diff options
author | Praneeth Bajjuri | 2013-06-10 16:27:12 -0500 |
---|---|---|
committer | Praneeth Bajjuri | 2013-06-10 16:27:12 -0500 |
commit | bb0f91ad4f5b0d64c370a75cd8ca95f931deddb8 (patch) | |
tree | b2de4ff80d30a62bfce6ac834c2c5692866f9b12 /net | |
parent | de4556ecce15a99868fc5ad92092e322b26e3d95 (diff) | |
parent | fc0b661dc67ac653d3b22304d9633aa17b597431 (diff) | |
download | kernel-video-bb0f91ad4f5b0d64c370a75cd8ca95f931deddb8.tar.gz kernel-video-bb0f91ad4f5b0d64c370a75cd8ca95f931deddb8.tar.xz kernel-video-bb0f91ad4f5b0d64c370a75cd8ca95f931deddb8.zip |
Merge branch 'p-ti-linux-3.8.y' into p-ti-android-3.8.y
* p-ti-linux-3.8.y: (443 commits)
TI-Integration: ARM: OMAP2+: Fix merege by restoring omap_mcasp_init() call
omapdss: TFCS panel: Check for successful TLC driver registration before using it
omapdss: DSS DPLLs: Ignore PLL_PWR_STATUS on DRA7
ARM: DRA7: dts: Add the sdma dt node and corresponding dma request lines for mmc
ARM: dra7: dts: Add a fixed regulator node needed for eMMC
arm/dts: dra7: Add ldo regulator for mmc1
arm/dts: dra7: Add mmc controller nodes and board data
ARM: DRA: hwmod: Correct the dma line names for mmc
arch: arm: configs: Add support for DRA7 evm in omap2plus_defconfig
arm: dts: dra7-evm: Add pinmux configs needed for display
HACK: pinctrl: pinctrl single: Make pinctrl-single init early
OMAPDSS:HDMI: Change PLL calculations
omapdss: hdmi: fix deepcolor mode configuration
ARM: dts: DRA7x: Add DMM bindings
omapdrm: hack: Assign managers/channel to outputs in a more trivial way
gpu: drm: omap: Use bitmaps for placement
drm/omap: Fix and improve crtc and overlay manager correlation
drm/omap: fix modeset_init if a panel doesn't satisfy omapdrm requirements
drm/omap: Take a fb reference in omap_plane_update()
drm/omap: move out of staging
...
Signed-off-by: Praneeth Bajjuri <praneeth@ti.com>
Diffstat (limited to 'net')
40 files changed, 195 insertions, 109 deletions
diff --git a/net/atm/common.c b/net/atm/common.c index 806fc0a4005..cf4b7e667a6 100644 --- a/net/atm/common.c +++ b/net/atm/common.c | |||
@@ -532,6 +532,8 @@ int vcc_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, | |||
532 | struct sk_buff *skb; | 532 | struct sk_buff *skb; |
533 | int copied, error = -EINVAL; | 533 | int copied, error = -EINVAL; |
534 | 534 | ||
535 | msg->msg_namelen = 0; | ||
536 | |||
535 | if (sock->state != SS_CONNECTED) | 537 | if (sock->state != SS_CONNECTED) |
536 | return -ENOTCONN; | 538 | return -ENOTCONN; |
537 | 539 | ||
diff --git a/net/ax25/af_ax25.c b/net/ax25/af_ax25.c index 779095ded68..d53a123e36a 100644 --- a/net/ax25/af_ax25.c +++ b/net/ax25/af_ax25.c | |||
@@ -1647,6 +1647,7 @@ static int ax25_recvmsg(struct kiocb *iocb, struct socket *sock, | |||
1647 | ax25_address src; | 1647 | ax25_address src; |
1648 | const unsigned char *mac = skb_mac_header(skb); | 1648 | const unsigned char *mac = skb_mac_header(skb); |
1649 | 1649 | ||
1650 | memset(sax, 0, sizeof(struct full_sockaddr_ax25)); | ||
1650 | ax25_addr_parse(mac + 1, skb->data - mac - 1, &src, NULL, | 1651 | ax25_addr_parse(mac + 1, skb->data - mac - 1, &src, NULL, |
1651 | &digi, NULL, NULL); | 1652 | &digi, NULL, NULL); |
1652 | sax->sax25_family = AF_AX25; | 1653 | sax->sax25_family = AF_AX25; |
diff --git a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c index 49a70855727..342efaef95d 100644 --- a/net/bluetooth/af_bluetooth.c +++ b/net/bluetooth/af_bluetooth.c | |||
@@ -264,6 +264,8 @@ int bt_sock_recvmsg(struct kiocb *iocb, struct socket *sock, | |||
264 | if (flags & (MSG_OOB)) | 264 | if (flags & (MSG_OOB)) |
265 | return -EOPNOTSUPP; | 265 | return -EOPNOTSUPP; |
266 | 266 | ||
267 | msg->msg_namelen = 0; | ||
268 | |||
267 | skb = skb_recv_datagram(sk, flags, noblock, &err); | 269 | skb = skb_recv_datagram(sk, flags, noblock, &err); |
268 | if (!skb) { | 270 | if (!skb) { |
269 | if (sk->sk_shutdown & RCV_SHUTDOWN) | 271 | if (sk->sk_shutdown & RCV_SHUTDOWN) |
@@ -271,8 +273,6 @@ int bt_sock_recvmsg(struct kiocb *iocb, struct socket *sock, | |||
271 | return err; | 273 | return err; |
272 | } | 274 | } |
273 | 275 | ||
274 | msg->msg_namelen = 0; | ||
275 | |||
276 | copied = skb->len; | 276 | copied = skb->len; |
277 | if (len < copied) { | 277 | if (len < copied) { |
278 | msg->msg_flags |= MSG_TRUNC; | 278 | msg->msg_flags |= MSG_TRUNC; |
diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c index ce3f6658f4b..970fc13d8e3 100644 --- a/net/bluetooth/rfcomm/sock.c +++ b/net/bluetooth/rfcomm/sock.c | |||
@@ -610,6 +610,7 @@ static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock, | |||
610 | 610 | ||
611 | if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { | 611 | if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { |
612 | rfcomm_dlc_accept(d); | 612 | rfcomm_dlc_accept(d); |
613 | msg->msg_namelen = 0; | ||
613 | return 0; | 614 | return 0; |
614 | } | 615 | } |
615 | 616 | ||
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c index f54d7435819..2ea5b06cb79 100644 --- a/net/bluetooth/sco.c +++ b/net/bluetooth/sco.c | |||
@@ -683,6 +683,7 @@ static int sco_sock_recvmsg(struct kiocb *iocb, struct socket *sock, | |||
683 | test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { | 683 | test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { |
684 | hci_conn_accept(pi->conn->hcon, 0); | 684 | hci_conn_accept(pi->conn->hcon, 0); |
685 | sk->sk_state = BT_CONFIG; | 685 | sk->sk_state = BT_CONFIG; |
686 | msg->msg_namelen = 0; | ||
686 | 687 | ||
687 | release_sock(sk); | 688 | release_sock(sk); |
688 | return 0; | 689 | return 0; |
diff --git a/net/caif/caif_socket.c b/net/caif/caif_socket.c index 095259f8390..ff2ff3ce696 100644 --- a/net/caif/caif_socket.c +++ b/net/caif/caif_socket.c | |||
@@ -286,6 +286,8 @@ static int caif_seqpkt_recvmsg(struct kiocb *iocb, struct socket *sock, | |||
286 | if (m->msg_flags&MSG_OOB) | 286 | if (m->msg_flags&MSG_OOB) |
287 | goto read_error; | 287 | goto read_error; |
288 | 288 | ||
289 | m->msg_namelen = 0; | ||
290 | |||
