aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorPraneeth Bajjuri2013-06-10 16:27:12 -0500
committerPraneeth Bajjuri2013-06-10 16:27:12 -0500
commitbb0f91ad4f5b0d64c370a75cd8ca95f931deddb8 (patch)
treeb2de4ff80d30a62bfce6ac834c2c5692866f9b12 /net
parentde4556ecce15a99868fc5ad92092e322b26e3d95 (diff)
parentfc0b661dc67ac653d3b22304d9633aa17b597431 (diff)
downloadkernel-video-bb0f91ad4f5b0d64c370a75cd8ca95f931deddb8.tar.gz
kernel-video-bb0f91ad4f5b0d64c370a75cd8ca95f931deddb8.tar.xz
kernel-video-bb0f91ad4f5b0d64c370a75cd8ca95f931deddb8.zip
Merge branch 'p-ti-linux-3.8.y' into p-ti-android-3.8.y
* p-ti-linux-3.8.y: (443 commits) TI-Integration: ARM: OMAP2+: Fix merege by restoring omap_mcasp_init() call omapdss: TFCS panel: Check for successful TLC driver registration before using it omapdss: DSS DPLLs: Ignore PLL_PWR_STATUS on DRA7 ARM: DRA7: dts: Add the sdma dt node and corresponding dma request lines for mmc ARM: dra7: dts: Add a fixed regulator node needed for eMMC arm/dts: dra7: Add ldo regulator for mmc1 arm/dts: dra7: Add mmc controller nodes and board data ARM: DRA: hwmod: Correct the dma line names for mmc arch: arm: configs: Add support for DRA7 evm in omap2plus_defconfig arm: dts: dra7-evm: Add pinmux configs needed for display HACK: pinctrl: pinctrl single: Make pinctrl-single init early OMAPDSS:HDMI: Change PLL calculations omapdss: hdmi: fix deepcolor mode configuration ARM: dts: DRA7x: Add DMM bindings omapdrm: hack: Assign managers/channel to outputs in a more trivial way gpu: drm: omap: Use bitmaps for placement drm/omap: Fix and improve crtc and overlay manager correlation drm/omap: fix modeset_init if a panel doesn't satisfy omapdrm requirements drm/omap: Take a fb reference in omap_plane_update() drm/omap: move out of staging ... Signed-off-by: Praneeth Bajjuri <praneeth@ti.com>
Diffstat (limited to 'net')
-rw-r--r--net/atm/common.c2
-rw-r--r--net/ax25/af_ax25.c1
-rw-r--r--net/bluetooth/af_bluetooth.c4
-rw-r--r--net/bluetooth/rfcomm/sock.c1
-rw-r--r--net/bluetooth/sco.c1
-rw-r--r--net/caif/caif_socket.c2
-rw-r--r--net/core/dev.c4
-rw-r--r--net/core/dev_addr_lists.c6
-rw-r--r--net/core/rtnetlink.c4
-rw-r--r--net/ipv4/esp4.c6
-rw-r--r--net/ipv4/ip_fragment.c15
-rw-r--r--net/ipv4/netfilter/ipt_rpfilter.c8
-rw-r--r--net/ipv4/syncookies.c4
-rw-r--r--net/ipv4/tcp_input.c64
-rw-r--r--net/ipv4/tcp_output.c8
-rw-r--r--net/ipv6/addrconf.c27
-rw-r--r--net/ipv6/netfilter/ip6t_NPT.c2
-rw-r--r--net/ipv6/netfilter/ip6t_rpfilter.c8
-rw-r--r--net/ipv6/reassembly.c13
-rw-r--r--net/ipv6/tcp_ipv6.c1
-rw-r--r--net/irda/af_irda.c2
-rw-r--r--net/iucv/af_iucv.c2
-rw-r--r--net/l2tp/l2tp_ip6.c1
-rw-r--r--net/llc/af_llc.c2
-rw-r--r--net/mac80211/mlme.c24
-rw-r--r--net/mac80211/pm.c4
-rw-r--r--net/netfilter/ipset/ip_set_core.c3
-rw-r--r--net/netfilter/ipset/ip_set_list_set.c10
-rw-r--r--net/netfilter/ipvs/ip_vs_pe_sip.c6
-rw-r--r--net/netfilter/nf_conntrack_helper.c4
-rw-r--r--net/netfilter/nf_conntrack_netlink.c3
-rw-r--r--net/netfilter/nf_conntrack_sip.c2
-rw-r--r--net/netfilter/nf_nat_core.c40
-rw-r--r--net/netrom/af_netrom.c1
-rw-r--r--net/nfc/llcp/sock.c2
-rw-r--r--net/rose/af_rose.c1
-rw-r--r--net/sched/sch_cbq.c5
-rw-r--r--net/tipc/socket.c7
-rw-r--r--net/unix/af_unix.c2
-rw-r--r--net/wireless/reg.c2
40 files changed, 195 insertions, 109 deletions
diff --git a/net/atm/common.c b/net/atm/common.c
index 806fc0a4005..cf4b7e667a6 100644
--- a/net/atm/common.c
+++ b/net/atm/common.c
@@ -532,6 +532,8 @@ int vcc_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg,
532 struct sk_buff *skb; 532 struct sk_buff *skb;
533 int copied, error = -EINVAL; 533 int copied, error = -EINVAL;
534 534
535 msg->msg_namelen = 0;
536
535 if (sock->state != SS_CONNECTED) 537 if (sock->state != SS_CONNECTED)
536 return -ENOTCONN; 538 return -ENOTCONN;
537 539
diff --git a/net/ax25/af_ax25.c b/net/ax25/af_ax25.c
index 779095ded68..d53a123e36a 100644
--- a/net/ax25/af_ax25.c
+++ b/net/ax25/af_ax25.c
@@ -1647,6 +1647,7 @@ static int ax25_recvmsg(struct kiocb *iocb, struct socket *sock,
1647 ax25_address src; 1647 ax25_address src;
1648 const unsigned char *mac = skb_mac_header(skb); 1648 const unsigned char *mac = skb_mac_header(skb);
1649 1649
1650 memset(sax, 0, sizeof(struct full_sockaddr_ax25));
1650 ax25_addr_parse(mac + 1, skb->data - mac - 1, &src, NULL, 1651 ax25_addr_parse(mac + 1, skb->data - mac - 1, &src, NULL,
1651 &digi, NULL, NULL); 1652 &digi, NULL, NULL);
1652 sax->sax25_family = AF_AX25; 1653 sax->sax25_family = AF_AX25;
diff --git a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c
index 49a70855727..342efaef95d 100644
--- a/net/bluetooth/af_bluetooth.c
+++ b/net/bluetooth/af_bluetooth.c
@@ -264,6 +264,8 @@ int bt_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
264 if (flags & (MSG_OOB)) 264 if (flags & (MSG_OOB))
265 return -EOPNOTSUPP; 265 return -EOPNOTSUPP;
266 266
267 msg->msg_namelen = 0;
268
267 skb = skb_recv_datagram(sk, flags, noblock, &err); 269 skb = skb_recv_datagram(sk, flags, noblock, &err);
268 if (!skb) { 270 if (!skb) {
269 if (sk->sk_shutdown & RCV_SHUTDOWN) 271 if (sk->sk_shutdown & RCV_SHUTDOWN)
@@ -271,8 +273,6 @@ int bt_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
271 return err; 273 return err;
272 } 274 }
273 275
274 msg->msg_namelen = 0;
275
276 copied = skb->len; 276 copied = skb->len;
277 if (len < copied) { 277 if (len < copied) {
278 msg->msg_flags |= MSG_TRUNC; 278 msg->msg_flags |= MSG_TRUNC;
diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c
index ce3f6658f4b..970fc13d8e3 100644
--- a/net/bluetooth/rfcomm/sock.c
