aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
Diffstat (limited to 'net')
-rw-r--r--net/bridge/br.c2
-rw-r--r--net/bridge/br_if.c5
-rw-r--r--net/compat.c90
-rw-r--r--net/core/dev.c2
-rw-r--r--net/ipv4/af_inet.c2
-rw-r--r--net/ipv4/icmp.c3
-rw-r--r--net/ipv4/ip_output.c22
-rw-r--r--net/ipv4/ip_sockglue.c9
-rw-r--r--net/ipv4/ipconfig.c8
-rw-r--r--net/ipv4/ipvs/ip_vs_proto.c2
-rw-r--r--net/ipv4/ipvs/ip_vs_proto_ah.c1
-rw-r--r--net/ipv4/ipvs/ip_vs_proto_esp.c1
-rw-r--r--net/ipv4/ipvs/ip_vs_proto_tcp.c1
-rw-r--r--net/ipv4/ipvs/ip_vs_proto_udp.c1
-rw-r--r--net/ipv4/ipvs/ip_vs_sync.c80
-rw-r--r--net/ipv4/netfilter/ip_queue.c5
-rw-r--r--net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c2
-rw-r--r--net/ipv4/route.c38
-rw-r--r--net/ipv4/tcp_cong.c12
-rw-r--r--net/ipv4/tcp_cubic.c4
-rw-r--r--net/ipv4/tcp_vegas.c10
-rw-r--r--net/ipv4/tcp_veno.c8
-rw-r--r--net/ipv6/ipv6_sockglue.c4
-rw-r--r--net/ipv6/netfilter/ip6_queue.c5
-rw-r--r--net/irda/ircomm/ircomm_tty.c6
-rw-r--r--net/irda/irnet/irnet_irda.c65
-rw-r--r--net/irda/irnet/irnet_irda.h8
-rw-r--r--net/key/af_key.c17
-rw-r--r--net/netfilter/nf_conntrack_core.c4
-rw-r--r--net/netfilter/nf_queue.c2
-rw-r--r--net/netfilter/nfnetlink_queue.c5
-rw-r--r--net/netfilter/x_tables.c2
-rw-r--r--net/netfilter/xt_TCPOPTSTRIP.c2
-rw-r--r--net/netfilter/xt_connbytes.c5
-rw-r--r--net/netlabel/netlabel_unlabeled.c1
-rw-r--r--net/netlabel/netlabel_user.c4
-rw-r--r--net/netlabel/netlabel_user.h1
-rw-r--r--net/netlink/af_netlink.c1
-rw-r--r--net/sched/sch_sfq.c3
-rw-r--r--net/xfrm/xfrm_output.c2
-rw-r--r--net/xfrm/xfrm_policy.c12
-rw-r--r--net/xfrm/xfrm_state.c13
-rw-r--r--net/xfrm/xfrm_user.c41
43 files changed, 337 insertions, 174 deletions
diff --git a/net/bridge/br.c b/net/bridge/br.c
index a90182873120..8f3c58e5f7a5 100644
--- a/net/bridge/br.c
+++ b/net/bridge/br.c
@@ -76,7 +76,6 @@ static void __exit br_deinit(void)
76 rcu_assign_pointer(br_stp_sap->rcv_func, NULL); 76 rcu_assign_pointer(br_stp_sap->rcv_func, NULL);
77 77
78 br_netlink_fini(); 78 br_netlink_fini();
79 br_netfilter_fini();
80 unregister_netdevice_notifier(&br_device_notifier); 79 unregister_netdevice_notifier(&br_device_notifier);
81 brioctl_set(NULL); 80 brioctl_set(NULL);
82 81
@@ -84,6 +83,7 @@ static void __exit br_deinit(void)
84 83
85 synchronize_net(); 84 synchronize_net();
86 85
86 br_netfilter_fini();
87 llc_sap_put(br_stp_sap); 87 llc_sap_put(br_stp_sap);
88 br_fdb_get_hook = NULL; 88 br_fdb_get_hook = NULL;
89 br_fdb_put_hook = NULL; 89 br_fdb_put_hook = NULL;
diff --git a/net/bridge/br_if.c b/net/bridge/br_if.c
index 298e0f463c56..77a981a1ee52 100644
--- a/net/bridge/br_if.c
+++ b/net/bridge/br_if.c
@@ -411,9 +411,12 @@ err2:
411 br_fdb_delete_by_port(br, p, 1); 411 br_fdb_delete_by_port(br, p, 1);
412err1: 412err1:
413 kobject_del(&p->kobj); 413 kobject_del(&p->kobj);
414 return err; 414 goto put_back;
415err0: 415err0:
416 kobject_put(&p->kobj); 416 kobject_put(&p->kobj);
417
418put_back:
419 dev_put(dev);
417 return err; 420 return err;
418} 421}
419 422
diff --git a/net/compat.c b/net/compat.c
index 01bf95d0832e..c823f6f290cb 100644
--- a/net/compat.c
+++ b/net/compat.c
@@ -548,6 +548,9 @@ struct compat_group_filter {
548 __attribute__ ((aligned(4))); 548 __attribute__ ((aligned(4)));
549} __attribute__ ((packed)); 549} __attribute__ ((packed));
550 550
551#define __COMPAT_GF0_SIZE (sizeof(struct compat_group_filter) - \
552 sizeof(struct __kernel_sockaddr_storage))
553
551 554
552int compat_mc_setsockopt(struct sock *sock, int level, int optname, 555int compat_mc_setsockopt(struct sock *sock, int level, int optname,
553 char __user *optval, int optlen, 556 char __user *optval, int optlen,
@@ -582,7 +585,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname,
582 case MCAST_UNBLOCK_SOURCE: 585 case MCAST_UNBLOCK_SOURCE:
583 { 586 {
584 struct compat_group_source_req __user *gsr32 = (void *)optval; 587 struct compat_group_source_req __user *gsr32 = (void *)optval;
585 struct group_source_req *kgsr = compat_alloc_user_space( 588 struct group_source_req __user *kgsr = compat_alloc_user_space(
586 sizeof(struct group_source_req)); 589 sizeof(struct group_source_req));
587 u32 interface; 590 u32 interface;
588 591
@@ -603,10 +606,10 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname,
603 case MCAST_MSFILTER: 606 case MCAST_MSFILTER:
604 { 607 {
605 struct compat_group_filter __user *gf32 = (void *)optval; 608 struct compat_group_filter __user *gf32 = (void *)optval;
606 struct group_filter *kgf; 609 struct group_filter __user *kgf;
607 u32 interface, fmode, numsrc; 610 u32 interface, fmode, numsrc;
608 611
609 if (!access_ok(VERIFY_READ, gf32, sizeof(*gf32)) || 612 if (!access_ok(VERIFY_READ, gf32, __COMPAT_GF0_SIZE) ||
610 __get_user(interface, &gf32->gf_interface) || 613 __get_user(interface, &gf32->gf_interface) ||
611 __get_user(fmode, &gf32->gf_fmode) || 614 __get_user(fmode, &gf32->gf_fmode) ||
612 __get_user(numsrc, &gf32->gf_numsrc)) 615 __get_user(numsrc, &gf32->gf_numsrc))
@@ -622,7 +625,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname,
622 __put_user(numsrc, &kgf->gf_numsrc) || 625 __put_user(numsrc, &kgf->gf_numsrc) ||
623 copy_in_user(&kgf->gf_group, &gf32->gf_group, 626 copy_in_user(&kgf->gf_group, &gf32->gf_group,
624 sizeof(kgf->gf_group)) || 627 sizeof(kgf->gf_group)) ||
625 (numsrc && copy_in_user(&kgf->gf_slist, &gf32->gf_slist, 628 (numsrc && copy_in_user(kgf->gf_slist, gf32->gf_slist,
626 numsrc * sizeof(kgf->gf_slist[0])))) 629 numsrc * sizeof(kgf->gf_slist[0]))))
627 return -EFAULT; 630 return -EFAULT;
628 koptval = (char __user *)kgf; 631 koptval = (char __user *)kgf;
@@ -637,6 +640,85 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname,
637 640
638EXPORT_SYMBOL(compat_mc_setsockopt); 641EXPORT_SYMBOL(compat_mc_setsockopt);
639 642
643int compat_mc_getsockopt(struct sock *sock, int level, int optname,
644 char __user *optval, int __user *optlen,
645 int (*getsockopt)(struct sock *,int,int,char __user *,int __user *))
646{
647 struct compat_group_filter __user *gf32 = (void *)optval;
648 struct group_filter __user *kgf;
649 int __user *koptlen;
650 u32 interface, fmode, numsrc;
651 int klen, ulen, err;
652
653 if (optname != MCAST_MSFILTER)
654 return getsockopt(sock, level, optname, optval, optlen);
655
656 koptlen = compat_alloc_user_space(sizeof(*koptlen));
657 if (!access_ok(VERIFY_READ, optlen, sizeof(*optlen)) ||
658 __get_user(ulen, optlen))
659 return -EFAULT;
660
661 /* adjust len for pad */
662 klen = ulen + sizeof(*kgf) - sizeof(*gf32);
663
664 if (klen < GROUP_FILTER_SIZE(0))
665 return -EINVAL;
666
667 if (!access_ok(VERIFY_WRITE, koptlen, sizeof(*koptlen)) ||
668 __put_user(klen, koptlen))
669 return -EFAULT;
670
671 /* have to allow space for previous compat_alloc_user_space, too */
672 kgf = compat_alloc_user_space(klen+sizeof(*optlen));
673
674 if (!access_ok(VERIFY_READ, gf32, __COMPAT_GF0_SIZE) ||
675 __get_user(interface, &gf32->gf_interface) ||
676 __get_user(fmode, &gf32->gf_fmode) ||
677 __get_user(numsrc, &gf32->gf_numsrc) ||
