aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
Diffstat (limited to 'net')
-rw-r--r--net/802/garp.c4
-rw-r--r--net/802/stp.c4
-rw-r--r--net/8021q/vlan.c2
-rw-r--r--net/8021q/vlan_core.c9
-rw-r--r--net/8021q/vlan_dev.c4
-rw-r--r--net/9p/client.c469
-rw-r--r--net/9p/protocol.c99
-rw-r--r--net/9p/protocol.h4
-rw-r--r--net/9p/trans_common.c53
-rw-r--r--net/9p/trans_common.h21
-rw-r--r--net/9p/trans_virtio.c326
-rw-r--r--net/appletalk/ddp.c5
-rw-r--r--net/atm/br2684.c9
-rw-r--r--net/atm/lec.c2
-rw-r--r--net/batman-adv/Makefile2
-rw-r--r--net/batman-adv/aggregation.c293
-rw-r--r--net/batman-adv/aggregation.h46
-rw-r--r--net/batman-adv/bat_iv_ogm.c1170
-rw-r--r--net/batman-adv/bat_ogm.h35
-rw-r--r--net/batman-adv/bat_sysfs.c2
-rw-r--r--net/batman-adv/bitarray.c6
-rw-r--r--net/batman-adv/gateway_client.c10
-rw-r--r--net/batman-adv/hard-interface.c88
-rw-r--r--net/batman-adv/hard-interface.h1
-rw-r--r--net/batman-adv/hash.h25
-rw-r--r--net/batman-adv/main.c4
-rw-r--r--net/batman-adv/main.h8
-rw-r--r--net/batman-adv/originator.c21
-rw-r--r--net/batman-adv/packet.h19
-rw-r--r--net/batman-adv/routing.c669
-rw-r--r--net/batman-adv/routing.h17
-rw-r--r--net/batman-adv/send.c313
-rw-r--r--net/batman-adv/send.h9
-rw-r--r--net/batman-adv/soft-interface.c44
-rw-r--r--net/batman-adv/translation-table.c223
-rw-r--r--net/batman-adv/translation-table.h21
-rw-r--r--net/batman-adv/types.h9
-rw-r--r--net/batman-adv/unicast.c6
-rw-r--r--net/batman-adv/unicast.h2
-rw-r--r--net/batman-adv/vis.c10
-rw-r--r--net/bluetooth/bnep/netdev.c2
-rw-r--r--net/bluetooth/hci_conn.c2
-rw-r--r--net/bluetooth/l2cap_core.c16
-rw-r--r--net/bluetooth/l2cap_sock.c4
-rw-r--r--net/bluetooth/rfcomm/sock.c3
-rw-r--r--net/bluetooth/sco.c5
-rw-r--r--net/bridge/br_device.c7
-rw-r--r--net/bridge/br_fdb.c23
-rw-r--r--net/bridge/br_if.c62
-rw-r--r--net/bridge/br_input.c33
-rw-r--r--net/bridge/br_multicast.c21
-rw-r--r--net/bridge/br_netlink.c1
-rw-r--r--net/bridge/br_notify.c7
-rw-r--r--net/bridge/br_private.h8
-rw-r--r--net/bridge/br_sysfs_br.c34
-rw-r--r--net/bridge/netfilter/Kconfig2
-rw-r--r--net/bridge/netfilter/ebtable_broute.c4
-rw-r--r--net/bridge/netfilter/ebtables.c3
-rw-r--r--net/caif/caif_dev.c11
-rw-r--r--net/caif/cfcnfg.c38
-rw-r--r--net/caif/cfctrl.c23
-rw-r--r--net/caif/cfdbgl.c7
-rw-r--r--net/caif/cfdgml.c7
-rw-r--r--net/caif/cffrml.c7
-rw-r--r--net/caif/cfmuxl.c6
-rw-r--r--net/caif/cfrfml.c7
-rw-r--r--net/caif/cfserl.c7
-rw-r--r--net/caif/cfsrvl.c8
-rw-r--r--net/caif/cfutill.c7
-rw-r--r--net/caif/cfveil.c7
-rw-r--r--net/caif/cfvidl.c7
-rw-r--r--net/can/Kconfig11
-rw-r--r--net/can/Makefile3
-rw-r--r--net/can/af_can.c8
-rw-r--r--net/can/af_can.h2
-rw-r--r--net/can/bcm.c55
-rw-r--r--net/can/gw.c957
-rw-r--r--net/can/proc.c2
-rw-r--r--net/can/raw.c2
-rw-r--r--net/ceph/ceph_common.c1
-rw-r--r--net/ceph/messenger.c1
-rw-r--r--net/ceph/msgpool.c40
-rw-r--r--net/ceph/osd_client.c26
-rw-r--r--net/ceph/osdmap.c84
-rw-r--r--net/core/Makefile2
-rw-r--r--net/core/datagram.c24
-rw-r--r--net/core/dev.c347
-rw-r--r--net/core/dev_addr_lists.c4
-rw-r--r--net/core/dst.c15
-rw-r--r--net/core/ethtool.c20
-rw-r--r--net/core/fib_rules.c13
-rw-r--r--net/core/filter.c4
-rw-r--r--net/core/flow.c50
-rw-r--r--net/core/kmap_skb.h2
-rw-r--r--net/core/link_watch.c9
-rw-r--r--net/core/neighbour.c52
-rw-r--r--net/core/net-sysfs.c12
-rw-r--r--net/core/netpoll.c8
-rw-r--r--net/core/pktgen.c25
-rw-r--r--net/core/rtnetlink.c34
-rw-r--r--net/core/scm.c12
-rw-r--r--net/core/secure_seq.c184
-rw-r--r--net/core/skbuff.c213
-rw-r--r--net/core/sock.c24
-rw-r--r--net/core/timestamping.c12
-rw-r--r--net/core/user_dma.c6
-rw-r--r--net/dcb/dcbnl.c30
-rw-r--r--net/dccp/ccids/ccid2.c84
-rw-r--r--net/dccp/ccids/ccid2.h6
-rw-r--r--net/dccp/dccp.h1
-rw-r--r--net/dccp/feat.c202
-rw-r--r--net/dccp/feat.h1
-rw-r--r--net/dccp/ipv4.c1
-rw-r--r--net/dccp/ipv6.c13
-rw-r--r--net/dccp/proto.c1
-rw-r--r--net/decnet/dn_dev.c6
-rw-r--r--net/dsa/slave.c3
-rw-r--r--net/ethernet/eth.c2
-rw-r--r--net/ieee802154/6lowpan.c891
-rw-r--r--net/ieee802154/6lowpan.h212
-rw-r--r--net/ieee802154/Kconfig6
-rw-r--r--net/ieee802154/Makefile8
-rw-r--r--net/ipv4/af_inet.c9
-rw-r--r--net/ipv4/cipso_ipv4.c2
-rw-r--r--net/ipv4/devinet.c6
-rw-r--r--net/ipv4/fib_semantics.c10
-rw-r--r--net/ipv4/fib_trie.c12
-rw-r--r--net/ipv4/gre.c4
-rw-r--r--net/ipv4/icmp.c5
-rw-r--r--net/ipv4/igmp.c16
-rw-r--r--net/ipv4/inet_diag.c5
-rw-r--r--net/ipv4/inet_hashtables.c1
-rw-r--r--net/ipv4/inet_lro.c10
-rw-r--r--net/ipv4/inet_timewait_sock.c1
-rw-r--r--net/ipv4/inetpeer.c1
-rw-r--r--net/ipv4/ip_fragment.c40
-rw-r--r--net/ipv4/ip_gre.c2
-rw-r--r--net/ipv4/ip_output.c28
-rw-r--r--net/ipv4/ip_sockglue.c16
-rw-r--r--net/ipv4/ipip.c10
-rw-r--r--net/ipv4/ipmr.c8
-rw-r--r--net/ipv4/netfilter.c18
-rw-r--r--net/ipv4/netfilter/ip_queue.c12
-rw-r--r--net/ipv4/netfilter/nf_nat_amanda.c4
-rw-r--r--net/ipv4/netfilter/nf_nat_core.c24
-rw-r--r--net/ipv4/netfilter/nf_nat_ftp.c4
-rw-r--r--net/ipv4/netfilter/nf_nat_h323.c36
-rw-r--r--net/ipv4/netfilter/nf_nat_irc.c4
-rw-r--r--net/ipv4/netfilter/nf_nat_pptp.c16
-rw-r--r--net/ipv4/netfilter/nf_nat_proto_common.c1
-rw-r--r--net/ipv4/netfilter/nf_nat_sip.c28
-rw-r--r--net/ipv4/netfilter/nf_nat_snmp_basic.c4
-rw-r--r--net/ipv4/netfilter/nf_nat_standalone.c6
-rw-r--r--net/ipv4/netfilter/nf_nat_tftp.c4
-rw-r--r--net/ipv4/proc.c2
-rw-r--r--net/ipv4/raw.c3
-rw-r--r--net/ipv4/route.c77
-rw-r--r--net/ipv4/syncookies.c4
-rw-r--r--net/ipv4/tcp.c97
-rw-r--r--net/ipv4/tcp_input.c250
-rw-r--r--net/ipv4/tcp_ipv4.c118
-rw-r--r--net/ipv4/tcp_minisocks.c6
-rw-r--r--net/ipv4/tcp_output.c152
-rw-r--r--net/ipv4/tcp_timer.c2
-rw-r--r--net/ipv4/udp.c11
-rw-r--r--net/ipv4/xfrm4_policy.c14
-rw-r--r--net/ipv6/addrconf.c130
-rw-r--r--net/ipv6/af_inet6.c1
-rw-r--r--net/ipv6/datagram.c20
-rw-r--r--net/ipv6/exthdrs.c7
-rw-r--r--net/ipv6/icmp.c28
-rw-r--r--net/ipv6/inet6_connection_sock.c9
-rw-r--r--net/ipv6/inet6_hashtables.c1
-rw-r--r--net/ipv6/ip6_fib.c6
-rw-r--r--net/ipv6/ip6_flowlabel.c8
-rw-r--r--net/ipv6/ip6_output.c50
-rw-r--r--net/ipv6/ip6_tunnel.c54
-rw-r--r--net/ipv6/ip6mr.c8
-rw-r--r--net/ipv6/ipv6_sockglue.c13
-rw-r--r--net/ipv6/mcast.c2
-rw-r--r--net/ipv6/ndisc.c42
-rw-r--r--net/ipv6/netfilter/ip6_queue.c12
-rw-r--r--net/ipv6/netfilter/nf_conntrack_reasm.c4
-rw-r--r--net/ipv6/raw.c15
-rw-r--r--net/ipv6/reassembly.c4
-rw-r--r--net/ipv6/route.c69
-rw-r--r--net/ipv6/sit.c15
-rw-r--r--net/ipv6/syncookies.c8
-rw-r--r--net/ipv6/tcp_ipv6.c108
-rw-r--r--net/ipv6/udp.c8
-rw-r--r--net/ipv6/xfrm6_output.c56
-rw-r--r--net/irda/ircomm/ircomm_tty.c2
-rw-r--r--net/irda/irlan/irlan_eth.c2
-rw-r--r--net/irda/irsysctl.c6
-rw-r--r--net/irda/qos.c6
-rw-r--r--net/iucv/Kconfig14
-rw-r--r--net/iucv/af_iucv.c870
-rw-r--r--net/iucv/iucv.c23
-rw-r--r--net/l2tp/l2tp_core.c4
-rw-r--r--net/l2tp/l2tp_ppp.c9
-rw-r--r--net/lapb/lapb_iface.c29
-rw-r--r--net/mac80211/Kconfig12
-rw-r--r--net/mac80211/agg-rx.c9
-rw-r--r--net/mac80211/agg-tx.c12
-rw-r--r--net/mac80211/cfg.c424
-rw-r--r--net/mac80211/debugfs.c52
-rw-r--r--net/mac80211/debugfs_netdev.c48
-rw-r--r--net/mac80211/debugfs_sta.c37
-rw-r--r--net/mac80211/driver-ops.h60
-rw-r--r--net/mac80211/driver-trace.h117
-rw-r--r--net/mac80211/ht.c5
-rw-r--r--net/mac80211/ibss.c14
-rw-r--r--net/mac80211/ieee80211_i.h45
-rw-r--r--net/mac80211/iface.c36
-rw-r--r--net/mac80211/key.c13
-rw-r--r--net/mac80211/main.c26
-rw-r--r--net/mac80211/mesh.c108
-rw-r--r--net/mac80211/mesh.h8
-rw-r--r--net/mac80211/mesh_hwmp.c45
-rw-r--r--net/mac80211/mesh_pathtbl.c4
-rw-r--r--net/mac80211/mesh_plink.c70
-rw-r--r--net/mac80211/mlme.c79
-rw-r--r--net/mac80211/pm.c2
-rw-r--r--net/mac80211/rate.c37
-rw-r--r--net/mac80211/rc80211_minstrel_ht.c2
-rw-r--r--net/mac80211/rx.c129
-rw-r--r--net/mac80211/scan.c6
-rw-r--r--net/mac80211/sta_info.c642
-rw-r--r--net/mac80211/sta_info.h136
-rw-r--r--net/mac80211/status.c191
-rw-r--r--net/mac80211/tx.c552
-rw-r--r--net/mac80211/util.c215
-rw-r--r--net/mac80211/wme.c4
-rw-r--r--net/mac80211/work.c40
-rw-r--r--net/mac80211/wpa.c11
-rw-r--r--net/netfilter/Kconfig2
-rw-r--r--net/netfilter/core.c4
-rw-r--r--net/netfilter/ipvs/ip_vs_ctl.c134
-rw-r--r--net/netfilter/ipvs/ip_vs_sync.c6
-rw-r--r--net/netfilter/nf_conntrack_core.c12
-rw-r--r--net/netfilter/nf_conntrack_ecache.c8
-rw-r--r--net/netfilter/nf_conntrack_extend.c4
-rw-r--r--net/netfilter/nf_conntrack_helper.c6
-rw-r--r--net/netfilter/nf_conntrack_netlink.c6
-rw-r--r--net/netfilter/nf_conntrack_pptp.c1
-rw-r--r--net/netfilter/nf_conntrack_proto_gre.c4
-rw-r--r--net/netfilter/nf_conntrack_proto_tcp.c6
-rw-r--r--net/netfilter/nf_log.c10
-rw-r--r--net/netfilter/nf_queue.c7
-rw-r--r--net/netfilter/nfnetlink.c6
-rw-r--r--net/netfilter/nfnetlink_queue.c4
-rw-r--r--net/netfilter/x_tables.c5
-rw-r--r--net/netfilter/xt_rateest.c9
-rw-r--r--net/netlabel/Makefile2
-rw-r--r--net/netlabel/netlabel_addrlist.c2
-rw-r--r--net/netlabel/netlabel_addrlist.h2
-rw-r--r--net/netlabel/netlabel_cipso_v4.c2
-rw-r--r--net/netlabel/netlabel_cipso_v4.h2
-rw-r--r--net/netlabel/netlabel_domainhash.c8
-rw-r--r--net/netlabel/netlabel_domainhash.h2
-rw-r--r--net/netlabel/netlabel_kapi.c22
-rw-r--r--net/netlabel/netlabel_mgmt.c2
-rw-r--r--net/netlabel/netlabel_mgmt.h2
-rw-r--r--net/netlabel/netlabel_unlabeled.c8
-rw-r--r--net/netlabel/netlabel_unlabeled.h2
-rw-r--r--net/netlabel/netlabel_user.c2
-rw-r--r--net/netlabel/netlabel_user.h2
-rw-r--r--net/netlink/af_netlink.c7
-rw-r--r--net/nfc/nci/core.c63
-rw-r--r--net/nfc/nci/data.c2
-rw-r--r--net/nfc/nci/ntf.c2
-rw-r--r--net/packet/af_packet.c992
-rw-r--r--net/phonet/af_phonet.c4
-rw-r--r--net/phonet/pn_dev.c6
-rw-r--r--net/phonet/socket.c6
-rw-r--r--net/rds/Kconfig1
-rw-r--r--net/rds/ib_cm.c6
-rw-r--r--net/rds/ib_rdma.c112
-rw-r--r--net/rds/iw_rdma.c13
-rw-r--r--net/rds/xlist.h80
-rw-r--r--net/rfkill/rfkill-gpio.c11
-rw-r--r--net/sched/act_mirred.c3
-rw-r--r--net/sched/cls_flow.c188
-rw-r--r--net/sched/cls_rsvp.h27
-rw-r--r--net/sched/sch_prio.c2
-rw-r--r--net/sched/sch_sfb.c13
-rw-r--r--net/sched/sch_sfq.c7
-rw-r--r--net/sctp/associola.c1
-rw-r--r--net/sctp/ipv6.c2
-rw-r--r--net/sctp/outqueue.c4
-rw-r--r--net/sctp/protocol.c2
-rw-r--r--net/sctp/sm_make_chunk.c1
-rw-r--r--net/sctp/sm_sideeffect.c5
-rw-r--r--net/sctp/sm_statefuns.c11
-rw-r--r--net/socket.c79
-rw-r--r--net/sunrpc/addr.c6
-rw-r--r--net/sunrpc/auth_gss/auth_gss.c28
-rw-r--r--net/sunrpc/clnt.c4
-rw-r--r--net/sunrpc/rpc_pipe.c23
-rw-r--r--net/sunrpc/rpcb_clnt.c6
-rw-r--r--net/sunrpc/svc.c33
-rw-r--r--net/sunrpc/svc_xprt.c13
-rw-r--r--net/sunrpc/svcsock.c23
-rw-r--r--net/sunrpc/xprt.c1
-rw-r--r--net/tipc/bcast.c111
-rw-r--r--net/tipc/bcast.h1
-rw-r--r--net/tipc/bearer.c8
-rw-r--r--net/tipc/bearer.h4
-rw-r--r--net/tipc/config.h1
-rw-r--r--net/tipc/discover.c6
-rw-r--r--net/tipc/eth_media.c32
-rw-r--r--net/tipc/link.c111
-rw-r--r--net/tipc/link.h1
-rw-r--r--net/tipc/name_distr.c35
-rw-r--r--net/tipc/net.c11
-rw-r--r--net/tipc/node.c45
-rw-r--r--net/tipc/node.h10
-rw-r--r--net/tipc/socket.c51
-rw-r--r--net/tipc/subscr.c3
-rw-r--r--net/tipc/subscr.h6
-rw-r--r--net/unix/af_unix.c24
-rw-r--r--net/wireless/core.h4
-rw-r--r--net/wireless/mlme.c5
-rw-r--r--net/wireless/nl80211.c267
-rw-r--r--net/wireless/scan.c13
-rw-r--r--net/wireless/util.c21
-rw-r--r--net/x25/af_x25.c40
-rw-r--r--net/x25/x25_dev.c6
-rw-r--r--net/x25/x25_facilities.c10
-rw-r--r--net/x25/x25_in.c43
-rw-r--r--net/x25/x25_link.c3
-rw-r--r--net/x25/x25_subr.c14
-rw-r--r--net/xfrm/xfrm_algo.c4
-rw-r--r--net/xfrm/xfrm_input.c5
-rw-r--r--net/xfrm/xfrm_ipcomp.c13
-rw-r--r--net/xfrm/xfrm_policy.c10
-rw-r--r--net/xfrm/xfrm_replay.c98
-rw-r--r--net/xfrm/xfrm_user.c4
338 files changed, 11855 insertions, 5337 deletions
diff --git a/net/802/garp.c b/net/802/garp.c
index 16102951d36a..070bf4403bf8 100644
--- a/net/802/garp.c
+++ b/net/802/garp.c
@@ -553,7 +553,7 @@ static void garp_release_port(struct net_device *dev)
553 if (rtnl_dereference(port->applicants[i])) 553 if (rtnl_dereference(port->applicants[i]))
554 return; 554 return;
555 } 555 }
556 rcu_assign_pointer(dev->garp_port, NULL); 556 RCU_INIT_POINTER(dev->garp_port, NULL);
557 kfree_rcu(port, rcu); 557 kfree_rcu(port, rcu);
558} 558}
559 559
@@ -605,7 +605,7 @@ void garp_uninit_applicant(struct net_device *dev, struct garp_application *appl
605 605
606 ASSERT_RTNL(); 606 ASSERT_RTNL();
607 607
608 rcu_assign_pointer(port->applicants[appl->type], NULL); 608 RCU_INIT_POINTER(port->applicants[appl->type], NULL);
609 609
610 /* Delete timer and generate a final TRANSMIT_PDU event to flush out 610 /* Delete timer and generate a final TRANSMIT_PDU event to flush out
611 * all pending messages before the applicant is gone. */ 611 * all pending messages before the applicant is gone. */
diff --git a/net/802/stp.c b/net/802/stp.c
index 978c30b1b36b..0e136ef1e4ba 100644
--- a/net/802/stp.c
+++ b/net/802/stp.c
@@ -88,9 +88,9 @@ void stp_proto_unregister(const struct stp_proto *proto)
88{ 88{
89 mutex_lock(&stp_proto_mutex); 89 mutex_lock(&stp_proto_mutex);
90 if (is_zero_ether_addr(proto->group_address)) 90 if (is_zero_ether_addr(proto->group_address))
91 rcu_assign_pointer(stp_proto, NULL); 91 RCU_INIT_POINTER(stp_proto, NULL);
92 else 92 else
93 rcu_assign_pointer(garp_protos[proto->group_address[5] - 93 RCU_INIT_POINTER(garp_protos[proto->group_address[5] -
94 GARP_ADDR_MIN], NULL); 94 GARP_ADDR_MIN], NULL);
95 synchronize_rcu(); 95 synchronize_rcu();
96 96
diff --git a/net/8021q/vlan.c b/net/8021q/vlan.c
index 8970ba139d73..5471628d3ffe 100644
--- a/net/8021q/vlan.c
+++ b/net/8021q/vlan.c
@@ -133,7 +133,7 @@ void unregister_vlan_dev(struct net_device *dev, struct list_head *head)
133 if (grp->nr_vlans == 0) { 133 if (grp->nr_vlans == 0) {
134 vlan_gvrp_uninit_applicant(real_dev); 134 vlan_gvrp_uninit_applicant(real_dev);
135 135
136 rcu_assign_pointer(real_dev->vlgrp, NULL); 136 RCU_INIT_POINTER(real_dev->vlgrp, NULL);
137 137
138 /* Free the group, after all cpu's are done. */ 138 /* Free the group, after all cpu's are done. */
139 call_rcu(&grp->rcu, vlan_rcu_free); 139 call_rcu(&grp->rcu, vlan_rcu_free);
diff --git a/net/8021q/vlan_core.c b/net/8021q/vlan_core.c
index 5f27f8e30254..163397f1fd5a 100644
--- a/net/8021q/vlan_core.c
+++ b/net/8021q/vlan_core.c
@@ -4,7 +4,7 @@
4#include <linux/netpoll.h> 4#include <linux/netpoll.h>
5#include "vlan.h" 5#include "vlan.h"
6 6
7bool vlan_do_receive(struct sk_buff **skbp) 7bool vlan_do_receive(struct sk_buff **skbp, bool last_handler)
8{ 8{
9 struct sk_buff *skb = *skbp; 9 struct sk_buff *skb = *skbp;
10 u16 vlan_id = skb->vlan_tci & VLAN_VID_MASK; 10 u16 vlan_id = skb->vlan_tci & VLAN_VID_MASK;
@@ -13,7 +13,10 @@ bool vlan_do_receive(struct sk_buff **skbp)
13 13
14 vlan_dev = vlan_find_dev(skb->dev, vlan_id); 14 vlan_dev = vlan_find_dev(skb->dev, vlan_id);
15 if (!vlan_dev) { 15 if (!vlan_dev) {
16 if (vlan_id) 16 /* Only the last call to vlan_do_receive() should change
17 * pkt_type to PACKET_OTHERHOST
18 */
19 if (vlan_id && last_handler)
17 skb->pkt_type = PACKET_OTHERHOST; 20 skb->pkt_type = PACKET_OTHERHOST;
18 return false; 21 return false;
19 } 22 }
@@ -167,6 +170,8 @@ struct sk_buff *vlan_untag(struct sk_buff *skb)
167 if (unlikely(!skb)) 170 if (unlikely(!skb))
168 goto err_free; 171 goto err_free;
169 172
173 skb_reset_network_header(skb);
174 skb_reset_transport_header(skb);
170 return skb; 175 return skb;
171 176
172err_free: 177err_free:
diff --git a/net/8021q/vlan_dev.c b/net/8021q/vlan_dev.c
index 9d40a071d038..c8cf9391417e 100644
--- a/net/8021q/vlan_dev.c
+++ b/net/8021q/vlan_dev.c
@@ -610,7 +610,8 @@ static int vlan_ethtool_get_settings(struct net_device *dev,
610 struct ethtool_cmd *cmd) 610 struct ethtool_cmd *cmd)
611{ 611{
612 const struct vlan_dev_info *vlan = vlan_dev_info(dev); 612 const struct vlan_dev_info *vlan = vlan_dev_info(dev);
613 return dev_ethtool_get_settings(vlan->real_dev, cmd); 613
614 return __ethtool_get_settings(vlan->real_dev, cmd);
614} 615}
615 616
616static void vlan_ethtool_get_drvinfo(struct net_device *dev, 617static void vlan_ethtool_get_drvinfo(struct net_device *dev,
@@ -674,7 +675,6 @@ static const struct net_device_ops vlan_netdev_ops = {
674 .ndo_validate_addr = eth_validate_addr, 675 .ndo_validate_addr = eth_validate_addr,
675 .ndo_set_mac_address = vlan_dev_set_mac_address, 676 .ndo_set_mac_address = vlan_dev_set_mac_address,
676 .ndo_set_rx_mode = vlan_dev_set_rx_mode, 677 .ndo_set_rx_mode = vlan_dev_set_rx_mode,
677 .ndo_set_multicast_list = vlan_dev_set_rx_mode,
678 .ndo_change_rx_flags = vlan_dev_change_rx_flags, 678 .ndo_change_rx_flags = vlan_dev_change_rx_flags,
679 .ndo_do_ioctl = vlan_dev_ioctl, 679 .ndo_do_ioctl = vlan_dev_ioctl,
680 .ndo_neigh_setup = vlan_dev_neigh_setup, 680 .ndo_neigh_setup = vlan_dev_neigh_setup,
diff --git a/net/9p/client.c b/net/9p/client.c
index 0505a03c374c..854ca7a911c4 100644
--- a/net/9p/client.c
+++ b/net/9p/client.c
@@ -38,6 +38,9 @@
38#include <net/9p/transport.h> 38#include <net/9p/transport.h>
39#include "protocol.h" 39#include "protocol.h"
40 40
41#define CREATE_TRACE_POINTS
42#include <trace/events/9p.h>
43
41/* 44/*
42 * Client Option Parsing (code inspired by NFS code) 45 * Client Option Parsing (code inspired by NFS code)
43 * - a little lazy - parse all client options 46 * - a little lazy - parse all client options
@@ -123,21 +126,19 @@ static int parse_opts(char *opts, struct p9_client *clnt)
123 options = tmp_options; 126 options = tmp_options;
124 127
125 while ((p = strsep(&options, ",")) != NULL) { 128 while ((p = strsep(&options, ",")) != NULL) {
126 int token; 129 int token, r;
127 if (!*p) 130 if (!*p)
128 continue; 131 continue;
129 token = match_token(p, tokens, args); 132 token = match_token(p, tokens, args);
130 if (token < Opt_trans) { 133 switch (token) {
131 int r = match_int(&args[0], &option); 134 case Opt_msize:
135 r = match_int(&args[0], &option);
132 if (r < 0) { 136 if (r < 0) {
133 P9_DPRINTK(P9_DEBUG_ERROR, 137 P9_DPRINTK(P9_DEBUG_ERROR,
134 "integer field, but no integer?\n"); 138 "integer field, but no integer?\n");
135 ret = r; 139 ret = r;
136 continue; 140 continue;
137 } 141 }
138 }
139 switch (token) {
140 case Opt_msize:
141 clnt->msize = option; 142 clnt->msize = option;
142 break; 143 break;
143 case Opt_trans: 144 case Opt_trans:
@@ -203,11 +204,13 @@ free_and_return:
203 * 204 *
204 */ 205 */
205 206
206static struct p9_req_t *p9_tag_alloc(struct p9_client *c, u16 tag) 207static struct p9_req_t *
208p9_tag_alloc(struct p9_client *c, u16 tag, unsigned int max_size)
207{ 209{
208 unsigned long flags; 210 unsigned long flags;
209 int row, col; 211 int row, col;
210 struct p9_req_t *req; 212 struct p9_req_t *req;
213 int alloc_msize = min(c->msize, max_size);
211 214
212 /* This looks up the original request by tag so we know which 215 /* This looks up the original request by tag so we know which
213 * buffer to read the data into */ 216 * buffer to read the data into */
@@ -245,23 +248,10 @@ static struct p9_req_t *p9_tag_alloc(struct p9_client *c, u16 tag)
245 return ERR_PTR(-ENOMEM); 248 return ERR_PTR(-ENOMEM);
246 } 249 }
247 init_waitqueue_head(req->wq); 250 init_waitqueue_head(req->wq);
248 if ((c->trans_mod->pref & P9_TRANS_PREF_PAYLOAD_MASK) == 251 req->tc = kmalloc(sizeof(struct p9_fcall) + alloc_msize,
249 P9_TRANS_PREF_PAYLOAD_SEP) { 252 GFP_NOFS);
250 int alloc_msize = min(c->msize, 4096); 253 req->rc = kmalloc(sizeof(struct p9_fcall) + alloc_msize,
251 req->tc = kmalloc(sizeof(struct p9_fcall)+alloc_msize, 254 GFP_NOFS);
252 GFP_NOFS);
253 req->tc->capacity = alloc_msize;
254 req->rc = kmalloc(sizeof(struct p9_fcall)+alloc_msize,
255 GFP_NOFS);
256 req->rc->capacity = alloc_msize;
257 } else {
258 req->tc = kmalloc(sizeof(struct p9_fcall)+c->msize,
259 GFP_NOFS);
260 req->tc->capacity = c->msize;
261 req->rc = kmalloc(sizeof(struct p9_fcall)+c->msize,
262 GFP_NOFS);
263 req->rc->capacity = c->msize;
264 }
265 if ((!req->tc) || (!req->rc)) { 255 if ((!req->tc) || (!req->rc)) {
266 printk(KERN_ERR "Couldn't grow tag array\n"); 256 printk(KERN_ERR "Couldn't grow tag array\n");
267 kfree(req->tc); 257 kfree(req->tc);
@@ -271,6 +261,8 @@ static struct p9_req_t *p9_tag_alloc(struct p9_client *c, u16 tag)
271 req->wq = NULL; 261 req->wq = NULL;
272 return ERR_PTR(-ENOMEM); 262 return ERR_PTR(-ENOMEM);
273 } 263 }
264 req->tc->capacity = alloc_msize;
265 req->rc->capacity = alloc_msize;
274 req->tc->sdata = (char *) req->tc + sizeof(struct p9_fcall); 266 req->tc->sdata = (char *) req->tc + sizeof(struct p9_fcall);
275 req->rc->sdata = (char *) req->rc + sizeof(struct p9_fcall); 267 req->rc->sdata = (char *) req->rc + sizeof(struct p9_fcall);
276 } 268 }
@@ -475,37 +467,22 @@ static int p9_check_errors(struct p9_client *c, struct p9_req_t *req)
475 int ecode; 467 int ecode;
476 468
477 err = p9_parse_header(req->rc, NULL, &type, NULL, 0); 469 err = p9_parse_header(req->rc, NULL, &type, NULL, 0);
470 /*
471 * dump the response from server
472 * This should be after check errors which poplulate pdu_fcall.
473 */
474 trace_9p_protocol_dump(c, req->rc);
478 if (err) { 475 if (err) {
479 P9_DPRINTK(P9_DEBUG_ERROR, "couldn't parse header %d\n", err); 476 P9_DPRINTK(P9_DEBUG_ERROR, "couldn't parse header %d\n", err);
480 return err; 477 return err;
481 } 478 }
482
483 if (type != P9_RERROR && type != P9_RLERROR) 479 if (type != P9_RERROR && type != P9_RLERROR)
484 return 0; 480 return 0;
485 481
486 if (!p9_is_proto_dotl(c)) { 482 if (!p9_is_proto_dotl(c)) {
487 char *ename; 483 char *ename;
488
489 if (req->tc->pbuf_size) {
490 /* Handle user buffers */
491 size_t len = req->rc->size - req->rc->offset;
492 if (req->tc->pubuf) {
493 /* User Buffer */
494 err = copy_from_user(
495 &req->rc->sdata[req->rc->offset],
496 req->tc->pubuf, len);
497 if (err) {
498 err = -EFAULT;
499 goto out_err;
500 }
501 } else {
502 /* Kernel Buffer */
503 memmove(&req->rc->sdata[req->rc->offset],
504 req->tc->pkbuf, len);
505 }
506 }
507 err = p9pdu_readf(req->rc, c->proto_version, "s?d", 484 err = p9pdu_readf(req->rc, c->proto_version, "s?d",
508 &ename, &ecode); 485 &ename, &ecode);
509 if (err) 486 if (err)
510 goto out_err; 487 goto out_err;
511 488
@@ -515,11 +492,10 @@ static int p9_check_errors(struct p9_client *c, struct p9_req_t *req)
515 if (!err || !IS_ERR_VALUE(err)) { 492 if (!err || !IS_ERR_VALUE(err)) {
516 err = p9_errstr2errno(ename, strlen(ename)); 493 err = p9_errstr2errno(ename, strlen(ename));
517 494
518 P9_DPRINTK(P9_DEBUG_9P, "<<< RERROR (%d) %s\n", -ecode, 495 P9_DPRINTK(P9_DEBUG_9P, "<<< RERROR (%d) %s\n",
519 ename); 496 -ecode, ename);
520
521 kfree(ename);
522 } 497 }
498 kfree(ename);
523 } else { 499 } else {
524 err = p9pdu_readf(req->rc, c->proto_version, "d", &ecode); 500 err = p9pdu_readf(req->rc, c->proto_version, "d", &ecode);
525 err = -ecode; 501 err = -ecode;
@@ -527,7 +503,6 @@ static int p9_check_errors(struct p9_client *c, struct p9_req_t *req)
527 P9_DPRINTK(P9_DEBUG_9P, "<<< RLERROR (%d)\n", -ecode); 503 P9_DPRINTK(P9_DEBUG_9P, "<<< RLERROR (%d)\n", -ecode);
528 } 504 }
529 505
530
531 return err; 506 return err;
532 507
533out_err: 508out_err:
@@ -536,6 +511,115 @@ out_err:
536 return err; 511 return err;
537} 512}
538 513
514/**
515 * p9_check_zc_errors - check 9p packet for error return and process it
516 * @c: current client instance
517 * @req: request to parse and check for error conditions
518 * @in_hdrlen: Size of response protocol buffer.
519 *
520 * returns error code if one is discovered, otherwise returns 0
521 *
522 * this will have to be more complicated if we have multiple
523 * error packet types
524 */
525
526static int p9_check_zc_errors(struct p9_client *c, struct p9_req_t *req,
527 char *uidata, int in_hdrlen, int kern_buf)
528{
529 int err;
530 int ecode;
531 int8_t type;
532 char *ename = NULL;
533
534 err = p9_parse_header(req->rc, NULL, &type, NULL, 0);
535 /*
536 * dump the response from server
537 * This should be after parse_header which poplulate pdu_fcall.
538 */
539 trace_9p_protocol_dump(c, req->rc);
540 if (err) {
541 P9_DPRINTK(P9_DEBUG_ERROR, "couldn't parse header %d\n", err);
542 return err;
543 }
544
545 if (type != P9_RERROR && type != P9_RLERROR)
546 return 0;
547
548 if (!p9_is_proto_dotl(c)) {
549 /* Error is reported in string format */
550 uint16_t len;
551 /* 7 = header size for RERROR, 2 is the size of string len; */
552 int inline_len = in_hdrlen - (7 + 2);
553
554 /* Read the size of error string */
555 err = p9pdu_readf(req->rc, c->proto_version, "w", &len);
556 if (err)
557 goto out_err;
558
559 ename = kmalloc(len + 1, GFP_NOFS);
560 if (!ename) {
561 err = -ENOMEM;
562 goto out_err;
563 }
564 if (len <= inline_len) {
565 /* We have error in protocol buffer itself */
566 if (pdu_read(req->rc, ename, len)) {
567 err = -EFAULT;
568 goto out_free;
569
570 }
571 } else {
572 /*
573 * Part of the data is in user space buffer.
574 */
575 if (pdu_read(req->rc, ename, inline_len)) {
576 err = -EFAULT;
577 goto out_free;
578
579 }
580 if (kern_buf) {
581 memcpy(ename + inline_len, uidata,
582 len - inline_len);
583 } else {
584 err = copy_from_user(ename + inline_len,
585 uidata, len - inline_len);
586 if (err) {
587 err = -EFAULT;
588 goto out_free;
589 }
590 }
591 }
592 ename[len] = 0;
593 if (p9_is_proto_dotu(c)) {
594 /* For dotu we also have error code */
595 err = p9pdu_readf(req->rc,
596 c->proto_version, "d", &ecode);
597 if (err)
598 goto out_free;
599 err = -ecode;
600 }
601 if (!err || !IS_ERR_VALUE(err)) {
602 err = p9_errstr2errno(ename, strlen(ename));
603
604 P9_DPRINTK(P9_DEBUG_9P, "<<< RERROR (%d) %s\n",
605 -ecode, ename);
606 }
607 kfree(ename);
608 } else {
609 err = p9pdu_readf(req->rc, c->proto_version, "d", &ecode);
610 err = -ecode;
611
612 P9_DPRINTK(P9_DEBUG_9P, "<<< RLERROR (%d)\n", -ecode);
613 }
614 return err;
615
616out_free:
617 kfree(ename);
618out_err:
619 P9_DPRINTK(P9_DEBUG_ERROR, "couldn't parse error%d\n", err);
620 return err;
621}
622
539static struct p9_req_t * 623static struct p9_req_t *
540p9_client_rpc(struct p9_client *c, int8_t type, const char *fmt, ...); 624p9_client_rpc(struct p9_client *c, int8_t type, const char *fmt, ...);
541 625
@@ -579,23 +663,12 @@ static int p9_client_flush(struct p9_client *c, struct p9_req_t *oldreq)
579 return 0; 663 return 0;
580} 664}
581 665
582/** 666static struct p9_req_t *p9_client_prepare_req(struct p9_client *c,
583 * p9_client_rpc - issue a request and wait for a response 667 int8_t type, int req_size,
584 * @c: client session 668 const char *fmt, va_list ap)
585 * @type: type of request
586 * @fmt: protocol format string (see protocol.c)
587 *
588 * Returns request structure (which client must free using p9_free_req)
589 */
590
591static struct p9_req_t *
592p9_client_rpc(struct p9_client *c, int8_t type, const char *fmt, ...)
593{ 669{
594 va_list ap;
595 int tag, err; 670 int tag, err;
596 struct p9_req_t *req; 671 struct p9_req_t *req;
597 unsigned long flags;
598 int sigpending;
599 672
600 P9_DPRINTK(P9_DEBUG_MUX, "client %p op %d\n", c, type); 673 P9_DPRINTK(P9_DEBUG_MUX, "client %p op %d\n", c, type);
601 674
@@ -607,12 +680,6 @@ p9_client_rpc(struct p9_client *c, int8_t type, const char *fmt, ...)
607 if ((c->status == BeginDisconnect) && (type != P9_TCLUNK)) 680 if ((c->status == BeginDisconnect) && (type != P9_TCLUNK))
608 return ERR_PTR(-EIO); 681 return ERR_PTR(-EIO);
609 682
610 if (signal_pending(current)) {
611 sigpending = 1;
612 clear_thread_flag(TIF_SIGPENDING);
613 } else
614 sigpending = 0;
615
616 tag = P9_NOTAG; 683 tag = P9_NOTAG;
617 if (type != P9_TVERSION) { 684 if (type != P9_TVERSION) {
618 tag = p9_idpool_get(c->tagpool); 685 tag = p9_idpool_get(c->tagpool);
@@ -620,18 +687,51 @@ p9_client_rpc(struct p9_client *c, int8_t type, const char *fmt, ...)
620 return ERR_PTR(-ENOMEM); 687 return ERR_PTR(-ENOMEM);
621 } 688 }
622 689
623 req = p9_tag_alloc(c, tag); 690 req = p9_tag_alloc(c, tag, req_size);
624 if (IS_ERR(req)) 691 if (IS_ERR(req))
625 return req; 692 return req;
626 693
627 /* marshall the data */ 694 /* marshall the data */
628 p9pdu_prepare(req->tc, tag, type); 695 p9pdu_prepare(req->tc, tag, type);
629 va_start(ap, fmt);
630 err = p9pdu_vwritef(req->tc, c->proto_version, fmt, ap); 696 err = p9pdu_vwritef(req->tc, c->proto_version, fmt, ap);
631 va_end(ap);
632 if (err) 697 if (err)
633 goto reterr; 698 goto reterr;
634 p9pdu_finalize(req->tc); 699 p9pdu_finalize(c, req->tc);
700 trace_9p_client_req(c, type, tag);
701 return req;
702reterr:
703 p9_free_req(c, req);
704 return ERR_PTR(err);
705}
706
707/**
708 * p9_client_rpc - issue a request and wait for a response
709 * @c: client session
710 * @type: type of request
711 * @fmt: protocol format string (see protocol.c)
712 *
713 * Returns request structure (which client must free using p9_free_req)
714 */
715
716static struct p9_req_t *
717p9_client_rpc(struct p9_client *c, int8_t type, const char *fmt, ...)
718{
719 va_list ap;
720 int sigpending, err;
721 unsigned long flags;
722 struct p9_req_t *req;
723
724 va_start(ap, fmt);
725 req = p9_client_prepare_req(c, type, c->msize, fmt, ap);
726 va_end(ap);
727 if (IS_ERR(req))
728 return req;
729
730 if (signal_pending(current)) {
731 sigpending = 1;
732 clear_thread_flag(TIF_SIGPENDING);
733 } else
734 sigpending = 0;
635 735
636 err = c->trans_mod->request(c, req); 736 err = c->trans_mod->request(c, req);
637 if (err < 0) { 737 if (err < 0) {
@@ -639,18 +739,14 @@ p9_client_rpc(struct p9_client *c, int8_t type, const char *fmt, ...)
639 c->status = Disconnected; 739 c->status = Disconnected;
640 goto reterr; 740 goto reterr;
641 } 741 }
642 742 /* Wait for the response */
643 P9_DPRINTK(P9_DEBUG_MUX, "wait %p tag: %d\n", req->wq, tag);
644 err = wait_event_interruptible(*req->wq, 743 err = wait_event_interruptible(*req->wq,
645 req->status >= REQ_STATUS_RCVD); 744 req->status >= REQ_STATUS_RCVD);
646 P9_DPRINTK(P9_DEBUG_MUX, "wait %p tag: %d returned %d\n",
647 req->wq, tag, err);
648 745
649 if (req->status == REQ_STATUS_ERROR) { 746 if (req->status == REQ_STATUS_ERROR) {
650 P9_DPRINTK(P9_DEBUG_ERROR, "req_status error %d\n", req->t_err); 747 P9_DPRINTK(P9_DEBUG_ERROR, "req_status error %d\n", req->t_err);
651 err = req->t_err; 748 err = req->t_err;
652 } 749 }
653
654 if ((err == -ERESTARTSYS) && (c->status == Connected)) { 750 if ((err == -ERESTARTSYS) && (c->status == Connected)) {
655 P9_DPRINTK(P9_DEBUG_MUX, "flushing\n"); 751 P9_DPRINTK(P9_DEBUG_MUX, "flushing\n");
656 sigpending = 1; 752 sigpending = 1;
@@ -663,25 +759,102 @@ p9_client_rpc(struct p9_client *c, int8_t type, const char *fmt, ...)
663 if (req->status == REQ_STATUS_RCVD) 759 if (req->status == REQ_STATUS_RCVD)
664 err = 0; 760 err = 0;
665 } 761 }
666
667 if (sigpending) { 762 if (sigpending) {
668 spin_lock_irqsave(&current->sighand->siglock, flags); 763 spin_lock_irqsave(&current->sighand->siglock, flags);
669 recalc_sigpending(); 764 recalc_sigpending();
670 spin_unlock_irqrestore(&current->sighand->siglock, flags); 765 spin_unlock_irqrestore(&current->sighand->siglock, flags);
671 } 766 }
672
673 if (err < 0) 767 if (err < 0)
674 goto reterr; 768 goto reterr;
675 769
676 err = p9_check_errors(c, req); 770 err = p9_check_errors(c, req);
677 if (!err) { 771 trace_9p_client_res(c, type, req->rc->tag, err);
678 P9_DPRINTK(P9_DEBUG_MUX, "exit: client %p op %d\n", c, type); 772 if (!err)
773 return req;
774reterr:
775 p9_free_req(c, req);
776 return ERR_PTR(err);
777}
778
779/**
780 * p9_client_zc_rpc - issue a request and wait for a response
781 * @c: client session
782 * @type: type of request
783 * @uidata: user bffer that should be ued for zero copy read
784 * @uodata: user buffer that shoud be user for zero copy write
785 * @inlen: read buffer size
786 * @olen: write buffer size
787 * @hdrlen: reader header size, This is the size of response protocol data
788 * @fmt: protocol format string (see protocol.c)
789 *
790 * Returns request structure (which client must free using p9_free_req)
791 */
792static struct p9_req_t *p9_client_zc_rpc(struct p9_client *c, int8_t type,
793 char *uidata, char *uodata,
794 int inlen, int olen, int in_hdrlen,
795 int kern_buf, const char *fmt, ...)
796{
797 va_list ap;
798 int sigpending, err;
799 unsigned long flags;
800 struct p9_req_t *req;
801
802 va_start(ap, fmt);
803 /*
804 * We allocate a inline protocol data of only 4k bytes.
805 * The actual content is passed in zero-copy fashion.
806 */
807 req = p9_client_prepare_req(c, type, P9_ZC_HDR_SZ, fmt, ap);
808 va_end(ap);
809 if (IS_ERR(req))
679 return req; 810 return req;
811
812 if (signal_pending(current)) {
813 sigpending = 1;
814 clear_thread_flag(TIF_SIGPENDING);
815 } else
816 sigpending = 0;
817
818 /* If we are called with KERNEL_DS force kern_buf */
819 if (segment_eq(get_fs(), KERNEL_DS))
820 kern_buf = 1;
821
822 err = c->trans_mod->zc_request(c, req, uidata, uodata,
823 inlen, olen, in_hdrlen, kern_buf);
824 if (err < 0) {
825 if (err == -EIO)
826 c->status = Disconnected;
827 goto reterr;
828 }
829 if (req->status == REQ_STATUS_ERROR) {
830 P9_DPRINTK(P9_DEBUG_ERROR, "req_status error %d\n", req->t_err);
831 err = req->t_err;
832 }
833 if ((err == -ERESTARTSYS) && (c->status == Connected)) {
834 P9_DPRINTK(P9_DEBUG_MUX, "flushing\n");
835 sigpending = 1;
836 clear_thread_flag(TIF_SIGPENDING);
837
838 if (c->trans_mod->cancel(c, req))
839 p9_client_flush(c, req);
840
841 /* if we received the response anyway, don't signal error */
842 if (req->status == REQ_STATUS_RCVD)
843 err = 0;
844 }
845 if (sigpending) {
846 spin_lock_irqsave(&current->sighand->siglock, flags);
847 recalc_sigpending();
848 spin_unlock_irqrestore(&current->sighand->siglock, flags);
680 } 849 }
850 if (err < 0)
851 goto reterr;
681 852
853 err = p9_check_zc_errors(c, req, uidata, in_hdrlen, kern_buf);
854 trace_9p_client_res(c, type, req->rc->tag, err);
855 if (!err)
856 return req;
682reterr: 857reterr:
683 P9_DPRINTK(P9_DEBUG_MUX, "exit: client %p op %d error: %d\n", c, type,
684 err);
685 p9_free_req(c, req); 858 p9_free_req(c, req);
686 return ERR_PTR(err); 859 return ERR_PTR(err);
687} 860}
@@ -769,7 +942,7 @@ static int p9_client_version(struct p9_client *c)
769 err = p9pdu_readf(req->rc, c->proto_version, "ds", &msize, &version); 942 err = p9pdu_readf(req->rc, c->proto_version, "ds", &msize, &version);
770 if (err) { 943 if (err) {
771 P9_DPRINTK(P9_DEBUG_9P, "version error %d\n", err); 944 P9_DPRINTK(P9_DEBUG_9P, "version error %d\n", err);
772 P9_DUMP_PKT(1, req->rc); 945 trace_9p_protocol_dump(c, req->rc);
773 goto error; 946 goto error;
774 } 947 }
775 948
@@ -906,15 +1079,14 @@ EXPORT_SYMBOL(p9_client_begin_disconnect);
906struct p9_fid *p9_client_attach(struct p9_client *clnt, struct p9_fid *afid, 1079struct p9_fid *p9_client_attach(struct p9_client *clnt, struct p9_fid *afid,
907 char *uname, u32 n_uname, char *aname) 1080 char *uname, u32 n_uname, char *aname)
908{ 1081{
909 int err; 1082 int err = 0;
910 struct p9_req_t *req; 1083 struct p9_req_t *req;
911 struct p9_fid *fid; 1084 struct p9_fid *fid;
912 struct p9_qid qid; 1085 struct p9_qid qid;
913 1086
914 P9_DPRINTK(P9_DEBUG_9P, ">>> TATTACH afid %d uname %s aname %s\n",
915 afid ? afid->fid : -1, uname, aname);
916 err = 0;
917 1087
1088 P9_DPRINTK(P9_DEBUG_9P, ">>> TATTACH afid %d uname %s aname %s\n",
1089 afid ? afid->fid : -1, uname, aname);
918 fid = p9_fid_create(clnt); 1090 fid = p9_fid_create(clnt);
919 if (IS_ERR(fid)) { 1091 if (IS_ERR(fid)) {
920 err = PTR_ERR(fid); 1092 err = PTR_ERR(fid);
@@ -931,7 +1103,7 @@ struct p9_fid *p9_client_attach(struct p9_client *clnt, struct p9_fid *afid,
931 1103
932 err = p9pdu_readf(req->rc, clnt->proto_version, "Q", &qid); 1104 err = p9pdu_readf(req->rc, clnt->proto_version, "Q", &qid);
933 if (err) { 1105 if (err) {
934 P9_DUMP_PKT(1, req->rc); 1106 trace_9p_protocol_dump(clnt, req->rc);
935 p9_free_req(clnt, req); 1107 p9_free_req(clnt, req);
936 goto error; 1108 goto error;
937 } 1109 }
@@ -991,7 +1163,7 @@ struct p9_fid *p9_client_walk(struct p9_fid *oldfid, uint16_t nwname,
991 1163
992 err = p9pdu_readf(req->rc, clnt->proto_version, "R", &nwqids, &wqids); 1164 err = p9pdu_readf(req->rc, clnt->proto_version, "R", &nwqids, &wqids);
993 if (err) { 1165 if (err) {
994 P9_DUMP_PKT(1, req->rc); 1166 trace_9p_protocol_dump(clnt, req->rc);
995 p9_free_req(clnt, req); 1167 p9_free_req(clnt, req);
996 goto clunk_fid; 1168 goto clunk_fid;
997 } 1169 }
@@ -1058,7 +1230,7 @@ int p9_client_open(struct p9_fid *fid, int mode)
1058 1230
1059 err = p9pdu_readf(req->rc, clnt->proto_version, "Qd", &qid, &iounit); 1231 err = p9pdu_readf(req->rc, clnt->proto_version, "Qd", &qid, &iounit);
1060 if (err) { 1232 if (err) {
1061 P9_DUMP_PKT(1, req->rc); 1233 trace_9p_protocol_dump(clnt, req->rc);
1062 goto free_and_error; 1234 goto free_and_error;
1063 } 1235 }
1064 1236
@@ -1101,7 +1273,7 @@ int p9_client_create_dotl(struct p9_fid *ofid, char *name, u32 flags, u32 mode,
1101 1273
1102 err = p9pdu_readf(req->rc, clnt->proto_version, "Qd", qid, &iounit); 1274 err = p9pdu_readf(req->rc, clnt->proto_version, "Qd", qid, &iounit);
1103 if (err) { 1275 if (err) {
1104 P9_DUMP_PKT(1, req->rc); 1276 trace_9p_protocol_dump(clnt, req->rc);
1105 goto free_and_error; 1277 goto free_and_error;
1106 } 1278 }
1107 1279
@@ -1146,7 +1318,7 @@ int p9_client_fcreate(struct p9_fid *fid, char *name, u32 perm, int mode,
1146 1318
1147 err = p9pdu_readf(req->rc, clnt->proto_version, "Qd", &qid, &iounit); 1319 err = p9pdu_readf(req->rc, clnt->proto_version, "Qd", &qid, &iounit);
1148 if (err) { 1320 if (err) {
1149 P9_DUMP_PKT(1, req->rc); 1321 trace_9p_protocol_dump(clnt, req->rc);
1150 goto free_and_error; 1322 goto free_and_error;
1151 } 1323 }
1152 1324
@@ -1185,7 +1357,7 @@ int p9_client_symlink(struct p9_fid *dfid, char *name, char *symtgt, gid_t gid,
1185 1357
1186 err = p9pdu_readf(req->rc, clnt->proto_version, "Q", qid); 1358 err = p9pdu_readf(req->rc, clnt->proto_version, "Q", qid);
1187 if (err) { 1359 if (err) {
1188 P9_DUMP_PKT(1, req->rc); 1360 trace_9p_protocol_dump(clnt, req->rc);
1189 goto free_and_error; 1361 goto free_and_error;
1190 } 1362 }
1191 1363
@@ -1330,13 +1502,15 @@ int
1330p9_client_read(struct p9_fid *fid, char *data, char __user *udata, u64 offset, 1502p9_client_read(struct p9_fid *fid, char *data, char __user *udata, u64 offset,
1331 u32 count) 1503 u32 count)
1332{ 1504{
1333 int err, rsize;
1334 struct p9_client *clnt;
1335 struct p9_req_t *req;
1336 char *dataptr; 1505 char *dataptr;
1506 int kernel_buf = 0;
1507 struct p9_req_t *req;
1508 struct p9_client *clnt;
1509 int err, rsize, non_zc = 0;
1510
1337 1511
1338 P9_DPRINTK(P9_DEBUG_9P, ">>> TREAD fid %d offset %llu %d\n", fid->fid, 1512 P9_DPRINTK(P9_DEBUG_9P, ">>> TREAD fid %d offset %llu %d\n",
1339 (long long unsigned) offset, count); 1513 fid->fid, (long long unsigned) offset, count);
1340 err = 0; 1514 err = 0;
1341 clnt = fid->clnt; 1515 clnt = fid->clnt;
1342 1516
@@ -1348,13 +1522,24 @@ p9_client_read(struct p9_fid *fid, char *data, char __user *udata, u64 offset,
1348 rsize = count; 1522 rsize = count;
1349 1523
1350 /* Don't bother zerocopy for small IO (< 1024) */ 1524 /* Don't bother zerocopy for small IO (< 1024) */
1351 if (((clnt->trans_mod->pref & P9_TRANS_PREF_PAYLOAD_MASK) == 1525 if (clnt->trans_mod->zc_request && rsize > 1024) {
1352 P9_TRANS_PREF_PAYLOAD_SEP) && (rsize > 1024)) { 1526 char *indata;
1353 req = p9_client_rpc(clnt, P9_TREAD, "dqE", fid->fid, offset, 1527 if (data) {
1354 rsize, data, udata); 1528 kernel_buf = 1;
1529 indata = data;
1530 } else
1531 indata = (char *)udata;
1532 /*
1533 * response header len is 11
1534 * PDU Header(7) + IO Size (4)
1535 */
1536 req = p9_client_zc_rpc(clnt, P9_TREAD, indata, NULL, rsize, 0,
1537 11, kernel_buf, "dqd", fid->fid,
1538 offset, rsize);
1355 } else { 1539 } else {
1540 non_zc = 1;
1356 req = p9_client_rpc(clnt, P9_TREAD, "dqd", fid->fid, offset, 1541 req = p9_client_rpc(clnt, P9_TREAD, "dqd", fid->fid, offset,
1357 rsize); 1542 rsize);
1358 } 1543 }
1359 if (IS_ERR(req)) { 1544 if (IS_ERR(req)) {
1360 err = PTR_ERR(req); 1545 err = PTR_ERR(req);
@@ -1363,14 +1548,13 @@ p9_client_read(struct p9_fid *fid, char *data, char __user *udata, u64 offset,
1363 1548
1364 err = p9pdu_readf(req->rc, clnt->proto_version, "D", &count, &dataptr); 1549 err = p9pdu_readf(req->rc, clnt->proto_version, "D", &count, &dataptr);
1365 if (err) { 1550 if (err) {
1366 P9_DUMP_PKT(1, req->rc); 1551 trace_9p_protocol_dump(clnt, req->rc);
1367 goto free_and_error; 1552 goto free_and_error;
1368 } 1553 }
1369 1554
1370 P9_DPRINTK(P9_DEBUG_9P, "<<< RREAD count %d\n", count); 1555 P9_DPRINTK(P9_DEBUG_9P, "<<< RREAD count %d\n", count);
1371 P9_DUMP_PKT(1, req->rc);
1372 1556
1373 if (!req->tc->pbuf_size) { 1557 if (non_zc) {
1374 if (data) { 1558 if (data) {
1375 memmove(data, dataptr, count); 1559 memmove(data, dataptr, count);
1376 } else { 1560 } else {
@@ -1396,6 +1580,7 @@ p9_client_write(struct p9_fid *fid, char *data, const char __user *udata,
1396 u64 offset, u32 count) 1580 u64 offset, u32 count)
1397{ 1581{
1398 int err, rsize; 1582 int err, rsize;
1583 int kernel_buf = 0;
1399 struct p9_client *clnt; 1584 struct p9_client *clnt;
1400 struct p9_req_t *req; 1585 struct p9_req_t *req;
1401 1586
@@ -1411,19 +1596,24 @@ p9_client_write(struct p9_fid *fid, char *data, const char __user *udata,
1411 if (count < rsize) 1596 if (count < rsize)
1412 rsize = count; 1597 rsize = count;
1413 1598
1414 /* Don't bother zerocopy form small IO (< 1024) */ 1599 /* Don't bother zerocopy for small IO (< 1024) */
1415 if (((clnt->trans_mod->pref & P9_TRANS_PREF_PAYLOAD_MASK) == 1600 if (clnt->trans_mod->zc_request && rsize > 1024) {
1416 P9_TRANS_PREF_PAYLOAD_SEP) && (rsize > 1024)) { 1601 char *odata;
1417 req = p9_client_rpc(clnt, P9_TWRITE, "dqE", fid->fid, offset, 1602 if (data) {
1418 rsize, data, udata); 1603 kernel_buf = 1;
1604 odata = data;
1605 } else
1606 odata = (char *)udata;
1607 req = p9_client_zc_rpc(clnt, P9_TWRITE, NULL, odata, 0, rsize,
1608 P9_ZC_HDR_SZ, kernel_buf, "dqd",
1609 fid->fid, offset, rsize);
1419 } else { 1610 } else {
1420
1421 if (data) 1611 if (data)
1422 req = p9_client_rpc(clnt, P9_TWRITE, "dqD", fid->fid, 1612 req = p9_client_rpc(clnt, P9_TWRITE, "dqD", fid->fid,
1423 offset, rsize, data); 1613 offset, rsize, data);
1424 else 1614 else
1425 req = p9_client_rpc(clnt, P9_TWRITE, "dqU", fid->fid, 1615 req = p9_client_rpc(clnt, P9_TWRITE, "dqU", fid->fid,
1426 offset, rsize, udata); 1616 offset, rsize, udata);
1427 } 1617 }
1428 if (IS_ERR(req)) { 1618 if (IS_ERR(req)) {
1429 err = PTR_ERR(req); 1619 err = PTR_ERR(req);
@@ -1432,7 +1622,7 @@ p9_client_write(struct p9_fid *fid, char *data, const char __user *udata,
1432 1622
1433 err = p9pdu_readf(req->rc, clnt->proto_version, "d", &count); 1623 err = p9pdu_readf(req->rc, clnt->proto_version, "d", &count);
1434 if (err) { 1624 if (err) {
1435 P9_DUMP_PKT(1, req->rc); 1625 trace_9p_protocol_dump(clnt, req->rc);
1436 goto free_and_error; 1626 goto free_and_error;
1437 } 1627 }
1438 1628
@@ -1472,7 +1662,7 @@ struct p9_wstat *p9_client_stat(struct p9_fid *fid)
1472 1662
1473 err = p9pdu_readf(req->rc, clnt->proto_version, "wS", &ignored, ret); 1663 err = p9pdu_readf(req->rc, clnt->proto_version, "wS", &ignored, ret);
1474 if (err) { 1664 if (err) {
1475 P9_DUMP_PKT(1, req->rc); 1665 trace_9p_protocol_dump(clnt, req->rc);
1476 p9_free_req(clnt, req); 1666 p9_free_req(clnt, req);
1477 goto error; 1667 goto error;
1478 } 1668 }
@@ -1523,7 +1713,7 @@ struct p9_stat_dotl *p9_client_getattr_dotl(struct p9_fid *fid,
1523 1713
1524 err = p9pdu_readf(req->rc, clnt->proto_version, "A", ret); 1714 err = p9pdu_readf(req->rc, clnt->proto_version, "A", ret);
1525 if (err) { 1715 if (err) {
1526 P9_DUMP_PKT(1, req->rc); 1716 trace_9p_protocol_dump(clnt, req->rc);
1527 p9_free_req(clnt, req); 1717 p9_free_req(clnt, req);
1528 goto error; 1718 goto error;
1529 } 1719 }
@@ -1671,7 +1861,7 @@ int p9_client_statfs(struct p9_fid *fid, struct p9_rstatfs *sb)
1671 &sb->bsize, &sb->blocks, &sb->bfree, &sb->bavail, 1861 &sb->bsize, &sb->blocks, &sb->bfree, &sb->bavail,
1672 &sb->files, &sb->ffree, &sb->fsid, &sb->namelen); 1862 &sb->files, &sb->ffree, &sb->fsid, &sb->namelen);
1673 if (err) { 1863 if (err) {
1674 P9_DUMP_PKT(1, req->rc); 1864 trace_9p_protocol_dump(clnt, req->rc);
1675 p9_free_req(clnt, req); 1865 p9_free_req(clnt, req);
1676 goto error; 1866 goto error;
1677 } 1867 }
@@ -1778,7 +1968,7 @@ struct p9_fid *p9_client_xattrwalk(struct p9_fid *file_fid,
1778 } 1968 }
1779 err = p9pdu_readf(req->rc, clnt->proto_version, "q", attr_size); 1969 err = p9pdu_readf(req->rc, clnt->proto_version, "q", attr_size);
1780 if (err) { 1970 if (err) {
1781 P9_DUMP_PKT(1, req->rc); 1971 trace_9p_protocol_dump(clnt, req->rc);
1782 p9_free_req(clnt, req); 1972 p9_free_req(clnt, req);
1783 goto clunk_fid; 1973 goto clunk_fid;
1784 } 1974 }
@@ -1824,7 +2014,7 @@ EXPORT_SYMBOL_GPL(p9_client_xattrcreate);
1824 2014
1825int p9_client_readdir(struct p9_fid *fid, char *data, u32 count, u64 offset) 2015int p9_client_readdir(struct p9_fid *fid, char *data, u32 count, u64 offset)
1826{ 2016{
1827 int err, rsize; 2017 int err, rsize, non_zc = 0;
1828 struct p9_client *clnt; 2018 struct p9_client *clnt;
1829 struct p9_req_t *req; 2019 struct p9_req_t *req;
1830 char *dataptr; 2020 char *dataptr;
@@ -1842,13 +2032,18 @@ int p9_client_readdir(struct p9_fid *fid, char *data, u32 count, u64 offset)
1842 if (count < rsize) 2032 if (count < rsize)
1843 rsize = count; 2033 rsize = count;
1844 2034
1845 if ((clnt->trans_mod->pref & P9_TRANS_PREF_PAYLOAD_MASK) == 2035 /* Don't bother zerocopy for small IO (< 1024) */
1846 P9_TRANS_PREF_PAYLOAD_SEP) { 2036 if (clnt->trans_mod->zc_request && rsize > 1024) {
1847 req = p9_client_rpc(clnt, P9_TREADDIR, "dqF", fid->fid, 2037 /*
1848 offset, rsize, data); 2038 * response header len is 11
2039 * PDU Header(7) + IO Size (4)
2040 */
2041 req = p9_client_zc_rpc(clnt, P9_TREADDIR, data, NULL, rsize, 0,
2042 11, 1, "dqd", fid->fid, offset, rsize);
1849 } else { 2043 } else {
2044 non_zc = 1;
1850 req = p9_client_rpc(clnt, P9_TREADDIR, "dqd", fid->fid, 2045 req = p9_client_rpc(clnt, P9_TREADDIR, "dqd", fid->fid,
1851 offset, rsize); 2046 offset, rsize);
1852 } 2047 }
1853 if (IS_ERR(req)) { 2048 if (IS_ERR(req)) {
1854 err = PTR_ERR(req); 2049 err = PTR_ERR(req);
@@ -1857,13 +2052,13 @@ int p9_client_readdir(struct p9_fid *fid, char *data, u32 count, u64 offset)
1857 2052
1858 err = p9pdu_readf(req->rc, clnt->proto_version, "D", &count, &dataptr); 2053 err = p9pdu_readf(req->rc, clnt->proto_version, "D", &count, &dataptr);
1859 if (err) { 2054 if (err) {
1860 P9_DUMP_PKT(1, req->rc); 2055 trace_9p_protocol_dump(clnt, req->rc);
1861 goto free_and_error; 2056 goto free_and_error;
1862 } 2057 }
1863 2058
1864 P9_DPRINTK(P9_DEBUG_9P, "<<< RREADDIR count %d\n", count); 2059 P9_DPRINTK(P9_DEBUG_9P, "<<< RREADDIR count %d\n", count);
1865 2060
1866 if (!req->tc->pbuf_size && data) 2061 if (non_zc)
1867 memmove(data, dataptr, count); 2062 memmove(data, dataptr, count);
1868 2063
1869 p9_free_req(clnt, req); 2064 p9_free_req(clnt, req);
@@ -1894,7 +2089,7 @@ int p9_client_mknod_dotl(struct p9_fid *fid, char *name, int mode,
1894 2089
1895 err = p9pdu_readf(req->rc, clnt->proto_version, "Q", qid); 2090 err = p9pdu_readf(req->rc, clnt->proto_version, "Q", qid);
1896 if (err) { 2091 if (err) {
1897 P9_DUMP_PKT(1, req->rc); 2092 trace_9p_protocol_dump(clnt, req->rc);
1898 goto error; 2093 goto error;
1899 } 2094 }
1900 P9_DPRINTK(P9_DEBUG_9P, "<<< RMKNOD qid %x.%llx.%x\n", qid->type, 2095 P9_DPRINTK(P9_DEBUG_9P, "<<< RMKNOD qid %x.%llx.%x\n", qid->type,
@@ -1925,7 +2120,7 @@ int p9_client_mkdir_dotl(struct p9_fid *fid, char *name, int mode,
1925 2120
1926 err = p9pdu_readf(req->rc, clnt->proto_version, "Q", qid); 2121 err = p9pdu_readf(req->rc, clnt->proto_version, "Q", qid);
1927 if (err) { 2122 if (err) {
1928 P9_DUMP_PKT(1, req->rc); 2123 trace_9p_protocol_dump(clnt, req->rc);
1929 goto error; 2124 goto error;
1930 } 2125 }
1931 P9_DPRINTK(P9_DEBUG_9P, "<<< RMKDIR qid %x.%llx.%x\n", qid->type, 2126 P9_DPRINTK(P9_DEBUG_9P, "<<< RMKDIR qid %x.%llx.%x\n", qid->type,
@@ -1960,7 +2155,7 @@ int p9_client_lock_dotl(struct p9_fid *fid, struct p9_flock *flock, u8 *status)
1960 2155
1961 err = p9pdu_readf(req->rc, clnt->proto_version, "b", status); 2156 err = p9pdu_readf(req->rc, clnt->proto_version, "b", status);
1962 if (err) { 2157 if (err) {
1963 P9_DUMP_PKT(1, req->rc); 2158 trace_9p_protocol_dump(clnt, req->rc);
1964 goto error; 2159 goto error;
1965 } 2160 }
1966 P9_DPRINTK(P9_DEBUG_9P, "<<< RLOCK status %i\n", *status); 2161 P9_DPRINTK(P9_DEBUG_9P, "<<< RLOCK status %i\n", *status);
@@ -1993,7 +2188,7 @@ int p9_client_getlock_dotl(struct p9_fid *fid, struct p9_getlock *glock)
1993 &glock->start, &glock->length, &glock->proc_id, 2188 &glock->start, &glock->length, &glock->proc_id,
1994 &glock->client_id); 2189 &glock->client_id);
1995 if (err) { 2190 if (err) {
1996 P9_DUMP_PKT(1, req->rc); 2191 trace_9p_protocol_dump(clnt, req->rc);
1997 goto error; 2192 goto error;
1998 } 2193 }
1999 P9_DPRINTK(P9_DEBUG_9P, "<<< RGETLOCK type %i start %lld length %lld " 2194 P9_DPRINTK(P9_DEBUG_9P, "<<< RGETLOCK type %i start %lld length %lld "
@@ -2021,7 +2216,7 @@ int p9_client_readlink(struct p9_fid *fid, char **target)
2021 2216
2022 err = p9pdu_readf(req->rc, clnt->proto_version, "s", target); 2217 err = p9pdu_readf(req->rc, clnt->proto_version, "s", target);
2023 if (err) { 2218 if (err) {
2024 P9_DUMP_PKT(1, req->rc); 2219 trace_9p_protocol_dump(clnt, req->rc);
2025 goto error; 2220 goto error;
2026 } 2221 }
2027 P9_DPRINTK(P9_DEBUG_9P, "<<< RREADLINK target %s\n", *target); 2222 P9_DPRINTK(P9_DEBUG_9P, "<<< RREADLINK target %s\n", *target);
diff --git a/net/9p/protocol.c b/net/9p/protocol.c
index df58375ea6b3..55e10a96c902 100644
--- a/net/9p/protocol.c
+++ b/net/9p/protocol.c
@@ -37,40 +37,11 @@
37#include <net/9p/client.h> 37#include <net/9p/client.h>
38#include "protocol.h" 38#include "protocol.h"
39 39
40#include <trace/events/9p.h>
41
40static int 42static int
41p9pdu_writef(struct p9_fcall *pdu, int proto_version, const char *fmt, ...); 43p9pdu_writef(struct p9_fcall *pdu, int proto_version, const char *fmt, ...);
42 44
43#ifdef CONFIG_NET_9P_DEBUG
44void
45p9pdu_dump(int way, struct p9_fcall *pdu)
46{
47 int len = pdu->size;
48
49 if ((p9_debug_level & P9_DEBUG_VPKT) != P9_DEBUG_VPKT) {
50 if ((p9_debug_level & P9_DEBUG_PKT) == P9_DEBUG_PKT) {
51 if (len > 32)
52 len = 32;
53 } else {
54 /* shouldn't happen */
55 return;
56 }
57 }
58
59 if (way)
60 print_hex_dump_bytes("[9P] ", DUMP_PREFIX_OFFSET, pdu->sdata,
61 len);
62 else
63 print_hex_dump_bytes("]9P[ ", DUMP_PREFIX_OFFSET, pdu->sdata,
64 len);
65}
66#else
67void
68p9pdu_dump(int way, struct p9_fcall *pdu)
69{
70}
71#endif
72EXPORT_SYMBOL(p9pdu_dump);
73
74void p9stat_free(struct p9_wstat *stbuf) 45void p9stat_free(struct p9_wstat *stbuf)
75{ 46{
76 kfree(stbuf->name); 47 kfree(stbuf->name);
@@ -81,7 +52,7 @@ void p9stat_free(struct p9_wstat *stbuf)
81} 52}
82EXPORT_SYMBOL(p9stat_free); 53EXPORT_SYMBOL(p9stat_free);
83 54
84static size_t pdu_read(struct p9_fcall *pdu, void *data, size_t size) 55size_t pdu_read(struct p9_fcall *pdu, void *data, size_t size)
85{ 56{
86 size_t len = min(pdu->size - pdu->offset, size); 57 size_t len = min(pdu->size - pdu->offset, size);
87 memcpy(data, &pdu->sdata[pdu->offset], len); 58 memcpy(data, &pdu->sdata[pdu->offset], len);
@@ -108,26 +79,6 @@ pdu_write_u(struct p9_fcall *pdu, const char __user *udata, size_t size)
108 return size - len; 79 return size - len;
109} 80}
110 81
111static size_t
112pdu_write_urw(struct p9_fcall *pdu, const char *kdata, const char __user *udata,
113 size_t size)
114{
115 BUG_ON(pdu->size > P9_IOHDRSZ);
116 pdu->pubuf = (char __user *)udata;
117 pdu->pkbuf = (char *)kdata;
118 pdu->pbuf_size = size;
119 return 0;
120}
121
122static size_t
123pdu_write_readdir(struct p9_fcall *pdu, const char *kdata, size_t size)
124{
125 BUG_ON(pdu->size > P9_READDIRHDRSZ);
126 pdu->pkbuf = (char *)kdata;
127 pdu->pbuf_size = size;
128 return 0;
129}
130
131/* 82/*
132 b - int8_t 83 b - int8_t
133 w - int16_t 84 w - int16_t
@@ -459,26 +410,6 @@ p9pdu_vwritef(struct p9_fcall *pdu, int proto_version, const char *fmt,
459 errcode = -EFAULT; 410 errcode = -EFAULT;
460 } 411 }
461 break; 412 break;
462 case 'E':{
463 int32_t cnt = va_arg(ap, int32_t);
464 const char *k = va_arg(ap, const void *);
465 const char __user *u = va_arg(ap,
466 const void __user *);
467 errcode = p9pdu_writef(pdu, proto_version, "d",
468 cnt);
469 if (!errcode && pdu_write_urw(pdu, k, u, cnt))
470 errcode = -EFAULT;
471 }
472 break;
473 case 'F':{
474 int32_t cnt = va_arg(ap, int32_t);
475 const char *k = va_arg(ap, const void *);
476 errcode = p9pdu_writef(pdu, proto_version, "d",
477 cnt);
478 if (!errcode && pdu_write_readdir(pdu, k, cnt))
479 errcode = -EFAULT;
480 }
481 break;
482 case 'U':{ 413 case 'U':{
483 int32_t count = va_arg(ap, int32_t); 414 int32_t count = va_arg(ap, int32_t);
484 const char __user *udata = 415 const char __user *udata =
@@ -591,7 +522,7 @@ p9pdu_writef(struct p9_fcall *pdu, int proto_version, const char *fmt, ...)
591 return ret; 522 return ret;
592} 523}
593 524
594int p9stat_read(char *buf, int len, struct p9_wstat *st, int proto_version) 525int p9stat_read(struct p9_client *clnt, char *buf, int len, struct p9_wstat *st)
595{ 526{
596 struct p9_fcall fake_pdu; 527 struct p9_fcall fake_pdu;
597 int ret; 528 int ret;
@@ -601,10 +532,10 @@ int p9stat_read(char *buf, int len, struct p9_wstat *st, int proto_version)
601 fake_pdu.sdata = buf; 532 fake_pdu.sdata = buf;
602 fake_pdu.offset = 0; 533 fake_pdu.offset = 0;
603 534
604 ret = p9pdu_readf(&fake_pdu, proto_version, "S", st); 535 ret = p9pdu_readf(&fake_pdu, clnt->proto_version, "S", st);
605 if (ret) { 536 if (ret) {
606 P9_DPRINTK(P9_DEBUG_9P, "<<< p9stat_read failed: %d\n", ret); 537 P9_DPRINTK(P9_DEBUG_9P, "<<< p9stat_read failed: %d\n", ret);
607 P9_DUMP_PKT(0, &fake_pdu); 538 trace_9p_protocol_dump(clnt, &fake_pdu);
608 } 539 }
609 540
610 return ret; 541 return ret;
@@ -617,7 +548,7 @@ int p9pdu_prepare(struct p9_fcall *pdu, int16_t tag, int8_t type)
617 return p9pdu_writef(pdu, 0, "dbw", 0, type, tag); 548 return p9pdu_writef(pdu, 0, "dbw", 0, type, tag);
618} 549}
619 550
620int p9pdu_finalize(struct p9_fcall *pdu) 551int p9pdu_finalize(struct p9_client *clnt, struct p9_fcall *pdu)
621{ 552{
622 int size = pdu->size; 553 int size = pdu->size;
623 int err; 554 int err;
@@ -626,7 +557,7 @@ int p9pdu_finalize(struct p9_fcall *pdu)
626 err = p9pdu_writef(pdu, 0, "d", size); 557 err = p9pdu_writef(pdu, 0, "d", size);
627 pdu->size = size; 558 pdu->size = size;
628 559
629 P9_DUMP_PKT(0, pdu); 560 trace_9p_protocol_dump(clnt, pdu);
630 P9_DPRINTK(P9_DEBUG_9P, ">>> size=%d type: %d tag: %d\n", pdu->size, 561 P9_DPRINTK(P9_DEBUG_9P, ">>> size=%d type: %d tag: %d\n", pdu->size,
631 pdu->id, pdu->tag); 562 pdu->id, pdu->tag);
632 563
@@ -637,14 +568,10 @@ void p9pdu_reset(struct p9_fcall *pdu)
637{ 568{
638 pdu->offset = 0; 569 pdu->offset = 0;
639 pdu->size = 0; 570 pdu->size = 0;
640 pdu->private = NULL;
641 pdu->pubuf = NULL;
642 pdu->pkbuf = NULL;
643 pdu->pbuf_size = 0;
644} 571}
645 572
646int p9dirent_read(char *buf, int len, struct p9_dirent *dirent, 573int p9dirent_read(struct p9_client *clnt, char *buf, int len,
647 int proto_version) 574 struct p9_dirent *dirent)
648{ 575{
649 struct p9_fcall fake_pdu; 576 struct p9_fcall fake_pdu;
650 int ret; 577 int ret;
@@ -655,11 +582,11 @@ int p9dirent_read(char *buf, int len, struct p9_dirent *dirent,
655 fake_pdu.sdata = buf; 582 fake_pdu.sdata = buf;
656 fake_pdu.offset = 0; 583 fake_pdu.offset = 0;
657 584
658 ret = p9pdu_readf(&fake_pdu, proto_version, "Qqbs", &dirent->qid, 585 ret = p9pdu_readf(&fake_pdu, clnt->proto_version, "Qqbs", &dirent->qid,
659 &dirent->d_off, &dirent->d_type, &nameptr); 586 &dirent->d_off, &dirent->d_type, &nameptr);
660 if (ret) { 587 if (ret) {
661 P9_DPRINTK(P9_DEBUG_9P, "<<< p9dirent_read failed: %d\n", ret); 588 P9_DPRINTK(P9_DEBUG_9P, "<<< p9dirent_read failed: %d\n", ret);
662 P9_DUMP_PKT(1, &fake_pdu); 589 trace_9p_protocol_dump(clnt, &fake_pdu);
663 goto out; 590 goto out;
664 } 591 }
665 592
diff --git a/net/9p/protocol.h b/net/9p/protocol.h
index 2431c0f38d56..2cc525fa49fa 100644
--- a/net/9p/protocol.h
+++ b/net/9p/protocol.h
@@ -29,6 +29,6 @@ int p9pdu_vwritef(struct p9_fcall *pdu, int proto_version, const char *fmt,
29 va_list ap); 29 va_list ap);
30int p9pdu_readf(struct p9_fcall *pdu, int proto_version, const char *fmt, ...); 30int p9pdu_readf(struct p9_fcall *pdu, int proto_version, const char *fmt, ...);
31int p9pdu_prepare(struct p9_fcall *pdu, int16_t tag, int8_t type); 31int p9pdu_prepare(struct p9_fcall *pdu, int16_t tag, int8_t type);
32int p9pdu_finalize(struct p9_fcall *pdu); 32int p9pdu_finalize(struct p9_client *clnt, struct p9_fcall *pdu);
33void p9pdu_dump(int, struct p9_fcall *);
34void p9pdu_reset(struct p9_fcall *pdu); 33void p9pdu_reset(struct p9_fcall *pdu);
34size_t pdu_read(struct p9_fcall *pdu, void *data, size_t size);
diff --git a/net/9p/trans_common.c b/net/9p/trans_common.c
index 9a70ebdec56e..de8df957867d 100644
--- a/net/9p/trans_common.c
+++ b/net/9p/trans_common.c
@@ -21,30 +21,25 @@
21 21
22/** 22/**
23 * p9_release_req_pages - Release pages after the transaction. 23 * p9_release_req_pages - Release pages after the transaction.
24 * @*private: PDU's private page of struct trans_rpage_info
25 */ 24 */
26void 25void p9_release_pages(struct page **pages, int nr_pages)
27p9_release_req_pages(struct trans_rpage_info *rpinfo)
28{ 26{
29 int i = 0; 27 int i = 0;
30 28 while (pages[i] && nr_pages--) {
31 while (rpinfo->rp_data[i] && rpinfo->rp_nr_pages--) { 29 put_page(pages[i]);
32 put_page(rpinfo->rp_data[i]);
33 i++; 30 i++;
34 } 31 }
35} 32}
36EXPORT_SYMBOL(p9_release_req_pages); 33EXPORT_SYMBOL(p9_release_pages);
37 34
38/** 35/**
39 * p9_nr_pages - Return number of pages needed to accommodate the payload. 36 * p9_nr_pages - Return number of pages needed to accommodate the payload.
40 */ 37 */
41int 38int p9_nr_pages(char *data, int len)
42p9_nr_pages(struct p9_req_t *req)
43{ 39{
44 unsigned long start_page, end_page; 40 unsigned long start_page, end_page;
45 start_page = (unsigned long)req->tc->pubuf >> PAGE_SHIFT; 41 start_page = (unsigned long)data >> PAGE_SHIFT;
46 end_page = ((unsigned long)req->tc->pubuf + req->tc->pbuf_size + 42 end_page = ((unsigned long)data + len + PAGE_SIZE - 1) >> PAGE_SHIFT;
47 PAGE_SIZE - 1) >> PAGE_SHIFT;
48 return end_page - start_page; 43 return end_page - start_page;
49} 44}
50EXPORT_SYMBOL(p9_nr_pages); 45EXPORT_SYMBOL(p9_nr_pages);
@@ -58,35 +53,17 @@ EXPORT_SYMBOL(p9_nr_pages);
58 * @nr_pages: number of pages to accommodate the payload 53 * @nr_pages: number of pages to accommodate the payload
59 * @rw: Indicates if the pages are for read or write. 54 * @rw: Indicates if the pages are for read or write.
60 */ 55 */
61int
62p9_payload_gup(struct p9_req_t *req, size_t *pdata_off, int *pdata_len,
63 int nr_pages, u8 rw)
64{
65 uint32_t first_page_bytes = 0;
66 int32_t pdata_mapped_pages;
67 struct trans_rpage_info *rpinfo;
68
69 *pdata_off = (__force size_t)req->tc->pubuf & (PAGE_SIZE-1);
70 56
71 if (*pdata_off) 57int p9_payload_gup(char *data, int *nr_pages, struct page **pages, int write)
72 first_page_bytes = min(((size_t)PAGE_SIZE - *pdata_off), 58{
73 req->tc->pbuf_size); 59 int nr_mapped_pages;
74 60
75 rpinfo = req->tc->private; 61 nr_mapped_pages = get_user_pages_fast((unsigned long)data,
76 pdata_mapped_pages = get_user_pages_fast((unsigned long)req->tc->pubuf, 62 *nr_pages, write, pages);
77 nr_pages, rw, &rpinfo->rp_data[0]); 63 if (nr_mapped_pages <= 0)
78 if (pdata_mapped_pages <= 0) 64 return nr_mapped_pages;
79 return pdata_mapped_pages;
80 65
81 rpinfo->rp_nr_pages = pdata_mapped_pages; 66 *nr_pages = nr_mapped_pages;
82 if (*pdata_off) {
83 *pdata_len = first_page_bytes;
84 *pdata_len += min((req->tc->pbuf_size - *pdata_len),
85 ((size_t)pdata_mapped_pages - 1) << PAGE_SHIFT);
86 } else {
87 *pdata_len = min(req->tc->pbuf_size,
88 (size_t)pdata_mapped_pages << PAGE_SHIFT);
89 }
90 return 0; 67 return 0;
91} 68}
92EXPORT_SYMBOL(p9_payload_gup); 69EXPORT_SYMBOL(p9_payload_gup);
diff --git a/net/9p/trans_common.h b/net/9p/trans_common.h
index 76309223bb02..173bb550a9eb 100644
--- a/net/9p/trans_common.h
+++ b/net/9p/trans_common.h
@@ -12,21 +12,6 @@
12 * 12 *
13 */ 13 */
14 14
15/* TRUE if it is user context */ 15void p9_release_pages(struct page **, int);
16#define P9_IS_USER_CONTEXT (!segment_eq(get_fs(), KERNEL_DS)) 16int p9_payload_gup(char *, int *, struct page **, int);
17 17int p9_nr_pages(char *, int);
18/**
19 * struct trans_rpage_info - To store mapped page information in PDU.
20 * @rp_alloc:Set if this structure is allocd, not a reuse unused space in pdu.
21 * @rp_nr_pages: Number of mapped pages
22 * @rp_data: Array of page pointers
23 */
24struct trans_rpage_info {
25 u8 rp_alloc;
26 int rp_nr_pages;
27 struct page *rp_data[0];
28};
29
30void p9_release_req_pages(struct trans_rpage_info *);
31int p9_payload_gup(struct p9_req_t *, size_t *, int *, int, u8);
32int p9_nr_pages(struct p9_req_t *);
diff --git a/net/9p/trans_virtio.c b/net/9p/trans_virtio.c
index 175b5135bdcf..32aa9834229c 100644
--- a/net/9p/trans_virtio.c
+++ b/net/9p/trans_virtio.c
@@ -150,12 +150,10 @@ static void req_done(struct virtqueue *vq)
150 while (1) { 150 while (1) {
151 spin_lock_irqsave(&chan->lock, flags); 151 spin_lock_irqsave(&chan->lock, flags);
152 rc = virtqueue_get_buf(chan->vq, &len); 152 rc = virtqueue_get_buf(chan->vq, &len);
153
154 if (rc == NULL) { 153 if (rc == NULL) {
155 spin_unlock_irqrestore(&chan->lock, flags); 154 spin_unlock_irqrestore(&chan->lock, flags);
156 break; 155 break;
157 } 156 }
158
159 chan->ring_bufs_avail = 1; 157 chan->ring_bufs_avail = 1;
160 spin_unlock_irqrestore(&chan->lock, flags); 158 spin_unlock_irqrestore(&chan->lock, flags);
161 /* Wakeup if anyone waiting for VirtIO ring space. */ 159 /* Wakeup if anyone waiting for VirtIO ring space. */
@@ -163,17 +161,6 @@ static void req_done(struct virtqueue *vq)
163 P9_DPRINTK(P9_DEBUG_TRANS, ": rc %p\n", rc); 161 P9_DPRINTK(P9_DEBUG_TRANS, ": rc %p\n", rc);
164 P9_DPRINTK(P9_DEBUG_TRANS, ": lookup tag %d\n", rc->tag); 162 P9_DPRINTK(P9_DEBUG_TRANS, ": lookup tag %d\n", rc->tag);
165 req = p9_tag_lookup(chan->client, rc->tag); 163 req = p9_tag_lookup(chan->client, rc->tag);
166 if (req->tc->private) {
167 struct trans_rpage_info *rp = req->tc->private;
168 int p = rp->rp_nr_pages;
169 /*Release pages */
170 p9_release_req_pages(rp);
171 atomic_sub(p, &vp_pinned);
172 wake_up(&vp_wq);
173 if (rp->rp_alloc)
174 kfree(rp);
175 req->tc->private = NULL;
176 }
177 req->status = REQ_STATUS_RCVD; 164 req->status = REQ_STATUS_RCVD;
178 p9_client_cb(chan->client, req); 165 p9_client_cb(chan->client, req);
179 } 166 }
@@ -193,9 +180,8 @@ static void req_done(struct virtqueue *vq)
193 * 180 *
194 */ 181 */
195 182
196static int 183static int pack_sg_list(struct scatterlist *sg, int start,
197pack_sg_list(struct scatterlist *sg, int start, int limit, char *data, 184 int limit, char *data, int count)
198 int count)
199{ 185{
200 int s; 186 int s;
201 int index = start; 187 int index = start;
@@ -224,31 +210,36 @@ static int p9_virtio_cancel(struct p9_client *client, struct p9_req_t *req)
224 * this takes a list of pages. 210 * this takes a list of pages.
225 * @sg: scatter/gather list to pack into 211 * @sg: scatter/gather list to pack into
226 * @start: which segment of the sg_list to start at 212 * @start: which segment of the sg_list to start at
227 * @pdata_off: Offset into the first page
228 * @**pdata: a list of pages to add into sg. 213 * @**pdata: a list of pages to add into sg.
214 * @nr_pages: number of pages to pack into the scatter/gather list
215 * @data: data to pack into scatter/gather list
229 * @count: amount of data to pack into the scatter/gather list 216 * @count: amount of data to pack into the scatter/gather list
230 */ 217 */
231static int 218static int
232pack_sg_list_p(struct scatterlist *sg, int start, int limit, size_t pdata_off, 219pack_sg_list_p(struct scatterlist *sg, int start, int limit,
233 struct page **pdata, int count) 220 struct page **pdata, int nr_pages, char *data, int count)
234{ 221{
235 int s; 222 int i = 0, s;
236 int i = 0; 223 int data_off;
237 int index = start; 224 int index = start;
238 225
239 if (pdata_off) { 226 BUG_ON(nr_pages > (limit - start));
240 s = min((int)(PAGE_SIZE - pdata_off), count); 227 /*
241 sg_set_page(&sg[index++], pdata[i++], s, pdata_off); 228 * if the first page doesn't start at
242 count -= s; 229 * page boundary find the offset
243 } 230 */
244 231 data_off = offset_in_page(data);
245 while (count) { 232 while (nr_pages) {
246 BUG_ON(index > limit); 233 s = rest_of_page(data);
247 s = min((int)PAGE_SIZE, count); 234 if (s > count)
248 sg_set_page(&sg[index++], pdata[i++], s, 0); 235 s = count;
236 sg_set_page(&sg[index++], pdata[i++], s, data_off);
237 data_off = 0;
238 data += s;
249 count -= s; 239 count -= s;
240 nr_pages--;
250 } 241 }
251 return index-start; 242 return index - start;
252} 243}
253 244
254/** 245/**
@@ -261,114 +252,166 @@ pack_sg_list_p(struct scatterlist *sg, int start, int limit, size_t pdata_off,
261static int 252static int
262p9_virtio_request(struct p9_client *client, struct p9_req_t *req) 253p9_virtio_request(struct p9_client *client, struct p9_req_t *req)
263{ 254{
264 int in, out, inp, outp; 255 int err;
265 struct virtio_chan *chan = client->trans; 256 int in, out;
266 char *rdata = (char *)req->rc+sizeof(struct p9_fcall);
267 unsigned long flags; 257 unsigned long flags;
268 size_t pdata_off = 0; 258 struct virtio_chan *chan = client->trans;
269 struct trans_rpage_info *rpinfo = NULL;
270 int err, pdata_len = 0;
271 259
272 P9_DPRINTK(P9_DEBUG_TRANS, "9p debug: virtio request\n"); 260 P9_DPRINTK(P9_DEBUG_TRANS, "9p debug: virtio request\n");
273 261
274 req->status = REQ_STATUS_SENT; 262 req->status = REQ_STATUS_SENT;
263req_retry:
264 spin_lock_irqsave(&chan->lock, flags);
275 265
276 if (req->tc->pbuf_size && (req->tc->pubuf && P9_IS_USER_CONTEXT)) { 266 /* Handle out VirtIO ring buffers */
277 int nr_pages = p9_nr_pages(req); 267 out = pack_sg_list(chan->sg, 0,
278 int rpinfo_size = sizeof(struct trans_rpage_info) + 268 VIRTQUEUE_NUM, req->tc->sdata, req->tc->size);
279 sizeof(struct page *) * nr_pages;
280 269
281 if (atomic_read(&vp_pinned) >= chan->p9_max_pages) { 270 in = pack_sg_list(chan->sg, out,
282 err = wait_event_interruptible(vp_wq, 271 VIRTQUEUE_NUM, req->rc->sdata, req->rc->capacity);
283 atomic_read(&vp_pinned) < chan->p9_max_pages); 272
273 err = virtqueue_add_buf(chan->vq, chan->sg, out, in, req->tc);
274 if (err < 0) {
275 if (err == -ENOSPC) {
276 chan->ring_bufs_avail = 0;
277 spin_unlock_irqrestore(&chan->lock, flags);
278 err = wait_event_interruptible(*chan->vc_wq,
279 chan->ring_bufs_avail);
284 if (err == -ERESTARTSYS) 280 if (err == -ERESTARTSYS)
285 return err; 281 return err;
286 P9_DPRINTK(P9_DEBUG_TRANS, "9p: May gup pages now.\n");
287 }
288 282
289 if (rpinfo_size <= (req->tc->capacity - req->tc->size)) { 283 P9_DPRINTK(P9_DEBUG_TRANS, "9p:Retry virtio request\n");
290 /* We can use sdata */ 284 goto req_retry;
291 req->tc->private = req->tc->sdata + req->tc->size;
292 rpinfo = (struct trans_rpage_info *)req->tc->private;
293 rpinfo->rp_alloc = 0;
294 } else { 285 } else {
295 req->tc->private = kmalloc(rpinfo_size, GFP_NOFS); 286 spin_unlock_irqrestore(&chan->lock, flags);
296 if (!req->tc->private) { 287 P9_DPRINTK(P9_DEBUG_TRANS,
297 P9_DPRINTK(P9_DEBUG_TRANS, "9p debug: " 288 "9p debug: "
298 "private kmalloc returned NULL"); 289 "virtio rpc add_buf returned failure");
299 return -ENOMEM; 290 return -EIO;
300 }
301 rpinfo = (struct trans_rpage_info *)req->tc->private;
302 rpinfo->rp_alloc = 1;
303 } 291 }
292 }
293 virtqueue_kick(chan->vq);
294 spin_unlock_irqrestore(&chan->lock, flags);
304 295
305 err = p9_payload_gup(req, &pdata_off, &pdata_len, nr_pages, 296 P9_DPRINTK(P9_DEBUG_TRANS, "9p debug: virtio request kicked\n");
306 req->tc->id == P9_TREAD ? 1 : 0); 297 return 0;
307 if (err < 0) { 298}
308 if (rpinfo->rp_alloc) 299
309 kfree(rpinfo); 300static int p9_get_mapped_pages(struct virtio_chan *chan,
301 struct page **pages, char *data,
302 int nr_pages, int write, int kern_buf)
303{
304 int err;
305 if (!kern_buf) {
306 /*
307 * We allow only p9_max_pages pinned. We wait for the
308 * Other zc request to finish here
309 */
310 if (atomic_read(&vp_pinned) >= chan->p9_max_pages) {
311 err = wait_event_interruptible(vp_wq,
312 (atomic_read(&vp_pinned) < chan->p9_max_pages));
313 if (err == -ERESTARTSYS)
314 return err;
315 }
316 err = p9_payload_gup(data, &nr_pages, pages, write);
317 if (err < 0)
310 return err; 318 return err;
311 } else { 319 atomic_add(nr_pages, &vp_pinned);
312 atomic_add(rpinfo->rp_nr_pages, &vp_pinned); 320 } else {
321 /* kernel buffer, no need to pin pages */
322 int s, index = 0;
323 int count = nr_pages;
324 while (nr_pages) {
325 s = rest_of_page(data);
326 pages[index++] = virt_to_page(data);
327 data += s;
328 nr_pages--;
313 } 329 }
330 nr_pages = count;
314 } 331 }
332 return nr_pages;
333}
315 334
316req_retry_pinned: 335/**
317 spin_lock_irqsave(&chan->lock, flags); 336 * p9_virtio_zc_request - issue a zero copy request
337 * @client: client instance issuing the request
338 * @req: request to be issued
339 * @uidata: user bffer that should be ued for zero copy read
340 * @uodata: user buffer that shoud be user for zero copy write
341 * @inlen: read buffer size
342 * @olen: write buffer size
343 * @hdrlen: reader header size, This is the size of response protocol data
344 *
345 */
346static int
347p9_virtio_zc_request(struct p9_client *client, struct p9_req_t *req,
348 char *uidata, char *uodata, int inlen,
349 int outlen, int in_hdr_len, int kern_buf)
350{
351 int in, out, err;
352 unsigned long flags;
353 int in_nr_pages = 0, out_nr_pages = 0;
354 struct page **in_pages = NULL, **out_pages = NULL;
355 struct virtio_chan *chan = client->trans;
318 356
319 /* Handle out VirtIO ring buffers */ 357 P9_DPRINTK(P9_DEBUG_TRANS, "9p debug: virtio request\n");
320 out = pack_sg_list(chan->sg, 0, VIRTQUEUE_NUM, req->tc->sdata, 358
321 req->tc->size); 359 if (uodata) {
322 360 out_nr_pages = p9_nr_pages(uodata, outlen);
323 if (req->tc->pbuf_size && (req->tc->id == P9_TWRITE)) { 361 out_pages = kmalloc(sizeof(struct page *) * out_nr_pages,
324 /* We have additional write payload buffer to take care */ 362 GFP_NOFS);
325 if (req->tc->pubuf && P9_IS_USER_CONTEXT) { 363 if (!out_pages) {
326 outp = pack_sg_list_p(chan->sg, out, VIRTQUEUE_NUM, 364 err = -ENOMEM;
327 pdata_off, rpinfo->rp_data, pdata_len); 365 goto err_out;
328 } else { 366 }
329 char *pbuf; 367 out_nr_pages = p9_get_mapped_pages(chan, out_pages, uodata,
330 if (req->tc->pubuf) 368 out_nr_pages, 0, kern_buf);
331 pbuf = (__force char *) req->tc->pubuf; 369 if (out_nr_pages < 0) {
332 else 370 err = out_nr_pages;
333 pbuf = req->tc->pkbuf; 371 kfree(out_pages);
334 outp = pack_sg_list(chan->sg, out, VIRTQUEUE_NUM, pbuf, 372 out_pages = NULL;
335 req->tc->pbuf_size); 373 goto err_out;
336 } 374 }
337 out += outp;
338 } 375 }
339 376 if (uidata) {
340 /* Handle in VirtIO ring buffers */ 377 in_nr_pages = p9_nr_pages(uidata, inlen);
341 if (req->tc->pbuf_size && 378 in_pages = kmalloc(sizeof(struct page *) * in_nr_pages,
342 ((req->tc->id == P9_TREAD) || (req->tc->id == P9_TREADDIR))) { 379 GFP_NOFS);
343 /* 380 if (!in_pages) {
344 * Take care of additional Read payload. 381 err = -ENOMEM;
345 * 11 is the read/write header = PDU Header(7) + IO Size (4). 382 goto err_out;
346 * Arrange in such a way that server places header in the 383 }
347 * alloced memory and payload onto the user buffer. 384 in_nr_pages = p9_get_mapped_pages(chan, in_pages, uidata,
348 */ 385 in_nr_pages, 1, kern_buf);
349 inp = pack_sg_list(chan->sg, out, VIRTQUEUE_NUM, rdata, 11); 386 if (in_nr_pages < 0) {
350 /* 387 err = in_nr_pages;
351 * Running executables in the filesystem may result in 388 kfree(in_pages);
352 * a read request with kernel buffer as opposed to user buffer. 389 in_pages = NULL;
353 */ 390 goto err_out;
354 if (req->tc->pubuf && P9_IS_USER_CONTEXT) {
355 in = pack_sg_list_p(chan->sg, out+inp, VIRTQUEUE_NUM,
356 pdata_off, rpinfo->rp_data, pdata_len);
357 } else {
358 char *pbuf;
359 if (req->tc->pubuf)
360 pbuf = (__force char *) req->tc->pubuf;
361 else
362 pbuf = req->tc->pkbuf;
363
364 in = pack_sg_list(chan->sg, out+inp, VIRTQUEUE_NUM,
365 pbuf, req->tc->pbuf_size);
366 } 391 }
367 in += inp;
368 } else {
369 in = pack_sg_list(chan->sg, out, VIRTQUEUE_NUM, rdata,
370 req->rc->capacity);
371 } 392 }
393 req->status = REQ_STATUS_SENT;
394req_retry_pinned:
395 spin_lock_irqsave(&chan->lock, flags);
396 /* out data */
397 out = pack_sg_list(chan->sg, 0,
398 VIRTQUEUE_NUM, req->tc->sdata, req->tc->size);
399
400 if (out_pages)
401 out += pack_sg_list_p(chan->sg, out, VIRTQUEUE_NUM,
402 out_pages, out_nr_pages, uodata, outlen);
403 /*
404 * Take care of in data
405 * For example TREAD have 11.
406 * 11 is the read/write header = PDU Header(7) + IO Size (4).
407 * Arrange in such a way that server places header in the
408 * alloced memory and payload onto the user buffer.
409 */
410 in = pack_sg_list(chan->sg, out,
411 VIRTQUEUE_NUM, req->rc->sdata, in_hdr_len);
412 if (in_pages)
413 in += pack_sg_list_p(chan->sg, out + in, VIRTQUEUE_NUM,
414 in_pages, in_nr_pages, uidata, inlen);
372 415
373 err = virtqueue_add_buf(chan->vq, chan->sg, out, in, req->tc); 416 err = virtqueue_add_buf(chan->vq, chan->sg, out, in, req->tc);
374 if (err < 0) { 417 if (err < 0) {
@@ -376,28 +419,45 @@ req_retry_pinned:
376 chan->ring_bufs_avail = 0; 419 chan->ring_bufs_avail = 0;
377 spin_unlock_irqrestore(&chan->lock, flags); 420 spin_unlock_irqrestore(&chan->lock, flags);
378 err = wait_event_interruptible(*chan->vc_wq, 421 err = wait_event_interruptible(*chan->vc_wq,
379 chan->ring_bufs_avail); 422 chan->ring_bufs_avail);
380 if (err == -ERESTARTSYS) 423 if (err == -ERESTARTSYS)
381 return err; 424 goto err_out;
382 425
383 P9_DPRINTK(P9_DEBUG_TRANS, "9p:Retry virtio request\n"); 426 P9_DPRINTK(P9_DEBUG_TRANS, "9p:Retry virtio request\n");
384 goto req_retry_pinned; 427 goto req_retry_pinned;
385 } else { 428 } else {
386 spin_unlock_irqrestore(&chan->lock, flags); 429 spin_unlock_irqrestore(&chan->lock, flags);
387 P9_DPRINTK(P9_DEBUG_TRANS, 430 P9_DPRINTK(P9_DEBUG_TRANS,
388 "9p debug: " 431 "9p debug: "
389 "virtio rpc add_buf returned failure"); 432 "virtio rpc add_buf returned failure");
390 if (rpinfo && rpinfo->rp_alloc) 433 err = -EIO;
391 kfree(rpinfo); 434 goto err_out;
392 return -EIO;
393 } 435 }
394 } 436 }
395
396 virtqueue_kick(chan->vq); 437 virtqueue_kick(chan->vq);
397 spin_unlock_irqrestore(&chan->lock, flags); 438 spin_unlock_irqrestore(&chan->lock, flags);
398
399 P9_DPRINTK(P9_DEBUG_TRANS, "9p debug: virtio request kicked\n"); 439 P9_DPRINTK(P9_DEBUG_TRANS, "9p debug: virtio request kicked\n");
400 return 0; 440 err = wait_event_interruptible(*req->wq,
441 req->status >= REQ_STATUS_RCVD);
442 /*
443 * Non kernel buffers are pinned, unpin them
444 */
445err_out:
446 if (!kern_buf) {
447 if (in_pages) {
448 p9_release_pages(in_pages, in_nr_pages);
449 atomic_sub(in_nr_pages, &vp_pinned);
450 }
451 if (out_pages) {
452 p9_release_pages(out_pages, out_nr_pages);
453 atomic_sub(out_nr_pages, &vp_pinned);
454 }
455 /* wakeup anybody waiting for slots to pin pages */
456 wake_up(&vp_wq);
457 }
458 kfree(in_pages);
459 kfree(out_pages);
460 return err;
401} 461}
402 462
403static ssize_t p9_mount_tag_show(struct device *dev, 463static ssize_t p9_mount_tag_show(struct device *dev,
@@ -591,9 +651,15 @@ static struct p9_trans_module p9_virtio_trans = {
591 .create = p9_virtio_create, 651 .create = p9_virtio_create,
592 .close = p9_virtio_close, 652 .close = p9_virtio_close,
593 .request = p9_virtio_request, 653 .request = p9_virtio_request,
654 .zc_request = p9_virtio_zc_request,
594 .cancel = p9_virtio_cancel, 655 .cancel = p9_virtio_cancel,
595 .maxsize = PAGE_SIZE*VIRTQUEUE_NUM, 656 /*
596 .pref = P9_TRANS_PREF_PAYLOAD_SEP, 657 * We leave one entry for input and one entry for response
658 * headers. We also skip one more entry to accomodate, address
659 * that are not at page boundary, that can result in an extra
660 * page in zero copy.
661 */
662 .maxsize = PAGE_SIZE * (VIRTQUEUE_NUM - 3),
597 .def = 0, 663 .def = 0,
598 .owner = THIS_MODULE, 664 .owner = THIS_MODULE,
599}; 665};
diff --git a/net/appletalk/ddp.c b/net/appletalk/ddp.c
index b1fe7c35e8d1..bfa9ab93eda5 100644
--- a/net/appletalk/ddp.c
+++ b/net/appletalk/ddp.c
@@ -951,13 +951,12 @@ static unsigned long atalk_sum_skb(const struct sk_buff *skb, int offset,
951 /* checksum stuff in frags */ 951 /* checksum stuff in frags */
952 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) { 952 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
953 int end; 953 int end;
954 954 const skb_frag_t *frag = &skb_shinfo(skb)->frags[i];
955 WARN_ON(start > offset + len); 955 WARN_ON(start > offset + len);
956 956
957 end = start + skb_shinfo(skb)->frags[i].size; 957 end = start + skb_frag_size(frag);
958 if ((copy = end - offset) > 0) { 958 if ((copy = end - offset) > 0) {
959 u8 *vaddr; 959 u8 *vaddr;
960 skb_frag_t *frag = &skb_shinfo(skb)->frags[i];
961 960
962 if (copy > len) 961 if (copy > len)
963 copy = len; 962 copy = len;
diff --git a/net/atm/br2684.c b/net/atm/br2684.c
index 2252c2085dac..d07223c834af 100644
--- a/net/atm/br2684.c
+++ b/net/atm/br2684.c
@@ -242,8 +242,6 @@ static int br2684_xmit_vcc(struct sk_buff *skb, struct net_device *dev,
242 if (brdev->payload == p_bridged) { 242 if (brdev->payload == p_bridged) {
243 skb_push(skb, 2); 243 skb_push(skb, 2);
244 memset(skb->data, 0, 2); 244 memset(skb->data, 0, 2);
245 } else { /* p_routed */
246 skb_pull(skb, ETH_HLEN);
247 } 245 }
248 } 246 }
249 skb_debug(skb); 247 skb_debug(skb);
@@ -560,12 +558,13 @@ static int br2684_regvcc(struct atm_vcc *atmvcc, void __user * arg)
560 spin_unlock_irqrestore(&rq->lock, flags); 558 spin_unlock_irqrestore(&rq->lock, flags);
561 559
562 skb_queue_walk_safe(&queue, skb, tmp) { 560 skb_queue_walk_safe(&queue, skb, tmp) {
563 struct net_device *dev = skb->dev; 561 struct net_device *dev;
562
563 br2684_push(atmvcc, skb);
564 dev = skb->dev;
564 565
565 dev->stats.rx_bytes -= skb->len; 566 dev->stats.rx_bytes -= skb->len;
566 dev->stats.rx_packets--; 567 dev->stats.rx_packets--;
567
568 br2684_push(atmvcc, skb);
569 } 568 }
570 569
571 /* initialize netdev carrier state */ 570 /* initialize netdev carrier state */
diff --git a/net/atm/lec.c b/net/atm/lec.c
index 215c9fad7cdf..f1964caa0f83 100644
--- a/net/atm/lec.c
+++ b/net/atm/lec.c
@@ -643,7 +643,7 @@ static const struct net_device_ops lec_netdev_ops = {
643 .ndo_start_xmit = lec_start_xmit, 643 .ndo_start_xmit = lec_start_xmit,
644 .ndo_change_mtu = lec_change_mtu, 644 .ndo_change_mtu = lec_change_mtu,
645 .ndo_tx_timeout = lec_tx_timeout, 645 .ndo_tx_timeout = lec_tx_timeout,
646 .ndo_set_multicast_list = lec_set_multicast_list, 646 .ndo_set_rx_mode = lec_set_multicast_list,
647}; 647};
648 648
649static const unsigned char lec_ctrl_magic[] = { 649static const unsigned char lec_ctrl_magic[] = {
diff --git a/net/batman-adv/Makefile b/net/batman-adv/Makefile
index 2de93d00631b..ce6861166499 100644
--- a/net/batman-adv/Makefile
+++ b/net/batman-adv/Makefile
@@ -19,8 +19,8 @@
19# 19#
20 20
21obj-$(CONFIG_BATMAN_ADV) += batman-adv.o 21obj-$(CONFIG_BATMAN_ADV) += batman-adv.o
22batman-adv-y += aggregation.o
23batman-adv-y += bat_debugfs.o 22batman-adv-y += bat_debugfs.o
23batman-adv-y += bat_iv_ogm.o
24batman-adv-y += bat_sysfs.o 24batman-adv-y += bat_sysfs.o
25batman-adv-y += bitarray.o 25batman-adv-y += bitarray.o
26batman-adv-y += gateway_client.o 26batman-adv-y += gateway_client.o
diff --git a/net/batman-adv/aggregation.c b/net/batman-adv/aggregation.c
deleted file mode 100644
index 69467fe71ff2..000000000000
--- a/net/batman-adv/aggregation.c
+++ /dev/null
@@ -1,293 +0,0 @@
1/*
2 * Copyright (C) 2007-2011 B.A.T.M.A.N. contributors:
3 *
4 * Marek Lindner, Simon Wunderlich
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of version 2 of the GNU General Public
8 * License as published by the Free Software Foundation.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
18 * 02110-1301, USA
19 *
20 */
21
22#include "main.h"
23#include "translation-table.h"
24#include "aggregation.h"
25#include "send.h"
26#include "routing.h"
27#include "hard-interface.h"
28
29/* return true if new_packet can be aggregated with forw_packet */
30static bool can_aggregate_with(const struct batman_packet *new_batman_packet,
31 struct bat_priv *bat_priv,
32 int packet_len,
33 unsigned long send_time,
34 bool directlink,
35 const struct hard_iface *if_incoming,
36 const struct forw_packet *forw_packet)
37{
38 struct batman_packet *batman_packet =
39 (struct batman_packet *)forw_packet->skb->data;
40 int aggregated_bytes = forw_packet->packet_len + packet_len;
41 struct hard_iface *primary_if = NULL;
42 bool res = false;
43
44 /**
45 * we can aggregate the current packet to this aggregated packet
46 * if:
47 *
48 * - the send time is within our MAX_AGGREGATION_MS time
49 * - the resulting packet wont be bigger than
50 * MAX_AGGREGATION_BYTES
51 */
52
53 if (time_before(send_time, forw_packet->send_time) &&
54 time_after_eq(send_time + msecs_to_jiffies(MAX_AGGREGATION_MS),
55 forw_packet->send_time) &&
56 (aggregated_bytes <= MAX_AGGREGATION_BYTES)) {
57
58 /**
59 * check aggregation compatibility
60 * -> direct link packets are broadcasted on
61 * their interface only
62 * -> aggregate packet if the current packet is
63 * a "global" packet as well as the base
64 * packet
65 */
66
67 primary_if = primary_if_get_selected(bat_priv);
68 if (!primary_if)
69 goto out;
70
71 /* packets without direct link flag and high TTL
72 * are flooded through the net */
73 if ((!directlink) &&
74 (!(batman_packet->flags & DIRECTLINK)) &&
75 (batman_packet->ttl != 1) &&
76
77 /* own packets originating non-primary
78 * interfaces leave only that interface */
79 ((!forw_packet->own) ||
80 (forw_packet->if_incoming == primary_if))) {
81 res = true;
82 goto out;
83 }
84
85 /* if the incoming packet is sent via this one
86 * interface only - we still can aggregate */
87 if ((directlink) &&
88 (new_batman_packet->ttl == 1) &&
89 (forw_packet->if_incoming == if_incoming) &&
90
91 /* packets from direct neighbors or
92 * own secondary interface packets
93 * (= secondary interface packets in general) */
94 (batman_packet->flags & DIRECTLINK ||
95 (forw_packet->own &&
96 forw_packet->if_incoming != primary_if))) {
97 res = true;
98 goto out;
99 }
100 }
101
102out:
103 if (primary_if)
104 hardif_free_ref(primary_if);
105 return res;
106}
107
108/* create a new aggregated packet and add this packet to it */
109static void new_aggregated_packet(const unsigned char *packet_buff,
110 int packet_len, unsigned long send_time,
111 bool direct_link,
112 struct hard_iface *if_incoming,
113 int own_packet)
114{
115 struct bat_priv *bat_priv = netdev_priv(if_incoming->soft_iface);
116 struct forw_packet *forw_packet_aggr;
117 unsigned char *skb_buff;
118
119 if (!atomic_inc_not_zero(&if_incoming->refcount))
120 return;
121
122 /* own packet should always be scheduled */
123 if (!own_packet) {
124 if (!atomic_dec_not_zero(&bat_priv->batman_queue_left)) {
125 bat_dbg(DBG_BATMAN, bat_priv,
126 "batman packet queue full\n");
127 goto out;
128 }
129 }
130
131 forw_packet_aggr = kmalloc(sizeof(*forw_packet_aggr), GFP_ATOMIC);
132 if (!forw_packet_aggr) {
133 if (!own_packet)
134 atomic_inc(&bat_priv->batman_queue_left);
135 goto out;
136 }
137
138 if ((atomic_read(&bat_priv->aggregated_ogms)) &&
139 (packet_len < MAX_AGGREGATION_BYTES))
140 forw_packet_aggr->skb = dev_alloc_skb(MAX_AGGREGATION_BYTES +
141 sizeof(struct ethhdr));
142 else
143 forw_packet_aggr->skb = dev_alloc_skb(packet_len +
144 sizeof(struct ethhdr));
145
146 if (!forw_packet_aggr->skb) {
147 if (!own_packet)
148 atomic_inc(&bat_priv->batman_queue_left);
149 kfree(forw_packet_aggr);
150 goto out;
151 }
152 skb_reserve(forw_packet_aggr->skb, sizeof(struct ethhdr));
153
154 INIT_HLIST_NODE(&forw_packet_aggr->list);
155
156 skb_buff = skb_put(forw_packet_aggr->skb, packet_len);
157 forw_packet_aggr->packet_len = packet_len;
158 memcpy(skb_buff, packet_buff, packet_len);
159
160 forw_packet_aggr->own = own_packet;
161 forw_packet_aggr->if_incoming = if_incoming;
162 forw_packet_aggr->num_packets = 0;
163 forw_packet_aggr->direct_link_flags = NO_FLAGS;
164 forw_packet_aggr->send_time = send_time;
165
166 /* save packet direct link flag status */
167 if (direct_link)
168 forw_packet_aggr->direct_link_flags |= 1;
169
170 /* add new packet to packet list */
171 spin_lock_bh(&bat_priv->forw_bat_list_lock);
172 hlist_add_head(&forw_packet_aggr->list, &bat_priv->forw_bat_list);
173 spin_unlock_bh(&bat_priv->forw_bat_list_lock);
174
175 /* start timer for this packet */
176 INIT_DELAYED_WORK(&forw_packet_aggr->delayed_work,
177 send_outstanding_bat_packet);
178 queue_delayed_work(bat_event_workqueue,
179 &forw_packet_aggr->delayed_work,
180 send_time - jiffies);
181
182 return;
183out:
184 hardif_free_ref(if_incoming);
185}
186
187/* aggregate a new packet into the existing aggregation */
188static void aggregate(struct forw_packet *forw_packet_aggr,
189 const unsigned char *packet_buff, int packet_len,
190 bool direct_link)
191{
192 unsigned char *skb_buff;
193
194 skb_buff = skb_put(forw_packet_aggr->skb, packet_len);
195 memcpy(skb_buff, packet_buff, packet_len);
196 forw_packet_aggr->packet_len += packet_len;
197 forw_packet_aggr->num_packets++;
198
199 /* save packet direct link flag status */
200 if (direct_link)
201 forw_packet_aggr->direct_link_flags |=
202 (1 << forw_packet_aggr->num_packets);
203}
204
205void add_bat_packet_to_list(struct bat_priv *bat_priv,
206 unsigned char *packet_buff, int packet_len,
207 struct hard_iface *if_incoming, int own_packet,
208 unsigned long send_time)
209{
210 /**
211 * _aggr -> pointer to the packet we want to aggregate with
212 * _pos -> pointer to the position in the queue
213 */
214 struct forw_packet *forw_packet_aggr = NULL, *forw_packet_pos = NULL;
215 struct hlist_node *tmp_node;
216 struct batman_packet *batman_packet =
217 (struct batman_packet *)packet_buff;
218 bool direct_link = batman_packet->flags & DIRECTLINK ? 1 : 0;
219
220 /* find position for the packet in the forward queue */
221 spin_lock_bh(&bat_priv->forw_bat_list_lock);
222 /* own packets are not to be aggregated */
223 if ((atomic_read(&bat_priv->aggregated_ogms)) && (!own_packet)) {
224 hlist_for_each_entry(forw_packet_pos, tmp_node,
225 &bat_priv->forw_bat_list, list) {
226 if (can_aggregate_with(batman_packet,
227 bat_priv,
228 packet_len,
229 send_time,
230 direct_link,
231 if_incoming,
232 forw_packet_pos)) {
233 forw_packet_aggr = forw_packet_pos;
234 break;
235 }
236 }
237 }
238
239 /* nothing to aggregate with - either aggregation disabled or no
240 * suitable aggregation packet found */
241 if (!forw_packet_aggr) {
242 /* the following section can run without the lock */
243 spin_unlock_bh(&bat_priv->forw_bat_list_lock);
244
245 /**
246 * if we could not aggregate this packet with one of the others
247 * we hold it back for a while, so that it might be aggregated
248 * later on
249 */
250 if ((!own_packet) &&
251 (atomic_read(&bat_priv->aggregated_ogms)))
252 send_time += msecs_to_jiffies(MAX_AGGREGATION_MS);
253
254 new_aggregated_packet(packet_buff, packet_len,
255 send_time, direct_link,
256 if_incoming, own_packet);
257 } else {
258 aggregate(forw_packet_aggr,
259 packet_buff, packet_len,
260 direct_link);
261 spin_unlock_bh(&bat_priv->forw_bat_list_lock);
262 }
263}
264
265/* unpack the aggregated packets and process them one by one */
266void receive_aggr_bat_packet(const struct ethhdr *ethhdr,
267 unsigned char *packet_buff, int packet_len,
268 struct hard_iface *if_incoming)
269{
270 struct batman_packet *batman_packet;
271 int buff_pos = 0;
272 unsigned char *tt_buff;
273
274 batman_packet = (struct batman_packet *)packet_buff;
275
276 do {
277 /* network to host order for our 32bit seqno and the
278 orig_interval */
279 batman_packet->seqno = ntohl(batman_packet->seqno);
280 batman_packet->tt_crc = ntohs(batman_packet->tt_crc);
281
282 tt_buff = packet_buff + buff_pos + BAT_PACKET_LEN;
283
284 receive_bat_packet(ethhdr, batman_packet, tt_buff, if_incoming);
285
286 buff_pos += BAT_PACKET_LEN +
287 tt_len(batman_packet->tt_num_changes);
288
289 batman_packet = (struct batman_packet *)
290 (packet_buff + buff_pos);
291 } while (aggregated_packet(buff_pos, packet_len,
292 batman_packet->tt_num_changes));
293}
diff --git a/net/batman-adv/aggregation.h b/net/batman-adv/aggregation.h
deleted file mode 100644
index 216337bb841f..000000000000
--- a/net/batman-adv/aggregation.h
+++ /dev/null
@@ -1,46 +0,0 @@
1/*
2 * Copyright (C) 2007-2011 B.A.T.M.A.N. contributors:
3 *
4 * Marek Lindner, Simon Wunderlich
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of version 2 of the GNU General Public
8 * License as published by the Free Software Foundation.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
18 * 02110-1301, USA
19 *
20 */
21
22#ifndef _NET_BATMAN_ADV_AGGREGATION_H_
23#define _NET_BATMAN_ADV_AGGREGATION_H_
24
25#include "main.h"
26
27/* is there another aggregated packet here? */
28static inline int aggregated_packet(int buff_pos, int packet_len,
29 int tt_num_changes)
30{
31 int next_buff_pos = buff_pos + BAT_PACKET_LEN + (tt_num_changes *
32 sizeof(struct tt_change));
33
34 return (next_buff_pos <= packet_len) &&
35 (next_buff_pos <= MAX_AGGREGATION_BYTES);
36}
37
38void add_bat_packet_to_list(struct bat_priv *bat_priv,
39 unsigned char *packet_buff, int packet_len,
40 struct hard_iface *if_incoming, int own_packet,
41 unsigned long send_time);
42void receive_aggr_bat_packet(const struct ethhdr *ethhdr,
43 unsigned char *packet_buff, int packet_len,
44 struct hard_iface *if_incoming);
45
46#endif /* _NET_BATMAN_ADV_AGGREGATION_H_ */
diff --git a/net/batman-adv/bat_iv_ogm.c b/net/batman-adv/bat_iv_ogm.c
new file mode 100644
index 000000000000..3512e251545b
--- /dev/null
+++ b/net/batman-adv/bat_iv_ogm.c
@@ -0,0 +1,1170 @@
1/*
2 * Copyright (C) 2007-2011 B.A.T.M.A.N. contributors:
3 *
4 * Marek Lindner, Simon Wunderlich
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of version 2 of the GNU General Public
8 * License as published by the Free Software Foundation.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
18 * 02110-1301, USA
19 *
20 */
21
22#include "main.h"
23#include "bat_ogm.h"
24#include "translation-table.h"
25#include "ring_buffer.h"
26#include "originator.h"
27#include "routing.h"
28#include "gateway_common.h"
29#include "gateway_client.h"
30#include "hard-interface.h"
31#include "send.h"
32
33void bat_ogm_init(struct hard_iface *hard_iface)
34{
35 struct batman_ogm_packet *batman_ogm_packet;
36
37 hard_iface->packet_len = BATMAN_OGM_LEN;
38 hard_iface->packet_buff = kmalloc(hard_iface->packet_len, GFP_ATOMIC);
39
40 batman_ogm_packet = (struct batman_ogm_packet *)hard_iface->packet_buff;
41 batman_ogm_packet->packet_type = BAT_OGM;
42 batman_ogm_packet->version = COMPAT_VERSION;
43 batman_ogm_packet->flags = NO_FLAGS;
44 batman_ogm_packet->ttl = 2;
45 batman_ogm_packet->tq = TQ_MAX_VALUE;
46 batman_ogm_packet->tt_num_changes = 0;
47 batman_ogm_packet->ttvn = 0;
48}
49
50void bat_ogm_init_primary(struct hard_iface *hard_iface)
51{
52 struct batman_ogm_packet *batman_ogm_packet;
53
54 batman_ogm_packet = (struct batman_ogm_packet *)hard_iface->packet_buff;
55 batman_ogm_packet->flags = PRIMARIES_FIRST_HOP;
56 batman_ogm_packet->ttl = TTL;
57}
58
59void bat_ogm_update_mac(struct hard_iface *hard_iface)
60{
61 struct batman_ogm_packet *batman_ogm_packet;
62
63 batman_ogm_packet = (struct batman_ogm_packet *)hard_iface->packet_buff;
64 memcpy(batman_ogm_packet->orig,
65 hard_iface->net_dev->dev_addr, ETH_ALEN);
66 memcpy(batman_ogm_packet->prev_sender,
67 hard_iface->net_dev->dev_addr, ETH_ALEN);
68}
69
70/* when do we schedule our own ogm to be sent */
71static unsigned long bat_ogm_emit_send_time(const struct bat_priv *bat_priv)
72{
73 return jiffies + msecs_to_jiffies(
74 atomic_read(&bat_priv->orig_interval) -
75 JITTER + (random32() % 2*JITTER));
76}
77
78/* when do we schedule a ogm packet to be sent */
79static unsigned long bat_ogm_fwd_send_time(void)
80{
81 return jiffies + msecs_to_jiffies(random32() % (JITTER/2));
82}
83
84/* apply hop penalty for a normal link */
85static uint8_t hop_penalty(uint8_t tq, const struct bat_priv *bat_priv)
86{
87 int hop_penalty = atomic_read(&bat_priv->hop_penalty);
88 return (tq * (TQ_MAX_VALUE - hop_penalty)) / (TQ_MAX_VALUE);
89}
90
91/* is there another aggregated packet here? */
92static int bat_ogm_aggr_packet(int buff_pos, int packet_len,
93 int tt_num_changes)
94{
95 int next_buff_pos = buff_pos + BATMAN_OGM_LEN + tt_len(tt_num_changes);
96
97 return (next_buff_pos <= packet_len) &&
98 (next_buff_pos <= MAX_AGGREGATION_BYTES);
99}
100
101/* send a batman ogm to a given interface */
102static void bat_ogm_send_to_if(struct forw_packet *forw_packet,
103 struct hard_iface *hard_iface)
104{
105 struct bat_priv *bat_priv = netdev_priv(hard_iface->soft_iface);
106 char *fwd_str;
107 uint8_t packet_num;
108 int16_t buff_pos;
109 struct batman_ogm_packet *batman_ogm_packet;
110 struct sk_buff *skb;
111
112 if (hard_iface->if_status != IF_ACTIVE)
113 return;
114
115 packet_num = 0;
116 buff_pos = 0;
117 batman_ogm_packet = (struct batman_ogm_packet *)forw_packet->skb->data;
118
119 /* adjust all flags and log packets */
120 while (bat_ogm_aggr_packet(buff_pos, forw_packet->packet_len,
121 batman_ogm_packet->tt_num_changes)) {
122
123 /* we might have aggregated direct link packets with an
124 * ordinary base packet */
125 if ((forw_packet->direct_link_flags & (1 << packet_num)) &&
126 (forw_packet->if_incoming == hard_iface))
127 batman_ogm_packet->flags |= DIRECTLINK;
128 else
129 batman_ogm_packet->flags &= ~DIRECTLINK;
130
131 fwd_str = (packet_num > 0 ? "Forwarding" : (forw_packet->own ?
132 "Sending own" :
133 "Forwarding"));
134 bat_dbg(DBG_BATMAN, bat_priv,
135 "%s %spacket (originator %pM, seqno %d, TQ %d, TTL %d,"
136 " IDF %s, ttvn %d) on interface %s [%pM]\n",
137 fwd_str, (packet_num > 0 ? "aggregated " : ""),
138 batman_ogm_packet->orig,
139 ntohl(batman_ogm_packet->seqno),
140 batman_ogm_packet->tq, batman_ogm_packet->ttl,
141 (batman_ogm_packet->flags & DIRECTLINK ?
142 "on" : "off"),
143 batman_ogm_packet->ttvn, hard_iface->net_dev->name,
144 hard_iface->net_dev->dev_addr);
145
146 buff_pos += BATMAN_OGM_LEN +
147 tt_len(batman_ogm_packet->tt_num_changes);
148 packet_num++;
149 batman_ogm_packet = (struct batman_ogm_packet *)
150 (forw_packet->skb->data + buff_pos);
151 }
152
153 /* create clone because function is called more than once */
154 skb = skb_clone(forw_packet->skb, GFP_ATOMIC);
155 if (skb)
156 send_skb_packet(skb, hard_iface, broadcast_addr);
157}
158
159/* send a batman ogm packet */
160void bat_ogm_emit(struct forw_packet *forw_packet)
161{
162 struct hard_iface *hard_iface;
163 struct net_device *soft_iface;
164 struct bat_priv *bat_priv;
165 struct hard_iface *primary_if = NULL;
166 struct batman_ogm_packet *batman_ogm_packet;
167 unsigned char directlink;
168
169 batman_ogm_packet = (struct batman_ogm_packet *)
170 (forw_packet->skb->data);
171 directlink = (batman_ogm_packet->flags & DIRECTLINK ? 1 : 0);
172
173 if (!forw_packet->if_incoming) {
174 pr_err("Error - can't forward packet: incoming iface not "
175 "specified\n");
176 goto out;
177 }
178
179 soft_iface = forw_packet->if_incoming->soft_iface;
180 bat_priv = netdev_priv(soft_iface);
181
182 if (forw_packet->if_incoming->if_status != IF_ACTIVE)
183 goto out;
184
185 primary_if = primary_if_get_selected(bat_priv);
186 if (!primary_if)
187 goto out;
188
189 /* multihomed peer assumed */
190 /* non-primary OGMs are only broadcasted on their interface */
191 if ((directlink && (batman_ogm_packet->ttl == 1)) ||
192 (forw_packet->own && (forw_packet->if_incoming != primary_if))) {
193
194 /* FIXME: what about aggregated packets ? */
195 bat_dbg(DBG_BATMAN, bat_priv,
196 "%s packet (originator %pM, seqno %d, TTL %d) "
197 "on interface %s [%pM]\n",
198 (forw_packet->own ? "Sending own" : "Forwarding"),
199 batman_ogm_packet->orig,
200 ntohl(batman_ogm_packet->seqno),
201 batman_ogm_packet->ttl,
202 forw_packet->if_incoming->net_dev->name,
203 forw_packet->if_incoming->net_dev->dev_addr);
204
205 /* skb is only used once and than forw_packet is free'd */
206 send_skb_packet(forw_packet->skb, forw_packet->if_incoming,
207 broadcast_addr);
208 forw_packet->skb = NULL;
209
210 goto out;
211 }
212
213 /* broadcast on every interface */
214 rcu_read_lock();
215 list_for_each_entry_rcu(hard_iface, &hardif_list, list) {
216 if (hard_iface->soft_iface != soft_iface)
217 continue;
218
219 bat_ogm_send_to_if(forw_packet, hard_iface);
220 }
221 rcu_read_unlock();
222
223out:
224 if (primary_if)
225 hardif_free_ref(primary_if);
226}
227
228/* return true if new_packet can be aggregated with forw_packet */
229static bool bat_ogm_can_aggregate(const struct batman_ogm_packet
230 *new_batman_ogm_packet,
231 struct bat_priv *bat_priv,
232 int packet_len, unsigned long send_time,
233 bool directlink,
234 const struct hard_iface *if_incoming,
235 const struct forw_packet *forw_packet)
236{
237 struct batman_ogm_packet *batman_ogm_packet;
238 int aggregated_bytes = forw_packet->packet_len + packet_len;
239 struct hard_iface *primary_if = NULL;
240 bool res = false;
241
242 batman_ogm_packet = (struct batman_ogm_packet *)forw_packet->skb->data;
243
244 /**
245 * we can aggregate the current packet to this aggregated packet
246 * if:
247 *
248 * - the send time is within our MAX_AGGREGATION_MS time
249 * - the resulting packet wont be bigger than
250 * MAX_AGGREGATION_BYTES
251 */
252
253 if (time_before(send_time, forw_packet->send_time) &&
254 time_after_eq(send_time + msecs_to_jiffies(MAX_AGGREGATION_MS),
255 forw_packet->send_time) &&
256 (aggregated_bytes <= MAX_AGGREGATION_BYTES)) {
257
258 /**
259 * check aggregation compatibility
260 * -> direct link packets are broadcasted on
261 * their interface only
262 * -> aggregate packet if the current packet is
263 * a "global" packet as well as the base
264 * packet
265 */
266
267 primary_if = primary_if_get_selected(bat_priv);
268 if (!primary_if)
269 goto out;
270
271 /* packets without direct link flag and high TTL
272 * are flooded through the net */
273 if ((!directlink) &&
274 (!(batman_ogm_packet->flags & DIRECTLINK)) &&
275 (batman_ogm_packet->ttl != 1) &&
276
277 /* own packets originating non-primary
278 * interfaces leave only that interface */
279 ((!forw_packet->own) ||
280 (forw_packet->if_incoming == primary_if))) {
281 res = true;
282 goto out;
283 }
284
285 /* if the incoming packet is sent via this one
286 * interface only - we still can aggregate */
287 if ((directlink) &&
288 (new_batman_ogm_packet->ttl == 1) &&
289 (forw_packet->if_incoming == if_incoming) &&
290
291 /* packets from direct neighbors or
292 * own secondary interface packets
293 * (= secondary interface packets in general) */
294 (batman_ogm_packet->flags & DIRECTLINK ||
295 (forw_packet->own &&
296 forw_packet->if_incoming != primary_if))) {
297 res = true;
298 goto out;
299 }
300 }
301
302out:
303 if (primary_if)
304 hardif_free_ref(primary_if);
305 return res;
306}
307
308/* create a new aggregated packet and add this packet to it */
309static void bat_ogm_aggregate_new(const unsigned char *packet_buff,
310 int packet_len, unsigned long send_time,
311 bool direct_link,
312 struct hard_iface *if_incoming,
313 int own_packet)
314{
315 struct bat_priv *bat_priv = netdev_priv(if_incoming->soft_iface);
316 struct forw_packet *forw_packet_aggr;
317 unsigned char *skb_buff;
318
319 if (!atomic_inc_not_zero(&if_incoming->refcount))
320 return;
321
322 /* own packet should always be scheduled */
323 if (!own_packet) {
324 if (!atomic_dec_not_zero(&bat_priv->batman_queue_left)) {
325 bat_dbg(DBG_BATMAN, bat_priv,
326 "batman packet queue full\n");
327 goto out;
328 }
329 }
330
331 forw_packet_aggr = kmalloc(sizeof(*forw_packet_aggr), GFP_ATOMIC);
332 if (!forw_packet_aggr) {
333 if (!own_packet)
334 atomic_inc(&bat_priv->batman_queue_left);
335 goto out;
336 }
337
338 if ((atomic_read(&bat_priv->aggregated_ogms)) &&
339 (packet_len < MAX_AGGREGATION_BYTES))
340 forw_packet_aggr->skb = dev_alloc_skb(MAX_AGGREGATION_BYTES +
341 sizeof(struct ethhdr));
342 else
343 forw_packet_aggr->skb = dev_alloc_skb(packet_len +
344 sizeof(struct ethhdr));
345
346 if (!forw_packet_aggr->skb) {
347 if (!own_packet)
348 atomic_inc(&bat_priv->batman_queue_left);
349 kfree(forw_packet_aggr);
350 goto out;
351 }
352 skb_reserve(forw_packet_aggr->skb, sizeof(struct ethhdr));
353
354 INIT_HLIST_NODE(&forw_packet_aggr->list);
355
356 skb_buff = skb_put(forw_packet_aggr->skb, packet_len);
357 forw_packet_aggr->packet_len = packet_len;
358 memcpy(skb_buff, packet_buff, packet_len);
359
360 forw_packet_aggr->own = own_packet;
361 forw_packet_aggr->if_incoming = if_incoming;
362 forw_packet_aggr->num_packets = 0;
363 forw_packet_aggr->direct_link_flags = NO_FLAGS;
364 forw_packet_aggr->send_time = send_time;
365
366 /* save packet direct link flag status */
367 if (direct_link)
368 forw_packet_aggr->direct_link_flags |= 1;
369
370 /* add new packet to packet list */
371 spin_lock_bh(&bat_priv->forw_bat_list_lock);
372 hlist_add_head(&forw_packet_aggr->list, &bat_priv->forw_bat_list);
373 spin_unlock_bh(&bat_priv->forw_bat_list_lock);
374
375 /* start timer for this packet */
376 INIT_DELAYED_WORK(&forw_packet_aggr->delayed_work,
377 send_outstanding_bat_ogm_packet);
378 queue_delayed_work(bat_event_workqueue,
379 &forw_packet_aggr->delayed_work,
380 send_time - jiffies);
381
382 return;
383out:
384 hardif_free_ref(if_incoming);
385}
386
387/* aggregate a new packet into the existing ogm packet */
388static void bat_ogm_aggregate(struct forw_packet *forw_packet_aggr,
389 const unsigned char *packet_buff,
390 int packet_len, bool direct_link)
391{
392 unsigned char *skb_buff;
393
394 skb_buff = skb_put(forw_packet_aggr->skb, packet_len);
395 memcpy(skb_buff, packet_buff, packet_len);
396 forw_packet_aggr->packet_len += packet_len;
397 forw_packet_aggr->num_packets++;
398
399 /* save packet direct link flag status */
400 if (direct_link)
401 forw_packet_aggr->direct_link_flags |=
402 (1 << forw_packet_aggr->num_packets);
403}
404
405static void bat_ogm_queue_add(struct bat_priv *bat_priv,
406 unsigned char *packet_buff,
407 int packet_len, struct hard_iface *if_incoming,
408 int own_packet, unsigned long send_time)
409{
410 /**
411 * _aggr -> pointer to the packet we want to aggregate with
412 * _pos -> pointer to the position in the queue
413 */
414 struct forw_packet *forw_packet_aggr = NULL, *forw_packet_pos = NULL;
415 struct hlist_node *tmp_node;
416 struct batman_ogm_packet *batman_ogm_packet;
417 bool direct_link;
418
419 batman_ogm_packet = (struct batman_ogm_packet *)packet_buff;
420 direct_link = batman_ogm_packet->flags & DIRECTLINK ? 1 : 0;
421
422 /* find position for the packet in the forward queue */
423 spin_lock_bh(&bat_priv->forw_bat_list_lock);
424 /* own packets are not to be aggregated */
425 if ((atomic_read(&bat_priv->aggregated_ogms)) && (!own_packet)) {
426 hlist_for_each_entry(forw_packet_pos, tmp_node,
427 &bat_priv->forw_bat_list, list) {
428 if (bat_ogm_can_aggregate(batman_ogm_packet,
429 bat_priv, packet_len,
430 send_time, direct_link,
431 if_incoming,
432 forw_packet_pos)) {
433 forw_packet_aggr = forw_packet_pos;
434 break;
435 }
436 }
437 }
438
439 /* nothing to aggregate with - either aggregation disabled or no
440 * suitable aggregation packet found */
441 if (!forw_packet_aggr) {
442 /* the following section can run without the lock */
443 spin_unlock_bh(&bat_priv->forw_bat_list_lock);
444
445 /**
446 * if we could not aggregate this packet with one of the others
447 * we hold it back for a while, so that it might be aggregated
448 * later on
449 */
450 if ((!own_packet) &&
451 (atomic_read(&bat_priv->aggregated_ogms)))
452 send_time += msecs_to_jiffies(MAX_AGGREGATION_MS);
453
454 bat_ogm_aggregate_new(packet_buff, packet_len,
455 send_time, direct_link,
456 if_incoming, own_packet);
457 } else {
458 bat_ogm_aggregate(forw_packet_aggr, packet_buff, packet_len,
459 direct_link);
460 spin_unlock_bh(&bat_priv->forw_bat_list_lock);
461 }
462}
463
464static void bat_ogm_forward(struct orig_node *orig_node,
465 const struct ethhdr *ethhdr,
466 struct batman_ogm_packet *batman_ogm_packet,
467 int directlink, struct hard_iface *if_incoming)
468{
469 struct bat_priv *bat_priv = netdev_priv(if_incoming->soft_iface);
470 struct neigh_node *router;
471 uint8_t in_tq, in_ttl, tq_avg = 0;
472 uint8_t tt_num_changes;
473
474 if (batman_ogm_packet->ttl <= 1) {
475 bat_dbg(DBG_BATMAN, bat_priv, "ttl exceeded\n");
476 return;
477 }
478
479 router = orig_node_get_router(orig_node);
480
481 in_tq = batman_ogm_packet->tq;
482 in_ttl = batman_ogm_packet->ttl;
483 tt_num_changes = batman_ogm_packet->tt_num_changes;
484
485 batman_ogm_packet->ttl--;
486 memcpy(batman_ogm_packet->prev_sender, ethhdr->h_source, ETH_ALEN);
487
488 /* rebroadcast tq of our best ranking neighbor to ensure the rebroadcast
489 * of our best tq value */
490 if (router && router->tq_avg != 0) {
491
492 /* rebroadcast ogm of best ranking neighbor as is */
493 if (!compare_eth(router->addr, ethhdr->h_source)) {
494 batman_ogm_packet->tq = router->tq_avg;
495
496 if (router->last_ttl)
497 batman_ogm_packet->ttl = router->last_ttl - 1;
498 }
499
500 tq_avg = router->tq_avg;
501 }
502
503 if (router)
504 neigh_node_free_ref(router);
505
506 /* apply hop penalty */
507 batman_ogm_packet->tq = hop_penalty(batman_ogm_packet->tq, bat_priv);
508
509 bat_dbg(DBG_BATMAN, bat_priv,
510 "Forwarding packet: tq_orig: %i, tq_avg: %i, "
511 "tq_forw: %i, ttl_orig: %i, ttl_forw: %i\n",
512 in_tq, tq_avg, batman_ogm_packet->tq, in_ttl - 1,
513 batman_ogm_packet->ttl);
514
515 batman_ogm_packet->seqno = htonl(batman_ogm_packet->seqno);
516 batman_ogm_packet->tt_crc = htons(batman_ogm_packet->tt_crc);
517
518 /* switch of primaries first hop flag when forwarding */
519 batman_ogm_packet->flags &= ~PRIMARIES_FIRST_HOP;
520 if (directlink)
521 batman_ogm_packet->flags |= DIRECTLINK;
522 else
523 batman_ogm_packet->flags &= ~DIRECTLINK;
524
525 bat_ogm_queue_add(bat_priv, (unsigned char *)batman_ogm_packet,
526 BATMAN_OGM_LEN + tt_len(tt_num_changes),
527 if_incoming, 0, bat_ogm_fwd_send_time());
528}
529
530void bat_ogm_schedule(struct hard_iface *hard_iface, int tt_num_changes)
531{
532 struct bat_priv *bat_priv = netdev_priv(hard_iface->soft_iface);
533 struct batman_ogm_packet *batman_ogm_packet;
534 struct hard_iface *primary_if;
535 int vis_server;
536
537 vis_server = atomic_read(&bat_priv->vis_mode);
538 primary_if = primary_if_get_selected(bat_priv);
539
540 batman_ogm_packet = (struct batman_ogm_packet *)hard_iface->packet_buff;
541
542 /* change sequence number to network order */
543 batman_ogm_packet->seqno =
544 htonl((uint32_t)atomic_read(&hard_iface->seqno));
545
546 batman_ogm_packet->ttvn = atomic_read(&bat_priv->ttvn);
547 batman_ogm_packet->tt_crc = htons((uint16_t)
548 atomic_read(&bat_priv->tt_crc));
549 if (tt_num_changes >= 0)
550 batman_ogm_packet->tt_num_changes = tt_num_changes;
551
552 if (vis_server == VIS_TYPE_SERVER_SYNC)
553 batman_ogm_packet->flags |= VIS_SERVER;
554 else
555 batman_ogm_packet->flags &= ~VIS_SERVER;
556
557 if ((hard_iface == primary_if) &&
558 (atomic_read(&bat_priv->gw_mode) == GW_MODE_SERVER))
559 batman_ogm_packet->gw_flags =
560 (uint8_t)atomic_read(&bat_priv->gw_bandwidth);
561 else
562 batman_ogm_packet->gw_flags = NO_FLAGS;
563
564 atomic_inc(&hard_iface->seqno);
565
566 slide_own_bcast_window(hard_iface);
567 bat_ogm_queue_add(bat_priv, hard_iface->packet_buff,
568 hard_iface->packet_len, hard_iface, 1,
569 bat_ogm_emit_send_time(bat_priv));
570
571 if (primary_if)
572 hardif_free_ref(primary_if);
573}
574
575static void bat_ogm_orig_update(struct bat_priv *bat_priv,
576 struct orig_node *orig_node,
577 const struct ethhdr *ethhdr,
578 const struct batman_ogm_packet
579 *batman_ogm_packet,
580 struct hard_iface *if_incoming,
581 const unsigned char *tt_buff, int is_duplicate)
582{
583 struct neigh_node *neigh_node = NULL, *tmp_neigh_node = NULL;
584 struct neigh_node *router = NULL;
585 struct orig_node *orig_node_tmp;
586 struct hlist_node *node;
587 uint8_t bcast_own_sum_orig, bcast_own_sum_neigh;
588
589 bat_dbg(DBG_BATMAN, bat_priv, "update_originator(): "
590 "Searching and updating originator entry of received packet\n");
591
592 rcu_read_lock();
593 hlist_for_each_entry_rcu(tmp_neigh_node, node,
594 &orig_node->neigh_list, list) {
595 if (compare_eth(tmp_neigh_node->addr, ethhdr->h_source) &&
596 (tmp_neigh_node->if_incoming == if_incoming) &&
597 atomic_inc_not_zero(&tmp_neigh_node->refcount)) {
598 if (neigh_node)
599 neigh_node_free_ref(neigh_node);
600 neigh_node = tmp_neigh_node;
601 continue;
602 }
603
604 if (is_duplicate)
605 continue;
606
607 spin_lock_bh(&tmp_neigh_node->tq_lock);
608 ring_buffer_set(tmp_neigh_node->tq_recv,
609 &tmp_neigh_node->tq_index, 0);
610 tmp_neigh_node->tq_avg =
611 ring_buffer_avg(tmp_neigh_node->tq_recv);
612 spin_unlock_bh(&tmp_neigh_node->tq_lock);
613 }
614
615 if (!neigh_node) {
616 struct orig_node *orig_tmp;
617
618 orig_tmp = get_orig_node(bat_priv, ethhdr->h_source);
619 if (!orig_tmp)
620 goto unlock;
621
622 neigh_node = create_neighbor(orig_node, orig_tmp,
623 ethhdr->h_source, if_incoming);
624
625 orig_node_free_ref(orig_tmp);
626 if (!neigh_node)
627 goto unlock;
628 } else
629 bat_dbg(DBG_BATMAN, bat_priv,
630 "Updating existing last-hop neighbor of originator\n");
631
632 rcu_read_unlock();
633
634 orig_node->flags = batman_ogm_packet->flags;
635 neigh_node->last_valid = jiffies;
636
637 spin_lock_bh(&neigh_node->tq_lock);
638 ring_buffer_set(neigh_node->tq_recv,
639 &neigh_node->tq_index,
640 batman_ogm_packet->tq);
641 neigh_node->tq_avg = ring_buffer_avg(neigh_node->tq_recv);
642 spin_unlock_bh(&neigh_node->tq_lock);
643
644 if (!is_duplicate) {
645 orig_node->last_ttl = batman_ogm_packet->ttl;
646 neigh_node->last_ttl = batman_ogm_packet->ttl;
647 }
648
649 bonding_candidate_add(orig_node, neigh_node);
650
651 /* if this neighbor already is our next hop there is nothing
652 * to change */
653 router = orig_node_get_router(orig_node);
654 if (router == neigh_node)
655 goto update_tt;
656
657 /* if this neighbor does not offer a better TQ we won't consider it */
658 if (router && (router->tq_avg > neigh_node->tq_avg))
659 goto update_tt;
660
661 /* if the TQ is the same and the link not more symmetric we
662 * won't consider it either */
663 if (router && (neigh_node->tq_avg == router->tq_avg)) {
664 orig_node_tmp = router->orig_node;
665 spin_lock_bh(&orig_node_tmp->ogm_cnt_lock);
666 bcast_own_sum_orig =
667 orig_node_tmp->bcast_own_sum[if_incoming->if_num];
668 spin_unlock_bh(&orig_node_tmp->ogm_cnt_lock);
669
670 orig_node_tmp = neigh_node->orig_node;
671 spin_lock_bh(&orig_node_tmp->ogm_cnt_lock);
672 bcast_own_sum_neigh =
673 orig_node_tmp->bcast_own_sum[if_incoming->if_num];
674 spin_unlock_bh(&orig_node_tmp->ogm_cnt_lock);
675
676 if (bcast_own_sum_orig >= bcast_own_sum_neigh)
677 goto update_tt;
678 }
679
680 update_route(bat_priv, orig_node, neigh_node);
681
682update_tt:
683 /* I have to check for transtable changes only if the OGM has been
684 * sent through a primary interface */
685 if (((batman_ogm_packet->orig != ethhdr->h_source) &&
686 (batman_ogm_packet->ttl > 2)) ||
687 (batman_ogm_packet->flags & PRIMARIES_FIRST_HOP))
688 tt_update_orig(bat_priv, orig_node, tt_buff,
689 batman_ogm_packet->tt_num_changes,
690 batman_ogm_packet->ttvn,
691 batman_ogm_packet->tt_crc);
692
693 if (orig_node->gw_flags != batman_ogm_packet->gw_flags)
694 gw_node_update(bat_priv, orig_node,
695 batman_ogm_packet->gw_flags);
696
697 orig_node->gw_flags = batman_ogm_packet->gw_flags;
698
699 /* restart gateway selection if fast or late switching was enabled */
700 if ((orig_node->gw_flags) &&
701 (atomic_read(&bat_priv->gw_mode) == GW_MODE_CLIENT) &&
702 (atomic_read(&bat_priv->gw_sel_class) > 2))
703 gw_check_election(bat_priv, orig_node);
704
705 goto out;
706
707unlock:
708 rcu_read_unlock();
709out:
710 if (neigh_node)
711 neigh_node_free_ref(neigh_node);
712 if (router)
713 neigh_node_free_ref(router);
714}
715
716static int bat_ogm_calc_tq(struct orig_node *orig_node,
717 struct orig_node *orig_neigh_node,
718 struct batman_ogm_packet *batman_ogm_packet,
719 struct hard_iface *if_incoming)
720{
721 struct bat_priv *bat_priv = netdev_priv(if_incoming->soft_iface);
722 struct neigh_node *neigh_node = NULL, *tmp_neigh_node;
723 struct hlist_node *node;
724 uint8_t total_count;
725 uint8_t orig_eq_count, neigh_rq_count, tq_own;
726 int tq_asym_penalty, ret = 0;
727
728 /* find corresponding one hop neighbor */
729 rcu_read_lock();
730 hlist_for_each_entry_rcu(tmp_neigh_node, node,
731 &orig_neigh_node->neigh_list, list) {
732
733 if (!compare_eth(tmp_neigh_node->addr, orig_neigh_node->orig))
734 continue;
735
736 if (tmp_neigh_node->if_incoming != if_incoming)
737 continue;
738
739 if (!atomic_inc_not_zero(&tmp_neigh_node->refcount))
740 continue;
741
742 neigh_node = tmp_neigh_node;
743 break;
744 }
745 rcu_read_unlock();
746
747 if (!neigh_node)
748 neigh_node = create_neighbor(orig_neigh_node,
749 orig_neigh_node,
750 orig_neigh_node->orig,
751 if_incoming);
752
753 if (!neigh_node)
754 goto out;
755
756 /* if orig_node is direct neighbor update neigh_node last_valid */
757 if (orig_node == orig_neigh_node)
758 neigh_node->last_valid = jiffies;
759
760 orig_node->last_valid = jiffies;
761
762 /* find packet count of corresponding one hop neighbor */
763 spin_lock_bh(&orig_node->ogm_cnt_lock);
764 orig_eq_count = orig_neigh_node->bcast_own_sum[if_incoming->if_num];
765 neigh_rq_count = neigh_node->real_packet_count;
766 spin_unlock_bh(&orig_node->ogm_cnt_lock);
767
768 /* pay attention to not get a value bigger than 100 % */
769 total_count = (orig_eq_count > neigh_rq_count ?
770 neigh_rq_count : orig_eq_count);
771
772 /* if we have too few packets (too less data) we set tq_own to zero */
773 /* if we receive too few packets it is not considered bidirectional */
774 if ((total_count < TQ_LOCAL_BIDRECT_SEND_MINIMUM) ||
775 (neigh_rq_count < TQ_LOCAL_BIDRECT_RECV_MINIMUM))
776 tq_own = 0;
777 else
778 /* neigh_node->real_packet_count is never zero as we
779 * only purge old information when getting new
780 * information */
781 tq_own = (TQ_MAX_VALUE * total_count) / neigh_rq_count;
782
783 /*
784 * 1 - ((1-x) ** 3), normalized to TQ_MAX_VALUE this does
785 * affect the nearly-symmetric links only a little, but
786 * punishes asymmetric links more. This will give a value
787 * between 0 and TQ_MAX_VALUE
788 */
789 tq_asym_penalty = TQ_MAX_VALUE - (TQ_MAX_VALUE *
790 (TQ_LOCAL_WINDOW_SIZE - neigh_rq_count) *
791 (TQ_LOCAL_WINDOW_SIZE - neigh_rq_count) *
792 (TQ_LOCAL_WINDOW_SIZE - neigh_rq_count)) /
793 (TQ_LOCAL_WINDOW_SIZE *
794 TQ_LOCAL_WINDOW_SIZE *
795 TQ_LOCAL_WINDOW_SIZE);
796
797 batman_ogm_packet->tq = ((batman_ogm_packet->tq * tq_own
798 * tq_asym_penalty) /
799 (TQ_MAX_VALUE * TQ_MAX_VALUE));
800
801 bat_dbg(DBG_BATMAN, bat_priv,
802 "bidirectional: "
803 "orig = %-15pM neigh = %-15pM => own_bcast = %2i, "
804 "real recv = %2i, local tq: %3i, asym_penalty: %3i, "
805 "total tq: %3i\n",
806 orig_node->orig, orig_neigh_node->orig, total_count,
807 neigh_rq_count, tq_own, tq_asym_penalty, batman_ogm_packet->tq);
808
809 /* if link has the minimum required transmission quality
810 * consider it bidirectional */
811 if (batman_ogm_packet->tq >= TQ_TOTAL_BIDRECT_LIMIT)
812 ret = 1;
813
814out:
815 if (neigh_node)
816 neigh_node_free_ref(neigh_node);
817 return ret;
818}
819
820/* processes a batman packet for all interfaces, adjusts the sequence number and
821 * finds out whether it is a duplicate.
822 * returns:
823 * 1 the packet is a duplicate
824 * 0 the packet has not yet been received
825 * -1 the packet is old and has been received while the seqno window
826 * was protected. Caller should drop it.
827 */
828static int bat_ogm_update_seqnos(const struct ethhdr *ethhdr,
829 const struct batman_ogm_packet
830 *batman_ogm_packet,
831 const struct hard_iface *if_incoming)
832{
833 struct bat_priv *bat_priv = netdev_priv(if_incoming->soft_iface);
834 struct orig_node *orig_node;
835 struct neigh_node *tmp_neigh_node;
836 struct hlist_node *node;
837 int is_duplicate = 0;
838 int32_t seq_diff;
839 int need_update = 0;
840 int set_mark, ret = -1;
841
842 orig_node = get_orig_node(bat_priv, batman_ogm_packet->orig);
843 if (!orig_node)
844 return 0;
845
846 spin_lock_bh(&orig_node->ogm_cnt_lock);
847 seq_diff = batman_ogm_packet->seqno - orig_node->last_real_seqno;
848
849 /* signalize caller that the packet is to be dropped. */
850 if (window_protected(bat_priv, seq_diff,
851 &orig_node->batman_seqno_reset))
852 goto out;
853
854 rcu_read_lock();
855 hlist_for_each_entry_rcu(tmp_neigh_node, node,
856 &orig_node->neigh_list, list) {
857
858 is_duplicate |= get_bit_status(tmp_neigh_node->real_bits,
859 orig_node->last_real_seqno,
860 batman_ogm_packet->seqno);
861
862 if (compare_eth(tmp_neigh_node->addr, ethhdr->h_source) &&
863 (tmp_neigh_node->if_incoming == if_incoming))
864 set_mark = 1;
865 else
866 set_mark = 0;
867
868 /* if the window moved, set the update flag. */
869 need_update |= bit_get_packet(bat_priv,
870 tmp_neigh_node->real_bits,
871 seq_diff, set_mark);
872
873 tmp_neigh_node->real_packet_count =
874 bit_packet_count(tmp_neigh_node->real_bits);
875 }
876 rcu_read_unlock();
877
878 if (need_update) {
879 bat_dbg(DBG_BATMAN, bat_priv,
880 "updating last_seqno: old %d, new %d\n",
881 orig_node->last_real_seqno, batman_ogm_packet->seqno);
882 orig_node->last_real_seqno = batman_ogm_packet->seqno;
883 }
884
885 ret = is_duplicate;
886
887out:
888 spin_unlock_bh(&orig_node->ogm_cnt_lock);
889 orig_node_free_ref(orig_node);
890 return ret;
891}
892
893static void bat_ogm_process(const struct ethhdr *ethhdr,
894 struct batman_ogm_packet *batman_ogm_packet,
895 const unsigned char *tt_buff,
896 struct hard_iface *if_incoming)
897{
898 struct bat_priv *bat_priv = netdev_priv(if_incoming->soft_iface);
899 struct hard_iface *hard_iface;
900 struct orig_node *orig_neigh_node, *orig_node;
901 struct neigh_node *router = NULL, *router_router = NULL;
902 struct neigh_node *orig_neigh_router = NULL;
903 int has_directlink_flag;
904 int is_my_addr = 0, is_my_orig = 0, is_my_oldorig = 0;
905 int is_broadcast = 0, is_bidirectional, is_single_hop_neigh;
906 int is_duplicate;
907 uint32_t if_incoming_seqno;
908
909 /* Silently drop when the batman packet is actually not a
910 * correct packet.
911 *
912 * This might happen if a packet is padded (e.g. Ethernet has a
913 * minimum frame length of 64 byte) and the aggregation interprets
914 * it as an additional length.
915 *
916 * TODO: A more sane solution would be to have a bit in the
917 * batman_ogm_packet to detect whether the packet is the last
918 * packet in an aggregation. Here we expect that the padding
919 * is always zero (or not 0x01)
920 */
921 if (batman_ogm_packet->packet_type != BAT_OGM)
922 return;
923
924 /* could be changed by schedule_own_packet() */
925 if_incoming_seqno = atomic_read(&if_incoming->seqno);
926
927 has_directlink_flag = (batman_ogm_packet->flags & DIRECTLINK ? 1 : 0);
928
929 is_single_hop_neigh = (compare_eth(ethhdr->h_source,
930 batman_ogm_packet->orig) ? 1 : 0);
931
932 bat_dbg(DBG_BATMAN, bat_priv,
933 "Received BATMAN packet via NB: %pM, IF: %s [%pM] "
934 "(from OG: %pM, via prev OG: %pM, seqno %d, ttvn %u, "
935 "crc %u, changes %u, td %d, TTL %d, V %d, IDF %d)\n",
936 ethhdr->h_source, if_incoming->net_dev->name,
937 if_incoming->net_dev->dev_addr, batman_ogm_packet->orig,
938 batman_ogm_packet->prev_sender, batman_ogm_packet->seqno,
939 batman_ogm_packet->ttvn, batman_ogm_packet->tt_crc,
940 batman_ogm_packet->tt_num_changes, batman_ogm_packet->tq,
941 batman_ogm_packet->ttl, batman_ogm_packet->version,
942 has_directlink_flag);
943
944 rcu_read_lock();
945 list_for_each_entry_rcu(hard_iface, &hardif_list, list) {
946 if (hard_iface->if_status != IF_ACTIVE)
947 continue;
948
949 if (hard_iface->soft_iface != if_incoming->soft_iface)
950 continue;
951
952 if (compare_eth(ethhdr->h_source,
953 hard_iface->net_dev->dev_addr))
954 is_my_addr = 1;
955
956 if (compare_eth(batman_ogm_packet->orig,
957 hard_iface->net_dev->dev_addr))
958 is_my_orig = 1;
959
960 if (compare_eth(batman_ogm_packet->prev_sender,
961 hard_iface->net_dev->dev_addr))
962 is_my_oldorig = 1;
963
964 if (is_broadcast_ether_addr(ethhdr->h_source))
965 is_broadcast = 1;
966 }
967 rcu_read_unlock();
968
969 if (batman_ogm_packet->version != COMPAT_VERSION) {
970 bat_dbg(DBG_BATMAN, bat_priv,
971 "Drop packet: incompatible batman version (%i)\n",
972 batman_ogm_packet->version);
973 return;
974 }
975
976 if (is_my_addr) {
977 bat_dbg(DBG_BATMAN, bat_priv,
978 "Drop packet: received my own broadcast (sender: %pM"
979 ")\n",
980 ethhdr->h_source);
981 return;
982 }
983
984 if (is_broadcast) {
985 bat_dbg(DBG_BATMAN, bat_priv, "Drop packet: "
986 "ignoring all packets with broadcast source addr (sender: %pM"
987 ")\n", ethhdr->h_source);
988 return;
989 }
990
991 if (is_my_orig) {
992 unsigned long *word;
993 int offset;
994
995 orig_neigh_node = get_orig_node(bat_priv, ethhdr->h_source);
996 if (!orig_neigh_node)
997 return;
998
999 /* neighbor has to indicate direct link and it has to
1000 * come via the corresponding interface */
1001 /* save packet seqno for bidirectional check */
1002 if (has_directlink_flag &&
1003 compare_eth(if_incoming->net_dev->dev_addr,
1004 batman_ogm_packet->orig)) {
1005 offset = if_incoming->if_num * NUM_WORDS;
1006
1007 spin_lock_bh(&orig_neigh_node->ogm_cnt_lock);
1008 word = &(orig_neigh_node->bcast_own[offset]);
1009 bit_mark(word,
1010 if_incoming_seqno -
1011 batman_ogm_packet->seqno - 2);
1012 orig_neigh_node->bcast_own_sum[if_incoming->if_num] =
1013 bit_packet_count(word);
1014 spin_unlock_bh(&orig_neigh_node->ogm_cnt_lock);
1015 }
1016
1017 bat_dbg(DBG_BATMAN, bat_priv, "Drop packet: "
1018 "originator packet from myself (via neighbor)\n");
1019 orig_node_free_ref(orig_neigh_node);
1020 return;
1021 }
1022
1023 if (is_my_oldorig) {
1024 bat_dbg(DBG_BATMAN, bat_priv,
1025 "Drop packet: ignoring all rebroadcast echos (sender: "
1026 "%pM)\n", ethhdr->h_source);
1027 return;
1028 }
1029
1030 orig_node = get_orig_node(bat_priv, batman_ogm_packet->orig);
1031 if (!orig_node)
1032 return;
1033
1034 is_duplicate = bat_ogm_update_seqnos(ethhdr, batman_ogm_packet,
1035 if_incoming);
1036
1037 if (is_duplicate == -1) {
1038 bat_dbg(DBG_BATMAN, bat_priv,
1039 "Drop packet: packet within seqno protection time "
1040 "(sender: %pM)\n", ethhdr->h_source);
1041 goto out;
1042 }
1043
1044 if (batman_ogm_packet->tq == 0) {
1045 bat_dbg(DBG_BATMAN, bat_priv,
1046 "Drop packet: originator packet with tq equal 0\n");
1047 goto out;
1048 }
1049
1050 router = orig_node_get_router(orig_node);
1051 if (router)
1052 router_router = orig_node_get_router(router->orig_node);
1053
1054 /* avoid temporary routing loops */
1055 if (router && router_router &&
1056 (compare_eth(router->addr, batman_ogm_packet->prev_sender)) &&
1057 !(compare_eth(batman_ogm_packet->orig,
1058 batman_ogm_packet->prev_sender)) &&
1059 (compare_eth(router->addr, router_router->addr))) {
1060 bat_dbg(DBG_BATMAN, bat_priv,
1061 "Drop packet: ignoring all rebroadcast packets that "
1062 "may make me loop (sender: %pM)\n", ethhdr->h_source);
1063 goto out;
1064 }
1065
1066 /* if sender is a direct neighbor the sender mac equals
1067 * originator mac */
1068 orig_neigh_node = (is_single_hop_neigh ?
1069 orig_node :
1070 get_orig_node(bat_priv, ethhdr->h_source));
1071 if (!orig_neigh_node)
1072 goto out;
1073
1074 orig_neigh_router = orig_node_get_router(orig_neigh_node);
1075
1076 /* drop packet if sender is not a direct neighbor and if we
1077 * don't route towards it */
1078 if (!is_single_hop_neigh && (!orig_neigh_router)) {
1079 bat_dbg(DBG_BATMAN, bat_priv,
1080 "Drop packet: OGM via unknown neighbor!\n");
1081 goto out_neigh;
1082 }
1083
1084 is_bidirectional = bat_ogm_calc_tq(orig_node, orig_neigh_node,
1085 batman_ogm_packet, if_incoming);
1086
1087 bonding_save_primary(orig_node, orig_neigh_node, batman_ogm_packet);
1088
1089 /* update ranking if it is not a duplicate or has the same
1090 * seqno and similar ttl as the non-duplicate */
1091 if (is_bidirectional &&
1092 (!is_duplicate ||
1093 ((orig_node->last_real_seqno == batman_ogm_packet->seqno) &&
1094 (orig_node->last_ttl - 3 <= batman_ogm_packet->ttl))))
1095 bat_ogm_orig_update(bat_priv, orig_node, ethhdr,
1096 batman_ogm_packet, if_incoming,
1097 tt_buff, is_duplicate);
1098
1099 /* is single hop (direct) neighbor */
1100 if (is_single_hop_neigh) {
1101
1102 /* mark direct link on incoming interface */
1103 bat_ogm_forward(orig_node, ethhdr, batman_ogm_packet,
1104 1, if_incoming);
1105
1106 bat_dbg(DBG_BATMAN, bat_priv, "Forwarding packet: "
1107 "rebroadcast neighbor packet with direct link flag\n");
1108 goto out_neigh;
1109 }
1110
1111 /* multihop originator */
1112 if (!is_bidirectional) {
1113 bat_dbg(DBG_BATMAN, bat_priv,
1114 "Drop packet: not received via bidirectional link\n");
1115 goto out_neigh;
1116 }
1117
1118 if (is_duplicate) {
1119 bat_dbg(DBG_BATMAN, bat_priv,
1120 "Drop packet: duplicate packet received\n");
1121 goto out_neigh;
1122 }
1123
1124 bat_dbg(DBG_BATMAN, bat_priv,
1125 "Forwarding packet: rebroadcast originator packet\n");
1126 bat_ogm_forward(orig_node, ethhdr, batman_ogm_packet, 0, if_incoming);
1127
1128out_neigh:
1129 if ((orig_neigh_node) && (!is_single_hop_neigh))
1130 orig_node_free_ref(orig_neigh_node);
1131out:
1132 if (router)
1133 neigh_node_free_ref(router);
1134 if (router_router)
1135 neigh_node_free_ref(router_router);
1136 if (orig_neigh_router)
1137 neigh_node_free_ref(orig_neigh_router);
1138
1139 orig_node_free_ref(orig_node);
1140}
1141
1142void bat_ogm_receive(const struct ethhdr *ethhdr, unsigned char *packet_buff,
1143 int packet_len, struct hard_iface *if_incoming)
1144{
1145 struct batman_ogm_packet *batman_ogm_packet;
1146 int buff_pos = 0;
1147 unsigned char *tt_buff;
1148
1149 batman_ogm_packet = (struct batman_ogm_packet *)packet_buff;
1150
1151 /* unpack the aggregated packets and process them one by one */
1152 do {
1153 /* network to host order for our 32bit seqno and the
1154 orig_interval */
1155 batman_ogm_packet->seqno = ntohl(batman_ogm_packet->seqno);
1156 batman_ogm_packet->tt_crc = ntohs(batman_ogm_packet->tt_crc);
1157
1158 tt_buff = packet_buff + buff_pos + BATMAN_OGM_LEN;
1159
1160 bat_ogm_process(ethhdr, batman_ogm_packet,
1161 tt_buff, if_incoming);
1162
1163 buff_pos += BATMAN_OGM_LEN +
1164 tt_len(batman_ogm_packet->tt_num_changes);
1165
1166 batman_ogm_packet = (struct batman_ogm_packet *)
1167 (packet_buff + buff_pos);
1168 } while (bat_ogm_aggr_packet(buff_pos, packet_len,
1169 batman_ogm_packet->tt_num_changes));
1170}
diff --git a/net/batman-adv/bat_ogm.h b/net/batman-adv/bat_ogm.h
new file mode 100644
index 000000000000..69329c107e28
--- /dev/null
+++ b/net/batman-adv/bat_ogm.h
@@ -0,0 +1,35 @@
1/*
2 * Copyright (C) 2007-2011 B.A.T.M.A.N. contributors:
3 *
4 * Marek Lindner, Simon Wunderlich
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of version 2 of the GNU General Public
8 * License as published by the Free Software Foundation.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
18 * 02110-1301, USA
19 *
20 */
21
22#ifndef _NET_BATMAN_ADV_OGM_H_
23#define _NET_BATMAN_ADV_OGM_H_
24
25#include "main.h"
26
27void bat_ogm_init(struct hard_iface *hard_iface);
28void bat_ogm_init_primary(struct hard_iface *hard_iface);
29void bat_ogm_update_mac(struct hard_iface *hard_iface);
30void bat_ogm_schedule(struct hard_iface *hard_iface, int tt_num_changes);
31void bat_ogm_emit(struct forw_packet *forw_packet);
32void bat_ogm_receive(const struct ethhdr *ethhdr, unsigned char *packet_buff,
33 int packet_len, struct hard_iface *if_incoming);
34
35#endif /* _NET_BATMAN_ADV_OGM_H_ */
diff --git a/net/batman-adv/bat_sysfs.c b/net/batman-adv/bat_sysfs.c
index cd15deba60a1..b8a7414c3571 100644
--- a/net/batman-adv/bat_sysfs.c
+++ b/net/batman-adv/bat_sysfs.c
@@ -380,6 +380,7 @@ static ssize_t store_gw_bwidth(struct kobject *kobj, struct attribute *attr,
380BAT_ATTR_BOOL(aggregated_ogms, S_IRUGO | S_IWUSR, NULL); 380BAT_ATTR_BOOL(aggregated_ogms, S_IRUGO | S_IWUSR, NULL);
381BAT_ATTR_BOOL(bonding, S_IRUGO | S_IWUSR, NULL); 381BAT_ATTR_BOOL(bonding, S_IRUGO | S_IWUSR, NULL);
382BAT_ATTR_BOOL(fragmentation, S_IRUGO | S_IWUSR, update_min_mtu); 382BAT_ATTR_BOOL(fragmentation, S_IRUGO | S_IWUSR, update_min_mtu);
383BAT_ATTR_BOOL(ap_isolation, S_IRUGO | S_IWUSR, NULL);
383static BAT_ATTR(vis_mode, S_IRUGO | S_IWUSR, show_vis_mode, store_vis_mode); 384static BAT_ATTR(vis_mode, S_IRUGO | S_IWUSR, show_vis_mode, store_vis_mode);
384static BAT_ATTR(gw_mode, S_IRUGO | S_IWUSR, show_gw_mode, store_gw_mode); 385static BAT_ATTR(gw_mode, S_IRUGO | S_IWUSR, show_gw_mode, store_gw_mode);
385BAT_ATTR_UINT(orig_interval, S_IRUGO | S_IWUSR, 2 * JITTER, INT_MAX, NULL); 386BAT_ATTR_UINT(orig_interval, S_IRUGO | S_IWUSR, 2 * JITTER, INT_MAX, NULL);
@@ -396,6 +397,7 @@ static struct bat_attribute *mesh_attrs[] = {
396 &bat_attr_aggregated_ogms, 397 &bat_attr_aggregated_ogms,
397 &bat_attr_bonding, 398 &bat_attr_bonding,
398 &bat_attr_fragmentation, 399 &bat_attr_fragmentation,
400 &bat_attr_ap_isolation,
399 &bat_attr_vis_mode, 401 &bat_attr_vis_mode,
400 &bat_attr_gw_mode, 402 &bat_attr_gw_mode,
401 &bat_attr_orig_interval, 403 &bat_attr_orig_interval,
diff --git a/net/batman-adv/bitarray.c b/net/batman-adv/bitarray.c
index c1f4bfc09cc3..0be9ff346fa0 100644
--- a/net/batman-adv/bitarray.c
+++ b/net/batman-adv/bitarray.c
@@ -97,12 +97,12 @@ static void bit_shift(unsigned long *seq_bits, int32_t n)
97 (seq_bits[i - word_num - 1] >> 97 (seq_bits[i - word_num - 1] >>
98 (WORD_BIT_SIZE-word_offset)); 98 (WORD_BIT_SIZE-word_offset));
99 /* and the upper part of the right half and shift it left to 99 /* and the upper part of the right half and shift it left to
100 * it's position */ 100 * its position */
101 /* for our example that would be: word[0] = 9800 + 0076 = 101 /* for our example that would be: word[0] = 9800 + 0076 =
102 * 9876 */ 102 * 9876 */
103 } 103 }
104 /* now for our last word, i==word_num, we only have the it's "left" 104 /* now for our last word, i==word_num, we only have its "left" half.
105 * half. that's the 1000 word in our example.*/ 105 * that's the 1000 word in our example.*/
106 106
107 seq_bits[i] = (seq_bits[i - word_num] << word_offset); 107 seq_bits[i] = (seq_bits[i - word_num] << word_offset);
108 108
diff --git a/net/batman-adv/gateway_client.c b/net/batman-adv/gateway_client.c
index 056180ef9e1a..619fb73b3b76 100644
--- a/net/batman-adv/gateway_client.c
+++ b/net/batman-adv/gateway_client.c
@@ -532,14 +532,14 @@ static bool is_type_dhcprequest(struct sk_buff *skb, int header_len)
532 pkt_len -= header_len + DHCP_OPTIONS_OFFSET + 1; 532 pkt_len -= header_len + DHCP_OPTIONS_OFFSET + 1;
533 533
534 /* Access the dhcp option lists. Each entry is made up by: 534 /* Access the dhcp option lists. Each entry is made up by:
535 * - octect 1: option type 535 * - octet 1: option type
536 * - octect 2: option data len (only if type != 255 and 0) 536 * - octet 2: option data len (only if type != 255 and 0)
537 * - octect 3: option data */ 537 * - octet 3: option data */
538 while (*p != 255 && !ret) { 538 while (*p != 255 && !ret) {
539 /* p now points to the first octect: option type */ 539 /* p now points to the first octet: option type */
540 if (*p == 53) { 540 if (*p == 53) {
541 /* type 53 is the message type option. 541 /* type 53 is the message type option.
542 * Jump the len octect and go to the data octect */ 542 * Jump the len octet and go to the data octet */
543 if (pkt_len < 2) 543 if (pkt_len < 2)
544 goto out; 544 goto out;
545 p += 2; 545 p += 2;
diff --git a/net/batman-adv/hard-interface.c b/net/batman-adv/hard-interface.c
index db7aacf1e095..7704df468e0b 100644
--- a/net/batman-adv/hard-interface.c
+++ b/net/batman-adv/hard-interface.c
@@ -28,6 +28,7 @@
28#include "bat_sysfs.h" 28#include "bat_sysfs.h"
29#include "originator.h" 29#include "originator.h"
30#include "hash.h" 30#include "hash.h"
31#include "bat_ogm.h"
31 32
32#include <linux/if_arp.h> 33#include <linux/if_arp.h>
33 34
@@ -131,7 +132,6 @@ static void primary_if_select(struct bat_priv *bat_priv,
131 struct hard_iface *new_hard_iface) 132 struct hard_iface *new_hard_iface)
132{ 133{
133 struct hard_iface *curr_hard_iface; 134 struct hard_iface *curr_hard_iface;
134 struct batman_packet *batman_packet;
135 135
136 ASSERT_RTNL(); 136 ASSERT_RTNL();
137 137
@@ -147,10 +147,7 @@ static void primary_if_select(struct bat_priv *bat_priv,
147 if (!new_hard_iface) 147 if (!new_hard_iface)
148 return; 148 return;
149 149
150 batman_packet = (struct batman_packet *)(new_hard_iface->packet_buff); 150 bat_ogm_init_primary(new_hard_iface);
151 batman_packet->flags = PRIMARIES_FIRST_HOP;
152 batman_packet->ttl = TTL;
153
154 primary_if_update_addr(bat_priv); 151 primary_if_update_addr(bat_priv);
155} 152}
156 153
@@ -162,14 +159,6 @@ static bool hardif_is_iface_up(const struct hard_iface *hard_iface)
162 return false; 159 return false;
163} 160}
164 161
165static void update_mac_addresses(struct hard_iface *hard_iface)
166{
167 memcpy(((struct batman_packet *)(hard_iface->packet_buff))->orig,
168 hard_iface->net_dev->dev_addr, ETH_ALEN);
169 memcpy(((struct batman_packet *)(hard_iface->packet_buff))->prev_sender,
170 hard_iface->net_dev->dev_addr, ETH_ALEN);
171}
172
173static void check_known_mac_addr(const struct net_device *net_dev) 162static void check_known_mac_addr(const struct net_device *net_dev)
174{ 163{
175 const struct hard_iface *hard_iface; 164 const struct hard_iface *hard_iface;
@@ -244,12 +233,12 @@ static void hardif_activate_interface(struct hard_iface *hard_iface)
244 233
245 bat_priv = netdev_priv(hard_iface->soft_iface); 234 bat_priv = netdev_priv(hard_iface->soft_iface);
246 235
247 update_mac_addresses(hard_iface); 236 bat_ogm_update_mac(hard_iface);
248 hard_iface->if_status = IF_TO_BE_ACTIVATED; 237 hard_iface->if_status = IF_TO_BE_ACTIVATED;
249 238
250 /** 239 /**
251 * the first active interface becomes our primary interface or 240 * the first active interface becomes our primary interface or
252 * the next active interface after the old primay interface was removed 241 * the next active interface after the old primary interface was removed
253 */ 242 */
254 primary_if = primary_if_get_selected(bat_priv); 243 primary_if = primary_if_get_selected(bat_priv);
255 if (!primary_if) 244 if (!primary_if)
@@ -283,7 +272,6 @@ int hardif_enable_interface(struct hard_iface *hard_iface,
283 const char *iface_name) 272 const char *iface_name)
284{ 273{
285 struct bat_priv *bat_priv; 274 struct bat_priv *bat_priv;
286 struct batman_packet *batman_packet;
287 struct net_device *soft_iface; 275 struct net_device *soft_iface;
288 int ret; 276 int ret;
289 277
@@ -318,8 +306,8 @@ int hardif_enable_interface(struct hard_iface *hard_iface,
318 306
319 hard_iface->soft_iface = soft_iface; 307 hard_iface->soft_iface = soft_iface;
320 bat_priv = netdev_priv(hard_iface->soft_iface); 308 bat_priv = netdev_priv(hard_iface->soft_iface);
321 hard_iface->packet_len = BAT_PACKET_LEN; 309
322 hard_iface->packet_buff = kmalloc(hard_iface->packet_len, GFP_ATOMIC); 310 bat_ogm_init(hard_iface);
323 311
324 if (!hard_iface->packet_buff) { 312 if (!hard_iface->packet_buff) {
325 bat_err(hard_iface->soft_iface, "Can't add interface packet " 313 bat_err(hard_iface->soft_iface, "Can't add interface packet "
@@ -328,15 +316,6 @@ int hardif_enable_interface(struct hard_iface *hard_iface,
328 goto err; 316 goto err;
329 } 317 }
330 318
331 batman_packet = (struct batman_packet *)(hard_iface->packet_buff);
332 batman_packet->packet_type = BAT_PACKET;
333 batman_packet->version = COMPAT_VERSION;
334 batman_packet->flags = NO_FLAGS;
335 batman_packet->ttl = 2;
336 batman_packet->tq = TQ_MAX_VALUE;
337 batman_packet->tt_num_changes = 0;
338 batman_packet->ttvn = 0;
339
340 hard_iface->if_num = bat_priv->num_ifaces; 319 hard_iface->if_num = bat_priv->num_ifaces;
341 bat_priv->num_ifaces++; 320 bat_priv->num_ifaces++;
342 hard_iface->if_status = IF_INACTIVE; 321 hard_iface->if_status = IF_INACTIVE;
@@ -381,7 +360,7 @@ int hardif_enable_interface(struct hard_iface *hard_iface,
381 hard_iface->net_dev->name); 360 hard_iface->net_dev->name);
382 361
383 /* begin scheduling originator messages on that interface */ 362 /* begin scheduling originator messages on that interface */
384 schedule_own_packet(hard_iface); 363 schedule_bat_ogm(hard_iface);
385 364
386out: 365out:
387 return 0; 366 return 0;
@@ -455,11 +434,8 @@ static struct hard_iface *hardif_add_interface(struct net_device *net_dev)
455 dev_hold(net_dev); 434 dev_hold(net_dev);
456 435
457 hard_iface = kmalloc(sizeof(*hard_iface), GFP_ATOMIC); 436 hard_iface = kmalloc(sizeof(*hard_iface), GFP_ATOMIC);
458 if (!hard_iface) { 437 if (!hard_iface)
459 pr_err("Can't add interface (%s): out of memory\n",
460 net_dev->name);
461 goto release_dev; 438 goto release_dev;
462 }
463 439
464 ret = sysfs_add_hardif(&hard_iface->hardif_obj, net_dev); 440 ret = sysfs_add_hardif(&hard_iface->hardif_obj, net_dev);
465 if (ret) 441 if (ret)
@@ -551,7 +527,7 @@ static int hard_if_event(struct notifier_block *this,
551 goto hardif_put; 527 goto hardif_put;
552 528
553 check_known_mac_addr(hard_iface->net_dev); 529 check_known_mac_addr(hard_iface->net_dev);
554 update_mac_addresses(hard_iface); 530 bat_ogm_update_mac(hard_iface);
555 531
556 bat_priv = netdev_priv(hard_iface->soft_iface); 532 bat_priv = netdev_priv(hard_iface->soft_iface);
557 primary_if = primary_if_get_selected(bat_priv); 533 primary_if = primary_if_get_selected(bat_priv);
@@ -573,14 +549,14 @@ out:
573 return NOTIFY_DONE; 549 return NOTIFY_DONE;
574} 550}
575 551
576/* receive a packet with the batman ethertype coming on a hard 552/* incoming packets with the batman ethertype received on any active hard
577 * interface */ 553 * interface */
578static int batman_skb_recv(struct sk_buff *skb, struct net_device *dev, 554static int batman_skb_recv(struct sk_buff *skb, struct net_device *dev,
579 struct packet_type *ptype, 555 struct packet_type *ptype,
580 struct net_device *orig_dev) 556 struct net_device *orig_dev)
581{ 557{
582 struct bat_priv *bat_priv; 558 struct bat_priv *bat_priv;
583 struct batman_packet *batman_packet; 559 struct batman_ogm_packet *batman_ogm_packet;
584 struct hard_iface *hard_iface; 560 struct hard_iface *hard_iface;
585 int ret; 561 int ret;
586 562
@@ -612,22 +588,22 @@ static int batman_skb_recv(struct sk_buff *skb, struct net_device *dev,
612 if (hard_iface->if_status != IF_ACTIVE) 588 if (hard_iface->if_status != IF_ACTIVE)
613 goto err_free; 589 goto err_free;
614 590
615 batman_packet = (struct batman_packet *)skb->data; 591 batman_ogm_packet = (struct batman_ogm_packet *)skb->data;
616 592
617 if (batman_packet->version != COMPAT_VERSION) { 593 if (batman_ogm_packet->version != COMPAT_VERSION) {
618 bat_dbg(DBG_BATMAN, bat_priv, 594 bat_dbg(DBG_BATMAN, bat_priv,
619 "Drop packet: incompatible batman version (%i)\n", 595 "Drop packet: incompatible batman version (%i)\n",
620 batman_packet->version); 596 batman_ogm_packet->version);
621 goto err_free; 597 goto err_free;
622 } 598 }
623 599
624 /* all receive handlers return whether they received or reused 600 /* all receive handlers return whether they received or reused
625 * the supplied skb. if not, we have to free the skb. */ 601 * the supplied skb. if not, we have to free the skb. */
626 602
627 switch (batman_packet->packet_type) { 603 switch (batman_ogm_packet->packet_type) {
628 /* batman originator packet */ 604 /* batman originator packet */
629 case BAT_PACKET: 605 case BAT_OGM:
630 ret = recv_bat_packet(skb, hard_iface); 606 ret = recv_bat_ogm_packet(skb, hard_iface);
631 break; 607 break;
632 608
633 /* batman icmp packet */ 609 /* batman icmp packet */
@@ -681,6 +657,36 @@ err_out:
681 return NET_RX_DROP; 657 return NET_RX_DROP;
682} 658}
683 659
660/* This function returns true if the interface represented by ifindex is a
661 * 802.11 wireless device */
662bool is_wifi_iface(int ifindex)
663{
664 struct net_device *net_device = NULL;
665 bool ret = false;
666
667 if (ifindex == NULL_IFINDEX)
668 goto out;
669
670 net_device = dev_get_by_index(&init_net, ifindex);
671 if (!net_device)
672 goto out;
673
674#ifdef CONFIG_WIRELESS_EXT
675 /* pre-cfg80211 drivers have to implement WEXT, so it is possible to
676 * check for wireless_handlers != NULL */
677 if (net_device->wireless_handlers)
678 ret = true;
679 else
680#endif
681 /* cfg80211 drivers have to set ieee80211_ptr */
682 if (net_device->ieee80211_ptr)
683 ret = true;
684out:
685 if (net_device)
686 dev_put(net_device);
687 return ret;
688}
689
684struct notifier_block hard_if_notifier = { 690struct notifier_block hard_if_notifier = {
685 .notifier_call = hard_if_event, 691 .notifier_call = hard_if_event,
686}; 692};
diff --git a/net/batman-adv/hard-interface.h b/net/batman-adv/hard-interface.h
index 442eacbc9e3a..67f78d1a63b4 100644
--- a/net/batman-adv/hard-interface.h
+++ b/net/batman-adv/hard-interface.h
@@ -42,6 +42,7 @@ void hardif_remove_interfaces(void);
42int hardif_min_mtu(struct net_device *soft_iface); 42int hardif_min_mtu(struct net_device *soft_iface);
43void update_min_mtu(struct net_device *soft_iface); 43void update_min_mtu(struct net_device *soft_iface);
44void hardif_free_rcu(struct rcu_head *rcu); 44void hardif_free_rcu(struct rcu_head *rcu);
45bool is_wifi_iface(int ifindex);
45 46
46static inline void hardif_free_ref(struct hard_iface *hard_iface) 47static inline void hardif_free_ref(struct hard_iface *hard_iface)
47{ 48{
diff --git a/net/batman-adv/hash.h b/net/batman-adv/hash.h
index dd5c9fd7a905..d20aa71ba1e8 100644
--- a/net/batman-adv/hash.h
+++ b/net/batman-adv/hash.h
@@ -76,19 +76,30 @@ static inline void hash_delete(struct hashtable_t *hash,
76 hash_destroy(hash); 76 hash_destroy(hash);
77} 77}
78 78
79/* adds data to the hashtable. returns 0 on success, -1 on error */ 79/**
80 * hash_add - adds data to the hashtable
81 * @hash: storage hash table
82 * @compare: callback to determine if 2 hash elements are identical
83 * @choose: callback calculating the hash index
84 * @data: data passed to the aforementioned callbacks as argument
85 * @data_node: to be added element
86 *
87 * Returns 0 on success, 1 if the element already is in the hash
88 * and -1 on error.
89 */
90
80static inline int hash_add(struct hashtable_t *hash, 91static inline int hash_add(struct hashtable_t *hash,
81 hashdata_compare_cb compare, 92 hashdata_compare_cb compare,
82 hashdata_choose_cb choose, 93 hashdata_choose_cb choose,
83 const void *data, struct hlist_node *data_node) 94 const void *data, struct hlist_node *data_node)
84{ 95{
85 int index; 96 int index, ret = -1;
86 struct hlist_head *head; 97 struct hlist_head *head;
87 struct hlist_node *node; 98 struct hlist_node *node;
88 spinlock_t *list_lock; /* spinlock to protect write access */ 99 spinlock_t *list_lock; /* spinlock to protect write access */
89 100
90 if (!hash) 101 if (!hash)
91 goto err; 102 goto out;
92 103
93 index = choose(data, hash->size); 104 index = choose(data, hash->size);
94 head = &hash->table[index]; 105 head = &hash->table[index];
@@ -99,6 +110,7 @@ static inline int hash_add(struct hashtable_t *hash,
99 if (!compare(node, data)) 110 if (!compare(node, data))
100 continue; 111 continue;
101 112
113 ret = 1;
102 goto err_unlock; 114 goto err_unlock;
103 } 115 }
104 rcu_read_unlock(); 116 rcu_read_unlock();
@@ -108,12 +120,13 @@ static inline int hash_add(struct hashtable_t *hash,
108 hlist_add_head_rcu(data_node, head); 120 hlist_add_head_rcu(data_node, head);
109 spin_unlock_bh(list_lock); 121 spin_unlock_bh(list_lock);
110 122
111 return 0; 123 ret = 0;
124 goto out;
112 125
113err_unlock: 126err_unlock:
114 rcu_read_unlock(); 127 rcu_read_unlock();
115err: 128out:
116 return -1; 129 return ret;
117} 130}
118 131
119/* removes data from hash, if found. returns pointer do data on success, so you 132/* removes data from hash, if found. returns pointer do data on success, so you
diff --git a/net/batman-adv/main.c b/net/batman-adv/main.c
index b0f9068ade57..fb87bdc2ce9b 100644
--- a/net/batman-adv/main.c
+++ b/net/batman-adv/main.c
@@ -107,7 +107,7 @@ int mesh_init(struct net_device *soft_iface)
107 if (tt_init(bat_priv) < 1) 107 if (tt_init(bat_priv) < 1)
108 goto err; 108 goto err;
109 109
110 tt_local_add(soft_iface, soft_iface->dev_addr); 110 tt_local_add(soft_iface, soft_iface->dev_addr, NULL_IFINDEX);
111 111
112 if (vis_init(bat_priv) < 1) 112 if (vis_init(bat_priv) < 1)
113 goto err; 113 goto err;
@@ -117,8 +117,6 @@ int mesh_init(struct net_device *soft_iface)
117 goto end; 117 goto end;
118 118
119err: 119err:
120 pr_err("Unable to allocate memory for mesh information structures: "
121 "out of mem ?\n");
122 mesh_free(soft_iface); 120 mesh_free(soft_iface);
123 return -1; 121 return -1;
124 122
diff --git a/net/batman-adv/main.h b/net/batman-adv/main.h
index a6df61a6933b..964ad4d8ba33 100644
--- a/net/batman-adv/main.h
+++ b/net/batman-adv/main.h
@@ -28,7 +28,7 @@
28#define DRIVER_DEVICE "batman-adv" 28#define DRIVER_DEVICE "batman-adv"
29 29
30#ifndef SOURCE_VERSION 30#ifndef SOURCE_VERSION
31#define SOURCE_VERSION "2011.3.0" 31#define SOURCE_VERSION "2011.4.0"
32#endif 32#endif
33 33
34/* B.A.T.M.A.N. parameters */ 34/* B.A.T.M.A.N. parameters */
@@ -44,7 +44,7 @@
44#define PURGE_TIMEOUT 200 44#define PURGE_TIMEOUT 200
45#define TT_LOCAL_TIMEOUT 3600 /* in seconds */ 45#define TT_LOCAL_TIMEOUT 3600 /* in seconds */
46#define TT_CLIENT_ROAM_TIMEOUT 600 46#define TT_CLIENT_ROAM_TIMEOUT 600
47/* sliding packet range of received originator messages in squence numbers 47/* sliding packet range of received originator messages in sequence numbers
48 * (should be a multiple of our word size) */ 48 * (should be a multiple of our word size) */
49#define TQ_LOCAL_WINDOW_SIZE 64 49#define TQ_LOCAL_WINDOW_SIZE 64
50#define TT_REQUEST_TIMEOUT 3 /* seconds we have to keep pending tt_req */ 50#define TT_REQUEST_TIMEOUT 3 /* seconds we have to keep pending tt_req */
@@ -62,6 +62,8 @@
62 62
63#define NO_FLAGS 0 63#define NO_FLAGS 0
64 64
65#define NULL_IFINDEX 0 /* dummy ifindex used to avoid iface checks */
66
65#define NUM_WORDS (TQ_LOCAL_WINDOW_SIZE / WORD_BIT_SIZE) 67#define NUM_WORDS (TQ_LOCAL_WINDOW_SIZE / WORD_BIT_SIZE)
66 68
67#define LOG_BUF_LEN 8192 /* has to be a power of 2 */ 69#define LOG_BUF_LEN 8192 /* has to be a power of 2 */
@@ -133,7 +135,7 @@ enum dbg_level {
133#include <linux/mutex.h> /* mutex */ 135#include <linux/mutex.h> /* mutex */
134#include <linux/module.h> /* needed by all modules */ 136#include <linux/module.h> /* needed by all modules */
135#include <linux/netdevice.h> /* netdevice */ 137#include <linux/netdevice.h> /* netdevice */
136#include <linux/etherdevice.h> /* ethernet address classifaction */ 138#include <linux/etherdevice.h> /* ethernet address classification */
137#include <linux/if_ether.h> /* ethernet header */ 139#include <linux/if_ether.h> /* ethernet header */
138#include <linux/poll.h> /* poll_table */ 140#include <linux/poll.h> /* poll_table */
139#include <linux/kthread.h> /* kernel threads */ 141#include <linux/kthread.h> /* kernel threads */
diff --git a/net/batman-adv/originator.c b/net/batman-adv/originator.c
index f3c3f620d195..0e5b77255d99 100644
--- a/net/batman-adv/originator.c
+++ b/net/batman-adv/originator.c
@@ -252,7 +252,7 @@ struct orig_node *get_orig_node(struct bat_priv *bat_priv, const uint8_t *addr)
252 252
253 hash_added = hash_add(bat_priv->orig_hash, compare_orig, 253 hash_added = hash_add(bat_priv->orig_hash, compare_orig,
254 choose_orig, orig_node, &orig_node->hash_entry); 254 choose_orig, orig_node, &orig_node->hash_entry);
255 if (hash_added < 0) 255 if (hash_added != 0)
256 goto free_bcast_own_sum; 256 goto free_bcast_own_sum;
257 257
258 return orig_node; 258 return orig_node;
@@ -336,8 +336,7 @@ static bool purge_orig_node(struct bat_priv *bat_priv,
336 } else { 336 } else {
337 if (purge_orig_neighbors(bat_priv, orig_node, 337 if (purge_orig_neighbors(bat_priv, orig_node,
338 &best_neigh_node)) { 338 &best_neigh_node)) {
339 update_routes(bat_priv, orig_node, 339 update_route(bat_priv, orig_node, best_neigh_node);
340 best_neigh_node);
341 } 340 }
342 } 341 }
343 342
@@ -493,10 +492,8 @@ static int orig_node_add_if(struct orig_node *orig_node, int max_if_num)
493 492
494 data_ptr = kmalloc(max_if_num * sizeof(unsigned long) * NUM_WORDS, 493 data_ptr = kmalloc(max_if_num * sizeof(unsigned long) * NUM_WORDS,
495 GFP_ATOMIC); 494 GFP_ATOMIC);
496 if (!data_ptr) { 495 if (!data_ptr)
497 pr_err("Can't resize orig: out of memory\n");
498 return -1; 496 return -1;
499 }
500 497
501 memcpy(data_ptr, orig_node->bcast_own, 498 memcpy(data_ptr, orig_node->bcast_own,
502 (max_if_num - 1) * sizeof(unsigned long) * NUM_WORDS); 499 (max_if_num - 1) * sizeof(unsigned long) * NUM_WORDS);
@@ -504,10 +501,8 @@ static int orig_node_add_if(struct orig_node *orig_node, int max_if_num)
504 orig_node->bcast_own = data_ptr; 501 orig_node->bcast_own = data_ptr;
505 502
506 data_ptr = kmalloc(max_if_num * sizeof(uint8_t), GFP_ATOMIC); 503 data_ptr = kmalloc(max_if_num * sizeof(uint8_t), GFP_ATOMIC);
507 if (!data_ptr) { 504 if (!data_ptr)
508 pr_err("Can't resize orig: out of memory\n");
509 return -1; 505 return -1;
510 }
511 506
512 memcpy(data_ptr, orig_node->bcast_own_sum, 507 memcpy(data_ptr, orig_node->bcast_own_sum,
513 (max_if_num - 1) * sizeof(uint8_t)); 508 (max_if_num - 1) * sizeof(uint8_t));
@@ -562,10 +557,8 @@ static int orig_node_del_if(struct orig_node *orig_node,
562 557
563 chunk_size = sizeof(unsigned long) * NUM_WORDS; 558 chunk_size = sizeof(unsigned long) * NUM_WORDS;
564 data_ptr = kmalloc(max_if_num * chunk_size, GFP_ATOMIC); 559 data_ptr = kmalloc(max_if_num * chunk_size, GFP_ATOMIC);
565 if (!data_ptr) { 560 if (!data_ptr)
566 pr_err("Can't resize orig: out of memory\n");
567 return -1; 561 return -1;
568 }
569 562
570 /* copy first part */ 563 /* copy first part */
571 memcpy(data_ptr, orig_node->bcast_own, del_if_num * chunk_size); 564 memcpy(data_ptr, orig_node->bcast_own, del_if_num * chunk_size);
@@ -583,10 +576,8 @@ free_bcast_own:
583 goto free_own_sum; 576 goto free_own_sum;
584 577
585 data_ptr = kmalloc(max_if_num * sizeof(uint8_t), GFP_ATOMIC); 578 data_ptr = kmalloc(max_if_num * sizeof(uint8_t), GFP_ATOMIC);
586 if (!data_ptr) { 579 if (!data_ptr)
587 pr_err("Can't resize orig: out of memory\n");
588 return -1; 580 return -1;
589 }
590 581
591 memcpy(data_ptr, orig_node->bcast_own_sum, 582 memcpy(data_ptr, orig_node->bcast_own_sum,
592 del_if_num * sizeof(uint8_t)); 583 del_if_num * sizeof(uint8_t));
diff --git a/net/batman-adv/packet.h b/net/batman-adv/packet.h
index b76b4be10b92..4d9e54c57a36 100644
--- a/net/batman-adv/packet.h
+++ b/net/batman-adv/packet.h
@@ -25,14 +25,14 @@
25#define ETH_P_BATMAN 0x4305 /* unofficial/not registered Ethertype */ 25#define ETH_P_BATMAN 0x4305 /* unofficial/not registered Ethertype */
26 26
27enum bat_packettype { 27enum bat_packettype {
28 BAT_PACKET = 0x01, 28 BAT_OGM = 0x01,
29 BAT_ICMP = 0x02, 29 BAT_ICMP = 0x02,
30 BAT_UNICAST = 0x03, 30 BAT_UNICAST = 0x03,
31 BAT_BCAST = 0x04, 31 BAT_BCAST = 0x04,
32 BAT_VIS = 0x05, 32 BAT_VIS = 0x05,
33 BAT_UNICAST_FRAG = 0x06, 33 BAT_UNICAST_FRAG = 0x06,
34 BAT_TT_QUERY = 0x07, 34 BAT_TT_QUERY = 0x07,
35 BAT_ROAM_ADV = 0x08 35 BAT_ROAM_ADV = 0x08
36}; 36};
37 37
38/* this file is included by batctl which needs these defines */ 38/* this file is included by batctl which needs these defines */
@@ -84,12 +84,13 @@ enum tt_query_flags {
84enum tt_client_flags { 84enum tt_client_flags {
85 TT_CLIENT_DEL = 1 << 0, 85 TT_CLIENT_DEL = 1 << 0,
86 TT_CLIENT_ROAM = 1 << 1, 86 TT_CLIENT_ROAM = 1 << 1,
87 TT_CLIENT_WIFI = 1 << 2,
87 TT_CLIENT_NOPURGE = 1 << 8, 88 TT_CLIENT_NOPURGE = 1 << 8,
88 TT_CLIENT_NEW = 1 << 9, 89 TT_CLIENT_NEW = 1 << 9,
89 TT_CLIENT_PENDING = 1 << 10 90 TT_CLIENT_PENDING = 1 << 10
90}; 91};
91 92
92struct batman_packet { 93struct batman_ogm_packet {
93 uint8_t packet_type; 94 uint8_t packet_type;
94 uint8_t version; /* batman version field */ 95 uint8_t version; /* batman version field */
95 uint8_t ttl; 96 uint8_t ttl;
@@ -104,7 +105,7 @@ struct batman_packet {
104 uint16_t tt_crc; 105 uint16_t tt_crc;
105} __packed; 106} __packed;
106 107
107#define BAT_PACKET_LEN sizeof(struct batman_packet) 108#define BATMAN_OGM_LEN sizeof(struct batman_ogm_packet)
108 109
109struct icmp_packet { 110struct icmp_packet {
110 uint8_t packet_type; 111 uint8_t packet_type;
diff --git a/net/batman-adv/routing.c b/net/batman-adv/routing.c
index 0f32c818874d..f961cc5eade5 100644
--- a/net/batman-adv/routing.c
+++ b/net/batman-adv/routing.c
@@ -22,18 +22,14 @@
22#include "main.h" 22#include "main.h"
23#include "routing.h" 23#include "routing.h"
24#include "send.h" 24#include "send.h"
25#include "hash.h"
26#include "soft-interface.h" 25#include "soft-interface.h"
27#include "hard-interface.h" 26#include "hard-interface.h"
28#include "icmp_socket.h" 27#include "icmp_socket.h"
29#include "translation-table.h" 28#include "translation-table.h"
30#include "originator.h" 29#include "originator.h"
31#include "ring_buffer.h"
32#include "vis.h" 30#include "vis.h"
33#include "aggregation.h"
34#include "gateway_common.h"
35#include "gateway_client.h"
36#include "unicast.h" 31#include "unicast.h"
32#include "bat_ogm.h"
37 33
38void slide_own_bcast_window(struct hard_iface *hard_iface) 34void slide_own_bcast_window(struct hard_iface *hard_iface)
39{ 35{
@@ -64,69 +60,9 @@ void slide_own_bcast_window(struct hard_iface *hard_iface)
64 } 60 }
65} 61}
66 62
67static void update_transtable(struct bat_priv *bat_priv, 63static void _update_route(struct bat_priv *bat_priv,
68 struct orig_node *orig_node, 64 struct orig_node *orig_node,
69 const unsigned char *tt_buff, 65 struct neigh_node *neigh_node)
70 uint8_t tt_num_changes, uint8_t ttvn,
71 uint16_t tt_crc)
72{
73 uint8_t orig_ttvn = (uint8_t)atomic_read(&orig_node->last_ttvn);
74 bool full_table = true;
75
76 /* the ttvn increased by one -> we can apply the attached changes */
77 if (ttvn - orig_ttvn == 1) {
78 /* the OGM could not contain the changes because they were too
79 * many to fit in one frame or because they have already been
80 * sent TT_OGM_APPEND_MAX times. In this case send a tt
81 * request */
82 if (!tt_num_changes) {
83 full_table = false;
84 goto request_table;
85 }
86
87 tt_update_changes(bat_priv, orig_node, tt_num_changes, ttvn,
88 (struct tt_change *)tt_buff);
89
90 /* Even if we received the crc into the OGM, we prefer
91 * to recompute it to spot any possible inconsistency
92 * in the global table */
93 orig_node->tt_crc = tt_global_crc(bat_priv, orig_node);
94
95 /* The ttvn alone is not enough to guarantee consistency
96 * because a single value could repesent different states
97 * (due to the wrap around). Thus a node has to check whether
98 * the resulting table (after applying the changes) is still
99 * consistent or not. E.g. a node could disconnect while its
100 * ttvn is X and reconnect on ttvn = X + TTVN_MAX: in this case
101 * checking the CRC value is mandatory to detect the
102 * inconsistency */
103 if (orig_node->tt_crc != tt_crc)
104 goto request_table;
105
106 /* Roaming phase is over: tables are in sync again. I can
107 * unset the flag */
108 orig_node->tt_poss_change = false;
109 } else {
110 /* if we missed more than one change or our tables are not
111 * in sync anymore -> request fresh tt data */
112 if (ttvn != orig_ttvn || orig_node->tt_crc != tt_crc) {
113request_table:
114 bat_dbg(DBG_TT, bat_priv, "TT inconsistency for %pM. "
115 "Need to retrieve the correct information "
116 "(ttvn: %u last_ttvn: %u crc: %u last_crc: "
117 "%u num_changes: %u)\n", orig_node->orig, ttvn,
118 orig_ttvn, tt_crc, orig_node->tt_crc,
119 tt_num_changes);
120 send_tt_request(bat_priv, orig_node, ttvn, tt_crc,
121 full_table);
122 return;
123 }
124 }
125}
126
127static void update_route(struct bat_priv *bat_priv,
128 struct orig_node *orig_node,
129 struct neigh_node *neigh_node)
130{ 66{
131 struct neigh_node *curr_router; 67 struct neigh_node *curr_router;
132 68
@@ -170,8 +106,8 @@ static void update_route(struct bat_priv *bat_priv,
170 neigh_node_free_ref(curr_router); 106 neigh_node_free_ref(curr_router);
171} 107}
172 108
173void update_routes(struct bat_priv *bat_priv, struct orig_node *orig_node, 109void update_route(struct bat_priv *bat_priv, struct orig_node *orig_node,
174 struct neigh_node *neigh_node) 110 struct neigh_node *neigh_node)
175{ 111{
176 struct neigh_node *router = NULL; 112 struct neigh_node *router = NULL;
177 113
@@ -181,116 +117,13 @@ void update_routes(struct bat_priv *bat_priv, struct orig_node *orig_node,
181 router = orig_node_get_router(orig_node); 117 router = orig_node_get_router(orig_node);
182 118
183 if (router != neigh_node) 119 if (router != neigh_node)
184 update_route(bat_priv, orig_node, neigh_node); 120 _update_route(bat_priv, orig_node, neigh_node);
185 121
186out: 122out:
187 if (router) 123 if (router)
188 neigh_node_free_ref(router); 124 neigh_node_free_ref(router);
189} 125}
190 126
191static int is_bidirectional_neigh(struct orig_node *orig_node,
192 struct orig_node *orig_neigh_node,
193 struct batman_packet *batman_packet,
194 struct hard_iface *if_incoming)
195{
196 struct bat_priv *bat_priv = netdev_priv(if_incoming->soft_iface);
197 struct neigh_node *neigh_node = NULL, *tmp_neigh_node;
198 struct hlist_node *node;
199 uint8_t total_count;
200 uint8_t orig_eq_count, neigh_rq_count, tq_own;
201 int tq_asym_penalty, ret = 0;
202
203 /* find corresponding one hop neighbor */
204 rcu_read_lock();
205 hlist_for_each_entry_rcu(tmp_neigh_node, node,
206 &orig_neigh_node->neigh_list, list) {
207
208 if (!compare_eth(tmp_neigh_node->addr, orig_neigh_node->orig))
209 continue;
210
211 if (tmp_neigh_node->if_incoming != if_incoming)
212 continue;
213
214 if (!atomic_inc_not_zero(&tmp_neigh_node->refcount))
215 continue;
216
217 neigh_node = tmp_neigh_node;
218 break;
219 }
220 rcu_read_unlock();
221
222 if (!neigh_node)
223 neigh_node = create_neighbor(orig_neigh_node,
224 orig_neigh_node,
225 orig_neigh_node->orig,
226 if_incoming);
227
228 if (!neigh_node)
229 goto out;
230
231 /* if orig_node is direct neighbour update neigh_node last_valid */
232 if (orig_node == orig_neigh_node)
233 neigh_node->last_valid = jiffies;
234
235 orig_node->last_valid = jiffies;
236
237 /* find packet count of corresponding one hop neighbor */
238 spin_lock_bh(&orig_node->ogm_cnt_lock);
239 orig_eq_count = orig_neigh_node->bcast_own_sum[if_incoming->if_num];
240 neigh_rq_count = neigh_node->real_packet_count;
241 spin_unlock_bh(&orig_node->ogm_cnt_lock);
242
243 /* pay attention to not get a value bigger than 100 % */
244 total_count = (orig_eq_count > neigh_rq_count ?
245 neigh_rq_count : orig_eq_count);
246
247 /* if we have too few packets (too less data) we set tq_own to zero */
248 /* if we receive too few packets it is not considered bidirectional */
249 if ((total_count < TQ_LOCAL_BIDRECT_SEND_MINIMUM) ||
250 (neigh_rq_count < TQ_LOCAL_BIDRECT_RECV_MINIMUM))
251 tq_own = 0;
252 else
253 /* neigh_node->real_packet_count is never zero as we
254 * only purge old information when getting new
255 * information */
256 tq_own = (TQ_MAX_VALUE * total_count) / neigh_rq_count;
257
258 /*
259 * 1 - ((1-x) ** 3), normalized to TQ_MAX_VALUE this does
260 * affect the nearly-symmetric links only a little, but
261 * punishes asymmetric links more. This will give a value
262 * between 0 and TQ_MAX_VALUE
263 */
264 tq_asym_penalty = TQ_MAX_VALUE - (TQ_MAX_VALUE *
265 (TQ_LOCAL_WINDOW_SIZE - neigh_rq_count) *
266 (TQ_LOCAL_WINDOW_SIZE - neigh_rq_count) *
267 (TQ_LOCAL_WINDOW_SIZE - neigh_rq_count)) /
268 (TQ_LOCAL_WINDOW_SIZE *
269 TQ_LOCAL_WINDOW_SIZE *
270 TQ_LOCAL_WINDOW_SIZE);
271
272 batman_packet->tq = ((batman_packet->tq * tq_own * tq_asym_penalty) /
273 (TQ_MAX_VALUE * TQ_MAX_VALUE));
274
275 bat_dbg(DBG_BATMAN, bat_priv,
276 "bidirectional: "
277 "orig = %-15pM neigh = %-15pM => own_bcast = %2i, "
278 "real recv = %2i, local tq: %3i, asym_penalty: %3i, "
279 "total tq: %3i\n",
280 orig_node->orig, orig_neigh_node->orig, total_count,
281 neigh_rq_count, tq_own, tq_asym_penalty, batman_packet->tq);
282
283 /* if link has the minimum required transmission quality
284 * consider it bidirectional */
285 if (batman_packet->tq >= TQ_TOTAL_BIDRECT_LIMIT)
286 ret = 1;
287
288out:
289 if (neigh_node)
290 neigh_node_free_ref(neigh_node);
291 return ret;
292}
293
294/* caller must hold the neigh_list_lock */ 127/* caller must hold the neigh_list_lock */
295void bonding_candidate_del(struct orig_node *orig_node, 128void bonding_candidate_del(struct orig_node *orig_node,
296 struct neigh_node *neigh_node) 129 struct neigh_node *neigh_node)
@@ -308,8 +141,8 @@ out:
308 return; 141 return;
309} 142}
310 143
311static void bonding_candidate_add(struct orig_node *orig_node, 144void bonding_candidate_add(struct orig_node *orig_node,
312 struct neigh_node *neigh_node) 145 struct neigh_node *neigh_node)
313{ 146{
314 struct hlist_node *node; 147 struct hlist_node *node;
315 struct neigh_node *tmp_neigh_node, *router = NULL; 148 struct neigh_node *tmp_neigh_node, *router = NULL;
@@ -379,162 +212,23 @@ out:
379} 212}
380 213
381/* copy primary address for bonding */ 214/* copy primary address for bonding */
382static void bonding_save_primary(const struct orig_node *orig_node, 215void bonding_save_primary(const struct orig_node *orig_node,
383 struct orig_node *orig_neigh_node, 216 struct orig_node *orig_neigh_node,
384 const struct batman_packet *batman_packet) 217 const struct batman_ogm_packet *batman_ogm_packet)
385{ 218{
386 if (!(batman_packet->flags & PRIMARIES_FIRST_HOP)) 219 if (!(batman_ogm_packet->flags & PRIMARIES_FIRST_HOP))
387 return; 220 return;
388 221
389 memcpy(orig_neigh_node->primary_addr, orig_node->orig, ETH_ALEN); 222 memcpy(orig_neigh_node->primary_addr, orig_node->orig, ETH_ALEN);
390} 223}
391 224
392static void update_orig(struct bat_priv *bat_priv, struct orig_node *orig_node,
393 const struct ethhdr *ethhdr,
394 const struct batman_packet *batman_packet,
395 struct hard_iface *if_incoming,
396 const unsigned char *tt_buff, int is_duplicate)
397{
398 struct neigh_node *neigh_node = NULL, *tmp_neigh_node = NULL;
399 struct neigh_node *router = NULL;
400 struct orig_node *orig_node_tmp;
401 struct hlist_node *node;
402 uint8_t bcast_own_sum_orig, bcast_own_sum_neigh;
403
404 bat_dbg(DBG_BATMAN, bat_priv, "update_originator(): "
405 "Searching and updating originator entry of received packet\n");
406
407 rcu_read_lock();
408 hlist_for_each_entry_rcu(tmp_neigh_node, node,
409 &orig_node->neigh_list, list) {
410 if (compare_eth(tmp_neigh_node->addr, ethhdr->h_source) &&
411 (tmp_neigh_node->if_incoming == if_incoming) &&
412 atomic_inc_not_zero(&tmp_neigh_node->refcount)) {
413 if (neigh_node)
414 neigh_node_free_ref(neigh_node);
415 neigh_node = tmp_neigh_node;
416 continue;
417 }
418
419 if (is_duplicate)
420 continue;
421
422 spin_lock_bh(&tmp_neigh_node->tq_lock);
423 ring_buffer_set(tmp_neigh_node->tq_recv,
424 &tmp_neigh_node->tq_index, 0);
425 tmp_neigh_node->tq_avg =
426 ring_buffer_avg(tmp_neigh_node->tq_recv);
427 spin_unlock_bh(&tmp_neigh_node->tq_lock);
428 }
429
430 if (!neigh_node) {
431 struct orig_node *orig_tmp;
432
433 orig_tmp = get_orig_node(bat_priv, ethhdr->h_source);
434 if (!orig_tmp)
435 goto unlock;
436
437 neigh_node = create_neighbor(orig_node, orig_tmp,
438 ethhdr->h_source, if_incoming);
439
440 orig_node_free_ref(orig_tmp);
441 if (!neigh_node)
442 goto unlock;
443 } else
444 bat_dbg(DBG_BATMAN, bat_priv,
445 "Updating existing last-hop neighbor of originator\n");
446
447 rcu_read_unlock();
448
449 orig_node->flags = batman_packet->flags;
450 neigh_node->last_valid = jiffies;
451
452 spin_lock_bh(&neigh_node->tq_lock);
453 ring_buffer_set(neigh_node->tq_recv,
454 &neigh_node->tq_index,
455 batman_packet->tq);
456 neigh_node->tq_avg = ring_buffer_avg(neigh_node->tq_recv);
457 spin_unlock_bh(&neigh_node->tq_lock);
458
459 if (!is_duplicate) {
460 orig_node->last_ttl = batman_packet->ttl;
461 neigh_node->last_ttl = batman_packet->ttl;
462 }
463
464 bonding_candidate_add(orig_node, neigh_node);
465
466 /* if this neighbor already is our next hop there is nothing
467 * to change */
468 router = orig_node_get_router(orig_node);
469 if (router == neigh_node)
470 goto update_tt;
471
472 /* if this neighbor does not offer a better TQ we won't consider it */
473 if (router && (router->tq_avg > neigh_node->tq_avg))
474 goto update_tt;
475
476 /* if the TQ is the same and the link not more symetric we
477 * won't consider it either */
478 if (router && (neigh_node->tq_avg == router->tq_avg)) {
479 orig_node_tmp = router->orig_node;
480 spin_lock_bh(&orig_node_tmp->ogm_cnt_lock);
481 bcast_own_sum_orig =
482 orig_node_tmp->bcast_own_sum[if_incoming->if_num];
483 spin_unlock_bh(&orig_node_tmp->ogm_cnt_lock);
484
485 orig_node_tmp = neigh_node->orig_node;
486 spin_lock_bh(&orig_node_tmp->ogm_cnt_lock);
487 bcast_own_sum_neigh =
488 orig_node_tmp->bcast_own_sum[if_incoming->if_num];
489 spin_unlock_bh(&orig_node_tmp->ogm_cnt_lock);
490
491 if (bcast_own_sum_orig >= bcast_own_sum_neigh)
492 goto update_tt;
493 }
494
495 update_routes(bat_priv, orig_node, neigh_node);
496
497update_tt:
498 /* I have to check for transtable changes only if the OGM has been
499 * sent through a primary interface */
500 if (((batman_packet->orig != ethhdr->h_source) &&
501 (batman_packet->ttl > 2)) ||
502 (batman_packet->flags & PRIMARIES_FIRST_HOP))
503 update_transtable(bat_priv, orig_node, tt_buff,
504 batman_packet->tt_num_changes,
505 batman_packet->ttvn,
506 batman_packet->tt_crc);
507
508 if (orig_node->gw_flags != batman_packet->gw_flags)
509 gw_node_update(bat_priv, orig_node, batman_packet->gw_flags);
510
511 orig_node->gw_flags = batman_packet->gw_flags;
512
513 /* restart gateway selection if fast or late switching was enabled */
514 if ((orig_node->gw_flags) &&
515 (atomic_read(&bat_priv->gw_mode) == GW_MODE_CLIENT) &&
516 (atomic_read(&bat_priv->gw_sel_class) > 2))
517 gw_check_election(bat_priv, orig_node);
518
519 goto out;
520
521unlock:
522 rcu_read_unlock();
523out:
524 if (neigh_node)
525 neigh_node_free_ref(neigh_node);
526 if (router)
527 neigh_node_free_ref(router);
528}
529
530/* checks whether the host restarted and is in the protection time. 225/* checks whether the host restarted and is in the protection time.
