aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
Diffstat (limited to 'net')
-rw-r--r--net/ax25/af_ax25.c93
-rw-r--r--net/ax25/ax25_addr.c9
-rw-r--r--net/ax25/ax25_ds_timer.c3
-rw-r--r--net/ax25/ax25_iface.c13
-rw-r--r--net/ax25/ax25_ip.c3
-rw-r--r--net/ax25/ax25_out.c3
-rw-r--r--net/ax25/ax25_route.c2
-rw-r--r--net/ax25/ax25_timer.c3
-rw-r--r--net/ax25/ax25_uid.c4
-rw-r--r--net/ax25/sysctl_net_ax25.c10
-rw-r--r--net/bridge/br_forward.c8
-rw-r--r--net/bridge/br_input.c1
-rw-r--r--net/bridge/netfilter/ebtables.c20
-rw-r--r--net/core/dev.c5
-rw-r--r--net/core/net-sysfs.c49
-rw-r--r--net/core/skbuff.c8
-rw-r--r--net/core/stream.c1
-rw-r--r--net/core/wireless.c8
-rw-r--r--net/dccp/proto.c13
-rw-r--r--net/decnet/dn_neigh.c5
-rw-r--r--net/ieee80211/softmac/Kconfig1
-rw-r--r--net/ieee80211/softmac/ieee80211softmac_assoc.c42
-rw-r--r--net/ieee80211/softmac/ieee80211softmac_auth.c16
-rw-r--r--net/ieee80211/softmac/ieee80211softmac_event.c40
-rw-r--r--net/ieee80211/softmac/ieee80211softmac_io.c18
-rw-r--r--net/ieee80211/softmac/ieee80211softmac_module.c6
-rw-r--r--net/ieee80211/softmac/ieee80211softmac_scan.c10
-rw-r--r--net/ieee80211/softmac/ieee80211softmac_wx.c37
-rw-r--r--net/ipv4/af_inet.c2
-rw-r--r--net/ipv4/ip_input.c2
-rw-r--r--net/ipv4/netfilter/Kconfig2
-rw-r--r--net/ipv4/netfilter/ip_conntrack_helper_h323.c2
-rw-r--r--net/ipv4/netfilter/ip_conntrack_helper_h323_asn1.c10
-rw-r--r--net/ipv4/netfilter/ip_conntrack_proto_sctp.c11
-rw-r--r--net/ipv4/netfilter/ip_nat_standalone.c2
-rw-r--r--net/ipv4/netfilter/ip_tables.c39
-rw-r--r--net/ipv4/tcp.c13
-rw-r--r--net/ipv4/tcp_highspeed.c2
-rw-r--r--net/ipv4/tcp_output.c12
-rw-r--r--net/ipv4/xfrm4_output.c2
-rw-r--r--net/ipv6/netfilter/ip6_tables.c13
-rw-r--r--net/ipv6/route.c5
-rw-r--r--net/llc/llc_input.c3
-rw-r--r--net/netfilter/nf_conntrack_core.c15
-rw-r--r--net/netfilter/nf_conntrack_l3proto_generic.c1
-rw-r--r--net/netfilter/nf_conntrack_proto_sctp.c11
-rw-r--r--net/netfilter/x_tables.c6
-rw-r--r--net/netlink/af_netlink.c3
-rw-r--r--net/netrom/af_netrom.c18
-rw-r--r--net/netrom/nr_dev.c1
-rw-r--r--net/rose/af_rose.c13
-rw-r--r--net/rose/rose_dev.c1
-rw-r--r--net/rose/rose_link.c6
-rw-r--r--net/rose/rose_route.c7
-rw-r--r--net/sched/act_ipt.c5
-rw-r--r--net/sched/sch_netem.c2
-rw-r--r--net/sctp/inqueue.c1
-rw-r--r--net/sctp/sm_statefuns.c59
-rw-r--r--net/sctp/sm_statetable.c10
-rw-r--r--net/sctp/ulpqueue.c27
-rw-r--r--net/socket.c3
-rw-r--r--net/x25/x25_timer.c4
-rw-r--r--net/xfrm/xfrm_policy.c16
-rw-r--r--net/xfrm/xfrm_state.c8
64 files changed, 480 insertions, 288 deletions
diff --git a/net/ax25/af_ax25.c b/net/ax25/af_ax25.c
index dbf9b47681f7..a2e0dd047e9f 100644
--- a/net/ax25/af_ax25.c
+++ b/net/ax25/af_ax25.c
@@ -228,6 +228,8 @@ ax25_cb *ax25_find_cb(ax25_address *src_addr, ax25_address *dest_addr,
228 return NULL; 228 return NULL;
229} 229}
230 230
231EXPORT_SYMBOL(ax25_find_cb);
232
231void ax25_send_to_raw(ax25_address *addr, struct sk_buff *skb, int proto) 233void ax25_send_to_raw(ax25_address *addr, struct sk_buff *skb, int proto)
232{ 234{
233 ax25_cb *s; 235 ax25_cb *s;
@@ -424,6 +426,26 @@ static int ax25_ctl_ioctl(const unsigned int cmd, void __user *arg)
424 return 0; 426 return 0;
425} 427}
426 428
429static void ax25_fillin_cb_from_dev(ax25_cb *ax25, ax25_dev *ax25_dev)
430{
431 ax25->rtt = msecs_to_jiffies(ax25_dev->values[AX25_VALUES_T1]) / 2;
432 ax25->t1 = msecs_to_jiffies(ax25_dev->values[AX25_VALUES_T1]);
433 ax25->t2 = msecs_to_jiffies(ax25_dev->values[AX25_VALUES_T2]);
434 ax25->t3 = msecs_to_jiffies(ax25_dev->values[AX25_VALUES_T3]);
435 ax25->n2 = ax25_dev->values[AX25_VALUES_N2];
436 ax25->paclen = ax25_dev->values[AX25_VALUES_PACLEN];
437 ax25->idle = msecs_to_jiffies(ax25_dev->values[AX25_VALUES_IDLE]);
438 ax25->backoff = ax25_dev->values[AX25_VALUES_BACKOFF];
439
440 if (ax25_dev->values[AX25_VALUES_AXDEFMODE]) {
441 ax25->modulus = AX25_EMODULUS;
442 ax25->window = ax25_dev->values[AX25_VALUES_EWINDOW];
443 } else {
444 ax25->modulus = AX25_MODULUS;
445 ax25->window = ax25_dev->values[AX25_VALUES_WINDOW];
446 }
447}
448
427/* 449/*
428 * Fill in a created AX.25 created control block with the default 450 * Fill in a created AX.25 created control block with the default
429 * values for a particular device. 451 * values for a particular device.
@@ -433,39 +455,28 @@ void ax25_fillin_cb(ax25_cb *ax25, ax25_dev *ax25_dev)
433 ax25->ax25_dev = ax25_dev; 455 ax25->ax25_dev = ax25_dev;
434 456
435 if (ax25->ax25_dev != NULL) { 457 if (ax25->ax25_dev != NULL) {
436 ax25->rtt = ax25_dev->values[AX25_VALUES_T1] / 2; 458 ax25_fillin_cb_from_dev(ax25, ax25_dev);
437 ax25->t1 = ax25_dev->values[AX25_VALUES_T1]; 459 return;
438 ax25->t2 = ax25_dev->values[AX25_VALUES_T2]; 460 }
439 ax25->t3 = ax25_dev->values[AX25_VALUES_T3]; 461
440 ax25->n2 = ax25_dev->values[AX25_VALUES_N2]; 462 /*
441 ax25->paclen = ax25_dev->values[AX25_VALUES_PACLEN]; 463 * No device, use kernel / AX.25 spec default values
442 ax25->idle = ax25_dev->values[AX25_VALUES_IDLE]; 464 */
443 ax25->backoff = ax25_dev->values[AX25_VALUES_BACKOFF]; 465 ax25->rtt = msecs_to_jiffies(AX25_DEF_T1) / 2;
444 466 ax25->t1 = msecs_to_jiffies(AX25_DEF_T1);
445 if (ax25_dev->values[AX25_VALUES_AXDEFMODE]) { 467 ax25->t2 = msecs_to_jiffies(AX25_DEF_T2);
446 ax25->modulus = AX25_EMODULUS; 468 ax25->t3 = msecs_to_jiffies(AX25_DEF_T3);
447 ax25->window = ax25_dev->values[AX25_VALUES_EWINDOW]; 469 ax25->n2 = AX25_DEF_N2;
448 } else { 470 ax25->paclen = AX25_DEF_PACLEN;
449 ax25->modulus = AX25_MODULUS; 471 ax25->idle = msecs_to_jiffies(AX25_DEF_IDLE);
450 ax25->window = ax25_dev->values[AX25_VALUES_WINDOW]; 472 ax25->backoff = AX25_DEF_BACKOFF;
451 } 473
474 if (AX25_DEF_AXDEFMODE) {
475 ax25->modulus = AX25_EMODULUS;
476 ax25->window = AX25_DEF_EWINDOW;
452 } else { 477 } else {
453 ax25->rtt = AX25_DEF_T1 / 2; 478 ax25->modulus = AX25_MODULUS;
454 ax25->t1 = AX25_DEF_T1; 479 ax25->window = AX25_DEF_WINDOW;
455 ax25->t2 = AX25_DEF_T2;
456 ax25->t3 = AX25_DEF_T3;
457 ax25->n2 = AX25_DEF_N2;
458 ax25->paclen = AX25_DEF_PACLEN;
459 ax25->idle = AX25_DEF_IDLE;
460 ax25->backoff = AX25_DEF_BACKOFF;
461
462 if (AX25_DEF_AXDEFMODE) {
463 ax25->modulus = AX25_EMODULUS;
464 ax25->window = AX25_DEF_EWINDOW;
465 } else {
466 ax25->modulus = AX25_MODULUS;
467 ax25->window = AX25_DEF_WINDOW;
468 }
469 } 480 }
470} 481}
471 482
@@ -1979,24 +1990,6 @@ static struct notifier_block ax25_dev_notifier = {
1979 .notifier_call =ax25_device_event, 1990 .notifier_call =ax25_device_event,
1980}; 1991};
1981 1992
1982EXPORT_SYMBOL(ax25_hard_header);
1983EXPORT_SYMBOL(ax25_rebuild_header);
1984EXPORT_SYMBOL(ax25_findbyuid);
1985EXPORT_SYMBOL(ax25_find_cb);
1986EXPORT_SYMBOL(ax25_linkfail_register);
1987EXPORT_SYMBOL(ax25_linkfail_release);
1988EXPORT_SYMBOL(ax25_listen_register);
1989EXPORT_SYMBOL(ax25_listen_release);
1990EXPORT_SYMBOL(ax25_protocol_register);
1991EXPORT_SYMBOL(ax25_protocol_release);
1992EXPORT_SYMBOL(ax25_send_frame);
1993EXPORT_SYMBOL(ax25_uid_policy);
1994EXPORT_SYMBOL(ax25cmp);
1995EXPORT_SYMBOL(ax2asc);
1996EXPORT_SYMBOL(asc2ax);
1997EXPORT_SYMBOL(null_ax25_address);
1998EXPORT_SYMBOL(ax25_display_timer);
1999
2000static int __init ax25_init(void) 1993static int __init ax25_init(void)
2001{ 1994{
2002 int rc = proto_register(&ax25_proto, 0); 1995 int rc = proto_register(&ax25_proto, 0);
diff --git a/net/ax25/ax25_addr.c b/net/ax25/ax25_addr.c
index 0164a155b8c4..5f0896ad0042 100644
--- a/net/ax25/ax25_addr.c
+++ b/net/ax25/ax25_addr.c
@@ -11,6 +11,7 @@
11#include <linux/socket.h> 11#include <linux/socket.h>
12#include <linux/in.h> 12#include <linux/in.h>
13#include <linux/kernel.h> 13#include <linux/kernel.h>
14#include <linux/module.h>
14#include <linux/sched.h> 15#include <linux/sched.h>
15#include <linux/timer.h> 16#include <linux/timer.h>
16#include <linux/string.h> 17#include <linux/string.h>
@@ -33,6 +34,8 @@
33 */ 34 */
34ax25_address null_ax25_address = {{0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x00}}; 35ax25_address null_ax25_address = {{0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x00}};
35 36
37EXPORT_SYMBOL(null_ax25_address);
38
36/* 39/*
37 * ax25 -> ascii conversion 40 * ax25 -> ascii conversion
38 */ 41 */
@@ -64,6 +67,8 @@ char *ax2asc(char *buf, ax25_address *a)
64 67
65} 68}
66 69
70EXPORT_SYMBOL(ax2asc);
71
67/* 72/*
68 * ascii -> ax25 conversion 73 * ascii -> ax25 conversion
69 */ 74 */
@@ -97,6 +102,8 @@ void asc2ax(ax25_address *addr, char *callsign)
97 addr->ax25_call[6] &= 0x1E; 102 addr->ax25_call[6] &= 0x1E;
98} 103}
99 104
105EXPORT_SYMBOL(asc2ax);
106
100/* 107/*
101 * Compare two ax.25 addresses 108 * Compare two ax.25 addresses
102 */ 109 */
@@ -116,6 +123,8 @@ int ax25cmp(ax25_address *a, ax25_address *b)
116 return 2; /* Partial match */ 123 return 2; /* Partial match */
117} 124}
118 125
126EXPORT_SYMBOL(ax25cmp);
127
119/* 128/*
120 * Compare two AX.25 digipeater paths. 129 * Compare two AX.25 digipeater paths.
121 */ 130 */
diff --git a/net/ax25/ax25_ds_timer.c b/net/ax25/ax25_ds_timer.c
index 061083efc1dc..5961459935eb 100644
--- a/net/ax25/ax25_ds_timer.c
+++ b/net/ax25/ax25_ds_timer.c
@@ -61,7 +61,8 @@ void ax25_ds_set_timer(ax25_dev *ax25_dev)
61 return; 61 return;
62 62
63 del_timer(&ax25_dev->dama.slave_timer); 63 del_timer(&ax25_dev->dama.slave_timer);
64 ax25_dev->dama.slave_timeout = ax25_dev->values[AX25_VALUES_DS_TIMEOUT] / 10; 64 ax25_dev->dama.slave_timeout =
65 msecs_to_jiffies(ax25_dev->values[AX25_VALUES_DS_TIMEOUT]) / 10;
65 ax25_ds_add_timer(ax25_dev); 66 ax25_ds_add_timer(ax25_dev);
66} 67}
67 68
diff --git a/net/ax25/ax25_iface.c b/net/ax25/ax25_iface.c
index d68aff100729..3bb152710b77 100644
--- a/net/ax25/ax25_iface.c
+++ b/net/ax25/ax25_iface.c
@@ -12,6 +12,7 @@
12#include <linux/socket.h> 12#include <linux/socket.h>
13#include <linux/in.h> 13#include <linux/in.h>
14#include <linux/kernel.h> 14#include <linux/kernel.h>
15#include <linux/module.h>
15#include <linux/sched.h> 16#include <linux/sched.h>
16#include <linux/spinlock.h> 17#include <linux/spinlock.h>
17#include <linux/timer.h> 18#include <linux/timer.h>
@@ -74,6 +75,8 @@ int ax25_protocol_register(unsigned int pid,
74 return 1; 75 return 1;
75} 76}
76 77
78EXPORT_SYMBOL(ax25_protocol_register);
79
77void ax25_protocol_release(unsigned int pid) 80void ax25_protocol_release(unsigned int pid)
78{ 81{
79 struct protocol_struct *s, *protocol; 82 struct protocol_struct *s, *protocol;
@@ -106,6 +109,8 @@ void ax25_protocol_release(unsigned int pid)
106 write_unlock(&protocol_list_lock); 109 write_unlock(&protocol_list_lock);
107} 110}
108 111
112EXPORT_SYMBOL(ax25_protocol_release);
113
109int ax25_linkfail_register(void (*func)(ax25_cb *, int)) 114int ax25_linkfail_register(void (*func)(ax25_cb *, int))
110{ 115{
111 struct linkfail_struct *linkfail; 116 struct linkfail_struct *linkfail;
@@ -123,6 +128,8 @@ int ax25_linkfail_register(void (*func)(ax25_cb *, int))
123 return 1; 128 return 1;
124} 129}
125 130
131EXPORT_SYMBOL(ax25_linkfail_register);
132
126void ax25_linkfail_release(void (*func)(ax25_cb *, int)) 133void ax25_linkfail_release(void (*func)(ax25_cb *, int))
127{ 134{
128 struct linkfail_struct *s, *linkfail; 135 struct linkfail_struct *s, *linkfail;
@@ -155,6 +162,8 @@ void ax25_linkfail_release(void (*func)(ax25_cb *, int))
155 spin_unlock_bh(&linkfail_lock); 162 spin_unlock_bh(&linkfail_lock);
156} 163}
157 164
165EXPORT_SYMBOL(ax25_linkfail_release);
166
158int ax25_listen_register(ax25_address *callsign, struct net_device *dev) 167int ax25_listen_register(ax25_address *callsign, struct net_device *dev)
159{ 168{
160 struct listen_struct *listen; 169 struct listen_struct *listen;
@@ -176,6 +185,8 @@ int ax25_listen_register(ax25_address *callsign, struct net_device *dev)
176 return 1; 185 return 1;
177} 186}
178 187
188EXPORT_SYMBOL(ax25_listen_register);
189
179void ax25_listen_release(ax25_address *callsign, struct net_device *dev) 190void ax25_listen_release(ax25_address *callsign, struct net_device *dev)
180{ 191{
181 struct listen_struct *s, *listen; 192 struct listen_struct *s, *listen;
@@ -208,6 +219,8 @@ void ax25_listen_release(ax25_address *callsign, struct net_device *dev)
208 spin_unlock_bh(&listen_lock); 219 spin_unlock_bh(&listen_lock);
209} 220}
210 221
222EXPORT_SYMBOL(ax25_listen_release);
223
211int (*ax25_protocol_function(unsigned int pid))(struct sk_buff *, ax25_cb *) 224int (*ax25_protocol_function(unsigned int pid))(struct sk_buff *, ax25_cb *)
212{ 225{
213 int (*res)(struct sk_buff *, ax25_cb *) = NULL; 226 int (*res)(struct sk_buff *, ax25_cb *) = NULL;
diff --git a/net/ax25/ax25_ip.c b/net/ax25/ax25_ip.c
index d643dac3eccc..a0b534f80f17 100644
--- a/net/ax25/ax25_ip.c
+++ b/net/ax25/ax25_ip.c
@@ -12,6 +12,7 @@
12#include <linux/socket.h> 12#include <linux/socket.h>
13#include <linux/in.h> 13#include <linux/in.h>
14#include <linux/kernel.h> 14#include <linux/kernel.h>
15#include <linux/module.h>
15#include <linux/sched.h> 16#include <linux/sched.h>
16#include <linux/timer.h> 17#include <linux/timer.h>
17#include <linux/string.h> 18#include <linux/string.h>
@@ -221,3 +222,5 @@ int ax25_rebuild_header(struct sk_buff *skb)
221 222
222#endif 223#endif
223 224
225EXPORT_SYMBOL(ax25_hard_header);
226EXPORT_SYMBOL(ax25_rebuild_header);
diff --git a/net/ax25/ax25_out.c b/net/ax25/ax25_out.c
index 5fc048dcd39a..5d99852b239c 100644
--- a/net/ax25/ax25_out.c
+++ b/net/ax25/ax25_out.c
@@ -14,6 +14,7 @@
14#include <linux/socket.h> 14#include <linux/socket.h>
15#include <linux/in.h> 15#include <linux/in.h>
16#include <linux/kernel.h> 16#include <linux/kernel.h>
17#include <linux/module.h>
17#include <linux/sched.h> 18#include <linux/sched.h>
18#include <linux/timer.h> 19#include <linux/timer.h>
19#include <linux/string.h> 20#include <linux/string.h>
@@ -104,6 +105,8 @@ ax25_cb *ax25_send_frame(struct sk_buff *skb, int paclen, ax25_address *src, ax2
104 return ax25; /* We had to create it */ 105 return ax25; /* We had to create it */
105} 106}
106 107
108EXPORT_SYMBOL(ax25_send_frame);
109
107/* 110/*
108 * All outgoing AX.25 I frames pass via this routine. Therefore this is 111 * All outgoing AX.25 I frames pass via this routine. Therefore this is
109 * where the fragmentation of frames takes place. If fragment is set to 112 * where the fragmentation of frames takes place. If fragment is set to
diff --git a/net/ax25/ax25_route.c b/net/ax25/ax25_route.c
index f04f8630fd28..5ac98250797b 100644
--- a/net/ax25/ax25_route.c
+++ b/net/ax25/ax25_route.c
@@ -360,7 +360,7 @@ struct file_operations ax25_route_fops = {
360/* 360/*
361 * Find AX.25 route 361 * Find AX.25 route
362 * 362 *
363 * Only routes with a refernce rout of zero can be destroyed. 363 * Only routes with a reference count of zero can be destroyed.
