aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
Diffstat (limited to 'net')
-rw-r--r--net/batman-adv/bat_iv_ogm.c6
-rw-r--r--net/bridge/br_device.c2
-rw-r--r--net/bridge/br_input.c2
-rw-r--r--net/bridge/br_mdb.c4
-rw-r--r--net/bridge/br_multicast.c3
-rw-r--r--net/bridge/br_netlink.c2
-rw-r--r--net/bridge/br_private.h4
-rw-r--r--net/ceph/osdmap.c42
-rw-r--r--net/core/dev.c7
-rw-r--r--net/core/rtnetlink.c3
-rw-r--r--net/dcb/dcbnl.c8
-rw-r--r--net/ieee802154/6lowpan.h2
-rw-r--r--net/ipv4/inet_connection_sock.c1
-rw-r--r--net/ipv4/inet_fragment.c20
-rw-r--r--net/ipv4/ip_fragment.c11
-rw-r--r--net/ipv4/ip_gre.c5
-rw-r--r--net/ipv4/ip_options.c7
-rw-r--r--net/ipv4/tcp.c2
-rw-r--r--net/ipv4/tcp_ipv4.c14
-rw-r--r--net/ipv4/tcp_output.c1
-rw-r--r--net/ipv6/ip6_input.c3
-rw-r--r--net/ipv6/netfilter/nf_conntrack_reasm.c12
-rw-r--r--net/ipv6/reassembly.c8
-rw-r--r--net/ipv6/tcp_ipv6.c7
-rw-r--r--net/irda/ircomm/ircomm_tty.c29
-rw-r--r--net/key/af_key.c8
-rw-r--r--net/mac80211/cfg.c21
-rw-r--r--net/mac80211/iface.c6
-rw-r--r--net/mac80211/mlme.c28
-rw-r--r--net/mac80211/tx.c3
-rw-r--r--net/netfilter/nf_conntrack_helper.c11
-rw-r--r--net/netfilter/nfnetlink.c7
-rw-r--r--net/netfilter/xt_AUDIT.c3
-rw-r--r--net/netlabel/netlabel_unlabeled.c27
-rw-r--r--net/nfc/llcp/llcp.c62
-rw-r--r--net/nfc/llcp/sock.c2
-rw-r--r--net/openvswitch/actions.c4
-rw-r--r--net/openvswitch/datapath.c3
-rw-r--r--net/openvswitch/flow.c6
-rw-r--r--net/openvswitch/vport-netdev.c3
-rw-r--r--net/openvswitch/vport.c3
-rw-r--r--net/rds/stats.c1
-rw-r--r--net/sched/sch_qfq.c66
-rw-r--r--net/sctp/associola.c2
-rw-r--r--net/sctp/sm_statefuns.c2
-rw-r--r--net/sunrpc/auth_gss/svcauth_gss.c12
-rw-r--r--net/sunrpc/rpc_pipe.c1
-rw-r--r--net/sunrpc/xprtsock.c15
-rw-r--r--net/wireless/core.c3
-rw-r--r--net/wireless/nl80211.c51
50 files changed, 364 insertions, 191 deletions
diff --git a/net/batman-adv/bat_iv_ogm.c b/net/batman-adv/bat_iv_ogm.c
index a0b253ecadaf..a5bb0a769eb9 100644
--- a/net/batman-adv/bat_iv_ogm.c
+++ b/net/batman-adv/bat_iv_ogm.c
@@ -1288,7 +1288,8 @@ static int batadv_iv_ogm_receive(struct sk_buff *skb,
1288 batadv_ogm_packet = (struct batadv_ogm_packet *)packet_buff; 1288 batadv_ogm_packet = (struct batadv_ogm_packet *)packet_buff;
1289 1289
1290 /* unpack the aggregated packets and process them one by one */ 1290 /* unpack the aggregated packets and process them one by one */
1291 do { 1291 while (batadv_iv_ogm_aggr_packet(buff_pos, packet_len,
1292 batadv_ogm_packet->tt_num_changes)) {
1292 tt_buff = packet_buff + buff_pos + BATADV_OGM_HLEN; 1293 tt_buff = packet_buff + buff_pos + BATADV_OGM_HLEN;
1293 1294
1294 batadv_iv_ogm_process(ethhdr, batadv_ogm_packet, tt_buff, 1295 batadv_iv_ogm_process(ethhdr, batadv_ogm_packet, tt_buff,
@@ -1299,8 +1300,7 @@ static int batadv_iv_ogm_receive(struct sk_buff *skb,
1299 1300
1300 packet_pos = packet_buff + buff_pos; 1301 packet_pos = packet_buff + buff_pos;
1301 batadv_ogm_packet = (struct batadv_ogm_packet *)packet_pos; 1302 batadv_ogm_packet = (struct batadv_ogm_packet *)packet_pos;
1302 } while (batadv_iv_ogm_aggr_packet(buff_pos, packet_len, 1303 }
1303 batadv_ogm_packet->tt_num_changes));
1304 1304
1305 kfree_skb(skb); 1305 kfree_skb(skb);
1306 return NET_RX_SUCCESS; 1306 return NET_RX_SUCCESS;
diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c
index d5f1d3fd4b28..314c73ed418f 100644
--- a/net/bridge/br_device.c
+++ b/net/bridge/br_device.c
@@ -66,7 +66,7 @@ netdev_tx_t br_dev_xmit(struct sk_buff *skb, struct net_device *dev)
66 goto out; 66 goto out;
67 } 67 }
68 68
69 mdst = br_mdb_get(br, skb); 69 mdst = br_mdb_get(br, skb, vid);
70 if (mdst || BR_INPUT_SKB_CB_MROUTERS_ONLY(skb)) 70 if (mdst || BR_INPUT_SKB_CB_MROUTERS_ONLY(skb))
71 br_multicast_deliver(mdst, skb); 71 br_multicast_deliver(mdst, skb);
72 else 72 else
diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c
index 480330151898..828e2bcc1f52 100644
--- a/net/bridge/br_input.c
+++ b/net/bridge/br_input.c
@@ -97,7 +97,7 @@ int br_handle_frame_finish(struct sk_buff *skb)
97 if (is_broadcast_ether_addr(dest)) 97 if (is_broadcast_ether_addr(dest))
98 skb2 = skb; 98 skb2 = skb;
99 else if (is_multicast_ether_addr(dest)) { 99 else if (is_multicast_ether_addr(dest)) {
100 mdst = br_mdb_get(br, skb); 100 mdst = br_mdb_get(br, skb, vid);
101 if (mdst || BR_INPUT_SKB_CB_MROUTERS_ONLY(skb)) { 101 if (mdst || BR_INPUT_SKB_CB_MROUTERS_ONLY(skb)) {
102 if ((mdst && mdst->mglist) || 102 if ((mdst && mdst->mglist) ||
103 br_multicast_is_router(br)) 103 br_multicast_is_router(br))
diff --git a/net/bridge/br_mdb.c b/net/bridge/br_mdb.c
index 9f97b850fc65..ee79f3f20383 100644
--- a/net/bridge/br_mdb.c
+++ b/net/bridge/br_mdb.c
@@ -80,6 +80,7 @@ static int br_mdb_fill_info(struct sk_buff *skb, struct netlink_callback *cb,
80 port = p->port; 80 port = p->port;
81 if (port) { 81 if (port) {
82 struct br_mdb_entry e; 82 struct br_mdb_entry e;
83 memset(&e, 0, sizeof(e));
83 e.ifindex = port->dev->ifindex; 84 e.ifindex = port->dev->ifindex;
84 e.state = p->state; 85 e.state = p->state;
85 if (p->addr.proto == htons(ETH_P_IP)) 86 if (p->addr.proto == htons(ETH_P_IP))
@@ -136,6 +137,7 @@ static int br_mdb_dump(struct sk_buff *skb, struct netlink_callback *cb)
136 break; 137 break;
137 138
138 bpm = nlmsg_data(nlh); 139 bpm = nlmsg_data(nlh);
140 memset(bpm, 0, sizeof(*bpm));
139 bpm->ifindex = dev->ifindex; 141 bpm->ifindex = dev->ifindex;
140 if (br_mdb_fill_info(skb, cb, dev) < 0) 142 if (br_mdb_fill_info(skb, cb, dev) < 0)
141 goto out; 143 goto out;
@@ -171,6 +173,7 @@ static int nlmsg_populate_mdb_fill(struct sk_buff *skb,
171 return -EMSGSIZE; 173 return -EMSGSIZE;
172 174
173 bpm = nlmsg_data(nlh); 175 bpm = nlmsg_data(nlh);
176 memset(bpm, 0, sizeof(*bpm));
174 bpm->family = AF_BRIDGE; 177 bpm->family = AF_BRIDGE;
175 bpm->ifindex = dev->ifindex; 178 bpm->ifindex = dev->ifindex;
176 nest = nla_nest_start(skb, MDBA_MDB); 179 nest = nla_nest_start(skb, MDBA_MDB);
@@ -228,6 +231,7 @@ void br_mdb_notify(struct net_device *dev, struct net_bridge_port *port,
228{ 231{
229 struct br_mdb_entry entry; 232 struct br_mdb_entry entry;
230 233
234 memset(&entry, 0, sizeof(entry));
231 entry.ifindex = port->dev->ifindex; 235 entry.ifindex = port->dev->ifindex;
232 entry.addr.proto = group->proto; 236 entry.addr.proto = group->proto;
233 entry.addr.u.ip4 = group->u.ip4; 237 entry.addr.u.ip4 = group->u.ip4;
diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c
index 10e6fce1bb62..923fbeaf7afd 100644
--- a/net/bridge/br_multicast.c
+++ b/net/bridge/br_multicast.c
@@ -132,7 +132,7 @@ static struct net_bridge_mdb_entry *br_mdb_ip6_get(
132#endif 132#endif
133 133
134struct net_bridge_mdb_entry *br_mdb_get(struct net_bridge *br, 134struct net_bridge_mdb_entry *br_mdb_get(struct net_bridge *br,
135 struct sk_buff *skb) 135 struct sk_buff *skb, u16 vid)
136{ 136{
137 struct net_bridge_mdb_htable *mdb = rcu_dereference(br->mdb); 137 struct net_bridge_mdb_htable *mdb = rcu_dereference(br->mdb);
138 struct br_ip ip; 138 struct br_ip ip;
@@ -144,6 +144,7 @@ struct net_bridge_mdb_entry *br_mdb_get(struct net_bridge *br,
144 return NULL; 144 return NULL;
145 145
146 ip.proto = skb->protocol; 146 ip.proto = skb->protocol;
147 ip.vid = vid;
147 148
148 switch (skb->protocol) { 149 switch (skb->protocol) {
149 case htons(ETH_P_IP): 150 case htons(ETH_P_IP):
diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c
index 27aa3ee517ce..299fc5f40a26 100644
--- a/net/bridge/br_netlink.c
+++ b/net/bridge/br_netlink.c
@@ -29,6 +29,7 @@ static inline size_t br_port_info_size(void)
29 + nla_total_size(1) /* IFLA_BRPORT_MODE */ 29 + nla_total_size(1) /* IFLA_BRPORT_MODE */
30 + nla_total_size(1) /* IFLA_BRPORT_GUARD */ 30 + nla_total_size(1) /* IFLA_BRPORT_GUARD */
31 + nla_total_size(1) /* IFLA_BRPORT_PROTECT */ 31 + nla_total_size(1) /* IFLA_BRPORT_PROTECT */
32 + nla_total_size(1) /* IFLA_BRPORT_FAST_LEAVE */
32 + 0; 33 + 0;
33} 34}
34 35
@@ -329,6 +330,7 @@ static int br_setport(struct net_bridge_port *p, struct nlattr *tb[])
329 br_set_port_flag(p, tb, IFLA_BRPORT_MODE, BR_HAIRPIN_MODE); 330 br_set_port_flag(p, tb, IFLA_BRPORT_MODE, BR_HAIRPIN_MODE);
330 br_set_port_flag(p, tb, IFLA_BRPORT_GUARD, BR_BPDU_GUARD); 331 br_set_port_flag(p, tb, IFLA_BRPORT_GUARD, BR_BPDU_GUARD);
331 br_set_port_flag(p, tb, IFLA_BRPORT_FAST_LEAVE, BR_MULTICAST_FAST_LEAVE); 332 br_set_port_flag(p, tb, IFLA_BRPORT_FAST_LEAVE, BR_MULTICAST_FAST_LEAVE);
333 br_set_port_flag(p, tb, IFLA_BRPORT_PROTECT, BR_ROOT_BLOCK);
332 334
333 if (tb[IFLA_BRPORT_COST]) { 335 if (tb[IFLA_BRPORT_COST]) {
334 err = br_stp_set_path_cost(p, nla_get_u32(tb[IFLA_BRPORT_COST])); 336 err = br_stp_set_path_cost(p, nla_get_u32(tb[IFLA_BRPORT_COST]));
diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h
index 6d314c4e6bcb..3cbf5beb3d4b 100644
--- a/net/bridge/br_private.h
+++ b/net/bridge/br_private.h
@@ -442,7 +442,7 @@ extern int br_multicast_rcv(struct net_bridge *br,
442 struct net_bridge_port *port, 442 struct net_bridge_port *port,
443 struct sk_buff *skb); 443 struct sk_buff *skb);
444extern struct net_bridge_mdb_entry *br_mdb_get(struct net_bridge *br, 444extern struct net_bridge_mdb_entry *br_mdb_get(struct net_bridge *br,
445 struct sk_buff *skb); 445 struct sk_buff *skb, u16 vid);
446extern void br_multicast_add_port(struct net_bridge_port *port); 446extern void br_multicast_add_port(struct net_bridge_port *port);
447extern void br_multicast_del_port(struct net_bridge_port *port); 447extern void br_multicast_del_port(struct net_bridge_port *port);
448extern void br_multicast_enable_port(struct net_bridge_port *port); 448extern void br_multicast_enable_port(struct net_bridge_port *port);
@@ -504,7 +504,7 @@ static inline int br_multicast_rcv(struct net_bridge *br,
504} 504}
505 505
506static inline struct net_bridge_mdb_entry *br_mdb_get(struct net_bridge *br, 506static inline struct net_bridge_mdb_entry *br_mdb_get(struct net_bridge *br,
507 struct sk_buff *skb) 507 struct sk_buff *skb, u16 vid)
508{ 508{
509 return NULL; 509 return NULL;
510} 510}
diff --git a/net/ceph/osdmap.c b/net/ceph/osdmap.c
index 69bc4bf89e3e..4543b9aba40c 100644
--- a/net/ceph/osdmap.c
+++ b/net/ceph/osdmap.c
@@ -654,6 +654,24 @@ static int osdmap_set_max_osd(struct ceph_osdmap *map, int max)
654 return 0; 654 return 0;
655} 655}
656 656
657static int __decode_pgid(void **p, void *end, struct ceph_pg *pg)
658{
659 u8 v;
660
661 ceph_decode_need(p, end, 1+8+4+4, bad);
662 v = ceph_decode_8(p);
663 if (v != 1)
664 goto bad;
665 pg->pool = ceph_decode_64(p);
666 pg->seed = ceph_decode_32(p);
667 *p += 4; /* skip preferred */
668 return 0;
669
670bad:
671 dout("error decoding pgid\n");
672 return -EINVAL;
673}
674
657/* 675/*
658 * decode a full map. 676 * decode a full map.