531 * returns: 226 * returns:
532 * 0 if the packet is to be accepted 227 * 0 if the packet is to be accepted
533 * 1 if the packet is to be ignored. 228 * 1 if the packet is to be ignored.
534 */ 229 */
535static int window_protected(struct bat_priv *bat_priv, 230int window_protected(struct bat_priv *bat_priv, int32_t seq_num_diff,
536 int32_t seq_num_diff, 231 unsigned long *last_reset)
537 unsigned long *last_reset)
538{ 232{
539 if ((seq_num_diff <= -TQ_LOCAL_WINDOW_SIZE) 233 if ((seq_num_diff <= -TQ_LOCAL_WINDOW_SIZE)
540 || (seq_num_diff >= EXPECTED_SEQNO_RANGE)) { 234 || (seq_num_diff >= EXPECTED_SEQNO_RANGE)) {
@@ -552,330 +246,12 @@ static int window_protected(struct bat_priv *bat_priv,
552 return 0; 246 return 0;
553} 247}
554 248
555/* processes a batman packet for all interfaces, adjusts the sequence number and 249int recv_bat_ogm_packet(struct sk_buff *skb, struct hard_iface *hard_iface)
556 * finds out whether it is a duplicate.
557 * returns:
558 * 1 the packet is a duplicate
559 * 0 the packet has not yet been received
560 * -1 the packet is old and has been received while the seqno window
561 * was protected. Caller should drop it.
562 */
563static int count_real_packets(const struct ethhdr *ethhdr,
564 const struct batman_packet *batman_packet,
565 const struct hard_iface *if_incoming)
566{
567 struct bat_priv *bat_priv = netdev_priv(if_incoming->soft_iface);
568 struct orig_node *orig_node;
569 struct neigh_node *tmp_neigh_node;
570 struct hlist_node *node;
571 int is_duplicate = 0;
572 int32_t seq_diff;
573 int need_update = 0;
574 int set_mark, ret = -1;
575
576 orig_node = get_orig_node(bat_priv, batman_packet->orig);
577 if (!orig_node)
578 return 0;
579
580 spin_lock_bh(&orig_node->ogm_cnt_lock);
581 seq_diff = batman_packet->seqno - orig_node->last_real_seqno;
582
583 /* signalize caller that the packet is to be dropped. */
584 if (window_protected(bat_priv, seq_diff,
585 &orig_node->batman_seqno_reset))
586 goto out;
587
588 rcu_read_lock();
589 hlist_for_each_entry_rcu(tmp_neigh_node, node,
590 &orig_node->neigh_list, list) {
591
592 is_duplicate |= get_bit_status(tmp_neigh_node->real_bits,
593 orig_node->last_real_seqno,
594 batman_packet->seqno);
595
596 if (compare_eth(tmp_neigh_node->addr, ethhdr->h_source) &&
597 (tmp_neigh_node->if_incoming == if_incoming))
598 set_mark = 1;
599 else
600 set_mark = 0;
601
602 /* if the window moved, set the update flag. */
603 need_update |= bit_get_packet(bat_priv,
604 tmp_neigh_node->real_bits,
605 seq_diff, set_mark);
606
607 tmp_neigh_node->real_packet_count =
608 bit_packet_count(tmp_neigh_node->real_bits);
609 }
610 rcu_read_unlock();
611
612 if (need_update) {
613 bat_dbg(DBG_BATMAN, bat_priv,
614 "updating last_seqno: old %d, new %d\n",
615 orig_node->last_real_seqno, batman_packet->seqno);
616 orig_node->last_real_seqno = batman_packet->seqno;
617 }
618
619 ret = is_duplicate;
620
621out:
622 spin_unlock_bh(&orig_node->ogm_cnt_lock);
623 orig_node_free_ref(orig_node);
624 return ret;
625}
626
627void receive_bat_packet(const struct ethhdr *ethhdr,
628 struct batman_packet *batman_packet,
629 const unsigned char *tt_buff,
630 struct hard_iface *if_incoming)
631{
632 struct bat_priv *bat_priv = netdev_priv(if_incoming->soft_iface);
633 struct hard_iface *hard_iface;
634 struct orig_node *orig_neigh_node, *orig_node;
635 struct neigh_node *router = NULL, *router_router = NULL;
636 struct neigh_node *orig_neigh_router = NULL;
637 int has_directlink_flag;
638 int is_my_addr = 0, is_my_orig = 0, is_my_oldorig = 0;
639 int is_broadcast = 0, is_bidirectional, is_single_hop_neigh;
640 int is_duplicate;
641 uint32_t if_incoming_seqno;
642
643 /* Silently drop when the batman packet is actually not a
644 * correct packet.
645 *
646 * This might happen if a packet is padded (e.g. Ethernet has a
647 * minimum frame length of 64 byte) and the aggregation interprets
648 * it as an additional length.
649 *
650 * TODO: A more sane solution would be to have a bit in the
651 * batman_packet to detect whether the packet is the last
652 * packet in an aggregation. Here we expect that the padding
653 * is always zero (or not 0x01)
654 */
655 if (batman_packet->packet_type != BAT_PACKET)
656 return;
657
658 /* could be changed by schedule_own_packet() */
659 if_incoming_seqno = atomic_read(&if_incoming->seqno);
660
661 has_directlink_flag = (batman_packet->flags & DIRECTLINK ? 1 : 0);
662
663 is_single_hop_neigh = (compare_eth(ethhdr->h_source,
664 batman_packet->orig) ? 1 : 0);
665
666 bat_dbg(DBG_BATMAN, bat_priv,
667 "Received BATMAN packet via NB: %pM, IF: %s [%pM] "
668 "(from OG: %pM, via prev OG: %pM, seqno %d, ttvn %u, "
669 "crc %u, changes %u, td %d, TTL %d, V %d, IDF %d)\n",
670 ethhdr->h_source, if_incoming->net_dev->name,
671 if_incoming->net_dev->dev_addr, batman_packet->orig,
672 batman_packet->prev_sender, batman_packet->seqno,
673 batman_packet->ttvn, batman_packet->tt_crc,
674 batman_packet->tt_num_changes, batman_packet->tq,
675 batman_packet->ttl, batman_packet->version,
676 has_directlink_flag);
677
678 rcu_read_lock();
679 list_for_each_entry_rcu(hard_iface, &hardif_list, list) {
680 if (hard_iface->if_status != IF_ACTIVE)
681 continue;
682
683 if (hard_iface->soft_iface != if_incoming->soft_iface)
684 continue;
685
686 if (compare_eth(ethhdr->h_source,
687 hard_iface->net_dev->dev_addr))
688 is_my_addr = 1;
689
690 if (compare_eth(batman_packet->orig,
691 hard_iface->net_dev->dev_addr))
692 is_my_orig = 1;
693
694 if (compare_eth(batman_packet->prev_sender,
695 hard_iface->net_dev->dev_addr))
696 is_my_oldorig = 1;
697
698 if (is_broadcast_ether_addr(ethhdr->h_source))
699 is_broadcast = 1;
700 }
701 rcu_read_unlock();
702
703 if (batman_packet->version != COMPAT_VERSION) {
704 bat_dbg(DBG_BATMAN, bat_priv,
705 "Drop packet: incompatible batman version (%i)\n",
706 batman_packet->version);
707 return;
708 }
709
710 if (is_my_addr) {
711 bat_dbg(DBG_BATMAN, bat_priv,
712 "Drop packet: received my own broadcast (sender: %pM"
713 ")\n",
714 ethhdr->h_source);
715 return;
716 }
717
718 if (is_broadcast) {
719 bat_dbg(DBG_BATMAN, bat_priv, "Drop packet: "
720 "ignoring all packets with broadcast source addr (sender: %pM"
721 ")\n", ethhdr->h_source);
722 return;
723 }
724
725 if (is_my_orig) {
726 unsigned long *word;
727 int offset;
728
729 orig_neigh_node = get_orig_node(bat_priv, ethhdr->h_source);
730 if (!orig_neigh_node)
731 return;
732
733 /* neighbor has to indicate direct link and it has to
734 * come via the corresponding interface */
735 /* save packet seqno for bidirectional check */
736 if (has_directlink_flag &&
737 compare_eth(if_incoming->net_dev->dev_addr,
738 batman_packet->orig)) {
739 offset = if_incoming->if_num * NUM_WORDS;
740
741 spin_lock_bh(&orig_neigh_node->ogm_cnt_lock);
742 word = &(orig_neigh_node->bcast_own[offset]);
743 bit_mark(word,
744 if_incoming_seqno - batman_packet->seqno - 2);
745 orig_neigh_node->bcast_own_sum[if_incoming->if_num] =
746 bit_packet_count(word);
747 spin_unlock_bh(&orig_neigh_node->ogm_cnt_lock);
748 }
749
750 bat_dbg(DBG_BATMAN, bat_priv, "Drop packet: "
751 "originator packet from myself (via neighbor)\n");
752 orig_node_free_ref(orig_neigh_node);
753 return;
754 }
755
756 if (is_my_oldorig) {
757 bat_dbg(DBG_BATMAN, bat_priv,
758 "Drop packet: ignoring all rebroadcast echos (sender: "
759 "%pM)\n", ethhdr->h_source);
760 return;
761 }
762
763 orig_node = get_orig_node(bat_priv, batman_packet->orig);
764 if (!orig_node)
765 return;
766
767 is_duplicate = count_real_packets(ethhdr, batman_packet, if_incoming);
768
769 if (is_duplicate == -1) {
770 bat_dbg(DBG_BATMAN, bat_priv,
771 "Drop packet: packet within seqno protection time "
772 "(sender: %pM)\n", ethhdr->h_source);
773 goto out;
774 }
775
776 if (batman_packet->tq == 0) {
777 bat_dbg(DBG_BATMAN, bat_priv,
778 "Drop packet: originator packet with tq equal 0\n");
779 goto out;
780 }
781
782 router = orig_node_get_router(orig_node);
783 if (router)
784 router_router = orig_node_get_router(router->orig_node);
785
786 /* avoid temporary routing loops */
787 if (router && router_router &&
788 (compare_eth(router->addr, batman_packet->prev_sender)) &&
789 !(compare_eth(batman_packet->orig, batman_packet->prev_sender)) &&
790 (compare_eth(router->addr, router_router->addr))) {
791 bat_dbg(DBG_BATMAN, bat_priv,
792 "Drop packet: ignoring all rebroadcast packets that "
793 "may make me loop (sender: %pM)\n", ethhdr->h_source);
794 goto out;
795 }
796
797 /* if sender is a direct neighbor the sender mac equals
798 * originator mac */
799 orig_neigh_node = (is_single_hop_neigh ?
800 orig_node :
801 get_orig_node(bat_priv, ethhdr->h_source));
802 if (!orig_neigh_node)
803 goto out;
804
805 orig_neigh_router = orig_node_get_router(orig_neigh_node);
806
807 /* drop packet if sender is not a direct neighbor and if we
808 * don't route towards it */
809 if (!is_single_hop_neigh && (!orig_neigh_router)) {
810 bat_dbg(DBG_BATMAN, bat_priv,
811 "Drop packet: OGM via unknown neighbor!\n");
812 goto out_neigh;
813 }
814
815 is_bidirectional = is_bidirectional_neigh(orig_node, orig_neigh_node,
816 batman_packet, if_incoming);
817
818 bonding_save_primary(orig_node, orig_neigh_node, batman_packet);
819
820 /* update ranking if it is not a duplicate or has the same
821 * seqno and similar ttl as the non-duplicate */
822 if (is_bidirectional &&
823 (!is_duplicate ||
824 ((orig_node->last_real_seqno == batman_packet->seqno) &&
825 (orig_node->last_ttl - 3 <= batman_packet->ttl))))
826 update_orig(bat_priv, orig_node, ethhdr, batman_packet,
827 if_incoming, tt_buff, is_duplicate);
828
829 /* is single hop (direct) neighbor */
830 if (is_single_hop_neigh) {
831
832 /* mark direct link on incoming interface */
833 schedule_forward_packet(orig_node, ethhdr, batman_packet,
834 1, if_incoming);
835
836 bat_dbg(DBG_BATMAN, bat_priv, "Forwarding packet: "
837 "rebroadcast neighbor packet with direct link flag\n");
838 goto out_neigh;
839 }
840
841 /* multihop originator */
842 if (!is_bidirectional) {
843 bat_dbg(DBG_BATMAN, bat_priv,
844 "Drop packet: not received via bidirectional link\n");
845 goto out_neigh;
846 }
847
848 if (is_duplicate) {
849 bat_dbg(DBG_BATMAN, bat_priv,
850 "Drop packet: duplicate packet received\n");
851 goto out_neigh;
852 }
853
854 bat_dbg(DBG_BATMAN, bat_priv,
855 "Forwarding packet: rebroadcast originator packet\n");
856 schedule_forward_packet(orig_node, ethhdr, batman_packet,
857 0, if_incoming);
858
859out_neigh:
860 if ((orig_neigh_node) && (!is_single_hop_neigh))
861 orig_node_free_ref(orig_neigh_node);
862out:
863 if (router)
864 neigh_node_free_ref(router);
865 if (router_router)
866 neigh_node_free_ref(router_router);
867 if (orig_neigh_router)
868 neigh_node_free_ref(orig_neigh_router);
869
870 orig_node_free_ref(orig_node);
871}
872
873int recv_bat_packet(struct sk_buff *skb, struct hard_iface *hard_iface)
874{ 250{
875 struct ethhdr *ethhdr; 251 struct ethhdr *ethhdr;
876 252
877 /* drop packet if it has not necessary minimum size */ 253 /* drop packet if it has not necessary minimum size */
878 if (unlikely(!pskb_may_pull(skb, sizeof(struct batman_packet)))) 254 if (unlikely(!pskb_may_pull(skb, BATMAN_OGM_LEN)))
879 return NET_RX_DROP; 255 return NET_RX_DROP;
880 256
881 ethhdr = (struct ethhdr *)skb_mac_header(skb); 257 ethhdr = (struct ethhdr *)skb_mac_header(skb);
@@ -898,10 +274,7 @@ int recv_bat_packet(struct sk_buff *skb, struct hard_iface *hard_iface)
898 274
899 ethhdr = (struct ethhdr *)skb_mac_header(skb); 275 ethhdr = (struct ethhdr *)skb_mac_header(skb);
900 276
901 receive_aggr_bat_packet(ethhdr, 277 bat_ogm_receive(ethhdr, skb->data, skb_headlen(skb), hard_iface);
902 skb->data,
903 skb_headlen(skb),
904 hard_iface);
905 278
906 kfree_skb(skb); 279 kfree_skb(skb);
907 return NET_RX_SUCCESS; 280 return NET_RX_SUCCESS;
@@ -1243,7 +616,7 @@ int recv_tt_query(struct sk_buff *skb, struct hard_iface *recv_if)
1243 } 616 }
1244 break; 617 break;
1245 case TT_RESPONSE: 618 case TT_RESPONSE:
1246 /* packet needs to be linearised to access the TT changes */ 619 /* packet needs to be linearized to access the TT changes */
1247 if (skb_linearize(skb) < 0) 620 if (skb_linearize(skb) < 0)
1248 goto out; 621 goto out;
1249 622
@@ -1300,7 +673,7 @@ int recv_roam_adv(struct sk_buff *skb, struct hard_iface *recv_if)
1300 roam_adv_packet->client); 673 roam_adv_packet->client);
1301 674
1302 tt_global_add(bat_priv, orig_node, roam_adv_packet->client, 675 tt_global_add(bat_priv, orig_node, roam_adv_packet->client,
1303 atomic_read(&orig_node->last_ttvn) + 1, true); 676 atomic_read(&orig_node->last_ttvn) + 1, true, false);
1304 677
1305 /* Roaming phase starts: I have new information but the ttvn has not 678 /* Roaming phase starts: I have new information but the ttvn has not
1306 * been incremented yet. This flag will make me check all the incoming 679 * been incremented yet. This flag will make me check all the incoming
@@ -1536,7 +909,7 @@ static int check_unicast_ttvn(struct bat_priv *bat_priv,
1536 909
1537 ethhdr = (struct ethhdr *)(skb->data + 910 ethhdr = (struct ethhdr *)(skb->data +
1538 sizeof(struct unicast_packet)); 911 sizeof(struct unicast_packet));
1539 orig_node = transtable_search(bat_priv, ethhdr->h_dest); 912 orig_node = transtable_search(bat_priv, NULL, ethhdr->h_dest);
1540 913
1541 if (!orig_node) { 914 if (!orig_node) {
1542 if (!is_my_client(bat_priv, ethhdr->h_dest)) 915 if (!is_my_client(bat_priv, ethhdr->h_dest))
diff --git a/net/batman-adv/routing.h b/net/batman-adv/routing.h
index fb14e9579b19..7aaee0fb0fdc 100644
--- a/net/batman-adv/routing.h
+++ b/net/batman-adv/routing.h
@@ -23,19 +23,15 @@
23#define _NET_BATMAN_ADV_ROUTING_H_ 23#define _NET_BATMAN_ADV_ROUTING_H_
24 24
25void slide_own_bcast_window(struct hard_iface *hard_iface); 25void slide_own_bcast_window(struct hard_iface *hard_iface);
26void receive_bat_packet(const struct ethhdr *ethhdr, 26void update_route(struct bat_priv *bat_priv, struct orig_node *orig_node,
27 struct batman_packet *batman_packet, 27 struct neigh_node *neigh_node);
28 const unsigned char *tt_buff,
29 struct hard_iface *if_incoming);
30void update_routes(struct bat_priv *bat_priv, struct orig_node *orig_node,
31 struct neigh_node *neigh_node);
32int route_unicast_packet(struct sk_buff *skb, struct hard_iface *recv_if); 28int route_unicast_packet(struct sk_buff *skb, struct hard_iface *recv_if);
33int recv_icmp_packet(struct sk_buff *skb, struct hard_iface *recv_if); 29int recv_icmp_packet(struct sk_buff *skb, struct hard_iface *recv_if);
34int recv_unicast_packet(struct sk_buff *skb, struct hard_iface *recv_if); 30int recv_unicast_packet(struct sk_buff *skb, struct hard_iface *recv_if);
35int recv_ucast_frag_packet(struct sk_buff *skb, struct hard_iface *recv_if); 31int recv_ucast_frag_packet(struct sk_buff *skb, struct hard_iface *recv_if);
36int recv_bcast_packet(struct sk_buff *skb, struct hard_iface *recv_if); 32int recv_bcast_packet(struct sk_buff *skb, struct hard_iface *recv_if);
37int recv_vis_packet(struct sk_buff *skb, struct hard_iface *recv_if); 33int recv_vis_packet(struct sk_buff *skb, struct hard_iface *recv_if);
38int recv_bat_packet(struct sk_buff *skb, struct hard_iface *recv_if); 34int recv_bat_ogm_packet(struct sk_buff *skb, struct hard_iface *recv_if);
39int recv_tt_query(struct sk_buff *skb, struct hard_iface *recv_if); 35int recv_tt_query(struct sk_buff *skb, struct hard_iface *recv_if);
40int recv_roam_adv(struct sk_buff *skb, struct hard_iface *recv_if); 36int recv_roam_adv(struct sk_buff *skb, struct hard_iface *recv_if);
41struct neigh_node *find_router(struct bat_priv *bat_priv, 37struct neigh_node *find_router(struct bat_priv *bat_priv,
@@ -43,5 +39,12 @@ struct neigh_node *find_router(struct bat_priv *bat_priv,
43 const struct hard_iface *recv_if); 39 const struct hard_iface *recv_if);
44void bonding_candidate_del(struct orig_node *orig_node, 40void bonding_candidate_del(struct orig_node *orig_node,
45 struct neigh_node *neigh_node); 41 struct neigh_node *neigh_node);
42void bonding_candidate_add(struct orig_node *orig_node,
43 struct neigh_node *neigh_node);
44void bonding_save_primary(const struct orig_node *orig_node,
45 struct orig_node *orig_neigh_node,
46 const struct batman_ogm_packet *batman_ogm_packet);
47int window_protected(struct bat_priv *bat_priv, int32_t seq_num_diff,
48 unsigned long *last_reset);
46 49
47#endif /* _NET_BATMAN_ADV_ROUTING_H_ */ 50#endif /* _NET_BATMAN_ADV_ROUTING_H_ */
diff --git a/net/batman-adv/send.c b/net/batman-adv/send.c
index 58d14472068c..8a684eb738ad 100644
--- a/net/batman-adv/send.c
+++ b/net/batman-adv/send.c
@@ -26,33 +26,12 @@
26#include "soft-interface.h" 26#include "soft-interface.h"
27#include "hard-interface.h" 27#include "hard-interface.h"
28#include "vis.h" 28#include "vis.h"
29#include "aggregation.h"
30#include "gateway_common.h" 29#include "gateway_common.h"
31#include "originator.h" 30#include "originator.h"
31#include "bat_ogm.h"
32 32
33static void send_outstanding_bcast_packet(struct work_struct *work); 33static void send_outstanding_bcast_packet(struct work_struct *work);
34 34
35/* apply hop penalty for a normal link */
36static uint8_t hop_penalty(uint8_t tq, const struct bat_priv *bat_priv)
37{
38 int hop_penalty = atomic_read(&bat_priv->hop_penalty);
39 return (tq * (TQ_MAX_VALUE - hop_penalty)) / (TQ_MAX_VALUE);
40}
41
42/* when do we schedule our own packet to be sent */
43static unsigned long own_send_time(const struct bat_priv *bat_priv)
44{
45 return jiffies + msecs_to_jiffies(
46 atomic_read(&bat_priv->orig_interval) -
47 JITTER + (random32() % 2*JITTER));
48}
49
50/* when do we schedule a forwarded packet to be sent */
51static unsigned long forward_send_time(void)
52{
53 return jiffies + msecs_to_jiffies(random32() % (JITTER/2));
54}
55
56/* send out an already prepared packet to the given address via the 35/* send out an already prepared packet to the given address via the
57 * specified batman interface */ 36 * specified batman interface */
58int send_skb_packet(struct sk_buff *skb, struct hard_iface *hard_iface, 37int send_skb_packet(struct sk_buff *skb, struct hard_iface *hard_iface,
@@ -99,141 +78,17 @@ send_skb_err:
99 return NET_XMIT_DROP; 78 return NET_XMIT_DROP;
100} 79}
101 80
102/* Send a packet to a given interface */
103static void send_packet_to_if(struct forw_packet *forw_packet,
104 struct hard_iface *hard_iface)
105{
106 struct bat_priv *bat_priv = netdev_priv(hard_iface->soft_iface);
107 char *fwd_str;
108 uint8_t packet_num;
109 int16_t buff_pos;
110 struct batman_packet *batman_packet;
111 struct sk_buff *skb;
112
113 if (hard_iface->if_status != IF_ACTIVE)
114 return;
115
116 packet_num = 0;
117 buff_pos = 0;
118 batman_packet = (struct batman_packet *)forw_packet->skb->data;
119
120 /* adjust all flags and log packets */
121 while (aggregated_packet(buff_pos,
122 forw_packet->packet_len,
123 batman_packet->tt_num_changes)) {
124
125 /* we might have aggregated direct link packets with an
126 * ordinary base packet */
127 if ((forw_packet->direct_link_flags & (1 << packet_num)) &&
128 (forw_packet->if_incoming == hard_iface))
129 batman_packet->flags |= DIRECTLINK;
130 else
131 batman_packet->flags &= ~DIRECTLINK;
132
133 fwd_str = (packet_num > 0 ? "Forwarding" : (forw_packet->own ?
134 "Sending own" :
135 "Forwarding"));
136 bat_dbg(DBG_BATMAN, bat_priv,
137 "%s %spacket (originator %pM, seqno %d, TQ %d, TTL %d,"
138 " IDF %s, hvn %d) on interface %s [%pM]\n",
139 fwd_str, (packet_num > 0 ? "aggregated " : ""),
140 batman_packet->orig, ntohl(batman_packet->seqno),
141 batman_packet->tq, batman_packet->ttl,
142 (batman_packet->flags & DIRECTLINK ?
143 "on" : "off"),
144 batman_packet->ttvn, hard_iface->net_dev->name,
145 hard_iface->net_dev->dev_addr);
146
147 buff_pos += sizeof(*batman_packet) +
148 tt_len(batman_packet->tt_num_changes);
149 packet_num++;
150 batman_packet = (struct batman_packet *)
151 (forw_packet->skb->data + buff_pos);
152 }
153
154 /* create clone because function is called more than once */
155 skb = skb_clone(forw_packet->skb, GFP_ATOMIC);
156 if (skb)
157 send_skb_packet(skb, hard_iface, broadcast_addr);
158}
159
160/* send a batman packet */
161static void send_packet(struct forw_packet *forw_packet)
162{
163 struct hard_iface *hard_iface;
164 struct net_device *soft_iface;
165 struct bat_priv *bat_priv;
166 struct hard_iface *primary_if = NULL;
167 struct batman_packet *batman_packet =
168 (struct batman_packet *)(forw_packet->skb->data);
169 int directlink = (batman_packet->flags & DIRECTLINK ? 1 : 0);
170
171 if (!forw_packet->if_incoming) {
172 pr_err("Error - can't forward packet: incoming iface not "
173 "specified\n");
174 goto out;
175 }
176
177 soft_iface = forw_packet->if_incoming->soft_iface;
178 bat_priv = netdev_priv(soft_iface);
179
180 if (forw_packet->if_incoming->if_status != IF_ACTIVE)
181 goto out;
182
183 primary_if = primary_if_get_selected(bat_priv);
184 if (!primary_if)
185 goto out;
186
187 /* multihomed peer assumed */
188 /* non-primary OGMs are only broadcasted on their interface */
189 if ((directlink && (batman_packet->ttl == 1)) ||
190 (forw_packet->own && (forw_packet->if_incoming != primary_if))) {
191
192 /* FIXME: what about aggregated packets ? */
193 bat_dbg(DBG_BATMAN, bat_priv,
194 "%s packet (originator %pM, seqno %d, TTL %d) "
195 "on interface %s [%pM]\n",
196 (forw_packet->own ? "Sending own" : "Forwarding"),
197 batman_packet->orig, ntohl(batman_packet->seqno),
198 batman_packet->ttl,
199 forw_packet->if_incoming->net_dev->name,
200 forw_packet->if_incoming->net_dev->dev_addr);
201
202 /* skb is only used once and than forw_packet is free'd */
203 send_skb_packet(forw_packet->skb, forw_packet->if_incoming,
204 broadcast_addr);
205 forw_packet->skb = NULL;
206
207 goto out;
208 }
209
210 /* broadcast on every interface */
211 rcu_read_lock();
212 list_for_each_entry_rcu(hard_iface, &hardif_list, list) {
213 if (hard_iface->soft_iface != soft_iface)
214 continue;
215
216 send_packet_to_if(forw_packet, hard_iface);
217 }
218 rcu_read_unlock();
219
220out:
221 if (primary_if)
222 hardif_free_ref(primary_if);
223}
224
225static void realloc_packet_buffer(struct hard_iface *hard_iface, 81static void realloc_packet_buffer(struct hard_iface *hard_iface,
226 int new_len) 82 int new_len)
227{ 83{
228 unsigned char *new_buff; 84 unsigned char *new_buff;
229 struct batman_packet *batman_packet;
230 85
231 new_buff = kmalloc(new_len, GFP_ATOMIC); 86 new_buff = kmalloc(new_len, GFP_ATOMIC);
232 87
233 /* keep old buffer if kmalloc should fail */ 88 /* keep old buffer if kmalloc should fail */
234 if (new_buff) { 89 if (new_buff) {
235 memcpy(new_buff, hard_iface->packet_buff, 90 memcpy(new_buff, hard_iface->packet_buff,
236 sizeof(*batman_packet)); 91 BATMAN_OGM_LEN);
237 92
238 kfree(hard_iface->packet_buff); 93 kfree(hard_iface->packet_buff);
239 hard_iface->packet_buff = new_buff; 94 hard_iface->packet_buff = new_buff;
@@ -242,60 +97,48 @@ static void realloc_packet_buffer(struct hard_iface *hard_iface,
242} 97}
243 98
244/* when calling this function (hard_iface == primary_if) has to be true */ 99/* when calling this function (hard_iface == primary_if) has to be true */
245static void prepare_packet_buffer(struct bat_priv *bat_priv, 100static int prepare_packet_buffer(struct bat_priv *bat_priv,
246 struct hard_iface *hard_iface) 101 struct hard_iface *hard_iface)
247{ 102{
248 int new_len; 103 int new_len;
249 struct batman_packet *batman_packet;
250 104
251 new_len = BAT_PACKET_LEN + 105 new_len = BATMAN_OGM_LEN +
252 tt_len((uint8_t)atomic_read(&bat_priv->tt_local_changes)); 106 tt_len((uint8_t)atomic_read(&bat_priv->tt_local_changes));
253 107
254 /* if we have too many changes for one packet don't send any 108 /* if we have too many changes for one packet don't send any
255 * and wait for the tt table request which will be fragmented */ 109 * and wait for the tt table request which will be fragmented */
256 if (new_len > hard_iface->soft_iface->mtu) 110 if (new_len > hard_iface->soft_iface->mtu)
257 new_len = BAT_PACKET_LEN; 111 new_len = BATMAN_OGM_LEN;
258 112
259 realloc_packet_buffer(hard_iface, new_len); 113 realloc_packet_buffer(hard_iface, new_len);
260 batman_packet = (struct batman_packet *)hard_iface->packet_buff;
261 114
262 atomic_set(&bat_priv->tt_crc, tt_local_crc(bat_priv)); 115 atomic_set(&bat_priv->tt_crc, tt_local_crc(bat_priv));
263 116
264 /* reset the sending counter */ 117 /* reset the sending counter */
265 atomic_set(&bat_priv->tt_ogm_append_cnt, TT_OGM_APPEND_MAX); 118 atomic_set(&bat_priv->tt_ogm_append_cnt, TT_OGM_APPEND_MAX);
266 119
267 batman_packet->tt_num_changes = tt_changes_fill_buffer(bat_priv, 120 return tt_changes_fill_buffer(bat_priv,
268 hard_iface->packet_buff + BAT_PACKET_LEN, 121 hard_iface->packet_buff + BATMAN_OGM_LEN,
269 hard_iface->packet_len - BAT_PACKET_LEN); 122 hard_iface->packet_len - BATMAN_OGM_LEN);
270
271} 123}
272 124
273static void reset_packet_buffer(struct bat_priv *bat_priv, 125static int reset_packet_buffer(struct bat_priv *bat_priv,
274 struct hard_iface *hard_iface) 126 struct hard_iface *hard_iface)
275{ 127{
276 struct batman_packet *batman_packet; 128 realloc_packet_buffer(hard_iface, BATMAN_OGM_LEN);
277 129 return 0;
278 realloc_packet_buffer(hard_iface, BAT_PACKET_LEN);
279
280 batman_packet = (struct batman_packet *)hard_iface->packet_buff;
281 batman_packet->tt_num_changes = 0;
282} 130}
283 131
284void schedule_own_packet(struct hard_iface *hard_iface) 132void schedule_bat_ogm(struct hard_iface *hard_iface)
285{ 133{
286 struct bat_priv *bat_priv = netdev_priv(hard_iface->soft_iface); 134 struct bat_priv *bat_priv = netdev_priv(hard_iface->soft_iface);
287 struct hard_iface *primary_if; 135 struct hard_iface *primary_if;
288 unsigned long send_time; 136 int tt_num_changes = -1;
289 struct batman_packet *batman_packet;
290 int vis_server;
291 137
292 if ((hard_iface->if_status == IF_NOT_IN_USE) || 138 if ((hard_iface->if_status == IF_NOT_IN_USE) ||
293 (hard_iface->if_status == IF_TO_BE_REMOVED)) 139 (hard_iface->if_status == IF_TO_BE_REMOVED))
294 return; 140 return;
295 141
296 vis_server = atomic_read(&bat_priv->vis_mode);
297 primary_if = primary_if_get_selected(bat_priv);
298
299 /** 142 /**
300 * the interface gets activated here to avoid race conditions between 143 * the interface gets activated here to avoid race conditions between
301 * the moment of activating the interface in 144 * the moment of activating the interface in
@@ -306,124 +149,26 @@ void schedule_own_packet(struct hard_iface *hard_iface)
306 if (hard_iface->if_status == IF_TO_BE_ACTIVATED) 149 if (hard_iface->if_status == IF_TO_BE_ACTIVATED)
307 hard_iface->if_status = IF_ACTIVE; 150 hard_iface->if_status = IF_ACTIVE;
308 151
152 primary_if = primary_if_get_selected(bat_priv);
153
309 if (hard_iface == primary_if) { 154 if (hard_iface == primary_if) {
310 /* if at least one change happened */ 155 /* if at least one change happened */
311 if (atomic_read(&bat_priv->tt_local_changes) > 0) { 156 if (atomic_read(&bat_priv->tt_local_changes) > 0) {
312 tt_commit_changes(bat_priv); 157 tt_commit_changes(bat_priv);
313 prepare_packet_buffer(bat_priv, hard_iface); 158 tt_num_changes = prepare_packet_buffer(bat_priv,
159 hard_iface);
314 } 160 }
315 161
316 /* if the changes have been sent enough times */ 162 /* if the changes have been sent often enough */
317 if (!atomic_dec_not_zero(&bat_priv->tt_ogm_append_cnt)) 163 if (!atomic_dec_not_zero(&bat_priv->tt_ogm_append_cnt))
318 reset_packet_buffer(bat_priv, hard_iface); 164 tt_num_changes = reset_packet_buffer(bat_priv,
165 hard_iface);
319 } 166 }
320 167
321 /**
322 * NOTE: packet_buff might just have been re-allocated in
323 * prepare_packet_buffer() or in reset_packet_buffer()
324 */
325 batman_packet = (struct batman_packet *)hard_iface->packet_buff;
326
327 /* change sequence number to network order */
328 batman_packet->seqno =
329 htonl((uint32_t)atomic_read(&hard_iface->seqno));
330
331 batman_packet->ttvn = atomic_read(&bat_priv->ttvn);
332 batman_packet->tt_crc = htons((uint16_t)atomic_read(&bat_priv->tt_crc));
333
334 if (vis_server == VIS_TYPE_SERVER_SYNC)
335 batman_packet->flags |= VIS_SERVER;
336 else
337 batman_packet->flags &= ~VIS_SERVER;
338
339 if ((hard_iface == primary_if) &&
340 (atomic_read(&bat_priv->gw_mode) == GW_MODE_SERVER))
341 batman_packet->gw_flags =
342 (uint8_t)atomic_read(&bat_priv->gw_bandwidth);
343 else
344 batman_packet->gw_flags = NO_FLAGS;
345
346 atomic_inc(&hard_iface->seqno);
347
348 slide_own_bcast_window(hard_iface);
349 send_time = own_send_time(bat_priv);
350 add_bat_packet_to_list(bat_priv,
351 hard_iface->packet_buff,
352 hard_iface->packet_len,
353 hard_iface, 1, send_time);
354
355 if (primary_if) 168 if (primary_if)
356 hardif_free_ref(primary_if); 169 hardif_free_ref(primary_if);
357}
358
359void schedule_forward_packet(struct orig_node *orig_node,
360 const struct ethhdr *ethhdr,
361 struct batman_packet *batman_packet,
362 int directlink,
363 struct hard_iface *if_incoming)
364{
365 struct bat_priv *bat_priv = netdev_priv(if_incoming->soft_iface);
366 struct neigh_node *router;
367 uint8_t in_tq, in_ttl, tq_avg = 0;
368 unsigned long send_time;
369 uint8_t tt_num_changes;
370
371 if (batman_packet->ttl <= 1) {
372 bat_dbg(DBG_BATMAN, bat_priv, "ttl exceeded\n");
373 return;
374 }
375
376 router = orig_node_get_router(orig_node);
377
378 in_tq = batman_packet->tq;
379 in_ttl = batman_packet->ttl;
380 tt_num_changes = batman_packet->tt_num_changes;
381
382 batman_packet->ttl--;
383 memcpy(batman_packet->prev_sender, ethhdr->h_source, ETH_ALEN);
384
385 /* rebroadcast tq of our best ranking neighbor to ensure the rebroadcast
386 * of our best tq value */
387 if (router && router->tq_avg != 0) {
388
389 /* rebroadcast ogm of best ranking neighbor as is */
390 if (!compare_eth(router->addr, ethhdr->h_source)) {
391 batman_packet->tq = router->tq_avg;
392
393 if (router->last_ttl)
394 batman_packet->ttl = router->last_ttl - 1;
395 }
396
397 tq_avg = router->tq_avg;
398 }
399
400 if (router)
401 neigh_node_free_ref(router);
402
403 /* apply hop penalty */
404 batman_packet->tq = hop_penalty(batman_packet->tq, bat_priv);
405
406 bat_dbg(DBG_BATMAN, bat_priv,
407 "Forwarding packet: tq_orig: %i, tq_avg: %i, "
408 "tq_forw: %i, ttl_orig: %i, ttl_forw: %i\n",
409 in_tq, tq_avg, batman_packet->tq, in_ttl - 1,
410 batman_packet->ttl);
411
412 batman_packet->seqno = htonl(batman_packet->seqno);
413 batman_packet->tt_crc = htons(batman_packet->tt_crc);
414
415 /* switch of primaries first hop flag when forwarding */
416 batman_packet->flags &= ~PRIMARIES_FIRST_HOP;
417 if (directlink)
418 batman_packet->flags |= DIRECTLINK;
419 else
420 batman_packet->flags &= ~DIRECTLINK;
421 170
422 send_time = forward_send_time(); 171 bat_ogm_schedule(hard_iface, tt_num_changes);
423 add_bat_packet_to_list(bat_priv,
424 (unsigned char *)batman_packet,
425 sizeof(*batman_packet) + tt_len(tt_num_changes),
426 if_incoming, 0, send_time);
427} 172}
428 173
429static void forw_packet_free(struct forw_packet *forw_packet) 174static void forw_packet_free(struct forw_packet *forw_packet)
@@ -454,7 +199,7 @@ static void _add_bcast_packet_to_list(struct bat_priv *bat_priv,
454} 199}
455 200
456/* add a broadcast packet to the queue and setup timers. broadcast packets 201/* add a broadcast packet to the queue and setup timers. broadcast packets
457 * are sent multiple times to increase probability for beeing received. 202 * are sent multiple times to increase probability for being received.
458 * 203 *
459 * This function returns NETDEV_TX_OK on success and NETDEV_TX_BUSY on 204 * This function returns NETDEV_TX_OK on success and NETDEV_TX_BUSY on
460 * errors. 205 * errors.
@@ -557,7 +302,7 @@ out:
557 atomic_inc(&bat_priv->bcast_queue_left); 302 atomic_inc(&bat_priv->bcast_queue_left);
558} 303}
559 304
560void send_outstanding_bat_packet(struct work_struct *work) 305void send_outstanding_bat_ogm_packet(struct work_struct *work)
561{ 306{
562 struct delayed_work *delayed_work = 307 struct delayed_work *delayed_work =
563 container_of(work, struct delayed_work, work); 308 container_of(work, struct delayed_work, work);
@@ -573,7 +318,7 @@ void send_outstanding_bat_packet(struct work_struct *work)
573 if (atomic_read(&bat_priv->mesh_state) == MESH_DEACTIVATING) 318 if (atomic_read(&bat_priv->mesh_state) == MESH_DEACTIVATING)
574 goto out; 319 goto out;
575 320
576 send_packet(forw_packet); 321 bat_ogm_emit(forw_packet);
577 322
578 /** 323 /**
579 * we have to have at least one packet in the queue 324 * we have to have at least one packet in the queue
@@ -581,7 +326,7 @@ void send_outstanding_bat_packet(struct work_struct *work)
581 * shutting down 326 * shutting down
582 */ 327 */
583 if (forw_packet->own) 328 if (forw_packet->own)
584 schedule_own_packet(forw_packet->if_incoming); 329 schedule_bat_ogm(forw_packet->if_incoming);
585 330
586out: 331out:
587 /* don't count own packet */ 332 /* don't count own packet */
@@ -612,7 +357,7 @@ void purge_outstanding_packets(struct bat_priv *bat_priv,
612 &bat_priv->forw_bcast_list, list) { 357 &bat_priv->forw_bcast_list, list) {
613 358
614 /** 359 /**
615 * if purge_outstanding_packets() was called with an argmument 360 * if purge_outstanding_packets() was called with an argument
616 * we delete only packets belonging to the given interface 361 * we delete only packets belonging to the given interface
617 */ 362 */
618 if ((hard_iface) && 363 if ((hard_iface) &&
@@ -641,7 +386,7 @@ void purge_outstanding_packets(struct bat_priv *bat_priv,
641 &bat_priv->forw_bat_list, list) { 386 &bat_priv->forw_bat_list, list) {
642 387
643 /** 388 /**
644 * if purge_outstanding_packets() was called with an argmument 389 * if purge_outstanding_packets() was called with an argument
645 * we delete only packets belonging to the given interface 390 * we delete only packets belonging to the given interface
646 */ 391 */
647 if ((hard_iface) && 392 if ((hard_iface) &&
diff --git a/net/batman-adv/send.h b/net/batman-adv/send.h
index 1f2d1e877663..c8ca3ef7385b 100644
--- a/net/batman-adv/send.h
+++ b/net/batman-adv/send.h
@@ -24,15 +24,10 @@
24 24
25int send_skb_packet(struct sk_buff *skb, struct hard_iface *hard_iface, 25int send_skb_packet(struct sk_buff *skb, struct hard_iface *hard_iface,
26 const uint8_t *dst_addr); 26 const uint8_t *dst_addr);
27void schedule_own_packet(struct hard_iface *hard_iface); 27void schedule_bat_ogm(struct hard_iface *hard_iface);
28void schedule_forward_packet(struct orig_node *orig_node,
29 const struct ethhdr *ethhdr,
30 struct batman_packet *batman_packet,
31 int directlink,
32 struct hard_iface *if_outgoing);
33int add_bcast_packet_to_list(struct bat_priv *bat_priv, 28int add_bcast_packet_to_list(struct bat_priv *bat_priv,
34 const struct sk_buff *skb, unsigned long delay); 29 const struct sk_buff *skb, unsigned long delay);
35void send_outstanding_bat_packet(struct work_struct *work); 30void send_outstanding_bat_ogm_packet(struct work_struct *work);
36void purge_outstanding_packets(struct bat_priv *bat_priv, 31void purge_outstanding_packets(struct bat_priv *bat_priv,
37 const struct hard_iface *hard_iface); 32 const struct hard_iface *hard_iface);
38 33
diff --git a/net/batman-adv/soft-interface.c b/net/batman-adv/soft-interface.c
index 3e2f91ffa4e2..f9cc95728989 100644
--- a/net/batman-adv/soft-interface.c
+++ b/net/batman-adv/soft-interface.c
@@ -445,30 +445,31 @@ static void softif_batman_recv(struct sk_buff *skb, struct net_device *dev,
445{ 445{
446 struct bat_priv *bat_priv = netdev_priv(dev); 446 struct bat_priv *bat_priv = netdev_priv(dev);
447 struct ethhdr *ethhdr = (struct ethhdr *)skb->data; 447 struct ethhdr *ethhdr = (struct ethhdr *)skb->data;
448 struct batman_packet *batman_packet; 448 struct batman_ogm_packet *batman_ogm_packet;
449 struct softif_neigh *softif_neigh = NULL; 449 struct softif_neigh *softif_neigh = NULL;
450 struct hard_iface *primary_if = NULL; 450 struct hard_iface *primary_if = NULL;
451 struct softif_neigh *curr_softif_neigh = NULL; 451 struct softif_neigh *curr_softif_neigh = NULL;
452 452
453 if (ntohs(ethhdr->h_proto) == ETH_P_8021Q) 453 if (ntohs(ethhdr->h_proto) == ETH_P_8021Q)
454 batman_packet = (struct batman_packet *) 454 batman_ogm_packet = (struct batman_ogm_packet *)
455 (skb->data + ETH_HLEN + VLAN_HLEN); 455 (skb->data + ETH_HLEN + VLAN_HLEN);
456 else 456 else
457 batman_packet = (struct batman_packet *)(skb->data + ETH_HLEN); 457 batman_ogm_packet = (struct batman_ogm_packet *)
458 (skb->data + ETH_HLEN);
458 459
459 if (batman_packet->version != COMPAT_VERSION) 460 if (batman_ogm_packet->version != COMPAT_VERSION)
460 goto out; 461 goto out;
461 462
462 if (batman_packet->packet_type != BAT_PACKET) 463 if (batman_ogm_packet->packet_type != BAT_OGM)
463 goto out; 464 goto out;
464 465
465 if (!(batman_packet->flags & PRIMARIES_FIRST_HOP)) 466 if (!(batman_ogm_packet->flags & PRIMARIES_FIRST_HOP))
466 goto out; 467 goto out;
467 468
468 if (is_my_mac(batman_packet->orig)) 469 if (is_my_mac(batman_ogm_packet->orig))
469 goto out; 470 goto out;
470 471
471 softif_neigh = softif_neigh_get(bat_priv, batman_packet->orig, vid); 472 softif_neigh = softif_neigh_get(bat_priv, batman_ogm_packet->orig, vid);
472 if (!softif_neigh) 473 if (!softif_neigh)
473 goto out; 474 goto out;
474 475
@@ -532,11 +533,11 @@ static int interface_set_mac_addr(struct net_device *dev, void *p)
532 if (!is_valid_ether_addr(addr->sa_data)) 533 if (!is_valid_ether_addr(addr->sa_data))
533 return -EADDRNOTAVAIL; 534 return -EADDRNOTAVAIL;
534 535
535 /* only modify transtable if it has been initialised before */ 536 /* only modify transtable if it has been initialized before */
536 if (atomic_read(&bat_priv->mesh_state) == MESH_ACTIVE) { 537 if (atomic_read(&bat_priv->mesh_state) == MESH_ACTIVE) {
537 tt_local_remove(bat_priv, dev->dev_addr, 538 tt_local_remove(bat_priv, dev->dev_addr,
538 "mac address changed", false); 539 "mac address changed", false);
539 tt_local_add(dev, addr->sa_data); 540 tt_local_add(dev, addr->sa_data, NULL_IFINDEX);
540 } 541 }
541 542
542 memcpy(dev->dev_addr, addr->sa_data, ETH_ALEN); 543 memcpy(dev->dev_addr, addr->sa_data, ETH_ALEN);
@@ -565,7 +566,7 @@ static int interface_tx(struct sk_buff *skb, struct net_device *soft_iface)
565 struct orig_node *orig_node = NULL; 566 struct orig_node *orig_node = NULL;
566 int data_len = skb->len, ret; 567 int data_len = skb->len, ret;
567 short vid = -1; 568 short vid = -1;
568 bool do_bcast = false; 569 bool do_bcast;
569 570
570 if (atomic_read(&bat_priv->mesh_state) != MESH_ACTIVE) 571 if (atomic_read(&bat_priv->mesh_state) != MESH_ACTIVE)
571 goto dropped; 572 goto dropped;
@@ -595,18 +596,19 @@ static int interface_tx(struct sk_buff *skb, struct net_device *soft_iface)
595 goto dropped; 596 goto dropped;
596 597
597 /* Register the client MAC in the transtable */ 598 /* Register the client MAC in the transtable */
598 tt_local_add(soft_iface, ethhdr->h_source); 599 tt_local_add(soft_iface, ethhdr->h_source, skb->skb_iif);
599 600
600 orig_node = transtable_search(bat_priv, ethhdr->h_dest); 601 orig_node = transtable_search(bat_priv, ethhdr->h_source,
601 if (is_multicast_ether_addr(ethhdr->h_dest) || 602 ethhdr->h_dest);
602 (orig_node && orig_node->gw_flags)) { 603 do_bcast = is_multicast_ether_addr(ethhdr->h_dest);
604 if (do_bcast || (orig_node && orig_node->gw_flags)) {
603 ret = gw_is_target(bat_priv, skb, orig_node); 605 ret = gw_is_target(bat_priv, skb, orig_node);
604 606
605 if (ret < 0) 607 if (ret < 0)
606 goto dropped; 608 goto dropped;
607 609
608 if (ret == 0) 610 if (ret)
609 do_bcast = true; 611 do_bcast = false;
610 } 612 }
611 613
612 /* ethernet packet should be broadcasted */ 614 /* ethernet packet should be broadcasted */
@@ -739,6 +741,9 @@ void interface_rx(struct net_device *soft_iface,
739 741
740 soft_iface->last_rx = jiffies; 742 soft_iface->last_rx = jiffies;
741 743
744 if (is_ap_isolated(bat_priv, ethhdr->h_source, ethhdr->h_dest))
745 goto dropped;
746
742 netif_rx(skb); 747 netif_rx(skb);
743 goto out; 748 goto out;
744 749
@@ -796,10 +801,8 @@ struct net_device *softif_create(const char *name)
796 801
797 soft_iface = alloc_netdev(sizeof(*bat_priv), name, interface_setup); 802 soft_iface = alloc_netdev(sizeof(*bat_priv), name, interface_setup);
798 803
799 if (!soft_iface) { 804 if (!soft_iface)
800 pr_err("Unable to allocate the batman interface: %s\n", name);
801 goto out; 805 goto out;
802 }
803 806
804 ret = register_netdevice(soft_iface); 807 ret = register_netdevice(soft_iface);
805 if (ret < 0) { 808 if (ret < 0) {
@@ -812,6 +815,7 @@ struct net_device *softif_create(const char *name)
812 815
813 atomic_set(&bat_priv->aggregated_ogms, 1); 816 atomic_set(&bat_priv->aggregated_ogms, 1);
814 atomic_set(&bat_priv->bonding, 0); 817 atomic_set(&bat_priv->bonding, 0);
818 atomic_set(&bat_priv->ap_isolation, 0);
815 atomic_set(&bat_priv->vis_mode, VIS_TYPE_CLIENT_UPDATE); 819 atomic_set(&bat_priv->vis_mode, VIS_TYPE_CLIENT_UPDATE);
816 atomic_set(&bat_priv->gw_mode, GW_MODE_OFF); 820 atomic_set(&bat_priv->gw_mode, GW_MODE_OFF);
817 atomic_set(&bat_priv->gw_sel_class, 20); 821 atomic_set(&bat_priv->gw_sel_class, 20);
diff --git a/net/batman-adv/translation-table.c b/net/batman-adv/translation-table.c
index fb6931d00cd7..c7aafc7c5ed4 100644
--- a/net/batman-adv/translation-table.c
+++ b/net/batman-adv/translation-table.c
@@ -137,10 +137,22 @@ static void tt_local_entry_free_ref(struct tt_local_entry *tt_local_entry)
137 kfree_rcu(tt_local_entry, rcu); 137 kfree_rcu(tt_local_entry, rcu);
138} 138}
139 139
140static void tt_global_entry_free_rcu(struct rcu_head *rcu)
141{
142 struct tt_global_entry *tt_global_entry;
143
144 tt_global_entry = container_of(rcu, struct tt_global_entry, rcu);
145
146 if (tt_global_entry->orig_node)
147 orig_node_free_ref(tt_global_entry->orig_node);
148
149 kfree(tt_global_entry);
150}
151
140static void tt_global_entry_free_ref(struct tt_global_entry *tt_global_entry) 152static void tt_global_entry_free_ref(struct tt_global_entry *tt_global_entry)
141{ 153{
142 if (atomic_dec_and_test(&tt_global_entry->refcount)) 154 if (atomic_dec_and_test(&tt_global_entry->refcount))
143 kfree_rcu(tt_global_entry, rcu); 155 call_rcu(&tt_global_entry->rcu, tt_global_entry_free_rcu);
144} 156}
145 157
146static void tt_local_event(struct bat_priv *bat_priv, const uint8_t *addr, 158static void tt_local_event(struct bat_priv *bat_priv, const uint8_t *addr,
@@ -183,7 +195,8 @@ static int tt_local_init(struct bat_priv *bat_priv)
183 return 1; 195 return 1;
184} 196}
185 197
186void tt_local_add(struct net_device *soft_iface, const uint8_t *addr) 198void tt_local_add(struct net_device *soft_iface, const uint8_t *addr,
199 int ifindex)
187{ 200{
188 struct bat_priv *bat_priv = netdev_priv(soft_iface); 201 struct bat_priv *bat_priv = netdev_priv(soft_iface);
189 struct tt_local_entry *tt_local_entry = NULL; 202 struct tt_local_entry *tt_local_entry = NULL;
@@ -207,6 +220,8 @@ void tt_local_add(struct net_device *soft_iface, const uint8_t *addr)
207 memcpy(tt_local_entry->addr, addr, ETH_ALEN); 220 memcpy(tt_local_entry->addr, addr, ETH_ALEN);
208 tt_local_entry->last_seen = jiffies; 221 tt_local_entry->last_seen = jiffies;
209 tt_local_entry->flags = NO_FLAGS; 222 tt_local_entry->flags = NO_FLAGS;
223 if (is_wifi_iface(ifindex))
224 tt_local_entry->flags |= TT_CLIENT_WIFI;
210 atomic_set(&tt_local_entry->refcount, 2); 225 atomic_set(&tt_local_entry->refcount, 2);
211 226
212 /* the batman interface mac address should never be purged */ 227 /* the batman interface mac address should never be purged */
@@ -329,7 +344,7 @@ int tt_local_seq_print_text(struct seq_file *seq, void *offset)
329 344
330 rcu_read_lock(); 345 rcu_read_lock();
331 __hlist_for_each_rcu(node, head) 346 __hlist_for_each_rcu(node, head)
332 buf_size += 21; 347 buf_size += 29;
333 rcu_read_unlock(); 348 rcu_read_unlock();
334 } 349 }
335 350
@@ -348,8 +363,19 @@ int tt_local_seq_print_text(struct seq_file *seq, void *offset)
348 rcu_read_lock(); 363 rcu_read_lock();
349 hlist_for_each_entry_rcu(tt_local_entry, node, 364 hlist_for_each_entry_rcu(tt_local_entry, node,
350 head, hash_entry) { 365 head, hash_entry) {
351 pos += snprintf(buff + pos, 22, " * %pM\n", 366 pos += snprintf(buff + pos, 30, " * %pM "
352 tt_local_entry->addr); 367 "[%c%c%c%c%c]\n",
368 tt_local_entry->addr,
369 (tt_local_entry->flags &
370 TT_CLIENT_ROAM ? 'R' : '.'),
371 (tt_local_entry->flags &
372 TT_CLIENT_NOPURGE ? 'P' : '.'),
373 (tt_local_entry->flags &
374 TT_CLIENT_NEW ? 'N' : '.'),
375 (tt_local_entry->flags &
376 TT_CLIENT_PENDING ? 'X' : '.'),
377 (tt_local_entry->flags &
378 TT_CLIENT_WIFI ? 'W' : '.'));
353 } 379 }
354 rcu_read_unlock(); 380 rcu_read_unlock();
355 } 381 }
@@ -369,8 +395,8 @@ static void tt_local_set_pending(struct bat_priv *bat_priv,
369 tt_local_event(bat_priv, tt_local_entry->addr, 395 tt_local_event(bat_priv, tt_local_entry->addr,
370 tt_local_entry->flags | flags); 396 tt_local_entry->flags | flags);
371 397
372 /* The local client has to be merked as "pending to be removed" but has 398 /* The local client has to be marked as "pending to be removed" but has
373 * to be kept in the table in order to send it in an full tables 399 * to be kept in the table in order to send it in a full table
374 * response issued before the net ttvn increment (consistency check) */ 400 * response issued before the net ttvn increment (consistency check) */
375 tt_local_entry->flags |= TT_CLIENT_PENDING; 401 tt_local_entry->flags |= TT_CLIENT_PENDING;
376} 402}
@@ -495,7 +521,8 @@ static void tt_changes_list_free(struct bat_priv *bat_priv)
495 521
496/* caller must hold orig_node refcount */ 522/* caller must hold orig_node refcount */
497int tt_global_add(struct bat_priv *bat_priv, struct orig_node *orig_node, 523int tt_global_add(struct bat_priv *bat_priv, struct orig_node *orig_node,
498 const unsigned char *tt_addr, uint8_t ttvn, bool roaming) 524 const unsigned char *tt_addr, uint8_t ttvn, bool roaming,
525 bool wifi)
499{ 526{
500 struct tt_global_entry *tt_global_entry; 527 struct tt_global_entry *tt_global_entry;
501 struct orig_node *orig_node_tmp; 528 struct orig_node *orig_node_tmp;
@@ -537,6 +564,9 @@ int tt_global_add(struct bat_priv *bat_priv, struct orig_node *orig_node,
537 tt_global_entry->roam_at = 0; 564 tt_global_entry->roam_at = 0;
538 } 565 }
539 566
567 if (wifi)
568 tt_global_entry->flags |= TT_CLIENT_WIFI;
569
540 bat_dbg(DBG_TT, bat_priv, 570 bat_dbg(DBG_TT, bat_priv,
541 "Creating new global tt entry: %pM (via %pM)\n", 571 "Creating new global tt entry: %pM (via %pM)\n",
542 tt_global_entry->addr, orig_node->orig); 572 tt_global_entry->addr, orig_node->orig);
@@ -582,8 +612,8 @@ int tt_global_seq_print_text(struct seq_file *seq, void *offset)
582 seq_printf(seq, 612 seq_printf(seq,
583 "Globally announced TT entries received via the mesh %s\n", 613 "Globally announced TT entries received via the mesh %s\n",
584 net_dev->name); 614 net_dev->name);
585 seq_printf(seq, " %-13s %s %-15s %s\n", 615 seq_printf(seq, " %-13s %s %-15s %s %s\n",
586 "Client", "(TTVN)", "Originator", "(Curr TTVN)"); 616 "Client", "(TTVN)", "Originator", "(Curr TTVN)", "Flags");
587 617
588 buf_size = 1; 618 buf_size = 1;
589 /* Estimate length for: " * xx:xx:xx:xx:xx:xx (ttvn) via 619 /* Estimate length for: " * xx:xx:xx:xx:xx:xx (ttvn) via
@@ -593,7 +623,7 @@ int tt_global_seq_print_text(struct seq_file *seq, void *offset)
593 623
594 rcu_read_lock(); 624 rcu_read_lock();
595 __hlist_for_each_rcu(node, head) 625 __hlist_for_each_rcu(node, head)
596 buf_size += 59; 626 buf_size += 67;
597 rcu_read_unlock(); 627 rcu_read_unlock();
598 } 628 }
599 629
@@ -612,14 +642,20 @@ int tt_global_seq_print_text(struct seq_file *seq, void *offset)
612 rcu_read_lock(); 642 rcu_read_lock();
613 hlist_for_each_entry_rcu(tt_global_entry, node, 643 hlist_for_each_entry_rcu(tt_global_entry, node,
614 head, hash_entry) { 644 head, hash_entry) {
615 pos += snprintf(buff + pos, 61, 645 pos += snprintf(buff + pos, 69,
616 " * %pM (%3u) via %pM (%3u)\n", 646 " * %pM (%3u) via %pM (%3u) "
617 tt_global_entry->addr, 647 "[%c%c%c]\n", tt_global_entry->addr,
618 tt_global_entry->ttvn, 648 tt_global_entry->ttvn,
619 tt_global_entry->orig_node->orig, 649 tt_global_entry->orig_node->orig,
620 (uint8_t) atomic_read( 650 (uint8_t) atomic_read(
621 &tt_global_entry->orig_node-> 651 &tt_global_entry->orig_node->
622 last_ttvn)); 652 last_ttvn),
653 (tt_global_entry->flags &
654 TT_CLIENT_ROAM ? 'R' : '.'),
655 (tt_global_entry->flags &
656 TT_CLIENT_PENDING ? 'X' : '.'),
657 (tt_global_entry->flags &
658 TT_CLIENT_WIFI ? 'W' : '.'));
623 } 659 }
624 rcu_read_unlock(); 660 rcu_read_unlock();
625 } 661 }
@@ -686,6 +722,9 @@ void tt_global_del_orig(struct bat_priv *bat_priv,
686 struct hlist_head *head; 722 struct hlist_head *head;
687 spinlock_t *list_lock; /* protects write access to the hash lists */ 723 spinlock_t *list_lock; /* protects write access to the hash lists */
688 724
725 if (!hash)
726 return;
727
689 for (i = 0; i < hash->size; i++) { 728 for (i = 0; i < hash->size; i++) {
690 head = &hash->table[i]; 729 head = &hash->table[i];
691 list_lock = &hash->list_locks[i]; 730 list_lock = &hash->list_locks[i];
@@ -774,30 +813,56 @@ static void tt_global_table_free(struct bat_priv *bat_priv)
774 bat_priv->tt_global_hash = NULL; 813 bat_priv->tt_global_hash = NULL;
775} 814}
776 815
816static bool _is_ap_isolated(struct tt_local_entry *tt_local_entry,
817 struct tt_global_entry *tt_global_entry)
818{
819 bool ret = false;
820
821 if (tt_local_entry->flags & TT_CLIENT_WIFI &&
822 tt_global_entry->flags & TT_CLIENT_WIFI)
823 ret = true;
824
825 return ret;
826}
827
777struct orig_node *transtable_search(struct bat_priv *bat_priv, 828struct orig_node *transtable_search(struct bat_priv *bat_priv,
778 const uint8_t *addr) 829 const uint8_t *src, const uint8_t *addr)
779{ 830{
780 struct tt_global_entry *tt_global_entry; 831 struct tt_local_entry *tt_local_entry = NULL;
832 struct tt_global_entry *tt_global_entry = NULL;
781 struct orig_node *orig_node = NULL; 833 struct orig_node *orig_node = NULL;
782 834
783 tt_global_entry = tt_global_hash_find(bat_priv, addr); 835 if (src && atomic_read(&bat_priv->ap_isolation)) {
836 tt_local_entry = tt_local_hash_find(bat_priv, src);
837 if (!tt_local_entry)
838 goto out;
839 }
784 840
841 tt_global_entry = tt_global_hash_find(bat_priv, addr);
785 if (!tt_global_entry) 842 if (!tt_global_entry)
786 goto out; 843 goto out;
787 844
845 /* check whether the clients should not communicate due to AP
846 * isolation */
847 if (tt_local_entry && _is_ap_isolated(tt_local_entry, tt_global_entry))
848 goto out;
849
788 if (!atomic_inc_not_zero(&tt_global_entry->orig_node->refcount)) 850 if (!atomic_inc_not_zero(&tt_global_entry->orig_node->refcount))
789 goto free_tt; 851 goto out;
790 852
791 /* A global client marked as PENDING has already moved from that 853 /* A global client marked as PENDING has already moved from that
792 * originator */ 854 * originator */
793 if (tt_global_entry->flags & TT_CLIENT_PENDING) 855 if (tt_global_entry->flags & TT_CLIENT_PENDING)
794 goto free_tt; 856 goto out;
795 857
796 orig_node = tt_global_entry->orig_node; 858 orig_node = tt_global_entry->orig_node;
797 859
798free_tt:
799 tt_global_entry_free_ref(tt_global_entry);
800out: 860out:
861 if (tt_global_entry)
862 tt_global_entry_free_ref(tt_global_entry);
863 if (tt_local_entry)
864 tt_local_entry_free_ref(tt_local_entry);
865
801 return orig_node; 866 return orig_node;
802} 867}
803 868
@@ -999,7 +1064,6 @@ static struct sk_buff *tt_response_fill_table(uint16_t tt_len, uint8_t ttvn,
999 tt_response = (struct tt_query_packet *)skb_put(skb, 1064 tt_response = (struct tt_query_packet *)skb_put(skb,
1000 tt_query_size + tt_len); 1065 tt_query_size + tt_len);
1001 tt_response->ttvn = ttvn; 1066 tt_response->ttvn = ttvn;
1002 tt_response->tt_data = htons(tt_tot);
1003 1067
1004 tt_change = (struct tt_change *)(skb->data + tt_query_size); 1068 tt_change = (struct tt_change *)(skb->data + tt_query_size);
1005 tt_count = 0; 1069 tt_count = 0;
@@ -1025,12 +1089,17 @@ static struct sk_buff *tt_response_fill_table(uint16_t tt_len, uint8_t ttvn,
1025 } 1089 }
1026 rcu_read_unlock(); 1090 rcu_read_unlock();
1027 1091
1092 /* store in the message the number of entries we have successfully
1093 * copied */
1094 tt_response->tt_data = htons(tt_count);
1095
1028out: 1096out:
1029 return skb; 1097 return skb;
1030} 1098}
1031 1099
1032int send_tt_request(struct bat_priv *bat_priv, struct orig_node *dst_orig_node, 1100static int send_tt_request(struct bat_priv *bat_priv,
1033 uint8_t ttvn, uint16_t tt_crc, bool full_table) 1101 struct orig_node *dst_orig_node,
1102 uint8_t ttvn, uint16_t tt_crc, bool full_table)
1034{ 1103{
1035 struct sk_buff *skb = NULL; 1104 struct sk_buff *skb = NULL;
1036 struct tt_query_packet *tt_request; 1105 struct tt_query_packet *tt_request;
@@ -1137,12 +1206,12 @@ static bool send_other_tt_response(struct bat_priv *bat_priv,
1137 orig_ttvn = (uint8_t)atomic_read(&req_dst_orig_node->last_ttvn); 1206 orig_ttvn = (uint8_t)atomic_read(&req_dst_orig_node->last_ttvn);
1138 req_ttvn = tt_request->ttvn; 1207 req_ttvn = tt_request->ttvn;
1139 1208
1140 /* I have not the requested data */ 1209 /* I don't have the requested data */
1141 if (orig_ttvn != req_ttvn || 1210 if (orig_ttvn != req_ttvn ||
1142 tt_request->tt_data != req_dst_orig_node->tt_crc) 1211 tt_request->tt_data != req_dst_orig_node->tt_crc)
1143 goto out; 1212 goto out;
1144 1213
1145 /* If it has explicitly been requested the full table */ 1214 /* If the full table has been explicitly requested */
1146 if (tt_request->flags & TT_FULL_TABLE || 1215 if (tt_request->flags & TT_FULL_TABLE ||
1147 !req_dst_orig_node->tt_buff) 1216 !req_dst_orig_node->tt_buff)
1148 full_table = true; 1217 full_table = true;
@@ -1363,7 +1432,9 @@ static void _tt_update_changes(struct bat_priv *bat_priv,
1363 (tt_change + i)->flags & TT_CLIENT_ROAM); 1432 (tt_change + i)->flags & TT_CLIENT_ROAM);
1364 else 1433 else
1365 if (!tt_global_add(bat_priv, orig_node, 1434 if (!tt_global_add(bat_priv, orig_node,
1366 (tt_change + i)->addr, ttvn, false)) 1435 (tt_change + i)->addr, ttvn, false,
1436 (tt_change + i)->flags &
1437 TT_CLIENT_WIFI))
1367 /* In case of problem while storing a 1438 /* In case of problem while storing a
1368 * global_entry, we stop the updating 1439 * global_entry, we stop the updating
1369 * procedure without committing the 1440 * procedure without committing the
@@ -1403,9 +1474,10 @@ out:
1403 orig_node_free_ref(orig_node); 1474 orig_node_free_ref(orig_node);
1404} 1475}
1405 1476
1406void tt_update_changes(struct bat_priv *bat_priv, struct orig_node *orig_node, 1477static void tt_update_changes(struct bat_priv *bat_priv,
1407 uint16_t tt_num_changes, uint8_t ttvn, 1478 struct orig_node *orig_node,
1408 struct tt_change *tt_change) 1479 uint16_t tt_num_changes, uint8_t ttvn,
1480 struct tt_change *tt_change)
1409{ 1481{
1410 _tt_update_changes(bat_priv, orig_node, tt_change, tt_num_changes, 1482 _tt_update_changes(bat_priv, orig_node, tt_change, tt_num_changes,
1411 ttvn); 1483 ttvn);
@@ -1668,6 +1740,8 @@ static void tt_local_reset_flags(struct bat_priv *bat_priv, uint16_t flags)
1668 rcu_read_lock(); 1740 rcu_read_lock();
1669 hlist_for_each_entry_rcu(tt_local_entry, node, 1741 hlist_for_each_entry_rcu(tt_local_entry, node,
1670 head, hash_entry) { 1742 head, hash_entry) {
1743 if (!(tt_local_entry->flags & flags))
1744 continue;
1671 tt_local_entry->flags &= ~flags; 1745 tt_local_entry->flags &= ~flags;
1672 atomic_inc(&bat_priv->num_local_tt); 1746 atomic_inc(&bat_priv->num_local_tt);
1673 } 1747 }
@@ -1720,3 +1794,90 @@ void tt_commit_changes(struct bat_priv *bat_priv)
1720 atomic_inc(&bat_priv->ttvn); 1794 atomic_inc(&bat_priv->ttvn);
1721 bat_priv->tt_poss_change = false; 1795 bat_priv->tt_poss_change = false;
1722} 1796}
1797
1798bool is_ap_isolated(struct bat_priv *bat_priv, uint8_t *src, uint8_t *dst)
1799{
1800 struct tt_local_entry *tt_local_entry = NULL;
1801 struct tt_global_entry *tt_global_entry = NULL;
1802 bool ret = true;
1803
1804 if (!atomic_read(&bat_priv->ap_isolation))
1805 return false;
1806
1807 tt_local_entry = tt_local_hash_find(bat_priv, dst);
1808 if (!tt_local_entry)
1809 goto out;
1810
1811 tt_global_entry = tt_global_hash_find(bat_priv, src);
1812 if (!tt_global_entry)
1813 goto out;
1814
1815 if (_is_ap_isolated(tt_local_entry, tt_global_entry))
1816 goto out;
1817
1818 ret = false;
1819
1820out:
1821 if (tt_global_entry)
1822 tt_global_entry_free_ref(tt_global_entry);
1823 if (tt_local_entry)
1824 tt_local_entry_free_ref(tt_local_entry);
1825 return ret;
1826}
1827
1828void tt_update_orig(struct bat_priv *bat_priv, struct orig_node *orig_node,
1829 const unsigned char *tt_buff, uint8_t tt_num_changes,
1830 uint8_t ttvn, uint16_t tt_crc)
1831{
1832 uint8_t orig_ttvn = (uint8_t)atomic_read(&orig_node->last_ttvn);
1833 bool full_table = true;
1834
1835 /* the ttvn increased by one -> we can apply the attached changes */
1836 if (ttvn - orig_ttvn == 1) {
1837 /* the OGM could not contain the changes due to their size or
1838 * because they have already been sent TT_OGM_APPEND_MAX times.
1839 * In this case send a tt request */
1840 if (!tt_num_changes) {
1841 full_table = false;
1842 goto request_table;
1843 }
1844
1845 tt_update_changes(bat_priv, orig_node, tt_num_changes, ttvn,
1846 (struct tt_change *)tt_buff);
1847
1848 /* Even if we received the precomputed crc with the OGM, we
1849 * prefer to recompute it to spot any possible inconsistency
1850 * in the global table */
1851 orig_node->tt_crc = tt_global_crc(bat_priv, orig_node);
1852
1853 /* The ttvn alone is not enough to guarantee consistency
1854 * because a single value could represent different states
1855 * (due to the wrap around). Thus a node has to check whether
1856 * the resulting table (after applying the changes) is still
1857 * consistent or not. E.g. a node could disconnect while its
1858 * ttvn is X and reconnect on ttvn = X + TTVN_MAX: in this case
1859 * checking the CRC value is mandatory to detect the
1860 * inconsistency */
1861 if (orig_node->tt_crc != tt_crc)
1862 goto request_table;
1863
1864 /* Roaming phase is over: tables are in sync again. I can
1865 * unset the flag */
1866 orig_node->tt_poss_change = false;
1867 } else {
1868 /* if we missed more than one change or our tables are not
1869 * in sync anymore -> request fresh tt data */
1870 if (ttvn != orig_ttvn || orig_node->tt_crc != tt_crc) {
1871request_table:
1872 bat_dbg(DBG_TT, bat_priv, "TT inconsistency for %pM. "
1873 "Need to retrieve the correct information "
1874 "(ttvn: %u last_ttvn: %u crc: %u last_crc: "
1875 "%u num_changes: %u)\n", orig_node->orig, ttvn,
1876 orig_ttvn, tt_crc, orig_node->tt_crc,
1877 tt_num_changes);
1878 send_tt_request(bat_priv, orig_node, ttvn, tt_crc,
1879 full_table);
1880 return;
1881 }
1882 }
1883}
diff --git a/net/batman-adv/translation-table.h b/net/batman-adv/translation-table.h
index d4122cba53b8..30efd49881a3 100644
--- a/net/batman-adv/translation-table.h
+++ b/net/batman-adv/translation-table.h
@@ -26,15 +26,16 @@ int tt_len(int changes_num);
26int tt_changes_fill_buffer(struct bat_priv *bat_priv, 26int tt_changes_fill_buffer(struct bat_priv *bat_priv,
27 unsigned char *buff, int buff_len); 27 unsigned char *buff, int buff_len);
28int tt_init(struct bat_priv *bat_priv); 28int tt_init(struct bat_priv *bat_priv);
29void tt_local_add(struct net_device *soft_iface, const uint8_t *addr); 29void tt_local_add(struct net_device *soft_iface, const uint8_t *addr,
30 int ifindex);
30void tt_local_remove(struct bat_priv *bat_priv, 31void tt_local_remove(struct bat_priv *bat_priv,
31 const uint8_t *addr, const char *message, bool roaming); 32 const uint8_t *addr, const char *message, bool roaming);
32int tt_local_seq_print_text(struct seq_file *seq, void *offset); 33int tt_local_seq_print_text(struct seq_file *seq, void *offset);
33void tt_global_add_orig(struct bat_priv *bat_priv, struct orig_node *orig_node, 34void tt_global_add_orig(struct bat_priv *bat_priv, struct orig_node *orig_node,
34 const unsigned char *tt_buff, int tt_buff_len); 35 const unsigned char *tt_buff, int tt_buff_len);
35int tt_global_add(struct bat_priv *bat_priv, 36int tt_global_add(struct bat_priv *bat_priv, struct orig_node *orig_node,
36 struct orig_node *orig_node, const unsigned char *addr, 37 const unsigned char *addr, uint8_t ttvn, bool roaming,
37 uint8_t ttvn, bool roaming); 38 bool wifi);
38int tt_global_seq_print_text(struct seq_file *seq, void *offset); 39int tt_global_seq_print_text(struct seq_file *seq, void *offset);
39void tt_global_del_orig(struct bat_priv *bat_priv, 40void tt_global_del_orig(struct bat_priv *bat_priv,
40 struct orig_node *orig_node, const char *message); 41 struct orig_node *orig_node, const char *message);
@@ -42,25 +43,23 @@ void tt_global_del(struct bat_priv *bat_priv,
42 struct orig_node *orig_node, const unsigned char *addr, 43 struct orig_node *orig_node, const unsigned char *addr,
43 const char *message, bool roaming); 44 const char *message, bool roaming);
44struct orig_node *transtable_search(struct bat_priv *bat_priv, 45struct orig_node *transtable_search(struct bat_priv *bat_priv,
45 const uint8_t *addr); 46 const uint8_t *src, const uint8_t *addr);
46void tt_save_orig_buffer(struct bat_priv *bat_priv, struct orig_node *orig_node, 47void tt_save_orig_buffer(struct bat_priv *bat_priv, struct orig_node *orig_node,
47 const unsigned char *tt_buff, uint8_t tt_num_changes); 48 const unsigned char *tt_buff, uint8_t tt_num_changes);
48uint16_t tt_local_crc(struct bat_priv *bat_priv); 49uint16_t tt_local_crc(struct bat_priv *bat_priv);
49uint16_t tt_global_crc(struct bat_priv *bat_priv, struct orig_node *orig_node); 50uint16_t tt_global_crc(struct bat_priv *bat_priv, struct orig_node *orig_node);
50void tt_free(struct bat_priv *bat_priv); 51void tt_free(struct bat_priv *bat_priv);
51int send_tt_request(struct bat_priv *bat_priv,
52 struct orig_node *dst_orig_node, uint8_t hvn,
53 uint16_t tt_crc, bool full_table);
54bool send_tt_response(struct bat_priv *bat_priv, 52bool send_tt_response(struct bat_priv *bat_priv,
55 struct tt_query_packet *tt_request); 53 struct tt_query_packet *tt_request);
56void tt_update_changes(struct bat_priv *bat_priv, struct orig_node *orig_node,
57 uint16_t tt_num_changes, uint8_t ttvn,
58 struct tt_change *tt_change);
59bool is_my_client(struct bat_priv *bat_priv, const uint8_t *addr); 54bool is_my_client(struct bat_priv *bat_priv, const uint8_t *addr);
60void handle_tt_response(struct bat_priv *bat_priv, 55void handle_tt_response(struct bat_priv *bat_priv,
61 struct tt_query_packet *tt_response); 56 struct tt_query_packet *tt_response);
62void send_roam_adv(struct bat_priv *bat_priv, uint8_t *client, 57void send_roam_adv(struct bat_priv *bat_priv, uint8_t *client,
63 struct orig_node *orig_node); 58 struct orig_node *orig_node);
64void tt_commit_changes(struct bat_priv *bat_priv); 59void tt_commit_changes(struct bat_priv *bat_priv);
60bool is_ap_isolated(struct bat_priv *bat_priv, uint8_t *src, uint8_t *dst);
61void tt_update_orig(struct bat_priv *bat_priv, struct orig_node *orig_node,
62 const unsigned char *tt_buff, uint8_t tt_num_changes,
63 uint8_t ttvn, uint16_t tt_crc);
65 64
66#endif /* _NET_BATMAN_ADV_TRANSLATION_TABLE_H_ */ 65#endif /* _NET_BATMAN_ADV_TRANSLATION_TABLE_H_ */
diff --git a/net/batman-adv/types.h b/net/batman-adv/types.h
index 25bd1db35370..ab8d0fe6df5a 100644
--- a/net/batman-adv/types.h
+++ b/net/batman-adv/types.h
@@ -57,7 +57,7 @@ struct hard_iface {
57 * @batman_seqno_reset: time when the batman seqno window was reset 57 * @batman_seqno_reset: time when the batman seqno window was reset
58 * @gw_flags: flags related to gateway class 58 * @gw_flags: flags related to gateway class
59 * @flags: for now only VIS_SERVER flag 59 * @flags: for now only VIS_SERVER flag
60 * @last_real_seqno: last and best known squence number 60 * @last_real_seqno: last and best known sequence number
61 * @last_ttl: ttl of last received packet 61 * @last_ttl: ttl of last received packet
62 * @last_bcast_seqno: last broadcast sequence number received by this host 62 * @last_bcast_seqno: last broadcast sequence number received by this host
63 * 63 *
@@ -146,6 +146,7 @@ struct bat_priv {
146 atomic_t aggregated_ogms; /* boolean */ 146 atomic_t aggregated_ogms; /* boolean */
147 atomic_t bonding; /* boolean */ 147 atomic_t bonding; /* boolean */
148 atomic_t fragmentation; /* boolean */ 148 atomic_t fragmentation; /* boolean */
149 atomic_t ap_isolation; /* boolean */
149 atomic_t vis_mode; /* VIS_TYPE_* */ 150 atomic_t vis_mode; /* VIS_TYPE_* */
150 atomic_t gw_mode; /* GW_MODE_* */ 151 atomic_t gw_mode; /* GW_MODE_* */
151 atomic_t gw_sel_class; /* uint */ 152 atomic_t gw_sel_class; /* uint */
@@ -156,7 +157,7 @@ struct bat_priv {
156 atomic_t bcast_seqno; 157 atomic_t bcast_seqno;
157 atomic_t bcast_queue_left; 158 atomic_t bcast_queue_left;
158 atomic_t batman_queue_left; 159 atomic_t batman_queue_left;
159 atomic_t ttvn; /* tranlation table version number */ 160 atomic_t ttvn; /* translation table version number */
160 atomic_t tt_ogm_append_cnt; 161 atomic_t tt_ogm_append_cnt;
161 atomic_t tt_local_changes; /* changes registered in a OGM interval */ 162 atomic_t tt_local_changes; /* changes registered in a OGM interval */
162 /* The tt_poss_change flag is used to detect an ongoing roaming phase. 163 /* The tt_poss_change flag is used to detect an ongoing roaming phase.
@@ -223,22 +224,22 @@ struct socket_packet {
223 224
224struct tt_local_entry { 225struct tt_local_entry {
225 uint8_t addr[ETH_ALEN]; 226 uint8_t addr[ETH_ALEN];
227 struct hlist_node hash_entry;
226 unsigned long last_seen; 228 unsigned long last_seen;
227 uint16_t flags; 229 uint16_t flags;
228 atomic_t refcount; 230 atomic_t refcount;
229 struct rcu_head rcu; 231 struct rcu_head rcu;
230 struct hlist_node hash_entry;
231}; 232};
232 233
233struct tt_global_entry { 234struct tt_global_entry {
234 uint8_t addr[ETH_ALEN]; 235 uint8_t addr[ETH_ALEN];
236 struct hlist_node hash_entry; /* entry in the global table */
235 struct orig_node *orig_node; 237 struct orig_node *orig_node;
236 uint8_t ttvn; 238 uint8_t ttvn;
237 uint16_t flags; /* only TT_GLOBAL_ROAM is used */ 239 uint16_t flags; /* only TT_GLOBAL_ROAM is used */
238 unsigned long roam_at; /* time at which TT_GLOBAL_ROAM was set */ 240 unsigned long roam_at; /* time at which TT_GLOBAL_ROAM was set */
239 atomic_t refcount; 241 atomic_t refcount;
240 struct rcu_head rcu; 242 struct rcu_head rcu;
241 struct hlist_node hash_entry; /* entry in the global table */
242}; 243};
243 244
244struct tt_change_node { 245struct tt_change_node {
diff --git a/net/batman-adv/unicast.c b/net/batman-adv/unicast.c
index 32b125fb3d3b..07d1c1da89dd 100644
--- a/net/batman-adv/unicast.c
+++ b/net/batman-adv/unicast.c
@@ -299,8 +299,10 @@ int unicast_send_skb(struct sk_buff *skb, struct bat_priv *bat_priv)
299 goto find_router; 299 goto find_router;
300 } 300 }
301 301
302 /* check for tt host - increases orig_node refcount */ 302 /* check for tt host - increases orig_node refcount.
303 orig_node = transtable_search(bat_priv, ethhdr->h_dest); 303 * returns NULL in case of AP isolation */
304 orig_node = transtable_search(bat_priv, ethhdr->h_source,
305 ethhdr->h_dest);
304 306
305find_router: 307find_router:
306 /** 308 /**
diff --git a/net/batman-adv/unicast.h b/net/batman-adv/unicast.h
index 62f54b954625..8fd5535544b9 100644
--- a/net/batman-adv/unicast.h
+++ b/net/batman-adv/unicast.h
@@ -24,7 +24,7 @@
24 24
25#include "packet.h" 25#include "packet.h"
26 26
27#define FRAG_TIMEOUT 10000 /* purge frag list entrys after time in ms */ 27#define FRAG_TIMEOUT 10000 /* purge frag list entries after time in ms */
28#define FRAG_BUFFER_SIZE 6 /* number of list elements in buffer */ 28#define FRAG_BUFFER_SIZE 6 /* number of list elements in buffer */
29 29
30int frag_reassemble_skb(struct sk_buff *skb, struct bat_priv *bat_priv, 30int frag_reassemble_skb(struct sk_buff *skb, struct bat_priv *bat_priv,
diff --git a/net/batman-adv/vis.c b/net/batman-adv/vis.c
index 8a1b98589d76..f81a6b668b0c 100644
--- a/net/batman-adv/vis.c
+++ b/net/batman-adv/vis.c
@@ -131,7 +131,7 @@ static void vis_data_insert_interface(const uint8_t *interface,
131 return; 131 return;
132 } 132 }
133 133
134 /* its a new address, add it to the list */ 134 /* it's a new address, add it to the list */
135 entry = kmalloc(sizeof(*entry), GFP_ATOMIC); 135 entry = kmalloc(sizeof(*entry), GFP_ATOMIC);
136 if (!entry) 136 if (!entry)
137 return; 137 return;
@@ -465,7 +465,7 @@ static struct vis_info *add_packet(struct bat_priv *bat_priv,
465 /* try to add it */ 465 /* try to add it */
466 hash_added = hash_add(bat_priv->vis_hash, vis_info_cmp, vis_info_choose, 466 hash_added = hash_add(bat_priv->vis_hash, vis_info_cmp, vis_info_choose,
467 info, &info->hash_entry); 467 info, &info->hash_entry);
468 if (hash_added < 0) { 468 if (hash_added != 0) {
469 /* did not work (for some reason) */ 469 /* did not work (for some reason) */
470 kref_put(&info->refcount, free_info); 470 kref_put(&info->refcount, free_info);
471 info = NULL; 471 info = NULL;
@@ -887,10 +887,8 @@ int vis_init(struct bat_priv *bat_priv)
887 } 887 }
888 888
889 bat_priv->my_vis_info = kmalloc(MAX_VIS_PACKET_SIZE, GFP_ATOMIC); 889 bat_priv->my_vis_info = kmalloc(MAX_VIS_PACKET_SIZE, GFP_ATOMIC);
890 if (!bat_priv->my_vis_info) { 890 if (!bat_priv->my_vis_info)
891 pr_err("Can't initialize vis packet\n");
892 goto err; 891 goto err;
893 }
894 892
895 bat_priv->my_vis_info->skb_packet = dev_alloc_skb(sizeof(*packet) + 893 bat_priv->my_vis_info->skb_packet = dev_alloc_skb(sizeof(*packet) +
896 MAX_VIS_PACKET_SIZE + 894 MAX_VIS_PACKET_SIZE +
@@ -920,7 +918,7 @@ int vis_init(struct bat_priv *bat_priv)
920 hash_added = hash_add(bat_priv->vis_hash, vis_info_cmp, vis_info_choose, 918 hash_added = hash_add(bat_priv->vis_hash, vis_info_cmp, vis_info_choose,
921 bat_priv->my_vis_info, 919 bat_priv->my_vis_info,
922 &bat_priv->my_vis_info->hash_entry); 920 &bat_priv->my_vis_info->hash_entry);
923 if (hash_added < 0) { 921 if (hash_added != 0) {
924 pr_err("Can't add own vis packet into hash\n"); 922 pr_err("Can't add own vis packet into hash\n");
925 /* not in hash, need to remove it manually. */ 923 /* not in hash, need to remove it manually. */
926 kref_put(&bat_priv->my_vis_info->refcount, free_info); 924 kref_put(&bat_priv->my_vis_info->refcount, free_info);
diff --git a/net/bluetooth/bnep/netdev.c b/net/bluetooth/bnep/netdev.c
index d4f5dff7c955..bc4086480d97 100644
--- a/net/bluetooth/bnep/netdev.c
+++ b/net/bluetooth/bnep/netdev.c
@@ -217,7 +217,7 @@ static const struct net_device_ops bnep_netdev_ops = {
217 .ndo_stop = bnep_net_close, 217 .ndo_stop = bnep_net_close,
218 .ndo_start_xmit = bnep_net_xmit, 218 .ndo_start_xmit = bnep_net_xmit,
219 .ndo_validate_addr = eth_validate_addr, 219 .ndo_validate_addr = eth_validate_addr,
220 .ndo_set_multicast_list = bnep_net_set_mc_list, 220 .ndo_set_rx_mode = bnep_net_set_mc_list,
221 .ndo_set_mac_address = bnep_net_set_mac_addr, 221 .ndo_set_mac_address = bnep_net_set_mac_addr,
222 .ndo_tx_timeout = bnep_net_timeout, 222 .ndo_tx_timeout = bnep_net_timeout,
223 .ndo_change_mtu = eth_change_mtu, 223 .ndo_change_mtu = eth_change_mtu,
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index ac943676f78d..de0b93e45980 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -674,7 +674,7 @@ int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
674 goto encrypt; 674 goto encrypt;
675 675
676auth: 676auth:
677 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) 677 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend))
678 return 0; 678 return 0;
679 679
680 if (!hci_conn_auth(conn, sec_level, auth_type)) 680 if (!hci_conn_auth(conn, sec_level, auth_type))
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index f8506849b67e..e8a6837996cf 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -252,7 +252,7 @@ static void l2cap_chan_timeout(unsigned long arg)
252 252
253 if (sock_owned_by_user(sk)) { 253 if (sock_owned_by_user(sk)) {
254 /* sk is owned by user. Try again later */ 254 /* sk is owned by user. Try again later */
255 __set_chan_timer(chan, HZ / 5); 255 __set_chan_timer(chan, L2CAP_DISC_TIMEOUT);
256 bh_unlock_sock(sk); 256 bh_unlock_sock(sk);
257 chan_put(chan); 257 chan_put(chan);
258 return; 258 return;
@@ -2717,7 +2717,7 @@ static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hd
2717 if (sock_owned_by_user(sk)) { 2717 if (sock_owned_by_user(sk)) {
2718 l2cap_state_change(chan, BT_DISCONN); 2718 l2cap_state_change(chan, BT_DISCONN);
2719 __clear_chan_timer(chan); 2719 __clear_chan_timer(chan);
2720 __set_chan_timer(chan, HZ / 5); 2720 __set_chan_timer(chan, L2CAP_DISC_TIMEOUT);
2721 break; 2721 break;
2722 } 2722 }
2723 2723
@@ -2930,7 +2930,7 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2930 2930
2931 default: 2931 default:
2932 sk->sk_err = ECONNRESET; 2932 sk->sk_err = ECONNRESET;
2933 __set_chan_timer(chan, HZ * 5); 2933 __set_chan_timer(chan, L2CAP_DISC_REJ_TIMEOUT);
2934 l2cap_send_disconn_req(conn, chan, ECONNRESET); 2934 l2cap_send_disconn_req(conn, chan, ECONNRESET);
2935 goto done; 2935 goto done;
2936 } 2936 }
@@ -2987,7 +2987,7 @@ static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd
2987 if (sock_owned_by_user(sk)) { 2987 if (sock_owned_by_user(sk)) {
2988 l2cap_state_change(chan, BT_DISCONN); 2988 l2cap_state_change(chan, BT_DISCONN);
2989 __clear_chan_timer(chan); 2989 __clear_chan_timer(chan);
2990 __set_chan_timer(chan, HZ / 5); 2990 __set_chan_timer(chan, L2CAP_DISC_TIMEOUT);
2991 bh_unlock_sock(sk); 2991 bh_unlock_sock(sk);
2992 return 0; 2992 return 0;
2993 } 2993 }
@@ -3021,7 +3021,7 @@ static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd
3021 if (sock_owned_by_user(sk)) { 3021 if (sock_owned_by_user(sk)) {
3022 l2cap_state_change(chan,BT_DISCONN); 3022 l2cap_state_change(chan,BT_DISCONN);
3023 __clear_chan_timer(chan); 3023 __clear_chan_timer(chan);
3024 __set_chan_timer(chan, HZ / 5); 3024 __set_chan_timer(chan, L2CAP_DISC_TIMEOUT);
3025 bh_unlock_sock(sk); 3025 bh_unlock_sock(sk);
3026 return 0; 3026 return 0;
3027 } 3027 }
@@ -4460,7 +4460,7 @@ static inline void l2cap_check_encryption(struct l2cap_chan *chan, u8 encrypt)
4460 if (encrypt == 0x00) { 4460 if (encrypt == 0x00) {
4461 if (chan->sec_level == BT_SECURITY_MEDIUM) { 4461 if (chan->sec_level == BT_SECURITY_MEDIUM) {
4462 __clear_chan_timer(chan); 4462 __clear_chan_timer(chan);
4463 __set_chan_timer(chan, HZ * 5); 4463 __set_chan_timer(chan, L2CAP_ENC_TIMEOUT);
4464 } else if (chan->sec_level == BT_SECURITY_HIGH) 4464 } else if (chan->sec_level == BT_SECURITY_HIGH)
4465 l2cap_chan_close(chan, ECONNREFUSED); 4465 l2cap_chan_close(chan, ECONNREFUSED);
4466 } else { 4466 } else {
@@ -4528,7 +4528,7 @@ static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
4528 L2CAP_CONN_REQ, sizeof(req), &req); 4528 L2CAP_CONN_REQ, sizeof(req), &req);
4529 } else { 4529 } else {
4530 __clear_chan_timer(chan); 4530 __clear_chan_timer(chan);
4531 __set_chan_timer(chan, HZ / 10); 4531 __set_chan_timer(chan, L2CAP_DISC_TIMEOUT);
4532 } 4532 }
4533 } else if (chan->state == BT_CONNECT2) { 4533 } else if (chan->state == BT_CONNECT2) {
4534 struct l2cap_conn_rsp rsp; 4534 struct l2cap_conn_rsp rsp;
@@ -4548,7 +4548,7 @@ static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
4548 } 4548 }
4549 } else { 4549 } else {
4550 l2cap_state_change(chan, BT_DISCONN); 4550 l2cap_state_change(chan, BT_DISCONN);
4551 __set_chan_timer(chan, HZ / 10); 4551 __set_chan_timer(chan, L2CAP_DISC_TIMEOUT);
4552 res = L2CAP_CR_SEC_BLOCK; 4552 res = L2CAP_CR_SEC_BLOCK;
4553 stat = L2CAP_CS_NO_INFO; 4553 stat = L2CAP_CS_NO_INFO;
4554 } 4554 }
diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c
index 664762e89ecf..567b585d9805 100644
--- a/net/bluetooth/l2cap_sock.c
+++ b/net/bluetooth/l2cap_sock.c
@@ -26,6 +26,8 @@
26 26
27/* Bluetooth L2CAP sockets. */ 27/* Bluetooth L2CAP sockets. */
28 28
29#include <linux/security.h>
30
29#include <net/bluetooth/bluetooth.h> 31#include <net/bluetooth/bluetooth.h>
30#include <net/bluetooth/hci_core.h> 32#include <net/bluetooth/hci_core.h>
31#include <net/bluetooth/l2cap.h> 33#include <net/bluetooth/l2cap.h>
@@ -981,6 +983,8 @@ static void l2cap_sock_init(struct sock *sk, struct sock *parent)
981 chan->tx_win_max = pchan->tx_win_max; 983 chan->tx_win_max = pchan->tx_win_max;
982 chan->sec_level = pchan->sec_level; 984 chan->sec_level = pchan->sec_level;
983 chan->flags = pchan->flags; 985 chan->flags = pchan->flags;
986
987 security_sk_clone(parent, sk);
984 } else { 988 } else {
985 989
986 switch (sk->sk_type) { 990 switch (sk->sk_type) {
diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c
index 40988e2dc8ef..aea2bdd1510f 100644
--- a/net/bluetooth/rfcomm/sock.c
+++ b/net/bluetooth/rfcomm/sock.c
@@ -42,6 +42,7 @@
42#include <linux/device.h> 42#include <linux/device.h>
43#include <linux/debugfs.h> 43#include <linux/debugfs.h>
44#include <linux/seq_file.h> 44#include <linux/seq_file.h>
45#include <linux/security.h>
45#include <net/sock.h> 46#include <net/sock.h>
46 47
47#include <asm/system.h> 48#include <asm/system.h>
@@ -264,6 +265,8 @@ static void rfcomm_sock_init(struct sock *sk, struct sock *parent)
264 265
265 pi->sec_level = rfcomm_pi(parent)->sec_level; 266 pi->sec_level = rfcomm_pi(parent)->sec_level;
266 pi->role_switch = rfcomm_pi(parent)->role_switch; 267 pi->role_switch = rfcomm_pi(parent)->role_switch;
268
269 security_sk_clone(parent, sk);
267 } else { 270 } else {
268 pi->dlc->defer_setup = 0; 271 pi->dlc->defer_setup = 0;
269 272
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index 8270f05e3f1f..a324b009e34b 100644
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -41,6 +41,7 @@
41#include <linux/debugfs.h> 41#include <linux/debugfs.h>
42#include <linux/seq_file.h> 42#include <linux/seq_file.h>
43#include <linux/list.h> 43#include <linux/list.h>
44#include <linux/security.h>
44#include <net/sock.h> 45#include <net/sock.h>
45 46
46#include <asm/system.h> 47#include <asm/system.h>
@@ -403,8 +404,10 @@ static void sco_sock_init(struct sock *sk, struct sock *parent)
403{ 404{
404 BT_DBG("sk %p", sk); 405 BT_DBG("sk %p", sk);
405 406
406 if (parent) 407 if (parent) {
407 sk->sk_type = parent->sk_type; 408 sk->sk_type = parent->sk_type;
409 security_sk_clone(parent, sk);
410 }
408} 411}
409 412
410static struct proto sco_proto = { 413static struct proto sco_proto = {
diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c
index 32b8f9f7f79e..feb77ea7b58e 100644
--- a/net/bridge/br_device.c
+++ b/net/bridge/br_device.c
@@ -91,7 +91,6 @@ static int br_dev_open(struct net_device *dev)
91{ 91{
92 struct net_bridge *br = netdev_priv(dev); 92 struct net_bridge *br = netdev_priv(dev);
93 93
94 netif_carrier_off(dev);
95 netdev_update_features(dev); 94 netdev_update_features(dev);
96 netif_start_queue(dev); 95 netif_start_queue(dev);
97 br_stp_enable_bridge(br); 96 br_stp_enable_bridge(br);
@@ -108,8 +107,6 @@ static int br_dev_stop(struct net_device *dev)
108{ 107{
109 struct net_bridge *br = netdev_priv(dev); 108 struct net_bridge *br = netdev_priv(dev);
110 109
111 netif_carrier_off(dev);
112
113 br_stp_disable_bridge(br); 110 br_stp_disable_bridge(br);
114 br_multicast_stop(br); 111 br_multicast_stop(br);
115 112
@@ -304,7 +301,7 @@ static const struct net_device_ops br_netdev_ops = {
304 .ndo_start_xmit = br_dev_xmit, 301 .ndo_start_xmit = br_dev_xmit,
305 .ndo_get_stats64 = br_get_stats64, 302 .ndo_get_stats64 = br_get_stats64,
306 .ndo_set_mac_address = br_set_mac_address, 303 .ndo_set_mac_address = br_set_mac_address,
307 .ndo_set_multicast_list = br_dev_set_multicast_list, 304 .ndo_set_rx_mode = br_dev_set_multicast_list,
308 .ndo_change_mtu = br_change_mtu, 305 .ndo_change_mtu = br_change_mtu,
309 .ndo_do_ioctl = br_dev_ioctl, 306 .ndo_do_ioctl = br_dev_ioctl,
310#ifdef CONFIG_NET_POLL_CONTROLLER 307#ifdef CONFIG_NET_POLL_CONTROLLER
@@ -361,6 +358,8 @@ void br_dev_setup(struct net_device *dev)
361 memcpy(br->group_addr, br_group_address, ETH_ALEN); 358 memcpy(br->group_addr, br_group_address, ETH_ALEN);
362 359
363 br->stp_enabled = BR_NO_STP; 360 br->stp_enabled = BR_NO_STP;
361 br->group_fwd_mask = BR_GROUPFWD_DEFAULT;
362
364 br->designated_root = br->bridge_id; 363 br->designated_root = br->bridge_id;
365 br->bridge_max_age = br->max_age = 20 * HZ; 364 br->bridge_max_age = br->max_age = 20 * HZ;
366 br->bridge_hello_time = br->hello_time = 2 * HZ; 365 br->bridge_hello_time = br->hello_time = 2 * HZ;
diff --git a/net/bridge/br_fdb.c b/net/bridge/br_fdb.c
index 68def3b7fb49..c8e7861b88b0 100644
--- a/net/bridge/br_fdb.c
+++ b/net/bridge/br_fdb.c
@@ -558,19 +558,28 @@ skip:
558 558
559/* Create new static fdb entry */ 559/* Create new static fdb entry */
560static int fdb_add_entry(struct net_bridge_port *source, const __u8 *addr, 560static int fdb_add_entry(struct net_bridge_port *source, const __u8 *addr,
561 __u16 state) 561 __u16 state, __u16 flags)
562{ 562{
563 struct net_bridge *br = source->br; 563 struct net_bridge *br = source->br;
564 struct hlist_head *head = &br->hash[br_mac_hash(addr)]; 564 struct hlist_head *head = &br->hash[br_mac_hash(addr)];
565 struct net_bridge_fdb_entry *fdb; 565 struct net_bridge_fdb_entry *fdb;
566 566
567 fdb = fdb_find(head, addr); 567 fdb = fdb_find(head, addr);
568 if (fdb) 568 if (fdb == NULL) {
569 return -EEXIST; 569 if (!(flags & NLM_F_CREATE))
570 return -ENOENT;
570 571
571 fdb = fdb_create(head, source, addr); 572 fdb = fdb_create(head, source, addr);
572 if (!fdb) 573 if (!fdb)
573 return -ENOMEM; 574 return -ENOMEM;
575 } else {
576 if (flags & NLM_F_EXCL)
577 return -EEXIST;
578
579 if (flags & NLM_F_REPLACE)
580 fdb->updated = fdb->used = jiffies;
581 fdb->is_local = fdb->is_static = 0;
582 }
574 583
575 if (state & NUD_PERMANENT) 584 if (state & NUD_PERMANENT)
576 fdb->is_local = fdb->is_static = 1; 585 fdb->is_local = fdb->is_static = 1;
@@ -626,7 +635,7 @@ int br_fdb_add(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg)
626 } 635 }
627 636
628 spin_lock_bh(&p->br->hash_lock); 637 spin_lock_bh(&p->br->hash_lock);
629 err = fdb_add_entry(p, addr, ndm->ndm_state); 638 err = fdb_add_entry(p, addr, ndm->ndm_state, nlh->nlmsg_flags);
630 spin_unlock_bh(&p->br->hash_lock); 639 spin_unlock_bh(&p->br->hash_lock);
631 640
632 return err; 641 return err;
diff --git a/net/bridge/br_if.c b/net/bridge/br_if.c
index 3176e2e13d9b..f603e5b0b930 100644
--- a/net/bridge/br_if.c
+++ b/net/bridge/br_if.c
@@ -13,6 +13,7 @@
13 13
14#include <linux/kernel.h> 14#include <linux/kernel.h>
15#include <linux/netdevice.h> 15#include <linux/netdevice.h>
16#include <linux/etherdevice.h>
16#include <linux/netpoll.h> 17#include <linux/netpoll.h>
17#include <linux/ethtool.h> 18#include <linux/ethtool.h>
18#include <linux/if_arp.h> 19#include <linux/if_arp.h>
@@ -33,20 +34,18 @@
33 */ 34 */
34static int port_cost(struct net_device *dev) 35static int port_cost(struct net_device *dev)
35{ 36{
36 if (dev->ethtool_ops && dev->ethtool_ops->get_settings) { 37 struct ethtool_cmd ecmd;
37 struct ethtool_cmd ecmd = { .cmd = ETHTOOL_GSET, }; 38
38 39 if (!__ethtool_get_settings(dev, &ecmd)) {
39 if (!dev_ethtool_get_settings(dev, &ecmd)) { 40 switch (ethtool_cmd_speed(&ecmd)) {
40 switch (ethtool_cmd_speed(&ecmd)) { 41 case SPEED_10000:
41 case SPEED_10000: 42 return 2;
42 return 2; 43 case SPEED_1000:
43 case SPEED_1000: 44 return 4;
44 return 4; 45 case SPEED_100:
45 case SPEED_100: 46 return 19;
46 return 19; 47 case SPEED_10:
47 case SPEED_10: 48 return 100;
48 return 100;
49 }
50 } 49 }
51 } 50 }
52 51
@@ -161,9 +160,10 @@ static void del_nbp(struct net_bridge_port *p)
161 call_rcu(&p->rcu, destroy_nbp_rcu); 160 call_rcu(&p->rcu, destroy_nbp_rcu);
162} 161}
163 162
164/* called with RTNL */ 163/* Delete bridge device */
165static void del_br(struct net_bridge *br, struct list_head *head) 164void br_dev_delete(struct net_device *dev, struct list_head *head)
166{ 165{
166 struct net_bridge *br = netdev_priv(dev);
167 struct net_bridge_port *p, *n; 167 struct net_bridge_port *p, *n;
168 168
169 list_for_each_entry_safe(p, n, &br->port_list, list) { 169 list_for_each_entry_safe(p, n, &br->port_list, list) {
@@ -231,6 +231,7 @@ static struct net_bridge_port *new_nbp(struct net_bridge *br,
231int br_add_bridge(struct net *net, const char *name) 231int br_add_bridge(struct net *net, const char *name)
232{ 232{
233 struct net_device *dev; 233 struct net_device *dev;
234 int res;
234 235
235 dev = alloc_netdev(sizeof(struct net_bridge), name, 236 dev = alloc_netdev(sizeof(struct net_bridge), name,
236 br_dev_setup); 237 br_dev_setup);
@@ -240,7 +241,10 @@ int br_add_bridge(struct net *net, const char *name)
240 241
241 dev_net_set(dev, net); 242 dev_net_set(dev, net);
242 243
243 return register_netdev(dev); 244 res = register_netdev(dev);
245 if (res)
246 free_netdev(dev);
247 return res;
244} 248}
245 249
246int br_del_bridge(struct net *net, const char *name) 250int br_del_bridge(struct net *net, const char *name)
@@ -264,7 +268,7 @@ int br_del_bridge(struct net *net, const char *name)
264 } 268 }
265 269
266 else 270 else
267 del_br(netdev_priv(dev), NULL); 271 br_dev_delete(dev, NULL);
268 272
269 rtnl_unlock(); 273 rtnl_unlock();
270 return ret; 274 return ret;
@@ -320,7 +324,8 @@ int br_add_if(struct net_bridge *br, struct net_device *dev)
320 324
321 /* Don't allow bridging non-ethernet like devices */ 325 /* Don't allow bridging non-ethernet like devices */
322 if ((dev->flags & IFF_LOOPBACK) || 326 if ((dev->flags & IFF_LOOPBACK) ||
323 dev->type != ARPHRD_ETHER || dev->addr_len != ETH_ALEN) 327 dev->type != ARPHRD_ETHER || dev->addr_len != ETH_ALEN ||
328 !is_valid_ether_addr(dev->dev_addr))
324 return -EINVAL; 329 return -EINVAL;
325 330
326 /* No bridging of bridges */ 331 /* No bridging of bridges */
@@ -348,10 +353,6 @@ int br_add_if(struct net_bridge *br, struct net_device *dev)
348 err = kobject_init_and_add(&p->kobj, &brport_ktype, &(dev->dev.kobj), 353 err = kobject_init_and_add(&p->kobj, &brport_ktype, &(dev->dev.kobj),
349 SYSFS_BRIDGE_PORT_ATTR); 354 SYSFS_BRIDGE_PORT_ATTR);
350 if (err) 355 if (err)
351 goto err0;
352
353 err = br_fdb_insert(br, p, dev->dev_addr);
354 if (err)
355 goto err1; 356 goto err1;
356 357
357 err = br_sysfs_addif(p); 358 err = br_sysfs_addif(p);
@@ -392,6 +393,9 @@ int br_add_if(struct net_bridge *br, struct net_device *dev)
392 393
393 dev_set_mtu(br->dev, br_min_mtu(br)); 394 dev_set_mtu(br->dev, br_min_mtu(br));
394 395
396 if (br_fdb_insert(br, p, dev->dev_addr))
397 netdev_err(dev, "failed insert local address bridge forwarding table\n");
398
395 kobject_uevent(&p->kobj, KOBJ_ADD); 399 kobject_uevent(&p->kobj, KOBJ_ADD);
396 400
397 return 0; 401 return 0;
@@ -401,11 +405,9 @@ err4:
401err3: 405err3:
402 sysfs_remove_link(br->ifobj, p->dev->name); 406 sysfs_remove_link(br->ifobj, p->dev->name);
403err2: 407err2:
404 br_fdb_delete_by_port(br, p, 1);
405err1:
406 kobject_put(&p->kobj); 408 kobject_put(&p->kobj);
407 p = NULL; /* kobject_put frees */ 409 p = NULL; /* kobject_put frees */
408err0: 410err1:
409 dev_set_promiscuity(dev, -1); 411 dev_set_promiscuity(dev, -1);
410put_back: 412put_back:
411 dev_put(dev); 413 dev_put(dev);
@@ -417,6 +419,7 @@ put_back:
417int br_del_if(struct net_bridge *br, struct net_device *dev) 419int br_del_if(struct net_bridge *br, struct net_device *dev)
418{ 420{
419 struct net_bridge_port *p; 421 struct net_bridge_port *p;
422 bool changed_addr;
420 423
421 p = br_port_get_rtnl(dev); 424 p = br_port_get_rtnl(dev);
422 if (!p || p->br != br) 425 if (!p || p->br != br)
@@ -425,9 +428,12 @@ int br_del_if(struct net_bridge *br, struct net_device *dev)
425 del_nbp(p); 428 del_nbp(p);
426 429
427 spin_lock_bh(&br->lock); 430 spin_lock_bh(&br->lock);
428 br_stp_recalculate_bridge_id(br); 431 changed_addr = br_stp_recalculate_bridge_id(br);
429 spin_unlock_bh(&br->lock); 432 spin_unlock_bh(&br->lock);
430 433
434 if (changed_addr)
435 call_netdevice_notifiers(NETDEV_CHANGEADDR, br->dev);
436
431 netdev_update_features(br->dev); 437 netdev_update_features(br->dev);
432 438
433 return 0; 439 return 0;
@@ -441,7 +447,7 @@ void __net_exit br_net_exit(struct net *net)
441 rtnl_lock(); 447 rtnl_lock();
442 for_each_netdev(net, dev) 448 for_each_netdev(net, dev)
443 if (dev->priv_flags & IFF_EBRIDGE) 449 if (dev->priv_flags & IFF_EBRIDGE)
444 del_br(netdev_priv(dev), &list); 450 br_dev_delete(dev, &list);
445 451
446 unregister_netdevice_many(&list); 452 unregister_netdevice_many(&list);
447 rtnl_unlock(); 453 rtnl_unlock();
diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c
index f06ee39c73fd..6f9f8c014725 100644
--- a/net/bridge/br_input.c
+++ b/net/bridge/br_input.c
@@ -162,14 +162,37 @@ rx_handler_result_t br_handle_frame(struct sk_buff **pskb)
162 p = br_port_get_rcu(skb->dev); 162 p = br_port_get_rcu(skb->dev);
163 163
164 if (unlikely(is_link_local(dest))) { 164 if (unlikely(is_link_local(dest))) {
165 /* Pause frames shouldn't be passed up by driver anyway */ 165 /*
166 if (skb->protocol == htons(ETH_P_PAUSE)) 166 * See IEEE 802.1D Table 7-10 Reserved addresses
167 *
168 * Assignment Value
169 * Bridge Group Address 01-80-C2-00-00-00
170 * (MAC Control) 802.3 01-80-C2-00-00-01
171 * (Link Aggregation) 802.3 01-80-C2-00-00-02
172 * 802.1X PAE address 01-80-C2-00-00-03
173 *
174 * 802.1AB LLDP 01-80-C2-00-00-0E
175 *
176 * Others reserved for future standardization
177 */
178 switch (dest[5]) {
179 case 0x00: /* Bridge Group Address */
180 /* If STP is turned off,
181 then must forward to keep loop detection */
182 if (p->br->stp_enabled == BR_NO_STP)
183 goto forward;
184 break;
185
186 case 0x01: /* IEEE MAC (Pause) */
167 goto drop; 187 goto drop;
168 188
169 /* If STP is turned off, then forward */ 189 default:
170 if (p->br->stp_enabled == BR_NO_STP && dest[5] == 0) 190 /* Allow selective forwarding for most other protocols */
171 goto forward; 191 if (p->br->group_fwd_mask & (1u << dest[5]))
192 goto forward;
193 }
172 194
195 /* Deliver packet to local host only */
173 if (NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_IN, skb, skb->dev, 196 if (NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_IN, skb, skb->dev,
174 NULL, br_handle_local_finish)) { 197 NULL, br_handle_local_finish)) {
175 return RX_HANDLER_CONSUMED; /* consumed by filter */ 198 return RX_HANDLER_CONSUMED; /* consumed by filter */
diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c
index 2d85ca7111d3..995cbe0ac0b2 100644
--- a/net/bridge/br_multicast.c
+++ b/net/bridge/br_multicast.c
@@ -1456,7 +1456,7 @@ static int br_multicast_ipv6_rcv(struct net_bridge *br,
1456{ 1456{
1457 struct sk_buff *skb2; 1457 struct sk_buff *skb2;
1458 const struct ipv6hdr *ip6h; 1458 const struct ipv6hdr *ip6h;
1459 struct icmp6hdr *icmp6h; 1459 u8 icmp6_type;
1460 u8 nexthdr; 1460 u8 nexthdr;
1461 unsigned len; 1461 unsigned len;
1462 int offset; 1462 int offset;
@@ -1502,9 +1502,9 @@ static int br_multicast_ipv6_rcv(struct net_bridge *br,
1502 __skb_pull(skb2, offset); 1502 __skb_pull(skb2, offset);
1503 skb_reset_transport_header(skb2); 1503 skb_reset_transport_header(skb2);
1504 1504
1505 icmp6h = icmp6_hdr(skb2); 1505 icmp6_type = icmp6_hdr(skb2)->icmp6_type;
1506 1506
1507 switch (icmp6h->icmp6_type) { 1507 switch (icmp6_type) {
1508 case ICMPV6_MGM_QUERY: 1508 case ICMPV6_MGM_QUERY:
1509 case ICMPV6_MGM_REPORT: 1509 case ICMPV6_MGM_REPORT:
1510 case ICMPV6_MGM_REDUCTION: 1510 case ICMPV6_MGM_REDUCTION:
@@ -1520,16 +1520,23 @@ static int br_multicast_ipv6_rcv(struct net_bridge *br,
1520 err = pskb_trim_rcsum(skb2, len); 1520 err = pskb_trim_rcsum(skb2, len);
1521 if (err) 1521 if (err)
1522 goto out; 1522 goto out;
1523 err = -EINVAL;
1523 } 1524 }
1524 1525
1526 ip6h = ipv6_hdr(skb2);
1527
1525 switch (skb2->ip_summed) { 1528 switch (skb2->ip_summed) {
1526 case CHECKSUM_COMPLETE: 1529 case CHECKSUM_COMPLETE:
1527 if (!csum_fold(skb2->csum)) 1530 if (!csum_ipv6_magic(&ip6h->saddr, &ip6h->daddr, skb2->len,
1531 IPPROTO_ICMPV6, skb2->csum))
1528 break; 1532 break;
1529 /*FALLTHROUGH*/ 1533 /*FALLTHROUGH*/
1530 case CHECKSUM_NONE: 1534 case CHECKSUM_NONE:
1531 skb2->csum = 0; 1535 skb2->csum = ~csum_unfold(csum_ipv6_magic(&ip6h->saddr,
1532 if (skb_checksum_complete(skb2)) 1536 &ip6h->daddr,
1537 skb2->len,
1538 IPPROTO_ICMPV6, 0));
1539 if (__skb_checksum_complete(skb2))
1533 goto out; 1540 goto out;
1534 } 1541 }
1535 1542
@@ -1537,7 +1544,7 @@ static int br_multicast_ipv6_rcv(struct net_bridge *br,
1537 1544
1538 BR_INPUT_SKB_CB(skb)->igmp = 1; 1545 BR_INPUT_SKB_CB(skb)->igmp = 1;
1539 1546
1540 switch (icmp6h->icmp6_type) { 1547 switch (icmp6_type) {
1541 case ICMPV6_MGM_REPORT: 1548 case ICMPV6_MGM_REPORT:
1542 { 1549 {
1543 struct mld_msg *mld; 1550 struct mld_msg *mld;
diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c
index 5b1ed1ba9aa7..e5f9ece3c9a0 100644
--- a/net/bridge/br_netlink.c
+++ b/net/bridge/br_netlink.c
@@ -210,6 +210,7 @@ static struct rtnl_link_ops br_link_ops __read_mostly = {
210 .priv_size = sizeof(struct net_bridge), 210 .priv_size = sizeof(struct net_bridge),
211 .setup = br_dev_setup, 211 .setup = br_dev_setup,
212 .validate = br_validate, 212 .validate = br_validate,
213 .dellink = br_dev_delete,
213}; 214};
214 215
215int __init br_netlink_init(void) 216int __init br_netlink_init(void)
diff --git a/net/bridge/br_notify.c b/net/bridge/br_notify.c
index 6545ee9591d1..a76b62135558 100644
--- a/net/bridge/br_notify.c
+++ b/net/bridge/br_notify.c
@@ -34,6 +34,7 @@ static int br_device_event(struct notifier_block *unused, unsigned long event, v
34 struct net_device *dev = ptr; 34 struct net_device *dev = ptr;
35 struct net_bridge_port *p; 35 struct net_bridge_port *p;
36 struct net_bridge *br; 36 struct net_bridge *br;
37 bool changed_addr;
37 int err; 38 int err;
38 39
39 /* register of bridge completed, add sysfs entries */ 40 /* register of bridge completed, add sysfs entries */
@@ -57,8 +58,12 @@ static int br_device_event(struct notifier_block *unused, unsigned long event, v
57 case NETDEV_CHANGEADDR: 58 case NETDEV_CHANGEADDR:
58 spin_lock_bh(&br->lock); 59 spin_lock_bh(&br->lock);
59 br_fdb_changeaddr(p, dev->dev_addr); 60 br_fdb_changeaddr(p, dev->dev_addr);
60 br_stp_recalculate_bridge_id(br); 61 changed_addr = br_stp_recalculate_bridge_id(br);
61 spin_unlock_bh(&br->lock); 62 spin_unlock_bh(&br->lock);
63
64 if (changed_addr)
65 call_netdevice_notifiers(NETDEV_CHANGEADDR, br->dev);
66
62 break; 67 break;
63 68
64 case NETDEV_CHANGE: 69 case NETDEV_CHANGE:
diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h
index 78cc364997d9..d7d6fb05411f 100644
--- a/net/bridge/br_private.h
+++ b/net/bridge/br_private.h
@@ -29,6 +29,11 @@
29 29
30#define BR_VERSION "2.3" 30#define BR_VERSION "2.3"
31 31
32/* Control of forwarding link local multicast */
33#define BR_GROUPFWD_DEFAULT 0
34/* Don't allow forwarding control protocols like STP and LLDP */
35#define BR_GROUPFWD_RESTRICTED 0x4007u
36
32/* Path to usermode spanning tree program */ 37/* Path to usermode spanning tree program */
33#define BR_STP_PROG "/sbin/bridge-stp" 38#define BR_STP_PROG "/sbin/bridge-stp"
34 39
@@ -193,6 +198,8 @@ struct net_bridge
193 unsigned long flags; 198 unsigned long flags;
194#define BR_SET_MAC_ADDR 0x00000001 199#define BR_SET_MAC_ADDR 0x00000001
195 200
201 u16 group_fwd_mask;
202
196 /* STP */ 203 /* STP */
197 bridge_id designated_root; 204 bridge_id designated_root;
198 bridge_id bridge_id; 205 bridge_id bridge_id;
@@ -294,6 +301,7 @@ static inline int br_is_root_bridge(const struct net_bridge *br)
294 301
295/* br_device.c */ 302/* br_device.c */
296extern void br_dev_setup(struct net_device *dev); 303extern void br_dev_setup(struct net_device *dev);
304extern void br_dev_delete(struct net_device *dev, struct list_head *list);
297extern netdev_tx_t br_dev_xmit(struct sk_buff *skb, 305extern netdev_tx_t br_dev_xmit(struct sk_buff *skb,
298 struct net_device *dev); 306 struct net_device *dev);
299#ifdef CONFIG_NET_POLL_CONTROLLER 307#ifdef CONFIG_NET_POLL_CONTROLLER
diff --git a/net/bridge/br_sysfs_br.c b/net/bridge/br_sysfs_br.c
index 68b893ea8c3a..c236c0e43984 100644
--- a/net/bridge/br_sysfs_br.c
+++ b/net/bridge/br_sysfs_br.c
@@ -149,6 +149,39 @@ static ssize_t store_stp_state(struct device *d,
149static DEVICE_ATTR(stp_state, S_IRUGO | S_IWUSR, show_stp_state, 149static DEVICE_ATTR(stp_state, S_IRUGO | S_IWUSR, show_stp_state,
150 store_stp_state); 150 store_stp_state);
151 151
152static ssize_t show_group_fwd_mask(struct device *d,
153 struct device_attribute *attr, char *buf)
154{
155 struct net_bridge *br = to_bridge(d);
156 return sprintf(buf, "%#x\n", br->group_fwd_mask);
157}
158
159
160static ssize_t store_group_fwd_mask(struct device *d,
161 struct device_attribute *attr, const char *buf,
162 size_t len)
163{
164 struct net_bridge *br = to_bridge(d);
165 char *endp;
166 unsigned long val;
167
168 if (!capable(CAP_NET_ADMIN))
169 return -EPERM;
170
171 val = simple_strtoul(buf, &endp, 0);
172 if (endp == buf)
173 return -EINVAL;
174
175 if (val & BR_GROUPFWD_RESTRICTED)
176 return -EINVAL;
177
178 br->group_fwd_mask = val;
179
180 return len;
181}
182static DEVICE_ATTR(group_fwd_mask, S_IRUGO | S_IWUSR, show_group_fwd_mask,
183 store_group_fwd_mask);
184
152static ssize_t show_priority(struct device *d, struct device_attribute *attr, 185static ssize_t show_priority(struct device *d, struct device_attribute *attr,
153 char *buf) 186 char *buf)
154{ 187{
@@ -652,6 +685,7 @@ static struct attribute *bridge_attrs[] = {
652 &dev_attr_max_age.attr, 685 &dev_attr_max_age.attr,
653 &dev_attr_ageing_time.attr, 686 &dev_attr_ageing_time.attr,
654 &dev_attr_stp_state.attr, 687 &dev_attr_stp_state.attr,
688 &dev_attr_group_fwd_mask.attr,
655 &dev_attr_priority.attr, 689 &dev_attr_priority.attr,
656 &dev_attr_bridge_id.attr, 690 &dev_attr_bridge_id.attr,
657 &dev_attr_root_id.attr, 691 &dev_attr_root_id.attr,
diff --git a/net/bridge/netfilter/Kconfig b/net/bridge/netfilter/Kconfig
index ba6f73eb06c6..a9aff9c7d027 100644
--- a/net/bridge/netfilter/Kconfig
+++ b/net/bridge/netfilter/Kconfig
@@ -4,7 +4,7 @@
4 4
5menuconfig BRIDGE_NF_EBTABLES 5menuconfig BRIDGE_NF_EBTABLES
6 tristate "Ethernet Bridge tables (ebtables) support" 6 tristate "Ethernet Bridge tables (ebtables) support"
7 depends on BRIDGE && BRIDGE_NETFILTER 7 depends on BRIDGE && NETFILTER
8 select NETFILTER_XTABLES 8 select NETFILTER_XTABLES
9 help 9 help
10 ebtables is a general, extensible frame/packet identification 10 ebtables is a general, extensible frame/packet identification
diff --git a/net/bridge/netfilter/ebtable_broute.c b/net/bridge/netfilter/ebtable_broute.c
index 1bcaf36ad612..40d8258bf74f 100644
--- a/net/bridge/netfilter/ebtable_broute.c
+++ b/net/bridge/netfilter/ebtable_broute.c
@@ -87,14 +87,14 @@ static int __init ebtable_broute_init(void)
87 if (ret < 0) 87 if (ret < 0)
88 return ret; 88 return ret;
89 /* see br_input.c */ 89 /* see br_input.c */
90 rcu_assign_pointer(br_should_route_hook, 90 RCU_INIT_POINTER(br_should_route_hook,
91 (br_should_route_hook_t *)ebt_broute); 91 (br_should_route_hook_t *)ebt_broute);
92 return 0; 92 return 0;
93} 93}
94 94
95static void __exit ebtable_broute_fini(void) 95static void __exit ebtable_broute_fini(void)
96{ 96{
97 rcu_assign_pointer(br_should_route_hook, NULL); 97 RCU_INIT_POINTER(br_should_route_hook, NULL);
98 synchronize_net(); 98 synchronize_net();
99 unregister_pernet_subsys(&broute_net_ops); 99 unregister_pernet_subsys(&broute_net_ops);
100} 100}
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index 2b5ca1a0054d..5864cc491369 100644
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -1198,7 +1198,8 @@ ebt_register_table(struct net *net, const struct ebt_table *input_table)
1198 1198
1199 if (table->check && table->check(newinfo, table->valid_hooks)) { 1199 if (table->check && table->check(newinfo, table->valid_hooks)) {
1200 BUGPRINT("The table doesn't like its own initial data, lol\n"); 1200 BUGPRINT("The table doesn't like its own initial data, lol\n");
1201 return ERR_PTR(-EINVAL); 1201 ret = -EINVAL;
1202 goto free_chainstack;
1202 } 1203 }
1203 1204
1204 table->private = newinfo; 1205 table->private = newinfo;
diff --git a/net/caif/caif_dev.c b/net/caif/caif_dev.c
index 7c2fa0a08148..47fc8f3a47cf 100644
--- a/net/caif/caif_dev.c
+++ b/net/caif/caif_dev.c
@@ -93,10 +93,14 @@ static struct caif_device_entry *caif_device_alloc(struct net_device *dev)
93 caifdevs = caif_device_list(dev_net(dev)); 93 caifdevs = caif_device_list(dev_net(dev));
94 BUG_ON(!caifdevs); 94 BUG_ON(!caifdevs);
95 95
96 caifd = kzalloc(sizeof(*caifd), GFP_ATOMIC); 96 caifd = kzalloc(sizeof(*caifd), GFP_KERNEL);
97 if (!caifd) 97 if (!caifd)
98 return NULL; 98 return NULL;
99 caifd->pcpu_refcnt = alloc_percpu(int); 99 caifd->pcpu_refcnt = alloc_percpu(int);
100 if (!caifd->pcpu_refcnt) {
101 kfree(caifd);
102 return NULL;
103 }
100 caifd->netdev = dev; 104 caifd->netdev = dev;
101 dev_hold(dev); 105 dev_hold(dev);
102 return caifd; 106 return caifd;
@@ -208,8 +212,7 @@ static int caif_device_notify(struct notifier_block *me, unsigned long what,
208 enum cfcnfg_phy_preference pref; 212 enum cfcnfg_phy_preference pref;
209 enum cfcnfg_phy_type phy_type; 213 enum cfcnfg_phy_type phy_type;
210 struct cfcnfg *cfg; 214 struct cfcnfg *cfg;
211 struct caif_device_entry_list *caifdevs = 215 struct caif_device_entry_list *caifdevs;
212 caif_device_list(dev_net(dev));
213 216
214 if (dev->type != ARPHRD_CAIF) 217 if (dev->type != ARPHRD_CAIF)
215 return 0; 218 return 0;
@@ -218,6 +221,8 @@ static int caif_device_notify(struct notifier_block *me, unsigned long what,
218 if (cfg == NULL) 221 if (cfg == NULL)
219 return 0; 222 return 0;
220 223
224 caifdevs = caif_device_list(dev_net(dev));
225
221 switch (what) { 226 switch (what) {
222 case NETDEV_REGISTER: 227 case NETDEV_REGISTER:
223 caifd = caif_device_alloc(dev); 228 caifd = caif_device_alloc(dev);
diff --git a/net/caif/cfcnfg.c b/net/caif/cfcnfg.c
index 52fe33bee029..00523ecc4ced 100644
--- a/net/caif/cfcnfg.c
+++ b/net/caif/cfcnfg.c
@@ -78,10 +78,8 @@ struct cfcnfg *cfcnfg_create(void)
78 78
79 /* Initiate this layer */ 79 /* Initiate this layer */
80 this = kzalloc(sizeof(struct cfcnfg), GFP_ATOMIC); 80 this = kzalloc(sizeof(struct cfcnfg), GFP_ATOMIC);
81 if (!this) { 81 if (!this)
82 pr_warn("Out of memory\n");
83 return NULL; 82 return NULL;
84 }
85 this->mux = cfmuxl_create(); 83 this->mux = cfmuxl_create();
86 if (!this->mux) 84 if (!this->mux)
87 goto out_of_mem; 85 goto out_of_mem;
@@ -108,8 +106,6 @@ struct cfcnfg *cfcnfg_create(void)
108 106
109 return this; 107 return this;
110out_of_mem: 108out_of_mem:
111 pr_warn("Out of memory\n");
112
113 synchronize_rcu(); 109 synchronize_rcu();
114 110
115 kfree(this->mux); 111 kfree(this->mux);
@@ -448,10 +444,8 @@ cfcnfg_linkup_rsp(struct cflayer *layer, u8 channel_id, enum cfctrl_srv serv,
448 "- unknown channel type\n"); 444 "- unknown channel type\n");
449 goto unlock; 445 goto unlock;
450 } 446 }
451 if (!servicel) { 447 if (!servicel)
452 pr_warn("Out of memory\n");
453 goto unlock; 448 goto unlock;
454 }
455 layer_set_dn(servicel, cnfg->mux); 449 layer_set_dn(servicel, cnfg->mux);
456 cfmuxl_set_uplayer(cnfg->mux, servicel, channel_id); 450 cfmuxl_set_uplayer(cnfg->mux, servicel, channel_id);
457 layer_set_up(servicel, adapt_layer); 451 layer_set_up(servicel, adapt_layer);
@@ -473,7 +467,7 @@ cfcnfg_add_phy_layer(struct cfcnfg *cnfg, enum cfcnfg_phy_type phy_type,
473{ 467{
474 struct cflayer *frml; 468 struct cflayer *frml;
475 struct cflayer *phy_driver = NULL; 469 struct cflayer *phy_driver = NULL;
476 struct cfcnfg_phyinfo *phyinfo; 470 struct cfcnfg_phyinfo *phyinfo = NULL;
477 int i; 471 int i;
478 u8 phyid; 472 u8 phyid;
479 473
@@ -488,25 +482,25 @@ cfcnfg_add_phy_layer(struct cfcnfg *cnfg, enum cfcnfg_phy_type phy_type,
488 goto got_phyid; 482 goto got_phyid;
489 } 483 }
490 pr_warn("Too many CAIF Link Layers (max 6)\n"); 484 pr_warn("Too many CAIF Link Layers (max 6)\n");
491 goto out; 485 goto out_err;
492 486
493got_phyid: 487got_phyid:
494 phyinfo = kzalloc(sizeof(struct cfcnfg_phyinfo), GFP_ATOMIC); 488 phyinfo = kzalloc(sizeof(struct cfcnfg_phyinfo), GFP_ATOMIC);
489 if (!phyinfo)
490 goto out_err;
495 491
496 switch (phy_type) { 492 switch (phy_type) {
497 case CFPHYTYPE_FRAG: 493 case CFPHYTYPE_FRAG:
498 phy_driver = 494 phy_driver =
499 cfserl_create(CFPHYTYPE_FRAG, phyid, stx); 495 cfserl_create(CFPHYTYPE_FRAG, phyid, stx);
500 if (!phy_driver) { 496 if (!phy_driver)
501 pr_warn("Out of memory\n"); 497 goto out_err;
502 goto out;
503 }
504 break; 498 break;
505 case CFPHYTYPE_CAIF: 499 case CFPHYTYPE_CAIF:
506 phy_driver = NULL; 500 phy_driver = NULL;
507 break; 501 break;
508 default: 502 default:
509 goto out; 503 goto out_err;
510 } 504 }
511 phy_layer->id = phyid; 505 phy_layer->id = phyid;
512 phyinfo->pref = pref; 506 phyinfo->pref = pref;
@@ -520,11 +514,8 @@ got_phyid:
520 514
521 frml = cffrml_create(phyid, fcs); 515 frml = cffrml_create(phyid, fcs);
522 516
523 if (!frml) { 517 if (!frml)
524 pr_warn("Out of memory\n"); 518 goto out_err;
525 kfree(phyinfo);
526 goto out;
527 }
528 phyinfo->frm_layer = frml; 519 phyinfo->frm_layer = frml;
529 layer_set_up(frml, cnfg->mux); 520 layer_set_up(frml, cnfg->mux);
530 521
@@ -540,7 +531,12 @@ got_phyid:
540 } 531 }
541 532
542 list_add_rcu(&phyinfo->node, &cnfg->phys); 533 list_add_rcu(&phyinfo->node, &cnfg->phys);
543out: 534 mutex_unlock(&cnfg->lock);
535 return;
536
537out_err:
538 kfree(phy_driver);
539 kfree(phyinfo);
544 mutex_unlock(&cnfg->lock); 540 mutex_unlock(&cnfg->lock);
545} 541}
546EXPORT_SYMBOL(cfcnfg_add_phy_layer); 542EXPORT_SYMBOL(cfcnfg_add_phy_layer);
diff --git a/net/caif/cfctrl.c b/net/caif/cfctrl.c
index e22671bed669..5cf52225692e 100644
--- a/net/caif/cfctrl.c
+++ b/net/caif/cfctrl.c
@@ -35,15 +35,12 @@ struct cflayer *cfctrl_create(void)
35{ 35{
36 struct dev_info dev_info; 36 struct dev_info dev_info;
37 struct cfctrl *this = 37 struct cfctrl *this =
38 kmalloc(sizeof(struct cfctrl), GFP_ATOMIC); 38 kzalloc(sizeof(struct cfctrl), GFP_ATOMIC);
39 if (!this) { 39 if (!this)
40 pr_warn("Out of memory\n");
41 return NULL; 40 return NULL;
42 }
43 caif_assert(offsetof(struct cfctrl, serv.layer) == 0); 41 caif_assert(offsetof(struct cfctrl, serv.layer) == 0);
44 memset(&dev_info, 0, sizeof(dev_info)); 42 memset(&dev_info, 0, sizeof(dev_info));
45 dev_info.id = 0xff; 43 dev_info.id = 0xff;
46 memset(this, 0, sizeof(*this));
47 cfsrvl_init(&this->serv, 0, &dev_info, false); 44 cfsrvl_init(&this->serv, 0, &dev_info, false);
48 atomic_set(&this->req_seq_no, 1); 45 atomic_set(&this->req_seq_no, 1);
49 atomic_set(&this->rsp_seq_no, 1); 46 atomic_set(&this->rsp_seq_no, 1);
@@ -180,10 +177,8 @@ void cfctrl_enum_req(struct cflayer *layer, u8 physlinkid)
180 struct cfctrl *cfctrl = container_obj(layer); 177 struct cfctrl *cfctrl = container_obj(layer);
181 struct cfpkt *pkt = cfpkt_create(CFPKT_CTRL_PKT_LEN); 178 struct cfpkt *pkt = cfpkt_create(CFPKT_CTRL_PKT_LEN);
182 struct cflayer *dn = cfctrl->serv.layer.dn; 179 struct cflayer *dn = cfctrl->serv.layer.dn;
183 if (!pkt) { 180 if (!pkt)
184 pr_warn("Out of memory\n");
185 return; 181 return;
186 }
187 if (!dn) { 182 if (!dn) {
188 pr_debug("not able to send enum request\n"); 183 pr_debug("not able to send enum request\n");
189 return; 184 return;
@@ -224,10 +219,8 @@ int cfctrl_linkup_request(struct cflayer *layer,
224 } 219 }
225 220
226 pkt = cfpkt_create(CFPKT_CTRL_PKT_LEN); 221 pkt = cfpkt_create(CFPKT_CTRL_PKT_LEN);
227 if (!pkt) { 222 if (!pkt)
228 pr_warn("Out of memory\n");
229 return -ENOMEM; 223 return -ENOMEM;
230 }
231 cfpkt_addbdy(pkt, CFCTRL_CMD_LINK_SETUP); 224 cfpkt_addbdy(pkt, CFCTRL_CMD_LINK_SETUP);
232 cfpkt_addbdy(pkt, (param->chtype << 4) | param->linktype); 225 cfpkt_addbdy(pkt, (param->chtype << 4) | param->linktype);
233 cfpkt_addbdy(pkt, (param->priority << 3) | param->phyid); 226 cfpkt_addbdy(pkt, (param->priority << 3) | param->phyid);
@@ -275,10 +268,8 @@ int cfctrl_linkup_request(struct cflayer *layer,
275 return -EINVAL; 268 return -EINVAL;
276 } 269 }
277 req = kzalloc(sizeof(*req), GFP_KERNEL); 270 req = kzalloc(sizeof(*req), GFP_KERNEL);
278 if (!req) { 271 if (!req)
279 pr_warn("Out of memory\n");
280 return -ENOMEM; 272 return -ENOMEM;
281 }
282 req->client_layer = user_layer; 273 req->client_layer = user_layer;
283 req->cmd = CFCTRL_CMD_LINK_SETUP; 274 req->cmd = CFCTRL_CMD_LINK_SETUP;
284 req->param = *param; 275 req->param = *param;
@@ -312,10 +303,8 @@ int cfctrl_linkdown_req(struct cflayer *layer, u8 channelid,
312 struct cfpkt *pkt = cfpkt_create(CFPKT_CTRL_PKT_LEN); 303 struct cfpkt *pkt = cfpkt_create(CFPKT_CTRL_PKT_LEN);
313 struct cflayer *dn = cfctrl->serv.layer.dn; 304 struct cflayer *dn = cfctrl->serv.layer.dn;
314 305
315 if (!pkt) { 306 if (!pkt)
316 pr_warn("Out of memory\n");
317 return -ENOMEM; 307 return -ENOMEM;
318 }
319 308
320 if (!dn) { 309 if (!dn) {
321 pr_debug("not able to send link-down request\n"); 310 pr_debug("not able to send link-down request\n");
diff --git a/net/caif/cfdbgl.c b/net/caif/cfdbgl.c
index 11a2af4c162a..65d6ef3cf9aa 100644
--- a/net/caif/cfdbgl.c
+++ b/net/caif/cfdbgl.c
@@ -19,13 +19,10 @@ static int cfdbgl_transmit(struct cflayer *layr, struct cfpkt *pkt);
19 19
20struct cflayer *cfdbgl_create(u8 channel_id, struct dev_info *dev_info) 20struct cflayer *cfdbgl_create(u8 channel_id, struct dev_info *dev_info)
21{ 21{
22 struct cfsrvl *dbg = kmalloc(sizeof(struct cfsrvl), GFP_ATOMIC); 22 struct cfsrvl *dbg = kzalloc(sizeof(struct cfsrvl), GFP_ATOMIC);
23 if (!dbg) { 23 if (!dbg)
24 pr_warn("Out of memory\n");
25 return NULL; 24 return NULL;
26 }
27 caif_assert(offsetof(struct cfsrvl, layer) == 0); 25 caif_assert(offsetof(struct cfsrvl, layer) == 0);
28 memset(dbg, 0, sizeof(struct cfsrvl));
29 cfsrvl_init(dbg, channel_id, dev_info, false); 26 cfsrvl_init(dbg, channel_id, dev_info, false);
30 dbg->layer.receive = cfdbgl_receive; 27 dbg->layer.receive = cfdbgl_receive;
31 dbg->layer.transmit = cfdbgl_transmit; 28 dbg->layer.transmit = cfdbgl_transmit;
diff --git a/net/caif/cfdgml.c b/net/caif/cfdgml.c
index 0382dec84fdc..0f5ff27aa41c 100644
--- a/net/caif/cfdgml.c
+++ b/net/caif/cfdgml.c
@@ -26,13 +26,10 @@ static int cfdgml_transmit(struct cflayer *layr, struct cfpkt *pkt);
26 26
27struct cflayer *cfdgml_create(u8 channel_id, struct dev_info *dev_info) 27struct cflayer *cfdgml_create(u8 channel_id, struct dev_info *dev_info)
28{ 28{
29 struct cfsrvl *dgm = kmalloc(sizeof(struct cfsrvl), GFP_ATOMIC); 29 struct cfsrvl *dgm = kzalloc(sizeof(struct cfsrvl), GFP_ATOMIC);
30 if (!dgm) { 30 if (!dgm)
31 pr_warn("Out of memory\n");
32 return NULL; 31 return NULL;
33 }
34 caif_assert(offsetof(struct cfsrvl, layer) == 0); 32 caif_assert(offsetof(struct cfsrvl, layer) == 0);
35 memset(dgm, 0, sizeof(struct cfsrvl));
36 cfsrvl_init(dgm, channel_id, dev_info, true); 33 cfsrvl_init(dgm, channel_id, dev_info, true);
37 dgm->layer.receive = cfdgml_receive; 34 dgm->layer.receive = cfdgml_receive;
38 dgm->layer.transmit = cfdgml_transmit; 35 dgm->layer.transmit = cfdgml_transmit;
diff --git a/net/caif/cffrml.c b/net/caif/cffrml.c
index 04204b202718..f39921171d0d 100644
--- a/net/caif/cffrml.c
+++ b/net/caif/cffrml.c
@@ -34,11 +34,9 @@ static u32 cffrml_rcv_error;
34static u32 cffrml_rcv_checsum_error; 34static u32 cffrml_rcv_checsum_error;
35struct cflayer *cffrml_create(u16 phyid, bool use_fcs) 35struct cflayer *cffrml_create(u16 phyid, bool use_fcs)
36{ 36{
37 struct cffrml *this = kmalloc(sizeof(struct cffrml), GFP_ATOMIC); 37 struct cffrml *this = kzalloc(sizeof(struct cffrml), GFP_ATOMIC);
38 if (!this) { 38 if (!this)
39 pr_warn("Out of memory\n");
40 return NULL; 39 return NULL;
41 }
42 this->pcpu_refcnt = alloc_percpu(int); 40 this->pcpu_refcnt = alloc_percpu(int);
43 if (this->pcpu_refcnt == NULL) { 41 if (this->pcpu_refcnt == NULL) {
44 kfree(this); 42 kfree(this);
@@ -47,7 +45,6 @@ struct cflayer *cffrml_create(u16 phyid, bool use_fcs)
47 45
48 caif_assert(offsetof(struct cffrml, layer) == 0); 46 caif_assert(offsetof(struct cffrml, layer) == 0);
49 47
50 memset(this, 0, sizeof(struct cflayer));
51 this->layer.receive = cffrml_receive; 48 this->layer.receive = cffrml_receive;
52 this->layer.transmit = cffrml_transmit; 49 this->layer.transmit = cffrml_transmit;
53 this->layer.ctrlcmd = cffrml_ctrlcmd; 50 this->layer.ctrlcmd = cffrml_ctrlcmd;
diff --git a/net/caif/cfmuxl.c b/net/caif/cfmuxl.c
index c23979e79dfa..b36f24a4c8e7 100644
--- a/net/caif/cfmuxl.c
+++ b/net/caif/cfmuxl.c
@@ -108,7 +108,7 @@ struct cflayer *cfmuxl_remove_dnlayer(struct cflayer *layr, u8 phyid)
108 int idx = phyid % DN_CACHE_SIZE; 108 int idx = phyid % DN_CACHE_SIZE;
109 109
110 spin_lock_bh(&muxl->transmit_lock); 110 spin_lock_bh(&muxl->transmit_lock);
111 rcu_assign_pointer(muxl->dn_cache[idx], NULL); 111 RCU_INIT_POINTER(muxl->dn_cache[idx], NULL);
112 dn = get_from_id(&muxl->frml_list, phyid); 112 dn = get_from_id(&muxl->frml_list, phyid);
113 if (dn == NULL) 113 if (dn == NULL)
114 goto out; 114 goto out;
@@ -164,7 +164,7 @@ struct cflayer *cfmuxl_remove_uplayer(struct cflayer *layr, u8 id)
164 if (up == NULL) 164 if (up == NULL)
165 goto out; 165 goto out;
166 166
167 rcu_assign_pointer(muxl->up_cache[idx], NULL); 167 RCU_INIT_POINTER(muxl->up_cache[idx], NULL);
168 list_del_rcu(&up->node); 168 list_del_rcu(&up->node);
169out: 169out:
170 spin_unlock_bh(&muxl->receive_lock); 170 spin_unlock_bh(&muxl->receive_lock);
@@ -261,7 +261,7 @@ static void cfmuxl_ctrlcmd(struct cflayer *layr, enum caif_ctrlcmd ctrl,
261 261
262 idx = layer->id % UP_CACHE_SIZE; 262 idx = layer->id % UP_CACHE_SIZE;
263 spin_lock_bh(&muxl->receive_lock); 263 spin_lock_bh(&muxl->receive_lock);
264 rcu_assign_pointer(muxl->up_cache[idx], NULL); 264 RCU_INIT_POINTER(muxl->up_cache[idx], NULL);
265 list_del_rcu(&layer->node); 265 list_del_rcu(&layer->node);
266 spin_unlock_bh(&muxl->receive_lock); 266 spin_unlock_bh(&muxl->receive_lock);
267 } 267 }
diff --git a/net/caif/cfrfml.c b/net/caif/cfrfml.c
index 0deabb440051..81660f809713 100644
--- a/net/caif/cfrfml.c
+++ b/net/caif/cfrfml.c
@@ -46,13 +46,10 @@ struct cflayer *cfrfml_create(u8 channel_id, struct dev_info *dev_info,
46 int mtu_size) 46 int mtu_size)
47{ 47{
48 int tmp; 48 int tmp;
49 struct cfrfml *this = 49 struct cfrfml *this = kzalloc(sizeof(struct cfrfml), GFP_ATOMIC);
50 kzalloc(sizeof(struct cfrfml), GFP_ATOMIC);
51 50
52 if (!this) { 51 if (!this)
53 pr_warn("Out of memory\n");
54 return NULL; 52 return NULL;
55 }
56 53
57 cfsrvl_init(&this->serv, channel_id, dev_info, false); 54 cfsrvl_init(&this->serv, channel_id, dev_info, false);
58 this->serv.release = cfrfml_release; 55 this->serv.release = cfrfml_release;
diff --git a/net/caif/cfserl.c b/net/caif/cfserl.c
index 2715c84cfa87..797c8d165993 100644
--- a/net/caif/cfserl.c
+++ b/net/caif/cfserl.c
@@ -33,13 +33,10 @@ static void cfserl_ctrlcmd(struct cflayer *layr, enum caif_ctrlcmd ctrl,
33 33
34struct cflayer *cfserl_create(int type, int instance, bool use_stx) 34struct cflayer *cfserl_create(int type, int instance, bool use_stx)
35{ 35{
36 struct cfserl *this = kmalloc(sizeof(struct cfserl), GFP_ATOMIC); 36 struct cfserl *this = kzalloc(sizeof(struct cfserl), GFP_ATOMIC);
37 if (!this) { 37 if (!this)
38 pr_warn("Out of memory\n");
39 return NULL; 38 return NULL;
40 }
41 caif_assert(offsetof(struct cfserl, layer) == 0); 39 caif_assert(offsetof(struct cfserl, layer) == 0);
42 memset(this, 0, sizeof(struct cfserl));
43 this->layer.receive = cfserl_receive; 40 this->layer.receive = cfserl_receive;
44 this->layer.transmit = cfserl_transmit; 41 this->layer.transmit = cfserl_transmit;
45 this->layer.ctrlcmd = cfserl_ctrlcmd; 42 this->layer.ctrlcmd = cfserl_ctrlcmd;
diff --git a/net/caif/cfsrvl.c b/net/caif/cfsrvl.c
index 535a1e72b366..b99f5b22689d 100644
--- a/net/caif/cfsrvl.c
+++ b/net/caif/cfsrvl.c
@@ -108,10 +108,8 @@ static int cfservl_modemcmd(struct cflayer *layr, enum caif_modemcmd ctrl)
108 struct caif_payload_info *info; 108 struct caif_payload_info *info;
109 u8 flow_on = SRVL_FLOW_ON; 109 u8 flow_on = SRVL_FLOW_ON;
110 pkt = cfpkt_create(SRVL_CTRL_PKT_SIZE); 110 pkt = cfpkt_create(SRVL_CTRL_PKT_SIZE);
111 if (!pkt) { 111 if (!pkt)
112 pr_warn("Out of memory\n");
113 return -ENOMEM; 112 return -ENOMEM;
114 }
115 113
116 if (cfpkt_add_head(pkt, &flow_on, 1) < 0) { 114 if (cfpkt_add_head(pkt, &flow_on, 1) < 0) {
117 pr_err("Packet is erroneous!\n"); 115 pr_err("Packet is erroneous!\n");
@@ -130,10 +128,8 @@ static int cfservl_modemcmd(struct cflayer *layr, enum caif_modemcmd ctrl)
130 struct caif_payload_info *info; 128 struct caif_payload_info *info;
131 u8 flow_off = SRVL_FLOW_OFF; 129 u8 flow_off = SRVL_FLOW_OFF;
132 pkt = cfpkt_create(SRVL_CTRL_PKT_SIZE); 130 pkt = cfpkt_create(SRVL_CTRL_PKT_SIZE);
133 if (!pkt) { 131 if (!pkt)
134 pr_warn("Out of memory\n");
135 return -ENOMEM; 132 return -ENOMEM;
136 }
137 133
138 if (cfpkt_add_head(pkt, &flow_off, 1) < 0) { 134 if (cfpkt_add_head(pkt, &flow_off, 1) < 0) {
139 pr_err("Packet is erroneous!\n"); 135 pr_err("Packet is erroneous!\n");
diff --git a/net/caif/cfutill.c b/net/caif/cfutill.c
index 98e027db18ed..53e49f3e3af3 100644
--- a/net/caif/cfutill.c
+++ b/net/caif/cfutill.c
@@ -26,13 +26,10 @@ static int cfutill_transmit(struct cflayer *layr, struct cfpkt *pkt);
26 26
27struct cflayer *cfutill_create(u8 channel_id, struct dev_info *dev_info) 27struct cflayer *cfutill_create(u8 channel_id, struct dev_info *dev_info)
28{ 28{
29 struct cfsrvl *util = kmalloc(sizeof(struct cfsrvl), GFP_ATOMIC); 29 struct cfsrvl *util = kzalloc(sizeof(struct cfsrvl), GFP_ATOMIC);
30 if (!util) { 30 if (!util)
31 pr_warn("Out of memory\n");
32 return NULL; 31 return NULL;
33 }
34 caif_assert(offsetof(struct cfsrvl, layer) == 0); 32 caif_assert(offsetof(struct cfsrvl, layer) == 0);
35 memset(util, 0, sizeof(struct cfsrvl));
36 cfsrvl_init(util, channel_id, dev_info, true); 33 cfsrvl_init(util, channel_id, dev_info, true);
37 util->layer.receive = cfutill_receive; 34 util->layer.receive = cfutill_receive;
38 util->layer.transmit = cfutill_transmit; 35 util->layer.transmit = cfutill_transmit;
diff --git a/net/caif/cfveil.c b/net/caif/cfveil.c
index 3ec83fbc2887..910ab0661f66 100644
--- a/net/caif/cfveil.c
+++ b/net/caif/cfveil.c
@@ -25,13 +25,10 @@ static int cfvei_transmit(struct cflayer *layr, struct cfpkt *pkt);
25 25
26struct cflayer *cfvei_create(u8 channel_id, struct dev_info *dev_info) 26struct cflayer *cfvei_create(u8 channel_id, struct dev_info *dev_info)
27{ 27{
28 struct cfsrvl *vei = kmalloc(sizeof(struct cfsrvl), GFP_ATOMIC); 28 struct cfsrvl *vei = kzalloc(sizeof(struct cfsrvl), GFP_ATOMIC);
29 if (!vei) { 29 if (!vei)
30 pr_warn("Out of memory\n");
31 return NULL; 30 return NULL;
32 }
33 caif_assert(offsetof(struct cfsrvl, layer) == 0); 31 caif_assert(offsetof(struct cfsrvl, layer) == 0);
34 memset(vei, 0, sizeof(struct cfsrvl));
35 cfsrvl_init(vei, channel_id, dev_info, true); 32 cfsrvl_init(vei, channel_id, dev_info, true);
36 vei->layer.receive = cfvei_receive; 33 vei->layer.receive = cfvei_receive;
37 vei->layer.transmit = cfvei_transmit; 34 vei->layer.transmit = cfvei_transmit;
diff --git a/net/caif/cfvidl.c b/net/caif/cfvidl.c
index b2f5989ad455..e3f37db40ac3 100644
--- a/net/caif/cfvidl.c
+++ b/net/caif/cfvidl.c
@@ -21,14 +21,11 @@ static int cfvidl_transmit(struct cflayer *layr, struct cfpkt *pkt);
21 21
22struct cflayer *cfvidl_create(u8 channel_id, struct dev_info *dev_info) 22struct cflayer *cfvidl_create(u8 channel_id, struct dev_info *dev_info)
23{ 23{
24 struct cfsrvl *vid = kmalloc(sizeof(struct cfsrvl), GFP_ATOMIC); 24 struct cfsrvl *vid = kzalloc(sizeof(struct cfsrvl), GFP_ATOMIC);
25 if (!vid) { 25 if (!vid)
26 pr_warn("Out of memory\n");
27 return NULL; 26 return NULL;
28 }
29 caif_assert(offsetof(struct cfsrvl, layer) == 0); 27 caif_assert(offsetof(struct cfsrvl, layer) == 0);
30 28
31 memset(vid, 0, sizeof(struct cfsrvl));
32 cfsrvl_init(vid, channel_id, dev_info, false); 29 cfsrvl_init(vid, channel_id, dev_info, false);
33 vid->layer.receive = cfvidl_receive; 30 vid->layer.receive = cfvidl_receive;
34 vid->layer.transmit = cfvidl_transmit; 31 vid->layer.transmit = cfvidl_transmit;
diff --git a/net/can/Kconfig b/net/can/Kconfig
index 89395b2c8bca..03200699d274 100644
--- a/net/can/Kconfig
+++ b/net/can/Kconfig
@@ -40,5 +40,16 @@ config CAN_BCM
40 CAN messages are used on the bus (e.g. in automotive environments). 40 CAN messages are used on the bus (e.g. in automotive environments).
41 To use the Broadcast Manager, use AF_CAN with protocol CAN_BCM. 41 To use the Broadcast Manager, use AF_CAN with protocol CAN_BCM.
42 42
43config CAN_GW
44 tristate "CAN Gateway/Router (with netlink configuration)"
45 depends on CAN
46 default N
47 ---help---
48 The CAN Gateway/Router is used to route (and modify) CAN frames.
49 It is based on the PF_CAN core infrastructure for msg filtering and
50 msg sending and can optionally modify routed CAN frames on the fly.
51 CAN frames can be routed between CAN network interfaces (one hop).
52 They can be modified with AND/OR/XOR/SET operations as configured
53 by the netlink configuration interface known e.g. from iptables.
43 54
44source "drivers/net/can/Kconfig" 55source "drivers/net/can/Kconfig"
diff --git a/net/can/Makefile b/net/can/Makefile
index 2d3894b32742..cef49eb1f5c7 100644
--- a/net/can/Makefile
+++ b/net/can/Makefile
@@ -10,3 +10,6 @@ can-raw-y := raw.o
10 10
11obj-$(CONFIG_CAN_BCM) += can-bcm.o 11obj-$(CONFIG_CAN_BCM) += can-bcm.o
12can-bcm-y := bcm.o 12can-bcm-y := bcm.o
13
14obj-$(CONFIG_CAN_GW) += can-gw.o
15can-gw-y := gw.o
diff --git a/net/can/af_can.c b/net/can/af_can.c
index 8ce926d3b2cb..0ce2ad0696da 100644
--- a/net/can/af_can.c
+++ b/net/can/af_can.c
@@ -38,8 +38,6 @@
38 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH 38 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
39 * DAMAGE. 39 * DAMAGE.
40 * 40 *
41 * Send feedback to <socketcan-users@lists.berlios.de>
42 *
43 */ 41 */
44 42
45#include <linux/module.h> 43#include <linux/module.h>
@@ -719,7 +717,7 @@ int can_proto_register(const struct can_proto *cp)
719 proto); 717 proto);
720 err = -EBUSY; 718 err = -EBUSY;
721 } else 719 } else
722 rcu_assign_pointer(proto_tab[proto], cp); 720 RCU_INIT_POINTER(proto_tab[proto], cp);
723 721
724 mutex_unlock(&proto_tab_lock); 722 mutex_unlock(&proto_tab_lock);
725 723
@@ -740,7 +738,7 @@ void can_proto_unregister(const struct can_proto *cp)
740 738
741 mutex_lock(&proto_tab_lock); 739 mutex_lock(&proto_tab_lock);
742 BUG_ON(proto_tab[proto] != cp); 740 BUG_ON(proto_tab[proto] != cp);
743 rcu_assign_pointer(proto_tab[proto], NULL); 741 RCU_INIT_POINTER(proto_tab[proto], NULL);
744 mutex_unlock(&proto_tab_lock); 742 mutex_unlock(&proto_tab_lock);
745 743
746 synchronize_rcu(); 744 synchronize_rcu();
@@ -857,7 +855,7 @@ static __exit void can_exit(void)
857 struct net_device *dev; 855 struct net_device *dev;
858 856
859 if (stats_timer) 857 if (stats_timer)
860 del_timer(&can_stattimer); 858 del_timer_sync(&can_stattimer);
861 859
862 can_remove_proc(); 860 can_remove_proc();
863 861
diff --git a/net/can/af_can.h b/net/can/af_can.h
index 34253b84e30f..fd882dbadad3 100644
--- a/net/can/af_can.h
+++ b/net/can/af_can.h
@@ -35,8 +35,6 @@
35 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH 35 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
36 * DAMAGE. 36 * DAMAGE.
37 * 37 *
38 * Send feedback to <socketcan-users@lists.berlios.de>
39 *
40 */ 38 */
41 39
42#ifndef AF_CAN_H 40#ifndef AF_CAN_H
diff --git a/net/can/bcm.c b/net/can/bcm.c
index d6c8ae5b2e6a..151b7730c12c 100644
--- a/net/can/bcm.c
+++ b/net/can/bcm.c
@@ -37,8 +37,6 @@
37 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH 37 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
38 * DAMAGE. 38 * DAMAGE.
39 * 39 *
40 * Send feedback to <socketcan-users@lists.berlios.de>
41 *
42 */ 40 */
43 41
44#include <linux/module.h> 42#include <linux/module.h>
@@ -344,6 +342,18 @@ static void bcm_send_to_user(struct bcm_op *op, struct bcm_msg_head *head,
344 } 342 }
345} 343}
346 344
345static void bcm_tx_start_timer(struct bcm_op *op)
346{
347 if (op->kt_ival1.tv64 && op->count)
348 hrtimer_start(&op->timer,
349 ktime_add(ktime_get(), op->kt_ival1),
350 HRTIMER_MODE_ABS);
351 else if (op->kt_ival2.tv64)
352 hrtimer_start(&op->timer,
353 ktime_add(ktime_get(), op->kt_ival2),
354 HRTIMER_MODE_ABS);
355}
356
347static void bcm_tx_timeout_tsklet(unsigned long data) 357static void bcm_tx_timeout_tsklet(unsigned long data)
348{ 358{
349 struct bcm_op *op = (struct bcm_op *)data; 359 struct bcm_op *op = (struct bcm_op *)data;
@@ -365,26 +375,12 @@ static void bcm_tx_timeout_tsklet(unsigned long data)
365 375
366 bcm_send_to_user(op, &msg_head, NULL, 0); 376 bcm_send_to_user(op, &msg_head, NULL, 0);
367 } 377 }
368 }
369
370 if (op->kt_ival1.tv64 && (op->count > 0)) {
371
372 /* send (next) frame */
373 bcm_can_tx(op); 378 bcm_can_tx(op);
374 hrtimer_start(&op->timer,
375 ktime_add(ktime_get(), op->kt_ival1),
376 HRTIMER_MODE_ABS);
377 379
378 } else { 380 } else if (op->kt_ival2.tv64)
379 if (op->kt_ival2.tv64) { 381 bcm_can_tx(op);
380 382
381 /* send (next) frame */ 383 bcm_tx_start_timer(op);
382 bcm_can_tx(op);
383 hrtimer_start(&op->timer,
384 ktime_add(ktime_get(), op->kt_ival2),
385 HRTIMER_MODE_ABS);
386 }
387 }
388} 384}
389 385
390/* 386/*
@@ -964,23 +960,20 @@ static int bcm_tx_setup(struct bcm_msg_head *msg_head, struct msghdr *msg,
964 hrtimer_cancel(&op->timer); 960 hrtimer_cancel(&op->timer);
965 } 961 }
966 962
967 if ((op->flags & STARTTIMER) && 963 if (op->flags & STARTTIMER) {
968 ((op->kt_ival1.tv64 && op->count) || op->kt_ival2.tv64)) { 964 hrtimer_cancel(&op->timer);
969
970 /* spec: send can_frame when starting timer */ 965 /* spec: send can_frame when starting timer */
971 op->flags |= TX_ANNOUNCE; 966 op->flags |= TX_ANNOUNCE;
972
973 if (op->kt_ival1.tv64 && (op->count > 0)) {
974 /* op->count-- is done in bcm_tx_timeout_handler */
975 hrtimer_start(&op->timer, op->kt_ival1,
976 HRTIMER_MODE_REL);
977 } else
978 hrtimer_start(&op->timer, op->kt_ival2,
979 HRTIMER_MODE_REL);
980 } 967 }
981 968
982 if (op->flags & TX_ANNOUNCE) 969 if (op->flags & TX_ANNOUNCE) {
983 bcm_can_tx(op); 970 bcm_can_tx(op);
971 if (op->count)
972 op->count--;
973 }
974
975 if (op->flags & STARTTIMER)
976 bcm_tx_start_timer(op);
984 977
985 return msg_head->nframes * CFSIZ + MHSIZ; 978 return msg_head->nframes * CFSIZ + MHSIZ;
986} 979}
diff --git a/net/can/gw.c b/net/can/gw.c
new file mode 100644
index 000000000000..3d79b127881e
--- /dev/null
+++ b/net/can/gw.c
@@ -0,0 +1,957 @@
1/*
2 * gw.c - CAN frame Gateway/Router/Bridge with netlink interface
3 *
4 * Copyright (c) 2011 Volkswagen Group Electronic Research
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of Volkswagen nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * Alternatively, provided that this notice is retained in full, this
20 * software may be distributed under the terms of the GNU General
21 * Public License ("GPL") version 2, in which case the provisions of the
22 * GPL apply INSTEAD OF those given above.
23 *
24 * The provided data structures and external interfaces from this code
25 * are not restricted to be used by modules with a GPL compatible license.
26 *
27 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
28 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
29 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
30 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
31 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
32 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
33 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
34 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
35 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
36 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
37 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
38 * DAMAGE.
39 *
40 */
41
42#include <linux/module.h>
43#include <linux/init.h>
44#include <linux/types.h>
45#include <linux/list.h>
46#include <linux/spinlock.h>
47#include <linux/rcupdate.h>
48#include <linux/rculist.h>
49#include <linux/net.h>
50#include <linux/netdevice.h>
51#include <linux/if_arp.h>
52#include <linux/skbuff.h>
53#include <linux/can.h>
54#include <linux/can/core.h>
55#include <linux/can/gw.h>
56#include <net/rtnetlink.h>
57#include <net/net_namespace.h>
58#include <net/sock.h>
59
60#define CAN_GW_VERSION "20101209"
61static __initdata const char banner[] =
62 KERN_INFO "can: netlink gateway (rev " CAN_GW_VERSION ")\n";
63
64MODULE_DESCRIPTION("PF_CAN netlink gateway");
65MODULE_LICENSE("Dual BSD/GPL");
66MODULE_AUTHOR("Oliver Hartkopp <oliver.hartkopp@volkswagen.de>");
67MODULE_ALIAS("can-gw");
68
69HLIST_HEAD(cgw_list);
70static struct notifier_block notifier;
71
72static struct kmem_cache *cgw_cache __read_mostly;
73
74/* structure that contains the (on-the-fly) CAN frame modifications */
75struct cf_mod {
76 struct {
77 struct can_frame and;
78 struct can_frame or;
79 struct can_frame xor;
80 struct can_frame set;
81 } modframe;
82 struct {
83 u8 and;
84 u8 or;
85 u8 xor;
86 u8 set;
87 } modtype;
88 void (*modfunc[MAX_MODFUNCTIONS])(struct can_frame *cf,
89 struct cf_mod *mod);
90
91 /* CAN frame checksum calculation after CAN frame modifications */
92 struct {
93 struct cgw_csum_xor xor;
94 struct cgw_csum_crc8 crc8;
95 } csum;
96 struct {
97 void (*xor)(struct can_frame *cf, struct cgw_csum_xor *xor);
98 void (*crc8)(struct can_frame *cf, struct cgw_csum_crc8 *crc8);
99 } csumfunc;
100};
101
102
103/*
104 * So far we just support CAN -> CAN routing and frame modifications.
105 *
106 * The internal can_can_gw structure contains data and attributes for
107 * a CAN -> CAN gateway job.
108 */
109struct can_can_gw {
110 struct can_filter filter;
111 int src_idx;
112 int dst_idx;
113};
114
115/* list entry for CAN gateways jobs */
116struct cgw_job {
117 struct hlist_node list;
118 struct rcu_head rcu;
119 u32 handled_frames;
120 u32 dropped_frames;
121 struct cf_mod mod;
122 union {
123 /* CAN frame data source */
124 struct net_device *dev;
125 } src;
126 union {
127 /* CAN frame data destination */
128 struct net_device *dev;
129 } dst;
130 union {
131 struct can_can_gw ccgw;
132 /* tbc */
133 };
134 u8 gwtype;
135 u16 flags;
136};
137
138/* modification functions that are invoked in the hot path in can_can_gw_rcv */
139
140#define MODFUNC(func, op) static void func(struct can_frame *cf, \
141 struct cf_mod *mod) { op ; }
142
143MODFUNC(mod_and_id, cf->can_id &= mod->modframe.and.can_id)
144MODFUNC(mod_and_dlc, cf->can_dlc &= mod->modframe.and.can_dlc)
145MODFUNC(mod_and_data, *(u64 *)cf->data &= *(u64 *)mod->modframe.and.data)
146MODFUNC(mod_or_id, cf->can_id |= mod->modframe.or.can_id)
147MODFUNC(mod_or_dlc, cf->can_dlc |= mod->modframe.or.can_dlc)
148MODFUNC(mod_or_data, *(u64 *)cf->data |= *(u64 *)mod->modframe.or.data)
149MODFUNC(mod_xor_id, cf->can_id ^= mod->modframe.xor.can_id)
150MODFUNC(mod_xor_dlc, cf->can_dlc ^= mod->modframe.xor.can_dlc)
151MODFUNC(mod_xor_data, *(u64 *)cf->data ^= *(u64 *)mod->modframe.xor.data)
152MODFUNC(mod_set_id, cf->can_id = mod->modframe.set.can_id)
153MODFUNC(mod_set_dlc, cf->can_dlc = mod->modframe.set.can_dlc)
154MODFUNC(mod_set_data, *(u64 *)cf->data = *(u64 *)mod->modframe.set.data)
155
156static inline void canframecpy(struct can_frame *dst, struct can_frame *src)
157{
158 /*
159 * Copy the struct members separately to ensure that no uninitialized
160 * data are copied in the 3 bytes hole of the struct. This is needed
161 * to make easy compares of the data in the struct cf_mod.
162 */
163
164 dst->can_id = src->can_id;
165 dst->can_dlc = src->can_dlc;
166 *(u64 *)dst->data = *(u64 *)src->data;
167}
168
169static int cgw_chk_csum_parms(s8 fr, s8 to, s8 re)
170{
171 /*
172 * absolute dlc values 0 .. 7 => 0 .. 7, e.g. data [0]
173 * relative to received dlc -1 .. -8 :
174 * e.g. for received dlc = 8
175 * -1 => index = 7 (data[7])
176 * -3 => index = 5 (data[5])
177 * -8 => index = 0 (data[0])
178 */
179
180 if (fr > -9 && fr < 8 &&
181 to > -9 && to < 8 &&
182 re > -9 && re < 8)
183 return 0;
184 else
185 return -EINVAL;
186}
187
188static inline int calc_idx(int idx, int rx_dlc)
189{
190 if (idx < 0)
191 return rx_dlc + idx;
192 else
193 return idx;
194}
195
196static void cgw_csum_xor_rel(struct can_frame *cf, struct cgw_csum_xor *xor)
197{
198 int from = calc_idx(xor->from_idx, cf->can_dlc);
199 int to = calc_idx(xor->to_idx, cf->can_dlc);
200 int res = calc_idx(xor->result_idx, cf->can_dlc);
201 u8 val = xor->init_xor_val;
202 int i;
203
204 if (from < 0 || to < 0 || res < 0)
205 return;
206
207 if (from <= to) {
208 for (i = from; i <= to; i++)
209 val ^= cf->data[i];
210 } else {
211 for (i = from; i >= to; i--)
212 val ^= cf->data[i];
213 }
214
215 cf->data[res] = val;
216}
217
218static void cgw_csum_xor_pos(struct can_frame *cf, struct cgw_csum_xor *xor)
219{
220 u8 val = xor->init_xor_val;
221 int i;
222
223 for (i = xor->from_idx; i <= xor->to_idx; i++)
224 val ^= cf->data[i];
225
226 cf->data[xor->result_idx] = val;
227}
228
229static void cgw_csum_xor_neg(struct can_frame *cf, struct cgw_csum_xor *xor)
230{
231 u8 val = xor->init_xor_val;
232 int i;
233
234 for (i = xor->from_idx; i >= xor->to_idx; i--)
235 val ^= cf->data[i];
236
237 cf->data[xor->result_idx] = val;
238}
239
240static void cgw_csum_crc8_rel(struct can_frame *cf, struct cgw_csum_crc8 *crc8)
241{
242 int from = calc_idx(crc8->from_idx, cf->can_dlc);
243 int to = calc_idx(crc8->to_idx, cf->can_dlc);
244 int res = calc_idx(crc8->result_idx, cf->can_dlc);
245 u8 crc = crc8->init_crc_val;
246 int i;
247
248 if (from < 0 || to < 0 || res < 0)
249 return;
250
251 if (from <= to) {
252 for (i = crc8->from_idx; i <= crc8->to_idx; i++)
253 crc = crc8->crctab[crc^cf->data[i]];
254 } else {
255 for (i = crc8->from_idx; i >= crc8->to_idx; i--)
256 crc = crc8->crctab[crc^cf->data[i]];
257 }
258
259 switch (crc8->profile) {
260
261 case CGW_CRC8PRF_1U8:
262 crc = crc8->crctab[crc^crc8->profile_data[0]];
263 break;
264
265 case CGW_CRC8PRF_16U8:
266 crc = crc8->crctab[crc^crc8->profile_data[cf->data[1] & 0xF]];
267 break;
268
269 case CGW_CRC8PRF_SFFID_XOR:
270 crc = crc8->crctab[crc^(cf->can_id & 0xFF)^
271 (cf->can_id >> 8 & 0xFF)];
272 break;
273
274 }
275
276 cf->data[crc8->result_idx] = crc^crc8->final_xor_val;
277}
278
279static void cgw_csum_crc8_pos(struct can_frame *cf, struct cgw_csum_crc8 *crc8)
280{
281 u8 crc = crc8->init_crc_val;
282 int i;
283
284 for (i = crc8->from_idx; i <= crc8->to_idx; i++)
285 crc = crc8->crctab[crc^cf->data[i]];
286
287 switch (crc8->profile) {
288
289 case CGW_CRC8PRF_1U8:
290 crc = crc8->crctab[crc^crc8->profile_data[0]];
291 break;
292
293 case CGW_CRC8PRF_16U8:
294 crc = crc8->crctab[crc^crc8->profile_data[cf->data[1] & 0xF]];
295 break;
296
297 case CGW_CRC8PRF_SFFID_XOR:
298 crc = crc8->crctab[crc^(cf->can_id & 0xFF)^
299 (cf->can_id >> 8 & 0xFF)];
300 break;
301 }
302
303 cf->data[crc8->result_idx] = crc^crc8->final_xor_val;
304}
305
306static void cgw_csum_crc8_neg(struct can_frame *cf, struct cgw_csum_crc8 *crc8)
307{
308 u8 crc = crc8->init_crc_val;
309 int i;
310
311 for (i = crc8->from_idx; i >= crc8->to_idx; i--)
312 crc = crc8->crctab[crc^cf->data[i]];
313
314 switch (crc8->profile) {
315
316 case CGW_CRC8PRF_1U8:
317 crc = crc8->crctab[crc^crc8->profile_data[0]];
318 break;
319
320 case CGW_CRC8PRF_16U8:
321 crc = crc8->crctab[crc^crc8->profile_data[cf->data[1] & 0xF]];
322 break;
323
324 case CGW_CRC8PRF_SFFID_XOR:
325 crc = crc8->crctab[crc^(cf->can_id & 0xFF)^
326 (cf->can_id >> 8 & 0xFF)];
327 break;
328 }
329
330 cf->data[crc8->result_idx] = crc^crc8->final_xor_val;
331}
332
333/* the receive & process & send function */
334static void can_can_gw_rcv(struct sk_buff *skb, void *data)
335{
336 struct cgw_job *gwj = (struct cgw_job *)data;
337 struct can_frame *cf;
338 struct sk_buff *nskb;
339 int modidx = 0;
340
341 /* do not handle already routed frames - see comment below */
342 if (skb_mac_header_was_set(skb))
343 return;
344
345 if (!(gwj->dst.dev->flags & IFF_UP)) {
346 gwj->dropped_frames++;
347 return;
348 }
349
350 /*
351 * clone the given skb, which has not been done in can_rcv()
352 *
353 * When there is at least one modification function activated,
354 * we need to copy the skb as we want to modify skb->data.
355 */
356 if (gwj->mod.modfunc[0])
357 nskb = skb_copy(skb, GFP_ATOMIC);
358 else
359 nskb = skb_clone(skb, GFP_ATOMIC);
360
361 if (!nskb) {
362 gwj->dropped_frames++;
363 return;
364 }
365
366 /*
367 * Mark routed frames by setting some mac header length which is
368 * not relevant for the CAN frames located in the skb->data section.
369 *
370 * As dev->header_ops is not set in CAN netdevices no one is ever
371 * accessing the various header offsets in the CAN skbuffs anyway.
372 * E.g. using the packet socket to read CAN frames is still working.
373 */
374 skb_set_mac_header(nskb, 8);
375 nskb->dev = gwj->dst.dev;
376
377 /* pointer to modifiable CAN frame */
378 cf = (struct can_frame *)nskb->data;
379
380 /* perform preprocessed modification functions if there are any */
381 while (modidx < MAX_MODFUNCTIONS && gwj->mod.modfunc[modidx])
382 (*gwj->mod.modfunc[modidx++])(cf, &gwj->mod);
383
384 /* check for checksum updates when the CAN frame has been modified */
385 if (modidx) {
386 if (gwj->mod.csumfunc.crc8)
387 (*gwj->mod.csumfunc.crc8)(cf, &gwj->mod.csum.crc8);
388
389 if (gwj->mod.csumfunc.xor)
390 (*gwj->mod.csumfunc.xor)(cf, &gwj->mod.csum.xor);
391 }
392
393 /* clear the skb timestamp if not configured the other way */
394 if (!(gwj->flags & CGW_FLAGS_CAN_SRC_TSTAMP))
395 nskb->tstamp.tv64 = 0;
396
397 /* send to netdevice */
398 if (can_send(nskb, gwj->flags & CGW_FLAGS_CAN_ECHO))
399 gwj->dropped_frames++;
400 else
401 gwj->handled_frames++;
402}
403
404static inline int cgw_register_filter(struct cgw_job *gwj)
405{
406 return can_rx_register(gwj->src.dev, gwj->ccgw.filter.can_id,
407 gwj->ccgw.filter.can_mask, can_can_gw_rcv,
408 gwj, "gw");
409}
410
411static inline void cgw_unregister_filter(struct cgw_job *gwj)
412{
413 can_rx_unregister(gwj->src.dev, gwj->ccgw.filter.can_id,
414 gwj->ccgw.filter.can_mask, can_can_gw_rcv, gwj);
415}
416
417static int cgw_notifier(struct notifier_block *nb,
418 unsigned long msg, void *data)
419{
420 struct net_device *dev = (struct net_device *)data;
421
422 if (!net_eq(dev_net(dev), &init_net))
423 return NOTIFY_DONE;
424 if (dev->type != ARPHRD_CAN)
425 return NOTIFY_DONE;
426
427 if (msg == NETDEV_UNREGISTER) {
428
429 struct cgw_job *gwj = NULL;
430 struct hlist_node *n, *nx;
431
432 ASSERT_RTNL();
433
434 hlist_for_each_entry_safe(gwj, n, nx, &cgw_list, list) {
435
436 if (gwj->src.dev == dev || gwj->dst.dev == dev) {
437 hlist_del(&gwj->list);
438 cgw_unregister_filter(gwj);
439 kfree(gwj);
440 }
441 }
442 }
443
444 return NOTIFY_DONE;
445}
446
447static int cgw_put_job(struct sk_buff *skb, struct cgw_job *gwj)
448{
449 struct cgw_frame_mod mb;
450 struct rtcanmsg *rtcan;
451 struct nlmsghdr *nlh = nlmsg_put(skb, 0, 0, 0, sizeof(*rtcan), 0);
452 if (!nlh)
453 return -EMSGSIZE;
454
455 rtcan = nlmsg_data(nlh);
456 rtcan->can_family = AF_CAN;
457 rtcan->gwtype = gwj->gwtype;
458 rtcan->flags = gwj->flags;
459
460 /* add statistics if available */
461
462 if (gwj->handled_frames) {
463 if (nla_put_u32(skb, CGW_HANDLED, gwj->handled_frames) < 0)
464 goto cancel;
465 else
466 nlh->nlmsg_len += NLA_HDRLEN + NLA_ALIGN(sizeof(u32));
467 }
468
469 if (gwj->dropped_frames) {
470 if (nla_put_u32(skb, CGW_DROPPED, gwj->dropped_frames) < 0)
471 goto cancel;
472 else
473 nlh->nlmsg_len += NLA_HDRLEN + NLA_ALIGN(sizeof(u32));
474 }
475
476 /* check non default settings of attributes */
477
478 if (gwj->mod.modtype.and) {
479 memcpy(&mb.cf, &gwj->mod.modframe.and, sizeof(mb.cf));
480 mb.modtype = gwj->mod.modtype.and;
481 if (nla_put(skb, CGW_MOD_AND, sizeof(mb), &mb) < 0)
482 goto cancel;
483 else
484 nlh->nlmsg_len += NLA_HDRLEN + NLA_ALIGN(sizeof(mb));
485 }
486
487 if (gwj->mod.modtype.or) {
488 memcpy(&mb.cf, &gwj->mod.modframe.or, sizeof(mb.cf));
489 mb.modtype = gwj->mod.modtype.or;
490 if (nla_put(skb, CGW_MOD_OR, sizeof(mb), &mb) < 0)
491 goto cancel;
492 else
493 nlh->nlmsg_len += NLA_HDRLEN + NLA_ALIGN(sizeof(mb));
494 }
495
496 if (gwj->mod.modtype.xor) {
497 memcpy(&mb.cf, &gwj->mod.modframe.xor, sizeof(mb.cf));
498 mb.modtype = gwj->mod.modtype.xor;
499 if (nla_put(skb, CGW_MOD_XOR, sizeof(mb), &mb) < 0)
500 goto cancel;
501 else
502 nlh->nlmsg_len += NLA_HDRLEN + NLA_ALIGN(sizeof(mb));
503 }
504
505 if (gwj->mod.modtype.set) {
506 memcpy(&mb.cf, &gwj->mod.modframe.set, sizeof(mb.cf));
507 mb.modtype = gwj->mod.modtype.set;
508 if (nla_put(skb, CGW_MOD_SET, sizeof(mb), &mb) < 0)
509 goto cancel;
510 else
511 nlh->nlmsg_len += NLA_HDRLEN + NLA_ALIGN(sizeof(mb));
512 }
513
514 if (gwj->mod.csumfunc.crc8) {
515 if (nla_put(skb, CGW_CS_CRC8, CGW_CS_CRC8_LEN,
516 &gwj->mod.csum.crc8) < 0)
517 goto cancel;
518 else
519 nlh->nlmsg_len += NLA_HDRLEN + \
520 NLA_ALIGN(CGW_CS_CRC8_LEN);
521 }
522
523 if (gwj->mod.csumfunc.xor) {
524 if (nla_put(skb, CGW_CS_XOR, CGW_CS_XOR_LEN,
525 &gwj->mod.csum.xor) < 0)
526 goto cancel;
527 else
528 nlh->nlmsg_len += NLA_HDRLEN + \
529 NLA_ALIGN(CGW_CS_XOR_LEN);
530 }
531
532 if (gwj->gwtype == CGW_TYPE_CAN_CAN) {
533
534 if (gwj->ccgw.filter.can_id || gwj->ccgw.filter.can_mask) {
535 if (nla_put(skb, CGW_FILTER, sizeof(struct can_filter),
536 &gwj->ccgw.filter) < 0)
537 goto cancel;
538 else
539 nlh->nlmsg_len += NLA_HDRLEN +
540 NLA_ALIGN(sizeof(struct can_filter));
541 }
542
543 if (nla_put_u32(skb, CGW_SRC_IF, gwj->ccgw.src_idx) < 0)
544 goto cancel;
545 else
546 nlh->nlmsg_len += NLA_HDRLEN + NLA_ALIGN(sizeof(u32));
547
548 if (nla_put_u32(skb, CGW_DST_IF, gwj->ccgw.dst_idx) < 0)
549 goto cancel;
550 else
551 nlh->nlmsg_len += NLA_HDRLEN + NLA_ALIGN(sizeof(u32));
552 }
553
554 return skb->len;
555
556cancel:
557 nlmsg_cancel(skb, nlh);
558 return -EMSGSIZE;
559}
560
561/* Dump information about all CAN gateway jobs, in response to RTM_GETROUTE */
562static int cgw_dump_jobs(struct sk_buff *skb, struct netlink_callback *cb)
563{
564 struct cgw_job *gwj = NULL;
565 struct hlist_node *n;
566 int idx = 0;
567 int s_idx = cb->args[0];
568
569 rcu_read_lock();
570 hlist_for_each_entry_rcu(gwj, n, &cgw_list, list) {
571 if (idx < s_idx)
572 goto cont;
573
574 if (cgw_put_job(skb, gwj) < 0)
575 break;
576cont:
577 idx++;
578 }
579 rcu_read_unlock();
580
581 cb->args[0] = idx;
582
583 return skb->len;
584}
585
586/* check for common and gwtype specific attributes */
587static int cgw_parse_attr(struct nlmsghdr *nlh, struct cf_mod *mod,
588 u8 gwtype, void *gwtypeattr)
589{
590 struct nlattr *tb[CGW_MAX+1];
591 struct cgw_frame_mod mb;
592 int modidx = 0;
593 int err = 0;
594
595 /* initialize modification & checksum data space */
596 memset(mod, 0, sizeof(*mod));
597
598 err = nlmsg_parse(nlh, sizeof(struct rtcanmsg), tb, CGW_MAX, NULL);
599 if (err < 0)
600 return err;
601
602 /* check for AND/OR/XOR/SET modifications */
603
604 if (tb[CGW_MOD_AND] &&
605 nla_len(tb[CGW_MOD_AND]) == CGW_MODATTR_LEN) {
606 nla_memcpy(&mb, tb[CGW_MOD_AND], CGW_MODATTR_LEN);
607
608 canframecpy(&mod->modframe.and, &mb.cf);
609 mod->modtype.and = mb.modtype;
610
611 if (mb.modtype & CGW_MOD_ID)
612 mod->modfunc[modidx++] = mod_and_id;
613
614 if (mb.modtype & CGW_MOD_DLC)
615 mod->modfunc[modidx++] = mod_and_dlc;
616
617 if (mb.modtype & CGW_MOD_DATA)
618 mod->modfunc[modidx++] = mod_and_data;
619 }
620
621 if (tb[CGW_MOD_OR] &&
622 nla_len(tb[CGW_MOD_OR]) == CGW_MODATTR_LEN) {
623 nla_memcpy(&mb, tb[CGW_MOD_OR], CGW_MODATTR_LEN);
624
625 canframecpy(&mod->modframe.or, &mb.cf);
626 mod->modtype.or = mb.modtype;
627
628 if (mb.modtype & CGW_MOD_ID)
629 mod->modfunc[modidx++] = mod_or_id;
630
631 if (mb.modtype & CGW_MOD_DLC)
632 mod->modfunc[modidx++] = mod_or_dlc;
633
634 if (mb.modtype & CGW_MOD_DATA)
635 mod->modfunc[modidx++] = mod_or_data;
636 }
637
638 if (tb[CGW_MOD_XOR] &&
639 nla_len(tb[CGW_MOD_XOR]) == CGW_MODATTR_LEN) {
640 nla_memcpy(&mb, tb[CGW_MOD_XOR], CGW_MODATTR_LEN);
641
642 canframecpy(&mod->modframe.xor, &mb.cf);
643 mod->modtype.xor = mb.modtype;
644
645 if (mb.modtype & CGW_MOD_ID)
646 mod->modfunc[modidx++] = mod_xor_id;
647
648 if (mb.modtype & CGW_MOD_DLC)
649 mod->modfunc[modidx++] = mod_xor_dlc;
650
651 if (mb.modtype & CGW_MOD_DATA)
652 mod->modfunc[modidx++] = mod_xor_data;
653 }
654
655 if (tb[CGW_MOD_SET] &&
656 nla_len(tb[CGW_MOD_SET]) == CGW_MODATTR_LEN) {
657 nla_memcpy(&mb, tb[CGW_MOD_SET], CGW_MODATTR_LEN);
658
659 canframecpy(&mod->modframe.set, &mb.cf);
660 mod->modtype.set = mb.modtype;
661
662 if (mb.modtype & CGW_MOD_ID)
663 mod->modfunc[modidx++] = mod_set_id;
664
665 if (mb.modtype & CGW_MOD_DLC)
666 mod->modfunc[modidx++] = mod_set_dlc;
667
668 if (mb.modtype & CGW_MOD_DATA)
669 mod->modfunc[modidx++] = mod_set_data;
670 }
671
672 /* check for checksum operations after CAN frame modifications */
673 if (modidx) {
674
675 if (tb[CGW_CS_CRC8] &&
676 nla_len(tb[CGW_CS_CRC8]) == CGW_CS_CRC8_LEN) {
677
678 struct cgw_csum_crc8 *c = (struct cgw_csum_crc8 *)\
679 nla_data(tb[CGW_CS_CRC8]);
680
681 err = cgw_chk_csum_parms(c->from_idx, c->to_idx,
682 c->result_idx);
683 if (err)
684 return err;
685
686 nla_memcpy(&mod->csum.crc8, tb[CGW_CS_CRC8],
687 CGW_CS_CRC8_LEN);
688
689 /*
690 * select dedicated processing function to reduce
691 * runtime operations in receive hot path.
692 */
693 if (c->from_idx < 0 || c->to_idx < 0 ||
694 c->result_idx < 0)
695 mod->csumfunc.crc8 = cgw_csum_crc8_rel;
696 else if (c->from_idx <= c->to_idx)
697 mod->csumfunc.crc8 = cgw_csum_crc8_pos;
698 else
699 mod->csumfunc.crc8 = cgw_csum_crc8_neg;
700 }
701
702 if (tb[CGW_CS_XOR] &&
703 nla_len(tb[CGW_CS_XOR]) == CGW_CS_XOR_LEN) {
704
705 struct cgw_csum_xor *c = (struct cgw_csum_xor *)\
706 nla_data(tb[CGW_CS_XOR]);
707
708 err = cgw_chk_csum_parms(c->from_idx, c->to_idx,
709 c->result_idx);
710 if (err)
711 return err;
712
713 nla_memcpy(&mod->csum.xor, tb[CGW_CS_XOR],
714 CGW_CS_XOR_LEN);
715
716 /*
717 * select dedicated processing function to reduce
718 * runtime operations in receive hot path.
719 */
720 if (c->from_idx < 0 || c->to_idx < 0 ||
721 c->result_idx < 0)
722 mod->csumfunc.xor = cgw_csum_xor_rel;
723 else if (c->from_idx <= c->to_idx)
724 mod->csumfunc.xor = cgw_csum_xor_pos;
725 else
726 mod->csumfunc.xor = cgw_csum_xor_neg;
727 }
728 }
729
730 if (gwtype == CGW_TYPE_CAN_CAN) {
731
732 /* check CGW_TYPE_CAN_CAN specific attributes */
733
734 struct can_can_gw *ccgw = (struct can_can_gw *)gwtypeattr;
735 memset(ccgw, 0, sizeof(*ccgw));
736
737 /* check for can_filter in attributes */
738 if (tb[CGW_FILTER] &&
739 nla_len(tb[CGW_FILTER]) == sizeof(struct can_filter))
740 nla_memcpy(&ccgw->filter, tb[CGW_FILTER],
741 sizeof(struct can_filter));
742
743 err = -ENODEV;
744
745 /* specifying two interfaces is mandatory */
746 if (!tb[CGW_SRC_IF] || !tb[CGW_DST_IF])
747 return err;
748
749 if (nla_len(tb[CGW_SRC_IF]) == sizeof(u32))
750 nla_memcpy(&ccgw->src_idx, tb[CGW_SRC_IF],
751 sizeof(u32));
752
753 if (nla_len(tb[CGW_DST_IF]) == sizeof(u32))
754 nla_memcpy(&ccgw->dst_idx, tb[CGW_DST_IF],
755 sizeof(u32));
756
757 /* both indices set to 0 for flushing all routing entries */
758 if (!ccgw->src_idx && !ccgw->dst_idx)
759 return 0;
760
761 /* only one index set to 0 is an error */
762 if (!ccgw->src_idx || !ccgw->dst_idx)
763 return err;
764 }
765
766 /* add the checks for other gwtypes here */
767
768 return 0;
769}
770
771static int cgw_create_job(struct sk_buff *skb, struct nlmsghdr *nlh,
772 void *arg)
773{
774 struct rtcanmsg *r;
775 struct cgw_job *gwj;
776 int err = 0;
777
778 if (nlmsg_len(nlh) < sizeof(*r))
779 return -EINVAL;
780
781 r = nlmsg_data(nlh);
782 if (r->can_family != AF_CAN)
783 return -EPFNOSUPPORT;
784
785 /* so far we only support CAN -> CAN routings */
786 if (r->gwtype != CGW_TYPE_CAN_CAN)
787 return -EINVAL;
788
789 gwj = kmem_cache_alloc(cgw_cache, GFP_KERNEL);
790 if (!gwj)
791 return -ENOMEM;
792
793 gwj->handled_frames = 0;
794 gwj->dropped_frames = 0;
795 gwj->flags = r->flags;
796 gwj->gwtype = r->gwtype;
797
798 err = cgw_parse_attr(nlh, &gwj->mod, CGW_TYPE_CAN_CAN, &gwj->ccgw);
799 if (err < 0)
800 goto out;
801
802 err = -ENODEV;
803
804 /* ifindex == 0 is not allowed for job creation */
805 if (!gwj->ccgw.src_idx || !gwj->ccgw.dst_idx)
806 goto out;
807
808 gwj->src.dev = dev_get_by_index(&init_net, gwj->ccgw.src_idx);
809
810 if (!gwj->src.dev)
811 goto out;
812
813 /* check for CAN netdev not using header_ops - see gw_rcv() */
814 if (gwj->src.dev->type != ARPHRD_CAN || gwj->src.dev->header_ops)
815 goto put_src_out;
816
817 gwj->dst.dev = dev_get_by_index(&init_net, gwj->ccgw.dst_idx);
818
819 if (!gwj->dst.dev)
820 goto put_src_out;
821
822 /* check for CAN netdev not using header_ops - see gw_rcv() */
823 if (gwj->dst.dev->type != ARPHRD_CAN || gwj->dst.dev->header_ops)
824 goto put_src_dst_out;
825
826 ASSERT_RTNL();
827
828 err = cgw_register_filter(gwj);
829 if (!err)
830 hlist_add_head_rcu(&gwj->list, &cgw_list);
831
832put_src_dst_out:
833 dev_put(gwj->dst.dev);
834put_src_out:
835 dev_put(gwj->src.dev);
836out:
837 if (err)
838 kmem_cache_free(cgw_cache, gwj);
839
840 return err;
841}
842
843static void cgw_remove_all_jobs(void)
844{
845 struct cgw_job *gwj = NULL;
846 struct hlist_node *n, *nx;
847
848 ASSERT_RTNL();
849
850 hlist_for_each_entry_safe(gwj, n, nx, &cgw_list, list) {
851 hlist_del(&gwj->list);
852 cgw_unregister_filter(gwj);
853 kfree(gwj);
854 }
855}
856
857static int cgw_remove_job(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg)
858{
859 struct cgw_job *gwj = NULL;
860 struct hlist_node *n, *nx;
861 struct rtcanmsg *r;
862 struct cf_mod mod;
863 struct can_can_gw ccgw;
864 int err = 0;
865
866 if (nlmsg_len(nlh) < sizeof(*r))
867 return -EINVAL;
868
869 r = nlmsg_data(nlh);
870 if (r->can_family != AF_CAN)
871 return -EPFNOSUPPORT;
872
873 /* so far we only support CAN -> CAN routings */
874 if (r->gwtype != CGW_TYPE_CAN_CAN)
875 return -EINVAL;
876
877 err = cgw_parse_attr(nlh, &mod, CGW_TYPE_CAN_CAN, &ccgw);
878 if (err < 0)
879 return err;
880
881 /* two interface indices both set to 0 => remove all entries */
882 if (!ccgw.src_idx && !ccgw.dst_idx) {
883 cgw_remove_all_jobs();
884 return 0;
885 }
886
887 err = -EINVAL;
888
889 ASSERT_RTNL();
890
891 /* remove only the first matching entry */
892 hlist_for_each_entry_safe(gwj, n, nx, &cgw_list, list) {
893
894 if (gwj->flags != r->flags)
895 continue;
896
897 if (memcmp(&gwj->mod, &mod, sizeof(mod)))
898 continue;
899
900 /* if (r->gwtype == CGW_TYPE_CAN_CAN) - is made sure here */
901 if (memcmp(&gwj->ccgw, &ccgw, sizeof(ccgw)))
902 continue;
903
904 hlist_del(&gwj->list);
905 cgw_unregister_filter(gwj);
906 kfree(gwj);
907 err = 0;
908 break;
909 }
910
911 return err;
912}
913
914static __init int cgw_module_init(void)
915{
916 printk(banner);
917
918 cgw_cache = kmem_cache_create("can_gw", sizeof(struct cgw_job),
919 0, 0, NULL);
920
921 if (!cgw_cache)
922 return -ENOMEM;
923
924 /* set notifier */
925 notifier.notifier_call = cgw_notifier;
926 register_netdevice_notifier(&notifier);
927
928 if (__rtnl_register(PF_CAN, RTM_GETROUTE, NULL, cgw_dump_jobs, NULL)) {
929 unregister_netdevice_notifier(&notifier);
930 kmem_cache_destroy(cgw_cache);
931 return -ENOBUFS;
932 }
933
934 /* Only the first call to __rtnl_register can fail */
935 __rtnl_register(PF_CAN, RTM_NEWROUTE, cgw_create_job, NULL, NULL);
936 __rtnl_register(PF_CAN, RTM_DELROUTE, cgw_remove_job, NULL, NULL);
937
938 return 0;
939}
940
941static __exit void cgw_module_exit(void)
942{
943 rtnl_unregister_all(PF_CAN);
944
945 unregister_netdevice_notifier(&notifier);
946
947 rtnl_lock();
948 cgw_remove_all_jobs();
949 rtnl_unlock();
950
951 rcu_barrier(); /* Wait for completion of call_rcu()'s */
952
953 kmem_cache_destroy(cgw_cache);
954}
955
956module_init(cgw_module_init);
957module_exit(cgw_module_exit);
diff --git a/net/can/proc.c b/net/can/proc.c
index 0016f7339699..ba873c36d2fd 100644
--- a/net/can/proc.c
+++ b/net/can/proc.c
@@ -37,8 +37,6 @@
37 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH 37 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
38 * DAMAGE. 38 * DAMAGE.
39 * 39 *
40 * Send feedback to <socketcan-users@lists.berlios.de>
41 *
42 */ 40 */
43 41
44#include <linux/module.h> 42#include <linux/module.h>
diff --git a/net/can/raw.c b/net/can/raw.c
index dea99a6e596c..cde1b4a20f75 100644
--- a/net/can/raw.c
+++ b/net/can/raw.c
@@ -37,8 +37,6 @@
37 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH 37 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
38 * DAMAGE. 38 * DAMAGE.
39 * 39 *
40 * Send feedback to <socketcan-users@lists.berlios.de>
41 *
42 */ 40 */
43 41
44#include <linux/module.h> 42#include <linux/module.h>
diff --git a/net/ceph/ceph_common.c b/net/ceph/ceph_common.c
index 132963abc266..2883ea01e680 100644
--- a/net/ceph/ceph_common.c
+++ b/net/ceph/ceph_common.c
@@ -232,6 +232,7 @@ void ceph_destroy_options(struct ceph_options *opt)
232 ceph_crypto_key_destroy(opt->key); 232 ceph_crypto_key_destroy(opt->key);
233 kfree(opt->key); 233 kfree(opt->key);
234 } 234 }
235 kfree(opt->mon_addr);
235 kfree(opt); 236 kfree(opt);
236} 237}
237EXPORT_SYMBOL(ceph_destroy_options); 238EXPORT_SYMBOL(ceph_destroy_options);
diff --git a/net/ceph/messenger.c b/net/ceph/messenger.c
index c340e2e0765b..9918e9eb276e 100644
--- a/net/ceph/messenger.c
+++ b/net/ceph/messenger.c
@@ -2307,6 +2307,7 @@ struct ceph_msg *ceph_msg_new(int type, int front_len, gfp_t flags)
2307 m->front_max = front_len; 2307 m->front_max = front_len;
2308 m->front_is_vmalloc = false; 2308 m->front_is_vmalloc = false;
2309 m->more_to_follow = false; 2309 m->more_to_follow = false;
2310 m->ack_stamp = 0;
2310 m->pool = NULL; 2311 m->pool = NULL;
2311 2312
2312 /* middle */ 2313 /* middle */
diff --git a/net/ceph/msgpool.c b/net/ceph/msgpool.c
index d5f2d97ac05c..1f4cb30a42c5 100644
--- a/net/ceph/msgpool.c
+++ b/net/ceph/msgpool.c
@@ -7,27 +7,37 @@
7 7
8#include <linux/ceph/msgpool.h> 8#include <linux/ceph/msgpool.h>
9 9
10static void *alloc_fn(gfp_t gfp_mask, void *arg) 10static void *msgpool_alloc(gfp_t gfp_mask, void *arg)
11{ 11{
12 struct ceph_msgpool *pool = arg; 12 struct ceph_msgpool *pool = arg;
13 void *p; 13 struct ceph_msg *msg;
14 14
15 p = ceph_msg_new(0, pool->front_len, gfp_mask); 15 msg = ceph_msg_new(0, pool->front_len, gfp_mask);
16 if (!p) 16 if (!msg) {
17 pr_err("msgpool %s alloc failed\n", pool->name); 17 dout("msgpool_alloc %s failed\n", pool->name);
18 return p; 18 } else {
19 dout("msgpool_alloc %s %p\n", pool->name, msg);
20 msg->pool = pool;
21 }
22 return msg;
19} 23}
20 24
21static void free_fn(void *element, void *arg) 25static void msgpool_free(void *element, void *arg)
22{ 26{
23 ceph_msg_put(element); 27 struct ceph_msgpool *pool = arg;
28 struct ceph_msg *msg = element;
29
30 dout("msgpool_release %s %p\n", pool->name, msg);
31 msg->pool = NULL;
32 ceph_msg_put(msg);
24} 33}
25 34
26int ceph_msgpool_init(struct ceph_msgpool *pool, 35int ceph_msgpool_init(struct ceph_msgpool *pool,
27 int front_len, int size, bool blocking, const char *name) 36 int front_len, int size, bool blocking, const char *name)
28{ 37{
38 dout("msgpool %s init\n", name);
29 pool->front_len = front_len; 39 pool->front_len = front_len;
30 pool->pool = mempool_create(size, alloc_fn, free_fn, pool); 40 pool->pool = mempool_create(size, msgpool_alloc, msgpool_free, pool);
31 if (!pool->pool) 41 if (!pool->pool)
32 return -ENOMEM; 42 return -ENOMEM;
33 pool->name = name; 43 pool->name = name;
@@ -36,14 +46,17 @@ int ceph_msgpool_init(struct ceph_msgpool *pool,
36 46
37void ceph_msgpool_destroy(struct ceph_msgpool *pool) 47void ceph_msgpool_destroy(struct ceph_msgpool *pool)
38{ 48{
49 dout("msgpool %s destroy\n", pool->name);
39 mempool_destroy(pool->pool); 50 mempool_destroy(pool->pool);
40} 51}
41 52
42struct ceph_msg *ceph_msgpool_get(struct ceph_msgpool *pool, 53struct ceph_msg *ceph_msgpool_get(struct ceph_msgpool *pool,
43 int front_len) 54 int front_len)
44{ 55{
56 struct ceph_msg *msg;
57
45 if (front_len > pool->front_len) { 58 if (front_len > pool->front_len) {
46 pr_err("msgpool_get pool %s need front %d, pool size is %d\n", 59 dout("msgpool_get %s need front %d, pool size is %d\n",
47 pool->name, front_len, pool->front_len); 60 pool->name, front_len, pool->front_len);
48 WARN_ON(1); 61 WARN_ON(1);
49 62
@@ -51,14 +64,19 @@ struct ceph_msg *ceph_msgpool_get(struct ceph_msgpool *pool,
51 return ceph_msg_new(0, front_len, GFP_NOFS); 64 return ceph_msg_new(0, front_len, GFP_NOFS);
52 } 65 }
53 66
54 return mempool_alloc(pool->pool, GFP_NOFS); 67 msg = mempool_alloc(pool->pool, GFP_NOFS);
68 dout("msgpool_get %s %p\n", pool->name, msg);
69 return msg;
55} 70}
56 71
57void ceph_msgpool_put(struct ceph_msgpool *pool, struct ceph_msg *msg) 72void ceph_msgpool_put(struct ceph_msgpool *pool, struct ceph_msg *msg)
58{ 73{
74 dout("msgpool_put %s %p\n", pool->name, msg);
75
59 /* reset msg front_len; user may have changed it */ 76 /* reset msg front_len; user may have changed it */
60 msg->front.iov_len = pool->front_len; 77 msg->front.iov_len = pool->front_len;
61 msg->hdr.front_len = cpu_to_le32(pool->front_len); 78 msg->hdr.front_len = cpu_to_le32(pool->front_len);
62 79
63 kref_init(&msg->kref); /* retake single ref */ 80 kref_init(&msg->kref); /* retake single ref */
81 mempool_free(msg, pool->pool);
64} 82}
diff --git a/net/ceph/osd_client.c b/net/ceph/osd_client.c
index ce310eee708d..88ad8a2501b5 100644
--- a/net/ceph/osd_client.c
+++ b/net/ceph/osd_client.c
@@ -217,6 +217,7 @@ struct ceph_osd_request *ceph_osdc_alloc_request(struct ceph_osd_client *osdc,
217 INIT_LIST_HEAD(&req->r_unsafe_item); 217 INIT_LIST_HEAD(&req->r_unsafe_item);
218 INIT_LIST_HEAD(&req->r_linger_item); 218 INIT_LIST_HEAD(&req->r_linger_item);
219 INIT_LIST_HEAD(&req->r_linger_osd); 219 INIT_LIST_HEAD(&req->r_linger_osd);
220 INIT_LIST_HEAD(&req->r_req_lru_item);
220 req->r_flags = flags; 221 req->r_flags = flags;
221 222
222 WARN_ON((flags & (CEPH_OSD_FLAG_READ|CEPH_OSD_FLAG_WRITE)) == 0); 223 WARN_ON((flags & (CEPH_OSD_FLAG_READ|CEPH_OSD_FLAG_WRITE)) == 0);
@@ -685,6 +686,18 @@ static void __remove_osd(struct ceph_osd_client *osdc, struct ceph_osd *osd)
685 put_osd(osd); 686 put_osd(osd);
686} 687}
687 688
689static void remove_all_osds(struct ceph_osd_client *osdc)
690{
691 dout("__remove_old_osds %p\n", osdc);
692 mutex_lock(&osdc->request_mutex);
693 while (!RB_EMPTY_ROOT(&osdc->osds)) {
694 struct ceph_osd *osd = rb_entry(rb_first(&osdc->osds),
695 struct ceph_osd, o_node);
696 __remove_osd(osdc, osd);
697 }
698 mutex_unlock(&osdc->request_mutex);
699}
700
688static void __move_osd_to_lru(struct ceph_osd_client *osdc, 701static void __move_osd_to_lru(struct ceph_osd_client *osdc,
689 struct ceph_osd *osd) 702 struct ceph_osd *osd)
690{ 703{
@@ -701,14 +714,14 @@ static void __remove_osd_from_lru(struct ceph_osd *osd)
701 list_del_init(&osd->o_osd_lru); 714 list_del_init(&osd->o_osd_lru);
702} 715}
703 716
704static void remove_old_osds(struct ceph_osd_client *osdc, int remove_all) 717static void remove_old_osds(struct ceph_osd_client *osdc)
705{ 718{
706 struct ceph_osd *osd, *nosd; 719 struct ceph_osd *osd, *nosd;
707 720
708 dout("__remove_old_osds %p\n", osdc); 721 dout("__remove_old_osds %p\n", osdc);
709 mutex_lock(&osdc->request_mutex); 722 mutex_lock(&osdc->request_mutex);
710 list_for_each_entry_safe(osd, nosd, &osdc->osd_lru, o_osd_lru) { 723 list_for_each_entry_safe(osd, nosd, &osdc->osd_lru, o_osd_lru) {
711 if (!remove_all && time_before(jiffies, osd->lru_ttl)) 724 if (time_before(jiffies, osd->lru_ttl))
712 break; 725 break;
713 __remove_osd(osdc, osd); 726 __remove_osd(osdc, osd);
714 } 727 }
@@ -751,6 +764,7 @@ static void __insert_osd(struct ceph_osd_client *osdc, struct ceph_osd *new)
751 struct rb_node *parent = NULL; 764 struct rb_node *parent = NULL;
752 struct ceph_osd *osd = NULL; 765 struct ceph_osd *osd = NULL;
753 766
767 dout("__insert_osd %p osd%d\n", new, new->o_osd);
754 while (*p) { 768 while (*p) {
755 parent = *p; 769 parent = *p;
756 osd = rb_entry(parent, struct ceph_osd, o_node); 770 osd = rb_entry(parent, struct ceph_osd, o_node);
@@ -803,13 +817,10 @@ static void __register_request(struct ceph_osd_client *osdc,
803{ 817{
804 req->r_tid = ++osdc->last_tid; 818 req->r_tid = ++osdc->last_tid;
805 req->r_request->hdr.tid = cpu_to_le64(req->r_tid); 819 req->r_request->hdr.tid = cpu_to_le64(req->r_tid);
806 INIT_LIST_HEAD(&req->r_req_lru_item);
807
808 dout("__register_request %p tid %lld\n", req, req->r_tid); 820 dout("__register_request %p tid %lld\n", req, req->r_tid);
809 __insert_request(osdc, req); 821 __insert_request(osdc, req);
810 ceph_osdc_get_request(req); 822 ceph_osdc_get_request(req);
811 osdc->num_requests++; 823 osdc->num_requests++;
812
813 if (osdc->num_requests == 1) { 824 if (osdc->num_requests == 1) {
814 dout(" first request, scheduling timeout\n"); 825 dout(" first request, scheduling timeout\n");
815 __schedule_osd_timeout(osdc); 826 __schedule_osd_timeout(osdc);
@@ -1144,7 +1155,7 @@ static void handle_osds_timeout(struct work_struct *work)
1144 1155
1145 dout("osds timeout\n"); 1156 dout("osds timeout\n");
1146 down_read(&osdc->map_sem); 1157 down_read(&osdc->map_sem);
1147 remove_old_osds(osdc, 0); 1158 remove_old_osds(osdc);
1148 up_read(&osdc->map_sem); 1159 up_read(&osdc->map_sem);
1149 1160
1150 schedule_delayed_work(&osdc->osds_timeout_work, 1161 schedule_delayed_work(&osdc->osds_timeout_work,
@@ -1862,8 +1873,7 @@ void ceph_osdc_stop(struct ceph_osd_client *osdc)
1862 ceph_osdmap_destroy(osdc->osdmap); 1873 ceph_osdmap_destroy(osdc->osdmap);
1863 osdc->osdmap = NULL; 1874 osdc->osdmap = NULL;
1864 } 1875 }
1865 remove_old_osds(osdc, 1); 1876 remove_all_osds(osdc);
1866 WARN_ON(!RB_EMPTY_ROOT(&osdc->osds));
1867 mempool_destroy(osdc->req_mempool); 1877 mempool_destroy(osdc->req_mempool);
1868 ceph_msgpool_destroy(&osdc->msgpool_op); 1878 ceph_msgpool_destroy(&osdc->msgpool_op);
1869 ceph_msgpool_destroy(&osdc->msgpool_op_reply); 1879 ceph_msgpool_destroy(&osdc->msgpool_op_reply);
diff --git a/net/ceph/osdmap.c b/net/ceph/osdmap.c
index e97c3588c3ec..fd863fe76934 100644
--- a/net/ceph/osdmap.c
+++ b/net/ceph/osdmap.c
@@ -339,6 +339,7 @@ static int __insert_pg_mapping(struct ceph_pg_mapping *new,
339 struct ceph_pg_mapping *pg = NULL; 339 struct ceph_pg_mapping *pg = NULL;
340 int c; 340 int c;
341 341
342 dout("__insert_pg_mapping %llx %p\n", *(u64 *)&new->pgid, new);
342 while (*p) { 343 while (*p) {
343 parent = *p; 344 parent = *p;
344 pg = rb_entry(parent, struct ceph_pg_mapping, node); 345 pg = rb_entry(parent, struct ceph_pg_mapping, node);
@@ -366,16 +367,33 @@ static struct ceph_pg_mapping *__lookup_pg_mapping(struct rb_root *root,
366 while (n) { 367 while (n) {
367 pg = rb_entry(n, struct ceph_pg_mapping, node); 368 pg = rb_entry(n, struct ceph_pg_mapping, node);
368 c = pgid_cmp(pgid, pg->pgid); 369 c = pgid_cmp(pgid, pg->pgid);
369 if (c < 0) 370 if (c < 0) {
370 n = n->rb_left; 371 n = n->rb_left;
371 else if (c > 0) 372 } else if (c > 0) {
372 n = n->rb_right; 373 n = n->rb_right;
373 else 374 } else {
375 dout("__lookup_pg_mapping %llx got %p\n",
376 *(u64 *)&pgid, pg);
374 return pg; 377 return pg;
378 }
375 } 379 }
376 return NULL; 380 return NULL;
377} 381}
378 382
383static int __remove_pg_mapping(struct rb_root *root, struct ceph_pg pgid)
384{
385 struct ceph_pg_mapping *pg = __lookup_pg_mapping(root, pgid);
386
387 if (pg) {
388 dout("__remove_pg_mapping %llx %p\n", *(u64 *)&pgid, pg);
389 rb_erase(&pg->node, root);
390 kfree(pg);
391 return 0;
392 }
393 dout("__remove_pg_mapping %llx dne\n", *(u64 *)&pgid);
394 return -ENOENT;
395}
396
379/* 397/*
380 * rbtree of pg pool info 398 * rbtree of pg pool info
381 */ 399 */
@@ -711,7 +729,6 @@ struct ceph_osdmap *osdmap_apply_incremental(void **p, void *end,
711 void *start = *p; 729 void *start = *p;
712 int err = -EINVAL; 730 int err = -EINVAL;
713 u16 version; 731 u16 version;
714 struct rb_node *rbp;
715 732
716 ceph_decode_16_safe(p, end, version, bad); 733 ceph_decode_16_safe(p, end, version, bad);
717 if (version > CEPH_OSDMAP_INC_VERSION) { 734 if (version > CEPH_OSDMAP_INC_VERSION) {
@@ -861,7 +878,6 @@ struct ceph_osdmap *osdmap_apply_incremental(void **p, void *end,
861 } 878 }
862 879
863 /* new_pg_temp */ 880 /* new_pg_temp */
864 rbp = rb_first(&map->pg_temp);
865 ceph_decode_32_safe(p, end, len, bad); 881 ceph_decode_32_safe(p, end, len, bad);
866 while (len--) { 882 while (len--) {
867 struct ceph_pg_mapping *pg; 883 struct ceph_pg_mapping *pg;
@@ -872,18 +888,6 @@ struct ceph_osdmap *osdmap_apply_incremental(void **p, void *end,
872 ceph_decode_copy(p, &pgid, sizeof(pgid)); 888 ceph_decode_copy(p, &pgid, sizeof(pgid));
873 pglen = ceph_decode_32(p); 889 pglen = ceph_decode_32(p);
874 890
875 /* remove any? */
876 while (rbp && pgid_cmp(rb_entry(rbp, struct ceph_pg_mapping,
877 node)->pgid, pgid) <= 0) {
878 struct ceph_pg_mapping *cur =
879 rb_entry(rbp, struct ceph_pg_mapping, node);
880
881 rbp = rb_next(rbp);
882 dout(" removed pg_temp %llx\n", *(u64 *)&cur->pgid);
883 rb_erase(&cur->node, &map->pg_temp);
884 kfree(cur);
885 }
886
887 if (pglen) { 891 if (pglen) {
888 /* insert */ 892 /* insert */
889 ceph_decode_need(p, end, pglen*sizeof(u32), bad); 893 ceph_decode_need(p, end, pglen*sizeof(u32), bad);
@@ -903,17 +907,11 @@ struct ceph_osdmap *osdmap_apply_incremental(void **p, void *end,
903 } 907 }
904 dout(" added pg_temp %llx len %d\n", *(u64 *)&pgid, 908 dout(" added pg_temp %llx len %d\n", *(u64 *)&pgid,
905 pglen); 909 pglen);
910 } else {
911 /* remove */
912 __remove_pg_mapping(&map->pg_temp, pgid);
906 } 913 }
907 } 914 }
908 while (rbp) {
909 struct ceph_pg_mapping *cur =
910 rb_entry(rbp, struct ceph_pg_mapping, node);
911
912 rbp = rb_next(rbp);
913 dout(" removed pg_temp %llx\n", *(u64 *)&cur->pgid);
914 rb_erase(&cur->node, &map->pg_temp);
915 kfree(cur);
916 }
917 915
918 /* ignore the rest */ 916 /* ignore the rest */
919 *p = end; 917 *p = end;
@@ -1046,10 +1044,25 @@ static int *calc_pg_raw(struct ceph_osdmap *osdmap, struct ceph_pg pgid,
1046 struct ceph_pg_mapping *pg; 1044 struct ceph_pg_mapping *pg;
1047 struct ceph_pg_pool_info *pool; 1045 struct ceph_pg_pool_info *pool;
1048 int ruleno; 1046 int ruleno;
1049 unsigned poolid, ps, pps; 1047 unsigned poolid, ps, pps, t;
1050 int preferred; 1048 int preferred;
1051 1049
1050 poolid = le32_to_cpu(pgid.pool);
1051 ps = le16_to_cpu(pgid.ps);
1052 preferred = (s16)le16_to_cpu(pgid.preferred);
1053
1054 pool = __lookup_pg_pool(&osdmap->pg_pools, poolid);
1055 if (!pool)
1056 return NULL;
1057
1052 /* pg_temp? */ 1058 /* pg_temp? */
1059 if (preferred >= 0)
1060 t = ceph_stable_mod(ps, le32_to_cpu(pool->v.lpg_num),
1061 pool->lpgp_num_mask);
1062 else
1063 t = ceph_stable_mod(ps, le32_to_cpu(pool->v.pg_num),
1064 pool->pgp_num_mask);
1065 pgid.ps = cpu_to_le16(t);
1053 pg = __lookup_pg_mapping(&osdmap->pg_temp, pgid); 1066 pg = __lookup_pg_mapping(&osdmap->pg_temp, pgid);
1054 if (pg) { 1067 if (pg) {
1055 *num = pg->len; 1068 *num = pg->len;
@@ -1057,18 +1070,6 @@ static int *calc_pg_raw(struct ceph_osdmap *osdmap, struct ceph_pg pgid,
1057 } 1070 }
1058 1071
1059 /* crush */ 1072 /* crush */
1060 poolid = le32_to_cpu(pgid.pool);
1061 ps = le16_to_cpu(pgid.ps);
1062 preferred = (s16)le16_to_cpu(pgid.preferred);
1063
1064 /* don't forcefeed bad device ids to crush */
1065 if (preferred >= osdmap->max_osd ||
1066 preferred >= osdmap->crush->max_devices)
1067 preferred = -1;
1068
1069 pool = __lookup_pg_pool(&osdmap->pg_pools, poolid);
1070 if (!pool)
1071 return NULL;
1072 ruleno = crush_find_rule(osdmap->crush, pool->v.crush_ruleset, 1073 ruleno = crush_find_rule(osdmap->crush, pool->v.crush_ruleset,
1073 pool->v.type, pool->v.size); 1074 pool->v.type, pool->v.size);
1074 if (ruleno < 0) { 1075 if (ruleno < 0) {
@@ -1078,6 +1079,11 @@ static int *calc_pg_raw(struct ceph_osdmap *osdmap, struct ceph_pg pgid,
1078 return NULL; 1079 return NULL;
1079 } 1080 }
1080 1081
1082 /* don't forcefeed bad device ids to crush */
1083 if (preferred >= osdmap->max_osd ||
1084 preferred >= osdmap->crush->max_devices)
1085 preferred = -1;
1086
1081 if (preferred >= 0) 1087 if (preferred >= 0)
1082 pps = ceph_stable_mod(ps, 1088 pps = ceph_stable_mod(ps,
1083 le32_to_cpu(pool->v.lpgp_num), 1089 le32_to_cpu(pool->v.lpgp_num),
diff --git a/net/core/Makefile b/net/core/Makefile
index 8a04dd22cf77..0d357b1c4e57 100644
--- a/net/core/Makefile
+++ b/net/core/Makefile
@@ -3,7 +3,7 @@
3# 3#
4 4
5obj-y := sock.o request_sock.o skbuff.o iovec.o datagram.o stream.o scm.o \ 5obj-y := sock.o request_sock.o skbuff.o iovec.o datagram.o stream.o scm.o \
6 gen_stats.o gen_estimator.o net_namespace.o 6 gen_stats.o gen_estimator.o net_namespace.o secure_seq.o
7 7
8obj-$(CONFIG_SYSCTL) += sysctl_net_core.o 8obj-$(CONFIG_SYSCTL) += sysctl_net_core.o
9 9
diff --git a/net/core/datagram.c b/net/core/datagram.c
index 18ac112ea7ae..68bbf9f65cb0 100644
--- a/net/core/datagram.c
+++ b/net/core/datagram.c
@@ -324,15 +324,15 @@ int skb_copy_datagram_iovec(const struct sk_buff *skb, int offset,
324 /* Copy paged appendix. Hmm... why does this look so complicated? */ 324 /* Copy paged appendix. Hmm... why does this look so complicated? */
325 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) { 325 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
326 int end; 326 int end;
327 const skb_frag_t *frag = &skb_shinfo(skb)->frags[i];
327 328
328 WARN_ON(start > offset + len); 329 WARN_ON(start > offset + len);
329 330
330 end = start + skb_shinfo(skb)->frags[i].size; 331 end = start + skb_frag_size(frag);
331 if ((copy = end - offset) > 0) { 332 if ((copy = end - offset) > 0) {
332 int err; 333 int err;
333 u8 *vaddr; 334 u8 *vaddr;
334 skb_frag_t *frag = &skb_shinfo(skb)->frags[i]; 335 struct page *page = skb_frag_page(frag);
335 struct page *page = frag->page;
336 336
337 if (copy > len) 337 if (copy > len)
338 copy = len; 338 copy = len;
@@ -410,15 +410,15 @@ int skb_copy_datagram_const_iovec(const struct sk_buff *skb, int offset,
410 /* Copy paged appendix. Hmm... why does this look so complicated? */ 410 /* Copy paged appendix. Hmm... why does this look so complicated? */
411 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) { 411 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
412 int end; 412 int end;
413 const skb_frag_t *frag = &skb_shinfo(skb)->frags[i];
413 414
414 WARN_ON(start > offset + len); 415 WARN_ON(start > offset + len);
415 416
416 end = start + skb_shinfo(skb)->frags[i].size; 417 end = start + skb_frag_size(frag);
417 if ((copy = end - offset) > 0) { 418 if ((copy = end - offset) > 0) {
418 int err; 419 int err;
419 u8 *vaddr; 420 u8 *vaddr;
420 skb_frag_t *frag = &skb_shinfo(skb)->frags[i]; 421 struct page *page = skb_frag_page(frag);
421 struct page *page = frag->page;
422 422
423 if (copy > len) 423 if (copy > len)
424 copy = len; 424 copy = len;
@@ -500,15 +500,15 @@ int skb_copy_datagram_from_iovec(struct sk_buff *skb, int offset,
500 /* Copy paged appendix. Hmm... why does this look so complicated? */ 500 /* Copy paged appendix. Hmm... why does this look so complicated? */
501 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) { 501 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
502 int end; 502 int end;
503 const skb_frag_t *frag = &skb_shinfo(skb)->frags[i];
503 504
504 WARN_ON(start > offset + len); 505 WARN_ON(start > offset + len);
505 506
506 end = start + skb_shinfo(skb)->frags[i].size; 507 end = start + skb_frag_size(frag);
507 if ((copy = end - offset) > 0) { 508 if ((copy = end - offset) > 0) {
508 int err; 509 int err;
509 u8 *vaddr; 510 u8 *vaddr;
510 skb_frag_t *frag = &skb_shinfo(skb)->frags[i]; 511 struct page *page = skb_frag_page(frag);
511 struct page *page = frag->page;
512 512
513 if (copy > len) 513 if (copy > len)
514 copy = len; 514 copy = len;
@@ -585,16 +585,16 @@ static int skb_copy_and_csum_datagram(const struct sk_buff *skb, int offset,
585 585
586 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) { 586 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
587 int end; 587 int end;
588 const skb_frag_t *frag = &skb_shinfo(skb)->frags[i];
588 589
589 WARN_ON(start > offset + len); 590 WARN_ON(start > offset + len);
590 591
591 end = start + skb_shinfo(skb)->frags[i].size; 592 end = start + skb_frag_size(frag);
592 if ((copy = end - offset) > 0) { 593 if ((copy = end - offset) > 0) {
593 __wsum csum2; 594 __wsum csum2;
594 int err = 0; 595 int err = 0;
595 u8 *vaddr; 596 u8 *vaddr;
596 skb_frag_t *frag = &skb_shinfo(skb)->frags[i]; 597 struct page *page = skb_frag_page(frag);
597 struct page *page = frag->page;
598 598
599 if (copy > len) 599 if (copy > len)
600 copy = len; 600 copy = len;
diff --git a/net/core/dev.c b/net/core/dev.c
index 17d67b579beb..6ba50a1e404c 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -133,6 +133,10 @@
133#include <linux/pci.h> 133#include <linux/pci.h>
134#include <linux/inetdevice.h> 134#include <linux/inetdevice.h>
135#include <linux/cpu_rmap.h> 135#include <linux/cpu_rmap.h>
136#include <linux/if_tunnel.h>
137#include <linux/if_pppox.h>
138#include <linux/ppp_defs.h>
139#include <linux/net_tstamp.h>
136 140
137#include "net-sysfs.h" 141#include "net-sysfs.h"
138 142
@@ -1474,6 +1478,57 @@ static inline void net_timestamp_check(struct sk_buff *skb)
1474 __net_timestamp(skb); 1478 __net_timestamp(skb);
1475} 1479}
1476 1480
1481static int net_hwtstamp_validate(struct ifreq *ifr)
1482{
1483 struct hwtstamp_config cfg;
1484 enum hwtstamp_tx_types tx_type;
1485 enum hwtstamp_rx_filters rx_filter;
1486 int tx_type_valid = 0;
1487 int rx_filter_valid = 0;
1488
1489 if (copy_from_user(&cfg, ifr->ifr_data, sizeof(cfg)))
1490 return -EFAULT;
1491
1492 if (cfg.flags) /* reserved for future extensions */
1493 return -EINVAL;
1494
1495 tx_type = cfg.tx_type;
1496 rx_filter = cfg.rx_filter;
1497
1498 switch (tx_type) {
1499 case HWTSTAMP_TX_OFF:
1500 case HWTSTAMP_TX_ON:
1501 case HWTSTAMP_TX_ONESTEP_SYNC:
1502 tx_type_valid = 1;
1503 break;
1504 }
1505
1506 switch (rx_filter) {
1507 case HWTSTAMP_FILTER_NONE:
1508 case HWTSTAMP_FILTER_ALL:
1509 case HWTSTAMP_FILTER_SOME:
1510 case HWTSTAMP_FILTER_PTP_V1_L4_EVENT:
1511 case HWTSTAMP_FILTER_PTP_V1_L4_SYNC:
1512 case HWTSTAMP_FILTER_PTP_V1_L4_DELAY_REQ:
1513 case HWTSTAMP_FILTER_PTP_V2_L4_EVENT:
1514 case HWTSTAMP_FILTER_PTP_V2_L4_SYNC:
1515 case HWTSTAMP_FILTER_PTP_V2_L4_DELAY_REQ:
1516 case HWTSTAMP_FILTER_PTP_V2_L2_EVENT:
1517 case HWTSTAMP_FILTER_PTP_V2_L2_SYNC:
1518 case HWTSTAMP_FILTER_PTP_V2_L2_DELAY_REQ:
1519 case HWTSTAMP_FILTER_PTP_V2_EVENT:
1520 case HWTSTAMP_FILTER_PTP_V2_SYNC:
1521 case HWTSTAMP_FILTER_PTP_V2_DELAY_REQ:
1522 rx_filter_valid = 1;
1523 break;
1524 }
1525
1526 if (!tx_type_valid || !rx_filter_valid)
1527 return -ERANGE;
1528
1529 return 0;
1530}
1531
1477static inline bool is_skb_forwardable(struct net_device *dev, 1532static inline bool is_skb_forwardable(struct net_device *dev,
1478 struct sk_buff *skb) 1533 struct sk_buff *skb)
1479{ 1534{
@@ -1515,6 +1570,14 @@ static inline bool is_skb_forwardable(struct net_device *dev,
1515 */ 1570 */
1516int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) 1571int dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
1517{ 1572{
1573 if (skb_shinfo(skb)->tx_flags & SKBTX_DEV_ZEROCOPY) {
1574 if (skb_copy_ubufs(skb, GFP_ATOMIC)) {
1575 atomic_long_inc(&dev->rx_dropped);
1576 kfree_skb(skb);
1577 return NET_RX_DROP;
1578 }
1579 }
1580
1518 skb_orphan(skb); 1581 skb_orphan(skb);
1519 nf_reset(skb); 1582 nf_reset(skb);
1520 1583
@@ -1947,9 +2010,11 @@ static int illegal_highdma(struct net_device *dev, struct sk_buff *skb)
1947#ifdef CONFIG_HIGHMEM 2010#ifdef CONFIG_HIGHMEM
1948 int i; 2011 int i;
1949 if (!(dev->features & NETIF_F_HIGHDMA)) { 2012 if (!(dev->features & NETIF_F_HIGHDMA)) {
1950 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) 2013 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
1951 if (PageHighMem(skb_shinfo(skb)->frags[i].page)) 2014 skb_frag_t *frag = &skb_shinfo(skb)->frags[i];
2015 if (PageHighMem(skb_frag_page(frag)))
1952 return 1; 2016 return 1;
2017 }
1953 } 2018 }
1954 2019
1955 if (PCI_DMA_BUS_IS_PHYS) { 2020 if (PCI_DMA_BUS_IS_PHYS) {
@@ -1958,7 +2023,8 @@ static int illegal_highdma(struct net_device *dev, struct sk_buff *skb)
1958 if (!pdev) 2023 if (!pdev)
1959 return 0; 2024 return 0;
1960 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) { 2025 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
1961 dma_addr_t addr = page_to_phys(skb_shinfo(skb)->frags[i].page); 2026 skb_frag_t *frag = &skb_shinfo(skb)->frags[i];
2027 dma_addr_t addr = page_to_phys(skb_frag_page(frag));
1962 if (!pdev->dma_mask || addr + PAGE_SIZE - 1 > *pdev->dma_mask) 2028 if (!pdev->dma_mask || addr + PAGE_SIZE - 1 > *pdev->dma_mask)
1963 return 1; 2029 return 1;
1964 } 2030 }
@@ -2519,25 +2585,31 @@ static inline void ____napi_schedule(struct softnet_data *sd,
2519 2585
2520/* 2586/*
2521 * __skb_get_rxhash: calculate a flow hash based on src/dst addresses 2587 * __skb_get_rxhash: calculate a flow hash based on src/dst addresses
2522 * and src/dst port numbers. Returns a non-zero hash number on success 2588 * and src/dst port numbers. Sets rxhash in skb to non-zero hash value
2523 * and 0 on failure. 2589 * on success, zero indicates no valid hash. Also, sets l4_rxhash in skb
2590 * if hash is a canonical 4-tuple hash over transport ports.