364 */ 364 */
365static ax25_route *ax25_get_route(ax25_address *addr, struct net_device *dev) 365static ax25_route *ax25_get_route(ax25_address *addr, struct net_device *dev)
366{ 366{
diff --git a/net/ax25/ax25_timer.c b/net/ax25/ax25_timer.c
index 7a6b50a14554..ec254057f212 100644
--- a/net/ax25/ax25_timer.c
+++ b/net/ax25/ax25_timer.c
@@ -18,6 +18,7 @@
18#include <linux/socket.h> 18#include <linux/socket.h>
19#include <linux/in.h> 19#include <linux/in.h>
20#include <linux/kernel.h> 20#include <linux/kernel.h>
21#include <linux/module.h>
21#include <linux/jiffies.h> 22#include <linux/jiffies.h>
22#include <linux/timer.h> 23#include <linux/timer.h>
23#include <linux/string.h> 24#include <linux/string.h>
@@ -137,6 +138,8 @@ unsigned long ax25_display_timer(struct timer_list *timer)
137 return timer->expires - jiffies; 138 return timer->expires - jiffies;
138} 139}
139 140
141EXPORT_SYMBOL(ax25_display_timer);
142
140static void ax25_heartbeat_expiry(unsigned long param) 143static void ax25_heartbeat_expiry(unsigned long param)
141{ 144{
142 int proto = AX25_PROTO_STD_SIMPLEX; 145 int proto = AX25_PROTO_STD_SIMPLEX;
diff --git a/net/ax25/ax25_uid.c b/net/ax25/ax25_uid.c
index b8b5854bce9a..5e9a81e8b214 100644
--- a/net/ax25/ax25_uid.c
+++ b/net/ax25/ax25_uid.c
@@ -49,6 +49,8 @@ static DEFINE_RWLOCK(ax25_uid_lock);
49 49
50int ax25_uid_policy = 0; 50int ax25_uid_policy = 0;
51 51
52EXPORT_SYMBOL(ax25_uid_policy);
53
52ax25_uid_assoc *ax25_findbyuid(uid_t uid) 54ax25_uid_assoc *ax25_findbyuid(uid_t uid)
53{ 55{
54 ax25_uid_assoc *ax25_uid, *res = NULL; 56 ax25_uid_assoc *ax25_uid, *res = NULL;
@@ -67,6 +69,8 @@ ax25_uid_assoc *ax25_findbyuid(uid_t uid)
67 return res; 69 return res;
68} 70}
69 71
72EXPORT_SYMBOL(ax25_findbyuid);
73
70int ax25_uid_ioctl(int cmd, struct sockaddr_ax25 *sax) 74int ax25_uid_ioctl(int cmd, struct sockaddr_ax25 *sax)
71{ 75{
72 ax25_uid_assoc *ax25_uid; 76 ax25_uid_assoc *ax25_uid;
diff --git a/net/ax25/sysctl_net_ax25.c b/net/ax25/sysctl_net_ax25.c
index 894a22558d9d..bdb64c36df12 100644
--- a/net/ax25/sysctl_net_ax25.c
+++ b/net/ax25/sysctl_net_ax25.c
@@ -18,14 +18,14 @@ static int min_backoff[1], max_backoff[] = {2};
18static int min_conmode[1], max_conmode[] = {2}; 18static int min_conmode[1], max_conmode[] = {2};
19static int min_window[] = {1}, max_window[] = {7}; 19static int min_window[] = {1}, max_window[] = {7};
20static int min_ewindow[] = {1}, max_ewindow[] = {63}; 20static int min_ewindow[] = {1}, max_ewindow[] = {63};
21static int min_t1[] = {1}, max_t1[] = {30 * HZ}; 21static int min_t1[] = {1}, max_t1[] = {30000};
22static int min_t2[] = {1}, max_t2[] = {20 * HZ}; 22static int min_t2[] = {1}, max_t2[] = {20000};
23static int min_t3[1], max_t3[] = {3600 * HZ}; 23static int min_t3[1], max_t3[] = {3600000};
24static int min_idle[1], max_idle[] = {65535 * HZ}; 24static int min_idle[1], max_idle[] = {65535000};
25static int min_n2[] = {1}, max_n2[] = {31}; 25static int min_n2[] = {1}, max_n2[] = {31};
26static int min_paclen[] = {1}, max_paclen[] = {512}; 26static int min_paclen[] = {1}, max_paclen[] = {512};
27static int min_proto[1], max_proto[] = { AX25_PROTO_MAX }; 27static int min_proto[1], max_proto[] = { AX25_PROTO_MAX };
28static int min_ds_timeout[1], max_ds_timeout[] = {65535 * HZ}; 28static int min_ds_timeout[1], max_ds_timeout[] = {65535000};
29 29
30static struct ctl_table_header *ax25_table_header; 30static struct ctl_table_header *ax25_table_header;
31 31
diff --git a/net/bridge/br_forward.c b/net/bridge/br_forward.c
index 2d24fb400e0c..56f3aa47e758 100644
--- a/net/bridge/br_forward.c
+++ b/net/bridge/br_forward.c
@@ -16,6 +16,7 @@
16#include <linux/kernel.h> 16#include <linux/kernel.h>
17#include <linux/netdevice.h> 17#include <linux/netdevice.h>
18#include <linux/skbuff.h> 18#include <linux/skbuff.h>
19#include <linux/if_vlan.h>
19#include <linux/netfilter_bridge.h> 20#include <linux/netfilter_bridge.h>
20#include "br_private.h" 21#include "br_private.h"
21 22
@@ -29,10 +30,15 @@ static inline int should_deliver(const struct net_bridge_port *p,
29 return 1; 30 return 1;
30} 31}
31 32
33static inline unsigned packet_length(const struct sk_buff *skb)
34{
35 return skb->len - (skb->protocol == htons(ETH_P_8021Q) ? VLAN_HLEN : 0);
36}
37
32int br_dev_queue_push_xmit(struct sk_buff *skb) 38int br_dev_queue_push_xmit(struct sk_buff *skb)
33{ 39{
34 /* drop mtu oversized packets except tso */ 40 /* drop mtu oversized packets except tso */
35 if (skb->len > skb->dev->mtu && !skb_shinfo(skb)->tso_size) 41 if (packet_length(skb) > skb->dev->mtu && !skb_shinfo(skb)->tso_size)
36 kfree_skb(skb); 42 kfree_skb(skb);
37 else { 43 else {
38#ifdef CONFIG_BRIDGE_NETFILTER 44#ifdef CONFIG_BRIDGE_NETFILTER
diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c
index b0b7f55c1edd..bfa4d8c333f7 100644
--- a/net/bridge/br_input.c
+++ b/net/bridge/br_input.c
@@ -66,6 +66,7 @@ int br_handle_frame_finish(struct sk_buff *skb)
66 } 66 }
67 67
68 if (is_multicast_ether_addr(dest)) { 68 if (is_multicast_ether_addr(dest)) {
69 br->statistics.multicast++;
69 br_flood_forward(br, skb, !passedup); 70 br_flood_forward(br, skb, !passedup);
70 if (!passedup) 71 if (!passedup)
71 br_pass_frame_up(br, skb); 72 br_pass_frame_up(br, skb);
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index 84b9af76f0a2..3a13ed643459 100644
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -831,7 +831,7 @@ static int translate_table(struct ebt_replace *repl,
831 return -ENOMEM; 831 return -ENOMEM;
832 for_each_possible_cpu(i) { 832 for_each_possible_cpu(i) {
833 newinfo->chainstack[i] = 833 newinfo->chainstack[i] =
834 vmalloc(udc_cnt * sizeof(struct ebt_chainstack)); 834 vmalloc(udc_cnt * sizeof(*(newinfo->chainstack[0])));
835 if (!newinfo->chainstack[i]) { 835 if (!newinfo->chainstack[i]) {
836 while (i) 836 while (i)
837 vfree(newinfo->chainstack[--i]); 837 vfree(newinfo->chainstack[--i]);
@@ -841,8 +841,7 @@ static int translate_table(struct ebt_replace *repl,
841 } 841 }
842 } 842 }
843 843
844 cl_s = (struct ebt_cl_stack *) 844 cl_s = vmalloc(udc_cnt * sizeof(*cl_s));
845 vmalloc(udc_cnt * sizeof(struct ebt_cl_stack));
846 if (!cl_s) 845 if (!cl_s)
847 return -ENOMEM; 846 return -ENOMEM;
848 i = 0; /* the i'th udc */ 847 i = 0; /* the i'th udc */
@@ -944,8 +943,7 @@ static int do_replace(void __user *user, unsigned int len)
944 943
945 countersize = COUNTER_OFFSET(tmp.nentries) * 944 countersize = COUNTER_OFFSET(tmp.nentries) *
946 (highest_possible_processor_id()+1); 945 (highest_possible_processor_id()+1);
947 newinfo = (struct ebt_table_info *) 946 newinfo = vmalloc(sizeof(*newinfo) + countersize);
948 vmalloc(sizeof(struct ebt_table_info) + countersize);
949 if (!newinfo) 947 if (!newinfo)
950 return -ENOMEM; 948 return -ENOMEM;
951 949
@@ -967,8 +965,7 @@ static int do_replace(void __user *user, unsigned int len)
967 /* the user wants counters back 965 /* the user wants counters back
968 the check on the size is done later, when we have the lock */ 966 the check on the size is done later, when we have the lock */
969 if (tmp.num_counters) { 967 if (tmp.num_counters) {
970 counterstmp = (struct ebt_counter *) 968 counterstmp = vmalloc(tmp.num_counters * sizeof(*counterstmp));
971 vmalloc(tmp.num_counters * sizeof(struct ebt_counter));
972 if (!counterstmp) { 969 if (!counterstmp) {
973 ret = -ENOMEM; 970 ret = -ENOMEM;
974 goto free_entries; 971 goto free_entries;
@@ -1148,8 +1145,7 @@ int ebt_register_table(struct ebt_table *table)
1148 1145
1149 countersize = COUNTER_OFFSET(table->table->nentries) * 1146 countersize = COUNTER_OFFSET(table->table->nentries) *
1150 (highest_possible_processor_id()+1); 1147 (highest_possible_processor_id()+1);
1151 newinfo = (struct ebt_table_info *) 1148 newinfo = vmalloc(sizeof(*newinfo) + countersize);
1152 vmalloc(sizeof(struct ebt_table_info) + countersize);
1153 ret = -ENOMEM; 1149 ret = -ENOMEM;
1154 if (!newinfo) 1150 if (!newinfo)
1155 return -ENOMEM; 1151 return -ENOMEM;
@@ -1247,8 +1243,7 @@ static int update_counters(void __user *user, unsigned int len)
1247 if (hlp.num_counters == 0) 1243 if (hlp.num_counters == 0)
1248 return -EINVAL; 1244 return -EINVAL;
1249 1245
1250 if ( !(tmp = (struct ebt_counter *) 1246 if (!(tmp = vmalloc(hlp.num_counters * sizeof(*tmp)))) {
1251 vmalloc(hlp.num_counters * sizeof(struct ebt_counter))) ){
1252 MEMPRINT("Update_counters && nomemory\n"); 1247 MEMPRINT("Update_counters && nomemory\n");
1253 return -ENOMEM; 1248 return -ENOMEM;
1254 } 1249 }
@@ -1377,8 +1372,7 @@ static int copy_everything_to_user(struct ebt_table *t, void __user *user,
1377 BUGPRINT("Num_counters wrong\n"); 1372 BUGPRINT("Num_counters wrong\n");
1378 return -EINVAL; 1373 return -EINVAL;
1379 } 1374 }
1380 counterstmp = (struct ebt_counter *) 1375 counterstmp = vmalloc(nentries * sizeof(*counterstmp));
1381 vmalloc(nentries * sizeof(struct ebt_counter));
1382 if (!counterstmp) { 1376 if (!counterstmp) {
1383 MEMPRINT("Couldn't copy counters, out of memory\n"); 1377 MEMPRINT("Couldn't copy counters, out of memory\n");
1384 return -ENOMEM; 1378 return -ENOMEM;
diff --git a/net/core/dev.c b/net/core/dev.c
index 83231a27ae02..9ab3cfa58466 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -2698,7 +2698,8 @@ int dev_ioctl(unsigned int cmd, void __user *arg)
2698 /* If command is `set a parameter', or 2698 /* If command is `set a parameter', or
2699 * `get the encoding parameters', check if 2699 * `get the encoding parameters', check if
2700 * the user has the right to do it */ 2700 * the user has the right to do it */
2701 if (IW_IS_SET(cmd) || cmd == SIOCGIWENCODE) { 2701 if (IW_IS_SET(cmd) || cmd == SIOCGIWENCODE
2702 || cmd == SIOCGIWENCODEEXT) {
2702 if (!capable(CAP_NET_ADMIN)) 2703 if (!capable(CAP_NET_ADMIN))
2703 return -EPERM; 2704 return -EPERM;
2704 } 2705 }
@@ -3042,11 +3043,11 @@ void netdev_run_todo(void)
3042 3043
3043 switch(dev->reg_state) { 3044 switch(dev->reg_state) {
3044 case NETREG_REGISTERING: 3045 case NETREG_REGISTERING:
3045 dev->reg_state = NETREG_REGISTERED;
3046 err = netdev_register_sysfs(dev); 3046 err = netdev_register_sysfs(dev);
3047 if (err) 3047 if (err)
3048 printk(KERN_ERR "%s: failed sysfs registration (%d)\n", 3048 printk(KERN_ERR "%s: failed sysfs registration (%d)\n",
3049 dev->name, err); 3049 dev->name, err);
3050 dev->reg_state = NETREG_REGISTERED;
3050 break; 3051 break;
3051 3052
3052 case NETREG_UNREGISTERING: 3053 case NETREG_UNREGISTERING:
diff --git a/net/core/net-sysfs.c b/net/core/net-sysfs.c
index c12990c9c603..47a6fceb6771 100644
--- a/net/core/net-sysfs.c
+++ b/net/core/net-sysfs.c
@@ -29,7 +29,7 @@ static const char fmt_ulong[] = "%lu\n";
29 29
30static inline int dev_isalive(const struct net_device *dev) 30static inline int dev_isalive(const struct net_device *dev)
31{ 31{
32 return dev->reg_state == NETREG_REGISTERED; 32 return dev->reg_state <= NETREG_REGISTERED;
33} 33}
34 34
35/* use same locking rules as GIF* ioctl's */ 35/* use same locking rules as GIF* ioctl's */
@@ -445,58 +445,33 @@ static struct class net_class = {
445 445
446void netdev_unregister_sysfs(struct net_device * net) 446void netdev_unregister_sysfs(struct net_device * net)
447{ 447{
448 struct class_device * class_dev = &(net->class_dev); 448 class_device_del(&(net->class_dev));
449
450 if (net->get_stats)
451 sysfs_remove_group(&class_dev->kobj, &netstat_group);
452
453#ifdef WIRELESS_EXT
454 if (net->get_wireless_stats || (net->wireless_handlers &&
455 net->wireless_handlers->get_wireless_stats))
456 sysfs_remove_group(&class_dev->kobj, &wireless_group);
457#endif
458 class_device_del(class_dev);
459
460} 449}
461 450
462/* Create sysfs entries for network device. */ 451/* Create sysfs entries for network device. */
463int netdev_register_sysfs(struct net_device *net) 452int netdev_register_sysfs(struct net_device *net)
464{ 453{
465 struct class_device *class_dev = &(net->class_dev); 454 struct class_device *class_dev = &(net->class_dev);
466 int ret; 455 struct attribute_group **groups = net->sysfs_groups;
467 456
457 class_device_initialize(class_dev);
468 class_dev->class = &net_class; 458 class_dev->class = &net_class;
469 class_dev->class_data = net; 459 class_dev->class_data = net;
460 class_dev->groups = groups;
470 461
462 BUILD_BUG_ON(BUS_ID_SIZE < IFNAMSIZ);
471 strlcpy(class_dev->class_id, net->name, BUS_ID_SIZE); 463 strlcpy(class_dev->class_id, net->name, BUS_ID_SIZE);
472 if ((ret = class_device_register(class_dev)))
473 goto out;
474 464
475 if (net->get_stats && 465 if (net->get_stats)
476 (ret = sysfs_create_group(&class_dev->kobj, &netstat_group))) 466 *groups++ = &netstat_group;
477 goto out_unreg;
478 467
479#ifdef WIRELESS_EXT 468#ifdef WIRELESS_EXT
480 if (net->get_wireless_stats || (net->wireless_handlers && 469 if (net->get_wireless_stats
481 net->wireless_handlers->get_wireless_stats)) { 470 || (net->wireless_handlers && net->wireless_handlers->get_wireless_stats))
482 ret = sysfs_create_group(&class_dev->kobj, &wireless_group); 471 *groups++ = &wireless_group;
483 if (ret)
484 goto out_cleanup;
485 }
486 return 0;
487out_cleanup:
488 if (net->get_stats)
489 sysfs_remove_group(&class_dev->kobj, &netstat_group);
490#else
491 return 0;
492#endif 472#endif
493 473
494out_unreg: 474 return class_device_add(class_dev);
495 printk(KERN_WARNING "%s: sysfs attribute registration failed %d\n",
496 net->name, ret);
497 class_device_unregister(class_dev);
498out:
499 return ret;
500} 475}
501 476
502int netdev_sysfs_init(void) 477int netdev_sysfs_init(void)
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 09464fa8d72f..fb3770f9c094 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -112,6 +112,14 @@ void skb_under_panic(struct sk_buff *skb, int sz, void *here)
112 BUG(); 112 BUG();
113} 113}
114 114
115void skb_truesize_bug(struct sk_buff *skb)
116{
117 printk(KERN_ERR "SKB BUG: Invalid truesize (%u) "
118 "len=%u, sizeof(sk_buff)=%Zd\n",
119 skb->truesize, skb->len, sizeof(struct sk_buff));
120}
121EXPORT_SYMBOL(skb_truesize_bug);
122
115/* Allocate a new skbuff. We do this ourselves so we can fill in a few 123/* Allocate a new skbuff. We do this ourselves so we can fill in a few
116 * 'private' fields and also do memory statistics to find all the 124 * 'private' fields and also do memory statistics to find all the
117 * [BEEP] leaks. 125 * [BEEP] leaks.