289 | skb = skb_recv_datagram(sk, flags, 0 , &ret); | 291 | skb = skb_recv_datagram(sk, flags, 0 , &ret); |
290 | if (!skb) | 292 | if (!skb) |
291 | goto read_error; | 293 | goto read_error; |
diff --git a/net/core/dev.c b/net/core/dev.c index 5d9c43dca73..d592214b139 100644 --- a/net/core/dev.c +++ b/net/core/dev.c | |||
@@ -1737,6 +1737,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) | |||
1737 | skb->mark = 0; | 1737 | skb->mark = 0; |
1738 | secpath_reset(skb); | 1738 | secpath_reset(skb); |
1739 | nf_reset(skb); | 1739 | nf_reset(skb); |
1740 | nf_reset_trace(skb); | ||
1740 | return netif_rx(skb); | 1741 | return netif_rx(skb); |
1741 | } | 1742 | } |
1742 | EXPORT_SYMBOL_GPL(dev_forward_skb); | 1743 | EXPORT_SYMBOL_GPL(dev_forward_skb); |
@@ -2017,6 +2018,9 @@ static void skb_warn_bad_offload(const struct sk_buff *skb) | |||
2017 | struct net_device *dev = skb->dev; | 2018 | struct net_device *dev = skb->dev; |
2018 | const char *driver = ""; | 2019 | const char *driver = ""; |
2019 | 2020 | ||
2021 | if (!net_ratelimit()) | ||
2022 | return; | ||
2023 | |||
2020 | if (dev && dev->dev.parent) | 2024 | if (dev && dev->dev.parent) |
2021 | driver = dev_driver_string(dev->dev.parent); | 2025 | driver = dev_driver_string(dev->dev.parent); |
2022 | 2026 | ||
diff --git a/net/core/dev_addr_lists.c b/net/core/dev_addr_lists.c index b079c7bbc15..7841d87b86f 100644 --- a/net/core/dev_addr_lists.c +++ b/net/core/dev_addr_lists.c | |||
@@ -38,7 +38,7 @@ static int __hw_addr_create_ex(struct netdev_hw_addr_list *list, | |||
38 | ha->type = addr_type; | 38 | ha->type = addr_type; |
39 | ha->refcount = 1; | 39 | ha->refcount = 1; |
40 | ha->global_use = global; | 40 | ha->global_use = global; |
41 | ha->synced = false; | 41 | ha->synced = 0; |
42 | list_add_tail_rcu(&ha->list, &list->list); | 42 | list_add_tail_rcu(&ha->list, &list->list); |
43 | list->count++; | 43 | list->count++; |
44 | 44 | ||
@@ -166,7 +166,7 @@ int __hw_addr_sync(struct netdev_hw_addr_list *to_list, | |||
166 | addr_len, ha->type); | 166 | addr_len, ha->type); |
167 | if (err) | 167 | if (err) |
168 | break; | 168 | break; |
169 | ha->synced = true; | 169 | ha->synced++; |
170 | ha->refcount++; | 170 | ha->refcount++; |
171 | } else if (ha->refcount == 1) { | 171 | } else if (ha->refcount == 1) { |
172 | __hw_addr_del(to_list, ha->addr, addr_len, ha->type); | 172 | __hw_addr_del(to_list, ha->addr, addr_len, ha->type); |
@@ -187,7 +187,7 @@ void __hw_addr_unsync(struct netdev_hw_addr_list *to_list, | |||
187 | if (ha->synced) { | 187 | if (ha->synced) { |
188 | __hw_addr_del(to_list, ha->addr, | 188 | __hw_addr_del(to_list, ha->addr, |
189 | addr_len, ha->type); | 189 | addr_len, ha->type); |
190 | ha->synced = false; | 190 | ha->synced--; |
191 | __hw_addr_del(from_list, ha->addr, | 191 | __hw_addr_del(from_list, ha->addr, |
192 | addr_len, ha->type); | 192 | addr_len, ha->type); |
193 | } | 193 | } |
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c index 6212ec9c2df..055fb130de1 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c | |||
@@ -1068,7 +1068,7 @@ static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb) | |||
1068 | rcu_read_lock(); | 1068 | rcu_read_lock(); |
1069 | cb->seq = net->dev_base_seq; | 1069 | cb->seq = net->dev_base_seq; |
1070 | 1070 | ||
1071 | if (nlmsg_parse(cb->nlh, sizeof(struct rtgenmsg), tb, IFLA_MAX, | 1071 | if (nlmsg_parse(cb->nlh, sizeof(struct ifinfomsg), tb, IFLA_MAX, |
1072 | ifla_policy) >= 0) { | 1072 | ifla_policy) >= 0) { |
1073 | 1073 | ||
1074 | if (tb[IFLA_EXT_MASK]) | 1074 | if (tb[IFLA_EXT_MASK]) |
@@ -1924,7 +1924,7 @@ static u16 rtnl_calcit(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
1924 | u32 ext_filter_mask = 0; | 1924 | u32 ext_filter_mask = 0; |
1925 | u16 min_ifinfo_dump_size = 0; | 1925 | u16 min_ifinfo_dump_size = 0; |
1926 | 1926 | ||
1927 | if (nlmsg_parse(nlh, sizeof(struct rtgenmsg), tb, IFLA_MAX, | 1927 | if (nlmsg_parse(nlh, sizeof(struct ifinfomsg), tb, IFLA_MAX, |
1928 | ifla_policy) >= 0) { | 1928 | ifla_policy) >= 0) { |
1929 | if (tb[IFLA_EXT_MASK]) | 1929 | if (tb[IFLA_EXT_MASK]) |
1930 | ext_filter_mask = nla_get_u32(tb[IFLA_EXT_MASK]); | 1930 | ext_filter_mask = nla_get_u32(tb[IFLA_EXT_MASK]); |
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c index 3b4f0cd2e63..4cfe34d4cc9 100644 --- a/net/ipv4/esp4.c +++ b/net/ipv4/esp4.c | |||
@@ -139,8 +139,6 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb) | |||
139 | 139 | ||
140 | /* skb is pure payload to encrypt */ | 140 | /* skb is pure payload to encrypt */ |
141 | 141 | ||
142 | err = -ENOMEM; | ||
143 | |||
144 | esp = x->data; | 142 | esp = x->data; |
145 | aead = esp->aead; | 143 | aead = esp->aead; |
146 | alen = crypto_aead_authsize(aead); | 144 | alen = crypto_aead_authsize(aead); |
@@ -176,8 +174,10 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb) | |||
176 | } | 174 | } |
177 | 175 | ||
178 | tmp = esp_alloc_tmp(aead, nfrags + sglists, seqhilen); | 176 | tmp = esp_alloc_tmp(aead, nfrags + sglists, seqhilen); |
179 | if (!tmp) | 177 | if (!tmp) { |
178 | err = -ENOMEM; | ||
180 | goto error; | 179 | goto error; |
180 | } | ||
181 | 181 | ||
182 | seqhi = esp_tmp_seqhi(tmp); | 182 | seqhi = esp_tmp_seqhi(tmp); |
183 | iv = esp_tmp_iv(aead, tmp, seqhilen); | 183 | iv = esp_tmp_iv(aead, tmp, seqhilen); |
diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c index a8fc332d07f..0fcfee37227 100644 --- a/net/ipv4/ip_fragment.c +++ b/net/ipv4/ip_fragment.c | |||
@@ -255,8 +255,7 @@ static void ip_expire(unsigned long arg) | |||
255 | if (!head->dev) | 255 | if (!head->dev) |
256 | goto out_rcu_unlock; | 256 | goto out_rcu_unlock; |
257 | 257 | ||
258 | /* skb dst is stale, drop it, and perform route lookup again */ | 258 | /* skb has no dst, perform route lookup again */ |
259 | skb_dst_drop(head); | ||
260 | iph = ip_hdr(head); | 259 | iph = ip_hdr(head); |
261 | err = ip_route_input_noref(head, iph->daddr, iph->saddr, | 260 | err = ip_route_input_noref(head, iph->daddr, iph->saddr, |
