aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
Diffstat (limited to 'net')
-rw-r--r--net/batman-adv/unicast.c15
-rw-r--r--net/batman-adv/vis.c14
-rw-r--r--net/bluetooth/hci_conn.c16
-rw-r--r--net/bluetooth/hci_core.c4
-rw-r--r--net/bluetooth/hci_event.c9
-rw-r--r--net/bluetooth/l2cap.c85
-rw-r--r--net/bluetooth/rfcomm/core.c3
-rw-r--r--net/bridge/br_fdb.c4
-rw-r--r--net/bridge/br_input.c2
-rw-r--r--net/bridge/br_multicast.c19
-rw-r--r--net/bridge/br_private.h3
-rw-r--r--net/caif/chnl_net.c4
-rw-r--r--net/ceph/messenger.c62
-rw-r--r--net/core/dev.c44
-rw-r--r--net/core/ethtool.c2
-rw-r--r--net/core/rtnetlink.c6
-rw-r--r--net/core/skbuff.c9
-rw-r--r--net/dcb/dcbnl.c22
-rw-r--r--net/econet/af_econet.c4
-rw-r--r--net/ipv4/af_inet.c16
-rw-r--r--net/ipv4/arp.c11
-rw-r--r--net/ipv4/devinet.c30
-rw-r--r--net/ipv4/inetpeer.c2
-rw-r--r--net/ipv4/ip_gre.c1
-rw-r--r--net/ipv4/ipmr.c76
-rw-r--r--net/ipv4/netfilter/arpt_mangle.c6
-rw-r--r--net/ipv4/raw.c19
-rw-r--r--net/ipv4/route.c7
-rw-r--r--net/ipv4/tcp_input.c2
-rw-r--r--net/ipv4/tcp_ipv4.c1
-rw-r--r--net/ipv6/addrconf.c81
-rw-r--r--net/ipv6/ip6mr.c75
-rw-r--r--net/ipv6/raw.c19
-rw-r--r--net/ipv6/route.c20
-rw-r--r--net/ipv6/sysctl_net_ipv6.c9
-rw-r--r--net/ipv6/xfrm6_policy.c6
-rw-r--r--net/mac80211/cfg.c2
-rw-r--r--net/mac80211/ieee80211_i.h2
-rw-r--r--net/mac80211/status.c7
-rw-r--r--net/mac80211/tx.c5
-rw-r--r--net/mac80211/util.c2
-rw-r--r--net/netfilter/core.c3
-rw-r--r--net/netfilter/nf_conntrack_core.c11
-rw-r--r--net/netfilter/nf_conntrack_ecache.c3
-rw-r--r--net/netfilter/nf_conntrack_netlink.c1
-rw-r--r--net/netfilter/xt_iprange.c16
-rw-r--r--net/sched/sch_cbq.c3
-rw-r--r--net/sched/sch_drr.c2
-rw-r--r--net/sched/sch_dsmark.c2
-rw-r--r--net/sched/sch_fifo.c5
-rw-r--r--net/sched/sch_hfsc.c2
-rw-r--r--net/sched/sch_htb.c12
-rw-r--r--net/sched/sch_multiq.c2
-rw-r--r--net/sched/sch_netem.c3
-rw-r--r--net/sched/sch_prio.c2
-rw-r--r--net/sched/sch_red.c11
-rw-r--r--net/sched/sch_sfq.c5
-rw-r--r--net/sched/sch_tbf.c2
-rw-r--r--net/sched/sch_teql.c3
-rw-r--r--net/sunrpc/svcsock.c4
-rw-r--r--net/x25/x25_facilities.c28
-rw-r--r--net/x25/x25_in.c14
-rw-r--r--net/x25/x25_link.c5
-rw-r--r--net/xfrm/xfrm_policy.c7
64 files changed, 578 insertions, 294 deletions
diff --git a/net/batman-adv/unicast.c b/net/batman-adv/unicast.c
index ee41fef04b21..d1a611322549 100644
--- a/net/batman-adv/unicast.c
+++ b/net/batman-adv/unicast.c
@@ -50,12 +50,12 @@ static struct sk_buff *frag_merge_packet(struct list_head *head,
50 skb = tfp->skb; 50 skb = tfp->skb;
51 } 51 }
52 52
53 if (skb_linearize(skb) < 0 || skb_linearize(tmp_skb) < 0)
54 goto err;
55
53 skb_pull(tmp_skb, sizeof(struct unicast_frag_packet)); 56 skb_pull(tmp_skb, sizeof(struct unicast_frag_packet));
54 if (pskb_expand_head(skb, 0, tmp_skb->len, GFP_ATOMIC) < 0) { 57 if (pskb_expand_head(skb, 0, tmp_skb->len, GFP_ATOMIC) < 0)
55 /* free buffered skb, skb will be freed later */ 58 goto err;
56 kfree_skb(tfp->skb);
57 return NULL;
58 }
59 59
60 /* move free entry to end */ 60 /* move free entry to end */
61 tfp->skb = NULL; 61 tfp->skb = NULL;
@@ -70,6 +70,11 @@ static struct sk_buff *frag_merge_packet(struct list_head *head,
70 unicast_packet->packet_type = BAT_UNICAST; 70 unicast_packet->packet_type = BAT_UNICAST;
71 71
72 return skb; 72 return skb;
73
74err:
75 /* free buffered skb, skb will be freed later */
76 kfree_skb(tfp->skb);
77 return NULL;
73} 78}
74 79
75static void frag_create_entry(struct list_head *head, struct sk_buff *skb) 80static void frag_create_entry(struct list_head *head, struct sk_buff *skb)
diff --git a/net/batman-adv/vis.c b/net/batman-adv/vis.c
index cd4c4231fa48..de1022cacaf7 100644
--- a/net/batman-adv/vis.c
+++ b/net/batman-adv/vis.c
@@ -64,6 +64,7 @@ static void free_info(struct kref *ref)
64 64
65 spin_unlock_bh(&bat_priv->vis_list_lock); 65 spin_unlock_bh(&bat_priv->vis_list_lock);
66 kfree_skb(info->skb_packet); 66 kfree_skb(info->skb_packet);
67 kfree(info);
67} 68}
68 69
69/* Compare two vis packets, used by the hashing algorithm */ 70/* Compare two vis packets, used by the hashing algorithm */
@@ -268,10 +269,10 @@ int vis_seq_print_text(struct seq_file *seq, void *offset)
268 buff_pos += sprintf(buff + buff_pos, "%pM,", 269 buff_pos += sprintf(buff + buff_pos, "%pM,",
269 entry->addr); 270 entry->addr);
270 271
271 for (i = 0; i < packet->entries; i++) 272 for (j = 0; j < packet->entries; j++)
272 buff_pos += vis_data_read_entry( 273 buff_pos += vis_data_read_entry(
273 buff + buff_pos, 274 buff + buff_pos,
274 &entries[i], 275 &entries[j],
275 entry->addr, 276 entry->addr,
276 entry->primary); 277 entry->primary);
277 278
@@ -444,7 +445,7 @@ static struct vis_info *add_packet(struct bat_priv *bat_priv,
444 info); 445 info);
445 if (hash_added < 0) { 446 if (hash_added < 0) {
446 /* did not work (for some reason) */ 447 /* did not work (for some reason) */
447 kref_put(&old_info->refcount, free_info); 448 kref_put(&info->refcount, free_info);
448 info = NULL; 449 info = NULL;
449 } 450 }
450 451
@@ -815,7 +816,7 @@ static void send_vis_packets(struct work_struct *work)
815 container_of(work, struct delayed_work, work); 816 container_of(work, struct delayed_work, work);
816 struct bat_priv *bat_priv = 817 struct bat_priv *bat_priv =
817 container_of(delayed_work, struct bat_priv, vis_work); 818 container_of(delayed_work, struct bat_priv, vis_work);
818 struct vis_info *info, *temp; 819 struct vis_info *info;
819 820
820 spin_lock_bh(&bat_priv->vis_hash_lock); 821 spin_lock_bh(&bat_priv->vis_hash_lock);
821 purge_vis_packets(bat_priv); 822 purge_vis_packets(bat_priv);
@@ -825,8 +826,9 @@ static void send_vis_packets(struct work_struct *work)
825 send_list_add(bat_priv, bat_priv->my_vis_info); 826 send_list_add(bat_priv, bat_priv->my_vis_info);
826 } 827 }
827 828
828 list_for_each_entry_safe(info, temp, &bat_priv->vis_send_list, 829 while (!list_empty(&bat_priv->vis_send_list)) {
829 send_list) { 830 info = list_first_entry(&bat_priv->vis_send_list,
831 typeof(*info), send_list);
830 832
831 kref_get(&info->refcount); 833 kref_get(&info->refcount);
832 spin_unlock_bh(&bat_priv->vis_hash_lock); 834 spin_unlock_bh(&bat_priv->vis_hash_lock);
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index 6b90a4191734..99cd8d9d891b 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -379,14 +379,10 @@ struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, __u8
379 hci_conn_hold(acl); 379 hci_conn_hold(acl);
380 380
381 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) { 381 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) {
382 acl->sec_level = sec_level; 382 acl->sec_level = BT_SECURITY_LOW;
383 acl->pending_sec_level = sec_level;
383 acl->auth_type = auth_type; 384 acl->auth_type = auth_type;
384 hci_acl_connect(acl); 385 hci_acl_connect(acl);
385 } else {
386 if (acl->sec_level < sec_level)
387 acl->sec_level = sec_level;
388 if (acl->auth_type < auth_type)
389 acl->auth_type = auth_type;
390 } 386 }
391 387
392 if (type == ACL_LINK) 388 if (type == ACL_LINK)
@@ -442,11 +438,17 @@ static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
442{ 438{
443 BT_DBG("conn %p", conn); 439 BT_DBG("conn %p", conn);
444 440
441 if (conn->pending_sec_level > sec_level)
442 sec_level = conn->pending_sec_level;
443
445 if (sec_level > conn->sec_level) 444 if (sec_level > conn->sec_level)
446 conn->sec_level = sec_level; 445 conn->pending_sec_level = sec_level;
447 else if (conn->link_mode & HCI_LM_AUTH) 446 else if (conn->link_mode & HCI_LM_AUTH)
448 return 1; 447 return 1;
449 448
449 /* Make sure we preserve an existing MITM requirement*/
450 auth_type |= (conn->auth_type & 0x01);
451
450 conn->auth_type = auth_type; 452 conn->auth_type = auth_type;
451 453
452 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) { 454 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index 8b602d881fd7..9c4541bc488a 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -1011,6 +1011,10 @@ int hci_unregister_dev(struct hci_dev *hdev)
1011 1011
1012 destroy_workqueue(hdev->workqueue); 1012 destroy_workqueue(hdev->workqueue);
1013 1013
1014 hci_dev_lock_bh(hdev);
1015 hci_blacklist_clear(hdev);
1016 hci_dev_unlock_bh(hdev);
1017
1014 __hci_dev_put(hdev); 1018 __hci_dev_put(hdev);
1015 1019
1016 return 0; 1020 return 0;
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 38100170d380..a290854fdaa6 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -692,13 +692,13 @@ static int hci_outgoing_auth_needed(struct hci_dev *hdev,
692 if (conn->state != BT_CONFIG || !conn->out) 692 if (conn->state != BT_CONFIG || !conn->out)
693 return 0; 693 return 0;
694 694
695 if (conn->sec_level == BT_SECURITY_SDP) 695 if (conn->pending_sec_level == BT_SECURITY_SDP)
696 return 0; 696 return 0;
697 697
698 /* Only request authentication for SSP connections or non-SSP 698 /* Only request authentication for SSP connections or non-SSP
699 * devices with sec_level HIGH */ 699 * devices with sec_level HIGH */
700 if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) && 700 if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) &&
701 conn->sec_level != BT_SECURITY_HIGH) 701 conn->pending_sec_level != BT_SECURITY_HIGH)
702 return 0; 702 return 0;
703 703
704 return 1; 704 return 1;
@@ -1095,9 +1095,10 @@ static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *s
1095 1095
1096 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1096 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1097 if (conn) { 1097 if (conn) {
1098 if (!ev->status) 1098 if (!ev->status) {
1099 conn->link_mode |= HCI_LM_AUTH; 1099 conn->link_mode |= HCI_LM_AUTH;
1100 else 1100 conn->sec_level = conn->pending_sec_level;
1101 } else
1101 conn->sec_level = BT_SECURITY_LOW; 1102 conn->sec_level = BT_SECURITY_LOW;
1102 1103
1103 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend); 1104 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index c791fcda7b2d..675614e38e14 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -305,33 +305,44 @@ static void l2cap_chan_del(struct sock *sk, int err)
305 } 305 }
306} 306}
307 307
308/* Service level security */ 308static inline u8 l2cap_get_auth_type(struct sock *sk)
309static inline int l2cap_check_security(struct sock *sk)
310{ 309{
311 struct l2cap_conn *conn = l2cap_pi(sk)->conn; 310 if (sk->sk_type == SOCK_RAW) {
312 __u8 auth_type; 311 switch (l2cap_pi(sk)->sec_level) {
312 case BT_SECURITY_HIGH:
313 return HCI_AT_DEDICATED_BONDING_MITM;
314 case BT_SECURITY_MEDIUM:
315 return HCI_AT_DEDICATED_BONDING;
316 default:
317 return HCI_AT_NO_BONDING;
318 }
319 } else if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {
320 if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW)
321 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
313 322
314 if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {
315 if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH) 323 if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
316 auth_type = HCI_AT_NO_BONDING_MITM; 324 return HCI_AT_NO_BONDING_MITM;
317 else 325 else
318 auth_type = HCI_AT_NO_BONDING; 326 return HCI_AT_NO_BONDING;
319
320 if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW)
321 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
322 } else { 327 } else {
323 switch (l2cap_pi(sk)->sec_level) { 328 switch (l2cap_pi(sk)->sec_level) {
324 case BT_SECURITY_HIGH: 329 case BT_SECURITY_HIGH:
325 auth_type = HCI_AT_GENERAL_BONDING_MITM; 330 return HCI_AT_GENERAL_BONDING_MITM;
326 break;
327 case BT_SECURITY_MEDIUM: 331 case BT_SECURITY_MEDIUM:
328 auth_type = HCI_AT_GENERAL_BONDING; 332 return HCI_AT_GENERAL_BONDING;
329 break;
330 default: 333 default:
331 auth_type = HCI_AT_NO_BONDING; 334 return HCI_AT_NO_BONDING;
332 break;
333 } 335 }
334 } 336 }
337}
338
339/* Service level security */
340static inline int l2cap_check_security(struct sock *sk)
341{
342 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
343 __u8 auth_type;
344
345 auth_type = l2cap_get_auth_type(sk);
335 346
336 return hci_conn_security(conn->hcon, l2cap_pi(sk)->sec_level, 347 return hci_conn_security(conn->hcon, l2cap_pi(sk)->sec_level,
337 auth_type); 348 auth_type);
@@ -848,6 +859,7 @@ static void __l2cap_sock_close(struct sock *sk, int reason)
848 result = L2CAP_CR_SEC_BLOCK; 859 result = L2CAP_CR_SEC_BLOCK;
849 else 860 else
850 result = L2CAP_CR_BAD_PSM; 861 result = L2CAP_CR_BAD_PSM;
862 sk->sk_state = BT_DISCONN;
851 863
852 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid); 864 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
853 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid); 865 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
@@ -1068,39 +1080,7 @@ static int l2cap_do_connect(struct sock *sk)
1068 1080
1069 err = -ENOMEM; 1081 err = -ENOMEM;
1070 1082
1071 if (sk->sk_type == SOCK_RAW) { 1083 auth_type = l2cap_get_auth_type(sk);
1072 switch (l2cap_pi(sk)->sec_level) {
1073 case BT_SECURITY_HIGH:
1074 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1075 break;
1076 case BT_SECURITY_MEDIUM:
1077 auth_type = HCI_AT_DEDICATED_BONDING;
1078 break;
1079 default:
1080 auth_type = HCI_AT_NO_BONDING;
1081 break;
1082 }
1083 } else if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {
1084 if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
1085 auth_type = HCI_AT_NO_BONDING_MITM;
1086 else
1087 auth_type = HCI_AT_NO_BONDING;
1088
1089 if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW)
1090 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
1091 } else {
1092 switch (l2cap_pi(sk)->sec_level) {
1093 case BT_SECURITY_HIGH:
1094 auth_type = HCI_AT_GENERAL_BONDING_MITM;
1095 break;
1096 case BT_SECURITY_MEDIUM:
1097 auth_type = HCI_AT_GENERAL_BONDING;
1098 break;
1099 default:
1100 auth_type = HCI_AT_NO_BONDING;
1101 break;
1102 }
1103 }
1104 1084
1105 hcon = hci_connect(hdev, ACL_LINK, dst, 1085 hcon = hci_connect(hdev, ACL_LINK, dst,
1106 l2cap_pi(sk)->sec_level, auth_type); 1086 l2cap_pi(sk)->sec_level, auth_type);
@@ -1127,7 +1107,8 @@ static int l2cap_do_connect(struct sock *sk)
1127 if (sk->sk_type != SOCK_SEQPACKET && 1107 if (sk->sk_type != SOCK_SEQPACKET &&
1128 sk->sk_type != SOCK_STREAM) { 1108 sk->sk_type != SOCK_STREAM) {
1129 l2cap_sock_clear_timer(sk); 1109 l2cap_sock_clear_timer(sk);
1130 sk->sk_state = BT_CONNECTED; 1110 if (l2cap_check_security(sk))
1111 sk->sk_state = BT_CONNECTED;
1131 } else 1112 } else
1132 l2cap_do_start(sk); 1113 l2cap_do_start(sk);
1133 } 1114 }
@@ -1893,8 +1874,8 @@ static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct ms
1893 if (pi->mode == L2CAP_MODE_STREAMING) { 1874 if (pi->mode == L2CAP_MODE_STREAMING) {
1894 l2cap_streaming_send(sk); 1875 l2cap_streaming_send(sk);
1895 } else { 1876 } else {
1896 if (pi->conn_state & L2CAP_CONN_REMOTE_BUSY && 1877 if ((pi->conn_state & L2CAP_CONN_REMOTE_BUSY) &&
1897 pi->conn_state && L2CAP_CONN_WAIT_F) { 1878 (pi->conn_state & L2CAP_CONN_WAIT_F)) {
1898 err = len; 1879 err = len;
1899 break; 1880 break;
1900 } 1881 }
diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c
index ff8aaa736650..6b83776534fb 100644
--- a/net/bluetooth/rfcomm/core.c
+++ b/net/bluetooth/rfcomm/core.c
@@ -1164,7 +1164,8 @@ static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1164 * initiator rfcomm_process_rx already calls 1164 * initiator rfcomm_process_rx already calls
1165 * rfcomm_session_put() */ 1165 * rfcomm_session_put() */
1166 if (s->sock->sk->sk_state != BT_CLOSED) 1166 if (s->sock->sk->sk_state != BT_CLOSED)
