aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
Diffstat (limited to 'net')
-rw-r--r--net/8021q/vlan.c4
-rw-r--r--net/8021q/vlan_core.c9
-rw-r--r--net/batman-adv/bridge_loop_avoidance.c27
-rw-r--r--net/batman-adv/routing.c8
-rw-r--r--net/batman-adv/types.h2
-rw-r--r--net/ipv4/route.c9
-rw-r--r--net/ipv4/tcp.c8
-rw-r--r--net/ipv6/addrconf.c15
-rw-r--r--net/netfilter/ipvs/ip_vs_ctl.c3
-rw-r--r--net/netfilter/xt_CT.c10
-rw-r--r--net/netfilter/xt_TEE.c1
-rw-r--r--net/netfilter/xt_nat.c8
-rw-r--r--net/netlink/af_netlink.c19
-rw-r--r--net/sctp/sm_sideeffect.c3
14 files changed, 86 insertions, 40 deletions
diff --git a/net/8021q/vlan.c b/net/8021q/vlan.c
index 9096bcb08132..ee070722a3a3 100644
--- a/net/8021q/vlan.c
+++ b/net/8021q/vlan.c
@@ -463,7 +463,9 @@ static int vlan_device_event(struct notifier_block *unused, unsigned long event,
463 463
464 case NETDEV_PRE_TYPE_CHANGE: 464 case NETDEV_PRE_TYPE_CHANGE:
465 /* Forbid underlaying device to change its type. */ 465 /* Forbid underlaying device to change its type. */
466 return NOTIFY_BAD; 466 if (vlan_uses_dev(dev))
467 return NOTIFY_BAD;
468 break;
467 469
468 case NETDEV_NOTIFY_PEERS: 470 case NETDEV_NOTIFY_PEERS:
469 case NETDEV_BONDING_FAILOVER: 471 case NETDEV_BONDING_FAILOVER:
diff --git a/net/8021q/vlan_core.c b/net/8021q/vlan_core.c
index fbbf1fa00940..65e06abe023f 100644
--- a/net/8021q/vlan_core.c
+++ b/net/8021q/vlan_core.c
@@ -366,6 +366,13 @@ EXPORT_SYMBOL(vlan_vids_del_by_dev);
366 366
367bool vlan_uses_dev(const struct net_device *dev) 367bool vlan_uses_dev(const struct net_device *dev)
368{ 368{
369 return rtnl_dereference(dev->vlan_info) ? true : false; 369 struct vlan_info *vlan_info;
370
371 ASSERT_RTNL();
372
373 vlan_info = rtnl_dereference(dev->vlan_info);
374 if (!vlan_info)
375 return false;
376 return vlan_info->grp.nr_vlan_devs ? true : false;
370} 377}
371EXPORT_SYMBOL(vlan_uses_dev); 378EXPORT_SYMBOL(vlan_uses_dev);
diff --git a/net/batman-adv/bridge_loop_avoidance.c b/net/batman-adv/bridge_loop_avoidance.c
index 0a9084ad19a6..fd8d5afec0dd 100644
--- a/net/batman-adv/bridge_loop_avoidance.c
+++ b/net/batman-adv/bridge_loop_avoidance.c
@@ -1167,6 +1167,8 @@ int batadv_bla_init(struct batadv_priv *bat_priv)
1167 uint16_t crc; 1167 uint16_t crc;
1168 unsigned long entrytime; 1168 unsigned long entrytime;
1169 1169
1170 spin_lock_init(&bat_priv->bla.bcast_duplist_lock);
1171
1170 batadv_dbg(BATADV_DBG_BLA, bat_priv, "bla hash registering\n"); 1172 batadv_dbg(BATADV_DBG_BLA, bat_priv, "bla hash registering\n");
1171 1173
1172 /* setting claim destination address */ 1174 /* setting claim destination address */
@@ -1210,8 +1212,8 @@ int batadv_bla_init(struct batadv_priv *bat_priv)
1210/** 1212/**
