tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

Pull networking updates from David Miller:
"More bug fixes, nothing gets past these guys"

1) More kernel info leaks found by Mathias Krause, this time in the
IPSEC configuration layers.

2) When IPSEC policies change, we do not properly make sure that cached
routes (which could now be stale) throughout the system will be
revalidated. Fix this by generalizing the generation count
invalidation scheme used by ipv4. From Nicolas Dichtel.

3) When repairing TCP sockets, we need to allow to restore not just the
send window scale, but the receive one too. Extend the existing
interface to achieve this in a backwards compatible way. From
Andrey Vagin.

4) A fix for FCOE scatter gather feature validation erroneously caused
scatter gather to be disabled for things like AOE too. From Ed L
Cashin.

5) Several cases of mishandling of error pointers, from Mathias Krause,
Wei Yongjun, and Devendra Naga.

6) Fix gianfar build, from Richard Cochran.

7) CAP_NET_* failures should return -EPERM not -EACCES, from Zhao
Hongjiang.

8) Hardware reset fix in janz-ican3 CAN driver, from Ira W Snyder.

9) Fix oops during rmmod in ti_hecc CAN driver, from Marc Kleine-Budde.

10) The removal of the conditional compilation of the clk support code
in the stmmac driver broke things. This is because the interfaces
used are the ones that don't also perform the enable/disable of the
clk. Fix from Stefan Roese.

11) The QFQ packet scheduler can record out of range virtual start
times, resulting later in misbehavior and even crashes. Fix from
Paolo Valente.

12) If MSG_WAITALL is used with IOAT DMA under TCP, we can wedge the
receiver when the advertised receive window goes to zero. Detect
this case and force the processing of the IOAT DMA queue when it
happens to avoid getting stuck. Fix from Michal Kubecek.

13) batman-adv assumes that test_bit() returns only 0 or 1, but this is
not true for x86 (which returns -1 or 0, via the 'sbb' instruction).
Fix from Linus Lussing.

14) Fix small packet corruption in e1000, from Tushar Dave.

15) make_blackhole() in the IPSEC policy code can do one read unlock too
many, fix from Li RongQing.

16) The new tcp_try_coalesce() code introduced a bug in TCP URG
handling, fix from Eric Dumazet.

17) Fix memory leak in __netif_receive_skb() when doing zerocopy and
when hit an OOM condition. From Michael S Tsirkin.

18) netxen blindly deferences pdev->bus->self, which is not guarenteed
to be non-NULL. Fix from Nikolay Aleksandrov.

19) Fix a performance regression caused by mistakes in ipv6 checksum
validation in the bnx2x driver, fix from Michal Schmidt.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (45 commits)
net/stmmac: Use clk_prepare_enable and clk_disable_unprepare
net: change return values from -EACCES to -EPERM
net/irda: sh_sir: fix return value check in sh_sir_set_baudrate()
stmmac: fix return value check in stmmac_open_ext_timer()
gianfar: fix phc index build failure
ipv6: fix return value check in fib6_add()
bnx2x: remove false warning regarding interrupt number
can: ti_hecc: fix oops during rmmod
can: janz-ican3: fix support for older hardware revisions
net: do not disable sg for packets requiring no checksum
aoe: assert AoE packets marked as requiring no checksum
at91ether: return PTR_ERR if call to clk_get fails
xfrm_user: don't copy esn replay window twice for new states
xfrm_user: ensure user supplied esn replay window is valid
xfrm_user: fix info leak in copy_to_user_tmpl()
xfrm_user: fix info leak in copy_to_user_policy()
xfrm_user: fix info leak in copy_to_user_state()
xfrm_user: fix info leak in copy_to_user_auth()
net: qmi_wwan: adding Huawei E367, ZTE MF683 and Pantech P4200
tcp: restore rcv_wscale in a repair mode (v2)
...