+++ b/net/bluetooth/rfcomm/sock.c
@@ -610,6 +610,7 @@ static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
610 610
611 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { 611 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
612 rfcomm_dlc_accept(d); 612 rfcomm_dlc_accept(d);
613 msg->msg_namelen = 0;
613 return 0; 614 return 0;
614 } 615 }
615 616
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index f54d7435819..2ea5b06cb79 100644
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -683,6 +683,7 @@ static int sco_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
683 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 683 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
684 hci_conn_accept(pi->conn->hcon, 0); 684 hci_conn_accept(pi->conn->hcon, 0);
685 sk->sk_state = BT_CONFIG; 685 sk->sk_state = BT_CONFIG;
686 msg->msg_namelen = 0;
686 687
687 release_sock(sk); 688 release_sock(sk);
688 return 0; 689 return 0;
diff --git a/net/caif/caif_socket.c b/net/caif/caif_socket.c
index 095259f8390..ff2ff3ce696 100644
--- a/net/caif/caif_socket.c
+++ b/net/caif/caif_socket.c
@@ -286,6 +286,8 @@ static int caif_seqpkt_recvmsg(struct kiocb *iocb, struct socket *sock,
286 if (m->msg_flags&MSG_OOB) 286 if (m->msg_flags&MSG_OOB)
287 goto read_error; 287 goto read_error;
288 288
289 m->msg_namelen = 0;
290
289 skb = skb_recv_datagram(sk, flags, 0 , &ret); 291 skb = skb_recv_datagram(sk, flags, 0 , &ret);
290 if (!skb) 292 if (!skb)
291 goto read_error; 293 goto read_error;
diff --git a/net/core/dev.c b/net/core/dev.c
index 5d9c43dca73..d592214b139 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -1737,6 +1737,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
1737 skb->mark = 0; 1737 skb->mark = 0;
1738 secpath_reset(skb); 1738 secpath_reset(skb);
1739 nf_reset(skb); 1739 nf_reset(skb);
1740 nf_reset_trace(skb);
1740 return netif_rx(skb); 1741 return netif_rx(skb);
1741} 1742}
1742EXPORT_SYMBOL_GPL(dev_forward_skb); 1743EXPORT_SYMBOL_GPL(dev_forward_skb);
@@ -2017,6 +2018,9 @@ static void skb_warn_bad_offload(const struct sk_buff *skb)
2017 struct net_device *dev = skb->dev; 2018 struct net_device *dev = skb->dev;
2018 const char *driver = ""; 2019 const char *driver = "";
2019 2020
2021 if (!net_ratelimit())
2022 return;
2023
2020 if (dev && dev->dev.parent) 2024 if (dev && dev->dev.parent)
2021 driver = dev_driver_string(dev->dev.parent); 2025 driver = dev_driver_string(dev->dev.parent);
2022 2026
diff --git a/net/core/dev_addr_lists.c b/net/core/dev_addr_lists.c
index b079c7bbc15..7841d87b86f 100644
--- a/net/core/dev_addr_lists.c
+++ b/net/core/dev_addr_lists.c
@@ -38,7 +38,7 @@ static int __hw_addr_create_ex(struct netdev_hw_addr_list *list,
38 ha->type = addr_type; 38 ha->type = addr_type;
39 ha->refcount = 1; 39 ha->refcount = 1;
40 ha->global_use = global; 40 ha->global_use = global;
41 ha->synced = false; 41 ha->synced = 0;
42 list_add_tail_rcu(&ha->list, &list->list); 42 list_add_tail_rcu(&ha->list, &list->list);
43 list->count++; 43 list->count++;
44 44
@@ -166,7 +166,7 @@ int __hw_addr_sync(struct netdev_hw_addr_list *to_list,
166 addr_len, ha->type); 166 addr_len, ha->type);
167 if (err) 167 if (err)
168 break; 168 break;
169 ha->synced = true; 169 ha->synced++;
170 ha->refcount++; 170 ha->refcount++;
171 } else if (ha->refcount == 1) { 171 } else if (ha->refcount == 1) {
172 __hw_addr_del(to_list, ha->addr, addr_len, ha->type); 172 __hw_addr_del(to_list, ha->addr, addr_len, ha->type);
@@ -187,7 +187,7 @@ void __hw_addr_unsync(struct netdev_hw_addr_list *to_list,
187 if (ha->synced) { 187 if (ha->synced) {
188 __hw_addr_del(to_list, ha->addr, 188 __hw_addr_del(to_list, ha->addr,
189 addr_len, ha->type); 189 addr_len, ha->type);
190 ha->synced = false; 190 ha->synced--;
191 __hw_addr_del(from_list, ha->addr, 191 __hw_addr_del(from_list, ha->addr,
192 addr_len, ha->type); 192 addr_len, ha->type);
193 } 193 }
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index 6212ec9c2df..055fb130de1 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -1068,7 +1068,7 @@ static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb)
1068 rcu_read_lock(); 1068 rcu_read_lock();
1069 cb->seq = net->dev_base_seq; 1069 cb->seq = net->dev_base_seq;
1070 1070
1071 if (nlmsg_parse(cb->nlh, sizeof(struct rtgenmsg), tb, IFLA_MAX, 1071 if (nlmsg_parse(cb->nlh, sizeof(struct ifinfomsg), tb, IFLA_MAX,
1072 ifla_policy) >= 0) { 1072 ifla_policy) >= 0) {
1073 1073
1074 if (tb[IFLA_EXT_MASK]) 1074 if (tb[IFLA_EXT_MASK])
@@ -1924,7 +1924,7 @@ static u16 rtnl_calcit(struct sk_buff *skb, struct nlmsghdr *nlh)
1924 u32 ext_filter_mask = 0; 1924 u32 ext_filter_mask = 0;
1925 u16 min_ifinfo_dump_size = 0; 1925 u16 min_ifinfo_dump_size = 0;
1926 1926
1927 if (nlmsg_parse(nlh, sizeof(struct rtgenmsg), tb, IFLA_MAX, 1927 if (nlmsg_parse(nlh, sizeof(struct ifinfomsg), tb, IFLA_MAX,
1928 ifla_policy) >= 0) { 1928 ifla_policy) >= 0) {
1929 if (tb[IFLA_EXT_MASK]) 1929 if (tb[IFLA_EXT_MASK])
1930 ext_filter_mask = nla_get_u32(tb[IFLA_EXT_MASK]); 1930 ext_filter_mask = nla_get_u32(tb[IFLA_EXT_MASK]);
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
index 3b4f0cd2e63..4cfe34d4cc9 100644
--- a/net/ipv4/esp4.c
+++ b/net/ipv4/esp4.c
@@ -139,8 +139,6 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
139 139
140 /* skb is pure payload to encrypt */ 140 /* skb is pure payload to encrypt */
141 141
142 err = -ENOMEM;
143
144 esp = x->data; 142 esp = x->data;
145 aead = esp->aead; 143 aead = esp->aead;
146 alen = crypto_aead_authsize(aead); 144 alen = crypto_aead_authsize(aead);