1211 * batadv_bla_check_bcast_duplist 1213 * batadv_bla_check_bcast_duplist
1212 * @bat_priv: the bat priv with all the soft interface information 1214 * @bat_priv: the bat priv with all the soft interface information
1213 * @bcast_packet: originator mac address 1215 * @bcast_packet: encapsulated broadcast frame plus batman header
1214 * @hdr_size: maximum length of the frame 1216 * @bcast_packet_len: length of encapsulated broadcast frame plus batman header
1215 * 1217 *
1216 * check if it is on our broadcast list. Another gateway might 1218 * check if it is on our broadcast list. Another gateway might
1217 * have sent the same packet because it is connected to the same backbone, 1219 * have sent the same packet because it is connected to the same backbone,
@@ -1224,20 +1226,22 @@ int batadv_bla_init(struct batadv_priv *bat_priv)
1224 */ 1226 */
1225int batadv_bla_check_bcast_duplist(struct batadv_priv *bat_priv, 1227int batadv_bla_check_bcast_duplist(struct batadv_priv *bat_priv,
1226 struct batadv_bcast_packet *bcast_packet, 1228 struct batadv_bcast_packet *bcast_packet,
1227 int hdr_size) 1229 int bcast_packet_len)
1228{ 1230{
1229 int i, length, curr; 1231 int i, length, curr, ret = 0;
1230 uint8_t *content; 1232 uint8_t *content;
1231 uint16_t crc; 1233 uint16_t crc;
1232 struct batadv_bcast_duplist_entry *entry; 1234 struct batadv_bcast_duplist_entry *entry;
1233 1235
1234 length = hdr_size - sizeof(*bcast_packet); 1236 length = bcast_packet_len - sizeof(*bcast_packet);
1235 content = (uint8_t *)bcast_packet; 1237 content = (uint8_t *)bcast_packet;
1236 content += sizeof(*bcast_packet); 1238 content += sizeof(*bcast_packet);
1237 1239
1238 /* calculate the crc ... */ 1240 /* calculate the crc ... */
1239 crc = crc16(0, content, length); 1241 crc = crc16(0, content, length);
1240 1242
1243 spin_lock_bh(&bat_priv->bla.bcast_duplist_lock);
1244
1241 for (i = 0; i < BATADV_DUPLIST_SIZE; i++) { 1245 for (i = 0; i < BATADV_DUPLIST_SIZE; i++) {
1242 curr = (bat_priv->bla.bcast_duplist_curr + i); 1246 curr = (bat_priv->bla.bcast_duplist_curr + i);
1243 curr %= BATADV_DUPLIST_SIZE; 1247 curr %= BATADV_DUPLIST_SIZE;
@@ -1259,9 +1263,12 @@ int batadv_bla_check_bcast_duplist(struct batadv_priv *bat_priv,
1259 /* this entry seems to match: same crc, not too old, 1263 /* this entry seems to match: same crc, not too old,
1260 * and from another gw. therefore return 1 to forbid it. 1264 * and from another gw. therefore return 1 to forbid it.
1261 */ 1265 */
1262 return 1; 1266 ret = 1;
1267 goto out;
1263 } 1268 }
1264 /* not found, add a new entry (overwrite the oldest entry) */ 1269 /* not found, add a new entry (overwrite the oldest entry)
1270 * and allow it, its the first occurence.