Linus Torvalds abef3bd7 6219844e

+253 -192
+1
drivers/block/aoe/aoecmd.c
··· 35 35 skb_reset_mac_header(skb); 36 36 skb_reset_network_header(skb); 37 37 skb->protocol = __constant_htons(ETH_P_AOE); 38 + skb_checksum_none_assert(skb); 38 39 } 39 40 return skb; 40 41 }
+1 -3
drivers/net/can/janz-ican3.c
··· 1391 1391 */ 1392 1392 static int ican3_reset_module(struct ican3_dev *mod) 1393 1393 { 1394 - u8 val = 1 << mod->num; 1395 1394 unsigned long start; 1396 1395 u8 runold, runnew; 1397 1396 ··· 1404 1405 runold = ioread8(mod->dpm + TARGET_RUNNING); 1405 1406 1406 1407 /* reset the module */ 1407 - iowrite8(val, &mod->ctrl->reset_assert); 1408 - iowrite8(val, &mod->ctrl->reset_deassert); 1408 + iowrite8(0x00, &mod->dpmctrl->hwreset); 1409 1409 1410 1410 /* wait until the module has finished resetting and is running */ 1411 1411 start = jiffies;
+1 -1
drivers/net/can/ti_hecc.c
··· 984 984 struct net_device *ndev = platform_get_drvdata(pdev); 985 985 struct ti_hecc_priv *priv = netdev_priv(ndev); 986 986 987 + unregister_candev(ndev); 987 988 clk_disable(priv->clk); 988 989 clk_put(priv->clk); 989 990 res = platform_get_resource(pdev, IORESOURCE_MEM, 0); 990 991 iounmap(priv->base); 991 992 release_mem_region(res->start, resource_size(res)); 992 - unregister_candev(ndev); 993 993 free_candev(ndev); 994 994 platform_set_drvdata(pdev, NULL); 995 995
+7 -5
drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c
··· 662 662 struct bnx2x_fastpath *fp, 663 663 struct bnx2x_eth_q_stats *qstats) 664 664 { 665 - /* Do nothing if no IP/L4 csum validation was done */ 666 - 665 + /* Do nothing if no L4 csum validation was done. 666 + * We do not check whether IP csum was validated. For IPv4 we assume 667 + * that if the card got as far as validating the L4 csum, it also 668 + * validated the IP csum. IPv6 has no IP csum. 669 + */ 667 670 if (cqe->fast_path_cqe.status_flags & 668 - (ETH_FAST_PATH_RX_CQE_IP_XSUM_NO_VALIDATION_FLG | 669 - ETH_FAST_PATH_RX_CQE_L4_XSUM_NO_VALIDATION_FLG)) 671 + ETH_FAST_PATH_RX_CQE_L4_XSUM_NO_VALIDATION_FLG) 670 672 return; 671 673 672 - /* If both IP/L4 validation were done, check if an error was found. */ 674 + /* If L4 validation was done, check if an error was found. */ 673 675 674 676 if (cqe->fast_path_cqe.type_error_flags & 675 677 (ETH_FAST_PATH_RX_CQE_IP_BAD_XSUM_FLG |
+6 -5
drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c
··· 9831 9831 } 9832 9832 9833 9833 #ifdef CONFIG_PCI_MSI 9834 - /* 9835 - * It's expected that number of CAM entries for this functions is equal 9836 - * to the number evaluated based on the MSI-X table size. We want a 9837 - * harsh warning if these values are different! 9834 + /* Due to new PF resource allocation by MFW T7.4 and above, it's 9835 + * optional that number of CAM entries will not be equal to the value 9836 + * advertised in PCI. 9837 + * Driver should use the minimal value of both as the actual status 9838 + * block count 9838 9839 */ 9839 - WARN_ON(bp->igu_sb_cnt != igu_sb_cnt); 9840 + bp->igu_sb_cnt = min_t(int, bp->igu_sb_cnt, igu_sb_cnt); 9840 9841 #endif 9841 9842 9842 9843 if (igu_sb_cnt == 0)
+1 -1
drivers/net/ethernet/cadence/at91_ether.c
··· 1086 1086 /* Clock */ 1087 1087 lp->ether_clk = clk_get(&pdev->dev, "ether_clk"); 1088 1088 if (IS_ERR(lp->ether_clk)) { 1089 - res = -ENODEV; 1089 + res = PTR_ERR(lp->ether_clk); 1090 1090 goto err_ioumap; 1091 1091 } 1092 1092 clk_enable(lp->ether_clk);
+1
drivers/net/ethernet/freescale/gianfar_ethtool.c
··· 1773 1773 } 1774 1774 1775 1775 int gfar_phc_index = -1; 1776 + EXPORT_SYMBOL(gfar_phc_index); 1776 1777 1777 1778 static int gfar_get_ts_info(struct net_device *dev, 1778 1779 struct ethtool_ts_info *info)
+2 -2
drivers/net/ethernet/freescale/gianfar_ptp.c
··· 515 515 err = PTR_ERR(etsects->clock); 516 516 goto no_clock; 517 517 } 518 - gfar_phc_clock = ptp_clock_index(etsects->clock); 518 + gfar_phc_index = ptp_clock_index(etsects->clock); 519 519 520 520 dev_set_drvdata(&dev->dev, etsects); 521 521 ··· 539 539 gfar_write(&etsects->regs->tmr_temask, 0); 540 540 gfar_write(&etsects->regs->tmr_ctrl, 0); 541 541 542 - gfar_phc_clock = -1; 542 + gfar_phc_index = -1; 543 543 ptp_clock_unregister(etsects->clock); 544 544 iounmap(etsects->regs); 545 545 release_resource(etsects->rsrc);
+11
drivers/net/ethernet/intel/e1000/e1000_main.c
··· 3149 3149 return NETDEV_TX_OK; 3150 3150 } 3151 3151 3152 + /* On PCI/PCI-X HW, if packet size is less than ETH_ZLEN, 3153 + * packets may get corrupted during padding by HW. 3154 + * To WA this issue, pad all small packets manually. 3155 + */ 3156 + if (skb->len < ETH_ZLEN) { 3157 + if (skb_pad(skb, ETH_ZLEN - skb->len)) 3158 + return NETDEV_TX_OK; 3159 + skb->len = ETH_ZLEN; 3160 + skb_set_tail_pointer(skb, ETH_ZLEN); 3161 + } 3162 + 3152 3163 mss = skb_shinfo(skb)->gso_size; 3153 3164 /* The controller does a simple calculation to 3154 3165 * make sure there is enough room in the FIFO before
+4
drivers/net/ethernet/qlogic/netxen/netxen_nic_main.c
··· 1378 1378 struct pci_dev *root = pdev->bus->self; 1379 1379 u32 aer_pos; 1380 1380 1381 + /* root bus? */ 1382 + if (!root) 1383 + return; 1384 + 1381 1385 if (adapter->ahw.board_type != NETXEN_BRDTYPE_P3_4_GB_MM && 1382 1386 adapter->ahw.board_type != NETXEN_BRDTYPE_P3_10G_TP) 1383 1387 return;
+5 -5
drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
··· 1066 1066 } else 1067 1067 priv->tm->enable = 1; 1068 1068 #endif 1069 - clk_enable(priv->stmmac_clk); 1069 + clk_prepare_enable(priv->stmmac_clk); 1070 1070 1071 1071 stmmac_check_ether_addr(priv); 1072 1072 ··· 1188 1188 if (priv->phydev) 1189 1189 phy_disconnect(priv->phydev); 1190 1190 1191 - clk_disable(priv->stmmac_clk); 1191 + clk_disable_unprepare(priv->stmmac_clk); 1192 1192 1193 1193 return ret; 1194 1194 } ··· 1246 1246 #ifdef CONFIG_STMMAC_DEBUG_FS 1247 1247 stmmac_exit_fs(); 1248 1248 #endif 1249 - clk_disable(priv->stmmac_clk); 1249 + clk_disable_unprepare(priv->stmmac_clk); 1250 1250 1251 1251 return 0; 1252 1252 } ··· 2178 2178 else { 2179 2179 stmmac_set_mac(priv->ioaddr, false); 2180 2180 /* Disable clock in case of PWM is off */ 2181 - clk_disable(priv->stmmac_clk); 2181 + clk_disable_unprepare(priv->stmmac_clk); 2182 2182 } 2183 2183 spin_unlock_irqrestore(&priv->lock, flags); 2184 2184 return 0; ··· 2203 2203 priv->hw->mac->pmt(priv->ioaddr, 0); 2204 2204 else 2205 2205 /* enable the clk prevously disabled */ 2206 - clk_enable(priv->stmmac_clk); 2206 + clk_prepare_enable(priv->stmmac_clk); 2207 2207 2208 2208 netif_device_attach(ndev); 2209 2209