262 | iph->tos, head->dev); | 261 | iph->tos, head->dev); |
@@ -525,8 +524,16 @@ found: | |||
525 | qp->q.max_size = skb->len + ihl; | 524 | qp->q.max_size = skb->len + ihl; |
526 | 525 | ||
527 | if (qp->q.last_in == (INET_FRAG_FIRST_IN | INET_FRAG_LAST_IN) && | 526 | if (qp->q.last_in == (INET_FRAG_FIRST_IN | INET_FRAG_LAST_IN) && |
528 | qp->q.meat == qp->q.len) | 527 | qp->q.meat == qp->q.len) { |
529 | return ip_frag_reasm(qp, prev, dev); | 528 | unsigned long orefdst = skb->_skb_refdst; |
529 | |||
530 | skb->_skb_refdst = 0UL; | ||
531 | err = ip_frag_reasm(qp, prev, dev); | ||
532 | skb->_skb_refdst = orefdst; | ||
533 | return err; | ||
534 | } | ||
535 | |||
536 | skb_dst_drop(skb); | ||
530 | 537 | ||
531 | write_lock(&ip4_frags.lock); | 538 | write_lock(&ip4_frags.lock); |
532 | list_move_tail(&qp->q.lru_list, &qp->q.net->lru_list); | 539 | list_move_tail(&qp->q.lru_list, &qp->q.net->lru_list); |
diff --git a/net/ipv4/netfilter/ipt_rpfilter.c b/net/ipv4/netfilter/ipt_rpfilter.c index c30130062cd..c49dcd0284a 100644 --- a/net/ipv4/netfilter/ipt_rpfilter.c +++ b/net/ipv4/netfilter/ipt_rpfilter.c | |||
@@ -66,6 +66,12 @@ static bool rpfilter_lookup_reverse(struct flowi4 *fl4, | |||
66 | return dev_match; | 66 | return dev_match; |
67 | } | 67 | } |
68 | 68 | ||
69 | static bool rpfilter_is_local(const struct sk_buff *skb) | ||
70 | { | ||
71 | const struct rtable *rt = skb_rtable(skb); | ||
72 | return rt && (rt->rt_flags & RTCF_LOCAL); | ||
73 | } | ||
74 | |||
69 | static bool rpfilter_mt(const struct sk_buff *skb, struct xt_action_param *par) | 75 | static bool rpfilter_mt(const struct sk_buff *skb, struct xt_action_param *par) |
70 | { | 76 | { |
71 | const struct xt_rpfilter_info *info; | 77 | const struct xt_rpfilter_info *info; |
@@ -76,7 +82,7 @@ static bool rpfilter_mt(const struct sk_buff *skb, struct xt_action_param *par) | |||
76 | info = par->matchinfo; | 82 | info = par->matchinfo; |
77 | invert = info->flags & XT_RPFILTER_INVERT; | 83 | invert = info->flags & XT_RPFILTER_INVERT; |
78 | 84 | ||
79 | if (par->in->flags & IFF_LOOPBACK) | 85 | if (rpfilter_is_local(skb)) |
80 | return true ^ invert; | 86 | return true ^ invert; |
81 | 87 | ||
82 | iph = ip_hdr(skb); | 88 | iph = ip_hdr(skb); |
diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c index b236ef04914..f962f19dabe 100644 --- a/net/ipv4/syncookies.c +++ b/net/ipv4/syncookies.c | |||
@@ -348,8 +348,8 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb, | |||
348 | * hasn't changed since we received the original syn, but I see | 348 | * hasn't changed since we received the original syn, but I see |
349 | * no easy way to do this. | 349 | * no easy way to do this. |
350 | */ | 350 | */ |
351 | flowi4_init_output(&fl4, 0, sk->sk_mark, RT_CONN_FLAGS(sk), | 351 | flowi4_init_output(&fl4, sk->sk_bound_dev_if, sk->sk_mark, |
352 | RT_SCOPE_UNIVERSE, IPPROTO_TCP, | 352 | RT_CONN_FLAGS(sk), RT_SCOPE_UNIVERSE, IPPROTO_TCP, |
353 | inet_sk_flowi_flags(sk), | 353 | inet_sk_flowi_flags(sk), |
354 | (opt && opt->srr) ? opt->faddr : ireq->rmt_addr, | 354 | (opt && opt->srr) ? opt->faddr : ireq->rmt_addr, |
355 | ireq->loc_addr, th->source, th->dest); | 355 | ireq->loc_addr, th->source, th->dest); |
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index 9841a716370..b4e8b797a09 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c | |||
@@ -116,6 +116,7 @@ int sysctl_tcp_early_retrans __read_mostly = 2; | |||
116 | #define FLAG_DSACKING_ACK 0x800 /* SACK blocks contained D-SACK info */ | 116 | #define FLAG_DSACKING_ACK 0x800 /* SACK blocks contained D-SACK info */ |
117 | #define FLAG_NONHEAD_RETRANS_ACKED 0x1000 /* Non-head rexmitted data was ACKed */ | 117 | #define FLAG_NONHEAD_RETRANS_ACKED 0x1000 /* Non-head rexmitted data was ACKed */ |
118 | #define FLAG_SACK_RENEGING 0x2000 /* snd_una advanced to a sacked seq */ | 118 | #define FLAG_SACK_RENEGING 0x2000 /* snd_una advanced to a sacked seq */ |
119 | #define FLAG_UPDATE_TS_RECENT 0x4000 /* tcp_replace_ts_recent() */ | ||
119 | 120 | ||
120 | #define FLAG_ACKED (FLAG_DATA_ACKED|FLAG_SYN_ACKED) | 121 | #define FLAG_ACKED (FLAG_DATA_ACKED|FLAG_SYN_ACKED) |
121 | #define FLAG_NOT_DUP (FLAG_DATA|FLAG_WIN_UPDATE|FLAG_ACKED) | 122 | #define FLAG_NOT_DUP (FLAG_DATA|FLAG_WIN_UPDATE|FLAG_ACKED) |
@@ -3572,6 +3573,27 @@ static void tcp_send_challenge_ack(struct sock *sk) | |||
3572 | } | 3573 | } |
3573 | } | 3574 | } |
3574 | 3575 | ||
3576 | static void tcp_store_ts_recent(struct tcp_sock *tp) | ||
3577 | { | ||
3578 | tp->rx_opt.ts_recent = tp->rx_opt.rcv_tsval; | ||
3579 | tp->rx_opt.ts_recent_stamp = get_seconds(); | ||
3580 | } | ||
3581 | |||
3582 | static void tcp_replace_ts_recent(struct tcp_sock *tp, u32 seq) | ||
3583 | { | ||
3584 | if (tp->rx_opt.saw_tstamp && !after(seq, tp->rcv_wup)) { | ||
3585 | /* PAWS bug workaround wrt. ACK frames, the PAWS discard | ||
3586 | * extra check below makes sure this can only happen | ||
3587 | * for pure ACK frames. -DaveM | ||
3588 | * | ||
3589 | * Not only, also it occurs for expired timestamps. | ||
3590 | */ | ||
3591 | |||
3592 | if (tcp_paws_check(&tp->rx_opt, 0)) | ||
3593 | tcp_store_ts_recent(tp); | ||
3594 | } | ||
3595 | } | ||
3596 | |||
3575 | /* This routine deals with incoming acks, but not outgoing ones. */ | 3597 | /* This routine deals with incoming acks, but not outgoing ones. */ |
3576 | static int tcp_ack(struct sock *sk, const struct sk_buff *skb, int flag) | 3598 | static int tcp_ack(struct sock *sk, const struct sk_buff *skb, int flag) |
3577 | { | 3599 | { |
@@ -3624,6 +3646,12 @@ static int tcp_ack(struct sock *sk, const struct sk_buff *skb, int flag) | |||
3624 | prior_fackets = tp->fackets_out; | 3646 | prior_fackets = tp->fackets_out; |
3625 | prior_in_flight = tcp_packets_in_flight(tp); | 3647 | prior_in_flight = tcp_packets_in_flight(tp); |
3626 | 3648 | ||
3649 | /* ts_recent update must be made after we are sure that the packet | ||
3650 | * is in window. | ||
3651 | */ | ||
3652 | if (flag & FLAG_UPDATE_TS_RECENT) | ||
