aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
Diffstat (limited to 'net')
-rw-r--r--net/batman-adv/bat_iv_ogm.c2
-rw-r--r--net/bridge/br_if.c8
-rw-r--r--net/bridge/br_multicast.c2
-rw-r--r--net/bridge/br_netlink.c13
-rw-r--r--net/bridge/br_private.h6
-rw-r--r--net/ceph/messenger.c23
-rw-r--r--net/ceph/osd_client.c34
-rw-r--r--net/core/dev.c18
-rw-r--r--net/core/net-sysfs.c4
-rw-r--r--net/core/sock.c4
-rw-r--r--net/ipv4/arp.c10
-rw-r--r--net/ipv4/devinet.c2
-rw-r--r--net/ipv4/ip_gre.c13
-rw-r--r--net/ipv4/ipconfig.c8
-rw-r--r--net/ipv4/netfilter/ipt_REJECT.c1
-rw-r--r--net/ipv4/netfilter/iptable_nat.c15
-rw-r--r--net/ipv4/tcp_input.c14
-rw-r--r--net/ipv6/ip6_gre.c3
-rw-r--r--net/ipv6/netfilter/ip6t_NPT.c33
-rw-r--r--net/ipv6/netfilter/ip6t_REJECT.c1
-rw-r--r--net/ipv6/netfilter/ip6table_nat.c15
-rw-r--r--net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c4
-rw-r--r--net/ipv6/netfilter/nf_conntrack_reasm.c5
-rw-r--r--net/mac802154/wpan.c2
-rw-r--r--net/netfilter/Kconfig7
-rw-r--r--net/netfilter/nf_conntrack_core.c2
-rw-r--r--net/netfilter/nf_conntrack_netlink.c2
-rw-r--r--net/netfilter/nfnetlink_log.c16
-rw-r--r--net/netfilter/xt_CT.c58
-rw-r--r--net/netfilter/xt_hashlimit.c54
-rw-r--r--net/netfilter/xt_recent.c43
-rw-r--r--net/rds/ib_cm.c11
-rw-r--r--net/rds/ib_recv.c9
-rw-r--r--net/sched/sch_htb.c2
-rw-r--r--net/sctp/Kconfig2
-rw-r--r--net/sunrpc/clnt.c5
-rw-r--r--net/sunrpc/sched.c27
-rw-r--r--net/wireless/reg.c7
-rw-r--r--net/wireless/sysfs.c4
39 files changed, 328 insertions, 161 deletions
diff --git a/net/batman-adv/bat_iv_ogm.c b/net/batman-adv/bat_iv_ogm.c
index 9f3925a85aab..7d02ebd11a7f 100644
--- a/net/batman-adv/bat_iv_ogm.c
+++ b/net/batman-adv/bat_iv_ogm.c
@@ -123,7 +123,7 @@ batadv_iv_ogm_emit_send_time(const struct batadv_priv *bat_priv)
123 unsigned int msecs; 123 unsigned int msecs;
124 124
125 msecs = atomic_read(&bat_priv->orig_interval) - BATADV_JITTER; 125 msecs = atomic_read(&bat_priv->orig_interval) - BATADV_JITTER;
126 msecs += (random32() % 2 * BATADV_JITTER); 126 msecs += random32() % (2 * BATADV_JITTER);
127 127
128 return jiffies + msecs_to_jiffies(msecs); 128 return jiffies + msecs_to_jiffies(msecs);
129} 129}
diff --git a/net/bridge/br_if.c b/net/bridge/br_if.c
index 1c8fdc3558cd..37fe693471a8 100644
--- a/net/bridge/br_if.c
+++ b/net/bridge/br_if.c
@@ -366,11 +366,11 @@ int br_add_if(struct net_bridge *br, struct net_device *dev)
366 366
367 err = netdev_set_master(dev, br->dev); 367 err = netdev_set_master(dev, br->dev);
368 if (err) 368 if (err)
369 goto err3; 369 goto err4;
370 370
371 err = netdev_rx_handler_register(dev, br_handle_frame, p); 371 err = netdev_rx_handler_register(dev, br_handle_frame, p);
372 if (err) 372 if (err)
373 goto err4; 373 goto err5;
374 374
375 dev->priv_flags |= IFF_BRIDGE_PORT; 375 dev->priv_flags |= IFF_BRIDGE_PORT;
376 376
@@ -402,8 +402,10 @@ int br_add_if(struct net_bridge *br, struct net_device *dev)
402 402
403 return 0; 403 return 0;
404 404
405err4: 405err5:
406 netdev_set_master(dev, NULL); 406 netdev_set_master(dev, NULL);
407err4:
408 br_netpoll_disable(p);
407err3: 409err3:
408 sysfs_remove_link(br->ifobj, p->dev->name); 410 sysfs_remove_link(br->ifobj, p->dev->name);
409err2: 411err2:
diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c
index 5391ca43336a..6d6f26531de2 100644
--- a/net/bridge/br_multicast.c
+++ b/net/bridge/br_multicast.c
@@ -1608,7 +1608,6 @@ void br_multicast_init(struct net_bridge *br)
1608 br_multicast_querier_expired, (unsigned long)br); 1608 br_multicast_querier_expired, (unsigned long)br);
1609 setup_timer(&br->multicast_query_timer, br_multicast_query_expired, 1609 setup_timer(&br->multicast_query_timer, br_multicast_query_expired,
1610 (unsigned long)br); 1610 (unsigned long)br);
1611 br_mdb_init();
1612} 1611}
1613 1612
1614void br_multicast_open(struct net_bridge *br) 1613void br_multicast_open(struct net_bridge *br)
@@ -1633,7 +1632,6 @@ void br_multicast_stop(struct net_bridge *br)
1633 del_timer_sync(&br->multicast_querier_timer); 1632 del_timer_sync(&br->multicast_querier_timer);
1634 del_timer_sync(&br->multicast_query_timer); 1633 del_timer_sync(&br->multicast_query_timer);
1635 1634
1636 br_mdb_uninit();
1637 spin_lock_bh(&br->multicast_lock); 1635 spin_lock_bh(&br->multicast_lock);
1638 mdb = mlock_dereference(br->mdb, br); 1636 mdb = mlock_dereference(br->mdb, br);
1639 if (!mdb) 1637 if (!mdb)
diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c
index 97ba0189c6f7..5dc66abcc9e2 100644
--- a/net/bridge/br_netlink.c
+++ b/net/bridge/br_netlink.c
@@ -299,10 +299,21 @@ struct rtnl_link_ops br_link_ops __read_mostly = {
299 299
300int __init br_netlink_init(void) 300int __init br_netlink_init(void)
301{ 301{
302 return rtnl_link_register(&br_link_ops); 302 int err;
303
304 br_mdb_init();
305 err = rtnl_link_register(&br_link_ops);
306 if (err)
307 goto out;
308
309 return 0;
310out:
311 br_mdb_uninit();
312 return err;
303} 313}
304 314
305void __exit br_netlink_fini(void) 315void __exit br_netlink_fini(void)
306{ 316{
317 br_mdb_uninit();
307 rtnl_link_unregister(&br_link_ops); 318 rtnl_link_unregister(&br_link_ops);
308} 319}
diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h
index 8d83be5ffedc..711094aed41a 100644
--- a/net/bridge/br_private.h
+++ b/net/bridge/br_private.h
@@ -526,6 +526,12 @@ static inline bool br_multicast_is_router(struct net_bridge *br)
526{ 526{
527 return 0; 527 return 0;
528} 528}
529static inline void br_mdb_init(void)
530{
531}
532static inline void br_mdb_uninit(void)
533{
534}
529#endif 535#endif
530 536
531/* br_netfilter.c */ 537/* br_netfilter.c */
diff --git a/net/ceph/messenger.c b/net/ceph/messenger.c
index 4d111fd2b492..5ccf87ed8d68 100644
--- a/net/ceph/messenger.c
+++ b/net/ceph/messenger.c
@@ -506,6 +506,7 @@ static void reset_connection(struct ceph_connection *con)
506{ 506{
507 /* reset connection, out_queue, msg_ and connect_seq */ 507 /* reset connection, out_queue, msg_ and connect_seq */
508 /* discard existing out_queue and msg_seq */ 508 /* discard existing out_queue and msg_seq */
509 dout("reset_connection %p\n", con);
509 ceph_msg_remove_list(&con->out_queue); 510 ceph_msg_remove_list(&con->out_queue);
510 ceph_msg_remove_list(&con->out_sent); 511 ceph_msg_remove_list(&con->out_sent);
511 512
@@ -561,7 +562,7 @@ void ceph_con_open(struct ceph_connection *con,
561 mutex_lock(&con->mutex); 562 mutex_lock(&con->mutex);
562 dout("con_open %p %s\n", con, ceph_pr_addr(&addr->in_addr)); 563 dout("con_open %p %s\n", con, ceph_pr_addr(&addr->in_addr));
563 564
564 BUG_ON(con->state != CON_STATE_CLOSED); 565 WARN_ON(con->state != CON_STATE_CLOSED);
565 con->state = CON_STATE_PREOPEN; 566 con->state = CON_STATE_PREOPEN;
566 567
567 con->peer_name.type = (__u8) entity_type; 568 con->peer_name.type = (__u8) entity_type;
@@ -1506,13 +1507,6 @@ static int process_banner(struct ceph_connection *con)
1506 return 0; 1507 return 0;
1507} 1508}
1508 1509
1509static void fail_protocol(struct ceph_connection *con)
1510{
1511 reset_connection(con);
1512 BUG_ON(con->state != CON_STATE_NEGOTIATING);
1513 con->state = CON_STATE_CLOSED;
1514}
1515
1516static int process_connect(struct ceph_connection *con) 1510static int process_connect(struct ceph_connection *con)
1517{ 1511{
1518 u64 sup_feat = con->msgr->supported_features; 1512 u64 sup_feat = con->msgr->supported_features;
@@ -1530,7 +1524,7 @@ static int process_connect(struct ceph_connection *con)
1530 ceph_pr_addr(&con->peer_addr.in_addr), 1524 ceph_pr_addr(&con->peer_addr.in_addr),
1531 sup_feat, server_feat, server_feat & ~sup_feat); 1525 sup_feat, server_feat, server_feat & ~sup_feat);
1532 con->error_msg = "missing required protocol features"; 1526 con->error_msg = "missing required protocol features";
1533 fail_protocol(con); 1527 reset_connection(con);
1534 return -1; 1528 return -1;
1535 1529
1536 case CEPH_MSGR_TAG_BADPROTOVER: 1530 case CEPH_MSGR_TAG_BADPROTOVER:
@@ -1541,7 +1535,7 @@ static int process_connect(struct ceph_connection *con)
1541 le32_to_cpu(con->out_connect.protocol_version), 1535 le32_to_cpu(con->out_connect.protocol_version),
1542 le32_to_cpu(con->in_reply.protocol_version)); 1536 le32_to_cpu(con->in_reply.protocol_version));
1543 con->error_msg = "protocol version mismatch"; 1537 con->error_msg = "protocol version mismatch";
1544 fail_protocol(con); 1538 reset_connection(con);
1545 return -1; 1539 return -1;
1546 1540
1547 case CEPH_MSGR_TAG_BADAUTHORIZER: 1541 case CEPH_MSGR_TAG_BADAUTHORIZER:
@@ -1631,11 +1625,11 @@ static int process_connect(struct ceph_connection *con)
1631 ceph_pr_addr(&con->peer_addr.in_addr), 1625 ceph_pr_addr(&con->peer_addr.in_addr),
1632 req_feat, server_feat, req_feat & ~server_feat); 1626 req_feat, server_feat, req_feat & ~server_feat);
1633 con->error_msg = "missing required protocol features"; 1627 con->error_msg = "missing required protocol features";
1634 fail_protocol(con); 1628 reset_connection(con);
1635 return -1; 1629 return -1;
1636 } 1630 }
1637 1631
1638 BUG_ON(con->state != CON_STATE_NEGOTIATING); 1632 WARN_ON(con->state != CON_STATE_NEGOTIATING);
1639 con->state = CON_STATE_OPEN; 1633 con->state = CON_STATE_OPEN;
1640 1634
1641 con->peer_global_seq = le32_to_cpu(con->in_reply.global_seq); 1635 con->peer_global_seq = le32_to_cpu(con->in_reply.global_seq);
@@ -2132,7 +2126,6 @@ more:
2132 if (ret < 0) 2126 if (ret < 0)
2133 goto out; 2127 goto out;
2134 2128
