Contents of /trunk/kernel-lts/patches-3.4/0167-3.4.68-all-fixes.patch
Parent Directory | Revision Log
Revision 2322 -
(show annotations)
(download)
Mon Nov 18 12:00:12 2013 UTC (10 years, 10 months ago) by niro
File size: 40078 byte(s)
Mon Nov 18 12:00:12 2013 UTC (10 years, 10 months ago) by niro
File size: 40078 byte(s)
-linux-3.4.68
1 | diff --git a/drivers/connector/cn_proc.c b/drivers/connector/cn_proc.c |
2 | index 77e1e6cd66ce..2894461e0bdb 100644 |
3 | --- a/drivers/connector/cn_proc.c |
4 | +++ b/drivers/connector/cn_proc.c |
5 | @@ -64,6 +64,7 @@ void proc_fork_connector(struct task_struct *task) |
6 | |
7 | msg = (struct cn_msg*)buffer; |
8 | ev = (struct proc_event*)msg->data; |
9 | + memset(&ev->event_data, 0, sizeof(ev->event_data)); |
10 | get_seq(&msg->seq, &ev->cpu); |
11 | ktime_get_ts(&ts); /* get high res monotonic timestamp */ |
12 | put_unaligned(timespec_to_ns(&ts), (__u64 *)&ev->timestamp_ns); |
13 | @@ -79,6 +80,7 @@ void proc_fork_connector(struct task_struct *task) |
14 | memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id)); |
15 | msg->ack = 0; /* not used */ |
16 | msg->len = sizeof(*ev); |
17 | + msg->flags = 0; /* not used */ |
18 | /* If cn_netlink_send() failed, the data is not sent */ |
19 | cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL); |
20 | } |
21 | @@ -95,6 +97,7 @@ void proc_exec_connector(struct task_struct *task) |
22 | |
23 | msg = (struct cn_msg*)buffer; |
24 | ev = (struct proc_event*)msg->data; |
25 | + memset(&ev->event_data, 0, sizeof(ev->event_data)); |
26 | get_seq(&msg->seq, &ev->cpu); |
27 | ktime_get_ts(&ts); /* get high res monotonic timestamp */ |
28 | put_unaligned(timespec_to_ns(&ts), (__u64 *)&ev->timestamp_ns); |
29 | @@ -105,6 +108,7 @@ void proc_exec_connector(struct task_struct *task) |
30 | memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id)); |
31 | msg->ack = 0; /* not used */ |
32 | msg->len = sizeof(*ev); |
33 | + msg->flags = 0; /* not used */ |
34 | cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL); |
35 | } |
36 | |
37 | @@ -121,6 +125,7 @@ void proc_id_connector(struct task_struct *task, int which_id) |
38 | |
39 | msg = (struct cn_msg*)buffer; |
40 | ev = (struct proc_event*)msg->data; |
41 | + memset(&ev->event_data, 0, sizeof(ev->event_data)); |
42 | ev->what = which_id; |
43 | ev->event_data.id.process_pid = task->pid; |
44 | ev->event_data.id.process_tgid = task->tgid; |
45 | @@ -144,6 +149,7 @@ void proc_id_connector(struct task_struct *task, int which_id) |
46 | memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id)); |
47 | msg->ack = 0; /* not used */ |
48 | msg->len = sizeof(*ev); |
49 | + msg->flags = 0; /* not used */ |
50 | cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL); |
51 | } |
52 | |
53 | @@ -159,6 +165,7 @@ void proc_sid_connector(struct task_struct *task) |
54 | |
55 | msg = (struct cn_msg *)buffer; |
56 | ev = (struct proc_event *)msg->data; |
57 | + memset(&ev->event_data, 0, sizeof(ev->event_data)); |
58 | get_seq(&msg->seq, &ev->cpu); |
59 | ktime_get_ts(&ts); /* get high res monotonic timestamp */ |
60 | put_unaligned(timespec_to_ns(&ts), (__u64 *)&ev->timestamp_ns); |
61 | @@ -169,6 +176,7 @@ void proc_sid_connector(struct task_struct *task) |
62 | memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id)); |
63 | msg->ack = 0; /* not used */ |
64 | msg->len = sizeof(*ev); |
65 | + msg->flags = 0; /* not used */ |
66 | cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL); |
67 | } |
68 | |
69 | @@ -184,6 +192,7 @@ void proc_ptrace_connector(struct task_struct *task, int ptrace_id) |
70 | |
71 | msg = (struct cn_msg *)buffer; |
72 | ev = (struct proc_event *)msg->data; |
73 | + memset(&ev->event_data, 0, sizeof(ev->event_data)); |
74 | get_seq(&msg->seq, &ev->cpu); |
75 | ktime_get_ts(&ts); /* get high res monotonic timestamp */ |
76 | put_unaligned(timespec_to_ns(&ts), (__u64 *)&ev->timestamp_ns); |
77 | @@ -202,6 +211,7 @@ void proc_ptrace_connector(struct task_struct *task, int ptrace_id) |
78 | memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id)); |
79 | msg->ack = 0; /* not used */ |
80 | msg->len = sizeof(*ev); |
81 | + msg->flags = 0; /* not used */ |
82 | cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL); |
83 | } |
84 | |
85 | @@ -217,6 +227,7 @@ void proc_comm_connector(struct task_struct *task) |
86 | |
87 | msg = (struct cn_msg *)buffer; |
88 | ev = (struct proc_event *)msg->data; |
89 | + memset(&ev->event_data, 0, sizeof(ev->event_data)); |
90 | get_seq(&msg->seq, &ev->cpu); |
91 | ktime_get_ts(&ts); /* get high res monotonic timestamp */ |
92 | put_unaligned(timespec_to_ns(&ts), (__u64 *)&ev->timestamp_ns); |
93 | @@ -228,6 +239,7 @@ void proc_comm_connector(struct task_struct *task) |
94 | memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id)); |
95 | msg->ack = 0; /* not used */ |
96 | msg->len = sizeof(*ev); |
97 | + msg->flags = 0; /* not used */ |
98 | cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL); |
99 | } |
100 | |
101 | @@ -243,6 +255,7 @@ void proc_exit_connector(struct task_struct *task) |
102 | |
103 | msg = (struct cn_msg*)buffer; |
104 | ev = (struct proc_event*)msg->data; |
105 | + memset(&ev->event_data, 0, sizeof(ev->event_data)); |
106 | get_seq(&msg->seq, &ev->cpu); |