1271 */
1265 curr = (bat_priv->bla.bcast_duplist_curr + BATADV_DUPLIST_SIZE - 1); 1272 curr = (bat_priv->bla.bcast_duplist_curr + BATADV_DUPLIST_SIZE - 1);
1266 curr %= BATADV_DUPLIST_SIZE; 1273 curr %= BATADV_DUPLIST_SIZE;
1267 entry = &bat_priv->bla.bcast_duplist[curr]; 1274 entry = &bat_priv->bla.bcast_duplist[curr];
@@ -1270,8 +1277,10 @@ int batadv_bla_check_bcast_duplist(struct batadv_priv *bat_priv,
1270 memcpy(entry->orig, bcast_packet->orig, ETH_ALEN); 1277 memcpy(entry->orig, bcast_packet->orig, ETH_ALEN);
1271 bat_priv->bla.bcast_duplist_curr = curr; 1278 bat_priv->bla.bcast_duplist_curr = curr;
1272 1279
1273 /* allow it, its the first occurence. */ 1280out:
1274 return 0; 1281 spin_unlock_bh(&bat_priv->bla.bcast_duplist_lock);
1282
1283 return ret;
1275} 1284}
1276 1285
1277 1286
diff --git a/net/batman-adv/routing.c b/net/batman-adv/routing.c
index 939fc01371df..376b4cc6ca82 100644
--- a/net/batman-adv/routing.c
+++ b/net/batman-adv/routing.c
@@ -1124,8 +1124,14 @@ int batadv_recv_bcast_packet(struct sk_buff *skb,
1124 1124
1125 spin_unlock_bh(&orig_node->bcast_seqno_lock); 1125 spin_unlock_bh(&orig_node->bcast_seqno_lock);
1126 1126
1127 /* keep skb linear for crc calculation */
1128 if (skb_linearize(skb) < 0)
1129 goto out;
1130
1131 bcast_packet = (struct batadv_bcast_packet *)skb->data;
1132
1127 /* check whether this has been sent by another originator before */ 1133 /* check whether this has been sent by another originator before */
1128 if (batadv_bla_check_bcast_duplist(bat_priv, bcast_packet, hdr_size)) 1134 if (batadv_bla_check_bcast_duplist(bat_priv, bcast_packet, skb->len))
1129 goto out; 1135 goto out;
1130 1136
1131 /* rebroadcast packet */ 1137 /* rebroadcast packet */
diff --git a/net/batman-adv/types.h b/net/batman-adv/types.h
index 2ed82caacdca..ac1e07a80454 100644
--- a/net/batman-adv/types.h
+++ b/net/batman-adv/types.h
@@ -205,6 +205,8 @@ struct batadv_priv_bla {
205 struct batadv_hashtable *backbone_hash; 205 struct batadv_hashtable *backbone_hash;
206 struct batadv_bcast_duplist_entry bcast_duplist[BATADV_DUPLIST_SIZE]; 206 struct batadv_bcast_duplist_entry bcast_duplist[BATADV_DUPLIST_SIZE];
207 int bcast_duplist_curr; 207 int bcast_duplist_curr;
208 /* protects bcast_duplist and bcast_duplist_curr */
209 spinlock_t bcast_duplist_lock;
208 struct batadv_bla_claim_dst claim_dest; 210 struct batadv_bla_claim_dst claim_dest;
209 struct delayed_work work; 211 struct delayed_work work;
210}; 212};
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index 432f4bb77238..a8c651216fa6 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -1163,8 +1163,12 @@ static bool rt_bind_exception(struct rtable *rt, struct fib_nh_exception *fnhe,
1163 spin_lock_bh(&fnhe_lock); 1163 spin_lock_bh(&fnhe_lock);
1164 1164
1165 if (daddr == fnhe->fnhe_daddr) { 1165 if (daddr == fnhe->fnhe_daddr) {
1166 struct rtable *orig; 1166 struct rtable *orig = rcu_dereference(fnhe->fnhe_rth);
1167 1167 if (orig && rt_is_expired(orig)) {
1168 fnhe->fnhe_gw = 0;
1169 fnhe->fnhe_pmtu = 0;
1170 fnhe->fnhe_expires = 0;
1171 }
1168 if (fnhe->fnhe_pmtu) { 1172 if (fnhe->fnhe_pmtu) {