659 */ 677 */
@@ -745,13 +763,12 @@ struct ceph_osdmap *osdmap_decode(void **p, void *end)
745 for (i = 0; i < len; i++) { 763 for (i = 0; i < len; i++) {
746 int n, j; 764 int n, j;
747 struct ceph_pg pgid; 765 struct ceph_pg pgid;
748 struct ceph_pg_v1 pgid_v1;
749 struct ceph_pg_mapping *pg; 766 struct ceph_pg_mapping *pg;
750 767
751 ceph_decode_need(p, end, sizeof(u32) + sizeof(u64), bad); 768 err = __decode_pgid(p, end, &pgid);
752 ceph_decode_copy(p, &pgid_v1, sizeof(pgid_v1)); 769 if (err)
753 pgid.pool = le32_to_cpu(pgid_v1.pool); 770 goto bad;
754 pgid.seed = le16_to_cpu(pgid_v1.ps); 771 ceph_decode_need(p, end, sizeof(u32), bad);
755 n = ceph_decode_32(p); 772 n = ceph_decode_32(p);
756 err = -EINVAL; 773 err = -EINVAL;
757 if (n > (UINT_MAX - sizeof(*pg)) / sizeof(u32)) 774 if (n > (UINT_MAX - sizeof(*pg)) / sizeof(u32))
@@ -818,8 +835,8 @@ struct ceph_osdmap *osdmap_apply_incremental(void **p, void *end,
818 u16 version; 835 u16 version;
819 836
820 ceph_decode_16_safe(p, end, version, bad); 837 ceph_decode_16_safe(p, end, version, bad);
821 if (version > 6) { 838 if (version != 6) {
822 pr_warning("got unknown v %d > %d of inc osdmap\n", version, 6); 839 pr_warning("got unknown v %d != 6 of inc osdmap\n", version);
823 goto bad; 840 goto bad;
824 } 841 }
825 842
@@ -963,15 +980,14 @@ struct ceph_osdmap *osdmap_apply_incremental(void **p, void *end,
963 while (len--) { 980 while (len--) {
964 struct ceph_pg_mapping *pg; 981 struct ceph_pg_mapping *pg;
965 int j; 982 int j;
966 struct ceph_pg_v1 pgid_v1;
967 struct ceph_pg pgid; 983 struct ceph_pg pgid;
968 u32 pglen; 984 u32 pglen;
969 ceph_decode_need(p, end, sizeof(u64) + sizeof(u32), bad);
970 ceph_decode_copy(p, &pgid_v1, sizeof(pgid_v1));
971 pgid.pool = le32_to_cpu(pgid_v1.pool);
972 pgid.seed = le16_to_cpu(pgid_v1.ps);
973 pglen = ceph_decode_32(p);
974 985
986 err = __decode_pgid(p, end, &pgid);
987 if (err)
988 goto bad;
989 ceph_decode_need(p, end, sizeof(u32), bad);
990 pglen = ceph_decode_32(p);
975 if (pglen) { 991 if (pglen) {
976 ceph_decode_need(p, end, pglen*sizeof(u32), bad); 992 ceph_decode_need(p, end, pglen*sizeof(u32), bad);
977 993
diff --git a/net/core/dev.c b/net/core/dev.c
index a06a7a58dd11..d540ced1f6c6 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -2219,9 +2219,9 @@ struct sk_buff *skb_mac_gso_segment(struct sk_buff *skb,
2219 struct sk_buff *segs = ERR_PTR(-EPROTONOSUPPORT); 2219 struct sk_buff *segs = ERR_PTR(-EPROTONOSUPPORT);
2220 struct packet_offload *ptype; 2220 struct packet_offload *ptype;
2221 __be16 type = skb->protocol; 2221 __be16 type = skb->protocol;
2222 int vlan_depth = ETH_HLEN;
2222 2223
2223 while (type == htons(ETH_P_8021Q)) { 2224 while (type == htons(ETH_P_8021Q)) {
2224 int vlan_depth = ETH_HLEN;
2225 struct vlan_hdr *vh; 2225 struct vlan_hdr *vh;
2226 2226
2227 if (unlikely(!pskb_may_pull(skb, vlan_depth + VLAN_HLEN))) 2227 if (unlikely(!pskb_may_pull(skb, vlan_depth + VLAN_HLEN)))
@@ -3444,6 +3444,7 @@ ncls:
3444 } 3444 }
3445 switch (rx_handler(&skb)) { 3445 switch (rx_handler(&skb)) {
3446 case RX_HANDLER_CONSUMED: 3446 case RX_HANDLER_CONSUMED:
3447 ret = NET_RX_SUCCESS;
3447 goto unlock; 3448 goto unlock;
3448 case RX_HANDLER_ANOTHER: 3449 case RX_HANDLER_ANOTHER:
3449 goto another_round; 3450 goto another_round;
@@ -4103,7 +4104,7 @@ static void net_rx_action(struct softirq_action *h)
4103 * Allow this to run for 2 jiffies since which will allow 4104 * Allow this to run for 2 jiffies since which will allow
4104 * an average latency of 1.5/HZ. 4105 * an average latency of 1.5/HZ.
4105 */ 4106 */
4106 if (unlikely(budget <= 0 || time_after(jiffies, time_limit))) 4107 if (unlikely(budget <= 0 || time_after_eq(jiffies, time_limit)))
4107 goto softnet_break; 4108 goto softnet_break;
4108 4109
4109 local_irq_enable(); 4110 local_irq_enable();
@@ -4780,7 +4781,7 @@ EXPORT_SYMBOL(dev_set_mac_address);
4780/** 4781/**
4781 * dev_change_carrier - Change device carrier 4782 * dev_change_carrier - Change device carrier
4782 * @dev: device 4783 * @dev: device
4783 * @new_carries: new value 4784 * @new_carrier: new value
4784 * 4785 *
4785 * Change device carrier 4786 * Change device carrier
4786 */ 4787 */
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index b376410ff259..5fb8d7e47294 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -979,6 +979,7 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb, struct net_device *dev,
979 * report anything. 979 * report anything.
980 */ 980 */
981 ivi.spoofchk = -1; 981 ivi.spoofchk = -1;
982 memset(ivi.mac, 0, sizeof(ivi.mac));
982 if (dev->netdev_ops->ndo_get_vf_config(dev, i, &ivi)) 983 if (dev->netdev_ops->ndo_get_vf_config(dev, i, &ivi))
983 break; 984 break;
984 vf_mac.vf = 985 vf_mac.vf =
@@ -2620,7 +2621,7 @@ static int rtnetlink_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
2620 struct rtattr *attr = (void *)nlh + NLMSG_ALIGN(min_len); 2621 struct rtattr *attr = (void *)nlh + NLMSG_ALIGN(min_len);
2621 2622
2622 while (RTA_OK(attr, attrlen)) { 2623 while (RTA_OK(attr, attrlen)) {
2623 unsigned int flavor = attr->rta_type; 2624 unsigned int flavor = attr->rta_type & NLA_TYPE_MASK;
2624 if (flavor) { 2625 if (flavor) {
2625 if (flavor > rta_max[sz_idx]) 2626 if (flavor > rta_max[sz_idx])
2626 return -EINVAL; 2627 return -EINVAL;
diff --git a/net/dcb/dcbnl.c b/net/dcb/dcbnl.c
index 1b588e23cf80..21291f1abcd6 100644
--- a/net/dcb/dcbnl.c
+++ b/net/dcb/dcbnl.c
@@ -284,6 +284,7 @@ static int dcbnl_getperm_hwaddr(struct net_device *netdev, struct nlmsghdr *nlh,
284 if (!netdev->dcbnl_ops->getpermhwaddr) 284 if (!netdev->dcbnl_ops->getpermhwaddr)
285 return -EOPNOTSUPP; 285 return -EOPNOTSUPP;
286 286
287 memset(perm_addr, 0, sizeof(perm_addr));
287 netdev->dcbnl_ops->getpermhwaddr(netdev, perm_addr); 288 netdev->dcbnl_ops->getpermhwaddr(netdev, perm_addr);
288 289
289 return nla_put(skb, DCB_ATTR_PERM_HWADDR, sizeof(perm_addr), perm_addr); 290 return nla_put(skb, DCB_ATTR_PERM_HWADDR, sizeof(perm_addr), perm_addr);
@@ -1042,6 +1043,7 @@ static int dcbnl_ieee_fill(struct sk_buff *skb, struct net_device *netdev)
1042 1043
1043 if (ops->ieee_getets) { 1044 if (ops->ieee_getets) {
1044 struct ieee_ets ets; 1045 struct ieee_ets ets;
1046 memset(&ets, 0, sizeof(ets));
1045 err = ops->ieee_getets(netdev, &ets); 1047 err = ops->ieee_getets(netdev, &ets);
1046 if (!err && 1048 if (!err &&
1047 nla_put(skb, DCB_ATTR_IEEE_ETS, sizeof(ets), &ets)) 1049 nla_put(skb, DCB_ATTR_IEEE_ETS, sizeof(ets), &ets))
@@ -1050,6 +1052,7 @@ static int dcbnl_ieee_fill(struct sk_buff *skb, struct net_device *netdev)
1050 1052
1051 if (ops->ieee_getmaxrate) { 1053 if (ops->ieee_getmaxrate) {
1052 struct ieee_maxrate maxrate; 1054 struct ieee_maxrate maxrate;
1055 memset(&maxrate, 0, sizeof(maxrate));
1053 err = ops->ieee_getmaxrate(netdev, &maxrate); 1056 err = ops->ieee_getmaxrate(netdev, &maxrate);
1054 if (!err) { 1057 if (!err) {
1055 err = nla_put(skb, DCB_ATTR_IEEE_MAXRATE, 1058 err = nla_put(skb, DCB_ATTR_IEEE_MAXRATE,
@@ -1061,6 +1064,7 @@ static int dcbnl_ieee_fill(struct sk_buff *skb, struct net_device *netdev)
1061 1064
1062 if (ops->ieee_getpfc) { 1065 if (ops->ieee_getpfc) {
1063 struct ieee_pfc pfc; 1066 struct ieee_pfc pfc;
1067 memset(&pfc, 0, sizeof(pfc));
1064 err = ops->ieee_getpfc(netdev, &pfc); 1068 err = ops->ieee_getpfc(netdev, &pfc);
1065 if (!err && 1069 if (!err &&
1066 nla_put(skb, DCB_ATTR_IEEE_PFC, sizeof(pfc), &pfc)) 1070 nla_put(skb, DCB_ATTR_IEEE_PFC, sizeof(pfc), &pfc))
@@ -1094,6 +1098,7 @@ static int dcbnl_ieee_fill(struct sk_buff *skb, struct net_device *netdev)
1094 /* get peer info if available */ 1098 /* get peer info if available */
1095 if (ops->ieee_peer_getets) { 1099 if (ops->ieee_peer_getets) {
1096 struct ieee_ets ets; 1100 struct ieee_ets ets;
1101 memset(&ets, 0, sizeof(ets));
1097 err = ops->ieee_peer_getets(netdev, &ets); 1102 err = ops->ieee_peer_getets(netdev, &ets);
1098 if (!err && 1103 if (!err &&
1099 nla_put(skb, DCB_ATTR_IEEE_PEER_ETS, sizeof(ets), &ets)) 1104 nla_put(skb, DCB_ATTR_IEEE_PEER_ETS, sizeof(ets), &ets))
@@ -1102,6 +1107,7 @@ static int dcbnl_ieee_fill(struct sk_buff *skb, struct net_device *netdev)
1102 1107
1103 if (ops->ieee_peer_getpfc) { 1108 if (ops->ieee_peer_getpfc) {
1104 struct ieee_pfc pfc; 1109 struct ieee_pfc pfc;
1110 memset(&pfc, 0, sizeof(pfc));
1105 err = ops->ieee_peer_getpfc(netdev, &pfc); 1111 err = ops->ieee_peer_getpfc(netdev, &pfc);
1106 if (!err && 1112 if (!err &&
1107 nla_put(skb, DCB_ATTR_IEEE_PEER_PFC, sizeof(pfc), &pfc)) 1113 nla_put(skb, DCB_ATTR_IEEE_PEER_PFC, sizeof(pfc), &pfc))
@@ -1280,6 +1286,7 @@ static int dcbnl_cee_fill(struct sk_buff *skb, struct net_device *netdev)
1280 /* peer info if available */ 1286 /* peer info if available */
1281 if (ops->cee_peer_getpg) { 1287 if (ops->cee_peer_getpg) {
1282 struct cee_pg pg; 1288 struct cee_pg pg;
1289 memset(&pg, 0, sizeof(pg));
1283 err = ops->cee_peer_getpg(netdev, &pg); 1290 err = ops->cee_peer_getpg(netdev, &pg);
1284 if (!err && 1291 if (!err &&
1285 nla_put(skb, DCB_ATTR_CEE_PEER_PG, sizeof(pg), &pg)) 1292 nla_put(skb, DCB_ATTR_CEE_PEER_PG, sizeof(pg), &pg))
@@ -1288,6 +1295,7 @@ static int dcbnl_cee_fill(struct sk_buff *skb, struct net_device *netdev)
1288 1295
1289 if (ops->cee_peer_getpfc) { 1296 if (ops->cee_peer_getpfc) {
1290 struct cee_pfc pfc; 1297 struct cee_pfc pfc;
1298 memset(&pfc, 0, sizeof(pfc));
1291 err = ops->cee_peer_getpfc(netdev, &pfc); 1299 err = ops->cee_peer_getpfc(netdev, &pfc);
1292 if (!err && 1300 if (!err &&
1293 nla_put(skb, DCB_ATTR_CEE_PEER_PFC, sizeof(pfc), &pfc)) 1301 nla_put(skb, DCB_ATTR_CEE_PEER_PFC, sizeof(pfc), &pfc))
diff --git a/net/ieee802154/6lowpan.h b/net/ieee802154/6lowpan.h
index 8c2251fb0a3f..bba5f8336317 100644
--- a/net/ieee802154/6lowpan.h
+++ b/net/ieee802154/6lowpan.h
@@ -84,7 +84,7 @@
84 (memcmp(addr1, addr2, length >> 3) == 0) 84 (memcmp(addr1, addr2, length >> 3) == 0)
85 85
86/* local link, i.e. FE80::/10 */ 86/* local link, i.e. FE80::/10 */
87#define is_addr_link_local(a) (((a)->s6_addr16[0]) == 0x80FE) 87#define is_addr_link_local(a) (((a)->s6_addr16[0]) == htons(0xFE80))
88 88
89/* 89/*
90 * check whether we can compress the IID to 16 bits, 90 * check whether we can compress the IID to 16 bits,
diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c
index 7d1874be1df3..786d97aee751 100644
--- a/net/ipv4/inet_connection_sock.c
+++ b/net/ipv4/inet_connection_sock.c
@@ -735,6 +735,7 @@ EXPORT_SYMBOL(inet_csk_destroy_sock);
735 * tcp/dccp_create_openreq_child(). 735 * tcp/dccp_create_openreq_child().