+4 -4
drivers/net/ethernet/stmicro/stmmac/stmmac_timer.c
··· 97 97 static void stmmac_tmu_start(unsigned int new_freq) 98 98 { 99 99 clk_set_rate(timer_clock, new_freq); 100 - clk_enable(timer_clock); 100 + clk_prepare_enable(timer_clock); 101 101 } 102 102 103 103 static void stmmac_tmu_stop(void) 104 104 { 105 - clk_disable(timer_clock); 105 + clk_disable_unprepare(timer_clock); 106 106 } 107 107 108 108 int stmmac_open_ext_timer(struct net_device *dev, struct stmmac_timer *tm) 109 109 { 110 110 timer_clock = clk_get(NULL, TMU_CHANNEL); 111 111 112 - if (timer_clock == NULL) 112 + if (IS_ERR(timer_clock)) 113 113 return -1; 114 114 115 115 if (tmu2_register_user(stmmac_timer_handler, (void *)dev) < 0) { ··· 126 126 127 127 int stmmac_close_ext_timer(void) 128 128 { 129 - clk_disable(timer_clock); 129 + clk_disable_unprepare(timer_clock); 130 130 tmu2_unregister_user(); 131 131 clk_put(timer_clock); 132 132 return 0;
+1 -1
drivers/net/irda/sh_sir.c
··· 280 280 } 281 281 282 282 clk = clk_get(NULL, "irda_clk"); 283 - if (!clk) { 283 + if (IS_ERR(clk)) { 284 284 dev_err(dev, "can not get irda_clk\n"); 285 285 return -EIO; 286 286 }
+4
drivers/net/usb/asix_devices.c
··· 962 962 USB_DEVICE (0x2001, 0x3c05), 963 963 .driver_info = (unsigned long) &ax88772_info, 964 964 }, { 965 + // DLink DUB-E100 H/W Ver C1 966 + USB_DEVICE (0x2001, 0x1a02), 967 + .driver_info = (unsigned long) &ax88772_info, 968 + }, { 965 969 // Linksys USB1000 966 970 USB_DEVICE (0x1737, 0x0039), 967 971 .driver_info = (unsigned long) &ax88178_info,
+8 -3
drivers/net/usb/qmi_wwan.c
··· 366 366 }, 367 367 368 368 /* 2. Combined interface devices matching on class+protocol */ 369 + { /* Huawei E367 and possibly others in "Windows mode" */ 370 + USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, USB_CLASS_VENDOR_SPEC, 1, 7), 371 + .driver_info = (unsigned long)&qmi_wwan_info, 372 + }, 369 373 { /* Huawei E392, E398 and possibly others in "Windows mode" */ 370 374 USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, USB_CLASS_VENDOR_SPEC, 1, 17), 371 375 .driver_info = (unsigned long)&qmi_wwan_shared, 372 376 }, 373 - { /* Pantech UML290 */ 374 - USB_DEVICE_AND_INTERFACE_INFO(0x106c, 0x3718, USB_CLASS_VENDOR_SPEC, 0xf0, 0xff), 377 + { /* Pantech UML290, P4200 and more */ 378 + USB_VENDOR_AND_INTERFACE_INFO(0x106c, USB_CLASS_VENDOR_SPEC, 0xf0, 0xff), 375 379 .driver_info = (unsigned long)&qmi_wwan_shared, 376 380 }, 377 381 { /* Pantech UML290 - newer firmware */ 378 - USB_DEVICE_AND_INTERFACE_INFO(0x106c, 0x3718, USB_CLASS_VENDOR_SPEC, 0xf1, 0xff), 382 + USB_VENDOR_AND_INTERFACE_INFO(0x106c, USB_CLASS_VENDOR_SPEC, 0xf1, 0xff), 379 383 .driver_info = (unsigned long)&qmi_wwan_shared, 380 384 }, 381 385 ··· 387 383 {QMI_FIXED_INTF(0x19d2, 0x0055, 1)}, /* ZTE (Vodafone) K3520-Z */ 388 384 {QMI_FIXED_INTF(0x19d2, 0x0063, 4)}, /* ZTE (Vodafone) K3565-Z */ 389 385 {QMI_FIXED_INTF(0x19d2, 0x0104, 4)}, /* ZTE (Vodafone) K4505-Z */ 386 + {QMI_FIXED_INTF(0x19d2, 0x0157, 5)}, /* ZTE MF683 */ 390 387 {QMI_FIXED_INTF(0x19d2, 0x0167, 4)}, /* ZTE MF820D */ 391 388 {QMI_FIXED_INTF(0x19d2, 0x0326, 4)}, /* ZTE MF821D */ 392 389 {QMI_FIXED_INTF(0x19d2, 0x1008, 4)}, /* ZTE (Vodafone) K3570-Z */
+4
drivers/net/wireless/ath/ath9k/ar9003_eeprom.c
··· 2982 2982 case EEP_RX_MASK: 2983 2983 return pBase->txrxMask & 0xf; 2984 2984 case EEP_PAPRD: 2985 + if (AR_SREV_9462(ah)) 2986 + return false; 2987 + if (!ah->config.enable_paprd); 2988 + return false; 2985 2989 return !!(pBase->featureEnable & BIT(5)); 2986 2990 case EEP_CHAIN_MASK_REDUCE: 2987 2991 return (pBase->miscConfiguration >> 0x3) & 0x1;
+2
drivers/net/wireless/ath/ath9k/debug.c
··· 1577 1577 sc->debug.debugfs_phy, sc, &fops_tx_chainmask); 1578 1578 debugfs_create_file("disable_ani", S_IRUSR | S_IWUSR, 1579 1579 sc->debug.debugfs_phy, sc, &fops_disable_ani); 1580 + debugfs_create_bool("paprd", S_IRUSR | S_IWUSR, sc->debug.debugfs_phy, 1581 + &sc->sc_ah->config.enable_paprd); 1580 1582 debugfs_create_file("regidx", S_IRUSR | S_IWUSR, sc->debug.debugfs_phy, 1581 1583 sc, &fops_regidx); 1582 1584 debugfs_create_file("regval", S_IRUSR | S_IWUSR, sc->debug.debugfs_phy,
-4
drivers/net/wireless/ath/ath9k/hw.c
··· 2497 2497 pCap->rx_status_len = sizeof(struct ar9003_rxs); 2498 2498 pCap->tx_desc_len = sizeof(struct ar9003_txc); 2499 2499 pCap->txs_len = sizeof(struct ar9003_txs); 2500 - if (!ah->config.paprd_disable && 2501 - ah->eep_ops->get_eeprom(ah, EEP_PAPRD) && 2502 - !AR_SREV_9462(ah)) 2503 - pCap->hw_caps |= ATH9K_HW_CAP_PAPRD; 2504 2500 } else { 2505 2501 pCap->tx_desc_len = sizeof(struct ath_desc); 2506 2502 if (AR_SREV_9280_20(ah))
+1 -2
drivers/net/wireless/ath/ath9k/hw.h
··· 236 236 ATH9K_HW_CAP_LDPC = BIT(6), 237 237 ATH9K_HW_CAP_FASTCLOCK = BIT(7), 238 238 ATH9K_HW_CAP_SGI_20 = BIT(8), 239 - ATH9K_HW_CAP_PAPRD = BIT(9), 240 239 ATH9K_HW_CAP_ANT_DIV_COMB = BIT(10), 241 240 ATH9K_HW_CAP_2GHZ = BIT(11), 242 241 ATH9K_HW_CAP_5GHZ = BIT(12), ··· 286 287 u8 pcie_clock_req; 287 288 u32 pcie_waen; 288 289 u8 analog_shiftreg; 289 - u8 paprd_disable; 290 290 u32 ofdm_trig_low; 291 291 u32 ofdm_trig_high; 292 292 u32 cck_trig_high; 293 293 u32 cck_trig_low; 294 294 u32 enable_ani; 295 + u32 enable_paprd; 295 296 int serialize_regmode; 296 297 bool rx_intr_mitigation; 297 298 bool tx_intr_mitigation;
+1 -1
drivers/net/wireless/ath/ath9k/link.c
··· 423 423 cal_interval = min(cal_interval, (u32)short_cal_interval); 424 424 425 425 mod_timer(&common->ani.timer, jiffies + msecs_to_jiffies(cal_interval)); 426 - if ((sc->sc_ah->caps.hw_caps & ATH9K_HW_CAP_PAPRD) && ah->caldata) { 426 + if (ah->eep_ops->get_eeprom(ah, EEP_PAPRD) && ah->caldata) { 427 427 if (!ah->caldata->paprd_done) 428 428 ieee80211_queue_work(sc->hw, &sc->paprd_work); 429 429 else if (!ah->paprd_table_write_done)
