> sIV Client can't send SYN and then SYN/ACK | 164 | * sSS -> sIV Client can't send SYN and then SYN/ACK |
| 165 | * sS2 -> sSR SYN/ACK sent to SYN2 in simultaneous open | 165 | * sS2 -> sSR SYN/ACK sent to SYN2 in simultaneous open |
| 166 | * sSR -> sIG | 166 | * sSR -> sSR Late retransmitted SYN/ACK in simultaneous open |
| 167 | * sES -> sIG Error: SYNs in window outside the SYN_SENT state | 167 | * sES -> sIV Invalid SYN/ACK packets sent by the client |
| 168 | * are errors. Receiver will reply with RST | 168 | * sFW -> sIV |
| 169 | * and close the connection. | 169 | * sCW -> sIV |
| 170 | * Or we are not in sync and hold a dead connection. | 170 | * sLA -> sIV |
| 171 | * sFW -> sIG | 171 | * sTW -> sIV |
| 172 | * sCW -> sIG | 172 | * sCL -> sIV |
| 173 | * sLA -> sIG | ||
| 174 | * sTW -> sIG | ||
| 175 | * sCL -> sIG | ||
| 176 | */ | 173 | */ |
| 177 | /* sNO, sSS, sSR, sES, sFW, sCW, sLA, sTW, sCL, sS2 */ | 174 | /* sNO, sSS, sSR, sES, sFW, sCW, sLA, sTW, sCL, sS2 */ |
| 178 | /*fin*/ { sIV, sIV, sFW, sFW, sLA, sLA, sLA, sTW, sCL, sIV }, | 175 | /*fin*/ { sIV, sIV, sFW, sFW, sLA, sLA, sLA, sTW, sCL, sIV }, |
| @@ -633,15 +630,9 @@ static bool tcp_in_window(const struct nf_conn *ct, | |||
| 633 | ack = sack = receiver->td_end; | 630 | ack = sack = receiver->td_end; |
| 634 | } | 631 | } |
| 635 | 632 | ||
| 636 | if (seq == end | 633 | if (tcph->rst && seq == 0 && state->state == TCP_CONNTRACK_SYN_SENT) |
| 637 | && (!tcph->rst | ||
| 638 | || (seq == 0 && state->state == TCP_CONNTRACK_SYN_SENT))) | ||
| 639 | /* | 634 | /* |
| 640 | * Packets contains no data: we assume it is valid | 635 | * RST sent answering SYN. |
| 641 | * and check the ack value only. | ||
| 642 | * However RST segments are always validated by their | ||
| 643 | * SEQ number, except when seq == 0 (reset sent answering | ||
| 644 | * SYN. | ||
| 645 | */ | 636 | */ |
| 646 | seq = end = sender->td_end; | 637 | seq = end = sender->td_end; |
| 647 | 638 | ||
diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c index 14e2f3903142..5cfb5bedb2b8 100644 --- a/net/netfilter/nfnetlink_log.c +++ b/net/netfilter/nfnetlink_log.c | |||
| @@ -381,6 +381,7 @@ __build_packet_message(struct nfulnl_instance *inst, | |||
| 381 | struct nlmsghdr *nlh; | 381 | struct nlmsghdr *nlh; |
| 382 | struct nfgenmsg *nfmsg; | 382 | struct nfgenmsg *nfmsg; |
| 383 | sk_buff_data_t old_tail = inst->skb->tail; | 383 | sk_buff_data_t old_tail = inst->skb->tail; |
| 384 | struct sock *sk; | ||
| 384 | 385 | ||
| 385 | nlh = nlmsg_put(inst->skb, 0, 0, | 386 | nlh = nlmsg_put(inst->skb, 0, 0, |
| 386 | NFNL_SUBSYS_ULOG << 8 | NFULNL_MSG_PACKET, | 387 | NFNL_SUBSYS_ULOG << 8 | NFULNL_MSG_PACKET, |
| @@ -499,18 +500,19 @@ __build_packet_message(struct nfulnl_instance *inst, | |||
| 499 | } | 500 | } |
| 500 | 501 | ||
| 501 | /* UID */ | 502 | /* UID */ |
| 502 | if (skb->sk) { | 503 | sk = skb->sk; |
| 503 | read_lock_bh(&skb->sk->sk_callback_lock); | 504 | if (sk && sk->sk_state != TCP_TIME_WAIT) { |
| 504 | if (skb->sk->sk_socket && skb->sk->sk_socket->file) { | 505 | read_lock_bh(&sk->sk_callback_lock); |
| 505 | struct file *file = skb->sk->sk_socket->file; | 506 | if (sk->sk_socket && sk->sk_socket->file) { |