3653 | tcp_replace_ts_recent(tp, TCP_SKB_CB(skb)->seq); | ||
3654 | |||
3627 | if (!(flag & FLAG_SLOWPATH) && after(ack, prior_snd_una)) { | 3655 | if (!(flag & FLAG_SLOWPATH) && after(ack, prior_snd_una)) { |
3628 | /* Window is constant, pure forward advance. | 3656 | /* Window is constant, pure forward advance. |
3629 | * No more checks are required. | 3657 | * No more checks are required. |
@@ -3940,27 +3968,6 @@ const u8 *tcp_parse_md5sig_option(const struct tcphdr *th) | |||
3940 | EXPORT_SYMBOL(tcp_parse_md5sig_option); | 3968 | EXPORT_SYMBOL(tcp_parse_md5sig_option); |
3941 | #endif | 3969 | #endif |
3942 | 3970 | ||
3943 | static inline void tcp_store_ts_recent(struct tcp_sock *tp) | ||
3944 | { | ||
3945 | tp->rx_opt.ts_recent = tp->rx_opt.rcv_tsval; | ||
3946 | tp->rx_opt.ts_recent_stamp = get_seconds(); | ||
3947 | } | ||
3948 | |||
3949 | static inline void tcp_replace_ts_recent(struct tcp_sock *tp, u32 seq) | ||
3950 | { | ||
3951 | if (tp->rx_opt.saw_tstamp && !after(seq, tp->rcv_wup)) { | ||
3952 | /* PAWS bug workaround wrt. ACK frames, the PAWS discard | ||
3953 | * extra check below makes sure this can only happen | ||
3954 | * for pure ACK frames. -DaveM | ||
3955 | * | ||
3956 | * Not only, also it occurs for expired timestamps. | ||
3957 | */ | ||
3958 | |||
3959 | if (tcp_paws_check(&tp->rx_opt, 0)) | ||
3960 | tcp_store_ts_recent(tp); | ||
3961 | } | ||
3962 | } | ||
3963 | |||
3964 | /* Sorry, PAWS as specified is broken wrt. pure-ACKs -DaveM | 3971 | /* Sorry, PAWS as specified is broken wrt. pure-ACKs -DaveM |
3965 | * | 3972 | * |
3966 | * It is not fatal. If this ACK does _not_ change critical state (seqs, window) | 3973 | * It is not fatal. If this ACK does _not_ change critical state (seqs, window) |
@@ -5556,14 +5563,9 @@ slow_path: | |||
5556 | return 0; | 5563 | return 0; |
5557 | 5564 | ||
5558 | step5: | 5565 | step5: |
5559 | if (tcp_ack(sk, skb, FLAG_SLOWPATH) < 0) | 5566 | if (tcp_ack(sk, skb, FLAG_SLOWPATH | FLAG_UPDATE_TS_RECENT) < 0) |
5560 | goto discard; | 5567 | goto discard; |
5561 | 5568 | ||
5562 | /* ts_recent update must be made after we are sure that the packet | ||
5563 | * is in window. | ||
5564 | */ | ||
5565 | tcp_replace_ts_recent(tp, TCP_SKB_CB(skb)->seq); | ||
5566 | |||
5567 | tcp_rcv_rtt_measure_ts(sk, skb); | 5569 | tcp_rcv_rtt_measure_ts(sk, skb); |
5568 | 5570 | ||
5569 | /* Process urgent data. */ | 5571 | /* Process urgent data. */ |
@@ -5997,7 +5999,8 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, | |||
5997 | 5999 | ||
5998 | /* step 5: check the ACK field */ | 6000 | /* step 5: check the ACK field */ |
5999 | if (true) { | 6001 | if (true) { |
6000 | int acceptable = tcp_ack(sk, skb, FLAG_SLOWPATH) > 0; | 6002 | int acceptable = tcp_ack(sk, skb, FLAG_SLOWPATH | |
6003 | FLAG_UPDATE_TS_RECENT) > 0; | ||
6001 | 6004 | ||
6002 | switch (sk->sk_state) { | 6005 | switch (sk->sk_state) { |
6003 | case TCP_SYN_RECV: | 6006 | case TCP_SYN_RECV: |
@@ -6148,11 +6151,6 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, | |||
6148 | } | 6151 | } |
6149 | } | 6152 | } |
6150 | 6153 | ||
6151 | /* ts_recent update must be made after we are sure that the packet | ||
6152 | * is in window. | ||
6153 | */ | ||
6154 | tcp_replace_ts_recent(tp, TCP_SKB_CB(skb)->seq); | ||
6155 | |||
6156 | /* step 6: check the URG bit */ | 6154 | /* step 6: check the URG bit */ |
6157 | tcp_urg(sk, skb, th); | 6155 | tcp_urg(sk, skb, th); |
6158 | 6156 | ||
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c index 17d659e6fb6..a9f50ee49e5 100644 --- a/net/ipv4/tcp_output.c +++ b/net/ipv4/tcp_output.c | |||
@@ -2388,8 +2388,12 @@ int __tcp_retransmit_skb(struct sock *sk, struct sk_buff *skb) | |||
2388 | */ | 2388 | */ |
2389 | TCP_SKB_CB(skb)->when = tcp_time_stamp; | 2389 | TCP_SKB_CB(skb)->when = tcp_time_stamp; |
2390 | 2390 | ||
2391 | /* make sure skb->data is aligned on arches that require it */ | 2391 | /* make sure skb->data is aligned on arches that require it |
2392 | if (unlikely(NET_IP_ALIGN && ((unsigned long)skb->data & 3))) { | 2392 | * and check if ack-trimming & collapsing extended the headroom |
2393 | * beyond what csum_start can cover. | ||
2394 | */ | ||
2395 | if (unlikely((NET_IP_ALIGN && ((unsigned long)skb->data & 3)) || | ||
2396 | skb_headroom(skb) >= 0xFFFF)) { | ||
2393 | struct sk_buff *nskb = __pskb_copy(skb, MAX_TCP_HEADER, | 2397 | struct sk_buff *nskb = __pskb_copy(skb, MAX_TCP_HEADER, |
2394 | GFP_ATOMIC); | 2398 | GFP_ATOMIC); |
2395 | return nskb ? tcp_transmit_skb(sk, nskb, 0, GFP_ATOMIC) : | 2399 | return nskb ? tcp_transmit_skb(sk, nskb, 0, GFP_ATOMIC) : |
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c index a36d17e4008..e8676c21a9b 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c | |||
@@ -2525,6 +2525,9 @@ static void sit_add_v4_addrs(struct inet6_dev *idev) | |||
2525 | static void init_loopback(struct net_device *dev) | 2525 | static void init_loopback(struct net_device *dev) |
2526 | { | 2526 | { |
2527 | struct inet6_dev *idev; | 2527 | struct inet6_dev *idev; |
2528 | struct net_device *sp_dev; | ||
2529 | struct inet6_ifaddr *sp_ifa; | ||
2530 | struct rt6_info *sp_rt; | ||
2528 | 2531 | ||
2529 | /* ::1 */ | 2532 | /* ::1 */ |
2530 | 2533 | ||
@@ -2536,6 +2539,30 @@ static void init_loopback(struct net_device *dev) | |||
2536 | } | 2539 | } |
2537 | 2540 | ||
2538 | add_addr(idev, &in6addr_loopback, 128, IFA_HOST); | 2541 | add_addr(idev, &in6addr_loopback, 128, IFA_HOST); |
2542 | |||
2543 | /* Add routes to other interface's IPv6 addresses */ | ||
2544 | for_each_netdev(dev_net(dev), sp_dev) { | ||
2545 | if (!strcmp(sp_dev->name, dev->name)) | ||
2546 | continue; | ||
2547 | |||
2548 | idev = __in6_dev_get(sp_dev); | ||
2549 | if (!idev) | ||
2550 | continue; | ||
2551 | |||
2552 | read_lock_bh(&idev->lock); | ||
2553 | list_for_each_entry(sp_ifa, &idev->addr_list, if_list) { | ||
2554 | |||
2555 | if (sp_ifa->flags & (IFA_F_DADFAILED | IFA_F_TENTATIVE)) | ||
2556 | continue; | ||
2557 | |||