diff --git a/net/core/stream.c b/net/core/stream.c
index 35e25259fd95..e9489696f694 100644
--- a/net/core/stream.c
+++ b/net/core/stream.c
@@ -176,6 +176,7 @@ void sk_stream_rfree(struct sk_buff *skb)
176{ 176{
177 struct sock *sk = skb->sk; 177 struct sock *sk = skb->sk;
178 178
179 skb_truesize_check(skb);
179 atomic_sub(skb->truesize, &sk->sk_rmem_alloc); 180 atomic_sub(skb->truesize, &sk->sk_rmem_alloc);
180 sk->sk_forward_alloc += skb->truesize; 181 sk->sk_forward_alloc += skb->truesize;
181} 182}
diff --git a/net/core/wireless.c b/net/core/wireless.c
index 81d6995fcfdb..d2bc72d318f7 100644
--- a/net/core/wireless.c
+++ b/net/core/wireless.c
@@ -1726,6 +1726,14 @@ int wireless_rtnetlink_get(struct net_device * dev,
1726 if(!IW_IS_GET(request->cmd)) 1726 if(!IW_IS_GET(request->cmd))
1727 return -EOPNOTSUPP; 1727 return -EOPNOTSUPP;
1728 1728
1729 /* If command is `get the encoding parameters', check if
1730 * the user has the right to do it */
1731 if (request->cmd == SIOCGIWENCODE ||
1732 request->cmd == SIOCGIWENCODEEXT) {
1733 if (!capable(CAP_NET_ADMIN))
1734 return -EPERM;
1735 }
1736
1729 /* Special cases */ 1737 /* Special cases */
1730 if(request->cmd == SIOCGIWSTATS) 1738 if(request->cmd == SIOCGIWSTATS)
1731 /* Get Wireless Stats */ 1739 /* Get Wireless Stats */
diff --git a/net/dccp/proto.c b/net/dccp/proto.c
index 1ff7328b0e17..2e0ee8355c41 100644
--- a/net/dccp/proto.c
+++ b/net/dccp/proto.c
@@ -848,6 +848,7 @@ static int dccp_close_state(struct sock *sk)
848void dccp_close(struct sock *sk, long timeout) 848void dccp_close(struct sock *sk, long timeout)
849{ 849{
850 struct sk_buff *skb; 850 struct sk_buff *skb;
851 int state;
851 852
852 lock_sock(sk); 853 lock_sock(sk);
853 854
@@ -882,6 +883,11 @@ void dccp_close(struct sock *sk, long timeout)
882 sk_stream_wait_close(sk, timeout); 883 sk_stream_wait_close(sk, timeout);
883 884
884adjudge_to_death: 885adjudge_to_death:
886 state = sk->sk_state;
887 sock_hold(sk);
888 sock_orphan(sk);
889 atomic_inc(sk->sk_prot->orphan_count);
890
885 /* 891 /*
886 * It is the last release_sock in its life. It will remove backlog. 892 * It is the last release_sock in its life. It will remove backlog.
887 */ 893 */
@@ -894,8 +900,9 @@ adjudge_to_death:
894 bh_lock_sock(sk); 900 bh_lock_sock(sk);
895 BUG_TRAP(!sock_owned_by_user(sk)); 901 BUG_TRAP(!sock_owned_by_user(sk));
896 902
897 sock_hold(sk); 903 /* Have we already been destroyed by a softirq or backlog? */
898 sock_orphan(sk); 904 if (state != DCCP_CLOSED && sk->sk_state == DCCP_CLOSED)
905 goto out;
899 906
900 /* 907 /*
901 * The last release_sock may have processed the CLOSE or RESET 908 * The last release_sock may have processed the CLOSE or RESET
@@ -915,12 +922,12 @@ adjudge_to_death:
915#endif 922#endif
916 } 923 }
917 924
918 atomic_inc(sk->sk_prot->orphan_count);
919 if (sk->sk_state == DCCP_CLOSED) 925 if (sk->sk_state == DCCP_CLOSED)
920 inet_csk_destroy_sock(sk); 926 inet_csk_destroy_sock(sk);
921 927
922 /* Otherwise, socket is reprieved until protocol close. */ 928 /* Otherwise, socket is reprieved until protocol close. */
923 929
930out:
924 bh_unlock_sock(sk); 931 bh_unlock_sock(sk);
925 local_bh_enable(); 932 local_bh_enable();
926 sock_put(sk); 933 sock_put(sk);
diff --git a/net/decnet/dn_neigh.c b/net/decnet/dn_neigh.c
index 7c8692c26bfe..66e230c3b328 100644
--- a/net/decnet/dn_neigh.c
+++ b/net/decnet/dn_neigh.c
@@ -493,7 +493,6 @@ struct elist_cb_state {
493static void neigh_elist_cb(struct neighbour *neigh, void *_info) 493static void neigh_elist_cb(struct neighbour *neigh, void *_info)
494{ 494{
495 struct elist_cb_state *s = _info; 495 struct elist_cb_state *s = _info;
496 struct dn_dev *dn_db;
497 struct dn_neigh *dn; 496 struct dn_neigh *dn;
498 497
499 if (neigh->dev != s->dev) 498 if (neigh->dev != s->dev)
@@ -503,10 +502,6 @@ static void neigh_elist_cb(struct neighbour *neigh, void *_info)
503 if (!(dn->flags & (DN_NDFLAG_R1|DN_NDFLAG_R2))) 502 if (!(dn->flags & (DN_NDFLAG_R1|DN_NDFLAG_R2)))
504 return; 503 return;
505 504
506 dn_db = (struct dn_dev *) s->dev->dn_ptr;
507 if (dn_db->parms.forwarding == 1 && (dn->flags & DN_NDFLAG_R2))
508 return;
509
510 if (s->t == s->n) 505 if (s->t == s->n)
511 s->rs = dn_find_slot(s->ptr, s->n, dn->priority); 506 s->rs = dn_find_slot(s->ptr, s->n, dn->priority);
512 else 507 else
diff --git a/net/ieee80211/softmac/Kconfig b/net/ieee80211/softmac/Kconfig
index 6cd9f3427be6..f2a27cc6ecb1 100644
--- a/net/ieee80211/softmac/Kconfig
+++ b/net/ieee80211/softmac/Kconfig
@@ -1,6 +1,7 @@
1config IEEE80211_SOFTMAC 1config IEEE80211_SOFTMAC
2 tristate "Software MAC add-on to the IEEE 802.11 networking stack" 2 tristate "Software MAC add-on to the IEEE 802.11 networking stack"
3 depends on IEEE80211 && EXPERIMENTAL 3 depends on IEEE80211 && EXPERIMENTAL
4 select WIRELESS_EXT
4 ---help--- 5 ---help---
5 This option enables the hardware independent software MAC addon 6 This option enables the hardware independent software MAC addon
6 for the IEEE 802.11 networking stack. 7 for the IEEE 802.11 networking stack.
diff --git a/net/ieee80211/softmac/ieee80211softmac_assoc.c b/net/ieee80211/softmac/ieee80211softmac_assoc.c
index be61de78dfa4..57ea9f6f465c 100644
--- a/net/ieee80211/softmac/ieee80211softmac_assoc.c
+++ b/net/ieee80211/softmac/ieee80211softmac_assoc.c
@@ -51,11 +51,12 @@ ieee80211softmac_assoc(struct ieee80211softmac_device *mac, struct ieee80211soft
51 spin_lock_irqsave(&mac->lock, flags); 51 spin_lock_irqsave(&mac->lock, flags);
52 mac->associnfo.associating = 1; 52 mac->associnfo.associating = 1;
53 mac->associated = 0; /* just to make sure */ 53 mac->associated = 0; /* just to make sure */
54 spin_unlock_irqrestore(&mac->lock, flags);
55 54
56 /* Set a timer for timeout */ 55 /* Set a timer for timeout */
57 /* FIXME: make timeout configurable */ 56 /* FIXME: make timeout configurable */
58 schedule_delayed_work(&mac->associnfo.timeout, 5 * HZ); 57 if (likely(mac->running))
58 schedule_delayed_work(&mac->associnfo.timeout, 5 * HZ);
59 spin_unlock_irqrestore(&mac->lock, flags);
59} 60}
60 61
61void 62void
@@ -101,6 +102,7 @@ ieee80211softmac_disassoc(struct ieee80211softmac_device *mac, u16 reason)
101 /* Do NOT clear bssvalid as that will break ieee80211softmac_assoc_work! */ 102 /* Do NOT clear bssvalid as that will break ieee80211softmac_assoc_work! */
102 mac->associated = 0; 103 mac->associated = 0;
103 mac->associnfo.associating = 0; 104 mac->associnfo.associating = 0;
105 ieee80211softmac_call_events_locked(mac, IEEE80211SOFTMAC_EVENT_DISASSOCIATED, NULL);
104 spin_unlock_irqrestore(&mac->lock, flags); 106 spin_unlock_irqrestore(&mac->lock, flags);
105} 107}
106 108
@@ -143,6 +145,12 @@ network_matches_request(struct ieee80211softmac_device *mac, struct ieee80211_ne
143 if (!we_support_all_basic_rates(mac, net->rates_ex, net->rates_ex_len)) 145 if (!we_support_all_basic_rates(mac, net->rates_ex, net->rates_ex_len))
144 return 0; 146 return 0;
145 147
148 /* assume that users know what they're doing ...
149 * (note we don't let them select a net we're incompatible with) */
150 if (mac->associnfo.bssfixed) {
151 return !memcmp(mac->associnfo.bssid, net->bssid, ETH_ALEN);
152 }
153
146 /* if 'ANY' network requested, take any that doesn't have privacy enabled */ 154 /* if 'ANY' network requested, take any that doesn't have privacy enabled */
147 if (mac->associnfo.req_essid.len == 0 155 if (mac->associnfo.req_essid.len == 0
148 && !(net->capability & WLAN_CAPABILITY_PRIVACY)) 156 && !(net->capability & WLAN_CAPABILITY_PRIVACY))
@@ -175,7 +183,7 @@ ieee80211softmac_assoc_work(void *d)
175 ieee80211softmac_disassoc(mac, WLAN_REASON_DISASSOC_STA_HAS_LEFT); 183 ieee80211softmac_disassoc(mac, WLAN_REASON_DISASSOC_STA_HAS_LEFT);
176 184
177 /* try to find the requested network in our list, if we found one already */ 185 /* try to find the requested network in our list, if we found one already */
178 if (mac->associnfo.bssvalid) 186 if (mac->associnfo.bssvalid || mac->associnfo.bssfixed)
179 found = ieee80211softmac_get_network_by_bssid(mac, mac->associnfo.bssid); 187 found = ieee80211softmac_get_network_by_bssid(mac, mac->associnfo.bssid);
180 188
181 /* Search the ieee80211 networks for this network if we didn't find it by bssid, 189 /* Search the ieee80211 networks for this network if we didn't find it by bssid,
@@ -240,19 +248,25 @@ ieee80211softmac_assoc_work(void *d)
240 if (ieee80211softmac_start_scan(mac)) 248 if (ieee80211softmac_start_scan(mac))
241 dprintk(KERN_INFO PFX "Associate: failed to initiate scan. Is device up?\n"); 249 dprintk(KERN_INFO PFX "Associate: failed to initiate scan. Is device up?\n");
242 return; 250 return;
243 } 251 } else {
244 else {
245 spin_lock_irqsave(&mac->lock, flags); 252 spin_lock_irqsave(&mac->lock, flags);
246 mac->associnfo.associating = 0; 253 mac->associnfo.associating = 0;
247 mac->associated = 0; 254 mac->associated = 0;
248 spin_unlock_irqrestore(&mac->lock, flags); 255 spin_unlock_irqrestore(&mac->lock, flags);
249 256
250 dprintk(KERN_INFO PFX "Unable to find matching network after scan!\n"); 257 dprintk(KERN_INFO PFX "Unable to find matching network after scan!\n");
258 /* reset the retry counter for the next user request since we
259 * break out and don't reschedule ourselves after this point. */
260 mac->associnfo.scan_retry = IEEE80211SOFTMAC_ASSOC_SCAN_RETRY_LIMIT;
251 ieee80211softmac_call_events(mac, IEEE80211SOFTMAC_EVENT_ASSOCIATE_NET_NOT_FOUND, NULL); 261 ieee80211softmac_call_events(mac, IEEE80211SOFTMAC_EVENT_ASSOCIATE_NET_NOT_FOUND, NULL);
252 return; 262 return;
253 } 263 }
254 } 264 }
255 265
266 /* reset the retry counter for the next user request since we
267 * now found a net and will try to associate to it, but not
268 * schedule this function again. */
269 mac->associnfo.scan_retry = IEEE80211SOFTMAC_ASSOC_SCAN_RETRY_LIMIT;
256 mac->associnfo.bssvalid = 1; 270 mac->associnfo.bssvalid = 1;
257 memcpy(mac->associnfo.bssid, found->bssid, ETH_ALEN); 271 memcpy(mac->associnfo.bssid, found->bssid, ETH_ALEN);
258 /* copy the ESSID for displaying it */ 272 /* copy the ESSID for displaying it */
@@ -306,6 +320,9 @@ ieee80211softmac_handle_assoc_response(struct net_device * dev,
306 u16 status = le16_to_cpup(&resp->status); 320 u16 status = le16_to_cpup(&resp->status);
307 struct ieee80211softmac_network *network = NULL; 321 struct ieee80211softmac_network *network = NULL;
308 unsigned long flags; 322 unsigned long flags;
323
324 if (unlikely(!mac->running))
325 return -ENODEV;
309 326
310 spin_lock_irqsave(&mac->lock, flags); 327 spin_lock_irqsave(&mac->lock, flags);
311 328
@@ -364,15 +381,22 @@ ieee80211softmac_handle_disassoc(struct net_device * dev,
364{ 381{
365 struct ieee80211softmac_device *mac = ieee80211_priv(dev); 382 struct ieee80211softmac_device *mac = ieee80211_priv(dev);
366 unsigned long flags; 383 unsigned long flags;
384
385 if (unlikely(!mac->running))
386 return -ENODEV;
387
367 if (memcmp(disassoc->header.addr2, mac->associnfo.bssid, ETH_ALEN)) 388 if (memcmp(disassoc->header.addr2, mac->associnfo.bssid, ETH_ALEN))
368 return 0; 389 return 0;
390
369 if (memcmp(disassoc->header.addr1, mac->dev->dev_addr, ETH_ALEN)) 391 if (memcmp(disassoc->header.addr1, mac->dev->dev_addr, ETH_ALEN))
370 return 0; 392 return 0;
393
371 dprintk(KERN_INFO PFX "got disassoc frame\n"); 394 dprintk(KERN_INFO PFX "got disassoc frame\n");
372 netif_carrier_off(dev); 395 netif_carrier_off(dev);
373 spin_lock_irqsave(&mac->lock, flags); 396 spin_lock_irqsave(&mac->lock, flags);
374 mac->associnfo.bssvalid = 0; 397 mac->associnfo.bssvalid = 0;
375 mac->associated = 0; 398 mac->associated = 0;
399 ieee80211softmac_call_events_locked(mac, IEEE80211SOFTMAC_EVENT_DISASSOCIATED, NULL);
376 schedule_work(&mac->associnfo.work); 400 schedule_work(&mac->associnfo.work);
377 spin_unlock_irqrestore(&mac->lock, flags); 401 spin_unlock_irqrestore(&mac->lock, flags);
378 402
@@ -386,11 +410,15 @@ ieee80211softmac_handle_reassoc_req(struct net_device * dev,
386 struct ieee80211softmac_device *mac = ieee80211_priv(dev); 410 struct ieee80211softmac_device *mac = ieee80211_priv(dev);
387 struct ieee80211softmac_network *network; 411 struct ieee80211softmac_network *network;
388 412
413 if (unlikely(!mac->running))
414 return -ENODEV;
415
389 network = ieee80211softmac_get_network_by_bssid(mac, resp->header.addr3); 416 network = ieee80211softmac_get_network_by_bssid(mac, resp->header.addr3);
390 if (!network) { 417 if (!network) {
391 dprintkl(KERN_INFO PFX "reassoc request from unknown network\n"); 418 dprintkl(KERN_INFO PFX "reassoc request from unknown network\n");
392 return 0; 419 return 0;
393 } 420 }
394 ieee80211softmac_assoc(mac, network); 421 schedule_work(&mac->associnfo.work);
422
395 return 0; 423 return 0;
396} 424}