107 | ktime_get_ts(&ts); /* get high res monotonic timestamp */ |
108 | put_unaligned(timespec_to_ns(&ts), (__u64 *)&ev->timestamp_ns); |
109 | @@ -255,6 +268,7 @@ void proc_exit_connector(struct task_struct *task) |
110 | memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id)); |
111 | msg->ack = 0; /* not used */ |
112 | msg->len = sizeof(*ev); |
113 | + msg->flags = 0; /* not used */ |
114 | cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL); |
115 | } |
116 | |
117 | @@ -278,6 +292,7 @@ static void cn_proc_ack(int err, int rcvd_seq, int rcvd_ack) |
118 | |
119 | msg = (struct cn_msg*)buffer; |
120 | ev = (struct proc_event*)msg->data; |
121 | + memset(&ev->event_data, 0, sizeof(ev->event_data)); |
122 | msg->seq = rcvd_seq; |
123 | ktime_get_ts(&ts); /* get high res monotonic timestamp */ |
124 | put_unaligned(timespec_to_ns(&ts), (__u64 *)&ev->timestamp_ns); |
125 | @@ -287,6 +302,7 @@ static void cn_proc_ack(int err, int rcvd_seq, int rcvd_ack) |
126 | memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id)); |
127 | msg->ack = rcvd_ack + 1; |
128 | msg->len = sizeof(*ev); |
129 | + msg->flags = 0; /* not used */ |
130 | cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL); |
131 | } |
132 | |
133 | diff --git a/drivers/connector/connector.c b/drivers/connector/connector.c |
134 | index dde6a0fad408..ea6efe86468e 100644 |
135 | --- a/drivers/connector/connector.c |
136 | +++ b/drivers/connector/connector.c |
137 | @@ -157,17 +157,18 @@ static int cn_call_callback(struct sk_buff *skb) |
138 | static void cn_rx_skb(struct sk_buff *__skb) |
139 | { |
140 | struct nlmsghdr *nlh; |
141 | - int err; |
142 | struct sk_buff *skb; |
143 | + int len, err; |
144 | |
145 | skb = skb_get(__skb); |
146 | |
147 | if (skb->len >= NLMSG_SPACE(0)) { |
148 | nlh = nlmsg_hdr(skb); |
149 | + len = nlmsg_len(nlh); |
150 | |
151 | - if (nlh->nlmsg_len < sizeof(struct cn_msg) || |
152 | + if (len < (int)sizeof(struct cn_msg) || |
153 | skb->len < nlh->nlmsg_len || |
154 | - nlh->nlmsg_len > CONNECTOR_MAX_MSG_SIZE) { |
155 | + len > CONNECTOR_MAX_MSG_SIZE) { |
156 | kfree_skb(skb); |
157 | return; |
158 | } |
159 | diff --git a/drivers/md/dm-snap-persistent.c b/drivers/md/dm-snap-persistent.c |
160 | index 4caa8e6d59d7..2d2b1b7588d7 100644 |
161 | --- a/drivers/md/dm-snap-persistent.c |
162 | +++ b/drivers/md/dm-snap-persistent.c |
163 | @@ -269,6 +269,14 @@ static chunk_t area_location(struct pstore *ps, chunk_t area) |
164 | return NUM_SNAPSHOT_HDR_CHUNKS + ((ps->exceptions_per_area + 1) * area); |
165 | } |
166 | |
167 | +static void skip_metadata(struct pstore *ps) |
168 | +{ |
169 | + uint32_t stride = ps->exceptions_per_area + 1; |
170 | + chunk_t next_free = ps->next_free; |
171 | + if (sector_div(next_free, stride) == NUM_SNAPSHOT_HDR_CHUNKS) |
172 | + ps->next_free++; |
173 | +} |
174 | + |
175 | /* |
176 | * Read or write a metadata area. Remembering to skip the first |
177 | * chunk which holds the header. |
178 | @@ -502,6 +510,8 @@ static int read_exceptions(struct pstore *ps, |
179 | |
180 | ps->current_area--; |
181 | |
182 | + skip_metadata(ps); |
183 | + |
184 | return 0; |
185 | } |
186 | |
187 | @@ -616,8 +626,6 @@ static int persistent_prepare_exception(struct dm_exception_store *store, |
188 | struct dm_exception *e) |
189 | { |
190 | struct pstore *ps = get_info(store); |
191 | - uint32_t stride; |
192 | - chunk_t next_free; |
193 | sector_t size = get_dev_size(dm_snap_cow(store->snap)->bdev); |
194 | |
195 | /* Is there enough room ? */ |
196 | @@ -630,10 +638,8 @@ static int persistent_prepare_exception(struct dm_exception_store *store, |
197 | * Move onto the next free pending, making sure to take |
198 | * into account the location of the metadata chunks. |
199 | */ |
200 | - stride = (ps->exceptions_per_area + 1); |
201 | - next_free = ++ps->next_free; |
202 | - if (sector_div(next_free, stride) == 1) |
203 | - ps->next_free++; |
204 | + ps->next_free++; |
205 | + skip_metadata(ps); |
206 | |
207 | atomic_inc(&ps->pending_count); |
208 | return 0; |
209 | diff --git a/drivers/net/can/dev.c b/drivers/net/can/dev.c |
210 | index e86f4c37f981..c2cdefa1651e 100644 |
211 | --- a/drivers/net/can/dev.c |
212 | +++ b/drivers/net/can/dev.c |
213 | @@ -665,14 +665,14 @@ static size_t can_get_size(const struct net_device *dev) |
214 | size_t size; |
215 | |
216 | size = nla_total_size(sizeof(u32)); /* IFLA_CAN_STATE */ |
217 | - size += sizeof(struct can_ctrlmode); /* IFLA_CAN_CTRLMODE */ |
218 | + size += nla_total_size(sizeof(struct can_ctrlmode)); /* IFLA_CAN_CTRLMODE */ |
219 | size += nla_total_size(sizeof(u32)); /* IFLA_CAN_RESTART_MS */ |
220 | - size += sizeof(struct can_bittiming); /* IFLA_CAN_BITTIMING */ |
221 | - size += sizeof(struct can_clock); /* IFLA_CAN_CLOCK */ |
222 | + size += nla_total_size(sizeof(struct can_bittiming)); /* IFLA_CAN_BITTIMING */ |
223 | + size += nla_total_size(sizeof(struct can_clock)); /* IFLA_CAN_CLOCK */ |
224 | if (priv->do_get_berr_counter) /* IFLA_CAN_BERR_COUNTER */ |
225 | - size += sizeof(struct can_berr_counter); |
226 | + size += nla_total_size(sizeof(struct can_berr_counter)); |
227 | if (priv->bittiming_const) /* IFLA_CAN_BITTIMING_CONST */ |
228 | - size += sizeof(struct can_bittiming_const); |
229 | + size += nla_total_size(sizeof(struct can_bittiming_const)); |