736 */ 736 */
737void inet_csk_prepare_forced_close(struct sock *sk) 737void inet_csk_prepare_forced_close(struct sock *sk)
738 __releases(&sk->sk_lock.slock)
738{ 739{
739 /* sk_clone_lock locked the socket and set refcnt to 2 */ 740 /* sk_clone_lock locked the socket and set refcnt to 2 */
740 bh_unlock_sock(sk); 741 bh_unlock_sock(sk);
diff --git a/net/ipv4/inet_fragment.c b/net/ipv4/inet_fragment.c
index 245ae078a07f..f4fd23de9b13 100644
--- a/net/ipv4/inet_fragment.c
+++ b/net/ipv4/inet_fragment.c
@@ -21,6 +21,7 @@
21#include <linux/rtnetlink.h> 21#include <linux/rtnetlink.h>
22#include <linux/slab.h> 22#include <linux/slab.h>
23 23
24#include <net/sock.h>
24#include <net/inet_frag.h> 25#include <net/inet_frag.h>
25 26
26static void inet_frag_secret_rebuild(unsigned long dummy) 27static void inet_frag_secret_rebuild(unsigned long dummy)
@@ -277,6 +278,7 @@ struct inet_frag_queue *inet_frag_find(struct netns_frags *nf,
277 __releases(&f->lock) 278 __releases(&f->lock)
278{ 279{
279 struct inet_frag_queue *q; 280 struct inet_frag_queue *q;
281 int depth = 0;
280 282
281 hlist_for_each_entry(q, &f->hash[hash], list) { 283 hlist_for_each_entry(q, &f->hash[hash], list) {
282 if (q->net == nf && f->match(q, key)) { 284 if (q->net == nf && f->match(q, key)) {
@@ -284,9 +286,25 @@ struct inet_frag_queue *inet_frag_find(struct netns_frags *nf,
284 read_unlock(&f->lock); 286 read_unlock(&f->lock);
285 return q; 287 return q;
286 } 288 }
289 depth++;
287 } 290 }
288 read_unlock(&f->lock); 291 read_unlock(&f->lock);
289 292
290 return inet_frag_create(nf, f, key); 293 if (depth <= INETFRAGS_MAXDEPTH)
294 return inet_frag_create(nf, f, key);
295 else
296 return ERR_PTR(-ENOBUFS);
291} 297}
292EXPORT_SYMBOL(inet_frag_find); 298EXPORT_SYMBOL(inet_frag_find);
299
300void inet_frag_maybe_warn_overflow(struct inet_frag_queue *q,
301 const char *prefix)
302{
303 static const char msg[] = "inet_frag_find: Fragment hash bucket"
304 " list length grew over limit " __stringify(INETFRAGS_MAXDEPTH)
305 ". Dropping fragment.\n";
306
307 if (PTR_ERR(q) == -ENOBUFS)
308 LIMIT_NETDEBUG(KERN_WARNING "%s%s", prefix, msg);
309}
310EXPORT_SYMBOL(inet_frag_maybe_warn_overflow);
diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
index b6d30acb600c..a6445b843ef4 100644
--- a/net/ipv4/ip_fragment.c
+++ b/net/ipv4/ip_fragment.c
@@ -292,14 +292,11 @@ static inline struct ipq *ip_find(struct net *net, struct iphdr *iph, u32 user)
292 hash = ipqhashfn(iph->id, iph->saddr, iph->daddr, iph->protocol); 292 hash = ipqhashfn(iph->id, iph->saddr, iph->daddr, iph->protocol);
293 293
294 q = inet_frag_find(&net->ipv4.frags, &ip4_frags, &arg, hash); 294 q = inet_frag_find(&net->ipv4.frags, &ip4_frags, &arg, hash);
295 if (q == NULL) 295 if (IS_ERR_OR_NULL(q)) {
296 goto out_nomem; 296 inet_frag_maybe_warn_overflow(q, pr_fmt());
297 297 return NULL;
298 }
298 return container_of(q, struct ipq, q); 299 return container_of(q, struct ipq, q);
299
300out_nomem:
301 LIMIT_NETDEBUG(KERN_ERR pr_fmt("ip_frag_create: no memory left !\n"));
302 return NULL;
303} 300}
304 301
305/* Is the fragment too far ahead to be part of ipq? */ 302/* Is the fragment too far ahead to be part of ipq? */
diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
index d0ef0e674ec5..91d66dbde9c0 100644
--- a/net/ipv4/ip_gre.c
+++ b/net/ipv4/ip_gre.c
@@ -798,10 +798,7 @@ static netdev_tx_t ipgre_tunnel_xmit(struct sk_buff *skb, struct net_device *dev
798 798
799 if (dev->header_ops && dev->type == ARPHRD_IPGRE) { 799 if (dev->header_ops && dev->type == ARPHRD_IPGRE) {
800 gre_hlen = 0; 800 gre_hlen = 0;
801 if (skb->protocol == htons(ETH_P_IP)) 801 tiph = (const struct iphdr *)skb->data;
802 tiph = (const struct iphdr *)skb->data;
803 else
804 tiph = &tunnel->parms.iph;
805 } else { 802 } else {
806 gre_hlen = tunnel->hlen; 803 gre_hlen = tunnel->hlen;
807 tiph = &tunnel->parms.iph; 804 tiph = &tunnel->parms.iph;
diff --git a/net/ipv4/ip_options.c b/net/ipv4/ip_options.c
index f6289bf6f332..ec7264514a82 100644
--- a/net/ipv4/ip_options.c
+++ b/net/ipv4/ip_options.c
@@ -370,7 +370,6 @@ int ip_options_compile(struct net *net,
370 } 370 }
371 switch (optptr[3]&0xF) { 371 switch (optptr[3]&0xF) {
372 case IPOPT_TS_TSONLY: 372 case IPOPT_TS_TSONLY:
373 opt->ts = optptr - iph;
374 if (skb) 373 if (skb)
375 timeptr = &optptr[optptr[2]-1]; 374 timeptr = &optptr[optptr[2]-1];
376 opt->ts_needtime = 1; 375 opt->ts_needtime = 1;
@@ -381,7 +380,6 @@ int ip_options_compile(struct net *net,
381 pp_ptr = optptr + 2; 380 pp_ptr = optptr + 2;
382 goto error; 381 goto error;
383 } 382 }
384 opt->ts = optptr - iph;
385 if (rt) { 383 if (rt) {
386 spec_dst_fill(&spec_dst, skb); 384 spec_dst_fill(&spec_dst, skb);
387 memcpy(&optptr[optptr[2]-1], &spec_dst, 4); 385 memcpy(&optptr[optptr[2]-1], &spec_dst, 4);
@@ -396,7 +394,6 @@ int ip_options_compile(struct net *net,
396 pp_ptr = optptr + 2; 394 pp_ptr = optptr + 2;
397 goto error; 395 goto error;
398 } 396 }
399 opt->ts = optptr - iph;
400 { 397 {
401 __be32 addr; 398 __be32 addr;
402 memcpy(&addr, &optptr[optptr[2]-1], 4); 399 memcpy(&addr, &optptr[optptr[2]-1], 4);
@@ -423,18 +420,18 @@ int ip_options_compile(struct net *net,
423 put_unaligned_be32(midtime, timeptr); 420 put_unaligned_be32(midtime, timeptr);
424 opt->is_changed = 1; 421 opt->is_changed = 1;
425 } 422 }
426 } else { 423 } else if ((optptr[3]&0xF) != IPOPT_TS_PRESPEC) {
427 unsigned int overflow = optptr[3]>>4; 424 unsigned int overflow = optptr[3]>>4;
428 if (overflow == 15) { 425 if (overflow == 15) {
429 pp_ptr = optptr + 3; 426 pp_ptr = optptr + 3;
430 goto error; 427 goto error;
431 } 428 }
432 opt->ts = optptr - iph;
433 if (skb) { 429 if (skb) {
434 optptr[3] = (optptr[3]&0xF)|((overflow+1)<<4); 430 optptr[3] = (optptr[3]&0xF)|((overflow+1)<<4);
435 opt->is_changed = 1; 431 opt->is_changed = 1;
436 } 432 }
437 } 433 }
434 opt->ts = optptr - iph;
438 break; 435 break;
439 case IPOPT_RA: 436 case IPOPT_RA:
440 if (optlen < 4) { 437 if (optlen < 4) {
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index 47e854fcae24..e22020790709 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -775,7 +775,7 @@ struct sk_buff *sk_stream_alloc_skb(struct sock *sk, int size, gfp_t gfp)
775 * Make sure that we have exactly size bytes 775 * Make sure that we have exactly size bytes
776 * available to the caller, no more, no less. 776 * available to the caller, no more, no less.
777 */ 777 */
778 skb->avail_size = size; 778 skb->reserved_tailroom = skb->end - skb->tail - size;
779 return skb; 779 return skb;
780 } 780 }
781 __kfree_skb(skb); 781 __kfree_skb(skb);
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 4a8ec457310f..d09203c63264 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -274,13 +274,6 @@ static void tcp_v4_mtu_reduced(struct sock *sk)
274 struct inet_sock *inet = inet_sk(sk); 274 struct inet_sock *inet = inet_sk(sk);
275 u32 mtu = tcp_sk(sk)->mtu_info; 275 u32 mtu = tcp_sk(sk)->mtu_info;
276 276
277 /* We are not interested in TCP_LISTEN and open_requests (SYN-ACKs
278 * send out by Linux are always <576bytes so they should go through
279 * unfragmented).
280 */
281 if (sk->sk_state == TCP_LISTEN)
282 return;
283
284 dst = inet_csk_update_pmtu(sk, mtu); 277 dst = inet_csk_update_pmtu(sk, mtu);
285 if (!dst) 278 if (!dst)
286 return; 279 return;
@@ -408,6 +401,13 @@ void tcp_v4_err(struct sk_buff *icmp_skb, u32 info)
408 goto out; 401 goto out;
409 402
410 if (code == ICMP_FRAG_NEEDED) { /* PMTU discovery (RFC1191) */ 403 if (code == ICMP_FRAG_NEEDED) { /* PMTU discovery (RFC1191) */
404 /* We are not interested in TCP_LISTEN and open_requests
405 * (SYN-ACKs send out by Linux are always <576bytes so
406 * they should go through unfragmented).