2558 | sp_rt = addrconf_dst_alloc(idev, &sp_ifa->addr, 0); | ||
2559 | |||
2560 | /* Failure cases are ignored */ | ||
2561 | if (!IS_ERR(sp_rt)) | ||
2562 | ip6_ins_rt(sp_rt); | ||
2563 | } | ||
2564 | read_unlock_bh(&idev->lock); | ||
2565 | } | ||
2539 | } | 2566 | } |
2540 | 2567 | ||
2541 | static void addrconf_add_linklocal(struct inet6_dev *idev, const struct in6_addr *addr) | 2568 | static void addrconf_add_linklocal(struct inet6_dev *idev, const struct in6_addr *addr) |
diff --git a/net/ipv6/netfilter/ip6t_NPT.c b/net/ipv6/netfilter/ip6t_NPT.c index 83acc1405a1..0ea43c7024d 100644 --- a/net/ipv6/netfilter/ip6t_NPT.c +++ b/net/ipv6/netfilter/ip6t_NPT.c | |||
@@ -57,7 +57,7 @@ static bool ip6t_npt_map_pfx(const struct ip6t_npt_tginfo *npt, | |||
57 | if (pfx_len - i >= 32) | 57 | if (pfx_len - i >= 32) |
58 | mask = 0; | 58 | mask = 0; |
59 | else | 59 | else |
60 | mask = htonl(~((1 << (pfx_len - i)) - 1)); | 60 | mask = htonl((1 << (i - pfx_len + 32)) - 1); |
61 | 61 | ||
62 | idx = i / 32; | 62 | idx = i / 32; |
63 | addr->s6_addr32[idx] &= mask; | 63 | addr->s6_addr32[idx] &= mask; |
diff --git a/net/ipv6/netfilter/ip6t_rpfilter.c b/net/ipv6/netfilter/ip6t_rpfilter.c index 5060d54199a..e0983f3648a 100644 --- a/net/ipv6/netfilter/ip6t_rpfilter.c +++ b/net/ipv6/netfilter/ip6t_rpfilter.c | |||
@@ -71,6 +71,12 @@ static bool rpfilter_lookup_reverse6(const struct sk_buff *skb, | |||
71 | return ret; | 71 | return ret; |
72 | } | 72 | } |
73 | 73 | ||
74 | static bool rpfilter_is_local(const struct sk_buff *skb) | ||
75 | { | ||
76 | const struct rt6_info *rt = (const void *) skb_dst(skb); | ||
77 | return rt && (rt->rt6i_flags & RTF_LOCAL); | ||
78 | } | ||
79 | |||
74 | static bool rpfilter_mt(const struct sk_buff *skb, struct xt_action_param *par) | 80 | static bool rpfilter_mt(const struct sk_buff *skb, struct xt_action_param *par) |
75 | { | 81 | { |
76 | const struct xt_rpfilter_info *info = par->matchinfo; | 82 | const struct xt_rpfilter_info *info = par->matchinfo; |
@@ -78,7 +84,7 @@ static bool rpfilter_mt(const struct sk_buff *skb, struct xt_action_param *par) | |||
78 | struct ipv6hdr *iph; | 84 | struct ipv6hdr *iph; |
79 | bool invert = info->flags & XT_RPFILTER_INVERT; | 85 | bool invert = info->flags & XT_RPFILTER_INVERT; |
80 | 86 | ||
81 | if (par->in->flags & IFF_LOOPBACK) | 87 | if (rpfilter_is_local(skb)) |
82 | return true ^ invert; | 88 | return true ^ invert; |
83 | 89 | ||
84 | iph = ipv6_hdr(skb); | 90 | iph = ipv6_hdr(skb); |
diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c index d9ba8a27fde..7a610a67363 100644 --- a/net/ipv6/reassembly.c +++ b/net/ipv6/reassembly.c | |||
@@ -342,8 +342,17 @@ found: | |||
342 | } | 342 | } |
343 | 343 | ||
344 | if (fq->q.last_in == (INET_FRAG_FIRST_IN | INET_FRAG_LAST_IN) && | 344 | if (fq->q.last_in == (INET_FRAG_FIRST_IN | INET_FRAG_LAST_IN) && |
345 | fq->q.meat == fq->q.len) | 345 | fq->q.meat == fq->q.len) { |
346 | return ip6_frag_reasm(fq, prev, dev); | 346 | int res; |
347 | unsigned long orefdst = skb->_skb_refdst; | ||
348 | |||
349 | skb->_skb_refdst = 0UL; | ||
350 | res = ip6_frag_reasm(fq, prev, dev); | ||
351 | skb->_skb_refdst = orefdst; | ||
352 | return res; | ||
353 | } | ||
354 | |||
355 | skb_dst_drop(skb); | ||
347 | 356 | ||
348 | write_lock(&ip6_frags.lock); | 357 | write_lock(&ip6_frags.lock); |
349 | list_move_tail(&fq->q.lru_list, &fq->q.net->lru_list); | 358 | list_move_tail(&fq->q.lru_list, &fq->q.net->lru_list); |
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index 8d19346b7a3..89dfeddb026 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c | |||
@@ -386,6 +386,7 @@ static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, | |||
386 | 386 | ||
387 | if (dst) | 387 | if (dst) |
388 | dst->ops->redirect(dst, sk, skb); | 388 | dst->ops->redirect(dst, sk, skb); |
389 | goto out; | ||
389 | } | 390 | } |
390 | 391 | ||
391 | if (type == ICMPV6_PKT_TOOBIG) { | 392 | if (type == ICMPV6_PKT_TOOBIG) { |
diff --git a/net/irda/af_irda.c b/net/irda/af_irda.c index 4d04105a3f0..3c9bd5949d7 100644 --- a/net/irda/af_irda.c +++ b/net/irda/af_irda.c | |||
@@ -1386,6 +1386,8 @@ static int irda_recvmsg_dgram(struct kiocb *iocb, struct socket *sock, | |||
1386 | 1386 | ||
1387 | IRDA_DEBUG(4, "%s()\n", __func__); | 1387 | IRDA_DEBUG(4, "%s()\n", __func__); |
1388 | 1388 | ||
1389 | msg->msg_namelen = 0; | ||
1390 | |||
1389 | skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, | 1391 | skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, |
1390 | flags & MSG_DONTWAIT, &err); | 1392 | flags & MSG_DONTWAIT, &err); |
1391 | if (!skb) | 1393 | if (!skb) |
diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c index cd6f7a991d8..625bc50391c 100644 --- a/net/iucv/af_iucv.c +++ b/net/iucv/af_iucv.c | |||
@@ -1331,6 +1331,8 @@ static int iucv_sock_recvmsg(struct kiocb *iocb, struct socket *sock, | |||
1331 | struct sk_buff *skb, *rskb, *cskb; | 1331 | struct sk_buff *skb, *rskb, *cskb; |
1332 | int err = 0; | 1332 | int err = 0; |
1333 | 1333 | ||
1334 | msg->msg_namelen = 0; | ||
1335 | |||
1334 | if ((sk->sk_state == IUCV_DISCONN) && | 1336 | if ((sk->sk_state == IUCV_DISCONN) && |
1335 | skb_queue_empty(&iucv->backlog_skb_q) && | 1337 | skb_queue_empty(&iucv->backlog_skb_q) && |
1336 | skb_queue_empty(&sk->sk_receive_queue) && | 1338 | skb_queue_empty(&sk->sk_receive_queue) && |
diff --git a/net/l2tp/l2tp_ip6.c b/net/l2tp/l2tp_ip6.c index 8ee4a86ae99..9e1822e8113 100644 --- a/net/l2tp/l2tp_ip6.c +++ b/net/l2tp/l2tp_ip6.c | |||
@@ -684,6 +684,7 @@ static int l2tp_ip6_recvmsg(struct kiocb *iocb, struct sock *sk, | |||
684 | lsa->l2tp_addr = ipv6_hdr(skb)->saddr; | 684 | lsa->l2tp_addr = ipv6_hdr(skb)->saddr; |
685 | lsa->l2tp_flowinfo = 0; | 685 | lsa->l2tp_flowinfo = 0; |
686 | lsa->l2tp_scope_id = 0; | 686 | lsa->l2tp_scope_id = 0; |
687 | lsa->l2tp_conn_id = 0; | ||
687 | if (ipv6_addr_type(&lsa->l2tp_addr) & IPV6_ADDR_LINKLOCAL) | 688 | if (ipv6_addr_type(&lsa->l2tp_addr) & IPV6_ADDR_LINKLOCAL) |