230 | |
231 | return size; |
232 | } |
233 | diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c |
234 | index acd824660367..e45b8b6d6848 100644 |
235 | --- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c |
236 | +++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c |
237 | @@ -547,6 +547,7 @@ static inline void bnx2x_tpa_stop(struct bnx2x *bp, struct bnx2x_fastpath *fp, |
238 | skb, cqe, cqe_idx)) { |
239 | if (tpa_info->parsing_flags & PARSING_FLAGS_VLAN) |
240 | __vlan_hwaccel_put_tag(skb, tpa_info->vlan_tag); |
241 | + skb_record_rx_queue(skb, fp->rx_queue); |
242 | napi_gro_receive(&fp->napi, skb); |
243 | } else { |
244 | DP(NETIF_MSG_RX_STATUS, |
245 | diff --git a/drivers/net/ethernet/marvell/mv643xx_eth.c b/drivers/net/ethernet/marvell/mv643xx_eth.c |
246 | index 5e1ca0f05090..ffa6a72dcc60 100644 |
247 | --- a/drivers/net/ethernet/marvell/mv643xx_eth.c |
248 | +++ b/drivers/net/ethernet/marvell/mv643xx_eth.c |
249 | @@ -1274,15 +1274,13 @@ static void mib_counters_update(struct mv643xx_eth_private *mp) |
250 | p->rx_discard += rdlp(mp, RX_DISCARD_FRAME_CNT); |
251 | p->rx_overrun += rdlp(mp, RX_OVERRUN_FRAME_CNT); |
252 | spin_unlock_bh(&mp->mib_counters_lock); |
253 | - |
254 | - mod_timer(&mp->mib_counters_timer, jiffies + 30 * HZ); |
255 | } |
256 | |
257 | static void mib_counters_timer_wrapper(unsigned long _mp) |
258 | { |
259 | struct mv643xx_eth_private *mp = (void *)_mp; |
260 | - |
261 | mib_counters_update(mp); |
262 | + mod_timer(&mp->mib_counters_timer, jiffies + 30 * HZ); |
263 | } |
264 | |
265 | |
266 | @@ -2370,6 +2368,7 @@ static int mv643xx_eth_open(struct net_device *dev) |
267 | mp->int_mask |= INT_TX_END_0 << i; |
268 | } |
269 | |
270 | + add_timer(&mp->mib_counters_timer); |
271 | port_start(mp); |
272 | |
273 | wrlp(mp, INT_MASK_EXT, INT_EXT_LINK_PHY | INT_EXT_TX); |
274 | @@ -2911,7 +2910,6 @@ static int mv643xx_eth_probe(struct platform_device *pdev) |
275 | mp->mib_counters_timer.data = (unsigned long)mp; |
276 | mp->mib_counters_timer.function = mib_counters_timer_wrapper; |
277 | mp->mib_counters_timer.expires = jiffies + 30 * HZ; |
278 | - add_timer(&mp->mib_counters_timer); |
279 | |
280 | spin_lock_init(&mp->mib_counters_lock); |
281 | |
282 | diff --git a/drivers/net/ethernet/ti/davinci_emac.c b/drivers/net/ethernet/ti/davinci_emac.c |
283 | index 43fada572596..c336d36cf5ca 100644 |
284 | --- a/drivers/net/ethernet/ti/davinci_emac.c |
285 | +++ b/drivers/net/ethernet/ti/davinci_emac.c |
286 | @@ -875,8 +875,7 @@ static void emac_dev_mcast_set(struct net_device *ndev) |
287 | netdev_mc_count(ndev) > EMAC_DEF_MAX_MULTICAST_ADDRESSES) { |
288 | mbp_enable = (mbp_enable | EMAC_MBP_RXMCAST); |
289 | emac_add_mcast(priv, EMAC_ALL_MULTI_SET, NULL); |
290 | - } |
291 | - if (!netdev_mc_empty(ndev)) { |
292 | + } else if (!netdev_mc_empty(ndev)) { |
293 | struct netdev_hw_addr *ha; |
294 | |
295 | mbp_enable = (mbp_enable | EMAC_MBP_RXMCAST); |
296 | diff --git a/drivers/net/wan/farsync.c b/drivers/net/wan/farsync.c |
297 | index 1a623183cbe5..3710427c3fe1 100644 |
298 | --- a/drivers/net/wan/farsync.c |
299 | +++ b/drivers/net/wan/farsync.c |
300 | @@ -1972,6 +1972,7 @@ fst_get_iface(struct fst_card_info *card, struct fst_port_info *port, |
301 | } |
302 | |
303 | i = port->index; |
304 | + memset(&sync, 0, sizeof(sync)); |
305 | sync.clock_rate = FST_RDL(card, portConfig[i].lineSpeed); |
306 | /* Lucky card and linux use same encoding here */ |
307 | sync.clock_type = FST_RDB(card, portConfig[i].internalClock) == |
308 | diff --git a/drivers/net/wan/wanxl.c b/drivers/net/wan/wanxl.c |
309 | index feb7541b33fb..ccd496bf32d9 100644 |
310 | --- a/drivers/net/wan/wanxl.c |
311 | +++ b/drivers/net/wan/wanxl.c |
312 | @@ -355,6 +355,7 @@ static int wanxl_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) |
313 | ifr->ifr_settings.size = size; /* data size wanted */ |
314 | return -ENOBUFS; |
315 | } |
316 | + memset(&line, 0, sizeof(line)); |
317 | line.clock_type = get_status(port)->clocking; |
318 | line.clock_rate = 0; |
319 | line.loopback = 0; |
320 | diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c |
321 | index 9def72f018e0..b3440c66a995 100644 |
322 | --- a/drivers/usb/serial/option.c |
323 | +++ b/drivers/usb/serial/option.c |
324 | @@ -457,6 +457,10 @@ static void option_instat_callback(struct urb *urb); |
325 | #define CHANGHONG_VENDOR_ID 0x2077 |
326 | #define CHANGHONG_PRODUCT_CH690 0x7001 |
327 | |
328 | +/* Inovia */ |
329 | +#define INOVIA_VENDOR_ID 0x20a6 |
330 | +#define INOVIA_SEW858 0x1105 |
331 | + |
332 | /* some devices interfaces need special handling due to a number of reasons */ |
333 | enum option_blacklist_reason { |
334 | OPTION_BLACKLIST_NONE = 0, |
335 | @@ -1279,7 +1283,9 @@ static const struct usb_device_id option_ids[] = { |
336 | |
337 | { USB_DEVICE(OLIVETTI_VENDOR_ID, OLIVETTI_PRODUCT_OLICARD100) }, |
338 | { USB_DEVICE(OLIVETTI_VENDOR_ID, OLIVETTI_PRODUCT_OLICARD145) }, |
339 | - { USB_DEVICE(OLIVETTI_VENDOR_ID, OLIVETTI_PRODUCT_OLICARD200) }, |
340 | + { USB_DEVICE(OLIVETTI_VENDOR_ID, OLIVETTI_PRODUCT_OLICARD200), |
341 | + .driver_info = (kernel_ulong_t)&net_intf6_blacklist |
342 | + }, |
343 | { USB_DEVICE(CELOT_VENDOR_ID, CELOT_PRODUCT_CT680M) }, /* CT-650 CDMA 450 1xEVDO modem */ |