+2
drivers/net/wireless/brcm80211/brcmfmac/bcmsdh_sdmmc.c
··· 638 638 639 639 oobirq_entry = kzalloc(sizeof(struct brcmf_sdio_oobirq), 640 640 GFP_KERNEL); 641 + if (!oobirq_entry) 642 + return -ENOMEM; 641 643 oobirq_entry->irq = res->start; 642 644 oobirq_entry->flags = res->flags & IRQF_TRIGGER_MASK; 643 645 list_add_tail(&oobirq_entry->list, &oobirq_lh);
+16 -10
drivers/net/wireless/brcm80211/brcmfmac/dhd_common.c
··· 764 764 { 765 765 char iovbuf[32]; 766 766 int retcode; 767 + __le32 arp_mode_le; 767 768 768 - brcmf_c_mkiovar("arp_ol", (char *)&arp_mode, 4, iovbuf, sizeof(iovbuf)); 769 + arp_mode_le = cpu_to_le32(arp_mode); 770 + brcmf_c_mkiovar("arp_ol", (char *)&arp_mode_le, 4, iovbuf, 771 + sizeof(iovbuf)); 769 772 retcode = brcmf_proto_cdc_set_dcmd(drvr, 0, BRCMF_C_SET_VAR, 770 773 iovbuf, sizeof(iovbuf)); 771 774 retcode = retcode >= 0 ? 0 : retcode; ··· 784 781 { 785 782 char iovbuf[32]; 786 783 int retcode; 784 + __le32 arp_enable_le; 787 785 788 - brcmf_c_mkiovar("arpoe", (char *)&arp_enable, 4, 786 + arp_enable_le = cpu_to_le32(arp_enable); 787 + 788 + brcmf_c_mkiovar("arpoe", (char *)&arp_enable_le, 4, 789 789 iovbuf, sizeof(iovbuf)); 790 790 retcode = brcmf_proto_cdc_set_dcmd(drvr, 0, BRCMF_C_SET_VAR, 791 791 iovbuf, sizeof(iovbuf)); ··· 806 800 char iovbuf[BRCMF_EVENTING_MASK_LEN + 12]; /* Room for 807 801 "event_msgs" + '\0' + bitvec */ 808 802 char buf[128], *ptr; 809 - u32 roaming = 1; 810 - uint bcn_timeout = 3; 811 - int scan_assoc_time = 40; 812 - int scan_unassoc_time = 40; 803 + __le32 roaming_le = cpu_to_le32(1); 804 + __le32 bcn_timeout_le = cpu_to_le32(3); 805 + __le32 scan_assoc_time_le = cpu_to_le32(40); 806 + __le32 scan_unassoc_time_le = cpu_to_le32(40); 813 807 int i; 814 808 struct brcmf_bus_dcmd *cmdlst; 815 809 struct list_head *cur, *q; ··· 835 829 836 830 /* Setup timeout if Beacons are lost and roam is off to report 837 831 link down */ 838 - brcmf_c_mkiovar("bcn_timeout", (char *)&bcn_timeout, 4, iovbuf, 832 + brcmf_c_mkiovar("bcn_timeout", (char *)&bcn_timeout_le, 4, iovbuf, 839 833 sizeof(iovbuf)); 840 834 brcmf_proto_cdc_set_dcmd(drvr, 0, BRCMF_C_SET_VAR, iovbuf, 841 835 sizeof(iovbuf)); 842 836 843 837 /* Enable/Disable build-in roaming to allowed ext supplicant to take 844 838 of romaing */ 845 - brcmf_c_mkiovar("roam_off", (char *)&roaming, 4, 839 + brcmf_c_mkiovar("roam_off", (char *)&roaming_le, 4, 846 840 iovbuf, sizeof(iovbuf)); 847 841 brcmf_proto_cdc_set_dcmd(drvr, 0, BRCMF_C_SET_VAR, iovbuf, 848 842 sizeof(iovbuf)); ··· 854 848 sizeof(iovbuf)); 855 849 856 850 brcmf_proto_cdc_set_dcmd(drvr, 0, BRCMF_C_SET_SCAN_CHANNEL_TIME, 857 - (char *)&scan_assoc_time, sizeof(scan_assoc_time)); 851 + (char *)&scan_assoc_time_le, sizeof(scan_assoc_time_le)); 858 852 brcmf_proto_cdc_set_dcmd(drvr, 0, BRCMF_C_SET_SCAN_UNASSOC_TIME, 859 - (char *)&scan_unassoc_time, sizeof(scan_unassoc_time)); 853 + (char *)&scan_unassoc_time_le, sizeof(scan_unassoc_time_le)); 860 854 861 855 /* Set and enable ARP offload feature */ 862 856 brcmf_c_arp_offload_set(drvr, BRCMF_ARPOL_MODE);
+4 -2
drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.c
··· 500 500 params_le->active_time = cpu_to_le32(-1); 501 501 params_le->passive_time = cpu_to_le32(-1); 502 502 params_le->home_time = cpu_to_le32(-1); 503 - if (ssid && ssid->SSID_len) 504 - memcpy(&params_le->ssid_le, ssid, sizeof(struct brcmf_ssid)); 503 + if (ssid && ssid->SSID_len) { 504 + params_le->ssid_le.SSID_len = cpu_to_le32(ssid->SSID_len); 505 + memcpy(&params_le->ssid_le.SSID, ssid->SSID, ssid->SSID_len); 506 + } 505 507 } 506 508 507 509 static s32
+1 -1
drivers/net/wireless/brcm80211/brcmsmac/channel.c
··· 77 77 NL80211_RRF_NO_IBSS) 78 78 79 79 static const struct ieee80211_regdomain brcms_regdom_x2 = { 80 - .n_reg_rules = 7, 80 + .n_reg_rules = 6, 81 81 .alpha2 = "X2", 82 82 .reg_rules = { 83 83 BRCM_2GHZ_2412_2462,
+1
drivers/net/wireless/rtlwifi/rtl8192ce/def.h
··· 117 117 118 118 #define CHIP_VER_B BIT(4) 119 119 #define CHIP_92C_BITMASK BIT(0) 120 + #define CHIP_UNKNOWN BIT(7) 120 121 #define CHIP_92C_1T2R 0x03 121 122 #define CHIP_92C 0x01 122 123 #define CHIP_88C 0x00
+10 -2
drivers/net/wireless/rtlwifi/rtl8192ce/hw.c
··· 994 994 version = (value32 & TYPE_ID) ? VERSION_A_CHIP_92C : 995 995 VERSION_A_CHIP_88C; 996 996 } else { 997 - version = (value32 & TYPE_ID) ? VERSION_B_CHIP_92C : 998 - VERSION_B_CHIP_88C; 997 + version = (enum version_8192c) (CHIP_VER_B | 998 + ((value32 & TYPE_ID) ? CHIP_92C_BITMASK : 0) | 999 + ((value32 & VENDOR_ID) ? CHIP_VENDOR_UMC : 0)); 1000 + if ((!IS_CHIP_VENDOR_UMC(version)) && (value32 & 1001 + CHIP_VER_RTL_MASK)) { 1002 + version = (enum version_8192c)(version | 1003 + ((((value32 & CHIP_VER_RTL_MASK) == BIT(12)) 1004 + ? CHIP_VENDOR_UMC_B_CUT : CHIP_UNKNOWN) | 1005 + CHIP_VENDOR_UMC)); 1006 + } 999 1007 } 1000 1008 1001 1009 switch (version) {
+4 -2
drivers/net/wireless/rtlwifi/rtl8192ce/sw.c
··· 162 162 163 163 /* request fw */ 164 164 if (IS_VENDOR_UMC_A_CUT(rtlhal->version) && 165 - !IS_92C_SERIAL(rtlhal->version)) 165 + !IS_92C_SERIAL(rtlhal->version)) { 166 166 rtlpriv->cfg->fw_name = "rtlwifi/rtl8192cfwU.bin"; 167 - else if (IS_81xxC_VENDOR_UMC_B_CUT(rtlhal->version)) 167 + } else if (IS_81xxC_VENDOR_UMC_B_CUT(rtlhal->version)) { 168 168 rtlpriv->cfg->fw_name = "rtlwifi/rtl8192cfwU_B.bin"; 169 + pr_info("****** This B_CUT device may not work with kernels 3.6 and earlier\n"); 170 + } 169 171 170 172 rtlpriv->max_fw_size = 0x4000; 171 173 pr_info("Using firmware %s\n", rtlpriv->cfg->fw_name);
+2
include/linux/xfrm.h
··· 84 84 __u32 bitmap; 85 85 }; 86 86 87 + #define XFRMA_REPLAY_ESN_MAX 4096 88 + 87 89 struct xfrm_replay_state_esn { 88 90 unsigned int bmp_len; 89 91 __u32 oseq;
+2 -3
include/net/ip6_fib.h
··· 111 111 struct inet6_dev *rt6i_idev; 112 112 unsigned long _rt6i_peer; 113 113 114 - #ifdef CONFIG_XFRM 115 - u32 rt6i_flow_cache_genid; 116 - #endif 114 + u32 rt6i_genid; 115 + 117 116 /* more non-fragment space at head required */ 118 117 unsigned short rt6i_nfheader_len; 119 118