678 __put_user(interface, &kgf->gf_interface) ||
679 __put_user(fmode, &kgf->gf_fmode) ||
680 __put_user(numsrc, &kgf->gf_numsrc) ||
681 copy_in_user(&kgf->gf_group,&gf32->gf_group,sizeof(kgf->gf_group)))
682 return -EFAULT;
683
684 err = getsockopt(sock, level, optname, (char __user *)kgf, koptlen);
685 if (err)
686 return err;
687
688 if (!access_ok(VERIFY_READ, koptlen, sizeof(*koptlen)) ||
689 __get_user(klen, koptlen))
690 return -EFAULT;
691
692 ulen = klen - (sizeof(*kgf)-sizeof(*gf32));
693
694 if (!access_ok(VERIFY_WRITE, optlen, sizeof(*optlen)) ||
695 __put_user(ulen, optlen))
696 return -EFAULT;
697
698 if (!access_ok(VERIFY_READ, kgf, klen) ||
699 !access_ok(VERIFY_WRITE, gf32, ulen) ||
700 __get_user(interface, &kgf->gf_interface) ||
701 __get_user(fmode, &kgf->gf_fmode) ||
702 __get_user(numsrc, &kgf->gf_numsrc) ||
703 __put_user(interface, &gf32->gf_interface) ||
704 __put_user(fmode, &gf32->gf_fmode) ||
705 __put_user(numsrc, &gf32->gf_numsrc))
706 return -EFAULT;
707 if (numsrc) {
708 int copylen;
709
710 klen -= GROUP_FILTER_SIZE(0);
711 copylen = numsrc * sizeof(gf32->gf_slist[0]);
712 if (copylen > klen)
713 copylen = klen;
714 if (copy_in_user(gf32->gf_slist, kgf->gf_slist, copylen))
715 return -EFAULT;
716 }
717 return err;
718}
719
720EXPORT_SYMBOL(compat_mc_getsockopt);
721
640 722
641/* Argument list sizes for compat_sys_socketcall */ 723/* Argument list sizes for compat_sys_socketcall */
642#define AL(x) ((x) * sizeof(u32)) 724#define AL(x) ((x) * sizeof(u32))
diff --git a/net/core/dev.c b/net/core/dev.c
index e1df1ab3e04a..ed49da592051 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -1524,7 +1524,7 @@ static int dev_gso_segment(struct sk_buff *skb)
1524 if (!segs) 1524 if (!segs)
1525 return 0; 1525 return 0;
1526 1526
1527 if (unlikely(IS_ERR(segs))) 1527 if (IS_ERR(segs))
1528 return PTR_ERR(segs); 1528 return PTR_ERR(segs);
1529 1529
1530 skb->next = segs; 1530 skb->next = segs;
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index f2b5270efdaa..24eca23c2db3 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -1234,7 +1234,7 @@ static struct sk_buff *inet_gso_segment(struct sk_buff *skb, int features)
1234 segs = ops->gso_segment(skb, features); 1234 segs = ops->gso_segment(skb, features);
1235 rcu_read_unlock(); 1235 rcu_read_unlock();
1236 1236
1237 if (!segs || unlikely(IS_ERR(segs))) 1237 if (!segs || IS_ERR(segs))
1238 goto out; 1238 goto out;
1239 1239
1240 skb = segs; 1240 skb = segs;
diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c
index c67d00e8c600..87397351ddac 100644
--- a/net/ipv4/icmp.c
+++ b/net/ipv4/icmp.c
@@ -691,7 +691,8 @@ static void icmp_unreach(struct sk_buff *skb)
691 NIPQUAD(iph->daddr)); 691 NIPQUAD(iph->daddr));
692 } else { 692 } else {
693 info = ip_rt_frag_needed(net, iph, 693 info = ip_rt_frag_needed(net, iph,
694 ntohs(icmph->un.frag.mtu)); 694 ntohs(icmph->un.frag.mtu),
695 skb->dev);
695 if (!info) 696 if (!info)
696 goto out; 697 goto out;
697 } 698 }
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index 08349267ceb4..e527628f56cf 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -753,23 +753,15 @@ static inline int ip_ufo_append_data(struct sock *sk,
753 skb->ip_summed = CHECKSUM_PARTIAL; 753 skb->ip_summed = CHECKSUM_PARTIAL;
754 skb->csum = 0; 754 skb->csum = 0;
755 sk->sk_sndmsg_off = 0; 755 sk->sk_sndmsg_off = 0;
756 }
757 756
758 err = skb_append_datato_frags(sk,skb, getfrag, from, 757 /* specify the length of each IP datagram fragment */
759 (length - transhdrlen));
760 if (!err) {
761 /* specify the length of each IP datagram fragment*/
762 skb_shinfo(skb)->gso_size = mtu - fragheaderlen; 758 skb_shinfo(skb)->gso_size = mtu - fragheaderlen;
763 skb_shinfo(skb)->gso_type = SKB_GSO_UDP; 759 skb_shinfo(skb)->gso_type = SKB_GSO_UDP;
764 __skb_queue_tail(&sk->sk_write_queue, skb); 760 __skb_queue_tail(&sk->sk_write_queue, skb);
765
766 return 0;
767 } 761 }
768 /* There is not enough support do UFO , 762
769 * so follow normal path 763 return skb_append_datato_frags(sk, skb, getfrag, from,
770 */ 764 (length - transhdrlen));
771 kfree_skb(skb);
772 return err;
773} 765}
774 766
775/* 767/*
@@ -863,9 +855,9 @@ int ip_append_data(struct sock *sk,
863 csummode = CHECKSUM_PARTIAL; 855 csummode = CHECKSUM_PARTIAL;
864 856
865 inet->cork.length += length; 857 inet->cork.length += length;
866 if (((length > mtu) && (sk->sk_protocol == IPPROTO_UDP)) && 858 if (((length> mtu) || !skb_queue_empty(&sk->sk_write_queue)) &&
867 (rt->u.dst.dev->features & NETIF_F_UFO)) { 859 (sk->sk_protocol == IPPROTO_UDP) &&
868 860 (rt->u.dst.dev->features & NETIF_F_UFO)) {
869 err = ip_ufo_append_data(sk, getfrag, from, length, hh_len, 861 err = ip_ufo_append_data(sk, getfrag, from, length, hh_len,
870 fragheaderlen, transhdrlen, mtu, 862 fragheaderlen, transhdrlen, mtu,
871 flags); 863 flags);
diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
index 4d8d95404f45..e0514e82308e 100644
--- a/net/ipv4/ip_sockglue.c
+++ b/net/ipv4/ip_sockglue.c
@@ -1186,7 +1186,14 @@ int ip_getsockopt(struct sock *sk, int level,
1186int compat_ip_getsockopt(struct sock *sk, int level, int optname, 1186int compat_ip_getsockopt(struct sock *sk, int level, int optname,
1187 char __user *optval, int __user *optlen) 1187 char __user *optval, int __user *optlen)
1188{ 1188{
1189 int err = do_ip_getsockopt(sk, level, optname, optval, optlen); 1189 int err;
1190
1191 if (optname == MCAST_MSFILTER)
1192 return compat_mc_getsockopt(sk, level, optname, optval, optlen,
1193 ip_getsockopt);
1194
1195 err = do_ip_getsockopt(sk, level, optname, optval, optlen);
1196
1190#ifdef CONFIG_NETFILTER 1197#ifdef CONFIG_NETFILTER
1191 /* we need to exclude all possible ENOPROTOOPTs except default case */ 1198 /* we need to exclude all possible ENOPROTOOPTs except default case */
1192 if (err == -ENOPROTOOPT && optname != IP_PKTOPTIONS && 1199 if (err == -ENOPROTOOPT && optname != IP_PKTOPTIONS &&
diff --git a/net/ipv4/ipconfig.c b/net/ipv4/ipconfig.c
index 0f42d1c1f690..89dee4346f60 100644
--- a/net/ipv4/ipconfig.c
+++ b/net/ipv4/ipconfig.c
@@ -412,12 +412,12 @@ static struct packet_type rarp_packet_type __initdata = {
412 .func = ic_rarp_recv, 412 .func = ic_rarp_recv,
413}; 413};
414 414
415static inline void ic_rarp_init(void) 415static inline void __init ic_rarp_init(void)
416{ 416{
417 dev_add_pack(&rarp_packet_type); 417 dev_add_pack(&rarp_packet_type);
418} 418}
419 419
420static inline void ic_rarp_cleanup(void) 420static inline void __init ic_rarp_cleanup(void)
421{ 421{
422 dev_remove_pack(&rarp_packet_type); 422 dev_remove_pack(&rarp_packet_type);
423} 423}
@@ -682,7 +682,7 @@ static void __init ic_bootp_init_ext(u8 *e)
682/* 682/*
683 * Initialize the DHCP/BOOTP mechanism. 683 * Initialize the DHCP/BOOTP mechanism.
684 */ 684 */
685static inline void ic_bootp_init(void) 685static inline void __init ic_bootp_init(void)
686{ 686{
687 int i; 687 int i;
688 688
@@ -696,7 +696,7 @@ static inline void ic_bootp_init(void)
696/* 696/*
697 * DHCP/BOOTP cleanup. 697 * DHCP/BOOTP cleanup.