407 */
408 if (sk->sk_state == TCP_LISTEN)
409 goto out;
410
411 tp->mtu_info = info; 411 tp->mtu_info = info;
412 if (!sock_owned_by_user(sk)) { 412 if (!sock_owned_by_user(sk)) {
413 tcp_v4_mtu_reduced(sk); 413 tcp_v4_mtu_reduced(sk);
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index e2b4461074da..817fbb396bc8 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -1298,7 +1298,6 @@ static void __pskb_trim_head(struct sk_buff *skb, int len)
1298 eat = min_t(int, len, skb_headlen(skb)); 1298 eat = min_t(int, len, skb_headlen(skb));
1299 if (eat) { 1299 if (eat) {
1300 __skb_pull(skb, eat); 1300 __skb_pull(skb, eat);
1301 skb->avail_size -= eat;
1302 len -= eat; 1301 len -= eat;
1303 if (!len) 1302 if (!len)
1304 return; 1303 return;
diff --git a/net/ipv6/ip6_input.c b/net/ipv6/ip6_input.c
index b1876e52091e..e33fe0ab2568 100644
--- a/net/ipv6/ip6_input.c
+++ b/net/ipv6/ip6_input.c
@@ -281,7 +281,8 @@ int ip6_mc_input(struct sk_buff *skb)
281 * IPv6 multicast router mode is now supported ;) 281 * IPv6 multicast router mode is now supported ;)
282 */ 282 */
283 if (dev_net(skb->dev)->ipv6.devconf_all->mc_forwarding && 283 if (dev_net(skb->dev)->ipv6.devconf_all->mc_forwarding &&
284 !(ipv6_addr_type(&hdr->daddr) & IPV6_ADDR_LINKLOCAL) && 284 !(ipv6_addr_type(&hdr->daddr) &
285 (IPV6_ADDR_LOOPBACK|IPV6_ADDR_LINKLOCAL)) &&
285 likely(!(IP6CB(skb)->flags & IP6SKB_FORWARDED))) { 286 likely(!(IP6CB(skb)->flags & IP6SKB_FORWARDED))) {
286 /* 287 /*
287 * Okay, we try to forward - split and duplicate 288 * Okay, we try to forward - split and duplicate
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
index 54087e96d7b8..6700069949dd 100644
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -14,6 +14,8 @@
14 * 2 of the License, or (at your option) any later version. 14 * 2 of the License, or (at your option) any later version.
15 */ 15 */
16 16
17#define pr_fmt(fmt) "IPv6-nf: " fmt
18
17#include <linux/errno.h> 19#include <linux/errno.h>
18#include <linux/types.h> 20#include <linux/types.h>
19#include <linux/string.h> 21#include <linux/string.h>
@@ -180,13 +182,11 @@ static inline struct frag_queue *fq_find(struct net *net, __be32 id,
180 182
181 q = inet_frag_find(&net->nf_frag.frags, &nf_frags, &arg, hash); 183 q = inet_frag_find(&net->nf_frag.frags, &nf_frags, &arg, hash);
182 local_bh_enable(); 184 local_bh_enable();
183 if (q == NULL) 185 if (IS_ERR_OR_NULL(q)) {
184 goto oom; 186 inet_frag_maybe_warn_overflow(q, pr_fmt());
185 187 return NULL;
188 }
186 return container_of(q, struct frag_queue, q); 189 return container_of(q, struct frag_queue, q);
187
188oom:
189 return NULL;
190} 190}
191 191
192 192
diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c
index 3c6a77290c6e..196ab9347ad1 100644
--- a/net/ipv6/reassembly.c
+++ b/net/ipv6/reassembly.c
@@ -26,6 +26,9 @@
26 * YOSHIFUJI,H. @USAGI Always remove fragment header to 26 * YOSHIFUJI,H. @USAGI Always remove fragment header to
27 * calculate ICV correctly. 27 * calculate ICV correctly.
28 */ 28 */
29
30#define pr_fmt(fmt) "IPv6: " fmt
31
29#include <linux/errno.h> 32#include <linux/errno.h>
30#include <linux/types.h> 33#include <linux/types.h>
31#include <linux/string.h> 34#include <linux/string.h>
@@ -185,9 +188,10 @@ fq_find(struct net *net, __be32 id, const struct in6_addr *src, const struct in6
185 hash = inet6_hash_frag(id, src, dst, ip6_frags.rnd); 188 hash = inet6_hash_frag(id, src, dst, ip6_frags.rnd);
186 189
187 q = inet_frag_find(&net->ipv6.frags, &ip6_frags, &arg, hash); 190 q = inet_frag_find(&net->ipv6.frags, &ip6_frags, &arg, hash);
188 if (q == NULL) 191 if (IS_ERR_OR_NULL(q)) {
192 inet_frag_maybe_warn_overflow(q, pr_fmt());
189 return NULL; 193 return NULL;
190 194 }
191 return container_of(q, struct frag_queue, q); 195 return container_of(q, struct frag_queue, q);
192} 196}
193 197
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index 9b6460055df5..f6d629fd6aee 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -389,6 +389,13 @@ static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
389 } 389 }
390 390
391 if (type == ICMPV6_PKT_TOOBIG) { 391 if (type == ICMPV6_PKT_TOOBIG) {
392 /* We are not interested in TCP_LISTEN and open_requests
393 * (SYN-ACKs send out by Linux are always <576bytes so
394 * they should go through unfragmented).
395 */
396 if (sk->sk_state == TCP_LISTEN)
397 goto out;
398
392 tp->mtu_info = ntohl(info); 399 tp->mtu_info = ntohl(info);
393 if (!sock_owned_by_user(sk)) 400 if (!sock_owned_by_user(sk))
394 tcp_v6_mtu_reduced(sk); 401 tcp_v6_mtu_reduced(sk);
diff --git a/net/irda/ircomm/ircomm_tty.c b/net/irda/ircomm/ircomm_tty.c
index 9a5fd3c3e530..362ba47968e4 100644
--- a/net/irda/ircomm/ircomm_tty.c
+++ b/net/irda/ircomm/ircomm_tty.c
@@ -280,7 +280,7 @@ static int ircomm_tty_block_til_ready(struct ircomm_tty_cb *self,
280 struct tty_port *port = &self->port; 280 struct tty_port *port = &self->port;
281 DECLARE_WAITQUEUE(wait, current); 281 DECLARE_WAITQUEUE(wait, current);
282 int retval; 282 int retval;
283 int do_clocal = 0, extra_count = 0; 283 int do_clocal = 0;
284 unsigned long flags; 284 unsigned long flags;
285 285
286 IRDA_DEBUG(2, "%s()\n", __func__ ); 286 IRDA_DEBUG(2, "%s()\n", __func__ );
@@ -289,8 +289,15 @@ static int ircomm_tty_block_til_ready(struct ircomm_tty_cb *self,
289 * If non-blocking mode is set, or the port is not enabled, 289 * If non-blocking mode is set, or the port is not enabled,
290 * then make the check up front and then exit. 290 * then make the check up front and then exit.
291 */ 291 */
292 if (filp->f_flags & O_NONBLOCK || tty->flags & (1 << TTY_IO_ERROR)){ 292 if (test_bit(TTY_IO_ERROR, &tty->flags)) {
293 /* nonblock mode is set or port is not enabled */ 293 port->flags |= ASYNC_NORMAL_ACTIVE;
294 return 0;
295 }
296
297 if (filp->f_flags & O_NONBLOCK) {
298 /* nonblock mode is set */
299 if (tty->termios.c_cflag & CBAUD)
300 tty_port_raise_dtr_rts(port);
294 port->flags |= ASYNC_NORMAL_ACTIVE; 301 port->flags |= ASYNC_NORMAL_ACTIVE;
295 IRDA_DEBUG(1, "%s(), O_NONBLOCK requested!\n", __func__ ); 302 IRDA_DEBUG(1, "%s(), O_NONBLOCK requested!\n", __func__ );
296 return 0; 303 return 0;
@@ -315,18 +322,16 @@ static int ircomm_tty_block_til_ready(struct ircomm_tty_cb *self,
315 __FILE__, __LINE__, tty->driver->name, port->count); 322 __FILE__, __LINE__, tty->driver->name, port->count);
316 323
317 spin_lock_irqsave(&port->lock, flags); 324 spin_lock_irqsave(&port->lock, flags);
318 if (!tty_hung_up_p(filp)) { 325 if (!tty_hung_up_p(filp))
319 extra_count = 1;
320 port->count--; 326 port->count--;
321 }
322 spin_unlock_irqrestore(&port->lock, flags);
323 port->blocked_open++; 327 port->blocked_open++;
328 spin_unlock_irqrestore(&port->lock, flags);
324 329
325 while (1) { 330 while (1) {
326 if (tty->termios.c_cflag & CBAUD) 331 if (tty->termios.c_cflag & CBAUD)
327 tty_port_raise_dtr_rts(port); 332 tty_port_raise_dtr_rts(port);
328 333
329 current->state = TASK_INTERRUPTIBLE; 334 set_current_state(TASK_INTERRUPTIBLE);
330 335
331 if (tty_hung_up_p(filp) || 336 if (tty_hung_up_p(filp) ||
332 !test_bit(ASYNCB_INITIALIZED, &port->flags)) { 337 !test_bit(ASYNCB_INITIALIZED, &port->flags)) {
@@ -361,13 +366,11 @@ static int ircomm_tty_block_til_ready(struct ircomm_tty_cb *self,
361 __set_current_state(TASK_RUNNING); 366 __set_current_state(TASK_RUNNING);
362 remove_wait_queue(&port->open_wait, &wait); 367 remove_wait_queue(&port->open_wait, &wait);
363 368
364 if (extra_count) { 369 spin_lock_irqsave(&port->lock, flags);
365 /* ++ is not atomic, so this should be protected - Jean II */ 370 if (!tty_hung_up_p(filp))
366 spin_lock_irqsave(&port->lock, flags);
367 port->count++; 371 port->count++;
368 spin_unlock_irqrestore(&port->lock, flags);
369 }
370 port->blocked_open--; 372 port->blocked_open--;
373 spin_unlock_irqrestore(&port->lock, flags);
371 374
372 IRDA_DEBUG(1, "%s(%d):block_til_ready after blocking on %s open_count=%d\n", 375 IRDA_DEBUG(1, "%s(%d):block_til_ready after blocking on %s open_count=%d\n",
373 __FILE__, __LINE__, tty->driver->name, port->count); 376 __FILE__, __LINE__, tty->driver->name, port->count);
diff --git a/net/key/af_key.c b/net/key/af_key.c
index 556fdafdd1ea..8555f331ea60 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -2201,7 +2201,7 @@ static int pfkey_spdadd(struct sock *sk, struct sk_buff *skb, const struct sadb_
2201 XFRM_POLICY_BLOCK : XFRM_POLICY_ALLOW); 2201 XFRM_POLICY_BLOCK : XFRM_POLICY_ALLOW);
2202 xp->priority = pol->sadb_x_policy_priority; 2202 xp->priority = pol->sadb_x_policy_priority;
2203 2203
2204 sa = ext_hdrs[SADB_EXT_ADDRESS_SRC-1], 2204 sa = ext_hdrs[SADB_EXT_ADDRESS_SRC-1];
2205 xp->family = pfkey_sadb_addr2xfrm_addr(sa, &xp->selector.saddr); 2205 xp->family = pfkey_sadb_addr2xfrm_addr(sa, &xp->selector.saddr);
2206 if (!xp->family) { 2206 if (!xp->family) {
2207 err = -EINVAL; 2207 err = -EINVAL;
@@ -2214,7 +2214,7 @@ static int pfkey_spdadd(struct sock *sk, struct sk_buff *skb, const struct sadb_
2214 if (xp->selector.sport) 2214 if (xp->selector.sport)
2215 xp->selector.sport_mask = htons(0xffff); 2215 xp->selector.sport_mask = htons(0xffff);
2216 2216
2217 sa = ext_hdrs[SADB_EXT_ADDRESS_DST-1], 2217 sa = ext_hdrs[SADB_EXT_ADDRESS_DST-1];
2218 pfkey_sadb_addr2xfrm_addr(sa, &xp->selector.daddr); 2218 pfkey_sadb_addr2xfrm_addr(sa, &xp->selector.daddr);
2219 xp->selector.prefixlen_d = sa->sadb_address_prefixlen; 2219 xp->selector.prefixlen_d = sa->sadb_address_prefixlen;
2220 2220
@@ -2315,7 +2315,7 @@ static int pfkey_spddelete(struct sock *sk, struct sk_buff *skb, const struct sa
2315 2315
2316 memset(&sel, 0, sizeof(sel)); 2316 memset(&sel, 0, sizeof(sel));
2317 2317
2318 sa = ext_hdrs[SADB_EXT_ADDRESS_SRC-1], 2318 sa = ext_hdrs[SADB_EXT_ADDRESS_SRC-1];
2319 sel.family = pfkey_sadb_addr2xfrm_addr(sa, &sel.saddr); 2319 sel.family = pfkey_sadb_addr2xfrm_addr(sa, &sel.saddr);
2320 sel.prefixlen_s = sa->sadb_address_prefixlen; 2320 sel.prefixlen_s = sa->sadb_address_prefixlen;
2321 sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto); 2321 sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
@@ -2323,7 +2323,7 @@ static int pfkey_spddelete(struct sock *sk, struct sk_buff *skb, const struct sa
2323 if (sel.sport) 2323 if (sel.sport)
2324 sel.sport_mask = htons(0xffff); 2324 sel.sport_mask = htons(0xffff);
2325 2325
2326 sa = ext_hdrs[SADB_EXT_ADDRESS_DST-1], 2326 sa = ext_hdrs[SADB_EXT_ADDRESS_DST-1];
2327 pfkey_sadb_addr2xfrm_addr(sa, &sel.daddr); 2327 pfkey_sadb_addr2xfrm_addr(sa, &sel.daddr);
2328 sel.prefixlen_d = sa->sadb_address_prefixlen; 2328 sel.prefixlen_d = sa->sadb_address_prefixlen;
2329 sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto); 2329 sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index 808f5fcd1ced..fb306814576a 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -3290,14 +3290,19 @@ static int ieee80211_cfg_get_channel(struct wiphy *wiphy,
3290 int ret = -ENODATA; 3290 int ret = -ENODATA;
3291 3291
3292 rcu_read_lock(); 3292 rcu_read_lock();