+10
include/net/net_namespace.h
··· 102 102 #endif 103 103 struct netns_ipvs *ipvs; 104 104 struct sock *diag_nlsk; 105 + atomic_t rt_genid; 105 106 }; 106 107 107 108 ··· 301 300 } 302 301 #endif 303 302 303 + static inline int rt_genid(struct net *net) 304 + { 305 + return atomic_read(&net->rt_genid); 306 + } 307 + 308 + static inline void rt_genid_bump(struct net *net) 309 + { 310 + atomic_inc(&net->rt_genid); 311 + } 304 312 305 313 #endif /* __NET_NET_NAMESPACE_H */
-1
include/net/netns/ipv4.h
··· 65 65 unsigned int sysctl_ping_group_range[2]; 66 66 long sysctl_tcp_mem[3]; 67 67 68 - atomic_t rt_genid; 69 68 atomic_t dev_addr_genid; 70 69 71 70 #ifdef CONFIG_IP_MROUTE
+1 -1
include/net/route.h
··· 108 108 109 109 struct in_device; 110 110 extern int ip_rt_init(void); 111 - extern void rt_cache_flush(struct net *net, int how); 111 + extern void rt_cache_flush(struct net *net); 112 112 extern void rt_flush_dev(struct net_device *dev); 113 113 extern struct rtable *__ip_route_output_key(struct net *, struct flowi4 *flp); 114 114 extern struct rtable *ip_route_output_flow(struct net *, struct flowi4 *flp,
+3 -3
net/batman-adv/bitarray.h
··· 20 20 #ifndef _NET_BATMAN_ADV_BITARRAY_H_ 21 21 #define _NET_BATMAN_ADV_BITARRAY_H_ 22 22 23 - /* returns true if the corresponding bit in the given seq_bits indicates true 24 - * and curr_seqno is within range of last_seqno 23 + /* Returns 1 if the corresponding bit in the given seq_bits indicates true 24 + * and curr_seqno is within range of last_seqno. Otherwise returns 0. 25 25 */ 26 26 static inline int batadv_test_bit(const unsigned long *seq_bits, 27 27 uint32_t last_seqno, uint32_t curr_seqno) ··· 32 32 if (diff < 0 || diff >= BATADV_TQ_LOCAL_WINDOW_SIZE) 33 33 return 0; 34 34 else 35 - return test_bit(diff, seq_bits); 35 + return test_bit(diff, seq_bits) != 0; 36 36 } 37 37 38 38 /* turn corresponding bit on, so we can remember that we got the packet */
+2 -2
net/bluetooth/bnep/sock.c
··· 58 58 switch (cmd) { 59 59 case BNEPCONNADD: 60 60 if (!capable(CAP_NET_ADMIN)) 61 - return -EACCES; 61 + return -EPERM; 62 62 63 63 if (copy_from_user(&ca, argp, sizeof(ca))) 64 64 return -EFAULT; ··· 84 84 85 85 case BNEPCONNDEL: 86 86 if (!capable(CAP_NET_ADMIN)) 87 - return -EACCES; 87 + return -EPERM; 88 88 89 89 if (copy_from_user(&cd, argp, sizeof(cd))) 90 90 return -EFAULT;
+2 -2
net/bluetooth/cmtp/sock.c
··· 72 72 switch (cmd) { 73 73 case CMTPCONNADD: 74 74 if (!capable(CAP_NET_ADMIN)) 75 - return -EACCES; 75 + return -EPERM; 76 76 77 77 if (copy_from_user(&ca, argp, sizeof(ca))) 78 78 return -EFAULT; ··· 97 97 98 98 case CMTPCONNDEL: 99 99 if (!capable(CAP_NET_ADMIN)) 100 - return -EACCES; 100 + return -EPERM; 101 101 102 102 if (copy_from_user(&cd, argp, sizeof(cd))) 103 103 return -EFAULT;
+8 -8
net/bluetooth/hci_sock.c
··· 490 490 switch (cmd) { 491 491 case HCISETRAW: 492 492 if (!capable(CAP_NET_ADMIN)) 493 - return -EACCES; 493 + return -EPERM; 494 494 495 495 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks)) 496 496 return -EPERM; ··· 510 510 511 511 case HCIBLOCKADDR: 512 512 if (!capable(CAP_NET_ADMIN)) 513 - return -EACCES; 513 + return -EPERM; 514 514 return hci_sock_blacklist_add(hdev, (void __user *) arg); 515 515 516 516 case HCIUNBLOCKADDR: 517 517 if (!capable(CAP_NET_ADMIN)) 518 - return -EACCES; 518 + return -EPERM; 519 519 return hci_sock_blacklist_del(hdev, (void __user *) arg); 520 520 521 521 default: ··· 546 546 547 547 case HCIDEVUP: 548 548 if (!capable(CAP_NET_ADMIN)) 549 - return -EACCES; 549 + return -EPERM; 550 550 return hci_dev_open(arg); 551 551 552 552 case HCIDEVDOWN: 553 553 if (!capable(CAP_NET_ADMIN)) 554 - return -EACCES; 554 + return -EPERM; 555 555 return hci_dev_close(arg); 556 556 557 557 case HCIDEVRESET: 558 558 if (!capable(CAP_NET_ADMIN)) 559 - return -EACCES; 559 + return -EPERM; 560 560 return hci_dev_reset(arg); 561 561 562 562 case HCIDEVRESTAT: 563 563 if (!capable(CAP_NET_ADMIN)) 564 - return -EACCES; 564 + return -EPERM; 565 565 return hci_dev_reset_stat(arg); 566 566 567 567 case HCISETSCAN: ··· 573 573 case HCISETACLMTU: 574 574 case HCISETSCOMTU: 575 575 if (!capable(CAP_NET_ADMIN)) 576 - return -EACCES; 576 + return -EPERM; 577 577 return hci_dev_cmd(cmd, argp); 578 578 579 579 case HCIINQUIRY:
+2 -2
net/bluetooth/hidp/sock.c
··· 56 56 switch (cmd) { 57 57 case HIDPCONNADD: 58 58 if (!capable(CAP_NET_ADMIN)) 59 - return -EACCES; 59 + return -EPERM; 60 60 61 61 if (copy_from_user(&ca, argp, sizeof(ca))) 62 62 return -EFAULT; ··· 91 91 92 92 case HIDPCONNDEL: 93 93 if (!capable(CAP_NET_ADMIN)) 94 - return -EACCES; 94 + return -EPERM; 95 95 96 96 if (copy_from_user(&cd, argp, sizeof(cd))) 97 97 return -EFAULT;
+3 -2
net/core/dev.c
··· 2134 2134 static netdev_features_t harmonize_features(struct sk_buff *skb, 2135 2135 __be16 protocol, netdev_features_t features) 2136 2136 { 2137 - if (!can_checksum_protocol(features, protocol)) { 2137 + if (skb->ip_summed != CHECKSUM_NONE && 2138 + !can_checksum_protocol(features, protocol)) { 2138 2139 features &= ~NETIF_F_ALL_CSUM; 2139 2140 features &= ~NETIF_F_SG; 2140 2141 } else if (illegal_highdma(skb->dev, skb)) { ··· 3323 3322 3324 3323 if (pt_prev) { 3325 3324 if (unlikely(skb_orphan_frags(skb, GFP_ATOMIC))) 3326 - ret = -ENOMEM; 3325 + goto drop; 3327 3326 else 3328 3327 ret = pt_prev->func(skb, skb->dev, pt_prev, orig_dev); 3329 3328 } else {
+3 -1
net/core/skbuff.c
··· 3502 3502 if (!skb_cloned(from)) 3503 3503 skb_shinfo(from)->nr_frags = 0; 3504 3504 3505 - /* if the skb is cloned this does nothing since we set nr_frags to 0 */ 3505 + /* if the skb is not cloned this does nothing 3506 + * since we set nr_frags to 0. 3507 + */ 3506 3508 for (i = 0; i < skb_shinfo(from)->nr_frags; i++) 3507 3509 skb_frag_ref(from, i); 3508 3510
+1 -1
net/ipv4/arp.c
··· 1225 1225 switch (event) { 1226 1226 case NETDEV_CHANGEADDR: 1227 1227 neigh_changeaddr(&arp_tbl, dev); 1228 - rt_cache_flush(dev_net(dev), 0); 1228 + rt_cache_flush(dev_net(dev)); 1229 1229 break; 1230 1230 default: 1231 1231 break;