diff --git a/net/ieee80211/softmac/ieee80211softmac_auth.c b/net/ieee80211/softmac/ieee80211softmac_auth.c
index 9a0eac6c61eb..06e332624665 100644
--- a/net/ieee80211/softmac/ieee80211softmac_auth.c
+++ b/net/ieee80211/softmac/ieee80211softmac_auth.c
@@ -86,6 +86,11 @@ ieee80211softmac_auth_queue(void *data)
86 86
87 /* Lock and set flags */ 87 /* Lock and set flags */
88 spin_lock_irqsave(&mac->lock, flags); 88 spin_lock_irqsave(&mac->lock, flags);
89 if (unlikely(!mac->running)) {
90 /* Prevent reschedule on workqueue flush */
91 spin_unlock_irqrestore(&mac->lock, flags);
92 return;
93 }
89 net->authenticated = 0; 94 net->authenticated = 0;
90 net->authenticating = 1; 95 net->authenticating = 1;
91 /* add a timeout call so we eventually give up waiting for an auth reply */ 96 /* add a timeout call so we eventually give up waiting for an auth reply */
@@ -124,6 +129,9 @@ ieee80211softmac_auth_resp(struct net_device *dev, struct ieee80211_auth *auth)
124 unsigned long flags; 129 unsigned long flags;
125 u8 * data; 130 u8 * data;
126 131
132 if (unlikely(!mac->running))
133 return -ENODEV;
134
127 /* Find correct auth queue item */ 135 /* Find correct auth queue item */
128 spin_lock_irqsave(&mac->lock, flags); 136 spin_lock_irqsave(&mac->lock, flags);
129 list_for_each(list_ptr, &mac->auth_queue) { 137 list_for_each(list_ptr, &mac->auth_queue) {
@@ -298,8 +306,6 @@ ieee80211softmac_deauth_from_net(struct ieee80211softmac_device *mac,
298 306
299 /* can't transmit data right now... */ 307 /* can't transmit data right now... */
300 netif_carrier_off(mac->dev); 308 netif_carrier_off(mac->dev);
301 /* let's try to re-associate */
302 schedule_work(&mac->associnfo.work);
303 spin_unlock_irqrestore(&mac->lock, flags); 309 spin_unlock_irqrestore(&mac->lock, flags);
304} 310}
305 311
@@ -338,6 +344,9 @@ ieee80211softmac_deauth_resp(struct net_device *dev, struct ieee80211_deauth *de
338 struct ieee80211softmac_network *net = NULL; 344 struct ieee80211softmac_network *net = NULL;
339 struct ieee80211softmac_device *mac = ieee80211_priv(dev); 345 struct ieee80211softmac_device *mac = ieee80211_priv(dev);
340 346
347 if (unlikely(!mac->running))
348 return -ENODEV;
349
341 if (!deauth) { 350 if (!deauth) {
342 dprintk("deauth without deauth packet. eek!\n"); 351 dprintk("deauth without deauth packet. eek!\n");
343 return 0; 352 return 0;
@@ -360,5 +369,8 @@ ieee80211softmac_deauth_resp(struct net_device *dev, struct ieee80211_deauth *de
360 } 369 }
361 370
362 ieee80211softmac_deauth_from_net(mac, net); 371 ieee80211softmac_deauth_from_net(mac, net);
372
373 /* let's try to re-associate */
374 schedule_work(&mac->associnfo.work);
363 return 0; 375 return 0;
364} 376}
diff --git a/net/ieee80211/softmac/ieee80211softmac_event.c b/net/ieee80211/softmac/ieee80211softmac_event.c
index 0a52bbda1e4c..8cc8f3f0f8e7 100644
--- a/net/ieee80211/softmac/ieee80211softmac_event.c
+++ b/net/ieee80211/softmac/ieee80211softmac_event.c
@@ -67,6 +67,7 @@ static char *event_descriptions[IEEE80211SOFTMAC_EVENT_LAST+1] = {
67 "authenticating failed", 67 "authenticating failed",
68 "authenticating timed out", 68 "authenticating timed out",
69 "associating failed because no suitable network was found", 69 "associating failed because no suitable network was found",
70 "disassociated",
70}; 71};
71 72
72 73
@@ -128,13 +129,42 @@ void
128ieee80211softmac_call_events_locked(struct ieee80211softmac_device *mac, int event, void *event_ctx) 129ieee80211softmac_call_events_locked(struct ieee80211softmac_device *mac, int event, void *event_ctx)
129{ 130{
130 struct ieee80211softmac_event *eventptr, *tmp; 131 struct ieee80211softmac_event *eventptr, *tmp;
131 union iwreq_data wrqu; 132 struct ieee80211softmac_network *network;
132 char *msg;
133 133
134 if (event >= 0) { 134 if (event >= 0) {
135 msg = event_descriptions[event]; 135 union iwreq_data wrqu;
136 wrqu.data.length = strlen(msg); 136 int we_event;
137 wireless_send_event(mac->dev, IWEVCUSTOM, &wrqu, msg); 137 char *msg = NULL;
138
139 switch(event) {
140 case IEEE80211SOFTMAC_EVENT_ASSOCIATED:
141 network = (struct ieee80211softmac_network *)event_ctx;
142 wrqu.data.length = 0;
143 wrqu.data.flags = 0;
144 memcpy(wrqu.ap_addr.sa_data, &network->bssid[0], ETH_ALEN);
145 wrqu.ap_addr.sa_family = ARPHRD_ETHER;
146 we_event = SIOCGIWAP;
147 break;
148 case IEEE80211SOFTMAC_EVENT_DISASSOCIATED:
149 wrqu.data.length = 0;
150 wrqu.data.flags = 0;
151 memset(&wrqu, '\0', sizeof (union iwreq_data));
152 wrqu.ap_addr.sa_family = ARPHRD_ETHER;
153 we_event = SIOCGIWAP;
154 break;
155 case IEEE80211SOFTMAC_EVENT_SCAN_FINISHED:
156 wrqu.data.length = 0;
157 wrqu.data.flags = 0;
158 memset(&wrqu, '\0', sizeof (union iwreq_data));
159 we_event = SIOCGIWSCAN;
160 break;
161 default:
162 msg = event_descriptions[event];
163 wrqu.data.length = strlen(msg);
164 we_event = IWEVCUSTOM;
165 break;
166 }
167 wireless_send_event(mac->dev, we_event, &wrqu, msg);
138 } 168 }
139 169
140 if (!list_empty(&mac->events)) 170 if (!list_empty(&mac->events))
diff --git a/net/ieee80211/softmac/ieee80211softmac_io.c b/net/ieee80211/softmac/ieee80211softmac_io.c
index febc51dbb412..cc6cd56c85b1 100644
--- a/net/ieee80211/softmac/ieee80211softmac_io.c
+++ b/net/ieee80211/softmac/ieee80211softmac_io.c
@@ -180,9 +180,21 @@ ieee80211softmac_assoc_req(struct ieee80211_assoc_request **pkt,
180 ieee80211softmac_hdr_3addr(mac, &((*pkt)->header), IEEE80211_STYPE_ASSOC_REQ, net->bssid, net->bssid); 180 ieee80211softmac_hdr_3addr(mac, &((*pkt)->header), IEEE80211_STYPE_ASSOC_REQ, net->bssid, net->bssid);
181 181
182 /* Fill in capability Info */ 182 /* Fill in capability Info */
183 (*pkt)->capability = (mac->ieee->iw_mode == IW_MODE_MASTER) || (mac->ieee->iw_mode == IW_MODE_INFRA) ? 183 switch (mac->ieee->iw_mode) {
184 cpu_to_le16(WLAN_CAPABILITY_ESS) : 184 case IW_MODE_INFRA:
185 cpu_to_le16(WLAN_CAPABILITY_IBSS); 185 (*pkt)->capability = cpu_to_le16(WLAN_CAPABILITY_ESS);
186 break;
187 case IW_MODE_ADHOC:
188 (*pkt)->capability = cpu_to_le16(WLAN_CAPABILITY_IBSS);
189 break;
190 case IW_MODE_AUTO:
191 (*pkt)->capability = net->capabilities & (WLAN_CAPABILITY_ESS|WLAN_CAPABILITY_IBSS);
192 break;
193 default:
194 /* bleh. we don't ever go to these modes */
195 printk(KERN_ERR PFX "invalid iw_mode!\n");
196 break;
197 }
186 /* Need to add this 198 /* Need to add this
187 (*pkt)->capability |= mac->ieee->short_slot ? 199 (*pkt)->capability |= mac->ieee->short_slot ?
188 cpu_to_le16(WLAN_CAPABILITY_SHORT_SLOT_TIME) : 0; 200 cpu_to_le16(WLAN_CAPABILITY_SHORT_SLOT_TIME) : 0;
diff --git a/net/ieee80211/softmac/ieee80211softmac_module.c b/net/ieee80211/softmac/ieee80211softmac_module.c
index 60f06a31f0d1..6252be2c0db9 100644
--- a/net/ieee80211/softmac/ieee80211softmac_module.c
+++ b/net/ieee80211/softmac/ieee80211softmac_module.c
@@ -45,6 +45,8 @@ struct net_device *alloc_ieee80211softmac(int sizeof_priv)
45 softmac->ieee->handle_disassoc = ieee80211softmac_handle_disassoc; 45 softmac->ieee->handle_disassoc = ieee80211softmac_handle_disassoc;
46 softmac->scaninfo = NULL; 46 softmac->scaninfo = NULL;
47 47
48 softmac->associnfo.scan_retry = IEEE80211SOFTMAC_ASSOC_SCAN_RETRY_LIMIT;
49
48 /* TODO: initialise all the other callbacks in the ieee struct 50 /* TODO: initialise all the other callbacks in the ieee struct
49 * (once they're written) 51 * (once they're written)
50 */ 52 */
@@ -87,6 +89,8 @@ ieee80211softmac_clear_pending_work(struct ieee80211softmac_device *sm)
87 ieee80211softmac_wait_for_scan(sm); 89 ieee80211softmac_wait_for_scan(sm);
88 90
89 spin_lock_irqsave(&sm->lock, flags); 91 spin_lock_irqsave(&sm->lock, flags);
92 sm->running = 0;
93
90 /* Free all pending assoc work items */ 94 /* Free all pending assoc work items */
91 cancel_delayed_work(&sm->associnfo.work); 95 cancel_delayed_work(&sm->associnfo.work);
92 96
@@ -202,6 +206,8 @@ void ieee80211softmac_start(struct net_device *dev)
202 assert(0); 206 assert(0);
203 if (mac->txrates_change) 207 if (mac->txrates_change)
204 mac->txrates_change(dev, change, &oldrates); 208 mac->txrates_change(dev, change, &oldrates);
209
210 mac->running = 1;
205} 211}
206EXPORT_SYMBOL_GPL(ieee80211softmac_start); 212EXPORT_SYMBOL_GPL(ieee80211softmac_start);
207 213
diff --git a/net/ieee80211/softmac/ieee80211softmac_scan.c b/net/ieee80211/softmac/ieee80211softmac_scan.c
index bb9ab8b45d09..d31cf77498c4 100644
--- a/net/ieee80211/softmac/ieee80211softmac_scan.c
+++ b/net/ieee80211/softmac/ieee80211softmac_scan.c
@@ -47,6 +47,7 @@ ieee80211softmac_start_scan(struct ieee80211softmac_device *sm)
47 sm->scanning = 1; 47 sm->scanning = 1;
48 spin_unlock_irqrestore(&sm->lock, flags); 48 spin_unlock_irqrestore(&sm->lock, flags);
49 49
50 netif_tx_disable(sm->ieee->dev);
50 ret = sm->start_scan(sm->dev); 51 ret = sm->start_scan(sm->dev);
51 if (ret) { 52 if (ret) {
52 spin_lock_irqsave(&sm->lock, flags); 53 spin_lock_irqsave(&sm->lock, flags);
@@ -114,7 +115,15 @@ void ieee80211softmac_scan(void *d)
114 // TODO: is this if correct, or should we do this only if scanning from assoc request? 115 // TODO: is this if correct, or should we do this only if scanning from assoc request?
115 if (sm->associnfo.req_essid.len) 116 if (sm->associnfo.req_essid.len)
116 ieee80211softmac_send_mgt_frame(sm, &sm->associnfo.req_essid, IEEE80211_STYPE_PROBE_REQ, 0); 117 ieee80211softmac_send_mgt_frame(sm, &sm->associnfo.req_essid, IEEE80211_STYPE_PROBE_REQ, 0);
118
119 spin_lock_irqsave(&sm->lock, flags);
120 if (unlikely(!sm->running)) {
121 /* Prevent reschedule on workqueue flush */
122 spin_unlock_irqrestore(&sm->lock, flags);
123 break;
124 }
117 schedule_delayed_work(&si->softmac_scan, IEEE80211SOFTMAC_PROBE_DELAY); 125 schedule_delayed_work(&si->softmac_scan, IEEE80211SOFTMAC_PROBE_DELAY);
126 spin_unlock_irqrestore(&sm->lock, flags);
118 return; 127 return;
119 } else { 128 } else {
120 dprintk(PFX "Not probing Channel %d (not allowed here)\n", si->channels[current_channel_idx].channel); 129 dprintk(PFX "Not probing Channel %d (not allowed here)\n", si->channels[current_channel_idx].channel);
@@ -239,6 +248,7 @@ void ieee80211softmac_scan_finished(struct ieee80211softmac_device *sm)
239 if (net) 248 if (net)
240 sm->set_channel(sm->dev, net->channel); 249 sm->set_channel(sm->dev, net->channel);
241 } 250 }
251 netif_wake_queue(sm->ieee->dev);
242 ieee80211softmac_call_events(sm, IEEE80211SOFTMAC_EVENT_SCAN_FINISHED, NULL); 252 ieee80211softmac_call_events(sm, IEEE80211SOFTMAC_EVENT_SCAN_FINISHED, NULL);
243} 253}
244EXPORT_SYMBOL_GPL(ieee80211softmac_scan_finished); 254EXPORT_SYMBOL_GPL(ieee80211softmac_scan_finished);
diff --git a/net/ieee80211/softmac/ieee80211softmac_wx.c b/net/ieee80211/softmac/ieee80211softmac_wx.c
index b559aa9b5507..27edb2b5581a 100644
--- a/net/ieee80211/softmac/ieee80211softmac_wx.c
+++ b/net/ieee80211/softmac/ieee80211softmac_wx.c
@@ -27,7 +27,8 @@
27#include "ieee80211softmac_priv.h" 27#include "ieee80211softmac_priv.h"
28 28
29#include <net/iw_handler.h> 29#include <net/iw_handler.h>
30 30/* for is_broadcast_ether_addr and is_zero_ether_addr */
31#include <linux/etherdevice.h>
31 32
32int 33int
33ieee80211softmac_wx_trigger_scan(struct net_device *net_dev, 34ieee80211softmac_wx_trigger_scan(struct net_device *net_dev,
@@ -41,13 +42,23 @@ ieee80211softmac_wx_trigger_scan(struct net_device *net_dev,
41EXPORT_SYMBOL_GPL(ieee80211softmac_wx_trigger_scan); 42EXPORT_SYMBOL_GPL(ieee80211softmac_wx_trigger_scan);
42 43
43 44
45/* if we're still scanning, return -EAGAIN so that userspace tools
46 * can get the complete scan results, otherwise return 0. */
44int 47int
45ieee80211softmac_wx_get_scan_results(struct net_device *net_dev, 48ieee80211softmac_wx_get_scan_results(struct net_device *net_dev,
46 struct iw_request_info *info, 49 struct iw_request_info *info,
47 union iwreq_data *data, 50 union iwreq_data *data,
48 char *extra) 51 char *extra)
49{ 52{
53 unsigned long flags;
50 struct ieee80211softmac_device *sm = ieee80211_priv(net_dev); 54 struct ieee80211softmac_device *sm = ieee80211_priv(net_dev);
55
56 spin_lock_irqsave(&sm->lock, flags);
57 if (sm->scanning) {
58 spin_unlock_irqrestore(&sm->lock, flags);
59 return -EAGAIN;
60 }
61 spin_unlock_irqrestore(&sm->lock, flags);
51 return ieee80211_wx_get_scan(sm->ieee, info, data, extra); 62 return ieee80211_wx_get_scan(sm->ieee, info, data, extra);
52} 63}
53EXPORT_SYMBOL_GPL(ieee80211softmac_wx_get_scan_results); 64EXPORT_SYMBOL_GPL(ieee80211softmac_wx_get_scan_results);
@@ -73,7 +84,6 @@ ieee80211softmac_wx_set_essid(struct net_device *net_dev,
73 sm->associnfo.static_essid = 1; 84 sm->associnfo.static_essid = 1;
74 } 85 }
75 } 86 }
76 sm->associnfo.scan_retry = IEEE80211SOFTMAC_ASSOC_SCAN_RETRY_LIMIT;
77 87
78 /* set our requested ESSID length. 88 /* set our requested ESSID length.