3293 if (local->use_chanctx) { 3293 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
3294 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf); 3294 if (chanctx_conf) {
3295 if (chanctx_conf) { 3295 *chandef = chanctx_conf->def;
3296 *chandef = chanctx_conf->def; 3296 ret = 0;
3297 ret = 0; 3297 } else if (local->open_count > 0 &&
3298 } 3298 local->open_count == local->monitors &&
3299 } else if (local->open_count == local->monitors) { 3299 sdata->vif.type == NL80211_IFTYPE_MONITOR) {
3300 *chandef = local->monitor_chandef; 3300 if (local->use_chanctx)
3301 *chandef = local->monitor_chandef;
3302 else
3303 cfg80211_chandef_create(chandef,
3304 local->_oper_channel,
3305 local->_oper_channel_type);
3301 ret = 0; 3306 ret = 0;
3302 } 3307 }
3303 rcu_read_unlock(); 3308 rcu_read_unlock();
diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
index 640afab304d7..baaa8608e52d 100644
--- a/net/mac80211/iface.c
+++ b/net/mac80211/iface.c
@@ -541,6 +541,9 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up)
541 541
542 ieee80211_adjust_monitor_flags(sdata, 1); 542 ieee80211_adjust_monitor_flags(sdata, 1);
543 ieee80211_configure_filter(local); 543 ieee80211_configure_filter(local);
544 mutex_lock(&local->mtx);
545 ieee80211_recalc_idle(local);
546 mutex_unlock(&local->mtx);
544 547
545 netif_carrier_on(dev); 548 netif_carrier_on(dev);
546 break; 549 break;
@@ -812,6 +815,9 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
812 815
813 ieee80211_adjust_monitor_flags(sdata, -1); 816 ieee80211_adjust_monitor_flags(sdata, -1);
814 ieee80211_configure_filter(local); 817 ieee80211_configure_filter(local);
818 mutex_lock(&local->mtx);
819 ieee80211_recalc_idle(local);
820 mutex_unlock(&local->mtx);
815 break; 821 break;
816 case NL80211_IFTYPE_P2P_DEVICE: 822 case NL80211_IFTYPE_P2P_DEVICE:
817 /* relies on synchronize_rcu() below */ 823 /* relies on synchronize_rcu() below */
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index 9f6464f3e05f..141577412d84 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -647,6 +647,9 @@ static void ieee80211_add_vht_ie(struct ieee80211_sub_if_data *sdata,
647 our_mcs = (le16_to_cpu(vht_cap.vht_mcs.rx_mcs_map) & 647 our_mcs = (le16_to_cpu(vht_cap.vht_mcs.rx_mcs_map) &
648 mask) >> shift; 648 mask) >> shift;
649 649
650 if (our_mcs == IEEE80211_VHT_MCS_NOT_SUPPORTED)
651 continue;
652
650 switch (ap_mcs) { 653 switch (ap_mcs) {
651 default: 654 default:
652 if (our_mcs <= ap_mcs) 655 if (our_mcs <= ap_mcs)
@@ -3503,6 +3506,14 @@ void ieee80211_sta_quiesce(struct ieee80211_sub_if_data *sdata)
3503 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3506 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3504 3507
3505 /* 3508 /*
3509 * Stop timers before deleting work items, as timers
3510 * could race and re-add the work-items. They will be
3511 * re-established on connection.
3512 */
3513 del_timer_sync(&ifmgd->conn_mon_timer);
3514 del_timer_sync(&ifmgd->bcn_mon_timer);
3515
3516 /*
3506 * we need to use atomic bitops for the running bits 3517 * we need to use atomic bitops for the running bits
3507 * only because both timers might fire at the same 3518 * only because both timers might fire at the same
3508 * time -- the code here is properly synchronised. 3519 * time -- the code here is properly synchronised.
@@ -3516,13 +3527,9 @@ void ieee80211_sta_quiesce(struct ieee80211_sub_if_data *sdata)
3516 if (del_timer_sync(&ifmgd->timer)) 3527 if (del_timer_sync(&ifmgd->timer))
3517 set_bit(TMR_RUNNING_TIMER, &ifmgd->timers_running); 3528 set_bit(TMR_RUNNING_TIMER, &ifmgd->timers_running);
3518 3529
3519 cancel_work_sync(&ifmgd->chswitch_work);
3520 if (del_timer_sync(&ifmgd->chswitch_timer)) 3530 if (del_timer_sync(&ifmgd->chswitch_timer))
3521 set_bit(TMR_RUNNING_CHANSW, &ifmgd->timers_running); 3531 set_bit(TMR_RUNNING_CHANSW, &ifmgd->timers_running);
3522 3532 cancel_work_sync(&ifmgd->chswitch_work);
3523 /* these will just be re-established on connection */
3524 del_timer_sync(&ifmgd->conn_mon_timer);
3525 del_timer_sync(&ifmgd->bcn_mon_timer);
3526} 3533}
3527 3534
3528void ieee80211_sta_restart(struct ieee80211_sub_if_data *sdata) 3535void ieee80211_sta_restart(struct ieee80211_sub_if_data *sdata)
@@ -4315,6 +4322,17 @@ void ieee80211_mgd_stop(struct ieee80211_sub_if_data *sdata)
4315{ 4322{
4316 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4323 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4317 4324
4325 /*
4326 * Make sure some work items will not run after this,
4327 * they will not do anything but might not have been
4328 * cancelled when disconnecting.
4329 */
4330 cancel_work_sync(&ifmgd->monitor_work);
4331 cancel_work_sync(&ifmgd->beacon_connection_loss_work);
4332 cancel_work_sync(&ifmgd->request_smps_work);
4333 cancel_work_sync(&ifmgd->csa_connection_drop_work);
4334 cancel_work_sync(&ifmgd->chswitch_work);
4335
4318 mutex_lock(&ifmgd->mtx); 4336 mutex_lock(&ifmgd->mtx);
4319 if (ifmgd->assoc_data) 4337 if (ifmgd->assoc_data)
4320 ieee80211_destroy_assoc_data(sdata, false); 4338 ieee80211_destroy_assoc_data(sdata, false);
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index ce78d1149f1d..8914d2d2881a 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -2745,7 +2745,8 @@ ieee80211_get_buffered_bc(struct ieee80211_hw *hw,
2745 cpu_to_le16(IEEE80211_FCTL_MOREDATA); 2745 cpu_to_le16(IEEE80211_FCTL_MOREDATA);
2746 } 2746 }
2747 2747
2748 sdata = IEEE80211_DEV_TO_SUB_IF(skb->dev); 2748 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
2749 sdata = IEEE80211_DEV_TO_SUB_IF(skb->dev);
2749 if (!ieee80211_tx_prepare(sdata, &tx, skb)) 2750 if (!ieee80211_tx_prepare(sdata, &tx, skb))
2750 break; 2751 break;
2751 dev_kfree_skb_any(skb); 2752 dev_kfree_skb_any(skb);
diff --git a/net/netfilter/nf_conntrack_helper.c b/net/netfilter/nf_conntrack_helper.c
index a9740bd6fe54..94b4b9853f60 100644
--- a/net/netfilter/nf_conntrack_helper.c
+++ b/net/netfilter/nf_conntrack_helper.c
@@ -339,6 +339,13 @@ void nf_ct_helper_log(struct sk_buff *skb, const struct nf_conn *ct,
339{ 339{
340 const struct nf_conn_help *help; 340 const struct nf_conn_help *help;
341 const struct nf_conntrack_helper *helper; 341 const struct nf_conntrack_helper *helper;
342 struct va_format vaf;
343 va_list args;
344
345 va_start(args, fmt);
346
347 vaf.fmt = fmt;
348 vaf.va = &args;
342 349
343 /* Called from the helper function, this call never fails */ 350 /* Called from the helper function, this call never fails */
344 help = nfct_help(ct); 351 help = nfct_help(ct);
@@ -347,7 +354,9 @@ void nf_ct_helper_log(struct sk_buff *skb, const struct nf_conn *ct,
347 helper = rcu_dereference(help->helper); 354 helper = rcu_dereference(help->helper);
348 355
349 nf_log_packet(nf_ct_l3num(ct), 0, skb, NULL, NULL, NULL, 356 nf_log_packet(nf_ct_l3num(ct), 0, skb, NULL, NULL, NULL,
350 "nf_ct_%s: dropping packet: %s ", helper->name, fmt); 357 "nf_ct_%s: dropping packet: %pV ", helper->name, &vaf);
358
359 va_end(args);
351} 360}
352EXPORT_SYMBOL_GPL(nf_ct_helper_log); 361EXPORT_SYMBOL_GPL(nf_ct_helper_log);
353 362
diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c
index d578ec251712..0b1b32cda307 100644
--- a/net/netfilter/nfnetlink.c
+++ b/net/netfilter/nfnetlink.c
@@ -62,11 +62,6 @@ void nfnl_unlock(__u8 subsys_id)
62} 62}
63EXPORT_SYMBOL_GPL(nfnl_unlock); 63EXPORT_SYMBOL_GPL(nfnl_unlock);
64 64
65static struct mutex *nfnl_get_lock(__u8 subsys_id)
66{
67 return &table[subsys_id].mutex;
68}
69
70int nfnetlink_subsys_register(const struct nfnetlink_subsystem *n) 65int nfnetlink_subsys_register(const struct nfnetlink_subsystem *n)
71{ 66{
72 nfnl_lock(n->subsys_id); 67 nfnl_lock(n->subsys_id);
@@ -199,7 +194,7 @@ replay:
199 rcu_read_unlock(); 194 rcu_read_unlock();
200 nfnl_lock(subsys_id); 195 nfnl_lock(subsys_id);
201 if (rcu_dereference_protected(table[subsys_id].subsys, 196 if (rcu_dereference_protected(table[subsys_id].subsys,
202 lockdep_is_held(nfnl_get_lock(subsys_id))) != ss || 197 lockdep_is_held(&table[subsys_id].mutex)) != ss ||
203 nfnetlink_find_client(type, ss) != nc) 198 nfnetlink_find_client(type, ss) != nc)
204 err = -EAGAIN; 199 err = -EAGAIN;
205 else if (nc->call) 200 else if (nc->call)
diff --git a/net/netfilter/xt_AUDIT.c b/net/netfilter/xt_AUDIT.c
index ba92824086f3..3228d7f24eb4 100644
--- a/net/netfilter/xt_AUDIT.c
+++ b/net/netfilter/xt_AUDIT.c
@@ -124,6 +124,9 @@ audit_tg(struct sk_buff *skb, const struct xt_action_param *par)
124 const struct xt_audit_info *info = par->targinfo; 124 const struct xt_audit_info *info = par->targinfo;
125 struct audit_buffer *ab; 125 struct audit_buffer *ab;
126 126
127 if (audit_enabled == 0)
128 goto errout;
129
127 ab = audit_log_start(NULL, GFP_ATOMIC, AUDIT_NETFILTER_PKT); 130 ab = audit_log_start(NULL, GFP_ATOMIC, AUDIT_NETFILTER_PKT);
128 if (ab == NULL) 131 if (ab == NULL)
129 goto errout; 132 goto errout;
diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c
index 847d495cd4de..8a6c6ea466d8 100644
--- a/net/netlabel/netlabel_unlabeled.c
+++ b/net/netlabel/netlabel_unlabeled.c
@@ -1189,8 +1189,6 @@ static int netlbl_unlabel_staticlist(struct sk_buff *skb,
1189 struct netlbl_unlhsh_walk_arg cb_arg; 1189 struct netlbl_unlhsh_walk_arg cb_arg;
1190 u32 skip_bkt = cb->args[0]; 1190 u32 skip_bkt = cb->args[0];
1191 u32 skip_chain = cb->args[1]; 1191 u32 skip_chain = cb->args[1];
1192 u32 skip_addr4 = cb->args[2];
1193 u32 skip_addr6 = cb->args[3];
1194 u32 iter_bkt; 1192 u32 iter_bkt;
1195 u32 iter_chain = 0, iter_addr4 = 0, iter_addr6 = 0; 1193 u32 iter_chain = 0, iter_addr4 = 0, iter_addr6 = 0;
1196 struct netlbl_unlhsh_iface *iface; 1194 struct netlbl_unlhsh_iface *iface;
@@ -1215,7 +1213,7 @@ static int netlbl_unlabel_staticlist(struct sk_buff *skb,
1215 continue; 1213 continue;
1216 netlbl_af4list_foreach_rcu(addr4, 1214 netlbl_af4list_foreach_rcu(addr4,
1217 &iface->addr4_list) { 1215 &iface->addr4_list) {
1218 if (iter_addr4++ < skip_addr4) 1216 if (iter_addr4++ < cb->args[2])
1219 continue; 1217 continue;
1220 if (netlbl_unlabel_staticlist_gen( 1218 if (netlbl_unlabel_staticlist_gen(
1221 NLBL_UNLABEL_C_STATICLIST, 1219 NLBL_UNLABEL_C_STATICLIST,
@@ -1231,7 +1229,7 @@ static int netlbl_unlabel_staticlist(struct sk_buff *skb,
1231#if IS_ENABLED(CONFIG_IPV6) 1229#if IS_ENABLED(CONFIG_IPV6)
1232 netlbl_af6list_foreach_rcu(addr6, 1230 netlbl_af6list_foreach_rcu(addr6,
1233 &iface->addr6_list) { 1231 &iface->addr6_list) {
1234 if (iter_addr6++ < skip_addr6) 1232 if (iter_addr6++ < cb->args[3])
1235 continue; 1233 continue;
1236 if (netlbl_unlabel_staticlist_gen( 1234 if (netlbl_unlabel_staticlist_gen(
1237 NLBL_UNLABEL_C_STATICLIST, 1235 NLBL_UNLABEL_C_STATICLIST,
@@ -1250,10 +1248,10 @@ static int netlbl_unlabel_staticlist(struct sk_buff *skb,
1250 1248
1251unlabel_staticlist_return: 1249unlabel_staticlist_return:
1252 rcu_read_unlock(); 1250 rcu_read_unlock();
1253 cb->args[0] = skip_bkt; 1251 cb->args[0] = iter_bkt;
1254 cb->args[1] = skip_chain; 1252 cb->args[1] = iter_chain;