@@ -176,8 +174,10 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
176 } 174 }
177 175
178 tmp = esp_alloc_tmp(aead, nfrags + sglists, seqhilen); 176 tmp = esp_alloc_tmp(aead, nfrags + sglists, seqhilen);
179 if (!tmp) 177 if (!tmp) {
178 err = -ENOMEM;
180 goto error; 179 goto error;
180 }
181 181
182 seqhi = esp_tmp_seqhi(tmp); 182 seqhi = esp_tmp_seqhi(tmp);
183 iv = esp_tmp_iv(aead, tmp, seqhilen); 183 iv = esp_tmp_iv(aead, tmp, seqhilen);
diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
index a8fc332d07f..0fcfee37227 100644
--- a/net/ipv4/ip_fragment.c
+++ b/net/ipv4/ip_fragment.c
@@ -255,8 +255,7 @@ static void ip_expire(unsigned long arg)
255 if (!head->dev) 255 if (!head->dev)
256 goto out_rcu_unlock; 256 goto out_rcu_unlock;
257 257
258 /* skb dst is stale, drop it, and perform route lookup again */ 258 /* skb has no dst, perform route lookup again */
259 skb_dst_drop(head);
260 iph = ip_hdr(head); 259 iph = ip_hdr(head);
261 err = ip_route_input_noref(head, iph->daddr, iph->saddr, 260 err = ip_route_input_noref(head, iph->daddr, iph->saddr,
262 iph->tos, head->dev); 261 iph->tos, head->dev);
@@ -525,8 +524,16 @@ found:
525 qp->q.max_size = skb->len + ihl; 524 qp->q.max_size = skb->len + ihl;
526 525
527 if (qp->q.last_in == (INET_FRAG_FIRST_IN | INET_FRAG_LAST_IN) && 526 if (qp->q.last_in == (INET_FRAG_FIRST_IN | INET_FRAG_LAST_IN) &&
528 qp->q.meat == qp->q.len) 527 qp->q.meat == qp->q.len) {
529 return ip_frag_reasm(qp, prev, dev); 528 unsigned long orefdst = skb->_skb_refdst;
529
530 skb->_skb_refdst = 0UL;
531 err = ip_frag_reasm(qp, prev, dev);
532 skb->_skb_refdst = orefdst;
533 return err;
534 }
535
536 skb_dst_drop(skb);
530 537
531 write_lock(&ip4_frags.lock); 538 write_lock(&ip4_frags.lock);
532 list_move_tail(&qp->q.lru_list, &qp->q.net->lru_list); 539 list_move_tail(&qp->q.lru_list, &qp->q.net->lru_list);
diff --git a/net/ipv4/netfilter/ipt_rpfilter.c b/net/ipv4/netfilter/ipt_rpfilter.c
index c30130062cd..c49dcd0284a 100644
--- a/net/ipv4/netfilter/ipt_rpfilter.c
+++ b/net/ipv4/netfilter/ipt_rpfilter.c
@@ -66,6 +66,12 @@ static bool rpfilter_lookup_reverse(struct flowi4 *fl4,
66 return dev_match; 66 return dev_match;
67} 67}
68 68
69static bool rpfilter_is_local(const struct sk_buff *skb)
70{
71 const struct rtable *rt = skb_rtable(skb);
72 return rt && (rt->rt_flags & RTCF_LOCAL);
73}
74
69static bool rpfilter_mt(const struct sk_buff *skb, struct xt_action_param *par) 75static bool rpfilter_mt(const struct sk_buff *skb, struct xt_action_param *par)
70{ 76{
71 const struct xt_rpfilter_info *info; 77 const struct xt_rpfilter_info *info;
@@ -76,7 +82,7 @@ static bool rpfilter_mt(const struct sk_buff *skb, struct xt_action_param *par)
76 info = par->matchinfo; 82 info = par->matchinfo;
77 invert = info->flags & XT_RPFILTER_INVERT; 83 invert = info->flags & XT_RPFILTER_INVERT;
78 84
79 if (par->in->flags & IFF_LOOPBACK) 85 if (rpfilter_is_local(skb))
80 return true ^ invert; 86 return true ^ invert;
81 87
82 iph = ip_hdr(skb); 88 iph = ip_hdr(skb);
diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c
index b236ef04914..f962f19dabe 100644
--- a/net/ipv4/syncookies.c
+++ b/net/ipv4/syncookies.c
@@ -348,8 +348,8 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
348 * hasn't changed since we received the original syn, but I see 348 * hasn't changed since we received the original syn, but I see
349 * no easy way to do this. 349 * no easy way to do this.
350 */ 350 */
351 flowi4_init_output(&fl4, 0, sk->sk_mark, RT_CONN_FLAGS(sk), 351 flowi4_init_output(&fl4, sk->sk_bound_dev_if, sk->sk_mark,
352 RT_SCOPE_UNIVERSE, IPPROTO_TCP, 352 RT_CONN_FLAGS(sk), RT_SCOPE_UNIVERSE, IPPROTO_TCP,
353 inet_sk_flowi_flags(sk), 353 inet_sk_flowi_flags(sk),
354 (opt && opt->srr) ? opt->faddr : ireq->rmt_addr, 354 (opt && opt->srr) ? opt->faddr : ireq->rmt_addr,
355 ireq->loc_addr, th->source, th->dest); 355 ireq->loc_addr, th->source, th->dest);
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index 9841a716370..b4e8b797a09 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -116,6 +116,7 @@ int sysctl_tcp_early_retrans __read_mostly = 2;
116#define FLAG_DSACKING_ACK 0x800 /* SACK blocks contained D-SACK info */ 116#define FLAG_DSACKING_ACK 0x800 /* SACK blocks contained D-SACK info */
117#define FLAG_NONHEAD_RETRANS_ACKED 0x1000 /* Non-head rexmitted data was ACKed */ 117#define FLAG_NONHEAD_RETRANS_ACKED 0x1000 /* Non-head rexmitted data was ACKed */
118#define FLAG_SACK_RENEGING 0x2000 /* snd_una advanced to a sacked seq */ 118#define FLAG_SACK_RENEGING 0x2000 /* snd_una advanced to a sacked seq */
119#define FLAG_UPDATE_TS_RECENT 0x4000 /* tcp_replace_ts_recent() */
119 120
120#define FLAG_ACKED (FLAG_DATA_ACKED|FLAG_SYN_ACKED) 121#define FLAG_ACKED (FLAG_DATA_ACKED|FLAG_SYN_ACKED)
121#define FLAG_NOT_DUP (FLAG_DATA|FLAG_WIN_UPDATE|FLAG_ACKED) 122#define FLAG_NOT_DUP (FLAG_DATA|FLAG_WIN_UPDATE|FLAG_ACKED)
@@ -3572,6 +3573,27 @@ static void tcp_send_challenge_ack(struct sock *sk)
3572 } 3573 }
3573} 3574}
3574 3575
3576static void tcp_store_ts_recent(struct tcp_sock *tp)
3577{
3578 tp->rx_opt.ts_recent = tp->rx_opt.rcv_tsval;
3579 tp->rx_opt.ts_recent_stamp = get_seconds();
3580}
3581
3582static void tcp_replace_ts_recent(struct tcp_sock *tp, u32 seq)
3583{
3584 if (tp->rx_opt.saw_tstamp && !after(seq, tp->rcv_wup)) {
3585 /* PAWS bug workaround wrt. ACK frames, the PAWS discard
3586 * extra check below makes sure this can only happen
3587 * for pure ACK frames. -DaveM
3588 *
3589 * Not only, also it occurs for expired timestamps.