79 * If applicable, we have already copied the data in */ 89 * If applicable, we have already copied the data in */
@@ -300,8 +310,6 @@ ieee80211softmac_wx_set_wap(struct net_device *net_dev,
300 char *extra) 310 char *extra)
301{ 311{
302 struct ieee80211softmac_device *mac = ieee80211_priv(net_dev); 312 struct ieee80211softmac_device *mac = ieee80211_priv(net_dev);
303 static const unsigned char any[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
304 static const unsigned char off[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
305 unsigned long flags; 313 unsigned long flags;
306 314
307 /* sanity check */ 315 /* sanity check */
@@ -310,10 +318,17 @@ ieee80211softmac_wx_set_wap(struct net_device *net_dev,
310 } 318 }
311 319
312 spin_lock_irqsave(&mac->lock, flags); 320 spin_lock_irqsave(&mac->lock, flags);
313 if (!memcmp(any, data->ap_addr.sa_data, ETH_ALEN) || 321 if (is_broadcast_ether_addr(data->ap_addr.sa_data)) {
314 !memcmp(off, data->ap_addr.sa_data, ETH_ALEN)) { 322 /* the bssid we have is not to be fixed any longer,
315 schedule_work(&mac->associnfo.work); 323 * and we should reassociate to the best AP. */
316 goto out; 324 mac->associnfo.bssfixed = 0;
325 /* force reassociation */
326 mac->associnfo.bssvalid = 0;
327 if (mac->associated)
328 schedule_work(&mac->associnfo.work);
329 } else if (is_zero_ether_addr(data->ap_addr.sa_data)) {
330 /* the bssid we have is no longer fixed */
331 mac->associnfo.bssfixed = 0;
317 } else { 332 } else {
318 if (!memcmp(mac->associnfo.bssid, data->ap_addr.sa_data, ETH_ALEN)) { 333 if (!memcmp(mac->associnfo.bssid, data->ap_addr.sa_data, ETH_ALEN)) {
319 if (mac->associnfo.associating || mac->associated) { 334 if (mac->associnfo.associating || mac->associated) {
@@ -323,12 +338,14 @@ ieee80211softmac_wx_set_wap(struct net_device *net_dev,
323 } else { 338 } else {
324 /* copy new value in data->ap_addr.sa_data to bssid */ 339 /* copy new value in data->ap_addr.sa_data to bssid */
325 memcpy(mac->associnfo.bssid, data->ap_addr.sa_data, ETH_ALEN); 340 memcpy(mac->associnfo.bssid, data->ap_addr.sa_data, ETH_ALEN);
326 } 341 }
342 /* tell the other code that this bssid should be used no matter what */
343 mac->associnfo.bssfixed = 1;
327 /* queue associate if new bssid or (old one again and not associated) */ 344 /* queue associate if new bssid or (old one again and not associated) */
328 schedule_work(&mac->associnfo.work); 345 schedule_work(&mac->associnfo.work);
329 } 346 }
330 347
331out: 348 out:
332 spin_unlock_irqrestore(&mac->lock, flags); 349 spin_unlock_irqrestore(&mac->lock, flags);
333 return 0; 350 return 0;
334} 351}
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index dc206f1f914f..0a277453526b 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -1257,7 +1257,7 @@ out_unregister_udp_proto:
1257 goto out; 1257 goto out;
1258} 1258}
1259 1259
1260module_init(inet_init); 1260fs_initcall(inet_init);
1261 1261
1262/* ------------------------------------------------------------------------ */ 1262/* ------------------------------------------------------------------------ */
1263 1263
diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c
index 18d7fad474d7..c9026dbf4c93 100644
--- a/net/ipv4/ip_input.c
+++ b/net/ipv4/ip_input.c
@@ -337,7 +337,7 @@ static inline int ip_rcv_finish(struct sk_buff *skb)
337 * Initialise the virtual path cache for the packet. It describes 337 * Initialise the virtual path cache for the packet. It describes
338 * how the packet travels inside Linux networking. 338 * how the packet travels inside Linux networking.
339 */ 339 */
340 if (likely(skb->dst == NULL)) { 340 if (skb->dst == NULL) {
341 int err = ip_route_input(skb, iph->daddr, iph->saddr, iph->tos, 341 int err = ip_route_input(skb, iph->daddr, iph->saddr, iph->tos,
342 skb->dev); 342 skb->dev);
343 if (unlikely(err)) { 343 if (unlikely(err)) {
diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig
index c60fd5c4ea1e..3d560dec63ab 100644
--- a/net/ipv4/netfilter/Kconfig
+++ b/net/ipv4/netfilter/Kconfig
@@ -345,7 +345,7 @@ config IP_NF_TARGET_LOG
345 To compile it as a module, choose M here. If unsure, say N. 345 To compile it as a module, choose M here. If unsure, say N.
346 346
347config IP_NF_TARGET_ULOG 347config IP_NF_TARGET_ULOG
348 tristate "ULOG target support (OBSOLETE)" 348 tristate "ULOG target support"
349 depends on IP_NF_IPTABLES 349 depends on IP_NF_IPTABLES
350 ---help--- 350 ---help---
351 351
diff --git a/net/ipv4/netfilter/ip_conntrack_helper_h323.c b/net/ipv4/netfilter/ip_conntrack_helper_h323.c
index 2c2fb700d835..518f581d39ec 100644
--- a/net/ipv4/netfilter/ip_conntrack_helper_h323.c
+++ b/net/ipv4/netfilter/ip_conntrack_helper_h323.c
@@ -162,6 +162,8 @@ static int get_tpkt_data(struct sk_buff **pskb, struct ip_conntrack *ct,
162 162
163 /* Validate TPKT length */ 163 /* Validate TPKT length */
164 tpktlen = tpkt[2] * 256 + tpkt[3]; 164 tpktlen = tpkt[2] * 256 + tpkt[3];
165 if (tpktlen < 4)
166 goto clear_out;
165 if (tpktlen > tcpdatalen) { 167 if (tpktlen > tcpdatalen) {
166 if (tcpdatalen == 4) { /* Separate TPKT header */ 168 if (tcpdatalen == 4) { /* Separate TPKT header */
167 /* Netmeeting sends TPKT header and data separately */ 169 /* Netmeeting sends TPKT header and data separately */
diff --git a/net/ipv4/netfilter/ip_conntrack_helper_h323_asn1.c b/net/ipv4/netfilter/ip_conntrack_helper_h323_asn1.c
index 48078002e450..355a53a5b6cd 100644
--- a/net/ipv4/netfilter/ip_conntrack_helper_h323_asn1.c
+++ b/net/ipv4/netfilter/ip_conntrack_helper_h323_asn1.c
@@ -2,7 +2,7 @@
2 * ip_conntrack_helper_h323_asn1.c - BER and PER decoding library for H.323 2 * ip_conntrack_helper_h323_asn1.c - BER and PER decoding library for H.323
3 * conntrack/NAT module. 3 * conntrack/NAT module.
4 * 4 *
5 * Copyright (c) 2006 by Jing Min Zhao <zhaojingmin@hotmail.com> 5 * Copyright (c) 2006 by Jing Min Zhao <zhaojingmin@users.sourceforge.net>
6 * 6 *
7 * This source code is licensed under General Public License version 2. 7 * This source code is licensed under General Public License version 2.
8 * 8 *
@@ -703,6 +703,10 @@ int decode_choice(bitstr_t * bs, field_t * f, char *base, int level)
703 type = get_bits(bs, f->sz); 703 type = get_bits(bs, f->sz);
704 } 704 }
705 705
706 /* Write Type */
707 if (base)
708 *(unsigned *) base = type;
709
706 /* Check Range */ 710 /* Check Range */
707 if (type >= f->ub) { /* Newer version? */ 711 if (type >= f->ub) { /* Newer version? */
708 BYTE_ALIGN(bs); 712 BYTE_ALIGN(bs);
@@ -712,10 +716,6 @@ int decode_choice(bitstr_t * bs, field_t * f, char *base, int level)
712 return H323_ERROR_NONE; 716 return H323_ERROR_NONE;
713 } 717 }
714 718
715 /* Write Type */
716 if (base)
717 *(unsigned *) base = type;
718
719 /* Transfer to son level */ 719 /* Transfer to son level */
720 son = &f->fields[type]; 720 son = &f->fields[type];
721 if (son->attr & STOP) { 721 if (son->attr & STOP) {
diff --git a/net/ipv4/netfilter/ip_conntrack_proto_sctp.c b/net/ipv4/netfilter/ip_conntrack_proto_sctp.c
index 5259abd0fb42..0416073c5600 100644
--- a/net/ipv4/netfilter/ip_conntrack_proto_sctp.c
+++ b/net/ipv4/netfilter/ip_conntrack_proto_sctp.c
@@ -235,12 +235,15 @@ static int do_basic_checks(struct ip_conntrack *conntrack,
235 flag = 1; 235 flag = 1;
236 } 236 }
237 237
238 /* Cookie Ack/Echo chunks not the first OR 238 /*
239 Init / Init Ack / Shutdown compl chunks not the only chunks */ 239 * Cookie Ack/Echo chunks not the first OR
240 if ((sch->type == SCTP_CID_COOKIE_ACK 240 * Init / Init Ack / Shutdown compl chunks not the only chunks
241 * OR zero-length.
242 */
243 if (((sch->type == SCTP_CID_COOKIE_ACK
241 || sch->type == SCTP_CID_COOKIE_ECHO 244 || sch->type == SCTP_CID_COOKIE_ECHO
242 || flag) 245 || flag)
243 && count !=0 ) { 246 && count !=0) || !sch->length) {
244 DEBUGP("Basic checks failed\n"); 247 DEBUGP("Basic checks failed\n");
245 return 1; 248 return 1;
246 } 249 }
diff --git a/net/ipv4/netfilter/ip_nat_standalone.c b/net/ipv4/netfilter/ip_nat_standalone.c
index 8f760b28617e..67e676783da9 100644
--- a/net/ipv4/netfilter/ip_nat_standalone.c
+++ b/net/ipv4/netfilter/ip_nat_standalone.c
@@ -219,8 +219,10 @@ ip_nat_out(unsigned int hooknum,
219 const struct net_device *out, 219 const struct net_device *out,
220 int (*okfn)(struct sk_buff *)) 220 int (*okfn)(struct sk_buff *))
221{ 221{
222#ifdef CONFIG_XFRM
222 struct ip_conntrack *ct; 223 struct ip_conntrack *ct;
223 enum ip_conntrack_info ctinfo; 224 enum ip_conntrack_info ctinfo;
225#endif
224 unsigned int ret; 226 unsigned int ret;
225 227
226 /* root is playing with raw sockets. */ 228 /* root is playing with raw sockets. */
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index d25ac8ba6eba..cee3397ec277 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -956,15 +956,16 @@ struct compat_ipt_standard_target
956 compat_int_t verdict; 956 compat_int_t verdict;
957}; 957};
958 958
959#define IPT_ST_OFFSET (sizeof(struct ipt_standard_target) - \
960 sizeof(struct compat_ipt_standard_target))
961
962struct compat_ipt_standard 959struct compat_ipt_standard
963{ 960{
964 struct compat_ipt_entry entry; 961 struct compat_ipt_entry entry;
965 struct compat_ipt_standard_target target; 962 struct compat_ipt_standard_target target;
966}; 963};
967 964
965#define IPT_ST_LEN XT_ALIGN(sizeof(struct ipt_standard_target))
966#define IPT_ST_COMPAT_LEN COMPAT_XT_ALIGN(sizeof(struct compat_ipt_standard_target))
967#define IPT_ST_OFFSET (IPT_ST_LEN - IPT_ST_COMPAT_LEN)
968
968static int compat_ipt_standard_fn(void *target, 969static int compat_ipt_standard_fn(void *target,
969 void **dstptr, int *size, int convert) 970 void **dstptr, int *size, int convert)
970{ 971{
@@ -975,35 +976,29 @@ static int compat_ipt_standard_fn(void *target,
975 ret = 0; 976 ret = 0;
976 switch (convert) { 977 switch (convert) {
977 case COMPAT_TO_USER: 978 case COMPAT_TO_USER:
978 pst = (struct ipt_standard_target *)target; 979 pst = target;
979 memcpy(&compat_st.target, &pst->target, 980 memcpy(&compat_st.target, &pst->target,
980 sizeof(struct ipt_entry_target)); 981 sizeof(compat_st.target));
981 compat_st.verdict = pst->verdict; 982 compat_st.verdict = pst->verdict;
982 if (compat_st.verdict > 0) 983 if (compat_st.verdict > 0)
983 compat_st.verdict -= 984 compat_st.verdict -=
984 compat_calc_jump(compat_st.verdict); 985 compat_calc_jump(compat_st.verdict);
985 compat_st.target.u.user.target_size = 986 compat_st.target.u.user.target_size = IPT_ST_COMPAT_LEN;
986 sizeof(struct compat_ipt_standard_target); 987 if (copy_to_user(*dstptr, &compat_st, IPT_ST_COMPAT_LEN))
987 if (__copy_to_user(*dstptr, &compat_st,
988 sizeof(struct compat_ipt_standard_target)))
989 ret = -EFAULT; 988 ret = -EFAULT;
990 *size -= IPT_ST_OFFSET; 989 *size -= IPT_ST_OFFSET;
991 *dstptr += sizeof(struct compat_ipt_standard_target); 990 *dstptr += IPT_ST_COMPAT_LEN;
992 break; 991 break;
993 case COMPAT_FROM_USER: 992 case COMPAT_FROM_USER:
994 pcompat_st = 993 pcompat_st = target;
995 (struct compat_ipt_standard_target *)target; 994 memcpy(&st.target, &pcompat_st->target, IPT_ST_COMPAT_LEN);
996 memcpy(&st.target, &pcompat_st->target,
997 sizeof(struct ipt_entry_target));
998 st.verdict = pcompat_st->verdict; 995 st.verdict = pcompat_st->verdict;
999 if (st.verdict > 0) 996 if (st.verdict > 0)
1000 st.verdict += compat_calc_jump(st.verdict); 997 st.verdict += compat_calc_jump(st.verdict);
1001 st.target.u.user.target_size = 998 st.target.u.user.target_size = IPT_ST_LEN;
1002 sizeof(struct ipt_standard_target); 999 memcpy(*dstptr, &st, IPT_ST_LEN);
1003 memcpy(*dstptr, &st,
1004 sizeof(struct ipt_standard_target));
1005 *size += IPT_ST_OFFSET; 1000 *size += IPT_ST_OFFSET;
1006 *dstptr += sizeof(struct ipt_standard_target); 1001 *dstptr += IPT_ST_LEN;
1007 break; 1002 break;
1008 case COMPAT_CALC_SIZE: 1003 case COMPAT_CALC_SIZE:
1009 *size += IPT_ST_OFFSET; 1004 *size += IPT_ST_OFFSET;
@@ -1446,7 +1441,7 @@ static int compat_copy_entry_to_user(struct ipt_entry *e,
1446 ret = -EFAULT; 1441 ret = -EFAULT;
1447 origsize = *size; 1442 origsize = *size;
1448 ce = (struct compat_ipt_entry __user *)*dstptr; 1443 ce = (struct compat_ipt_entry __user *)*dstptr;
1449 if (__copy_to_user(ce, e, sizeof(struct ipt_entry))) 1444 if (copy_to_user(ce, e, sizeof(struct ipt_entry)))
1450 goto out; 1445 goto out;
1451 1446
1452 *dstptr += sizeof(struct compat_ipt_entry); 1447 *dstptr += sizeof(struct compat_ipt_entry);
@@ -1464,9 +1459,9 @@ static int compat_copy_entry_to_user(struct ipt_entry *e,
1464 goto out; 1459 goto out;
1465 ret = -EFAULT; 1460 ret = -EFAULT;
1466 next_offset = e->next_offset - (origsize - *size); 1461 next_offset = e->next_offset - (origsize - *size);
1467 if (__put_user(target_offset, &ce->target_offset)) 1462 if (put_user(target_offset, &ce->target_offset))
1468 goto out; 1463 goto out;
1469 if (__put_user(next_offset, &ce->next_offset)) 1464 if (put_user(next_offset, &ce->next_offset))
1470 goto out; 1465 goto out;
1471 return 0; 1466 return 0;
1472out: 1467out:
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index 87f68e787d0c..e2b7b8055037 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -1468,6 +1468,7 @@ void tcp_close(struct sock *sk, long timeout)
1468{ 1468{
1469 struct sk_buff *skb; 1469 struct sk_buff *skb;
1470 int data_was_unread = 0; 1470 int data_was_unread = 0;
1471 int state;
1471 1472
1472 lock_sock(sk); 1473 lock_sock(sk);
1473 sk->sk_shutdown = SHUTDOWN_MASK; 1474 sk->sk_shutdown = SHUTDOWN_MASK;
@@ -1544,6 +1545,11 @@ void tcp_close(struct sock *sk, long timeout)
1544 sk_stream_wait_close(sk, timeout); 1545 sk_stream_wait_close(sk, timeout);
1545 1546
1546adjudge_to_death: 1547adjudge_to_death:
1548 state = sk->sk_state;
1549 sock_hold(sk);
1550 sock_orphan(sk);
1551 atomic_inc(sk->sk_prot->orphan_count);
1552
1547 /* It is the last release_sock in its life. It will remove backlog. */ 1553 /* It is the last release_sock in its life. It will remove backlog. */
1548 release_sock(sk); 1554 release_sock(sk);
1549 1555
@@ -1555,8 +1561,9 @@ adjudge_to_death:
1555 bh_lock_sock(sk); 1561 bh_lock_sock(sk);
1556 BUG_TRAP(!sock_owned_by_user(sk)); 1562 BUG_TRAP(!sock_owned_by_user(sk));
1557 1563
1558 sock_hold(sk); 1564 /* Have we already been destroyed by a softirq or backlog? */
1559 sock_orphan(sk); 1565 if (state != TCP_CLOSE && sk->sk_state == TCP_CLOSE)
1566 goto out;
1560 1567
1561 /* This is a (useful) BSD violating of the RFC. There is a 1568 /* This is a (useful) BSD violating of the RFC. There is a
1562 * problem with TCP as specified in that the other end could 1569 * problem with TCP as specified in that the other end could
@@ -1584,7 +1591,6 @@ adjudge_to_death:
1584 if (tmo > TCP_TIMEWAIT_LEN) { 1591 if (tmo > TCP_TIMEWAIT_LEN) {
1585 inet_csk_reset_keepalive_timer(sk, tcp_fin_time(sk)); 1592 inet_csk_reset_keepalive_timer(sk, tcp_fin_time(sk));
1586 } else { 1593 } else {
1587 atomic_inc(sk->sk_prot->orphan_count);
1588 tcp_time_wait(sk, TCP_FIN_WAIT2, tmo); 1594 tcp_time_wait(sk, TCP_FIN_WAIT2, tmo);
1589 goto out; 1595 goto out;
1590 } 1596 }
@@ -1603,7 +1609,6 @@ adjudge_to_death:
1603 NET_INC_STATS_BH(LINUX_MIB_TCPABORTONMEMORY); 1609 NET_INC_STATS_BH(LINUX_MIB_TCPABORTONMEMORY);
1604 } 1610 }
1605 } 1611 }
1606 atomic_inc(sk->sk_prot->orphan_count);
1607 1612
1608 if (sk->sk_state == TCP_CLOSE) 1613 if (sk->sk_state == TCP_CLOSE)
1609 inet_csk_destroy_sock(sk); 1614 inet_csk_destroy_sock(sk);
diff --git a/net/ipv4/tcp_highspeed.c b/net/ipv4/tcp_highspeed.c
index e0e9d1383c7c..b72fa55dfb84 100644
--- a/net/ipv4/tcp_highspeed.c
+++ b/net/ipv4/tcp_highspeed.c
@@ -137,8 +137,8 @@ static void hstcp_cong_avoid(struct sock *sk, u32 adk, u32 rtt,
137 if (tp->snd_cwnd < tp->snd_cwnd_clamp) { 137 if (tp->snd_cwnd < tp->snd_cwnd_clamp) {
138 tp->snd_cwnd_cnt += ca->ai; 138 tp->snd_cwnd_cnt += ca->ai;
139 if (tp->snd_cwnd_cnt >= tp->snd_cwnd) { 139 if (tp->snd_cwnd_cnt >= tp->snd_cwnd) {
140 tp->snd_cwnd++;
141 tp->snd_cwnd_cnt -= tp->snd_cwnd; 140 tp->snd_cwnd_cnt -= tp->snd_cwnd;
141 tp->snd_cwnd++;
142 } 142 }
143 } 143 }
144 } 144 }
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index 44df1db726a3..743016baa048 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -465,7 +465,7 @@ static int tcp_transmit_skb(struct sock *sk, struct sk_buff *skb, int clone_it,
465 TCP_INC_STATS(TCP_MIB_OUTSEGS); 465 TCP_INC_STATS(TCP_MIB_OUTSEGS);
466 466
467 err = icsk->icsk_af_ops->queue_xmit(skb, 0); 467 err = icsk->icsk_af_ops->queue_xmit(skb, 0);
468 if (unlikely(err <= 0)) 468 if (likely(err <= 0))
469 return err; 469 return err;
470 470
471 tcp_enter_cwr(sk); 471 tcp_enter_cwr(sk);
@@ -533,6 +533,7 @@ int tcp_fragment(struct sock *sk, struct sk_buff *skb, u32 len, unsigned int mss
533 struct tcp_sock *tp = tcp_sk(sk); 533 struct tcp_sock *tp = tcp_sk(sk);
534 struct sk_buff *buff; 534 struct sk_buff *buff;
535 int nsize, old_factor; 535 int nsize, old_factor;
536 int nlen;
536 u16 flags; 537 u16 flags;
537 538
538 BUG_ON(len > skb->len); 539 BUG_ON(len > skb->len);
@@ -552,8 +553,10 @@ int tcp_fragment(struct sock *sk, struct sk_buff *skb, u32 len, unsigned int mss
552 if (buff == NULL) 553 if (buff == NULL)
553 return -ENOMEM; /* We'll just try again later. */ 554 return -ENOMEM; /* We'll just try again later. */
554 555
555 buff->truesize = skb->len - len; 556 sk_charge_skb(sk, buff);
556 skb->truesize -= buff->truesize; 557 nlen = skb->len - len - nsize;
558 buff->truesize += nlen;
559 skb->truesize -= nlen;
557 560
558 /* Correct the sequence numbers. */ 561 /* Correct the sequence numbers. */
559 TCP_SKB_CB(buff)->seq = TCP_SKB_CB(skb)->seq + len; 562 TCP_SKB_CB(buff)->seq = TCP_SKB_CB(skb)->seq + len;
@@ -1039,7 +1042,8 @@ static int tso_fragment(struct sock *sk, struct sk_buff *skb, unsigned int len,
1039 if (unlikely(buff == NULL)) 1042 if (unlikely(buff == NULL))
1040 return -ENOMEM; 1043 return -ENOMEM;
1041 1044
1042 buff->truesize = nlen; 1045 sk_charge_skb(sk, buff);
1046 buff->truesize += nlen;
1043 skb->truesize -= nlen; 1047 skb->truesize -= nlen;
1044 1048
1045 /* Correct the sequence numbers. */ 1049 /* Correct the sequence numbers. */
diff --git a/net/ipv4/xfrm4_output.c b/net/ipv4/xfrm4_output.c
index 32ad229b4fed..4ef8efaf6a67 100644
--- a/net/ipv4/xfrm4_output.c
+++ b/net/ipv4/xfrm4_output.c
@@ -62,7 +62,7 @@ static void xfrm4_encap(struct sk_buff *skb)
62 top_iph->frag_off = (flags & XFRM_STATE_NOPMTUDISC) ? 62 top_iph->frag_off = (flags & XFRM_STATE_NOPMTUDISC) ?