| 507 | struct file *file = sk->sk_socket->file; | ||
| 506 | __be32 uid = htonl(file->f_cred->fsuid); | 508 | __be32 uid = htonl(file->f_cred->fsuid); |
| 507 | __be32 gid = htonl(file->f_cred->fsgid); | 509 | __be32 gid = htonl(file->f_cred->fsgid); |
| 508 | read_unlock_bh(&skb->sk->sk_callback_lock); | 510 | read_unlock_bh(&sk->sk_callback_lock); |
| 509 | if (nla_put_be32(inst->skb, NFULA_UID, uid) || | 511 | if (nla_put_be32(inst->skb, NFULA_UID, uid) || |
| 510 | nla_put_be32(inst->skb, NFULA_GID, gid)) | 512 | nla_put_be32(inst->skb, NFULA_GID, gid)) |
| 511 | goto nla_put_failure; | 513 | goto nla_put_failure; |
| 512 | } else | 514 | } else |
| 513 | read_unlock_bh(&skb->sk->sk_callback_lock); | 515 | read_unlock_bh(&sk->sk_callback_lock); |
| 514 | } | 516 | } |
| 515 | 517 | ||
| 516 | /* local sequence number */ | 518 | /* local sequence number */ |
diff --git a/net/netfilter/xt_LOG.c b/net/netfilter/xt_LOG.c index ff5f75fddb15..91e9af4d1f42 100644 --- a/net/netfilter/xt_LOG.c +++ b/net/netfilter/xt_LOG.c | |||
| @@ -145,6 +145,19 @@ static int dump_tcp_header(struct sbuff *m, const struct sk_buff *skb, | |||
| 145 | return 0; | 145 | return 0; |
| 146 | } | 146 | } |
| 147 | 147 | ||
| 148 | static void dump_sk_uid_gid(struct sbuff *m, struct sock *sk) | ||
| 149 | { | ||
| 150 | if (!sk || sk->sk_state == TCP_TIME_WAIT) | ||
| 151 | return; | ||
| 152 | |||
| 153 | read_lock_bh(&sk->sk_callback_lock); | ||
| 154 | if (sk->sk_socket && sk->sk_socket->file) | ||
| 155 | sb_add(m, "UID=%u GID=%u ", | ||
| 156 | sk->sk_socket->file->f_cred->fsuid, | ||
| 157 | sk->sk_socket->file->f_cred->fsgid); | ||
| 158 | read_unlock_bh(&sk->sk_callback_lock); | ||
| 159 | } | ||
| 160 | |||
| 148 | /* One level of recursion won't kill us */ | 161 | /* One level of recursion won't kill us */ |
| 149 | static void dump_ipv4_packet(struct sbuff *m, | 162 | static void dump_ipv4_packet(struct sbuff *m, |
| 150 | const struct nf_loginfo *info, | 163 | const struct nf_loginfo *info, |
| @@ -361,14 +374,8 @@ static void dump_ipv4_packet(struct sbuff *m, | |||
| 361 | } | 374 | } |
| 362 | 375 | ||
| 363 | /* Max length: 15 "UID=4294967295 " */ | 376 | /* Max length: 15 "UID=4294967295 " */ |
| 364 | if ((logflags & XT_LOG_UID) && !iphoff && skb->sk) { | 377 | if ((logflags & XT_LOG_UID) && !iphoff) |
| 365 | read_lock_bh(&skb->sk->sk_callback_lock); | 378 | dump_sk_uid_gid(m, skb->sk); |
| 366 | if (skb->sk->sk_socket && skb->sk->sk_socket->file) | ||
| 367 | sb_add(m, "UID=%u GID=%u ", | ||
| 368 | skb->sk->sk_socket->file->f_cred->fsuid, | ||
| 369 | skb->sk->sk_socket->file->f_cred->fsgid); | ||
| 370 | read_unlock_bh(&skb->sk->sk_callback_lock); | ||
| 371 | } | ||
| 372 | 379 | ||
| 373 | /* Max length: 16 "MARK=0xFFFFFFFF " */ | 380 | /* Max length: 16 "MARK=0xFFFFFFFF " */ |
| 374 | if (!iphoff && skb->mark) | 381 | if (!iphoff && skb->mark) |
| @@ -436,8 +443,8 @@ log_packet_common(struct sbuff *m, | |||
| 436 | const struct nf_loginfo *loginfo, | 443 | const struct nf_loginfo *loginfo, |
| 437 | const char *prefix) | 444 | const char *prefix) |
| 438 | { | 445 | { |