1169 unsigned long expires = fnhe->fnhe_expires; 1173 unsigned long expires = fnhe->fnhe_expires;
1170 unsigned long diff = expires - jiffies; 1174 unsigned long diff = expires - jiffies;
@@ -1181,7 +1185,6 @@ static bool rt_bind_exception(struct rtable *rt, struct fib_nh_exception *fnhe,
1181 } else if (!rt->rt_gateway) 1185 } else if (!rt->rt_gateway)
1182 rt->rt_gateway = daddr; 1186 rt->rt_gateway = daddr;
1183 1187
1184 orig = rcu_dereference(fnhe->fnhe_rth);
1185 rcu_assign_pointer(fnhe->fnhe_rth, rt); 1188 rcu_assign_pointer(fnhe->fnhe_rth, rt);
1186 if (orig) 1189 if (orig)
1187 rt_free(orig); 1190 rt_free(orig);
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index f32c02e2a543..b7c2f439b54f 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -549,14 +549,12 @@ int tcp_ioctl(struct sock *sk, int cmd, unsigned long arg)
549 !tp->urg_data || 549 !tp->urg_data ||
550 before(tp->urg_seq, tp->copied_seq) || 550 before(tp->urg_seq, tp->copied_seq) ||
551 !before(tp->urg_seq, tp->rcv_nxt)) { 551 !before(tp->urg_seq, tp->rcv_nxt)) {
552 struct sk_buff *skb;
553 552
554 answ = tp->rcv_nxt - tp->copied_seq; 553 answ = tp->rcv_nxt - tp->copied_seq;
555 554
556 /* Subtract 1, if FIN is in queue. */ 555 /* Subtract 1, if FIN was received */
557 skb = skb_peek_tail(&sk->sk_receive_queue); 556 if (answ && sock_flag(sk, SOCK_DONE))
558 if (answ && skb) 557 answ--;
559 answ -= tcp_hdr(skb)->fin;
560 } else 558 } else
561 answ = tp->urg_seq - tp->copied_seq; 559 answ = tp->urg_seq - tp->copied_seq;
562 release_sock(sk); 560 release_sock(sk);
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index d7c56f8a5b4e..0424e4e27414 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -3064,14 +3064,15 @@ static struct inet6_ifaddr *if6_get_first(struct seq_file *seq, loff_t pos)
3064 struct hlist_node *n; 3064 struct hlist_node *n;
3065 hlist_for_each_entry_rcu_bh(ifa, n, &inet6_addr_lst[state->bucket], 3065 hlist_for_each_entry_rcu_bh(ifa, n, &inet6_addr_lst[state->bucket],
3066 addr_lst) { 3066 addr_lst) {
3067 if (!net_eq(dev_net(ifa->idev->dev), net))
3068 continue;
3067 /* sync with offset */ 3069 /* sync with offset */
3068 if (p < state->offset) { 3070 if (p < state->offset) {
3069 p++; 3071 p++;
3070 continue; 3072 continue;
3071 } 3073 }
3072 state->offset++; 3074 state->offset++;
3073 if (net_eq(dev_net(ifa->idev->dev), net)) 3075 return ifa;
3074 return ifa;
3075 } 3076 }
3076 3077
3077 /* prepare for next bucket */ 3078 /* prepare for next bucket */
@@ -3089,18 +3090,20 @@ static struct inet6_ifaddr *if6_get_next(struct seq_file *seq,
3089 struct hlist_node *n = &ifa->addr_lst; 3090 struct hlist_node *n = &ifa->addr_lst;
3090 3091
3091 hlist_for_each_entry_continue_rcu_bh(ifa, n, addr_lst) { 3092 hlist_for_each_entry_continue_rcu_bh(ifa, n, addr_lst) {
3093 if (!net_eq(dev_net(ifa->idev->dev), net))
3094 continue;
3092 state->offset++; 3095 state->offset++;
3093 if (net_eq(dev_net(ifa->idev->dev), net)) 3096 return ifa;
3094 return ifa;
3095 } 3097 }
3096 3098
3097 while (++state->bucket < IN6_ADDR_HSIZE) { 3099 while (++state->bucket < IN6_ADDR_HSIZE) {
3098 state->offset = 0; 3100 state->offset = 0;