1167 rfcomm_session_put(s); 1167 if (list_empty(&s->dlcs))
1168 rfcomm_session_put(s);
1168 break; 1169 break;
1169 } 1170 }
1170 } 1171 }
diff --git a/net/bridge/br_fdb.c b/net/bridge/br_fdb.c
index 2872393b2939..88485cc74dc3 100644
--- a/net/bridge/br_fdb.c
+++ b/net/bridge/br_fdb.c
@@ -328,12 +328,12 @@ static struct net_bridge_fdb_entry *fdb_create(struct hlist_head *head,
328 fdb = kmem_cache_alloc(br_fdb_cache, GFP_ATOMIC); 328 fdb = kmem_cache_alloc(br_fdb_cache, GFP_ATOMIC);
329 if (fdb) { 329 if (fdb) {
330 memcpy(fdb->addr.addr, addr, ETH_ALEN); 330 memcpy(fdb->addr.addr, addr, ETH_ALEN);
331 hlist_add_head_rcu(&fdb->hlist, head);
332
333 fdb->dst = source; 331 fdb->dst = source;
334 fdb->is_local = is_local; 332 fdb->is_local = is_local;
335 fdb->is_static = is_local; 333 fdb->is_static = is_local;
336 fdb->ageing_timer = jiffies; 334 fdb->ageing_timer = jiffies;
335
336 hlist_add_head_rcu(&fdb->hlist, head);
337 } 337 }
338 return fdb; 338 return fdb;
339} 339}
diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c
index 6f6d8e1b776f..88e4aa9cb1f9 100644
--- a/net/bridge/br_input.c
+++ b/net/bridge/br_input.c
@@ -80,7 +80,7 @@ int br_handle_frame_finish(struct sk_buff *skb)
80 if (is_multicast_ether_addr(dest)) { 80 if (is_multicast_ether_addr(dest)) {
81 mdst = br_mdb_get(br, skb); 81 mdst = br_mdb_get(br, skb);
82 if (mdst || BR_INPUT_SKB_CB_MROUTERS_ONLY(skb)) { 82 if (mdst || BR_INPUT_SKB_CB_MROUTERS_ONLY(skb)) {
83 if ((mdst && !hlist_unhashed(&mdst->mglist)) || 83 if ((mdst && mdst->mglist) ||
84 br_multicast_is_router(br)) 84 br_multicast_is_router(br))
85 skb2 = skb; 85 skb2 = skb;
86 br_multicast_forward(mdst, skb, skb2); 86 br_multicast_forward(mdst, skb, skb2);
diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c
index f701a21acb34..09d5c0987925 100644
--- a/net/bridge/br_multicast.c
+++ b/net/bridge/br_multicast.c
@@ -232,8 +232,7 @@ static void br_multicast_group_expired(unsigned long data)
232 if (!netif_running(br->dev) || timer_pending(&mp->timer)) 232 if (!netif_running(br->dev) || timer_pending(&mp->timer))
233 goto out; 233 goto out;
234 234
235 if (!hlist_unhashed(&mp->mglist)) 235 mp->mglist = false;
236 hlist_del_init(&mp->mglist);
237 236
238 if (mp->ports) 237 if (mp->ports)
239 goto out; 238 goto out;
@@ -276,7 +275,7 @@ static void br_multicast_del_pg(struct net_bridge *br,
276 del_timer(&p->query_timer); 275 del_timer(&p->query_timer);
277 call_rcu_bh(&p->rcu, br_multicast_free_pg); 276 call_rcu_bh(&p->rcu, br_multicast_free_pg);
278 277
279 if (!mp->ports && hlist_unhashed(&mp->mglist) && 278 if (!mp->ports && !mp->mglist &&
280 netif_running(br->dev)) 279 netif_running(br->dev))
281 mod_timer(&mp->timer, jiffies); 280 mod_timer(&mp->timer, jiffies);
282 281
@@ -528,7 +527,7 @@ static void br_multicast_group_query_expired(unsigned long data)
528 struct net_bridge *br = mp->br; 527 struct net_bridge *br = mp->br;
529 528
530 spin_lock(&br->multicast_lock); 529 spin_lock(&br->multicast_lock);
531 if (!netif_running(br->dev) || hlist_unhashed(&mp->mglist) || 530 if (!netif_running(br->dev) || !mp->mglist ||
532 mp->queries_sent >= br->multicast_last_member_count) 531 mp->queries_sent >= br->multicast_last_member_count)
533 goto out; 532 goto out;
534 533
@@ -719,7 +718,7 @@ static int br_multicast_add_group(struct net_bridge *br,
719 goto err; 718 goto err;
720 719
721 if (!port) { 720 if (!port) {
722 hlist_add_head(&mp->mglist, &br->mglist); 721 mp->mglist = true;
723 mod_timer(&mp->timer, now + br->multicast_membership_interval); 722 mod_timer(&mp->timer, now + br->multicast_membership_interval);
724 goto out; 723 goto out;
725 } 724 }
@@ -1165,7 +1164,7 @@ static int br_ip4_multicast_query(struct net_bridge *br,
1165 1164
1166 max_delay *= br->multicast_last_member_count; 1165 max_delay *= br->multicast_last_member_count;
1167 1166
1168 if (!hlist_unhashed(&mp->mglist) && 1167 if (mp->mglist &&
1169 (timer_pending(&mp->timer) ? 1168 (timer_pending(&mp->timer) ?
1170 time_after(mp->timer.expires, now + max_delay) : 1169 time_after(mp->timer.expires, now + max_delay) :
1171 try_to_del_timer_sync(&mp->timer) >= 0)) 1170 try_to_del_timer_sync(&mp->timer) >= 0))
@@ -1177,7 +1176,7 @@ static int br_ip4_multicast_query(struct net_bridge *br,
1177 if (timer_pending(&p->timer) ? 1176 if (timer_pending(&p->timer) ?
1178 time_after(p->timer.expires, now + max_delay) : 1177 time_after(p->timer.expires, now + max_delay) :
1179 try_to_del_timer_sync(&p->timer) >= 0) 1178 try_to_del_timer_sync(&p->timer) >= 0)
1180 mod_timer(&mp->timer, now + max_delay); 1179 mod_timer(&p->timer, now + max_delay);
1181 } 1180 }
1182 1181
1183out: 1182out:
@@ -1236,7 +1235,7 @@ static int br_ip6_multicast_query(struct net_bridge *br,
1236 goto out; 1235 goto out;
1237 1236
1238 max_delay *= br->multicast_last_member_count; 1237 max_delay *= br->multicast_last_member_count;
1239 if (!hlist_unhashed(&mp->mglist) && 1238 if (mp->mglist &&
1240 (timer_pending(&mp->timer) ? 1239 (timer_pending(&mp->timer) ?
1241 time_after(mp->timer.expires, now + max_delay) : 1240 time_after(mp->timer.expires, now + max_delay) :
1242 try_to_del_timer_sync(&mp->timer) >= 0)) 1241 try_to_del_timer_sync(&mp->timer) >= 0))
@@ -1248,7 +1247,7 @@ static int br_ip6_multicast_query(struct net_bridge *br,
1248 if (timer_pending(&p->timer) ? 1247 if (timer_pending(&p->timer) ?
1249 time_after(p->timer.expires, now + max_delay) : 1248 time_after(p->timer.expires, now + max_delay) :
1250 try_to_del_timer_sync(&p->timer) >= 0) 1249 try_to_del_timer_sync(&p->timer) >= 0)
1251 mod_timer(&mp->timer, now + max_delay); 1250 mod_timer(&p->timer, now + max_delay);
1252 } 1251 }
1253 1252
1254out: 1253out:
@@ -1283,7 +1282,7 @@ static void br_multicast_leave_group(struct net_bridge *br,
1283 br->multicast_last_member_interval; 1282 br->multicast_last_member_interval;
1284 1283
1285 if (!port) { 1284 if (!port) {
1286 if (!hlist_unhashed(&mp->mglist) && 1285 if (mp->mglist &&
1287 (timer_pending(&mp->timer) ? 1286 (timer_pending(&mp->timer) ?
1288 time_after(mp->timer.expires, time) : 1287 time_after(mp->timer.expires, time) :
1289 try_to_del_timer_sync(&mp->timer) >= 0)) { 1288 try_to_del_timer_sync(&mp->timer) >= 0)) {
diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h
index 84aac7734bfc..4e1b620b6be6 100644
--- a/net/bridge/br_private.h
+++ b/net/bridge/br_private.h
@@ -84,13 +84,13 @@ struct net_bridge_port_group {
84struct net_bridge_mdb_entry 84struct net_bridge_mdb_entry
85{ 85{
86 struct hlist_node hlist[2]; 86 struct hlist_node hlist[2];
87 struct hlist_node mglist;
88 struct net_bridge *br; 87 struct net_bridge *br;
89 struct net_bridge_port_group __rcu *ports; 88 struct net_bridge_port_group __rcu *ports;
90 struct rcu_head rcu; 89 struct rcu_head rcu;
91 struct timer_list timer; 90 struct timer_list timer;
92 struct timer_list query_timer; 91 struct timer_list query_timer;
93 struct br_ip addr; 92 struct br_ip addr;
93 bool mglist;
94 u32 queries_sent; 94 u32 queries_sent;
95}; 95};
96 96
@@ -238,7 +238,6 @@ struct net_bridge
238 spinlock_t multicast_lock; 238 spinlock_t multicast_lock;
239 struct net_bridge_mdb_htable __rcu *mdb; 239 struct net_bridge_mdb_htable __rcu *mdb;
240 struct hlist_head router_list; 240 struct hlist_head router_list;
241 struct hlist_head mglist;
242 241
243 struct timer_list multicast_router_timer; 242 struct timer_list multicast_router_timer;
244 struct timer_list multicast_querier_timer; 243 struct timer_list multicast_querier_timer;
diff --git a/net/caif/chnl_net.c b/net/caif/chnl_net.c
index fa9dab372b68..6008d6dc18a0 100644
--- a/net/caif/chnl_net.c
+++ b/net/caif/chnl_net.c
@@ -394,9 +394,7 @@ static void ipcaif_net_setup(struct net_device *dev)
394 priv->conn_req.sockaddr.u.dgm.connection_id = -1; 394 priv->conn_req.sockaddr.u.dgm.connection_id = -1;
395 priv->flowenabled = false; 395 priv->flowenabled = false;
396 396
397 ASSERT_RTNL();
398 init_waitqueue_head(&priv->netmgmt_wq); 397 init_waitqueue_head(&priv->netmgmt_wq);
399 list_add(&priv->list_field, &chnl_net_list);
400} 398}
401 399
402 400
@@ -453,6 +451,8 @@ static int ipcaif_newlink(struct net *src_net, struct net_device *dev,
453 ret = register_netdevice(dev); 451 ret = register_netdevice(dev);
454 if (ret) 452 if (ret)
455 pr_warn("device rtml registration failed\n"); 453 pr_warn("device rtml registration failed\n");
454 else
455 list_add(&caifdev->list_field, &chnl_net_list);
456 return ret; 456 return ret;
457} 457}
458 458
diff --git a/net/ceph/messenger.c b/net/ceph/messenger.c
index dff633d62e5b..35b36b86d762 100644
--- a/net/ceph/messenger.c
+++ b/net/ceph/messenger.c
@@ -252,8 +252,12 @@ static int ceph_tcp_recvmsg(struct socket *sock, void *buf, size_t len)
252{ 252{
253 struct kvec iov = {buf, len}; 253 struct kvec iov = {buf, len};
254 struct msghdr msg = { .msg_flags = MSG_DONTWAIT | MSG_NOSIGNAL }; 254 struct msghdr msg = { .msg_flags = MSG_DONTWAIT | MSG_NOSIGNAL };
255 int r;
255 256
256 return kernel_recvmsg(sock, &msg, &iov, 1, len, msg.msg_flags); 257 r = kernel_recvmsg(sock, &msg, &iov, 1, len, msg.msg_flags);
258 if (r == -EAGAIN)
259 r = 0;
260 return r;
257} 261}
258 262
259/* 263/*
@@ -264,13 +268,17 @@ static int ceph_tcp_sendmsg(struct socket *sock, struct kvec *iov,
264 size_t kvlen, size_t len, int more) 268 size_t kvlen, size_t len, int more)
265{ 269{
266 struct msghdr msg = { .msg_flags = MSG_DONTWAIT | MSG_NOSIGNAL }; 270 struct msghdr msg = { .msg_flags = MSG_DONTWAIT | MSG_NOSIGNAL };
271 int r;
267 272
268 if (more) 273 if (more)
269 msg.msg_flags |= MSG_MORE; 274 msg.msg_flags |= MSG_MORE;
270 else 275 else
271 msg.msg_flags |= MSG_EOR; /* superfluous, but what the hell */ 276 msg.msg_flags |= MSG_EOR; /* superfluous, but what the hell */
272 277
273 return kernel_sendmsg(sock, &msg, iov, kvlen, len); 278 r = kernel_sendmsg(sock, &msg, iov, kvlen, len);
279 if (r == -EAGAIN)
280 r = 0;
281 return r;
274} 282}
275 283
276 284
@@ -847,6 +855,8 @@ static int write_partial_msg_pages(struct ceph_connection *con)
847 (msg->pages || msg->pagelist || msg->bio || in_trail)) 855 (msg->pages || msg->pagelist || msg->bio || in_trail))
848 kunmap(page); 856 kunmap(page);
849 857
858 if (ret == -EAGAIN)
859 ret = 0;
850 if (ret <= 0) 860 if (ret <= 0)
851 goto out; 861 goto out;
852 862
@@ -1737,16 +1747,12 @@ more_kvec:
1737 if (con->out_skip) { 1747 if (con->out_skip) {
1738 ret = write_partial_skip(con); 1748 ret = write_partial_skip(con);
1739 if (ret <= 0) 1749 if (ret <= 0)
1740 goto done; 1750 goto out;
1741 if (ret < 0) {
1742 dout("try_write write_partial_skip err %d\n", ret);
1743 goto done;
1744 }
1745 } 1751 }
1746 if (con->out_kvec_left) { 1752 if (con->out_kvec_left) {
1747 ret = write_partial_kvec(con); 1753 ret = write_partial_kvec(con);
1748 if (ret <= 0) 1754 if (ret <= 0)
1749 goto done; 1755 goto out;
1750 } 1756 }
1751 1757
1752 /* msg pages? */ 1758 /* msg pages? */
@@ -1761,11 +1767,11 @@ more_kvec:
1761 if (ret == 1) 1767 if (ret == 1)
1762 goto more_kvec; /* we need to send the footer, too! */ 1768 goto more_kvec; /* we need to send the footer, too! */
1763 if (ret == 0) 1769 if (ret == 0)
1764 goto done; 1770 goto out;
1765 if (ret < 0) { 1771 if (ret < 0) {
1766 dout("try_write write_partial_msg_pages err %d\n", 1772 dout("try_write write_partial_msg_pages err %d\n",
1767 ret); 1773 ret);
1768 goto done; 1774 goto out;
1769 } 1775 }
1770 } 1776 }
1771 1777
@@ -1789,10 +1795,9 @@ do_next:
1789 /* Nothing to do! */ 1795 /* Nothing to do! */
1790 clear_bit(WRITE_PENDING, &con->state); 1796 clear_bit(WRITE_PENDING, &con->state);
1791 dout("try_write nothing else to write.\n"); 1797 dout("try_write nothing else to write.\n");
1792done:
1793 ret = 0; 1798 ret = 0;
1794out: 1799out:
1795 dout("try_write done on %p\n", con); 1800 dout("try_write done on %p ret %d\n", con, ret);
1796 return ret; 1801 return ret;
1797} 1802}
1798 1803
@@ -1821,19 +1826,17 @@ more:
1821 dout("try_read connecting\n"); 1826 dout("try_read connecting\n");
1822 ret = read_partial_banner(con); 1827 ret = read_partial_banner(con);
1823 if (ret <= 0) 1828 if (ret <= 0)
1824 goto done;
1825 if (process_banner(con) < 0) {
1826 ret = -1;
1827 goto out; 1829 goto out;
1828 } 1830 ret = process_banner(con);
1831 if (ret < 0)
1832 goto out;
1829 } 1833 }
1830 ret = read_partial_connect(con); 1834 ret = read_partial_connect(con);
1831 if (ret <= 0) 1835 if (ret <= 0)
1832 goto done;
1833 if (process_connect(con) < 0) {
1834 ret = -1;
1835 goto out; 1836 goto out;
1836 } 1837 ret = process_connect(con);
1838 if (ret < 0)
1839 goto out;
1837 goto more; 1840 goto more;
1838 } 1841 }
1839 1842
@@ -1848,7 +1851,7 @@ more:
1848 dout("skipping %d / %d bytes\n", skip, -con->in_base_pos); 1851 dout("skipping %d / %d bytes\n", skip, -con->in_base_pos);
1849 ret = ceph_tcp_recvmsg(con->sock, buf, skip); 1852 ret = ceph_tcp_recvmsg(con->sock, buf, skip);
1850 if (ret <= 0) 1853 if (ret <= 0)
1851 goto done; 1854 goto out;
1852 con->in_base_pos += ret; 1855 con->in_base_pos += ret;
1853 if (con->in_base_pos) 1856 if (con->in_base_pos)
1854 goto more; 1857 goto more;
@@ -1859,7 +1862,7 @@ more:
1859 */ 1862 */
1860 ret = ceph_tcp_recvmsg(con->sock, &con->in_tag, 1); 1863 ret = ceph_tcp_recvmsg(con->sock, &con->in_tag, 1);
1861 if (ret <= 0) 1864 if (ret <= 0)
1862 goto done; 1865 goto out;
1863 dout("try_read got tag %d\n", (int)con->in_tag); 1866 dout("try_read got tag %d\n", (int)con->in_tag);
1864 switch (con->in_tag) { 1867 switch (con->in_tag) {
1865 case CEPH_MSGR_TAG_MSG: 1868 case CEPH_MSGR_TAG_MSG:
@@ -1870,7 +1873,7 @@ more:
1870 break; 1873 break;
1871 case CEPH_MSGR_TAG_CLOSE: 1874 case CEPH_MSGR_TAG_CLOSE:
1872 set_bit(CLOSED, &con->state); /* fixme */ 1875 set_bit(CLOSED, &con->state); /* fixme */
1873 goto done; 1876 goto out;
1874 default: 1877 default:
1875 goto bad_tag; 1878 goto bad_tag;
1876 } 1879 }
@@ -1882,13 +1885,12 @@ more:
1882 case -EBADMSG: 1885 case -EBADMSG:
1883 con->error_msg = "bad crc"; 1886 con->error_msg = "bad crc";
1884 ret = -EIO; 1887 ret = -EIO;
1885 goto out; 1888 break;
1886 case -EIO: 1889 case -EIO:
1887 con->error_msg = "io error"; 1890 con->error_msg = "io error";
1888 goto out; 1891 break;
1889 default:
1890 goto done;
1891 } 1892 }
1893 goto out;
1892 } 1894 }
1893 if (con->in_tag == CEPH_MSGR_TAG_READY) 1895 if (con->in_tag == CEPH_MSGR_TAG_READY)
1894 goto more; 1896 goto more;
@@ -1898,15 +1900,13 @@ more:
1898 if (con->in_tag == CEPH_MSGR_TAG_ACK) { 1900 if (con->in_tag == CEPH_MSGR_TAG_ACK) {
1899 ret = read_partial_ack(con); 1901 ret = read_partial_ack(con);
1900 if (ret <= 0) 1902 if (ret <= 0)
1901 goto done; 1903 goto out;
1902 process_ack(con); 1904 process_ack(con);
1903 goto more; 1905 goto more;
1904 } 1906 }
1905 1907
1906done:
1907 ret = 0;
1908out: 1908out:
1909 dout("try_read done on %p\n", con); 1909 dout("try_read done on %p ret %d\n", con, ret);
1910 return ret; 1910 return ret;
1911 1911
1912bad_tag: 1912bad_tag:
diff --git a/net/core/dev.c b/net/core/dev.c
index 7c6a46f80372..8ae6631abcc2 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -749,7 +749,8 @@ EXPORT_SYMBOL(dev_get_by_index);
749 * @ha: hardware address 749 * @ha: hardware address
750 * 750 *
751 * Search for an interface by MAC address. Returns NULL if the device 751 * Search for an interface by MAC address. Returns NULL if the device
752 * is not found or a pointer to the device. The caller must hold RCU 752 * is not found or a pointer to the device.