698 */ 698 */
699static inline void ic_bootp_cleanup(void) 699static inline void __init ic_bootp_cleanup(void)
700{ 700{
701 dev_remove_pack(&bootp_packet_type); 701 dev_remove_pack(&bootp_packet_type);
702} 702}
diff --git a/net/ipv4/ipvs/ip_vs_proto.c b/net/ipv4/ipvs/ip_vs_proto.c
index dde28a250d92..4b1c16cbb16b 100644
--- a/net/ipv4/ipvs/ip_vs_proto.c
+++ b/net/ipv4/ipvs/ip_vs_proto.c
@@ -148,7 +148,7 @@ const char * ip_vs_state_name(__u16 proto, int state)
148 struct ip_vs_protocol *pp = ip_vs_proto_get(proto); 148 struct ip_vs_protocol *pp = ip_vs_proto_get(proto);
149 149
150 if (pp == NULL || pp->state_name == NULL) 150 if (pp == NULL || pp->state_name == NULL)
151 return "ERR!"; 151 return (IPPROTO_IP == proto) ? "NONE" : "ERR!";
152 return pp->state_name(state); 152 return pp->state_name(state);
153} 153}
154 154
diff --git a/net/ipv4/ipvs/ip_vs_proto_ah.c b/net/ipv4/ipvs/ip_vs_proto_ah.c
index a842676e1c69..4bf835e1d86d 100644
--- a/net/ipv4/ipvs/ip_vs_proto_ah.c
+++ b/net/ipv4/ipvs/ip_vs_proto_ah.c
@@ -160,6 +160,7 @@ static void ah_exit(struct ip_vs_protocol *pp)
160struct ip_vs_protocol ip_vs_protocol_ah = { 160struct ip_vs_protocol ip_vs_protocol_ah = {
161 .name = "AH", 161 .name = "AH",
162 .protocol = IPPROTO_AH, 162 .protocol = IPPROTO_AH,
163 .num_states = 1,
163 .dont_defrag = 1, 164 .dont_defrag = 1,
164 .init = ah_init, 165 .init = ah_init,
165 .exit = ah_exit, 166 .exit = ah_exit,
diff --git a/net/ipv4/ipvs/ip_vs_proto_esp.c b/net/ipv4/ipvs/ip_vs_proto_esp.c
index aef0d3ee8e44..db6a6b7b1a0b 100644
--- a/net/ipv4/ipvs/ip_vs_proto_esp.c
+++ b/net/ipv4/ipvs/ip_vs_proto_esp.c
@@ -159,6 +159,7 @@ static void esp_exit(struct ip_vs_protocol *pp)
159struct ip_vs_protocol ip_vs_protocol_esp = { 159struct ip_vs_protocol ip_vs_protocol_esp = {
160 .name = "ESP", 160 .name = "ESP",
161 .protocol = IPPROTO_ESP, 161 .protocol = IPPROTO_ESP,
162 .num_states = 1,
162 .dont_defrag = 1, 163 .dont_defrag = 1,
163 .init = esp_init, 164 .init = esp_init,
164 .exit = esp_exit, 165 .exit = esp_exit,
diff --git a/net/ipv4/ipvs/ip_vs_proto_tcp.c b/net/ipv4/ipvs/ip_vs_proto_tcp.c
index 620e40ff79a9..b83dc14b0a4d 100644
--- a/net/ipv4/ipvs/ip_vs_proto_tcp.c
+++ b/net/ipv4/ipvs/ip_vs_proto_tcp.c
@@ -594,6 +594,7 @@ static void ip_vs_tcp_exit(struct ip_vs_protocol *pp)
594struct ip_vs_protocol ip_vs_protocol_tcp = { 594struct ip_vs_protocol ip_vs_protocol_tcp = {
595 .name = "TCP", 595 .name = "TCP",
596 .protocol = IPPROTO_TCP, 596 .protocol = IPPROTO_TCP,
597 .num_states = IP_VS_TCP_S_LAST,
597 .dont_defrag = 0, 598 .dont_defrag = 0,
598 .appcnt = ATOMIC_INIT(0), 599 .appcnt = ATOMIC_INIT(0),
599 .init = ip_vs_tcp_init, 600 .init = ip_vs_tcp_init,
diff --git a/net/ipv4/ipvs/ip_vs_proto_udp.c b/net/ipv4/ipvs/ip_vs_proto_udp.c
index 1caa2908373f..75771cb3cd6f 100644
--- a/net/ipv4/ipvs/ip_vs_proto_udp.c
+++ b/net/ipv4/ipvs/ip_vs_proto_udp.c
@@ -409,6 +409,7 @@ static void udp_exit(struct ip_vs_protocol *pp)
409struct ip_vs_protocol ip_vs_protocol_udp = { 409struct ip_vs_protocol ip_vs_protocol_udp = {
410 .name = "UDP", 410 .name = "UDP",
411 .protocol = IPPROTO_UDP, 411 .protocol = IPPROTO_UDP,
412 .num_states = IP_VS_UDP_S_LAST,
412 .dont_defrag = 0, 413 .dont_defrag = 0,
413 .init = udp_init, 414 .init = udp_init,
414 .exit = udp_exit, 415 .exit = udp_exit,
diff --git a/net/ipv4/ipvs/ip_vs_sync.c b/net/ipv4/ipvs/ip_vs_sync.c
index 69c56663cc9a..eff54efe0351 100644
--- a/net/ipv4/ipvs/ip_vs_sync.c
+++ b/net/ipv4/ipvs/ip_vs_sync.c
@@ -288,11 +288,16 @@ static void ip_vs_process_message(const char *buffer, const size_t buflen)
288 char *p; 288 char *p;
289 int i; 289 int i;
290 290
291 if (buflen < sizeof(struct ip_vs_sync_mesg)) {
292 IP_VS_ERR_RL("sync message header too short\n");
293 return;
294 }
295
291 /* Convert size back to host byte order */ 296 /* Convert size back to host byte order */
292 m->size = ntohs(m->size); 297 m->size = ntohs(m->size);
293 298
294 if (buflen != m->size) { 299 if (buflen != m->size) {
295 IP_VS_ERR("bogus message\n"); 300 IP_VS_ERR_RL("bogus sync message size\n");
296 return; 301 return;
297 } 302 }
298 303
@@ -307,9 +312,48 @@ static void ip_vs_process_message(const char *buffer, const size_t buflen)
307 for (i=0; i<m->nr_conns; i++) { 312 for (i=0; i<m->nr_conns; i++) {
308 unsigned flags, state; 313 unsigned flags, state;
309 314
310 s = (struct ip_vs_sync_conn *)p; 315 if (p + SIMPLE_CONN_SIZE > buffer+buflen) {
316 IP_VS_ERR_RL("bogus conn in sync message\n");
317 return;
318 }
319 s = (struct ip_vs_sync_conn *) p;
311 flags = ntohs(s->flags) | IP_VS_CONN_F_SYNC; 320 flags = ntohs(s->flags) | IP_VS_CONN_F_SYNC;
321 flags &= ~IP_VS_CONN_F_HASHED;
322 if (flags & IP_VS_CONN_F_SEQ_MASK) {
323 opt = (struct ip_vs_sync_conn_options *)&s[1];
324 p += FULL_CONN_SIZE;
325 if (p > buffer+buflen) {
326 IP_VS_ERR_RL("bogus conn options in sync message\n");
327 return;
328 }
329 } else {
330 opt = NULL;
331 p += SIMPLE_CONN_SIZE;
332 }
333
312 state = ntohs(s->state); 334 state = ntohs(s->state);
335 if (!(flags & IP_VS_CONN_F_TEMPLATE)) {
336 pp = ip_vs_proto_get(s->protocol);
337 if (!pp) {
338 IP_VS_ERR_RL("Unsupported protocol %u in sync msg\n",
339 s->protocol);
340 continue;
341 }
342 if (state >= pp->num_states) {
343 IP_VS_DBG(2, "Invalid %s state %u in sync msg\n",
344 pp->name, state);
345 continue;
346 }
347 } else {
348 /* protocol in templates is not used for state/timeout */
349 pp = NULL;
350 if (state > 0) {
351 IP_VS_DBG(2, "Invalid template state %u in sync msg\n",
352 state);
353 state = 0;
354 }
355 }
356
313 if (!(flags & IP_VS_CONN_F_TEMPLATE)) 357 if (!(flags & IP_VS_CONN_F_TEMPLATE))
314 cp = ip_vs_conn_in_get(s->protocol, 358 cp = ip_vs_conn_in_get(s->protocol,
315 s->caddr, s->cport, 359 s->caddr, s->cport,
@@ -345,14 +389,9 @@ static void ip_vs_process_message(const char *buffer, const size_t buflen)
345 IP_VS_ERR("ip_vs_conn_new failed\n"); 389 IP_VS_ERR("ip_vs_conn_new failed\n");
346 return; 390 return;
347 } 391 }
348 cp->state = state;
349 } else if (!cp->dest) { 392 } else if (!cp->dest) {
350 dest = ip_vs_try_bind_dest(cp); 393 dest = ip_vs_try_bind_dest(cp);
351 if (!dest) { 394 if (dest)
352 /* it is an unbound entry created by
353 * synchronization */
354 cp->flags = flags | IP_VS_CONN_F_HASHED;
355 } else
356 atomic_dec(&dest->refcnt); 395 atomic_dec(&dest->refcnt);
357 } else if ((cp->dest) && (cp->protocol == IPPROTO_TCP) && 396 } else if ((cp->dest) && (cp->protocol == IPPROTO_TCP) &&
358 (cp->state != state)) { 397 (cp->state != state)) {
@@ -371,23 +410,22 @@ static void ip_vs_process_message(const char *buffer, const size_t buflen)
371 } 410 }
372 } 411 }
373 412
374 if (flags & IP_VS_CONN_F_SEQ_MASK) { 413 if (opt)
375 opt = (struct ip_vs_sync_conn_options *)&s[1];
376 memcpy(&cp->in_seq, opt, sizeof(*opt)); 414 memcpy(&cp->in_seq, opt, sizeof(*opt));
377 p += FULL_CONN_SIZE;
378 } else
379 p += SIMPLE_CONN_SIZE;
380
381 atomic_set(&cp->in_pkts, sysctl_ip_vs_sync_threshold[0]); 415 atomic_set(&cp->in_pkts, sysctl_ip_vs_sync_threshold[0]);
382 cp->state = state; 416 cp->state = state;
383 pp = ip_vs_proto_get(s->protocol); 417 cp->old_state = cp->state;
384 cp->timeout = pp->timeout_table[cp->state]; 418 /*
419 * We can not recover the right timeout for templates
420 * in all cases, we can not find the right fwmark
421 * virtual service. If needed, we can do it for
422 * non-fwmark persistent services.