3590 */
3591
3592 if (tcp_paws_check(&tp->rx_opt, 0))
3593 tcp_store_ts_recent(tp);
3594 }
3595}
3596
3575/* This routine deals with incoming acks, but not outgoing ones. */ 3597/* This routine deals with incoming acks, but not outgoing ones. */
3576static int tcp_ack(struct sock *sk, const struct sk_buff *skb, int flag) 3598static int tcp_ack(struct sock *sk, const struct sk_buff *skb, int flag)
3577{ 3599{
@@ -3624,6 +3646,12 @@ static int tcp_ack(struct sock *sk, const struct sk_buff *skb, int flag)
3624 prior_fackets = tp->fackets_out; 3646 prior_fackets = tp->fackets_out;
3625 prior_in_flight = tcp_packets_in_flight(tp); 3647 prior_in_flight = tcp_packets_in_flight(tp);
3626 3648
3649 /* ts_recent update must be made after we are sure that the packet
3650 * is in window.
3651 */
3652 if (flag & FLAG_UPDATE_TS_RECENT)
3653 tcp_replace_ts_recent(tp, TCP_SKB_CB(skb)->seq);
3654
3627 if (!(flag & FLAG_SLOWPATH) && after(ack, prior_snd_una)) { 3655 if (!(flag & FLAG_SLOWPATH) && after(ack, prior_snd_una)) {
3628 /* Window is constant, pure forward advance. 3656 /* Window is constant, pure forward advance.
3629 * No more checks are required. 3657 * No more checks are required.
@@ -3940,27 +3968,6 @@ const u8 *tcp_parse_md5sig_option(const struct tcphdr *th)
3940EXPORT_SYMBOL(tcp_parse_md5sig_option); 3968EXPORT_SYMBOL(tcp_parse_md5sig_option);
3941#endif 3969#endif
3942 3970
3943static inline void tcp_store_ts_recent(struct tcp_sock *tp)
3944{
3945 tp->rx_opt.ts_recent = tp->rx_opt.rcv_tsval;
3946 tp->rx_opt.ts_recent_stamp = get_seconds();
3947}
3948
3949static inline void tcp_replace_ts_recent(struct tcp_sock *tp, u32 seq)
3950{
3951 if (tp->rx_opt.saw_tstamp && !after(seq, tp->rcv_wup)) {
3952 /* PAWS bug workaround wrt. ACK frames, the PAWS discard
3953 * extra check below makes sure this can only happen
3954 * for pure ACK frames. -DaveM
3955 *
3956 * Not only, also it occurs for expired timestamps.
3957 */
3958
3959 if (tcp_paws_check(&tp->rx_opt, 0))
3960 tcp_store_ts_recent(tp);
3961 }
3962}
3963
3964/* Sorry, PAWS as specified is broken wrt. pure-ACKs -DaveM 3971/* Sorry, PAWS as specified is broken wrt. pure-ACKs -DaveM
3965 * 3972 *
3966 * It is not fatal. If this ACK does _not_ change critical state (seqs, window) 3973 * It is not fatal. If this ACK does _not_ change critical state (seqs, window)
@@ -5556,14 +5563,9 @@ slow_path:
5556 return 0; 5563 return 0;
5557 5564
5558step5: 5565step5:
5559 if (tcp_ack(sk, skb, FLAG_SLOWPATH) < 0) 5566 if (tcp_ack(sk, skb, FLAG_SLOWPATH | FLAG_UPDATE_TS_RECENT) < 0)
5560 goto discard; 5567 goto discard;
5561 5568
5562 /* ts_recent update must be made after we are sure that the packet
5563 * is in window.
5564 */
5565 tcp_replace_ts_recent(tp, TCP_SKB_CB(skb)->seq);
5566
5567 tcp_rcv_rtt_measure_ts(sk, skb); 5569 tcp_rcv_rtt_measure_ts(sk, skb);
5568 5570
5569 /* Process urgent data. */ 5571 /* Process urgent data. */
@@ -5997,7 +5999,8 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
5997 5999
5998 /* step 5: check the ACK field */ 6000 /* step 5: check the ACK field */
5999 if (true) { 6001 if (true) {
6000 int acceptable = tcp_ack(sk, skb, FLAG_SLOWPATH) > 0; 6002 int acceptable = tcp_ack(sk, skb, FLAG_SLOWPATH |
6003 FLAG_UPDATE_TS_RECENT) > 0;
6001 6004
6002 switch (sk->sk_state) { 6005 switch (sk->sk_state) {
6003 case TCP_SYN_RECV: 6006 case TCP_SYN_RECV:
@@ -6148,11 +6151,6 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
6148 } 6151 }
6149 } 6152 }
6150 6153
6151 /* ts_recent update must be made after we are sure that the packet
6152 * is in window.
6153 */
6154 tcp_replace_ts_recent(tp, TCP_SKB_CB(skb)->seq);
6155
6156 /* step 6: check the URG bit */ 6154 /* step 6: check the URG bit */
6157 tcp_urg(sk, skb, th); 6155 tcp_urg(sk, skb, th);
6158 6156
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index 17d659e6fb6..a9f50ee49e5 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -2388,8 +2388,12 @@ int __tcp_retransmit_skb(struct sock *sk, struct sk_buff *skb)
2388 */ 2388 */
2389 TCP_SKB_CB(skb)->when = tcp_time_stamp; 2389 TCP_SKB_CB(skb)->when = tcp_time_stamp;
2390 2390
2391 /* make sure skb->data is aligned on arches that require it */ 2391 /* make sure skb->data is aligned on arches that require it
2392 if (unlikely(NET_IP_ALIGN && ((unsigned long)skb->data & 3))) { 2392 * and check if ack-trimming & collapsing extended the headroom
2393 * beyond what csum_start can cover.