344 | { USB_DEVICE_AND_INTERFACE_INFO(SAMSUNG_VENDOR_ID, SAMSUNG_PRODUCT_GT_B3730, USB_CLASS_CDC_DATA, 0x00, 0x00) }, /* Samsung GT-B3730 LTE USB modem.*/ |
345 | { USB_DEVICE(YUGA_VENDOR_ID, YUGA_PRODUCT_CEM600) }, |
346 | @@ -1367,6 +1373,7 @@ static const struct usb_device_id option_ids[] = { |
347 | { USB_DEVICE_AND_INTERFACE_INFO(0x2001, 0x7d03, 0xff, 0x00, 0x00) }, |
348 | { USB_DEVICE_AND_INTERFACE_INFO(0x07d1, 0x3e01, 0xff, 0xff, 0xff) }, /* D-Link DWM-152/C1 */ |
349 | { USB_DEVICE_AND_INTERFACE_INFO(0x07d1, 0x3e02, 0xff, 0xff, 0xff) }, /* D-Link DWM-156/C1 */ |
350 | + { USB_DEVICE(INOVIA_VENDOR_ID, INOVIA_SEW858) }, |
351 | { } /* Terminating entry */ |
352 | }; |
353 | MODULE_DEVICE_TABLE(usb, option_ids); |
354 | diff --git a/drivers/usb/serial/ti_usb_3410_5052.c b/drivers/usb/serial/ti_usb_3410_5052.c |
355 | index a7492ba5371a..1b0430e00b75 100644 |
356 | --- a/drivers/usb/serial/ti_usb_3410_5052.c |
357 | +++ b/drivers/usb/serial/ti_usb_3410_5052.c |
358 | @@ -210,6 +210,7 @@ static struct usb_device_id ti_id_table_combined[19+2*TI_EXTRA_VID_PID_COUNT+1] |
359 | { USB_DEVICE(IBM_VENDOR_ID, IBM_454B_PRODUCT_ID) }, |
360 | { USB_DEVICE(IBM_VENDOR_ID, IBM_454C_PRODUCT_ID) }, |
361 | { USB_DEVICE(ABBOTT_VENDOR_ID, ABBOTT_PRODUCT_ID) }, |
362 | + { USB_DEVICE(ABBOTT_VENDOR_ID, ABBOTT_STRIP_PORT_ID) }, |
363 | { USB_DEVICE(TI_VENDOR_ID, FRI2_PRODUCT_ID) }, |
364 | { } |
365 | }; |
366 | diff --git a/fs/ext3/dir.c b/fs/ext3/dir.c |
367 | index cc761ad8fa57..92490e9f85ca 100644 |
368 | --- a/fs/ext3/dir.c |
369 | +++ b/fs/ext3/dir.c |
370 | @@ -21,30 +21,15 @@ |
371 | * |
372 | */ |
373 | |
374 | +#include <linux/compat.h> |
375 | #include "ext3.h" |
376 | |
377 | static unsigned char ext3_filetype_table[] = { |
378 | DT_UNKNOWN, DT_REG, DT_DIR, DT_CHR, DT_BLK, DT_FIFO, DT_SOCK, DT_LNK |
379 | }; |
380 | |
381 | -static int ext3_readdir(struct file *, void *, filldir_t); |
382 | static int ext3_dx_readdir(struct file * filp, |
383 | void * dirent, filldir_t filldir); |
384 | -static int ext3_release_dir (struct inode * inode, |
385 | - struct file * filp); |
386 | - |
387 | -const struct file_operations ext3_dir_operations = { |
388 | - .llseek = generic_file_llseek, |
389 | - .read = generic_read_dir, |
390 | - .readdir = ext3_readdir, /* we take BKL. needed?*/ |
391 | - .unlocked_ioctl = ext3_ioctl, |
392 | -#ifdef CONFIG_COMPAT |
393 | - .compat_ioctl = ext3_compat_ioctl, |
394 | -#endif |
395 | - .fsync = ext3_sync_file, /* BKL held */ |
396 | - .release = ext3_release_dir, |
397 | -}; |
398 | - |
399 | |
400 | static unsigned char get_dtype(struct super_block *sb, int filetype) |
401 | { |
402 | @@ -55,6 +40,25 @@ static unsigned char get_dtype(struct super_block *sb, int filetype) |
403 | return (ext3_filetype_table[filetype]); |
404 | } |
405 | |
406 | +/** |
407 | + * Check if the given dir-inode refers to an htree-indexed directory |
408 | + * (or a directory which chould potentially get coverted to use htree |
409 | + * indexing). |
410 | + * |
411 | + * Return 1 if it is a dx dir, 0 if not |
412 | + */ |
413 | +static int is_dx_dir(struct inode *inode) |
414 | +{ |
415 | + struct super_block *sb = inode->i_sb; |
416 | + |
417 | + if (EXT3_HAS_COMPAT_FEATURE(inode->i_sb, |
418 | + EXT3_FEATURE_COMPAT_DIR_INDEX) && |
419 | + ((EXT3_I(inode)->i_flags & EXT3_INDEX_FL) || |
420 | + ((inode->i_size >> sb->s_blocksize_bits) == 1))) |
421 | + return 1; |
422 | + |
423 | + return 0; |
424 | +} |
425 | |
426 | int ext3_check_dir_entry (const char * function, struct inode * dir, |
427 | struct ext3_dir_entry_2 * de, |
428 | @@ -94,18 +98,13 @@ static int ext3_readdir(struct file * filp, |
429 | unsigned long offset; |
430 | int i, stored; |
431 | struct ext3_dir_entry_2 *de; |
432 | - struct super_block *sb; |
433 | int err; |
434 | struct inode *inode = filp->f_path.dentry->d_inode; |
435 | + struct super_block *sb = inode->i_sb; |
436 | int ret = 0; |
437 | int dir_has_error = 0; |
438 | |
439 | - sb = inode->i_sb; |
440 | - |
441 | - if (EXT3_HAS_COMPAT_FEATURE(inode->i_sb, |
442 | - EXT3_FEATURE_COMPAT_DIR_INDEX) && |
443 | - ((EXT3_I(inode)->i_flags & EXT3_INDEX_FL) || |
444 | - ((inode->i_size >> sb->s_blocksize_bits) == 1))) { |
445 | + if (is_dx_dir(inode)) { |
446 | err = ext3_dx_readdir(filp, dirent, filldir); |
447 | if (err != ERR_BAD_DX_DIR) { |
448 | ret = err; |
449 | @@ -227,22 +226,87 @@ out: |
450 | return ret; |
451 | } |
452 | |
453 | +static inline int is_32bit_api(void) |
454 | +{ |
455 | +#ifdef CONFIG_COMPAT |
456 | + return is_compat_task(); |
457 | +#else |
458 | + return (BITS_PER_LONG == 32); |
459 | +#endif |
460 | +} |
461 | + |
462 | /* |
463 | * These functions convert from the major/minor hash to an f_pos |
464 | - * value. |
465 | + * value for dx directories |
466 | * |
467 | - * Currently we only use major hash numer. This is unfortunate, but |
468 | - * on 32-bit machines, the same VFS interface is used for lseek and |
469 | - * llseek, so if we use the 64 bit offset, then the 32-bit versions of |
470 | - * lseek/telldir/seekdir will blow out spectacularly, and from within |
471 | - * the ext2 low-level routine, we don't know if we're being called by |
472 | - * a 64-bit version of the system call or the 32-bit version of the |