423 */
424 if (!(flags & IP_VS_CONN_F_TEMPLATE) && pp->timeout_table)
425 cp->timeout = pp->timeout_table[state];
426 else
427 cp->timeout = (3*60*HZ);
385 ip_vs_conn_put(cp); 428 ip_vs_conn_put(cp);
386
387 if (p > buffer+buflen) {
388 IP_VS_ERR("bogus message\n");
389 return;
390 }
391 } 429 }
392} 430}
393 431
diff --git a/net/ipv4/netfilter/ip_queue.c b/net/ipv4/netfilter/ip_queue.c
index 719be29f7506..26a37cedcf2e 100644
--- a/net/ipv4/netfilter/ip_queue.c
+++ b/net/ipv4/netfilter/ip_queue.c
@@ -296,9 +296,8 @@ ipq_mangle_ipv4(ipq_verdict_msg_t *v, struct nf_queue_entry *e)
296 if (v->data_len > 0xFFFF) 296 if (v->data_len > 0xFFFF)
297 return -EINVAL; 297 return -EINVAL;
298 if (diff > skb_tailroom(e->skb)) { 298 if (diff > skb_tailroom(e->skb)) {
299 nskb = skb_copy_expand(e->skb, 0, 299 nskb = skb_copy_expand(e->skb, skb_headroom(e->skb),
300 diff - skb_tailroom(e->skb), 300 diff, GFP_ATOMIC);
301 GFP_ATOMIC);
302 if (!nskb) { 301 if (!nskb) {
303 printk(KERN_WARNING "ip_queue: error " 302 printk(KERN_WARNING "ip_queue: error "
304 "in mangle, dropping packet\n"); 303 "in mangle, dropping packet\n");
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
index cacb9cb27dab..5a955c440364 100644
--- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
+++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
@@ -303,7 +303,7 @@ getorigdst(struct sock *sk, int optval, void __user *user, int *len)
303 const struct nf_conntrack_tuple_hash *h; 303 const struct nf_conntrack_tuple_hash *h;
304 struct nf_conntrack_tuple tuple; 304 struct nf_conntrack_tuple tuple;
305 305
306 NF_CT_TUPLE_U_BLANK(&tuple); 306 memset(&tuple, 0, sizeof(tuple));
307 tuple.src.u3.ip = inet->rcv_saddr; 307 tuple.src.u3.ip = inet->rcv_saddr;
308 tuple.src.u.tcp.port = inet->sport; 308 tuple.src.u.tcp.port = inet->sport;
309 tuple.dst.u3.ip = inet->daddr; 309 tuple.dst.u3.ip = inet->daddr;
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index ce25a13f3430..5e3685c5c407 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -1430,11 +1430,13 @@ static inline unsigned short guess_mtu(unsigned short old_mtu)
1430} 1430}
1431 1431
1432unsigned short ip_rt_frag_needed(struct net *net, struct iphdr *iph, 1432unsigned short ip_rt_frag_needed(struct net *net, struct iphdr *iph,
1433 unsigned short new_mtu) 1433 unsigned short new_mtu,
1434 struct net_device *dev)
1434{ 1435{
1435 int i; 1436 int i, k;
1436 unsigned short old_mtu = ntohs(iph->tot_len); 1437 unsigned short old_mtu = ntohs(iph->tot_len);
1437 struct rtable *rth; 1438 struct rtable *rth;
1439 int ikeys[2] = { dev->ifindex, 0 };
1438 __be32 skeys[2] = { iph->saddr, 0, }; 1440 __be32 skeys[2] = { iph->saddr, 0, };
1439 __be32 daddr = iph->daddr; 1441 __be32 daddr = iph->daddr;
1440 unsigned short est_mtu = 0; 1442 unsigned short est_mtu = 0;
@@ -1442,22 +1444,26 @@ unsigned short ip_rt_frag_needed(struct net *net, struct iphdr *iph,
1442 if (ipv4_config.no_pmtu_disc) 1444 if (ipv4_config.no_pmtu_disc)
1443 return 0; 1445 return 0;
1444 1446
1445 for (i = 0; i < 2; i++) { 1447 for (k = 0; k < 2; k++) {
1446 unsigned hash = rt_hash(daddr, skeys[i], 0); 1448 for (i = 0; i < 2; i++) {
1449 unsigned hash = rt_hash(daddr, skeys[i], ikeys[k]);
1447 1450
1448 rcu_read_lock(); 1451 rcu_read_lock();
1449 for (rth = rcu_dereference(rt_hash_table[hash].chain); rth; 1452 for (rth = rcu_dereference(rt_hash_table[hash].chain); rth;
1450 rth = rcu_dereference(rth->u.dst.rt_next)) { 1453 rth = rcu_dereference(rth->u.dst.rt_next)) {
1451 if (rth->fl.fl4_dst == daddr &&
1452 rth->fl.fl4_src == skeys[i] &&
1453 rth->rt_dst == daddr &&
1454 rth->rt_src == iph->saddr &&
1455 rth->fl.iif == 0 &&
1456 !(dst_metric_locked(&rth->u.dst, RTAX_MTU)) &&
1457 net_eq(dev_net(rth->u.dst.dev), net) &&
1458 rth->rt_genid == atomic_read(&rt_genid)) {
1459 unsigned short mtu = new_mtu; 1454 unsigned short mtu = new_mtu;
1460 1455
1456 if (rth->fl.fl4_dst != daddr ||
1457 rth->fl.fl4_src != skeys[i] ||
1458 rth->rt_dst != daddr ||
1459 rth->rt_src != iph->saddr ||
1460 rth->fl.oif != ikeys[k] ||
1461 rth->fl.iif != 0 ||
1462 dst_metric_locked(&rth->u.dst, RTAX_MTU) ||
1463 !net_eq(dev_net(rth->u.dst.dev), net) ||
1464 rth->rt_genid != atomic_read(&rt_genid))
1465 continue;
1466
1461 if (new_mtu < 68 || new_mtu >= old_mtu) { 1467 if (new_mtu < 68 || new_mtu >= old_mtu) {
1462 1468
1463 /* BSD 4.2 compatibility hack :-( */ 1469 /* BSD 4.2 compatibility hack :-( */
@@ -1483,8 +1489,8 @@ unsigned short ip_rt_frag_needed(struct net *net, struct iphdr *iph,
1483 est_mtu = mtu; 1489 est_mtu = mtu;
1484 } 1490 }
1485 } 1491 }
1492 rcu_read_unlock();
1486 } 1493 }
1487 rcu_read_unlock();
1488 } 1494 }
1489 return est_mtu ? : new_mtu; 1495 return est_mtu ? : new_mtu;
1490} 1496}
diff --git a/net/ipv4/tcp_cong.c b/net/ipv4/tcp_cong.c
index 3a6be23d222f..6a250828b767 100644
--- a/net/ipv4/tcp_cong.c
+++ b/net/ipv4/tcp_cong.c
@@ -285,14 +285,12 @@ int tcp_is_cwnd_limited(const struct sock *sk, u32 in_flight)
285 if (in_flight >= tp->snd_cwnd) 285 if (in_flight >= tp->snd_cwnd)
286 return 1; 286 return 1;
287 287
288 if (!sk_can_gso(sk))
289 return 0;
290
291 left = tp->snd_cwnd - in_flight; 288 left = tp->snd_cwnd - in_flight;
292 if (sysctl_tcp_tso_win_divisor) 289 if (sk_can_gso(sk) &&
293 return left * sysctl_tcp_tso_win_divisor < tp->snd_cwnd; 290 left * sysctl_tcp_tso_win_divisor < tp->snd_cwnd &&
294 else 291 left * tp->mss_cache < sk->sk_gso_max_size)
295 return left <= tcp_max_burst(tp); 292 return 1;
293 return left <= tcp_max_burst(tp);
296} 294}
297EXPORT_SYMBOL_GPL(tcp_is_cwnd_limited); 295EXPORT_SYMBOL_GPL(tcp_is_cwnd_limited);
298 296
diff --git a/net/ipv4/tcp_cubic.c b/net/ipv4/tcp_cubic.c
index eb5b9854c8c7..4a1221e5e8ee 100644
--- a/net/ipv4/tcp_cubic.c
+++ b/net/ipv4/tcp_cubic.c
@@ -15,8 +15,8 @@
15 15
16#include <linux/mm.h> 16#include <linux/mm.h>
17#include <linux/module.h> 17#include <linux/module.h>
18#include <linux/math64.h>
18#include <net/tcp.h> 19#include <net/tcp.h>
19#include <asm/div64.h>
20 20
21#define BICTCP_BETA_SCALE 1024 /* Scale factor beta calculation 21#define BICTCP_BETA_SCALE 1024 /* Scale factor beta calculation
22 * max_cwnd = snd_cwnd * beta 22 * max_cwnd = snd_cwnd * beta
@@ -128,7 +128,7 @@ static u32 cubic_root(u64 a)
128 * x = ( 2 * x + a / x ) / 3 128 * x = ( 2 * x + a / x ) / 3
129 * k+1 k k 129 * k+1 k k
130 */ 130 */
131 x = (2 * x + (u32)div64_64(a, (u64)x * (u64)(x - 1))); 131 x = (2 * x + (u32)div64_u64(a, (u64)x * (u64)(x - 1)));
132 x = ((x * 341) >> 10); 132 x = ((x * 341) >> 10);
133 return x; 133 return x;
134} 134}
diff --git a/net/ipv4/tcp_vegas.c b/net/ipv4/tcp_vegas.c
index be24d6ee34bd..0e1a8c91f78e 100644
--- a/net/ipv4/tcp_vegas.c
+++ b/net/ipv4/tcp_vegas.c
@@ -229,7 +229,8 @@ static void tcp_vegas_cong_avoid(struct sock *sk, u32 ack, u32 in_flight)
229 */ 229 */
230 tcp_reno_cong_avoid(sk, ack, in_flight); 230 tcp_reno_cong_avoid(sk, ack, in_flight);
231 } else { 231 } else {
232 u32 rtt, target_cwnd, diff; 232 u32 rtt, diff;
233 u64 target_cwnd;
233 234
234 /* We have enough RTT samples, so, using the Vegas 235 /* We have enough RTT samples, so, using the Vegas
235 * algorithm, we determine if we should increase or 236 * algorithm, we determine if we should increase or
@@ -252,8 +253,9 @@ static void tcp_vegas_cong_avoid(struct sock *sk, u32 ack, u32 in_flight)
252 * We keep it as a fixed point number with 253 * We keep it as a fixed point number with
253 * V_PARAM_SHIFT bits to the right of the binary point. 254 * V_PARAM_SHIFT bits to the right of the binary point.
254 */ 255 */
255 target_cwnd = ((old_wnd * vegas->baseRTT) 256 target_cwnd = ((u64)old_wnd * vegas->baseRTT);
256 << V_PARAM_SHIFT) / rtt; 257 target_cwnd <<= V_PARAM_SHIFT;
258 do_div(target_cwnd, rtt);
257 259
258 /* Calculate the difference between the window we had, 260 /* Calculate the difference between the window we had,
259 * and the window we would like to have. This quantity 261 * and the window we would like to have. This quantity
@@ -279,7 +281,7 @@ static void tcp_vegas_cong_avoid(struct sock *sk, u32 ack, u32 in_flight)
279 * utilization. 281 * utilization.
280 */ 282 */
281 tp->snd_cwnd = min(tp->snd_cwnd, 283 tp->snd_cwnd = min(tp->snd_cwnd,
282 (target_cwnd >> 284 ((u32)target_cwnd >>
283 V_PARAM_SHIFT)+1); 285 V_PARAM_SHIFT)+1);
284 286
285 } else if (tp->snd_cwnd <= tp->snd_ssthresh) { 287 } else if (tp->snd_cwnd <= tp->snd_ssthresh) {
diff --git a/net/ipv4/tcp_veno.c b/net/ipv4/tcp_veno.c
index d16689e98516..2bf618a3b00b 100644
--- a/net/ipv4/tcp_veno.c
+++ b/net/ipv4/tcp_veno.c
@@ -133,7 +133,8 @@ static void tcp_veno_cong_avoid(struct sock *sk, u32 ack, u32 in_flight)
133 */ 133 */
134 tcp_reno_cong_avoid(sk, ack, in_flight); 134 tcp_reno_cong_avoid(sk, ack, in_flight);
135 } else { 135 } else {
136 u32 rtt, target_cwnd; 136 u64 target_cwnd;
137 u32 rtt;
137 138
138 /* We have enough rtt samples, so, using the Veno 139 /* We have enough rtt samples, so, using the Veno
139 * algorithm, we determine the state of the network. 140 * algorithm, we determine the state of the network.