688 | lsa->l2tp_scope_id = IP6CB(skb)->iif; | 689 | lsa->l2tp_scope_id = IP6CB(skb)->iif; |
689 | } | 690 | } |
diff --git a/net/llc/af_llc.c b/net/llc/af_llc.c index 88709882c46..48aaa89253e 100644 --- a/net/llc/af_llc.c +++ b/net/llc/af_llc.c | |||
@@ -720,6 +720,8 @@ static int llc_ui_recvmsg(struct kiocb *iocb, struct socket *sock, | |||
720 | int target; /* Read at least this many bytes */ | 720 | int target; /* Read at least this many bytes */ |
721 | long timeo; | 721 | long timeo; |
722 | 722 | ||
723 | msg->msg_namelen = 0; | ||
724 | |||
723 | lock_sock(sk); | 725 | lock_sock(sk); |
724 | copied = -ENOTCONN; | 726 | copied = -ENOTCONN; |
725 | if (unlikely(sk->sk_type == SOCK_STREAM && sk->sk_state == TCP_LISTEN)) | 727 | if (unlikely(sk->sk_type == SOCK_STREAM && sk->sk_state == TCP_LISTEN)) |
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c index 2c6e4788dde..cbce371c23d 100644 --- a/net/mac80211/mlme.c +++ b/net/mac80211/mlme.c | |||
@@ -3745,8 +3745,16 @@ int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata, | |||
3745 | /* prep auth_data so we don't go into idle on disassoc */ | 3745 | /* prep auth_data so we don't go into idle on disassoc */ |
3746 | ifmgd->auth_data = auth_data; | 3746 | ifmgd->auth_data = auth_data; |
3747 | 3747 | ||
3748 | if (ifmgd->associated) | 3748 | if (ifmgd->associated) { |
3749 | ieee80211_set_disassoc(sdata, 0, 0, false, NULL); | 3749 | u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; |
3750 | |||
3751 | ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, | ||
3752 | WLAN_REASON_UNSPECIFIED, | ||
3753 | false, frame_buf); | ||
3754 | |||
3755 | __cfg80211_send_deauth(sdata->dev, frame_buf, | ||
3756 | sizeof(frame_buf)); | ||
3757 | } | ||
3750 | 3758 | ||
3751 | sdata_info(sdata, "authenticate with %pM\n", req->bss->bssid); | 3759 | sdata_info(sdata, "authenticate with %pM\n", req->bss->bssid); |
3752 | 3760 | ||
@@ -3805,8 +3813,16 @@ int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata, | |||
3805 | 3813 | ||
3806 | mutex_lock(&ifmgd->mtx); | 3814 | mutex_lock(&ifmgd->mtx); |
3807 | 3815 | ||
3808 | if (ifmgd->associated) | 3816 | if (ifmgd->associated) { |
3809 | ieee80211_set_disassoc(sdata, 0, 0, false, NULL); | 3817 | u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; |
3818 | |||
3819 | ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, | ||
3820 | WLAN_REASON_UNSPECIFIED, | ||
3821 | false, frame_buf); | ||
3822 | |||
3823 | __cfg80211_send_deauth(sdata->dev, frame_buf, | ||
3824 | sizeof(frame_buf)); | ||
3825 | } | ||
3810 | 3826 | ||
3811 | if (ifmgd->auth_data && !ifmgd->auth_data->done) { | 3827 | if (ifmgd->auth_data && !ifmgd->auth_data->done) { |
3812 | err = -EBUSY; | 3828 | err = -EBUSY; |
diff --git a/net/mac80211/pm.c b/net/mac80211/pm.c index e45b83610e8..a179bf8d1ea 100644 --- a/net/mac80211/pm.c +++ b/net/mac80211/pm.c | |||
@@ -51,8 +51,8 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan) | |||
51 | ieee80211_stop_queues_by_reason(hw, | 51 | ieee80211_stop_queues_by_reason(hw, |
52 | IEEE80211_QUEUE_STOP_REASON_SUSPEND); | 52 | IEEE80211_QUEUE_STOP_REASON_SUSPEND); |
53 | 53 | ||
54 | /* flush out all packets */ | 54 | /* flush out all packets and station cleanup call_rcu()s */ |
55 | synchronize_net(); | 55 | rcu_barrier(); |
56 | 56 | ||
57 | drv_flush(local, false); | 57 | drv_flush(local, false); |
58 | 58 | ||
diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c index 6d6d8f2b033..38ca630eeeb 100644 --- a/net/netfilter/ipset/ip_set_core.c +++ b/net/netfilter/ipset/ip_set_core.c | |||
@@ -1470,7 +1470,8 @@ ip_set_utest(struct sock *ctnl, struct sk_buff *skb, | |||
1470 | if (ret == -EAGAIN) | 1470 | if (ret == -EAGAIN) |
1471 | ret = 1; | 1471 | ret = 1; |
1472 | 1472 | ||
1473 | return ret < 0 ? ret : ret > 0 ? 0 : -IPSET_ERR_EXIST; | 1473 | return (ret < 0 && ret != -ENOTEMPTY) ? ret : |
1474 | ret > 0 ? 0 : -IPSET_ERR_EXIST; | ||
1474 | } | 1475 | } |
1475 | 1476 | ||
1476 | /* Get headed data of a set */ | 1477 | /* Get headed data of a set */ |
diff --git a/net/netfilter/ipset/ip_set_list_set.c b/net/netfilter/ipset/ip_set_list_set.c index 8371c2bac2e..09c744aa898 100644 --- a/net/netfilter/ipset/ip_set_list_set.c +++ b/net/netfilter/ipset/ip_set_list_set.c | |||
@@ -174,9 +174,13 @@ list_set_add(struct list_set *map, u32 i, ip_set_id_t id, | |||
174 | { | 174 | { |
175 | const struct set_elem *e = list_set_elem(map, i); | 175 | const struct set_elem *e = list_set_elem(map, i); |
176 | 176 | ||
177 | if (i == map->size - 1 && e->id != IPSET_INVALID_ID) | 177 | if (e->id != IPSET_INVALID_ID) { |
178 | /* Last element replaced: e.g. add new,before,last */ | 178 | const struct set_elem *x = list_set_elem(map, map->size - 1); |
179 | ip_set_put_byindex(e->id); | 179 | |
180 | /* Last element replaced or pushed off */ | ||
181 | if (x->id != IPSET_INVALID_ID) | ||
182 | ip_set_put_byindex(x->id); | ||
183 | } | ||
180 | if (with_timeout(map->timeout)) | 184 | if (with_timeout(map->timeout)) |
181 | list_elem_tadd(map, i, id, ip_set_timeout_set(timeout)); | 185 | list_elem_tadd(map, i, id, ip_set_timeout_set(timeout)); |
182 | else | 186 | else |
diff --git a/net/netfilter/ipvs/ip_vs_pe_sip.c b/net/netfilter/ipvs/ip_vs_pe_sip.c index 12475ef88da..e5920fb7ad0 100644 --- a/net/netfilter/ipvs/ip_vs_pe_sip.c +++ b/net/netfilter/ipvs/ip_vs_pe_sip.c | |||
@@ -37,14 +37,10 @@ static int get_callid(const char *dptr, unsigned int dataoff, | |||
37 | if (ret > 0) | 37 | if (ret > 0) |
38 | break; | 38 | break; |
39 | if (!ret) | 39 | if (!ret) |
40 | return 0; | 40 | return -EINVAL; |
41 | dataoff += *matchoff; | 41 | dataoff += *matchoff; |
42 | } | 42 | } |
43 | 43 | ||
44 | /* Empty callid is useless */ | ||
45 | if (!*matchlen) | ||
46 | return -EINVAL; | ||
47 | |||
48 | /* Too large is useless */ | 44 | /* Too large is useless */ |
49 | if (*matchlen > IP_VS_PEDATA_MAXLEN) | 45 | if (*matchlen > IP_VS_PEDATA_MAXLEN) |
50 | return -EINVAL; | 46 | return -EINVAL; |