1255 cb->args[2] = skip_addr4; 1253 cb->args[2] = iter_addr4;
1256 cb->args[3] = skip_addr6; 1254 cb->args[3] = iter_addr6;
1257 return skb->len; 1255 return skb->len;
1258} 1256}
1259 1257
@@ -1273,12 +1271,9 @@ static int netlbl_unlabel_staticlistdef(struct sk_buff *skb,
1273{ 1271{
1274 struct netlbl_unlhsh_walk_arg cb_arg; 1272 struct netlbl_unlhsh_walk_arg cb_arg;
1275 struct netlbl_unlhsh_iface *iface; 1273 struct netlbl_unlhsh_iface *iface;
1276 u32 skip_addr4 = cb->args[0]; 1274 u32 iter_addr4 = 0, iter_addr6 = 0;
1277 u32 skip_addr6 = cb->args[1];
1278 u32 iter_addr4 = 0;
1279 struct netlbl_af4list *addr4; 1275 struct netlbl_af4list *addr4;
1280#if IS_ENABLED(CONFIG_IPV6) 1276#if IS_ENABLED(CONFIG_IPV6)
1281 u32 iter_addr6 = 0;
1282 struct netlbl_af6list *addr6; 1277 struct netlbl_af6list *addr6;
1283#endif 1278#endif
1284 1279
@@ -1292,7 +1287,7 @@ static int netlbl_unlabel_staticlistdef(struct sk_buff *skb,
1292 goto unlabel_staticlistdef_return; 1287 goto unlabel_staticlistdef_return;
1293 1288
1294 netlbl_af4list_foreach_rcu(addr4, &iface->addr4_list) { 1289 netlbl_af4list_foreach_rcu(addr4, &iface->addr4_list) {
1295 if (iter_addr4++ < skip_addr4) 1290 if (iter_addr4++ < cb->args[0])
1296 continue; 1291 continue;
1297 if (netlbl_unlabel_staticlist_gen(NLBL_UNLABEL_C_STATICLISTDEF, 1292 if (netlbl_unlabel_staticlist_gen(NLBL_UNLABEL_C_STATICLISTDEF,
1298 iface, 1293 iface,
@@ -1305,7 +1300,7 @@ static int netlbl_unlabel_staticlistdef(struct sk_buff *skb,
1305 } 1300 }
1306#if IS_ENABLED(CONFIG_IPV6) 1301#if IS_ENABLED(CONFIG_IPV6)
1307 netlbl_af6list_foreach_rcu(addr6, &iface->addr6_list) { 1302 netlbl_af6list_foreach_rcu(addr6, &iface->addr6_list) {
1308 if (iter_addr6++ < skip_addr6) 1303 if (iter_addr6++ < cb->args[1])
1309 continue; 1304 continue;
1310 if (netlbl_unlabel_staticlist_gen(NLBL_UNLABEL_C_STATICLISTDEF, 1305 if (netlbl_unlabel_staticlist_gen(NLBL_UNLABEL_C_STATICLISTDEF,
1311 iface, 1306 iface,
@@ -1320,8 +1315,8 @@ static int netlbl_unlabel_staticlistdef(struct sk_buff *skb,
1320 1315
1321unlabel_staticlistdef_return: 1316unlabel_staticlistdef_return:
1322 rcu_read_unlock(); 1317 rcu_read_unlock();
1323 cb->args[0] = skip_addr4; 1318 cb->args[0] = iter_addr4;
1324 cb->args[1] = skip_addr6; 1319 cb->args[1] = iter_addr6;
1325 return skb->len; 1320 return skb->len;
1326} 1321}
1327 1322
diff --git a/net/nfc/llcp/llcp.c b/net/nfc/llcp/llcp.c
index 7f8266dd14cb..b530afadd76c 100644
--- a/net/nfc/llcp/llcp.c
+++ b/net/nfc/llcp/llcp.c
@@ -68,7 +68,8 @@ static void nfc_llcp_socket_purge(struct nfc_llcp_sock *sock)
68 } 68 }
69} 69}
70 70
71static void nfc_llcp_socket_release(struct nfc_llcp_local *local, bool listen) 71static void nfc_llcp_socket_release(struct nfc_llcp_local *local, bool listen,
72 int err)
72{ 73{
73 struct sock *sk; 74 struct sock *sk;
74 struct hlist_node *tmp; 75 struct hlist_node *tmp;
@@ -100,7 +101,10 @@ static void nfc_llcp_socket_release(struct nfc_llcp_local *local, bool listen)
100 101
101 nfc_llcp_accept_unlink(accept_sk); 102 nfc_llcp_accept_unlink(accept_sk);
102 103
104 if (err)
105 accept_sk->sk_err = err;
103 accept_sk->sk_state = LLCP_CLOSED; 106 accept_sk->sk_state = LLCP_CLOSED;
107 accept_sk->sk_state_change(sk);
104 108
105 bh_unlock_sock(accept_sk); 109 bh_unlock_sock(accept_sk);
106 110
@@ -123,7 +127,10 @@ static void nfc_llcp_socket_release(struct nfc_llcp_local *local, bool listen)
123 continue; 127 continue;
124 } 128 }
125 129
130 if (err)
131 sk->sk_err = err;
126 sk->sk_state = LLCP_CLOSED; 132 sk->sk_state = LLCP_CLOSED;
133 sk->sk_state_change(sk);
127 134
128 bh_unlock_sock(sk); 135 bh_unlock_sock(sk);
129 136
@@ -133,6 +140,36 @@ static void nfc_llcp_socket_release(struct nfc_llcp_local *local, bool listen)
133 } 140 }
134 141
135 write_unlock(&local->sockets.lock); 142 write_unlock(&local->sockets.lock);
143
144 /*
145 * If we want to keep the listening sockets alive,
146 * we don't touch the RAW ones.
147 */
148 if (listen == true)
149 return;
150
151 write_lock(&local->raw_sockets.lock);
152
153 sk_for_each_safe(sk, tmp, &local->raw_sockets.head) {
154 llcp_sock = nfc_llcp_sock(sk);
155
156 bh_lock_sock(sk);
157
158 nfc_llcp_socket_purge(llcp_sock);
159
160 if (err)
161 sk->sk_err = err;
162 sk->sk_state = LLCP_CLOSED;
163 sk->sk_state_change(sk);
164
165 bh_unlock_sock(sk);
166
167 sock_orphan(sk);
168
169 sk_del_node_init(sk);
170 }
171
172 write_unlock(&local->raw_sockets.lock);
136} 173}
137 174
138struct nfc_llcp_local *nfc_llcp_local_get(struct nfc_llcp_local *local) 175struct nfc_llcp_local *nfc_llcp_local_get(struct nfc_llcp_local *local)
@@ -142,20 +179,25 @@ struct nfc_llcp_local *nfc_llcp_local_get(struct nfc_llcp_local *local)
142 return local; 179 return local;
143} 180}
144 181
145static void local_release(struct kref *ref) 182static void local_cleanup(struct nfc_llcp_local *local, bool listen)
146{ 183{
147 struct nfc_llcp_local *local; 184 nfc_llcp_socket_release(local, listen, ENXIO);
148
149 local = container_of(ref, struct nfc_llcp_local, ref);
150
151 list_del(&local->list);
152 nfc_llcp_socket_release(local, false);
153 del_timer_sync(&local->link_timer); 185 del_timer_sync(&local->link_timer);
154 skb_queue_purge(&local->tx_queue); 186 skb_queue_purge(&local->tx_queue);
155 cancel_work_sync(&local->tx_work); 187 cancel_work_sync(&local->tx_work);
156 cancel_work_sync(&local->rx_work); 188 cancel_work_sync(&local->rx_work);
157 cancel_work_sync(&local->timeout_work); 189 cancel_work_sync(&local->timeout_work);
158 kfree_skb(local->rx_pending); 190 kfree_skb(local->rx_pending);
191}
192
193static void local_release(struct kref *ref)
194{
195 struct nfc_llcp_local *local;
196
197 local = container_of(ref, struct nfc_llcp_local, ref);
198
199 list_del(&local->list);
200 local_cleanup(local, false);
159 kfree(local); 201 kfree(local);
160} 202}
161 203
@@ -1348,7 +1390,7 @@ void nfc_llcp_mac_is_down(struct nfc_dev *dev)
1348 return; 1390 return;
1349 1391
1350 /* Close and purge all existing sockets */ 1392 /* Close and purge all existing sockets */
1351 nfc_llcp_socket_release(local, true); 1393 nfc_llcp_socket_release(local, true, 0);
1352} 1394}
1353 1395
1354void nfc_llcp_mac_is_up(struct nfc_dev *dev, u32 target_idx, 1396void nfc_llcp_mac_is_up(struct nfc_dev *dev, u32 target_idx,
@@ -1427,6 +1469,8 @@ void nfc_llcp_unregister_device(struct nfc_dev *dev)
1427 return; 1469 return;
1428 } 1470 }
1429 1471
1472 local_cleanup(local, false);
1473
1430 nfc_llcp_local_put(local); 1474 nfc_llcp_local_put(local);
1431} 1475}
1432 1476
diff --git a/net/nfc/llcp/sock.c b/net/nfc/llcp/sock.c
index 5332751943a9..5c7cdf3f2a83 100644
--- a/net/nfc/llcp/sock.c
+++ b/net/nfc/llcp/sock.c
@@ -278,6 +278,8 @@ struct sock *nfc_llcp_accept_dequeue(struct sock *parent,
278 278
279 pr_debug("Returning sk state %d\n", sk->sk_state); 279 pr_debug("Returning sk state %d\n", sk->sk_state);
280 280
281 sk_acceptq_removed(parent);
282
281 return sk; 283 return sk;
282 } 284 }
283 285
diff --git a/net/openvswitch/actions.c b/net/openvswitch/actions.c
index ac2defeeba83..d4d5363c7ba7 100644
--- a/net/openvswitch/actions.c
+++ b/net/openvswitch/actions.c
@@ -58,7 +58,7 @@ static int __pop_vlan_tci(struct sk_buff *skb, __be16 *current_tci)
58 58
59 if (skb->ip_summed == CHECKSUM_COMPLETE) 59 if (skb->ip_summed == CHECKSUM_COMPLETE)
60 skb->csum = csum_sub(skb->csum, csum_partial(skb->data 60 skb->csum = csum_sub(skb->csum, csum_partial(skb->data
61 + ETH_HLEN, VLAN_HLEN, 0)); 61 + (2 * ETH_ALEN), VLAN_HLEN, 0));
62 62
63 vhdr = (struct vlan_hdr *)(skb->data + ETH_HLEN); 63 vhdr = (struct vlan_hdr *)(skb->data + ETH_HLEN);
64 *current_tci = vhdr->h_vlan_TCI; 64 *current_tci = vhdr->h_vlan_TCI;
@@ -115,7 +115,7 @@ static int push_vlan(struct sk_buff *skb, const struct ovs_action_push_vlan *vla
115 115
116 if (skb->ip_summed == CHECKSUM_COMPLETE) 116 if (skb->ip_summed == CHECKSUM_COMPLETE)
117 skb->csum = csum_add(skb->csum, csum_partial(skb->data 117 skb->csum = csum_add(skb->csum, csum_partial(skb->data
118 + ETH_HLEN, VLAN_HLEN, 0)); 118 + (2 * ETH_ALEN), VLAN_HLEN, 0));
119 119
120 } 120 }
121 __vlan_hwaccel_put_tag(skb, ntohs(vlan->vlan_tci) & ~VLAN_TAG_PRESENT); 121 __vlan_hwaccel_put_tag(skb, ntohs(vlan->vlan_tci) & ~VLAN_TAG_PRESENT);
diff --git a/net/openvswitch/datapath.c b/net/openvswitch/datapath.c
index e87a26506dba..a4b724708a1a 100644
--- a/net/openvswitch/datapath.c
+++ b/net/openvswitch/datapath.c
@@ -394,6 +394,7 @@ static int queue_userspace_packet(struct net *net, int dp_ifindex,
394 394
395 skb_copy_and_csum_dev(skb, nla_data(nla)); 395 skb_copy_and_csum_dev(skb, nla_data(nla));
396 396
397 genlmsg_end(user_skb, upcall);
397 err = genlmsg_unicast(net, user_skb, upcall_info->portid); 398 err = genlmsg_unicast(net, user_skb, upcall_info->portid);
398 399
399out: 400out:
@@ -1690,6 +1691,7 @@ static int ovs_vport_cmd_new(struct sk_buff *skb, struct genl_info *info)
1690 if (IS_ERR(vport)) 1691 if (IS_ERR(vport))
1691 goto exit_unlock; 1692 goto exit_unlock;
1692 1693
1694 err = 0;
1693 reply = ovs_vport_cmd_build_info(vport, info->snd_portid, info->snd_seq, 1695 reply = ovs_vport_cmd_build_info(vport, info->snd_portid, info->snd_seq,
1694 OVS_VPORT_CMD_NEW); 1696 OVS_VPORT_CMD_NEW);
1695 if (IS_ERR(reply)) { 1697 if (IS_ERR(reply)) {
@@ -1771,6 +1773,7 @@ static int ovs_vport_cmd_del(struct sk_buff *skb, struct genl_info *info)
1771 if (IS_ERR(reply)) 1773 if (IS_ERR(reply))
1772 goto exit_unlock; 1774 goto exit_unlock;
1773 1775
1776 err = 0;
1774 ovs_dp_detach_port(vport); 1777 ovs_dp_detach_port(vport);
1775 1778
1776 genl_notify(reply, genl_info_net(info), info->snd_portid, 1779 genl_notify(reply, genl_info_net(info), info->snd_portid,
diff --git a/net/openvswitch/flow.c b/net/openvswitch/flow.c
index 20605ecf100b..fe0e4215c73d 100644
--- a/net/openvswitch/flow.c
+++ b/net/openvswitch/flow.c
@@ -482,7 +482,11 @@ static __be16 parse_ethertype(struct sk_buff *skb)
482 return htons(ETH_P_802_2); 482 return htons(ETH_P_802_2);
483 483
484 __skb_pull(skb, sizeof(struct llc_snap_hdr)); 484 __skb_pull(skb, sizeof(struct llc_snap_hdr));
485 return llc->ethertype; 485
486 if (ntohs(llc->ethertype) >= 1536)
487 return llc->ethertype;
488
489 return htons(ETH_P_802_2);
486} 490}
487 491
488static int parse_icmpv6(struct sk_buff *skb, struct sw_flow_key *key, 492static int parse_icmpv6(struct sk_buff *skb, struct sw_flow_key *key,
diff --git a/net/openvswitch/vport-netdev.c b/net/openvswitch/vport-netdev.c
index 670cbc3518de..2130d61c384a 100644
--- a/net/openvswitch/vport-netdev.c
+++ b/net/openvswitch/vport-netdev.c
@@ -43,8 +43,7 @@ static void netdev_port_receive(struct vport *vport, struct sk_buff *skb)
43 43
44 /* Make our own copy of the packet. Otherwise we will mangle the 44 /* Make our own copy of the packet. Otherwise we will mangle the
45 * packet for anyone who came before us (e.g. tcpdump via AF_PACKET). 45 * packet for anyone who came before us (e.g. tcpdump via AF_PACKET).