@@ -141,8 +142,9 @@ static void tcp_veno_cong_avoid(struct sock *sk, u32 ack, u32 in_flight)
141 142
142 rtt = veno->minrtt; 143 rtt = veno->minrtt;
143 144
144 target_cwnd = ((tp->snd_cwnd * veno->basertt) 145 target_cwnd = (tp->snd_cwnd * veno->basertt);
145 << V_PARAM_SHIFT) / rtt; 146 target_cwnd <<= V_PARAM_SHIFT;
147 do_div(target_cwnd, rtt);
146 148
147 veno->diff = (tp->snd_cwnd << V_PARAM_SHIFT) - target_cwnd; 149 veno->diff = (tp->snd_cwnd << V_PARAM_SHIFT) - target_cwnd;
148 150
diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c
index db6fdc1498aa..56d55fecf8ec 100644
--- a/net/ipv6/ipv6_sockglue.c
+++ b/net/ipv6/ipv6_sockglue.c
@@ -1127,6 +1127,10 @@ int compat_ipv6_getsockopt(struct sock *sk, int level, int optname,
1127 if (level != SOL_IPV6) 1127 if (level != SOL_IPV6)
1128 return -ENOPROTOOPT; 1128 return -ENOPROTOOPT;
1129 1129
1130 if (optname == MCAST_MSFILTER)
1131 return compat_mc_getsockopt(sk, level, optname, optval, optlen,
1132 ipv6_getsockopt);
1133
1130 err = do_ipv6_getsockopt(sk, level, optname, optval, optlen); 1134 err = do_ipv6_getsockopt(sk, level, optname, optval, optlen);
1131#ifdef CONFIG_NETFILTER 1135#ifdef CONFIG_NETFILTER
1132 /* we need to exclude all possible ENOPROTOOPTs except default case */ 1136 /* we need to exclude all possible ENOPROTOOPTs except default case */
diff --git a/net/ipv6/netfilter/ip6_queue.c b/net/ipv6/netfilter/ip6_queue.c
index 92a36c9e5402..2eff3ae8977d 100644
--- a/net/ipv6/netfilter/ip6_queue.c
+++ b/net/ipv6/netfilter/ip6_queue.c
@@ -298,9 +298,8 @@ ipq_mangle_ipv6(ipq_verdict_msg_t *v, struct nf_queue_entry *e)
298 if (v->data_len > 0xFFFF) 298 if (v->data_len > 0xFFFF)
299 return -EINVAL; 299 return -EINVAL;
300 if (diff > skb_tailroom(e->skb)) { 300 if (diff > skb_tailroom(e->skb)) {
301 nskb = skb_copy_expand(e->skb, 0, 301 nskb = skb_copy_expand(e->skb, skb_headroom(e->skb),
302 diff - skb_tailroom(e->skb), 302 diff, GFP_ATOMIC);
303 GFP_ATOMIC);
304 if (!nskb) { 303 if (!nskb) {
305 printk(KERN_WARNING "ip6_queue: OOM " 304 printk(KERN_WARNING "ip6_queue: OOM "
306 "in mangle, dropping packet\n"); 305 "in mangle, dropping packet\n");
diff --git a/net/irda/ircomm/ircomm_tty.c b/net/irda/ircomm/ircomm_tty.c
index d2620410cb0a..76c3057d0179 100644
--- a/net/irda/ircomm/ircomm_tty.c
+++ b/net/irda/ircomm/ircomm_tty.c
@@ -555,10 +555,8 @@ static void ircomm_tty_close(struct tty_struct *tty, struct file *filp)
555 555
556 ircomm_tty_shutdown(self); 556 ircomm_tty_shutdown(self);
557 557
558 if (tty->driver->flush_buffer) 558 tty_driver_flush_buffer(tty);
559 tty->driver->flush_buffer(tty); 559 tty_ldisc_flush(tty);
560 if (tty->ldisc.flush_buffer)
561 tty->ldisc.flush_buffer(tty);
562 560
563 tty->closing = 0; 561 tty->closing = 0;
564 self->tty = NULL; 562 self->tty = NULL;
diff --git a/net/irda/irnet/irnet_irda.c b/net/irda/irnet/irnet_irda.c
index a4f1439ffdd8..75497e55927d 100644
--- a/net/irda/irnet/irnet_irda.c
+++ b/net/irda/irnet/irnet_irda.c
@@ -9,6 +9,7 @@
9 */ 9 */
10 10
11#include "irnet_irda.h" /* Private header */ 11#include "irnet_irda.h" /* Private header */
12#include <linux/seq_file.h>
12 13
13/* 14/*
14 * PPP disconnect work: we need to make sure we're in 15 * PPP disconnect work: we need to make sure we're in
@@ -1717,34 +1718,23 @@ irnet_expiry_indication(discinfo_t * expiry,
1717 */ 1718 */
1718 1719
1719#ifdef CONFIG_PROC_FS 1720#ifdef CONFIG_PROC_FS
1720/*------------------------------------------------------------------*/
1721/*
1722 * Function irnet_proc_read (buf, start, offset, len, unused)
1723 *
1724 * Give some info to the /proc file system
1725 */
1726static int 1721static int
1727irnet_proc_read(char * buf, 1722irnet_proc_show(struct seq_file *m, void *v)
1728 char ** start,
1729 off_t offset,
1730 int len)
1731{ 1723{
1732 irnet_socket * self; 1724 irnet_socket * self;
1733 char * state; 1725 char * state;
1734 int i = 0; 1726 int i = 0;
1735 1727
1736 len = 0;
1737
1738 /* Get the IrNET server information... */ 1728 /* Get the IrNET server information... */
1739 len += sprintf(buf+len, "IrNET server - "); 1729 seq_printf(m, "IrNET server - ");
1740 len += sprintf(buf+len, "IrDA state: %s, ", 1730 seq_printf(m, "IrDA state: %s, ",
1741 (irnet_server.running ? "running" : "dead")); 1731 (irnet_server.running ? "running" : "dead"));
1742 len += sprintf(buf+len, "stsap_sel: %02x, ", irnet_server.s.stsap_sel); 1732 seq_printf(m, "stsap_sel: %02x, ", irnet_server.s.stsap_sel);
1743 len += sprintf(buf+len, "dtsap_sel: %02x\n", irnet_server.s.dtsap_sel); 1733 seq_printf(m, "dtsap_sel: %02x\n", irnet_server.s.dtsap_sel);
1744 1734
1745 /* Do we need to continue ? */ 1735 /* Do we need to continue ? */
1746 if(!irnet_server.running) 1736 if(!irnet_server.running)
1747 return len; 1737 return 0;
1748 1738
1749 /* Protect access to the instance list */ 1739 /* Protect access to the instance list */
1750 spin_lock_bh(&irnet_server.spinlock); 1740 spin_lock_bh(&irnet_server.spinlock);
@@ -1754,23 +1744,23 @@ irnet_proc_read(char * buf,
1754 while(self != NULL) 1744 while(self != NULL)
1755 { 1745 {
1756 /* Start printing info about the socket. */ 1746 /* Start printing info about the socket. */
1757 len += sprintf(buf+len, "\nIrNET socket %d - ", i++); 1747 seq_printf(m, "\nIrNET socket %d - ", i++);
1758 1748
1759 /* First, get the requested configuration */ 1749 /* First, get the requested configuration */
1760 len += sprintf(buf+len, "Requested IrDA name: \"%s\", ", self->rname); 1750 seq_printf(m, "Requested IrDA name: \"%s\", ", self->rname);
1761 len += sprintf(buf+len, "daddr: %08x, ", self->rdaddr); 1751 seq_printf(m, "daddr: %08x, ", self->rdaddr);
1762 len += sprintf(buf+len, "saddr: %08x\n", self->rsaddr); 1752 seq_printf(m, "saddr: %08x\n", self->rsaddr);
1763 1753
1764 /* Second, get all the PPP info */ 1754 /* Second, get all the PPP info */
1765 len += sprintf(buf+len, " PPP state: %s", 1755 seq_printf(m, " PPP state: %s",
1766 (self->ppp_open ? "registered" : "unregistered")); 1756 (self->ppp_open ? "registered" : "unregistered"));
1767 if(self->ppp_open) 1757 if(self->ppp_open)
1768 { 1758 {
1769 len += sprintf(buf+len, ", unit: ppp%d", 1759 seq_printf(m, ", unit: ppp%d",
1770 ppp_unit_number(&self->chan)); 1760 ppp_unit_number(&self->chan));
1771 len += sprintf(buf+len, ", channel: %d", 1761 seq_printf(m, ", channel: %d",
1772 ppp_channel_index(&self->chan)); 1762 ppp_channel_index(&self->chan));
1773 len += sprintf(buf+len, ", mru: %d", 1763 seq_printf(m, ", mru: %d",
1774 self->mru); 1764 self->mru);
1775 /* Maybe add self->flags ? Later... */ 1765 /* Maybe add self->flags ? Later... */
1776 } 1766 }
@@ -1789,10 +1779,10 @@ irnet_proc_read(char * buf,
1789 state = "weird"; 1779 state = "weird";
1790 else 1780 else
1791 state = "idle"; 1781 state = "idle";
1792 len += sprintf(buf+len, "\n IrDA state: %s, ", state); 1782 seq_printf(m, "\n IrDA state: %s, ", state);
1793 len += sprintf(buf+len, "daddr: %08x, ", self->daddr); 1783 seq_printf(m, "daddr: %08x, ", self->daddr);
1794 len += sprintf(buf+len, "stsap_sel: %02x, ", self->stsap_sel); 1784 seq_printf(m, "stsap_sel: %02x, ", self->stsap_sel);
1795 len += sprintf(buf+len, "dtsap_sel: %02x\n", self->dtsap_sel); 1785 seq_printf(m, "dtsap_sel: %02x\n", self->dtsap_sel);
1796 1786
1797 /* Next socket, please... */ 1787 /* Next socket, please... */
1798 self = (irnet_socket *) hashbin_get_next(irnet_server.list); 1788 self = (irnet_socket *) hashbin_get_next(irnet_server.list);
@@ -1801,8 +1791,21 @@ irnet_proc_read(char * buf,
1801 /* Spin lock end */ 1791 /* Spin lock end */
1802 spin_unlock_bh(&irnet_server.spinlock); 1792 spin_unlock_bh(&irnet_server.spinlock);
1803 1793
1804 return len; 1794 return 0;
1805} 1795}
1796
1797static int irnet_proc_open(struct inode *inode, struct file *file)
1798{
1799 return single_open(file, irnet_proc_show, NULL);
1800}
1801
1802static const struct file_operations irnet_proc_fops = {
1803 .owner = THIS_MODULE,
1804 .open = irnet_proc_open,
1805 .read = seq_read,
1806 .llseek = seq_lseek,
1807 .release = single_release,
1808};
1806#endif /* PROC_FS */ 1809#endif /* PROC_FS */
1807 1810
1808 1811
@@ -1841,7 +1844,7 @@ irda_irnet_init(void)
1841 1844
1842#ifdef CONFIG_PROC_FS 1845#ifdef CONFIG_PROC_FS
1843 /* Add a /proc file for irnet infos */ 1846 /* Add a /proc file for irnet infos */
1844 create_proc_info_entry("irnet", 0, proc_irda, irnet_proc_read); 1847 proc_create("irnet", 0, proc_irda, &irnet_proc_fops);
1845#endif /* CONFIG_PROC_FS */ 1848#endif /* CONFIG_PROC_FS */
1846 1849
1847 /* Setup the IrNET server */ 1850 /* Setup the IrNET server */
diff --git a/net/irda/irnet/irnet_irda.h b/net/irda/irnet/irnet_irda.h