473 | - * system call. Worse yet, NFSv2 only allows for a 32-bit readdir |
474 | - * cookie. Sigh. |
475 | + * Upper layer (for example NFS) should specify FMODE_32BITHASH or |
476 | + * FMODE_64BITHASH explicitly. On the other hand, we allow ext3 to be mounted |
477 | + * directly on both 32-bit and 64-bit nodes, under such case, neither |
478 | + * FMODE_32BITHASH nor FMODE_64BITHASH is specified. |
479 | */ |
480 | -#define hash2pos(major, minor) (major >> 1) |
481 | -#define pos2maj_hash(pos) ((pos << 1) & 0xffffffff) |
482 | -#define pos2min_hash(pos) (0) |
483 | +static inline loff_t hash2pos(struct file *filp, __u32 major, __u32 minor) |
484 | +{ |
485 | + if ((filp->f_mode & FMODE_32BITHASH) || |
486 | + (!(filp->f_mode & FMODE_64BITHASH) && is_32bit_api())) |
487 | + return major >> 1; |
488 | + else |
489 | + return ((__u64)(major >> 1) << 32) | (__u64)minor; |
490 | +} |
491 | + |
492 | +static inline __u32 pos2maj_hash(struct file *filp, loff_t pos) |
493 | +{ |
494 | + if ((filp->f_mode & FMODE_32BITHASH) || |
495 | + (!(filp->f_mode & FMODE_64BITHASH) && is_32bit_api())) |
496 | + return (pos << 1) & 0xffffffff; |
497 | + else |
498 | + return ((pos >> 32) << 1) & 0xffffffff; |
499 | +} |
500 | + |
501 | +static inline __u32 pos2min_hash(struct file *filp, loff_t pos) |
502 | +{ |
503 | + if ((filp->f_mode & FMODE_32BITHASH) || |
504 | + (!(filp->f_mode & FMODE_64BITHASH) && is_32bit_api())) |
505 | + return 0; |
506 | + else |
507 | + return pos & 0xffffffff; |
508 | +} |
509 | + |
510 | +/* |
511 | + * Return 32- or 64-bit end-of-file for dx directories |
512 | + */ |
513 | +static inline loff_t ext3_get_htree_eof(struct file *filp) |
514 | +{ |
515 | + if ((filp->f_mode & FMODE_32BITHASH) || |
516 | + (!(filp->f_mode & FMODE_64BITHASH) && is_32bit_api())) |
517 | + return EXT3_HTREE_EOF_32BIT; |
518 | + else |
519 | + return EXT3_HTREE_EOF_64BIT; |
520 | +} |
521 | + |
522 | + |
523 | +/* |
524 | + * ext3_dir_llseek() calls generic_file_llseek[_size]() to handle both |
525 | + * non-htree and htree directories, where the "offset" is in terms |
526 | + * of the filename hash value instead of the byte offset. |
527 | + * |
528 | + * Because we may return a 64-bit hash that is well beyond s_maxbytes, |
529 | + * we need to pass the max hash as the maximum allowable offset in |
530 | + * the htree directory case. |
531 | + * |
532 | + * NOTE: offsets obtained *before* ext3_set_inode_flag(dir, EXT3_INODE_INDEX) |
533 | + * will be invalid once the directory was converted into a dx directory |
534 | + */ |
535 | +loff_t ext3_dir_llseek(struct file *file, loff_t offset, int origin) |
536 | +{ |
537 | + struct inode *inode = file->f_mapping->host; |
538 | + int dx_dir = is_dx_dir(inode); |
539 | + |
540 | + if (likely(dx_dir)) |
541 | + return generic_file_llseek_size(file, offset, origin, |
542 | + ext3_get_htree_eof(file)); |
543 | + else |
544 | + return generic_file_llseek(file, offset, origin); |
545 | +} |
546 | |
547 | /* |
548 | * This structure holds the nodes of the red-black tree used to store |
549 | @@ -303,15 +367,16 @@ static void free_rb_tree_fname(struct rb_root *root) |
550 | } |
551 | |
552 | |
553 | -static struct dir_private_info *ext3_htree_create_dir_info(loff_t pos) |
554 | +static struct dir_private_info *ext3_htree_create_dir_info(struct file *filp, |
555 | + loff_t pos) |
556 | { |
557 | struct dir_private_info *p; |
558 | |
559 | p = kzalloc(sizeof(struct dir_private_info), GFP_KERNEL); |
560 | if (!p) |
561 | return NULL; |
562 | - p->curr_hash = pos2maj_hash(pos); |
563 | - p->curr_minor_hash = pos2min_hash(pos); |
564 | + p->curr_hash = pos2maj_hash(filp, pos); |
565 | + p->curr_minor_hash = pos2min_hash(filp, pos); |
566 | return p; |
567 | } |
568 | |
569 | @@ -401,7 +466,7 @@ static int call_filldir(struct file * filp, void * dirent, |
570 | printk("call_filldir: called with null fname?!?\n"); |
571 | return 0; |
572 | } |
573 | - curr_pos = hash2pos(fname->hash, fname->minor_hash); |
574 | + curr_pos = hash2pos(filp, fname->hash, fname->minor_hash); |
575 | while (fname) { |
576 | error = filldir(dirent, fname->name, |
577 | fname->name_len, curr_pos, |
578 | @@ -426,13 +491,13 @@ static int ext3_dx_readdir(struct file * filp, |
579 | int ret; |
580 | |
581 | if (!info) { |
582 | - info = ext3_htree_create_dir_info(filp->f_pos); |
583 | + info = ext3_htree_create_dir_info(filp, filp->f_pos); |
584 | if (!info) |
585 | return -ENOMEM; |
586 | filp->private_data = info; |
587 | } |
588 | |
589 | - if (filp->f_pos == EXT3_HTREE_EOF) |
590 | + if (filp->f_pos == ext3_get_htree_eof(filp)) |
591 | return 0; /* EOF */ |
592 | |
593 | /* Some one has messed with f_pos; reset the world */ |
594 | @@ -440,8 +505,8 @@ static int ext3_dx_readdir(struct file * filp, |
595 | free_rb_tree_fname(&info->root); |
596 | info->curr_node = NULL; |
597 | info->extra_fname = NULL; |
598 | - info->curr_hash = pos2maj_hash(filp->f_pos); |
599 | - info->curr_minor_hash = pos2min_hash(filp->f_pos); |
600 | + info->curr_hash = pos2maj_hash(filp, filp->f_pos); |
601 | + info->curr_minor_hash = pos2min_hash(filp, filp->f_pos); |
602 | } |
603 | |
604 | /* |
605 | @@ -473,7 +538,7 @@ static int ext3_dx_readdir(struct file * filp, |
606 | if (ret < 0) |
607 | return ret; |
608 | if (ret == 0) { |