| 439 | sb_add(m, "<%d>%sIN=%s OUT=%s ", loginfo->u.log.level, | 446 | sb_add(m, KERN_SOH "%c%sIN=%s OUT=%s ", |
| 440 | prefix, | 447 | '0' + loginfo->u.log.level, prefix, |
| 441 | in ? in->name : "", | 448 | in ? in->name : "", |
| 442 | out ? out->name : ""); | 449 | out ? out->name : ""); |
| 443 | #ifdef CONFIG_BRIDGE_NETFILTER | 450 | #ifdef CONFIG_BRIDGE_NETFILTER |
| @@ -717,14 +724,8 @@ static void dump_ipv6_packet(struct sbuff *m, | |||
| 717 | } | 724 | } |
| 718 | 725 | ||
| 719 | /* Max length: 15 "UID=4294967295 " */ | 726 | /* Max length: 15 "UID=4294967295 " */ |
| 720 | if ((logflags & XT_LOG_UID) && recurse && skb->sk) { | 727 | if ((logflags & XT_LOG_UID) && recurse) |
| 721 | read_lock_bh(&skb->sk->sk_callback_lock); | 728 | dump_sk_uid_gid(m, skb->sk); |
| 722 | if (skb->sk->sk_socket && skb->sk->sk_socket->file) | ||
| 723 | sb_add(m, "UID=%u GID=%u ", | ||
| 724 | skb->sk->sk_socket->file->f_cred->fsuid, | ||
| 725 | skb->sk->sk_socket->file->f_cred->fsgid); | ||
| 726 | read_unlock_bh(&skb->sk->sk_callback_lock); | ||
| 727 | } | ||
| 728 | 729 | ||
| 729 | /* Max length: 16 "MARK=0xFFFFFFFF " */ | 730 | /* Max length: 16 "MARK=0xFFFFFFFF " */ |
| 730 | if (!recurse && skb->mark) | 731 | if (!recurse && skb->mark) |
diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c index 06592d8b4a2b..1b9024ee963c 100644 --- a/net/netrom/af_netrom.c +++ b/net/netrom/af_netrom.c | |||
| @@ -1169,7 +1169,12 @@ static int nr_recvmsg(struct kiocb *iocb, struct socket *sock, | |||
| 1169 | msg->msg_flags |= MSG_TRUNC; | 1169 | msg->msg_flags |= MSG_TRUNC; |
| 1170 | } | 1170 | } |
| 1171 | 1171 | ||
| 1172 | skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); | 1172 | er = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); |
| 1173 | if (er < 0) { | ||
| 1174 | skb_free_datagram(sk, skb); | ||
| 1175 | release_sock(sk); | ||
| 1176 | return er; | ||
| 1177 | } | ||
| 1173 | 1178 | ||
| 1174 | if (sax != NULL) { | 1179 | if (sax != NULL) { |
| 1175 | sax->sax25_family = AF_NETROM; | 1180 | sax->sax25_family = AF_NETROM; |
diff --git a/net/openvswitch/actions.c b/net/openvswitch/actions.c index f3f96badf5aa..954405ceae9e 100644 --- a/net/openvswitch/actions.c +++ b/net/openvswitch/actions.c | |||
| @@ -45,7 +45,7 @@ static int make_writable(struct sk_buff *skb, int write_len) | |||
| 45 | return pskb_expand_head(skb, 0, 0, GFP_ATOMIC); | 45 | return pskb_expand_head(skb, 0, 0, GFP_ATOMIC); |
| 46 | } | 46 | } |
| 47 | 47 | ||
| 48 | /* remove VLAN header from packet and update csum accrodingly. */ | 48 | /* remove VLAN header from packet and update csum accordingly. */ |
| 49 | static int __pop_vlan_tci(struct sk_buff *skb, __be16 *current_tci) | 49 | static int __pop_vlan_tci(struct sk_buff *skb, __be16 *current_tci) |
| 50 | { | 50 | { |
| 51 | struct vlan_hdr *vhdr; | 51 | struct vlan_hdr *vhdr; |
diff --git a/net/openvswitch/datapath.c b/net/openvswitch/datapath.c index d8277d29e710..cf58cedad083 100644 --- a/net/openvswitch/datapath.c +++ b/net/openvswitch/datapath.c | |||
| @@ -425,10 +425,10 @@ static int validate_sample(const struct nlattr *attr, | |||
| 425 | static int validate_tp_port(const struct sw_flow_key *flow_key) | 425 | static int validate_tp_port(const struct sw_flow_key *flow_key) |
