aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
Diffstat (limited to 'net')
-rw-r--r--net/8021q/vlan_dev.c2
-rw-r--r--net/atm/atm_sysfs.c15
-rw-r--r--net/bluetooth/af_bluetooth.c38
-rw-r--r--net/bluetooth/bnep/core.c4
-rw-r--r--net/bluetooth/bnep/sock.c69
-rw-r--r--net/bluetooth/cmtp/sock.c35
-rw-r--r--net/bluetooth/hci_conn.c6
-rw-r--r--net/bluetooth/hci_event.c15
-rw-r--r--net/bluetooth/hci_sock.c2
-rw-r--r--net/bluetooth/hci_sysfs.c17
-rw-r--r--net/bluetooth/hidp/core.c14
-rw-r--r--net/bluetooth/hidp/sock.c80
-rw-r--r--net/bluetooth/l2cap.c5
-rw-r--r--net/bluetooth/rfcomm/core.c3
-rw-r--r--net/bluetooth/rfcomm/sock.c6
-rw-r--r--net/bluetooth/rfcomm/tty.c7
-rw-r--r--net/bluetooth/sco.c6
-rw-r--r--net/bridge/br_fdb.c7
-rw-r--r--net/bridge/br_if.c4
-rw-r--r--net/bridge/br_private.h2
-rw-r--r--net/bridge/br_stp_if.c2
-rw-r--r--net/compat.c3
-rw-r--r--net/core/dev.c2
-rw-r--r--net/core/flow.c42
-rw-r--r--net/core/netpoll.c8
-rw-r--r--net/core/rtnetlink.c2
-rw-r--r--net/core/scm.c3
-rw-r--r--net/core/sock.c2
-rw-r--r--net/core/utils.c116
-rw-r--r--net/core/wireless.c33
-rw-r--r--net/dccp/ipv4.c10
-rw-r--r--net/dccp/ipv6.c18
-rw-r--r--net/decnet/af_decnet.c4
-rw-r--r--net/decnet/dn_route.c14
-rw-r--r--net/ieee80211/softmac/ieee80211softmac_assoc.c56
-rw-r--r--net/ieee80211/softmac/ieee80211softmac_io.c11
-rw-r--r--net/ieee80211/softmac/ieee80211softmac_module.c1
-rw-r--r--net/ieee80211/softmac/ieee80211softmac_wx.c71
-rw-r--r--net/ipv4/cipso_ipv4.c40
-rw-r--r--net/ipv4/fib_frontend.c5
-rw-r--r--net/ipv4/inetpeer.c29
-rw-r--r--net/ipv4/ip_gre.c4
-rw-r--r--net/ipv4/ipvs/ip_vs_ftp.c2
-rw-r--r--net/ipv4/netfilter/arp_tables.c2
-rw-r--r--net/ipv4/netfilter/ip_conntrack_netlink.c72
-rw-r--r--net/ipv4/netfilter/ip_tables.c3
-rw-r--r--net/ipv4/netfilter/ipt_ECN.c6
-rw-r--r--net/ipv4/netfilter/ipt_TOS.c6
-rw-r--r--net/ipv4/route.c12
-rw-r--r--net/ipv4/tcp_ipv4.c20
-rw-r--r--net/ipv4/tcp_output.c51
-rw-r--r--net/ipv4/xfrm4_policy.c2
-rw-r--r--net/ipv6/Kconfig29
-rw-r--r--net/ipv6/Makefile3
-rw-r--r--net/ipv6/addrconf.c18
-rw-r--r--net/ipv6/af_inet6.c2
-rw-r--r--net/ipv6/fib6_rules.c11
-rw-r--r--net/ipv6/ip6_fib.c9
-rw-r--r--net/ipv6/ndisc.c2
-rw-r--r--net/ipv6/route.c66
-rw-r--r--net/ipv6/sit.c4
-rw-r--r--net/ipv6/tcp_ipv6.c13
-rw-r--r--net/ipv6/xfrm6_policy.c14
-rw-r--r--net/irda/irias_object.c2
-rw-r--r--net/key/af_key.c5
-rw-r--r--net/netfilter/Kconfig4
-rw-r--r--net/netfilter/nf_conntrack_netlink.c72
-rw-r--r--net/netfilter/xt_NFQUEUE.c2
-rw-r--r--net/netfilter/xt_connmark.c2
-rw-r--r--net/netlabel/netlabel_kapi.c2
-rw-r--r--net/sched/sch_htb.c5
-rw-r--r--net/sched/sch_netem.c2
-rw-r--r--net/sctp/ipv6.c10
-rw-r--r--net/sctp/proc.c2
-rw-r--r--net/sctp/socket.c24
-rw-r--r--net/sctp/ulpevent.c25
-rw-r--r--net/sctp/ulpqueue.c2
-rw-r--r--net/sunrpc/auth_gss/svcauth_gss.c5
-rw-r--r--net/sunrpc/pmap_clnt.c14
-rw-r--r--net/sunrpc/svc.c22
-rw-r--r--net/sunrpc/svcsock.c30
-rw-r--r--net/sunrpc/xprtsock.c2
-rw-r--r--net/tipc/bearer.c8
-rw-r--r--net/tipc/config.c5
-rw-r--r--net/tipc/core.c4
-rw-r--r--net/tipc/core.h30
-rw-r--r--net/tipc/dbg.c136
-rw-r--r--net/tipc/dbg.h15
-rw-r--r--net/tipc/discover.c39
-rw-r--r--net/tipc/link.c8
-rw-r--r--net/tipc/name_distr.c2
-rw-r--r--net/tipc/node.c2
-rw-r--r--net/tipc/port.c7
-rw-r--r--net/tipc/socket.c19
-rw-r--r--net/tipc/subscr.c99
-rw-r--r--net/xfrm/xfrm_policy.c101
-rw-r--r--net/xfrm/xfrm_state.c17
-rw-r--r--net/xfrm/xfrm_user.c9
98 files changed, 1141 insertions, 752 deletions
diff --git a/net/8021q/vlan_dev.c b/net/8021q/vlan_dev.c
index da9cfe927158..60a508eb1945 100644
--- a/net/8021q/vlan_dev.c
+++ b/net/8021q/vlan_dev.c
@@ -62,7 +62,7 @@ int vlan_dev_rebuild_header(struct sk_buff *skb)
62 default: 62 default:
63 printk(VLAN_DBG 63 printk(VLAN_DBG
64 "%s: unable to resolve type %X addresses.\n", 64 "%s: unable to resolve type %X addresses.\n",
65 dev->name, (int)veth->h_vlan_encapsulated_proto); 65 dev->name, ntohs(veth->h_vlan_encapsulated_proto));
66 66
67 memcpy(veth->h_source, dev->dev_addr, ETH_ALEN); 67 memcpy(veth->h_source, dev->dev_addr, ETH_ALEN);
68 break; 68 break;
diff --git a/net/atm/atm_sysfs.c b/net/atm/atm_sysfs.c
index c0a4ae28fcfa..62f6ed1f2f98 100644
--- a/net/atm/atm_sysfs.c
+++ b/net/atm/atm_sysfs.c
@@ -141,7 +141,7 @@ static struct class atm_class = {
141int atm_register_sysfs(struct atm_dev *adev) 141int atm_register_sysfs(struct atm_dev *adev)
142{ 142{
143 struct class_device *cdev = &adev->class_dev; 143 struct class_device *cdev = &adev->class_dev;
144 int i, err; 144 int i, j, err;
145 145
146 cdev->class = &atm_class; 146 cdev->class = &atm_class;
147 class_set_devdata(cdev, adev); 147 class_set_devdata(cdev, adev);
@@ -151,10 +151,19 @@ int atm_register_sysfs(struct atm_dev *adev)
151 if (err < 0) 151 if (err < 0)
152 return err; 152 return err;
153 153
154 for (i = 0; atm_attrs[i]; i++) 154 for (i = 0; atm_attrs[i]; i++) {
155 class_device_create_file(cdev, atm_attrs[i]); 155 err = class_device_create_file(cdev, atm_attrs[i]);
156 if (err)
157 goto err_out;
158 }
156 159
157 return 0; 160 return 0;
161
162err_out:
163 for (j = 0; j < i; j++)
164 class_device_remove_file(cdev, atm_attrs[j]);
165 class_device_del(cdev);
166 return err;
158} 167}
159 168
160void atm_unregister_sysfs(struct atm_dev *adev) 169void atm_unregister_sysfs(struct atm_dev *adev)
diff --git a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c
index 305a099b7477..67df99e2e5c8 100644
--- a/net/bluetooth/af_bluetooth.c
+++ b/net/bluetooth/af_bluetooth.c
@@ -48,41 +48,56 @@
48#define BT_DBG(D...) 48#define BT_DBG(D...)
49#endif 49#endif
50 50
51#define VERSION "2.10" 51#define VERSION "2.11"
52 52
53/* Bluetooth sockets */ 53/* Bluetooth sockets */
54#define BT_MAX_PROTO 8 54#define BT_MAX_PROTO 8
55static struct net_proto_family *bt_proto[BT_MAX_PROTO]; 55static struct net_proto_family *bt_proto[BT_MAX_PROTO];
56static DEFINE_RWLOCK(bt_proto_lock);
56 57
57int bt_sock_register(int proto, struct net_proto_family *ops) 58int bt_sock_register(int proto, struct net_proto_family *ops)
58{ 59{
60 int err = 0;
61
59 if (proto < 0 || proto >= BT_MAX_PROTO) 62 if (proto < 0 || proto >= BT_MAX_PROTO)
60 return -EINVAL; 63 return -EINVAL;
61 64
65 write_lock(&bt_proto_lock);
66
62 if (bt_proto[proto]) 67 if (bt_proto[proto])
63 return -EEXIST; 68 err = -EEXIST;
69 else
70 bt_proto[proto] = ops;
64 71
65 bt_proto[proto] = ops; 72 write_unlock(&bt_proto_lock);
66 return 0; 73
74 return err;
67} 75}
68EXPORT_SYMBOL(bt_sock_register); 76EXPORT_SYMBOL(bt_sock_register);
69 77
70int bt_sock_unregister(int proto) 78int bt_sock_unregister(int proto)
71{ 79{
80 int err = 0;
81
72 if (proto < 0 || proto >= BT_MAX_PROTO) 82 if (proto < 0 || proto >= BT_MAX_PROTO)
73 return -EINVAL; 83 return -EINVAL;
74 84
85 write_lock(&bt_proto_lock);
86
75 if (!bt_proto[proto]) 87 if (!bt_proto[proto])
76 return -ENOENT; 88 err = -ENOENT;
89 else
90 bt_proto[proto] = NULL;
77 91
78 bt_proto[proto] = NULL; 92 write_unlock(&bt_proto_lock);
79 return 0; 93
94 return err;
80} 95}
81EXPORT_SYMBOL(bt_sock_unregister); 96EXPORT_SYMBOL(bt_sock_unregister);
82 97
83static int bt_sock_create(struct socket *sock, int proto) 98static int bt_sock_create(struct socket *sock, int proto)
84{ 99{
85 int err = 0; 100 int err;
86 101
87 if (proto < 0 || proto >= BT_MAX_PROTO) 102 if (proto < 0 || proto >= BT_MAX_PROTO)
88 return -EINVAL; 103 return -EINVAL;
@@ -92,11 +107,18 @@ static int bt_sock_create(struct socket *sock, int proto)
92 request_module("bt-proto-%d", proto); 107 request_module("bt-proto-%d", proto);
93 } 108 }
94#endif 109#endif
110
95 err = -EPROTONOSUPPORT; 111 err = -EPROTONOSUPPORT;
112
113 read_lock(&bt_proto_lock);
114
96 if (bt_proto[proto] && try_module_get(bt_proto[proto]->owner)) { 115 if (bt_proto[proto] && try_module_get(bt_proto[proto]->owner)) {
97 err = bt_proto[proto]->create(sock, proto); 116 err = bt_proto[proto]->create(sock, proto);
98 module_put(bt_proto[proto]->owner); 117 module_put(bt_proto[proto]->owner);
99 } 118 }
119
120 read_unlock(&bt_proto_lock);
121
100 return err; 122 return err;
101} 123}
102 124
diff --git a/net/bluetooth/bnep/core.c b/net/bluetooth/bnep/core.c
index 2312d050eeed..4d3424c2421c 100644
--- a/net/bluetooth/bnep/core.c
+++ b/net/bluetooth/bnep/core.c
@@ -528,12 +528,10 @@ static struct device *bnep_get_device(struct bnep_session *session)
528 return NULL; 528 return NULL;
529 529
530 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst); 530 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
531 if (!conn)
532 return NULL;
533 531
534 hci_dev_put(hdev); 532 hci_dev_put(hdev);
535 533
536 return &conn->dev; 534 return conn ? &conn->dev : NULL;
537} 535}
538 536
539int bnep_add_connection(struct bnep_connadd_req *req, struct socket *sock) 537int bnep_add_connection(struct bnep_connadd_req *req, struct socket *sock)
diff --git a/net/bluetooth/bnep/sock.c b/net/bluetooth/bnep/sock.c
index 28c55835422a..5563db1bf526 100644
--- a/net/bluetooth/bnep/sock.c
+++ b/net/bluetooth/bnep/sock.c
@@ -43,6 +43,7 @@
43#include <linux/ioctl.h> 43#include <linux/ioctl.h>
44#include <linux/file.h> 44#include <linux/file.h>
45#include <linux/init.h> 45#include <linux/init.h>
46#include <linux/compat.h>
46#include <net/sock.h> 47#include <net/sock.h>
47 48
48#include <asm/system.h> 49#include <asm/system.h>
@@ -146,24 +147,56 @@ static int bnep_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long
146 return 0; 147 return 0;
147} 148}
148 149
150#ifdef CONFIG_COMPAT
151static int bnep_sock_compat_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
152{
153 if (cmd == BNEPGETCONNLIST) {
154 struct bnep_connlist_req cl;
155 uint32_t uci;
156 int err;
157
158 if (get_user(cl.cnum, (uint32_t __user *) arg) ||
159 get_user(uci, (u32 __user *) (arg + 4)))
160 return -EFAULT;
161
162 cl.ci = compat_ptr(uci);
163
164 if (cl.cnum <= 0)
165 return -EINVAL;
166
167 err = bnep_get_connlist(&cl);
168
169 if (!err && put_user(cl.cnum, (uint32_t __user *) arg))
170 err = -EFAULT;
171
172 return err;
173 }
174
175 return bnep_sock_ioctl(sock, cmd, arg);
176}
177#endif
178
149static const struct proto_ops bnep_sock_ops = { 179static const struct proto_ops bnep_sock_ops = {
150 .family = PF_BLUETOOTH, 180 .family = PF_BLUETOOTH,
151 .owner = THIS_MODULE, 181 .owner = THIS_MODULE,
152 .release = bnep_sock_release, 182 .release = bnep_sock_release,
153 .ioctl = bnep_sock_ioctl, 183 .ioctl = bnep_sock_ioctl,
154 .bind = sock_no_bind, 184#ifdef CONFIG_COMPAT
155 .getname = sock_no_getname, 185 .compat_ioctl = bnep_sock_compat_ioctl,
156 .sendmsg = sock_no_sendmsg, 186#endif
157 .recvmsg = sock_no_recvmsg, 187 .bind = sock_no_bind,
158 .poll = sock_no_poll, 188 .getname = sock_no_getname,
159 .listen = sock_no_listen, 189 .sendmsg = sock_no_sendmsg,
160 .shutdown = sock_no_shutdown, 190 .recvmsg = sock_no_recvmsg,
161 .setsockopt = sock_no_setsockopt, 191 .poll = sock_no_poll,
162 .getsockopt = sock_no_getsockopt, 192 .listen = sock_no_listen,
163 .connect = sock_no_connect, 193 .shutdown = sock_no_shutdown,
164 .socketpair = sock_no_socketpair, 194 .setsockopt = sock_no_setsockopt,
165 .accept = sock_no_accept, 195 .getsockopt = sock_no_getsockopt,
166 .mmap = sock_no_mmap 196 .connect = sock_no_connect,
197 .socketpair = sock_no_socketpair,
198 .accept = sock_no_accept,
199 .mmap = sock_no_mmap
167}; 200};
168 201
169static struct proto bnep_proto = { 202static struct proto bnep_proto = {
@@ -181,7 +214,7 @@ static int bnep_sock_create(struct socket *sock, int protocol)
181 if (sock->type != SOCK_RAW) 214 if (sock->type != SOCK_RAW)
182 return -ESOCKTNOSUPPORT; 215 return -ESOCKTNOSUPPORT;
183 216
184 sk = sk_alloc(PF_BLUETOOTH, GFP_KERNEL, &bnep_proto, 1); 217 sk = sk_alloc(PF_BLUETOOTH, GFP_ATOMIC, &bnep_proto, 1);
185 if (!sk) 218 if (!sk)
186 return -ENOMEM; 219 return -ENOMEM;
187 220
diff --git a/net/bluetooth/cmtp/sock.c b/net/bluetooth/cmtp/sock.c
index 10ad7fd91d83..53295d33dc5c 100644
--- a/net/bluetooth/cmtp/sock.c
+++ b/net/bluetooth/cmtp/sock.c
@@ -34,6 +34,7 @@
34#include <linux/socket.h> 34#include <linux/socket.h>
35#include <linux/ioctl.h> 35#include <linux/ioctl.h>
36#include <linux/file.h> 36#include <linux/file.h>
37#include <linux/compat.h>
37#include <net/sock.h> 38#include <net/sock.h>
38 39
39#include <linux/isdn/capilli.h> 40#include <linux/isdn/capilli.h>
@@ -137,11 +138,43 @@ static int cmtp_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long
137 return -EINVAL; 138 return -EINVAL;
138} 139}
139 140
141#ifdef CONFIG_COMPAT
142static int cmtp_sock_compat_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
143{
144 if (cmd == CMTPGETCONNLIST) {
145 struct cmtp_connlist_req cl;
146 uint32_t uci;
147 int err;
148
149 if (get_user(cl.cnum, (uint32_t __user *) arg) ||
150 get_user(uci, (u32 __user *) (arg + 4)))
151 return -EFAULT;
152
153 cl.ci = compat_ptr(uci);
154
155 if (cl.cnum <= 0)
156 return -EINVAL;
157
158 err = cmtp_get_connlist(&cl);
159
160 if (!err && put_user(cl.cnum, (uint32_t __user *) arg))
161 err = -EFAULT;
162
163 return err;
164 }
165
166 return cmtp_sock_ioctl(sock, cmd, arg);
167}
168#endif
169
140static const struct proto_ops cmtp_sock_ops = { 170static const struct proto_ops cmtp_sock_ops = {
141 .family = PF_BLUETOOTH, 171 .family = PF_BLUETOOTH,
142 .owner = THIS_MODULE, 172 .owner = THIS_MODULE,
143 .release = cmtp_sock_release, 173 .release = cmtp_sock_release,
144 .ioctl = cmtp_sock_ioctl, 174 .ioctl = cmtp_sock_ioctl,
175#ifdef CONFIG_COMPAT
176 .compat_ioctl = cmtp_sock_compat_ioctl,
177#endif
145 .bind = sock_no_bind, 178 .bind = sock_no_bind,
146 .getname = sock_no_getname, 179 .getname = sock_no_getname,
147 .sendmsg = sock_no_sendmsg, 180 .sendmsg = sock_no_sendmsg,
@@ -172,7 +205,7 @@ static int cmtp_sock_create(struct socket *sock, int protocol)
172 if (sock->type != SOCK_RAW) 205 if (sock->type != SOCK_RAW)
173 return -ESOCKTNOSUPPORT; 206 return -ESOCKTNOSUPPORT;
174 207
175 sk = sk_alloc(PF_BLUETOOTH, GFP_KERNEL, &cmtp_proto, 1); 208 sk = sk_alloc(PF_BLUETOOTH, GFP_ATOMIC, &cmtp_proto, 1);
176 if (!sk) 209 if (!sk)
177 return -ENOMEM; 210 return -ENOMEM;
178 211
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index 90e3a285a17e..6cd5711fa28a 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -51,7 +51,7 @@
51#define BT_DBG(D...) 51#define BT_DBG(D...)
52#endif 52#endif
53 53
54static void hci_acl_connect(struct hci_conn *conn) 54void hci_acl_connect(struct hci_conn *conn)
55{ 55{
56 struct hci_dev *hdev = conn->hdev; 56 struct hci_dev *hdev = conn->hdev;
57 struct inquiry_entry *ie; 57 struct inquiry_entry *ie;
@@ -63,6 +63,8 @@ static void hci_acl_connect(struct hci_conn *conn)
63 conn->out = 1; 63 conn->out = 1;
64 conn->link_mode = HCI_LM_MASTER; 64 conn->link_mode = HCI_LM_MASTER;
65 65
66 conn->attempt++;
67
66 memset(&cp, 0, sizeof(cp)); 68 memset(&cp, 0, sizeof(cp));
67 bacpy(&cp.bdaddr, &conn->dst); 69 bacpy(&cp.bdaddr, &conn->dst);
68 cp.pscan_rep_mode = 0x02; 70 cp.pscan_rep_mode = 0x02;
@@ -80,7 +82,7 @@ static void hci_acl_connect(struct hci_conn *conn)
80 cp.role_switch = 0x01; 82 cp.role_switch = 0x01;
81 else 83 else
82 cp.role_switch = 0x00; 84 cp.role_switch = 0x00;
83 85
84 hci_send_cmd(hdev, OGF_LINK_CTL, OCF_CREATE_CONN, sizeof(cp), &cp); 86 hci_send_cmd(hdev, OGF_LINK_CTL, OCF_CREATE_CONN, sizeof(cp), &cp);
85} 87}
86 88
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index d43d0c890975..65f094845719 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -414,9 +414,12 @@ static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
414 414
415 if (status) { 415 if (status) {
416 if (conn && conn->state == BT_CONNECT) { 416 if (conn && conn->state == BT_CONNECT) {
417 conn->state = BT_CLOSED; 417 if (status != 0x0c || conn->attempt > 2) {
418 hci_proto_connect_cfm(conn, status); 418 conn->state = BT_CLOSED;
419 hci_conn_del(conn); 419 hci_proto_connect_cfm(conn, status);
420 hci_conn_del(conn);
421 } else
422 conn->state = BT_CONNECT2;
420 } 423 }
421 } else { 424 } else {
422 if (!conn) { 425 if (!conn) {
@@ -728,7 +731,7 @@ static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *sk
728static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 731static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
729{ 732{
730 struct hci_ev_conn_complete *ev = (struct hci_ev_conn_complete *) skb->data; 733 struct hci_ev_conn_complete *ev = (struct hci_ev_conn_complete *) skb->data;
731 struct hci_conn *conn; 734 struct hci_conn *conn, *pend;
732 735
733 BT_DBG("%s", hdev->name); 736 BT_DBG("%s", hdev->name);
734 737
@@ -801,6 +804,10 @@ static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *s
801 if (ev->status) 804 if (ev->status)
802 hci_conn_del(conn); 805 hci_conn_del(conn);
803 806
807 pend = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
808 if (pend)
809 hci_acl_connect(pend);
810
804 hci_dev_unlock(hdev); 811 hci_dev_unlock(hdev);
805} 812}
806 813
diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c
index 1a35d343e08a..f26a9eb49945 100644
--- a/net/bluetooth/hci_sock.c
+++ b/net/bluetooth/hci_sock.c
@@ -618,7 +618,7 @@ static int hci_sock_create(struct socket *sock, int protocol)
618 618
619 sock->ops = &hci_sock_ops; 619 sock->ops = &hci_sock_ops;
620 620
621 sk = sk_alloc(PF_BLUETOOTH, GFP_KERNEL, &hci_sk_proto, 1); 621 sk = sk_alloc(PF_BLUETOOTH, GFP_ATOMIC, &hci_sk_proto, 1);
622 if (!sk) 622 if (!sk)
623 return -ENOMEM; 623 return -ENOMEM;
624 624
diff --git a/net/bluetooth/hci_sysfs.c b/net/bluetooth/hci_sysfs.c
index 989b22d9042e..954eb74eb370 100644
--- a/net/bluetooth/hci_sysfs.c
+++ b/net/bluetooth/hci_sysfs.c
@@ -242,10 +242,14 @@ static void add_conn(void *data)
242 struct hci_conn *conn = data; 242 struct hci_conn *conn = data;
243 int i; 243 int i;
244 244
245 device_register(&conn->dev); 245 if (device_register(&conn->dev) < 0) {
246 BT_ERR("Failed to register connection device");
247 return;
248 }
246 249
247 for (i = 0; conn_attrs[i]; i++) 250 for (i = 0; conn_attrs[i]; i++)
248 device_create_file(&conn->dev, conn_attrs[i]); 251 if (device_create_file(&conn->dev, conn_attrs[i]) < 0)
252 BT_ERR("Failed to create connection attribute");
249} 253}
250 254
251void hci_conn_add_sysfs(struct hci_conn *conn) 255void hci_conn_add_sysfs(struct hci_conn *conn)
@@ -295,11 +299,7 @@ int hci_register_sysfs(struct hci_dev *hdev)
295 BT_DBG("%p name %s type %d", hdev, hdev->name, hdev->type); 299 BT_DBG("%p name %s type %d", hdev, hdev->name, hdev->type);
296 300
297 dev->class = bt_class; 301 dev->class = bt_class;
298 302 dev->parent = hdev->parent;
299 if (hdev->parent)
300 dev->parent = hdev->parent;
301 else
302 dev->parent = &bt_platform->dev;
303 303
304 strlcpy(dev->bus_id, hdev->name, BUS_ID_SIZE); 304 strlcpy(dev->bus_id, hdev->name, BUS_ID_SIZE);
305 305
@@ -312,7 +312,8 @@ int hci_register_sysfs(struct hci_dev *hdev)
312 return err; 312 return err;
313 313
314 for (i = 0; bt_attrs[i]; i++) 314 for (i = 0; bt_attrs[i]; i++)
315 device_create_file(dev, bt_attrs[i]); 315 if (device_create_file(dev, bt_attrs[i]) < 0)
316 BT_ERR("Failed to create device attribute");
316 317
317 return 0; 318 return 0;
318} 319}
diff --git a/net/bluetooth/hidp/core.c b/net/bluetooth/hidp/core.c
index 03b5dadb4951..66782010f82c 100644
--- a/net/bluetooth/hidp/core.c
+++ b/net/bluetooth/hidp/core.c
@@ -507,14 +507,12 @@ static int hidp_session(void *arg)
507 507
508 hidp_del_timer(session); 508 hidp_del_timer(session);
509 509
510 if (intr_sk->sk_state != BT_CONNECTED) 510 fput(session->intr_sock->file);
511 wait_event_timeout(*(ctrl_sk->sk_sleep), (ctrl_sk->sk_state == BT_CLOSED), HZ);
512
513 fput(session->ctrl_sock->file);
514 511
515 wait_event_timeout(*(intr_sk->sk_sleep), (intr_sk->sk_state == BT_CLOSED), HZ); 512 wait_event_timeout(*(ctrl_sk->sk_sleep),
513 (ctrl_sk->sk_state == BT_CLOSED), msecs_to_jiffies(500));
516 514
517 fput(session->intr_sock->file); 515 fput(session->ctrl_sock->file);
518 516
519 __hidp_unlink_session(session); 517 __hidp_unlink_session(session);
520 518
@@ -541,12 +539,10 @@ static struct device *hidp_get_device(struct hidp_session *session)
541 return NULL; 539 return NULL;
542 540
543 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst); 541 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
544 if (!conn)
545 return NULL;
546 542
547 hci_dev_put(hdev); 543 hci_dev_put(hdev);
548 544
549 return &conn->dev; 545 return conn ? &conn->dev : NULL;
550} 546}
551 547
552static inline void hidp_setup_input(struct hidp_session *session, struct hidp_connadd_req *req) 548static inline void hidp_setup_input(struct hidp_session *session, struct hidp_connadd_req *req)
diff --git a/net/bluetooth/hidp/sock.c b/net/bluetooth/hidp/sock.c
index 099646e4e2ef..407fba43c1b9 100644
--- a/net/bluetooth/hidp/sock.c
+++ b/net/bluetooth/hidp/sock.c
@@ -35,6 +35,7 @@
35#include <linux/ioctl.h> 35#include <linux/ioctl.h>
36#include <linux/file.h> 36#include <linux/file.h>
37#include <linux/init.h> 37#include <linux/init.h>
38#include <linux/compat.h>
38#include <net/sock.h> 39#include <net/sock.h>
39 40
40#include "hidp.h" 41#include "hidp.h"
@@ -143,11 +144,88 @@ static int hidp_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long
143 return -EINVAL; 144 return -EINVAL;
144} 145}
145 146
147#ifdef CONFIG_COMPAT
148struct compat_hidp_connadd_req {
149 int ctrl_sock; // Connected control socket
150 int intr_sock; // Connteted interrupt socket
151 __u16 parser;
152 __u16 rd_size;
153 compat_uptr_t rd_data;
154 __u8 country;
155 __u8 subclass;
156 __u16 vendor;
157 __u16 product;
158 __u16 version;
159 __u32 flags;
160 __u32 idle_to;
161 char name[128];
162};
163
164static int hidp_sock_compat_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
165{
166 if (cmd == HIDPGETCONNLIST) {
167 struct hidp_connlist_req cl;
168 uint32_t uci;
169 int err;
170
171 if (get_user(cl.cnum, (uint32_t __user *) arg) ||
172 get_user(uci, (u32 __user *) (arg + 4)))
173 return -EFAULT;
174
175 cl.ci = compat_ptr(uci);
176
177 if (cl.cnum <= 0)
178 return -EINVAL;
179
180 err = hidp_get_connlist(&cl);
181
182 if (!err && put_user(cl.cnum, (uint32_t __user *) arg))
183 err = -EFAULT;
184
185 return err;
186 } else if (cmd == HIDPCONNADD) {
187 struct compat_hidp_connadd_req ca;
188 struct hidp_connadd_req __user *uca;
189
190 uca = compat_alloc_user_space(sizeof(*uca));
191
192 if (copy_from_user(&ca, (void *) arg, sizeof(ca)))
193 return -EFAULT;
194
195 if (put_user(ca.ctrl_sock, &uca->ctrl_sock) ||
196 put_user(ca.intr_sock, &uca->intr_sock) ||
197 put_user(ca.parser, &uca->parser) ||
198 put_user(ca.rd_size, &uca->parser) ||
199 put_user(compat_ptr(ca.rd_data), &uca->rd_data) ||
200 put_user(ca.country, &uca->country) ||
201 put_user(ca.subclass, &uca->subclass) ||
202 put_user(ca.vendor, &uca->vendor) ||
203 put_user(ca.product, &uca->product) ||
204 put_user(ca.version, &uca->version) ||
205 put_user(ca.flags, &uca->flags) ||
206 put_user(ca.idle_to, &uca->idle_to) ||
207 copy_to_user(&uca->name[0], &ca.name[0], 128))
208 return -EFAULT;
209
210 arg = (unsigned long) uca;
211
212 /* Fall through. We don't actually write back any _changes_
213 to the structure anyway, so there's no need to copy back
214 into the original compat version */
215 }
216
217 return hidp_sock_ioctl(sock, cmd, arg);
218}
219#endif
220
146static const struct proto_ops hidp_sock_ops = { 221static const struct proto_ops hidp_sock_ops = {
147 .family = PF_BLUETOOTH, 222 .family = PF_BLUETOOTH,
148 .owner = THIS_MODULE, 223 .owner = THIS_MODULE,
149 .release = hidp_sock_release, 224 .release = hidp_sock_release,
150 .ioctl = hidp_sock_ioctl, 225 .ioctl = hidp_sock_ioctl,
226#ifdef CONFIG_COMPAT
227 .compat_ioctl = hidp_sock_compat_ioctl,
228#endif
151 .bind = sock_no_bind, 229 .bind = sock_no_bind,
152 .getname = sock_no_getname, 230 .getname = sock_no_getname,
153 .sendmsg = sock_no_sendmsg, 231 .sendmsg = sock_no_sendmsg,
@@ -178,7 +256,7 @@ static int hidp_sock_create(struct socket *sock, int protocol)
178 if (sock->type != SOCK_RAW) 256 if (sock->type != SOCK_RAW)
179 return -ESOCKTNOSUPPORT; 257 return -ESOCKTNOSUPPORT;
180 258
181 sk = sk_alloc(PF_BLUETOOTH, GFP_KERNEL, &hidp_proto, 1); 259 sk = sk_alloc(PF_BLUETOOTH, GFP_ATOMIC, &hidp_proto, 1);
182 if (!sk) 260 if (!sk)
183 return -ENOMEM; 261 return -ENOMEM;
184 262
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index d56f60b392ac..2b3dcb8f90fa 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -559,7 +559,7 @@ static int l2cap_sock_create(struct socket *sock, int protocol)
559 559
560 sock->ops = &l2cap_sock_ops; 560 sock->ops = &l2cap_sock_ops;
561 561
562 sk = l2cap_sock_alloc(sock, protocol, GFP_KERNEL); 562 sk = l2cap_sock_alloc(sock, protocol, GFP_ATOMIC);
563 if (!sk) 563 if (!sk)
564 return -ENOMEM; 564 return -ENOMEM;
565 565
@@ -2216,7 +2216,8 @@ static int __init l2cap_init(void)
2216 goto error; 2216 goto error;
2217 } 2217 }
2218 2218
2219 class_create_file(bt_class, &class_attr_l2cap); 2219 if (class_create_file(bt_class, &class_attr_l2cap) < 0)
2220 BT_ERR("Failed to create L2CAP info file");
2220 2221
2221 BT_INFO("L2CAP ver %s", VERSION); 2222 BT_INFO("L2CAP ver %s", VERSION);
2222 BT_INFO("L2CAP socket layer initialized"); 2223 BT_INFO("L2CAP socket layer initialized");
diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c
index 468df3b953f6..ddc4e9d5963e 100644
--- a/net/bluetooth/rfcomm/core.c
+++ b/net/bluetooth/rfcomm/core.c
@@ -2058,7 +2058,8 @@ static int __init rfcomm_init(void)
2058 2058
2059 kernel_thread(rfcomm_run, NULL, CLONE_KERNEL); 2059 kernel_thread(rfcomm_run, NULL, CLONE_KERNEL);
2060 2060
2061 class_create_file(bt_class, &class_attr_rfcomm_dlc); 2061 if (class_create_file(bt_class, &class_attr_rfcomm_dlc) < 0)
2062 BT_ERR("Failed to create RFCOMM info file");
2062 2063
2063 rfcomm_init_sockets(); 2064 rfcomm_init_sockets();
2064 2065
diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c
index 220fee04e7f2..544d65b7baa7 100644
--- a/net/bluetooth/rfcomm/sock.c
+++ b/net/bluetooth/rfcomm/sock.c
@@ -336,7 +336,8 @@ static int rfcomm_sock_create(struct socket *sock, int protocol)
336 336
337 sock->ops = &rfcomm_sock_ops; 337 sock->ops = &rfcomm_sock_ops;
338 338
339 if (!(sk = rfcomm_sock_alloc(sock, protocol, GFP_KERNEL))) 339 sk = rfcomm_sock_alloc(sock, protocol, GFP_ATOMIC);
340 if (!sk)
340 return -ENOMEM; 341 return -ENOMEM;
341 342
342 rfcomm_sock_init(sk, NULL); 343 rfcomm_sock_init(sk, NULL);
@@ -944,7 +945,8 @@ int __init rfcomm_init_sockets(void)
944 if (err < 0) 945 if (err < 0)
945 goto error; 946 goto error;
946 947
947 class_create_file(bt_class, &class_attr_rfcomm); 948 if (class_create_file(bt_class, &class_attr_rfcomm) < 0)
949 BT_ERR("Failed to create RFCOMM info file");
948 950
949 BT_INFO("RFCOMM socket layer initialized"); 951 BT_INFO("RFCOMM socket layer initialized");
950 952
diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c
index 1958ad1b8541..b8e3a5f1c8a8 100644
--- a/net/bluetooth/rfcomm/tty.c
+++ b/net/bluetooth/rfcomm/tty.c
@@ -172,12 +172,10 @@ static struct device *rfcomm_get_device(struct rfcomm_dev *dev)
172 return NULL; 172 return NULL;
173 173
174 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &dev->dst); 174 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &dev->dst);
175 if (!conn)
176 return NULL;
177 175
178 hci_dev_put(hdev); 176 hci_dev_put(hdev);
179 177
180 return &conn->dev; 178 return conn ? &conn->dev : NULL;
181} 179}
182 180
183static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc) 181static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc)
@@ -767,6 +765,9 @@ static void rfcomm_tty_set_termios(struct tty_struct *tty, struct termios *old)
767 765
768 BT_DBG("tty %p termios %p", tty, old); 766 BT_DBG("tty %p termios %p", tty, old);
769 767
768 if (!dev)
769 return;
770
770 /* Handle turning off CRTSCTS */ 771 /* Handle turning off CRTSCTS */
771 if ((old->c_cflag & CRTSCTS) && !(new->c_cflag & CRTSCTS)) 772 if ((old->c_cflag & CRTSCTS) && !(new->c_cflag & CRTSCTS))
772 BT_DBG("Turning off CRTSCTS unsupported"); 773 BT_DBG("Turning off CRTSCTS unsupported");
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index 7714a2ec3854..5d13d4f31753 100644
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -452,7 +452,8 @@ static int sco_sock_create(struct socket *sock, int protocol)
452 452
453 sock->ops = &sco_sock_ops; 453 sock->ops = &sco_sock_ops;
454 454
455 if (!(sk = sco_sock_alloc(sock, protocol, GFP_KERNEL))) 455 sk = sco_sock_alloc(sock, protocol, GFP_ATOMIC);
456 if (!sk)
456 return -ENOMEM; 457 return -ENOMEM;
457 458
458 sco_sock_init(sk, NULL); 459 sco_sock_init(sk, NULL);
@@ -967,7 +968,8 @@ static int __init sco_init(void)
967 goto error; 968 goto error;
968 } 969 }
969 970
970 class_create_file(bt_class, &class_attr_sco); 971 if (class_create_file(bt_class, &class_attr_sco) < 0)
972 BT_ERR("Failed to create SCO info file");
971 973
972 BT_INFO("SCO (Voice Link) ver %s", VERSION); 974 BT_INFO("SCO (Voice Link) ver %s", VERSION);
973 BT_INFO("SCO socket layer initialized"); 975 BT_INFO("SCO socket layer initialized");
diff --git a/net/bridge/br_fdb.c b/net/bridge/br_fdb.c
index 3a73b8c94271..d9f04864d15d 100644
--- a/net/bridge/br_fdb.c
+++ b/net/bridge/br_fdb.c
@@ -128,7 +128,10 @@ void br_fdb_cleanup(unsigned long _data)
128 mod_timer(&br->gc_timer, jiffies + HZ/10); 128 mod_timer(&br->gc_timer, jiffies + HZ/10);