609 | - filp->f_pos = EXT3_HTREE_EOF; |
610 | + filp->f_pos = ext3_get_htree_eof(filp); |
611 | break; |
612 | } |
613 | info->curr_node = rb_first(&info->root); |
614 | @@ -493,7 +558,7 @@ static int ext3_dx_readdir(struct file * filp, |
615 | info->curr_minor_hash = fname->minor_hash; |
616 | } else { |
617 | if (info->next_hash == ~0) { |
618 | - filp->f_pos = EXT3_HTREE_EOF; |
619 | + filp->f_pos = ext3_get_htree_eof(filp); |
620 | break; |
621 | } |
622 | info->curr_hash = info->next_hash; |
623 | @@ -512,3 +577,15 @@ static int ext3_release_dir (struct inode * inode, struct file * filp) |
624 | |
625 | return 0; |
626 | } |
627 | + |
628 | +const struct file_operations ext3_dir_operations = { |
629 | + .llseek = ext3_dir_llseek, |
630 | + .read = generic_read_dir, |
631 | + .readdir = ext3_readdir, |
632 | + .unlocked_ioctl = ext3_ioctl, |
633 | +#ifdef CONFIG_COMPAT |
634 | + .compat_ioctl = ext3_compat_ioctl, |
635 | +#endif |
636 | + .fsync = ext3_sync_file, |
637 | + .release = ext3_release_dir, |
638 | +}; |
639 | diff --git a/fs/ext3/ext3.h b/fs/ext3/ext3.h |
640 | index b6515fd7e56c..fe5bef7914ea 100644 |
641 | --- a/fs/ext3/ext3.h |
642 | +++ b/fs/ext3/ext3.h |
643 | @@ -920,7 +920,11 @@ struct dx_hash_info |
644 | u32 *seed; |
645 | }; |
646 | |
647 | -#define EXT3_HTREE_EOF 0x7fffffff |
648 | + |
649 | +/* 32 and 64 bit signed EOF for dx directories */ |
650 | +#define EXT3_HTREE_EOF_32BIT ((1UL << (32 - 1)) - 1) |
651 | +#define EXT3_HTREE_EOF_64BIT ((1ULL << (64 - 1)) - 1) |
652 | + |
653 | |
654 | /* |
655 | * Control parameters used by ext3_htree_next_block |
656 | diff --git a/fs/ext3/hash.c b/fs/ext3/hash.c |
657 | index d10231ddcf8a..ede315cdf126 100644 |
658 | --- a/fs/ext3/hash.c |
659 | +++ b/fs/ext3/hash.c |
660 | @@ -198,8 +198,8 @@ int ext3fs_dirhash(const char *name, int len, struct dx_hash_info *hinfo) |
661 | return -1; |
662 | } |
663 | hash = hash & ~1; |
664 | - if (hash == (EXT3_HTREE_EOF << 1)) |
665 | - hash = (EXT3_HTREE_EOF-1) << 1; |
666 | + if (hash == (EXT3_HTREE_EOF_32BIT << 1)) |
667 | + hash = (EXT3_HTREE_EOF_32BIT - 1) << 1; |
668 | hinfo->hash = hash; |
669 | hinfo->minor_hash = minor_hash; |
670 | return 0; |
671 | diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h |
672 | index dc4d49a0c07d..42b919c36da1 100644 |
673 | --- a/include/linux/skbuff.h |
674 | +++ b/include/linux/skbuff.h |
675 | @@ -760,6 +760,16 @@ static inline int skb_cloned(const struct sk_buff *skb) |
676 | (atomic_read(&skb_shinfo(skb)->dataref) & SKB_DATAREF_MASK) != 1; |
677 | } |
678 | |
679 | +static inline int skb_unclone(struct sk_buff *skb, gfp_t pri) |
680 | +{ |
681 | + might_sleep_if(pri & __GFP_WAIT); |
682 | + |
683 | + if (skb_cloned(skb)) |
684 | + return pskb_expand_head(skb, 0, 0, pri); |
685 | + |
686 | + return 0; |
687 | +} |
688 | + |
689 | /** |
690 | * skb_header_cloned - is the header a clone |
691 | * @skb: buffer to check |
692 | @@ -1198,6 +1208,11 @@ static inline int skb_pagelen(const struct sk_buff *skb) |
693 | return len + skb_headlen(skb); |
694 | } |
695 | |
696 | +static inline bool skb_has_frags(const struct sk_buff *skb) |
697 | +{ |
698 | + return skb_shinfo(skb)->nr_frags; |
699 | +} |
700 | + |
701 | /** |
702 | * __skb_fill_page_desc - initialise a paged fragment in an skb |
703 | * @skb: buffer containing fragment to be initialised |
704 | diff --git a/include/net/cipso_ipv4.h b/include/net/cipso_ipv4.h |
705 | index a7a683e30b64..a8c2ef6d3b93 100644 |
706 | --- a/include/net/cipso_ipv4.h |
707 | +++ b/include/net/cipso_ipv4.h |
708 | @@ -290,6 +290,7 @@ static inline int cipso_v4_validate(const struct sk_buff *skb, |
709 | unsigned char err_offset = 0; |
710 | u8 opt_len = opt[1]; |
711 | u8 opt_iter; |
712 | + u8 tag_len; |
713 | |
714 | if (opt_len < 8) { |
715 | err_offset = 1; |
716 | @@ -302,11 +303,12 @@ static inline int cipso_v4_validate(const struct sk_buff *skb, |
717 | } |
718 | |
719 | for (opt_iter = 6; opt_iter < opt_len;) { |
720 | - if (opt[opt_iter + 1] > (opt_len - opt_iter)) { |
721 | + tag_len = opt[opt_iter + 1]; |
722 | + if ((tag_len == 0) || (opt[opt_iter + 1] > (opt_len - opt_iter))) { |
723 | err_offset = opt_iter + 1; |
724 | goto out; |
725 | } |
726 | - opt_iter += opt[opt_iter + 1]; |
727 | + opt_iter += tag_len; |
728 | } |
729 | |
730 | out: |
731 | diff --git a/include/net/dst.h b/include/net/dst.h |
732 | index 8197eadca819..1efe71aad089 100644 |
733 | --- a/include/net/dst.h |
734 | +++ b/include/net/dst.h |
735 | @@ -464,10 +464,22 @@ static inline struct dst_entry *xfrm_lookup(struct net *net, |
736 | { |
737 | return dst_orig; |
738 | } |
739 | + |
740 | +static inline struct xfrm_state *dst_xfrm(const struct dst_entry *dst) |
741 | +{ |
742 | + return NULL; |
743 | +} |
744 | + |
745 | #else |
746 | extern struct dst_entry *xfrm_lookup(struct net *net, struct dst_entry *dst_orig, |
747 | const struct flowi *fl, struct sock *sk, |
748 | int flags); |
749 | + |
750 | +/* skb attached with this dst needs transformation if dst->xfrm is valid */ |
751 | +static inline struct xfrm_state *dst_xfrm(const struct dst_entry *dst) |
752 | +{ |
753 | + return dst->xfrm; |
754 | +} |
755 | #endif |
756 | |
757 | #endif /* _NET_DST_H */ |
758 | diff --git a/mm/page-writeback.c b/mm/page-writeback.c |