2394 */
2395 if (unlikely((NET_IP_ALIGN && ((unsigned long)skb->data & 3)) ||
2396 skb_headroom(skb) >= 0xFFFF)) {
2393 struct sk_buff *nskb = __pskb_copy(skb, MAX_TCP_HEADER, 2397 struct sk_buff *nskb = __pskb_copy(skb, MAX_TCP_HEADER,
2394 GFP_ATOMIC); 2398 GFP_ATOMIC);
2395 return nskb ? tcp_transmit_skb(sk, nskb, 0, GFP_ATOMIC) : 2399 return nskb ? tcp_transmit_skb(sk, nskb, 0, GFP_ATOMIC) :
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index a36d17e4008..e8676c21a9b 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -2525,6 +2525,9 @@ static void sit_add_v4_addrs(struct inet6_dev *idev)
2525static void init_loopback(struct net_device *dev) 2525static void init_loopback(struct net_device *dev)
2526{ 2526{
2527 struct inet6_dev *idev; 2527 struct inet6_dev *idev;
2528 struct net_device *sp_dev;
2529 struct inet6_ifaddr *sp_ifa;
2530 struct rt6_info *sp_rt;
2528 2531
2529 /* ::1 */ 2532 /* ::1 */
2530 2533
@@ -2536,6 +2539,30 @@ static void init_loopback(struct net_device *dev)
2536 } 2539 }
2537 2540
2538 add_addr(idev, &in6addr_loopback, 128, IFA_HOST); 2541 add_addr(idev, &in6addr_loopback, 128, IFA_HOST);
2542
2543 /* Add routes to other interface's IPv6 addresses */
2544 for_each_netdev(dev_net(dev), sp_dev) {
2545 if (!strcmp(sp_dev->name, dev->name))
2546 continue;
2547
2548 idev = __in6_dev_get(sp_dev);
2549 if (!idev)
2550 continue;
2551
2552 read_lock_bh(&idev->lock);
2553 list_for_each_entry(sp_ifa, &idev->addr_list, if_list) {
2554
2555 if (sp_ifa->flags & (IFA_F_DADFAILED | IFA_F_TENTATIVE))
2556 continue;
2557
2558 sp_rt = addrconf_dst_alloc(idev, &sp_ifa->addr, 0);
2559
2560 /* Failure cases are ignored */
2561 if (!IS_ERR(sp_rt))
2562 ip6_ins_rt(sp_rt);
2563 }
2564 read_unlock_bh(&idev->lock);
2565 }
2539} 2566}
2540 2567
2541static void addrconf_add_linklocal(struct inet6_dev *idev, const struct in6_addr *addr) 2568static void addrconf_add_linklocal(struct inet6_dev *idev, const struct in6_addr *addr)
diff --git a/net/ipv6/netfilter/ip6t_NPT.c b/net/ipv6/netfilter/ip6t_NPT.c
index 83acc1405a1..0ea43c7024d 100644
--- a/net/ipv6/netfilter/ip6t_NPT.c
+++ b/net/ipv6/netfilter/ip6t_NPT.c
@@ -57,7 +57,7 @@ static bool ip6t_npt_map_pfx(const struct ip6t_npt_tginfo *npt,
57 if (pfx_len - i >= 32) 57 if (pfx_len - i >= 32)
58 mask = 0; 58 mask = 0;
59 else 59 else
60 mask = htonl(~((1 << (pfx_len - i)) - 1)); 60 mask = htonl((1 << (i - pfx_len + 32)) - 1);
61 61
62 idx = i / 32; 62 idx = i / 32;
63 addr->s6_addr32[idx] &= mask; 63 addr->s6_addr32[idx] &= mask;
diff --git a/net/ipv6/netfilter/ip6t_rpfilter.c b/net/ipv6/netfilter/ip6t_rpfilter.c
index 5060d54199a..e0983f3648a 100644
--- a/net/ipv6/netfilter/ip6t_rpfilter.c
+++ b/net/ipv6/netfilter/ip6t_rpfilter.c
@@ -71,6 +71,12 @@ static bool rpfilter_lookup_reverse6(const struct sk_buff *skb,
71 return ret; 71 return ret;
72} 72}
73 73
74static bool rpfilter_is_local(const struct sk_buff *skb)
75{
76 const struct rt6_info *rt = (const void *) skb_dst(skb);
77 return rt && (rt->rt6i_flags & RTF_LOCAL);
78}
79
74static bool rpfilter_mt(const struct sk_buff *skb, struct xt_action_param *par) 80static bool rpfilter_mt(const struct sk_buff *skb, struct xt_action_param *par)
75{ 81{
76 const struct xt_rpfilter_info *info = par->matchinfo; 82 const struct xt_rpfilter_info *info = par->matchinfo;
@@ -78,7 +84,7 @@ static bool rpfilter_mt(const struct sk_buff *skb, struct xt_action_param *par)
78 struct ipv6hdr *iph; 84 struct ipv6hdr *iph;
79 bool invert = info->flags & XT_RPFILTER_INVERT; 85 bool invert = info->flags & XT_RPFILTER_INVERT;
80 86
81 if (par->in->flags & IFF_LOOPBACK) 87 if (rpfilter_is_local(skb))
82 return true ^ invert; 88 return true ^ invert;
83 89
84 iph = ipv6_hdr(skb); 90 iph = ipv6_hdr(skb);
diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c
index d9ba8a27fde..7a610a67363 100644
--- a/net/ipv6/reassembly.c
+++ b/net/ipv6/reassembly.c
@@ -342,8 +342,17 @@ found:
342 } 342 }
343 343
344 if (fq->q.last_in == (INET_FRAG_FIRST_IN | INET_FRAG_LAST_IN) && 344 if (fq->q.last_in == (INET_FRAG_FIRST_IN | INET_FRAG_LAST_IN) &&
345 fq->q.meat == fq->q.len) 345 fq->q.meat == fq->q.len) {
346 return ip6_frag_reasm(fq, prev, dev); 346 int res;
347 unsigned long orefdst = skb->_skb_refdst;
348
349 skb->_skb_refdst = 0UL;
350 res = ip6_frag_reasm(fq, prev, dev);
351 skb->_skb_refdst = orefdst;
352 return res;
353 }
354
355 skb_dst_drop(skb);
347 356
348 write_lock(&ip6_frags.lock); 357 write_lock(&ip6_frags.lock);
349 list_move_tail(&fq->q.lru_list, &fq->q.net->lru_list); 358 list_move_tail(&fq->q.lru_list, &fq->q.net->lru_list);
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index 8d19346b7a3..89dfeddb026 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -386,6 +386,7 @@ static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
386 386
387 if (dst) 387 if (dst)
388 dst->ops->redirect(dst, sk, skb); 388 dst->ops->redirect(dst, sk, skb);
389 goto out;
389 } 390 }
390 391
391 if (type == ICMPV6_PKT_TOOBIG) { 392 if (type == ICMPV6_PKT_TOOBIG) {
diff --git a/net/irda/af_irda.c b/net/irda/af_irda.c
index 4d04105a3f0..3c9bd5949d7 100644
--- a/net/irda/af_irda.c
+++ b/net/irda/af_irda.c
@@ -1386,6 +1386,8 @@ static int irda_recvmsg_dgram(struct kiocb *iocb, struct socket *sock,
1386 1386
1387 IRDA_DEBUG(4, "%s()\n", __func__); 1387 IRDA_DEBUG(4, "%s()\n", __func__);
1388 1388
1389 msg->msg_namelen = 0;
1390
1389 skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, 1391 skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT,
1390 flags & MSG_DONTWAIT, &err); 1392 flags & MSG_DONTWAIT, &err);
1391 if (!skb) 1393 if (!skb)
diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c
index cd6f7a991d8..625bc50391c 100644
--- a/net/iucv/af_iucv.c
+++ b/net/iucv/af_iucv.c
@@ -1331,6 +1331,8 @@ static int iucv_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
1331 struct sk_buff *skb, *rskb, *cskb; 1331 struct sk_buff *skb, *rskb, *cskb;
1332 int err = 0; 1332 int err = 0;
1333 1333
1334 msg->msg_namelen = 0;
1335
1334 if ((sk->sk_state == IUCV_DISCONN) && 1336 if ((sk->sk_state == IUCV_DISCONN) &&
1335 skb_queue_empty(&iucv->backlog_skb_q) && 1337 skb_queue_empty(&iucv->backlog_skb_q) &&
1336 skb_queue_empty(&sk->sk_receive_queue) && 1338 skb_queue_empty(&sk->sk_receive_queue) &&
diff --git a/net/l2tp/l2tp_ip6.c b/net/l2tp/l2tp_ip6.c