129} 129}
130 130
131void br_fdb_delete_by_port(struct net_bridge *br, struct net_bridge_port *p) 131
132void br_fdb_delete_by_port(struct net_bridge *br,
133 const struct net_bridge_port *p,
134 int do_all)
132{ 135{
133 int i; 136 int i;
134 137
@@ -142,6 +145,8 @@ void br_fdb_delete_by_port(struct net_bridge *br, struct net_bridge_port *p)
142 if (f->dst != p) 145 if (f->dst != p)
143 continue; 146 continue;
144 147
148 if (f->is_static && !do_all)
149 continue;
145 /* 150 /*
146 * if multiple ports all have the same device address 151 * if multiple ports all have the same device address
147 * then when one port is deleted, assign 152 * then when one port is deleted, assign
diff --git a/net/bridge/br_if.c b/net/bridge/br_if.c
index b1211d5342f6..f753c40c11d2 100644
--- a/net/bridge/br_if.c
+++ b/net/bridge/br_if.c
@@ -163,7 +163,7 @@ static void del_nbp(struct net_bridge_port *p)
163 br_stp_disable_port(p); 163 br_stp_disable_port(p);
164 spin_unlock_bh(&br->lock); 164 spin_unlock_bh(&br->lock);
165 165
166 br_fdb_delete_by_port(br, p); 166 br_fdb_delete_by_port(br, p, 1);
167 167
168 list_del_rcu(&p->list); 168 list_del_rcu(&p->list);
169 169
@@ -448,7 +448,7 @@ int br_add_if(struct net_bridge *br, struct net_device *dev)
448 448
449 return 0; 449 return 0;
450err2: 450err2:
451 br_fdb_delete_by_port(br, p); 451 br_fdb_delete_by_port(br, p, 1);
452err1: 452err1:
453 kobject_del(&p->kobj); 453 kobject_del(&p->kobj);
454err0: 454err0:
diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h
index c491fb2f280e..74258d86f256 100644
--- a/net/bridge/br_private.h
+++ b/net/bridge/br_private.h
@@ -143,7 +143,7 @@ extern void br_fdb_changeaddr(struct net_bridge_port *p,
143 const unsigned char *newaddr); 143 const unsigned char *newaddr);
144extern void br_fdb_cleanup(unsigned long arg); 144extern void br_fdb_cleanup(unsigned long arg);
145extern void br_fdb_delete_by_port(struct net_bridge *br, 145extern void br_fdb_delete_by_port(struct net_bridge *br,
146 struct net_bridge_port *p); 146 const struct net_bridge_port *p, int do_all);
147extern struct net_bridge_fdb_entry *__br_fdb_get(struct net_bridge *br, 147extern struct net_bridge_fdb_entry *__br_fdb_get(struct net_bridge *br,
148 const unsigned char *addr); 148 const unsigned char *addr);
149extern struct net_bridge_fdb_entry *br_fdb_get(struct net_bridge *br, 149extern struct net_bridge_fdb_entry *br_fdb_get(struct net_bridge *br,
diff --git a/net/bridge/br_stp_if.c b/net/bridge/br_stp_if.c
index 14cd025079af..d294224592db 100644
--- a/net/bridge/br_stp_if.c
+++ b/net/bridge/br_stp_if.c
@@ -113,6 +113,8 @@ void br_stp_disable_port(struct net_bridge_port *p)
113 del_timer(&p->forward_delay_timer); 113 del_timer(&p->forward_delay_timer);
114 del_timer(&p->hold_timer); 114 del_timer(&p->hold_timer);
115 115
116 br_fdb_delete_by_port(br, p, 0);
117
116 br_configuration_update(br); 118 br_configuration_update(br);
117 119
118 br_port_state_selection(br); 120 br_port_state_selection(br);
diff --git a/net/compat.c b/net/compat.c
index d5d69fa15d07..52d32f1bc728 100644
--- a/net/compat.c
+++ b/net/compat.c
@@ -285,8 +285,7 @@ void scm_detach_fds_compat(struct msghdr *kmsg, struct scm_cookie *scm)
285 285
286 if (i > 0) { 286 if (i > 0) {
287 int cmlen = CMSG_COMPAT_LEN(i * sizeof(int)); 287 int cmlen = CMSG_COMPAT_LEN(i * sizeof(int));
288 if (!err) 288 err = put_user(SOL_SOCKET, &cm->cmsg_level);
289 err = put_user(SOL_SOCKET, &cm->cmsg_level);
290 if (!err) 289 if (!err)
291 err = put_user(SCM_RIGHTS, &cm->cmsg_type); 290 err = put_user(SCM_RIGHTS, &cm->cmsg_type);
292 if (!err) 291 if (!err)
diff --git a/net/core/dev.c b/net/core/dev.c
index 4d891beab138..81c426adcd1e 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -3502,8 +3502,6 @@ static int __init net_dev_init(void)
3502 3502
3503 BUG_ON(!dev_boot_phase); 3503 BUG_ON(!dev_boot_phase);
3504 3504
3505 net_random_init();
3506
3507 if (dev_proc_init()) 3505 if (dev_proc_init())
3508 goto out; 3506 goto out;
3509 3507
diff --git a/net/core/flow.c b/net/core/flow.c
index f23e7e386543..b16d31ae5e54 100644
--- a/net/core/flow.c
+++ b/net/core/flow.c
@@ -85,6 +85,14 @@ static void flow_cache_new_hashrnd(unsigned long arg)
85 add_timer(&flow_hash_rnd_timer); 85 add_timer(&flow_hash_rnd_timer);
86} 86}
87 87
88static void flow_entry_kill(int cpu, struct flow_cache_entry *fle)
89{
90 if (fle->object)
91 atomic_dec(fle->object_ref);
92 kmem_cache_free(flow_cachep, fle);
93 flow_count(cpu)--;
94}
95
88static void __flow_cache_shrink(int cpu, int shrink_to) 96static void __flow_cache_shrink(int cpu, int shrink_to)
89{ 97{
90 struct flow_cache_entry *fle, **flp; 98 struct flow_cache_entry *fle, **flp;
@@ -100,10 +108,7 @@ static void __flow_cache_shrink(int cpu, int shrink_to)
100 } 108 }
101 while ((fle = *flp) != NULL) { 109 while ((fle = *flp) != NULL) {
102 *flp = fle->next; 110 *flp = fle->next;
103 if (fle->object) 111 flow_entry_kill(cpu, fle);
104 atomic_dec(fle->object_ref);
105 kmem_cache_free(flow_cachep, fle);
106 flow_count(cpu)--;
107 } 112 }
108 } 113 }
109} 114}
@@ -220,24 +225,33 @@ void *flow_cache_lookup(struct flowi *key, u16 family, u8 dir,
220 225
221nocache: 226nocache:
222 { 227 {
228 int err;
223 void *obj; 229 void *obj;
224 atomic_t *obj_ref; 230 atomic_t *obj_ref;
225 231
226 resolver(key, family, dir, &obj, &obj_ref); 232 err = resolver(key, family, dir, &obj, &obj_ref);
227 233
228 if (fle) { 234 if (fle) {
229 fle->genid = atomic_read(&flow_cache_genid); 235 if (err) {
230 236 /* Force security policy check on next lookup */
231 if (fle->object) 237 *head = fle->next;
232 atomic_dec(fle->object_ref); 238 flow_entry_kill(cpu, fle);
233 239 } else {
234 fle->object = obj; 240 fle->genid = atomic_read(&flow_cache_genid);
235 fle->object_ref = obj_ref; 241
236 if (obj) 242 if (fle->object)
237 atomic_inc(fle->object_ref); 243 atomic_dec(fle->object_ref);
244
245 fle->object = obj;
246 fle->object_ref = obj_ref;
247 if (obj)
248 atomic_inc(fle->object_ref);
249 }
238 } 250 }
239 local_bh_enable(); 251 local_bh_enable();
240 252
253 if (err)
254 obj = ERR_PTR(err);
241 return obj; 255 return obj;
242 } 256 }
243} 257}
diff --git a/net/core/netpoll.c b/net/core/netpoll.c
index ead5920c26d6..9308af060b44 100644
--- a/net/core/netpoll.c
+++ b/net/core/netpoll.c
@@ -335,13 +335,13 @@ void netpoll_send_udp(struct netpoll *np, const char *msg, int len)
335 memcpy(skb->data, msg, len); 335 memcpy(skb->data, msg, len);
336 skb->len += len; 336 skb->len += len;
337 337
338 udph = (struct udphdr *) skb_push(skb, sizeof(*udph)); 338 skb->h.uh = udph = (struct udphdr *) skb_push(skb, sizeof(*udph));
339 udph->source = htons(np->local_port); 339 udph->source = htons(np->local_port);
340 udph->dest = htons(np->remote_port); 340 udph->dest = htons(np->remote_port);
341 udph->len = htons(udp_len); 341 udph->len = htons(udp_len);
342 udph->check = 0; 342 udph->check = 0;
343 343
344 iph = (struct iphdr *)skb_push(skb, sizeof(*iph)); 344 skb->nh.iph = iph = (struct iphdr *)skb_push(skb, sizeof(*iph));
345 345
346 /* iph->version = 4; iph->ihl = 5; */ 346 /* iph->version = 4; iph->ihl = 5; */
347 put_unaligned(0x45, (unsigned char *)iph); 347 put_unaligned(0x45, (unsigned char *)iph);
@@ -357,8 +357,8 @@ void netpoll_send_udp(struct netpoll *np, const char *msg, int len)
357 iph->check = ip_fast_csum((unsigned char *)iph, iph->ihl); 357 iph->check = ip_fast_csum((unsigned char *)iph, iph->ihl);
358 358
359 eth = (struct ethhdr *) skb_push(skb, ETH_HLEN); 359 eth = (struct ethhdr *) skb_push(skb, ETH_HLEN);
360 360 skb->mac.raw = skb->data;
361 eth->h_proto = htons(ETH_P_IP); 361 skb->protocol = eth->h_proto = htons(ETH_P_IP);
362 memcpy(eth->h_source, np->local_mac, 6); 362 memcpy(eth->h_source, np->local_mac, 6);
363 memcpy(eth->h_dest, np->remote_mac, 6); 363 memcpy(eth->h_dest, np->remote_mac, 6);
364 364
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index 221e4038216b..02f3c7947898 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -602,7 +602,7 @@ static int rtnl_getlink(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg)
602 goto errout; 602 goto errout;
603 } 603 }
604 604
605 err = rtnl_unicast(skb, NETLINK_CB(skb).pid); 605 err = rtnl_unicast(nskb, NETLINK_CB(skb).pid);
606errout: 606errout:
607 kfree(iw_buf); 607 kfree(iw_buf);
608 dev_put(dev); 608 dev_put(dev);
diff --git a/net/core/scm.c b/net/core/scm.c
index 649d01ef35b6..271cf060ef8c 100644
--- a/net/core/scm.c
+++ b/net/core/scm.c
@@ -245,8 +245,7 @@ void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm)
245 if (i > 0) 245 if (i > 0)
246 { 246 {
247 int cmlen = CMSG_LEN(i*sizeof(int)); 247 int cmlen = CMSG_LEN(i*sizeof(int));
248 if (!err) 248 err = put_user(SOL_SOCKET, &cm->cmsg_level);
249 err = put_user(SOL_SOCKET, &cm->cmsg_level);
250 if (!err) 249 if (!err)
251 err = put_user(SCM_RIGHTS, &cm->cmsg_type); 250 err = put_user(SCM_RIGHTS, &cm->cmsg_type);
252 if (!err) 251 if (!err)
diff --git a/net/core/sock.c b/net/core/sock.c
index b77e155cbe6c..d472db4776c3 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -823,7 +823,7 @@ static void inline sock_lock_init(struct sock *sk)
823 af_family_slock_key_strings[sk->sk_family]); 823 af_family_slock_key_strings[sk->sk_family]);
824 lockdep_init_map(&sk->sk_lock.dep_map, 824 lockdep_init_map(&sk->sk_lock.dep_map,
825 af_family_key_strings[sk->sk_family], 825 af_family_key_strings[sk->sk_family],
826 af_family_keys + sk->sk_family); 826 af_family_keys + sk->sk_family, 0);
827} 827}
828 828
829/** 829/**
diff --git a/net/core/utils.c b/net/core/utils.c
index 94c5d761c830..d93fe64f6693 100644
--- a/net/core/utils.c
+++ b/net/core/utils.c
@@ -30,119 +30,6 @@
30#include <asm/system.h> 30#include <asm/system.h>
31#include <asm/uaccess.h> 31#include <asm/uaccess.h>
32 32
33/*
34 This is a maximally equidistributed combined Tausworthe generator
35 based on code from GNU Scientific Library 1.5 (30 Jun 2004)
36
37 x_n = (s1_n ^ s2_n ^ s3_n)
38
39 s1_{n+1} = (((s1_n & 4294967294) <<12) ^ (((s1_n <<13) ^ s1_n) >>19))
40 s2_{n+1} = (((s2_n & 4294967288) << 4) ^ (((s2_n << 2) ^ s2_n) >>25))
41 s3_{n+1} = (((s3_n & 4294967280) <<17) ^ (((s3_n << 3) ^ s3_n) >>11))
42
43 The period of this generator is about 2^88.
44
45 From: P. L'Ecuyer, "Maximally Equidistributed Combined Tausworthe
46 Generators", Mathematics of Computation, 65, 213 (1996), 203--213.
47
48 This is available on the net from L'Ecuyer's home page,
49
50 http://www.iro.umontreal.ca/~lecuyer/myftp/papers/tausme.ps
51 ftp://ftp.iro.umontreal.ca/pub/simulation/lecuyer/papers/tausme.ps
52
53 There is an erratum in the paper "Tables of Maximally
54 Equidistributed Combined LFSR Generators", Mathematics of
55 Computation, 68, 225 (1999), 261--269:
56 http://www.iro.umontreal.ca/~lecuyer/myftp/papers/tausme2.ps
57
58 ... the k_j most significant bits of z_j must be non-
59 zero, for each j. (Note: this restriction also applies to the
60 computer code given in [4], but was mistakenly not mentioned in
61 that paper.)
62
63 This affects the seeding procedure by imposing the requirement
64 s1 > 1, s2 > 7, s3 > 15.
65
66*/
67struct nrnd_state {
68 u32 s1, s2, s3;
69};
70
71static DEFINE_PER_CPU(struct nrnd_state, net_rand_state);
72
73static u32 __net_random(struct nrnd_state *state)
74{
75#define TAUSWORTHE(s,a,b,c,d) ((s&c)<<d) ^ (((s <<a) ^ s)>>b)
76
77 state->s1 = TAUSWORTHE(state->s1, 13, 19, 4294967294UL, 12);
78 state->s2 = TAUSWORTHE(state->s2, 2, 25, 4294967288UL, 4);
79 state->s3 = TAUSWORTHE(state->s3, 3, 11, 4294967280UL, 17);
80
81 return (state->s1 ^ state->s2 ^ state->s3);
82}
83
84static void __net_srandom(struct nrnd_state *state, unsigned long s)
85{
86 if (s == 0)
87 s = 1; /* default seed is 1 */
88
89#define LCG(n) (69069 * n)
90 state->s1 = LCG(s);
91 state->s2 = LCG(state->s1);
92 state->s3 = LCG(state->s2);
93
94 /* "warm it up" */
95 __net_random(state);
96 __net_random(state);
97 __net_random(state);
98 __net_random(state);
99 __net_random(state);
100 __net_random(state);
101}
102
103
104unsigned long net_random(void)
105{
106 unsigned long r;
107 struct nrnd_state *state = &get_cpu_var(net_rand_state);
108 r = __net_random(state);
109 put_cpu_var(state);
110 return r;
111}
112
113
114void net_srandom(unsigned long entropy)
115{
116 struct nrnd_state *state = &get_cpu_var(net_rand_state);
117 __net_srandom(state, state->s1^entropy);
118 put_cpu_var(state);
119}
120
121void __init net_random_init(void)
122{
123 int i;
124
125 for_each_possible_cpu(i) {
126 struct nrnd_state *state = &per_cpu(net_rand_state,i);
127 __net_srandom(state, i+jiffies);
128 }
129}
130
131static int net_random_reseed(void)
132{
133 int i;
134 unsigned long seed;
135
136 for_each_possible_cpu(i) {
137 struct nrnd_state *state = &per_cpu(net_rand_state,i);
138
139 get_random_bytes(&seed, sizeof(seed));
140 __net_srandom(state, seed);
141 }
142 return 0;
143}
144late_initcall(net_random_reseed);
145
146int net_msg_cost = 5*HZ; 33int net_msg_cost = 5*HZ;
147int net_msg_burst = 10; 34int net_msg_burst = 10;
148 35
@@ -153,10 +40,7 @@ int net_ratelimit(void)
153{ 40{
154 return __printk_ratelimit(net_msg_cost, net_msg_burst); 41 return __printk_ratelimit(net_msg_cost, net_msg_burst);
155} 42}
156
157EXPORT_SYMBOL(net_random);
158EXPORT_SYMBOL(net_ratelimit); 43EXPORT_SYMBOL(net_ratelimit);
159EXPORT_SYMBOL(net_srandom);
160 44
161/* 45/*
162 * Convert an ASCII string to binary IP. 46 * Convert an ASCII string to binary IP.
diff --git a/net/core/wireless.c b/net/core/wireless.c
index ffff0da46c6e..cb1b8728d7ee 100644
--- a/net/core/wireless.c
+++ b/net/core/wireless.c
@@ -748,11 +748,39 @@ static int ioctl_standard_call(struct net_device * dev,
748 int extra_size; 748 int extra_size;
749 int user_length = 0; 749 int user_length = 0;
750 int err; 750 int err;
751 int essid_compat = 0;
751 752
752 /* Calculate space needed by arguments. Always allocate 753 /* Calculate space needed by arguments. Always allocate
753 * for max space. Easier, and won't last long... */ 754 * for max space. Easier, and won't last long... */
754 extra_size = descr->max_tokens * descr->token_size; 755 extra_size = descr->max_tokens * descr->token_size;
755 756
757 /* Check need for ESSID compatibility for WE < 21 */
758 switch (cmd) {
759 case SIOCSIWESSID:
760 case SIOCGIWESSID:
761 case SIOCSIWNICKN:
762 case SIOCGIWNICKN:
763 if (iwr->u.data.length == descr->max_tokens + 1)
764 essid_compat = 1;
765 else if (IW_IS_SET(cmd) && (iwr->u.data.length != 0)) {
766 char essid[IW_ESSID_MAX_SIZE + 1];
767
768 err = copy_from_user(essid, iwr->u.data.pointer,
769 iwr->u.data.length *
770 descr->token_size);
771 if (err)
772 return -EFAULT;
773
774 if (essid[iwr->u.data.length - 1] == '\0')
775 essid_compat = 1;
776 }
777 break;
778 default:
779 break;
780 }
781
782 iwr->u.data.length -= essid_compat;
783
756 /* Check what user space is giving us */ 784 /* Check what user space is giving us */
757 if(IW_IS_SET(cmd)) { 785 if(IW_IS_SET(cmd)) {
758 /* Check NULL pointer */ 786 /* Check NULL pointer */
@@ -795,7 +823,8 @@ static int ioctl_standard_call(struct net_device * dev,
795#endif /* WE_IOCTL_DEBUG */ 823#endif /* WE_IOCTL_DEBUG */
796 824
797 /* Create the kernel buffer */ 825 /* Create the kernel buffer */
798 extra = kmalloc(extra_size, GFP_KERNEL); 826 /* kzalloc ensures NULL-termination for essid_compat */
827 extra = kzalloc(extra_size, GFP_KERNEL);
799 if (extra == NULL) { 828 if (extra == NULL) {
800 return -ENOMEM; 829 return -ENOMEM;
801 } 830 }
@@ -819,6 +848,8 @@ static int ioctl_standard_call(struct net_device * dev,
819 /* Call the handler */ 848 /* Call the handler */
820 ret = handler(dev, &info, &(iwr->u), extra); 849 ret = handler(dev, &info, &(iwr->u), extra);
821 850
851 iwr->u.data.length += essid_compat;
852
822 /* If we have something to return to the user */ 853 /* If we have something to return to the user */
823 if (!ret && IW_IS_GET(cmd)) { 854 if (!ret && IW_IS_GET(cmd)) {
824 /* Check if there is enough buffer up there */ 855 /* Check if there is enough buffer up there */
diff --git a/net/dccp/ipv4.c b/net/dccp/ipv4.c
index bf692c1c116f..aaaf4d09516b 100644
--- a/net/dccp/ipv4.c
+++ b/net/dccp/ipv4.c
@@ -311,7 +311,7 @@ static void dccp_v4_err(struct sk_buff *skb, u32 info)
311 } 311 }
312 312
313 if (sk->sk_state == DCCP_TIME_WAIT) { 313 if (sk->sk_state == DCCP_TIME_WAIT) {
314 inet_twsk_put((struct inet_timewait_sock *)sk); 314 inet_twsk_put(inet_twsk(sk));
315 return; 315 return;
316 } 316 }
317 317
@@ -449,6 +449,8 @@ static inline u64 dccp_v4_init_sequence(const struct sock *sk,
449 dccp_hdr(skb)->dccph_sport); 449 dccp_hdr(skb)->dccph_sport);
450} 450}
451 451
452static struct request_sock_ops dccp_request_sock_ops;
453
452int dccp_v4_conn_request(struct sock *sk, struct sk_buff *skb) 454int dccp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
453{ 455{
454 struct inet_request_sock *ireq; 456 struct inet_request_sock *ireq;
@@ -489,7 +491,7 @@ int dccp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
489 if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1) 491 if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
490 goto drop; 492 goto drop;
491 493
492 req = reqsk_alloc(sk->sk_prot->rsk_prot); 494 req = reqsk_alloc(&dccp_request_sock_ops);
493 if (req == NULL) 495 if (req == NULL)
494 goto drop; 496 goto drop;
495 497
@@ -614,7 +616,7 @@ static struct sock *dccp_v4_hnd_req(struct sock *sk, struct sk_buff *skb)
614 bh_lock_sock(nsk); 616 bh_lock_sock(nsk);
615 return nsk; 617 return nsk;
616 } 618 }
617 inet_twsk_put((struct inet_timewait_sock *)nsk); 619 inet_twsk_put(inet_twsk(nsk));
618 return NULL; 620 return NULL;
619 } 621 }
620 622
@@ -980,7 +982,7 @@ discard_and_relse:
980 goto discard_it; 982 goto discard_it;
981 983
982do_time_wait: 984do_time_wait:
983 inet_twsk_put((struct inet_timewait_sock *)sk); 985 inet_twsk_put(inet_twsk(sk));
984 goto no_dccp_socket; 986 goto no_dccp_socket;
985} 987}
986 988
diff --git a/net/dccp/ipv6.c b/net/dccp/ipv6.c
index 7a47399cf31f..c8bf89bfb088 100644
--- a/net/dccp/ipv6.c
+++ b/net/dccp/ipv6.c
@@ -285,7 +285,7 @@ static void dccp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
285 } 285 }
286 286
287 if (sk->sk_state == DCCP_TIME_WAIT) { 287 if (sk->sk_state == DCCP_TIME_WAIT) {
288 inet_twsk_put((struct inet_timewait_sock *)sk); 288 inet_twsk_put(inet_twsk(sk));
289 return; 289 return;
290 } 290 }
291 291
@@ -663,7 +663,7 @@ static struct sock *dccp_v6_hnd_req(struct sock *sk,struct sk_buff *skb)
663 bh_lock_sock(nsk); 663 bh_lock_sock(nsk);
664 return nsk; 664 return nsk;
665 } 665 }
666 inet_twsk_put((struct inet_timewait_sock *)nsk); 666 inet_twsk_put(inet_twsk(nsk));
667 return NULL; 667 return NULL;
668 } 668 }
669 669
@@ -672,7 +672,6 @@ static struct sock *dccp_v6_hnd_req(struct sock *sk,struct sk_buff *skb)
672 672
673static int dccp_v6_conn_request(struct sock *sk, struct sk_buff *skb) 673static int dccp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
674{ 674{
675 struct inet_request_sock *ireq;
676 struct dccp_sock dp; 675 struct dccp_sock dp;
677 struct request_sock *req; 676 struct request_sock *req;
678 struct dccp_request_sock *dreq; 677 struct dccp_request_sock *dreq;
@@ -701,7 +700,7 @@ static int dccp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
701 if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1) 700 if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
702 goto drop; 701 goto drop;
703 702
704 req = inet6_reqsk_alloc(sk->sk_prot->rsk_prot); 703 req = inet6_reqsk_alloc(&dccp6_request_sock_ops);
705 if (req == NULL) 704 if (req == NULL)
706 goto drop; 705 goto drop;
707 706
@@ -713,7 +712,6 @@ static int dccp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
713 goto drop_and_free; 712 goto drop_and_free;
714 713
715 ireq6 = inet6_rsk(req); 714 ireq6 = inet6_rsk(req);
716 ireq = inet_rsk(req);
717 ipv6_addr_copy(&ireq6->rmt_addr, &skb->nh.ipv6h->saddr); 715 ipv6_addr_copy(&ireq6->rmt_addr, &skb->nh.ipv6h->saddr);
718 ipv6_addr_copy(&ireq6->loc_addr, &skb->nh.ipv6h->daddr); 716 ipv6_addr_copy(&ireq6->loc_addr, &skb->nh.ipv6h->daddr);
719 req->rcv_wnd = dccp_feat_default_sequence_window; 717 req->rcv_wnd = dccp_feat_default_sequence_window;
@@ -997,6 +995,10 @@ static int dccp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
997 if (sk->sk_state == DCCP_OPEN) { /* Fast path */ 995 if (sk->sk_state == DCCP_OPEN) { /* Fast path */
998 if (dccp_rcv_established(sk, skb, dccp_hdr(skb), skb->len)) 996 if (dccp_rcv_established(sk, skb, dccp_hdr(skb), skb->len))
999 goto reset; 997 goto reset;
998 if (opt_skb) {
999 /* This is where we would goto ipv6_pktoptions. */
1000 __kfree_skb(opt_skb);
1001 }
1000 return 0; 1002 return 0;
1001 } 1003 }
1002 1004
@@ -1021,6 +1023,10 @@ static int dccp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
1021 1023
1022 if (dccp_rcv_state_process(sk, skb, dccp_hdr(skb), skb->len)) 1024 if (dccp_rcv_state_process(sk, skb, dccp_hdr(skb), skb->len))
1023 goto reset; 1025 goto reset;
1026 if (opt_skb) {
1027 /* This is where we would goto ipv6_pktoptions. */
1028 __kfree_skb(opt_skb);
1029 }
1024 return 0; 1030 return 0;
1025 1031
1026reset: 1032reset:
@@ -1109,7 +1115,7 @@ discard_and_relse:
1109 goto discard_it; 1115 goto discard_it;
1110 1116
1111do_time_wait: 1117do_time_wait:
1112 inet_twsk_put((struct inet_timewait_sock *)sk); 1118 inet_twsk_put(inet_twsk(sk));
1113 goto no_dccp_socket; 1119 goto no_dccp_socket;
1114} 1120}
1115 1121
diff --git a/net/decnet/af_decnet.c b/net/decnet/af_decnet.c
index 70e027375682..3456cd331835 100644
--- a/net/decnet/af_decnet.c
+++ b/net/decnet/af_decnet.c
@@ -1178,8 +1178,10 @@ static int dn_getname(struct socket *sock, struct sockaddr *uaddr,int *uaddr_len
1178 if (peer) { 1178 if (peer) {
1179 if ((sock->state != SS_CONNECTED && 1179 if ((sock->state != SS_CONNECTED &&
1180 sock->state != SS_CONNECTING) && 1180 sock->state != SS_CONNECTING) &&
1181 scp->accept_mode == ACC_IMMED) 1181 scp->accept_mode == ACC_IMMED) {
1182 release_sock(sk);
1182 return -ENOTCONN; 1183 return -ENOTCONN;
1184 }
1183 1185
1184 memcpy(sa, &scp->peer, sizeof(struct sockaddr_dn)); 1186 memcpy(sa, &scp->peer, sizeof(struct sockaddr_dn));
1185 } else { 1187 } else {
diff --git a/net/decnet/dn_route.c b/net/decnet/dn_route.c
index dd0761e3d280..23489f7232d2 100644
--- a/net/decnet/dn_route.c
+++ b/net/decnet/dn_route.c
@@ -267,9 +267,14 @@ static void dn_dst_link_failure(struct sk_buff *skb)
267 267
268static inline int compare_keys(struct flowi *fl1, struct flowi *fl2) 268static inline int compare_keys(struct flowi *fl1, struct flowi *fl2)
269{ 269{
270 return memcmp(&fl1->nl_u.dn_u, &fl2->nl_u.dn_u, sizeof(fl1->nl_u.dn_u)) == 0 && 270 return ((fl1->nl_u.dn_u.daddr ^ fl2->nl_u.dn_u.daddr) |
271 fl1->oif == fl2->oif && 271 (fl1->nl_u.dn_u.saddr ^ fl2->nl_u.dn_u.saddr) |
272 fl1->iif == fl2->iif; 272#ifdef CONFIG_DECNET_ROUTE_FWMARK
273 (fl1->nl_u.dn_u.fwmark ^ fl2->nl_u.dn_u.fwmark) |
274#endif
275 (fl1->nl_u.dn_u.scope ^ fl2->nl_u.dn_u.scope) |
276 (fl1->oif ^ fl2->oif) |
277 (fl1->iif ^ fl2->iif)) == 0;
273} 278}
274 279
275static int dn_insert_route(struct dn_route *rt, unsigned hash, struct dn_route **rp) 280static int dn_insert_route(struct dn_route *rt, unsigned hash, struct dn_route **rp)
@@ -1270,7 +1275,6 @@ static int dn_route_input_slow(struct sk_buff *skb)
1270 goto e_inval; 1275 goto e_inval;
1271 1276
1272 res.type = RTN_LOCAL; 1277 res.type = RTN_LOCAL;
1273 flags |= RTCF_DIRECTSRC;
1274 } else { 1278 } else {
1275 __le16 src_map = fl.fld_src; 1279 __le16 src_map = fl.fld_src;
1276 free_res = 1; 1280 free_res = 1;
@@ -1341,7 +1345,7 @@ static int dn_route_input_slow(struct sk_buff *skb)
1341 goto make_route; 1345 goto make_route;
1342 1346
1343 /* Packet was intra-ethernet, so we know its on-link */ 1347 /* Packet was intra-ethernet, so we know its on-link */
1344 if (cb->rt_flags | DN_RT_F_IE) { 1348 if (cb->rt_flags & DN_RT_F_IE) {
1345 gateway = cb->src; 1349 gateway = cb->src;
1346 flags |= RTCF_DIRECTSRC; 1350 flags |= RTCF_DIRECTSRC;
1347 goto make_route; 1351 goto make_route;
diff --git a/net/ieee80211/softmac/ieee80211softmac_assoc.c b/net/ieee80211/softmac/ieee80211softmac_assoc.c
index 589f6d2c548a..cf51c87a971d 100644
--- a/net/ieee80211/softmac/ieee80211softmac_assoc.c
+++ b/net/ieee80211/softmac/ieee80211softmac_assoc.c
@@ -48,7 +48,7 @@ ieee80211softmac_assoc(struct ieee80211softmac_device *mac, struct ieee80211soft
48 dprintk(KERN_INFO PFX "sent association request!\n"); 48 dprintk(KERN_INFO PFX "sent association request!\n");
49 49
50 spin_lock_irqsave(&mac->lock, flags); 50 spin_lock_irqsave(&mac->lock, flags);
51 mac->associated = 0; /* just to make sure */ 51 mac->associnfo.associated = 0; /* just to make sure */
52 52
53 /* Set a timer for timeout */ 53 /* Set a timer for timeout */
54 /* FIXME: make timeout configurable */ 54 /* FIXME: make timeout configurable */
@@ -62,24 +62,22 @@ ieee80211softmac_assoc_timeout(void *d)
62{ 62{
63 struct ieee80211softmac_device *mac = (struct ieee80211softmac_device *)d; 63 struct ieee80211softmac_device *mac = (struct ieee80211softmac_device *)d;
64 struct ieee80211softmac_network *n; 64 struct ieee80211softmac_network *n;
65 unsigned long flags;
66 65
67 spin_lock_irqsave(&mac->lock, flags); 66 mutex_lock(&mac->associnfo.mutex);
68 /* we might race against ieee80211softmac_handle_assoc_response, 67 /* we might race against ieee80211softmac_handle_assoc_response,
69 * so make sure only one of us does something */ 68 * so make sure only one of us does something */
70 if (!mac->associnfo.associating) { 69 if (!mac->associnfo.associating)
71 spin_unlock_irqrestore(&mac->lock, flags); 70 goto out;
72 return;
73 }
74 mac->associnfo.associating = 0; 71 mac->associnfo.associating = 0;
75 mac->associnfo.bssvalid = 0; 72 mac->associnfo.bssvalid = 0;
76 mac->associated = 0; 73 mac->associnfo.associated = 0;
77 74
78 n = ieee80211softmac_get_network_by_bssid_locked(mac, mac->associnfo.bssid); 75 n = ieee80211softmac_get_network_by_bssid_locked(mac, mac->associnfo.bssid);
79 spin_unlock_irqrestore(&mac->lock, flags);
80 76
81 dprintk(KERN_INFO PFX "assoc request timed out!\n"); 77 dprintk(KERN_INFO PFX "assoc request timed out!\n");
82 ieee80211softmac_call_events(mac, IEEE80211SOFTMAC_EVENT_ASSOCIATE_TIMEOUT, n); 78 ieee80211softmac_call_events(mac, IEEE80211SOFTMAC_EVENT_ASSOCIATE_TIMEOUT, n);
79out:
80 mutex_unlock(&mac->associnfo.mutex);
83} 81}
84 82
85void 83void
@@ -93,7 +91,7 @@ ieee80211softmac_disassoc(struct ieee80211softmac_device *mac)
93 91
94 netif_carrier_off(mac->dev); 92 netif_carrier_off(mac->dev);
95 93
96 mac->associated = 0; 94 mac->associnfo.associated = 0;
97 mac->associnfo.bssvalid = 0; 95 mac->associnfo.bssvalid = 0;
98 mac->associnfo.associating = 0; 96 mac->associnfo.associating = 0;
99 ieee80211softmac_init_bss(mac); 97 ieee80211softmac_init_bss(mac);
@@ -107,7 +105,7 @@ ieee80211softmac_send_disassoc_req(struct ieee80211softmac_device *mac, u16 reas
107{ 105{
108 struct ieee80211softmac_network *found; 106 struct ieee80211softmac_network *found;
109 107
110 if (mac->associnfo.bssvalid && mac->associated) { 108 if (mac->associnfo.bssvalid && mac->associnfo.associated) {
111 found = ieee80211softmac_get_network_by_bssid(mac, mac->associnfo.bssid); 109 found = ieee80211softmac_get_network_by_bssid(mac, mac->associnfo.bssid);
112 if (found) 110 if (found)
113 ieee80211softmac_send_mgt_frame(mac, found, IEEE80211_STYPE_DISASSOC, reason); 111 ieee80211softmac_send_mgt_frame(mac, found, IEEE80211_STYPE_DISASSOC, reason);
@@ -196,17 +194,18 @@ ieee80211softmac_assoc_work(void *d)
196 int bssvalid; 194 int bssvalid;
197 unsigned long flags; 195 unsigned long flags;
198 196
197 mutex_lock(&mac->associnfo.mutex);
198
199 if (!mac->associnfo.associating)
200 goto out;
201
199 /* ieee80211_disassoc might clear this */ 202 /* ieee80211_disassoc might clear this */
200 bssvalid = mac->associnfo.bssvalid; 203 bssvalid = mac->associnfo.bssvalid;
201 204
202 /* meh */ 205 /* meh */
203 if (mac->associated) 206 if (mac->associnfo.associated)
204 ieee80211softmac_send_disassoc_req(mac, WLAN_REASON_DISASSOC_STA_HAS_LEFT); 207 ieee80211softmac_send_disassoc_req(mac, WLAN_REASON_DISASSOC_STA_HAS_LEFT);
205 208
206 spin_lock_irqsave(&mac->lock, flags);
207 mac->associnfo.associating = 1;
208 spin_unlock_irqrestore(&mac->lock, flags);
209
210 /* try to find the requested network in our list, if we found one already */ 209 /* try to find the requested network in our list, if we found one already */
211 if (bssvalid || mac->associnfo.bssfixed) 210 if (bssvalid || mac->associnfo.bssfixed)
212 found = ieee80211softmac_get_network_by_bssid(mac, mac->associnfo.bssid); 211 found = ieee80211softmac_get_network_by_bssid(mac, mac->associnfo.bssid);
@@ -260,10 +259,8 @@ ieee80211softmac_assoc_work(void *d)
260 259
261 if (!found) { 260 if (!found) {
262 if (mac->associnfo.scan_retry > 0) { 261 if (mac->associnfo.scan_retry > 0) {
263 spin_lock_irqsave(&mac->lock, flags);
264 mac->associnfo.scan_retry--; 262 mac->associnfo.scan_retry--;
265 spin_unlock_irqrestore(&mac->lock, flags); 263
266
267 /* We know of no such network. Let's scan. 264 /* We know of no such network. Let's scan.
268 * NB: this also happens if we had no memory to copy the network info... 265 * NB: this also happens if we had no memory to copy the network info...