2524 */ 2591 */
2525__u32 __skb_get_rxhash(struct sk_buff *skb) 2592void __skb_get_rxhash(struct sk_buff *skb)
2526{ 2593{
2527 int nhoff, hash = 0, poff; 2594 int nhoff, hash = 0, poff;
2528 const struct ipv6hdr *ip6; 2595 const struct ipv6hdr *ip6;
2529 const struct iphdr *ip; 2596 const struct iphdr *ip;
2597 const struct vlan_hdr *vlan;
2530 u8 ip_proto; 2598 u8 ip_proto;
2531 u32 addr1, addr2, ihl; 2599 u32 addr1, addr2;
2600 u16 proto;
2532 union { 2601 union {
2533 u32 v32; 2602 u32 v32;
2534 u16 v16[2]; 2603 u16 v16[2];
2535 } ports; 2604 } ports;
2536 2605
2537 nhoff = skb_network_offset(skb); 2606 nhoff = skb_network_offset(skb);
2607 proto = skb->protocol;
2538 2608
2539 switch (skb->protocol) { 2609again:
2610 switch (proto) {
2540 case __constant_htons(ETH_P_IP): 2611 case __constant_htons(ETH_P_IP):
2612ip:
2541 if (!pskb_may_pull(skb, sizeof(*ip) + nhoff)) 2613 if (!pskb_may_pull(skb, sizeof(*ip) + nhoff))
2542 goto done; 2614 goto done;
2543 2615
@@ -2548,9 +2620,10 @@ __u32 __skb_get_rxhash(struct sk_buff *skb)
2548 ip_proto = ip->protocol; 2620 ip_proto = ip->protocol;
2549 addr1 = (__force u32) ip->saddr; 2621 addr1 = (__force u32) ip->saddr;
2550 addr2 = (__force u32) ip->daddr; 2622 addr2 = (__force u32) ip->daddr;
2551 ihl = ip->ihl; 2623 nhoff += ip->ihl * 4;
2552 break; 2624 break;
2553 case __constant_htons(ETH_P_IPV6): 2625 case __constant_htons(ETH_P_IPV6):
2626ipv6:
2554 if (!pskb_may_pull(skb, sizeof(*ip6) + nhoff)) 2627 if (!pskb_may_pull(skb, sizeof(*ip6) + nhoff))
2555 goto done; 2628 goto done;
2556 2629
@@ -2558,20 +2631,71 @@ __u32 __skb_get_rxhash(struct sk_buff *skb)
2558 ip_proto = ip6->nexthdr; 2631 ip_proto = ip6->nexthdr;
2559 addr1 = (__force u32) ip6->saddr.s6_addr32[3]; 2632 addr1 = (__force u32) ip6->saddr.s6_addr32[3];
2560 addr2 = (__force u32) ip6->daddr.s6_addr32[3]; 2633 addr2 = (__force u32) ip6->daddr.s6_addr32[3];
2561 ihl = (40 >> 2); 2634 nhoff += 40;
2562 break; 2635 break;
2636 case __constant_htons(ETH_P_8021Q):
2637 if (!pskb_may_pull(skb, sizeof(*vlan) + nhoff))
2638 goto done;
2639 vlan = (const struct vlan_hdr *) (skb->data + nhoff);
2640 proto = vlan->h_vlan_encapsulated_proto;
2641 nhoff += sizeof(*vlan);
2642 goto again;
2643 case __constant_htons(ETH_P_PPP_SES):
2644 if (!pskb_may_pull(skb, PPPOE_SES_HLEN + nhoff))
2645 goto done;
2646 proto = *((__be16 *) (skb->data + nhoff +
2647 sizeof(struct pppoe_hdr)));
2648 nhoff += PPPOE_SES_HLEN;
2649 switch (proto) {
2650 case __constant_htons(PPP_IP):
2651 goto ip;
2652 case __constant_htons(PPP_IPV6):
2653 goto ipv6;
2654 default:
2655 goto done;
2656 }
2563 default: 2657 default:
2564 goto done; 2658 goto done;
2565 } 2659 }
2566 2660
2661 switch (ip_proto) {
2662 case IPPROTO_GRE:
2663 if (pskb_may_pull(skb, nhoff + 16)) {
2664 u8 *h = skb->data + nhoff;
2665 __be16 flags = *(__be16 *)h;
2666
2667 /*
2668 * Only look inside GRE if version zero and no
2669 * routing
2670 */
2671 if (!(flags & (GRE_VERSION|GRE_ROUTING))) {
2672 proto = *(__be16 *)(h + 2);
2673 nhoff += 4;
2674 if (flags & GRE_CSUM)
2675 nhoff += 4;
2676 if (flags & GRE_KEY)
2677 nhoff += 4;
2678 if (flags & GRE_SEQ)
2679 nhoff += 4;
2680 goto again;
2681 }
2682 }
2683 break;
2684 case IPPROTO_IPIP:
2685 goto again;
2686 default:
2687 break;
2688 }
2689
2567 ports.v32 = 0; 2690 ports.v32 = 0;
2568 poff = proto_ports_offset(ip_proto); 2691 poff = proto_ports_offset(ip_proto);
2569 if (poff >= 0) { 2692 if (poff >= 0) {
2570 nhoff += ihl * 4 + poff; 2693 nhoff += poff;
2571 if (pskb_may_pull(skb, nhoff + 4)) { 2694 if (pskb_may_pull(skb, nhoff + 4)) {
2572 ports.v32 = * (__force u32 *) (skb->data + nhoff); 2695 ports.v32 = * (__force u32 *) (skb->data + nhoff);
2573 if (ports.v16[1] < ports.v16[0]) 2696 if (ports.v16[1] < ports.v16[0])
2574 swap(ports.v16[0], ports.v16[1]); 2697 swap(ports.v16[0], ports.v16[1]);
2698 skb->l4_rxhash = 1;
2575 } 2699 }
2576 } 2700 }
2577 2701
@@ -2584,7 +2708,7 @@ __u32 __skb_get_rxhash(struct sk_buff *skb)
2584 hash = 1; 2708 hash = 1;
2585 2709
2586done: 2710done:
2587 return hash; 2711 skb->rxhash = hash;
2588} 2712}
2589EXPORT_SYMBOL(__skb_get_rxhash); 2713EXPORT_SYMBOL(__skb_get_rxhash);
2590 2714
@@ -2598,10 +2722,7 @@ static struct rps_dev_flow *
2598set_rps_cpu(struct net_device *dev, struct sk_buff *skb, 2722set_rps_cpu(struct net_device *dev, struct sk_buff *skb,
2599 struct rps_dev_flow *rflow, u16 next_cpu) 2723 struct rps_dev_flow *rflow, u16 next_cpu)
2600{ 2724{
2601 u16 tcpu; 2725 if (next_cpu != RPS_NO_CPU) {
2602
2603 tcpu = rflow->cpu = next_cpu;
2604 if (tcpu != RPS_NO_CPU) {
2605#ifdef CONFIG_RFS_ACCEL 2726#ifdef CONFIG_RFS_ACCEL
2606 struct netdev_rx_queue *rxqueue; 2727 struct netdev_rx_queue *rxqueue;
2607 struct rps_dev_flow_table *flow_table; 2728 struct rps_dev_flow_table *flow_table;
@@ -2629,16 +2750,16 @@ set_rps_cpu(struct net_device *dev, struct sk_buff *skb,
2629 goto out; 2750 goto out;
2630 old_rflow = rflow; 2751 old_rflow = rflow;
2631 rflow = &flow_table->flows[flow_id]; 2752 rflow = &flow_table->flows[flow_id];
2632 rflow->cpu = next_cpu;
2633 rflow->filter = rc; 2753 rflow->filter = rc;
2634 if (old_rflow->filter == rflow->filter) 2754 if (old_rflow->filter == rflow->filter)
2635 old_rflow->filter = RPS_NO_FILTER; 2755 old_rflow->filter = RPS_NO_FILTER;
2636 out: 2756 out:
2637#endif 2757#endif
2638 rflow->last_qtail = 2758 rflow->last_qtail =
2639 per_cpu(softnet_data, tcpu).input_queue_head; 2759 per_cpu(softnet_data, next_cpu).input_queue_head;
2640 } 2760 }
2641 2761
2762 rflow->cpu = next_cpu;
2642 return rflow; 2763 return rflow;
2643} 2764}
2644 2765
@@ -2673,13 +2794,13 @@ static int get_rps_cpu(struct net_device *dev, struct sk_buff *skb,
2673 map = rcu_dereference(rxqueue->rps_map); 2794 map = rcu_dereference(rxqueue->rps_map);
2674 if (map) { 2795 if (map) {
2675 if (map->len == 1 && 2796 if (map->len == 1 &&
2676 !rcu_dereference_raw(rxqueue->rps_flow_table)) { 2797 !rcu_access_pointer(rxqueue->rps_flow_table)) {
2677 tcpu = map->cpus[0]; 2798 tcpu = map->cpus[0];
2678 if (cpu_online(tcpu)) 2799 if (cpu_online(tcpu))
2679 cpu = tcpu; 2800 cpu = tcpu;
2680 goto done; 2801 goto done;
2681 } 2802 }
2682 } else if (!rcu_dereference_raw(rxqueue->rps_flow_table)) { 2803 } else if (!rcu_access_pointer(rxqueue->rps_flow_table)) {
2683 goto done; 2804 goto done;
2684 } 2805 }
2685 2806
@@ -3094,8 +3215,8 @@ void netdev_rx_handler_unregister(struct net_device *dev)
3094{ 3215{
3095 3216
3096 ASSERT_RTNL(); 3217 ASSERT_RTNL();
3097 rcu_assign_pointer(dev->rx_handler, NULL); 3218 RCU_INIT_POINTER(dev->rx_handler, NULL);
3098 rcu_assign_pointer(dev->rx_handler_data, NULL); 3219 RCU_INIT_POINTER(dev->rx_handler_data, NULL);
3099} 3220}
3100EXPORT_SYMBOL_GPL(netdev_rx_handler_unregister); 3221EXPORT_SYMBOL_GPL(netdev_rx_handler_unregister);
3101 3222
@@ -3163,6 +3284,17 @@ ncls:
3163#endif 3284#endif
3164 3285
3165 rx_handler = rcu_dereference(skb->dev->rx_handler); 3286 rx_handler = rcu_dereference(skb->dev->rx_handler);
3287 if (vlan_tx_tag_present(skb)) {
3288 if (pt_prev) {
3289 ret = deliver_skb(skb, pt_prev, orig_dev);
3290 pt_prev = NULL;
3291 }
3292 if (vlan_do_receive(&skb, !rx_handler))
3293 goto another_round;
3294 else if (unlikely(!skb))
3295 goto out;
3296 }
3297
3166 if (rx_handler) { 3298 if (rx_handler) {
3167 if (pt_prev) { 3299 if (pt_prev) {
3168 ret = deliver_skb(skb, pt_prev, orig_dev); 3300 ret = deliver_skb(skb, pt_prev, orig_dev);
@@ -3182,18 +3314,6 @@ ncls:
3182 } 3314 }
3183 } 3315 }
3184 3316
3185 if (vlan_tx_tag_present(skb)) {
3186 if (pt_prev) {
3187 ret = deliver_skb(skb, pt_prev, orig_dev);
3188 pt_prev = NULL;
3189 }
3190 if (vlan_do_receive(&skb)) {
3191 ret = __netif_receive_skb(skb);
3192 goto out;
3193 } else if (unlikely(!skb))
3194 goto out;
3195 }
3196
3197 /* deliver only exact match when indicated */ 3317 /* deliver only exact match when indicated */
3198 null_or_dev = deliver_exact ? skb->dev : NULL; 3318 null_or_dev = deliver_exact ? skb->dev : NULL;
3199 3319
@@ -3421,10 +3541,10 @@ pull:
3421 skb->data_len -= grow; 3541 skb->data_len -= grow;
3422 3542
3423 skb_shinfo(skb)->frags[0].page_offset += grow; 3543 skb_shinfo(skb)->frags[0].page_offset += grow;
3424 skb_shinfo(skb)->frags[0].size -= grow; 3544 skb_frag_size_sub(&skb_shinfo(skb)->frags[0], grow);
3425 3545
3426 if (unlikely(!skb_shinfo(skb)->frags[0].size)) { 3546 if (unlikely(!skb_frag_size(&skb_shinfo(skb)->frags[0]))) {
3427 put_page(skb_shinfo(skb)->frags[0].page); 3547 skb_frag_unref(skb, 0);
3428 memmove(skb_shinfo(skb)->frags, 3548 memmove(skb_shinfo(skb)->frags,
3429 skb_shinfo(skb)->frags + 1, 3549 skb_shinfo(skb)->frags + 1,
3430 --skb_shinfo(skb)->nr_frags * sizeof(skb_frag_t)); 3550 --skb_shinfo(skb)->nr_frags * sizeof(skb_frag_t));
@@ -3488,11 +3608,10 @@ void skb_gro_reset_offset(struct sk_buff *skb)
3488 NAPI_GRO_CB(skb)->frag0_len = 0; 3608 NAPI_GRO_CB(skb)->frag0_len = 0;
3489 3609
3490 if (skb->mac_header == skb->tail && 3610 if (skb->mac_header == skb->tail &&
3491 !PageHighMem(skb_shinfo(skb)->frags[0].page)) { 3611 !PageHighMem(skb_frag_page(&skb_shinfo(skb)->frags[0]))) {
3492 NAPI_GRO_CB(skb)->frag0 = 3612 NAPI_GRO_CB(skb)->frag0 =
3493 page_address(skb_shinfo(skb)->frags[0].page) + 3613 skb_frag_address(&skb_shinfo(skb)->frags[0]);
3494 skb_shinfo(skb)->frags[0].page_offset; 3614 NAPI_GRO_CB(skb)->frag0_len = skb_frag_size(&skb_shinfo(skb)->frags[0]);
3495 NAPI_GRO_CB(skb)->frag0_len = skb_shinfo(skb)->frags[0].size;
3496 } 3615 }
3497} 3616}
3498EXPORT_SYMBOL(skb_gro_reset_offset); 3617EXPORT_SYMBOL(skb_gro_reset_offset);
@@ -3974,6 +4093,60 @@ static int dev_ifconf(struct net *net, char __user *arg)
3974} 4093}
3975 4094
3976#ifdef CONFIG_PROC_FS 4095#ifdef CONFIG_PROC_FS
4096
4097#define BUCKET_SPACE (32 - NETDEV_HASHBITS)
4098
4099struct dev_iter_state {
4100 struct seq_net_private p;
4101 unsigned int pos; /* bucket << BUCKET_SPACE + offset */
4102};
4103
4104#define get_bucket(x) ((x) >> BUCKET_SPACE)
4105#define get_offset(x) ((x) & ((1 << BUCKET_SPACE) - 1))
4106#define set_bucket_offset(b, o) ((b) << BUCKET_SPACE | (o))
4107
4108static inline struct net_device *dev_from_same_bucket(struct seq_file *seq)
4109{
4110 struct dev_iter_state *state = seq->private;
4111 struct net *net = seq_file_net(seq);
4112 struct net_device *dev;
4113 struct hlist_node *p;
4114 struct hlist_head *h;
4115 unsigned int count, bucket, offset;
4116
4117 bucket = get_bucket(state->pos);
4118 offset = get_offset(state->pos);
4119 h = &net->dev_name_head[bucket];
4120 count = 0;
4121 hlist_for_each_entry_rcu(dev, p, h, name_hlist) {
4122 if (count++ == offset) {
4123 state->pos = set_bucket_offset(bucket, count);
4124 return dev;
4125 }
4126 }
4127
4128 return NULL;
4129}
4130
4131static inline struct net_device *dev_from_new_bucket(struct seq_file *seq)
4132{
4133 struct dev_iter_state *state = seq->private;
4134 struct net_device *dev;
4135 unsigned int bucket;
4136
4137 bucket = get_bucket(state->pos);
4138 do {
4139 dev = dev_from_same_bucket(seq);
4140 if (dev)
4141 return dev;
4142
4143 bucket++;
4144 state->pos = set_bucket_offset(bucket, 0);
4145 } while (bucket < NETDEV_HASHENTRIES);
4146
4147 return NULL;
4148}
4149
3977/* 4150/*
3978 * This is invoked by the /proc filesystem handler to display a device 4151 * This is invoked by the /proc filesystem handler to display a device
3979 * in detail. 4152 * in detail.
@@ -3981,33 +4154,33 @@ static int dev_ifconf(struct net *net, char __user *arg)
3981void *dev_seq_start(struct seq_file *seq, loff_t *pos) 4154void *dev_seq_start(struct seq_file *seq, loff_t *pos)
3982 __acquires(RCU) 4155 __acquires(RCU)
3983{ 4156{
3984 struct net *net = seq_file_net(seq); 4157 struct dev_iter_state *state = seq->private;
3985 loff_t off;
3986 struct net_device *dev;
3987 4158
3988 rcu_read_lock(); 4159 rcu_read_lock();
3989 if (!*pos) 4160 if (!*pos)
3990 return SEQ_START_TOKEN; 4161 return SEQ_START_TOKEN;
3991 4162
3992 off = 1; 4163 /* check for end of the hash */
3993 for_each_netdev_rcu(net, dev) 4164 if (state->pos == 0 && *pos > 1)
3994 if (off++ == *pos) 4165 return NULL;
3995 return dev;
3996 4166
3997 return NULL; 4167 return dev_from_new_bucket(seq);
3998} 4168}
3999 4169
4000void *dev_seq_next(struct seq_file *seq, void *v, loff_t *pos) 4170void *dev_seq_next(struct seq_file *seq, void *v, loff_t *pos)
4001{ 4171{
4002 struct net_device *dev = v; 4172 struct net_device *dev;
4173
4174 ++*pos;
4003 4175
4004 if (v == SEQ_START_TOKEN) 4176 if (v == SEQ_START_TOKEN)
4005 dev = first_net_device_rcu(seq_file_net(seq)); 4177 return dev_from_new_bucket(seq);
4006 else
4007 dev = next_net_device_rcu(dev);
4008 4178
4009 ++*pos; 4179 dev = dev_from_same_bucket(seq);
4010 return dev; 4180 if (dev)
4181 return dev;
4182
4183 return dev_from_new_bucket(seq);
4011} 4184}
4012 4185
4013void dev_seq_stop(struct seq_file *seq, void *v) 4186void dev_seq_stop(struct seq_file *seq, void *v)
@@ -4106,7 +4279,7 @@ static const struct seq_operations dev_seq_ops = {
4106static int dev_seq_open(struct inode *inode, struct file *file) 4279static int dev_seq_open(struct inode *inode, struct file *file)
4107{ 4280{
4108 return seq_open_net(inode, file, &dev_seq_ops, 4281 return seq_open_net(inode, file, &dev_seq_ops,
4109 sizeof(struct seq_net_private)); 4282 sizeof(struct dev_iter_state));
4110} 4283}
4111 4284
4112static const struct file_operations dev_seq_fops = { 4285static const struct file_operations dev_seq_fops = {
@@ -4489,9 +4662,7 @@ void __dev_set_rx_mode(struct net_device *dev)
4489 if (!netif_device_present(dev)) 4662 if (!netif_device_present(dev))
4490 return; 4663 return;
4491 4664
4492 if (ops->ndo_set_rx_mode) 4665 if (!(dev->priv_flags & IFF_UNICAST_FLT)) {
4493 ops->ndo_set_rx_mode(dev);
4494 else {
4495 /* Unicast addresses changes may only happen under the rtnl, 4666 /* Unicast addresses changes may only happen under the rtnl,
4496 * therefore calling __dev_set_promiscuity here is safe. 4667 * therefore calling __dev_set_promiscuity here is safe.
4497 */ 4668 */
@@ -4502,10 +4673,10 @@ void __dev_set_rx_mode(struct net_device *dev)
4502 __dev_set_promiscuity(dev, -1); 4673 __dev_set_promiscuity(dev, -1);
4503 dev->uc_promisc = false; 4674 dev->uc_promisc = false;
4504 } 4675 }
4505
4506 if (ops->ndo_set_multicast_list)
4507 ops->ndo_set_multicast_list(dev);
4508 } 4676 }
4677
4678 if (ops->ndo_set_rx_mode)
4679 ops->ndo_set_rx_mode(dev);
4509} 4680}
4510 4681
4511void dev_set_rx_mode(struct net_device *dev) 4682void dev_set_rx_mode(struct net_device *dev)
@@ -4516,30 +4687,6 @@ void dev_set_rx_mode(struct net_device *dev)
4516} 4687}
4517 4688
4518/** 4689/**
4519 * dev_ethtool_get_settings - call device's ethtool_ops::get_settings()
4520 * @dev: device
4521 * @cmd: memory area for ethtool_ops::get_settings() result
4522 *
4523 * The cmd arg is initialized properly (cleared and
4524 * ethtool_cmd::cmd field set to ETHTOOL_GSET).
4525 *
4526 * Return device's ethtool_ops::get_settings() result value or
4527 * -EOPNOTSUPP when device doesn't expose
4528 * ethtool_ops::get_settings() operation.
4529 */
4530int dev_ethtool_get_settings(struct net_device *dev,
4531 struct ethtool_cmd *cmd)
4532{
4533 if (!dev->ethtool_ops || !dev->ethtool_ops->get_settings)
4534 return -EOPNOTSUPP;
4535
4536 memset(cmd, 0, sizeof(struct ethtool_cmd));
4537 cmd->cmd = ETHTOOL_GSET;
4538 return dev->ethtool_ops->get_settings(dev, cmd);
4539}
4540EXPORT_SYMBOL(dev_ethtool_get_settings);
4541
4542/**
4543 * dev_get_flags - get flags reported to userspace 4690 * dev_get_flags - get flags reported to userspace
4544 * @dev: device 4691 * @dev: device
4545 * 4692 *
@@ -4855,7 +5002,7 @@ static int dev_ifsioc(struct net *net, struct ifreq *ifr, unsigned int cmd)
4855 return -EOPNOTSUPP; 5002 return -EOPNOTSUPP;
4856 5003
4857 case SIOCADDMULTI: 5004 case SIOCADDMULTI:
4858 if ((!ops->ndo_set_multicast_list && !ops->ndo_set_rx_mode) || 5005 if (!ops->ndo_set_rx_mode ||
4859 ifr->ifr_hwaddr.sa_family != AF_UNSPEC) 5006 ifr->ifr_hwaddr.sa_family != AF_UNSPEC)
4860 return -EINVAL; 5007 return -EINVAL;
4861 if (!netif_device_present(dev)) 5008 if (!netif_device_present(dev))
@@ -4863,7 +5010,7 @@ static int dev_ifsioc(struct net *net, struct ifreq *ifr, unsigned int cmd)
4863 return dev_mc_add_global(dev, ifr->ifr_hwaddr.sa_data); 5010 return dev_mc_add_global(dev, ifr->ifr_hwaddr.sa_data);
4864 5011
4865 case SIOCDELMULTI: 5012 case SIOCDELMULTI:
4866 if ((!ops->ndo_set_multicast_list && !ops->ndo_set_rx_mode) || 5013 if (!ops->ndo_set_rx_mode ||
4867 ifr->ifr_hwaddr.sa_family != AF_UNSPEC) 5014 ifr->ifr_hwaddr.sa_family != AF_UNSPEC)
4868 return -EINVAL; 5015 return -EINVAL;
4869 if (!netif_device_present(dev)) 5016 if (!netif_device_present(dev))
@@ -4880,6 +5027,12 @@ static int dev_ifsioc(struct net *net, struct ifreq *ifr, unsigned int cmd)
4880 ifr->ifr_newname[IFNAMSIZ-1] = '\0'; 5027 ifr->ifr_newname[IFNAMSIZ-1] = '\0';
4881 return dev_change_name(dev, ifr->ifr_newname); 5028 return dev_change_name(dev, ifr->ifr_newname);
4882 5029
5030 case SIOCSHWTSTAMP:
5031 err = net_hwtstamp_validate(ifr);
5032 if (err)
5033 return err;
5034 /* fall through */
5035
4883 /* 5036 /*
4884 * Unknown or private ioctl 5037 * Unknown or private ioctl
4885 */ 5038 */
@@ -5194,7 +5347,7 @@ static void rollback_registered_many(struct list_head *head)
5194 dev = list_first_entry(head, struct net_device, unreg_list); 5347 dev = list_first_entry(head, struct net_device, unreg_list);
5195 call_netdevice_notifiers(NETDEV_UNREGISTER_BATCH, dev); 5348 call_netdevice_notifiers(NETDEV_UNREGISTER_BATCH, dev);
5196 5349
5197 rcu_barrier(); 5350 synchronize_net();
5198 5351
5199 list_for_each_entry(dev, head, unreg_list) 5352 list_for_each_entry(dev, head, unreg_list)
5200 dev_put(dev); 5353 dev_put(dev);
@@ -5707,6 +5860,12 @@ void netdev_run_todo(void)
5707 5860
5708 __rtnl_unlock(); 5861 __rtnl_unlock();
5709 5862
5863 /* Wait for rcu callbacks to finish before attempting to drain
5864 * the device list. This usually avoids a 250ms wait.
5865 */
5866 if (!list_empty(&list))
5867 rcu_barrier();
5868
5710 while (!list_empty(&list)) { 5869 while (!list_empty(&list)) {
5711 struct net_device *dev 5870 struct net_device *dev
5712 = list_first_entry(&list, struct net_device, todo_list); 5871 = list_first_entry(&list, struct net_device, todo_list);
@@ -5727,8 +5886,8 @@ void netdev_run_todo(void)
5727 5886
5728 /* paranoia */ 5887 /* paranoia */
5729 BUG_ON(netdev_refcnt_read(dev)); 5888 BUG_ON(netdev_refcnt_read(dev));
5730 WARN_ON(rcu_dereference_raw(dev->ip_ptr)); 5889 WARN_ON(rcu_access_pointer(dev->ip_ptr));
5731 WARN_ON(rcu_dereference_raw(dev->ip6_ptr)); 5890 WARN_ON(rcu_access_pointer(dev->ip6_ptr));
5732 WARN_ON(dev->dn_ptr); 5891 WARN_ON(dev->dn_ptr);
5733 5892
5734 if (dev->destructor) 5893 if (dev->destructor)
@@ -5932,7 +6091,7 @@ void free_netdev(struct net_device *dev)
5932 kfree(dev->_rx); 6091 kfree(dev->_rx);
5933#endif 6092#endif
5934 6093
5935 kfree(rcu_dereference_raw(dev->ingress_queue)); 6094 kfree(rcu_dereference_protected(dev->ingress_queue, 1));
5936 6095
5937 /* Flush device addresses */ 6096 /* Flush device addresses */
5938 dev_addr_flush(dev); 6097 dev_addr_flush(dev);
@@ -6107,6 +6266,7 @@ int dev_change_net_namespace(struct net_device *dev, struct net *net, const char
6107 */ 6266 */
6108 call_netdevice_notifiers(NETDEV_UNREGISTER, dev); 6267 call_netdevice_notifiers(NETDEV_UNREGISTER, dev);
6109 call_netdevice_notifiers(NETDEV_UNREGISTER_BATCH, dev); 6268 call_netdevice_notifiers(NETDEV_UNREGISTER_BATCH, dev);
6269 rtmsg_ifinfo(RTM_DELLINK, dev, ~0U);
6110 6270
6111 /* 6271 /*
6112 * Flush the unicast and multicast chains 6272 * Flush the unicast and multicast chains
@@ -6290,7 +6450,7 @@ const char *netdev_drivername(const struct net_device *dev)
6290 return empty; 6450 return empty;
6291} 6451}
6292 6452
6293static int __netdev_printk(const char *level, const struct net_device *dev, 6453int __netdev_printk(const char *level, const struct net_device *dev,
6294 struct va_format *vaf) 6454 struct va_format *vaf)
6295{ 6455{
6296 int r; 6456 int r;
@@ -6305,6 +6465,7 @@ static int __netdev_printk(const char *level, const struct net_device *dev,
6305 6465
6306 return r; 6466 return r;
6307} 6467}
6468EXPORT_SYMBOL(__netdev_printk);
6308 6469
6309int netdev_printk(const char *level, const struct net_device *dev, 6470int netdev_printk(const char *level, const struct net_device *dev,
6310 const char *format, ...) 6471 const char *format, ...)
diff --git a/net/core/dev_addr_lists.c b/net/core/dev_addr_lists.c
index e2e66939ed00..283d1b863876 100644
--- a/net/core/dev_addr_lists.c
+++ b/net/core/dev_addr_lists.c
@@ -591,8 +591,8 @@ EXPORT_SYMBOL(dev_mc_del_global);
591 * addresses that have no users left. The source device must be 591 * addresses that have no users left. The source device must be
592 * locked by netif_tx_lock_bh. 592 * locked by netif_tx_lock_bh.
593 * 593 *
594 * This function is intended to be called from the dev->set_multicast_list 594 * This function is intended to be called from the ndo_set_rx_mode
595 * or dev->set_rx_mode function of layered software devices. 595 * function of layered software devices.
596 */ 596 */
597int dev_mc_sync(struct net_device *to, struct net_device *from) 597int dev_mc_sync(struct net_device *to, struct net_device *from)
598{ 598{
diff --git a/net/core/dst.c b/net/core/dst.c
index 14b33baf0733..d5e2c4c09107 100644
--- a/net/core/dst.c
+++ b/net/core/dst.c
@@ -171,7 +171,7 @@ void *dst_alloc(struct dst_ops *ops, struct net_device *dev,
171 dst_init_metrics(dst, dst_default_metrics, true); 171 dst_init_metrics(dst, dst_default_metrics, true);
172 dst->expires = 0UL; 172 dst->expires = 0UL;
173 dst->path = dst; 173 dst->path = dst;
174 dst->_neighbour = NULL; 174 RCU_INIT_POINTER(dst->_neighbour, NULL);
175#ifdef CONFIG_XFRM 175#ifdef CONFIG_XFRM
176 dst->xfrm = NULL; 176 dst->xfrm = NULL;
177#endif 177#endif
@@ -229,11 +229,11 @@ struct dst_entry *dst_destroy(struct dst_entry * dst)
229 smp_rmb(); 229 smp_rmb();
230 230
231again: 231again:
232 neigh = dst->_neighbour; 232 neigh = rcu_dereference_protected(dst->_neighbour, 1);
233 child = dst->child; 233 child = dst->child;
234 234
235 if (neigh) { 235 if (neigh) {
236 dst->_neighbour = NULL; 236 RCU_INIT_POINTER(dst->_neighbour, NULL);
237 neigh_release(neigh); 237 neigh_release(neigh);
238 } 238 }
239 239
@@ -360,14 +360,19 @@ static void dst_ifdown(struct dst_entry *dst, struct net_device *dev,
360 if (!unregister) { 360 if (!unregister) {
361 dst->input = dst->output = dst_discard; 361 dst->input = dst->output = dst_discard;
362 } else { 362 } else {
363 struct neighbour *neigh;
364
363 dst->dev = dev_net(dst->dev)->loopback_dev; 365 dst->dev = dev_net(dst->dev)->loopback_dev;
364 dev_hold(dst->dev); 366 dev_hold(dst->dev);
365 dev_put(dev); 367 dev_put(dev);
366 if (dst->_neighbour && dst->_neighbour->dev == dev) { 368 rcu_read_lock();
367 dst->_neighbour->dev = dst->dev; 369 neigh = dst_get_neighbour(dst);
370 if (neigh && neigh->dev == dev) {
371 neigh->dev = dst->dev;
368 dev_hold(dst->dev); 372 dev_hold(dst->dev);
369 dev_put(dev); 373 dev_put(dev);
370 } 374 }
375 rcu_read_unlock();
371 } 376 }
372} 377}
373 378
diff --git a/net/core/ethtool.c b/net/core/ethtool.c
index 6cdba5fc2bed..f44481707124 100644
--- a/net/core/ethtool.c
+++ b/net/core/ethtool.c
@@ -569,15 +569,25 @@ int __ethtool_set_flags(struct net_device *dev, u32 data)
569 return 0; 569 return 0;
570} 570}
571 571
572static int ethtool_get_settings(struct net_device *dev, void __user *useraddr) 572int __ethtool_get_settings(struct net_device *dev, struct ethtool_cmd *cmd)
573{ 573{
574 struct ethtool_cmd cmd = { .cmd = ETHTOOL_GSET }; 574 ASSERT_RTNL();
575 int err;
576 575
577 if (!dev->ethtool_ops->get_settings) 576 if (!dev->ethtool_ops || !dev->ethtool_ops->get_settings)
578 return -EOPNOTSUPP; 577 return -EOPNOTSUPP;
579 578
580 err = dev->ethtool_ops->get_settings(dev, &cmd); 579 memset(cmd, 0, sizeof(struct ethtool_cmd));
580 cmd->cmd = ETHTOOL_GSET;
581 return dev->ethtool_ops->get_settings(dev, cmd);
582}
583EXPORT_SYMBOL(__ethtool_get_settings);
584
585static int ethtool_get_settings(struct net_device *dev, void __user *useraddr)
586{
587 int err;
588 struct ethtool_cmd cmd;
589
590 err = __ethtool_get_settings(dev, &cmd);
581 if (err < 0) 591 if (err < 0)
582 return err; 592 return err;
583 593
diff --git a/net/core/fib_rules.c b/net/core/fib_rules.c
index e7ab0c0285b5..57e8f95110e6 100644
--- a/net/core/fib_rules.c
+++ b/net/core/fib_rules.c
@@ -384,8 +384,8 @@ static int fib_nl_newrule(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg)
384 */ 384 */
385 list_for_each_entry(r, &ops->rules_list, list) { 385 list_for_each_entry(r, &ops->rules_list, list) {
386 if (r->action == FR_ACT_GOTO && 386 if (r->action == FR_ACT_GOTO &&
387 r->target == rule->pref) { 387 r->target == rule->pref &&
388 BUG_ON(rtnl_dereference(r->ctarget) != NULL); 388 rtnl_dereference(r->ctarget) == NULL) {
389 rcu_assign_pointer(r->ctarget, rule); 389 rcu_assign_pointer(r->ctarget, rule);
390 if (--ops->unresolved_rules == 0) 390 if (--ops->unresolved_rules == 0)
391 break; 391 break;
@@ -475,8 +475,11 @@ static int fib_nl_delrule(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg)
475 475
476 list_del_rcu(&rule->list); 476 list_del_rcu(&rule->list);
477 477
478 if (rule->action == FR_ACT_GOTO) 478 if (rule->action == FR_ACT_GOTO) {
479 ops->nr_goto_rules--; 479 ops->nr_goto_rules--;
480 if (rtnl_dereference(rule->ctarget) == NULL)
481 ops->unresolved_rules--;
482 }
480 483
481 /* 484 /*
482 * Check if this rule is a target to any of them. If so, 485 * Check if this rule is a target to any of them. If so,
@@ -487,7 +490,7 @@ static int fib_nl_delrule(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg)
487 if (ops->nr_goto_rules > 0) { 490 if (ops->nr_goto_rules > 0) {
488 list_for_each_entry(tmp, &ops->rules_list, list) { 491 list_for_each_entry(tmp, &ops->rules_list, list) {
489 if (rtnl_dereference(tmp->ctarget) == rule) { 492 if (rtnl_dereference(tmp->ctarget) == rule) {
490 rcu_assign_pointer(tmp->ctarget, NULL); 493 RCU_INIT_POINTER(tmp->ctarget, NULL);
491 ops->unresolved_rules++; 494 ops->unresolved_rules++;
492 } 495 }
493 } 496 }
@@ -545,7 +548,7 @@ static int fib_nl_fill_rule(struct sk_buff *skb, struct fib_rule *rule,
545 frh->flags = rule->flags; 548 frh->flags = rule->flags;
546 549
547 if (rule->action == FR_ACT_GOTO && 550 if (rule->action == FR_ACT_GOTO &&
548 rcu_dereference_raw(rule->ctarget) == NULL) 551 rcu_access_pointer(rule->ctarget) == NULL)
549 frh->flags |= FIB_RULE_UNRESOLVED; 552 frh->flags |= FIB_RULE_UNRESOLVED;
550 553
551 if (rule->iifname[0]) { 554 if (rule->iifname[0]) {
diff --git a/net/core/filter.c b/net/core/filter.c
index 36f975fa87cb..5dea45279215 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -436,7 +436,7 @@ error:
436 * 436 *
437 * Returns 0 if the rule set is legal or -EINVAL if not. 437 * Returns 0 if the rule set is legal or -EINVAL if not.
438 */ 438 */
439int sk_chk_filter(struct sock_filter *filter, int flen) 439int sk_chk_filter(struct sock_filter *filter, unsigned int flen)
440{ 440{
441 /* 441 /*
442 * Valid instructions are initialized to non-0. 442 * Valid instructions are initialized to non-0.
@@ -645,7 +645,7 @@ int sk_detach_filter(struct sock *sk)
645 filter = rcu_dereference_protected(sk->sk_filter, 645 filter = rcu_dereference_protected(sk->sk_filter,
646 sock_owned_by_user(sk)); 646 sock_owned_by_user(sk));
647 if (filter) { 647 if (filter) {
648 rcu_assign_pointer(sk->sk_filter, NULL); 648 RCU_INIT_POINTER(sk->sk_filter, NULL);
649 sk_filter_uncharge(sk, filter); 649 sk_filter_uncharge(sk, filter);
650 ret = 0; 650 ret = 0;
651 } 651 }
diff --git a/net/core/flow.c b/net/core/flow.c
index bf32c33cad3b..8ae42de9c79e 100644
--- a/net/core/flow.c
+++ b/net/core/flow.c
@@ -30,6 +30,7 @@ struct flow_cache_entry {
30 struct hlist_node hlist; 30 struct hlist_node hlist;
31 struct list_head gc_list; 31 struct list_head gc_list;
32 } u; 32 } u;
33 struct net *net;
33 u16 family; 34 u16 family;
34 u8 dir; 35 u8 dir;
35 u32 genid; 36 u32 genid;
@@ -172,29 +173,26 @@ static void flow_new_hash_rnd(struct flow_cache *fc,
172 173
173static u32 flow_hash_code(struct flow_cache *fc, 174static u32 flow_hash_code(struct flow_cache *fc,
174 struct flow_cache_percpu *fcp, 175 struct flow_cache_percpu *fcp,
175 const struct flowi *key) 176 const struct flowi *key,
177 size_t keysize)
176{ 178{
177 const u32 *k = (const u32 *) key; 179 const u32 *k = (const u32 *) key;
180 const u32 length = keysize * sizeof(flow_compare_t) / sizeof(u32);
178 181
179 return jhash2(k, (sizeof(*key) / sizeof(u32)), fcp->hash_rnd) 182 return jhash2(k, length, fcp->hash_rnd)
180 & (flow_cache_hash_size(fc) - 1); 183 & (flow_cache_hash_size(fc) - 1);
181} 184}
182 185
183typedef unsigned long flow_compare_t;
184
185/* I hear what you're saying, use memcmp. But memcmp cannot make 186/* I hear what you're saying, use memcmp. But memcmp cannot make
186 * important assumptions that we can here, such as alignment and 187 * important assumptions that we can here, such as alignment.
187 * constant size.
188 */ 188 */
189static int flow_key_compare(const struct flowi *key1, const struct flowi *key2) 189static int flow_key_compare(const struct flowi *key1, const struct flowi *key2,
190 size_t keysize)
190{ 191{
191 const flow_compare_t *k1, *k1_lim, *k2; 192 const flow_compare_t *k1, *k1_lim, *k2;
192 const int n_elem = sizeof(struct flowi) / sizeof(flow_compare_t);
193
194 BUILD_BUG_ON(sizeof(struct flowi) % sizeof(flow_compare_t));
195 193
196 k1 = (const flow_compare_t *) key1; 194 k1 = (const flow_compare_t *) key1;
197 k1_lim = k1 + n_elem; 195 k1_lim = k1 + keysize;
198 196
199 k2 = (const flow_compare_t *) key2; 197 k2 = (const flow_compare_t *) key2;
200 198
@@ -215,6 +213,7 @@ flow_cache_lookup(struct net *net, const struct flowi *key, u16 family, u8 dir,
215 struct flow_cache_entry *fle, *tfle; 213 struct flow_cache_entry *fle, *tfle;
216 struct hlist_node *entry; 214 struct hlist_node *entry;
217 struct flow_cache_object *flo; 215 struct flow_cache_object *flo;
216 size_t keysize;
218 unsigned int hash; 217 unsigned int hash;
219 218
220 local_bh_disable(); 219 local_bh_disable();
@@ -222,6 +221,11 @@ flow_cache_lookup(struct net *net, const struct flowi *key, u16 family, u8 dir,
222 221
223 fle = NULL; 222 fle = NULL;
224 flo = NULL; 223 flo = NULL;
224
225 keysize = flow_key_size(family);
226 if (!keysize)
227 goto nocache;
228
225 /* Packet really early in init? Making flow_cache_init a 229 /* Packet really early in init? Making flow_cache_init a
226 * pre-smp initcall would solve this. --RR */ 230 * pre-smp initcall would solve this. --RR */
227 if (!fcp->hash_table) 231 if (!fcp->hash_table)
@@ -230,11 +234,12 @@ flow_cache_lookup(struct net *net, const struct flowi *key, u16 family, u8 dir,
230 if (fcp->hash_rnd_recalc) 234 if (fcp->hash_rnd_recalc)
231 flow_new_hash_rnd(fc, fcp); 235 flow_new_hash_rnd(fc, fcp);
232 236
233 hash = flow_hash_code(fc, fcp, key); 237 hash = flow_hash_code(fc, fcp, key, keysize);
234 hlist_for_each_entry(tfle, entry, &fcp->hash_table[hash], u.hlist) { 238 hlist_for_each_entry(tfle, entry, &fcp->hash_table[hash], u.hlist) {
235 if (tfle->family == family && 239 if (tfle->net == net &&
240 tfle->family == family &&
236 tfle->dir == dir && 241 tfle->dir == dir &&
237 flow_key_compare(key, &tfle->key) == 0) { 242 flow_key_compare(key, &tfle->key, keysize) == 0) {
238 fle = tfle; 243 fle = tfle;
239 break; 244 break;
240 } 245 }
@@ -246,9 +251,10 @@ flow_cache_lookup(struct net *net, const struct flowi *key, u16 family, u8 dir,
246 251
247 fle = kmem_cache_alloc(flow_cachep, GFP_ATOMIC); 252 fle = kmem_cache_alloc(flow_cachep, GFP_ATOMIC);
248 if (fle) { 253 if (fle) {
254 fle->net = net;
249 fle->family = family; 255 fle->family = family;
250 fle->dir = dir; 256 fle->dir = dir;
251 memcpy(&fle->key, key, sizeof(*key)); 257 memcpy(&fle->key, key, keysize * sizeof(flow_compare_t));
252 fle->object = NULL; 258 fle->object = NULL;
253 hlist_add_head(&fle->u.hlist, &fcp->hash_table[hash]); 259 hlist_add_head(&fle->u.hlist, &fcp->hash_table[hash]);
254 fcp->hash_count++; 260 fcp->hash_count++;
@@ -407,7 +413,7 @@ static int __init flow_cache_init(struct flow_cache *fc)
407 413
408 for_each_online_cpu(i) { 414 for_each_online_cpu(i) {
409 if (flow_cache_cpu_prepare(fc, i)) 415 if (flow_cache_cpu_prepare(fc, i))
410 return -ENOMEM; 416 goto err;
411 } 417 }
412 fc->hotcpu_notifier = (struct notifier_block){ 418 fc->hotcpu_notifier = (struct notifier_block){
413 .notifier_call = flow_cache_cpu, 419 .notifier_call = flow_cache_cpu,
@@ -420,6 +426,18 @@ static int __init flow_cache_init(struct flow_cache *fc)
420 add_timer(&fc->rnd_timer); 426 add_timer(&fc->rnd_timer);
421 427
422 return 0; 428 return 0;
429
430err:
431 for_each_possible_cpu(i) {
432 struct flow_cache_percpu *fcp = per_cpu_ptr(fc->percpu, i);
433 kfree(fcp->hash_table);
434 fcp->hash_table = NULL;
435 }
436
437 free_percpu(fc->percpu);
438 fc->percpu = NULL;
439
440 return -ENOMEM;
423} 441}
424 442
425static int __init flow_cache_init_global(void) 443static int __init flow_cache_init_global(void)
diff --git a/net/core/kmap_skb.h b/net/core/kmap_skb.h
index 283c2b993fb8..81e1ed7c8383 100644
--- a/net/core/kmap_skb.h
+++ b/net/core/kmap_skb.h
@@ -7,7 +7,7 @@ static inline void *kmap_skb_frag(const skb_frag_t *frag)
7 7
8 local_bh_disable(); 8 local_bh_disable();
9#endif 9#endif
10 return kmap_atomic(frag->page, KM_SKB_DATA_SOFTIRQ); 10 return kmap_atomic(skb_frag_page(frag), KM_SKB_DATA_SOFTIRQ);
11} 11}
12 12
13static inline void kunmap_skb_frag(void *vaddr) 13static inline void kunmap_skb_frag(void *vaddr)
diff --git a/net/core/link_watch.c b/net/core/link_watch.c
index 357bd4ee4baa..c3519c6d1b16 100644
--- a/net/core/link_watch.c
+++ b/net/core/link_watch.c
@@ -78,8 +78,13 @@ static void rfc2863_policy(struct net_device *dev)
78 78
79static bool linkwatch_urgent_event(struct net_device *dev) 79static bool linkwatch_urgent_event(struct net_device *dev)
80{ 80{
81 return netif_running(dev) && netif_carrier_ok(dev) && 81 if (!netif_running(dev))
82 qdisc_tx_changing(dev); 82 return false;
83
84 if (dev->ifindex != dev->iflink)
85 return true;
86
87 return netif_carrier_ok(dev) && qdisc_tx_changing(dev);
83} 88}
84 89
85 90
diff --git a/net/core/neighbour.c b/net/core/neighbour.c
index 8fab9b0bb203..909ecb3c2a33 100644
--- a/net/core/neighbour.c
+++ b/net/core/neighbour.c
@@ -844,6 +844,19 @@ static void neigh_invalidate(struct neighbour *neigh)
844 skb_queue_purge(&neigh->arp_queue); 844 skb_queue_purge(&neigh->arp_queue);
845} 845}
846 846
847static void neigh_probe(struct neighbour *neigh)
848 __releases(neigh->lock)
849{
850 struct sk_buff *skb = skb_peek(&neigh->arp_queue);
851 /* keep skb alive even if arp_queue overflows */
852 if (skb)
853 skb = skb_copy(skb, GFP_ATOMIC);
854 write_unlock(&neigh->lock);
855 neigh->ops->solicit(neigh, skb);
856 atomic_inc(&neigh->probes);
857 kfree_skb(skb);
858}
859
847/* Called when a timer expires for a neighbour entry. */ 860/* Called when a timer expires for a neighbour entry. */
848 861
849static void neigh_timer_handler(unsigned long arg) 862static void neigh_timer_handler(unsigned long arg)
@@ -920,14 +933,7 @@ static void neigh_timer_handler(unsigned long arg)
920 neigh_hold(neigh); 933 neigh_hold(neigh);
921 } 934 }
922 if (neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) { 935 if (neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) {
923 struct sk_buff *skb = skb_peek(&neigh->arp_queue); 936 neigh_probe(neigh);
924 /* keep skb alive even if arp_queue overflows */
925 if (skb)
926 skb = skb_copy(skb, GFP_ATOMIC);
927 write_unlock(&neigh->lock);
928 neigh->ops->solicit(neigh, skb);
929 atomic_inc(&neigh->probes);
930 kfree_skb(skb);
931 } else { 937 } else {
932out: 938out:
933 write_unlock(&neigh->lock); 939 write_unlock(&neigh->lock);
@@ -942,7 +948,7 @@ out:
942int __neigh_event_send(struct neighbour *neigh, struct sk_buff *skb) 948int __neigh_event_send(struct neighbour *neigh, struct sk_buff *skb)
943{ 949{
944 int rc; 950 int rc;
945 unsigned long now; 951 bool immediate_probe = false;
946 952
947 write_lock_bh(&neigh->lock); 953 write_lock_bh(&neigh->lock);
948 954
@@ -950,14 +956,16 @@ int __neigh_event_send(struct neighbour *neigh, struct sk_buff *skb)
950 if (neigh->nud_state & (NUD_CONNECTED | NUD_DELAY | NUD_PROBE)) 956 if (neigh->nud_state & (NUD_CONNECTED | NUD_DELAY | NUD_PROBE))
951 goto out_unlock_bh; 957 goto out_unlock_bh;
952 958
953 now = jiffies;
954
955 if (!(neigh->nud_state & (NUD_STALE | NUD_INCOMPLETE))) { 959 if (!(neigh->nud_state & (NUD_STALE | NUD_INCOMPLETE))) {
956 if (neigh->parms->mcast_probes + neigh->parms->app_probes) { 960 if (neigh->parms->mcast_probes + neigh->parms->app_probes) {
961 unsigned long next, now = jiffies;
962
957 atomic_set(&neigh->probes, neigh->parms->ucast_probes); 963 atomic_set(&neigh->probes, neigh->parms->ucast_probes);
958 neigh->nud_state = NUD_INCOMPLETE; 964 neigh->nud_state = NUD_INCOMPLETE;
959 neigh->updated = jiffies; 965 neigh->updated = now;
960 neigh_add_timer(neigh, now + 1); 966 next = now + max(neigh->parms->retrans_time, HZ/2);
967 neigh_add_timer(neigh, next);
968 immediate_probe = true;
961 } else { 969 } else {
962 neigh->nud_state = NUD_FAILED; 970 neigh->nud_state = NUD_FAILED;
963 neigh->updated = jiffies; 971 neigh->updated = jiffies;
@@ -989,7 +997,11 @@ int __neigh_event_send(struct neighbour *neigh, struct sk_buff *skb)
989 rc = 1; 997 rc = 1;
990 } 998 }
991out_unlock_bh: 999out_unlock_bh:
992 write_unlock_bh(&neigh->lock); 1000 if (immediate_probe)
1001 neigh_probe(neigh);
1002 else
1003 write_unlock(&neigh->lock);
1004 local_bh_enable();
993 return rc; 1005 return rc;
994} 1006}
995EXPORT_SYMBOL(__neigh_event_send); 1007EXPORT_SYMBOL(__neigh_event_send);
@@ -1156,10 +1168,14 @@ int neigh_update(struct neighbour *neigh, const u8 *lladdr, u8 new,
1156 struct dst_entry *dst = skb_dst(skb); 1168 struct dst_entry *dst = skb_dst(skb);
1157 struct neighbour *n2, *n1 = neigh; 1169 struct neighbour *n2, *n1 = neigh;
1158 write_unlock_bh(&neigh->lock); 1170 write_unlock_bh(&neigh->lock);
1171
1172 rcu_read_lock();
1159 /* On shaper/eql skb->dst->neighbour != neigh :( */ 1173 /* On shaper/eql skb->dst->neighbour != neigh :( */
1160 if (dst && (n2 = dst_get_neighbour(dst)) != NULL) 1174 if (dst && (n2 = dst_get_neighbour(dst)) != NULL)
1161 n1 = n2; 1175 n1 = n2;
1162 n1->output(n1, skb); 1176 n1->output(n1, skb);
1177 rcu_read_unlock();
1178
1163 write_lock_bh(&neigh->lock); 1179 write_lock_bh(&neigh->lock);
1164 } 1180 }
1165 skb_queue_purge(&neigh->arp_queue); 1181 skb_queue_purge(&neigh->arp_queue);
@@ -1319,11 +1335,15 @@ static void neigh_proxy_process(unsigned long arg)
1319 1335
1320 if (tdif <= 0) { 1336 if (tdif <= 0) {
1321 struct net_device *dev = skb->dev; 1337 struct net_device *dev = skb->dev;
1338
1322 __skb_unlink(skb, &tbl->proxy_queue); 1339 __skb_unlink(skb, &tbl->proxy_queue);
1323 if (tbl->proxy_redo && netif_running(dev)) 1340 if (tbl->proxy_redo && netif_running(dev)) {
1341 rcu_read_lock();
1324 tbl->proxy_redo(skb); 1342 tbl->proxy_redo(skb);
1325 else 1343 rcu_read_unlock();
1344 } else {
1326 kfree_skb(skb); 1345 kfree_skb(skb);
1346 }
1327 1347
1328 dev_put(dev); 1348 dev_put(dev);
1329 } else if (!sched_next || tdif < sched_next) 1349 } else if (!sched_next || tdif < sched_next)
diff --git a/net/core/net-sysfs.c b/net/core/net-sysfs.c
index 1683e5db2f27..7604a635376b 100644
--- a/net/core/net-sysfs.c
+++ b/net/core/net-sysfs.c
@@ -147,7 +147,7 @@ static ssize_t show_speed(struct device *dev,
147 147
148 if (netif_running(netdev)) { 148 if (netif_running(netdev)) {
149 struct ethtool_cmd cmd; 149 struct ethtool_cmd cmd;
150 if (!dev_ethtool_get_settings(netdev, &cmd)) 150 if (!__ethtool_get_settings(netdev, &cmd))
151 ret = sprintf(buf, fmt_udec, ethtool_cmd_speed(&cmd)); 151 ret = sprintf(buf, fmt_udec, ethtool_cmd_speed(&cmd));
152 } 152 }
153 rtnl_unlock(); 153 rtnl_unlock();
@@ -165,7 +165,7 @@ static ssize_t show_duplex(struct device *dev,
165 165
166 if (netif_running(netdev)) { 166 if (netif_running(netdev)) {
167 struct ethtool_cmd cmd; 167 struct ethtool_cmd cmd;
168 if (!dev_ethtool_get_settings(netdev, &cmd)) 168 if (!__ethtool_get_settings(netdev, &cmd))
169 ret = sprintf(buf, "%s\n", 169 ret = sprintf(buf, "%s\n",
170 cmd.duplex ? "full" : "half"); 170 cmd.duplex ? "full" : "half");
171 } 171 }
@@ -712,13 +712,13 @@ static void rx_queue_release(struct kobject *kobj)
712 struct rps_dev_flow_table *flow_table; 712 struct rps_dev_flow_table *flow_table;
713 713
714 714
715 map = rcu_dereference_raw(queue->rps_map); 715 map = rcu_dereference_protected(queue->rps_map, 1);
716 if (map) { 716 if (map) {
717 RCU_INIT_POINTER(queue->rps_map, NULL); 717 RCU_INIT_POINTER(queue->rps_map, NULL);
718 kfree_rcu(map, rcu); 718 kfree_rcu(map, rcu);
719 } 719 }
720 720
721 flow_table = rcu_dereference_raw(queue->rps_flow_table); 721 flow_table = rcu_dereference_protected(queue->rps_flow_table, 1);
722 if (flow_table) { 722 if (flow_table) {
723 RCU_INIT_POINTER(queue->rps_flow_table, NULL); 723 RCU_INIT_POINTER(queue->rps_flow_table, NULL);
724 call_rcu(&flow_table->rcu, rps_dev_flow_table_release); 724 call_rcu(&flow_table->rcu, rps_dev_flow_table_release);
@@ -987,10 +987,10 @@ static ssize_t store_xps_map(struct netdev_queue *queue,
987 } 987 }
988 988
989 if (nonempty) 989 if (nonempty)
990 rcu_assign_pointer(dev->xps_maps, new_dev_maps); 990 RCU_INIT_POINTER(dev->xps_maps, new_dev_maps);
991 else { 991 else {
992 kfree(new_dev_maps); 992 kfree(new_dev_maps);
993 rcu_assign_pointer(dev->xps_maps, NULL); 993 RCU_INIT_POINTER(dev->xps_maps, NULL);
994 } 994 }
995 995
996 if (dev_maps) 996 if (dev_maps)
diff --git a/net/core/netpoll.c b/net/core/netpoll.c
index adf84dd8c7b5..f57d94627a2a 100644
--- a/net/core/netpoll.c
+++ b/net/core/netpoll.c
@@ -558,13 +558,14 @@ int __netpoll_rx(struct sk_buff *skb)
558 if (skb_shared(skb)) 558 if (skb_shared(skb))
559 goto out; 559 goto out;
560 560
561 iph = (struct iphdr *)skb->data;
562 if (!pskb_may_pull(skb, sizeof(struct iphdr))) 561 if (!pskb_may_pull(skb, sizeof(struct iphdr)))
563 goto out; 562 goto out;
563 iph = (struct iphdr *)skb->data;
564 if (iph->ihl < 5 || iph->version != 4) 564 if (iph->ihl < 5 || iph->version != 4)
565 goto out; 565 goto out;
566 if (!pskb_may_pull(skb, iph->ihl*4)) 566 if (!pskb_may_pull(skb, iph->ihl*4))
567 goto out; 567 goto out;
568 iph = (struct iphdr *)skb->data;
568 if (ip_fast_csum((u8 *)iph, iph->ihl) != 0) 569 if (ip_fast_csum((u8 *)iph, iph->ihl) != 0)
569 goto out; 570 goto out;
570 571
@@ -579,6 +580,7 @@ int __netpoll_rx(struct sk_buff *skb)
579 if (pskb_trim_rcsum(skb, len)) 580 if (pskb_trim_rcsum(skb, len))
580 goto out; 581 goto out;
581 582
583 iph = (struct iphdr *)skb->data;
582 if (iph->protocol != IPPROTO_UDP) 584 if (iph->protocol != IPPROTO_UDP)
583 goto out; 585 goto out;
584 586
@@ -760,7 +762,7 @@ int __netpoll_setup(struct netpoll *np)
760 } 762 }
761 763
762 /* last thing to do is link it to the net device structure */ 764 /* last thing to do is link it to the net device structure */
763 rcu_assign_pointer(ndev->npinfo, npinfo); 765 RCU_INIT_POINTER(ndev->npinfo, npinfo);
764 766
765 return 0; 767 return 0;
766 768
@@ -901,7 +903,7 @@ void __netpoll_cleanup(struct netpoll *np)
901 if (ops->ndo_netpoll_cleanup) 903 if (ops->ndo_netpoll_cleanup)
902 ops->ndo_netpoll_cleanup(np->dev); 904 ops->ndo_netpoll_cleanup(np->dev);
903 905
904 rcu_assign_pointer(np->dev->npinfo, NULL); 906 RCU_INIT_POINTER(np->dev->npinfo, NULL);
905 907
906 /* avoid racing with NAPI reading npinfo */ 908 /* avoid racing with NAPI reading npinfo */
907 synchronize_rcu_bh(); 909 synchronize_rcu_bh();
diff --git a/net/core/pktgen.c b/net/core/pktgen.c
index e35a6fbb8110..0001c243b35c 100644
--- a/net/core/pktgen.c
+++ b/net/core/pktgen.c
@@ -2145,9 +2145,12 @@ static void spin(struct pktgen_dev *pkt_dev, ktime_t spin_until)
2145 } 2145 }
2146 2146
2147 start_time = ktime_now(); 2147 start_time = ktime_now();
2148 if (remaining < 100000) 2148 if (remaining < 100000) {
2149 ndelay(remaining); /* really small just spin */ 2149 /* for small delays (<100us), just loop until limit is reached */
2150 else { 2150 do {
2151 end_time = ktime_now();
2152 } while (ktime_lt(end_time, spin_until));
2153 } else {
2151 /* see do_nanosleep */ 2154 /* see do_nanosleep */
2152 hrtimer_init_sleeper(&t, current); 2155 hrtimer_init_sleeper(&t, current);
2153 do { 2156 do {
@@ -2162,8 +2165,8 @@ static void spin(struct pktgen_dev *pkt_dev, ktime_t spin_until)
2162 hrtimer_cancel(&t.timer); 2165 hrtimer_cancel(&t.timer);
2163 } while (t.task && pkt_dev->running && !signal_pending(current)); 2166 } while (t.task && pkt_dev->running && !signal_pending(current));
2164 __set_current_state(TASK_RUNNING); 2167 __set_current_state(TASK_RUNNING);
2168 end_time = ktime_now();
2165 } 2169 }
2166 end_time = ktime_now();
2167 2170
2168 pkt_dev->idle_acc += ktime_to_ns(ktime_sub(end_time, start_time)); 2171 pkt_dev->idle_acc += ktime_to_ns(ktime_sub(end_time, start_time));
2169 pkt_dev->next_tx = ktime_add_ns(spin_until, pkt_dev->delay); 2172 pkt_dev->next_tx = ktime_add_ns(spin_until, pkt_dev->delay);
@@ -2602,18 +2605,18 @@ static void pktgen_finalize_skb(struct pktgen_dev *pkt_dev, struct sk_buff *skb,
2602 if (!pkt_dev->page) 2605 if (!pkt_dev->page)
2603 break; 2606 break;
2604 } 2607 }
2605 skb_shinfo(skb)->frags[i].page = pkt_dev->page;
2606 get_page(pkt_dev->page); 2608 get_page(pkt_dev->page);
2609 skb_frag_set_page(skb, i, pkt_dev->page);
2607 skb_shinfo(skb)->frags[i].page_offset = 0; 2610 skb_shinfo(skb)->frags[i].page_offset = 0;
2608 /*last fragment, fill rest of data*/ 2611 /*last fragment, fill rest of data*/
2609 if (i == (frags - 1)) 2612 if (i == (frags - 1))
2610 skb_shinfo(skb)->frags[i].size = 2613 skb_frag_size_set(&skb_shinfo(skb)->frags[i],
2611 (datalen < PAGE_SIZE ? datalen : PAGE_SIZE); 2614 (datalen < PAGE_SIZE ? datalen : PAGE_SIZE));
2612 else 2615 else
2613 skb_shinfo(skb)->frags[i].size = frag_len; 2616 skb_frag_size_set(&skb_shinfo(skb)->frags[i], frag_len);
2614 datalen -= skb_shinfo(skb)->frags[i].size; 2617 datalen -= skb_frag_size(&skb_shinfo(skb)->frags[i]);
2615 skb->len += skb_shinfo(skb)->frags[i].size; 2618 skb->len += skb_frag_size(&skb_shinfo(skb)->frags[i]);
2616 skb->data_len += skb_shinfo(skb)->frags[i].size; 2619 skb->data_len += skb_frag_size(&skb_shinfo(skb)->frags[i]);
2617 i++; 2620 i++;
2618 skb_shinfo(skb)->nr_frags = i; 2621 skb_shinfo(skb)->nr_frags = i;
2619 } 2622 }
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index 99d9e953fe39..9083e82bdae5 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -731,7 +731,8 @@ static inline int rtnl_vfinfo_size(const struct net_device *dev)
731 size += num_vfs * 731 size += num_vfs *
732 (nla_total_size(sizeof(struct ifla_vf_mac)) + 732 (nla_total_size(sizeof(struct ifla_vf_mac)) +
733 nla_total_size(sizeof(struct ifla_vf_vlan)) + 733 nla_total_size(sizeof(struct ifla_vf_vlan)) +
734 nla_total_size(sizeof(struct ifla_vf_tx_rate))); 734 nla_total_size(sizeof(struct ifla_vf_tx_rate)) +
735 nla_total_size(sizeof(struct ifla_vf_spoofchk)));
735 return size; 736 return size;
736 } else 737 } else
737 return 0; 738 return 0;
@@ -954,13 +955,27 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb, struct net_device *dev,
954 struct ifla_vf_mac vf_mac; 955 struct ifla_vf_mac vf_mac;
955 struct ifla_vf_vlan vf_vlan; 956 struct ifla_vf_vlan vf_vlan;
956 struct ifla_vf_tx_rate vf_tx_rate; 957 struct ifla_vf_tx_rate vf_tx_rate;
958 struct ifla_vf_spoofchk vf_spoofchk;
959
960 /*
961 * Not all SR-IOV capable drivers support the
962 * spoofcheck query. Preset to -1 so the user
963 * space tool can detect that the driver didn't
964 * report anything.
965 */
966 ivi.spoofchk = -1;
957 if (dev->netdev_ops->ndo_get_vf_config(dev, i, &ivi)) 967 if (dev->netdev_ops->ndo_get_vf_config(dev, i, &ivi))
958 break; 968 break;
959 vf_mac.vf = vf_vlan.vf = vf_tx_rate.vf = ivi.vf; 969 vf_mac.vf =
970 vf_vlan.vf =
971 vf_tx_rate.vf =
972 vf_spoofchk.vf = ivi.vf;
973
960 memcpy(vf_mac.mac, ivi.mac, sizeof(ivi.mac)); 974 memcpy(vf_mac.mac, ivi.mac, sizeof(ivi.mac));
961 vf_vlan.vlan = ivi.vlan; 975 vf_vlan.vlan = ivi.vlan;
962 vf_vlan.qos = ivi.qos; 976 vf_vlan.qos = ivi.qos;
963 vf_tx_rate.rate = ivi.tx_rate; 977 vf_tx_rate.rate = ivi.tx_rate;
978 vf_spoofchk.setting = ivi.spoofchk;
964 vf = nla_nest_start(skb, IFLA_VF_INFO); 979 vf = nla_nest_start(skb, IFLA_VF_INFO);
965 if (!vf) { 980 if (!vf) {
966 nla_nest_cancel(skb, vfinfo); 981 nla_nest_cancel(skb, vfinfo);
@@ -968,7 +983,10 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb, struct net_device *dev,
968 } 983 }
969 NLA_PUT(skb, IFLA_VF_MAC, sizeof(vf_mac), &vf_mac); 984 NLA_PUT(skb, IFLA_VF_MAC, sizeof(vf_mac), &vf_mac);
970 NLA_PUT(skb, IFLA_VF_VLAN, sizeof(vf_vlan), &vf_vlan); 985 NLA_PUT(skb, IFLA_VF_VLAN, sizeof(vf_vlan), &vf_vlan);
971 NLA_PUT(skb, IFLA_VF_TX_RATE, sizeof(vf_tx_rate), &vf_tx_rate); 986 NLA_PUT(skb, IFLA_VF_TX_RATE, sizeof(vf_tx_rate),
987 &vf_tx_rate);
988 NLA_PUT(skb, IFLA_VF_SPOOFCHK, sizeof(vf_spoofchk),
989 &vf_spoofchk);
972 nla_nest_end(skb, vf); 990 nla_nest_end(skb, vf);
973 } 991 }
974 nla_nest_end(skb, vfinfo); 992 nla_nest_end(skb, vfinfo);
@@ -1202,6 +1220,15 @@ static int do_setvfinfo(struct net_device *dev, struct nlattr *attr)
1202 ivt->rate); 1220 ivt->rate);
1203 break; 1221 break;
1204 } 1222 }
1223 case IFLA_VF_SPOOFCHK: {
1224 struct ifla_vf_spoofchk *ivs;
1225 ivs = nla_data(vf);
1226 err = -EOPNOTSUPP;
1227 if (ops->ndo_set_vf_spoofchk)
1228 err = ops->ndo_set_vf_spoofchk(dev, ivs->vf,
1229 ivs->setting);
1230 break;
1231 }
1205 default: 1232 default:
1206 err = -EINVAL; 1233 err = -EINVAL;
1207 break; 1234 break;
@@ -1604,7 +1631,6 @@ struct net_device *rtnl_create_link(struct net *src_net, struct net *net,
1604 dev_net_set(dev, net); 1631 dev_net_set(dev, net);
1605 dev->rtnl_link_ops = ops; 1632 dev->rtnl_link_ops = ops;
1606 dev->rtnl_link_state = RTNL_LINK_INITIALIZING; 1633 dev->rtnl_link_state = RTNL_LINK_INITIALIZING;
1607 dev->real_num_tx_queues = real_num_queues;
1608 1634
1609 if (tb[IFLA_MTU]) 1635 if (tb[IFLA_MTU])
1610 dev->mtu = nla_get_u32(tb[IFLA_MTU]); 1636 dev->mtu = nla_get_u32(tb[IFLA_MTU]);
diff --git a/net/core/scm.c b/net/core/scm.c
index 4c1ef026d695..ff52ad0a5150 100644
--- a/net/core/scm.c
+++ b/net/core/scm.c
@@ -173,7 +173,7 @@ int __scm_send(struct socket *sock, struct msghdr *msg, struct scm_cookie *p)
173 if (err) 173 if (err)
174 goto error; 174 goto error;
175 175
176 if (pid_vnr(p->pid) != p->creds.pid) { 176 if (!p->pid || pid_vnr(p->pid) != p->creds.pid) {
177 struct pid *pid; 177 struct pid *pid;
178 err = -ESRCH; 178 err = -ESRCH;
179 pid = find_get_pid(p->creds.pid); 179 pid = find_get_pid(p->creds.pid);
@@ -183,8 +183,9 @@ int __scm_send(struct socket *sock, struct msghdr *msg, struct scm_cookie *p)
183 p->pid = pid; 183 p->pid = pid;
184 } 184 }
185 185
186 if ((p->cred->euid != p->creds.uid) || 186 if (!p->cred ||
187 (p->cred->egid != p->creds.gid)) { 187 (p->cred->euid != p->creds.uid) ||
188 (p->cred->egid != p->creds.gid)) {
188 struct cred *cred; 189 struct cred *cred;
189 err = -ENOMEM; 190 err = -ENOMEM;
190 cred = prepare_creds(); 191 cred = prepare_creds();
@@ -192,8 +193,9 @@ int __scm_send(struct socket *sock, struct msghdr *msg, struct scm_cookie *p)
192 goto error; 193 goto error;
193 194
194 cred->uid = cred->euid = p->creds.uid; 195 cred->uid = cred->euid = p->creds.uid;
195 cred->gid = cred->egid = p->creds.uid; 196 cred->gid = cred->egid = p->creds.gid;
196 put_cred(p->cred); 197 if (p->cred)
198 put_cred(p->cred);
197 p->cred = cred; 199 p->cred = cred;
198 } 200 }
199 break; 201 break;
diff --git a/net/core/secure_seq.c b/net/core/secure_seq.c
new file mode 100644
index 000000000000..025233de25f9
--- /dev/null
+++ b/net/core/secure_seq.c
@@ -0,0 +1,184 @@
1#include <linux/kernel.h>
2#include <linux/init.h>
3#include <linux/cryptohash.h>
4#include <linux/module.h>
5#include <linux/cache.h>
6#include <linux/random.h>
7#include <linux/hrtimer.h>
8#include <linux/ktime.h>
9#include <linux/string.h>
10
11#include <net/secure_seq.h>
12
13static u32 net_secret[MD5_MESSAGE_BYTES / 4] ____cacheline_aligned;
14
15static int __init net_secret_init(void)
16{
17 get_random_bytes(net_secret, sizeof(net_secret));
18 return 0;
19}
20late_initcall(net_secret_init);
21
22static u32 seq_scale(u32 seq)
23{
24 /*
25 * As close as possible to RFC 793, which
26 * suggests using a 250 kHz clock.
27 * Further reading shows this assumes 2 Mb/s networks.
28 * For 10 Mb/s Ethernet, a 1 MHz clock is appropriate.
29 * For 10 Gb/s Ethernet, a 1 GHz clock should be ok, but
30 * we also need to limit the resolution so that the u32 seq
31 * overlaps less than one time per MSL (2 minutes).
32 * Choosing a clock of 64 ns period is OK. (period of 274 s)
33 */
34 return seq + (ktime_to_ns(ktime_get_real()) >> 6);
35}
36
37#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
38__u32 secure_tcpv6_sequence_number(const __be32 *saddr, const __be32 *daddr,
39 __be16 sport, __be16 dport)
40{
41 u32 secret[MD5_MESSAGE_BYTES / 4];
42 u32 hash[MD5_DIGEST_WORDS];
43 u32 i;
44
45 memcpy(hash, saddr, 16);
46 for (i = 0; i < 4; i++)
47 secret[i] = net_secret[i] + daddr[i];
48 secret[4] = net_secret[4] +
49 (((__force u16)sport << 16) + (__force u16)dport);
50 for (i = 5; i < MD5_MESSAGE_BYTES / 4; i++)
51 secret[i] = net_secret[i];
52
53 md5_transform(hash, secret);
54
55 return seq_scale(hash[0]);
56}
57EXPORT_SYMBOL(secure_tcpv6_sequence_number);
58
59u32 secure_ipv6_port_ephemeral(const __be32 *saddr, const __be32 *daddr,
60 __be16 dport)
61{
62 u32 secret[MD5_MESSAGE_BYTES / 4];
63 u32 hash[MD5_DIGEST_WORDS];
64 u32 i;
65
66 memcpy(hash, saddr, 16);
67 for (i = 0; i < 4; i++)
68 secret[i] = net_secret[i] + (__force u32) daddr[i];
69 secret[4] = net_secret[4] + (__force u32)dport;
70 for (i = 5; i < MD5_MESSAGE_BYTES / 4; i++)
71 secret[i] = net_secret[i];
72
73 md5_transform(hash, secret);
74
75 return hash[0];
76}
77#endif
78
79#ifdef CONFIG_INET
80__u32 secure_ip_id(__be32 daddr)
81{
82 u32 hash[MD5_DIGEST_WORDS];
83
84 hash[0] = (__force __u32) daddr;
85 hash[1] = net_secret[13];
86 hash[2] = net_secret[14];
87 hash[3] = net_secret[15];
88
89 md5_transform(hash, net_secret);
90
91 return hash[0];
92}
93
94__u32 secure_ipv6_id(const __be32 daddr[4])
95{
96 __u32 hash[4];
97
98 memcpy(hash, daddr, 16);
99 md5_transform(hash, net_secret);
100
101 return hash[0];
102}
103
104__u32 secure_tcp_sequence_number(__be32 saddr, __be32 daddr,
105 __be16 sport, __be16 dport)
106{
107 u32 hash[MD5_DIGEST_WORDS];
108
109 hash[0] = (__force u32)saddr;
110 hash[1] = (__force u32)daddr;
111 hash[2] = ((__force u16)sport << 16) + (__force u16)dport;
112 hash[3] = net_secret[15];
113
114 md5_transform(hash, net_secret);
115
116 return seq_scale(hash[0]);
117}
118
119u32 secure_ipv4_port_ephemeral(__be32 saddr, __be32 daddr, __be16 dport)
120{
121 u32 hash[MD5_DIGEST_WORDS];
122
123 hash[0] = (__force u32)saddr;
124 hash[1] = (__force u32)daddr;
125 hash[2] = (__force u32)dport ^ net_secret[14];
126 hash[3] = net_secret[15];
127
128 md5_transform(hash, net_secret);
129
130 return hash[0];
131}
132EXPORT_SYMBOL_GPL(secure_ipv4_port_ephemeral);
133#endif
134
135#if defined(CONFIG_IP_DCCP) || defined(CONFIG_IP_DCCP_MODULE)
136u64 secure_dccp_sequence_number(__be32 saddr, __be32 daddr,
137 __be16 sport, __be16 dport)
138{
139 u32 hash[MD5_DIGEST_WORDS];
140 u64 seq;
141
142 hash[0] = (__force u32)saddr;
143 hash[1] = (__force u32)daddr;
144 hash[2] = ((__force u16)sport << 16) + (__force u16)dport;
145 hash[3] = net_secret[15];
146
147 md5_transform(hash, net_secret);
148
149 seq = hash[0] | (((u64)hash[1]) << 32);
150 seq += ktime_to_ns(ktime_get_real());
151 seq &= (1ull << 48) - 1;
152
153 return seq;
154}
155EXPORT_SYMBOL(secure_dccp_sequence_number);
156
157#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
158u64 secure_dccpv6_sequence_number(__be32 *saddr, __be32 *daddr,
159 __be16 sport, __be16 dport)
160{
161 u32 secret[MD5_MESSAGE_BYTES / 4];
162 u32 hash[MD5_DIGEST_WORDS];
163 u64 seq;
164 u32 i;
165
166 memcpy(hash, saddr, 16);
167 for (i = 0; i < 4; i++)
168 secret[i] = net_secret[i] + daddr[i];
169 secret[4] = net_secret[4] +
170 (((__force u16)sport << 16) + (__force u16)dport);
171 for (i = 5; i < MD5_MESSAGE_BYTES / 4; i++)
172 secret[i] = net_secret[i];
173
174 md5_transform(hash, secret);
175
176 seq = hash[0] | (((u64)hash[1]) << 32);
177 seq += ktime_to_ns(ktime_get_real());
178 seq &= (1ull << 48) - 1;
179
180 return seq;
181}
182EXPORT_SYMBOL(secure_dccpv6_sequence_number);
183#endif
184#endif
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 2beda824636e..ca4db40e75b8 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -184,11 +184,20 @@ struct sk_buff *__alloc_skb(unsigned int size, gfp_t gfp_mask,
184 goto out; 184 goto out;
185 prefetchw(skb); 185 prefetchw(skb);
186 186
187 size = SKB_DATA_ALIGN(size); 187 /* We do our best to align skb_shared_info on a separate cache
188 data = kmalloc_node_track_caller(size + sizeof(struct skb_shared_info), 188 * line. It usually works because kmalloc(X > SMP_CACHE_BYTES) gives
189 gfp_mask, node); 189 * aligned memory blocks, unless SLUB/SLAB debug is enabled.
190 * Both skb->head and skb_shared_info are cache line aligned.
191 */
192 size += SKB_DATA_ALIGN(sizeof(struct skb_shared_info));
193 data = kmalloc_node_track_caller(size, gfp_mask, node);
190 if (!data) 194 if (!data)
191 goto nodata; 195 goto nodata;
196 /* kmalloc(size) might give us more room than requested.
197 * Put skb_shared_info exactly at the end of allocated zone,
198 * to allow max possible filling before reallocation.
199 */
200 size = SKB_WITH_OVERHEAD(ksize(data));
192 prefetchw(data + size); 201 prefetchw(data + size);
193 202
194 /* 203 /*
@@ -197,7 +206,8 @@ struct sk_buff *__alloc_skb(unsigned int size, gfp_t gfp_mask,
197 * the tail pointer in struct sk_buff! 206 * the tail pointer in struct sk_buff!
198 */ 207 */
199 memset(skb, 0, offsetof(struct sk_buff, tail)); 208 memset(skb, 0, offsetof(struct sk_buff, tail));
200 skb->truesize = size + sizeof(struct sk_buff); 209 /* Account for allocated memory : skb + skb->head */
210 skb->truesize = SKB_TRUESIZE(size);
201 atomic_set(&skb->users, 1); 211 atomic_set(&skb->users, 1);
202 skb->head = data; 212 skb->head = data;
203 skb->data = data; 213 skb->data = data;
@@ -326,7 +336,7 @@ static void skb_release_data(struct sk_buff *skb)
326 if (skb_shinfo(skb)->nr_frags) { 336 if (skb_shinfo(skb)->nr_frags) {
327 int i; 337 int i;
328 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) 338 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++)
329 put_page(skb_shinfo(skb)->frags[i].page); 339 skb_frag_unref(skb, i);
330 } 340 }
331 341
332 /* 342 /*
@@ -475,6 +485,30 @@ void consume_skb(struct sk_buff *skb)
475EXPORT_SYMBOL(consume_skb); 485EXPORT_SYMBOL(consume_skb);
476 486
477/** 487/**
488 * skb_recycle - clean up an skb for reuse
489 * @skb: buffer
490 *
491 * Recycles the skb to be reused as a receive buffer. This
492 * function does any necessary reference count dropping, and
493 * cleans up the skbuff as if it just came from __alloc_skb().
494 */
495void skb_recycle(struct sk_buff *skb)
496{
497 struct skb_shared_info *shinfo;
498
499 skb_release_head_state(skb);
500
501 shinfo = skb_shinfo(skb);
502 memset(shinfo, 0, offsetof(struct skb_shared_info, dataref));
503 atomic_set(&shinfo->dataref, 1);
504
505 memset(skb, 0, offsetof(struct sk_buff, tail));
506 skb->data = skb->head + NET_SKB_PAD;
507 skb_reset_tail_pointer(skb);
508}
509EXPORT_SYMBOL(skb_recycle);
510
511/**
478 * skb_recycle_check - check if skb can be reused for receive 512 * skb_recycle_check - check if skb can be reused for receive
479 * @skb: buffer 513 * @skb: buffer
480 * @skb_size: minimum receive buffer size 514 * @skb_size: minimum receive buffer size
@@ -488,33 +522,10 @@ EXPORT_SYMBOL(consume_skb);
488 */ 522 */
489bool skb_recycle_check(struct sk_buff *skb, int skb_size) 523bool skb_recycle_check(struct sk_buff *skb, int skb_size)
490{ 524{
491 struct skb_shared_info *shinfo; 525 if (!skb_is_recycleable(skb, skb_size))
492
493 if (irqs_disabled())
494 return false;
495
496 if (skb_shinfo(skb)->tx_flags & SKBTX_DEV_ZEROCOPY)
497 return false; 526 return false;
498 527
499 if (skb_is_nonlinear(skb) || skb->fclone != SKB_FCLONE_UNAVAILABLE) 528 skb_recycle(skb);
500 return false;
501
502 skb_size = SKB_DATA_ALIGN(skb_size + NET_SKB_PAD);
503 if (skb_end_pointer(skb) - skb->head < skb_size)
504 return false;
505
506 if (skb_shared(skb) || skb_cloned(skb))
507 return false;
508
509 skb_release_head_state(skb);
510
511 shinfo = skb_shinfo(skb);
512 memset(shinfo, 0, offsetof(struct skb_shared_info, dataref));
513 atomic_set(&shinfo->dataref, 1);
514
515 memset(skb, 0, offsetof(struct sk_buff, tail));
516 skb->data = skb->head + NET_SKB_PAD;
517 skb_reset_tail_pointer(skb);
518 529
519 return true; 530 return true;
520} 531}
@@ -529,6 +540,8 @@ static void __copy_skb_header(struct sk_buff *new, const struct sk_buff *old)
529 new->mac_header = old->mac_header; 540 new->mac_header = old->mac_header;
530 skb_dst_copy(new, old); 541 skb_dst_copy(new, old);
531 new->rxhash = old->rxhash; 542 new->rxhash = old->rxhash;
543 new->ooo_okay = old->ooo_okay;
544 new->l4_rxhash = old->l4_rxhash;
532#ifdef CONFIG_XFRM 545#ifdef CONFIG_XFRM
533 new->sp = secpath_get(old->sp); 546 new->sp = secpath_get(old->sp);
534#endif 547#endif
@@ -611,8 +624,21 @@ struct sk_buff *skb_morph(struct sk_buff *dst, struct sk_buff *src)
611} 624}
612EXPORT_SYMBOL_GPL(skb_morph); 625EXPORT_SYMBOL_GPL(skb_morph);
613 626
614/* skb frags copy userspace buffers to kernel */ 627/* skb_copy_ubufs - copy userspace skb frags buffers to kernel
615static int skb_copy_ubufs(struct sk_buff *skb, gfp_t gfp_mask) 628 * @skb: the skb to modify
629 * @gfp_mask: allocation priority
630 *
631 * This must be called on SKBTX_DEV_ZEROCOPY skb.
632 * It will copy all frags into kernel and drop the reference
633 * to userspace pages.
634 *
635 * If this function is called from an interrupt gfp_mask() must be
636 * %GFP_ATOMIC.
637 *
638 * Returns 0 on success or a negative error code on failure
639 * to allocate kernel memory to copy to.
640 */
641int skb_copy_ubufs(struct sk_buff *skb, gfp_t gfp_mask)
616{ 642{
617 int i; 643 int i;
618 int num_frags = skb_shinfo(skb)->nr_frags; 644 int num_frags = skb_shinfo(skb)->nr_frags;
@@ -634,7 +660,7 @@ static int skb_copy_ubufs(struct sk_buff *skb, gfp_t gfp_mask)
634 } 660 }
635 vaddr = kmap_skb_frag(&skb_shinfo(skb)->frags[i]); 661 vaddr = kmap_skb_frag(&skb_shinfo(skb)->frags[i]);
636 memcpy(page_address(page), 662 memcpy(page_address(page),
637 vaddr + f->page_offset, f->size); 663 vaddr + f->page_offset, skb_frag_size(f));
638 kunmap_skb_frag(vaddr); 664 kunmap_skb_frag(vaddr);
639 page->private = (unsigned long)head; 665 page->private = (unsigned long)head;
640 head = page; 666 head = page;
@@ -642,16 +668,18 @@ static int skb_copy_ubufs(struct sk_buff *skb, gfp_t gfp_mask)
642 668
643 /* skb frags release userspace buffers */ 669 /* skb frags release userspace buffers */
644 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) 670 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++)
645 put_page(skb_shinfo(skb)->frags[i].page); 671 skb_frag_unref(skb, i);
646 672
647 uarg->callback(uarg); 673 uarg->callback(uarg);
648 674
649 /* skb frags point to kernel buffers */ 675 /* skb frags point to kernel buffers */
650 for (i = skb_shinfo(skb)->nr_frags; i > 0; i--) { 676 for (i = skb_shinfo(skb)->nr_frags; i > 0; i--) {
651 skb_shinfo(skb)->frags[i - 1].page_offset = 0; 677 __skb_fill_page_desc(skb, i-1, head, 0,
652 skb_shinfo(skb)->frags[i - 1].page = head; 678 skb_shinfo(skb)->frags[i - 1].size);
653 head = (struct page *)head->private; 679 head = (struct page *)head->private;
654 } 680 }
681
682 skb_shinfo(skb)->tx_flags &= ~SKBTX_DEV_ZEROCOPY;
655 return 0; 683 return 0;
656} 684}
657 685
@@ -677,7 +705,6 @@ struct sk_buff *skb_clone(struct sk_buff *skb, gfp_t gfp_mask)
677 if (skb_shinfo(skb)->tx_flags & SKBTX_DEV_ZEROCOPY) { 705 if (skb_shinfo(skb)->tx_flags & SKBTX_DEV_ZEROCOPY) {
678 if (skb_copy_ubufs(skb, gfp_mask)) 706 if (skb_copy_ubufs(skb, gfp_mask))
679 return NULL; 707 return NULL;
680 skb_shinfo(skb)->tx_flags &= ~SKBTX_DEV_ZEROCOPY;
681 } 708 }
682 709
683 n = skb + 1; 710 n = skb + 1;
@@ -803,11 +830,10 @@ struct sk_buff *pskb_copy(struct sk_buff *skb, gfp_t gfp_mask)
803 n = NULL; 830 n = NULL;
804 goto out; 831 goto out;
805 } 832 }
806 skb_shinfo(skb)->tx_flags &= ~SKBTX_DEV_ZEROCOPY;
807 } 833 }
808 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) { 834 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
809 skb_shinfo(n)->frags[i] = skb_shinfo(skb)->frags[i]; 835 skb_shinfo(n)->frags[i] = skb_shinfo(skb)->frags[i];
810 get_page(skb_shinfo(n)->frags[i].page); 836 skb_frag_ref(skb, i);
811 } 837 }
812 skb_shinfo(n)->nr_frags = i; 838 skb_shinfo(n)->nr_frags = i;
813 } 839 }
@@ -896,10 +922,9 @@ int pskb_expand_head(struct sk_buff *skb, int nhead, int ntail,
896 if (skb_shinfo(skb)->tx_flags & SKBTX_DEV_ZEROCOPY) { 922 if (skb_shinfo(skb)->tx_flags & SKBTX_DEV_ZEROCOPY) {
897 if (skb_copy_ubufs(skb, gfp_mask)) 923 if (skb_copy_ubufs(skb, gfp_mask))
898 goto nofrags; 924 goto nofrags;
899 skb_shinfo(skb)->tx_flags &= ~SKBTX_DEV_ZEROCOPY;
900 } 925 }
901 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) 926 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++)
902 get_page(skb_shinfo(skb)->frags[i].page); 927 skb_frag_ref(skb, i);
903 928
904 if (skb_has_frag_list(skb)) 929 if (skb_has_frag_list(skb))
905 skb_clone_fraglist(skb); 930 skb_clone_fraglist(skb);
@@ -1166,20 +1191,20 @@ int ___pskb_trim(struct sk_buff *skb, unsigned int len)
1166 goto drop_pages; 1191 goto drop_pages;
1167 1192
1168 for (; i < nfrags; i++) { 1193 for (; i < nfrags; i++) {
1169 int end = offset + skb_shinfo(skb)->frags[i].size; 1194 int end = offset + skb_frag_size(&skb_shinfo(skb)->frags[i]);
1170 1195
1171 if (end < len) { 1196 if (end < len) {
1172 offset = end; 1197 offset = end;
1173 continue; 1198 continue;
1174 } 1199 }
1175 1200
1176 skb_shinfo(skb)->frags[i++].size = len - offset; 1201 skb_frag_size_set(&skb_shinfo(skb)->frags[i++], len - offset);
1177 1202
1178drop_pages: 1203drop_pages:
1179 skb_shinfo(skb)->nr_frags = i; 1204 skb_shinfo(skb)->nr_frags = i;
1180 1205
1181 for (; i < nfrags; i++) 1206 for (; i < nfrags; i++)
1182 put_page(skb_shinfo(skb)->frags[i].page); 1207 skb_frag_unref(skb, i);
1183 1208
1184 if (skb_has_frag_list(skb)) 1209 if (skb_has_frag_list(skb))
1185 skb_drop_fraglist(skb); 1210 skb_drop_fraglist(skb);
@@ -1282,9 +1307,11 @@ unsigned char *__pskb_pull_tail(struct sk_buff *skb, int delta)
1282 /* Estimate size of pulled pages. */ 1307 /* Estimate size of pulled pages. */
1283 eat = delta; 1308 eat = delta;
1284 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) { 1309 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
1285 if (skb_shinfo(skb)->frags[i].size >= eat) 1310 int size = skb_frag_size(&skb_shinfo(skb)->frags[i]);
1311
1312 if (size >= eat)
1286 goto pull_pages; 1313 goto pull_pages;
1287 eat -= skb_shinfo(skb)->frags[i].size; 1314 eat -= size;
1288 } 1315 }
1289 1316
1290 /* If we need update frag list, we are in troubles. 1317 /* If we need update frag list, we are in troubles.
@@ -1347,14 +1374,16 @@ pull_pages:
1347 eat = delta; 1374 eat = delta;
1348 k = 0; 1375 k = 0;
1349 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) { 1376 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
1350 if (skb_shinfo(skb)->frags[i].size <= eat) { 1377 int size = skb_frag_size(&skb_shinfo(skb)->frags[i]);
1351 put_page(skb_shinfo(skb)->frags[i].page); 1378
1352 eat -= skb_shinfo(skb)->frags[i].size; 1379 if (size <= eat) {
1380 skb_frag_unref(skb, i);
1381 eat -= size;
1353 } else { 1382 } else {
1354 skb_shinfo(skb)->frags[k] = skb_shinfo(skb)->frags[i]; 1383 skb_shinfo(skb)->frags[k] = skb_shinfo(skb)->frags[i];
1355 if (eat) { 1384 if (eat) {
1356 skb_shinfo(skb)->frags[k].page_offset += eat; 1385 skb_shinfo(skb)->frags[k].page_offset += eat;
1357 skb_shinfo(skb)->frags[k].size -= eat; 1386 skb_frag_size_sub(&skb_shinfo(skb)->frags[k], eat);
1358 eat = 0; 1387 eat = 0;
1359 } 1388 }
1360 k++; 1389 k++;
@@ -1369,8 +1398,21 @@ pull_pages:
1369} 1398}
1370EXPORT_SYMBOL(__pskb_pull_tail); 1399EXPORT_SYMBOL(__pskb_pull_tail);
1371 1400
1372/* Copy some data bits from skb to kernel buffer. */ 1401/**
1373 1402 * skb_copy_bits - copy bits from skb to kernel buffer
1403 * @skb: source skb
1404 * @offset: offset in source
1405 * @to: destination buffer
1406 * @len: number of bytes to copy
1407 *
1408 * Copy the specified number of bytes from the source skb to the
1409 * destination buffer.
1410 *
1411 * CAUTION ! :
1412 * If its prototype is ever changed,
1413 * check arch/{*}/net/{*}.S files,
1414 * since it is called from BPF assembly code.
1415 */
1374int skb_copy_bits(const struct sk_buff *skb, int offset, void *to, int len) 1416int skb_copy_bits(const struct sk_buff *skb, int offset, void *to, int len)
1375{ 1417{
1376 int start = skb_headlen(skb); 1418 int start = skb_headlen(skb);
@@ -1396,7 +1438,7 @@ int skb_copy_bits(const struct sk_buff *skb, int offset, void *to, int len)
1396 1438
1397 WARN_ON(start > offset + len); 1439 WARN_ON(start > offset + len);
1398 1440
1399 end = start + skb_shinfo(skb)->frags[i].size; 1441 end = start + skb_frag_size(&skb_shinfo(skb)->frags[i]);
1400 if ((copy = end - offset) > 0) { 1442 if ((copy = end - offset) > 0) {
1401 u8 *vaddr; 1443 u8 *vaddr;
1402 1444
@@ -1594,7 +1636,8 @@ static int __skb_splice_bits(struct sk_buff *skb, struct pipe_inode_info *pipe,
1594 for (seg = 0; seg < skb_shinfo(skb)->nr_frags; seg++) { 1636 for (seg = 0; seg < skb_shinfo(skb)->nr_frags; seg++) {
1595 const skb_frag_t *f = &skb_shinfo(skb)->frags[seg]; 1637 const skb_frag_t *f = &skb_shinfo(skb)->frags[seg];
1596 1638
1597 if (__splice_segment(f->page, f->page_offset, f->size, 1639 if (__splice_segment(skb_frag_page(f),
1640 f->page_offset, skb_frag_size(f),
1598 offset, len, skb, spd, 0, sk, pipe)) 1641 offset, len, skb, spd, 0, sk, pipe))
1599 return 1; 1642 return 1;
1600 } 1643 }
@@ -1704,7 +1747,7 @@ int skb_store_bits(struct sk_buff *skb, int offset, const void *from, int len)
1704 1747
1705 WARN_ON(start > offset + len); 1748 WARN_ON(start > offset + len);
1706 1749
1707 end = start + frag->size; 1750 end = start + skb_frag_size(frag);
1708 if ((copy = end - offset) > 0) { 1751 if ((copy = end - offset) > 0) {
1709 u8 *vaddr; 1752 u8 *vaddr;
1710 1753
@@ -1777,7 +1820,7 @@ __wsum skb_checksum(const struct sk_buff *skb, int offset,
1777 1820
1778 WARN_ON(start > offset + len); 1821 WARN_ON(start > offset + len);
1779 1822
1780 end = start + skb_shinfo(skb)->frags[i].size; 1823 end = start + skb_frag_size(&skb_shinfo(skb)->frags[i]);
1781 if ((copy = end - offset) > 0) { 1824 if ((copy = end - offset) > 0) {
1782 __wsum csum2; 1825 __wsum csum2;
1783 u8 *vaddr; 1826 u8 *vaddr;
@@ -1852,7 +1895,7 @@ __wsum skb_copy_and_csum_bits(const struct sk_buff *skb, int offset,
1852 1895
1853 WARN_ON(start > offset + len); 1896 WARN_ON(start > offset + len);
1854 1897
1855 end = start + skb_shinfo(skb)->frags[i].size; 1898 end = start + skb_frag_size(&skb_shinfo(skb)->frags[i]);
1856 if ((copy = end - offset) > 0) { 1899 if ((copy = end - offset) > 0) {
1857 __wsum csum2; 1900 __wsum csum2;
1858 u8 *vaddr; 1901 u8 *vaddr;
@@ -2125,7 +2168,7 @@ static inline void skb_split_no_header(struct sk_buff *skb,
2125 skb->data_len = len - pos; 2168 skb->data_len = len - pos;
2126 2169
2127 for (i = 0; i < nfrags; i++) { 2170 for (i = 0; i < nfrags; i++) {
2128 int size = skb_shinfo(skb)->frags[i].size; 2171 int size = skb_frag_size(&skb_shinfo(skb)->frags[i]);
2129 2172
2130 if (pos + size > len) { 2173 if (pos + size > len) {
2131 skb_shinfo(skb1)->frags[k] = skb_shinfo(skb)->frags[i]; 2174 skb_shinfo(skb1)->frags[k] = skb_shinfo(skb)->frags[i];
@@ -2139,10 +2182,10 @@ static inline void skb_split_no_header(struct sk_buff *skb,
2139 * where splitting is expensive. 2182 * where splitting is expensive.
2140 * 2. Split is accurately. We make this. 2183 * 2. Split is accurately. We make this.
2141 */ 2184 */
2142 get_page(skb_shinfo(skb)->frags[i].page); 2185 skb_frag_ref(skb, i);
2143 skb_shinfo(skb1)->frags[0].page_offset += len - pos; 2186 skb_shinfo(skb1)->frags[0].page_offset += len - pos;
2144 skb_shinfo(skb1)->frags[0].size -= len - pos; 2187 skb_frag_size_sub(&skb_shinfo(skb1)->frags[0], len - pos);
2145 skb_shinfo(skb)->frags[i].size = len - pos; 2188 skb_frag_size_set(&skb_shinfo(skb)->frags[i], len - pos);
2146 skb_shinfo(skb)->nr_frags++; 2189 skb_shinfo(skb)->nr_frags++;
2147 } 2190 }
2148 k++; 2191 k++;
@@ -2214,12 +2257,13 @@ int skb_shift(struct sk_buff *tgt, struct sk_buff *skb, int shiftlen)
2214 * commit all, so that we don't have to undo partial changes 2257 * commit all, so that we don't have to undo partial changes
2215 */ 2258 */
2216 if (!to || 2259 if (!to ||
2217 !skb_can_coalesce(tgt, to, fragfrom->page, fragfrom->page_offset)) { 2260 !skb_can_coalesce(tgt, to, skb_frag_page(fragfrom),
2261 fragfrom->page_offset)) {
2218 merge = -1; 2262 merge = -1;
2219 } else { 2263 } else {
2220 merge = to - 1; 2264 merge = to - 1;
2221 2265
2222 todo -= fragfrom->size; 2266 todo -= skb_frag_size(fragfrom);
2223 if (todo < 0) { 2267 if (todo < 0) {
2224 if (skb_prepare_for_shift(skb) || 2268 if (skb_prepare_for_shift(skb) ||
2225 skb_prepare_for_shift(tgt)) 2269 skb_prepare_for_shift(tgt))
@@ -2229,8 +2273,8 @@ int skb_shift(struct sk_buff *tgt, struct sk_buff *skb, int shiftlen)
2229 fragfrom = &skb_shinfo(skb)->frags[from]; 2273 fragfrom = &skb_shinfo(skb)->frags[from];
2230 fragto = &skb_shinfo(tgt)->frags[merge]; 2274 fragto = &skb_shinfo(tgt)->frags[merge];
2231 2275
2232 fragto->size += shiftlen; 2276 skb_frag_size_add(fragto, shiftlen);
2233 fragfrom->size -= shiftlen; 2277 skb_frag_size_sub(fragfrom, shiftlen);
2234 fragfrom->page_offset += shiftlen; 2278 fragfrom->page_offset += shiftlen;
2235 2279
2236 goto onlymerged; 2280 goto onlymerged;
@@ -2254,20 +2298,20 @@ int skb_shift(struct sk_buff *tgt, struct sk_buff *skb, int shiftlen)
2254 fragfrom = &skb_shinfo(skb)->frags[from]; 2298 fragfrom = &skb_shinfo(skb)->frags[from];
2255 fragto = &skb_shinfo(tgt)->frags[to]; 2299 fragto = &skb_shinfo(tgt)->frags[to];
2256 2300
2257 if (todo >= fragfrom->size) { 2301 if (todo >= skb_frag_size(fragfrom)) {
2258 *fragto = *fragfrom; 2302 *fragto = *fragfrom;
2259 todo -= fragfrom->size; 2303 todo -= skb_frag_size(fragfrom);
2260 from++; 2304 from++;
2261 to++; 2305 to++;
2262 2306
2263 } else { 2307 } else {
2264 get_page(fragfrom->page); 2308 __skb_frag_ref(fragfrom);
2265 fragto->page = fragfrom->page; 2309 fragto->page = fragfrom->page;
2266 fragto->page_offset = fragfrom->page_offset; 2310 fragto->page_offset = fragfrom->page_offset;
2267 fragto->size = todo; 2311 skb_frag_size_set(fragto, todo);
2268 2312
2269 fragfrom->page_offset += todo; 2313 fragfrom->page_offset += todo;
2270 fragfrom->size -= todo; 2314 skb_frag_size_sub(fragfrom, todo);
2271 todo = 0; 2315 todo = 0;
2272 2316
2273 to++; 2317 to++;
@@ -2282,8 +2326,8 @@ int skb_shift(struct sk_buff *tgt, struct sk_buff *skb, int shiftlen)
2282 fragfrom = &skb_shinfo(skb)->frags[0]; 2326 fragfrom = &skb_shinfo(skb)->frags[0];
2283 fragto = &skb_shinfo(tgt)->frags[merge]; 2327 fragto = &skb_shinfo(tgt)->frags[merge];
2284 2328
2285 fragto->size += fragfrom->size; 2329 skb_frag_size_add(fragto, skb_frag_size(fragfrom));
2286 put_page(fragfrom->page); 2330 __skb_frag_unref(fragfrom);
2287 } 2331 }
2288 2332
2289 /* Reposition in the original skb */ 2333 /* Reposition in the original skb */
@@ -2380,7 +2424,7 @@ next_skb:
2380 2424
2381 while (st->frag_idx < skb_shinfo(st->cur_skb)->nr_frags) { 2425 while (st->frag_idx < skb_shinfo(st->cur_skb)->nr_frags) {
2382 frag = &skb_shinfo(st->cur_skb)->frags[st->frag_idx]; 2426 frag = &skb_shinfo(st->cur_skb)->frags[st->frag_idx];
2383 block_limit = frag->size + st->stepped_offset; 2427 block_limit = skb_frag_size(frag) + st->stepped_offset;
2384 2428
2385 if (abs_offset < block_limit) { 2429 if (abs_offset < block_limit) {
2386 if (!st->frag_data) 2430 if (!st->frag_data)
@@ -2398,7 +2442,7 @@ next_skb:
2398 } 2442 }
2399 2443
2400 st->frag_idx++; 2444 st->frag_idx++;
2401 st->stepped_offset += frag->size; 2445 st->stepped_offset += skb_frag_size(frag);
2402 } 2446 }
2403 2447
2404 if (st->frag_data) { 2448 if (st->frag_data) {
@@ -2528,14 +2572,13 @@ int skb_append_datato_frags(struct sock *sk, struct sk_buff *skb,
2528 left = PAGE_SIZE - frag->page_offset; 2572 left = PAGE_SIZE - frag->page_offset;
2529 copy = (length > left)? left : length; 2573 copy = (length > left)? left : length;
2530 2574
2531 ret = getfrag(from, (page_address(frag->page) + 2575 ret = getfrag(from, skb_frag_address(frag) + skb_frag_size(frag),
2532 frag->page_offset + frag->size),
2533 offset, copy, 0, skb); 2576 offset, copy, 0, skb);
2534 if (ret < 0) 2577 if (ret < 0)
2535 return -EFAULT; 2578 return -EFAULT;
2536 2579
2537 /* copy was successful so update the size parameters */ 2580 /* copy was successful so update the size parameters */
2538 frag->size += copy; 2581 skb_frag_size_add(frag, copy);
2539 skb->len += copy; 2582 skb->len += copy;
2540 skb->data_len += copy; 2583 skb->data_len += copy;
2541 offset += copy; 2584 offset += copy;
@@ -2681,12 +2724,12 @@ struct sk_buff *skb_segment(struct sk_buff *skb, u32 features)
2681 2724
2682 while (pos < offset + len && i < nfrags) { 2725 while (pos < offset + len && i < nfrags) {
2683 *frag = skb_shinfo(skb)->frags[i]; 2726 *frag = skb_shinfo(skb)->frags[i];
2684 get_page(frag->page); 2727 __skb_frag_ref(frag);
2685 size = frag->size; 2728 size = skb_frag_size(frag);
2686 2729
2687 if (pos < offset) { 2730 if (pos < offset) {
2688 frag->page_offset += offset - pos; 2731 frag->page_offset += offset - pos;
2689 frag->size -= offset - pos; 2732 skb_frag_size_sub(frag, offset - pos);
2690 } 2733 }
2691 2734
2692 skb_shinfo(nskb)->nr_frags++; 2735 skb_shinfo(nskb)->nr_frags++;
@@ -2695,7 +2738,7 @@ struct sk_buff *skb_segment(struct sk_buff *skb, u32 features)
2695 i++; 2738 i++;
2696 pos += size; 2739 pos += size;
2697 } else { 2740 } else {
2698 frag->size -= pos + size - (offset + len); 2741 skb_frag_size_sub(frag, pos + size - (offset + len));
2699 goto skip_fraglist; 2742 goto skip_fraglist;
2700 } 2743 }
2701 2744
@@ -2775,7 +2818,7 @@ int skb_gro_receive(struct sk_buff **head, struct sk_buff *skb)
2775 } while (--i); 2818 } while (--i);
2776 2819
2777 frag->page_offset += offset; 2820 frag->page_offset += offset;
2778 frag->size -= offset; 2821 skb_frag_size_sub(frag, offset);
2779 2822
2780 skb->truesize -= skb->data_len; 2823 skb->truesize -= skb->data_len;
2781 skb->len -= skb->data_len; 2824 skb->len -= skb->data_len;
@@ -2827,7 +2870,7 @@ merge:
2827 unsigned int eat = offset - headlen; 2870 unsigned int eat = offset - headlen;
2828 2871
2829 skbinfo->frags[0].page_offset += eat; 2872 skbinfo->frags[0].page_offset += eat;
2830 skbinfo->frags[0].size -= eat; 2873 skb_frag_size_sub(&skbinfo->frags[0], eat);
2831 skb->data_len -= eat; 2874 skb->data_len -= eat;
2832 skb->len -= eat; 2875 skb->len -= eat;
2833 offset = headlen; 2876 offset = headlen;
@@ -2898,13 +2941,13 @@ __skb_to_sgvec(struct sk_buff *skb, struct scatterlist *sg, int offset, int len)
2898 2941
2899 WARN_ON(start > offset + len); 2942 WARN_ON(start > offset + len);
2900 2943
2901 end = start + skb_shinfo(skb)->frags[i].size; 2944 end = start + skb_frag_size(&skb_shinfo(skb)->frags[i]);
2902 if ((copy = end - offset) > 0) { 2945 if ((copy = end - offset) > 0) {
2903 skb_frag_t *frag = &skb_shinfo(skb)->frags[i]; 2946 skb_frag_t *frag = &skb_shinfo(skb)->frags[i];
2904 2947
2905 if (copy > len) 2948 if (copy > len)
2906 copy = len; 2949 copy = len;
2907 sg_set_page(&sg[elt], frag->page, copy, 2950 sg_set_page(&sg[elt], skb_frag_page(frag), copy,
2908 frag->page_offset+offset-start); 2951 frag->page_offset+offset-start);
2909 elt++; 2952 elt++;
2910 if (!(len -= copy)) 2953 if (!(len -= copy))
diff --git a/net/core/sock.c b/net/core/sock.c
index bc745d00ea4d..4ed7b1d12f5e 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -207,7 +207,7 @@ static struct lock_class_key af_callback_keys[AF_MAX];
207 * not depend upon such differences. 207 * not depend upon such differences.
208 */ 208 */
209#define _SK_MEM_PACKETS 256 209#define _SK_MEM_PACKETS 256
210#define _SK_MEM_OVERHEAD (sizeof(struct sk_buff) + 256) 210#define _SK_MEM_OVERHEAD SKB_TRUESIZE(256)
211#define SK_WMEM_MAX (_SK_MEM_OVERHEAD * _SK_MEM_PACKETS) 211#define SK_WMEM_MAX (_SK_MEM_OVERHEAD * _SK_MEM_PACKETS)
212#define SK_RMEM_MAX (_SK_MEM_OVERHEAD * _SK_MEM_PACKETS) 212#define SK_RMEM_MAX (_SK_MEM_OVERHEAD * _SK_MEM_PACKETS)
213 213
@@ -387,7 +387,7 @@ struct dst_entry *__sk_dst_check(struct sock *sk, u32 cookie)
387 387
388 if (dst && dst->obsolete && dst->ops->check(dst, cookie) == NULL) { 388 if (dst && dst->obsolete && dst->ops->check(dst, cookie) == NULL) {
389 sk_tx_queue_clear(sk); 389 sk_tx_queue_clear(sk);
390 rcu_assign_pointer(sk->sk_dst_cache, NULL); 390 RCU_INIT_POINTER(sk->sk_dst_cache, NULL);
391 dst_release(dst); 391 dst_release(dst);
392 return NULL; 392 return NULL;
393 } 393 }
@@ -738,10 +738,7 @@ set_rcvbuf:
738 /* We implement the SO_SNDLOWAT etc to 738 /* We implement the SO_SNDLOWAT etc to
739 not be settable (1003.1g 5.3) */ 739 not be settable (1003.1g 5.3) */
740 case SO_RXQ_OVFL: 740 case SO_RXQ_OVFL:
741 if (valbool) 741 sock_valbool_flag(sk, SOCK_RXQ_OVFL, valbool);
742 sock_set_flag(sk, SOCK_RXQ_OVFL);
743 else
744 sock_reset_flag(sk, SOCK_RXQ_OVFL);
745 break; 742 break;
746 default: 743 default:
747 ret = -ENOPROTOOPT; 744 ret = -ENOPROTOOPT;
@@ -1158,7 +1155,7 @@ static void __sk_free(struct sock *sk)
1158 atomic_read(&sk->sk_wmem_alloc) == 0); 1155 atomic_read(&sk->sk_wmem_alloc) == 0);
1159 if (filter) { 1156 if (filter) {
1160 sk_filter_uncharge(sk, filter); 1157 sk_filter_uncharge(sk, filter);
1161 rcu_assign_pointer(sk->sk_filter, NULL); 1158 RCU_INIT_POINTER(sk->sk_filter, NULL);
1162 } 1159 }
1163 1160
1164 sock_disable_timestamp(sk, SOCK_TIMESTAMP); 1161 sock_disable_timestamp(sk, SOCK_TIMESTAMP);
@@ -1260,6 +1257,7 @@ struct sock *sk_clone(const struct sock *sk, const gfp_t priority)
1260 /* It is still raw copy of parent, so invalidate 1257 /* It is still raw copy of parent, so invalidate
1261 * destructor and make plain sk_free() */ 1258 * destructor and make plain sk_free() */
1262 newsk->sk_destruct = NULL; 1259 newsk->sk_destruct = NULL;
1260 bh_unlock_sock(newsk);
1263 sk_free(newsk); 1261 sk_free(newsk);
1264 newsk = NULL; 1262 newsk = NULL;
1265 goto out; 1263 goto out;
@@ -1533,7 +1531,6 @@ struct sk_buff *sock_alloc_send_pskb(struct sock *sk, unsigned long header_len,
1533 skb_shinfo(skb)->nr_frags = npages; 1531 skb_shinfo(skb)->nr_frags = npages;
1534 for (i = 0; i < npages; i++) { 1532 for (i = 0; i < npages; i++) {
1535 struct page *page; 1533 struct page *page;
1536 skb_frag_t *frag;
1537 1534
1538 page = alloc_pages(sk->sk_allocation, 0); 1535 page = alloc_pages(sk->sk_allocation, 0);
1539 if (!page) { 1536 if (!page) {
@@ -1543,12 +1540,11 @@ struct sk_buff *sock_alloc_send_pskb(struct sock *sk, unsigned long header_len,
1543 goto failure; 1540 goto failure;
1544 } 1541 }
1545 1542
1546 frag = &skb_shinfo(skb)->frags[i]; 1543 __skb_fill_page_desc(skb, i,
1547 frag->page = page; 1544 page, 0,
1548 frag->page_offset = 0; 1545 (data_len >= PAGE_SIZE ?
1549 frag->size = (data_len >= PAGE_SIZE ? 1546 PAGE_SIZE :
1550 PAGE_SIZE : 1547 data_len));
1551 data_len);
1552 data_len -= PAGE_SIZE; 1548 data_len -= PAGE_SIZE;
1553 } 1549 }
1554 1550
diff --git a/net/core/timestamping.c b/net/core/timestamping.c
index 98a52640e7cd..82fb28857b64 100644
--- a/net/core/timestamping.c
+++ b/net/core/timestamping.c
@@ -57,9 +57,13 @@ void skb_clone_tx_timestamp(struct sk_buff *skb)
57 case PTP_CLASS_V2_VLAN: 57 case PTP_CLASS_V2_VLAN:
58 phydev = skb->dev->phydev; 58 phydev = skb->dev->phydev;
59 if (likely(phydev->drv->txtstamp)) { 59 if (likely(phydev->drv->txtstamp)) {
60 if (!atomic_inc_not_zero(&sk->sk_refcnt))
61 return;
60 clone = skb_clone(skb, GFP_ATOMIC); 62 clone = skb_clone(skb, GFP_ATOMIC);
61 if (!clone) 63 if (!clone) {
64 sock_put(sk);
62 return; 65 return;
66 }
63 clone->sk = sk; 67 clone->sk = sk;
64 phydev->drv->txtstamp(phydev, clone, type); 68 phydev->drv->txtstamp(phydev, clone, type);
65 } 69 }
@@ -77,8 +81,11 @@ void skb_complete_tx_timestamp(struct sk_buff *skb,
77 struct sock_exterr_skb *serr; 81 struct sock_exterr_skb *serr;
78 int err; 82 int err;
79 83
80 if (!hwtstamps) 84 if (!hwtstamps) {
85 sock_put(sk);
86 kfree_skb(skb);
81 return; 87 return;
88 }
82 89
83 *skb_hwtstamps(skb) = *hwtstamps; 90 *skb_hwtstamps(skb) = *hwtstamps;
84 serr = SKB_EXT_ERR(skb); 91 serr = SKB_EXT_ERR(skb);
@@ -87,6 +94,7 @@ void skb_complete_tx_timestamp(struct sk_buff *skb,
87 serr->ee.ee_origin = SO_EE_ORIGIN_TIMESTAMPING; 94 serr->ee.ee_origin = SO_EE_ORIGIN_TIMESTAMPING;
88 skb->sk = NULL; 95 skb->sk = NULL;
89 err = sock_queue_err_skb(sk, skb); 96 err = sock_queue_err_skb(sk, skb);
97 sock_put(sk);
90 if (err) 98 if (err)
91 kfree_skb(skb); 99 kfree_skb(skb);
92} 100}
diff --git a/net/core/user_dma.c b/net/core/user_dma.c
index 25d717ebc92e..2d7cf3d52b4c 100644
--- a/net/core/user_dma.c
+++ b/net/core/user_dma.c
@@ -71,14 +71,14 @@ int dma_skb_copy_datagram_iovec(struct dma_chan *chan,
71 /* Copy paged appendix. Hmm... why does this look so complicated? */ 71 /* Copy paged appendix. Hmm... why does this look so complicated? */
72 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) { 72 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
73 int end; 73 int end;
74 const skb_frag_t *frag = &skb_shinfo(skb)->frags[i];
74 75
75 WARN_ON(start > offset + len); 76 WARN_ON(start > offset + len);
76 77
77 end = start + skb_shinfo(skb)->frags[i].size; 78 end = start + skb_frag_size(frag);
78 copy = end - offset; 79 copy = end - offset;
79 if (copy > 0) { 80 if (copy > 0) {
80 skb_frag_t *frag = &skb_shinfo(skb)->frags[i]; 81 struct page *page = skb_frag_page(frag);
81 struct page *page = frag->page;
82 82
83 if (copy > len) 83 if (copy > len)
84 copy = len; 84 copy = len;
diff --git a/net/dcb/dcbnl.c b/net/dcb/dcbnl.c
index 3cb56af4e13c..9bfbc1d1b50c 100644
--- a/net/dcb/dcbnl.c
+++ b/net/dcb/dcbnl.c
@@ -1255,7 +1255,7 @@ static int dcbnl_ieee_fill(struct sk_buff *skb, struct net_device *netdev)
1255 1255
1256 spin_lock(&dcb_lock); 1256 spin_lock(&dcb_lock);
1257 list_for_each_entry(itr, &dcb_app_list, list) { 1257 list_for_each_entry(itr, &dcb_app_list, list) {
1258 if (strncmp(itr->name, netdev->name, IFNAMSIZ) == 0) { 1258 if (itr->ifindex == netdev->ifindex) {
1259 err = nla_put(skb, DCB_ATTR_IEEE_APP, sizeof(itr->app), 1259 err = nla_put(skb, DCB_ATTR_IEEE_APP, sizeof(itr->app),
1260 &itr->app); 1260 &itr->app);
1261 if (err) { 1261 if (err) {
@@ -1412,7 +1412,7 @@ static int dcbnl_cee_fill(struct sk_buff *skb, struct net_device *netdev)
1412 goto dcb_unlock; 1412 goto dcb_unlock;
1413 1413
1414 list_for_each_entry(itr, &dcb_app_list, list) { 1414 list_for_each_entry(itr, &dcb_app_list, list) {
1415 if (strncmp(itr->name, netdev->name, IFNAMSIZ) == 0) { 1415 if (itr->ifindex == netdev->ifindex) {
1416 struct nlattr *app_nest = nla_nest_start(skb, 1416 struct nlattr *app_nest = nla_nest_start(skb,
1417 DCB_ATTR_APP); 1417 DCB_ATTR_APP);
1418 if (!app_nest) 1418 if (!app_nest)
@@ -2050,7 +2050,7 @@ u8 dcb_getapp(struct net_device *dev, struct dcb_app *app)
2050 list_for_each_entry(itr, &dcb_app_list, list) { 2050 list_for_each_entry(itr, &dcb_app_list, list) {
2051 if (itr->app.selector == app->selector && 2051 if (itr->app.selector == app->selector &&
2052 itr->app.protocol == app->protocol && 2052 itr->app.protocol == app->protocol &&
2053 (strncmp(itr->name, dev->name, IFNAMSIZ) == 0)) { 2053 itr->ifindex == dev->ifindex) {
2054 prio = itr->app.priority; 2054 prio = itr->app.priority;
2055 break; 2055 break;
2056 } 2056 }
@@ -2073,15 +2073,17 @@ int dcb_setapp(struct net_device *dev, struct dcb_app *new)
2073 struct dcb_app_type *itr; 2073 struct dcb_app_type *itr;
2074 struct dcb_app_type event; 2074 struct dcb_app_type event;
2075 2075
2076 memcpy(&event.name, dev->name, sizeof(event.name)); 2076 event.ifindex = dev->ifindex;
2077 memcpy(&event.app, new, sizeof(event.app)); 2077 memcpy(&event.app, new, sizeof(event.app));
2078 if (dev->dcbnl_ops->getdcbx)
2079 event.dcbx = dev->dcbnl_ops->getdcbx(dev);
2078 2080
2079 spin_lock(&dcb_lock); 2081 spin_lock(&dcb_lock);
2080 /* Search for existing match and replace */ 2082 /* Search for existing match and replace */
2081 list_for_each_entry(itr, &dcb_app_list, list) { 2083 list_for_each_entry(itr, &dcb_app_list, list) {
2082 if (itr->app.selector == new->selector && 2084 if (itr->app.selector == new->selector &&
2083 itr->app.protocol == new->protocol && 2085 itr->app.protocol == new->protocol &&
2084 (strncmp(itr->name, dev->name, IFNAMSIZ) == 0)) { 2086 itr->ifindex == dev->ifindex) {
2085 if (new->priority) 2087 if (new->priority)
2086 itr->app.priority = new->priority; 2088 itr->app.priority = new->priority;
2087 else { 2089 else {
@@ -2101,7 +2103,7 @@ int dcb_setapp(struct net_device *dev, struct dcb_app *new)
2101 } 2103 }
2102 2104
2103 memcpy(&entry->app, new, sizeof(*new)); 2105 memcpy(&entry->app, new, sizeof(*new));
2104 strncpy(entry->name, dev->name, IFNAMSIZ); 2106 entry->ifindex = dev->ifindex;
2105 list_add(&entry->list, &dcb_app_list); 2107 list_add(&entry->list, &dcb_app_list);
2106 } 2108 }
2107out: 2109out:
@@ -2127,7 +2129,7 @@ u8 dcb_ieee_getapp_mask(struct net_device *dev, struct dcb_app *app)
2127 list_for_each_entry(itr, &dcb_app_list, list) { 2129 list_for_each_entry(itr, &dcb_app_list, list) {
2128 if (itr->app.selector == app->selector && 2130 if (itr->app.selector == app->selector &&
2129 itr->app.protocol == app->protocol && 2131 itr->app.protocol == app->protocol &&
2130 (strncmp(itr->name, dev->name, IFNAMSIZ) == 0)) { 2132 itr->ifindex == dev->ifindex) {
2131 prio |= 1 << itr->app.priority; 2133 prio |= 1 << itr->app.priority;
2132 } 2134 }
2133 } 2135 }
@@ -2150,8 +2152,10 @@ int dcb_ieee_setapp(struct net_device *dev, struct dcb_app *new)
2150 struct dcb_app_type event; 2152 struct dcb_app_type event;
2151 int err = 0; 2153 int err = 0;
2152 2154
2153 memcpy(&event.name, dev->name, sizeof(event.name)); 2155 event.ifindex = dev->ifindex;
2154 memcpy(&event.app, new, sizeof(event.app)); 2156 memcpy(&event.app, new, sizeof(event.app));
2157 if (dev->dcbnl_ops->getdcbx)
2158 event.dcbx = dev->dcbnl_ops->getdcbx(dev);
2155 2159
2156 spin_lock(&dcb_lock); 2160 spin_lock(&dcb_lock);
2157 /* Search for existing match and abort if found */ 2161 /* Search for existing match and abort if found */
@@ -2159,7 +2163,7 @@ int dcb_ieee_setapp(struct net_device *dev, struct dcb_app *new)
2159 if (itr->app.selector == new->selector && 2163 if (itr->app.selector == new->selector &&
2160 itr->app.protocol == new->protocol && 2164 itr->app.protocol == new->protocol &&
2161 itr->app.priority == new->priority && 2165 itr->app.priority == new->priority &&
2162 (strncmp(itr->name, dev->name, IFNAMSIZ) == 0)) { 2166 itr->ifindex == dev->ifindex) {
2163 err = -EEXIST; 2167 err = -EEXIST;
2164 goto out; 2168 goto out;
2165 } 2169 }
@@ -2173,7 +2177,7 @@ int dcb_ieee_setapp(struct net_device *dev, struct dcb_app *new)
2173 } 2177 }
2174 2178
2175 memcpy(&entry->app, new, sizeof(*new)); 2179 memcpy(&entry->app, new, sizeof(*new));
2176 strncpy(entry->name, dev->name, IFNAMSIZ); 2180 entry->ifindex = dev->ifindex;
2177 list_add(&entry->list, &dcb_app_list); 2181 list_add(&entry->list, &dcb_app_list);
2178out: 2182out:
2179 spin_unlock(&dcb_lock); 2183 spin_unlock(&dcb_lock);
@@ -2194,8 +2198,10 @@ int dcb_ieee_delapp(struct net_device *dev, struct dcb_app *del)
2194 struct dcb_app_type event; 2198 struct dcb_app_type event;
2195 int err = -ENOENT; 2199 int err = -ENOENT;
2196 2200
2197 memcpy(&event.name, dev->name, sizeof(event.name)); 2201 event.ifindex = dev->ifindex;
2198 memcpy(&event.app, del, sizeof(event.app)); 2202 memcpy(&event.app, del, sizeof(event.app));
2203 if (dev->dcbnl_ops->getdcbx)
2204 event.dcbx = dev->dcbnl_ops->getdcbx(dev);
2199 2205
2200 spin_lock(&dcb_lock); 2206 spin_lock(&dcb_lock);
2201 /* Search for existing match and remove it. */ 2207 /* Search for existing match and remove it. */
@@ -2203,7 +2209,7 @@ int dcb_ieee_delapp(struct net_device *dev, struct dcb_app *del)
2203 if (itr->app.selector == del->selector && 2209 if (itr->app.selector == del->selector &&
2204 itr->app.protocol == del->protocol && 2210 itr->app.protocol == del->protocol &&
2205 itr->app.priority == del->priority && 2211 itr->app.priority == del->priority &&
2206 (strncmp(itr->name, dev->name, IFNAMSIZ) == 0)) { 2212 itr->ifindex == dev->ifindex) {
2207 list_del(&itr->list); 2213 list_del(&itr->list);
2208 kfree(itr); 2214 kfree(itr);
2209 err = 0; 2215 err = 0;
diff --git a/net/dccp/ccids/ccid2.c b/net/dccp/ccids/ccid2.c
index 0462040fc818..67164bb6ae4d 100644
--- a/net/dccp/ccids/ccid2.c
+++ b/net/dccp/ccids/ccid2.c
@@ -85,7 +85,6 @@ static int ccid2_hc_tx_send_packet(struct sock *sk, struct sk_buff *skb)
85 85
86static void ccid2_change_l_ack_ratio(struct sock *sk, u32 val) 86static void ccid2_change_l_ack_ratio(struct sock *sk, u32 val)
87{ 87{
88 struct dccp_sock *dp = dccp_sk(sk);
89 u32 max_ratio = DIV_ROUND_UP(ccid2_hc_tx_sk(sk)->tx_cwnd, 2); 88 u32 max_ratio = DIV_ROUND_UP(ccid2_hc_tx_sk(sk)->tx_cwnd, 2);
90 89
91 /* 90 /*
@@ -98,14 +97,33 @@ static void ccid2_change_l_ack_ratio(struct sock *sk, u32 val)
98 DCCP_WARN("Limiting Ack Ratio (%u) to %u\n", val, max_ratio); 97 DCCP_WARN("Limiting Ack Ratio (%u) to %u\n", val, max_ratio);
99 val = max_ratio; 98 val = max_ratio;
100 } 99 }
101 if (val > DCCPF_ACK_RATIO_MAX) 100 dccp_feat_signal_nn_change(sk, DCCPF_ACK_RATIO,
102 val = DCCPF_ACK_RATIO_MAX; 101 min_t(u32, val, DCCPF_ACK_RATIO_MAX));
102}
103 103
104 if (val == dp->dccps_l_ack_ratio) 104static void ccid2_check_l_ack_ratio(struct sock *sk)
105 return; 105{
106 struct ccid2_hc_tx_sock *hc = ccid2_hc_tx_sk(sk);
106 107
107 ccid2_pr_debug("changing local ack ratio to %u\n", val); 108 /*
108 dp->dccps_l_ack_ratio = val; 109 * After a loss, idle period, application limited period, or RTO we
110 * need to check that the ack ratio is still less than the congestion
111 * window. Otherwise, we will send an entire congestion window of
112 * packets and got no response because we haven't sent ack ratio
113 * packets yet.
114 * If the ack ratio does need to be reduced, we reduce it to half of
115 * the congestion window (or 1 if that's zero) instead of to the
116 * congestion window. This prevents problems if one ack is lost.
117 */
118 if (dccp_feat_nn_get(sk, DCCPF_ACK_RATIO) > hc->tx_cwnd)
119 ccid2_change_l_ack_ratio(sk, hc->tx_cwnd/2 ? : 1U);
120}
121
122static void ccid2_change_l_seq_window(struct sock *sk, u64 val)
123{
124 dccp_feat_signal_nn_change(sk, DCCPF_SEQUENCE_WINDOW,
125 clamp_val(val, DCCPF_SEQ_WMIN,
126 DCCPF_SEQ_WMAX));
109} 127}
110 128
111static void ccid2_hc_tx_rto_expire(unsigned long data) 129static void ccid2_hc_tx_rto_expire(unsigned long data)
@@ -187,6 +205,8 @@ static void ccid2_cwnd_application_limited(struct sock *sk, const u32 now)
187 } 205 }
188 hc->tx_cwnd_used = 0; 206 hc->tx_cwnd_used = 0;
189 hc->tx_cwnd_stamp = now; 207 hc->tx_cwnd_stamp = now;
208
209 ccid2_check_l_ack_ratio(sk);
190} 210}
191 211
192/* This borrows the code of tcp_cwnd_restart() */ 212/* This borrows the code of tcp_cwnd_restart() */
@@ -205,6 +225,8 @@ static void ccid2_cwnd_restart(struct sock *sk, const u32 now)
205 225
206 hc->tx_cwnd_stamp = now; 226 hc->tx_cwnd_stamp = now;
207 hc->tx_cwnd_used = 0; 227 hc->tx_cwnd_used = 0;
228
229 ccid2_check_l_ack_ratio(sk);
208} 230}
209 231
210static void ccid2_hc_tx_packet_sent(struct sock *sk, unsigned int len) 232static void ccid2_hc_tx_packet_sent(struct sock *sk, unsigned int len)
@@ -405,17 +427,37 @@ static void ccid2_new_ack(struct sock *sk, struct ccid2_seq *seqp,
405 unsigned int *maxincr) 427 unsigned int *maxincr)
406{ 428{
407 struct ccid2_hc_tx_sock *hc = ccid2_hc_tx_sk(sk); 429 struct ccid2_hc_tx_sock *hc = ccid2_hc_tx_sk(sk);
408 430 struct dccp_sock *dp = dccp_sk(sk);
409 if (hc->tx_cwnd < hc->tx_ssthresh) { 431 int r_seq_used = hc->tx_cwnd / dp->dccps_l_ack_ratio;
410 if (*maxincr > 0 && ++hc->tx_packets_acked == 2) { 432
433 if (hc->tx_cwnd < dp->dccps_l_seq_win &&
434 r_seq_used < dp->dccps_r_seq_win) {
435 if (hc->tx_cwnd < hc->tx_ssthresh) {
436 if (*maxincr > 0 && ++hc->tx_packets_acked >= 2) {
437 hc->tx_cwnd += 1;
438 *maxincr -= 1;
439 hc->tx_packets_acked = 0;
440 }
441 } else if (++hc->tx_packets_acked >= hc->tx_cwnd) {
411 hc->tx_cwnd += 1; 442 hc->tx_cwnd += 1;
412 *maxincr -= 1;
413 hc->tx_packets_acked = 0; 443 hc->tx_packets_acked = 0;
414 } 444 }
415 } else if (++hc->tx_packets_acked >= hc->tx_cwnd) {
416 hc->tx_cwnd += 1;
417 hc->tx_packets_acked = 0;
418 } 445 }
446
447 /*
448 * Adjust the local sequence window and the ack ratio to allow about
449 * 5 times the number of packets in the network (RFC 4340 7.5.2)
450 */
451 if (r_seq_used * CCID2_WIN_CHANGE_FACTOR >= dp->dccps_r_seq_win)
452 ccid2_change_l_ack_ratio(sk, dp->dccps_l_ack_ratio * 2);
453 else if (r_seq_used * CCID2_WIN_CHANGE_FACTOR < dp->dccps_r_seq_win/2)
454 ccid2_change_l_ack_ratio(sk, dp->dccps_l_ack_ratio / 2 ? : 1U);
455
456 if (hc->tx_cwnd * CCID2_WIN_CHANGE_FACTOR >= dp->dccps_l_seq_win)
457 ccid2_change_l_seq_window(sk, dp->dccps_l_seq_win * 2);
458 else if (hc->tx_cwnd * CCID2_WIN_CHANGE_FACTOR < dp->dccps_l_seq_win/2)
459 ccid2_change_l_seq_window(sk, dp->dccps_l_seq_win / 2);
460
419 /* 461 /*
420 * FIXME: RTT is sampled several times per acknowledgment (for each 462 * FIXME: RTT is sampled several times per acknowledgment (for each
421 * entry in the Ack Vector), instead of once per Ack (as in TCP SACK). 463 * entry in the Ack Vector), instead of once per Ack (as in TCP SACK).
@@ -441,9 +483,7 @@ static void ccid2_congestion_event(struct sock *sk, struct ccid2_seq *seqp)
441 hc->tx_cwnd = hc->tx_cwnd / 2 ? : 1U; 483 hc->tx_cwnd = hc->tx_cwnd / 2 ? : 1U;
442 hc->tx_ssthresh = max(hc->tx_cwnd, 2U); 484 hc->tx_ssthresh = max(hc->tx_cwnd, 2U);
443 485
444 /* Avoid spurious timeouts resulting from Ack Ratio > cwnd */ 486 ccid2_check_l_ack_ratio(sk);
445 if (dccp_sk(sk)->dccps_l_ack_ratio > hc->tx_cwnd)
446 ccid2_change_l_ack_ratio(sk, hc->tx_cwnd);
447} 487}
448 488
449static int ccid2_hc_tx_parse_options(struct sock *sk, u8 packet_type, 489static int ccid2_hc_tx_parse_options(struct sock *sk, u8 packet_type,
@@ -494,8 +534,16 @@ static void ccid2_hc_tx_packet_recv(struct sock *sk, struct sk_buff *skb)
494 if (hc->tx_rpdupack >= NUMDUPACK) { 534 if (hc->tx_rpdupack >= NUMDUPACK) {
495 hc->tx_rpdupack = -1; /* XXX lame */ 535 hc->tx_rpdupack = -1; /* XXX lame */
496 hc->tx_rpseq = 0; 536 hc->tx_rpseq = 0;
497 537#ifdef __CCID2_COPES_GRACEFULLY_WITH_ACK_CONGESTION_CONTROL__
538 /*
539 * FIXME: Ack Congestion Control is broken; in
540 * the current state instabilities occurred with
541 * Ack Ratios greater than 1; causing hang-ups
542 * and long RTO timeouts. This needs to be fixed
543 * before opening up dynamic changes. -- gerrit
544 */
498 ccid2_change_l_ack_ratio(sk, 2 * dp->dccps_l_ack_ratio); 545 ccid2_change_l_ack_ratio(sk, 2 * dp->dccps_l_ack_ratio);
546#endif
499 } 547 }
500 } 548 }
501 } 549 }
diff --git a/net/dccp/ccids/ccid2.h b/net/dccp/ccids/ccid2.h
index f585d330e1e5..18c97543e522 100644
--- a/net/dccp/ccids/ccid2.h
+++ b/net/dccp/ccids/ccid2.h
@@ -43,6 +43,12 @@ struct ccid2_seq {
43#define CCID2_SEQBUF_LEN 1024 43#define CCID2_SEQBUF_LEN 1024
44#define CCID2_SEQBUF_MAX 128 44#define CCID2_SEQBUF_MAX 128
45 45
46/*
47 * Multiple of congestion window to keep the sequence window at
48 * (RFC 4340 7.5.2)
49 */
50#define CCID2_WIN_CHANGE_FACTOR 5
51
46/** 52/**
47 * struct ccid2_hc_tx_sock - CCID2 TX half connection 53 * struct ccid2_hc_tx_sock - CCID2 TX half connection
48 * @tx_{cwnd,ssthresh,pipe}: as per RFC 4341, section 5 54 * @tx_{cwnd,ssthresh,pipe}: as per RFC 4341, section 5
diff --git a/net/dccp/dccp.h b/net/dccp/dccp.h
index 5fdb07229017..583490aaf56f 100644
--- a/net/dccp/dccp.h
+++ b/net/dccp/dccp.h
@@ -474,6 +474,7 @@ static inline int dccp_ack_pending(const struct sock *sk)
474 return dccp_ackvec_pending(sk) || inet_csk_ack_scheduled(sk); 474 return dccp_ackvec_pending(sk) || inet_csk_ack_scheduled(sk);
475} 475}
476 476
477extern int dccp_feat_signal_nn_change(struct sock *sk, u8 feat, u64 nn_val);
477extern int dccp_feat_finalise_settings(struct dccp_sock *dp); 478extern int dccp_feat_finalise_settings(struct dccp_sock *dp);
478extern int dccp_feat_server_ccid_dependencies(struct dccp_request_sock *dreq); 479extern int dccp_feat_server_ccid_dependencies(struct dccp_request_sock *dreq);
479extern int dccp_feat_insert_opts(struct dccp_sock*, struct dccp_request_sock*, 480extern int dccp_feat_insert_opts(struct dccp_sock*, struct dccp_request_sock*,
diff --git a/net/dccp/feat.c b/net/dccp/feat.c
index 568def952722..23cea0ee3101 100644
--- a/net/dccp/feat.c
+++ b/net/dccp/feat.c
@@ -12,6 +12,7 @@
12 * ----------- 12 * -----------
13 * o Feature negotiation is coordinated with connection setup (as in TCP), wild 13 * o Feature negotiation is coordinated with connection setup (as in TCP), wild
14 * changes of parameters of an established connection are not supported. 14 * changes of parameters of an established connection are not supported.
15 * o Changing non-negotiable (NN) values is supported in state OPEN/PARTOPEN.
15 * o All currently known SP features have 1-byte quantities. If in the future 16 * o All currently known SP features have 1-byte quantities. If in the future
16 * extensions of RFCs 4340..42 define features with item lengths larger than 17 * extensions of RFCs 4340..42 define features with item lengths larger than
17 * one byte, a feature-specific extension of the code will be required. 18 * one byte, a feature-specific extension of the code will be required.
@@ -343,6 +344,20 @@ static int __dccp_feat_activate(struct sock *sk, const int idx,
343 return dccp_feat_table[idx].activation_hdlr(sk, val, rx); 344 return dccp_feat_table[idx].activation_hdlr(sk, val, rx);
344} 345}
345 346
347/**
348 * dccp_feat_activate - Activate feature value on socket
349 * @sk: fully connected DCCP socket (after handshake is complete)
350 * @feat_num: feature to activate, one of %dccp_feature_numbers
351 * @local: whether local (1) or remote (0) @feat_num is meant
352 * @fval: the value (SP or NN) to activate, or NULL to use the default value
353 * For general use this function is preferable over __dccp_feat_activate().
354 */
355static int dccp_feat_activate(struct sock *sk, u8 feat_num, bool local,
356 dccp_feat_val const *fval)
357{
358 return __dccp_feat_activate(sk, dccp_feat_index(feat_num), local, fval);
359}
360
346/* Test for "Req'd" feature (RFC 4340, 6.4) */ 361/* Test for "Req'd" feature (RFC 4340, 6.4) */
347static inline int dccp_feat_must_be_understood(u8 feat_num) 362static inline int dccp_feat_must_be_understood(u8 feat_num)
348{ 363{
@@ -650,11 +665,22 @@ int dccp_feat_insert_opts(struct dccp_sock *dp, struct dccp_request_sock *dreq,
650 return -1; 665 return -1;
651 if (pos->needs_mandatory && dccp_insert_option_mandatory(skb)) 666 if (pos->needs_mandatory && dccp_insert_option_mandatory(skb))
652 return -1; 667 return -1;
653 /* 668
654 * Enter CHANGING after transmitting the Change option (6.6.2). 669 if (skb->sk->sk_state == DCCP_OPEN &&
655 */ 670 (opt == DCCPO_CONFIRM_R || opt == DCCPO_CONFIRM_L)) {
656 if (pos->state == FEAT_INITIALISING) 671 /*
657 pos->state = FEAT_CHANGING; 672 * Confirms don't get retransmitted (6.6.3) once the
673 * connection is in state OPEN
674 */
675 dccp_feat_list_pop(pos);
676 } else {
677 /*
678 * Enter CHANGING after transmitting the Change
679 * option (6.6.2).
680 */
681 if (pos->state == FEAT_INITIALISING)
682 pos->state = FEAT_CHANGING;
683 }
658 } 684 }
659 return 0; 685 return 0;
660} 686}
@@ -730,6 +756,70 @@ int dccp_feat_register_sp(struct sock *sk, u8 feat, u8 is_local,
730 0, list, len); 756 0, list, len);
731} 757}
732 758
759/**
760 * dccp_feat_nn_get - Query current/pending value of NN feature
761 * @sk: DCCP socket of an established connection
762 * @feat: NN feature number from %dccp_feature_numbers
763 * For a known NN feature, returns value currently being negotiated, or
764 * current (confirmed) value if no negotiation is going on.
765 */
766u64 dccp_feat_nn_get(struct sock *sk, u8 feat)
767{
768 if (dccp_feat_type(feat) == FEAT_NN) {
769 struct dccp_sock *dp = dccp_sk(sk);
770 struct dccp_feat_entry *entry;
771
772 entry = dccp_feat_list_lookup(&dp->dccps_featneg, feat, 1);
773 if (entry != NULL)
774 return entry->val.nn;
775
776 switch (feat) {
777 case DCCPF_ACK_RATIO:
778 return dp->dccps_l_ack_ratio;
779 case DCCPF_SEQUENCE_WINDOW:
780 return dp->dccps_l_seq_win;
781 }
782 }
783 DCCP_BUG("attempt to look up unsupported feature %u", feat);
784 return 0;
785}
786EXPORT_SYMBOL_GPL(dccp_feat_nn_get);
787
788/**
789 * dccp_feat_signal_nn_change - Update NN values for an established connection
790 * @sk: DCCP socket of an established connection
791 * @feat: NN feature number from %dccp_feature_numbers
792 * @nn_val: the new value to use
793 * This function is used to communicate NN updates out-of-band.
794 */
795int dccp_feat_signal_nn_change(struct sock *sk, u8 feat, u64 nn_val)
796{
797 struct list_head *fn = &dccp_sk(sk)->dccps_featneg;
798 dccp_feat_val fval = { .nn = nn_val };
799 struct dccp_feat_entry *entry;
800
801 if (sk->sk_state != DCCP_OPEN && sk->sk_state != DCCP_PARTOPEN)
802 return 0;
803
804 if (dccp_feat_type(feat) != FEAT_NN ||
805 !dccp_feat_is_valid_nn_val(feat, nn_val))
806 return -EINVAL;
807
808 if (nn_val == dccp_feat_nn_get(sk, feat))
809 return 0; /* already set or negotiation under way */
810
811 entry = dccp_feat_list_lookup(fn, feat, 1);
812 if (entry != NULL) {
813 dccp_pr_debug("Clobbering existing NN entry %llu -> %llu\n",
814 (unsigned long long)entry->val.nn,
815 (unsigned long long)nn_val);
816 dccp_feat_list_pop(entry);
817 }
818
819 inet_csk_schedule_ack(sk);
820 return dccp_feat_push_change(fn, feat, 1, 0, &fval);
821}
822EXPORT_SYMBOL_GPL(dccp_feat_signal_nn_change);
733 823
734/* 824/*
735 * Tracking features whose value depend on the choice of CCID 825 * Tracking features whose value depend on the choice of CCID
@@ -1187,6 +1277,100 @@ confirmation_failed:
1187} 1277}
1188 1278
1189/** 1279/**
1280 * dccp_feat_handle_nn_established - Fast-path reception of NN options
1281 * @sk: socket of an established DCCP connection
1282 * @mandatory: whether @opt was preceded by a Mandatory option
1283 * @opt: %DCCPO_CHANGE_L | %DCCPO_CONFIRM_R (NN only)
1284 * @feat: NN number, one of %dccp_feature_numbers
1285 * @val: NN value
1286 * @len: length of @val in bytes
1287 * This function combines the functionality of change_recv/confirm_recv, with
1288 * the following differences (reset codes are the same):
1289 * - cleanup after receiving the Confirm;
1290 * - values are directly activated after successful parsing;
1291 * - deliberately restricted to NN features.
1292 * The restriction to NN features is essential since SP features can have non-
1293 * predictable outcomes (depending on the remote configuration), and are inter-
1294 * dependent (CCIDs for instance cause further dependencies).
1295 */
1296static u8 dccp_feat_handle_nn_established(struct sock *sk, u8 mandatory, u8 opt,
1297 u8 feat, u8 *val, u8 len)
1298{
1299 struct list_head *fn = &dccp_sk(sk)->dccps_featneg;
1300 const bool local = (opt == DCCPO_CONFIRM_R);
1301 struct dccp_feat_entry *entry;
1302 u8 type = dccp_feat_type(feat);
1303 dccp_feat_val fval;
1304
1305 dccp_feat_print_opt(opt, feat, val, len, mandatory);
1306
1307 /* Ignore non-mandatory unknown and non-NN features */
1308 if (type == FEAT_UNKNOWN) {
1309 if (local && !mandatory)
1310 return 0;
1311 goto fast_path_unknown;
1312 } else if (type != FEAT_NN) {
1313 return 0;
1314 }
1315
1316 /*
1317 * We don't accept empty Confirms, since in fast-path feature
1318 * negotiation the values are enabled immediately after sending
1319 * the Change option.
1320 * Empty Changes on the other hand are invalid (RFC 4340, 6.1).
1321 */
1322 if (len == 0 || len > sizeof(fval.nn))
1323 goto fast_path_unknown;
1324
1325 if (opt == DCCPO_CHANGE_L) {
1326 fval.nn = dccp_decode_value_var(val, len);
1327 if (!dccp_feat_is_valid_nn_val(feat, fval.nn))
1328 goto fast_path_unknown;
1329
1330 if (dccp_feat_push_confirm(fn, feat, local, &fval) ||
1331 dccp_feat_activate(sk, feat, local, &fval))
1332 return DCCP_RESET_CODE_TOO_BUSY;
1333
1334 /* set the `Ack Pending' flag to piggyback a Confirm */
1335 inet_csk_schedule_ack(sk);
1336
1337 } else if (opt == DCCPO_CONFIRM_R) {
1338 entry = dccp_feat_list_lookup(fn, feat, local);
1339 if (entry == NULL || entry->state != FEAT_CHANGING)
1340 return 0;
1341
1342 fval.nn = dccp_decode_value_var(val, len);
1343 /*
1344 * Just ignore a value that doesn't match our current value.
1345 * If the option changes twice within two RTTs, then at least
1346 * one CONFIRM will be received for the old value after a
1347 * new CHANGE was sent.
1348 */
1349 if (fval.nn != entry->val.nn)
1350 return 0;
1351
1352 /* Only activate after receiving the Confirm option (6.6.1). */
1353 dccp_feat_activate(sk, feat, local, &fval);
1354
1355 /* It has been confirmed - so remove the entry */
1356 dccp_feat_list_pop(entry);
1357
1358 } else {
1359 DCCP_WARN("Received illegal option %u\n", opt);
1360 goto fast_path_failed;
1361 }
1362 return 0;
1363
1364fast_path_unknown:
1365 if (!mandatory)
1366 return dccp_push_empty_confirm(fn, feat, local);
1367
1368fast_path_failed:
1369 return mandatory ? DCCP_RESET_CODE_MANDATORY_ERROR
1370 : DCCP_RESET_CODE_OPTION_ERROR;
1371}
1372
1373/**
1190 * dccp_feat_parse_options - Process Feature-Negotiation Options 1374 * dccp_feat_parse_options - Process Feature-Negotiation Options
1191 * @sk: for general use and used by the client during connection setup 1375 * @sk: for general use and used by the client during connection setup
1192 * @dreq: used by the server during connection setup 1376 * @dreq: used by the server during connection setup
@@ -1221,6 +1405,14 @@ int dccp_feat_parse_options(struct sock *sk, struct dccp_request_sock *dreq,
1221 return dccp_feat_confirm_recv(fn, mandatory, opt, feat, 1405 return dccp_feat_confirm_recv(fn, mandatory, opt, feat,
1222 val, len, server); 1406 val, len, server);
1223 } 1407 }
1408 break;
1409 /*
1410 * Support for exchanging NN options on an established connection.
1411 */
1412 case DCCP_OPEN:
1413 case DCCP_PARTOPEN:
1414 return dccp_feat_handle_nn_established(sk, mandatory, opt, feat,
1415 val, len);
1224 } 1416 }
1225 return 0; /* ignore FN options in all other states */ 1417 return 0; /* ignore FN options in all other states */
1226} 1418}
diff --git a/net/dccp/feat.h b/net/dccp/feat.h
index e56a4e5e634e..90b957d34d26 100644
--- a/net/dccp/feat.h
+++ b/net/dccp/feat.h
@@ -129,6 +129,7 @@ extern int dccp_feat_clone_list(struct list_head const *, struct list_head *);
129 129
130extern void dccp_encode_value_var(const u64 value, u8 *to, const u8 len); 130extern void dccp_encode_value_var(const u64 value, u8 *to, const u8 len);
131extern u64 dccp_decode_value_var(const u8 *bf, const u8 len); 131extern u64 dccp_decode_value_var(const u8 *bf, const u8 len);
132extern u64 dccp_feat_nn_get(struct sock *sk, u8 feat);
132 133
133extern int dccp_insert_option_mandatory(struct sk_buff *skb); 134extern int dccp_insert_option_mandatory(struct sk_buff *skb);
134extern int dccp_insert_fn_opt(struct sk_buff *skb, u8 type, u8 feat, 135extern int dccp_insert_fn_opt(struct sk_buff *skb, u8 type, u8 feat,
diff --git a/net/dccp/ipv4.c b/net/dccp/ipv4.c
index 8c36adfd1919..332639b56f4d 100644
--- a/net/dccp/ipv4.c
+++ b/net/dccp/ipv4.c
@@ -26,6 +26,7 @@
26#include <net/timewait_sock.h> 26#include <net/timewait_sock.h>
27#include <net/tcp_states.h> 27#include <net/tcp_states.h>
28#include <net/xfrm.h> 28#include <net/xfrm.h>
29#include <net/secure_seq.h>
29 30
30#include "ackvec.h" 31#include "ackvec.h"
31#include "ccid.h" 32#include "ccid.h"
diff --git a/net/dccp/ipv6.c b/net/dccp/ipv6.c
index 8dc4348774a5..17ee85ce148d 100644
--- a/net/dccp/ipv6.c
+++ b/net/dccp/ipv6.c
@@ -29,6 +29,7 @@
29#include <net/transp_v6.h> 29#include <net/transp_v6.h>
30#include <net/ip6_checksum.h> 30#include <net/ip6_checksum.h>
31#include <net/xfrm.h> 31#include <net/xfrm.h>
32#include <net/secure_seq.h>
32 33
33#include "dccp.h" 34#include "dccp.h"
34#include "ipv6.h" 35#include "ipv6.h"
@@ -69,13 +70,7 @@ static inline void dccp_v6_send_check(struct sock *sk, struct sk_buff *skb)
69 dh->dccph_checksum = dccp_v6_csum_finish(skb, &np->saddr, &np->daddr); 70 dh->dccph_checksum = dccp_v6_csum_finish(skb, &np->saddr, &np->daddr);
70} 71}
71 72
72static inline __u32 secure_dccpv6_sequence_number(__be32 *saddr, __be32 *daddr, 73static inline __u64 dccp_v6_init_sequence(struct sk_buff *skb)
73 __be16 sport, __be16 dport )
74{
75 return secure_tcpv6_sequence_number(saddr, daddr, sport, dport);
76}
77
78static inline __u32 dccp_v6_init_sequence(struct sk_buff *skb)
79{ 74{
80 return secure_dccpv6_sequence_number(ipv6_hdr(skb)->daddr.s6_addr32, 75 return secure_dccpv6_sequence_number(ipv6_hdr(skb)->daddr.s6_addr32,
81 ipv6_hdr(skb)->saddr.s6_addr32, 76 ipv6_hdr(skb)->saddr.s6_addr32,
@@ -276,7 +271,7 @@ static int dccp_v6_send_response(struct sock *sk, struct request_sock *req,
276 &ireq6->loc_addr, 271 &ireq6->loc_addr,
277 &ireq6->rmt_addr); 272 &ireq6->rmt_addr);
278 ipv6_addr_copy(&fl6.daddr, &ireq6->rmt_addr); 273 ipv6_addr_copy(&fl6.daddr, &ireq6->rmt_addr);
279 err = ip6_xmit(sk, skb, &fl6, opt); 274 err = ip6_xmit(sk, skb, &fl6, opt, np->tclass);
280 err = net_xmit_eval(err); 275 err = net_xmit_eval(err);
281 } 276 }
282 277
@@ -331,7 +326,7 @@ static void dccp_v6_ctl_send_reset(struct sock *sk, struct sk_buff *rxskb)
331 dst = ip6_dst_lookup_flow(ctl_sk, &fl6, NULL, false); 326 dst = ip6_dst_lookup_flow(ctl_sk, &fl6, NULL, false);
332 if (!IS_ERR(dst)) { 327 if (!IS_ERR(dst)) {
333 skb_dst_set(skb, dst); 328 skb_dst_set(skb, dst);
334 ip6_xmit(ctl_sk, skb, &fl6, NULL); 329 ip6_xmit(ctl_sk, skb, &fl6, NULL, 0);
335 DCCP_INC_STATS_BH(DCCP_MIB_OUTSEGS); 330 DCCP_INC_STATS_BH(DCCP_MIB_OUTSEGS);
336 DCCP_INC_STATS_BH(DCCP_MIB_OUTRSTS); 331 DCCP_INC_STATS_BH(DCCP_MIB_OUTRSTS);
337 return; 332 return;
diff --git a/net/dccp/proto.c b/net/dccp/proto.c
index 152975d942d9..e742f90a6858 100644
--- a/net/dccp/proto.c
+++ b/net/dccp/proto.c
@@ -184,7 +184,6 @@ int dccp_init_sock(struct sock *sk, const __u8 ctl_sock_initialized)
184 dp->dccps_rate_last = jiffies; 184 dp->dccps_rate_last = jiffies;
185 dp->dccps_role = DCCP_ROLE_UNDEFINED; 185 dp->dccps_role = DCCP_ROLE_UNDEFINED;
186 dp->dccps_service = DCCP_SERVICE_CODE_IS_ABSENT; 186 dp->dccps_service = DCCP_SERVICE_CODE_IS_ABSENT;
187 dp->dccps_l_ack_ratio = dp->dccps_r_ack_ratio = 1;
188 dp->dccps_tx_qlen = sysctl_dccp_tx_qlen; 187 dp->dccps_tx_qlen = sysctl_dccp_tx_qlen;
189 188
190 dccp_init_xmit_timers(sk); 189 dccp_init_xmit_timers(sk);
diff --git a/net/decnet/dn_dev.c b/net/decnet/dn_dev.c
index ba4faceec405..2ab16e12520c 100644
--- a/net/decnet/dn_dev.c
+++ b/net/decnet/dn_dev.c
@@ -388,7 +388,7 @@ static int dn_dev_insert_ifa(struct dn_dev *dn_db, struct dn_ifaddr *ifa)
388 } 388 }
389 389
390 ifa->ifa_next = dn_db->ifa_list; 390 ifa->ifa_next = dn_db->ifa_list;
391 rcu_assign_pointer(dn_db->ifa_list, ifa); 391 RCU_INIT_POINTER(dn_db->ifa_list, ifa);
392 392
393 dn_ifaddr_notify(RTM_NEWADDR, ifa); 393 dn_ifaddr_notify(RTM_NEWADDR, ifa);
394 blocking_notifier_call_chain(&dnaddr_chain, NETDEV_UP, ifa); 394 blocking_notifier_call_chain(&dnaddr_chain, NETDEV_UP, ifa);
@@ -1093,7 +1093,7 @@ static struct dn_dev *dn_dev_create(struct net_device *dev, int *err)
1093 1093
1094 memcpy(&dn_db->parms, p, sizeof(struct dn_dev_parms)); 1094 memcpy(&dn_db->parms, p, sizeof(struct dn_dev_parms));
1095 1095
1096 rcu_assign_pointer(dev->dn_ptr, dn_db); 1096 RCU_INIT_POINTER(dev->dn_ptr, dn_db);
1097 dn_db->dev = dev; 1097 dn_db->dev = dev;
1098 init_timer(&dn_db->timer); 1098 init_timer(&dn_db->timer);
1099 1099
@@ -1101,7 +1101,7 @@ static struct dn_dev *dn_dev_create(struct net_device *dev, int *err)
1101 1101
1102 dn_db->neigh_parms = neigh_parms_alloc(dev, &dn_neigh_table); 1102 dn_db->neigh_parms = neigh_parms_alloc(dev, &dn_neigh_table);
1103 if (!dn_db->neigh_parms) { 1103 if (!dn_db->neigh_parms) {
1104 rcu_assign_pointer(dev->dn_ptr, NULL); 1104 RCU_INIT_POINTER(dev->dn_ptr, NULL);
1105 kfree(dn_db); 1105 kfree(dn_db);
1106 return NULL; 1106 return NULL;
1107 } 1107 }
diff --git a/net/dsa/slave.c b/net/dsa/slave.c
index 0a47b6c37038..56cf9b8e1c7c 100644
--- a/net/dsa/slave.c
+++ b/net/dsa/slave.c
@@ -301,7 +301,6 @@ static const struct net_device_ops dsa_netdev_ops = {
301 .ndo_start_xmit = dsa_xmit, 301 .ndo_start_xmit = dsa_xmit,
302 .ndo_change_rx_flags = dsa_slave_change_rx_flags, 302 .ndo_change_rx_flags = dsa_slave_change_rx_flags,
303 .ndo_set_rx_mode = dsa_slave_set_rx_mode, 303 .ndo_set_rx_mode = dsa_slave_set_rx_mode,
304 .ndo_set_multicast_list = dsa_slave_set_rx_mode,
305 .ndo_set_mac_address = dsa_slave_set_mac_address, 304 .ndo_set_mac_address = dsa_slave_set_mac_address,
306 .ndo_do_ioctl = dsa_slave_ioctl, 305 .ndo_do_ioctl = dsa_slave_ioctl,
307}; 306};
@@ -314,7 +313,6 @@ static const struct net_device_ops edsa_netdev_ops = {
314 .ndo_start_xmit = edsa_xmit, 313 .ndo_start_xmit = edsa_xmit,
315 .ndo_change_rx_flags = dsa_slave_change_rx_flags, 314 .ndo_change_rx_flags = dsa_slave_change_rx_flags,
316 .ndo_set_rx_mode = dsa_slave_set_rx_mode, 315 .ndo_set_rx_mode = dsa_slave_set_rx_mode,
317 .ndo_set_multicast_list = dsa_slave_set_rx_mode,
318 .ndo_set_mac_address = dsa_slave_set_mac_address, 316 .ndo_set_mac_address = dsa_slave_set_mac_address,
319 .ndo_do_ioctl = dsa_slave_ioctl, 317 .ndo_do_ioctl = dsa_slave_ioctl,
320}; 318};
@@ -327,7 +325,6 @@ static const struct net_device_ops trailer_netdev_ops = {
327 .ndo_start_xmit = trailer_xmit, 325 .ndo_start_xmit = trailer_xmit,
328 .ndo_change_rx_flags = dsa_slave_change_rx_flags, 326 .ndo_change_rx_flags = dsa_slave_change_rx_flags,
329 .ndo_set_rx_mode = dsa_slave_set_rx_mode, 327 .ndo_set_rx_mode = dsa_slave_set_rx_mode,
330 .ndo_set_multicast_list = dsa_slave_set_rx_mode,
331 .ndo_set_mac_address = dsa_slave_set_mac_address, 328 .ndo_set_mac_address = dsa_slave_set_mac_address,
332 .ndo_do_ioctl = dsa_slave_ioctl, 329 .ndo_do_ioctl = dsa_slave_ioctl,
333}; 330};
diff --git a/net/ethernet/eth.c b/net/ethernet/eth.c
index 27997d35ebd3..a2468363978e 100644
--- a/net/ethernet/eth.c
+++ b/net/ethernet/eth.c
@@ -340,7 +340,7 @@ void ether_setup(struct net_device *dev)
340 dev->addr_len = ETH_ALEN; 340 dev->addr_len = ETH_ALEN;
341 dev->tx_queue_len = 1000; /* Ethernet wants good queues */ 341 dev->tx_queue_len = 1000; /* Ethernet wants good queues */
342 dev->flags = IFF_BROADCAST|IFF_MULTICAST; 342 dev->flags = IFF_BROADCAST|IFF_MULTICAST;
343 dev->priv_flags = IFF_TX_SKB_SHARING; 343 dev->priv_flags |= IFF_TX_SKB_SHARING;
344 344
345 memset(dev->broadcast, 0xFF, ETH_ALEN); 345 memset(dev->broadcast, 0xFF, ETH_ALEN);
346 346
diff --git a/net/ieee802154/6lowpan.c b/net/ieee802154/6lowpan.c
new file mode 100644
index 000000000000..19d6aefe97d4
--- /dev/null
+++ b/net/ieee802154/6lowpan.c
@@ -0,0 +1,891 @@
1/*
2 * Copyright 2011, Siemens AG
3 * written by Alexander Smirnov <alex.bluesman.smirnov@gmail.com>
4 */
5
6/*
7 * Based on patches from Jon Smirl <jonsmirl@gmail.com>
8 * Copyright (c) 2011 Jon Smirl <jonsmirl@gmail.com>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, write to the Free Software Foundation, Inc.,
21 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22 */
23
24/* Jon's code is based on 6lowpan implementation for Contiki which is:
25 * Copyright (c) 2008, Swedish Institute of Computer Science.
26 * All rights reserved.
27 *
28 * Redistribution and use in source and binary forms, with or without
29 * modification, are permitted provided that the following conditions
30 * are met:
31 * 1. Redistributions of source code must retain the above copyright
32 * notice, this list of conditions and the following disclaimer.
33 * 2. Redistributions in binary form must reproduce the above copyright
34 * notice, this list of conditions and the following disclaimer in the
35 * documentation and/or other materials provided with the distribution.
36 * 3. Neither the name of the Institute nor the names of its contributors
37 * may be used to endorse or promote products derived from this software
38 * without specific prior written permission.
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50 * SUCH DAMAGE.
51 */
52
53#define DEBUG
54
55#include <linux/bitops.h>
56#include <linux/if_arp.h>
57#include <linux/module.h>
58#include <linux/moduleparam.h>
59#include <linux/netdevice.h>
60#include <net/af_ieee802154.h>
61#include <net/ieee802154.h>
62#include <net/ieee802154_netdev.h>
63#include <net/ipv6.h>
64
65#include "6lowpan.h"
66
67/* TTL uncompression values */
68static const u8 lowpan_ttl_values[] = {0, 1, 64, 255};
69
70static LIST_HEAD(lowpan_devices);
71
72/*
73 * Uncompression of linklocal:
74 * 0 -> 16 bytes from packet
75 * 1 -> 2 bytes from prefix - bunch of zeroes and 8 from packet
76 * 2 -> 2 bytes from prefix - zeroes + 2 from packet
77 * 3 -> 2 bytes from prefix - infer 8 bytes from lladdr
78 *
79 * NOTE: => the uncompress function does change 0xf to 0x10
80 * NOTE: 0x00 => no-autoconfig => unspecified
81 */
82static const u8 lowpan_unc_llconf[] = {0x0f, 0x28, 0x22, 0x20};
83
84/*
85 * Uncompression of ctx-based:
86 * 0 -> 0 bits from packet [unspecified / reserved]
87 * 1 -> 8 bytes from prefix - bunch of zeroes and 8 from packet
88 * 2 -> 8 bytes from prefix - zeroes + 2 from packet
89 * 3 -> 8 bytes from prefix - infer 8 bytes from lladdr
90 */
91static const u8 lowpan_unc_ctxconf[] = {0x00, 0x88, 0x82, 0x80};
92
93/*
94 * Uncompression of ctx-base
95 * 0 -> 0 bits from packet
96 * 1 -> 2 bytes from prefix - bunch of zeroes 5 from packet
97 * 2 -> 2 bytes from prefix - zeroes + 3 from packet
98 * 3 -> 2 bytes from prefix - infer 1 bytes from lladdr
99 */
100static const u8 lowpan_unc_mxconf[] = {0x0f, 0x25, 0x23, 0x21};
101
102/* Link local prefix */
103static const u8 lowpan_llprefix[] = {0xfe, 0x80};
104
105/* private device info */
106struct lowpan_dev_info {
107 struct net_device *real_dev; /* real WPAN device ptr */
108 struct mutex dev_list_mtx; /* mutex for list ops */
109};
110
111struct lowpan_dev_record {
112 struct net_device *ldev;
113 struct list_head list;
114};
115
116static inline struct
117lowpan_dev_info *lowpan_dev_info(const struct net_device *dev)
118{
119 return netdev_priv(dev);
120}
121
122static inline void lowpan_address_flip(u8 *src, u8 *dest)
123{
124 int i;
125 for (i = 0; i < IEEE802154_ADDR_LEN; i++)
126 (dest)[IEEE802154_ADDR_LEN - i - 1] = (src)[i];
127}
128
129/* list of all 6lowpan devices, uses for package delivering */
130/* print data in line */
131static inline void lowpan_raw_dump_inline(const char *caller, char *msg,
132 unsigned char *buf, int len)
133{
134#ifdef DEBUG
135 if (msg)
136 pr_debug("(%s) %s: ", caller, msg);
137 print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_NONE,
138 16, 1, buf, len, false);
139#endif /* DEBUG */
140}
141
142/*
143 * print data in a table format:
144 *
145 * addr: xx xx xx xx xx xx
146 * addr: xx xx xx xx xx xx
147 * ...
148 */
149static inline void lowpan_raw_dump_table(const char *caller, char *msg,
150 unsigned char *buf, int len)
151{
152#ifdef DEBUG
153 if (msg)
154 pr_debug("(%s) %s:\n", caller, msg);
155 print_hex_dump(KERN_DEBUG, "\t", DUMP_PREFIX_OFFSET,
156 16, 1, buf, len, false);
157#endif /* DEBUG */
158}
159
160static u8
161lowpan_compress_addr_64(u8 **hc06_ptr, u8 shift, const struct in6_addr *ipaddr,
162 const unsigned char *lladdr)
163{
164 u8 val = 0;
165
166 if (is_addr_mac_addr_based(ipaddr, lladdr))
167 val = 3; /* 0-bits */
168 else if (lowpan_is_iid_16_bit_compressable(ipaddr)) {
169 /* compress IID to 16 bits xxxx::XXXX */
170 memcpy(*hc06_ptr, &ipaddr->s6_addr16[7], 2);
171 *hc06_ptr += 2;
172 val = 2; /* 16-bits */
173 } else {
174 /* do not compress IID => xxxx::IID */
175 memcpy(*hc06_ptr, &ipaddr->s6_addr16[4], 8);
176 *hc06_ptr += 8;
177 val = 1; /* 64-bits */
178 }
179
180 return rol8(val, shift);
181}
182
183static void
184lowpan_uip_ds6_set_addr_iid(struct in6_addr *ipaddr, unsigned char *lladdr)
185{
186 memcpy(&ipaddr->s6_addr[8], lladdr, IEEE802154_ALEN);
187 /* second bit-flip (Universe/Local) is done according RFC2464 */
188 ipaddr->s6_addr[8] ^= 0x02;
189}
190
191/*
192 * Uncompress addresses based on a prefix and a postfix with zeroes in
193 * between. If the postfix is zero in length it will use the link address
194 * to configure the IP address (autoconf style).
195 * pref_post_count takes a byte where the first nibble specify prefix count
196 * and the second postfix count (NOTE: 15/0xf => 16 bytes copy).
197 */
198static int
199lowpan_uncompress_addr(struct sk_buff *skb, struct in6_addr *ipaddr,
200 u8 const *prefix, u8 pref_post_count, unsigned char *lladdr)
201{
202 u8 prefcount = pref_post_count >> 4;
203 u8 postcount = pref_post_count & 0x0f;
204
205 /* full nibble 15 => 16 */
206 prefcount = (prefcount == 15 ? 16 : prefcount);
207 postcount = (postcount == 15 ? 16 : postcount);
208
209 if (lladdr)
210 lowpan_raw_dump_inline(__func__, "linklocal address",
211 lladdr, IEEE802154_ALEN);
212 if (prefcount > 0)
213 memcpy(ipaddr, prefix, prefcount);
214
215 if (prefcount + postcount < 16)
216 memset(&ipaddr->s6_addr[prefcount], 0,
217 16 - (prefcount + postcount));
218
219 if (postcount > 0) {
220 memcpy(&ipaddr->s6_addr[16 - postcount], skb->data, postcount);
221 skb_pull(skb, postcount);
222 } else if (prefcount > 0) {
223 if (lladdr == NULL)
224 return -EINVAL;
225
226 /* no IID based configuration if no prefix and no data */
227 lowpan_uip_ds6_set_addr_iid(ipaddr, lladdr);
228 }
229
230 pr_debug("(%s): uncompressing %d + %d => ", __func__, prefcount,
231 postcount);
232 lowpan_raw_dump_inline(NULL, NULL, ipaddr->s6_addr, 16);
233
234 return 0;
235}
236
237static u8 lowpan_fetch_skb_u8(struct sk_buff *skb)
238{
239 u8 ret;
240
241 ret = skb->data[0];
242 skb_pull(skb, 1);
243
244 return ret;
245}
246
247static int lowpan_header_create(struct sk_buff *skb,
248 struct net_device *dev,
249 unsigned short type, const void *_daddr,
250 const void *_saddr, unsigned len)
251{
252 u8 tmp, iphc0, iphc1, *hc06_ptr;
253 struct ipv6hdr *hdr;
254 const u8 *saddr = _saddr;
255 const u8 *daddr = _daddr;
256 u8 *head;
257 struct ieee802154_addr sa, da;
258
259 if (type != ETH_P_IPV6)
260 return 0;
261 /* TODO:
262 * if this package isn't ipv6 one, where should it be routed?
263 */
264 head = kzalloc(100, GFP_KERNEL);
265 if (head == NULL)
266 return -ENOMEM;
267
268 hdr = ipv6_hdr(skb);
269 hc06_ptr = head + 2;
270
271 pr_debug("(%s): IPv6 header dump:\n\tversion = %d\n\tlength = %d\n"
272 "\tnexthdr = 0x%02x\n\thop_lim = %d\n", __func__,
273 hdr->version, ntohs(hdr->payload_len), hdr->nexthdr,
274 hdr->hop_limit);
275
276 lowpan_raw_dump_table(__func__, "raw skb network header dump",
277 skb_network_header(skb), sizeof(struct ipv6hdr));
278
279 if (!saddr)
280 saddr = dev->dev_addr;
281
282 lowpan_raw_dump_inline(__func__, "saddr", (unsigned char *)saddr, 8);
283
284 /*
285 * As we copy some bit-length fields, in the IPHC encoding bytes,
286 * we sometimes use |=
287 * If the field is 0, and the current bit value in memory is 1,
288 * this does not work. We therefore reset the IPHC encoding here
289 */
290 iphc0 = LOWPAN_DISPATCH_IPHC;
291 iphc1 = 0;
292
293 /* TODO: context lookup */
294
295 lowpan_raw_dump_inline(__func__, "daddr", (unsigned char *)daddr, 8);
296
297 /*
298 * Traffic class, flow label
299 * If flow label is 0, compress it. If traffic class is 0, compress it
300 * We have to process both in the same time as the offset of traffic
301 * class depends on the presence of version and flow label
302 */
303
304 /* hc06 format of TC is ECN | DSCP , original one is DSCP | ECN */
305 tmp = (hdr->priority << 4) | (hdr->flow_lbl[0] >> 4);
306 tmp = ((tmp & 0x03) << 6) | (tmp >> 2);
307
308 if (((hdr->flow_lbl[0] & 0x0F) == 0) &&
309 (hdr->flow_lbl[1] == 0) && (hdr->flow_lbl[2] == 0)) {
310 /* flow label can be compressed */
311 iphc0 |= LOWPAN_IPHC_FL_C;
312 if ((hdr->priority == 0) &&
313 ((hdr->flow_lbl[0] & 0xF0) == 0)) {
314 /* compress (elide) all */
315 iphc0 |= LOWPAN_IPHC_TC_C;
316 } else {
317 /* compress only the flow label */
318 *hc06_ptr = tmp;
319 hc06_ptr += 1;
320 }
321 } else {
322 /* Flow label cannot be compressed */
323 if ((hdr->priority == 0) &&
324 ((hdr->flow_lbl[0] & 0xF0) == 0)) {
325 /* compress only traffic class */
326 iphc0 |= LOWPAN_IPHC_TC_C;
327 *hc06_ptr = (tmp & 0xc0) | (hdr->flow_lbl[0] & 0x0F);
328 memcpy(hc06_ptr + 1, &hdr->flow_lbl[1], 2);
329 hc06_ptr += 3;
330 } else {
331 /* compress nothing */
332 memcpy(hc06_ptr, &hdr, 4);
333 /* replace the top byte with new ECN | DSCP format */
334 *hc06_ptr = tmp;
335 hc06_ptr += 4;
336 }
337 }
338
339 /* NOTE: payload length is always compressed */
340
341 /* Next Header is compress if UDP */
342 if (hdr->nexthdr == UIP_PROTO_UDP)
343 iphc0 |= LOWPAN_IPHC_NH_C;
344
345/* TODO: next header compression */
346
347 if ((iphc0 & LOWPAN_IPHC_NH_C) == 0) {
348 *hc06_ptr = hdr->nexthdr;
349 hc06_ptr += 1;
350 }
351
352 /*
353 * Hop limit
354 * if 1: compress, encoding is 01
355 * if 64: compress, encoding is 10
356 * if 255: compress, encoding is 11
357 * else do not compress
358 */
359 switch (hdr->hop_limit) {
360 case 1:
361 iphc0 |= LOWPAN_IPHC_TTL_1;
362 break;
363 case 64:
364 iphc0 |= LOWPAN_IPHC_TTL_64;
365 break;
366 case 255:
367 iphc0 |= LOWPAN_IPHC_TTL_255;
368 break;
369 default:
370 *hc06_ptr = hdr->hop_limit;
371 break;
372 }
373
374 /* source address compression */
375 if (is_addr_unspecified(&hdr->saddr)) {
376 pr_debug("(%s): source address is unspecified, setting SAC\n",
377 __func__);
378 iphc1 |= LOWPAN_IPHC_SAC;
379 /* TODO: context lookup */
380 } else if (is_addr_link_local(&hdr->saddr)) {
381 pr_debug("(%s): source address is link-local\n", __func__);
382 iphc1 |= lowpan_compress_addr_64(&hc06_ptr,
383 LOWPAN_IPHC_SAM_BIT, &hdr->saddr, saddr);
384 } else {
385 pr_debug("(%s): send the full source address\n", __func__);
386 memcpy(hc06_ptr, &hdr->saddr.s6_addr16[0], 16);
387 hc06_ptr += 16;
388 }
389
390 /* destination address compression */
391 if (is_addr_mcast(&hdr->daddr)) {
392 pr_debug("(%s): destination address is multicast", __func__);
393 iphc1 |= LOWPAN_IPHC_M;
394 if (lowpan_is_mcast_addr_compressable8(&hdr->daddr)) {
395 pr_debug("compressed to 1 octet\n");
396 iphc1 |= LOWPAN_IPHC_DAM_11;
397 /* use last byte */
398 *hc06_ptr = hdr->daddr.s6_addr[15];
399 hc06_ptr += 1;
400 } else if (lowpan_is_mcast_addr_compressable32(&hdr->daddr)) {
401 pr_debug("compressed to 4 octets\n");
402 iphc1 |= LOWPAN_IPHC_DAM_10;
403 /* second byte + the last three */
404 *hc06_ptr = hdr->daddr.s6_addr[1];
405 memcpy(hc06_ptr + 1, &hdr->daddr.s6_addr[13], 3);
406 hc06_ptr += 4;
407 } else if (lowpan_is_mcast_addr_compressable48(&hdr->daddr)) {
408 pr_debug("compressed to 6 octets\n");
409 iphc1 |= LOWPAN_IPHC_DAM_01;
410 /* second byte + the last five */
411 *hc06_ptr = hdr->daddr.s6_addr[1];
412 memcpy(hc06_ptr + 1, &hdr->daddr.s6_addr[11], 5);
413 hc06_ptr += 6;
414 } else {
415 pr_debug("using full address\n");
416 iphc1 |= LOWPAN_IPHC_DAM_00;
417 memcpy(hc06_ptr, &hdr->daddr.s6_addr[0], 16);
418 hc06_ptr += 16;
419 }
420 } else {
421 pr_debug("(%s): destination address is unicast: ", __func__);
422 /* TODO: context lookup */
423 if (is_addr_link_local(&hdr->daddr)) {
424 pr_debug("destination address is link-local\n");
425 iphc1 |= lowpan_compress_addr_64(&hc06_ptr,
426 LOWPAN_IPHC_DAM_BIT, &hdr->daddr, daddr);
427 } else {
428 pr_debug("using full address\n");
429 memcpy(hc06_ptr, &hdr->daddr.s6_addr16[0], 16);
430 hc06_ptr += 16;
431 }
432 }
433
434 /* TODO: UDP header compression */
435 /* TODO: Next Header compression */
436
437 head[0] = iphc0;
438 head[1] = iphc1;
439
440 skb_pull(skb, sizeof(struct ipv6hdr));
441 memcpy(skb_push(skb, hc06_ptr - head), head, hc06_ptr - head);
442
443 kfree(head);
444
445 lowpan_raw_dump_table(__func__, "raw skb data dump", skb->data,
446 skb->len);
447
448 /*
449 * NOTE1: I'm still unsure about the fact that compression and WPAN
450 * header are created here and not later in the xmit. So wait for
451 * an opinion of net maintainers.
452 */
453 /*
454 * NOTE2: to be absolutely correct, we must derive PANid information
455 * from MAC subif of the 'dev' and 'real_dev' network devices, but
456 * this isn't implemented in mainline yet, so currently we assign 0xff
457 */
458 {
459 /* prepare wpan address data */
460 sa.addr_type = IEEE802154_ADDR_LONG;
461 sa.pan_id = 0xff;
462
463 da.addr_type = IEEE802154_ADDR_LONG;
464 da.pan_id = 0xff;
465
466 memcpy(&(da.hwaddr), daddr, 8);
467 memcpy(&(sa.hwaddr), saddr, 8);
468
469 mac_cb(skb)->flags = IEEE802154_FC_TYPE_DATA;
470 return dev_hard_header(skb, lowpan_dev_info(dev)->real_dev,
471 type, (void *)&da, (void *)&sa, skb->len);
472 }
473}
474
475static int lowpan_skb_deliver(struct sk_buff *skb, struct ipv6hdr *hdr)
476{
477 struct sk_buff *new;
478 struct lowpan_dev_record *entry;
479 int stat = NET_RX_SUCCESS;
480
481 new = skb_copy_expand(skb, sizeof(struct ipv6hdr), skb_tailroom(skb),
482 GFP_ATOMIC);
483 kfree_skb(skb);
484
485 if (!new)
486 return -ENOMEM;
487
488 skb_push(new, sizeof(struct ipv6hdr));
489 skb_reset_network_header(new);
490 skb_copy_to_linear_data(new, hdr, sizeof(struct ipv6hdr));
491
492 new->protocol = htons(ETH_P_IPV6);
493 new->pkt_type = PACKET_HOST;
494
495 rcu_read_lock();
496 list_for_each_entry_rcu(entry, &lowpan_devices, list)
497 if (lowpan_dev_info(entry->ldev)->real_dev == new->dev) {
498 skb = skb_copy(new, GFP_ATOMIC);
499 if (!skb) {
500 stat = -ENOMEM;
501 break;
502 }
503
504 skb->dev = entry->ldev;
505 stat = netif_rx(skb);
506 }
507 rcu_read_unlock();
508
509 kfree_skb(new);
510
511 return stat;
512}
513
514static int
515lowpan_process_data(struct sk_buff *skb)
516{
517 struct ipv6hdr hdr;
518 u8 tmp, iphc0, iphc1, num_context = 0;
519 u8 *_saddr, *_daddr;
520 int err;
521
522 lowpan_raw_dump_table(__func__, "raw skb data dump", skb->data,
523 skb->len);
524 /* at least two bytes will be used for the encoding */
525 if (skb->len < 2)
526 goto drop;
527 iphc0 = lowpan_fetch_skb_u8(skb);
528 iphc1 = lowpan_fetch_skb_u8(skb);
529
530 _saddr = mac_cb(skb)->sa.hwaddr;
531 _daddr = mac_cb(skb)->da.hwaddr;
532
533 pr_debug("(%s): iphc0 = %02x, iphc1 = %02x\n", __func__, iphc0, iphc1);
534
535 /* another if the CID flag is set */
536 if (iphc1 & LOWPAN_IPHC_CID) {
537 pr_debug("(%s): CID flag is set, increase header with one\n",
538 __func__);
539 if (!skb->len)
540 goto drop;
541 num_context = lowpan_fetch_skb_u8(skb);
542 }
543
544 hdr.version = 6;
545
546 /* Traffic Class and Flow Label */
547 switch ((iphc0 & LOWPAN_IPHC_TF) >> 3) {
548 /*
549 * Traffic Class and FLow Label carried in-line
550 * ECN + DSCP + 4-bit Pad + Flow Label (4 bytes)
551 */
552 case 0: /* 00b */
553 if (!skb->len)
554 goto drop;
555 tmp = lowpan_fetch_skb_u8(skb);
556 memcpy(&hdr.flow_lbl, &skb->data[0], 3);
557 skb_pull(skb, 3);
558 hdr.priority = ((tmp >> 2) & 0x0f);
559 hdr.flow_lbl[0] = ((tmp >> 2) & 0x30) | (tmp << 6) |
560 (hdr.flow_lbl[0] & 0x0f);
561 break;
562 /*
563 * Traffic class carried in-line
564 * ECN + DSCP (1 byte), Flow Label is elided
565 */
566 case 1: /* 10b */
567 if (!skb->len)
568 goto drop;
569 tmp = lowpan_fetch_skb_u8(skb);
570 hdr.priority = ((tmp >> 2) & 0x0f);
571 hdr.flow_lbl[0] = ((tmp << 6) & 0xC0) | ((tmp >> 2) & 0x30);
572 hdr.flow_lbl[1] = 0;
573 hdr.flow_lbl[2] = 0;
574 break;
575 /*
576 * Flow Label carried in-line
577 * ECN + 2-bit Pad + Flow Label (3 bytes), DSCP is elided
578 */
579 case 2: /* 01b */
580 if (!skb->len)
581 goto drop;
582 tmp = lowpan_fetch_skb_u8(skb);
583 hdr.flow_lbl[0] = (skb->data[0] & 0x0F) | ((tmp >> 2) & 0x30);
584 memcpy(&hdr.flow_lbl[1], &skb->data[0], 2);
585 skb_pull(skb, 2);
586 break;
587 /* Traffic Class and Flow Label are elided */
588 case 3: /* 11b */
589 hdr.priority = 0;
590 hdr.flow_lbl[0] = 0;
591 hdr.flow_lbl[1] = 0;
592 hdr.flow_lbl[2] = 0;
593 break;
594 default:
595 break;
596 }
597
598 /* Next Header */
599 if ((iphc0 & LOWPAN_IPHC_NH_C) == 0) {
600 /* Next header is carried inline */
601 if (!skb->len)
602 goto drop;
603 hdr.nexthdr = lowpan_fetch_skb_u8(skb);
604 pr_debug("(%s): NH flag is set, next header is carried "
605 "inline: %02x\n", __func__, hdr.nexthdr);
606 }
607
608 /* Hop Limit */
609 if ((iphc0 & 0x03) != LOWPAN_IPHC_TTL_I)
610 hdr.hop_limit = lowpan_ttl_values[iphc0 & 0x03];
611 else {
612 if (!skb->len)
613 goto drop;
614 hdr.hop_limit = lowpan_fetch_skb_u8(skb);
615 }
616
617 /* Extract SAM to the tmp variable */
618 tmp = ((iphc1 & LOWPAN_IPHC_SAM) >> LOWPAN_IPHC_SAM_BIT) & 0x03;
619
620 /* Source address uncompression */
621 pr_debug("(%s): source address stateless compression\n", __func__);
622 err = lowpan_uncompress_addr(skb, &hdr.saddr, lowpan_llprefix,
623 lowpan_unc_llconf[tmp], skb->data);
624 if (err)
625 goto drop;
626
627 /* Extract DAM to the tmp variable */
628 tmp = ((iphc1 & LOWPAN_IPHC_DAM_11) >> LOWPAN_IPHC_DAM_BIT) & 0x03;
629
630 /* check for Multicast Compression */
631 if (iphc1 & LOWPAN_IPHC_M) {
632 if (iphc1 & LOWPAN_IPHC_DAC) {
633 pr_debug("(%s): destination address context-based "
634 "multicast compression\n", __func__);
635 /* TODO: implement this */
636 } else {
637 u8 prefix[] = {0xff, 0x02};
638
639 pr_debug("(%s): destination address non-context-based"
640 " multicast compression\n", __func__);
641 if (0 < tmp && tmp < 3) {
642 if (!skb->len)
643 goto drop;
644 else
645 prefix[1] = lowpan_fetch_skb_u8(skb);
646 }
647
648 err = lowpan_uncompress_addr(skb, &hdr.daddr, prefix,
649 lowpan_unc_mxconf[tmp], NULL);
650 if (err)
651 goto drop;
652 }
653 } else {
654 pr_debug("(%s): destination address stateless compression\n",
655 __func__);
656 err = lowpan_uncompress_addr(skb, &hdr.daddr, lowpan_llprefix,
657 lowpan_unc_llconf[tmp], skb->data);
658 if (err)
659 goto drop;
660 }
661
662 /* TODO: UDP header parse */
663
664 /* Not fragmented package */
665 hdr.payload_len = htons(skb->len);
666
667 pr_debug("(%s): skb headroom size = %d, data length = %d\n", __func__,
668 skb_headroom(skb), skb->len);
669
670 pr_debug("(%s): IPv6 header dump:\n\tversion = %d\n\tlength = %d\n\t"
671 "nexthdr = 0x%02x\n\thop_lim = %d\n", __func__, hdr.version,
672 ntohs(hdr.payload_len), hdr.nexthdr, hdr.hop_limit);
673
674 lowpan_raw_dump_table(__func__, "raw header dump", (u8 *)&hdr,
675 sizeof(hdr));
676 return lowpan_skb_deliver(skb, &hdr);
677drop:
678 kfree_skb(skb);
679 return -EINVAL;
680}
681
682static int lowpan_set_address(struct net_device *dev, void *p)
683{
684 struct sockaddr *sa = p;
685
686 if (netif_running(dev))
687 return -EBUSY;
688
689 /* TODO: validate addr */
690 memcpy(dev->dev_addr, sa->sa_data, dev->addr_len);
691
692 return 0;
693}
694
695static netdev_tx_t lowpan_xmit(struct sk_buff *skb, struct net_device *dev)
696{
697 int err = 0;
698
699 pr_debug("(%s): package xmit\n", __func__);
700
701 skb->dev = lowpan_dev_info(dev)->real_dev;
702 if (skb->dev == NULL) {
703 pr_debug("(%s) ERROR: no real wpan device found\n", __func__);
704 dev_kfree_skb(skb);
705 } else
706 err = dev_queue_xmit(skb);
707
708 return (err < 0 ? NETDEV_TX_BUSY : NETDEV_TX_OK);
709}
710
711static void lowpan_dev_free(struct net_device *dev)
712{
713 dev_put(lowpan_dev_info(dev)->real_dev);
714 free_netdev(dev);
715}
716
717static struct header_ops lowpan_header_ops = {
718 .create = lowpan_header_create,
719};
720
721static const struct net_device_ops lowpan_netdev_ops = {
722 .ndo_start_xmit = lowpan_xmit,
723 .ndo_set_mac_address = lowpan_set_address,
724};
725
726static void lowpan_setup(struct net_device *dev)
727{
728 pr_debug("(%s)\n", __func__);
729
730 dev->addr_len = IEEE802154_ADDR_LEN;
731 memset(dev->broadcast, 0xff, IEEE802154_ADDR_LEN);
732 dev->type = ARPHRD_IEEE802154;
733 dev->features = NETIF_F_NO_CSUM;
734 /* Frame Control + Sequence Number + Address fields + Security Header */
735 dev->hard_header_len = 2 + 1 + 20 + 14;
736 dev->needed_tailroom = 2; /* FCS */
737 dev->mtu = 1281;
738 dev->tx_queue_len = 0;
739 dev->flags = IFF_NOARP | IFF_BROADCAST;
740 dev->watchdog_timeo = 0;
741
742 dev->netdev_ops = &lowpan_netdev_ops;
743 dev->header_ops = &lowpan_header_ops;
744 dev->destructor = lowpan_dev_free;
745}
746
747static int lowpan_validate(struct nlattr *tb[], struct nlattr *data[])
748{
749 pr_debug("(%s)\n", __func__);
750
751 if (tb[IFLA_ADDRESS]) {
752 if (nla_len(tb[IFLA_ADDRESS]) != IEEE802154_ADDR_LEN)
753 return -EINVAL;
754 }
755 return 0;
756}
757
758static int lowpan_rcv(struct sk_buff *skb, struct net_device *dev,
759 struct packet_type *pt, struct net_device *orig_dev)
760{
761 if (!netif_running(dev))
762 goto drop;
763
764 if (dev->type != ARPHRD_IEEE802154)
765 goto drop;
766
767 /* check that it's our buffer */
768 if ((skb->data[0] & 0xe0) == 0x60)
769 lowpan_process_data(skb);
770
771 return NET_RX_SUCCESS;
772
773drop:
774 kfree_skb(skb);
775 return NET_RX_DROP;
776}
777
778static int lowpan_newlink(struct net *src_net, struct net_device *dev,
779 struct nlattr *tb[], struct nlattr *data[])
780{
781 struct net_device *real_dev;
782 struct lowpan_dev_record *entry;
783
784 pr_debug("(%s)\n", __func__);
785
786 if (!tb[IFLA_LINK])
787 return -EINVAL;
788 /* find and hold real wpan device */
789 real_dev = dev_get_by_index(src_net, nla_get_u32(tb[IFLA_LINK]));
790 if (!real_dev)
791 return -ENODEV;
792
793 lowpan_dev_info(dev)->real_dev = real_dev;
794 mutex_init(&lowpan_dev_info(dev)->dev_list_mtx);
795
796 entry = kzalloc(sizeof(struct lowpan_dev_record), GFP_KERNEL);
797 if (!entry) {
798 dev_put(real_dev);
799 lowpan_dev_info(dev)->real_dev = NULL;
800 return -ENOMEM;
801 }
802
803 entry->ldev = dev;
804
805 mutex_lock(&lowpan_dev_info(dev)->dev_list_mtx);
806 INIT_LIST_HEAD(&entry->list);
807 list_add_tail(&entry->list, &lowpan_devices);
808 mutex_unlock(&lowpan_dev_info(dev)->dev_list_mtx);
809
810 register_netdevice(dev);
811
812 return 0;
813}
814
815static void lowpan_dellink(struct net_device *dev, struct list_head *head)
816{
817 struct lowpan_dev_info *lowpan_dev = lowpan_dev_info(dev);
818 struct net_device *real_dev = lowpan_dev->real_dev;
819 struct lowpan_dev_record *entry;
820 struct lowpan_dev_record *tmp;
821
822 ASSERT_RTNL();
823
824 mutex_lock(&lowpan_dev_info(dev)->dev_list_mtx);
825 list_for_each_entry_safe(entry, tmp, &lowpan_devices, list) {
826 if (entry->ldev == dev) {
827 list_del(&entry->list);
828 kfree(entry);
829 }
830 }
831 mutex_unlock(&lowpan_dev_info(dev)->dev_list_mtx);
832
833 mutex_destroy(&lowpan_dev_info(dev)->dev_list_mtx);
834
835 unregister_netdevice_queue(dev, head);
836
837 dev_put(real_dev);
838}
839
840static struct rtnl_link_ops lowpan_link_ops __read_mostly = {
841 .kind = "lowpan",
842 .priv_size = sizeof(struct lowpan_dev_info),
843 .setup = lowpan_setup,
844 .newlink = lowpan_newlink,
845 .dellink = lowpan_dellink,
846 .validate = lowpan_validate,
847};
848
849static inline int __init lowpan_netlink_init(void)
850{
851 return rtnl_link_register(&lowpan_link_ops);
852}
853
854static inline void __init lowpan_netlink_fini(void)
855{
856 rtnl_link_unregister(&lowpan_link_ops);
857}
858
859static struct packet_type lowpan_packet_type = {
860 .type = __constant_htons(ETH_P_IEEE802154),
861 .func = lowpan_rcv,
862};
863
864static int __init lowpan_init_module(void)
865{
866 int err = 0;
867
868 pr_debug("(%s)\n", __func__);
869
870 err = lowpan_netlink_init();
871 if (err < 0)
872 goto out;
873
874 dev_add_pack(&lowpan_packet_type);
875out:
876 return err;
877}
878
879static void __exit lowpan_cleanup_module(void)
880{
881 pr_debug("(%s)\n", __func__);
882
883 lowpan_netlink_fini();
884
885 dev_remove_pack(&lowpan_packet_type);
886}
887
888module_init(lowpan_init_module);
889module_exit(lowpan_cleanup_module);
890MODULE_LICENSE("GPL");
891MODULE_ALIAS_RTNL_LINK("lowpan");
diff --git a/net/ieee802154/6lowpan.h b/net/ieee802154/6lowpan.h
new file mode 100644
index 000000000000..5d8cf80b930d
--- /dev/null
+++ b/net/ieee802154/6lowpan.h
@@ -0,0 +1,212 @@
1/*
2 * Copyright 2011, Siemens AG
3 * written by Alexander Smirnov <alex.bluesman.smirnov@gmail.com>
4 */
5
6/*
7 * Based on patches from Jon Smirl <jonsmirl@gmail.com>
8 * Copyright (c) 2011 Jon Smirl <jonsmirl@gmail.com>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, write to the Free Software Foundation, Inc.,
21 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22 */
23
24/* Jon's code is based on 6lowpan implementation for Contiki which is:
25 * Copyright (c) 2008, Swedish Institute of Computer Science.
26 * All rights reserved.
27 *
28 * Redistribution and use in source and binary forms, with or without
29 * modification, are permitted provided that the following conditions
30 * are met:
31 * 1. Redistributions of source code must retain the above copyright
32 * notice, this list of conditions and the following disclaimer.
33 * 2. Redistributions in binary form must reproduce the above copyright
34 * notice, this list of conditions and the following disclaimer in the
35 * documentation and/or other materials provided with the distribution.
36 * 3. Neither the name of the Institute nor the names of its contributors
37 * may be used to endorse or promote products derived from this software
38 * without specific prior written permission.
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50 * SUCH DAMAGE.
51 */
52
53#ifndef __6LOWPAN_H__
54#define __6LOWPAN_H__
55
56/* need to know address length to manipulate with it */
57#define IEEE802154_ALEN 8
58
59#define UIP_802154_SHORTADDR_LEN 2 /* compressed ipv6 address length */
60#define UIP_IPH_LEN 40 /* ipv6 fixed header size */
61#define UIP_PROTO_UDP 17 /* ipv6 next header value for UDP */
62#define UIP_FRAGH_LEN 8 /* ipv6 fragment header size */
63
64/*
65 * ipv6 address based on mac
66 * second bit-flip (Universe/Local) is done according RFC2464
67 */
68#define is_addr_mac_addr_based(a, m) \
69 ((((a)->s6_addr[8]) == (((m)[0]) ^ 0x02)) && \
70 (((a)->s6_addr[9]) == (m)[1]) && \
71 (((a)->s6_addr[10]) == (m)[2]) && \
72 (((a)->s6_addr[11]) == (m)[3]) && \
73 (((a)->s6_addr[12]) == (m)[4]) && \
74 (((a)->s6_addr[13]) == (m)[5]) && \
75 (((a)->s6_addr[14]) == (m)[6]) && \
76 (((a)->s6_addr[15]) == (m)[7]))
77
78/* ipv6 address is unspecified */
79#define is_addr_unspecified(a) \
80 ((((a)->s6_addr32[0]) == 0) && \
81 (((a)->s6_addr32[1]) == 0) && \
82 (((a)->s6_addr32[2]) == 0) && \
83 (((a)->s6_addr32[3]) == 0))
84
85/* compare ipv6 addresses prefixes */
86#define ipaddr_prefixcmp(addr1, addr2, length) \
87 (memcmp(addr1, addr2, length >> 3) == 0)
88
89/* local link, i.e. FE80::/10 */
90#define is_addr_link_local(a) (((a)->s6_addr16[0]) == 0x80FE)
91
92/*
93 * check whether we can compress the IID to 16 bits,
94 * it's possible for unicast adresses with first 49 bits are zero only.
95 */
96#define lowpan_is_iid_16_bit_compressable(a) \
97 ((((a)->s6_addr16[4]) == 0) && \
98 (((a)->s6_addr16[5]) == 0) && \
99 (((a)->s6_addr16[6]) == 0) && \
100 ((((a)->s6_addr[14]) & 0x80) == 0))
101
102/* multicast address */
103#define is_addr_mcast(a) (((a)->s6_addr[0]) == 0xFF)
104
105/* check whether the 112-bit gid of the multicast address is mappable to: */
106
107/* 9 bits, for FF02::1 (all nodes) and FF02::2 (all routers) addresses only. */
108#define lowpan_is_mcast_addr_compressable(a) \
109 ((((a)->s6_addr16[1]) == 0) && \
110 (((a)->s6_addr16[2]) == 0) && \
111 (((a)->s6_addr16[3]) == 0) && \
112 (((a)->s6_addr16[4]) == 0) && \
113 (((a)->s6_addr16[5]) == 0) && \
114 (((a)->s6_addr16[6]) == 0) && \
115 (((a)->s6_addr[14]) == 0) && \
116 ((((a)->s6_addr[15]) == 1) || (((a)->s6_addr[15]) == 2)))
117
118/* 48 bits, FFXX::00XX:XXXX:XXXX */
119#define lowpan_is_mcast_addr_compressable48(a) \
120 ((((a)->s6_addr16[1]) == 0) && \
121 (((a)->s6_addr16[2]) == 0) && \
122 (((a)->s6_addr16[3]) == 0) && \
123 (((a)->s6_addr16[4]) == 0) && \
124 (((a)->s6_addr[10]) == 0))
125
126/* 32 bits, FFXX::00XX:XXXX */
127#define lowpan_is_mcast_addr_compressable32(a) \
128 ((((a)->s6_addr16[1]) == 0) && \
129 (((a)->s6_addr16[2]) == 0) && \
130 (((a)->s6_addr16[3]) == 0) && \
131 (((a)->s6_addr16[4]) == 0) && \
132 (((a)->s6_addr16[5]) == 0) && \
133 (((a)->s6_addr[12]) == 0))
134
135/* 8 bits, FF02::00XX */
136#define lowpan_is_mcast_addr_compressable8(a) \
137 ((((a)->s6_addr[1]) == 2) && \
138 (((a)->s6_addr16[1]) == 0) && \
139 (((a)->s6_addr16[2]) == 0) && \
140 (((a)->s6_addr16[3]) == 0) && \
141 (((a)->s6_addr16[4]) == 0) && \
142 (((a)->s6_addr16[5]) == 0) && \
143 (((a)->s6_addr16[6]) == 0) && \
144 (((a)->s6_addr[14]) == 0))
145
146#define lowpan_is_addr_broadcast(a) \
147 ((((a)[0]) == 0xFF) && \
148 (((a)[1]) == 0xFF) && \
149 (((a)[2]) == 0xFF) && \
150 (((a)[3]) == 0xFF) && \
151 (((a)[4]) == 0xFF) && \
152 (((a)[5]) == 0xFF) && \
153 (((a)[6]) == 0xFF) && \
154 (((a)[7]) == 0xFF))
155
156#define LOWPAN_DISPATCH_IPV6 0x41 /* 01000001 = 65 */
157#define LOWPAN_DISPATCH_HC1 0x42 /* 01000010 = 66 */
158#define LOWPAN_DISPATCH_IPHC 0x60 /* 011xxxxx = ... */
159#define LOWPAN_DISPATCH_FRAG1 0xc0 /* 11000xxx */
160#define LOWPAN_DISPATCH_FRAGN 0xe0 /* 11100xxx */
161
162/*
163 * Values of fields within the IPHC encoding first byte
164 * (C stands for compressed and I for inline)
165 */
166#define LOWPAN_IPHC_TF 0x18
167
168#define LOWPAN_IPHC_FL_C 0x10
169#define LOWPAN_IPHC_TC_C 0x08
170#define LOWPAN_IPHC_NH_C 0x04
171#define LOWPAN_IPHC_TTL_1 0x01
172#define LOWPAN_IPHC_TTL_64 0x02
173#define LOWPAN_IPHC_TTL_255 0x03
174#define LOWPAN_IPHC_TTL_I 0x00
175
176
177/* Values of fields within the IPHC encoding second byte */
178#define LOWPAN_IPHC_CID 0x80
179
180#define LOWPAN_IPHC_SAC 0x40
181#define LOWPAN_IPHC_SAM_00 0x00
182#define LOWPAN_IPHC_SAM_01 0x10
183#define LOWPAN_IPHC_SAM_10 0x20
184#define LOWPAN_IPHC_SAM 0x30
185
186#define LOWPAN_IPHC_SAM_BIT 4
187
188#define LOWPAN_IPHC_M 0x08
189#define LOWPAN_IPHC_DAC 0x04
190#define LOWPAN_IPHC_DAM_00 0x00
191#define LOWPAN_IPHC_DAM_01 0x01
192#define LOWPAN_IPHC_DAM_10 0x02
193#define LOWPAN_IPHC_DAM_11 0x03
194
195#define LOWPAN_IPHC_DAM_BIT 0
196/*
197 * LOWPAN_UDP encoding (works together with IPHC)
198 */
199#define LOWPAN_NHC_UDP_MASK 0xF8
200#define LOWPAN_NHC_UDP_ID 0xF0
201#define LOWPAN_NHC_UDP_CHECKSUMC 0x04
202#define LOWPAN_NHC_UDP_CHECKSUMI 0x00
203
204/* values for port compression, _with checksum_ ie bit 5 set to 0 */
205#define LOWPAN_NHC_UDP_CS_P_00 0xF0 /* all inline */
206#define LOWPAN_NHC_UDP_CS_P_01 0xF1 /* source 16bit inline,
207 dest = 0xF0 + 8 bit inline */
208#define LOWPAN_NHC_UDP_CS_P_10 0xF2 /* source = 0xF0 + 8bit inline,
209 dest = 16 bit inline */
210#define LOWPAN_NHC_UDP_CS_P_11 0xF3 /* source & dest = 0xF0B + 4bit inline */
211
212#endif /* __6LOWPAN_H__ */
diff --git a/net/ieee802154/Kconfig b/net/ieee802154/Kconfig
index 1c1de97d264a..7dee65052925 100644
--- a/net/ieee802154/Kconfig
+++ b/net/ieee802154/Kconfig
@@ -10,3 +10,9 @@ config IEEE802154
10 10
11 Say Y here to compile LR-WPAN support into the kernel or say M to 11 Say Y here to compile LR-WPAN support into the kernel or say M to
12 compile it as modules. 12 compile it as modules.
13
14config IEEE802154_6LOWPAN
15 tristate "6lowpan support over IEEE 802.15.4"
16 depends on IEEE802154 && IPV6
17 ---help---
18 IPv6 compression over IEEE 802.15.4.
diff --git a/net/ieee802154/Makefile b/net/ieee802154/Makefile
index 5761185f884e..d7716d64c6bb 100644
--- a/net/ieee802154/Makefile
+++ b/net/ieee802154/Makefile
@@ -1,3 +1,5 @@
1obj-$(CONFIG_IEEE802154) += ieee802154.o af_802154.o 1obj-$(CONFIG_IEEE802154) += ieee802154.o af_802154.o
2ieee802154-y := netlink.o nl-mac.o nl-phy.o nl_policy.o wpan-class.o 2obj-$(CONFIG_IEEE802154_6LOWPAN) += 6lowpan.o
3af_802154-y := af_ieee802154.o raw.o dgram.o 3
4ieee802154-y := netlink.o nl-mac.o nl-phy.o nl_policy.o wpan-class.o
5af_802154-y := af_ieee802154.o raw.o dgram.o
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index 1b745d412cf6..1b5096a9875a 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -466,8 +466,13 @@ int inet_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
466 goto out; 466 goto out;
467 467
468 if (addr->sin_family != AF_INET) { 468 if (addr->sin_family != AF_INET) {
469 /* Compatibility games : accept AF_UNSPEC (mapped to AF_INET)
470 * only if s_addr is INADDR_ANY.