3099 hlist_for_each_entry_rcu_bh(ifa, n, 3101 hlist_for_each_entry_rcu_bh(ifa, n,
3100 &inet6_addr_lst[state->bucket], addr_lst) { 3102 &inet6_addr_lst[state->bucket], addr_lst) {
3103 if (!net_eq(dev_net(ifa->idev->dev), net))
3104 continue;
3101 state->offset++; 3105 state->offset++;
3102 if (net_eq(dev_net(ifa->idev->dev), net)) 3106 return ifa;
3103 return ifa;
3104 } 3107 }
3105 } 3108 }
3106 3109
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index 7e7198b51c06..c4ee43710aab 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -2589,6 +2589,8 @@ __ip_vs_get_timeouts(struct net *net, struct ip_vs_timeout_user *u)
2589 struct ip_vs_proto_data *pd; 2589 struct ip_vs_proto_data *pd;
2590#endif 2590#endif
2591 2591
2592 memset(u, 0, sizeof (*u));
2593
2592#ifdef CONFIG_IP_VS_PROTO_TCP 2594#ifdef CONFIG_IP_VS_PROTO_TCP
2593 pd = ip_vs_proto_data_get(net, IPPROTO_TCP); 2595 pd = ip_vs_proto_data_get(net, IPPROTO_TCP);
2594 u->tcp_timeout = pd->timeout_table[IP_VS_TCP_S_ESTABLISHED] / HZ; 2596 u->tcp_timeout = pd->timeout_table[IP_VS_TCP_S_ESTABLISHED] / HZ;
@@ -2766,7 +2768,6 @@ do_ip_vs_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
2766 { 2768 {
2767 struct ip_vs_timeout_user t; 2769 struct ip_vs_timeout_user t;
2768 2770
2769 memset(&t, 0, sizeof(t));
2770 __ip_vs_get_timeouts(net, &t); 2771 __ip_vs_get_timeouts(net, &t);
2771 if (copy_to_user(user, &t, sizeof(t)) != 0) 2772 if (copy_to_user(user, &t, sizeof(t)) != 0)
2772 ret = -EFAULT; 2773 ret = -EFAULT;
diff --git a/net/netfilter/xt_CT.c b/net/netfilter/xt_CT.c
index 16c712563860..ae7f5daeee43 100644
--- a/net/netfilter/xt_CT.c
+++ b/net/netfilter/xt_CT.c
@@ -180,9 +180,9 @@ xt_ct_set_timeout(struct nf_conn *ct, const struct xt_tgchk_param *par,
180 typeof(nf_ct_timeout_find_get_hook) timeout_find_get; 180 typeof(nf_ct_timeout_find_get_hook) timeout_find_get;
181 struct ctnl_timeout *timeout; 181 struct ctnl_timeout *timeout;
182 struct nf_conn_timeout *timeout_ext; 182 struct nf_conn_timeout *timeout_ext;
183 const struct ipt_entry *e = par->entryinfo;
184 struct nf_conntrack_l4proto *l4proto; 183 struct nf_conntrack_l4proto *l4proto;
185 int ret = 0; 184 int ret = 0;
185 u8 proto;
186 186
187 rcu_read_lock(); 187 rcu_read_lock();
188 timeout_find_get = rcu_dereference(nf_ct_timeout_find_get_hook); 188 timeout_find_get = rcu_dereference(nf_ct_timeout_find_get_hook);
@@ -192,9 +192,11 @@ xt_ct_set_timeout(struct nf_conn *ct, const struct xt_tgchk_param *par,
192 goto out; 192 goto out;
193 } 193 }
194 194
195 if (e->ip.invflags & IPT_INV_PROTO) { 195 proto = xt_ct_find_proto(par);
196 if (!proto) {
196 ret = -EINVAL; 197 ret = -EINVAL;
197 pr_info("You cannot use inversion on L4 protocol\n"); 198 pr_info("You must specify a L4 protocol, and not use "
199 "inversions on it.\n");
198 goto out; 200 goto out;
199 } 201 }
200 202
@@ -214,7 +216,7 @@ xt_ct_set_timeout(struct nf_conn *ct, const struct xt_tgchk_param *par,
214 /* Make sure the timeout policy matches any existing protocol tracker, 216 /* Make sure the timeout policy matches any existing protocol tracker,
215 * otherwise default to generic. 217 * otherwise default to generic.