269 * Maybe we can hope to have more memory after scanning finishes ;) 266 * Maybe we can hope to have more memory after scanning finishes ;)
@@ -272,19 +269,17 @@ ieee80211softmac_assoc_work(void *d)
272 ieee80211softmac_notify(mac->dev, IEEE80211SOFTMAC_EVENT_SCAN_FINISHED, ieee80211softmac_assoc_notify_scan, NULL); 269 ieee80211softmac_notify(mac->dev, IEEE80211SOFTMAC_EVENT_SCAN_FINISHED, ieee80211softmac_assoc_notify_scan, NULL);
273 if (ieee80211softmac_start_scan(mac)) 270 if (ieee80211softmac_start_scan(mac))
274 dprintk(KERN_INFO PFX "Associate: failed to initiate scan. Is device up?\n"); 271 dprintk(KERN_INFO PFX "Associate: failed to initiate scan. Is device up?\n");
275 return; 272 goto out;
276 } else { 273 } else {
277 spin_lock_irqsave(&mac->lock, flags);
278 mac->associnfo.associating = 0; 274 mac->associnfo.associating = 0;
279 mac->associated = 0; 275 mac->associnfo.associated = 0;
280 spin_unlock_irqrestore(&mac->lock, flags);
281 276
282 dprintk(KERN_INFO PFX "Unable to find matching network after scan!\n"); 277 dprintk(KERN_INFO PFX "Unable to find matching network after scan!\n");
283 /* reset the retry counter for the next user request since we 278 /* reset the retry counter for the next user request since we
284 * break out and don't reschedule ourselves after this point. */ 279 * break out and don't reschedule ourselves after this point. */
285 mac->associnfo.scan_retry = IEEE80211SOFTMAC_ASSOC_SCAN_RETRY_LIMIT; 280 mac->associnfo.scan_retry = IEEE80211SOFTMAC_ASSOC_SCAN_RETRY_LIMIT;
286 ieee80211softmac_call_events(mac, IEEE80211SOFTMAC_EVENT_ASSOCIATE_NET_NOT_FOUND, NULL); 281 ieee80211softmac_call_events(mac, IEEE80211SOFTMAC_EVENT_ASSOCIATE_NET_NOT_FOUND, NULL);
287 return; 282 goto out;
288 } 283 }
289 } 284 }
290 285
@@ -297,7 +292,7 @@ ieee80211softmac_assoc_work(void *d)
297 /* copy the ESSID for displaying it */ 292 /* copy the ESSID for displaying it */
298 mac->associnfo.associate_essid.len = found->essid.len; 293 mac->associnfo.associate_essid.len = found->essid.len;
299 memcpy(mac->associnfo.associate_essid.data, found->essid.data, IW_ESSID_MAX_SIZE + 1); 294 memcpy(mac->associnfo.associate_essid.data, found->essid.data, IW_ESSID_MAX_SIZE + 1);
300 295
301 /* we found a network! authenticate (if necessary) and associate to it. */ 296 /* we found a network! authenticate (if necessary) and associate to it. */
302 if (found->authenticating) { 297 if (found->authenticating) {
303 dprintk(KERN_INFO PFX "Already requested authentication, waiting...\n"); 298 dprintk(KERN_INFO PFX "Already requested authentication, waiting...\n");
@@ -305,7 +300,7 @@ ieee80211softmac_assoc_work(void *d)
305 mac->associnfo.assoc_wait = 1; 300 mac->associnfo.assoc_wait = 1;
306 ieee80211softmac_notify_internal(mac, IEEE80211SOFTMAC_EVENT_ANY, found, ieee80211softmac_assoc_notify_auth, NULL, GFP_KERNEL); 301 ieee80211softmac_notify_internal(mac, IEEE80211SOFTMAC_EVENT_ANY, found, ieee80211softmac_assoc_notify_auth, NULL, GFP_KERNEL);
307 } 302 }
308 return; 303 goto out;
309 } 304 }
310 if (!found->authenticated && !found->authenticating) { 305 if (!found->authenticated && !found->authenticating) {
311 /* This relies on the fact that _auth_req only queues the work, 306 /* This relies on the fact that _auth_req only queues the work,
@@ -321,11 +316,14 @@ ieee80211softmac_assoc_work(void *d)
321 mac->associnfo.assoc_wait = 0; 316 mac->associnfo.assoc_wait = 0;
322 ieee80211softmac_call_events(mac, IEEE80211SOFTMAC_EVENT_ASSOCIATE_FAILED, found); 317 ieee80211softmac_call_events(mac, IEEE80211SOFTMAC_EVENT_ASSOCIATE_FAILED, found);
323 } 318 }
324 return; 319 goto out;
325 } 320 }
326 /* finally! now we can start associating */ 321 /* finally! now we can start associating */
327 mac->associnfo.assoc_wait = 0; 322 mac->associnfo.assoc_wait = 0;
328 ieee80211softmac_assoc(mac, found); 323 ieee80211softmac_assoc(mac, found);
324
325out:
326 mutex_unlock(&mac->associnfo.mutex);
329} 327}
330 328
331/* call this to do whatever is necessary when we're associated */ 329/* call this to do whatever is necessary when we're associated */
@@ -341,7 +339,7 @@ ieee80211softmac_associated(struct ieee80211softmac_device *mac,
341 mac->bssinfo.supported_rates = net->supported_rates; 339 mac->bssinfo.supported_rates = net->supported_rates;
342 ieee80211softmac_recalc_txrates(mac); 340 ieee80211softmac_recalc_txrates(mac);
343 341
344 mac->associated = 1; 342 mac->associnfo.associated = 1;
345 343
346 mac->associnfo.short_preamble_available = 344 mac->associnfo.short_preamble_available =
347 (cap & WLAN_CAPABILITY_SHORT_PREAMBLE) != 0; 345 (cap & WLAN_CAPABILITY_SHORT_PREAMBLE) != 0;
@@ -421,7 +419,7 @@ ieee80211softmac_handle_assoc_response(struct net_device * dev,
421 dprintk(KERN_INFO PFX "associating failed (reason: 0x%x)!\n", status); 419 dprintk(KERN_INFO PFX "associating failed (reason: 0x%x)!\n", status);
422 mac->associnfo.associating = 0; 420 mac->associnfo.associating = 0;
423 mac->associnfo.bssvalid = 0; 421 mac->associnfo.bssvalid = 0;
424 mac->associated = 0; 422 mac->associnfo.associated = 0;
425 ieee80211softmac_call_events_locked(mac, IEEE80211SOFTMAC_EVENT_ASSOCIATE_FAILED, network); 423 ieee80211softmac_call_events_locked(mac, IEEE80211SOFTMAC_EVENT_ASSOCIATE_FAILED, network);
426 } 424 }
427 425
diff --git a/net/ieee80211/softmac/ieee80211softmac_io.c b/net/ieee80211/softmac/ieee80211softmac_io.c
index 82bfddbf33a2..b96931001b43 100644
--- a/net/ieee80211/softmac/ieee80211softmac_io.c
+++ b/net/ieee80211/softmac/ieee80211softmac_io.c
@@ -304,7 +304,7 @@ ieee80211softmac_auth(struct ieee80211_auth **pkt,
304 2 + /* Auth Transaction Seq */ 304 2 + /* Auth Transaction Seq */
305 2 + /* Status Code */ 305 2 + /* Status Code */
306 /* Challenge Text IE */ 306 /* Challenge Text IE */
307 is_shared_response ? 0 : 1 + 1 + net->challenge_len 307 (is_shared_response ? 1 + 1 + net->challenge_len : 0)
308 ); 308 );
309 if (unlikely((*pkt) == NULL)) 309 if (unlikely((*pkt) == NULL))
310 return 0; 310 return 0;
@@ -475,8 +475,13 @@ int ieee80211softmac_handle_beacon(struct net_device *dev,
475{ 475{
476 struct ieee80211softmac_device *mac = ieee80211_priv(dev); 476 struct ieee80211softmac_device *mac = ieee80211_priv(dev);
477 477
478 if (mac->associated && memcmp(network->bssid, mac->associnfo.bssid, ETH_ALEN) == 0) 478 /* This might race, but we don't really care and it's not worth
479 ieee80211softmac_process_erp(mac, network->erp_value); 479 * adding heavyweight locking in this fastpath.
480 */
481 if (mac->associnfo.associated) {
482 if (memcmp(network->bssid, mac->associnfo.bssid, ETH_ALEN) == 0)
483 ieee80211softmac_process_erp(mac, network->erp_value);
484 }
480 485
481 return 0; 486 return 0;
482} 487}
diff --git a/net/ieee80211/softmac/ieee80211softmac_module.c b/net/ieee80211/softmac/ieee80211softmac_module.c
index addea1cf73ae..33aff4f4a471 100644
--- a/net/ieee80211/softmac/ieee80211softmac_module.c
+++ b/net/ieee80211/softmac/ieee80211softmac_module.c
@@ -57,6 +57,7 @@ struct net_device *alloc_ieee80211softmac(int sizeof_priv)
57 INIT_LIST_HEAD(&softmac->network_list); 57 INIT_LIST_HEAD(&softmac->network_list);
58 INIT_LIST_HEAD(&softmac->events); 58 INIT_LIST_HEAD(&softmac->events);
59 59
60 mutex_init(&softmac->associnfo.mutex);
60 INIT_WORK(&softmac->associnfo.work, ieee80211softmac_assoc_work, softmac); 61 INIT_WORK(&softmac->associnfo.work, ieee80211softmac_assoc_work, softmac);
61 INIT_WORK(&softmac->associnfo.timeout, ieee80211softmac_assoc_timeout, softmac); 62 INIT_WORK(&softmac->associnfo.timeout, ieee80211softmac_assoc_timeout, softmac);
62 softmac->start_scan = ieee80211softmac_start_scan_implementation; 63 softmac->start_scan = ieee80211softmac_start_scan_implementation;
diff --git a/net/ieee80211/softmac/ieee80211softmac_wx.c b/net/ieee80211/softmac/ieee80211softmac_wx.c
index 2aa779d18f38..23068a830f7d 100644
--- a/net/ieee80211/softmac/ieee80211softmac_wx.c
+++ b/net/ieee80211/softmac/ieee80211softmac_wx.c
@@ -73,13 +73,14 @@ ieee80211softmac_wx_set_essid(struct net_device *net_dev,
73 struct ieee80211softmac_network *n; 73 struct ieee80211softmac_network *n;
74 struct ieee80211softmac_auth_queue_item *authptr; 74 struct ieee80211softmac_auth_queue_item *authptr;
75 int length = 0; 75 int length = 0;
76 unsigned long flags; 76
77 mutex_lock(&sm->associnfo.mutex);
77 78
78 /* Check if we're already associating to this or another network 79 /* Check if we're already associating to this or another network
79 * If it's another network, cancel and start over with our new network 80 * If it's another network, cancel and start over with our new network
80 * If it's our network, ignore the change, we're already doing it! 81 * If it's our network, ignore the change, we're already doing it!
81 */ 82 */
82 if((sm->associnfo.associating || sm->associated) && 83 if((sm->associnfo.associating || sm->associnfo.associated) &&
83 (data->essid.flags && data->essid.length)) { 84 (data->essid.flags && data->essid.length)) {
84 /* Get the associating network */ 85 /* Get the associating network */
85 n = ieee80211softmac_get_network_by_bssid(sm, sm->associnfo.bssid); 86 n = ieee80211softmac_get_network_by_bssid(sm, sm->associnfo.bssid);
@@ -87,10 +88,9 @@ ieee80211softmac_wx_set_essid(struct net_device *net_dev,
87 !memcmp(n->essid.data, extra, n->essid.len)) { 88 !memcmp(n->essid.data, extra, n->essid.len)) {
88 dprintk(KERN_INFO PFX "Already associating or associated to "MAC_FMT"\n", 89 dprintk(KERN_INFO PFX "Already associating or associated to "MAC_FMT"\n",
89 MAC_ARG(sm->associnfo.bssid)); 90 MAC_ARG(sm->associnfo.bssid));
90 return 0; 91 goto out;
91 } else { 92 } else {
92 dprintk(KERN_INFO PFX "Canceling existing associate request!\n"); 93 dprintk(KERN_INFO PFX "Canceling existing associate request!\n");
93 spin_lock_irqsave(&sm->lock,flags);
94 /* Cancel assoc work */ 94 /* Cancel assoc work */
95 cancel_delayed_work(&sm->associnfo.work); 95 cancel_delayed_work(&sm->associnfo.work);
96 /* We don't have to do this, but it's a little cleaner */ 96 /* We don't have to do this, but it's a little cleaner */
@@ -98,14 +98,13 @@ ieee80211softmac_wx_set_essid(struct net_device *net_dev,
98 cancel_delayed_work(&authptr->work); 98 cancel_delayed_work(&authptr->work);
99 sm->associnfo.bssvalid = 0; 99 sm->associnfo.bssvalid = 0;
100 sm->associnfo.bssfixed = 0; 100 sm->associnfo.bssfixed = 0;
101 spin_unlock_irqrestore(&sm->lock,flags);
102 flush_scheduled_work(); 101 flush_scheduled_work();
102 sm->associnfo.associating = 0;
103 sm->associnfo.associated = 0;
103 } 104 }
104 } 105 }
105 106
106 107
107 spin_lock_irqsave(&sm->lock, flags);
108
109 sm->associnfo.static_essid = 0; 108 sm->associnfo.static_essid = 0;
110 sm->associnfo.assoc_wait = 0; 109 sm->associnfo.assoc_wait = 0;
111 110
@@ -121,10 +120,12 @@ ieee80211softmac_wx_set_essid(struct net_device *net_dev,
121 * If applicable, we have already copied the data in */ 120 * If applicable, we have already copied the data in */
122 sm->associnfo.req_essid.len = length; 121 sm->associnfo.req_essid.len = length;
123 122
123 sm->associnfo.associating = 1;
124 /* queue lower level code to do work (if necessary) */ 124 /* queue lower level code to do work (if necessary) */
125 schedule_work(&sm->associnfo.work); 125 schedule_work(&sm->associnfo.work);
126out:
127 mutex_unlock(&sm->associnfo.mutex);
126 128
127 spin_unlock_irqrestore(&sm->lock, flags);
128 return 0; 129 return 0;
129} 130}
130EXPORT_SYMBOL_GPL(ieee80211softmac_wx_set_essid); 131EXPORT_SYMBOL_GPL(ieee80211softmac_wx_set_essid);
@@ -136,10 +137,8 @@ ieee80211softmac_wx_get_essid(struct net_device *net_dev,
136 char *extra) 137 char *extra)
137{ 138{
138 struct ieee80211softmac_device *sm = ieee80211_priv(net_dev); 139 struct ieee80211softmac_device *sm = ieee80211_priv(net_dev);
139 unsigned long flags;
140 140
141 /* avoid getting inconsistent information */ 141 mutex_lock(&sm->associnfo.mutex);
142 spin_lock_irqsave(&sm->lock, flags);
143 /* If all fails, return ANY (empty) */ 142 /* If all fails, return ANY (empty) */
144 data->essid.length = 0; 143 data->essid.length = 0;
145 data->essid.flags = 0; /* active */ 144 data->essid.flags = 0; /* active */
@@ -152,12 +151,13 @@ ieee80211softmac_wx_get_essid(struct net_device *net_dev,
152 } 151 }
153 152
154 /* If we're associating/associated, return that */ 153 /* If we're associating/associated, return that */
155 if (sm->associated || sm->associnfo.associating) { 154 if (sm->associnfo.associated || sm->associnfo.associating) {
156 data->essid.length = sm->associnfo.associate_essid.len; 155 data->essid.length = sm->associnfo.associate_essid.len;
157 data->essid.flags = 1; /* active */ 156 data->essid.flags = 1; /* active */
158 memcpy(extra, sm->associnfo.associate_essid.data, sm->associnfo.associate_essid.len); 157 memcpy(extra, sm->associnfo.associate_essid.data, sm->associnfo.associate_essid.len);
159 } 158 }
160 spin_unlock_irqrestore(&sm->lock, flags); 159 mutex_unlock(&sm->associnfo.mutex);
160
161 return 0; 161 return 0;
162} 162}
163EXPORT_SYMBOL_GPL(ieee80211softmac_wx_get_essid); 163EXPORT_SYMBOL_GPL(ieee80211softmac_wx_get_essid);
@@ -322,15 +322,15 @@ ieee80211softmac_wx_get_wap(struct net_device *net_dev,
322{ 322{
323 struct ieee80211softmac_device *mac = ieee80211_priv(net_dev); 323 struct ieee80211softmac_device *mac = ieee80211_priv(net_dev);
324 int err = 0; 324 int err = 0;
325 unsigned long flags;
326 325
327 spin_lock_irqsave(&mac->lock, flags); 326 mutex_lock(&mac->associnfo.mutex);
328 if (mac->associnfo.bssvalid) 327 if (mac->associnfo.bssvalid)
329 memcpy(data->ap_addr.sa_data, mac->associnfo.bssid, ETH_ALEN); 328 memcpy(data->ap_addr.sa_data, mac->associnfo.bssid, ETH_ALEN);
330 else 329 else
331 memset(data->ap_addr.sa_data, 0xff, ETH_ALEN); 330 memset(data->ap_addr.sa_data, 0xff, ETH_ALEN);
332 data->ap_addr.sa_family = ARPHRD_ETHER; 331 data->ap_addr.sa_family = ARPHRD_ETHER;
333 spin_unlock_irqrestore(&mac->lock, flags); 332 mutex_unlock(&mac->associnfo.mutex);
333
334 return err; 334 return err;
335} 335}
336EXPORT_SYMBOL_GPL(ieee80211softmac_wx_get_wap); 336EXPORT_SYMBOL_GPL(ieee80211softmac_wx_get_wap);
@@ -342,28 +342,27 @@ ieee80211softmac_wx_set_wap(struct net_device *net_dev,
342 char *extra) 342 char *extra)
343{ 343{
344 struct ieee80211softmac_device *mac = ieee80211_priv(net_dev); 344 struct ieee80211softmac_device *mac = ieee80211_priv(net_dev);
345 unsigned long flags;
346 345
347 /* sanity check */ 346 /* sanity check */
348 if (data->ap_addr.sa_family != ARPHRD_ETHER) { 347 if (data->ap_addr.sa_family != ARPHRD_ETHER) {
349 return -EINVAL; 348 return -EINVAL;
350 } 349 }
351 350
352 spin_lock_irqsave(&mac->lock, flags); 351 mutex_lock(&mac->associnfo.mutex);
353 if (is_broadcast_ether_addr(data->ap_addr.sa_data)) { 352 if (is_broadcast_ether_addr(data->ap_addr.sa_data)) {
354 /* the bssid we have is not to be fixed any longer, 353 /* the bssid we have is not to be fixed any longer,
355 * and we should reassociate to the best AP. */ 354 * and we should reassociate to the best AP. */
356 mac->associnfo.bssfixed = 0; 355 mac->associnfo.bssfixed = 0;
357 /* force reassociation */ 356 /* force reassociation */
358 mac->associnfo.bssvalid = 0; 357 mac->associnfo.bssvalid = 0;
359 if (mac->associated) 358 if (mac->associnfo.associated)
360 schedule_work(&mac->associnfo.work); 359 schedule_work(&mac->associnfo.work);
361 } else if (is_zero_ether_addr(data->ap_addr.sa_data)) { 360 } else if (is_zero_ether_addr(data->ap_addr.sa_data)) {
362 /* the bssid we have is no longer fixed */ 361 /* the bssid we have is no longer fixed */
363 mac->associnfo.bssfixed = 0; 362 mac->associnfo.bssfixed = 0;
364 } else { 363 } else {
365 if (!memcmp(mac->associnfo.bssid, data->ap_addr.sa_data, ETH_ALEN)) { 364 if (!memcmp(mac->associnfo.bssid, data->ap_addr.sa_data, ETH_ALEN)) {
366 if (mac->associnfo.associating || mac->associated) { 365 if (mac->associnfo.associating || mac->associnfo.associated) {
367 /* bssid unchanged and associated or associating - just return */ 366 /* bssid unchanged and associated or associating - just return */
368 goto out; 367 goto out;
369 } 368 }
@@ -378,7 +377,8 @@ ieee80211softmac_wx_set_wap(struct net_device *net_dev,
378 } 377 }
379 378
380 out: 379 out:
381 spin_unlock_irqrestore(&mac->lock, flags); 380 mutex_unlock(&mac->associnfo.mutex);
381
382 return 0; 382 return 0;
383} 383}
384EXPORT_SYMBOL_GPL(ieee80211softmac_wx_set_wap); 384EXPORT_SYMBOL_GPL(ieee80211softmac_wx_set_wap);
@@ -394,7 +394,8 @@ ieee80211softmac_wx_set_genie(struct net_device *dev,
394 int err = 0; 394 int err = 0;
395 char *buf; 395 char *buf;
396 int i; 396 int i;
397 397
398 mutex_lock(&mac->associnfo.mutex);
398 spin_lock_irqsave(&mac->lock, flags); 399 spin_lock_irqsave(&mac->lock, flags);
399 /* bleh. shouldn't be locked for that kmalloc... */ 400 /* bleh. shouldn't be locked for that kmalloc... */
400 401
@@ -432,6 +433,8 @@ ieee80211softmac_wx_set_genie(struct net_device *dev,
432 433
433 out: 434 out:
434 spin_unlock_irqrestore(&mac->lock, flags); 435 spin_unlock_irqrestore(&mac->lock, flags);
436 mutex_unlock(&mac->associnfo.mutex);
437
435 return err; 438 return err;
436} 439}
437EXPORT_SYMBOL_GPL(ieee80211softmac_wx_set_genie); 440EXPORT_SYMBOL_GPL(ieee80211softmac_wx_set_genie);
@@ -446,7 +449,8 @@ ieee80211softmac_wx_get_genie(struct net_device *dev,
446 unsigned long flags; 449 unsigned long flags;
447 int err = 0; 450 int err = 0;
448 int space = wrqu->data.length; 451 int space = wrqu->data.length;
449 452
453 mutex_lock(&mac->associnfo.mutex);
450 spin_lock_irqsave(&mac->lock, flags); 454 spin_lock_irqsave(&mac->lock, flags);
451 455
452 wrqu->data.length = 0; 456 wrqu->data.length = 0;
@@ -459,6 +463,8 @@ ieee80211softmac_wx_get_genie(struct net_device *dev,
459 err = -E2BIG; 463 err = -E2BIG;
460 } 464 }
461 spin_unlock_irqrestore(&mac->lock, flags); 465 spin_unlock_irqrestore(&mac->lock, flags);
466 mutex_lock(&mac->associnfo.mutex);
467
462 return err; 468 return err;
463} 469}
464EXPORT_SYMBOL_GPL(ieee80211softmac_wx_get_genie); 470EXPORT_SYMBOL_GPL(ieee80211softmac_wx_get_genie);
@@ -473,10 +479,13 @@ ieee80211softmac_wx_set_mlme(struct net_device *dev,
473 struct iw_mlme *mlme = (struct iw_mlme *)extra; 479 struct iw_mlme *mlme = (struct iw_mlme *)extra;
474 u16 reason = cpu_to_le16(mlme->reason_code); 480 u16 reason = cpu_to_le16(mlme->reason_code);
475 struct ieee80211softmac_network *net; 481 struct ieee80211softmac_network *net;
482 int err = -EINVAL;
483
484 mutex_lock(&mac->associnfo.mutex);
476 485
477 if (memcmp(mac->associnfo.bssid, mlme->addr.sa_data, ETH_ALEN)) { 486 if (memcmp(mac->associnfo.bssid, mlme->addr.sa_data, ETH_ALEN)) {
478 printk(KERN_DEBUG PFX "wx_set_mlme: requested operation on net we don't use\n"); 487 printk(KERN_DEBUG PFX "wx_set_mlme: requested operation on net we don't use\n");
479 return -EINVAL; 488 goto out;
480 } 489 }
481 490
482 switch (mlme->cmd) { 491 switch (mlme->cmd) {
@@ -484,14 +493,22 @@ ieee80211softmac_wx_set_mlme(struct net_device *dev,
484 net = ieee80211softmac_get_network_by_bssid_locked(mac, mlme->addr.sa_data); 493 net = ieee80211softmac_get_network_by_bssid_locked(mac, mlme->addr.sa_data);
485 if (!net) { 494 if (!net) {
486 printk(KERN_DEBUG PFX "wx_set_mlme: we should know the net here...\n"); 495 printk(KERN_DEBUG PFX "wx_set_mlme: we should know the net here...\n");
487 return -EINVAL; 496 goto out;
488 } 497 }
489 return ieee80211softmac_deauth_req(mac, net, reason); 498 return ieee80211softmac_deauth_req(mac, net, reason);
490 case IW_MLME_DISASSOC: 499 case IW_MLME_DISASSOC:
491 ieee80211softmac_send_disassoc_req(mac, reason); 500 ieee80211softmac_send_disassoc_req(mac, reason);
492 return 0; 501 mac->associnfo.associated = 0;
502 mac->associnfo.associating = 0;
503 err = 0;
504 goto out;
493 default: 505 default:
494 return -EOPNOTSUPP; 506 err = -EOPNOTSUPP;
495 } 507 }
508
509out:
510 mutex_unlock(&mac->associnfo.mutex);
511
512 return err;
496} 513}
497EXPORT_SYMBOL_GPL(ieee80211softmac_wx_set_mlme); 514EXPORT_SYMBOL_GPL(ieee80211softmac_wx_set_mlme);
diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c
index a8e2e879a647..e2077a3aa8c0 100644
--- a/net/ipv4/cipso_ipv4.c
+++ b/net/ipv4/cipso_ipv4.c
@@ -43,6 +43,7 @@
43#include <net/tcp.h> 43#include <net/tcp.h>
44#include <net/netlabel.h> 44#include <net/netlabel.h>
45#include <net/cipso_ipv4.h> 45#include <net/cipso_ipv4.h>
46#include <asm/atomic.h>
46#include <asm/bug.h> 47#include <asm/bug.h>
47 48
48struct cipso_v4_domhsh_entry { 49struct cipso_v4_domhsh_entry {
@@ -79,7 +80,7 @@ struct cipso_v4_map_cache_entry {
79 unsigned char *key; 80 unsigned char *key;
80 size_t key_len; 81 size_t key_len;
81 82
82 struct netlbl_lsm_cache lsm_data; 83 struct netlbl_lsm_cache *lsm_data;
83 84
84 u32 activity; 85 u32 activity;
85 struct list_head list; 86 struct list_head list;
@@ -188,13 +189,14 @@ static void cipso_v4_doi_domhsh_free(struct rcu_head *entry)
188 * @entry: the entry to free 189 * @entry: the entry to free
189 * 190 *
190 * Description: 191 * Description:
191 * This function frees the memory associated with a cache entry. 192 * This function frees the memory associated with a cache entry including the
193 * LSM cache data if there are no longer any users, i.e. reference count == 0.
192 * 194 *
193 */ 195 */
194static void cipso_v4_cache_entry_free(struct cipso_v4_map_cache_entry *entry) 196static void cipso_v4_cache_entry_free(struct cipso_v4_map_cache_entry *entry)
195{ 197{
196 if (entry->lsm_data.free) 198 if (entry->lsm_data)
197 entry->lsm_data.free(entry->lsm_data.data); 199 netlbl_secattr_cache_free(entry->lsm_data);
198 kfree(entry->key); 200 kfree(entry->key);
199 kfree(entry); 201 kfree(entry);
200} 202}
@@ -315,8 +317,8 @@ static int cipso_v4_cache_check(const unsigned char *key,
315 entry->key_len == key_len && 317 entry->key_len == key_len &&
316 memcmp(entry->key, key, key_len) == 0) { 318 memcmp(entry->key, key, key_len) == 0) {
317 entry->activity += 1; 319 entry->activity += 1;
318 secattr->cache.free = entry->lsm_data.free; 320 atomic_inc(&entry->lsm_data->refcount);
319 secattr->cache.data = entry->lsm_data.data; 321 secattr->cache = entry->lsm_data;
320 if (prev_entry == NULL) { 322 if (prev_entry == NULL) {
321 spin_unlock_bh(&cipso_v4_cache[bkt].lock); 323 spin_unlock_bh(&cipso_v4_cache[bkt].lock);
322 return 0; 324 return 0;
@@ -383,8 +385,8 @@ int cipso_v4_cache_add(const struct sk_buff *skb,
383 memcpy(entry->key, cipso_ptr, cipso_ptr_len); 385 memcpy(entry->key, cipso_ptr, cipso_ptr_len);
384 entry->key_len = cipso_ptr_len; 386 entry->key_len = cipso_ptr_len;
385 entry->hash = cipso_v4_map_cache_hash(cipso_ptr, cipso_ptr_len); 387 entry->hash = cipso_v4_map_cache_hash(cipso_ptr, cipso_ptr_len);
386 entry->lsm_data.free = secattr->cache.free; 388 atomic_inc(&secattr->cache->refcount);
387 entry->lsm_data.data = secattr->cache.data; 389 entry->lsm_data = secattr->cache;
388 390
389 bkt = entry->hash & (CIPSO_V4_CACHE_BUCKETBITS - 1); 391 bkt = entry->hash & (CIPSO_V4_CACHE_BUCKETBITS - 1);
390 spin_lock_bh(&cipso_v4_cache[bkt].lock); 392 spin_lock_bh(&cipso_v4_cache[bkt].lock);
@@ -771,13 +773,15 @@ static int cipso_v4_map_cat_rbm_valid(const struct cipso_v4_doi *doi_def,
771{ 773{
772 int cat = -1; 774 int cat = -1;
773 u32 bitmap_len_bits = bitmap_len * 8; 775 u32 bitmap_len_bits = bitmap_len * 8;
774 u32 cipso_cat_size = doi_def->map.std->cat.cipso_size; 776 u32 cipso_cat_size;
775 u32 *cipso_array = doi_def->map.std->cat.cipso; 777 u32 *cipso_array;
776 778
777 switch (doi_def->type) { 779 switch (doi_def->type) {
778 case CIPSO_V4_MAP_PASS: 780 case CIPSO_V4_MAP_PASS:
779 return 0; 781 return 0;
780 case CIPSO_V4_MAP_STD: 782 case CIPSO_V4_MAP_STD:
783 cipso_cat_size = doi_def->map.std->cat.cipso_size;
784 cipso_array = doi_def->map.std->cat.cipso;
781 for (;;) { 785 for (;;) {
782 cat = cipso_v4_bitmap_walk(bitmap, 786 cat = cipso_v4_bitmap_walk(bitmap,
783 bitmap_len_bits, 787 bitmap_len_bits,
@@ -823,19 +827,21 @@ static int cipso_v4_map_cat_rbm_hton(const struct cipso_v4_doi *doi_def,
823 u32 net_spot_max = 0; 827 u32 net_spot_max = 0;
824 u32 host_clen_bits = host_cat_len * 8; 828 u32 host_clen_bits = host_cat_len * 8;
825 u32 net_clen_bits = net_cat_len * 8; 829 u32 net_clen_bits = net_cat_len * 8;
826 u32 host_cat_size = doi_def->map.std->cat.local_size; 830 u32 host_cat_size;
827 u32 *host_cat_array = doi_def->map.std->cat.local; 831 u32 *host_cat_array;
828 832
829 switch (doi_def->type) { 833 switch (doi_def->type) {
830 case CIPSO_V4_MAP_PASS: 834 case CIPSO_V4_MAP_PASS:
831 net_spot_max = host_cat_len - 1; 835 net_spot_max = host_cat_len;
832 while (net_spot_max > 0 && host_cat[net_spot_max] == 0) 836 while (net_spot_max > 0 && host_cat[net_spot_max - 1] == 0)
833 net_spot_max--; 837 net_spot_max--;
834 if (net_spot_max > net_cat_len) 838 if (net_spot_max > net_cat_len)
835 return -EINVAL; 839 return -EINVAL;
836 memcpy(net_cat, host_cat, net_spot_max); 840 memcpy(net_cat, host_cat, net_spot_max);
837 return net_spot_max; 841 return net_spot_max;
838 case CIPSO_V4_MAP_STD: 842 case CIPSO_V4_MAP_STD:
843 host_cat_size = doi_def->map.std->cat.local_size;
844 host_cat_array = doi_def->map.std->cat.local;
839 for (;;) { 845 for (;;) {
840 host_spot = cipso_v4_bitmap_walk(host_cat, 846 host_spot = cipso_v4_bitmap_walk(host_cat,
841 host_clen_bits, 847 host_clen_bits,
@@ -891,8 +897,8 @@ static int cipso_v4_map_cat_rbm_ntoh(const struct cipso_v4_doi *doi_def,
891 int net_spot = -1; 897 int net_spot = -1;
892 u32 net_clen_bits = net_cat_len * 8; 898 u32 net_clen_bits = net_cat_len * 8;
893 u32 host_clen_bits = host_cat_len * 8; 899 u32 host_clen_bits = host_cat_len * 8;
894 u32 net_cat_size = doi_def->map.std->cat.cipso_size; 900 u32 net_cat_size;
895 u32 *net_cat_array = doi_def->map.std->cat.cipso; 901 u32 *net_cat_array;
896 902
897 switch (doi_def->type) { 903 switch (doi_def->type) {
898 case CIPSO_V4_MAP_PASS: 904 case CIPSO_V4_MAP_PASS:
@@ -901,6 +907,8 @@ static int cipso_v4_map_cat_rbm_ntoh(const struct cipso_v4_doi *doi_def,
901 memcpy(host_cat, net_cat, net_cat_len); 907 memcpy(host_cat, net_cat, net_cat_len);
902 return net_cat_len; 908 return net_cat_len;
903 case CIPSO_V4_MAP_STD: 909 case CIPSO_V4_MAP_STD:
910 net_cat_size = doi_def->map.std->cat.cipso_size;
911 net_cat_array = doi_def->map.std->cat.cipso;
904 for (;;) { 912 for (;;) {
905 net_spot = cipso_v4_bitmap_walk(net_cat, 913 net_spot = cipso_v4_bitmap_walk(net_cat,
906 net_clen_bits, 914 net_clen_bits,
diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c
index 9c399a70dd5d..af0190d8b6c0 100644
--- a/net/ipv4/fib_frontend.c
+++ b/net/ipv4/fib_frontend.c
@@ -482,9 +482,7 @@ static int rtm_to_fib_config(struct sk_buff *skb, struct nlmsghdr *nlh,
482 memset(cfg, 0, sizeof(*cfg)); 482 memset(cfg, 0, sizeof(*cfg));
483 483
484 rtm = nlmsg_data(nlh); 484 rtm = nlmsg_data(nlh);
485 cfg->fc_family = rtm->rtm_family;
486 cfg->fc_dst_len = rtm->rtm_dst_len; 485 cfg->fc_dst_len = rtm->rtm_dst_len;
487 cfg->fc_src_len = rtm->rtm_src_len;
488 cfg->fc_tos = rtm->rtm_tos; 486 cfg->fc_tos = rtm->rtm_tos;
489 cfg->fc_table = rtm->rtm_table; 487 cfg->fc_table = rtm->rtm_table;
490 cfg->fc_protocol = rtm->rtm_protocol; 488 cfg->fc_protocol = rtm->rtm_protocol;
@@ -501,9 +499,6 @@ static int rtm_to_fib_config(struct sk_buff *skb, struct nlmsghdr *nlh,
501 case RTA_DST: 499 case RTA_DST:
502 cfg->fc_dst = nla_get_be32(attr); 500 cfg->fc_dst = nla_get_be32(attr);
503 break; 501 break;
504 case RTA_SRC:
505 cfg->fc_src = nla_get_be32(attr);
506 break;
507 case RTA_OIF: 502 case RTA_OIF:
508 cfg->fc_oif = nla_get_u32(attr); 503 cfg->fc_oif = nla_get_u32(attr);
509 break; 504 break;
diff --git a/net/ipv4/inetpeer.c b/net/ipv4/inetpeer.c
index 2b1a54b59c48..f072f3875af8 100644
--- a/net/ipv4/inetpeer.c
+++ b/net/ipv4/inetpeer.c
@@ -94,10 +94,8 @@ int inet_peer_minttl = 120 * HZ; /* TTL under high load: 120 sec */
94int inet_peer_maxttl = 10 * 60 * HZ; /* usual time to live: 10 min */ 94int inet_peer_maxttl = 10 * 60 * HZ; /* usual time to live: 10 min */
95 95
96static struct inet_peer *inet_peer_unused_head; 96static struct inet_peer *inet_peer_unused_head;
97/* Exported for inet_putpeer inline function. */ 97static struct inet_peer **inet_peer_unused_tailp = &inet_peer_unused_head;
98struct inet_peer **inet_peer_unused_tailp = &inet_peer_unused_head; 98static DEFINE_SPINLOCK(inet_peer_unused_lock);
99DEFINE_SPINLOCK(inet_peer_unused_lock);
100#define PEER_MAX_CLEANUP_WORK 30
101 99
102static void peer_check_expire(unsigned long dummy); 100static void peer_check_expire(unsigned long dummy);
103static DEFINE_TIMER(peer_periodic_timer, peer_check_expire, 0, 0); 101static DEFINE_TIMER(peer_periodic_timer, peer_check_expire, 0, 0);
@@ -340,7 +338,8 @@ static int cleanup_once(unsigned long ttl)
340 spin_lock_bh(&inet_peer_unused_lock); 338 spin_lock_bh(&inet_peer_unused_lock);
341 p = inet_peer_unused_head; 339 p = inet_peer_unused_head;
342 if (p != NULL) { 340 if (p != NULL) {
343 if (time_after(p->dtime + ttl, jiffies)) { 341 __u32 delta = (__u32)jiffies - p->dtime;
342 if (delta < ttl) {
344 /* Do not prune fresh entries. */ 343 /* Do not prune fresh entries. */
345 spin_unlock_bh(&inet_peer_unused_lock); 344 spin_unlock_bh(&inet_peer_unused_lock);
346 return -1; 345 return -1;
@@ -432,7 +431,7 @@ out_free:
432/* Called with local BH disabled. */ 431/* Called with local BH disabled. */
433static void peer_check_expire(unsigned long dummy) 432static void peer_check_expire(unsigned long dummy)
434{ 433{
435 int i; 434 unsigned long now = jiffies;
436 int ttl; 435 int ttl;
437 436
438 if (peer_total >= inet_peer_threshold) 437 if (peer_total >= inet_peer_threshold)
@@ -441,7 +440,10 @@ static void peer_check_expire(unsigned long dummy)
441 ttl = inet_peer_maxttl 440 ttl = inet_peer_maxttl
442 - (inet_peer_maxttl - inet_peer_minttl) / HZ * 441 - (inet_peer_maxttl - inet_peer_minttl) / HZ *
443 peer_total / inet_peer_threshold * HZ; 442 peer_total / inet_peer_threshold * HZ;
444 for (i = 0; i < PEER_MAX_CLEANUP_WORK && !cleanup_once(ttl); i++); 443 while (!cleanup_once(ttl)) {
444 if (jiffies != now)
445 break;
446 }
445 447
446 /* Trigger the timer after inet_peer_gc_mintime .. inet_peer_gc_maxtime 448 /* Trigger the timer after inet_peer_gc_mintime .. inet_peer_gc_maxtime
447 * interval depending on the total number of entries (more entries, 449 * interval depending on the total number of entries (more entries,
@@ -455,3 +457,16 @@ static void peer_check_expire(unsigned long dummy)
455 peer_total / inet_peer_threshold * HZ; 457 peer_total / inet_peer_threshold * HZ;
456 add_timer(&peer_periodic_timer); 458 add_timer(&peer_periodic_timer);
457} 459}
460
461void inet_putpeer(struct inet_peer *p)
462{
463 spin_lock_bh(&inet_peer_unused_lock);
464 if (atomic_dec_and_test(&p->refcnt)) {
465 p->unused_prevp = inet_peer_unused_tailp;
466 p->unused_next = NULL;
467 *inet_peer_unused_tailp = p;
468 inet_peer_unused_tailp = &p->unused_next;
469 p->dtime = (__u32)jiffies;
470 }
471 spin_unlock_bh(&inet_peer_unused_lock);
472}
diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
index f5fba051df3d..d5b5dec075b8 100644
--- a/net/ipv4/ip_gre.c
+++ b/net/ipv4/ip_gre.c
@@ -611,8 +611,8 @@ static int ipgre_rcv(struct sk_buff *skb)
611 * - When dealing with WCCPv2, Skip extra 4 bytes in GRE header 611 * - When dealing with WCCPv2, Skip extra 4 bytes in GRE header
612 */ 612 */
613 if (flags == 0 && 613 if (flags == 0 &&
614 skb->protocol == __constant_htons(ETH_P_WCCP)) { 614 skb->protocol == htons(ETH_P_WCCP)) {
615 skb->protocol = __constant_htons(ETH_P_IP); 615 skb->protocol = htons(ETH_P_IP);
616 if ((*(h + offset) & 0xF0) != 0x40) 616 if ((*(h + offset) & 0xF0) != 0x40)
617 offset += 4; 617 offset += 4;
618 } 618 }
diff --git a/net/ipv4/ipvs/ip_vs_ftp.c b/net/ipv4/ipvs/ip_vs_ftp.c
index e433cb0ff894..6d398f10aa91 100644
--- a/net/ipv4/ipvs/ip_vs_ftp.c
+++ b/net/ipv4/ipvs/ip_vs_ftp.c
@@ -274,7 +274,7 @@ static int ip_vs_ftp_in(struct ip_vs_app *app, struct ip_vs_conn *cp,
274 while (data <= data_limit - 6) { 274 while (data <= data_limit - 6) {
275 if (strnicmp(data, "PASV\r\n", 6) == 0) { 275 if (strnicmp(data, "PASV\r\n", 6) == 0) {
276 /* Passive mode on */ 276 /* Passive mode on */
277 IP_VS_DBG(7, "got PASV at %zd of %zd\n", 277 IP_VS_DBG(7, "got PASV at %td of %td\n",
278 data - data_start, 278 data - data_start,
279 data_limit - data_start); 279 data_limit - data_start);
280 cp->app_data = &ip_vs_ftp_pasv; 280 cp->app_data = &ip_vs_ftp_pasv;
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
index 17e1a687ab45..0849f1cced13 100644
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -1196,6 +1196,8 @@ err1:
1196static void __exit arp_tables_fini(void) 1196static void __exit arp_tables_fini(void)
1197{ 1197{
1198 nf_unregister_sockopt(&arpt_sockopts); 1198 nf_unregister_sockopt(&arpt_sockopts);
1199 xt_unregister_target(&arpt_error_target);
1200 xt_unregister_target(&arpt_standard_target);
1199 xt_proto_fini(NF_ARP); 1201 xt_proto_fini(NF_ARP);
1200} 1202}
1201 1203
diff --git a/net/ipv4/netfilter/ip_conntrack_netlink.c b/net/ipv4/netfilter/ip_conntrack_netlink.c
index 53b6dffea6c2..262d0d44ec1b 100644
--- a/net/ipv4/netfilter/ip_conntrack_netlink.c
+++ b/net/ipv4/netfilter/ip_conntrack_netlink.c
@@ -44,13 +44,6 @@ MODULE_LICENSE("GPL");
44 44
45static char __initdata version[] = "0.90"; 45static char __initdata version[] = "0.90";
46 46
47#if 0
48#define DEBUGP printk
49#else
50#define DEBUGP(format, args...)