| 426 | { | 426 | { |
| 427 | if (flow_key->eth.type == htons(ETH_P_IP)) { | 427 | if (flow_key->eth.type == htons(ETH_P_IP)) { |
| 428 | if (flow_key->ipv4.tp.src && flow_key->ipv4.tp.dst) | 428 | if (flow_key->ipv4.tp.src || flow_key->ipv4.tp.dst) |
| 429 | return 0; | 429 | return 0; |
| 430 | } else if (flow_key->eth.type == htons(ETH_P_IPV6)) { | 430 | } else if (flow_key->eth.type == htons(ETH_P_IPV6)) { |
| 431 | if (flow_key->ipv6.tp.src && flow_key->ipv6.tp.dst) | 431 | if (flow_key->ipv6.tp.src || flow_key->ipv6.tp.dst) |
| 432 | return 0; | 432 | return 0; |
| 433 | } | 433 | } |
| 434 | 434 | ||
| @@ -460,7 +460,7 @@ static int validate_set(const struct nlattr *a, | |||
| 460 | if (flow_key->eth.type != htons(ETH_P_IP)) | 460 | if (flow_key->eth.type != htons(ETH_P_IP)) |
| 461 | return -EINVAL; | 461 | return -EINVAL; |
| 462 | 462 | ||
| 463 | if (!flow_key->ipv4.addr.src || !flow_key->ipv4.addr.dst) | 463 | if (!flow_key->ip.proto) |
| 464 | return -EINVAL; | 464 | return -EINVAL; |
| 465 | 465 | ||
| 466 | ipv4_key = nla_data(ovs_key); | 466 | ipv4_key = nla_data(ovs_key); |
diff --git a/net/openvswitch/flow.h b/net/openvswitch/flow.h index 9b75617ca4e0..c30df1a10c67 100644 --- a/net/openvswitch/flow.h +++ b/net/openvswitch/flow.h | |||
| @@ -145,15 +145,17 @@ u64 ovs_flow_used_time(unsigned long flow_jiffies); | |||
| 145 | * OVS_KEY_ATTR_PRIORITY 4 -- 4 8 | 145 | * OVS_KEY_ATTR_PRIORITY 4 -- 4 8 |
| 146 | * OVS_KEY_ATTR_IN_PORT 4 -- 4 8 | 146 | * OVS_KEY_ATTR_IN_PORT 4 -- 4 8 |
| 147 | * OVS_KEY_ATTR_ETHERNET 12 -- 4 16 | 147 | * OVS_KEY_ATTR_ETHERNET 12 -- 4 16 |
| 148 | * OVS_KEY_ATTR_ETHERTYPE 2 2 4 8 (outer VLAN ethertype) | ||
| 148 | * OVS_KEY_ATTR_8021Q 4 -- 4 8 | 149 | * OVS_KEY_ATTR_8021Q 4 -- 4 8 |
| 149 | * OVS_KEY_ATTR_ETHERTYPE 2 2 4 8 | 150 | * OVS_KEY_ATTR_ENCAP 0 -- 4 4 (VLAN encapsulation) |
| 151 | * OVS_KEY_ATTR_ETHERTYPE 2 2 4 8 (inner VLAN ethertype) | ||
| 150 | * OVS_KEY_ATTR_IPV6 40 -- 4 44 | 152 | * OVS_KEY_ATTR_IPV6 40 -- 4 44 |
| 151 | * OVS_KEY_ATTR_ICMPV6 2 2 4 8 | 153 | * OVS_KEY_ATTR_ICMPV6 2 2 4 8 |
| 152 | * OVS_KEY_ATTR_ND 28 -- 4 32 | 154 | * OVS_KEY_ATTR_ND 28 -- 4 32 |
| 153 | * ------------------------------------------------- | 155 | * ------------------------------------------------- |
| 154 | * total 132 | 156 | * total 144 |
| 155 | */ | 157 | */ |
| 156 | #define FLOW_BUFSIZE 132 | 158 | #define FLOW_BUFSIZE 144 |
| 157 | 159 | ||
| 158 | int ovs_flow_to_nlattrs(const struct sw_flow_key *, struct sk_buff *); | 160 | int ovs_flow_to_nlattrs(const struct sw_flow_key *, struct sk_buff *); |
| 159 | int ovs_flow_from_nlattrs(struct sw_flow_key *swkey, int *key_lenp, | 161 | int ovs_flow_from_nlattrs(struct sw_flow_key *swkey, int *key_lenp, |
diff --git a/net/sched/sch_cbq.c b/net/sched/sch_cbq.c index 6aabd77d1cfd..564b9fc8efd3 100644 --- a/net/sched/sch_cbq.c +++ b/net/sched/sch_cbq.c | |||
| @@ -250,10 +250,11 @@ cbq_classify(struct sk_buff *skb, struct Qdisc *sch, int *qerr) | |||
| 250 | else if ((cl = defmap[res.classid & TC_PRIO_MAX]) == NULL) | 250 | else if ((cl = defmap[res.classid & TC_PRIO_MAX]) == NULL) |