759 | index bc8465f579a8..3b15e2a147a2 100644 |
760 | --- a/mm/page-writeback.c |
761 | +++ b/mm/page-writeback.c |
762 | @@ -1072,11 +1072,11 @@ static unsigned long dirty_poll_interval(unsigned long dirty, |
763 | return 1; |
764 | } |
765 | |
766 | -static long bdi_max_pause(struct backing_dev_info *bdi, |
767 | - unsigned long bdi_dirty) |
768 | +static unsigned long bdi_max_pause(struct backing_dev_info *bdi, |
769 | + unsigned long bdi_dirty) |
770 | { |
771 | - long bw = bdi->avg_write_bandwidth; |
772 | - long t; |
773 | + unsigned long bw = bdi->avg_write_bandwidth; |
774 | + unsigned long t; |
775 | |
776 | /* |
777 | * Limit pause time for small memory systems. If sleeping for too long |
778 | @@ -1088,7 +1088,7 @@ static long bdi_max_pause(struct backing_dev_info *bdi, |
779 | t = bdi_dirty / (1 + bw / roundup_pow_of_two(1 + HZ / 8)); |
780 | t++; |
781 | |
782 | - return min_t(long, t, MAX_PAUSE); |
783 | + return min_t(unsigned long, t, MAX_PAUSE); |
784 | } |
785 | |
786 | static long bdi_min_pause(struct backing_dev_info *bdi, |
787 | diff --git a/net/8021q/vlan_netlink.c b/net/8021q/vlan_netlink.c |
788 | index 50711368ad6a..7f046b4c06bc 100644 |
789 | --- a/net/8021q/vlan_netlink.c |
790 | +++ b/net/8021q/vlan_netlink.c |
791 | @@ -152,7 +152,7 @@ static size_t vlan_get_size(const struct net_device *dev) |
792 | struct vlan_dev_priv *vlan = vlan_dev_priv(dev); |
793 | |
794 | return nla_total_size(2) + /* IFLA_VLAN_ID */ |
795 | - sizeof(struct ifla_vlan_flags) + /* IFLA_VLAN_FLAGS */ |
796 | + nla_total_size(sizeof(struct ifla_vlan_flags)) + /* IFLA_VLAN_FLAGS */ |
797 | vlan_qos_map_size(vlan->nr_ingress_mappings) + |
798 | vlan_qos_map_size(vlan->nr_egress_mappings); |
799 | } |
800 | diff --git a/net/bridge/br_stp_if.c b/net/bridge/br_stp_if.c |
801 | index f774796f7e57..2f100ccef86f 100644 |
802 | --- a/net/bridge/br_stp_if.c |
803 | +++ b/net/bridge/br_stp_if.c |
804 | @@ -134,7 +134,7 @@ static void br_stp_start(struct net_bridge *br) |
805 | |
806 | if (br->bridge_forward_delay < BR_MIN_FORWARD_DELAY) |
807 | __br_set_forward_delay(br, BR_MIN_FORWARD_DELAY); |
808 | - else if (br->bridge_forward_delay < BR_MAX_FORWARD_DELAY) |
809 | + else if (br->bridge_forward_delay > BR_MAX_FORWARD_DELAY) |
810 | __br_set_forward_delay(br, BR_MAX_FORWARD_DELAY); |
811 | |
812 | if (r == 0) { |
813 | diff --git a/net/compat.c b/net/compat.c |
814 | index 014e1c78ecc5..ee84d82d7287 100644 |
815 | --- a/net/compat.c |
816 | +++ b/net/compat.c |
817 | @@ -71,6 +71,8 @@ int get_compat_msghdr(struct msghdr *kmsg, struct compat_msghdr __user *umsg) |
818 | __get_user(kmsg->msg_controllen, &umsg->msg_controllen) || |
819 | __get_user(kmsg->msg_flags, &umsg->msg_flags)) |
820 | return -EFAULT; |
821 | + if (kmsg->msg_namelen > sizeof(struct sockaddr_storage)) |
822 | + return -EINVAL; |
823 | kmsg->msg_name = compat_ptr(tmp1); |
824 | kmsg->msg_iov = compat_ptr(tmp2); |
825 | kmsg->msg_control = compat_ptr(tmp3); |
826 | diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c |
827 | index 984ec656b03b..4afcf31bdfeb 100644 |
828 | --- a/net/ipv4/inet_hashtables.c |
829 | +++ b/net/ipv4/inet_hashtables.c |
830 | @@ -268,7 +268,7 @@ begintw: |
831 | } |
832 | if (unlikely(!INET_TW_MATCH(sk, net, hash, acookie, |
833 | saddr, daddr, ports, dif))) { |
834 | - sock_put(sk); |
835 | + inet_twsk_put(inet_twsk(sk)); |
836 | goto begintw; |
837 | } |
838 | goto out; |
839 | diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c |
840 | index 3bc4c978d7ad..d6407b563fd8 100644 |
841 | --- a/net/ipv4/ip_output.c |
842 | +++ b/net/ipv4/ip_output.c |
843 | @@ -846,7 +846,7 @@ static int __ip_append_data(struct sock *sk, |
844 | csummode = CHECKSUM_PARTIAL; |
845 | |
846 | cork->length += length; |
847 | - if (((length > mtu) || (skb && skb_is_gso(skb))) && |
848 | + if (((length > mtu) || (skb && skb_has_frags(skb))) && |
849 | (sk->sk_protocol == IPPROTO_UDP) && |
850 | (rt->dst.dev->features & NETIF_F_UFO) && !rt->dst.header_len) { |
851 | err = ip_ufo_append_data(sk, queue, getfrag, from, length, |
852 | diff --git a/net/ipv4/route.c b/net/ipv4/route.c |
853 | index 167ea10b521a..108c73d760df 100644 |
854 | --- a/net/ipv4/route.c |
855 | +++ b/net/ipv4/route.c |
856 | @@ -2713,7 +2713,7 @@ static struct rtable *ip_route_output_slow(struct net *net, struct flowi4 *fl4) |
857 | RT_SCOPE_LINK); |
858 | goto make_route; |
859 | } |
860 | - if (fl4->saddr) { |
861 | + if (!fl4->saddr) { |
862 | if (ipv4_is_multicast(fl4->daddr)) |
863 | fl4->saddr = inet_select_addr(dev_out, 0, |
864 | fl4->flowi4_scope); |
865 | diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c |
866 | index 55d96c392e7f..99eb909c9d5f 100644 |
867 | --- a/net/ipv4/tcp_input.c |
868 | +++ b/net/ipv4/tcp_input.c |
869 | @@ -1468,7 +1468,10 @@ static int tcp_shifted_skb(struct sock *sk, struct sk_buff *skb, |
870 | tp->lost_cnt_hint -= tcp_skb_pcount(prev); |
871 | } |
872 | |
873 | - TCP_SKB_CB(skb)->tcp_flags |= TCP_SKB_CB(prev)->tcp_flags; |
874 | + TCP_SKB_CB(prev)->tcp_flags |= TCP_SKB_CB(skb)->tcp_flags; |
875 | + if (TCP_SKB_CB(skb)->tcp_flags & TCPHDR_FIN) |
876 | + TCP_SKB_CB(prev)->end_seq++; |
877 | + |
878 | if (skb == tcp_highest_sack(sk)) |
879 | tcp_advance_highest_sack(sk, skb); |
880 | |
881 | diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c |