51#endif
52
53
54static inline int 47static inline int
55ctnetlink_dump_tuples_proto(struct sk_buff *skb, 48ctnetlink_dump_tuples_proto(struct sk_buff *skb,
56 const struct ip_conntrack_tuple *tuple, 49 const struct ip_conntrack_tuple *tuple,
@@ -398,7 +391,6 @@ nfattr_failure:
398 391
399static int ctnetlink_done(struct netlink_callback *cb) 392static int ctnetlink_done(struct netlink_callback *cb)
400{ 393{
401 DEBUGP("entered %s\n", __FUNCTION__);
402 if (cb->args[1]) 394 if (cb->args[1])
403 ip_conntrack_put((struct ip_conntrack *)cb->args[1]); 395 ip_conntrack_put((struct ip_conntrack *)cb->args[1]);
404 return 0; 396 return 0;
@@ -411,9 +403,6 @@ ctnetlink_dump_table(struct sk_buff *skb, struct netlink_callback *cb)
411 struct ip_conntrack_tuple_hash *h; 403 struct ip_conntrack_tuple_hash *h;
412 struct list_head *i; 404 struct list_head *i;
413 405
414 DEBUGP("entered %s, last bucket=%lu id=%u\n", __FUNCTION__,
415 cb->args[0], *id);
416
417 read_lock_bh(&ip_conntrack_lock); 406 read_lock_bh(&ip_conntrack_lock);
418 last = (struct ip_conntrack *)cb->args[1]; 407 last = (struct ip_conntrack *)cb->args[1];
419 for (; cb->args[0] < ip_conntrack_htable_size; cb->args[0]++) { 408 for (; cb->args[0] < ip_conntrack_htable_size; cb->args[0]++) {
@@ -452,7 +441,6 @@ out:
452 if (last) 441 if (last)
453 ip_conntrack_put(last); 442 ip_conntrack_put(last);
454 443
455 DEBUGP("leaving, last bucket=%lu id=%u\n", cb->args[0], *id);
456 return skb->len; 444 return skb->len;
457} 445}
458 446
@@ -466,8 +454,6 @@ ctnetlink_parse_tuple_ip(struct nfattr *attr, struct ip_conntrack_tuple *tuple)
466{ 454{
467 struct nfattr *tb[CTA_IP_MAX]; 455 struct nfattr *tb[CTA_IP_MAX];
468 456
469 DEBUGP("entered %s\n", __FUNCTION__);
470
471 nfattr_parse_nested(tb, CTA_IP_MAX, attr); 457 nfattr_parse_nested(tb, CTA_IP_MAX, attr);
472 458
473 if (nfattr_bad_size(tb, CTA_IP_MAX, cta_min_ip)) 459 if (nfattr_bad_size(tb, CTA_IP_MAX, cta_min_ip))
@@ -481,8 +467,6 @@ ctnetlink_parse_tuple_ip(struct nfattr *attr, struct ip_conntrack_tuple *tuple)
481 return -EINVAL; 467 return -EINVAL;
482 tuple->dst.ip = *(__be32 *)NFA_DATA(tb[CTA_IP_V4_DST-1]); 468 tuple->dst.ip = *(__be32 *)NFA_DATA(tb[CTA_IP_V4_DST-1]);
483 469
484 DEBUGP("leaving\n");
485
486 return 0; 470 return 0;
487} 471}
488 472
@@ -503,8 +487,6 @@ ctnetlink_parse_tuple_proto(struct nfattr *attr,
503 struct ip_conntrack_protocol *proto; 487 struct ip_conntrack_protocol *proto;
504 int ret = 0; 488 int ret = 0;
505 489
506 DEBUGP("entered %s\n", __FUNCTION__);
507
508 nfattr_parse_nested(tb, CTA_PROTO_MAX, attr); 490 nfattr_parse_nested(tb, CTA_PROTO_MAX, attr);
509 491
510 if (nfattr_bad_size(tb, CTA_PROTO_MAX, cta_min_proto)) 492 if (nfattr_bad_size(tb, CTA_PROTO_MAX, cta_min_proto))
@@ -531,8 +513,6 @@ ctnetlink_parse_tuple(struct nfattr *cda[], struct ip_conntrack_tuple *tuple,
531 struct nfattr *tb[CTA_TUPLE_MAX]; 513 struct nfattr *tb[CTA_TUPLE_MAX];
532 int err; 514 int err;
533 515
534 DEBUGP("entered %s\n", __FUNCTION__);
535
536 memset(tuple, 0, sizeof(*tuple)); 516 memset(tuple, 0, sizeof(*tuple));
537 517
538 nfattr_parse_nested(tb, CTA_TUPLE_MAX, cda[type-1]); 518 nfattr_parse_nested(tb, CTA_TUPLE_MAX, cda[type-1]);
@@ -557,10 +537,6 @@ ctnetlink_parse_tuple(struct nfattr *cda[], struct ip_conntrack_tuple *tuple,
557 else 537 else
558 tuple->dst.dir = IP_CT_DIR_ORIGINAL; 538 tuple->dst.dir = IP_CT_DIR_ORIGINAL;
559 539
560 DUMP_TUPLE(tuple);
561
562 DEBUGP("leaving\n");
563
564 return 0; 540 return 0;
565} 541}
566 542
@@ -577,8 +553,6 @@ static int ctnetlink_parse_nat_proto(struct nfattr *attr,
577 struct nfattr *tb[CTA_PROTONAT_MAX]; 553 struct nfattr *tb[CTA_PROTONAT_MAX];
578 struct ip_nat_protocol *npt; 554 struct ip_nat_protocol *npt;
579 555
580 DEBUGP("entered %s\n", __FUNCTION__);
581
582 nfattr_parse_nested(tb, CTA_PROTONAT_MAX, attr); 556 nfattr_parse_nested(tb, CTA_PROTONAT_MAX, attr);
583 557
584 if (nfattr_bad_size(tb, CTA_PROTONAT_MAX, cta_min_protonat)) 558 if (nfattr_bad_size(tb, CTA_PROTONAT_MAX, cta_min_protonat))
@@ -597,7 +571,6 @@ static int ctnetlink_parse_nat_proto(struct nfattr *attr,
597 571
598 ip_nat_proto_put(npt); 572 ip_nat_proto_put(npt);
599 573
600 DEBUGP("leaving\n");
601 return 0; 574 return 0;
602} 575}
603 576
@@ -613,8 +586,6 @@ ctnetlink_parse_nat(struct nfattr *nat,
613 struct nfattr *tb[CTA_NAT_MAX]; 586 struct nfattr *tb[CTA_NAT_MAX];
614 int err; 587 int err;
615 588
616 DEBUGP("entered %s\n", __FUNCTION__);
617
618 memset(range, 0, sizeof(*range)); 589 memset(range, 0, sizeof(*range));
619 590
620 nfattr_parse_nested(tb, CTA_NAT_MAX, nat); 591 nfattr_parse_nested(tb, CTA_NAT_MAX, nat);
@@ -640,7 +611,6 @@ ctnetlink_parse_nat(struct nfattr *nat,
640 if (err < 0) 611 if (err < 0)
641 return err; 612 return err;
642 613
643 DEBUGP("leaving\n");
644 return 0; 614 return 0;
645} 615}
646#endif 616#endif
@@ -650,8 +620,6 @@ ctnetlink_parse_help(struct nfattr *attr, char **helper_name)
650{ 620{
651 struct nfattr *tb[CTA_HELP_MAX]; 621 struct nfattr *tb[CTA_HELP_MAX];
652 622
653 DEBUGP("entered %s\n", __FUNCTION__);
654
655 nfattr_parse_nested(tb, CTA_HELP_MAX, attr); 623 nfattr_parse_nested(tb, CTA_HELP_MAX, attr);
656 624
657 if (!tb[CTA_HELP_NAME-1]) 625 if (!tb[CTA_HELP_NAME-1])
@@ -679,8 +647,6 @@ ctnetlink_del_conntrack(struct sock *ctnl, struct sk_buff *skb,
679 struct ip_conntrack *ct; 647 struct ip_conntrack *ct;
680 int err = 0; 648 int err = 0;
681 649
682 DEBUGP("entered %s\n", __FUNCTION__);
683
684 if (nfattr_bad_size(cda, CTA_MAX, cta_min)) 650 if (nfattr_bad_size(cda, CTA_MAX, cta_min))
685 return -EINVAL; 651 return -EINVAL;
686 652
@@ -698,10 +664,8 @@ ctnetlink_del_conntrack(struct sock *ctnl, struct sk_buff *skb,
698 return err; 664 return err;
699 665
700 h = ip_conntrack_find_get(&tuple, NULL); 666 h = ip_conntrack_find_get(&tuple, NULL);
701 if (!h) { 667 if (!h)
702 DEBUGP("tuple not found in conntrack hash\n");
703 return -ENOENT; 668 return -ENOENT;
704 }
705 669
706 ct = tuplehash_to_ctrack(h); 670 ct = tuplehash_to_ctrack(h);
707 671
@@ -716,7 +680,6 @@ ctnetlink_del_conntrack(struct sock *ctnl, struct sk_buff *skb,
716 ct->timeout.function((unsigned long)ct); 680 ct->timeout.function((unsigned long)ct);
717 681
718 ip_conntrack_put(ct); 682 ip_conntrack_put(ct);
719 DEBUGP("leaving\n");
720 683
721 return 0; 684 return 0;
722} 685}
@@ -731,8 +694,6 @@ ctnetlink_get_conntrack(struct sock *ctnl, struct sk_buff *skb,
731 struct sk_buff *skb2 = NULL; 694 struct sk_buff *skb2 = NULL;
732 int err = 0; 695 int err = 0;
733 696
734 DEBUGP("entered %s\n", __FUNCTION__);
735
736 if (nlh->nlmsg_flags & NLM_F_DUMP) { 697 if (nlh->nlmsg_flags & NLM_F_DUMP) {
737 struct nfgenmsg *msg = NLMSG_DATA(nlh); 698 struct nfgenmsg *msg = NLMSG_DATA(nlh);
738 u32 rlen; 699 u32 rlen;
@@ -770,11 +731,9 @@ ctnetlink_get_conntrack(struct sock *ctnl, struct sk_buff *skb,
770 return err; 731 return err;
771 732
772 h = ip_conntrack_find_get(&tuple, NULL); 733 h = ip_conntrack_find_get(&tuple, NULL);
773 if (!h) { 734 if (!h)
774 DEBUGP("tuple not found in conntrack hash");
775 return -ENOENT; 735 return -ENOENT;
776 } 736
777 DEBUGP("tuple found\n");
778 ct = tuplehash_to_ctrack(h); 737 ct = tuplehash_to_ctrack(h);
779 738
780 err = -ENOMEM; 739 err = -ENOMEM;
@@ -795,7 +754,6 @@ ctnetlink_get_conntrack(struct sock *ctnl, struct sk_buff *skb,
795 if (err < 0) 754 if (err < 0)
796 goto out; 755 goto out;
797 756
798 DEBUGP("leaving\n");
799 return 0; 757 return 0;
800 758
801free: 759free:
@@ -866,8 +824,6 @@ ctnetlink_change_helper(struct ip_conntrack *ct, struct nfattr *cda[])
866 char *helpname; 824 char *helpname;
867 int err; 825 int err;
868 826
869 DEBUGP("entered %s\n", __FUNCTION__);
870
871 /* don't change helper of sibling connections */ 827 /* don't change helper of sibling connections */
872 if (ct->master) 828 if (ct->master)
873 return -EINVAL; 829 return -EINVAL;
@@ -938,8 +894,6 @@ ctnetlink_change_conntrack(struct ip_conntrack *ct, struct nfattr *cda[])
938{ 894{
939 int err; 895 int err;
940 896
941 DEBUGP("entered %s\n", __FUNCTION__);
942
943 if (cda[CTA_HELP-1]) { 897 if (cda[CTA_HELP-1]) {
944 err = ctnetlink_change_helper(ct, cda); 898 err = ctnetlink_change_helper(ct, cda);
945 if (err < 0) 899 if (err < 0)
@@ -969,7 +923,6 @@ ctnetlink_change_conntrack(struct ip_conntrack *ct, struct nfattr *cda[])
969 ct->mark = ntohl(*(__be32 *)NFA_DATA(cda[CTA_MARK-1])); 923 ct->mark = ntohl(*(__be32 *)NFA_DATA(cda[CTA_MARK-1]));
970#endif 924#endif
971 925
972 DEBUGP("all done\n");
973 return 0; 926 return 0;
974} 927}
975 928
@@ -981,8 +934,6 @@ ctnetlink_create_conntrack(struct nfattr *cda[],
981 struct ip_conntrack *ct; 934 struct ip_conntrack *ct;
982 int err = -EINVAL; 935 int err = -EINVAL;
983 936
984 DEBUGP("entered %s\n", __FUNCTION__);
985
986 ct = ip_conntrack_alloc(otuple, rtuple); 937 ct = ip_conntrack_alloc(otuple, rtuple);
987 if (ct == NULL || IS_ERR(ct)) 938 if (ct == NULL || IS_ERR(ct))
988 return -ENOMEM; 939 return -ENOMEM;
@@ -1017,7 +968,6 @@ ctnetlink_create_conntrack(struct nfattr *cda[],
1017 if (ct->helper) 968 if (ct->helper)
1018 ip_conntrack_helper_put(ct->helper); 969 ip_conntrack_helper_put(ct->helper);
1019 970
1020 DEBUGP("conntrack with id %u inserted\n", ct->id);
1021 return 0; 971 return 0;
1022 972
1023err: 973err:
@@ -1033,8 +983,6 @@ ctnetlink_new_conntrack(struct sock *ctnl, struct sk_buff *skb,
1033 struct ip_conntrack_tuple_hash *h = NULL; 983 struct ip_conntrack_tuple_hash *h = NULL;
1034 int err = 0; 984 int err = 0;
1035 985
1036 DEBUGP("entered %s\n", __FUNCTION__);
1037
1038 if (nfattr_bad_size(cda, CTA_MAX, cta_min)) 986 if (nfattr_bad_size(cda, CTA_MAX, cta_min))
1039 return -EINVAL; 987 return -EINVAL;
1040 988
@@ -1058,7 +1006,6 @@ ctnetlink_new_conntrack(struct sock *ctnl, struct sk_buff *skb,
1058 1006
1059 if (h == NULL) { 1007 if (h == NULL) {
1060 write_unlock_bh(&ip_conntrack_lock); 1008 write_unlock_bh(&ip_conntrack_lock);
1061 DEBUGP("no such conntrack, create new\n");
1062 err = -ENOENT; 1009 err = -ENOENT;
1063 if (nlh->nlmsg_flags & NLM_F_CREATE) 1010 if (nlh->nlmsg_flags & NLM_F_CREATE)
1064 err = ctnetlink_create_conntrack(cda, &otuple, &rtuple); 1011 err = ctnetlink_create_conntrack(cda, &otuple, &rtuple);
@@ -1074,7 +1021,6 @@ ctnetlink_new_conntrack(struct sock *ctnl, struct sk_buff *skb,
1074 1021
1075 /* We manipulate the conntrack inside the global conntrack table lock, 1022 /* We manipulate the conntrack inside the global conntrack table lock,
1076 * so there's no need to increase the refcount */ 1023 * so there's no need to increase the refcount */
1077 DEBUGP("conntrack found\n");
1078 err = -EEXIST; 1024 err = -EEXIST;
1079 if (!(nlh->nlmsg_flags & NLM_F_EXCL)) 1025 if (!(nlh->nlmsg_flags & NLM_F_EXCL))
1080 err = ctnetlink_change_conntrack(tuplehash_to_ctrack(h), cda); 1026 err = ctnetlink_change_conntrack(tuplehash_to_ctrack(h), cda);
@@ -1249,8 +1195,6 @@ ctnetlink_exp_dump_table(struct sk_buff *skb, struct netlink_callback *cb)
1249 struct list_head *i; 1195 struct list_head *i;
1250 u_int32_t *id = (u_int32_t *) &cb->args[0]; 1196 u_int32_t *id = (u_int32_t *) &cb->args[0];
1251 1197
1252 DEBUGP("entered %s, last id=%llu\n", __FUNCTION__, *id);
1253
1254 read_lock_bh(&ip_conntrack_lock); 1198 read_lock_bh(&ip_conntrack_lock);
1255 list_for_each_prev(i, &ip_conntrack_expect_list) { 1199 list_for_each_prev(i, &ip_conntrack_expect_list) {
1256 exp = (struct ip_conntrack_expect *) i; 1200 exp = (struct ip_conntrack_expect *) i;
@@ -1266,8 +1210,6 @@ ctnetlink_exp_dump_table(struct sk_buff *skb, struct netlink_callback *cb)
1266out: 1210out:
1267 read_unlock_bh(&ip_conntrack_lock); 1211 read_unlock_bh(&ip_conntrack_lock);
1268 1212
1269 DEBUGP("leaving, last id=%llu\n", *id);
1270
1271 return skb->len; 1213 return skb->len;
1272} 1214}
1273 1215
@@ -1285,8 +1227,6 @@ ctnetlink_get_expect(struct sock *ctnl, struct sk_buff *skb,
1285 struct sk_buff *skb2; 1227 struct sk_buff *skb2;
1286 int err = 0; 1228 int err = 0;
1287 1229
1288 DEBUGP("entered %s\n", __FUNCTION__);
1289
1290 if (nfattr_bad_size(cda, CTA_EXPECT_MAX, cta_min_exp)) 1230 if (nfattr_bad_size(cda, CTA_EXPECT_MAX, cta_min_exp))
1291 return -EINVAL; 1231 return -EINVAL;
1292 1232
@@ -1437,8 +1377,6 @@ ctnetlink_create_expect(struct nfattr *cda[])
1437 struct ip_conntrack *ct; 1377 struct ip_conntrack *ct;
1438 int err = 0; 1378 int err = 0;
1439 1379
1440 DEBUGP("entered %s\n", __FUNCTION__);
1441
1442 /* caller guarantees that those three CTA_EXPECT_* exist */ 1380 /* caller guarantees that those three CTA_EXPECT_* exist */
1443 err = ctnetlink_parse_tuple(cda, &tuple, CTA_EXPECT_TUPLE); 1381 err = ctnetlink_parse_tuple(cda, &tuple, CTA_EXPECT_TUPLE);
1444 if (err < 0) 1382 if (err < 0)
@@ -1490,8 +1428,6 @@ ctnetlink_new_expect(struct sock *ctnl, struct sk_buff *skb,
1490 struct ip_conntrack_expect *exp; 1428 struct ip_conntrack_expect *exp;
1491 int err = 0; 1429 int err = 0;
1492 1430
1493 DEBUGP("entered %s\n", __FUNCTION__);
1494
1495 if (nfattr_bad_size(cda, CTA_EXPECT_MAX, cta_min_exp)) 1431 if (nfattr_bad_size(cda, CTA_EXPECT_MAX, cta_min_exp))
1496 return -EINVAL; 1432 return -EINVAL;
1497 1433
@@ -1520,8 +1456,6 @@ ctnetlink_new_expect(struct sock *ctnl, struct sk_buff *skb,
1520 err = ctnetlink_change_expect(exp, cda); 1456 err = ctnetlink_change_expect(exp, cda);
1521 write_unlock_bh(&ip_conntrack_lock); 1457 write_unlock_bh(&ip_conntrack_lock);
1522 1458
1523 DEBUGP("leaving\n");
1524
1525 return err; 1459 return err;
1526} 1460}
1527 1461
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index 78a44b01c035..4b90927619b8 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -1932,6 +1932,9 @@ compat_do_ipt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
1932{ 1932{
1933 int ret; 1933 int ret;
1934 1934
1935 if (!capable(CAP_NET_ADMIN))
1936 return -EPERM;
1937
1935 switch (cmd) { 1938 switch (cmd) {
1936 case IPT_SO_GET_INFO: 1939 case IPT_SO_GET_INFO:
1937 ret = get_info(user, len, 1); 1940 ret = get_info(user, len, 1);
diff --git a/net/ipv4/netfilter/ipt_ECN.c b/net/ipv4/netfilter/ipt_ECN.c
index 12a818a2462f..1aa4517fbcdb 100644
--- a/net/ipv4/netfilter/ipt_ECN.c
+++ b/net/ipv4/netfilter/ipt_ECN.c
@@ -28,7 +28,7 @@ static inline int
28set_ect_ip(struct sk_buff **pskb, const struct ipt_ECN_info *einfo) 28set_ect_ip(struct sk_buff **pskb, const struct ipt_ECN_info *einfo)
29{ 29{
30 struct iphdr *iph = (*pskb)->nh.iph; 30 struct iphdr *iph = (*pskb)->nh.iph;
31 __be16 oldtos; 31 u_int16_t oldtos;
32 32
33 if ((iph->tos & IPT_ECN_IP_MASK) != (einfo->ip_ect & IPT_ECN_IP_MASK)) { 33 if ((iph->tos & IPT_ECN_IP_MASK) != (einfo->ip_ect & IPT_ECN_IP_MASK)) {
34 if (!skb_make_writable(pskb, sizeof(struct iphdr))) 34 if (!skb_make_writable(pskb, sizeof(struct iphdr)))
@@ -37,8 +37,8 @@ set_ect_ip(struct sk_buff **pskb, const struct ipt_ECN_info *einfo)
37 oldtos = iph->tos; 37 oldtos = iph->tos;
38 iph->tos &= ~IPT_ECN_IP_MASK; 38 iph->tos &= ~IPT_ECN_IP_MASK;
39 iph->tos |= (einfo->ip_ect & IPT_ECN_IP_MASK); 39 iph->tos |= (einfo->ip_ect & IPT_ECN_IP_MASK);
40 iph->check = nf_csum_update(oldtos ^ htons(0xFFFF), iph->tos, 40 iph->check = nf_csum_update(htons(oldtos) ^ htons(0xFFFF),
41 iph->check); 41 htons(iph->tos), iph->check);
42 } 42 }
43 return 1; 43 return 1;
44} 44}
diff --git a/net/ipv4/netfilter/ipt_TOS.c b/net/ipv4/netfilter/ipt_TOS.c
index 6b8b14ccc3d3..83b80b3a5d2f 100644
--- a/net/ipv4/netfilter/ipt_TOS.c
+++ b/net/ipv4/netfilter/ipt_TOS.c
@@ -30,7 +30,7 @@ target(struct sk_buff **pskb,
30{ 30{
31 const struct ipt_tos_target_info *tosinfo = targinfo; 31 const struct ipt_tos_target_info *tosinfo = targinfo;
32 struct iphdr *iph = (*pskb)->nh.iph; 32 struct iphdr *iph = (*pskb)->nh.iph;
33 __be16 oldtos; 33 u_int16_t oldtos;
34 34
35 if ((iph->tos & IPTOS_TOS_MASK) != tosinfo->tos) { 35 if ((iph->tos & IPTOS_TOS_MASK) != tosinfo->tos) {
36 if (!skb_make_writable(pskb, sizeof(struct iphdr))) 36 if (!skb_make_writable(pskb, sizeof(struct iphdr)))
@@ -38,8 +38,8 @@ target(struct sk_buff **pskb,
38 iph = (*pskb)->nh.iph; 38 iph = (*pskb)->nh.iph;
39 oldtos = iph->tos; 39 oldtos = iph->tos;
40 iph->tos = (iph->tos & IPTOS_PREC_MASK) | tosinfo->tos; 40 iph->tos = (iph->tos & IPTOS_PREC_MASK) | tosinfo->tos;
41 iph->check = nf_csum_update(oldtos ^ htons(0xFFFF), iph->tos, 41 iph->check = nf_csum_update(htons(oldtos) ^ htons(0xFFFF),
42 iph->check); 42 htons(iph->tos), iph->check);
43 } 43 }
44 return IPT_CONTINUE; 44 return IPT_CONTINUE;
45} 45}
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index c41ddba02e9d..925ee4dfc32c 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -566,9 +566,15 @@ static inline u32 rt_score(struct rtable *rt)
566 566
567static inline int compare_keys(struct flowi *fl1, struct flowi *fl2) 567static inline int compare_keys(struct flowi *fl1, struct flowi *fl2)
568{ 568{
569 return memcmp(&fl1->nl_u.ip4_u, &fl2->nl_u.ip4_u, sizeof(fl1->nl_u.ip4_u)) == 0 && 569 return ((fl1->nl_u.ip4_u.daddr ^ fl2->nl_u.ip4_u.daddr) |
570 fl1->oif == fl2->oif && 570 (fl1->nl_u.ip4_u.saddr ^ fl2->nl_u.ip4_u.saddr) |
571 fl1->iif == fl2->iif; 571#ifdef CONFIG_IP_ROUTE_FWMARK
572 (fl1->nl_u.ip4_u.fwmark ^ fl2->nl_u.ip4_u.fwmark) |
573#endif
574 (*(u16 *)&fl1->nl_u.ip4_u.tos ^
575 *(u16 *)&fl2->nl_u.ip4_u.tos) |
576 (fl1->oif ^ fl2->oif) |
577 (fl1->iif ^ fl2->iif)) == 0;
572} 578}
573 579
574#ifdef CONFIG_IP_ROUTE_MULTIPATH_CACHED 580#ifdef CONFIG_IP_ROUTE_MULTIPATH_CACHED
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index c83938b8fcb1..22ef8bd26620 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -355,7 +355,7 @@ void tcp_v4_err(struct sk_buff *skb, u32 info)
355 return; 355 return;
356 } 356 }
357 if (sk->sk_state == TCP_TIME_WAIT) { 357 if (sk->sk_state == TCP_TIME_WAIT) {
358 inet_twsk_put((struct inet_timewait_sock *)sk); 358 inet_twsk_put(inet_twsk(sk));
359 return; 359 return;
360 } 360 }
361 361
@@ -373,7 +373,7 @@ void tcp_v4_err(struct sk_buff *skb, u32 info)
373 seq = ntohl(th->seq); 373 seq = ntohl(th->seq);
374 if (sk->sk_state != TCP_LISTEN && 374 if (sk->sk_state != TCP_LISTEN &&
375 !between(seq, tp->snd_una, tp->snd_nxt)) { 375 !between(seq, tp->snd_una, tp->snd_nxt)) {
376 NET_INC_STATS(LINUX_MIB_OUTOFWINDOWICMPS); 376 NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS);
377 goto out; 377 goto out;
378 } 378 }
379 379
@@ -578,7 +578,7 @@ static void tcp_v4_send_ack(struct sk_buff *skb, u32 seq, u32 ack,
578 struct tcphdr *th = skb->h.th; 578 struct tcphdr *th = skb->h.th;
579 struct { 579 struct {
580 struct tcphdr th; 580 struct tcphdr th;
581 u32 tsopt[3]; 581 u32 tsopt[TCPOLEN_TSTAMP_ALIGNED >> 2];
582 } rep; 582 } rep;
583 struct ip_reply_arg arg; 583 struct ip_reply_arg arg;
584 584
@@ -960,7 +960,7 @@ static struct sock *tcp_v4_hnd_req(struct sock *sk, struct sk_buff *skb)
960 bh_lock_sock(nsk); 960 bh_lock_sock(nsk);
961 return nsk; 961 return nsk;
962 } 962 }
963 inet_twsk_put((struct inet_timewait_sock *)nsk); 963 inet_twsk_put(inet_twsk(nsk));
964 return NULL; 964 return NULL;
965 } 965 }
966 966
@@ -1154,26 +1154,24 @@ discard_and_relse:
1154 1154
1155do_time_wait: 1155do_time_wait:
1156 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) { 1156 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1157 inet_twsk_put((struct inet_timewait_sock *) sk); 1157 inet_twsk_put(inet_twsk(sk));
1158 goto discard_it; 1158 goto discard_it;
1159 } 1159 }
1160 1160
1161 if (skb->len < (th->doff << 2) || tcp_checksum_complete(skb)) { 1161 if (skb->len < (th->doff << 2) || tcp_checksum_complete(skb)) {
1162 TCP_INC_STATS_BH(TCP_MIB_INERRS); 1162 TCP_INC_STATS_BH(TCP_MIB_INERRS);
1163 inet_twsk_put((struct inet_timewait_sock *) sk); 1163 inet_twsk_put(inet_twsk(sk));
1164 goto discard_it; 1164 goto discard_it;
1165 } 1165 }
1166 switch (tcp_timewait_state_process((struct inet_timewait_sock *)sk, 1166 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
1167 skb, th)) {
1168 case TCP_TW_SYN: { 1167 case TCP_TW_SYN: {
1169 struct sock *sk2 = inet_lookup_listener(&tcp_hashinfo, 1168 struct sock *sk2 = inet_lookup_listener(&tcp_hashinfo,
1170 skb->nh.iph->daddr, 1169 skb->nh.iph->daddr,
1171 th->dest, 1170 th->dest,
1172 inet_iif(skb)); 1171 inet_iif(skb));
1173 if (sk2) { 1172 if (sk2) {
1174 inet_twsk_deschedule((struct inet_timewait_sock *)sk, 1173 inet_twsk_deschedule(inet_twsk(sk), &tcp_death_row);
1175 &tcp_death_row); 1174 inet_twsk_put(inet_twsk(sk));
1176 inet_twsk_put((struct inet_timewait_sock *)sk);
1177 sk = sk2; 1175 sk = sk2;
1178 goto process; 1176 goto process;
1179 } 1177 }
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index 9a253faefc81..ca406157724c 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -273,10 +273,10 @@ static void tcp_build_and_update_options(__be32 *ptr, struct tcp_sock *tp,
273 __u32 tstamp) 273 __u32 tstamp)
274{ 274{
275 if (tp->rx_opt.tstamp_ok) { 275 if (tp->rx_opt.tstamp_ok) {
276 *ptr++ = __constant_htonl((TCPOPT_NOP << 24) | 276 *ptr++ = htonl((TCPOPT_NOP << 24) |
277 (TCPOPT_NOP << 16) | 277 (TCPOPT_NOP << 16) |
278 (TCPOPT_TIMESTAMP << 8) | 278 (TCPOPT_TIMESTAMP << 8) |
279 TCPOLEN_TIMESTAMP); 279 TCPOLEN_TIMESTAMP);
280 *ptr++ = htonl(tstamp); 280 *ptr++ = htonl(tstamp);
281 *ptr++ = htonl(tp->rx_opt.ts_recent); 281 *ptr++ = htonl(tp->rx_opt.ts_recent);
282 } 282 }
@@ -325,18 +325,27 @@ static void tcp_syn_build_options(__be32 *ptr, int mss, int ts, int sack,
325 *ptr++ = htonl((TCPOPT_MSS << 24) | (TCPOLEN_MSS << 16) | mss); 325 *ptr++ = htonl((TCPOPT_MSS << 24) | (TCPOLEN_MSS << 16) | mss);
326 if (ts) { 326 if (ts) {
327 if(sack) 327 if(sack)
328 *ptr++ = __constant_htonl((TCPOPT_SACK_PERM << 24) | (TCPOLEN_SACK_PERM << 16) | 328 *ptr++ = htonl((TCPOPT_SACK_PERM << 24) |
329 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP); 329 (TCPOLEN_SACK_PERM << 16) |
330 (TCPOPT_TIMESTAMP << 8) |
331 TCPOLEN_TIMESTAMP);
330 else 332 else
331 *ptr++ = __constant_htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) | 333 *ptr++ = htonl((TCPOPT_NOP << 24) |
332 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP); 334 (TCPOPT_NOP << 16) |
335 (TCPOPT_TIMESTAMP << 8) |
336 TCPOLEN_TIMESTAMP);
333 *ptr++ = htonl(tstamp); /* TSVAL */ 337 *ptr++ = htonl(tstamp); /* TSVAL */
334 *ptr++ = htonl(ts_recent); /* TSECR */ 338 *ptr++ = htonl(ts_recent); /* TSECR */
335 } else if(sack) 339 } else if(sack)
336 *ptr++ = __constant_htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) | 340 *ptr++ = htonl((TCPOPT_NOP << 24) |
337 (TCPOPT_SACK_PERM << 8) | TCPOLEN_SACK_PERM); 341 (TCPOPT_NOP << 16) |
342 (TCPOPT_SACK_PERM << 8) |
343 TCPOLEN_SACK_PERM);
338 if (offer_wscale) 344 if (offer_wscale)
339 *ptr++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_WINDOW << 16) | (TCPOLEN_WINDOW << 8) | (wscale)); 345 *ptr++ = htonl((TCPOPT_NOP << 24) |
346 (TCPOPT_WINDOW << 16) |
347 (TCPOLEN_WINDOW << 8) |
348 (wscale));
340} 349}
341 350
342/* This routine actually transmits TCP packets queued in by 351/* This routine actually transmits TCP packets queued in by
@@ -1087,10 +1096,14 @@ static int tcp_tso_should_defer(struct sock *sk, struct tcp_sock *tp, struct sk_
1087 u32 send_win, cong_win, limit, in_flight; 1096 u32 send_win, cong_win, limit, in_flight;
1088 1097
1089 if (TCP_SKB_CB(skb)->flags & TCPCB_FLAG_FIN) 1098 if (TCP_SKB_CB(skb)->flags & TCPCB_FLAG_FIN)
1090 return 0; 1099 goto send_now;
1091 1100
1092 if (icsk->icsk_ca_state != TCP_CA_Open) 1101 if (icsk->icsk_ca_state != TCP_CA_Open)
1093 return 0; 1102 goto send_now;
1103
1104 /* Defer for less than two clock ticks. */
1105 if (!tp->tso_deferred && ((jiffies<<1)>>1) - (tp->tso_deferred>>1) > 1)
1106 goto send_now;
1094 1107
1095 in_flight = tcp_packets_in_flight(tp); 1108 in_flight = tcp_packets_in_flight(tp);
1096 1109
@@ -1106,7 +1119,7 @@ static int tcp_tso_should_defer(struct sock *sk, struct tcp_sock *tp, struct sk_
1106 1119
1107 /* If a full-sized TSO skb can be sent, do it. */ 1120 /* If a full-sized TSO skb can be sent, do it. */
1108 if (limit >= 65536) 1121 if (limit >= 65536)
1109 return 0; 1122 goto send_now;
1110 1123
1111 if (sysctl_tcp_tso_win_divisor) { 1124 if (sysctl_tcp_tso_win_divisor) {
1112 u32 chunk = min(tp->snd_wnd, tp->snd_cwnd * tp->mss_cache); 1125 u32 chunk = min(tp->snd_wnd, tp->snd_cwnd * tp->mss_cache);
@@ -1116,7 +1129,7 @@ static int tcp_tso_should_defer(struct sock *sk, struct tcp_sock *tp, struct sk_
1116 */ 1129 */
1117 chunk /= sysctl_tcp_tso_win_divisor; 1130 chunk /= sysctl_tcp_tso_win_divisor;
1118 if (limit >= chunk) 1131 if (limit >= chunk)
1119 return 0; 1132 goto send_now;
1120 } else { 1133 } else {
1121 /* Different approach, try not to defer past a single 1134 /* Different approach, try not to defer past a single
1122 * ACK. Receiver should ACK every other full sized 1135 * ACK. Receiver should ACK every other full sized
@@ -1124,11 +1137,17 @@ static int tcp_tso_should_defer(struct sock *sk, struct tcp_sock *tp, struct sk_
1124 * then send now. 1137 * then send now.
1125 */ 1138 */
1126 if (limit > tcp_max_burst(tp) * tp->mss_cache) 1139 if (limit > tcp_max_burst(tp) * tp->mss_cache)
1127 return 0; 1140 goto send_now;
1128 } 1141 }
1129 1142
1130 /* Ok, it looks like it is advisable to defer. */ 1143 /* Ok, it looks like it is advisable to defer. */
1144 tp->tso_deferred = 1 | (jiffies<<1);
1145
1131 return 1; 1146 return 1;
1147
1148send_now:
1149 tp->tso_deferred = 0;
1150 return 0;
1132} 1151}
1133 1152
1134/* Create a new MTU probe if we are ready. 1153/* Create a new MTU probe if we are ready.
diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c
index 7a7a00147e55..1bed0cdf53e3 100644
--- a/net/ipv4/xfrm4_policy.c
+++ b/net/ipv4/xfrm4_policy.c
@@ -52,7 +52,7 @@ __xfrm4_find_bundle(struct flowi *fl, struct xfrm_policy *policy)
52 xdst->u.rt.fl.fl4_dst == fl->fl4_dst && 52 xdst->u.rt.fl.fl4_dst == fl->fl4_dst &&
53 xdst->u.rt.fl.fl4_src == fl->fl4_src && 53 xdst->u.rt.fl.fl4_src == fl->fl4_src &&
54 xdst->u.rt.fl.fl4_tos == fl->fl4_tos && 54 xdst->u.rt.fl.fl4_tos == fl->fl4_tos &&
55 xfrm_bundle_ok(xdst, fl, AF_INET, 0)) { 55 xfrm_bundle_ok(policy, xdst, fl, AF_INET, 0)) {
56 dst_clone(dst); 56 dst_clone(dst);
57 break; 57 break;
58 } 58 }
diff --git a/net/ipv6/Kconfig b/net/ipv6/Kconfig
index a460e8132b4d..6e48f52e197c 100644
--- a/net/ipv6/Kconfig
+++ b/net/ipv6/Kconfig
@@ -153,6 +153,19 @@ config INET6_XFRM_MODE_ROUTEOPTIMIZATION
153 ---help--- 153 ---help---
154 Support for MIPv6 route optimization mode. 154 Support for MIPv6 route optimization mode.
155 155
156config IPV6_SIT
157 tristate "IPv6: IPv6-in-IPv4 tunnel (SIT driver)"
158 depends on IPV6
159 default y
160 ---help---
161 Tunneling means encapsulating data of one protocol type within
162 another protocol and sending it over a channel that understands the
163 encapsulating protocol. This driver implements encapsulation of IPv6
164 into IPv4 packets. This is useful if you want to connect two IPv6
165 networks over an IPv4-only path.