46 * (No one comes after us, since we tell handle_bridge() that we took 46 */
47 * the packet.) */
48 skb = skb_share_check(skb, GFP_ATOMIC); 47 skb = skb_share_check(skb, GFP_ATOMIC);
49 if (unlikely(!skb)) 48 if (unlikely(!skb))
50 return; 49 return;
diff --git a/net/openvswitch/vport.c b/net/openvswitch/vport.c
index ba717cc038b3..f6b8132ce4cb 100644
--- a/net/openvswitch/vport.c
+++ b/net/openvswitch/vport.c
@@ -325,8 +325,7 @@ int ovs_vport_get_options(const struct vport *vport, struct sk_buff *skb)
325 * @skb: skb that was received 325 * @skb: skb that was received
326 * 326 *
327 * Must be called with rcu_read_lock. The packet cannot be shared and 327 * Must be called with rcu_read_lock. The packet cannot be shared and
328 * skb->data should point to the Ethernet header. The caller must have already 328 * skb->data should point to the Ethernet header.
329 * called compute_ip_summed() to initialize the checksumming fields.
330 */ 329 */
331void ovs_vport_receive(struct vport *vport, struct sk_buff *skb) 330void ovs_vport_receive(struct vport *vport, struct sk_buff *skb)
332{ 331{
diff --git a/net/rds/stats.c b/net/rds/stats.c
index 7be790d60b90..73be187d389e 100644
--- a/net/rds/stats.c
+++ b/net/rds/stats.c
@@ -87,6 +87,7 @@ void rds_stats_info_copy(struct rds_info_iterator *iter,
87 for (i = 0; i < nr; i++) { 87 for (i = 0; i < nr; i++) {
88 BUG_ON(strlen(names[i]) >= sizeof(ctr.name)); 88 BUG_ON(strlen(names[i]) >= sizeof(ctr.name));
89 strncpy(ctr.name, names[i], sizeof(ctr.name) - 1); 89 strncpy(ctr.name, names[i], sizeof(ctr.name) - 1);
90 ctr.name[sizeof(ctr.name) - 1] = '\0';
90 ctr.value = values[i]; 91 ctr.value = values[i];
91 92
92 rds_info_copy(iter, &ctr, sizeof(ctr)); 93 rds_info_copy(iter, &ctr, sizeof(ctr));
diff --git a/net/sched/sch_qfq.c b/net/sched/sch_qfq.c
index e9a77f621c3d..d51852bba01c 100644
--- a/net/sched/sch_qfq.c
+++ b/net/sched/sch_qfq.c
@@ -298,6 +298,10 @@ static void qfq_update_agg(struct qfq_sched *q, struct qfq_aggregate *agg,
298 new_num_classes == q->max_agg_classes - 1) /* agg no more full */ 298 new_num_classes == q->max_agg_classes - 1) /* agg no more full */
299 hlist_add_head(&agg->nonfull_next, &q->nonfull_aggs); 299 hlist_add_head(&agg->nonfull_next, &q->nonfull_aggs);
300 300
301 /* The next assignment may let
302 * agg->initial_budget > agg->budgetmax
303 * hold, we will take it into account in charge_actual_service().
304 */
301 agg->budgetmax = new_num_classes * agg->lmax; 305 agg->budgetmax = new_num_classes * agg->lmax;
302 new_agg_weight = agg->class_weight * new_num_classes; 306 new_agg_weight = agg->class_weight * new_num_classes;
303 agg->inv_w = ONE_FP/new_agg_weight; 307 agg->inv_w = ONE_FP/new_agg_weight;
@@ -817,7 +821,7 @@ static void qfq_make_eligible(struct qfq_sched *q)
817 unsigned long old_vslot = q->oldV >> q->min_slot_shift; 821 unsigned long old_vslot = q->oldV >> q->min_slot_shift;
818 822
819 if (vslot != old_vslot) { 823 if (vslot != old_vslot) {
820 unsigned long mask = (1UL << fls(vslot ^ old_vslot)) - 1; 824 unsigned long mask = (1ULL << fls(vslot ^ old_vslot)) - 1;
821 qfq_move_groups(q, mask, IR, ER); 825 qfq_move_groups(q, mask, IR, ER);
822 qfq_move_groups(q, mask, IB, EB); 826 qfq_move_groups(q, mask, IB, EB);
823 } 827 }
@@ -988,12 +992,23 @@ static inline struct sk_buff *qfq_peek_skb(struct qfq_aggregate *agg,
988/* Update F according to the actual service received by the aggregate. */ 992/* Update F according to the actual service received by the aggregate. */
989static inline void charge_actual_service(struct qfq_aggregate *agg) 993static inline void charge_actual_service(struct qfq_aggregate *agg)
990{ 994{
991 /* compute the service received by the aggregate */ 995 /* Compute the service received by the aggregate, taking into
992 u32 service_received = agg->initial_budget - agg->budget; 996 * account that, after decreasing the number of classes in
997 * agg, it may happen that
998 * agg->initial_budget - agg->budget > agg->bugdetmax
999 */
1000 u32 service_received = min(agg->budgetmax,
1001 agg->initial_budget - agg->budget);
993 1002
994 agg->F = agg->S + (u64)service_received * agg->inv_w; 1003 agg->F = agg->S + (u64)service_received * agg->inv_w;
995} 1004}
996 1005
1006static inline void qfq_update_agg_ts(struct qfq_sched *q,
1007 struct qfq_aggregate *agg,
1008 enum update_reason reason);
1009
1010static void qfq_schedule_agg(struct qfq_sched *q, struct qfq_aggregate *agg);
1011
997static struct sk_buff *qfq_dequeue(struct Qdisc *sch) 1012static struct sk_buff *qfq_dequeue(struct Qdisc *sch)
998{ 1013{
999 struct qfq_sched *q = qdisc_priv(sch); 1014 struct qfq_sched *q = qdisc_priv(sch);
@@ -1021,7 +1036,7 @@ static struct sk_buff *qfq_dequeue(struct Qdisc *sch)
1021 in_serv_agg->initial_budget = in_serv_agg->budget = 1036 in_serv_agg->initial_budget = in_serv_agg->budget =
1022 in_serv_agg->budgetmax; 1037 in_serv_agg->budgetmax;
1023 1038
1024 if (!list_empty(&in_serv_agg->active)) 1039 if (!list_empty(&in_serv_agg->active)) {
1025 /* 1040 /*
1026 * Still active: reschedule for 1041 * Still active: reschedule for
1027 * service. Possible optimization: if no other 1042 * service. Possible optimization: if no other
@@ -1032,8 +1047,9 @@ static struct sk_buff *qfq_dequeue(struct Qdisc *sch)
1032 * handle it, we would need to maintain an 1047 * handle it, we would need to maintain an
1033 * extra num_active_aggs field. 1048 * extra num_active_aggs field.
1034 */ 1049 */
1035 qfq_activate_agg(q, in_serv_agg, requeue); 1050 qfq_update_agg_ts(q, in_serv_agg, requeue);
1036 else if (sch->q.qlen == 0) { /* no aggregate to serve */ 1051 qfq_schedule_agg(q, in_serv_agg);
1052 } else if (sch->q.qlen == 0) { /* no aggregate to serve */
1037 q->in_serv_agg = NULL; 1053 q->in_serv_agg = NULL;
1038 return NULL; 1054 return NULL;
1039 } 1055 }
@@ -1052,7 +1068,15 @@ static struct sk_buff *qfq_dequeue(struct Qdisc *sch)
1052 qdisc_bstats_update(sch, skb); 1068 qdisc_bstats_update(sch, skb);
1053 1069
1054 agg_dequeue(in_serv_agg, cl, len); 1070 agg_dequeue(in_serv_agg, cl, len);
1055 in_serv_agg->budget -= len; 1071 /* If lmax is lowered, through qfq_change_class, for a class
1072 * owning pending packets with larger size than the new value
1073 * of lmax, then the following condition may hold.