diff --git a/net/netfilter/nf_conntrack_helper.c b/net/netfilter/nf_conntrack_helper.c index 884f2b39319..91527d5ba01 100644 --- a/net/netfilter/nf_conntrack_helper.c +++ b/net/netfilter/nf_conntrack_helper.c | |||
@@ -236,7 +236,9 @@ int __nf_ct_try_assign_helper(struct nf_conn *ct, struct nf_conn *tmpl, | |||
236 | /* We only allow helper re-assignment of the same sort since | 236 | /* We only allow helper re-assignment of the same sort since |
237 | * we cannot reallocate the helper extension area. | 237 | * we cannot reallocate the helper extension area. |
238 | */ | 238 | */ |
239 | if (help->helper != helper) { | 239 | struct nf_conntrack_helper *tmp = rcu_dereference(help->helper); |
240 | |||
241 | if (tmp && tmp->help != helper->help) { | ||
240 | RCU_INIT_POINTER(help->helper, NULL); | 242 | RCU_INIT_POINTER(help->helper, NULL); |
241 | goto out; | 243 | goto out; |
242 | } | 244 | } |
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index 627b0e50b23..a081915e053 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c | |||
@@ -1705,6 +1705,9 @@ ctnetlink_new_conntrack(struct sock *ctnl, struct sk_buff *skb, | |||
1705 | if (nlh->nlmsg_flags & NLM_F_CREATE) { | 1705 | if (nlh->nlmsg_flags & NLM_F_CREATE) { |
1706 | enum ip_conntrack_events events; | 1706 | enum ip_conntrack_events events; |
1707 | 1707 | ||
1708 | if (!cda[CTA_TUPLE_ORIG] || !cda[CTA_TUPLE_REPLY]) | ||
1709 | return -EINVAL; | ||
1710 | |||
1708 | ct = ctnetlink_create_conntrack(net, zone, cda, &otuple, | 1711 | ct = ctnetlink_create_conntrack(net, zone, cda, &otuple, |
1709 | &rtuple, u3); | 1712 | &rtuple, u3); |
1710 | if (IS_ERR(ct)) | 1713 | if (IS_ERR(ct)) |
diff --git a/net/netfilter/nf_conntrack_sip.c b/net/netfilter/nf_conntrack_sip.c index df8f4f28448..b4e0d1c23cd 100644 --- a/net/netfilter/nf_conntrack_sip.c +++ b/net/netfilter/nf_conntrack_sip.c | |||
@@ -1547,7 +1547,7 @@ static int sip_help_tcp(struct sk_buff *skb, unsigned int protoff, | |||
1547 | 1547 | ||
1548 | msglen = origlen = end - dptr; | 1548 | msglen = origlen = end - dptr; |
1549 | if (msglen > datalen) | 1549 | if (msglen > datalen) |
1550 | return NF_DROP; | 1550 | return NF_ACCEPT; |
1551 | 1551 | ||
1552 | ret = process_sip_msg(skb, ct, protoff, dataoff, | 1552 | ret = process_sip_msg(skb, ct, protoff, dataoff, |
1553 | &dptr, &msglen); | 1553 | &dptr, &msglen); |
diff --git a/net/netfilter/nf_nat_core.c b/net/netfilter/nf_nat_core.c index 5f2f9109f46..4bc2aafcd41 100644 --- a/net/netfilter/nf_nat_core.c +++ b/net/netfilter/nf_nat_core.c | |||
@@ -468,33 +468,22 @@ EXPORT_SYMBOL_GPL(nf_nat_packet); | |||
468 | struct nf_nat_proto_clean { | 468 | struct nf_nat_proto_clean { |
469 | u8 l3proto; | 469 | u8 l3proto; |
470 | u8 l4proto; | 470 | u8 l4proto; |
471 | bool hash; | ||
472 | }; | 471 | }; |
473 | 472 | ||
474 | /* Clear NAT section of all conntracks, in case we're loaded again. */ | 473 | /* kill conntracks with affected NAT section */ |
475 | static int nf_nat_proto_clean(struct nf_conn *i, void *data) | 474 | static int nf_nat_proto_remove(struct nf_conn *i, void *data) |
476 | { | 475 | { |
477 | const struct nf_nat_proto_clean *clean = data; | 476 | const struct nf_nat_proto_clean *clean = data; |
478 | struct nf_conn_nat *nat = nfct_nat(i); | 477 | struct nf_conn_nat *nat = nfct_nat(i); |
479 | 478 | ||
480 | if (!nat) | 479 | if (!nat) |
481 | return 0; | 480 | return 0; |
482 | if (!(i->status & IPS_SRC_NAT_DONE)) | 481 | |
483 | return 0; | ||
484 | if ((clean->l3proto && nf_ct_l3num(i) != clean->l3proto) || | 482 | if ((clean->l3proto && nf_ct_l3num(i) != clean->l3proto) || |
485 | (clean->l4proto && nf_ct_protonum(i) != clean->l4proto)) | 483 | (clean->l4proto && nf_ct_protonum(i) != clean->l4proto)) |
486 | return 0; | 484 | return 0; |
487 | 485 | ||
488 | if (clean->hash) { | 486 | return i->status & IPS_NAT_MASK ? 1 : 0; |
489 | spin_lock_bh(&nf_nat_lock); | ||
490 | hlist_del_rcu(&nat->bysource); | ||
491 | spin_unlock_bh(&nf_nat_lock); | ||
492 | } else { | ||
493 | memset(nat, 0, sizeof(*nat)); | ||
494 | i->status &= ~(IPS_NAT_MASK | IPS_NAT_DONE_MASK | | ||
495 | IPS_SEQ_ADJUST); | ||
496 | } | ||
497 | return 0; | ||
498 | } | 487 | } |
499 | 488 | ||
500 | static void nf_nat_l4proto_clean(u8 l3proto, u8 l4proto) | 489 | static void nf_nat_l4proto_clean(u8 l3proto, u8 l4proto) |
@@ -506,16 +495,8 @@ static void nf_nat_l4proto_clean(u8 l3proto, u8 l4proto) | |||
506 | struct net *net; | 495 | struct net *net; |
507 | 496 | ||
508 | rtnl_lock(); | 497 | rtnl_lock(); |
509 | /* Step 1 - remove from bysource hash */ | ||
510 | clean.hash = true; | ||
511 | for_each_net(net) | 498 | for_each_net(net) |
512 | nf_ct_iterate_cleanup(net, nf_nat_proto_clean, &clean); | 499 | nf_ct_iterate_cleanup(net, nf_nat_proto_remove, &clean); |
513 | synchronize_rcu(); | ||
514 | |||
515 | /* Step 2 - clean NAT section */ | ||
516 | clean.hash = false; | ||
517 | for_each_net(net) | ||
518 | nf_ct_iterate_cleanup(net, nf_nat_proto_clean, &clean); | ||
519 | rtnl_unlock(); | 500 | rtnl_unlock(); |
520 | } | 501 | } |
521 | 502 | ||
@@ -527,16 +508,9 @@ static void nf_nat_l3proto_clean(u8 l3proto) | |||
527 | struct net *net; | 508 | struct net *net; |
528 | 509 | ||
529 | rtnl_lock(); | 510 | rtnl_lock(); |
530 | /* Step 1 - remove from bysource hash */ | ||
531 | clean.hash = true; | ||
532 | for_each_net(net) | ||
533 | nf_ct_iterate_cleanup(net, nf_nat_proto_clean, &clean); | ||
534 | synchronize_rcu(); | ||
535 | 511 | ||
536 | /* Step 2 - clean NAT section */ | ||
537 | clean.hash = false; | ||
538 | for_each_net(net) | 512 | for_each_net(net) |
539 | nf_ct_iterate_cleanup(net, nf_nat_proto_clean, &clean); | 513 | nf_ct_iterate_cleanup(net, nf_nat_proto_remove, &clean); |
540 | rtnl_unlock(); | 514 | rtnl_unlock(); |
541 | } | 515 | } |
542 | 516 | ||
@@ -774,7 +748,7 @@ static void __net_exit nf_nat_net_exit(struct net *net) | |||
774 | { | 748 | { |
775 | struct nf_nat_proto_clean clean = {}; | 749 | struct nf_nat_proto_clean clean = {}; |
776 | 750 | ||
777 | nf_ct_iterate_cleanup(net, &nf_nat_proto_clean, &clean); | 751 | nf_ct_iterate_cleanup(net, &nf_nat_proto_remove, &clean); |