753 * The caller must hold RCU or RTNL.
753 * The returned device has not had its ref count increased 754 * The returned device has not had its ref count increased
754 * and the caller must therefore be careful about locking 755 * and the caller must therefore be careful about locking
755 * 756 *
@@ -1279,10 +1280,13 @@ static int __dev_close_many(struct list_head *head)
1279 1280
1280static int __dev_close(struct net_device *dev) 1281static int __dev_close(struct net_device *dev)
1281{ 1282{
1283 int retval;
1282 LIST_HEAD(single); 1284 LIST_HEAD(single);
1283 1285
1284 list_add(&dev->unreg_list, &single); 1286 list_add(&dev->unreg_list, &single);
1285 return __dev_close_many(&single); 1287 retval = __dev_close_many(&single);
1288 list_del(&single);
1289 return retval;
1286} 1290}
1287 1291
1288int dev_close_many(struct list_head *head) 1292int dev_close_many(struct list_head *head)
@@ -1324,7 +1328,7 @@ int dev_close(struct net_device *dev)
1324 1328
1325 list_add(&dev->unreg_list, &single); 1329 list_add(&dev->unreg_list, &single);
1326 dev_close_many(&single); 1330 dev_close_many(&single);
1327 1331 list_del(&single);
1328 return 0; 1332 return 0;
1329} 1333}
1330EXPORT_SYMBOL(dev_close); 1334EXPORT_SYMBOL(dev_close);
@@ -2562,7 +2566,8 @@ static int get_rps_cpu(struct net_device *dev, struct sk_buff *skb,
2562 2566
2563 map = rcu_dereference(rxqueue->rps_map); 2567 map = rcu_dereference(rxqueue->rps_map);
2564 if (map) { 2568 if (map) {
2565 if (map->len == 1) { 2569 if (map->len == 1 &&
2570 !rcu_dereference_raw(rxqueue->rps_flow_table)) {
2566 tcpu = map->cpus[0]; 2571 tcpu = map->cpus[0];
2567 if (cpu_online(tcpu)) 2572 if (cpu_online(tcpu))
2568 cpu = tcpu; 2573 cpu = tcpu;
@@ -3423,6 +3428,8 @@ static void napi_reuse_skb(struct napi_struct *napi, struct sk_buff *skb)
3423 __skb_pull(skb, skb_headlen(skb)); 3428 __skb_pull(skb, skb_headlen(skb));
3424 skb_reserve(skb, NET_IP_ALIGN - skb_headroom(skb)); 3429 skb_reserve(skb, NET_IP_ALIGN - skb_headroom(skb));
3425 skb->vlan_tci = 0; 3430 skb->vlan_tci = 0;
3431 skb->dev = napi->dev;
3432 skb->skb_iif = 0;
3426 3433
3427 napi->skb = skb; 3434 napi->skb = skb;
3428} 3435}
@@ -5059,6 +5066,7 @@ static void rollback_registered(struct net_device *dev)
5059 5066
5060 list_add(&dev->unreg_list, &single); 5067 list_add(&dev->unreg_list, &single);
5061 rollback_registered_many(&single); 5068 rollback_registered_many(&single);
5069 list_del(&single);
5062} 5070}
5063 5071
5064unsigned long netdev_fix_features(unsigned long features, const char *name) 5072unsigned long netdev_fix_features(unsigned long features, const char *name)
@@ -5656,30 +5664,35 @@ struct net_device *alloc_netdev_mqs(int sizeof_priv, const char *name,
5656 5664
5657 dev_net_set(dev, &init_net); 5665 dev_net_set(dev, &init_net);
5658 5666
5667 dev->gso_max_size = GSO_MAX_SIZE;
5668
5669 INIT_LIST_HEAD(&dev->ethtool_ntuple_list.list);
5670 dev->ethtool_ntuple_list.count = 0;
5671 INIT_LIST_HEAD(&dev->napi_list);
5672 INIT_LIST_HEAD(&dev->unreg_list);
5673 INIT_LIST_HEAD(&dev->link_watch_list);
5674 dev->priv_flags = IFF_XMIT_DST_RELEASE;
5675 setup(dev);
5676
5659 dev->num_tx_queues = txqs; 5677 dev->num_tx_queues = txqs;
5660 dev->real_num_tx_queues = txqs; 5678 dev->real_num_tx_queues = txqs;
5661 if (netif_alloc_netdev_queues(dev)) 5679 if (netif_alloc_netdev_queues(dev))
5662 goto free_pcpu; 5680 goto free_all;
5663 5681
5664#ifdef CONFIG_RPS 5682#ifdef CONFIG_RPS
5665 dev->num_rx_queues = rxqs; 5683 dev->num_rx_queues = rxqs;
5666 dev->real_num_rx_queues = rxqs; 5684 dev->real_num_rx_queues = rxqs;
5667 if (netif_alloc_rx_queues(dev)) 5685 if (netif_alloc_rx_queues(dev))
5668 goto free_pcpu; 5686 goto free_all;
5669#endif 5687#endif
5670 5688
5671 dev->gso_max_size = GSO_MAX_SIZE;
5672
5673 INIT_LIST_HEAD(&dev->ethtool_ntuple_list.list);
5674 dev->ethtool_ntuple_list.count = 0;
5675 INIT_LIST_HEAD(&dev->napi_list);
5676 INIT_LIST_HEAD(&dev->unreg_list);
5677 INIT_LIST_HEAD(&dev->link_watch_list);
5678 dev->priv_flags = IFF_XMIT_DST_RELEASE;
5679 setup(dev);
5680 strcpy(dev->name, name); 5689 strcpy(dev->name, name);
5681 return dev; 5690 return dev;
5682 5691
5692free_all:
5693 free_netdev(dev);
5694 return NULL;
5695
5683free_pcpu: 5696free_pcpu:
5684 free_percpu(dev->pcpu_refcnt); 5697 free_percpu(dev->pcpu_refcnt);
5685 kfree(dev->_tx); 5698 kfree(dev->_tx);
@@ -6207,6 +6220,7 @@ static void __net_exit default_device_exit_batch(struct list_head *net_list)
6207 } 6220 }
6208 } 6221 }
6209 unregister_netdevice_many(&dev_kill_list); 6222 unregister_netdevice_many(&dev_kill_list);
6223 list_del(&dev_kill_list);
6210 rtnl_unlock(); 6224 rtnl_unlock();
6211} 6225}
6212 6226
diff --git a/net/core/ethtool.c b/net/core/ethtool.c
index 17741782a345..ff2302910b5e 100644
--- a/net/core/ethtool.c
+++ b/net/core/ethtool.c
@@ -817,7 +817,7 @@ static int ethtool_get_regs(struct net_device *dev, char __user *useraddr)
817 if (regs.len > reglen) 817 if (regs.len > reglen)
818 regs.len = reglen; 818 regs.len = reglen;
819 819
820 regbuf = vmalloc(reglen); 820 regbuf = vzalloc(reglen);
821 if (!regbuf) 821 if (!regbuf)
822 return -ENOMEM; 822 return -ENOMEM;
823 823
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index 750db57f3bb3..2d65c6bb24c1 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -1121,8 +1121,7 @@ static int validate_linkmsg(struct net_device *dev, struct nlattr *tb[])
1121 return -EOPNOTSUPP; 1121 return -EOPNOTSUPP;
1122 1122
1123 if (af_ops->validate_link_af) { 1123 if (af_ops->validate_link_af) {
1124 err = af_ops->validate_link_af(dev, 1124 err = af_ops->validate_link_af(dev, af);
1125 tb[IFLA_AF_SPEC]);
1126 if (err < 0) 1125 if (err < 0)
1127 return err; 1126 return err;
1128 } 1127 }
@@ -1672,6 +1671,9 @@ replay:
1672 snprintf(ifname, IFNAMSIZ, "%s%%d", ops->kind); 1671 snprintf(ifname, IFNAMSIZ, "%s%%d", ops->kind);
1673 1672
1674 dest_net = rtnl_link_get_net(net, tb); 1673 dest_net = rtnl_link_get_net(net, tb);
1674 if (IS_ERR(dest_net))
1675 return PTR_ERR(dest_net);
1676
1675 dev = rtnl_create_link(net, dest_net, ifname, ops, tb); 1677 dev = rtnl_create_link(net, dest_net, ifname, ops, tb);
1676 1678
1677 if (IS_ERR(dev)) 1679 if (IS_ERR(dev))
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index d31bb36ae0dc..d883dcc78b6b 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -210,6 +210,7 @@ struct sk_buff *__alloc_skb(unsigned int size, gfp_t gfp_mask,
210 shinfo = skb_shinfo(skb); 210 shinfo = skb_shinfo(skb);
211 memset(shinfo, 0, offsetof(struct skb_shared_info, dataref)); 211 memset(shinfo, 0, offsetof(struct skb_shared_info, dataref));
212 atomic_set(&shinfo->dataref, 1); 212 atomic_set(&shinfo->dataref, 1);
213 kmemcheck_annotate_variable(shinfo->destructor_arg);
213 214
214 if (fclone) { 215 if (fclone) {
215 struct sk_buff *child = skb + 1; 216 struct sk_buff *child = skb + 1;
@@ -2744,8 +2745,12 @@ int skb_gro_receive(struct sk_buff **head, struct sk_buff *skb)
2744 2745
2745merge: 2746merge:
2746 if (offset > headlen) { 2747 if (offset > headlen) {
2747 skbinfo->frags[0].page_offset += offset - headlen; 2748 unsigned int eat = offset - headlen;
2748 skbinfo->frags[0].size -= offset - headlen; 2749
2750 skbinfo->frags[0].page_offset += eat;
2751 skbinfo->frags[0].size -= eat;
2752 skb->data_len -= eat;
2753 skb->len -= eat;
2749 offset = headlen; 2754 offset = headlen;
2750 } 2755 }
2751 2756
diff --git a/net/dcb/dcbnl.c b/net/dcb/dcbnl.c
index d900ab99814a..d5074a567289 100644
--- a/net/dcb/dcbnl.c
+++ b/net/dcb/dcbnl.c
@@ -583,7 +583,7 @@ static int dcbnl_getapp(struct net_device *netdev, struct nlattr **tb,
583 u8 up, idtype; 583 u8 up, idtype;
584 int ret = -EINVAL; 584 int ret = -EINVAL;
585 585
586 if (!tb[DCB_ATTR_APP] || !netdev->dcbnl_ops->getapp) 586 if (!tb[DCB_ATTR_APP])
587 goto out; 587 goto out;
588 588
589 ret = nla_parse_nested(app_tb, DCB_APP_ATTR_MAX, tb[DCB_ATTR_APP], 589 ret = nla_parse_nested(app_tb, DCB_APP_ATTR_MAX, tb[DCB_ATTR_APP],
@@ -604,7 +604,16 @@ static int dcbnl_getapp(struct net_device *netdev, struct nlattr **tb,
604 goto out; 604 goto out;
605 605
606 id = nla_get_u16(app_tb[DCB_APP_ATTR_ID]); 606 id = nla_get_u16(app_tb[DCB_APP_ATTR_ID]);
607 up = netdev->dcbnl_ops->getapp(netdev, idtype, id); 607
608 if (netdev->dcbnl_ops->getapp) {
609 up = netdev->dcbnl_ops->getapp(netdev, idtype, id);
610 } else {
611 struct dcb_app app = {
612 .selector = idtype,
613 .protocol = id,
614 };
615 up = dcb_getapp(netdev, &app);
616 }
608 617
609 /* send this back */ 618 /* send this back */
610 dcbnl_skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 619 dcbnl_skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
@@ -617,6 +626,9 @@ static int dcbnl_getapp(struct net_device *netdev, struct nlattr **tb,
617 dcb->cmd = DCB_CMD_GAPP; 626 dcb->cmd = DCB_CMD_GAPP;
618 627
619 app_nest = nla_nest_start(dcbnl_skb, DCB_ATTR_APP); 628 app_nest = nla_nest_start(dcbnl_skb, DCB_ATTR_APP);
629 if (!app_nest)
630 goto out_cancel;
631
620 ret = nla_put_u8(dcbnl_skb, DCB_APP_ATTR_IDTYPE, idtype); 632 ret = nla_put_u8(dcbnl_skb, DCB_APP_ATTR_IDTYPE, idtype);
621 if (ret) 633 if (ret)