2135 BUG_ON(con->state != CON_STATE_CONNECTING);
2136 con->state = CON_STATE_NEGOTIATING; 2129 con->state = CON_STATE_NEGOTIATING;
2137 2130
2138 /* 2131 /*
@@ -2160,7 +2153,7 @@ more:
2160 goto more; 2153 goto more;
2161 } 2154 }
2162 2155
2163 BUG_ON(con->state != CON_STATE_OPEN); 2156 WARN_ON(con->state != CON_STATE_OPEN);
2164 2157
2165 if (con->in_base_pos < 0) { 2158 if (con->in_base_pos < 0) {
2166 /* 2159 /*
@@ -2382,7 +2375,7 @@ static void ceph_fault(struct ceph_connection *con)
2382 dout("fault %p state %lu to peer %s\n", 2375 dout("fault %p state %lu to peer %s\n",
2383 con, con->state, ceph_pr_addr(&con->peer_addr.in_addr)); 2376 con, con->state, ceph_pr_addr(&con->peer_addr.in_addr));
2384 2377
2385 BUG_ON(con->state != CON_STATE_CONNECTING && 2378 WARN_ON(con->state != CON_STATE_CONNECTING &&
2386 con->state != CON_STATE_NEGOTIATING && 2379 con->state != CON_STATE_NEGOTIATING &&
2387 con->state != CON_STATE_OPEN); 2380 con->state != CON_STATE_OPEN);
2388 2381
diff --git a/net/ceph/osd_client.c b/net/ceph/osd_client.c
index 780caf6b0491..eb9a44478764 100644
--- a/net/ceph/osd_client.c
+++ b/net/ceph/osd_client.c
@@ -1270,7 +1270,7 @@ static void reset_changed_osds(struct ceph_osd_client *osdc)
1270 * Requeue requests whose mapping to an OSD has changed. If requests map to 1270 * Requeue requests whose mapping to an OSD has changed. If requests map to
1271 * no osd, request a new map. 1271 * no osd, request a new map.
1272 * 1272 *
1273 * Caller should hold map_sem for read and request_mutex. 1273 * Caller should hold map_sem for read.
1274 */ 1274 */
1275static void kick_requests(struct ceph_osd_client *osdc, int force_resend) 1275static void kick_requests(struct ceph_osd_client *osdc, int force_resend)
1276{ 1276{
@@ -1284,6 +1284,24 @@ static void kick_requests(struct ceph_osd_client *osdc, int force_resend)
1284 for (p = rb_first(&osdc->requests); p; ) { 1284 for (p = rb_first(&osdc->requests); p; ) {
1285 req = rb_entry(p, struct ceph_osd_request, r_node); 1285 req = rb_entry(p, struct ceph_osd_request, r_node);
1286 p = rb_next(p); 1286 p = rb_next(p);
1287
1288 /*
1289 * For linger requests that have not yet been
1290 * registered, move them to the linger list; they'll
1291 * be sent to the osd in the loop below. Unregister
1292 * the request before re-registering it as a linger
1293 * request to ensure the __map_request() below
1294 * will decide it needs to be sent.
1295 */
1296 if (req->r_linger && list_empty(&req->r_linger_item)) {
1297 dout("%p tid %llu restart on osd%d\n",
1298 req, req->r_tid,
1299 req->r_osd ? req->r_osd->o_osd : -1);
1300 __unregister_request(osdc, req);
1301 __register_linger_request(osdc, req);
1302 continue;
1303 }
1304
1287 err = __map_request(osdc, req, force_resend); 1305 err = __map_request(osdc, req, force_resend);
1288 if (err < 0) 1306 if (err < 0)
1289 continue; /* error */ 1307 continue; /* error */
@@ -1298,17 +1316,6 @@ static void kick_requests(struct ceph_osd_client *osdc, int force_resend)
1298 req->r_flags |= CEPH_OSD_FLAG_RETRY; 1316 req->r_flags |= CEPH_OSD_FLAG_RETRY;
1299 } 1317 }
1300 } 1318 }
1301 if (req->r_linger && list_empty(&req->r_linger_item)) {
1302 /*
1303 * register as a linger so that we will
1304 * re-submit below and get a new tid
1305 */
1306 dout("%p tid %llu restart on osd%d\n",
1307 req, req->r_tid,
1308 req->r_osd ? req->r_osd->o_osd : -1);
1309 __register_linger_request(osdc, req);
1310 __unregister_request(osdc, req);
1311 }
1312 } 1319 }
1313 1320
1314 list_for_each_entry_safe(req, nreq, &osdc->req_linger, 1321 list_for_each_entry_safe(req, nreq, &osdc->req_linger,
@@ -1316,6 +1323,7 @@ static void kick_requests(struct ceph_osd_client *osdc, int force_resend)
1316 dout("linger req=%p req->r_osd=%p\n", req, req->r_osd); 1323 dout("linger req=%p req->r_osd=%p\n", req, req->r_osd);
1317 1324
1318 err = __map_request(osdc, req, force_resend); 1325 err = __map_request(osdc, req, force_resend);
1326 dout("__map_request returned %d\n", err);
1319 if (err == 0) 1327 if (err == 0)
1320 continue; /* no change and no osd was specified */ 1328 continue; /* no change and no osd was specified */
1321 if (err < 0) 1329 if (err < 0)
@@ -1337,6 +1345,7 @@ static void kick_requests(struct ceph_osd_client *osdc, int force_resend)
1337 dout("%d requests for down osds, need new map\n", needmap); 1345 dout("%d requests for down osds, need new map\n", needmap);
1338 ceph_monc_request_next_osdmap(&osdc->client->monc); 1346 ceph_monc_request_next_osdmap(&osdc->client->monc);
1339 } 1347 }
1348 reset_changed_osds(osdc);
1340} 1349}
1341 1350
1342 1351
@@ -1393,7 +1402,6 @@ void ceph_osdc_handle_map(struct ceph_osd_client *osdc, struct ceph_msg *msg)
1393 osdc->osdmap = newmap; 1402 osdc->osdmap = newmap;
1394 } 1403 }
1395 kick_requests(osdc, 0); 1404 kick_requests(osdc, 0);
1396 reset_changed_osds(osdc);
1397 } else { 1405 } else {
1398 dout("ignoring incremental map %u len %d\n", 1406 dout("ignoring incremental map %u len %d\n",
1399 epoch, maplen); 1407 epoch, maplen);
diff --git a/net/core/dev.c b/net/core/dev.c
index d0cbc93fcf32..515473ee52cb 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -203,7 +203,7 @@ static struct list_head offload_base __read_mostly;
203DEFINE_RWLOCK(dev_base_lock); 203DEFINE_RWLOCK(dev_base_lock);
204EXPORT_SYMBOL(dev_base_lock); 204EXPORT_SYMBOL(dev_base_lock);
205 205
206DEFINE_SEQLOCK(devnet_rename_seq); 206seqcount_t devnet_rename_seq;
207 207
208static inline void dev_base_seq_inc(struct net *net) 208static inline void dev_base_seq_inc(struct net *net)
209{ 209{
@@ -1093,10 +1093,10 @@ int dev_change_name(struct net_device *dev, const char *newname)
1093 if (dev->flags & IFF_UP) 1093 if (dev->flags & IFF_UP)
1094 return -EBUSY; 1094 return -EBUSY;
1095 1095
1096 write_seqlock(&devnet_rename_seq); 1096 write_seqcount_begin(&devnet_rename_seq);
1097 1097
1098 if (strncmp(newname, dev->name, IFNAMSIZ) == 0) { 1098 if (strncmp(newname, dev->name, IFNAMSIZ) == 0) {
1099 write_sequnlock(&devnet_rename_seq); 1099 write_seqcount_end(&devnet_rename_seq);
1100 return 0; 1100 return 0;
1101 } 1101 }
1102 1102
@@ -1104,7 +1104,7 @@ int dev_change_name(struct net_device *dev, const char *newname)
1104 1104
1105 err = dev_get_valid_name(net, dev, newname); 1105 err = dev_get_valid_name(net, dev, newname);
1106 if (err < 0) { 1106 if (err < 0) {
1107 write_sequnlock(&devnet_rename_seq); 1107 write_seqcount_end(&devnet_rename_seq);
1108 return err; 1108 return err;
1109 } 1109 }
1110 1110
@@ -1112,11 +1112,11 @@ rollback:
1112 ret = device_rename(&dev->dev, dev->name); 1112 ret = device_rename(&dev->dev, dev->name);
1113 if (ret) { 1113 if (ret) {
1114 memcpy(dev->name, oldname, IFNAMSIZ); 1114 memcpy(dev->name, oldname, IFNAMSIZ);
1115 write_sequnlock(&devnet_rename_seq); 1115 write_seqcount_end(&devnet_rename_seq);
1116 return ret; 1116 return ret;
1117 } 1117 }
1118 1118
1119 write_sequnlock(&devnet_rename_seq); 1119 write_seqcount_end(&devnet_rename_seq);
1120 1120
1121 write_lock_bh(&dev_base_lock); 1121 write_lock_bh(&dev_base_lock);
1122 hlist_del_rcu(&dev->name_hlist); 1122 hlist_del_rcu(&dev->name_hlist);
@@ -1135,7 +1135,7 @@ rollback:
1135 /* err >= 0 after dev_alloc_name() or stores the first errno */ 1135 /* err >= 0 after dev_alloc_name() or stores the first errno */
1136 if (err >= 0) { 1136 if (err >= 0) {
1137 err = ret; 1137 err = ret;
1138 write_seqlock(&devnet_rename_seq); 1138 write_seqcount_begin(&devnet_rename_seq);
1139 memcpy(dev->name, oldname, IFNAMSIZ); 1139 memcpy(dev->name, oldname, IFNAMSIZ);
1140 goto rollback; 1140 goto rollback;
1141 } else { 1141 } else {
@@ -4180,7 +4180,7 @@ static int dev_ifname(struct net *net, struct ifreq __user *arg)
4180 return -EFAULT; 4180 return -EFAULT;
4181 4181
4182retry: 4182retry:
4183 seq = read_seqbegin(&devnet_rename_seq); 4183 seq = read_seqcount_begin(&devnet_rename_seq);
4184 rcu_read_lock(); 4184 rcu_read_lock();
4185 dev = dev_get_by_index_rcu(net, ifr.ifr_ifindex); 4185 dev = dev_get_by_index_rcu(net, ifr.ifr_ifindex);
4186 if (!dev) { 4186 if (!dev) {
@@ -4190,7 +4190,7 @@ retry:
4190 4190
4191 strcpy(ifr.ifr_name, dev->name); 4191 strcpy(ifr.ifr_name, dev->name);
4192 rcu_read_unlock(); 4192 rcu_read_unlock();
4193 if (read_seqretry(&devnet_rename_seq, seq)) 4193 if (read_seqcount_retry(&devnet_rename_seq, seq))
4194 goto retry; 4194 goto retry;
4195 4195
4196 if (copy_to_user(arg, &ifr, sizeof(struct ifreq))) 4196 if (copy_to_user(arg, &ifr, sizeof(struct ifreq)))
diff --git a/net/core/net-sysfs.c b/net/core/net-sysfs.c
index 334efd5d67a9..28c5f5aa7ca7 100644
--- a/net/core/net-sysfs.c
+++ b/net/core/net-sysfs.c
@@ -1334,7 +1334,6 @@ struct kobj_ns_type_operations net_ns_type_operations = {
1334}; 1334};
1335EXPORT_SYMBOL_GPL(net_ns_type_operations); 1335EXPORT_SYMBOL_GPL(net_ns_type_operations);
1336 1336
1337#ifdef CONFIG_HOTPLUG
1338static int netdev_uevent(struct device *d, struct kobj_uevent_env *env) 1337static int netdev_uevent(struct device *d, struct kobj_uevent_env *env)
1339{ 1338{
1340 struct net_device *dev = to_net_dev(d); 1339 struct net_device *dev = to_net_dev(d);
@@ -1353,7 +1352,6 @@ static int netdev_uevent(struct device *d, struct kobj_uevent_env *env)
1353exit: 1352exit:
1354 return retval; 1353 return retval;
1355} 1354}
1356#endif
1357 1355
1358/* 1356/*
1359 * netdev_release -- destroy and free a dead device. 1357 * netdev_release -- destroy and free a dead device.