index 8ee4a86ae99..9e1822e8113 100644
--- a/net/l2tp/l2tp_ip6.c
+++ b/net/l2tp/l2tp_ip6.c
@@ -684,6 +684,7 @@ static int l2tp_ip6_recvmsg(struct kiocb *iocb, struct sock *sk,
684 lsa->l2tp_addr = ipv6_hdr(skb)->saddr; 684 lsa->l2tp_addr = ipv6_hdr(skb)->saddr;
685 lsa->l2tp_flowinfo = 0; 685 lsa->l2tp_flowinfo = 0;
686 lsa->l2tp_scope_id = 0; 686 lsa->l2tp_scope_id = 0;
687 lsa->l2tp_conn_id = 0;
687 if (ipv6_addr_type(&lsa->l2tp_addr) & IPV6_ADDR_LINKLOCAL) 688 if (ipv6_addr_type(&lsa->l2tp_addr) & IPV6_ADDR_LINKLOCAL)
688 lsa->l2tp_scope_id = IP6CB(skb)->iif; 689 lsa->l2tp_scope_id = IP6CB(skb)->iif;
689 } 690 }
diff --git a/net/llc/af_llc.c b/net/llc/af_llc.c
index 88709882c46..48aaa89253e 100644
--- a/net/llc/af_llc.c
+++ b/net/llc/af_llc.c
@@ -720,6 +720,8 @@ static int llc_ui_recvmsg(struct kiocb *iocb, struct socket *sock,
720 int target; /* Read at least this many bytes */ 720 int target; /* Read at least this many bytes */
721 long timeo; 721 long timeo;
722 722
723 msg->msg_namelen = 0;
724
723 lock_sock(sk); 725 lock_sock(sk);
724 copied = -ENOTCONN; 726 copied = -ENOTCONN;
725 if (unlikely(sk->sk_type == SOCK_STREAM && sk->sk_state == TCP_LISTEN)) 727 if (unlikely(sk->sk_type == SOCK_STREAM && sk->sk_state == TCP_LISTEN))
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index 2c6e4788dde..cbce371c23d 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -3745,8 +3745,16 @@ int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata,
3745 /* prep auth_data so we don't go into idle on disassoc */ 3745 /* prep auth_data so we don't go into idle on disassoc */
3746 ifmgd->auth_data = auth_data; 3746 ifmgd->auth_data = auth_data;
3747 3747
3748 if (ifmgd->associated) 3748 if (ifmgd->associated) {
3749 ieee80211_set_disassoc(sdata, 0, 0, false, NULL); 3749 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
3750
3751 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
3752 WLAN_REASON_UNSPECIFIED,
3753 false, frame_buf);
3754
3755 __cfg80211_send_deauth(sdata->dev, frame_buf,
3756 sizeof(frame_buf));
3757 }
3750 3758
3751 sdata_info(sdata, "authenticate with %pM\n", req->bss->bssid); 3759 sdata_info(sdata, "authenticate with %pM\n", req->bss->bssid);
3752 3760
@@ -3805,8 +3813,16 @@ int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata,
3805 3813
3806 mutex_lock(&ifmgd->mtx); 3814 mutex_lock(&ifmgd->mtx);
3807 3815
3808 if (ifmgd->associated) 3816 if (ifmgd->associated) {
3809 ieee80211_set_disassoc(sdata, 0, 0, false, NULL); 3817 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
3818
3819 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
3820 WLAN_REASON_UNSPECIFIED,
3821 false, frame_buf);
3822
3823 __cfg80211_send_deauth(sdata->dev, frame_buf,
3824 sizeof(frame_buf));
3825 }
3810 3826
3811 if (ifmgd->auth_data && !ifmgd->auth_data->done) { 3827 if (ifmgd->auth_data && !ifmgd->auth_data->done) {
3812 err = -EBUSY; 3828 err = -EBUSY;
diff --git a/net/mac80211/pm.c b/net/mac80211/pm.c
index e45b83610e8..a179bf8d1ea 100644
--- a/net/mac80211/pm.c
+++ b/net/mac80211/pm.c
@@ -51,8 +51,8 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan)
51 ieee80211_stop_queues_by_reason(hw, 51 ieee80211_stop_queues_by_reason(hw,
52 IEEE80211_QUEUE_STOP_REASON_SUSPEND); 52 IEEE80211_QUEUE_STOP_REASON_SUSPEND);
53 53
54 /* flush out all packets */ 54 /* flush out all packets and station cleanup call_rcu()s */
55 synchronize_net(); 55 rcu_barrier();
56 56
57 drv_flush(local, false); 57 drv_flush(local, false);
58 58
diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c
index 6d6d8f2b033..38ca630eeeb 100644
--- a/net/netfilter/ipset/ip_set_core.c
+++ b/net/netfilter/ipset/ip_set_core.c
@@ -1470,7 +1470,8 @@ ip_set_utest(struct sock *ctnl, struct sk_buff *skb,
1470 if (ret == -EAGAIN) 1470 if (ret == -EAGAIN)
1471 ret = 1; 1471 ret = 1;
1472 1472
1473 return ret < 0 ? ret : ret > 0 ? 0 : -IPSET_ERR_EXIST; 1473 return (ret < 0 && ret != -ENOTEMPTY) ? ret :
1474 ret > 0 ? 0 : -IPSET_ERR_EXIST;
1474} 1475}
1475 1476
1476/* Get headed data of a set */ 1477/* Get headed data of a set */
diff --git a/net/netfilter/ipset/ip_set_list_set.c b/net/netfilter/ipset/ip_set_list_set.c
index 8371c2bac2e..09c744aa898 100644
--- a/net/netfilter/ipset/ip_set_list_set.c
+++ b/net/netfilter/ipset/ip_set_list_set.c
@@ -174,9 +174,13 @@ list_set_add(struct list_set *map, u32 i, ip_set_id_t id,
174{ 174{
175 const struct set_elem *e = list_set_elem(map, i); 175 const struct set_elem *e = list_set_elem(map, i);
176 176
177 if (i == map->size - 1 && e->id != IPSET_INVALID_ID) 177 if (e->id != IPSET_INVALID_ID) {
178 /* Last element replaced: e.g. add new,before,last */ 178 const struct set_elem *x = list_set_elem(map, map->size - 1);
179 ip_set_put_byindex(e->id); 179
180 /* Last element replaced or pushed off */
181 if (x->id != IPSET_INVALID_ID)
182 ip_set_put_byindex(x->id);
183 }
180 if (with_timeout(map->timeout)) 184 if (with_timeout(map->timeout))
181 list_elem_tadd(map, i, id, ip_set_timeout_set(timeout)); 185 list_elem_tadd(map, i, id, ip_set_timeout_set(timeout));
182 else 186 else
diff --git a/net/netfilter/ipvs/ip_vs_pe_sip.c b/net/netfilter/ipvs/ip_vs_pe_sip.c
index 12475ef88da..e5920fb7ad0 100644
--- a/net/netfilter/ipvs/ip_vs_pe_sip.c
+++ b/net/netfilter/ipvs/ip_vs_pe_sip.c
@@ -37,14 +37,10 @@ static int get_callid(const char *dptr, unsigned int dataoff,
37 if (ret > 0) 37 if (ret > 0)
38 break; 38 break;
39 if (!ret) 39 if (!ret)
40 return 0; 40 return -EINVAL;
41 dataoff += *matchoff; 41 dataoff += *matchoff;
42 } 42 }
43 43
44 /* Empty callid is useless */
45 if (!*matchlen)
46 return -EINVAL;
47
48 /* Too large is useless */ 44 /* Too large is useless */
49 if (*matchlen > IP_VS_PEDATA_MAXLEN) 45 if (*matchlen > IP_VS_PEDATA_MAXLEN)
50 return -EINVAL; 46 return -EINVAL;
diff --git a/net/netfilter/nf_conntrack_helper.c b/net/netfilter/nf_conntrack_helper.c
index 884f2b39319..91527d5ba01 100644
--- a/net/netfilter/nf_conntrack_helper.c
+++ b/net/netfilter/nf_conntrack_helper.c
@@ -236,7 +236,9 @@ int __nf_ct_try_assign_helper(struct nf_conn *ct, struct nf_conn *tmpl,
236 /* We only allow helper re-assignment of the same sort since 236 /* We only allow helper re-assignment of the same sort since
237 * we cannot reallocate the helper extension area. 237 * we cannot reallocate the helper extension area.