471 */
469 err = -EAFNOSUPPORT; 472 err = -EAFNOSUPPORT;
470 goto out; 473 if (addr->sin_family != AF_UNSPEC ||
474 addr->sin_addr.s_addr != htonl(INADDR_ANY))
475 goto out;
471 } 476 }
472 477
473 chk_addr_ret = inet_addr_type(sock_net(sk), addr->sin_addr.s_addr); 478 chk_addr_ret = inet_addr_type(sock_net(sk), addr->sin_addr.s_addr);
@@ -888,7 +893,7 @@ int inet_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
888EXPORT_SYMBOL(inet_ioctl); 893EXPORT_SYMBOL(inet_ioctl);
889 894
890#ifdef CONFIG_COMPAT 895#ifdef CONFIG_COMPAT
891int inet_compat_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) 896static int inet_compat_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
892{ 897{
893 struct sock *sk = sock->sk; 898 struct sock *sk = sock->sk;
894 int err = -ENOIOCTLCMD; 899 int err = -ENOIOCTLCMD;
diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c
index 2c2a98e402e7..86f3b885b4f3 100644
--- a/net/ipv4/cipso_ipv4.c
+++ b/net/ipv4/cipso_ipv4.c
@@ -476,7 +476,7 @@ int cipso_v4_doi_add(struct cipso_v4_doi *doi_def,
476 doi = doi_def->doi; 476 doi = doi_def->doi;
477 doi_type = doi_def->type; 477 doi_type = doi_def->type;
478 478
479 if (doi_def == NULL || doi_def->doi == CIPSO_V4_DOI_UNKNOWN) 479 if (doi_def->doi == CIPSO_V4_DOI_UNKNOWN)
480 goto doi_add_return; 480 goto doi_add_return;
481 for (iter = 0; iter < CIPSO_V4_TAG_MAXCNT; iter++) { 481 for (iter = 0; iter < CIPSO_V4_TAG_MAXCNT; iter++) {
482 switch (doi_def->tags[iter]) { 482 switch (doi_def->tags[iter]) {
diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
index bc19bd06dd00..c6b5092f29a1 100644
--- a/net/ipv4/devinet.c
+++ b/net/ipv4/devinet.c
@@ -258,7 +258,7 @@ static struct in_device *inetdev_init(struct net_device *dev)
258 ip_mc_up(in_dev); 258 ip_mc_up(in_dev);
259 259
260 /* we can receive as soon as ip_ptr is set -- do this last */ 260 /* we can receive as soon as ip_ptr is set -- do this last */
261 rcu_assign_pointer(dev->ip_ptr, in_dev); 261 RCU_INIT_POINTER(dev->ip_ptr, in_dev);
262out: 262out:
263 return in_dev; 263 return in_dev;
264out_kfree: 264out_kfree:
@@ -291,7 +291,7 @@ static void inetdev_destroy(struct in_device *in_dev)
291 inet_free_ifa(ifa); 291 inet_free_ifa(ifa);
292 } 292 }
293 293
294 rcu_assign_pointer(dev->ip_ptr, NULL); 294 RCU_INIT_POINTER(dev->ip_ptr, NULL);
295 295
296 devinet_sysctl_unregister(in_dev); 296 devinet_sysctl_unregister(in_dev);
297 neigh_parms_release(&arp_tbl, in_dev->arp_parms); 297 neigh_parms_release(&arp_tbl, in_dev->arp_parms);
@@ -1175,7 +1175,7 @@ static int inetdev_event(struct notifier_block *this, unsigned long event,
1175 switch (event) { 1175 switch (event) {
1176 case NETDEV_REGISTER: 1176 case NETDEV_REGISTER:
1177 printk(KERN_DEBUG "inetdev_event: bug\n"); 1177 printk(KERN_DEBUG "inetdev_event: bug\n");
1178 rcu_assign_pointer(dev->ip_ptr, NULL); 1178 RCU_INIT_POINTER(dev->ip_ptr, NULL);
1179 break; 1179 break;
1180 case NETDEV_UP: 1180 case NETDEV_UP:
1181 if (!inetdev_valid_mtu(dev->mtu)) 1181 if (!inetdev_valid_mtu(dev->mtu))
diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c
index 33e2c35b74b7..80106d89d548 100644
--- a/net/ipv4/fib_semantics.c
+++ b/net/ipv4/fib_semantics.c
@@ -142,6 +142,14 @@ const struct fib_prop fib_props[RTN_MAX + 1] = {
142}; 142};
143 143
144/* Release a nexthop info record */ 144/* Release a nexthop info record */
145static void free_fib_info_rcu(struct rcu_head *head)
146{
147 struct fib_info *fi = container_of(head, struct fib_info, rcu);
148
149 if (fi->fib_metrics != (u32 *) dst_default_metrics)
150 kfree(fi->fib_metrics);
151 kfree(fi);
152}
145 153
146void free_fib_info(struct fib_info *fi) 154void free_fib_info(struct fib_info *fi)
147{ 155{
@@ -156,7 +164,7 @@ void free_fib_info(struct fib_info *fi)
156 } endfor_nexthops(fi); 164 } endfor_nexthops(fi);
157 fib_info_cnt--; 165 fib_info_cnt--;
158 release_net(fi->fib_net); 166 release_net(fi->fib_net);
159 kfree_rcu(fi, rcu); 167 call_rcu(&fi->rcu, free_fib_info_rcu);
160} 168}
161 169
162void fib_release_info(struct fib_info *fi) 170void fib_release_info(struct fib_info *fi)
diff --git a/net/ipv4/fib_trie.c b/net/ipv4/fib_trie.c
index de9e2978476f..89d6f71a6a99 100644
--- a/net/ipv4/fib_trie.c
+++ b/net/ipv4/fib_trie.c
@@ -204,7 +204,7 @@ static inline struct tnode *node_parent_rcu(const struct rt_trie_node *node)
204 return (struct tnode *)(parent & ~NODE_TYPE_MASK); 204 return (struct tnode *)(parent & ~NODE_TYPE_MASK);
205} 205}
206 206
207/* Same as rcu_assign_pointer 207/* Same as RCU_INIT_POINTER
208 * but that macro() assumes that value is a pointer. 208 * but that macro() assumes that value is a pointer.
209 */ 209 */
210static inline void node_set_parent(struct rt_trie_node *node, struct tnode *ptr) 210static inline void node_set_parent(struct rt_trie_node *node, struct tnode *ptr)
@@ -528,7 +528,7 @@ static void tnode_put_child_reorg(struct tnode *tn, int i, struct rt_trie_node *
528 if (n) 528 if (n)
529 node_set_parent(n, tn); 529 node_set_parent(n, tn);
530 530
531 rcu_assign_pointer(tn->child[i], n); 531 RCU_INIT_POINTER(tn->child[i], n);
532} 532}
533 533
534#define MAX_WORK 10 534#define MAX_WORK 10
@@ -1014,7 +1014,7 @@ static void trie_rebalance(struct trie *t, struct tnode *tn)
1014 1014
1015 tp = node_parent((struct rt_trie_node *) tn); 1015 tp = node_parent((struct rt_trie_node *) tn);
1016 if (!tp) 1016 if (!tp)
1017 rcu_assign_pointer(t->trie, (struct rt_trie_node *)tn); 1017 RCU_INIT_POINTER(t->trie, (struct rt_trie_node *)tn);
1018 1018
1019 tnode_free_flush(); 1019 tnode_free_flush();
1020 if (!tp) 1020 if (!tp)
@@ -1026,7 +1026,7 @@ static void trie_rebalance(struct trie *t, struct tnode *tn)
1026 if (IS_TNODE(tn)) 1026 if (IS_TNODE(tn))
1027 tn = (struct tnode *)resize(t, (struct tnode *)tn); 1027 tn = (struct tnode *)resize(t, (struct tnode *)tn);
1028 1028
1029 rcu_assign_pointer(t->trie, (struct rt_trie_node *)tn); 1029 RCU_INIT_POINTER(t->trie, (struct rt_trie_node *)tn);
1030 tnode_free_flush(); 1030 tnode_free_flush();
1031} 1031}
1032 1032
@@ -1163,7 +1163,7 @@ static struct list_head *fib_insert_node(struct trie *t, u32 key, int plen)
1163 put_child(t, (struct tnode *)tp, cindex, 1163 put_child(t, (struct tnode *)tp, cindex,
1164 (struct rt_trie_node *)tn); 1164 (struct rt_trie_node *)tn);
1165 } else { 1165 } else {
1166 rcu_assign_pointer(t->trie, (struct rt_trie_node *)tn); 1166 RCU_INIT_POINTER(t->trie, (struct rt_trie_node *)tn);
1167 tp = tn; 1167 tp = tn;
1168 } 1168 }
1169 } 1169 }
@@ -1621,7 +1621,7 @@ static void trie_leaf_remove(struct trie *t, struct leaf *l)
1621 put_child(t, (struct tnode *)tp, cindex, NULL); 1621 put_child(t, (struct tnode *)tp, cindex, NULL);
1622 trie_rebalance(t, tp); 1622 trie_rebalance(t, tp);
1623 } else 1623 } else
1624 rcu_assign_pointer(t->trie, NULL); 1624 RCU_INIT_POINTER(t->trie, NULL);
1625 1625
1626 free_leaf(l); 1626 free_leaf(l);
1627} 1627}
diff --git a/net/ipv4/gre.c b/net/ipv4/gre.c
index dbfc21de3479..8cb1ebb7cd74 100644
--- a/net/ipv4/gre.c
+++ b/net/ipv4/gre.c
@@ -34,7 +34,7 @@ int gre_add_protocol(const struct gre_protocol *proto, u8 version)
34 if (gre_proto[version]) 34 if (gre_proto[version])
35 goto err_out_unlock; 35 goto err_out_unlock;
36 36
37 rcu_assign_pointer(gre_proto[version], proto); 37 RCU_INIT_POINTER(gre_proto[version], proto);
38 spin_unlock(&gre_proto_lock); 38 spin_unlock(&gre_proto_lock);
39 return 0; 39 return 0;
40 40
@@ -54,7 +54,7 @@ int gre_del_protocol(const struct gre_protocol *proto, u8 version)
54 if (rcu_dereference_protected(gre_proto[version], 54 if (rcu_dereference_protected(gre_proto[version],
55 lockdep_is_held(&gre_proto_lock)) != proto) 55 lockdep_is_held(&gre_proto_lock)) != proto)
56 goto err_out_unlock; 56 goto err_out_unlock;
57 rcu_assign_pointer(gre_proto[version], NULL); 57 RCU_INIT_POINTER(gre_proto[version], NULL);
58 spin_unlock(&gre_proto_lock); 58 spin_unlock(&gre_proto_lock);
59 synchronize_rcu(); 59 synchronize_rcu();
60 return 0; 60 return 0;
diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c
index 23ef31baa1af..ab188ae12fd9 100644
--- a/net/ipv4/icmp.c
+++ b/net/ipv4/icmp.c
@@ -1152,10 +1152,9 @@ static int __net_init icmp_sk_init(struct net *net)
1152 net->ipv4.icmp_sk[i] = sk; 1152 net->ipv4.icmp_sk[i] = sk;
1153 1153
1154 /* Enough space for 2 64K ICMP packets, including 1154 /* Enough space for 2 64K ICMP packets, including
1155 * sk_buff struct overhead. 1155 * sk_buff/skb_shared_info struct overhead.
1156 */ 1156 */
1157 sk->sk_sndbuf = 1157 sk->sk_sndbuf = 2 * SKB_TRUESIZE(64 * 1024);
1158 (2 * ((64 * 1024) + sizeof(struct sk_buff)));
1159 1158
1160 /* 1159 /*
1161 * Speedup sock_wfree() 1160 * Speedup sock_wfree()
diff --git a/net/ipv4/igmp.c b/net/ipv4/igmp.c
index f1d27f6c9351..c7472eff2d51 100644
--- a/net/ipv4/igmp.c
+++ b/net/ipv4/igmp.c
@@ -767,7 +767,7 @@ static int igmp_xmarksources(struct ip_mc_list *pmc, int nsrcs, __be32 *srcs)
767 break; 767 break;
768 for (i=0; i<nsrcs; i++) { 768 for (i=0; i<nsrcs; i++) {
769 /* skip inactive filters */ 769 /* skip inactive filters */
770 if (pmc->sfcount[MCAST_INCLUDE] || 770 if (psf->sf_count[MCAST_INCLUDE] ||
771 pmc->sfcount[MCAST_EXCLUDE] != 771 pmc->sfcount[MCAST_EXCLUDE] !=
772 psf->sf_count[MCAST_EXCLUDE]) 772 psf->sf_count[MCAST_EXCLUDE])
773 continue; 773 continue;
@@ -1009,7 +1009,7 @@ static void ip_mc_filter_add(struct in_device *in_dev, __be32 addr)
1009 1009
1010 /* Checking for IFF_MULTICAST here is WRONG-WRONG-WRONG. 1010 /* Checking for IFF_MULTICAST here is WRONG-WRONG-WRONG.
1011 We will get multicast token leakage, when IFF_MULTICAST 1011 We will get multicast token leakage, when IFF_MULTICAST
1012 is changed. This check should be done in dev->set_multicast_list 1012 is changed. This check should be done in ndo_set_rx_mode
1013 routine. Something sort of: 1013 routine. Something sort of:
1014 if (dev->mc_list && dev->flags&IFF_MULTICAST) { do it; } 1014 if (dev->mc_list && dev->flags&IFF_MULTICAST) { do it; }
1015 --ANK 1015 --ANK
@@ -1242,7 +1242,7 @@ void ip_mc_inc_group(struct in_device *in_dev, __be32 addr)
1242 1242
1243 im->next_rcu = in_dev->mc_list; 1243 im->next_rcu = in_dev->mc_list;
1244 in_dev->mc_count++; 1244 in_dev->mc_count++;
1245 rcu_assign_pointer(in_dev->mc_list, im); 1245 RCU_INIT_POINTER(in_dev->mc_list, im);
1246 1246
1247#ifdef CONFIG_IP_MULTICAST 1247#ifdef CONFIG_IP_MULTICAST
1248 igmpv3_del_delrec(in_dev, im->multiaddr); 1248 igmpv3_del_delrec(in_dev, im->multiaddr);
@@ -1718,7 +1718,7 @@ static int ip_mc_add_src(struct in_device *in_dev, __be32 *pmca, int sfmode,
1718 1718
1719 pmc->sfcount[sfmode]--; 1719 pmc->sfcount[sfmode]--;
1720 for (j=0; j<i; j++) 1720 for (j=0; j<i; j++)
1721 (void) ip_mc_del1_src(pmc, sfmode, &psfsrc[i]); 1721 (void) ip_mc_del1_src(pmc, sfmode, &psfsrc[j]);
1722 } else if (isexclude != (pmc->sfcount[MCAST_EXCLUDE] != 0)) { 1722 } else if (isexclude != (pmc->sfcount[MCAST_EXCLUDE] != 0)) {
1723#ifdef CONFIG_IP_MULTICAST 1723#ifdef CONFIG_IP_MULTICAST
1724 struct ip_sf_list *psf; 1724 struct ip_sf_list *psf;
@@ -1813,7 +1813,7 @@ int ip_mc_join_group(struct sock *sk , struct ip_mreqn *imr)
1813 iml->next_rcu = inet->mc_list; 1813 iml->next_rcu = inet->mc_list;
1814 iml->sflist = NULL; 1814 iml->sflist = NULL;
1815 iml->sfmode = MCAST_EXCLUDE; 1815 iml->sfmode = MCAST_EXCLUDE;
1816 rcu_assign_pointer(inet->mc_list, iml); 1816 RCU_INIT_POINTER(inet->mc_list, iml);
1817 ip_mc_inc_group(in_dev, addr); 1817 ip_mc_inc_group(in_dev, addr);
1818 err = 0; 1818 err = 0;
1819done: 1819done:
@@ -1835,7 +1835,7 @@ static int ip_mc_leave_src(struct sock *sk, struct ip_mc_socklist *iml,
1835 } 1835 }
1836 err = ip_mc_del_src(in_dev, &iml->multi.imr_multiaddr.s_addr, 1836 err = ip_mc_del_src(in_dev, &iml->multi.imr_multiaddr.s_addr,
1837 iml->sfmode, psf->sl_count, psf->sl_addr, 0); 1837 iml->sfmode, psf->sl_count, psf->sl_addr, 0);
1838 rcu_assign_pointer(iml->sflist, NULL); 1838 RCU_INIT_POINTER(iml->sflist, NULL);
1839 /* decrease mem now to avoid the memleak warning */ 1839 /* decrease mem now to avoid the memleak warning */
1840 atomic_sub(IP_SFLSIZE(psf->sl_max), &sk->sk_omem_alloc); 1840 atomic_sub(IP_SFLSIZE(psf->sl_max), &sk->sk_omem_alloc);
1841 kfree_rcu(psf, rcu); 1841 kfree_rcu(psf, rcu);
@@ -2000,7 +2000,7 @@ int ip_mc_source(int add, int omode, struct sock *sk, struct
2000 atomic_sub(IP_SFLSIZE(psl->sl_max), &sk->sk_omem_alloc); 2000 atomic_sub(IP_SFLSIZE(psl->sl_max), &sk->sk_omem_alloc);
2001 kfree_rcu(psl, rcu); 2001 kfree_rcu(psl, rcu);
2002 } 2002 }
2003 rcu_assign_pointer(pmc->sflist, newpsl); 2003 RCU_INIT_POINTER(pmc->sflist, newpsl);
2004 psl = newpsl; 2004 psl = newpsl;
2005 } 2005 }
2006 rv = 1; /* > 0 for insert logic below if sl_count is 0 */ 2006 rv = 1; /* > 0 for insert logic below if sl_count is 0 */
@@ -2103,7 +2103,7 @@ int ip_mc_msfilter(struct sock *sk, struct ip_msfilter *msf, int ifindex)
2103 } else 2103 } else
2104 (void) ip_mc_del_src(in_dev, &msf->imsf_multiaddr, pmc->sfmode, 2104 (void) ip_mc_del_src(in_dev, &msf->imsf_multiaddr, pmc->sfmode,
2105 0, NULL, 0); 2105 0, NULL, 0);
2106 rcu_assign_pointer(pmc->sflist, newpsl); 2106 RCU_INIT_POINTER(pmc->sflist, newpsl);
2107 pmc->sfmode = msf->imsf_fmode; 2107 pmc->sfmode = msf->imsf_fmode;
2108 err = 0; 2108 err = 0;
2109done: 2109done:
diff --git a/net/ipv4/inet_diag.c b/net/ipv4/inet_diag.c
index 389a2e6a17fd..f5e2bdaef949 100644
--- a/net/ipv4/inet_diag.c
+++ b/net/ipv4/inet_diag.c
@@ -108,6 +108,9 @@ static int inet_csk_diag_fill(struct sock *sk,
108 icsk->icsk_ca_ops->name); 108 icsk->icsk_ca_ops->name);
109 } 109 }
110 110
111 if ((ext & (1 << (INET_DIAG_TOS - 1))) && (sk->sk_family != AF_INET6))
112 RTA_PUT_U8(skb, INET_DIAG_TOS, inet->tos);
113
111 r->idiag_family = sk->sk_family; 114 r->idiag_family = sk->sk_family;
112 r->idiag_state = sk->sk_state; 115 r->idiag_state = sk->sk_state;
113 r->idiag_timer = 0; 116 r->idiag_timer = 0;
@@ -130,6 +133,8 @@ static int inet_csk_diag_fill(struct sock *sk,
130 &np->rcv_saddr); 133 &np->rcv_saddr);
131 ipv6_addr_copy((struct in6_addr *)r->id.idiag_dst, 134 ipv6_addr_copy((struct in6_addr *)r->id.idiag_dst,
132 &np->daddr); 135 &np->daddr);
136 if (ext & (1 << (INET_DIAG_TOS - 1)))
137 RTA_PUT_U8(skb, INET_DIAG_TOS, np->tclass);
133 } 138 }
134#endif 139#endif
135 140
diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c
index 3c0369a3a663..984ec656b03b 100644
--- a/net/ipv4/inet_hashtables.c
+++ b/net/ipv4/inet_hashtables.c
@@ -21,6 +21,7 @@
21 21
22#include <net/inet_connection_sock.h> 22#include <net/inet_connection_sock.h>
23#include <net/inet_hashtables.h> 23#include <net/inet_hashtables.h>
24#include <net/secure_seq.h>
24#include <net/ip.h> 25#include <net/ip.h>
25 26
26/* 27/*
diff --git a/net/ipv4/inet_lro.c b/net/ipv4/inet_lro.c
index ef7ae6049a51..cc280a3f4f96 100644
--- a/net/ipv4/inet_lro.c
+++ b/net/ipv4/inet_lro.c
@@ -244,11 +244,11 @@ static void lro_add_frags(struct net_lro_desc *lro_desc,
244 skb->truesize += truesize; 244 skb->truesize += truesize;
245 245
246 skb_frags[0].page_offset += hlen; 246 skb_frags[0].page_offset += hlen;
247 skb_frags[0].size -= hlen; 247 skb_frag_size_sub(&skb_frags[0], hlen);
248 248
249 while (tcp_data_len > 0) { 249 while (tcp_data_len > 0) {
250 *(lro_desc->next_frag) = *skb_frags; 250 *(lro_desc->next_frag) = *skb_frags;
251 tcp_data_len -= skb_frags->size; 251 tcp_data_len -= skb_frag_size(skb_frags);
252 lro_desc->next_frag++; 252 lro_desc->next_frag++;
253 skb_frags++; 253 skb_frags++;
254 skb_shinfo(skb)->nr_frags++; 254 skb_shinfo(skb)->nr_frags++;
@@ -400,14 +400,14 @@ static struct sk_buff *lro_gen_skb(struct net_lro_mgr *lro_mgr,
400 skb_frags = skb_shinfo(skb)->frags; 400 skb_frags = skb_shinfo(skb)->frags;
401 while (data_len > 0) { 401 while (data_len > 0) {
402 *skb_frags = *frags; 402 *skb_frags = *frags;
403 data_len -= frags->size; 403 data_len -= skb_frag_size(frags);
404 skb_frags++; 404 skb_frags++;
405 frags++; 405 frags++;
406 skb_shinfo(skb)->nr_frags++; 406 skb_shinfo(skb)->nr_frags++;
407 } 407 }
408 408
409 skb_shinfo(skb)->frags[0].page_offset += hdr_len; 409 skb_shinfo(skb)->frags[0].page_offset += hdr_len;
410 skb_shinfo(skb)->frags[0].size -= hdr_len; 410 skb_frag_size_sub(&skb_shinfo(skb)->frags[0], hdr_len);
411 411
412 skb->ip_summed = ip_summed; 412 skb->ip_summed = ip_summed;
413 skb->csum = sum; 413 skb->csum = sum;
@@ -433,7 +433,7 @@ static struct sk_buff *__lro_proc_segment(struct net_lro_mgr *lro_mgr,
433 if (!lro_mgr->get_frag_header || 433 if (!lro_mgr->get_frag_header ||
434 lro_mgr->get_frag_header(frags, (void *)&mac_hdr, (void *)&iph, 434 lro_mgr->get_frag_header(frags, (void *)&mac_hdr, (void *)&iph,
435 (void *)&tcph, &flags, priv)) { 435 (void *)&tcph, &flags, priv)) {
436 mac_hdr = page_address(frags->page) + frags->page_offset; 436 mac_hdr = skb_frag_address(frags);
437 goto out1; 437 goto out1;
438 } 438 }
439 439
diff --git a/net/ipv4/inet_timewait_sock.c b/net/ipv4/inet_timewait_sock.c
index 3c8dfa16614d..44d65d546e30 100644
--- a/net/ipv4/inet_timewait_sock.c
+++ b/net/ipv4/inet_timewait_sock.c
@@ -183,6 +183,7 @@ struct inet_timewait_sock *inet_twsk_alloc(const struct sock *sk, const int stat
183 tw->tw_daddr = inet->inet_daddr; 183 tw->tw_daddr = inet->inet_daddr;
184 tw->tw_rcv_saddr = inet->inet_rcv_saddr; 184 tw->tw_rcv_saddr = inet->inet_rcv_saddr;
185 tw->tw_bound_dev_if = sk->sk_bound_dev_if; 185 tw->tw_bound_dev_if = sk->sk_bound_dev_if;
186 tw->tw_tos = inet->tos;
186 tw->tw_num = inet->inet_num; 187 tw->tw_num = inet->inet_num;
187 tw->tw_state = TCP_TIME_WAIT; 188 tw->tw_state = TCP_TIME_WAIT;
188 tw->tw_substate = state; 189 tw->tw_substate = state;
diff --git a/net/ipv4/inetpeer.c b/net/ipv4/inetpeer.c
index e38213817d0a..86f13c67ea85 100644
--- a/net/ipv4/inetpeer.c
+++ b/net/ipv4/inetpeer.c
@@ -19,6 +19,7 @@
19#include <linux/net.h> 19#include <linux/net.h>
20#include <net/ip.h> 20#include <net/ip.h>
21#include <net/inetpeer.h> 21#include <net/inetpeer.h>
22#include <net/secure_seq.h>
22 23
23/* 24/*
24 * Theory of operations. 25 * Theory of operations.
diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
index 0e0ab98abc6f..fdaabf2f2b68 100644
--- a/net/ipv4/ip_fragment.c
+++ b/net/ipv4/ip_fragment.c
@@ -599,8 +599,8 @@ static int ip_frag_reasm(struct ipq *qp, struct sk_buff *prev,
599 head->next = clone; 599 head->next = clone;
600 skb_shinfo(clone)->frag_list = skb_shinfo(head)->frag_list; 600 skb_shinfo(clone)->frag_list = skb_shinfo(head)->frag_list;
601 skb_frag_list_init(head); 601 skb_frag_list_init(head);
602 for (i=0; i<skb_shinfo(head)->nr_frags; i++) 602 for (i = 0; i < skb_shinfo(head)->nr_frags; i++)
603 plen += skb_shinfo(head)->frags[i].size; 603 plen += skb_frag_size(&skb_shinfo(head)->frags[i]);
604 clone->len = clone->data_len = head->data_len - plen; 604 clone->len = clone->data_len = head->data_len - plen;
605 head->data_len -= clone->len; 605 head->data_len -= clone->len;
606 head->len -= clone->len; 606 head->len -= clone->len;
@@ -682,6 +682,42 @@ int ip_defrag(struct sk_buff *skb, u32 user)
682} 682}
683EXPORT_SYMBOL(ip_defrag); 683EXPORT_SYMBOL(ip_defrag);
684 684
685struct sk_buff *ip_check_defrag(struct sk_buff *skb, u32 user)
686{
687 const struct iphdr *iph;
688 u32 len;
689
690 if (skb->protocol != htons(ETH_P_IP))
691 return skb;
692
693 if (!pskb_may_pull(skb, sizeof(struct iphdr)))
694 return skb;
695
696 iph = ip_hdr(skb);
697 if (iph->ihl < 5 || iph->version != 4)
698 return skb;
699 if (!pskb_may_pull(skb, iph->ihl*4))
700 return skb;
701 iph = ip_hdr(skb);
702 len = ntohs(iph->tot_len);
703 if (skb->len < len || len < (iph->ihl * 4))
704 return skb;
705
706 if (ip_is_fragment(ip_hdr(skb))) {
707 skb = skb_share_check(skb, GFP_ATOMIC);
708 if (skb) {
709 if (pskb_trim_rcsum(skb, len))
710 return skb;
711 memset(IPCB(skb), 0, sizeof(struct inet_skb_parm));
712 if (ip_defrag(skb, user))
713 return NULL;
714 skb->rxhash = 0;
715 }
716 }
717 return skb;
718}
719EXPORT_SYMBOL(ip_check_defrag);
720
685#ifdef CONFIG_SYSCTL 721#ifdef CONFIG_SYSCTL
686static int zero; 722static int zero;
687 723
diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
index d7bb94c48345..d55110e93120 100644
--- a/net/ipv4/ip_gre.c
+++ b/net/ipv4/ip_gre.c
@@ -835,8 +835,6 @@ static netdev_tx_t ipgre_tunnel_xmit(struct sk_buff *skb, struct net_device *dev
835 if (skb_headroom(skb) < max_headroom || skb_shared(skb)|| 835 if (skb_headroom(skb) < max_headroom || skb_shared(skb)||
836 (skb_cloned(skb) && !skb_clone_writable(skb, 0))) { 836 (skb_cloned(skb) && !skb_clone_writable(skb, 0))) {
837 struct sk_buff *new_skb = skb_realloc_headroom(skb, max_headroom); 837 struct sk_buff *new_skb = skb_realloc_headroom(skb, max_headroom);
838 if (max_headroom > dev->needed_headroom)
839 dev->needed_headroom = max_headroom;
840 if (!new_skb) { 838 if (!new_skb) {
841 ip_rt_put(rt); 839 ip_rt_put(rt);
842 dev->stats.tx_dropped++; 840 dev->stats.tx_dropped++;
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index ccaaa851ab42..0bc95f3977d2 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -122,6 +122,7 @@ static int ip_dev_loopback_xmit(struct sk_buff *newskb)
122 newskb->pkt_type = PACKET_LOOPBACK; 122 newskb->pkt_type = PACKET_LOOPBACK;
123 newskb->ip_summed = CHECKSUM_UNNECESSARY; 123 newskb->ip_summed = CHECKSUM_UNNECESSARY;
124 WARN_ON(!skb_dst(newskb)); 124 WARN_ON(!skb_dst(newskb));
125 skb_dst_force(newskb);
125 netif_rx_ni(newskb); 126 netif_rx_ni(newskb);
126 return 0; 127 return 0;
127} 128}
@@ -204,9 +205,15 @@ static inline int ip_finish_output2(struct sk_buff *skb)
204 skb = skb2; 205 skb = skb2;
205 } 206 }
206 207
208 rcu_read_lock();
207 neigh = dst_get_neighbour(dst); 209 neigh = dst_get_neighbour(dst);
208 if (neigh) 210 if (neigh) {
209 return neigh_output(neigh, skb); 211 int res = neigh_output(neigh, skb);
212
213 rcu_read_unlock();
214 return res;
215 }
216 rcu_read_unlock();
210 217
211 if (net_ratelimit()) 218 if (net_ratelimit())
212 printk(KERN_DEBUG "ip_finish_output2: No header cache and no neighbour!\n"); 219 printk(KERN_DEBUG "ip_finish_output2: No header cache and no neighbour!\n");
@@ -982,13 +989,13 @@ alloc_new_skb:
982 if (page && (left = PAGE_SIZE - off) > 0) { 989 if (page && (left = PAGE_SIZE - off) > 0) {
983 if (copy >= left) 990 if (copy >= left)
984 copy = left; 991 copy = left;
985 if (page != frag->page) { 992 if (page != skb_frag_page(frag)) {
986 if (i == MAX_SKB_FRAGS) { 993 if (i == MAX_SKB_FRAGS) {
987 err = -EMSGSIZE; 994 err = -EMSGSIZE;
988 goto error; 995 goto error;
989 } 996 }
990 get_page(page);
991 skb_fill_page_desc(skb, i, page, off, 0); 997 skb_fill_page_desc(skb, i, page, off, 0);
998 skb_frag_ref(skb, i);
992 frag = &skb_shinfo(skb)->frags[i]; 999 frag = &skb_shinfo(skb)->frags[i];
993 } 1000 }
994 } else if (i < MAX_SKB_FRAGS) { 1001 } else if (i < MAX_SKB_FRAGS) {
@@ -1008,12 +1015,13 @@ alloc_new_skb:
1008 err = -EMSGSIZE; 1015 err = -EMSGSIZE;
1009 goto error; 1016 goto error;
1010 } 1017 }
1011 if (getfrag(from, page_address(frag->page)+frag->page_offset+frag->size, offset, copy, skb->len, skb) < 0) { 1018 if (getfrag(from, skb_frag_address(frag)+skb_frag_size(frag),
1019 offset, copy, skb->len, skb) < 0) {
1012 err = -EFAULT; 1020 err = -EFAULT;
1013 goto error; 1021 goto error;
1014 } 1022 }
1015 cork->off += copy; 1023 cork->off += copy;
1016 frag->size += copy; 1024 skb_frag_size_add(frag, copy);
1017 skb->len += copy; 1025 skb->len += copy;
1018 skb->data_len += copy; 1026 skb->data_len += copy;
1019 skb->truesize += copy; 1027 skb->truesize += copy;
@@ -1222,7 +1230,7 @@ ssize_t ip_append_page(struct sock *sk, struct flowi4 *fl4, struct page *page,
1222 if (len > size) 1230 if (len > size)
1223 len = size; 1231 len = size;
1224 if (skb_can_coalesce(skb, i, page, offset)) { 1232 if (skb_can_coalesce(skb, i, page, offset)) {
1225 skb_shinfo(skb)->frags[i-1].size += len; 1233 skb_frag_size_add(&skb_shinfo(skb)->frags[i-1], len);
1226 } else if (i < MAX_SKB_FRAGS) { 1234 } else if (i < MAX_SKB_FRAGS) {
1227 get_page(page); 1235 get_page(page);
1228 skb_fill_page_desc(skb, i, page, offset, len); 1236 skb_fill_page_desc(skb, i, page, offset, len);
@@ -1458,7 +1466,7 @@ static int ip_reply_glue_bits(void *dptr, char *to, int offset,
1458 * structure to pass arguments. 1466 * structure to pass arguments.
1459 */ 1467 */
1460void ip_send_reply(struct sock *sk, struct sk_buff *skb, __be32 daddr, 1468void ip_send_reply(struct sock *sk, struct sk_buff *skb, __be32 daddr,
1461 struct ip_reply_arg *arg, unsigned int len) 1469 const struct ip_reply_arg *arg, unsigned int len)
1462{ 1470{
1463 struct inet_sock *inet = inet_sk(sk); 1471 struct inet_sock *inet = inet_sk(sk);
1464 struct ip_options_data replyopts; 1472 struct ip_options_data replyopts;
@@ -1481,7 +1489,7 @@ void ip_send_reply(struct sock *sk, struct sk_buff *skb, __be32 daddr,
1481 } 1489 }
1482 1490
1483 flowi4_init_output(&fl4, arg->bound_dev_if, 0, 1491 flowi4_init_output(&fl4, arg->bound_dev_if, 0,
1484 RT_TOS(ip_hdr(skb)->tos), 1492 RT_TOS(arg->tos),
1485 RT_SCOPE_UNIVERSE, sk->sk_protocol, 1493 RT_SCOPE_UNIVERSE, sk->sk_protocol,
1486 ip_reply_arg_flowi_flags(arg), 1494 ip_reply_arg_flowi_flags(arg),
1487 daddr, rt->rt_spec_dst, 1495 daddr, rt->rt_spec_dst,
@@ -1498,7 +1506,7 @@ void ip_send_reply(struct sock *sk, struct sk_buff *skb, __be32 daddr,
1498 with locally disabled BH and that sk cannot be already spinlocked. 1506 with locally disabled BH and that sk cannot be already spinlocked.
1499 */ 1507 */
1500 bh_lock_sock(sk); 1508 bh_lock_sock(sk);
1501 inet->tos = ip_hdr(skb)->tos; 1509 inet->tos = arg->tos;
1502 sk->sk_priority = skb->priority; 1510 sk->sk_priority = skb->priority;
1503 sk->sk_protocol = ip_hdr(skb)->protocol; 1511 sk->sk_protocol = ip_hdr(skb)->protocol;
1504 sk->sk_bound_dev_if = arg->bound_dev_if; 1512 sk->sk_bound_dev_if = arg->bound_dev_if;
diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
index ab0c9efd1efa..09ff51bf16a4 100644
--- a/net/ipv4/ip_sockglue.c
+++ b/net/ipv4/ip_sockglue.c
@@ -33,6 +33,7 @@
33#include <linux/netfilter.h> 33#include <linux/netfilter.h>
34#include <linux/route.h> 34#include <linux/route.h>
35#include <linux/mroute.h> 35#include <linux/mroute.h>
36#include <net/inet_ecn.h>
36#include <net/route.h> 37#include <net/route.h>
37#include <net/xfrm.h> 38#include <net/xfrm.h>
38#include <net/compat.h> 39#include <net/compat.h>
@@ -578,8 +579,8 @@ static int do_ip_setsockopt(struct sock *sk, int level,
578 break; 579 break;
579 case IP_TOS: /* This sets both TOS and Precedence */ 580 case IP_TOS: /* This sets both TOS and Precedence */
580 if (sk->sk_type == SOCK_STREAM) { 581 if (sk->sk_type == SOCK_STREAM) {
581 val &= ~3; 582 val &= ~INET_ECN_MASK;
582 val |= inet->tos & 3; 583 val |= inet->tos & INET_ECN_MASK;
583 } 584 }
584 if (inet->tos != val) { 585 if (inet->tos != val) {
585 inet->tos = val; 586 inet->tos = val;
@@ -961,7 +962,7 @@ mc_msf_out:
961 break; 962 break;
962 963
963 case IP_TRANSPARENT: 964 case IP_TRANSPARENT:
964 if (!capable(CAP_NET_ADMIN)) { 965 if (!!val && !capable(CAP_NET_RAW) && !capable(CAP_NET_ADMIN)) {
965 err = -EPERM; 966 err = -EPERM;
966 break; 967 break;
967 } 968 }
@@ -1067,7 +1068,7 @@ EXPORT_SYMBOL(compat_ip_setsockopt);
1067 */ 1068 */
1068 1069
1069static int do_ip_getsockopt(struct sock *sk, int level, int optname, 1070static int do_ip_getsockopt(struct sock *sk, int level, int optname,
1070 char __user *optval, int __user *optlen) 1071 char __user *optval, int __user *optlen, unsigned flags)
1071{ 1072{
1072 struct inet_sock *inet = inet_sk(sk); 1073 struct inet_sock *inet = inet_sk(sk);
1073 int val; 1074 int val;
@@ -1240,7 +1241,7 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname,
1240 1241
1241 msg.msg_control = optval; 1242 msg.msg_control = optval;
1242 msg.msg_controllen = len; 1243 msg.msg_controllen = len;
1243 msg.msg_flags = 0; 1244 msg.msg_flags = flags;
1244 1245
1245 if (inet->cmsg_flags & IP_CMSG_PKTINFO) { 1246 if (inet->cmsg_flags & IP_CMSG_PKTINFO) {
1246 struct in_pktinfo info; 1247 struct in_pktinfo info;
@@ -1294,7 +1295,7 @@ int ip_getsockopt(struct sock *sk, int level,
1294{ 1295{
1295 int err; 1296 int err;
1296 1297
1297 err = do_ip_getsockopt(sk, level, optname, optval, optlen); 1298 err = do_ip_getsockopt(sk, level, optname, optval, optlen, 0);
1298#ifdef CONFIG_NETFILTER 1299#ifdef CONFIG_NETFILTER
1299 /* we need to exclude all possible ENOPROTOOPTs except default case */ 1300 /* we need to exclude all possible ENOPROTOOPTs except default case */
1300 if (err == -ENOPROTOOPT && optname != IP_PKTOPTIONS && 1301 if (err == -ENOPROTOOPT && optname != IP_PKTOPTIONS &&
@@ -1327,7 +1328,8 @@ int compat_ip_getsockopt(struct sock *sk, int level, int optname,
1327 return compat_mc_getsockopt(sk, level, optname, optval, optlen, 1328 return compat_mc_getsockopt(sk, level, optname, optval, optlen,
1328 ip_getsockopt); 1329 ip_getsockopt);
1329 1330
1330 err = do_ip_getsockopt(sk, level, optname, optval, optlen); 1331 err = do_ip_getsockopt(sk, level, optname, optval, optlen,
1332 MSG_CMSG_COMPAT);
1331 1333
1332#ifdef CONFIG_NETFILTER 1334#ifdef CONFIG_NETFILTER
1333 /* we need to exclude all possible ENOPROTOOPTs except default case */ 1335 /* we need to exclude all possible ENOPROTOOPTs except default case */
diff --git a/net/ipv4/ipip.c b/net/ipv4/ipip.c
index 378b20b7ca6e..065effd8349a 100644
--- a/net/ipv4/ipip.c
+++ b/net/ipv4/ipip.c
@@ -231,7 +231,7 @@ static void ipip_tunnel_unlink(struct ipip_net *ipn, struct ip_tunnel *t)
231 (iter = rtnl_dereference(*tp)) != NULL; 231 (iter = rtnl_dereference(*tp)) != NULL;
232 tp = &iter->next) { 232 tp = &iter->next) {
233 if (t == iter) { 233 if (t == iter) {
234 rcu_assign_pointer(*tp, t->next); 234 RCU_INIT_POINTER(*tp, t->next);
235 break; 235 break;
236 } 236 }
237 } 237 }
@@ -241,8 +241,8 @@ static void ipip_tunnel_link(struct ipip_net *ipn, struct ip_tunnel *t)
241{ 241{
242 struct ip_tunnel __rcu **tp = ipip_bucket(ipn, t); 242 struct ip_tunnel __rcu **tp = ipip_bucket(ipn, t);
243 243
244 rcu_assign_pointer(t->next, rtnl_dereference(*tp)); 244 RCU_INIT_POINTER(t->next, rtnl_dereference(*tp));
245 rcu_assign_pointer(*tp, t); 245 RCU_INIT_POINTER(*tp, t);
246} 246}
247 247
248static struct ip_tunnel * ipip_tunnel_locate(struct net *net, 248static struct ip_tunnel * ipip_tunnel_locate(struct net *net,
@@ -301,7 +301,7 @@ static void ipip_tunnel_uninit(struct net_device *dev)
301 struct ipip_net *ipn = net_generic(net, ipip_net_id); 301 struct ipip_net *ipn = net_generic(net, ipip_net_id);
302 302
303 if (dev == ipn->fb_tunnel_dev) 303 if (dev == ipn->fb_tunnel_dev)
304 rcu_assign_pointer(ipn->tunnels_wc[0], NULL); 304 RCU_INIT_POINTER(ipn->tunnels_wc[0], NULL);
305 else 305 else
306 ipip_tunnel_unlink(ipn, netdev_priv(dev)); 306 ipip_tunnel_unlink(ipn, netdev_priv(dev));
307 dev_put(dev); 307 dev_put(dev);
@@ -791,7 +791,7 @@ static int __net_init ipip_fb_tunnel_init(struct net_device *dev)
791 return -ENOMEM; 791 return -ENOMEM;
792 792
793 dev_hold(dev); 793 dev_hold(dev);
794 rcu_assign_pointer(ipn->tunnels_wc[0], tunnel); 794 RCU_INIT_POINTER(ipn->tunnels_wc[0], tunnel);
795 return 0; 795 return 0;
796} 796}
797 797
diff --git a/net/ipv4/ipmr.c b/net/ipv4/ipmr.c
index 58e879157976..6164e982e0ef 100644
--- a/net/ipv4/ipmr.c
+++ b/net/ipv4/ipmr.c
@@ -1176,7 +1176,7 @@ static void mrtsock_destruct(struct sock *sk)
1176 ipmr_for_each_table(mrt, net) { 1176 ipmr_for_each_table(mrt, net) {
1177 if (sk == rtnl_dereference(mrt->mroute_sk)) { 1177 if (sk == rtnl_dereference(mrt->mroute_sk)) {
1178 IPV4_DEVCONF_ALL(net, MC_FORWARDING)--; 1178 IPV4_DEVCONF_ALL(net, MC_FORWARDING)--;
1179 rcu_assign_pointer(mrt->mroute_sk, NULL); 1179 RCU_INIT_POINTER(mrt->mroute_sk, NULL);
1180 mroute_clean_tables(mrt); 1180 mroute_clean_tables(mrt);
1181 } 1181 }
1182 } 1182 }
@@ -1203,7 +1203,7 @@ int ip_mroute_setsockopt(struct sock *sk, int optname, char __user *optval, unsi
1203 return -ENOENT; 1203 return -ENOENT;
1204 1204
1205 if (optname != MRT_INIT) { 1205 if (optname != MRT_INIT) {
1206 if (sk != rcu_dereference_raw(mrt->mroute_sk) && 1206 if (sk != rcu_access_pointer(mrt->mroute_sk) &&
1207 !capable(CAP_NET_ADMIN)) 1207 !capable(CAP_NET_ADMIN))
1208 return -EACCES; 1208 return -EACCES;
1209 } 1209 }
@@ -1224,13 +1224,13 @@ int ip_mroute_setsockopt(struct sock *sk, int optname, char __user *optval, unsi
1224 1224
1225 ret = ip_ra_control(sk, 1, mrtsock_destruct); 1225 ret = ip_ra_control(sk, 1, mrtsock_destruct);
1226 if (ret == 0) { 1226 if (ret == 0) {
1227 rcu_assign_pointer(mrt->mroute_sk, sk); 1227 RCU_INIT_POINTER(mrt->mroute_sk, sk);
1228 IPV4_DEVCONF_ALL(net, MC_FORWARDING)++; 1228 IPV4_DEVCONF_ALL(net, MC_FORWARDING)++;
1229 } 1229 }
1230 rtnl_unlock(); 1230 rtnl_unlock();
1231 return ret; 1231 return ret;
1232 case MRT_DONE: 1232 case MRT_DONE:
1233 if (sk != rcu_dereference_raw(mrt->mroute_sk)) 1233 if (sk != rcu_access_pointer(mrt->mroute_sk))
1234 return -EACCES; 1234 return -EACCES;
1235 return ip_ra_control(sk, 0, NULL); 1235 return ip_ra_control(sk, 0, NULL);
1236 case MRT_ADD_VIF: 1236 case MRT_ADD_VIF:
diff --git a/net/ipv4/netfilter.c b/net/ipv4/netfilter.c
index 2e97e3ec1eb7..929b27bdeb79 100644
--- a/net/ipv4/netfilter.c
+++ b/net/ipv4/netfilter.c
@@ -18,17 +18,15 @@ int ip_route_me_harder(struct sk_buff *skb, unsigned addr_type)
18 struct rtable *rt; 18 struct rtable *rt;
19 struct flowi4 fl4 = {}; 19 struct flowi4 fl4 = {};
20 __be32 saddr = iph->saddr; 20 __be32 saddr = iph->saddr;
21 __u8 flags = 0; 21 __u8 flags = skb->sk ? inet_sk_flowi_flags(skb->sk) : 0;
22 unsigned int hh_len; 22 unsigned int hh_len;
23 23
24 if (!skb->sk && addr_type != RTN_LOCAL) { 24 if (addr_type == RTN_UNSPEC)
25 if (addr_type == RTN_UNSPEC) 25 addr_type = inet_addr_type(net, saddr);
26 addr_type = inet_addr_type(net, saddr); 26 if (addr_type == RTN_LOCAL || addr_type == RTN_UNICAST)
27 if (addr_type == RTN_LOCAL || addr_type == RTN_UNICAST) 27 flags |= FLOWI_FLAG_ANYSRC;
28 flags |= FLOWI_FLAG_ANYSRC; 28 else
29 else 29 saddr = 0;
30 saddr = 0;
31 }
32 30
33 /* some non-standard hacks like ipt_REJECT.c:send_reset() can cause 31 /* some non-standard hacks like ipt_REJECT.c:send_reset() can cause
34 * packets with foreign saddr to appear on the NF_INET_LOCAL_OUT hook. 32 * packets with foreign saddr to appear on the NF_INET_LOCAL_OUT hook.
@@ -38,7 +36,7 @@ int ip_route_me_harder(struct sk_buff *skb, unsigned addr_type)
38 fl4.flowi4_tos = RT_TOS(iph->tos); 36 fl4.flowi4_tos = RT_TOS(iph->tos);
39 fl4.flowi4_oif = skb->sk ? skb->sk->sk_bound_dev_if : 0; 37 fl4.flowi4_oif = skb->sk ? skb->sk->sk_bound_dev_if : 0;
40 fl4.flowi4_mark = skb->mark; 38 fl4.flowi4_mark = skb->mark;
41 fl4.flowi4_flags = skb->sk ? inet_sk_flowi_flags(skb->sk) : flags; 39 fl4.flowi4_flags = flags;
42 rt = ip_route_output_key(net, &fl4); 40 rt = ip_route_output_key(net, &fl4);
43 if (IS_ERR(rt)) 41 if (IS_ERR(rt))
44 return -1; 42 return -1;
diff --git a/net/ipv4/netfilter/ip_queue.c b/net/ipv4/netfilter/ip_queue.c
index 5c9b9d963918..e59aabd0eae4 100644
--- a/net/ipv4/netfilter/ip_queue.c
+++ b/net/ipv4/netfilter/ip_queue.c
@@ -218,6 +218,7 @@ ipq_build_packet_message(struct nf_queue_entry *entry, int *errp)
218 return skb; 218 return skb;
219 219
220nlmsg_failure: 220nlmsg_failure:
221 kfree_skb(skb);
221 *errp = -EINVAL; 222 *errp = -EINVAL;
222 printk(KERN_ERR "ip_queue: error creating packet message\n"); 223 printk(KERN_ERR "ip_queue: error creating packet message\n");
223 return NULL; 224 return NULL;
@@ -313,7 +314,7 @@ ipq_set_verdict(struct ipq_verdict_msg *vmsg, unsigned int len)
313{ 314{
314 struct nf_queue_entry *entry; 315 struct nf_queue_entry *entry;
315 316
316 if (vmsg->value > NF_MAX_VERDICT) 317 if (vmsg->value > NF_MAX_VERDICT || vmsg->value == NF_STOLEN)
317 return -EINVAL; 318 return -EINVAL;
318 319
319 entry = ipq_find_dequeue_entry(vmsg->id); 320 entry = ipq_find_dequeue_entry(vmsg->id);
@@ -358,12 +359,9 @@ ipq_receive_peer(struct ipq_peer_msg *pmsg,
358 break; 359 break;
359 360
360 case IPQM_VERDICT: 361 case IPQM_VERDICT:
361 if (pmsg->msg.verdict.value > NF_MAX_VERDICT) 362 status = ipq_set_verdict(&pmsg->msg.verdict,
362 status = -EINVAL; 363 len - sizeof(*pmsg));
363 else 364 break;
364 status = ipq_set_verdict(&pmsg->msg.verdict,
365 len - sizeof(*pmsg));
366 break;
367 default: 365 default:
368 status = -EINVAL; 366 status = -EINVAL;
369 } 367 }
diff --git a/net/ipv4/netfilter/nf_nat_amanda.c b/net/ipv4/netfilter/nf_nat_amanda.c
index 703f366fd235..7b22382ff0e9 100644
--- a/net/ipv4/netfilter/nf_nat_amanda.c
+++ b/net/ipv4/netfilter/nf_nat_amanda.c
@@ -70,14 +70,14 @@ static unsigned int help(struct sk_buff *skb,
70 70
71static void __exit nf_nat_amanda_fini(void) 71static void __exit nf_nat_amanda_fini(void)
72{ 72{
73 rcu_assign_pointer(nf_nat_amanda_hook, NULL); 73 RCU_INIT_POINTER(nf_nat_amanda_hook, NULL);
74 synchronize_rcu(); 74 synchronize_rcu();
75} 75}
76 76
77static int __init nf_nat_amanda_init(void) 77static int __init nf_nat_amanda_init(void)
78{ 78{
79 BUG_ON(nf_nat_amanda_hook != NULL); 79 BUG_ON(nf_nat_amanda_hook != NULL);
80 rcu_assign_pointer(nf_nat_amanda_hook, help); 80 RCU_INIT_POINTER(nf_nat_amanda_hook, help);
81 return 0; 81 return 0;
82} 82}
83 83
diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c
index 3346de5d94d0..447bc5cfdc6c 100644
--- a/net/ipv4/netfilter/nf_nat_core.c
+++ b/net/ipv4/netfilter/nf_nat_core.c
@@ -514,7 +514,7 @@ int nf_nat_protocol_register(const struct nf_nat_protocol *proto)
514 ret = -EBUSY; 514 ret = -EBUSY;
515 goto out; 515 goto out;
516 } 516 }
517 rcu_assign_pointer(nf_nat_protos[proto->protonum], proto); 517 RCU_INIT_POINTER(nf_nat_protos[proto->protonum], proto);
518 out: 518 out:
519 spin_unlock_bh(&nf_nat_lock); 519 spin_unlock_bh(&nf_nat_lock);
520 return ret; 520 return ret;
@@ -525,7 +525,7 @@ EXPORT_SYMBOL(nf_nat_protocol_register);
525void nf_nat_protocol_unregister(const struct nf_nat_protocol *proto) 525void nf_nat_protocol_unregister(const struct nf_nat_protocol *proto)
526{ 526{
527 spin_lock_bh(&nf_nat_lock); 527 spin_lock_bh(&nf_nat_lock);
528 rcu_assign_pointer(nf_nat_protos[proto->protonum], 528 RCU_INIT_POINTER(nf_nat_protos[proto->protonum],
529 &nf_nat_unknown_protocol); 529 &nf_nat_unknown_protocol);
530 spin_unlock_bh(&nf_nat_lock); 530 spin_unlock_bh(&nf_nat_lock);
531 synchronize_rcu(); 531 synchronize_rcu();
@@ -736,10 +736,10 @@ static int __init nf_nat_init(void)
736 /* Sew in builtin protocols. */ 736 /* Sew in builtin protocols. */
737 spin_lock_bh(&nf_nat_lock); 737 spin_lock_bh(&nf_nat_lock);
738 for (i = 0; i < MAX_IP_NAT_PROTO; i++) 738 for (i = 0; i < MAX_IP_NAT_PROTO; i++)
739 rcu_assign_pointer(nf_nat_protos[i], &nf_nat_unknown_protocol); 739 RCU_INIT_POINTER(nf_nat_protos[i], &nf_nat_unknown_protocol);
740 rcu_assign_pointer(nf_nat_protos[IPPROTO_TCP], &nf_nat_protocol_tcp); 740 RCU_INIT_POINTER(nf_nat_protos[IPPROTO_TCP], &nf_nat_protocol_tcp);
741 rcu_assign_pointer(nf_nat_protos[IPPROTO_UDP], &nf_nat_protocol_udp); 741 RCU_INIT_POINTER(nf_nat_protos[IPPROTO_UDP], &nf_nat_protocol_udp);
742 rcu_assign_pointer(nf_nat_protos[IPPROTO_ICMP], &nf_nat_protocol_icmp); 742 RCU_INIT_POINTER(nf_nat_protos[IPPROTO_ICMP], &nf_nat_protocol_icmp);
743 spin_unlock_bh(&nf_nat_lock); 743 spin_unlock_bh(&nf_nat_lock);
744 744
745 /* Initialize fake conntrack so that NAT will skip it */ 745 /* Initialize fake conntrack so that NAT will skip it */
@@ -748,12 +748,12 @@ static int __init nf_nat_init(void)
748 l3proto = nf_ct_l3proto_find_get((u_int16_t)AF_INET); 748 l3proto = nf_ct_l3proto_find_get((u_int16_t)AF_INET);
749 749
750 BUG_ON(nf_nat_seq_adjust_hook != NULL); 750 BUG_ON(nf_nat_seq_adjust_hook != NULL);
751 rcu_assign_pointer(nf_nat_seq_adjust_hook, nf_nat_seq_adjust); 751 RCU_INIT_POINTER(nf_nat_seq_adjust_hook, nf_nat_seq_adjust);
752 BUG_ON(nfnetlink_parse_nat_setup_hook != NULL); 752 BUG_ON(nfnetlink_parse_nat_setup_hook != NULL);
753 rcu_assign_pointer(nfnetlink_parse_nat_setup_hook, 753 RCU_INIT_POINTER(nfnetlink_parse_nat_setup_hook,
754 nfnetlink_parse_nat_setup); 754 nfnetlink_parse_nat_setup);
755 BUG_ON(nf_ct_nat_offset != NULL); 755 BUG_ON(nf_ct_nat_offset != NULL);
756 rcu_assign_pointer(nf_ct_nat_offset, nf_nat_get_offset); 756 RCU_INIT_POINTER(nf_ct_nat_offset, nf_nat_get_offset);
757 return 0; 757 return 0;
758 758
759 cleanup_extend: 759 cleanup_extend:
@@ -766,9 +766,9 @@ static void __exit nf_nat_cleanup(void)
766 unregister_pernet_subsys(&nf_nat_net_ops); 766 unregister_pernet_subsys(&nf_nat_net_ops);
767 nf_ct_l3proto_put(l3proto); 767 nf_ct_l3proto_put(l3proto);
768 nf_ct_extend_unregister(&nat_extend); 768 nf_ct_extend_unregister(&nat_extend);
769 rcu_assign_pointer(nf_nat_seq_adjust_hook, NULL); 769 RCU_INIT_POINTER(nf_nat_seq_adjust_hook, NULL);
770 rcu_assign_pointer(nfnetlink_parse_nat_setup_hook, NULL); 770 RCU_INIT_POINTER(nfnetlink_parse_nat_setup_hook, NULL);
771 rcu_assign_pointer(nf_ct_nat_offset, NULL); 771 RCU_INIT_POINTER(nf_ct_nat_offset, NULL);
772 synchronize_net(); 772 synchronize_net();
773} 773}
774 774
diff --git a/net/ipv4/netfilter/nf_nat_ftp.c b/net/ipv4/netfilter/nf_nat_ftp.c
index dc73abb3fe27..e462a957d080 100644
--- a/net/ipv4/netfilter/nf_nat_ftp.c
+++ b/net/ipv4/netfilter/nf_nat_ftp.c
@@ -113,14 +113,14 @@ out:
113 113
114static void __exit nf_nat_ftp_fini(void) 114static void __exit nf_nat_ftp_fini(void)
115{ 115{
116 rcu_assign_pointer(nf_nat_ftp_hook, NULL); 116 RCU_INIT_POINTER(nf_nat_ftp_hook, NULL);
117 synchronize_rcu(); 117 synchronize_rcu();
118} 118}
119 119
120static int __init nf_nat_ftp_init(void) 120static int __init nf_nat_ftp_init(void)
121{ 121{
122 BUG_ON(nf_nat_ftp_hook != NULL); 122 BUG_ON(nf_nat_ftp_hook != NULL);
123 rcu_assign_pointer(nf_nat_ftp_hook, nf_nat_ftp); 123 RCU_INIT_POINTER(nf_nat_ftp_hook, nf_nat_ftp);
124 return 0; 124 return 0;
125} 125}
126 126
diff --git a/net/ipv4/netfilter/nf_nat_h323.c b/net/ipv4/netfilter/nf_nat_h323.c
index 790f3160e012..b9a1136addbd 100644
--- a/net/ipv4/netfilter/nf_nat_h323.c
+++ b/net/ipv4/netfilter/nf_nat_h323.c
@@ -581,30 +581,30 @@ static int __init init(void)
581 BUG_ON(nat_callforwarding_hook != NULL); 581 BUG_ON(nat_callforwarding_hook != NULL);
582 BUG_ON(nat_q931_hook != NULL); 582 BUG_ON(nat_q931_hook != NULL);
583 583
584 rcu_assign_pointer(set_h245_addr_hook, set_h245_addr); 584 RCU_INIT_POINTER(set_h245_addr_hook, set_h245_addr);
585 rcu_assign_pointer(set_h225_addr_hook, set_h225_addr); 585 RCU_INIT_POINTER(set_h225_addr_hook, set_h225_addr);
586 rcu_assign_pointer(set_sig_addr_hook, set_sig_addr); 586 RCU_INIT_POINTER(set_sig_addr_hook, set_sig_addr);
587 rcu_assign_pointer(set_ras_addr_hook, set_ras_addr); 587 RCU_INIT_POINTER(set_ras_addr_hook, set_ras_addr);
588 rcu_assign_pointer(nat_rtp_rtcp_hook, nat_rtp_rtcp); 588 RCU_INIT_POINTER(nat_rtp_rtcp_hook, nat_rtp_rtcp);
589 rcu_assign_pointer(nat_t120_hook, nat_t120); 589 RCU_INIT_POINTER(nat_t120_hook, nat_t120);
590 rcu_assign_pointer(nat_h245_hook, nat_h245); 590 RCU_INIT_POINTER(nat_h245_hook, nat_h245);
591 rcu_assign_pointer(nat_callforwarding_hook, nat_callforwarding); 591 RCU_INIT_POINTER(nat_callforwarding_hook, nat_callforwarding);
592 rcu_assign_pointer(nat_q931_hook, nat_q931); 592 RCU_INIT_POINTER(nat_q931_hook, nat_q931);
593 return 0; 593 return 0;
594} 594}
595 595
596/****************************************************************************/ 596/****************************************************************************/
597static void __exit fini(void) 597static void __exit fini(void)
598{ 598{
599 rcu_assign_pointer(set_h245_addr_hook, NULL); 599 RCU_INIT_POINTER(set_h245_addr_hook, NULL);
600 rcu_assign_pointer(set_h225_addr_hook, NULL); 600 RCU_INIT_POINTER(set_h225_addr_hook, NULL);
601 rcu_assign_pointer(set_sig_addr_hook, NULL); 601 RCU_INIT_POINTER(set_sig_addr_hook, NULL);
602 rcu_assign_pointer(set_ras_addr_hook, NULL); 602 RCU_INIT_POINTER(set_ras_addr_hook, NULL);
603 rcu_assign_pointer(nat_rtp_rtcp_hook, NULL); 603 RCU_INIT_POINTER(nat_rtp_rtcp_hook, NULL);
604 rcu_assign_pointer(nat_t120_hook, NULL); 604 RCU_INIT_POINTER(nat_t120_hook, NULL);
605 rcu_assign_pointer(nat_h245_hook, NULL); 605 RCU_INIT_POINTER(nat_h245_hook, NULL);
606 rcu_assign_pointer(nat_callforwarding_hook, NULL); 606 RCU_INIT_POINTER(nat_callforwarding_hook, NULL);
607 rcu_assign_pointer(nat_q931_hook, NULL); 607 RCU_INIT_POINTER(nat_q931_hook, NULL);
608 synchronize_rcu(); 608 synchronize_rcu();
609} 609}
610 610
diff --git a/net/ipv4/netfilter/nf_nat_irc.c b/net/ipv4/netfilter/nf_nat_irc.c
index 535e1a802356..979ae165f4ef 100644
--- a/net/ipv4/netfilter/nf_nat_irc.c
+++ b/net/ipv4/netfilter/nf_nat_irc.c
@@ -75,14 +75,14 @@ static unsigned int help(struct sk_buff *skb,
75 75
76static void __exit nf_nat_irc_fini(void) 76static void __exit nf_nat_irc_fini(void)
77{ 77{
78 rcu_assign_pointer(nf_nat_irc_hook, NULL); 78 RCU_INIT_POINTER(nf_nat_irc_hook, NULL);
79 synchronize_rcu(); 79 synchronize_rcu();
80} 80}
81 81
82static int __init nf_nat_irc_init(void) 82static int __init nf_nat_irc_init(void)
83{ 83{
84 BUG_ON(nf_nat_irc_hook != NULL); 84 BUG_ON(nf_nat_irc_hook != NULL);
85 rcu_assign_pointer(nf_nat_irc_hook, help); 85 RCU_INIT_POINTER(nf_nat_irc_hook, help);
86 return 0; 86 return 0;
87} 87}
88 88
diff --git a/net/ipv4/netfilter/nf_nat_pptp.c b/net/ipv4/netfilter/nf_nat_pptp.c
index 4c060038d29f..3e8284ba46b8 100644
--- a/net/ipv4/netfilter/nf_nat_pptp.c
+++ b/net/ipv4/netfilter/nf_nat_pptp.c
@@ -282,25 +282,25 @@ static int __init nf_nat_helper_pptp_init(void)
282 nf_nat_need_gre(); 282 nf_nat_need_gre();
283 283
284 BUG_ON(nf_nat_pptp_hook_outbound != NULL); 284 BUG_ON(nf_nat_pptp_hook_outbound != NULL);
285 rcu_assign_pointer(nf_nat_pptp_hook_outbound, pptp_outbound_pkt); 285 RCU_INIT_POINTER(nf_nat_pptp_hook_outbound, pptp_outbound_pkt);
286 286
287 BUG_ON(nf_nat_pptp_hook_inbound != NULL); 287 BUG_ON(nf_nat_pptp_hook_inbound != NULL);
288 rcu_assign_pointer(nf_nat_pptp_hook_inbound, pptp_inbound_pkt); 288 RCU_INIT_POINTER(nf_nat_pptp_hook_inbound, pptp_inbound_pkt);
289 289
290 BUG_ON(nf_nat_pptp_hook_exp_gre != NULL); 290 BUG_ON(nf_nat_pptp_hook_exp_gre != NULL);
291 rcu_assign_pointer(nf_nat_pptp_hook_exp_gre, pptp_exp_gre); 291 RCU_INIT_POINTER(nf_nat_pptp_hook_exp_gre, pptp_exp_gre);
292 292
293 BUG_ON(nf_nat_pptp_hook_expectfn != NULL); 293 BUG_ON(nf_nat_pptp_hook_expectfn != NULL);
294 rcu_assign_pointer(nf_nat_pptp_hook_expectfn, pptp_nat_expected); 294 RCU_INIT_POINTER(nf_nat_pptp_hook_expectfn, pptp_nat_expected);
295 return 0; 295 return 0;
296} 296}
297 297
298static void __exit nf_nat_helper_pptp_fini(void) 298static void __exit nf_nat_helper_pptp_fini(void)
299{ 299{
300 rcu_assign_pointer(nf_nat_pptp_hook_expectfn, NULL); 300 RCU_INIT_POINTER(nf_nat_pptp_hook_expectfn, NULL);
301 rcu_assign_pointer(nf_nat_pptp_hook_exp_gre, NULL); 301 RCU_INIT_POINTER(nf_nat_pptp_hook_exp_gre, NULL);
302 rcu_assign_pointer(nf_nat_pptp_hook_inbound, NULL); 302 RCU_INIT_POINTER(nf_nat_pptp_hook_inbound, NULL);
303 rcu_assign_pointer(nf_nat_pptp_hook_outbound, NULL); 303 RCU_INIT_POINTER(nf_nat_pptp_hook_outbound, NULL);
304 synchronize_rcu(); 304 synchronize_rcu();
305} 305}
306 306
diff --git a/net/ipv4/netfilter/nf_nat_proto_common.c b/net/ipv4/netfilter/nf_nat_proto_common.c
index 3e61faf23a9a..f52d41ea0690 100644
--- a/net/ipv4/netfilter/nf_nat_proto_common.c
+++ b/net/ipv4/netfilter/nf_nat_proto_common.c
@@ -12,6 +12,7 @@
12#include <linux/ip.h> 12#include <linux/ip.h>
13 13
14#include <linux/netfilter.h> 14#include <linux/netfilter.h>
15#include <net/secure_seq.h>
15#include <net/netfilter/nf_nat.h> 16#include <net/netfilter/nf_nat.h>
16#include <net/netfilter/nf_nat_core.h> 17#include <net/netfilter/nf_nat_core.h>
17#include <net/netfilter/nf_nat_rule.h> 18#include <net/netfilter/nf_nat_rule.h>
diff --git a/net/ipv4/netfilter/nf_nat_sip.c b/net/ipv4/netfilter/nf_nat_sip.c
index e40cf7816fdb..78844d9208f1 100644
--- a/net/ipv4/netfilter/nf_nat_sip.c
+++ b/net/ipv4/netfilter/nf_nat_sip.c
@@ -528,13 +528,13 @@ err1:
528 528
529static void __exit nf_nat_sip_fini(void) 529static void __exit nf_nat_sip_fini(void)
530{ 530{
531 rcu_assign_pointer(nf_nat_sip_hook, NULL); 531 RCU_INIT_POINTER(nf_nat_sip_hook, NULL);
532 rcu_assign_pointer(nf_nat_sip_seq_adjust_hook, NULL); 532 RCU_INIT_POINTER(nf_nat_sip_seq_adjust_hook, NULL);
533 rcu_assign_pointer(nf_nat_sip_expect_hook, NULL); 533 RCU_INIT_POINTER(nf_nat_sip_expect_hook, NULL);
534 rcu_assign_pointer(nf_nat_sdp_addr_hook, NULL); 534 RCU_INIT_POINTER(nf_nat_sdp_addr_hook, NULL);
535 rcu_assign_pointer(nf_nat_sdp_port_hook, NULL); 535 RCU_INIT_POINTER(nf_nat_sdp_port_hook, NULL);
536 rcu_assign_pointer(nf_nat_sdp_session_hook, NULL); 536 RCU_INIT_POINTER(nf_nat_sdp_session_hook, NULL);
537 rcu_assign_pointer(nf_nat_sdp_media_hook, NULL); 537 RCU_INIT_POINTER(nf_nat_sdp_media_hook, NULL);
538 synchronize_rcu(); 538 synchronize_rcu();
539} 539}
540 540
@@ -547,13 +547,13 @@ static int __init nf_nat_sip_init(void)
547 BUG_ON(nf_nat_sdp_port_hook != NULL); 547 BUG_ON(nf_nat_sdp_port_hook != NULL);
548 BUG_ON(nf_nat_sdp_session_hook != NULL); 548 BUG_ON(nf_nat_sdp_session_hook != NULL);
549 BUG_ON(nf_nat_sdp_media_hook != NULL); 549 BUG_ON(nf_nat_sdp_media_hook != NULL);
550 rcu_assign_pointer(nf_nat_sip_hook, ip_nat_sip); 550 RCU_INIT_POINTER(nf_nat_sip_hook, ip_nat_sip);
551 rcu_assign_pointer(nf_nat_sip_seq_adjust_hook, ip_nat_sip_seq_adjust); 551 RCU_INIT_POINTER(nf_nat_sip_seq_adjust_hook, ip_nat_sip_seq_adjust);
552 rcu_assign_pointer(nf_nat_sip_expect_hook, ip_nat_sip_expect); 552 RCU_INIT_POINTER(nf_nat_sip_expect_hook, ip_nat_sip_expect);
553 rcu_assign_pointer(nf_nat_sdp_addr_hook, ip_nat_sdp_addr); 553 RCU_INIT_POINTER(nf_nat_sdp_addr_hook, ip_nat_sdp_addr);
554 rcu_assign_pointer(nf_nat_sdp_port_hook, ip_nat_sdp_port); 554 RCU_INIT_POINTER(nf_nat_sdp_port_hook, ip_nat_sdp_port);
555 rcu_assign_pointer(nf_nat_sdp_session_hook, ip_nat_sdp_session); 555 RCU_INIT_POINTER(nf_nat_sdp_session_hook, ip_nat_sdp_session);
556 rcu_assign_pointer(nf_nat_sdp_media_hook, ip_nat_sdp_media); 556 RCU_INIT_POINTER(nf_nat_sdp_media_hook, ip_nat_sdp_media);
557 return 0; 557 return 0;
558} 558}
559 559
diff --git a/net/ipv4/netfilter/nf_nat_snmp_basic.c b/net/ipv4/netfilter/nf_nat_snmp_basic.c
index 076b7c8c4aa4..d1cb412c18e0 100644
--- a/net/ipv4/netfilter/nf_nat_snmp_basic.c
+++ b/net/ipv4/netfilter/nf_nat_snmp_basic.c
@@ -1310,7 +1310,7 @@ static int __init nf_nat_snmp_basic_init(void)
1310 int ret = 0; 1310 int ret = 0;
1311 1311
1312 BUG_ON(nf_nat_snmp_hook != NULL); 1312 BUG_ON(nf_nat_snmp_hook != NULL);
1313 rcu_assign_pointer(nf_nat_snmp_hook, help); 1313 RCU_INIT_POINTER(nf_nat_snmp_hook, help);
1314 1314
1315 ret = nf_conntrack_helper_register(&snmp_trap_helper); 1315 ret = nf_conntrack_helper_register(&snmp_trap_helper);
1316 if (ret < 0) { 1316 if (ret < 0) {
@@ -1322,7 +1322,7 @@ static int __init nf_nat_snmp_basic_init(void)
1322 1322
1323static void __exit nf_nat_snmp_basic_fini(void) 1323static void __exit nf_nat_snmp_basic_fini(void)
1324{ 1324{
1325 rcu_assign_pointer(nf_nat_snmp_hook, NULL); 1325 RCU_INIT_POINTER(nf_nat_snmp_hook, NULL);
1326 nf_conntrack_helper_unregister(&snmp_trap_helper); 1326 nf_conntrack_helper_unregister(&snmp_trap_helper);
1327} 1327}
1328 1328
diff --git a/net/ipv4/netfilter/nf_nat_standalone.c b/net/ipv4/netfilter/nf_nat_standalone.c
index a6e606e84820..92900482edea 100644
--- a/net/ipv4/netfilter/nf_nat_standalone.c
+++ b/net/ipv4/netfilter/nf_nat_standalone.c
@@ -284,7 +284,7 @@ static int __init nf_nat_standalone_init(void)
284 284
285#ifdef CONFIG_XFRM 285#ifdef CONFIG_XFRM
286 BUG_ON(ip_nat_decode_session != NULL); 286 BUG_ON(ip_nat_decode_session != NULL);
287 rcu_assign_pointer(ip_nat_decode_session, nat_decode_session); 287 RCU_INIT_POINTER(ip_nat_decode_session, nat_decode_session);
288#endif 288#endif
289 ret = nf_nat_rule_init(); 289 ret = nf_nat_rule_init();
290 if (ret < 0) { 290 if (ret < 0) {
@@ -302,7 +302,7 @@ static int __init nf_nat_standalone_init(void)
302 nf_nat_rule_cleanup(); 302 nf_nat_rule_cleanup();
303 cleanup_decode_session: 303 cleanup_decode_session:
304#ifdef CONFIG_XFRM 304#ifdef CONFIG_XFRM
305 rcu_assign_pointer(ip_nat_decode_session, NULL); 305 RCU_INIT_POINTER(ip_nat_decode_session, NULL);
306 synchronize_net(); 306 synchronize_net();
307#endif 307#endif
308 return ret; 308 return ret;
@@ -313,7 +313,7 @@ static void __exit nf_nat_standalone_fini(void)
313 nf_unregister_hooks(nf_nat_ops, ARRAY_SIZE(nf_nat_ops)); 313 nf_unregister_hooks(nf_nat_ops, ARRAY_SIZE(nf_nat_ops));
314 nf_nat_rule_cleanup(); 314 nf_nat_rule_cleanup();
315#ifdef CONFIG_XFRM 315#ifdef CONFIG_XFRM
316 rcu_assign_pointer(ip_nat_decode_session, NULL); 316 RCU_INIT_POINTER(ip_nat_decode_session, NULL);
317 synchronize_net(); 317 synchronize_net();
318#endif 318#endif
319 /* Conntrack caches are unregistered in nf_conntrack_cleanup */ 319 /* Conntrack caches are unregistered in nf_conntrack_cleanup */
diff --git a/net/ipv4/netfilter/nf_nat_tftp.c b/net/ipv4/netfilter/nf_nat_tftp.c
index 7274a43c7a12..a2901bf829c0 100644
--- a/net/ipv4/netfilter/nf_nat_tftp.c
+++ b/net/ipv4/netfilter/nf_nat_tftp.c
@@ -36,14 +36,14 @@ static unsigned int help(struct sk_buff *skb,
36 36
37static void __exit nf_nat_tftp_fini(void) 37static void __exit nf_nat_tftp_fini(void)
38{ 38{
39 rcu_assign_pointer(nf_nat_tftp_hook, NULL); 39 RCU_INIT_POINTER(nf_nat_tftp_hook, NULL);
40 synchronize_rcu(); 40 synchronize_rcu();
41} 41}
42 42
43static int __init nf_nat_tftp_init(void) 43static int __init nf_nat_tftp_init(void)
44{ 44{
45 BUG_ON(nf_nat_tftp_hook != NULL); 45 BUG_ON(nf_nat_tftp_hook != NULL);
46 rcu_assign_pointer(nf_nat_tftp_hook, help); 46 RCU_INIT_POINTER(nf_nat_tftp_hook, help);
47 return 0; 47 return 0;
48} 48}
49 49
diff --git a/net/ipv4/proc.c b/net/ipv4/proc.c
index b14ec7d03b6e..4bfad5da94f4 100644
--- a/net/ipv4/proc.c
+++ b/net/ipv4/proc.c
@@ -254,6 +254,8 @@ static const struct snmp_mib snmp4_net_list[] = {
254 SNMP_MIB_ITEM("TCPDeferAcceptDrop", LINUX_MIB_TCPDEFERACCEPTDROP), 254 SNMP_MIB_ITEM("TCPDeferAcceptDrop", LINUX_MIB_TCPDEFERACCEPTDROP),
255 SNMP_MIB_ITEM("IPReversePathFilter", LINUX_MIB_IPRPFILTER), 255 SNMP_MIB_ITEM("IPReversePathFilter", LINUX_MIB_IPRPFILTER),
256 SNMP_MIB_ITEM("TCPTimeWaitOverflow", LINUX_MIB_TCPTIMEWAITOVERFLOW), 256 SNMP_MIB_ITEM("TCPTimeWaitOverflow", LINUX_MIB_TCPTIMEWAITOVERFLOW),
257 SNMP_MIB_ITEM("TCPReqQFullDoCookies", LINUX_MIB_TCPREQQFULLDOCOOKIES),
258 SNMP_MIB_ITEM("TCPReqQFullDrop", LINUX_MIB_TCPREQQFULLDROP),
257 SNMP_MIB_SENTINEL 259 SNMP_MIB_SENTINEL
258}; 260};
259 261
diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c
index 1457acb39cec..61714bd52925 100644
--- a/net/ipv4/raw.c
+++ b/net/ipv4/raw.c
@@ -563,7 +563,8 @@ static int raw_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
563 flowi4_init_output(&fl4, ipc.oif, sk->sk_mark, tos, 563 flowi4_init_output(&fl4, ipc.oif, sk->sk_mark, tos,
564 RT_SCOPE_UNIVERSE, 564 RT_SCOPE_UNIVERSE,
565 inet->hdrincl ? IPPROTO_RAW : sk->sk_protocol, 565 inet->hdrincl ? IPPROTO_RAW : sk->sk_protocol,
566 FLOWI_FLAG_CAN_SLEEP, daddr, saddr, 0, 0); 566 inet_sk_flowi_flags(sk) | FLOWI_FLAG_CAN_SLEEP,
567 daddr, saddr, 0, 0);
567 568
568 if (!inet->hdrincl) { 569 if (!inet->hdrincl) {
569 err = raw_probe_proto_opt(&fl4, msg); 570 err = raw_probe_proto_opt(&fl4, msg);
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index 1730689f560e..155138d8ec8b 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -109,6 +109,7 @@
109#include <linux/sysctl.h> 109#include <linux/sysctl.h>
110#endif 110#endif
111#include <net/atmclip.h> 111#include <net/atmclip.h>
112#include <net/secure_seq.h>
112 113
113#define RT_FL_TOS(oldflp4) \ 114#define RT_FL_TOS(oldflp4) \
114 ((u32)(oldflp4->flowi4_tos & (IPTOS_RT_MASK | RTO_ONLINK))) 115 ((u32)(oldflp4->flowi4_tos & (IPTOS_RT_MASK | RTO_ONLINK)))
@@ -119,7 +120,6 @@
119 120
120static int ip_rt_max_size; 121static int ip_rt_max_size;
121static int ip_rt_gc_timeout __read_mostly = RT_GC_TIMEOUT; 122static int ip_rt_gc_timeout __read_mostly = RT_GC_TIMEOUT;
122static int ip_rt_gc_interval __read_mostly = 60 * HZ;
123static int ip_rt_gc_min_interval __read_mostly = HZ / 2; 123static int ip_rt_gc_min_interval __read_mostly = HZ / 2;
124static int ip_rt_redirect_number __read_mostly = 9; 124static int ip_rt_redirect_number __read_mostly = 9;
125static int ip_rt_redirect_load __read_mostly = HZ / 50; 125static int ip_rt_redirect_load __read_mostly = HZ / 50;
@@ -323,7 +323,7 @@ static struct rtable *rt_cache_get_first(struct seq_file *seq)
323 struct rtable *r = NULL; 323 struct rtable *r = NULL;
324 324
325 for (st->bucket = rt_hash_mask; st->bucket >= 0; --st->bucket) { 325 for (st->bucket = rt_hash_mask; st->bucket >= 0; --st->bucket) {
326 if (!rcu_dereference_raw(rt_hash_table[st->bucket].chain)) 326 if (!rcu_access_pointer(rt_hash_table[st->bucket].chain))
327 continue; 327 continue;
328 rcu_read_lock_bh(); 328 rcu_read_lock_bh();
329 r = rcu_dereference_bh(rt_hash_table[st->bucket].chain); 329 r = rcu_dereference_bh(rt_hash_table[st->bucket].chain);
@@ -349,7 +349,7 @@ static struct rtable *__rt_cache_get_next(struct seq_file *seq,
349 do { 349 do {
350 if (--st->bucket < 0) 350 if (--st->bucket < 0)
351 return NULL; 351 return NULL;
352 } while (!rcu_dereference_raw(rt_hash_table[st->bucket].chain)); 352 } while (!rcu_access_pointer(rt_hash_table[st->bucket].chain));
353 rcu_read_lock_bh(); 353 rcu_read_lock_bh();
354 r = rcu_dereference_bh(rt_hash_table[st->bucket].chain); 354 r = rcu_dereference_bh(rt_hash_table[st->bucket].chain);
355 } 355 }
@@ -721,7 +721,7 @@ static inline bool compare_hash_inputs(const struct rtable *rt1,
721{ 721{
722 return ((((__force u32)rt1->rt_key_dst ^ (__force u32)rt2->rt_key_dst) | 722 return ((((__force u32)rt1->rt_key_dst ^ (__force u32)rt2->rt_key_dst) |
723 ((__force u32)rt1->rt_key_src ^ (__force u32)rt2->rt_key_src) | 723 ((__force u32)rt1->rt_key_src ^ (__force u32)rt2->rt_key_src) |
724 (rt1->rt_iif ^ rt2->rt_iif)) == 0); 724 (rt1->rt_route_iif ^ rt2->rt_route_iif)) == 0);
725} 725}
726 726
727static inline int compare_keys(struct rtable *rt1, struct rtable *rt2) 727static inline int compare_keys(struct rtable *rt1, struct rtable *rt2)
@@ -730,8 +730,8 @@ static inline int compare_keys(struct rtable *rt1, struct rtable *rt2)
730 ((__force u32)rt1->rt_key_src ^ (__force u32)rt2->rt_key_src) | 730 ((__force u32)rt1->rt_key_src ^ (__force u32)rt2->rt_key_src) |
731 (rt1->rt_mark ^ rt2->rt_mark) | 731 (rt1->rt_mark ^ rt2->rt_mark) |
732 (rt1->rt_key_tos ^ rt2->rt_key_tos) | 732 (rt1->rt_key_tos ^ rt2->rt_key_tos) |
733 (rt1->rt_oif ^ rt2->rt_oif) | 733 (rt1->rt_route_iif ^ rt2->rt_route_iif) |
734 (rt1->rt_iif ^ rt2->rt_iif)) == 0; 734 (rt1->rt_oif ^ rt2->rt_oif)) == 0;
735} 735}
736 736
737static inline int compare_netns(struct rtable *rt1, struct rtable *rt2) 737static inline int compare_netns(struct rtable *rt1, struct rtable *rt2)
@@ -760,7 +760,7 @@ static void rt_do_flush(struct net *net, int process_context)
760 760
761 if (process_context && need_resched()) 761 if (process_context && need_resched())
762 cond_resched(); 762 cond_resched();
763 rth = rcu_dereference_raw(rt_hash_table[i].chain); 763 rth = rcu_access_pointer(rt_hash_table[i].chain);
764 if (!rth) 764 if (!rth)
765 continue; 765 continue;
766 766
@@ -1308,7 +1308,12 @@ static void rt_del(unsigned hash, struct rtable *rt)
1308void ip_rt_redirect(__be32 old_gw, __be32 daddr, __be32 new_gw, 1308void ip_rt_redirect(__be32 old_gw, __be32 daddr, __be32 new_gw,
1309 __be32 saddr, struct net_device *dev) 1309 __be32 saddr, struct net_device *dev)
1310{ 1310{
1311 int s, i;
1311 struct in_device *in_dev = __in_dev_get_rcu(dev); 1312 struct in_device *in_dev = __in_dev_get_rcu(dev);
1313 struct rtable *rt;
1314 __be32 skeys[2] = { saddr, 0 };
1315 int ikeys[2] = { dev->ifindex, 0 };
1316 struct flowi4 fl4;
1312 struct inet_peer *peer; 1317 struct inet_peer *peer;
1313 struct net *net; 1318 struct net *net;
1314 1319
@@ -1331,13 +1336,34 @@ void ip_rt_redirect(__be32 old_gw, __be32 daddr, __be32 new_gw,
1331 goto reject_redirect; 1336 goto reject_redirect;
1332 } 1337 }
1333 1338
1334 peer = inet_getpeer_v4(daddr, 1); 1339 memset(&fl4, 0, sizeof(fl4));
1335 if (peer) { 1340 fl4.daddr = daddr;
1336 peer->redirect_learned.a4 = new_gw; 1341 for (s = 0; s < 2; s++) {
1342 for (i = 0; i < 2; i++) {
1343 fl4.flowi4_oif = ikeys[i];
1344 fl4.saddr = skeys[s];
1345 rt = __ip_route_output_key(net, &fl4);
1346 if (IS_ERR(rt))
1347 continue;
1337 1348
1338 inet_putpeer(peer); 1349 if (rt->dst.error || rt->dst.dev != dev ||
1350 rt->rt_gateway != old_gw) {
1351 ip_rt_put(rt);
1352 continue;
1353 }
1354
1355 if (!rt->peer)
1356 rt_bind_peer(rt, rt->rt_dst, 1);
1357
1358 peer = rt->peer;
1359 if (peer) {
1360 peer->redirect_learned.a4 = new_gw;
1361 atomic_inc(&__rt_peer_genid);
1362 }
1339 1363
1340 atomic_inc(&__rt_peer_genid); 1364 ip_rt_put(rt);
1365 return;
1366 }
1341 } 1367 }
1342 return; 1368 return;
1343 1369
@@ -1567,11 +1593,10 @@ unsigned short ip_rt_frag_needed(struct net *net, const struct iphdr *iph,
1567 est_mtu = mtu; 1593 est_mtu = mtu;
1568 peer->pmtu_learned = mtu; 1594 peer->pmtu_learned = mtu;
1569 peer->pmtu_expires = pmtu_expires; 1595 peer->pmtu_expires = pmtu_expires;
1596 atomic_inc(&__rt_peer_genid);
1570 } 1597 }
1571 1598
1572 inet_putpeer(peer); 1599 inet_putpeer(peer);
1573
1574 atomic_inc(&__rt_peer_genid);
1575 } 1600 }
1576 return est_mtu ? : new_mtu; 1601 return est_mtu ? : new_mtu;
1577} 1602}
@@ -1628,16 +1653,18 @@ static int check_peer_redir(struct dst_entry *dst, struct inet_peer *peer)
1628{ 1653{
1629 struct rtable *rt = (struct rtable *) dst; 1654 struct rtable *rt = (struct rtable *) dst;
1630 __be32 orig_gw = rt->rt_gateway; 1655 __be32 orig_gw = rt->rt_gateway;
1631 struct neighbour *n; 1656 struct neighbour *n, *old_n;
1632 1657
1633 dst_confirm(&rt->dst); 1658 dst_confirm(&rt->dst);
1634 1659
1635 neigh_release(dst_get_neighbour(&rt->dst));
1636 dst_set_neighbour(&rt->dst, NULL);
1637
1638 rt->rt_gateway = peer->redirect_learned.a4; 1660 rt->rt_gateway = peer->redirect_learned.a4;
1639 rt_bind_neighbour(rt); 1661
1640 n = dst_get_neighbour(&rt->dst); 1662 n = ipv4_neigh_lookup(&rt->dst, &rt->rt_gateway);
1663 if (IS_ERR(n))
1664 return PTR_ERR(n);
1665 old_n = xchg(&rt->dst._neighbour, n);
1666 if (old_n)
1667 neigh_release(old_n);
1641 if (!n || !(n->nud_state & NUD_VALID)) { 1668 if (!n || !(n->nud_state & NUD_VALID)) {
1642 if (n) 1669 if (n)
1643 neigh_event_send(n, NULL); 1670 neigh_event_send(n, NULL);
@@ -2317,8 +2344,7 @@ int ip_route_input_common(struct sk_buff *skb, __be32 daddr, __be32 saddr,
2317 rth = rcu_dereference(rth->dst.rt_next)) { 2344 rth = rcu_dereference(rth->dst.rt_next)) {
2318 if ((((__force u32)rth->rt_key_dst ^ (__force u32)daddr) | 2345 if ((((__force u32)rth->rt_key_dst ^ (__force u32)daddr) |
2319 ((__force u32)rth->rt_key_src ^ (__force u32)saddr) | 2346 ((__force u32)rth->rt_key_src ^ (__force u32)saddr) |
2320 (rth->rt_iif ^ iif) | 2347 (rth->rt_route_iif ^ iif) |
2321 rth->rt_oif |
2322 (rth->rt_key_tos ^ tos)) == 0 && 2348 (rth->rt_key_tos ^ tos)) == 0 &&
2323 rth->rt_mark == skb->mark && 2349 rth->rt_mark == skb->mark &&
2324 net_eq(dev_net(rth->dst.dev), net) && 2350 net_eq(dev_net(rth->dst.dev), net) &&
@@ -3119,13 +3145,6 @@ static ctl_table ipv4_route_table[] = {
3119 .proc_handler = proc_dointvec_jiffies, 3145 .proc_handler = proc_dointvec_jiffies,
3120 }, 3146 },
3121 { 3147 {
3122 .procname = "gc_interval",
3123 .data = &ip_rt_gc_interval,
3124 .maxlen = sizeof(int),
3125 .mode = 0644,
3126 .proc_handler = proc_dointvec_jiffies,
3127 },
3128 {
3129 .procname = "redirect_load", 3148 .procname = "redirect_load",
3130 .data = &ip_rt_redirect_load, 3149 .data = &ip_rt_redirect_load,
3131 .maxlen = sizeof(int), 3150 .maxlen = sizeof(int),
diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c
index 92bb9434b338..d7b89b12f6d8 100644
--- a/net/ipv4/syncookies.c
+++ b/net/ipv4/syncookies.c
@@ -265,7 +265,7 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
265 struct ip_options *opt) 265 struct ip_options *opt)
266{ 266{
267 struct tcp_options_received tcp_opt; 267 struct tcp_options_received tcp_opt;
268 u8 *hash_location; 268 const u8 *hash_location;
269 struct inet_request_sock *ireq; 269 struct inet_request_sock *ireq;
270 struct tcp_request_sock *treq; 270 struct tcp_request_sock *treq;
271 struct tcp_sock *tp = tcp_sk(sk); 271 struct tcp_sock *tp = tcp_sk(sk);
@@ -276,7 +276,7 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
276 int mss; 276 int mss;
277 struct rtable *rt; 277 struct rtable *rt;
278 __u8 rcv_wscale; 278 __u8 rcv_wscale;
279 bool ecn_ok; 279 bool ecn_ok = false;
280 280
281 if (!sysctl_tcp_syncookies || !th->ack || th->rst) 281 if (!sysctl_tcp_syncookies || !th->ack || th->rst)
282 goto out; 282 goto out;
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index 46febcacb729..34f5db1e1c8b 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -374,7 +374,7 @@ unsigned int tcp_poll(struct file *file, struct socket *sock, poll_table *wait)
374{ 374{
375 unsigned int mask; 375 unsigned int mask;
376 struct sock *sk = sock->sk; 376 struct sock *sk = sock->sk;
377 struct tcp_sock *tp = tcp_sk(sk); 377 const struct tcp_sock *tp = tcp_sk(sk);
378 378
379 sock_poll_wait(file, sk_sleep(sk), wait); 379 sock_poll_wait(file, sk_sleep(sk), wait);
380 if (sk->sk_state == TCP_LISTEN) 380 if (sk->sk_state == TCP_LISTEN)
@@ -524,11 +524,11 @@ EXPORT_SYMBOL(tcp_ioctl);
524 524
525static inline void tcp_mark_push(struct tcp_sock *tp, struct sk_buff *skb) 525static inline void tcp_mark_push(struct tcp_sock *tp, struct sk_buff *skb)
526{ 526{
527 TCP_SKB_CB(skb)->flags |= TCPHDR_PSH; 527 TCP_SKB_CB(skb)->tcp_flags |= TCPHDR_PSH;
528 tp->pushed_seq = tp->write_seq; 528 tp->pushed_seq = tp->write_seq;
529} 529}
530 530
531static inline int forced_push(struct tcp_sock *tp) 531static inline int forced_push(const struct tcp_sock *tp)
532{ 532{
533 return after(tp->write_seq, tp->pushed_seq + (tp->max_window >> 1)); 533 return after(tp->write_seq, tp->pushed_seq + (tp->max_window >> 1));
534} 534}
@@ -540,7 +540,7 @@ static inline void skb_entail(struct sock *sk, struct sk_buff *skb)
540 540
541 skb->csum = 0; 541 skb->csum = 0;
542 tcb->seq = tcb->end_seq = tp->write_seq; 542 tcb->seq = tcb->end_seq = tp->write_seq;
543 tcb->flags = TCPHDR_ACK; 543 tcb->tcp_flags = TCPHDR_ACK;
544 tcb->sacked = 0; 544 tcb->sacked = 0;
545 skb_header_release(skb); 545 skb_header_release(skb);
546 tcp_add_write_queue_tail(sk, skb); 546 tcp_add_write_queue_tail(sk, skb);
@@ -813,7 +813,7 @@ new_segment:
813 goto wait_for_memory; 813 goto wait_for_memory;
814 814
815 if (can_coalesce) { 815 if (can_coalesce) {
816 skb_shinfo(skb)->frags[i - 1].size += copy; 816 skb_frag_size_add(&skb_shinfo(skb)->frags[i - 1], copy);
817 } else { 817 } else {
818 get_page(page); 818 get_page(page);
819 skb_fill_page_desc(skb, i, page, offset, copy); 819 skb_fill_page_desc(skb, i, page, offset, copy);
@@ -830,7 +830,7 @@ new_segment:
830 skb_shinfo(skb)->gso_segs = 0; 830 skb_shinfo(skb)->gso_segs = 0;
831 831
832 if (!copied) 832 if (!copied)
833 TCP_SKB_CB(skb)->flags &= ~TCPHDR_PSH; 833 TCP_SKB_CB(skb)->tcp_flags &= ~TCPHDR_PSH;
834 834
835 copied += copy; 835 copied += copy;
836 poffset += copy; 836 poffset += copy;
@@ -891,9 +891,9 @@ EXPORT_SYMBOL(tcp_sendpage);
891#define TCP_PAGE(sk) (sk->sk_sndmsg_page) 891#define TCP_PAGE(sk) (sk->sk_sndmsg_page)
892#define TCP_OFF(sk) (sk->sk_sndmsg_off) 892#define TCP_OFF(sk) (sk->sk_sndmsg_off)
893 893
894static inline int select_size(struct sock *sk, int sg) 894static inline int select_size(const struct sock *sk, int sg)
895{ 895{
896 struct tcp_sock *tp = tcp_sk(sk); 896 const struct tcp_sock *tp = tcp_sk(sk);
897 int tmp = tp->mss_cache; 897 int tmp = tp->mss_cache;
898 898
899 if (sg) { 899 if (sg) {
@@ -1058,8 +1058,7 @@ new_segment:
1058 1058
1059 /* Update the skb. */ 1059 /* Update the skb. */
1060 if (merge) { 1060 if (merge) {
1061 skb_shinfo(skb)->frags[i - 1].size += 1061 skb_frag_size_add(&skb_shinfo(skb)->frags[i - 1], copy);
1062 copy;
1063 } else { 1062 } else {
1064 skb_fill_page_desc(skb, i, page, off, copy); 1063 skb_fill_page_desc(skb, i, page, off, copy);
1065 if (TCP_PAGE(sk)) { 1064 if (TCP_PAGE(sk)) {
@@ -1074,7 +1073,7 @@ new_segment:
1074 } 1073 }
1075 1074
1076 if (!copied) 1075 if (!copied)
1077 TCP_SKB_CB(skb)->flags &= ~TCPHDR_PSH; 1076 TCP_SKB_CB(skb)->tcp_flags &= ~TCPHDR_PSH;
1078 1077
1079 tp->write_seq += copy; 1078 tp->write_seq += copy;
1080 TCP_SKB_CB(skb)->end_seq += copy; 1079 TCP_SKB_CB(skb)->end_seq += copy;
@@ -1194,13 +1193,11 @@ void tcp_cleanup_rbuf(struct sock *sk, int copied)
1194 struct tcp_sock *tp = tcp_sk(sk); 1193 struct tcp_sock *tp = tcp_sk(sk);
1195 int time_to_ack = 0; 1194 int time_to_ack = 0;
1196 1195
1197#if TCP_DEBUG
1198 struct sk_buff *skb = skb_peek(&sk->sk_receive_queue); 1196 struct sk_buff *skb = skb_peek(&sk->sk_receive_queue);
1199 1197
1200 WARN(skb && !before(tp->copied_seq, TCP_SKB_CB(skb)->end_seq), 1198 WARN(skb && !before(tp->copied_seq, TCP_SKB_CB(skb)->end_seq),
1201 "cleanup rbuf bug: copied %X seq %X rcvnxt %X\n", 1199 "cleanup rbuf bug: copied %X seq %X rcvnxt %X\n",
1202 tp->copied_seq, TCP_SKB_CB(skb)->end_seq, tp->rcv_nxt); 1200 tp->copied_seq, TCP_SKB_CB(skb)->end_seq, tp->rcv_nxt);
1203#endif
1204 1201
1205 if (inet_csk_ack_scheduled(sk)) { 1202 if (inet_csk_ack_scheduled(sk)) {
1206 const struct inet_connection_sock *icsk = inet_csk(sk); 1203 const struct inet_connection_sock *icsk = inet_csk(sk);
@@ -2409,7 +2406,7 @@ static int do_tcp_setsockopt(struct sock *sk, int level,
2409int tcp_setsockopt(struct sock *sk, int level, int optname, char __user *optval, 2406int tcp_setsockopt(struct sock *sk, int level, int optname, char __user *optval,
2410 unsigned int optlen) 2407 unsigned int optlen)
2411{ 2408{
2412 struct inet_connection_sock *icsk = inet_csk(sk); 2409 const struct inet_connection_sock *icsk = inet_csk(sk);
2413 2410
2414 if (level != SOL_TCP) 2411 if (level != SOL_TCP)
2415 return icsk->icsk_af_ops->setsockopt(sk, level, optname, 2412 return icsk->icsk_af_ops->setsockopt(sk, level, optname,
@@ -2431,9 +2428,9 @@ EXPORT_SYMBOL(compat_tcp_setsockopt);
2431#endif 2428#endif
2432 2429
2433/* Return information about state of tcp endpoint in API format. */ 2430/* Return information about state of tcp endpoint in API format. */
2434void tcp_get_info(struct sock *sk, struct tcp_info *info) 2431void tcp_get_info(const struct sock *sk, struct tcp_info *info)
2435{ 2432{
2436 struct tcp_sock *tp = tcp_sk(sk); 2433 const struct tcp_sock *tp = tcp_sk(sk);
2437 const struct inet_connection_sock *icsk = inet_csk(sk); 2434 const struct inet_connection_sock *icsk = inet_csk(sk);
2438 u32 now = tcp_time_stamp; 2435 u32 now = tcp_time_stamp;
2439 2436
@@ -2455,8 +2452,10 @@ void tcp_get_info(struct sock *sk, struct tcp_info *info)
2455 info->tcpi_rcv_wscale = tp->rx_opt.rcv_wscale; 2452 info->tcpi_rcv_wscale = tp->rx_opt.rcv_wscale;
2456 } 2453 }
2457 2454
2458 if (tp->ecn_flags&TCP_ECN_OK) 2455 if (tp->ecn_flags & TCP_ECN_OK)
2459 info->tcpi_options |= TCPI_OPT_ECN; 2456 info->tcpi_options |= TCPI_OPT_ECN;
2457 if (tp->ecn_flags & TCP_ECN_SEEN)
2458 info->tcpi_options |= TCPI_OPT_ECN_SEEN;
2460 2459
2461 info->tcpi_rto = jiffies_to_usecs(icsk->icsk_rto); 2460 info->tcpi_rto = jiffies_to_usecs(icsk->icsk_rto);
2462 info->tcpi_ato = jiffies_to_usecs(icsk->icsk_ack.ato); 2461 info->tcpi_ato = jiffies_to_usecs(icsk->icsk_ack.ato);
@@ -2857,26 +2856,25 @@ EXPORT_SYMBOL(tcp_gro_complete);
2857 2856
2858#ifdef CONFIG_TCP_MD5SIG 2857#ifdef CONFIG_TCP_MD5SIG
2859static unsigned long tcp_md5sig_users; 2858static unsigned long tcp_md5sig_users;
2860static struct tcp_md5sig_pool * __percpu *tcp_md5sig_pool; 2859static struct tcp_md5sig_pool __percpu *tcp_md5sig_pool;
2861static DEFINE_SPINLOCK(tcp_md5sig_pool_lock); 2860static DEFINE_SPINLOCK(tcp_md5sig_pool_lock);
2862 2861
2863static void __tcp_free_md5sig_pool(struct tcp_md5sig_pool * __percpu *pool) 2862static void __tcp_free_md5sig_pool(struct tcp_md5sig_pool __percpu *pool)
2864{ 2863{
2865 int cpu; 2864 int cpu;
2865
2866 for_each_possible_cpu(cpu) { 2866 for_each_possible_cpu(cpu) {
2867 struct tcp_md5sig_pool *p = *per_cpu_ptr(pool, cpu); 2867 struct tcp_md5sig_pool *p = per_cpu_ptr(pool, cpu);
2868 if (p) { 2868
2869 if (p->md5_desc.tfm) 2869 if (p->md5_desc.tfm)
2870 crypto_free_hash(p->md5_desc.tfm); 2870 crypto_free_hash(p->md5_desc.tfm);
2871 kfree(p);
2872 }
2873 } 2871 }
2874 free_percpu(pool); 2872 free_percpu(pool);
2875} 2873}
2876 2874
2877void tcp_free_md5sig_pool(void) 2875void tcp_free_md5sig_pool(void)
2878{ 2876{
2879 struct tcp_md5sig_pool * __percpu *pool = NULL; 2877 struct tcp_md5sig_pool __percpu *pool = NULL;
2880 2878
2881 spin_lock_bh(&tcp_md5sig_pool_lock); 2879 spin_lock_bh(&tcp_md5sig_pool_lock);
2882 if (--tcp_md5sig_users == 0) { 2880 if (--tcp_md5sig_users == 0) {
@@ -2889,30 +2887,24 @@ void tcp_free_md5sig_pool(void)
2889} 2887}
2890EXPORT_SYMBOL(tcp_free_md5sig_pool); 2888EXPORT_SYMBOL(tcp_free_md5sig_pool);
2891 2889
2892static struct tcp_md5sig_pool * __percpu * 2890static struct tcp_md5sig_pool __percpu *
2893__tcp_alloc_md5sig_pool(struct sock *sk) 2891__tcp_alloc_md5sig_pool(struct sock *sk)
2894{ 2892{
2895 int cpu; 2893 int cpu;
2896 struct tcp_md5sig_pool * __percpu *pool; 2894 struct tcp_md5sig_pool __percpu *pool;
2897 2895
2898 pool = alloc_percpu(struct tcp_md5sig_pool *); 2896 pool = alloc_percpu(struct tcp_md5sig_pool);
2899 if (!pool) 2897 if (!pool)
2900 return NULL; 2898 return NULL;
2901 2899
2902 for_each_possible_cpu(cpu) { 2900 for_each_possible_cpu(cpu) {
2903 struct tcp_md5sig_pool *p;
2904 struct crypto_hash *hash; 2901 struct crypto_hash *hash;
2905 2902
2906 p = kzalloc(sizeof(*p), sk->sk_allocation);
2907 if (!p)
2908 goto out_free;
2909 *per_cpu_ptr(pool, cpu) = p;
2910
2911 hash = crypto_alloc_hash("md5", 0, CRYPTO_ALG_ASYNC); 2903 hash = crypto_alloc_hash("md5", 0, CRYPTO_ALG_ASYNC);
2912 if (!hash || IS_ERR(hash)) 2904 if (!hash || IS_ERR(hash))
2913 goto out_free; 2905 goto out_free;
2914 2906
2915 p->md5_desc.tfm = hash; 2907 per_cpu_ptr(pool, cpu)->md5_desc.tfm = hash;
2916 } 2908 }
2917 return pool; 2909 return pool;
2918out_free: 2910out_free:
@@ -2920,9 +2912,9 @@ out_free:
2920 return NULL; 2912 return NULL;
2921} 2913}
2922 2914
2923struct tcp_md5sig_pool * __percpu *tcp_alloc_md5sig_pool(struct sock *sk) 2915struct tcp_md5sig_pool __percpu *tcp_alloc_md5sig_pool(struct sock *sk)
2924{ 2916{
2925 struct tcp_md5sig_pool * __percpu *pool; 2917 struct tcp_md5sig_pool __percpu *pool;
2926 int alloc = 0; 2918 int alloc = 0;
2927 2919
2928retry: 2920retry:
@@ -2941,7 +2933,7 @@ retry:
2941 2933
2942 if (alloc) { 2934 if (alloc) {
2943 /* we cannot hold spinlock here because this may sleep. */ 2935 /* we cannot hold spinlock here because this may sleep. */
2944 struct tcp_md5sig_pool * __percpu *p; 2936 struct tcp_md5sig_pool __percpu *p;
2945 2937
2946 p = __tcp_alloc_md5sig_pool(sk); 2938 p = __tcp_alloc_md5sig_pool(sk);
2947 spin_lock_bh(&tcp_md5sig_pool_lock); 2939 spin_lock_bh(&tcp_md5sig_pool_lock);
@@ -2974,7 +2966,7 @@ EXPORT_SYMBOL(tcp_alloc_md5sig_pool);
2974 */ 2966 */
2975struct tcp_md5sig_pool *tcp_get_md5sig_pool(void) 2967struct tcp_md5sig_pool *tcp_get_md5sig_pool(void)
2976{ 2968{
2977 struct tcp_md5sig_pool * __percpu *p; 2969 struct tcp_md5sig_pool __percpu *p;
2978 2970
2979 local_bh_disable(); 2971 local_bh_disable();
2980 2972
@@ -2985,7 +2977,7 @@ struct tcp_md5sig_pool *tcp_get_md5sig_pool(void)
2985 spin_unlock(&tcp_md5sig_pool_lock); 2977 spin_unlock(&tcp_md5sig_pool_lock);
2986 2978
2987 if (p) 2979 if (p)
2988 return *this_cpu_ptr(p); 2980 return this_cpu_ptr(p);
2989 2981
2990 local_bh_enable(); 2982 local_bh_enable();
2991 return NULL; 2983 return NULL;
@@ -3000,23 +2992,25 @@ void tcp_put_md5sig_pool(void)
3000EXPORT_SYMBOL(tcp_put_md5sig_pool); 2992EXPORT_SYMBOL(tcp_put_md5sig_pool);
3001 2993
3002int tcp_md5_hash_header(struct tcp_md5sig_pool *hp, 2994int tcp_md5_hash_header(struct tcp_md5sig_pool *hp,
3003 struct tcphdr *th) 2995 const struct tcphdr *th)
3004{ 2996{
3005 struct scatterlist sg; 2997 struct scatterlist sg;
2998 struct tcphdr hdr;
3006 int err; 2999 int err;
3007 3000
3008 __sum16 old_checksum = th->check; 3001 /* We are not allowed to change tcphdr, make a local copy */
3009 th->check = 0; 3002 memcpy(&hdr, th, sizeof(hdr));
3003 hdr.check = 0;
3004
3010 /* options aren't included in the hash */ 3005 /* options aren't included in the hash */
3011 sg_init_one(&sg, th, sizeof(struct tcphdr)); 3006 sg_init_one(&sg, &hdr, sizeof(hdr));
3012 err = crypto_hash_update(&hp->md5_desc, &sg, sizeof(struct tcphdr)); 3007 err = crypto_hash_update(&hp->md5_desc, &sg, sizeof(hdr));
3013 th->check = old_checksum;
3014 return err; 3008 return err;
3015} 3009}
3016EXPORT_SYMBOL(tcp_md5_hash_header); 3010EXPORT_SYMBOL(tcp_md5_hash_header);
3017 3011
3018int tcp_md5_hash_skb_data(struct tcp_md5sig_pool *hp, 3012int tcp_md5_hash_skb_data(struct tcp_md5sig_pool *hp,
3019 struct sk_buff *skb, unsigned header_len) 3013 const struct sk_buff *skb, unsigned int header_len)
3020{ 3014{
3021 struct scatterlist sg; 3015 struct scatterlist sg;
3022 const struct tcphdr *tp = tcp_hdr(skb); 3016 const struct tcphdr *tp = tcp_hdr(skb);
@@ -3035,8 +3029,9 @@ int tcp_md5_hash_skb_data(struct tcp_md5sig_pool *hp,
3035 3029
3036 for (i = 0; i < shi->nr_frags; ++i) { 3030 for (i = 0; i < shi->nr_frags; ++i) {
3037 const struct skb_frag_struct *f = &shi->frags[i]; 3031 const struct skb_frag_struct *f = &shi->frags[i];
3038 sg_set_page(&sg, f->page, f->size, f->page_offset); 3032 struct page *page = skb_frag_page(f);
3039 if (crypto_hash_update(desc, &sg, f->size)) 3033 sg_set_page(&sg, page, skb_frag_size(f), f->page_offset);
3034 if (crypto_hash_update(desc, &sg, skb_frag_size(f)))
3040 return 1; 3035 return 1;
3041 } 3036 }
3042 3037
@@ -3048,7 +3043,7 @@ int tcp_md5_hash_skb_data(struct tcp_md5sig_pool *hp,
3048} 3043}
3049EXPORT_SYMBOL(tcp_md5_hash_skb_data); 3044EXPORT_SYMBOL(tcp_md5_hash_skb_data);
3050 3045
3051int tcp_md5_hash_key(struct tcp_md5sig_pool *hp, struct tcp_md5sig_key *key) 3046int tcp_md5_hash_key(struct tcp_md5sig_pool *hp, const struct tcp_md5sig_key *key)
3052{ 3047{
3053 struct scatterlist sg; 3048 struct scatterlist sg;
3054 3049
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index ea0d2183df4b..52b5c2d0ecd0 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -206,7 +206,7 @@ static inline void TCP_ECN_queue_cwr(struct tcp_sock *tp)
206 tp->ecn_flags |= TCP_ECN_QUEUE_CWR; 206 tp->ecn_flags |= TCP_ECN_QUEUE_CWR;
207} 207}
208 208
209static inline void TCP_ECN_accept_cwr(struct tcp_sock *tp, struct sk_buff *skb) 209static inline void TCP_ECN_accept_cwr(struct tcp_sock *tp, const struct sk_buff *skb)
210{ 210{
211 if (tcp_hdr(skb)->cwr) 211 if (tcp_hdr(skb)->cwr)
212 tp->ecn_flags &= ~TCP_ECN_DEMAND_CWR; 212 tp->ecn_flags &= ~TCP_ECN_DEMAND_CWR;
@@ -217,32 +217,41 @@ static inline void TCP_ECN_withdraw_cwr(struct tcp_sock *tp)
217 tp->ecn_flags &= ~TCP_ECN_DEMAND_CWR; 217 tp->ecn_flags &= ~TCP_ECN_DEMAND_CWR;
218} 218}
219 219
220static inline void TCP_ECN_check_ce(struct tcp_sock *tp, struct sk_buff *skb) 220static inline void TCP_ECN_check_ce(struct tcp_sock *tp, const struct sk_buff *skb)
221{ 221{
222 if (tp->ecn_flags & TCP_ECN_OK) { 222 if (!(tp->ecn_flags & TCP_ECN_OK))
223 if (INET_ECN_is_ce(TCP_SKB_CB(skb)->flags)) 223 return;
224 tp->ecn_flags |= TCP_ECN_DEMAND_CWR; 224
225 switch (TCP_SKB_CB(skb)->ip_dsfield & INET_ECN_MASK) {
226 case INET_ECN_NOT_ECT:
225 /* Funny extension: if ECT is not set on a segment, 227 /* Funny extension: if ECT is not set on a segment,
226 * it is surely retransmit. It is not in ECN RFC, 228 * and we already seen ECT on a previous segment,
227 * but Linux follows this rule. */ 229 * it is probably a retransmit.
228 else if (INET_ECN_is_not_ect((TCP_SKB_CB(skb)->flags))) 230 */
231 if (tp->ecn_flags & TCP_ECN_SEEN)
229 tcp_enter_quickack_mode((struct sock *)tp); 232 tcp_enter_quickack_mode((struct sock *)tp);
233 break;
234 case INET_ECN_CE:
235 tp->ecn_flags |= TCP_ECN_DEMAND_CWR;
236 /* fallinto */
237 default:
238 tp->ecn_flags |= TCP_ECN_SEEN;
230 } 239 }
231} 240}
232 241
233static inline void TCP_ECN_rcv_synack(struct tcp_sock *tp, struct tcphdr *th) 242static inline void TCP_ECN_rcv_synack(struct tcp_sock *tp, const struct tcphdr *th)
234{ 243{
235 if ((tp->ecn_flags & TCP_ECN_OK) && (!th->ece || th->cwr)) 244 if ((tp->ecn_flags & TCP_ECN_OK) && (!th->ece || th->cwr))
236 tp->ecn_flags &= ~TCP_ECN_OK; 245 tp->ecn_flags &= ~TCP_ECN_OK;
237} 246}
238 247
239static inline void TCP_ECN_rcv_syn(struct tcp_sock *tp, struct tcphdr *th) 248static inline void TCP_ECN_rcv_syn(struct tcp_sock *tp, const struct tcphdr *th)
240{ 249{
241 if ((tp->ecn_flags & TCP_ECN_OK) && (!th->ece || !th->cwr)) 250 if ((tp->ecn_flags & TCP_ECN_OK) && (!th->ece || !th->cwr))
242 tp->ecn_flags &= ~TCP_ECN_OK; 251 tp->ecn_flags &= ~TCP_ECN_OK;
243} 252}
244 253
245static inline int TCP_ECN_rcv_ecn_echo(struct tcp_sock *tp, struct tcphdr *th) 254static inline int TCP_ECN_rcv_ecn_echo(const struct tcp_sock *tp, const struct tcphdr *th)
246{ 255{
247 if (th->ece && !th->syn && (tp->ecn_flags & TCP_ECN_OK)) 256 if (th->ece && !th->syn && (tp->ecn_flags & TCP_ECN_OK))
248 return 1; 257 return 1;
@@ -256,14 +265,11 @@ static inline int TCP_ECN_rcv_ecn_echo(struct tcp_sock *tp, struct tcphdr *th)
256 265
257static void tcp_fixup_sndbuf(struct sock *sk) 266static void tcp_fixup_sndbuf(struct sock *sk)
258{ 267{
259 int sndmem = tcp_sk(sk)->rx_opt.mss_clamp + MAX_TCP_HEADER + 16 + 268 int sndmem = SKB_TRUESIZE(tcp_sk(sk)->rx_opt.mss_clamp + MAX_TCP_HEADER);
260 sizeof(struct sk_buff);
261 269
262 if (sk->sk_sndbuf < 3 * sndmem) { 270 sndmem *= TCP_INIT_CWND;
263 sk->sk_sndbuf = 3 * sndmem; 271 if (sk->sk_sndbuf < sndmem)
264 if (sk->sk_sndbuf > sysctl_tcp_wmem[2]) 272 sk->sk_sndbuf = min(sndmem, sysctl_tcp_wmem[2]);
265 sk->sk_sndbuf = sysctl_tcp_wmem[2];
266 }
267} 273}
268 274
269/* 2. Tuning advertised window (window_clamp, rcv_ssthresh) 275/* 2. Tuning advertised window (window_clamp, rcv_ssthresh)
@@ -309,7 +315,7 @@ static int __tcp_grow_window(const struct sock *sk, const struct sk_buff *skb)
309 return 0; 315 return 0;
310} 316}
311 317
312static void tcp_grow_window(struct sock *sk, struct sk_buff *skb) 318static void tcp_grow_window(struct sock *sk, const struct sk_buff *skb)
313{ 319{
314 struct tcp_sock *tp = tcp_sk(sk); 320 struct tcp_sock *tp = tcp_sk(sk);
315 321
@@ -339,17 +345,24 @@ static void tcp_grow_window(struct sock *sk, struct sk_buff *skb)
339 345
340static void tcp_fixup_rcvbuf(struct sock *sk) 346static void tcp_fixup_rcvbuf(struct sock *sk)
341{ 347{
342 struct tcp_sock *tp = tcp_sk(sk); 348 u32 mss = tcp_sk(sk)->advmss;
343 int rcvmem = tp->advmss + MAX_TCP_HEADER + 16 + sizeof(struct sk_buff); 349 u32 icwnd = TCP_DEFAULT_INIT_RCVWND;
350 int rcvmem;
344 351
345 /* Try to select rcvbuf so that 4 mss-sized segments 352 /* Limit to 10 segments if mss <= 1460,
346 * will fit to window and corresponding skbs will fit to our rcvbuf. 353 * or 14600/mss segments, with a minimum of two segments.
347 * (was 3; 4 is minimum to allow fast retransmit to work.)
348 */ 354 */
349 while (tcp_win_from_space(rcvmem) < tp->advmss) 355 if (mss > 1460)
356 icwnd = max_t(u32, (1460 * TCP_DEFAULT_INIT_RCVWND) / mss, 2);
357
358 rcvmem = SKB_TRUESIZE(mss + MAX_TCP_HEADER);
359 while (tcp_win_from_space(rcvmem) < mss)
350 rcvmem += 128; 360 rcvmem += 128;
351 if (sk->sk_rcvbuf < 4 * rcvmem) 361
352 sk->sk_rcvbuf = min(4 * rcvmem, sysctl_tcp_rmem[2]); 362 rcvmem *= icwnd;
363
364 if (sk->sk_rcvbuf < rcvmem)
365 sk->sk_rcvbuf = min(rcvmem, sysctl_tcp_rmem[2]);
353} 366}
354 367
355/* 4. Try to fixup all. It is made immediately after connection enters 368/* 4. Try to fixup all. It is made immediately after connection enters
@@ -416,7 +429,7 @@ static void tcp_clamp_window(struct sock *sk)
416 */ 429 */
417void tcp_initialize_rcv_mss(struct sock *sk) 430void tcp_initialize_rcv_mss(struct sock *sk)
418{ 431{
419 struct tcp_sock *tp = tcp_sk(sk); 432 const struct tcp_sock *tp = tcp_sk(sk);
420 unsigned int hint = min_t(unsigned int, tp->advmss, tp->mss_cache); 433 unsigned int hint = min_t(unsigned int, tp->advmss, tp->mss_cache);
421 434
422 hint = min(hint, tp->rcv_wnd / 2); 435 hint = min(hint, tp->rcv_wnd / 2);
@@ -531,8 +544,7 @@ void tcp_rcv_space_adjust(struct sock *sk)
531 space /= tp->advmss; 544 space /= tp->advmss;
532 if (!space) 545 if (!space)
533 space = 1; 546 space = 1;
534 rcvmem = (tp->advmss + MAX_TCP_HEADER + 547 rcvmem = SKB_TRUESIZE(tp->advmss + MAX_TCP_HEADER);
535 16 + sizeof(struct sk_buff));
536 while (tcp_win_from_space(rcvmem) < tp->advmss) 548 while (tcp_win_from_space(rcvmem) < tp->advmss)
537 rcvmem += 128; 549 rcvmem += 128;
538 space *= rcvmem; 550 space *= rcvmem;
@@ -812,7 +824,7 @@ void tcp_update_metrics(struct sock *sk)
812 } 824 }
813} 825}
814 826
815__u32 tcp_init_cwnd(struct tcp_sock *tp, struct dst_entry *dst) 827__u32 tcp_init_cwnd(const struct tcp_sock *tp, const struct dst_entry *dst)
816{ 828{
817 __u32 cwnd = (dst ? dst_metric(dst, RTAX_INITCWND) : 0); 829 __u32 cwnd = (dst ? dst_metric(dst, RTAX_INITCWND) : 0);
818 830
@@ -1124,7 +1136,7 @@ static int tcp_is_sackblock_valid(struct tcp_sock *tp, int is_dsack,
1124 return 0; 1136 return 0;
1125 1137
1126 /* ...Then it's D-SACK, and must reside below snd_una completely */ 1138 /* ...Then it's D-SACK, and must reside below snd_una completely */
1127 if (!after(end_seq, tp->snd_una)) 1139 if (after(end_seq, tp->snd_una))
1128 return 0; 1140 return 0;
1129 1141
1130 if (!before(start_seq, tp->undo_marker)) 1142 if (!before(start_seq, tp->undo_marker))
@@ -1204,7 +1216,7 @@ static void tcp_mark_lost_retrans(struct sock *sk)
1204 tp->lost_retrans_low = new_low_seq; 1216 tp->lost_retrans_low = new_low_seq;
1205} 1217}
1206 1218
1207static int tcp_check_dsack(struct sock *sk, struct sk_buff *ack_skb, 1219static int tcp_check_dsack(struct sock *sk, const struct sk_buff *ack_skb,
1208 struct tcp_sack_block_wire *sp, int num_sacks, 1220 struct tcp_sack_block_wire *sp, int num_sacks,
1209 u32 prior_snd_una) 1221 u32 prior_snd_una)
1210{ 1222{
@@ -1298,7 +1310,7 @@ static int tcp_match_skb_to_sack(struct sock *sk, struct sk_buff *skb,
1298 return in_sack; 1310 return in_sack;
1299} 1311}
1300 1312
1301static u8 tcp_sacktag_one(struct sk_buff *skb, struct sock *sk, 1313static u8 tcp_sacktag_one(const struct sk_buff *skb, struct sock *sk,
1302 struct tcp_sacktag_state *state, 1314 struct tcp_sacktag_state *state,
1303 int dup_sack, int pcount) 1315 int dup_sack, int pcount)
1304{ 1316{
@@ -1389,9 +1401,7 @@ static int tcp_shifted_skb(struct sock *sk, struct sk_buff *skb,
1389 1401
1390 BUG_ON(!pcount); 1402 BUG_ON(!pcount);
1391 1403
1392 /* Tweak before seqno plays */ 1404 if (skb == tp->lost_skb_hint)
1393 if (!tcp_is_fack(tp) && tcp_is_sack(tp) && tp->lost_skb_hint &&
1394 !before(TCP_SKB_CB(tp->lost_skb_hint)->seq, TCP_SKB_CB(skb)->seq))
1395 tp->lost_cnt_hint += pcount; 1405 tp->lost_cnt_hint += pcount;
1396 1406
1397 TCP_SKB_CB(prev)->end_seq += shifted; 1407 TCP_SKB_CB(prev)->end_seq += shifted;
@@ -1440,7 +1450,7 @@ static int tcp_shifted_skb(struct sock *sk, struct sk_buff *skb,
1440 tp->lost_cnt_hint -= tcp_skb_pcount(prev); 1450 tp->lost_cnt_hint -= tcp_skb_pcount(prev);
1441 } 1451 }
1442 1452
1443 TCP_SKB_CB(skb)->flags |= TCP_SKB_CB(prev)->flags; 1453 TCP_SKB_CB(skb)->tcp_flags |= TCP_SKB_CB(prev)->tcp_flags;
1444 if (skb == tcp_highest_sack(sk)) 1454 if (skb == tcp_highest_sack(sk))
1445 tcp_advance_highest_sack(sk, skb); 1455 tcp_advance_highest_sack(sk, skb);
1446 1456
@@ -1455,13 +1465,13 @@ static int tcp_shifted_skb(struct sock *sk, struct sk_buff *skb,
1455/* I wish gso_size would have a bit more sane initialization than 1465/* I wish gso_size would have a bit more sane initialization than
1456 * something-or-zero which complicates things 1466 * something-or-zero which complicates things
1457 */ 1467 */
1458static int tcp_skb_seglen(struct sk_buff *skb) 1468static int tcp_skb_seglen(const struct sk_buff *skb)
1459{ 1469{
1460 return tcp_skb_pcount(skb) == 1 ? skb->len : tcp_skb_mss(skb); 1470 return tcp_skb_pcount(skb) == 1 ? skb->len : tcp_skb_mss(skb);
1461} 1471}
1462 1472
1463/* Shifting pages past head area doesn't work */ 1473/* Shifting pages past head area doesn't work */
1464static int skb_can_shift(struct sk_buff *skb) 1474static int skb_can_shift(const struct sk_buff *skb)
1465{ 1475{
1466 return !skb_headlen(skb) && skb_is_nonlinear(skb); 1476 return !skb_headlen(skb) && skb_is_nonlinear(skb);
1467} 1477}
@@ -1710,19 +1720,19 @@ static struct sk_buff *tcp_maybe_skipping_dsack(struct sk_buff *skb,
1710 return skb; 1720 return skb;
1711} 1721}
1712 1722
1713static int tcp_sack_cache_ok(struct tcp_sock *tp, struct tcp_sack_block *cache) 1723static int tcp_sack_cache_ok(const struct tcp_sock *tp, const struct tcp_sack_block *cache)
1714{ 1724{
1715 return cache < tp->recv_sack_cache + ARRAY_SIZE(tp->recv_sack_cache); 1725 return cache < tp->recv_sack_cache + ARRAY_SIZE(tp->recv_sack_cache);
1716} 1726}
1717 1727
1718static int 1728static int
1719tcp_sacktag_write_queue(struct sock *sk, struct sk_buff *ack_skb, 1729tcp_sacktag_write_queue(struct sock *sk, const struct sk_buff *ack_skb,
1720 u32 prior_snd_una) 1730 u32 prior_snd_una)
1721{ 1731{
1722 const struct inet_connection_sock *icsk = inet_csk(sk); 1732 const struct inet_connection_sock *icsk = inet_csk(sk);
1723 struct tcp_sock *tp = tcp_sk(sk); 1733 struct tcp_sock *tp = tcp_sk(sk);
1724 unsigned char *ptr = (skb_transport_header(ack_skb) + 1734 const unsigned char *ptr = (skb_transport_header(ack_skb) +
1725 TCP_SKB_CB(ack_skb)->sacked); 1735 TCP_SKB_CB(ack_skb)->sacked);
1726 struct tcp_sack_block_wire *sp_wire = (struct tcp_sack_block_wire *)(ptr+2); 1736 struct tcp_sack_block_wire *sp_wire = (struct tcp_sack_block_wire *)(ptr+2);
1727 struct tcp_sack_block sp[TCP_NUM_SACKS]; 1737 struct tcp_sack_block sp[TCP_NUM_SACKS];
1728 struct tcp_sack_block *cache; 1738 struct tcp_sack_block *cache;
@@ -2286,7 +2296,7 @@ static int tcp_check_sack_reneging(struct sock *sk, int flag)
2286 return 0; 2296 return 0;
2287} 2297}
2288 2298
2289static inline int tcp_fackets_out(struct tcp_sock *tp) 2299static inline int tcp_fackets_out(const struct tcp_sock *tp)
2290{ 2300{
2291 return tcp_is_reno(tp) ? tp->sacked_out + 1 : tp->fackets_out; 2301 return tcp_is_reno(tp) ? tp->sacked_out + 1 : tp->fackets_out;
2292} 2302}
@@ -2306,19 +2316,20 @@ static inline int tcp_fackets_out(struct tcp_sock *tp)
2306 * they differ. Since neither occurs due to loss, TCP should really 2316 * they differ. Since neither occurs due to loss, TCP should really
2307 * ignore them. 2317 * ignore them.
2308 */ 2318 */
2309static inline int tcp_dupack_heuristics(struct tcp_sock *tp) 2319static inline int tcp_dupack_heuristics(const struct tcp_sock *tp)
2310{ 2320{
2311 return tcp_is_fack(tp) ? tp->fackets_out : tp->sacked_out + 1; 2321 return tcp_is_fack(tp) ? tp->fackets_out : tp->sacked_out + 1;
2312} 2322}
2313 2323
2314static inline int tcp_skb_timedout(struct sock *sk, struct sk_buff *skb) 2324static inline int tcp_skb_timedout(const struct sock *sk,
2325 const struct sk_buff *skb)
2315{ 2326{
2316 return tcp_time_stamp - TCP_SKB_CB(skb)->when > inet_csk(sk)->icsk_rto; 2327 return tcp_time_stamp - TCP_SKB_CB(skb)->when > inet_csk(sk)->icsk_rto;
2317} 2328}
2318 2329
2319static inline int tcp_head_timedout(struct sock *sk) 2330static inline int tcp_head_timedout(const struct sock *sk)
2320{ 2331{
2321 struct tcp_sock *tp = tcp_sk(sk); 2332 const struct tcp_sock *tp = tcp_sk(sk);
2322 2333
2323 return tp->packets_out && 2334 return tp->packets_out &&
2324 tcp_skb_timedout(sk, tcp_write_queue_head(sk)); 2335 tcp_skb_timedout(sk, tcp_write_queue_head(sk));
@@ -2629,7 +2640,7 @@ static void tcp_cwnd_down(struct sock *sk, int flag)
2629/* Nothing was retransmitted or returned timestamp is less 2640/* Nothing was retransmitted or returned timestamp is less
2630 * than timestamp of the first retransmission. 2641 * than timestamp of the first retransmission.
2631 */ 2642 */
2632static inline int tcp_packet_delayed(struct tcp_sock *tp) 2643static inline int tcp_packet_delayed(const struct tcp_sock *tp)
2633{ 2644{
2634 return !tp->retrans_stamp || 2645 return !tp->retrans_stamp ||
2635 (tp->rx_opt.saw_tstamp && tp->rx_opt.rcv_tsecr && 2646 (tp->rx_opt.saw_tstamp && tp->rx_opt.rcv_tsecr &&
@@ -2690,7 +2701,7 @@ static void tcp_undo_cwr(struct sock *sk, const bool undo_ssthresh)
2690 tp->snd_cwnd_stamp = tcp_time_stamp; 2701 tp->snd_cwnd_stamp = tcp_time_stamp;
2691} 2702}
2692 2703
2693static inline int tcp_may_undo(struct tcp_sock *tp) 2704static inline int tcp_may_undo(const struct tcp_sock *tp)
2694{ 2705{
2695 return tp->undo_marker && (!tp->undo_retrans || tcp_packet_delayed(tp)); 2706 return tp->undo_marker && (!tp->undo_retrans || tcp_packet_delayed(tp));
2696} 2707}
@@ -2754,9 +2765,9 @@ static void tcp_try_undo_dsack(struct sock *sk)
2754 * that successive retransmissions of a segment must not advance 2765 * that successive retransmissions of a segment must not advance
2755 * retrans_stamp under any conditions. 2766 * retrans_stamp under any conditions.
2756 */ 2767 */
2757static int tcp_any_retrans_done(struct sock *sk) 2768static int tcp_any_retrans_done(const struct sock *sk)
2758{ 2769{
2759 struct tcp_sock *tp = tcp_sk(sk); 2770 const struct tcp_sock *tp = tcp_sk(sk);
2760 struct sk_buff *skb; 2771 struct sk_buff *skb;
2761 2772
2762 if (tp->retrans_out) 2773 if (tp->retrans_out)
@@ -2830,9 +2841,13 @@ static int tcp_try_undo_loss(struct sock *sk)
2830static inline void tcp_complete_cwr(struct sock *sk) 2841static inline void tcp_complete_cwr(struct sock *sk)
2831{ 2842{
2832 struct tcp_sock *tp = tcp_sk(sk); 2843 struct tcp_sock *tp = tcp_sk(sk);
2833 /* Do not moderate cwnd if it's already undone in cwr or recovery */ 2844
2834 if (tp->undo_marker && tp->snd_cwnd > tp->snd_ssthresh) { 2845 /* Do not moderate cwnd if it's already undone in cwr or recovery. */
2835 tp->snd_cwnd = tp->snd_ssthresh; 2846 if (tp->undo_marker) {
2847 if (inet_csk(sk)->icsk_ca_state == TCP_CA_CWR)
2848 tp->snd_cwnd = min(tp->snd_cwnd, tp->snd_ssthresh);
2849 else /* PRR */
2850 tp->snd_cwnd = tp->snd_ssthresh;
2836 tp->snd_cwnd_stamp = tcp_time_stamp; 2851 tp->snd_cwnd_stamp = tcp_time_stamp;
2837 } 2852 }
2838 tcp_ca_event(sk, CA_EVENT_COMPLETE_CWR); 2853 tcp_ca_event(sk, CA_EVENT_COMPLETE_CWR);
@@ -2950,6 +2965,38 @@ void tcp_simple_retransmit(struct sock *sk)
2950} 2965}
2951EXPORT_SYMBOL(tcp_simple_retransmit); 2966EXPORT_SYMBOL(tcp_simple_retransmit);
2952 2967
2968/* This function implements the PRR algorithm, specifcally the PRR-SSRB
2969 * (proportional rate reduction with slow start reduction bound) as described in
2970 * http://www.ietf.org/id/draft-mathis-tcpm-proportional-rate-reduction-01.txt.
2971 * It computes the number of packets to send (sndcnt) based on packets newly
2972 * delivered:
2973 * 1) If the packets in flight is larger than ssthresh, PRR spreads the
2974 * cwnd reductions across a full RTT.
2975 * 2) If packets in flight is lower than ssthresh (such as due to excess
2976 * losses and/or application stalls), do not perform any further cwnd
2977 * reductions, but instead slow start up to ssthresh.
2978 */
2979static void tcp_update_cwnd_in_recovery(struct sock *sk, int newly_acked_sacked,
2980 int fast_rexmit, int flag)
2981{
2982 struct tcp_sock *tp = tcp_sk(sk);
2983 int sndcnt = 0;
2984 int delta = tp->snd_ssthresh - tcp_packets_in_flight(tp);
2985
2986 if (tcp_packets_in_flight(tp) > tp->snd_ssthresh) {
2987 u64 dividend = (u64)tp->snd_ssthresh * tp->prr_delivered +
2988 tp->prior_cwnd - 1;
2989 sndcnt = div_u64(dividend, tp->prior_cwnd) - tp->prr_out;
2990 } else {
2991 sndcnt = min_t(int, delta,
2992 max_t(int, tp->prr_delivered - tp->prr_out,
2993 newly_acked_sacked) + 1);
2994 }
2995
2996 sndcnt = max(sndcnt, (fast_rexmit ? 1 : 0));
2997 tp->snd_cwnd = tcp_packets_in_flight(tp) + sndcnt;
2998}
2999
2953/* Process an event, which can update packets-in-flight not trivially. 3000/* Process an event, which can update packets-in-flight not trivially.
2954 * Main goal of this function is to calculate new estimate for left_out, 3001 * Main goal of this function is to calculate new estimate for left_out,
2955 * taking into account both packets sitting in receiver's buffer and 3002 * taking into account both packets sitting in receiver's buffer and
@@ -2961,7 +3008,8 @@ EXPORT_SYMBOL(tcp_simple_retransmit);
2961 * It does _not_ decide what to send, it is made in function 3008 * It does _not_ decide what to send, it is made in function
2962 * tcp_xmit_retransmit_queue(). 3009 * tcp_xmit_retransmit_queue().
2963 */ 3010 */
2964static void tcp_fastretrans_alert(struct sock *sk, int pkts_acked, int flag) 3011static void tcp_fastretrans_alert(struct sock *sk, int pkts_acked,
3012 int newly_acked_sacked, int flag)
2965{ 3013{
2966 struct inet_connection_sock *icsk = inet_csk(sk); 3014 struct inet_connection_sock *icsk = inet_csk(sk);
2967 struct tcp_sock *tp = tcp_sk(sk); 3015 struct tcp_sock *tp = tcp_sk(sk);
@@ -3111,13 +3159,17 @@ static void tcp_fastretrans_alert(struct sock *sk, int pkts_acked, int flag)
3111 3159
3112 tp->bytes_acked = 0; 3160 tp->bytes_acked = 0;
3113 tp->snd_cwnd_cnt = 0; 3161 tp->snd_cwnd_cnt = 0;
3162 tp->prior_cwnd = tp->snd_cwnd;
3163 tp->prr_delivered = 0;
3164 tp->prr_out = 0;
3114 tcp_set_ca_state(sk, TCP_CA_Recovery); 3165 tcp_set_ca_state(sk, TCP_CA_Recovery);
3115 fast_rexmit = 1; 3166 fast_rexmit = 1;
3116 } 3167 }
3117 3168
3118 if (do_lost || (tcp_is_fack(tp) && tcp_head_timedout(sk))) 3169 if (do_lost || (tcp_is_fack(tp) && tcp_head_timedout(sk)))
3119 tcp_update_scoreboard(sk, fast_rexmit); 3170 tcp_update_scoreboard(sk, fast_rexmit);
3120 tcp_cwnd_down(sk, flag); 3171 tp->prr_delivered += newly_acked_sacked;
3172 tcp_update_cwnd_in_recovery(sk, newly_acked_sacked, fast_rexmit, flag);
3121 tcp_xmit_retransmit_queue(sk); 3173 tcp_xmit_retransmit_queue(sk);
3122} 3174}
3123 3175
@@ -3194,7 +3246,7 @@ static void tcp_cong_avoid(struct sock *sk, u32 ack, u32 in_flight)
3194 */ 3246 */
3195static void tcp_rearm_rto(struct sock *sk) 3247static void tcp_rearm_rto(struct sock *sk)
3196{ 3248{
3197 struct tcp_sock *tp = tcp_sk(sk); 3249 const struct tcp_sock *tp = tcp_sk(sk);
3198 3250
3199 if (!tp->packets_out) { 3251 if (!tp->packets_out) {
3200 inet_csk_clear_xmit_timer(sk, ICSK_TIME_RETRANS); 3252 inet_csk_clear_xmit_timer(sk, ICSK_TIME_RETRANS);
@@ -3298,7 +3350,7 @@ static int tcp_clean_rtx_queue(struct sock *sk, int prior_fackets,
3298 * connection startup slow start one packet too 3350 * connection startup slow start one packet too
3299 * quickly. This is severely frowned upon behavior. 3351 * quickly. This is severely frowned upon behavior.
3300 */ 3352 */
3301 if (!(scb->flags & TCPHDR_SYN)) { 3353 if (!(scb->tcp_flags & TCPHDR_SYN)) {
3302 flag |= FLAG_DATA_ACKED; 3354 flag |= FLAG_DATA_ACKED;
3303 } else { 3355 } else {
3304 flag |= FLAG_SYN_ACKED; 3356 flag |= FLAG_SYN_ACKED;
@@ -3446,7 +3498,7 @@ static inline int tcp_may_update_window(const struct tcp_sock *tp,
3446 * Window update algorithm, described in RFC793/RFC1122 (used in linux-2.2 3498 * Window update algorithm, described in RFC793/RFC1122 (used in linux-2.2
3447 * and in FreeBSD. NetBSD's one is even worse.) is wrong. 3499 * and in FreeBSD. NetBSD's one is even worse.) is wrong.
3448 */ 3500 */
3449static int tcp_ack_update_window(struct sock *sk, struct sk_buff *skb, u32 ack, 3501static int tcp_ack_update_window(struct sock *sk, const struct sk_buff *skb, u32 ack,
3450 u32 ack_seq) 3502 u32 ack_seq)
3451{ 3503{
3452 struct tcp_sock *tp = tcp_sk(sk); 3504 struct tcp_sock *tp = tcp_sk(sk);
@@ -3622,7 +3674,7 @@ static int tcp_process_frto(struct sock *sk, int flag)
3622} 3674}
3623 3675
3624/* This routine deals with incoming acks, but not outgoing ones. */ 3676/* This routine deals with incoming acks, but not outgoing ones. */
3625static int tcp_ack(struct sock *sk, struct sk_buff *skb, int flag) 3677static int tcp_ack(struct sock *sk, const struct sk_buff *skb, int flag)
3626{ 3678{
3627 struct inet_connection_sock *icsk = inet_csk(sk); 3679 struct inet_connection_sock *icsk = inet_csk(sk);
3628 struct tcp_sock *tp = tcp_sk(sk); 3680 struct tcp_sock *tp = tcp_sk(sk);
@@ -3632,6 +3684,8 @@ static int tcp_ack(struct sock *sk, struct sk_buff *skb, int flag)
3632 u32 prior_in_flight; 3684 u32 prior_in_flight;
3633 u32 prior_fackets; 3685 u32 prior_fackets;
3634 int prior_packets; 3686 int prior_packets;
3687 int prior_sacked = tp->sacked_out;
3688 int newly_acked_sacked = 0;
3635 int frto_cwnd = 0; 3689 int frto_cwnd = 0;
3636 3690
3637 /* If the ack is older than previous acks 3691 /* If the ack is older than previous acks
@@ -3703,6 +3757,9 @@ static int tcp_ack(struct sock *sk, struct sk_buff *skb, int flag)
3703 /* See if we can take anything off of the retransmit queue. */ 3757 /* See if we can take anything off of the retransmit queue. */
3704 flag |= tcp_clean_rtx_queue(sk, prior_fackets, prior_snd_una); 3758 flag |= tcp_clean_rtx_queue(sk, prior_fackets, prior_snd_una);
3705 3759
3760 newly_acked_sacked = (prior_packets - prior_sacked) -
3761 (tp->packets_out - tp->sacked_out);
3762
3706 if (tp->frto_counter) 3763 if (tp->frto_counter)
3707 frto_cwnd = tcp_process_frto(sk, flag); 3764 frto_cwnd = tcp_process_frto(sk, flag);
3708 /* Guarantee sacktag reordering detection against wrap-arounds */ 3765 /* Guarantee sacktag reordering detection against wrap-arounds */
@@ -3715,7 +3772,7 @@ static int tcp_ack(struct sock *sk, struct sk_buff *skb, int flag)
3715 tcp_may_raise_cwnd(sk, flag)) 3772 tcp_may_raise_cwnd(sk, flag))
3716 tcp_cong_avoid(sk, ack, prior_in_flight); 3773 tcp_cong_avoid(sk, ack, prior_in_flight);
3717 tcp_fastretrans_alert(sk, prior_packets - tp->packets_out, 3774 tcp_fastretrans_alert(sk, prior_packets - tp->packets_out,
3718 flag); 3775 newly_acked_sacked, flag);
3719 } else { 3776 } else {
3720 if ((flag & FLAG_DATA_ACKED) && !frto_cwnd) 3777 if ((flag & FLAG_DATA_ACKED) && !frto_cwnd)
3721 tcp_cong_avoid(sk, ack, prior_in_flight); 3778 tcp_cong_avoid(sk, ack, prior_in_flight);
@@ -3754,14 +3811,14 @@ old_ack:
3754 * But, this can also be called on packets in the established flow when 3811 * But, this can also be called on packets in the established flow when
3755 * the fast version below fails. 3812 * the fast version below fails.
3756 */ 3813 */
3757void tcp_parse_options(struct sk_buff *skb, struct tcp_options_received *opt_rx, 3814void tcp_parse_options(const struct sk_buff *skb, struct tcp_options_received *opt_rx,
3758 u8 **hvpp, int estab) 3815 const u8 **hvpp, int estab)
3759{ 3816{
3760 unsigned char *ptr; 3817 const unsigned char *ptr;
3761 struct tcphdr *th = tcp_hdr(skb); 3818 const struct tcphdr *th = tcp_hdr(skb);
3762 int length = (th->doff * 4) - sizeof(struct tcphdr); 3819 int length = (th->doff * 4) - sizeof(struct tcphdr);
3763 3820
3764 ptr = (unsigned char *)(th + 1); 3821 ptr = (const unsigned char *)(th + 1);
3765 opt_rx->saw_tstamp = 0; 3822 opt_rx->saw_tstamp = 0;
3766 3823
3767 while (length > 0) { 3824 while (length > 0) {
@@ -3872,9 +3929,9 @@ void tcp_parse_options(struct sk_buff *skb, struct tcp_options_received *opt_rx,
3872} 3929}
3873EXPORT_SYMBOL(tcp_parse_options); 3930EXPORT_SYMBOL(tcp_parse_options);
3874 3931
3875static int tcp_parse_aligned_timestamp(struct tcp_sock *tp, struct tcphdr *th) 3932static int tcp_parse_aligned_timestamp(struct tcp_sock *tp, const struct tcphdr *th)
3876{ 3933{
3877 __be32 *ptr = (__be32 *)(th + 1); 3934 const __be32 *ptr = (const __be32 *)(th + 1);
3878 3935
3879 if (*ptr == htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) 3936 if (*ptr == htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16)
3880 | (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP)) { 3937 | (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP)) {
@@ -3891,8 +3948,9 @@ static int tcp_parse_aligned_timestamp(struct tcp_sock *tp, struct tcphdr *th)
3891/* Fast parse options. This hopes to only see timestamps. 3948/* Fast parse options. This hopes to only see timestamps.
3892 * If it is wrong it falls back on tcp_parse_options(). 3949 * If it is wrong it falls back on tcp_parse_options().
3893 */ 3950 */
3894static int tcp_fast_parse_options(struct sk_buff *skb, struct tcphdr *th, 3951static int tcp_fast_parse_options(const struct sk_buff *skb,
3895 struct tcp_sock *tp, u8 **hvpp) 3952 const struct tcphdr *th,
3953 struct tcp_sock *tp, const u8 **hvpp)
3896{ 3954{
3897 /* In the spirit of fast parsing, compare doff directly to constant 3955 /* In the spirit of fast parsing, compare doff directly to constant
3898 * values. Because equality is used, short doff can be ignored here. 3956 * values. Because equality is used, short doff can be ignored here.
@@ -3913,10 +3971,10 @@ static int tcp_fast_parse_options(struct sk_buff *skb, struct tcphdr *th,
3913/* 3971/*
3914 * Parse MD5 Signature option 3972 * Parse MD5 Signature option
3915 */ 3973 */
3916u8 *tcp_parse_md5sig_option(struct tcphdr *th) 3974const u8 *tcp_parse_md5sig_option(const struct tcphdr *th)
3917{ 3975{
3918 int length = (th->doff << 2) - sizeof (*th); 3976 int length = (th->doff << 2) - sizeof(*th);
3919 u8 *ptr = (u8*)(th + 1); 3977 const u8 *ptr = (const u8 *)(th + 1);
3920 3978
3921 /* If the TCP option is too short, we can short cut */ 3979 /* If the TCP option is too short, we can short cut */
3922 if (length < TCPOLEN_MD5SIG) 3980 if (length < TCPOLEN_MD5SIG)
@@ -3993,8 +4051,8 @@ static inline void tcp_replace_ts_recent(struct tcp_sock *tp, u32 seq)
3993 4051
3994static int tcp_disordered_ack(const struct sock *sk, const struct sk_buff *skb) 4052static int tcp_disordered_ack(const struct sock *sk, const struct sk_buff *skb)
3995{ 4053{
3996 struct tcp_sock *tp = tcp_sk(sk); 4054 const struct tcp_sock *tp = tcp_sk(sk);
3997 struct tcphdr *th = tcp_hdr(skb); 4055 const struct tcphdr *th = tcp_hdr(skb);
3998 u32 seq = TCP_SKB_CB(skb)->seq; 4056 u32 seq = TCP_SKB_CB(skb)->seq;
3999 u32 ack = TCP_SKB_CB(skb)->ack_seq; 4057 u32 ack = TCP_SKB_CB(skb)->ack_seq;
4000 4058
@@ -4033,7 +4091,7 @@ static inline int tcp_paws_discard(const struct sock *sk,
4033 * (borrowed from freebsd) 4091 * (borrowed from freebsd)
4034 */ 4092 */
4035 4093
4036static inline int tcp_sequence(struct tcp_sock *tp, u32 seq, u32 end_seq) 4094static inline int tcp_sequence(const struct tcp_sock *tp, u32 seq, u32 end_seq)
4037{ 4095{
4038 return !before(end_seq, tp->rcv_wup) && 4096 return !before(end_seq, tp->rcv_wup) &&
4039 !after(seq, tp->rcv_nxt + tcp_receive_window(tp)); 4097 !after(seq, tp->rcv_nxt + tcp_receive_window(tp));
@@ -4078,7 +4136,7 @@ static void tcp_reset(struct sock *sk)
4078 * 4136 *
4079 * If we are in FINWAIT-2, a received FIN moves us to TIME-WAIT. 4137 * If we are in FINWAIT-2, a received FIN moves us to TIME-WAIT.
4080 */ 4138 */
4081static void tcp_fin(struct sk_buff *skb, struct sock *sk, struct tcphdr *th) 4139static void tcp_fin(struct sock *sk)
4082{ 4140{
4083 struct tcp_sock *tp = tcp_sk(sk); 4141 struct tcp_sock *tp = tcp_sk(sk);
4084 4142
@@ -4190,7 +4248,7 @@ static void tcp_dsack_extend(struct sock *sk, u32 seq, u32 end_seq)
4190 tcp_sack_extend(tp->duplicate_sack, seq, end_seq); 4248 tcp_sack_extend(tp->duplicate_sack, seq, end_seq);
4191} 4249}
4192 4250
4193static void tcp_send_dupack(struct sock *sk, struct sk_buff *skb) 4251static void tcp_send_dupack(struct sock *sk, const struct sk_buff *skb)
4194{ 4252{
4195 struct tcp_sock *tp = tcp_sk(sk); 4253 struct tcp_sock *tp = tcp_sk(sk);
4196 4254
@@ -4349,7 +4407,7 @@ static void tcp_ofo_queue(struct sock *sk)
4349 __skb_queue_tail(&sk->sk_receive_queue, skb); 4407 __skb_queue_tail(&sk->sk_receive_queue, skb);
4350 tp->rcv_nxt = TCP_SKB_CB(skb)->end_seq; 4408 tp->rcv_nxt = TCP_SKB_CB(skb)->end_seq;
4351 if (tcp_hdr(skb)->fin) 4409 if (tcp_hdr(skb)->fin)
4352 tcp_fin(skb, sk, tcp_hdr(skb)); 4410 tcp_fin(sk);
4353 } 4411 }
4354} 4412}
4355 4413
@@ -4377,7 +4435,7 @@ static inline int tcp_try_rmem_schedule(struct sock *sk, unsigned int size)
4377 4435
4378static void tcp_data_queue(struct sock *sk, struct sk_buff *skb) 4436static void tcp_data_queue(struct sock *sk, struct sk_buff *skb)
4379{ 4437{
4380 struct tcphdr *th = tcp_hdr(skb); 4438 const struct tcphdr *th = tcp_hdr(skb);
4381 struct tcp_sock *tp = tcp_sk(sk); 4439 struct tcp_sock *tp = tcp_sk(sk);
4382 int eaten = -1; 4440 int eaten = -1;
4383 4441
@@ -4431,7 +4489,7 @@ queue_and_out:
4431 if (skb->len) 4489 if (skb->len)
4432 tcp_event_data_recv(sk, skb); 4490 tcp_event_data_recv(sk, skb);
4433 if (th->fin) 4491 if (th->fin)
4434 tcp_fin(skb, sk, th); 4492 tcp_fin(sk);
4435 4493
4436 if (!skb_queue_empty(&tp->out_of_order_queue)) { 4494 if (!skb_queue_empty(&tp->out_of_order_queue)) {
4437 tcp_ofo_queue(sk); 4495 tcp_ofo_queue(sk);
@@ -4861,9 +4919,9 @@ void tcp_cwnd_application_limited(struct sock *sk)
4861 tp->snd_cwnd_stamp = tcp_time_stamp; 4919 tp->snd_cwnd_stamp = tcp_time_stamp;
4862} 4920}
4863 4921
4864static int tcp_should_expand_sndbuf(struct sock *sk) 4922static int tcp_should_expand_sndbuf(const struct sock *sk)
4865{ 4923{
4866 struct tcp_sock *tp = tcp_sk(sk); 4924 const struct tcp_sock *tp = tcp_sk(sk);
4867 4925
4868 /* If the user specified a specific send buffer setting, do 4926 /* If the user specified a specific send buffer setting, do
4869 * not modify it. 4927 * not modify it.
@@ -4897,8 +4955,10 @@ static void tcp_new_space(struct sock *sk)
4897 struct tcp_sock *tp = tcp_sk(sk); 4955 struct tcp_sock *tp = tcp_sk(sk);
4898 4956
4899 if (tcp_should_expand_sndbuf(sk)) { 4957 if (tcp_should_expand_sndbuf(sk)) {
4900 int sndmem = max_t(u32, tp->rx_opt.mss_clamp, tp->mss_cache) + 4958 int sndmem = SKB_TRUESIZE(max_t(u32,
4901 MAX_TCP_HEADER + 16 + sizeof(struct sk_buff); 4959 tp->rx_opt.mss_clamp,
4960 tp->mss_cache) +
4961 MAX_TCP_HEADER);
4902 int demanded = max_t(unsigned int, tp->snd_cwnd, 4962 int demanded = max_t(unsigned int, tp->snd_cwnd,
4903 tp->reordering + 1); 4963 tp->reordering + 1);
4904 sndmem *= 2 * demanded; 4964 sndmem *= 2 * demanded;
@@ -4970,7 +5030,7 @@ static inline void tcp_ack_snd_check(struct sock *sk)
4970 * either form (or just set the sysctl tcp_stdurg). 5030 * either form (or just set the sysctl tcp_stdurg).
4971 */ 5031 */
4972 5032
4973static void tcp_check_urg(struct sock *sk, struct tcphdr *th) 5033static void tcp_check_urg(struct sock *sk, const struct tcphdr *th)
4974{ 5034{
4975 struct tcp_sock *tp = tcp_sk(sk); 5035 struct tcp_sock *tp = tcp_sk(sk);
4976 u32 ptr = ntohs(th->urg_ptr); 5036 u32 ptr = ntohs(th->urg_ptr);
@@ -5036,7 +5096,7 @@ static void tcp_check_urg(struct sock *sk, struct tcphdr *th)
5036} 5096}
5037 5097
5038/* This is the 'fast' part of urgent handling. */ 5098/* This is the 'fast' part of urgent handling. */
5039static void tcp_urg(struct sock *sk, struct sk_buff *skb, struct tcphdr *th) 5099static void tcp_urg(struct sock *sk, struct sk_buff *skb, const struct tcphdr *th)
5040{ 5100{
5041 struct tcp_sock *tp = tcp_sk(sk); 5101 struct tcp_sock *tp = tcp_sk(sk);
5042 5102
@@ -5157,9 +5217,9 @@ out:
5157 * play significant role here. 5217 * play significant role here.
5158 */ 5218 */
5159static int tcp_validate_incoming(struct sock *sk, struct sk_buff *skb, 5219static int tcp_validate_incoming(struct sock *sk, struct sk_buff *skb,
5160 struct tcphdr *th, int syn_inerr) 5220 const struct tcphdr *th, int syn_inerr)
5161{ 5221{
5162 u8 *hash_location; 5222 const u8 *hash_location;
5163 struct tcp_sock *tp = tcp_sk(sk); 5223 struct tcp_sock *tp = tcp_sk(sk);
5164 5224
5165 /* RFC1323: H1. Apply PAWS check first. */ 5225 /* RFC1323: H1. Apply PAWS check first. */
@@ -5240,7 +5300,7 @@ discard:
5240 * tcp_data_queue when everything is OK. 5300 * tcp_data_queue when everything is OK.
5241 */ 5301 */
5242int tcp_rcv_established(struct sock *sk, struct sk_buff *skb, 5302int tcp_rcv_established(struct sock *sk, struct sk_buff *skb,
5243 struct tcphdr *th, unsigned len) 5303 const struct tcphdr *th, unsigned int len)
5244{ 5304{
5245 struct tcp_sock *tp = tcp_sk(sk); 5305 struct tcp_sock *tp = tcp_sk(sk);
5246 int res; 5306 int res;
@@ -5451,9 +5511,9 @@ discard:
5451EXPORT_SYMBOL(tcp_rcv_established); 5511EXPORT_SYMBOL(tcp_rcv_established);
5452 5512
5453static int tcp_rcv_synsent_state_process(struct sock *sk, struct sk_buff *skb, 5513static int tcp_rcv_synsent_state_process(struct sock *sk, struct sk_buff *skb,
5454 struct tcphdr *th, unsigned len) 5514 const struct tcphdr *th, unsigned int len)
5455{ 5515{
5456 u8 *hash_location; 5516 const u8 *hash_location;
5457 struct inet_connection_sock *icsk = inet_csk(sk); 5517 struct inet_connection_sock *icsk = inet_csk(sk);
5458 struct tcp_sock *tp = tcp_sk(sk); 5518 struct tcp_sock *tp = tcp_sk(sk);
5459 struct tcp_cookie_values *cvp = tp->cookie_values; 5519 struct tcp_cookie_values *cvp = tp->cookie_values;
@@ -5728,7 +5788,7 @@ reset_and_undo:
5728 */ 5788 */
5729 5789
5730int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, 5790int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
5731 struct tcphdr *th, unsigned len) 5791 const struct tcphdr *th, unsigned int len)
5732{ 5792{
5733 struct tcp_sock *tp = tcp_sk(sk); 5793 struct tcp_sock *tp = tcp_sk(sk);
5734 struct inet_connection_sock *icsk = inet_csk(sk); 5794 struct inet_connection_sock *icsk = inet_csk(sk);
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 955b8e65b69e..0ea10eefa60f 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -72,6 +72,7 @@
72#include <net/timewait_sock.h> 72#include <net/timewait_sock.h>
73#include <net/xfrm.h> 73#include <net/xfrm.h>
74#include <net/netdma.h> 74#include <net/netdma.h>
75#include <net/secure_seq.h>
75 76
76#include <linux/inet.h> 77#include <linux/inet.h>
77#include <linux/ipv6.h> 78#include <linux/ipv6.h>
@@ -91,7 +92,7 @@ EXPORT_SYMBOL(sysctl_tcp_low_latency);
91static struct tcp_md5sig_key *tcp_v4_md5_do_lookup(struct sock *sk, 92static struct tcp_md5sig_key *tcp_v4_md5_do_lookup(struct sock *sk,
92 __be32 addr); 93 __be32 addr);
93static int tcp_v4_md5_hash_hdr(char *md5_hash, struct tcp_md5sig_key *key, 94static int tcp_v4_md5_hash_hdr(char *md5_hash, struct tcp_md5sig_key *key,
94 __be32 daddr, __be32 saddr, struct tcphdr *th); 95 __be32 daddr, __be32 saddr, const struct tcphdr *th);
95#else 96#else
96static inline 97static inline
97struct tcp_md5sig_key *tcp_v4_md5_do_lookup(struct sock *sk, __be32 addr) 98struct tcp_md5sig_key *tcp_v4_md5_do_lookup(struct sock *sk, __be32 addr)
@@ -103,7 +104,7 @@ struct tcp_md5sig_key *tcp_v4_md5_do_lookup(struct sock *sk, __be32 addr)
103struct inet_hashinfo tcp_hashinfo; 104struct inet_hashinfo tcp_hashinfo;
104EXPORT_SYMBOL(tcp_hashinfo); 105EXPORT_SYMBOL(tcp_hashinfo);
105 106
106static inline __u32 tcp_v4_init_sequence(struct sk_buff *skb) 107static inline __u32 tcp_v4_init_sequence(const struct sk_buff *skb)
107{ 108{
108 return secure_tcp_sequence_number(ip_hdr(skb)->daddr, 109 return secure_tcp_sequence_number(ip_hdr(skb)->daddr,
109 ip_hdr(skb)->saddr, 110 ip_hdr(skb)->saddr,
@@ -551,7 +552,7 @@ static void __tcp_v4_send_check(struct sk_buff *skb,
551/* This routine computes an IPv4 TCP checksum. */ 552/* This routine computes an IPv4 TCP checksum. */
552void tcp_v4_send_check(struct sock *sk, struct sk_buff *skb) 553void tcp_v4_send_check(struct sock *sk, struct sk_buff *skb)
553{ 554{
554 struct inet_sock *inet = inet_sk(sk); 555 const struct inet_sock *inet = inet_sk(sk);
555 556
556 __tcp_v4_send_check(skb, inet->inet_saddr, inet->inet_daddr); 557 __tcp_v4_send_check(skb, inet->inet_saddr, inet->inet_daddr);
557} 558}
@@ -589,7 +590,7 @@ int tcp_v4_gso_send_check(struct sk_buff *skb)
589 590
590static void tcp_v4_send_reset(struct sock *sk, struct sk_buff *skb) 591static void tcp_v4_send_reset(struct sock *sk, struct sk_buff *skb)
591{ 592{
592 struct tcphdr *th = tcp_hdr(skb); 593 const struct tcphdr *th = tcp_hdr(skb);
593 struct { 594 struct {
594 struct tcphdr th; 595 struct tcphdr th;
595#ifdef CONFIG_TCP_MD5SIG 596#ifdef CONFIG_TCP_MD5SIG
@@ -651,6 +652,7 @@ static void tcp_v4_send_reset(struct sock *sk, struct sk_buff *skb)
651 arg.flags = (sk && inet_sk(sk)->transparent) ? IP_REPLY_ARG_NOSRCCHECK : 0; 652 arg.flags = (sk && inet_sk(sk)->transparent) ? IP_REPLY_ARG_NOSRCCHECK : 0;
652 653
653 net = dev_net(skb_dst(skb)->dev); 654 net = dev_net(skb_dst(skb)->dev);
655 arg.tos = ip_hdr(skb)->tos;
654 ip_send_reply(net->ipv4.tcp_sock, skb, ip_hdr(skb)->saddr, 656 ip_send_reply(net->ipv4.tcp_sock, skb, ip_hdr(skb)->saddr,
655 &arg, arg.iov[0].iov_len); 657 &arg, arg.iov[0].iov_len);
656 658
@@ -665,9 +667,9 @@ static void tcp_v4_send_reset(struct sock *sk, struct sk_buff *skb)
665static void tcp_v4_send_ack(struct sk_buff *skb, u32 seq, u32 ack, 667static void tcp_v4_send_ack(struct sk_buff *skb, u32 seq, u32 ack,
666 u32 win, u32 ts, int oif, 668 u32 win, u32 ts, int oif,
667 struct tcp_md5sig_key *key, 669 struct tcp_md5sig_key *key,
668 int reply_flags) 670 int reply_flags, u8 tos)
669{ 671{
670 struct tcphdr *th = tcp_hdr(skb); 672 const struct tcphdr *th = tcp_hdr(skb);
671 struct { 673 struct {
672 struct tcphdr th; 674 struct tcphdr th;
673 __be32 opt[(TCPOLEN_TSTAMP_ALIGNED >> 2) 675 __be32 opt[(TCPOLEN_TSTAMP_ALIGNED >> 2)
@@ -725,7 +727,7 @@ static void tcp_v4_send_ack(struct sk_buff *skb, u32 seq, u32 ack,
725 arg.csumoffset = offsetof(struct tcphdr, check) / 2; 727 arg.csumoffset = offsetof(struct tcphdr, check) / 2;
726 if (oif) 728 if (oif)
727 arg.bound_dev_if = oif; 729 arg.bound_dev_if = oif;
728 730 arg.tos = tos;
729 ip_send_reply(net->ipv4.tcp_sock, skb, ip_hdr(skb)->saddr, 731 ip_send_reply(net->ipv4.tcp_sock, skb, ip_hdr(skb)->saddr,
730 &arg, arg.iov[0].iov_len); 732 &arg, arg.iov[0].iov_len);
731 733
@@ -742,7 +744,8 @@ static void tcp_v4_timewait_ack(struct sock *sk, struct sk_buff *skb)
742 tcptw->tw_ts_recent, 744 tcptw->tw_ts_recent,
743 tw->tw_bound_dev_if, 745 tw->tw_bound_dev_if,
744 tcp_twsk_md5_key(tcptw), 746 tcp_twsk_md5_key(tcptw),
745 tw->tw_transparent ? IP_REPLY_ARG_NOSRCCHECK : 0 747 tw->tw_transparent ? IP_REPLY_ARG_NOSRCCHECK : 0,
748 tw->tw_tos
746 ); 749 );
747 750
748 inet_twsk_put(tw); 751 inet_twsk_put(tw);
@@ -756,7 +759,8 @@ static void tcp_v4_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
756 req->ts_recent, 759 req->ts_recent,
757 0, 760 0,
758 tcp_v4_md5_do_lookup(sk, ip_hdr(skb)->daddr), 761 tcp_v4_md5_do_lookup(sk, ip_hdr(skb)->daddr),
759 inet_rsk(req)->no_srccheck ? IP_REPLY_ARG_NOSRCCHECK : 0); 762 inet_rsk(req)->no_srccheck ? IP_REPLY_ARG_NOSRCCHECK : 0,
763 ip_hdr(skb)->tos);
760} 764}
761 765
762/* 766/*
@@ -807,20 +811,38 @@ static void tcp_v4_reqsk_destructor(struct request_sock *req)
807 kfree(inet_rsk(req)->opt); 811 kfree(inet_rsk(req)->opt);
808} 812}
809 813
810static void syn_flood_warning(const struct sk_buff *skb) 814/*
815 * Return 1 if a syncookie should be sent
816 */
817int tcp_syn_flood_action(struct sock *sk,
818 const struct sk_buff *skb,
819 const char *proto)
811{ 820{
812 const char *msg; 821 const char *msg = "Dropping request";
822 int want_cookie = 0;
823 struct listen_sock *lopt;
824
825
813 826
814#ifdef CONFIG_SYN_COOKIES 827#ifdef CONFIG_SYN_COOKIES
815 if (sysctl_tcp_syncookies) 828 if (sysctl_tcp_syncookies) {
816 msg = "Sending cookies"; 829 msg = "Sending cookies";
817 else 830 want_cookie = 1;
831 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPREQQFULLDOCOOKIES);
832 } else
818#endif 833#endif
819 msg = "Dropping request"; 834 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPREQQFULLDROP);
820 835
821 pr_info("TCP: Possible SYN flooding on port %d. %s.\n", 836 lopt = inet_csk(sk)->icsk_accept_queue.listen_opt;
822 ntohs(tcp_hdr(skb)->dest), msg); 837 if (!lopt->synflood_warned) {
838 lopt->synflood_warned = 1;
839 pr_info("%s: Possible SYN flooding on port %d. %s. "
840 " Check SNMP counters.\n",
841 proto, ntohs(tcp_hdr(skb)->dest), msg);
842 }
843 return want_cookie;
823} 844}
845EXPORT_SYMBOL(tcp_syn_flood_action);
824 846
825/* 847/*
826 * Save and compile IPv4 options into the request_sock if needed. 848 * Save and compile IPv4 options into the request_sock if needed.
@@ -908,18 +930,21 @@ int tcp_v4_md5_do_add(struct sock *sk, __be32 addr,
908 } 930 }
909 sk_nocaps_add(sk, NETIF_F_GSO_MASK); 931 sk_nocaps_add(sk, NETIF_F_GSO_MASK);
910 } 932 }
911 if (tcp_alloc_md5sig_pool(sk) == NULL) { 933
934 md5sig = tp->md5sig_info;
935 if (md5sig->entries4 == 0 &&
936 tcp_alloc_md5sig_pool(sk) == NULL) {
912 kfree(newkey); 937 kfree(newkey);
913 return -ENOMEM; 938 return -ENOMEM;
914 } 939 }
915 md5sig = tp->md5sig_info;
916 940
917 if (md5sig->alloced4 == md5sig->entries4) { 941 if (md5sig->alloced4 == md5sig->entries4) {
918 keys = kmalloc((sizeof(*keys) * 942 keys = kmalloc((sizeof(*keys) *
919 (md5sig->entries4 + 1)), GFP_ATOMIC); 943 (md5sig->entries4 + 1)), GFP_ATOMIC);
920 if (!keys) { 944 if (!keys) {
921 kfree(newkey); 945 kfree(newkey);
922 tcp_free_md5sig_pool(); 946 if (md5sig->entries4 == 0)
947 tcp_free_md5sig_pool();
923 return -ENOMEM; 948 return -ENOMEM;
924 } 949 }
925 950
@@ -963,6 +988,7 @@ int tcp_v4_md5_do_del(struct sock *sk, __be32 addr)
963 kfree(tp->md5sig_info->keys4); 988 kfree(tp->md5sig_info->keys4);
964 tp->md5sig_info->keys4 = NULL; 989 tp->md5sig_info->keys4 = NULL;
965 tp->md5sig_info->alloced4 = 0; 990 tp->md5sig_info->alloced4 = 0;
991 tcp_free_md5sig_pool();
966 } else if (tp->md5sig_info->entries4 != i) { 992 } else if (tp->md5sig_info->entries4 != i) {
967 /* Need to do some manipulation */ 993 /* Need to do some manipulation */
968 memmove(&tp->md5sig_info->keys4[i], 994 memmove(&tp->md5sig_info->keys4[i],
@@ -970,7 +996,6 @@ int tcp_v4_md5_do_del(struct sock *sk, __be32 addr)
970 (tp->md5sig_info->entries4 - i) * 996 (tp->md5sig_info->entries4 - i) *
971 sizeof(struct tcp4_md5sig_key)); 997 sizeof(struct tcp4_md5sig_key));
972 } 998 }
973 tcp_free_md5sig_pool();
974 return 0; 999 return 0;
975 } 1000 }
976 } 1001 }
@@ -1068,7 +1093,7 @@ static int tcp_v4_md5_hash_pseudoheader(struct tcp_md5sig_pool *hp,
1068} 1093}
1069 1094
1070static int tcp_v4_md5_hash_hdr(char *md5_hash, struct tcp_md5sig_key *key, 1095static int tcp_v4_md5_hash_hdr(char *md5_hash, struct tcp_md5sig_key *key,
1071 __be32 daddr, __be32 saddr, struct tcphdr *th) 1096 __be32 daddr, __be32 saddr, const struct tcphdr *th)
1072{ 1097{
1073 struct tcp_md5sig_pool *hp; 1098 struct tcp_md5sig_pool *hp;
1074 struct hash_desc *desc; 1099 struct hash_desc *desc;
@@ -1100,12 +1125,12 @@ clear_hash_noput:
1100} 1125}
1101 1126
1102int tcp_v4_md5_hash_skb(char *md5_hash, struct tcp_md5sig_key *key, 1127int tcp_v4_md5_hash_skb(char *md5_hash, struct tcp_md5sig_key *key,
1103 struct sock *sk, struct request_sock *req, 1128 const struct sock *sk, const struct request_sock *req,
1104 struct sk_buff *skb) 1129 const struct sk_buff *skb)
1105{ 1130{
1106 struct tcp_md5sig_pool *hp; 1131 struct tcp_md5sig_pool *hp;
1107 struct hash_desc *desc; 1132 struct hash_desc *desc;
1108 struct tcphdr *th = tcp_hdr(skb); 1133 const struct tcphdr *th = tcp_hdr(skb);
1109 __be32 saddr, daddr; 1134 __be32 saddr, daddr;
1110 1135
1111 if (sk) { 1136 if (sk) {
@@ -1150,7 +1175,7 @@ clear_hash_noput:
1150} 1175}
1151EXPORT_SYMBOL(tcp_v4_md5_hash_skb); 1176EXPORT_SYMBOL(tcp_v4_md5_hash_skb);
1152 1177
1153static int tcp_v4_inbound_md5_hash(struct sock *sk, struct sk_buff *skb) 1178static int tcp_v4_inbound_md5_hash(struct sock *sk, const struct sk_buff *skb)
1154{ 1179{
1155 /* 1180 /*
1156 * This gets called for each TCP segment that arrives 1181 * This gets called for each TCP segment that arrives
@@ -1160,10 +1185,10 @@ static int tcp_v4_inbound_md5_hash(struct sock *sk, struct sk_buff *skb)
1160 * o MD5 hash and we're not expecting one. 1185 * o MD5 hash and we're not expecting one.
1161 * o MD5 hash and its wrong. 1186 * o MD5 hash and its wrong.
1162 */ 1187 */
1163 __u8 *hash_location = NULL; 1188 const __u8 *hash_location = NULL;
1164 struct tcp_md5sig_key *hash_expected; 1189 struct tcp_md5sig_key *hash_expected;
1165 const struct iphdr *iph = ip_hdr(skb); 1190 const struct iphdr *iph = ip_hdr(skb);
1166 struct tcphdr *th = tcp_hdr(skb); 1191 const struct tcphdr *th = tcp_hdr(skb);
1167 int genhash; 1192 int genhash;
1168 unsigned char newhash[16]; 1193 unsigned char newhash[16];
1169 1194
@@ -1226,7 +1251,7 @@ int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
1226{ 1251{
1227 struct tcp_extend_values tmp_ext; 1252 struct tcp_extend_values tmp_ext;
1228 struct tcp_options_received tmp_opt; 1253 struct tcp_options_received tmp_opt;
1229 u8 *hash_location; 1254 const u8 *hash_location;
1230 struct request_sock *req; 1255 struct request_sock *req;
1231 struct inet_request_sock *ireq; 1256 struct inet_request_sock *ireq;
1232 struct tcp_sock *tp = tcp_sk(sk); 1257 struct tcp_sock *tp = tcp_sk(sk);
@@ -1234,11 +1259,7 @@ int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
1234 __be32 saddr = ip_hdr(skb)->saddr; 1259 __be32 saddr = ip_hdr(skb)->saddr;
1235 __be32 daddr = ip_hdr(skb)->daddr; 1260 __be32 daddr = ip_hdr(skb)->daddr;
1236 __u32 isn = TCP_SKB_CB(skb)->when; 1261 __u32 isn = TCP_SKB_CB(skb)->when;
1237#ifdef CONFIG_SYN_COOKIES
1238 int want_cookie = 0; 1262 int want_cookie = 0;
1239#else
1240#define want_cookie 0 /* Argh, why doesn't gcc optimize this :( */
1241#endif
1242 1263
1243 /* Never answer to SYNs send to broadcast or multicast */ 1264 /* Never answer to SYNs send to broadcast or multicast */
1244 if (skb_rtable(skb)->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST)) 1265 if (skb_rtable(skb)->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST))
@@ -1249,14 +1270,9 @@ int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
1249 * evidently real one. 1270 * evidently real one.
1250 */ 1271 */
1251 if (inet_csk_reqsk_queue_is_full(sk) && !isn) { 1272 if (inet_csk_reqsk_queue_is_full(sk) && !isn) {
1252 if (net_ratelimit()) 1273 want_cookie = tcp_syn_flood_action(sk, skb, "TCP");
1253 syn_flood_warning(skb); 1274 if (!want_cookie)
1254#ifdef CONFIG_SYN_COOKIES 1275 goto drop;
1255 if (sysctl_tcp_syncookies) {
1256 want_cookie = 1;
1257 } else
1258#endif
1259 goto drop;
1260 } 1276 }
1261 1277
1262 /* Accept backlog is full. If we have already queued enough 1278 /* Accept backlog is full. If we have already queued enough
@@ -1302,9 +1318,7 @@ int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
1302 while (l-- > 0) 1318 while (l-- > 0)
1303 *c++ ^= *hash_location++; 1319 *c++ ^= *hash_location++;
1304 1320
1305#ifdef CONFIG_SYN_COOKIES
1306 want_cookie = 0; /* not our kind of cookie */ 1321 want_cookie = 0; /* not our kind of cookie */
1307#endif
1308 tmp_ext.cookie_out_never = 0; /* false */ 1322 tmp_ext.cookie_out_never = 0; /* false */
1309 tmp_ext.cookie_plus = tmp_opt.cookie_plus; 1323 tmp_ext.cookie_plus = tmp_opt.cookie_plus;
1310 } else if (!tp->rx_opt.cookie_in_always) { 1324 } else if (!tp->rx_opt.cookie_in_always) {
@@ -1577,7 +1591,7 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb)
1577#endif 1591#endif
1578 1592
1579 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */ 1593 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1580 sock_rps_save_rxhash(sk, skb->rxhash); 1594 sock_rps_save_rxhash(sk, skb);
1581 if (tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len)) { 1595 if (tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len)) {
1582 rsk = sk; 1596 rsk = sk;
1583 goto reset; 1597 goto reset;
@@ -1594,7 +1608,7 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb)
1594 goto discard; 1608 goto discard;
1595 1609
1596 if (nsk != sk) { 1610 if (nsk != sk) {
1597 sock_rps_save_rxhash(nsk, skb->rxhash); 1611 sock_rps_save_rxhash(nsk, skb);
1598 if (tcp_child_process(sk, nsk, skb)) { 1612 if (tcp_child_process(sk, nsk, skb)) {
1599 rsk = nsk; 1613 rsk = nsk;
1600 goto reset; 1614 goto reset;
@@ -1602,7 +1616,7 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb)
1602 return 0; 1616 return 0;
1603 } 1617 }
1604 } else 1618 } else
1605 sock_rps_save_rxhash(sk, skb->rxhash); 1619 sock_rps_save_rxhash(sk, skb);
1606 1620
1607 if (tcp_rcv_state_process(sk, skb, tcp_hdr(skb), skb->len)) { 1621 if (tcp_rcv_state_process(sk, skb, tcp_hdr(skb), skb->len)) {
1608 rsk = sk; 1622 rsk = sk;
@@ -1634,7 +1648,7 @@ EXPORT_SYMBOL(tcp_v4_do_rcv);
1634int tcp_v4_rcv(struct sk_buff *skb) 1648int tcp_v4_rcv(struct sk_buff *skb)
1635{ 1649{
1636 const struct iphdr *iph; 1650 const struct iphdr *iph;
1637 struct tcphdr *th; 1651 const struct tcphdr *th;
1638 struct sock *sk; 1652 struct sock *sk;
1639 int ret; 1653 int ret;
1640 struct net *net = dev_net(skb->dev); 1654 struct net *net = dev_net(skb->dev);
@@ -1669,7 +1683,7 @@ int tcp_v4_rcv(struct sk_buff *skb)
1669 skb->len - th->doff * 4); 1683 skb->len - th->doff * 4);
1670 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq); 1684 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1671 TCP_SKB_CB(skb)->when = 0; 1685 TCP_SKB_CB(skb)->when = 0;
1672 TCP_SKB_CB(skb)->flags = iph->tos; 1686 TCP_SKB_CB(skb)->ip_dsfield = ipv4_get_dsfield(iph);
1673 TCP_SKB_CB(skb)->sacked = 0; 1687 TCP_SKB_CB(skb)->sacked = 0;
1674 1688
1675 sk = __inet_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest); 1689 sk = __inet_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest);
@@ -1798,7 +1812,7 @@ EXPORT_SYMBOL(tcp_v4_get_peer);
1798 1812
1799void *tcp_v4_tw_get_peer(struct sock *sk) 1813void *tcp_v4_tw_get_peer(struct sock *sk)
1800{ 1814{
1801 struct inet_timewait_sock *tw = inet_twsk(sk); 1815 const struct inet_timewait_sock *tw = inet_twsk(sk);
1802 1816
1803 return inet_getpeer_v4(tw->tw_daddr, 1); 1817 return inet_getpeer_v4(tw->tw_daddr, 1);
1804} 1818}
@@ -2370,7 +2384,7 @@ void tcp_proc_unregister(struct net *net, struct tcp_seq_afinfo *afinfo)
2370} 2384}
2371EXPORT_SYMBOL(tcp_proc_unregister); 2385EXPORT_SYMBOL(tcp_proc_unregister);
2372 2386
2373static void get_openreq4(struct sock *sk, struct request_sock *req, 2387static void get_openreq4(const struct sock *sk, const struct request_sock *req,
2374 struct seq_file *f, int i, int uid, int *len) 2388 struct seq_file *f, int i, int uid, int *len)
2375{ 2389{
2376 const struct inet_request_sock *ireq = inet_rsk(req); 2390 const struct inet_request_sock *ireq = inet_rsk(req);
@@ -2400,9 +2414,9 @@ static void get_tcp4_sock(struct sock *sk, struct seq_file *f, int i, int *len)
2400{ 2414{
2401 int timer_active; 2415 int timer_active;
2402 unsigned long timer_expires; 2416 unsigned long timer_expires;
2403 struct tcp_sock *tp = tcp_sk(sk); 2417 const struct tcp_sock *tp = tcp_sk(sk);
2404 const struct inet_connection_sock *icsk = inet_csk(sk); 2418 const struct inet_connection_sock *icsk = inet_csk(sk);
2405 struct inet_sock *inet = inet_sk(sk); 2419 const struct inet_sock *inet = inet_sk(sk);
2406 __be32 dest = inet->inet_daddr; 2420 __be32 dest = inet->inet_daddr;
2407 __be32 src = inet->inet_rcv_saddr; 2421 __be32 src = inet->inet_rcv_saddr;
2408 __u16 destp = ntohs(inet->inet_dport); 2422 __u16 destp = ntohs(inet->inet_dport);
@@ -2451,7 +2465,7 @@ static void get_tcp4_sock(struct sock *sk, struct seq_file *f, int i, int *len)
2451 len); 2465 len);
2452} 2466}
2453 2467
2454static void get_timewait4_sock(struct inet_timewait_sock *tw, 2468static void get_timewait4_sock(const struct inet_timewait_sock *tw,
2455 struct seq_file *f, int i, int *len) 2469 struct seq_file *f, int i, int *len)
2456{ 2470{
2457 __be32 dest, src; 2471 __be32 dest, src;
diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c
index d2fe4e06b472..66363b689ad6 100644
--- a/net/ipv4/tcp_minisocks.c
+++ b/net/ipv4/tcp_minisocks.c
@@ -141,7 +141,7 @@ tcp_timewait_state_process(struct inet_timewait_sock *tw, struct sk_buff *skb,
141 const struct tcphdr *th) 141 const struct tcphdr *th)
142{ 142{
143 struct tcp_options_received tmp_opt; 143 struct tcp_options_received tmp_opt;
144 u8 *hash_location; 144 const u8 *hash_location;
145 struct tcp_timewait_sock *tcptw = tcp_twsk((struct sock *)tw); 145 struct tcp_timewait_sock *tcptw = tcp_twsk((struct sock *)tw);
146 int paws_reject = 0; 146 int paws_reject = 0;
147 147
@@ -328,6 +328,7 @@ void tcp_time_wait(struct sock *sk, int state, int timeo)
328 struct tcp_timewait_sock *tcptw = tcp_twsk((struct sock *)tw); 328 struct tcp_timewait_sock *tcptw = tcp_twsk((struct sock *)tw);
329 const int rto = (icsk->icsk_rto << 2) - (icsk->icsk_rto >> 1); 329 const int rto = (icsk->icsk_rto << 2) - (icsk->icsk_rto >> 1);
330 330
331 tw->tw_transparent = inet_sk(sk)->transparent;
331 tw->tw_rcv_wscale = tp->rx_opt.rcv_wscale; 332 tw->tw_rcv_wscale = tp->rx_opt.rcv_wscale;
332 tcptw->tw_rcv_nxt = tp->rcv_nxt; 333 tcptw->tw_rcv_nxt = tp->rcv_nxt;
333 tcptw->tw_snd_nxt = tp->snd_nxt; 334 tcptw->tw_snd_nxt = tp->snd_nxt;
@@ -344,6 +345,7 @@ void tcp_time_wait(struct sock *sk, int state, int timeo)
344 tw6 = inet6_twsk((struct sock *)tw); 345 tw6 = inet6_twsk((struct sock *)tw);
345 ipv6_addr_copy(&tw6->tw_v6_daddr, &np->daddr); 346 ipv6_addr_copy(&tw6->tw_v6_daddr, &np->daddr);
346 ipv6_addr_copy(&tw6->tw_v6_rcv_saddr, &np->rcv_saddr); 347 ipv6_addr_copy(&tw6->tw_v6_rcv_saddr, &np->rcv_saddr);
348 tw->tw_tclass = np->tclass;
347 tw->tw_ipv6only = np->ipv6only; 349 tw->tw_ipv6only = np->ipv6only;
348 } 350 }
349#endif 351#endif
@@ -566,7 +568,7 @@ struct sock *tcp_check_req(struct sock *sk, struct sk_buff *skb,
566 struct request_sock **prev) 568 struct request_sock **prev)
567{ 569{
568 struct tcp_options_received tmp_opt; 570 struct tcp_options_received tmp_opt;
569 u8 *hash_location; 571 const u8 *hash_location;
570 struct sock *child; 572 struct sock *child;
571 const struct tcphdr *th = tcp_hdr(skb); 573 const struct tcphdr *th = tcp_hdr(skb);
572 __be32 flg = tcp_flag_word(th) & (TCP_FLAG_RST|TCP_FLAG_SYN|TCP_FLAG_ACK); 574 __be32 flg = tcp_flag_word(th) & (TCP_FLAG_RST|TCP_FLAG_SYN|TCP_FLAG_ACK);
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index 882e0b0964d0..980b98f6288c 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -65,7 +65,7 @@ EXPORT_SYMBOL_GPL(sysctl_tcp_cookie_size);
65 65
66 66
67/* Account for new data that has been sent to the network. */ 67/* Account for new data that has been sent to the network. */
68static void tcp_event_new_data_sent(struct sock *sk, struct sk_buff *skb) 68static void tcp_event_new_data_sent(struct sock *sk, const struct sk_buff *skb)
69{ 69{
70 struct tcp_sock *tp = tcp_sk(sk); 70 struct tcp_sock *tp = tcp_sk(sk);
71 unsigned int prior_packets = tp->packets_out; 71 unsigned int prior_packets = tp->packets_out;
@@ -89,9 +89,9 @@ static void tcp_event_new_data_sent(struct sock *sk, struct sk_buff *skb)
89 * Anything in between SND.UNA...SND.UNA+SND.WND also can be already 89 * Anything in between SND.UNA...SND.UNA+SND.WND also can be already
90 * invalid. OK, let's make this for now: 90 * invalid. OK, let's make this for now:
91 */ 91 */
92static inline __u32 tcp_acceptable_seq(struct sock *sk) 92static inline __u32 tcp_acceptable_seq(const struct sock *sk)
93{ 93{
94 struct tcp_sock *tp = tcp_sk(sk); 94 const struct tcp_sock *tp = tcp_sk(sk);
95 95
96 if (!before(tcp_wnd_end(tp), tp->snd_nxt)) 96 if (!before(tcp_wnd_end(tp), tp->snd_nxt))
97 return tp->snd_nxt; 97 return tp->snd_nxt;
@@ -116,7 +116,7 @@ static inline __u32 tcp_acceptable_seq(struct sock *sk)
116static __u16 tcp_advertise_mss(struct sock *sk) 116static __u16 tcp_advertise_mss(struct sock *sk)
117{ 117{
118 struct tcp_sock *tp = tcp_sk(sk); 118 struct tcp_sock *tp = tcp_sk(sk);
119 struct dst_entry *dst = __sk_dst_get(sk); 119 const struct dst_entry *dst = __sk_dst_get(sk);
120 int mss = tp->advmss; 120 int mss = tp->advmss;
121 121
122 if (dst) { 122 if (dst) {
@@ -133,7 +133,7 @@ static __u16 tcp_advertise_mss(struct sock *sk)
133 133
134/* RFC2861. Reset CWND after idle period longer RTO to "restart window". 134/* RFC2861. Reset CWND after idle period longer RTO to "restart window".
135 * This is the first part of cwnd validation mechanism. */ 135 * This is the first part of cwnd validation mechanism. */
136static void tcp_cwnd_restart(struct sock *sk, struct dst_entry *dst) 136static void tcp_cwnd_restart(struct sock *sk, const struct dst_entry *dst)
137{ 137{
138 struct tcp_sock *tp = tcp_sk(sk); 138 struct tcp_sock *tp = tcp_sk(sk);
139 s32 delta = tcp_time_stamp - tp->lsndtime; 139 s32 delta = tcp_time_stamp - tp->lsndtime;
@@ -154,7 +154,7 @@ static void tcp_cwnd_restart(struct sock *sk, struct dst_entry *dst)
154 154
155/* Congestion state accounting after a packet has been sent. */ 155/* Congestion state accounting after a packet has been sent. */
156static void tcp_event_data_sent(struct tcp_sock *tp, 156static void tcp_event_data_sent(struct tcp_sock *tp,
157 struct sk_buff *skb, struct sock *sk) 157 struct sock *sk)
158{ 158{
159 struct inet_connection_sock *icsk = inet_csk(sk); 159 struct inet_connection_sock *icsk = inet_csk(sk);
160 const u32 now = tcp_time_stamp; 160 const u32 now = tcp_time_stamp;
@@ -295,11 +295,11 @@ static u16 tcp_select_window(struct sock *sk)
295} 295}
296 296
297/* Packet ECN state for a SYN-ACK */ 297/* Packet ECN state for a SYN-ACK */
298static inline void TCP_ECN_send_synack(struct tcp_sock *tp, struct sk_buff *skb) 298static inline void TCP_ECN_send_synack(const struct tcp_sock *tp, struct sk_buff *skb)
299{ 299{
300 TCP_SKB_CB(skb)->flags &= ~TCPHDR_CWR; 300 TCP_SKB_CB(skb)->tcp_flags &= ~TCPHDR_CWR;
301 if (!(tp->ecn_flags & TCP_ECN_OK)) 301 if (!(tp->ecn_flags & TCP_ECN_OK))
302 TCP_SKB_CB(skb)->flags &= ~TCPHDR_ECE; 302 TCP_SKB_CB(skb)->tcp_flags &= ~TCPHDR_ECE;
303} 303}
304 304
305/* Packet ECN state for a SYN. */ 305/* Packet ECN state for a SYN. */
@@ -309,13 +309,13 @@ static inline void TCP_ECN_send_syn(struct sock *sk, struct sk_buff *skb)
309 309
310 tp->ecn_flags = 0; 310 tp->ecn_flags = 0;
311 if (sysctl_tcp_ecn == 1) { 311 if (sysctl_tcp_ecn == 1) {
312 TCP_SKB_CB(skb)->flags |= TCPHDR_ECE | TCPHDR_CWR; 312 TCP_SKB_CB(skb)->tcp_flags |= TCPHDR_ECE | TCPHDR_CWR;
313 tp->ecn_flags = TCP_ECN_OK; 313 tp->ecn_flags = TCP_ECN_OK;
314 } 314 }
315} 315}
316 316
317static __inline__ void 317static __inline__ void
318TCP_ECN_make_synack(struct request_sock *req, struct tcphdr *th) 318TCP_ECN_make_synack(const struct request_sock *req, struct tcphdr *th)
319{ 319{
320 if (inet_rsk(req)->ecn_ok) 320 if (inet_rsk(req)->ecn_ok)
321 th->ece = 1; 321 th->ece = 1;
@@ -356,7 +356,7 @@ static void tcp_init_nondata_skb(struct sk_buff *skb, u32 seq, u8 flags)
356 skb->ip_summed = CHECKSUM_PARTIAL; 356 skb->ip_summed = CHECKSUM_PARTIAL;
357 skb->csum = 0; 357 skb->csum = 0;
358 358
359 TCP_SKB_CB(skb)->flags = flags; 359 TCP_SKB_CB(skb)->tcp_flags = flags;
360 TCP_SKB_CB(skb)->sacked = 0; 360 TCP_SKB_CB(skb)->sacked = 0;
361 361
362 skb_shinfo(skb)->gso_segs = 1; 362 skb_shinfo(skb)->gso_segs = 1;
@@ -565,7 +565,8 @@ static void tcp_options_write(__be32 *ptr, struct tcp_sock *tp,
565 */ 565 */
566static unsigned tcp_syn_options(struct sock *sk, struct sk_buff *skb, 566static unsigned tcp_syn_options(struct sock *sk, struct sk_buff *skb,
567 struct tcp_out_options *opts, 567 struct tcp_out_options *opts,
568 struct tcp_md5sig_key **md5) { 568 struct tcp_md5sig_key **md5)
569{
569 struct tcp_sock *tp = tcp_sk(sk); 570 struct tcp_sock *tp = tcp_sk(sk);
570 struct tcp_cookie_values *cvp = tp->cookie_values; 571 struct tcp_cookie_values *cvp = tp->cookie_values;
571 unsigned remaining = MAX_TCP_OPTION_SPACE; 572 unsigned remaining = MAX_TCP_OPTION_SPACE;
@@ -743,7 +744,8 @@ static unsigned tcp_synack_options(struct sock *sk,
743 */ 744 */
744static unsigned tcp_established_options(struct sock *sk, struct sk_buff *skb, 745static unsigned tcp_established_options(struct sock *sk, struct sk_buff *skb,
745 struct tcp_out_options *opts, 746 struct tcp_out_options *opts,
746 struct tcp_md5sig_key **md5) { 747 struct tcp_md5sig_key **md5)
748{
747 struct tcp_skb_cb *tcb = skb ? TCP_SKB_CB(skb) : NULL; 749 struct tcp_skb_cb *tcb = skb ? TCP_SKB_CB(skb) : NULL;
748 struct tcp_sock *tp = tcp_sk(sk); 750 struct tcp_sock *tp = tcp_sk(sk);
749 unsigned size = 0; 751 unsigned size = 0;
@@ -826,7 +828,7 @@ static int tcp_transmit_skb(struct sock *sk, struct sk_buff *skb, int clone_it,
826 tcb = TCP_SKB_CB(skb); 828 tcb = TCP_SKB_CB(skb);
827 memset(&opts, 0, sizeof(opts)); 829 memset(&opts, 0, sizeof(opts));
828 830
829 if (unlikely(tcb->flags & TCPHDR_SYN)) 831 if (unlikely(tcb->tcp_flags & TCPHDR_SYN))
830 tcp_options_size = tcp_syn_options(sk, skb, &opts, &md5); 832 tcp_options_size = tcp_syn_options(sk, skb, &opts, &md5);
831 else 833 else
832 tcp_options_size = tcp_established_options(sk, skb, &opts, 834 tcp_options_size = tcp_established_options(sk, skb, &opts,
@@ -850,9 +852,9 @@ static int tcp_transmit_skb(struct sock *sk, struct sk_buff *skb, int clone_it,
850 th->seq = htonl(tcb->seq); 852 th->seq = htonl(tcb->seq);
851 th->ack_seq = htonl(tp->rcv_nxt); 853 th->ack_seq = htonl(tp->rcv_nxt);
852 *(((__be16 *)th) + 6) = htons(((tcp_header_size >> 2) << 12) | 854 *(((__be16 *)th) + 6) = htons(((tcp_header_size >> 2) << 12) |
853 tcb->flags); 855 tcb->tcp_flags);
854 856
855 if (unlikely(tcb->flags & TCPHDR_SYN)) { 857 if (unlikely(tcb->tcp_flags & TCPHDR_SYN)) {
856 /* RFC1323: The window in SYN & SYN/ACK segments 858 /* RFC1323: The window in SYN & SYN/ACK segments
857 * is never scaled. 859 * is never scaled.
858 */ 860 */
@@ -875,7 +877,7 @@ static int tcp_transmit_skb(struct sock *sk, struct sk_buff *skb, int clone_it,
875 } 877 }
876 878
877 tcp_options_write((__be32 *)(th + 1), tp, &opts); 879 tcp_options_write((__be32 *)(th + 1), tp, &opts);
878 if (likely((tcb->flags & TCPHDR_SYN) == 0)) 880 if (likely((tcb->tcp_flags & TCPHDR_SYN) == 0))
879 TCP_ECN_send(sk, skb, tcp_header_size); 881 TCP_ECN_send(sk, skb, tcp_header_size);
880 882
881#ifdef CONFIG_TCP_MD5SIG 883#ifdef CONFIG_TCP_MD5SIG
@@ -889,11 +891,11 @@ static int tcp_transmit_skb(struct sock *sk, struct sk_buff *skb, int clone_it,
889 891
890 icsk->icsk_af_ops->send_check(sk, skb); 892 icsk->icsk_af_ops->send_check(sk, skb);
891 893
892 if (likely(tcb->flags & TCPHDR_ACK)) 894 if (likely(tcb->tcp_flags & TCPHDR_ACK))
893 tcp_event_ack_sent(sk, tcp_skb_pcount(skb)); 895 tcp_event_ack_sent(sk, tcp_skb_pcount(skb));
894 896
895 if (skb->len != tcp_header_size) 897 if (skb->len != tcp_header_size)
896 tcp_event_data_sent(tp, skb, sk); 898 tcp_event_data_sent(tp, sk);
897 899
898 if (after(tcb->end_seq, tp->snd_nxt) || tcb->seq == tcb->end_seq) 900 if (after(tcb->end_seq, tp->snd_nxt) || tcb->seq == tcb->end_seq)
899 TCP_ADD_STATS(sock_net(sk), TCP_MIB_OUTSEGS, 901 TCP_ADD_STATS(sock_net(sk), TCP_MIB_OUTSEGS,
@@ -926,7 +928,7 @@ static void tcp_queue_skb(struct sock *sk, struct sk_buff *skb)
926} 928}
927 929
928/* Initialize TSO segments for a packet. */ 930/* Initialize TSO segments for a packet. */
929static void tcp_set_skb_tso_segs(struct sock *sk, struct sk_buff *skb, 931static void tcp_set_skb_tso_segs(const struct sock *sk, struct sk_buff *skb,
930 unsigned int mss_now) 932 unsigned int mss_now)
931{ 933{
932 if (skb->len <= mss_now || !sk_can_gso(sk) || 934 if (skb->len <= mss_now || !sk_can_gso(sk) ||
@@ -947,7 +949,7 @@ static void tcp_set_skb_tso_segs(struct sock *sk, struct sk_buff *skb,
947/* When a modification to fackets out becomes necessary, we need to check 949/* When a modification to fackets out becomes necessary, we need to check
948 * skb is counted to fackets_out or not. 950 * skb is counted to fackets_out or not.
949 */ 951 */
950static void tcp_adjust_fackets_out(struct sock *sk, struct sk_buff *skb, 952static void tcp_adjust_fackets_out(struct sock *sk, const struct sk_buff *skb,
951 int decr) 953 int decr)
952{ 954{
953 struct tcp_sock *tp = tcp_sk(sk); 955 struct tcp_sock *tp = tcp_sk(sk);
@@ -962,7 +964,7 @@ static void tcp_adjust_fackets_out(struct sock *sk, struct sk_buff *skb,
962/* Pcount in the middle of the write queue got changed, we need to do various 964/* Pcount in the middle of the write queue got changed, we need to do various
963 * tweaks to fix counters 965 * tweaks to fix counters
964 */ 966 */
965static void tcp_adjust_pcount(struct sock *sk, struct sk_buff *skb, int decr) 967static void tcp_adjust_pcount(struct sock *sk, const struct sk_buff *skb, int decr)
966{ 968{
967 struct tcp_sock *tp = tcp_sk(sk); 969 struct tcp_sock *tp = tcp_sk(sk);
968 970
@@ -1032,9 +1034,9 @@ int tcp_fragment(struct sock *sk, struct sk_buff *skb, u32 len,
1032 TCP_SKB_CB(skb)->end_seq = TCP_SKB_CB(buff)->seq; 1034 TCP_SKB_CB(skb)->end_seq = TCP_SKB_CB(buff)->seq;
1033 1035
1034 /* PSH and FIN should only be set in the second packet. */ 1036 /* PSH and FIN should only be set in the second packet. */
1035 flags = TCP_SKB_CB(skb)->flags; 1037 flags = TCP_SKB_CB(skb)->tcp_flags;
1036 TCP_SKB_CB(skb)->flags = flags & ~(TCPHDR_FIN | TCPHDR_PSH); 1038 TCP_SKB_CB(skb)->tcp_flags = flags & ~(TCPHDR_FIN | TCPHDR_PSH);
1037 TCP_SKB_CB(buff)->flags = flags; 1039 TCP_SKB_CB(buff)->tcp_flags = flags;
1038 TCP_SKB_CB(buff)->sacked = TCP_SKB_CB(skb)->sacked; 1040 TCP_SKB_CB(buff)->sacked = TCP_SKB_CB(skb)->sacked;
1039 1041
1040 if (!skb_shinfo(skb)->nr_frags && skb->ip_summed != CHECKSUM_PARTIAL) { 1042 if (!skb_shinfo(skb)->nr_frags && skb->ip_summed != CHECKSUM_PARTIAL) {
@@ -1094,14 +1096,16 @@ static void __pskb_trim_head(struct sk_buff *skb, int len)
1094 eat = len; 1096 eat = len;
1095 k = 0; 1097 k = 0;
1096 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) { 1098 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
1097 if (skb_shinfo(skb)->frags[i].size <= eat) { 1099 int size = skb_frag_size(&skb_shinfo(skb)->frags[i]);
1098 put_page(skb_shinfo(skb)->frags[i].page); 1100
1099 eat -= skb_shinfo(skb)->frags[i].size; 1101 if (size <= eat) {
1102 skb_frag_unref(skb, i);
1103 eat -= size;
1100 } else { 1104 } else {
1101 skb_shinfo(skb)->frags[k] = skb_shinfo(skb)->frags[i]; 1105 skb_shinfo(skb)->frags[k] = skb_shinfo(skb)->frags[i];
1102 if (eat) { 1106 if (eat) {
1103 skb_shinfo(skb)->frags[k].page_offset += eat; 1107 skb_shinfo(skb)->frags[k].page_offset += eat;
1104 skb_shinfo(skb)->frags[k].size -= eat; 1108 skb_frag_size_sub(&skb_shinfo(skb)->frags[k], eat);
1105 eat = 0; 1109 eat = 0;
1106 } 1110 }
1107 k++; 1111 k++;
@@ -1144,10 +1148,10 @@ int tcp_trim_head(struct sock *sk, struct sk_buff *skb, u32 len)
1144} 1148}
1145 1149
1146/* Calculate MSS. Not accounting for SACKs here. */ 1150/* Calculate MSS. Not accounting for SACKs here. */
1147int tcp_mtu_to_mss(struct sock *sk, int pmtu) 1151int tcp_mtu_to_mss(const struct sock *sk, int pmtu)
1148{ 1152{
1149 struct tcp_sock *tp = tcp_sk(sk); 1153 const struct tcp_sock *tp = tcp_sk(sk);
1150 struct inet_connection_sock *icsk = inet_csk(sk); 1154 const struct inet_connection_sock *icsk = inet_csk(sk);
1151 int mss_now; 1155 int mss_now;
1152 1156
1153 /* Calculate base mss without TCP options: 1157 /* Calculate base mss without TCP options:
@@ -1173,10 +1177,10 @@ int tcp_mtu_to_mss(struct sock *sk, int pmtu)
1173} 1177}
1174 1178
1175/* Inverse of above */ 1179/* Inverse of above */
1176int tcp_mss_to_mtu(struct sock *sk, int mss) 1180int tcp_mss_to_mtu(const struct sock *sk, int mss)
1177{ 1181{
1178 struct tcp_sock *tp = tcp_sk(sk); 1182 const struct tcp_sock *tp = tcp_sk(sk);
1179 struct inet_connection_sock *icsk = inet_csk(sk); 1183 const struct inet_connection_sock *icsk = inet_csk(sk);
1180 int mtu; 1184 int mtu;
1181 1185
1182 mtu = mss + 1186 mtu = mss +
@@ -1250,8 +1254,8 @@ EXPORT_SYMBOL(tcp_sync_mss);
1250 */ 1254 */
1251unsigned int tcp_current_mss(struct sock *sk) 1255unsigned int tcp_current_mss(struct sock *sk)
1252{ 1256{
1253 struct tcp_sock *tp = tcp_sk(sk); 1257 const struct tcp_sock *tp = tcp_sk(sk);
1254 struct dst_entry *dst = __sk_dst_get(sk); 1258 const struct dst_entry *dst = __sk_dst_get(sk);
1255 u32 mss_now; 1259 u32 mss_now;
1256 unsigned header_len; 1260 unsigned header_len;
1257 struct tcp_out_options opts; 1261 struct tcp_out_options opts;
@@ -1311,10 +1315,10 @@ static void tcp_cwnd_validate(struct sock *sk)
1311 * modulo only when the receiver window alone is the limiting factor or 1315 * modulo only when the receiver window alone is the limiting factor or
1312 * when we would be allowed to send the split-due-to-Nagle skb fully. 1316 * when we would be allowed to send the split-due-to-Nagle skb fully.
1313 */ 1317 */
1314static unsigned int tcp_mss_split_point(struct sock *sk, struct sk_buff *skb, 1318static unsigned int tcp_mss_split_point(const struct sock *sk, const struct sk_buff *skb,
1315 unsigned int mss_now, unsigned int cwnd) 1319 unsigned int mss_now, unsigned int cwnd)
1316{ 1320{
1317 struct tcp_sock *tp = tcp_sk(sk); 1321 const struct tcp_sock *tp = tcp_sk(sk);
1318 u32 needed, window, cwnd_len; 1322 u32 needed, window, cwnd_len;
1319 1323
1320 window = tcp_wnd_end(tp) - TCP_SKB_CB(skb)->seq; 1324 window = tcp_wnd_end(tp) - TCP_SKB_CB(skb)->seq;
@@ -1334,13 +1338,14 @@ static unsigned int tcp_mss_split_point(struct sock *sk, struct sk_buff *skb,
1334/* Can at least one segment of SKB be sent right now, according to the 1338/* Can at least one segment of SKB be sent right now, according to the
1335 * congestion window rules? If so, return how many segments are allowed. 1339 * congestion window rules? If so, return how many segments are allowed.
1336 */ 1340 */
1337static inline unsigned int tcp_cwnd_test(struct tcp_sock *tp, 1341static inline unsigned int tcp_cwnd_test(const struct tcp_sock *tp,
1338 struct sk_buff *skb) 1342 const struct sk_buff *skb)
1339{ 1343{
1340 u32 in_flight, cwnd; 1344 u32 in_flight, cwnd;
1341 1345
1342 /* Don't be strict about the congestion window for the final FIN. */ 1346 /* Don't be strict about the congestion window for the final FIN. */
1343 if ((TCP_SKB_CB(skb)->flags & TCPHDR_FIN) && tcp_skb_pcount(skb) == 1) 1347 if ((TCP_SKB_CB(skb)->tcp_flags & TCPHDR_FIN) &&
1348 tcp_skb_pcount(skb) == 1)
1344 return 1; 1349 return 1;
1345 1350
1346 in_flight = tcp_packets_in_flight(tp); 1351 in_flight = tcp_packets_in_flight(tp);
@@ -1355,7 +1360,7 @@ static inline unsigned int tcp_cwnd_test(struct tcp_sock *tp,
1355 * This must be invoked the first time we consider transmitting 1360 * This must be invoked the first time we consider transmitting
1356 * SKB onto the wire. 1361 * SKB onto the wire.
1357 */ 1362 */
1358static int tcp_init_tso_segs(struct sock *sk, struct sk_buff *skb, 1363static int tcp_init_tso_segs(const struct sock *sk, struct sk_buff *skb,
1359 unsigned int mss_now) 1364 unsigned int mss_now)
1360{ 1365{
1361 int tso_segs = tcp_skb_pcount(skb); 1366 int tso_segs = tcp_skb_pcount(skb);
@@ -1393,7 +1398,7 @@ static inline int tcp_nagle_check(const struct tcp_sock *tp,
1393/* Return non-zero if the Nagle test allows this packet to be 1398/* Return non-zero if the Nagle test allows this packet to be
1394 * sent now. 1399 * sent now.
1395 */ 1400 */
1396static inline int tcp_nagle_test(struct tcp_sock *tp, struct sk_buff *skb, 1401static inline int tcp_nagle_test(const struct tcp_sock *tp, const struct sk_buff *skb,
1397 unsigned int cur_mss, int nonagle) 1402 unsigned int cur_mss, int nonagle)
1398{ 1403{
1399 /* Nagle rule does not apply to frames, which sit in the middle of the 1404 /* Nagle rule does not apply to frames, which sit in the middle of the
@@ -1409,7 +1414,7 @@ static inline int tcp_nagle_test(struct tcp_sock *tp, struct sk_buff *skb,
1409 * Nagle can be ignored during F-RTO too (see RFC4138). 1414 * Nagle can be ignored during F-RTO too (see RFC4138).
1410 */ 1415 */
1411 if (tcp_urg_mode(tp) || (tp->frto_counter == 2) || 1416 if (tcp_urg_mode(tp) || (tp->frto_counter == 2) ||
1412 (TCP_SKB_CB(skb)->flags & TCPHDR_FIN)) 1417 (TCP_SKB_CB(skb)->tcp_flags & TCPHDR_FIN))
1413 return 1; 1418 return 1;
1414 1419
1415 if (!tcp_nagle_check(tp, skb, cur_mss, nonagle)) 1420 if (!tcp_nagle_check(tp, skb, cur_mss, nonagle))
@@ -1419,7 +1424,7 @@ static inline int tcp_nagle_test(struct tcp_sock *tp, struct sk_buff *skb,
1419} 1424}
1420 1425
1421/* Does at least the first segment of SKB fit into the send window? */ 1426/* Does at least the first segment of SKB fit into the send window? */
1422static inline int tcp_snd_wnd_test(struct tcp_sock *tp, struct sk_buff *skb, 1427static inline int tcp_snd_wnd_test(const struct tcp_sock *tp, const struct sk_buff *skb,
1423 unsigned int cur_mss) 1428 unsigned int cur_mss)
1424{ 1429{
1425 u32 end_seq = TCP_SKB_CB(skb)->end_seq; 1430 u32 end_seq = TCP_SKB_CB(skb)->end_seq;
@@ -1434,10 +1439,10 @@ static inline int tcp_snd_wnd_test(struct tcp_sock *tp, struct sk_buff *skb,
1434 * should be put on the wire right now. If so, it returns the number of 1439 * should be put on the wire right now. If so, it returns the number of
1435 * packets allowed by the congestion window. 1440 * packets allowed by the congestion window.
1436 */ 1441 */
1437static unsigned int tcp_snd_test(struct sock *sk, struct sk_buff *skb, 1442static unsigned int tcp_snd_test(const struct sock *sk, struct sk_buff *skb,
1438 unsigned int cur_mss, int nonagle) 1443 unsigned int cur_mss, int nonagle)
1439{ 1444{
1440 struct tcp_sock *tp = tcp_sk(sk); 1445 const struct tcp_sock *tp = tcp_sk(sk);
1441 unsigned int cwnd_quota; 1446 unsigned int cwnd_quota;
1442 1447
1443 tcp_init_tso_segs(sk, skb, cur_mss); 1448 tcp_init_tso_segs(sk, skb, cur_mss);
@@ -1455,7 +1460,7 @@ static unsigned int tcp_snd_test(struct sock *sk, struct sk_buff *skb,
1455/* Test if sending is allowed right now. */ 1460/* Test if sending is allowed right now. */
1456int tcp_may_send_now(struct sock *sk) 1461int tcp_may_send_now(struct sock *sk)
1457{ 1462{
1458 struct tcp_sock *tp = tcp_sk(sk); 1463 const struct tcp_sock *tp = tcp_sk(sk);
1459 struct sk_buff *skb = tcp_send_head(sk); 1464 struct sk_buff *skb = tcp_send_head(sk);
1460 1465
1461 return skb && 1466 return skb &&
@@ -1497,9 +1502,9 @@ static int tso_fragment(struct sock *sk, struct sk_buff *skb, unsigned int len,
1497 TCP_SKB_CB(skb)->end_seq = TCP_SKB_CB(buff)->seq; 1502 TCP_SKB_CB(skb)->end_seq = TCP_SKB_CB(buff)->seq;
1498 1503
1499 /* PSH and FIN should only be set in the second packet. */ 1504 /* PSH and FIN should only be set in the second packet. */
1500 flags = TCP_SKB_CB(skb)->flags; 1505 flags = TCP_SKB_CB(skb)->tcp_flags;
1501 TCP_SKB_CB(skb)->flags = flags & ~(TCPHDR_FIN | TCPHDR_PSH); 1506 TCP_SKB_CB(skb)->tcp_flags = flags & ~(TCPHDR_FIN | TCPHDR_PSH);
1502 TCP_SKB_CB(buff)->flags = flags; 1507 TCP_SKB_CB(buff)->tcp_flags = flags;
1503 1508
1504 /* This packet was never sent out yet, so no SACK bits. */ 1509 /* This packet was never sent out yet, so no SACK bits. */
1505 TCP_SKB_CB(buff)->sacked = 0; 1510 TCP_SKB_CB(buff)->sacked = 0;
@@ -1530,7 +1535,7 @@ static int tcp_tso_should_defer(struct sock *sk, struct sk_buff *skb)
1530 u32 send_win, cong_win, limit, in_flight; 1535 u32 send_win, cong_win, limit, in_flight;
1531 int win_divisor; 1536 int win_divisor;
1532 1537
1533 if (TCP_SKB_CB(skb)->flags & TCPHDR_FIN) 1538 if (TCP_SKB_CB(skb)->tcp_flags & TCPHDR_FIN)
1534 goto send_now; 1539 goto send_now;
1535 1540
1536 if (icsk->icsk_ca_state != TCP_CA_Open) 1541 if (icsk->icsk_ca_state != TCP_CA_Open)
@@ -1657,7 +1662,7 @@ static int tcp_mtu_probe(struct sock *sk)
1657 1662
1658 TCP_SKB_CB(nskb)->seq = TCP_SKB_CB(skb)->seq; 1663 TCP_SKB_CB(nskb)->seq = TCP_SKB_CB(skb)->seq;
1659 TCP_SKB_CB(nskb)->end_seq = TCP_SKB_CB(skb)->seq + probe_size; 1664 TCP_SKB_CB(nskb)->end_seq = TCP_SKB_CB(skb)->seq + probe_size;
1660 TCP_SKB_CB(nskb)->flags = TCPHDR_ACK; 1665 TCP_SKB_CB(nskb)->tcp_flags = TCPHDR_ACK;
1661 TCP_SKB_CB(nskb)->sacked = 0; 1666 TCP_SKB_CB(nskb)->sacked = 0;
1662 nskb->csum = 0; 1667 nskb->csum = 0;
1663 nskb->ip_summed = skb->ip_summed; 1668 nskb->ip_summed = skb->ip_summed;
@@ -1677,11 +1682,11 @@ static int tcp_mtu_probe(struct sock *sk)
1677 if (skb->len <= copy) { 1682 if (skb->len <= copy) {
1678 /* We've eaten all the data from this skb. 1683 /* We've eaten all the data from this skb.
1679 * Throw it away. */ 1684 * Throw it away. */
1680 TCP_SKB_CB(nskb)->flags |= TCP_SKB_CB(skb)->flags; 1685 TCP_SKB_CB(nskb)->tcp_flags |= TCP_SKB_CB(skb)->tcp_flags;
1681 tcp_unlink_write_queue(skb, sk); 1686 tcp_unlink_write_queue(skb, sk);
1682 sk_wmem_free_skb(sk, skb); 1687 sk_wmem_free_skb(sk, skb);
1683 } else { 1688 } else {
1684 TCP_SKB_CB(nskb)->flags |= TCP_SKB_CB(skb)->flags & 1689 TCP_SKB_CB(nskb)->tcp_flags |= TCP_SKB_CB(skb)->tcp_flags &
1685 ~(TCPHDR_FIN|TCPHDR_PSH); 1690 ~(TCPHDR_FIN|TCPHDR_PSH);
1686 if (!skb_shinfo(skb)->nr_frags) { 1691 if (!skb_shinfo(skb)->nr_frags) {
1687 skb_pull(skb, copy); 1692 skb_pull(skb, copy);
@@ -1796,11 +1801,13 @@ static int tcp_write_xmit(struct sock *sk, unsigned int mss_now, int nonagle,
1796 tcp_event_new_data_sent(sk, skb); 1801 tcp_event_new_data_sent(sk, skb);
1797 1802
1798 tcp_minshall_update(tp, mss_now, skb); 1803 tcp_minshall_update(tp, mss_now, skb);
1799 sent_pkts++; 1804 sent_pkts += tcp_skb_pcount(skb);
1800 1805
1801 if (push_one) 1806 if (push_one)
1802 break; 1807 break;
1803 } 1808 }
1809 if (inet_csk(sk)->icsk_ca_state == TCP_CA_Recovery)
1810 tp->prr_out += sent_pkts;
1804 1811
1805 if (likely(sent_pkts)) { 1812 if (likely(sent_pkts)) {
1806 tcp_cwnd_validate(sk); 1813 tcp_cwnd_validate(sk);
@@ -1985,7 +1992,7 @@ static void tcp_collapse_retrans(struct sock *sk, struct sk_buff *skb)
1985 TCP_SKB_CB(skb)->end_seq = TCP_SKB_CB(next_skb)->end_seq; 1992 TCP_SKB_CB(skb)->end_seq = TCP_SKB_CB(next_skb)->end_seq;
1986 1993
1987 /* Merge over control information. This moves PSH/FIN etc. over */ 1994 /* Merge over control information. This moves PSH/FIN etc. over */
1988 TCP_SKB_CB(skb)->flags |= TCP_SKB_CB(next_skb)->flags; 1995 TCP_SKB_CB(skb)->tcp_flags |= TCP_SKB_CB(next_skb)->tcp_flags;
1989 1996
1990 /* All done, get rid of second SKB and account for it so 1997 /* All done, get rid of second SKB and account for it so
1991 * packet counting does not break. 1998 * packet counting does not break.
@@ -2003,7 +2010,7 @@ static void tcp_collapse_retrans(struct sock *sk, struct sk_buff *skb)
2003} 2010}
2004 2011
2005/* Check if coalescing SKBs is legal. */ 2012/* Check if coalescing SKBs is legal. */
2006static int tcp_can_collapse(struct sock *sk, struct sk_buff *skb) 2013static int tcp_can_collapse(const struct sock *sk, const struct sk_buff *skb)
2007{ 2014{
2008 if (tcp_skb_pcount(skb) > 1) 2015 if (tcp_skb_pcount(skb) > 1)
2009 return 0; 2016 return 0;
@@ -2033,7 +2040,7 @@ static void tcp_retrans_try_collapse(struct sock *sk, struct sk_buff *to,
2033 2040
2034 if (!sysctl_tcp_retrans_collapse) 2041 if (!sysctl_tcp_retrans_collapse)
2035 return; 2042 return;
2036 if (TCP_SKB_CB(skb)->flags & TCPHDR_SYN) 2043 if (TCP_SKB_CB(skb)->tcp_flags & TCPHDR_SYN)
2037 return; 2044 return;
2038 2045
2039 tcp_for_write_queue_from_safe(skb, tmp, sk) { 2046 tcp_for_write_queue_from_safe(skb, tmp, sk) {
@@ -2125,12 +2132,12 @@ int tcp_retransmit_skb(struct sock *sk, struct sk_buff *skb)
2125 * since it is cheap to do so and saves bytes on the network. 2132 * since it is cheap to do so and saves bytes on the network.