622 goto out_cancel; 634 goto out_cancel;
@@ -1604,6 +1616,10 @@ EXPORT_SYMBOL(dcb_getapp);
1604u8 dcb_setapp(struct net_device *dev, struct dcb_app *new) 1616u8 dcb_setapp(struct net_device *dev, struct dcb_app *new)
1605{ 1617{
1606 struct dcb_app_type *itr; 1618 struct dcb_app_type *itr;
1619 struct dcb_app_type event;
1620
1621 memcpy(&event.name, dev->name, sizeof(event.name));
1622 memcpy(&event.app, new, sizeof(event.app));
1607 1623
1608 spin_lock(&dcb_lock); 1624 spin_lock(&dcb_lock);
1609 /* Search for existing match and replace */ 1625 /* Search for existing match and replace */
@@ -1635,7 +1651,7 @@ u8 dcb_setapp(struct net_device *dev, struct dcb_app *new)
1635 } 1651 }
1636out: 1652out:
1637 spin_unlock(&dcb_lock); 1653 spin_unlock(&dcb_lock);
1638 call_dcbevent_notifiers(DCB_APP_EVENT, new); 1654 call_dcbevent_notifiers(DCB_APP_EVENT, &event);
1639 return 0; 1655 return 0;
1640} 1656}
1641EXPORT_SYMBOL(dcb_setapp); 1657EXPORT_SYMBOL(dcb_setapp);
diff --git a/net/econet/af_econet.c b/net/econet/af_econet.c
index 15dcc1a586b4..0c2826337919 100644
--- a/net/econet/af_econet.c
+++ b/net/econet/af_econet.c
@@ -265,13 +265,13 @@ static void ec_tx_done(struct sk_buff *skb, int result)
265static int econet_sendmsg(struct kiocb *iocb, struct socket *sock, 265static int econet_sendmsg(struct kiocb *iocb, struct socket *sock,
266 struct msghdr *msg, size_t len) 266 struct msghdr *msg, size_t len)
267{ 267{
268 struct sock *sk = sock->sk;
269 struct sockaddr_ec *saddr=(struct sockaddr_ec *)msg->msg_name; 268 struct sockaddr_ec *saddr=(struct sockaddr_ec *)msg->msg_name;
270 struct net_device *dev; 269 struct net_device *dev;
271 struct ec_addr addr; 270 struct ec_addr addr;
272 int err; 271 int err;
273 unsigned char port, cb; 272 unsigned char port, cb;
274#if defined(CONFIG_ECONET_AUNUDP) || defined(CONFIG_ECONET_NATIVE) 273#if defined(CONFIG_ECONET_AUNUDP) || defined(CONFIG_ECONET_NATIVE)
274 struct sock *sk = sock->sk;
275 struct sk_buff *skb; 275 struct sk_buff *skb;
276 struct ec_cb *eb; 276 struct ec_cb *eb;
277#endif 277#endif
@@ -488,10 +488,10 @@ static int econet_sendmsg(struct kiocb *iocb, struct socket *sock,
488 488
489error_free_buf: 489error_free_buf:
490 vfree(userbuf); 490 vfree(userbuf);
491error:
491#else 492#else
492 err = -EPROTOTYPE; 493 err = -EPROTOTYPE;
493#endif 494#endif
494 error:
495 mutex_unlock(&econet_mutex); 495 mutex_unlock(&econet_mutex);
496 496
497 return err; 497 return err;
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index f2b61107df6c..45b89d7bda5a 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -880,6 +880,19 @@ int inet_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
880} 880}
881EXPORT_SYMBOL(inet_ioctl); 881EXPORT_SYMBOL(inet_ioctl);
882 882
883#ifdef CONFIG_COMPAT
884int inet_compat_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
885{
886 struct sock *sk = sock->sk;
887 int err = -ENOIOCTLCMD;
888
889 if (sk->sk_prot->compat_ioctl)
890 err = sk->sk_prot->compat_ioctl(sk, cmd, arg);
891
892 return err;
893}
894#endif
895
883const struct proto_ops inet_stream_ops = { 896const struct proto_ops inet_stream_ops = {
884 .family = PF_INET, 897 .family = PF_INET,
885 .owner = THIS_MODULE, 898 .owner = THIS_MODULE,
@@ -903,6 +916,7 @@ const struct proto_ops inet_stream_ops = {
903#ifdef CONFIG_COMPAT 916#ifdef CONFIG_COMPAT
904 .compat_setsockopt = compat_sock_common_setsockopt, 917 .compat_setsockopt = compat_sock_common_setsockopt,
905 .compat_getsockopt = compat_sock_common_getsockopt, 918 .compat_getsockopt = compat_sock_common_getsockopt,
919 .compat_ioctl = inet_compat_ioctl,
906#endif 920#endif
907}; 921};
908EXPORT_SYMBOL(inet_stream_ops); 922EXPORT_SYMBOL(inet_stream_ops);
@@ -929,6 +943,7 @@ const struct proto_ops inet_dgram_ops = {
929#ifdef CONFIG_COMPAT 943#ifdef CONFIG_COMPAT
930 .compat_setsockopt = compat_sock_common_setsockopt, 944 .compat_setsockopt = compat_sock_common_setsockopt,
931 .compat_getsockopt = compat_sock_common_getsockopt, 945 .compat_getsockopt = compat_sock_common_getsockopt,
946 .compat_ioctl = inet_compat_ioctl,
932#endif 947#endif
933}; 948};
934EXPORT_SYMBOL(inet_dgram_ops); 949EXPORT_SYMBOL(inet_dgram_ops);
@@ -959,6 +974,7 @@ static const struct proto_ops inet_sockraw_ops = {
959#ifdef CONFIG_COMPAT 974#ifdef CONFIG_COMPAT
960 .compat_setsockopt = compat_sock_common_setsockopt, 975 .compat_setsockopt = compat_sock_common_setsockopt,
961 .compat_getsockopt = compat_sock_common_getsockopt, 976 .compat_getsockopt = compat_sock_common_getsockopt,
977 .compat_ioctl = inet_compat_ioctl,
962#endif 978#endif
963}; 979};
964 980
diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c
index 04c8b69fd426..7927589813b5 100644
--- a/net/ipv4/arp.c
+++ b/net/ipv4/arp.c
@@ -1017,14 +1017,13 @@ static int arp_req_set_proxy(struct net *net, struct net_device *dev, int on)
1017 IPV4_DEVCONF_ALL(net, PROXY_ARP) = on; 1017 IPV4_DEVCONF_ALL(net, PROXY_ARP) = on;
1018 return 0; 1018 return 0;
1019 } 1019 }
1020 if (__in_dev_get_rcu(dev)) { 1020 if (__in_dev_get_rtnl(dev)) {
1021 IN_DEV_CONF_SET(__in_dev_get_rcu(dev), PROXY_ARP, on); 1021 IN_DEV_CONF_SET(__in_dev_get_rtnl(dev), PROXY_ARP, on);
1022 return 0; 1022 return 0;
1023 } 1023 }
1024 return -ENXIO; 1024 return -ENXIO;
1025} 1025}
1026 1026
1027/* must be called with rcu_read_lock() */
1028static int arp_req_set_public(struct net *net, struct arpreq *r, 1027static int arp_req_set_public(struct net *net, struct arpreq *r,
1029 struct net_device *dev) 1028 struct net_device *dev)
1030{ 1029{
@@ -1233,10 +1232,10 @@ int arp_ioctl(struct net *net, unsigned int cmd, void __user *arg)
1233 if (!(r.arp_flags & ATF_NETMASK)) 1232 if (!(r.arp_flags & ATF_NETMASK))
1234 ((struct sockaddr_in *)&r.arp_netmask)->sin_addr.s_addr = 1233 ((struct sockaddr_in *)&r.arp_netmask)->sin_addr.s_addr =
1235 htonl(0xFFFFFFFFUL); 1234 htonl(0xFFFFFFFFUL);
1236 rcu_read_lock(); 1235 rtnl_lock();
1237 if (r.arp_dev[0]) { 1236 if (r.arp_dev[0]) {
1238 err = -ENODEV; 1237 err = -ENODEV;
1239 dev = dev_get_by_name_rcu(net, r.arp_dev); 1238 dev = __dev_get_by_name(net, r.arp_dev);
1240 if (dev == NULL) 1239 if (dev == NULL)
1241 goto out; 1240 goto out;
1242 1241
@@ -1263,7 +1262,7 @@ int arp_ioctl(struct net *net, unsigned int cmd, void __user *arg)
1263 break; 1262 break;
1264 } 1263 }
1265out: 1264out:
1266 rcu_read_unlock(); 1265 rtnl_unlock();
1267 if (cmd == SIOCGARP && !err && copy_to_user(arg, &r, sizeof(r))) 1266 if (cmd == SIOCGARP && !err && copy_to_user(arg, &r, sizeof(r)))
1268 err = -EFAULT; 1267 err = -EFAULT;
1269 return err; 1268 return err;
diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
index 748cb5b337bd..df4616fce929 100644
--- a/net/ipv4/devinet.c
+++ b/net/ipv4/devinet.c
@@ -1030,6 +1030,21 @@ static inline bool inetdev_valid_mtu(unsigned mtu)
1030 return mtu >= 68; 1030 return mtu >= 68;
1031} 1031}
1032 1032
1033static void inetdev_send_gratuitous_arp(struct net_device *dev,
1034 struct in_device *in_dev)
1035
1036{
1037 struct in_ifaddr *ifa = in_dev->ifa_list;
1038
1039 if (!ifa)
1040 return;
1041
1042 arp_send(ARPOP_REQUEST, ETH_P_ARP,
1043 ifa->ifa_address, dev,
1044 ifa->ifa_address, NULL,
1045 dev->dev_addr, NULL);
1046}
1047
1033/* Called only under RTNL semaphore */ 1048/* Called only under RTNL semaphore */
1034 1049
1035static int inetdev_event(struct notifier_block *this, unsigned long event, 1050static int inetdev_event(struct notifier_block *this, unsigned long event,
@@ -1082,18 +1097,13 @@ static int inetdev_event(struct notifier_block *this, unsigned long event,
1082 } 1097 }
1083 ip_mc_up(in_dev); 1098 ip_mc_up(in_dev);
1084 /* fall through */ 1099 /* fall through */
1085 case NETDEV_NOTIFY_PEERS:
1086 case NETDEV_CHANGEADDR: 1100 case NETDEV_CHANGEADDR:
1101 if (!IN_DEV_ARP_NOTIFY(in_dev))
1102 break;
1103 /* fall through */
1104 case NETDEV_NOTIFY_PEERS:
1087 /* Send gratuitous ARP to notify of link change */ 1105 /* Send gratuitous ARP to notify of link change */
1088 if (IN_DEV_ARP_NOTIFY(in_dev)) { 1106 inetdev_send_gratuitous_arp(dev, in_dev);
1089 struct in_ifaddr *ifa = in_dev->ifa_list;
1090
1091 if (ifa)
1092 arp_send(ARPOP_REQUEST, ETH_P_ARP,
1093 ifa->ifa_address, dev,
1094 ifa->ifa_address, NULL,
1095 dev->dev_addr, NULL);
1096 }
1097 break; 1107 break;
1098 case NETDEV_DOWN: 1108 case NETDEV_DOWN:
1099 ip_mc_down(in_dev); 1109 ip_mc_down(in_dev);
diff --git a/net/ipv4/inetpeer.c b/net/ipv4/inetpeer.c
index d9bc85751c74..a96e65674ac3 100644
--- a/net/ipv4/inetpeer.c
+++ b/net/ipv4/inetpeer.c
@@ -475,7 +475,7 @@ static int cleanup_once(unsigned long ttl)
475struct inet_peer *inet_getpeer(struct inetpeer_addr *daddr, int create) 475struct inet_peer *inet_getpeer(struct inetpeer_addr *daddr, int create)
476{ 476{
477 struct inet_peer __rcu **stack[PEER_MAXDEPTH], ***stackptr; 477 struct inet_peer __rcu **stack[PEER_MAXDEPTH], ***stackptr;
478 struct inet_peer_base *base = family_to_base(AF_INET); 478 struct inet_peer_base *base = family_to_base(daddr->family);
479 struct inet_peer *p; 479 struct inet_peer *p;
480 480
481 /* Look up for the address quickly, lockless. 481 /* Look up for the address quickly, lockless.
diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
index eb68a0e34e49..6613edfac28c 100644
--- a/net/ipv4/ip_gre.c
+++ b/net/ipv4/ip_gre.c
@@ -775,6 +775,7 @@ static netdev_tx_t ipgre_tunnel_xmit(struct sk_buff *skb, struct net_device *dev
775 .fl4_dst = dst, 775 .fl4_dst = dst,
776 .fl4_src = tiph->saddr, 776 .fl4_src = tiph->saddr,
777 .fl4_tos = RT_TOS(tos), 777 .fl4_tos = RT_TOS(tos),
778 .proto = IPPROTO_GRE,
778 .fl_gre_key = tunnel->parms.o_key 779 .fl_gre_key = tunnel->parms.o_key
779 }; 780 };
780 if (ip_route_output_key(dev_net(dev), &rt, &fl)) { 781 if (ip_route_output_key(dev_net(dev), &rt, &fl)) {
diff --git a/net/ipv4/ipmr.c b/net/ipv4/ipmr.c
index 3f3a9afd73e0..8b65a12654e7 100644
--- a/net/ipv4/ipmr.c
+++ b/net/ipv4/ipmr.c
@@ -60,6 +60,7 @@
60#include <linux/notifier.h> 60#include <linux/notifier.h>
61#include <linux/if_arp.h> 61#include <linux/if_arp.h>
62#include <linux/netfilter_ipv4.h> 62#include <linux/netfilter_ipv4.h>
63#include <linux/compat.h>
63#include <net/ipip.h> 64#include <net/ipip.h>
64#include <net/checksum.h> 65#include <net/checksum.h>
65#include <net/netlink.h> 66#include <net/netlink.h>
@@ -1434,6 +1435,81 @@ int ipmr_ioctl(struct sock *sk, int cmd, void __user *arg)
1434 } 1435 }
1435} 1436}
1436 1437
1438#ifdef CONFIG_COMPAT
1439struct compat_sioc_sg_req {
1440 struct in_addr src;
1441 struct in_addr grp;
1442 compat_ulong_t pktcnt;
1443 compat_ulong_t bytecnt;
1444 compat_ulong_t wrong_if;
1445};
1446
1447struct compat_sioc_vif_req {
1448 vifi_t vifi; /* Which iface */
1449 compat_ulong_t icount;
1450 compat_ulong_t ocount;
1451 compat_ulong_t ibytes;
1452 compat_ulong_t obytes;
1453};
1454
1455int ipmr_compat_ioctl(struct sock *sk, unsigned int cmd, void __user *arg)
1456{
1457 struct compat_sioc_sg_req sr;
1458 struct compat_sioc_vif_req vr;
1459 struct vif_device *vif;
1460 struct mfc_cache *c;
1461 struct net *net = sock_net(sk);
1462 struct mr_table *mrt;
1463
1464 mrt = ipmr_get_table(net, raw_sk(sk)->ipmr_table ? : RT_TABLE_DEFAULT);
1465 if (mrt == NULL)
1466 return -ENOENT;
1467
1468 switch (cmd) {
1469 case SIOCGETVIFCNT:
1470 if (copy_from_user(&vr, arg, sizeof(vr)))
1471 return -EFAULT;
1472 if (vr.vifi >= mrt->maxvif)
1473 return -EINVAL;
1474 read_lock(&mrt_lock);
1475 vif = &mrt->vif_table[vr.vifi];
1476 if (VIF_EXISTS(mrt, vr.vifi)) {
1477 vr.icount = vif->pkt_in;
1478 vr.ocount = vif->pkt_out;
1479 vr.ibytes = vif->bytes_in;
1480 vr.obytes = vif->bytes_out;
1481 read_unlock(&mrt_lock);
1482
1483 if (copy_to_user(arg, &vr, sizeof(vr)))
1484 return -EFAULT;
1485 return 0;
1486 }
1487 read_unlock(&mrt_lock);
1488 return -EADDRNOTAVAIL;
1489 case SIOCGETSGCNT:
1490 if (copy_from_user(&sr, arg, sizeof(sr)))
1491 return -EFAULT;
1492
1493 rcu_read_lock();
1494 c = ipmr_cache_find(mrt, sr.src.s_addr, sr.grp.s_addr);
1495 if (c) {
1496 sr.pktcnt = c->mfc_un.res.pkt;
1497 sr.bytecnt = c->mfc_un.res.bytes;
1498 sr.wrong_if = c->mfc_un.res.wrong_if;
1499 rcu_read_unlock();
1500
1501 if (copy_to_user(arg, &sr, sizeof(sr)))
1502 return -EFAULT;
1503 return 0;
1504 }
1505 rcu_read_unlock();
1506 return -EADDRNOTAVAIL;
1507 default:
1508 return -ENOIOCTLCMD;
1509 }
1510}
1511#endif
1512
1437 1513
1438static int ipmr_device_event(struct notifier_block *this, unsigned long event, void *ptr) 1514static int ipmr_device_event(struct notifier_block *this, unsigned long event, void *ptr)
1439{ 1515{
diff --git a/net/ipv4/netfilter/arpt_mangle.c b/net/ipv4/netfilter/arpt_mangle.c
index b8ddcc480ed9..a5e52a9f0a12 100644
--- a/net/ipv4/netfilter/arpt_mangle.c
+++ b/net/ipv4/netfilter/arpt_mangle.c
@@ -60,12 +60,12 @@ static int checkentry(const struct xt_tgchk_param *par)
60 60
61 if (mangle->flags & ~ARPT_MANGLE_MASK || 61 if (mangle->flags & ~ARPT_MANGLE_MASK ||
62 !(mangle->flags & ARPT_MANGLE_MASK)) 62 !(mangle->flags & ARPT_MANGLE_MASK))
63 return false; 63 return -EINVAL;
64 64
65 if (mangle->target != NF_DROP && mangle->target != NF_ACCEPT && 65 if (mangle->target != NF_DROP && mangle->target != NF_ACCEPT &&
66 mangle->target != XT_CONTINUE) 66 mangle->target != XT_CONTINUE)
67 return false; 67 return -EINVAL;
68 return true; 68 return 0;
69} 69}
70 70
71static struct xt_target arpt_mangle_reg __read_mostly = { 71static struct xt_target arpt_mangle_reg __read_mostly = {
diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c
index a3d5ab786e81..6390ba299b3d 100644
--- a/net/ipv4/raw.c
+++ b/net/ipv4/raw.c
@@ -76,6 +76,7 @@
76#include <linux/seq_file.h> 76#include <linux/seq_file.h>
77#include <linux/netfilter.h> 77#include <linux/netfilter.h>
78#include <linux/netfilter_ipv4.h> 78#include <linux/netfilter_ipv4.h>
79#include <linux/compat.h>
79 80
80static struct raw_hashinfo raw_v4_hashinfo = { 81static struct raw_hashinfo raw_v4_hashinfo = {
81 .lock = __RW_LOCK_UNLOCKED(raw_v4_hashinfo.lock), 82 .lock = __RW_LOCK_UNLOCKED(raw_v4_hashinfo.lock),
@@ -838,6 +839,23 @@ static int raw_ioctl(struct sock *sk, int cmd, unsigned long arg)
838 } 839 }
839} 840}
840 841
842#ifdef CONFIG_COMPAT
843static int compat_raw_ioctl(struct sock *sk, unsigned int cmd, unsigned long arg)
844{
845 switch (cmd) {
846 case SIOCOUTQ:
847 case SIOCINQ:
848 return -ENOIOCTLCMD;
849 default:
850#ifdef CONFIG_IP_MROUTE
851 return ipmr_compat_ioctl(sk, cmd, compat_ptr(arg));
852#else
853 return -ENOIOCTLCMD;
854#endif
855 }
856}
857#endif
858
841struct proto raw_prot = { 859struct proto raw_prot = {
842 .name = "RAW", 860 .name = "RAW",
843 .owner = THIS_MODULE, 861 .owner = THIS_MODULE,
@@ -860,6 +878,7 @@ struct proto raw_prot = {
860#ifdef CONFIG_COMPAT 878#ifdef CONFIG_COMPAT
861 .compat_setsockopt = compat_raw_setsockopt, 879 .compat_setsockopt = compat_raw_setsockopt,
862 .compat_getsockopt = compat_raw_getsockopt, 880 .compat_getsockopt = compat_raw_getsockopt,
881 .compat_ioctl = compat_raw_ioctl,
863#endif 882#endif
864}; 883};
865 884
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index 351dc4e85242..6ed6603c2f6d 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -2707,6 +2707,11 @@ static struct dst_entry *ipv4_blackhole_dst_check(struct dst_entry *dst, u32 coo
2707 return NULL; 2707 return NULL;
2708} 2708}
2709 2709
2710static unsigned int ipv4_blackhole_default_mtu(const struct dst_entry *dst)
2711{
2712 return 0;
2713}
2714
2710static void ipv4_rt_blackhole_update_pmtu(struct dst_entry *dst, u32 mtu) 2715static void ipv4_rt_blackhole_update_pmtu(struct dst_entry *dst, u32 mtu)
2711{ 2716{
2712} 2717}
@@ -2716,6 +2721,8 @@ static struct dst_ops ipv4_dst_blackhole_ops = {
2716 .protocol = cpu_to_be16(ETH_P_IP), 2721 .protocol = cpu_to_be16(ETH_P_IP),
2717 .destroy = ipv4_dst_destroy, 2722 .destroy = ipv4_dst_destroy,
2718 .check = ipv4_blackhole_dst_check, 2723 .check = ipv4_blackhole_dst_check,
2724 .default_mtu = ipv4_blackhole_default_mtu,
2725 .default_advmss = ipv4_default_advmss,
2719 .update_pmtu = ipv4_rt_blackhole_update_pmtu, 2726 .update_pmtu = ipv4_rt_blackhole_update_pmtu,
2720}; 2727};
2721 2728
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index 2549b29b062d..eb7f82ebf4a3 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -4399,7 +4399,7 @@ static void tcp_data_queue(struct sock *sk, struct sk_buff *skb)
4399 if (!skb_copy_datagram_iovec(skb, 0, tp->ucopy.iov, chunk)) { 4399 if (!skb_copy_datagram_iovec(skb, 0, tp->ucopy.iov, chunk)) {
4400 tp->ucopy.len -= chunk; 4400 tp->ucopy.len -= chunk;
4401 tp->copied_seq += chunk; 4401 tp->copied_seq += chunk;
4402 eaten = (chunk == skb->len && !th->fin); 4402 eaten = (chunk == skb->len);
4403 tcp_rcv_space_adjust(sk); 4403 tcp_rcv_space_adjust(sk);
4404 } 4404 }
4405 local_bh_disable(); 4405 local_bh_disable();
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 856f68466d49..02f583b3744a 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -1994,7 +1994,6 @@ static void *listening_get_next(struct seq_file *seq, void *cur)
1994 } 1994 }
1995 req = req->dl_next; 1995 req = req->dl_next;
1996 } 1996 }
1997 st->offset = 0;
1998 if (++st->sbucket >= icsk->icsk_accept_queue.listen_opt->nr_table_entries) 1997 if (++st->sbucket >= icsk->icsk_accept_queue.listen_opt->nr_table_entries)
1999 break; 1998 break;
2000get_req: 1999get_req:
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 24a1cf110d80..fd6782e3a038 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -2661,14 +2661,12 @@ static int addrconf_ifdown(struct net_device *dev, int how)
2661 struct net *net = dev_net(dev); 2661 struct net *net = dev_net(dev);
2662 struct inet6_dev *idev; 2662 struct inet6_dev *idev;
2663 struct inet6_ifaddr *ifa; 2663 struct inet6_ifaddr *ifa;
2664 LIST_HEAD(keep_list); 2664 int state, i;
2665 int state;
2666 2665
2667 ASSERT_RTNL(); 2666 ASSERT_RTNL();
2668 2667
2669 /* Flush routes if device is being removed or it is not loopback */ 2668 rt6_ifdown(net, dev);
2670 if (how || !(dev->flags & IFF_LOOPBACK)) 2669 neigh_ifdown(&nd_tbl, dev);
2671 rt6_ifdown(net, dev);
2672 2670
2673 idev = __in6_dev_get(dev); 2671 idev = __in6_dev_get(dev);
2674 if (idev == NULL) 2672 if (idev == NULL)
@@ -2689,6 +2687,23 @@ static int addrconf_ifdown(struct net_device *dev, int how)
2689 2687
2690 } 2688 }
2691 2689
2690 /* Step 2: clear hash table */
2691 for (i = 0; i < IN6_ADDR_HSIZE; i++) {
2692 struct hlist_head *h = &inet6_addr_lst[i];
2693 struct hlist_node *n;
2694
2695 spin_lock_bh(&addrconf_hash_lock);
2696 restart:
2697 hlist_for_each_entry_rcu(ifa, n, h, addr_lst) {
2698 if (ifa->idev == idev) {
2699 hlist_del_init_rcu(&ifa->addr_lst);
2700 addrconf_del_timer(ifa);
2701 goto restart;
2702 }
2703 }
2704 spin_unlock_bh(&addrconf_hash_lock);
2705 }
2706
2692 write_lock_bh(&idev->lock); 2707 write_lock_bh(&idev->lock);
2693 2708
2694 /* Step 2: clear flags for stateless addrconf */ 2709 /* Step 2: clear flags for stateless addrconf */
@@ -2722,52 +2737,23 @@ static int addrconf_ifdown(struct net_device *dev, int how)
2722 struct inet6_ifaddr, if_list); 2737 struct inet6_ifaddr, if_list);
2723 addrconf_del_timer(ifa); 2738 addrconf_del_timer(ifa);
2724 2739
2725 /* If just doing link down, and address is permanent 2740 list_del(&ifa->if_list);
2726 and not link-local, then retain it. */
2727 if (!how &&
2728 (ifa->flags&IFA_F_PERMANENT) &&
2729 !(ipv6_addr_type(&ifa->addr) & IPV6_ADDR_LINKLOCAL)) {
2730 list_move_tail(&ifa->if_list, &keep_list);
2731
2732 /* If not doing DAD on this address, just keep it. */
2733 if ((dev->flags&(IFF_NOARP|IFF_LOOPBACK)) ||
2734 idev->cnf.accept_dad <= 0 ||
2735 (ifa->flags & IFA_F_NODAD))
2736 continue;
2737 2741
2738 /* If it was tentative already, no need to notify */ 2742 write_unlock_bh(&idev->lock);
2739 if (ifa->flags & IFA_F_TENTATIVE)
2740 continue;
2741 2743
2742 /* Flag it for later restoration when link comes up */ 2744 spin_lock_bh(&ifa->state_lock);
2743 ifa->flags |= IFA_F_TENTATIVE; 2745 state = ifa->state;
2744 ifa->state = INET6_IFADDR_STATE_DAD; 2746 ifa->state = INET6_IFADDR_STATE_DEAD;
2745 } else { 2747 spin_unlock_bh(&ifa->state_lock);
2746 list_del(&ifa->if_list);
2747
2748 /* clear hash table */
2749 spin_lock_bh(&addrconf_hash_lock);
2750 hlist_del_init_rcu(&ifa->addr_lst);
2751 spin_unlock_bh(&addrconf_hash_lock);
2752
2753 write_unlock_bh(&idev->lock);
2754 spin_lock_bh(&ifa->state_lock);
2755 state = ifa->state;
2756 ifa->state = INET6_IFADDR_STATE_DEAD;
2757 spin_unlock_bh(&ifa->state_lock);
2758
2759 if (state != INET6_IFADDR_STATE_DEAD) {
2760 __ipv6_ifa_notify(RTM_DELADDR, ifa);
2761 atomic_notifier_call_chain(&inet6addr_chain,
2762 NETDEV_DOWN, ifa);
2763 }
2764 2748
2765 in6_ifa_put(ifa); 2749 if (state != INET6_IFADDR_STATE_DEAD) {
2766 write_lock_bh(&idev->lock); 2750 __ipv6_ifa_notify(RTM_DELADDR, ifa);
2751 atomic_notifier_call_chain(&inet6addr_chain, NETDEV_DOWN, ifa);
2767 } 2752 }
2768 } 2753 in6_ifa_put(ifa);
2769 2754
2770 list_splice(&keep_list, &idev->addr_list); 2755 write_lock_bh(&idev->lock);
2756 }
2771 2757
2772 write_unlock_bh(&idev->lock); 2758 write_unlock_bh(&idev->lock);
2773 2759
@@ -4156,8 +4142,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp)
4156 addrconf_leave_solict(ifp->idev, &ifp->addr); 4142 addrconf_leave_solict(ifp->idev, &ifp->addr);
4157 dst_hold(&ifp->rt->dst); 4143 dst_hold(&ifp->rt->dst);
4158 4144
4159 if (ifp->state == INET6_IFADDR_STATE_DEAD && 4145 if (ip6_del_rt(ifp->rt))
4160 ip6_del_rt(ifp->rt))
4161 dst_free(&ifp->rt->dst); 4146 dst_free(&ifp->rt->dst);
4162 break; 4147 break;
4163 } 4148 }
diff --git a/net/ipv6/ip6mr.c b/net/ipv6/ip6mr.c
index 9fab274019c0..0e1d53bcf1e0 100644
--- a/net/ipv6/ip6mr.c
+++ b/net/ipv6/ip6mr.c
@@ -34,6 +34,7 @@
34#include <linux/seq_file.h> 34#include <linux/seq_file.h>
35#include <linux/init.h> 35#include <linux/init.h>
36#include <linux/slab.h> 36#include <linux/slab.h>
37#include <linux/compat.h>
37#include <net/protocol.h> 38#include <net/protocol.h>
38#include <linux/skbuff.h> 39#include <linux/skbuff.h>
39#include <net/sock.h> 40#include <net/sock.h>
@@ -1804,6 +1805,80 @@ int ip6mr_ioctl(struct sock *sk, int cmd, void __user *arg)
1804 } 1805 }
1805} 1806}
1806 1807
1808#ifdef CONFIG_COMPAT
1809struct compat_sioc_sg_req6 {
1810 struct sockaddr_in6 src;
1811 struct sockaddr_in6 grp;
1812 compat_ulong_t pktcnt;
1813 compat_ulong_t bytecnt;