+5 -5
net/ipv4/devinet.c
··· 725 725 break; 726 726 727 727 case SIOCSIFFLAGS: 728 - ret = -EACCES; 728 + ret = -EPERM; 729 729 if (!capable(CAP_NET_ADMIN)) 730 730 goto out; 731 731 break; ··· 733 733 case SIOCSIFBRDADDR: /* Set the broadcast address */ 734 734 case SIOCSIFDSTADDR: /* Set the destination address */ 735 735 case SIOCSIFNETMASK: /* Set the netmask for the interface */ 736 - ret = -EACCES; 736 + ret = -EPERM; 737 737 if (!capable(CAP_NET_ADMIN)) 738 738 goto out; 739 739 ret = -EINVAL; ··· 1503 1503 if (i == IPV4_DEVCONF_ACCEPT_LOCAL - 1 || 1504 1504 i == IPV4_DEVCONF_ROUTE_LOCALNET - 1) 1505 1505 if ((new_value == 0) && (old_value != 0)) 1506 - rt_cache_flush(net, 0); 1506 + rt_cache_flush(net); 1507 1507 } 1508 1508 1509 1509 return ret; ··· 1537 1537 dev_disable_lro(idev->dev); 1538 1538 } 1539 1539 rtnl_unlock(); 1540 - rt_cache_flush(net, 0); 1540 + rt_cache_flush(net); 1541 1541 } 1542 1542 } 1543 1543 ··· 1554 1554 struct net *net = ctl->extra2; 1555 1555 1556 1556 if (write && *valp != val) 1557 - rt_cache_flush(net, 0); 1557 + rt_cache_flush(net); 1558 1558 1559 1559 return ret; 1560 1560 }
+10 -10
net/ipv4/fib_frontend.c
··· 148 148 } 149 149 150 150 if (flushed) 151 - rt_cache_flush(net, -1); 151 + rt_cache_flush(net); 152 152 } 153 153 154 154 /* ··· 999 999 net->ipv4.fibnl = NULL; 1000 1000 } 1001 1001 1002 - static void fib_disable_ip(struct net_device *dev, int force, int delay) 1002 + static void fib_disable_ip(struct net_device *dev, int force) 1003 1003 { 1004 1004 if (fib_sync_down_dev(dev, force)) 1005 1005 fib_flush(dev_net(dev)); 1006 - rt_cache_flush(dev_net(dev), delay); 1006 + rt_cache_flush(dev_net(dev)); 1007 1007 arp_ifdown(dev); 1008 1008 } 1009 1009 ··· 1020 1020 fib_sync_up(dev); 1021 1021 #endif 1022 1022 atomic_inc(&net->ipv4.dev_addr_genid); 1023 - rt_cache_flush(dev_net(dev), -1); 1023 + rt_cache_flush(dev_net(dev)); 1024 1024 break; 1025 1025 case NETDEV_DOWN: 1026 1026 fib_del_ifaddr(ifa, NULL); ··· 1029 1029 /* Last address was deleted from this interface. 1030 1030 * Disable IP. 1031 1031 */ 1032 - fib_disable_ip(dev, 1, 0); 1032 + fib_disable_ip(dev, 1); 1033 1033 } else { 1034 - rt_cache_flush(dev_net(dev), -1); 1034 + rt_cache_flush(dev_net(dev)); 1035 1035 } 1036 1036 break; 1037 1037 } ··· 1045 1045 struct net *net = dev_net(dev); 1046 1046 1047 1047 if (event == NETDEV_UNREGISTER) { 1048 - fib_disable_ip(dev, 2, -1); 1048 + fib_disable_ip(dev, 2); 1049 1049 rt_flush_dev(dev); 1050 1050 return NOTIFY_DONE; 1051 1051 } ··· 1062 1062 fib_sync_up(dev); 1063 1063 #endif 1064 1064 atomic_inc(&net->ipv4.dev_addr_genid); 1065 - rt_cache_flush(dev_net(dev), -1); 1065 + rt_cache_flush(dev_net(dev)); 1066 1066 break; 1067 1067 case NETDEV_DOWN: 1068 - fib_disable_ip(dev, 0, 0); 1068 + fib_disable_ip(dev, 0); 1069 1069 break; 1070 1070 case NETDEV_CHANGEMTU: 1071 1071 case NETDEV_CHANGE: 1072 - rt_cache_flush(dev_net(dev), 0); 1072 + rt_cache_flush(dev_net(dev)); 1073 1073 break; 1074 1074 case NETDEV_UNREGISTER_BATCH: 1075 1075 break;
+1 -1
net/ipv4/fib_rules.c
··· 259 259 260 260 static void fib4_rule_flush_cache(struct fib_rules_ops *ops) 261 261 { 262 - rt_cache_flush(ops->fro_net, -1); 262 + rt_cache_flush(ops->fro_net); 263 263 } 264 264 265 265 static const struct fib_rules_ops __net_initdata fib4_rules_ops_template = {
+3 -3
net/ipv4/fib_trie.c
··· 1286 1286 1287 1287 fib_release_info(fi_drop); 1288 1288 if (state & FA_S_ACCESSED) 1289 - rt_cache_flush(cfg->fc_nlinfo.nl_net, -1); 1289 + rt_cache_flush(cfg->fc_nlinfo.nl_net); 1290 1290 rtmsg_fib(RTM_NEWROUTE, htonl(key), new_fa, plen, 1291 1291 tb->tb_id, &cfg->fc_nlinfo, NLM_F_REPLACE); 1292 1292 ··· 1333 1333 list_add_tail_rcu(&new_fa->fa_list, 1334 1334 (fa ? &fa->fa_list : fa_head)); 1335 1335 1336 - rt_cache_flush(cfg->fc_nlinfo.nl_net, -1); 1336 + rt_cache_flush(cfg->fc_nlinfo.nl_net); 1337 1337 rtmsg_fib(RTM_NEWROUTE, htonl(key), new_fa, plen, tb->tb_id, 1338 1338 &cfg->fc_nlinfo, 0); 1339 1339 succeeded: ··· 1708 1708 trie_leaf_remove(t, l); 1709 1709 1710 1710 if (fa->fa_state & FA_S_ACCESSED) 1711 - rt_cache_flush(cfg->fc_nlinfo.nl_net, -1); 1711 + rt_cache_flush(cfg->fc_nlinfo.nl_net); 1712 1712 1713 1713 fib_release_info(fa->fa_info); 1714 1714 alias_free_mem_rcu(fa);
+5 -38
net/ipv4/route.c
··· 202 202 static DEFINE_PER_CPU(struct rt_cache_stat, rt_cache_stat); 203 203 #define RT_CACHE_STAT_INC(field) __this_cpu_inc(rt_cache_stat.field) 204 204 205 - static inline int rt_genid(struct net *net) 206 - { 207 - return atomic_read(&net->ipv4.rt_genid); 208 - } 209 - 210 205 #ifdef CONFIG_PROC_FS 211 206 static void *rt_cache_seq_start(struct seq_file *seq, loff_t *pos) 212 207 { ··· 442 447 return rth->rt_genid != rt_genid(dev_net(rth->dst.dev)); 443 448 } 444 449 445 - /* 446 - * Perturbation of rt_genid by a small quantity [1..256] 447 - * Using 8 bits of shuffling ensure we can call rt_cache_invalidate() 448 - * many times (2^24) without giving recent rt_genid. 449 - * Jenkins hash is strong enough that litle changes of rt_genid are OK. 450 - */ 451 - static void rt_cache_invalidate(struct net *net) 450 + void rt_cache_flush(struct net *net) 452 451 { 453 - unsigned char shuffle; 454 - 455 - get_random_bytes(&shuffle, sizeof(shuffle)); 456 - atomic_add(shuffle + 1U, &net->ipv4.rt_genid); 457 - } 458 - 459 - /* 460 - * delay < 0 : invalidate cache (fast : entries will be deleted later) 461 - * delay >= 0 : invalidate & flush cache (can be long) 462 - */ 463 - void rt_cache_flush(struct net *net, int delay) 464 - { 465 - rt_cache_invalidate(net); 452 + rt_genid_bump(net); 466 453 } 467 454 468 455 static struct neighbour *ipv4_neigh_lookup(const struct dst_entry *dst, ··· 2322 2345 2323 2346 void ip_rt_multicast_event(struct in_device *in_dev) 2324 2347 { 2325 - rt_cache_flush(dev_net(in_dev->dev), 0); 2348 + rt_cache_flush(dev_net(in_dev->dev)); 2326 2349 } 2327 2350 2328 2351 #ifdef CONFIG_SYSCTL ··· 2331 2354 size_t *lenp, loff_t *ppos) 2332 2355 { 2333 2356 if (write) { 2334 - int flush_delay; 2335 - ctl_table ctl; 2336 - struct net *net; 2337 - 2338 - memcpy(&ctl, __ctl, sizeof(ctl)); 2339 - ctl.data = &flush_delay; 2340 - proc_dointvec(&ctl, write, buffer, lenp, ppos); 2341 - 2342 - net = (struct net *)__ctl->extra1; 2343 - rt_cache_flush(net, flush_delay); 2357 + rt_cache_flush((struct net *)__ctl->extra1); 2344 2358 return 0; 2345 2359 } 2346 2360 ··· 2501 2533 2502 2534 static __net_init int rt_genid_init(struct net *net) 2503 2535 { 2504 - get_random_bytes(&net->ipv4.rt_genid, 2505 - sizeof(net->ipv4.rt_genid)); 2536 + atomic_set(&net->rt_genid, 0); 2506 2537 get_random_bytes(&net->ipv4.dev_addr_genid, 2507 2538 sizeof(net->ipv4.dev_addr_genid)); 2508 2539 return 0;