| 251 | cl = defmap[TC_PRIO_BESTEFFORT]; | 251 | cl = defmap[TC_PRIO_BESTEFFORT]; |
| 252 | 252 | ||
| 253 | if (cl == NULL || cl->level >= head->level) | 253 | if (cl == NULL) |
| 254 | goto fallback; | 254 | goto fallback; |
| 255 | } | 255 | } |
| 256 | 256 | if (cl->level >= head->level) | |
| 257 | goto fallback; | ||
| 257 | #ifdef CONFIG_NET_CLS_ACT | 258 | #ifdef CONFIG_NET_CLS_ACT |
| 258 | switch (result) { | 259 | switch (result) { |
| 259 | case TC_ACT_QUEUED: | 260 | case TC_ACT_QUEUED: |
diff --git a/net/sched/sch_fq_codel.c b/net/sched/sch_fq_codel.c index 9fc1c62ec80e..4e606fcb2534 100644 --- a/net/sched/sch_fq_codel.c +++ b/net/sched/sch_fq_codel.c | |||
| @@ -191,7 +191,6 @@ static int fq_codel_enqueue(struct sk_buff *skb, struct Qdisc *sch) | |||
| 191 | 191 | ||
| 192 | if (list_empty(&flow->flowchain)) { | 192 | if (list_empty(&flow->flowchain)) { |
| 193 | list_add_tail(&flow->flowchain, &q->new_flows); | 193 | list_add_tail(&flow->flowchain, &q->new_flows); |
| 194 | codel_vars_init(&flow->cvars); | ||
| 195 | q->new_flow_count++; | 194 | q->new_flow_count++; |
| 196 | flow->deficit = q->quantum; | 195 | flow->deficit = q->quantum; |
| 197 | flow->dropped = 0; | 196 | flow->dropped = 0; |
| @@ -418,6 +417,7 @@ static int fq_codel_init(struct Qdisc *sch, struct nlattr *opt) | |||
| 418 | struct fq_codel_flow *flow = q->flows + i; | 417 | struct fq_codel_flow *flow = q->flows + i; |
| 419 | 418 | ||
| 420 | INIT_LIST_HEAD(&flow->flowchain); | 419 | INIT_LIST_HEAD(&flow->flowchain); |
| 420 | codel_vars_init(&flow->cvars); | ||
| 421 | } | 421 | } |
| 422 | } | 422 | } |
| 423 | if (sch->limit >= 1) | 423 | if (sch->limit >= 1) |
diff --git a/net/sched/sch_gred.c b/net/sched/sch_gred.c index e901583e4ea5..d42234c0f13b 100644 --- a/net/sched/sch_gred.c +++ b/net/sched/sch_gred.c | |||
| @@ -102,9 +102,8 @@ static inline int gred_wred_mode_check(struct Qdisc *sch) | |||
| 102 | if (q == NULL) | 102 | if (q == NULL) |
| 103 | continue; | 103 | continue; |
| 104 | 104 | ||
| 105 | for (n = 0; n < table->DPs; n++) | 105 | for (n = i + 1; n < table->DPs; n++) |
| 106 | if (table->tab[n] && table->tab[n] != q && | 106 | if (table->tab[n] && table->tab[n]->prio == q->prio) |
| 107 | table->tab[n]->prio == q->prio) | ||
| 108 | return 1; | 107 | return 1; |
| 109 | } | 108 | } |
| 110 | 109 | ||
| @@ -137,6 +136,7 @@ static inline void gred_store_wred_set(struct gred_sched *table, | |||
| 137 | struct gred_sched_data *q) | 136 | struct gred_sched_data *q) |
| 138 | { | 137 | { |
| 139 | table->wred_set.qavg = q->vars.qavg; | 138 | table->wred_set.qavg = q->vars.qavg; |
| 139 | table->wred_set.qidlestart = q->vars.qidlestart; | ||
| 140 | } | 140 | } |
| 141 | 141 | ||
| 142 | static inline int gred_use_ecn(struct gred_sched *t) | 142 | static inline int gred_use_ecn(struct gred_sched *t) |
| @@ -176,7 +176,7 @@ static int gred_enqueue(struct sk_buff *skb, struct Qdisc *sch) | |||
| 176 | skb->tc_index = (skb->tc_index & ~GRED_VQ_MASK) | dp; | 176 | skb->tc_index = (skb->tc_index & ~GRED_VQ_MASK) | dp; |
| 177 | } | 177 | } |
| 178 | 178 | ||
| 179 | /* sum up all the qaves of prios <= to ours to get the new qave */ | 179 | /* sum up all the qaves of prios < ours to get the new qave */ |