2126 */ 2133 */
2127 if (skb->len > 0 && 2134 if (skb->len > 0 &&
2128 (TCP_SKB_CB(skb)->flags & TCPHDR_FIN) && 2135 (TCP_SKB_CB(skb)->tcp_flags & TCPHDR_FIN) &&
2129 tp->snd_una == (TCP_SKB_CB(skb)->end_seq - 1)) { 2136 tp->snd_una == (TCP_SKB_CB(skb)->end_seq - 1)) {
2130 if (!pskb_trim(skb, 0)) { 2137 if (!pskb_trim(skb, 0)) {
2131 /* Reuse, even though it does some unnecessary work */ 2138 /* Reuse, even though it does some unnecessary work */
2132 tcp_init_nondata_skb(skb, TCP_SKB_CB(skb)->end_seq - 1, 2139 tcp_init_nondata_skb(skb, TCP_SKB_CB(skb)->end_seq - 1,
2133 TCP_SKB_CB(skb)->flags); 2140 TCP_SKB_CB(skb)->tcp_flags);
2134 skb->ip_summed = CHECKSUM_NONE; 2141 skb->ip_summed = CHECKSUM_NONE;
2135 } 2142 }
2136 } 2143 }
@@ -2179,7 +2186,7 @@ int tcp_retransmit_skb(struct sock *sk, struct sk_buff *skb)
2179static int tcp_can_forward_retransmit(struct sock *sk) 2186static int tcp_can_forward_retransmit(struct sock *sk)
2180{ 2187{
2181 const struct inet_connection_sock *icsk = inet_csk(sk); 2188 const struct inet_connection_sock *icsk = inet_csk(sk);
2182 struct tcp_sock *tp = tcp_sk(sk); 2189 const struct tcp_sock *tp = tcp_sk(sk);
2183 2190
2184 /* Forward retransmissions are possible only during Recovery. */ 2191 /* Forward retransmissions are possible only during Recovery. */
2185 if (icsk->icsk_ca_state != TCP_CA_Recovery) 2192 if (icsk->icsk_ca_state != TCP_CA_Recovery)
@@ -2294,6 +2301,9 @@ begin_fwd:
2294 return; 2301 return;
2295 NET_INC_STATS_BH(sock_net(sk), mib_idx); 2302 NET_INC_STATS_BH(sock_net(sk), mib_idx);
2296 2303
2304 if (inet_csk(sk)->icsk_ca_state == TCP_CA_Recovery)
2305 tp->prr_out += tcp_skb_pcount(skb);
2306
2297 if (skb == tcp_write_queue_head(sk)) 2307 if (skb == tcp_write_queue_head(sk))
2298 inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS, 2308 inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS,
2299 inet_csk(sk)->icsk_rto, 2309 inet_csk(sk)->icsk_rto,
@@ -2317,7 +2327,7 @@ void tcp_send_fin(struct sock *sk)
2317 mss_now = tcp_current_mss(sk); 2327 mss_now = tcp_current_mss(sk);
2318 2328
2319 if (tcp_send_head(sk) != NULL) { 2329 if (tcp_send_head(sk) != NULL) {
2320 TCP_SKB_CB(skb)->flags |= TCPHDR_FIN; 2330 TCP_SKB_CB(skb)->tcp_flags |= TCPHDR_FIN;
2321 TCP_SKB_CB(skb)->end_seq++; 2331 TCP_SKB_CB(skb)->end_seq++;
2322 tp->write_seq++; 2332 tp->write_seq++;
2323 } else { 2333 } else {
@@ -2379,11 +2389,11 @@ int tcp_send_synack(struct sock *sk)
2379 struct sk_buff *skb; 2389 struct sk_buff *skb;
2380 2390
2381 skb = tcp_write_queue_head(sk); 2391 skb = tcp_write_queue_head(sk);
2382 if (skb == NULL || !(TCP_SKB_CB(skb)->flags & TCPHDR_SYN)) { 2392 if (skb == NULL || !(TCP_SKB_CB(skb)->tcp_flags & TCPHDR_SYN)) {
2383 printk(KERN_DEBUG "tcp_send_synack: wrong queue state\n"); 2393 printk(KERN_DEBUG "tcp_send_synack: wrong queue state\n");
2384 return -EFAULT; 2394 return -EFAULT;
2385 } 2395 }
2386 if (!(TCP_SKB_CB(skb)->flags & TCPHDR_ACK)) { 2396 if (!(TCP_SKB_CB(skb)->tcp_flags & TCPHDR_ACK)) {
2387 if (skb_cloned(skb)) { 2397 if (skb_cloned(skb)) {
2388 struct sk_buff *nskb = skb_copy(skb, GFP_ATOMIC); 2398 struct sk_buff *nskb = skb_copy(skb, GFP_ATOMIC);
2389 if (nskb == NULL) 2399 if (nskb == NULL)
@@ -2397,7 +2407,7 @@ int tcp_send_synack(struct sock *sk)
2397 skb = nskb; 2407 skb = nskb;
2398 } 2408 }
2399 2409
2400 TCP_SKB_CB(skb)->flags |= TCPHDR_ACK; 2410 TCP_SKB_CB(skb)->tcp_flags |= TCPHDR_ACK;
2401 TCP_ECN_send_synack(tcp_sk(sk), skb); 2411 TCP_ECN_send_synack(tcp_sk(sk), skb);
2402 } 2412 }
2403 TCP_SKB_CB(skb)->when = tcp_time_stamp; 2413 TCP_SKB_CB(skb)->when = tcp_time_stamp;
@@ -2542,7 +2552,7 @@ EXPORT_SYMBOL(tcp_make_synack);
2542/* Do all connect socket setups that can be done AF independent. */ 2552/* Do all connect socket setups that can be done AF independent. */
2543static void tcp_connect_init(struct sock *sk) 2553static void tcp_connect_init(struct sock *sk)
2544{ 2554{
2545 struct dst_entry *dst = __sk_dst_get(sk); 2555 const struct dst_entry *dst = __sk_dst_get(sk);
2546 struct tcp_sock *tp = tcp_sk(sk); 2556 struct tcp_sock *tp = tcp_sk(sk);
2547 __u8 rcv_wscale; 2557 __u8 rcv_wscale;
2548 2558
@@ -2794,13 +2804,13 @@ int tcp_write_wakeup(struct sock *sk)
2794 if (seg_size < TCP_SKB_CB(skb)->end_seq - TCP_SKB_CB(skb)->seq || 2804 if (seg_size < TCP_SKB_CB(skb)->end_seq - TCP_SKB_CB(skb)->seq ||
2795 skb->len > mss) { 2805 skb->len > mss) {
2796 seg_size = min(seg_size, mss); 2806 seg_size = min(seg_size, mss);
2797 TCP_SKB_CB(skb)->flags |= TCPHDR_PSH; 2807 TCP_SKB_CB(skb)->tcp_flags |= TCPHDR_PSH;
2798 if (tcp_fragment(sk, skb, seg_size, mss)) 2808 if (tcp_fragment(sk, skb, seg_size, mss))
2799 return -1; 2809 return -1;
2800 } else if (!tcp_skb_pcount(skb)) 2810 } else if (!tcp_skb_pcount(skb))
2801 tcp_set_skb_tso_segs(sk, skb, mss); 2811 tcp_set_skb_tso_segs(sk, skb, mss);
2802 2812
2803 TCP_SKB_CB(skb)->flags |= TCPHDR_PSH; 2813 TCP_SKB_CB(skb)->tcp_flags |= TCPHDR_PSH;
2804 TCP_SKB_CB(skb)->when = tcp_time_stamp; 2814 TCP_SKB_CB(skb)->when = tcp_time_stamp;
2805 err = tcp_transmit_skb(sk, skb, 1, GFP_ATOMIC); 2815 err = tcp_transmit_skb(sk, skb, 1, GFP_ATOMIC);
2806 if (!err) 2816 if (!err)
diff --git a/net/ipv4/tcp_timer.c b/net/ipv4/tcp_timer.c
index ecd44b0c45f1..2e0f0af76c19 100644
--- a/net/ipv4/tcp_timer.c
+++ b/net/ipv4/tcp_timer.c
@@ -334,7 +334,6 @@ void tcp_retransmit_timer(struct sock *sk)
334 * connection. If the socket is an orphan, time it out, 334 * connection. If the socket is an orphan, time it out,
335 * we cannot allow such beasts to hang infinitely. 335 * we cannot allow such beasts to hang infinitely.
336 */ 336 */
337#ifdef TCP_DEBUG
338 struct inet_sock *inet = inet_sk(sk); 337 struct inet_sock *inet = inet_sk(sk);
339 if (sk->sk_family == AF_INET) { 338 if (sk->sk_family == AF_INET) {
340 LIMIT_NETDEBUG(KERN_DEBUG "TCP: Peer %pI4:%u/%u unexpectedly shrunk window %u:%u (repaired)\n", 339 LIMIT_NETDEBUG(KERN_DEBUG "TCP: Peer %pI4:%u/%u unexpectedly shrunk window %u:%u (repaired)\n",
@@ -349,7 +348,6 @@ void tcp_retransmit_timer(struct sock *sk)
349 inet->inet_num, tp->snd_una, tp->snd_nxt); 348 inet->inet_num, tp->snd_una, tp->snd_nxt);
350 } 349 }
351#endif 350#endif
352#endif
353 if (tcp_time_stamp - tp->rcv_tstamp > TCP_RTO_MAX) { 351 if (tcp_time_stamp - tp->rcv_tstamp > TCP_RTO_MAX) {
354 tcp_write_err(sk); 352 tcp_write_err(sk);
355 goto out; 353 goto out;
diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
index 1b5a19340a95..ebaa96bd3464 100644
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -1267,7 +1267,7 @@ int udp_disconnect(struct sock *sk, int flags)
1267 sk->sk_state = TCP_CLOSE; 1267 sk->sk_state = TCP_CLOSE;
1268 inet->inet_daddr = 0; 1268 inet->inet_daddr = 0;
1269 inet->inet_dport = 0; 1269 inet->inet_dport = 0;
1270 sock_rps_save_rxhash(sk, 0); 1270 sock_rps_reset_rxhash(sk);
1271 sk->sk_bound_dev_if = 0; 1271 sk->sk_bound_dev_if = 0;
1272 if (!(sk->sk_userlocks & SOCK_BINDADDR_LOCK)) 1272 if (!(sk->sk_userlocks & SOCK_BINDADDR_LOCK))
1273 inet_reset_saddr(sk); 1273 inet_reset_saddr(sk);
@@ -1355,7 +1355,7 @@ static int __udp_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
1355 int rc; 1355 int rc;
1356 1356
1357 if (inet_sk(sk)->inet_daddr) 1357 if (inet_sk(sk)->inet_daddr)
1358 sock_rps_save_rxhash(sk, skb->rxhash); 1358 sock_rps_save_rxhash(sk, skb);
1359 1359
1360 rc = ip_queue_rcv_skb(sk, skb); 1360 rc = ip_queue_rcv_skb(sk, skb);
1361 if (rc < 0) { 1361 if (rc < 0) {
@@ -1461,10 +1461,9 @@ int udp_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
1461 } 1461 }
1462 } 1462 }
1463 1463
1464 if (rcu_dereference_raw(sk->sk_filter)) { 1464 if (rcu_access_pointer(sk->sk_filter) &&
1465 if (udp_lib_checksum_complete(skb)) 1465 udp_lib_checksum_complete(skb))
1466 goto drop; 1466 goto drop;
1467 }
1468 1467
1469 1468
1470 if (sk_rcvqueues_full(sk, skb)) 1469 if (sk_rcvqueues_full(sk, skb))
diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c
index fc5368ad2b0d..a0b4c5da8d43 100644
--- a/net/ipv4/xfrm4_policy.c
+++ b/net/ipv4/xfrm4_policy.c
@@ -79,13 +79,13 @@ static int xfrm4_fill_dst(struct xfrm_dst *xdst, struct net_device *dev,
79 struct rtable *rt = (struct rtable *)xdst->route; 79 struct rtable *rt = (struct rtable *)xdst->route;
80 const struct flowi4 *fl4 = &fl->u.ip4; 80 const struct flowi4 *fl4 = &fl->u.ip4;
81 81
82 rt->rt_key_dst = fl4->daddr; 82 xdst->u.rt.rt_key_dst = fl4->daddr;
83 rt->rt_key_src = fl4->saddr; 83 xdst->u.rt.rt_key_src = fl4->saddr;
84 rt->rt_key_tos = fl4->flowi4_tos; 84 xdst->u.rt.rt_key_tos = fl4->flowi4_tos;
85 rt->rt_route_iif = fl4->flowi4_iif; 85 xdst->u.rt.rt_route_iif = fl4->flowi4_iif;
86 rt->rt_iif = fl4->flowi4_iif; 86 xdst->u.rt.rt_iif = fl4->flowi4_iif;
87 rt->rt_oif = fl4->flowi4_oif; 87 xdst->u.rt.rt_oif = fl4->flowi4_oif;
88 rt->rt_mark = fl4->flowi4_mark; 88 xdst->u.rt.rt_mark = fl4->flowi4_mark;
89 89
90 xdst->u.dst.dev = dev; 90 xdst->u.dst.dev = dev;
91 dev_hold(dev); 91 dev_hold(dev);
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index a55500cc0b29..d0611a5de45f 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -374,8 +374,8 @@ static struct inet6_dev * ipv6_add_dev(struct net_device *dev)
374 "%s(): cannot allocate memory for statistics; dev=%s.\n", 374 "%s(): cannot allocate memory for statistics; dev=%s.\n",
375 __func__, dev->name)); 375 __func__, dev->name));
376 neigh_parms_release(&nd_tbl, ndev->nd_parms); 376 neigh_parms_release(&nd_tbl, ndev->nd_parms);
377 ndev->dead = 1; 377 dev_put(dev);
378 in6_dev_finish_destroy(ndev); 378 kfree(ndev);
379 return NULL; 379 return NULL;
380 } 380 }
381 381
@@ -428,7 +428,7 @@ static struct inet6_dev * ipv6_add_dev(struct net_device *dev)
428 ndev->tstamp = jiffies; 428 ndev->tstamp = jiffies;
429 addrconf_sysctl_register(ndev); 429 addrconf_sysctl_register(ndev);
430 /* protected by rtnl_lock */ 430 /* protected by rtnl_lock */
431 rcu_assign_pointer(dev->ip6_ptr, ndev); 431 RCU_INIT_POINTER(dev->ip6_ptr, ndev);
432 432
433 /* Join all-node multicast group */ 433 /* Join all-node multicast group */
434 ipv6_dev_mc_inc(dev, &in6addr_linklocal_allnodes); 434 ipv6_dev_mc_inc(dev, &in6addr_linklocal_allnodes);
@@ -656,7 +656,7 @@ ipv6_add_addr(struct inet6_dev *idev, const struct in6_addr *addr, int pfxlen,
656 * layer address of our nexhop router 656 * layer address of our nexhop router
657 */ 657 */
658 658
659 if (dst_get_neighbour(&rt->dst) == NULL) 659 if (dst_get_neighbour_raw(&rt->dst) == NULL)
660 ifa->flags &= ~IFA_F_OPTIMISTIC; 660 ifa->flags &= ~IFA_F_OPTIMISTIC;
661 661
662 ifa->idev = idev; 662 ifa->idev = idev;
@@ -824,12 +824,13 @@ static int ipv6_create_tempaddr(struct inet6_ifaddr *ifp, struct inet6_ifaddr *i
824{ 824{
825 struct inet6_dev *idev = ifp->idev; 825 struct inet6_dev *idev = ifp->idev;
826 struct in6_addr addr, *tmpaddr; 826 struct in6_addr addr, *tmpaddr;
827 unsigned long tmp_prefered_lft, tmp_valid_lft, tmp_cstamp, tmp_tstamp, age; 827 unsigned long tmp_prefered_lft, tmp_valid_lft, tmp_tstamp, age;
828 unsigned long regen_advance; 828 unsigned long regen_advance;
829 int tmp_plen; 829 int tmp_plen;
830 int ret = 0; 830 int ret = 0;
831 int max_addresses; 831 int max_addresses;
832 u32 addr_flags; 832 u32 addr_flags;
833 unsigned long now = jiffies;
833 834
834 write_lock(&idev->lock); 835 write_lock(&idev->lock);
835 if (ift) { 836 if (ift) {
@@ -874,7 +875,7 @@ retry:
874 goto out; 875 goto out;
875 } 876 }
876 memcpy(&addr.s6_addr[8], idev->rndid, 8); 877 memcpy(&addr.s6_addr[8], idev->rndid, 8);
877 age = (jiffies - ifp->tstamp) / HZ; 878 age = (now - ifp->tstamp) / HZ;
878 tmp_valid_lft = min_t(__u32, 879 tmp_valid_lft = min_t(__u32,
879 ifp->valid_lft, 880 ifp->valid_lft,
880 idev->cnf.temp_valid_lft + age); 881 idev->cnf.temp_valid_lft + age);
@@ -884,7 +885,6 @@ retry:
884 idev->cnf.max_desync_factor); 885 idev->cnf.max_desync_factor);
885 tmp_plen = ifp->prefix_len; 886 tmp_plen = ifp->prefix_len;
886 max_addresses = idev->cnf.max_addresses; 887 max_addresses = idev->cnf.max_addresses;
887 tmp_cstamp = ifp->cstamp;
888 tmp_tstamp = ifp->tstamp; 888 tmp_tstamp = ifp->tstamp;
889 spin_unlock_bh(&ifp->lock); 889 spin_unlock_bh(&ifp->lock);
890 890
@@ -929,7 +929,7 @@ retry:
929 ift->ifpub = ifp; 929 ift->ifpub = ifp;
930 ift->valid_lft = tmp_valid_lft; 930 ift->valid_lft = tmp_valid_lft;
931 ift->prefered_lft = tmp_prefered_lft; 931 ift->prefered_lft = tmp_prefered_lft;
932 ift->cstamp = tmp_cstamp; 932 ift->cstamp = now;
933 ift->tstamp = tmp_tstamp; 933 ift->tstamp = tmp_tstamp;
934 spin_unlock_bh(&ift->lock); 934 spin_unlock_bh(&ift->lock);
935 935
@@ -1713,6 +1713,40 @@ addrconf_prefix_route(struct in6_addr *pfx, int plen, struct net_device *dev,
1713 ip6_route_add(&cfg); 1713 ip6_route_add(&cfg);
1714} 1714}
1715 1715
1716
1717static struct rt6_info *addrconf_get_prefix_route(const struct in6_addr *pfx,
1718 int plen,
1719 const struct net_device *dev,
1720 u32 flags, u32 noflags)
1721{
1722 struct fib6_node *fn;
1723 struct rt6_info *rt = NULL;
1724 struct fib6_table *table;
1725
1726 table = fib6_get_table(dev_net(dev), RT6_TABLE_PREFIX);
1727 if (table == NULL)
1728 return NULL;
1729
1730 write_lock_bh(&table->tb6_lock);
1731 fn = fib6_locate(&table->tb6_root, pfx, plen, NULL, 0);
1732 if (!fn)
1733 goto out;
1734 for (rt = fn->leaf; rt; rt = rt->dst.rt6_next) {
1735 if (rt->rt6i_dev->ifindex != dev->ifindex)
1736 continue;
1737 if ((rt->rt6i_flags & flags) != flags)
1738 continue;
1739 if ((noflags != 0) && ((rt->rt6i_flags & flags) != 0))
1740 continue;
1741 dst_hold(&rt->dst);
1742 break;
1743 }
1744out:
1745 write_unlock_bh(&table->tb6_lock);
1746 return rt;
1747}
1748
1749
1716/* Create "default" multicast route to the interface */ 1750/* Create "default" multicast route to the interface */
1717 1751
1718static void addrconf_add_mroute(struct net_device *dev) 1752static void addrconf_add_mroute(struct net_device *dev)
@@ -1842,10 +1876,13 @@ void addrconf_prefix_rcv(struct net_device *dev, u8 *opt, int len)
1842 if (addrconf_finite_timeout(rt_expires)) 1876 if (addrconf_finite_timeout(rt_expires))
1843 rt_expires *= HZ; 1877 rt_expires *= HZ;
1844 1878
1845 rt = rt6_lookup(net, &pinfo->prefix, NULL, 1879 rt = addrconf_get_prefix_route(&pinfo->prefix,
1846 dev->ifindex, 1); 1880 pinfo->prefix_len,
1881 dev,
1882 RTF_ADDRCONF | RTF_PREFIX_RT,
1883 RTF_GATEWAY | RTF_DEFAULT);
1847 1884
1848 if (rt && addrconf_is_prefix_route(rt)) { 1885 if (rt) {
1849 /* Autoconf prefix route */ 1886 /* Autoconf prefix route */
1850 if (valid_lft == 0) { 1887 if (valid_lft == 0) {
1851 ip6_del_rt(rt); 1888 ip6_del_rt(rt);
@@ -1999,25 +2036,50 @@ ok:
1999#ifdef CONFIG_IPV6_PRIVACY 2036#ifdef CONFIG_IPV6_PRIVACY
2000 read_lock_bh(&in6_dev->lock); 2037 read_lock_bh(&in6_dev->lock);
2001 /* update all temporary addresses in the list */ 2038 /* update all temporary addresses in the list */
2002 list_for_each_entry(ift, &in6_dev->tempaddr_list, tmp_list) { 2039 list_for_each_entry(ift, &in6_dev->tempaddr_list,
2003 /* 2040 tmp_list) {
2004 * When adjusting the lifetimes of an existing 2041 int age, max_valid, max_prefered;
2005 * temporary address, only lower the lifetimes. 2042
2006 * Implementations must not increase the
2007 * lifetimes of an existing temporary address
2008 * when processing a Prefix Information Option.
2009 */
2010 if (ifp != ift->ifpub) 2043 if (ifp != ift->ifpub)
2011 continue; 2044 continue;
2012 2045
2046 /*
2047 * RFC 4941 section 3.3:
2048 * If a received option will extend the lifetime
2049 * of a public address, the lifetimes of
2050 * temporary addresses should be extended,
2051 * subject to the overall constraint that no
2052 * temporary addresses should ever remain
2053 * "valid" or "preferred" for a time longer than
2054 * (TEMP_VALID_LIFETIME) or
2055 * (TEMP_PREFERRED_LIFETIME - DESYNC_FACTOR),
2056 * respectively.
2057 */
2058 age = (now - ift->cstamp) / HZ;
2059 max_valid = in6_dev->cnf.temp_valid_lft - age;
2060 if (max_valid < 0)
2061 max_valid = 0;
2062
2063 max_prefered = in6_dev->cnf.temp_prefered_lft -
2064 in6_dev->cnf.max_desync_factor -
2065 age;
2066 if (max_prefered < 0)
2067 max_prefered = 0;
2068
2069 if (valid_lft > max_valid)
2070 valid_lft = max_valid;
2071
2072 if (prefered_lft > max_prefered)
2073 prefered_lft = max_prefered;
2074
2013 spin_lock(&ift->lock); 2075 spin_lock(&ift->lock);
2014 flags = ift->flags; 2076 flags = ift->flags;
2015 if (ift->valid_lft > valid_lft && 2077 ift->valid_lft = valid_lft;
2016 ift->valid_lft - valid_lft > (jiffies - ift->tstamp) / HZ) 2078 ift->prefered_lft = prefered_lft;
2017 ift->valid_lft = valid_lft + (jiffies - ift->tstamp) / HZ; 2079 ift->tstamp = now;
2018 if (ift->prefered_lft > prefered_lft && 2080 if (prefered_lft > 0)
2019 ift->prefered_lft - prefered_lft > (jiffies - ift->tstamp) / HZ) 2081 ift->flags &= ~IFA_F_DEPRECATED;
2020 ift->prefered_lft = prefered_lft + (jiffies - ift->tstamp) / HZ; 2082
2021 spin_unlock(&ift->lock); 2083 spin_unlock(&ift->lock);
2022 if (!(flags&IFA_F_TENTATIVE)) 2084 if (!(flags&IFA_F_TENTATIVE))
2023 ipv6_ifa_notify(0, ift); 2085 ipv6_ifa_notify(0, ift);
@@ -2025,9 +2087,11 @@ ok:
2025 2087
2026 if ((create || list_empty(&in6_dev->tempaddr_list)) && in6_dev->cnf.use_tempaddr > 0) { 2088 if ((create || list_empty(&in6_dev->tempaddr_list)) && in6_dev->cnf.use_tempaddr > 0) {
2027 /* 2089 /*
2028 * When a new public address is created as described in [ADDRCONF], 2090 * When a new public address is created as
2029 * also create a new temporary address. Also create a temporary 2091 * described in [ADDRCONF], also create a new
2030 * address if it's enabled but no temporary address currently exists. 2092 * temporary address. Also create a temporary
2093 * address if it's enabled but no temporary
2094 * address currently exists.
2031 */ 2095 */
2032 read_unlock_bh(&in6_dev->lock); 2096 read_unlock_bh(&in6_dev->lock);
2033 ipv6_create_tempaddr(ifp, NULL); 2097 ipv6_create_tempaddr(ifp, NULL);
@@ -2706,7 +2770,7 @@ static int addrconf_ifdown(struct net_device *dev, int how)
2706 idev->dead = 1; 2770 idev->dead = 1;
2707 2771
2708 /* protected by rtnl_lock */ 2772 /* protected by rtnl_lock */
2709 rcu_assign_pointer(dev->ip6_ptr, NULL); 2773 RCU_INIT_POINTER(dev->ip6_ptr, NULL);
2710 2774
2711 /* Step 1.5: remove snmp6 entry */ 2775 /* Step 1.5: remove snmp6 entry */
2712 snmp6_unregister_dev(idev); 2776 snmp6_unregister_dev(idev);
@@ -2969,12 +3033,12 @@ static void addrconf_dad_completed(struct inet6_ifaddr *ifp)
2969 3033
2970 ipv6_ifa_notify(RTM_NEWADDR, ifp); 3034 ipv6_ifa_notify(RTM_NEWADDR, ifp);
2971 3035
2972 /* If added prefix is link local and forwarding is off, 3036 /* If added prefix is link local and we are prepared to process
2973 start sending router solicitations. 3037 router advertisements, start sending router solicitations.
2974 */ 3038 */
2975 3039
2976 if ((ifp->idev->cnf.forwarding == 0 || 3040 if (((ifp->idev->cnf.accept_ra == 1 && !ifp->idev->cnf.forwarding) ||
2977 ifp->idev->cnf.forwarding == 2) && 3041 ifp->idev->cnf.accept_ra == 2) &&
2978 ifp->idev->cnf.rtr_solicits > 0 && 3042 ifp->idev->cnf.rtr_solicits > 0 &&
2979 (dev->flags&IFF_LOOPBACK) == 0 && 3043 (dev->flags&IFF_LOOPBACK) == 0 &&
2980 (ipv6_addr_type(&ifp->addr) & IPV6_ADDR_LINKLOCAL)) { 3044 (ipv6_addr_type(&ifp->addr) & IPV6_ADDR_LINKLOCAL)) {
diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
index 3b5669a2582d..d27c797f9f05 100644
--- a/net/ipv6/af_inet6.c
+++ b/net/ipv6/af_inet6.c
@@ -875,6 +875,7 @@ static struct sk_buff **ipv6_gro_receive(struct sk_buff **head,
875 skb_reset_transport_header(skb); 875 skb_reset_transport_header(skb);
876 __skb_push(skb, skb_gro_offset(skb)); 876 __skb_push(skb, skb_gro_offset(skb));
877 877
878 ops = rcu_dereference(inet6_protos[proto]);
878 if (!ops || !ops->gro_receive) 879 if (!ops || !ops->gro_receive)
879 goto out_unlock; 880 goto out_unlock;
880 881
diff --git a/net/ipv6/datagram.c b/net/ipv6/datagram.c
index 16560336eb72..e2480691c220 100644
--- a/net/ipv6/datagram.c
+++ b/net/ipv6/datagram.c
@@ -33,6 +33,11 @@
33#include <linux/errqueue.h> 33#include <linux/errqueue.h>
34#include <asm/uaccess.h> 34#include <asm/uaccess.h>
35 35
36static inline int ipv6_mapped_addr_any(const struct in6_addr *a)
37{
38 return (ipv6_addr_v4mapped(a) && (a->s6_addr32[3] == 0));
39}
40
36int ip6_datagram_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len) 41int ip6_datagram_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len)
37{ 42{
38 struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr; 43 struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr;
@@ -102,10 +107,12 @@ ipv4_connected:
102 107
103 ipv6_addr_set_v4mapped(inet->inet_daddr, &np->daddr); 108 ipv6_addr_set_v4mapped(inet->inet_daddr, &np->daddr);
104 109
105 if (ipv6_addr_any(&np->saddr)) 110 if (ipv6_addr_any(&np->saddr) ||
111 ipv6_mapped_addr_any(&np->saddr))
106 ipv6_addr_set_v4mapped(inet->inet_saddr, &np->saddr); 112 ipv6_addr_set_v4mapped(inet->inet_saddr, &np->saddr);
107 113
108 if (ipv6_addr_any(&np->rcv_saddr)) { 114 if (ipv6_addr_any(&np->rcv_saddr) ||
115 ipv6_mapped_addr_any(&np->rcv_saddr)) {
109 ipv6_addr_set_v4mapped(inet->inet_rcv_saddr, 116 ipv6_addr_set_v4mapped(inet->inet_rcv_saddr,
110 &np->rcv_saddr); 117 &np->rcv_saddr);
111 if (sk->sk_prot->rehash) 118 if (sk->sk_prot->rehash)
@@ -290,10 +297,6 @@ void ipv6_local_rxpmtu(struct sock *sk, struct flowi6 *fl6, u32 mtu)
290 ipv6_addr_copy(&iph->daddr, &fl6->daddr); 297 ipv6_addr_copy(&iph->daddr, &fl6->daddr);
291 298
292 mtu_info = IP6CBMTU(skb); 299 mtu_info = IP6CBMTU(skb);
293 if (!mtu_info) {
294 kfree_skb(skb);
295 return;
296 }
297 300
298 mtu_info->ip6m_mtu = mtu; 301 mtu_info->ip6m_mtu = mtu;
299 mtu_info->ip6m_addr.sin6_family = AF_INET6; 302 mtu_info->ip6m_addr.sin6_family = AF_INET6;
@@ -592,7 +595,7 @@ int datagram_recv_ctl(struct sock *sk, struct msghdr *msg, struct sk_buff *skb)
592 return 0; 595 return 0;
593} 596}
594 597
595int datagram_send_ctl(struct net *net, 598int datagram_send_ctl(struct net *net, struct sock *sk,
596 struct msghdr *msg, struct flowi6 *fl6, 599 struct msghdr *msg, struct flowi6 *fl6,
597 struct ipv6_txoptions *opt, 600 struct ipv6_txoptions *opt,
598 int *hlimit, int *tclass, int *dontfrag) 601 int *hlimit, int *tclass, int *dontfrag)
@@ -651,7 +654,8 @@ int datagram_send_ctl(struct net *net,
651 654
652 if (addr_type != IPV6_ADDR_ANY) { 655 if (addr_type != IPV6_ADDR_ANY) {
653 int strict = __ipv6_addr_src_scope(addr_type) <= IPV6_ADDR_SCOPE_LINKLOCAL; 656 int strict = __ipv6_addr_src_scope(addr_type) <= IPV6_ADDR_SCOPE_LINKLOCAL;
654 if (!ipv6_chk_addr(net, &src_info->ipi6_addr, 657 if (!inet_sk(sk)->transparent &&
658 !ipv6_chk_addr(net, &src_info->ipi6_addr,
655 strict ? dev : NULL, 0)) 659 strict ? dev : NULL, 0))
656 err = -EINVAL; 660 err = -EINVAL;
657 else 661 else
diff --git a/net/ipv6/exthdrs.c b/net/ipv6/exthdrs.c
index 79a485e8a700..1318de4c3e8d 100644
--- a/net/ipv6/exthdrs.c
+++ b/net/ipv6/exthdrs.c
@@ -273,12 +273,12 @@ static int ipv6_destopt_rcv(struct sk_buff *skb)
273#if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE) 273#if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE)
274 __u16 dstbuf; 274 __u16 dstbuf;
275#endif 275#endif
276 struct dst_entry *dst; 276 struct dst_entry *dst = skb_dst(skb);
277 277
278 if (!pskb_may_pull(skb, skb_transport_offset(skb) + 8) || 278 if (!pskb_may_pull(skb, skb_transport_offset(skb) + 8) ||
279 !pskb_may_pull(skb, (skb_transport_offset(skb) + 279 !pskb_may_pull(skb, (skb_transport_offset(skb) +
280 ((skb_transport_header(skb)[1] + 1) << 3)))) { 280 ((skb_transport_header(skb)[1] + 1) << 3)))) {
281 IP6_INC_STATS_BH(dev_net(skb_dst(skb)->dev), ip6_dst_idev(skb_dst(skb)), 281 IP6_INC_STATS_BH(dev_net(dst->dev), ip6_dst_idev(dst),
282 IPSTATS_MIB_INHDRERRORS); 282 IPSTATS_MIB_INHDRERRORS);
283 kfree_skb(skb); 283 kfree_skb(skb);
284 return -1; 284 return -1;
@@ -289,9 +289,7 @@ static int ipv6_destopt_rcv(struct sk_buff *skb)
289 dstbuf = opt->dst1; 289 dstbuf = opt->dst1;
290#endif 290#endif
291 291
292 dst = dst_clone(skb_dst(skb));
293 if (ip6_parse_tlv(tlvprocdestopt_lst, skb)) { 292 if (ip6_parse_tlv(tlvprocdestopt_lst, skb)) {
294 dst_release(dst);
295 skb->transport_header += (skb_transport_header(skb)[1] + 1) << 3; 293 skb->transport_header += (skb_transport_header(skb)[1] + 1) << 3;
296 opt = IP6CB(skb); 294 opt = IP6CB(skb);
297#if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE) 295#if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE)
@@ -304,7 +302,6 @@ static int ipv6_destopt_rcv(struct sk_buff *skb)
304 302
305 IP6_INC_STATS_BH(dev_net(dst->dev), 303 IP6_INC_STATS_BH(dev_net(dst->dev),
306 ip6_dst_idev(dst), IPSTATS_MIB_INHDRERRORS); 304 ip6_dst_idev(dst), IPSTATS_MIB_INHDRERRORS);
307 dst_release(dst);
308 return -1; 305 return -1;
309} 306}
310 307
diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c
index 11900417b1cc..90868fb42757 100644
--- a/net/ipv6/icmp.c
+++ b/net/ipv6/icmp.c
@@ -490,7 +490,8 @@ void icmpv6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info)
490 goto out_dst_release; 490 goto out_dst_release;
491 } 491 }
492 492
493 idev = in6_dev_get(skb->dev); 493 rcu_read_lock();
494 idev = __in6_dev_get(skb->dev);
494 495
495 err = ip6_append_data(sk, icmpv6_getfrag, &msg, 496 err = ip6_append_data(sk, icmpv6_getfrag, &msg,
496 len + sizeof(struct icmp6hdr), 497 len + sizeof(struct icmp6hdr),
@@ -500,19 +501,16 @@ void icmpv6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info)
500 if (err) { 501 if (err) {
501 ICMP6_INC_STATS_BH(net, idev, ICMP6_MIB_OUTERRORS); 502 ICMP6_INC_STATS_BH(net, idev, ICMP6_MIB_OUTERRORS);
502 ip6_flush_pending_frames(sk); 503 ip6_flush_pending_frames(sk);
503 goto out_put; 504 } else {
505 err = icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr,
506 len + sizeof(struct icmp6hdr));
504 } 507 }
505 err = icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr, len + sizeof(struct icmp6hdr)); 508 rcu_read_unlock();
506
507out_put:
508 if (likely(idev != NULL))
509 in6_dev_put(idev);
510out_dst_release: 509out_dst_release:
511 dst_release(dst); 510 dst_release(dst);
512out: 511out:
513 icmpv6_xmit_unlock(sk); 512 icmpv6_xmit_unlock(sk);
514} 513}
515
516EXPORT_SYMBOL(icmpv6_send); 514EXPORT_SYMBOL(icmpv6_send);
517 515
518static void icmpv6_echo_reply(struct sk_buff *skb) 516static void icmpv6_echo_reply(struct sk_buff *skb)
@@ -569,7 +567,7 @@ static void icmpv6_echo_reply(struct sk_buff *skb)
569 if (hlimit < 0) 567 if (hlimit < 0)
570 hlimit = ip6_dst_hoplimit(dst); 568 hlimit = ip6_dst_hoplimit(dst);
571 569
572 idev = in6_dev_get(skb->dev); 570 idev = __in6_dev_get(skb->dev);
573 571
574 msg.skb = skb; 572 msg.skb = skb;
575 msg.offset = 0; 573 msg.offset = 0;
@@ -583,13 +581,10 @@ static void icmpv6_echo_reply(struct sk_buff *skb)
583 if (err) { 581 if (err) {
584 ICMP6_INC_STATS_BH(net, idev, ICMP6_MIB_OUTERRORS); 582 ICMP6_INC_STATS_BH(net, idev, ICMP6_MIB_OUTERRORS);
585 ip6_flush_pending_frames(sk); 583 ip6_flush_pending_frames(sk);
586 goto out_put; 584 } else {
585 err = icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr,
586 skb->len + sizeof(struct icmp6hdr));
587 } 587 }
588 err = icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr, skb->len + sizeof(struct icmp6hdr));
589
590out_put:
591 if (likely(idev != NULL))
592 in6_dev_put(idev);
593 dst_release(dst); 588 dst_release(dst);
594out: 589out:
595 icmpv6_xmit_unlock(sk); 590 icmpv6_xmit_unlock(sk);
@@ -840,8 +835,7 @@ static int __net_init icmpv6_sk_init(struct net *net)
840 /* Enough space for 2 64K ICMP packets, including 835 /* Enough space for 2 64K ICMP packets, including
841 * sk_buff struct overhead. 836 * sk_buff struct overhead.
842 */ 837 */
843 sk->sk_sndbuf = 838 sk->sk_sndbuf = 2 * SKB_TRUESIZE(64 * 1024);
844 (2 * ((64 * 1024) + sizeof(struct sk_buff)));
845 } 839 }
846 return 0; 840 return 0;
847 841
diff --git a/net/ipv6/inet6_connection_sock.c b/net/ipv6/inet6_connection_sock.c
index 8a58e8cf6646..fee46d5a2f12 100644
--- a/net/ipv6/inet6_connection_sock.c
+++ b/net/ipv6/inet6_connection_sock.c
@@ -211,6 +211,7 @@ int inet6_csk_xmit(struct sk_buff *skb, struct flowi *fl_unused)
211 struct flowi6 fl6; 211 struct flowi6 fl6;
212 struct dst_entry *dst; 212 struct dst_entry *dst;
213 struct in6_addr *final_p, final; 213 struct in6_addr *final_p, final;
214 int res;
214 215
215 memset(&fl6, 0, sizeof(fl6)); 216 memset(&fl6, 0, sizeof(fl6));
216 fl6.flowi6_proto = sk->sk_protocol; 217 fl6.flowi6_proto = sk->sk_protocol;
@@ -241,12 +242,14 @@ int inet6_csk_xmit(struct sk_buff *skb, struct flowi *fl_unused)
241 __inet6_csk_dst_store(sk, dst, NULL, NULL); 242 __inet6_csk_dst_store(sk, dst, NULL, NULL);
242 } 243 }
243 244
244 skb_dst_set(skb, dst_clone(dst)); 245 rcu_read_lock();
246 skb_dst_set_noref(skb, dst);
245 247
246 /* Restore final destination back after routing done */ 248 /* Restore final destination back after routing done */
247 ipv6_addr_copy(&fl6.daddr, &np->daddr); 249 ipv6_addr_copy(&fl6.daddr, &np->daddr);
248 250
249 return ip6_xmit(sk, skb, &fl6, np->opt); 251 res = ip6_xmit(sk, skb, &fl6, np->opt, np->tclass);
252 rcu_read_unlock();
253 return res;
250} 254}
251
252EXPORT_SYMBOL_GPL(inet6_csk_xmit); 255EXPORT_SYMBOL_GPL(inet6_csk_xmit);
diff --git a/net/ipv6/inet6_hashtables.c b/net/ipv6/inet6_hashtables.c
index b53197233709..73f1a00a96af 100644
--- a/net/ipv6/inet6_hashtables.c
+++ b/net/ipv6/inet6_hashtables.c
@@ -20,6 +20,7 @@
20#include <net/inet_connection_sock.h> 20#include <net/inet_connection_sock.h>
21#include <net/inet_hashtables.h> 21#include <net/inet_hashtables.h>
22#include <net/inet6_hashtables.h> 22#include <net/inet6_hashtables.h>
23#include <net/secure_seq.h>
23#include <net/ip.h> 24#include <net/ip.h>
24 25
25int __inet6_hash(struct sock *sk, struct inet_timewait_sock *tw) 26int __inet6_hash(struct sock *sk, struct inet_timewait_sock *tw)
diff --git a/net/ipv6/ip6_fib.c b/net/ipv6/ip6_fib.c
index 54a4678955bf..93718f3db79b 100644
--- a/net/ipv6/ip6_fib.c
+++ b/net/ipv6/ip6_fib.c
@@ -28,10 +28,6 @@
28#include <linux/list.h> 28#include <linux/list.h>
29#include <linux/slab.h> 29#include <linux/slab.h>
30 30
31#ifdef CONFIG_PROC_FS
32#include <linux/proc_fs.h>
33#endif
34
35#include <net/ipv6.h> 31#include <net/ipv6.h>
36#include <net/ndisc.h> 32#include <net/ndisc.h>
37#include <net/addrconf.h> 33#include <net/addrconf.h>
@@ -1455,7 +1451,7 @@ static int fib6_age(struct rt6_info *rt, void *arg)
1455 RT6_TRACE("aging clone %p\n", rt); 1451 RT6_TRACE("aging clone %p\n", rt);
1456 return -1; 1452 return -1;
1457 } else if ((rt->rt6i_flags & RTF_GATEWAY) && 1453 } else if ((rt->rt6i_flags & RTF_GATEWAY) &&
1458 (!(dst_get_neighbour(&rt->dst)->flags & NTF_ROUTER))) { 1454 (!(dst_get_neighbour_raw(&rt->dst)->flags & NTF_ROUTER))) {
1459 RT6_TRACE("purging route %p via non-router but gateway\n", 1455 RT6_TRACE("purging route %p via non-router but gateway\n",
1460 rt); 1456 rt);
1461 return -1; 1457 return -1;
diff --git a/net/ipv6/ip6_flowlabel.c b/net/ipv6/ip6_flowlabel.c
index f3caf1b8d572..543039450193 100644
--- a/net/ipv6/ip6_flowlabel.c
+++ b/net/ipv6/ip6_flowlabel.c
@@ -322,8 +322,8 @@ static int fl6_renew(struct ip6_flowlabel *fl, unsigned long linger, unsigned lo
322} 322}
323 323
324static struct ip6_flowlabel * 324static struct ip6_flowlabel *
325fl_create(struct net *net, struct in6_flowlabel_req *freq, char __user *optval, 325fl_create(struct net *net, struct sock *sk, struct in6_flowlabel_req *freq,
326 int optlen, int *err_p) 326 char __user *optval, int optlen, int *err_p)
327{ 327{
328 struct ip6_flowlabel *fl = NULL; 328 struct ip6_flowlabel *fl = NULL;
329 int olen; 329 int olen;
@@ -360,7 +360,7 @@ fl_create(struct net *net, struct in6_flowlabel_req *freq, char __user *optval,
360 msg.msg_control = (void*)(fl->opt+1); 360 msg.msg_control = (void*)(fl->opt+1);
361 memset(&flowi6, 0, sizeof(flowi6)); 361 memset(&flowi6, 0, sizeof(flowi6));
362 362
363 err = datagram_send_ctl(net, &msg, &flowi6, fl->opt, &junk, 363 err = datagram_send_ctl(net, sk, &msg, &flowi6, fl->opt, &junk,
364 &junk, &junk); 364 &junk, &junk);
365 if (err) 365 if (err)
366 goto done; 366 goto done;
@@ -528,7 +528,7 @@ int ipv6_flowlabel_opt(struct sock *sk, char __user *optval, int optlen)
528 if (freq.flr_label & ~IPV6_FLOWLABEL_MASK) 528 if (freq.flr_label & ~IPV6_FLOWLABEL_MASK)
529 return -EINVAL; 529 return -EINVAL;
530 530
531 fl = fl_create(net, &freq, optval, optlen, &err); 531 fl = fl_create(net, sk, &freq, optval, optlen, &err);
532 if (fl == NULL) 532 if (fl == NULL)
533 return err; 533 return err;
534 sfl1 = kmalloc(sizeof(*sfl1), GFP_KERNEL); 534 sfl1 = kmalloc(sizeof(*sfl1), GFP_KERNEL);
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index 32e5339db0c8..84d0bd5cac93 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -135,10 +135,15 @@ static int ip6_finish_output2(struct sk_buff *skb)
135 skb->len); 135 skb->len);
136 } 136 }
137 137
138 rcu_read_lock();
138 neigh = dst_get_neighbour(dst); 139 neigh = dst_get_neighbour(dst);
139 if (neigh) 140 if (neigh) {
140 return neigh_output(neigh, skb); 141 int res = neigh_output(neigh, skb);
141 142
143 rcu_read_unlock();
144 return res;
145 }
146 rcu_read_unlock();
142 IP6_INC_STATS_BH(dev_net(dst->dev), 147 IP6_INC_STATS_BH(dev_net(dst->dev),
143 ip6_dst_idev(dst), IPSTATS_MIB_OUTNOROUTES); 148 ip6_dst_idev(dst), IPSTATS_MIB_OUTNOROUTES);
144 kfree_skb(skb); 149 kfree_skb(skb);
@@ -175,7 +180,7 @@ int ip6_output(struct sk_buff *skb)
175 */ 180 */
176 181
177int ip6_xmit(struct sock *sk, struct sk_buff *skb, struct flowi6 *fl6, 182int ip6_xmit(struct sock *sk, struct sk_buff *skb, struct flowi6 *fl6,
178 struct ipv6_txoptions *opt) 183 struct ipv6_txoptions *opt, int tclass)
179{ 184{
180 struct net *net = sock_net(sk); 185 struct net *net = sock_net(sk);
181 struct ipv6_pinfo *np = inet6_sk(sk); 186 struct ipv6_pinfo *np = inet6_sk(sk);
@@ -185,7 +190,6 @@ int ip6_xmit(struct sock *sk, struct sk_buff *skb, struct flowi6 *fl6,
185 u8 proto = fl6->flowi6_proto; 190 u8 proto = fl6->flowi6_proto;
186 int seg_len = skb->len; 191 int seg_len = skb->len;
187 int hlimit = -1; 192 int hlimit = -1;
188 int tclass = 0;
189 u32 mtu; 193 u32 mtu;
190 194
191 if (opt) { 195 if (opt) {
@@ -223,10 +227,8 @@ int ip6_xmit(struct sock *sk, struct sk_buff *skb, struct flowi6 *fl6,
223 /* 227 /*
224 * Fill in the IPv6 header 228 * Fill in the IPv6 header
225 */ 229 */
226 if (np) { 230 if (np)
227 tclass = np->tclass;
228 hlimit = np->hop_limit; 231 hlimit = np->hop_limit;
229 }
230 if (hlimit < 0) 232 if (hlimit < 0)
231 hlimit = ip6_dst_hoplimit(dst); 233 hlimit = ip6_dst_hoplimit(dst);
232 234
@@ -975,12 +977,14 @@ static int ip6_dst_lookup_tail(struct sock *sk,
975 * dst entry and replace it instead with the 977 * dst entry and replace it instead with the
976 * dst entry of the nexthop router 978 * dst entry of the nexthop router
977 */ 979 */
980 rcu_read_lock();
978 n = dst_get_neighbour(*dst); 981 n = dst_get_neighbour(*dst);
979 if (n && !(n->nud_state & NUD_VALID)) { 982 if (n && !(n->nud_state & NUD_VALID)) {
980 struct inet6_ifaddr *ifp; 983 struct inet6_ifaddr *ifp;
981 struct flowi6 fl_gw6; 984 struct flowi6 fl_gw6;
982 int redirect; 985 int redirect;
983 986
987 rcu_read_unlock();
984 ifp = ipv6_get_ifaddr(net, &fl6->saddr, 988 ifp = ipv6_get_ifaddr(net, &fl6->saddr,
985 (*dst)->dev, 1); 989 (*dst)->dev, 1);
986 990
@@ -1000,6 +1004,8 @@ static int ip6_dst_lookup_tail(struct sock *sk,
1000 if ((err = (*dst)->error)) 1004 if ((err = (*dst)->error))
1001 goto out_err_release; 1005 goto out_err_release;
1002 } 1006 }
1007 } else {
1008 rcu_read_unlock();
1003 } 1009 }
1004#endif 1010#endif
1005 1011
@@ -1117,7 +1123,7 @@ static inline int ip6_ufo_append_data(struct sock *sk,
1117 hh_len + fragheaderlen + transhdrlen + 20, 1123 hh_len + fragheaderlen + transhdrlen + 20,
1118 (flags & MSG_DONTWAIT), &err); 1124 (flags & MSG_DONTWAIT), &err);
1119 if (skb == NULL) 1125 if (skb == NULL)
1120 return -ENOMEM; 1126 return err;
1121 1127
1122 /* reserve space for Hardware header */ 1128 /* reserve space for Hardware header */
1123 skb_reserve(skb, hh_len); 1129 skb_reserve(skb, hh_len);
@@ -1184,6 +1190,7 @@ int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to,
1184 struct sk_buff *skb; 1190 struct sk_buff *skb;
1185 unsigned int maxfraglen, fragheaderlen; 1191 unsigned int maxfraglen, fragheaderlen;
1186 int exthdrlen; 1192 int exthdrlen;
1193 int dst_exthdrlen;
1187 int hh_len; 1194 int hh_len;
1188 int mtu; 1195 int mtu;
1189 int copy; 1196 int copy;
@@ -1239,7 +1246,7 @@ int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to,
1239 np->cork.hop_limit = hlimit; 1246 np->cork.hop_limit = hlimit;
1240 np->cork.tclass = tclass; 1247 np->cork.tclass = tclass;
1241 mtu = np->pmtudisc == IPV6_PMTUDISC_PROBE ? 1248 mtu = np->pmtudisc == IPV6_PMTUDISC_PROBE ?
1242 rt->dst.dev->mtu : dst_mtu(rt->dst.path); 1249 rt->dst.dev->mtu : dst_mtu(&rt->dst);
1243 if (np->frag_size < mtu) { 1250 if (np->frag_size < mtu) {
1244 if (np->frag_size) 1251 if (np->frag_size)
1245 mtu = np->frag_size; 1252 mtu = np->frag_size;
@@ -1250,16 +1257,17 @@ int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to,
1250 cork->length = 0; 1257 cork->length = 0;
1251 sk->sk_sndmsg_page = NULL; 1258 sk->sk_sndmsg_page = NULL;
1252 sk->sk_sndmsg_off = 0; 1259 sk->sk_sndmsg_off = 0;
1253 exthdrlen = rt->dst.header_len + (opt ? opt->opt_flen : 0) - 1260 exthdrlen = (opt ? opt->opt_flen : 0) - rt->rt6i_nfheader_len;
1254 rt->rt6i_nfheader_len;
1255 length += exthdrlen; 1261 length += exthdrlen;
1256 transhdrlen += exthdrlen; 1262 transhdrlen += exthdrlen;
1263 dst_exthdrlen = rt->dst.header_len;
1257 } else { 1264 } else {
1258 rt = (struct rt6_info *)cork->dst; 1265 rt = (struct rt6_info *)cork->dst;
1259 fl6 = &inet->cork.fl.u.ip6; 1266 fl6 = &inet->cork.fl.u.ip6;
1260 opt = np->cork.opt; 1267 opt = np->cork.opt;
1261 transhdrlen = 0; 1268 transhdrlen = 0;
1262 exthdrlen = 0; 1269 exthdrlen = 0;
1270 dst_exthdrlen = 0;
1263 mtu = cork->fragsize; 1271 mtu = cork->fragsize;
1264 } 1272 }
1265 1273
@@ -1359,6 +1367,8 @@ alloc_new_skb:
1359 else 1367 else
1360 alloclen = datalen + fragheaderlen; 1368 alloclen = datalen + fragheaderlen;
1361 1369
1370 alloclen += dst_exthdrlen;
1371
1362 /* 1372 /*
1363 * The last fragment gets additional space at tail. 1373 * The last fragment gets additional space at tail.
1364 * Note: we overallocate on fragments with MSG_MODE 1374 * Note: we overallocate on fragments with MSG_MODE
@@ -1410,9 +1420,9 @@ alloc_new_skb:
1410 /* 1420 /*
1411 * Find where to start putting bytes 1421 * Find where to start putting bytes
1412 */ 1422 */
1413 data = skb_put(skb, fraglen); 1423 data = skb_put(skb, fraglen + dst_exthdrlen);
1414 skb_set_network_header(skb, exthdrlen); 1424 skb_set_network_header(skb, exthdrlen + dst_exthdrlen);
1415 data += fragheaderlen; 1425 data += fragheaderlen + dst_exthdrlen;
1416 skb->transport_header = (skb->network_header + 1426 skb->transport_header = (skb->network_header +
1417 fragheaderlen); 1427 fragheaderlen);
1418 if (fraggap) { 1428 if (fraggap) {
@@ -1425,6 +1435,7 @@ alloc_new_skb:
1425 pskb_trim_unique(skb_prev, maxfraglen); 1435 pskb_trim_unique(skb_prev, maxfraglen);
1426 } 1436 }
1427 copy = datalen - transhdrlen - fraggap; 1437 copy = datalen - transhdrlen - fraggap;
1438
1428 if (copy < 0) { 1439 if (copy < 0) {
1429 err = -EINVAL; 1440 err = -EINVAL;
1430 kfree_skb(skb); 1441 kfree_skb(skb);
@@ -1439,6 +1450,7 @@ alloc_new_skb:
1439 length -= datalen - fraggap; 1450 length -= datalen - fraggap;
1440 transhdrlen = 0; 1451 transhdrlen = 0;
1441 exthdrlen = 0; 1452 exthdrlen = 0;
1453 dst_exthdrlen = 0;
1442 csummode = CHECKSUM_NONE; 1454 csummode = CHECKSUM_NONE;
1443 1455
1444 /* 1456 /*
@@ -1471,13 +1483,13 @@ alloc_new_skb:
1471 if (page && (left = PAGE_SIZE - off) > 0) { 1483 if (page && (left = PAGE_SIZE - off) > 0) {
1472 if (copy >= left) 1484 if (copy >= left)
1473 copy = left; 1485 copy = left;
1474 if (page != frag->page) { 1486 if (page != skb_frag_page(frag)) {
1475 if (i == MAX_SKB_FRAGS) { 1487 if (i == MAX_SKB_FRAGS) {
1476 err = -EMSGSIZE; 1488 err = -EMSGSIZE;
1477 goto error; 1489 goto error;
1478 } 1490 }
1479 get_page(page);
1480 skb_fill_page_desc(skb, i, page, sk->sk_sndmsg_off, 0); 1491 skb_fill_page_desc(skb, i, page, sk->sk_sndmsg_off, 0);
1492 skb_frag_ref(skb, i);
1481 frag = &skb_shinfo(skb)->frags[i]; 1493 frag = &skb_shinfo(skb)->frags[i];
1482 } 1494 }
1483 } else if(i < MAX_SKB_FRAGS) { 1495 } else if(i < MAX_SKB_FRAGS) {
@@ -1497,12 +1509,14 @@ alloc_new_skb:
1497 err = -EMSGSIZE; 1509 err = -EMSGSIZE;
1498 goto error; 1510 goto error;
1499 } 1511 }
1500 if (getfrag(from, page_address(frag->page)+frag->page_offset+frag->size, offset, copy, skb->len, skb) < 0) { 1512 if (getfrag(from,
1513 skb_frag_address(frag) + skb_frag_size(frag),
1514 offset, copy, skb->len, skb) < 0) {
1501 err = -EFAULT; 1515 err = -EFAULT;
1502 goto error; 1516 goto error;
1503 } 1517 }
1504 sk->sk_sndmsg_off += copy; 1518 sk->sk_sndmsg_off += copy;
1505 frag->size += copy; 1519 skb_frag_size_add(frag, copy);
1506 skb->len += copy; 1520 skb->len += copy;
1507 skb->data_len += copy; 1521 skb->data_len += copy;
1508 skb->truesize += copy; 1522 skb->truesize += copy;
diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
index 0bc98886c383..bdc15c9003d7 100644
--- a/net/ipv6/ip6_tunnel.c
+++ b/net/ipv6/ip6_tunnel.c
@@ -218,8 +218,8 @@ ip6_tnl_link(struct ip6_tnl_net *ip6n, struct ip6_tnl *t)
218{ 218{
219 struct ip6_tnl __rcu **tp = ip6_tnl_bucket(ip6n, &t->parms); 219 struct ip6_tnl __rcu **tp = ip6_tnl_bucket(ip6n, &t->parms);
220 220
221 rcu_assign_pointer(t->next , rtnl_dereference(*tp)); 221 RCU_INIT_POINTER(t->next , rtnl_dereference(*tp));
222 rcu_assign_pointer(*tp, t); 222 RCU_INIT_POINTER(*tp, t);
223} 223}
224 224
225/** 225/**
@@ -237,7 +237,7 @@ ip6_tnl_unlink(struct ip6_tnl_net *ip6n, struct ip6_tnl *t)
237 (iter = rtnl_dereference(*tp)) != NULL; 237 (iter = rtnl_dereference(*tp)) != NULL;
238 tp = &iter->next) { 238 tp = &iter->next) {
239 if (t == iter) { 239 if (t == iter) {
240 rcu_assign_pointer(*tp, t->next); 240 RCU_INIT_POINTER(*tp, t->next);
241 break; 241 break;
242 } 242 }
243 } 243 }
@@ -350,7 +350,7 @@ ip6_tnl_dev_uninit(struct net_device *dev)
350 struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id); 350 struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id);
351 351
352 if (dev == ip6n->fb_tnl_dev) 352 if (dev == ip6n->fb_tnl_dev)
353 rcu_assign_pointer(ip6n->tnls_wc[0], NULL); 353 RCU_INIT_POINTER(ip6n->tnls_wc[0], NULL);
354 else 354 else
355 ip6_tnl_unlink(ip6n, t); 355 ip6_tnl_unlink(ip6n, t);
356 ip6_tnl_dst_reset(t); 356 ip6_tnl_dst_reset(t);
@@ -889,7 +889,7 @@ static int ip6_tnl_xmit2(struct sk_buff *skb,
889 struct net_device_stats *stats = &t->dev->stats; 889 struct net_device_stats *stats = &t->dev->stats;
890 struct ipv6hdr *ipv6h = ipv6_hdr(skb); 890 struct ipv6hdr *ipv6h = ipv6_hdr(skb);
891 struct ipv6_tel_txoption opt; 891 struct ipv6_tel_txoption opt;
892 struct dst_entry *dst; 892 struct dst_entry *dst = NULL, *ndst = NULL;
893 struct net_device *tdev; 893 struct net_device *tdev;
894 int mtu; 894 int mtu;
895 unsigned int max_headroom = sizeof(struct ipv6hdr); 895 unsigned int max_headroom = sizeof(struct ipv6hdr);
@@ -897,19 +897,20 @@ static int ip6_tnl_xmit2(struct sk_buff *skb,
897 int err = -1; 897 int err = -1;
898 int pkt_len; 898 int pkt_len;
899 899
900 if ((dst = ip6_tnl_dst_check(t)) != NULL) 900 if (!fl6->flowi6_mark)
901 dst_hold(dst); 901 dst = ip6_tnl_dst_check(t);
902 else { 902 if (!dst) {
903 dst = ip6_route_output(net, NULL, fl6); 903 ndst = ip6_route_output(net, NULL, fl6);
904 904
905 if (dst->error) 905 if (ndst->error)
906 goto tx_err_link_failure; 906 goto tx_err_link_failure;
907 dst = xfrm_lookup(net, dst, flowi6_to_flowi(fl6), NULL, 0); 907 ndst = xfrm_lookup(net, ndst, flowi6_to_flowi(fl6), NULL, 0);
908 if (IS_ERR(dst)) { 908 if (IS_ERR(ndst)) {
909 err = PTR_ERR(dst); 909 err = PTR_ERR(ndst);
910 dst = NULL; 910 ndst = NULL;
911 goto tx_err_link_failure; 911 goto tx_err_link_failure;
912 } 912 }
913 dst = ndst;
913 } 914 }
914 915
915 tdev = dst->dev; 916 tdev = dst->dev;
@@ -955,8 +956,12 @@ static int ip6_tnl_xmit2(struct sk_buff *skb,
955 skb = new_skb; 956 skb = new_skb;
956 } 957 }
957 skb_dst_drop(skb); 958 skb_dst_drop(skb);
958 skb_dst_set(skb, dst_clone(dst)); 959 if (fl6->flowi6_mark) {
959 960 skb_dst_set(skb, dst);
961 ndst = NULL;
962 } else {
963 skb_dst_set_noref(skb, dst);
964 }
960 skb->transport_header = skb->network_header; 965 skb->transport_header = skb->network_header;
961 966
962 proto = fl6->flowi6_proto; 967 proto = fl6->flowi6_proto;
@@ -987,13 +992,14 @@ static int ip6_tnl_xmit2(struct sk_buff *skb,
987 stats->tx_errors++; 992 stats->tx_errors++;
988 stats->tx_aborted_errors++; 993 stats->tx_aborted_errors++;
989 } 994 }
990 ip6_tnl_dst_store(t, dst); 995 if (ndst)
996 ip6_tnl_dst_store(t, ndst);
991 return 0; 997 return 0;
992tx_err_link_failure: 998tx_err_link_failure:
993 stats->tx_carrier_errors++; 999 stats->tx_carrier_errors++;
994 dst_link_failure(skb); 1000 dst_link_failure(skb);
995tx_err_dst_release: 1001tx_err_dst_release:
996 dst_release(dst); 1002 dst_release(ndst);
997 return err; 1003 return err;
998} 1004}
999 1005
@@ -1020,9 +1026,11 @@ ip4ip6_tnl_xmit(struct sk_buff *skb, struct net_device *dev)
1020 1026
1021 dsfield = ipv4_get_dsfield(iph); 1027 dsfield = ipv4_get_dsfield(iph);
1022 1028
1023 if ((t->parms.flags & IP6_TNL_F_USE_ORIG_TCLASS)) 1029 if (t->parms.flags & IP6_TNL_F_USE_ORIG_TCLASS)
1024 fl6.flowlabel |= htonl((__u32)iph->tos << IPV6_TCLASS_SHIFT) 1030 fl6.flowlabel |= htonl((__u32)iph->tos << IPV6_TCLASS_SHIFT)
1025 & IPV6_TCLASS_MASK; 1031 & IPV6_TCLASS_MASK;
1032 if (t->parms.flags & IP6_TNL_F_USE_ORIG_FWMARK)
1033 fl6.flowi6_mark = skb->mark;
1026 1034
1027 err = ip6_tnl_xmit2(skb, dev, dsfield, &fl6, encap_limit, &mtu); 1035 err = ip6_tnl_xmit2(skb, dev, dsfield, &fl6, encap_limit, &mtu);
1028 if (err != 0) { 1036 if (err != 0) {
@@ -1069,10 +1077,12 @@ ip6ip6_tnl_xmit(struct sk_buff *skb, struct net_device *dev)
1069 fl6.flowi6_proto = IPPROTO_IPV6; 1077 fl6.flowi6_proto = IPPROTO_IPV6;
1070 1078
1071 dsfield = ipv6_get_dsfield(ipv6h); 1079 dsfield = ipv6_get_dsfield(ipv6h);
1072 if ((t->parms.flags & IP6_TNL_F_USE_ORIG_TCLASS)) 1080 if (t->parms.flags & IP6_TNL_F_USE_ORIG_TCLASS)
1073 fl6.flowlabel |= (*(__be32 *) ipv6h & IPV6_TCLASS_MASK); 1081 fl6.flowlabel |= (*(__be32 *) ipv6h & IPV6_TCLASS_MASK);
1074 if ((t->parms.flags & IP6_TNL_F_USE_ORIG_FLOWLABEL)) 1082 if (t->parms.flags & IP6_TNL_F_USE_ORIG_FLOWLABEL)
1075 fl6.flowlabel |= (*(__be32 *) ipv6h & IPV6_FLOWLABEL_MASK); 1083 fl6.flowlabel |= (*(__be32 *) ipv6h & IPV6_FLOWLABEL_MASK);
1084 if (t->parms.flags & IP6_TNL_F_USE_ORIG_FWMARK)
1085 fl6.flowi6_mark = skb->mark;
1076 1086
1077 err = ip6_tnl_xmit2(skb, dev, dsfield, &fl6, encap_limit, &mtu); 1087 err = ip6_tnl_xmit2(skb, dev, dsfield, &fl6, encap_limit, &mtu);
1078 if (err != 0) { 1088 if (err != 0) {
@@ -1439,7 +1449,7 @@ static int __net_init ip6_fb_tnl_dev_init(struct net_device *dev)
1439 1449
1440 t->parms.proto = IPPROTO_IPV6; 1450 t->parms.proto = IPPROTO_IPV6;
1441 dev_hold(dev); 1451 dev_hold(dev);
1442 rcu_assign_pointer(ip6n->tnls_wc[0], t); 1452 RCU_INIT_POINTER(ip6n->tnls_wc[0], t);
1443 return 0; 1453 return 0;
1444} 1454}
1445 1455
diff --git a/net/ipv6/ip6mr.c b/net/ipv6/ip6mr.c
index 705c82886281..def0538e2413 100644
--- a/net/ipv6/ip6mr.c
+++ b/net/ipv6/ip6mr.c
@@ -696,8 +696,10 @@ static netdev_tx_t reg_vif_xmit(struct sk_buff *skb,
696 int err; 696 int err;
697 697
698 err = ip6mr_fib_lookup(net, &fl6, &mrt); 698 err = ip6mr_fib_lookup(net, &fl6, &mrt);
699 if (err < 0) 699 if (err < 0) {
700 kfree_skb(skb);
700 return err; 701 return err;
702 }
701 703
702 read_lock(&mrt_lock); 704 read_lock(&mrt_lock);
703 dev->stats.tx_bytes += skb->len; 705 dev->stats.tx_bytes += skb->len;
@@ -2052,8 +2054,10 @@ int ip6_mr_input(struct sk_buff *skb)
2052 int err; 2054 int err;
2053 2055
2054 err = ip6mr_fib_lookup(net, &fl6, &mrt); 2056 err = ip6mr_fib_lookup(net, &fl6, &mrt);
2055 if (err < 0) 2057 if (err < 0) {
2058 kfree_skb(skb);
2056 return err; 2059 return err;
2060 }
2057 2061
2058 read_lock(&mrt_lock); 2062 read_lock(&mrt_lock);
2059 cache = ip6mr_cache_find(mrt, 2063 cache = ip6mr_cache_find(mrt,
diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c
index 9cb191ecaba8..c99e3ee9781f 100644
--- a/net/ipv6/ipv6_sockglue.c
+++ b/net/ipv6/ipv6_sockglue.c
@@ -343,7 +343,7 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
343 break; 343 break;
344 344
345 case IPV6_TRANSPARENT: 345 case IPV6_TRANSPARENT:
346 if (!capable(CAP_NET_ADMIN)) { 346 if (valbool && !capable(CAP_NET_ADMIN) && !capable(CAP_NET_RAW)) {
347 retv = -EPERM; 347 retv = -EPERM;
348 break; 348 break;
349 } 349 }
@@ -475,7 +475,7 @@ sticky_done:
475 msg.msg_controllen = optlen; 475 msg.msg_controllen = optlen;
476 msg.msg_control = (void*)(opt+1); 476 msg.msg_control = (void*)(opt+1);
477 477
478 retv = datagram_send_ctl(net, &msg, &fl6, opt, &junk, &junk, 478 retv = datagram_send_ctl(net, sk, &msg, &fl6, opt, &junk, &junk,
479 &junk); 479 &junk);
480 if (retv) 480 if (retv)
481 goto done; 481 goto done;
@@ -913,7 +913,7 @@ static int ipv6_getsockopt_sticky(struct sock *sk, struct ipv6_txoptions *opt,
913} 913}
914 914
915static int do_ipv6_getsockopt(struct sock *sk, int level, int optname, 915static int do_ipv6_getsockopt(struct sock *sk, int level, int optname,
916 char __user *optval, int __user *optlen) 916 char __user *optval, int __user *optlen, unsigned flags)
917{ 917{
918 struct ipv6_pinfo *np = inet6_sk(sk); 918 struct ipv6_pinfo *np = inet6_sk(sk);
919 int len; 919 int len;
@@ -962,7 +962,7 @@ static int do_ipv6_getsockopt(struct sock *sk, int level, int optname,
962 962
963 msg.msg_control = optval; 963 msg.msg_control = optval;
964 msg.msg_controllen = len; 964 msg.msg_controllen = len;
965 msg.msg_flags = 0; 965 msg.msg_flags = flags;
966 966
967 lock_sock(sk); 967 lock_sock(sk);
968 skb = np->pktoptions; 968 skb = np->pktoptions;
@@ -1222,7 +1222,7 @@ int ipv6_getsockopt(struct sock *sk, int level, int optname,
1222 if(level != SOL_IPV6) 1222 if(level != SOL_IPV6)
1223 return -ENOPROTOOPT; 1223 return -ENOPROTOOPT;
1224 1224
1225 err = do_ipv6_getsockopt(sk, level, optname, optval, optlen); 1225 err = do_ipv6_getsockopt(sk, level, optname, optval, optlen, 0);
1226#ifdef CONFIG_NETFILTER 1226#ifdef CONFIG_NETFILTER
1227 /* we need to exclude all possible ENOPROTOOPTs except default case */ 1227 /* we need to exclude all possible ENOPROTOOPTs except default case */
1228 if (err == -ENOPROTOOPT && optname != IPV6_2292PKTOPTIONS) { 1228 if (err == -ENOPROTOOPT && optname != IPV6_2292PKTOPTIONS) {
@@ -1264,7 +1264,8 @@ int compat_ipv6_getsockopt(struct sock *sk, int level, int optname,
1264 return compat_mc_getsockopt(sk, level, optname, optval, optlen, 1264 return compat_mc_getsockopt(sk, level, optname, optval, optlen,
1265 ipv6_getsockopt); 1265 ipv6_getsockopt);
1266 1266
1267 err = do_ipv6_getsockopt(sk, level, optname, optval, optlen); 1267 err = do_ipv6_getsockopt(sk, level, optname, optval, optlen,
1268 MSG_CMSG_COMPAT);
1268#ifdef CONFIG_NETFILTER 1269#ifdef CONFIG_NETFILTER
1269 /* we need to exclude all possible ENOPROTOOPTs except default case */ 1270 /* we need to exclude all possible ENOPROTOOPTs except default case */
1270 if (err == -ENOPROTOOPT && optname != IPV6_2292PKTOPTIONS) { 1271 if (err == -ENOPROTOOPT && optname != IPV6_2292PKTOPTIONS) {
diff --git a/net/ipv6/mcast.c b/net/ipv6/mcast.c
index 3e6ebcdb4779..ee7839f4d6e3 100644
--- a/net/ipv6/mcast.c
+++ b/net/ipv6/mcast.c
@@ -1059,7 +1059,7 @@ static int mld_xmarksources(struct ifmcaddr6 *pmc, int nsrcs,
1059 break; 1059 break;
1060 for (i=0; i<nsrcs; i++) { 1060 for (i=0; i<nsrcs; i++) {
1061 /* skip inactive filters */ 1061 /* skip inactive filters */
1062 if (pmc->mca_sfcount[MCAST_INCLUDE] || 1062 if (psf->sf_count[MCAST_INCLUDE] ||
1063 pmc->mca_sfcount[MCAST_EXCLUDE] != 1063 pmc->mca_sfcount[MCAST_EXCLUDE] !=
1064 psf->sf_count[MCAST_EXCLUDE]) 1064 psf->sf_count[MCAST_EXCLUDE])
1065 continue; 1065 continue;
diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
index 9da6e02eaaeb..44e5b7f2a6c1 100644
--- a/net/ipv6/ndisc.c
+++ b/net/ipv6/ndisc.c
@@ -370,17 +370,14 @@ static int ndisc_constructor(struct neighbour *neigh)
370 struct neigh_parms *parms; 370 struct neigh_parms *parms;
371 int is_multicast = ipv6_addr_is_multicast(addr); 371 int is_multicast = ipv6_addr_is_multicast(addr);
372 372
373 rcu_read_lock();
374 in6_dev = in6_dev_get(dev); 373 in6_dev = in6_dev_get(dev);
375 if (in6_dev == NULL) { 374 if (in6_dev == NULL) {
376 rcu_read_unlock();
377 return -EINVAL; 375 return -EINVAL;
378 } 376 }
379 377
380 parms = in6_dev->nd_parms; 378 parms = in6_dev->nd_parms;
381 __neigh_parms_put(neigh->parms); 379 __neigh_parms_put(neigh->parms);
382 neigh->parms = neigh_parms_clone(parms); 380 neigh->parms = neigh_parms_clone(parms);
383 rcu_read_unlock();
384 381
385 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST; 382 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
386 if (!dev->header_ops) { 383 if (!dev->header_ops) {
@@ -533,7 +530,8 @@ void ndisc_send_skb(struct sk_buff *skb,
533 530
534 skb_dst_set(skb, dst); 531 skb_dst_set(skb, dst);
535 532
536 idev = in6_dev_get(dst->dev); 533 rcu_read_lock();
534 idev = __in6_dev_get(dst->dev);
537 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len); 535 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
538 536
539 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev, 537 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev,
@@ -543,8 +541,7 @@ void ndisc_send_skb(struct sk_buff *skb,
543 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS); 541 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
544 } 542 }
545 543
546 if (likely(idev != NULL)) 544 rcu_read_unlock();
547 in6_dev_put(idev);
548} 545}
549 546
550EXPORT_SYMBOL(ndisc_send_skb); 547EXPORT_SYMBOL(ndisc_send_skb);
@@ -1039,7 +1036,7 @@ static void ndisc_recv_rs(struct sk_buff *skb)
1039 if (skb->len < sizeof(*rs_msg)) 1036 if (skb->len < sizeof(*rs_msg))
1040 return; 1037 return;
1041 1038
1042 idev = in6_dev_get(skb->dev); 1039 idev = __in6_dev_get(skb->dev);
1043 if (!idev) { 1040 if (!idev) {
1044 if (net_ratelimit()) 1041 if (net_ratelimit())
1045 ND_PRINTK1("ICMP6 RS: can't find in6 device\n"); 1042 ND_PRINTK1("ICMP6 RS: can't find in6 device\n");
@@ -1080,7 +1077,7 @@ static void ndisc_recv_rs(struct sk_buff *skb)
1080 neigh_release(neigh); 1077 neigh_release(neigh);
1081 } 1078 }
1082out: 1079out:
1083 in6_dev_put(idev); 1080 return;
1084} 1081}
1085 1082
1086static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt) 1083static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
@@ -1179,7 +1176,7 @@ static void ndisc_router_discovery(struct sk_buff *skb)
1179 * set the RA_RECV flag in the interface 1176 * set the RA_RECV flag in the interface
1180 */ 1177 */
1181 1178
1182 in6_dev = in6_dev_get(skb->dev); 1179 in6_dev = __in6_dev_get(skb->dev);
1183 if (in6_dev == NULL) { 1180 if (in6_dev == NULL) {
1184 ND_PRINTK0(KERN_ERR 1181 ND_PRINTK0(KERN_ERR
1185 "ICMPv6 RA: can't find inet6 device for %s.\n", 1182 "ICMPv6 RA: can't find inet6 device for %s.\n",
@@ -1188,7 +1185,6 @@ static void ndisc_router_discovery(struct sk_buff *skb)
1188 } 1185 }
1189 1186
1190 if (!ndisc_parse_options(opt, optlen, &ndopts)) { 1187 if (!ndisc_parse_options(opt, optlen, &ndopts)) {
1191 in6_dev_put(in6_dev);
1192 ND_PRINTK2(KERN_WARNING 1188 ND_PRINTK2(KERN_WARNING
1193 "ICMP6 RA: invalid ND options\n"); 1189 "ICMP6 RA: invalid ND options\n");
1194 return; 1190 return;
@@ -1225,6 +1221,9 @@ static void ndisc_router_discovery(struct sk_buff *skb)
1225 if (!in6_dev->cnf.accept_ra_defrtr) 1221 if (!in6_dev->cnf.accept_ra_defrtr)
1226 goto skip_defrtr; 1222 goto skip_defrtr;
1227 1223
1224 if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0))
1225 goto skip_defrtr;
1226
1228 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime); 1227 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1229 1228
1230#ifdef CONFIG_IPV6_ROUTER_PREF 1229#ifdef CONFIG_IPV6_ROUTER_PREF
@@ -1255,7 +1254,6 @@ static void ndisc_router_discovery(struct sk_buff *skb)
1255 ND_PRINTK0(KERN_ERR 1254 ND_PRINTK0(KERN_ERR
1256 "ICMPv6 RA: %s() failed to add default route.\n", 1255 "ICMPv6 RA: %s() failed to add default route.\n",
1257 __func__); 1256 __func__);
1258 in6_dev_put(in6_dev);
1259 return; 1257 return;
1260 } 1258 }
1261 1259
@@ -1265,7 +1263,6 @@ static void ndisc_router_discovery(struct sk_buff *skb)
1265 "ICMPv6 RA: %s() got default router without neighbour.\n", 1263 "ICMPv6 RA: %s() got default router without neighbour.\n",
1266 __func__); 1264 __func__);
1267 dst_release(&rt->dst); 1265 dst_release(&rt->dst);
1268 in6_dev_put(in6_dev);
1269 return; 1266 return;
1270 } 1267 }
1271 neigh->flags |= NTF_ROUTER; 1268 neigh->flags |= NTF_ROUTER;
@@ -1349,6 +1346,9 @@ skip_linkparms:
1349 goto out; 1346 goto out;
1350 1347
1351#ifdef CONFIG_IPV6_ROUTE_INFO 1348#ifdef CONFIG_IPV6_ROUTE_INFO
1349 if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0))
1350 goto skip_routeinfo;
1351
1352 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) { 1352 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1353 struct nd_opt_hdr *p; 1353 struct nd_opt_hdr *p;
1354 for (p = ndopts.nd_opts_ri; 1354 for (p = ndopts.nd_opts_ri;
@@ -1366,6 +1366,8 @@ skip_linkparms:
1366 &ipv6_hdr(skb)->saddr); 1366 &ipv6_hdr(skb)->saddr);
1367 } 1367 }
1368 } 1368 }
1369
1370skip_routeinfo:
1369#endif 1371#endif
1370 1372
1371#ifdef CONFIG_IPV6_NDISC_NODETYPE 1373#ifdef CONFIG_IPV6_NDISC_NODETYPE
@@ -1422,7 +1424,6 @@ out:
1422 dst_release(&rt->dst); 1424 dst_release(&rt->dst);
1423 else if (neigh) 1425 else if (neigh)
1424 neigh_release(neigh); 1426 neigh_release(neigh);
1425 in6_dev_put(in6_dev);
1426} 1427}
1427 1428
1428static void ndisc_redirect_rcv(struct sk_buff *skb) 1429static void ndisc_redirect_rcv(struct sk_buff *skb)
@@ -1481,13 +1482,11 @@ static void ndisc_redirect_rcv(struct sk_buff *skb)
1481 return; 1482 return;
1482 } 1483 }
1483 1484
1484 in6_dev = in6_dev_get(skb->dev); 1485 in6_dev = __in6_dev_get(skb->dev);
1485 if (!in6_dev) 1486 if (!in6_dev)
1486 return; 1487 return;
1487 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects) { 1488 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects)
1488 in6_dev_put(in6_dev);
1489 return; 1489 return;
1490 }
1491 1490
1492 /* RFC2461 8.1: 1491 /* RFC2461 8.1:
1493 * The IP source address of the Redirect MUST be the same as the current 1492 * The IP source address of the Redirect MUST be the same as the current
@@ -1497,7 +1496,6 @@ static void ndisc_redirect_rcv(struct sk_buff *skb)
1497 if (!ndisc_parse_options((u8*)(dest + 1), optlen, &ndopts)) { 1496 if (!ndisc_parse_options((u8*)(dest + 1), optlen, &ndopts)) {
1498 ND_PRINTK2(KERN_WARNING 1497 ND_PRINTK2(KERN_WARNING
1499 "ICMPv6 Redirect: invalid ND options\n"); 1498 "ICMPv6 Redirect: invalid ND options\n");
1500 in6_dev_put(in6_dev);
1501 return; 1499 return;
1502 } 1500 }
1503 if (ndopts.nd_opts_tgt_lladdr) { 1501 if (ndopts.nd_opts_tgt_lladdr) {
@@ -1506,7 +1504,6 @@ static void ndisc_redirect_rcv(struct sk_buff *skb)
1506 if (!lladdr) { 1504 if (!lladdr) {
1507 ND_PRINTK2(KERN_WARNING 1505 ND_PRINTK2(KERN_WARNING
1508 "ICMPv6 Redirect: invalid link-layer address length\n"); 1506 "ICMPv6 Redirect: invalid link-layer address length\n");
1509 in6_dev_put(in6_dev);
1510 return; 1507 return;
1511 } 1508 }
1512 } 1509 }
@@ -1518,7 +1515,6 @@ static void ndisc_redirect_rcv(struct sk_buff *skb)
1518 on_link); 1515 on_link);
1519 neigh_release(neigh); 1516 neigh_release(neigh);
1520 } 1517 }
1521 in6_dev_put(in6_dev);
1522} 1518}
1523 1519
1524void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh, 1520void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh,
@@ -1651,7 +1647,8 @@ void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh,
1651 csum_partial(icmph, len, 0)); 1647 csum_partial(icmph, len, 0));
1652 1648
1653 skb_dst_set(buff, dst); 1649 skb_dst_set(buff, dst);
1654 idev = in6_dev_get(dst->dev); 1650 rcu_read_lock();
1651 idev = __in6_dev_get(dst->dev);
1655 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len); 1652 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
1656 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, buff, NULL, dst->dev, 1653 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, buff, NULL, dst->dev,
1657 dst_output); 1654 dst_output);
@@ -1660,8 +1657,7 @@ void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh,
1660 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS); 1657 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
1661 } 1658 }
1662 1659
1663 if (likely(idev != NULL)) 1660 rcu_read_unlock();
1664 in6_dev_put(idev);
1665 return; 1661 return;
1666 1662
1667release: 1663release:
diff --git a/net/ipv6/netfilter/ip6_queue.c b/net/ipv6/netfilter/ip6_queue.c
index 249394863284..e63c3972a739 100644
--- a/net/ipv6/netfilter/ip6_queue.c
+++ b/net/ipv6/netfilter/ip6_queue.c
@@ -218,6 +218,7 @@ ipq_build_packet_message(struct nf_queue_entry *entry, int *errp)
218 return skb; 218 return skb;
219 219
220nlmsg_failure: 220nlmsg_failure:
221 kfree_skb(skb);
221 *errp = -EINVAL; 222 *errp = -EINVAL;
222 printk(KERN_ERR "ip6_queue: error creating packet message\n"); 223 printk(KERN_ERR "ip6_queue: error creating packet message\n");
223 return NULL; 224 return NULL;
@@ -313,7 +314,7 @@ ipq_set_verdict(struct ipq_verdict_msg *vmsg, unsigned int len)
313{ 314{
314 struct nf_queue_entry *entry; 315 struct nf_queue_entry *entry;
315 316
316 if (vmsg->value > NF_MAX_VERDICT) 317 if (vmsg->value > NF_MAX_VERDICT || vmsg->value == NF_STOLEN)
317 return -EINVAL; 318 return -EINVAL;
318 319
319 entry = ipq_find_dequeue_entry(vmsg->id); 320 entry = ipq_find_dequeue_entry(vmsg->id);
@@ -358,12 +359,9 @@ ipq_receive_peer(struct ipq_peer_msg *pmsg,
358 break; 359 break;
359 360
360 case IPQM_VERDICT: 361 case IPQM_VERDICT:
361 if (pmsg->msg.verdict.value > NF_MAX_VERDICT) 362 status = ipq_set_verdict(&pmsg->msg.verdict,
362 status = -EINVAL; 363 len - sizeof(*pmsg));
363 else 364 break;
364 status = ipq_set_verdict(&pmsg->msg.verdict,
365 len - sizeof(*pmsg));
366 break;
367 default: 365 default:
368 status = -EINVAL; 366 status = -EINVAL;
369 } 367 }
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
index 085727263812..e8762c73b170 100644
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -378,8 +378,8 @@ nf_ct_frag6_reasm(struct nf_ct_frag6_queue *fq, struct net_device *dev)
378 head->next = clone; 378 head->next = clone;
379 skb_shinfo(clone)->frag_list = skb_shinfo(head)->frag_list; 379 skb_shinfo(clone)->frag_list = skb_shinfo(head)->frag_list;
380 skb_frag_list_init(head); 380 skb_frag_list_init(head);
381 for (i=0; i<skb_shinfo(head)->nr_frags; i++) 381 for (i = 0; i < skb_shinfo(head)->nr_frags; i++)
382 plen += skb_shinfo(head)->frags[i].size; 382 plen += skb_frag_size(&skb_shinfo(head)->frags[i]);
383 clone->len = clone->data_len = head->data_len - plen; 383 clone->len = clone->data_len = head->data_len - plen;
384 head->data_len -= clone->len; 384 head->data_len -= clone->len;
385 head->len -= clone->len; 385 head->len -= clone->len;
diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c
index 6a79f3081bdb..6f7824e1cea4 100644
--- a/net/ipv6/raw.c
+++ b/net/ipv6/raw.c
@@ -130,14 +130,14 @@ static mh_filter_t __rcu *mh_filter __read_mostly;
130 130
131int rawv6_mh_filter_register(mh_filter_t filter) 131int rawv6_mh_filter_register(mh_filter_t filter)
132{ 132{
133 rcu_assign_pointer(mh_filter, filter); 133 RCU_INIT_POINTER(mh_filter, filter);
134 return 0; 134 return 0;
135} 135}
136EXPORT_SYMBOL(rawv6_mh_filter_register); 136EXPORT_SYMBOL(rawv6_mh_filter_register);
137 137
138int rawv6_mh_filter_unregister(mh_filter_t filter) 138int rawv6_mh_filter_unregister(mh_filter_t filter)
139{ 139{
140 rcu_assign_pointer(mh_filter, NULL); 140 RCU_INIT_POINTER(mh_filter, NULL);
141 synchronize_rcu(); 141 synchronize_rcu();
142 return 0; 142 return 0;
143} 143}
@@ -372,9 +372,9 @@ void raw6_icmp_error(struct sk_buff *skb, int nexthdr,
372 read_unlock(&raw_v6_hashinfo.lock); 372 read_unlock(&raw_v6_hashinfo.lock);
373} 373}
374 374
375static inline int rawv6_rcv_skb(struct sock * sk, struct sk_buff * skb) 375static inline int rawv6_rcv_skb(struct sock *sk, struct sk_buff *skb)
376{ 376{
377 if ((raw6_sk(sk)->checksum || rcu_dereference_raw(sk->sk_filter)) && 377 if ((raw6_sk(sk)->checksum || rcu_access_pointer(sk->sk_filter)) &&
378 skb_checksum_complete(skb)) { 378 skb_checksum_complete(skb)) {
379 atomic_inc(&sk->sk_drops); 379 atomic_inc(&sk->sk_drops);
380 kfree_skb(skb); 380 kfree_skb(skb);
@@ -542,8 +542,7 @@ static int rawv6_push_pending_frames(struct sock *sk, struct flowi6 *fl6,
542 goto out; 542 goto out;
543 543
544 offset = rp->offset; 544 offset = rp->offset;
545 total_len = inet_sk(sk)->cork.base.length - (skb_network_header(skb) - 545 total_len = inet_sk(sk)->cork.base.length;
546 skb->data);
547 if (offset >= total_len - 1) { 546 if (offset >= total_len - 1) {
548 err = -EINVAL; 547 err = -EINVAL;
549 ip6_flush_pending_frames(sk); 548 ip6_flush_pending_frames(sk);
@@ -817,8 +816,8 @@ static int rawv6_sendmsg(struct kiocb *iocb, struct sock *sk,
817 memset(opt, 0, sizeof(struct ipv6_txoptions)); 816 memset(opt, 0, sizeof(struct ipv6_txoptions));
818 opt->tot_len = sizeof(struct ipv6_txoptions); 817 opt->tot_len = sizeof(struct ipv6_txoptions);
819 818
820 err = datagram_send_ctl(sock_net(sk), msg, &fl6, opt, &hlimit, 819 err = datagram_send_ctl(sock_net(sk), sk, msg, &fl6, opt,
821 &tclass, &dontfrag); 820 &hlimit, &tclass, &dontfrag);
822 if (err < 0) { 821 if (err < 0) {
823 fl6_sock_release(flowlabel); 822 fl6_sock_release(flowlabel);
824 return err; 823 return err;
diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c
index 7b954e2539d0..cc22099ac8b6 100644
--- a/net/ipv6/reassembly.c
+++ b/net/ipv6/reassembly.c
@@ -464,8 +464,8 @@ static int ip6_frag_reasm(struct frag_queue *fq, struct sk_buff *prev,
464 head->next = clone; 464 head->next = clone;
465 skb_shinfo(clone)->frag_list = skb_shinfo(head)->frag_list; 465 skb_shinfo(clone)->frag_list = skb_shinfo(head)->frag_list;
466 skb_frag_list_init(head); 466 skb_frag_list_init(head);
467 for (i=0; i<skb_shinfo(head)->nr_frags; i++) 467 for (i = 0; i < skb_shinfo(head)->nr_frags; i++)
468 plen += skb_shinfo(head)->frags[i].size; 468 plen += skb_frag_size(&skb_shinfo(head)->frags[i]);
469 clone->len = clone->data_len = head->data_len - plen; 469 clone->len = clone->data_len = head->data_len - plen;
470 head->data_len -= clone->len; 470 head->data_len -= clone->len;
471 head->len -= clone->len; 471 head->len -= clone->len;
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index e8987da06667..57b82dc1ae91 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -104,6 +104,9 @@ static u32 *ipv6_cow_metrics(struct dst_entry *dst, unsigned long old)
104 struct inet_peer *peer; 104 struct inet_peer *peer;
105 u32 *p = NULL; 105 u32 *p = NULL;
106 106
107 if (!(rt->dst.flags & DST_HOST))
108 return NULL;
109
107 if (!rt->rt6i_peer) 110 if (!rt->rt6i_peer)
108 rt6_bind_peer(rt, 1); 111 rt6_bind_peer(rt, 1);
109 112
@@ -241,7 +244,9 @@ static inline struct rt6_info *ip6_dst_alloc(struct dst_ops *ops,
241{ 244{
242 struct rt6_info *rt = dst_alloc(ops, dev, 0, 0, flags); 245 struct rt6_info *rt = dst_alloc(ops, dev, 0, 0, flags);
243 246
244 memset(&rt->rt6i_table, 0, sizeof(*rt) - sizeof(struct dst_entry)); 247 if (rt != NULL)
248 memset(&rt->rt6i_table, 0,
249 sizeof(*rt) - sizeof(struct dst_entry));
245 250
246 return rt; 251 return rt;
247} 252}
@@ -252,6 +257,9 @@ static void ip6_dst_destroy(struct dst_entry *dst)
252 struct inet6_dev *idev = rt->rt6i_idev; 257 struct inet6_dev *idev = rt->rt6i_idev;
253 struct inet_peer *peer = rt->rt6i_peer; 258 struct inet_peer *peer = rt->rt6i_peer;
254 259
260 if (!(rt->dst.flags & DST_HOST))
261 dst_destroy_metrics_generic(dst);
262
255 if (idev != NULL) { 263 if (idev != NULL) {
256 rt->rt6i_idev = NULL; 264 rt->rt6i_idev = NULL;
257 in6_dev_put(idev); 265 in6_dev_put(idev);
@@ -364,7 +372,7 @@ out:
364#ifdef CONFIG_IPV6_ROUTER_PREF 372#ifdef CONFIG_IPV6_ROUTER_PREF
365static void rt6_probe(struct rt6_info *rt) 373static void rt6_probe(struct rt6_info *rt)
366{ 374{
367 struct neighbour *neigh = rt ? dst_get_neighbour(&rt->dst) : NULL; 375 struct neighbour *neigh;
368 /* 376 /*
369 * Okay, this does not seem to be appropriate 377 * Okay, this does not seem to be appropriate
370 * for now, however, we need to check if it 378 * for now, however, we need to check if it
@@ -373,8 +381,10 @@ static void rt6_probe(struct rt6_info *rt)
373 * Router Reachability Probe MUST be rate-limited 381 * Router Reachability Probe MUST be rate-limited
374 * to no more than one per minute. 382 * to no more than one per minute.
375 */ 383 */
384 rcu_read_lock();
385 neigh = rt ? dst_get_neighbour(&rt->dst) : NULL;
376 if (!neigh || (neigh->nud_state & NUD_VALID)) 386 if (!neigh || (neigh->nud_state & NUD_VALID))
377 return; 387 goto out;
378 read_lock_bh(&neigh->lock); 388 read_lock_bh(&neigh->lock);
379 if (!(neigh->nud_state & NUD_VALID) && 389 if (!(neigh->nud_state & NUD_VALID) &&
380 time_after(jiffies, neigh->updated + rt->rt6i_idev->cnf.rtr_probe_interval)) { 390 time_after(jiffies, neigh->updated + rt->rt6i_idev->cnf.rtr_probe_interval)) {
@@ -387,8 +397,11 @@ static void rt6_probe(struct rt6_info *rt)
387 target = (struct in6_addr *)&neigh->primary_key; 397 target = (struct in6_addr *)&neigh->primary_key;
388 addrconf_addr_solict_mult(target, &mcaddr); 398 addrconf_addr_solict_mult(target, &mcaddr);
389 ndisc_send_ns(rt->rt6i_dev, NULL, target, &mcaddr, NULL); 399 ndisc_send_ns(rt->rt6i_dev, NULL, target, &mcaddr, NULL);
390 } else 400 } else {
391 read_unlock_bh(&neigh->lock); 401 read_unlock_bh(&neigh->lock);
402 }
403out:
404 rcu_read_unlock();
392} 405}
393#else 406#else
394static inline void rt6_probe(struct rt6_info *rt) 407static inline void rt6_probe(struct rt6_info *rt)
@@ -412,8 +425,11 @@ static inline int rt6_check_dev(struct rt6_info *rt, int oif)
412 425
413static inline int rt6_check_neigh(struct rt6_info *rt) 426static inline int rt6_check_neigh(struct rt6_info *rt)
414{ 427{
415 struct neighbour *neigh = dst_get_neighbour(&rt->dst); 428 struct neighbour *neigh;
416 int m; 429 int m;
430
431 rcu_read_lock();
432 neigh = dst_get_neighbour(&rt->dst);
417 if (rt->rt6i_flags & RTF_NONEXTHOP || 433 if (rt->rt6i_flags & RTF_NONEXTHOP ||
418 !(rt->rt6i_flags & RTF_GATEWAY)) 434 !(rt->rt6i_flags & RTF_GATEWAY))
419 m = 1; 435 m = 1;
@@ -430,6 +446,7 @@ static inline int rt6_check_neigh(struct rt6_info *rt)
430 read_unlock_bh(&neigh->lock); 446 read_unlock_bh(&neigh->lock);
431 } else 447 } else
432 m = 0; 448 m = 0;
449 rcu_read_unlock();
433 return m; 450 return m;
434} 451}
435 452
@@ -714,9 +731,7 @@ static struct rt6_info *rt6_alloc_cow(const struct rt6_info *ort,
714 ipv6_addr_copy(&rt->rt6i_gateway, daddr); 731 ipv6_addr_copy(&rt->rt6i_gateway, daddr);
715 } 732 }
716 733
717 rt->rt6i_dst.plen = 128;
718 rt->rt6i_flags |= RTF_CACHE; 734 rt->rt6i_flags |= RTF_CACHE;
719 rt->dst.flags |= DST_HOST;
720 735
721#ifdef CONFIG_IPV6_SUBTREES 736#ifdef CONFIG_IPV6_SUBTREES
722 if (rt->rt6i_src.plen && saddr) { 737 if (rt->rt6i_src.plen && saddr) {
@@ -766,10 +781,8 @@ static struct rt6_info *rt6_alloc_clone(struct rt6_info *ort,
766 struct rt6_info *rt = ip6_rt_copy(ort, daddr); 781 struct rt6_info *rt = ip6_rt_copy(ort, daddr);
767 782
768 if (rt) { 783 if (rt) {
769 rt->rt6i_dst.plen = 128;
770 rt->rt6i_flags |= RTF_CACHE; 784 rt->rt6i_flags |= RTF_CACHE;
771 rt->dst.flags |= DST_HOST; 785 dst_set_neighbour(&rt->dst, neigh_clone(dst_get_neighbour_raw(&ort->dst)));
772 dst_set_neighbour(&rt->dst, neigh_clone(dst_get_neighbour(&ort->dst)));
773 } 786 }
774 return rt; 787 return rt;
775} 788}
@@ -803,7 +816,7 @@ restart:
803 dst_hold(&rt->dst); 816 dst_hold(&rt->dst);
804 read_unlock_bh(&table->tb6_lock); 817 read_unlock_bh(&table->tb6_lock);
805 818
806 if (!dst_get_neighbour(&rt->dst) && !(rt->rt6i_flags & RTF_NONEXTHOP)) 819 if (!dst_get_neighbour_raw(&rt->dst) && !(rt->rt6i_flags & RTF_NONEXTHOP))
807 nrt = rt6_alloc_cow(rt, &fl6->daddr, &fl6->saddr); 820 nrt = rt6_alloc_cow(rt, &fl6->daddr, &fl6->saddr);
808 else if (!(rt->dst.flags & DST_HOST)) 821 else if (!(rt->dst.flags & DST_HOST))
809 nrt = rt6_alloc_clone(rt, &fl6->daddr); 822 nrt = rt6_alloc_clone(rt, &fl6->daddr);
@@ -1069,12 +1082,14 @@ struct dst_entry *icmp6_dst_alloc(struct net_device *dev,
1069 neigh = NULL; 1082 neigh = NULL;
1070 } 1083 }
1071 1084
1072 rt->rt6i_idev = idev; 1085 rt->dst.flags |= DST_HOST;
1086 rt->dst.output = ip6_output;
1073 dst_set_neighbour(&rt->dst, neigh); 1087 dst_set_neighbour(&rt->dst, neigh);
1074 atomic_set(&rt->dst.__refcnt, 1); 1088 atomic_set(&rt->dst.__refcnt, 1);
1075 ipv6_addr_copy(&rt->rt6i_dst.addr, addr); 1089 ipv6_addr_copy(&rt->rt6i_dst.addr, addr);
1090 rt->rt6i_dst.plen = 128;
1091 rt->rt6i_idev = idev;
1076 dst_metric_set(&rt->dst, RTAX_HOPLIMIT, 255); 1092 dst_metric_set(&rt->dst, RTAX_HOPLIMIT, 255);
1077 rt->dst.output = ip6_output;
1078 1093
1079 spin_lock_bh(&icmp6_dst_lock); 1094 spin_lock_bh(&icmp6_dst_lock);
1080 rt->dst.next = icmp6_dst_gc_list; 1095 rt->dst.next = icmp6_dst_gc_list;
@@ -1252,6 +1267,14 @@ int ip6_route_add(struct fib6_config *cfg)
1252 if (rt->rt6i_dst.plen == 128) 1267 if (rt->rt6i_dst.plen == 128)
1253 rt->dst.flags |= DST_HOST; 1268 rt->dst.flags |= DST_HOST;
1254 1269
1270 if (!(rt->dst.flags & DST_HOST) && cfg->fc_mx) {
1271 u32 *metrics = kzalloc(sizeof(u32) * RTAX_MAX, GFP_KERNEL);
1272 if (!metrics) {
1273 err = -ENOMEM;
1274 goto out;
1275 }
1276 dst_init_metrics(&rt->dst, metrics, 0);
1277 }
1255#ifdef CONFIG_IPV6_SUBTREES 1278#ifdef CONFIG_IPV6_SUBTREES
1256 ipv6_addr_prefix(&rt->rt6i_src.addr, &cfg->fc_src, cfg->fc_src_len); 1279 ipv6_addr_prefix(&rt->rt6i_src.addr, &cfg->fc_src, cfg->fc_src_len);
1257 rt->rt6i_src.plen = cfg->fc_src_len; 1280 rt->rt6i_src.plen = cfg->fc_src_len;
@@ -1587,7 +1610,7 @@ void rt6_redirect(const struct in6_addr *dest, const struct in6_addr *src,
1587 dst_confirm(&rt->dst); 1610 dst_confirm(&rt->dst);
1588 1611
1589 /* Duplicate redirect: silently ignore. */ 1612 /* Duplicate redirect: silently ignore. */
1590 if (neigh == dst_get_neighbour(&rt->dst)) 1613 if (neigh == dst_get_neighbour_raw(&rt->dst))
1591 goto out; 1614 goto out;
1592 1615
1593 nrt = ip6_rt_copy(rt, dest); 1616 nrt = ip6_rt_copy(rt, dest);
@@ -1598,9 +1621,6 @@ void rt6_redirect(const struct in6_addr *dest, const struct in6_addr *src,
1598 if (on_link) 1621 if (on_link)
1599 nrt->rt6i_flags &= ~RTF_GATEWAY; 1622 nrt->rt6i_flags &= ~RTF_GATEWAY;
1600 1623
1601 nrt->rt6i_dst.plen = 128;
1602 nrt->dst.flags |= DST_HOST;
1603
1604 ipv6_addr_copy(&nrt->rt6i_gateway, (struct in6_addr*)neigh->primary_key); 1624 ipv6_addr_copy(&nrt->rt6i_gateway, (struct in6_addr*)neigh->primary_key);
1605 dst_set_neighbour(&nrt->dst, neigh_clone(neigh)); 1625 dst_set_neighbour(&nrt->dst, neigh_clone(neigh));
1606 1626
@@ -1682,7 +1702,7 @@ again:
1682 1. It is connected route. Action: COW 1702 1. It is connected route. Action: COW
1683 2. It is gatewayed route or NONEXTHOP route. Action: clone it. 1703 2. It is gatewayed route or NONEXTHOP route. Action: clone it.
1684 */ 1704 */
1685 if (!dst_get_neighbour(&rt->dst) && !(rt->rt6i_flags & RTF_NONEXTHOP)) 1705 if (!dst_get_neighbour_raw(&rt->dst) && !(rt->rt6i_flags & RTF_NONEXTHOP))
1686 nrt = rt6_alloc_cow(rt, daddr, saddr); 1706 nrt = rt6_alloc_cow(rt, daddr, saddr);
1687 else 1707 else
1688 nrt = rt6_alloc_clone(rt, daddr); 1708 nrt = rt6_alloc_clone(rt, daddr);
@@ -1745,9 +1765,10 @@ static struct rt6_info *ip6_rt_copy(const struct rt6_info *ort,
1745 if (rt) { 1765 if (rt) {
1746 rt->dst.input = ort->dst.input; 1766 rt->dst.input = ort->dst.input;
1747 rt->dst.output = ort->dst.output; 1767 rt->dst.output = ort->dst.output;
1768 rt->dst.flags |= DST_HOST;
1748 1769
1749 ipv6_addr_copy(&rt->rt6i_dst.addr, dest); 1770 ipv6_addr_copy(&rt->rt6i_dst.addr, dest);
1750 rt->rt6i_dst.plen = ort->rt6i_dst.plen; 1771 rt->rt6i_dst.plen = 128;
1751 dst_copy_metrics(&rt->dst, &ort->dst); 1772 dst_copy_metrics(&rt->dst, &ort->dst);
1752 rt->dst.error = ort->dst.error; 1773 rt->dst.error = ort->dst.error;
1753 rt->rt6i_idev = ort->rt6i_idev; 1774 rt->rt6i_idev = ort->rt6i_idev;
@@ -2326,6 +2347,7 @@ static int rt6_fill_node(struct net *net,
2326 struct nlmsghdr *nlh; 2347 struct nlmsghdr *nlh;
2327 long expires; 2348 long expires;
2328 u32 table; 2349 u32 table;
2350 struct neighbour *n;
2329 2351
2330 if (prefix) { /* user wants prefix routes only */ 2352 if (prefix) { /* user wants prefix routes only */
2331 if (!(rt->rt6i_flags & RTF_PREFIX_RT)) { 2353 if (!(rt->rt6i_flags & RTF_PREFIX_RT)) {
@@ -2414,8 +2436,11 @@ static int rt6_fill_node(struct net *net,
2414 if (rtnetlink_put_metrics(skb, dst_metrics_ptr(&rt->dst)) < 0) 2436 if (rtnetlink_put_metrics(skb, dst_metrics_ptr(&rt->dst)) < 0)
2415 goto nla_put_failure; 2437 goto nla_put_failure;
2416 2438
2417 if (dst_get_neighbour(&rt->dst)) 2439 rcu_read_lock();
2418 NLA_PUT(skb, RTA_GATEWAY, 16, &dst_get_neighbour(&rt->dst)->primary_key); 2440 n = dst_get_neighbour(&rt->dst);
2441 if (n)
2442 NLA_PUT(skb, RTA_GATEWAY, 16, &n->primary_key);
2443 rcu_read_unlock();
2419 2444
2420 if (rt->dst.dev) 2445 if (rt->dst.dev)
2421 NLA_PUT_U32(skb, RTA_OIF, rt->rt6i_dev->ifindex); 2446 NLA_PUT_U32(skb, RTA_OIF, rt->rt6i_dev->ifindex);
@@ -2608,12 +2633,14 @@ static int rt6_info_route(struct rt6_info *rt, void *p_arg)
2608#else 2633#else
2609 seq_puts(m, "00000000000000000000000000000000 00 "); 2634 seq_puts(m, "00000000000000000000000000000000 00 ");
2610#endif 2635#endif
2636 rcu_read_lock();
2611 n = dst_get_neighbour(&rt->dst); 2637 n = dst_get_neighbour(&rt->dst);
2612 if (n) { 2638 if (n) {
2613 seq_printf(m, "%pi6", n->primary_key); 2639 seq_printf(m, "%pi6", n->primary_key);
2614 } else { 2640 } else {
2615 seq_puts(m, "00000000000000000000000000000000"); 2641 seq_puts(m, "00000000000000000000000000000000");
2616 } 2642 }
2643 rcu_read_unlock();
2617 seq_printf(m, " %08x %08x %08x %08x %8s\n", 2644 seq_printf(m, " %08x %08x %08x %08x %8s\n",
2618 rt->rt6i_metric, atomic_read(&rt->dst.__refcnt), 2645 rt->rt6i_metric, atomic_read(&rt->dst.__refcnt),
2619 rt->dst.__use, rt->rt6i_flags, 2646 rt->dst.__use, rt->rt6i_flags,
diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c
index 07bf1085458f..a7a18602a046 100644
--- a/net/ipv6/sit.c
+++ b/net/ipv6/sit.c
@@ -182,7 +182,7 @@ static void ipip6_tunnel_unlink(struct sit_net *sitn, struct ip_tunnel *t)
182 (iter = rtnl_dereference(*tp)) != NULL; 182 (iter = rtnl_dereference(*tp)) != NULL;
183 tp = &iter->next) { 183 tp = &iter->next) {
184 if (t == iter) { 184 if (t == iter) {
185 rcu_assign_pointer(*tp, t->next); 185 RCU_INIT_POINTER(*tp, t->next);
186 break; 186 break;
187 } 187 }
188 } 188 }
@@ -192,8 +192,8 @@ static void ipip6_tunnel_link(struct sit_net *sitn, struct ip_tunnel *t)
192{ 192{
193 struct ip_tunnel __rcu **tp = ipip6_bucket(sitn, t); 193 struct ip_tunnel __rcu **tp = ipip6_bucket(sitn, t);
194 194
195 rcu_assign_pointer(t->next, rtnl_dereference(*tp)); 195 RCU_INIT_POINTER(t->next, rtnl_dereference(*tp));
196 rcu_assign_pointer(*tp, t); 196 RCU_INIT_POINTER(*tp, t);
197} 197}
198 198
199static void ipip6_tunnel_clone_6rd(struct net_device *dev, struct sit_net *sitn) 199static void ipip6_tunnel_clone_6rd(struct net_device *dev, struct sit_net *sitn)
@@ -391,7 +391,7 @@ ipip6_tunnel_add_prl(struct ip_tunnel *t, struct ip_tunnel_prl *a, int chg)
391 p->addr = a->addr; 391 p->addr = a->addr;
392 p->flags = a->flags; 392 p->flags = a->flags;
393 t->prl_count++; 393 t->prl_count++;
394 rcu_assign_pointer(t->prl, p); 394 RCU_INIT_POINTER(t->prl, p);
395out: 395out:
396 return err; 396 return err;
397} 397}
@@ -474,7 +474,7 @@ static void ipip6_tunnel_uninit(struct net_device *dev)
474 struct sit_net *sitn = net_generic(net, sit_net_id); 474 struct sit_net *sitn = net_generic(net, sit_net_id);
475 475
476 if (dev == sitn->fb_tunnel_dev) { 476 if (dev == sitn->fb_tunnel_dev) {
477 rcu_assign_pointer(sitn->tunnels_wc[0], NULL); 477 RCU_INIT_POINTER(sitn->tunnels_wc[0], NULL);
478 } else { 478 } else {
479 ipip6_tunnel_unlink(sitn, netdev_priv(dev)); 479 ipip6_tunnel_unlink(sitn, netdev_priv(dev));
480 ipip6_tunnel_del_prl(netdev_priv(dev), NULL); 480 ipip6_tunnel_del_prl(netdev_priv(dev), NULL);
@@ -672,6 +672,9 @@ static netdev_tx_t ipip6_tunnel_xmit(struct sk_buff *skb,
672 if (skb->protocol != htons(ETH_P_IPV6)) 672 if (skb->protocol != htons(ETH_P_IPV6))
673 goto tx_error; 673 goto tx_error;
674 674
675 if (tos == 1)
676 tos = ipv6_get_dsfield(iph6);
677
675 /* ISATAP (RFC4214) - must come before 6to4 */ 678 /* ISATAP (RFC4214) - must come before 6to4 */
676 if (dev->priv_flags & IFF_ISATAP) { 679 if (dev->priv_flags & IFF_ISATAP) {
677 struct neighbour *neigh = NULL; 680 struct neighbour *neigh = NULL;
@@ -1173,7 +1176,7 @@ static int __net_init ipip6_fb_tunnel_init(struct net_device *dev)
1173 if (!dev->tstats) 1176 if (!dev->tstats)
1174 return -ENOMEM; 1177 return -ENOMEM;
1175 dev_hold(dev); 1178 dev_hold(dev);
1176 rcu_assign_pointer(sitn->tunnels_wc[0], tunnel); 1179 RCU_INIT_POINTER(sitn->tunnels_wc[0], tunnel);
1177 return 0; 1180 return 0;
1178} 1181}
1179 1182
diff --git a/net/ipv6/syncookies.c b/net/ipv6/syncookies.c
index 89d5bf806222..5a0d6648bbbc 100644
--- a/net/ipv6/syncookies.c
+++ b/net/ipv6/syncookies.c
@@ -115,7 +115,7 @@ static __u32 check_tcp_syn_cookie(__u32 cookie, const struct in6_addr *saddr,
115 & COOKIEMASK; 115 & COOKIEMASK;
116} 116}
117 117
118__u32 cookie_v6_init_sequence(struct sock *sk, struct sk_buff *skb, __u16 *mssp) 118__u32 cookie_v6_init_sequence(struct sock *sk, const struct sk_buff *skb, __u16 *mssp)
119{ 119{
120 const struct ipv6hdr *iph = ipv6_hdr(skb); 120 const struct ipv6hdr *iph = ipv6_hdr(skb);
121 const struct tcphdr *th = tcp_hdr(skb); 121 const struct tcphdr *th = tcp_hdr(skb);
@@ -137,7 +137,7 @@ __u32 cookie_v6_init_sequence(struct sock *sk, struct sk_buff *skb, __u16 *mssp)
137 jiffies / (HZ * 60), mssind); 137 jiffies / (HZ * 60), mssind);
138} 138}
139 139
140static inline int cookie_check(struct sk_buff *skb, __u32 cookie) 140static inline int cookie_check(const struct sk_buff *skb, __u32 cookie)
141{ 141{
142 const struct ipv6hdr *iph = ipv6_hdr(skb); 142 const struct ipv6hdr *iph = ipv6_hdr(skb);
143 const struct tcphdr *th = tcp_hdr(skb); 143 const struct tcphdr *th = tcp_hdr(skb);
@@ -152,7 +152,7 @@ static inline int cookie_check(struct sk_buff *skb, __u32 cookie)
152struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb) 152struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb)
153{ 153{
154 struct tcp_options_received tcp_opt; 154 struct tcp_options_received tcp_opt;
155 u8 *hash_location; 155 const u8 *hash_location;
156 struct inet_request_sock *ireq; 156 struct inet_request_sock *ireq;
157 struct inet6_request_sock *ireq6; 157 struct inet6_request_sock *ireq6;
158 struct tcp_request_sock *treq; 158 struct tcp_request_sock *treq;
@@ -165,7 +165,7 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb)
165 int mss; 165 int mss;
166 struct dst_entry *dst; 166 struct dst_entry *dst;
167 __u8 rcv_wscale; 167 __u8 rcv_wscale;
168 bool ecn_ok; 168 bool ecn_ok = false;
169 169
170 if (!sysctl_tcp_syncookies || !th->ack || th->rst) 170 if (!sysctl_tcp_syncookies || !th->ack || th->rst)
171 goto out; 171 goto out;
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index 78aa53492b3e..10b2b3165a1a 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -61,6 +61,7 @@
61#include <net/timewait_sock.h> 61#include <net/timewait_sock.h>
62#include <net/netdma.h> 62#include <net/netdma.h>
63#include <net/inet_common.h> 63#include <net/inet_common.h>
64#include <net/secure_seq.h>
64 65
65#include <asm/uaccess.h> 66#include <asm/uaccess.h>
66 67
@@ -113,7 +114,7 @@ static __inline__ __sum16 tcp_v6_check(int len,
113 return csum_ipv6_magic(saddr, daddr, len, IPPROTO_TCP, base); 114 return csum_ipv6_magic(saddr, daddr, len, IPPROTO_TCP, base);
114} 115}
115 116
116static __u32 tcp_v6_init_sequence(struct sk_buff *skb) 117static __u32 tcp_v6_init_sequence(const struct sk_buff *skb)
117{ 118{
118 return secure_tcpv6_sequence_number(ipv6_hdr(skb)->daddr.s6_addr32, 119 return secure_tcpv6_sequence_number(ipv6_hdr(skb)->daddr.s6_addr32,
119 ipv6_hdr(skb)->saddr.s6_addr32, 120 ipv6_hdr(skb)->saddr.s6_addr32,
@@ -512,7 +513,7 @@ static int tcp_v6_send_synack(struct sock *sk, struct request_sock *req,
512 __tcp_v6_send_check(skb, &treq->loc_addr, &treq->rmt_addr); 513 __tcp_v6_send_check(skb, &treq->loc_addr, &treq->rmt_addr);
513 514
514 ipv6_addr_copy(&fl6.daddr, &treq->rmt_addr); 515 ipv6_addr_copy(&fl6.daddr, &treq->rmt_addr);
515 err = ip6_xmit(sk, skb, &fl6, opt); 516 err = ip6_xmit(sk, skb, &fl6, opt, np->tclass);
516 err = net_xmit_eval(err); 517 err = net_xmit_eval(err);
517 } 518 }
518 519
@@ -530,20 +531,6 @@ static int tcp_v6_rtx_synack(struct sock *sk, struct request_sock *req,
530 return tcp_v6_send_synack(sk, req, rvp); 531 return tcp_v6_send_synack(sk, req, rvp);
531} 532}
532 533
533static inline void syn_flood_warning(struct sk_buff *skb)
534{
535#ifdef CONFIG_SYN_COOKIES
536 if (sysctl_tcp_syncookies)
537 printk(KERN_INFO
538 "TCPv6: Possible SYN flooding on port %d. "
539 "Sending cookies.\n", ntohs(tcp_hdr(skb)->dest));
540 else
541#endif
542 printk(KERN_INFO
543 "TCPv6: Possible SYN flooding on port %d. "
544 "Dropping request.\n", ntohs(tcp_hdr(skb)->dest));
545}
546
547static void tcp_v6_reqsk_destructor(struct request_sock *req) 534static void tcp_v6_reqsk_destructor(struct request_sock *req)
548{ 535{
549 kfree_skb(inet6_rsk(req)->pktopts); 536 kfree_skb(inet6_rsk(req)->pktopts);
@@ -604,7 +591,8 @@ static int tcp_v6_md5_do_add(struct sock *sk, const struct in6_addr *peer,
604 } 591 }
605 sk_nocaps_add(sk, NETIF_F_GSO_MASK); 592 sk_nocaps_add(sk, NETIF_F_GSO_MASK);
606 } 593 }
607 if (tcp_alloc_md5sig_pool(sk) == NULL) { 594 if (tp->md5sig_info->entries6 == 0 &&
595 tcp_alloc_md5sig_pool(sk) == NULL) {
608 kfree(newkey); 596 kfree(newkey);
609 return -ENOMEM; 597 return -ENOMEM;
610 } 598 }
@@ -613,8 +601,9 @@ static int tcp_v6_md5_do_add(struct sock *sk, const struct in6_addr *peer,
613 (tp->md5sig_info->entries6 + 1)), GFP_ATOMIC); 601 (tp->md5sig_info->entries6 + 1)), GFP_ATOMIC);
614 602
615 if (!keys) { 603 if (!keys) {
616 tcp_free_md5sig_pool();
617 kfree(newkey); 604 kfree(newkey);
605 if (tp->md5sig_info->entries6 == 0)
606 tcp_free_md5sig_pool();
618 return -ENOMEM; 607 return -ENOMEM;
619 } 608 }
620 609
@@ -660,6 +649,7 @@ static int tcp_v6_md5_do_del(struct sock *sk, const struct in6_addr *peer)
660 kfree(tp->md5sig_info->keys6); 649 kfree(tp->md5sig_info->keys6);
661 tp->md5sig_info->keys6 = NULL; 650 tp->md5sig_info->keys6 = NULL;
662 tp->md5sig_info->alloced6 = 0; 651 tp->md5sig_info->alloced6 = 0;
652 tcp_free_md5sig_pool();
663 } else { 653 } else {
664 /* shrink the database */ 654 /* shrink the database */
665 if (tp->md5sig_info->entries6 != i) 655 if (tp->md5sig_info->entries6 != i)
@@ -668,7 +658,6 @@ static int tcp_v6_md5_do_del(struct sock *sk, const struct in6_addr *peer)
668 (tp->md5sig_info->entries6 - i) 658 (tp->md5sig_info->entries6 - i)
669 * sizeof (tp->md5sig_info->keys6[0])); 659 * sizeof (tp->md5sig_info->keys6[0]));
670 } 660 }
671 tcp_free_md5sig_pool();
672 return 0; 661 return 0;
673 } 662 }
674 } 663 }
@@ -772,7 +761,7 @@ static int tcp_v6_md5_hash_pseudoheader(struct tcp_md5sig_pool *hp,
772 761
773static int tcp_v6_md5_hash_hdr(char *md5_hash, struct tcp_md5sig_key *key, 762static int tcp_v6_md5_hash_hdr(char *md5_hash, struct tcp_md5sig_key *key,
774 const struct in6_addr *daddr, struct in6_addr *saddr, 763 const struct in6_addr *daddr, struct in6_addr *saddr,
775 struct tcphdr *th) 764 const struct tcphdr *th)
776{ 765{
777 struct tcp_md5sig_pool *hp; 766 struct tcp_md5sig_pool *hp;
778 struct hash_desc *desc; 767 struct hash_desc *desc;
@@ -804,13 +793,14 @@ clear_hash_noput:
804} 793}
805 794
806static int tcp_v6_md5_hash_skb(char *md5_hash, struct tcp_md5sig_key *key, 795static int tcp_v6_md5_hash_skb(char *md5_hash, struct tcp_md5sig_key *key,
807 struct sock *sk, struct request_sock *req, 796 const struct sock *sk,
808 struct sk_buff *skb) 797 const struct request_sock *req,
798 const struct sk_buff *skb)
809{ 799{
810 const struct in6_addr *saddr, *daddr; 800 const struct in6_addr *saddr, *daddr;
811 struct tcp_md5sig_pool *hp; 801 struct tcp_md5sig_pool *hp;
812 struct hash_desc *desc; 802 struct hash_desc *desc;
813 struct tcphdr *th = tcp_hdr(skb); 803 const struct tcphdr *th = tcp_hdr(skb);
814 804
815 if (sk) { 805 if (sk) {
816 saddr = &inet6_sk(sk)->saddr; 806 saddr = &inet6_sk(sk)->saddr;
@@ -853,12 +843,12 @@ clear_hash_noput:
853 return 1; 843 return 1;
854} 844}
855 845
856static int tcp_v6_inbound_md5_hash (struct sock *sk, struct sk_buff *skb) 846static int tcp_v6_inbound_md5_hash(struct sock *sk, const struct sk_buff *skb)
857{ 847{
858 __u8 *hash_location = NULL; 848 const __u8 *hash_location = NULL;
859 struct tcp_md5sig_key *hash_expected; 849 struct tcp_md5sig_key *hash_expected;
860 const struct ipv6hdr *ip6h = ipv6_hdr(skb); 850 const struct ipv6hdr *ip6h = ipv6_hdr(skb);
861 struct tcphdr *th = tcp_hdr(skb); 851 const struct tcphdr *th = tcp_hdr(skb);
862 int genhash; 852 int genhash;
863 u8 newhash[16]; 853 u8 newhash[16];
864 854
@@ -989,9 +979,10 @@ static int tcp6_gro_complete(struct sk_buff *skb)
989} 979}
990 980
991static void tcp_v6_send_response(struct sk_buff *skb, u32 seq, u32 ack, u32 win, 981static void tcp_v6_send_response(struct sk_buff *skb, u32 seq, u32 ack, u32 win,
992 u32 ts, struct tcp_md5sig_key *key, int rst) 982 u32 ts, struct tcp_md5sig_key *key, int rst, u8 tclass)
993{ 983{
994 struct tcphdr *th = tcp_hdr(skb), *t1; 984 const struct tcphdr *th = tcp_hdr(skb);
985 struct tcphdr *t1;
995 struct sk_buff *buff; 986 struct sk_buff *buff;
996 struct flowi6 fl6; 987 struct flowi6 fl6;
997 struct net *net = dev_net(skb_dst(skb)->dev); 988 struct net *net = dev_net(skb_dst(skb)->dev);
@@ -1069,7 +1060,7 @@ static void tcp_v6_send_response(struct sk_buff *skb, u32 seq, u32 ack, u32 win,
1069 dst = ip6_dst_lookup_flow(ctl_sk, &fl6, NULL, false); 1060 dst = ip6_dst_lookup_flow(ctl_sk, &fl6, NULL, false);
1070 if (!IS_ERR(dst)) { 1061 if (!IS_ERR(dst)) {
1071 skb_dst_set(buff, dst); 1062 skb_dst_set(buff, dst);
1072 ip6_xmit(ctl_sk, buff, &fl6, NULL); 1063 ip6_xmit(ctl_sk, buff, &fl6, NULL, tclass);
1073 TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS); 1064 TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
1074 if (rst) 1065 if (rst)
1075 TCP_INC_STATS_BH(net, TCP_MIB_OUTRSTS); 1066 TCP_INC_STATS_BH(net, TCP_MIB_OUTRSTS);
@@ -1081,7 +1072,7 @@ static void tcp_v6_send_response(struct sk_buff *skb, u32 seq, u32 ack, u32 win,
1081 1072
1082static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb) 1073static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb)
1083{ 1074{
1084 struct tcphdr *th = tcp_hdr(skb); 1075 const struct tcphdr *th = tcp_hdr(skb);
1085 u32 seq = 0, ack_seq = 0; 1076 u32 seq = 0, ack_seq = 0;
1086 struct tcp_md5sig_key *key = NULL; 1077 struct tcp_md5sig_key *key = NULL;
1087 1078
@@ -1102,13 +1093,13 @@ static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb)
1102 ack_seq = ntohl(th->seq) + th->syn + th->fin + skb->len - 1093 ack_seq = ntohl(th->seq) + th->syn + th->fin + skb->len -
1103 (th->doff << 2); 1094 (th->doff << 2);
1104 1095
1105 tcp_v6_send_response(skb, seq, ack_seq, 0, 0, key, 1); 1096 tcp_v6_send_response(skb, seq, ack_seq, 0, 0, key, 1, 0);
1106} 1097}
1107 1098
1108static void tcp_v6_send_ack(struct sk_buff *skb, u32 seq, u32 ack, u32 win, u32 ts, 1099static void tcp_v6_send_ack(struct sk_buff *skb, u32 seq, u32 ack, u32 win, u32 ts,
1109 struct tcp_md5sig_key *key) 1100 struct tcp_md5sig_key *key, u8 tclass)
1110{ 1101{
1111 tcp_v6_send_response(skb, seq, ack, win, ts, key, 0); 1102 tcp_v6_send_response(skb, seq, ack, win, ts, key, 0, tclass);
1112} 1103}
1113 1104
1114static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb) 1105static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
@@ -1118,7 +1109,8 @@ static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
1118 1109
1119 tcp_v6_send_ack(skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt, 1110 tcp_v6_send_ack(skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
1120 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale, 1111 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
1121 tcptw->tw_ts_recent, tcp_twsk_md5_key(tcptw)); 1112 tcptw->tw_ts_recent, tcp_twsk_md5_key(tcptw),
1113 tw->tw_tclass);
1122 1114
1123 inet_twsk_put(tw); 1115 inet_twsk_put(tw);
1124} 1116}
@@ -1127,7 +1119,7 @@ static void tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
1127 struct request_sock *req) 1119 struct request_sock *req)
1128{ 1120{
1129 tcp_v6_send_ack(skb, tcp_rsk(req)->snt_isn + 1, tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd, req->ts_recent, 1121 tcp_v6_send_ack(skb, tcp_rsk(req)->snt_isn + 1, tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd, req->ts_recent,
1130 tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr)); 1122 tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr), 0);
1131} 1123}
1132 1124
1133 1125
@@ -1171,18 +1163,14 @@ static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
1171{ 1163{
1172 struct tcp_extend_values tmp_ext; 1164 struct tcp_extend_values tmp_ext;
1173 struct tcp_options_received tmp_opt; 1165 struct tcp_options_received tmp_opt;
1174 u8 *hash_location; 1166 const u8 *hash_location;
1175 struct request_sock *req; 1167 struct request_sock *req;
1176 struct inet6_request_sock *treq; 1168 struct inet6_request_sock *treq;
1177 struct ipv6_pinfo *np = inet6_sk(sk); 1169 struct ipv6_pinfo *np = inet6_sk(sk);
1178 struct tcp_sock *tp = tcp_sk(sk); 1170 struct tcp_sock *tp = tcp_sk(sk);
1179 __u32 isn = TCP_SKB_CB(skb)->when; 1171 __u32 isn = TCP_SKB_CB(skb)->when;
1180 struct dst_entry *dst = NULL; 1172 struct dst_entry *dst = NULL;
1181#ifdef CONFIG_SYN_COOKIES
1182 int want_cookie = 0; 1173 int want_cookie = 0;
1183#else
1184#define want_cookie 0
1185#endif
1186 1174
1187 if (skb->protocol == htons(ETH_P_IP)) 1175 if (skb->protocol == htons(ETH_P_IP))
1188 return tcp_v4_conn_request(sk, skb); 1176 return tcp_v4_conn_request(sk, skb);
@@ -1191,14 +1179,9 @@ static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
1191 goto drop; 1179 goto drop;
1192 1180
1193 if (inet_csk_reqsk_queue_is_full(sk) && !isn) { 1181 if (inet_csk_reqsk_queue_is_full(sk) && !isn) {
1194 if (net_ratelimit()) 1182 want_cookie = tcp_syn_flood_action(sk, skb, "TCPv6");
1195 syn_flood_warning(skb); 1183 if (!want_cookie)
1196#ifdef CONFIG_SYN_COOKIES 1184 goto drop;
1197 if (sysctl_tcp_syncookies)
1198 want_cookie = 1;
1199 else
1200#endif
1201 goto drop;
1202 } 1185 }
1203 1186
1204 if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1) 1187 if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
@@ -1248,9 +1231,7 @@ static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
1248 while (l-- > 0) 1231 while (l-- > 0)
1249 *c++ ^= *hash_location++; 1232 *c++ ^= *hash_location++;
1250 1233
1251#ifdef CONFIG_SYN_COOKIES
1252 want_cookie = 0; /* not our kind of cookie */ 1234 want_cookie = 0; /* not our kind of cookie */
1253#endif
1254 tmp_ext.cookie_out_never = 0; /* false */ 1235 tmp_ext.cookie_out_never = 0; /* false */
1255 tmp_ext.cookie_plus = tmp_opt.cookie_plus; 1236 tmp_ext.cookie_plus = tmp_opt.cookie_plus;
1256 } else if (!tp->rx_opt.cookie_in_always) { 1237 } else if (!tp->rx_opt.cookie_in_always) {
@@ -1407,6 +1388,8 @@ static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
1407 newtp->af_specific = &tcp_sock_ipv6_mapped_specific; 1388 newtp->af_specific = &tcp_sock_ipv6_mapped_specific;
1408#endif 1389#endif
1409 1390
1391 newnp->ipv6_ac_list = NULL;
1392 newnp->ipv6_fl_list = NULL;
1410 newnp->pktoptions = NULL; 1393 newnp->pktoptions = NULL;
1411 newnp->opt = NULL; 1394 newnp->opt = NULL;
1412 newnp->mcast_oif = inet6_iif(skb); 1395 newnp->mcast_oif = inet6_iif(skb);
@@ -1471,6 +1454,7 @@ static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
1471 First: no IPv4 options. 1454 First: no IPv4 options.
1472 */ 1455 */
1473 newinet->inet_opt = NULL; 1456 newinet->inet_opt = NULL;
1457 newnp->ipv6_ac_list = NULL;
1474 newnp->ipv6_fl_list = NULL; 1458 newnp->ipv6_fl_list = NULL;
1475 1459
1476 /* Clone RX bits */ 1460 /* Clone RX bits */
@@ -1627,7 +1611,7 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
1627 opt_skb = skb_clone(skb, GFP_ATOMIC); 1611 opt_skb = skb_clone(skb, GFP_ATOMIC);
1628 1612
1629 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */ 1613 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1630 sock_rps_save_rxhash(sk, skb->rxhash); 1614 sock_rps_save_rxhash(sk, skb);
1631 if (tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len)) 1615 if (tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len))
1632 goto reset; 1616 goto reset;
1633 if (opt_skb) 1617 if (opt_skb)
@@ -1649,7 +1633,7 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
1649 * the new socket.. 1633 * the new socket..
1650 */ 1634 */
1651 if(nsk != sk) { 1635 if(nsk != sk) {
1652 sock_rps_save_rxhash(nsk, skb->rxhash); 1636 sock_rps_save_rxhash(nsk, skb);
1653 if (tcp_child_process(sk, nsk, skb)) 1637 if (tcp_child_process(sk, nsk, skb))
1654 goto reset; 1638 goto reset;
1655 if (opt_skb) 1639 if (opt_skb)
@@ -1657,7 +1641,7 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
1657 return 0; 1641 return 0;
1658 } 1642 }
1659 } else 1643 } else
1660 sock_rps_save_rxhash(sk, skb->rxhash); 1644 sock_rps_save_rxhash(sk, skb);
1661 1645
1662 if (tcp_rcv_state_process(sk, skb, tcp_hdr(skb), skb->len)) 1646 if (tcp_rcv_state_process(sk, skb, tcp_hdr(skb), skb->len))
1663 goto reset; 1647 goto reset;
@@ -1707,7 +1691,7 @@ ipv6_pktoptions:
1707 1691
1708static int tcp_v6_rcv(struct sk_buff *skb) 1692static int tcp_v6_rcv(struct sk_buff *skb)
1709{ 1693{
1710 struct tcphdr *th; 1694 const struct tcphdr *th;
1711 const struct ipv6hdr *hdr; 1695 const struct ipv6hdr *hdr;
1712 struct sock *sk; 1696 struct sock *sk;
1713 int ret; 1697 int ret;
@@ -1741,7 +1725,7 @@ static int tcp_v6_rcv(struct sk_buff *skb)
1741 skb->len - th->doff*4); 1725 skb->len - th->doff*4);
1742 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq); 1726 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1743 TCP_SKB_CB(skb)->when = 0; 1727 TCP_SKB_CB(skb)->when = 0;
1744 TCP_SKB_CB(skb)->flags = ipv6_get_dsfield(hdr); 1728 TCP_SKB_CB(skb)->ip_dsfield = ipv6_get_dsfield(hdr);
1745 TCP_SKB_CB(skb)->sacked = 0; 1729 TCP_SKB_CB(skb)->sacked = 0;
1746 1730
1747 sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest); 1731 sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest);
@@ -1875,8 +1859,8 @@ static struct inet_peer *tcp_v6_get_peer(struct sock *sk, bool *release_it)
1875 1859
1876static void *tcp_v6_tw_get_peer(struct sock *sk) 1860static void *tcp_v6_tw_get_peer(struct sock *sk)
1877{ 1861{
1878 struct inet6_timewait_sock *tw6 = inet6_twsk(sk); 1862 const struct inet6_timewait_sock *tw6 = inet6_twsk(sk);
1879 struct inet_timewait_sock *tw = inet_twsk(sk); 1863 const struct inet_timewait_sock *tw = inet_twsk(sk);
1880 1864
1881 if (tw->tw_family == AF_INET) 1865 if (tw->tw_family == AF_INET)
1882 return tcp_v4_tw_get_peer(sk); 1866 return tcp_v4_tw_get_peer(sk);
@@ -2031,7 +2015,7 @@ static void tcp_v6_destroy_sock(struct sock *sk)
2031#ifdef CONFIG_PROC_FS 2015#ifdef CONFIG_PROC_FS
2032/* Proc filesystem TCPv6 sock list dumping. */ 2016/* Proc filesystem TCPv6 sock list dumping. */
2033static void get_openreq6(struct seq_file *seq, 2017static void get_openreq6(struct seq_file *seq,
2034 struct sock *sk, struct request_sock *req, int i, int uid) 2018 const struct sock *sk, struct request_sock *req, int i, int uid)
2035{ 2019{
2036 int ttd = req->expires - jiffies; 2020 int ttd = req->expires - jiffies;
2037 const struct in6_addr *src = &inet6_rsk(req)->loc_addr; 2021 const struct in6_addr *src = &inet6_rsk(req)->loc_addr;
@@ -2067,10 +2051,10 @@ static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
2067 __u16 destp, srcp; 2051 __u16 destp, srcp;
2068 int timer_active; 2052 int timer_active;
2069 unsigned long timer_expires; 2053 unsigned long timer_expires;
2070 struct inet_sock *inet = inet_sk(sp); 2054 const struct inet_sock *inet = inet_sk(sp);
2071 struct tcp_sock *tp = tcp_sk(sp); 2055 const struct tcp_sock *tp = tcp_sk(sp);
2072 const struct inet_connection_sock *icsk = inet_csk(sp); 2056 const struct inet_connection_sock *icsk = inet_csk(sp);
2073 struct ipv6_pinfo *np = inet6_sk(sp); 2057 const struct ipv6_pinfo *np = inet6_sk(sp);
2074 2058
2075 dest = &np->daddr; 2059 dest = &np->daddr;
2076 src = &np->rcv_saddr; 2060 src = &np->rcv_saddr;
@@ -2122,7 +2106,7 @@ static void get_timewait6_sock(struct seq_file *seq,
2122{ 2106{
2123 const struct in6_addr *dest, *src; 2107 const struct in6_addr *dest, *src;
2124 __u16 destp, srcp; 2108 __u16 destp, srcp;
2125 struct inet6_timewait_sock *tw6 = inet6_twsk((struct sock *)tw); 2109 const struct inet6_timewait_sock *tw6 = inet6_twsk((struct sock *)tw);
2126 int ttd = tw->tw_ttd - jiffies; 2110 int ttd = tw->tw_ttd - jiffies;
2127 2111
2128 if (ttd < 0) 2112 if (ttd < 0)
diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
index 29213b51c499..f4ca0a5b3457 100644
--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -509,7 +509,7 @@ int udpv6_queue_rcv_skb(struct sock * sk, struct sk_buff *skb)
509 int is_udplite = IS_UDPLITE(sk); 509 int is_udplite = IS_UDPLITE(sk);
510 510
511 if (!ipv6_addr_any(&inet6_sk(sk)->daddr)) 511 if (!ipv6_addr_any(&inet6_sk(sk)->daddr))
512 sock_rps_save_rxhash(sk, skb->rxhash); 512 sock_rps_save_rxhash(sk, skb);
513 513
514 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb)) 514 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
515 goto drop; 515 goto drop;
@@ -533,7 +533,7 @@ int udpv6_queue_rcv_skb(struct sock * sk, struct sk_buff *skb)
533 } 533 }
534 } 534 }
535 535
536 if (rcu_dereference_raw(sk->sk_filter)) { 536 if (rcu_access_pointer(sk->sk_filter)) {
537 if (udp_lib_checksum_complete(skb)) 537 if (udp_lib_checksum_complete(skb))
538 goto drop; 538 goto drop;
539 } 539 }
@@ -1090,8 +1090,8 @@ do_udp_sendmsg:
1090 memset(opt, 0, sizeof(struct ipv6_txoptions)); 1090 memset(opt, 0, sizeof(struct ipv6_txoptions));
1091 opt->tot_len = sizeof(*opt); 1091 opt->tot_len = sizeof(*opt);
1092 1092
1093 err = datagram_send_ctl(sock_net(sk), msg, &fl6, opt, &hlimit, 1093 err = datagram_send_ctl(sock_net(sk), sk, msg, &fl6, opt,
1094 &tclass, &dontfrag); 1094 &hlimit, &tclass, &dontfrag);
1095 if (err < 0) { 1095 if (err < 0) {
1096 fl6_sock_release(flowlabel); 1096 fl6_sock_release(flowlabel);
1097 return err; 1097 return err;
diff --git a/net/ipv6/xfrm6_output.c b/net/ipv6/xfrm6_output.c
index 49a91c5f5623..faae41737fca 100644
--- a/net/ipv6/xfrm6_output.c
+++ b/net/ipv6/xfrm6_output.c
@@ -28,6 +28,43 @@ int xfrm6_find_1stfragopt(struct xfrm_state *x, struct sk_buff *skb,
28 28
29EXPORT_SYMBOL(xfrm6_find_1stfragopt); 29EXPORT_SYMBOL(xfrm6_find_1stfragopt);
30 30
31static int xfrm6_local_dontfrag(struct sk_buff *skb)
32{
33 int proto;
34 struct sock *sk = skb->sk;
35
36 if (sk) {
37 proto = sk->sk_protocol;
38
39 if (proto == IPPROTO_UDP || proto == IPPROTO_RAW)
40 return inet6_sk(sk)->dontfrag;
41 }
42
43 return 0;
44}
45
46static void xfrm6_local_rxpmtu(struct sk_buff *skb, u32 mtu)
47{
48 struct flowi6 fl6;
49 struct sock *sk = skb->sk;
50
51 fl6.flowi6_oif = sk->sk_bound_dev_if;
52 ipv6_addr_copy(&fl6.daddr, &ipv6_hdr(skb)->daddr);
53
54 ipv6_local_rxpmtu(sk, &fl6, mtu);
55}
56
57static void xfrm6_local_error(struct sk_buff *skb, u32 mtu)
58{
59 struct flowi6 fl6;
60 struct sock *sk = skb->sk;
61
62 fl6.fl6_dport = inet_sk(sk)->inet_dport;
63 ipv6_addr_copy(&fl6.daddr, &ipv6_hdr(skb)->daddr);
64
65 ipv6_local_error(sk, EMSGSIZE, &fl6, mtu);
66}
67
31static int xfrm6_tunnel_check_size(struct sk_buff *skb) 68static int xfrm6_tunnel_check_size(struct sk_buff *skb)
32{ 69{
33 int mtu, ret = 0; 70 int mtu, ret = 0;
@@ -39,7 +76,13 @@ static int xfrm6_tunnel_check_size(struct sk_buff *skb)
39 76
40 if (!skb->local_df && skb->len > mtu) { 77 if (!skb->local_df && skb->len > mtu) {
41 skb->dev = dst->dev; 78 skb->dev = dst->dev;
42 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu); 79
80 if (xfrm6_local_dontfrag(skb))
81 xfrm6_local_rxpmtu(skb, mtu);
82 else if (skb->sk)
83 xfrm6_local_error(skb, mtu);
84 else
85 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
43 ret = -EMSGSIZE; 86 ret = -EMSGSIZE;
44 } 87 }
45 88
@@ -93,9 +136,18 @@ static int __xfrm6_output(struct sk_buff *skb)
93{ 136{
94 struct dst_entry *dst = skb_dst(skb); 137 struct dst_entry *dst = skb_dst(skb);
95 struct xfrm_state *x = dst->xfrm; 138 struct xfrm_state *x = dst->xfrm;
139 int mtu = ip6_skb_dst_mtu(skb);
140
141 if (skb->len > mtu && xfrm6_local_dontfrag(skb)) {
142 xfrm6_local_rxpmtu(skb, mtu);
143 return -EMSGSIZE;
144 } else if (!skb->local_df && skb->len > mtu && skb->sk) {
145 xfrm6_local_error(skb, mtu);
146 return -EMSGSIZE;
147 }
96 148
97 if ((x && x->props.mode == XFRM_MODE_TUNNEL) && 149 if ((x && x->props.mode == XFRM_MODE_TUNNEL) &&
98 ((skb->len > ip6_skb_dst_mtu(skb) && !skb_is_gso(skb)) || 150 ((skb->len > mtu && !skb_is_gso(skb)) ||
99 dst_allfrag(skb_dst(skb)))) { 151 dst_allfrag(skb_dst(skb)))) {
100 return ip6_fragment(skb, x->outer_mode->afinfo->output_finish); 152 return ip6_fragment(skb, x->outer_mode->afinfo->output_finish);
101 } 153 }
diff --git a/net/irda/ircomm/ircomm_tty.c b/net/irda/ircomm/ircomm_tty.c
index b3cc8b3989a9..253695d43fd9 100644
--- a/net/irda/ircomm/ircomm_tty.c
+++ b/net/irda/ircomm/ircomm_tty.c
@@ -551,7 +551,7 @@ static void ircomm_tty_close(struct tty_struct *tty, struct file *filp)
551 */ 551 */
552 tty->closing = 1; 552 tty->closing = 1;
553 if (self->closing_wait != ASYNC_CLOSING_WAIT_NONE) 553 if (self->closing_wait != ASYNC_CLOSING_WAIT_NONE)
554 tty_wait_until_sent(tty, self->closing_wait); 554 tty_wait_until_sent_from_close(tty, self->closing_wait);
555 555
556 ircomm_tty_shutdown(self); 556 ircomm_tty_shutdown(self);
557 557
diff --git a/net/irda/irlan/irlan_eth.c b/net/irda/irlan/irlan_eth.c
index e8d5f4405d68..d14152e866d9 100644
--- a/net/irda/irlan/irlan_eth.c
+++ b/net/irda/irlan/irlan_eth.c
@@ -50,7 +50,7 @@ static const struct net_device_ops irlan_eth_netdev_ops = {
50 .ndo_open = irlan_eth_open, 50 .ndo_open = irlan_eth_open,
51 .ndo_stop = irlan_eth_close, 51 .ndo_stop = irlan_eth_close,
52 .ndo_start_xmit = irlan_eth_xmit, 52 .ndo_start_xmit = irlan_eth_xmit,
53 .ndo_set_multicast_list = irlan_eth_set_multicast_list, 53 .ndo_set_rx_mode = irlan_eth_set_multicast_list,
54 .ndo_change_mtu = eth_change_mtu, 54 .ndo_change_mtu = eth_change_mtu,
55 .ndo_validate_addr = eth_validate_addr, 55 .ndo_validate_addr = eth_validate_addr,
56}; 56};
diff --git a/net/irda/irsysctl.c b/net/irda/irsysctl.c
index d0b70dadf73b..2615ffc8e785 100644
--- a/net/irda/irsysctl.c
+++ b/net/irda/irsysctl.c
@@ -40,9 +40,9 @@ extern int sysctl_slot_timeout;
40extern int sysctl_fast_poll_increase; 40extern int sysctl_fast_poll_increase;
41extern char sysctl_devname[]; 41extern char sysctl_devname[];
42extern int sysctl_max_baud_rate; 42extern int sysctl_max_baud_rate;
43extern int sysctl_min_tx_turn_time; 43extern unsigned int sysctl_min_tx_turn_time;
44extern int sysctl_max_tx_data_size; 44extern unsigned int sysctl_max_tx_data_size;
45extern int sysctl_max_tx_window; 45extern unsigned int sysctl_max_tx_window;
46extern int sysctl_max_noreply_time; 46extern int sysctl_max_noreply_time;
47extern int sysctl_warn_noreply_time; 47extern int sysctl_warn_noreply_time;
48extern int sysctl_lap_keepalive_time; 48extern int sysctl_lap_keepalive_time;
diff --git a/net/irda/qos.c b/net/irda/qos.c
index 1b51bcf42394..4369f7f41bcb 100644
--- a/net/irda/qos.c
+++ b/net/irda/qos.c
@@ -60,7 +60,7 @@ int sysctl_max_noreply_time = 12;
60 * Default is 10us which means using the unmodified value given by the 60 * Default is 10us which means using the unmodified value given by the
61 * peer except if it's 0 (0 is likely a bug in the other stack). 61 * peer except if it's 0 (0 is likely a bug in the other stack).
62 */ 62 */
63unsigned sysctl_min_tx_turn_time = 10; 63unsigned int sysctl_min_tx_turn_time = 10;
64/* 64/*
65 * Maximum data size to be used in transmission in payload of LAP frame. 65 * Maximum data size to be used in transmission in payload of LAP frame.
66 * There is a bit of confusion in the IrDA spec : 66 * There is a bit of confusion in the IrDA spec :
@@ -75,13 +75,13 @@ unsigned sysctl_min_tx_turn_time = 10;
75 * bytes frames or all negotiated frame sizes, but you can use the sysctl 75 * bytes frames or all negotiated frame sizes, but you can use the sysctl
76 * to play with this value anyway. 76 * to play with this value anyway.
77 * Jean II */ 77 * Jean II */
78unsigned sysctl_max_tx_data_size = 2042; 78unsigned int sysctl_max_tx_data_size = 2042;
79/* 79/*
80 * Maximum transmit window, i.e. number of LAP frames between turn-around. 80 * Maximum transmit window, i.e. number of LAP frames between turn-around.
81 * This allow to override what the peer told us. Some peers are buggy and 81 * This allow to override what the peer told us. Some peers are buggy and
82 * don't always support what they tell us. 82 * don't always support what they tell us.
83 * Jean II */ 83 * Jean II */
84unsigned sysctl_max_tx_window = 7; 84unsigned int sysctl_max_tx_window = 7;
85 85
86static int irlap_param_baud_rate(void *instance, irda_param_t *param, int get); 86static int irlap_param_baud_rate(void *instance, irda_param_t *param, int get);
87static int irlap_param_link_disconnect(void *instance, irda_param_t *parm, 87static int irlap_param_link_disconnect(void *instance, irda_param_t *parm,
diff --git a/net/iucv/Kconfig b/net/iucv/Kconfig
index 16ce9cd4f39e..497fbe732def 100644
--- a/net/iucv/Kconfig
+++ b/net/iucv/Kconfig
@@ -1,15 +1,17 @@
1config IUCV 1config IUCV
2 tristate "IUCV support (S390 - z/VM only)"
3 depends on S390 2 depends on S390
3 def_tristate y if S390
4 prompt "IUCV support (S390 - z/VM only)"
4 help 5 help
5 Select this option if you want to use inter-user communication 6 Select this option if you want to use inter-user communication
6 under VM or VIF. If you run on z/VM, say "Y" to enable a fast 7 under VM or VIF. If you run on z/VM, say "Y" to enable a fast
7 communication link between VM guests. 8 communication link between VM guests.
8 9
9config AFIUCV 10config AFIUCV
10 tristate "AF_IUCV support (S390 - z/VM only)" 11 depends on S390
11 depends on IUCV 12 def_tristate m if QETH_L3 || IUCV
13 prompt "AF_IUCV Socket support (S390 - z/VM and HiperSockets transport)"
12 help 14 help
13 Select this option if you want to use inter-user communication under 15 Select this option if you want to use AF_IUCV socket applications
14 VM or VIF sockets. If you run on z/VM, say "Y" to enable a fast 16 based on z/VM inter-user communication vehicle or based on
15 communication link between VM guests. 17 HiperSockets.
diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c
index e2013e434d03..274d150320c0 100644
--- a/net/iucv/af_iucv.c
+++ b/net/iucv/af_iucv.c
@@ -27,10 +27,9 @@
27#include <asm/cpcmd.h> 27#include <asm/cpcmd.h>
28#include <linux/kmod.h> 28#include <linux/kmod.h>
29 29
30#include <net/iucv/iucv.h>
31#include <net/iucv/af_iucv.h> 30#include <net/iucv/af_iucv.h>
32 31
33#define VERSION "1.1" 32#define VERSION "1.2"
34 33
35static char iucv_userid[80]; 34static char iucv_userid[80];
36 35
@@ -42,6 +41,8 @@ static struct proto iucv_proto = {
42 .obj_size = sizeof(struct iucv_sock), 41 .obj_size = sizeof(struct iucv_sock),
43}; 42};
44 43
44static struct iucv_interface *pr_iucv;
45
45/* special AF_IUCV IPRM messages */ 46/* special AF_IUCV IPRM messages */
46static const u8 iprm_shutdown[8] = 47static const u8 iprm_shutdown[8] =
47 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}; 48 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01};
@@ -90,6 +91,12 @@ do { \
90static void iucv_sock_kill(struct sock *sk); 91static void iucv_sock_kill(struct sock *sk);
91static void iucv_sock_close(struct sock *sk); 92static void iucv_sock_close(struct sock *sk);
92 93
94static int afiucv_hs_rcv(struct sk_buff *skb, struct net_device *dev,
95 struct packet_type *pt, struct net_device *orig_dev);
96static int afiucv_hs_send(struct iucv_message *imsg, struct sock *sock,
97 struct sk_buff *skb, u8 flags);
98static void afiucv_hs_callback_txnotify(struct sk_buff *, enum iucv_tx_notify);
99
93/* Call Back functions */ 100/* Call Back functions */
94static void iucv_callback_rx(struct iucv_path *, struct iucv_message *); 101static void iucv_callback_rx(struct iucv_path *, struct iucv_message *);
95static void iucv_callback_txdone(struct iucv_path *, struct iucv_message *); 102static void iucv_callback_txdone(struct iucv_path *, struct iucv_message *);
@@ -165,7 +172,7 @@ static int afiucv_pm_freeze(struct device *dev)
165 case IUCV_CLOSING: 172 case IUCV_CLOSING:
166 case IUCV_CONNECTED: 173 case IUCV_CONNECTED:
167 if (iucv->path) { 174 if (iucv->path) {
168 err = iucv_path_sever(iucv->path, NULL); 175 err = pr_iucv->path_sever(iucv->path, NULL);
169 iucv_path_free(iucv->path); 176 iucv_path_free(iucv->path);
170 iucv->path = NULL; 177 iucv->path = NULL;
171 } 178 }
@@ -229,7 +236,7 @@ static const struct dev_pm_ops afiucv_pm_ops = {
229static struct device_driver af_iucv_driver = { 236static struct device_driver af_iucv_driver = {
230 .owner = THIS_MODULE, 237 .owner = THIS_MODULE,
231 .name = "afiucv", 238 .name = "afiucv",
232 .bus = &iucv_bus, 239 .bus = NULL,
233 .pm = &afiucv_pm_ops, 240 .pm = &afiucv_pm_ops,
234}; 241};
235 242
@@ -294,7 +301,11 @@ static inline int iucv_below_msglim(struct sock *sk)
294 301
295 if (sk->sk_state != IUCV_CONNECTED) 302 if (sk->sk_state != IUCV_CONNECTED)
296 return 1; 303 return 1;
297 return (skb_queue_len(&iucv->send_skb_q) < iucv->path->msglim); 304 if (iucv->transport == AF_IUCV_TRANS_IUCV)
305 return (skb_queue_len(&iucv->send_skb_q) < iucv->path->msglim);
306 else
307 return ((atomic_read(&iucv->msg_sent) < iucv->msglimit_peer) &&
308 (atomic_read(&iucv->pendings) <= 0));
298} 309}
299 310
300/** 311/**
@@ -312,6 +323,79 @@ static void iucv_sock_wake_msglim(struct sock *sk)
312 rcu_read_unlock(); 323 rcu_read_unlock();
313} 324}
314 325
326/**
327 * afiucv_hs_send() - send a message through HiperSockets transport
328 */
329static int afiucv_hs_send(struct iucv_message *imsg, struct sock *sock,
330 struct sk_buff *skb, u8 flags)
331{
332 struct net *net = sock_net(sock);
333 struct iucv_sock *iucv = iucv_sk(sock);
334 struct af_iucv_trans_hdr *phs_hdr;
335 struct sk_buff *nskb;
336 int err, confirm_recv = 0;
337
338 memset(skb->head, 0, ETH_HLEN);
339 phs_hdr = (struct af_iucv_trans_hdr *)skb_push(skb,
340 sizeof(struct af_iucv_trans_hdr));
341 skb_reset_mac_header(skb);
342 skb_reset_network_header(skb);
343 skb_push(skb, ETH_HLEN);
344 skb_reset_mac_header(skb);
345 memset(phs_hdr, 0, sizeof(struct af_iucv_trans_hdr));
346
347 phs_hdr->magic = ETH_P_AF_IUCV;
348 phs_hdr->version = 1;
349 phs_hdr->flags = flags;
350 if (flags == AF_IUCV_FLAG_SYN)
351 phs_hdr->window = iucv->msglimit;
352 else if ((flags == AF_IUCV_FLAG_WIN) || !flags) {
353 confirm_recv = atomic_read(&iucv->msg_recv);
354 phs_hdr->window = confirm_recv;
355 if (confirm_recv)
356 phs_hdr->flags = phs_hdr->flags | AF_IUCV_FLAG_WIN;
357 }
358 memcpy(phs_hdr->destUserID, iucv->dst_user_id, 8);
359 memcpy(phs_hdr->destAppName, iucv->dst_name, 8);
360 memcpy(phs_hdr->srcUserID, iucv->src_user_id, 8);
361 memcpy(phs_hdr->srcAppName, iucv->src_name, 8);
362 ASCEBC(phs_hdr->destUserID, sizeof(phs_hdr->destUserID));
363 ASCEBC(phs_hdr->destAppName, sizeof(phs_hdr->destAppName));
364 ASCEBC(phs_hdr->srcUserID, sizeof(phs_hdr->srcUserID));
365 ASCEBC(phs_hdr->srcAppName, sizeof(phs_hdr->srcAppName));
366 if (imsg)
367 memcpy(&phs_hdr->iucv_hdr, imsg, sizeof(struct iucv_message));
368
369 rcu_read_lock();
370 skb->dev = dev_get_by_index_rcu(net, sock->sk_bound_dev_if);
371 rcu_read_unlock();
372 if (!skb->dev)
373 return -ENODEV;
374 if (!(skb->dev->flags & IFF_UP))
375 return -ENETDOWN;
376 if (skb->len > skb->dev->mtu) {
377 if (sock->sk_type == SOCK_SEQPACKET)
378 return -EMSGSIZE;
379 else
380 skb_trim(skb, skb->dev->mtu);
381 }
382 skb->protocol = ETH_P_AF_IUCV;
383 skb_shinfo(skb)->tx_flags |= SKBTX_DRV_NEEDS_SK_REF;
384 nskb = skb_clone(skb, GFP_ATOMIC);
385 if (!nskb)
386 return -ENOMEM;
387 skb_queue_tail(&iucv->send_skb_q, nskb);
388 err = dev_queue_xmit(skb);
389 if (err) {
390 skb_unlink(nskb, &iucv->send_skb_q);
391 kfree_skb(nskb);
392 } else {
393 atomic_sub(confirm_recv, &iucv->msg_recv);
394 WARN_ON(atomic_read(&iucv->msg_recv) < 0);
395 }
396 return err;
397}
398
315/* Timers */ 399/* Timers */
316static void iucv_sock_timeout(unsigned long arg) 400static void iucv_sock_timeout(unsigned long arg)
317{ 401{
@@ -380,6 +464,8 @@ static void iucv_sock_close(struct sock *sk)
380 unsigned char user_data[16]; 464 unsigned char user_data[16];
381 struct iucv_sock *iucv = iucv_sk(sk); 465 struct iucv_sock *iucv = iucv_sk(sk);
382 unsigned long timeo; 466 unsigned long timeo;
467 int err, blen;
468 struct sk_buff *skb;
383 469
384 iucv_sock_clear_timer(sk); 470 iucv_sock_clear_timer(sk);
385 lock_sock(sk); 471 lock_sock(sk);
@@ -390,6 +476,20 @@ static void iucv_sock_close(struct sock *sk)
390 break; 476 break;
391 477
392 case IUCV_CONNECTED: 478 case IUCV_CONNECTED:
479 if (iucv->transport == AF_IUCV_TRANS_HIPER) {
480 /* send fin */
481 blen = sizeof(struct af_iucv_trans_hdr) + ETH_HLEN;
482 skb = sock_alloc_send_skb(sk, blen, 1, &err);
483 if (skb) {
484 skb_reserve(skb,
485 sizeof(struct af_iucv_trans_hdr) +
486 ETH_HLEN);
487 err = afiucv_hs_send(NULL, sk, skb,
488 AF_IUCV_FLAG_FIN);
489 }
490 sk->sk_state = IUCV_DISCONN;
491 sk->sk_state_change(sk);
492 }
393 case IUCV_DISCONN: 493 case IUCV_DISCONN:
394 sk->sk_state = IUCV_CLOSING; 494 sk->sk_state = IUCV_CLOSING;
395 sk->sk_state_change(sk); 495 sk->sk_state_change(sk);
@@ -412,7 +512,7 @@ static void iucv_sock_close(struct sock *sk)
412 low_nmcpy(user_data, iucv->src_name); 512 low_nmcpy(user_data, iucv->src_name);
413 high_nmcpy(user_data, iucv->dst_name); 513 high_nmcpy(user_data, iucv->dst_name);
414 ASCEBC(user_data, sizeof(user_data)); 514 ASCEBC(user_data, sizeof(user_data));
415 iucv_path_sever(iucv->path, user_data); 515 pr_iucv->path_sever(iucv->path, user_data);
416 iucv_path_free(iucv->path); 516 iucv_path_free(iucv->path);
417 iucv->path = NULL; 517 iucv->path = NULL;
418 } 518 }
@@ -444,23 +544,33 @@ static void iucv_sock_init(struct sock *sk, struct sock *parent)
444static struct sock *iucv_sock_alloc(struct socket *sock, int proto, gfp_t prio) 544static struct sock *iucv_sock_alloc(struct socket *sock, int proto, gfp_t prio)
445{ 545{
446 struct sock *sk; 546 struct sock *sk;
547 struct iucv_sock *iucv;
447 548
448 sk = sk_alloc(&init_net, PF_IUCV, prio, &iucv_proto); 549 sk = sk_alloc(&init_net, PF_IUCV, prio, &iucv_proto);
449 if (!sk) 550 if (!sk)
450 return NULL; 551 return NULL;
552 iucv = iucv_sk(sk);
451 553
452 sock_init_data(sock, sk); 554 sock_init_data(sock, sk);
453 INIT_LIST_HEAD(&iucv_sk(sk)->accept_q); 555 INIT_LIST_HEAD(&iucv->accept_q);
454 spin_lock_init(&iucv_sk(sk)->accept_q_lock); 556 spin_lock_init(&iucv->accept_q_lock);
455 skb_queue_head_init(&iucv_sk(sk)->send_skb_q); 557 skb_queue_head_init(&iucv->send_skb_q);
456 INIT_LIST_HEAD(&iucv_sk(sk)->message_q.list); 558 INIT_LIST_HEAD(&iucv->message_q.list);
457 spin_lock_init(&iucv_sk(sk)->message_q.lock); 559 spin_lock_init(&iucv->message_q.lock);
458 skb_queue_head_init(&iucv_sk(sk)->backlog_skb_q); 560 skb_queue_head_init(&iucv->backlog_skb_q);
459 iucv_sk(sk)->send_tag = 0; 561 iucv->send_tag = 0;
460 iucv_sk(sk)->flags = 0; 562 atomic_set(&iucv->pendings, 0);
461 iucv_sk(sk)->msglimit = IUCV_QUEUELEN_DEFAULT; 563 iucv->flags = 0;
462 iucv_sk(sk)->path = NULL; 564 iucv->msglimit = 0;
463 memset(&iucv_sk(sk)->src_user_id , 0, 32); 565 atomic_set(&iucv->msg_sent, 0);
566 atomic_set(&iucv->msg_recv, 0);
567 iucv->path = NULL;
568 iucv->sk_txnotify = afiucv_hs_callback_txnotify;
569 memset(&iucv->src_user_id , 0, 32);
570 if (pr_iucv)
571 iucv->transport = AF_IUCV_TRANS_IUCV;
572 else
573 iucv->transport = AF_IUCV_TRANS_HIPER;
464 574
465 sk->sk_destruct = iucv_sock_destruct; 575 sk->sk_destruct = iucv_sock_destruct;
466 sk->sk_sndtimeo = IUCV_CONN_TIMEOUT; 576 sk->sk_sndtimeo = IUCV_CONN_TIMEOUT;
@@ -591,7 +701,9 @@ static int iucv_sock_bind(struct socket *sock, struct sockaddr *addr,
591 struct sockaddr_iucv *sa = (struct sockaddr_iucv *) addr; 701 struct sockaddr_iucv *sa = (struct sockaddr_iucv *) addr;
592 struct sock *sk = sock->sk; 702 struct sock *sk = sock->sk;
593 struct iucv_sock *iucv; 703 struct iucv_sock *iucv;
594 int err; 704 int err = 0;
705 struct net_device *dev;
706 char uid[9];
595 707
596 /* Verify the input sockaddr */ 708 /* Verify the input sockaddr */
597 if (!addr || addr->sa_family != AF_IUCV) 709 if (!addr || addr->sa_family != AF_IUCV)
@@ -610,19 +722,46 @@ static int iucv_sock_bind(struct socket *sock, struct sockaddr *addr,
610 err = -EADDRINUSE; 722 err = -EADDRINUSE;
611 goto done_unlock; 723 goto done_unlock;
612 } 724 }
613 if (iucv->path) { 725 if (iucv->path)
614 err = 0;
615 goto done_unlock; 726 goto done_unlock;
616 }
617 727
618 /* Bind the socket */ 728 /* Bind the socket */
619 memcpy(iucv->src_name, sa->siucv_name, 8);
620 729
621 /* Copy the user id */ 730 if (pr_iucv)
622 memcpy(iucv->src_user_id, iucv_userid, 8); 731 if (!memcmp(sa->siucv_user_id, iucv_userid, 8))
623 sk->sk_state = IUCV_BOUND; 732 goto vm_bind; /* VM IUCV transport */
624 err = 0;
625 733
734 /* try hiper transport */
735 memcpy(uid, sa->siucv_user_id, sizeof(uid));
736 ASCEBC(uid, 8);
737 rcu_read_lock();
738 for_each_netdev_rcu(&init_net, dev) {
739 if (!memcmp(dev->perm_addr, uid, 8)) {
740 memcpy(iucv->src_name, sa->siucv_name, 8);
741 memcpy(iucv->src_user_id, sa->siucv_user_id, 8);
742 sock->sk->sk_bound_dev_if = dev->ifindex;
743 sk->sk_state = IUCV_BOUND;
744 iucv->transport = AF_IUCV_TRANS_HIPER;
745 if (!iucv->msglimit)
746 iucv->msglimit = IUCV_HIPER_MSGLIM_DEFAULT;
747 rcu_read_unlock();
748 goto done_unlock;
749 }
750 }
751 rcu_read_unlock();
752vm_bind:
753 if (pr_iucv) {
754 /* use local userid for backward compat */
755 memcpy(iucv->src_name, sa->siucv_name, 8);
756 memcpy(iucv->src_user_id, iucv_userid, 8);
757 sk->sk_state = IUCV_BOUND;
758 iucv->transport = AF_IUCV_TRANS_IUCV;
759 if (!iucv->msglimit)
760 iucv->msglimit = IUCV_QUEUELEN_DEFAULT;
761 goto done_unlock;
762 }
763 /* found no dev to bind */
764 err = -ENODEV;
626done_unlock: 765done_unlock:
627 /* Release the socket list lock */ 766 /* Release the socket list lock */
628 write_unlock_bh(&iucv_sk_list.lock); 767 write_unlock_bh(&iucv_sk_list.lock);
@@ -658,45 +797,44 @@ static int iucv_sock_autobind(struct sock *sk)
658 797
659 memcpy(&iucv->src_name, name, 8); 798 memcpy(&iucv->src_name, name, 8);
660 799
800 if (!iucv->msglimit)
801 iucv->msglimit = IUCV_QUEUELEN_DEFAULT;
802
661 return err; 803 return err;
662} 804}
663 805
664/* Connect an unconnected socket */ 806static int afiucv_hs_connect(struct socket *sock)
665static int iucv_sock_connect(struct socket *sock, struct sockaddr *addr,
666 int alen, int flags)
667{ 807{
668 struct sockaddr_iucv *sa = (struct sockaddr_iucv *) addr;
669 struct sock *sk = sock->sk; 808 struct sock *sk = sock->sk;
670 struct iucv_sock *iucv; 809 struct sk_buff *skb;
671 unsigned char user_data[16]; 810 int blen = sizeof(struct af_iucv_trans_hdr) + ETH_HLEN;
672 int err; 811 int err = 0;
673
674 if (addr->sa_family != AF_IUCV || alen < sizeof(struct sockaddr_iucv))
675 return -EINVAL;
676
677 if (sk->sk_state != IUCV_OPEN && sk->sk_state != IUCV_BOUND)
678 return -EBADFD;
679
680 if (sk->sk_type != SOCK_STREAM && sk->sk_type != SOCK_SEQPACKET)
681 return -EINVAL;
682 812
683 if (sk->sk_state == IUCV_OPEN) { 813 /* send syn */
684 err = iucv_sock_autobind(sk); 814 skb = sock_alloc_send_skb(sk, blen, 1, &err);
685 if (unlikely(err)) 815 if (!skb) {
686 return err; 816 err = -ENOMEM;
817 goto done;
687 } 818 }
819 skb->dev = NULL;
820 skb_reserve(skb, blen);
821 err = afiucv_hs_send(NULL, sk, skb, AF_IUCV_FLAG_SYN);
822done:
823 return err;
824}
688 825
689 lock_sock(sk); 826static int afiucv_path_connect(struct socket *sock, struct sockaddr *addr)
690 827{
691 /* Set the destination information */ 828 struct sockaddr_iucv *sa = (struct sockaddr_iucv *) addr;
692 memcpy(iucv_sk(sk)->dst_user_id, sa->siucv_user_id, 8); 829 struct sock *sk = sock->sk;
693 memcpy(iucv_sk(sk)->dst_name, sa->siucv_name, 8); 830 struct iucv_sock *iucv = iucv_sk(sk);
831 unsigned char user_data[16];
832 int err;
694 833
695 high_nmcpy(user_data, sa->siucv_name); 834 high_nmcpy(user_data, sa->siucv_name);
696 low_nmcpy(user_data, iucv_sk(sk)->src_name); 835 low_nmcpy(user_data, iucv->src_name);
697 ASCEBC(user_data, sizeof(user_data)); 836 ASCEBC(user_data, sizeof(user_data));
698 837
699 iucv = iucv_sk(sk);
700 /* Create path. */ 838 /* Create path. */
701 iucv->path = iucv_path_alloc(iucv->msglimit, 839 iucv->path = iucv_path_alloc(iucv->msglimit,
702 IUCV_IPRMDATA, GFP_KERNEL); 840 IUCV_IPRMDATA, GFP_KERNEL);
@@ -704,8 +842,9 @@ static int iucv_sock_connect(struct socket *sock, struct sockaddr *addr,
704 err = -ENOMEM; 842 err = -ENOMEM;
705 goto done; 843 goto done;
706 } 844 }
707 err = iucv_path_connect(iucv->path, &af_iucv_handler, 845 err = pr_iucv->path_connect(iucv->path, &af_iucv_handler,
708 sa->siucv_user_id, NULL, user_data, sk); 846 sa->siucv_user_id, NULL, user_data,
847 sk);
709 if (err) { 848 if (err) {
710 iucv_path_free(iucv->path); 849 iucv_path_free(iucv->path);
711 iucv->path = NULL; 850 iucv->path = NULL;
@@ -724,21 +863,62 @@ static int iucv_sock_connect(struct socket *sock, struct sockaddr *addr,
724 err = -ECONNREFUSED; 863 err = -ECONNREFUSED;
725 break; 864 break;
726 } 865 }
727 goto done;
728 } 866 }
867done:
868 return err;
869}
729 870
730 if (sk->sk_state != IUCV_CONNECTED) { 871/* Connect an unconnected socket */
872static int iucv_sock_connect(struct socket *sock, struct sockaddr *addr,
873 int alen, int flags)
874{
875 struct sockaddr_iucv *sa = (struct sockaddr_iucv *) addr;
876 struct sock *sk = sock->sk;
877 struct iucv_sock *iucv = iucv_sk(sk);
878 int err;
879
880 if (addr->sa_family != AF_IUCV || alen < sizeof(struct sockaddr_iucv))
881 return -EINVAL;
882
883 if (sk->sk_state != IUCV_OPEN && sk->sk_state != IUCV_BOUND)
884 return -EBADFD;
885
886 if (sk->sk_state == IUCV_OPEN &&
887 iucv->transport == AF_IUCV_TRANS_HIPER)
888 return -EBADFD; /* explicit bind required */
889
890 if (sk->sk_type != SOCK_STREAM && sk->sk_type != SOCK_SEQPACKET)
891 return -EINVAL;
892
893 if (sk->sk_state == IUCV_OPEN) {
894 err = iucv_sock_autobind(sk);
895 if (unlikely(err))
896 return err;
897 }
898
899 lock_sock(sk);
900
901 /* Set the destination information */
902 memcpy(iucv->dst_user_id, sa->siucv_user_id, 8);
903 memcpy(iucv->dst_name, sa->siucv_name, 8);
904
905 if (iucv->transport == AF_IUCV_TRANS_HIPER)
906 err = afiucv_hs_connect(sock);
907 else
908 err = afiucv_path_connect(sock, addr);
909 if (err)
910 goto done;
911
912 if (sk->sk_state != IUCV_CONNECTED)
731 err = iucv_sock_wait(sk, iucv_sock_in_state(sk, IUCV_CONNECTED, 913 err = iucv_sock_wait(sk, iucv_sock_in_state(sk, IUCV_CONNECTED,
732 IUCV_DISCONN), 914 IUCV_DISCONN),
733 sock_sndtimeo(sk, flags & O_NONBLOCK)); 915 sock_sndtimeo(sk, flags & O_NONBLOCK));
734 }
735 916
736 if (sk->sk_state == IUCV_DISCONN) { 917 if (sk->sk_state == IUCV_DISCONN || sk->sk_state == IUCV_CLOSED)
737 err = -ECONNREFUSED; 918 err = -ECONNREFUSED;
738 }
739 919
740 if (err) { 920 if (err && iucv->transport == AF_IUCV_TRANS_IUCV) {
741 iucv_path_sever(iucv->path, NULL); 921 pr_iucv->path_sever(iucv->path, NULL);
742 iucv_path_free(iucv->path); 922 iucv_path_free(iucv->path);
743 iucv->path = NULL; 923 iucv->path = NULL;
744 } 924 }
@@ -833,20 +1013,21 @@ static int iucv_sock_getname(struct socket *sock, struct sockaddr *addr,
833{ 1013{
834 struct sockaddr_iucv *siucv = (struct sockaddr_iucv *) addr; 1014 struct sockaddr_iucv *siucv = (struct sockaddr_iucv *) addr;
835 struct sock *sk = sock->sk; 1015 struct sock *sk = sock->sk;
1016 struct iucv_sock *iucv = iucv_sk(sk);
836 1017
837 addr->sa_family = AF_IUCV; 1018 addr->sa_family = AF_IUCV;
838 *len = sizeof(struct sockaddr_iucv); 1019 *len = sizeof(struct sockaddr_iucv);
839 1020
840 if (peer) { 1021 if (peer) {
841 memcpy(siucv->siucv_user_id, iucv_sk(sk)->dst_user_id, 8); 1022 memcpy(siucv->siucv_user_id, iucv->dst_user_id, 8);
842 memcpy(siucv->siucv_name, &iucv_sk(sk)->dst_name, 8); 1023 memcpy(siucv->siucv_name, iucv->dst_name, 8);
843 } else { 1024 } else {
844 memcpy(siucv->siucv_user_id, iucv_sk(sk)->src_user_id, 8); 1025 memcpy(siucv->siucv_user_id, iucv->src_user_id, 8);
845 memcpy(siucv->siucv_name, iucv_sk(sk)->src_name, 8); 1026 memcpy(siucv->siucv_name, iucv->src_name, 8);
846 } 1027 }
847 memset(&siucv->siucv_port, 0, sizeof(siucv->siucv_port)); 1028 memset(&siucv->siucv_port, 0, sizeof(siucv->siucv_port));
848 memset(&siucv->siucv_addr, 0, sizeof(siucv->siucv_addr)); 1029 memset(&siucv->siucv_addr, 0, sizeof(siucv->siucv_addr));
849 memset(siucv->siucv_nodeid, 0, sizeof(siucv->siucv_nodeid)); 1030 memset(&siucv->siucv_nodeid, 0, sizeof(siucv->siucv_nodeid));
850 1031
851 return 0; 1032 return 0;
852} 1033}
@@ -871,7 +1052,7 @@ static int iucv_send_iprm(struct iucv_path *path, struct iucv_message *msg,
871 1052
872 memcpy(prmdata, (void *) skb->data, skb->len); 1053 memcpy(prmdata, (void *) skb->data, skb->len);
873 prmdata[7] = 0xff - (u8) skb->len; 1054 prmdata[7] = 0xff - (u8) skb->len;
874 return iucv_message_send(path, msg, IUCV_IPRMDATA, 0, 1055 return pr_iucv->message_send(path, msg, IUCV_IPRMDATA, 0,
875 (void *) prmdata, 8); 1056 (void *) prmdata, 8);
876} 1057}
877 1058
@@ -960,9 +1141,16 @@ static int iucv_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
960 * this is fine for SOCK_SEQPACKET (unless we want to support 1141 * this is fine for SOCK_SEQPACKET (unless we want to support
961 * segmented records using the MSG_EOR flag), but 1142 * segmented records using the MSG_EOR flag), but
962 * for SOCK_STREAM we might want to improve it in future */ 1143 * for SOCK_STREAM we might want to improve it in future */
963 skb = sock_alloc_send_skb(sk, len, noblock, &err); 1144 if (iucv->transport == AF_IUCV_TRANS_HIPER)
1145 skb = sock_alloc_send_skb(sk,
1146 len + sizeof(struct af_iucv_trans_hdr) + ETH_HLEN,
1147 noblock, &err);
1148 else
1149 skb = sock_alloc_send_skb(sk, len, noblock, &err);
964 if (!skb) 1150 if (!skb)
965 goto out; 1151 goto out;
1152 if (iucv->transport == AF_IUCV_TRANS_HIPER)
1153 skb_reserve(skb, sizeof(struct af_iucv_trans_hdr) + ETH_HLEN);
966 if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) { 1154 if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) {
967 err = -EFAULT; 1155 err = -EFAULT;
968 goto fail; 1156 goto fail;
@@ -983,6 +1171,15 @@ static int iucv_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
983 /* increment and save iucv message tag for msg_completion cbk */ 1171 /* increment and save iucv message tag for msg_completion cbk */
984 txmsg.tag = iucv->send_tag++; 1172 txmsg.tag = iucv->send_tag++;
985 memcpy(CB_TAG(skb), &txmsg.tag, CB_TAG_LEN); 1173 memcpy(CB_TAG(skb), &txmsg.tag, CB_TAG_LEN);
1174 if (iucv->transport == AF_IUCV_TRANS_HIPER) {
1175 atomic_inc(&iucv->msg_sent);
1176 err = afiucv_hs_send(&txmsg, sk, skb, 0);
1177 if (err) {
1178 atomic_dec(&iucv->msg_sent);
1179 goto fail;
1180 }
1181 goto release;
1182 }
986 skb_queue_tail(&iucv->send_skb_q, skb); 1183 skb_queue_tail(&iucv->send_skb_q, skb);
987 1184
988 if (((iucv->path->flags & IUCV_IPRMDATA) & iucv->flags) 1185 if (((iucv->path->flags & IUCV_IPRMDATA) & iucv->flags)
@@ -999,13 +1196,13 @@ static int iucv_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
999 /* this error should never happen since the 1196 /* this error should never happen since the
1000 * IUCV_IPRMDATA path flag is set... sever path */ 1197 * IUCV_IPRMDATA path flag is set... sever path */
1001 if (err == 0x15) { 1198 if (err == 0x15) {
1002 iucv_path_sever(iucv->path, NULL); 1199 pr_iucv->path_sever(iucv->path, NULL);
1003 skb_unlink(skb, &iucv->send_skb_q); 1200 skb_unlink(skb, &iucv->send_skb_q);
1004 err = -EPIPE; 1201 err = -EPIPE;
1005 goto fail; 1202 goto fail;
1006 } 1203 }
1007 } else 1204 } else
1008 err = iucv_message_send(iucv->path, &txmsg, 0, 0, 1205 err = pr_iucv->message_send(iucv->path, &txmsg, 0, 0,
1009 (void *) skb->data, skb->len); 1206 (void *) skb->data, skb->len);
1010 if (err) { 1207 if (err) {
1011 if (err == 3) { 1208 if (err == 3) {
@@ -1023,6 +1220,7 @@ static int iucv_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
1023 goto fail; 1220 goto fail;
1024 } 1221 }
1025 1222
1223release:
1026 release_sock(sk); 1224 release_sock(sk);
1027 return len; 1225 return len;
1028 1226
@@ -1095,8 +1293,9 @@ static void iucv_process_message(struct sock *sk, struct sk_buff *skb,
1095 skb->len = 0; 1293 skb->len = 0;
1096 } 1294 }
1097 } else { 1295 } else {
1098 rc = iucv_message_receive(path, msg, msg->flags & IUCV_IPRMDATA, 1296 rc = pr_iucv->message_receive(path, msg,
1099 skb->data, len, NULL); 1297 msg->flags & IUCV_IPRMDATA,
1298 skb->data, len, NULL);
1100 if (rc) { 1299 if (rc) {
1101 kfree_skb(skb); 1300 kfree_skb(skb);
1102 return; 1301 return;
@@ -1110,7 +1309,7 @@ static void iucv_process_message(struct sock *sk, struct sk_buff *skb,
1110 kfree_skb(skb); 1309 kfree_skb(skb);
1111 skb = NULL; 1310 skb = NULL;
1112 if (rc) { 1311 if (rc) {
1113 iucv_path_sever(path, NULL); 1312 pr_iucv->path_sever(path, NULL);
1114 return; 1313 return;
1115 } 1314 }
1116 skb = skb_dequeue(&iucv_sk(sk)->backlog_skb_q); 1315 skb = skb_dequeue(&iucv_sk(sk)->backlog_skb_q);
@@ -1154,7 +1353,8 @@ static int iucv_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
1154 struct sock *sk = sock->sk; 1353 struct sock *sk = sock->sk;
1155 struct iucv_sock *iucv = iucv_sk(sk); 1354 struct iucv_sock *iucv = iucv_sk(sk);
1156 unsigned int copied, rlen; 1355 unsigned int copied, rlen;
1157 struct sk_buff *skb, *rskb, *cskb; 1356 struct sk_buff *skb, *rskb, *cskb, *sskb;
1357 int blen;
1158 int err = 0; 1358 int err = 0;
1159 1359
1160 if ((sk->sk_state == IUCV_DISCONN || sk->sk_state == IUCV_SEVERED) && 1360 if ((sk->sk_state == IUCV_DISCONN || sk->sk_state == IUCV_SEVERED) &&
@@ -1179,7 +1379,7 @@ static int iucv_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
1179 copied = min_t(unsigned int, rlen, len); 1379 copied = min_t(unsigned int, rlen, len);
1180 1380
1181 cskb = skb; 1381 cskb = skb;
1182 if (memcpy_toiovec(msg->msg_iov, cskb->data, copied)) { 1382 if (skb_copy_datagram_iovec(cskb, 0, msg->msg_iov, copied)) {
1183 if (!(flags & MSG_PEEK)) 1383 if (!(flags & MSG_PEEK))
1184 skb_queue_head(&sk->sk_receive_queue, skb); 1384 skb_queue_head(&sk->sk_receive_queue, skb);
1185 return -EFAULT; 1385 return -EFAULT;
@@ -1217,6 +1417,7 @@ static int iucv_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
1217 } 1417 }
1218 1418
1219 kfree_skb(skb); 1419 kfree_skb(skb);
1420 atomic_inc(&iucv->msg_recv);
1220 1421
1221 /* Queue backlog skbs */ 1422 /* Queue backlog skbs */
1222 spin_lock_bh(&iucv->message_q.lock); 1423 spin_lock_bh(&iucv->message_q.lock);
@@ -1233,6 +1434,24 @@ static int iucv_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
1233 if (skb_queue_empty(&iucv->backlog_skb_q)) { 1434 if (skb_queue_empty(&iucv->backlog_skb_q)) {
1234 if (!list_empty(&iucv->message_q.list)) 1435 if (!list_empty(&iucv->message_q.list))
1235 iucv_process_message_q(sk); 1436 iucv_process_message_q(sk);
1437 if (atomic_read(&iucv->msg_recv) >=
1438 iucv->msglimit / 2) {
1439 /* send WIN to peer */
1440 blen = sizeof(struct af_iucv_trans_hdr) +
1441 ETH_HLEN;
1442 sskb = sock_alloc_send_skb(sk, blen, 1, &err);
1443 if (sskb) {
1444 skb_reserve(sskb,
1445 sizeof(struct af_iucv_trans_hdr)
1446 + ETH_HLEN);
1447 err = afiucv_hs_send(NULL, sk, sskb,
1448 AF_IUCV_FLAG_WIN);
1449 }
1450 if (err) {
1451 sk->sk_state = IUCV_DISCONN;
1452 sk->sk_state_change(sk);
1453 }
1454 }
1236 } 1455 }
1237 spin_unlock_bh(&iucv->message_q.lock); 1456 spin_unlock_bh(&iucv->message_q.lock);
1238 } 1457 }
@@ -1327,8 +1546,8 @@ static int iucv_sock_shutdown(struct socket *sock, int how)
1327 if (how == SEND_SHUTDOWN || how == SHUTDOWN_MASK) { 1546 if (how == SEND_SHUTDOWN || how == SHUTDOWN_MASK) {
1328 txmsg.class = 0; 1547 txmsg.class = 0;
1329 txmsg.tag = 0; 1548 txmsg.tag = 0;
1330 err = iucv_message_send(iucv->path, &txmsg, IUCV_IPRMDATA, 0, 1549 err = pr_iucv->message_send(iucv->path, &txmsg, IUCV_IPRMDATA,
1331 (void *) iprm_shutdown, 8); 1550 0, (void *) iprm_shutdown, 8);
1332 if (err) { 1551 if (err) {
1333 switch (err) { 1552 switch (err) {
1334 case 1: 1553 case 1:
@@ -1345,7 +1564,7 @@ static int iucv_sock_shutdown(struct socket *sock, int how)
1345 } 1564 }
1346 1565
1347 if (how == RCV_SHUTDOWN || how == SHUTDOWN_MASK) { 1566 if (how == RCV_SHUTDOWN || how == SHUTDOWN_MASK) {
1348 err = iucv_path_quiesce(iucv_sk(sk)->path, NULL); 1567 err = pr_iucv->path_quiesce(iucv->path, NULL);
1349 if (err) 1568 if (err)
1350 err = -ENOTCONN; 1569 err = -ENOTCONN;
1351 1570
@@ -1372,7 +1591,7 @@ static int iucv_sock_release(struct socket *sock)
1372 1591
1373 /* Unregister with IUCV base support */ 1592 /* Unregister with IUCV base support */
1374 if (iucv_sk(sk)->path) { 1593 if (iucv_sk(sk)->path) {
1375 iucv_path_sever(iucv_sk(sk)->path, NULL); 1594 pr_iucv->path_sever(iucv_sk(sk)->path, NULL);
1376 iucv_path_free(iucv_sk(sk)->path); 1595 iucv_path_free(iucv_sk(sk)->path);
1377 iucv_sk(sk)->path = NULL; 1596 iucv_sk(sk)->path = NULL;
1378 } 1597 }
@@ -1514,14 +1733,14 @@ static int iucv_callback_connreq(struct iucv_path *path,
1514 high_nmcpy(user_data, iucv->dst_name); 1733 high_nmcpy(user_data, iucv->dst_name);
1515 ASCEBC(user_data, sizeof(user_data)); 1734 ASCEBC(user_data, sizeof(user_data));
1516 if (sk->sk_state != IUCV_LISTEN) { 1735 if (sk->sk_state != IUCV_LISTEN) {
1517 err = iucv_path_sever(path, user_data); 1736 err = pr_iucv->path_sever(path, user_data);
1518 iucv_path_free(path); 1737 iucv_path_free(path);
1519 goto fail; 1738 goto fail;
1520 } 1739 }
1521 1740
1522 /* Check for backlog size */ 1741 /* Check for backlog size */
1523 if (sk_acceptq_is_full(sk)) { 1742 if (sk_acceptq_is_full(sk)) {
1524 err = iucv_path_sever(path, user_data); 1743 err = pr_iucv->path_sever(path, user_data);
1525 iucv_path_free(path); 1744 iucv_path_free(path);
1526 goto fail; 1745 goto fail;
1527 } 1746 }
@@ -1529,7 +1748,7 @@ static int iucv_callback_connreq(struct iucv_path *path,
1529 /* Create the new socket */ 1748 /* Create the new socket */
1530 nsk = iucv_sock_alloc(NULL, sk->sk_type, GFP_ATOMIC); 1749 nsk = iucv_sock_alloc(NULL, sk->sk_type, GFP_ATOMIC);
1531 if (!nsk) { 1750 if (!nsk) {
1532 err = iucv_path_sever(path, user_data); 1751 err = pr_iucv->path_sever(path, user_data);
1533 iucv_path_free(path); 1752 iucv_path_free(path);
1534 goto fail; 1753 goto fail;
1535 } 1754 }
@@ -1553,9 +1772,9 @@ static int iucv_callback_connreq(struct iucv_path *path,
1553 /* set message limit for path based on msglimit of accepting socket */ 1772 /* set message limit for path based on msglimit of accepting socket */
1554 niucv->msglimit = iucv->msglimit; 1773 niucv->msglimit = iucv->msglimit;
1555 path->msglim = iucv->msglimit; 1774 path->msglim = iucv->msglimit;
1556 err = iucv_path_accept(path, &af_iucv_handler, nuser_data, nsk); 1775 err = pr_iucv->path_accept(path, &af_iucv_handler, nuser_data, nsk);
1557 if (err) { 1776 if (err) {
1558 err = iucv_path_sever(path, user_data); 1777 err = pr_iucv->path_sever(path, user_data);
1559 iucv_path_free(path); 1778 iucv_path_free(path);
1560 iucv_sock_kill(nsk); 1779 iucv_sock_kill(nsk);
1561 goto fail; 1780 goto fail;
@@ -1589,7 +1808,7 @@ static void iucv_callback_rx(struct iucv_path *path, struct iucv_message *msg)
1589 int len; 1808 int len;
1590 1809
1591 if (sk->sk_shutdown & RCV_SHUTDOWN) { 1810 if (sk->sk_shutdown & RCV_SHUTDOWN) {
1592 iucv_message_reject(path, msg); 1811 pr_iucv->message_reject(path, msg);
1593 return; 1812 return;
1594 } 1813 }
1595 1814
@@ -1600,7 +1819,7 @@ static void iucv_callback_rx(struct iucv_path *path, struct iucv_message *msg)
1600 goto save_message; 1819 goto save_message;
1601 1820
1602 len = atomic_read(&sk->sk_rmem_alloc); 1821 len = atomic_read(&sk->sk_rmem_alloc);
1603 len += iucv_msg_length(msg) + sizeof(struct sk_buff); 1822 len += SKB_TRUESIZE(iucv_msg_length(msg));
1604 if (len > sk->sk_rcvbuf) 1823 if (len > sk->sk_rcvbuf)
1605 goto save_message; 1824 goto save_message;
1606 1825
@@ -1692,6 +1911,389 @@ static void iucv_callback_shutdown(struct iucv_path *path, u8 ipuser[16])
1692 bh_unlock_sock(sk); 1911 bh_unlock_sock(sk);
1693} 1912}
1694 1913
1914/***************** HiperSockets transport callbacks ********************/
1915static void afiucv_swap_src_dest(struct sk_buff *skb)
1916{
1917 struct af_iucv_trans_hdr *trans_hdr =
1918 (struct af_iucv_trans_hdr *)skb->data;
1919 char tmpID[8];
1920 char tmpName[8];
1921
1922 ASCEBC(trans_hdr->destUserID, sizeof(trans_hdr->destUserID));
1923 ASCEBC(trans_hdr->destAppName, sizeof(trans_hdr->destAppName));
1924 ASCEBC(trans_hdr->srcUserID, sizeof(trans_hdr->srcUserID));
1925 ASCEBC(trans_hdr->srcAppName, sizeof(trans_hdr->srcAppName));
1926 memcpy(tmpID, trans_hdr->srcUserID, 8);
1927 memcpy(tmpName, trans_hdr->srcAppName, 8);
1928 memcpy(trans_hdr->srcUserID, trans_hdr->destUserID, 8);
1929 memcpy(trans_hdr->srcAppName, trans_hdr->destAppName, 8);
1930 memcpy(trans_hdr->destUserID, tmpID, 8);
1931 memcpy(trans_hdr->destAppName, tmpName, 8);
1932 skb_push(skb, ETH_HLEN);
1933 memset(skb->data, 0, ETH_HLEN);
1934}
1935
1936/**
1937 * afiucv_hs_callback_syn - react on received SYN
1938 **/
1939static int afiucv_hs_callback_syn(struct sock *sk, struct sk_buff *skb)
1940{
1941 struct sock *nsk;
1942 struct iucv_sock *iucv, *niucv;
1943 struct af_iucv_trans_hdr *trans_hdr;
1944 int err;
1945
1946 iucv = iucv_sk(sk);
1947 trans_hdr = (struct af_iucv_trans_hdr *)skb->data;
1948 if (!iucv) {
1949 /* no sock - connection refused */
1950 afiucv_swap_src_dest(skb);
1951 trans_hdr->flags = AF_IUCV_FLAG_SYN | AF_IUCV_FLAG_FIN;
1952 err = dev_queue_xmit(skb);
1953 goto out;
1954 }
1955
1956 nsk = iucv_sock_alloc(NULL, sk->sk_type, GFP_ATOMIC);
1957 bh_lock_sock(sk);
1958 if ((sk->sk_state != IUCV_LISTEN) ||
1959 sk_acceptq_is_full(sk) ||
1960 !nsk) {
1961 /* error on server socket - connection refused */
1962 if (nsk)
1963 sk_free(nsk);
1964 afiucv_swap_src_dest(skb);
1965 trans_hdr->flags = AF_IUCV_FLAG_SYN | AF_IUCV_FLAG_FIN;
1966 err = dev_queue_xmit(skb);
1967 bh_unlock_sock(sk);
1968 goto out;
1969 }
1970
1971 niucv = iucv_sk(nsk);
1972 iucv_sock_init(nsk, sk);
1973 niucv->transport = AF_IUCV_TRANS_HIPER;
1974 niucv->msglimit = iucv->msglimit;
1975 if (!trans_hdr->window)
1976 niucv->msglimit_peer = IUCV_HIPER_MSGLIM_DEFAULT;
1977 else
1978 niucv->msglimit_peer = trans_hdr->window;
1979 memcpy(niucv->dst_name, trans_hdr->srcAppName, 8);
1980 memcpy(niucv->dst_user_id, trans_hdr->srcUserID, 8);
1981 memcpy(niucv->src_name, iucv->src_name, 8);
1982 memcpy(niucv->src_user_id, iucv->src_user_id, 8);
1983 nsk->sk_bound_dev_if = sk->sk_bound_dev_if;
1984 afiucv_swap_src_dest(skb);
1985 trans_hdr->flags = AF_IUCV_FLAG_SYN | AF_IUCV_FLAG_ACK;
1986 trans_hdr->window = niucv->msglimit;
1987 /* if receiver acks the xmit connection is established */
1988 err = dev_queue_xmit(skb);
1989 if (!err) {
1990 iucv_accept_enqueue(sk, nsk);
1991 nsk->sk_state = IUCV_CONNECTED;
1992 sk->sk_data_ready(sk, 1);
1993 } else
1994 iucv_sock_kill(nsk);
1995 bh_unlock_sock(sk);
1996
1997out:
1998 return NET_RX_SUCCESS;
1999}
2000
2001/**
2002 * afiucv_hs_callback_synack() - react on received SYN-ACK
2003 **/
2004static int afiucv_hs_callback_synack(struct sock *sk, struct sk_buff *skb)
2005{
2006 struct iucv_sock *iucv = iucv_sk(sk);
2007 struct af_iucv_trans_hdr *trans_hdr =
2008 (struct af_iucv_trans_hdr *)skb->data;
2009
2010 if (!iucv)
2011 goto out;
2012 if (sk->sk_state != IUCV_BOUND)
2013 goto out;
2014 bh_lock_sock(sk);
2015 iucv->msglimit_peer = trans_hdr->window;
2016 sk->sk_state = IUCV_CONNECTED;
2017 sk->sk_state_change(sk);
2018 bh_unlock_sock(sk);
2019out:
2020 kfree_skb(skb);
2021 return NET_RX_SUCCESS;
2022}
2023
2024/**
2025 * afiucv_hs_callback_synfin() - react on received SYN_FIN
2026 **/
2027static int afiucv_hs_callback_synfin(struct sock *sk, struct sk_buff *skb)
2028{
2029 struct iucv_sock *iucv = iucv_sk(sk);
2030
2031 if (!iucv)
2032 goto out;
2033 if (sk->sk_state != IUCV_BOUND)
2034 goto out;
2035 bh_lock_sock(sk);
2036 sk->sk_state = IUCV_DISCONN;
2037 sk->sk_state_change(sk);
2038 bh_unlock_sock(sk);
2039out:
2040 kfree_skb(skb);
2041 return NET_RX_SUCCESS;
2042}
2043
2044/**
2045 * afiucv_hs_callback_fin() - react on received FIN
2046 **/
2047static int afiucv_hs_callback_fin(struct sock *sk, struct sk_buff *skb)
2048{
2049 struct iucv_sock *iucv = iucv_sk(sk);
2050
2051 /* other end of connection closed */
2052 if (iucv) {
2053 bh_lock_sock(sk);
2054 if (!list_empty(&iucv->accept_q))
2055 sk->sk_state = IUCV_SEVERED;
2056 else
2057 sk->sk_state = IUCV_DISCONN;
2058 sk->sk_state_change(sk);
2059 bh_unlock_sock(sk);
2060 }
2061 kfree_skb(skb);
2062 return NET_RX_SUCCESS;
2063}
2064
2065/**
2066 * afiucv_hs_callback_win() - react on received WIN
2067 **/
2068static int afiucv_hs_callback_win(struct sock *sk, struct sk_buff *skb)
2069{
2070 struct iucv_sock *iucv = iucv_sk(sk);
2071 struct af_iucv_trans_hdr *trans_hdr =
2072 (struct af_iucv_trans_hdr *)skb->data;
2073
2074 if (!iucv)
2075 return NET_RX_SUCCESS;
2076
2077 if (sk->sk_state != IUCV_CONNECTED)
2078 return NET_RX_SUCCESS;
2079
2080 atomic_sub(trans_hdr->window, &iucv->msg_sent);
2081 iucv_sock_wake_msglim(sk);
2082 return NET_RX_SUCCESS;
2083}
2084
2085/**
2086 * afiucv_hs_callback_rx() - react on received data
2087 **/
2088static int afiucv_hs_callback_rx(struct sock *sk, struct sk_buff *skb)
2089{
2090 struct iucv_sock *iucv = iucv_sk(sk);
2091
2092 if (!iucv) {
2093 kfree_skb(skb);
2094 return NET_RX_SUCCESS;
2095 }
2096
2097 if (sk->sk_state != IUCV_CONNECTED) {
2098 kfree_skb(skb);
2099 return NET_RX_SUCCESS;
2100 }
2101
2102 /* write stuff from iucv_msg to skb cb */
2103 if (skb->len <= sizeof(struct af_iucv_trans_hdr)) {
2104 kfree_skb(skb);
2105 return NET_RX_SUCCESS;
2106 }
2107 skb_pull(skb, sizeof(struct af_iucv_trans_hdr));
2108 skb_reset_transport_header(skb);
2109 skb_reset_network_header(skb);
2110 spin_lock(&iucv->message_q.lock);
2111 if (skb_queue_empty(&iucv->backlog_skb_q)) {
2112 if (sock_queue_rcv_skb(sk, skb)) {
2113 /* handle rcv queue full */
2114 skb_queue_tail(&iucv->backlog_skb_q, skb);
2115 }
2116 } else
2117 skb_queue_tail(&iucv_sk(sk)->backlog_skb_q, skb);
2118 spin_unlock(&iucv->message_q.lock);
2119 return NET_RX_SUCCESS;
2120}
2121
2122/**
2123 * afiucv_hs_rcv() - base function for arriving data through HiperSockets
2124 * transport
2125 * called from netif RX softirq
2126 **/
2127static int afiucv_hs_rcv(struct sk_buff *skb, struct net_device *dev,
2128 struct packet_type *pt, struct net_device *orig_dev)
2129{
2130 struct hlist_node *node;
2131 struct sock *sk;
2132 struct iucv_sock *iucv;
2133 struct af_iucv_trans_hdr *trans_hdr;
2134 char nullstring[8];
2135 int err = 0;
2136
2137 skb_pull(skb, ETH_HLEN);
2138 trans_hdr = (struct af_iucv_trans_hdr *)skb->data;
2139 EBCASC(trans_hdr->destAppName, sizeof(trans_hdr->destAppName));
2140 EBCASC(trans_hdr->destUserID, sizeof(trans_hdr->destUserID));
2141 EBCASC(trans_hdr->srcAppName, sizeof(trans_hdr->srcAppName));
2142 EBCASC(trans_hdr->srcUserID, sizeof(trans_hdr->srcUserID));
2143 memset(nullstring, 0, sizeof(nullstring));
2144 iucv = NULL;
2145 sk = NULL;
2146 read_lock(&iucv_sk_list.lock);
2147 sk_for_each(sk, node, &iucv_sk_list.head) {
2148 if (trans_hdr->flags == AF_IUCV_FLAG_SYN) {
2149 if ((!memcmp(&iucv_sk(sk)->src_name,
2150 trans_hdr->destAppName, 8)) &&
2151 (!memcmp(&iucv_sk(sk)->src_user_id,
2152 trans_hdr->destUserID, 8)) &&
2153 (!memcmp(&iucv_sk(sk)->dst_name, nullstring, 8)) &&
2154 (!memcmp(&iucv_sk(sk)->dst_user_id,
2155 nullstring, 8))) {
2156 iucv = iucv_sk(sk);
2157 break;
2158 }
2159 } else {
2160 if ((!memcmp(&iucv_sk(sk)->src_name,
2161 trans_hdr->destAppName, 8)) &&
2162 (!memcmp(&iucv_sk(sk)->src_user_id,
2163 trans_hdr->destUserID, 8)) &&
2164 (!memcmp(&iucv_sk(sk)->dst_name,
2165 trans_hdr->srcAppName, 8)) &&
2166 (!memcmp(&iucv_sk(sk)->dst_user_id,
2167 trans_hdr->srcUserID, 8))) {
2168 iucv = iucv_sk(sk);
2169 break;
2170 }
2171 }
2172 }
2173 read_unlock(&iucv_sk_list.lock);
2174 if (!iucv)
2175 sk = NULL;
2176
2177 /* no sock
2178 how should we send with no sock
2179 1) send without sock no send rc checking?
2180 2) introduce default sock to handle this cases
2181
2182 SYN -> send SYN|ACK in good case, send SYN|FIN in bad case
2183 data -> send FIN
2184 SYN|ACK, SYN|FIN, FIN -> no action? */
2185
2186 switch (trans_hdr->flags) {
2187 case AF_IUCV_FLAG_SYN:
2188 /* connect request */
2189 err = afiucv_hs_callback_syn(sk, skb);
2190 break;
2191 case (AF_IUCV_FLAG_SYN | AF_IUCV_FLAG_ACK):
2192 /* connect request confirmed */
2193 err = afiucv_hs_callback_synack(sk, skb);
2194 break;
2195 case (AF_IUCV_FLAG_SYN | AF_IUCV_FLAG_FIN):
2196 /* connect request refused */
2197 err = afiucv_hs_callback_synfin(sk, skb);
2198 break;
2199 case (AF_IUCV_FLAG_FIN):
2200 /* close request */
2201 err = afiucv_hs_callback_fin(sk, skb);
2202 break;
2203 case (AF_IUCV_FLAG_WIN):
2204 err = afiucv_hs_callback_win(sk, skb);
2205 if (skb->len > sizeof(struct af_iucv_trans_hdr))
2206 err = afiucv_hs_callback_rx(sk, skb);
2207 else
2208 kfree(skb);
2209 break;
2210 case 0:
2211 /* plain data frame */
2212 err = afiucv_hs_callback_rx(sk, skb);
2213 break;
2214 default:
2215 ;
2216 }
2217
2218 return err;
2219}
2220
2221/**
2222 * afiucv_hs_callback_txnotify() - handle send notifcations from HiperSockets
2223 * transport
2224 **/
2225static void afiucv_hs_callback_txnotify(struct sk_buff *skb,
2226 enum iucv_tx_notify n)
2227{
2228 struct sock *isk = skb->sk;
2229 struct sock *sk = NULL;
2230 struct iucv_sock *iucv = NULL;
2231 struct sk_buff_head *list;
2232 struct sk_buff *list_skb;
2233 struct sk_buff *this = NULL;
2234 unsigned long flags;
2235 struct hlist_node *node;
2236
2237 read_lock(&iucv_sk_list.lock);
2238 sk_for_each(sk, node, &iucv_sk_list.head)
2239 if (sk == isk) {
2240 iucv = iucv_sk(sk);
2241 break;
2242 }
2243 read_unlock(&iucv_sk_list.lock);
2244
2245 if (!iucv)
2246 return;
2247
2248 bh_lock_sock(sk);
2249 list = &iucv->send_skb_q;
2250 list_skb = list->next;
2251 if (skb_queue_empty(list))
2252 goto out_unlock;
2253
2254 spin_lock_irqsave(&list->lock, flags);
2255 while (list_skb != (struct sk_buff *)list) {
2256 if (skb_shinfo(list_skb) == skb_shinfo(skb)) {
2257 this = list_skb;
2258 switch (n) {
2259 case TX_NOTIFY_OK:
2260 __skb_unlink(this, list);
2261 iucv_sock_wake_msglim(sk);
2262 kfree_skb(this);
2263 break;
2264 case TX_NOTIFY_PENDING:
2265 atomic_inc(&iucv->pendings);
2266 break;
2267 case TX_NOTIFY_DELAYED_OK:
2268 __skb_unlink(this, list);
2269 atomic_dec(&iucv->pendings);
2270 if (atomic_read(&iucv->pendings) <= 0)
2271 iucv_sock_wake_msglim(sk);
2272 kfree_skb(this);
2273 break;
2274 case TX_NOTIFY_UNREACHABLE:
2275 case TX_NOTIFY_DELAYED_UNREACHABLE:
2276 case TX_NOTIFY_TPQFULL: /* not yet used */
2277 case TX_NOTIFY_GENERALERROR:
2278 case TX_NOTIFY_DELAYED_GENERALERROR:
2279 __skb_unlink(this, list);
2280 kfree_skb(this);
2281 if (!list_empty(&iucv->accept_q))
2282 sk->sk_state = IUCV_SEVERED;
2283 else
2284 sk->sk_state = IUCV_DISCONN;
2285 sk->sk_state_change(sk);
2286 break;
2287 }
2288 break;
2289 }
2290 list_skb = list_skb->next;
2291 }
2292 spin_unlock_irqrestore(&list->lock, flags);
2293
2294out_unlock:
2295 bh_unlock_sock(sk);
2296}
1695static const struct proto_ops iucv_sock_ops = { 2297static const struct proto_ops iucv_sock_ops = {
1696 .family = PF_IUCV, 2298 .family = PF_IUCV,
1697 .owner = THIS_MODULE, 2299 .owner = THIS_MODULE,
@@ -1718,71 +2320,104 @@ static const struct net_proto_family iucv_sock_family_ops = {
1718 .create = iucv_sock_create, 2320 .create = iucv_sock_create,
1719}; 2321};
1720 2322
1721static int __init afiucv_init(void) 2323static struct packet_type iucv_packet_type = {
2324 .type = cpu_to_be16(ETH_P_AF_IUCV),
2325 .func = afiucv_hs_rcv,
2326};
2327
2328static int afiucv_iucv_init(void)
1722{ 2329{
1723 int err; 2330 int err;
1724 2331
1725 if (!MACHINE_IS_VM) { 2332 err = pr_iucv->iucv_register(&af_iucv_handler, 0);
1726 pr_err("The af_iucv module cannot be loaded"
1727 " without z/VM\n");
1728 err = -EPROTONOSUPPORT;
1729 goto out;
1730 }
1731 cpcmd("QUERY USERID", iucv_userid, sizeof(iucv_userid), &err);
1732 if (unlikely(err)) {
1733 WARN_ON(err);
1734 err = -EPROTONOSUPPORT;
1735 goto out;
1736 }
1737
1738 err = iucv_register(&af_iucv_handler, 0);
1739 if (err) 2333 if (err)
1740 goto out; 2334 goto out;
1741 err = proto_register(&iucv_proto, 0);
1742 if (err)
1743 goto out_iucv;
1744 err = sock_register(&iucv_sock_family_ops);
1745 if (err)
1746 goto out_proto;
1747 /* establish dummy device */ 2335 /* establish dummy device */
2336 af_iucv_driver.bus = pr_iucv->bus;
1748 err = driver_register(&af_iucv_driver); 2337 err = driver_register(&af_iucv_driver);
1749 if (err) 2338 if (err)
1750 goto out_sock; 2339 goto out_iucv;
1751 af_iucv_dev = kzalloc(sizeof(struct device), GFP_KERNEL); 2340 af_iucv_dev = kzalloc(sizeof(struct device), GFP_KERNEL);
1752 if (!af_iucv_dev) { 2341 if (!af_iucv_dev) {
1753 err = -ENOMEM; 2342 err = -ENOMEM;
1754 goto out_driver; 2343 goto out_driver;
1755 } 2344 }
1756 dev_set_name(af_iucv_dev, "af_iucv"); 2345 dev_set_name(af_iucv_dev, "af_iucv");
1757 af_iucv_dev->bus = &iucv_bus; 2346 af_iucv_dev->bus = pr_iucv->bus;
1758 af_iucv_dev->parent = iucv_root; 2347 af_iucv_dev->parent = pr_iucv->root;
1759 af_iucv_dev->release = (void (*)(struct device *))kfree; 2348 af_iucv_dev->release = (void (*)(struct device *))kfree;
1760 af_iucv_dev->driver = &af_iucv_driver; 2349 af_iucv_dev->driver = &af_iucv_driver;
1761 err = device_register(af_iucv_dev); 2350 err = device_register(af_iucv_dev);
1762 if (err) 2351 if (err)
1763 goto out_driver; 2352 goto out_driver;
1764
1765 return 0; 2353 return 0;
1766 2354
1767out_driver: 2355out_driver:
1768 driver_unregister(&af_iucv_driver); 2356 driver_unregister(&af_iucv_driver);
2357out_iucv:
2358 pr_iucv->iucv_unregister(&af_iucv_handler, 0);
2359out:
2360 return err;
2361}
2362
2363static int __init afiucv_init(void)
2364{
2365 int err;
2366
2367 if (MACHINE_IS_VM) {
2368 cpcmd("QUERY USERID", iucv_userid, sizeof(iucv_userid), &err);
2369 if (unlikely(err)) {
2370 WARN_ON(err);
2371 err = -EPROTONOSUPPORT;
2372 goto out;
2373 }
2374
2375 pr_iucv = try_then_request_module(symbol_get(iucv_if), "iucv");
2376 if (!pr_iucv) {
2377 printk(KERN_WARNING "iucv_if lookup failed\n");
2378 memset(&iucv_userid, 0, sizeof(iucv_userid));
2379 }
2380 } else {
2381 memset(&iucv_userid, 0, sizeof(iucv_userid));
2382 pr_iucv = NULL;
2383 }
2384
2385 err = proto_register(&iucv_proto, 0);
2386 if (err)
2387 goto out;
2388 err = sock_register(&iucv_sock_family_ops);
2389 if (err)
2390 goto out_proto;
2391
2392 if (pr_iucv) {
2393 err = afiucv_iucv_init();
2394 if (err)
2395 goto out_sock;
2396 }
2397 dev_add_pack(&iucv_packet_type);
2398 return 0;
2399
1769out_sock: 2400out_sock:
1770 sock_unregister(PF_IUCV); 2401 sock_unregister(PF_IUCV);
1771out_proto: 2402out_proto:
1772 proto_unregister(&iucv_proto); 2403 proto_unregister(&iucv_proto);
1773out_iucv:
1774 iucv_unregister(&af_iucv_handler, 0);
1775out: 2404out:
2405 if (pr_iucv)
2406 symbol_put(iucv_if);
1776 return err; 2407 return err;
1777} 2408}
1778 2409
1779static void __exit afiucv_exit(void) 2410static void __exit afiucv_exit(void)
1780{ 2411{
1781 device_unregister(af_iucv_dev); 2412 if (pr_iucv) {
1782 driver_unregister(&af_iucv_driver); 2413 device_unregister(af_iucv_dev);
2414 driver_unregister(&af_iucv_driver);
2415 pr_iucv->iucv_unregister(&af_iucv_handler, 0);
2416 symbol_put(iucv_if);
2417 }
2418 dev_remove_pack(&iucv_packet_type);
1783 sock_unregister(PF_IUCV); 2419 sock_unregister(PF_IUCV);
1784 proto_unregister(&iucv_proto); 2420 proto_unregister(&iucv_proto);
1785 iucv_unregister(&af_iucv_handler, 0);
1786} 2421}
1787 2422
1788module_init(afiucv_init); 2423module_init(afiucv_init);
@@ -1793,3 +2428,4 @@ MODULE_DESCRIPTION("IUCV Sockets ver " VERSION);
1793MODULE_VERSION(VERSION); 2428MODULE_VERSION(VERSION);
1794MODULE_LICENSE("GPL"); 2429MODULE_LICENSE("GPL");
1795MODULE_ALIAS_NETPROTO(PF_IUCV); 2430MODULE_ALIAS_NETPROTO(PF_IUCV);
2431
diff --git a/net/iucv/iucv.c b/net/iucv/iucv.c
index 075a3808aa40..403be43b793d 100644
--- a/net/iucv/iucv.c
+++ b/net/iucv/iucv.c
@@ -1974,6 +1974,27 @@ out:
1974 return rc; 1974 return rc;
1975} 1975}
1976 1976
1977struct iucv_interface iucv_if = {
1978 .message_receive = iucv_message_receive,
1979 .__message_receive = __iucv_message_receive,
1980 .message_reply = iucv_message_reply,
1981 .message_reject = iucv_message_reject,
1982 .message_send = iucv_message_send,
1983 .__message_send = __iucv_message_send,
1984 .message_send2way = iucv_message_send2way,
1985 .message_purge = iucv_message_purge,
1986 .path_accept = iucv_path_accept,
1987 .path_connect = iucv_path_connect,
1988 .path_quiesce = iucv_path_quiesce,
1989 .path_resume = iucv_path_resume,
1990 .path_sever = iucv_path_sever,
1991 .iucv_register = iucv_register,
1992 .iucv_unregister = iucv_unregister,
1993 .bus = NULL,
1994 .root = NULL,
1995};
1996EXPORT_SYMBOL(iucv_if);
1997
1977/** 1998/**
1978 * iucv_init 1999 * iucv_init
1979 * 2000 *
@@ -2038,6 +2059,8 @@ static int __init iucv_init(void)
2038 rc = bus_register(&iucv_bus); 2059 rc = bus_register(&iucv_bus);
2039 if (rc) 2060 if (rc)
2040 goto out_reboot; 2061 goto out_reboot;
2062 iucv_if.root = iucv_root;
2063 iucv_if.bus = &iucv_bus;
2041 return 0; 2064 return 0;
2042 2065
2043out_reboot: 2066out_reboot:
diff --git a/net/l2tp/l2tp_core.c b/net/l2tp/l2tp_core.c
index ad4ac2601a56..34b2ddeacb67 100644
--- a/net/l2tp/l2tp_core.c
+++ b/net/l2tp/l2tp_core.c
@@ -1045,8 +1045,10 @@ int l2tp_xmit_skb(struct l2tp_session *session, struct sk_buff *skb, int hdr_len
1045 headroom = NET_SKB_PAD + sizeof(struct iphdr) + 1045 headroom = NET_SKB_PAD + sizeof(struct iphdr) +
1046 uhlen + hdr_len; 1046 uhlen + hdr_len;
1047 old_headroom = skb_headroom(skb); 1047 old_headroom = skb_headroom(skb);
1048 if (skb_cow_head(skb, headroom)) 1048 if (skb_cow_head(skb, headroom)) {
1049 dev_kfree_skb(skb);
1049 goto abort; 1050 goto abort;
1051 }
1050 1052
1051 new_headroom = skb_headroom(skb); 1053 new_headroom = skb_headroom(skb);
1052 skb_orphan(skb); 1054 skb_orphan(skb);
diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c
index f42cd0915966..8a90d756c904 100644
--- a/net/l2tp/l2tp_ppp.c
+++ b/net/l2tp/l2tp_ppp.c
@@ -395,6 +395,7 @@ static int pppol2tp_xmit(struct ppp_channel *chan, struct sk_buff *skb)
395 struct pppol2tp_session *ps; 395 struct pppol2tp_session *ps;
396 int old_headroom; 396 int old_headroom;
397 int new_headroom; 397 int new_headroom;
398 int uhlen, headroom;
398 399
399 if (sock_flag(sk, SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED)) 400 if (sock_flag(sk, SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED))
400 goto abort; 401 goto abort;
@@ -413,7 +414,13 @@ static int pppol2tp_xmit(struct ppp_channel *chan, struct sk_buff *skb)
413 goto abort_put_sess; 414 goto abort_put_sess;
414 415
415 old_headroom = skb_headroom(skb); 416 old_headroom = skb_headroom(skb);
416 if (skb_cow_head(skb, sizeof(ppph))) 417 uhlen = (tunnel->encap == L2TP_ENCAPTYPE_UDP) ? sizeof(struct udphdr) : 0;
418 headroom = NET_SKB_PAD +
419 sizeof(struct iphdr) + /* IP header */
420 uhlen + /* UDP header (if L2TP_ENCAPTYPE_UDP) */
421 session->hdr_len + /* L2TP header */
422 sizeof(ppph); /* PPP header */
423 if (skb_cow_head(skb, headroom))
417 goto abort_put_sess_tun; 424 goto abort_put_sess_tun;
418 425
419 new_headroom = skb_headroom(skb); 426 new_headroom = skb_headroom(skb);
diff --git a/net/lapb/lapb_iface.c b/net/lapb/lapb_iface.c
index 956b7e47dc52..8d0324bac01c 100644
--- a/net/lapb/lapb_iface.c
+++ b/net/lapb/lapb_iface.c
@@ -139,7 +139,8 @@ out:
139 return lapb; 139 return lapb;
140} 140}
141 141
142int lapb_register(struct net_device *dev, struct lapb_register_struct *callbacks) 142int lapb_register(struct net_device *dev,
143 const struct lapb_register_struct *callbacks)
143{ 144{
144 struct lapb_cb *lapb; 145 struct lapb_cb *lapb;
145 int rc = LAPB_BADTOKEN; 146 int rc = LAPB_BADTOKEN;
@@ -158,7 +159,7 @@ int lapb_register(struct net_device *dev, struct lapb_register_struct *callbacks
158 goto out; 159 goto out;
159 160
160 lapb->dev = dev; 161 lapb->dev = dev;
161 lapb->callbacks = *callbacks; 162 lapb->callbacks = callbacks;
162 163
163 __lapb_insert_cb(lapb); 164 __lapb_insert_cb(lapb);
164 165
@@ -380,32 +381,32 @@ int lapb_data_received(struct net_device *dev, struct sk_buff *skb)
380 381
381void lapb_connect_confirmation(struct lapb_cb *lapb, int reason) 382void lapb_connect_confirmation(struct lapb_cb *lapb, int reason)
382{ 383{
383 if (lapb->callbacks.connect_confirmation) 384 if (lapb->callbacks->connect_confirmation)
384 lapb->callbacks.connect_confirmation(lapb->dev, reason); 385 lapb->callbacks->connect_confirmation(lapb->dev, reason);
385} 386}
386 387
387void lapb_connect_indication(struct lapb_cb *lapb, int reason) 388void lapb_connect_indication(struct lapb_cb *lapb, int reason)
388{ 389{
389 if (lapb->callbacks.connect_indication) 390 if (lapb->callbacks->connect_indication)
390 lapb->callbacks.connect_indication(lapb->dev, reason); 391 lapb->callbacks->connect_indication(lapb->dev, reason);
391} 392}
392 393
393void lapb_disconnect_confirmation(struct lapb_cb *lapb, int reason) 394void lapb_disconnect_confirmation(struct lapb_cb *lapb, int reason)
394{ 395{
395 if (lapb->callbacks.disconnect_confirmation) 396 if (lapb->callbacks->disconnect_confirmation)
396 lapb->callbacks.disconnect_confirmation(lapb->dev, reason); 397 lapb->callbacks->disconnect_confirmation(lapb->dev, reason);
397} 398}
398 399
399void lapb_disconnect_indication(struct lapb_cb *lapb, int reason) 400void lapb_disconnect_indication(struct lapb_cb *lapb, int reason)
400{ 401{
401 if (lapb->callbacks.disconnect_indication) 402 if (lapb->callbacks->disconnect_indication)
402 lapb->callbacks.disconnect_indication(lapb->dev, reason); 403 lapb->callbacks->disconnect_indication(lapb->dev, reason);
403} 404}
404 405
405int lapb_data_indication(struct lapb_cb *lapb, struct sk_buff *skb) 406int lapb_data_indication(struct lapb_cb *lapb, struct sk_buff *skb)
406{ 407{
407 if (lapb->callbacks.data_indication) 408 if (lapb->callbacks->data_indication)
408 return lapb->callbacks.data_indication(lapb->dev, skb); 409 return lapb->callbacks->data_indication(lapb->dev, skb);
409 410
410 kfree_skb(skb); 411 kfree_skb(skb);
411 return NET_RX_SUCCESS; /* For now; must be != NET_RX_DROP */ 412 return NET_RX_SUCCESS; /* For now; must be != NET_RX_DROP */
@@ -415,8 +416,8 @@ int lapb_data_transmit(struct lapb_cb *lapb, struct sk_buff *skb)
415{ 416{
416 int used = 0; 417 int used = 0;
417 418
418 if (lapb->callbacks.data_transmit) { 419 if (lapb->callbacks->data_transmit) {
419 lapb->callbacks.data_transmit(lapb->dev, skb); 420 lapb->callbacks->data_transmit(lapb->dev, skb);
420 used = 1; 421 used = 1;
421 } 422 }
422 423
diff --git a/net/mac80211/Kconfig b/net/mac80211/Kconfig
index d1886b59bec4..7d3b438755f0 100644
--- a/net/mac80211/Kconfig
+++ b/net/mac80211/Kconfig
@@ -225,6 +225,18 @@ config MAC80211_VERBOSE_MHWMP_DEBUG
225 225
226 Do not select this option. 226 Do not select this option.
227 227
228config MAC80211_VERBOSE_TDLS_DEBUG
229 bool "Verbose TDLS debugging"
230 depends on MAC80211_DEBUG_MENU
231 ---help---
232 Selecting this option causes mac80211 to print out very
233 verbose TDLS selection debugging messages (when mac80211
234 is a TDLS STA).