@@ -1382,9 +1380,7 @@ static struct class net_class = {
1382#ifdef CONFIG_SYSFS 1380#ifdef CONFIG_SYSFS
1383 .dev_attrs = net_class_attributes, 1381 .dev_attrs = net_class_attributes,
1384#endif /* CONFIG_SYSFS */ 1382#endif /* CONFIG_SYSFS */
1385#ifdef CONFIG_HOTPLUG
1386 .dev_uevent = netdev_uevent, 1383 .dev_uevent = netdev_uevent,
1387#endif
1388 .ns_type = &net_ns_type_operations, 1384 .ns_type = &net_ns_type_operations,
1389 .namespace = net_namespace, 1385 .namespace = net_namespace,
1390}; 1386};
diff --git a/net/core/sock.c b/net/core/sock.c
index a692ef49c9bb..bc131d419683 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -583,7 +583,7 @@ static int sock_getbindtodevice(struct sock *sk, char __user *optval,
583 goto out; 583 goto out;
584 584
585retry: 585retry:
586 seq = read_seqbegin(&devnet_rename_seq); 586 seq = read_seqcount_begin(&devnet_rename_seq);
587 rcu_read_lock(); 587 rcu_read_lock();
588 dev = dev_get_by_index_rcu(net, sk->sk_bound_dev_if); 588 dev = dev_get_by_index_rcu(net, sk->sk_bound_dev_if);
589 ret = -ENODEV; 589 ret = -ENODEV;
@@ -594,7 +594,7 @@ retry:
594 594
595 strcpy(devname, dev->name); 595 strcpy(devname, dev->name);
596 rcu_read_unlock(); 596 rcu_read_unlock();
597 if (read_seqretry(&devnet_rename_seq, seq)) 597 if (read_seqcount_retry(&devnet_rename_seq, seq))
598 goto retry; 598 goto retry;
599 599
600 len = strlen(devname) + 1; 600 len = strlen(devname) + 1;
diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c
index ce6fbdfd40b8..9547a273b9e9 100644
--- a/net/ipv4/arp.c
+++ b/net/ipv4/arp.c
@@ -321,7 +321,7 @@ static void arp_error_report(struct neighbour *neigh, struct sk_buff *skb)
321static void arp_solicit(struct neighbour *neigh, struct sk_buff *skb) 321static void arp_solicit(struct neighbour *neigh, struct sk_buff *skb)
322{ 322{
323 __be32 saddr = 0; 323 __be32 saddr = 0;
324 u8 *dst_ha = NULL; 324 u8 dst_ha[MAX_ADDR_LEN], *dst_hw = NULL;
325 struct net_device *dev = neigh->dev; 325 struct net_device *dev = neigh->dev;
326 __be32 target = *(__be32 *)neigh->primary_key; 326 __be32 target = *(__be32 *)neigh->primary_key;
327 int probes = atomic_read(&neigh->probes); 327 int probes = atomic_read(&neigh->probes);
@@ -363,8 +363,8 @@ static void arp_solicit(struct neighbour *neigh, struct sk_buff *skb)
363 if (probes < 0) { 363 if (probes < 0) {
364 if (!(neigh->nud_state & NUD_VALID)) 364 if (!(neigh->nud_state & NUD_VALID))
365 pr_debug("trying to ucast probe in NUD_INVALID\n"); 365 pr_debug("trying to ucast probe in NUD_INVALID\n");
366 dst_ha = neigh->ha; 366 neigh_ha_snapshot(dst_ha, neigh, dev);
367 read_lock_bh(&neigh->lock); 367 dst_hw = dst_ha;
368 } else { 368 } else {
369 probes -= neigh->parms->app_probes; 369 probes -= neigh->parms->app_probes;
370 if (probes < 0) { 370 if (probes < 0) {
@@ -376,9 +376,7 @@ static void arp_solicit(struct neighbour *neigh, struct sk_buff *skb)
376 } 376 }
377 377
378 arp_send(ARPOP_REQUEST, ETH_P_ARP, target, dev, saddr, 378 arp_send(ARPOP_REQUEST, ETH_P_ARP, target, dev, saddr,
379 dst_ha, dev->dev_addr, NULL); 379 dst_hw, dev->dev_addr, NULL);
380 if (dst_ha)
381 read_unlock_bh(&neigh->lock);
382} 380}
383 381
384static int arp_ignore(struct in_device *in_dev, __be32 sip, __be32 tip) 382static int arp_ignore(struct in_device *in_dev, __be32 sip, __be32 tip)
diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
index cc06a47f1216..a8e4f2665d5e 100644
--- a/net/ipv4/devinet.c
+++ b/net/ipv4/devinet.c
@@ -823,9 +823,9 @@ int devinet_ioctl(struct net *net, unsigned int cmd, void __user *arg)
823 if (!ifa) { 823 if (!ifa) {
824 ret = -ENOBUFS; 824 ret = -ENOBUFS;
825 ifa = inet_alloc_ifa(); 825 ifa = inet_alloc_ifa();
826 INIT_HLIST_NODE(&ifa->hash);
827 if (!ifa) 826 if (!ifa)
828 break; 827 break;
828 INIT_HLIST_NODE(&ifa->hash);
829 if (colon) 829 if (colon)
830 memcpy(ifa->ifa_label, ifr.ifr_name, IFNAMSIZ); 830 memcpy(ifa->ifa_label, ifr.ifr_name, IFNAMSIZ);
831 else 831 else
diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
index a85ae2f7a21c..303012adf9e6 100644
--- a/net/ipv4/ip_gre.c
+++ b/net/ipv4/ip_gre.c
@@ -750,6 +750,7 @@ static netdev_tx_t ipgre_tunnel_xmit(struct sk_buff *skb, struct net_device *dev
750 int gre_hlen; 750 int gre_hlen;
751 __be32 dst; 751 __be32 dst;
752 int mtu; 752 int mtu;
753 u8 ttl;
753 754
754 if (skb->ip_summed == CHECKSUM_PARTIAL && 755 if (skb->ip_summed == CHECKSUM_PARTIAL &&
755 skb_checksum_help(skb)) 756 skb_checksum_help(skb))
@@ -760,7 +761,10 @@ static netdev_tx_t ipgre_tunnel_xmit(struct sk_buff *skb, struct net_device *dev
760 761
761 if (dev->header_ops && dev->type == ARPHRD_IPGRE) { 762 if (dev->header_ops && dev->type == ARPHRD_IPGRE) {
762 gre_hlen = 0; 763 gre_hlen = 0;
763 tiph = (const struct iphdr *)skb->data; 764 if (skb->protocol == htons(ETH_P_IP))
765 tiph = (const struct iphdr *)skb->data;
766 else
767 tiph = &tunnel->parms.iph;
764 } else { 768 } else {
765 gre_hlen = tunnel->hlen; 769 gre_hlen = tunnel->hlen;
766 tiph = &tunnel->parms.iph; 770 tiph = &tunnel->parms.iph;
@@ -812,6 +816,7 @@ static netdev_tx_t ipgre_tunnel_xmit(struct sk_buff *skb, struct net_device *dev
812 goto tx_error; 816 goto tx_error;
813 } 817 }
814 818
819 ttl = tiph->ttl;
815 tos = tiph->tos; 820 tos = tiph->tos;
816 if (tos == 1) { 821 if (tos == 1) {
817 tos = 0; 822 tos = 0;
@@ -904,11 +909,12 @@ static netdev_tx_t ipgre_tunnel_xmit(struct sk_buff *skb, struct net_device *dev
904 dev_kfree_skb(skb); 909 dev_kfree_skb(skb);
905 skb = new_skb; 910 skb = new_skb;
906 old_iph = ip_hdr(skb); 911 old_iph = ip_hdr(skb);
912 /* Warning : tiph value might point to freed memory */
907 } 913 }
908 914
909 skb_reset_transport_header(skb);
910 skb_push(skb, gre_hlen); 915 skb_push(skb, gre_hlen);
911 skb_reset_network_header(skb); 916 skb_reset_network_header(skb);
917 skb_set_transport_header(skb, sizeof(*iph));
912 memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt)); 918 memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
913 IPCB(skb)->flags &= ~(IPSKB_XFRM_TUNNEL_SIZE | IPSKB_XFRM_TRANSFORMED | 919 IPCB(skb)->flags &= ~(IPSKB_XFRM_TUNNEL_SIZE | IPSKB_XFRM_TRANSFORMED |
914 IPSKB_REROUTED); 920 IPSKB_REROUTED);
@@ -927,8 +933,9 @@ static netdev_tx_t ipgre_tunnel_xmit(struct sk_buff *skb, struct net_device *dev
927 iph->tos = ipgre_ecn_encapsulate(tos, old_iph, skb); 933 iph->tos = ipgre_ecn_encapsulate(tos, old_iph, skb);
928 iph->daddr = fl4.daddr; 934 iph->daddr = fl4.daddr;
929 iph->saddr = fl4.saddr; 935 iph->saddr = fl4.saddr;
936 iph->ttl = ttl;
930 937
931 if ((iph->ttl = tiph->ttl) == 0) { 938 if (ttl == 0) {
932 if (skb->protocol == htons(ETH_P_IP)) 939 if (skb->protocol == htons(ETH_P_IP))
933 iph->ttl = old_iph->ttl; 940 iph->ttl = old_iph->ttl;
934#if IS_ENABLED(CONFIG_IPV6) 941#if IS_ENABLED(CONFIG_IPV6)
diff --git a/net/ipv4/ipconfig.c b/net/ipv4/ipconfig.c
index d763701cff1b..a2e50ae80b53 100644
--- a/net/ipv4/ipconfig.c