index 0ba92d0d5204..3e408952a3f1 100644
--- a/net/irda/irnet/irnet_irda.h
+++ b/net/irda/irnet/irnet_irda.h
@@ -159,14 +159,6 @@ static void
159 DISCOVERY_MODE, 159 DISCOVERY_MODE,
160 void *); 160 void *);
161#endif 161#endif
162/* -------------------------- PROC ENTRY -------------------------- */
163#ifdef CONFIG_PROC_FS
164static int
165 irnet_proc_read(char *,
166 char **,
167 off_t,
168 int);
169#endif /* CONFIG_PROC_FS */
170 162
171/**************************** VARIABLES ****************************/ 163/**************************** VARIABLES ****************************/
172 164
diff --git a/net/key/af_key.c b/net/key/af_key.c
index 2403a31fe0f6..9e7236ff6bcc 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -1498,7 +1498,8 @@ static int pfkey_add(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr,
1498 err = xfrm_state_update(x); 1498 err = xfrm_state_update(x);
1499 1499
1500 xfrm_audit_state_add(x, err ? 0 : 1, 1500 xfrm_audit_state_add(x, err ? 0 : 1,
1501 audit_get_loginuid(current), 0); 1501 audit_get_loginuid(current),
1502 audit_get_sessionid(current), 0);
1502 1503
1503 if (err < 0) { 1504 if (err < 0) {
1504 x->km.state = XFRM_STATE_DEAD; 1505 x->km.state = XFRM_STATE_DEAD;
@@ -1552,7 +1553,8 @@ static int pfkey_delete(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h
1552 km_state_notify(x, &c); 1553 km_state_notify(x, &c);
1553out: 1554out:
1554 xfrm_audit_state_delete(x, err ? 0 : 1, 1555 xfrm_audit_state_delete(x, err ? 0 : 1,
1555 audit_get_loginuid(current), 0); 1556 audit_get_loginuid(current),
1557 audit_get_sessionid(current), 0);
1556 xfrm_state_put(x); 1558 xfrm_state_put(x);
1557 1559
1558 return err; 1560 return err;
@@ -1728,6 +1730,7 @@ static int pfkey_flush(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hd
1728 return -EINVAL; 1730 return -EINVAL;
1729 1731
1730 audit_info.loginuid = audit_get_loginuid(current); 1732 audit_info.loginuid = audit_get_loginuid(current);
1733 audit_info.sessionid = audit_get_sessionid(current);
1731 audit_info.secid = 0; 1734 audit_info.secid = 0;
1732 err = xfrm_state_flush(proto, &audit_info); 1735 err = xfrm_state_flush(proto, &audit_info);
1733 if (err) 1736 if (err)
@@ -2324,7 +2327,8 @@ static int pfkey_spdadd(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h
2324 hdr->sadb_msg_type != SADB_X_SPDUPDATE); 2327 hdr->sadb_msg_type != SADB_X_SPDUPDATE);
2325 2328
2326 xfrm_audit_policy_add(xp, err ? 0 : 1, 2329 xfrm_audit_policy_add(xp, err ? 0 : 1,
2327 audit_get_loginuid(current), 0); 2330 audit_get_loginuid(current),
2331 audit_get_sessionid(current), 0);
2328 2332
2329 if (err) 2333 if (err)
2330 goto out; 2334 goto out;
@@ -2406,7 +2410,8 @@ static int pfkey_spddelete(struct sock *sk, struct sk_buff *skb, struct sadb_msg
2406 return -ENOENT; 2410 return -ENOENT;
2407 2411
2408 xfrm_audit_policy_delete(xp, err ? 0 : 1, 2412 xfrm_audit_policy_delete(xp, err ? 0 : 1,
2409 audit_get_loginuid(current), 0); 2413 audit_get_loginuid(current),
2414 audit_get_sessionid(current), 0);
2410 2415
2411 if (err) 2416 if (err)
2412 goto out; 2417 goto out;
@@ -2667,7 +2672,8 @@ static int pfkey_spdget(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h
2667 2672
2668 if (delete) { 2673 if (delete) {
2669 xfrm_audit_policy_delete(xp, err ? 0 : 1, 2674 xfrm_audit_policy_delete(xp, err ? 0 : 1,
2670 audit_get_loginuid(current), 0); 2675 audit_get_loginuid(current),
2676 audit_get_sessionid(current), 0);
2671 2677
2672 if (err) 2678 if (err)
2673 goto out; 2679 goto out;
@@ -2767,6 +2773,7 @@ static int pfkey_spdflush(struct sock *sk, struct sk_buff *skb, struct sadb_msg
2767 int err; 2773 int err;
2768 2774
2769 audit_info.loginuid = audit_get_loginuid(current); 2775 audit_info.loginuid = audit_get_loginuid(current);
2776 audit_info.sessionid = audit_get_sessionid(current);
2770 audit_info.secid = 0; 2777 audit_info.secid = 0;
2771 err = xfrm_policy_flush(XFRM_POLICY_TYPE_MAIN, &audit_info); 2778 err = xfrm_policy_flush(XFRM_POLICY_TYPE_MAIN, &audit_info);
2772 if (err) 2779 if (err)
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 4eac65c74ed0..c4b1799da5d7 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -104,7 +104,7 @@ nf_ct_get_tuple(const struct sk_buff *skb,
104 const struct nf_conntrack_l3proto *l3proto, 104 const struct nf_conntrack_l3proto *l3proto,
105 const struct nf_conntrack_l4proto *l4proto) 105 const struct nf_conntrack_l4proto *l4proto)
106{ 106{
107 NF_CT_TUPLE_U_BLANK(tuple); 107 memset(tuple, 0, sizeof(*tuple));
108 108
109 tuple->src.l3num = l3num; 109 tuple->src.l3num = l3num;
110 if (l3proto->pkt_to_tuple(skb, nhoff, tuple) == 0) 110 if (l3proto->pkt_to_tuple(skb, nhoff, tuple) == 0)
@@ -151,7 +151,7 @@ nf_ct_invert_tuple(struct nf_conntrack_tuple *inverse,
151 const struct nf_conntrack_l3proto *l3proto, 151 const struct nf_conntrack_l3proto *l3proto,
152 const struct nf_conntrack_l4proto *l4proto) 152 const struct nf_conntrack_l4proto *l4proto)
153{ 153{
154 NF_CT_TUPLE_U_BLANK(inverse); 154 memset(inverse, 0, sizeof(*inverse));
155 155
156 inverse->src.l3num = orig->src.l3num; 156 inverse->src.l3num = orig->src.l3num;
157 if (l3proto->invert_tuple(inverse, orig) == 0) 157 if (l3proto->invert_tuple(inverse, orig) == 0)
diff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c
index bbd26893c0c4..582ec3efc8a5 100644
--- a/net/netfilter/nf_queue.c
+++ b/net/netfilter/nf_queue.c
@@ -214,7 +214,7 @@ int nf_queue(struct sk_buff *skb,
214 214
215 segs = skb_gso_segment(skb, 0); 215 segs = skb_gso_segment(skb, 0);
216 kfree_skb(skb); 216 kfree_skb(skb);
217 if (unlikely(IS_ERR(segs))) 217 if (IS_ERR(segs))
218 return 1; 218 return 1;
219 219
220 do { 220 do {
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index 2c9fe5c12894..3447025ce068 100644
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -454,9 +454,8 @@ nfqnl_mangle(void *data, int data_len, struct nf_queue_entry *e)
454 if (data_len > 0xFFFF) 454 if (data_len > 0xFFFF)
455 return -EINVAL; 455 return -EINVAL;
456 if (diff > skb_tailroom(e->skb)) { 456 if (diff > skb_tailroom(e->skb)) {
457 nskb = skb_copy_expand(e->skb, 0, 457 nskb = skb_copy_expand(e->skb, skb_headroom(e->skb),
458 diff - skb_tailroom(e->skb), 458 diff, GFP_ATOMIC);
459 GFP_ATOMIC);
460 if (!nskb) { 459 if (!nskb) {
461 printk(KERN_WARNING "nf_queue: OOM " 460 printk(KERN_WARNING "nf_queue: OOM "
462 "in mangle, dropping packet\n"); 461 "in mangle, dropping packet\n");
diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
index f52f7f810ac4..11b22abc2b70 100644
--- a/net/netfilter/x_tables.c
+++ b/net/netfilter/x_tables.c
@@ -787,7 +787,7 @@ static const struct file_operations xt_table_ops = {
787 .open = xt_table_open, 787 .open = xt_table_open,
788 .read = seq_read, 788 .read = seq_read,
789 .llseek = seq_lseek, 789 .llseek = seq_lseek,
790 .release = seq_release, 790 .release = seq_release_net,
791}; 791};
792 792
793static void *xt_match_seq_start(struct seq_file *seq, loff_t *pos) 793static void *xt_match_seq_start(struct seq_file *seq, loff_t *pos)
diff --git a/net/netfilter/xt_TCPOPTSTRIP.c b/net/netfilter/xt_TCPOPTSTRIP.c
index 3b2aa56833b9..9685b6fcbc81 100644
--- a/net/netfilter/xt_TCPOPTSTRIP.c
+++ b/net/netfilter/xt_TCPOPTSTRIP.c
@@ -90,7 +90,7 @@ tcpoptstrip_tg6(struct sk_buff *skb, const struct net_device *in,
90 const struct xt_target *target, const void *targinfo) 90 const struct xt_target *target, const void *targinfo)
91{ 91{
92 struct ipv6hdr *ipv6h = ipv6_hdr(skb); 92 struct ipv6hdr *ipv6h = ipv6_hdr(skb);
93 unsigned int tcphoff; 93 int tcphoff;
94 u_int8_t nexthdr; 94 u_int8_t nexthdr;
95 95
96 nexthdr = ipv6h->nexthdr; 96 nexthdr = ipv6h->nexthdr;
diff --git a/net/netfilter/xt_connbytes.c b/net/netfilter/xt_connbytes.c
index b15e7e2fa143..d7e8983cd37f 100644
--- a/net/netfilter/xt_connbytes.c
+++ b/net/netfilter/xt_connbytes.c
@@ -4,12 +4,11 @@
4#include <linux/module.h> 4#include <linux/module.h>
5#include <linux/bitops.h> 5#include <linux/bitops.h>
6#include <linux/skbuff.h> 6#include <linux/skbuff.h>
7#include <linux/math64.h>
7#include <linux/netfilter/x_tables.h> 8#include <linux/netfilter/x_tables.h>
8#include <linux/netfilter/xt_connbytes.h> 9#include <linux/netfilter/xt_connbytes.h>
9#include <net/netfilter/nf_conntrack.h> 10#include <net/netfilter/nf_conntrack.h>
10 11
11#include <asm/div64.h>
12
13MODULE_LICENSE("GPL"); 12MODULE_LICENSE("GPL");
14MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>"); 13MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
15MODULE_DESCRIPTION("Xtables: Number of packets/bytes per connection matching"); 14MODULE_DESCRIPTION("Xtables: Number of packets/bytes per connection matching");