235 It should not be selected on production systems as those
236 messages are remotely triggerable.
237
238 Do not select this option.
239
228config MAC80211_DEBUG_COUNTERS 240config MAC80211_DEBUG_COUNTERS
229 bool "Extra statistics for TX/RX debugging" 241 bool "Extra statistics for TX/RX debugging"
230 depends on MAC80211_DEBUG_MENU 242 depends on MAC80211_DEBUG_MENU
diff --git a/net/mac80211/agg-rx.c b/net/mac80211/agg-rx.c
index e6cab51dceb0..f9ec0d97e349 100644
--- a/net/mac80211/agg-rx.c
+++ b/net/mac80211/agg-rx.c
@@ -69,7 +69,7 @@ void ___ieee80211_stop_rx_ba_session(struct sta_info *sta, u16 tid,
69 if (!tid_rx) 69 if (!tid_rx)
70 return; 70 return;
71 71
72 rcu_assign_pointer(sta->ampdu_mlme.tid_rx[tid], NULL); 72 RCU_INIT_POINTER(sta->ampdu_mlme.tid_rx[tid], NULL);
73 73
74#ifdef CONFIG_MAC80211_HT_DEBUG 74#ifdef CONFIG_MAC80211_HT_DEBUG
75 printk(KERN_DEBUG "Rx BA session stop requested for %pM tid %u\n", 75 printk(KERN_DEBUG "Rx BA session stop requested for %pM tid %u\n",
@@ -176,7 +176,8 @@ static void ieee80211_send_addba_resp(struct ieee80211_sub_if_data *sdata, u8 *d
176 memcpy(mgmt->da, da, ETH_ALEN); 176 memcpy(mgmt->da, da, ETH_ALEN);
177 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 177 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
178 if (sdata->vif.type == NL80211_IFTYPE_AP || 178 if (sdata->vif.type == NL80211_IFTYPE_AP ||
179 sdata->vif.type == NL80211_IFTYPE_AP_VLAN) 179 sdata->vif.type == NL80211_IFTYPE_AP_VLAN ||
180 sdata->vif.type == NL80211_IFTYPE_MESH_POINT)
180 memcpy(mgmt->bssid, sdata->vif.addr, ETH_ALEN); 181 memcpy(mgmt->bssid, sdata->vif.addr, ETH_ALEN);
181 else if (sdata->vif.type == NL80211_IFTYPE_STATION) 182 else if (sdata->vif.type == NL80211_IFTYPE_STATION)
182 memcpy(mgmt->bssid, sdata->u.mgd.bssid, ETH_ALEN); 183 memcpy(mgmt->bssid, sdata->u.mgd.bssid, ETH_ALEN);
@@ -223,7 +224,7 @@ void ieee80211_process_addba_request(struct ieee80211_local *local,
223 224
224 status = WLAN_STATUS_REQUEST_DECLINED; 225 status = WLAN_STATUS_REQUEST_DECLINED;
225 226
226 if (test_sta_flags(sta, WLAN_STA_BLOCK_BA)) { 227 if (test_sta_flag(sta, WLAN_STA_BLOCK_BA)) {
227#ifdef CONFIG_MAC80211_HT_DEBUG 228#ifdef CONFIG_MAC80211_HT_DEBUG
228 printk(KERN_DEBUG "Suspend in progress. " 229 printk(KERN_DEBUG "Suspend in progress. "
229 "Denying ADDBA request\n"); 230 "Denying ADDBA request\n");
@@ -325,7 +326,7 @@ void ieee80211_process_addba_request(struct ieee80211_local *local,
325 status = WLAN_STATUS_SUCCESS; 326 status = WLAN_STATUS_SUCCESS;
326 327
327 /* activate it for RX */ 328 /* activate it for RX */
328 rcu_assign_pointer(sta->ampdu_mlme.tid_rx[tid], tid_agg_rx); 329 RCU_INIT_POINTER(sta->ampdu_mlme.tid_rx[tid], tid_agg_rx);
329 330
330 if (timeout) 331 if (timeout)
331 mod_timer(&tid_agg_rx->session_timer, TU_TO_EXP_TIME(timeout)); 332 mod_timer(&tid_agg_rx->session_timer, TU_TO_EXP_TIME(timeout));
diff --git a/net/mac80211/agg-tx.c b/net/mac80211/agg-tx.c
index 3cef5a7281cb..fefc7e506754 100644
--- a/net/mac80211/agg-tx.c
+++ b/net/mac80211/agg-tx.c
@@ -77,7 +77,8 @@ static void ieee80211_send_addba_request(struct ieee80211_sub_if_data *sdata,
77 memcpy(mgmt->da, da, ETH_ALEN); 77 memcpy(mgmt->da, da, ETH_ALEN);
78 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 78 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
79 if (sdata->vif.type == NL80211_IFTYPE_AP || 79 if (sdata->vif.type == NL80211_IFTYPE_AP ||
80 sdata->vif.type == NL80211_IFTYPE_AP_VLAN) 80 sdata->vif.type == NL80211_IFTYPE_AP_VLAN ||
81 sdata->vif.type == NL80211_IFTYPE_MESH_POINT)
81 memcpy(mgmt->bssid, sdata->vif.addr, ETH_ALEN); 82 memcpy(mgmt->bssid, sdata->vif.addr, ETH_ALEN);
82 else if (sdata->vif.type == NL80211_IFTYPE_STATION) 83 else if (sdata->vif.type == NL80211_IFTYPE_STATION)
83 memcpy(mgmt->bssid, sdata->u.mgd.bssid, ETH_ALEN); 84 memcpy(mgmt->bssid, sdata->u.mgd.bssid, ETH_ALEN);
@@ -371,18 +372,13 @@ int ieee80211_start_tx_ba_session(struct ieee80211_sta *pubsta, u16 tid,
371 pubsta->addr, tid); 372 pubsta->addr, tid);
372#endif /* CONFIG_MAC80211_HT_DEBUG */ 373#endif /* CONFIG_MAC80211_HT_DEBUG */
373 374
374 /*
375 * The aggregation code is not prepared to handle
376 * anything but STA/AP due to the BSSID handling.
377 * IBSS could work in the code but isn't supported
378 * by drivers or the standard.
379 */
380 if (sdata->vif.type != NL80211_IFTYPE_STATION && 375 if (sdata->vif.type != NL80211_IFTYPE_STATION &&
376 sdata->vif.type != NL80211_IFTYPE_MESH_POINT &&
381 sdata->vif.type != NL80211_IFTYPE_AP_VLAN && 377 sdata->vif.type != NL80211_IFTYPE_AP_VLAN &&
382 sdata->vif.type != NL80211_IFTYPE_AP) 378 sdata->vif.type != NL80211_IFTYPE_AP)
383 return -EINVAL; 379 return -EINVAL;
384 380
385 if (test_sta_flags(sta, WLAN_STA_BLOCK_BA)) { 381 if (test_sta_flag(sta, WLAN_STA_BLOCK_BA)) {
386#ifdef CONFIG_MAC80211_HT_DEBUG 382#ifdef CONFIG_MAC80211_HT_DEBUG
387 printk(KERN_DEBUG "BA sessions blocked. " 383 printk(KERN_DEBUG "BA sessions blocked. "
388 "Denying BA session request\n"); 384 "Denying BA session request\n");
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index b57ddf941e59..65b72ae2b4e0 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -12,6 +12,7 @@
12#include <linux/slab.h> 12#include <linux/slab.h>
13#include <net/net_namespace.h> 13#include <net/net_namespace.h>
14#include <linux/rcupdate.h> 14#include <linux/rcupdate.h>
15#include <linux/if_ether.h>
15#include <net/cfg80211.h> 16#include <net/cfg80211.h>
16#include "ieee80211_i.h" 17#include "ieee80211_i.h"
17#include "driver-ops.h" 18#include "driver-ops.h"
@@ -62,7 +63,7 @@ static int ieee80211_change_iface(struct wiphy *wiphy,
62 63
63 if (type == NL80211_IFTYPE_AP_VLAN && 64 if (type == NL80211_IFTYPE_AP_VLAN &&
64 params && params->use_4addr == 0) 65 params && params->use_4addr == 0)
65 rcu_assign_pointer(sdata->u.vlan.sta, NULL); 66 RCU_INIT_POINTER(sdata->u.vlan.sta, NULL);
66 else if (type == NL80211_IFTYPE_STATION && 67 else if (type == NL80211_IFTYPE_STATION &&
67 params && params->use_4addr >= 0) 68 params && params->use_4addr >= 0)
68 sdata->u.mgd.use_4addr = params->use_4addr; 69 sdata->u.mgd.use_4addr = params->use_4addr;
@@ -343,7 +344,8 @@ static void sta_set_sinfo(struct sta_info *sta, struct station_info *sinfo)
343 STATION_INFO_RX_BITRATE | 344 STATION_INFO_RX_BITRATE |
344 STATION_INFO_RX_DROP_MISC | 345 STATION_INFO_RX_DROP_MISC |
345 STATION_INFO_BSS_PARAM | 346 STATION_INFO_BSS_PARAM |
346 STATION_INFO_CONNECTED_TIME; 347 STATION_INFO_CONNECTED_TIME |
348 STATION_INFO_STA_FLAGS;
347 349
348 do_posix_clock_monotonic_gettime(&uptime); 350 do_posix_clock_monotonic_gettime(&uptime);
349 sinfo->connected_time = uptime.tv_sec - sta->last_connected; 351 sinfo->connected_time = uptime.tv_sec - sta->last_connected;
@@ -403,6 +405,23 @@ static void sta_set_sinfo(struct sta_info *sta, struct station_info *sinfo)
403 sinfo->bss_param.flags |= BSS_PARAM_FLAGS_SHORT_SLOT_TIME; 405 sinfo->bss_param.flags |= BSS_PARAM_FLAGS_SHORT_SLOT_TIME;
404 sinfo->bss_param.dtim_period = sdata->local->hw.conf.ps_dtim_period; 406 sinfo->bss_param.dtim_period = sdata->local->hw.conf.ps_dtim_period;
405 sinfo->bss_param.beacon_interval = sdata->vif.bss_conf.beacon_int; 407 sinfo->bss_param.beacon_interval = sdata->vif.bss_conf.beacon_int;
408
409 sinfo->sta_flags.set = 0;
410 sinfo->sta_flags.mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
411 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
412 BIT(NL80211_STA_FLAG_WME) |
413 BIT(NL80211_STA_FLAG_MFP) |
414 BIT(NL80211_STA_FLAG_AUTHENTICATED);
415 if (test_sta_flag(sta, WLAN_STA_AUTHORIZED))
416 sinfo->sta_flags.set |= BIT(NL80211_STA_FLAG_AUTHORIZED);
417 if (test_sta_flag(sta, WLAN_STA_SHORT_PREAMBLE))
418 sinfo->sta_flags.set |= BIT(NL80211_STA_FLAG_SHORT_PREAMBLE);
419 if (test_sta_flag(sta, WLAN_STA_WME))
420 sinfo->sta_flags.set |= BIT(NL80211_STA_FLAG_WME);
421 if (test_sta_flag(sta, WLAN_STA_MFP))
422 sinfo->sta_flags.set |= BIT(NL80211_STA_FLAG_MFP);
423 if (test_sta_flag(sta, WLAN_STA_AUTH))
424 sinfo->sta_flags.set |= BIT(NL80211_STA_FLAG_AUTHENTICATED);
406} 425}
407 426
408 427
@@ -556,7 +575,7 @@ static int ieee80211_config_beacon(struct ieee80211_sub_if_data *sdata,
556 575
557 sdata->vif.bss_conf.dtim_period = new->dtim_period; 576 sdata->vif.bss_conf.dtim_period = new->dtim_period;
558 577
559 rcu_assign_pointer(sdata->u.ap.beacon, new); 578 RCU_INIT_POINTER(sdata->u.ap.beacon, new);
560 579
561 synchronize_rcu(); 580 synchronize_rcu();
562 581
@@ -611,7 +630,7 @@ static int ieee80211_del_beacon(struct wiphy *wiphy, struct net_device *dev)
611 if (!old) 630 if (!old)
612 return -ENOENT; 631 return -ENOENT;
613 632
614 rcu_assign_pointer(sdata->u.ap.beacon, NULL); 633 RCU_INIT_POINTER(sdata->u.ap.beacon, NULL);
615 synchronize_rcu(); 634 synchronize_rcu();
616 kfree(old); 635 kfree(old);
617 636
@@ -667,7 +686,6 @@ static void sta_apply_parameters(struct ieee80211_local *local,
667 struct sta_info *sta, 686 struct sta_info *sta,
668 struct station_parameters *params) 687 struct station_parameters *params)
669{ 688{
670 unsigned long flags;
671 u32 rates; 689 u32 rates;
672 int i, j; 690 int i, j;
673 struct ieee80211_supported_band *sband; 691 struct ieee80211_supported_band *sband;
@@ -676,46 +694,58 @@ static void sta_apply_parameters(struct ieee80211_local *local,
676 694
677 sband = local->hw.wiphy->bands[local->oper_channel->band]; 695 sband = local->hw.wiphy->bands[local->oper_channel->band];
678 696
679 spin_lock_irqsave(&sta->flaglock, flags);
680 mask = params->sta_flags_mask; 697 mask = params->sta_flags_mask;
681 set = params->sta_flags_set; 698 set = params->sta_flags_set;
682 699
683 if (mask & BIT(NL80211_STA_FLAG_AUTHORIZED)) { 700 if (mask & BIT(NL80211_STA_FLAG_AUTHORIZED)) {
684 sta->flags &= ~WLAN_STA_AUTHORIZED;
685 if (set & BIT(NL80211_STA_FLAG_AUTHORIZED)) 701 if (set & BIT(NL80211_STA_FLAG_AUTHORIZED))
686 sta->flags |= WLAN_STA_AUTHORIZED; 702 set_sta_flag(sta, WLAN_STA_AUTHORIZED);
703 else
704 clear_sta_flag(sta, WLAN_STA_AUTHORIZED);
687 } 705 }
688 706
689 if (mask & BIT(NL80211_STA_FLAG_SHORT_PREAMBLE)) { 707 if (mask & BIT(NL80211_STA_FLAG_SHORT_PREAMBLE)) {
690 sta->flags &= ~WLAN_STA_SHORT_PREAMBLE;
691 if (set & BIT(NL80211_STA_FLAG_SHORT_PREAMBLE)) 708 if (set & BIT(NL80211_STA_FLAG_SHORT_PREAMBLE))
692 sta->flags |= WLAN_STA_SHORT_PREAMBLE; 709 set_sta_flag(sta, WLAN_STA_SHORT_PREAMBLE);
710 else
711 clear_sta_flag(sta, WLAN_STA_SHORT_PREAMBLE);
693 } 712 }
694 713
695 if (mask & BIT(NL80211_STA_FLAG_WME)) { 714 if (mask & BIT(NL80211_STA_FLAG_WME)) {
696 sta->flags &= ~WLAN_STA_WME;
697 sta->sta.wme = false;
698 if (set & BIT(NL80211_STA_FLAG_WME)) { 715 if (set & BIT(NL80211_STA_FLAG_WME)) {
699 sta->flags |= WLAN_STA_WME; 716 set_sta_flag(sta, WLAN_STA_WME);
700 sta->sta.wme = true; 717 sta->sta.wme = true;
718 } else {
719 clear_sta_flag(sta, WLAN_STA_WME);
720 sta->sta.wme = false;
701 } 721 }
702 } 722 }
703 723
704 if (mask & BIT(NL80211_STA_FLAG_MFP)) { 724 if (mask & BIT(NL80211_STA_FLAG_MFP)) {
705 sta->flags &= ~WLAN_STA_MFP;
706 if (set & BIT(NL80211_STA_FLAG_MFP)) 725 if (set & BIT(NL80211_STA_FLAG_MFP))
707 sta->flags |= WLAN_STA_MFP; 726 set_sta_flag(sta, WLAN_STA_MFP);
727 else
728 clear_sta_flag(sta, WLAN_STA_MFP);
708 } 729 }
709 730
710 if (mask & BIT(NL80211_STA_FLAG_AUTHENTICATED)) { 731 if (mask & BIT(NL80211_STA_FLAG_AUTHENTICATED)) {
711 sta->flags &= ~WLAN_STA_AUTH;
712 if (set & BIT(NL80211_STA_FLAG_AUTHENTICATED)) 732 if (set & BIT(NL80211_STA_FLAG_AUTHENTICATED))
713 sta->flags |= WLAN_STA_AUTH; 733 set_sta_flag(sta, WLAN_STA_AUTH);
734 else
735 clear_sta_flag(sta, WLAN_STA_AUTH);
714 } 736 }
715 spin_unlock_irqrestore(&sta->flaglock, flags);
716 737
717 sta->sta.uapsd_queues = params->uapsd_queues; 738 if (mask & BIT(NL80211_STA_FLAG_TDLS_PEER)) {
718 sta->sta.max_sp = params->max_sp; 739 if (set & BIT(NL80211_STA_FLAG_TDLS_PEER))
740 set_sta_flag(sta, WLAN_STA_TDLS_PEER);
741 else
742 clear_sta_flag(sta, WLAN_STA_TDLS_PEER);
743 }
744
745 if (params->sta_modify_mask & STATION_PARAM_APPLY_UAPSD) {
746 sta->sta.uapsd_queues = params->uapsd_queues;
747 sta->sta.max_sp = params->max_sp;
748 }
719 749
720 /* 750 /*
721 * cfg80211 validates this (1-2007) and allows setting the AID 751 * cfg80211 validates this (1-2007) and allows setting the AID
@@ -802,11 +832,18 @@ static int ieee80211_add_station(struct wiphy *wiphy, struct net_device *dev,
802 if (is_multicast_ether_addr(mac)) 832 if (is_multicast_ether_addr(mac))
803 return -EINVAL; 833 return -EINVAL;
804 834
835 /* Only TDLS-supporting stations can add TDLS peers */
836 if ((params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) &&
837 !((wiphy->flags & WIPHY_FLAG_SUPPORTS_TDLS) &&
838 sdata->vif.type == NL80211_IFTYPE_STATION))
839 return -ENOTSUPP;
840
805 sta = sta_info_alloc(sdata, mac, GFP_KERNEL); 841 sta = sta_info_alloc(sdata, mac, GFP_KERNEL);
806 if (!sta) 842 if (!sta)
807 return -ENOMEM; 843 return -ENOMEM;
808 844
809 sta->flags = WLAN_STA_AUTH | WLAN_STA_ASSOC; 845 set_sta_flag(sta, WLAN_STA_AUTH);
846 set_sta_flag(sta, WLAN_STA_ASSOC);
810 847
811 sta_apply_parameters(local, sta, params); 848 sta_apply_parameters(local, sta, params);
812 849
@@ -862,6 +899,14 @@ static int ieee80211_change_station(struct wiphy *wiphy,
862 return -ENOENT; 899 return -ENOENT;
863 } 900 }
864 901
902 /* The TDLS bit cannot be toggled after the STA was added */
903 if ((params->sta_flags_mask & BIT(NL80211_STA_FLAG_TDLS_PEER)) &&
904 !!(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) !=
905 !!test_sta_flag(sta, WLAN_STA_TDLS_PEER)) {
906 rcu_read_unlock();
907 return -EINVAL;
908 }
909
865 if (params->vlan && params->vlan != sta->sdata->dev) { 910 if (params->vlan && params->vlan != sta->sdata->dev) {
866 vlansdata = IEEE80211_DEV_TO_SUB_IF(params->vlan); 911 vlansdata = IEEE80211_DEV_TO_SUB_IF(params->vlan);
867 912
@@ -877,7 +922,7 @@ static int ieee80211_change_station(struct wiphy *wiphy,
877 return -EBUSY; 922 return -EBUSY;
878 } 923 }
879 924
880 rcu_assign_pointer(vlansdata->u.vlan.sta, sta); 925 RCU_INIT_POINTER(vlansdata->u.vlan.sta, sta);
881 } 926 }
882 927
883 sta->sdata = vlansdata; 928 sta->sdata = vlansdata;
@@ -1271,9 +1316,11 @@ static int ieee80211_change_bss(struct wiphy *wiphy,
1271} 1316}
1272 1317
1273static int ieee80211_set_txq_params(struct wiphy *wiphy, 1318static int ieee80211_set_txq_params(struct wiphy *wiphy,
1319 struct net_device *dev,
1274 struct ieee80211_txq_params *params) 1320 struct ieee80211_txq_params *params)
1275{ 1321{
1276 struct ieee80211_local *local = wiphy_priv(wiphy); 1322 struct ieee80211_local *local = wiphy_priv(wiphy);
1323 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1277 struct ieee80211_tx_queue_params p; 1324 struct ieee80211_tx_queue_params p;
1278 1325
1279 if (!local->ops->conf_tx) 1326 if (!local->ops->conf_tx)
@@ -1294,8 +1341,8 @@ static int ieee80211_set_txq_params(struct wiphy *wiphy,
1294 if (params->queue >= local->hw.queues) 1341 if (params->queue >= local->hw.queues)
1295 return -EINVAL; 1342 return -EINVAL;
1296 1343
1297 local->tx_conf[params->queue] = p; 1344 sdata->tx_conf[params->queue] = p;
1298 if (drv_conf_tx(local, params->queue, &p)) { 1345 if (drv_conf_tx(local, sdata, params->queue, &p)) {
1299 wiphy_debug(local->hw.wiphy, 1346 wiphy_debug(local->hw.wiphy,
1300 "failed to set TX queue parameters for queue %d\n", 1347 "failed to set TX queue parameters for queue %d\n",
1301 params->queue); 1348 params->queue);
@@ -1347,7 +1394,7 @@ static int ieee80211_set_channel(struct wiphy *wiphy,
1347 (old_oper_type != local->_oper_channel_type)) 1394 (old_oper_type != local->_oper_channel_type))
1348 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL); 1395 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL);
1349 1396
1350 if ((sdata && sdata->vif.type != NL80211_IFTYPE_MONITOR) && 1397 if (sdata && sdata->vif.type != NL80211_IFTYPE_MONITOR &&
1351 old_vif_oper_type != sdata->vif.bss_conf.channel_type) 1398 old_vif_oper_type != sdata->vif.bss_conf.channel_type)
1352 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_HT); 1399 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_HT);
1353 1400
@@ -1857,7 +1904,7 @@ ieee80211_offchan_tx_done(struct ieee80211_work *wk, struct sk_buff *skb)
1857 * so in that case userspace will have to deal with it. 1904 * so in that case userspace will have to deal with it.
1858 */ 1905 */
1859 1906
1860 if (wk->offchan_tx.wait && wk->offchan_tx.frame) 1907 if (wk->offchan_tx.wait && !wk->offchan_tx.status)
1861 cfg80211_mgmt_tx_status(wk->sdata->dev, 1908 cfg80211_mgmt_tx_status(wk->sdata->dev,
1862 (unsigned long) wk->offchan_tx.frame, 1909 (unsigned long) wk->offchan_tx.frame,
1863 wk->ie, wk->ie_len, false, GFP_KERNEL); 1910 wk->ie, wk->ie_len, false, GFP_KERNEL);
@@ -1869,7 +1916,8 @@ static int ieee80211_mgmt_tx(struct wiphy *wiphy, struct net_device *dev,
1869 struct ieee80211_channel *chan, bool offchan, 1916 struct ieee80211_channel *chan, bool offchan,
1870 enum nl80211_channel_type channel_type, 1917 enum nl80211_channel_type channel_type,
1871 bool channel_type_valid, unsigned int wait, 1918 bool channel_type_valid, unsigned int wait,
1872 const u8 *buf, size_t len, u64 *cookie) 1919 const u8 *buf, size_t len, bool no_cck,
1920 u64 *cookie)
1873{ 1921{
1874 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1922 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1875 struct ieee80211_local *local = sdata->local; 1923 struct ieee80211_local *local = sdata->local;
@@ -1896,6 +1944,9 @@ static int ieee80211_mgmt_tx(struct wiphy *wiphy, struct net_device *dev,
1896 flags |= IEEE80211_TX_CTL_TX_OFFCHAN; 1944 flags |= IEEE80211_TX_CTL_TX_OFFCHAN;
1897 } 1945 }
1898 1946
1947 if (no_cck)
1948 flags |= IEEE80211_TX_CTL_NO_CCK_RATE;
1949
1899 if (is_offchan && !offchan) 1950 if (is_offchan && !offchan)
1900 return -EBUSY; 1951 return -EBUSY;
1901 1952
@@ -2120,6 +2171,323 @@ static int ieee80211_set_rekey_data(struct wiphy *wiphy,
2120 return 0; 2171 return 0;
2121} 2172}
2122 2173
2174static void ieee80211_tdls_add_ext_capab(struct sk_buff *skb)
2175{
2176 u8 *pos = (void *)skb_put(skb, 7);
2177
2178 *pos++ = WLAN_EID_EXT_CAPABILITY;
2179 *pos++ = 5; /* len */
2180 *pos++ = 0x0;
2181 *pos++ = 0x0;
2182 *pos++ = 0x0;
2183 *pos++ = 0x0;
2184 *pos++ = WLAN_EXT_CAPA5_TDLS_ENABLED;
2185}
2186
2187static u16 ieee80211_get_tdls_sta_capab(struct ieee80211_sub_if_data *sdata)
2188{
2189 struct ieee80211_local *local = sdata->local;
2190 u16 capab;
2191
2192 capab = 0;
2193 if (local->oper_channel->band != IEEE80211_BAND_2GHZ)
2194 return capab;
2195
2196 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE))
2197 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME;
2198 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE))
2199 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE;
2200
2201 return capab;
2202}
2203
2204static void ieee80211_tdls_add_link_ie(struct sk_buff *skb, u8 *src_addr,
2205 u8 *peer, u8 *bssid)
2206{
2207 struct ieee80211_tdls_lnkie *lnkid;
2208
2209 lnkid = (void *)skb_put(skb, sizeof(struct ieee80211_tdls_lnkie));
2210
2211 lnkid->ie_type = WLAN_EID_LINK_ID;
2212 lnkid->ie_len = sizeof(struct ieee80211_tdls_lnkie) - 2;
2213
2214 memcpy(lnkid->bssid, bssid, ETH_ALEN);
2215 memcpy(lnkid->init_sta, src_addr, ETH_ALEN);
2216 memcpy(lnkid->resp_sta, peer, ETH_ALEN);
2217}
2218
2219static int
2220ieee80211_prep_tdls_encap_data(struct wiphy *wiphy, struct net_device *dev,
2221 u8 *peer, u8 action_code, u8 dialog_token,
2222 u16 status_code, struct sk_buff *skb)
2223{
2224 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2225 struct ieee80211_tdls_data *tf;
2226
2227 tf = (void *)skb_put(skb, offsetof(struct ieee80211_tdls_data, u));
2228
2229 memcpy(tf->da, peer, ETH_ALEN);
2230 memcpy(tf->sa, sdata->vif.addr, ETH_ALEN);
2231 tf->ether_type = cpu_to_be16(ETH_P_TDLS);
2232 tf->payload_type = WLAN_TDLS_SNAP_RFTYPE;
2233
2234 switch (action_code) {
2235 case WLAN_TDLS_SETUP_REQUEST:
2236 tf->category = WLAN_CATEGORY_TDLS;
2237 tf->action_code = WLAN_TDLS_SETUP_REQUEST;
2238
2239 skb_put(skb, sizeof(tf->u.setup_req));
2240 tf->u.setup_req.dialog_token = dialog_token;
2241 tf->u.setup_req.capability =
2242 cpu_to_le16(ieee80211_get_tdls_sta_capab(sdata));
2243
2244 ieee80211_add_srates_ie(&sdata->vif, skb);
2245 ieee80211_add_ext_srates_ie(&sdata->vif, skb);
2246 ieee80211_tdls_add_ext_capab(skb);
2247 break;
2248 case WLAN_TDLS_SETUP_RESPONSE:
2249 tf->category = WLAN_CATEGORY_TDLS;
2250 tf->action_code = WLAN_TDLS_SETUP_RESPONSE;
2251
2252 skb_put(skb, sizeof(tf->u.setup_resp));
2253 tf->u.setup_resp.status_code = cpu_to_le16(status_code);
2254 tf->u.setup_resp.dialog_token = dialog_token;
2255 tf->u.setup_resp.capability =
2256 cpu_to_le16(ieee80211_get_tdls_sta_capab(sdata));
2257
2258 ieee80211_add_srates_ie(&sdata->vif, skb);
2259 ieee80211_add_ext_srates_ie(&sdata->vif, skb);
2260 ieee80211_tdls_add_ext_capab(skb);
2261 break;
2262 case WLAN_TDLS_SETUP_CONFIRM:
2263 tf->category = WLAN_CATEGORY_TDLS;
2264 tf->action_code = WLAN_TDLS_SETUP_CONFIRM;
2265
2266 skb_put(skb, sizeof(tf->u.setup_cfm));
2267 tf->u.setup_cfm.status_code = cpu_to_le16(status_code);
2268 tf->u.setup_cfm.dialog_token = dialog_token;
2269 break;
2270 case WLAN_TDLS_TEARDOWN:
2271 tf->category = WLAN_CATEGORY_TDLS;
2272 tf->action_code = WLAN_TDLS_TEARDOWN;
2273
2274 skb_put(skb, sizeof(tf->u.teardown));
2275 tf->u.teardown.reason_code = cpu_to_le16(status_code);
2276 break;
2277 case WLAN_TDLS_DISCOVERY_REQUEST:
2278 tf->category = WLAN_CATEGORY_TDLS;
2279 tf->action_code = WLAN_TDLS_DISCOVERY_REQUEST;
2280
2281 skb_put(skb, sizeof(tf->u.discover_req));
2282 tf->u.discover_req.dialog_token = dialog_token;
2283 break;
2284 default:
2285 return -EINVAL;
2286 }
2287
2288 return 0;
2289}
2290
2291static int
2292ieee80211_prep_tdls_direct(struct wiphy *wiphy, struct net_device *dev,
2293 u8 *peer, u8 action_code, u8 dialog_token,
2294 u16 status_code, struct sk_buff *skb)
2295{
2296 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2297 struct ieee80211_mgmt *mgmt;
2298
2299 mgmt = (void *)skb_put(skb, 24);
2300 memset(mgmt, 0, 24);
2301 memcpy(mgmt->da, peer, ETH_ALEN);
2302 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
2303 memcpy(mgmt->bssid, sdata->u.mgd.bssid, ETH_ALEN);
2304
2305 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
2306 IEEE80211_STYPE_ACTION);
2307
2308 switch (action_code) {
2309 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES:
2310 skb_put(skb, 1 + sizeof(mgmt->u.action.u.tdls_discover_resp));
2311 mgmt->u.action.category = WLAN_CATEGORY_PUBLIC;
2312 mgmt->u.action.u.tdls_discover_resp.action_code =
2313 WLAN_PUB_ACTION_TDLS_DISCOVER_RES;
2314 mgmt->u.action.u.tdls_discover_resp.dialog_token =
2315 dialog_token;
2316 mgmt->u.action.u.tdls_discover_resp.capability =
2317 cpu_to_le16(ieee80211_get_tdls_sta_capab(sdata));
2318
2319 ieee80211_add_srates_ie(&sdata->vif, skb);
2320 ieee80211_add_ext_srates_ie(&sdata->vif, skb);
2321 ieee80211_tdls_add_ext_capab(skb);
2322 break;
2323 default:
2324 return -EINVAL;
2325 }
2326
2327 return 0;
2328}
2329
2330static int ieee80211_tdls_mgmt(struct wiphy *wiphy, struct net_device *dev,
2331 u8 *peer, u8 action_code, u8 dialog_token,
2332 u16 status_code, const u8 *extra_ies,
2333 size_t extra_ies_len)
2334{
2335 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2336 struct ieee80211_local *local = sdata->local;
2337 struct ieee80211_tx_info *info;
2338 struct sk_buff *skb = NULL;
2339 bool send_direct;
2340 int ret;
2341
2342 if (!(wiphy->flags & WIPHY_FLAG_SUPPORTS_TDLS))
2343 return -ENOTSUPP;
2344
2345 /* make sure we are in managed mode, and associated */
2346 if (sdata->vif.type != NL80211_IFTYPE_STATION ||
2347 !sdata->u.mgd.associated)
2348 return -EINVAL;
2349
2350#ifdef CONFIG_MAC80211_VERBOSE_TDLS_DEBUG
2351 printk(KERN_DEBUG "TDLS mgmt action %d peer %pM\n", action_code, peer);
2352#endif
2353
2354 skb = dev_alloc_skb(local->hw.extra_tx_headroom +
2355 max(sizeof(struct ieee80211_mgmt),
2356 sizeof(struct ieee80211_tdls_data)) +
2357 50 + /* supported rates */
2358 7 + /* ext capab */
2359 extra_ies_len +
2360 sizeof(struct ieee80211_tdls_lnkie));
2361 if (!skb)
2362 return -ENOMEM;
2363
2364 info = IEEE80211_SKB_CB(skb);
2365 skb_reserve(skb, local->hw.extra_tx_headroom);
2366
2367 switch (action_code) {
2368 case WLAN_TDLS_SETUP_REQUEST:
2369 case WLAN_TDLS_SETUP_RESPONSE:
2370 case WLAN_TDLS_SETUP_CONFIRM:
2371 case WLAN_TDLS_TEARDOWN:
2372 case WLAN_TDLS_DISCOVERY_REQUEST:
2373 ret = ieee80211_prep_tdls_encap_data(wiphy, dev, peer,
2374 action_code, dialog_token,
2375 status_code, skb);
2376 send_direct = false;
2377 break;
2378 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES:
2379 ret = ieee80211_prep_tdls_direct(wiphy, dev, peer, action_code,
2380 dialog_token, status_code,
2381 skb);
2382 send_direct = true;
2383 break;
2384 default:
2385 ret = -ENOTSUPP;
2386 break;
2387 }
2388
2389 if (ret < 0)
2390 goto fail;
2391
2392 if (extra_ies_len)
2393 memcpy(skb_put(skb, extra_ies_len), extra_ies, extra_ies_len);
2394
2395 /* the TDLS link IE is always added last */
2396 switch (action_code) {
2397 case WLAN_TDLS_SETUP_REQUEST:
2398 case WLAN_TDLS_SETUP_CONFIRM:
2399 case WLAN_TDLS_TEARDOWN:
2400 case WLAN_TDLS_DISCOVERY_REQUEST:
2401 /* we are the initiator */
2402 ieee80211_tdls_add_link_ie(skb, sdata->vif.addr, peer,
2403 sdata->u.mgd.bssid);
2404 break;
2405 case WLAN_TDLS_SETUP_RESPONSE:
2406 case WLAN_PUB_ACTION_TDLS_DISCOVER_RES:
2407 /* we are the responder */
2408 ieee80211_tdls_add_link_ie(skb, peer, sdata->vif.addr,
2409 sdata->u.mgd.bssid);
2410 break;
2411 default:
2412 ret = -ENOTSUPP;
2413 goto fail;
2414 }
2415
2416 if (send_direct) {
2417 ieee80211_tx_skb(sdata, skb);
2418 return 0;
2419 }
2420
2421 /*
2422 * According to 802.11z: Setup req/resp are sent in AC_BK, otherwise
2423 * we should default to AC_VI.
2424 */
2425 switch (action_code) {
2426 case WLAN_TDLS_SETUP_REQUEST:
2427 case WLAN_TDLS_SETUP_RESPONSE:
2428 skb_set_queue_mapping(skb, IEEE80211_AC_BK);
2429 skb->priority = 2;
2430 break;
2431 default:
2432 skb_set_queue_mapping(skb, IEEE80211_AC_VI);
2433 skb->priority = 5;
2434 break;
2435 }
2436
2437 /* disable bottom halves when entering the Tx path */
2438 local_bh_disable();
2439 ret = ieee80211_subif_start_xmit(skb, dev);
2440 local_bh_enable();
2441
2442 return ret;
2443
2444fail:
2445 dev_kfree_skb(skb);
2446 return ret;
2447}
2448
2449static int ieee80211_tdls_oper(struct wiphy *wiphy, struct net_device *dev,
2450 u8 *peer, enum nl80211_tdls_operation oper)
2451{
2452 struct sta_info *sta;
2453 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2454
2455 if (!(wiphy->flags & WIPHY_FLAG_SUPPORTS_TDLS))
2456 return -ENOTSUPP;
2457
2458 if (sdata->vif.type != NL80211_IFTYPE_STATION)
2459 return -EINVAL;
2460
2461#ifdef CONFIG_MAC80211_VERBOSE_TDLS_DEBUG
2462 printk(KERN_DEBUG "TDLS oper %d peer %pM\n", oper, peer);
2463#endif
2464
2465 switch (oper) {
2466 case NL80211_TDLS_ENABLE_LINK:
2467 rcu_read_lock();
2468 sta = sta_info_get(sdata, peer);
2469 if (!sta) {
2470 rcu_read_unlock();
2471 return -ENOLINK;
2472 }
2473
2474 set_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH);
2475 rcu_read_unlock();
2476 break;
2477 case NL80211_TDLS_DISABLE_LINK:
2478 return sta_info_destroy_addr(sdata, peer);
2479 case NL80211_TDLS_TEARDOWN:
2480 case NL80211_TDLS_SETUP:
2481 case NL80211_TDLS_DISCOVERY_REQ:
2482 /* We don't support in-driver setup/teardown/discovery */
2483 return -ENOTSUPP;
2484 default:
2485 return -ENOTSUPP;
2486 }
2487
2488 return 0;
2489}
2490
2123struct cfg80211_ops mac80211_config_ops = { 2491struct cfg80211_ops mac80211_config_ops = {
2124 .add_virtual_intf = ieee80211_add_iface, 2492 .add_virtual_intf = ieee80211_add_iface,
2125 .del_virtual_intf = ieee80211_del_iface, 2493 .del_virtual_intf = ieee80211_del_iface,
@@ -2183,4 +2551,6 @@ struct cfg80211_ops mac80211_config_ops = {
2183 .set_ringparam = ieee80211_set_ringparam, 2551 .set_ringparam = ieee80211_set_ringparam,
2184 .get_ringparam = ieee80211_get_ringparam, 2552 .get_ringparam = ieee80211_get_ringparam,
2185 .set_rekey_data = ieee80211_set_rekey_data, 2553 .set_rekey_data = ieee80211_set_rekey_data,
2554 .tdls_oper = ieee80211_tdls_oper,
2555 .tdls_mgmt = ieee80211_tdls_mgmt,
2186}; 2556};
diff --git a/net/mac80211/debugfs.c b/net/mac80211/debugfs.c
index c9141168fd43..883996b2f99f 100644
--- a/net/mac80211/debugfs.c
+++ b/net/mac80211/debugfs.c
@@ -78,57 +78,6 @@ DEBUGFS_READONLY_FILE(wep_iv, "%#08x",
78DEBUGFS_READONLY_FILE(rate_ctrl_alg, "%s", 78DEBUGFS_READONLY_FILE(rate_ctrl_alg, "%s",
79 local->rate_ctrl ? local->rate_ctrl->ops->name : "hw/driver"); 79 local->rate_ctrl ? local->rate_ctrl->ops->name : "hw/driver");
80 80
81static ssize_t tsf_read(struct file *file, char __user *user_buf,
82 size_t count, loff_t *ppos)
83{
84 struct ieee80211_local *local = file->private_data;
85 u64 tsf;
86
87 tsf = drv_get_tsf(local);
88
89 return mac80211_format_buffer(user_buf, count, ppos, "0x%016llx\n",
90 (unsigned long long) tsf);
91}
92
93static ssize_t tsf_write(struct file *file,
94 const char __user *user_buf,
95 size_t count, loff_t *ppos)
96{
97 struct ieee80211_local *local = file->private_data;
98 unsigned long long tsf;
99 char buf[100];
100 size_t len;
101
102 len = min(count, sizeof(buf) - 1);
103 if (copy_from_user(buf, user_buf, len))
104 return -EFAULT;
105 buf[len] = '\0';
106
107 if (strncmp(buf, "reset", 5) == 0) {
108 if (local->ops->reset_tsf) {
109 drv_reset_tsf(local);
110 wiphy_info(local->hw.wiphy, "debugfs reset TSF\n");
111 }
112 } else {
113 tsf = simple_strtoul(buf, NULL, 0);
114 if (local->ops->set_tsf) {
115 drv_set_tsf(local, tsf);
116 wiphy_info(local->hw.wiphy,
117 "debugfs set TSF to %#018llx\n", tsf);
118
119 }
120 }
121
122 return count;
123}
124
125static const struct file_operations tsf_ops = {
126 .read = tsf_read,
127 .write = tsf_write,
128 .open = mac80211_open_file_generic,
129 .llseek = default_llseek,
130};
131
132static ssize_t reset_write(struct file *file, const char __user *user_buf, 81static ssize_t reset_write(struct file *file, const char __user *user_buf,
133 size_t count, loff_t *ppos) 82 size_t count, loff_t *ppos)
134{ 83{
@@ -447,7 +396,6 @@ void debugfs_hw_add(struct ieee80211_local *local)
447 DEBUGFS_ADD(frequency); 396 DEBUGFS_ADD(frequency);
448 DEBUGFS_ADD(total_ps_buffered); 397 DEBUGFS_ADD(total_ps_buffered);
449 DEBUGFS_ADD(wep_iv); 398 DEBUGFS_ADD(wep_iv);
450 DEBUGFS_ADD(tsf);
451 DEBUGFS_ADD(queues); 399 DEBUGFS_ADD(queues);
452 DEBUGFS_ADD_MODE(reset, 0200); 400 DEBUGFS_ADD_MODE(reset, 0200);
453 DEBUGFS_ADD(noack); 401 DEBUGFS_ADD(noack);
diff --git a/net/mac80211/debugfs_netdev.c b/net/mac80211/debugfs_netdev.c
index dd0462917518..9352819a986b 100644
--- a/net/mac80211/debugfs_netdev.c
+++ b/net/mac80211/debugfs_netdev.c
@@ -21,6 +21,7 @@
21#include "rate.h" 21#include "rate.h"
22#include "debugfs.h" 22#include "debugfs.h"
23#include "debugfs_netdev.h" 23#include "debugfs_netdev.h"
24#include "driver-ops.h"
24 25
25static ssize_t ieee80211_if_read( 26static ssize_t ieee80211_if_read(
26 struct ieee80211_sub_if_data *sdata, 27 struct ieee80211_sub_if_data *sdata,
@@ -331,6 +332,46 @@ static ssize_t ieee80211_if_fmt_num_buffered_multicast(
331} 332}
332__IEEE80211_IF_FILE(num_buffered_multicast, NULL); 333__IEEE80211_IF_FILE(num_buffered_multicast, NULL);
333 334
335/* IBSS attributes */
336static ssize_t ieee80211_if_fmt_tsf(
337 const struct ieee80211_sub_if_data *sdata, char *buf, int buflen)
338{
339 struct ieee80211_local *local = sdata->local;
340 u64 tsf;
341
342 tsf = drv_get_tsf(local, (struct ieee80211_sub_if_data *)sdata);
343
344 return scnprintf(buf, buflen, "0x%016llx\n", (unsigned long long) tsf);
345}
346
347static ssize_t ieee80211_if_parse_tsf(
348 struct ieee80211_sub_if_data *sdata, const char *buf, int buflen)
349{
350 struct ieee80211_local *local = sdata->local;
351 unsigned long long tsf;
352 int ret;
353
354 if (strncmp(buf, "reset", 5) == 0) {
355 if (local->ops->reset_tsf) {
356 drv_reset_tsf(local, sdata);
357 wiphy_info(local->hw.wiphy, "debugfs reset TSF\n");
358 }
359 } else {
360 ret = kstrtoull(buf, 10, &tsf);
361 if (ret < 0)
362 return -EINVAL;
363 if (local->ops->set_tsf) {
364 drv_set_tsf(local, sdata, tsf);
365 wiphy_info(local->hw.wiphy,
366 "debugfs set TSF to %#018llx\n", tsf);
367 }
368 }
369
370 return buflen;
371}
372__IEEE80211_IF_FILE_W(tsf);
373
374
334/* WDS attributes */ 375/* WDS attributes */
335IEEE80211_IF_FILE(peer, u.wds.remote_addr, MAC); 376IEEE80211_IF_FILE(peer, u.wds.remote_addr, MAC);
336 377
@@ -421,6 +462,11 @@ static void add_ap_files(struct ieee80211_sub_if_data *sdata)
421 DEBUGFS_ADD_MODE(tkip_mic_test, 0200); 462 DEBUGFS_ADD_MODE(tkip_mic_test, 0200);
422} 463}
423 464
465static void add_ibss_files(struct ieee80211_sub_if_data *sdata)
466{
467 DEBUGFS_ADD_MODE(tsf, 0600);
468}
469
424static void add_wds_files(struct ieee80211_sub_if_data *sdata) 470static void add_wds_files(struct ieee80211_sub_if_data *sdata)
425{ 471{
426 DEBUGFS_ADD(drop_unencrypted); 472 DEBUGFS_ADD(drop_unencrypted);
@@ -515,7 +561,7 @@ static void add_files(struct ieee80211_sub_if_data *sdata)
515 add_sta_files(sdata); 561 add_sta_files(sdata);
516 break; 562 break;
517 case NL80211_IFTYPE_ADHOC: 563 case NL80211_IFTYPE_ADHOC:
518 /* XXX */ 564 add_ibss_files(sdata);
519 break; 565 break;
520 case NL80211_IFTYPE_AP: 566 case NL80211_IFTYPE_AP:
521 add_ap_files(sdata); 567 add_ap_files(sdata);
diff --git a/net/mac80211/debugfs_sta.c b/net/mac80211/debugfs_sta.c
index a01d2137fddc..c5f341798c16 100644
--- a/net/mac80211/debugfs_sta.c
+++ b/net/mac80211/debugfs_sta.c
@@ -56,19 +56,22 @@ STA_FILE(last_signal, last_signal, D);
56static ssize_t sta_flags_read(struct file *file, char __user *userbuf, 56static ssize_t sta_flags_read(struct file *file, char __user *userbuf,
57 size_t count, loff_t *ppos) 57 size_t count, loff_t *ppos)
58{ 58{
59 char buf[100]; 59 char buf[121];
60 struct sta_info *sta = file->private_data; 60 struct sta_info *sta = file->private_data;
61 u32 staflags = get_sta_flags(sta); 61
62 int res = scnprintf(buf, sizeof(buf), "%s%s%s%s%s%s%s%s%s", 62#define TEST(flg) \
63 staflags & WLAN_STA_AUTH ? "AUTH\n" : "", 63 test_sta_flag(sta, WLAN_STA_##flg) ? #flg "\n" : ""
64 staflags & WLAN_STA_ASSOC ? "ASSOC\n" : "", 64
65 staflags & WLAN_STA_PS_STA ? "PS (sta)\n" : "", 65 int res = scnprintf(buf, sizeof(buf),
66 staflags & WLAN_STA_PS_DRIVER ? "PS (driver)\n" : "", 66 "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s",
67 staflags & WLAN_STA_AUTHORIZED ? "AUTHORIZED\n" : "", 67 TEST(AUTH), TEST(ASSOC), TEST(PS_STA),
68 staflags & WLAN_STA_SHORT_PREAMBLE ? "SHORT PREAMBLE\n" : "", 68 TEST(PS_DRIVER), TEST(AUTHORIZED),
69 staflags & WLAN_STA_WME ? "WME\n" : "", 69 TEST(SHORT_PREAMBLE), TEST(ASSOC_AP),
70 staflags & WLAN_STA_WDS ? "WDS\n" : "", 70 TEST(WME), TEST(WDS), TEST(CLEAR_PS_FILT),
71 staflags & WLAN_STA_MFP ? "MFP\n" : ""); 71 TEST(MFP), TEST(BLOCK_BA), TEST(PSPOLL),
72 TEST(UAPSD), TEST(SP), TEST(TDLS_PEER),
73 TEST(TDLS_PEER_AUTH));
74#undef TEST
72 return simple_read_from_buffer(userbuf, count, ppos, buf, res); 75 return simple_read_from_buffer(userbuf, count, ppos, buf, res);
73} 76}
74STA_OPS(flags); 77STA_OPS(flags);
@@ -78,8 +81,14 @@ static ssize_t sta_num_ps_buf_frames_read(struct file *file,
78 size_t count, loff_t *ppos) 81 size_t count, loff_t *ppos)
79{ 82{
80 struct sta_info *sta = file->private_data; 83 struct sta_info *sta = file->private_data;
81 return mac80211_format_buffer(userbuf, count, ppos, "%u\n", 84 char buf[17*IEEE80211_NUM_ACS], *p = buf;
82 skb_queue_len(&sta->ps_tx_buf)); 85 int ac;
86
87 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++)
88 p += scnprintf(p, sizeof(buf)+buf-p, "AC%d: %d\n", ac,
89 skb_queue_len(&sta->ps_tx_buf[ac]) +
90 skb_queue_len(&sta->tx_filtered[ac]));
91 return simple_read_from_buffer(userbuf, count, ppos, buf, p - buf);
83} 92}
84STA_OPS(num_ps_buf_frames); 93STA_OPS(num_ps_buf_frames);
85 94
diff --git a/net/mac80211/driver-ops.h b/net/mac80211/driver-ops.h
index 9001ff331f0a..5f165d7eb2db 100644
--- a/net/mac80211/driver-ops.h
+++ b/net/mac80211/driver-ops.h
@@ -413,50 +413,56 @@ static inline void drv_sta_remove(struct ieee80211_local *local,
413 trace_drv_return_void(local); 413 trace_drv_return_void(local);
414} 414}
415 415
416static inline int drv_conf_tx(struct ieee80211_local *local, u16 queue, 416static inline int drv_conf_tx(struct ieee80211_local *local,
417 struct ieee80211_sub_if_data *sdata, u16 queue,
417 const struct ieee80211_tx_queue_params *params) 418 const struct ieee80211_tx_queue_params *params)
418{ 419{
419 int ret = -EOPNOTSUPP; 420 int ret = -EOPNOTSUPP;
420 421
421 might_sleep(); 422 might_sleep();
422 423
423 trace_drv_conf_tx(local, queue, params); 424 trace_drv_conf_tx(local, sdata, queue, params);
424 if (local->ops->conf_tx) 425 if (local->ops->conf_tx)
425 ret = local->ops->conf_tx(&local->hw, queue, params); 426 ret = local->ops->conf_tx(&local->hw, &sdata->vif,
427 queue, params);
426 trace_drv_return_int(local, ret); 428 trace_drv_return_int(local, ret);
427 return ret; 429 return ret;
428} 430}
429 431
430static inline u64 drv_get_tsf(struct ieee80211_local *local) 432static inline u64 drv_get_tsf(struct ieee80211_local *local,
433 struct ieee80211_sub_if_data *sdata)
431{ 434{
432 u64 ret = -1ULL; 435 u64 ret = -1ULL;
433 436
434 might_sleep(); 437 might_sleep();
435 438
436 trace_drv_get_tsf(local); 439 trace_drv_get_tsf(local, sdata);
437 if (local->ops->get_tsf) 440 if (local->ops->get_tsf)
438 ret = local->ops->get_tsf(&local->hw); 441 ret = local->ops->get_tsf(&local->hw, &sdata->vif);
439 trace_drv_return_u64(local, ret); 442 trace_drv_return_u64(local, ret);
440 return ret; 443 return ret;
441} 444}
442 445
443static inline void drv_set_tsf(struct ieee80211_local *local, u64 tsf) 446static inline void drv_set_tsf(struct ieee80211_local *local,
447 struct ieee80211_sub_if_data *sdata,
448 u64 tsf)
444{ 449{
445 might_sleep(); 450 might_sleep();
446 451
447 trace_drv_set_tsf(local, tsf); 452 trace_drv_set_tsf(local, sdata, tsf);
448 if (local->ops->set_tsf) 453 if (local->ops->set_tsf)
449 local->ops->set_tsf(&local->hw, tsf); 454 local->ops->set_tsf(&local->hw, &sdata->vif, tsf);
450 trace_drv_return_void(local); 455 trace_drv_return_void(local);
451} 456}
452 457
453static inline void drv_reset_tsf(struct ieee80211_local *local) 458static inline void drv_reset_tsf(struct ieee80211_local *local,
459 struct ieee80211_sub_if_data *sdata)
454{ 460{
455 might_sleep(); 461 might_sleep();
456 462
457 trace_drv_reset_tsf(local); 463 trace_drv_reset_tsf(local, sdata);
458 if (local->ops->reset_tsf) 464 if (local->ops->reset_tsf)
459 local->ops->reset_tsf(&local->hw); 465 local->ops->reset_tsf(&local->hw, &sdata->vif);
460 trace_drv_return_void(local); 466 trace_drv_return_void(local);
461} 467}
462 468
@@ -665,4 +671,34 @@ static inline void drv_rssi_callback(struct ieee80211_local *local,
665 local->ops->rssi_callback(&local->hw, event); 671 local->ops->rssi_callback(&local->hw, event);
666 trace_drv_return_void(local); 672 trace_drv_return_void(local);
667} 673}
674
675static inline void
676drv_release_buffered_frames(struct ieee80211_local *local,
677 struct sta_info *sta, u16 tids, int num_frames,
678 enum ieee80211_frame_release_type reason,
679 bool more_data)
680{
681 trace_drv_release_buffered_frames(local, &sta->sta, tids, num_frames,
682 reason, more_data);
683 if (local->ops->release_buffered_frames)
684 local->ops->release_buffered_frames(&local->hw, &sta->sta, tids,
685 num_frames, reason,
686 more_data);
687 trace_drv_return_void(local);
688}
689
690static inline void
691drv_allow_buffered_frames(struct ieee80211_local *local,
692 struct sta_info *sta, u16 tids, int num_frames,
693 enum ieee80211_frame_release_type reason,
694 bool more_data)
695{
696 trace_drv_allow_buffered_frames(local, &sta->sta, tids, num_frames,
697 reason, more_data);
698 if (local->ops->allow_buffered_frames)
699 local->ops->allow_buffered_frames(&local->hw, &sta->sta,
700 tids, num_frames, reason,
701 more_data);
702 trace_drv_return_void(local);
703}
668#endif /* __MAC80211_DRIVER_OPS */ 704#endif /* __MAC80211_DRIVER_OPS */
diff --git a/net/mac80211/driver-trace.h b/net/mac80211/driver-trace.h
index f47b00dc7afd..2af4fca55337 100644
--- a/net/mac80211/driver-trace.h
+++ b/net/mac80211/driver-trace.h
@@ -697,64 +697,76 @@ TRACE_EVENT(drv_sta_remove,
697); 697);
698 698
699TRACE_EVENT(drv_conf_tx, 699TRACE_EVENT(drv_conf_tx,
700 TP_PROTO(struct ieee80211_local *local, u16 queue, 700 TP_PROTO(struct ieee80211_local *local,
701 struct ieee80211_sub_if_data *sdata,
702 u16 queue,
701 const struct ieee80211_tx_queue_params *params), 703 const struct ieee80211_tx_queue_params *params),
702 704
703 TP_ARGS(local, queue, params), 705 TP_ARGS(local, sdata, queue, params),
704 706
705 TP_STRUCT__entry( 707 TP_STRUCT__entry(
706 LOCAL_ENTRY 708 LOCAL_ENTRY
709 VIF_ENTRY
707 __field(u16, queue) 710 __field(u16, queue)
708 __field(u16, txop) 711 __field(u16, txop)
709 __field(u16, cw_min) 712 __field(u16, cw_min)
710 __field(u16, cw_max) 713 __field(u16, cw_max)
711 __field(u8, aifs) 714 __field(u8, aifs)
715 __field(bool, uapsd)
712 ), 716 ),
713 717
714 TP_fast_assign( 718 TP_fast_assign(
715 LOCAL_ASSIGN; 719 LOCAL_ASSIGN;
720 VIF_ASSIGN;
716 __entry->queue = queue; 721 __entry->queue = queue;
717 __entry->txop = params->txop; 722 __entry->txop = params->txop;
718 __entry->cw_max = params->cw_max; 723 __entry->cw_max = params->cw_max;
719 __entry->cw_min = params->cw_min; 724 __entry->cw_min = params->cw_min;
720 __entry->aifs = params->aifs; 725 __entry->aifs = params->aifs;
726 __entry->uapsd = params->uapsd;
721 ), 727 ),
722 728
723 TP_printk( 729 TP_printk(
724 LOCAL_PR_FMT " queue:%d", 730 LOCAL_PR_FMT VIF_PR_FMT " queue:%d",
725 LOCAL_PR_ARG, __entry->queue 731 LOCAL_PR_ARG, VIF_PR_ARG, __entry->queue
726 ) 732 )
727); 733);
728 734
729DEFINE_EVENT(local_only_evt, drv_get_tsf, 735DEFINE_EVENT(local_sdata_evt, drv_get_tsf,
730 TP_PROTO(struct ieee80211_local *local), 736 TP_PROTO(struct ieee80211_local *local,
731 TP_ARGS(local) 737 struct ieee80211_sub_if_data *sdata),
738 TP_ARGS(local, sdata)
732); 739);
733 740
734TRACE_EVENT(drv_set_tsf, 741TRACE_EVENT(drv_set_tsf,
735 TP_PROTO(struct ieee80211_local *local, u64 tsf), 742 TP_PROTO(struct ieee80211_local *local,
743 struct ieee80211_sub_if_data *sdata,
744 u64 tsf),
736 745
737 TP_ARGS(local, tsf), 746 TP_ARGS(local, sdata, tsf),
738 747
739 TP_STRUCT__entry( 748 TP_STRUCT__entry(
740 LOCAL_ENTRY 749 LOCAL_ENTRY
750 VIF_ENTRY
741 __field(u64, tsf) 751 __field(u64, tsf)
742 ), 752 ),
743 753
744 TP_fast_assign( 754 TP_fast_assign(
745 LOCAL_ASSIGN; 755 LOCAL_ASSIGN;
756 VIF_ASSIGN;
746 __entry->tsf = tsf; 757 __entry->tsf = tsf;
747 ), 758 ),
748 759
749 TP_printk( 760 TP_printk(
750 LOCAL_PR_FMT " tsf:%llu", 761 LOCAL_PR_FMT VIF_PR_FMT " tsf:%llu",
751 LOCAL_PR_ARG, (unsigned long long)__entry->tsf 762 LOCAL_PR_ARG, VIF_PR_ARG, (unsigned long long)__entry->tsf
752 ) 763 )
753); 764);
754 765
755DEFINE_EVENT(local_only_evt, drv_reset_tsf, 766DEFINE_EVENT(local_sdata_evt, drv_reset_tsf,
756 TP_PROTO(struct ieee80211_local *local), 767 TP_PROTO(struct ieee80211_local *local,
757 TP_ARGS(local) 768 struct ieee80211_sub_if_data *sdata),
769 TP_ARGS(local, sdata)
758); 770);
759 771
760DEFINE_EVENT(local_only_evt, drv_tx_last_beacon, 772DEFINE_EVENT(local_only_evt, drv_tx_last_beacon,
@@ -1117,6 +1129,61 @@ TRACE_EVENT(drv_rssi_callback,
1117 ) 1129 )
1118); 1130);
1119 1131
1132DECLARE_EVENT_CLASS(release_evt,
1133 TP_PROTO(struct ieee80211_local *local,
1134 struct ieee80211_sta *sta,
1135 u16 tids, int num_frames,
1136 enum ieee80211_frame_release_type reason,
1137 bool more_data),
1138
1139 TP_ARGS(local, sta, tids, num_frames, reason, more_data),
1140
1141 TP_STRUCT__entry(
1142 LOCAL_ENTRY
1143 STA_ENTRY
1144 __field(u16, tids)
1145 __field(int, num_frames)
1146 __field(int, reason)
1147 __field(bool, more_data)
1148 ),
1149
1150 TP_fast_assign(
1151 LOCAL_ASSIGN;
1152 STA_ASSIGN;
1153 __entry->tids = tids;
1154 __entry->num_frames = num_frames;
1155 __entry->reason = reason;
1156 __entry->more_data = more_data;
1157 ),
1158
1159 TP_printk(
1160 LOCAL_PR_FMT STA_PR_FMT
1161 " TIDs:0x%.4x frames:%d reason:%d more:%d",
1162 LOCAL_PR_ARG, STA_PR_ARG, __entry->tids, __entry->num_frames,
1163 __entry->reason, __entry->more_data
1164 )
1165);
1166
1167DEFINE_EVENT(release_evt, drv_release_buffered_frames,
1168 TP_PROTO(struct ieee80211_local *local,
1169 struct ieee80211_sta *sta,
1170 u16 tids, int num_frames,
1171 enum ieee80211_frame_release_type reason,
1172 bool more_data),
1173
1174 TP_ARGS(local, sta, tids, num_frames, reason, more_data)
1175);
1176
1177DEFINE_EVENT(release_evt, drv_allow_buffered_frames,
1178 TP_PROTO(struct ieee80211_local *local,
1179 struct ieee80211_sta *sta,
1180 u16 tids, int num_frames,
1181 enum ieee80211_frame_release_type reason,
1182 bool more_data),
1183
1184 TP_ARGS(local, sta, tids, num_frames, reason, more_data)
1185);
1186
1120/* 1187/*
1121 * Tracing for API calls that drivers call. 1188 * Tracing for API calls that drivers call.
1122 */ 1189 */
@@ -1431,6 +1498,28 @@ TRACE_EVENT(api_enable_rssi_reports,
1431 ) 1498 )
1432); 1499);
1433 1500
1501TRACE_EVENT(api_eosp,
1502 TP_PROTO(struct ieee80211_local *local,
1503 struct ieee80211_sta *sta),
1504
1505 TP_ARGS(local, sta),
1506
1507 TP_STRUCT__entry(
1508 LOCAL_ENTRY
1509 STA_ENTRY
1510 ),
1511
1512 TP_fast_assign(
1513 LOCAL_ASSIGN;
1514 STA_ASSIGN;
1515 ),
1516
1517 TP_printk(
1518 LOCAL_PR_FMT STA_PR_FMT,
1519 LOCAL_PR_ARG, STA_PR_FMT
1520 )
1521);
1522
1434/* 1523/*
1435 * Tracing for internal functions 1524 * Tracing for internal functions
1436 * (which may also be called in response to driver calls) 1525 * (which may also be called in response to driver calls)
diff --git a/net/mac80211/ht.c b/net/mac80211/ht.c
index 2b9b52c69569..988c7ec0898c 100644
--- a/net/mac80211/ht.c
+++ b/net/mac80211/ht.c
@@ -130,7 +130,7 @@ void ieee80211_ba_session_work(struct work_struct *work)
130 * down by the code that set the flag, so this 130 * down by the code that set the flag, so this
131 * need not run. 131 * need not run.
132 */ 132 */
133 if (test_sta_flags(sta, WLAN_STA_BLOCK_BA)) 133 if (test_sta_flag(sta, WLAN_STA_BLOCK_BA))
134 return; 134 return;
135 135
136 mutex_lock(&sta->ampdu_mlme.mtx); 136 mutex_lock(&sta->ampdu_mlme.mtx);
@@ -195,7 +195,8 @@ void ieee80211_send_delba(struct ieee80211_sub_if_data *sdata,
195 memcpy(mgmt->da, da, ETH_ALEN); 195 memcpy(mgmt->da, da, ETH_ALEN);
196 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 196 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
197 if (sdata->vif.type == NL80211_IFTYPE_AP || 197 if (sdata->vif.type == NL80211_IFTYPE_AP ||
198 sdata->vif.type == NL80211_IFTYPE_AP_VLAN) 198 sdata->vif.type == NL80211_IFTYPE_AP_VLAN ||
199 sdata->vif.type == NL80211_IFTYPE_MESH_POINT)
199 memcpy(mgmt->bssid, sdata->vif.addr, ETH_ALEN); 200 memcpy(mgmt->bssid, sdata->vif.addr, ETH_ALEN);
200 else if (sdata->vif.type == NL80211_IFTYPE_STATION) 201 else if (sdata->vif.type == NL80211_IFTYPE_STATION)
201 memcpy(mgmt->bssid, sdata->u.mgd.bssid, ETH_ALEN); 202 memcpy(mgmt->bssid, sdata->u.mgd.bssid, ETH_ALEN);
diff --git a/net/mac80211/ibss.c b/net/mac80211/ibss.c
index 836b2752ecd6..ede9a8b341ac 100644
--- a/net/mac80211/ibss.c
+++ b/net/mac80211/ibss.c
@@ -81,10 +81,10 @@ static void __ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata,
81 lockdep_assert_held(&ifibss->mtx); 81 lockdep_assert_held(&ifibss->mtx);
82 82
83 /* Reset own TSF to allow time synchronization work. */ 83 /* Reset own TSF to allow time synchronization work. */
84 drv_reset_tsf(local); 84 drv_reset_tsf(local, sdata);
85 85
86 skb = ifibss->skb; 86 skb = ifibss->skb;
87 rcu_assign_pointer(ifibss->presp, NULL); 87 RCU_INIT_POINTER(ifibss->presp, NULL);
88 synchronize_rcu(); 88 synchronize_rcu();
89 skb->data = skb->head; 89 skb->data = skb->head;
90 skb->len = 0; 90 skb->len = 0;
@@ -184,7 +184,7 @@ static void __ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata,
184 *pos++ = 0; /* U-APSD no in use */ 184 *pos++ = 0; /* U-APSD no in use */
185 } 185 }
186 186
187 rcu_assign_pointer(ifibss->presp, skb); 187 RCU_INIT_POINTER(ifibss->presp, skb);
188 188
189 sdata->vif.bss_conf.beacon_int = beacon_int; 189 sdata->vif.bss_conf.beacon_int = beacon_int;
190 sdata->vif.bss_conf.basic_rates = basic_rates; 190 sdata->vif.bss_conf.basic_rates = basic_rates;
@@ -314,7 +314,7 @@ static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
314 } 314 }
315 315
316 if (sta && elems->wmm_info) 316 if (sta && elems->wmm_info)
317 set_sta_flags(sta, WLAN_STA_WME); 317 set_sta_flag(sta, WLAN_STA_WME);
318 318
319 rcu_read_unlock(); 319 rcu_read_unlock();
320 } 320 }
@@ -382,7 +382,7 @@ static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
382 * second best option: get current TSF 382 * second best option: get current TSF
383 * (will return -1 if not supported) 383 * (will return -1 if not supported)
384 */ 384 */
385 rx_timestamp = drv_get_tsf(local); 385 rx_timestamp = drv_get_tsf(local, sdata);
386 } 386 }
387 387
388#ifdef CONFIG_MAC80211_IBSS_DEBUG 388#ifdef CONFIG_MAC80211_IBSS_DEBUG
@@ -452,7 +452,7 @@ struct sta_info *ieee80211_ibss_add_sta(struct ieee80211_sub_if_data *sdata,
452 return NULL; 452 return NULL;
453 453
454 sta->last_rx = jiffies; 454 sta->last_rx = jiffies;
455 set_sta_flags(sta, WLAN_STA_AUTHORIZED); 455 set_sta_flag(sta, WLAN_STA_AUTHORIZED);
456 456
457 /* make sure mandatory rates are always added */ 457 /* make sure mandatory rates are always added */
458 sta->sta.supp_rates[band] = supp_rates | 458 sta->sta.supp_rates[band] = supp_rates |
@@ -995,7 +995,7 @@ int ieee80211_ibss_leave(struct ieee80211_sub_if_data *sdata)
995 kfree(sdata->u.ibss.ie); 995 kfree(sdata->u.ibss.ie);
996 skb = rcu_dereference_protected(sdata->u.ibss.presp, 996 skb = rcu_dereference_protected(sdata->u.ibss.presp,
997 lockdep_is_held(&sdata->u.ibss.mtx)); 997 lockdep_is_held(&sdata->u.ibss.mtx));
998 rcu_assign_pointer(sdata->u.ibss.presp, NULL); 998 RCU_INIT_POINTER(sdata->u.ibss.presp, NULL);
999 sdata->vif.bss_conf.ibss_joined = false; 999 sdata->vif.bss_conf.ibss_joined = false;
1000 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON_ENABLED | 1000 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON_ENABLED |
1001 BSS_CHANGED_IBSS); 1001 BSS_CHANGED_IBSS);
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index 21186e280ceb..e2447096c94a 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -136,7 +136,6 @@ typedef unsigned __bitwise__ ieee80211_tx_result;
136#define TX_DROP ((__force ieee80211_tx_result) 1u) 136#define TX_DROP ((__force ieee80211_tx_result) 1u)
137#define TX_QUEUED ((__force ieee80211_tx_result) 2u) 137#define TX_QUEUED ((__force ieee80211_tx_result) 2u)
138 138
139#define IEEE80211_TX_FRAGMENTED BIT(0)
140#define IEEE80211_TX_UNICAST BIT(1) 139#define IEEE80211_TX_UNICAST BIT(1)
141#define IEEE80211_TX_PS_BUFFERED BIT(2) 140#define IEEE80211_TX_PS_BUFFERED BIT(2)
142 141
@@ -149,7 +148,6 @@ struct ieee80211_tx_data {
149 148
150 struct ieee80211_channel *channel; 149 struct ieee80211_channel *channel;
151 150
152 u16 ethertype;
153 unsigned int flags; 151 unsigned int flags;
154}; 152};
155 153
@@ -346,6 +344,7 @@ struct ieee80211_work {
346 struct { 344 struct {
347 struct sk_buff *frame; 345 struct sk_buff *frame;
348 u32 wait; 346 u32 wait;
347 bool status;
349 } offchan_tx; 348 } offchan_tx;
350 }; 349 };
351 350
@@ -390,6 +389,7 @@ struct ieee80211_if_managed {
390 389
391 unsigned long timers_running; /* used for quiesce/restart */ 390 unsigned long timers_running; /* used for quiesce/restart */
392 bool powersave; /* powersave requested for this iface */ 391 bool powersave; /* powersave requested for this iface */
392 bool broken_ap; /* AP is broken -- turn off powersave */
393 enum ieee80211_smps_mode req_smps, /* requested smps mode */ 393 enum ieee80211_smps_mode req_smps, /* requested smps mode */
394 ap_smps, /* smps mode AP thinks we're in */ 394 ap_smps, /* smps mode AP thinks we're in */
395 driver_smps_mode; /* smps mode request */ 395 driver_smps_mode; /* smps mode request */
@@ -609,6 +609,8 @@ struct ieee80211_sub_if_data {
609 __be16 control_port_protocol; 609 __be16 control_port_protocol;
610 bool control_port_no_encrypt; 610 bool control_port_no_encrypt;
611 611
612 struct ieee80211_tx_queue_params tx_conf[IEEE80211_MAX_QUEUES];
613
612 struct work_struct work; 614 struct work_struct work;
613 struct sk_buff_head skb_queue; 615 struct sk_buff_head skb_queue;
614 616
@@ -662,6 +664,11 @@ enum sdata_queue_type {
662enum { 664enum {
663 IEEE80211_RX_MSG = 1, 665 IEEE80211_RX_MSG = 1,
664 IEEE80211_TX_STATUS_MSG = 2, 666 IEEE80211_TX_STATUS_MSG = 2,
667 IEEE80211_EOSP_MSG = 3,
668};
669
670struct skb_eosp_msg_data {
671 u8 sta[ETH_ALEN], iface[ETH_ALEN];
665}; 672};
666 673
667enum queue_stop_reason { 674enum queue_stop_reason {
@@ -751,7 +758,6 @@ struct ieee80211_local {
751 struct workqueue_struct *workqueue; 758 struct workqueue_struct *workqueue;
752 759
753 unsigned long queue_stop_reasons[IEEE80211_MAX_QUEUES]; 760 unsigned long queue_stop_reasons[IEEE80211_MAX_QUEUES];
754 struct ieee80211_tx_queue_params tx_conf[IEEE80211_MAX_QUEUES];
755 /* also used to protect ampdu_ac_queue and amdpu_ac_stop_refcnt */ 761 /* also used to protect ampdu_ac_queue and amdpu_ac_stop_refcnt */
756 spinlock_t queue_stop_reason_lock; 762 spinlock_t queue_stop_reason_lock;
757 763
@@ -1172,18 +1178,6 @@ netdev_tx_t ieee80211_monitor_start_xmit(struct sk_buff *skb,
1172netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb, 1178netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb,
1173 struct net_device *dev); 1179 struct net_device *dev);
1174 1180
1175/*
1176 * radiotap header for status frames
1177 */
1178struct ieee80211_tx_status_rtap_hdr {
1179 struct ieee80211_radiotap_header hdr;
1180 u8 rate;
1181 u8 padding_for_rate;
1182 __le16 tx_flags;
1183 u8 data_retries;
1184} __packed;
1185
1186
1187/* HT */ 1181/* HT */
1188void ieee80211_ht_cap_ie_to_sta_ht_cap(struct ieee80211_supported_band *sband, 1182void ieee80211_ht_cap_ie_to_sta_ht_cap(struct ieee80211_supported_band *sband,
1189 struct ieee80211_ht_cap *ht_cap_ie, 1183 struct ieee80211_ht_cap *ht_cap_ie,
@@ -1271,6 +1265,7 @@ void mac80211_ev_michael_mic_failure(struct ieee80211_sub_if_data *sdata, int ke
1271 struct ieee80211_hdr *hdr, const u8 *tsc, 1265 struct ieee80211_hdr *hdr, const u8 *tsc,
1272 gfp_t gfp); 1266 gfp_t gfp);
1273void ieee80211_set_wmm_default(struct ieee80211_sub_if_data *sdata); 1267void ieee80211_set_wmm_default(struct ieee80211_sub_if_data *sdata);
1268void ieee80211_xmit(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb);
1274void ieee80211_tx_skb(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb); 1269void ieee80211_tx_skb(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb);
1275void ieee802_11_parse_elems(u8 *start, size_t len, 1270void ieee802_11_parse_elems(u8 *start, size_t len,
1276 struct ieee802_11_elems *elems); 1271 struct ieee802_11_elems *elems);
@@ -1302,11 +1297,11 @@ void ieee80211_stop_queue_by_reason(struct ieee80211_hw *hw, int queue,
1302 enum queue_stop_reason reason); 1297 enum queue_stop_reason reason);
1303void ieee80211_add_pending_skb(struct ieee80211_local *local, 1298void ieee80211_add_pending_skb(struct ieee80211_local *local,
1304 struct sk_buff *skb); 1299 struct sk_buff *skb);
1305int ieee80211_add_pending_skbs(struct ieee80211_local *local, 1300void ieee80211_add_pending_skbs(struct ieee80211_local *local,
1306 struct sk_buff_head *skbs); 1301 struct sk_buff_head *skbs);
1307int ieee80211_add_pending_skbs_fn(struct ieee80211_local *local, 1302void ieee80211_add_pending_skbs_fn(struct ieee80211_local *local,
1308 struct sk_buff_head *skbs, 1303 struct sk_buff_head *skbs,
1309 void (*fn)(void *data), void *data); 1304 void (*fn)(void *data), void *data);
1310 1305
1311void ieee80211_send_auth(struct ieee80211_sub_if_data *sdata, 1306void ieee80211_send_auth(struct ieee80211_sub_if_data *sdata,
1312 u16 transaction, u16 auth_alg, 1307 u16 transaction, u16 auth_alg,
@@ -1324,7 +1319,7 @@ struct sk_buff *ieee80211_build_probe_req(struct ieee80211_sub_if_data *sdata,
1324void ieee80211_send_probe_req(struct ieee80211_sub_if_data *sdata, u8 *dst, 1319void ieee80211_send_probe_req(struct ieee80211_sub_if_data *sdata, u8 *dst,
1325 const u8 *ssid, size_t ssid_len, 1320 const u8 *ssid, size_t ssid_len,
1326 const u8 *ie, size_t ie_len, 1321 const u8 *ie, size_t ie_len,
1327 u32 ratemask, bool directed); 1322 u32 ratemask, bool directed, bool no_cck);
1328 1323
1329void ieee80211_sta_def_wmm_params(struct ieee80211_sub_if_data *sdata, 1324void ieee80211_sta_def_wmm_params(struct ieee80211_sub_if_data *sdata,
1330 const size_t supp_rates_len, 1325 const size_t supp_rates_len,
@@ -1339,6 +1334,12 @@ void ieee80211_recalc_smps(struct ieee80211_local *local);
1339size_t ieee80211_ie_split(const u8 *ies, size_t ielen, 1334size_t ieee80211_ie_split(const u8 *ies, size_t ielen,
1340 const u8 *ids, int n_ids, size_t offset); 1335 const u8 *ids, int n_ids, size_t offset);
1341size_t ieee80211_ie_split_vendor(const u8 *ies, size_t ielen, size_t offset); 1336size_t ieee80211_ie_split_vendor(const u8 *ies, size_t ielen, size_t offset);
1337u8 *ieee80211_ie_build_ht_cap(u8 *pos, struct ieee80211_supported_band *sband,
1338 u16 cap);
1339u8 *ieee80211_ie_build_ht_info(u8 *pos,
1340 struct ieee80211_sta_ht_cap *ht_cap,
1341 struct ieee80211_channel *channel,
1342 enum nl80211_channel_type channel_type);
1342 1343
1343/* internal work items */ 1344/* internal work items */
1344void ieee80211_work_init(struct ieee80211_local *local); 1345void ieee80211_work_init(struct ieee80211_local *local);
@@ -1367,6 +1368,8 @@ ieee80211_get_channel_mode(struct ieee80211_local *local,
1367bool ieee80211_set_channel_type(struct ieee80211_local *local, 1368bool ieee80211_set_channel_type(struct ieee80211_local *local,
1368 struct ieee80211_sub_if_data *sdata, 1369 struct ieee80211_sub_if_data *sdata,
1369 enum nl80211_channel_type chantype); 1370 enum nl80211_channel_type chantype);
1371enum nl80211_channel_type
1372ieee80211_ht_info_to_channel_type(struct ieee80211_ht_info *ht_info);
1370 1373
1371#ifdef CONFIG_MAC80211_NOINLINE 1374#ifdef CONFIG_MAC80211_NOINLINE
1372#define debug_noinline noinline 1375#define debug_noinline noinline
diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
index eaa80a3d412b..33a974663f79 100644
--- a/net/mac80211/iface.c
+++ b/net/mac80211/iface.c
@@ -286,6 +286,13 @@ static int ieee80211_do_open(struct net_device *dev, bool coming_up)
286 netif_carrier_off(dev); 286 netif_carrier_off(dev);
287 else 287 else
288 netif_carrier_on(dev); 288 netif_carrier_on(dev);
289
290 /*
291 * set default queue parameters so drivers don't
292 * need to initialise the hardware if the hardware
293 * doesn't start up with sane defaults
294 */
295 ieee80211_set_wmm_default(sdata);
289 } 296 }
290 297
291 set_bit(SDATA_STATE_RUNNING, &sdata->state); 298 set_bit(SDATA_STATE_RUNNING, &sdata->state);
@@ -299,8 +306,8 @@ static int ieee80211_do_open(struct net_device *dev, bool coming_up)
299 goto err_del_interface; 306 goto err_del_interface;
300 } 307 }
301 308
302 /* no locking required since STA is not live yet */ 309 /* no atomic bitop required since STA is not live yet */
303 sta->flags |= WLAN_STA_AUTHORIZED; 310 set_sta_flag(sta, WLAN_STA_AUTHORIZED);
304 311
305 res = sta_info_insert(sta); 312 res = sta_info_insert(sta);
306 if (res) { 313 if (res) {
@@ -329,15 +336,8 @@ static int ieee80211_do_open(struct net_device *dev, bool coming_up)
329 if (coming_up) 336 if (coming_up)
330 local->open_count++; 337 local->open_count++;
331 338
332 if (hw_reconf_flags) { 339 if (hw_reconf_flags)
333 ieee80211_hw_config(local, hw_reconf_flags); 340 ieee80211_hw_config(local, hw_reconf_flags);
334 /*
335 * set default queue parameters so drivers don't
336 * need to initialise the hardware if the hardware
337 * doesn't start up with sane defaults
338 */
339 ieee80211_set_wmm_default(sdata);
340 }
341 341
342 ieee80211_recalc_ps(local, -1); 342 ieee80211_recalc_ps(local, -1);
343 343
@@ -456,21 +456,19 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
456 BSS_CHANGED_BEACON_ENABLED); 456 BSS_CHANGED_BEACON_ENABLED);
457 457
458 /* remove beacon */ 458 /* remove beacon */
459 rcu_assign_pointer(sdata->u.ap.beacon, NULL); 459 RCU_INIT_POINTER(sdata->u.ap.beacon, NULL);
460 synchronize_rcu(); 460 synchronize_rcu();
461 kfree(old_beacon); 461 kfree(old_beacon);
462 462
463 /* free all potentially still buffered bcast frames */
464 while ((skb = skb_dequeue(&sdata->u.ap.ps_bc_buf))) {
465 local->total_ps_buffered--;
466 dev_kfree_skb(skb);
467 }
468
469 /* down all dependent devices, that is VLANs */ 463 /* down all dependent devices, that is VLANs */
470 list_for_each_entry_safe(vlan, tmpsdata, &sdata->u.ap.vlans, 464 list_for_each_entry_safe(vlan, tmpsdata, &sdata->u.ap.vlans,
471 u.vlan.list) 465 u.vlan.list)
472 dev_close(vlan->dev); 466 dev_close(vlan->dev);
473 WARN_ON(!list_empty(&sdata->u.ap.vlans)); 467 WARN_ON(!list_empty(&sdata->u.ap.vlans));
468
469 /* free all potentially still buffered bcast frames */
470 local->total_ps_buffered -= skb_queue_len(&sdata->u.ap.ps_bc_buf);
471 skb_queue_purge(&sdata->u.ap.ps_bc_buf);
474 } 472 }
475 473
476 if (going_down) 474 if (going_down)
@@ -645,7 +643,7 @@ static const struct net_device_ops ieee80211_dataif_ops = {
645 .ndo_stop = ieee80211_stop, 643 .ndo_stop = ieee80211_stop,
646 .ndo_uninit = ieee80211_teardown_sdata, 644 .ndo_uninit = ieee80211_teardown_sdata,
647 .ndo_start_xmit = ieee80211_subif_start_xmit, 645 .ndo_start_xmit = ieee80211_subif_start_xmit,
648 .ndo_set_multicast_list = ieee80211_set_multicast_list, 646 .ndo_set_rx_mode = ieee80211_set_multicast_list,
649 .ndo_change_mtu = ieee80211_change_mtu, 647 .ndo_change_mtu = ieee80211_change_mtu,
650 .ndo_set_mac_address = ieee80211_change_mac, 648 .ndo_set_mac_address = ieee80211_change_mac,
651 .ndo_select_queue = ieee80211_netdev_select_queue, 649 .ndo_select_queue = ieee80211_netdev_select_queue,
@@ -689,7 +687,7 @@ static const struct net_device_ops ieee80211_monitorif_ops = {
689 .ndo_stop = ieee80211_stop, 687 .ndo_stop = ieee80211_stop,
690 .ndo_uninit = ieee80211_teardown_sdata, 688 .ndo_uninit = ieee80211_teardown_sdata,
691 .ndo_start_xmit = ieee80211_monitor_start_xmit, 689 .ndo_start_xmit = ieee80211_monitor_start_xmit,
692 .ndo_set_multicast_list = ieee80211_set_multicast_list, 690 .ndo_set_rx_mode = ieee80211_set_multicast_list,
693 .ndo_change_mtu = ieee80211_change_mtu, 691 .ndo_change_mtu = ieee80211_change_mtu,
694 .ndo_set_mac_address = eth_mac_addr, 692 .ndo_set_mac_address = eth_mac_addr,
695 .ndo_select_queue = ieee80211_monitor_select_queue, 693 .ndo_select_queue = ieee80211_monitor_select_queue,
diff --git a/net/mac80211/key.c b/net/mac80211/key.c
index 5150c6d11b57..17a5220ed450 100644
--- a/net/mac80211/key.c
+++ b/net/mac80211/key.c
@@ -133,9 +133,13 @@ static int ieee80211_key_enable_hw_accel(struct ieee80211_key *key)
133 key->flags |= KEY_FLAG_UPLOADED_TO_HARDWARE; 133 key->flags |= KEY_FLAG_UPLOADED_TO_HARDWARE;
134 134
135 if (!((key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC) || 135 if (!((key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC) ||
136 (key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV))) 136 (key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV) ||
137 (key->conf.flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE)))
137 sdata->crypto_tx_tailroom_needed_cnt--; 138 sdata->crypto_tx_tailroom_needed_cnt--;
138 139
140 WARN_ON((key->conf.flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE) &&
141 (key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV));
142
139 return 0; 143 return 0;
140 } 144 }
141 145
@@ -178,7 +182,8 @@ static void ieee80211_key_disable_hw_accel(struct ieee80211_key *key)
178 sdata = key->sdata; 182 sdata = key->sdata;
179 183
180 if (!((key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC) || 184 if (!((key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC) ||
181 (key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV))) 185 (key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV) ||
186 (key->conf.flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE)))
182 increment_tailroom_need_count(sdata); 187 increment_tailroom_need_count(sdata);
183 188
184 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) 189 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
@@ -464,7 +469,7 @@ int ieee80211_key_link(struct ieee80211_key *key,
464 * some hardware cannot handle TKIP with QoS, so 469 * some hardware cannot handle TKIP with QoS, so
465 * we indicate whether QoS could be in use. 470 * we indicate whether QoS could be in use.
466 */ 471 */
467 if (test_sta_flags(sta, WLAN_STA_WME)) 472 if (test_sta_flag(sta, WLAN_STA_WME))
468 key->conf.flags |= IEEE80211_KEY_FLAG_WMM_STA; 473 key->conf.flags |= IEEE80211_KEY_FLAG_WMM_STA;
469 } else { 474 } else {
470 if (sdata->vif.type == NL80211_IFTYPE_STATION) { 475 if (sdata->vif.type == NL80211_IFTYPE_STATION) {
@@ -478,7 +483,7 @@ int ieee80211_key_link(struct ieee80211_key *key,
478 /* same here, the AP could be using QoS */ 483 /* same here, the AP could be using QoS */
479 ap = sta_info_get(key->sdata, key->sdata->u.mgd.bssid); 484 ap = sta_info_get(key->sdata, key->sdata->u.mgd.bssid);
480 if (ap) { 485 if (ap) {
481 if (test_sta_flags(ap, WLAN_STA_WME)) 486 if (test_sta_flag(ap, WLAN_STA_WME))
482 key->conf.flags |= 487 key->conf.flags |=
483 IEEE80211_KEY_FLAG_WMM_STA; 488 IEEE80211_KEY_FLAG_WMM_STA;
484 } 489 }
diff --git a/net/mac80211/main.c b/net/mac80211/main.c
index a5809a1a6239..d999bf3b84e1 100644
--- a/net/mac80211/main.c
+++ b/net/mac80211/main.c
@@ -19,7 +19,7 @@
19#include <linux/if_arp.h> 19#include <linux/if_arp.h>
20#include <linux/rtnetlink.h> 20#include <linux/rtnetlink.h>
21#include <linux/bitmap.h> 21#include <linux/bitmap.h>
22#include <linux/pm_qos_params.h> 22#include <linux/pm_qos.h>
23#include <linux/inetdevice.h> 23#include <linux/inetdevice.h>
24#include <net/net_namespace.h> 24#include <net/net_namespace.h>
25#include <net/cfg80211.h> 25#include <net/cfg80211.h>
@@ -325,6 +325,8 @@ u32 ieee80211_reset_erp_info(struct ieee80211_sub_if_data *sdata)
325static void ieee80211_tasklet_handler(unsigned long data) 325static void ieee80211_tasklet_handler(unsigned long data)
326{ 326{
327 struct ieee80211_local *local = (struct ieee80211_local *) data; 327 struct ieee80211_local *local = (struct ieee80211_local *) data;
328 struct sta_info *sta, *tmp;
329 struct skb_eosp_msg_data *eosp_data;
328 struct sk_buff *skb; 330 struct sk_buff *skb;
329 331
330 while ((skb = skb_dequeue(&local->skb_queue)) || 332 while ((skb = skb_dequeue(&local->skb_queue)) ||
@@ -340,6 +342,18 @@ static void ieee80211_tasklet_handler(unsigned long data)
340 skb->pkt_type = 0; 342 skb->pkt_type = 0;
341 ieee80211_tx_status(local_to_hw(local), skb); 343 ieee80211_tx_status(local_to_hw(local), skb);
342 break; 344 break;
345 case IEEE80211_EOSP_MSG:
346 eosp_data = (void *)skb->cb;
347 for_each_sta_info(local, eosp_data->sta, sta, tmp) {
348 /* skip wrong virtual interface */
349 if (memcmp(eosp_data->iface,
350 sta->sdata->vif.addr, ETH_ALEN))
351 continue;
352 clear_sta_flag(sta, WLAN_STA_SP);
353 break;
354 }
355 dev_kfree_skb(skb);
356 break;
343 default: 357 default:
344 WARN(1, "mac80211: Packet is of unknown type %d\n", 358 WARN(1, "mac80211: Packet is of unknown type %d\n",
345 skb->pkt_type); 359 skb->pkt_type);
@@ -863,6 +877,10 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
863 if (local->ops->sched_scan_start) 877 if (local->ops->sched_scan_start)
864 local->hw.wiphy->flags |= WIPHY_FLAG_SUPPORTS_SCHED_SCAN; 878 local->hw.wiphy->flags |= WIPHY_FLAG_SUPPORTS_SCHED_SCAN;
865 879
880 /* mac80211 based drivers don't support internal TDLS setup */
881 if (local->hw.wiphy->flags & WIPHY_FLAG_SUPPORTS_TDLS)
882 local->hw.wiphy->flags |= WIPHY_FLAG_TDLS_EXTERNAL_SETUP;
883
866 result = wiphy_register(local->hw.wiphy); 884 result = wiphy_register(local->hw.wiphy);
867 if (result < 0) 885 if (result < 0)
868 goto fail_wiphy_register; 886 goto fail_wiphy_register;
@@ -886,12 +904,8 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
886 * and we need some headroom for passing the frame to monitor 904 * and we need some headroom for passing the frame to monitor
887 * interfaces, but never both at the same time. 905 * interfaces, but never both at the same time.
888 */ 906 */
889#ifndef __CHECKER__
890 BUILD_BUG_ON(IEEE80211_TX_STATUS_HEADROOM !=
891 sizeof(struct ieee80211_tx_status_rtap_hdr));
892#endif
893 local->tx_headroom = max_t(unsigned int , local->hw.extra_tx_headroom, 907 local->tx_headroom = max_t(unsigned int , local->hw.extra_tx_headroom,
894 sizeof(struct ieee80211_tx_status_rtap_hdr)); 908 IEEE80211_TX_STATUS_HEADROOM);
895 909
896 debugfs_hw_add(local); 910 debugfs_hw_add(local);
897 911
diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c
index a4225ae69681..b3a125f60347 100644
--- a/net/mac80211/mesh.c
+++ b/net/mac80211/mesh.c
@@ -76,6 +76,7 @@ static void ieee80211_mesh_housekeeping_timer(unsigned long data)
76bool mesh_matches_local(struct ieee802_11_elems *ie, struct ieee80211_sub_if_data *sdata) 76bool mesh_matches_local(struct ieee802_11_elems *ie, struct ieee80211_sub_if_data *sdata)
77{ 77{
78 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh; 78 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
79 struct ieee80211_local *local = sdata->local;
79 80
80 /* 81 /*
81 * As support for each feature is added, check for matching 82 * As support for each feature is added, check for matching
@@ -87,15 +88,23 @@ bool mesh_matches_local(struct ieee802_11_elems *ie, struct ieee80211_sub_if_dat
87 * - MDA enabled 88 * - MDA enabled
88 * - Power management control on fc 89 * - Power management control on fc
89 */ 90 */
90 if (ifmsh->mesh_id_len == ie->mesh_id_len && 91 if (!(ifmsh->mesh_id_len == ie->mesh_id_len &&
91 memcmp(ifmsh->mesh_id, ie->mesh_id, ie->mesh_id_len) == 0 && 92 memcmp(ifmsh->mesh_id, ie->mesh_id, ie->mesh_id_len) == 0 &&
92 (ifmsh->mesh_pp_id == ie->mesh_config->meshconf_psel) && 93 (ifmsh->mesh_pp_id == ie->mesh_config->meshconf_psel) &&
93 (ifmsh->mesh_pm_id == ie->mesh_config->meshconf_pmetric) && 94 (ifmsh->mesh_pm_id == ie->mesh_config->meshconf_pmetric) &&
94 (ifmsh->mesh_cc_id == ie->mesh_config->meshconf_congest) && 95 (ifmsh->mesh_cc_id == ie->mesh_config->meshconf_congest) &&
95 (ifmsh->mesh_sp_id == ie->mesh_config->meshconf_synch) && 96 (ifmsh->mesh_sp_id == ie->mesh_config->meshconf_synch) &&
96 (ifmsh->mesh_auth_id == ie->mesh_config->meshconf_auth)) 97 (ifmsh->mesh_auth_id == ie->mesh_config->meshconf_auth)))
97 return true; 98 goto mismatch;
98 99
100 /* disallow peering with mismatched channel types for now */
101 if (ie->ht_info_elem &&
102 (local->_oper_channel_type !=
103 ieee80211_ht_info_to_channel_type(ie->ht_info_elem)))
104 goto mismatch;
105
106 return true;
107mismatch:
99 return false; 108 return false;
100} 109}
101 110
@@ -320,85 +329,70 @@ mesh_add_rsn_ie(struct sk_buff *skb, struct ieee80211_sub_if_data *sdata)
320 return 0; 329 return 0;
321} 330}
322 331
323int 332int mesh_add_ds_params_ie(struct sk_buff *skb,
324mesh_add_srates_ie(struct sk_buff *skb, struct ieee80211_sub_if_data *sdata) 333 struct ieee80211_sub_if_data *sdata)
325{ 334{
326 struct ieee80211_local *local = sdata->local; 335 struct ieee80211_local *local = sdata->local;
327 struct ieee80211_supported_band *sband; 336 struct ieee80211_supported_band *sband;
328 int rate; 337 u8 *pos;
329 u8 i, rates, *pos;
330
331 sband = local->hw.wiphy->bands[local->hw.conf.channel->band];
332 rates = sband->n_bitrates;
333 if (rates > 8)
334 rates = 8;
335 338
336 if (skb_tailroom(skb) < rates + 2) 339 if (skb_tailroom(skb) < 3)
337 return -ENOMEM; 340 return -ENOMEM;
338 341
339 pos = skb_put(skb, rates + 2); 342 sband = local->hw.wiphy->bands[local->hw.conf.channel->band];
340 *pos++ = WLAN_EID_SUPP_RATES; 343 if (sband->band == IEEE80211_BAND_2GHZ) {
341 *pos++ = rates; 344 pos = skb_put(skb, 2 + 1);
342 for (i = 0; i < rates; i++) { 345 *pos++ = WLAN_EID_DS_PARAMS;
343 rate = sband->bitrates[i].bitrate; 346 *pos++ = 1;
344 *pos++ = (u8) (rate / 5); 347 *pos++ = ieee80211_frequency_to_channel(local->hw.conf.channel->center_freq);
345 } 348 }
346 349
347 return 0; 350 return 0;
348} 351}
349 352
350int 353int mesh_add_ht_cap_ie(struct sk_buff *skb,
351mesh_add_ext_srates_ie(struct sk_buff *skb,
352 struct ieee80211_sub_if_data *sdata) 354 struct ieee80211_sub_if_data *sdata)
353{ 355{
354 struct ieee80211_local *local = sdata->local; 356 struct ieee80211_local *local = sdata->local;
355 struct ieee80211_supported_band *sband; 357 struct ieee80211_supported_band *sband;
356 int rate; 358 u8 *pos;
357 u8 i, exrates, *pos;
358 359
359 sband = local->hw.wiphy->bands[local->hw.conf.channel->band]; 360 sband = local->hw.wiphy->bands[local->oper_channel->band];
360 exrates = sband->n_bitrates; 361 if (!sband->ht_cap.ht_supported ||
361 if (exrates > 8) 362 local->_oper_channel_type == NL80211_CHAN_NO_HT)
362 exrates -= 8; 363 return 0;
363 else
364 exrates = 0;
365 364
366 if (skb_tailroom(skb) < exrates + 2) 365 if (skb_tailroom(skb) < 2 + sizeof(struct ieee80211_ht_cap))
367 return -ENOMEM; 366 return -ENOMEM;
368 367
369 if (exrates) { 368 pos = skb_put(skb, 2 + sizeof(struct ieee80211_ht_cap));
370 pos = skb_put(skb, exrates + 2); 369 ieee80211_ie_build_ht_cap(pos, sband, sband->ht_cap.cap);
371 *pos++ = WLAN_EID_EXT_SUPP_RATES; 370
372 *pos++ = exrates;
373 for (i = 8; i < sband->n_bitrates; i++) {
374 rate = sband->bitrates[i].bitrate;
375 *pos++ = (u8) (rate / 5);
376 }
377 }
378 return 0; 371 return 0;
379} 372}
380 373
381int mesh_add_ds_params_ie(struct sk_buff *skb, 374int mesh_add_ht_info_ie(struct sk_buff *skb,
382 struct ieee80211_sub_if_data *sdata) 375 struct ieee80211_sub_if_data *sdata)
383{ 376{
384 struct ieee80211_local *local = sdata->local; 377 struct ieee80211_local *local = sdata->local;
385 struct ieee80211_supported_band *sband; 378 struct ieee80211_channel *channel = local->oper_channel;
379 enum nl80211_channel_type channel_type = local->_oper_channel_type;
380 struct ieee80211_supported_band *sband =
381 local->hw.wiphy->bands[channel->band];
382 struct ieee80211_sta_ht_cap *ht_cap = &sband->ht_cap;
386 u8 *pos; 383 u8 *pos;
387 384
388 if (skb_tailroom(skb) < 3) 385 if (!ht_cap->ht_supported || channel_type == NL80211_CHAN_NO_HT)
386 return 0;
387
388 if (skb_tailroom(skb) < 2 + sizeof(struct ieee80211_ht_info))
389 return -ENOMEM; 389 return -ENOMEM;
390 390
391 sband = local->hw.wiphy->bands[local->hw.conf.channel->band]; 391 pos = skb_put(skb, 2 + sizeof(struct ieee80211_ht_info));
392 if (sband->band == IEEE80211_BAND_2GHZ) { 392 ieee80211_ie_build_ht_info(pos, ht_cap, channel, channel_type);
393 pos = skb_put(skb, 2 + 1);
394 *pos++ = WLAN_EID_DS_PARAMS;
395 *pos++ = 1;
396 *pos++ = ieee80211_frequency_to_channel(local->hw.conf.channel->center_freq);
397 }
398 393
399 return 0; 394 return 0;
400} 395}
401
402static void ieee80211_mesh_path_timer(unsigned long data) 396static void ieee80211_mesh_path_timer(unsigned long data)
403{ 397{
404 struct ieee80211_sub_if_data *sdata = 398 struct ieee80211_sub_if_data *sdata =
diff --git a/net/mac80211/mesh.h b/net/mac80211/mesh.h
index 7118e8e8855c..0f2c4e69e217 100644
--- a/net/mac80211/mesh.h
+++ b/net/mac80211/mesh.h
@@ -210,12 +210,12 @@ int mesh_add_rsn_ie(struct sk_buff *skb,
210 struct ieee80211_sub_if_data *sdata); 210 struct ieee80211_sub_if_data *sdata);
211int mesh_add_vendor_ies(struct sk_buff *skb, 211int mesh_add_vendor_ies(struct sk_buff *skb,
212 struct ieee80211_sub_if_data *sdata); 212 struct ieee80211_sub_if_data *sdata);
213int mesh_add_srates_ie(struct sk_buff *skb,
214 struct ieee80211_sub_if_data *sdata);
215int mesh_add_ext_srates_ie(struct sk_buff *skb,
216 struct ieee80211_sub_if_data *sdata);
217int mesh_add_ds_params_ie(struct sk_buff *skb, 213int mesh_add_ds_params_ie(struct sk_buff *skb,
218 struct ieee80211_sub_if_data *sdata); 214 struct ieee80211_sub_if_data *sdata);
215int mesh_add_ht_cap_ie(struct sk_buff *skb,
216 struct ieee80211_sub_if_data *sdata);
217int mesh_add_ht_info_ie(struct sk_buff *skb,
218 struct ieee80211_sub_if_data *sdata);
219void mesh_rmc_free(struct ieee80211_sub_if_data *sdata); 219void mesh_rmc_free(struct ieee80211_sub_if_data *sdata);
220int mesh_rmc_init(struct ieee80211_sub_if_data *sdata); 220int mesh_rmc_init(struct ieee80211_sub_if_data *sdata);
221void ieee80211s_init(void); 221void ieee80211s_init(void);
diff --git a/net/mac80211/mesh_hwmp.c b/net/mac80211/mesh_hwmp.c
index 6df7913d7ca4..9a1f8bbc49b8 100644
--- a/net/mac80211/mesh_hwmp.c
+++ b/net/mac80211/mesh_hwmp.c
@@ -113,20 +113,20 @@ static int mesh_path_sel_frame_tx(enum mpath_frame_type action, u8 flags,
113 struct ieee80211_sub_if_data *sdata) 113 struct ieee80211_sub_if_data *sdata)
114{ 114{
115 struct ieee80211_local *local = sdata->local; 115 struct ieee80211_local *local = sdata->local;
116 struct sk_buff *skb = dev_alloc_skb(local->hw.extra_tx_headroom + 400); 116 struct sk_buff *skb;
117 struct ieee80211_mgmt *mgmt; 117 struct ieee80211_mgmt *mgmt;
118 u8 *pos; 118 u8 *pos, ie_len;
119 int ie_len; 119 int hdr_len = offsetof(struct ieee80211_mgmt, u.action.u.mesh_action) +
120 sizeof(mgmt->u.action.u.mesh_action);
120 121
122 skb = dev_alloc_skb(local->hw.extra_tx_headroom +
123 hdr_len +
124 2 + 37); /* max HWMP IE */
121 if (!skb) 125 if (!skb)
122 return -1; 126 return -1;
123 skb_reserve(skb, local->hw.extra_tx_headroom); 127 skb_reserve(skb, local->hw.extra_tx_headroom);
124 /* 25 is the size of the common mgmt part (24) plus the size of the 128 mgmt = (struct ieee80211_mgmt *) skb_put(skb, hdr_len);
125 * common action part (1) 129 memset(mgmt, 0, hdr_len);
126 */
127 mgmt = (struct ieee80211_mgmt *)
128 skb_put(skb, 25 + sizeof(mgmt->u.action.u.mesh_action));
129 memset(mgmt, 0, 25 + sizeof(mgmt->u.action.u.mesh_action));
130 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 130 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
131 IEEE80211_STYPE_ACTION); 131 IEEE80211_STYPE_ACTION);
132 132
@@ -240,20 +240,20 @@ int mesh_path_error_tx(u8 ttl, u8 *target, __le32 target_sn,
240 struct ieee80211_sub_if_data *sdata) 240 struct ieee80211_sub_if_data *sdata)
241{ 241{
242 struct ieee80211_local *local = sdata->local; 242 struct ieee80211_local *local = sdata->local;
243 struct sk_buff *skb = dev_alloc_skb(local->hw.extra_tx_headroom + 400); 243 struct sk_buff *skb;
244 struct ieee80211_mgmt *mgmt; 244 struct ieee80211_mgmt *mgmt;
245 u8 *pos; 245 u8 *pos, ie_len;
246 int ie_len; 246 int hdr_len = offsetof(struct ieee80211_mgmt, u.action.u.mesh_action) +
247 sizeof(mgmt->u.action.u.mesh_action);
247 248
249 skb = dev_alloc_skb(local->hw.extra_tx_headroom +
250 hdr_len +
251 2 + 15 /* PERR IE */);
248 if (!skb) 252 if (!skb)
249 return -1; 253 return -1;
250 skb_reserve(skb, local->tx_headroom + local->hw.extra_tx_headroom); 254 skb_reserve(skb, local->tx_headroom + local->hw.extra_tx_headroom);
251 /* 25 is the size of the common mgmt part (24) plus the size of the 255 mgmt = (struct ieee80211_mgmt *) skb_put(skb, hdr_len);
252 * common action part (1) 256 memset(mgmt, 0, hdr_len);
253 */
254 mgmt = (struct ieee80211_mgmt *)
255 skb_put(skb, 25 + sizeof(mgmt->u.action.u.mesh_action));
256 memset(mgmt, 0, 25 + sizeof(mgmt->u.action.u.mesh_action));
257 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 257 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
258 IEEE80211_STYPE_ACTION); 258 IEEE80211_STYPE_ACTION);
259 259
@@ -789,11 +789,20 @@ void mesh_rx_path_sel_frame(struct ieee80211_sub_if_data *sdata,
789 struct ieee802_11_elems elems; 789 struct ieee802_11_elems elems;
790 size_t baselen; 790 size_t baselen;
791 u32 last_hop_metric; 791 u32 last_hop_metric;
792 struct sta_info *sta;
792 793
793 /* need action_code */ 794 /* need action_code */
794 if (len < IEEE80211_MIN_ACTION_SIZE + 1) 795 if (len < IEEE80211_MIN_ACTION_SIZE + 1)
795 return; 796 return;
796 797
798 rcu_read_lock();
799 sta = sta_info_get(sdata, mgmt->sa);
800 if (!sta || sta->plink_state != NL80211_PLINK_ESTAB) {
801 rcu_read_unlock();
802 return;
803 }
804 rcu_read_unlock();
805
797 baselen = (u8 *) mgmt->u.action.u.mesh_action.variable - (u8 *) mgmt; 806 baselen = (u8 *) mgmt->u.action.u.mesh_action.variable - (u8 *) mgmt;
798 ieee802_11_parse_elems(mgmt->u.action.u.mesh_action.variable, 807 ieee802_11_parse_elems(mgmt->u.action.u.mesh_action.variable,
799 len - baselen, &elems); 808 len - baselen, &elems);
diff --git a/net/mac80211/mesh_pathtbl.c b/net/mac80211/mesh_pathtbl.c
index 332b5ff1e885..7f54c5042235 100644
--- a/net/mac80211/mesh_pathtbl.c
+++ b/net/mac80211/mesh_pathtbl.c
@@ -1168,6 +1168,6 @@ void mesh_path_expire(struct ieee80211_sub_if_data *sdata)
1168void mesh_pathtbl_unregister(void) 1168void mesh_pathtbl_unregister(void)
1169{ 1169{
1170 /* no need for locking during exit path */ 1170 /* no need for locking during exit path */
1171 mesh_table_free(rcu_dereference_raw(mesh_paths), true); 1171 mesh_table_free(rcu_dereference_protected(mesh_paths, 1), true);
1172 mesh_table_free(rcu_dereference_raw(mpp_paths), true); 1172 mesh_table_free(rcu_dereference_protected(mpp_paths, 1), true);
1173} 1173}
diff --git a/net/mac80211/mesh_plink.c b/net/mac80211/mesh_plink.c
index 4396906175ae..0140e88a8220 100644
--- a/net/mac80211/mesh_plink.c
+++ b/net/mac80211/mesh_plink.c
@@ -43,6 +43,10 @@ enum plink_event {
43 CLS_IGNR 43 CLS_IGNR
44}; 44};
45 45
46static int mesh_plink_frame_tx(struct ieee80211_sub_if_data *sdata,
47 enum ieee80211_self_protected_actioncode action,
48 u8 *da, __le16 llid, __le16 plid, __le16 reason);
49
46static inline 50static inline
47void mesh_plink_inc_estab_count(struct ieee80211_sub_if_data *sdata) 51void mesh_plink_inc_estab_count(struct ieee80211_sub_if_data *sdata)
48{ 52{
@@ -76,11 +80,15 @@ static inline void mesh_plink_fsm_restart(struct sta_info *sta)
76 * on it in the lifecycle management section! 80 * on it in the lifecycle management section!
77 */ 81 */
78static struct sta_info *mesh_plink_alloc(struct ieee80211_sub_if_data *sdata, 82static struct sta_info *mesh_plink_alloc(struct ieee80211_sub_if_data *sdata,
79 u8 *hw_addr, u32 rates) 83 u8 *hw_addr, u32 rates,
84 struct ieee802_11_elems *elems)
80{ 85{
81 struct ieee80211_local *local = sdata->local; 86 struct ieee80211_local *local = sdata->local;
87 struct ieee80211_supported_band *sband;
82 struct sta_info *sta; 88 struct sta_info *sta;
83 89
90 sband = local->hw.wiphy->bands[local->oper_channel->band];
91
84 if (local->num_sta >= MESH_MAX_PLINKS) 92 if (local->num_sta >= MESH_MAX_PLINKS)
85 return NULL; 93 return NULL;
86 94
@@ -88,8 +96,13 @@ static struct sta_info *mesh_plink_alloc(struct ieee80211_sub_if_data *sdata,
88 if (!sta) 96 if (!sta)
89 return NULL; 97 return NULL;
90 98
91 sta->flags = WLAN_STA_AUTHORIZED | WLAN_STA_AUTH | WLAN_STA_WME; 99 set_sta_flag(sta, WLAN_STA_AUTH);
100 set_sta_flag(sta, WLAN_STA_AUTHORIZED);
101 set_sta_flag(sta, WLAN_STA_WME);
92 sta->sta.supp_rates[local->hw.conf.channel->band] = rates; 102 sta->sta.supp_rates[local->hw.conf.channel->band] = rates;
103 if (elems->ht_cap_elem)
104 ieee80211_ht_cap_ie_to_sta_ht_cap(sband, elems->ht_cap_elem,
105 &sta->sta.ht_cap);
93 rate_control_rate_init(sta); 106 rate_control_rate_init(sta);
94 107
95 return sta; 108 return sta;
@@ -133,6 +146,10 @@ void mesh_plink_deactivate(struct sta_info *sta)
133 146
134 spin_lock_bh(&sta->lock); 147 spin_lock_bh(&sta->lock);
135 deactivated = __mesh_plink_deactivate(sta); 148 deactivated = __mesh_plink_deactivate(sta);
149 sta->reason = cpu_to_le16(WLAN_REASON_MESH_PEER_CANCELED);
150 mesh_plink_frame_tx(sdata, WLAN_SP_MESH_PEERING_CLOSE,
151 sta->sta.addr, sta->llid, sta->plid,
152 sta->reason);
136 spin_unlock_bh(&sta->lock); 153 spin_unlock_bh(&sta->lock);
137 154
138 if (deactivated) 155 if (deactivated)
@@ -143,23 +160,31 @@ static int mesh_plink_frame_tx(struct ieee80211_sub_if_data *sdata,
143 enum ieee80211_self_protected_actioncode action, 160 enum ieee80211_self_protected_actioncode action,
144 u8 *da, __le16 llid, __le16 plid, __le16 reason) { 161 u8 *da, __le16 llid, __le16 plid, __le16 reason) {
145 struct ieee80211_local *local = sdata->local; 162 struct ieee80211_local *local = sdata->local;
146 struct sk_buff *skb = dev_alloc_skb(local->hw.extra_tx_headroom + 400 + 163 struct sk_buff *skb;
147 sdata->u.mesh.ie_len);
148 struct ieee80211_mgmt *mgmt; 164 struct ieee80211_mgmt *mgmt;
149 bool include_plid = false; 165 bool include_plid = false;
150 int ie_len = 4;
151 u16 peering_proto = 0; 166 u16 peering_proto = 0;
152 u8 *pos; 167 u8 *pos, ie_len = 4;
153 168 int hdr_len = offsetof(struct ieee80211_mgmt, u.action.u.self_prot) +
169 sizeof(mgmt->u.action.u.self_prot);
170
171 skb = dev_alloc_skb(local->hw.extra_tx_headroom +
172 hdr_len +
173 2 + /* capability info */
174 2 + /* AID */
175 2 + 8 + /* supported rates */
176 2 + (IEEE80211_MAX_SUPP_RATES - 8) +
177 2 + sdata->u.mesh.mesh_id_len +
178 2 + sizeof(struct ieee80211_meshconf_ie) +
179 2 + sizeof(struct ieee80211_ht_cap) +
180 2 + sizeof(struct ieee80211_ht_info) +
181 2 + 8 + /* peering IE */
182 sdata->u.mesh.ie_len);
154 if (!skb) 183 if (!skb)
155 return -1; 184 return -1;
156 skb_reserve(skb, local->hw.extra_tx_headroom); 185 skb_reserve(skb, local->hw.extra_tx_headroom);
157 /* 25 is the size of the common mgmt part (24) plus the size of the 186 mgmt = (struct ieee80211_mgmt *) skb_put(skb, hdr_len);
158 * common action part (1) 187 memset(mgmt, 0, hdr_len);
159 */
160 mgmt = (struct ieee80211_mgmt *)
161 skb_put(skb, 25 + sizeof(mgmt->u.action.u.self_prot));
162 memset(mgmt, 0, 25 + sizeof(mgmt->u.action.u.self_prot));
163 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 188 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
164 IEEE80211_STYPE_ACTION); 189 IEEE80211_STYPE_ACTION);
165 memcpy(mgmt->da, da, ETH_ALEN); 190 memcpy(mgmt->da, da, ETH_ALEN);
@@ -177,8 +202,8 @@ static int mesh_plink_frame_tx(struct ieee80211_sub_if_data *sdata,
177 pos = skb_put(skb, 2); 202 pos = skb_put(skb, 2);
178 memcpy(pos + 2, &plid, 2); 203 memcpy(pos + 2, &plid, 2);
179 } 204 }
180 if (mesh_add_srates_ie(skb, sdata) || 205 if (ieee80211_add_srates_ie(&sdata->vif, skb) ||
181 mesh_add_ext_srates_ie(skb, sdata) || 206 ieee80211_add_ext_srates_ie(&sdata->vif, skb) ||
182 mesh_add_rsn_ie(skb, sdata) || 207 mesh_add_rsn_ie(skb, sdata) ||
183 mesh_add_meshid_ie(skb, sdata) || 208 mesh_add_meshid_ie(skb, sdata) ||
184 mesh_add_meshconf_ie(skb, sdata)) 209 mesh_add_meshconf_ie(skb, sdata))
@@ -225,6 +250,13 @@ static int mesh_plink_frame_tx(struct ieee80211_sub_if_data *sdata,
225 memcpy(pos, &reason, 2); 250 memcpy(pos, &reason, 2);
226 pos += 2; 251 pos += 2;
227 } 252 }
253
254 if (action != WLAN_SP_MESH_PEERING_CLOSE) {
255 if (mesh_add_ht_cap_ie(skb, sdata) ||
256 mesh_add_ht_info_ie(skb, sdata))
257 return -1;
258 }
259
228 if (mesh_add_vendor_ies(skb, sdata)) 260 if (mesh_add_vendor_ies(skb, sdata))
229 return -1; 261 return -1;
230 262
@@ -251,7 +283,7 @@ void mesh_neighbour_update(u8 *hw_addr, u32 rates,
251 elems->ie_start, elems->total_len, 283 elems->ie_start, elems->total_len,
252 GFP_KERNEL); 284 GFP_KERNEL);
253 else 285 else
254 sta = mesh_plink_alloc(sdata, hw_addr, rates); 286 sta = mesh_plink_alloc(sdata, hw_addr, rates, elems);
255 if (!sta) 287 if (!sta)
256 return; 288 return;
257 if (sta_info_insert_rcu(sta)) { 289 if (sta_info_insert_rcu(sta)) {
@@ -375,7 +407,7 @@ int mesh_plink_open(struct sta_info *sta)
375 __le16 llid; 407 __le16 llid;
376 struct ieee80211_sub_if_data *sdata = sta->sdata; 408 struct ieee80211_sub_if_data *sdata = sta->sdata;
377 409
378 if (!test_sta_flags(sta, WLAN_STA_AUTH)) 410 if (!test_sta_flag(sta, WLAN_STA_AUTH))
379 return -EPERM; 411 return -EPERM;
380 412
381 spin_lock_bh(&sta->lock); 413 spin_lock_bh(&sta->lock);
@@ -495,7 +527,7 @@ void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata, struct ieee80211_m
495 return; 527 return;
496 } 528 }
497 529
498 if (sta && !test_sta_flags(sta, WLAN_STA_AUTH)) { 530 if (sta && !test_sta_flag(sta, WLAN_STA_AUTH)) {
499 mpl_dbg("Mesh plink: Action frame from non-authed peer\n"); 531 mpl_dbg("Mesh plink: Action frame from non-authed peer\n");
500 rcu_read_unlock(); 532 rcu_read_unlock();
501 return; 533 return;
@@ -542,7 +574,7 @@ void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata, struct ieee80211_m
542 } 574 }
543 575
544 rates = ieee80211_sta_get_rates(local, &elems, rx_status->band); 576 rates = ieee80211_sta_get_rates(local, &elems, rx_status->band);
545 sta = mesh_plink_alloc(sdata, mgmt->sa, rates); 577 sta = mesh_plink_alloc(sdata, mgmt->sa, rates, &elems);
546 if (!sta) { 578 if (!sta) {
547 mpl_dbg("Mesh plink error: plink table full\n"); 579 mpl_dbg("Mesh plink error: plink table full\n");
548 return; 580 return;
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index 1a59fb6630d4..d3b408cda08d 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -17,7 +17,7 @@
17#include <linux/if_arp.h> 17#include <linux/if_arp.h>
18#include <linux/etherdevice.h> 18#include <linux/etherdevice.h>
19#include <linux/rtnetlink.h> 19#include <linux/rtnetlink.h>
20#include <linux/pm_qos_params.h> 20#include <linux/pm_qos.h>
21#include <linux/crc32.h> 21#include <linux/crc32.h>
22#include <linux/slab.h> 22#include <linux/slab.h>
23#include <net/mac80211.h> 23#include <net/mac80211.h>
@@ -348,6 +348,7 @@ void ieee80211_send_nullfunc(struct ieee80211_local *local,
348{ 348{
349 struct sk_buff *skb; 349 struct sk_buff *skb;
350 struct ieee80211_hdr_3addr *nullfunc; 350 struct ieee80211_hdr_3addr *nullfunc;
351 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
351 352
352 skb = ieee80211_nullfunc_get(&local->hw, &sdata->vif); 353 skb = ieee80211_nullfunc_get(&local->hw, &sdata->vif);
353 if (!skb) 354 if (!skb)
@@ -358,6 +359,10 @@ void ieee80211_send_nullfunc(struct ieee80211_local *local,
358 nullfunc->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM); 359 nullfunc->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM);
359 360
360 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 361 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
362 if (ifmgd->flags & (IEEE80211_STA_BEACON_POLL |
363 IEEE80211_STA_CONNECTION_POLL))
364 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_USE_MINRATE;
365
361 ieee80211_tx_skb(sdata, skb); 366 ieee80211_tx_skb(sdata, skb);
362} 367}
363 368
@@ -627,11 +632,14 @@ static bool ieee80211_powersave_allowed(struct ieee80211_sub_if_data *sdata)
627{ 632{
628 struct ieee80211_if_managed *mgd = &sdata->u.mgd; 633 struct ieee80211_if_managed *mgd = &sdata->u.mgd;
629 struct sta_info *sta = NULL; 634 struct sta_info *sta = NULL;
630 u32 sta_flags = 0; 635 bool authorized = false;
631 636
632 if (!mgd->powersave) 637 if (!mgd->powersave)
633 return false; 638 return false;
634 639
640 if (mgd->broken_ap)
641 return false;
642
635 if (!mgd->associated) 643 if (!mgd->associated)
636 return false; 644 return false;
637 645
@@ -645,13 +653,10 @@ static bool ieee80211_powersave_allowed(struct ieee80211_sub_if_data *sdata)
645 rcu_read_lock(); 653 rcu_read_lock();
646 sta = sta_info_get(sdata, mgd->bssid); 654 sta = sta_info_get(sdata, mgd->bssid);
647 if (sta) 655 if (sta)
648 sta_flags = get_sta_flags(sta); 656 authorized = test_sta_flag(sta, WLAN_STA_AUTHORIZED);
649 rcu_read_unlock(); 657 rcu_read_unlock();
650 658
651 if (!(sta_flags & WLAN_STA_AUTHORIZED)) 659 return authorized;
652 return false;
653
654 return true;
655} 660}
656 661
657/* need to hold RTNL or interface lock */ 662/* need to hold RTNL or interface lock */
@@ -936,8 +941,8 @@ static void ieee80211_sta_wmm_params(struct ieee80211_local *local,
936 params.aifs, params.cw_min, params.cw_max, 941 params.aifs, params.cw_min, params.cw_max,
937 params.txop, params.uapsd); 942 params.txop, params.uapsd);
938#endif 943#endif
939 local->tx_conf[queue] = params; 944 sdata->tx_conf[queue] = params;
940 if (drv_conf_tx(local, queue, &params)) 945 if (drv_conf_tx(local, sdata, queue, &params))
941 wiphy_debug(local->hw.wiphy, 946 wiphy_debug(local->hw.wiphy,
942 "failed to set TX queue parameters for queue %d\n", 947 "failed to set TX queue parameters for queue %d\n",
943 queue); 948 queue);
@@ -1095,7 +1100,7 @@ static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
1095 mutex_lock(&local->sta_mtx); 1100 mutex_lock(&local->sta_mtx);
1096 sta = sta_info_get(sdata, bssid); 1101 sta = sta_info_get(sdata, bssid);
1097 if (sta) { 1102 if (sta) {
1098 set_sta_flags(sta, WLAN_STA_BLOCK_BA); 1103 set_sta_flag(sta, WLAN_STA_BLOCK_BA);
1099 ieee80211_sta_tear_down_BA_sessions(sta, tx); 1104 ieee80211_sta_tear_down_BA_sessions(sta, tx);
1100 } 1105 }
1101 mutex_unlock(&local->sta_mtx); 1106 mutex_unlock(&local->sta_mtx);
@@ -1137,8 +1142,9 @@ static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
1137 changed |= BSS_CHANGED_BSSID | BSS_CHANGED_HT; 1142 changed |= BSS_CHANGED_BSSID | BSS_CHANGED_HT;
1138 ieee80211_bss_info_change_notify(sdata, changed); 1143 ieee80211_bss_info_change_notify(sdata, changed);
1139 1144
1145 /* remove AP and TDLS peers */
1140 if (remove_sta) 1146 if (remove_sta)
1141 sta_info_destroy_addr(sdata, bssid); 1147 sta_info_flush(local, sdata);
1142 1148
1143 del_timer_sync(&sdata->u.mgd.conn_mon_timer); 1149 del_timer_sync(&sdata->u.mgd.conn_mon_timer);
1144 del_timer_sync(&sdata->u.mgd.bcn_mon_timer); 1150 del_timer_sync(&sdata->u.mgd.bcn_mon_timer);
@@ -1239,7 +1245,7 @@ static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata)
1239 } else { 1245 } else {
1240 ssid = ieee80211_bss_get_ie(ifmgd->associated, WLAN_EID_SSID); 1246 ssid = ieee80211_bss_get_ie(ifmgd->associated, WLAN_EID_SSID);
1241 ieee80211_send_probe_req(sdata, dst, ssid + 2, ssid[1], NULL, 0, 1247 ieee80211_send_probe_req(sdata, dst, ssid + 2, ssid[1], NULL, 0,
1242 (u32) -1, true); 1248 (u32) -1, true, false);
1243 } 1249 }
1244 1250
1245 ifmgd->probe_send_count++; 1251 ifmgd->probe_send_count++;
@@ -1479,6 +1485,7 @@ static bool ieee80211_assoc_success(struct ieee80211_work *wk,
1479 int i, j, err; 1485 int i, j, err;
1480 bool have_higher_than_11mbit = false; 1486 bool have_higher_than_11mbit = false;
1481 u16 ap_ht_cap_flags; 1487 u16 ap_ht_cap_flags;
1488 int min_rate = INT_MAX, min_rate_index = -1;
1482 1489
1483 /* AssocResp and ReassocResp have identical structure */ 1490 /* AssocResp and ReassocResp have identical structure */
1484 1491
@@ -1486,10 +1493,21 @@ static bool ieee80211_assoc_success(struct ieee80211_work *wk,
1486 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info); 1493 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
1487 1494
1488 if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14))) 1495 if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14)))
1489 printk(KERN_DEBUG "%s: invalid aid value %d; bits 15:14 not " 1496 printk(KERN_DEBUG
1490 "set\n", sdata->name, aid); 1497 "%s: invalid AID value 0x%x; bits 15:14 not set\n",
1498 sdata->name, aid);
1491 aid &= ~(BIT(15) | BIT(14)); 1499 aid &= ~(BIT(15) | BIT(14));
1492 1500
1501 ifmgd->broken_ap = false;
1502
1503 if (aid == 0 || aid > IEEE80211_MAX_AID) {
1504 printk(KERN_DEBUG
1505 "%s: invalid AID value %d (out of range), turn off PS\n",
1506 sdata->name, aid);
1507 aid = 0;
1508 ifmgd->broken_ap = true;
1509 }
1510
1493 pos = mgmt->u.assoc_resp.variable; 1511 pos = mgmt->u.assoc_resp.variable;
1494 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems); 1512 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems);
1495 1513
@@ -1512,10 +1530,11 @@ static bool ieee80211_assoc_success(struct ieee80211_work *wk,
1512 return false; 1530 return false;
1513 } 1531 }
1514 1532
1515 set_sta_flags(sta, WLAN_STA_AUTH | WLAN_STA_ASSOC | 1533 set_sta_flag(sta, WLAN_STA_AUTH);
1516 WLAN_STA_ASSOC_AP); 1534 set_sta_flag(sta, WLAN_STA_ASSOC);
1535 set_sta_flag(sta, WLAN_STA_ASSOC_AP);
1517 if (!(ifmgd->flags & IEEE80211_STA_CONTROL_PORT)) 1536 if (!(ifmgd->flags & IEEE80211_STA_CONTROL_PORT))
1518 set_sta_flags(sta, WLAN_STA_AUTHORIZED); 1537 set_sta_flag(sta, WLAN_STA_AUTHORIZED);
1519 1538
1520 rates = 0; 1539 rates = 0;
1521 basic_rates = 0; 1540 basic_rates = 0;
@@ -1533,6 +1552,10 @@ static bool ieee80211_assoc_success(struct ieee80211_work *wk,
1533 rates |= BIT(j); 1552 rates |= BIT(j);
1534 if (is_basic) 1553 if (is_basic)
1535 basic_rates |= BIT(j); 1554 basic_rates |= BIT(j);
1555 if (rate < min_rate) {
1556 min_rate = rate;
1557 min_rate_index = j;
1558 }
1536 break; 1559 break;
1537 } 1560 }
1538 } 1561 }
@@ -1550,11 +1573,25 @@ static bool ieee80211_assoc_success(struct ieee80211_work *wk,
1550 rates |= BIT(j); 1573 rates |= BIT(j);
1551 if (is_basic) 1574 if (is_basic)
1552 basic_rates |= BIT(j); 1575 basic_rates |= BIT(j);
1576 if (rate < min_rate) {
1577 min_rate = rate;
1578 min_rate_index = j;
1579 }
1553 break; 1580 break;
1554 } 1581 }
1555 } 1582 }
1556 } 1583 }
1557 1584
1585 /*
1586 * some buggy APs don't advertise basic_rates. use the lowest
1587 * supported rate instead.
1588 */
1589 if (unlikely(!basic_rates) && min_rate_index >= 0) {
1590 printk(KERN_DEBUG "%s: No basic rates in AssocResp. "
1591 "Using min supported rate instead.\n", sdata->name);
1592 basic_rates = BIT(min_rate_index);
1593 }
1594
1558 sta->sta.supp_rates[wk->chan->band] = rates; 1595 sta->sta.supp_rates[wk->chan->band] = rates;
1559 sdata->vif.bss_conf.basic_rates = basic_rates; 1596 sdata->vif.bss_conf.basic_rates = basic_rates;
1560 1597
@@ -1574,10 +1611,10 @@ static bool ieee80211_assoc_success(struct ieee80211_work *wk,
1574 rate_control_rate_init(sta); 1611 rate_control_rate_init(sta);
1575 1612
1576 if (ifmgd->flags & IEEE80211_STA_MFP_ENABLED) 1613 if (ifmgd->flags & IEEE80211_STA_MFP_ENABLED)
1577 set_sta_flags(sta, WLAN_STA_MFP); 1614 set_sta_flag(sta, WLAN_STA_MFP);
1578 1615
1579 if (elems.wmm_param) 1616 if (elems.wmm_param)
1580 set_sta_flags(sta, WLAN_STA_WME); 1617 set_sta_flag(sta, WLAN_STA_WME);
1581 1618
1582 /* sta_info_reinsert will also unlock the mutex lock */ 1619 /* sta_info_reinsert will also unlock the mutex lock */
1583 err = sta_info_reinsert(sta); 1620 err = sta_info_reinsert(sta);
@@ -2738,7 +2775,7 @@ int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,
2738 req->reason_code, cookie, 2775 req->reason_code, cookie,
2739 !req->local_state_change); 2776 !req->local_state_change);
2740 if (assoc_bss) 2777 if (assoc_bss)
2741 sta_info_destroy_addr(sdata, bssid); 2778 sta_info_flush(sdata->local, sdata);
2742 2779
2743 mutex_lock(&sdata->local->mtx); 2780 mutex_lock(&sdata->local->mtx);
2744 ieee80211_recalc_idle(sdata->local); 2781 ieee80211_recalc_idle(sdata->local);
@@ -2778,7 +2815,7 @@ int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata,
2778 ieee80211_send_deauth_disassoc(sdata, req->bss->bssid, 2815 ieee80211_send_deauth_disassoc(sdata, req->bss->bssid,
2779 IEEE80211_STYPE_DISASSOC, req->reason_code, 2816 IEEE80211_STYPE_DISASSOC, req->reason_code,
2780 cookie, !req->local_state_change); 2817 cookie, !req->local_state_change);
2781 sta_info_destroy_addr(sdata, bssid); 2818 sta_info_flush(sdata->local, sdata);
2782 2819
2783 mutex_lock(&sdata->local->mtx); 2820 mutex_lock(&sdata->local->mtx);
2784 ieee80211_recalc_idle(sdata->local); 2821 ieee80211_recalc_idle(sdata->local);
diff --git a/net/mac80211/pm.c b/net/mac80211/pm.c
index 6326d3439861..9ee7164b207c 100644
--- a/net/mac80211/pm.c
+++ b/net/mac80211/pm.c
@@ -42,7 +42,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan)
42 if (hw->flags & IEEE80211_HW_AMPDU_AGGREGATION) { 42 if (hw->flags & IEEE80211_HW_AMPDU_AGGREGATION) {
43 mutex_lock(&local->sta_mtx); 43 mutex_lock(&local->sta_mtx);
44 list_for_each_entry(sta, &local->sta_list, list) { 44 list_for_each_entry(sta, &local->sta_list, list) {
45 set_sta_flags(sta, WLAN_STA_BLOCK_BA); 45 set_sta_flag(sta, WLAN_STA_BLOCK_BA);
46 ieee80211_sta_tear_down_BA_sessions(sta, true); 46 ieee80211_sta_tear_down_BA_sessions(sta, true);
47 } 47 }
48 mutex_unlock(&local->sta_mtx); 48 mutex_unlock(&local->sta_mtx);
diff --git a/net/mac80211/rate.c b/net/mac80211/rate.c
index 3d5a2cb835c4..ff5c3aa48a15 100644
--- a/net/mac80211/rate.c
+++ b/net/mac80211/rate.c
@@ -199,7 +199,7 @@ static void rate_control_release(struct kref *kref)
199 kfree(ctrl_ref); 199 kfree(ctrl_ref);
200} 200}
201 201
202static bool rc_no_data_or_no_ack(struct ieee80211_tx_rate_control *txrc) 202static bool rc_no_data_or_no_ack_use_min(struct ieee80211_tx_rate_control *txrc)
203{ 203{
204 struct sk_buff *skb = txrc->skb; 204 struct sk_buff *skb = txrc->skb;
205 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 205 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
@@ -208,7 +208,9 @@ static bool rc_no_data_or_no_ack(struct ieee80211_tx_rate_control *txrc)
208 208
209 fc = hdr->frame_control; 209 fc = hdr->frame_control;
210 210
211 return (info->flags & IEEE80211_TX_CTL_NO_ACK) || !ieee80211_is_data(fc); 211 return (info->flags & (IEEE80211_TX_CTL_NO_ACK |
212 IEEE80211_TX_CTL_USE_MINRATE)) ||
213 !ieee80211_is_data(fc);
212} 214}
213 215
214static void rc_send_low_broadcast(s8 *idx, u32 basic_rates, 216static void rc_send_low_broadcast(s8 *idx, u32 basic_rates,
@@ -233,6 +235,27 @@ static void rc_send_low_broadcast(s8 *idx, u32 basic_rates,
233 /* could not find a basic rate; use original selection */ 235 /* could not find a basic rate; use original selection */
234} 236}
235 237
238static inline s8
239rate_lowest_non_cck_index(struct ieee80211_supported_band *sband,
240 struct ieee80211_sta *sta)
241{
242 int i;
243
244 for (i = 0; i < sband->n_bitrates; i++) {
245 struct ieee80211_rate *srate = &sband->bitrates[i];
246 if ((srate->bitrate == 10) || (srate->bitrate == 20) ||
247 (srate->bitrate == 55) || (srate->bitrate == 110))
248 continue;
249
250 if (rate_supported(sta, sband->band, i))
251 return i;
252 }
253
254 /* No matching rate found */
255 return 0;
256}
257
258
236bool rate_control_send_low(struct ieee80211_sta *sta, 259bool rate_control_send_low(struct ieee80211_sta *sta,
237 void *priv_sta, 260 void *priv_sta,
238 struct ieee80211_tx_rate_control *txrc) 261 struct ieee80211_tx_rate_control *txrc)
@@ -241,8 +264,14 @@ bool rate_control_send_low(struct ieee80211_sta *sta,
241 struct ieee80211_supported_band *sband = txrc->sband; 264 struct ieee80211_supported_band *sband = txrc->sband;
242 int mcast_rate; 265 int mcast_rate;
243 266
244 if (!sta || !priv_sta || rc_no_data_or_no_ack(txrc)) { 267 if (!sta || !priv_sta || rc_no_data_or_no_ack_use_min(txrc)) {
245 info->control.rates[0].idx = rate_lowest_index(txrc->sband, sta); 268 if ((sband->band != IEEE80211_BAND_2GHZ) ||
269 !(info->flags & IEEE80211_TX_CTL_NO_CCK_RATE))
270 info->control.rates[0].idx =
271 rate_lowest_index(txrc->sband, sta);
272 else
273 info->control.rates[0].idx =
274 rate_lowest_non_cck_index(txrc->sband, sta);
246 info->control.rates[0].count = 275 info->control.rates[0].count =
247 (info->flags & IEEE80211_TX_CTL_NO_ACK) ? 276 (info->flags & IEEE80211_TX_CTL_NO_ACK) ?
248 1 : txrc->hw->max_rate_tries; 277 1 : txrc->hw->max_rate_tries;
diff --git a/net/mac80211/rc80211_minstrel_ht.c b/net/mac80211/rc80211_minstrel_ht.c
index e19249b0f971..cdb28535716b 100644
--- a/net/mac80211/rc80211_minstrel_ht.c
+++ b/net/mac80211/rc80211_minstrel_ht.c
@@ -281,6 +281,8 @@ minstrel_ht_update_stats(struct minstrel_priv *mp, struct minstrel_ht_sta *mi)
281 281
282 mr = minstrel_get_ratestats(mi, mg->max_tp_rate); 282 mr = minstrel_get_ratestats(mi, mg->max_tp_rate);
283 if (cur_tp < mr->cur_tp) { 283 if (cur_tp < mr->cur_tp) {
284 mi->max_tp_rate2 = mi->max_tp_rate;
285 cur_tp2 = cur_tp;
284 mi->max_tp_rate = mg->max_tp_rate; 286 mi->max_tp_rate = mg->max_tp_rate;
285 cur_tp = mr->cur_tp; 287 cur_tp = mr->cur_tp;
286 } 288 }
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index db46601e50bf..3173dcfc2136 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -841,7 +841,7 @@ ieee80211_rx_h_check(struct ieee80211_rx_data *rx)
841 ieee80211_is_pspoll(hdr->frame_control)) && 841 ieee80211_is_pspoll(hdr->frame_control)) &&
842 rx->sdata->vif.type != NL80211_IFTYPE_ADHOC && 842 rx->sdata->vif.type != NL80211_IFTYPE_ADHOC &&
843 rx->sdata->vif.type != NL80211_IFTYPE_WDS && 843 rx->sdata->vif.type != NL80211_IFTYPE_WDS &&
844 (!rx->sta || !test_sta_flags(rx->sta, WLAN_STA_ASSOC)))) { 844 (!rx->sta || !test_sta_flag(rx->sta, WLAN_STA_ASSOC)))) {
845 if (rx->sta && rx->sta->dummy && 845 if (rx->sta && rx->sta->dummy &&
846 ieee80211_is_data_present(hdr->frame_control)) { 846 ieee80211_is_data_present(hdr->frame_control)) {
847 u16 ethertype; 847 u16 ethertype;
@@ -1110,7 +1110,7 @@ static void ap_sta_ps_start(struct sta_info *sta)
1110 struct ieee80211_local *local = sdata->local; 1110 struct ieee80211_local *local = sdata->local;
1111 1111
1112 atomic_inc(&sdata->bss->num_sta_ps); 1112 atomic_inc(&sdata->bss->num_sta_ps);
1113 set_sta_flags(sta, WLAN_STA_PS_STA); 1113 set_sta_flag(sta, WLAN_STA_PS_STA);
1114 if (!(local->hw.flags & IEEE80211_HW_AP_LINK_PS)) 1114 if (!(local->hw.flags & IEEE80211_HW_AP_LINK_PS))
1115 drv_sta_notify(local, sdata, STA_NOTIFY_SLEEP, &sta->sta); 1115 drv_sta_notify(local, sdata, STA_NOTIFY_SLEEP, &sta->sta);
1116#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG 1116#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
@@ -1130,7 +1130,7 @@ static void ap_sta_ps_end(struct sta_info *sta)
1130 sdata->name, sta->sta.addr, sta->sta.aid); 1130 sdata->name, sta->sta.addr, sta->sta.aid);
1131#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */ 1131#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
1132 1132
1133 if (test_sta_flags(sta, WLAN_STA_PS_DRIVER)) { 1133 if (test_sta_flag(sta, WLAN_STA_PS_DRIVER)) {
1134#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG 1134#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
1135 printk(KERN_DEBUG "%s: STA %pM aid %d driver-ps-blocked\n", 1135 printk(KERN_DEBUG "%s: STA %pM aid %d driver-ps-blocked\n",
1136 sdata->name, sta->sta.addr, sta->sta.aid); 1136 sdata->name, sta->sta.addr, sta->sta.aid);
@@ -1149,7 +1149,7 @@ int ieee80211_sta_ps_transition(struct ieee80211_sta *sta, bool start)
1149 WARN_ON(!(sta_inf->local->hw.flags & IEEE80211_HW_AP_LINK_PS)); 1149 WARN_ON(!(sta_inf->local->hw.flags & IEEE80211_HW_AP_LINK_PS));
1150 1150
1151 /* Don't let the same PS state be set twice */ 1151 /* Don't let the same PS state be set twice */
1152 in_ps = test_sta_flags(sta_inf, WLAN_STA_PS_STA); 1152 in_ps = test_sta_flag(sta_inf, WLAN_STA_PS_STA);
1153 if ((start && in_ps) || (!start && !in_ps)) 1153 if ((start && in_ps) || (!start && !in_ps))
1154 return -EINVAL; 1154 return -EINVAL;
1155 1155
@@ -1163,6 +1163,81 @@ int ieee80211_sta_ps_transition(struct ieee80211_sta *sta, bool start)
1163EXPORT_SYMBOL(ieee80211_sta_ps_transition); 1163EXPORT_SYMBOL(ieee80211_sta_ps_transition);
1164 1164
1165static ieee80211_rx_result debug_noinline 1165static ieee80211_rx_result debug_noinline
1166ieee80211_rx_h_uapsd_and_pspoll(struct ieee80211_rx_data *rx)
1167{
1168 struct ieee80211_sub_if_data *sdata = rx->sdata;
1169 struct ieee80211_hdr *hdr = (void *)rx->skb->data;
1170 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb);
1171 int tid, ac;
1172
1173 if (!rx->sta || !(status->rx_flags & IEEE80211_RX_RA_MATCH))
1174 return RX_CONTINUE;
1175
1176 if (sdata->vif.type != NL80211_IFTYPE_AP &&
1177 sdata->vif.type != NL80211_IFTYPE_AP_VLAN)
1178 return RX_CONTINUE;
1179
1180 /*
1181 * The device handles station powersave, so don't do anything about
1182 * uAPSD and PS-Poll frames (the latter shouldn't even come up from
1183 * it to mac80211 since they're handled.)
1184 */
1185 if (sdata->local->hw.flags & IEEE80211_HW_AP_LINK_PS)
1186 return RX_CONTINUE;
1187
1188 /*
1189 * Don't do anything if the station isn't already asleep. In
1190 * the uAPSD case, the station will probably be marked asleep,
1191 * in the PS-Poll case the station must be confused ...
1192 */
1193 if (!test_sta_flag(rx->sta, WLAN_STA_PS_STA))
1194 return RX_CONTINUE;
1195
1196 if (unlikely(ieee80211_is_pspoll(hdr->frame_control))) {
1197 if (!test_sta_flag(rx->sta, WLAN_STA_SP)) {
1198 if (!test_sta_flag(rx->sta, WLAN_STA_PS_DRIVER))
1199 ieee80211_sta_ps_deliver_poll_response(rx->sta);
1200 else
1201 set_sta_flag(rx->sta, WLAN_STA_PSPOLL);
1202 }
1203
1204 /* Free PS Poll skb here instead of returning RX_DROP that would
1205 * count as an dropped frame. */
1206 dev_kfree_skb(rx->skb);
1207
1208 return RX_QUEUED;
1209 } else if (!ieee80211_has_morefrags(hdr->frame_control) &&
1210 !(status->rx_flags & IEEE80211_RX_DEFERRED_RELEASE) &&
1211 ieee80211_has_pm(hdr->frame_control) &&
1212 (ieee80211_is_data_qos(hdr->frame_control) ||
1213 ieee80211_is_qos_nullfunc(hdr->frame_control))) {
1214 tid = *ieee80211_get_qos_ctl(hdr) & IEEE80211_QOS_CTL_TID_MASK;
1215 ac = ieee802_1d_to_ac[tid & 7];
1216
1217 /*
1218 * If this AC is not trigger-enabled do nothing.
1219 *
1220 * NB: This could/should check a separate bitmap of trigger-
1221 * enabled queues, but for now we only implement uAPSD w/o
1222 * TSPEC changes to the ACs, so they're always the same.
1223 */
1224 if (!(rx->sta->sta.uapsd_queues & BIT(ac)))
1225 return RX_CONTINUE;
1226
1227 /* if we are in a service period, do nothing */
1228 if (test_sta_flag(rx->sta, WLAN_STA_SP))
1229 return RX_CONTINUE;
1230
1231 if (!test_sta_flag(rx->sta, WLAN_STA_PS_DRIVER))
1232 ieee80211_sta_ps_deliver_uapsd(rx->sta);
1233 else
1234 set_sta_flag(rx->sta, WLAN_STA_UAPSD);
1235 }
1236
1237 return RX_CONTINUE;
1238}
1239
1240static ieee80211_rx_result debug_noinline
1166ieee80211_rx_h_sta_process(struct ieee80211_rx_data *rx) 1241ieee80211_rx_h_sta_process(struct ieee80211_rx_data *rx)
1167{ 1242{
1168 struct sta_info *sta = rx->sta; 1243 struct sta_info *sta = rx->sta;
@@ -1220,7 +1295,7 @@ ieee80211_rx_h_sta_process(struct ieee80211_rx_data *rx)
1220 !(status->rx_flags & IEEE80211_RX_DEFERRED_RELEASE) && 1295 !(status->rx_flags & IEEE80211_RX_DEFERRED_RELEASE) &&
1221 (rx->sdata->vif.type == NL80211_IFTYPE_AP || 1296 (rx->sdata->vif.type == NL80211_IFTYPE_AP ||
1222 rx->sdata->vif.type == NL80211_IFTYPE_AP_VLAN)) { 1297 rx->sdata->vif.type == NL80211_IFTYPE_AP_VLAN)) {
1223 if (test_sta_flags(sta, WLAN_STA_PS_STA)) { 1298 if (test_sta_flag(sta, WLAN_STA_PS_STA)) {
1224 /* 1299 /*
1225 * Ignore doze->wake transitions that are 1300 * Ignore doze->wake transitions that are
1226 * indicated by non-data frames, the standard 1301 * indicated by non-data frames, the standard
@@ -1473,33 +1548,6 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx)
1473} 1548}
1474 1549
1475static ieee80211_rx_result debug_noinline 1550static ieee80211_rx_result debug_noinline
1476ieee80211_rx_h_ps_poll(struct ieee80211_rx_data *rx)
1477{
1478 struct ieee80211_sub_if_data *sdata = rx->sdata;
1479 __le16 fc = ((struct ieee80211_hdr *)rx->skb->data)->frame_control;
1480 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb);
1481
1482 if (likely(!rx->sta || !ieee80211_is_pspoll(fc) ||
1483 !(status->rx_flags & IEEE80211_RX_RA_MATCH)))
1484 return RX_CONTINUE;
1485
1486 if ((sdata->vif.type != NL80211_IFTYPE_AP) &&
1487 (sdata->vif.type != NL80211_IFTYPE_AP_VLAN))
1488 return RX_DROP_UNUSABLE;
1489
1490 if (!test_sta_flags(rx->sta, WLAN_STA_PS_DRIVER))
1491 ieee80211_sta_ps_deliver_poll_response(rx->sta);
1492 else
1493 set_sta_flags(rx->sta, WLAN_STA_PSPOLL);
1494
1495 /* Free PS Poll skb here instead of returning RX_DROP that would
1496 * count as an dropped frame. */
1497 dev_kfree_skb(rx->skb);
1498
1499 return RX_QUEUED;
1500}
1501
1502static ieee80211_rx_result debug_noinline
1503ieee80211_rx_h_remove_qos_control(struct ieee80211_rx_data *rx) 1551ieee80211_rx_h_remove_qos_control(struct ieee80211_rx_data *rx)
1504{ 1552{
1505 u8 *data = rx->skb->data; 1553 u8 *data = rx->skb->data;
@@ -1522,7 +1570,7 @@ static int
1522ieee80211_802_1x_port_control(struct ieee80211_rx_data *rx) 1570ieee80211_802_1x_port_control(struct ieee80211_rx_data *rx)
1523{ 1571{
1524 if (unlikely(!rx->sta || 1572 if (unlikely(!rx->sta ||
1525 !test_sta_flags(rx->sta, WLAN_STA_AUTHORIZED))) 1573 !test_sta_flag(rx->sta, WLAN_STA_AUTHORIZED)))
1526 return -EACCES; 1574 return -EACCES;
1527 1575
1528 return 0; 1576 return 0;
@@ -1565,7 +1613,7 @@ ieee80211_drop_unencrypted_mgmt(struct ieee80211_rx_data *rx)
1565 if (status->flag & RX_FLAG_DECRYPTED) 1613 if (status->flag & RX_FLAG_DECRYPTED)
1566 return 0; 1614 return 0;
1567 1615
1568 if (rx->sta && test_sta_flags(rx->sta, WLAN_STA_MFP)) { 1616 if (rx->sta && test_sta_flag(rx->sta, WLAN_STA_MFP)) {
1569 if (unlikely(!ieee80211_has_protected(fc) && 1617 if (unlikely(!ieee80211_has_protected(fc) &&
1570 ieee80211_is_unicast_robust_mgmt_frame(rx->skb) && 1618 ieee80211_is_unicast_robust_mgmt_frame(rx->skb) &&
1571 rx->key)) { 1619 rx->key)) {
@@ -2155,13 +2203,8 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
2155 2203
2156 switch (mgmt->u.action.category) { 2204 switch (mgmt->u.action.category) {
2157 case WLAN_CATEGORY_BACK: 2205 case WLAN_CATEGORY_BACK:
2158 /*
2159 * The aggregation code is not prepared to handle
2160 * anything but STA/AP due to the BSSID handling;
2161 * IBSS could work in the code but isn't supported
2162 * by drivers or the standard.
2163 */
2164 if (sdata->vif.type != NL80211_IFTYPE_STATION && 2206 if (sdata->vif.type != NL80211_IFTYPE_STATION &&
2207 sdata->vif.type != NL80211_IFTYPE_MESH_POINT &&
2165 sdata->vif.type != NL80211_IFTYPE_AP_VLAN && 2208 sdata->vif.type != NL80211_IFTYPE_AP_VLAN &&
2166 sdata->vif.type != NL80211_IFTYPE_AP) 2209 sdata->vif.type != NL80211_IFTYPE_AP)
2167 break; 2210 break;
@@ -2441,6 +2484,10 @@ static void ieee80211_rx_cooked_monitor(struct ieee80211_rx_data *rx,
2441 goto out_free_skb; 2484 goto out_free_skb;
2442 rx->flags |= IEEE80211_RX_CMNTR; 2485 rx->flags |= IEEE80211_RX_CMNTR;
2443 2486
2487 /* If there are no cooked monitor interfaces, just free the SKB */
2488 if (!local->cooked_mntrs)
2489 goto out_free_skb;
2490
2444 if (skb_headroom(skb) < sizeof(*rthdr) && 2491 if (skb_headroom(skb) < sizeof(*rthdr) &&
2445 pskb_expand_head(skb, sizeof(*rthdr), 0, GFP_ATOMIC)) 2492 pskb_expand_head(skb, sizeof(*rthdr), 0, GFP_ATOMIC))
2446 goto out_free_skb; 2493 goto out_free_skb;
@@ -2567,9 +2614,9 @@ static void ieee80211_rx_handlers(struct ieee80211_rx_data *rx)
2567 2614
2568 CALL_RXH(ieee80211_rx_h_decrypt) 2615 CALL_RXH(ieee80211_rx_h_decrypt)
2569 CALL_RXH(ieee80211_rx_h_check_more_data) 2616 CALL_RXH(ieee80211_rx_h_check_more_data)
2617 CALL_RXH(ieee80211_rx_h_uapsd_and_pspoll)
2570 CALL_RXH(ieee80211_rx_h_sta_process) 2618 CALL_RXH(ieee80211_rx_h_sta_process)
2571 CALL_RXH(ieee80211_rx_h_defragment) 2619 CALL_RXH(ieee80211_rx_h_defragment)
2572 CALL_RXH(ieee80211_rx_h_ps_poll)
2573 CALL_RXH(ieee80211_rx_h_michael_mic_verify) 2620 CALL_RXH(ieee80211_rx_h_michael_mic_verify)
2574 /* must be after MMIC verify so header is counted in MPDU mic */ 2621 /* must be after MMIC verify so header is counted in MPDU mic */
2575#ifdef CONFIG_MAC80211_MESH 2622#ifdef CONFIG_MAC80211_MESH
diff --git a/net/mac80211/scan.c b/net/mac80211/scan.c
index 6f09eca01112..83a0b050b374 100644
--- a/net/mac80211/scan.c
+++ b/net/mac80211/scan.c
@@ -14,7 +14,7 @@
14 14
15#include <linux/if_arp.h> 15#include <linux/if_arp.h>
16#include <linux/rtnetlink.h> 16#include <linux/rtnetlink.h>
17#include <linux/pm_qos_params.h> 17#include <linux/pm_qos.h>
18#include <net/sch_generic.h> 18#include <net/sch_generic.h>
19#include <linux/slab.h> 19#include <linux/slab.h>
20#include <net/mac80211.h> 20#include <net/mac80211.h>
@@ -254,6 +254,7 @@ static bool ieee80211_prep_hw_scan(struct ieee80211_local *local)
254 req->ie, req->ie_len, band, 254 req->ie, req->ie_len, band,
255 req->rates[band], 0); 255 req->rates[band], 0);
256 local->hw_scan_req->ie_len = ielen; 256 local->hw_scan_req->ie_len = ielen;
257 local->hw_scan_req->no_cck = req->no_cck;
257 258
258 return true; 259 return true;
259} 260}
@@ -660,7 +661,8 @@ static void ieee80211_scan_state_send_probe(struct ieee80211_local *local,
660 local->scan_req->ssids[i].ssid, 661 local->scan_req->ssids[i].ssid,
661 local->scan_req->ssids[i].ssid_len, 662 local->scan_req->ssids[i].ssid_len,
662 local->scan_req->ie, local->scan_req->ie_len, 663 local->scan_req->ie, local->scan_req->ie_len,
663 local->scan_req->rates[band], false); 664 local->scan_req->rates[band], false,
665 local->scan_req->no_cck);
664 666
665 /* 667 /*
666 * After sending probe requests, wait for probe responses 668 * After sending probe requests, wait for probe responses
diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c
index c52e58c0a979..8eaa746ec7a2 100644
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -24,6 +24,7 @@
24#include "sta_info.h" 24#include "sta_info.h"
25#include "debugfs_sta.h" 25#include "debugfs_sta.h"
26#include "mesh.h" 26#include "mesh.h"
27#include "wme.h"
27 28
28/** 29/**
29 * DOC: STA information lifetime rules 30 * DOC: STA information lifetime rules
@@ -72,7 +73,7 @@ static int sta_info_hash_del(struct ieee80211_local *local,
72 if (!s) 73 if (!s)
73 return -ENOENT; 74 return -ENOENT;
74 if (s == sta) { 75 if (s == sta) {
75 rcu_assign_pointer(local->sta_hash[STA_HASH(sta->sta.addr)], 76 RCU_INIT_POINTER(local->sta_hash[STA_HASH(sta->sta.addr)],
76 s->hnext); 77 s->hnext);
77 return 0; 78 return 0;
78 } 79 }
@@ -82,7 +83,7 @@ static int sta_info_hash_del(struct ieee80211_local *local,
82 s = rcu_dereference_protected(s->hnext, 83 s = rcu_dereference_protected(s->hnext,
83 lockdep_is_held(&local->sta_lock)); 84 lockdep_is_held(&local->sta_lock));
84 if (rcu_access_pointer(s->hnext)) { 85 if (rcu_access_pointer(s->hnext)) {
85 rcu_assign_pointer(s->hnext, sta->hnext); 86 RCU_INIT_POINTER(s->hnext, sta->hnext);
86 return 0; 87 return 0;
87 } 88 }
88 89
@@ -231,7 +232,7 @@ static void sta_info_hash_add(struct ieee80211_local *local,
231 struct sta_info *sta) 232 struct sta_info *sta)
232{ 233{
233 sta->hnext = local->sta_hash[STA_HASH(sta->sta.addr)]; 234 sta->hnext = local->sta_hash[STA_HASH(sta->sta.addr)];
234 rcu_assign_pointer(local->sta_hash[STA_HASH(sta->sta.addr)], sta); 235 RCU_INIT_POINTER(local->sta_hash[STA_HASH(sta->sta.addr)], sta);
235} 236}
236 237
237static void sta_unblock(struct work_struct *wk) 238static void sta_unblock(struct work_struct *wk)
@@ -243,13 +244,22 @@ static void sta_unblock(struct work_struct *wk)
243 if (sta->dead) 244 if (sta->dead)
244 return; 245 return;
245 246
246 if (!test_sta_flags(sta, WLAN_STA_PS_STA)) 247 if (!test_sta_flag(sta, WLAN_STA_PS_STA))
247 ieee80211_sta_ps_deliver_wakeup(sta); 248 ieee80211_sta_ps_deliver_wakeup(sta);
248 else if (test_and_clear_sta_flags(sta, WLAN_STA_PSPOLL)) { 249 else if (test_and_clear_sta_flag(sta, WLAN_STA_PSPOLL)) {
249 clear_sta_flags(sta, WLAN_STA_PS_DRIVER); 250 clear_sta_flag(sta, WLAN_STA_PS_DRIVER);
251
252 local_bh_disable();
250 ieee80211_sta_ps_deliver_poll_response(sta); 253 ieee80211_sta_ps_deliver_poll_response(sta);
254 local_bh_enable();
255 } else if (test_and_clear_sta_flag(sta, WLAN_STA_UAPSD)) {
256 clear_sta_flag(sta, WLAN_STA_PS_DRIVER);
257
258 local_bh_disable();
259 ieee80211_sta_ps_deliver_uapsd(sta);
260 local_bh_enable();
251 } else 261 } else
252 clear_sta_flags(sta, WLAN_STA_PS_DRIVER); 262 clear_sta_flag(sta, WLAN_STA_PS_DRIVER);
253} 263}
254 264
255static int sta_prepare_rate_control(struct ieee80211_local *local, 265static int sta_prepare_rate_control(struct ieee80211_local *local,
@@ -282,7 +292,6 @@ struct sta_info *sta_info_alloc(struct ieee80211_sub_if_data *sdata,
282 return NULL; 292 return NULL;
283 293
284 spin_lock_init(&sta->lock); 294 spin_lock_init(&sta->lock);
285 spin_lock_init(&sta->flaglock);
286 INIT_WORK(&sta->drv_unblock_wk, sta_unblock); 295 INIT_WORK(&sta->drv_unblock_wk, sta_unblock);
287 INIT_WORK(&sta->ampdu_mlme.work, ieee80211_ba_session_work); 296 INIT_WORK(&sta->ampdu_mlme.work, ieee80211_ba_session_work);
288 mutex_init(&sta->ampdu_mlme.mtx); 297 mutex_init(&sta->ampdu_mlme.mtx);
@@ -309,8 +318,10 @@ struct sta_info *sta_info_alloc(struct ieee80211_sub_if_data *sdata,
309 */ 318 */
310 sta->timer_to_tid[i] = i; 319 sta->timer_to_tid[i] = i;
311 } 320 }
312 skb_queue_head_init(&sta->ps_tx_buf); 321 for (i = 0; i < IEEE80211_NUM_ACS; i++) {
313 skb_queue_head_init(&sta->tx_filtered); 322 skb_queue_head_init(&sta->ps_tx_buf[i]);
323 skb_queue_head_init(&sta->tx_filtered[i]);
324 }
314 325
315 for (i = 0; i < NUM_RX_DATA_QUEUES; i++) 326 for (i = 0; i < NUM_RX_DATA_QUEUES; i++)
316 sta->last_seq_ctrl[i] = cpu_to_le16(USHRT_MAX); 327 sta->last_seq_ctrl[i] = cpu_to_le16(USHRT_MAX);
@@ -641,54 +652,84 @@ static inline void __bss_tim_clear(struct ieee80211_if_ap *bss, u16 aid)
641 bss->tim[aid / 8] &= ~(1 << (aid % 8)); 652 bss->tim[aid / 8] &= ~(1 << (aid % 8));
642} 653}
643 654
644static void __sta_info_set_tim_bit(struct ieee80211_if_ap *bss, 655static unsigned long ieee80211_tids_for_ac(int ac)
645 struct sta_info *sta)
646{ 656{
647 BUG_ON(!bss); 657 /* If we ever support TIDs > 7, this obviously needs to be adjusted */
648 658 switch (ac) {
649 __bss_tim_set(bss, sta->sta.aid); 659 case IEEE80211_AC_VO:
650 660 return BIT(6) | BIT(7);
651 if (sta->local->ops->set_tim) { 661 case IEEE80211_AC_VI:
652 sta->local->tim_in_locked_section = true; 662 return BIT(4) | BIT(5);
653 drv_set_tim(sta->local, &sta->sta, true); 663 case IEEE80211_AC_BE:
654 sta->local->tim_in_locked_section = false; 664 return BIT(0) | BIT(3);
665 case IEEE80211_AC_BK:
666 return BIT(1) | BIT(2);
667 default:
668 WARN_ON(1);
669 return 0;
655 } 670 }
656} 671}
657 672
658void sta_info_set_tim_bit(struct sta_info *sta) 673void sta_info_recalc_tim(struct sta_info *sta)
659{ 674{
675 struct ieee80211_local *local = sta->local;
676 struct ieee80211_if_ap *bss = sta->sdata->bss;
660 unsigned long flags; 677 unsigned long flags;
678 bool indicate_tim = false;
679 u8 ignore_for_tim = sta->sta.uapsd_queues;
680 int ac;
661 681
662 BUG_ON(!sta->sdata->bss); 682 if (WARN_ON_ONCE(!sta->sdata->bss))
683 return;
663 684
664 spin_lock_irqsave(&sta->local->sta_lock, flags); 685 /* No need to do anything if the driver does all */
665 __sta_info_set_tim_bit(sta->sdata->bss, sta); 686 if (local->hw.flags & IEEE80211_HW_AP_LINK_PS)
666 spin_unlock_irqrestore(&sta->local->sta_lock, flags); 687 return;
667}
668 688
669static void __sta_info_clear_tim_bit(struct ieee80211_if_ap *bss, 689 if (sta->dead)
670 struct sta_info *sta) 690 goto done;
671{ 691
672 BUG_ON(!bss); 692 /*
693 * If all ACs are delivery-enabled then we should build
694 * the TIM bit for all ACs anyway; if only some are then
695 * we ignore those and build the TIM bit using only the
696 * non-enabled ones.
697 */
698 if (ignore_for_tim == BIT(IEEE80211_NUM_ACS) - 1)
699 ignore_for_tim = 0;
700
701 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
702 unsigned long tids;
673 703
674 __bss_tim_clear(bss, sta->sta.aid); 704 if (ignore_for_tim & BIT(ac))
705 continue;
706
707 indicate_tim |= !skb_queue_empty(&sta->tx_filtered[ac]) ||
708 !skb_queue_empty(&sta->ps_tx_buf[ac]);
709 if (indicate_tim)
710 break;
675 711
676 if (sta->local->ops->set_tim) { 712 tids = ieee80211_tids_for_ac(ac);
677 sta->local->tim_in_locked_section = true; 713
678 drv_set_tim(sta->local, &sta->sta, false); 714 indicate_tim |=
679 sta->local->tim_in_locked_section = false; 715 sta->driver_buffered_tids & tids;
680 } 716 }
681}
682 717
683void sta_info_clear_tim_bit(struct sta_info *sta) 718 done:
684{ 719 spin_lock_irqsave(&local->sta_lock, flags);
685 unsigned long flags;
686 720
687 BUG_ON(!sta->sdata->bss); 721 if (indicate_tim)
722 __bss_tim_set(bss, sta->sta.aid);
723 else
724 __bss_tim_clear(bss, sta->sta.aid);
725
726 if (local->ops->set_tim) {
727 local->tim_in_locked_section = true;
728 drv_set_tim(local, &sta->sta, indicate_tim);
729 local->tim_in_locked_section = false;
730 }
688 731
689 spin_lock_irqsave(&sta->local->sta_lock, flags); 732 spin_unlock_irqrestore(&local->sta_lock, flags);
690 __sta_info_clear_tim_bit(sta->sdata->bss, sta);
691 spin_unlock_irqrestore(&sta->local->sta_lock, flags);
692} 733}
693 734
694static bool sta_info_buffer_expired(struct sta_info *sta, struct sk_buff *skb) 735static bool sta_info_buffer_expired(struct sta_info *sta, struct sk_buff *skb)
@@ -711,21 +752,59 @@ static bool sta_info_buffer_expired(struct sta_info *sta, struct sk_buff *skb)
711} 752}
712 753
713 754
714static bool sta_info_cleanup_expire_buffered(struct ieee80211_local *local, 755static bool sta_info_cleanup_expire_buffered_ac(struct ieee80211_local *local,
715 struct sta_info *sta) 756 struct sta_info *sta, int ac)
716{ 757{
717 unsigned long flags; 758 unsigned long flags;
718 struct sk_buff *skb; 759 struct sk_buff *skb;
719 760
761 /*
762 * First check for frames that should expire on the filtered
763 * queue. Frames here were rejected by the driver and are on
764 * a separate queue to avoid reordering with normal PS-buffered
765 * frames. They also aren't accounted for right now in the
766 * total_ps_buffered counter.
767 */
720 for (;;) { 768 for (;;) {
721 spin_lock_irqsave(&sta->ps_tx_buf.lock, flags); 769 spin_lock_irqsave(&sta->tx_filtered[ac].lock, flags);
722 skb = skb_peek(&sta->ps_tx_buf); 770 skb = skb_peek(&sta->tx_filtered[ac]);
723 if (sta_info_buffer_expired(sta, skb)) 771 if (sta_info_buffer_expired(sta, skb))
724 skb = __skb_dequeue(&sta->ps_tx_buf); 772 skb = __skb_dequeue(&sta->tx_filtered[ac]);
725 else 773 else
726 skb = NULL; 774 skb = NULL;
727 spin_unlock_irqrestore(&sta->ps_tx_buf.lock, flags); 775 spin_unlock_irqrestore(&sta->tx_filtered[ac].lock, flags);
728 776
777 /*
778 * Frames are queued in order, so if this one
779 * hasn't expired yet we can stop testing. If
780 * we actually reached the end of the queue we
781 * also need to stop, of course.
782 */
783 if (!skb)
784 break;
785 dev_kfree_skb(skb);
786 }
787
788 /*
789 * Now also check the normal PS-buffered queue, this will
790 * only find something if the filtered queue was emptied
791 * since the filtered frames are all before the normal PS
792 * buffered frames.
793 */
794 for (;;) {
795 spin_lock_irqsave(&sta->ps_tx_buf[ac].lock, flags);
796 skb = skb_peek(&sta->ps_tx_buf[ac]);
797 if (sta_info_buffer_expired(sta, skb))
798 skb = __skb_dequeue(&sta->ps_tx_buf[ac]);
799 else
800 skb = NULL;
801 spin_unlock_irqrestore(&sta->ps_tx_buf[ac].lock, flags);
802
803 /*
804 * frames are queued in order, so if this one
805 * hasn't expired yet (or we reached the end of
806 * the queue) we can stop testing
807 */
729 if (!skb) 808 if (!skb)
730 break; 809 break;
731 810
@@ -735,22 +814,47 @@ static bool sta_info_cleanup_expire_buffered(struct ieee80211_local *local,
735 sta->sta.addr); 814 sta->sta.addr);
736#endif 815#endif
737 dev_kfree_skb(skb); 816 dev_kfree_skb(skb);
738
739 if (skb_queue_empty(&sta->ps_tx_buf) &&
740 !test_sta_flags(sta, WLAN_STA_PS_DRIVER_BUF))
741 sta_info_clear_tim_bit(sta);
742 } 817 }
743 818
744 return !skb_queue_empty(&sta->ps_tx_buf); 819 /*
820 * Finally, recalculate the TIM bit for this station -- it might
821 * now be clear because the station was too slow to retrieve its
822 * frames.
823 */
824 sta_info_recalc_tim(sta);
825
826 /*
827 * Return whether there are any frames still buffered, this is
828 * used to check whether the cleanup timer still needs to run,
829 * if there are no frames we don't need to rearm the timer.
830 */
831 return !(skb_queue_empty(&sta->ps_tx_buf[ac]) &&
832 skb_queue_empty(&sta->tx_filtered[ac]));
833}
834
835static bool sta_info_cleanup_expire_buffered(struct ieee80211_local *local,
836 struct sta_info *sta)
837{
838 bool have_buffered = false;
839 int ac;
840
841 /* This is only necessary for stations on BSS interfaces */
842 if (!sta->sdata->bss)
843 return false;
844
845 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++)
846 have_buffered |=
847 sta_info_cleanup_expire_buffered_ac(local, sta, ac);
848
849 return have_buffered;
745} 850}
746 851
747static int __must_check __sta_info_destroy(struct sta_info *sta) 852static int __must_check __sta_info_destroy(struct sta_info *sta)
748{ 853{
749 struct ieee80211_local *local; 854 struct ieee80211_local *local;
750 struct ieee80211_sub_if_data *sdata; 855 struct ieee80211_sub_if_data *sdata;
751 struct sk_buff *skb;
752 unsigned long flags; 856 unsigned long flags;
753 int ret, i; 857 int ret, i, ac;
754 858
755 might_sleep(); 859 might_sleep();
756 860
@@ -766,7 +870,7 @@ static int __must_check __sta_info_destroy(struct sta_info *sta)
766 * sessions -- block that to make sure the tear-down 870 * sessions -- block that to make sure the tear-down
767 * will be sufficient. 871 * will be sufficient.
768 */ 872 */
769 set_sta_flags(sta, WLAN_STA_BLOCK_BA); 873 set_sta_flag(sta, WLAN_STA_BLOCK_BA);
770 ieee80211_sta_tear_down_BA_sessions(sta, true); 874 ieee80211_sta_tear_down_BA_sessions(sta, true);
771 875
772 spin_lock_irqsave(&local->sta_lock, flags); 876 spin_lock_irqsave(&local->sta_lock, flags);
@@ -787,19 +891,22 @@ static int __must_check __sta_info_destroy(struct sta_info *sta)
787 891
788 sta->dead = true; 892 sta->dead = true;
789 893
790 if (test_and_clear_sta_flags(sta, 894 if (test_sta_flag(sta, WLAN_STA_PS_STA) ||
791 WLAN_STA_PS_STA | WLAN_STA_PS_DRIVER)) { 895 test_sta_flag(sta, WLAN_STA_PS_DRIVER)) {
792 BUG_ON(!sdata->bss); 896 BUG_ON(!sdata->bss);
793 897
898 clear_sta_flag(sta, WLAN_STA_PS_STA);
899 clear_sta_flag(sta, WLAN_STA_PS_DRIVER);
900
794 atomic_dec(&sdata->bss->num_sta_ps); 901 atomic_dec(&sdata->bss->num_sta_ps);
795 sta_info_clear_tim_bit(sta); 902 sta_info_recalc_tim(sta);
796 } 903 }
797 904
798 local->num_sta--; 905 local->num_sta--;
799 local->sta_generation++; 906 local->sta_generation++;
800 907
801 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) 908 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
802 rcu_assign_pointer(sdata->u.vlan.sta, NULL); 909 RCU_INIT_POINTER(sdata->u.vlan.sta, NULL);
803 910
804 if (sta->uploaded) { 911 if (sta->uploaded) {
805 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) 912 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
@@ -818,6 +925,12 @@ static int __must_check __sta_info_destroy(struct sta_info *sta)
818 */ 925 */
819 synchronize_rcu(); 926 synchronize_rcu();
820 927
928 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
929 local->total_ps_buffered -= skb_queue_len(&sta->ps_tx_buf[ac]);
930 __skb_queue_purge(&sta->ps_tx_buf[ac]);
931 __skb_queue_purge(&sta->tx_filtered[ac]);
932 }
933
821#ifdef CONFIG_MAC80211_MESH 934#ifdef CONFIG_MAC80211_MESH
822 if (ieee80211_vif_is_mesh(&sdata->vif)) 935 if (ieee80211_vif_is_mesh(&sdata->vif))
823 mesh_accept_plinks_update(sdata); 936 mesh_accept_plinks_update(sdata);
@@ -840,14 +953,6 @@ static int __must_check __sta_info_destroy(struct sta_info *sta)
840 } 953 }
841#endif 954#endif
842 955
843 while ((skb = skb_dequeue(&sta->ps_tx_buf)) != NULL) {
844 local->total_ps_buffered--;
845 dev_kfree_skb_any(skb);
846 }
847
848 while ((skb = skb_dequeue(&sta->tx_filtered)) != NULL)
849 dev_kfree_skb_any(skb);
850
851 __sta_info_free(local, sta); 956 __sta_info_free(local, sta);
852 957
853 return 0; 958 return 0;
@@ -1013,7 +1118,8 @@ static void clear_sta_ps_flags(void *_sta)
1013{ 1118{
1014 struct sta_info *sta = _sta; 1119 struct sta_info *sta = _sta;
1015 1120
1016 clear_sta_flags(sta, WLAN_STA_PS_DRIVER | WLAN_STA_PS_STA); 1121 clear_sta_flag(sta, WLAN_STA_PS_DRIVER);
1122 clear_sta_flag(sta, WLAN_STA_PS_STA);
1017} 1123}
1018 1124
1019/* powersave support code */ 1125/* powersave support code */
@@ -1021,86 +1127,339 @@ void ieee80211_sta_ps_deliver_wakeup(struct sta_info *sta)
1021{ 1127{
1022 struct ieee80211_sub_if_data *sdata = sta->sdata; 1128 struct ieee80211_sub_if_data *sdata = sta->sdata;
1023 struct ieee80211_local *local = sdata->local; 1129 struct ieee80211_local *local = sdata->local;
1024 int sent, buffered; 1130 struct sk_buff_head pending;
1131 int filtered = 0, buffered = 0, ac;
1132
1133 clear_sta_flag(sta, WLAN_STA_SP);
1134
1135 BUILD_BUG_ON(BITS_TO_LONGS(STA_TID_NUM) > 1);
1136 sta->driver_buffered_tids = 0;
1025 1137
1026 clear_sta_flags(sta, WLAN_STA_PS_DRIVER_BUF);
1027 if (!(local->hw.flags & IEEE80211_HW_AP_LINK_PS)) 1138 if (!(local->hw.flags & IEEE80211_HW_AP_LINK_PS))
1028 drv_sta_notify(local, sdata, STA_NOTIFY_AWAKE, &sta->sta); 1139 drv_sta_notify(local, sdata, STA_NOTIFY_AWAKE, &sta->sta);
1029 1140
1030 if (!skb_queue_empty(&sta->ps_tx_buf)) 1141 skb_queue_head_init(&pending);
1031 sta_info_clear_tim_bit(sta);
1032 1142
1033 /* Send all buffered frames to the station */ 1143 /* Send all buffered frames to the station */
1034 sent = ieee80211_add_pending_skbs(local, &sta->tx_filtered); 1144 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
1035 buffered = ieee80211_add_pending_skbs_fn(local, &sta->ps_tx_buf, 1145 int count = skb_queue_len(&pending), tmp;
1036 clear_sta_ps_flags, sta); 1146
1037 sent += buffered; 1147 skb_queue_splice_tail_init(&sta->tx_filtered[ac], &pending);
1148 tmp = skb_queue_len(&pending);
1149 filtered += tmp - count;
1150 count = tmp;
1151
1152 skb_queue_splice_tail_init(&sta->ps_tx_buf[ac], &pending);
1153 tmp = skb_queue_len(&pending);
1154 buffered += tmp - count;
1155 }
1156
1157 ieee80211_add_pending_skbs_fn(local, &pending, clear_sta_ps_flags, sta);
1158
1038 local->total_ps_buffered -= buffered; 1159 local->total_ps_buffered -= buffered;
1039 1160
1161 sta_info_recalc_tim(sta);
1162
1040#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG 1163#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
1041 printk(KERN_DEBUG "%s: STA %pM aid %d sending %d filtered/%d PS frames " 1164 printk(KERN_DEBUG "%s: STA %pM aid %d sending %d filtered/%d PS frames "
1042 "since STA not sleeping anymore\n", sdata->name, 1165 "since STA not sleeping anymore\n", sdata->name,
1043 sta->sta.addr, sta->sta.aid, sent - buffered, buffered); 1166 sta->sta.addr, sta->sta.aid, filtered, buffered);
1044#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */ 1167#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
1045} 1168}
1046 1169
1047void ieee80211_sta_ps_deliver_poll_response(struct sta_info *sta) 1170static void ieee80211_send_null_response(struct ieee80211_sub_if_data *sdata,
1171 struct sta_info *sta, int tid,
1172 enum ieee80211_frame_release_type reason)
1048{ 1173{
1049 struct ieee80211_sub_if_data *sdata = sta->sdata;
1050 struct ieee80211_local *local = sdata->local; 1174 struct ieee80211_local *local = sdata->local;
1175 struct ieee80211_qos_hdr *nullfunc;
1051 struct sk_buff *skb; 1176 struct sk_buff *skb;
1052 int no_pending_pkts; 1177 int size = sizeof(*nullfunc);
1178 __le16 fc;
1179 bool qos = test_sta_flag(sta, WLAN_STA_WME);
1180 struct ieee80211_tx_info *info;
1053 1181
1054 skb = skb_dequeue(&sta->tx_filtered); 1182 if (qos) {
1055 if (!skb) { 1183 fc = cpu_to_le16(IEEE80211_FTYPE_DATA |
1056 skb = skb_dequeue(&sta->ps_tx_buf); 1184 IEEE80211_STYPE_QOS_NULLFUNC |
1057 if (skb) 1185 IEEE80211_FCTL_FROMDS);
1058 local->total_ps_buffered--; 1186 } else {
1187 size -= 2;
1188 fc = cpu_to_le16(IEEE80211_FTYPE_DATA |
1189 IEEE80211_STYPE_NULLFUNC |
1190 IEEE80211_FCTL_FROMDS);
1059 } 1191 }
1060 no_pending_pkts = skb_queue_empty(&sta->tx_filtered) &&
1061 skb_queue_empty(&sta->ps_tx_buf);
1062 1192
1063 if (skb) { 1193 skb = dev_alloc_skb(local->hw.extra_tx_headroom + size);
1064 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 1194 if (!skb)
1065 struct ieee80211_hdr *hdr = 1195 return;
1066 (struct ieee80211_hdr *) skb->data; 1196
1197 skb_reserve(skb, local->hw.extra_tx_headroom);
1198
1199 nullfunc = (void *) skb_put(skb, size);
1200 nullfunc->frame_control = fc;
1201 nullfunc->duration_id = 0;
1202 memcpy(nullfunc->addr1, sta->sta.addr, ETH_ALEN);
1203 memcpy(nullfunc->addr2, sdata->vif.addr, ETH_ALEN);
1204 memcpy(nullfunc->addr3, sdata->vif.addr, ETH_ALEN);
1205
1206 skb->priority = tid;
1207 skb_set_queue_mapping(skb, ieee802_1d_to_ac[tid]);
1208 if (qos) {
1209 nullfunc->qos_ctrl = cpu_to_le16(tid);
1210
1211 if (reason == IEEE80211_FRAME_RELEASE_UAPSD)
1212 nullfunc->qos_ctrl |=
1213 cpu_to_le16(IEEE80211_QOS_CTL_EOSP);
1214 }
1215
1216 info = IEEE80211_SKB_CB(skb);
1217
1218 /*
1219 * Tell TX path to send this frame even though the
1220 * STA may still remain is PS mode after this frame
1221 * exchange. Also set EOSP to indicate this packet
1222 * ends the poll/service period.
1223 */
1224 info->flags |= IEEE80211_TX_CTL_POLL_RESPONSE |
1225 IEEE80211_TX_STATUS_EOSP |
1226 IEEE80211_TX_CTL_REQ_TX_STATUS;
1227
1228 drv_allow_buffered_frames(local, sta, BIT(tid), 1, reason, false);
1229
1230 ieee80211_xmit(sdata, skb);
1231}
1232
1233static void
1234ieee80211_sta_ps_deliver_response(struct sta_info *sta,
1235 int n_frames, u8 ignored_acs,
1236 enum ieee80211_frame_release_type reason)
1237{
1238 struct ieee80211_sub_if_data *sdata = sta->sdata;
1239 struct ieee80211_local *local = sdata->local;
1240 bool found = false;
1241 bool more_data = false;
1242 int ac;
1243 unsigned long driver_release_tids = 0;
1244 struct sk_buff_head frames;
1245
1246 /* Service or PS-Poll period starts */
1247 set_sta_flag(sta, WLAN_STA_SP);
1248
1249 __skb_queue_head_init(&frames);
1250
1251 /*
1252 * Get response frame(s) and more data bit for it.
1253 */
1254 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
1255 unsigned long tids;
1256
1257 if (ignored_acs & BIT(ac))
1258 continue;
1259
1260 tids = ieee80211_tids_for_ac(ac);
1261
1262 if (!found) {
1263 driver_release_tids = sta->driver_buffered_tids & tids;
1264 if (driver_release_tids) {
1265 found = true;
1266 } else {
1267 struct sk_buff *skb;
1268
1269 while (n_frames > 0) {
1270 skb = skb_dequeue(&sta->tx_filtered[ac]);
1271 if (!skb) {
1272 skb = skb_dequeue(
1273 &sta->ps_tx_buf[ac]);
1274 if (skb)
1275 local->total_ps_buffered--;
1276 }
1277 if (!skb)
1278 break;
1279 n_frames--;
1280 found = true;
1281 __skb_queue_tail(&frames, skb);
1282 }
1283 }
1284
1285 /*
1286 * If the driver has data on more than one TID then
1287 * certainly there's more data if we release just a
1288 * single frame now (from a single TID).
1289 */
1290 if (reason == IEEE80211_FRAME_RELEASE_PSPOLL &&
1291 hweight16(driver_release_tids) > 1) {
1292 more_data = true;
1293 driver_release_tids =
1294 BIT(ffs(driver_release_tids) - 1);
1295 break;
1296 }
1297 }
1298
1299 if (!skb_queue_empty(&sta->tx_filtered[ac]) ||
1300 !skb_queue_empty(&sta->ps_tx_buf[ac])) {
1301 more_data = true;
1302 break;
1303 }
1304 }
1305
1306 if (!found) {
1307 int tid;
1067 1308
1068 /* 1309 /*
1069 * Tell TX path to send this frame even though the STA may 1310 * For PS-Poll, this can only happen due to a race condition
1070 * still remain is PS mode after this frame exchange. 1311 * when we set the TIM bit and the station notices it, but
1312 * before it can poll for the frame we expire it.
1313 *
1314 * For uAPSD, this is said in the standard (11.2.1.5 h):
1315 * At each unscheduled SP for a non-AP STA, the AP shall
1316 * attempt to transmit at least one MSDU or MMPDU, but no
1317 * more than the value specified in the Max SP Length field
1318 * in the QoS Capability element from delivery-enabled ACs,
1319 * that are destined for the non-AP STA.
1320 *
1321 * Since we have no other MSDU/MMPDU, transmit a QoS null frame.
1071 */ 1322 */
1072 info->flags |= IEEE80211_TX_CTL_PSPOLL_RESPONSE;
1073 1323
1074#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG 1324 /* This will evaluate to 1, 3, 5 or 7. */
1075 printk(KERN_DEBUG "STA %pM aid %d: PS Poll (entries after %d)\n", 1325 tid = 7 - ((ffs(~ignored_acs) - 1) << 1);
1076 sta->sta.addr, sta->sta.aid,
1077 skb_queue_len(&sta->ps_tx_buf));
1078#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
1079 1326
1080 /* Use MoreData flag to indicate whether there are more 1327 ieee80211_send_null_response(sdata, sta, tid, reason);
1081 * buffered frames for this STA */ 1328 return;
1082 if (no_pending_pkts) 1329 }
1083 hdr->frame_control &= cpu_to_le16(~IEEE80211_FCTL_MOREDATA);
1084 else
1085 hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_MOREDATA);
1086 1330
1087 ieee80211_add_pending_skb(local, skb); 1331 if (!driver_release_tids) {
1332 struct sk_buff_head pending;
1333 struct sk_buff *skb;
1334 int num = 0;
1335 u16 tids = 0;
1336
1337 skb_queue_head_init(&pending);
1338
1339 while ((skb = __skb_dequeue(&frames))) {
1340 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1341 struct ieee80211_hdr *hdr = (void *) skb->data;
1342 u8 *qoshdr = NULL;
1343
1344 num++;
1345
1346 /*
1347 * Tell TX path to send this frame even though the
1348 * STA may still remain is PS mode after this frame
1349 * exchange.
1350 */
1351 info->flags |= IEEE80211_TX_CTL_POLL_RESPONSE;
1352
1353 /*
1354 * Use MoreData flag to indicate whether there are
1355 * more buffered frames for this STA
1356 */
1357 if (more_data || !skb_queue_empty(&frames))
1358 hdr->frame_control |=
1359 cpu_to_le16(IEEE80211_FCTL_MOREDATA);
1360 else
1361 hdr->frame_control &=
1362 cpu_to_le16(~IEEE80211_FCTL_MOREDATA);
1363
1364 if (ieee80211_is_data_qos(hdr->frame_control) ||
1365 ieee80211_is_qos_nullfunc(hdr->frame_control))
1366 qoshdr = ieee80211_get_qos_ctl(hdr);
1367
1368 /* set EOSP for the frame */
1369 if (reason == IEEE80211_FRAME_RELEASE_UAPSD &&
1370 qoshdr && skb_queue_empty(&frames))
1371 *qoshdr |= IEEE80211_QOS_CTL_EOSP;
1372
1373 info->flags |= IEEE80211_TX_STATUS_EOSP |
1374 IEEE80211_TX_CTL_REQ_TX_STATUS;
1375
1376 if (qoshdr)
1377 tids |= BIT(*qoshdr & IEEE80211_QOS_CTL_TID_MASK);
1378 else
1379 tids |= BIT(0);
1380
1381 __skb_queue_tail(&pending, skb);
1382 }
1088 1383
1089 if (no_pending_pkts) 1384 drv_allow_buffered_frames(local, sta, tids, num,
1090 sta_info_clear_tim_bit(sta); 1385 reason, more_data);
1091#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG 1386
1387 ieee80211_add_pending_skbs(local, &pending);
1388
1389 sta_info_recalc_tim(sta);
1092 } else { 1390 } else {
1093 /* 1391 /*
1094 * FIXME: This can be the result of a race condition between 1392 * We need to release a frame that is buffered somewhere in the
1095 * us expiring a frame and the station polling for it. 1393 * driver ... it'll have to handle that.
1096 * Should we send it a null-func frame indicating we 1394 * Note that, as per the comment above, it'll also have to see
1097 * have nothing buffered for it? 1395 * if there is more than just one frame on the specific TID that
1396 * we're releasing from, and it needs to set the more-data bit
1397 * accordingly if we tell it that there's no more data. If we do
1398 * tell it there's more data, then of course the more-data bit
1399 * needs to be set anyway.
1098 */ 1400 */
1099 printk(KERN_DEBUG "%s: STA %pM sent PS Poll even " 1401 drv_release_buffered_frames(local, sta, driver_release_tids,
1100 "though there are no buffered frames for it\n", 1402 n_frames, reason, more_data);
1101 sdata->name, sta->sta.addr); 1403
1102#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */ 1404 /*
1405 * Note that we don't recalculate the TIM bit here as it would
1406 * most likely have no effect at all unless the driver told us
1407 * that the TID became empty before returning here from the
1408 * release function.
1409 * Either way, however, when the driver tells us that the TID
1410 * became empty we'll do the TIM recalculation.
1411 */
1412 }
1413}
1414
1415void ieee80211_sta_ps_deliver_poll_response(struct sta_info *sta)
1416{
1417 u8 ignore_for_response = sta->sta.uapsd_queues;
1418
1419 /*
1420 * If all ACs are delivery-enabled then we should reply
1421 * from any of them, if only some are enabled we reply
1422 * only from the non-enabled ones.
1423 */
1424 if (ignore_for_response == BIT(IEEE80211_NUM_ACS) - 1)
1425 ignore_for_response = 0;
1426
1427 ieee80211_sta_ps_deliver_response(sta, 1, ignore_for_response,
1428 IEEE80211_FRAME_RELEASE_PSPOLL);
1429}
1430
1431void ieee80211_sta_ps_deliver_uapsd(struct sta_info *sta)
1432{
1433 int n_frames = sta->sta.max_sp;
1434 u8 delivery_enabled = sta->sta.uapsd_queues;
1435
1436 /*
1437 * If we ever grow support for TSPEC this might happen if
1438 * the TSPEC update from hostapd comes in between a trigger
1439 * frame setting WLAN_STA_UAPSD in the RX path and this
1440 * actually getting called.
1441 */
1442 if (!delivery_enabled)
1443 return;
1444
1445 switch (sta->sta.max_sp) {
1446 case 1:
1447 n_frames = 2;
1448 break;
1449 case 2:
1450 n_frames = 4;
1451 break;
1452 case 3:
1453 n_frames = 6;
1454 break;
1455 case 0:
1456 /* XXX: what is a good value? */
1457 n_frames = 8;
1458 break;
1103 } 1459 }
1460
1461 ieee80211_sta_ps_deliver_response(sta, n_frames, ~delivery_enabled,
1462 IEEE80211_FRAME_RELEASE_UAPSD);
1104} 1463}
1105 1464
1106void ieee80211_sta_block_awake(struct ieee80211_hw *hw, 1465void ieee80211_sta_block_awake(struct ieee80211_hw *hw,
@@ -1111,17 +1470,50 @@ void ieee80211_sta_block_awake(struct ieee80211_hw *hw,
1111 trace_api_sta_block_awake(sta->local, pubsta, block); 1470 trace_api_sta_block_awake(sta->local, pubsta, block);
1112 1471
1113 if (block) 1472 if (block)
1114 set_sta_flags(sta, WLAN_STA_PS_DRIVER); 1473 set_sta_flag(sta, WLAN_STA_PS_DRIVER);
1115 else if (test_sta_flags(sta, WLAN_STA_PS_DRIVER)) 1474 else if (test_sta_flag(sta, WLAN_STA_PS_DRIVER))
1116 ieee80211_queue_work(hw, &sta->drv_unblock_wk); 1475 ieee80211_queue_work(hw, &sta->drv_unblock_wk);
1117} 1476}
1118EXPORT_SYMBOL(ieee80211_sta_block_awake); 1477EXPORT_SYMBOL(ieee80211_sta_block_awake);
1119 1478
1120void ieee80211_sta_set_tim(struct ieee80211_sta *pubsta) 1479void ieee80211_sta_eosp_irqsafe(struct ieee80211_sta *pubsta)
1480{
1481 struct sta_info *sta = container_of(pubsta, struct sta_info, sta);
1482 struct ieee80211_local *local = sta->local;
1483 struct sk_buff *skb;
1484 struct skb_eosp_msg_data *data;
1485
1486 trace_api_eosp(local, pubsta);
1487
1488 skb = alloc_skb(0, GFP_ATOMIC);
1489 if (!skb) {
1490 /* too bad ... but race is better than loss */
1491 clear_sta_flag(sta, WLAN_STA_SP);
1492 return;
1493 }
1494
1495 data = (void *)skb->cb;
1496 memcpy(data->sta, pubsta->addr, ETH_ALEN);
1497 memcpy(data->iface, sta->sdata->vif.addr, ETH_ALEN);
1498 skb->pkt_type = IEEE80211_EOSP_MSG;
1499 skb_queue_tail(&local->skb_queue, skb);
1500 tasklet_schedule(&local->tasklet);
1501}
1502EXPORT_SYMBOL(ieee80211_sta_eosp_irqsafe);
1503
1504void ieee80211_sta_set_buffered(struct ieee80211_sta *pubsta,
1505 u8 tid, bool buffered)
1121{ 1506{
1122 struct sta_info *sta = container_of(pubsta, struct sta_info, sta); 1507 struct sta_info *sta = container_of(pubsta, struct sta_info, sta);
1123 1508
1124 set_sta_flags(sta, WLAN_STA_PS_DRIVER_BUF); 1509 if (WARN_ON(tid >= STA_TID_NUM))
1125 sta_info_set_tim_bit(sta); 1510 return;
1511
1512 if (buffered)
1513 set_bit(tid, &sta->driver_buffered_tids);
1514 else
1515 clear_bit(tid, &sta->driver_buffered_tids);
1516
1517 sta_info_recalc_tim(sta);
1126} 1518}
1127EXPORT_SYMBOL(ieee80211_sta_set_tim); 1519EXPORT_SYMBOL(ieee80211_sta_set_buffered);
diff --git a/net/mac80211/sta_info.h b/net/mac80211/sta_info.h
index 56a3d38a2cd1..8c8ce05ad26f 100644
--- a/net/mac80211/sta_info.h
+++ b/net/mac80211/sta_info.h
@@ -19,7 +19,8 @@
19/** 19/**
20 * enum ieee80211_sta_info_flags - Stations flags 20 * enum ieee80211_sta_info_flags - Stations flags
21 * 21 *
22 * These flags are used with &struct sta_info's @flags member. 22 * These flags are used with &struct sta_info's @flags member, but
23 * only indirectly with set_sta_flag() and friends.
23 * 24 *
24 * @WLAN_STA_AUTH: Station is authenticated. 25 * @WLAN_STA_AUTH: Station is authenticated.
25 * @WLAN_STA_ASSOC: Station is associated. 26 * @WLAN_STA_ASSOC: Station is associated.
@@ -43,24 +44,33 @@
43 * be in the queues 44 * be in the queues
44 * @WLAN_STA_PSPOLL: Station sent PS-poll while driver was keeping 45 * @WLAN_STA_PSPOLL: Station sent PS-poll while driver was keeping
45 * station in power-save mode, reply when the driver unblocks. 46 * station in power-save mode, reply when the driver unblocks.
46 * @WLAN_STA_PS_DRIVER_BUF: Station has frames pending in driver internal 47 * @WLAN_STA_TDLS_PEER: Station is a TDLS peer.
47 * buffers. Automatically cleared on station wake-up. 48 * @WLAN_STA_TDLS_PEER_AUTH: This TDLS peer is authorized to send direct
49 * packets. This means the link is enabled.
50 * @WLAN_STA_UAPSD: Station requested unscheduled SP while driver was
51 * keeping station in power-save mode, reply when the driver
52 * unblocks the station.
53 * @WLAN_STA_SP: Station is in a service period, so don't try to
54 * reply to other uAPSD trigger frames or PS-Poll.
48 */ 55 */
49enum ieee80211_sta_info_flags { 56enum ieee80211_sta_info_flags {
50 WLAN_STA_AUTH = 1<<0, 57 WLAN_STA_AUTH,
51 WLAN_STA_ASSOC = 1<<1, 58 WLAN_STA_ASSOC,
52 WLAN_STA_PS_STA = 1<<2, 59 WLAN_STA_PS_STA,
53 WLAN_STA_AUTHORIZED = 1<<3, 60 WLAN_STA_AUTHORIZED,
54 WLAN_STA_SHORT_PREAMBLE = 1<<4, 61 WLAN_STA_SHORT_PREAMBLE,
55 WLAN_STA_ASSOC_AP = 1<<5, 62 WLAN_STA_ASSOC_AP,
56 WLAN_STA_WME = 1<<6, 63 WLAN_STA_WME,
57 WLAN_STA_WDS = 1<<7, 64 WLAN_STA_WDS,
58 WLAN_STA_CLEAR_PS_FILT = 1<<9, 65 WLAN_STA_CLEAR_PS_FILT,
59 WLAN_STA_MFP = 1<<10, 66 WLAN_STA_MFP,
60 WLAN_STA_BLOCK_BA = 1<<11, 67 WLAN_STA_BLOCK_BA,
61 WLAN_STA_PS_DRIVER = 1<<12, 68 WLAN_STA_PS_DRIVER,
62 WLAN_STA_PSPOLL = 1<<13, 69 WLAN_STA_PSPOLL,
63 WLAN_STA_PS_DRIVER_BUF = 1<<14, 70 WLAN_STA_TDLS_PEER,
71 WLAN_STA_TDLS_PEER_AUTH,
72 WLAN_STA_UAPSD,
73 WLAN_STA_SP,
64}; 74};
65 75
66#define STA_TID_NUM 16 76#define STA_TID_NUM 16
@@ -203,15 +213,16 @@ struct sta_ampdu_mlme {
203 * @last_rx_rate_flag: rx status flag of the last data packet 213 * @last_rx_rate_flag: rx status flag of the last data packet
204 * @lock: used for locking all fields that require locking, see comments 214 * @lock: used for locking all fields that require locking, see comments
205 * in the header file. 215 * in the header file.
206 * @flaglock: spinlock for flags accesses
207 * @drv_unblock_wk: used for driver PS unblocking 216 * @drv_unblock_wk: used for driver PS unblocking
208 * @listen_interval: listen interval of this station, when we're acting as AP 217 * @listen_interval: listen interval of this station, when we're acting as AP
209 * @flags: STA flags, see &enum ieee80211_sta_info_flags 218 * @_flags: STA flags, see &enum ieee80211_sta_info_flags, do not use directly
210 * @ps_tx_buf: buffer of frames to transmit to this station 219 * @ps_tx_buf: buffers (per AC) of frames to transmit to this station
211 * when it leaves power saving state 220 * when it leaves power saving state or polls
212 * @tx_filtered: buffer of frames we already tried to transmit 221 * @tx_filtered: buffers (per AC) of frames we already tried to
213 * but were filtered by hardware due to STA having entered 222 * transmit but were filtered by hardware due to STA having
214 * power saving state 223 * entered power saving state, these are also delivered to
224 * the station when it leaves powersave or polls for frames
225 * @driver_buffered_tids: bitmap of TIDs the driver has data buffered on
215 * @rx_packets: Number of MSDUs received from this STA 226 * @rx_packets: Number of MSDUs received from this STA
216 * @rx_bytes: Number of bytes received from this STA 227 * @rx_bytes: Number of bytes received from this STA
217 * @wep_weak_iv_count: number of weak WEP IVs received from this station 228 * @wep_weak_iv_count: number of weak WEP IVs received from this station
@@ -261,7 +272,6 @@ struct sta_info {
261 struct rate_control_ref *rate_ctrl; 272 struct rate_control_ref *rate_ctrl;
262 void *rate_ctrl_priv; 273 void *rate_ctrl_priv;
263 spinlock_t lock; 274 spinlock_t lock;
264 spinlock_t flaglock;
265 275
266 struct work_struct drv_unblock_wk; 276 struct work_struct drv_unblock_wk;
267 277
@@ -271,18 +281,16 @@ struct sta_info {
271 281
272 bool uploaded; 282 bool uploaded;
273 283
274 /* 284 /* use the accessors defined below */
275 * frequently updated, locked with own spinlock (flaglock), 285 unsigned long _flags;
276 * use the accessors defined below
277 */
278 u32 flags;
279 286
280 /* 287 /*
281 * STA powersave frame queues, no more than the internal 288 * STA powersave frame queues, no more than the internal
282 * locking required. 289 * locking required.
283 */ 290 */
284 struct sk_buff_head ps_tx_buf; 291 struct sk_buff_head ps_tx_buf[IEEE80211_NUM_ACS];
285 struct sk_buff_head tx_filtered; 292 struct sk_buff_head tx_filtered[IEEE80211_NUM_ACS];
293 unsigned long driver_buffered_tids;
286 294
287 /* Updated from RX path only, no locking requirements */ 295 /* Updated from RX path only, no locking requirements */
288 unsigned long rx_packets, rx_bytes; 296 unsigned long rx_packets, rx_bytes;
@@ -358,60 +366,28 @@ static inline enum nl80211_plink_state sta_plink_state(struct sta_info *sta)
358 return NL80211_PLINK_LISTEN; 366 return NL80211_PLINK_LISTEN;
359} 367}
360 368
361static inline void set_sta_flags(struct sta_info *sta, const u32 flags) 369static inline void set_sta_flag(struct sta_info *sta,
370 enum ieee80211_sta_info_flags flag)
362{ 371{
363 unsigned long irqfl; 372 set_bit(flag, &sta->_flags);
364
365 spin_lock_irqsave(&sta->flaglock, irqfl);
366 sta->flags |= flags;
367 spin_unlock_irqrestore(&sta->flaglock, irqfl);
368} 373}
369 374
370static inline void clear_sta_flags(struct sta_info *sta, const u32 flags) 375static inline void clear_sta_flag(struct sta_info *sta,
376 enum ieee80211_sta_info_flags flag)
371{ 377{
372 unsigned long irqfl; 378 clear_bit(flag, &sta->_flags);
373
374 spin_lock_irqsave(&sta->flaglock, irqfl);
375 sta->flags &= ~flags;
376 spin_unlock_irqrestore(&sta->flaglock, irqfl);
377} 379}
378 380
379static inline u32 test_sta_flags(struct sta_info *sta, const u32 flags) 381static inline int test_sta_flag(struct sta_info *sta,
382 enum ieee80211_sta_info_flags flag)
380{ 383{
381 u32 ret; 384 return test_bit(flag, &sta->_flags);
382 unsigned long irqfl;
383
384 spin_lock_irqsave(&sta->flaglock, irqfl);
385 ret = sta->flags & flags;
386 spin_unlock_irqrestore(&sta->flaglock, irqfl);
387
388 return ret;
389} 385}
390 386
391static inline u32 test_and_clear_sta_flags(struct sta_info *sta, 387static inline int test_and_clear_sta_flag(struct sta_info *sta,
392 const u32 flags) 388 enum ieee80211_sta_info_flags flag)
393{ 389{
394 u32 ret; 390 return test_and_clear_bit(flag, &sta->_flags);
395 unsigned long irqfl;
396
397 spin_lock_irqsave(&sta->flaglock, irqfl);
398 ret = sta->flags & flags;
399 sta->flags &= ~flags;
400 spin_unlock_irqrestore(&sta->flaglock, irqfl);
401
402 return ret;
403}
404
405static inline u32 get_sta_flags(struct sta_info *sta)
406{
407 u32 ret;
408 unsigned long irqfl;
409
410 spin_lock_irqsave(&sta->flaglock, irqfl);
411 ret = sta->flags;
412 spin_unlock_irqrestore(&sta->flaglock, irqfl);
413
414 return ret;
415} 391}
416 392
417void ieee80211_assign_tid_tx(struct sta_info *sta, int tid, 393void ieee80211_assign_tid_tx(struct sta_info *sta, int tid,
@@ -429,8 +405,8 @@ rcu_dereference_protected_tid_tx(struct sta_info *sta, int tid)
429#define STA_HASH(sta) (sta[5]) 405#define STA_HASH(sta) (sta[5])
430 406
431 407
432/* Maximum number of frames to buffer per power saving station */ 408/* Maximum number of frames to buffer per power saving station per AC */
433#define STA_MAX_TX_BUFFER 128 409#define STA_MAX_TX_BUFFER 64
434 410
435/* Minimum buffered frame expiry time. If STA uses listen interval that is 411/* Minimum buffered frame expiry time. If STA uses listen interval that is
436 * smaller than this value, the minimum value here is used instead. */ 412 * smaller than this value, the minimum value here is used instead. */
@@ -523,8 +499,7 @@ int sta_info_destroy_addr(struct ieee80211_sub_if_data *sdata,
523int sta_info_destroy_addr_bss(struct ieee80211_sub_if_data *sdata, 499int sta_info_destroy_addr_bss(struct ieee80211_sub_if_data *sdata,
524 const u8 *addr); 500 const u8 *addr);
525 501
526void sta_info_set_tim_bit(struct sta_info *sta); 502void sta_info_recalc_tim(struct sta_info *sta);
527void sta_info_clear_tim_bit(struct sta_info *sta);
528 503
529void sta_info_init(struct ieee80211_local *local); 504void sta_info_init(struct ieee80211_local *local);
530void sta_info_stop(struct ieee80211_local *local); 505void sta_info_stop(struct ieee80211_local *local);
@@ -535,5 +510,6 @@ void ieee80211_sta_expire(struct ieee80211_sub_if_data *sdata,
535 510
536void ieee80211_sta_ps_deliver_wakeup(struct sta_info *sta); 511void ieee80211_sta_ps_deliver_wakeup(struct sta_info *sta);
537void ieee80211_sta_ps_deliver_poll_response(struct sta_info *sta); 512void ieee80211_sta_ps_deliver_poll_response(struct sta_info *sta);
513void ieee80211_sta_ps_deliver_uapsd(struct sta_info *sta);
538 514
539#endif /* STA_INFO_H */ 515#endif /* STA_INFO_H */
diff --git a/net/mac80211/status.c b/net/mac80211/status.c
index d50358c45ab0..df643cedf9b9 100644
--- a/net/mac80211/status.c
+++ b/net/mac80211/status.c
@@ -14,6 +14,7 @@
14#include "rate.h" 14#include "rate.h"
15#include "mesh.h" 15#include "mesh.h"
16#include "led.h" 16#include "led.h"
17#include "wme.h"
17 18
18 19
19void ieee80211_tx_status_irqsafe(struct ieee80211_hw *hw, 20void ieee80211_tx_status_irqsafe(struct ieee80211_hw *hw,
@@ -43,6 +44,8 @@ static void ieee80211_handle_filtered_frame(struct ieee80211_local *local,
43 struct sk_buff *skb) 44 struct sk_buff *skb)
44{ 45{
45 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 46 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
47 struct ieee80211_hdr *hdr = (void *)skb->data;
48 int ac;
46 49
47 /* 50 /*
48 * This skb 'survived' a round-trip through the driver, and 51 * This skb 'survived' a round-trip through the driver, and
@@ -63,11 +66,37 @@ static void ieee80211_handle_filtered_frame(struct ieee80211_local *local,
63 sta->tx_filtered_count++; 66 sta->tx_filtered_count++;
64 67
65 /* 68 /*
69 * Clear more-data bit on filtered frames, it might be set
70 * but later frames might time out so it might have to be
71 * clear again ... It's all rather unlikely (this frame
72 * should time out first, right?) but let's not confuse
73 * peers unnecessarily.
74 */
75 if (hdr->frame_control & cpu_to_le16(IEEE80211_FCTL_MOREDATA))
76 hdr->frame_control &= ~cpu_to_le16(IEEE80211_FCTL_MOREDATA);
77
78 if (ieee80211_is_data_qos(hdr->frame_control)) {
79 u8 *p = ieee80211_get_qos_ctl(hdr);
80 int tid = *p & IEEE80211_QOS_CTL_TID_MASK;
81
82 /*
83 * Clear EOSP if set, this could happen e.g.
84 * if an absence period (us being a P2P GO)
85 * shortens the SP.
86 */
87 if (*p & IEEE80211_QOS_CTL_EOSP)
88 *p &= ~IEEE80211_QOS_CTL_EOSP;
89 ac = ieee802_1d_to_ac[tid & 7];
90 } else {
91 ac = IEEE80211_AC_BE;
92 }
93
94 /*
66 * Clear the TX filter mask for this STA when sending the next 95 * Clear the TX filter mask for this STA when sending the next
67 * packet. If the STA went to power save mode, this will happen 96 * packet. If the STA went to power save mode, this will happen
68 * when it wakes up for the next time. 97 * when it wakes up for the next time.
69 */ 98 */
70 set_sta_flags(sta, WLAN_STA_CLEAR_PS_FILT); 99 set_sta_flag(sta, WLAN_STA_CLEAR_PS_FILT);
71 100
72 /* 101 /*
73 * This code races in the following way: 102 * This code races in the following way:
@@ -103,13 +132,19 @@ static void ieee80211_handle_filtered_frame(struct ieee80211_local *local,
103 * changes before calling TX status events if ordering can be 132 * changes before calling TX status events if ordering can be
104 * unknown. 133 * unknown.
105 */ 134 */
106 if (test_sta_flags(sta, WLAN_STA_PS_STA) && 135 if (test_sta_flag(sta, WLAN_STA_PS_STA) &&
107 skb_queue_len(&sta->tx_filtered) < STA_MAX_TX_BUFFER) { 136 skb_queue_len(&sta->tx_filtered[ac]) < STA_MAX_TX_BUFFER) {
108 skb_queue_tail(&sta->tx_filtered, skb); 137 skb_queue_tail(&sta->tx_filtered[ac], skb);
138 sta_info_recalc_tim(sta);
139
140 if (!timer_pending(&local->sta_cleanup))
141 mod_timer(&local->sta_cleanup,
142 round_jiffies(jiffies +
143 STA_INFO_CLEANUP_INTERVAL));
109 return; 144 return;
110 } 145 }
111 146
112 if (!test_sta_flags(sta, WLAN_STA_PS_STA) && 147 if (!test_sta_flag(sta, WLAN_STA_PS_STA) &&
113 !(info->flags & IEEE80211_TX_INTFL_RETRIED)) { 148 !(info->flags & IEEE80211_TX_INTFL_RETRIED)) {
114 /* Software retry the packet once */ 149 /* Software retry the packet once */
115 info->flags |= IEEE80211_TX_INTFL_RETRIED; 150 info->flags |= IEEE80211_TX_INTFL_RETRIED;
@@ -121,8 +156,8 @@ static void ieee80211_handle_filtered_frame(struct ieee80211_local *local,
121 if (net_ratelimit()) 156 if (net_ratelimit())
122 wiphy_debug(local->hw.wiphy, 157 wiphy_debug(local->hw.wiphy,
123 "dropped TX filtered frame, queue_len=%d PS=%d @%lu\n", 158 "dropped TX filtered frame, queue_len=%d PS=%d @%lu\n",
124 skb_queue_len(&sta->tx_filtered), 159 skb_queue_len(&sta->tx_filtered[ac]),
125 !!test_sta_flags(sta, WLAN_STA_PS_STA), jiffies); 160 !!test_sta_flag(sta, WLAN_STA_PS_STA), jiffies);
126#endif 161#endif
127 dev_kfree_skb(skb); 162 dev_kfree_skb(skb);
128} 163}
@@ -193,6 +228,102 @@ static void ieee80211_set_bar_pending(struct sta_info *sta, u8 tid, u16 ssn)
193 tid_tx->bar_pending = true; 228 tid_tx->bar_pending = true;
194} 229}
195 230
231static int ieee80211_tx_radiotap_len(struct ieee80211_tx_info *info)
232{
233 int len = sizeof(struct ieee80211_radiotap_header);
234
235 /* IEEE80211_RADIOTAP_RATE rate */
236 if (info->status.rates[0].idx >= 0 &&
237 !(info->status.rates[0].flags & IEEE80211_TX_RC_MCS))
238 len += 2;
239
240 /* IEEE80211_RADIOTAP_TX_FLAGS */
241 len += 2;
242
243 /* IEEE80211_RADIOTAP_DATA_RETRIES */
244 len += 1;
245
246 /* IEEE80211_TX_RC_MCS */
247 if (info->status.rates[0].idx >= 0 &&
248 info->status.rates[0].flags & IEEE80211_TX_RC_MCS)
249 len += 3;
250
251 return len;
252}
253
254static void ieee80211_add_tx_radiotap_header(struct ieee80211_supported_band
255 *sband, struct sk_buff *skb,
256 int retry_count, int rtap_len)
257{
258 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
259 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
260 struct ieee80211_radiotap_header *rthdr;
261 unsigned char *pos;
262 __le16 txflags;
263
264 rthdr = (struct ieee80211_radiotap_header *) skb_push(skb, rtap_len);
265
266 memset(rthdr, 0, rtap_len);
267 rthdr->it_len = cpu_to_le16(rtap_len);
268 rthdr->it_present =
269 cpu_to_le32((1 << IEEE80211_RADIOTAP_TX_FLAGS) |
270 (1 << IEEE80211_RADIOTAP_DATA_RETRIES));
271 pos = (unsigned char *)(rthdr + 1);
272
273 /*
274 * XXX: Once radiotap gets the bitmap reset thing the vendor
275 * extensions proposal contains, we can actually report
276 * the whole set of tries we did.
277 */
278
279 /* IEEE80211_RADIOTAP_RATE */
280 if (info->status.rates[0].idx >= 0 &&
281 !(info->status.rates[0].flags & IEEE80211_TX_RC_MCS)) {
282 rthdr->it_present |= cpu_to_le32(1 << IEEE80211_RADIOTAP_RATE);
283 *pos = sband->bitrates[info->status.rates[0].idx].bitrate / 5;
284 /* padding for tx flags */
285 pos += 2;
286 }
287
288 /* IEEE80211_RADIOTAP_TX_FLAGS */
289 txflags = 0;
290 if (!(info->flags & IEEE80211_TX_STAT_ACK) &&
291 !is_multicast_ether_addr(hdr->addr1))
292 txflags |= cpu_to_le16(IEEE80211_RADIOTAP_F_TX_FAIL);
293
294 if ((info->status.rates[0].flags & IEEE80211_TX_RC_USE_RTS_CTS) ||
295 (info->status.rates[0].flags & IEEE80211_TX_RC_USE_CTS_PROTECT))
296 txflags |= cpu_to_le16(IEEE80211_RADIOTAP_F_TX_CTS);
297 else if (info->status.rates[0].flags & IEEE80211_TX_RC_USE_RTS_CTS)
298 txflags |= cpu_to_le16(IEEE80211_RADIOTAP_F_TX_RTS);
299
300 put_unaligned_le16(txflags, pos);
301 pos += 2;
302
303 /* IEEE80211_RADIOTAP_DATA_RETRIES */
304 /* for now report the total retry_count */
305 *pos = retry_count;
306 pos++;
307
308 /* IEEE80211_TX_RC_MCS */
309 if (info->status.rates[0].idx >= 0 &&
310 info->status.rates[0].flags & IEEE80211_TX_RC_MCS) {
311 rthdr->it_present |= cpu_to_le32(1 << IEEE80211_RADIOTAP_MCS);
312 pos[0] = IEEE80211_RADIOTAP_MCS_HAVE_MCS |
313 IEEE80211_RADIOTAP_MCS_HAVE_GI |
314 IEEE80211_RADIOTAP_MCS_HAVE_BW;
315 if (info->status.rates[0].flags & IEEE80211_TX_RC_SHORT_GI)
316 pos[1] |= IEEE80211_RADIOTAP_MCS_SGI;
317 if (info->status.rates[0].flags & IEEE80211_TX_RC_40_MHZ_WIDTH)
318 pos[1] |= IEEE80211_RADIOTAP_MCS_BW_40;
319 if (info->status.rates[0].flags & IEEE80211_TX_RC_GREEN_FIELD)
320 pos[1] |= IEEE80211_RADIOTAP_MCS_FMT_GF;
321 pos[2] = info->status.rates[0].idx;
322 pos += 3;
323 }
324
325}
326
196/* 327/*
197 * Use a static threshold for now, best value to be determined 328 * Use a static threshold for now, best value to be determined
198 * by testing ... 329 * by testing ...
@@ -211,7 +342,6 @@ void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb)
211 u16 frag, type; 342 u16 frag, type;
212 __le16 fc; 343 __le16 fc;
213 struct ieee80211_supported_band *sband; 344 struct ieee80211_supported_band *sband;
214 struct ieee80211_tx_status_rtap_hdr *rthdr;
215 struct ieee80211_sub_if_data *sdata; 345 struct ieee80211_sub_if_data *sdata;
216 struct net_device *prev_dev = NULL; 346 struct net_device *prev_dev = NULL;
217 struct sta_info *sta, *tmp; 347 struct sta_info *sta, *tmp;
@@ -221,6 +351,7 @@ void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb)
221 bool acked; 351 bool acked;
222 struct ieee80211_bar *bar; 352 struct ieee80211_bar *bar;
223 u16 tid; 353 u16 tid;
354 int rtap_len;
224 355
225 for (i = 0; i < IEEE80211_TX_MAX_RATES; i++) { 356 for (i = 0; i < IEEE80211_TX_MAX_RATES; i++) {
226 if (info->status.rates[i].idx < 0) { 357 if (info->status.rates[i].idx < 0) {
@@ -249,8 +380,11 @@ void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb)
249 if (memcmp(hdr->addr2, sta->sdata->vif.addr, ETH_ALEN)) 380 if (memcmp(hdr->addr2, sta->sdata->vif.addr, ETH_ALEN))
250 continue; 381 continue;
251 382
383 if (info->flags & IEEE80211_TX_STATUS_EOSP)
384 clear_sta_flag(sta, WLAN_STA_SP);
385
252 acked = !!(info->flags & IEEE80211_TX_STAT_ACK); 386 acked = !!(info->flags & IEEE80211_TX_STAT_ACK);
253 if (!acked && test_sta_flags(sta, WLAN_STA_PS_STA)) { 387 if (!acked && test_sta_flag(sta, WLAN_STA_PS_STA)) {
254 /* 388 /*
255 * The STA is in power save mode, so assume 389 * The STA is in power save mode, so assume
256 * that this TX packet failed because of that. 390 * that this TX packet failed because of that.
@@ -391,7 +525,7 @@ void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb)
391 continue; 525 continue;
392 if (wk->offchan_tx.frame != skb) 526 if (wk->offchan_tx.frame != skb)
393 continue; 527 continue;
394 wk->offchan_tx.frame = NULL; 528 wk->offchan_tx.status = true;
395 break; 529 break;
396 } 530 }
397 rcu_read_unlock(); 531 rcu_read_unlock();
@@ -422,44 +556,13 @@ void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb)
422 } 556 }
423 557
424 /* send frame to monitor interfaces now */ 558 /* send frame to monitor interfaces now */
425 559 rtap_len = ieee80211_tx_radiotap_len(info);
426 if (skb_headroom(skb) < sizeof(*rthdr)) { 560 if (WARN_ON_ONCE(skb_headroom(skb) < rtap_len)) {
427 printk(KERN_ERR "ieee80211_tx_status: headroom too small\n"); 561 printk(KERN_ERR "ieee80211_tx_status: headroom too small\n");
428 dev_kfree_skb(skb); 562 dev_kfree_skb(skb);
429 return; 563 return;
430 } 564 }
431 565 ieee80211_add_tx_radiotap_header(sband, skb, retry_count, rtap_len);
432 rthdr = (struct ieee80211_tx_status_rtap_hdr *)
433 skb_push(skb, sizeof(*rthdr));
434
435 memset(rthdr, 0, sizeof(*rthdr));
436 rthdr->hdr.it_len = cpu_to_le16(sizeof(*rthdr));
437 rthdr->hdr.it_present =
438 cpu_to_le32((1 << IEEE80211_RADIOTAP_TX_FLAGS) |
439 (1 << IEEE80211_RADIOTAP_DATA_RETRIES) |
440 (1 << IEEE80211_RADIOTAP_RATE));
441
442 if (!(info->flags & IEEE80211_TX_STAT_ACK) &&
443 !is_multicast_ether_addr(hdr->addr1))
444 rthdr->tx_flags |= cpu_to_le16(IEEE80211_RADIOTAP_F_TX_FAIL);
445
446 /*
447 * XXX: Once radiotap gets the bitmap reset thing the vendor
448 * extensions proposal contains, we can actually report
449 * the whole set of tries we did.