216 */ 218 */
217 l4proto = __nf_ct_l4proto_find(par->family, e->ip.proto); 219 l4proto = __nf_ct_l4proto_find(par->family, proto);
218 if (timeout->l4proto->l4proto != l4proto->l4proto) { 220 if (timeout->l4proto->l4proto != l4proto->l4proto) {
219 ret = -EINVAL; 221 ret = -EINVAL;
220 pr_info("Timeout policy `%s' can only be used by L4 protocol " 222 pr_info("Timeout policy `%s' can only be used by L4 protocol "
diff --git a/net/netfilter/xt_TEE.c b/net/netfilter/xt_TEE.c
index ee2e5bc5a8c7..bd93e51d30ac 100644
--- a/net/netfilter/xt_TEE.c
+++ b/net/netfilter/xt_TEE.c
@@ -70,6 +70,7 @@ tee_tg_route4(struct sk_buff *skb, const struct xt_tee_tginfo *info)
70 fl4.daddr = info->gw.ip; 70 fl4.daddr = info->gw.ip;
71 fl4.flowi4_tos = RT_TOS(iph->tos); 71 fl4.flowi4_tos = RT_TOS(iph->tos);
72 fl4.flowi4_scope = RT_SCOPE_UNIVERSE; 72 fl4.flowi4_scope = RT_SCOPE_UNIVERSE;
73 fl4.flowi4_flags = FLOWI_FLAG_KNOWN_NH;
73 rt = ip_route_output_key(net, &fl4); 74 rt = ip_route_output_key(net, &fl4);
74 if (IS_ERR(rt)) 75 if (IS_ERR(rt))
75 return false; 76 return false;
diff --git a/net/netfilter/xt_nat.c b/net/netfilter/xt_nat.c
index 81aafa8e4fef..bea7464cc43f 100644
--- a/net/netfilter/xt_nat.c
+++ b/net/netfilter/xt_nat.c
@@ -111,7 +111,7 @@ static struct xt_target xt_nat_target_reg[] __read_mostly = {
111 .family = NFPROTO_IPV4, 111 .family = NFPROTO_IPV4,
112 .table = "nat", 112 .table = "nat",
113 .hooks = (1 << NF_INET_POST_ROUTING) | 113 .hooks = (1 << NF_INET_POST_ROUTING) |
114 (1 << NF_INET_LOCAL_OUT), 114 (1 << NF_INET_LOCAL_IN),
115 .me = THIS_MODULE, 115 .me = THIS_MODULE,
116 }, 116 },
117 { 117 {
@@ -123,7 +123,7 @@ static struct xt_target xt_nat_target_reg[] __read_mostly = {
123 .family = NFPROTO_IPV4, 123 .family = NFPROTO_IPV4,
124 .table = "nat", 124 .table = "nat",
125 .hooks = (1 << NF_INET_PRE_ROUTING) | 125 .hooks = (1 << NF_INET_PRE_ROUTING) |
126 (1 << NF_INET_LOCAL_IN), 126 (1 << NF_INET_LOCAL_OUT),
127 .me = THIS_MODULE, 127 .me = THIS_MODULE,
128 }, 128 },
129 { 129 {
@@ -133,7 +133,7 @@ static struct xt_target xt_nat_target_reg[] __read_mostly = {
133 .targetsize = sizeof(struct nf_nat_range), 133 .targetsize = sizeof(struct nf_nat_range),
134 .table = "nat", 134 .table = "nat",
135 .hooks = (1 << NF_INET_POST_ROUTING) | 135 .hooks = (1 << NF_INET_POST_ROUTING) |
136 (1 << NF_INET_LOCAL_OUT), 136 (1 << NF_INET_LOCAL_IN),
137 .me = THIS_MODULE, 137 .me = THIS_MODULE,
138 }, 138 },
139 { 139 {
@@ -143,7 +143,7 @@ static struct xt_target xt_nat_target_reg[] __read_mostly = {