63 0 : (iph->frag_off & htons(IP_DF)); 63 0 : (iph->frag_off & htons(IP_DF));
64 if (!top_iph->frag_off) 64 if (!top_iph->frag_off)
65 __ip_select_ident(top_iph, dst, 0); 65 __ip_select_ident(top_iph, dst->child, 0);
66 66
67 top_iph->ttl = dst_metric(dst->child, RTAX_HOPLIMIT); 67 top_iph->ttl = dst_metric(dst->child, RTAX_HOPLIMIT);
68 68
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index 642b4b11464f..0a673038344f 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -288,19 +288,6 @@ ip6t_do_table(struct sk_buff **pskb,
288 table_base = (void *)private->entries[smp_processor_id()]; 288 table_base = (void *)private->entries[smp_processor_id()];
289 e = get_entry(table_base, private->hook_entry[hook]); 289 e = get_entry(table_base, private->hook_entry[hook]);
290 290
291#ifdef CONFIG_NETFILTER_DEBUG
292 /* Check noone else using our table */
293 if (((struct ip6t_entry *)table_base)->comefrom != 0xdead57ac
294 && ((struct ip6t_entry *)table_base)->comefrom != 0xeeeeeeec) {
295 printk("ASSERT: CPU #%u, %s comefrom(%p) = %X\n",
296 smp_processor_id(),
297 table->name,
298 &((struct ip6t_entry *)table_base)->comefrom,
299 ((struct ip6t_entry *)table_base)->comefrom);
300 }
301 ((struct ip6t_entry *)table_base)->comefrom = 0x57acc001;
302#endif
303
304 /* For return from builtin chain */ 291 /* For return from builtin chain */
305 back = get_entry(table_base, private->underflow[hook]); 292 back = get_entry(table_base, private->underflow[hook]);
306 293
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index 79078747a646..0190e39096b9 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -317,7 +317,7 @@ static struct rt6_info *rt6_select(struct rt6_info **head, int oif,
317 __FUNCTION__, head, head ? *head : NULL, oif); 317 __FUNCTION__, head, head ? *head : NULL, oif);
318 318
319 for (rt = rt0, metric = rt0->rt6i_metric; 319 for (rt = rt0, metric = rt0->rt6i_metric;
320 rt && rt->rt6i_metric == metric; 320 rt && rt->rt6i_metric == metric && (!last || rt != rt0);
321 rt = rt->u.next) { 321 rt = rt->u.next) {
322 int m; 322 int m;
323 323
@@ -343,9 +343,12 @@ static struct rt6_info *rt6_select(struct rt6_info **head, int oif,
343 (strict & RT6_SELECT_F_REACHABLE) && 343 (strict & RT6_SELECT_F_REACHABLE) &&
344 last && last != rt0) { 344 last && last != rt0) {
345 /* no entries matched; do round-robin */ 345 /* no entries matched; do round-robin */
346 static spinlock_t lock = SPIN_LOCK_UNLOCKED;
347 spin_lock(&lock);
346 *head = rt0->u.next; 348 *head = rt0->u.next;
347 rt0->u.next = last->u.next; 349 rt0->u.next = last->u.next;
348 last->u.next = rt0; 350 last->u.next = rt0;
351 spin_unlock(&lock);
349 } 352 }
350 353
351 RT6_TRACE("%s() => %p, score=%d\n", 354 RT6_TRACE("%s() => %p, score=%d\n",
diff --git a/net/llc/llc_input.c b/net/llc/llc_input.c
index 8f3addf0724c..d62e0f9b9da3 100644
--- a/net/llc/llc_input.c
+++ b/net/llc/llc_input.c
@@ -118,7 +118,8 @@ static inline int llc_fixup_skb(struct sk_buff *skb)
118 u16 pdulen = eth_hdr(skb)->h_proto, 118 u16 pdulen = eth_hdr(skb)->h_proto,
119 data_size = ntohs(pdulen) - llc_len; 119 data_size = ntohs(pdulen) - llc_len;
120 120
121 skb_trim(skb, data_size); 121 if (unlikely(pskb_trim_rcsum(skb, data_size)))
122 return 0;
122 } 123 }
123 return 1; 124 return 1;
124} 125}
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index e581190fb6c3..f9b83f91371a 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -178,9 +178,6 @@ static struct {
178 /* allocated slab cache + modules which uses this slab cache */ 178 /* allocated slab cache + modules which uses this slab cache */
179 int use; 179 int use;
180 180
181 /* Initialization */
182 int (*init_conntrack)(struct nf_conn *, u_int32_t);
183
184} nf_ct_cache[NF_CT_F_NUM]; 181} nf_ct_cache[NF_CT_F_NUM];
185 182
186/* protect members of nf_ct_cache except of "use" */ 183/* protect members of nf_ct_cache except of "use" */
@@ -208,10 +205,8 @@ nf_ct_proto_find_get(u_int16_t l3proto, u_int8_t protocol)
208 205
209 preempt_disable(); 206 preempt_disable();
210 p = __nf_ct_proto_find(l3proto, protocol); 207 p = __nf_ct_proto_find(l3proto, protocol);
211 if (p) { 208 if (!try_module_get(p->me))
212 if (!try_module_get(p->me)) 209 p = &nf_conntrack_generic_protocol;
213 p = &nf_conntrack_generic_protocol;
214 }
215 preempt_enable(); 210 preempt_enable();
216 211
217 return p; 212 return p;
@@ -229,10 +224,8 @@ nf_ct_l3proto_find_get(u_int16_t l3proto)
229 224
230 preempt_disable(); 225 preempt_disable();
231 p = __nf_ct_l3proto_find(l3proto); 226 p = __nf_ct_l3proto_find(l3proto);
232 if (p) { 227 if (!try_module_get(p->me))
233 if (!try_module_get(p->me)) 228 p = &nf_conntrack_generic_l3proto;
234 p = &nf_conntrack_generic_l3proto;
235 }
236 preempt_enable(); 229 preempt_enable();
237 230
238 return p; 231 return p;
diff --git a/net/netfilter/nf_conntrack_l3proto_generic.c b/net/netfilter/nf_conntrack_l3proto_generic.c
index 7de4f06c63c5..3fc58e454d4e 100644
--- a/net/netfilter/nf_conntrack_l3proto_generic.c
+++ b/net/netfilter/nf_conntrack_l3proto_generic.c
@@ -94,5 +94,4 @@ struct nf_conntrack_l3proto nf_conntrack_generic_l3proto = {
94 .print_conntrack = generic_print_conntrack, 94 .print_conntrack = generic_print_conntrack,
95 .prepare = generic_prepare, 95 .prepare = generic_prepare,
96 .get_features = generic_get_features, 96 .get_features = generic_get_features,
97 .me = THIS_MODULE,
98}; 97};
diff --git a/net/netfilter/nf_conntrack_proto_sctp.c b/net/netfilter/nf_conntrack_proto_sctp.c
index 9cccc325b687..0c6da496cfa9 100644
--- a/net/netfilter/nf_conntrack_proto_sctp.c
+++ b/net/netfilter/nf_conntrack_proto_sctp.c
@@ -240,12 +240,15 @@ static int do_basic_checks(struct nf_conn *conntrack,
240 flag = 1; 240 flag = 1;
241 } 241 }
242 242
243 /* Cookie Ack/Echo chunks not the first OR 243 /*
244 Init / Init Ack / Shutdown compl chunks not the only chunks */ 244 * Cookie Ack/Echo chunks not the first OR
245 if ((sch->type == SCTP_CID_COOKIE_ACK 245 * Init / Init Ack / Shutdown compl chunks not the only chunks
246 * OR zero-length.
247 */
248 if (((sch->type == SCTP_CID_COOKIE_ACK
246 || sch->type == SCTP_CID_COOKIE_ECHO 249 || sch->type == SCTP_CID_COOKIE_ECHO
247 || flag) 250 || flag)
248 && count !=0 ) { 251 && count !=0) || !sch->length) {
249 DEBUGP("Basic checks failed\n"); 252 DEBUGP("Basic checks failed\n");
250 return 1; 253 return 1;
251 } 254 }
diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
index 00cf0a4f4d92..99293c63ff73 100644
--- a/net/netfilter/x_tables.c
+++ b/net/netfilter/x_tables.c
@@ -289,7 +289,7 @@ int xt_compat_match(void *match, void **dstptr, int *size, int convert)
289 case COMPAT_TO_USER: 289 case COMPAT_TO_USER:
290 pm = (struct xt_entry_match *)match; 290 pm = (struct xt_entry_match *)match;
291 msize = pm->u.user.match_size; 291 msize = pm->u.user.match_size;
292 if (__copy_to_user(*dstptr, pm, msize)) { 292 if (copy_to_user(*dstptr, pm, msize)) {
293 ret = -EFAULT; 293 ret = -EFAULT;
294 break; 294 break;
295 } 295 }
@@ -366,7 +366,7 @@ int xt_compat_target(void *target, void **dstptr, int *size, int convert)
366 case COMPAT_TO_USER: 366 case COMPAT_TO_USER:
367 pt = (struct xt_entry_target *)target; 367 pt = (struct xt_entry_target *)target;
368 tsize = pt->u.user.target_size; 368 tsize = pt->u.user.target_size;
369 if (__copy_to_user(*dstptr, pt, tsize)) { 369 if (copy_to_user(*dstptr, pt, tsize)) {
370 ret = -EFAULT; 370 ret = -EFAULT;
371 break; 371 break;
372 } 372 }
@@ -529,6 +529,7 @@ int xt_register_table(struct xt_table *table,
529 529
530 /* Simplifies replace_table code. */ 530 /* Simplifies replace_table code. */
531 table->private = bootstrap; 531 table->private = bootstrap;
532 rwlock_init(&table->lock);
532 if (!xt_replace_table(table, 0, newinfo, &ret)) 533 if (!xt_replace_table(table, 0, newinfo, &ret))
533 goto unlock; 534 goto unlock;
534 535
@@ -538,7 +539,6 @@ int xt_register_table(struct xt_table *table,
538 /* save number of initial entries */ 539 /* save number of initial entries */
539 private->initial_entries = private->number; 540 private->initial_entries = private->number;
540 541
541 rwlock_init(&table->lock);
542 list_prepend(&xt[table->af].tables, table); 542 list_prepend(&xt[table->af].tables, table);
543 543
544 ret = 0; 544 ret = 0;
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index 2a233ffcf618..3862e73d14d7 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -56,12 +56,12 @@
56#include <linux/mm.h> 56#include <linux/mm.h>
57#include <linux/types.h> 57#include <linux/types.h>
58#include <linux/audit.h> 58#include <linux/audit.h>
59#include <linux/selinux.h>
59 60
60#include <net/sock.h> 61#include <net/sock.h>
61#include <net/scm.h> 62#include <net/scm.h>
62#include <net/netlink.h> 63#include <net/netlink.h>
63 64
64#define Nprintk(a...)