166
167 Saying M here will produce a module called sit.ko. If unsure, say Y.
168
156config IPV6_TUNNEL 169config IPV6_TUNNEL
157 tristate "IPv6: IPv6-in-IPv6 tunnel" 170 tristate "IPv6: IPv6-in-IPv6 tunnel"
158 select INET6_TUNNEL 171 select INET6_TUNNEL
@@ -162,9 +175,16 @@ config IPV6_TUNNEL
162 175
163 If unsure, say N. 176 If unsure, say N.
164 177
178config IPV6_MULTIPLE_TABLES
179 bool "IPv6: Multiple Routing Tables"
180 depends on IPV6 && EXPERIMENTAL
181 select FIB_RULES
182 ---help---
183 Support multiple routing tables.
184
165config IPV6_SUBTREES 185config IPV6_SUBTREES
166 bool "IPv6: source address based routing" 186 bool "IPv6: source address based routing"
167 depends on IPV6 && EXPERIMENTAL 187 depends on IPV6_MULTIPLE_TABLES
168 ---help--- 188 ---help---
169 Enable routing by source address or prefix. 189 Enable routing by source address or prefix.
170 190
@@ -176,13 +196,6 @@ config IPV6_SUBTREES
176 196
177 If unsure, say N. 197 If unsure, say N.
178 198
179config IPV6_MULTIPLE_TABLES
180 bool "IPv6: Multiple Routing Tables"
181 depends on IPV6 && EXPERIMENTAL
182 select FIB_RULES
183 ---help---
184 Support multiple routing tables.
185
186config IPV6_ROUTE_FWMARK 199config IPV6_ROUTE_FWMARK
187 bool "IPv6: use netfilter MARK value as routing key" 200 bool "IPv6: use netfilter MARK value as routing key"
188 depends on IPV6_MULTIPLE_TABLES && NETFILTER 201 depends on IPV6_MULTIPLE_TABLES && NETFILTER
diff --git a/net/ipv6/Makefile b/net/ipv6/Makefile
index 87274e47fe32..addcc011bc01 100644
--- a/net/ipv6/Makefile
+++ b/net/ipv6/Makefile
@@ -4,7 +4,7 @@
4 4
5obj-$(CONFIG_IPV6) += ipv6.o 5obj-$(CONFIG_IPV6) += ipv6.o
6 6
7ipv6-objs := af_inet6.o anycast.o ip6_output.o ip6_input.o addrconf.o sit.o \ 7ipv6-objs := af_inet6.o anycast.o ip6_output.o ip6_input.o addrconf.o \
8 route.o ip6_fib.o ipv6_sockglue.o ndisc.o udp.o raw.o \ 8 route.o ip6_fib.o ipv6_sockglue.o ndisc.o udp.o raw.o \
9 protocol.o icmp.o mcast.o reassembly.o tcp_ipv6.o \ 9 protocol.o icmp.o mcast.o reassembly.o tcp_ipv6.o \
10 exthdrs.o sysctl_net_ipv6.o datagram.o proc.o \ 10 exthdrs.o sysctl_net_ipv6.o datagram.o proc.o \
@@ -29,6 +29,7 @@ obj-$(CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION) += xfrm6_mode_ro.o
29obj-$(CONFIG_INET6_XFRM_MODE_BEET) += xfrm6_mode_beet.o 29obj-$(CONFIG_INET6_XFRM_MODE_BEET) += xfrm6_mode_beet.o
30obj-$(CONFIG_NETFILTER) += netfilter/ 30obj-$(CONFIG_NETFILTER) += netfilter/
31 31
32obj-$(CONFIG_IPV6_SIT) += sit.o
32obj-$(CONFIG_IPV6_TUNNEL) += ip6_tunnel.o 33obj-$(CONFIG_IPV6_TUNNEL) += ip6_tunnel.o
33 34
34obj-y += exthdrs_core.o 35obj-y += exthdrs_core.o
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index e03c33b2465b..b312a5f7a759 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -396,8 +396,10 @@ static struct inet6_dev * ipv6_add_dev(struct net_device *dev)
396 ndev->regen_timer.data = (unsigned long) ndev; 396 ndev->regen_timer.data = (unsigned long) ndev;
397 if ((dev->flags&IFF_LOOPBACK) || 397 if ((dev->flags&IFF_LOOPBACK) ||
398 dev->type == ARPHRD_TUNNEL || 398 dev->type == ARPHRD_TUNNEL ||
399 dev->type == ARPHRD_NONE || 399#if defined(CONFIG_IPV6_SIT) || defined(CONFIG_IPV6_SIT_MODULE)
400 dev->type == ARPHRD_SIT) { 400 dev->type == ARPHRD_SIT ||
401#endif
402 dev->type == ARPHRD_NONE) {
401 printk(KERN_INFO 403 printk(KERN_INFO
402 "%s: Disabled Privacy Extensions\n", 404 "%s: Disabled Privacy Extensions\n",
403 dev->name); 405 dev->name);
@@ -1546,8 +1548,10 @@ addrconf_prefix_route(struct in6_addr *pfx, int plen, struct net_device *dev,
1546 This thing is done here expecting that the whole 1548 This thing is done here expecting that the whole
1547 class of non-broadcast devices need not cloning. 1549 class of non-broadcast devices need not cloning.
1548 */ 1550 */
1551#if defined(CONFIG_IPV6_SIT) || defined(CONFIG_IPV6_SIT_MODULE)
1549 if (dev->type == ARPHRD_SIT && (dev->flags & IFF_POINTOPOINT)) 1552 if (dev->type == ARPHRD_SIT && (dev->flags & IFF_POINTOPOINT))
1550 cfg.fc_flags |= RTF_NONEXTHOP; 1553 cfg.fc_flags |= RTF_NONEXTHOP;
1554#endif
1551 1555
1552 ip6_route_add(&cfg); 1556 ip6_route_add(&cfg);
1553} 1557}
@@ -1569,6 +1573,7 @@ static void addrconf_add_mroute(struct net_device *dev)
1569 ip6_route_add(&cfg); 1573 ip6_route_add(&cfg);
1570} 1574}
1571 1575
1576#if defined(CONFIG_IPV6_SIT) || defined(CONFIG_IPV6_SIT_MODULE)
1572static void sit_route_add(struct net_device *dev) 1577static void sit_route_add(struct net_device *dev)
1573{ 1578{
1574 struct fib6_config cfg = { 1579 struct fib6_config cfg = {
@@ -1582,6 +1587,7 @@ static void sit_route_add(struct net_device *dev)
1582 /* prefix length - 96 bits "::d.d.d.d" */ 1587 /* prefix length - 96 bits "::d.d.d.d" */
1583 ip6_route_add(&cfg); 1588 ip6_route_add(&cfg);
1584} 1589}
1590#endif
1585 1591
1586static void addrconf_add_lroute(struct net_device *dev) 1592static void addrconf_add_lroute(struct net_device *dev)
1587{ 1593{
@@ -1852,6 +1858,7 @@ int addrconf_set_dstaddr(void __user *arg)
1852 if (dev == NULL) 1858 if (dev == NULL)
1853 goto err_exit; 1859 goto err_exit;
1854 1860
1861#if defined(CONFIG_IPV6_SIT) || defined(CONFIG_IPV6_SIT_MODULE)
1855 if (dev->type == ARPHRD_SIT) { 1862 if (dev->type == ARPHRD_SIT) {
1856 struct ifreq ifr; 1863 struct ifreq ifr;
1857 mm_segment_t oldfs; 1864 mm_segment_t oldfs;
@@ -1881,6 +1888,7 @@ int addrconf_set_dstaddr(void __user *arg)
1881 err = dev_open(dev); 1888 err = dev_open(dev);
1882 } 1889 }
1883 } 1890 }
1891#endif
1884 1892
1885err_exit: 1893err_exit:
1886 rtnl_unlock(); 1894 rtnl_unlock();
@@ -2010,6 +2018,7 @@ int addrconf_del_ifaddr(void __user *arg)
2010 return err; 2018 return err;
2011} 2019}
2012 2020
2021#if defined(CONFIG_IPV6_SIT) || defined(CONFIG_IPV6_SIT_MODULE)
2013static void sit_add_v4_addrs(struct inet6_dev *idev) 2022static void sit_add_v4_addrs(struct inet6_dev *idev)
2014{ 2023{
2015 struct inet6_ifaddr * ifp; 2024 struct inet6_ifaddr * ifp;
@@ -2078,6 +2087,7 @@ static void sit_add_v4_addrs(struct inet6_dev *idev)
2078 } 2087 }
2079 } 2088 }
2080} 2089}
2090#endif
2081 2091
2082static void init_loopback(struct net_device *dev) 2092static void init_loopback(struct net_device *dev)
2083{ 2093{
@@ -2141,6 +2151,7 @@ static void addrconf_dev_config(struct net_device *dev)
2141 addrconf_add_linklocal(idev, &addr); 2151 addrconf_add_linklocal(idev, &addr);
2142} 2152}
2143 2153
2154#if defined(CONFIG_IPV6_SIT) || defined(CONFIG_IPV6_SIT_MODULE)
2144static void addrconf_sit_config(struct net_device *dev) 2155static void addrconf_sit_config(struct net_device *dev)
2145{ 2156{
2146 struct inet6_dev *idev; 2157 struct inet6_dev *idev;
@@ -2166,6 +2177,7 @@ static void addrconf_sit_config(struct net_device *dev)
2166 } else 2177 } else
2167 sit_route_add(dev); 2178 sit_route_add(dev);
2168} 2179}
2180#endif
2169 2181
2170static inline int 2182static inline int
2171ipv6_inherit_linklocal(struct inet6_dev *idev, struct net_device *link_dev) 2183ipv6_inherit_linklocal(struct inet6_dev *idev, struct net_device *link_dev)
@@ -2260,9 +2272,11 @@ static int addrconf_notify(struct notifier_block *this, unsigned long event,
2260 } 2272 }
2261 2273
2262 switch(dev->type) { 2274 switch(dev->type) {
2275#if defined(CONFIG_IPV6_SIT) || defined(CONFIG_IPV6_SIT_MODULE)
2263 case ARPHRD_SIT: 2276 case ARPHRD_SIT:
2264 addrconf_sit_config(dev); 2277 addrconf_sit_config(dev);
2265 break; 2278 break;
2279#endif
2266 case ARPHRD_TUNNEL6: 2280 case ARPHRD_TUNNEL6:
2267 addrconf_ip6_tnl_config(dev); 2281 addrconf_ip6_tnl_config(dev);
2268 break; 2282 break;
diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
index e94eccb99707..858cae29581c 100644
--- a/net/ipv6/af_inet6.c
+++ b/net/ipv6/af_inet6.c
@@ -850,7 +850,6 @@ static int __init inet6_init(void)
850 err = addrconf_init(); 850 err = addrconf_init();
851 if (err) 851 if (err)
852 goto addrconf_fail; 852 goto addrconf_fail;
853 sit_init();
854 853
855 /* Init v6 extension headers. */ 854 /* Init v6 extension headers. */
856 ipv6_rthdr_init(); 855 ipv6_rthdr_init();
@@ -927,7 +926,6 @@ static void __exit inet6_exit(void)
927 mip6_fini(); 926 mip6_fini();
928#endif 927#endif
929 /* Cleanup code parts. */ 928 /* Cleanup code parts. */
930 sit_cleanup();
931 ip6_flowlabel_cleanup(); 929 ip6_flowlabel_cleanup();
932 addrconf_cleanup(); 930 addrconf_cleanup();
933 ip6_route_cleanup(); 931 ip6_route_cleanup();
diff --git a/net/ipv6/fib6_rules.c b/net/ipv6/fib6_rules.c
index d8c1057e8b00..1896ecb52899 100644
--- a/net/ipv6/fib6_rules.c
+++ b/net/ipv6/fib6_rules.c
@@ -117,12 +117,15 @@ static int fib6_rule_match(struct fib_rule *rule, struct flowi *fl, int flags)
117{ 117{
118 struct fib6_rule *r = (struct fib6_rule *) rule; 118 struct fib6_rule *r = (struct fib6_rule *) rule;
119 119
120 if (!ipv6_prefix_equal(&fl->fl6_dst, &r->dst.addr, r->dst.plen)) 120 if (r->dst.plen &&
121 !ipv6_prefix_equal(&fl->fl6_dst, &r->dst.addr, r->dst.plen))
121 return 0; 122 return 0;
122 123
123 if ((flags & RT6_LOOKUP_F_HAS_SADDR) && 124 if (r->src.plen) {
124 !ipv6_prefix_equal(&fl->fl6_src, &r->src.addr, r->src.plen)) 125 if (!(flags & RT6_LOOKUP_F_HAS_SADDR) ||
125 return 0; 126 !ipv6_prefix_equal(&fl->fl6_src, &r->src.addr, r->src.plen))
127 return 0;
128 }
126 129
127 if (r->tclass && r->tclass != ((ntohl(fl->fl6_flowlabel) >> 20) & 0xff)) 130 if (r->tclass && r->tclass != ((ntohl(fl->fl6_flowlabel) >> 20) & 0xff))
128 return 0; 131 return 0;
diff --git a/net/ipv6/ip6_fib.c b/net/ipv6/ip6_fib.c
index 8fcae7a6510b..f98ca30d7c1f 100644
--- a/net/ipv6/ip6_fib.c
+++ b/net/ipv6/ip6_fib.c
@@ -169,7 +169,6 @@ static __inline__ void rt6_release(struct rt6_info *rt)
169 169
170static struct fib6_table fib6_main_tbl = { 170static struct fib6_table fib6_main_tbl = {
171 .tb6_id = RT6_TABLE_MAIN, 171 .tb6_id = RT6_TABLE_MAIN,
172 .tb6_lock = RW_LOCK_UNLOCKED,
173 .tb6_root = { 172 .tb6_root = {
174 .leaf = &ip6_null_entry, 173 .leaf = &ip6_null_entry,
175 .fn_flags = RTN_ROOT | RTN_TL_ROOT | RTN_RTINFO, 174 .fn_flags = RTN_ROOT | RTN_TL_ROOT | RTN_RTINFO,
@@ -187,6 +186,12 @@ static void fib6_link_table(struct fib6_table *tb)
187{ 186{
188 unsigned int h; 187 unsigned int h;
189 188
189 /*
190 * Initialize table lock at a single place to give lockdep a key,
191 * tables aren't visible prior to being linked to the list.
192 */
193 rwlock_init(&tb->tb6_lock);
194
190 h = tb->tb6_id & (FIB_TABLE_HASHSZ - 1); 195 h = tb->tb6_id & (FIB_TABLE_HASHSZ - 1);
191 196
192 /* 197 /*
@@ -199,7 +204,6 @@ static void fib6_link_table(struct fib6_table *tb)
199#ifdef CONFIG_IPV6_MULTIPLE_TABLES 204#ifdef CONFIG_IPV6_MULTIPLE_TABLES
200static struct fib6_table fib6_local_tbl = { 205static struct fib6_table fib6_local_tbl = {
201 .tb6_id = RT6_TABLE_LOCAL, 206 .tb6_id = RT6_TABLE_LOCAL,
202 .tb6_lock = RW_LOCK_UNLOCKED,
203 .tb6_root = { 207 .tb6_root = {
204 .leaf = &ip6_null_entry, 208 .leaf = &ip6_null_entry,
205 .fn_flags = RTN_ROOT | RTN_TL_ROOT | RTN_RTINFO, 209 .fn_flags = RTN_ROOT | RTN_TL_ROOT | RTN_RTINFO,
@@ -213,7 +217,6 @@ static struct fib6_table *fib6_alloc_table(u32 id)
213 table = kzalloc(sizeof(*table), GFP_ATOMIC); 217 table = kzalloc(sizeof(*table), GFP_ATOMIC);
214 if (table != NULL) { 218 if (table != NULL) {
215 table->tb6_id = id; 219 table->tb6_id = id;
216 table->tb6_lock = RW_LOCK_UNLOCKED;
217 table->tb6_root.leaf = &ip6_null_entry; 220 table->tb6_root.leaf = &ip6_null_entry;
218 table->tb6_root.fn_flags = RTN_ROOT | RTN_TL_ROOT | RTN_RTINFO; 221 table->tb6_root.fn_flags = RTN_ROOT | RTN_TL_ROOT | RTN_RTINFO;
219 } 222 }
diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
index 0304b5fe8d6a..41a8a5f06602 100644
--- a/net/ipv6/ndisc.c
+++ b/net/ipv6/ndisc.c
@@ -967,8 +967,6 @@ static void ndisc_recv_na(struct sk_buff *skb)
967 ipv6_devconf.forwarding && ipv6_devconf.proxy_ndp && 967 ipv6_devconf.forwarding && ipv6_devconf.proxy_ndp &&
968 pneigh_lookup(&nd_tbl, &msg->target, dev, 0)) { 968 pneigh_lookup(&nd_tbl, &msg->target, dev, 0)) {
969 /* XXX: idev->cnf.prixy_ndp */ 969 /* XXX: idev->cnf.prixy_ndp */
970 WARN_ON(skb->dst != NULL &&
971 ((struct rt6_info *)skb->dst)->rt6i_idev);
972 goto out; 970 goto out;
973 } 971 }
974 972
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index d6b4b4f48d18..c953466b7afd 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -141,6 +141,10 @@ struct rt6_info ip6_null_entry = {
141 141
142#ifdef CONFIG_IPV6_MULTIPLE_TABLES 142#ifdef CONFIG_IPV6_MULTIPLE_TABLES
143 143
144static int ip6_pkt_prohibit(struct sk_buff *skb);
145static int ip6_pkt_prohibit_out(struct sk_buff *skb);
146static int ip6_pkt_blk_hole(struct sk_buff *skb);
147
144struct rt6_info ip6_prohibit_entry = { 148struct rt6_info ip6_prohibit_entry = {
145 .u = { 149 .u = {
146 .dst = { 150 .dst = {
@@ -150,8 +154,8 @@ struct rt6_info ip6_prohibit_entry = {
150 .obsolete = -1, 154 .obsolete = -1,
151 .error = -EACCES, 155 .error = -EACCES,
152 .metrics = { [RTAX_HOPLIMIT - 1] = 255, }, 156 .metrics = { [RTAX_HOPLIMIT - 1] = 255, },
153 .input = ip6_pkt_discard, 157 .input = ip6_pkt_prohibit,
154 .output = ip6_pkt_discard_out, 158 .output = ip6_pkt_prohibit_out,
155 .ops = &ip6_dst_ops, 159 .ops = &ip6_dst_ops,
156 .path = (struct dst_entry*)&ip6_prohibit_entry, 160 .path = (struct dst_entry*)&ip6_prohibit_entry,
157 } 161 }
@@ -170,8 +174,8 @@ struct rt6_info ip6_blk_hole_entry = {
170 .obsolete = -1, 174 .obsolete = -1,
171 .error = -EINVAL, 175 .error = -EINVAL,
172 .metrics = { [RTAX_HOPLIMIT - 1] = 255, }, 176 .metrics = { [RTAX_HOPLIMIT - 1] = 255, },
173 .input = ip6_pkt_discard, 177 .input = ip6_pkt_blk_hole,
174 .output = ip6_pkt_discard_out, 178 .output = ip6_pkt_blk_hole,
175 .ops = &ip6_dst_ops, 179 .ops = &ip6_dst_ops,
176 .path = (struct dst_entry*)&ip6_blk_hole_entry, 180 .path = (struct dst_entry*)&ip6_blk_hole_entry,
177 } 181 }
@@ -484,7 +488,7 @@ int rt6_route_rcv(struct net_device *dev, u8 *opt, int len,
484do { \ 488do { \
485 if (rt == &ip6_null_entry) { \ 489 if (rt == &ip6_null_entry) { \
486 struct fib6_node *pn; \ 490 struct fib6_node *pn; \
487 while (fn) { \ 491 while (1) { \
488 if (fn->fn_flags & RTN_TL_ROOT) \ 492 if (fn->fn_flags & RTN_TL_ROOT) \
489 goto out; \ 493 goto out; \
490 pn = fn->parent; \ 494 pn = fn->parent; \
@@ -529,13 +533,17 @@ struct rt6_info *rt6_lookup(struct in6_addr *daddr, struct in6_addr *saddr,
529 .nl_u = { 533 .nl_u = {
530 .ip6_u = { 534 .ip6_u = {
531 .daddr = *daddr, 535 .daddr = *daddr,
532 /* TODO: saddr */
533 }, 536 },
534 }, 537 },
535 }; 538 };
536 struct dst_entry *dst; 539 struct dst_entry *dst;
537 int flags = strict ? RT6_LOOKUP_F_IFACE : 0; 540 int flags = strict ? RT6_LOOKUP_F_IFACE : 0;
538 541
542 if (saddr) {
543 memcpy(&fl.fl6_src, saddr, sizeof(*saddr));
544 flags |= RT6_LOOKUP_F_HAS_SADDR;
545 }
546
539 dst = fib6_rule_lookup(&fl, flags, ip6_pol_route_lookup); 547 dst = fib6_rule_lookup(&fl, flags, ip6_pol_route_lookup);
540 if (dst->error == 0) 548 if (dst->error == 0)
541 return (struct rt6_info *) dst; 549 return (struct rt6_info *) dst;
@@ -614,8 +622,6 @@ static struct rt6_info *rt6_alloc_clone(struct rt6_info *ort, struct in6_addr *d
614 ipv6_addr_copy(&rt->rt6i_dst.addr, daddr); 622 ipv6_addr_copy(&rt->rt6i_dst.addr, daddr);
615 rt->rt6i_dst.plen = 128; 623 rt->rt6i_dst.plen = 128;
616 rt->rt6i_flags |= RTF_CACHE; 624 rt->rt6i_flags |= RTF_CACHE;
617 if (rt->rt6i_flags & RTF_REJECT)
618 rt->u.dst.error = ort->u.dst.error;
619 rt->u.dst.flags |= DST_HOST; 625 rt->u.dst.flags |= DST_HOST;
620 rt->rt6i_nexthop = neigh_clone(ort->rt6i_nexthop); 626 rt->rt6i_nexthop = neigh_clone(ort->rt6i_nexthop);
621 } 627 }
@@ -697,6 +703,7 @@ out2:
697void ip6_route_input(struct sk_buff *skb) 703void ip6_route_input(struct sk_buff *skb)
698{ 704{
699 struct ipv6hdr *iph = skb->nh.ipv6h; 705 struct ipv6hdr *iph = skb->nh.ipv6h;
706 int flags = RT6_LOOKUP_F_HAS_SADDR;
700 struct flowi fl = { 707 struct flowi fl = {
701 .iif = skb->dev->ifindex, 708 .iif = skb->dev->ifindex,
702 .nl_u = { 709 .nl_u = {
@@ -711,7 +718,9 @@ void ip6_route_input(struct sk_buff *skb)
711 }, 718 },
712 .proto = iph->nexthdr, 719 .proto = iph->nexthdr,
713 }; 720 };
714 int flags = rt6_need_strict(&iph->daddr) ? RT6_LOOKUP_F_IFACE : 0; 721
722 if (rt6_need_strict(&iph->daddr))
723 flags |= RT6_LOOKUP_F_IFACE;
715 724
716 skb->dst = fib6_rule_lookup(&fl, flags, ip6_pol_route_input); 725 skb->dst = fib6_rule_lookup(&fl, flags, ip6_pol_route_input);
717} 726}
@@ -794,6 +803,9 @@ struct dst_entry * ip6_route_output(struct sock *sk, struct flowi *fl)
794 if (rt6_need_strict(&fl->fl6_dst)) 803 if (rt6_need_strict(&fl->fl6_dst))
795 flags |= RT6_LOOKUP_F_IFACE; 804 flags |= RT6_LOOKUP_F_IFACE;
796 805
806 if (!ipv6_addr_any(&fl->fl6_src))
807 flags |= RT6_LOOKUP_F_HAS_SADDR;
808
797 return fib6_rule_lookup(fl, flags, ip6_pol_route_output); 809 return fib6_rule_lookup(fl, flags, ip6_pol_route_output);
798} 810}
799 811
@@ -1345,6 +1357,7 @@ static struct rt6_info *ip6_route_redirect(struct in6_addr *dest,
1345 struct in6_addr *gateway, 1357 struct in6_addr *gateway,
1346 struct net_device *dev) 1358 struct net_device *dev)
1347{ 1359{
1360 int flags = RT6_LOOKUP_F_HAS_SADDR;
1348 struct ip6rd_flowi rdfl = { 1361 struct ip6rd_flowi rdfl = {
1349 .fl = { 1362 .fl = {
1350 .oif = dev->ifindex, 1363 .oif = dev->ifindex,
@@ -1357,7 +1370,9 @@ static struct rt6_info *ip6_route_redirect(struct in6_addr *dest,
1357 }, 1370 },
1358 .gateway = *gateway, 1371 .gateway = *gateway,
1359 }; 1372 };
1360 int flags = rt6_need_strict(dest) ? RT6_LOOKUP_F_IFACE : 0; 1373
1374 if (rt6_need_strict(dest))
1375 flags |= RT6_LOOKUP_F_IFACE;
1361 1376
1362 return (struct rt6_info *)fib6_rule_lookup((struct flowi *)&rdfl, flags, __ip6_route_redirect); 1377 return (struct rt6_info *)fib6_rule_lookup((struct flowi *)&rdfl, flags, __ip6_route_redirect);
1363} 1378}
@@ -1527,6 +1542,7 @@ static struct rt6_info * ip6_rt_copy(struct rt6_info *ort)
1527 rt->u.dst.output = ort->u.dst.output; 1542 rt->u.dst.output = ort->u.dst.output;
1528 1543
1529 memcpy(rt->u.dst.metrics, ort->u.dst.metrics, RTAX_MAX*sizeof(u32)); 1544 memcpy(rt->u.dst.metrics, ort->u.dst.metrics, RTAX_MAX*sizeof(u32));
1545 rt->u.dst.error = ort->u.dst.error;
1530 rt->u.dst.dev = ort->u.dst.dev; 1546 rt->u.dst.dev = ort->u.dst.dev;
1531 if (rt->u.dst.dev) 1547 if (rt->u.dst.dev)
1532 dev_hold(rt->u.dst.dev); 1548 dev_hold(rt->u.dst.dev);
@@ -1730,24 +1746,50 @@ int ipv6_route_ioctl(unsigned int cmd, void __user *arg)
1730 * Drop the packet on the floor 1746 * Drop the packet on the floor
1731 */ 1747 */
1732 1748
1733static int ip6_pkt_discard(struct sk_buff *skb) 1749static inline int ip6_pkt_drop(struct sk_buff *skb, int code)
1734{ 1750{
1735 int type = ipv6_addr_type(&skb->nh.ipv6h->daddr); 1751 int type = ipv6_addr_type(&skb->nh.ipv6h->daddr);
1736 if (type == IPV6_ADDR_ANY || type == IPV6_ADDR_RESERVED) 1752 if (type == IPV6_ADDR_ANY || type == IPV6_ADDR_RESERVED)
1737 IP6_INC_STATS(IPSTATS_MIB_INADDRERRORS); 1753 IP6_INC_STATS(IPSTATS_MIB_INADDRERRORS);
1738 1754
1739 IP6_INC_STATS(IPSTATS_MIB_OUTNOROUTES); 1755 IP6_INC_STATS(IPSTATS_MIB_OUTNOROUTES);
1740 icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_NOROUTE, 0, skb->dev); 1756 icmpv6_send(skb, ICMPV6_DEST_UNREACH, code, 0, skb->dev);
1741 kfree_skb(skb); 1757 kfree_skb(skb);
1742 return 0; 1758 return 0;
1743} 1759}
1744 1760
1761static int ip6_pkt_discard(struct sk_buff *skb)
1762{
1763 return ip6_pkt_drop(skb, ICMPV6_NOROUTE);
1764}
1765
1745static int ip6_pkt_discard_out(struct sk_buff *skb) 1766static int ip6_pkt_discard_out(struct sk_buff *skb)
1746{ 1767{
1747 skb->dev = skb->dst->dev; 1768 skb->dev = skb->dst->dev;
1748 return ip6_pkt_discard(skb); 1769 return ip6_pkt_discard(skb);
1749} 1770}
1750 1771
1772#ifdef CONFIG_IPV6_MULTIPLE_TABLES
1773
1774static int ip6_pkt_prohibit(struct sk_buff *skb)
1775{
1776 return ip6_pkt_drop(skb, ICMPV6_ADM_PROHIBITED);
1777}
1778
1779static int ip6_pkt_prohibit_out(struct sk_buff *skb)
1780{
1781 skb->dev = skb->dst->dev;
1782 return ip6_pkt_prohibit(skb);
1783}
1784
1785static int ip6_pkt_blk_hole(struct sk_buff *skb)
1786{
1787 kfree_skb(skb);
1788 return 0;
1789}
1790
1791#endif
1792
1751/* 1793/*
1752 * Allocate a dst for local (unicast / anycast) address. 1794 * Allocate a dst for local (unicast / anycast) address.
1753 */ 1795 */
diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c
index 836eecd7e62b..b481a4d780c2 100644
--- a/net/ipv6/sit.c
+++ b/net/ipv6/sit.c
@@ -850,3 +850,7 @@ int __init sit_init(void)
850 inet_del_protocol(&sit_protocol, IPPROTO_IPV6); 850 inet_del_protocol(&sit_protocol, IPPROTO_IPV6);
851 goto out; 851 goto out;
852} 852}
853
854module_init(sit_init);
855module_exit(sit_cleanup);
856MODULE_LICENSE("GPL");
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index 3b6575478fcc..4c2a7c0cafef 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -329,7 +329,7 @@ static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
329 } 329 }
330 330
331 if (sk->sk_state == TCP_TIME_WAIT) { 331 if (sk->sk_state == TCP_TIME_WAIT) {
332 inet_twsk_put((struct inet_timewait_sock *)sk); 332 inet_twsk_put(inet_twsk(sk));
333 return; 333 return;
334 } 334 }
335 335
@@ -653,7 +653,7 @@ static void tcp_v6_send_ack(struct sk_buff *skb, u32 seq, u32 ack, u32 win, u32
653 int tot_len = sizeof(struct tcphdr); 653 int tot_len = sizeof(struct tcphdr);
654 654
655 if (ts) 655 if (ts)
656 tot_len += 3*4; 656 tot_len += TCPOLEN_TSTAMP_ALIGNED;
657 657
658 buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len, 658 buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
659 GFP_ATOMIC); 659 GFP_ATOMIC);
@@ -749,7 +749,7 @@ static struct sock *tcp_v6_hnd_req(struct sock *sk,struct sk_buff *skb)
749 bh_lock_sock(nsk); 749 bh_lock_sock(nsk);
750 return nsk; 750 return nsk;
751 } 751 }
752 inet_twsk_put((struct inet_timewait_sock *)nsk); 752 inet_twsk_put(inet_twsk(nsk));
753 return NULL; 753 return NULL;
754 } 754 }
755 755
@@ -1283,18 +1283,17 @@ discard_and_relse:
1283 1283
1284do_time_wait: 1284do_time_wait:
1285 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) { 1285 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1286 inet_twsk_put((struct inet_timewait_sock *)sk); 1286 inet_twsk_put(inet_twsk(sk));
1287 goto discard_it; 1287 goto discard_it;
1288 } 1288 }
1289 1289
1290 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) { 1290 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1291 TCP_INC_STATS_BH(TCP_MIB_INERRS); 1291 TCP_INC_STATS_BH(TCP_MIB_INERRS);
1292 inet_twsk_put((struct inet_timewait_sock *)sk); 1292 inet_twsk_put(inet_twsk(sk));
1293 goto discard_it; 1293 goto discard_it;
1294 } 1294 }
1295 1295
1296 switch (tcp_timewait_state_process((struct inet_timewait_sock *)sk, 1296 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
1297 skb, th)) {
1298 case TCP_TW_SYN: 1297 case TCP_TW_SYN:
1299 { 1298 {
1300 struct sock *sk2; 1299 struct sock *sk2;
diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c
index 6a252e2134d1..d400f8fae129 100644
--- a/net/ipv6/xfrm6_policy.c
+++ b/net/ipv6/xfrm6_policy.c
@@ -25,12 +25,14 @@
25static struct dst_ops xfrm6_dst_ops; 25static struct dst_ops xfrm6_dst_ops;
26static struct xfrm_policy_afinfo xfrm6_policy_afinfo; 26static struct xfrm_policy_afinfo xfrm6_policy_afinfo;
27 27
28static int xfrm6_dst_lookup(struct xfrm_dst **dst, struct flowi *fl) 28static int xfrm6_dst_lookup(struct xfrm_dst **xdst, struct flowi *fl)
29{ 29{
30 int err = 0; 30 struct dst_entry *dst = ip6_route_output(NULL, fl);
31 *dst = (struct xfrm_dst*)ip6_route_output(NULL, fl); 31 int err = dst->error;
32 if (!*dst) 32 if (!err)
33 err = -ENETUNREACH; 33 *xdst = (struct xfrm_dst *) dst;
34 else
35 dst_release(dst);
34 return err; 36 return err;
35} 37}
36 38
@@ -73,7 +75,7 @@ __xfrm6_find_bundle(struct flowi *fl, struct xfrm_policy *policy)
73 xdst->u.rt6.rt6i_src.plen); 75 xdst->u.rt6.rt6i_src.plen);
74 if (ipv6_addr_equal(&xdst->u.rt6.rt6i_dst.addr, &fl_dst_prefix) && 76 if (ipv6_addr_equal(&xdst->u.rt6.rt6i_dst.addr, &fl_dst_prefix) &&
75 ipv6_addr_equal(&xdst->u.rt6.rt6i_src.addr, &fl_src_prefix) && 77 ipv6_addr_equal(&xdst->u.rt6.rt6i_src.addr, &fl_src_prefix) &&
76 xfrm_bundle_ok(xdst, fl, AF_INET6, 78 xfrm_bundle_ok(policy, xdst, fl, AF_INET6,
77 (xdst->u.rt6.rt6i_dst.plen != 128 || 79 (xdst->u.rt6.rt6i_dst.plen != 128 ||
78 xdst->u.rt6.rt6i_src.plen != 128))) { 80 xdst->u.rt6.rt6i_src.plen != 128))) {
79 dst_clone(dst); 81 dst_clone(dst);
diff --git a/net/irda/irias_object.c b/net/irda/irias_object.c
index a154b1d71c0f..56292ab7d652 100644
--- a/net/irda/irias_object.c
+++ b/net/irda/irias_object.c
@@ -43,7 +43,7 @@ struct ias_value irias_missing = { IAS_MISSING, 0, 0, 0, {0}};
43 * 43 *
44 * Faster, check boundary... Jean II 44 * Faster, check boundary... Jean II
45 */ 45 */
46static char *strndup(char *str, int max) 46static char *strndup(char *str, size_t max)
47{ 47{
48 char *new_str; 48 char *new_str;
49 int len; 49 int len;
diff --git a/net/key/af_key.c b/net/key/af_key.c
index ff98e70b0931..20ff7cca1d07 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -2928,11 +2928,6 @@ static struct xfrm_policy *pfkey_compile_policy(struct sock *sk, int opt,
2928 if (*dir) 2928 if (*dir)
2929 goto out; 2929 goto out;
2930 } 2930 }
2931 else {
2932 *dir = security_xfrm_sock_policy_alloc(xp, sk);
2933 if (*dir)
2934 goto out;
2935 }
2936 2931
2937 *dir = pol->sadb_x_policy_dir-1; 2932 *dir = pol->sadb_x_policy_dir-1;
2938 return xp; 2933 return xp;
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index ce94732b8e23..f619c6527266 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -209,7 +209,9 @@ config NETFILTER_XT_TARGET_SECMARK
209 209
210config NETFILTER_XT_TARGET_CONNSECMARK 210config NETFILTER_XT_TARGET_CONNSECMARK
211 tristate '"CONNSECMARK" target support' 211 tristate '"CONNSECMARK" target support'
212 depends on NETFILTER_XTABLES && (NF_CONNTRACK_SECMARK || IP_NF_CONNTRACK_SECMARK) 212 depends on NETFILTER_XTABLES && \
213 ((NF_CONNTRACK && NF_CONNTRACK_SECMARK) || \
214 (IP_NF_CONNTRACK && IP_NF_CONNTRACK_SECMARK))
213 help 215 help
214 The CONNSECMARK target copies security markings from packets 216 The CONNSECMARK target copies security markings from packets
215 to connections, and restores security markings from connections 217 to connections, and restores security markings from connections
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 1721f7c78c77..bd0156a28ecd 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -47,13 +47,6 @@ MODULE_LICENSE("GPL");
47 47
48static char __initdata version[] = "0.93"; 48static char __initdata version[] = "0.93";
49 49
50#if 0
51#define DEBUGP printk
52#else
53#define DEBUGP(format, args...)