1814 compat_ulong_t wrong_if;
1815};
1816
1817struct compat_sioc_mif_req6 {
1818 mifi_t mifi;
1819 compat_ulong_t icount;
1820 compat_ulong_t ocount;
1821 compat_ulong_t ibytes;
1822 compat_ulong_t obytes;
1823};
1824
1825int ip6mr_compat_ioctl(struct sock *sk, unsigned int cmd, void __user *arg)
1826{
1827 struct compat_sioc_sg_req6 sr;
1828 struct compat_sioc_mif_req6 vr;
1829 struct mif_device *vif;
1830 struct mfc6_cache *c;
1831 struct net *net = sock_net(sk);
1832 struct mr6_table *mrt;
1833
1834 mrt = ip6mr_get_table(net, raw6_sk(sk)->ip6mr_table ? : RT6_TABLE_DFLT);
1835 if (mrt == NULL)
1836 return -ENOENT;
1837
1838 switch (cmd) {
1839 case SIOCGETMIFCNT_IN6:
1840 if (copy_from_user(&vr, arg, sizeof(vr)))
1841 return -EFAULT;
1842 if (vr.mifi >= mrt->maxvif)
1843 return -EINVAL;
1844 read_lock(&mrt_lock);
1845 vif = &mrt->vif6_table[vr.mifi];
1846 if (MIF_EXISTS(mrt, vr.mifi)) {
1847 vr.icount = vif->pkt_in;
1848 vr.ocount = vif->pkt_out;
1849 vr.ibytes = vif->bytes_in;
1850 vr.obytes = vif->bytes_out;
1851 read_unlock(&mrt_lock);
1852
1853 if (copy_to_user(arg, &vr, sizeof(vr)))
1854 return -EFAULT;
1855 return 0;
1856 }
1857 read_unlock(&mrt_lock);
1858 return -EADDRNOTAVAIL;
1859 case SIOCGETSGCNT_IN6:
1860 if (copy_from_user(&sr, arg, sizeof(sr)))
1861 return -EFAULT;
1862
1863 read_lock(&mrt_lock);
1864 c = ip6mr_cache_find(mrt, &sr.src.sin6_addr, &sr.grp.sin6_addr);
1865 if (c) {
1866 sr.pktcnt = c->mfc_un.res.pkt;
1867 sr.bytecnt = c->mfc_un.res.bytes;
1868 sr.wrong_if = c->mfc_un.res.wrong_if;
1869 read_unlock(&mrt_lock);
1870
1871 if (copy_to_user(arg, &sr, sizeof(sr)))
1872 return -EFAULT;
1873 return 0;
1874 }
1875 read_unlock(&mrt_lock);
1876 return -EADDRNOTAVAIL;
1877 default:
1878 return -ENOIOCTLCMD;
1879 }
1880}
1881#endif
1807 1882
1808static inline int ip6mr_forward2_finish(struct sk_buff *skb) 1883static inline int ip6mr_forward2_finish(struct sk_buff *skb)
1809{ 1884{
diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c
index 86c39526ba5e..c5b0915d106b 100644
--- a/net/ipv6/raw.c
+++ b/net/ipv6/raw.c
@@ -31,6 +31,7 @@
31#include <linux/netfilter.h> 31#include <linux/netfilter.h>
32#include <linux/netfilter_ipv6.h> 32#include <linux/netfilter_ipv6.h>
33#include <linux/skbuff.h> 33#include <linux/skbuff.h>
34#include <linux/compat.h>
34#include <asm/uaccess.h> 35#include <asm/uaccess.h>
35#include <asm/ioctls.h> 36#include <asm/ioctls.h>
36 37
@@ -1157,6 +1158,23 @@ static int rawv6_ioctl(struct sock *sk, int cmd, unsigned long arg)
1157 } 1158 }
1158} 1159}
1159 1160
1161#ifdef CONFIG_COMPAT
1162static int compat_rawv6_ioctl(struct sock *sk, unsigned int cmd, unsigned long arg)
1163{
1164 switch (cmd) {
1165 case SIOCOUTQ:
1166 case SIOCINQ:
1167 return -ENOIOCTLCMD;
1168 default:
1169#ifdef CONFIG_IPV6_MROUTE
1170 return ip6mr_compat_ioctl(sk, cmd, compat_ptr(arg));
1171#else
1172 return -ENOIOCTLCMD;
1173#endif
1174 }
1175}
1176#endif
1177
1160static void rawv6_close(struct sock *sk, long timeout) 1178static void rawv6_close(struct sock *sk, long timeout)
1161{ 1179{
1162 if (inet_sk(sk)->inet_num == IPPROTO_RAW) 1180 if (inet_sk(sk)->inet_num == IPPROTO_RAW)
@@ -1215,6 +1233,7 @@ struct proto rawv6_prot = {
1215#ifdef CONFIG_COMPAT 1233#ifdef CONFIG_COMPAT
1216 .compat_setsockopt = compat_rawv6_setsockopt, 1234 .compat_setsockopt = compat_rawv6_setsockopt,
1217 .compat_getsockopt = compat_rawv6_getsockopt, 1235 .compat_getsockopt = compat_rawv6_getsockopt,
1236 .compat_ioctl = compat_rawv6_ioctl,
1218#endif 1237#endif
1219}; 1238};
1220 1239
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index 373bd0416f69..a998db6e7895 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -72,8 +72,6 @@
72#define RT6_TRACE(x...) do { ; } while (0) 72#define RT6_TRACE(x...) do { ; } while (0)
73#endif 73#endif
74 74
75#define CLONE_OFFLINK_ROUTE 0
76
77static struct rt6_info * ip6_rt_copy(struct rt6_info *ort); 75static struct rt6_info * ip6_rt_copy(struct rt6_info *ort);
78static struct dst_entry *ip6_dst_check(struct dst_entry *dst, u32 cookie); 76static struct dst_entry *ip6_dst_check(struct dst_entry *dst, u32 cookie);
79static unsigned int ip6_default_advmss(const struct dst_entry *dst); 77static unsigned int ip6_default_advmss(const struct dst_entry *dst);
@@ -115,6 +113,11 @@ static struct dst_ops ip6_dst_ops_template = {
115 .local_out = __ip6_local_out, 113 .local_out = __ip6_local_out,
116}; 114};
117 115
116static unsigned int ip6_blackhole_default_mtu(const struct dst_entry *dst)
117{
118 return 0;
119}
120
118static void ip6_rt_blackhole_update_pmtu(struct dst_entry *dst, u32 mtu) 121static void ip6_rt_blackhole_update_pmtu(struct dst_entry *dst, u32 mtu)
119{ 122{
120} 123}
@@ -124,6 +127,8 @@ static struct dst_ops ip6_dst_blackhole_ops = {
124 .protocol = cpu_to_be16(ETH_P_IPV6), 127 .protocol = cpu_to_be16(ETH_P_IPV6),
125 .destroy = ip6_dst_destroy, 128 .destroy = ip6_dst_destroy,
126 .check = ip6_dst_check, 129 .check = ip6_dst_check,
130 .default_mtu = ip6_blackhole_default_mtu,
131 .default_advmss = ip6_default_advmss,
127 .update_pmtu = ip6_rt_blackhole_update_pmtu, 132 .update_pmtu = ip6_rt_blackhole_update_pmtu,
128}; 133};
129 134
@@ -196,7 +201,6 @@ static void ip6_dst_destroy(struct dst_entry *dst)
196 in6_dev_put(idev); 201 in6_dev_put(idev);
197 } 202 }
198 if (peer) { 203 if (peer) {
199 BUG_ON(!(rt->rt6i_flags & RTF_CACHE));
200 rt->rt6i_peer = NULL; 204 rt->rt6i_peer = NULL;
201 inet_putpeer(peer); 205 inet_putpeer(peer);
202 } 206 }
@@ -206,9 +210,6 @@ void rt6_bind_peer(struct rt6_info *rt, int create)
206{ 210{
207 struct inet_peer *peer; 211 struct inet_peer *peer;
208 212
209 if (WARN_ON(!(rt->rt6i_flags & RTF_CACHE)))
210 return;
211
212 peer = inet_getpeer_v6(&rt->rt6i_dst.addr, create); 213 peer = inet_getpeer_v6(&rt->rt6i_dst.addr, create);
213 if (peer && cmpxchg(&rt->rt6i_peer, NULL, peer) != NULL) 214 if (peer && cmpxchg(&rt->rt6i_peer, NULL, peer) != NULL)
214 inet_putpeer(peer); 215 inet_putpeer(peer);
@@ -738,13 +739,8 @@ restart:
738 739
739 if (!rt->rt6i_nexthop && !(rt->rt6i_flags & RTF_NONEXTHOP)) 740 if (!rt->rt6i_nexthop && !(rt->rt6i_flags & RTF_NONEXTHOP))
740 nrt = rt6_alloc_cow(rt, &fl->fl6_dst, &fl->fl6_src); 741 nrt = rt6_alloc_cow(rt, &fl->fl6_dst, &fl->fl6_src);
741 else { 742 else
742#if CLONE_OFFLINK_ROUTE
743 nrt = rt6_alloc_clone(rt, &fl->fl6_dst); 743 nrt = rt6_alloc_clone(rt, &fl->fl6_dst);
744#else
745 goto out2;
746#endif
747 }
748 744
749 dst_release(&rt->dst); 745 dst_release(&rt->dst);
750 rt = nrt ? : net->ipv6.ip6_null_entry; 746 rt = nrt ? : net->ipv6.ip6_null_entry;
diff --git a/net/ipv6/sysctl_net_ipv6.c b/net/ipv6/sysctl_net_ipv6.c
index fa1d8f4e0051..7cb65ef79f9c 100644
--- a/net/ipv6/sysctl_net_ipv6.c
+++ b/net/ipv6/sysctl_net_ipv6.c
@@ -15,6 +15,8 @@
15#include <net/addrconf.h> 15#include <net/addrconf.h>
16#include <net/inet_frag.h> 16#include <net/inet_frag.h>
17 17
18static struct ctl_table empty[1];
19
18static ctl_table ipv6_table_template[] = { 20static ctl_table ipv6_table_template[] = {
19 { 21 {
20 .procname = "route", 22 .procname = "route",
@@ -35,6 +37,12 @@ static ctl_table ipv6_table_template[] = {
35 .mode = 0644, 37 .mode = 0644,
36 .proc_handler = proc_dointvec 38 .proc_handler = proc_dointvec
37 }, 39 },
40 {
41 .procname = "neigh",
42 .maxlen = 0,
43 .mode = 0555,
44 .child = empty,
45 },
38 { } 46 { }
39}; 47};
40 48
@@ -152,7 +160,6 @@ static struct ctl_table_header *ip6_base;
152 160
153int ipv6_static_sysctl_register(void) 161int ipv6_static_sysctl_register(void)
154{ 162{
155 static struct ctl_table empty[1];
156 ip6_base = register_sysctl_paths(net_ipv6_ctl_path, empty); 163 ip6_base = register_sysctl_paths(net_ipv6_ctl_path, empty);
157 if (ip6_base == NULL) 164 if (ip6_base == NULL)
158 return -ENOMEM; 165 return -ENOMEM;
diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c
index 7e74023ea6e4..da87428681cc 100644
--- a/net/ipv6/xfrm6_policy.c
+++ b/net/ipv6/xfrm6_policy.c
@@ -98,6 +98,10 @@ static int xfrm6_fill_dst(struct xfrm_dst *xdst, struct net_device *dev,
98 if (!xdst->u.rt6.rt6i_idev) 98 if (!xdst->u.rt6.rt6i_idev)
99 return -ENODEV; 99 return -ENODEV;
100 100
101 xdst->u.rt6.rt6i_peer = rt->rt6i_peer;
102 if (rt->rt6i_peer)
103 atomic_inc(&rt->rt6i_peer->refcnt);
104
101 /* Sheit... I remember I did this right. Apparently, 105 /* Sheit... I remember I did this right. Apparently,
102 * it was magically lost, so this code needs audit */ 106 * it was magically lost, so this code needs audit */
103 xdst->u.rt6.rt6i_flags = rt->rt6i_flags & (RTF_ANYCAST | 107 xdst->u.rt6.rt6i_flags = rt->rt6i_flags & (RTF_ANYCAST |
@@ -216,6 +220,8 @@ static void xfrm6_dst_destroy(struct dst_entry *dst)
216 220
217 if (likely(xdst->u.rt6.rt6i_idev)) 221 if (likely(xdst->u.rt6.rt6i_idev))
218 in6_dev_put(xdst->u.rt6.rt6i_idev); 222 in6_dev_put(xdst->u.rt6.rt6i_idev);
223 if (likely(xdst->u.rt6.rt6i_peer))
224 inet_putpeer(xdst->u.rt6.rt6i_peer);
219 xfrm_dst_destroy(xdst); 225 xfrm_dst_destroy(xdst);
220} 226}
221 227
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index 4bc8a9250cfd..9cd73b11506e 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -1822,6 +1822,7 @@ static int ieee80211_mgmt_tx(struct wiphy *wiphy, struct net_device *dev,
1822 *cookie ^= 2; 1822 *cookie ^= 2;
1823 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_TX_OFFCHAN; 1823 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_TX_OFFCHAN;
1824 local->hw_roc_skb = skb; 1824 local->hw_roc_skb = skb;
1825 local->hw_roc_skb_for_status = skb;
1825 mutex_unlock(&local->mtx); 1826 mutex_unlock(&local->mtx);
1826 1827
1827 return 0; 1828 return 0;
@@ -1875,6 +1876,7 @@ static int ieee80211_mgmt_tx_cancel_wait(struct wiphy *wiphy,
1875 if (ret == 0) { 1876 if (ret == 0) {
1876 kfree_skb(local->hw_roc_skb); 1877 kfree_skb(local->hw_roc_skb);
1877 local->hw_roc_skb = NULL; 1878 local->hw_roc_skb = NULL;
1879 local->hw_roc_skb_for_status = NULL;
1878 } 1880 }
1879 1881
1880 mutex_unlock(&local->mtx); 1882 mutex_unlock(&local->mtx);
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index c47d7c0e48a4..533fd32f49ff 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -953,7 +953,7 @@ struct ieee80211_local {
953 953
954 struct ieee80211_channel *hw_roc_channel; 954 struct ieee80211_channel *hw_roc_channel;
955 struct net_device *hw_roc_dev; 955 struct net_device *hw_roc_dev;
956 struct sk_buff *hw_roc_skb; 956 struct sk_buff *hw_roc_skb, *hw_roc_skb_for_status;
957 struct work_struct hw_roc_start, hw_roc_done; 957 struct work_struct hw_roc_start, hw_roc_done;
958 enum nl80211_channel_type hw_roc_channel_type; 958 enum nl80211_channel_type hw_roc_channel_type;
959 unsigned int hw_roc_duration; 959 unsigned int hw_roc_duration;
diff --git a/net/mac80211/status.c b/net/mac80211/status.c
index 38a797217a91..071ac95c4aa0 100644
--- a/net/mac80211/status.c
+++ b/net/mac80211/status.c
@@ -323,6 +323,7 @@ void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb)
323 323
324 if (info->flags & IEEE80211_TX_INTFL_NL80211_FRAME_TX) { 324 if (info->flags & IEEE80211_TX_INTFL_NL80211_FRAME_TX) {
325 struct ieee80211_work *wk; 325 struct ieee80211_work *wk;
326 u64 cookie = (unsigned long)skb;
326 327
327 rcu_read_lock(); 328 rcu_read_lock();
328 list_for_each_entry_rcu(wk, &local->work_list, list) { 329 list_for_each_entry_rcu(wk, &local->work_list, list) {
@@ -334,8 +335,12 @@ void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb)
334 break; 335 break;
335 } 336 }
336 rcu_read_unlock(); 337 rcu_read_unlock();
338 if (local->hw_roc_skb_for_status == skb) {
339 cookie = local->hw_roc_cookie ^ 2;
340 local->hw_roc_skb_for_status = NULL;
341 }
337 cfg80211_mgmt_tx_status( 342 cfg80211_mgmt_tx_status(
338 skb->dev, (unsigned long) skb, skb->data, skb->len, 343 skb->dev, cookie, skb->data, skb->len,
339 !!(info->flags & IEEE80211_TX_STAT_ACK), GFP_ATOMIC); 344 !!(info->flags & IEEE80211_TX_STAT_ACK), GFP_ATOMIC);
340 } 345 }
341 346
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index 5950e3abead9..b0beaa58246b 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -1547,7 +1547,7 @@ static int ieee80211_skb_resize(struct ieee80211_local *local,
1547 skb_orphan(skb); 1547 skb_orphan(skb);
1548 } 1548 }
1549 1549
1550 if (skb_header_cloned(skb)) 1550 if (skb_cloned(skb))
1551 I802_DEBUG_INC(local->tx_expand_skb_head_cloned); 1551 I802_DEBUG_INC(local->tx_expand_skb_head_cloned);
1552 else if (head_need || tail_need) 1552 else if (head_need || tail_need)
1553 I802_DEBUG_INC(local->tx_expand_skb_head); 1553 I802_DEBUG_INC(local->tx_expand_skb_head);
@@ -2230,6 +2230,9 @@ struct sk_buff *ieee80211_beacon_get_tim(struct ieee80211_hw *hw,
2230 2230
2231 sdata = vif_to_sdata(vif); 2231 sdata = vif_to_sdata(vif);
2232 2232
2233 if (!ieee80211_sdata_running(sdata))
2234 goto out;
2235
2233 if (tim_offset) 2236 if (tim_offset)
2234 *tim_offset = 0; 2237 *tim_offset = 0;
2235 if (tim_length) 2238 if (tim_length)
diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index cf68700abffa..d036597aabbe 100644
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -1210,7 +1210,9 @@ int ieee80211_reconfig(struct ieee80211_local *local)
1210 switch (sdata->vif.type) { 1210 switch (sdata->vif.type) {