143 .targetsize = sizeof(struct nf_nat_range), 143 .targetsize = sizeof(struct nf_nat_range),
144 .table = "nat", 144 .table = "nat",
145 .hooks = (1 << NF_INET_PRE_ROUTING) | 145 .hooks = (1 << NF_INET_PRE_ROUTING) |
146 (1 << NF_INET_LOCAL_IN), 146 (1 << NF_INET_LOCAL_OUT),
147 .me = THIS_MODULE, 147 .me = THIS_MODULE,
148 }, 148 },
149}; 149};
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index 01e944a017a4..4da797fa5ec5 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -138,6 +138,8 @@ static int netlink_dump(struct sock *sk);
138static DEFINE_RWLOCK(nl_table_lock); 138static DEFINE_RWLOCK(nl_table_lock);
139static atomic_t nl_table_users = ATOMIC_INIT(0); 139static atomic_t nl_table_users = ATOMIC_INIT(0);
140 140
141#define nl_deref_protected(X) rcu_dereference_protected(X, lockdep_is_held(&nl_table_lock));
142
141static ATOMIC_NOTIFIER_HEAD(netlink_chain); 143static ATOMIC_NOTIFIER_HEAD(netlink_chain);
142 144
143static inline u32 netlink_group_mask(u32 group) 145static inline u32 netlink_group_mask(u32 group)
@@ -345,6 +347,11 @@ netlink_update_listeners(struct sock *sk)
345 struct hlist_node *node; 347 struct hlist_node *node;
346 unsigned long mask; 348 unsigned long mask;
347 unsigned int i; 349 unsigned int i;
350 struct listeners *listeners;
351
352 listeners = nl_deref_protected(tbl->listeners);
353 if (!listeners)
354 return;
348 355
349 for (i = 0; i < NLGRPLONGS(tbl->groups); i++) { 356 for (i = 0; i < NLGRPLONGS(tbl->groups); i++) {
350 mask = 0; 357 mask = 0;
@@ -352,7 +359,7 @@ netlink_update_listeners(struct sock *sk)
352 if (i < NLGRPLONGS(nlk_sk(sk)->ngroups)) 359 if (i < NLGRPLONGS(nlk_sk(sk)->ngroups))
353 mask |= nlk_sk(sk)->groups[i]; 360 mask |= nlk_sk(sk)->groups[i];
354 } 361 }
355 tbl->listeners->masks[i] = mask; 362 listeners->masks[i] = mask;
356 } 363 }
357 /* this function is only called with the netlink table "grabbed", which 364 /* this function is only called with the netlink table "grabbed", which
358 * makes sure updates are visible before bind or setsockopt return. */ 365 * makes sure updates are visible before bind or setsockopt return. */
@@ -536,7 +543,11 @@ static int netlink_release(struct socket *sock)
536 if (netlink_is_kernel(sk)) { 543 if (netlink_is_kernel(sk)) {
537 BUG_ON(nl_table[sk->sk_protocol].registered == 0); 544 BUG_ON(nl_table[sk->sk_protocol].registered == 0);
538 if (--nl_table[sk->sk_protocol].registered == 0) { 545 if (--nl_table[sk->sk_protocol].registered == 0) {