65#define NLGRPSZ(x) (ALIGN(x, sizeof(unsigned long) * 8) / 8) 65#define NLGRPSZ(x) (ALIGN(x, sizeof(unsigned long) * 8) / 8)
66 66
67struct netlink_sock { 67struct netlink_sock {
@@ -1157,6 +1157,7 @@ static int netlink_sendmsg(struct kiocb *kiocb, struct socket *sock,
1157 NETLINK_CB(skb).dst_pid = dst_pid; 1157 NETLINK_CB(skb).dst_pid = dst_pid;
1158 NETLINK_CB(skb).dst_group = dst_group; 1158 NETLINK_CB(skb).dst_group = dst_group;
1159 NETLINK_CB(skb).loginuid = audit_get_loginuid(current->audit_context); 1159 NETLINK_CB(skb).loginuid = audit_get_loginuid(current->audit_context);
1160 selinux_get_task_sid(current, &(NETLINK_CB(skb).sid));
1160 memcpy(NETLINK_CREDS(skb), &siocb->scm->creds, sizeof(struct ucred)); 1161 memcpy(NETLINK_CREDS(skb), &siocb->scm->creds, sizeof(struct ucred));
1161 1162
1162 /* What can I do? Netlink is asynchronous, so that 1163 /* What can I do? Netlink is asynchronous, so that
diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c
index d44981f5a619..3669cb953e6e 100644
--- a/net/netrom/af_netrom.c
+++ b/net/netrom/af_netrom.c
@@ -425,11 +425,16 @@ static int nr_create(struct socket *sock, int protocol)
425 425
426 nr_init_timers(sk); 426 nr_init_timers(sk);
427 427
428 nr->t1 = sysctl_netrom_transport_timeout; 428 nr->t1 =
429 nr->t2 = sysctl_netrom_transport_acknowledge_delay; 429 msecs_to_jiffies(sysctl_netrom_transport_timeout);
430 nr->n2 = sysctl_netrom_transport_maximum_tries; 430 nr->t2 =
431 nr->t4 = sysctl_netrom_transport_busy_delay; 431 msecs_to_jiffies(sysctl_netrom_transport_acknowledge_delay);
432 nr->idle = sysctl_netrom_transport_no_activity_timeout; 432 nr->n2 =
433 msecs_to_jiffies(sysctl_netrom_transport_maximum_tries);
434 nr->t4 =
435 msecs_to_jiffies(sysctl_netrom_transport_busy_delay);
436 nr->idle =
437 msecs_to_jiffies(sysctl_netrom_transport_no_activity_timeout);
433 nr->window = sysctl_netrom_transport_requested_window_size; 438 nr->window = sysctl_netrom_transport_requested_window_size;
434 439
435 nr->bpqext = 1; 440 nr->bpqext = 1;
@@ -1365,8 +1370,6 @@ static struct notifier_block nr_dev_notifier = {
1365 1370
1366static struct net_device **dev_nr; 1371static struct net_device **dev_nr;
1367 1372
1368static char banner[] __initdata = KERN_INFO "G4KLX NET/ROM for Linux. Version 0.7 for AX25.037 Linux 2.4\n";
1369
1370static int __init nr_proto_init(void) 1373static int __init nr_proto_init(void)
1371{ 1374{
1372 int i; 1375 int i;
@@ -1414,7 +1417,6 @@ static int __init nr_proto_init(void)
1414 } 1417 }
1415 1418
1416 register_netdevice_notifier(&nr_dev_notifier); 1419 register_netdevice_notifier(&nr_dev_notifier);
1417 printk(banner);
1418 1420
1419 ax25_protocol_register(AX25_P_NETROM, nr_route_frame); 1421 ax25_protocol_register(AX25_P_NETROM, nr_route_frame);
1420 ax25_linkfail_register(nr_link_failed); 1422 ax25_linkfail_register(nr_link_failed);
diff --git a/net/netrom/nr_dev.c b/net/netrom/nr_dev.c
index 509afddae569..621e5586ab03 100644
--- a/net/netrom/nr_dev.c
+++ b/net/netrom/nr_dev.c
@@ -185,7 +185,6 @@ static struct net_device_stats *nr_get_stats(struct net_device *dev)
185 185
186void nr_setup(struct net_device *dev) 186void nr_setup(struct net_device *dev)
187{ 187{
188 SET_MODULE_OWNER(dev);
189 dev->mtu = NR_MAX_PACKET_SIZE; 188 dev->mtu = NR_MAX_PACKET_SIZE;
190 dev->hard_start_xmit = nr_xmit; 189 dev->hard_start_xmit = nr_xmit;
191 dev->open = nr_open; 190 dev->open = nr_open;
diff --git a/net/rose/af_rose.c b/net/rose/af_rose.c
index ea65396d1619..55564efccf11 100644
--- a/net/rose/af_rose.c
+++ b/net/rose/af_rose.c
@@ -518,11 +518,11 @@ static int rose_create(struct socket *sock, int protocol)
518 init_timer(&rose->timer); 518 init_timer(&rose->timer);
519 init_timer(&rose->idletimer); 519 init_timer(&rose->idletimer);
520 520
521 rose->t1 = sysctl_rose_call_request_timeout; 521 rose->t1 = msecs_to_jiffies(sysctl_rose_call_request_timeout);
522 rose->t2 = sysctl_rose_reset_request_timeout; 522 rose->t2 = msecs_to_jiffies(sysctl_rose_reset_request_timeout);
523 rose->t3 = sysctl_rose_clear_request_timeout; 523 rose->t3 = msecs_to_jiffies(sysctl_rose_clear_request_timeout);
524 rose->hb = sysctl_rose_ack_hold_back_timeout; 524 rose->hb = msecs_to_jiffies(sysctl_rose_ack_hold_back_timeout);
525 rose->idle = sysctl_rose_no_activity_timeout; 525 rose->idle = msecs_to_jiffies(sysctl_rose_no_activity_timeout);
526 526
527 rose->state = ROSE_STATE_0; 527 rose->state = ROSE_STATE_0;
528 528
@@ -1469,8 +1469,6 @@ static struct notifier_block rose_dev_notifier = {
1469 1469
1470static struct net_device **dev_rose; 1470static struct net_device **dev_rose;
1471 1471
1472static const char banner[] = KERN_INFO "F6FBB/G4KLX ROSE for Linux. Version 0.62 for AX25.037 Linux 2.4\n";
1473
1474static int __init rose_proto_init(void) 1472static int __init rose_proto_init(void)
1475{ 1473{
1476 int i; 1474 int i;
@@ -1519,7 +1517,6 @@ static int __init rose_proto_init(void)
1519 1517
1520 sock_register(&rose_family_ops); 1518 sock_register(&rose_family_ops);
1521 register_netdevice_notifier(&rose_dev_notifier); 1519 register_netdevice_notifier(&rose_dev_notifier);
1522 printk(banner);
1523 1520
1524 ax25_protocol_register(AX25_P_ROSE, rose_route_frame); 1521 ax25_protocol_register(AX25_P_ROSE, rose_route_frame);
1525 ax25_linkfail_register(rose_link_failed); 1522 ax25_linkfail_register(rose_link_failed);
diff --git a/net/rose/rose_dev.c b/net/rose/rose_dev.c
index d297af737d10..2a1bf8e119e5 100644
--- a/net/rose/rose_dev.c
+++ b/net/rose/rose_dev.c
@@ -135,7 +135,6 @@ static struct net_device_stats *rose_get_stats(struct net_device *dev)
135 135
136void rose_setup(struct net_device *dev) 136void rose_setup(struct net_device *dev)
137{ 137{
138 SET_MODULE_OWNER(dev);
139 dev->mtu = ROSE_MAX_PACKET_SIZE - 2; 138 dev->mtu = ROSE_MAX_PACKET_SIZE - 2;
140 dev->hard_start_xmit = rose_xmit; 139 dev->hard_start_xmit = rose_xmit;
141 dev->open = rose_open; 140 dev->open = rose_open;
diff --git a/net/rose/rose_link.c b/net/rose/rose_link.c
index 09e9e9d04d92..bd86a63960ce 100644
--- a/net/rose/rose_link.c
+++ b/net/rose/rose_link.c
@@ -40,7 +40,8 @@ void rose_start_ftimer(struct rose_neigh *neigh)
40 40
41 neigh->ftimer.data = (unsigned long)neigh; 41 neigh->ftimer.data = (unsigned long)neigh;
42 neigh->ftimer.function = &rose_ftimer_expiry; 42 neigh->ftimer.function = &rose_ftimer_expiry;
43 neigh->ftimer.expires = jiffies + sysctl_rose_link_fail_timeout; 43 neigh->ftimer.expires =
44 jiffies + msecs_to_jiffies(sysctl_rose_link_fail_timeout);
44 45
45 add_timer(&neigh->ftimer); 46 add_timer(&neigh->ftimer);
46} 47}
@@ -51,7 +52,8 @@ static void rose_start_t0timer(struct rose_neigh *neigh)
51 52
52 neigh->t0timer.data = (unsigned long)neigh; 53 neigh->t0timer.data = (unsigned long)neigh;
53 neigh->t0timer.function = &rose_t0timer_expiry; 54 neigh->t0timer.function = &rose_t0timer_expiry;
54 neigh->t0timer.expires = jiffies + sysctl_rose_restart_request_timeout; 55 neigh->t0timer.expires =
56 jiffies + msecs_to_jiffies(sysctl_rose_restart_request_timeout);
55 57
56 add_timer(&neigh->t0timer); 58 add_timer(&neigh->t0timer);
57} 59}
diff --git a/net/rose/rose_route.c b/net/rose/rose_route.c
index 8631b65a7312..a22542fa1bc8 100644
--- a/net/rose/rose_route.c
+++ b/net/rose/rose_route.c
@@ -48,8 +48,6 @@ static DEFINE_SPINLOCK(rose_route_list_lock);
48 48
49struct rose_neigh *rose_loopback_neigh; 49struct rose_neigh *rose_loopback_neigh;
50 50
51static void rose_remove_neigh(struct rose_neigh *);
52
53/* 51/*
54 * Add a new route to a node, and in the process add the node and the 52 * Add a new route to a node, and in the process add the node and the
55 * neighbour if it is new. 53 * neighbour if it is new.
@@ -235,11 +233,8 @@ static void rose_remove_neigh(struct rose_neigh *rose_neigh)
235 233
236 skb_queue_purge(&rose_neigh->queue); 234 skb_queue_purge(&rose_neigh->queue);
237 235
238 spin_lock_bh(&rose_neigh_list_lock);
239
240 if ((s = rose_neigh_list) == rose_neigh) { 236 if ((s = rose_neigh_list) == rose_neigh) {
241 rose_neigh_list = rose_neigh->next; 237 rose_neigh_list = rose_neigh->next;
242 spin_unlock_bh(&rose_neigh_list_lock);
243 kfree(rose_neigh->digipeat); 238 kfree(rose_neigh->digipeat);
244 kfree(rose_neigh); 239 kfree(rose_neigh);
245 return; 240 return;
@@ -248,7 +243,6 @@ static void rose_remove_neigh(struct rose_neigh *rose_neigh)
248 while (s != NULL && s->next != NULL) { 243 while (s != NULL && s->next != NULL) {
249 if (s->next == rose_neigh) { 244 if (s->next == rose_neigh) {
250 s->next = rose_neigh->next; 245 s->next = rose_neigh->next;
251 spin_unlock_bh(&rose_neigh_list_lock);
252 kfree(rose_neigh->digipeat); 246 kfree(rose_neigh->digipeat);
253 kfree(rose_neigh); 247 kfree(rose_neigh);
254 return; 248 return;
@@ -256,7 +250,6 @@ static void rose_remove_neigh(struct rose_neigh *rose_neigh)
256 250
257 s = s->next; 251 s = s->next;
258 } 252 }
259 spin_unlock_bh(&rose_neigh_list_lock);
260} 253}
261 254
262/* 255/*
diff --git a/net/sched/act_ipt.c b/net/sched/act_ipt.c
index 6056d20ef429..37640c6fc014 100644
--- a/net/sched/act_ipt.c
+++ b/net/sched/act_ipt.c
@@ -69,6 +69,11 @@ ipt_init_target(struct ipt_entry_target *t, char *table, unsigned int hook)
69 DPRINTK("ipt_init_target: found %s\n", target->name); 69 DPRINTK("ipt_init_target: found %s\n", target->name);
70 t->u.kernel.target = target; 70 t->u.kernel.target = target;
71 71
72 ret = xt_check_target(target, AF_INET, t->u.target_size - sizeof(*t),
73 table, hook, 0, 0);
74 if (ret)
75 return ret;
76
72 if (t->u.kernel.target->checkentry 77 if (t->u.kernel.target->checkentry
73 && !t->u.kernel.target->checkentry(table, NULL, 78 && !t->u.kernel.target->checkentry(table, NULL,
74 t->u.kernel.target, t->data, 79 t->u.kernel.target, t->data,
diff --git a/net/sched/sch_netem.c b/net/sched/sch_netem.c
index 7228d30512c7..5a4a4d0ae502 100644
--- a/net/sched/sch_netem.c
+++ b/net/sched/sch_netem.c
@@ -167,7 +167,7 @@ static int netem_enqueue(struct sk_buff *skb, struct Qdisc *sch)
167 if (count == 0) { 167 if (count == 0) {
168 sch->qstats.drops++; 168 sch->qstats.drops++;
169 kfree_skb(skb); 169 kfree_skb(skb);
170 return NET_XMIT_DROP; 170 return NET_XMIT_BYPASS;
171 } 171 }
172 172
173 /* 173 /*
diff --git a/net/sctp/inqueue.c b/net/sctp/inqueue.c
index 297b8951463e..cf0c767d43ae 100644
--- a/net/sctp/inqueue.c
+++ b/net/sctp/inqueue.c
@@ -149,6 +149,7 @@ struct sctp_chunk *sctp_inq_pop(struct sctp_inq *queue)
149 /* This is the first chunk in the packet. */ 149 /* This is the first chunk in the packet. */
150 chunk->singleton = 1; 150 chunk->singleton = 1;
151 ch = (sctp_chunkhdr_t *) chunk->skb->data; 151 ch = (sctp_chunkhdr_t *) chunk->skb->data;
152 chunk->data_accepted = 0;
152 } 153 }
153 154
154 chunk->chunk_hdr = ch; 155 chunk->chunk_hdr = ch;
diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
index 2b9a832b29a7..8cdba51ec076 100644
--- a/net/sctp/sm_statefuns.c
+++ b/net/sctp/sm_statefuns.c
@@ -636,8 +636,9 @@ sctp_disposition_t sctp_sf_do_5_1D_ce(const struct sctp_endpoint *ep,
636 */ 636 */
637 chunk->subh.cookie_hdr = 637 chunk->subh.cookie_hdr =
638 (struct sctp_signed_cookie *)chunk->skb->data; 638 (struct sctp_signed_cookie *)chunk->skb->data;
639 skb_pull(chunk->skb, 639 if (!pskb_pull(chunk->skb, ntohs(chunk->chunk_hdr->length) -
640 ntohs(chunk->chunk_hdr->length) - sizeof(sctp_chunkhdr_t)); 640 sizeof(sctp_chunkhdr_t)))
641 goto nomem;
641 642
642 /* 5.1 D) Upon reception of the COOKIE ECHO chunk, Endpoint 643 /* 5.1 D) Upon reception of the COOKIE ECHO chunk, Endpoint
643 * "Z" will reply with a COOKIE ACK chunk after building a TCB 644 * "Z" will reply with a COOKIE ACK chunk after building a TCB
@@ -965,7 +966,8 @@ sctp_disposition_t sctp_sf_beat_8_3(const struct sctp_endpoint *ep,
965 */ 966 */
966 chunk->subh.hb_hdr = (sctp_heartbeathdr_t *) chunk->skb->data; 967 chunk->subh.hb_hdr = (sctp_heartbeathdr_t *) chunk->skb->data;
967 paylen = ntohs(chunk->chunk_hdr->length) - sizeof(sctp_chunkhdr_t); 968 paylen = ntohs(chunk->chunk_hdr->length) - sizeof(sctp_chunkhdr_t);
968 skb_pull(chunk->skb, paylen); 969 if (!pskb_pull(chunk->skb, paylen))
970 goto nomem;
969 971
970 reply = sctp_make_heartbeat_ack(asoc, chunk, 972 reply = sctp_make_heartbeat_ack(asoc, chunk,
971 chunk->subh.hb_hdr, paylen); 973 chunk->subh.hb_hdr, paylen);
@@ -1860,8 +1862,9 @@ sctp_disposition_t sctp_sf_do_5_2_4_dupcook(const struct sctp_endpoint *ep,
1860 * are in good shape. 1862 * are in good shape.
1861 */ 1863 */
1862 chunk->subh.cookie_hdr = (struct sctp_signed_cookie *)chunk->skb->data; 1864 chunk->subh.cookie_hdr = (struct sctp_signed_cookie *)chunk->skb->data;
1863 skb_pull(chunk->skb, ntohs(chunk->chunk_hdr->length) - 1865 if (!pskb_pull(chunk->skb, ntohs(chunk->chunk_hdr->length) -
1864 sizeof(sctp_chunkhdr_t)); 1866 sizeof(sctp_chunkhdr_t)))
1867 goto nomem;
1865 1868
1866 /* In RFC 2960 5.2.4 3, if both Verification Tags in the State Cookie 1869 /* In RFC 2960 5.2.4 3, if both Verification Tags in the State Cookie
1867 * of a duplicate COOKIE ECHO match the Verification Tags of the 1870 * of a duplicate COOKIE ECHO match the Verification Tags of the
@@ -5151,7 +5154,9 @@ static int sctp_eat_data(const struct sctp_association *asoc,
5151 int tmp; 5154 int tmp;
5152 __u32 tsn; 5155 __u32 tsn;
5153 int account_value; 5156 int account_value;
5157 struct sctp_tsnmap *map = (struct sctp_tsnmap *)&asoc->peer.tsn_map;
5154 struct sock *sk = asoc->base.sk; 5158 struct sock *sk = asoc->base.sk;
5159 int rcvbuf_over = 0;
5155 5160
5156 data_hdr = chunk->subh.data_hdr = (sctp_datahdr_t *)chunk->skb->data; 5161 data_hdr = chunk->subh.data_hdr = (sctp_datahdr_t *)chunk->skb->data;
5157 skb_pull(chunk->skb, sizeof(sctp_datahdr_t)); 5162 skb_pull(chunk->skb, sizeof(sctp_datahdr_t));
@@ -5162,10 +5167,16 @@ static int sctp_eat_data(const struct sctp_association *asoc,
5162 /* ASSERT: Now skb->data is really the user data. */ 5167 /* ASSERT: Now skb->data is really the user data. */
5163 5168
5164 /* 5169 /*
5165 * if we are established, and we have used up our receive 5170 * If we are established, and we have used up our receive buffer
5166 * buffer memory, drop the frame 5171 * memory, think about droping the frame.
5167 */ 5172 * Note that we have an opportunity to improve performance here.
5168 if (asoc->state == SCTP_STATE_ESTABLISHED) { 5173 * If we accept one chunk from an skbuff, we have to keep all the
5174 * memory of that skbuff around until the chunk is read into user
5175 * space. Therefore, once we accept 1 chunk we may as well accept all
5176 * remaining chunks in the skbuff. The data_accepted flag helps us do
5177 * that.
5178 */
5179 if ((asoc->state == SCTP_STATE_ESTABLISHED) && (!chunk->data_accepted)) {
5169 /* 5180 /*
5170 * If the receive buffer policy is 1, then each 5181 * If the receive buffer policy is 1, then each
5171 * association can allocate up to sk_rcvbuf bytes 5182 * association can allocate up to sk_rcvbuf bytes
@@ -5176,9 +5187,25 @@ static int sctp_eat_data(const struct sctp_association *asoc,
5176 account_value = atomic_read(&asoc->rmem_alloc); 5187 account_value = atomic_read(&asoc->rmem_alloc);
5177 else 5188 else
5178 account_value = atomic_read(&sk->sk_rmem_alloc); 5189 account_value = atomic_read(&sk->sk_rmem_alloc);
5179 5190 if (account_value > sk->sk_rcvbuf) {
5180 if (account_value > sk->sk_rcvbuf) 5191 /*
5181 return SCTP_IERROR_IGNORE_TSN; 5192 * We need to make forward progress, even when we are
5193 * under memory pressure, so we always allow the
5194 * next tsn after the ctsn ack point to be accepted.
5195 * This lets us avoid deadlocks in which we have to
5196 * drop frames that would otherwise let us drain the
5197 * receive queue.
5198 */
5199 if ((sctp_tsnmap_get_ctsn(map) + 1) != tsn)
5200 return SCTP_IERROR_IGNORE_TSN;
5201
5202 /*
5203 * We're going to accept the frame but we should renege
5204 * to make space for it. This will send us down that
5205 * path later in this function.
5206 */
5207 rcvbuf_over = 1;
5208 }
5182 } 5209 }
5183 5210
5184 /* Process ECN based congestion. 5211 /* Process ECN based congestion.
@@ -5226,6 +5253,7 @@ static int sctp_eat_data(const struct sctp_association *asoc,
5226 datalen -= sizeof(sctp_data_chunk_t); 5253 datalen -= sizeof(sctp_data_chunk_t);
5227 5254
5228 deliver = SCTP_CMD_CHUNK_ULP; 5255 deliver = SCTP_CMD_CHUNK_ULP;
5256 chunk->data_accepted = 1;
5229 5257
5230 /* Think about partial delivery. */ 5258 /* Think about partial delivery. */
5231 if ((datalen >= asoc->rwnd) && (!asoc->ulpq.pd_mode)) { 5259 if ((datalen >= asoc->rwnd) && (!asoc->ulpq.pd_mode)) {
@@ -5242,7 +5270,8 @@ static int sctp_eat_data(const struct sctp_association *asoc,
5242 * large spill over. 5270 * large spill over.
5243 */ 5271 */
5244 if (!asoc->rwnd || asoc->rwnd_over || 5272 if (!asoc->rwnd || asoc->rwnd_over ||
5245 (datalen > asoc->rwnd + asoc->frag_point)) { 5273 (datalen > asoc->rwnd + asoc->frag_point) ||
5274 rcvbuf_over) {
5246 5275
5247 /* If this is the next TSN, consider reneging to make 5276 /* If this is the next TSN, consider reneging to make
5248 * room. Note: Playing nice with a confused sender. A 5277 * room. Note: Playing nice with a confused sender. A
@@ -5250,8 +5279,8 @@ static int sctp_eat_data(const struct sctp_association *asoc,
5250 * space and in the future we may want to detect and 5279 * space and in the future we may want to detect and
5251 * do more drastic reneging. 5280 * do more drastic reneging.