+++ b/net/ipv4/ipconfig.c
@@ -136,6 +136,8 @@ __be32 ic_myaddr = NONE; /* My IP address */
136static __be32 ic_netmask = NONE; /* Netmask for local subnet */ 136static __be32 ic_netmask = NONE; /* Netmask for local subnet */
137__be32 ic_gateway = NONE; /* Gateway IP address */ 137__be32 ic_gateway = NONE; /* Gateway IP address */
138 138
139__be32 ic_addrservaddr = NONE; /* IP Address of the IP addresses'server */
140
139__be32 ic_servaddr = NONE; /* Boot server IP address */ 141__be32 ic_servaddr = NONE; /* Boot server IP address */
140 142
141__be32 root_server_addr = NONE; /* Address of NFS server */ 143__be32 root_server_addr = NONE; /* Address of NFS server */
@@ -558,6 +560,7 @@ ic_rarp_recv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt
558 if (ic_myaddr == NONE) 560 if (ic_myaddr == NONE)
559 ic_myaddr = tip; 561 ic_myaddr = tip;
560 ic_servaddr = sip; 562 ic_servaddr = sip;
563 ic_addrservaddr = sip;
561 ic_got_reply = IC_RARP; 564 ic_got_reply = IC_RARP;
562 565
563drop_unlock: 566drop_unlock:
@@ -1068,7 +1071,7 @@ static int __init ic_bootp_recv(struct sk_buff *skb, struct net_device *dev, str
1068 ic_servaddr = server_id; 1071 ic_servaddr = server_id;
1069#ifdef IPCONFIG_DEBUG 1072#ifdef IPCONFIG_DEBUG
1070 printk("DHCP: Offered address %pI4 by server %pI4\n", 1073 printk("DHCP: Offered address %pI4 by server %pI4\n",
1071 &ic_myaddr, &ic_servaddr); 1074 &ic_myaddr, &b->iph.saddr);
1072#endif 1075#endif
1073 /* The DHCP indicated server address takes 1076 /* The DHCP indicated server address takes
1074 * precedence over the bootp header one if 1077 * precedence over the bootp header one if
@@ -1113,6 +1116,7 @@ static int __init ic_bootp_recv(struct sk_buff *skb, struct net_device *dev, str
1113 ic_dev = dev; 1116 ic_dev = dev;
1114 ic_myaddr = b->your_ip; 1117 ic_myaddr = b->your_ip;
1115 ic_servaddr = b->server_ip; 1118 ic_servaddr = b->server_ip;
1119 ic_addrservaddr = b->iph.saddr;
1116 if (ic_gateway == NONE && b->relay_ip) 1120 if (ic_gateway == NONE && b->relay_ip)
1117 ic_gateway = b->relay_ip; 1121 ic_gateway = b->relay_ip;
1118 if (ic_nameservers[0] == NONE) 1122 if (ic_nameservers[0] == NONE)
@@ -1268,7 +1272,7 @@ static int __init ic_dynamic(void)
1268 printk("IP-Config: Got %s answer from %pI4, ", 1272 printk("IP-Config: Got %s answer from %pI4, ",
1269 ((ic_got_reply & IC_RARP) ? "RARP" 1273 ((ic_got_reply & IC_RARP) ? "RARP"
1270 : (ic_proto_enabled & IC_USE_DHCP) ? "DHCP" : "BOOTP"), 1274 : (ic_proto_enabled & IC_USE_DHCP) ? "DHCP" : "BOOTP"),
1271 &ic_servaddr); 1275 &ic_addrservaddr);
1272 pr_cont("my address is %pI4\n", &ic_myaddr); 1276 pr_cont("my address is %pI4\n", &ic_myaddr);
1273 1277
1274 return 0; 1278 return 0;
diff --git a/net/ipv4/netfilter/ipt_REJECT.c b/net/ipv4/netfilter/ipt_REJECT.c
index 51f13f8ec724..04b18c1ac345 100644
--- a/net/ipv4/netfilter/ipt_REJECT.c
+++ b/net/ipv4/netfilter/ipt_REJECT.c
@@ -81,6 +81,7 @@ static void send_reset(struct sk_buff *oldskb, int hook)
81 niph->saddr = oiph->daddr; 81 niph->saddr = oiph->daddr;
82 niph->daddr = oiph->saddr; 82 niph->daddr = oiph->saddr;
83 83
84 skb_reset_transport_header(nskb);
84 tcph = (struct tcphdr *)skb_put(nskb, sizeof(struct tcphdr)); 85 tcph = (struct tcphdr *)skb_put(nskb, sizeof(struct tcphdr));
85 memset(tcph, 0, sizeof(*tcph)); 86 memset(tcph, 0, sizeof(*tcph));
86 tcph->source = oth->dest; 87 tcph->source = oth->dest;
diff --git a/net/ipv4/netfilter/iptable_nat.c b/net/ipv4/netfilter/iptable_nat.c
index da2c8a368f68..eeaff7e4acb5 100644
--- a/net/ipv4/netfilter/iptable_nat.c
+++ b/net/ipv4/netfilter/iptable_nat.c
@@ -124,23 +124,28 @@ nf_nat_ipv4_fn(unsigned int hooknum,
124 ret = nf_nat_rule_find(skb, hooknum, in, out, ct); 124 ret = nf_nat_rule_find(skb, hooknum, in, out, ct);
125 if (ret != NF_ACCEPT) 125 if (ret != NF_ACCEPT)
126 return ret; 126 return ret;
127 } else 127 } else {
128 pr_debug("Already setup manip %s for ct %p\n", 128 pr_debug("Already setup manip %s for ct %p\n",
129 maniptype == NF_NAT_MANIP_SRC ? "SRC" : "DST", 129 maniptype == NF_NAT_MANIP_SRC ? "SRC" : "DST",
130 ct); 130 ct);
131 if (nf_nat_oif_changed(hooknum, ctinfo, nat, out))
132 goto oif_changed;
133 }
131 break; 134 break;
132 135
133 default: 136 default:
134 /* ESTABLISHED */ 137 /* ESTABLISHED */
135 NF_CT_ASSERT(ctinfo == IP_CT_ESTABLISHED || 138 NF_CT_ASSERT(ctinfo == IP_CT_ESTABLISHED ||
136 ctinfo == IP_CT_ESTABLISHED_REPLY); 139 ctinfo == IP_CT_ESTABLISHED_REPLY);
137 if (nf_nat_oif_changed(hooknum, ctinfo, nat, out)) { 140 if (nf_nat_oif_changed(hooknum, ctinfo, nat, out))
138 nf_ct_kill_acct(ct, ctinfo, skb); 141 goto oif_changed;
139 return NF_DROP;
140 }
141 } 142 }
142 143
143 return nf_nat_packet(ct, ctinfo, hooknum, skb); 144 return nf_nat_packet(ct, ctinfo, hooknum, skb);
145
146oif_changed:
147 nf_ct_kill_acct(ct, ctinfo, skb);
148 return NF_DROP;
144} 149}
145 150
146static unsigned int 151static unsigned int
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index a13692560e63..a28e4db8a952 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -5543,6 +5543,9 @@ slow_path:
5543 if (len < (th->doff << 2) || tcp_checksum_complete_user(sk, skb)) 5543 if (len < (th->doff << 2) || tcp_checksum_complete_user(sk, skb))
5544 goto csum_error; 5544 goto csum_error;
5545 5545
5546 if (!th->ack)
5547 goto discard;
5548
5546 /* 5549 /*
5547 * Standard slow path. 5550 * Standard slow path.
5548 */ 5551 */
@@ -5551,7 +5554,7 @@ slow_path:
5551 return 0; 5554 return 0;
5552 5555
5553step5: 5556step5:
5554 if (th->ack && tcp_ack(sk, skb, FLAG_SLOWPATH) < 0) 5557 if (tcp_ack(sk, skb, FLAG_SLOWPATH) < 0)
5555 goto discard; 5558 goto discard;
5556 5559
5557 /* ts_recent update must be made after we are sure that the packet 5560 /* ts_recent update must be made after we are sure that the packet
@@ -5984,11 +5987,15 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
5984 if (tcp_check_req(sk, skb, req, NULL, true) == NULL) 5987 if (tcp_check_req(sk, skb, req, NULL, true) == NULL)
5985 goto discard; 5988 goto discard;
5986 } 5989 }
5990
5991 if (!th->ack)
5992 goto discard;
5993
5987 if (!tcp_validate_incoming(sk, skb, th, 0)) 5994 if (!tcp_validate_incoming(sk, skb, th, 0))
5988 return 0; 5995 return 0;
5989 5996
5990 /* step 5: check the ACK field */ 5997 /* step 5: check the ACK field */
5991 if (th->ack) { 5998 if (true) {
5992 int acceptable = tcp_ack(sk, skb, FLAG_SLOWPATH) > 0; 5999 int acceptable = tcp_ack(sk, skb, FLAG_SLOWPATH) > 0;
5993 6000
5994 switch (sk->sk_state) { 6001 switch (sk->sk_state) {
@@ -6138,8 +6145,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
6138 } 6145 }
6139 break; 6146 break;
6140 } 6147 }
6141 } else 6148 }
6142 goto discard;
6143 6149
6144 /* ts_recent update must be made after we are sure that the packet 6150 /* ts_recent update must be made after we are sure that the packet
6145 * is in window. 6151 * is in window.
diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c
index 867466c96aac..c727e4712751 100644
--- a/net/ipv6/ip6_gre.c
+++ b/net/ipv6/ip6_gre.c
@@ -758,8 +758,6 @@ static netdev_tx_t ip6gre_xmit2(struct sk_buff *skb,
758 skb_dst_set_noref(skb, dst); 758 skb_dst_set_noref(skb, dst);
759 } 759 }
760 760
761 skb->transport_header = skb->network_header;
762
763 proto = NEXTHDR_GRE; 761 proto = NEXTHDR_GRE;
764 if (encap_limit >= 0) { 762 if (encap_limit >= 0) {
765 init_tel_txopt(&opt, encap_limit); 763 init_tel_txopt(&opt, encap_limit);
@@ -768,6 +766,7 @@ static netdev_tx_t ip6gre_xmit2(struct sk_buff *skb,
768 766
769 skb_push(skb, gre_hlen); 767 skb_push(skb, gre_hlen);
770 skb_reset_network_header(skb); 768 skb_reset_network_header(skb);
769 skb_set_transport_header(skb, sizeof(*ipv6h));
771 770
772 /* 771 /*
773 * Push down and install the IP header. 772 * Push down and install the IP header.
diff --git a/net/ipv6/netfilter/ip6t_NPT.c b/net/ipv6/netfilter/ip6t_NPT.c
index e9486915eff6..7302b0b7b642 100644
--- a/net/ipv6/netfilter/ip6t_NPT.c
+++ b/net/ipv6/netfilter/ip6t_NPT.c
@@ -14,42 +14,23 @@
14#include <linux/netfilter_ipv6/ip6t_NPT.h> 14#include <linux/netfilter_ipv6/ip6t_NPT.h>
15#include <linux/netfilter/x_tables.h> 15#include <linux/netfilter/x_tables.h>
16 16
17static __sum16 csum16_complement(__sum16 a)
18{
19 return (__force __sum16)(0xffff - (__force u16)a);
20}
21
22static __sum16 csum16_add(__sum16 a, __sum16 b)
23{
24 u16 sum;
25
26 sum = (__force u16)a + (__force u16)b;
27 sum += (__force u16)a < (__force u16)b;
28 return (__force __sum16)sum;
29}
30
31static __sum16 csum16_sub(__sum16 a, __sum16 b)
32{
33 return csum16_add(a, csum16_complement(b));
34}
35
36static int ip6t_npt_checkentry(const struct xt_tgchk_param *par) 17static int ip6t_npt_checkentry(const struct xt_tgchk_param *par)
37{ 18{
38 struct ip6t_npt_tginfo *npt = par->targinfo; 19 struct ip6t_npt_tginfo *npt = par->targinfo;
39 __sum16 src_sum = 0, dst_sum = 0; 20 __wsum src_sum = 0, dst_sum = 0;
40 unsigned int i; 21 unsigned int i;
41 22
42 if (npt->src_pfx_len > 64 || npt->dst_pfx_len > 64) 23 if (npt->src_pfx_len > 64 || npt->dst_pfx_len > 64)
43 return -EINVAL; 24 return -EINVAL;
44 25
45 for (i = 0; i < ARRAY_SIZE(npt->src_pfx.in6.s6_addr16); i++) { 26 for (i = 0; i < ARRAY_SIZE(npt->src_pfx.in6.s6_addr16); i++) {
46 src_sum = csum16_add(src_sum, 27 src_sum = csum_add(src_sum,
47 (__force __sum16)npt->src_pfx.in6.s6_addr16[i]); 28 (__force __wsum)npt->src_pfx.in6.s6_addr16[i]);
48 dst_sum = csum16_add(dst_sum, 29 dst_sum = csum_add(dst_sum,
49 (__force __sum16)npt->dst_pfx.in6.s6_addr16[i]); 30 (__force __wsum)npt->dst_pfx.in6.s6_addr16[i]);
50 } 31 }
51 32
52 npt->adjustment = csum16_sub(src_sum, dst_sum); 33 npt->adjustment = (__force __sum16) csum_sub(src_sum, dst_sum);
53 return 0; 34 return 0;
54} 35}
55 36
@@ -85,7 +66,7 @@ static bool ip6t_npt_map_pfx(const struct ip6t_npt_tginfo *npt,
85 return false; 66 return false;
86 } 67 }
87 68
88 sum = csum16_add((__force __sum16)addr->s6_addr16[idx], 69 sum = (__force __sum16) csum_add((__force __wsum)addr->s6_addr16[idx],
89 npt->adjustment); 70 npt->adjustment);
90 if (sum == CSUM_MANGLED_0) 71 if (sum == CSUM_MANGLED_0)
91 sum = 0; 72 sum = 0;
diff --git a/net/ipv6/netfilter/ip6t_REJECT.c b/net/ipv6/netfilter/ip6t_REJECT.c
index fd4fb34c51c7..029623dbd411 100644
--- a/net/ipv6/netfilter/ip6t_REJECT.c
+++ b/net/ipv6/netfilter/ip6t_REJECT.c
@@ -132,6 +132,7 @@ static void send_reset(struct net *net, struct sk_buff *oldskb)
132 ip6h->saddr = oip6h->daddr; 132 ip6h->saddr = oip6h->daddr;
133 ip6h->daddr = oip6h->saddr; 133 ip6h->daddr = oip6h->saddr;
134 134
135 skb_reset_transport_header(nskb);
135 tcph = (struct tcphdr *)skb_put(nskb, sizeof(struct tcphdr)); 136 tcph = (struct tcphdr *)skb_put(nskb, sizeof(struct tcphdr));
136 /* Truncate to length (no data) */ 137 /* Truncate to length (no data) */
137 tcph->doff = sizeof(struct tcphdr)/4; 138 tcph->doff = sizeof(struct tcphdr)/4;
diff --git a/net/ipv6/netfilter/ip6table_nat.c b/net/ipv6/netfilter/ip6table_nat.c
index 6c8ae24b85eb..e0e788d25b14 100644
--- a/net/ipv6/netfilter/ip6table_nat.c
+++ b/net/ipv6/netfilter/ip6table_nat.c
@@ -127,23 +127,28 @@ nf_nat_ipv6_fn(unsigned int hooknum,
127 ret = nf_nat_rule_find(skb, hooknum, in, out, ct); 127 ret = nf_nat_rule_find(skb, hooknum, in, out, ct);
128 if (ret != NF_ACCEPT) 128 if (ret != NF_ACCEPT)
129 return ret; 129 return ret;
130 } else 130 } else {
131 pr_debug("Already setup manip %s for ct %p\n", 131 pr_debug("Already setup manip %s for ct %p\n",
132 maniptype == NF_NAT_MANIP_SRC ? "SRC" : "DST", 132 maniptype == NF_NAT_MANIP_SRC ? "SRC" : "DST",
133 ct); 133 ct);
134 if (nf_nat_oif_changed(hooknum, ctinfo, nat, out))
135 goto oif_changed;
136 }
134 break; 137 break;
135 138
136 default: 139 default:
137 /* ESTABLISHED */ 140 /* ESTABLISHED */
138 NF_CT_ASSERT(ctinfo == IP_CT_ESTABLISHED || 141 NF_CT_ASSERT(ctinfo == IP_CT_ESTABLISHED ||
139 ctinfo == IP_CT_ESTABLISHED_REPLY); 142 ctinfo == IP_CT_ESTABLISHED_REPLY);
140 if (nf_nat_oif_changed(hooknum, ctinfo, nat, out)) { 143 if (nf_nat_oif_changed(hooknum, ctinfo, nat, out))
141 nf_ct_kill_acct(ct, ctinfo, skb); 144 goto oif_changed;
142 return NF_DROP;
143 }
144 } 145 }
145 146
146 return nf_nat_packet(ct, ctinfo, hooknum, skb); 147 return nf_nat_packet(ct, ctinfo, hooknum, skb);
148
149oif_changed:
150 nf_ct_kill_acct(ct, ctinfo, skb);
151 return NF_DROP;
147} 152}
148 153
149static unsigned int 154static unsigned int
diff --git a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
index 00ee17c3e893..137e245860ab 100644
--- a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
+++ b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
@@ -81,8 +81,8 @@ static int ipv6_get_l4proto(const struct sk_buff *skb, unsigned int nhoff,
81 } 81 }
82 protoff = ipv6_skip_exthdr(skb, extoff, &nexthdr, &frag_off); 82 protoff = ipv6_skip_exthdr(skb, extoff, &nexthdr, &frag_off);
83 /* 83 /*
84 * (protoff == skb->len) mean that the packet doesn't have no data 84 * (protoff == skb->len) means the packet has not data, just
85 * except of IPv6 & ext headers. but it's tracked anyway. - YK 85 * IPv6 and possibly extensions headers, but it is tracked anyway
86 */ 86 */
87 if (protoff < 0 || (frag_off & htons(~0x7)) != 0) { 87 if (protoff < 0 || (frag_off & htons(~0x7)) != 0) {
88 pr_debug("ip6_conntrack_core: can't find proto in pkt\n"); 88 pr_debug("ip6_conntrack_core: can't find proto in pkt\n");
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
index 22c8ea951185..3dacecc99065 100644
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -311,7 +311,10 @@ found:
311 else 311 else
312 fq->q.fragments = skb; 312 fq->q.fragments = skb;
313 313
314 skb->dev = NULL; 314 if (skb->dev) {
315 fq->iif = skb->dev->ifindex;
316 skb->dev = NULL;
317 }
315 fq->q.stamp = skb->tstamp; 318 fq->q.stamp = skb->tstamp;
316 fq->q.meat += skb->len; 319 fq->q.meat += skb->len;
317 if (payload_len > fq->q.max_size) 320 if (payload_len > fq->q.max_size)
diff --git a/net/mac802154/wpan.c b/net/mac802154/wpan.c
index 1191039c2b1b..199b92261e94 100644
--- a/net/mac802154/wpan.c
+++ b/net/mac802154/wpan.c
@@ -389,7 +389,7 @@ void mac802154_wpan_setup(struct net_device *dev)
389 389
390static int mac802154_process_data(struct net_device *dev, struct sk_buff *skb) 390static int mac802154_process_data(struct net_device *dev, struct sk_buff *skb)
391{ 391{
392 return netif_rx(skb); 392 return netif_rx_ni(skb);
393} 393}
394 394
395static int 395static int
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index fefa514b9917..49e96df5fbc4 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -680,6 +680,13 @@ config NETFILTER_XT_TARGET_NFQUEUE
680 680
681 To compile it as a module, choose M here. If unsure, say N. 681 To compile it as a module, choose M here. If unsure, say N.