54#endif
55
56
57static inline int 50static inline int
58ctnetlink_dump_tuples_proto(struct sk_buff *skb, 51ctnetlink_dump_tuples_proto(struct sk_buff *skb,
59 const struct nf_conntrack_tuple *tuple, 52 const struct nf_conntrack_tuple *tuple,
@@ -410,7 +403,6 @@ static int ctnetlink_done(struct netlink_callback *cb)
410{ 403{
411 if (cb->args[1]) 404 if (cb->args[1])
412 nf_ct_put((struct nf_conn *)cb->args[1]); 405 nf_ct_put((struct nf_conn *)cb->args[1]);
413 DEBUGP("entered %s\n", __FUNCTION__);
414 return 0; 406 return 0;
415} 407}
416 408
@@ -425,9 +417,6 @@ ctnetlink_dump_table(struct sk_buff *skb, struct netlink_callback *cb)
425 struct nfgenmsg *nfmsg = NLMSG_DATA(cb->nlh); 417 struct nfgenmsg *nfmsg = NLMSG_DATA(cb->nlh);
426 u_int8_t l3proto = nfmsg->nfgen_family; 418 u_int8_t l3proto = nfmsg->nfgen_family;
427 419
428 DEBUGP("entered %s, last bucket=%lu id=%u\n", __FUNCTION__,
429 cb->args[0], *id);
430
431 read_lock_bh(&nf_conntrack_lock); 420 read_lock_bh(&nf_conntrack_lock);
432 last = (struct nf_conn *)cb->args[1]; 421 last = (struct nf_conn *)cb->args[1];
433 for (; cb->args[0] < nf_conntrack_htable_size; cb->args[0]++) { 422 for (; cb->args[0] < nf_conntrack_htable_size; cb->args[0]++) {
@@ -471,7 +460,6 @@ out:
471 if (last) 460 if (last)
472 nf_ct_put(last); 461 nf_ct_put(last);
473 462
474 DEBUGP("leaving, last bucket=%lu id=%u\n", cb->args[0], *id);
475 return skb->len; 463 return skb->len;
476} 464}
477 465
@@ -482,8 +470,6 @@ ctnetlink_parse_tuple_ip(struct nfattr *attr, struct nf_conntrack_tuple *tuple)
482 struct nf_conntrack_l3proto *l3proto; 470 struct nf_conntrack_l3proto *l3proto;
483 int ret = 0; 471 int ret = 0;
484 472
485 DEBUGP("entered %s\n", __FUNCTION__);
486
487 nfattr_parse_nested(tb, CTA_IP_MAX, attr); 473 nfattr_parse_nested(tb, CTA_IP_MAX, attr);
488 474
489 l3proto = nf_ct_l3proto_find_get(tuple->src.l3num); 475 l3proto = nf_ct_l3proto_find_get(tuple->src.l3num);
@@ -493,8 +479,6 @@ ctnetlink_parse_tuple_ip(struct nfattr *attr, struct nf_conntrack_tuple *tuple)
493 479
494 nf_ct_l3proto_put(l3proto); 480 nf_ct_l3proto_put(l3proto);
495 481
496 DEBUGP("leaving\n");
497
498 return ret; 482 return ret;
499} 483}
500 484
@@ -510,8 +494,6 @@ ctnetlink_parse_tuple_proto(struct nfattr *attr,
510 struct nf_conntrack_protocol *proto; 494 struct nf_conntrack_protocol *proto;
511 int ret = 0; 495 int ret = 0;
512 496
513 DEBUGP("entered %s\n", __FUNCTION__);
514
515 nfattr_parse_nested(tb, CTA_PROTO_MAX, attr); 497 nfattr_parse_nested(tb, CTA_PROTO_MAX, attr);
516 498
517 if (nfattr_bad_size(tb, CTA_PROTO_MAX, cta_min_proto)) 499 if (nfattr_bad_size(tb, CTA_PROTO_MAX, cta_min_proto))
@@ -538,8 +520,6 @@ ctnetlink_parse_tuple(struct nfattr *cda[], struct nf_conntrack_tuple *tuple,
538 struct nfattr *tb[CTA_TUPLE_MAX]; 520 struct nfattr *tb[CTA_TUPLE_MAX];
539 int err; 521 int err;
540 522
541 DEBUGP("entered %s\n", __FUNCTION__);
542
543 memset(tuple, 0, sizeof(*tuple)); 523 memset(tuple, 0, sizeof(*tuple));
544 524
545 nfattr_parse_nested(tb, CTA_TUPLE_MAX, cda[type-1]); 525 nfattr_parse_nested(tb, CTA_TUPLE_MAX, cda[type-1]);
@@ -566,10 +546,6 @@ ctnetlink_parse_tuple(struct nfattr *cda[], struct nf_conntrack_tuple *tuple,
566 else 546 else
567 tuple->dst.dir = IP_CT_DIR_ORIGINAL; 547 tuple->dst.dir = IP_CT_DIR_ORIGINAL;
568 548
569 NF_CT_DUMP_TUPLE(tuple);
570
571 DEBUGP("leaving\n");
572
573 return 0; 549 return 0;
574} 550}
575 551
@@ -586,8 +562,6 @@ static int ctnetlink_parse_nat_proto(struct nfattr *attr,
586 struct nfattr *tb[CTA_PROTONAT_MAX]; 562 struct nfattr *tb[CTA_PROTONAT_MAX];
587 struct ip_nat_protocol *npt; 563 struct ip_nat_protocol *npt;
588 564
589 DEBUGP("entered %s\n", __FUNCTION__);
590
591 nfattr_parse_nested(tb, CTA_PROTONAT_MAX, attr); 565 nfattr_parse_nested(tb, CTA_PROTONAT_MAX, attr);
592 566
593 if (nfattr_bad_size(tb, CTA_PROTONAT_MAX, cta_min_protonat)) 567 if (nfattr_bad_size(tb, CTA_PROTONAT_MAX, cta_min_protonat))
@@ -606,7 +580,6 @@ static int ctnetlink_parse_nat_proto(struct nfattr *attr,
606 580
607 ip_nat_proto_put(npt); 581 ip_nat_proto_put(npt);
608 582
609 DEBUGP("leaving\n");
610 return 0; 583 return 0;
611} 584}
612 585
@@ -622,8 +595,6 @@ ctnetlink_parse_nat(struct nfattr *nat,
622 struct nfattr *tb[CTA_NAT_MAX]; 595 struct nfattr *tb[CTA_NAT_MAX];
623 int err; 596 int err;
624 597
625 DEBUGP("entered %s\n", __FUNCTION__);
626
627 memset(range, 0, sizeof(*range)); 598 memset(range, 0, sizeof(*range));
628 599
629 nfattr_parse_nested(tb, CTA_NAT_MAX, nat); 600 nfattr_parse_nested(tb, CTA_NAT_MAX, nat);
@@ -649,7 +620,6 @@ ctnetlink_parse_nat(struct nfattr *nat,
649 if (err < 0) 620 if (err < 0)
650 return err; 621 return err;
651 622
652 DEBUGP("leaving\n");
653 return 0; 623 return 0;
654} 624}
655#endif 625#endif
@@ -659,8 +629,6 @@ ctnetlink_parse_help(struct nfattr *attr, char **helper_name)
659{ 629{
660 struct nfattr *tb[CTA_HELP_MAX]; 630 struct nfattr *tb[CTA_HELP_MAX];
661 631
662 DEBUGP("entered %s\n", __FUNCTION__);
663
664 nfattr_parse_nested(tb, CTA_HELP_MAX, attr); 632 nfattr_parse_nested(tb, CTA_HELP_MAX, attr);
665 633
666 if (!tb[CTA_HELP_NAME-1]) 634 if (!tb[CTA_HELP_NAME-1])
@@ -690,8 +658,6 @@ ctnetlink_del_conntrack(struct sock *ctnl, struct sk_buff *skb,
690 u_int8_t u3 = nfmsg->nfgen_family; 658 u_int8_t u3 = nfmsg->nfgen_family;
691 int err = 0; 659 int err = 0;
692 660
693 DEBUGP("entered %s\n", __FUNCTION__);
694
695 if (nfattr_bad_size(cda, CTA_MAX, cta_min)) 661 if (nfattr_bad_size(cda, CTA_MAX, cta_min))
696 return -EINVAL; 662 return -EINVAL;
697 663
@@ -709,10 +675,8 @@ ctnetlink_del_conntrack(struct sock *ctnl, struct sk_buff *skb,
709 return err; 675 return err;
710 676
711 h = nf_conntrack_find_get(&tuple, NULL); 677 h = nf_conntrack_find_get(&tuple, NULL);
712 if (!h) { 678 if (!h)
713 DEBUGP("tuple not found in conntrack hash\n");
714 return -ENOENT; 679 return -ENOENT;
715 }
716 680
717 ct = nf_ct_tuplehash_to_ctrack(h); 681 ct = nf_ct_tuplehash_to_ctrack(h);
718 682
@@ -727,7 +691,6 @@ ctnetlink_del_conntrack(struct sock *ctnl, struct sk_buff *skb,
727 ct->timeout.function((unsigned long)ct); 691 ct->timeout.function((unsigned long)ct);
728 692
729 nf_ct_put(ct); 693 nf_ct_put(ct);
730 DEBUGP("leaving\n");
731 694
732 return 0; 695 return 0;
733} 696}
@@ -744,8 +707,6 @@ ctnetlink_get_conntrack(struct sock *ctnl, struct sk_buff *skb,
744 u_int8_t u3 = nfmsg->nfgen_family; 707 u_int8_t u3 = nfmsg->nfgen_family;
745 int err = 0; 708 int err = 0;
746 709
747 DEBUGP("entered %s\n", __FUNCTION__);
748
749 if (nlh->nlmsg_flags & NLM_F_DUMP) { 710 if (nlh->nlmsg_flags & NLM_F_DUMP) {
750 u32 rlen; 711 u32 rlen;
751 712
@@ -779,11 +740,9 @@ ctnetlink_get_conntrack(struct sock *ctnl, struct sk_buff *skb,
779 return err; 740 return err;
780 741
781 h = nf_conntrack_find_get(&tuple, NULL); 742 h = nf_conntrack_find_get(&tuple, NULL);
782 if (!h) { 743 if (!h)
783 DEBUGP("tuple not found in conntrack hash");
784 return -ENOENT; 744 return -ENOENT;
785 } 745
786 DEBUGP("tuple found\n");
787 ct = nf_ct_tuplehash_to_ctrack(h); 746 ct = nf_ct_tuplehash_to_ctrack(h);
788 747
789 err = -ENOMEM; 748 err = -ENOMEM;
@@ -804,7 +763,6 @@ ctnetlink_get_conntrack(struct sock *ctnl, struct sk_buff *skb,
804 if (err < 0) 763 if (err < 0)
805 goto out; 764 goto out;
806 765
807 DEBUGP("leaving\n");
808 return 0; 766 return 0;
809 767
810free: 768free:
@@ -876,8 +834,6 @@ ctnetlink_change_helper(struct nf_conn *ct, struct nfattr *cda[])
876 char *helpname; 834 char *helpname;
877 int err; 835 int err;
878 836
879 DEBUGP("entered %s\n", __FUNCTION__);
880
881 if (!help) { 837 if (!help) {
882 /* FIXME: we need to reallocate and rehash */ 838 /* FIXME: we need to reallocate and rehash */
883 return -EBUSY; 839 return -EBUSY;
@@ -954,8 +910,6 @@ ctnetlink_change_conntrack(struct nf_conn *ct, struct nfattr *cda[])
954{ 910{
955 int err; 911 int err;
956 912
957 DEBUGP("entered %s\n", __FUNCTION__);
958
959 if (cda[CTA_HELP-1]) { 913 if (cda[CTA_HELP-1]) {
960 err = ctnetlink_change_helper(ct, cda); 914 err = ctnetlink_change_helper(ct, cda);
961 if (err < 0) 915 if (err < 0)
@@ -985,7 +939,6 @@ ctnetlink_change_conntrack(struct nf_conn *ct, struct nfattr *cda[])
985 ct->mark = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_MARK-1])); 939 ct->mark = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_MARK-1]));
986#endif 940#endif
987 941
988 DEBUGP("all done\n");
989 return 0; 942 return 0;
990} 943}
991 944
@@ -997,8 +950,6 @@ ctnetlink_create_conntrack(struct nfattr *cda[],
997 struct nf_conn *ct; 950 struct nf_conn *ct;
998 int err = -EINVAL; 951 int err = -EINVAL;
999 952
1000 DEBUGP("entered %s\n", __FUNCTION__);
1001
1002 ct = nf_conntrack_alloc(otuple, rtuple); 953 ct = nf_conntrack_alloc(otuple, rtuple);
1003 if (ct == NULL || IS_ERR(ct)) 954 if (ct == NULL || IS_ERR(ct))
1004 return -ENOMEM; 955 return -ENOMEM;
@@ -1028,7 +979,6 @@ ctnetlink_create_conntrack(struct nfattr *cda[],
1028 add_timer(&ct->timeout); 979 add_timer(&ct->timeout);
1029 nf_conntrack_hash_insert(ct); 980 nf_conntrack_hash_insert(ct);
1030 981
1031 DEBUGP("conntrack with id %u inserted\n", ct->id);
1032 return 0; 982 return 0;
1033 983
1034err: 984err:
@@ -1046,8 +996,6 @@ ctnetlink_new_conntrack(struct sock *ctnl, struct sk_buff *skb,
1046 u_int8_t u3 = nfmsg->nfgen_family; 996 u_int8_t u3 = nfmsg->nfgen_family;
1047 int err = 0; 997 int err = 0;
1048 998
1049 DEBUGP("entered %s\n", __FUNCTION__);
1050
1051 if (nfattr_bad_size(cda, CTA_MAX, cta_min)) 999 if (nfattr_bad_size(cda, CTA_MAX, cta_min))
1052 return -EINVAL; 1000 return -EINVAL;
1053 1001
@@ -1071,7 +1019,6 @@ ctnetlink_new_conntrack(struct sock *ctnl, struct sk_buff *skb,
1071 1019
1072 if (h == NULL) { 1020 if (h == NULL) {
1073 write_unlock_bh(&nf_conntrack_lock); 1021 write_unlock_bh(&nf_conntrack_lock);
1074 DEBUGP("no such conntrack, create new\n");
1075 err = -ENOENT; 1022 err = -ENOENT;
1076 if (nlh->nlmsg_flags & NLM_F_CREATE) 1023 if (nlh->nlmsg_flags & NLM_F_CREATE)
1077 err = ctnetlink_create_conntrack(cda, &otuple, &rtuple); 1024 err = ctnetlink_create_conntrack(cda, &otuple, &rtuple);
@@ -1087,7 +1034,6 @@ ctnetlink_new_conntrack(struct sock *ctnl, struct sk_buff *skb,
1087 1034
1088 /* We manipulate the conntrack inside the global conntrack table lock, 1035 /* We manipulate the conntrack inside the global conntrack table lock,
1089 * so there's no need to increase the refcount */ 1036 * so there's no need to increase the refcount */
1090 DEBUGP("conntrack found\n");
1091 err = -EEXIST; 1037 err = -EEXIST;
1092 if (!(nlh->nlmsg_flags & NLM_F_EXCL)) 1038 if (!(nlh->nlmsg_flags & NLM_F_EXCL))
1093 err = ctnetlink_change_conntrack(nf_ct_tuplehash_to_ctrack(h), cda); 1039 err = ctnetlink_change_conntrack(nf_ct_tuplehash_to_ctrack(h), cda);
@@ -1268,8 +1214,6 @@ ctnetlink_exp_dump_table(struct sk_buff *skb, struct netlink_callback *cb)
1268 struct nfgenmsg *nfmsg = NLMSG_DATA(cb->nlh); 1214 struct nfgenmsg *nfmsg = NLMSG_DATA(cb->nlh);
1269 u_int8_t l3proto = nfmsg->nfgen_family; 1215 u_int8_t l3proto = nfmsg->nfgen_family;
1270 1216
1271 DEBUGP("entered %s, last id=%llu\n", __FUNCTION__, *id);
1272
1273 read_lock_bh(&nf_conntrack_lock); 1217 read_lock_bh(&nf_conntrack_lock);
1274 list_for_each_prev(i, &nf_conntrack_expect_list) { 1218 list_for_each_prev(i, &nf_conntrack_expect_list) {
1275 exp = (struct nf_conntrack_expect *) i; 1219 exp = (struct nf_conntrack_expect *) i;
@@ -1287,8 +1231,6 @@ ctnetlink_exp_dump_table(struct sk_buff *skb, struct netlink_callback *cb)
1287out: 1231out:
1288 read_unlock_bh(&nf_conntrack_lock); 1232 read_unlock_bh(&nf_conntrack_lock);
1289 1233
1290 DEBUGP("leaving, last id=%llu\n", *id);
1291
1292 return skb->len; 1234 return skb->len;
1293} 1235}
1294 1236
@@ -1308,8 +1250,6 @@ ctnetlink_get_expect(struct sock *ctnl, struct sk_buff *skb,
1308 u_int8_t u3 = nfmsg->nfgen_family; 1250 u_int8_t u3 = nfmsg->nfgen_family;
1309 int err = 0; 1251 int err = 0;
1310 1252
1311 DEBUGP("entered %s\n", __FUNCTION__);
1312
1313 if (nfattr_bad_size(cda, CTA_EXPECT_MAX, cta_min_exp)) 1253 if (nfattr_bad_size(cda, CTA_EXPECT_MAX, cta_min_exp))
1314 return -EINVAL; 1254 return -EINVAL;
1315 1255
@@ -1460,8 +1400,6 @@ ctnetlink_create_expect(struct nfattr *cda[], u_int8_t u3)
1460 struct nf_conn_help *help; 1400 struct nf_conn_help *help;
1461 int err = 0; 1401 int err = 0;
1462 1402
1463 DEBUGP("entered %s\n", __FUNCTION__);
1464
1465 /* caller guarantees that those three CTA_EXPECT_* exist */ 1403 /* caller guarantees that those three CTA_EXPECT_* exist */
1466 err = ctnetlink_parse_tuple(cda, &tuple, CTA_EXPECT_TUPLE, u3); 1404 err = ctnetlink_parse_tuple(cda, &tuple, CTA_EXPECT_TUPLE, u3);
1467 if (err < 0) 1405 if (err < 0)
@@ -1516,8 +1454,6 @@ ctnetlink_new_expect(struct sock *ctnl, struct sk_buff *skb,
1516 u_int8_t u3 = nfmsg->nfgen_family; 1454 u_int8_t u3 = nfmsg->nfgen_family;
1517 int err = 0; 1455 int err = 0;
1518 1456
1519 DEBUGP("entered %s\n", __FUNCTION__);
1520
1521 if (nfattr_bad_size(cda, CTA_EXPECT_MAX, cta_min_exp)) 1457 if (nfattr_bad_size(cda, CTA_EXPECT_MAX, cta_min_exp))
1522 return -EINVAL; 1458 return -EINVAL;
1523 1459
@@ -1546,8 +1482,6 @@ ctnetlink_new_expect(struct sock *ctnl, struct sk_buff *skb,
1546 err = ctnetlink_change_expect(exp, cda); 1482 err = ctnetlink_change_expect(exp, cda);
1547 write_unlock_bh(&nf_conntrack_lock); 1483 write_unlock_bh(&nf_conntrack_lock);
1548 1484
1549 DEBUGP("leaving\n");
1550
1551 return err; 1485 return err;
1552} 1486}
1553 1487
diff --git a/net/netfilter/xt_NFQUEUE.c b/net/netfilter/xt_NFQUEUE.c
index db9b896e57c8..39e117502bd7 100644
--- a/net/netfilter/xt_NFQUEUE.c
+++ b/net/netfilter/xt_NFQUEUE.c
@@ -68,7 +68,7 @@ static int __init xt_nfqueue_init(void)
68 68
69static void __exit xt_nfqueue_fini(void) 69static void __exit xt_nfqueue_fini(void)
70{ 70{
71 xt_register_targets(xt_nfqueue_target, ARRAY_SIZE(xt_nfqueue_target)); 71 xt_unregister_targets(xt_nfqueue_target, ARRAY_SIZE(xt_nfqueue_target));
72} 72}
73 73
74module_init(xt_nfqueue_init); 74module_init(xt_nfqueue_init);
diff --git a/net/netfilter/xt_connmark.c b/net/netfilter/xt_connmark.c
index 92a5726ef237..a8f03057dbde 100644
--- a/net/netfilter/xt_connmark.c
+++ b/net/netfilter/xt_connmark.c
@@ -147,7 +147,7 @@ static int __init xt_connmark_init(void)
147 147
148static void __exit xt_connmark_fini(void) 148static void __exit xt_connmark_fini(void)
149{ 149{
150 xt_register_matches(xt_connmark_match, ARRAY_SIZE(xt_connmark_match)); 150 xt_unregister_matches(xt_connmark_match, ARRAY_SIZE(xt_connmark_match));
151} 151}
152 152
153module_init(xt_connmark_init); 153module_init(xt_connmark_init);
diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c
index 54fb7de3c2b1..ff971103fd0c 100644
--- a/net/netlabel/netlabel_kapi.c
+++ b/net/netlabel/netlabel_kapi.c
@@ -200,7 +200,7 @@ void netlbl_cache_invalidate(void)
200int netlbl_cache_add(const struct sk_buff *skb, 200int netlbl_cache_add(const struct sk_buff *skb,
201 const struct netlbl_lsm_secattr *secattr) 201 const struct netlbl_lsm_secattr *secattr)
202{ 202{
203 if (secattr->cache.data == NULL) 203 if (secattr->cache == NULL)
204 return -ENOMSG; 204 return -ENOMSG;
205 205
206 if (CIPSO_V4_OPTEXIST(skb)) 206 if (CIPSO_V4_OPTEXIST(skb))
diff --git a/net/sched/sch_htb.c b/net/sched/sch_htb.c
index bb3ddd4784b1..9b9c555c713f 100644
--- a/net/sched/sch_htb.c
+++ b/net/sched/sch_htb.c
@@ -786,11 +786,10 @@ static long htb_do_events(struct htb_sched *q, int level)
786 for (i = 0; i < 500; i++) { 786 for (i = 0; i < 500; i++) {
787 struct htb_class *cl; 787 struct htb_class *cl;
788 long diff; 788 long diff;
789 struct rb_node *p = q->wait_pq[level].rb_node; 789 struct rb_node *p = rb_first(&q->wait_pq[level]);
790
790 if (!p) 791 if (!p)
791 return 0; 792 return 0;
792 while (p->rb_left)
793 p = p->rb_left;
794 793
795 cl = rb_entry(p, struct htb_class, pq_node); 794 cl = rb_entry(p, struct htb_class, pq_node);
796 if (time_after(cl->pq_key, q->jiffies)) { 795 if (time_after(cl->pq_key, q->jiffies)) {
diff --git a/net/sched/sch_netem.c b/net/sched/sch_netem.c
index 45939bafbdf8..ef8874babf6a 100644
--- a/net/sched/sch_netem.c
+++ b/net/sched/sch_netem.c
@@ -170,6 +170,8 @@ static int netem_enqueue(struct sk_buff *skb, struct Qdisc *sch)
170 return NET_XMIT_BYPASS; 170 return NET_XMIT_BYPASS;
171 } 171 }
172 172
173 skb_orphan(skb);
174
173 /* 175 /*
174 * If we need to duplicate packet, then re-insert at top of the 176 * If we need to duplicate packet, then re-insert at top of the
175 * qdisc tree, since parent queuer expects that only one 177 * qdisc tree, since parent queuer expects that only one
diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c
index 249e5033c1a8..78071c6e6cf1 100644
--- a/net/sctp/ipv6.c
+++ b/net/sctp/ipv6.c
@@ -215,17 +215,17 @@ static struct dst_entry *sctp_v6_get_dst(struct sctp_association *asoc,
215 } 215 }
216 216
217 dst = ip6_route_output(NULL, &fl); 217 dst = ip6_route_output(NULL, &fl);
218 if (dst) { 218 if (!dst->error) {
219 struct rt6_info *rt; 219 struct rt6_info *rt;
220 rt = (struct rt6_info *)dst; 220 rt = (struct rt6_info *)dst;
221 SCTP_DEBUG_PRINTK( 221 SCTP_DEBUG_PRINTK(
222 "rt6_dst:" NIP6_FMT " rt6_src:" NIP6_FMT "\n", 222 "rt6_dst:" NIP6_FMT " rt6_src:" NIP6_FMT "\n",
223 NIP6(rt->rt6i_dst.addr), NIP6(rt->rt6i_src.addr)); 223 NIP6(rt->rt6i_dst.addr), NIP6(rt->rt6i_src.addr));
224 } else { 224 return dst;
225 SCTP_DEBUG_PRINTK("NO ROUTE\n");
226 } 225 }
227 226 SCTP_DEBUG_PRINTK("NO ROUTE\n");
228 return dst; 227 dst_release(dst);
228 return NULL;
229} 229}
230 230
231/* Returns the number of consecutive initial bits that match in the 2 ipv6 231/* Returns the number of consecutive initial bits that match in the 2 ipv6
diff --git a/net/sctp/proc.c b/net/sctp/proc.c
index a356d8d310a9..7f49e769080e 100644
--- a/net/sctp/proc.c
+++ b/net/sctp/proc.c
@@ -344,7 +344,7 @@ static int sctp_assocs_seq_show(struct seq_file *seq, void *v)
344 assoc, sk, sctp_sk(sk)->type, sk->sk_state, 344 assoc, sk, sctp_sk(sk)->type, sk->sk_state,
345 assoc->state, hash, assoc->assoc_id, 345 assoc->state, hash, assoc->assoc_id,
346 assoc->sndbuf_used, 346 assoc->sndbuf_used,
347 (sk->sk_rcvbuf - assoc->rwnd), 347 atomic_read(&assoc->rmem_alloc),
348 sock_i_uid(sk), sock_i_ino(sk), 348 sock_i_uid(sk), sock_i_ino(sk),
349 epb->bind_addr.port, 349 epb->bind_addr.port,
350 assoc->peer.port); 350 assoc->peer.port);
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index 3fe906d65069..9f34dec6ff8e 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -821,7 +821,7 @@ out:
821 * addrs is a pointer to an array of one or more socket addresses. Each 821 * addrs is a pointer to an array of one or more socket addresses. Each
822 * address is contained in its appropriate structure (i.e. struct 822 * address is contained in its appropriate structure (i.e. struct
823 * sockaddr_in or struct sockaddr_in6) the family of the address type 823 * sockaddr_in or struct sockaddr_in6) the family of the address type
824 * must be used to distengish the address length (note that this 824 * must be used to distinguish the address length (note that this
825 * representation is termed a "packed array" of addresses). The caller 825 * representation is termed a "packed array" of addresses). The caller
826 * specifies the number of addresses in the array with addrcnt. 826 * specifies the number of addresses in the array with addrcnt.
827 * 827 *
@@ -5362,6 +5362,20 @@ static void sctp_wfree(struct sk_buff *skb)
5362 sctp_association_put(asoc); 5362 sctp_association_put(asoc);
5363} 5363}
5364 5364
5365/* Do accounting for the receive space on the socket.
5366 * Accounting for the association is done in ulpevent.c
5367 * We set this as a destructor for the cloned data skbs so that
5368 * accounting is done at the correct time.
5369 */
5370void sctp_sock_rfree(struct sk_buff *skb)
5371{
5372 struct sock *sk = skb->sk;
5373 struct sctp_ulpevent *event = sctp_skb2event(skb);
5374
5375 atomic_sub(event->rmem_len, &sk->sk_rmem_alloc);
5376}
5377
5378
5365/* Helper function to wait for space in the sndbuf. */ 5379/* Helper function to wait for space in the sndbuf. */
5366static int sctp_wait_for_sndbuf(struct sctp_association *asoc, long *timeo_p, 5380static int sctp_wait_for_sndbuf(struct sctp_association *asoc, long *timeo_p,
5367 size_t msg_len) 5381 size_t msg_len)
@@ -5634,10 +5648,10 @@ static void sctp_sock_migrate(struct sock *oldsk, struct sock *newsk,
5634 sctp_skb_for_each(skb, &oldsk->sk_receive_queue, tmp) { 5648 sctp_skb_for_each(skb, &oldsk->sk_receive_queue, tmp) {
5635 event = sctp_skb2event(skb); 5649 event = sctp_skb2event(skb);
5636 if (event->asoc == assoc) { 5650 if (event->asoc == assoc) {
5637 sock_rfree(skb); 5651 sctp_sock_rfree(skb);
5638 __skb_unlink(skb, &oldsk->sk_receive_queue); 5652 __skb_unlink(skb, &oldsk->sk_receive_queue);
5639 __skb_queue_tail(&newsk->sk_receive_queue, skb); 5653 __skb_queue_tail(&newsk->sk_receive_queue, skb);
5640 skb_set_owner_r(skb, newsk); 5654 sctp_skb_set_owner_r(skb, newsk);
5641 } 5655 }
5642 } 5656 }
5643 5657
@@ -5665,10 +5679,10 @@ static void sctp_sock_migrate(struct sock *oldsk, struct sock *newsk,
5665 sctp_skb_for_each(skb, &oldsp->pd_lobby, tmp) { 5679 sctp_skb_for_each(skb, &oldsp->pd_lobby, tmp) {
5666 event = sctp_skb2event(skb); 5680 event = sctp_skb2event(skb);
5667 if (event->asoc == assoc) { 5681 if (event->asoc == assoc) {
5668 sock_rfree(skb); 5682 sctp_sock_rfree(skb);
5669 __skb_unlink(skb, &oldsp->pd_lobby); 5683 __skb_unlink(skb, &oldsp->pd_lobby);
5670 __skb_queue_tail(queue, skb); 5684 __skb_queue_tail(queue, skb);
5671 skb_set_owner_r(skb, newsk); 5685 sctp_skb_set_owner_r(skb, newsk);
5672 } 5686 }
5673 } 5687 }
5674 5688
diff --git a/net/sctp/ulpevent.c b/net/sctp/ulpevent.c
index ee236784a6bb..a015283a9087 100644
--- a/net/sctp/ulpevent.c
+++ b/net/sctp/ulpevent.c
@@ -55,10 +55,13 @@ static void sctp_ulpevent_release_frag_data(struct sctp_ulpevent *event);
55 55
56 56
57/* Initialize an ULP event from an given skb. */ 57/* Initialize an ULP event from an given skb. */
58SCTP_STATIC void sctp_ulpevent_init(struct sctp_ulpevent *event, int msg_flags) 58SCTP_STATIC void sctp_ulpevent_init(struct sctp_ulpevent *event,
59 int msg_flags,
60 unsigned int len)
59{ 61{
60 memset(event, 0, sizeof(struct sctp_ulpevent)); 62 memset(event, 0, sizeof(struct sctp_ulpevent));
61 event->msg_flags = msg_flags; 63 event->msg_flags = msg_flags;
64 event->rmem_len = len;
62} 65}
63 66
64/* Create a new sctp_ulpevent. */ 67/* Create a new sctp_ulpevent. */
@@ -73,7 +76,7 @@ SCTP_STATIC struct sctp_ulpevent *sctp_ulpevent_new(int size, int msg_flags,
73 goto fail; 76 goto fail;
74 77
75 event = sctp_skb2event(skb); 78 event = sctp_skb2event(skb);
76 sctp_ulpevent_init(event, msg_flags); 79 sctp_ulpevent_init(event, msg_flags, skb->truesize);
77 80
78 return event; 81 return event;
79 82
@@ -101,17 +104,16 @@ static inline void sctp_ulpevent_set_owner(struct sctp_ulpevent *event,
101 sctp_association_hold((struct sctp_association *)asoc); 104 sctp_association_hold((struct sctp_association *)asoc);
102 skb = sctp_event2skb(event); 105 skb = sctp_event2skb(event);
103 event->asoc = (struct sctp_association *)asoc; 106 event->asoc = (struct sctp_association *)asoc;
104 atomic_add(skb->truesize, &event->asoc->rmem_alloc); 107 atomic_add(event->rmem_len, &event->asoc->rmem_alloc);
105 skb_set_owner_r(skb, asoc->base.sk); 108 sctp_skb_set_owner_r(skb, asoc->base.sk);
106} 109}
107 110
108/* A simple destructor to give up the reference to the association. */ 111/* A simple destructor to give up the reference to the association. */
109static inline void sctp_ulpevent_release_owner(struct sctp_ulpevent *event) 112static inline void sctp_ulpevent_release_owner(struct sctp_ulpevent *event)
110{ 113{
111 struct sctp_association *asoc = event->asoc; 114 struct sctp_association *asoc = event->asoc;
112 struct sk_buff *skb = sctp_event2skb(event);
113 115
114 atomic_sub(skb->truesize, &asoc->rmem_alloc); 116 atomic_sub(event->rmem_len, &asoc->rmem_alloc);
115 sctp_association_put(asoc); 117 sctp_association_put(asoc);
116} 118}
117 119
@@ -372,7 +374,7 @@ struct sctp_ulpevent *sctp_ulpevent_make_remote_error(
372 374
373 /* Embed the event fields inside the cloned skb. */ 375 /* Embed the event fields inside the cloned skb. */
374 event = sctp_skb2event(skb); 376 event = sctp_skb2event(skb);
375 sctp_ulpevent_init(event, MSG_NOTIFICATION); 377 sctp_ulpevent_init(event, MSG_NOTIFICATION, skb->truesize);
376 378
377 sre = (struct sctp_remote_error *) 379 sre = (struct sctp_remote_error *)
378 skb_push(skb, sizeof(struct sctp_remote_error)); 380 skb_push(skb, sizeof(struct sctp_remote_error));
@@ -464,7 +466,7 @@ struct sctp_ulpevent *sctp_ulpevent_make_send_failed(
464 466
465 /* Embed the event fields inside the cloned skb. */ 467 /* Embed the event fields inside the cloned skb. */
466 event = sctp_skb2event(skb); 468 event = sctp_skb2event(skb);
467 sctp_ulpevent_init(event, MSG_NOTIFICATION); 469 sctp_ulpevent_init(event, MSG_NOTIFICATION, skb->truesize);
468 470
469 ssf = (struct sctp_send_failed *) 471 ssf = (struct sctp_send_failed *)
470 skb_push(skb, sizeof(struct sctp_send_failed)); 472 skb_push(skb, sizeof(struct sctp_send_failed));
@@ -682,8 +684,11 @@ struct sctp_ulpevent *sctp_ulpevent_make_rcvmsg(struct sctp_association *asoc,
682 /* Embed the event fields inside the cloned skb. */ 684 /* Embed the event fields inside the cloned skb. */
683 event = sctp_skb2event(skb); 685 event = sctp_skb2event(skb);
684 686
685 /* Initialize event with flags 0. */ 687 /* Initialize event with flags 0 and correct length
686 sctp_ulpevent_init(event, 0); 688 * Since this is a clone of the original skb, only account for
689 * the data of this chunk as other chunks will be accounted separately.
690 */
691 sctp_ulpevent_init(event, 0, skb->len + sizeof(struct sk_buff));
687 692
688 sctp_ulpevent_receive_data(event, asoc); 693 sctp_ulpevent_receive_data(event, asoc);
689 694
diff --git a/net/sctp/ulpqueue.c b/net/sctp/ulpqueue.c
index 575e556aeb3e..e1d144275f97 100644
--- a/net/sctp/ulpqueue.c
+++ b/net/sctp/ulpqueue.c
@@ -309,7 +309,7 @@ static struct sctp_ulpevent *sctp_make_reassembled_event(struct sk_buff_head *qu
309 if (!new) 309 if (!new)
310 return NULL; /* try again later */ 310 return NULL; /* try again later */
311 311
312 new->sk = f_frag->sk; 312 sctp_skb_set_owner_r(new, f_frag->sk);
313 313
314 skb_shinfo(new)->frag_list = pos; 314 skb_shinfo(new)->frag_list = pos;
315 } else 315 } else
diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c
index 447d9aef4605..1f0f079ffa65 100644
--- a/net/sunrpc/auth_gss/svcauth_gss.c
+++ b/net/sunrpc/auth_gss/svcauth_gss.c
@@ -1146,10 +1146,11 @@ out:
1146 return ret; 1146 return ret;
1147} 1147}
1148 1148
1149u32 * 1149static __be32 *
1150svcauth_gss_prepare_to_wrap(struct xdr_buf *resbuf, struct gss_svc_data *gsd) 1150svcauth_gss_prepare_to_wrap(struct xdr_buf *resbuf, struct gss_svc_data *gsd)
1151{ 1151{
1152 u32 *p, verf_len; 1152 __be32 *p;
1153 u32 verf_len;
1153 1154
1154 p = gsd->verf_start; 1155 p = gsd->verf_start;
1155 gsd->verf_start = NULL; 1156 gsd->verf_start = NULL;
diff --git a/net/sunrpc/pmap_clnt.c b/net/sunrpc/pmap_clnt.c
index 919d5ba7ca0a..e52afab413de 100644
--- a/net/sunrpc/pmap_clnt.c
+++ b/net/sunrpc/pmap_clnt.c
@@ -101,11 +101,13 @@ void rpc_getport(struct rpc_task *task)
101 /* Autobind on cloned rpc clients is discouraged */ 101 /* Autobind on cloned rpc clients is discouraged */
102 BUG_ON(clnt->cl_parent != clnt); 102 BUG_ON(clnt->cl_parent != clnt);
103 103
104 if (xprt_test_and_set_binding(xprt)) { 104 /* Put self on queue before sending rpcbind request, in case
105 task->tk_status = -EACCES; /* tell caller to check again */ 105 * pmap_getport_done completes before we return from rpc_run_task */
106 rpc_sleep_on(&xprt->binding, task, NULL, NULL); 106 rpc_sleep_on(&xprt->binding, task, NULL, NULL);
107 return; 107
108 } 108 status = -EACCES; /* tell caller to check again */
109 if (xprt_test_and_set_binding(xprt))
110 goto bailout_nofree;
109 111
110 /* Someone else may have bound if we slept */ 112 /* Someone else may have bound if we slept */
111 status = 0; 113 status = 0;
@@ -134,8 +136,6 @@ void rpc_getport(struct rpc_task *task)
134 goto bailout; 136 goto bailout;
135 rpc_release_task(child); 137 rpc_release_task(child);
136 138
137 rpc_sleep_on(&xprt->binding, task, NULL, NULL);
138
139 task->tk_xprt->stat.bind_count++; 139 task->tk_xprt->stat.bind_count++;
140 return; 140 return;
141 141
diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c
index c2c8bb20d07f..eb44ec929ca1 100644
--- a/net/sunrpc/svc.c
+++ b/net/sunrpc/svc.c
@@ -282,7 +282,10 @@ __svc_create(struct svc_program *prog, unsigned int bufsize, int npools,
282 serv->sv_program = prog; 282 serv->sv_program = prog;
283 serv->sv_nrthreads = 1; 283 serv->sv_nrthreads = 1;
284 serv->sv_stats = prog->pg_stats; 284 serv->sv_stats = prog->pg_stats;
285 serv->sv_bufsz = bufsize? bufsize : 4096; 285 if (bufsize > RPCSVC_MAXPAYLOAD)
286 bufsize = RPCSVC_MAXPAYLOAD;
287 serv->sv_max_payload = bufsize? bufsize : 4096;
288 serv->sv_max_mesg = roundup(serv->sv_max_payload + PAGE_SIZE, PAGE_SIZE);
286 serv->sv_shutdown = shutdown; 289 serv->sv_shutdown = shutdown;
287 xdrsize = 0; 290 xdrsize = 0;
288 while (prog) { 291 while (prog) {
@@ -414,9 +417,9 @@ svc_init_buffer(struct svc_rqst *rqstp, unsigned int size)
414 int pages; 417 int pages;
415 int arghi; 418 int arghi;
416 419
417 if (size > RPCSVC_MAXPAYLOAD) 420 pages = size / PAGE_SIZE + 1; /* extra page as we hold both request and reply.