1211 case NL80211_IFTYPE_STATION: 1211 case NL80211_IFTYPE_STATION:
1212 changed |= BSS_CHANGED_ASSOC; 1212 changed |= BSS_CHANGED_ASSOC;
1213 mutex_lock(&sdata->u.mgd.mtx);
1213 ieee80211_bss_info_change_notify(sdata, changed); 1214 ieee80211_bss_info_change_notify(sdata, changed);
1215 mutex_unlock(&sdata->u.mgd.mtx);
1214 break; 1216 break;
1215 case NL80211_IFTYPE_ADHOC: 1217 case NL80211_IFTYPE_ADHOC:
1216 changed |= BSS_CHANGED_IBSS; 1218 changed |= BSS_CHANGED_IBSS;
diff --git a/net/netfilter/core.c b/net/netfilter/core.c
index 32fcbe290c04..4aa614b8a96a 100644
--- a/net/netfilter/core.c
+++ b/net/netfilter/core.c
@@ -133,6 +133,7 @@ unsigned int nf_iterate(struct list_head *head,
133 133
134 /* Optimization: we don't need to hold module 134 /* Optimization: we don't need to hold module
135 reference here, since function can't sleep. --RR */ 135 reference here, since function can't sleep. --RR */
136repeat:
136 verdict = elem->hook(hook, skb, indev, outdev, okfn); 137 verdict = elem->hook(hook, skb, indev, outdev, okfn);
137 if (verdict != NF_ACCEPT) { 138 if (verdict != NF_ACCEPT) {
138#ifdef CONFIG_NETFILTER_DEBUG 139#ifdef CONFIG_NETFILTER_DEBUG
@@ -145,7 +146,7 @@ unsigned int nf_iterate(struct list_head *head,
145#endif 146#endif
146 if (verdict != NF_REPEAT) 147 if (verdict != NF_REPEAT)
147 return verdict; 148 return verdict;
148 *i = (*i)->prev; 149 goto repeat;
149 } 150 }
150 } 151 }
151 return NF_ACCEPT; 152 return NF_ACCEPT;
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index e61511929c66..84f4fcc5884b 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -942,8 +942,15 @@ nf_conntrack_in(struct net *net, u_int8_t pf, unsigned int hooknum,
942 if (set_reply && !test_and_set_bit(IPS_SEEN_REPLY_BIT, &ct->status)) 942 if (set_reply && !test_and_set_bit(IPS_SEEN_REPLY_BIT, &ct->status))
943 nf_conntrack_event_cache(IPCT_REPLY, ct); 943 nf_conntrack_event_cache(IPCT_REPLY, ct);
944out: 944out:
945 if (tmpl) 945 if (tmpl) {
946 nf_ct_put(tmpl); 946 /* Special case: we have to repeat this hook, assign the
947 * template again to this packet. We assume that this packet
948 * has no conntrack assigned. This is used by nf_ct_tcp. */
949 if (ret == NF_REPEAT)
950 skb->nfct = (struct nf_conntrack *)tmpl;
951 else
952 nf_ct_put(tmpl);
953 }
947 954
948 return ret; 955 return ret;
949} 956}
diff --git a/net/netfilter/nf_conntrack_ecache.c b/net/netfilter/nf_conntrack_ecache.c
index 5702de35e2bb..63a1b915a7e4 100644
--- a/net/netfilter/nf_conntrack_ecache.c
+++ b/net/netfilter/nf_conntrack_ecache.c
@@ -63,6 +63,9 @@ void nf_ct_deliver_cached_events(struct nf_conn *ct)
63 * this does not harm and it happens very rarely. */ 63 * this does not harm and it happens very rarely. */
64 unsigned long missed = e->missed; 64 unsigned long missed = e->missed;
65 65
66 if (!((events | missed) & e->ctmask))
67 goto out_unlock;
68
66 ret = notify->fcn(events | missed, &item); 69 ret = notify->fcn(events | missed, &item);
67 if (unlikely(ret < 0 || missed)) { 70 if (unlikely(ret < 0 || missed)) {
68 spin_lock_bh(&ct->lock); 71 spin_lock_bh(&ct->lock);
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 93297aaceb2b..eead9db6f899 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -667,6 +667,7 @@ restart:
667 if (ctnetlink_fill_info(skb, NETLINK_CB(cb->skb).pid, 667 if (ctnetlink_fill_info(skb, NETLINK_CB(cb->skb).pid,
668 cb->nlh->nlmsg_seq, 668 cb->nlh->nlmsg_seq,
669 IPCTNL_MSG_CT_NEW, ct) < 0) { 669 IPCTNL_MSG_CT_NEW, ct) < 0) {
670 nf_conntrack_get(&ct->ct_general);
670 cb->args[1] = (unsigned long)ct; 671 cb->args[1] = (unsigned long)ct;
671 goto out; 672 goto out;
672 } 673 }
diff --git a/net/netfilter/xt_iprange.c b/net/netfilter/xt_iprange.c
index 88f7c3511c72..73c33a42f87f 100644
--- a/net/netfilter/xt_iprange.c
+++ b/net/netfilter/xt_iprange.c
@@ -53,15 +53,13 @@ iprange_mt4(const struct sk_buff *skb, struct xt_action_param *par)
53} 53}
54 54
55static inline int 55static inline int
56iprange_ipv6_sub(const struct in6_addr *a, const struct in6_addr *b) 56iprange_ipv6_lt(const struct in6_addr *a, const struct in6_addr *b)
57{ 57{
58 unsigned int i; 58 unsigned int i;
59 int r;
60 59
61 for (i = 0; i < 4; ++i) { 60 for (i = 0; i < 4; ++i) {
62 r = ntohl(a->s6_addr32[i]) - ntohl(b->s6_addr32[i]); 61 if (a->s6_addr32[i] != b->s6_addr32[i])
63 if (r != 0) 62 return ntohl(a->s6_addr32[i]) < ntohl(b->s6_addr32[i]);
64 return r;
65 } 63 }
66 64
67 return 0; 65 return 0;
@@ -75,15 +73,15 @@ iprange_mt6(const struct sk_buff *skb, struct xt_action_param *par)
75 bool m; 73 bool m;
76 74
77 if (info->flags & IPRANGE_SRC) { 75 if (info->flags & IPRANGE_SRC) {
78 m = iprange_ipv6_sub(&iph->saddr, &info->src_min.in6) < 0; 76 m = iprange_ipv6_lt(&iph->saddr, &info->src_min.in6);
79 m |= iprange_ipv6_sub(&iph->saddr, &info->src_max.in6) > 0; 77 m |= iprange_ipv6_lt(&info->src_max.in6, &iph->saddr);
80 m ^= !!(info->flags & IPRANGE_SRC_INV); 78 m ^= !!(info->flags & IPRANGE_SRC_INV);
81 if (m) 79 if (m)
82 return false; 80 return false;
83 } 81 }
84 if (info->flags & IPRANGE_DST) { 82 if (info->flags & IPRANGE_DST) {
85 m = iprange_ipv6_sub(&iph->daddr, &info->dst_min.in6) < 0; 83 m = iprange_ipv6_lt(&iph->daddr, &info->dst_min.in6);
86 m |= iprange_ipv6_sub(&iph->daddr, &info->dst_max.in6) > 0; 84 m |= iprange_ipv6_lt(&info->dst_max.in6, &iph->daddr);
87 m ^= !!(info->flags & IPRANGE_DST_INV); 85 m ^= !!(info->flags & IPRANGE_DST_INV);
88 if (m) 86 if (m)
89 return false; 87 return false;
diff --git a/net/sched/sch_cbq.c b/net/sched/sch_cbq.c
index c80d1c210c5d..5f63ec58942c 100644
--- a/net/sched/sch_cbq.c
+++ b/net/sched/sch_cbq.c
@@ -390,7 +390,6 @@ cbq_enqueue(struct sk_buff *skb, struct Qdisc *sch)
390 ret = qdisc_enqueue(skb, cl->q); 390 ret = qdisc_enqueue(skb, cl->q);
391 if (ret == NET_XMIT_SUCCESS) { 391 if (ret == NET_XMIT_SUCCESS) {
392 sch->q.qlen++; 392 sch->q.qlen++;
393 qdisc_bstats_update(sch, skb);
394 cbq_mark_toplevel(q, cl); 393 cbq_mark_toplevel(q, cl);
395 if (!cl->next_alive) 394 if (!cl->next_alive)
396 cbq_activate_class(cl); 395 cbq_activate_class(cl);
@@ -649,7 +648,6 @@ static int cbq_reshape_fail(struct sk_buff *skb, struct Qdisc *child)
649 ret = qdisc_enqueue(skb, cl->q); 648 ret = qdisc_enqueue(skb, cl->q);
650 if (ret == NET_XMIT_SUCCESS) { 649 if (ret == NET_XMIT_SUCCESS) {
651 sch->q.qlen++; 650 sch->q.qlen++;
652 qdisc_bstats_update(sch, skb);
653 if (!cl->next_alive) 651 if (!cl->next_alive)
654 cbq_activate_class(cl); 652 cbq_activate_class(cl);
655 return 0; 653 return 0;
@@ -971,6 +969,7 @@ cbq_dequeue(struct Qdisc *sch)
971 969
972 skb = cbq_dequeue_1(sch); 970 skb = cbq_dequeue_1(sch);
973 if (skb) { 971 if (skb) {
972 qdisc_bstats_update(sch, skb);
974 sch->q.qlen--; 973 sch->q.qlen--;
975 sch->flags &= ~TCQ_F_THROTTLED; 974 sch->flags &= ~TCQ_F_THROTTLED;
976 return skb; 975 return skb;
diff --git a/net/sched/sch_drr.c b/net/sched/sch_drr.c
index de55e642eafc..6b7fe4a84f13 100644
--- a/net/sched/sch_drr.c
+++ b/net/sched/sch_drr.c
@@ -376,7 +376,6 @@ static int drr_enqueue(struct sk_buff *skb, struct Qdisc *sch)
376 } 376 }
377 377
378 bstats_update(&cl->bstats, skb); 378 bstats_update(&cl->bstats, skb);
379 qdisc_bstats_update(sch, skb);
380 379
381 sch->q.qlen++; 380 sch->q.qlen++;
382 return err; 381 return err;
@@ -403,6 +402,7 @@ static struct sk_buff *drr_dequeue(struct Qdisc *sch)
403 skb = qdisc_dequeue_peeked(cl->qdisc); 402 skb = qdisc_dequeue_peeked(cl->qdisc);
404 if (cl->qdisc->q.qlen == 0) 403 if (cl->qdisc->q.qlen == 0)
405 list_del(&cl->alist); 404 list_del(&cl->alist);
405 qdisc_bstats_update(sch, skb);
406 sch->q.qlen--; 406 sch->q.qlen--;
407 return skb; 407 return skb;
408 } 408 }
diff --git a/net/sched/sch_dsmark.c b/net/sched/sch_dsmark.c
index 60f4bdd4408e..0f7bf3fdfea5 100644
--- a/net/sched/sch_dsmark.c
+++ b/net/sched/sch_dsmark.c
@@ -260,7 +260,6 @@ static int dsmark_enqueue(struct sk_buff *skb, struct Qdisc *sch)
260 return err; 260 return err;
261 } 261 }
262 262
263 qdisc_bstats_update(sch, skb);
264 sch->q.qlen++; 263 sch->q.qlen++;
265 264
266 return NET_XMIT_SUCCESS; 265 return NET_XMIT_SUCCESS;
@@ -283,6 +282,7 @@ static struct sk_buff *dsmark_dequeue(struct Qdisc *sch)
283 if (skb == NULL) 282 if (skb == NULL)
284 return NULL; 283 return NULL;
285 284
285 qdisc_bstats_update(sch, skb);
286 sch->q.qlen--; 286 sch->q.qlen--;
287 287
288 index = skb->tc_index & (p->indices - 1); 288 index = skb->tc_index & (p->indices - 1);
diff --git a/net/sched/sch_fifo.c b/net/sched/sch_fifo.c
index aa4d6337e43c..d468b479aa93 100644
--- a/net/sched/sch_fifo.c
+++ b/net/sched/sch_fifo.c
@@ -46,17 +46,14 @@ static int pfifo_enqueue(struct sk_buff *skb, struct Qdisc* sch)
46 46
47static int pfifo_tail_enqueue(struct sk_buff *skb, struct Qdisc* sch) 47static int pfifo_tail_enqueue(struct sk_buff *skb, struct Qdisc* sch)
48{ 48{
49 struct sk_buff *skb_head;
50 struct fifo_sched_data *q = qdisc_priv(sch); 49 struct fifo_sched_data *q = qdisc_priv(sch);
51 50
52 if (likely(skb_queue_len(&sch->q) < q->limit)) 51 if (likely(skb_queue_len(&sch->q) < q->limit))
53 return qdisc_enqueue_tail(skb, sch); 52 return qdisc_enqueue_tail(skb, sch);
54 53
55 /* queue full, remove one skb to fulfill the limit */ 54 /* queue full, remove one skb to fulfill the limit */
56 skb_head = qdisc_dequeue_head(sch); 55 __qdisc_queue_drop_head(sch, &sch->q);
57 sch->qstats.drops++; 56 sch->qstats.drops++;
58 kfree_skb(skb_head);
59
60 qdisc_enqueue_tail(skb, sch); 57 qdisc_enqueue_tail(skb, sch);
61 58
62 return NET_XMIT_CN; 59 return NET_XMIT_CN;
diff --git a/net/sched/sch_hfsc.c b/net/sched/sch_hfsc.c
index 2e45791d4f6c..14a799de1c35 100644
--- a/net/sched/sch_hfsc.c
+++ b/net/sched/sch_hfsc.c
@@ -1600,7 +1600,6 @@ hfsc_enqueue(struct sk_buff *skb, struct Qdisc *sch)
1600 set_active(cl, qdisc_pkt_len(skb)); 1600 set_active(cl, qdisc_pkt_len(skb));
1601 1601
1602 bstats_update(&cl->bstats, skb); 1602 bstats_update(&cl->bstats, skb);
1603 qdisc_bstats_update(sch, skb);
1604 sch->q.qlen++; 1603 sch->q.qlen++;
1605 1604
1606 return NET_XMIT_SUCCESS; 1605 return NET_XMIT_SUCCESS;
@@ -1666,6 +1665,7 @@ hfsc_dequeue(struct Qdisc *sch)
1666 } 1665 }
1667 1666
1668 sch->flags &= ~TCQ_F_THROTTLED; 1667 sch->flags &= ~TCQ_F_THROTTLED;
1668 qdisc_bstats_update(sch, skb);
1669 sch->q.qlen--; 1669 sch->q.qlen--;
1670 1670
1671 return skb; 1671 return skb;
diff --git a/net/sched/sch_htb.c b/net/sched/sch_htb.c
index 984c1b0c6836..fc12fe6f5597 100644
--- a/net/sched/sch_htb.c
+++ b/net/sched/sch_htb.c
@@ -574,7 +574,6 @@ static int htb_enqueue(struct sk_buff *skb, struct Qdisc *sch)
574 } 574 }
575 575
576 sch->q.qlen++; 576 sch->q.qlen++;
577 qdisc_bstats_update(sch, skb);
578 return NET_XMIT_SUCCESS; 577 return NET_XMIT_SUCCESS;
579} 578}
580 579
@@ -842,7 +841,7 @@ next:
842 841
843static struct sk_buff *htb_dequeue(struct Qdisc *sch) 842static struct sk_buff *htb_dequeue(struct Qdisc *sch)
844{ 843{
845 struct sk_buff *skb = NULL; 844 struct sk_buff *skb;
846 struct htb_sched *q = qdisc_priv(sch); 845 struct htb_sched *q = qdisc_priv(sch);
847 int level; 846 int level;
848 psched_time_t next_event; 847 psched_time_t next_event;
@@ -851,6 +850,8 @@ static struct sk_buff *htb_dequeue(struct Qdisc *sch)
851 /* try to dequeue direct packets as high prio (!) to minimize cpu work */ 850 /* try to dequeue direct packets as high prio (!) to minimize cpu work */
852 skb = __skb_dequeue(&q->direct_queue); 851 skb = __skb_dequeue(&q->direct_queue);
853 if (skb != NULL) { 852 if (skb != NULL) {
853ok:
854 qdisc_bstats_update(sch, skb);
854 sch->flags &= ~TCQ_F_THROTTLED; 855 sch->flags &= ~TCQ_F_THROTTLED;
855 sch->q.qlen--; 856 sch->q.qlen--;
856 return skb; 857 return skb;
@@ -884,11 +885,8 @@ static struct sk_buff *htb_dequeue(struct Qdisc *sch)
884 int prio = ffz(m); 885 int prio = ffz(m);
885 m |= 1 << prio; 886 m |= 1 << prio;
886 skb = htb_dequeue_tree(q, prio, level); 887 skb = htb_dequeue_tree(q, prio, level);
887 if (likely(skb != NULL)) { 888 if (likely(skb != NULL))
888 sch->q.qlen--; 889 goto ok;
889 sch->flags &= ~TCQ_F_THROTTLED;
890 goto fin;
891 }
892 } 890 }
893 } 891 }
894 sch->qstats.overlimits++; 892 sch->qstats.overlimits++;
diff --git a/net/sched/sch_multiq.c b/net/sched/sch_multiq.c
index 21f13da24763..436a2e75b322 100644
--- a/net/sched/sch_multiq.c
+++ b/net/sched/sch_multiq.c
@@ -83,7 +83,6 @@ multiq_enqueue(struct sk_buff *skb, struct Qdisc *sch)
83 83
84 ret = qdisc_enqueue(skb, qdisc); 84 ret = qdisc_enqueue(skb, qdisc);
85 if (ret == NET_XMIT_SUCCESS) { 85 if (ret == NET_XMIT_SUCCESS) {
86 qdisc_bstats_update(sch, skb);
87 sch->q.qlen++; 86 sch->q.qlen++;
88 return NET_XMIT_SUCCESS; 87 return NET_XMIT_SUCCESS;
89 } 88 }
@@ -112,6 +111,7 @@ static struct sk_buff *multiq_dequeue(struct Qdisc *sch)
112 qdisc = q->queues[q->curband]; 111 qdisc = q->queues[q->curband];
113 skb = qdisc->dequeue(qdisc); 112 skb = qdisc->dequeue(qdisc);
114 if (skb) { 113 if (skb) {
114 qdisc_bstats_update(sch, skb);
115 sch->q.qlen--; 115 sch->q.qlen--;
116 return skb; 116 return skb;
117 } 117 }
diff --git a/net/sched/sch_netem.c b/net/sched/sch_netem.c
index 1c4bce863479..6a3006b38dc5 100644
--- a/net/sched/sch_netem.c
+++ b/net/sched/sch_netem.c
@@ -240,7 +240,6 @@ static int netem_enqueue(struct sk_buff *skb, struct Qdisc *sch)