682 682
683config NETFILTER_XT_TARGET_NOTRACK
684 tristate '"NOTRACK" target support (DEPRECATED)'
685 depends on NF_CONNTRACK
686 depends on IP_NF_RAW || IP6_NF_RAW
687 depends on NETFILTER_ADVANCED
688 select NETFILTER_XT_TARGET_CT
689
683config NETFILTER_XT_TARGET_RATEEST 690config NETFILTER_XT_TARGET_RATEEST
684 tristate '"RATEEST" target support' 691 tristate '"RATEEST" target support'
685 depends on NETFILTER_ADVANCED 692 depends on NETFILTER_ADVANCED
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 08cdc71d8e87..016d95ead930 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -1526,6 +1526,7 @@ err_extend:
1526 */ 1526 */
1527#define UNCONFIRMED_NULLS_VAL ((1<<30)+0) 1527#define UNCONFIRMED_NULLS_VAL ((1<<30)+0)
1528#define DYING_NULLS_VAL ((1<<30)+1) 1528#define DYING_NULLS_VAL ((1<<30)+1)
1529#define TEMPLATE_NULLS_VAL ((1<<30)+2)
1529 1530
1530static int nf_conntrack_init_net(struct net *net) 1531static int nf_conntrack_init_net(struct net *net)
1531{ 1532{
@@ -1534,6 +1535,7 @@ static int nf_conntrack_init_net(struct net *net)
1534 atomic_set(&net->ct.count, 0); 1535 atomic_set(&net->ct.count, 0);
1535 INIT_HLIST_NULLS_HEAD(&net->ct.unconfirmed, UNCONFIRMED_NULLS_VAL); 1536 INIT_HLIST_NULLS_HEAD(&net->ct.unconfirmed, UNCONFIRMED_NULLS_VAL);
1536 INIT_HLIST_NULLS_HEAD(&net->ct.dying, DYING_NULLS_VAL); 1537 INIT_HLIST_NULLS_HEAD(&net->ct.dying, DYING_NULLS_VAL);
1538 INIT_HLIST_NULLS_HEAD(&net->ct.tmpl, TEMPLATE_NULLS_VAL);
1537 net->ct.stat = alloc_percpu(struct ip_conntrack_stat); 1539 net->ct.stat = alloc_percpu(struct ip_conntrack_stat);
1538 if (!net->ct.stat) { 1540 if (!net->ct.stat) {
1539 ret = -ENOMEM; 1541 ret = -ENOMEM;
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 4e078cd84d83..627b0e50b238 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -2624,7 +2624,7 @@ ctnetlink_create_expect(struct net *net, u16 zone,
2624 if (!help) { 2624 if (!help) {
2625 if (!cda[CTA_EXPECT_TIMEOUT]) { 2625 if (!cda[CTA_EXPECT_TIMEOUT]) {
2626 err = -EINVAL; 2626 err = -EINVAL;
2627 goto out; 2627 goto err_out;
2628 } 2628 }
2629 exp->timeout.expires = 2629 exp->timeout.expires =
2630 jiffies + ntohl(nla_get_be32(cda[CTA_EXPECT_TIMEOUT])) * HZ; 2630 jiffies + ntohl(nla_get_be32(cda[CTA_EXPECT_TIMEOUT])) * HZ;
diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c
index 9f199f2e31fa..92fd8eca0d31 100644
--- a/net/netfilter/nfnetlink_log.c
+++ b/net/netfilter/nfnetlink_log.c
@@ -13,6 +13,7 @@
13 */ 13 */
14#include <linux/module.h> 14#include <linux/module.h>
15#include <linux/skbuff.h> 15#include <linux/skbuff.h>
16#include <linux/if_arp.h>
16#include <linux/init.h> 17#include <linux/init.h>
17#include <linux/ip.h> 18#include <linux/ip.h>
18#include <linux/ipv6.h> 19#include <linux/ipv6.h>
@@ -384,6 +385,7 @@ __build_packet_message(struct nfulnl_instance *inst,
384 struct nfgenmsg *nfmsg; 385 struct nfgenmsg *nfmsg;
385 sk_buff_data_t old_tail = inst->skb->tail; 386 sk_buff_data_t old_tail = inst->skb->tail;
386 struct sock *sk; 387 struct sock *sk;
388 const unsigned char *hwhdrp;
387 389
388 nlh = nlmsg_put(inst->skb, 0, 0, 390 nlh = nlmsg_put(inst->skb, 0, 0,
389 NFNL_SUBSYS_ULOG << 8 | NFULNL_MSG_PACKET, 391 NFNL_SUBSYS_ULOG << 8 | NFULNL_MSG_PACKET,
@@ -485,9 +487,17 @@ __build_packet_message(struct nfulnl_instance *inst,
485 if (indev && skb_mac_header_was_set(skb)) { 487 if (indev && skb_mac_header_was_set(skb)) {
486 if (nla_put_be16(inst->skb, NFULA_HWTYPE, htons(skb->dev->type)) || 488 if (nla_put_be16(inst->skb, NFULA_HWTYPE, htons(skb->dev->type)) ||
487 nla_put_be16(inst->skb, NFULA_HWLEN, 489 nla_put_be16(inst->skb, NFULA_HWLEN,
488 htons(skb->dev->hard_header_len)) || 490 htons(skb->dev->hard_header_len)))
489 nla_put(inst->skb, NFULA_HWHEADER, skb->dev->hard_header_len, 491 goto nla_put_failure;
490 skb_mac_header(skb))) 492
493 hwhdrp = skb_mac_header(skb);
494
495 if (skb->dev->type == ARPHRD_SIT)
496 hwhdrp -= ETH_HLEN;
497
498 if (hwhdrp >= skb->head &&
499 nla_put(inst->skb, NFULA_HWHEADER,
500 skb->dev->hard_header_len, hwhdrp))
491 goto nla_put_failure; 501 goto nla_put_failure;
492 } 502 }
493 503
diff --git a/net/netfilter/xt_CT.c b/net/netfilter/xt_CT.c
index ae7f5daeee43..2a0843081840 100644
--- a/net/netfilter/xt_CT.c
+++ b/net/netfilter/xt_CT.c
@@ -149,6 +149,10 @@ static int xt_ct_tg_check_v0(const struct xt_tgchk_param *par)
149 149
150 __set_bit(IPS_TEMPLATE_BIT, &ct->status); 150 __set_bit(IPS_TEMPLATE_BIT, &ct->status);
151 __set_bit(IPS_CONFIRMED_BIT, &ct->status); 151 __set_bit(IPS_CONFIRMED_BIT, &ct->status);
152
153 /* Overload tuple linked list to put us in template list. */
154 hlist_nulls_add_head_rcu(&ct->tuplehash[IP_CT_DIR_ORIGINAL].hnnode,
155 &par->net->ct.tmpl);
152out: 156out:
153 info->ct = ct; 157 info->ct = ct;
154 return 0; 158 return 0;
@@ -289,6 +293,10 @@ static int xt_ct_tg_check_v1(const struct xt_tgchk_param *par)
289 293
290 __set_bit(IPS_TEMPLATE_BIT, &ct->status); 294 __set_bit(IPS_TEMPLATE_BIT, &ct->status);
291 __set_bit(IPS_CONFIRMED_BIT, &ct->status); 295 __set_bit(IPS_CONFIRMED_BIT, &ct->status);
296
297 /* Overload tuple linked list to put us in template list. */
298 hlist_nulls_add_head_rcu(&ct->tuplehash[IP_CT_DIR_ORIGINAL].hnnode,
299 &par->net->ct.tmpl);
292out: 300out:
293 info->ct = ct; 301 info->ct = ct;
294 return 0; 302 return 0;
@@ -377,14 +385,60 @@ static struct xt_target xt_ct_tg_reg[] __read_mostly = {
377 }, 385 },
378}; 386};
379 387
388static unsigned int
389notrack_tg(struct sk_buff *skb, const struct xt_action_param *par)
390{
391 /* Previously seen (loopback)? Ignore. */
392 if (skb->nfct != NULL)
393 return XT_CONTINUE;
394
395 skb->nfct = &nf_ct_untracked_get()->ct_general;
396 skb->nfctinfo = IP_CT_NEW;
397 nf_conntrack_get(skb->nfct);
398
399 return XT_CONTINUE;
400}
401
402static int notrack_chk(const struct xt_tgchk_param *par)
403{
404 if (!par->net->xt.notrack_deprecated_warning) {
405 pr_info("netfilter: NOTRACK target is deprecated, "
406 "use CT instead or upgrade iptables\n");
407 par->net->xt.notrack_deprecated_warning = true;
408 }
409 return 0;
410}
411
412static struct xt_target notrack_tg_reg __read_mostly = {
413 .name = "NOTRACK",
414 .revision = 0,
415 .family = NFPROTO_UNSPEC,
416 .checkentry = notrack_chk,
417 .target = notrack_tg,
418 .table = "raw",
419 .me = THIS_MODULE,
420};
421
380static int __init xt_ct_tg_init(void) 422static int __init xt_ct_tg_init(void)
381{ 423{
382 return xt_register_targets(xt_ct_tg_reg, ARRAY_SIZE(xt_ct_tg_reg)); 424 int ret;
425
426 ret = xt_register_target(&notrack_tg_reg);
427 if (ret < 0)
428 return ret;
429
430 ret = xt_register_targets(xt_ct_tg_reg, ARRAY_SIZE(xt_ct_tg_reg));
431 if (ret < 0) {
432 xt_unregister_target(&notrack_tg_reg);
433 return ret;
434 }
435 return 0;
383} 436}
384 437
385static void __exit xt_ct_tg_exit(void) 438static void __exit xt_ct_tg_exit(void)
386{ 439{
387 xt_unregister_targets(xt_ct_tg_reg, ARRAY_SIZE(xt_ct_tg_reg)); 440 xt_unregister_targets(xt_ct_tg_reg, ARRAY_SIZE(xt_ct_tg_reg));
441 xt_unregister_target(&notrack_tg_reg);
388} 442}
389 443
390module_init(xt_ct_tg_init); 444module_init(xt_ct_tg_init);
@@ -394,3 +448,5 @@ MODULE_LICENSE("GPL");
394MODULE_DESCRIPTION("Xtables: connection tracking target"); 448MODULE_DESCRIPTION("Xtables: connection tracking target");
395MODULE_ALIAS("ipt_CT"); 449MODULE_ALIAS("ipt_CT");
396MODULE_ALIAS("ip6t_CT"); 450MODULE_ALIAS("ip6t_CT");
451MODULE_ALIAS("ipt_NOTRACK");
452MODULE_ALIAS("ip6t_NOTRACK");
diff --git a/net/netfilter/xt_hashlimit.c b/net/netfilter/xt_hashlimit.c
index 26a668a84aa2..a9d7af953ceb 100644
--- a/net/netfilter/xt_hashlimit.c
+++ b/net/netfilter/xt_hashlimit.c
@@ -157,11 +157,22 @@ dsthash_find(const struct xt_hashlimit_htable *ht,
157/* allocate dsthash_ent, initialize dst, put in htable and lock it */ 157/* allocate dsthash_ent, initialize dst, put in htable and lock it */
158static struct dsthash_ent * 158static struct dsthash_ent *
159dsthash_alloc_init(struct xt_hashlimit_htable *ht, 159dsthash_alloc_init(struct xt_hashlimit_htable *ht,
160 const struct dsthash_dst *dst) 160 const struct dsthash_dst *dst, bool *race)
161{ 161{
162 struct dsthash_ent *ent; 162 struct dsthash_ent *ent;
163 163
164 spin_lock(&ht->lock); 164 spin_lock(&ht->lock);
165
166 /* Two or more packets may race to create the same entry in the
167 * hashtable, double check if this packet lost race.