+18 -5
net/ipv4/tcp.c
··· 1762 1762 } 1763 1763 1764 1764 #ifdef CONFIG_NET_DMA 1765 - if (tp->ucopy.dma_chan) 1766 - dma_async_memcpy_issue_pending(tp->ucopy.dma_chan); 1765 + if (tp->ucopy.dma_chan) { 1766 + if (tp->rcv_wnd == 0 && 1767 + !skb_queue_empty(&sk->sk_async_wait_queue)) { 1768 + tcp_service_net_dma(sk, true); 1769 + tcp_cleanup_rbuf(sk, copied); 1770 + } else 1771 + dma_async_memcpy_issue_pending(tp->ucopy.dma_chan); 1772 + } 1767 1773 #endif 1768 1774 if (copied >= target) { 1769 1775 /* Do not sleep, just process backlog. */ ··· 2331 2325 tp->rx_opt.mss_clamp = opt.opt_val; 2332 2326 break; 2333 2327 case TCPOPT_WINDOW: 2334 - if (opt.opt_val > 14) 2335 - return -EFBIG; 2328 + { 2329 + u16 snd_wscale = opt.opt_val & 0xFFFF; 2330 + u16 rcv_wscale = opt.opt_val >> 16; 2336 2331 2337 - tp->rx_opt.snd_wscale = opt.opt_val; 2332 + if (snd_wscale > 14 || rcv_wscale > 14) 2333 + return -EFBIG; 2334 + 2335 + tp->rx_opt.snd_wscale = snd_wscale; 2336 + tp->rx_opt.rcv_wscale = rcv_wscale; 2337 + tp->rx_opt.wscale_ok = 1; 2338 + } 2338 2339 break; 2339 2340 case TCPOPT_SACK_PERM: 2340 2341 if (opt.opt_val != 0)
+2 -3
net/ipv4/tcp_input.c
··· 4661 4661 4662 4662 if (eaten > 0) 4663 4663 kfree_skb_partial(skb, fragstolen); 4664 - else if (!sock_flag(sk, SOCK_DEAD)) 4664 + if (!sock_flag(sk, SOCK_DEAD)) 4665 4665 sk->sk_data_ready(sk, 0); 4666 4666 return; 4667 4667 } ··· 5556 5556 #endif 5557 5557 if (eaten) 5558 5558 kfree_skb_partial(skb, fragstolen); 5559 - else 5560 - sk->sk_data_ready(sk, 0); 5559 + sk->sk_data_ready(sk, 0); 5561 5560 return 0; 5562 5561 } 5563 5562 }
+1 -22
net/ipv6/inet6_connection_sock.c
··· 175 175 const struct in6_addr *saddr) 176 176 { 177 177 __ip6_dst_store(sk, dst, daddr, saddr); 178 - 179 - #ifdef CONFIG_XFRM 180 - { 181 - struct rt6_info *rt = (struct rt6_info *)dst; 182 - rt->rt6i_flow_cache_genid = atomic_read(&flow_cache_genid); 183 - } 184 - #endif 185 178 } 186 179 187 180 static inline 188 181 struct dst_entry *__inet6_csk_dst_check(struct sock *sk, u32 cookie) 189 182 { 190 - struct dst_entry *dst; 191 - 192 - dst = __sk_dst_check(sk, cookie); 193 - 194 - #ifdef CONFIG_XFRM 195 - if (dst) { 196 - struct rt6_info *rt = (struct rt6_info *)dst; 197 - if (rt->rt6i_flow_cache_genid != atomic_read(&flow_cache_genid)) { 198 - __sk_dst_reset(sk); 199 - dst = NULL; 200 - } 201 - } 202 - #endif 203 - 204 - return dst; 183 + return __sk_dst_check(sk, cookie); 205 184 } 206 185 207 186 static struct dst_entry *inet6_csk_route_socket(struct sock *sk,
+4
net/ipv6/ip6_fib.c
··· 819 819 offsetof(struct rt6_info, rt6i_src), 820 820 allow_create, replace_required); 821 821 822 + if (IS_ERR(sn)) { 823 + err = PTR_ERR(sn); 824 + sn = NULL; 825 + } 822 826 if (!sn) { 823 827 /* If it is failed, discard just allocated 824 828 root, and then (in st_failure) stale node
+12 -7
net/ipv6/route.c
··· 226 226 .dst = { 227 227 .__refcnt = ATOMIC_INIT(1), 228 228 .__use = 1, 229 - .obsolete = -1, 229 + .obsolete = DST_OBSOLETE_FORCE_CHK, 230 230 .error = -ENETUNREACH, 231 231 .input = ip6_pkt_discard, 232 232 .output = ip6_pkt_discard_out, ··· 246 246 .dst = { 247 247 .__refcnt = ATOMIC_INIT(1), 248 248 .__use = 1, 249 - .obsolete = -1, 249 + .obsolete = DST_OBSOLETE_FORCE_CHK, 250 250 .error = -EACCES, 251 251 .input = ip6_pkt_prohibit, 252 252 .output = ip6_pkt_prohibit_out, ··· 261 261 .dst = { 262 262 .__refcnt = ATOMIC_INIT(1), 263 263 .__use = 1, 264 - .obsolete = -1, 264 + .obsolete = DST_OBSOLETE_FORCE_CHK, 265 265 .error = -EINVAL, 266 266 .input = dst_discard, 267 267 .output = dst_discard, ··· 281 281 struct fib6_table *table) 282 282 { 283 283 struct rt6_info *rt = dst_alloc(&net->ipv6.ip6_dst_ops, dev, 284 - 0, DST_OBSOLETE_NONE, flags); 284 + 0, DST_OBSOLETE_FORCE_CHK, flags); 285 285 286 286 if (rt) { 287 287 struct dst_entry *dst = &rt->dst; 288 288 289 289 memset(dst + 1, 0, sizeof(*rt) - sizeof(*dst)); 290 290 rt6_init_peer(rt, table ? &table->tb6_peers : net->ipv6.peers); 291 + rt->rt6i_genid = rt_genid(net); 291 292 } 292 293 return rt; 293 294 } ··· 1032 1031 1033 1032 rt = (struct rt6_info *) dst; 1034 1033 1034 + /* All IPV6 dsts are created with ->obsolete set to the value 1035 + * DST_OBSOLETE_FORCE_CHK which forces validation calls down 1036 + * into this function always. 1037 + */ 1038 + if (rt->rt6i_genid != rt_genid(dev_net(rt->dst.dev))) 1039 + return NULL; 1040 + 1035 1041 if (rt->rt6i_node && (rt->rt6i_node->fn_sernum == cookie)) { 1036 1042 if (rt->rt6i_peer_genid != rt6_peer_genid()) { 1037 1043 if (!rt6_has_peer(rt)) ··· 1404 1396 err = -ENOMEM; 1405 1397 goto out; 1406 1398 } 1407 - 1408 - rt->dst.obsolete = -1; 1409 1399 1410 1400 if (cfg->fc_flags & RTF_EXPIRES) 1411 1401 rt6_set_expires(rt, jiffies + ··· 2086 2080 rt->dst.input = ip6_input; 2087 2081 rt->dst.output = ip6_output; 2088 2082 rt->rt6i_idev = idev; 2089 - rt->dst.obsolete = -1; 2090 2083 2091 2084 rt->rt6i_flags = RTF_UP | RTF_NONEXTHOP; 2092 2085 if (anycast)
+1 -1
net/netrom/af_netrom.c
··· 601 601 if (!capable(CAP_NET_BIND_SERVICE)) { 602 602 dev_put(dev); 603 603 release_sock(sk); 604 - return -EACCES; 604 + return -EPERM; 605 605 } 606 606 nr->user_addr = addr->fsa_digipeater[0]; 607 607 nr->source_addr = addr->fsa_ax25.sax25_call;
+4 -1
net/sched/sch_qfq.c