| 180 | if (!gred_wred_mode(t) && gred_rio_mode(t)) { | 180 | if (!gred_wred_mode(t) && gred_rio_mode(t)) { |
| 181 | int i; | 181 | int i; |
| 182 | 182 | ||
| @@ -260,16 +260,18 @@ static struct sk_buff *gred_dequeue(struct Qdisc *sch) | |||
| 260 | } else { | 260 | } else { |
| 261 | q->backlog -= qdisc_pkt_len(skb); | 261 | q->backlog -= qdisc_pkt_len(skb); |
| 262 | 262 | ||
| 263 | if (!q->backlog && !gred_wred_mode(t)) | 263 | if (gred_wred_mode(t)) { |
| 264 | red_start_of_idle_period(&q->vars); | 264 | if (!sch->qstats.backlog) |
| 265 | red_start_of_idle_period(&t->wred_set); | ||
| 266 | } else { | ||
| 267 | if (!q->backlog) | ||
| 268 | red_start_of_idle_period(&q->vars); | ||
| 269 | } | ||
| 265 | } | 270 | } |
| 266 | 271 | ||
| 267 | return skb; | 272 | return skb; |
| 268 | } | 273 | } |
| 269 | 274 | ||
| 270 | if (gred_wred_mode(t) && !red_is_idling(&t->wred_set)) | ||
| 271 | red_start_of_idle_period(&t->wred_set); | ||
| 272 | |||
| 273 | return NULL; | 275 | return NULL; |
| 274 | } | 276 | } |
| 275 | 277 | ||
| @@ -291,19 +293,20 @@ static unsigned int gred_drop(struct Qdisc *sch) | |||
| 291 | q->backlog -= len; | 293 | q->backlog -= len; |
| 292 | q->stats.other++; | 294 | q->stats.other++; |
| 293 | 295 | ||
| 294 | if (!q->backlog && !gred_wred_mode(t)) | 296 | if (gred_wred_mode(t)) { |
| 295 | red_start_of_idle_period(&q->vars); | 297 | if (!sch->qstats.backlog) |
| 298 | red_start_of_idle_period(&t->wred_set); | ||
| 299 | } else { | ||
| 300 | if (!q->backlog) | ||
| 301 | red_start_of_idle_period(&q->vars); | ||
| 302 | } | ||
| 296 | } | 303 | } |
| 297 | 304 | ||
| 298 | qdisc_drop(skb, sch); | 305 | qdisc_drop(skb, sch); |
| 299 | return len; | 306 | return len; |
| 300 | } | 307 | } |
| 301 | 308 | ||
| 302 | if (gred_wred_mode(t) && !red_is_idling(&t->wred_set)) | ||
| 303 | red_start_of_idle_period(&t->wred_set); | ||
| 304 | |||
| 305 | return 0; | 309 | return 0; |
| 306 | |||
| 307 | } | 310 | } |
| 308 | 311 | ||
| 309 | static void gred_reset(struct Qdisc *sch) | 312 | static void gred_reset(struct Qdisc *sch) |
| @@ -535,6 +538,7 @@ static int gred_dump(struct Qdisc *sch, struct sk_buff *skb) | |||
| 535 | for (i = 0; i < MAX_DPs; i++) { | 538 | for (i = 0; i < MAX_DPs; i++) { |
| 536 | struct gred_sched_data *q = table->tab[i]; | 539 | struct gred_sched_data *q = table->tab[i]; |
| 537 | struct tc_gred_qopt opt; | 540 | struct tc_gred_qopt opt; |
| 541 | unsigned long qavg; | ||
| 538 | 542 | ||
| 539 | memset(&opt, 0, sizeof(opt)); | 543 | memset(&opt, 0, sizeof(opt)); |
| 540 | 544 | ||
| @@ -566,7 +570,9 @@ static int gred_dump(struct Qdisc *sch, struct sk_buff *skb) | |||
| 566 | if (gred_wred_mode(table)) | 570 | if (gred_wred_mode(table)) |
| 567 | gred_load_wred_set(table, q); | 571 | gred_load_wred_set(table, q); |
| 568 | 572 | ||
| 569 | opt.qave = red_calc_qavg(&q->parms, &q->vars, q->vars.qavg); | 573 | qavg = red_calc_qavg(&q->parms, &q->vars, |
| 574 | q->vars.qavg >> q->parms.Wlog); | ||
| 575 | opt.qave = qavg >> q->parms.Wlog; | ||
| 570 | 576 | ||
| 571 | append_opt: | 577 | append_opt: |