168 */
169 ent = dsthash_find(ht, dst);
170 if (ent != NULL) {
171 spin_unlock(&ht->lock);
172 *race = true;
173 return ent;
174 }
175
165 /* initialize hash with random val at the time we allocate 176 /* initialize hash with random val at the time we allocate
166 * the first hashtable entry */ 177 * the first hashtable entry */
167 if (unlikely(!ht->rnd_initialized)) { 178 if (unlikely(!ht->rnd_initialized)) {
@@ -318,7 +329,10 @@ static void htable_destroy(struct xt_hashlimit_htable *hinfo)
318 parent = hashlimit_net->ipt_hashlimit; 329 parent = hashlimit_net->ipt_hashlimit;
319 else 330 else
320 parent = hashlimit_net->ip6t_hashlimit; 331 parent = hashlimit_net->ip6t_hashlimit;
321 remove_proc_entry(hinfo->pde->name, parent); 332
333 if(parent != NULL)
334 remove_proc_entry(hinfo->pde->name, parent);
335
322 htable_selective_cleanup(hinfo, select_all); 336 htable_selective_cleanup(hinfo, select_all);
323 vfree(hinfo); 337 vfree(hinfo);
324} 338}
@@ -585,6 +599,7 @@ hashlimit_mt(const struct sk_buff *skb, struct xt_action_param *par)
585 unsigned long now = jiffies; 599 unsigned long now = jiffies;
586 struct dsthash_ent *dh; 600 struct dsthash_ent *dh;
587 struct dsthash_dst dst; 601 struct dsthash_dst dst;
602 bool race = false;
588 u32 cost; 603 u32 cost;
589 604
590 if (hashlimit_init_dst(hinfo, &dst, skb, par->thoff) < 0) 605 if (hashlimit_init_dst(hinfo, &dst, skb, par->thoff) < 0)
@@ -593,13 +608,18 @@ hashlimit_mt(const struct sk_buff *skb, struct xt_action_param *par)
593 rcu_read_lock_bh(); 608 rcu_read_lock_bh();
594 dh = dsthash_find(hinfo, &dst); 609 dh = dsthash_find(hinfo, &dst);
595 if (dh == NULL) { 610 if (dh == NULL) {
596 dh = dsthash_alloc_init(hinfo, &dst); 611 dh = dsthash_alloc_init(hinfo, &dst, &race);
597 if (dh == NULL) { 612 if (dh == NULL) {
598 rcu_read_unlock_bh(); 613 rcu_read_unlock_bh();
599 goto hotdrop; 614 goto hotdrop;
615 } else if (race) {
616 /* Already got an entry, update expiration timeout */
617 dh->expires = now + msecs_to_jiffies(hinfo->cfg.expire);
618 rateinfo_recalc(dh, now, hinfo->cfg.mode);
619 } else {
620 dh->expires = jiffies + msecs_to_jiffies(hinfo->cfg.expire);
621 rateinfo_init(dh, hinfo);
600 } 622 }
601 dh->expires = jiffies + msecs_to_jiffies(hinfo->cfg.expire);
602 rateinfo_init(dh, hinfo);
603 } else { 623 } else {
604 /* update expiration timeout */ 624 /* update expiration timeout */
605 dh->expires = now + msecs_to_jiffies(hinfo->cfg.expire); 625 dh->expires = now + msecs_to_jiffies(hinfo->cfg.expire);
@@ -856,6 +876,27 @@ static int __net_init hashlimit_proc_net_init(struct net *net)
856 876
857static void __net_exit hashlimit_proc_net_exit(struct net *net) 877static void __net_exit hashlimit_proc_net_exit(struct net *net)
858{ 878{
879 struct xt_hashlimit_htable *hinfo;
880 struct hlist_node *pos;
881 struct proc_dir_entry *pde;
882 struct hashlimit_net *hashlimit_net = hashlimit_pernet(net);
883
884 /* recent_net_exit() is called before recent_mt_destroy(). Make sure
885 * that the parent xt_recent proc entry is is empty before trying to
886 * remove it.
887 */
888 mutex_lock(&hashlimit_mutex);
889 pde = hashlimit_net->ipt_hashlimit;
890 if (pde == NULL)
891 pde = hashlimit_net->ip6t_hashlimit;
892
893 hlist_for_each_entry(hinfo, pos, &hashlimit_net->htables, node)
894 remove_proc_entry(hinfo->pde->name, pde);
895
896 hashlimit_net->ipt_hashlimit = NULL;
897 hashlimit_net->ip6t_hashlimit = NULL;
898 mutex_unlock(&hashlimit_mutex);
899
859 proc_net_remove(net, "ipt_hashlimit"); 900 proc_net_remove(net, "ipt_hashlimit");
860#if IS_ENABLED(CONFIG_IP6_NF_IPTABLES) 901#if IS_ENABLED(CONFIG_IP6_NF_IPTABLES)
861 proc_net_remove(net, "ip6t_hashlimit"); 902 proc_net_remove(net, "ip6t_hashlimit");
@@ -872,9 +913,6 @@ static int __net_init hashlimit_net_init(struct net *net)
872 913
873static void __net_exit hashlimit_net_exit(struct net *net) 914static void __net_exit hashlimit_net_exit(struct net *net)
874{ 915{
875 struct hashlimit_net *hashlimit_net = hashlimit_pernet(net);
876
877 BUG_ON(!hlist_empty(&hashlimit_net->htables));
878 hashlimit_proc_net_exit(net); 916 hashlimit_proc_net_exit(net);
879} 917}
880 918
diff --git a/net/netfilter/xt_recent.c b/net/netfilter/xt_recent.c
index 4635c9b00459..978efc9b555a 100644
--- a/net/netfilter/xt_recent.c
+++ b/net/netfilter/xt_recent.c
@@ -29,6 +29,7 @@
29#include <linux/skbuff.h> 29#include <linux/skbuff.h>
30#include <linux/inet.h> 30#include <linux/inet.h>
31#include <linux/slab.h> 31#include <linux/slab.h>
32#include <linux/vmalloc.h>
32#include <net/net_namespace.h> 33#include <net/net_namespace.h>
33#include <net/netns/generic.h> 34#include <net/netns/generic.h>
34 35
@@ -310,6 +311,14 @@ out:
310 return ret; 311 return ret;
311} 312}
312 313
314static void recent_table_free(void *addr)
315{
316 if (is_vmalloc_addr(addr))
317 vfree(addr);
318 else
319 kfree(addr);
320}
321
313static int recent_mt_check(const struct xt_mtchk_param *par, 322static int recent_mt_check(const struct xt_mtchk_param *par,
314 const struct xt_recent_mtinfo_v1 *info) 323 const struct xt_recent_mtinfo_v1 *info)
315{ 324{
@@ -322,6 +331,7 @@ static int recent_mt_check(const struct xt_mtchk_param *par,
322#endif 331#endif
323 unsigned int i; 332 unsigned int i;
324 int ret = -EINVAL; 333 int ret = -EINVAL;
334 size_t sz;
325 335
326 if (unlikely(!hash_rnd_inited)) { 336 if (unlikely(!hash_rnd_inited)) {
327 get_random_bytes(&hash_rnd, sizeof(hash_rnd)); 337 get_random_bytes(&hash_rnd, sizeof(hash_rnd));
@@ -360,8 +370,11 @@ static int recent_mt_check(const struct xt_mtchk_param *par,
360 goto out; 370 goto out;
361 } 371 }
362 372
363 t = kzalloc(sizeof(*t) + sizeof(t->iphash[0]) * ip_list_hash_size, 373 sz = sizeof(*t) + sizeof(t->iphash[0]) * ip_list_hash_size;
364 GFP_KERNEL); 374 if (sz <= PAGE_SIZE)
375 t = kzalloc(sz, GFP_KERNEL);
376 else
377 t = vzalloc(sz);
365 if (t == NULL) { 378 if (t == NULL) {
366 ret = -ENOMEM; 379 ret = -ENOMEM;
367 goto out; 380 goto out;
@@ -377,14 +390,14 @@ static int recent_mt_check(const struct xt_mtchk_param *par,
377 uid = make_kuid(&init_user_ns, ip_list_uid); 390 uid = make_kuid(&init_user_ns, ip_list_uid);
378 gid = make_kgid(&init_user_ns, ip_list_gid); 391 gid = make_kgid(&init_user_ns, ip_list_gid);
379 if (!uid_valid(uid) || !gid_valid(gid)) { 392 if (!uid_valid(uid) || !gid_valid(gid)) {
380 kfree(t); 393 recent_table_free(t);
381 ret = -EINVAL; 394 ret = -EINVAL;
382 goto out; 395 goto out;
383 } 396 }
384 pde = proc_create_data(t->name, ip_list_perms, recent_net->xt_recent, 397 pde = proc_create_data(t->name, ip_list_perms, recent_net->xt_recent,
385 &recent_mt_fops, t); 398 &recent_mt_fops, t);
386 if (pde == NULL) { 399 if (pde == NULL) {
387 kfree(t); 400 recent_table_free(t);
388 ret = -ENOMEM; 401 ret = -ENOMEM;
389 goto out; 402 goto out;
390 } 403 }
@@ -431,10 +444,11 @@ static void recent_mt_destroy(const struct xt_mtdtor_param *par)
431 list_del(&t->list); 444 list_del(&t->list);
432 spin_unlock_bh(&recent_lock); 445 spin_unlock_bh(&recent_lock);
433#ifdef CONFIG_PROC_FS 446#ifdef CONFIG_PROC_FS
434 remove_proc_entry(t->name, recent_net->xt_recent); 447 if (recent_net->xt_recent != NULL)
448 remove_proc_entry(t->name, recent_net->xt_recent);
435#endif 449#endif
436 recent_table_flush(t); 450 recent_table_flush(t);
437 kfree(t); 451 recent_table_free(t);
438 } 452 }
439 mutex_unlock(&recent_mutex); 453 mutex_unlock(&recent_mutex);
440} 454}
@@ -615,6 +629,20 @@ static int __net_init recent_proc_net_init(struct net *net)
615 629
616static void __net_exit recent_proc_net_exit(struct net *net) 630static void __net_exit recent_proc_net_exit(struct net *net)
617{ 631{
632 struct recent_net *recent_net = recent_pernet(net);
633 struct recent_table *t;
634
635 /* recent_net_exit() is called before recent_mt_destroy(). Make sure
636 * that the parent xt_recent proc entry is is empty before trying to
637 * remove it.