450 */
451 if ((info->status.rates[0].flags & IEEE80211_TX_RC_USE_RTS_CTS) ||
452 (info->status.rates[0].flags & IEEE80211_TX_RC_USE_CTS_PROTECT))
453 rthdr->tx_flags |= cpu_to_le16(IEEE80211_RADIOTAP_F_TX_CTS);
454 else if (info->status.rates[0].flags & IEEE80211_TX_RC_USE_RTS_CTS)
455 rthdr->tx_flags |= cpu_to_le16(IEEE80211_RADIOTAP_F_TX_RTS);
456 if (info->status.rates[0].idx >= 0 &&
457 !(info->status.rates[0].flags & IEEE80211_TX_RC_MCS))
458 rthdr->rate = sband->bitrates[
459 info->status.rates[0].idx].bitrate / 5;
460
461 /* for now report the total retry_count */
462 rthdr->data_retries = retry_count;
463 566
464 /* XXX: is this sufficient for BPF? */ 567 /* XXX: is this sufficient for BPF? */
465 skb_set_mac_header(skb, 0); 568 skb_set_mac_header(skb, 0);
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index 7cd6c28968b2..a543d26058db 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -253,7 +253,7 @@ ieee80211_tx_h_check_assoc(struct ieee80211_tx_data *tx)
253 253
254 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data; 254 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
255 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb); 255 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
256 u32 sta_flags; 256 bool assoc = false;
257 257
258 if (unlikely(info->flags & IEEE80211_TX_CTL_INJECTED)) 258 if (unlikely(info->flags & IEEE80211_TX_CTL_INJECTED))
259 return TX_CONTINUE; 259 return TX_CONTINUE;
@@ -284,10 +284,11 @@ ieee80211_tx_h_check_assoc(struct ieee80211_tx_data *tx)
284 if (tx->flags & IEEE80211_TX_PS_BUFFERED) 284 if (tx->flags & IEEE80211_TX_PS_BUFFERED)
285 return TX_CONTINUE; 285 return TX_CONTINUE;
286 286
287 sta_flags = tx->sta ? get_sta_flags(tx->sta) : 0; 287 if (tx->sta)
288 assoc = test_sta_flag(tx->sta, WLAN_STA_ASSOC);
288 289
289 if (likely(tx->flags & IEEE80211_TX_UNICAST)) { 290 if (likely(tx->flags & IEEE80211_TX_UNICAST)) {
290 if (unlikely(!(sta_flags & WLAN_STA_ASSOC) && 291 if (unlikely(!assoc &&
291 tx->sdata->vif.type != NL80211_IFTYPE_ADHOC && 292 tx->sdata->vif.type != NL80211_IFTYPE_ADHOC &&
292 ieee80211_is_data(hdr->frame_control))) { 293 ieee80211_is_data(hdr->frame_control))) {
293#ifdef CONFIG_MAC80211_VERBOSE_DEBUG 294#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
@@ -343,13 +344,22 @@ static void purge_old_ps_buffers(struct ieee80211_local *local)
343 total += skb_queue_len(&ap->ps_bc_buf); 344 total += skb_queue_len(&ap->ps_bc_buf);
344 } 345 }
345 346
347 /*
348 * Drop one frame from each station from the lowest-priority
349 * AC that has frames at all.
350 */
346 list_for_each_entry_rcu(sta, &local->sta_list, list) { 351 list_for_each_entry_rcu(sta, &local->sta_list, list) {
347 skb = skb_dequeue(&sta->ps_tx_buf); 352 int ac;
348 if (skb) { 353
349 purged++; 354 for (ac = IEEE80211_AC_BK; ac >= IEEE80211_AC_VO; ac--) {
350 dev_kfree_skb(skb); 355 skb = skb_dequeue(&sta->ps_tx_buf[ac]);
356 total += skb_queue_len(&sta->ps_tx_buf[ac]);
357 if (skb) {
358 purged++;
359 dev_kfree_skb(skb);
360 break;
361 }
351 } 362 }
352 total += skb_queue_len(&sta->ps_tx_buf);
353 } 363 }
354 364
355 rcu_read_unlock(); 365 rcu_read_unlock();
@@ -418,7 +428,7 @@ static int ieee80211_use_mfp(__le16 fc, struct sta_info *sta,
418 if (!ieee80211_is_mgmt(fc)) 428 if (!ieee80211_is_mgmt(fc))
419 return 0; 429 return 0;
420 430
421 if (sta == NULL || !test_sta_flags(sta, WLAN_STA_MFP)) 431 if (sta == NULL || !test_sta_flag(sta, WLAN_STA_MFP))
422 return 0; 432 return 0;
423 433
424 if (!ieee80211_is_robust_mgmt_frame((struct ieee80211_hdr *) 434 if (!ieee80211_is_robust_mgmt_frame((struct ieee80211_hdr *)
@@ -435,7 +445,6 @@ ieee80211_tx_h_unicast_ps_buf(struct ieee80211_tx_data *tx)
435 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb); 445 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
436 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data; 446 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
437 struct ieee80211_local *local = tx->local; 447 struct ieee80211_local *local = tx->local;
438 u32 staflags;
439 448
440 if (unlikely(!sta || 449 if (unlikely(!sta ||
441 ieee80211_is_probe_resp(hdr->frame_control) || 450 ieee80211_is_probe_resp(hdr->frame_control) ||
@@ -444,57 +453,52 @@ ieee80211_tx_h_unicast_ps_buf(struct ieee80211_tx_data *tx)
444 ieee80211_is_reassoc_resp(hdr->frame_control))) 453 ieee80211_is_reassoc_resp(hdr->frame_control)))
445 return TX_CONTINUE; 454 return TX_CONTINUE;
446 455
447 staflags = get_sta_flags(sta); 456 if (unlikely((test_sta_flag(sta, WLAN_STA_PS_STA) ||
457 test_sta_flag(sta, WLAN_STA_PS_DRIVER)) &&
458 !(info->flags & IEEE80211_TX_CTL_POLL_RESPONSE))) {
459 int ac = skb_get_queue_mapping(tx->skb);
448 460
449 if (unlikely((staflags & (WLAN_STA_PS_STA | WLAN_STA_PS_DRIVER)) &&
450 !(info->flags & IEEE80211_TX_CTL_PSPOLL_RESPONSE))) {
451#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG 461#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
452 printk(KERN_DEBUG "STA %pM aid %d: PS buffer (entries " 462 printk(KERN_DEBUG "STA %pM aid %d: PS buffer for AC %d\n",
453 "before %d)\n", 463 sta->sta.addr, sta->sta.aid, ac);
454 sta->sta.addr, sta->sta.aid,
455 skb_queue_len(&sta->ps_tx_buf));
456#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */ 464#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
457 if (tx->local->total_ps_buffered >= TOTAL_MAX_TX_BUFFER) 465 if (tx->local->total_ps_buffered >= TOTAL_MAX_TX_BUFFER)
458 purge_old_ps_buffers(tx->local); 466 purge_old_ps_buffers(tx->local);
459 if (skb_queue_len(&sta->ps_tx_buf) >= STA_MAX_TX_BUFFER) { 467 if (skb_queue_len(&sta->ps_tx_buf[ac]) >= STA_MAX_TX_BUFFER) {
460 struct sk_buff *old = skb_dequeue(&sta->ps_tx_buf); 468 struct sk_buff *old = skb_dequeue(&sta->ps_tx_buf[ac]);
461#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG 469#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
462 if (net_ratelimit()) { 470 if (net_ratelimit())
463 printk(KERN_DEBUG "%s: STA %pM TX " 471 printk(KERN_DEBUG "%s: STA %pM TX buffer for "
464 "buffer full - dropping oldest frame\n", 472 "AC %d full - dropping oldest frame\n",
465 tx->sdata->name, sta->sta.addr); 473 tx->sdata->name, sta->sta.addr, ac);
466 }
467#endif 474#endif
468 dev_kfree_skb(old); 475 dev_kfree_skb(old);
469 } else 476 } else
470 tx->local->total_ps_buffered++; 477 tx->local->total_ps_buffered++;
471 478
472 /*
473 * Queue frame to be sent after STA wakes up/polls,
474 * but don't set the TIM bit if the driver is blocking
475 * wakeup or poll response transmissions anyway.
476 */
477 if (skb_queue_empty(&sta->ps_tx_buf) &&
478 !(staflags & WLAN_STA_PS_DRIVER))
479 sta_info_set_tim_bit(sta);
480
481 info->control.jiffies = jiffies; 479 info->control.jiffies = jiffies;
482 info->control.vif = &tx->sdata->vif; 480 info->control.vif = &tx->sdata->vif;
483 info->flags |= IEEE80211_TX_INTFL_NEED_TXPROCESSING; 481 info->flags |= IEEE80211_TX_INTFL_NEED_TXPROCESSING;
484 skb_queue_tail(&sta->ps_tx_buf, tx->skb); 482 skb_queue_tail(&sta->ps_tx_buf[ac], tx->skb);
485 483
486 if (!timer_pending(&local->sta_cleanup)) 484 if (!timer_pending(&local->sta_cleanup))
487 mod_timer(&local->sta_cleanup, 485 mod_timer(&local->sta_cleanup,
488 round_jiffies(jiffies + 486 round_jiffies(jiffies +
489 STA_INFO_CLEANUP_INTERVAL)); 487 STA_INFO_CLEANUP_INTERVAL));
490 488
489 /*
490 * We queued up some frames, so the TIM bit might
491 * need to be set, recalculate it.
492 */
493 sta_info_recalc_tim(sta);
494
491 return TX_QUEUED; 495 return TX_QUEUED;
492 } 496 }
493#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG 497#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
494 else if (unlikely(staflags & WLAN_STA_PS_STA)) { 498 else if (unlikely(test_sta_flag(sta, WLAN_STA_PS_STA))) {
495 printk(KERN_DEBUG "%s: STA %pM in PS mode, but pspoll " 499 printk(KERN_DEBUG
496 "set -> send frame\n", tx->sdata->name, 500 "%s: STA %pM in PS mode, but polling/in SP -> send frame\n",
497 sta->sta.addr); 501 tx->sdata->name, sta->sta.addr);
498 } 502 }
499#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */ 503#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
500 504
@@ -552,7 +556,7 @@ ieee80211_tx_h_select_key(struct ieee80211_tx_data *tx)
552 !(info->flags & IEEE80211_TX_CTL_INJECTED) && 556 !(info->flags & IEEE80211_TX_CTL_INJECTED) &&
553 (!ieee80211_is_robust_mgmt_frame(hdr) || 557 (!ieee80211_is_robust_mgmt_frame(hdr) ||
554 (ieee80211_is_action(hdr->frame_control) && 558 (ieee80211_is_action(hdr->frame_control) &&
555 tx->sta && test_sta_flags(tx->sta, WLAN_STA_MFP)))) { 559 tx->sta && test_sta_flag(tx->sta, WLAN_STA_MFP)))) {
556 I802_DEBUG_INC(tx->local->tx_handlers_drop_unencrypted); 560 I802_DEBUG_INC(tx->local->tx_handlers_drop_unencrypted);
557 return TX_DROP; 561 return TX_DROP;
558 } else 562 } else
@@ -611,7 +615,7 @@ ieee80211_tx_h_rate_ctrl(struct ieee80211_tx_data *tx)
611 u32 len; 615 u32 len;
612 bool inval = false, rts = false, short_preamble = false; 616 bool inval = false, rts = false, short_preamble = false;
613 struct ieee80211_tx_rate_control txrc; 617 struct ieee80211_tx_rate_control txrc;
614 u32 sta_flags; 618 bool assoc = false;
615 619
616 memset(&txrc, 0, sizeof(txrc)); 620 memset(&txrc, 0, sizeof(txrc));
617 621
@@ -647,17 +651,17 @@ ieee80211_tx_h_rate_ctrl(struct ieee80211_tx_data *tx)
647 */ 651 */
648 if (tx->sdata->vif.bss_conf.use_short_preamble && 652 if (tx->sdata->vif.bss_conf.use_short_preamble &&
649 (ieee80211_is_data(hdr->frame_control) || 653 (ieee80211_is_data(hdr->frame_control) ||
650 (tx->sta && test_sta_flags(tx->sta, WLAN_STA_SHORT_PREAMBLE)))) 654 (tx->sta && test_sta_flag(tx->sta, WLAN_STA_SHORT_PREAMBLE))))
651 txrc.short_preamble = short_preamble = true; 655 txrc.short_preamble = short_preamble = true;
652 656
653 sta_flags = tx->sta ? get_sta_flags(tx->sta) : 0; 657 if (tx->sta)
658 assoc = test_sta_flag(tx->sta, WLAN_STA_ASSOC);
654 659
655 /* 660 /*
656 * Lets not bother rate control if we're associated and cannot 661 * Lets not bother rate control if we're associated and cannot
657 * talk to the sta. This should not happen. 662 * talk to the sta. This should not happen.
658 */ 663 */
659 if (WARN(test_bit(SCAN_SW_SCANNING, &tx->local->scanning) && 664 if (WARN(test_bit(SCAN_SW_SCANNING, &tx->local->scanning) && assoc &&
660 (sta_flags & WLAN_STA_ASSOC) &&
661 !rate_usable_index_exists(sband, &tx->sta->sta), 665 !rate_usable_index_exists(sband, &tx->sta->sta),
662 "%s: Dropped data frame as no usable bitrate found while " 666 "%s: Dropped data frame as no usable bitrate found while "
663 "scanning and associated. Target station: " 667 "scanning and associated. Target station: "
@@ -800,6 +804,9 @@ ieee80211_tx_h_sequence(struct ieee80211_tx_data *tx)
800 if (ieee80211_hdrlen(hdr->frame_control) < 24) 804 if (ieee80211_hdrlen(hdr->frame_control) < 24)
801 return TX_CONTINUE; 805 return TX_CONTINUE;
802 806
807 if (ieee80211_is_qos_nullfunc(hdr->frame_control))
808 return TX_CONTINUE;
809
803 /* 810 /*
804 * Anything but QoS data that has a sequence number field 811 * Anything but QoS data that has a sequence number field
805 * (is long enough) gets a sequence number from the global 812 * (is long enough) gets a sequence number from the global
@@ -891,7 +898,10 @@ ieee80211_tx_h_fragment(struct ieee80211_tx_data *tx)
891 int hdrlen; 898 int hdrlen;
892 int fragnum; 899 int fragnum;
893 900
894 if (!(tx->flags & IEEE80211_TX_FRAGMENTED)) 901 if (info->flags & IEEE80211_TX_CTL_DONTFRAG)
902 return TX_CONTINUE;
903
904 if (tx->local->ops->set_frag_threshold)
895 return TX_CONTINUE; 905 return TX_CONTINUE;
896 906
897 /* 907 /*
@@ -904,7 +914,7 @@ ieee80211_tx_h_fragment(struct ieee80211_tx_data *tx)
904 914
905 hdrlen = ieee80211_hdrlen(hdr->frame_control); 915 hdrlen = ieee80211_hdrlen(hdr->frame_control);
906 916
907 /* internal error, why is TX_FRAGMENTED set? */ 917 /* internal error, why isn't DONTFRAG set? */
908 if (WARN_ON(skb->len + FCS_LEN <= frag_threshold)) 918 if (WARN_ON(skb->len + FCS_LEN <= frag_threshold))
909 return TX_DROP; 919 return TX_DROP;
910 920
@@ -1025,100 +1035,6 @@ ieee80211_tx_h_calculate_duration(struct ieee80211_tx_data *tx)
1025 1035
1026/* actual transmit path */ 1036/* actual transmit path */
1027 1037
1028/*
1029 * deal with packet injection down monitor interface
1030 * with Radiotap Header -- only called for monitor mode interface
1031 */
1032static bool __ieee80211_parse_tx_radiotap(struct ieee80211_tx_data *tx,
1033 struct sk_buff *skb)
1034{
1035 /*
1036 * this is the moment to interpret and discard the radiotap header that
1037 * must be at the start of the packet injected in Monitor mode
1038 *
1039 * Need to take some care with endian-ness since radiotap
1040 * args are little-endian
1041 */
1042
1043 struct ieee80211_radiotap_iterator iterator;
1044 struct ieee80211_radiotap_header *rthdr =
1045 (struct ieee80211_radiotap_header *) skb->data;
1046 bool hw_frag;
1047 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1048 int ret = ieee80211_radiotap_iterator_init(&iterator, rthdr, skb->len,
1049 NULL);
1050
1051 info->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
1052 tx->flags &= ~IEEE80211_TX_FRAGMENTED;
1053
1054 /* packet is fragmented in HW if we have a non-NULL driver callback */
1055 hw_frag = (tx->local->ops->set_frag_threshold != NULL);
1056
1057 /*
1058 * for every radiotap entry that is present
1059 * (ieee80211_radiotap_iterator_next returns -ENOENT when no more
1060 * entries present, or -EINVAL on error)
1061 */
1062
1063 while (!ret) {
1064 ret = ieee80211_radiotap_iterator_next(&iterator);
1065
1066 if (ret)
1067 continue;
1068
1069 /* see if this argument is something we can use */
1070 switch (iterator.this_arg_index) {
1071 /*
1072 * You must take care when dereferencing iterator.this_arg
1073 * for multibyte types... the pointer is not aligned. Use
1074 * get_unaligned((type *)iterator.this_arg) to dereference
1075 * iterator.this_arg for type "type" safely on all arches.
1076 */
1077 case IEEE80211_RADIOTAP_FLAGS:
1078 if (*iterator.this_arg & IEEE80211_RADIOTAP_F_FCS) {
1079 /*
1080 * this indicates that the skb we have been
1081 * handed has the 32-bit FCS CRC at the end...
1082 * we should react to that by snipping it off
1083 * because it will be recomputed and added
1084 * on transmission
1085 */
1086 if (skb->len < (iterator._max_length + FCS_LEN))
1087 return false;
1088
1089 skb_trim(skb, skb->len - FCS_LEN);
1090 }
1091 if (*iterator.this_arg & IEEE80211_RADIOTAP_F_WEP)
1092 info->flags &= ~IEEE80211_TX_INTFL_DONT_ENCRYPT;
1093 if ((*iterator.this_arg & IEEE80211_RADIOTAP_F_FRAG) &&
1094 !hw_frag)
1095 tx->flags |= IEEE80211_TX_FRAGMENTED;
1096 break;
1097
1098 /*
1099 * Please update the file
1100 * Documentation/networking/mac80211-injection.txt
1101 * when parsing new fields here.
1102 */
1103
1104 default:
1105 break;
1106 }
1107 }
1108
1109 if (ret != -ENOENT) /* ie, if we didn't simply run out of fields */
1110 return false;
1111
1112 /*
1113 * remove the radiotap header
1114 * iterator->_max_length was sanity-checked against
1115 * skb->len by iterator init
1116 */
1117 skb_pull(skb, iterator._max_length);
1118
1119 return true;
1120}
1121
1122static bool ieee80211_tx_prep_agg(struct ieee80211_tx_data *tx, 1038static bool ieee80211_tx_prep_agg(struct ieee80211_tx_data *tx,
1123 struct sk_buff *skb, 1039 struct sk_buff *skb,
1124 struct ieee80211_tx_info *info, 1040 struct ieee80211_tx_info *info,
@@ -1183,7 +1099,7 @@ ieee80211_tx_prepare(struct ieee80211_sub_if_data *sdata,
1183 struct ieee80211_local *local = sdata->local; 1099 struct ieee80211_local *local = sdata->local;
1184 struct ieee80211_hdr *hdr; 1100 struct ieee80211_hdr *hdr;
1185 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 1101 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1186 int hdrlen, tid; 1102 int tid;
1187 u8 *qc; 1103 u8 *qc;
1188 1104
1189 memset(tx, 0, sizeof(*tx)); 1105 memset(tx, 0, sizeof(*tx));
@@ -1191,26 +1107,6 @@ ieee80211_tx_prepare(struct ieee80211_sub_if_data *sdata,
1191 tx->local = local; 1107 tx->local = local;
1192 tx->sdata = sdata; 1108 tx->sdata = sdata;
1193 tx->channel = local->hw.conf.channel; 1109 tx->channel = local->hw.conf.channel;
1194 /*
1195 * Set this flag (used below to indicate "automatic fragmentation"),
1196 * it will be cleared/left by radiotap as desired.
1197 * Only valid when fragmentation is done by the stack.
1198 */
1199 if (!local->ops->set_frag_threshold)
1200 tx->flags |= IEEE80211_TX_FRAGMENTED;
1201
1202 /* process and remove the injection radiotap header */
1203 if (unlikely(info->flags & IEEE80211_TX_INTFL_HAS_RADIOTAP)) {
1204 if (!__ieee80211_parse_tx_radiotap(tx, skb))
1205 return TX_DROP;
1206
1207 /*
1208 * __ieee80211_parse_tx_radiotap has now removed
1209 * the radiotap header that was present and pre-filled
1210 * 'tx' with tx control information.
1211 */
1212 info->flags &= ~IEEE80211_TX_INTFL_HAS_RADIOTAP;
1213 }
1214 1110
1215 /* 1111 /*
1216 * If this flag is set to true anywhere, and we get here, 1112 * If this flag is set to true anywhere, and we get here,
@@ -1232,6 +1128,7 @@ ieee80211_tx_prepare(struct ieee80211_sub_if_data *sdata,
1232 tx->sta = sta_info_get(sdata, hdr->addr1); 1128 tx->sta = sta_info_get(sdata, hdr->addr1);
1233 1129
1234 if (tx->sta && ieee80211_is_data_qos(hdr->frame_control) && 1130 if (tx->sta && ieee80211_is_data_qos(hdr->frame_control) &&
1131 !ieee80211_is_qos_nullfunc(hdr->frame_control) &&
1235 (local->hw.flags & IEEE80211_HW_AMPDU_AGGREGATION) && 1132 (local->hw.flags & IEEE80211_HW_AMPDU_AGGREGATION) &&
1236 !(local->hw.flags & IEEE80211_HW_TX_AMPDU_SETUP_IN_HW)) { 1133 !(local->hw.flags & IEEE80211_HW_TX_AMPDU_SETUP_IN_HW)) {
1237 struct tid_ampdu_tx *tid_tx; 1134 struct tid_ampdu_tx *tid_tx;
@@ -1258,29 +1155,25 @@ ieee80211_tx_prepare(struct ieee80211_sub_if_data *sdata,
1258 tx->flags |= IEEE80211_TX_UNICAST; 1155 tx->flags |= IEEE80211_TX_UNICAST;
1259 if (unlikely(local->wifi_wme_noack_test)) 1156 if (unlikely(local->wifi_wme_noack_test))
1260 info->flags |= IEEE80211_TX_CTL_NO_ACK; 1157 info->flags |= IEEE80211_TX_CTL_NO_ACK;
1261 else 1158 /*
1262 info->flags &= ~IEEE80211_TX_CTL_NO_ACK; 1159 * Flags are initialized to 0. Hence, no need to
1160 * explicitly unset IEEE80211_TX_CTL_NO_ACK since
1161 * it might already be set for injected frames.
1162 */
1263 } 1163 }
1264 1164
1265 if (tx->flags & IEEE80211_TX_FRAGMENTED) { 1165 if (!(info->flags & IEEE80211_TX_CTL_DONTFRAG)) {
1266 if ((tx->flags & IEEE80211_TX_UNICAST) && 1166 if (!(tx->flags & IEEE80211_TX_UNICAST) ||
1267 skb->len + FCS_LEN > local->hw.wiphy->frag_threshold && 1167 skb->len + FCS_LEN <= local->hw.wiphy->frag_threshold ||
1268 !(info->flags & IEEE80211_TX_CTL_AMPDU)) 1168 info->flags & IEEE80211_TX_CTL_AMPDU)
1269 tx->flags |= IEEE80211_TX_FRAGMENTED; 1169 info->flags |= IEEE80211_TX_CTL_DONTFRAG;
1270 else
1271 tx->flags &= ~IEEE80211_TX_FRAGMENTED;
1272 } 1170 }
1273 1171
1274 if (!tx->sta) 1172 if (!tx->sta)
1275 info->flags |= IEEE80211_TX_CTL_CLEAR_PS_FILT; 1173 info->flags |= IEEE80211_TX_CTL_CLEAR_PS_FILT;
1276 else if (test_and_clear_sta_flags(tx->sta, WLAN_STA_CLEAR_PS_FILT)) 1174 else if (test_and_clear_sta_flag(tx->sta, WLAN_STA_CLEAR_PS_FILT))
1277 info->flags |= IEEE80211_TX_CTL_CLEAR_PS_FILT; 1175 info->flags |= IEEE80211_TX_CTL_CLEAR_PS_FILT;
1278 1176
1279 hdrlen = ieee80211_hdrlen(hdr->frame_control);
1280 if (skb->len > hdrlen + sizeof(rfc1042_header) + 2) {
1281 u8 *pos = &skb->data[hdrlen + sizeof(rfc1042_header)];
1282 tx->ethertype = (pos[0] << 8) | pos[1];
1283 }
1284 info->flags |= IEEE80211_TX_CTL_FIRST_FRAGMENT; 1177 info->flags |= IEEE80211_TX_CTL_FIRST_FRAGMENT;
1285 1178
1286 return TX_CONTINUE; 1179 return TX_CONTINUE;
@@ -1491,11 +1384,6 @@ static int ieee80211_skb_resize(struct ieee80211_sub_if_data *sdata,
1491 tail_need = max_t(int, tail_need, 0); 1384 tail_need = max_t(int, tail_need, 0);
1492 } 1385 }
1493 1386
1494 if (head_need || tail_need) {
1495 /* Sorry. Can't account for this any more */
1496 skb_orphan(skb);
1497 }
1498
1499 if (skb_cloned(skb)) 1387 if (skb_cloned(skb))
1500 I802_DEBUG_INC(local->tx_expand_skb_head_cloned); 1388 I802_DEBUG_INC(local->tx_expand_skb_head_cloned);
1501 else if (head_need || tail_need) 1389 else if (head_need || tail_need)
@@ -1509,67 +1397,19 @@ static int ieee80211_skb_resize(struct ieee80211_sub_if_data *sdata,
1509 return -ENOMEM; 1397 return -ENOMEM;
1510 } 1398 }
1511 1399
1512 /* update truesize too */
1513 skb->truesize += head_need + tail_need;
1514
1515 return 0; 1400 return 0;
1516} 1401}
1517 1402
1518static void ieee80211_xmit(struct ieee80211_sub_if_data *sdata, 1403void ieee80211_xmit(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb)
1519 struct sk_buff *skb)
1520{ 1404{
1521 struct ieee80211_local *local = sdata->local; 1405 struct ieee80211_local *local = sdata->local;
1522 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 1406 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1523 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 1407 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
1524 struct ieee80211_sub_if_data *tmp_sdata;
1525 int headroom; 1408 int headroom;
1526 bool may_encrypt; 1409 bool may_encrypt;
1527 1410
1528 rcu_read_lock(); 1411 rcu_read_lock();
1529 1412
1530 if (unlikely(sdata->vif.type == NL80211_IFTYPE_MONITOR)) {
1531 int hdrlen;
1532 u16 len_rthdr;
1533
1534 info->flags |= IEEE80211_TX_CTL_INJECTED |
1535 IEEE80211_TX_INTFL_HAS_RADIOTAP;
1536
1537 len_rthdr = ieee80211_get_radiotap_len(skb->data);
1538 hdr = (struct ieee80211_hdr *)(skb->data + len_rthdr);
1539 hdrlen = ieee80211_hdrlen(hdr->frame_control);
1540
1541 /* check the header is complete in the frame */
1542 if (likely(skb->len >= len_rthdr + hdrlen)) {
1543 /*
1544 * We process outgoing injected frames that have a
1545 * local address we handle as though they are our
1546 * own frames.
1547 * This code here isn't entirely correct, the local
1548 * MAC address is not necessarily enough to find
1549 * the interface to use; for that proper VLAN/WDS
1550 * support we will need a different mechanism.
1551 */
1552
1553 list_for_each_entry_rcu(tmp_sdata, &local->interfaces,
1554 list) {
1555 if (!ieee80211_sdata_running(tmp_sdata))
1556 continue;
1557 if (tmp_sdata->vif.type ==
1558 NL80211_IFTYPE_MONITOR ||
1559 tmp_sdata->vif.type ==
1560 NL80211_IFTYPE_AP_VLAN ||
1561 tmp_sdata->vif.type ==
1562 NL80211_IFTYPE_WDS)
1563 continue;
1564 if (compare_ether_addr(tmp_sdata->vif.addr,
1565 hdr->addr2) == 0) {
1566 sdata = tmp_sdata;
1567 break;
1568 }
1569 }
1570 }
1571 }
1572
1573 may_encrypt = !(info->flags & IEEE80211_TX_INTFL_DONT_ENCRYPT); 1413 may_encrypt = !(info->flags & IEEE80211_TX_INTFL_DONT_ENCRYPT);
1574 1414
1575 headroom = local->tx_headroom; 1415 headroom = local->tx_headroom;
@@ -1601,6 +1441,89 @@ static void ieee80211_xmit(struct ieee80211_sub_if_data *sdata,
1601 rcu_read_unlock(); 1441 rcu_read_unlock();
1602} 1442}
1603 1443
1444static bool ieee80211_parse_tx_radiotap(struct sk_buff *skb)
1445{
1446 struct ieee80211_radiotap_iterator iterator;
1447 struct ieee80211_radiotap_header *rthdr =
1448 (struct ieee80211_radiotap_header *) skb->data;
1449 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1450 int ret = ieee80211_radiotap_iterator_init(&iterator, rthdr, skb->len,
1451 NULL);
1452 u16 txflags;
1453
1454 info->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT |
1455 IEEE80211_TX_CTL_DONTFRAG;
1456
1457 /*
1458 * for every radiotap entry that is present
1459 * (ieee80211_radiotap_iterator_next returns -ENOENT when no more
1460 * entries present, or -EINVAL on error)
1461 */
1462
1463 while (!ret) {
1464 ret = ieee80211_radiotap_iterator_next(&iterator);
1465
1466 if (ret)
1467 continue;
1468
1469 /* see if this argument is something we can use */
1470 switch (iterator.this_arg_index) {
1471 /*
1472 * You must take care when dereferencing iterator.this_arg
1473 * for multibyte types... the pointer is not aligned. Use
1474 * get_unaligned((type *)iterator.this_arg) to dereference
1475 * iterator.this_arg for type "type" safely on all arches.
1476 */
1477 case IEEE80211_RADIOTAP_FLAGS:
1478 if (*iterator.this_arg & IEEE80211_RADIOTAP_F_FCS) {
1479 /*
1480 * this indicates that the skb we have been
1481 * handed has the 32-bit FCS CRC at the end...
1482 * we should react to that by snipping it off
1483 * because it will be recomputed and added
1484 * on transmission
1485 */
1486 if (skb->len < (iterator._max_length + FCS_LEN))
1487 return false;
1488
1489 skb_trim(skb, skb->len - FCS_LEN);
1490 }
1491 if (*iterator.this_arg & IEEE80211_RADIOTAP_F_WEP)
1492 info->flags &= ~IEEE80211_TX_INTFL_DONT_ENCRYPT;
1493 if (*iterator.this_arg & IEEE80211_RADIOTAP_F_FRAG)
1494 info->flags &= ~IEEE80211_TX_CTL_DONTFRAG;
1495 break;
1496
1497 case IEEE80211_RADIOTAP_TX_FLAGS:
1498 txflags = get_unaligned_le16(iterator.this_arg);
1499 if (txflags & IEEE80211_RADIOTAP_F_TX_NOACK)
1500 info->flags |= IEEE80211_TX_CTL_NO_ACK;
1501 break;
1502
1503 /*
1504 * Please update the file
1505 * Documentation/networking/mac80211-injection.txt
1506 * when parsing new fields here.
1507 */
1508
1509 default:
1510 break;
1511 }
1512 }
1513
1514 if (ret != -ENOENT) /* ie, if we didn't simply run out of fields */
1515 return false;
1516
1517 /*
1518 * remove the radiotap header
1519 * iterator->_max_length was sanity-checked against
1520 * skb->len by iterator init
1521 */
1522 skb_pull(skb, iterator._max_length);
1523
1524 return true;
1525}
1526
1604netdev_tx_t ieee80211_monitor_start_xmit(struct sk_buff *skb, 1527netdev_tx_t ieee80211_monitor_start_xmit(struct sk_buff *skb,
1605 struct net_device *dev) 1528 struct net_device *dev)
1606{ 1529{
@@ -1610,8 +1533,9 @@ netdev_tx_t ieee80211_monitor_start_xmit(struct sk_buff *skb,
1610 (struct ieee80211_radiotap_header *)skb->data; 1533 (struct ieee80211_radiotap_header *)skb->data;
1611 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 1534 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1612 struct ieee80211_hdr *hdr; 1535 struct ieee80211_hdr *hdr;
1536 struct ieee80211_sub_if_data *tmp_sdata, *sdata;
1613 u16 len_rthdr; 1537 u16 len_rthdr;
1614 u8 *payload; 1538 int hdrlen;
1615 1539
1616 /* 1540 /*
1617 * Frame injection is not allowed if beaconing is not allowed 1541 * Frame injection is not allowed if beaconing is not allowed
@@ -1662,30 +1586,65 @@ netdev_tx_t ieee80211_monitor_start_xmit(struct sk_buff *skb,
1662 skb_set_network_header(skb, len_rthdr); 1586 skb_set_network_header(skb, len_rthdr);
1663 skb_set_transport_header(skb, len_rthdr); 1587 skb_set_transport_header(skb, len_rthdr);
1664 1588
1589 if (skb->len < len_rthdr + 2)
1590 goto fail;
1591
1592 hdr = (struct ieee80211_hdr *)(skb->data + len_rthdr);
1593 hdrlen = ieee80211_hdrlen(hdr->frame_control);
1594
1595 if (skb->len < len_rthdr + hdrlen)
1596 goto fail;
1597
1665 /* 1598 /*
1666 * Initialize skb->protocol if the injected frame is a data frame 1599 * Initialize skb->protocol if the injected frame is a data frame
1667 * carrying a rfc1042 header 1600 * carrying a rfc1042 header
1668 */ 1601 */
1669 if (skb->len > len_rthdr + 2) { 1602 if (ieee80211_is_data(hdr->frame_control) &&
1670 hdr = (struct ieee80211_hdr *)(skb->data + len_rthdr); 1603 skb->len >= len_rthdr + hdrlen + sizeof(rfc1042_header) + 2) {
1671 if (ieee80211_is_data(hdr->frame_control) && 1604 u8 *payload = (u8 *)hdr + hdrlen;
1672 skb->len >= len_rthdr + 1605
1673 ieee80211_hdrlen(hdr->frame_control) + 1606 if (compare_ether_addr(payload, rfc1042_header) == 0)
1674 sizeof(rfc1042_header) + 2) { 1607 skb->protocol = cpu_to_be16((payload[6] << 8) |
1675 payload = (u8 *)hdr + 1608 payload[7]);
1676 ieee80211_hdrlen(hdr->frame_control);
1677 if (compare_ether_addr(payload, rfc1042_header) == 0)
1678 skb->protocol = cpu_to_be16((payload[6] << 8) |
1679 payload[7]);
1680 }
1681 } 1609 }
1682 1610
1683 memset(info, 0, sizeof(*info)); 1611 memset(info, 0, sizeof(*info));
1684 1612
1685 info->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS; 1613 info->flags = IEEE80211_TX_CTL_REQ_TX_STATUS |
1614 IEEE80211_TX_CTL_INJECTED;
1615
1616 /* process and remove the injection radiotap header */
1617 if (!ieee80211_parse_tx_radiotap(skb))
1618 goto fail;
1619
1620 rcu_read_lock();
1621
1622 /*
1623 * We process outgoing injected frames that have a local address
1624 * we handle as though they are non-injected frames.
1625 * This code here isn't entirely correct, the local MAC address
1626 * isn't always enough to find the interface to use; for proper
1627 * VLAN/WDS support we will need a different mechanism (which
1628 * likely isn't going to be monitor interfaces).
1629 */
1630 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1631
1632 list_for_each_entry_rcu(tmp_sdata, &local->interfaces, list) {
1633 if (!ieee80211_sdata_running(tmp_sdata))
1634 continue;
1635 if (tmp_sdata->vif.type == NL80211_IFTYPE_MONITOR ||
1636 tmp_sdata->vif.type == NL80211_IFTYPE_AP_VLAN ||
1637 tmp_sdata->vif.type == NL80211_IFTYPE_WDS)
1638 continue;
1639 if (compare_ether_addr(tmp_sdata->vif.addr, hdr->addr2) == 0) {
1640 sdata = tmp_sdata;
1641 break;
1642 }
1643 }
1644
1645 ieee80211_xmit(sdata, skb);
1646 rcu_read_unlock();
1686 1647
1687 /* pass the radiotap header up to xmit */
1688 ieee80211_xmit(IEEE80211_DEV_TO_SUB_IF(dev), skb);
1689 return NETDEV_TX_OK; 1648 return NETDEV_TX_OK;
1690 1649
1691fail: 1650fail:
@@ -1724,8 +1683,9 @@ netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb,
1724 int encaps_len, skip_header_bytes; 1683 int encaps_len, skip_header_bytes;
1725 int nh_pos, h_pos; 1684 int nh_pos, h_pos;
1726 struct sta_info *sta = NULL; 1685 struct sta_info *sta = NULL;
1727 u32 sta_flags = 0; 1686 bool wme_sta = false, authorized = false, tdls_auth = false;
1728 struct sk_buff *tmp_skb; 1687 struct sk_buff *tmp_skb;
1688 bool tdls_direct = false;
1729 1689
1730 if (unlikely(skb->len < ETH_HLEN)) { 1690 if (unlikely(skb->len < ETH_HLEN)) {
1731 ret = NETDEV_TX_OK; 1691 ret = NETDEV_TX_OK;
@@ -1749,7 +1709,8 @@ netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb,
1749 memcpy(hdr.addr3, skb->data, ETH_ALEN); 1709 memcpy(hdr.addr3, skb->data, ETH_ALEN);
1750 memcpy(hdr.addr4, skb->data + ETH_ALEN, ETH_ALEN); 1710 memcpy(hdr.addr4, skb->data + ETH_ALEN, ETH_ALEN);
1751 hdrlen = 30; 1711 hdrlen = 30;
1752 sta_flags = get_sta_flags(sta); 1712 authorized = test_sta_flag(sta, WLAN_STA_AUTHORIZED);
1713 wme_sta = test_sta_flag(sta, WLAN_STA_WME);
1753 } 1714 }
1754 rcu_read_unlock(); 1715 rcu_read_unlock();
1755 if (sta) 1716 if (sta)
@@ -1837,11 +1798,50 @@ netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb,
1837 break; 1798 break;
1838#endif 1799#endif
1839 case NL80211_IFTYPE_STATION: 1800 case NL80211_IFTYPE_STATION:
1840 memcpy(hdr.addr1, sdata->u.mgd.bssid, ETH_ALEN); 1801 if (sdata->wdev.wiphy->flags & WIPHY_FLAG_SUPPORTS_TDLS) {
1841 if (sdata->u.mgd.use_4addr && 1802 bool tdls_peer = false;
1842 cpu_to_be16(ethertype) != sdata->control_port_protocol) { 1803
1843 fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS); 1804 rcu_read_lock();
1805 sta = sta_info_get(sdata, skb->data);
1806 if (sta) {
1807 authorized = test_sta_flag(sta,
1808 WLAN_STA_AUTHORIZED);
1809 wme_sta = test_sta_flag(sta, WLAN_STA_WME);
1810 tdls_peer = test_sta_flag(sta,
1811 WLAN_STA_TDLS_PEER);
1812 tdls_auth = test_sta_flag(sta,
1813 WLAN_STA_TDLS_PEER_AUTH);
1814 }
1815 rcu_read_unlock();
1816
1817 /*
1818 * If the TDLS link is enabled, send everything
1819 * directly. Otherwise, allow TDLS setup frames
1820 * to be transmitted indirectly.
1821 */
1822 tdls_direct = tdls_peer && (tdls_auth ||
1823 !(ethertype == ETH_P_TDLS && skb->len > 14 &&
1824 skb->data[14] == WLAN_TDLS_SNAP_RFTYPE));
1825 }
1826
1827 if (tdls_direct) {
1828 /* link during setup - throw out frames to peer */
1829 if (!tdls_auth) {
1830 ret = NETDEV_TX_OK;
1831 goto fail;
1832 }
1833
1834 /* DA SA BSSID */
1835 memcpy(hdr.addr1, skb->data, ETH_ALEN);
1836 memcpy(hdr.addr2, skb->data + ETH_ALEN, ETH_ALEN);
1837 memcpy(hdr.addr3, sdata->u.mgd.bssid, ETH_ALEN);
1838 hdrlen = 24;
1839 } else if (sdata->u.mgd.use_4addr &&
1840 cpu_to_be16(ethertype) != sdata->control_port_protocol) {
1841 fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS |
1842 IEEE80211_FCTL_TODS);
1844 /* RA TA DA SA */ 1843 /* RA TA DA SA */
1844 memcpy(hdr.addr1, sdata->u.mgd.bssid, ETH_ALEN);
1845 memcpy(hdr.addr2, sdata->vif.addr, ETH_ALEN); 1845 memcpy(hdr.addr2, sdata->vif.addr, ETH_ALEN);
1846 memcpy(hdr.addr3, skb->data, ETH_ALEN); 1846 memcpy(hdr.addr3, skb->data, ETH_ALEN);
1847 memcpy(hdr.addr4, skb->data + ETH_ALEN, ETH_ALEN); 1847 memcpy(hdr.addr4, skb->data + ETH_ALEN, ETH_ALEN);
@@ -1849,6 +1849,7 @@ netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb,
1849 } else { 1849 } else {
1850 fc |= cpu_to_le16(IEEE80211_FCTL_TODS); 1850 fc |= cpu_to_le16(IEEE80211_FCTL_TODS);
1851 /* BSSID SA DA */ 1851 /* BSSID SA DA */
1852 memcpy(hdr.addr1, sdata->u.mgd.bssid, ETH_ALEN);
1852 memcpy(hdr.addr2, skb->data + ETH_ALEN, ETH_ALEN); 1853 memcpy(hdr.addr2, skb->data + ETH_ALEN, ETH_ALEN);
1853 memcpy(hdr.addr3, skb->data, ETH_ALEN); 1854 memcpy(hdr.addr3, skb->data, ETH_ALEN);
1854 hdrlen = 24; 1855 hdrlen = 24;
@@ -1874,17 +1875,19 @@ netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb,
1874 if (!is_multicast_ether_addr(hdr.addr1)) { 1875 if (!is_multicast_ether_addr(hdr.addr1)) {
1875 rcu_read_lock(); 1876 rcu_read_lock();
1876 sta = sta_info_get(sdata, hdr.addr1); 1877 sta = sta_info_get(sdata, hdr.addr1);
1877 if (sta) 1878 if (sta) {
1878 sta_flags = get_sta_flags(sta); 1879 authorized = test_sta_flag(sta, WLAN_STA_AUTHORIZED);
1880 wme_sta = test_sta_flag(sta, WLAN_STA_WME);
1881 }
1879 rcu_read_unlock(); 1882 rcu_read_unlock();
1880 } 1883 }
1881 1884
1882 /* For mesh, the use of the QoS header is mandatory */ 1885 /* For mesh, the use of the QoS header is mandatory */
1883 if (ieee80211_vif_is_mesh(&sdata->vif)) 1886 if (ieee80211_vif_is_mesh(&sdata->vif))
1884 sta_flags |= WLAN_STA_WME; 1887 wme_sta = true;
1885 1888
1886 /* receiver and we are QoS enabled, use a QoS type frame */ 1889 /* receiver and we are QoS enabled, use a QoS type frame */
1887 if ((sta_flags & WLAN_STA_WME) && local->hw.queues >= 4) { 1890 if (wme_sta && local->hw.queues >= 4) {
1888 fc |= cpu_to_le16(IEEE80211_STYPE_QOS_DATA); 1891 fc |= cpu_to_le16(IEEE80211_STYPE_QOS_DATA);
1889 hdrlen += 2; 1892 hdrlen += 2;
1890 } 1893 }
@@ -1893,12 +1896,10 @@ netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb,
1893 * Drop unicast frames to unauthorised stations unless they are 1896 * Drop unicast frames to unauthorised stations unless they are
1894 * EAPOL frames from the local station. 1897 * EAPOL frames from the local station.
1895 */ 1898 */
1896 if (!ieee80211_vif_is_mesh(&sdata->vif) && 1899 if (unlikely(!ieee80211_vif_is_mesh(&sdata->vif) &&
1897 unlikely(!is_multicast_ether_addr(hdr.addr1) && 1900 !is_multicast_ether_addr(hdr.addr1) && !authorized &&
1898 !(sta_flags & WLAN_STA_AUTHORIZED) && 1901 (cpu_to_be16(ethertype) != sdata->control_port_protocol ||
1899 !(cpu_to_be16(ethertype) == sdata->control_port_protocol && 1902 compare_ether_addr(sdata->vif.addr, skb->data + ETH_ALEN)))) {
1900 compare_ether_addr(sdata->vif.addr,
1901 skb->data + ETH_ALEN) == 0))) {
1902#ifdef CONFIG_MAC80211_VERBOSE_DEBUG 1903#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
1903 if (net_ratelimit()) 1904 if (net_ratelimit())
1904 printk(KERN_DEBUG "%s: dropped frame to %pM" 1905 printk(KERN_DEBUG "%s: dropped frame to %pM"
@@ -2277,22 +2278,31 @@ struct sk_buff *ieee80211_beacon_get_tim(struct ieee80211_hw *hw,
2277 } else if (ieee80211_vif_is_mesh(&sdata->vif)) { 2278 } else if (ieee80211_vif_is_mesh(&sdata->vif)) {
2278 struct ieee80211_mgmt *mgmt; 2279 struct ieee80211_mgmt *mgmt;
2279 u8 *pos; 2280 u8 *pos;
2281 int hdr_len = offsetof(struct ieee80211_mgmt, u.beacon) +
2282 sizeof(mgmt->u.beacon);
2280 2283
2281#ifdef CONFIG_MAC80211_MESH 2284#ifdef CONFIG_MAC80211_MESH
2282 if (!sdata->u.mesh.mesh_id_len) 2285 if (!sdata->u.mesh.mesh_id_len)
2283 goto out; 2286 goto out;
2284#endif 2287#endif
2285 2288
2286 /* headroom, head length, tail length and maximum TIM length */ 2289 skb = dev_alloc_skb(local->tx_headroom +
2287 skb = dev_alloc_skb(local->tx_headroom + 400 + 2290 hdr_len +
2288 sdata->u.mesh.ie_len); 2291 2 + /* NULL SSID */
2292 2 + 8 + /* supported rates */
2293 2 + 3 + /* DS params */
2294 2 + (IEEE80211_MAX_SUPP_RATES - 8) +
2295 2 + sizeof(struct ieee80211_ht_cap) +
2296 2 + sizeof(struct ieee80211_ht_info) +
2297 2 + sdata->u.mesh.mesh_id_len +
2298 2 + sizeof(struct ieee80211_meshconf_ie) +
2299 sdata->u.mesh.ie_len);
2289 if (!skb) 2300 if (!skb)
2290 goto out; 2301 goto out;
2291 2302
2292 skb_reserve(skb, local->hw.extra_tx_headroom); 2303 skb_reserve(skb, local->hw.extra_tx_headroom);
2293 mgmt = (struct ieee80211_mgmt *) 2304 mgmt = (struct ieee80211_mgmt *) skb_put(skb, hdr_len);
2294 skb_put(skb, 24 + sizeof(mgmt->u.beacon)); 2305 memset(mgmt, 0, hdr_len);
2295 memset(mgmt, 0, 24 + sizeof(mgmt->u.beacon));
2296 mgmt->frame_control = 2306 mgmt->frame_control =
2297 cpu_to_le16(IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_BEACON); 2307 cpu_to_le16(IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_BEACON);
2298 memset(mgmt->da, 0xff, ETH_ALEN); 2308 memset(mgmt->da, 0xff, ETH_ALEN);
@@ -2307,10 +2317,12 @@ struct sk_buff *ieee80211_beacon_get_tim(struct ieee80211_hw *hw,
2307 *pos++ = WLAN_EID_SSID; 2317 *pos++ = WLAN_EID_SSID;
2308 *pos++ = 0x0; 2318 *pos++ = 0x0;
2309 2319
2310 if (mesh_add_srates_ie(skb, sdata) || 2320 if (ieee80211_add_srates_ie(&sdata->vif, skb) ||
2311 mesh_add_ds_params_ie(skb, sdata) || 2321 mesh_add_ds_params_ie(skb, sdata) ||
2312 mesh_add_ext_srates_ie(skb, sdata) || 2322 ieee80211_add_ext_srates_ie(&sdata->vif, skb) ||
2313 mesh_add_rsn_ie(skb, sdata) || 2323 mesh_add_rsn_ie(skb, sdata) ||
2324 mesh_add_ht_cap_ie(skb, sdata) ||
2325 mesh_add_ht_info_ie(skb, sdata) ||
2314 mesh_add_meshid_ie(skb, sdata) || 2326 mesh_add_meshid_ie(skb, sdata) ||
2315 mesh_add_meshconf_ie(skb, sdata) || 2327 mesh_add_meshconf_ie(skb, sdata) ||
2316 mesh_add_vendor_ies(skb, sdata)) { 2328 mesh_add_vendor_ies(skb, sdata)) {
diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index 4b1466d5b6a1..72b3a2ec0d24 100644
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -367,14 +367,14 @@ void ieee80211_add_pending_skb(struct ieee80211_local *local,
367 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); 367 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
368} 368}
369 369
370int ieee80211_add_pending_skbs_fn(struct ieee80211_local *local, 370void ieee80211_add_pending_skbs_fn(struct ieee80211_local *local,
371 struct sk_buff_head *skbs, 371 struct sk_buff_head *skbs,
372 void (*fn)(void *data), void *data) 372 void (*fn)(void *data), void *data)
373{ 373{
374 struct ieee80211_hw *hw = &local->hw; 374 struct ieee80211_hw *hw = &local->hw;
375 struct sk_buff *skb; 375 struct sk_buff *skb;
376 unsigned long flags; 376 unsigned long flags;
377 int queue, ret = 0, i; 377 int queue, i;
378 378
379 spin_lock_irqsave(&local->queue_stop_reason_lock, flags); 379 spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
380 for (i = 0; i < hw->queues; i++) 380 for (i = 0; i < hw->queues; i++)
@@ -389,7 +389,6 @@ int ieee80211_add_pending_skbs_fn(struct ieee80211_local *local,
389 continue; 389 continue;
390 } 390 }
391 391
392 ret++;
393 queue = skb_get_queue_mapping(skb); 392 queue = skb_get_queue_mapping(skb);
394 __skb_queue_tail(&local->pending[queue], skb); 393 __skb_queue_tail(&local->pending[queue], skb);
395 } 394 }
@@ -401,14 +400,12 @@ int ieee80211_add_pending_skbs_fn(struct ieee80211_local *local,
401 __ieee80211_wake_queue(hw, i, 400 __ieee80211_wake_queue(hw, i,
402 IEEE80211_QUEUE_STOP_REASON_SKB_ADD); 401 IEEE80211_QUEUE_STOP_REASON_SKB_ADD);
403 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); 402 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
404
405 return ret;
406} 403}
407 404
408int ieee80211_add_pending_skbs(struct ieee80211_local *local, 405void ieee80211_add_pending_skbs(struct ieee80211_local *local,
409 struct sk_buff_head *skbs) 406 struct sk_buff_head *skbs)
410{ 407{
411 return ieee80211_add_pending_skbs_fn(local, skbs, NULL, NULL); 408 ieee80211_add_pending_skbs_fn(local, skbs, NULL, NULL);
412} 409}
413 410
414void ieee80211_stop_queues_by_reason(struct ieee80211_hw *hw, 411void ieee80211_stop_queues_by_reason(struct ieee80211_hw *hw,
@@ -632,8 +629,8 @@ void ieee80211_set_wmm_default(struct ieee80211_sub_if_data *sdata)
632 629
633 qparam.uapsd = false; 630 qparam.uapsd = false;
634 631
635 local->tx_conf[queue] = qparam; 632 sdata->tx_conf[queue] = qparam;
636 drv_conf_tx(local, queue, &qparam); 633 drv_conf_tx(local, sdata, queue, &qparam);
637 } 634 }
638 635
639 /* after reinitialize QoS TX queues setting to default, 636 /* after reinitialize QoS TX queues setting to default,
@@ -814,23 +811,8 @@ int ieee80211_build_preq_ies(struct ieee80211_local *local, u8 *buffer,
814 offset = noffset; 811 offset = noffset;
815 } 812 }
816 813
817 if (sband->ht_cap.ht_supported) { 814 if (sband->ht_cap.ht_supported)
818 u16 cap = sband->ht_cap.cap; 815 pos = ieee80211_ie_build_ht_cap(pos, sband, sband->ht_cap.cap);
819 __le16 tmp;
820
821 *pos++ = WLAN_EID_HT_CAPABILITY;
822 *pos++ = sizeof(struct ieee80211_ht_cap);
823 memset(pos, 0, sizeof(struct ieee80211_ht_cap));
824 tmp = cpu_to_le16(cap);
825 memcpy(pos, &tmp, sizeof(u16));
826 pos += sizeof(u16);
827 *pos++ = sband->ht_cap.ampdu_factor |
828 (sband->ht_cap.ampdu_density <<
829 IEEE80211_HT_AMPDU_PARM_DENSITY_SHIFT);
830 memcpy(pos, &sband->ht_cap.mcs, sizeof(sband->ht_cap.mcs));
831 pos += sizeof(sband->ht_cap.mcs);
832 pos += 2 + 4 + 1; /* ext info, BF cap, antsel */
833 }
834 816
835 /* 817 /*
836 * If adding more here, adjust code in main.c 818 * If adding more here, adjust code in main.c
@@ -899,14 +881,18 @@ struct sk_buff *ieee80211_build_probe_req(struct ieee80211_sub_if_data *sdata,
899void ieee80211_send_probe_req(struct ieee80211_sub_if_data *sdata, u8 *dst, 881void ieee80211_send_probe_req(struct ieee80211_sub_if_data *sdata, u8 *dst,
900 const u8 *ssid, size_t ssid_len, 882 const u8 *ssid, size_t ssid_len,
901 const u8 *ie, size_t ie_len, 883 const u8 *ie, size_t ie_len,
902 u32 ratemask, bool directed) 884 u32 ratemask, bool directed, bool no_cck)
903{ 885{
904 struct sk_buff *skb; 886 struct sk_buff *skb;
905 887
906 skb = ieee80211_build_probe_req(sdata, dst, ratemask, ssid, ssid_len, 888 skb = ieee80211_build_probe_req(sdata, dst, ratemask, ssid, ssid_len,
907 ie, ie_len, directed); 889 ie, ie_len, directed);
908 if (skb) 890 if (skb) {
891 if (no_cck)
892 IEEE80211_SKB_CB(skb)->flags |=
893 IEEE80211_TX_CTL_NO_CCK_RATE;
909 ieee80211_tx_skb(sdata, skb); 894 ieee80211_tx_skb(sdata, skb);
895 }
910} 896}
911 897
912u32 ieee80211_sta_get_rates(struct ieee80211_local *local, 898u32 ieee80211_sta_get_rates(struct ieee80211_local *local,
@@ -1040,8 +1026,15 @@ int ieee80211_reconfig(struct ieee80211_local *local)
1040 mutex_unlock(&local->sta_mtx); 1026 mutex_unlock(&local->sta_mtx);
1041 1027
1042 /* reconfigure tx conf */ 1028 /* reconfigure tx conf */
1043 for (i = 0; i < hw->queues; i++) 1029 list_for_each_entry(sdata, &local->interfaces, list) {
1044 drv_conf_tx(local, i, &local->tx_conf[i]); 1030 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN ||
1031 sdata->vif.type == NL80211_IFTYPE_MONITOR ||
1032 !ieee80211_sdata_running(sdata))
1033 continue;
1034
1035 for (i = 0; i < hw->queues; i++)
1036 drv_conf_tx(local, sdata, i, &sdata->tx_conf[i]);
1037 }
1045 1038
1046 /* reconfigure hardware */ 1039 /* reconfigure hardware */
1047 ieee80211_hw_config(local, ~0); 1040 ieee80211_hw_config(local, ~0);
@@ -1114,7 +1107,7 @@ int ieee80211_reconfig(struct ieee80211_local *local)
1114 1107
1115 list_for_each_entry(sta, &local->sta_list, list) { 1108 list_for_each_entry(sta, &local->sta_list, list) {
1116 ieee80211_sta_tear_down_BA_sessions(sta, true); 1109 ieee80211_sta_tear_down_BA_sessions(sta, true);
1117 clear_sta_flags(sta, WLAN_STA_BLOCK_BA); 1110 clear_sta_flag(sta, WLAN_STA_BLOCK_BA);
1118 } 1111 }
1119 1112
1120 mutex_unlock(&local->sta_mtx); 1113 mutex_unlock(&local->sta_mtx);
@@ -1353,3 +1346,157 @@ void ieee80211_disable_rssi_reports(struct ieee80211_vif *vif)
1353 _ieee80211_enable_rssi_reports(sdata, 0, 0); 1346 _ieee80211_enable_rssi_reports(sdata, 0, 0);
1354} 1347}
1355EXPORT_SYMBOL(ieee80211_disable_rssi_reports); 1348EXPORT_SYMBOL(ieee80211_disable_rssi_reports);
1349
1350u8 *ieee80211_ie_build_ht_cap(u8 *pos, struct ieee80211_supported_band *sband,
1351 u16 cap)
1352{
1353 __le16 tmp;
1354
1355 *pos++ = WLAN_EID_HT_CAPABILITY;
1356 *pos++ = sizeof(struct ieee80211_ht_cap);
1357 memset(pos, 0, sizeof(struct ieee80211_ht_cap));
1358
1359 /* capability flags */
1360 tmp = cpu_to_le16(cap);
1361 memcpy(pos, &tmp, sizeof(u16));
1362 pos += sizeof(u16);
1363
1364 /* AMPDU parameters */
1365 *pos++ = sband->ht_cap.ampdu_factor |
1366 (sband->ht_cap.ampdu_density <<
1367 IEEE80211_HT_AMPDU_PARM_DENSITY_SHIFT);
1368
1369 /* MCS set */
1370 memcpy(pos, &sband->ht_cap.mcs, sizeof(sband->ht_cap.mcs));
1371 pos += sizeof(sband->ht_cap.mcs);
1372
1373 /* extended capabilities */
1374 pos += sizeof(__le16);
1375
1376 /* BF capabilities */
1377 pos += sizeof(__le32);
1378
1379 /* antenna selection */
1380 pos += sizeof(u8);
1381
1382 return pos;
1383}
1384
1385u8 *ieee80211_ie_build_ht_info(u8 *pos,
1386 struct ieee80211_sta_ht_cap *ht_cap,
1387 struct ieee80211_channel *channel,
1388 enum nl80211_channel_type channel_type)
1389{
1390 struct ieee80211_ht_info *ht_info;
1391 /* Build HT Information */
1392 *pos++ = WLAN_EID_HT_INFORMATION;
1393 *pos++ = sizeof(struct ieee80211_ht_info);
1394 ht_info = (struct ieee80211_ht_info *)pos;
1395 ht_info->control_chan =
1396 ieee80211_frequency_to_channel(channel->center_freq);
1397 switch (channel_type) {
1398 case NL80211_CHAN_HT40MINUS:
1399 ht_info->ht_param = IEEE80211_HT_PARAM_CHA_SEC_BELOW;
1400 break;
1401 case NL80211_CHAN_HT40PLUS:
1402 ht_info->ht_param = IEEE80211_HT_PARAM_CHA_SEC_ABOVE;
1403 break;
1404 case NL80211_CHAN_HT20:
1405 default:
1406 ht_info->ht_param = IEEE80211_HT_PARAM_CHA_SEC_NONE;
1407 break;
1408 }
1409 if (ht_cap->cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40)
1410 ht_info->ht_param |= IEEE80211_HT_PARAM_CHAN_WIDTH_ANY;
1411 ht_info->operation_mode = 0x0000;
1412 ht_info->stbc_param = 0x0000;
1413
1414 /* It seems that Basic MCS set and Supported MCS set
1415 are identical for the first 10 bytes */
1416 memset(&ht_info->basic_set, 0, 16);
1417 memcpy(&ht_info->basic_set, &ht_cap->mcs, 10);
1418
1419 return pos + sizeof(struct ieee80211_ht_info);
1420}
1421
1422enum nl80211_channel_type
1423ieee80211_ht_info_to_channel_type(struct ieee80211_ht_info *ht_info)
1424{
1425 enum nl80211_channel_type channel_type;
1426
1427 if (!ht_info)
1428 return NL80211_CHAN_NO_HT;
1429
1430 switch (ht_info->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) {
1431 case IEEE80211_HT_PARAM_CHA_SEC_NONE:
1432 channel_type = NL80211_CHAN_HT20;
1433 break;
1434 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
1435 channel_type = NL80211_CHAN_HT40PLUS;
1436 break;
1437 case IEEE80211_HT_PARAM_CHA_SEC_BELOW:
1438 channel_type = NL80211_CHAN_HT40MINUS;
1439 break;
1440 default:
1441 channel_type = NL80211_CHAN_NO_HT;
1442 }
1443
1444 return channel_type;
1445}
1446
1447int ieee80211_add_srates_ie(struct ieee80211_vif *vif, struct sk_buff *skb)
1448{
1449 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1450 struct ieee80211_local *local = sdata->local;
1451 struct ieee80211_supported_band *sband;
1452 int rate;
1453 u8 i, rates, *pos;
1454
1455 sband = local->hw.wiphy->bands[local->hw.conf.channel->band];
1456 rates = sband->n_bitrates;
1457 if (rates > 8)
1458 rates = 8;
1459
1460 if (skb_tailroom(skb) < rates + 2)
1461 return -ENOMEM;
1462
1463 pos = skb_put(skb, rates + 2);
1464 *pos++ = WLAN_EID_SUPP_RATES;
1465 *pos++ = rates;
1466 for (i = 0; i < rates; i++) {
1467 rate = sband->bitrates[i].bitrate;
1468 *pos++ = (u8) (rate / 5);
1469 }
1470
1471 return 0;
1472}
1473
1474int ieee80211_add_ext_srates_ie(struct ieee80211_vif *vif, struct sk_buff *skb)
1475{
1476 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1477 struct ieee80211_local *local = sdata->local;
1478 struct ieee80211_supported_band *sband;
1479 int rate;
1480 u8 i, exrates, *pos;
1481
1482 sband = local->hw.wiphy->bands[local->hw.conf.channel->band];
1483 exrates = sband->n_bitrates;
1484 if (exrates > 8)
1485 exrates -= 8;
1486 else
1487 exrates = 0;
1488
1489 if (skb_tailroom(skb) < exrates + 2)
1490 return -ENOMEM;
1491
1492 if (exrates) {
1493 pos = skb_put(skb, exrates + 2);
1494 *pos++ = WLAN_EID_EXT_SUPP_RATES;
1495 *pos++ = exrates;
1496 for (i = 8; i < sband->n_bitrates; i++) {
1497 rate = sband->bitrates[i].bitrate;
1498 *pos++ = (u8) (rate / 5);
1499 }
1500 }
1501 return 0;
1502}
diff --git a/net/mac80211/wme.c b/net/mac80211/wme.c
index 971004c9b04f..fd52e695c071 100644
--- a/net/mac80211/wme.c
+++ b/net/mac80211/wme.c
@@ -72,7 +72,7 @@ u16 ieee80211_select_queue(struct ieee80211_sub_if_data *sdata,
72 case NL80211_IFTYPE_AP_VLAN: 72 case NL80211_IFTYPE_AP_VLAN:
73 sta = rcu_dereference(sdata->u.vlan.sta); 73 sta = rcu_dereference(sdata->u.vlan.sta);
74 if (sta) { 74 if (sta) {
75 qos = get_sta_flags(sta) & WLAN_STA_WME; 75 qos = test_sta_flag(sta, WLAN_STA_WME);
76 break; 76 break;
77 } 77 }
78 case NL80211_IFTYPE_AP: 78 case NL80211_IFTYPE_AP:
@@ -99,7 +99,7 @@ u16 ieee80211_select_queue(struct ieee80211_sub_if_data *sdata,
99 if (!sta && ra && !is_multicast_ether_addr(ra)) { 99 if (!sta && ra && !is_multicast_ether_addr(ra)) {
100 sta = sta_info_get(sdata, ra); 100 sta = sta_info_get(sdata, ra);
101 if (sta) 101 if (sta)
102 qos = get_sta_flags(sta) & WLAN_STA_WME; 102 qos = test_sta_flag(sta, WLAN_STA_WME);
103 } 103 }
104 rcu_read_unlock(); 104 rcu_read_unlock();
105 105
diff --git a/net/mac80211/work.c b/net/mac80211/work.c
index bac34394c05e..30da4e3f19f7 100644
--- a/net/mac80211/work.c
+++ b/net/mac80211/work.c
@@ -103,7 +103,6 @@ static void ieee80211_add_ht_ie(struct sk_buff *skb, const u8 *ht_info_ie,
103 u8 *pos; 103 u8 *pos;
104 u32 flags = channel->flags; 104 u32 flags = channel->flags;
105 u16 cap = sband->ht_cap.cap; 105 u16 cap = sband->ht_cap.cap;
106 __le16 tmp;
107 106
108 if (!sband->ht_cap.ht_supported) 107 if (!sband->ht_cap.ht_supported)
109 return; 108 return;
@@ -154,34 +153,8 @@ static void ieee80211_add_ht_ie(struct sk_buff *skb, const u8 *ht_info_ie,
154 } 153 }
155 154
156 /* reserve and fill IE */ 155 /* reserve and fill IE */
157
158 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2); 156 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2);
159 *pos++ = WLAN_EID_HT_CAPABILITY; 157 ieee80211_ie_build_ht_cap(pos, sband, cap);
160 *pos++ = sizeof(struct ieee80211_ht_cap);
161 memset(pos, 0, sizeof(struct ieee80211_ht_cap));
162
163 /* capability flags */
164 tmp = cpu_to_le16(cap);
165 memcpy(pos, &tmp, sizeof(u16));
166 pos += sizeof(u16);
167
168 /* AMPDU parameters */
169 *pos++ = sband->ht_cap.ampdu_factor |
170 (sband->ht_cap.ampdu_density <<
171 IEEE80211_HT_AMPDU_PARM_DENSITY_SHIFT);
172
173 /* MCS set */
174 memcpy(pos, &sband->ht_cap.mcs, sizeof(sband->ht_cap.mcs));
175 pos += sizeof(sband->ht_cap.mcs);
176
177 /* extended capabilities */
178 pos += sizeof(__le16);
179
180 /* BF capabilities */
181 pos += sizeof(__le32);
182
183 /* antenna selection */
184 pos += sizeof(u8);
185} 158}
186 159
187static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata, 160static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata,
@@ -458,7 +431,7 @@ ieee80211_direct_probe(struct ieee80211_work *wk)
458 */ 431 */
459 ieee80211_send_probe_req(sdata, NULL, wk->probe_auth.ssid, 432 ieee80211_send_probe_req(sdata, NULL, wk->probe_auth.ssid,
460 wk->probe_auth.ssid_len, NULL, 0, 433 wk->probe_auth.ssid_len, NULL, 0,
461 (u32) -1, true); 434 (u32) -1, true, false);
462 435
463 wk->timeout = jiffies + IEEE80211_AUTH_TIMEOUT; 436 wk->timeout = jiffies + IEEE80211_AUTH_TIMEOUT;
464 run_again(local, wk->timeout); 437 run_again(local, wk->timeout);
@@ -577,7 +550,7 @@ ieee80211_offchannel_tx(struct ieee80211_work *wk)
577 /* 550 /*
578 * After this, offchan_tx.frame remains but now is no 551 * After this, offchan_tx.frame remains but now is no
579 * longer a valid pointer -- we still need it as the 552 * longer a valid pointer -- we still need it as the
580 * cookie for canceling this work. 553 * cookie for canceling this work/status matching.
581 */ 554 */
582 ieee80211_tx_skb(wk->sdata, wk->offchan_tx.frame); 555 ieee80211_tx_skb(wk->sdata, wk->offchan_tx.frame);
583 556
@@ -1084,14 +1057,13 @@ static void ieee80211_work_work(struct work_struct *work)
1084 continue; 1057 continue;
1085 if (wk->chan != local->tmp_channel) 1058 if (wk->chan != local->tmp_channel)
1086 continue; 1059 continue;
1087 if (ieee80211_work_ct_coexists(wk->chan_type, 1060 if (!ieee80211_work_ct_coexists(wk->chan_type,
1088 local->tmp_channel_type)) 1061 local->tmp_channel_type))
1089 continue; 1062 continue;
1090 remain_off_channel = true; 1063 remain_off_channel = true;
1091 } 1064 }
1092 1065
1093 if (!remain_off_channel && local->tmp_channel) { 1066 if (!remain_off_channel && local->tmp_channel) {
1094 bool on_oper_chan = ieee80211_cfg_on_oper_channel(local);
1095 local->tmp_channel = NULL; 1067 local->tmp_channel = NULL;
1096 /* If tmp_channel wasn't operating channel, then 1068 /* If tmp_channel wasn't operating channel, then
1097 * we need to go back on-channel. 1069 * we need to go back on-channel.
@@ -1101,7 +1073,7 @@ static void ieee80211_work_work(struct work_struct *work)
1101 * we still need to do a hardware config. Currently, 1073 * we still need to do a hardware config. Currently,
1102 * we cannot be here while scanning, however. 1074 * we cannot be here while scanning, however.
1103 */ 1075 */
1104 if (ieee80211_cfg_on_oper_channel(local) && !on_oper_chan) 1076 if (!ieee80211_cfg_on_oper_channel(local))
1105 ieee80211_hw_config(local, 0); 1077 ieee80211_hw_config(local, 0);
1106 1078
1107 /* At the least, we need to disable offchannel_ps, 1079 /* At the least, we need to disable offchannel_ps,
diff --git a/net/mac80211/wpa.c b/net/mac80211/wpa.c
index 7bc8702808fa..13efab5bf12a 100644
--- a/net/mac80211/wpa.c
+++ b/net/mac80211/wpa.c
@@ -53,7 +53,8 @@ ieee80211_tx_h_michael_mic_add(struct ieee80211_tx_data *tx)
53 } 53 }
54 54
55 if (info->control.hw_key && 55 if (info->control.hw_key &&
56 !(tx->flags & IEEE80211_TX_FRAGMENTED) && 56 (info->flags & IEEE80211_TX_CTL_DONTFRAG ||
57 tx->local->ops->set_frag_threshold) &&
57 !(tx->key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC)) { 58 !(tx->key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC)) {
58 /* hwaccel - with no need for SW-generated MMIC */ 59 /* hwaccel - with no need for SW-generated MMIC */
59 return TX_CONTINUE; 60 return TX_CONTINUE;
@@ -389,7 +390,8 @@ static int ccmp_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb)
389 u8 scratch[6 * AES_BLOCK_SIZE]; 390 u8 scratch[6 * AES_BLOCK_SIZE];
390 391
391 if (info->control.hw_key && 392 if (info->control.hw_key &&
392 !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_GENERATE_IV)) { 393 !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_GENERATE_IV) &&
394 !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE)) {
393 /* 395 /*
394 * hwaccel has no need for preallocated room for CCMP 396 * hwaccel has no need for preallocated room for CCMP
395 * header or MIC fields 397 * header or MIC fields
@@ -411,6 +413,11 @@ static int ccmp_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb)
411 413
412 pos = skb_push(skb, CCMP_HDR_LEN); 414 pos = skb_push(skb, CCMP_HDR_LEN);
413 memmove(pos, pos + CCMP_HDR_LEN, hdrlen); 415 memmove(pos, pos + CCMP_HDR_LEN, hdrlen);
416
417 /* the HW only needs room for the IV, but not the actual IV */
418 if (info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE)
419 return 0;
420
414 hdr = (struct ieee80211_hdr *) pos; 421 hdr = (struct ieee80211_hdr *) pos;
415 pos += hdrlen; 422 pos += hdrlen;
416 423
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index 32bff6d86cb2..8260b13d93c9 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -505,7 +505,7 @@ config NETFILTER_XT_TARGET_LED
505 echo netfilter-ssh > /sys/class/leds/<ledname>/trigger 505 echo netfilter-ssh > /sys/class/leds/<ledname>/trigger
506 506
507 For more information on the LEDs available on your system, see 507 For more information on the LEDs available on your system, see
508 Documentation/leds-class.txt 508 Documentation/leds/leds-class.txt
509 509
510config NETFILTER_XT_TARGET_MARK 510config NETFILTER_XT_TARGET_MARK
511 tristate '"MARK" target support' 511 tristate '"MARK" target support'
diff --git a/net/netfilter/core.c b/net/netfilter/core.c
index 899b71c0ff5d..3346829ea07f 100644
--- a/net/netfilter/core.c
+++ b/net/netfilter/core.c
@@ -37,7 +37,7 @@ int nf_register_afinfo(const struct nf_afinfo *afinfo)
37 err = mutex_lock_interruptible(&afinfo_mutex); 37 err = mutex_lock_interruptible(&afinfo_mutex);
38 if (err < 0) 38 if (err < 0)
39 return err; 39 return err;
40 rcu_assign_pointer(nf_afinfo[afinfo->family], afinfo); 40 RCU_INIT_POINTER(nf_afinfo[afinfo->family], afinfo);
41 mutex_unlock(&afinfo_mutex); 41 mutex_unlock(&afinfo_mutex);
42 return 0; 42 return 0;
43} 43}
@@ -46,7 +46,7 @@ EXPORT_SYMBOL_GPL(nf_register_afinfo);
46void nf_unregister_afinfo(const struct nf_afinfo *afinfo) 46void nf_unregister_afinfo(const struct nf_afinfo *afinfo)
47{ 47{
48 mutex_lock(&afinfo_mutex); 48 mutex_lock(&afinfo_mutex);
49 rcu_assign_pointer(nf_afinfo[afinfo->family], NULL); 49 RCU_INIT_POINTER(nf_afinfo[afinfo->family], NULL);
50 mutex_unlock(&afinfo_mutex); 50 mutex_unlock(&afinfo_mutex);
51 synchronize_rcu(); 51 synchronize_rcu();
52} 52}
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index be43fd805bd0..e3be48bf4dcd 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -2283,6 +2283,7 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len)
2283 struct ip_vs_service *svc; 2283 struct ip_vs_service *svc;
2284 struct ip_vs_dest_user *udest_compat; 2284 struct ip_vs_dest_user *udest_compat;
2285 struct ip_vs_dest_user_kern udest; 2285 struct ip_vs_dest_user_kern udest;
2286 struct netns_ipvs *ipvs = net_ipvs(net);
2286 2287
2287 if (!capable(CAP_NET_ADMIN)) 2288 if (!capable(CAP_NET_ADMIN))
2288 return -EPERM; 2289 return -EPERM;
@@ -2303,6 +2304,24 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len)
2303 /* increase the module use count */ 2304 /* increase the module use count */
2304 ip_vs_use_count_inc(); 2305 ip_vs_use_count_inc();
2305 2306
2307 /* Handle daemons since they have another lock */
2308 if (cmd == IP_VS_SO_SET_STARTDAEMON ||
2309 cmd == IP_VS_SO_SET_STOPDAEMON) {
2310 struct ip_vs_daemon_user *dm = (struct ip_vs_daemon_user *)arg;
2311
2312 if (mutex_lock_interruptible(&ipvs->sync_mutex)) {
2313 ret = -ERESTARTSYS;
2314 goto out_dec;
2315 }
2316 if (cmd == IP_VS_SO_SET_STARTDAEMON)
2317 ret = start_sync_thread(net, dm->state, dm->mcast_ifn,
2318 dm->syncid);
2319 else
2320 ret = stop_sync_thread(net, dm->state);
2321 mutex_unlock(&ipvs->sync_mutex);
2322 goto out_dec;
2323 }
2324
2306 if (mutex_lock_interruptible(&__ip_vs_mutex)) { 2325 if (mutex_lock_interruptible(&__ip_vs_mutex)) {
2307 ret = -ERESTARTSYS; 2326 ret = -ERESTARTSYS;
2308 goto out_dec; 2327 goto out_dec;
@@ -2316,15 +2335,6 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len)
2316 /* Set timeout values for (tcp tcpfin udp) */ 2335 /* Set timeout values for (tcp tcpfin udp) */
2317 ret = ip_vs_set_timeout(net, (struct ip_vs_timeout_user *)arg); 2336 ret = ip_vs_set_timeout(net, (struct ip_vs_timeout_user *)arg);
2318 goto out_unlock; 2337 goto out_unlock;
2319 } else if (cmd == IP_VS_SO_SET_STARTDAEMON) {
2320 struct ip_vs_daemon_user *dm = (struct ip_vs_daemon_user *)arg;
2321 ret = start_sync_thread(net, dm->state, dm->mcast_ifn,
2322 dm->syncid);
2323 goto out_unlock;
2324 } else if (cmd == IP_VS_SO_SET_STOPDAEMON) {
2325 struct ip_vs_daemon_user *dm = (struct ip_vs_daemon_user *)arg;
2326 ret = stop_sync_thread(net, dm->state);
2327 goto out_unlock;
2328 } 2338 }
2329 2339
2330 usvc_compat = (struct ip_vs_service_user *)arg; 2340 usvc_compat = (struct ip_vs_service_user *)arg;
@@ -2584,6 +2594,33 @@ do_ip_vs_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
2584 2594
2585 if (copy_from_user(arg, user, copylen) != 0) 2595 if (copy_from_user(arg, user, copylen) != 0)
2586 return -EFAULT; 2596 return -EFAULT;
2597 /*
2598 * Handle daemons first since it has its own locking
2599 */
2600 if (cmd == IP_VS_SO_GET_DAEMON) {
2601 struct ip_vs_daemon_user d[2];
2602
2603 memset(&d, 0, sizeof(d));
2604 if (mutex_lock_interruptible(&ipvs->sync_mutex))
2605 return -ERESTARTSYS;
2606
2607 if (ipvs->sync_state & IP_VS_STATE_MASTER) {
2608 d[0].state = IP_VS_STATE_MASTER;
2609 strlcpy(d[0].mcast_ifn, ipvs->master_mcast_ifn,
2610 sizeof(d[0].mcast_ifn));
2611 d[0].syncid = ipvs->master_syncid;
2612 }
2613 if (ipvs->sync_state & IP_VS_STATE_BACKUP) {
2614 d[1].state = IP_VS_STATE_BACKUP;
2615 strlcpy(d[1].mcast_ifn, ipvs->backup_mcast_ifn,
2616 sizeof(d[1].mcast_ifn));
2617 d[1].syncid = ipvs->backup_syncid;
2618 }
2619 if (copy_to_user(user, &d, sizeof(d)) != 0)
2620 ret = -EFAULT;
2621 mutex_unlock(&ipvs->sync_mutex);
2622 return ret;
2623 }
2587 2624
2588 if (mutex_lock_interruptible(&__ip_vs_mutex)) 2625 if (mutex_lock_interruptible(&__ip_vs_mutex))
2589 return -ERESTARTSYS; 2626 return -ERESTARTSYS;
@@ -2681,28 +2718,6 @@ do_ip_vs_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
2681 } 2718 }
2682 break; 2719 break;
2683 2720
2684 case IP_VS_SO_GET_DAEMON:
2685 {
2686 struct ip_vs_daemon_user d[2];
2687
2688 memset(&d, 0, sizeof(d));
2689 if (ipvs->sync_state & IP_VS_STATE_MASTER) {
2690 d[0].state = IP_VS_STATE_MASTER;
2691 strlcpy(d[0].mcast_ifn, ipvs->master_mcast_ifn,
2692 sizeof(d[0].mcast_ifn));
2693 d[0].syncid = ipvs->master_syncid;
2694 }
2695 if (ipvs->sync_state & IP_VS_STATE_BACKUP) {
2696 d[1].state = IP_VS_STATE_BACKUP;
2697 strlcpy(d[1].mcast_ifn, ipvs->backup_mcast_ifn,
2698 sizeof(d[1].mcast_ifn));
2699 d[1].syncid = ipvs->backup_syncid;
2700 }
2701 if (copy_to_user(user, &d, sizeof(d)) != 0)
2702 ret = -EFAULT;
2703 }
2704 break;
2705
2706 default: 2721 default:
2707 ret = -EINVAL; 2722 ret = -EINVAL;
2708 } 2723 }
@@ -3205,7 +3220,7 @@ static int ip_vs_genl_dump_daemons(struct sk_buff *skb,
3205 struct net *net = skb_sknet(skb); 3220 struct net *net = skb_sknet(skb);
3206 struct netns_ipvs *ipvs = net_ipvs(net); 3221 struct netns_ipvs *ipvs = net_ipvs(net);
3207 3222
3208 mutex_lock(&__ip_vs_mutex); 3223 mutex_lock(&ipvs->sync_mutex);
3209 if ((ipvs->sync_state & IP_VS_STATE_MASTER) && !cb->args[0]) { 3224 if ((ipvs->sync_state & IP_VS_STATE_MASTER) && !cb->args[0]) {
3210 if (ip_vs_genl_dump_daemon(skb, IP_VS_STATE_MASTER, 3225 if (ip_vs_genl_dump_daemon(skb, IP_VS_STATE_MASTER,
3211 ipvs->master_mcast_ifn, 3226 ipvs->master_mcast_ifn,
@@ -3225,7 +3240,7 @@ static int ip_vs_genl_dump_daemons(struct sk_buff *skb,
3225 } 3240 }
3226 3241
3227nla_put_failure: 3242nla_put_failure:
3228 mutex_unlock(&__ip_vs_mutex); 3243 mutex_unlock(&ipvs->sync_mutex);
3229 3244
3230 return skb->len; 3245 return skb->len;
3231} 3246}
@@ -3271,13 +3286,9 @@ static int ip_vs_genl_set_config(struct net *net, struct nlattr **attrs)
3271 return ip_vs_set_timeout(net, &t); 3286 return ip_vs_set_timeout(net, &t);
3272} 3287}
3273 3288
3274static int ip_vs_genl_set_cmd(struct sk_buff *skb, struct genl_info *info) 3289static int ip_vs_genl_set_daemon(struct sk_buff *skb, struct genl_info *info)
3275{ 3290{
3276 struct ip_vs_service *svc = NULL;
3277 struct ip_vs_service_user_kern usvc;
3278 struct ip_vs_dest_user_kern udest;
3279 int ret = 0, cmd; 3291 int ret = 0, cmd;
3280 int need_full_svc = 0, need_full_dest = 0;
3281 struct net *net; 3292 struct net *net;
3282 struct netns_ipvs *ipvs; 3293 struct netns_ipvs *ipvs;
3283 3294
@@ -3285,19 +3296,10 @@ static int ip_vs_genl_set_cmd(struct sk_buff *skb, struct genl_info *info)
3285 ipvs = net_ipvs(net); 3296 ipvs = net_ipvs(net);
3286 cmd = info->genlhdr->cmd; 3297 cmd = info->genlhdr->cmd;
3287 3298
3288 mutex_lock(&__ip_vs_mutex); 3299 if (cmd == IPVS_CMD_NEW_DAEMON || cmd == IPVS_CMD_DEL_DAEMON) {
3289
3290 if (cmd == IPVS_CMD_FLUSH) {
3291 ret = ip_vs_flush(net);
3292 goto out;
3293 } else if (cmd == IPVS_CMD_SET_CONFIG) {
3294 ret = ip_vs_genl_set_config(net, info->attrs);
3295 goto out;
3296 } else if (cmd == IPVS_CMD_NEW_DAEMON ||
3297 cmd == IPVS_CMD_DEL_DAEMON) {
3298
3299 struct nlattr *daemon_attrs[IPVS_DAEMON_ATTR_MAX + 1]; 3300 struct nlattr *daemon_attrs[IPVS_DAEMON_ATTR_MAX + 1];
3300 3301
3302 mutex_lock(&ipvs->sync_mutex);
3301 if (!info->attrs[IPVS_CMD_ATTR_DAEMON] || 3303 if (!info->attrs[IPVS_CMD_ATTR_DAEMON] ||
3302 nla_parse_nested(daemon_attrs, IPVS_DAEMON_ATTR_MAX, 3304 nla_parse_nested(daemon_attrs, IPVS_DAEMON_ATTR_MAX,
3303 info->attrs[IPVS_CMD_ATTR_DAEMON], 3305 info->attrs[IPVS_CMD_ATTR_DAEMON],
@@ -3310,6 +3312,33 @@ static int ip_vs_genl_set_cmd(struct sk_buff *skb, struct genl_info *info)
3310 ret = ip_vs_genl_new_daemon(net, daemon_attrs); 3312 ret = ip_vs_genl_new_daemon(net, daemon_attrs);
3311 else 3313 else
3312 ret = ip_vs_genl_del_daemon(net, daemon_attrs); 3314 ret = ip_vs_genl_del_daemon(net, daemon_attrs);
3315out:
3316 mutex_unlock(&ipvs->sync_mutex);
3317 }
3318 return ret;
3319}
3320
3321static int ip_vs_genl_set_cmd(struct sk_buff *skb, struct genl_info *info)
3322{
3323 struct ip_vs_service *svc = NULL;
3324 struct ip_vs_service_user_kern usvc;
3325 struct ip_vs_dest_user_kern udest;
3326 int ret = 0, cmd;
3327 int need_full_svc = 0, need_full_dest = 0;
3328 struct net *net;
3329 struct netns_ipvs *ipvs;
3330
3331 net = skb_sknet(skb);
3332 ipvs = net_ipvs(net);
3333 cmd = info->genlhdr->cmd;
3334
3335 mutex_lock(&__ip_vs_mutex);
3336
3337 if (cmd == IPVS_CMD_FLUSH) {
3338 ret = ip_vs_flush(net);
3339 goto out;
3340 } else if (cmd == IPVS_CMD_SET_CONFIG) {
3341 ret = ip_vs_genl_set_config(net, info->attrs);
3313 goto out; 3342 goto out;
3314 } else if (cmd == IPVS_CMD_ZERO && 3343 } else if (cmd == IPVS_CMD_ZERO &&
3315 !info->attrs[IPVS_CMD_ATTR_SERVICE]) { 3344 !info->attrs[IPVS_CMD_ATTR_SERVICE]) {
@@ -3536,13 +3565,13 @@ static struct genl_ops ip_vs_genl_ops[] __read_mostly = {
3536 .cmd = IPVS_CMD_NEW_DAEMON, 3565 .cmd = IPVS_CMD_NEW_DAEMON,
3537 .flags = GENL_ADMIN_PERM, 3566 .flags = GENL_ADMIN_PERM,
3538 .policy = ip_vs_cmd_policy, 3567 .policy = ip_vs_cmd_policy,
3539 .doit = ip_vs_genl_set_cmd, 3568 .doit = ip_vs_genl_set_daemon,
3540 }, 3569 },
3541 { 3570 {
3542 .cmd = IPVS_CMD_DEL_DAEMON, 3571 .cmd = IPVS_CMD_DEL_DAEMON,
3543 .flags = GENL_ADMIN_PERM, 3572 .flags = GENL_ADMIN_PERM,
3544 .policy = ip_vs_cmd_policy, 3573 .policy = ip_vs_cmd_policy,
3545 .doit = ip_vs_genl_set_cmd, 3574 .doit = ip_vs_genl_set_daemon,
3546 }, 3575 },
3547 { 3576 {
3548 .cmd = IPVS_CMD_GET_DAEMON, 3577 .cmd = IPVS_CMD_GET_DAEMON,
@@ -3679,7 +3708,7 @@ int __net_init ip_vs_control_net_init(struct net *net)
3679 int idx; 3708 int idx;
3680 struct netns_ipvs *ipvs = net_ipvs(net); 3709 struct netns_ipvs *ipvs = net_ipvs(net);
3681 3710
3682 ipvs->rs_lock = __RW_LOCK_UNLOCKED(ipvs->rs_lock); 3711 rwlock_init(&ipvs->rs_lock);
3683 3712
3684 /* Initialize rs_table */ 3713 /* Initialize rs_table */
3685 for (idx = 0; idx < IP_VS_RTAB_SIZE; idx++) 3714 for (idx = 0; idx < IP_VS_RTAB_SIZE; idx++)
@@ -3771,6 +3800,7 @@ err_sock:
3771void ip_vs_control_cleanup(void) 3800void ip_vs_control_cleanup(void)
3772{ 3801{
3773 EnterFunction(2); 3802 EnterFunction(2);
3803 unregister_netdevice_notifier(&ip_vs_dst_notifier);
3774 ip_vs_genl_unregister(); 3804 ip_vs_genl_unregister();
3775 nf_unregister_sockopt(&ip_vs_sockopts); 3805 nf_unregister_sockopt(&ip_vs_sockopts);
3776 LeaveFunction(2); 3806 LeaveFunction(2);
diff --git a/net/netfilter/ipvs/ip_vs_sync.c b/net/netfilter/ipvs/ip_vs_sync.c
index 7ee7215b8ba0..3cdd479f9b5d 100644
--- a/net/netfilter/ipvs/ip_vs_sync.c
+++ b/net/netfilter/ipvs/ip_vs_sync.c
@@ -61,6 +61,7 @@
61 61
62#define SYNC_PROTO_VER 1 /* Protocol version in header */ 62#define SYNC_PROTO_VER 1 /* Protocol version in header */
63 63
64static struct lock_class_key __ipvs_sync_key;
64/* 65/*
65 * IPVS sync connection entry 66 * IPVS sync connection entry
66 * Version 0, i.e. original version. 67 * Version 0, i.e. original version.
@@ -1545,6 +1546,7 @@ int start_sync_thread(struct net *net, int state, char *mcast_ifn, __u8 syncid)
1545 IP_VS_DBG(7, "Each ip_vs_sync_conn entry needs %Zd bytes\n", 1546 IP_VS_DBG(7, "Each ip_vs_sync_conn entry needs %Zd bytes\n",
1546 sizeof(struct ip_vs_sync_conn_v0)); 1547 sizeof(struct ip_vs_sync_conn_v0));
1547 1548
1549
1548 if (state == IP_VS_STATE_MASTER) { 1550 if (state == IP_VS_STATE_MASTER) {
1549 if (ipvs->master_thread) 1551 if (ipvs->master_thread)
1550 return -EEXIST; 1552 return -EEXIST;
@@ -1667,6 +1669,7 @@ int __net_init ip_vs_sync_net_init(struct net *net)
1667{ 1669{
1668 struct netns_ipvs *ipvs = net_ipvs(net); 1670 struct netns_ipvs *ipvs = net_ipvs(net);
1669 1671
1672 __mutex_init(&ipvs->sync_mutex, "ipvs->sync_mutex", &__ipvs_sync_key);
1670 INIT_LIST_HEAD(&ipvs->sync_queue); 1673 INIT_LIST_HEAD(&ipvs->sync_queue);
1671 spin_lock_init(&ipvs->sync_lock); 1674 spin_lock_init(&ipvs->sync_lock);
1672 spin_lock_init(&ipvs->sync_buff_lock); 1675 spin_lock_init(&ipvs->sync_buff_lock);
@@ -1680,7 +1683,9 @@ int __net_init ip_vs_sync_net_init(struct net *net)
1680void ip_vs_sync_net_cleanup(struct net *net) 1683void ip_vs_sync_net_cleanup(struct net *net)
1681{ 1684{
1682 int retc; 1685 int retc;
1686 struct netns_ipvs *ipvs = net_ipvs(net);
1683 1687
1688 mutex_lock(&ipvs->sync_mutex);
1684 retc = stop_sync_thread(net, IP_VS_STATE_MASTER); 1689 retc = stop_sync_thread(net, IP_VS_STATE_MASTER);
1685 if (retc && retc != -ESRCH) 1690 if (retc && retc != -ESRCH)
1686 pr_err("Failed to stop Master Daemon\n"); 1691 pr_err("Failed to stop Master Daemon\n");
@@ -1688,4 +1693,5 @@ void ip_vs_sync_net_cleanup(struct net *net)
1688 retc = stop_sync_thread(net, IP_VS_STATE_BACKUP); 1693 retc = stop_sync_thread(net, IP_VS_STATE_BACKUP);
1689 if (retc && retc != -ESRCH) 1694 if (retc && retc != -ESRCH)
1690 pr_err("Failed to stop Backup Daemon\n"); 1695 pr_err("Failed to stop Backup Daemon\n");
1696 mutex_unlock(&ipvs->sync_mutex);
1691} 1697}
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index f7af8b866017..5acfaf59a9c3 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -779,7 +779,7 @@ init_conntrack(struct net *net, struct nf_conn *tmpl,
779 if (exp->helper) { 779 if (exp->helper) {
780 help = nf_ct_helper_ext_add(ct, GFP_ATOMIC); 780 help = nf_ct_helper_ext_add(ct, GFP_ATOMIC);
781 if (help) 781 if (help)
782 rcu_assign_pointer(help->helper, exp->helper); 782 RCU_INIT_POINTER(help->helper, exp->helper);
783 } 783 }
784 784
785#ifdef CONFIG_NF_CONNTRACK_MARK 785#ifdef CONFIG_NF_CONNTRACK_MARK
@@ -1317,7 +1317,7 @@ static void nf_conntrack_cleanup_net(struct net *net)
1317void nf_conntrack_cleanup(struct net *net) 1317void nf_conntrack_cleanup(struct net *net)
1318{ 1318{
1319 if (net_eq(net, &init_net)) 1319 if (net_eq(net, &init_net))
1320 rcu_assign_pointer(ip_ct_attach, NULL); 1320 RCU_INIT_POINTER(ip_ct_attach, NULL);
1321 1321
1322 /* This makes sure all current packets have passed through 1322 /* This makes sure all current packets have passed through
1323 netfilter framework. Roll on, two-stage module 1323 netfilter framework. Roll on, two-stage module
@@ -1327,7 +1327,7 @@ void nf_conntrack_cleanup(struct net *net)
1327 nf_conntrack_cleanup_net(net); 1327 nf_conntrack_cleanup_net(net);
1328 1328
1329 if (net_eq(net, &init_net)) { 1329 if (net_eq(net, &init_net)) {
1330 rcu_assign_pointer(nf_ct_destroy, NULL); 1330 RCU_INIT_POINTER(nf_ct_destroy, NULL);
1331 nf_conntrack_cleanup_init_net(); 1331 nf_conntrack_cleanup_init_net();
1332 } 1332 }
1333} 1333}
@@ -1576,11 +1576,11 @@ int nf_conntrack_init(struct net *net)
1576 1576
1577 if (net_eq(net, &init_net)) { 1577 if (net_eq(net, &init_net)) {
1578 /* For use by REJECT target */ 1578 /* For use by REJECT target */
1579 rcu_assign_pointer(ip_ct_attach, nf_conntrack_attach); 1579 RCU_INIT_POINTER(ip_ct_attach, nf_conntrack_attach);
1580 rcu_assign_pointer(nf_ct_destroy, destroy_conntrack); 1580 RCU_INIT_POINTER(nf_ct_destroy, destroy_conntrack);
1581 1581
1582 /* Howto get NAT offsets */ 1582 /* Howto get NAT offsets */
1583 rcu_assign_pointer(nf_ct_nat_offset, NULL); 1583 RCU_INIT_POINTER(nf_ct_nat_offset, NULL);
1584 } 1584 }
1585 return 0; 1585 return 0;
1586 1586
diff --git a/net/netfilter/nf_conntrack_ecache.c b/net/netfilter/nf_conntrack_ecache.c
index 63a1b915a7e4..3add99439059 100644
--- a/net/netfilter/nf_conntrack_ecache.c
+++ b/net/netfilter/nf_conntrack_ecache.c
@@ -94,7 +94,7 @@ int nf_conntrack_register_notifier(struct nf_ct_event_notifier *new)
94 ret = -EBUSY; 94 ret = -EBUSY;
95 goto out_unlock; 95 goto out_unlock;
96 } 96 }
97 rcu_assign_pointer(nf_conntrack_event_cb, new); 97 RCU_INIT_POINTER(nf_conntrack_event_cb, new);
98 mutex_unlock(&nf_ct_ecache_mutex); 98 mutex_unlock(&nf_ct_ecache_mutex);
99 return ret; 99 return ret;
100 100
@@ -112,7 +112,7 @@ void nf_conntrack_unregister_notifier(struct nf_ct_event_notifier *new)
112 notify = rcu_dereference_protected(nf_conntrack_event_cb, 112 notify = rcu_dereference_protected(nf_conntrack_event_cb,
113 lockdep_is_held(&nf_ct_ecache_mutex)); 113 lockdep_is_held(&nf_ct_ecache_mutex));
114 BUG_ON(notify != new); 114 BUG_ON(notify != new);
115 rcu_assign_pointer(nf_conntrack_event_cb, NULL); 115 RCU_INIT_POINTER(nf_conntrack_event_cb, NULL);
116 mutex_unlock(&nf_ct_ecache_mutex); 116 mutex_unlock(&nf_ct_ecache_mutex);
117} 117}
118EXPORT_SYMBOL_GPL(nf_conntrack_unregister_notifier); 118EXPORT_SYMBOL_GPL(nf_conntrack_unregister_notifier);
@@ -129,7 +129,7 @@ int nf_ct_expect_register_notifier(struct nf_exp_event_notifier *new)
129 ret = -EBUSY; 129 ret = -EBUSY;
130 goto out_unlock; 130 goto out_unlock;
131 } 131 }
132 rcu_assign_pointer(nf_expect_event_cb, new); 132 RCU_INIT_POINTER(nf_expect_event_cb, new);
133 mutex_unlock(&nf_ct_ecache_mutex); 133 mutex_unlock(&nf_ct_ecache_mutex);
134 return ret; 134 return ret;
135 135
@@ -147,7 +147,7 @@ void nf_ct_expect_unregister_notifier(struct nf_exp_event_notifier *new)
147 notify = rcu_dereference_protected(nf_expect_event_cb, 147 notify = rcu_dereference_protected(nf_expect_event_cb,
148 lockdep_is_held(&nf_ct_ecache_mutex)); 148 lockdep_is_held(&nf_ct_ecache_mutex));
149 BUG_ON(notify != new); 149 BUG_ON(notify != new);
150 rcu_assign_pointer(nf_expect_event_cb, NULL); 150 RCU_INIT_POINTER(nf_expect_event_cb, NULL);
151 mutex_unlock(&nf_ct_ecache_mutex); 151 mutex_unlock(&nf_ct_ecache_mutex);
152} 152}
153EXPORT_SYMBOL_GPL(nf_ct_expect_unregister_notifier); 153EXPORT_SYMBOL_GPL(nf_ct_expect_unregister_notifier);
diff --git a/net/netfilter/nf_conntrack_extend.c b/net/netfilter/nf_conntrack_extend.c
index 05ecdc281a53..4605c947dcc4 100644
--- a/net/netfilter/nf_conntrack_extend.c
+++ b/net/netfilter/nf_conntrack_extend.c
@@ -169,7 +169,7 @@ int nf_ct_extend_register(struct nf_ct_ext_type *type)
169 before updating alloc_size */ 169 before updating alloc_size */
170 type->alloc_size = ALIGN(sizeof(struct nf_ct_ext), type->align) 170 type->alloc_size = ALIGN(sizeof(struct nf_ct_ext), type->align)
171 + type->len; 171 + type->len;
172 rcu_assign_pointer(nf_ct_ext_types[type->id], type); 172 RCU_INIT_POINTER(nf_ct_ext_types[type->id], type);
173 update_alloc_size(type); 173 update_alloc_size(type);
174out: 174out:
175 mutex_unlock(&nf_ct_ext_type_mutex); 175 mutex_unlock(&nf_ct_ext_type_mutex);
@@ -181,7 +181,7 @@ EXPORT_SYMBOL_GPL(nf_ct_extend_register);
181void nf_ct_extend_unregister(struct nf_ct_ext_type *type) 181void nf_ct_extend_unregister(struct nf_ct_ext_type *type)
182{ 182{
183 mutex_lock(&nf_ct_ext_type_mutex); 183 mutex_lock(&nf_ct_ext_type_mutex);
184 rcu_assign_pointer(nf_ct_ext_types[type->id], NULL); 184 RCU_INIT_POINTER(nf_ct_ext_types[type->id], NULL);
185 update_alloc_size(type); 185 update_alloc_size(type);
186 mutex_unlock(&nf_ct_ext_type_mutex); 186 mutex_unlock(&nf_ct_ext_type_mutex);
187 rcu_barrier(); /* Wait for completion of call_rcu()'s */ 187 rcu_barrier(); /* Wait for completion of call_rcu()'s */
diff --git a/net/netfilter/nf_conntrack_helper.c b/net/netfilter/nf_conntrack_helper.c
index 1bdfea357955..93c4bdbfc1ae 100644
--- a/net/netfilter/nf_conntrack_helper.c
+++ b/net/netfilter/nf_conntrack_helper.c
@@ -131,7 +131,7 @@ int __nf_ct_try_assign_helper(struct nf_conn *ct, struct nf_conn *tmpl,
131 helper = __nf_ct_helper_find(&ct->tuplehash[IP_CT_DIR_REPLY].tuple); 131 helper = __nf_ct_helper_find(&ct->tuplehash[IP_CT_DIR_REPLY].tuple);
132 if (helper == NULL) { 132 if (helper == NULL) {
133 if (help) 133 if (help)
134 rcu_assign_pointer(help->helper, NULL); 134 RCU_INIT_POINTER(help->helper, NULL);
135 goto out; 135 goto out;
136 } 136 }
137 137
@@ -145,7 +145,7 @@ int __nf_ct_try_assign_helper(struct nf_conn *ct, struct nf_conn *tmpl,
145 memset(&help->help, 0, sizeof(help->help)); 145 memset(&help->help, 0, sizeof(help->help));
146 } 146 }
147 147
148 rcu_assign_pointer(help->helper, helper); 148 RCU_INIT_POINTER(help->helper, helper);
149out: 149out:
150 return ret; 150 return ret;
151} 151}
@@ -162,7 +162,7 @@ static inline int unhelp(struct nf_conntrack_tuple_hash *i,
162 lockdep_is_held(&nf_conntrack_lock) 162 lockdep_is_held(&nf_conntrack_lock)
163 ) == me) { 163 ) == me) {
164 nf_conntrack_event(IPCT_HELPER, ct); 164 nf_conntrack_event(IPCT_HELPER, ct);
165 rcu_assign_pointer(help->helper, NULL); 165 RCU_INIT_POINTER(help->helper, NULL);
166 } 166 }
167 return 0; 167 return 0;
168} 168}
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 7dec88a1755b..e58aa9b1fe8a 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -1125,7 +1125,7 @@ ctnetlink_change_helper(struct nf_conn *ct, const struct nlattr * const cda[])
1125 if (help && help->helper) { 1125 if (help && help->helper) {
1126 /* we had a helper before ... */ 1126 /* we had a helper before ... */
1127 nf_ct_remove_expectations(ct); 1127 nf_ct_remove_expectations(ct);
1128 rcu_assign_pointer(help->helper, NULL); 1128 RCU_INIT_POINTER(help->helper, NULL);
1129 } 1129 }
1130 1130
1131 return 0; 1131 return 0;
@@ -1163,7 +1163,7 @@ ctnetlink_change_helper(struct nf_conn *ct, const struct nlattr * const cda[])
1163 return -EOPNOTSUPP; 1163 return -EOPNOTSUPP;
1164 } 1164 }
1165 1165
1166 rcu_assign_pointer(help->helper, helper); 1166 RCU_INIT_POINTER(help->helper, helper);
1167 1167
1168 return 0; 1168 return 0;
1169} 1169}
@@ -1386,7 +1386,7 @@ ctnetlink_create_conntrack(struct net *net, u16 zone,
1386 } 1386 }
1387 1387
1388 /* not in hash table yet so not strictly necessary */ 1388 /* not in hash table yet so not strictly necessary */
1389 rcu_assign_pointer(help->helper, helper); 1389 RCU_INIT_POINTER(help->helper, helper);
1390 } 1390 }
1391 } else { 1391 } else {
1392 /* try an implicit helper assignation */ 1392 /* try an implicit helper assignation */
diff --git a/net/netfilter/nf_conntrack_pptp.c b/net/netfilter/nf_conntrack_pptp.c
index 2fd4565144de..31d56b23b9e9 100644
--- a/net/netfilter/nf_conntrack_pptp.c
+++ b/net/netfilter/nf_conntrack_pptp.c
@@ -364,6 +364,7 @@ pptp_inbound_pkt(struct sk_buff *skb,
364 break; 364 break;
365 365
366 case PPTP_WAN_ERROR_NOTIFY: 366 case PPTP_WAN_ERROR_NOTIFY:
367 case PPTP_SET_LINK_INFO:
367 case PPTP_ECHO_REQUEST: 368 case PPTP_ECHO_REQUEST:
368 case PPTP_ECHO_REPLY: 369 case PPTP_ECHO_REPLY:
369 /* I don't have to explain these ;) */ 370 /* I don't have to explain these ;) */
diff --git a/net/netfilter/nf_conntrack_proto_gre.c b/net/netfilter/nf_conntrack_proto_gre.c
index cf616e55ca41..d69facdd9a7a 100644
--- a/net/netfilter/nf_conntrack_proto_gre.c
+++ b/net/netfilter/nf_conntrack_proto_gre.c
@@ -241,8 +241,8 @@ static int gre_packet(struct nf_conn *ct,
241 nf_ct_refresh_acct(ct, ctinfo, skb, 241 nf_ct_refresh_acct(ct, ctinfo, skb,
242 ct->proto.gre.stream_timeout); 242 ct->proto.gre.stream_timeout);
243 /* Also, more likely to be important, and not a probe. */ 243 /* Also, more likely to be important, and not a probe. */
244 set_bit(IPS_ASSURED_BIT, &ct->status); 244 if (!test_and_set_bit(IPS_ASSURED_BIT, &ct->status))
245 nf_conntrack_event_cache(IPCT_ASSURED, ct); 245 nf_conntrack_event_cache(IPCT_ASSURED, ct);
246 } else 246 } else
247 nf_ct_refresh_acct(ct, ctinfo, skb, 247 nf_ct_refresh_acct(ct, ctinfo, skb,
248 ct->proto.gre.timeout); 248 ct->proto.gre.timeout);
diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c
index 37bf94394be0..8235b86b4e87 100644
--- a/net/netfilter/nf_conntrack_proto_tcp.c
+++ b/net/netfilter/nf_conntrack_proto_tcp.c
@@ -409,7 +409,7 @@ static void tcp_options(const struct sk_buff *skb,
409 if (opsize < 2) /* "silly options" */ 409 if (opsize < 2) /* "silly options" */
410 return; 410 return;
411 if (opsize > length) 411 if (opsize > length)
412 break; /* don't parse partial options */ 412 return; /* don't parse partial options */
413 413
414 if (opcode == TCPOPT_SACK_PERM 414 if (opcode == TCPOPT_SACK_PERM
415 && opsize == TCPOLEN_SACK_PERM) 415 && opsize == TCPOLEN_SACK_PERM)
@@ -447,7 +447,7 @@ static void tcp_sack(const struct sk_buff *skb, unsigned int dataoff,
447 BUG_ON(ptr == NULL); 447 BUG_ON(ptr == NULL);
448 448
449 /* Fast path for timestamp-only option */ 449 /* Fast path for timestamp-only option */
450 if (length == TCPOLEN_TSTAMP_ALIGNED*4 450 if (length == TCPOLEN_TSTAMP_ALIGNED
451 && *(__be32 *)ptr == htonl((TCPOPT_NOP << 24) 451 && *(__be32 *)ptr == htonl((TCPOPT_NOP << 24)
452 | (TCPOPT_NOP << 16) 452 | (TCPOPT_NOP << 16)
453 | (TCPOPT_TIMESTAMP << 8) 453 | (TCPOPT_TIMESTAMP << 8)
@@ -469,7 +469,7 @@ static void tcp_sack(const struct sk_buff *skb, unsigned int dataoff,
469 if (opsize < 2) /* "silly options" */ 469 if (opsize < 2) /* "silly options" */
470 return; 470 return;
471 if (opsize > length) 471 if (opsize > length)
472 break; /* don't parse partial options */ 472 return; /* don't parse partial options */
473 473
474 if (opcode == TCPOPT_SACK 474 if (opcode == TCPOPT_SACK
475 && opsize >= (TCPOLEN_SACK_BASE 475 && opsize >= (TCPOLEN_SACK_BASE
diff --git a/net/netfilter/nf_log.c b/net/netfilter/nf_log.c
index 20714edf6cd2..ce0c406f58a8 100644
--- a/net/netfilter/nf_log.c
+++ b/net/netfilter/nf_log.c
@@ -55,7 +55,7 @@ int nf_log_register(u_int8_t pf, struct nf_logger *logger)
55 llog = rcu_dereference_protected(nf_loggers[pf], 55 llog = rcu_dereference_protected(nf_loggers[pf],
56 lockdep_is_held(&nf_log_mutex)); 56 lockdep_is_held(&nf_log_mutex));
57 if (llog == NULL) 57 if (llog == NULL)
58 rcu_assign_pointer(nf_loggers[pf], logger); 58 RCU_INIT_POINTER(nf_loggers[pf], logger);
59 } 59 }
60 60
61 mutex_unlock(&nf_log_mutex); 61 mutex_unlock(&nf_log_mutex);
@@ -74,7 +74,7 @@ void nf_log_unregister(struct nf_logger *logger)
74 c_logger = rcu_dereference_protected(nf_loggers[i], 74 c_logger = rcu_dereference_protected(nf_loggers[i],
75 lockdep_is_held(&nf_log_mutex)); 75 lockdep_is_held(&nf_log_mutex));
76 if (c_logger == logger) 76 if (c_logger == logger)
77 rcu_assign_pointer(nf_loggers[i], NULL); 77 RCU_INIT_POINTER(nf_loggers[i], NULL);
78 list_del(&logger->list[i]); 78 list_del(&logger->list[i]);
79 } 79 }
80 mutex_unlock(&nf_log_mutex); 80 mutex_unlock(&nf_log_mutex);
@@ -92,7 +92,7 @@ int nf_log_bind_pf(u_int8_t pf, const struct nf_logger *logger)
92 mutex_unlock(&nf_log_mutex); 92 mutex_unlock(&nf_log_mutex);
93 return -ENOENT; 93 return -ENOENT;
94 } 94 }
95 rcu_assign_pointer(nf_loggers[pf], logger); 95 RCU_INIT_POINTER(nf_loggers[pf], logger);
96 mutex_unlock(&nf_log_mutex); 96 mutex_unlock(&nf_log_mutex);
97 return 0; 97 return 0;
98} 98}
@@ -103,7 +103,7 @@ void nf_log_unbind_pf(u_int8_t pf)
103 if (pf >= ARRAY_SIZE(nf_loggers)) 103 if (pf >= ARRAY_SIZE(nf_loggers))
104 return; 104 return;
105 mutex_lock(&nf_log_mutex); 105 mutex_lock(&nf_log_mutex);
106 rcu_assign_pointer(nf_loggers[pf], NULL); 106 RCU_INIT_POINTER(nf_loggers[pf], NULL);
107 mutex_unlock(&nf_log_mutex); 107 mutex_unlock(&nf_log_mutex);
108} 108}
109EXPORT_SYMBOL(nf_log_unbind_pf); 109EXPORT_SYMBOL(nf_log_unbind_pf);
@@ -250,7 +250,7 @@ static int nf_log_proc_dostring(ctl_table *table, int write,
250 mutex_unlock(&nf_log_mutex); 250 mutex_unlock(&nf_log_mutex);
251 return -ENOENT; 251 return -ENOENT;
252 } 252 }
253 rcu_assign_pointer(nf_loggers[tindex], logger); 253 RCU_INIT_POINTER(nf_loggers[tindex], logger);
254 mutex_unlock(&nf_log_mutex); 254 mutex_unlock(&nf_log_mutex);
255 } else { 255 } else {
256 mutex_lock(&nf_log_mutex); 256 mutex_lock(&nf_log_mutex);
diff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c
index 5b466cd1272f..99ffd2885088 100644
--- a/net/netfilter/nf_queue.c
+++ b/net/netfilter/nf_queue.c
@@ -40,7 +40,7 @@ int nf_register_queue_handler(u_int8_t pf, const struct nf_queue_handler *qh)
40 else if (old) 40 else if (old)
41 ret = -EBUSY; 41 ret = -EBUSY;
42 else { 42 else {
43 rcu_assign_pointer(queue_handler[pf], qh); 43 RCU_INIT_POINTER(queue_handler[pf], qh);
44 ret = 0; 44 ret = 0;
45 } 45 }
46 mutex_unlock(&queue_handler_mutex); 46 mutex_unlock(&queue_handler_mutex);
@@ -65,7 +65,7 @@ int nf_unregister_queue_handler(u_int8_t pf, const struct nf_queue_handler *qh)
65 return -EINVAL; 65 return -EINVAL;
66 } 66 }
67 67
68 rcu_assign_pointer(queue_handler[pf], NULL); 68 RCU_INIT_POINTER(queue_handler[pf], NULL);
69 mutex_unlock(&queue_handler_mutex); 69 mutex_unlock(&queue_handler_mutex);
70 70
71 synchronize_rcu(); 71 synchronize_rcu();
@@ -84,7 +84,7 @@ void nf_unregister_queue_handlers(const struct nf_queue_handler *qh)
84 queue_handler[pf], 84 queue_handler[pf],
85 lockdep_is_held(&queue_handler_mutex) 85 lockdep_is_held(&queue_handler_mutex)
86 ) == qh) 86 ) == qh)
87 rcu_assign_pointer(queue_handler[pf], NULL); 87 RCU_INIT_POINTER(queue_handler[pf], NULL);
88 } 88 }
89 mutex_unlock(&queue_handler_mutex); 89 mutex_unlock(&queue_handler_mutex);
90 90
@@ -312,6 +312,7 @@ void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict)
312 } 312 }
313 break; 313 break;
314 case NF_STOLEN: 314 case NF_STOLEN:
315 break;
315 default: 316 default:
316 kfree_skb(skb); 317 kfree_skb(skb);
317 } 318 }
diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c
index 1905976b5135..c879c1a2370e 100644
--- a/net/netfilter/nfnetlink.c
+++ b/net/netfilter/nfnetlink.c
@@ -59,7 +59,7 @@ int nfnetlink_subsys_register(const struct nfnetlink_subsystem *n)
59 nfnl_unlock(); 59 nfnl_unlock();
60 return -EBUSY; 60 return -EBUSY;
61 } 61 }
62 rcu_assign_pointer(subsys_table[n->subsys_id], n); 62 RCU_INIT_POINTER(subsys_table[n->subsys_id], n);
63 nfnl_unlock(); 63 nfnl_unlock();
64 64
65 return 0; 65 return 0;
@@ -210,7 +210,7 @@ static int __net_init nfnetlink_net_init(struct net *net)
210 if (!nfnl) 210 if (!nfnl)
211 return -ENOMEM; 211 return -ENOMEM;
212 net->nfnl_stash = nfnl; 212 net->nfnl_stash = nfnl;
213 rcu_assign_pointer(net->nfnl, nfnl); 213 RCU_INIT_POINTER(net->nfnl, nfnl);
214 return 0; 214 return 0;
215} 215}
216 216
@@ -219,7 +219,7 @@ static void __net_exit nfnetlink_net_exit_batch(struct list_head *net_exit_list)
219 struct net *net; 219 struct net *net;
220 220
221 list_for_each_entry(net, net_exit_list, exit_list) 221 list_for_each_entry(net, net_exit_list, exit_list)
222 rcu_assign_pointer(net->nfnl, NULL); 222 RCU_INIT_POINTER(net->nfnl, NULL);
223 synchronize_net(); 223 synchronize_net();
224 list_for_each_entry(net, net_exit_list, exit_list) 224 list_for_each_entry(net, net_exit_list, exit_list)
225 netlink_kernel_release(net->nfnl_stash); 225 netlink_kernel_release(net->nfnl_stash);
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index 00bd475eab4b..a80b0cb03f17 100644
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -646,8 +646,8 @@ verdicthdr_get(const struct nlattr * const nfqa[])
646 return NULL; 646 return NULL;
647 647
648 vhdr = nla_data(nfqa[NFQA_VERDICT_HDR]); 648 vhdr = nla_data(nfqa[NFQA_VERDICT_HDR]);
649 verdict = ntohl(vhdr->verdict); 649 verdict = ntohl(vhdr->verdict) & NF_VERDICT_MASK;
650 if ((verdict & NF_VERDICT_MASK) > NF_MAX_VERDICT) 650 if (verdict > NF_MAX_VERDICT || verdict == NF_STOLEN)
651 return NULL; 651 return NULL;
652 return vhdr; 652 return vhdr;
653} 653}
diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
index b0869fe3633b..71441b934ffd 100644
--- a/net/netfilter/x_tables.c
+++ b/net/netfilter/x_tables.c
@@ -776,12 +776,11 @@ static int xt_jumpstack_alloc(struct xt_table_info *i)
776 776
777 size = sizeof(void **) * nr_cpu_ids; 777 size = sizeof(void **) * nr_cpu_ids;
778 if (size > PAGE_SIZE) 778 if (size > PAGE_SIZE)
779 i->jumpstack = vmalloc(size); 779 i->jumpstack = vzalloc(size);
780 else 780 else
781 i->jumpstack = kmalloc(size, GFP_KERNEL); 781 i->jumpstack = kzalloc(size, GFP_KERNEL);
782 if (i->jumpstack == NULL) 782 if (i->jumpstack == NULL)
783 return -ENOMEM; 783 return -ENOMEM;
784 memset(i->jumpstack, 0, size);
785 784
786 i->stacksize *= xt_jumpstack_multiplier; 785 i->stacksize *= xt_jumpstack_multiplier;
787 size = sizeof(void *) * i->stacksize; 786 size = sizeof(void *) * i->stacksize;
diff --git a/net/netfilter/xt_rateest.c b/net/netfilter/xt_rateest.c
index 76a083184d8e..ed0db15ab00e 100644
--- a/net/netfilter/xt_rateest.c
+++ b/net/netfilter/xt_rateest.c
@@ -78,7 +78,7 @@ static int xt_rateest_mt_checkentry(const struct xt_mtchk_param *par)
78{ 78{
79 struct xt_rateest_match_info *info = par->matchinfo; 79 struct xt_rateest_match_info *info = par->matchinfo;
80 struct xt_rateest *est1, *est2; 80 struct xt_rateest *est1, *est2;
81 int ret = false; 81 int ret = -EINVAL;
82 82
83 if (hweight32(info->flags & (XT_RATEEST_MATCH_ABS | 83 if (hweight32(info->flags & (XT_RATEEST_MATCH_ABS |
84 XT_RATEEST_MATCH_REL)) != 1) 84 XT_RATEEST_MATCH_REL)) != 1)
@@ -101,13 +101,12 @@ static int xt_rateest_mt_checkentry(const struct xt_mtchk_param *par)
101 if (!est1) 101 if (!est1)
102 goto err1; 102 goto err1;
103 103
104 est2 = NULL;
104 if (info->flags & XT_RATEEST_MATCH_REL) { 105 if (info->flags & XT_RATEEST_MATCH_REL) {
105 est2 = xt_rateest_lookup(info->name2); 106 est2 = xt_rateest_lookup(info->name2);
106 if (!est2) 107 if (!est2)
107 goto err2; 108 goto err2;
108 } else 109 }
109 est2 = NULL;
110
111 110
112 info->est1 = est1; 111 info->est1 = est1;
113 info->est2 = est2; 112 info->est2 = est2;
@@ -116,7 +115,7 @@ static int xt_rateest_mt_checkentry(const struct xt_mtchk_param *par)
116err2: 115err2:
117 xt_rateest_put(est1); 116 xt_rateest_put(est1);
118err1: 117err1:
119 return -EINVAL; 118 return ret;
120} 119}
121 120
122static void xt_rateest_mt_destroy(const struct xt_mtdtor_param *par) 121static void xt_rateest_mt_destroy(const struct xt_mtdtor_param *par)
diff --git a/net/netlabel/Makefile b/net/netlabel/Makefile
index ea750e9df65f..d2732fc952e2 100644
--- a/net/netlabel/Makefile
+++ b/net/netlabel/Makefile
@@ -1,8 +1,6 @@
1# 1#
2# Makefile for the NetLabel subsystem. 2# Makefile for the NetLabel subsystem.
3# 3#
4# Feb 9, 2006, Paul Moore <paul.moore@hp.com>
5#
6 4
7# base objects 5# base objects
8obj-y := netlabel_user.o netlabel_kapi.o 6obj-y := netlabel_user.o netlabel_kapi.o
diff --git a/net/netlabel/netlabel_addrlist.c b/net/netlabel/netlabel_addrlist.c
index c0519139679e..96b749dacc34 100644
--- a/net/netlabel/netlabel_addrlist.c
+++ b/net/netlabel/netlabel_addrlist.c
@@ -6,7 +6,7 @@
6 * system manages static and dynamic label mappings for network protocols such 6 * system manages static and dynamic label mappings for network protocols such
7 * as CIPSO and RIPSO. 7 * as CIPSO and RIPSO.
8 * 8 *
9 * Author: Paul Moore <paul.moore@hp.com> 9 * Author: Paul Moore <paul@paul-moore.com>
10 * 10 *
11 */ 11 */
12 12
diff --git a/net/netlabel/netlabel_addrlist.h b/net/netlabel/netlabel_addrlist.h
index 2b9644e19de0..fdbc1d2c7352 100644
--- a/net/netlabel/netlabel_addrlist.h
+++ b/net/netlabel/netlabel_addrlist.h
@@ -6,7 +6,7 @@
6 * system manages static and dynamic label mappings for network protocols such 6 * system manages static and dynamic label mappings for network protocols such
7 * as CIPSO and RIPSO. 7 * as CIPSO and RIPSO.
8 * 8 *
9 * Author: Paul Moore <paul.moore@hp.com> 9 * Author: Paul Moore <paul@paul-moore.com>
10 * 10 *
11 */ 11 */
12 12
diff --git a/net/netlabel/netlabel_cipso_v4.c b/net/netlabel/netlabel_cipso_v4.c
index dd53a36d89af..6bf878335d94 100644
--- a/net/netlabel/netlabel_cipso_v4.c
+++ b/net/netlabel/netlabel_cipso_v4.c
@@ -5,7 +5,7 @@
5 * NetLabel system manages static and dynamic label mappings for network 5 * NetLabel system manages static and dynamic label mappings for network
6 * protocols such as CIPSO and RIPSO. 6 * protocols such as CIPSO and RIPSO.
7 * 7 *
8 * Author: Paul Moore <paul.moore@hp.com> 8 * Author: Paul Moore <paul@paul-moore.com>
9 * 9 *
10 */ 10 */
11 11
diff --git a/net/netlabel/netlabel_cipso_v4.h b/net/netlabel/netlabel_cipso_v4.h
index af7f3355103e..d24d774bfd62 100644
--- a/net/netlabel/netlabel_cipso_v4.h
+++ b/net/netlabel/netlabel_cipso_v4.h
@@ -5,7 +5,7 @@
5 * NetLabel system manages static and dynamic label mappings for network 5 * NetLabel system manages static and dynamic label mappings for network
6 * protocols such as CIPSO and RIPSO. 6 * protocols such as CIPSO and RIPSO.
7 * 7 *
8 * Author: Paul Moore <paul.moore@hp.com> 8 * Author: Paul Moore <paul@paul-moore.com>
9 * 9 *
10 */ 10 */
11 11
diff --git a/net/netlabel/netlabel_domainhash.c b/net/netlabel/netlabel_domainhash.c
index 2aa975e5452d..3f905e5370c2 100644
--- a/net/netlabel/netlabel_domainhash.c
+++ b/net/netlabel/netlabel_domainhash.c
@@ -6,7 +6,7 @@
6 * system manages static and dynamic label mappings for network protocols such 6 * system manages static and dynamic label mappings for network protocols such
7 * as CIPSO and RIPSO. 7 * as CIPSO and RIPSO.
8 * 8 *
9 * Author: Paul Moore <paul.moore@hp.com> 9 * Author: Paul Moore <paul@paul-moore.com>
10 * 10 *
11 */ 11 */
12 12
@@ -282,7 +282,7 @@ int __init netlbl_domhsh_init(u32 size)
282 INIT_LIST_HEAD(&hsh_tbl->tbl[iter]); 282 INIT_LIST_HEAD(&hsh_tbl->tbl[iter]);
283 283
284 spin_lock(&netlbl_domhsh_lock); 284 spin_lock(&netlbl_domhsh_lock);
285 rcu_assign_pointer(netlbl_domhsh, hsh_tbl); 285 RCU_INIT_POINTER(netlbl_domhsh, hsh_tbl);
286 spin_unlock(&netlbl_domhsh_lock); 286 spin_unlock(&netlbl_domhsh_lock);
287 287
288 return 0; 288 return 0;
@@ -330,7 +330,7 @@ int netlbl_domhsh_add(struct netlbl_dom_map *entry,
330 &rcu_dereference(netlbl_domhsh)->tbl[bkt]); 330 &rcu_dereference(netlbl_domhsh)->tbl[bkt]);
331 } else { 331 } else {
332 INIT_LIST_HEAD(&entry->list); 332 INIT_LIST_HEAD(&entry->list);
333 rcu_assign_pointer(netlbl_domhsh_def, entry); 333 RCU_INIT_POINTER(netlbl_domhsh_def, entry);
334 } 334 }
335 335
336 if (entry->type == NETLBL_NLTYPE_ADDRSELECT) { 336 if (entry->type == NETLBL_NLTYPE_ADDRSELECT) {
@@ -451,7 +451,7 @@ int netlbl_domhsh_remove_entry(struct netlbl_dom_map *entry,
451 if (entry != rcu_dereference(netlbl_domhsh_def)) 451 if (entry != rcu_dereference(netlbl_domhsh_def))
452 list_del_rcu(&entry->list); 452 list_del_rcu(&entry->list);
453 else 453 else
454 rcu_assign_pointer(netlbl_domhsh_def, NULL); 454 RCU_INIT_POINTER(netlbl_domhsh_def, NULL);
455 } else 455 } else
456 ret_val = -ENOENT; 456 ret_val = -ENOENT;
457 spin_unlock(&netlbl_domhsh_lock); 457 spin_unlock(&netlbl_domhsh_lock);
diff --git a/net/netlabel/netlabel_domainhash.h b/net/netlabel/netlabel_domainhash.h
index 0261dda3f2d2..bfcc0f7024c5 100644
--- a/net/netlabel/netlabel_domainhash.h
+++ b/net/netlabel/netlabel_domainhash.h
@@ -6,7 +6,7 @@
6 * system manages static and dynamic label mappings for network protocols such 6 * system manages static and dynamic label mappings for network protocols such
7 * as CIPSO and RIPSO. 7 * as CIPSO and RIPSO.
8 * 8 *
9 * Author: Paul Moore <paul.moore@hp.com> 9 * Author: Paul Moore <paul@paul-moore.com>
10 * 10 *
11 */ 11 */
12 12
diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c
index b528dd928d3c..9c24de10a657 100644
--- a/net/netlabel/netlabel_kapi.c
+++ b/net/netlabel/netlabel_kapi.c
@@ -5,7 +5,7 @@
5 * system manages static and dynamic label mappings for network protocols such 5 * system manages static and dynamic label mappings for network protocols such
6 * as CIPSO and RIPSO. 6 * as CIPSO and RIPSO.
7 * 7 *
8 * Author: Paul Moore <paul.moore@hp.com> 8 * Author: Paul Moore <paul@paul-moore.com>
9 * 9 *
10 */ 10 */
11 11
@@ -341,11 +341,11 @@ int netlbl_cfg_cipsov4_map_add(u32 doi,
341 341
342 entry = kzalloc(sizeof(*entry), GFP_ATOMIC); 342 entry = kzalloc(sizeof(*entry), GFP_ATOMIC);
343 if (entry == NULL) 343 if (entry == NULL)
344 return -ENOMEM; 344 goto out_entry;
345 if (domain != NULL) { 345 if (domain != NULL) {
346 entry->domain = kstrdup(domain, GFP_ATOMIC); 346 entry->domain = kstrdup(domain, GFP_ATOMIC);
347 if (entry->domain == NULL) 347 if (entry->domain == NULL)
348 goto cfg_cipsov4_map_add_failure; 348 goto out_domain;
349 } 349 }
350 350
351 if (addr == NULL && mask == NULL) { 351 if (addr == NULL && mask == NULL) {
@@ -354,13 +354,13 @@ int netlbl_cfg_cipsov4_map_add(u32 doi,
354 } else if (addr != NULL && mask != NULL) { 354 } else if (addr != NULL && mask != NULL) {
355 addrmap = kzalloc(sizeof(*addrmap), GFP_ATOMIC); 355 addrmap = kzalloc(sizeof(*addrmap), GFP_ATOMIC);
356 if (addrmap == NULL) 356 if (addrmap == NULL)
357 goto cfg_cipsov4_map_add_failure; 357 goto out_addrmap;
358 INIT_LIST_HEAD(&addrmap->list4); 358 INIT_LIST_HEAD(&addrmap->list4);
359 INIT_LIST_HEAD(&addrmap->list6); 359 INIT_LIST_HEAD(&addrmap->list6);
360 360
361 addrinfo = kzalloc(sizeof(*addrinfo), GFP_ATOMIC); 361 addrinfo = kzalloc(sizeof(*addrinfo), GFP_ATOMIC);
362 if (addrinfo == NULL) 362 if (addrinfo == NULL)
363 goto cfg_cipsov4_map_add_failure; 363 goto out_addrinfo;
364 addrinfo->type_def.cipsov4 = doi_def; 364 addrinfo->type_def.cipsov4 = doi_def;
365 addrinfo->type = NETLBL_NLTYPE_CIPSOV4; 365 addrinfo->type = NETLBL_NLTYPE_CIPSOV4;
366 addrinfo->list.addr = addr->s_addr & mask->s_addr; 366 addrinfo->list.addr = addr->s_addr & mask->s_addr;
@@ -374,7 +374,7 @@ int netlbl_cfg_cipsov4_map_add(u32 doi,
374 entry->type = NETLBL_NLTYPE_ADDRSELECT; 374 entry->type = NETLBL_NLTYPE_ADDRSELECT;
375 } else { 375 } else {
376 ret_val = -EINVAL; 376 ret_val = -EINVAL;
377 goto cfg_cipsov4_map_add_failure; 377 goto out_addrmap;
378 } 378 }
379 379
380 ret_val = netlbl_domhsh_add(entry, audit_info); 380 ret_val = netlbl_domhsh_add(entry, audit_info);
@@ -384,11 +384,15 @@ int netlbl_cfg_cipsov4_map_add(u32 doi,
384 return 0; 384 return 0;
385 385
386cfg_cipsov4_map_add_failure: 386cfg_cipsov4_map_add_failure:
387 cipso_v4_doi_putdef(doi_def); 387 kfree(addrinfo);
388out_addrinfo:
389 kfree(addrmap);
390out_addrmap:
388 kfree(entry->domain); 391 kfree(entry->domain);
392out_domain:
389 kfree(entry); 393 kfree(entry);
390 kfree(addrmap); 394out_entry:
391 kfree(addrinfo); 395 cipso_v4_doi_putdef(doi_def);
392 return ret_val; 396 return ret_val;
393} 397}
394 398
diff --git a/net/netlabel/netlabel_mgmt.c b/net/netlabel/netlabel_mgmt.c
index dff8a0809245..bfa555869775 100644
--- a/net/netlabel/netlabel_mgmt.c
+++ b/net/netlabel/netlabel_mgmt.c
@@ -5,7 +5,7 @@
5 * NetLabel system manages static and dynamic label mappings for network 5 * NetLabel system manages static and dynamic label mappings for network
6 * protocols such as CIPSO and RIPSO. 6 * protocols such as CIPSO and RIPSO.
7 * 7 *
8 * Author: Paul Moore <paul.moore@hp.com> 8 * Author: Paul Moore <paul@paul-moore.com>
9 * 9 *
10 */ 10 */
11 11
diff --git a/net/netlabel/netlabel_mgmt.h b/net/netlabel/netlabel_mgmt.h
index 8db37f4c10f7..5a9f31ce5799 100644
--- a/net/netlabel/netlabel_mgmt.h
+++ b/net/netlabel/netlabel_mgmt.h
@@ -5,7 +5,7 @@
5 * NetLabel system manages static and dynamic label mappings for network 5 * NetLabel system manages static and dynamic label mappings for network
6 * protocols such as CIPSO and RIPSO. 6 * protocols such as CIPSO and RIPSO.
7 * 7 *
8 * Author: Paul Moore <paul.moore@hp.com> 8 * Author: Paul Moore <paul@paul-moore.com>
9 * 9 *
10 */ 10 */
11 11
diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c
index f1ecf848e3ac..e251c2c88521 100644
--- a/net/netlabel/netlabel_unlabeled.c
+++ b/net/netlabel/netlabel_unlabeled.c
@@ -5,7 +5,7 @@
5 * NetLabel system. The NetLabel system manages static and dynamic label 5 * NetLabel system. The NetLabel system manages static and dynamic label
6 * mappings for network protocols such as CIPSO and RIPSO. 6 * mappings for network protocols such as CIPSO and RIPSO.
7 * 7 *
8 * Author: Paul Moore <paul.moore@hp.com> 8 * Author: Paul Moore <paul@paul-moore.com>
9 * 9 *
10 */ 10 */
11 11
@@ -354,7 +354,7 @@ static struct netlbl_unlhsh_iface *netlbl_unlhsh_add_iface(int ifindex)
354 INIT_LIST_HEAD(&iface->list); 354 INIT_LIST_HEAD(&iface->list);
355 if (netlbl_unlhsh_rcu_deref(netlbl_unlhsh_def) != NULL) 355 if (netlbl_unlhsh_rcu_deref(netlbl_unlhsh_def) != NULL)
356 goto add_iface_failure; 356 goto add_iface_failure;
357 rcu_assign_pointer(netlbl_unlhsh_def, iface); 357 RCU_INIT_POINTER(netlbl_unlhsh_def, iface);
358 } 358 }
359 spin_unlock(&netlbl_unlhsh_lock); 359 spin_unlock(&netlbl_unlhsh_lock);
360 360
@@ -621,7 +621,7 @@ static void netlbl_unlhsh_condremove_iface(struct netlbl_unlhsh_iface *iface)
621 if (iface->ifindex > 0) 621 if (iface->ifindex > 0)
622 list_del_rcu(&iface->list); 622 list_del_rcu(&iface->list);
623 else 623 else
624 rcu_assign_pointer(netlbl_unlhsh_def, NULL); 624 RCU_INIT_POINTER(netlbl_unlhsh_def, NULL);
625 spin_unlock(&netlbl_unlhsh_lock); 625 spin_unlock(&netlbl_unlhsh_lock);
626 626
627 call_rcu(&iface->rcu, netlbl_unlhsh_free_iface); 627 call_rcu(&iface->rcu, netlbl_unlhsh_free_iface);
@@ -1449,7 +1449,7 @@ int __init netlbl_unlabel_init(u32 size)
1449 1449
1450 rcu_read_lock(); 1450 rcu_read_lock();
1451 spin_lock(&netlbl_unlhsh_lock); 1451 spin_lock(&netlbl_unlhsh_lock);
1452 rcu_assign_pointer(netlbl_unlhsh, hsh_tbl); 1452 RCU_INIT_POINTER(netlbl_unlhsh, hsh_tbl);
1453 spin_unlock(&netlbl_unlhsh_lock); 1453 spin_unlock(&netlbl_unlhsh_lock);
1454 rcu_read_unlock(); 1454 rcu_read_unlock();
1455 1455
diff --git a/net/netlabel/netlabel_unlabeled.h b/net/netlabel/netlabel_unlabeled.h
index 0bc8dc3f9e3c..700af49022a0 100644
--- a/net/netlabel/netlabel_unlabeled.h
+++ b/net/netlabel/netlabel_unlabeled.h
@@ -5,7 +5,7 @@
5 * NetLabel system. The NetLabel system manages static and dynamic label 5 * NetLabel system. The NetLabel system manages static and dynamic label
6 * mappings for network protocols such as CIPSO and RIPSO. 6 * mappings for network protocols such as CIPSO and RIPSO.
7 * 7 *
8 * Author: Paul Moore <paul.moore@hp.com> 8 * Author: Paul Moore <paul@paul-moore.com>
9 * 9 *
10 */ 10 */
11 11
diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c
index a3fd75ac3fa5..9fae63f10298 100644
--- a/net/netlabel/netlabel_user.c
+++ b/net/netlabel/netlabel_user.c
@@ -5,7 +5,7 @@
5 * NetLabel system manages static and dynamic label mappings for network 5 * NetLabel system manages static and dynamic label mappings for network
6 * protocols such as CIPSO and RIPSO. 6 * protocols such as CIPSO and RIPSO.
7 * 7 *
8 * Author: Paul Moore <paul.moore@hp.com> 8 * Author: Paul Moore <paul@paul-moore.com>
9 * 9 *
10 */ 10 */
11 11
diff --git a/net/netlabel/netlabel_user.h b/net/netlabel/netlabel_user.h
index f4fc4c9ad567..81969785e279 100644
--- a/net/netlabel/netlabel_user.h
+++ b/net/netlabel/netlabel_user.h
@@ -5,7 +5,7 @@
5 * NetLabel system manages static and dynamic label mappings for network 5 * NetLabel system manages static and dynamic label mappings for network
6 * protocols such as CIPSO and RIPSO. 6 * protocols such as CIPSO and RIPSO.
7 * 7 *
8 * Author: Paul Moore <paul.moore@hp.com> 8 * Author: Paul Moore <paul@paul-moore.com>
9 * 9 *
10 */ 10 */
11 11
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index 0a4db0211da0..1201b6d4183d 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -1324,10 +1324,9 @@ static int netlink_sendmsg(struct kiocb *kiocb, struct socket *sock,
1324 if (msg->msg_flags&MSG_OOB) 1324 if (msg->msg_flags&MSG_OOB)
1325 return -EOPNOTSUPP; 1325 return -EOPNOTSUPP;
1326 1326
1327 if (NULL == siocb->scm) { 1327 if (NULL == siocb->scm)
1328 siocb->scm = &scm; 1328 siocb->scm = &scm;
1329 memset(&scm, 0, sizeof(scm)); 1329
1330 }
1331 err = scm_send(sock, msg, siocb->scm); 1330 err = scm_send(sock, msg, siocb->scm);
1332 if (err < 0) 1331 if (err < 0)
1333 return err; 1332 return err;
@@ -1578,7 +1577,7 @@ int __netlink_change_ngroups(struct sock *sk, unsigned int groups)
1578 new = kzalloc(sizeof(*new) + NLGRPSZ(groups), GFP_ATOMIC); 1577 new = kzalloc(sizeof(*new) + NLGRPSZ(groups), GFP_ATOMIC);
1579 if (!new) 1578 if (!new)
1580 return -ENOMEM; 1579 return -ENOMEM;
1581 old = rcu_dereference_raw(tbl->listeners); 1580 old = rcu_dereference_protected(tbl->listeners, 1);
1582 memcpy(new->masks, old->masks, NLGRPSZ(tbl->groups)); 1581 memcpy(new->masks, old->masks, NLGRPSZ(tbl->groups));
1583 rcu_assign_pointer(tbl->listeners, new); 1582 rcu_assign_pointer(tbl->listeners, new);
1584 1583
diff --git a/net/nfc/nci/core.c b/net/nfc/nci/core.c
index 895e5fdf464a..4047e29acb3b 100644
--- a/net/nfc/nci/core.c
+++ b/net/nfc/nci/core.c
@@ -135,8 +135,10 @@ static void nci_init_req(struct nci_dev *ndev, unsigned long opt)
135 135
136static void nci_init_complete_req(struct nci_dev *ndev, unsigned long opt) 136static void nci_init_complete_req(struct nci_dev *ndev, unsigned long opt)
137{ 137{
138 struct nci_rf_disc_map_cmd cmd;
139 struct nci_core_conn_create_cmd conn_cmd; 138 struct nci_core_conn_create_cmd conn_cmd;
139 struct nci_rf_disc_map_cmd cmd;
140 struct disc_map_config *cfg = cmd.mapping_configs;
141 __u8 *num = &cmd.num_mapping_configs;
140 int i; 142 int i;
141 143
142 /* create static rf connection */ 144 /* create static rf connection */
@@ -145,36 +147,30 @@ static void nci_init_complete_req(struct nci_dev *ndev, unsigned long opt)
145 nci_send_cmd(ndev, NCI_OP_CORE_CONN_CREATE_CMD, 2, &conn_cmd); 147 nci_send_cmd(ndev, NCI_OP_CORE_CONN_CREATE_CMD, 2, &conn_cmd);
146 148
147 /* set rf mapping configurations */ 149 /* set rf mapping configurations */
148 cmd.num_mapping_configs = 0; 150 *num = 0;
149 151
150 /* by default mapping is set to NCI_RF_INTERFACE_FRAME */ 152 /* by default mapping is set to NCI_RF_INTERFACE_FRAME */
151 for (i = 0; i < ndev->num_supported_rf_interfaces; i++) { 153 for (i = 0; i < ndev->num_supported_rf_interfaces; i++) {
152 if (ndev->supported_rf_interfaces[i] == 154 if (ndev->supported_rf_interfaces[i] ==
153 NCI_RF_INTERFACE_ISO_DEP) { 155 NCI_RF_INTERFACE_ISO_DEP) {
154 cmd.mapping_configs[cmd.num_mapping_configs] 156 cfg[*num].rf_protocol = NCI_RF_PROTOCOL_ISO_DEP;
155 .rf_protocol = NCI_RF_PROTOCOL_ISO_DEP; 157 cfg[*num].mode = NCI_DISC_MAP_MODE_BOTH;
156 cmd.mapping_configs[cmd.num_mapping_configs] 158 cfg[*num].rf_interface_type = NCI_RF_INTERFACE_ISO_DEP;
157 .mode = NCI_DISC_MAP_MODE_BOTH; 159 (*num)++;
158 cmd.mapping_configs[cmd.num_mapping_configs]
159 .rf_interface_type = NCI_RF_INTERFACE_ISO_DEP;
160 cmd.num_mapping_configs++;
161 } else if (ndev->supported_rf_interfaces[i] == 160 } else if (ndev->supported_rf_interfaces[i] ==
162 NCI_RF_INTERFACE_NFC_DEP) { 161 NCI_RF_INTERFACE_NFC_DEP) {
163 cmd.mapping_configs[cmd.num_mapping_configs] 162 cfg[*num].rf_protocol = NCI_RF_PROTOCOL_NFC_DEP;
164 .rf_protocol = NCI_RF_PROTOCOL_NFC_DEP; 163 cfg[*num].mode = NCI_DISC_MAP_MODE_BOTH;
165 cmd.mapping_configs[cmd.num_mapping_configs] 164 cfg[*num].rf_interface_type = NCI_RF_INTERFACE_NFC_DEP;
166 .mode = NCI_DISC_MAP_MODE_BOTH; 165 (*num)++;
167 cmd.mapping_configs[cmd.num_mapping_configs]
168 .rf_interface_type = NCI_RF_INTERFACE_NFC_DEP;
169 cmd.num_mapping_configs++;
170 } 166 }
171 167
172 if (cmd.num_mapping_configs == NCI_MAX_NUM_MAPPING_CONFIGS) 168 if (*num == NCI_MAX_NUM_MAPPING_CONFIGS)
173 break; 169 break;
174 } 170 }
175 171
176 nci_send_cmd(ndev, NCI_OP_RF_DISCOVER_MAP_CMD, 172 nci_send_cmd(ndev, NCI_OP_RF_DISCOVER_MAP_CMD,
177 (1 + (cmd.num_mapping_configs*sizeof(struct disc_map_config))), 173 (1 + ((*num)*sizeof(struct disc_map_config))),
178 &cmd); 174 &cmd);
179} 175}
180 176
@@ -365,8 +361,13 @@ static int nci_start_poll(struct nfc_dev *nfc_dev, __u32 protocols)
365 return -EBUSY; 361 return -EBUSY;
366 } 362 }
367 363
364 if (ndev->target_active_prot) {
365 nfc_err("there is an active target");
366 return -EBUSY;
367 }
368
368 if (test_bit(NCI_POLL_ACTIVE, &ndev->flags)) { 369 if (test_bit(NCI_POLL_ACTIVE, &ndev->flags)) {
369 nfc_dbg("target already active, first deactivate..."); 370 nfc_dbg("target is active, implicitly deactivate...");
370 371
371 rc = nci_request(ndev, nci_rf_deactivate_req, 0, 372 rc = nci_request(ndev, nci_rf_deactivate_req, 0,
372 msecs_to_jiffies(NCI_RF_DEACTIVATE_TIMEOUT)); 373 msecs_to_jiffies(NCI_RF_DEACTIVATE_TIMEOUT));
@@ -452,6 +453,7 @@ static int nci_data_exchange(struct nfc_dev *nfc_dev, __u32 target_idx,
452 void *cb_context) 453 void *cb_context)
453{ 454{
454 struct nci_dev *ndev = nfc_get_drvdata(nfc_dev); 455 struct nci_dev *ndev = nfc_get_drvdata(nfc_dev);
456 int rc;
455 457
456 nfc_dbg("entry, target_idx %d, len %d", target_idx, skb->len); 458 nfc_dbg("entry, target_idx %d, len %d", target_idx, skb->len);
457 459
@@ -460,11 +462,18 @@ static int nci_data_exchange(struct nfc_dev *nfc_dev, __u32 target_idx,
460 return -EINVAL; 462 return -EINVAL;
461 } 463 }
462 464
465 if (test_and_set_bit(NCI_DATA_EXCHANGE, &ndev->flags))
466 return -EBUSY;
467
463 /* store cb and context to be used on receiving data */ 468 /* store cb and context to be used on receiving data */
464 ndev->data_exchange_cb = cb; 469 ndev->data_exchange_cb = cb;
465 ndev->data_exchange_cb_context = cb_context; 470 ndev->data_exchange_cb_context = cb_context;
466 471
467 return nci_send_data(ndev, ndev->conn_id, skb); 472 rc = nci_send_data(ndev, ndev->conn_id, skb);
473 if (rc)
474 clear_bit(NCI_DATA_EXCHANGE, &ndev->flags);
475
476 return rc;
468} 477}
469 478
470static struct nfc_ops nci_nfc_ops = { 479static struct nfc_ops nci_nfc_ops = {
@@ -490,19 +499,19 @@ struct nci_dev *nci_allocate_device(struct nci_ops *ops,
490 int tx_headroom, 499 int tx_headroom,
491 int tx_tailroom) 500 int tx_tailroom)
492{ 501{
493 struct nci_dev *ndev = NULL; 502 struct nci_dev *ndev;
494 503
495 nfc_dbg("entry, supported_protocols 0x%x", supported_protocols); 504 nfc_dbg("entry, supported_protocols 0x%x", supported_protocols);
496 505
497 if (!ops->open || !ops->close || !ops->send) 506 if (!ops->open || !ops->close || !ops->send)
498 goto exit; 507 return NULL;
499 508
500 if (!supported_protocols) 509 if (!supported_protocols)
501 goto exit; 510 return NULL;
502 511
503 ndev = kzalloc(sizeof(struct nci_dev), GFP_KERNEL); 512 ndev = kzalloc(sizeof(struct nci_dev), GFP_KERNEL);
504 if (!ndev) 513 if (!ndev)
505 goto exit; 514 return NULL;
506 515
507 ndev->ops = ops; 516 ndev->ops = ops;
508 ndev->tx_headroom = tx_headroom; 517 ndev->tx_headroom = tx_headroom;
@@ -517,13 +526,11 @@ struct nci_dev *nci_allocate_device(struct nci_ops *ops,
517 526
518 nfc_set_drvdata(ndev->nfc_dev, ndev); 527 nfc_set_drvdata(ndev->nfc_dev, ndev);
519 528
520 goto exit; 529 return ndev;
521 530
522free_exit: 531free_exit:
523 kfree(ndev); 532 kfree(ndev);
524 533 return NULL;
525exit:
526 return ndev;
527} 534}
528EXPORT_SYMBOL(nci_allocate_device); 535EXPORT_SYMBOL(nci_allocate_device);
529 536
diff --git a/net/nfc/nci/data.c b/net/nfc/nci/data.c
index 141790ada4aa..e5ed90fc1a9c 100644
--- a/net/nfc/nci/data.c
+++ b/net/nfc/nci/data.c
@@ -54,6 +54,8 @@ void nci_data_exchange_complete(struct nci_dev *ndev,
54 /* no waiting callback, free skb */ 54 /* no waiting callback, free skb */
55 kfree_skb(skb); 55 kfree_skb(skb);
56 } 56 }
57
58 clear_bit(NCI_DATA_EXCHANGE, &ndev->flags);
57} 59}
58 60
59/* ----------------- NCI TX Data ----------------- */ 61/* ----------------- NCI TX Data ----------------- */
diff --git a/net/nfc/nci/ntf.c b/net/nfc/nci/ntf.c
index 8dd75352ab6c..96633f5cda4f 100644
--- a/net/nfc/nci/ntf.c
+++ b/net/nfc/nci/ntf.c
@@ -215,7 +215,7 @@ static void nci_rf_deactivate_ntf_packet(struct nci_dev *ndev,
215 } 215 }
216 216
217 /* complete the data exchange transaction, if exists */ 217 /* complete the data exchange transaction, if exists */
218 if (ndev->data_exchange_cb) 218 if (test_bit(NCI_DATA_EXCHANGE, &ndev->flags))
219 nci_data_exchange_complete(ndev, NULL, -EIO); 219 nci_data_exchange_complete(ndev, NULL, -EIO);
220} 220}
221 221
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
index c698cec0a445..03bb45adf2fc 100644
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -40,6 +40,10 @@
40 * byte arrays at the end of sockaddr_ll 40 * byte arrays at the end of sockaddr_ll
41 * and packet_mreq. 41 * and packet_mreq.
42 * Johann Baudy : Added TX RING. 42 * Johann Baudy : Added TX RING.
43 * Chetan Loke : Implemented TPACKET_V3 block abstraction
44 * layer.
45 * Copyright (C) 2011, <lokec@ccs.neu.edu>
46 *
43 * 47 *
44 * This program is free software; you can redistribute it and/or 48 * This program is free software; you can redistribute it and/or
45 * modify it under the terms of the GNU General Public License 49 * modify it under the terms of the GNU General Public License
@@ -161,9 +165,56 @@ struct packet_mreq_max {
161 unsigned char mr_address[MAX_ADDR_LEN]; 165 unsigned char mr_address[MAX_ADDR_LEN];
162}; 166};
163 167
164static int packet_set_ring(struct sock *sk, struct tpacket_req *req, 168static int packet_set_ring(struct sock *sk, union tpacket_req_u *req_u,
165 int closing, int tx_ring); 169 int closing, int tx_ring);
166 170
171
172#define V3_ALIGNMENT (8)
173
174#define BLK_HDR_LEN (ALIGN(sizeof(struct tpacket_block_desc), V3_ALIGNMENT))
175
176#define BLK_PLUS_PRIV(sz_of_priv) \
177 (BLK_HDR_LEN + ALIGN((sz_of_priv), V3_ALIGNMENT))
178
179/* kbdq - kernel block descriptor queue */
180struct tpacket_kbdq_core {
181 struct pgv *pkbdq;
182 unsigned int feature_req_word;
183 unsigned int hdrlen;
184 unsigned char reset_pending_on_curr_blk;
185 unsigned char delete_blk_timer;
186 unsigned short kactive_blk_num;
187 unsigned short blk_sizeof_priv;
188
189 /* last_kactive_blk_num:
190 * trick to see if user-space has caught up
191 * in order to avoid refreshing timer when every single pkt arrives.
192 */
193 unsigned short last_kactive_blk_num;
194
195 char *pkblk_start;
196 char *pkblk_end;
197 int kblk_size;
198 unsigned int knum_blocks;
199 uint64_t knxt_seq_num;
200 char *prev;
201 char *nxt_offset;
202 struct sk_buff *skb;
203
204 atomic_t blk_fill_in_prog;
205
206 /* Default is set to 8ms */
207#define DEFAULT_PRB_RETIRE_TOV (8)
208
209 unsigned short retire_blk_tov;
210 unsigned short version;
211 unsigned long tov_in_jiffies;
212
213 /* timer to retire an outstanding block */
214 struct timer_list retire_blk_timer;
215};
216
217#define PGV_FROM_VMALLOC 1
167struct pgv { 218struct pgv {
168 char *buffer; 219 char *buffer;
169}; 220};
@@ -179,12 +230,44 @@ struct packet_ring_buffer {
179 unsigned int pg_vec_pages; 230 unsigned int pg_vec_pages;
180 unsigned int pg_vec_len; 231 unsigned int pg_vec_len;
181 232
233 struct tpacket_kbdq_core prb_bdqc;
182 atomic_t pending; 234 atomic_t pending;
183}; 235};
184 236
237#define BLOCK_STATUS(x) ((x)->hdr.bh1.block_status)
238#define BLOCK_NUM_PKTS(x) ((x)->hdr.bh1.num_pkts)
239#define BLOCK_O2FP(x) ((x)->hdr.bh1.offset_to_first_pkt)
240#define BLOCK_LEN(x) ((x)->hdr.bh1.blk_len)
241#define BLOCK_SNUM(x) ((x)->hdr.bh1.seq_num)
242#define BLOCK_O2PRIV(x) ((x)->offset_to_priv)
243#define BLOCK_PRIV(x) ((void *)((char *)(x) + BLOCK_O2PRIV(x)))
244
185struct packet_sock; 245struct packet_sock;
186static int tpacket_snd(struct packet_sock *po, struct msghdr *msg); 246static int tpacket_snd(struct packet_sock *po, struct msghdr *msg);
187 247
248static void *packet_previous_frame(struct packet_sock *po,
249 struct packet_ring_buffer *rb,
250 int status);
251static void packet_increment_head(struct packet_ring_buffer *buff);
252static int prb_curr_blk_in_use(struct tpacket_kbdq_core *,
253 struct tpacket_block_desc *);
254static void *prb_dispatch_next_block(struct tpacket_kbdq_core *,
255 struct packet_sock *);
256static void prb_retire_current_block(struct tpacket_kbdq_core *,
257 struct packet_sock *, unsigned int status);
258static int prb_queue_frozen(struct tpacket_kbdq_core *);
259static void prb_open_block(struct tpacket_kbdq_core *,
260 struct tpacket_block_desc *);
261static void prb_retire_rx_blk_timer_expired(unsigned long);
262static void _prb_refresh_rx_retire_blk_timer(struct tpacket_kbdq_core *);
263static void prb_init_blk_timer(struct packet_sock *,
264 struct tpacket_kbdq_core *,
265 void (*func) (unsigned long));
266static void prb_fill_rxhash(struct tpacket_kbdq_core *, struct tpacket3_hdr *);
267static void prb_clear_rxhash(struct tpacket_kbdq_core *,
268 struct tpacket3_hdr *);
269static void prb_fill_vlan_info(struct tpacket_kbdq_core *,
270 struct tpacket3_hdr *);
188static void packet_flush_mclist(struct sock *sk); 271static void packet_flush_mclist(struct sock *sk);
189 272
190struct packet_fanout; 273struct packet_fanout;
@@ -193,6 +276,7 @@ struct packet_sock {
193 struct sock sk; 276 struct sock sk;
194 struct packet_fanout *fanout; 277 struct packet_fanout *fanout;
195 struct tpacket_stats stats; 278 struct tpacket_stats stats;
279 union tpacket_stats_u stats_u;
196 struct packet_ring_buffer rx_ring; 280 struct packet_ring_buffer rx_ring;
197 struct packet_ring_buffer tx_ring; 281 struct packet_ring_buffer tx_ring;
198 int copy_thresh; 282 int copy_thresh;
@@ -242,6 +326,15 @@ struct packet_skb_cb {
242 326
243#define PACKET_SKB_CB(__skb) ((struct packet_skb_cb *)((__skb)->cb)) 327#define PACKET_SKB_CB(__skb) ((struct packet_skb_cb *)((__skb)->cb))
244 328
329#define GET_PBDQC_FROM_RB(x) ((struct tpacket_kbdq_core *)(&(x)->prb_bdqc))
330#define GET_PBLOCK_DESC(x, bid) \
331 ((struct tpacket_block_desc *)((x)->pkbdq[(bid)].buffer))
332#define GET_CURR_PBLOCK_DESC_FROM_CORE(x) \
333 ((struct tpacket_block_desc *)((x)->pkbdq[(x)->kactive_blk_num].buffer))
334#define GET_NEXT_PRB_BLK_NUM(x) \
335 (((x)->kactive_blk_num < ((x)->knum_blocks-1)) ? \
336 ((x)->kactive_blk_num+1) : 0)
337
245static inline struct packet_sock *pkt_sk(struct sock *sk) 338static inline struct packet_sock *pkt_sk(struct sock *sk)
246{ 339{
247 return (struct packet_sock *)sk; 340 return (struct packet_sock *)sk;
@@ -325,8 +418,9 @@ static void __packet_set_status(struct packet_sock *po, void *frame, int status)
325 h.h2->tp_status = status; 418 h.h2->tp_status = status;
326 flush_dcache_page(pgv_to_page(&h.h2->tp_status)); 419 flush_dcache_page(pgv_to_page(&h.h2->tp_status));
327 break; 420 break;
421 case TPACKET_V3:
328 default: 422 default:
329 pr_err("TPACKET version not supported\n"); 423 WARN(1, "TPACKET version not supported.\n");
330 BUG(); 424 BUG();
331 } 425 }
332 426
@@ -351,8 +445,9 @@ static int __packet_get_status(struct packet_sock *po, void *frame)
351 case TPACKET_V2: 445 case TPACKET_V2:
352 flush_dcache_page(pgv_to_page(&h.h2->tp_status)); 446 flush_dcache_page(pgv_to_page(&h.h2->tp_status));
353 return h.h2->tp_status; 447 return h.h2->tp_status;
448 case TPACKET_V3:
354 default: 449 default:
355 pr_err("TPACKET version not supported\n"); 450 WARN(1, "TPACKET version not supported.\n");
356 BUG(); 451 BUG();
357 return 0; 452 return 0;
358 } 453 }
@@ -389,6 +484,670 @@ static inline void *packet_current_frame(struct packet_sock *po,
389 return packet_lookup_frame(po, rb, rb->head, status); 484 return packet_lookup_frame(po, rb, rb->head, status);
390} 485}
391 486
487static void prb_del_retire_blk_timer(struct tpacket_kbdq_core *pkc)
488{
489 del_timer_sync(&pkc->retire_blk_timer);
490}
491
492static void prb_shutdown_retire_blk_timer(struct packet_sock *po,
493 int tx_ring,
494 struct sk_buff_head *rb_queue)
495{
496 struct tpacket_kbdq_core *pkc;
497
498 pkc = tx_ring ? &po->tx_ring.prb_bdqc : &po->rx_ring.prb_bdqc;
499
500 spin_lock(&rb_queue->lock);
501 pkc->delete_blk_timer = 1;
502 spin_unlock(&rb_queue->lock);
503
504 prb_del_retire_blk_timer(pkc);
505}
506
507static void prb_init_blk_timer(struct packet_sock *po,
508 struct tpacket_kbdq_core *pkc,
509 void (*func) (unsigned long))
510{
511 init_timer(&pkc->retire_blk_timer);
512 pkc->retire_blk_timer.data = (long)po;
513 pkc->retire_blk_timer.function = func;
514 pkc->retire_blk_timer.expires = jiffies;
515}
516
517static void prb_setup_retire_blk_timer(struct packet_sock *po, int tx_ring)
518{
519 struct tpacket_kbdq_core *pkc;
520
521 if (tx_ring)
522 BUG();
523
524 pkc = tx_ring ? &po->tx_ring.prb_bdqc : &po->rx_ring.prb_bdqc;
525 prb_init_blk_timer(po, pkc, prb_retire_rx_blk_timer_expired);
526}
527
528static int prb_calc_retire_blk_tmo(struct packet_sock *po,
529 int blk_size_in_bytes)
530{
531 struct net_device *dev;
532 unsigned int mbits = 0, msec = 0, div = 0, tmo = 0;
533 struct ethtool_cmd ecmd;
534 int err;
535
536 rtnl_lock();
537 dev = __dev_get_by_index(sock_net(&po->sk), po->ifindex);
538 if (unlikely(!dev)) {
539 rtnl_unlock();
540 return DEFAULT_PRB_RETIRE_TOV;
541 }
542 err = __ethtool_get_settings(dev, &ecmd);
543 rtnl_unlock();
544 if (!err) {
545 switch (ecmd.speed) {
546 case SPEED_10000:
547 msec = 1;
548 div = 10000/1000;
549 break;
550 case SPEED_1000:
551 msec = 1;
552 div = 1000/1000;
553 break;
554 /*
555 * If the link speed is so slow you don't really
556 * need to worry about perf anyways
557 */
558 case SPEED_100:
559 case SPEED_10:
560 default:
561 return DEFAULT_PRB_RETIRE_TOV;
562 }
563 }
564
565 mbits = (blk_size_in_bytes * 8) / (1024 * 1024);
566
567 if (div)
568 mbits /= div;
569
570 tmo = mbits * msec;
571
572 if (div)
573 return tmo+1;
574 return tmo;
575}
576
577static void prb_init_ft_ops(struct tpacket_kbdq_core *p1,
578 union tpacket_req_u *req_u)
579{
580 p1->feature_req_word = req_u->req3.tp_feature_req_word;
581}
582
583static void init_prb_bdqc(struct packet_sock *po,
584 struct packet_ring_buffer *rb,
585 struct pgv *pg_vec,
586 union tpacket_req_u *req_u, int tx_ring)
587{
588 struct tpacket_kbdq_core *p1 = &rb->prb_bdqc;
589 struct tpacket_block_desc *pbd;
590
591 memset(p1, 0x0, sizeof(*p1));
592
593 p1->knxt_seq_num = 1;
594 p1->pkbdq = pg_vec;
595 pbd = (struct tpacket_block_desc *)pg_vec[0].buffer;
596 p1->pkblk_start = (char *)pg_vec[0].buffer;
597 p1->kblk_size = req_u->req3.tp_block_size;
598 p1->knum_blocks = req_u->req3.tp_block_nr;
599 p1->hdrlen = po->tp_hdrlen;
600 p1->version = po->tp_version;
601 p1->last_kactive_blk_num = 0;
602 po->stats_u.stats3.tp_freeze_q_cnt = 0;
603 if (req_u->req3.tp_retire_blk_tov)
604 p1->retire_blk_tov = req_u->req3.tp_retire_blk_tov;
605 else
606 p1->retire_blk_tov = prb_calc_retire_blk_tmo(po,
607 req_u->req3.tp_block_size);
608 p1->tov_in_jiffies = msecs_to_jiffies(p1->retire_blk_tov);
609 p1->blk_sizeof_priv = req_u->req3.tp_sizeof_priv;
610
611 prb_init_ft_ops(p1, req_u);
612 prb_setup_retire_blk_timer(po, tx_ring);
613 prb_open_block(p1, pbd);
614}
615
616/* Do NOT update the last_blk_num first.
617 * Assumes sk_buff_head lock is held.
618 */
619static void _prb_refresh_rx_retire_blk_timer(struct tpacket_kbdq_core *pkc)
620{
621 mod_timer(&pkc->retire_blk_timer,
622 jiffies + pkc->tov_in_jiffies);
623 pkc->last_kactive_blk_num = pkc->kactive_blk_num;
624}
625
626/*
627 * Timer logic:
628 * 1) We refresh the timer only when we open a block.
629 * By doing this we don't waste cycles refreshing the timer
630 * on packet-by-packet basis.
631 *
632 * With a 1MB block-size, on a 1Gbps line, it will take
633 * i) ~8 ms to fill a block + ii) memcpy etc.
634 * In this cut we are not accounting for the memcpy time.
635 *
636 * So, if the user sets the 'tmo' to 10ms then the timer
637 * will never fire while the block is still getting filled
638 * (which is what we want). However, the user could choose
639 * to close a block early and that's fine.
640 *
641 * But when the timer does fire, we check whether or not to refresh it.
642 * Since the tmo granularity is in msecs, it is not too expensive
643 * to refresh the timer, lets say every '8' msecs.
644 * Either the user can set the 'tmo' or we can derive it based on
645 * a) line-speed and b) block-size.
646 * prb_calc_retire_blk_tmo() calculates the tmo.
647 *
648 */
649static void prb_retire_rx_blk_timer_expired(unsigned long data)
650{
651 struct packet_sock *po = (struct packet_sock *)data;
652 struct tpacket_kbdq_core *pkc = &po->rx_ring.prb_bdqc;
653 unsigned int frozen;
654 struct tpacket_block_desc *pbd;
655
656 spin_lock(&po->sk.sk_receive_queue.lock);
657
658 frozen = prb_queue_frozen(pkc);
659 pbd = GET_CURR_PBLOCK_DESC_FROM_CORE(pkc);
660
661 if (unlikely(pkc->delete_blk_timer))
662 goto out;
663
664 /* We only need to plug the race when the block is partially filled.
665 * tpacket_rcv:
666 * lock(); increment BLOCK_NUM_PKTS; unlock()
667 * copy_bits() is in progress ...
668 * timer fires on other cpu:
669 * we can't retire the current block because copy_bits
670 * is in progress.
671 *
672 */
673 if (BLOCK_NUM_PKTS(pbd)) {
674 while (atomic_read(&pkc->blk_fill_in_prog)) {
675 /* Waiting for skb_copy_bits to finish... */
676 cpu_relax();
677 }
678 }
679
680 if (pkc->last_kactive_blk_num == pkc->kactive_blk_num) {
681 if (!frozen) {
682 prb_retire_current_block(pkc, po, TP_STATUS_BLK_TMO);
683 if (!prb_dispatch_next_block(pkc, po))
684 goto refresh_timer;
685 else
686 goto out;
687 } else {
688 /* Case 1. Queue was frozen because user-space was
689 * lagging behind.
690 */
691 if (prb_curr_blk_in_use(pkc, pbd)) {
692 /*
693 * Ok, user-space is still behind.
694 * So just refresh the timer.
695 */
696 goto refresh_timer;
697 } else {
698 /* Case 2. queue was frozen,user-space caught up,
699 * now the link went idle && the timer fired.
700 * We don't have a block to close.So we open this
701 * block and restart the timer.
702 * opening a block thaws the queue,restarts timer
703 * Thawing/timer-refresh is a side effect.
704 */
705 prb_open_block(pkc, pbd);
706 goto out;
707 }
708 }
709 }
710
711refresh_timer:
712 _prb_refresh_rx_retire_blk_timer(pkc);
713
714out:
715 spin_unlock(&po->sk.sk_receive_queue.lock);
716}
717
718static inline void prb_flush_block(struct tpacket_kbdq_core *pkc1,
719 struct tpacket_block_desc *pbd1, __u32 status)
720{
721 /* Flush everything minus the block header */
722
723#if ARCH_IMPLEMENTS_FLUSH_DCACHE_PAGE == 1
724 u8 *start, *end;
725
726 start = (u8 *)pbd1;
727
728 /* Skip the block header(we know header WILL fit in 4K) */
729 start += PAGE_SIZE;
730
731 end = (u8 *)PAGE_ALIGN((unsigned long)pkc1->pkblk_end);
732 for (; start < end; start += PAGE_SIZE)
733 flush_dcache_page(pgv_to_page(start));
734
735 smp_wmb();
736#endif
737
738 /* Now update the block status. */
739
740 BLOCK_STATUS(pbd1) = status;
741
742 /* Flush the block header */
743
744#if ARCH_IMPLEMENTS_FLUSH_DCACHE_PAGE == 1
745 start = (u8 *)pbd1;
746 flush_dcache_page(pgv_to_page(start));
747
748 smp_wmb();
749#endif
750}
751
752/*
753 * Side effect:
754 *
755 * 1) flush the block
756 * 2) Increment active_blk_num
757 *
758 * Note:We DONT refresh the timer on purpose.
759 * Because almost always the next block will be opened.
760 */
761static void prb_close_block(struct tpacket_kbdq_core *pkc1,
762 struct tpacket_block_desc *pbd1,
763 struct packet_sock *po, unsigned int stat)
764{
765 __u32 status = TP_STATUS_USER | stat;
766
767 struct tpacket3_hdr *last_pkt;
768 struct tpacket_hdr_v1 *h1 = &pbd1->hdr.bh1;
769
770 if (po->stats.tp_drops)
771 status |= TP_STATUS_LOSING;
772
773 last_pkt = (struct tpacket3_hdr *)pkc1->prev;
774 last_pkt->tp_next_offset = 0;
775
776 /* Get the ts of the last pkt */
777 if (BLOCK_NUM_PKTS(pbd1)) {
778 h1->ts_last_pkt.ts_sec = last_pkt->tp_sec;
779 h1->ts_last_pkt.ts_nsec = last_pkt->tp_nsec;
780 } else {
781 /* Ok, we tmo'd - so get the current time */
782 struct timespec ts;
783 getnstimeofday(&ts);
784 h1->ts_last_pkt.ts_sec = ts.tv_sec;
785 h1->ts_last_pkt.ts_nsec = ts.tv_nsec;
786 }
787
788 smp_wmb();
789
790 /* Flush the block */
791 prb_flush_block(pkc1, pbd1, status);
792
793 pkc1->kactive_blk_num = GET_NEXT_PRB_BLK_NUM(pkc1);
794}
795
796static inline void prb_thaw_queue(struct tpacket_kbdq_core *pkc)
797{
798 pkc->reset_pending_on_curr_blk = 0;
799}
800
801/*
802 * Side effect of opening a block:
803 *
804 * 1) prb_queue is thawed.
805 * 2) retire_blk_timer is refreshed.
806 *
807 */
808static void prb_open_block(struct tpacket_kbdq_core *pkc1,
809 struct tpacket_block_desc *pbd1)
810{
811 struct timespec ts;
812 struct tpacket_hdr_v1 *h1 = &pbd1->hdr.bh1;
813
814 smp_rmb();
815
816 if (likely(TP_STATUS_KERNEL == BLOCK_STATUS(pbd1))) {
817
818 /* We could have just memset this but we will lose the
819 * flexibility of making the priv area sticky
820 */
821 BLOCK_SNUM(pbd1) = pkc1->knxt_seq_num++;
822 BLOCK_NUM_PKTS(pbd1) = 0;
823 BLOCK_LEN(pbd1) = BLK_PLUS_PRIV(pkc1->blk_sizeof_priv);
824 getnstimeofday(&ts);
825 h1->ts_first_pkt.ts_sec = ts.tv_sec;
826 h1->ts_first_pkt.ts_nsec = ts.tv_nsec;
827 pkc1->pkblk_start = (char *)pbd1;
828 pkc1->nxt_offset = (char *)(pkc1->pkblk_start +
829 BLK_PLUS_PRIV(pkc1->blk_sizeof_priv));
830 BLOCK_O2FP(pbd1) = (__u32)BLK_PLUS_PRIV(pkc1->blk_sizeof_priv);
831 BLOCK_O2PRIV(pbd1) = BLK_HDR_LEN;
832 pbd1->version = pkc1->version;
833 pkc1->prev = pkc1->nxt_offset;
834 pkc1->pkblk_end = pkc1->pkblk_start + pkc1->kblk_size;
835 prb_thaw_queue(pkc1);
836 _prb_refresh_rx_retire_blk_timer(pkc1);
837
838 smp_wmb();
839
840 return;
841 }
842
843 WARN(1, "ERROR block:%p is NOT FREE status:%d kactive_blk_num:%d\n",
844 pbd1, BLOCK_STATUS(pbd1), pkc1->kactive_blk_num);
845 dump_stack();
846 BUG();
847}
848
849/*
850 * Queue freeze logic:
851 * 1) Assume tp_block_nr = 8 blocks.
852 * 2) At time 't0', user opens Rx ring.
853 * 3) Some time past 't0', kernel starts filling blocks starting from 0 .. 7
854 * 4) user-space is either sleeping or processing block '0'.
855 * 5) tpacket_rcv is currently filling block '7', since there is no space left,
856 * it will close block-7,loop around and try to fill block '0'.
857 * call-flow:
858 * __packet_lookup_frame_in_block
859 * prb_retire_current_block()
860 * prb_dispatch_next_block()
861 * |->(BLOCK_STATUS == USER) evaluates to true
862 * 5.1) Since block-0 is currently in-use, we just freeze the queue.
863 * 6) Now there are two cases:
864 * 6.1) Link goes idle right after the queue is frozen.
865 * But remember, the last open_block() refreshed the timer.
866 * When this timer expires,it will refresh itself so that we can
867 * re-open block-0 in near future.
868 * 6.2) Link is busy and keeps on receiving packets. This is a simple
869 * case and __packet_lookup_frame_in_block will check if block-0
870 * is free and can now be re-used.
871 */
872static inline void prb_freeze_queue(struct tpacket_kbdq_core *pkc,
873 struct packet_sock *po)
874{
875 pkc->reset_pending_on_curr_blk = 1;
876 po->stats_u.stats3.tp_freeze_q_cnt++;
877}
878
879#define TOTAL_PKT_LEN_INCL_ALIGN(length) (ALIGN((length), V3_ALIGNMENT))
880
881/*
882 * If the next block is free then we will dispatch it
883 * and return a good offset.
884 * Else, we will freeze the queue.
885 * So, caller must check the return value.
886 */
887static void *prb_dispatch_next_block(struct tpacket_kbdq_core *pkc,
888 struct packet_sock *po)
889{
890 struct tpacket_block_desc *pbd;
891
892 smp_rmb();
893
894 /* 1. Get current block num */
895 pbd = GET_CURR_PBLOCK_DESC_FROM_CORE(pkc);
896
897 /* 2. If this block is currently in_use then freeze the queue */
898 if (TP_STATUS_USER & BLOCK_STATUS(pbd)) {
899 prb_freeze_queue(pkc, po);
900 return NULL;
901 }
902
903 /*
904 * 3.
905 * open this block and return the offset where the first packet
906 * needs to get stored.
907 */
908 prb_open_block(pkc, pbd);
909 return (void *)pkc->nxt_offset;
910}
911
912static void prb_retire_current_block(struct tpacket_kbdq_core *pkc,
913 struct packet_sock *po, unsigned int status)
914{
915 struct tpacket_block_desc *pbd = GET_CURR_PBLOCK_DESC_FROM_CORE(pkc);
916
917 /* retire/close the current block */
918 if (likely(TP_STATUS_KERNEL == BLOCK_STATUS(pbd))) {
919 /*
920 * Plug the case where copy_bits() is in progress on
921 * cpu-0 and tpacket_rcv() got invoked on cpu-1, didn't
922 * have space to copy the pkt in the current block and
923 * called prb_retire_current_block()
924 *
925 * We don't need to worry about the TMO case because
926 * the timer-handler already handled this case.
927 */
928 if (!(status & TP_STATUS_BLK_TMO)) {
929 while (atomic_read(&pkc->blk_fill_in_prog)) {
930 /* Waiting for skb_copy_bits to finish... */
931 cpu_relax();
932 }
933 }
934 prb_close_block(pkc, pbd, po, status);
935 return;
936 }
937
938 WARN(1, "ERROR-pbd[%d]:%p\n", pkc->kactive_blk_num, pbd);
939 dump_stack();
940 BUG();
941}
942
943static inline int prb_curr_blk_in_use(struct tpacket_kbdq_core *pkc,
944 struct tpacket_block_desc *pbd)
945{
946 return TP_STATUS_USER & BLOCK_STATUS(pbd);
947}
948
949static inline int prb_queue_frozen(struct tpacket_kbdq_core *pkc)
950{
951 return pkc->reset_pending_on_curr_blk;
952}
953
954static inline void prb_clear_blk_fill_status(struct packet_ring_buffer *rb)
955{
956 struct tpacket_kbdq_core *pkc = GET_PBDQC_FROM_RB(rb);
957 atomic_dec(&pkc->blk_fill_in_prog);
958}
959
960static inline void prb_fill_rxhash(struct tpacket_kbdq_core *pkc,
961 struct tpacket3_hdr *ppd)
962{
963 ppd->hv1.tp_rxhash = skb_get_rxhash(pkc->skb);
964}
965
966static inline void prb_clear_rxhash(struct tpacket_kbdq_core *pkc,
967 struct tpacket3_hdr *ppd)
968{
969 ppd->hv1.tp_rxhash = 0;
970}
971
972static inline void prb_fill_vlan_info(struct tpacket_kbdq_core *pkc,
973 struct tpacket3_hdr *ppd)
974{
975 if (vlan_tx_tag_present(pkc->skb)) {
976 ppd->hv1.tp_vlan_tci = vlan_tx_tag_get(pkc->skb);
977 ppd->tp_status = TP_STATUS_VLAN_VALID;
978 } else {
979 ppd->hv1.tp_vlan_tci = ppd->tp_status = 0;
980 }
981}
982
983static void prb_run_all_ft_ops(struct tpacket_kbdq_core *pkc,
984 struct tpacket3_hdr *ppd)
985{
986 prb_fill_vlan_info(pkc, ppd);
987
988 if (pkc->feature_req_word & TP_FT_REQ_FILL_RXHASH)
989 prb_fill_rxhash(pkc, ppd);
990 else
991 prb_clear_rxhash(pkc, ppd);
992}
993
994static inline void prb_fill_curr_block(char *curr,
995 struct tpacket_kbdq_core *pkc,
996 struct tpacket_block_desc *pbd,
997 unsigned int len)
998{
999 struct tpacket3_hdr *ppd;
1000
1001 ppd = (struct tpacket3_hdr *)curr;
1002 ppd->tp_next_offset = TOTAL_PKT_LEN_INCL_ALIGN(len);
1003 pkc->prev = curr;
1004 pkc->nxt_offset += TOTAL_PKT_LEN_INCL_ALIGN(len);
1005 BLOCK_LEN(pbd) += TOTAL_PKT_LEN_INCL_ALIGN(len);
1006 BLOCK_NUM_PKTS(pbd) += 1;
1007 atomic_inc(&pkc->blk_fill_in_prog);
1008 prb_run_all_ft_ops(pkc, ppd);
1009}
1010
1011/* Assumes caller has the sk->rx_queue.lock */
1012static void *__packet_lookup_frame_in_block(struct packet_sock *po,
1013 struct sk_buff *skb,
1014 int status,
1015 unsigned int len
1016 )
1017{
1018 struct tpacket_kbdq_core *pkc;
1019 struct tpacket_block_desc *pbd;
1020 char *curr, *end;
1021
1022 pkc = GET_PBDQC_FROM_RB(((struct packet_ring_buffer *)&po->rx_ring));
1023 pbd = GET_CURR_PBLOCK_DESC_FROM_CORE(pkc);
1024
1025 /* Queue is frozen when user space is lagging behind */
1026 if (prb_queue_frozen(pkc)) {
1027 /*
1028 * Check if that last block which caused the queue to freeze,
1029 * is still in_use by user-space.
1030 */
1031 if (prb_curr_blk_in_use(pkc, pbd)) {
1032 /* Can't record this packet */
1033 return NULL;
1034 } else {
1035 /*
1036 * Ok, the block was released by user-space.
1037 * Now let's open that block.
1038 * opening a block also thaws the queue.
1039 * Thawing is a side effect.
1040 */
1041 prb_open_block(pkc, pbd);
1042 }
1043 }
1044
1045 smp_mb();
1046 curr = pkc->nxt_offset;
1047 pkc->skb = skb;
1048 end = (char *) ((char *)pbd + pkc->kblk_size);
1049
1050 /* first try the current block */
1051 if (curr+TOTAL_PKT_LEN_INCL_ALIGN(len) < end) {
1052 prb_fill_curr_block(curr, pkc, pbd, len);
1053 return (void *)curr;
1054 }
1055
1056 /* Ok, close the current block */
1057 prb_retire_current_block(pkc, po, 0);
1058
1059 /* Now, try to dispatch the next block */
1060 curr = (char *)prb_dispatch_next_block(pkc, po);
1061 if (curr) {
1062 pbd = GET_CURR_PBLOCK_DESC_FROM_CORE(pkc);
1063 prb_fill_curr_block(curr, pkc, pbd, len);
1064 return (void *)curr;
1065 }
1066
1067 /*
1068 * No free blocks are available.user_space hasn't caught up yet.
1069 * Queue was just frozen and now this packet will get dropped.
1070 */
1071 return NULL;
1072}
1073
1074static inline void *packet_current_rx_frame(struct packet_sock *po,
1075 struct sk_buff *skb,
1076 int status, unsigned int len)
1077{
1078 char *curr = NULL;
1079 switch (po->tp_version) {
1080 case TPACKET_V1:
1081 case TPACKET_V2:
1082 curr = packet_lookup_frame(po, &po->rx_ring,
1083 po->rx_ring.head, status);
1084 return curr;
1085 case TPACKET_V3:
1086 return __packet_lookup_frame_in_block(po, skb, status, len);
1087 default:
1088 WARN(1, "TPACKET version not supported\n");
1089 BUG();
1090 return 0;
1091 }
1092}
1093
1094static inline void *prb_lookup_block(struct packet_sock *po,
1095 struct packet_ring_buffer *rb,
1096 unsigned int previous,
1097 int status)
1098{
1099 struct tpacket_kbdq_core *pkc = GET_PBDQC_FROM_RB(rb);
1100 struct tpacket_block_desc *pbd = GET_PBLOCK_DESC(pkc, previous);
1101
1102 if (status != BLOCK_STATUS(pbd))
1103 return NULL;
1104 return pbd;
1105}
1106
1107static inline int prb_previous_blk_num(struct packet_ring_buffer *rb)
1108{
1109 unsigned int prev;
1110 if (rb->prb_bdqc.kactive_blk_num)
1111 prev = rb->prb_bdqc.kactive_blk_num-1;
1112 else
1113 prev = rb->prb_bdqc.knum_blocks-1;
1114 return prev;
1115}
1116
1117/* Assumes caller has held the rx_queue.lock */
1118static inline void *__prb_previous_block(struct packet_sock *po,
1119 struct packet_ring_buffer *rb,
1120 int status)
1121{
1122 unsigned int previous = prb_previous_blk_num(rb);
1123 return prb_lookup_block(po, rb, previous, status);
1124}
1125
1126static inline void *packet_previous_rx_frame(struct packet_sock *po,
1127 struct packet_ring_buffer *rb,
1128 int status)
1129{
1130 if (po->tp_version <= TPACKET_V2)
1131 return packet_previous_frame(po, rb, status);
1132
1133 return __prb_previous_block(po, rb, status);
1134}
1135
1136static inline void packet_increment_rx_head(struct packet_sock *po,
1137 struct packet_ring_buffer *rb)
1138{
1139 switch (po->tp_version) {
1140 case TPACKET_V1:
1141 case TPACKET_V2:
1142 return packet_increment_head(rb);
1143 case TPACKET_V3:
1144 default:
1145 WARN(1, "TPACKET version not supported.\n");
1146 BUG();
1147 return;
1148 }
1149}
1150
392static inline void *packet_previous_frame(struct packet_sock *po, 1151static inline void *packet_previous_frame(struct packet_sock *po,
393 struct packet_ring_buffer *rb, 1152 struct packet_ring_buffer *rb,
394 int status) 1153 int status)
@@ -454,43 +1213,6 @@ static struct sock *fanout_demux_cpu(struct packet_fanout *f, struct sk_buff *sk
454 return f->arr[cpu % num]; 1213 return f->arr[cpu % num];
455} 1214}
456 1215
457static struct sk_buff *fanout_check_defrag(struct sk_buff *skb)
458{
459#ifdef CONFIG_INET
460 const struct iphdr *iph;
461 u32 len;
462
463 if (skb->protocol != htons(ETH_P_IP))
464 return skb;
465
466 if (!pskb_may_pull(skb, sizeof(struct iphdr)))
467 return skb;
468
469 iph = ip_hdr(skb);
470 if (iph->ihl < 5 || iph->version != 4)
471 return skb;
472 if (!pskb_may_pull(skb, iph->ihl*4))
473 return skb;
474 iph = ip_hdr(skb);
475 len = ntohs(iph->tot_len);
476 if (skb->len < len || len < (iph->ihl * 4))
477 return skb;
478
479 if (ip_is_fragment(ip_hdr(skb))) {
480 skb = skb_share_check(skb, GFP_ATOMIC);
481 if (skb) {
482 if (pskb_trim_rcsum(skb, len))
483 return skb;
484 memset(IPCB(skb), 0, sizeof(struct inet_skb_parm));
485 if (ip_defrag(skb, IP_DEFRAG_AF_PACKET))
486 return NULL;
487 skb->rxhash = 0;
488 }
489 }
490#endif
491 return skb;
492}
493
494static int packet_rcv_fanout(struct sk_buff *skb, struct net_device *dev, 1216static int packet_rcv_fanout(struct sk_buff *skb, struct net_device *dev,
495 struct packet_type *pt, struct net_device *orig_dev) 1217 struct packet_type *pt, struct net_device *orig_dev)
496{ 1218{
@@ -509,7 +1231,7 @@ static int packet_rcv_fanout(struct sk_buff *skb, struct net_device *dev,
509 case PACKET_FANOUT_HASH: 1231 case PACKET_FANOUT_HASH:
510 default: 1232 default:
511 if (f->defrag) { 1233 if (f->defrag) {
512 skb = fanout_check_defrag(skb); 1234 skb = ip_check_defrag(skb, IP_DEFRAG_AF_PACKET);
513 if (!skb) 1235 if (!skb)
514 return 0; 1236 return 0;
515 } 1237 }
@@ -961,7 +1683,10 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
961 return 0; 1683 return 0;
962 1684
963drop_n_acct: 1685drop_n_acct:
964 po->stats.tp_drops = atomic_inc_return(&sk->sk_drops); 1686 spin_lock(&sk->sk_receive_queue.lock);
1687 po->stats.tp_drops++;
1688 atomic_inc(&sk->sk_drops);
1689 spin_unlock(&sk->sk_receive_queue.lock);
965 1690
966drop_n_restore: 1691drop_n_restore:
967 if (skb_head != skb->data && skb_shared(skb)) { 1692 if (skb_head != skb->data && skb_shared(skb)) {
@@ -982,12 +1707,13 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev,
982 union { 1707 union {
983 struct tpacket_hdr *h1; 1708 struct tpacket_hdr *h1;
984 struct tpacket2_hdr *h2; 1709 struct tpacket2_hdr *h2;
1710 struct tpacket3_hdr *h3;
985 void *raw; 1711 void *raw;
986 } h; 1712 } h;
987 u8 *skb_head = skb->data; 1713 u8 *skb_head = skb->data;
988 int skb_len = skb->len; 1714 int skb_len = skb->len;
989 unsigned int snaplen, res; 1715 unsigned int snaplen, res;
990 unsigned long status = TP_STATUS_LOSING|TP_STATUS_USER; 1716 unsigned long status = TP_STATUS_USER;
991 unsigned short macoff, netoff, hdrlen; 1717 unsigned short macoff, netoff, hdrlen;
992 struct sk_buff *copy_skb = NULL; 1718 struct sk_buff *copy_skb = NULL;
993 struct timeval tv; 1719 struct timeval tv;
@@ -1033,37 +1759,46 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev,
1033 po->tp_reserve; 1759 po->tp_reserve;
1034 macoff = netoff - maclen; 1760 macoff = netoff - maclen;
1035 } 1761 }
1036 1762 if (po->tp_version <= TPACKET_V2) {
1037 if (macoff + snaplen > po->rx_ring.frame_size) { 1763 if (macoff + snaplen > po->rx_ring.frame_size) {
1038 if (po->copy_thresh && 1764 if (po->copy_thresh &&
1039 atomic_read(&sk->sk_rmem_alloc) + skb->truesize < 1765 atomic_read(&sk->sk_rmem_alloc) + skb->truesize
1040 (unsigned)sk->sk_rcvbuf) { 1766 < (unsigned)sk->sk_rcvbuf) {
1041 if (skb_shared(skb)) { 1767 if (skb_shared(skb)) {
1042 copy_skb = skb_clone(skb, GFP_ATOMIC); 1768 copy_skb = skb_clone(skb, GFP_ATOMIC);
1043 } else { 1769 } else {
1044 copy_skb = skb_get(skb); 1770 copy_skb = skb_get(skb);
1045 skb_head = skb->data; 1771 skb_head = skb->data;
1772 }
1773 if (copy_skb)
1774 skb_set_owner_r(copy_skb, sk);
1046 } 1775 }
1047 if (copy_skb) 1776 snaplen = po->rx_ring.frame_size - macoff;
1048 skb_set_owner_r(copy_skb, sk); 1777 if ((int)snaplen < 0)
1778 snaplen = 0;
1049 } 1779 }
1050 snaplen = po->rx_ring.frame_size - macoff;
1051 if ((int)snaplen < 0)
1052 snaplen = 0;
1053 } 1780 }
1054
1055 spin_lock(&sk->sk_receive_queue.lock); 1781 spin_lock(&sk->sk_receive_queue.lock);
1056 h.raw = packet_current_frame(po, &po->rx_ring, TP_STATUS_KERNEL); 1782 h.raw = packet_current_rx_frame(po, skb,
1783 TP_STATUS_KERNEL, (macoff+snaplen));
1057 if (!h.raw) 1784 if (!h.raw)
1058 goto ring_is_full; 1785 goto ring_is_full;
1059 packet_increment_head(&po->rx_ring); 1786 if (po->tp_version <= TPACKET_V2) {
1787 packet_increment_rx_head(po, &po->rx_ring);
1788 /*
1789 * LOSING will be reported till you read the stats,
1790 * because it's COR - Clear On Read.
1791 * Anyways, moving it for V1/V2 only as V3 doesn't need this
1792 * at packet level.
1793 */
1794 if (po->stats.tp_drops)
1795 status |= TP_STATUS_LOSING;
1796 }
1060 po->stats.tp_packets++; 1797 po->stats.tp_packets++;
1061 if (copy_skb) { 1798 if (copy_skb) {
1062 status |= TP_STATUS_COPY; 1799 status |= TP_STATUS_COPY;
1063 __skb_queue_tail(&sk->sk_receive_queue, copy_skb); 1800 __skb_queue_tail(&sk->sk_receive_queue, copy_skb);
1064 } 1801 }
1065 if (!po->stats.tp_drops)
1066 status &= ~TP_STATUS_LOSING;
1067 spin_unlock(&sk->sk_receive_queue.lock); 1802 spin_unlock(&sk->sk_receive_queue.lock);
1068 1803
1069 skb_copy_bits(skb, 0, h.raw + macoff, snaplen); 1804 skb_copy_bits(skb, 0, h.raw + macoff, snaplen);
@@ -1114,6 +1849,29 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev,
1114 h.h2->tp_padding = 0; 1849 h.h2->tp_padding = 0;
1115 hdrlen = sizeof(*h.h2); 1850 hdrlen = sizeof(*h.h2);
1116 break; 1851 break;
1852 case TPACKET_V3:
1853 /* tp_nxt_offset,vlan are already populated above.
1854 * So DONT clear those fields here
1855 */
1856 h.h3->tp_status |= status;
1857 h.h3->tp_len = skb->len;
1858 h.h3->tp_snaplen = snaplen;
1859 h.h3->tp_mac = macoff;
1860 h.h3->tp_net = netoff;
1861 if ((po->tp_tstamp & SOF_TIMESTAMPING_SYS_HARDWARE)
1862 && shhwtstamps->syststamp.tv64)
1863 ts = ktime_to_timespec(shhwtstamps->syststamp);
1864 else if ((po->tp_tstamp & SOF_TIMESTAMPING_RAW_HARDWARE)
1865 && shhwtstamps->hwtstamp.tv64)
1866 ts = ktime_to_timespec(shhwtstamps->hwtstamp);
1867 else if (skb->tstamp.tv64)
1868 ts = ktime_to_timespec(skb->tstamp);
1869 else
1870 getnstimeofday(&ts);
1871 h.h3->tp_sec = ts.tv_sec;
1872 h.h3->tp_nsec = ts.tv_nsec;
1873 hdrlen = sizeof(*h.h3);
1874 break;
1117 default: 1875 default:
1118 BUG(); 1876 BUG();
1119 } 1877 }
@@ -1134,13 +1892,19 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev,
1134 { 1892 {
1135 u8 *start, *end; 1893 u8 *start, *end;
1136 1894
1137 end = (u8 *)PAGE_ALIGN((unsigned long)h.raw + macoff + snaplen); 1895 if (po->tp_version <= TPACKET_V2) {
1138 for (start = h.raw; start < end; start += PAGE_SIZE) 1896 end = (u8 *)PAGE_ALIGN((unsigned long)h.raw
1139 flush_dcache_page(pgv_to_page(start)); 1897 + macoff + snaplen);
1898 for (start = h.raw; start < end; start += PAGE_SIZE)
1899 flush_dcache_page(pgv_to_page(start));
1900 }
1140 smp_wmb(); 1901 smp_wmb();
1141 } 1902 }
1142#endif 1903#endif
1143 __packet_set_status(po, h.raw, status); 1904 if (po->tp_version <= TPACKET_V2)
1905 __packet_set_status(po, h.raw, status);
1906 else
1907 prb_clear_blk_fill_status(&po->rx_ring);
1144 1908
1145 sk->sk_data_ready(sk, 0); 1909 sk->sk_data_ready(sk, 0);
1146 1910
@@ -1167,8 +1931,6 @@ static void tpacket_destruct_skb(struct sk_buff *skb)
1167 struct packet_sock *po = pkt_sk(skb->sk); 1931 struct packet_sock *po = pkt_sk(skb->sk);
1168 void *ph; 1932 void *ph;
1169 1933
1170 BUG_ON(skb == NULL);
1171
1172 if (likely(po->tx_ring.pg_vec)) { 1934 if (likely(po->tx_ring.pg_vec)) {
1173 ph = skb_shinfo(skb)->destructor_arg; 1935 ph = skb_shinfo(skb)->destructor_arg;
1174 BUG_ON(__packet_get_status(po, ph) != TP_STATUS_SENDING); 1936 BUG_ON(__packet_get_status(po, ph) != TP_STATUS_SENDING);
@@ -1631,7 +2393,7 @@ static int packet_release(struct socket *sock)
1631 struct sock *sk = sock->sk; 2393 struct sock *sk = sock->sk;
1632 struct packet_sock *po; 2394 struct packet_sock *po;
1633 struct net *net; 2395 struct net *net;
1634 struct tpacket_req req; 2396 union tpacket_req_u req_u;
1635 2397
1636 if (!sk) 2398 if (!sk)
1637 return 0; 2399 return 0;
@@ -1654,13 +2416,13 @@ static int packet_release(struct socket *sock)
1654 2416
1655 packet_flush_mclist(sk); 2417 packet_flush_mclist(sk);
1656 2418
1657 memset(&req, 0, sizeof(req)); 2419 memset(&req_u, 0, sizeof(req_u));
1658 2420
1659 if (po->rx_ring.pg_vec) 2421 if (po->rx_ring.pg_vec)
1660 packet_set_ring(sk, &req, 1, 0); 2422 packet_set_ring(sk, &req_u, 1, 0);
1661 2423
1662 if (po->tx_ring.pg_vec) 2424 if (po->tx_ring.pg_vec)
1663 packet_set_ring(sk, &req, 1, 1); 2425 packet_set_ring(sk, &req_u, 1, 1);
1664 2426
1665 fanout_release(sk); 2427 fanout_release(sk);
1666 2428
@@ -2280,15 +3042,27 @@ packet_setsockopt(struct socket *sock, int level, int optname, char __user *optv
2280 case PACKET_RX_RING: 3042 case PACKET_RX_RING:
2281 case PACKET_TX_RING: 3043 case PACKET_TX_RING:
2282 { 3044 {
2283 struct tpacket_req req; 3045 union tpacket_req_u req_u;
3046 int len;
2284 3047
2285 if (optlen < sizeof(req)) 3048 switch (po->tp_version) {
3049 case TPACKET_V1:
3050 case TPACKET_V2:
3051 len = sizeof(req_u.req);
3052 break;
3053 case TPACKET_V3:
3054 default:
3055 len = sizeof(req_u.req3);
3056 break;
3057 }
3058 if (optlen < len)
2286 return -EINVAL; 3059 return -EINVAL;
2287 if (pkt_sk(sk)->has_vnet_hdr) 3060 if (pkt_sk(sk)->has_vnet_hdr)
2288 return -EINVAL; 3061 return -EINVAL;
2289 if (copy_from_user(&req, optval, sizeof(req))) 3062 if (copy_from_user(&req_u.req, optval, len))
2290 return -EFAULT; 3063 return -EFAULT;
2291 return packet_set_ring(sk, &req, 0, optname == PACKET_TX_RING); 3064 return packet_set_ring(sk, &req_u, 0,
3065 optname == PACKET_TX_RING);
2292 } 3066 }
2293 case PACKET_COPY_THRESH: 3067 case PACKET_COPY_THRESH:
2294 { 3068 {
@@ -2315,6 +3089,7 @@ packet_setsockopt(struct socket *sock, int level, int optname, char __user *optv
2315 switch (val) { 3089 switch (val) {
2316 case TPACKET_V1: 3090 case TPACKET_V1:
2317 case TPACKET_V2: 3091 case TPACKET_V2:
3092 case TPACKET_V3:
2318 po->tp_version = val; 3093 po->tp_version = val;
2319 return 0; 3094 return 0;
2320 default: 3095 default:
@@ -2424,6 +3199,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
2424 struct packet_sock *po = pkt_sk(sk); 3199 struct packet_sock *po = pkt_sk(sk);
2425 void *data; 3200 void *data;
2426 struct tpacket_stats st; 3201 struct tpacket_stats st;
3202 union tpacket_stats_u st_u;
2427 3203
2428 if (level != SOL_PACKET) 3204 if (level != SOL_PACKET)
2429 return -ENOPROTOOPT; 3205 return -ENOPROTOOPT;
@@ -2436,15 +3212,27 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
2436 3212
2437 switch (optname) { 3213 switch (optname) {
2438 case PACKET_STATISTICS: 3214 case PACKET_STATISTICS:
2439 if (len > sizeof(struct tpacket_stats)) 3215 if (po->tp_version == TPACKET_V3) {
2440 len = sizeof(struct tpacket_stats); 3216 len = sizeof(struct tpacket_stats_v3);
3217 } else {
3218 if (len > sizeof(struct tpacket_stats))
3219 len = sizeof(struct tpacket_stats);
3220 }
2441 spin_lock_bh(&sk->sk_receive_queue.lock); 3221 spin_lock_bh(&sk->sk_receive_queue.lock);
2442 st = po->stats; 3222 if (po->tp_version == TPACKET_V3) {
3223 memcpy(&st_u.stats3, &po->stats,
3224 sizeof(struct tpacket_stats));
3225 st_u.stats3.tp_freeze_q_cnt =
3226 po->stats_u.stats3.tp_freeze_q_cnt;
3227 st_u.stats3.tp_packets += po->stats.tp_drops;
3228 data = &st_u.stats3;
3229 } else {
3230 st = po->stats;
3231 st.tp_packets += st.tp_drops;
3232 data = &st;
3233 }
2443 memset(&po->stats, 0, sizeof(st)); 3234 memset(&po->stats, 0, sizeof(st));
2444 spin_unlock_bh(&sk->sk_receive_queue.lock); 3235 spin_unlock_bh(&sk->sk_receive_queue.lock);
2445 st.tp_packets += st.tp_drops;
2446
2447 data = &st;
2448 break; 3236 break;
2449 case PACKET_AUXDATA: 3237 case PACKET_AUXDATA:
2450 if (len > sizeof(int)) 3238 if (len > sizeof(int))
@@ -2485,6 +3273,9 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
2485 case TPACKET_V2: 3273 case TPACKET_V2:
2486 val = sizeof(struct tpacket2_hdr); 3274 val = sizeof(struct tpacket2_hdr);
2487 break; 3275 break;
3276 case TPACKET_V3:
3277 val = sizeof(struct tpacket3_hdr);
3278 break;
2488 default: 3279 default:
2489 return -EINVAL; 3280 return -EINVAL;
2490 } 3281 }
@@ -2641,7 +3432,8 @@ static unsigned int packet_poll(struct file *file, struct socket *sock,
2641 3432
2642 spin_lock_bh(&sk->sk_receive_queue.lock); 3433 spin_lock_bh(&sk->sk_receive_queue.lock);
2643 if (po->rx_ring.pg_vec) { 3434 if (po->rx_ring.pg_vec) {
2644 if (!packet_previous_frame(po, &po->rx_ring, TP_STATUS_KERNEL)) 3435 if (!packet_previous_rx_frame(po, &po->rx_ring,
3436 TP_STATUS_KERNEL))
2645 mask |= POLLIN | POLLRDNORM; 3437 mask |= POLLIN | POLLRDNORM;
2646 } 3438 }
2647 spin_unlock_bh(&sk->sk_receive_queue.lock); 3439 spin_unlock_bh(&sk->sk_receive_queue.lock);
@@ -2760,7 +3552,7 @@ out_free_pgvec:
2760 goto out; 3552 goto out;
2761} 3553}
2762 3554
2763static int packet_set_ring(struct sock *sk, struct tpacket_req *req, 3555static int packet_set_ring(struct sock *sk, union tpacket_req_u *req_u,
2764 int closing, int tx_ring) 3556 int closing, int tx_ring)
2765{ 3557{
2766 struct pgv *pg_vec = NULL; 3558 struct pgv *pg_vec = NULL;
@@ -2769,7 +3561,15 @@ static int packet_set_ring(struct sock *sk, struct tpacket_req *req,
2769 struct packet_ring_buffer *rb; 3561 struct packet_ring_buffer *rb;
2770 struct sk_buff_head *rb_queue; 3562 struct sk_buff_head *rb_queue;
2771 __be16 num; 3563 __be16 num;
2772 int err; 3564 int err = -EINVAL;
3565 /* Added to avoid minimal code churn */
3566 struct tpacket_req *req = &req_u->req;
3567
3568 /* Opening a Tx-ring is NOT supported in TPACKET_V3 */
3569 if (!closing && tx_ring && (po->tp_version > TPACKET_V2)) {
3570 WARN(1, "Tx-ring is not supported.\n");
3571 goto out;
3572 }
2773 3573
2774 rb = tx_ring ? &po->tx_ring : &po->rx_ring; 3574 rb = tx_ring ? &po->tx_ring : &po->rx_ring;
2775 rb_queue = tx_ring ? &sk->sk_write_queue : &sk->sk_receive_queue; 3575 rb_queue = tx_ring ? &sk->sk_write_queue : &sk->sk_receive_queue;
@@ -2795,6 +3595,9 @@ static int packet_set_ring(struct sock *sk, struct tpacket_req *req,
2795 case TPACKET_V2: 3595 case TPACKET_V2:
2796 po->tp_hdrlen = TPACKET2_HDRLEN; 3596 po->tp_hdrlen = TPACKET2_HDRLEN;
2797 break; 3597 break;
3598 case TPACKET_V3:
3599 po->tp_hdrlen = TPACKET3_HDRLEN;
3600 break;
2798 } 3601 }
2799 3602
2800 err = -EINVAL; 3603 err = -EINVAL;
@@ -2820,6 +3623,17 @@ static int packet_set_ring(struct sock *sk, struct tpacket_req *req,
2820 pg_vec = alloc_pg_vec(req, order); 3623 pg_vec = alloc_pg_vec(req, order);
2821 if (unlikely(!pg_vec)) 3624 if (unlikely(!pg_vec))
2822 goto out; 3625 goto out;
3626 switch (po->tp_version) {
3627 case TPACKET_V3:
3628 /* Transmit path is not supported. We checked
3629 * it above but just being paranoid
3630 */
3631 if (!tx_ring)
3632 init_prb_bdqc(po, rb, pg_vec, req_u, tx_ring);
3633 break;
3634 default:
3635 break;
3636 }
2823 } 3637 }
2824 /* Done */ 3638 /* Done */
2825 else { 3639 else {
@@ -2872,7 +3686,11 @@ static int packet_set_ring(struct sock *sk, struct tpacket_req *req,
2872 register_prot_hook(sk); 3686 register_prot_hook(sk);
2873 } 3687 }
2874 spin_unlock(&po->bind_lock); 3688 spin_unlock(&po->bind_lock);
2875 3689 if (closing && (po->tp_version > TPACKET_V2)) {
3690 /* Because we don't support block-based V3 on tx-ring */
3691 if (!tx_ring)
3692 prb_shutdown_retire_blk_timer(po, tx_ring, rb_queue);
3693 }
2876 release_sock(sk); 3694 release_sock(sk);
2877 3695
2878 if (pg_vec) 3696 if (pg_vec)
diff --git a/net/phonet/af_phonet.c b/net/phonet/af_phonet.c
index c6fffd946d42..bf10ea8fbbf9 100644
--- a/net/phonet/af_phonet.c
+++ b/net/phonet/af_phonet.c
@@ -480,7 +480,7 @@ int __init_or_module phonet_proto_register(unsigned int protocol,
480 if (proto_tab[protocol]) 480 if (proto_tab[protocol])
481 err = -EBUSY; 481 err = -EBUSY;
482 else 482 else
483 rcu_assign_pointer(proto_tab[protocol], pp); 483 RCU_INIT_POINTER(proto_tab[protocol], pp);
484 mutex_unlock(&proto_tab_lock); 484 mutex_unlock(&proto_tab_lock);
485 485
486 return err; 486 return err;
@@ -491,7 +491,7 @@ void phonet_proto_unregister(unsigned int protocol, struct phonet_protocol *pp)
491{ 491{
492 mutex_lock(&proto_tab_lock); 492 mutex_lock(&proto_tab_lock);
493 BUG_ON(proto_tab[protocol] != pp); 493 BUG_ON(proto_tab[protocol] != pp);
494 rcu_assign_pointer(proto_tab[protocol], NULL); 494 RCU_INIT_POINTER(proto_tab[protocol], NULL);
495 mutex_unlock(&proto_tab_lock); 495 mutex_unlock(&proto_tab_lock);
496 synchronize_rcu(); 496 synchronize_rcu();
497 proto_unregister(pp->prot); 497 proto_unregister(pp->prot);
diff --git a/net/phonet/pn_dev.c b/net/phonet/pn_dev.c
index d2df8f33160b..c5827614376b 100644
--- a/net/phonet/pn_dev.c
+++ b/net/phonet/pn_dev.c
@@ -276,7 +276,7 @@ static void phonet_route_autodel(struct net_device *dev)
276 mutex_lock(&pnn->routes.lock); 276 mutex_lock(&pnn->routes.lock);
277 for (i = 0; i < 64; i++) 277 for (i = 0; i < 64; i++)
278 if (dev == pnn->routes.table[i]) { 278 if (dev == pnn->routes.table[i]) {
279 rcu_assign_pointer(pnn->routes.table[i], NULL); 279 RCU_INIT_POINTER(pnn->routes.table[i], NULL);
280 set_bit(i, deleted); 280 set_bit(i, deleted);
281 } 281 }
282 mutex_unlock(&pnn->routes.lock); 282 mutex_unlock(&pnn->routes.lock);
@@ -390,7 +390,7 @@ int phonet_route_add(struct net_device *dev, u8 daddr)
390 daddr = daddr >> 2; 390 daddr = daddr >> 2;
391 mutex_lock(&routes->lock); 391 mutex_lock(&routes->lock);
392 if (routes->table[daddr] == NULL) { 392 if (routes->table[daddr] == NULL) {
393 rcu_assign_pointer(routes->table[daddr], dev); 393 RCU_INIT_POINTER(routes->table[daddr], dev);
394 dev_hold(dev); 394 dev_hold(dev);
395 err = 0; 395 err = 0;
396 } 396 }
@@ -406,7 +406,7 @@ int phonet_route_del(struct net_device *dev, u8 daddr)
406 daddr = daddr >> 2; 406 daddr = daddr >> 2;
407 mutex_lock(&routes->lock); 407 mutex_lock(&routes->lock);
408 if (dev == routes->table[daddr]) 408 if (dev == routes->table[daddr])
409 rcu_assign_pointer(routes->table[daddr], NULL); 409 RCU_INIT_POINTER(routes->table[daddr], NULL);
410 else 410 else
411 dev = NULL; 411 dev = NULL;
412 mutex_unlock(&routes->lock); 412 mutex_unlock(&routes->lock);
diff --git a/net/phonet/socket.c b/net/phonet/socket.c
index ab07711cf2f4..676d18dc75b7 100644
--- a/net/phonet/socket.c
+++ b/net/phonet/socket.c
@@ -679,7 +679,7 @@ int pn_sock_bind_res(struct sock *sk, u8 res)
679 mutex_lock(&resource_mutex); 679 mutex_lock(&resource_mutex);
680 if (pnres.sk[res] == NULL) { 680 if (pnres.sk[res] == NULL) {
681 sock_hold(sk); 681 sock_hold(sk);
682 rcu_assign_pointer(pnres.sk[res], sk); 682 RCU_INIT_POINTER(pnres.sk[res], sk);
683 ret = 0; 683 ret = 0;
684 } 684 }
685 mutex_unlock(&resource_mutex); 685 mutex_unlock(&resource_mutex);
@@ -695,7 +695,7 @@ int pn_sock_unbind_res(struct sock *sk, u8 res)
695 695
696 mutex_lock(&resource_mutex); 696 mutex_lock(&resource_mutex);
697 if (pnres.sk[res] == sk) { 697 if (pnres.sk[res] == sk) {
698 rcu_assign_pointer(pnres.sk[res], NULL); 698 RCU_INIT_POINTER(pnres.sk[res], NULL);
699 ret = 0; 699 ret = 0;
700 } 700 }
701 mutex_unlock(&resource_mutex); 701 mutex_unlock(&resource_mutex);
@@ -714,7 +714,7 @@ void pn_sock_unbind_all_res(struct sock *sk)
714 mutex_lock(&resource_mutex); 714 mutex_lock(&resource_mutex);
715 for (res = 0; res < 256; res++) { 715 for (res = 0; res < 256; res++) {
716 if (pnres.sk[res] == sk) { 716 if (pnres.sk[res] == sk) {
717 rcu_assign_pointer(pnres.sk[res], NULL); 717 RCU_INIT_POINTER(pnres.sk[res], NULL);
718 match++; 718 match++;
719 } 719 }
720 } 720 }
diff --git a/net/rds/Kconfig b/net/rds/Kconfig
index ec753b3ae72a..4cf6dc7910e4 100644
--- a/net/rds/Kconfig
+++ b/net/rds/Kconfig
@@ -9,6 +9,7 @@ config RDS
9 9
10config RDS_RDMA 10config RDS_RDMA
11 tristate "RDS over Infiniband and iWARP" 11 tristate "RDS over Infiniband and iWARP"
12 select LLIST
12 depends on RDS && INFINIBAND && INFINIBAND_ADDR_TRANS 13 depends on RDS && INFINIBAND && INFINIBAND_ADDR_TRANS
13 ---help--- 14 ---help---
14 Allow RDS to use Infiniband and iWARP as a transport. 15 Allow RDS to use Infiniband and iWARP as a transport.
diff --git a/net/rds/ib_cm.c b/net/rds/ib_cm.c
index cd67026be2d5..51c868923f64 100644
--- a/net/rds/ib_cm.c
+++ b/net/rds/ib_cm.c
@@ -375,23 +375,21 @@ static int rds_ib_setup_qp(struct rds_connection *conn)
375 goto out; 375 goto out;
376 } 376 }
377 377
378 ic->i_sends = vmalloc_node(ic->i_send_ring.w_nr * sizeof(struct rds_ib_send_work), 378 ic->i_sends = vzalloc_node(ic->i_send_ring.w_nr * sizeof(struct rds_ib_send_work),
379 ibdev_to_node(dev)); 379 ibdev_to_node(dev));
380 if (!ic->i_sends) { 380 if (!ic->i_sends) {
381 ret = -ENOMEM; 381 ret = -ENOMEM;
382 rdsdebug("send allocation failed\n"); 382 rdsdebug("send allocation failed\n");
383 goto out; 383 goto out;
384 } 384 }
385 memset(ic->i_sends, 0, ic->i_send_ring.w_nr * sizeof(struct rds_ib_send_work));
386 385
387 ic->i_recvs = vmalloc_node(ic->i_recv_ring.w_nr * sizeof(struct rds_ib_recv_work), 386 ic->i_recvs = vzalloc_node(ic->i_recv_ring.w_nr * sizeof(struct rds_ib_recv_work),
388 ibdev_to_node(dev)); 387 ibdev_to_node(dev));
389 if (!ic->i_recvs) { 388 if (!ic->i_recvs) {
390 ret = -ENOMEM; 389 ret = -ENOMEM;
391 rdsdebug("recv allocation failed\n"); 390 rdsdebug("recv allocation failed\n");
392 goto out; 391 goto out;
393 } 392 }
394 memset(ic->i_recvs, 0, ic->i_recv_ring.w_nr * sizeof(struct rds_ib_recv_work));
395 393
396 rds_ib_recv_init_ack(ic); 394 rds_ib_recv_init_ack(ic);
397 395
diff --git a/net/rds/ib_rdma.c b/net/rds/ib_rdma.c
index 819c35a0d9cb..e8fdb172adbb 100644
--- a/net/rds/ib_rdma.c
+++ b/net/rds/ib_rdma.c
@@ -33,10 +33,10 @@
33#include <linux/kernel.h> 33#include <linux/kernel.h>
34#include <linux/slab.h> 34#include <linux/slab.h>
35#include <linux/rculist.h> 35#include <linux/rculist.h>
36#include <linux/llist.h>
36 37
37#include "rds.h" 38#include "rds.h"
38#include "ib.h" 39#include "ib.h"
39#include "xlist.h"
40 40
41static DEFINE_PER_CPU(unsigned long, clean_list_grace); 41static DEFINE_PER_CPU(unsigned long, clean_list_grace);
42#define CLEAN_LIST_BUSY_BIT 0 42#define CLEAN_LIST_BUSY_BIT 0
@@ -49,7 +49,7 @@ struct rds_ib_mr {
49 struct rds_ib_mr_pool *pool; 49 struct rds_ib_mr_pool *pool;
50 struct ib_fmr *fmr; 50 struct ib_fmr *fmr;
51 51
52 struct xlist_head xlist; 52 struct llist_node llnode;
53 53
54 /* unmap_list is for freeing */ 54 /* unmap_list is for freeing */
55 struct list_head unmap_list; 55 struct list_head unmap_list;
@@ -71,9 +71,9 @@ struct rds_ib_mr_pool {
71 atomic_t item_count; /* total # of MRs */ 71 atomic_t item_count; /* total # of MRs */
72 atomic_t dirty_count; /* # dirty of MRs */ 72 atomic_t dirty_count; /* # dirty of MRs */
73 73
74 struct xlist_head drop_list; /* MRs that have reached their max_maps limit */ 74 struct llist_head drop_list; /* MRs that have reached their max_maps limit */
75 struct xlist_head free_list; /* unused MRs */ 75 struct llist_head free_list; /* unused MRs */
76 struct xlist_head clean_list; /* global unused & unamapped MRs */ 76 struct llist_head clean_list; /* global unused & unamapped MRs */
77 wait_queue_head_t flush_wait; 77 wait_queue_head_t flush_wait;
78 78
79 atomic_t free_pinned; /* memory pinned by free MRs */ 79 atomic_t free_pinned; /* memory pinned by free MRs */
@@ -220,9 +220,9 @@ struct rds_ib_mr_pool *rds_ib_create_mr_pool(struct rds_ib_device *rds_ibdev)
220 if (!pool) 220 if (!pool)
221 return ERR_PTR(-ENOMEM); 221 return ERR_PTR(-ENOMEM);
222 222
223 INIT_XLIST_HEAD(&pool->free_list); 223 init_llist_head(&pool->free_list);
224 INIT_XLIST_HEAD(&pool->drop_list); 224 init_llist_head(&pool->drop_list);
225 INIT_XLIST_HEAD(&pool->clean_list); 225 init_llist_head(&pool->clean_list);
226 mutex_init(&pool->flush_lock); 226 mutex_init(&pool->flush_lock);
227 init_waitqueue_head(&pool->flush_wait); 227 init_waitqueue_head(&pool->flush_wait);
228 INIT_DELAYED_WORK(&pool->flush_worker, rds_ib_mr_pool_flush_worker); 228 INIT_DELAYED_WORK(&pool->flush_worker, rds_ib_mr_pool_flush_worker);
@@ -260,26 +260,18 @@ void rds_ib_destroy_mr_pool(struct rds_ib_mr_pool *pool)
260 kfree(pool); 260 kfree(pool);
261} 261}
262 262
263static void refill_local(struct rds_ib_mr_pool *pool, struct xlist_head *xl,
264 struct rds_ib_mr **ibmr_ret)
265{
266 struct xlist_head *ibmr_xl;
267 ibmr_xl = xlist_del_head_fast(xl);
268 *ibmr_ret = list_entry(ibmr_xl, struct rds_ib_mr, xlist);
269}
270
271static inline struct rds_ib_mr *rds_ib_reuse_fmr(struct rds_ib_mr_pool *pool) 263static inline struct rds_ib_mr *rds_ib_reuse_fmr(struct rds_ib_mr_pool *pool)
272{ 264{
273 struct rds_ib_mr *ibmr = NULL; 265 struct rds_ib_mr *ibmr = NULL;
274 struct xlist_head *ret; 266 struct llist_node *ret;
275 unsigned long *flag; 267 unsigned long *flag;
276 268
277 preempt_disable(); 269 preempt_disable();
278 flag = &__get_cpu_var(clean_list_grace); 270 flag = &__get_cpu_var(clean_list_grace);
279 set_bit(CLEAN_LIST_BUSY_BIT, flag); 271 set_bit(CLEAN_LIST_BUSY_BIT, flag);
280 ret = xlist_del_head(&pool->clean_list); 272 ret = llist_del_first(&pool->clean_list);
281 if (ret) 273 if (ret)
282 ibmr = list_entry(ret, struct rds_ib_mr, xlist); 274 ibmr = llist_entry(ret, struct rds_ib_mr, llnode);
283 275
284 clear_bit(CLEAN_LIST_BUSY_BIT, flag); 276 clear_bit(CLEAN_LIST_BUSY_BIT, flag);
285 preempt_enable(); 277 preempt_enable();
@@ -529,46 +521,44 @@ static inline unsigned int rds_ib_flush_goal(struct rds_ib_mr_pool *pool, int fr
529} 521}
530 522
531/* 523/*
532 * given an xlist of mrs, put them all into the list_head for more processing 524 * given an llist of mrs, put them all into the list_head for more processing
533 */ 525 */
534static void xlist_append_to_list(struct xlist_head *xlist, struct list_head *list) 526static void llist_append_to_list(struct llist_head *llist, struct list_head *list)
535{ 527{
536 struct rds_ib_mr *ibmr; 528 struct rds_ib_mr *ibmr;
537 struct xlist_head splice; 529 struct llist_node *node;
538 struct xlist_head *cur; 530 struct llist_node *next;
539 struct xlist_head *next; 531
540 532 node = llist_del_all(llist);
541 splice.next = NULL; 533 while (node) {
542 xlist_splice(xlist, &splice); 534 next = node->next;
543 cur = splice.next; 535 ibmr = llist_entry(node, struct rds_ib_mr, llnode);
544 while (cur) {
545 next = cur->next;
546 ibmr = list_entry(cur, struct rds_ib_mr, xlist);
547 list_add_tail(&ibmr->unmap_list, list); 536 list_add_tail(&ibmr->unmap_list, list);
548 cur = next; 537 node = next;
549 } 538 }
550} 539}
551 540
552/* 541/*
553 * this takes a list head of mrs and turns it into an xlist of clusters. 542 * this takes a list head of mrs and turns it into linked llist nodes
554 * each cluster has an xlist of MR_CLUSTER_SIZE mrs that are ready for 543 * of clusters. Each cluster has linked llist nodes of
555 * reuse. 544 * MR_CLUSTER_SIZE mrs that are ready for reuse.