| 572 | if (nla_append(skb, sizeof(opt), &opt) < 0) | 578 | if (nla_append(skb, sizeof(opt), &opt) < 0) |
diff --git a/net/sctp/output.c b/net/sctp/output.c index 838e18b4d7ea..be50aa234dcd 100644 --- a/net/sctp/output.c +++ b/net/sctp/output.c | |||
| @@ -364,6 +364,25 @@ finish: | |||
| 364 | return retval; | 364 | return retval; |
| 365 | } | 365 | } |
| 366 | 366 | ||
| 367 | static void sctp_packet_release_owner(struct sk_buff *skb) | ||
| 368 | { | ||
| 369 | sk_free(skb->sk); | ||
| 370 | } | ||
| 371 | |||
| 372 | static void sctp_packet_set_owner_w(struct sk_buff *skb, struct sock *sk) | ||
| 373 | { | ||
| 374 | skb_orphan(skb); | ||
| 375 | skb->sk = sk; | ||
| 376 | skb->destructor = sctp_packet_release_owner; | ||
| 377 | |||
| 378 | /* | ||
| 379 | * The data chunks have already been accounted for in sctp_sendmsg(), | ||
| 380 | * therefore only reserve a single byte to keep socket around until | ||
| 381 | * the packet has been transmitted. | ||
| 382 | */ | ||
| 383 | atomic_inc(&sk->sk_wmem_alloc); | ||
| 384 | } | ||
| 385 | |||
| 367 | /* All packets are sent to the network through this function from | 386 | /* All packets are sent to the network through this function from |
| 368 | * sctp_outq_tail(). | 387 | * sctp_outq_tail(). |
| 369 | * | 388 | * |
| @@ -405,7 +424,7 @@ int sctp_packet_transmit(struct sctp_packet *packet) | |||
| 405 | /* Set the owning socket so that we know where to get the | 424 | /* Set the owning socket so that we know where to get the |
| 406 | * destination IP address. | 425 | * destination IP address. |
| 407 | */ | 426 | */ |
| 408 | skb_set_owner_w(nskb, sk); | 427 | sctp_packet_set_owner_w(nskb, sk); |
| 409 | 428 | ||
| 410 | if (!sctp_transport_dst_check(tp)) { | 429 | if (!sctp_transport_dst_check(tp)) { |
| 411 | sctp_transport_route(tp, NULL, sctp_sk(sk)); | 430 | sctp_transport_route(tp, NULL, sctp_sk(sk)); |
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index 97026f3b215a..1e37dbf00cb3 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c | |||
| @@ -5633,8 +5633,10 @@ static int nl80211_connect(struct sk_buff *skb, struct genl_info *info) | |||
| 5633 | sizeof(connect.ht_capa_mask)); | 5633 | sizeof(connect.ht_capa_mask)); |
| 5634 | 5634 | ||
| 5635 | if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) { | 5635 | if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) { |
| 5636 | if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) | 5636 | if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) { |
| 5637 | kfree(connkeys); | ||
| 5637 | return -EINVAL; | 5638 | return -EINVAL; |
| 5639 | } | ||
| 5638 | memcpy(&connect.ht_capa, | 5640 | memcpy(&connect.ht_capa, |
| 5639 | nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]), | 5641 | nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]), |
| 5640 | sizeof(connect.ht_capa)); | 5642 | sizeof(connect.ht_capa)); |
diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c index 54a0dc2e2f8d..ab2bb42fe094 100644 --- a/net/xfrm/xfrm_input.c +++ b/net/xfrm/xfrm_input.c | |||
| @@ -212,7 +212,7 @@ resume: | |||
| 212 | /* only the first xfrm gets the encap type */ | 212 | /* only the first xfrm gets the encap type */ |