@@ -82,7 +81,7 @@ connbytes_mt(const struct sk_buff *skb, const struct net_device *in,
82 break; 81 break;
83 } 82 }
84 if (pkts != 0) 83 if (pkts != 0)
85 what = div64_64(bytes, pkts); 84 what = div64_u64(bytes, pkts);
86 break; 85 break;
87 } 86 }
88 87
diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c
index d282ad1570a7..0099da5b2591 100644
--- a/net/netlabel/netlabel_unlabeled.c
+++ b/net/netlabel/netlabel_unlabeled.c
@@ -1780,6 +1780,7 @@ int __init netlbl_unlabel_defconf(void)
1780 * messages so don't worry to much about these values. */ 1780 * messages so don't worry to much about these values. */
1781 security_task_getsecid(current, &audit_info.secid); 1781 security_task_getsecid(current, &audit_info.secid);
1782 audit_info.loginuid = 0; 1782 audit_info.loginuid = 0;
1783 audit_info.sessionid = 0;
1783 1784
1784 entry = kzalloc(sizeof(*entry), GFP_KERNEL); 1785 entry = kzalloc(sizeof(*entry), GFP_KERNEL);
1785 if (entry == NULL) 1786 if (entry == NULL)
diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c
index b17d4203806e..68706b4e3bf8 100644
--- a/net/netlabel/netlabel_user.c
+++ b/net/netlabel/netlabel_user.c
@@ -107,7 +107,9 @@ struct audit_buffer *netlbl_audit_start_common(int type,
107 if (audit_buf == NULL) 107 if (audit_buf == NULL)
108 return NULL; 108 return NULL;
109 109
110 audit_log_format(audit_buf, "netlabel: auid=%u", audit_info->loginuid); 110 audit_log_format(audit_buf, "netlabel: auid=%u ses=%u",
111 audit_info->loginuid,
112 audit_info->sessionid);
111 113
112 if (audit_info->secid != 0 && 114 if (audit_info->secid != 0 &&
113 security_secid_to_secctx(audit_info->secid, 115 security_secid_to_secctx(audit_info->secid,
diff --git a/net/netlabel/netlabel_user.h b/net/netlabel/netlabel_user.h
index 6d7f4ab46c2b..6caef8b20611 100644
--- a/net/netlabel/netlabel_user.h
+++ b/net/netlabel/netlabel_user.h
@@ -51,6 +51,7 @@ static inline void netlbl_netlink_auditinfo(struct sk_buff *skb,
51{ 51{
52 audit_info->secid = NETLINK_CB(skb).sid; 52 audit_info->secid = NETLINK_CB(skb).sid;
53 audit_info->loginuid = NETLINK_CB(skb).loginuid; 53 audit_info->loginuid = NETLINK_CB(skb).loginuid;
54 audit_info->sessionid = NETLINK_CB(skb).sessionid;
54} 55}
55 56
56/* NetLabel NETLINK I/O functions */ 57/* NetLabel NETLINK I/O functions */
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index 46f3e44bb83a..9b97f8006c9c 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -1248,6 +1248,7 @@ static int netlink_sendmsg(struct kiocb *kiocb, struct socket *sock,
1248 NETLINK_CB(skb).pid = nlk->pid; 1248 NETLINK_CB(skb).pid = nlk->pid;
1249 NETLINK_CB(skb).dst_group = dst_group; 1249 NETLINK_CB(skb).dst_group = dst_group;
1250 NETLINK_CB(skb).loginuid = audit_get_loginuid(current); 1250 NETLINK_CB(skb).loginuid = audit_get_loginuid(current);
1251 NETLINK_CB(skb).sessionid = audit_get_sessionid(current);
1251 security_task_getsecid(current, &(NETLINK_CB(skb).sid)); 1252 security_task_getsecid(current, &(NETLINK_CB(skb).sid));
1252 memcpy(NETLINK_CREDS(skb), &siocb->scm->creds, sizeof(struct ucred)); 1253 memcpy(NETLINK_CREDS(skb), &siocb->scm->creds, sizeof(struct ucred));
1253 1254
diff --git a/net/sched/sch_sfq.c b/net/sched/sch_sfq.c
index a20e2ef7704b..f0463d757a98 100644
--- a/net/sched/sch_sfq.c
+++ b/net/sched/sch_sfq.c
@@ -521,7 +521,8 @@ static void sfq_destroy(struct Qdisc *sch)
521 struct sfq_sched_data *q = qdisc_priv(sch); 521 struct sfq_sched_data *q = qdisc_priv(sch);
522 522
523 tcf_destroy_chain(q->filter_list); 523 tcf_destroy_chain(q->filter_list);
524 del_timer(&q->perturb_timer); 524 q->perturb_period = 0;
525 del_timer_sync(&q->perturb_timer);
525} 526}
526 527
527static int sfq_dump(struct Qdisc *sch, struct sk_buff *skb) 528static int sfq_dump(struct Qdisc *sch, struct sk_buff *skb)
diff --git a/net/xfrm/xfrm_output.c b/net/xfrm/xfrm_output.c
index 2519129c6d21..09cd9c0c2d80 100644
--- a/net/xfrm/xfrm_output.c
+++ b/net/xfrm/xfrm_output.c
@@ -150,7 +150,7 @@ static int xfrm_output_gso(struct sk_buff *skb)
150 150
151 segs = skb_gso_segment(skb, 0); 151 segs = skb_gso_segment(skb, 0);
152 kfree_skb(skb); 152 kfree_skb(skb);
153 if (unlikely(IS_ERR(segs))) 153 if (IS_ERR(segs))
154 return PTR_ERR(segs); 154 return PTR_ERR(segs);
155 155
156 do { 156 do {
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index e0c0390613c0..cae9fd815543 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -762,6 +762,7 @@ xfrm_policy_flush_secctx_check(u8 type, struct xfrm_audit *audit_info)
762 if (err) { 762 if (err) {
763 xfrm_audit_policy_delete(pol, 0, 763 xfrm_audit_policy_delete(pol, 0,
764 audit_info->loginuid, 764 audit_info->loginuid,
765 audit_info->sessionid,
765 audit_info->secid); 766 audit_info->secid);
766 return err; 767 return err;
767 } 768 }
@@ -777,6 +778,7 @@ xfrm_policy_flush_secctx_check(u8 type, struct xfrm_audit *audit_info)
777 if (err) { 778 if (err) {
778 xfrm_audit_policy_delete(pol, 0, 779 xfrm_audit_policy_delete(pol, 0,
779 audit_info->loginuid, 780 audit_info->loginuid,
781 audit_info->sessionid,
780 audit_info->secid); 782 audit_info->secid);
781 return err; 783 return err;
782 } 784 }
@@ -819,6 +821,7 @@ int xfrm_policy_flush(u8 type, struct xfrm_audit *audit_info)
819 write_unlock_bh(&xfrm_policy_lock); 821 write_unlock_bh(&xfrm_policy_lock);
820 822
821 xfrm_audit_policy_delete(pol, 1, audit_info->loginuid, 823 xfrm_audit_policy_delete(pol, 1, audit_info->loginuid,
824 audit_info->sessionid,
822 audit_info->secid); 825 audit_info->secid);
823 826
824 xfrm_policy_kill(pol); 827 xfrm_policy_kill(pol);
@@ -841,6 +844,7 @@ int xfrm_policy_flush(u8 type, struct xfrm_audit *audit_info)
841 844
842 xfrm_audit_policy_delete(pol, 1, 845 xfrm_audit_policy_delete(pol, 1,
843 audit_info->loginuid, 846 audit_info->loginuid,
847 audit_info->sessionid,
844 audit_info->secid); 848 audit_info->secid);
845 xfrm_policy_kill(pol); 849 xfrm_policy_kill(pol);
846 killed++; 850 killed++;
@@ -2472,14 +2476,14 @@ static void xfrm_audit_common_policyinfo(struct xfrm_policy *xp,
2472} 2476}
2473 2477
2474void xfrm_audit_policy_add(struct xfrm_policy *xp, int result, 2478void xfrm_audit_policy_add(struct xfrm_policy *xp, int result,
2475 u32 auid, u32 secid) 2479 uid_t auid, u32 sessionid, u32 secid)
2476{ 2480{
2477 struct audit_buffer *audit_buf; 2481 struct audit_buffer *audit_buf;
2478 2482
2479 audit_buf = xfrm_audit_start("SPD-add"); 2483 audit_buf = xfrm_audit_start("SPD-add");
2480 if (audit_buf == NULL) 2484 if (audit_buf == NULL)
2481 return; 2485 return;
2482 xfrm_audit_helper_usrinfo(auid, secid, audit_buf); 2486 xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
2483 audit_log_format(audit_buf, " res=%u", result); 2487 audit_log_format(audit_buf, " res=%u", result);
2484 xfrm_audit_common_policyinfo(xp, audit_buf); 2488 xfrm_audit_common_policyinfo(xp, audit_buf);
2485 audit_log_end(audit_buf); 2489 audit_log_end(audit_buf);
@@ -2487,14 +2491,14 @@ void xfrm_audit_policy_add(struct xfrm_policy *xp, int result,
2487EXPORT_SYMBOL_GPL(xfrm_audit_policy_add); 2491EXPORT_SYMBOL_GPL(xfrm_audit_policy_add);
2488 2492
2489void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result, 2493void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result,
2490 u32 auid, u32 secid) 2494 uid_t auid, u32 sessionid, u32 secid)
2491{ 2495{
2492 struct audit_buffer *audit_buf; 2496 struct audit_buffer *audit_buf;
2493 2497
2494 audit_buf = xfrm_audit_start("SPD-delete"); 2498 audit_buf = xfrm_audit_start("SPD-delete");
2495 if (audit_buf == NULL) 2499 if (audit_buf == NULL)
2496 return; 2500 return;
2497 xfrm_audit_helper_usrinfo(auid, secid, audit_buf); 2501 xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
2498 audit_log_format(audit_buf, " res=%u", result); 2502 audit_log_format(audit_buf, " res=%u", result);
2499 xfrm_audit_common_policyinfo(xp, audit_buf); 2503 xfrm_audit_common_policyinfo(xp, audit_buf);
2500 audit_log_end(audit_buf); 2504 audit_log_end(audit_buf);
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index fac27ce770d5..72fddafd891a 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -496,7 +496,8 @@ expired:
496 km_state_expired(x, 1, 0); 496 km_state_expired(x, 1, 0);
497 497
498 xfrm_audit_state_delete(x, err ? 0 : 1, 498 xfrm_audit_state_delete(x, err ? 0 : 1,
499 audit_get_loginuid(current), 0); 499 audit_get_loginuid(current),
500 audit_get_sessionid(current), 0);
500 501
501out: 502out:
502 spin_unlock(&x->lock); 503 spin_unlock(&x->lock);
@@ -603,6 +604,7 @@ xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
603 (err = security_xfrm_state_delete(x)) != 0) { 604 (err = security_xfrm_state_delete(x)) != 0) {