··· 865 865 if (mask) { 866 866 struct qfq_group *next = qfq_ffs(q, mask); 867 867 if (qfq_gt(roundedF, next->F)) { 868 - cl->S = next->F; 868 + if (qfq_gt(limit, next->F)) 869 + cl->S = next->F; 870 + else /* preserve timestamp correctness */ 871 + cl->S = limit; 869 872 return; 870 873 } 871 874 }
+2 -1
net/xfrm/xfrm_policy.c
··· 585 585 xfrm_pol_hold(policy); 586 586 net->xfrm.policy_count[dir]++; 587 587 atomic_inc(&flow_cache_genid); 588 + rt_genid_bump(net); 588 589 if (delpol) 589 590 __xfrm_policy_unlink(delpol, dir); 590 591 policy->index = delpol ? delpol->index : xfrm_gen_index(net, dir); ··· 1764 1763 1765 1764 if (!afinfo) { 1766 1765 dst_release(dst_orig); 1767 - ret = ERR_PTR(-EINVAL); 1766 + return ERR_PTR(-EINVAL); 1768 1767 } else { 1769 1768 ret = afinfo->blackhole_route(net, dst_orig); 1770 1769 }
+42 -15
net/xfrm/xfrm_user.c
··· 123 123 struct nlattr **attrs) 124 124 { 125 125 struct nlattr *rt = attrs[XFRMA_REPLAY_ESN_VAL]; 126 + struct xfrm_replay_state_esn *rs; 126 127 127 - if ((p->flags & XFRM_STATE_ESN) && !rt) 128 - return -EINVAL; 128 + if (p->flags & XFRM_STATE_ESN) { 129 + if (!rt) 130 + return -EINVAL; 131 + 132 + rs = nla_data(rt); 133 + 134 + if (rs->bmp_len > XFRMA_REPLAY_ESN_MAX / sizeof(rs->bmp[0]) / 8) 135 + return -EINVAL; 136 + 137 + if (nla_len(rt) < xfrm_replay_state_esn_len(rs) && 138 + nla_len(rt) != sizeof(*rs)) 139 + return -EINVAL; 140 + } 129 141 130 142 if (!rt) 131 143 return 0; ··· 382 370 struct nlattr *rp) 383 371 { 384 372 struct xfrm_replay_state_esn *up; 373 + int ulen; 385 374 386 375 if (!replay_esn || !rp) 387 376 return 0; 388 377 389 378 up = nla_data(rp); 379 + ulen = xfrm_replay_state_esn_len(up); 390 380 391 - if (xfrm_replay_state_esn_len(replay_esn) != 392 - xfrm_replay_state_esn_len(up)) 381 + if (nla_len(rp) < ulen || xfrm_replay_state_esn_len(replay_esn) != ulen) 393 382 return -EINVAL; 394 383 395 384 return 0; ··· 401 388 struct nlattr *rta) 402 389 { 403 390 struct xfrm_replay_state_esn *p, *pp, *up; 391 + int klen, ulen; 404 392 405 393 if (!rta) 406 394 return 0; 407 395 408 396 up = nla_data(rta); 397 + klen = xfrm_replay_state_esn_len(up); 398 + ulen = nla_len(rta) >= klen ? klen : sizeof(*up); 409 399 410 - p = kmemdup(up, xfrm_replay_state_esn_len(up), GFP_KERNEL); 400 + p = kzalloc(klen, GFP_KERNEL); 411 401 if (!p) 412 402 return -ENOMEM; 413 403 414 - pp = kmemdup(up, xfrm_replay_state_esn_len(up), GFP_KERNEL); 404 + pp = kzalloc(klen, GFP_KERNEL); 415 405 if (!pp) { 416 406 kfree(p); 417 407 return -ENOMEM; 418 408 } 409 + 410 + memcpy(p, up, ulen); 411 + memcpy(pp, up, ulen); 419 412 420 413 *replay_esn = p; 421 414 *preplay_esn = pp; ··· 461 442 * somehow made shareable and move it to xfrm_state.c - JHS 462 443 * 463 444 */ 464 - static void xfrm_update_ae_params(struct xfrm_state *x, struct nlattr **attrs) 445 + static void xfrm_update_ae_params(struct xfrm_state *x, struct nlattr **attrs, 446 + int update_esn) 465 447 { 466 448 struct nlattr *rp = attrs[XFRMA_REPLAY_VAL]; 467 - struct nlattr *re = attrs[XFRMA_REPLAY_ESN_VAL]; 449 + struct nlattr *re = update_esn ? attrs[XFRMA_REPLAY_ESN_VAL] : NULL; 468 450 struct nlattr *lt = attrs[XFRMA_LTIME_VAL]; 469 451 struct nlattr *et = attrs[XFRMA_ETIMER_THRESH]; 470 452 struct nlattr *rt = attrs[XFRMA_REPLAY_THRESH]; ··· 575 555 goto error; 576 556 577 557 /* override default values from above */ 578 - xfrm_update_ae_params(x, attrs); 558 + xfrm_update_ae_params(x, attrs, 0); 579 559 580 560 return x; 581 561 ··· 709 689 710 690 static void copy_to_user_state(struct xfrm_state *x, struct xfrm_usersa_info *p) 711 691 { 692 + memset(p, 0, sizeof(*p)); 712 693 memcpy(&p->id, &x->id, sizeof(p->id)); 713 694 memcpy(&p->sel, &x->sel, sizeof(p->sel)); 714 695 memcpy(&p->lft, &x->lft, sizeof(p->lft)); ··· 763 742 return -EMSGSIZE; 764 743 765 744 algo = nla_data(nla); 766 - strcpy(algo->alg_name, auth->alg_name); 745 + strncpy(algo->alg_name, auth->alg_name, sizeof(algo->alg_name)); 767 746 memcpy(algo->alg_key, auth->alg_key, (auth->alg_key_len + 7) / 8); 768 747 algo->alg_key_len = auth->alg_key_len; 769 748 ··· 899 878 { 900 879 struct xfrm_dump_info info; 901 880 struct sk_buff *skb; 881 + int err; 902 882 903 883 skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC); 904 884 if (!skb) ··· 910 888 info.nlmsg_seq = seq; 911 889 info.nlmsg_flags = 0; 912 890 913 - if (dump_one_state(x, 0, &info)) { 891 + err = dump_one_state(x, 0, &info); 892 + if (err) { 914 893 kfree_skb(skb); 915 - return NULL; 894 + return ERR_PTR(err); 916 895 } 917 896 918 897 return skb; ··· 1340 1317 1341 1318 static void copy_to_user_policy(struct xfrm_policy *xp, struct xfrm_userpolicy_info *p, int dir) 1342 1319 { 1320 + memset(p, 0, sizeof(*p)); 1343 1321 memcpy(&p->sel, &xp->selector, sizeof(p->sel)); 1344 1322 memcpy(&p->lft, &xp->lft, sizeof(p->lft)); 1345 1323 memcpy(&p->curlft, &xp->curlft, sizeof(p->curlft)); ··· 1445 1421 struct xfrm_user_tmpl *up = &vec[i]; 1446 1422 struct xfrm_tmpl *kp = &xp->xfrm_vec[i]; 1447 1423 1424 + memset(up, 0, sizeof(*up)); 1448 1425 memcpy(&up->id, &kp->id, sizeof(up->id)); 1449 1426 up->family = kp->encap_family; 1450 1427 memcpy(&up->saddr, &kp->saddr, sizeof(up->saddr)); ··· 1571 1546 { 1572 1547 struct xfrm_dump_info info; 1573 1548 struct sk_buff *skb; 1549 + int err; 1574 1550 1575 1551 skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 1576 1552 if (!skb) ··· 1582 1556 info.nlmsg_seq = seq; 1583 1557 info.nlmsg_flags = 0; 1584 1558 1585 - if (dump_one_policy(xp, dir, 0, &info) < 0) { 1559 + err = dump_one_policy(xp, dir, 0, &info); 1560 + if (err) { 1586 1561 kfree_skb(skb); 1587 - return NULL; 1562 + return ERR_PTR(err); 1588 1563 } 1589 1564 1590 1565 return skb; ··· 1849 1822 goto out; 1850 1823 1851 1824 spin_lock_bh(&x->lock); 1852 - xfrm_update_ae_params(x, attrs); 1825 + xfrm_update_ae_params(x, attrs, 1); 1853 1826 spin_unlock_bh(&x->lock); 1854 1827 1855 1828 c.event = nlh->nlmsg_type;
+1
security/selinux/include/xfrm.h
··· 51 51 static inline void selinux_xfrm_notify_policyload(void) 52 52 { 53 53 atomic_inc(&flow_cache_genid); 54 + rt_genid_bump(&init_net); 54 55 } 55 56 #else 56 57 static inline int selinux_xfrm_enabled(void)