| 213 | encap_type = 0; | 213 | encap_type = 0; |
| 214 | 214 | ||
| 215 | if (async && x->repl->check(x, skb, seq)) { | 215 | if (async && x->repl->recheck(x, skb, seq)) { |
| 216 | XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATESEQERROR); | 216 | XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATESEQERROR); |
| 217 | goto drop_unlock; | 217 | goto drop_unlock; |
| 218 | } | 218 | } |
diff --git a/net/xfrm/xfrm_replay.c b/net/xfrm/xfrm_replay.c index 2f6d11d04a2b..3efb07d3eb27 100644 --- a/net/xfrm/xfrm_replay.c +++ b/net/xfrm/xfrm_replay.c | |||
| @@ -420,6 +420,18 @@ err: | |||
| 420 | return -EINVAL; | 420 | return -EINVAL; |
| 421 | } | 421 | } |
| 422 | 422 | ||
| 423 | static int xfrm_replay_recheck_esn(struct xfrm_state *x, | ||
| 424 | struct sk_buff *skb, __be32 net_seq) | ||
| 425 | { | ||
| 426 | if (unlikely(XFRM_SKB_CB(skb)->seq.input.hi != | ||
| 427 | htonl(xfrm_replay_seqhi(x, net_seq)))) { | ||
| 428 | x->stats.replay_window++; | ||
| 429 | return -EINVAL; | ||
| 430 | } | ||
| 431 | |||
| 432 | return xfrm_replay_check_esn(x, skb, net_seq); | ||
| 433 | } | ||
| 434 | |||
| 423 | static void xfrm_replay_advance_esn(struct xfrm_state *x, __be32 net_seq) | 435 | static void xfrm_replay_advance_esn(struct xfrm_state *x, __be32 net_seq) |
| 424 | { | 436 | { |
| 425 | unsigned int bitnr, nr, i; | 437 | unsigned int bitnr, nr, i; |
| @@ -479,6 +491,7 @@ static void xfrm_replay_advance_esn(struct xfrm_state *x, __be32 net_seq) | |||
| 479 | static struct xfrm_replay xfrm_replay_legacy = { | 491 | static struct xfrm_replay xfrm_replay_legacy = { |
| 480 | .advance = xfrm_replay_advance, | 492 | .advance = xfrm_replay_advance, |
| 481 | .check = xfrm_replay_check, | 493 | .check = xfrm_replay_check, |
| 494 | .recheck = xfrm_replay_check, | ||
| 482 | .notify = xfrm_replay_notify, | 495 | .notify = xfrm_replay_notify, |
| 483 | .overflow = xfrm_replay_overflow, | 496 | .overflow = xfrm_replay_overflow, |
| 484 | }; | 497 | }; |
| @@ -486,6 +499,7 @@ static struct xfrm_replay xfrm_replay_legacy = { | |||
| 486 | static struct xfrm_replay xfrm_replay_bmp = { | 499 | static struct xfrm_replay xfrm_replay_bmp = { |
| 487 | .advance = xfrm_replay_advance_bmp, | 500 | .advance = xfrm_replay_advance_bmp, |
| 488 | .check = xfrm_replay_check_bmp, | 501 | .check = xfrm_replay_check_bmp, |
| 502 | .recheck = xfrm_replay_check_bmp, | ||
| 489 | .notify = xfrm_replay_notify_bmp, | 503 | .notify = xfrm_replay_notify_bmp, |
| 490 | .overflow = xfrm_replay_overflow_bmp, | 504 | .overflow = xfrm_replay_overflow_bmp, |
| 491 | }; | 505 | }; |
| @@ -493,6 +507,7 @@ static struct xfrm_replay xfrm_replay_bmp = { | |||
| 493 | static struct xfrm_replay xfrm_replay_esn = { | 507 | static struct xfrm_replay xfrm_replay_esn = { |
| 494 | .advance = xfrm_replay_advance_esn, | 508 | .advance = xfrm_replay_advance_esn, |
| 495 | .check = xfrm_replay_check_esn, | 509 | .check = xfrm_replay_check_esn, |
| 510 | .recheck = xfrm_replay_recheck_esn, | ||
| 496 | .notify = xfrm_replay_notify_bmp, | 511 | .notify = xfrm_replay_notify_bmp, |
| 497 | .overflow = xfrm_replay_overflow_esn, | 512 | .overflow = xfrm_replay_overflow_esn, |
| 498 | }; | 513 | }; |