604 xfrm_audit_state_delete(x, 0, 605 xfrm_audit_state_delete(x, 0,
605 audit_info->loginuid, 606 audit_info->loginuid,
607 audit_info->sessionid,
606 audit_info->secid); 608 audit_info->secid);
607 return err; 609 return err;
608 } 610 }
@@ -641,6 +643,7 @@ restart:
641 err = xfrm_state_delete(x); 643 err = xfrm_state_delete(x);
642 xfrm_audit_state_delete(x, err ? 0 : 1, 644 xfrm_audit_state_delete(x, err ? 0 : 1,
643 audit_info->loginuid, 645 audit_info->loginuid,
646 audit_info->sessionid,
644 audit_info->secid); 647 audit_info->secid);
645 xfrm_state_put(x); 648 xfrm_state_put(x);
646 649
@@ -2123,14 +2126,14 @@ static void xfrm_audit_helper_pktinfo(struct sk_buff *skb, u16 family,
2123} 2126}
2124 2127
2125void xfrm_audit_state_add(struct xfrm_state *x, int result, 2128void xfrm_audit_state_add(struct xfrm_state *x, int result,
2126 u32 auid, u32 secid) 2129 uid_t auid, u32 sessionid, u32 secid)
2127{ 2130{
2128 struct audit_buffer *audit_buf; 2131 struct audit_buffer *audit_buf;
2129 2132
2130 audit_buf = xfrm_audit_start("SAD-add"); 2133 audit_buf = xfrm_audit_start("SAD-add");
2131 if (audit_buf == NULL) 2134 if (audit_buf == NULL)
2132 return; 2135 return;
2133 xfrm_audit_helper_usrinfo(auid, secid, audit_buf); 2136 xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
2134 xfrm_audit_helper_sainfo(x, audit_buf); 2137 xfrm_audit_helper_sainfo(x, audit_buf);
2135 audit_log_format(audit_buf, " res=%u", result); 2138 audit_log_format(audit_buf, " res=%u", result);
2136 audit_log_end(audit_buf); 2139 audit_log_end(audit_buf);
@@ -2138,14 +2141,14 @@ void xfrm_audit_state_add(struct xfrm_state *x, int result,
2138EXPORT_SYMBOL_GPL(xfrm_audit_state_add); 2141EXPORT_SYMBOL_GPL(xfrm_audit_state_add);
2139 2142
2140void xfrm_audit_state_delete(struct xfrm_state *x, int result, 2143void xfrm_audit_state_delete(struct xfrm_state *x, int result,
2141 u32 auid, u32 secid) 2144 uid_t auid, u32 sessionid, u32 secid)
2142{ 2145{
2143 struct audit_buffer *audit_buf; 2146 struct audit_buffer *audit_buf;
2144 2147
2145 audit_buf = xfrm_audit_start("SAD-delete"); 2148 audit_buf = xfrm_audit_start("SAD-delete");
2146 if (audit_buf == NULL) 2149 if (audit_buf == NULL)
2147 return; 2150 return;
2148 xfrm_audit_helper_usrinfo(auid, secid, audit_buf); 2151 xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
2149 xfrm_audit_helper_sainfo(x, audit_buf); 2152 xfrm_audit_helper_sainfo(x, audit_buf);
2150 audit_log_format(audit_buf, " res=%u", result); 2153 audit_log_format(audit_buf, " res=%u", result);
2151 audit_log_end(audit_buf); 2154 audit_log_end(audit_buf);
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 22a30ae582a2..a1b0fbe3ea35 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -407,6 +407,9 @@ static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh,
407 struct xfrm_state *x; 407 struct xfrm_state *x;
408 int err; 408 int err;
409 struct km_event c; 409 struct km_event c;
410 uid_t loginuid = NETLINK_CB(skb).loginuid;
411 u32 sessionid = NETLINK_CB(skb).sessionid;
412 u32 sid = NETLINK_CB(skb).sid;
410 413
411 err = verify_newsa_info(p, attrs); 414 err = verify_newsa_info(p, attrs);
412 if (err) 415 if (err)
@@ -422,8 +425,7 @@ static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh,
422 else 425 else
423 err = xfrm_state_update(x); 426 err = xfrm_state_update(x);
424 427
425 xfrm_audit_state_add(x, err ? 0 : 1, NETLINK_CB(skb).loginuid, 428 xfrm_audit_state_add(x, err ? 0 : 1, loginuid, sessionid, sid);
426 NETLINK_CB(skb).sid);
427 429
428 if (err < 0) { 430 if (err < 0) {
429 x->km.state = XFRM_STATE_DEAD; 431 x->km.state = XFRM_STATE_DEAD;
@@ -478,6 +480,9 @@ static int xfrm_del_sa(struct sk_buff *skb, struct nlmsghdr *nlh,
478 int err = -ESRCH; 480 int err = -ESRCH;
479 struct km_event c; 481 struct km_event c;
480 struct xfrm_usersa_id *p = nlmsg_data(nlh); 482 struct xfrm_usersa_id *p = nlmsg_data(nlh);
483 uid_t loginuid = NETLINK_CB(skb).loginuid;
484 u32 sessionid = NETLINK_CB(skb).sessionid;
485 u32 sid = NETLINK_CB(skb).sid;
481 486
482 x = xfrm_user_state_lookup(p, attrs, &err); 487 x = xfrm_user_state_lookup(p, attrs, &err);
483 if (x == NULL) 488 if (x == NULL)
@@ -502,8 +507,7 @@ static int xfrm_del_sa(struct sk_buff *skb, struct nlmsghdr *nlh,
502 km_state_notify(x, &c); 507 km_state_notify(x, &c);
503 508
504out: 509out:
505 xfrm_audit_state_delete(x, err ? 0 : 1, NETLINK_CB(skb).loginuid, 510 xfrm_audit_state_delete(x, err ? 0 : 1, loginuid, sessionid, sid);
506 NETLINK_CB(skb).sid);
507 xfrm_state_put(x); 511 xfrm_state_put(x);
508 return err; 512 return err;
509} 513}
@@ -1123,6 +1127,9 @@ static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
1123 struct km_event c; 1127 struct km_event c;
1124 int err; 1128 int err;
1125 int excl; 1129 int excl;
1130 uid_t loginuid = NETLINK_CB(skb).loginuid;
1131 u32 sessionid = NETLINK_CB(skb).sessionid;
1132 u32 sid = NETLINK_CB(skb).sid;
1126 1133
1127 err = verify_newpolicy_info(p); 1134 err = verify_newpolicy_info(p);
1128 if (err) 1135 if (err)
@@ -1141,8 +1148,7 @@ static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
1141 * a type XFRM_MSG_UPDPOLICY - JHS */ 1148 * a type XFRM_MSG_UPDPOLICY - JHS */
1142 excl = nlh->nlmsg_type == XFRM_MSG_NEWPOLICY; 1149 excl = nlh->nlmsg_type == XFRM_MSG_NEWPOLICY;
1143 err = xfrm_policy_insert(p->dir, xp, excl); 1150 err = xfrm_policy_insert(p->dir, xp, excl);
1144 xfrm_audit_policy_add(xp, err ? 0 : 1, NETLINK_CB(skb).loginuid, 1151 xfrm_audit_policy_add(xp, err ? 0 : 1, loginuid, sessionid, sid);
1145 NETLINK_CB(skb).sid);
1146 1152
1147 if (err) { 1153 if (err) {
1148 security_xfrm_policy_free(xp->security); 1154 security_xfrm_policy_free(xp->security);
@@ -1371,9 +1377,12 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
1371 NETLINK_CB(skb).pid); 1377 NETLINK_CB(skb).pid);
1372 } 1378 }
1373 } else { 1379 } else {
1374 xfrm_audit_policy_delete(xp, err ? 0 : 1, 1380 uid_t loginuid = NETLINK_CB(skb).loginuid;
1375 NETLINK_CB(skb).loginuid, 1381 u32 sessionid = NETLINK_CB(skb).sessionid;
1376 NETLINK_CB(skb).sid); 1382 u32 sid = NETLINK_CB(skb).sid;
1383
1384 xfrm_audit_policy_delete(xp, err ? 0 : 1, loginuid, sessionid,
1385 sid);
1377 1386
1378 if (err != 0) 1387 if (err != 0)
1379 goto out; 1388 goto out;
@@ -1399,6 +1408,7 @@ static int xfrm_flush_sa(struct sk_buff *skb, struct nlmsghdr *nlh,
1399 int err; 1408 int err;
1400 1409
1401 audit_info.loginuid = NETLINK_CB(skb).loginuid; 1410 audit_info.loginuid = NETLINK_CB(skb).loginuid;
1411 audit_info.sessionid = NETLINK_CB(skb).sessionid;
1402 audit_info.secid = NETLINK_CB(skb).sid; 1412 audit_info.secid = NETLINK_CB(skb).sid;
1403 err = xfrm_state_flush(p->proto, &audit_info); 1413 err = xfrm_state_flush(p->proto, &audit_info);
1404 if (err) 1414 if (err)
@@ -1546,6 +1556,7 @@ static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
1546 return err; 1556 return err;
1547 1557
1548 audit_info.loginuid = NETLINK_CB(skb).loginuid; 1558 audit_info.loginuid = NETLINK_CB(skb).loginuid;
1559 audit_info.sessionid = NETLINK_CB(skb).sessionid;
1549 audit_info.secid = NETLINK_CB(skb).sid; 1560 audit_info.secid = NETLINK_CB(skb).sid;
1550 err = xfrm_policy_flush(type, &audit_info); 1561 err = xfrm_policy_flush(type, &audit_info);
1551 if (err) 1562 if (err)
@@ -1604,9 +1615,11 @@ static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh,
1604 read_unlock(&xp->lock); 1615 read_unlock(&xp->lock);
1605 err = 0; 1616 err = 0;
1606 if (up->hard) { 1617 if (up->hard) {
1618 uid_t loginuid = NETLINK_CB(skb).loginuid;
1619 uid_t sessionid = NETLINK_CB(skb).sessionid;
1620 u32 sid = NETLINK_CB(skb).sid;
1607 xfrm_policy_delete(xp, p->dir); 1621 xfrm_policy_delete(xp, p->dir);
1608 xfrm_audit_policy_delete(xp, 1, NETLINK_CB(skb).loginuid, 1622 xfrm_audit_policy_delete(xp, 1, loginuid, sessionid, sid);
1609 NETLINK_CB(skb).sid);
1610 1623
1611 } else { 1624 } else {
1612 // reset the timers here? 1625 // reset the timers here?
@@ -1640,9 +1653,11 @@ static int xfrm_add_sa_expire(struct sk_buff *skb, struct nlmsghdr *nlh,
1640 km_state_expired(x, ue->hard, current->pid); 1653 km_state_expired(x, ue->hard, current->pid);
1641 1654
1642 if (ue->hard) { 1655 if (ue->hard) {
1656 uid_t loginuid = NETLINK_CB(skb).loginuid;
1657 uid_t sessionid = NETLINK_CB(skb).sessionid;
1658 u32 sid = NETLINK_CB(skb).sid;
1643 __xfrm_state_delete(x); 1659 __xfrm_state_delete(x);
1644 xfrm_audit_state_delete(x, 1, NETLINK_CB(skb).loginuid, 1660 xfrm_audit_state_delete(x, 1, loginuid, sessionid, sid);
1645 NETLINK_CB(skb).sid);
1646 } 1661 }
1647 err = 0; 1662 err = 0;
1648out: 1663out:
generated by cgit v1.2.2 (git 2.25.0) at 2025-12-30 03:47:38 -0500