638 */
639 spin_lock_bh(&recent_lock);
640 list_for_each_entry(t, &recent_net->tables, list)
641 remove_proc_entry(t->name, recent_net->xt_recent);
642
643 recent_net->xt_recent = NULL;
644 spin_unlock_bh(&recent_lock);
645
618 proc_net_remove(net, "xt_recent"); 646 proc_net_remove(net, "xt_recent");
619} 647}
620#else 648#else
@@ -638,9 +666,6 @@ static int __net_init recent_net_init(struct net *net)
638 666
639static void __net_exit recent_net_exit(struct net *net) 667static void __net_exit recent_net_exit(struct net *net)
640{ 668{
641 struct recent_net *recent_net = recent_pernet(net);
642
643 BUG_ON(!list_empty(&recent_net->tables));
644 recent_proc_net_exit(net); 669 recent_proc_net_exit(net);
645} 670}
646 671
diff --git a/net/rds/ib_cm.c b/net/rds/ib_cm.c
index a1e116277477..31b74f5e61ad 100644
--- a/net/rds/ib_cm.c
+++ b/net/rds/ib_cm.c
@@ -434,12 +434,11 @@ static u32 rds_ib_protocol_compatible(struct rdma_cm_event *event)
434 version = RDS_PROTOCOL_3_0; 434 version = RDS_PROTOCOL_3_0;
435 while ((common >>= 1) != 0) 435 while ((common >>= 1) != 0)
436 version++; 436 version++;
437 } 437 } else
438 printk_ratelimited(KERN_NOTICE "RDS: Connection from %pI4 using " 438 printk_ratelimited(KERN_NOTICE "RDS: Connection from %pI4 using incompatible protocol version %u.%u\n",
439 "incompatible protocol version %u.%u\n", 439 &dp->dp_saddr,
440 &dp->dp_saddr, 440 dp->dp_protocol_major,
441 dp->dp_protocol_major, 441 dp->dp_protocol_minor);
442 dp->dp_protocol_minor);
443 return version; 442 return version;
444} 443}
445 444
diff --git a/net/rds/ib_recv.c b/net/rds/ib_recv.c
index 8c5bc857f04d..8eb9501e3d60 100644
--- a/net/rds/ib_recv.c
+++ b/net/rds/ib_recv.c
@@ -339,8 +339,8 @@ static int rds_ib_recv_refill_one(struct rds_connection *conn,
339 sge->length = sizeof(struct rds_header); 339 sge->length = sizeof(struct rds_header);
340 340
341 sge = &recv->r_sge[1]; 341 sge = &recv->r_sge[1];
342 sge->addr = sg_dma_address(&recv->r_frag->f_sg); 342 sge->addr = ib_sg_dma_address(ic->i_cm_id->device, &recv->r_frag->f_sg);
343 sge->length = sg_dma_len(&recv->r_frag->f_sg); 343 sge->length = ib_sg_dma_len(ic->i_cm_id->device, &recv->r_frag->f_sg);
344 344
345 ret = 0; 345 ret = 0;
346out: 346out:
@@ -381,7 +381,10 @@ void rds_ib_recv_refill(struct rds_connection *conn, int prefill)
381 ret = ib_post_recv(ic->i_cm_id->qp, &recv->r_wr, &failed_wr); 381 ret = ib_post_recv(ic->i_cm_id->qp, &recv->r_wr, &failed_wr);
382 rdsdebug("recv %p ibinc %p page %p addr %lu ret %d\n", recv, 382 rdsdebug("recv %p ibinc %p page %p addr %lu ret %d\n", recv,
383 recv->r_ibinc, sg_page(&recv->r_frag->f_sg), 383 recv->r_ibinc, sg_page(&recv->r_frag->f_sg),
384 (long) sg_dma_address(&recv->r_frag->f_sg), ret); 384 (long) ib_sg_dma_address(
385 ic->i_cm_id->device,
386 &recv->r_frag->f_sg),
387 ret);
385 if (ret) { 388 if (ret) {
386 rds_ib_conn_error(conn, "recv post on " 389 rds_ib_conn_error(conn, "recv post on "
387 "%pI4 returned %d, disconnecting and " 390 "%pI4 returned %d, disconnecting and "
diff --git a/net/sched/sch_htb.c b/net/sched/sch_htb.c
index d2922c0ef57a..51561eafcb72 100644
--- a/net/sched/sch_htb.c
+++ b/net/sched/sch_htb.c
@@ -919,7 +919,7 @@ ok:
919 q->now = ktime_to_ns(ktime_get()); 919 q->now = ktime_to_ns(ktime_get());
920 start_at = jiffies; 920 start_at = jiffies;
921 921
922 next_event = q->now + 5 * NSEC_PER_SEC; 922 next_event = q->now + 5LLU * NSEC_PER_SEC;
923 923
924 for (level = 0; level < TC_HTB_MAXDEPTH; level++) { 924 for (level = 0; level < TC_HTB_MAXDEPTH; level++) {
925 /* common case optimization - skip event handler quickly */ 925 /* common case optimization - skip event handler quickly */
diff --git a/net/sctp/Kconfig b/net/sctp/Kconfig
index c26210618e14..7521d944c0fb 100644
--- a/net/sctp/Kconfig
+++ b/net/sctp/Kconfig
@@ -68,7 +68,7 @@ config SCTP_DBG_OBJCNT
68 If unsure, say N 68 If unsure, say N
69choice 69choice
70 prompt "Default SCTP cookie HMAC encoding" 70 prompt "Default SCTP cookie HMAC encoding"
71 default SCTP_COOKIE_HMAC_MD5 71 default SCTP_DEFAULT_COOKIE_HMAC_MD5
72 help 72 help
73 This option sets the default sctp cookie hmac algorithm 73 This option sets the default sctp cookie hmac algorithm
74 when in doubt select 'md5' 74 when in doubt select 'md5'
diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c
index 822f020fa7f4..1915ffe598e3 100644
--- a/net/sunrpc/clnt.c
+++ b/net/sunrpc/clnt.c
@@ -610,11 +610,6 @@ EXPORT_SYMBOL_GPL(rpc_killall_tasks);
610 */ 610 */
611void rpc_shutdown_client(struct rpc_clnt *clnt) 611void rpc_shutdown_client(struct rpc_clnt *clnt)
612{ 612{
613 /*
614 * To avoid deadlock, never call rpc_shutdown_client from a
615 * workqueue context!
616 */
617 WARN_ON_ONCE(current->flags & PF_WQ_WORKER);
618 might_sleep(); 613 might_sleep();
619 614
620 dprintk_rcu("RPC: shutting down %s client for %s\n", 615 dprintk_rcu("RPC: shutting down %s client for %s\n",
diff --git a/net/sunrpc/sched.c b/net/sunrpc/sched.c
index d17a704aaf5f..b4133bd13915 100644
--- a/net/sunrpc/sched.c
+++ b/net/sunrpc/sched.c
@@ -934,16 +934,35 @@ struct rpc_task *rpc_new_task(const struct rpc_task_setup *setup_data)
934 return task; 934 return task;
935} 935}
936 936
937/*
938 * rpc_free_task - release rpc task and perform cleanups
939 *
940 * Note that we free up the rpc_task _after_ rpc_release_calldata()
941 * in order to work around a workqueue dependency issue.
942 *
943 * Tejun Heo states:
944 * "Workqueue currently considers two work items to be the same if they're
945 * on the same address and won't execute them concurrently - ie. it
946 * makes a work item which is queued again while being executed wait
947 * for the previous execution to complete.
948 *
949 * If a work function frees the work item, and then waits for an event
950 * which should be performed by another work item and *that* work item
951 * recycles the freed work item, it can create a false dependency loop.
952 * There really is no reliable way to detect this short of verifying
953 * every memory free."
954 *
955 */
937static void rpc_free_task(struct rpc_task *task) 956static void rpc_free_task(struct rpc_task *task)
938{ 957{
939 const struct rpc_call_ops *tk_ops = task->tk_ops; 958 unsigned short tk_flags = task->tk_flags;
940 void *calldata = task->tk_calldata; 959
960 rpc_release_calldata(task->tk_ops, task->tk_calldata);
941 961
942 if (task->tk_flags & RPC_TASK_DYNAMIC) { 962 if (tk_flags & RPC_TASK_DYNAMIC) {
943 dprintk("RPC: %5u freeing task\n", task->tk_pid); 963 dprintk("RPC: %5u freeing task\n", task->tk_pid);
944 mempool_free(task, rpc_task_mempool); 964 mempool_free(task, rpc_task_mempool);
945 } 965 }
946 rpc_release_calldata(tk_ops, calldata);
947} 966}
948 967
949static void rpc_async_release(struct work_struct *work) 968static void rpc_async_release(struct work_struct *work)
diff --git a/net/wireless/reg.c b/net/wireless/reg.c
index 6e5308998e30..82c4fc7c994c 100644
--- a/net/wireless/reg.c
+++ b/net/wireless/reg.c
@@ -2365,7 +2365,6 @@ int set_regdom(const struct ieee80211_regdomain *rd)
2365 return r; 2365 return r;
2366} 2366}
2367 2367
2368#ifdef CONFIG_HOTPLUG
2369int reg_device_uevent(struct device *dev, struct kobj_uevent_env *env) 2368int reg_device_uevent(struct device *dev, struct kobj_uevent_env *env)
2370{ 2369{
2371 if (last_request && !last_request->processed) { 2370 if (last_request && !last_request->processed) {
@@ -2377,12 +2376,6 @@ int reg_device_uevent(struct device *dev, struct kobj_uevent_env *env)
2377 2376
2378 return 0; 2377 return 0;
2379} 2378}
2380#else
2381int reg_device_uevent(struct device *dev, struct kobj_uevent_env *env)
2382{
2383 return -ENODEV;
2384}
2385#endif /* CONFIG_HOTPLUG */
2386 2379
2387void wiphy_regulatory_register(struct wiphy *wiphy) 2380void wiphy_regulatory_register(struct wiphy *wiphy)
2388{ 2381{
diff --git a/net/wireless/sysfs.c b/net/wireless/sysfs.c
index 9bf6d5e32166..1f6f01e2dc4c 100644
--- a/net/wireless/sysfs.c
+++ b/net/wireless/sysfs.c
@@ -77,13 +77,11 @@ static void wiphy_dev_release(struct device *dev)
77 cfg80211_dev_free(rdev); 77 cfg80211_dev_free(rdev);
78} 78}
79 79
80#ifdef CONFIG_HOTPLUG
81static int wiphy_uevent(struct device *dev, struct kobj_uevent_env *env) 80static int wiphy_uevent(struct device *dev, struct kobj_uevent_env *env)
82{ 81{
83 /* TODO, we probably need stuff here */ 82 /* TODO, we probably need stuff here */
84 return 0; 83 return 0;
85} 84}
86#endif
87 85
88static int wiphy_suspend(struct device *dev, pm_message_t state) 86static int wiphy_suspend(struct device *dev, pm_message_t state)
89{ 87{
@@ -134,9 +132,7 @@ struct class ieee80211_class = {
134 .owner = THIS_MODULE, 132 .owner = THIS_MODULE,
135 .dev_release = wiphy_dev_release, 133 .dev_release = wiphy_dev_release,
136 .dev_attrs = ieee80211_dev_attrs, 134 .dev_attrs = ieee80211_dev_attrs,
137#ifdef CONFIG_HOTPLUG
138 .dev_uevent = wiphy_uevent, 135 .dev_uevent = wiphy_uevent,
139#endif
140 .suspend = wiphy_suspend, 136 .suspend = wiphy_suspend,
141 .resume = wiphy_resume, 137 .resume = wiphy_resume,
142 .ns_type = &net_ns_type_operations, 138 .ns_type = &net_ns_type_operations,
generated by cgit v1.2.2 (git 2.25.0) at 2025-10-01 16:49:15 -0400