556 */ 545 */
557static void list_append_to_xlist(struct rds_ib_mr_pool *pool, 546static void list_to_llist_nodes(struct rds_ib_mr_pool *pool,
558 struct list_head *list, struct xlist_head *xlist, 547 struct list_head *list,
559 struct xlist_head **tail_ret) 548 struct llist_node **nodes_head,
549 struct llist_node **nodes_tail)
560{ 550{
561 struct rds_ib_mr *ibmr; 551 struct rds_ib_mr *ibmr;
562 struct xlist_head *cur_mr = xlist; 552 struct llist_node *cur = NULL;
563 struct xlist_head *tail_mr = NULL; 553 struct llist_node **next = nodes_head;
564 554
565 list_for_each_entry(ibmr, list, unmap_list) { 555 list_for_each_entry(ibmr, list, unmap_list) {
566 tail_mr = &ibmr->xlist; 556 cur = &ibmr->llnode;
567 tail_mr->next = NULL; 557 *next = cur;
568 cur_mr->next = tail_mr; 558 next = &cur->next;
569 cur_mr = tail_mr;
570 } 559 }
571 *tail_ret = tail_mr; 560 *next = NULL;
561 *nodes_tail = cur;
572} 562}
573 563
574/* 564/*
@@ -581,8 +571,8 @@ static int rds_ib_flush_mr_pool(struct rds_ib_mr_pool *pool,
581 int free_all, struct rds_ib_mr **ibmr_ret) 571 int free_all, struct rds_ib_mr **ibmr_ret)
582{ 572{
583 struct rds_ib_mr *ibmr, *next; 573 struct rds_ib_mr *ibmr, *next;
584 struct xlist_head clean_xlist; 574 struct llist_node *clean_nodes;
585 struct xlist_head *clean_tail; 575 struct llist_node *clean_tail;
586 LIST_HEAD(unmap_list); 576 LIST_HEAD(unmap_list);
587 LIST_HEAD(fmr_list); 577 LIST_HEAD(fmr_list);
588 unsigned long unpinned = 0; 578 unsigned long unpinned = 0;
@@ -603,7 +593,7 @@ static int rds_ib_flush_mr_pool(struct rds_ib_mr_pool *pool,
603 593
604 prepare_to_wait(&pool->flush_wait, &wait, 594 prepare_to_wait(&pool->flush_wait, &wait,
605 TASK_UNINTERRUPTIBLE); 595 TASK_UNINTERRUPTIBLE);
606 if (xlist_empty(&pool->clean_list)) 596 if (llist_empty(&pool->clean_list))
607 schedule(); 597 schedule();
608 598
609 ibmr = rds_ib_reuse_fmr(pool); 599 ibmr = rds_ib_reuse_fmr(pool);
@@ -628,10 +618,10 @@ static int rds_ib_flush_mr_pool(struct rds_ib_mr_pool *pool,
628 /* Get the list of all MRs to be dropped. Ordering matters - 618 /* Get the list of all MRs to be dropped. Ordering matters -
629 * we want to put drop_list ahead of free_list. 619 * we want to put drop_list ahead of free_list.
630 */ 620 */
631 xlist_append_to_list(&pool->drop_list, &unmap_list); 621 llist_append_to_list(&pool->drop_list, &unmap_list);
632 xlist_append_to_list(&pool->free_list, &unmap_list); 622 llist_append_to_list(&pool->free_list, &unmap_list);
633 if (free_all) 623 if (free_all)
634 xlist_append_to_list(&pool->clean_list, &unmap_list); 624 llist_append_to_list(&pool->clean_list, &unmap_list);
635 625
636 free_goal = rds_ib_flush_goal(pool, free_all); 626 free_goal = rds_ib_flush_goal(pool, free_all);
637 627
@@ -663,22 +653,22 @@ static int rds_ib_flush_mr_pool(struct rds_ib_mr_pool *pool,
663 if (!list_empty(&unmap_list)) { 653 if (!list_empty(&unmap_list)) {
664 /* we have to make sure that none of the things we're about 654 /* we have to make sure that none of the things we're about
665 * to put on the clean list would race with other cpus trying 655 * to put on the clean list would race with other cpus trying
666 * to pull items off. The xlist would explode if we managed to 656 * to pull items off. The llist would explode if we managed to
667 * remove something from the clean list and then add it back again 657 * remove something from the clean list and then add it back again
668 * while another CPU was spinning on that same item in xlist_del_head. 658 * while another CPU was spinning on that same item in llist_del_first.
669 * 659 *
670 * This is pretty unlikely, but just in case wait for an xlist grace period 660 * This is pretty unlikely, but just in case wait for an llist grace period
671 * here before adding anything back into the clean list. 661 * here before adding anything back into the clean list.
672 */ 662 */
673 wait_clean_list_grace(); 663 wait_clean_list_grace();
674 664
675 list_append_to_xlist(pool, &unmap_list, &clean_xlist, &clean_tail); 665 list_to_llist_nodes(pool, &unmap_list, &clean_nodes, &clean_tail);
676 if (ibmr_ret) 666 if (ibmr_ret)
677 refill_local(pool, &clean_xlist, ibmr_ret); 667 *ibmr_ret = llist_entry(clean_nodes, struct rds_ib_mr, llnode);
678 668
679 /* refill_local may have emptied our list */ 669 /* more than one entry in llist nodes */
680 if (!xlist_empty(&clean_xlist)) 670 if (clean_nodes->next)
681 xlist_add(clean_xlist.next, clean_tail, &pool->clean_list); 671 llist_add_batch(clean_nodes->next, clean_tail, &pool->clean_list);
682 672
683 } 673 }
684 674
@@ -711,9 +701,9 @@ void rds_ib_free_mr(void *trans_private, int invalidate)
711 701
712 /* Return it to the pool's free list */ 702 /* Return it to the pool's free list */
713 if (ibmr->remap_count >= pool->fmr_attr.max_maps) 703 if (ibmr->remap_count >= pool->fmr_attr.max_maps)
714 xlist_add(&ibmr->xlist, &ibmr->xlist, &pool->drop_list); 704 llist_add(&ibmr->llnode, &pool->drop_list);
715 else 705 else
716 xlist_add(&ibmr->xlist, &ibmr->xlist, &pool->free_list); 706 llist_add(&ibmr->llnode, &pool->free_list);
717 707
718 atomic_add(ibmr->sg_len, &pool->free_pinned); 708 atomic_add(ibmr->sg_len, &pool->free_pinned);
719 atomic_inc(&pool->dirty_count); 709 atomic_inc(&pool->dirty_count);
diff --git a/net/rds/iw_rdma.c b/net/rds/iw_rdma.c
index 8b77edbab272..4e1de171866c 100644
--- a/net/rds/iw_rdma.c
+++ b/net/rds/iw_rdma.c
@@ -84,7 +84,8 @@ static int rds_iw_map_fastreg(struct rds_iw_mr_pool *pool,
84static void rds_iw_free_fastreg(struct rds_iw_mr_pool *pool, struct rds_iw_mr *ibmr); 84static void rds_iw_free_fastreg(struct rds_iw_mr_pool *pool, struct rds_iw_mr *ibmr);
85static unsigned int rds_iw_unmap_fastreg_list(struct rds_iw_mr_pool *pool, 85static unsigned int rds_iw_unmap_fastreg_list(struct rds_iw_mr_pool *pool,
86 struct list_head *unmap_list, 86 struct list_head *unmap_list,
87 struct list_head *kill_list); 87 struct list_head *kill_list,
88 int *unpinned);
88static void rds_iw_destroy_fastreg(struct rds_iw_mr_pool *pool, struct rds_iw_mr *ibmr); 89static void rds_iw_destroy_fastreg(struct rds_iw_mr_pool *pool, struct rds_iw_mr *ibmr);
89 90
90static int rds_iw_get_device(struct rds_sock *rs, struct rds_iw_device **rds_iwdev, struct rdma_cm_id **cm_id) 91static int rds_iw_get_device(struct rds_sock *rs, struct rds_iw_device **rds_iwdev, struct rdma_cm_id **cm_id)
@@ -499,7 +500,7 @@ static int rds_iw_flush_mr_pool(struct rds_iw_mr_pool *pool, int free_all)
499 LIST_HEAD(unmap_list); 500 LIST_HEAD(unmap_list);
500 LIST_HEAD(kill_list); 501 LIST_HEAD(kill_list);
501 unsigned long flags; 502 unsigned long flags;
502 unsigned int nfreed = 0, ncleaned = 0, free_goal; 503 unsigned int nfreed = 0, ncleaned = 0, unpinned = 0, free_goal;
503 int ret = 0; 504 int ret = 0;
504 505
505 rds_iw_stats_inc(s_iw_rdma_mr_pool_flush); 506 rds_iw_stats_inc(s_iw_rdma_mr_pool_flush);
@@ -524,7 +525,8 @@ static int rds_iw_flush_mr_pool(struct rds_iw_mr_pool *pool, int free_all)
524 * will be destroyed by the unmap function. 525 * will be destroyed by the unmap function.
525 */ 526 */
526 if (!list_empty(&unmap_list)) { 527 if (!list_empty(&unmap_list)) {
527 ncleaned = rds_iw_unmap_fastreg_list(pool, &unmap_list, &kill_list); 528 ncleaned = rds_iw_unmap_fastreg_list(pool, &unmap_list,
529 &kill_list, &unpinned);
528 /* If we've been asked to destroy all MRs, move those 530 /* If we've been asked to destroy all MRs, move those
529 * that were simply cleaned to the kill list */ 531 * that were simply cleaned to the kill list */
530 if (free_all) 532 if (free_all)
@@ -548,6 +550,7 @@ static int rds_iw_flush_mr_pool(struct rds_iw_mr_pool *pool, int free_all)
548 spin_unlock_irqrestore(&pool->list_lock, flags); 550 spin_unlock_irqrestore(&pool->list_lock, flags);
549 } 551 }
550 552
553 atomic_sub(unpinned, &pool->free_pinned);
551 atomic_sub(ncleaned, &pool->dirty_count); 554 atomic_sub(ncleaned, &pool->dirty_count);
552 atomic_sub(nfreed, &pool->item_count); 555 atomic_sub(nfreed, &pool->item_count);
553 556
@@ -828,7 +831,8 @@ static void rds_iw_free_fastreg(struct rds_iw_mr_pool *pool,
828 831
829static unsigned int rds_iw_unmap_fastreg_list(struct rds_iw_mr_pool *pool, 832static unsigned int rds_iw_unmap_fastreg_list(struct rds_iw_mr_pool *pool,
830 struct list_head *unmap_list, 833 struct list_head *unmap_list,
831 struct list_head *kill_list) 834 struct list_head *kill_list,
835 int *unpinned)
832{ 836{
833 struct rds_iw_mapping *mapping, *next; 837 struct rds_iw_mapping *mapping, *next;
834 unsigned int ncleaned = 0; 838 unsigned int ncleaned = 0;
@@ -855,6 +859,7 @@ static unsigned int rds_iw_unmap_fastreg_list(struct rds_iw_mr_pool *pool,
855 859
856 spin_lock_irqsave(&pool->list_lock, flags); 860 spin_lock_irqsave(&pool->list_lock, flags);
857 list_for_each_entry_safe(mapping, next, unmap_list, m_list) { 861 list_for_each_entry_safe(mapping, next, unmap_list, m_list) {
862 *unpinned += mapping->m_sg.len;
858 list_move(&mapping->m_list, &laundered); 863 list_move(&mapping->m_list, &laundered);
859 ncleaned++; 864 ncleaned++;
860 } 865 }
diff --git a/net/rds/xlist.h b/net/rds/xlist.h
deleted file mode 100644
index e6b5190daddd..000000000000
--- a/net/rds/xlist.h
+++ /dev/null
@@ -1,80 +0,0 @@
1#ifndef _LINUX_XLIST_H
2#define _LINUX_XLIST_H
3
4#include <linux/stddef.h>
5#include <linux/poison.h>
6#include <linux/prefetch.h>
7#include <asm/system.h>
8
9struct xlist_head {
10 struct xlist_head *next;
11};
12
13static inline void INIT_XLIST_HEAD(struct xlist_head *list)
14{
15 list->next = NULL;
16}
17
18static inline int xlist_empty(struct xlist_head *head)
19{
20 return head->next == NULL;
21}
22
23static inline void xlist_add(struct xlist_head *new, struct xlist_head *tail,
24 struct xlist_head *head)
25{
26 struct xlist_head *cur;
27 struct xlist_head *check;
28
29 while (1) {
30 cur = head->next;
31 tail->next = cur;
32 check = cmpxchg(&head->next, cur, new);
33 if (check == cur)
34 break;
35 }
36}
37
38static inline struct xlist_head *xlist_del_head(struct xlist_head *head)
39{
40 struct xlist_head *cur;
41 struct xlist_head *check;
42 struct xlist_head *next;
43
44 while (1) {
45 cur = head->next;
46 if (!cur)
47 goto out;
48
49 next = cur->next;
50 check = cmpxchg(&head->next, cur, next);
51 if (check == cur)
52 goto out;
53 }
54out:
55 return cur;
56}
57
58static inline struct xlist_head *xlist_del_head_fast(struct xlist_head *head)
59{
60 struct xlist_head *cur;
61
62 cur = head->next;
63 if (!cur)
64 return NULL;
65
66 head->next = cur->next;
67 return cur;
68}
69
70static inline void xlist_splice(struct xlist_head *list,
71 struct xlist_head *head)
72{
73 struct xlist_head *cur;
74
75 WARN_ON(head->next);
76 cur = xchg(&list->next, NULL);
77 head->next = cur;
78}
79
80#endif
diff --git a/net/rfkill/rfkill-gpio.c b/net/rfkill/rfkill-gpio.c
index 256c5ddd2d72..128677d69056 100644
--- a/net/rfkill/rfkill-gpio.c
+++ b/net/rfkill/rfkill-gpio.c
@@ -101,6 +101,14 @@ static int rfkill_gpio_probe(struct platform_device *pdev)
101 if (!rfkill) 101 if (!rfkill)
102 return -ENOMEM; 102 return -ENOMEM;
103 103
104 if (pdata->gpio_runtime_setup) {
105 ret = pdata->gpio_runtime_setup(pdev);
106 if (ret) {
107 pr_warn("%s: can't set up gpio\n", __func__);
108 return ret;
109 }
110 }
111
104 rfkill->pdata = pdata; 112 rfkill->pdata = pdata;
105 113
106 len = strlen(pdata->name); 114 len = strlen(pdata->name);
@@ -182,7 +190,10 @@ fail_alloc:
182static int rfkill_gpio_remove(struct platform_device *pdev) 190static int rfkill_gpio_remove(struct platform_device *pdev)
183{ 191{
184 struct rfkill_gpio_data *rfkill = platform_get_drvdata(pdev); 192 struct rfkill_gpio_data *rfkill = platform_get_drvdata(pdev);
193 struct rfkill_gpio_platform_data *pdata = pdev->dev.platform_data;
185 194
195 if (pdata->gpio_runtime_close)
196 pdata->gpio_runtime_close(pdev);
186 rfkill_unregister(rfkill->rfkill_dev); 197 rfkill_unregister(rfkill->rfkill_dev);
187 rfkill_destroy(rfkill->rfkill_dev); 198 rfkill_destroy(rfkill->rfkill_dev);
188 if (gpio_is_valid(rfkill->pdata->shutdown_gpio)) 199 if (gpio_is_valid(rfkill->pdata->shutdown_gpio))
diff --git a/net/sched/act_mirred.c b/net/sched/act_mirred.c
index 102fc212cd64..e051398fdf6b 100644
--- a/net/sched/act_mirred.c
+++ b/net/sched/act_mirred.c
@@ -196,8 +196,7 @@ static int tcf_mirred(struct sk_buff *skb, const struct tc_action *a,
196 196
197 skb2->skb_iif = skb->dev->ifindex; 197 skb2->skb_iif = skb->dev->ifindex;
198 skb2->dev = dev; 198 skb2->dev = dev;
199 dev_queue_xmit(skb2); 199 err = dev_queue_xmit(skb2);
200 err = 0;
201 200
202out: 201out:
203 if (err) { 202 if (err) {
diff --git a/net/sched/cls_flow.c b/net/sched/cls_flow.c
index 6994214db8f8..9e087d885675 100644
--- a/net/sched/cls_flow.c
+++ b/net/sched/cls_flow.c
@@ -65,132 +65,134 @@ static inline u32 addr_fold(void *addr)
65 return (a & 0xFFFFFFFF) ^ (BITS_PER_LONG > 32 ? a >> 32 : 0); 65 return (a & 0xFFFFFFFF) ^ (BITS_PER_LONG > 32 ? a >> 32 : 0);
66} 66}
67 67
68static u32 flow_get_src(struct sk_buff *skb) 68static u32 flow_get_src(const struct sk_buff *skb, int nhoff)
69{ 69{
70 __be32 *data = NULL, hdata;
71
70 switch (skb->protocol) { 72 switch (skb->protocol) {
71 case htons(ETH_P_IP): 73 case htons(ETH_P_IP):
72 if (pskb_network_may_pull(skb, sizeof(struct iphdr))) 74 data = skb_header_pointer(skb,
73 return ntohl(ip_hdr(skb)->saddr); 75 nhoff + offsetof(struct iphdr,
76 saddr),
77 4, &hdata);
74 break; 78 break;
75 case htons(ETH_P_IPV6): 79 case htons(ETH_P_IPV6):
76 if (pskb_network_may_pull(skb, sizeof(struct ipv6hdr))) 80 data = skb_header_pointer(skb,
77 return ntohl(ipv6_hdr(skb)->saddr.s6_addr32[3]); 81 nhoff + offsetof(struct ipv6hdr,
82 saddr.s6_addr32[3]),
83 4, &hdata);
78 break; 84 break;
79 } 85 }
80 86
87 if (data)
88 return ntohl(*data);
81 return addr_fold(skb->sk); 89 return addr_fold(skb->sk);
82} 90}
83 91
84static u32 flow_get_dst(struct sk_buff *skb) 92static u32 flow_get_dst(const struct sk_buff *skb, int nhoff)
85{ 93{
94 __be32 *data = NULL, hdata;
95
86 switch (skb->protocol) { 96 switch (skb->protocol) {
87 case htons(ETH_P_IP): 97 case htons(ETH_P_IP):
88 if (pskb_network_may_pull(skb, sizeof(struct iphdr))) 98 data = skb_header_pointer(skb,
89 return ntohl(ip_hdr(skb)->daddr); 99 nhoff + offsetof(struct iphdr,
100 daddr),
101 4, &hdata);
90 break; 102 break;
91 case htons(ETH_P_IPV6): 103 case htons(ETH_P_IPV6):
92 if (pskb_network_may_pull(skb, sizeof(struct ipv6hdr))) 104 data = skb_header_pointer(skb,
93 return ntohl(ipv6_hdr(skb)->daddr.s6_addr32[3]); 105 nhoff + offsetof(struct ipv6hdr,
106 daddr.s6_addr32[3]),
107 4, &hdata);
94 break; 108 break;
95 } 109 }
96 110
111 if (data)
112 return ntohl(*data);
97 return addr_fold(skb_dst(skb)) ^ (__force u16)skb->protocol; 113 return addr_fold(skb_dst(skb)) ^ (__force u16)skb->protocol;
98} 114}
99 115
100static u32 flow_get_proto(struct sk_buff *skb) 116static u32 flow_get_proto(const struct sk_buff *skb, int nhoff)
101{ 117{
118 __u8 *data = NULL, hdata;
119
102 switch (skb->protocol) { 120 switch (skb->protocol) {
103 case htons(ETH_P_IP): 121 case htons(ETH_P_IP):
104 return pskb_network_may_pull(skb, sizeof(struct iphdr)) ? 122 data = skb_header_pointer(skb,
105 ip_hdr(skb)->protocol : 0; 123 nhoff + offsetof(struct iphdr,
124 protocol),
125 1, &hdata);
126 break;
106 case htons(ETH_P_IPV6): 127 case htons(ETH_P_IPV6):
107 return pskb_network_may_pull(skb, sizeof(struct ipv6hdr)) ? 128 data = skb_header_pointer(skb,
108 ipv6_hdr(skb)->nexthdr : 0; 129 nhoff + offsetof(struct ipv6hdr,
109 default: 130 nexthdr),
110 return 0; 131 1, &hdata);
132 break;
111 } 133 }
134 if (data)
135 return *data;
136 return 0;
112} 137}
113 138
114static u32 flow_get_proto_src(struct sk_buff *skb) 139/* helper function to get either src or dst port */
140static __be16 *flow_get_proto_common(const struct sk_buff *skb, int nhoff,
141 __be16 *_port, int dst)
115{ 142{
143 __be16 *port = NULL;
144 int poff;
145
116 switch (skb->protocol) { 146 switch (skb->protocol) {
117 case htons(ETH_P_IP): { 147 case htons(ETH_P_IP): {
118 struct iphdr *iph; 148 struct iphdr *iph, _iph;
119 int poff;
120 149
121 if (!pskb_network_may_pull(skb, sizeof(*iph))) 150 iph = skb_header_pointer(skb, nhoff, sizeof(_iph), &_iph);
151 if (!iph)
122 break; 152 break;
123 iph = ip_hdr(skb);
124 if (ip_is_fragment(iph)) 153 if (ip_is_fragment(iph))
125 break; 154 break;
126 poff = proto_ports_offset(iph->protocol); 155 poff = proto_ports_offset(iph->protocol);
127 if (poff >= 0 && 156 if (poff >= 0)
128 pskb_network_may_pull(skb, iph->ihl * 4 + 2 + poff)) { 157 port = skb_header_pointer(skb,
129 iph = ip_hdr(skb); 158 nhoff + iph->ihl * 4 + poff + dst,
130 return ntohs(*(__be16 *)((void *)iph + iph->ihl * 4 + 159 sizeof(*_port), _port);
131 poff));
132 }
133 break; 160 break;
134 } 161 }
135 case htons(ETH_P_IPV6): { 162 case htons(ETH_P_IPV6): {
136 struct ipv6hdr *iph; 163 struct ipv6hdr *iph, _iph;
137 int poff;
138 164
139 if (!pskb_network_may_pull(skb, sizeof(*iph))) 165 iph = skb_header_pointer(skb, nhoff, sizeof(_iph), &_iph);
166 if (!iph)
140 break; 167 break;
141 iph = ipv6_hdr(skb);
142 poff = proto_ports_offset(iph->nexthdr); 168 poff = proto_ports_offset(iph->nexthdr);
143 if (poff >= 0 && 169 if (poff >= 0)
144 pskb_network_may_pull(skb, sizeof(*iph) + poff + 2)) { 170 port = skb_header_pointer(skb,
145 iph = ipv6_hdr(skb); 171 nhoff + sizeof(*iph) + poff + dst,
146 return ntohs(*(__be16 *)((void *)iph + sizeof(*iph) + 172 sizeof(*_port), _port);
147 poff));
148 }
149 break; 173 break;
150 } 174 }
151 } 175 }
152 176
153 return addr_fold(skb->sk); 177 return port;
154} 178}
155 179
156static u32 flow_get_proto_dst(struct sk_buff *skb) 180static u32 flow_get_proto_src(const struct sk_buff *skb, int nhoff)
157{ 181{
158 switch (skb->protocol) { 182 __be16 _port, *port = flow_get_proto_common(skb, nhoff, &_port, 0);
159 case htons(ETH_P_IP): {
160 struct iphdr *iph;
161 int poff;
162 183
163 if (!pskb_network_may_pull(skb, sizeof(*iph))) 184 if (port)
164 break; 185 return ntohs(*port);
165 iph = ip_hdr(skb);
166 if (ip_is_fragment(iph))
167 break;
168 poff = proto_ports_offset(iph->protocol);
169 if (poff >= 0 &&
170 pskb_network_may_pull(skb, iph->ihl * 4 + 4 + poff)) {
171 iph = ip_hdr(skb);
172 return ntohs(*(__be16 *)((void *)iph + iph->ihl * 4 +
173 2 + poff));
174 }
175 break;
176 }
177 case htons(ETH_P_IPV6): {
178 struct ipv6hdr *iph;
179 int poff;
180 186
181 if (!pskb_network_may_pull(skb, sizeof(*iph))) 187 return addr_fold(skb->sk);
182 break; 188}
183 iph = ipv6_hdr(skb); 189
184 poff = proto_ports_offset(iph->nexthdr); 190static u32 flow_get_proto_dst(const struct sk_buff *skb, int nhoff)
185 if (poff >= 0 && 191{
186 pskb_network_may_pull(skb, sizeof(*iph) + poff + 4)) { 192 __be16 _port, *port = flow_get_proto_common(skb, nhoff, &_port, 2);
187 iph = ipv6_hdr(skb); 193
188 return ntohs(*(__be16 *)((void *)iph + sizeof(*iph) + 194 if (port)
189 poff + 2)); 195 return ntohs(*port);
190 }
191 break;
192 }
193 }
194 196
195 return addr_fold(skb_dst(skb)) ^ (__force u16)skb->protocol; 197 return addr_fold(skb_dst(skb)) ^ (__force u16)skb->protocol;
196} 198}
@@ -223,7 +225,7 @@ static u32 flow_get_nfct(const struct sk_buff *skb)
223#define CTTUPLE(skb, member) \ 225#define CTTUPLE(skb, member) \
224({ \ 226({ \
225 enum ip_conntrack_info ctinfo; \ 227 enum ip_conntrack_info ctinfo; \
226 struct nf_conn *ct = nf_ct_get(skb, &ctinfo); \ 228 const struct nf_conn *ct = nf_ct_get(skb, &ctinfo); \
227 if (ct == NULL) \ 229 if (ct == NULL) \
228 goto fallback; \ 230 goto fallback; \
229 ct->tuplehash[CTINFO2DIR(ctinfo)].tuple.member; \ 231 ct->tuplehash[CTINFO2DIR(ctinfo)].tuple.member; \
@@ -236,7 +238,7 @@ static u32 flow_get_nfct(const struct sk_buff *skb)
236}) 238})
237#endif 239#endif
238 240
239static u32 flow_get_nfct_src(struct sk_buff *skb) 241static u32 flow_get_nfct_src(const struct sk_buff *skb, int nhoff)
240{ 242{
241 switch (skb->protocol) { 243 switch (skb->protocol) {
242 case htons(ETH_P_IP): 244 case htons(ETH_P_IP):
@@ -245,10 +247,10 @@ static u32 flow_get_nfct_src(struct sk_buff *skb)
245 return ntohl(CTTUPLE(skb, src.u3.ip6[3])); 247 return ntohl(CTTUPLE(skb, src.u3.ip6[3]));
246 } 248 }
247fallback: 249fallback:
248 return flow_get_src(skb); 250 return flow_get_src(skb, nhoff);
249} 251}
250 252
251static u32 flow_get_nfct_dst(struct sk_buff *skb) 253static u32 flow_get_nfct_dst(const struct sk_buff *skb, int nhoff)
252{ 254{
253 switch (skb->protocol) { 255 switch (skb->protocol) {
254 case htons(ETH_P_IP): 256 case htons(ETH_P_IP):
@@ -257,21 +259,21 @@ static u32 flow_get_nfct_dst(struct sk_buff *skb)
257 return ntohl(CTTUPLE(skb, dst.u3.ip6[3])); 259 return ntohl(CTTUPLE(skb, dst.u3.ip6[3]));
258 } 260 }
259fallback: 261fallback:
260 return flow_get_dst(skb); 262 return flow_get_dst(skb, nhoff);
261} 263}
262 264
263static u32 flow_get_nfct_proto_src(struct sk_buff *skb) 265static u32 flow_get_nfct_proto_src(const struct sk_buff *skb, int nhoff)
264{ 266{
265 return ntohs(CTTUPLE(skb, src.u.all)); 267 return ntohs(CTTUPLE(skb, src.u.all));
266fallback: 268fallback:
267 return flow_get_proto_src(skb); 269 return flow_get_proto_src(skb, nhoff);
268} 270}
269 271
270static u32 flow_get_nfct_proto_dst(struct sk_buff *skb) 272static u32 flow_get_nfct_proto_dst(const struct sk_buff *skb, int nhoff)
271{ 273{
272 return ntohs(CTTUPLE(skb, dst.u.all)); 274 return ntohs(CTTUPLE(skb, dst.u.all));
273fallback: 275fallback:
274 return flow_get_proto_dst(skb); 276 return flow_get_proto_dst(skb, nhoff);
275} 277}
276 278
277static u32 flow_get_rtclassid(const struct sk_buff *skb) 279static u32 flow_get_rtclassid(const struct sk_buff *skb)
@@ -313,17 +315,19 @@ static u32 flow_get_rxhash(struct sk_buff *skb)
313 315
314static u32 flow_key_get(struct sk_buff *skb, int key) 316static u32 flow_key_get(struct sk_buff *skb, int key)
315{ 317{
318 int nhoff = skb_network_offset(skb);
319
316 switch (key) { 320 switch (key) {
317 case FLOW_KEY_SRC: 321 case FLOW_KEY_SRC:
318 return flow_get_src(skb); 322 return flow_get_src(skb, nhoff);
319 case FLOW_KEY_DST: 323 case FLOW_KEY_DST:
320 return flow_get_dst(skb); 324 return flow_get_dst(skb, nhoff);
321 case FLOW_KEY_PROTO: 325 case FLOW_KEY_PROTO:
322 return flow_get_proto(skb); 326 return flow_get_proto(skb, nhoff);
323 case FLOW_KEY_PROTO_SRC: 327 case FLOW_KEY_PROTO_SRC:
324 return flow_get_proto_src(skb); 328 return flow_get_proto_src(skb, nhoff);
325 case FLOW_KEY_PROTO_DST: 329 case FLOW_KEY_PROTO_DST:
326 return flow_get_proto_dst(skb); 330 return flow_get_proto_dst(skb, nhoff);
327 case FLOW_KEY_IIF: 331 case FLOW_KEY_IIF:
328 return flow_get_iif(skb); 332 return flow_get_iif(skb);
329 case FLOW_KEY_PRIORITY: 333 case FLOW_KEY_PRIORITY:
@@ -333,13 +337,13 @@ static u32 flow_key_get(struct sk_buff *skb, int key)
333 case FLOW_KEY_NFCT: 337 case FLOW_KEY_NFCT:
334 return flow_get_nfct(skb); 338 return flow_get_nfct(skb);
335 case FLOW_KEY_NFCT_SRC: 339 case FLOW_KEY_NFCT_SRC:
336 return flow_get_nfct_src(skb); 340 return flow_get_nfct_src(skb, nhoff);
337 case FLOW_KEY_NFCT_DST: 341 case FLOW_KEY_NFCT_DST:
338 return flow_get_nfct_dst(skb); 342 return flow_get_nfct_dst(skb, nhoff);
339 case FLOW_KEY_NFCT_PROTO_SRC: 343 case FLOW_KEY_NFCT_PROTO_SRC:
340 return flow_get_nfct_proto_src(skb); 344 return flow_get_nfct_proto_src(skb, nhoff);
341 case FLOW_KEY_NFCT_PROTO_DST: 345 case FLOW_KEY_NFCT_PROTO_DST:
342 return flow_get_nfct_proto_dst(skb); 346 return flow_get_nfct_proto_dst(skb, nhoff);
343 case FLOW_KEY_RTCLASSID: 347 case FLOW_KEY_RTCLASSID:
344 return flow_get_rtclassid(skb); 348 return flow_get_rtclassid(skb);
345 case FLOW_KEY_SKUID: 349 case FLOW_KEY_SKUID:
diff --git a/net/sched/cls_rsvp.h b/net/sched/cls_rsvp.h
index be4505ee67a9..b01427924f81 100644
--- a/net/sched/cls_rsvp.h
+++ b/net/sched/cls_rsvp.h
@@ -425,7 +425,7 @@ static int rsvp_change(struct tcf_proto *tp, unsigned long base,
425 struct rsvp_filter *f, **fp; 425 struct rsvp_filter *f, **fp;
426 struct rsvp_session *s, **sp; 426 struct rsvp_session *s, **sp;
427 struct tc_rsvp_pinfo *pinfo = NULL; 427 struct tc_rsvp_pinfo *pinfo = NULL;
428 struct nlattr *opt = tca[TCA_OPTIONS-1]; 428 struct nlattr *opt = tca[TCA_OPTIONS];
429 struct nlattr *tb[TCA_RSVP_MAX + 1]; 429 struct nlattr *tb[TCA_RSVP_MAX + 1];
430 struct tcf_exts e; 430 struct tcf_exts e;
431 unsigned int h1, h2; 431 unsigned int h1, h2;
@@ -439,7 +439,7 @@ static int rsvp_change(struct tcf_proto *tp, unsigned long base,
439 if (err < 0) 439 if (err < 0)
440 return err; 440 return err;
441 441
442 err = tcf_exts_validate(tp, tb, tca[TCA_RATE-1], &e, &rsvp_ext_map); 442 err = tcf_exts_validate(tp, tb, tca[TCA_RATE], &e, &rsvp_ext_map);
443 if (err < 0) 443 if (err < 0)
444 return err; 444 return err;
445 445
@@ -449,8 +449,8 @@ static int rsvp_change(struct tcf_proto *tp, unsigned long base,
449 449
450 if (f->handle != handle && handle) 450 if (f->handle != handle && handle)
451 goto errout2; 451 goto errout2;
452 if (tb[TCA_RSVP_CLASSID-1]) { 452 if (tb[TCA_RSVP_CLASSID]) {
453 f->res.classid = nla_get_u32(tb[TCA_RSVP_CLASSID-1]); 453 f->res.classid = nla_get_u32(tb[TCA_RSVP_CLASSID]);
454 tcf_bind_filter(tp, &f->res, base); 454 tcf_bind_filter(tp, &f->res, base);
455 } 455 }
456 456
@@ -462,7 +462,7 @@ static int rsvp_change(struct tcf_proto *tp, unsigned long base,
462 err = -EINVAL; 462 err = -EINVAL;
463 if (handle) 463 if (handle)
464 goto errout2; 464 goto errout2;
465 if (tb[TCA_RSVP_DST-1] == NULL) 465 if (tb[TCA_RSVP_DST] == NULL)
466 goto errout2; 466 goto errout2;
467 467
468 err = -ENOBUFS; 468 err = -ENOBUFS;
@@ -471,19 +471,19 @@ static int rsvp_change(struct tcf_proto *tp, unsigned long base,
471 goto errout2; 471 goto errout2;
472 472
473 h2 = 16; 473 h2 = 16;
474 if (tb[TCA_RSVP_SRC-1]) { 474 if (tb[TCA_RSVP_SRC]) {
475 memcpy(f->src, nla_data(tb[TCA_RSVP_SRC-1]), sizeof(f->src)); 475 memcpy(f->src, nla_data(tb[TCA_RSVP_SRC]), sizeof(f->src));
476 h2 = hash_src(f->src); 476 h2 = hash_src(f->src);
477 } 477 }
478 if (tb[TCA_RSVP_PINFO-1]) { 478 if (tb[TCA_RSVP_PINFO]) {
479 pinfo = nla_data(tb[TCA_RSVP_PINFO-1]); 479 pinfo = nla_data(tb[TCA_RSVP_PINFO]);
480 f->spi = pinfo->spi; 480 f->spi = pinfo->spi;
481 f->tunnelhdr = pinfo->tunnelhdr; 481 f->tunnelhdr = pinfo->tunnelhdr;
482 } 482 }
483 if (tb[TCA_RSVP_CLASSID-1]) 483 if (tb[TCA_RSVP_CLASSID])
484 f->res.classid = nla_get_u32(tb[TCA_RSVP_CLASSID-1]); 484 f->res.classid = nla_get_u32(tb[TCA_RSVP_CLASSID]);
485 485
486 dst = nla_data(tb[TCA_RSVP_DST-1]); 486 dst = nla_data(tb[TCA_RSVP_DST]);
487 h1 = hash_dst(dst, pinfo ? pinfo->protocol : 0, pinfo ? pinfo->tunnelid : 0); 487 h1 = hash_dst(dst, pinfo ? pinfo->protocol : 0, pinfo ? pinfo->tunnelid : 0);
488 488
489 err = -ENOMEM; 489 err = -ENOMEM;
@@ -642,8 +642,7 @@ nla_put_failure:
642 return -1; 642 return -1;
643} 643}
644 644
645static struct tcf_proto_ops RSVP_OPS = { 645static struct tcf_proto_ops RSVP_OPS __read_mostly = {
646 .next = NULL,
647 .kind = RSVP_ID, 646 .kind = RSVP_ID,
648 .classify = rsvp_classify, 647 .classify = rsvp_classify,
649 .init = rsvp_init, 648 .init = rsvp_init,
diff --git a/net/sched/sch_prio.c b/net/sched/sch_prio.c
index 2a318f2dc3e5..b5d56a22b1d2 100644
--- a/net/sched/sch_prio.c
+++ b/net/sched/sch_prio.c
@@ -112,7 +112,7 @@ static struct sk_buff *prio_dequeue(struct Qdisc *sch)
112 112
113 for (prio = 0; prio < q->bands; prio++) { 113 for (prio = 0; prio < q->bands; prio++) {
114 struct Qdisc *qdisc = q->queues[prio]; 114 struct Qdisc *qdisc = q->queues[prio];
115 struct sk_buff *skb = qdisc->dequeue(qdisc); 115 struct sk_buff *skb = qdisc_dequeue_peeked(qdisc);
116 if (skb) { 116 if (skb) {
117 qdisc_bstats_update(sch, skb); 117 qdisc_bstats_update(sch, skb);
118 sch->q.qlen--; 118 sch->q.qlen--;
diff --git a/net/sched/sch_sfb.c b/net/sched/sch_sfb.c
index 0a833d0c1f61..e83c272c0325 100644
--- a/net/sched/sch_sfb.c
+++ b/net/sched/sch_sfb.c
@@ -287,6 +287,12 @@ static int sfb_enqueue(struct sk_buff *skb, struct Qdisc *sch)
287 u32 r, slot, salt, sfbhash; 287 u32 r, slot, salt, sfbhash;
288 int ret = NET_XMIT_SUCCESS | __NET_XMIT_BYPASS; 288 int ret = NET_XMIT_SUCCESS | __NET_XMIT_BYPASS;
289 289
290 if (unlikely(sch->q.qlen >= q->limit)) {
291 sch->qstats.overlimits++;
292 q->stats.queuedrop++;
293 goto drop;
294 }
295
290 if (q->rehash_interval > 0) { 296 if (q->rehash_interval > 0) {
291 unsigned long limit = q->rehash_time + q->rehash_interval; 297 unsigned long limit = q->rehash_time + q->rehash_interval;
292 298
@@ -332,12 +338,9 @@ static int sfb_enqueue(struct sk_buff *skb, struct Qdisc *sch)
332 slot ^= 1; 338 slot ^= 1;
333 sfb_skb_cb(skb)->hashes[slot] = 0; 339 sfb_skb_cb(skb)->hashes[slot] = 0;
334 340
335 if (unlikely(minqlen >= q->max || sch->q.qlen >= q->limit)) { 341 if (unlikely(minqlen >= q->max)) {
336 sch->qstats.overlimits++; 342 sch->qstats.overlimits++;
337 if (minqlen >= q->max) 343 q->stats.bucketdrop++;
338 q->stats.bucketdrop++;
339 else
340 q->stats.queuedrop++;
341 goto drop; 344 goto drop;
342 } 345 }
343 346
diff --git a/net/sched/sch_sfq.c b/net/sched/sch_sfq.c
index 4536ee64383e..4f5510e2bd6f 100644
--- a/net/sched/sch_sfq.c
+++ b/net/sched/sch_sfq.c
@@ -410,7 +410,12 @@ sfq_enqueue(struct sk_buff *skb, struct Qdisc *sch)
410 /* Return Congestion Notification only if we dropped a packet 410 /* Return Congestion Notification only if we dropped a packet
411 * from this flow. 411 * from this flow.
412 */ 412 */
413 return (qlen != slot->qlen) ? NET_XMIT_CN : NET_XMIT_SUCCESS; 413 if (qlen != slot->qlen)
414 return NET_XMIT_CN;
415
416 /* As we dropped a packet, better let upper stack know this */
417 qdisc_tree_decrease_qlen(sch, 1);
418 return NET_XMIT_SUCCESS;
414} 419}
415 420
416static struct sk_buff * 421static struct sk_buff *
diff --git a/net/sctp/associola.c b/net/sctp/associola.c
index dc16b90ddb6f..152b5b3c3fff 100644
--- a/net/sctp/associola.c
+++ b/net/sctp/associola.c
@@ -282,6 +282,7 @@ static struct sctp_association *sctp_association_init(struct sctp_association *a
282 asoc->peer.asconf_capable = 1; 282 asoc->peer.asconf_capable = 1;
283 asoc->asconf_addr_del_pending = NULL; 283 asoc->asconf_addr_del_pending = NULL;
284 asoc->src_out_of_asoc_ok = 0; 284 asoc->src_out_of_asoc_ok = 0;
285 asoc->new_transport = NULL;
285 286
286 /* Create an input queue. */ 287 /* Create an input queue. */
287 sctp_inq_init(&asoc->base.inqueue); 288 sctp_inq_init(&asoc->base.inqueue);
diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c
index aabaee41dd3e..810427833bcd 100644
--- a/net/sctp/ipv6.c
+++ b/net/sctp/ipv6.c
@@ -243,7 +243,7 @@ static int sctp_v6_xmit(struct sk_buff *skb, struct sctp_transport *transport)
243 if (!(transport->param_flags & SPP_PMTUD_ENABLE)) 243 if (!(transport->param_flags & SPP_PMTUD_ENABLE))
244 skb->local_df = 1; 244 skb->local_df = 1;
245 245
246 return ip6_xmit(sk, skb, &fl6, np->opt); 246 return ip6_xmit(sk, skb, &fl6, np->opt, np->tclass);
247} 247}
248 248
249/* Returns the dst cache entry for the given source and destination ip 249/* Returns the dst cache entry for the given source and destination ip
diff --git a/net/sctp/outqueue.c b/net/sctp/outqueue.c
index a6d27bf563a5..14c2b06028ff 100644
--- a/net/sctp/outqueue.c
+++ b/net/sctp/outqueue.c
@@ -917,6 +917,8 @@ static int sctp_outq_flush(struct sctp_outq *q, int rtx_timeout)
917 * current cwnd). 917 * current cwnd).
918 */ 918 */
919 if (!list_empty(&q->retransmit)) { 919 if (!list_empty(&q->retransmit)) {
920 if (asoc->peer.retran_path->state == SCTP_UNCONFIRMED)
921 goto sctp_flush_out;
920 if (transport == asoc->peer.retran_path) 922 if (transport == asoc->peer.retran_path)
921 goto retran; 923 goto retran;
922 924
@@ -989,6 +991,8 @@ static int sctp_outq_flush(struct sctp_outq *q, int rtx_timeout)
989 ((new_transport->state == SCTP_INACTIVE) || 991 ((new_transport->state == SCTP_INACTIVE) ||
990 (new_transport->state == SCTP_UNCONFIRMED))) 992 (new_transport->state == SCTP_UNCONFIRMED)))
991 new_transport = asoc->peer.active_path; 993 new_transport = asoc->peer.active_path;
994 if (new_transport->state == SCTP_UNCONFIRMED)
995 continue;
992 996
993 /* Change packets if necessary. */ 997 /* Change packets if necessary. */
994 if (new_transport != transport) { 998 if (new_transport != transport) {
diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c
index 91784f44a2e2..61b9fca5a173 100644
--- a/net/sctp/protocol.c
+++ b/net/sctp/protocol.c
@@ -1299,7 +1299,7 @@ SCTP_STATIC __init int sctp_init(void)
1299 max_share = min(4UL*1024*1024, limit); 1299 max_share = min(4UL*1024*1024, limit);
1300 1300
1301 sysctl_sctp_rmem[0] = SK_MEM_QUANTUM; /* give each asoc 1 page min */ 1301 sysctl_sctp_rmem[0] = SK_MEM_QUANTUM; /* give each asoc 1 page min */
1302 sysctl_sctp_rmem[1] = (1500 *(sizeof(struct sk_buff) + 1)); 1302 sysctl_sctp_rmem[1] = 1500 * SKB_TRUESIZE(1);
1303 sysctl_sctp_rmem[2] = max(sysctl_sctp_rmem[1], max_share); 1303 sysctl_sctp_rmem[2] = max(sysctl_sctp_rmem[1], max_share);
1304 1304
1305 sysctl_sctp_wmem[0] = SK_MEM_QUANTUM; 1305 sysctl_sctp_wmem[0] = SK_MEM_QUANTUM;
diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c
index 81db4e385352..0121e0ab0351 100644
--- a/net/sctp/sm_make_chunk.c
+++ b/net/sctp/sm_make_chunk.c
@@ -3015,6 +3015,7 @@ static __be16 sctp_process_asconf_param(struct sctp_association *asoc,
3015 /* Start the heartbeat timer. */ 3015 /* Start the heartbeat timer. */
3016 if (!mod_timer(&peer->hb_timer, sctp_transport_timeout(peer))) 3016 if (!mod_timer(&peer->hb_timer, sctp_transport_timeout(peer)))
3017 sctp_transport_hold(peer); 3017 sctp_transport_hold(peer);
3018 asoc->new_transport = peer;
3018 break; 3019 break;
3019 case SCTP_PARAM_DEL_IP: 3020 case SCTP_PARAM_DEL_IP:
3020 /* ADDIP 4.3 D7) If a request is received to delete the 3021 /* ADDIP 4.3 D7) If a request is received to delete the
diff --git a/net/sctp/sm_sideeffect.c b/net/sctp/sm_sideeffect.c
index 167c880cf8da..76388b083f28 100644
--- a/net/sctp/sm_sideeffect.c
+++ b/net/sctp/sm_sideeffect.c
@@ -1689,6 +1689,11 @@ static int sctp_cmd_interpreter(sctp_event_t event_type,
1689 case SCTP_CMD_PURGE_ASCONF_QUEUE: 1689 case SCTP_CMD_PURGE_ASCONF_QUEUE:
1690 sctp_asconf_queue_teardown(asoc); 1690 sctp_asconf_queue_teardown(asoc);
1691 break; 1691 break;
1692
1693 case SCTP_CMD_SET_ASOC:
1694 asoc = cmd->obj.asoc;
1695 break;
1696
1692 default: 1697 default:
1693 pr_warn("Impossible command: %u, %p\n", 1698 pr_warn("Impossible command: %u, %p\n",
1694 cmd->verb, cmd->obj.ptr); 1699 cmd->verb, cmd->obj.ptr);
diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
index 49b847b00f99..891f5db8cc31 100644
--- a/net/sctp/sm_statefuns.c
+++ b/net/sctp/sm_statefuns.c
@@ -2047,6 +2047,12 @@ sctp_disposition_t sctp_sf_do_5_2_4_dupcook(const struct sctp_endpoint *ep,
2047 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_ASOC, SCTP_ASOC(new_asoc)); 2047 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_ASOC, SCTP_ASOC(new_asoc));
2048 sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB, SCTP_NULL()); 2048 sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB, SCTP_NULL());
2049 2049
2050 /* Restore association pointer to provide SCTP command interpeter
2051 * with a valid context in case it needs to manipulate
2052 * the queues */
2053 sctp_add_cmd_sf(commands, SCTP_CMD_SET_ASOC,
2054 SCTP_ASOC((struct sctp_association *)asoc));
2055
2050 return retval; 2056 return retval;
2051 2057
2052nomem: 2058nomem:
@@ -3612,6 +3618,11 @@ sctp_disposition_t sctp_sf_do_asconf(const struct sctp_endpoint *ep,
3612 */ 3618 */
3613 asconf_ack->dest = chunk->source; 3619 asconf_ack->dest = chunk->source;
3614 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(asconf_ack)); 3620 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(asconf_ack));
3621 if (asoc->new_transport) {
3622 sctp_sf_heartbeat(ep, asoc, type, asoc->new_transport,
3623 commands);
3624 ((struct sctp_association *)asoc)->new_transport = NULL;
3625 }
3615 3626
3616 return SCTP_DISPOSITION_CONSUME; 3627 return SCTP_DISPOSITION_CONSUME;
3617} 3628}
diff --git a/net/socket.c b/net/socket.c
index b1cbbcd92558..2877647f347b 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -1871,8 +1871,14 @@ SYSCALL_DEFINE2(shutdown, int, fd, int, how)
1871#define COMPAT_NAMELEN(msg) COMPAT_MSG(msg, msg_namelen) 1871#define COMPAT_NAMELEN(msg) COMPAT_MSG(msg, msg_namelen)
1872#define COMPAT_FLAGS(msg) COMPAT_MSG(msg, msg_flags) 1872#define COMPAT_FLAGS(msg) COMPAT_MSG(msg, msg_flags)
1873 1873
1874struct used_address {
1875 struct sockaddr_storage name;
1876 unsigned int name_len;
1877};
1878
1874static int __sys_sendmsg(struct socket *sock, struct msghdr __user *msg, 1879static int __sys_sendmsg(struct socket *sock, struct msghdr __user *msg,
1875 struct msghdr *msg_sys, unsigned flags, int nosec) 1880 struct msghdr *msg_sys, unsigned flags,
1881 struct used_address *used_address)
1876{ 1882{
1877 struct compat_msghdr __user *msg_compat = 1883 struct compat_msghdr __user *msg_compat =
1878 (struct compat_msghdr __user *)msg; 1884 (struct compat_msghdr __user *)msg;
@@ -1953,8 +1959,30 @@ static int __sys_sendmsg(struct socket *sock, struct msghdr __user *msg,
1953 1959
1954 if (sock->file->f_flags & O_NONBLOCK) 1960 if (sock->file->f_flags & O_NONBLOCK)
1955 msg_sys->msg_flags |= MSG_DONTWAIT; 1961 msg_sys->msg_flags |= MSG_DONTWAIT;
1956 err = (nosec ? sock_sendmsg_nosec : sock_sendmsg)(sock, msg_sys, 1962 /*
1957 total_len); 1963 * If this is sendmmsg() and current destination address is same as
1964 * previously succeeded address, omit asking LSM's decision.
1965 * used_address->name_len is initialized to UINT_MAX so that the first
1966 * destination address never matches.
1967 */
1968 if (used_address && msg_sys->msg_name &&
1969 used_address->name_len == msg_sys->msg_namelen &&
1970 !memcmp(&used_address->name, msg_sys->msg_name,
1971 used_address->name_len)) {
1972 err = sock_sendmsg_nosec(sock, msg_sys, total_len);
1973 goto out_freectl;
1974 }
1975 err = sock_sendmsg(sock, msg_sys, total_len);
1976 /*
1977 * If this is sendmmsg() and sending to current destination address was
1978 * successful, remember it.
1979 */
1980 if (used_address && err >= 0) {
1981 used_address->name_len = msg_sys->msg_namelen;
1982 if (msg_sys->msg_name)
1983 memcpy(&used_address->name, msg_sys->msg_name,
1984 used_address->name_len);
1985 }
1958 1986
1959out_freectl: 1987out_freectl:
1960 if (ctl_buf != ctl) 1988 if (ctl_buf != ctl)
@@ -1979,7 +2007,7 @@ SYSCALL_DEFINE3(sendmsg, int, fd, struct msghdr __user *, msg, unsigned, flags)
1979 if (!sock) 2007 if (!sock)
1980 goto out; 2008 goto out;
1981 2009
1982 err = __sys_sendmsg(sock, msg, &msg_sys, flags, 0); 2010 err = __sys_sendmsg(sock, msg, &msg_sys, flags, NULL);
1983 2011
1984 fput_light(sock->file, fput_needed); 2012 fput_light(sock->file, fput_needed);
1985out: 2013out:
@@ -1998,6 +2026,10 @@ int __sys_sendmmsg(int fd, struct mmsghdr __user *mmsg, unsigned int vlen,
1998 struct mmsghdr __user *entry; 2026 struct mmsghdr __user *entry;
1999 struct compat_mmsghdr __user *compat_entry; 2027 struct compat_mmsghdr __user *compat_entry;
2000 struct msghdr msg_sys; 2028 struct msghdr msg_sys;
2029 struct used_address used_address;
2030
2031 if (vlen > UIO_MAXIOV)
2032 vlen = UIO_MAXIOV;
2001 2033
2002 datagrams = 0; 2034 datagrams = 0;
2003 2035
@@ -2005,27 +2037,22 @@ int __sys_sendmmsg(int fd, struct mmsghdr __user *mmsg, unsigned int vlen,
2005 if (!sock) 2037 if (!sock)
2006 return err; 2038 return err;
2007 2039
2008 err = sock_error(sock->sk); 2040 used_address.name_len = UINT_MAX;
2009 if (err)
2010 goto out_put;
2011
2012 entry = mmsg; 2041 entry = mmsg;
2013 compat_entry = (struct compat_mmsghdr __user *)mmsg; 2042 compat_entry = (struct compat_mmsghdr __user *)mmsg;
2043 err = 0;
2014 2044
2015 while (datagrams < vlen) { 2045 while (datagrams < vlen) {
2016 /*
2017 * No need to ask LSM for more than the first datagram.
2018 */
2019 if (MSG_CMSG_COMPAT & flags) { 2046 if (MSG_CMSG_COMPAT & flags) {
2020 err = __sys_sendmsg(sock, (struct msghdr __user *)compat_entry, 2047 err = __sys_sendmsg(sock, (struct msghdr __user *)compat_entry,
2021 &msg_sys, flags, datagrams); 2048 &msg_sys, flags, &used_address);
2022 if (err < 0) 2049 if (err < 0)
2023 break; 2050 break;
2024 err = __put_user(err, &compat_entry->msg_len); 2051 err = __put_user(err, &compat_entry->msg_len);
2025 ++compat_entry; 2052 ++compat_entry;
2026 } else { 2053 } else {
2027 err = __sys_sendmsg(sock, (struct msghdr __user *)entry, 2054 err = __sys_sendmsg(sock, (struct msghdr __user *)entry,
2028 &msg_sys, flags, datagrams); 2055 &msg_sys, flags, &used_address);
2029 if (err < 0) 2056 if (err < 0)
2030 break; 2057 break;
2031 err = put_user(err, &entry->msg_len); 2058 err = put_user(err, &entry->msg_len);
@@ -2037,29 +2064,11 @@ int __sys_sendmmsg(int fd, struct mmsghdr __user *mmsg, unsigned int vlen,
2037 ++datagrams; 2064 ++datagrams;
2038 } 2065 }
2039 2066
2040out_put:
2041 fput_light(sock->file, fput_needed); 2067 fput_light(sock->file, fput_needed);
2042 2068
2043 if (err == 0) 2069 /* We only return an error if no datagrams were able to be sent */
2044 return datagrams; 2070 if (datagrams != 0)
2045
2046 if (datagrams != 0) {
2047 /*
2048 * We may send less entries than requested (vlen) if the
2049 * sock is non blocking...
2050 */
2051 if (err != -EAGAIN) {
2052 /*
2053 * ... or if sendmsg returns an error after we
2054 * send some datagrams, where we record the
2055 * error to return on the next call or if the
2056 * app asks about it using getsockopt(SO_ERROR).
2057 */
2058 sock->sk->sk_err = -err;
2059 }
2060
2061 return datagrams; 2071 return datagrams;
2062 }
2063 2072
2064 return err; 2073 return err;
2065} 2074}
@@ -2463,7 +2472,7 @@ int sock_register(const struct net_proto_family *ops)
2463 lockdep_is_held(&net_family_lock))) 2472 lockdep_is_held(&net_family_lock)))
2464 err = -EEXIST; 2473 err = -EEXIST;
2465 else { 2474 else {
2466 rcu_assign_pointer(net_families[ops->family], ops); 2475 RCU_INIT_POINTER(net_families[ops->family], ops);
2467 err = 0; 2476 err = 0;
2468 } 2477 }
2469 spin_unlock(&net_family_lock); 2478 spin_unlock(&net_family_lock);
@@ -2491,7 +2500,7 @@ void sock_unregister(int family)
2491 BUG_ON(family < 0 || family >= NPROTO); 2500 BUG_ON(family < 0 || family >= NPROTO);
2492 2501
2493 spin_lock(&net_family_lock); 2502 spin_lock(&net_family_lock);
2494 rcu_assign_pointer(net_families[family], NULL); 2503 RCU_INIT_POINTER(net_families[family], NULL);
2495 spin_unlock(&net_family_lock); 2504 spin_unlock(&net_family_lock);
2496 2505
2497 synchronize_rcu(); 2506 synchronize_rcu();
diff --git a/net/sunrpc/addr.c b/net/sunrpc/addr.c
index 4195233c4914..4548757c9871 100644
--- a/net/sunrpc/addr.c
+++ b/net/sunrpc/addr.c
@@ -255,12 +255,13 @@ EXPORT_SYMBOL_GPL(rpc_pton);
255/** 255/**
256 * rpc_sockaddr2uaddr - Construct a universal address string from @sap. 256 * rpc_sockaddr2uaddr - Construct a universal address string from @sap.
257 * @sap: socket address 257 * @sap: socket address
258 * @gfp_flags: allocation mode
258 * 259 *
259 * Returns a %NUL-terminated string in dynamically allocated memory; 260 * Returns a %NUL-terminated string in dynamically allocated memory;
260 * otherwise NULL is returned if an error occurred. Caller must 261 * otherwise NULL is returned if an error occurred. Caller must
261 * free the returned string. 262 * free the returned string.
262 */ 263 */
263char *rpc_sockaddr2uaddr(const struct sockaddr *sap) 264char *rpc_sockaddr2uaddr(const struct sockaddr *sap, gfp_t gfp_flags)
264{ 265{
265 char portbuf[RPCBIND_MAXUADDRPLEN]; 266 char portbuf[RPCBIND_MAXUADDRPLEN];
266 char addrbuf[RPCBIND_MAXUADDRLEN]; 267 char addrbuf[RPCBIND_MAXUADDRLEN];
@@ -288,9 +289,8 @@ char *rpc_sockaddr2uaddr(const struct sockaddr *sap)
288 if (strlcat(addrbuf, portbuf, sizeof(addrbuf)) > sizeof(addrbuf)) 289 if (strlcat(addrbuf, portbuf, sizeof(addrbuf)) > sizeof(addrbuf))
289 return NULL; 290 return NULL;
290 291
291 return kstrdup(addrbuf, GFP_KERNEL); 292 return kstrdup(addrbuf, gfp_flags);
292} 293}
293EXPORT_SYMBOL_GPL(rpc_sockaddr2uaddr);
294 294
295/** 295/**
296 * rpc_uaddr2sockaddr - convert a universal address to a socket address. 296 * rpc_uaddr2sockaddr - convert a universal address to a socket address.
diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
index 364eb45e989d..afb56553dfe7 100644
--- a/net/sunrpc/auth_gss/auth_gss.c
+++ b/net/sunrpc/auth_gss/auth_gss.c
@@ -122,7 +122,7 @@ gss_cred_set_ctx(struct rpc_cred *cred, struct gss_cl_ctx *ctx)
122 if (!test_bit(RPCAUTH_CRED_NEW, &cred->cr_flags)) 122 if (!test_bit(RPCAUTH_CRED_NEW, &cred->cr_flags))
123 return; 123 return;
124 gss_get_ctx(ctx); 124 gss_get_ctx(ctx);
125 rcu_assign_pointer(gss_cred->gc_ctx, ctx); 125 RCU_INIT_POINTER(gss_cred->gc_ctx, ctx);
126 set_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags); 126 set_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
127 smp_mb__before_clear_bit(); 127 smp_mb__before_clear_bit();
128 clear_bit(RPCAUTH_CRED_NEW, &cred->cr_flags); 128 clear_bit(RPCAUTH_CRED_NEW, &cred->cr_flags);
@@ -603,26 +603,6 @@ out:
603 return err; 603 return err;
604} 604}
605 605
606static ssize_t
607gss_pipe_upcall(struct file *filp, struct rpc_pipe_msg *msg,
608 char __user *dst, size_t buflen)
609{
610 char *data = (char *)msg->data + msg->copied;
611 size_t mlen = min(msg->len, buflen);
612 unsigned long left;
613
614 left = copy_to_user(dst, data, mlen);
615 if (left == mlen) {
616 msg->errno = -EFAULT;
617 return -EFAULT;
618 }
619
620 mlen -= left;
621 msg->copied += mlen;
622 msg->errno = 0;
623 return mlen;
624}
625
626#define MSG_BUF_MAXSIZE 1024 606#define MSG_BUF_MAXSIZE 1024
627 607
628static ssize_t 608static ssize_t
@@ -970,7 +950,7 @@ gss_destroy_nullcred(struct rpc_cred *cred)
970 struct gss_auth *gss_auth = container_of(cred->cr_auth, struct gss_auth, rpc_auth); 950 struct gss_auth *gss_auth = container_of(cred->cr_auth, struct gss_auth, rpc_auth);
971 struct gss_cl_ctx *ctx = gss_cred->gc_ctx; 951 struct gss_cl_ctx *ctx = gss_cred->gc_ctx;
972 952
973 rcu_assign_pointer(gss_cred->gc_ctx, NULL); 953 RCU_INIT_POINTER(gss_cred->gc_ctx, NULL);
974 call_rcu(&cred->cr_rcu, gss_free_cred_callback); 954 call_rcu(&cred->cr_rcu, gss_free_cred_callback);
975 if (ctx) 955 if (ctx)
976 gss_put_ctx(ctx); 956 gss_put_ctx(ctx);
@@ -1590,7 +1570,7 @@ static const struct rpc_credops gss_nullops = {
1590}; 1570};
1591 1571
1592static const struct rpc_pipe_ops gss_upcall_ops_v0 = { 1572static const struct rpc_pipe_ops gss_upcall_ops_v0 = {
1593 .upcall = gss_pipe_upcall, 1573 .upcall = rpc_pipe_generic_upcall,
1594 .downcall = gss_pipe_downcall, 1574 .downcall = gss_pipe_downcall,
1595 .destroy_msg = gss_pipe_destroy_msg, 1575 .destroy_msg = gss_pipe_destroy_msg,
1596 .open_pipe = gss_pipe_open_v0, 1576 .open_pipe = gss_pipe_open_v0,
@@ -1598,7 +1578,7 @@ static const struct rpc_pipe_ops gss_upcall_ops_v0 = {
1598}; 1578};
1599 1579
1600static const struct rpc_pipe_ops gss_upcall_ops_v1 = { 1580static const struct rpc_pipe_ops gss_upcall_ops_v1 = {
1601 .upcall = gss_pipe_upcall, 1581 .upcall = rpc_pipe_generic_upcall,
1602 .downcall = gss_pipe_downcall, 1582 .downcall = gss_pipe_downcall,
1603 .destroy_msg = gss_pipe_destroy_msg, 1583 .destroy_msg = gss_pipe_destroy_msg,
1604 .open_pipe = gss_pipe_open_v1, 1584 .open_pipe = gss_pipe_open_v1,
diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c
index c5347d29cfb7..f0268ea7e711 100644
--- a/net/sunrpc/clnt.c
+++ b/net/sunrpc/clnt.c
@@ -850,7 +850,9 @@ rpc_restart_call_prepare(struct rpc_task *task)
850{ 850{
851 if (RPC_ASSASSINATED(task)) 851 if (RPC_ASSASSINATED(task))
852 return 0; 852 return 0;
853 task->tk_action = rpc_prepare_task; 853 task->tk_action = call_start;
854 if (task->tk_ops->rpc_call_prepare != NULL)
855 task->tk_action = rpc_prepare_task;
854 return 1; 856 return 1;
855} 857}
856EXPORT_SYMBOL_GPL(rpc_restart_call_prepare); 858EXPORT_SYMBOL_GPL(rpc_restart_call_prepare);
diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c
index b181e3441323..bfddd68b31d3 100644
--- a/net/sunrpc/rpc_pipe.c
+++ b/net/sunrpc/rpc_pipe.c
@@ -77,6 +77,26 @@ rpc_timeout_upcall_queue(struct work_struct *work)
77 rpc_purge_list(rpci, &free_list, destroy_msg, -ETIMEDOUT); 77 rpc_purge_list(rpci, &free_list, destroy_msg, -ETIMEDOUT);
78} 78}
79 79
80ssize_t rpc_pipe_generic_upcall(struct file *filp, struct rpc_pipe_msg *msg,
81 char __user *dst, size_t buflen)
82{
83 char *data = (char *)msg->data + msg->copied;
84 size_t mlen = min(msg->len - msg->copied, buflen);
85 unsigned long left;
86
87 left = copy_to_user(dst, data, mlen);
88 if (left == mlen) {
89 msg->errno = -EFAULT;
90 return -EFAULT;
91 }
92
93 mlen -= left;
94 msg->copied += mlen;
95 msg->errno = 0;
96 return mlen;
97}
98EXPORT_SYMBOL_GPL(rpc_pipe_generic_upcall);
99
80/** 100/**
81 * rpc_queue_upcall - queue an upcall message to userspace 101 * rpc_queue_upcall - queue an upcall message to userspace
82 * @inode: inode of upcall pipe on which to queue given message 102 * @inode: inode of upcall pipe on which to queue given message
@@ -1084,3 +1104,6 @@ void unregister_rpc_pipefs(void)
1084 kmem_cache_destroy(rpc_inode_cachep); 1104 kmem_cache_destroy(rpc_inode_cachep);
1085 unregister_filesystem(&rpc_pipe_fs_type); 1105 unregister_filesystem(&rpc_pipe_fs_type);
1086} 1106}
1107
1108/* Make 'mount -t rpc_pipefs ...' autoload this module. */
1109MODULE_ALIAS("rpc_pipefs");
diff --git a/net/sunrpc/rpcb_clnt.c b/net/sunrpc/rpcb_clnt.c
index e45d2fbbe5a8..f588b852d41c 100644
--- a/net/sunrpc/rpcb_clnt.c
+++ b/net/sunrpc/rpcb_clnt.c
@@ -410,7 +410,7 @@ static int rpcb_register_inet4(const struct sockaddr *sap,
410 unsigned short port = ntohs(sin->sin_port); 410 unsigned short port = ntohs(sin->sin_port);
411 int result; 411 int result;
412 412
413 map->r_addr = rpc_sockaddr2uaddr(sap); 413 map->r_addr = rpc_sockaddr2uaddr(sap, GFP_KERNEL);
414 414
415 dprintk("RPC: %sregistering [%u, %u, %s, '%s'] with " 415 dprintk("RPC: %sregistering [%u, %u, %s, '%s'] with "
416 "local rpcbind\n", (port ? "" : "un"), 416 "local rpcbind\n", (port ? "" : "un"),
@@ -437,7 +437,7 @@ static int rpcb_register_inet6(const struct sockaddr *sap,
437 unsigned short port = ntohs(sin6->sin6_port); 437 unsigned short port = ntohs(sin6->sin6_port);
438 int result; 438 int result;
439 439
440 map->r_addr = rpc_sockaddr2uaddr(sap); 440 map->r_addr = rpc_sockaddr2uaddr(sap, GFP_KERNEL);
441 441
442 dprintk("RPC: %sregistering [%u, %u, %s, '%s'] with " 442 dprintk("RPC: %sregistering [%u, %u, %s, '%s'] with "
443 "local rpcbind\n", (port ? "" : "un"), 443 "local rpcbind\n", (port ? "" : "un"),
@@ -686,7 +686,7 @@ void rpcb_getport_async(struct rpc_task *task)
686 case RPCBVERS_4: 686 case RPCBVERS_4:
687 case RPCBVERS_3: 687 case RPCBVERS_3:
688 map->r_netid = rpc_peeraddr2str(clnt, RPC_DISPLAY_NETID); 688 map->r_netid = rpc_peeraddr2str(clnt, RPC_DISPLAY_NETID);
689 map->r_addr = rpc_sockaddr2uaddr(sap); 689 map->r_addr = rpc_sockaddr2uaddr(sap, GFP_ATOMIC);
690 map->r_owner = ""; 690 map->r_owner = "";
691 break; 691 break;
692 case RPCBVERS_2: 692 case RPCBVERS_2:
diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c
index 6a69a1131fb7..30d70abb4e2c 100644
--- a/net/sunrpc/svc.c
+++ b/net/sunrpc/svc.c
@@ -295,6 +295,18 @@ svc_pool_map_put(void)
295} 295}
296 296
297 297
298static int svc_pool_map_get_node(unsigned int pidx)
299{
300 const struct svc_pool_map *m = &svc_pool_map;
301
302 if (m->count) {
303 if (m->mode == SVC_POOL_PERCPU)
304 return cpu_to_node(m->pool_to[pidx]);
305 if (m->mode == SVC_POOL_PERNODE)
306 return m->pool_to[pidx];
307 }
308 return NUMA_NO_NODE;
309}
298/* 310/*
299 * Set the given thread's cpus_allowed mask so that it 311 * Set the given thread's cpus_allowed mask so that it
300 * will only run on cpus in the given pool. 312 * will only run on cpus in the given pool.
@@ -499,7 +511,7 @@ EXPORT_SYMBOL_GPL(svc_destroy);
499 * We allocate pages and place them in rq_argpages. 511 * We allocate pages and place them in rq_argpages.
500 */ 512 */
501static int 513static int
502svc_init_buffer(struct svc_rqst *rqstp, unsigned int size) 514svc_init_buffer(struct svc_rqst *rqstp, unsigned int size, int node)
503{ 515{
504 unsigned int pages, arghi; 516 unsigned int pages, arghi;
505 517
@@ -513,7 +525,7 @@ svc_init_buffer(struct svc_rqst *rqstp, unsigned int size)
513 arghi = 0; 525 arghi = 0;
514 BUG_ON(pages > RPCSVC_MAXPAGES); 526 BUG_ON(pages > RPCSVC_MAXPAGES);
515 while (pages) { 527 while (pages) {
516 struct page *p = alloc_page(GFP_KERNEL); 528 struct page *p = alloc_pages_node(node, GFP_KERNEL, 0);
517 if (!p) 529 if (!p)
518 break; 530 break;
519 rqstp->rq_pages[arghi++] = p; 531 rqstp->rq_pages[arghi++] = p;
@@ -536,11 +548,11 @@ svc_release_buffer(struct svc_rqst *rqstp)
536} 548}
537 549
538struct svc_rqst * 550struct svc_rqst *
539svc_prepare_thread(struct svc_serv *serv, struct svc_pool *pool) 551svc_prepare_thread(struct svc_serv *serv, struct svc_pool *pool, int node)
540{ 552{
541 struct svc_rqst *rqstp; 553 struct svc_rqst *rqstp;
542 554
543 rqstp = kzalloc(sizeof(*rqstp), GFP_KERNEL); 555 rqstp = kzalloc_node(sizeof(*rqstp), GFP_KERNEL, node);
544 if (!rqstp) 556 if (!rqstp)
545 goto out_enomem; 557 goto out_enomem;
546 558
@@ -554,15 +566,15 @@ svc_prepare_thread(struct svc_serv *serv, struct svc_pool *pool)
554 rqstp->rq_server = serv; 566 rqstp->rq_server = serv;
555 rqstp->rq_pool = pool; 567 rqstp->rq_pool = pool;
556 568
557 rqstp->rq_argp = kmalloc(serv->sv_xdrsize, GFP_KERNEL); 569 rqstp->rq_argp = kmalloc_node(serv->sv_xdrsize, GFP_KERNEL, node);
558 if (!rqstp->rq_argp) 570 if (!rqstp->rq_argp)
559 goto out_thread; 571 goto out_thread;
560 572
561 rqstp->rq_resp = kmalloc(serv->sv_xdrsize, GFP_KERNEL); 573 rqstp->rq_resp = kmalloc_node(serv->sv_xdrsize, GFP_KERNEL, node);
562 if (!rqstp->rq_resp) 574 if (!rqstp->rq_resp)
563 goto out_thread; 575 goto out_thread;
564 576
565 if (!svc_init_buffer(rqstp, serv->sv_max_mesg)) 577 if (!svc_init_buffer(rqstp, serv->sv_max_mesg, node))
566 goto out_thread; 578 goto out_thread;
567 579
568 return rqstp; 580 return rqstp;
@@ -647,6 +659,7 @@ svc_set_num_threads(struct svc_serv *serv, struct svc_pool *pool, int nrservs)
647 struct svc_pool *chosen_pool; 659 struct svc_pool *chosen_pool;
648 int error = 0; 660 int error = 0;
649 unsigned int state = serv->sv_nrthreads-1; 661 unsigned int state = serv->sv_nrthreads-1;
662 int node;
650 663
651 if (pool == NULL) { 664 if (pool == NULL) {
652 /* The -1 assumes caller has done a svc_get() */ 665 /* The -1 assumes caller has done a svc_get() */
@@ -662,14 +675,16 @@ svc_set_num_threads(struct svc_serv *serv, struct svc_pool *pool, int nrservs)
662 nrservs--; 675 nrservs--;
663 chosen_pool = choose_pool(serv, pool, &state); 676 chosen_pool = choose_pool(serv, pool, &state);
664 677
665 rqstp = svc_prepare_thread(serv, chosen_pool); 678 node = svc_pool_map_get_node(chosen_pool->sp_id);
679 rqstp = svc_prepare_thread(serv, chosen_pool, node);
666 if (IS_ERR(rqstp)) { 680 if (IS_ERR(rqstp)) {
667 error = PTR_ERR(rqstp); 681 error = PTR_ERR(rqstp);
668 break; 682 break;
669 } 683 }
670 684
671 __module_get(serv->sv_module); 685 __module_get(serv->sv_module);
672 task = kthread_create(serv->sv_function, rqstp, serv->sv_name); 686 task = kthread_create_on_node(serv->sv_function, rqstp,
687 node, serv->sv_name);
673 if (IS_ERR(task)) { 688 if (IS_ERR(task)) {
674 error = PTR_ERR(task); 689 error = PTR_ERR(task);
675 module_put(serv->sv_module); 690 module_put(serv->sv_module);
diff --git a/net/sunrpc/svc_xprt.c b/net/sunrpc/svc_xprt.c
index bd31208bbb61..d86bb673e1f6 100644
--- a/net/sunrpc/svc_xprt.c
+++ b/net/sunrpc/svc_xprt.c
@@ -254,8 +254,6 @@ EXPORT_SYMBOL_GPL(svc_create_xprt);
254 */ 254 */
255void svc_xprt_copy_addrs(struct svc_rqst *rqstp, struct svc_xprt *xprt) 255void svc_xprt_copy_addrs(struct svc_rqst *rqstp, struct svc_xprt *xprt)
256{ 256{
257 struct sockaddr *sin;
258
259 memcpy(&rqstp->rq_addr, &xprt->xpt_remote, xprt->xpt_remotelen); 257 memcpy(&rqstp->rq_addr, &xprt->xpt_remote, xprt->xpt_remotelen);
260 rqstp->rq_addrlen = xprt->xpt_remotelen; 258 rqstp->rq_addrlen = xprt->xpt_remotelen;
261 259
@@ -263,15 +261,8 @@ void svc_xprt_copy_addrs(struct svc_rqst *rqstp, struct svc_xprt *xprt)
263 * Destination address in request is needed for binding the 261 * Destination address in request is needed for binding the
264 * source address in RPC replies/callbacks later. 262 * source address in RPC replies/callbacks later.
265 */ 263 */
266 sin = (struct sockaddr *)&xprt->xpt_local; 264 memcpy(&rqstp->rq_daddr, &xprt->xpt_local, xprt->xpt_locallen);
267 switch (sin->sa_family) { 265 rqstp->rq_daddrlen = xprt->xpt_locallen;
268 case AF_INET:
269 rqstp->rq_daddr.addr = ((struct sockaddr_in *)sin)->sin_addr;
270 break;
271 case AF_INET6:
272 rqstp->rq_daddr.addr6 = ((struct sockaddr_in6 *)sin)->sin6_addr;
273 break;
274 }
275} 266}
276EXPORT_SYMBOL_GPL(svc_xprt_copy_addrs); 267EXPORT_SYMBOL_GPL(svc_xprt_copy_addrs);
277 268
diff --git a/net/sunrpc/svcsock.c b/net/sunrpc/svcsock.c
index 767d494de7a2..dfd686eb0b7f 100644
--- a/net/sunrpc/svcsock.c
+++ b/net/sunrpc/svcsock.c
@@ -143,19 +143,20 @@ static void svc_set_cmsg_data(struct svc_rqst *rqstp, struct cmsghdr *cmh)
143 cmh->cmsg_level = SOL_IP; 143 cmh->cmsg_level = SOL_IP;
144 cmh->cmsg_type = IP_PKTINFO; 144 cmh->cmsg_type = IP_PKTINFO;
145 pki->ipi_ifindex = 0; 145 pki->ipi_ifindex = 0;
146 pki->ipi_spec_dst.s_addr = rqstp->rq_daddr.addr.s_addr; 146 pki->ipi_spec_dst.s_addr =
147 svc_daddr_in(rqstp)->sin_addr.s_addr;
147 cmh->cmsg_len = CMSG_LEN(sizeof(*pki)); 148 cmh->cmsg_len = CMSG_LEN(sizeof(*pki));
148 } 149 }
149 break; 150 break;
150 151
151 case AF_INET6: { 152 case AF_INET6: {
152 struct in6_pktinfo *pki = CMSG_DATA(cmh); 153 struct in6_pktinfo *pki = CMSG_DATA(cmh);
154 struct sockaddr_in6 *daddr = svc_daddr_in6(rqstp);
153 155
154 cmh->cmsg_level = SOL_IPV6; 156 cmh->cmsg_level = SOL_IPV6;
155 cmh->cmsg_type = IPV6_PKTINFO; 157 cmh->cmsg_type = IPV6_PKTINFO;
156 pki->ipi6_ifindex = 0; 158 pki->ipi6_ifindex = daddr->sin6_scope_id;
157 ipv6_addr_copy(&pki->ipi6_addr, 159 ipv6_addr_copy(&pki->ipi6_addr, &daddr->sin6_addr);
158 &rqstp->rq_daddr.addr6);
159 cmh->cmsg_len = CMSG_LEN(sizeof(*pki)); 160 cmh->cmsg_len = CMSG_LEN(sizeof(*pki));
160 } 161 }
161 break; 162 break;
@@ -498,9 +499,13 @@ static int svc_udp_get_dest_address4(struct svc_rqst *rqstp,
498 struct cmsghdr *cmh) 499 struct cmsghdr *cmh)
499{ 500{
500 struct in_pktinfo *pki = CMSG_DATA(cmh); 501 struct in_pktinfo *pki = CMSG_DATA(cmh);
502 struct sockaddr_in *daddr = svc_daddr_in(rqstp);
503
501 if (cmh->cmsg_type != IP_PKTINFO) 504 if (cmh->cmsg_type != IP_PKTINFO)
502 return 0; 505 return 0;
503 rqstp->rq_daddr.addr.s_addr = pki->ipi_spec_dst.s_addr; 506
507 daddr->sin_family = AF_INET;
508 daddr->sin_addr.s_addr = pki->ipi_spec_dst.s_addr;
504 return 1; 509 return 1;
505} 510}
506 511
@@ -511,9 +516,14 @@ static int svc_udp_get_dest_address6(struct svc_rqst *rqstp,
511 struct cmsghdr *cmh) 516 struct cmsghdr *cmh)
512{ 517{
513 struct in6_pktinfo *pki = CMSG_DATA(cmh); 518 struct in6_pktinfo *pki = CMSG_DATA(cmh);
519 struct sockaddr_in6 *daddr = svc_daddr_in6(rqstp);
520
514 if (cmh->cmsg_type != IPV6_PKTINFO) 521 if (cmh->cmsg_type != IPV6_PKTINFO)
515 return 0; 522 return 0;
516 ipv6_addr_copy(&rqstp->rq_daddr.addr6, &pki->ipi6_addr); 523
524 daddr->sin6_family = AF_INET6;
525 ipv6_addr_copy(&daddr->sin6_addr, &pki->ipi6_addr);
526 daddr->sin6_scope_id = pki->ipi6_ifindex;
517 return 1; 527 return 1;
518} 528}
519 529
@@ -614,6 +624,7 @@ static int svc_udp_recvfrom(struct svc_rqst *rqstp)
614 skb_free_datagram_locked(svsk->sk_sk, skb); 624 skb_free_datagram_locked(svsk->sk_sk, skb);
615 return 0; 625 return 0;
616 } 626 }
627 rqstp->rq_daddrlen = svc_addr_len(svc_daddr(rqstp));
617 628
618 if (skb_is_nonlinear(skb)) { 629 if (skb_is_nonlinear(skb)) {
619 /* we have to copy */ 630 /* we have to copy */
diff --git a/net/sunrpc/xprt.c b/net/sunrpc/xprt.c
index 9b6a4d1ea8f8..f4385e45a5fc 100644
--- a/net/sunrpc/xprt.c
+++ b/net/sunrpc/xprt.c
@@ -187,6 +187,7 @@ EXPORT_SYMBOL_GPL(xprt_load_transport);
187/** 187/**
188 * xprt_reserve_xprt - serialize write access to transports 188 * xprt_reserve_xprt - serialize write access to transports
189 * @task: task that is requesting access to the transport 189 * @task: task that is requesting access to the transport
190 * @xprt: pointer to the target transport
190 * 191 *
191 * This prevents mixing the payload of separate requests, and prevents 192 * This prevents mixing the payload of separate requests, and prevents
192 * transport connects from colliding with writes. No congestion control 193 * transport connects from colliding with writes. No congestion control
diff --git a/net/tipc/bcast.c b/net/tipc/bcast.c
index 759b318b5ffb..28908f54459e 100644
--- a/net/tipc/bcast.c
+++ b/net/tipc/bcast.c
@@ -39,6 +39,7 @@
39#include "link.h" 39#include "link.h"
40#include "port.h" 40#include "port.h"
41#include "bcast.h" 41#include "bcast.h"
42#include "name_distr.h"
42 43
43#define MAX_PKT_DEFAULT_MCAST 1500 /* bcast link max packet size (fixed) */ 44#define MAX_PKT_DEFAULT_MCAST 1500 /* bcast link max packet size (fixed) */
44 45
@@ -298,14 +299,9 @@ static void bclink_send_nack(struct tipc_node *n_ptr)
298 msg_set_bcgap_to(msg, n_ptr->bclink.gap_to); 299 msg_set_bcgap_to(msg, n_ptr->bclink.gap_to);
299 msg_set_bcast_tag(msg, tipc_own_tag); 300 msg_set_bcast_tag(msg, tipc_own_tag);
300 301
301 if (tipc_bearer_send(&bcbearer->bearer, buf, NULL)) { 302 tipc_bearer_send(&bcbearer->bearer, buf, NULL);
302 bcl->stats.sent_nacks++; 303 bcl->stats.sent_nacks++;
303 buf_discard(buf); 304 buf_discard(buf);
304 } else {
305 tipc_bearer_schedule(bcl->b_ptr, bcl);
306 bcl->proto_msg_queue = buf;
307 bcl->stats.bearer_congs++;
308 }
309 305
310 /* 306 /*
311 * Ensure we doesn't send another NACK msg to the node 307 * Ensure we doesn't send another NACK msg to the node
@@ -426,20 +422,28 @@ int tipc_bclink_send_msg(struct sk_buff *buf)
426void tipc_bclink_recv_pkt(struct sk_buff *buf) 422void tipc_bclink_recv_pkt(struct sk_buff *buf)
427{ 423{
428 struct tipc_msg *msg = buf_msg(buf); 424 struct tipc_msg *msg = buf_msg(buf);
429 struct tipc_node *node = tipc_node_find(msg_prevnode(msg)); 425 struct tipc_node *node;
430 u32 next_in; 426 u32 next_in;
431 u32 seqno; 427 u32 seqno;
432 struct sk_buff *deferred; 428 struct sk_buff *deferred;
433 429
434 if (unlikely(!node || !tipc_node_is_up(node) || !node->bclink.supported || 430 /* Screen out unwanted broadcast messages */
435 (msg_mc_netid(msg) != tipc_net_id))) { 431
436 buf_discard(buf); 432 if (msg_mc_netid(msg) != tipc_net_id)
437 return; 433 goto exit;
438 } 434
435 node = tipc_node_find(msg_prevnode(msg));
436 if (unlikely(!node))
437 goto exit;
438
439 tipc_node_lock(node);
440 if (unlikely(!node->bclink.supported))
441 goto unlock;
439 442
440 if (unlikely(msg_user(msg) == BCAST_PROTOCOL)) { 443 if (unlikely(msg_user(msg) == BCAST_PROTOCOL)) {
444 if (msg_type(msg) != STATE_MSG)
445 goto unlock;
441 if (msg_destnode(msg) == tipc_own_addr) { 446 if (msg_destnode(msg) == tipc_own_addr) {
442 tipc_node_lock(node);
443 tipc_bclink_acknowledge(node, msg_bcast_ack(msg)); 447 tipc_bclink_acknowledge(node, msg_bcast_ack(msg));
444 tipc_node_unlock(node); 448 tipc_node_unlock(node);
445 spin_lock_bh(&bc_lock); 449 spin_lock_bh(&bc_lock);
@@ -449,18 +453,18 @@ void tipc_bclink_recv_pkt(struct sk_buff *buf)
449 msg_bcgap_to(msg)); 453 msg_bcgap_to(msg));
450 spin_unlock_bh(&bc_lock); 454 spin_unlock_bh(&bc_lock);
451 } else { 455 } else {
456 tipc_node_unlock(node);
452 tipc_bclink_peek_nack(msg_destnode(msg), 457 tipc_bclink_peek_nack(msg_destnode(msg),
453 msg_bcast_tag(msg), 458 msg_bcast_tag(msg),
454 msg_bcgap_after(msg), 459 msg_bcgap_after(msg),
455 msg_bcgap_to(msg)); 460 msg_bcgap_to(msg));
456 } 461 }
457 buf_discard(buf); 462 goto exit;
458 return;
459 } 463 }
460 464
461 tipc_node_lock(node); 465 /* Handle in-sequence broadcast message */
466
462receive: 467receive:
463 deferred = node->bclink.deferred_head;
464 next_in = mod(node->bclink.last_in + 1); 468 next_in = mod(node->bclink.last_in + 1);
465 seqno = msg_seqno(msg); 469 seqno = msg_seqno(msg);
466 470
@@ -474,7 +478,10 @@ receive:
474 } 478 }
475 if (likely(msg_isdata(msg))) { 479 if (likely(msg_isdata(msg))) {
476 tipc_node_unlock(node); 480 tipc_node_unlock(node);
477 tipc_port_recv_mcast(buf, NULL); 481 if (likely(msg_mcast(msg)))
482 tipc_port_recv_mcast(buf, NULL);
483 else
484 buf_discard(buf);
478 } else if (msg_user(msg) == MSG_BUNDLER) { 485 } else if (msg_user(msg) == MSG_BUNDLER) {
479 bcl->stats.recv_bundles++; 486 bcl->stats.recv_bundles++;
480 bcl->stats.recv_bundled += msg_msgcnt(msg); 487 bcl->stats.recv_bundled += msg_msgcnt(msg);
@@ -487,18 +494,22 @@ receive:
487 bcl->stats.recv_fragmented++; 494 bcl->stats.recv_fragmented++;
488 tipc_node_unlock(node); 495 tipc_node_unlock(node);
489 tipc_net_route_msg(buf); 496 tipc_net_route_msg(buf);
497 } else if (msg_user(msg) == NAME_DISTRIBUTOR) {
498 tipc_node_unlock(node);
499 tipc_named_recv(buf);
490 } else { 500 } else {
491 tipc_node_unlock(node); 501 tipc_node_unlock(node);
492 tipc_net_route_msg(buf); 502 buf_discard(buf);
493 } 503 }
504 buf = NULL;
505 tipc_node_lock(node);
506 deferred = node->bclink.deferred_head;
494 if (deferred && (buf_seqno(deferred) == mod(next_in + 1))) { 507 if (deferred && (buf_seqno(deferred) == mod(next_in + 1))) {
495 tipc_node_lock(node);
496 buf = deferred; 508 buf = deferred;
497 msg = buf_msg(buf); 509 msg = buf_msg(buf);
498 node->bclink.deferred_head = deferred->next; 510 node->bclink.deferred_head = deferred->next;
499 goto receive; 511 goto receive;
500 } 512 }
501 return;
502 } else if (less(next_in, seqno)) { 513 } else if (less(next_in, seqno)) {
503 u32 gap_after = node->bclink.gap_after; 514 u32 gap_after = node->bclink.gap_after;
504 u32 gap_to = node->bclink.gap_to; 515 u32 gap_to = node->bclink.gap_to;
@@ -513,6 +524,7 @@ receive:
513 else if (less(gap_after, seqno) && less(seqno, gap_to)) 524 else if (less(gap_after, seqno) && less(seqno, gap_to))
514 node->bclink.gap_to = seqno; 525 node->bclink.gap_to = seqno;
515 } 526 }
527 buf = NULL;
516 if (bclink_ack_allowed(node->bclink.nack_sync)) { 528 if (bclink_ack_allowed(node->bclink.nack_sync)) {
517 if (gap_to != gap_after) 529 if (gap_to != gap_after)
518 bclink_send_nack(node); 530 bclink_send_nack(node);
@@ -520,9 +532,11 @@ receive:
520 } 532 }
521 } else { 533 } else {
522 bcl->stats.duplicates++; 534 bcl->stats.duplicates++;
523 buf_discard(buf);
524 } 535 }
536unlock:
525 tipc_node_unlock(node); 537 tipc_node_unlock(node);
538exit:
539 buf_discard(buf);
526} 540}
527 541
528u32 tipc_bclink_acks_missing(struct tipc_node *n_ptr) 542u32 tipc_bclink_acks_missing(struct tipc_node *n_ptr)
@@ -535,10 +549,11 @@ u32 tipc_bclink_acks_missing(struct tipc_node *n_ptr)
535/** 549/**
536 * tipc_bcbearer_send - send a packet through the broadcast pseudo-bearer 550 * tipc_bcbearer_send - send a packet through the broadcast pseudo-bearer
537 * 551 *
538 * Send through as many bearers as necessary to reach all nodes 552 * Send packet over as many bearers as necessary to reach all nodes
539 * that support TIPC multicasting. 553 * that have joined the broadcast link.
540 * 554 *
541 * Returns 0 if packet sent successfully, non-zero if not 555 * Returns 0 (packet sent successfully) under all circumstances,
556 * since the broadcast link's pseudo-bearer never blocks
542 */ 557 */
543 558
544static int tipc_bcbearer_send(struct sk_buff *buf, 559static int tipc_bcbearer_send(struct sk_buff *buf,
@@ -547,7 +562,12 @@ static int tipc_bcbearer_send(struct sk_buff *buf,
547{ 562{
548 int bp_index; 563 int bp_index;
549 564
550 /* Prepare buffer for broadcasting (if first time trying to send it) */ 565 /*
566 * Prepare broadcast link message for reliable transmission,
567 * if first time trying to send it;
568 * preparation is skipped for broadcast link protocol messages
569 * since they are sent in an unreliable manner and don't need it
570 */
551 571
552 if (likely(!msg_non_seq(buf_msg(buf)))) { 572 if (likely(!msg_non_seq(buf_msg(buf)))) {
553 struct tipc_msg *msg; 573 struct tipc_msg *msg;
@@ -596,18 +616,12 @@ static int tipc_bcbearer_send(struct sk_buff *buf,
596 } 616 }
597 617
598 if (bcbearer->remains_new.count == 0) 618 if (bcbearer->remains_new.count == 0)
599 return 0; 619 break; /* all targets reached */
600 620
601 bcbearer->remains = bcbearer->remains_new; 621 bcbearer->remains = bcbearer->remains_new;
602 } 622 }
603 623
604 /* 624 return 0;
605 * Unable to reach all targets (indicate success, since currently
606 * there isn't code in place to properly block & unblock the
607 * pseudo-bearer used by the broadcast link)
608 */
609
610 return TIPC_OK;
611} 625}
612 626
613/** 627/**
@@ -667,27 +681,6 @@ void tipc_bcbearer_sort(void)
667 spin_unlock_bh(&bc_lock); 681 spin_unlock_bh(&bc_lock);
668} 682}
669 683
670/**
671 * tipc_bcbearer_push - resolve bearer congestion
672 *
673 * Forces bclink to push out any unsent packets, until all packets are gone
674 * or congestion reoccurs.
675 * No locks set when function called
676 */
677
678void tipc_bcbearer_push(void)
679{
680 struct tipc_bearer *b_ptr;
681
682 spin_lock_bh(&bc_lock);
683 b_ptr = &bcbearer->bearer;
684 if (b_ptr->blocked) {
685 b_ptr->blocked = 0;
686 tipc_bearer_lock_push(b_ptr);
687 }
688 spin_unlock_bh(&bc_lock);
689}
690
691 684
692int tipc_bclink_stats(char *buf, const u32 buf_size) 685int tipc_bclink_stats(char *buf, const u32 buf_size)
693{ 686{
@@ -764,7 +757,7 @@ int tipc_bclink_init(void)
764 bcbearer = kzalloc(sizeof(*bcbearer), GFP_ATOMIC); 757 bcbearer = kzalloc(sizeof(*bcbearer), GFP_ATOMIC);
765 bclink = kzalloc(sizeof(*bclink), GFP_ATOMIC); 758 bclink = kzalloc(sizeof(*bclink), GFP_ATOMIC);
766 if (!bcbearer || !bclink) { 759 if (!bcbearer || !bclink) {
767 warn("Multicast link creation failed, no memory\n"); 760 warn("Broadcast link creation failed, no memory\n");
768 kfree(bcbearer); 761 kfree(bcbearer);
769 bcbearer = NULL; 762 bcbearer = NULL;
770 kfree(bclink); 763 kfree(bclink);
@@ -775,7 +768,7 @@ int tipc_bclink_init(void)
775 INIT_LIST_HEAD(&bcbearer->bearer.cong_links); 768 INIT_LIST_HEAD(&bcbearer->bearer.cong_links);
776 bcbearer->bearer.media = &bcbearer->media; 769 bcbearer->bearer.media = &bcbearer->media;
777 bcbearer->media.send_msg = tipc_bcbearer_send; 770 bcbearer->media.send_msg = tipc_bcbearer_send;
778 sprintf(bcbearer->media.name, "tipc-multicast"); 771 sprintf(bcbearer->media.name, "tipc-broadcast");
779 772
780 bcl = &bclink->link; 773 bcl = &bclink->link;
781 INIT_LIST_HEAD(&bcl->waiting_ports); 774 INIT_LIST_HEAD(&bcl->waiting_ports);
diff --git a/net/tipc/bcast.h b/net/tipc/bcast.h
index 500c97f1c859..06740da5ae61 100644
--- a/net/tipc/bcast.h
+++ b/net/tipc/bcast.h
@@ -101,6 +101,5 @@ int tipc_bclink_stats(char *stats_buf, const u32 buf_size);
101int tipc_bclink_reset_stats(void); 101int tipc_bclink_reset_stats(void);
102int tipc_bclink_set_queue_limits(u32 limit); 102int tipc_bclink_set_queue_limits(u32 limit);
103void tipc_bcbearer_sort(void); 103void tipc_bcbearer_sort(void);
104void tipc_bcbearer_push(void);
105 104
106#endif 105#endif
diff --git a/net/tipc/bearer.c b/net/tipc/bearer.c
index 85eba9c08ee9..e2202de3d93e 100644
--- a/net/tipc/bearer.c
+++ b/net/tipc/bearer.c
@@ -385,13 +385,9 @@ static int bearer_push(struct tipc_bearer *b_ptr)
385 385
386void tipc_bearer_lock_push(struct tipc_bearer *b_ptr) 386void tipc_bearer_lock_push(struct tipc_bearer *b_ptr)
387{ 387{
388 int res;
389
390 spin_lock_bh(&b_ptr->lock); 388 spin_lock_bh(&b_ptr->lock);
391 res = bearer_push(b_ptr); 389 bearer_push(b_ptr);
392 spin_unlock_bh(&b_ptr->lock); 390 spin_unlock_bh(&b_ptr->lock);
393 if (res)
394 tipc_bcbearer_push();
395} 391}
396 392
397 393
@@ -608,6 +604,7 @@ int tipc_block_bearer(const char *name)
608 info("Blocking bearer <%s>\n", name); 604 info("Blocking bearer <%s>\n", name);
609 spin_lock_bh(&b_ptr->lock); 605 spin_lock_bh(&b_ptr->lock);
610 b_ptr->blocked = 1; 606 b_ptr->blocked = 1;
607 list_splice_init(&b_ptr->cong_links, &b_ptr->links);
611 list_for_each_entry_safe(l_ptr, temp_l_ptr, &b_ptr->links, link_list) { 608 list_for_each_entry_safe(l_ptr, temp_l_ptr, &b_ptr->links, link_list) {
612 struct tipc_node *n_ptr = l_ptr->owner; 609 struct tipc_node *n_ptr = l_ptr->owner;
613 610
@@ -635,6 +632,7 @@ static void bearer_disable(struct tipc_bearer *b_ptr)
635 spin_lock_bh(&b_ptr->lock); 632 spin_lock_bh(&b_ptr->lock);
636 b_ptr->blocked = 1; 633 b_ptr->blocked = 1;
637 b_ptr->media->disable_bearer(b_ptr); 634 b_ptr->media->disable_bearer(b_ptr);
635 list_splice_init(&b_ptr->cong_links, &b_ptr->links);
638 list_for_each_entry_safe(l_ptr, temp_l_ptr, &b_ptr->links, link_list) { 636 list_for_each_entry_safe(l_ptr, temp_l_ptr, &b_ptr->links, link_list) {
639 tipc_link_delete(l_ptr); 637 tipc_link_delete(l_ptr);
640 } 638 }
diff --git a/net/tipc/bearer.h b/net/tipc/bearer.h
index 5ad70eff1ebf..d696f9e414e3 100644
--- a/net/tipc/bearer.h
+++ b/net/tipc/bearer.h
@@ -39,8 +39,8 @@
39 39
40#include "bcast.h" 40#include "bcast.h"
41 41
42#define MAX_BEARERS 8 42#define MAX_BEARERS 2
43#define MAX_MEDIA 4 43#define MAX_MEDIA 2
44 44
45/* 45/*
46 * Identifiers of supported TIPC media types 46 * Identifiers of supported TIPC media types
diff --git a/net/tipc/config.h b/net/tipc/config.h
index 443159a166fd..80da6ebc2785 100644
--- a/net/tipc/config.h
+++ b/net/tipc/config.h
@@ -65,7 +65,6 @@ struct sk_buff *tipc_cfg_do_cmd(u32 orig_node, u16 cmd,
65 const void *req_tlv_area, int req_tlv_space, 65 const void *req_tlv_area, int req_tlv_space,
66 int headroom); 66 int headroom);
67 67
68void tipc_cfg_link_event(u32 addr, char *name, int up);
69int tipc_cfg_init(void); 68int tipc_cfg_init(void);
70void tipc_cfg_stop(void); 69void tipc_cfg_stop(void);
71 70
diff --git a/net/tipc/discover.c b/net/tipc/discover.c
index 0987933155b9..f2fb96e86ee8 100644
--- a/net/tipc/discover.c
+++ b/net/tipc/discover.c
@@ -159,12 +159,6 @@ void tipc_disc_recv_msg(struct sk_buff *buf, struct tipc_bearer *b_ptr)
159 } 159 }
160 tipc_node_lock(n_ptr); 160 tipc_node_lock(n_ptr);
161 161
162 /* Don't talk to neighbor during cleanup after last session */
163 if (n_ptr->cleanup_required) {
164 tipc_node_unlock(n_ptr);
165 return;
166 }
167
168 link = n_ptr->links[b_ptr->identity]; 162 link = n_ptr->links[b_ptr->identity];
169 163
170 /* Create a link endpoint for this bearer, if necessary */ 164 /* Create a link endpoint for this bearer, if necessary */
diff --git a/net/tipc/eth_media.c b/net/tipc/eth_media.c
index b69092eb95d8..e728d4ce2a1b 100644
--- a/net/tipc/eth_media.c
+++ b/net/tipc/eth_media.c
@@ -2,7 +2,7 @@
2 * net/tipc/eth_media.c: Ethernet bearer support for TIPC 2 * net/tipc/eth_media.c: Ethernet bearer support for TIPC
3 * 3 *
4 * Copyright (c) 2001-2007, Ericsson AB 4 * Copyright (c) 2001-2007, Ericsson AB
5 * Copyright (c) 2005-2007, Wind River Systems 5 * Copyright (c) 2005-2008, 2011, Wind River Systems
6 * All rights reserved. 6 * All rights reserved.
7 * 7 *
8 * Redistribution and use in source and binary forms, with or without 8 * Redistribution and use in source and binary forms, with or without
@@ -37,7 +37,7 @@
37#include "core.h" 37#include "core.h"
38#include "bearer.h" 38#include "bearer.h"
39 39
40#define MAX_ETH_BEARERS 2 40#define MAX_ETH_BEARERS MAX_BEARERS
41#define ETH_LINK_PRIORITY TIPC_DEF_LINK_PRI 41#define ETH_LINK_PRIORITY TIPC_DEF_LINK_PRI
42#define ETH_LINK_TOLERANCE TIPC_DEF_LINK_TOL 42#define ETH_LINK_TOLERANCE TIPC_DEF_LINK_TOL
43#define ETH_LINK_WINDOW TIPC_DEF_LINK_WIN 43#define ETH_LINK_WINDOW TIPC_DEF_LINK_WIN
@@ -144,31 +144,27 @@ static int enable_bearer(struct tipc_bearer *tb_ptr)
144 144
145 /* Find device with specified name */ 145 /* Find device with specified name */
146 146
147 read_lock(&dev_base_lock);
147 for_each_netdev(&init_net, pdev) { 148 for_each_netdev(&init_net, pdev) {
148 if (!strncmp(pdev->name, driver_name, IFNAMSIZ)) { 149 if (!strncmp(pdev->name, driver_name, IFNAMSIZ)) {
149 dev = pdev; 150 dev = pdev;
151 dev_hold(dev);
150 break; 152 break;
151 } 153 }
152 } 154 }
155 read_unlock(&dev_base_lock);
153 if (!dev) 156 if (!dev)
154 return -ENODEV; 157 return -ENODEV;
155 158
156 /* Find Ethernet bearer for device (or create one) */ 159 /* Create Ethernet bearer for device */
157 160
158 while ((eb_ptr != stop) && eb_ptr->dev && (eb_ptr->dev != dev)) 161 eb_ptr->dev = dev;
159 eb_ptr++; 162 eb_ptr->tipc_packet_type.type = htons(ETH_P_TIPC);
160 if (eb_ptr == stop) 163 eb_ptr->tipc_packet_type.dev = dev;
161 return -EDQUOT; 164 eb_ptr->tipc_packet_type.func = recv_msg;
162 if (!eb_ptr->dev) { 165 eb_ptr->tipc_packet_type.af_packet_priv = eb_ptr;
163 eb_ptr->dev = dev; 166 INIT_LIST_HEAD(&(eb_ptr->tipc_packet_type.list));
164 eb_ptr->tipc_packet_type.type = htons(ETH_P_TIPC); 167 dev_add_pack(&eb_ptr->tipc_packet_type);
165 eb_ptr->tipc_packet_type.dev = dev;
166 eb_ptr->tipc_packet_type.func = recv_msg;
167 eb_ptr->tipc_packet_type.af_packet_priv = eb_ptr;
168 INIT_LIST_HEAD(&(eb_ptr->tipc_packet_type.list));
169 dev_hold(dev);
170 dev_add_pack(&eb_ptr->tipc_packet_type);
171 }
172 168
173 /* Associate TIPC bearer with Ethernet bearer */ 169 /* Associate TIPC bearer with Ethernet bearer */
174 170
diff --git a/net/tipc/link.c b/net/tipc/link.c
index f89570c54f54..ae98a72da11a 100644
--- a/net/tipc/link.c
+++ b/net/tipc/link.c
@@ -332,15 +332,16 @@ struct link *tipc_link_create(struct tipc_node *n_ptr,
332 332
333 l_ptr->addr = peer; 333 l_ptr->addr = peer;
334 if_name = strchr(b_ptr->name, ':') + 1; 334 if_name = strchr(b_ptr->name, ':') + 1;
335 sprintf(l_ptr->name, "%u.%u.%u:%s-%u.%u.%u:", 335 sprintf(l_ptr->name, "%u.%u.%u:%s-%u.%u.%u:unknown",
336 tipc_zone(tipc_own_addr), tipc_cluster(tipc_own_addr), 336 tipc_zone(tipc_own_addr), tipc_cluster(tipc_own_addr),
337 tipc_node(tipc_own_addr), 337 tipc_node(tipc_own_addr),
338 if_name, 338 if_name,
339 tipc_zone(peer), tipc_cluster(peer), tipc_node(peer)); 339 tipc_zone(peer), tipc_cluster(peer), tipc_node(peer));
340 /* note: peer i/f is appended to link name by reset/activate */ 340 /* note: peer i/f name is updated by reset/activate message */
341 memcpy(&l_ptr->media_addr, media_addr, sizeof(*media_addr)); 341 memcpy(&l_ptr->media_addr, media_addr, sizeof(*media_addr));
342 l_ptr->owner = n_ptr; 342 l_ptr->owner = n_ptr;
343 l_ptr->checkpoint = 1; 343 l_ptr->checkpoint = 1;
344 l_ptr->peer_session = INVALID_SESSION;
344 l_ptr->b_ptr = b_ptr; 345 l_ptr->b_ptr = b_ptr;
345 link_set_supervision_props(l_ptr, b_ptr->media->tolerance); 346 link_set_supervision_props(l_ptr, b_ptr->media->tolerance);
346 l_ptr->state = RESET_UNKNOWN; 347 l_ptr->state = RESET_UNKNOWN;
@@ -536,9 +537,6 @@ void tipc_link_stop(struct link *l_ptr)
536 l_ptr->proto_msg_queue = NULL; 537 l_ptr->proto_msg_queue = NULL;
537} 538}
538 539
539/* LINK EVENT CODE IS NOT SUPPORTED AT PRESENT */
540#define link_send_event(fcn, l_ptr, up) do { } while (0)
541
542void tipc_link_reset(struct link *l_ptr) 540void tipc_link_reset(struct link *l_ptr)
543{ 541{
544 struct sk_buff *buf; 542 struct sk_buff *buf;
@@ -596,10 +594,6 @@ void tipc_link_reset(struct link *l_ptr)
596 l_ptr->fsm_msg_cnt = 0; 594 l_ptr->fsm_msg_cnt = 0;
597 l_ptr->stale_count = 0; 595 l_ptr->stale_count = 0;
598 link_reset_statistics(l_ptr); 596 link_reset_statistics(l_ptr);
599
600 link_send_event(tipc_cfg_link_event, l_ptr, 0);
601 if (!in_own_cluster(l_ptr->addr))
602 link_send_event(tipc_disc_link_event, l_ptr, 0);
603} 597}
604 598
605 599
@@ -608,9 +602,6 @@ static void link_activate(struct link *l_ptr)
608 l_ptr->next_in_no = l_ptr->stats.recv_info = 1; 602 l_ptr->next_in_no = l_ptr->stats.recv_info = 1;
609 tipc_node_link_up(l_ptr->owner, l_ptr); 603 tipc_node_link_up(l_ptr->owner, l_ptr);
610 tipc_bearer_add_dest(l_ptr->b_ptr, l_ptr->addr); 604 tipc_bearer_add_dest(l_ptr->b_ptr, l_ptr->addr);
611 link_send_event(tipc_cfg_link_event, l_ptr, 1);
612 if (!in_own_cluster(l_ptr->addr))
613 link_send_event(tipc_disc_link_event, l_ptr, 1);
614} 605}
615 606
616/** 607/**
@@ -985,6 +976,51 @@ int tipc_link_send(struct sk_buff *buf, u32 dest, u32 selector)
985} 976}
986 977
987/* 978/*
979 * tipc_link_send_names - send name table entries to new neighbor
980 *
981 * Send routine for bulk delivery of name table messages when contact
982 * with a new neighbor occurs. No link congestion checking is performed
983 * because name table messages *must* be delivered. The messages must be
984 * small enough not to require fragmentation.
985 * Called without any locks held.
986 */
987
988void tipc_link_send_names(struct list_head *message_list, u32 dest)
989{
990 struct tipc_node *n_ptr;
991 struct link *l_ptr;
992 struct sk_buff *buf;
993 struct sk_buff *temp_buf;
994
995 if (list_empty(message_list))
996 return;
997
998 read_lock_bh(&tipc_net_lock);
999 n_ptr = tipc_node_find(dest);
1000 if (n_ptr) {
1001 tipc_node_lock(n_ptr);
1002 l_ptr = n_ptr->active_links[0];
1003 if (l_ptr) {
1004 /* convert circular list to linear list */
1005 ((struct sk_buff *)message_list->prev)->next = NULL;
1006 link_add_chain_to_outqueue(l_ptr,
1007 (struct sk_buff *)message_list->next, 0);
1008 tipc_link_push_queue(l_ptr);
1009 INIT_LIST_HEAD(message_list);
1010 }
1011 tipc_node_unlock(n_ptr);
1012 }
1013 read_unlock_bh(&tipc_net_lock);
1014
1015 /* discard the messages if they couldn't be sent */
1016
1017 list_for_each_safe(buf, temp_buf, ((struct sk_buff *)message_list)) {
1018 list_del((struct list_head *)buf);
1019 buf_discard(buf);
1020 }
1021}
1022
1023/*
988 * link_send_buf_fast: Entry for data messages where the 1024 * link_send_buf_fast: Entry for data messages where the
989 * destination link is known and the header is complete, 1025 * destination link is known and the header is complete,
990 * inclusive total message length. Very time critical. 1026 * inclusive total message length. Very time critical.
@@ -1031,9 +1067,6 @@ int tipc_send_buf_fast(struct sk_buff *buf, u32 destnode)
1031 u32 selector = msg_origport(buf_msg(buf)) & 1; 1067 u32 selector = msg_origport(buf_msg(buf)) & 1;
1032 u32 dummy; 1068 u32 dummy;
1033 1069
1034 if (destnode == tipc_own_addr)
1035 return tipc_port_recv_msg(buf);
1036
1037 read_lock_bh(&tipc_net_lock); 1070 read_lock_bh(&tipc_net_lock);
1038 n_ptr = tipc_node_find(destnode); 1071 n_ptr = tipc_node_find(destnode);
1039 if (likely(n_ptr)) { 1072 if (likely(n_ptr)) {
@@ -1658,19 +1691,12 @@ void tipc_recv_msg(struct sk_buff *head, struct tipc_bearer *b_ptr)
1658 continue; 1691 continue;
1659 } 1692 }
1660 1693
1694 /* Discard unicast link messages destined for another node */
1695
1661 if (unlikely(!msg_short(msg) && 1696 if (unlikely(!msg_short(msg) &&
1662 (msg_destnode(msg) != tipc_own_addr))) 1697 (msg_destnode(msg) != tipc_own_addr)))
1663 goto cont; 1698 goto cont;
1664 1699
1665 /* Discard non-routeable messages destined for another node */
1666
1667 if (unlikely(!msg_isdata(msg) &&
1668 (msg_destnode(msg) != tipc_own_addr))) {
1669 if ((msg_user(msg) != CONN_MANAGER) &&
1670 (msg_user(msg) != MSG_FRAGMENTER))
1671 goto cont;
1672 }
1673
1674 /* Locate neighboring node that sent message */ 1700 /* Locate neighboring node that sent message */
1675 1701
1676 n_ptr = tipc_node_find(msg_prevnode(msg)); 1702 n_ptr = tipc_node_find(msg_prevnode(msg));
@@ -1678,17 +1704,24 @@ void tipc_recv_msg(struct sk_buff *head, struct tipc_bearer *b_ptr)
1678 goto cont; 1704 goto cont;
1679 tipc_node_lock(n_ptr); 1705 tipc_node_lock(n_ptr);
1680 1706
1681 /* Don't talk to neighbor during cleanup after last session */ 1707 /* Locate unicast link endpoint that should handle message */
1682 1708
1683 if (n_ptr->cleanup_required) { 1709 l_ptr = n_ptr->links[b_ptr->identity];
1710 if (unlikely(!l_ptr)) {
1684 tipc_node_unlock(n_ptr); 1711 tipc_node_unlock(n_ptr);
1685 goto cont; 1712 goto cont;
1686 } 1713 }
1687 1714
1688 /* Locate unicast link endpoint that should handle message */ 1715 /* Verify that communication with node is currently allowed */
1689 1716
1690 l_ptr = n_ptr->links[b_ptr->identity]; 1717 if ((n_ptr->block_setup & WAIT_PEER_DOWN) &&
1691 if (unlikely(!l_ptr)) { 1718 msg_user(msg) == LINK_PROTOCOL &&
1719 (msg_type(msg) == RESET_MSG ||
1720 msg_type(msg) == ACTIVATE_MSG) &&
1721 !msg_redundant_link(msg))
1722 n_ptr->block_setup &= ~WAIT_PEER_DOWN;
1723
1724 if (n_ptr->block_setup) {
1692 tipc_node_unlock(n_ptr); 1725 tipc_node_unlock(n_ptr);
1693 goto cont; 1726 goto cont;
1694 } 1727 }
@@ -1923,6 +1956,12 @@ void tipc_link_send_proto_msg(struct link *l_ptr, u32 msg_typ, int probe_msg,
1923 1956
1924 if (link_blocked(l_ptr)) 1957 if (link_blocked(l_ptr))
1925 return; 1958 return;
1959
1960 /* Abort non-RESET send if communication with node is prohibited */
1961
1962 if ((l_ptr->owner->block_setup) && (msg_typ != RESET_MSG))
1963 return;
1964
1926 msg_set_type(msg, msg_typ); 1965 msg_set_type(msg, msg_typ);
1927 msg_set_net_plane(msg, l_ptr->b_ptr->net_plane); 1966 msg_set_net_plane(msg, l_ptr->b_ptr->net_plane);
1928 msg_set_bcast_ack(msg, mod(l_ptr->owner->bclink.last_in)); 1967 msg_set_bcast_ack(msg, mod(l_ptr->owner->bclink.last_in));
@@ -2051,9 +2090,19 @@ static void link_recv_proto_msg(struct link *l_ptr, struct sk_buff *buf)
2051 case RESET_MSG: 2090 case RESET_MSG:
2052 if (!link_working_unknown(l_ptr) && 2091 if (!link_working_unknown(l_ptr) &&
2053 (l_ptr->peer_session != INVALID_SESSION)) { 2092 (l_ptr->peer_session != INVALID_SESSION)) {
2054 if (msg_session(msg) == l_ptr->peer_session) 2093 if (less_eq(msg_session(msg), l_ptr->peer_session))
2055 break; /* duplicate: ignore */ 2094 break; /* duplicate or old reset: ignore */
2095 }
2096
2097 if (!msg_redundant_link(msg) && (link_working_working(l_ptr) ||
2098 link_working_unknown(l_ptr))) {
2099 /*
2100 * peer has lost contact -- don't allow peer's links
2101 * to reactivate before we recognize loss & clean up
2102 */
2103 l_ptr->owner->block_setup = WAIT_NODE_DOWN;
2056 } 2104 }
2105
2057 /* fall thru' */ 2106 /* fall thru' */
2058 case ACTIVATE_MSG: 2107 case ACTIVATE_MSG:
2059 /* Update link settings according other endpoint's values */ 2108 /* Update link settings according other endpoint's values */
diff --git a/net/tipc/link.h b/net/tipc/link.h
index 74fbecab1ea0..e56cb532913e 100644
--- a/net/tipc/link.h
+++ b/net/tipc/link.h
@@ -223,6 +223,7 @@ struct sk_buff *tipc_link_cmd_show_stats(const void *req_tlv_area, int req_tlv_s
223struct sk_buff *tipc_link_cmd_reset_stats(const void *req_tlv_area, int req_tlv_space); 223struct sk_buff *tipc_link_cmd_reset_stats(const void *req_tlv_area, int req_tlv_space);
224void tipc_link_reset(struct link *l_ptr); 224void tipc_link_reset(struct link *l_ptr);
225int tipc_link_send(struct sk_buff *buf, u32 dest, u32 selector); 225int tipc_link_send(struct sk_buff *buf, u32 dest, u32 selector);
226void tipc_link_send_names(struct list_head *message_list, u32 dest);
226int tipc_link_send_buf(struct link *l_ptr, struct sk_buff *buf); 227int tipc_link_send_buf(struct link *l_ptr, struct sk_buff *buf);
227u32 tipc_link_get_max_pkt(u32 dest, u32 selector); 228u32 tipc_link_get_max_pkt(u32 dest, u32 selector);
228int tipc_link_send_sections_fast(struct tipc_port *sender, 229int tipc_link_send_sections_fast(struct tipc_port *sender,
diff --git a/net/tipc/name_distr.c b/net/tipc/name_distr.c
index cd356e504332..b7ca1bd7b151 100644
--- a/net/tipc/name_distr.c
+++ b/net/tipc/name_distr.c
@@ -173,18 +173,40 @@ void tipc_named_withdraw(struct publication *publ)
173 * tipc_named_node_up - tell specified node about all publications by this node 173 * tipc_named_node_up - tell specified node about all publications by this node
174 */ 174 */
175 175
176void tipc_named_node_up(unsigned long node) 176void tipc_named_node_up(unsigned long nodearg)
177{ 177{
178 struct tipc_node *n_ptr;
179 struct link *l_ptr;
178 struct publication *publ; 180 struct publication *publ;
179 struct distr_item *item = NULL; 181 struct distr_item *item = NULL;
180 struct sk_buff *buf = NULL; 182 struct sk_buff *buf = NULL;
183 struct list_head message_list;
184 u32 node = (u32)nodearg;
181 u32 left = 0; 185 u32 left = 0;
182 u32 rest; 186 u32 rest;
183 u32 max_item_buf; 187 u32 max_item_buf = 0;
188
189 /* compute maximum amount of publication data to send per message */
190
191 read_lock_bh(&tipc_net_lock);
192 n_ptr = tipc_node_find(node);
193 if (n_ptr) {
194 tipc_node_lock(n_ptr);
195 l_ptr = n_ptr->active_links[0];
196 if (l_ptr)
197 max_item_buf = ((l_ptr->max_pkt - INT_H_SIZE) /
198 ITEM_SIZE) * ITEM_SIZE;
199 tipc_node_unlock(n_ptr);
200 }
201 read_unlock_bh(&tipc_net_lock);
202 if (!max_item_buf)
203 return;
204
205 /* create list of publication messages, then send them as a unit */
206
207 INIT_LIST_HEAD(&message_list);
184 208
185 read_lock_bh(&tipc_nametbl_lock); 209 read_lock_bh(&tipc_nametbl_lock);
186 max_item_buf = TIPC_MAX_USER_MSG_SIZE / ITEM_SIZE;
187 max_item_buf *= ITEM_SIZE;
188 rest = publ_cnt * ITEM_SIZE; 210 rest = publ_cnt * ITEM_SIZE;
189 211
190 list_for_each_entry(publ, &publ_root, local_list) { 212 list_for_each_entry(publ, &publ_root, local_list) {
@@ -202,13 +224,14 @@ void tipc_named_node_up(unsigned long node)
202 item++; 224 item++;
203 left -= ITEM_SIZE; 225 left -= ITEM_SIZE;
204 if (!left) { 226 if (!left) {
205 msg_set_link_selector(buf_msg(buf), node); 227 list_add_tail((struct list_head *)buf, &message_list);
206 tipc_link_send(buf, node, node);
207 buf = NULL; 228 buf = NULL;
208 } 229 }
209 } 230 }
210exit: 231exit:
211 read_unlock_bh(&tipc_nametbl_lock); 232 read_unlock_bh(&tipc_nametbl_lock);
233
234 tipc_link_send_names(&message_list, (u32)node);
212} 235}
213 236
214/** 237/**
diff --git a/net/tipc/net.c b/net/tipc/net.c
index 68b3dd637291..fafef6c3c0f6 100644
--- a/net/tipc/net.c
+++ b/net/tipc/net.c
@@ -141,17 +141,6 @@ void tipc_net_route_msg(struct sk_buff *buf)
141 return; 141 return;
142 msg = buf_msg(buf); 142 msg = buf_msg(buf);
143 143
144 msg_incr_reroute_cnt(msg);
145 if (msg_reroute_cnt(msg) > 6) {
146 if (msg_errcode(msg)) {
147 buf_discard(buf);
148 } else {
149 tipc_reject_msg(buf, msg_destport(msg) ?
150 TIPC_ERR_NO_PORT : TIPC_ERR_NO_NAME);
151 }
152 return;
153 }
154
155 /* Handle message for this node */ 144 /* Handle message for this node */
156 dnode = msg_short(msg) ? tipc_own_addr : msg_destnode(msg); 145 dnode = msg_short(msg) ? tipc_own_addr : msg_destnode(msg);
157 if (tipc_in_scope(dnode, tipc_own_addr)) { 146 if (tipc_in_scope(dnode, tipc_own_addr)) {
diff --git a/net/tipc/node.c b/net/tipc/node.c
index 2d106ef4fa4c..27b4bb0cca6c 100644
--- a/net/tipc/node.c
+++ b/net/tipc/node.c
@@ -112,6 +112,7 @@ struct tipc_node *tipc_node_create(u32 addr)
112 break; 112 break;
113 } 113 }
114 list_add_tail(&n_ptr->list, &temp_node->list); 114 list_add_tail(&n_ptr->list, &temp_node->list);
115 n_ptr->block_setup = WAIT_PEER_DOWN;
115 116
116 tipc_num_nodes++; 117 tipc_num_nodes++;
117 118
@@ -312,7 +313,7 @@ static void node_established_contact(struct tipc_node *n_ptr)
312 } 313 }
313} 314}
314 315
315static void node_cleanup_finished(unsigned long node_addr) 316static void node_name_purge_complete(unsigned long node_addr)
316{ 317{
317 struct tipc_node *n_ptr; 318 struct tipc_node *n_ptr;
318 319
@@ -320,7 +321,7 @@ static void node_cleanup_finished(unsigned long node_addr)
320 n_ptr = tipc_node_find(node_addr); 321 n_ptr = tipc_node_find(node_addr);
321 if (n_ptr) { 322 if (n_ptr) {
322 tipc_node_lock(n_ptr); 323 tipc_node_lock(n_ptr);
323 n_ptr->cleanup_required = 0; 324 n_ptr->block_setup &= ~WAIT_NAMES_GONE;
324 tipc_node_unlock(n_ptr); 325 tipc_node_unlock(n_ptr);
325 } 326 }
326 read_unlock_bh(&tipc_net_lock); 327 read_unlock_bh(&tipc_net_lock);
@@ -331,28 +332,32 @@ static void node_lost_contact(struct tipc_node *n_ptr)
331 char addr_string[16]; 332 char addr_string[16];
332 u32 i; 333 u32 i;
333 334
334 /* Clean up broadcast reception remains */ 335 info("Lost contact with %s\n",
335 n_ptr->bclink.gap_after = n_ptr->bclink.gap_to = 0; 336 tipc_addr_string_fill(addr_string, n_ptr->addr));
336 while (n_ptr->bclink.deferred_head) { 337
337 struct sk_buff *buf = n_ptr->bclink.deferred_head; 338 /* Flush broadcast link info associated with lost node */
338 n_ptr->bclink.deferred_head = buf->next;
339 buf_discard(buf);
340 }
341 if (n_ptr->bclink.defragm) {
342 buf_discard(n_ptr->bclink.defragm);
343 n_ptr->bclink.defragm = NULL;
344 }
345 339
346 if (n_ptr->bclink.supported) { 340 if (n_ptr->bclink.supported) {
341 n_ptr->bclink.gap_after = n_ptr->bclink.gap_to = 0;
342 while (n_ptr->bclink.deferred_head) {
343 struct sk_buff *buf = n_ptr->bclink.deferred_head;
344 n_ptr->bclink.deferred_head = buf->next;
345 buf_discard(buf);
346 }
347
348 if (n_ptr->bclink.defragm) {
349 buf_discard(n_ptr->bclink.defragm);
350 n_ptr->bclink.defragm = NULL;
351 }
352
353 tipc_nmap_remove(&tipc_bcast_nmap, n_ptr->addr);
347 tipc_bclink_acknowledge(n_ptr, 354 tipc_bclink_acknowledge(n_ptr,
348 mod(n_ptr->bclink.acked + 10000)); 355 mod(n_ptr->bclink.acked + 10000));
349 tipc_nmap_remove(&tipc_bcast_nmap, n_ptr->addr);
350 if (n_ptr->addr < tipc_own_addr) 356 if (n_ptr->addr < tipc_own_addr)
351 tipc_own_tag--; 357 tipc_own_tag--;
352 }
353 358
354 info("Lost contact with %s\n", 359 n_ptr->bclink.supported = 0;
355 tipc_addr_string_fill(addr_string, n_ptr->addr)); 360 }
356 361
357 /* Abort link changeover */ 362 /* Abort link changeover */
358 for (i = 0; i < MAX_BEARERS; i++) { 363 for (i = 0; i < MAX_BEARERS; i++) {
@@ -367,10 +372,10 @@ static void node_lost_contact(struct tipc_node *n_ptr)
367 /* Notify subscribers */ 372 /* Notify subscribers */
368 tipc_nodesub_notify(n_ptr); 373 tipc_nodesub_notify(n_ptr);
369 374
370 /* Prevent re-contact with node until all cleanup is done */ 375 /* Prevent re-contact with node until cleanup is done */
371 376
372 n_ptr->cleanup_required = 1; 377 n_ptr->block_setup = WAIT_PEER_DOWN | WAIT_NAMES_GONE;
373 tipc_k_signal((Handler)node_cleanup_finished, n_ptr->addr); 378 tipc_k_signal((Handler)node_name_purge_complete, n_ptr->addr);
374} 379}
375 380
376struct sk_buff *tipc_node_get_nodes(const void *req_tlv_area, int req_tlv_space) 381struct sk_buff *tipc_node_get_nodes(const void *req_tlv_area, int req_tlv_space)
diff --git a/net/tipc/node.h b/net/tipc/node.h
index 5c61afc7a0b9..4f15cb40aaa4 100644
--- a/net/tipc/node.h
+++ b/net/tipc/node.h
@@ -42,6 +42,12 @@
42#include "net.h" 42#include "net.h"
43#include "bearer.h" 43#include "bearer.h"
44 44
45/* Flags used to block (re)establishment of contact with a neighboring node */
46
47#define WAIT_PEER_DOWN 0x0001 /* wait to see that peer's links are down */
48#define WAIT_NAMES_GONE 0x0002 /* wait for peer's publications to be purged */
49#define WAIT_NODE_DOWN 0x0004 /* wait until peer node is declared down */
50
45/** 51/**
46 * struct tipc_node - TIPC node structure 52 * struct tipc_node - TIPC node structure
47 * @addr: network address of node 53 * @addr: network address of node
@@ -52,7 +58,7 @@
52 * @active_links: pointers to active links to node 58 * @active_links: pointers to active links to node
53 * @links: pointers to all links to node 59 * @links: pointers to all links to node
54 * @working_links: number of working links to node (both active and standby) 60 * @working_links: number of working links to node (both active and standby)
55 * @cleanup_required: non-zero if cleaning up after a prior loss of contact 61 * @block_setup: bit mask of conditions preventing link establishment to node
56 * @link_cnt: number of links to node 62 * @link_cnt: number of links to node
57 * @permit_changeover: non-zero if node has redundant links to this system 63 * @permit_changeover: non-zero if node has redundant links to this system
58 * @bclink: broadcast-related info 64 * @bclink: broadcast-related info
@@ -77,7 +83,7 @@ struct tipc_node {
77 struct link *links[MAX_BEARERS]; 83 struct link *links[MAX_BEARERS];
78 int link_cnt; 84 int link_cnt;
79 int working_links; 85 int working_links;
80 int cleanup_required; 86 int block_setup;
81 int permit_changeover; 87 int permit_changeover;
82 struct { 88 struct {
83 int supported; 89 int supported;
diff --git a/net/tipc/socket.c b/net/tipc/socket.c
index adb2eff4a102..9440a3d48ca0 100644
--- a/net/tipc/socket.c
+++ b/net/tipc/socket.c
@@ -49,7 +49,7 @@ struct tipc_sock {
49 struct sock sk; 49 struct sock sk;
50 struct tipc_port *p; 50 struct tipc_port *p;
51 struct tipc_portid peer_name; 51 struct tipc_portid peer_name;
52 long conn_timeout; 52 unsigned int conn_timeout;
53}; 53};
54 54
55#define tipc_sk(sk) ((struct tipc_sock *)(sk)) 55#define tipc_sk(sk) ((struct tipc_sock *)(sk))
@@ -231,7 +231,7 @@ static int tipc_create(struct net *net, struct socket *sock, int protocol,
231 sock_init_data(sock, sk); 231 sock_init_data(sock, sk);
232 sk->sk_backlog_rcv = backlog_rcv; 232 sk->sk_backlog_rcv = backlog_rcv;
233 tipc_sk(sk)->p = tp_ptr; 233 tipc_sk(sk)->p = tp_ptr;
234 tipc_sk(sk)->conn_timeout = msecs_to_jiffies(CONN_TIMEOUT_DEFAULT); 234 tipc_sk(sk)->conn_timeout = CONN_TIMEOUT_DEFAULT;
235 235
236 spin_unlock_bh(tp_ptr->lock); 236 spin_unlock_bh(tp_ptr->lock);
237 237
@@ -525,6 +525,7 @@ static int send_msg(struct kiocb *iocb, struct socket *sock,
525 struct tipc_port *tport = tipc_sk_port(sk); 525 struct tipc_port *tport = tipc_sk_port(sk);
526 struct sockaddr_tipc *dest = (struct sockaddr_tipc *)m->msg_name; 526 struct sockaddr_tipc *dest = (struct sockaddr_tipc *)m->msg_name;
527 int needs_conn; 527 int needs_conn;
528 long timeout_val;
528 int res = -EINVAL; 529 int res = -EINVAL;
529 530
530 if (unlikely(!dest)) 531 if (unlikely(!dest))
@@ -564,6 +565,8 @@ static int send_msg(struct kiocb *iocb, struct socket *sock,
564 reject_rx_queue(sk); 565 reject_rx_queue(sk);
565 } 566 }
566 567
568 timeout_val = sock_sndtimeo(sk, m->msg_flags & MSG_DONTWAIT);
569
567 do { 570 do {
568 if (dest->addrtype == TIPC_ADDR_NAME) { 571 if (dest->addrtype == TIPC_ADDR_NAME) {
569 res = dest_name_check(dest, m); 572 res = dest_name_check(dest, m);
@@ -600,16 +603,14 @@ static int send_msg(struct kiocb *iocb, struct socket *sock,
600 sock->state = SS_CONNECTING; 603 sock->state = SS_CONNECTING;
601 break; 604 break;
602 } 605 }
603 if (m->msg_flags & MSG_DONTWAIT) { 606 if (timeout_val <= 0L) {
604 res = -EWOULDBLOCK; 607 res = timeout_val ? timeout_val : -EWOULDBLOCK;
605 break; 608 break;
606 } 609 }
607 release_sock(sk); 610 release_sock(sk);
608 res = wait_event_interruptible(*sk_sleep(sk), 611 timeout_val = wait_event_interruptible_timeout(*sk_sleep(sk),
609 !tport->congested); 612 !tport->congested, timeout_val);
610 lock_sock(sk); 613 lock_sock(sk);
611 if (res)
612 break;
613 } while (1); 614 } while (1);
614 615
615exit: 616exit:
@@ -636,6 +637,7 @@ static int send_packet(struct kiocb *iocb, struct socket *sock,
636 struct sock *sk = sock->sk; 637 struct sock *sk = sock->sk;
637 struct tipc_port *tport = tipc_sk_port(sk); 638 struct tipc_port *tport = tipc_sk_port(sk);
638 struct sockaddr_tipc *dest = (struct sockaddr_tipc *)m->msg_name; 639 struct sockaddr_tipc *dest = (struct sockaddr_tipc *)m->msg_name;
640 long timeout_val;
639 int res; 641 int res;
640 642
641 /* Handle implied connection establishment */ 643 /* Handle implied connection establishment */
@@ -650,6 +652,8 @@ static int send_packet(struct kiocb *iocb, struct socket *sock,
650 if (iocb) 652 if (iocb)
651 lock_sock(sk); 653 lock_sock(sk);
652 654
655 timeout_val = sock_sndtimeo(sk, m->msg_flags & MSG_DONTWAIT);
656
653 do { 657 do {
654 if (unlikely(sock->state != SS_CONNECTED)) { 658 if (unlikely(sock->state != SS_CONNECTED)) {
655 if (sock->state == SS_DISCONNECTING) 659 if (sock->state == SS_DISCONNECTING)
@@ -663,16 +667,14 @@ static int send_packet(struct kiocb *iocb, struct socket *sock,
663 total_len); 667 total_len);
664 if (likely(res != -ELINKCONG)) 668 if (likely(res != -ELINKCONG))
665 break; 669 break;
666 if (m->msg_flags & MSG_DONTWAIT) { 670 if (timeout_val <= 0L) {
667 res = -EWOULDBLOCK; 671 res = timeout_val ? timeout_val : -EWOULDBLOCK;
668 break; 672 break;
669 } 673 }
670 release_sock(sk); 674 release_sock(sk);
671 res = wait_event_interruptible(*sk_sleep(sk), 675 timeout_val = wait_event_interruptible_timeout(*sk_sleep(sk),
672 (!tport->congested || !tport->connected)); 676 (!tport->congested || !tport->connected), timeout_val);
673 lock_sock(sk); 677 lock_sock(sk);
674 if (res)
675 break;
676 } while (1); 678 } while (1);
677 679
678 if (iocb) 680 if (iocb)
@@ -1369,7 +1371,7 @@ static int connect(struct socket *sock, struct sockaddr *dest, int destlen,
1369 struct msghdr m = {NULL,}; 1371 struct msghdr m = {NULL,};
1370 struct sk_buff *buf; 1372 struct sk_buff *buf;
1371 struct tipc_msg *msg; 1373 struct tipc_msg *msg;
1372 long timeout; 1374 unsigned int timeout;
1373 int res; 1375 int res;
1374 1376
1375 lock_sock(sk); 1377 lock_sock(sk);
@@ -1434,7 +1436,8 @@ static int connect(struct socket *sock, struct sockaddr *dest, int destlen,
1434 res = wait_event_interruptible_timeout(*sk_sleep(sk), 1436 res = wait_event_interruptible_timeout(*sk_sleep(sk),
1435 (!skb_queue_empty(&sk->sk_receive_queue) || 1437 (!skb_queue_empty(&sk->sk_receive_queue) ||
1436 (sock->state != SS_CONNECTING)), 1438 (sock->state != SS_CONNECTING)),
1437 timeout ? timeout : MAX_SCHEDULE_TIMEOUT); 1439 timeout ? (long)msecs_to_jiffies(timeout)
1440 : MAX_SCHEDULE_TIMEOUT);
1438 lock_sock(sk); 1441 lock_sock(sk);
1439 1442
1440 if (res > 0) { 1443 if (res > 0) {
@@ -1480,9 +1483,7 @@ static int listen(struct socket *sock, int len)
1480 1483
1481 lock_sock(sk); 1484 lock_sock(sk);
1482 1485
1483 if (sock->state == SS_READY) 1486 if (sock->state != SS_UNCONNECTED)
1484 res = -EOPNOTSUPP;
1485 else if (sock->state != SS_UNCONNECTED)
1486 res = -EINVAL; 1487 res = -EINVAL;
1487 else { 1488 else {
1488 sock->state = SS_LISTENING; 1489 sock->state = SS_LISTENING;
@@ -1510,10 +1511,6 @@ static int accept(struct socket *sock, struct socket *new_sock, int flags)
1510 1511
1511 lock_sock(sk); 1512 lock_sock(sk);
1512 1513
1513 if (sock->state == SS_READY) {
1514 res = -EOPNOTSUPP;
1515 goto exit;
1516 }
1517 if (sock->state != SS_LISTENING) { 1514 if (sock->state != SS_LISTENING) {
1518 res = -EINVAL; 1515 res = -EINVAL;
1519 goto exit; 1516 goto exit;
@@ -1696,7 +1693,7 @@ static int setsockopt(struct socket *sock,
1696 res = tipc_set_portunreturnable(tport->ref, value); 1693 res = tipc_set_portunreturnable(tport->ref, value);
1697 break; 1694 break;
1698 case TIPC_CONN_TIMEOUT: 1695 case TIPC_CONN_TIMEOUT:
1699 tipc_sk(sk)->conn_timeout = msecs_to_jiffies(value); 1696 tipc_sk(sk)->conn_timeout = value;
1700 /* no need to set "res", since already 0 at this point */ 1697 /* no need to set "res", since already 0 at this point */
1701 break; 1698 break;
1702 default: 1699 default:
@@ -1752,7 +1749,7 @@ static int getsockopt(struct socket *sock,
1752 res = tipc_portunreturnable(tport->ref, &value); 1749 res = tipc_portunreturnable(tport->ref, &value);
1753 break; 1750 break;
1754 case TIPC_CONN_TIMEOUT: 1751 case TIPC_CONN_TIMEOUT:
1755 value = jiffies_to_msecs(tipc_sk(sk)->conn_timeout); 1752 value = tipc_sk(sk)->conn_timeout;
1756 /* no need to set "res", since already 0 at this point */ 1753 /* no need to set "res", since already 0 at this point */
1757 break; 1754 break;
1758 case TIPC_NODE_RECVQ_DEPTH: 1755 case TIPC_NODE_RECVQ_DEPTH:
@@ -1790,11 +1787,11 @@ static const struct proto_ops msg_ops = {
1790 .bind = bind, 1787 .bind = bind,
1791 .connect = connect, 1788 .connect = connect,
1792 .socketpair = sock_no_socketpair, 1789 .socketpair = sock_no_socketpair,
1793 .accept = accept, 1790 .accept = sock_no_accept,
1794 .getname = get_name, 1791 .getname = get_name,
1795 .poll = poll, 1792 .poll = poll,
1796 .ioctl = sock_no_ioctl, 1793 .ioctl = sock_no_ioctl,
1797 .listen = listen, 1794 .listen = sock_no_listen,
1798 .shutdown = shutdown, 1795 .shutdown = shutdown,
1799 .setsockopt = setsockopt, 1796 .setsockopt = setsockopt,
1800 .getsockopt = getsockopt, 1797 .getsockopt = getsockopt,
diff --git a/net/tipc/subscr.c b/net/tipc/subscr.c
index 6cf726863485..198371723b41 100644
--- a/net/tipc/subscr.c
+++ b/net/tipc/subscr.c
@@ -151,7 +151,7 @@ void tipc_subscr_report_overlap(struct subscription *sub,
151 if (!must && !(sub->filter & TIPC_SUB_PORTS)) 151 if (!must && !(sub->filter & TIPC_SUB_PORTS))
152 return; 152 return;
153 153
154 sub->event_cb(sub, found_lower, found_upper, event, port_ref, node); 154 subscr_send_event(sub, found_lower, found_upper, event, port_ref, node);
155} 155}
156 156
157/** 157/**
@@ -365,7 +365,6 @@ static struct subscription *subscr_subscribe(struct tipc_subscr *s,
365 subscr_terminate(subscriber); 365 subscr_terminate(subscriber);
366 return NULL; 366 return NULL;
367 } 367 }
368 sub->event_cb = subscr_send_event;
369 INIT_LIST_HEAD(&sub->nameseq_list); 368 INIT_LIST_HEAD(&sub->nameseq_list);
370 list_add(&sub->subscription_list, &subscriber->subscription_list); 369 list_add(&sub->subscription_list, &subscriber->subscription_list);
371 sub->server_ref = subscriber->port_ref; 370 sub->server_ref = subscriber->port_ref;
diff --git a/net/tipc/subscr.h b/net/tipc/subscr.h
index 45d89bf4d202..4b06ef6f8401 100644
--- a/net/tipc/subscr.h
+++ b/net/tipc/subscr.h
@@ -39,16 +39,11 @@
39 39
40struct subscription; 40struct subscription;
41 41
42typedef void (*tipc_subscr_event) (struct subscription *sub,
43 u32 found_lower, u32 found_upper,
44 u32 event, u32 port_ref, u32 node);
45
46/** 42/**
47 * struct subscription - TIPC network topology subscription object 43 * struct subscription - TIPC network topology subscription object
48 * @seq: name sequence associated with subscription 44 * @seq: name sequence associated with subscription
49 * @timeout: duration of subscription (in ms) 45 * @timeout: duration of subscription (in ms)
50 * @filter: event filtering to be done for subscription 46 * @filter: event filtering to be done for subscription
51 * @event_cb: routine invoked when a subscription event is detected
52 * @timer: timer governing subscription duration (optional) 47 * @timer: timer governing subscription duration (optional)
53 * @nameseq_list: adjacent subscriptions in name sequence's subscription list 48 * @nameseq_list: adjacent subscriptions in name sequence's subscription list
54 * @subscription_list: adjacent subscriptions in subscriber's subscription list 49 * @subscription_list: adjacent subscriptions in subscriber's subscription list
@@ -61,7 +56,6 @@ struct subscription {
61 struct tipc_name_seq seq; 56 struct tipc_name_seq seq;
62 u32 timeout; 57 u32 timeout;
63 u32 filter; 58 u32 filter;
64 tipc_subscr_event event_cb;
65 struct timer_list timer; 59 struct timer_list timer;
66 struct list_head nameseq_list; 60 struct list_head nameseq_list;
67 struct list_head subscription_list; 61 struct list_head subscription_list;
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index ec68e1c05b85..466fbcc5cf77 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -1381,8 +1381,10 @@ static int unix_attach_fds(struct scm_cookie *scm, struct sk_buff *skb)
1381static int unix_scm_to_skb(struct scm_cookie *scm, struct sk_buff *skb, bool send_fds) 1381static int unix_scm_to_skb(struct scm_cookie *scm, struct sk_buff *skb, bool send_fds)
1382{ 1382{
1383 int err = 0; 1383 int err = 0;
1384
1384 UNIXCB(skb).pid = get_pid(scm->pid); 1385 UNIXCB(skb).pid = get_pid(scm->pid);
1385 UNIXCB(skb).cred = get_cred(scm->cred); 1386 if (scm->cred)
1387 UNIXCB(skb).cred = get_cred(scm->cred);
1386 UNIXCB(skb).fp = NULL; 1388 UNIXCB(skb).fp = NULL;
1387 if (scm->fp && send_fds) 1389 if (scm->fp && send_fds)
1388 err = unix_attach_fds(scm, skb); 1390 err = unix_attach_fds(scm, skb);
@@ -1392,6 +1394,24 @@ static int unix_scm_to_skb(struct scm_cookie *scm, struct sk_buff *skb, bool sen
1392} 1394}
1393 1395
1394/* 1396/*
1397 * Some apps rely on write() giving SCM_CREDENTIALS
1398 * We include credentials if source or destination socket
1399 * asserted SOCK_PASSCRED.
1400 */
1401static void maybe_add_creds(struct sk_buff *skb, const struct socket *sock,
1402 const struct sock *other)
1403{
1404 if (UNIXCB(skb).cred)
1405 return;
1406 if (test_bit(SOCK_PASSCRED, &sock->flags) ||
1407 !other->sk_socket ||
1408 test_bit(SOCK_PASSCRED, &other->sk_socket->flags)) {
1409 UNIXCB(skb).pid = get_pid(task_tgid(current));
1410 UNIXCB(skb).cred = get_current_cred();
1411 }
1412}
1413
1414/*
1395 * Send AF_UNIX data. 1415 * Send AF_UNIX data.
1396 */ 1416 */
1397 1417
@@ -1538,6 +1558,7 @@ restart:
1538 1558
1539 if (sock_flag(other, SOCK_RCVTSTAMP)) 1559 if (sock_flag(other, SOCK_RCVTSTAMP))
1540 __net_timestamp(skb); 1560 __net_timestamp(skb);
1561 maybe_add_creds(skb, sock, other);
1541 skb_queue_tail(&other->sk_receive_queue, skb); 1562 skb_queue_tail(&other->sk_receive_queue, skb);
1542 if (max_level > unix_sk(other)->recursion_level) 1563 if (max_level > unix_sk(other)->recursion_level)
1543 unix_sk(other)->recursion_level = max_level; 1564 unix_sk(other)->recursion_level = max_level;
@@ -1652,6 +1673,7 @@ static int unix_stream_sendmsg(struct kiocb *kiocb, struct socket *sock,
1652 (other->sk_shutdown & RCV_SHUTDOWN)) 1673 (other->sk_shutdown & RCV_SHUTDOWN))
1653 goto pipe_err_free; 1674 goto pipe_err_free;
1654 1675
1676 maybe_add_creds(skb, sock, other);
1655 skb_queue_tail(&other->sk_receive_queue, skb); 1677 skb_queue_tail(&other->sk_receive_queue, skb);
1656 if (max_level > unix_sk(other)->recursion_level) 1678 if (max_level > unix_sk(other)->recursion_level)
1657 unix_sk(other)->recursion_level = max_level; 1679 unix_sk(other)->recursion_level = max_level;
diff --git a/net/wireless/core.h b/net/wireless/core.h
index 796a4bdf8b0d..b9ec3061ed72 100644
--- a/net/wireless/core.h
+++ b/net/wireless/core.h
@@ -375,7 +375,8 @@ int cfg80211_mlme_mgmt_tx(struct cfg80211_registered_device *rdev,
375 struct ieee80211_channel *chan, bool offchan, 375 struct ieee80211_channel *chan, bool offchan,
376 enum nl80211_channel_type channel_type, 376 enum nl80211_channel_type channel_type,
377 bool channel_type_valid, unsigned int wait, 377 bool channel_type_valid, unsigned int wait,
378 const u8 *buf, size_t len, u64 *cookie); 378 const u8 *buf, size_t len, bool no_cck,
379 u64 *cookie);
379 380
380/* SME */ 381/* SME */
381int __cfg80211_connect(struct cfg80211_registered_device *rdev, 382int __cfg80211_connect(struct cfg80211_registered_device *rdev,
@@ -406,6 +407,7 @@ void cfg80211_sme_failed_assoc(struct wireless_dev *wdev);
406bool cfg80211_sme_failed_reassoc(struct wireless_dev *wdev); 407bool cfg80211_sme_failed_reassoc(struct wireless_dev *wdev);
407 408
408/* internal helpers */ 409/* internal helpers */
410bool cfg80211_supported_cipher_suite(struct wiphy *wiphy, u32 cipher);
409int cfg80211_validate_key_settings(struct cfg80211_registered_device *rdev, 411int cfg80211_validate_key_settings(struct cfg80211_registered_device *rdev,
410 struct key_params *params, int key_idx, 412 struct key_params *params, int key_idx,
411 bool pairwise, const u8 *mac_addr); 413 bool pairwise, const u8 *mac_addr);
diff --git a/net/wireless/mlme.c b/net/wireless/mlme.c
index 61adea540e02..21fc9702f81c 100644
--- a/net/wireless/mlme.c
+++ b/net/wireless/mlme.c
@@ -900,7 +900,8 @@ int cfg80211_mlme_mgmt_tx(struct cfg80211_registered_device *rdev,
900 struct ieee80211_channel *chan, bool offchan, 900 struct ieee80211_channel *chan, bool offchan,
901 enum nl80211_channel_type channel_type, 901 enum nl80211_channel_type channel_type,
902 bool channel_type_valid, unsigned int wait, 902 bool channel_type_valid, unsigned int wait,
903 const u8 *buf, size_t len, u64 *cookie) 903 const u8 *buf, size_t len, bool no_cck,
904 u64 *cookie)
904{ 905{
905 struct wireless_dev *wdev = dev->ieee80211_ptr; 906 struct wireless_dev *wdev = dev->ieee80211_ptr;
906 const struct ieee80211_mgmt *mgmt; 907 const struct ieee80211_mgmt *mgmt;
@@ -991,7 +992,7 @@ int cfg80211_mlme_mgmt_tx(struct cfg80211_registered_device *rdev,
991 /* Transmit the Action frame as requested by user space */ 992 /* Transmit the Action frame as requested by user space */
992 return rdev->ops->mgmt_tx(&rdev->wiphy, dev, chan, offchan, 993 return rdev->ops->mgmt_tx(&rdev->wiphy, dev, chan, offchan,
993 channel_type, channel_type_valid, 994 channel_type, channel_type_valid,
994 wait, buf, len, cookie); 995 wait, buf, len, no_cck, cookie);
995} 996}
996 997
997bool cfg80211_rx_mgmt(struct net_device *dev, int freq, const u8 *buf, 998bool cfg80211_rx_mgmt(struct net_device *dev, int freq, const u8 *buf,
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 3c6427abdf34..e97827ba8a58 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -132,8 +132,7 @@ static const struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] = {
132 [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED }, 132 [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
133 [NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG }, 133 [NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
134 134
135 [NL80211_ATTR_HT_CAPABILITY] = { .type = NLA_BINARY, 135 [NL80211_ATTR_HT_CAPABILITY] = { .len = NL80211_HT_CAPABILITY_LEN },
136 .len = NL80211_HT_CAPABILITY_LEN },
137 136
138 [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 }, 137 [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
139 [NL80211_ATTR_IE] = { .type = NLA_BINARY, 138 [NL80211_ATTR_IE] = { .type = NLA_BINARY,
@@ -191,6 +190,12 @@ static const struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] = {
191 .len = IEEE80211_MAX_DATA_LEN }, 190 .len = IEEE80211_MAX_DATA_LEN },
192 [NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG }, 191 [NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
193 [NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED }, 192 [NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
193 [NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
194 [NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
195 [NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
196 [NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
197 [NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
198 [NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
194}; 199};
195 200
196/* policy for the key attributes */ 201/* policy for the key attributes */
@@ -731,9 +736,12 @@ static int nl80211_send_wiphy(struct sk_buff *msg, u32 pid, u32 seq, int flags,
731 NLA_PUT_FLAG(msg, NL80211_ATTR_SUPPORT_MESH_AUTH); 736 NLA_PUT_FLAG(msg, NL80211_ATTR_SUPPORT_MESH_AUTH);
732 if (dev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) 737 if (dev->wiphy.flags & WIPHY_FLAG_AP_UAPSD)
733 NLA_PUT_FLAG(msg, NL80211_ATTR_SUPPORT_AP_UAPSD); 738 NLA_PUT_FLAG(msg, NL80211_ATTR_SUPPORT_AP_UAPSD);
734
735 if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) 739 if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)
736 NLA_PUT_FLAG(msg, NL80211_ATTR_ROAM_SUPPORT); 740 NLA_PUT_FLAG(msg, NL80211_ATTR_ROAM_SUPPORT);
741 if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS)
742 NLA_PUT_FLAG(msg, NL80211_ATTR_TDLS_SUPPORT);
743 if (dev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP)
744 NLA_PUT_FLAG(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP);
737 745
738 NLA_PUT(msg, NL80211_ATTR_CIPHER_SUITES, 746 NLA_PUT(msg, NL80211_ATTR_CIPHER_SUITES,
739 sizeof(u32) * dev->wiphy.n_cipher_suites, 747 sizeof(u32) * dev->wiphy.n_cipher_suites,
@@ -876,6 +884,10 @@ static int nl80211_send_wiphy(struct sk_buff *msg, u32 pid, u32 seq, int flags,
876 } 884 }
877 CMD(set_channel, SET_CHANNEL); 885 CMD(set_channel, SET_CHANNEL);
878 CMD(set_wds_peer, SET_WDS_PEER); 886 CMD(set_wds_peer, SET_WDS_PEER);
887 if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
888 CMD(tdls_mgmt, TDLS_MGMT);
889 CMD(tdls_oper, TDLS_OPER);
890 }
879 if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) 891 if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN)
880 CMD(sched_scan_start, START_SCHED_SCAN); 892 CMD(sched_scan_start, START_SCHED_SCAN);
881 893
@@ -1235,6 +1247,17 @@ static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
1235 goto bad_res; 1247 goto bad_res;
1236 } 1248 }
1237 1249
1250 if (!netdev) {
1251 result = -EINVAL;
1252 goto bad_res;
1253 }
1254
1255 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
1256 netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
1257 result = -EINVAL;
1258 goto bad_res;
1259 }
1260
1238 nla_for_each_nested(nl_txq_params, 1261 nla_for_each_nested(nl_txq_params,
1239 info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS], 1262 info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
1240 rem_txq_params) { 1263 rem_txq_params) {
@@ -1247,6 +1270,7 @@ static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
1247 goto bad_res; 1270 goto bad_res;
1248 1271
1249 result = rdev->ops->set_txq_params(&rdev->wiphy, 1272 result = rdev->ops->set_txq_params(&rdev->wiphy,
1273 netdev,
1250 &txq_params); 1274 &txq_params);
1251 if (result) 1275 if (result)
1252 goto bad_res; 1276 goto bad_res;
@@ -2325,6 +2349,10 @@ static int nl80211_send_station(struct sk_buff *msg, u32 pid, u32 seq,
2325 2349
2326 nla_nest_end(msg, bss_param); 2350 nla_nest_end(msg, bss_param);
2327 } 2351 }
2352 if (sinfo->filled & STATION_INFO_STA_FLAGS)
2353 NLA_PUT(msg, NL80211_STA_INFO_STA_FLAGS,
2354 sizeof(struct nl80211_sta_flag_update),
2355 &sinfo->sta_flags);
2328 nla_nest_end(msg, sinfoattr); 2356 nla_nest_end(msg, sinfoattr);
2329 2357
2330 if (sinfo->filled & STATION_INFO_ASSOC_REQ_IES) 2358 if (sinfo->filled & STATION_INFO_ASSOC_REQ_IES)
@@ -2511,18 +2539,25 @@ static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
2511 break; 2539 break;
2512 case NL80211_IFTYPE_P2P_CLIENT: 2540 case NL80211_IFTYPE_P2P_CLIENT:
2513 case NL80211_IFTYPE_STATION: 2541 case NL80211_IFTYPE_STATION:
2514 /* disallow everything but AUTHORIZED flag */ 2542 /* disallow things sta doesn't support */
2515 if (params.plink_action) 2543 if (params.plink_action)
2516 err = -EINVAL; 2544 err = -EINVAL;
2517 if (params.vlan) 2545 if (params.vlan)
2518 err = -EINVAL; 2546 err = -EINVAL;
2519 if (params.supported_rates) 2547 if (params.supported_rates &&
2548 !(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
2520 err = -EINVAL; 2549 err = -EINVAL;
2521 if (params.ht_capa) 2550 if (params.ht_capa)
2522 err = -EINVAL; 2551 err = -EINVAL;
2523 if (params.listen_interval >= 0) 2552 if (params.listen_interval >= 0)
2524 err = -EINVAL; 2553 err = -EINVAL;
2525 if (params.sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED)) 2554 if (params.sta_flags_mask &
2555 ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
2556 BIT(NL80211_STA_FLAG_TDLS_PEER)))
2557 err = -EINVAL;
2558 /* can't change the TDLS bit */
2559 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) &&
2560 (params.sta_flags_mask & BIT(NL80211_STA_FLAG_TDLS_PEER)))
2526 err = -EINVAL; 2561 err = -EINVAL;
2527 break; 2562 break;
2528 case NL80211_IFTYPE_MESH_POINT: 2563 case NL80211_IFTYPE_MESH_POINT:
@@ -2613,7 +2648,7 @@ static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
2613 2648
2614 /* parse WME attributes if sta is WME capable */ 2649 /* parse WME attributes if sta is WME capable */
2615 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) && 2650 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
2616 (params.sta_flags_set & NL80211_STA_FLAG_WME) && 2651 (params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)) &&
2617 info->attrs[NL80211_ATTR_STA_WME]) { 2652 info->attrs[NL80211_ATTR_STA_WME]) {
2618 struct nlattr *tb[NL80211_STA_WME_MAX + 1]; 2653 struct nlattr *tb[NL80211_STA_WME_MAX + 1];
2619 struct nlattr *nla; 2654 struct nlattr *nla;
@@ -2636,12 +2671,25 @@ static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
2636 2671
2637 if (params.max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK) 2672 if (params.max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
2638 return -EINVAL; 2673 return -EINVAL;
2674
2675 params.sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;
2639 } 2676 }
2640 2677
2641 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 2678 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2642 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN && 2679 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
2643 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT && 2680 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
2644 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 2681 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO &&
2682 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION)
2683 return -EINVAL;
2684
2685 /*
2686 * Only managed stations can add TDLS peers, and only when the
2687 * wiphy supports external TDLS setup.
2688 */
2689 if (dev->ieee80211_ptr->iftype == NL80211_IFTYPE_STATION &&
2690 !((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) &&
2691 (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) &&
2692 (rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP)))
2645 return -EINVAL; 2693 return -EINVAL;
2646 2694
2647 err = get_vlan(info, rdev, &params.vlan); 2695 err = get_vlan(info, rdev, &params.vlan);
@@ -3620,6 +3668,9 @@ static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
3620 } 3668 }
3621 } 3669 }
3622 3670
3671 request->no_cck =
3672 nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
3673
3623 request->dev = dev; 3674 request->dev = dev;
3624 request->wiphy = &rdev->wiphy; 3675 request->wiphy = &rdev->wiphy;
3625 3676
@@ -4126,22 +4177,6 @@ static bool nl80211_valid_wpa_versions(u32 wpa_versions)
4126 NL80211_WPA_VERSION_2)); 4177 NL80211_WPA_VERSION_2));
4127} 4178}
4128 4179
4129static bool nl80211_valid_akm_suite(u32 akm)
4130{
4131 return akm == WLAN_AKM_SUITE_8021X ||
4132 akm == WLAN_AKM_SUITE_PSK;
4133}
4134
4135static bool nl80211_valid_cipher_suite(u32 cipher)
4136{
4137 return cipher == WLAN_CIPHER_SUITE_WEP40 ||
4138 cipher == WLAN_CIPHER_SUITE_WEP104 ||
4139 cipher == WLAN_CIPHER_SUITE_TKIP ||
4140 cipher == WLAN_CIPHER_SUITE_CCMP ||
4141 cipher == WLAN_CIPHER_SUITE_AES_CMAC;
4142}
4143
4144
4145static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info) 4180static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
4146{ 4181{
4147 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4182 struct cfg80211_registered_device *rdev = info->user_ptr[0];
@@ -4274,7 +4309,8 @@ static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
4274 memcpy(settings->ciphers_pairwise, data, len); 4309 memcpy(settings->ciphers_pairwise, data, len);
4275 4310
4276 for (i = 0; i < settings->n_ciphers_pairwise; i++) 4311 for (i = 0; i < settings->n_ciphers_pairwise; i++)
4277 if (!nl80211_valid_cipher_suite( 4312 if (!cfg80211_supported_cipher_suite(
4313 &rdev->wiphy,
4278 settings->ciphers_pairwise[i])) 4314 settings->ciphers_pairwise[i]))
4279 return -EINVAL; 4315 return -EINVAL;
4280 } 4316 }
@@ -4282,7 +4318,8 @@ static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
4282 if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) { 4318 if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
4283 settings->cipher_group = 4319 settings->cipher_group =
4284 nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]); 4320 nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
4285 if (!nl80211_valid_cipher_suite(settings->cipher_group)) 4321 if (!cfg80211_supported_cipher_suite(&rdev->wiphy,
4322 settings->cipher_group))
4286 return -EINVAL; 4323 return -EINVAL;
4287 } 4324 }
4288 4325
@@ -4295,7 +4332,7 @@ static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
4295 4332
4296 if (info->attrs[NL80211_ATTR_AKM_SUITES]) { 4333 if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
4297 void *data; 4334 void *data;
4298 int len, i; 4335 int len;
4299 4336
4300 data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]); 4337 data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
4301 len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]); 4338 len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
@@ -4304,11 +4341,10 @@ static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
4304 if (len % sizeof(u32)) 4341 if (len % sizeof(u32))
4305 return -EINVAL; 4342 return -EINVAL;
4306 4343
4307 memcpy(settings->akm_suites, data, len); 4344 if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES)
4345 return -EINVAL;
4308 4346
4309 for (i = 0; i < settings->n_ciphers_pairwise; i++) 4347 memcpy(settings->akm_suites, data, len);
4310 if (!nl80211_valid_akm_suite(settings->akm_suites[i]))
4311 return -EINVAL;
4312 } 4348 }
4313 4349
4314 return 0; 4350 return 0;
@@ -4969,6 +5005,57 @@ static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
4969 return rdev->ops->flush_pmksa(&rdev->wiphy, dev); 5005 return rdev->ops->flush_pmksa(&rdev->wiphy, dev);
4970} 5006}
4971 5007
5008static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info)
5009{
5010 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5011 struct net_device *dev = info->user_ptr[1];
5012 u8 action_code, dialog_token;
5013 u16 status_code;
5014 u8 *peer;
5015
5016 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
5017 !rdev->ops->tdls_mgmt)
5018 return -EOPNOTSUPP;
5019
5020 if (!info->attrs[NL80211_ATTR_TDLS_ACTION] ||
5021 !info->attrs[NL80211_ATTR_STATUS_CODE] ||
5022 !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] ||
5023 !info->attrs[NL80211_ATTR_IE] ||
5024 !info->attrs[NL80211_ATTR_MAC])
5025 return -EINVAL;
5026
5027 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
5028 action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]);
5029 status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
5030 dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]);
5031
5032 return rdev->ops->tdls_mgmt(&rdev->wiphy, dev, peer, action_code,
5033 dialog_token, status_code,
5034 nla_data(info->attrs[NL80211_ATTR_IE]),
5035 nla_len(info->attrs[NL80211_ATTR_IE]));
5036}
5037
5038static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info)
5039{
5040 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5041 struct net_device *dev = info->user_ptr[1];
5042 enum nl80211_tdls_operation operation;
5043 u8 *peer;
5044
5045 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
5046 !rdev->ops->tdls_oper)
5047 return -EOPNOTSUPP;
5048
5049 if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] ||
5050 !info->attrs[NL80211_ATTR_MAC])
5051 return -EINVAL;
5052
5053 operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]);
5054 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
5055
5056 return rdev->ops->tdls_oper(&rdev->wiphy, dev, peer, operation);
5057}
5058
4972static int nl80211_remain_on_channel(struct sk_buff *skb, 5059static int nl80211_remain_on_channel(struct sk_buff *skb,
4973 struct genl_info *info) 5060 struct genl_info *info)
4974{ 5061{
@@ -5189,6 +5276,7 @@ static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
5189 struct sk_buff *msg; 5276 struct sk_buff *msg;
5190 unsigned int wait = 0; 5277 unsigned int wait = 0;
5191 bool offchan; 5278 bool offchan;
5279 bool no_cck;
5192 5280
5193 if (!info->attrs[NL80211_ATTR_FRAME] || 5281 if (!info->attrs[NL80211_ATTR_FRAME] ||
5194 !info->attrs[NL80211_ATTR_WIPHY_FREQ]) 5282 !info->attrs[NL80211_ATTR_WIPHY_FREQ])
@@ -5225,6 +5313,8 @@ static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
5225 5313
5226 offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK]; 5314 offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK];
5227 5315
5316 no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
5317
5228 freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]); 5318 freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
5229 chan = rdev_freq_to_chan(rdev, freq, channel_type); 5319 chan = rdev_freq_to_chan(rdev, freq, channel_type);
5230 if (chan == NULL) 5320 if (chan == NULL)
@@ -5245,7 +5335,7 @@ static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
5245 channel_type_valid, wait, 5335 channel_type_valid, wait,
5246 nla_data(info->attrs[NL80211_ATTR_FRAME]), 5336 nla_data(info->attrs[NL80211_ATTR_FRAME]),
5247 nla_len(info->attrs[NL80211_ATTR_FRAME]), 5337 nla_len(info->attrs[NL80211_ATTR_FRAME]),
5248 &cookie); 5338 no_cck, &cookie);
5249 if (err) 5339 if (err)
5250 goto free_msg; 5340 goto free_msg;
5251 5341
@@ -6281,6 +6371,22 @@ static struct genl_ops nl80211_ops[] = {
6281 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6371 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6282 NL80211_FLAG_NEED_RTNL, 6372 NL80211_FLAG_NEED_RTNL,
6283 }, 6373 },
6374 {
6375 .cmd = NL80211_CMD_TDLS_MGMT,
6376 .doit = nl80211_tdls_mgmt,
6377 .policy = nl80211_policy,
6378 .flags = GENL_ADMIN_PERM,
6379 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6380 NL80211_FLAG_NEED_RTNL,
6381 },
6382 {
6383 .cmd = NL80211_CMD_TDLS_OPER,
6384 .doit = nl80211_tdls_oper,
6385 .policy = nl80211_policy,
6386 .flags = GENL_ADMIN_PERM,
6387 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
6388 NL80211_FLAG_NEED_RTNL,
6389 },
6284}; 6390};
6285 6391
6286static struct genl_multicast_group nl80211_mlme_mcgrp = { 6392static struct genl_multicast_group nl80211_mlme_mcgrp = {
@@ -6533,10 +6639,7 @@ void nl80211_send_reg_change_event(struct regulatory_request *request)
6533 if (wiphy_idx_valid(request->wiphy_idx)) 6639 if (wiphy_idx_valid(request->wiphy_idx))
6534 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx); 6640 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx);
6535 6641
6536 if (genlmsg_end(msg, hdr) < 0) { 6642 genlmsg_end(msg, hdr);
6537 nlmsg_free(msg);
6538 return;
6539 }
6540 6643
6541 rcu_read_lock(); 6644 rcu_read_lock();
6542 genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id, 6645 genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id,
@@ -6572,10 +6675,7 @@ static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
6572 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 6675 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
6573 NLA_PUT(msg, NL80211_ATTR_FRAME, len, buf); 6676 NLA_PUT(msg, NL80211_ATTR_FRAME, len, buf);
6574 6677
6575 if (genlmsg_end(msg, hdr) < 0) { 6678 genlmsg_end(msg, hdr);
6576 nlmsg_free(msg);
6577 return;
6578 }
6579 6679
6580 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 6680 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
6581 nl80211_mlme_mcgrp.id, gfp); 6681 nl80211_mlme_mcgrp.id, gfp);
@@ -6656,10 +6756,7 @@ static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
6656 NLA_PUT_FLAG(msg, NL80211_ATTR_TIMED_OUT); 6756 NLA_PUT_FLAG(msg, NL80211_ATTR_TIMED_OUT);
6657 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 6757 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
6658 6758
6659 if (genlmsg_end(msg, hdr) < 0) { 6759 genlmsg_end(msg, hdr);
6660 nlmsg_free(msg);
6661 return;
6662 }
6663 6760
6664 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 6761 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
6665 nl80211_mlme_mcgrp.id, gfp); 6762 nl80211_mlme_mcgrp.id, gfp);
@@ -6715,10 +6812,7 @@ void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
6715 if (resp_ie) 6812 if (resp_ie)
6716 NLA_PUT(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie); 6813 NLA_PUT(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie);
6717 6814
6718 if (genlmsg_end(msg, hdr) < 0) { 6815 genlmsg_end(msg, hdr);
6719 nlmsg_free(msg);
6720 return;
6721 }
6722 6816
6723 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 6817 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
6724 nl80211_mlme_mcgrp.id, gfp); 6818 nl80211_mlme_mcgrp.id, gfp);
@@ -6756,10 +6850,7 @@ void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
6756 if (resp_ie) 6850 if (resp_ie)
6757 NLA_PUT(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie); 6851 NLA_PUT(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie);
6758 6852
6759 if (genlmsg_end(msg, hdr) < 0) { 6853 genlmsg_end(msg, hdr);
6760 nlmsg_free(msg);
6761 return;
6762 }
6763 6854
6764 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 6855 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
6765 nl80211_mlme_mcgrp.id, gfp); 6856 nl80211_mlme_mcgrp.id, gfp);
@@ -6797,10 +6888,7 @@ void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
6797 if (ie) 6888 if (ie)
6798 NLA_PUT(msg, NL80211_ATTR_IE, ie_len, ie); 6889 NLA_PUT(msg, NL80211_ATTR_IE, ie_len, ie);
6799 6890
6800 if (genlmsg_end(msg, hdr) < 0) { 6891 genlmsg_end(msg, hdr);
6801 nlmsg_free(msg);
6802 return;
6803 }
6804 6892
6805 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 6893 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
6806 nl80211_mlme_mcgrp.id, GFP_KERNEL); 6894 nl80211_mlme_mcgrp.id, GFP_KERNEL);
@@ -6833,10 +6921,7 @@ void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
6833 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 6921 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
6834 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid); 6922 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid);
6835 6923
6836 if (genlmsg_end(msg, hdr) < 0) { 6924 genlmsg_end(msg, hdr);
6837 nlmsg_free(msg);
6838 return;
6839 }
6840 6925
6841 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 6926 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
6842 nl80211_mlme_mcgrp.id, gfp); 6927 nl80211_mlme_mcgrp.id, gfp);
@@ -6871,10 +6956,7 @@ void nl80211_send_new_peer_candidate(struct cfg80211_registered_device *rdev,
6871 if (ie_len && ie) 6956 if (ie_len && ie)
6872 NLA_PUT(msg, NL80211_ATTR_IE, ie_len , ie); 6957 NLA_PUT(msg, NL80211_ATTR_IE, ie_len , ie);
6873 6958
6874 if (genlmsg_end(msg, hdr) < 0) { 6959 genlmsg_end(msg, hdr);
6875 nlmsg_free(msg);
6876 return;
6877 }
6878 6960
6879 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 6961 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
6880 nl80211_mlme_mcgrp.id, gfp); 6962 nl80211_mlme_mcgrp.id, gfp);
@@ -6913,10 +6995,7 @@ void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
6913 if (tsc) 6995 if (tsc)
6914 NLA_PUT(msg, NL80211_ATTR_KEY_SEQ, 6, tsc); 6996 NLA_PUT(msg, NL80211_ATTR_KEY_SEQ, 6, tsc);
6915 6997
6916 if (genlmsg_end(msg, hdr) < 0) { 6998 genlmsg_end(msg, hdr);
6917 nlmsg_free(msg);
6918 return;
6919 }
6920 6999
6921 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7000 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
6922 nl80211_mlme_mcgrp.id, gfp); 7001 nl80211_mlme_mcgrp.id, gfp);
@@ -6967,10 +7046,7 @@ void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
6967 goto nla_put_failure; 7046 goto nla_put_failure;
6968 nla_nest_end(msg, nl_freq); 7047 nla_nest_end(msg, nl_freq);
6969 7048
6970 if (genlmsg_end(msg, hdr) < 0) { 7049 genlmsg_end(msg, hdr);
6971 nlmsg_free(msg);
6972 return;
6973 }
6974 7050
6975 rcu_read_lock(); 7051 rcu_read_lock();
6976 genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id, 7052 genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id,
@@ -7013,10 +7089,7 @@ static void nl80211_send_remain_on_chan_event(
7013 if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL) 7089 if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL)
7014 NLA_PUT_U32(msg, NL80211_ATTR_DURATION, duration); 7090 NLA_PUT_U32(msg, NL80211_ATTR_DURATION, duration);
7015 7091
7016 if (genlmsg_end(msg, hdr) < 0) { 7092 genlmsg_end(msg, hdr);
7017 nlmsg_free(msg);
7018 return;
7019 }
7020 7093
7021 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7094 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7022 nl80211_mlme_mcgrp.id, gfp); 7095 nl80211_mlme_mcgrp.id, gfp);
@@ -7087,10 +7160,7 @@ void nl80211_send_sta_del_event(struct cfg80211_registered_device *rdev,
7087 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex); 7160 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
7088 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr); 7161 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr);
7089 7162
7090 if (genlmsg_end(msg, hdr) < 0) { 7163 genlmsg_end(msg, hdr);
7091 nlmsg_free(msg);
7092 return;
7093 }
7094 7164
7095 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7165 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7096 nl80211_mlme_mcgrp.id, gfp); 7166 nl80211_mlme_mcgrp.id, gfp);
@@ -7107,7 +7177,6 @@ int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
7107{ 7177{
7108 struct sk_buff *msg; 7178 struct sk_buff *msg;
7109 void *hdr; 7179 void *hdr;
7110 int err;
7111 7180
7112 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 7181 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
7113 if (!msg) 7182 if (!msg)
@@ -7124,16 +7193,9 @@ int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
7124 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq); 7193 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq);
7125 NLA_PUT(msg, NL80211_ATTR_FRAME, len, buf); 7194 NLA_PUT(msg, NL80211_ATTR_FRAME, len, buf);
7126 7195
7127 err = genlmsg_end(msg, hdr); 7196 genlmsg_end(msg, hdr);
7128 if (err < 0) {
7129 nlmsg_free(msg);
7130 return err;
7131 }
7132 7197
7133 err = genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlpid); 7198 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlpid);
7134 if (err < 0)
7135 return err;
7136 return 0;
7137 7199
7138 nla_put_failure: 7200 nla_put_failure:
7139 genlmsg_cancel(msg, hdr); 7201 genlmsg_cancel(msg, hdr);
@@ -7166,10 +7228,7 @@ void nl80211_send_mgmt_tx_status(struct cfg80211_registered_device *rdev,
7166 if (ack) 7228 if (ack)
7167 NLA_PUT_FLAG(msg, NL80211_ATTR_ACK); 7229 NLA_PUT_FLAG(msg, NL80211_ATTR_ACK);
7168 7230
7169 if (genlmsg_end(msg, hdr) < 0) { 7231 genlmsg_end(msg, hdr);
7170 nlmsg_free(msg);
7171 return;
7172 }
7173 7232
7174 genlmsg_multicast(msg, 0, nl80211_mlme_mcgrp.id, gfp); 7233 genlmsg_multicast(msg, 0, nl80211_mlme_mcgrp.id, gfp);
7175 return; 7234 return;
@@ -7211,10 +7270,7 @@ nl80211_send_cqm_rssi_notify(struct cfg80211_registered_device *rdev,
7211 7270
7212 nla_nest_end(msg, pinfoattr); 7271 nla_nest_end(msg, pinfoattr);
7213 7272
7214 if (genlmsg_end(msg, hdr) < 0) { 7273 genlmsg_end(msg, hdr);
7215 nlmsg_free(msg);
7216 return;
7217 }
7218 7274
7219 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7275 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7220 nl80211_mlme_mcgrp.id, gfp); 7276 nl80211_mlme_mcgrp.id, gfp);
@@ -7256,10 +7312,7 @@ void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev,
7256 7312
7257 nla_nest_end(msg, rekey_attr); 7313 nla_nest_end(msg, rekey_attr);
7258 7314
7259 if (genlmsg_end(msg, hdr) < 0) { 7315 genlmsg_end(msg, hdr);
7260 nlmsg_free(msg);
7261 return;
7262 }
7263 7316
7264 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7317 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7265 nl80211_mlme_mcgrp.id, gfp); 7318 nl80211_mlme_mcgrp.id, gfp);
@@ -7302,10 +7355,7 @@ void nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev,
7302 7355
7303 nla_nest_end(msg, attr); 7356 nla_nest_end(msg, attr);
7304 7357
7305 if (genlmsg_end(msg, hdr) < 0) { 7358 genlmsg_end(msg, hdr);
7306 nlmsg_free(msg);
7307 return;
7308 }
7309 7359
7310 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7360 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7311 nl80211_mlme_mcgrp.id, gfp); 7361 nl80211_mlme_mcgrp.id, gfp);
@@ -7347,10 +7397,7 @@ nl80211_send_cqm_pktloss_notify(struct cfg80211_registered_device *rdev,
7347 7397
7348 nla_nest_end(msg, pinfoattr); 7398 nla_nest_end(msg, pinfoattr);
7349 7399
7350 if (genlmsg_end(msg, hdr) < 0) { 7400 genlmsg_end(msg, hdr);
7351 nlmsg_free(msg);
7352 return;
7353 }
7354 7401
7355 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7402 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7356 nl80211_mlme_mcgrp.id, gfp); 7403 nl80211_mlme_mcgrp.id, gfp);
diff --git a/net/wireless/scan.c b/net/wireless/scan.c
index 0fb142410404..dc23b31594e0 100644
--- a/net/wireless/scan.c
+++ b/net/wireless/scan.c
@@ -259,17 +259,20 @@ static int cmp_ies(u8 num, u8 *ies1, size_t len1, u8 *ies2, size_t len2)
259{ 259{
260 const u8 *ie1 = cfg80211_find_ie(num, ies1, len1); 260 const u8 *ie1 = cfg80211_find_ie(num, ies1, len1);
261 const u8 *ie2 = cfg80211_find_ie(num, ies2, len2); 261 const u8 *ie2 = cfg80211_find_ie(num, ies2, len2);
262 int r;
263 262
263 /* equal if both missing */
264 if (!ie1 && !ie2) 264 if (!ie1 && !ie2)
265 return 0; 265 return 0;
266 if (!ie1 || !ie2) 266 /* sort missing IE before (left of) present IE */
267 if (!ie1)
267 return -1; 268 return -1;
269 if (!ie2)
270 return 1;
268 271
269 r = memcmp(ie1 + 2, ie2 + 2, min(ie1[1], ie2[1])); 272 /* sort by length first, then by contents */
270 if (r == 0 && ie1[1] != ie2[1]) 273 if (ie1[1] != ie2[1])
271 return ie2[1] - ie1[1]; 274 return ie2[1] - ie1[1];
272 return r; 275 return memcmp(ie1 + 2, ie2 + 2, ie1[1]);
273} 276}
274 277
275static bool is_bss(struct cfg80211_bss *a, 278static bool is_bss(struct cfg80211_bss *a,
diff --git a/net/wireless/util.c b/net/wireless/util.c
index 39dbf4ad7ca1..2f178f73943f 100644
--- a/net/wireless/util.c
+++ b/net/wireless/util.c
@@ -151,12 +151,19 @@ void ieee80211_set_bitrate_flags(struct wiphy *wiphy)
151 set_mandatory_flags_band(wiphy->bands[band], band); 151 set_mandatory_flags_band(wiphy->bands[band], band);
152} 152}
153 153
154bool cfg80211_supported_cipher_suite(struct wiphy *wiphy, u32 cipher)
155{
156 int i;
157 for (i = 0; i < wiphy->n_cipher_suites; i++)
158 if (cipher == wiphy->cipher_suites[i])
159 return true;
160 return false;
161}
162
154int cfg80211_validate_key_settings(struct cfg80211_registered_device *rdev, 163int cfg80211_validate_key_settings(struct cfg80211_registered_device *rdev,
155 struct key_params *params, int key_idx, 164 struct key_params *params, int key_idx,
156 bool pairwise, const u8 *mac_addr) 165 bool pairwise, const u8 *mac_addr)
157{ 166{
158 int i;
159
160 if (key_idx > 5) 167 if (key_idx > 5)
161 return -EINVAL; 168 return -EINVAL;
162 169
@@ -226,10 +233,7 @@ int cfg80211_validate_key_settings(struct cfg80211_registered_device *rdev,
226 } 233 }
227 } 234 }
228 235
229 for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) 236 if (!cfg80211_supported_cipher_suite(&rdev->wiphy, params->cipher))
230 if (params->cipher == rdev->wiphy.cipher_suites[i])
231 break;
232 if (i == rdev->wiphy.n_cipher_suites)
233 return -EINVAL; 237 return -EINVAL;
234 238
235 return 0; 239 return 0;
@@ -392,8 +396,9 @@ int ieee80211_data_to_8023(struct sk_buff *skb, const u8 *addr,
392 } 396 }
393 break; 397 break;
394 case cpu_to_le16(0): 398 case cpu_to_le16(0):
395 if (iftype != NL80211_IFTYPE_ADHOC) 399 if (iftype != NL80211_IFTYPE_ADHOC &&
396 return -1; 400 iftype != NL80211_IFTYPE_STATION)
401 return -1;
397 break; 402 break;
398 } 403 }
399 404
diff --git a/net/x25/af_x25.c b/net/x25/af_x25.c
index d30615419b4d..5f03e4ea65bf 100644
--- a/net/x25/af_x25.c
+++ b/net/x25/af_x25.c
@@ -91,7 +91,7 @@ int x25_parse_address_block(struct sk_buff *skb,
91 int needed; 91 int needed;
92 int rc; 92 int rc;
93 93
94 if (skb->len < 1) { 94 if (!pskb_may_pull(skb, 1)) {
95 /* packet has no address block */ 95 /* packet has no address block */
96 rc = 0; 96 rc = 0;
97 goto empty; 97 goto empty;
@@ -100,7 +100,7 @@ int x25_parse_address_block(struct sk_buff *skb,
100 len = *skb->data; 100 len = *skb->data;
101 needed = 1 + (len >> 4) + (len & 0x0f); 101 needed = 1 + (len >> 4) + (len & 0x0f);
102 102
103 if (skb->len < needed) { 103 if (!pskb_may_pull(skb, needed)) {
104 /* packet is too short to hold the addresses it claims 104 /* packet is too short to hold the addresses it claims
105 to hold */ 105 to hold */
106 rc = -1; 106 rc = -1;
@@ -295,7 +295,8 @@ static struct sock *x25_find_listener(struct x25_address *addr,
295 * Found a listening socket, now check the incoming 295 * Found a listening socket, now check the incoming
296 * call user data vs this sockets call user data 296 * call user data vs this sockets call user data
297 */ 297 */
298 if(skb->len > 0 && x25_sk(s)->cudmatchlength > 0) { 298 if (x25_sk(s)->cudmatchlength > 0 &&
299 skb->len >= x25_sk(s)->cudmatchlength) {
299 if((memcmp(x25_sk(s)->calluserdata.cuddata, 300 if((memcmp(x25_sk(s)->calluserdata.cuddata,
300 skb->data, 301 skb->data,
301 x25_sk(s)->cudmatchlength)) == 0) { 302 x25_sk(s)->cudmatchlength)) == 0) {
@@ -951,14 +952,27 @@ int x25_rx_call_request(struct sk_buff *skb, struct x25_neigh *nb,
951 * 952 *
952 * Facilities length is mandatory in call request packets 953 * Facilities length is mandatory in call request packets
953 */ 954 */
954 if (skb->len < 1) 955 if (!pskb_may_pull(skb, 1))
955 goto out_clear_request; 956 goto out_clear_request;
956 len = skb->data[0] + 1; 957 len = skb->data[0] + 1;
957 if (skb->len < len) 958 if (!pskb_may_pull(skb, len))
958 goto out_clear_request; 959 goto out_clear_request;
959 skb_pull(skb,len); 960 skb_pull(skb,len);
960 961
961 /* 962 /*
963 * Ensure that the amount of call user data is valid.
964 */
965 if (skb->len > X25_MAX_CUD_LEN)
966 goto out_clear_request;
967
968 /*
969 * Get all the call user data so it can be used in
970 * x25_find_listener and skb_copy_from_linear_data up ahead.
971 */
972 if (!pskb_may_pull(skb, skb->len))
973 goto out_clear_request;
974
975 /*
962 * Find a listener for the particular address/cud pair. 976 * Find a listener for the particular address/cud pair.
963 */ 977 */
964 sk = x25_find_listener(&source_addr,skb); 978 sk = x25_find_listener(&source_addr,skb);
@@ -1166,6 +1180,9 @@ static int x25_sendmsg(struct kiocb *iocb, struct socket *sock,
1166 * byte of the user data is the logical value of the Q Bit. 1180 * byte of the user data is the logical value of the Q Bit.
1167 */ 1181 */
1168 if (test_bit(X25_Q_BIT_FLAG, &x25->flags)) { 1182 if (test_bit(X25_Q_BIT_FLAG, &x25->flags)) {
1183 if (!pskb_may_pull(skb, 1))
1184 goto out_kfree_skb;
1185
1169 qbit = skb->data[0]; 1186 qbit = skb->data[0];
1170 skb_pull(skb, 1); 1187 skb_pull(skb, 1);
1171 } 1188 }
@@ -1244,7 +1261,9 @@ static int x25_recvmsg(struct kiocb *iocb, struct socket *sock,
1244 struct x25_sock *x25 = x25_sk(sk); 1261 struct x25_sock *x25 = x25_sk(sk);
1245 struct sockaddr_x25 *sx25 = (struct sockaddr_x25 *)msg->msg_name; 1262 struct sockaddr_x25 *sx25 = (struct sockaddr_x25 *)msg->msg_name;
1246 size_t copied; 1263 size_t copied;
1247 int qbit; 1264 int qbit, header_len = x25->neighbour->extended ?
1265 X25_EXT_MIN_LEN : X25_STD_MIN_LEN;
1266
1248 struct sk_buff *skb; 1267 struct sk_buff *skb;
1249 unsigned char *asmptr; 1268 unsigned char *asmptr;
1250 int rc = -ENOTCONN; 1269 int rc = -ENOTCONN;
@@ -1265,6 +1284,9 @@ static int x25_recvmsg(struct kiocb *iocb, struct socket *sock,
1265 1284
1266 skb = skb_dequeue(&x25->interrupt_in_queue); 1285 skb = skb_dequeue(&x25->interrupt_in_queue);
1267 1286
1287 if (!pskb_may_pull(skb, X25_STD_MIN_LEN))
1288 goto out_free_dgram;
1289
1268 skb_pull(skb, X25_STD_MIN_LEN); 1290 skb_pull(skb, X25_STD_MIN_LEN);
1269 1291
1270 /* 1292 /*
@@ -1285,10 +1307,12 @@ static int x25_recvmsg(struct kiocb *iocb, struct socket *sock,
1285 if (!skb) 1307 if (!skb)
1286 goto out; 1308 goto out;
1287 1309
1310 if (!pskb_may_pull(skb, header_len))
1311 goto out_free_dgram;
1312
1288 qbit = (skb->data[0] & X25_Q_BIT) == X25_Q_BIT; 1313 qbit = (skb->data[0] & X25_Q_BIT) == X25_Q_BIT;
1289 1314
1290 skb_pull(skb, x25->neighbour->extended ? 1315 skb_pull(skb, header_len);
1291 X25_EXT_MIN_LEN : X25_STD_MIN_LEN);
1292 1316
1293 if (test_bit(X25_Q_BIT_FLAG, &x25->flags)) { 1317 if (test_bit(X25_Q_BIT_FLAG, &x25->flags)) {
1294 asmptr = skb_push(skb, 1); 1318 asmptr = skb_push(skb, 1);
diff --git a/net/x25/x25_dev.c b/net/x25/x25_dev.c
index e547ca1578c3..fa2b41888bd9 100644
--- a/net/x25/x25_dev.c
+++ b/net/x25/x25_dev.c
@@ -32,6 +32,9 @@ static int x25_receive_data(struct sk_buff *skb, struct x25_neigh *nb)
32 unsigned short frametype; 32 unsigned short frametype;
33 unsigned int lci; 33 unsigned int lci;
34 34
35 if (!pskb_may_pull(skb, X25_STD_MIN_LEN))
36 return 0;
37
35 frametype = skb->data[2]; 38 frametype = skb->data[2];
36 lci = ((skb->data[0] << 8) & 0xF00) + ((skb->data[1] << 0) & 0x0FF); 39 lci = ((skb->data[0] << 8) & 0xF00) + ((skb->data[1] << 0) & 0x0FF);
37 40
@@ -115,6 +118,9 @@ int x25_lapb_receive_frame(struct sk_buff *skb, struct net_device *dev,
115 goto drop; 118 goto drop;
116 } 119 }
117 120
121 if (!pskb_may_pull(skb, 1))
122 return 0;
123
118 switch (skb->data[0]) { 124 switch (skb->data[0]) {
119 125
120 case X25_IFACE_DATA: 126 case X25_IFACE_DATA:
diff --git a/net/x25/x25_facilities.c b/net/x25/x25_facilities.c
index f77e4e75f914..36384a1fa9f2 100644
--- a/net/x25/x25_facilities.c
+++ b/net/x25/x25_facilities.c
@@ -44,7 +44,7 @@
44int x25_parse_facilities(struct sk_buff *skb, struct x25_facilities *facilities, 44int x25_parse_facilities(struct sk_buff *skb, struct x25_facilities *facilities,
45 struct x25_dte_facilities *dte_facs, unsigned long *vc_fac_mask) 45 struct x25_dte_facilities *dte_facs, unsigned long *vc_fac_mask)
46{ 46{
47 unsigned char *p = skb->data; 47 unsigned char *p;
48 unsigned int len; 48 unsigned int len;
49 49
50 *vc_fac_mask = 0; 50 *vc_fac_mask = 0;
@@ -60,14 +60,16 @@ int x25_parse_facilities(struct sk_buff *skb, struct x25_facilities *facilities,
60 memset(dte_facs->called_ae, '\0', sizeof(dte_facs->called_ae)); 60 memset(dte_facs->called_ae, '\0', sizeof(dte_facs->called_ae));
61 memset(dte_facs->calling_ae, '\0', sizeof(dte_facs->calling_ae)); 61 memset(dte_facs->calling_ae, '\0', sizeof(dte_facs->calling_ae));
62 62
63 if (skb->len < 1) 63 if (!pskb_may_pull(skb, 1))
64 return 0; 64 return 0;
65 65
66 len = *p++; 66 len = skb->data[0];
67 67
68 if (len >= skb->len) 68 if (!pskb_may_pull(skb, 1 + len))
69 return -1; 69 return -1;
70 70
71 p = skb->data + 1;
72
71 while (len > 0) { 73 while (len > 0) {
72 switch (*p & X25_FAC_CLASS_MASK) { 74 switch (*p & X25_FAC_CLASS_MASK) {
73 case X25_FAC_CLASS_A: 75 case X25_FAC_CLASS_A:
diff --git a/net/x25/x25_in.c b/net/x25/x25_in.c
index 0b073b51b183..a49cd4ec551a 100644
--- a/net/x25/x25_in.c
+++ b/net/x25/x25_in.c
@@ -107,6 +107,8 @@ static int x25_state1_machine(struct sock *sk, struct sk_buff *skb, int frametyp
107 /* 107 /*
108 * Parse the data in the frame. 108 * Parse the data in the frame.
109 */ 109 */
110 if (!pskb_may_pull(skb, X25_STD_MIN_LEN))
111 goto out_clear;
110 skb_pull(skb, X25_STD_MIN_LEN); 112 skb_pull(skb, X25_STD_MIN_LEN);
111 113
112 len = x25_parse_address_block(skb, &source_addr, 114 len = x25_parse_address_block(skb, &source_addr,
@@ -127,9 +129,11 @@ static int x25_state1_machine(struct sock *sk, struct sk_buff *skb, int frametyp
127 * Copy any Call User Data. 129 * Copy any Call User Data.
128 */ 130 */
129 if (skb->len > 0) { 131 if (skb->len > 0) {
130 skb_copy_from_linear_data(skb, 132 if (skb->len > X25_MAX_CUD_LEN)
131 x25->calluserdata.cuddata, 133 goto out_clear;
132 skb->len); 134
135 skb_copy_bits(skb, 0, x25->calluserdata.cuddata,
136 skb->len);
133 x25->calluserdata.cudlength = skb->len; 137 x25->calluserdata.cudlength = skb->len;
134 } 138 }
135 if (!sock_flag(sk, SOCK_DEAD)) 139 if (!sock_flag(sk, SOCK_DEAD))
@@ -137,6 +141,9 @@ static int x25_state1_machine(struct sock *sk, struct sk_buff *skb, int frametyp
137 break; 141 break;
138 } 142 }
139 case X25_CLEAR_REQUEST: 143 case X25_CLEAR_REQUEST:
144 if (!pskb_may_pull(skb, X25_STD_MIN_LEN + 2))
145 goto out_clear;
146
140 x25_write_internal(sk, X25_CLEAR_CONFIRMATION); 147 x25_write_internal(sk, X25_CLEAR_CONFIRMATION);
141 x25_disconnect(sk, ECONNREFUSED, skb->data[3], skb->data[4]); 148 x25_disconnect(sk, ECONNREFUSED, skb->data[3], skb->data[4]);
142 break; 149 break;
@@ -164,6 +171,9 @@ static int x25_state2_machine(struct sock *sk, struct sk_buff *skb, int frametyp
164 switch (frametype) { 171 switch (frametype) {
165 172
166 case X25_CLEAR_REQUEST: 173 case X25_CLEAR_REQUEST:
174 if (!pskb_may_pull(skb, X25_STD_MIN_LEN + 2))
175 goto out_clear;
176
167 x25_write_internal(sk, X25_CLEAR_CONFIRMATION); 177 x25_write_internal(sk, X25_CLEAR_CONFIRMATION);
168 x25_disconnect(sk, 0, skb->data[3], skb->data[4]); 178 x25_disconnect(sk, 0, skb->data[3], skb->data[4]);
169 break; 179 break;
@@ -177,6 +187,11 @@ static int x25_state2_machine(struct sock *sk, struct sk_buff *skb, int frametyp
177 } 187 }
178 188
179 return 0; 189 return 0;
190
191out_clear:
192 x25_write_internal(sk, X25_CLEAR_REQUEST);
193 x25_start_t23timer(sk);
194 return 0;
180} 195}
181 196
182/* 197/*
@@ -206,6 +221,9 @@ static int x25_state3_machine(struct sock *sk, struct sk_buff *skb, int frametyp
206 break; 221 break;
207 222
208 case X25_CLEAR_REQUEST: 223 case X25_CLEAR_REQUEST:
224 if (!pskb_may_pull(skb, X25_STD_MIN_LEN + 2))
225 goto out_clear;
226
209 x25_write_internal(sk, X25_CLEAR_CONFIRMATION); 227 x25_write_internal(sk, X25_CLEAR_CONFIRMATION);
210 x25_disconnect(sk, 0, skb->data[3], skb->data[4]); 228 x25_disconnect(sk, 0, skb->data[3], skb->data[4]);
211 break; 229 break;
@@ -304,6 +322,12 @@ static int x25_state3_machine(struct sock *sk, struct sk_buff *skb, int frametyp
304 } 322 }
305 323
306 return queued; 324 return queued;
325
326out_clear:
327 x25_write_internal(sk, X25_CLEAR_REQUEST);
328 x25->state = X25_STATE_2;
329 x25_start_t23timer(sk);
330 return 0;
307} 331}
308 332
309/* 333/*
@@ -313,13 +337,13 @@ static int x25_state3_machine(struct sock *sk, struct sk_buff *skb, int frametyp
313 */ 337 */
314static int x25_state4_machine(struct sock *sk, struct sk_buff *skb, int frametype) 338static int x25_state4_machine(struct sock *sk, struct sk_buff *skb, int frametype)
315{ 339{
340 struct x25_sock *x25 = x25_sk(sk);
341
316 switch (frametype) { 342 switch (frametype) {
317 343
318 case X25_RESET_REQUEST: 344 case X25_RESET_REQUEST:
319 x25_write_internal(sk, X25_RESET_CONFIRMATION); 345 x25_write_internal(sk, X25_RESET_CONFIRMATION);
320 case X25_RESET_CONFIRMATION: { 346 case X25_RESET_CONFIRMATION: {
321 struct x25_sock *x25 = x25_sk(sk);
322
323 x25_stop_timer(sk); 347 x25_stop_timer(sk);
324 x25->condition = 0x00; 348 x25->condition = 0x00;
325 x25->va = 0; 349 x25->va = 0;
@@ -331,6 +355,9 @@ static int x25_state4_machine(struct sock *sk, struct sk_buff *skb, int frametyp
331 break; 355 break;
332 } 356 }
333 case X25_CLEAR_REQUEST: 357 case X25_CLEAR_REQUEST:
358 if (!pskb_may_pull(skb, X25_STD_MIN_LEN + 2))
359 goto out_clear;
360
334 x25_write_internal(sk, X25_CLEAR_CONFIRMATION); 361 x25_write_internal(sk, X25_CLEAR_CONFIRMATION);
335 x25_disconnect(sk, 0, skb->data[3], skb->data[4]); 362 x25_disconnect(sk, 0, skb->data[3], skb->data[4]);
336 break; 363 break;
@@ -340,6 +367,12 @@ static int x25_state4_machine(struct sock *sk, struct sk_buff *skb, int frametyp
340 } 367 }
341 368
342 return 0; 369 return 0;
370
371out_clear:
372 x25_write_internal(sk, X25_CLEAR_REQUEST);
373 x25->state = X25_STATE_2;
374 x25_start_t23timer(sk);
375 return 0;
343} 376}
344 377
345/* Higher level upcall for a LAPB frame */ 378/* Higher level upcall for a LAPB frame */
diff --git a/net/x25/x25_link.c b/net/x25/x25_link.c
index 037958ff8eed..4acacf3c6617 100644
--- a/net/x25/x25_link.c
+++ b/net/x25/x25_link.c
@@ -90,6 +90,9 @@ void x25_link_control(struct sk_buff *skb, struct x25_neigh *nb,
90 break; 90 break;
91 91
92 case X25_DIAGNOSTIC: 92 case X25_DIAGNOSTIC:
93 if (!pskb_may_pull(skb, X25_STD_MIN_LEN + 4))
94 break;
95
93 printk(KERN_WARNING "x25: diagnostic #%d - %02X %02X %02X\n", 96 printk(KERN_WARNING "x25: diagnostic #%d - %02X %02X %02X\n",
94 skb->data[3], skb->data[4], 97 skb->data[3], skb->data[4],
95 skb->data[5], skb->data[6]); 98 skb->data[5], skb->data[6]);
diff --git a/net/x25/x25_subr.c b/net/x25/x25_subr.c
index 24a342ebc7f5..5170d52bfd96 100644
--- a/net/x25/x25_subr.c
+++ b/net/x25/x25_subr.c
@@ -269,7 +269,11 @@ int x25_decode(struct sock *sk, struct sk_buff *skb, int *ns, int *nr, int *q,
269 int *d, int *m) 269 int *d, int *m)
270{ 270{
271 struct x25_sock *x25 = x25_sk(sk); 271 struct x25_sock *x25 = x25_sk(sk);
272 unsigned char *frame = skb->data; 272 unsigned char *frame;
273
274 if (!pskb_may_pull(skb, X25_STD_MIN_LEN))
275 return X25_ILLEGAL;
276 frame = skb->data;
273 277
274 *ns = *nr = *q = *d = *m = 0; 278 *ns = *nr = *q = *d = *m = 0;
275 279
@@ -294,6 +298,10 @@ int x25_decode(struct sock *sk, struct sk_buff *skb, int *ns, int *nr, int *q,
294 if (frame[2] == X25_RR || 298 if (frame[2] == X25_RR ||
295 frame[2] == X25_RNR || 299 frame[2] == X25_RNR ||
296 frame[2] == X25_REJ) { 300 frame[2] == X25_REJ) {
301 if (!pskb_may_pull(skb, X25_EXT_MIN_LEN))
302 return X25_ILLEGAL;
303 frame = skb->data;
304
297 *nr = (frame[3] >> 1) & 0x7F; 305 *nr = (frame[3] >> 1) & 0x7F;
298 return frame[2]; 306 return frame[2];
299 } 307 }
@@ -308,6 +316,10 @@ int x25_decode(struct sock *sk, struct sk_buff *skb, int *ns, int *nr, int *q,
308 316
309 if (x25->neighbour->extended) { 317 if (x25->neighbour->extended) {
310 if ((frame[2] & 0x01) == X25_DATA) { 318 if ((frame[2] & 0x01) == X25_DATA) {
319 if (!pskb_may_pull(skb, X25_EXT_MIN_LEN))
320 return X25_ILLEGAL;
321 frame = skb->data;
322
311 *q = (frame[0] & X25_Q_BIT) == X25_Q_BIT; 323 *q = (frame[0] & X25_Q_BIT) == X25_Q_BIT;
312 *d = (frame[0] & X25_D_BIT) == X25_D_BIT; 324 *d = (frame[0] & X25_D_BIT) == X25_D_BIT;
313 *m = (frame[3] & X25_EXT_M_BIT) == X25_EXT_M_BIT; 325 *m = (frame[3] & X25_EXT_M_BIT) == X25_EXT_M_BIT;
diff --git a/net/xfrm/xfrm_algo.c b/net/xfrm/xfrm_algo.c
index 58064d9e565d..791ab2e77f3f 100644
--- a/net/xfrm/xfrm_algo.c
+++ b/net/xfrm/xfrm_algo.c
@@ -462,8 +462,8 @@ static struct xfrm_algo_desc ealg_list[] = {
462 .desc = { 462 .desc = {
463 .sadb_alg_id = SADB_X_EALG_AESCTR, 463 .sadb_alg_id = SADB_X_EALG_AESCTR,
464 .sadb_alg_ivlen = 8, 464 .sadb_alg_ivlen = 8,
465 .sadb_alg_minbits = 128, 465 .sadb_alg_minbits = 160,
466 .sadb_alg_maxbits = 256 466 .sadb_alg_maxbits = 288
467 } 467 }
468}, 468},
469}; 469};
diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c
index a026b0ef2443..54a0dc2e2f8d 100644
--- a/net/xfrm/xfrm_input.c
+++ b/net/xfrm/xfrm_input.c
@@ -212,6 +212,11 @@ resume:
212 /* only the first xfrm gets the encap type */ 212 /* only the first xfrm gets the encap type */
213 encap_type = 0; 213 encap_type = 0;
214 214
215 if (async && x->repl->check(x, skb, seq)) {
216 XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATESEQERROR);
217 goto drop_unlock;
218 }
219
215 x->repl->advance(x, seq); 220 x->repl->advance(x, seq);
216 221
217 x->curlft.bytes += skb->len; 222 x->curlft.bytes += skb->len;
diff --git a/net/xfrm/xfrm_ipcomp.c b/net/xfrm/xfrm_ipcomp.c
index fc91ad7ee26e..e5246fbe36c4 100644
--- a/net/xfrm/xfrm_ipcomp.c
+++ b/net/xfrm/xfrm_ipcomp.c
@@ -70,26 +70,29 @@ static int ipcomp_decompress(struct xfrm_state *x, struct sk_buff *skb)
70 70
71 while ((scratch += len, dlen -= len) > 0) { 71 while ((scratch += len, dlen -= len) > 0) {
72 skb_frag_t *frag; 72 skb_frag_t *frag;
73 struct page *page;
73 74
74 err = -EMSGSIZE; 75 err = -EMSGSIZE;
75 if (WARN_ON(skb_shinfo(skb)->nr_frags >= MAX_SKB_FRAGS)) 76 if (WARN_ON(skb_shinfo(skb)->nr_frags >= MAX_SKB_FRAGS))
76 goto out; 77 goto out;
77 78
78 frag = skb_shinfo(skb)->frags + skb_shinfo(skb)->nr_frags; 79 frag = skb_shinfo(skb)->frags + skb_shinfo(skb)->nr_frags;
79 frag->page = alloc_page(GFP_ATOMIC); 80 page = alloc_page(GFP_ATOMIC);
80 81
81 err = -ENOMEM; 82 err = -ENOMEM;
82 if (!frag->page) 83 if (!page)
83 goto out; 84 goto out;
84 85
86 __skb_frag_set_page(frag, page);
87
85 len = PAGE_SIZE; 88 len = PAGE_SIZE;
86 if (dlen < len) 89 if (dlen < len)
87 len = dlen; 90 len = dlen;
88 91
89 memcpy(page_address(frag->page), scratch, len);
90
91 frag->page_offset = 0; 92 frag->page_offset = 0;
92 frag->size = len; 93 skb_frag_size_set(frag, len);
94 memcpy(skb_frag_address(frag), scratch, len);
95
93 skb->truesize += len; 96 skb->truesize += len;
94 skb->data_len += len; 97 skb->data_len += len;
95 skb->len += len; 98 skb->len += len;
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 94fdcc7f1030..552df27dcf53 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -1349,14 +1349,16 @@ static inline struct xfrm_dst *xfrm_alloc_dst(struct net *net, int family)
1349 BUG(); 1349 BUG();
1350 } 1350 }
1351 xdst = dst_alloc(dst_ops, NULL, 0, 0, 0); 1351 xdst = dst_alloc(dst_ops, NULL, 0, 0, 0);
1352 memset(&xdst->u.rt6.rt6i_table, 0, sizeof(*xdst) - sizeof(struct dst_entry));
1353 xfrm_policy_put_afinfo(afinfo);
1354 1352
1355 if (likely(xdst)) 1353 if (likely(xdst)) {
1354 memset(&xdst->u.rt6.rt6i_table, 0,
1355 sizeof(*xdst) - sizeof(struct dst_entry));
1356 xdst->flo.ops = &xfrm_bundle_fc_ops; 1356 xdst->flo.ops = &xfrm_bundle_fc_ops;
1357 else 1357 } else
1358 xdst = ERR_PTR(-ENOBUFS); 1358 xdst = ERR_PTR(-ENOBUFS);
1359 1359
1360 xfrm_policy_put_afinfo(afinfo);
1361
1360 return xdst; 1362 return xdst;
1361} 1363}
1362 1364
diff --git a/net/xfrm/xfrm_replay.c b/net/xfrm/xfrm_replay.c
index b11ea692bd7d..6ca357406ea8 100644
--- a/net/xfrm/xfrm_replay.c
+++ b/net/xfrm/xfrm_replay.c
@@ -203,8 +203,6 @@ static int xfrm_replay_check_bmp(struct xfrm_state *x,
203 if (!replay_esn->replay_window) 203 if (!replay_esn->replay_window)
204 return 0; 204 return 0;
205 205
206 pos = (replay_esn->seq - 1) % replay_esn->replay_window;
207
208 if (unlikely(seq == 0)) 206 if (unlikely(seq == 0))
209 goto err; 207 goto err;
210 208
@@ -216,19 +214,18 @@ static int xfrm_replay_check_bmp(struct xfrm_state *x,
216 goto err; 214 goto err;
217 } 215 }
218 216
219 if (pos >= diff) { 217 pos = (replay_esn->seq - 1) % replay_esn->replay_window;
218
219 if (pos >= diff)
220 bitnr = (pos - diff) % replay_esn->replay_window; 220 bitnr = (pos - diff) % replay_esn->replay_window;
221 nr = bitnr >> 5; 221 else
222 bitnr = bitnr & 0x1F;
223 if (replay_esn->bmp[nr] & (1U << bitnr))
224 goto err_replay;
225 } else {
226 bitnr = replay_esn->replay_window - (diff - pos); 222 bitnr = replay_esn->replay_window - (diff - pos);
227 nr = bitnr >> 5; 223
228 bitnr = bitnr & 0x1F; 224 nr = bitnr >> 5;
229 if (replay_esn->bmp[nr] & (1U << bitnr)) 225 bitnr = bitnr & 0x1F;
230 goto err_replay; 226 if (replay_esn->bmp[nr] & (1U << bitnr))
231 } 227 goto err_replay;
228
232 return 0; 229 return 0;
233 230
234err_replay: 231err_replay:
@@ -259,39 +256,27 @@ static void xfrm_replay_advance_bmp(struct xfrm_state *x, __be32 net_seq)
259 bitnr = bitnr & 0x1F; 256 bitnr = bitnr & 0x1F;
260 replay_esn->bmp[nr] &= ~(1U << bitnr); 257 replay_esn->bmp[nr] &= ~(1U << bitnr);
261 } 258 }
262
263 bitnr = (pos + diff) % replay_esn->replay_window;
264 nr = bitnr >> 5;
265 bitnr = bitnr & 0x1F;
266 replay_esn->bmp[nr] |= (1U << bitnr);
267 } else { 259 } else {
268 nr = (replay_esn->replay_window - 1) >> 5; 260 nr = (replay_esn->replay_window - 1) >> 5;
269 for (i = 0; i <= nr; i++) 261 for (i = 0; i <= nr; i++)
270 replay_esn->bmp[i] = 0; 262 replay_esn->bmp[i] = 0;
271
272 bitnr = (pos + diff) % replay_esn->replay_window;
273 nr = bitnr >> 5;
274 bitnr = bitnr & 0x1F;
275 replay_esn->bmp[nr] |= (1U << bitnr);
276 } 263 }
277 264
265 bitnr = (pos + diff) % replay_esn->replay_window;
278 replay_esn->seq = seq; 266 replay_esn->seq = seq;
279 } else { 267 } else {
280 diff = replay_esn->seq - seq; 268 diff = replay_esn->seq - seq;
281 269
282 if (pos >= diff) { 270 if (pos >= diff)
283 bitnr = (pos - diff) % replay_esn->replay_window; 271 bitnr = (pos - diff) % replay_esn->replay_window;
284 nr = bitnr >> 5; 272 else
285 bitnr = bitnr & 0x1F;
286 replay_esn->bmp[nr] |= (1U << bitnr);
287 } else {
288 bitnr = replay_esn->replay_window - (diff - pos); 273 bitnr = replay_esn->replay_window - (diff - pos);
289 nr = bitnr >> 5;
290 bitnr = bitnr & 0x1F;
291 replay_esn->bmp[nr] |= (1U << bitnr);
292 }
293 } 274 }
294 275
276 nr = bitnr >> 5;
277 bitnr = bitnr & 0x1F;
278 replay_esn->bmp[nr] |= (1U << bitnr);
279
295 if (xfrm_aevent_is_on(xs_net(x))) 280 if (xfrm_aevent_is_on(xs_net(x)))
296 xfrm_replay_notify(x, XFRM_REPLAY_UPDATE); 281 xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
297} 282}
@@ -390,8 +375,6 @@ static int xfrm_replay_check_esn(struct xfrm_state *x,
390 if (!wsize) 375 if (!wsize)
391 return 0; 376 return 0;
392 377
393 pos = (replay_esn->seq - 1) % replay_esn->replay_window;
394
395 if (unlikely(seq == 0 && replay_esn->seq_hi == 0 && 378 if (unlikely(seq == 0 && replay_esn->seq_hi == 0 &&
396 (replay_esn->seq < replay_esn->replay_window - 1))) 379 (replay_esn->seq < replay_esn->replay_window - 1)))
397 goto err; 380 goto err;
@@ -415,19 +398,18 @@ static int xfrm_replay_check_esn(struct xfrm_state *x,
415 goto err; 398 goto err;
416 } 399 }
417 400
418 if (pos >= diff) { 401 pos = (replay_esn->seq - 1) % replay_esn->replay_window;
402
403 if (pos >= diff)
419 bitnr = (pos - diff) % replay_esn->replay_window; 404 bitnr = (pos - diff) % replay_esn->replay_window;
420 nr = bitnr >> 5; 405 else
421 bitnr = bitnr & 0x1F;
422 if (replay_esn->bmp[nr] & (1U << bitnr))
423 goto err_replay;
424 } else {
425 bitnr = replay_esn->replay_window - (diff - pos); 406 bitnr = replay_esn->replay_window - (diff - pos);
426 nr = bitnr >> 5; 407
427 bitnr = bitnr & 0x1F; 408 nr = bitnr >> 5;
428 if (replay_esn->bmp[nr] & (1U << bitnr)) 409 bitnr = bitnr & 0x1F;
429 goto err_replay; 410 if (replay_esn->bmp[nr] & (1U << bitnr))
430 } 411 goto err_replay;
412
431 return 0; 413 return 0;
432 414
433err_replay: 415err_replay:
@@ -465,22 +447,13 @@ static void xfrm_replay_advance_esn(struct xfrm_state *x, __be32 net_seq)
465 bitnr = bitnr & 0x1F; 447 bitnr = bitnr & 0x1F;
466 replay_esn->bmp[nr] &= ~(1U << bitnr); 448 replay_esn->bmp[nr] &= ~(1U << bitnr);
467 } 449 }
468
469 bitnr = (pos + diff) % replay_esn->replay_window;
470 nr = bitnr >> 5;
471 bitnr = bitnr & 0x1F;
472 replay_esn->bmp[nr] |= (1U << bitnr);
473 } else { 450 } else {
474 nr = (replay_esn->replay_window - 1) >> 5; 451 nr = (replay_esn->replay_window - 1) >> 5;
475 for (i = 0; i <= nr; i++) 452 for (i = 0; i <= nr; i++)
476 replay_esn->bmp[i] = 0; 453 replay_esn->bmp[i] = 0;
477
478 bitnr = (pos + diff) % replay_esn->replay_window;
479 nr = bitnr >> 5;
480 bitnr = bitnr & 0x1F;
481 replay_esn->bmp[nr] |= (1U << bitnr);
482 } 454 }
483 455
456 bitnr = (pos + diff) % replay_esn->replay_window;
484 replay_esn->seq = seq; 457 replay_esn->seq = seq;
485 458
486 if (unlikely(wrap > 0)) 459 if (unlikely(wrap > 0))
@@ -488,19 +461,16 @@ static void xfrm_replay_advance_esn(struct xfrm_state *x, __be32 net_seq)
488 } else { 461 } else {
489 diff = replay_esn->seq - seq; 462 diff = replay_esn->seq - seq;
490 463
491 if (pos >= diff) { 464 if (pos >= diff)
492 bitnr = (pos - diff) % replay_esn->replay_window; 465 bitnr = (pos - diff) % replay_esn->replay_window;
493 nr = bitnr >> 5; 466 else
494 bitnr = bitnr & 0x1F;
495 replay_esn->bmp[nr] |= (1U << bitnr);
496 } else {
497 bitnr = replay_esn->replay_window - (diff - pos); 467 bitnr = replay_esn->replay_window - (diff - pos);
498 nr = bitnr >> 5;
499 bitnr = bitnr & 0x1F;
500 replay_esn->bmp[nr] |= (1U << bitnr);
501 }
502 } 468 }
503 469
470 nr = bitnr >> 5;
471 bitnr = bitnr & 0x1F;
472 replay_esn->bmp[nr] |= (1U << bitnr);
473
504 if (xfrm_aevent_is_on(xs_net(x))) 474 if (xfrm_aevent_is_on(xs_net(x)))
505 xfrm_replay_notify(x, XFRM_REPLAY_UPDATE); 475 xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
506} 476}
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 0256b8a0a7cf..d0a42df5160e 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -2927,7 +2927,7 @@ static int __net_init xfrm_user_net_init(struct net *net)
2927 if (nlsk == NULL) 2927 if (nlsk == NULL)
2928 return -ENOMEM; 2928 return -ENOMEM;
2929 net->xfrm.nlsk_stash = nlsk; /* Don't set to NULL */ 2929 net->xfrm.nlsk_stash = nlsk; /* Don't set to NULL */
2930 rcu_assign_pointer(net->xfrm.nlsk, nlsk); 2930 RCU_INIT_POINTER(net->xfrm.nlsk, nlsk);
2931 return 0; 2931 return 0;
2932} 2932}
2933 2933
@@ -2935,7 +2935,7 @@ static void __net_exit xfrm_user_net_exit(struct list_head *net_exit_list)
2935{ 2935{
2936 struct net *net; 2936 struct net *net;
2937 list_for_each_entry(net, net_exit_list, exit_list) 2937 list_for_each_entry(net, net_exit_list, exit_list)
2938 rcu_assign_pointer(net->xfrm.nlsk, NULL); 2938 RCU_INIT_POINTER(net->xfrm.nlsk, NULL);
2939 synchronize_net(); 2939 synchronize_net();
2940 list_for_each_entry(net, net_exit_list, exit_list) 2940 list_for_each_entry(net, net_exit_list, exit_list)
2941 netlink_kernel_release(net->xfrm.nlsk_stash); 2941 netlink_kernel_release(net->xfrm.nlsk_stash);