539 kfree(nl_table[sk->sk_protocol].listeners); 546 struct listeners *old;
547
548 old = nl_deref_protected(nl_table[sk->sk_protocol].listeners);
549 RCU_INIT_POINTER(nl_table[sk->sk_protocol].listeners, NULL);
550 kfree_rcu(old, rcu);
540 nl_table[sk->sk_protocol].module = NULL; 551 nl_table[sk->sk_protocol].module = NULL;
541 nl_table[sk->sk_protocol].bind = NULL; 552 nl_table[sk->sk_protocol].bind = NULL;
542 nl_table[sk->sk_protocol].flags = 0; 553 nl_table[sk->sk_protocol].flags = 0;
@@ -982,7 +993,7 @@ int netlink_has_listeners(struct sock *sk, unsigned int group)
982 rcu_read_lock(); 993 rcu_read_lock();
983 listeners = rcu_dereference(nl_table[sk->sk_protocol].listeners); 994 listeners = rcu_dereference(nl_table[sk->sk_protocol].listeners);
984 995
985 if (group - 1 < nl_table[sk->sk_protocol].groups) 996 if (listeners && group - 1 < nl_table[sk->sk_protocol].groups)
986 res = test_bit(group - 1, listeners->masks); 997 res = test_bit(group - 1, listeners->masks);
987 998
988 rcu_read_unlock(); 999 rcu_read_unlock();
@@ -1625,7 +1636,7 @@ int __netlink_change_ngroups(struct sock *sk, unsigned int groups)
1625 new = kzalloc(sizeof(*new) + NLGRPSZ(groups), GFP_ATOMIC); 1636 new = kzalloc(sizeof(*new) + NLGRPSZ(groups), GFP_ATOMIC);
1626 if (!new) 1637 if (!new)
1627 return -ENOMEM; 1638 return -ENOMEM;
1628 old = rcu_dereference_protected(tbl->listeners, 1); 1639 old = nl_deref_protected(tbl->listeners);
1629 memcpy(new->masks, old->masks, NLGRPSZ(tbl->groups)); 1640 memcpy(new->masks, old->masks, NLGRPSZ(tbl->groups));
1630 rcu_assign_pointer(tbl->listeners, new); 1641 rcu_assign_pointer(tbl->listeners, new);
1631 1642
diff --git a/net/sctp/sm_sideeffect.c b/net/sctp/sm_sideeffect.c
index 57f7de839b03..6773d7803627 100644
--- a/net/sctp/sm_sideeffect.c
+++ b/net/sctp/sm_sideeffect.c
@@ -1642,8 +1642,9 @@ static int sctp_cmd_interpreter(sctp_event_t event_type,
1642 asoc->outqueue.outstanding_bytes; 1642 asoc->outqueue.outstanding_bytes;
1643 sackh.num_gap_ack_blocks = 0; 1643 sackh.num_gap_ack_blocks = 0;
1644 sackh.num_dup_tsns = 0; 1644 sackh.num_dup_tsns = 0;
1645 chunk->subh.sack_hdr = &sackh;
1645 sctp_add_cmd_sf(commands, SCTP_CMD_PROCESS_SACK, 1646 sctp_add_cmd_sf(commands, SCTP_CMD_PROCESS_SACK,
1646 SCTP_SACKH(&sackh)); 1647 SCTP_CHUNK(chunk));
1647 break; 1648 break;
1648 1649
1649 case SCTP_CMD_DISCARD_PACKET: 1650 case SCTP_CMD_DISCARD_PACKET:
generated by cgit v1.2.2 (git 2.25.0) at 2025-02-24 21:19:25 -0500