5252 */ 5281 */
5253 if (sctp_tsnmap_has_gap(&asoc->peer.tsn_map) && 5282 if (sctp_tsnmap_has_gap(map) &&
5254 (sctp_tsnmap_get_ctsn(&asoc->peer.tsn_map) + 1) == tsn) { 5283 (sctp_tsnmap_get_ctsn(map) + 1) == tsn) {
5255 SCTP_DEBUG_PRINTK("Reneging for tsn:%u\n", tsn); 5284 SCTP_DEBUG_PRINTK("Reneging for tsn:%u\n", tsn);
5256 deliver = SCTP_CMD_RENEGE; 5285 deliver = SCTP_CMD_RENEGE;
5257 } else { 5286 } else {
diff --git a/net/sctp/sm_statetable.c b/net/sctp/sm_statetable.c
index 75ef10408764..8bcca5676151 100644
--- a/net/sctp/sm_statetable.c
+++ b/net/sctp/sm_statetable.c
@@ -366,9 +366,9 @@ const sctp_sm_table_entry_t *sctp_sm_lookup_event(sctp_event_t event_type,
366 /* SCTP_STATE_EMPTY */ \ 366 /* SCTP_STATE_EMPTY */ \
367 {.fn = sctp_sf_ootb, .name = "sctp_sf_ootb"}, \ 367 {.fn = sctp_sf_ootb, .name = "sctp_sf_ootb"}, \
368 /* SCTP_STATE_CLOSED */ \ 368 /* SCTP_STATE_CLOSED */ \
369 {.fn = sctp_sf_bug, .name = "sctp_sf_bug"}, \ 369 {.fn = sctp_sf_discard_chunk, .name = "sctp_sf_discard_chunk"}, \
370 /* SCTP_STATE_COOKIE_WAIT */ \ 370 /* SCTP_STATE_COOKIE_WAIT */ \
371 {.fn = sctp_sf_bug, .name = "sctp_sf_bug"}, \ 371 {.fn = sctp_sf_discard_chunk, .name = "sctp_sf_discard_chunk"}, \
372 /* SCTP_STATE_COOKIE_ECHOED */ \ 372 /* SCTP_STATE_COOKIE_ECHOED */ \
373 {.fn = sctp_sf_do_ecne, .name = "sctp_sf_do_ecne"}, \ 373 {.fn = sctp_sf_do_ecne, .name = "sctp_sf_do_ecne"}, \
374 /* SCTP_STATE_ESTABLISHED */ \ 374 /* SCTP_STATE_ESTABLISHED */ \
@@ -380,7 +380,7 @@ const sctp_sm_table_entry_t *sctp_sm_lookup_event(sctp_event_t event_type,
380 /* SCTP_STATE_SHUTDOWN_RECEIVED */ \ 380 /* SCTP_STATE_SHUTDOWN_RECEIVED */ \
381 {.fn = sctp_sf_do_ecne, .name = "sctp_sf_do_ecne"}, \ 381 {.fn = sctp_sf_do_ecne, .name = "sctp_sf_do_ecne"}, \
382 /* SCTP_STATE_SHUTDOWN_ACK_SENT */ \ 382 /* SCTP_STATE_SHUTDOWN_ACK_SENT */ \
383 {.fn = sctp_sf_bug, .name = "sctp_sf_bug"}, \ 383 {.fn = sctp_sf_discard_chunk, .name = "sctp_sf_discard_chunk"}, \
384} /* TYPE_SCTP_ECN_ECNE */ 384} /* TYPE_SCTP_ECN_ECNE */
385 385
386#define TYPE_SCTP_ECN_CWR { \ 386#define TYPE_SCTP_ECN_CWR { \
@@ -401,7 +401,7 @@ const sctp_sm_table_entry_t *sctp_sm_lookup_event(sctp_event_t event_type,
401 /* SCTP_STATE_SHUTDOWN_RECEIVED */ \ 401 /* SCTP_STATE_SHUTDOWN_RECEIVED */ \
402 {.fn = sctp_sf_discard_chunk, .name = "sctp_sf_discard_chunk"}, \ 402 {.fn = sctp_sf_discard_chunk, .name = "sctp_sf_discard_chunk"}, \
403 /* SCTP_STATE_SHUTDOWN_ACK_SENT */ \ 403 /* SCTP_STATE_SHUTDOWN_ACK_SENT */ \
404 {.fn = sctp_sf_bug, .name = "sctp_sf_bug"}, \ 404 {.fn = sctp_sf_discard_chunk, .name = "sctp_sf_discard_chunk"}, \
405} /* TYPE_SCTP_ECN_CWR */ 405} /* TYPE_SCTP_ECN_CWR */
406 406
407#define TYPE_SCTP_SHUTDOWN_COMPLETE { \ 407#define TYPE_SCTP_SHUTDOWN_COMPLETE { \
@@ -647,7 +647,7 @@ chunk_event_table_unknown[SCTP_STATE_NUM_STATES] = {
647 /* SCTP_STATE_EMPTY */ \ 647 /* SCTP_STATE_EMPTY */ \
648 {.fn = sctp_sf_bug, .name = "sctp_sf_bug"}, \ 648 {.fn = sctp_sf_bug, .name = "sctp_sf_bug"}, \
649 /* SCTP_STATE_CLOSED */ \ 649 /* SCTP_STATE_CLOSED */ \
650 {.fn = sctp_sf_bug, .name = "sctp_sf_bug"}, \ 650 {.fn = sctp_sf_error_closed, .name = "sctp_sf_error_closed"}, \
651 /* SCTP_STATE_COOKIE_WAIT */ \ 651 /* SCTP_STATE_COOKIE_WAIT */ \
652 {.fn = sctp_sf_do_prm_requestheartbeat, \ 652 {.fn = sctp_sf_do_prm_requestheartbeat, \
653 .name = "sctp_sf_do_prm_requestheartbeat"}, \ 653 .name = "sctp_sf_do_prm_requestheartbeat"}, \
diff --git a/net/sctp/ulpqueue.c b/net/sctp/ulpqueue.c
index 2080b2d28c98..575e556aeb3e 100644
--- a/net/sctp/ulpqueue.c
+++ b/net/sctp/ulpqueue.c
@@ -279,6 +279,7 @@ static inline void sctp_ulpq_store_reasm(struct sctp_ulpq *ulpq,
279static struct sctp_ulpevent *sctp_make_reassembled_event(struct sk_buff_head *queue, struct sk_buff *f_frag, struct sk_buff *l_frag) 279static struct sctp_ulpevent *sctp_make_reassembled_event(struct sk_buff_head *queue, struct sk_buff *f_frag, struct sk_buff *l_frag)
280{ 280{
281 struct sk_buff *pos; 281 struct sk_buff *pos;
282 struct sk_buff *new = NULL;
282 struct sctp_ulpevent *event; 283 struct sctp_ulpevent *event;
283 struct sk_buff *pnext, *last; 284 struct sk_buff *pnext, *last;
284 struct sk_buff *list = skb_shinfo(f_frag)->frag_list; 285 struct sk_buff *list = skb_shinfo(f_frag)->frag_list;
@@ -297,11 +298,33 @@ static struct sctp_ulpevent *sctp_make_reassembled_event(struct sk_buff_head *qu
297 */ 298 */
298 if (last) 299 if (last)
299 last->next = pos; 300 last->next = pos;
300 else 301 else {
301 skb_shinfo(f_frag)->frag_list = pos; 302 if (skb_cloned(f_frag)) {
303 /* This is a cloned skb, we can't just modify
304 * the frag_list. We need a new skb to do that.
305 * Instead of calling skb_unshare(), we'll do it
306 * ourselves since we need to delay the free.
307 */
308 new = skb_copy(f_frag, GFP_ATOMIC);
309 if (!new)
310 return NULL; /* try again later */
311
312 new->sk = f_frag->sk;
313
314 skb_shinfo(new)->frag_list = pos;
315 } else
316 skb_shinfo(f_frag)->frag_list = pos;
317 }
302 318
303 /* Remove the first fragment from the reassembly queue. */ 319 /* Remove the first fragment from the reassembly queue. */
304 __skb_unlink(f_frag, queue); 320 __skb_unlink(f_frag, queue);
321
322 /* if we did unshare, then free the old skb and re-assign */
323 if (new) {
324 kfree_skb(f_frag);
325 f_frag = new;
326 }
327
305 while (pos) { 328 while (pos) {
306 329
307 pnext = pos->next; 330 pnext = pos->next;
diff --git a/net/socket.c b/net/socket.c
index 23898f45f713..02948b622bd2 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -267,6 +267,8 @@ int move_addr_to_user(void *kaddr, int klen, void __user *uaddr, int __user *ule
267 return -EINVAL; 267 return -EINVAL;
268 if(len) 268 if(len)
269 { 269 {
270 if (audit_sockaddr(klen, kaddr))
271 return -ENOMEM;
270 if(copy_to_user(uaddr,kaddr,len)) 272 if(copy_to_user(uaddr,kaddr,len))
271 return -EFAULT; 273 return -EFAULT;
272 } 274 }
@@ -490,6 +492,7 @@ static struct socket *sockfd_lookup_light(int fd, int *err, int *fput_needed)
490 struct file *file; 492 struct file *file;
491 struct socket *sock; 493 struct socket *sock;
492 494
495 *err = -EBADF;
493 file = fget_light(fd, fput_needed); 496 file = fget_light(fd, fput_needed);
494 if (file) { 497 if (file) {
495 sock = sock_from_file(file, err); 498 sock = sock_from_file(file, err);
diff --git a/net/x25/x25_timer.c b/net/x25/x25_timer.c
index 0a92e1da3922..71ff3088f6fe 100644
--- a/net/x25/x25_timer.c
+++ b/net/x25/x25_timer.c
@@ -114,8 +114,9 @@ static void x25_heartbeat_expiry(unsigned long param)
114 if (sock_flag(sk, SOCK_DESTROY) || 114 if (sock_flag(sk, SOCK_DESTROY) ||
115 (sk->sk_state == TCP_LISTEN && 115 (sk->sk_state == TCP_LISTEN &&
116 sock_flag(sk, SOCK_DEAD))) { 116 sock_flag(sk, SOCK_DEAD))) {
117 bh_unlock_sock(sk);
117 x25_destroy_socket(sk); 118 x25_destroy_socket(sk);
118 goto unlock; 119 return;
119 } 120 }
120 break; 121 break;
121 122
@@ -128,7 +129,6 @@ static void x25_heartbeat_expiry(unsigned long param)
128 } 129 }
129restart_heartbeat: 130restart_heartbeat:
130 x25_start_heartbeat(sk); 131 x25_start_heartbeat(sk);
131unlock:
132 bh_unlock_sock(sk); 132 bh_unlock_sock(sk);
133} 133}
134 134
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index c3725fe2a8fb..b469c8b54613 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -57,12 +57,12 @@ int xfrm_register_type(struct xfrm_type *type, unsigned short family)
57 return -EAFNOSUPPORT; 57 return -EAFNOSUPPORT;
58 typemap = afinfo->type_map; 58 typemap = afinfo->type_map;
59 59
60 write_lock(&typemap->lock); 60 write_lock_bh(&typemap->lock);
61 if (likely(typemap->map[type->proto] == NULL)) 61 if (likely(typemap->map[type->proto] == NULL))
62 typemap->map[type->proto] = type; 62 typemap->map[type->proto] = type;
63 else 63 else
64 err = -EEXIST; 64 err = -EEXIST;
65 write_unlock(&typemap->lock); 65 write_unlock_bh(&typemap->lock);
66 xfrm_policy_put_afinfo(afinfo); 66 xfrm_policy_put_afinfo(afinfo);
67 return err; 67 return err;
68} 68}
@@ -78,12 +78,12 @@ int xfrm_unregister_type(struct xfrm_type *type, unsigned short family)
78 return -EAFNOSUPPORT; 78 return -EAFNOSUPPORT;
79 typemap = afinfo->type_map; 79 typemap = afinfo->type_map;
80 80
81 write_lock(&typemap->lock); 81 write_lock_bh(&typemap->lock);
82 if (unlikely(typemap->map[type->proto] != type)) 82 if (unlikely(typemap->map[type->proto] != type))
83 err = -ENOENT; 83 err = -ENOENT;
84 else 84 else
85 typemap->map[type->proto] = NULL; 85 typemap->map[type->proto] = NULL;
86 write_unlock(&typemap->lock); 86 write_unlock_bh(&typemap->lock);
87 xfrm_policy_put_afinfo(afinfo); 87 xfrm_policy_put_afinfo(afinfo);
88 return err; 88 return err;
89} 89}
@@ -1251,7 +1251,7 @@ int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo)
1251 return -EINVAL; 1251 return -EINVAL;
1252 if (unlikely(afinfo->family >= NPROTO)) 1252 if (unlikely(afinfo->family >= NPROTO))
1253 return -EAFNOSUPPORT; 1253 return -EAFNOSUPPORT;
1254 write_lock(&xfrm_policy_afinfo_lock); 1254 write_lock_bh(&xfrm_policy_afinfo_lock);
1255 if (unlikely(xfrm_policy_afinfo[afinfo->family] != NULL)) 1255 if (unlikely(xfrm_policy_afinfo[afinfo->family] != NULL))
1256 err = -ENOBUFS; 1256 err = -ENOBUFS;
1257 else { 1257 else {
@@ -1268,7 +1268,7 @@ int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo)
1268 afinfo->garbage_collect = __xfrm_garbage_collect; 1268 afinfo->garbage_collect = __xfrm_garbage_collect;
1269 xfrm_policy_afinfo[afinfo->family] = afinfo; 1269 xfrm_policy_afinfo[afinfo->family] = afinfo;
1270 } 1270 }
1271 write_unlock(&xfrm_policy_afinfo_lock); 1271 write_unlock_bh(&xfrm_policy_afinfo_lock);
1272 return err; 1272 return err;
1273} 1273}
1274EXPORT_SYMBOL(xfrm_policy_register_afinfo); 1274EXPORT_SYMBOL(xfrm_policy_register_afinfo);
@@ -1280,7 +1280,7 @@ int xfrm_policy_unregister_afinfo(struct xfrm_policy_afinfo *afinfo)
1280 return -EINVAL; 1280 return -EINVAL;
1281 if (unlikely(afinfo->family >= NPROTO)) 1281 if (unlikely(afinfo->family >= NPROTO))
1282 return -EAFNOSUPPORT; 1282 return -EAFNOSUPPORT;
1283 write_lock(&xfrm_policy_afinfo_lock); 1283 write_lock_bh(&xfrm_policy_afinfo_lock);
1284 if (likely(xfrm_policy_afinfo[afinfo->family] != NULL)) { 1284 if (likely(xfrm_policy_afinfo[afinfo->family] != NULL)) {
1285 if (unlikely(xfrm_policy_afinfo[afinfo->family] != afinfo)) 1285 if (unlikely(xfrm_policy_afinfo[afinfo->family] != afinfo))
1286 err = -EINVAL; 1286 err = -EINVAL;
@@ -1294,7 +1294,7 @@ int xfrm_policy_unregister_afinfo(struct xfrm_policy_afinfo *afinfo)
1294 afinfo->garbage_collect = NULL; 1294 afinfo->garbage_collect = NULL;
1295 } 1295 }
1296 } 1296 }
1297 write_unlock(&xfrm_policy_afinfo_lock); 1297 write_unlock_bh(&xfrm_policy_afinfo_lock);
1298 return err; 1298 return err;
1299} 1299}
1300EXPORT_SYMBOL(xfrm_policy_unregister_afinfo); 1300EXPORT_SYMBOL(xfrm_policy_unregister_afinfo);
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 3dc3e1f3b7aa..93a2f36ad3db 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -1061,7 +1061,7 @@ int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo)
1061 return -EINVAL; 1061 return -EINVAL;
1062 if (unlikely(afinfo->family >= NPROTO)) 1062 if (unlikely(afinfo->family >= NPROTO))
1063 return -EAFNOSUPPORT; 1063 return -EAFNOSUPPORT;
1064 write_lock(&xfrm_state_afinfo_lock); 1064 write_lock_bh(&xfrm_state_afinfo_lock);
1065 if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL)) 1065 if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL))
1066 err = -ENOBUFS; 1066 err = -ENOBUFS;
1067 else { 1067 else {
@@ -1069,7 +1069,7 @@ int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo)
1069 afinfo->state_byspi = xfrm_state_byspi; 1069 afinfo->state_byspi = xfrm_state_byspi;
1070 xfrm_state_afinfo[afinfo->family] = afinfo; 1070 xfrm_state_afinfo[afinfo->family] = afinfo;
1071 } 1071 }
1072 write_unlock(&xfrm_state_afinfo_lock); 1072 write_unlock_bh(&xfrm_state_afinfo_lock);
1073 return err; 1073 return err;
1074} 1074}
1075EXPORT_SYMBOL(xfrm_state_register_afinfo); 1075EXPORT_SYMBOL(xfrm_state_register_afinfo);
@@ -1081,7 +1081,7 @@ int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo)
1081 return -EINVAL; 1081 return -EINVAL;
1082 if (unlikely(afinfo->family >= NPROTO)) 1082 if (unlikely(afinfo->family >= NPROTO))
1083 return -EAFNOSUPPORT; 1083 return -EAFNOSUPPORT;
1084 write_lock(&xfrm_state_afinfo_lock); 1084 write_lock_bh(&xfrm_state_afinfo_lock);
1085 if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) { 1085 if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) {
1086 if (unlikely(xfrm_state_afinfo[afinfo->family] != afinfo)) 1086 if (unlikely(xfrm_state_afinfo[afinfo->family] != afinfo))
1087 err = -EINVAL; 1087 err = -EINVAL;
@@ -1091,7 +1091,7 @@ int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo)
1091 afinfo->state_bydst = NULL; 1091 afinfo->state_bydst = NULL;
1092 } 1092 }
1093 } 1093 }
1094 write_unlock(&xfrm_state_afinfo_lock); 1094 write_unlock_bh(&xfrm_state_afinfo_lock);
1095 return err; 1095 return err;
1096} 1096}
1097EXPORT_SYMBOL(xfrm_state_unregister_afinfo); 1097EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
generated by cgit v1.2.2 (git 2.25.0) at 2025-05-07 21:41:22 -0400