418 size = RPCSVC_MAXPAYLOAD; 421 * We assume one is at most one page
419 pages = 2 + (size+ PAGE_SIZE -1) / PAGE_SIZE; 422 */
420 arghi = 0; 423 arghi = 0;
421 BUG_ON(pages > RPCSVC_MAXPAGES); 424 BUG_ON(pages > RPCSVC_MAXPAGES);
422 while (pages) { 425 while (pages) {
@@ -463,7 +466,7 @@ __svc_create_thread(svc_thread_fn func, struct svc_serv *serv,
463 466
464 if (!(rqstp->rq_argp = kmalloc(serv->sv_xdrsize, GFP_KERNEL)) 467 if (!(rqstp->rq_argp = kmalloc(serv->sv_xdrsize, GFP_KERNEL))
465 || !(rqstp->rq_resp = kmalloc(serv->sv_xdrsize, GFP_KERNEL)) 468 || !(rqstp->rq_resp = kmalloc(serv->sv_xdrsize, GFP_KERNEL))
466 || !svc_init_buffer(rqstp, serv->sv_bufsz)) 469 || !svc_init_buffer(rqstp, serv->sv_max_mesg))
467 goto out_thread; 470 goto out_thread;
468 471
469 serv->sv_nrthreads++; 472 serv->sv_nrthreads++;
@@ -825,6 +828,11 @@ svc_process(struct svc_rqst *rqstp)
825 *statp = procp->pc_func(rqstp, rqstp->rq_argp, rqstp->rq_resp); 828 *statp = procp->pc_func(rqstp, rqstp->rq_argp, rqstp->rq_resp);
826 829
827 /* Encode reply */ 830 /* Encode reply */
831 if (*statp == rpc_drop_reply) {
832 if (procp->pc_release)
833 procp->pc_release(rqstp, NULL, rqstp->rq_resp);
834 goto dropit;
835 }
828 if (*statp == rpc_success && (xdr = procp->pc_encode) 836 if (*statp == rpc_success && (xdr = procp->pc_encode)
829 && !xdr(rqstp, resv->iov_base+resv->iov_len, rqstp->rq_resp)) { 837 && !xdr(rqstp, resv->iov_base+resv->iov_len, rqstp->rq_resp)) {
830 dprintk("svc: failed to encode reply\n"); 838 dprintk("svc: failed to encode reply\n");
@@ -938,8 +946,8 @@ u32 svc_max_payload(const struct svc_rqst *rqstp)
938 946
939 if (rqstp->rq_sock->sk_sock->type == SOCK_DGRAM) 947 if (rqstp->rq_sock->sk_sock->type == SOCK_DGRAM)
940 max = RPCSVC_MAXPAYLOAD_UDP; 948 max = RPCSVC_MAXPAYLOAD_UDP;
941 if (rqstp->rq_server->sv_bufsz < max) 949 if (rqstp->rq_server->sv_max_payload < max)
942 max = rqstp->rq_server->sv_bufsz; 950 max = rqstp->rq_server->sv_max_payload;
943 return max; 951 return max;
944} 952}
945EXPORT_SYMBOL_GPL(svc_max_payload); 953EXPORT_SYMBOL_GPL(svc_max_payload);
diff --git a/net/sunrpc/svcsock.c b/net/sunrpc/svcsock.c
index b39e7e2b648f..96521f16342b 100644
--- a/net/sunrpc/svcsock.c
+++ b/net/sunrpc/svcsock.c
@@ -192,13 +192,13 @@ svc_sock_enqueue(struct svc_sock *svsk)
192 svsk->sk_pool = pool; 192 svsk->sk_pool = pool;
193 193
194 set_bit(SOCK_NOSPACE, &svsk->sk_sock->flags); 194 set_bit(SOCK_NOSPACE, &svsk->sk_sock->flags);
195 if (((atomic_read(&svsk->sk_reserved) + serv->sv_bufsz)*2 195 if (((atomic_read(&svsk->sk_reserved) + serv->sv_max_mesg)*2
196 > svc_sock_wspace(svsk)) 196 > svc_sock_wspace(svsk))
197 && !test_bit(SK_CLOSE, &svsk->sk_flags) 197 && !test_bit(SK_CLOSE, &svsk->sk_flags)
198 && !test_bit(SK_CONN, &svsk->sk_flags)) { 198 && !test_bit(SK_CONN, &svsk->sk_flags)) {
199 /* Don't enqueue while not enough space for reply */ 199 /* Don't enqueue while not enough space for reply */
200 dprintk("svc: socket %p no space, %d*2 > %ld, not enqueued\n", 200 dprintk("svc: socket %p no space, %d*2 > %ld, not enqueued\n",
201 svsk->sk_sk, atomic_read(&svsk->sk_reserved)+serv->sv_bufsz, 201 svsk->sk_sk, atomic_read(&svsk->sk_reserved)+serv->sv_max_mesg,
202 svc_sock_wspace(svsk)); 202 svc_sock_wspace(svsk));
203 svsk->sk_pool = NULL; 203 svsk->sk_pool = NULL;
204 clear_bit(SK_BUSY, &svsk->sk_flags); 204 clear_bit(SK_BUSY, &svsk->sk_flags);
@@ -220,7 +220,7 @@ svc_sock_enqueue(struct svc_sock *svsk)
220 rqstp, rqstp->rq_sock); 220 rqstp, rqstp->rq_sock);
221 rqstp->rq_sock = svsk; 221 rqstp->rq_sock = svsk;
222 atomic_inc(&svsk->sk_inuse); 222 atomic_inc(&svsk->sk_inuse);
223 rqstp->rq_reserved = serv->sv_bufsz; 223 rqstp->rq_reserved = serv->sv_max_mesg;
224 atomic_add(rqstp->rq_reserved, &svsk->sk_reserved); 224 atomic_add(rqstp->rq_reserved, &svsk->sk_reserved);
225 BUG_ON(svsk->sk_pool != pool); 225 BUG_ON(svsk->sk_pool != pool);
226 wake_up(&rqstp->rq_wait); 226 wake_up(&rqstp->rq_wait);
@@ -639,8 +639,8 @@ svc_udp_recvfrom(struct svc_rqst *rqstp)
639 * which will access the socket. 639 * which will access the socket.
640 */ 640 */
641 svc_sock_setbufsize(svsk->sk_sock, 641 svc_sock_setbufsize(svsk->sk_sock,
642 (serv->sv_nrthreads+3) * serv->sv_bufsz, 642 (serv->sv_nrthreads+3) * serv->sv_max_mesg,
643 (serv->sv_nrthreads+3) * serv->sv_bufsz); 643 (serv->sv_nrthreads+3) * serv->sv_max_mesg);
644 644
645 if ((rqstp->rq_deferred = svc_deferred_dequeue(svsk))) { 645 if ((rqstp->rq_deferred = svc_deferred_dequeue(svsk))) {
646 svc_sock_received(svsk); 646 svc_sock_received(svsk);
@@ -749,8 +749,8 @@ svc_udp_init(struct svc_sock *svsk)
749 * svc_udp_recvfrom will re-adjust if necessary 749 * svc_udp_recvfrom will re-adjust if necessary
750 */ 750 */
751 svc_sock_setbufsize(svsk->sk_sock, 751 svc_sock_setbufsize(svsk->sk_sock,
752 3 * svsk->sk_server->sv_bufsz, 752 3 * svsk->sk_server->sv_max_mesg,
753 3 * svsk->sk_server->sv_bufsz); 753 3 * svsk->sk_server->sv_max_mesg);
754 754
755 set_bit(SK_DATA, &svsk->sk_flags); /* might have come in before data_ready set up */ 755 set_bit(SK_DATA, &svsk->sk_flags); /* might have come in before data_ready set up */
756 set_bit(SK_CHNGBUF, &svsk->sk_flags); 756 set_bit(SK_CHNGBUF, &svsk->sk_flags);
@@ -973,7 +973,7 @@ svc_tcp_recvfrom(struct svc_rqst *rqstp)
973 return 0; 973 return 0;
974 } 974 }
975 975
976 if (test_bit(SK_CONN, &svsk->sk_flags)) { 976 if (svsk->sk_sk->sk_state == TCP_LISTEN) {
977 svc_tcp_accept(svsk); 977 svc_tcp_accept(svsk);
978 svc_sock_received(svsk); 978 svc_sock_received(svsk);
979 return 0; 979 return 0;
@@ -993,8 +993,8 @@ svc_tcp_recvfrom(struct svc_rqst *rqstp)
993 * as soon a a complete request arrives. 993 * as soon a a complete request arrives.
994 */ 994 */
995 svc_sock_setbufsize(svsk->sk_sock, 995 svc_sock_setbufsize(svsk->sk_sock,
996 (serv->sv_nrthreads+3) * serv->sv_bufsz, 996 (serv->sv_nrthreads+3) * serv->sv_max_mesg,
997 3 * serv->sv_bufsz); 997 3 * serv->sv_max_mesg);
998 998
999 clear_bit(SK_DATA, &svsk->sk_flags); 999 clear_bit(SK_DATA, &svsk->sk_flags);
1000 1000
@@ -1032,7 +1032,7 @@ svc_tcp_recvfrom(struct svc_rqst *rqstp)
1032 } 1032 }
1033 svsk->sk_reclen &= 0x7fffffff; 1033 svsk->sk_reclen &= 0x7fffffff;
1034 dprintk("svc: TCP record, %d bytes\n", svsk->sk_reclen); 1034 dprintk("svc: TCP record, %d bytes\n", svsk->sk_reclen);
1035 if (svsk->sk_reclen > serv->sv_bufsz) { 1035 if (svsk->sk_reclen > serv->sv_max_mesg) {
1036 printk(KERN_NOTICE "RPC: bad TCP reclen 0x%08lx (large)\n", 1036 printk(KERN_NOTICE "RPC: bad TCP reclen 0x%08lx (large)\n",
1037 (unsigned long) svsk->sk_reclen); 1037 (unsigned long) svsk->sk_reclen);
1038 goto err_delete; 1038 goto err_delete;
@@ -1171,8 +1171,8 @@ svc_tcp_init(struct svc_sock *svsk)
1171 * svc_tcp_recvfrom will re-adjust if necessary 1171 * svc_tcp_recvfrom will re-adjust if necessary
1172 */ 1172 */
1173 svc_sock_setbufsize(svsk->sk_sock, 1173 svc_sock_setbufsize(svsk->sk_sock,
1174 3 * svsk->sk_server->sv_bufsz, 1174 3 * svsk->sk_server->sv_max_mesg,
1175 3 * svsk->sk_server->sv_bufsz); 1175 3 * svsk->sk_server->sv_max_mesg);
1176 1176
1177 set_bit(SK_CHNGBUF, &svsk->sk_flags); 1177 set_bit(SK_CHNGBUF, &svsk->sk_flags);
1178 set_bit(SK_DATA, &svsk->sk_flags); 1178 set_bit(SK_DATA, &svsk->sk_flags);
@@ -1234,7 +1234,7 @@ svc_recv(struct svc_rqst *rqstp, long timeout)
1234 1234
1235 1235
1236 /* now allocate needed pages. If we get a failure, sleep briefly */ 1236 /* now allocate needed pages. If we get a failure, sleep briefly */
1237 pages = 2 + (serv->sv_bufsz + PAGE_SIZE -1) / PAGE_SIZE; 1237 pages = (serv->sv_max_mesg + PAGE_SIZE) / PAGE_SIZE;
1238 for (i=0; i < pages ; i++) 1238 for (i=0; i < pages ; i++)
1239 while (rqstp->rq_pages[i] == NULL) { 1239 while (rqstp->rq_pages[i] == NULL) {
1240 struct page *p = alloc_page(GFP_KERNEL); 1240 struct page *p = alloc_page(GFP_KERNEL);
@@ -1263,7 +1263,7 @@ svc_recv(struct svc_rqst *rqstp, long timeout)
1263 if ((svsk = svc_sock_dequeue(pool)) != NULL) { 1263 if ((svsk = svc_sock_dequeue(pool)) != NULL) {
1264 rqstp->rq_sock = svsk; 1264 rqstp->rq_sock = svsk;
1265 atomic_inc(&svsk->sk_inuse); 1265 atomic_inc(&svsk->sk_inuse);
1266 rqstp->rq_reserved = serv->sv_bufsz; 1266 rqstp->rq_reserved = serv->sv_max_mesg;
1267 atomic_add(rqstp->rq_reserved, &svsk->sk_reserved); 1267 atomic_add(rqstp->rq_reserved, &svsk->sk_reserved);
1268 } else { 1268 } else {
1269 /* No data pending. Go to sleep */ 1269 /* No data pending. Go to sleep */
diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c
index 28100e019225..757fc91ef25d 100644
--- a/net/sunrpc/xprtsock.c
+++ b/net/sunrpc/xprtsock.c
@@ -1366,7 +1366,7 @@ int xs_setup_udp(struct rpc_xprt *xprt, struct rpc_timeout *to)
1366 if (xprt->slot == NULL) 1366 if (xprt->slot == NULL)
1367 return -ENOMEM; 1367 return -ENOMEM;
1368 1368
1369 if (ntohs(addr->sin_port != 0)) 1369 if (ntohs(addr->sin_port) != 0)
1370 xprt_set_bound(xprt); 1370 xprt_set_bound(xprt);
1371 xprt->port = xs_get_random_port(); 1371 xprt->port = xs_get_random_port();
1372 1372
diff --git a/net/tipc/bearer.c b/net/tipc/bearer.c
index 75a5968c2139..39744a33bd36 100644
--- a/net/tipc/bearer.c
+++ b/net/tipc/bearer.c
@@ -2,7 +2,7 @@
2 * net/tipc/bearer.c: TIPC bearer code 2 * net/tipc/bearer.c: TIPC bearer code
3 * 3 *
4 * Copyright (c) 1996-2006, Ericsson AB 4 * Copyright (c) 1996-2006, Ericsson AB
5 * Copyright (c) 2004-2005, Wind River Systems 5 * Copyright (c) 2004-2006, Wind River Systems
6 * All rights reserved. 6 * All rights reserved.
7 * 7 *
8 * Redistribution and use in source and binary forms, with or without 8 * Redistribution and use in source and binary forms, with or without
@@ -191,14 +191,14 @@ void tipc_media_addr_printf(struct print_buf *pb, struct tipc_media_addr *a)
191 if ((i < media_count) && (m_ptr->addr2str != NULL)) { 191 if ((i < media_count) && (m_ptr->addr2str != NULL)) {
192 char addr_str[MAX_ADDR_STR]; 192 char addr_str[MAX_ADDR_STR];
193 193
194 tipc_printf(pb, "%s(%s) ", m_ptr->name, 194 tipc_printf(pb, "%s(%s)", m_ptr->name,
195 m_ptr->addr2str(a, addr_str, sizeof(addr_str))); 195 m_ptr->addr2str(a, addr_str, sizeof(addr_str)));
196 } else { 196 } else {
197 unchar *addr = (unchar *)&a->dev_addr; 197 unchar *addr = (unchar *)&a->dev_addr;
198 198
199 tipc_printf(pb, "UNKNOWN(%u):", media_type); 199 tipc_printf(pb, "UNKNOWN(%u)", media_type);
200 for (i = 0; i < (sizeof(*a) - sizeof(a->type)); i++) { 200 for (i = 0; i < (sizeof(*a) - sizeof(a->type)); i++) {
201 tipc_printf(pb, "%02x ", addr[i]); 201 tipc_printf(pb, "-%02x", addr[i]);
202 } 202 }
203 } 203 }
204} 204}
diff --git a/net/tipc/config.c b/net/tipc/config.c
index 285e1bc2d880..ed1351ed05e1 100644
--- a/net/tipc/config.c
+++ b/net/tipc/config.c
@@ -2,7 +2,7 @@
2 * net/tipc/config.c: TIPC configuration management code 2 * net/tipc/config.c: TIPC configuration management code
3 * 3 *
4 * Copyright (c) 2002-2006, Ericsson AB 4 * Copyright (c) 2002-2006, Ericsson AB
5 * Copyright (c) 2004-2005, Wind River Systems 5 * Copyright (c) 2004-2006, Wind River Systems
6 * All rights reserved. 6 * All rights reserved.
7 * 7 *
8 * Redistribution and use in source and binary forms, with or without 8 * Redistribution and use in source and binary forms, with or without
@@ -613,7 +613,8 @@ struct sk_buff *tipc_cfg_do_cmd(u32 orig_node, u16 cmd, const void *request_area
613 rep_tlv_buf = tipc_cfg_reply_unsigned(tipc_net_id); 613 rep_tlv_buf = tipc_cfg_reply_unsigned(tipc_net_id);
614 break; 614 break;
615 default: 615 default:
616 rep_tlv_buf = NULL; 616 rep_tlv_buf = tipc_cfg_reply_error_string(TIPC_CFG_NOT_SUPPORTED
617 " (unknown command)");
617 break; 618 break;
618 } 619 }
619 620
diff --git a/net/tipc/core.c b/net/tipc/core.c
index 0539a8362858..6f5b7ee31180 100644
--- a/net/tipc/core.c
+++ b/net/tipc/core.c
@@ -57,7 +57,7 @@ void tipc_socket_stop(void);
57int tipc_netlink_start(void); 57int tipc_netlink_start(void);
58void tipc_netlink_stop(void); 58void tipc_netlink_stop(void);
59 59
60#define TIPC_MOD_VER "1.6.1" 60#define TIPC_MOD_VER "1.6.2"
61 61
62#ifndef CONFIG_TIPC_ZONES 62#ifndef CONFIG_TIPC_ZONES
63#define CONFIG_TIPC_ZONES 3 63#define CONFIG_TIPC_ZONES 3
@@ -90,7 +90,7 @@ int tipc_random;
90atomic_t tipc_user_count = ATOMIC_INIT(0); 90atomic_t tipc_user_count = ATOMIC_INIT(0);
91 91
92const char tipc_alphabet[] = 92const char tipc_alphabet[] =
93 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_"; 93 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_.";
94 94
95/* configurable TIPC parameters */ 95/* configurable TIPC parameters */
96 96
diff --git a/net/tipc/core.h b/net/tipc/core.h
index 762aac2572be..4638947c2326 100644
--- a/net/tipc/core.h
+++ b/net/tipc/core.h
@@ -65,7 +65,7 @@
65#define assert(i) BUG_ON(!(i)) 65#define assert(i) BUG_ON(!(i))
66 66
67struct tipc_msg; 67struct tipc_msg;
68extern struct print_buf *TIPC_CONS, *TIPC_LOG; 68extern struct print_buf *TIPC_NULL, *TIPC_CONS, *TIPC_LOG;
69extern struct print_buf *TIPC_TEE(struct print_buf *, struct print_buf *); 69extern struct print_buf *TIPC_TEE(struct print_buf *, struct print_buf *);
70void tipc_msg_print(struct print_buf*,struct tipc_msg *,const char*); 70void tipc_msg_print(struct print_buf*,struct tipc_msg *,const char*);
71void tipc_printf(struct print_buf *, const char *fmt, ...); 71void tipc_printf(struct print_buf *, const char *fmt, ...);
@@ -83,9 +83,9 @@ void tipc_dump(struct print_buf*,const char *fmt, ...);
83#define warn(fmt, arg...) tipc_printf(TIPC_OUTPUT, KERN_WARNING "TIPC: " fmt, ## arg) 83#define warn(fmt, arg...) tipc_printf(TIPC_OUTPUT, KERN_WARNING "TIPC: " fmt, ## arg)
84#define info(fmt, arg...) tipc_printf(TIPC_OUTPUT, KERN_NOTICE "TIPC: " fmt, ## arg) 84#define info(fmt, arg...) tipc_printf(TIPC_OUTPUT, KERN_NOTICE "TIPC: " fmt, ## arg)
85 85
86#define dbg(fmt, arg...) do {if (DBG_OUTPUT) tipc_printf(DBG_OUTPUT, fmt, ## arg);} while(0) 86#define dbg(fmt, arg...) do {if (DBG_OUTPUT != TIPC_NULL) tipc_printf(DBG_OUTPUT, fmt, ## arg);} while(0)
87#define msg_dbg(msg, txt) do {if (DBG_OUTPUT) tipc_msg_print(DBG_OUTPUT, msg, txt);} while(0) 87#define msg_dbg(msg, txt) do {if (DBG_OUTPUT != TIPC_NULL) tipc_msg_print(DBG_OUTPUT, msg, txt);} while(0)
88#define dump(fmt, arg...) do {if (DBG_OUTPUT) tipc_dump(DBG_OUTPUT, fmt, ##arg);} while(0) 88#define dump(fmt, arg...) do {if (DBG_OUTPUT != TIPC_NULL) tipc_dump(DBG_OUTPUT, fmt, ##arg);} while(0)
89 89
90 90
91/* 91/*
@@ -94,11 +94,11 @@ void tipc_dump(struct print_buf*,const char *fmt, ...);
94 * here, or on a per .c file basis, by redefining these symbols. The following 94 * here, or on a per .c file basis, by redefining these symbols. The following
95 * print buffer options are available: 95 * print buffer options are available:
96 * 96 *
97 * NULL : Output to null print buffer (i.e. print nowhere) 97 * TIPC_NULL : null buffer (i.e. print nowhere)
98 * TIPC_CONS : Output to system console 98 * TIPC_CONS : system console
99 * TIPC_LOG : Output to TIPC log buffer 99 * TIPC_LOG : TIPC log buffer
100 * &buf : Output to user-defined buffer (struct print_buf *) 100 * &buf : user-defined buffer (struct print_buf *)
101 * TIPC_TEE(&buf_a,&buf_b) : Output to two print buffers (eg. TIPC_TEE(TIPC_CONS,TIPC_LOG) ) 101 * TIPC_TEE(&buf_a,&buf_b) : list of buffers (eg. TIPC_TEE(TIPC_CONS,TIPC_LOG))
102 */ 102 */
103 103
104#ifndef TIPC_OUTPUT 104#ifndef TIPC_OUTPUT
@@ -106,7 +106,7 @@ void tipc_dump(struct print_buf*,const char *fmt, ...);
106#endif 106#endif
107 107
108#ifndef DBG_OUTPUT 108#ifndef DBG_OUTPUT
109#define DBG_OUTPUT NULL 109#define DBG_OUTPUT TIPC_NULL
110#endif 110#endif
111 111
112#else 112#else
@@ -136,7 +136,7 @@ void tipc_dump(struct print_buf*,const char *fmt, ...);
136#define TIPC_OUTPUT TIPC_CONS 136#define TIPC_OUTPUT TIPC_CONS
137 137
138#undef DBG_OUTPUT 138#undef DBG_OUTPUT
139#define DBG_OUTPUT NULL 139#define DBG_OUTPUT TIPC_NULL
140 140
141#endif 141#endif
142 142
@@ -275,11 +275,15 @@ static inline void k_term_timer(struct timer_list *timer)
275/* 275/*
276 * TIPC message buffer code 276 * TIPC message buffer code
277 * 277 *
278 * TIPC message buffer headroom leaves room for 14 byte Ethernet header, 278 * TIPC message buffer headroom reserves space for a link-level header
279 * (in case the message is sent off-node),
279 * while ensuring TIPC header is word aligned for quicker access 280 * while ensuring TIPC header is word aligned for quicker access
281 *
282 * The largest header currently supported is 18 bytes, which is used when
283 * the standard 14 byte Ethernet header has 4 added bytes for VLAN info
280 */ 284 */
281 285
282#define BUF_HEADROOM 16u 286#define BUF_HEADROOM 20u
283 287
284struct tipc_skb_cb { 288struct tipc_skb_cb {
285 void *handle; 289 void *handle;
diff --git a/net/tipc/dbg.c b/net/tipc/dbg.c
index 55130655e1ed..d8af4c28695d 100644
--- a/net/tipc/dbg.c
+++ b/net/tipc/dbg.c
@@ -1,8 +1,8 @@
1/* 1/*
2 * net/tipc/dbg.c: TIPC print buffer routines for debuggign 2 * net/tipc/dbg.c: TIPC print buffer routines for debugging
3 * 3 *
4 * Copyright (c) 1996-2006, Ericsson AB 4 * Copyright (c) 1996-2006, Ericsson AB
5 * Copyright (c) 2005, Wind River Systems 5 * Copyright (c) 2005-2006, Wind River Systems
6 * All rights reserved. 6 * All rights reserved.
7 * 7 *
8 * Redistribution and use in source and binary forms, with or without 8 * Redistribution and use in source and binary forms, with or without
@@ -38,11 +38,12 @@
38#include "config.h" 38#include "config.h"
39#include "dbg.h" 39#include "dbg.h"
40 40
41#define MAX_STRING 512 41static char print_string[TIPC_PB_MAX_STR];
42
43static char print_string[MAX_STRING];
44static DEFINE_SPINLOCK(print_lock); 42static DEFINE_SPINLOCK(print_lock);
45 43
44static struct print_buf null_buf = { NULL, 0, NULL, NULL };
45struct print_buf *TIPC_NULL = &null_buf;
46
46static struct print_buf cons_buf = { NULL, 0, NULL, NULL }; 47static struct print_buf cons_buf = { NULL, 0, NULL, NULL };
47struct print_buf *TIPC_CONS = &cons_buf; 48struct print_buf *TIPC_CONS = &cons_buf;
48 49
@@ -62,68 +63,83 @@ struct print_buf *TIPC_LOG = &log_buf;
62/* 63/*
63 * Locking policy when using print buffers. 64 * Locking policy when using print buffers.
64 * 65 *
65 * 1) Routines of the form printbuf_XXX() rely on the caller to prevent 66 * The following routines use 'print_lock' for protection:
66 * simultaneous use of the print buffer(s) being manipulated. 67 * 1) tipc_printf() - to protect its print buffer(s) and 'print_string'
67 * 2) tipc_printf() uses 'print_lock' to prevent simultaneous use of 68 * 2) TIPC_TEE() - to protect its print buffer(s)
68 * 'print_string' and to protect its print buffer(s). 69 * 3) tipc_dump() - to protect its print buffer(s) and 'print_string'
69 * 3) TIPC_TEE() uses 'print_lock' to protect its print buffer(s). 70 * 4) tipc_log_XXX() - to protect TIPC_LOG
70 * 4) Routines of the form log_XXX() uses 'print_lock' to protect TIPC_LOG. 71 *
72 * All routines of the form tipc_printbuf_XXX() rely on the caller to prevent
73 * simultaneous use of the print buffer(s) being manipulated.
71 */ 74 */
72 75
73/** 76/**
74 * tipc_printbuf_init - initialize print buffer to empty 77 * tipc_printbuf_init - initialize print buffer to empty
78 * @pb: pointer to print buffer structure
79 * @raw: pointer to character array used by print buffer
80 * @size: size of character array
81 *
82 * Makes the print buffer a null device that discards anything written to it
83 * if the character array is too small (or absent).
75 */ 84 */
76 85
77void tipc_printbuf_init(struct print_buf *pb, char *raw, u32 sz) 86void tipc_printbuf_init(struct print_buf *pb, char *raw, u32 size)
78{ 87{
79 if (!pb || !raw || (sz < (MAX_STRING + 1))) 88 pb->buf = raw;
80 return; 89 pb->crs = raw;
81 90 pb->size = size;
82 pb->crs = pb->buf = raw;
83 pb->size = sz;
84 pb->next = NULL; 91 pb->next = NULL;
85 pb->buf[0] = 0; 92
86 pb->buf[sz-1] = ~0; 93 if (size < TIPC_PB_MIN_SIZE) {
94 pb->buf = NULL;
95 } else if (raw) {
96 pb->buf[0] = 0;
97 pb->buf[size-1] = ~0;
98 }
87} 99}
88 100
89/** 101/**
90 * tipc_printbuf_reset - reinitialize print buffer to empty state 102 * tipc_printbuf_reset - reinitialize print buffer to empty state
103 * @pb: pointer to print buffer structure
91 */ 104 */
92 105
93void tipc_printbuf_reset(struct print_buf *pb) 106void tipc_printbuf_reset(struct print_buf *pb)
94{ 107{
95 if (pb && pb->buf) 108 tipc_printbuf_init(pb, pb->buf, pb->size);
96 tipc_printbuf_init(pb, pb->buf, pb->size);
97} 109}
98 110
99/** 111/**
100 * tipc_printbuf_empty - test if print buffer is in empty state 112 * tipc_printbuf_empty - test if print buffer is in empty state
113 * @pb: pointer to print buffer structure
114 *
115 * Returns non-zero if print buffer is empty.
101 */ 116 */
102 117
103int tipc_printbuf_empty(struct print_buf *pb) 118int tipc_printbuf_empty(struct print_buf *pb)
104{ 119{
105 return (!pb || !pb->buf || (pb->crs == pb->buf)); 120 return (!pb->buf || (pb->crs == pb->buf));
106} 121}
107 122
108/** 123/**
109 * tipc_printbuf_validate - check for print buffer overflow 124 * tipc_printbuf_validate - check for print buffer overflow
125 * @pb: pointer to print buffer structure
110 * 126 *
111 * Verifies that a print buffer has captured all data written to it. 127 * Verifies that a print buffer has captured all data written to it.
112 * If data has been lost, linearize buffer and prepend an error message 128 * If data has been lost, linearize buffer and prepend an error message
113 * 129 *
114 * Returns length of print buffer data string (including trailing NULL) 130 * Returns length of print buffer data string (including trailing NUL)
115 */ 131 */
116 132
117int tipc_printbuf_validate(struct print_buf *pb) 133int tipc_printbuf_validate(struct print_buf *pb)
118{ 134{
119 char *err = " *** PRINT BUFFER WRAPPED AROUND ***\n"; 135 char *err = "\n\n*** PRINT BUFFER OVERFLOW ***\n\n";
120 char *cp_buf; 136 char *cp_buf;
121 struct print_buf cb; 137 struct print_buf cb;
122 138
123 if (!pb || !pb->buf) 139 if (!pb->buf)
124 return 0; 140 return 0;
125 141
126 if (pb->buf[pb->size - 1] == '\0') { 142 if (pb->buf[pb->size - 1] == 0) {
127 cp_buf = kmalloc(pb->size, GFP_ATOMIC); 143 cp_buf = kmalloc(pb->size, GFP_ATOMIC);
128 if (cp_buf != NULL){ 144 if (cp_buf != NULL){
129 tipc_printbuf_init(&cb, cp_buf, pb->size); 145 tipc_printbuf_init(&cb, cp_buf, pb->size);
@@ -141,6 +157,8 @@ int tipc_printbuf_validate(struct print_buf *pb)
141 157
142/** 158/**
143 * tipc_printbuf_move - move print buffer contents to another print buffer 159 * tipc_printbuf_move - move print buffer contents to another print buffer
160 * @pb_to: pointer to destination print buffer structure
161 * @pb_from: pointer to source print buffer structure
144 * 162 *
145 * Current contents of destination print buffer (if any) are discarded. 163 * Current contents of destination print buffer (if any) are discarded.
146 * Source print buffer becomes empty if a successful move occurs. 164 * Source print buffer becomes empty if a successful move occurs.
@@ -152,21 +170,22 @@ void tipc_printbuf_move(struct print_buf *pb_to, struct print_buf *pb_from)
152 170
153 /* Handle the cases where contents can't be moved */ 171 /* Handle the cases where contents can't be moved */
154 172
155 if (!pb_to || !pb_to->buf) 173 if (!pb_to->buf)
156 return; 174 return;
157 175
158 if (!pb_from || !pb_from->buf) { 176 if (!pb_from->buf) {
159 tipc_printbuf_reset(pb_to); 177 tipc_printbuf_reset(pb_to);
160 return; 178 return;
161 } 179 }
162 180
163 if (pb_to->size < pb_from->size) { 181 if (pb_to->size < pb_from->size) {
164 tipc_printbuf_reset(pb_to); 182 tipc_printbuf_reset(pb_to);
165 tipc_printf(pb_to, "*** PRINT BUFFER OVERFLOW ***"); 183 tipc_printf(pb_to, "*** PRINT BUFFER MOVE ERROR ***");
166 return; 184 return;
167 } 185 }
168 186
169 /* Copy data from char after cursor to end (if used) */ 187 /* Copy data from char after cursor to end (if used) */
188
170 len = pb_from->buf + pb_from->size - pb_from->crs - 2; 189 len = pb_from->buf + pb_from->size - pb_from->crs - 2;
171 if ((pb_from->buf[pb_from->size-1] == 0) && (len > 0)) { 190 if ((pb_from->buf[pb_from->size-1] == 0) && (len > 0)) {
172 strcpy(pb_to->buf, pb_from->crs + 1); 191 strcpy(pb_to->buf, pb_from->crs + 1);
@@ -175,6 +194,7 @@ void tipc_printbuf_move(struct print_buf *pb_to, struct print_buf *pb_from)
175 pb_to->crs = pb_to->buf; 194 pb_to->crs = pb_to->buf;
176 195
177 /* Copy data from start to cursor (always) */ 196 /* Copy data from start to cursor (always) */
197
178 len = pb_from->crs - pb_from->buf; 198 len = pb_from->crs - pb_from->buf;
179 strcpy(pb_to->crs, pb_from->buf); 199 strcpy(pb_to->crs, pb_from->buf);
180 pb_to->crs += len; 200 pb_to->crs += len;
@@ -184,6 +204,8 @@ void tipc_printbuf_move(struct print_buf *pb_to, struct print_buf *pb_from)
184 204
185/** 205/**
186 * tipc_printf - append formatted output to print buffer chain 206 * tipc_printf - append formatted output to print buffer chain
207 * @pb: pointer to chain of print buffers (may be NULL)
208 * @fmt: formatted info to be printed
187 */ 209 */
188 210
189void tipc_printf(struct print_buf *pb, const char *fmt, ...) 211void tipc_printf(struct print_buf *pb, const char *fmt, ...)
@@ -195,8 +217,8 @@ void tipc_printf(struct print_buf *pb, const char *fmt, ...)
195 217
196 spin_lock_bh(&print_lock); 218 spin_lock_bh(&print_lock);
197 FORMAT(print_string, chars_to_add, fmt); 219 FORMAT(print_string, chars_to_add, fmt);
198 if (chars_to_add >= MAX_STRING) 220 if (chars_to_add >= TIPC_PB_MAX_STR)
199 strcpy(print_string, "*** STRING TOO LONG ***"); 221 strcpy(print_string, "*** PRINT BUFFER STRING TOO LONG ***");
200 222
201 while (pb) { 223 while (pb) {
202 if (pb == TIPC_CONS) 224 if (pb == TIPC_CONS)
@@ -206,6 +228,10 @@ void tipc_printf(struct print_buf *pb, const char *fmt, ...)
206 if (chars_to_add <= chars_left) { 228 if (chars_to_add <= chars_left) {
207 strcpy(pb->crs, print_string); 229 strcpy(pb->crs, print_string);
208 pb->crs += chars_to_add; 230 pb->crs += chars_to_add;
231 } else if (chars_to_add >= (pb->size - 1)) {
232 strcpy(pb->buf, print_string + chars_to_add + 1
233 - pb->size);
234 pb->crs = pb->buf + pb->size - 1;
209 } else { 235 } else {
210 strcpy(pb->buf, print_string + chars_left); 236 strcpy(pb->buf, print_string + chars_left);
211 save_char = print_string[chars_left]; 237 save_char = print_string[chars_left];
@@ -224,6 +250,10 @@ void tipc_printf(struct print_buf *pb, const char *fmt, ...)
224 250
225/** 251/**
226 * TIPC_TEE - perform next output operation on both print buffers 252 * TIPC_TEE - perform next output operation on both print buffers
253 * @b0: pointer to chain of print buffers (may be NULL)
254 * @b1: pointer to print buffer to add to chain
255 *
256 * Returns pointer to print buffer chain.
227 */ 257 */
228 258
229struct print_buf *TIPC_TEE(struct print_buf *b0, struct print_buf *b1) 259struct print_buf *TIPC_TEE(struct print_buf *b0, struct print_buf *b1)
@@ -232,8 +262,6 @@ struct print_buf *TIPC_TEE(struct print_buf *b0, struct print_buf *b1)
232 262
233 if (!b0 || (b0 == b1)) 263 if (!b0 || (b0 == b1))
234 return b1; 264 return b1;
235 if (!b1)
236 return b0;
237 265
238 spin_lock_bh(&print_lock); 266 spin_lock_bh(&print_lock);
239 while (pb->next) { 267 while (pb->next) {
@@ -256,7 +284,7 @@ static void print_to_console(char *crs, int len)
256 int rest = len; 284 int rest = len;
257 285
258 while (rest > 0) { 286 while (rest > 0) {
259 int sz = rest < MAX_STRING ? rest : MAX_STRING; 287 int sz = rest < TIPC_PB_MAX_STR ? rest : TIPC_PB_MAX_STR;
260 char c = crs[sz]; 288 char c = crs[sz];
261 289
262 crs[sz] = 0; 290 crs[sz] = 0;
@@ -275,36 +303,48 @@ static void printbuf_dump(struct print_buf *pb)
275{ 303{
276 int len; 304 int len;
277 305
306 if (!pb->buf) {
307 printk("*** PRINT BUFFER NOT ALLOCATED ***");
308 return;
309 }
310
278 /* Dump print buffer from char after cursor to end (if used) */ 311 /* Dump print buffer from char after cursor to end (if used) */
312
279 len = pb->buf + pb->size - pb->crs - 2; 313 len = pb->buf + pb->size - pb->crs - 2;
280 if ((pb->buf[pb->size - 1] == 0) && (len > 0)) 314 if ((pb->buf[pb->size - 1] == 0) && (len > 0))
281 print_to_console(pb->crs + 1, len); 315 print_to_console(pb->crs + 1, len);
282 316
283 /* Dump print buffer from start to cursor (always) */ 317 /* Dump print buffer from start to cursor (always) */
318
284 len = pb->crs - pb->buf; 319 len = pb->crs - pb->buf;
285 print_to_console(pb->buf, len); 320 print_to_console(pb->buf, len);
286} 321}
287 322
288/** 323/**
289 * tipc_dump - dump non-console print buffer(s) to console 324 * tipc_dump - dump non-console print buffer(s) to console
325 * @pb: pointer to chain of print buffers
290 */ 326 */
291 327
292void tipc_dump(struct print_buf *pb, const char *fmt, ...) 328void tipc_dump(struct print_buf *pb, const char *fmt, ...)
293{ 329{
330 struct print_buf *pb_next;
294 int len; 331 int len;
295 332
296 spin_lock_bh(&print_lock); 333 spin_lock_bh(&print_lock);
297 FORMAT(TIPC_CONS->buf, len, fmt); 334 FORMAT(print_string, len, fmt);
298 printk(TIPC_CONS->buf); 335 printk(print_string);
299 336
300 for (; pb; pb = pb->next) { 337 for (; pb; pb = pb->next) {
301 if (pb == TIPC_CONS) 338 if (pb != TIPC_CONS) {
302 continue; 339 printk("\n---- Start of %s log dump ----\n\n",
303 printk("\n---- Start of dump,%s log ----\n\n", 340 (pb == TIPC_LOG) ? "global" : "local");
304 (pb == TIPC_LOG) ? "global" : "local"); 341 printbuf_dump(pb);
305 printbuf_dump(pb); 342 tipc_printbuf_reset(pb);
306 tipc_printbuf_reset(pb); 343 printk("\n---- End of dump ----\n");
307 printk("\n-------- End of dump --------\n"); 344 }
345 pb_next = pb->next;
346 pb->next = NULL;
347 pb = pb_next;
308 } 348 }
309 spin_unlock_bh(&print_lock); 349 spin_unlock_bh(&print_lock);
310} 350}
@@ -324,7 +364,8 @@ void tipc_log_stop(void)
324} 364}
325 365
326/** 366/**
327 * tipc_log_reinit - set TIPC log print buffer to specified size 367 * tipc_log_reinit - (re)initialize TIPC log print buffer
368 * @log_size: print buffer size to use
328 */ 369 */
329 370
330void tipc_log_reinit(int log_size) 371void tipc_log_reinit(int log_size)
@@ -332,10 +373,11 @@ void tipc_log_reinit(int log_size)
332 tipc_log_stop(); 373 tipc_log_stop();
333 374
334 if (log_size) { 375 if (log_size) {
335 if (log_size <= MAX_STRING) 376 if (log_size < TIPC_PB_MIN_SIZE)
336 log_size = MAX_STRING + 1; 377 log_size = TIPC_PB_MIN_SIZE;
337 spin_lock_bh(&print_lock); 378 spin_lock_bh(&print_lock);
338 tipc_printbuf_init(TIPC_LOG, kmalloc(log_size, GFP_ATOMIC), log_size); 379 tipc_printbuf_init(TIPC_LOG, kmalloc(log_size, GFP_ATOMIC),
380 log_size);
339 spin_unlock_bh(&print_lock); 381 spin_unlock_bh(&print_lock);
340 } 382 }
341} 383}
diff --git a/net/tipc/dbg.h b/net/tipc/dbg.h
index 227f050d2a52..467c0bc78a79 100644
--- a/net/tipc/dbg.h
+++ b/net/tipc/dbg.h
@@ -2,7 +2,7 @@
2 * net/tipc/dbg.h: Include file for TIPC print buffer routines 2 * net/tipc/dbg.h: Include file for TIPC print buffer routines
3 * 3 *
4 * Copyright (c) 1997-2006, Ericsson AB 4 * Copyright (c) 1997-2006, Ericsson AB
5 * Copyright (c) 2005, Wind River Systems 5 * Copyright (c) 2005-2006, Wind River Systems
6 * All rights reserved. 6 * All rights reserved.