240 240
241 if (likely(ret == NET_XMIT_SUCCESS)) { 241 if (likely(ret == NET_XMIT_SUCCESS)) {
242 sch->q.qlen++; 242 sch->q.qlen++;
243 qdisc_bstats_update(sch, skb);
244 } else if (net_xmit_drop_count(ret)) { 243 } else if (net_xmit_drop_count(ret)) {
245 sch->qstats.drops++; 244 sch->qstats.drops++;
246 } 245 }
@@ -289,6 +288,7 @@ static struct sk_buff *netem_dequeue(struct Qdisc *sch)
289 skb->tstamp.tv64 = 0; 288 skb->tstamp.tv64 = 0;
290#endif 289#endif
291 pr_debug("netem_dequeue: return skb=%p\n", skb); 290 pr_debug("netem_dequeue: return skb=%p\n", skb);
291 qdisc_bstats_update(sch, skb);
292 sch->q.qlen--; 292 sch->q.qlen--;
293 return skb; 293 return skb;
294 } 294 }
@@ -476,7 +476,6 @@ static int tfifo_enqueue(struct sk_buff *nskb, struct Qdisc *sch)
476 __skb_queue_after(list, skb, nskb); 476 __skb_queue_after(list, skb, nskb);
477 477
478 sch->qstats.backlog += qdisc_pkt_len(nskb); 478 sch->qstats.backlog += qdisc_pkt_len(nskb);
479 qdisc_bstats_update(sch, nskb);
480 479
481 return NET_XMIT_SUCCESS; 480 return NET_XMIT_SUCCESS;
482 } 481 }
diff --git a/net/sched/sch_prio.c b/net/sched/sch_prio.c
index 966158d49dd1..fbd710d619bf 100644
--- a/net/sched/sch_prio.c
+++ b/net/sched/sch_prio.c
@@ -84,7 +84,6 @@ prio_enqueue(struct sk_buff *skb, struct Qdisc *sch)
84 84
85 ret = qdisc_enqueue(skb, qdisc); 85 ret = qdisc_enqueue(skb, qdisc);
86 if (ret == NET_XMIT_SUCCESS) { 86 if (ret == NET_XMIT_SUCCESS) {
87 qdisc_bstats_update(sch, skb);
88 sch->q.qlen++; 87 sch->q.qlen++;
89 return NET_XMIT_SUCCESS; 88 return NET_XMIT_SUCCESS;
90 } 89 }
@@ -116,6 +115,7 @@ static struct sk_buff *prio_dequeue(struct Qdisc* sch)
116 struct Qdisc *qdisc = q->queues[prio]; 115 struct Qdisc *qdisc = q->queues[prio];
117 struct sk_buff *skb = qdisc->dequeue(qdisc); 116 struct sk_buff *skb = qdisc->dequeue(qdisc);
118 if (skb) { 117 if (skb) {
118 qdisc_bstats_update(sch, skb);
119 sch->q.qlen--; 119 sch->q.qlen--;
120 return skb; 120 return skb;
121 } 121 }
diff --git a/net/sched/sch_red.c b/net/sched/sch_red.c
index a6009c5a2c97..9f98dbd32d4c 100644
--- a/net/sched/sch_red.c
+++ b/net/sched/sch_red.c
@@ -94,7 +94,6 @@ static int red_enqueue(struct sk_buff *skb, struct Qdisc* sch)
94 94
95 ret = qdisc_enqueue(skb, child); 95 ret = qdisc_enqueue(skb, child);
96 if (likely(ret == NET_XMIT_SUCCESS)) { 96 if (likely(ret == NET_XMIT_SUCCESS)) {
97 qdisc_bstats_update(sch, skb);
98 sch->q.qlen++; 97 sch->q.qlen++;
99 } else if (net_xmit_drop_count(ret)) { 98 } else if (net_xmit_drop_count(ret)) {
100 q->stats.pdrop++; 99 q->stats.pdrop++;
@@ -114,11 +113,13 @@ static struct sk_buff * red_dequeue(struct Qdisc* sch)
114 struct Qdisc *child = q->qdisc; 113 struct Qdisc *child = q->qdisc;
115 114
116 skb = child->dequeue(child); 115 skb = child->dequeue(child);
117 if (skb) 116 if (skb) {
117 qdisc_bstats_update(sch, skb);
118 sch->q.qlen--; 118 sch->q.qlen--;
119 else if (!red_is_idling(&q->parms)) 119 } else {
120 red_start_of_idle_period(&q->parms); 120 if (!red_is_idling(&q->parms))
121 121 red_start_of_idle_period(&q->parms);
122 }
122 return skb; 123 return skb;
123} 124}
124 125
diff --git a/net/sched/sch_sfq.c b/net/sched/sch_sfq.c
index 239ec53a634d..edea8cefec6c 100644
--- a/net/sched/sch_sfq.c
+++ b/net/sched/sch_sfq.c
@@ -402,10 +402,8 @@ sfq_enqueue(struct sk_buff *skb, struct Qdisc *sch)
402 q->tail = slot; 402 q->tail = slot;
403 slot->allot = q->scaled_quantum; 403 slot->allot = q->scaled_quantum;
404 } 404 }
405 if (++sch->q.qlen <= q->limit) { 405 if (++sch->q.qlen <= q->limit)
406 qdisc_bstats_update(sch, skb);
407 return NET_XMIT_SUCCESS; 406 return NET_XMIT_SUCCESS;
408 }
409 407
410 sfq_drop(sch); 408 sfq_drop(sch);
411 return NET_XMIT_CN; 409 return NET_XMIT_CN;
@@ -445,6 +443,7 @@ next_slot:
445 } 443 }
446 skb = slot_dequeue_head(slot); 444 skb = slot_dequeue_head(slot);
447 sfq_dec(q, a); 445 sfq_dec(q, a);
446 qdisc_bstats_update(sch, skb);
448 sch->q.qlen--; 447 sch->q.qlen--;
449 sch->qstats.backlog -= qdisc_pkt_len(skb); 448 sch->qstats.backlog -= qdisc_pkt_len(skb);
450 449
diff --git a/net/sched/sch_tbf.c b/net/sched/sch_tbf.c
index 77565e721811..e93165820c3f 100644
--- a/net/sched/sch_tbf.c
+++ b/net/sched/sch_tbf.c
@@ -134,7 +134,6 @@ static int tbf_enqueue(struct sk_buff *skb, struct Qdisc* sch)
134 } 134 }
135 135
136 sch->q.qlen++; 136 sch->q.qlen++;
137 qdisc_bstats_update(sch, skb);
138 return NET_XMIT_SUCCESS; 137 return NET_XMIT_SUCCESS;
139} 138}
140 139
@@ -187,6 +186,7 @@ static struct sk_buff *tbf_dequeue(struct Qdisc* sch)
187 q->ptokens = ptoks; 186 q->ptokens = ptoks;
188 sch->q.qlen--; 187 sch->q.qlen--;
189 sch->flags &= ~TCQ_F_THROTTLED; 188 sch->flags &= ~TCQ_F_THROTTLED;
189 qdisc_bstats_update(sch, skb);
190 return skb; 190 return skb;
191 } 191 }
192 192
diff --git a/net/sched/sch_teql.c b/net/sched/sch_teql.c
index 84ce48eadff4..d84e7329660f 100644
--- a/net/sched/sch_teql.c
+++ b/net/sched/sch_teql.c
@@ -87,7 +87,6 @@ teql_enqueue(struct sk_buff *skb, struct Qdisc* sch)
87 87
88 if (q->q.qlen < dev->tx_queue_len) { 88 if (q->q.qlen < dev->tx_queue_len) {
89 __skb_queue_tail(&q->q, skb); 89 __skb_queue_tail(&q->q, skb);
90 qdisc_bstats_update(sch, skb);
91 return NET_XMIT_SUCCESS; 90 return NET_XMIT_SUCCESS;
92 } 91 }
93 92
@@ -111,6 +110,8 @@ teql_dequeue(struct Qdisc* sch)
111 dat->m->slaves = sch; 110 dat->m->slaves = sch;
112 netif_wake_queue(m); 111 netif_wake_queue(m);
113 } 112 }
113 } else {
114 qdisc_bstats_update(sch, skb);
114 } 115 }
115 sch->q.qlen = dat->q.qlen + dat_queue->qdisc->q.qlen; 116 sch->q.qlen = dat->q.qlen + dat_queue->qdisc->q.qlen;
116 return skb; 117 return skb;
diff --git a/net/sunrpc/svcsock.c b/net/sunrpc/svcsock.c
index 7bd3bbba4710..d802e941d365 100644
--- a/net/sunrpc/svcsock.c
+++ b/net/sunrpc/svcsock.c
@@ -1609,9 +1609,7 @@ static struct svc_xprt *svc_bc_create_socket(struct svc_serv *serv,
1609 */ 1609 */
1610static void svc_bc_sock_free(struct svc_xprt *xprt) 1610static void svc_bc_sock_free(struct svc_xprt *xprt)
1611{ 1611{
1612 if (xprt) { 1612 if (xprt)
1613 kfree(xprt->xpt_bc_sid);
1614 kfree(container_of(xprt, struct svc_sock, sk_xprt)); 1613 kfree(container_of(xprt, struct svc_sock, sk_xprt));
1615 }
1616} 1614}
1617#endif /* CONFIG_NFS_V4_1 */ 1615#endif /* CONFIG_NFS_V4_1 */
diff --git a/net/x25/x25_facilities.c b/net/x25/x25_facilities.c
index 55187c8f6420..406207515b5e 100644
--- a/net/x25/x25_facilities.c
+++ b/net/x25/x25_facilities.c
@@ -27,9 +27,19 @@
27#include <net/sock.h> 27#include <net/sock.h>
28#include <net/x25.h> 28#include <net/x25.h>
29 29
30/* 30/**
31 * Parse a set of facilities into the facilities structures. Unrecognised 31 * x25_parse_facilities - Parse facilities from skb into the facilities structs
32 * facilities are written to the debug log file. 32 *
33 * @skb: sk_buff to parse
34 * @facilities: Regular facilites, updated as facilities are found
35 * @dte_facs: ITU DTE facilities, updated as DTE facilities are found
36 * @vc_fac_mask: mask is updated with all facilities found
37 *
38 * Return codes:
39 * -1 - Parsing error, caller should drop call and clean up
40 * 0 - Parse OK, this skb has no facilities
41 * >0 - Parse OK, returns the length of the facilities header
42 *
33 */ 43 */
34int x25_parse_facilities(struct sk_buff *skb, struct x25_facilities *facilities, 44int x25_parse_facilities(struct sk_buff *skb, struct x25_facilities *facilities,
35 struct x25_dte_facilities *dte_facs, unsigned long *vc_fac_mask) 45 struct x25_dte_facilities *dte_facs, unsigned long *vc_fac_mask)
@@ -62,7 +72,7 @@ int x25_parse_facilities(struct sk_buff *skb, struct x25_facilities *facilities,
62 switch (*p & X25_FAC_CLASS_MASK) { 72 switch (*p & X25_FAC_CLASS_MASK) {
63 case X25_FAC_CLASS_A: 73 case X25_FAC_CLASS_A:
64 if (len < 2) 74 if (len < 2)
65 return 0; 75 return -1;
66 switch (*p) { 76 switch (*p) {
67 case X25_FAC_REVERSE: 77 case X25_FAC_REVERSE:
68 if((p[1] & 0x81) == 0x81) { 78 if((p[1] & 0x81) == 0x81) {
@@ -107,7 +117,7 @@ int x25_parse_facilities(struct sk_buff *skb, struct x25_facilities *facilities,
107 break; 117 break;
108 case X25_FAC_CLASS_B: 118 case X25_FAC_CLASS_B:
109 if (len < 3) 119 if (len < 3)
110 return 0; 120 return -1;
111 switch (*p) { 121 switch (*p) {
112 case X25_FAC_PACKET_SIZE: 122 case X25_FAC_PACKET_SIZE:
113 facilities->pacsize_in = p[1]; 123 facilities->pacsize_in = p[1];
@@ -130,7 +140,7 @@ int x25_parse_facilities(struct sk_buff *skb, struct x25_facilities *facilities,
130 break; 140 break;
131 case X25_FAC_CLASS_C: 141 case X25_FAC_CLASS_C:
132 if (len < 4) 142 if (len < 4)
133 return 0; 143 return -1;
134 printk(KERN_DEBUG "X.25: unknown facility %02X, " 144 printk(KERN_DEBUG "X.25: unknown facility %02X, "
135 "values %02X, %02X, %02X\n", 145 "values %02X, %02X, %02X\n",
136 p[0], p[1], p[2], p[3]); 146 p[0], p[1], p[2], p[3]);
@@ -139,18 +149,18 @@ int x25_parse_facilities(struct sk_buff *skb, struct x25_facilities *facilities,
139 break; 149 break;
140 case X25_FAC_CLASS_D: 150 case X25_FAC_CLASS_D:
141 if (len < p[1] + 2) 151 if (len < p[1] + 2)
142 return 0; 152 return -1;
143 switch (*p) { 153 switch (*p) {
144 case X25_FAC_CALLING_AE: 154 case X25_FAC_CALLING_AE:
145 if (p[1] > X25_MAX_DTE_FACIL_LEN || p[1] <= 1) 155 if (p[1] > X25_MAX_DTE_FACIL_LEN || p[1] <= 1)
146 return 0; 156 return -1;
147 dte_facs->calling_len = p[2]; 157 dte_facs->calling_len = p[2];
148 memcpy(dte_facs->calling_ae, &p[3], p[1] - 1); 158 memcpy(dte_facs->calling_ae, &p[3], p[1] - 1);
149 *vc_fac_mask |= X25_MASK_CALLING_AE; 159 *vc_fac_mask |= X25_MASK_CALLING_AE;
150 break; 160 break;
151 case X25_FAC_CALLED_AE: 161 case X25_FAC_CALLED_AE:
152 if (p[1] > X25_MAX_DTE_FACIL_LEN || p[1] <= 1) 162 if (p[1] > X25_MAX_DTE_FACIL_LEN || p[1] <= 1)
153 return 0; 163 return -1;
154 dte_facs->called_len = p[2]; 164 dte_facs->called_len = p[2];
155 memcpy(dte_facs->called_ae, &p[3], p[1] - 1); 165 memcpy(dte_facs->called_ae, &p[3], p[1] - 1);
156 *vc_fac_mask |= X25_MASK_CALLED_AE; 166 *vc_fac_mask |= X25_MASK_CALLED_AE;
diff --git a/net/x25/x25_in.c b/net/x25/x25_in.c
index f729f022be69..15de65f04719 100644
--- a/net/x25/x25_in.c
+++ b/net/x25/x25_in.c
@@ -91,10 +91,10 @@ static int x25_state1_machine(struct sock *sk, struct sk_buff *skb, int frametyp
91{ 91{
92 struct x25_address source_addr, dest_addr; 92 struct x25_address source_addr, dest_addr;
93 int len; 93 int len;
94 struct x25_sock *x25 = x25_sk(sk);
94 95
95 switch (frametype) { 96 switch (frametype) {
96 case X25_CALL_ACCEPTED: { 97 case X25_CALL_ACCEPTED: {
97 struct x25_sock *x25 = x25_sk(sk);
98 98
99 x25_stop_timer(sk); 99 x25_stop_timer(sk);
100 x25->condition = 0x00; 100 x25->condition = 0x00;
@@ -113,14 +113,16 @@ static int x25_state1_machine(struct sock *sk, struct sk_buff *skb, int frametyp
113 &dest_addr); 113 &dest_addr);
114 if (len > 0) 114 if (len > 0)
115 skb_pull(skb, len); 115 skb_pull(skb, len);
116 else if (len < 0)
117 goto out_clear;
116 118
117 len = x25_parse_facilities(skb, &x25->facilities, 119 len = x25_parse_facilities(skb, &x25->facilities,
118 &x25->dte_facilities, 120 &x25->dte_facilities,
119 &x25->vc_facil_mask); 121 &x25->vc_facil_mask);
120 if (len > 0) 122 if (len > 0)
121 skb_pull(skb, len); 123 skb_pull(skb, len);
122 else 124 else if (len < 0)
123 return -1; 125 goto out_clear;
124 /* 126 /*
125 * Copy any Call User Data. 127 * Copy any Call User Data.
126 */ 128 */
@@ -144,6 +146,12 @@ static int x25_state1_machine(struct sock *sk, struct sk_buff *skb, int frametyp
144 } 146 }
145 147
146 return 0; 148 return 0;
149
150out_clear:
151 x25_write_internal(sk, X25_CLEAR_REQUEST);
152 x25->state = X25_STATE_2;
153 x25_start_t23timer(sk);
154 return 0;
147} 155}
148 156
149/* 157/*
diff --git a/net/x25/x25_link.c b/net/x25/x25_link.c
index 4cbc942f762a..21306928d47f 100644
--- a/net/x25/x25_link.c
+++ b/net/x25/x25_link.c
@@ -396,9 +396,12 @@ void __exit x25_link_free(void)
396 write_lock_bh(&x25_neigh_list_lock); 396 write_lock_bh(&x25_neigh_list_lock);
397 397
398 list_for_each_safe(entry, tmp, &x25_neigh_list) { 398 list_for_each_safe(entry, tmp, &x25_neigh_list) {
399 struct net_device *dev;
400
399 nb = list_entry(entry, struct x25_neigh, node); 401 nb = list_entry(entry, struct x25_neigh, node);
402 dev = nb->dev;
400 __x25_remove_neigh(nb); 403 __x25_remove_neigh(nb);
401 dev_put(nb->dev); 404 dev_put(dev);
402 } 405 }
403 write_unlock_bh(&x25_neigh_list_lock); 406 write_unlock_bh(&x25_neigh_list_lock);
404} 407}
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 8b3ef404c794..6459588befc3 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -1340,10 +1340,13 @@ static inline struct xfrm_dst *xfrm_alloc_dst(struct net *net, int family)
1340 default: 1340 default:
1341 BUG(); 1341 BUG();
1342 } 1342 }
1343 xdst = dst_alloc(dst_ops) ?: ERR_PTR(-ENOBUFS); 1343 xdst = dst_alloc(dst_ops);
1344 xfrm_policy_put_afinfo(afinfo); 1344 xfrm_policy_put_afinfo(afinfo);
1345 1345
1346 xdst->flo.ops = &xfrm_bundle_fc_ops; 1346 if (likely(xdst))
1347 xdst->flo.ops = &xfrm_bundle_fc_ops;
1348 else
1349 xdst = ERR_PTR(-ENOBUFS);
1347 1350
1348 return xdst; 1351 return xdst;
1349} 1352}
generated by cgit v1.2.2 (git 2.25.0) at 2024-10-11 05:20:36 -0400