238 */ 238 */
239 if (help->helper != helper) { 239 struct nf_conntrack_helper *tmp = rcu_dereference(help->helper);
240
241 if (tmp && tmp->help != helper->help) {
240 RCU_INIT_POINTER(help->helper, NULL); 242 RCU_INIT_POINTER(help->helper, NULL);
241 goto out; 243 goto out;
242 } 244 }
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 627b0e50b23..a081915e053 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -1705,6 +1705,9 @@ ctnetlink_new_conntrack(struct sock *ctnl, struct sk_buff *skb,
1705 if (nlh->nlmsg_flags & NLM_F_CREATE) { 1705 if (nlh->nlmsg_flags & NLM_F_CREATE) {
1706 enum ip_conntrack_events events; 1706 enum ip_conntrack_events events;
1707 1707
1708 if (!cda[CTA_TUPLE_ORIG] || !cda[CTA_TUPLE_REPLY])
1709 return -EINVAL;
1710
1708 ct = ctnetlink_create_conntrack(net, zone, cda, &otuple, 1711 ct = ctnetlink_create_conntrack(net, zone, cda, &otuple,
1709 &rtuple, u3); 1712 &rtuple, u3);
1710 if (IS_ERR(ct)) 1713 if (IS_ERR(ct))
diff --git a/net/netfilter/nf_conntrack_sip.c b/net/netfilter/nf_conntrack_sip.c
index df8f4f28448..b4e0d1c23cd 100644
--- a/net/netfilter/nf_conntrack_sip.c
+++ b/net/netfilter/nf_conntrack_sip.c
@@ -1547,7 +1547,7 @@ static int sip_help_tcp(struct sk_buff *skb, unsigned int protoff,
1547 1547
1548 msglen = origlen = end - dptr; 1548 msglen = origlen = end - dptr;
1549 if (msglen > datalen) 1549 if (msglen > datalen)
1550 return NF_DROP; 1550 return NF_ACCEPT;
1551 1551
1552 ret = process_sip_msg(skb, ct, protoff, dataoff, 1552 ret = process_sip_msg(skb, ct, protoff, dataoff,
1553 &dptr, &msglen); 1553 &dptr, &msglen);
diff --git a/net/netfilter/nf_nat_core.c b/net/netfilter/nf_nat_core.c
index 5f2f9109f46..4bc2aafcd41 100644
--- a/net/netfilter/nf_nat_core.c
+++ b/net/netfilter/nf_nat_core.c
@@ -468,33 +468,22 @@ EXPORT_SYMBOL_GPL(nf_nat_packet);
468struct nf_nat_proto_clean { 468struct nf_nat_proto_clean {
469 u8 l3proto; 469 u8 l3proto;
470 u8 l4proto; 470 u8 l4proto;
471 bool hash;
472}; 471};
473 472
474/* Clear NAT section of all conntracks, in case we're loaded again. */ 473/* kill conntracks with affected NAT section */
475static int nf_nat_proto_clean(struct nf_conn *i, void *data) 474static int nf_nat_proto_remove(struct nf_conn *i, void *data)
476{ 475{
477 const struct nf_nat_proto_clean *clean = data; 476 const struct nf_nat_proto_clean *clean = data;
478 struct nf_conn_nat *nat = nfct_nat(i); 477 struct nf_conn_nat *nat = nfct_nat(i);
479 478
480 if (!nat) 479 if (!nat)
481 return 0; 480 return 0;
482 if (!(i->status & IPS_SRC_NAT_DONE)) 481
483 return 0;
484 if ((clean->l3proto && nf_ct_l3num(i) != clean->l3proto) || 482 if ((clean->l3proto && nf_ct_l3num(i) != clean->l3proto) ||
485 (clean->l4proto && nf_ct_protonum(i) != clean->l4proto)) 483 (clean->l4proto && nf_ct_protonum(i) != clean->l4proto))
486 return 0; 484 return 0;
487 485
488 if (clean->hash) { 486 return i->status & IPS_NAT_MASK ? 1 : 0;
489 spin_lock_bh(&nf_nat_lock);
490 hlist_del_rcu(&nat->bysource);
491 spin_unlock_bh(&nf_nat_lock);
492 } else {
493 memset(nat, 0, sizeof(*nat));
494 i->status &= ~(IPS_NAT_MASK | IPS_NAT_DONE_MASK |
495 IPS_SEQ_ADJUST);
496 }
497 return 0;
498} 487}
499 488
500static void nf_nat_l4proto_clean(u8 l3proto, u8 l4proto) 489static void nf_nat_l4proto_clean(u8 l3proto, u8 l4proto)
@@ -506,16 +495,8 @@ static void nf_nat_l4proto_clean(u8 l3proto, u8 l4proto)
506 struct net *net; 495 struct net *net;
507 496
508 rtnl_lock(); 497 rtnl_lock();
509 /* Step 1 - remove from bysource hash */
510 clean.hash = true;
511 for_each_net(net) 498 for_each_net(net)
512 nf_ct_iterate_cleanup(net, nf_nat_proto_clean, &clean); 499 nf_ct_iterate_cleanup(net, nf_nat_proto_remove, &clean);
513 synchronize_rcu();
514
515 /* Step 2 - clean NAT section */
516 clean.hash = false;
517 for_each_net(net)
518 nf_ct_iterate_cleanup(net, nf_nat_proto_clean, &clean);
519 rtnl_unlock(); 500 rtnl_unlock();
520} 501}
521 502
@@ -527,16 +508,9 @@ static void nf_nat_l3proto_clean(u8 l3proto)
527 struct net *net; 508 struct net *net;
528 509
529 rtnl_lock(); 510 rtnl_lock();
530 /* Step 1 - remove from bysource hash */
531 clean.hash = true;
532 for_each_net(net)
533 nf_ct_iterate_cleanup(net, nf_nat_proto_clean, &clean);
534 synchronize_rcu();
535 511
536 /* Step 2 - clean NAT section */
537 clean.hash = false;
538 for_each_net(net) 512 for_each_net(net)
539 nf_ct_iterate_cleanup(net, nf_nat_proto_clean, &clean); 513 nf_ct_iterate_cleanup(net, nf_nat_proto_remove, &clean);
540 rtnl_unlock(); 514 rtnl_unlock();
541} 515}
542 516
@@ -774,7 +748,7 @@ static void __net_exit nf_nat_net_exit(struct net *net)
774{ 748{
775 struct nf_nat_proto_clean clean = {}; 749 struct nf_nat_proto_clean clean = {};
776 750
777 nf_ct_iterate_cleanup(net, &nf_nat_proto_clean, &clean); 751 nf_ct_iterate_cleanup(net, &nf_nat_proto_remove, &clean);
778 synchronize_rcu(); 752 synchronize_rcu();
779 nf_ct_free_hashtable(net->ct.nat_bysource, net->ct.nat_htable_size); 753 nf_ct_free_hashtable(net->ct.nat_bysource, net->ct.nat_htable_size);
780} 754}
diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c
index 7261eb81974..14c106b49e9 100644
--- a/net/netrom/af_netrom.c
+++ b/net/netrom/af_netrom.c
@@ -1177,6 +1177,7 @@ static int nr_recvmsg(struct kiocb *iocb, struct socket *sock,
1177 } 1177 }
1178 1178
1179 if (sax != NULL) { 1179 if (sax != NULL) {
1180 memset(sax, 0, sizeof(sax));
1180 sax->sax25_family = AF_NETROM; 1181 sax->sax25_family = AF_NETROM;
1181 skb_copy_from_linear_data_offset(skb, 7, sax->sax25_call.ax25_call, 1182 skb_copy_from_linear_data_offset(skb, 7, sax->sax25_call.ax25_call,
1182 AX25_ADDR_LEN); 1183 AX25_ADDR_LEN);
diff --git a/net/nfc/llcp/sock.c b/net/nfc/llcp/sock.c
index 5332751943a..411c25bda0b 100644
--- a/net/nfc/llcp/sock.c
+++ b/net/nfc/llcp/sock.c
@@ -644,6 +644,8 @@ static int llcp_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
644 644
645 pr_debug("%p %zu\n", sk, len); 645 pr_debug("%p %zu\n", sk, len);
646 646
647 msg->msg_namelen = 0;
648
647 lock_sock(sk); 649 lock_sock(sk);
648 650
649 if (sk->sk_state == LLCP_CLOSED && 651 if (sk->sk_state == LLCP_CLOSED &&
diff --git a/net/rose/af_rose.c b/net/rose/af_rose.c
index c4719ce604c..7f645d11579 100644
--- a/net/rose/af_rose.c
+++ b/net/rose/af_rose.c
@@ -1257,6 +1257,7 @@ static int rose_recvmsg(struct kiocb *iocb, struct socket *sock,
1257 skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); 1257 skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
1258 1258
1259 if (srose != NULL) { 1259 if (srose != NULL) {
1260 memset(srose, 0, msg->msg_namelen);
1260 srose->srose_family = AF_ROSE; 1261 srose->srose_family = AF_ROSE;
1261 srose->srose_addr = rose->dest_addr; 1262 srose->srose_addr = rose->dest_addr;
1262 srose->srose_call = rose->dest_call; 1263 srose->srose_call = rose->dest_call;
diff --git a/net/sched/sch_cbq.c b/net/sched/sch_cbq.c
index 0e19948470b..ced81a1583e 100644
--- a/net/sched/sch_cbq.c
+++ b/net/sched/sch_cbq.c
@@ -962,8 +962,11 @@ cbq_dequeue(struct Qdisc *sch)
962 cbq_update(q); 962 cbq_update(q);
963 if ((incr -= incr2) < 0) 963 if ((incr -= incr2) < 0)
964 incr = 0; 964 incr = 0;
965 q->now += incr;
966 } else {
967 if (now > q->now)
968 q->now = now;
965 } 969 }
966 q->now += incr;
967 q->now_rt = now; 970 q->now_rt = now;
968 971
969 for (;;) { 972 for (;;) {
diff --git a/net/tipc/socket.c b/net/tipc/socket.c
index 9b4e4833a48..fc906d9391b 100644
--- a/net/tipc/socket.c
+++ b/net/tipc/socket.c
@@ -806,6 +806,7 @@ static void set_orig_addr(struct msghdr *m, struct tipc_msg *msg)
806 if (addr) { 806 if (addr) {
807 addr->family = AF_TIPC; 807 addr->family = AF_TIPC;
808 addr->addrtype = TIPC_ADDR_ID; 808 addr->addrtype = TIPC_ADDR_ID;
809 memset(&addr->addr, 0, sizeof(addr->addr));
809 addr->addr.id.ref = msg_origport(msg); 810 addr->addr.id.ref = msg_origport(msg);
810 addr->addr.id.node = msg_orignode(msg); 811 addr->addr.id.node = msg_orignode(msg);
811 addr->addr.name.domain = 0; /* could leave uninitialized */ 812 addr->addr.name.domain = 0; /* could leave uninitialized */
@@ -920,6 +921,9 @@ static int recv_msg(struct kiocb *iocb, struct socket *sock,
920 goto exit; 921 goto exit;
921 } 922 }
922 923
924 /* will be updated in set_orig_addr() if needed */
925 m->msg_namelen = 0;
926
923 timeout = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); 927 timeout = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
924restart: 928restart:
925 929
@@ -1029,6 +1033,9 @@ static int recv_stream(struct kiocb *iocb, struct socket *sock,
1029 goto exit; 1033 goto exit;
1030 } 1034 }
1031 1035
1036 /* will be updated in set_orig_addr() if needed */
1037 m->msg_namelen = 0;
1038
1032 target = sock_rcvlowat(sk, flags & MSG_WAITALL, buf_len); 1039 target = sock_rcvlowat(sk, flags & MSG_WAITALL, buf_len);
1033 timeout = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); 1040 timeout = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
1034 1041
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index b45eb6553ee..f347754e462 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -1995,7 +1995,7 @@ again:
1995 if ((UNIXCB(skb).pid != siocb->scm->pid) || 1995 if ((UNIXCB(skb).pid != siocb->scm->pid) ||
1996 (UNIXCB(skb).cred != siocb->scm->cred)) 1996 (UNIXCB(skb).cred != siocb->scm->cred))
1997 break; 1997 break;
1998 } else { 1998 } else if (test_bit(SOCK_PASSCRED, &sock->flags)) {
1999 /* Copy credentials */ 1999 /* Copy credentials */
2000 scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred); 2000 scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred);
2001 check_creds = 1; 2001 check_creds = 1;
diff --git a/net/wireless/reg.c b/net/wireless/reg.c
index de02d633c21..ecf56638996 100644
--- a/net/wireless/reg.c
+++ b/net/wireless/reg.c
@@ -855,7 +855,7 @@ static void handle_channel(struct wiphy *wiphy,
855 return; 855 return;
856 856
857 REG_DBG_PRINT("Disabling freq %d MHz\n", chan->center_freq); 857 REG_DBG_PRINT("Disabling freq %d MHz\n", chan->center_freq);
858 chan->flags = IEEE80211_CHAN_DISABLED; 858 chan->flags |= IEEE80211_CHAN_DISABLED;
859 return; 859 return;
860 } 860 }
861 861