7 * 7 *
8 * Redistribution and use in source and binary forms, with or without 8 * Redistribution and use in source and binary forms, with or without
@@ -37,6 +37,14 @@
37#ifndef _TIPC_DBG_H 37#ifndef _TIPC_DBG_H
38#define _TIPC_DBG_H 38#define _TIPC_DBG_H
39 39
40/**
41 * struct print_buf - TIPC print buffer structure
42 * @buf: pointer to character array containing print buffer contents
43 * @size: size of character array
44 * @crs: pointer to first unused space in character array (i.e. final NUL)
45 * @next: used to link print buffers when printing to more than one at a time
46 */
47
40struct print_buf { 48struct print_buf {
41 char *buf; 49 char *buf;
42 u32 size; 50 u32 size;
@@ -44,7 +52,10 @@ struct print_buf {
44 struct print_buf *next; 52 struct print_buf *next;
45}; 53};
46 54
47void tipc_printbuf_init(struct print_buf *pb, char *buf, u32 sz); 55#define TIPC_PB_MIN_SIZE 64 /* minimum size for a print buffer's array */
56#define TIPC_PB_MAX_STR 512 /* max printable string (with trailing NUL) */
57
58void tipc_printbuf_init(struct print_buf *pb, char *buf, u32 size);
48void tipc_printbuf_reset(struct print_buf *pb); 59void tipc_printbuf_reset(struct print_buf *pb);
49int tipc_printbuf_empty(struct print_buf *pb); 60int tipc_printbuf_empty(struct print_buf *pb);
50int tipc_printbuf_validate(struct print_buf *pb); 61int tipc_printbuf_validate(struct print_buf *pb);
diff --git a/net/tipc/discover.c b/net/tipc/discover.c
index ee94de92ae99..3b0cd12f37da 100644
--- a/net/tipc/discover.c
+++ b/net/tipc/discover.c
@@ -132,6 +132,28 @@ static struct sk_buff *tipc_disc_init_msg(u32 type,
132} 132}
133 133
134/** 134/**
135 * disc_dupl_alert - issue node address duplication alert
136 * @b_ptr: pointer to bearer detecting duplication
137 * @node_addr: duplicated node address
138 * @media_addr: media address advertised by duplicated node
139 */
140
141static void disc_dupl_alert(struct bearer *b_ptr, u32 node_addr,
142 struct tipc_media_addr *media_addr)
143{
144 char node_addr_str[16];
145 char media_addr_str[64];
146 struct print_buf pb;
147
148 addr_string_fill(node_addr_str, node_addr);
149 tipc_printbuf_init(&pb, media_addr_str, sizeof(media_addr_str));
150 tipc_media_addr_printf(&pb, media_addr);
151 tipc_printbuf_validate(&pb);
152 warn("Duplicate %s using %s seen on <%s>\n",
153 node_addr_str, media_addr_str, b_ptr->publ.name);
154}
155
156/**
135 * tipc_disc_recv_msg - handle incoming link setup message (request or response) 157 * tipc_disc_recv_msg - handle incoming link setup message (request or response)
136 * @buf: buffer containing message 158 * @buf: buffer containing message
137 */ 159 */
@@ -157,8 +179,11 @@ void tipc_disc_recv_msg(struct sk_buff *buf)
157 return; 179 return;
158 if (!tipc_addr_node_valid(orig)) 180 if (!tipc_addr_node_valid(orig))
159 return; 181 return;
160 if (orig == tipc_own_addr) 182 if (orig == tipc_own_addr) {
183 if (memcmp(&media_addr, &b_ptr->publ.addr, sizeof(media_addr)))
184 disc_dupl_alert(b_ptr, tipc_own_addr, &media_addr);
161 return; 185 return;
186 }
162 if (!in_scope(dest, tipc_own_addr)) 187 if (!in_scope(dest, tipc_own_addr))
163 return; 188 return;
164 if (is_slave(tipc_own_addr) && is_slave(orig)) 189 if (is_slave(tipc_own_addr) && is_slave(orig))
@@ -170,7 +195,8 @@ void tipc_disc_recv_msg(struct sk_buff *buf)
170 struct sk_buff *rbuf; 195 struct sk_buff *rbuf;
171 struct tipc_media_addr *addr; 196 struct tipc_media_addr *addr;
172 struct node *n_ptr = tipc_node_find(orig); 197 struct node *n_ptr = tipc_node_find(orig);
173 int link_up; 198 int link_fully_up;
199
174 dbg(" in own cluster\n"); 200 dbg(" in own cluster\n");
175 if (n_ptr == NULL) { 201 if (n_ptr == NULL) {
176 n_ptr = tipc_node_create(orig); 202 n_ptr = tipc_node_create(orig);
@@ -190,14 +216,19 @@ void tipc_disc_recv_msg(struct sk_buff *buf)
190 } 216 }
191 addr = &link->media_addr; 217 addr = &link->media_addr;
192 if (memcmp(addr, &media_addr, sizeof(*addr))) { 218 if (memcmp(addr, &media_addr, sizeof(*addr))) {
219 if (tipc_link_is_up(link) || (!link->started)) {
220 disc_dupl_alert(b_ptr, orig, &media_addr);
221 spin_unlock_bh(&n_ptr->lock);
222 return;
223 }
193 warn("Resetting link <%s>, peer interface address changed\n", 224 warn("Resetting link <%s>, peer interface address changed\n",
194 link->name); 225 link->name);
195 memcpy(addr, &media_addr, sizeof(*addr)); 226 memcpy(addr, &media_addr, sizeof(*addr));
196 tipc_link_reset(link); 227 tipc_link_reset(link);
197 } 228 }
198 link_up = tipc_link_is_up(link); 229 link_fully_up = (link->state == WORKING_WORKING);
199 spin_unlock_bh(&n_ptr->lock); 230 spin_unlock_bh(&n_ptr->lock);
200 if ((type == DSC_RESP_MSG) || link_up) 231 if ((type == DSC_RESP_MSG) || link_fully_up)
201 return; 232 return;
202 rbuf = tipc_disc_init_msg(DSC_RESP_MSG, 1, orig, b_ptr); 233 rbuf = tipc_disc_init_msg(DSC_RESP_MSG, 1, orig, b_ptr);
203 if (rbuf != NULL) { 234 if (rbuf != NULL) {
diff --git a/net/tipc/link.c b/net/tipc/link.c
index 53bc8cb5adbc..1bb983c8130b 100644
--- a/net/tipc/link.c
+++ b/net/tipc/link.c
@@ -132,7 +132,7 @@ static void link_print(struct link *l_ptr, struct print_buf *buf,
132 * allow the output from multiple links to be intermixed. For this reason 132 * allow the output from multiple links to be intermixed. For this reason
133 * routines of the form "dbg_link_XXX()" have been created that will capture 133 * routines of the form "dbg_link_XXX()" have been created that will capture
134 * debug info into a link's personal print buffer, which can then be dumped 134 * debug info into a link's personal print buffer, which can then be dumped
135 * into the TIPC system log (LOG) upon request. 135 * into the TIPC system log (TIPC_LOG) upon request.
136 * 136 *
137 * To enable per-link debugging, use LINK_LOG_BUF_SIZE to specify the size 137 * To enable per-link debugging, use LINK_LOG_BUF_SIZE to specify the size
138 * of the print buffer used by each link. If LINK_LOG_BUF_SIZE is set to 0, 138 * of the print buffer used by each link. If LINK_LOG_BUF_SIZE is set to 0,
@@ -141,7 +141,7 @@ static void link_print(struct link *l_ptr, struct print_buf *buf,
141 * when there is only a single link in the system being debugged. 141 * when there is only a single link in the system being debugged.
142 * 142 *
143 * Notes: 143 * Notes:
144 * - When enabled, LINK_LOG_BUF_SIZE should be set to at least 1000 (bytes) 144 * - When enabled, LINK_LOG_BUF_SIZE should be set to at least TIPC_PB_MIN_SIZE
145 * - "l_ptr" must be valid when using dbg_link_XXX() macros 145 * - "l_ptr" must be valid when using dbg_link_XXX() macros
146 */ 146 */
147 147
@@ -159,13 +159,13 @@ static void link_print(struct link *l_ptr, struct print_buf *buf,
159 159
160static void dbg_print_link(struct link *l_ptr, const char *str) 160static void dbg_print_link(struct link *l_ptr, const char *str)
161{ 161{
162 if (DBG_OUTPUT) 162 if (DBG_OUTPUT != TIPC_NULL)
163 link_print(l_ptr, DBG_OUTPUT, str); 163 link_print(l_ptr, DBG_OUTPUT, str);
164} 164}
165 165
166static void dbg_print_buf_chain(struct sk_buff *root_buf) 166static void dbg_print_buf_chain(struct sk_buff *root_buf)
167{ 167{
168 if (DBG_OUTPUT) { 168 if (DBG_OUTPUT != TIPC_NULL) {
169 struct sk_buff *buf = root_buf; 169 struct sk_buff *buf = root_buf;
170 170
171 while (buf) { 171 while (buf) {
diff --git a/net/tipc/name_distr.c b/net/tipc/name_distr.c
index f0b063bcc2a9..03bd659c43ca 100644
--- a/net/tipc/name_distr.c
+++ b/net/tipc/name_distr.c
@@ -122,7 +122,7 @@ void tipc_named_publish(struct publication *publ)
122 struct sk_buff *buf; 122 struct sk_buff *buf;
123 struct distr_item *item; 123 struct distr_item *item;
124 124
125 list_add(&publ->local_list, &publ_root); 125 list_add_tail(&publ->local_list, &publ_root);
126 publ_cnt++; 126 publ_cnt++;
127 127
128 buf = named_prepare_buf(PUBLICATION, ITEM_SIZE, 0); 128 buf = named_prepare_buf(PUBLICATION, ITEM_SIZE, 0);
diff --git a/net/tipc/node.c b/net/tipc/node.c
index fc6d09630ccd..886bda5e88db 100644
--- a/net/tipc/node.c
+++ b/net/tipc/node.c
@@ -648,7 +648,7 @@ struct sk_buff *tipc_node_get_links(const void *req_tlv_area, int req_tlv_space)
648 return tipc_cfg_reply_error_string(TIPC_CFG_INVALID_VALUE 648 return tipc_cfg_reply_error_string(TIPC_CFG_INVALID_VALUE
649 " (network address)"); 649 " (network address)");
650 650
651 if (!tipc_nodes) 651 if (tipc_mode != TIPC_NET_MODE)
652 return tipc_cfg_reply_none(); 652 return tipc_cfg_reply_none();
653 653
654 /* Get space for all unicast links + multicast link */ 654 /* Get space for all unicast links + multicast link */
diff --git a/net/tipc/port.c b/net/tipc/port.c
index b9c8c6b9e94f..c1a1a76759b5 100644
--- a/net/tipc/port.c
+++ b/net/tipc/port.c
@@ -505,8 +505,13 @@ static void port_timeout(unsigned long ref)
505 struct port *p_ptr = tipc_port_lock(ref); 505 struct port *p_ptr = tipc_port_lock(ref);
506 struct sk_buff *buf = NULL; 506 struct sk_buff *buf = NULL;
507 507
508 if (!p_ptr || !p_ptr->publ.connected) 508 if (!p_ptr)
509 return;
510
511 if (!p_ptr->publ.connected) {
512 tipc_port_unlock(p_ptr);
509 return; 513 return;
514 }
510 515
511 /* Last probe answered ? */ 516 /* Last probe answered ? */
512 if (p_ptr->probing_state == PROBING) { 517 if (p_ptr->probing_state == PROBING) {
diff --git a/net/tipc/socket.c b/net/tipc/socket.c
index 32d778448a00..2a6a5a6b4c12 100644
--- a/net/tipc/socket.c
+++ b/net/tipc/socket.c
@@ -2,7 +2,7 @@
2 * net/tipc/socket.c: TIPC socket API 2 * net/tipc/socket.c: TIPC socket API
3 * 3 *
4 * Copyright (c) 2001-2006, Ericsson AB 4 * Copyright (c) 2001-2006, Ericsson AB
5 * Copyright (c) 2004-2005, Wind River Systems 5 * Copyright (c) 2004-2006, Wind River Systems
6 * All rights reserved. 6 * All rights reserved.
7 * 7 *
8 * Redistribution and use in source and binary forms, with or without 8 * Redistribution and use in source and binary forms, with or without
@@ -629,6 +629,9 @@ static int send_stream(struct kiocb *iocb, struct socket *sock,
629 return -ENOTCONN; 629 return -ENOTCONN;
630 } 630 }
631 631
632 if (unlikely(m->msg_name))
633 return -EISCONN;
634
632 /* 635 /*
633 * Send each iovec entry using one or more messages 636 * Send each iovec entry using one or more messages
634 * 637 *
@@ -641,6 +644,8 @@ static int send_stream(struct kiocb *iocb, struct socket *sock,
641 curr_iovlen = m->msg_iovlen; 644 curr_iovlen = m->msg_iovlen;
642 my_msg.msg_iov = &my_iov; 645 my_msg.msg_iov = &my_iov;
643 my_msg.msg_iovlen = 1; 646 my_msg.msg_iovlen = 1;
647 my_msg.msg_flags = m->msg_flags;
648 my_msg.msg_name = NULL;
644 bytes_sent = 0; 649 bytes_sent = 0;
645 650
646 while (curr_iovlen--) { 651 while (curr_iovlen--) {
@@ -941,7 +946,7 @@ static int recv_stream(struct kiocb *iocb, struct socket *sock,
941 int sz_to_copy; 946 int sz_to_copy;
942 int sz_copied = 0; 947 int sz_copied = 0;
943 int needed; 948 int needed;
944 char *crs = m->msg_iov->iov_base; 949 char __user *crs = m->msg_iov->iov_base;
945 unsigned char *buf_crs; 950 unsigned char *buf_crs;
946 u32 err; 951 u32 err;
947 int res; 952 int res;
@@ -1203,7 +1208,8 @@ static u32 dispatch(struct tipc_port *tport, struct sk_buff *buf)
1203 atomic_inc(&tipc_queue_size); 1208 atomic_inc(&tipc_queue_size);
1204 skb_queue_tail(&sock->sk->sk_receive_queue, buf); 1209 skb_queue_tail(&sock->sk->sk_receive_queue, buf);
1205 1210
1206 wake_up_interruptible(sock->sk->sk_sleep); 1211 if (waitqueue_active(sock->sk->sk_sleep))
1212 wake_up_interruptible(sock->sk->sk_sleep);
1207 return TIPC_OK; 1213 return TIPC_OK;
1208} 1214}
1209 1215
@@ -1218,7 +1224,8 @@ static void wakeupdispatch(struct tipc_port *tport)
1218{ 1224{
1219 struct tipc_sock *tsock = (struct tipc_sock *)tport->usr_handle; 1225 struct tipc_sock *tsock = (struct tipc_sock *)tport->usr_handle;
1220 1226
1221 wake_up_interruptible(tsock->sk.sk_sleep); 1227 if (waitqueue_active(tsock->sk.sk_sleep))
1228 wake_up_interruptible(tsock->sk.sk_sleep);
1222} 1229}
1223 1230
1224/** 1231/**
@@ -1496,7 +1503,7 @@ static int setsockopt(struct socket *sock,
1496 return -ENOPROTOOPT; 1503 return -ENOPROTOOPT;
1497 if (ol < sizeof(value)) 1504 if (ol < sizeof(value))
1498 return -EINVAL; 1505 return -EINVAL;
1499 if ((res = get_user(value, (u32 *)ov))) 1506 if ((res = get_user(value, (u32 __user *)ov)))
1500 return res; 1507 return res;
1501 1508
1502 if (down_interruptible(&tsock->sem)) 1509 if (down_interruptible(&tsock->sem))
@@ -1541,7 +1548,7 @@ static int setsockopt(struct socket *sock,
1541 */ 1548 */
1542 1549
1543static int getsockopt(struct socket *sock, 1550static int getsockopt(struct socket *sock,
1544 int lvl, int opt, char __user *ov, int *ol) 1551 int lvl, int opt, char __user *ov, int __user *ol)
1545{ 1552{
1546 struct tipc_sock *tsock = tipc_sk(sock->sk); 1553 struct tipc_sock *tsock = tipc_sk(sock->sk);
1547 int len; 1554 int len;
diff --git a/net/tipc/subscr.c b/net/tipc/subscr.c
index c51600ba5f4a..7a918f12a5df 100644
--- a/net/tipc/subscr.c
+++ b/net/tipc/subscr.c
@@ -155,7 +155,7 @@ void tipc_subscr_report_overlap(struct subscription *sub,
155 sub->seq.upper, found_lower, found_upper); 155 sub->seq.upper, found_lower, found_upper);
156 if (!tipc_subscr_overlap(sub, found_lower, found_upper)) 156 if (!tipc_subscr_overlap(sub, found_lower, found_upper))
157 return; 157 return;
158 if (!must && (sub->filter != TIPC_SUB_PORTS)) 158 if (!must && !(sub->filter & TIPC_SUB_PORTS))
159 return; 159 return;
160 subscr_send_event(sub, found_lower, found_upper, event, port_ref, node); 160 subscr_send_event(sub, found_lower, found_upper, event, port_ref, node);
161} 161}
@@ -176,6 +176,13 @@ static void subscr_timeout(struct subscription *sub)
176 if (subscriber == NULL) 176 if (subscriber == NULL)
177 return; 177 return;
178 178
179 /* Validate timeout (in case subscription is being cancelled) */
180
181 if (sub->timeout == TIPC_WAIT_FOREVER) {
182 tipc_ref_unlock(subscriber_ref);
183 return;
184 }
185
179 /* Unlink subscription from name table */ 186 /* Unlink subscription from name table */
180 187
181 tipc_nametbl_unsubscribe(sub); 188 tipc_nametbl_unsubscribe(sub);
@@ -199,6 +206,20 @@ static void subscr_timeout(struct subscription *sub)
199} 206}
200 207
201/** 208/**
209 * subscr_del - delete a subscription within a subscription list
210 *
211 * Called with subscriber locked.
212 */
213
214static void subscr_del(struct subscription *sub)
215{
216 tipc_nametbl_unsubscribe(sub);
217 list_del(&sub->subscription_list);
218 kfree(sub);
219 atomic_dec(&topsrv.subscription_count);
220}
221
222/**
202 * subscr_terminate - terminate communication with a subscriber 223 * subscr_terminate - terminate communication with a subscriber
203 * 224 *
204 * Called with subscriber locked. Routine must temporarily release this lock 225 * Called with subscriber locked. Routine must temporarily release this lock
@@ -227,12 +248,9 @@ static void subscr_terminate(struct subscriber *subscriber)
227 k_cancel_timer(&sub->timer); 248 k_cancel_timer(&sub->timer);
228 k_term_timer(&sub->timer); 249 k_term_timer(&sub->timer);
229 } 250 }
230 tipc_nametbl_unsubscribe(sub); 251 dbg("Term: Removing sub %u,%u,%u from subscriber %x list\n",
231 list_del(&sub->subscription_list);
232 dbg("Term: Removed sub %u,%u,%u from subscriber %x list\n",
233 sub->seq.type, sub->seq.lower, sub->seq.upper, subscriber); 252 sub->seq.type, sub->seq.lower, sub->seq.upper, subscriber);
234 kfree(sub); 253 subscr_del(sub);
235 atomic_dec(&topsrv.subscription_count);
236 } 254 }
237 255
238 /* Sever connection to subscriber */ 256 /* Sever connection to subscriber */
@@ -253,6 +271,49 @@ static void subscr_terminate(struct subscriber *subscriber)
253} 271}
254 272
255/** 273/**
274 * subscr_cancel - handle subscription cancellation request
275 *
276 * Called with subscriber locked. Routine must temporarily release this lock
277 * to enable the subscription timeout routine to finish without deadlocking;
278 * the lock is then reclaimed to allow caller to release it upon return.
279 *
280 * Note that fields of 's' use subscriber's endianness!
281 */
282
283static void subscr_cancel(struct tipc_subscr *s,
284 struct subscriber *subscriber)
285{
286 struct subscription *sub;
287 struct subscription *sub_temp;
288 int found = 0;
289
290 /* Find first matching subscription, exit if not found */
291
292 list_for_each_entry_safe(sub, sub_temp, &subscriber->subscription_list,
293 subscription_list) {
294 if (!memcmp(s, &sub->evt.s, sizeof(struct tipc_subscr))) {
295 found = 1;
296 break;
297 }
298 }
299 if (!found)
300 return;
301
302 /* Cancel subscription timer (if used), then delete subscription */
303
304 if (sub->timeout != TIPC_WAIT_FOREVER) {
305 sub->timeout = TIPC_WAIT_FOREVER;
306 spin_unlock_bh(subscriber->lock);
307 k_cancel_timer(&sub->timer);
308 k_term_timer(&sub->timer);
309 spin_lock_bh(subscriber->lock);
310 }
311 dbg("Cancel: removing sub %u,%u,%u from subscriber %x list\n",
312 sub->seq.type, sub->seq.lower, sub->seq.upper, subscriber);
313 subscr_del(sub);
314}
315
316/**
256 * subscr_subscribe - create subscription for subscriber 317 * subscr_subscribe - create subscription for subscriber
257 * 318 *
258 * Called with subscriber locked 319 * Called with subscriber locked
@@ -263,6 +324,21 @@ static void subscr_subscribe(struct tipc_subscr *s,
263{ 324{
264 struct subscription *sub; 325 struct subscription *sub;
265 326
327 /* Determine/update subscriber's endianness */
328
329 if (s->filter & (TIPC_SUB_PORTS | TIPC_SUB_SERVICE))
330 subscriber->swap = 0;
331 else
332 subscriber->swap = 1;
333
334 /* Detect & process a subscription cancellation request */
335
336 if (s->filter & htohl(TIPC_SUB_CANCEL, subscriber->swap)) {
337 s->filter &= ~htohl(TIPC_SUB_CANCEL, subscriber->swap);
338 subscr_cancel(s, subscriber);
339 return;
340 }
341
266 /* Refuse subscription if global limit exceeded */ 342 /* Refuse subscription if global limit exceeded */
267 343
268 if (atomic_read(&topsrv.subscription_count) >= tipc_max_subscriptions) { 344 if (atomic_read(&topsrv.subscription_count) >= tipc_max_subscriptions) {
@@ -281,13 +357,6 @@ static void subscr_subscribe(struct tipc_subscr *s,
281 return; 357 return;
282 } 358 }
283 359
284 /* Determine/update subscriber's endianness */
285
286 if ((s->filter == TIPC_SUB_PORTS) || (s->filter == TIPC_SUB_SERVICE))
287 subscriber->swap = 0;
288 else
289 subscriber->swap = 1;
290
291 /* Initialize subscription object */ 360 /* Initialize subscription object */
292 361
293 memset(sub, 0, sizeof(*sub)); 362 memset(sub, 0, sizeof(*sub));
@@ -296,8 +365,8 @@ static void subscr_subscribe(struct tipc_subscr *s,
296 sub->seq.upper = htohl(s->seq.upper, subscriber->swap); 365 sub->seq.upper = htohl(s->seq.upper, subscriber->swap);
297 sub->timeout = htohl(s->timeout, subscriber->swap); 366 sub->timeout = htohl(s->timeout, subscriber->swap);
298 sub->filter = htohl(s->filter, subscriber->swap); 367 sub->filter = htohl(s->filter, subscriber->swap);
299 if ((((sub->filter != TIPC_SUB_PORTS) 368 if ((!(sub->filter & TIPC_SUB_PORTS)
300 && (sub->filter != TIPC_SUB_SERVICE))) 369 == !(sub->filter & TIPC_SUB_SERVICE))
301 || (sub->seq.lower > sub->seq.upper)) { 370 || (sub->seq.lower > sub->seq.upper)) {
302 warn("Subscription rejected, illegal request\n"); 371 warn("Subscription rejected, illegal request\n");
303 kfree(sub); 372 kfree(sub);
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 2a7861661f14..7736b23c3f03 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -883,30 +883,32 @@ out:
883} 883}
884EXPORT_SYMBOL(xfrm_policy_walk); 884EXPORT_SYMBOL(xfrm_policy_walk);
885 885
886/* Find policy to apply to this flow. */ 886/*
887 887 * Find policy to apply to this flow.
888 *
889 * Returns 0 if policy found, else an -errno.
890 */
888static int xfrm_policy_match(struct xfrm_policy *pol, struct flowi *fl, 891static int xfrm_policy_match(struct xfrm_policy *pol, struct flowi *fl,
889 u8 type, u16 family, int dir) 892 u8 type, u16 family, int dir)
890{ 893{
891 struct xfrm_selector *sel = &pol->selector; 894 struct xfrm_selector *sel = &pol->selector;
892 int match; 895 int match, ret = -ESRCH;
893 896
894 if (pol->family != family || 897 if (pol->family != family ||
895 pol->type != type) 898 pol->type != type)
896 return 0; 899 return ret;
897 900
898 match = xfrm_selector_match(sel, fl, family); 901 match = xfrm_selector_match(sel, fl, family);
899 if (match) { 902 if (match)
900 if (!security_xfrm_policy_lookup(pol, fl->secid, dir)) 903 ret = security_xfrm_policy_lookup(pol, fl->secid, dir);
901 return 1;
902 }
903 904
904 return 0; 905 return ret;
905} 906}
906 907
907static struct xfrm_policy *xfrm_policy_lookup_bytype(u8 type, struct flowi *fl, 908static struct xfrm_policy *xfrm_policy_lookup_bytype(u8 type, struct flowi *fl,
908 u16 family, u8 dir) 909 u16 family, u8 dir)
909{ 910{
911 int err;
910 struct xfrm_policy *pol, *ret; 912 struct xfrm_policy *pol, *ret;
911 xfrm_address_t *daddr, *saddr; 913 xfrm_address_t *daddr, *saddr;
912 struct hlist_node *entry; 914 struct hlist_node *entry;
@@ -922,7 +924,15 @@ static struct xfrm_policy *xfrm_policy_lookup_bytype(u8 type, struct flowi *fl,
922 chain = policy_hash_direct(daddr, saddr, family, dir); 924 chain = policy_hash_direct(daddr, saddr, family, dir);
923 ret = NULL; 925 ret = NULL;
924 hlist_for_each_entry(pol, entry, chain, bydst) { 926 hlist_for_each_entry(pol, entry, chain, bydst) {
925 if (xfrm_policy_match(pol, fl, type, family, dir)) { 927 err = xfrm_policy_match(pol, fl, type, family, dir);
928 if (err) {
929 if (err == -ESRCH)
930 continue;
931 else {
932 ret = ERR_PTR(err);
933 goto fail;
934 }
935 } else {
926 ret = pol; 936 ret = pol;
927 priority = ret->priority; 937 priority = ret->priority;
928 break; 938 break;
@@ -930,36 +940,53 @@ static struct xfrm_policy *xfrm_policy_lookup_bytype(u8 type, struct flowi *fl,
930 } 940 }
931 chain = &xfrm_policy_inexact[dir]; 941 chain = &xfrm_policy_inexact[dir];
932 hlist_for_each_entry(pol, entry, chain, bydst) { 942 hlist_for_each_entry(pol, entry, chain, bydst) {
933 if (xfrm_policy_match(pol, fl, type, family, dir) && 943 err = xfrm_policy_match(pol, fl, type, family, dir);
934 pol->priority < priority) { 944 if (err) {
945 if (err == -ESRCH)
946 continue;
947 else {
948 ret = ERR_PTR(err);
949 goto fail;
950 }
951 } else if (pol->priority < priority) {
935 ret = pol; 952 ret = pol;
936 break; 953 break;
937 } 954 }
938 } 955 }
939 if (ret) 956 if (ret)
940 xfrm_pol_hold(ret); 957 xfrm_pol_hold(ret);
958fail:
941 read_unlock_bh(&xfrm_policy_lock); 959 read_unlock_bh(&xfrm_policy_lock);
942 960
943 return ret; 961 return ret;
944} 962}
945 963
946static void xfrm_policy_lookup(struct flowi *fl, u16 family, u8 dir, 964static int xfrm_policy_lookup(struct flowi *fl, u16 family, u8 dir,
947 void **objp, atomic_t **obj_refp) 965 void **objp, atomic_t **obj_refp)
948{ 966{
949 struct xfrm_policy *pol; 967 struct xfrm_policy *pol;
968 int err = 0;
950 969
951#ifdef CONFIG_XFRM_SUB_POLICY 970#ifdef CONFIG_XFRM_SUB_POLICY
952 pol = xfrm_policy_lookup_bytype(XFRM_POLICY_TYPE_SUB, fl, family, dir); 971 pol = xfrm_policy_lookup_bytype(XFRM_POLICY_TYPE_SUB, fl, family, dir);
953 if (pol) 972 if (IS_ERR(pol)) {
973 err = PTR_ERR(pol);
974 pol = NULL;
975 }
976 if (pol || err)
954 goto end; 977 goto end;
955#endif 978#endif
956 pol = xfrm_policy_lookup_bytype(XFRM_POLICY_TYPE_MAIN, fl, family, dir); 979 pol = xfrm_policy_lookup_bytype(XFRM_POLICY_TYPE_MAIN, fl, family, dir);
957 980 if (IS_ERR(pol)) {
981 err = PTR_ERR(pol);
982 pol = NULL;
983 }
958#ifdef CONFIG_XFRM_SUB_POLICY 984#ifdef CONFIG_XFRM_SUB_POLICY
959end: 985end:
960#endif 986#endif
961 if ((*objp = (void *) pol) != NULL) 987 if ((*objp = (void *) pol) != NULL)
962 *obj_refp = &pol->refcnt; 988 *obj_refp = &pol->refcnt;
989 return err;
963} 990}
964 991
965static inline int policy_to_flow_dir(int dir) 992static inline int policy_to_flow_dir(int dir)
@@ -989,12 +1016,16 @@ static struct xfrm_policy *xfrm_sk_policy_lookup(struct sock *sk, int dir, struc
989 sk->sk_family); 1016 sk->sk_family);
990 int err = 0; 1017 int err = 0;
991 1018
992 if (match) 1019 if (match) {
993 err = security_xfrm_policy_lookup(pol, fl->secid, policy_to_flow_dir(dir)); 1020 err = security_xfrm_policy_lookup(pol, fl->secid,
994 1021 policy_to_flow_dir(dir));
995 if (match && !err) 1022 if (!err)
996 xfrm_pol_hold(pol); 1023 xfrm_pol_hold(pol);
997 else 1024 else if (err == -ESRCH)
1025 pol = NULL;
1026 else
1027 pol = ERR_PTR(err);
1028 } else
998 pol = NULL; 1029 pol = NULL;
999 } 1030 }
1000 read_unlock_bh(&xfrm_policy_lock); 1031 read_unlock_bh(&xfrm_policy_lock);
@@ -1286,8 +1317,11 @@ restart:
1286 pol_dead = 0; 1317 pol_dead = 0;
1287 xfrm_nr = 0; 1318 xfrm_nr = 0;
1288 1319
1289 if (sk && sk->sk_policy[1]) 1320 if (sk && sk->sk_policy[1]) {
1290 policy = xfrm_sk_policy_lookup(sk, XFRM_POLICY_OUT, fl); 1321 policy = xfrm_sk_policy_lookup(sk, XFRM_POLICY_OUT, fl);
1322 if (IS_ERR(policy))
1323 return PTR_ERR(policy);
1324 }
1291 1325
1292 if (!policy) { 1326 if (!policy) {
1293 /* To accelerate a bit... */ 1327 /* To accelerate a bit... */
@@ -1297,6 +1331,8 @@ restart:
1297 1331
1298 policy = flow_cache_lookup(fl, dst_orig->ops->family, 1332 policy = flow_cache_lookup(fl, dst_orig->ops->family,
1299 dir, xfrm_policy_lookup); 1333 dir, xfrm_policy_lookup);
1334 if (IS_ERR(policy))
1335 return PTR_ERR(policy);
1300 } 1336 }
1301 1337
1302 if (!policy) 1338 if (!policy)
@@ -1343,6 +1379,10 @@ restart:
1343 fl, family, 1379 fl, family,
1344 XFRM_POLICY_OUT); 1380 XFRM_POLICY_OUT);
1345 if (pols[1]) { 1381 if (pols[1]) {
1382 if (IS_ERR(pols[1])) {
1383 err = PTR_ERR(pols[1]);
1384 goto error;
1385 }
1346 if (pols[1]->action == XFRM_POLICY_BLOCK) { 1386 if (pols[1]->action == XFRM_POLICY_BLOCK) {
1347 err = -EPERM; 1387 err = -EPERM;
1348 goto error; 1388 goto error;
@@ -1574,13 +1614,19 @@ int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb,
1574 } 1614 }
1575 1615
1576 pol = NULL; 1616 pol = NULL;
1577 if (sk && sk->sk_policy[dir]) 1617 if (sk && sk->sk_policy[dir]) {
1578 pol = xfrm_sk_policy_lookup(sk, dir, &fl); 1618 pol = xfrm_sk_policy_lookup(sk, dir, &fl);
1619 if (IS_ERR(pol))
1620 return 0;
1621 }
1579 1622
1580 if (!pol) 1623 if (!pol)
1581 pol = flow_cache_lookup(&fl, family, fl_dir, 1624 pol = flow_cache_lookup(&fl, family, fl_dir,
1582 xfrm_policy_lookup); 1625 xfrm_policy_lookup);
1583 1626
1627 if (IS_ERR(pol))
1628 return 0;
1629
1584 if (!pol) { 1630 if (!pol) {
1585 if (skb->sp && secpath_has_nontransport(skb->sp, 0, &xerr_idx)) { 1631 if (skb->sp && secpath_has_nontransport(skb->sp, 0, &xerr_idx)) {
1586 xfrm_secpath_reject(xerr_idx, skb, &fl); 1632 xfrm_secpath_reject(xerr_idx, skb, &fl);
@@ -1599,6 +1645,8 @@ int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb,
1599 &fl, family, 1645 &fl, family,
1600 XFRM_POLICY_IN); 1646 XFRM_POLICY_IN);
1601 if (pols[1]) { 1647 if (pols[1]) {
1648 if (IS_ERR(pols[1]))
1649 return 0;
1602 pols[1]->curlft.use_time = (unsigned long)xtime.tv_sec; 1650 pols[1]->curlft.use_time = (unsigned long)xtime.tv_sec;
1603 npols ++; 1651 npols ++;
1604 } 1652 }
@@ -1706,7 +1754,7 @@ static struct dst_entry *xfrm_dst_check(struct dst_entry *dst, u32 cookie)
1706 1754
1707static int stale_bundle(struct dst_entry *dst) 1755static int stale_bundle(struct dst_entry *dst)
1708{ 1756{
1709 return !xfrm_bundle_ok((struct xfrm_dst *)dst, NULL, AF_UNSPEC, 0); 1757 return !xfrm_bundle_ok(NULL, (struct xfrm_dst *)dst, NULL, AF_UNSPEC, 0);
1710} 1758}
1711 1759
1712void xfrm_dst_ifdown(struct dst_entry *dst, struct net_device *dev) 1760void xfrm_dst_ifdown(struct dst_entry *dst, struct net_device *dev)
@@ -1828,7 +1876,8 @@ EXPORT_SYMBOL(xfrm_init_pmtu);
1828 * still valid. 1876 * still valid.
1829 */ 1877 */
1830 1878
1831int xfrm_bundle_ok(struct xfrm_dst *first, struct flowi *fl, int family, int strict) 1879int xfrm_bundle_ok(struct xfrm_policy *pol, struct xfrm_dst *first,
1880 struct flowi *fl, int family, int strict)
1832{ 1881{
1833 struct dst_entry *dst = &first->u.dst; 1882 struct dst_entry *dst = &first->u.dst;
1834 struct xfrm_dst *last; 1883 struct xfrm_dst *last;
@@ -1845,7 +1894,7 @@ int xfrm_bundle_ok(struct xfrm_dst *first, struct flowi *fl, int family, int str
1845 1894
1846 if (fl && !xfrm_selector_match(&dst->xfrm->sel, fl, family)) 1895 if (fl && !xfrm_selector_match(&dst->xfrm->sel, fl, family))
1847 return 0; 1896 return 0;
1848 if (fl && !security_xfrm_flow_state_match(fl, dst->xfrm)) 1897 if (fl && !security_xfrm_flow_state_match(fl, dst->xfrm, pol))
1849 return 0; 1898 return 0;
1850 if (dst->xfrm->km.state != XFRM_STATE_VALID) 1899 if (dst->xfrm->km.state != XFRM_STATE_VALID)
1851 return 0; 1900 return 0;
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 39b8bf3a9ded..84bbf8474f3e 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -614,6 +614,14 @@ out:
614 return x; 614 return x;
615} 615}
616 616
617static void xfrm_hash_grow_check(int have_hash_collision)
618{
619 if (have_hash_collision &&
620 (xfrm_state_hmask + 1) < xfrm_state_hashmax &&
621 xfrm_state_num > xfrm_state_hmask)
622 schedule_work(&xfrm_hash_work);
623}
624
617static void __xfrm_state_insert(struct xfrm_state *x) 625static void __xfrm_state_insert(struct xfrm_state *x)
618{ 626{
619 unsigned int h; 627 unsigned int h;
@@ -642,10 +650,7 @@ static void __xfrm_state_insert(struct xfrm_state *x)
642 650
643 xfrm_state_num++; 651 xfrm_state_num++;
644 652
645 if (x->bydst.next != NULL && 653 xfrm_hash_grow_check(x->bydst.next != NULL);
646 (xfrm_state_hmask + 1) < xfrm_state_hashmax &&
647 xfrm_state_num > xfrm_state_hmask)
648 schedule_work(&xfrm_hash_work);
649} 654}
650 655
651/* xfrm_state_lock is held */ 656/* xfrm_state_lock is held */
@@ -753,6 +758,10 @@ static struct xfrm_state *__find_acq_core(unsigned short family, u8 mode, u32 re
753 h = xfrm_src_hash(daddr, saddr, family); 758 h = xfrm_src_hash(daddr, saddr, family);
754 hlist_add_head(&x->bysrc, xfrm_state_bysrc+h); 759 hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);
755 wake_up(&km_waitq); 760 wake_up(&km_waitq);
761
762 xfrm_state_num++;
763
764 xfrm_hash_grow_check(x->bydst.next != NULL);
756 } 765 }
757 766
758 return x; 767 return x;
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index d54b3a70d5df..2b2e59d8ffbc 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -1992,15 +1992,6 @@ static struct xfrm_policy *xfrm_compile_policy(struct sock *sk, int opt,
1992 xp->type = XFRM_POLICY_TYPE_MAIN; 1992 xp->type = XFRM_POLICY_TYPE_MAIN;
1993 copy_templates(xp, ut, nr); 1993 copy_templates(xp, ut, nr);
1994 1994
1995 if (!xp->security) {
1996 int err = security_xfrm_sock_policy_alloc(xp, sk);
1997 if (err) {
1998 kfree(xp);
1999 *dir = err;
2000 return NULL;
2001 }
2002 }
2003
2004 *dir = p->dir; 1995 *dir = p->dir;
2005 1996
2006 return xp; 1997 return xp;
generated by cgit v1.2.2 (git 2.25.0) at 2025-02-17 19:30:37 -0500