1074 */
1075 if (unlikely(in_serv_agg->budget < len))
1076 in_serv_agg->budget = 0;
1077 else
1078 in_serv_agg->budget -= len;
1079
1056 q->V += (u64)len * IWSUM; 1080 q->V += (u64)len * IWSUM;
1057 pr_debug("qfq dequeue: len %u F %lld now %lld\n", 1081 pr_debug("qfq dequeue: len %u F %lld now %lld\n",
1058 len, (unsigned long long) in_serv_agg->F, 1082 len, (unsigned long long) in_serv_agg->F,
@@ -1217,17 +1241,11 @@ static int qfq_enqueue(struct sk_buff *skb, struct Qdisc *sch)
1217 cl->deficit = agg->lmax; 1241 cl->deficit = agg->lmax;
1218 list_add_tail(&cl->alist, &agg->active); 1242 list_add_tail(&cl->alist, &agg->active);
1219 1243
1220 if (list_first_entry(&agg->active, struct qfq_class, alist) != cl) 1244 if (list_first_entry(&agg->active, struct qfq_class, alist) != cl ||
1221 return err; /* aggregate was not empty, nothing else to do */ 1245 q->in_serv_agg == agg)
1246 return err; /* non-empty or in service, nothing else to do */
1222 1247
1223 /* recharge budget */ 1248 qfq_activate_agg(q, agg, enqueue);
1224 agg->initial_budget = agg->budget = agg->budgetmax;
1225
1226 qfq_update_agg_ts(q, agg, enqueue);
1227 if (q->in_serv_agg == NULL)
1228 q->in_serv_agg = agg;
1229 else if (agg != q->in_serv_agg)
1230 qfq_schedule_agg(q, agg);
1231 1249
1232 return err; 1250 return err;
1233} 1251}
@@ -1261,7 +1279,8 @@ static void qfq_schedule_agg(struct qfq_sched *q, struct qfq_aggregate *agg)
1261 /* group was surely ineligible, remove */ 1279 /* group was surely ineligible, remove */
1262 __clear_bit(grp->index, &q->bitmaps[IR]); 1280 __clear_bit(grp->index, &q->bitmaps[IR]);
1263 __clear_bit(grp->index, &q->bitmaps[IB]); 1281 __clear_bit(grp->index, &q->bitmaps[IB]);
1264 } else if (!q->bitmaps[ER] && qfq_gt(roundedS, q->V)) 1282 } else if (!q->bitmaps[ER] && qfq_gt(roundedS, q->V) &&
1283 q->in_serv_agg == NULL)
1265 q->V = roundedS; 1284 q->V = roundedS;
1266 1285
1267 grp->S = roundedS; 1286 grp->S = roundedS;
@@ -1284,8 +1303,15 @@ skip_update:
1284static void qfq_activate_agg(struct qfq_sched *q, struct qfq_aggregate *agg, 1303static void qfq_activate_agg(struct qfq_sched *q, struct qfq_aggregate *agg,
1285 enum update_reason reason) 1304 enum update_reason reason)
1286{ 1305{
1306 agg->initial_budget = agg->budget = agg->budgetmax; /* recharge budg. */
1307
1287 qfq_update_agg_ts(q, agg, reason); 1308 qfq_update_agg_ts(q, agg, reason);
1288 qfq_schedule_agg(q, agg); 1309 if (q->in_serv_agg == NULL) { /* no aggr. in service or scheduled */
1310 q->in_serv_agg = agg; /* start serving this aggregate */
1311 /* update V: to be in service, agg must be eligible */
1312 q->oldV = q->V = agg->S;
1313 } else if (agg != q->in_serv_agg)
1314 qfq_schedule_agg(q, agg);
1289} 1315}
1290 1316
1291static void qfq_slot_remove(struct qfq_sched *q, struct qfq_group *grp, 1317static void qfq_slot_remove(struct qfq_sched *q, struct qfq_group *grp,
@@ -1357,8 +1383,6 @@ static void qfq_deactivate_agg(struct qfq_sched *q, struct qfq_aggregate *agg)
1357 __set_bit(grp->index, &q->bitmaps[s]); 1383 __set_bit(grp->index, &q->bitmaps[s]);
1358 } 1384 }
1359 } 1385 }
1360
1361 qfq_update_eligible(q);
1362} 1386}
1363 1387
1364static void qfq_qlen_notify(struct Qdisc *sch, unsigned long arg) 1388static void qfq_qlen_notify(struct Qdisc *sch, unsigned long arg)
diff --git a/net/sctp/associola.c b/net/sctp/associola.c
index 43cd0dd9149d..d2709e2b7be6 100644
--- a/net/sctp/associola.c
+++ b/net/sctp/associola.c
@@ -1079,7 +1079,7 @@ struct sctp_transport *sctp_assoc_lookup_tsn(struct sctp_association *asoc,
1079 transports) { 1079 transports) {
1080 1080
1081 if (transport == active) 1081 if (transport == active)
1082 break; 1082 continue;
1083 list_for_each_entry(chunk, &transport->transmitted, 1083 list_for_each_entry(chunk, &transport->transmitted,
1084 transmitted_list) { 1084 transmitted_list) {
1085 if (key == chunk->subh.data_hdr->tsn) { 1085 if (key == chunk->subh.data_hdr->tsn) {
diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
index 5131fcfedb03..de1a0138317f 100644
--- a/net/sctp/sm_statefuns.c
+++ b/net/sctp/sm_statefuns.c
@@ -2082,7 +2082,7 @@ sctp_disposition_t sctp_sf_do_5_2_4_dupcook(struct net *net,
2082 } 2082 }
2083 2083
2084 /* Delete the tempory new association. */ 2084 /* Delete the tempory new association. */
2085 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_ASOC, SCTP_ASOC(new_asoc)); 2085 sctp_add_cmd_sf(commands, SCTP_CMD_SET_ASOC, SCTP_ASOC(new_asoc));
2086 sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB, SCTP_NULL()); 2086 sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB, SCTP_NULL());
2087 2087
2088 /* Restore association pointer to provide SCTP command interpeter 2088 /* Restore association pointer to provide SCTP command interpeter
diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c
index f7d34e7b6f81..5ead60550895 100644
--- a/net/sunrpc/auth_gss/svcauth_gss.c
+++ b/net/sunrpc/auth_gss/svcauth_gss.c
@@ -447,17 +447,21 @@ static int rsc_parse(struct cache_detail *cd,
447 else { 447 else {
448 int N, i; 448 int N, i;
449 449
450 /*
451 * NOTE: we skip uid_valid()/gid_valid() checks here:
452 * instead, * -1 id's are later mapped to the
453 * (export-specific) anonymous id by nfsd_setuser.
454 *
455 * (But supplementary gid's get no such special
456 * treatment so are checked for validity here.)
457 */
450 /* uid */ 458 /* uid */
451 rsci.cred.cr_uid = make_kuid(&init_user_ns, id); 459 rsci.cred.cr_uid = make_kuid(&init_user_ns, id);
452 if (!uid_valid(rsci.cred.cr_uid))
453 goto out;
454 460
455 /* gid */ 461 /* gid */
456 if (get_int(&mesg, &id)) 462 if (get_int(&mesg, &id))
457 goto out; 463 goto out;
458 rsci.cred.cr_gid = make_kgid(&init_user_ns, id); 464 rsci.cred.cr_gid = make_kgid(&init_user_ns, id);
459 if (!gid_valid(rsci.cred.cr_gid))
460 goto out;
461 465
462 /* number of additional gid's */ 466 /* number of additional gid's */
463 if (get_int(&mesg, &N)) 467 if (get_int(&mesg, &N))
diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c
index a0f48a51e14e..a9129f8d7070 100644
--- a/net/sunrpc/rpc_pipe.c
+++ b/net/sunrpc/rpc_pipe.c
@@ -1175,6 +1175,7 @@ static struct file_system_type rpc_pipe_fs_type = {
1175 .kill_sb = rpc_kill_sb, 1175 .kill_sb = rpc_kill_sb,
1176}; 1176};
1177MODULE_ALIAS_FS("rpc_pipefs"); 1177MODULE_ALIAS_FS("rpc_pipefs");
1178MODULE_ALIAS("rpc_pipefs");
1178 1179
1179static void 1180static void
1180init_once(void *foo) 1181init_once(void *foo)
diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c
index c1d8476b7692..3d02130828da 100644
--- a/net/sunrpc/xprtsock.c
+++ b/net/sunrpc/xprtsock.c
@@ -849,6 +849,14 @@ static void xs_tcp_close(struct rpc_xprt *xprt)
849 xs_tcp_shutdown(xprt); 849 xs_tcp_shutdown(xprt);
850} 850}
851 851
852static void xs_local_destroy(struct rpc_xprt *xprt)
853{
854 xs_close(xprt);
855 xs_free_peer_addresses(xprt);
856 xprt_free(xprt);
857 module_put(THIS_MODULE);
858}
859
852/** 860/**
853 * xs_destroy - prepare to shutdown a transport 861 * xs_destroy - prepare to shutdown a transport
854 * @xprt: doomed transport 862 * @xprt: doomed transport
@@ -862,10 +870,7 @@ static void xs_destroy(struct rpc_xprt *xprt)
862 870
863 cancel_delayed_work_sync(&transport->connect_worker); 871 cancel_delayed_work_sync(&transport->connect_worker);
864 872
865 xs_close(xprt); 873 xs_local_destroy(xprt);
866 xs_free_peer_addresses(xprt);
867 xprt_free(xprt);
868 module_put(THIS_MODULE);
869} 874}
870 875
871static inline struct rpc_xprt *xprt_from_sock(struct sock *sk) 876static inline struct rpc_xprt *xprt_from_sock(struct sock *sk)
@@ -2482,7 +2487,7 @@ static struct rpc_xprt_ops xs_local_ops = {
2482 .send_request = xs_local_send_request, 2487 .send_request = xs_local_send_request,
2483 .set_retrans_timeout = xprt_set_retrans_timeout_def, 2488 .set_retrans_timeout = xprt_set_retrans_timeout_def,
2484 .close = xs_close, 2489 .close = xs_close,
2485 .destroy = xs_destroy, 2490 .destroy = xs_local_destroy,
2486 .print_stats = xs_local_print_stats, 2491 .print_stats = xs_local_print_stats,
2487}; 2492};
2488 2493
diff --git a/net/wireless/core.c b/net/wireless/core.c
index 5ffff039b017..ea4155fe9733 100644
--- a/net/wireless/core.c
+++ b/net/wireless/core.c
@@ -367,8 +367,7 @@ struct wiphy *wiphy_new(const struct cfg80211_ops *ops, int sizeof_priv)
367 rdev->wiphy.rts_threshold = (u32) -1; 367 rdev->wiphy.rts_threshold = (u32) -1;
368 rdev->wiphy.coverage_class = 0; 368 rdev->wiphy.coverage_class = 0;
369 369
370 rdev->wiphy.features = NL80211_FEATURE_SCAN_FLUSH | 370 rdev->wiphy.features = NL80211_FEATURE_SCAN_FLUSH;
371 NL80211_FEATURE_ADVERTISE_CHAN_LIMITS;
372 371
373 return &rdev->wiphy; 372 return &rdev->wiphy;
374} 373}
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index e652d05ff712..d44ab216c0ec 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -557,18 +557,6 @@ static int nl80211_msg_put_channel(struct sk_buff *msg,
557 if ((chan->flags & IEEE80211_CHAN_RADAR) && 557 if ((chan->flags & IEEE80211_CHAN_RADAR) &&
558 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR)) 558 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR))
559 goto nla_put_failure; 559 goto nla_put_failure;
560 if ((chan->flags & IEEE80211_CHAN_NO_HT40MINUS) &&
561 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_MINUS))
562 goto nla_put_failure;
563 if ((chan->flags & IEEE80211_CHAN_NO_HT40PLUS) &&
564 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_PLUS))
565 goto nla_put_failure;
566 if ((chan->flags & IEEE80211_CHAN_NO_80MHZ) &&
567 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_80MHZ))
568 goto nla_put_failure;
569 if ((chan->flags & IEEE80211_CHAN_NO_160MHZ) &&
570 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_160MHZ))
571 goto nla_put_failure;
572 560
573 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER, 561 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
574 DBM_TO_MBM(chan->max_power))) 562 DBM_TO_MBM(chan->max_power)))
@@ -1310,15 +1298,6 @@ static int nl80211_send_wiphy(struct sk_buff *msg, u32 portid, u32 seq, int flag
1310 dev->wiphy.max_acl_mac_addrs)) 1298 dev->wiphy.max_acl_mac_addrs))
1311 goto nla_put_failure; 1299 goto nla_put_failure;
1312 1300
1313 if (dev->wiphy.extended_capabilities &&
1314 (nla_put(msg, NL80211_ATTR_EXT_CAPA,
1315 dev->wiphy.extended_capabilities_len,
1316 dev->wiphy.extended_capabilities) ||
1317 nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
1318 dev->wiphy.extended_capabilities_len,
1319 dev->wiphy.extended_capabilities_mask)))
1320 goto nla_put_failure;
1321
1322 return genlmsg_end(msg, hdr); 1301 return genlmsg_end(msg, hdr);
1323 1302
1324 nla_put_failure: 1303 nla_put_failure:
@@ -1328,7 +1307,7 @@ static int nl80211_send_wiphy(struct sk_buff *msg, u32 portid, u32 seq, int flag
1328 1307
1329static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb) 1308static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
1330{ 1309{
1331 int idx = 0; 1310 int idx = 0, ret;
1332 int start = cb->args[0]; 1311 int start = cb->args[0];
1333 struct cfg80211_registered_device *dev; 1312 struct cfg80211_registered_device *dev;
1334 1313
@@ -1338,9 +1317,29 @@ static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
1338 continue; 1317 continue;
1339 if (++idx <= start) 1318 if (++idx <= start)
1340 continue; 1319 continue;
1341 if (nl80211_send_wiphy(skb, NETLINK_CB(cb->skb).portid, 1320 ret = nl80211_send_wiphy(skb, NETLINK_CB(cb->skb).portid,
1342 cb->nlh->nlmsg_seq, NLM_F_MULTI, 1321 cb->nlh->nlmsg_seq, NLM_F_MULTI,
1343 dev) < 0) { 1322 dev);
1323 if (ret < 0) {
1324 /*
1325 * If sending the wiphy data didn't fit (ENOBUFS or
1326 * EMSGSIZE returned), this SKB is still empty (so
1327 * it's not too big because another wiphy dataset is
1328 * already in the skb) and we've not tried to adjust
1329 * the dump allocation yet ... then adjust the alloc
1330 * size to be bigger, and return 1 but with the empty
1331 * skb. This results in an empty message being RX'ed
1332 * in userspace, but that is ignored.
1333 *
1334 * We can then retry with the larger buffer.
1335 */
1336 if ((ret == -ENOBUFS || ret == -EMSGSIZE) &&
1337 !skb->len &&
1338 cb->min_dump_alloc < 4096) {
1339 cb->min_dump_alloc = 4096;
1340 mutex_unlock(&cfg80211_mutex);
1341 return 1;
1342 }
1344 idx--; 1343 idx--;
1345 break; 1344 break;
1346 } 1345 }
@@ -1357,7 +1356,7 @@ static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
1357 struct sk_buff *msg; 1356 struct sk_buff *msg;
1358 struct cfg80211_registered_device *dev = info->user_ptr[0]; 1357 struct cfg80211_registered_device *dev = info->user_ptr[0];
1359 1358
1360 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 1359 msg = nlmsg_new(4096, GFP_KERNEL);
1361 if (!msg) 1360 if (!msg)
1362 return -ENOMEM; 1361 return -ENOMEM;
1363 1362