778 | synchronize_rcu(); | 752 | synchronize_rcu(); |
779 | nf_ct_free_hashtable(net->ct.nat_bysource, net->ct.nat_htable_size); | 753 | nf_ct_free_hashtable(net->ct.nat_bysource, net->ct.nat_htable_size); |
780 | } | 754 | } |
diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c index 7261eb81974..14c106b49e9 100644 --- a/net/netrom/af_netrom.c +++ b/net/netrom/af_netrom.c | |||
@@ -1177,6 +1177,7 @@ static int nr_recvmsg(struct kiocb *iocb, struct socket *sock, | |||
1177 | } | 1177 | } |
1178 | 1178 | ||
1179 | if (sax != NULL) { | 1179 | if (sax != NULL) { |
1180 | memset(sax, 0, sizeof(sax)); | ||
1180 | sax->sax25_family = AF_NETROM; | 1181 | sax->sax25_family = AF_NETROM; |
1181 | skb_copy_from_linear_data_offset(skb, 7, sax->sax25_call.ax25_call, | 1182 | skb_copy_from_linear_data_offset(skb, 7, sax->sax25_call.ax25_call, |
1182 | AX25_ADDR_LEN); | 1183 | AX25_ADDR_LEN); |
diff --git a/net/nfc/llcp/sock.c b/net/nfc/llcp/sock.c index 5332751943a..411c25bda0b 100644 --- a/net/nfc/llcp/sock.c +++ b/net/nfc/llcp/sock.c | |||
@@ -644,6 +644,8 @@ static int llcp_sock_recvmsg(struct kiocb *iocb, struct socket *sock, | |||
644 | 644 | ||
645 | pr_debug("%p %zu\n", sk, len); | 645 | pr_debug("%p %zu\n", sk, len); |
646 | 646 | ||
647 | msg->msg_namelen = 0; | ||
648 | |||
647 | lock_sock(sk); | 649 | lock_sock(sk); |
648 | 650 | ||
649 | if (sk->sk_state == LLCP_CLOSED && | 651 | if (sk->sk_state == LLCP_CLOSED && |
diff --git a/net/rose/af_rose.c b/net/rose/af_rose.c index c4719ce604c..7f645d11579 100644 --- a/net/rose/af_rose.c +++ b/net/rose/af_rose.c | |||
@@ -1257,6 +1257,7 @@ static int rose_recvmsg(struct kiocb *iocb, struct socket *sock, | |||
1257 | skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); | 1257 | skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); |
1258 | 1258 | ||
1259 | if (srose != NULL) { | 1259 | if (srose != NULL) { |
1260 | memset(srose, 0, msg->msg_namelen); | ||
1260 | srose->srose_family = AF_ROSE; | 1261 | srose->srose_family = AF_ROSE; |
1261 | srose->srose_addr = rose->dest_addr; | 1262 | srose->srose_addr = rose->dest_addr; |
1262 | srose->srose_call = rose->dest_call; | 1263 | srose->srose_call = rose->dest_call; |
diff --git a/net/sched/sch_cbq.c b/net/sched/sch_cbq.c index 0e19948470b..ced81a1583e 100644 --- a/net/sched/sch_cbq.c +++ b/net/sched/sch_cbq.c | |||
@@ -962,8 +962,11 @@ cbq_dequeue(struct Qdisc *sch) | |||
962 | cbq_update(q); | 962 | cbq_update(q); |
963 | if ((incr -= incr2) < 0) | 963 | if ((incr -= incr2) < 0) |
964 | incr = 0; | 964 | incr = 0; |
965 | q->now += incr; | ||
966 | } else { | ||
967 | if (now > q->now) | ||
968 | q->now = now; | ||
965 | } | 969 | } |
966 | q->now += incr; | ||
967 | q->now_rt = now; | 970 | q->now_rt = now; |
968 | 971 | ||
969 | for (;;) { | 972 | for (;;) { |
diff --git a/net/tipc/socket.c b/net/tipc/socket.c index 9b4e4833a48..fc906d9391b 100644 --- a/net/tipc/socket.c +++ b/net/tipc/socket.c | |||
@@ -806,6 +806,7 @@ static void set_orig_addr(struct msghdr *m, struct tipc_msg *msg) | |||
806 | if (addr) { | 806 | if (addr) { |
807 | addr->family = AF_TIPC; | 807 | addr->family = AF_TIPC; |
808 | addr->addrtype = TIPC_ADDR_ID; | 808 | addr->addrtype = TIPC_ADDR_ID; |
809 | memset(&addr->addr, 0, sizeof(addr->addr)); | ||
809 | addr->addr.id.ref = msg_origport(msg); | 810 | addr->addr.id.ref = msg_origport(msg); |
810 | addr->addr.id.node = msg_orignode(msg); | 811 | addr->addr.id.node = msg_orignode(msg); |
811 | addr->addr.name.domain = 0; /* could leave uninitialized */ | 812 | addr->addr.name.domain = 0; /* could leave uninitialized */ |
@@ -920,6 +921,9 @@ static int recv_msg(struct kiocb *iocb, struct socket *sock, | |||
920 | goto exit; | 921 | goto exit; |
921 | } | 922 | } |
922 | 923 | ||
924 | /* will be updated in set_orig_addr() if needed */ | ||
925 | m->msg_namelen = 0; | ||
926 | |||
923 | timeout = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); | 927 | timeout = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); |
924 | restart: | 928 | restart: |
925 | 929 | ||
@@ -1029,6 +1033,9 @@ static int recv_stream(struct kiocb *iocb, struct socket *sock, | |||
1029 | goto exit; | 1033 | goto exit; |
1030 | } | 1034 | } |
1031 | 1035 | ||
1036 | /* will be updated in set_orig_addr() if needed */ | ||
1037 | m->msg_namelen = 0; | ||
1038 | |||
1032 | target = sock_rcvlowat(sk, flags & MSG_WAITALL, buf_len); | 1039 | target = sock_rcvlowat(sk, flags & MSG_WAITALL, buf_len); |
1033 | timeout = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); | 1040 | timeout = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); |
1034 | 1041 | ||
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c index b45eb6553ee..f347754e462 100644 --- a/net/unix/af_unix.c +++ b/net/unix/af_unix.c | |||
@@ -1995,7 +1995,7 @@ again: | |||
1995 | if ((UNIXCB(skb).pid != siocb->scm->pid) || | 1995 | if ((UNIXCB(skb).pid != siocb->scm->pid) || |
1996 | (UNIXCB(skb).cred != siocb->scm->cred)) | 1996 | (UNIXCB(skb).cred != siocb->scm->cred)) |
1997 | break; | 1997 | break; |
1998 | } else { | 1998 | } else if (test_bit(SOCK_PASSCRED, &sock->flags)) { |
1999 | /* Copy credentials */ | 1999 | /* Copy credentials */ |
2000 | scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred); | 2000 | scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred); |
2001 | check_creds = 1; | 2001 | check_creds = 1; |
diff --git a/net/wireless/reg.c b/net/wireless/reg.c index de02d633c21..ecf56638996 100644 --- a/net/wireless/reg.c +++ b/net/wireless/reg.c | |||
@@ -855,7 +855,7 @@ static void handle_channel(struct wiphy *wiphy, | |||
855 | return; | 855 | return; |
856 | 856 | ||
857 | REG_DBG_PRINT("Disabling freq %d MHz\n", chan->center_freq); | 857 | REG_DBG_PRINT("Disabling freq %d MHz\n", chan->center_freq); |
858 | chan->flags = IEEE80211_CHAN_DISABLED; | 858 | chan->flags |= IEEE80211_CHAN_DISABLED; |
859 | return; | 859 | return; |
860 | } | 860 | } |
861 | 861 | ||