882 | index 12999a3aaf95..987f5cc706b4 100644 |
883 | --- a/net/ipv4/tcp_output.c |
884 | +++ b/net/ipv4/tcp_output.c |
885 | @@ -933,6 +933,9 @@ static void tcp_queue_skb(struct sock *sk, struct sk_buff *skb) |
886 | static void tcp_set_skb_tso_segs(const struct sock *sk, struct sk_buff *skb, |
887 | unsigned int mss_now) |
888 | { |
889 | + /* Make sure we own this skb before messing gso_size/gso_segs */ |
890 | + WARN_ON_ONCE(skb_cloned(skb)); |
891 | + |
892 | if (skb->len <= mss_now || !sk_can_gso(sk) || |
893 | skb->ip_summed == CHECKSUM_NONE) { |
894 | /* Avoid the costly divide in the normal |
895 | @@ -1014,9 +1017,7 @@ int tcp_fragment(struct sock *sk, struct sk_buff *skb, u32 len, |
896 | if (nsize < 0) |
897 | nsize = 0; |
898 | |
899 | - if (skb_cloned(skb) && |
900 | - skb_is_nonlinear(skb) && |
901 | - pskb_expand_head(skb, 0, 0, GFP_ATOMIC)) |
902 | + if (skb_unclone(skb, GFP_ATOMIC)) |
903 | return -ENOMEM; |
904 | |
905 | /* Get a new skb... force flag on. */ |
906 | @@ -2129,6 +2130,8 @@ int tcp_retransmit_skb(struct sock *sk, struct sk_buff *skb) |
907 | int oldpcount = tcp_skb_pcount(skb); |
908 | |
909 | if (unlikely(oldpcount > 1)) { |
910 | + if (skb_unclone(skb, GFP_ATOMIC)) |
911 | + return -ENOMEM; |
912 | tcp_init_tso_segs(sk, skb, cur_mss); |
913 | tcp_adjust_pcount(sk, skb, oldpcount - tcp_skb_pcount(skb)); |
914 | } |
915 | diff --git a/net/ipv6/inet6_hashtables.c b/net/ipv6/inet6_hashtables.c |
916 | index 73f1a00a96af..e38290b7c7a1 100644 |
917 | --- a/net/ipv6/inet6_hashtables.c |
918 | +++ b/net/ipv6/inet6_hashtables.c |
919 | @@ -110,7 +110,7 @@ begintw: |
920 | goto out; |
921 | } |
922 | if (!INET6_TW_MATCH(sk, net, hash, saddr, daddr, ports, dif)) { |
923 | - sock_put(sk); |
924 | + inet_twsk_put(inet_twsk(sk)); |
925 | goto begintw; |
926 | } |
927 | goto out; |
928 | diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c |
929 | index 1acfb19cb570..7dabea3a7125 100644 |
930 | --- a/net/ipv6/ip6_output.c |
931 | +++ b/net/ipv6/ip6_output.c |
932 | @@ -1345,7 +1345,7 @@ int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to, |
933 | skb = skb_peek_tail(&sk->sk_write_queue); |
934 | cork->length += length; |
935 | if (((length > mtu) || |
936 | - (skb && skb_is_gso(skb))) && |
937 | + (skb && skb_has_frags(skb))) && |
938 | (sk->sk_protocol == IPPROTO_UDP) && |
939 | (rt->dst.dev->features & NETIF_F_UFO)) { |
940 | err = ip6_ufo_append_data(sk, getfrag, from, length, |
941 | diff --git a/net/ipv6/route.c b/net/ipv6/route.c |
942 | index 016ed7c22fc9..4f768a4c2907 100644 |
943 | --- a/net/ipv6/route.c |
944 | +++ b/net/ipv6/route.c |
945 | @@ -818,7 +818,7 @@ static struct rt6_info *rt6_alloc_clone(struct rt6_info *ort, |
946 | } |
947 | |
948 | static struct rt6_info *ip6_pol_route(struct net *net, struct fib6_table *table, int oif, |
949 | - struct flowi6 *fl6, int flags) |
950 | + struct flowi6 *fl6, int flags, bool input) |
951 | { |
952 | struct fib6_node *fn; |
953 | struct rt6_info *rt, *nrt; |
954 | @@ -826,8 +826,11 @@ static struct rt6_info *ip6_pol_route(struct net *net, struct fib6_table *table, |
955 | int attempts = 3; |
956 | int err; |
957 | int reachable = net->ipv6.devconf_all->forwarding ? 0 : RT6_LOOKUP_F_REACHABLE; |
958 | + int local = RTF_NONEXTHOP; |
959 | |
960 | strict |= flags & RT6_LOOKUP_F_IFACE; |
961 | + if (input) |
962 | + local |= RTF_LOCAL; |
963 | |
964 | relookup: |
965 | read_lock_bh(&table->tb6_lock); |
966 | @@ -847,7 +850,7 @@ restart: |
967 | read_unlock_bh(&table->tb6_lock); |
968 | |
969 | if (!dst_get_neighbour_noref_raw(&rt->dst) && |
970 | - !(rt->rt6i_flags & (RTF_NONEXTHOP | RTF_LOCAL))) |
971 | + !(rt->rt6i_flags & local)) |
972 | nrt = rt6_alloc_cow(rt, &fl6->daddr, &fl6->saddr); |
973 | else if (!(rt->dst.flags & DST_HOST)) |
974 | nrt = rt6_alloc_clone(rt, &fl6->daddr); |
975 | @@ -891,7 +894,7 @@ out2: |
976 | static struct rt6_info *ip6_pol_route_input(struct net *net, struct fib6_table *table, |
977 | struct flowi6 *fl6, int flags) |
978 | { |
979 | - return ip6_pol_route(net, table, fl6->flowi6_iif, fl6, flags); |
980 | + return ip6_pol_route(net, table, fl6->flowi6_iif, fl6, flags, true); |
981 | } |
982 | |
983 | static struct dst_entry *ip6_route_input_lookup(struct net *net, |
984 | @@ -924,7 +927,7 @@ void ip6_route_input(struct sk_buff *skb) |
985 | static struct rt6_info *ip6_pol_route_output(struct net *net, struct fib6_table *table, |
986 | struct flowi6 *fl6, int flags) |
987 | { |
988 | - return ip6_pol_route(net, table, fl6->flowi6_oif, fl6, flags); |
989 | + return ip6_pol_route(net, table, fl6->flowi6_oif, fl6, flags, false); |
990 | } |
991 | |
992 | struct dst_entry * ip6_route_output(struct net *net, const struct sock *sk, |
993 | diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c |
994 | index b2982f4214d1..904bc098790d 100644 |
995 | --- a/net/l2tp/l2tp_ppp.c |
996 | +++ b/net/l2tp/l2tp_ppp.c |
997 | @@ -357,7 +357,9 @@ static int pppol2tp_sendmsg(struct kiocb *iocb, struct socket *sock, struct msgh |
998 | goto error_put_sess_tun; |
999 | } |
1000 | |
1001 | + local_bh_disable(); |
1002 | l2tp_xmit_skb(session, skb, session->hdr_len); |
1003 | + local_bh_enable(); |
1004 | |
1005 | sock_put(ps->tunnel_sock); |
1006 | sock_put(sk); |
1007 | @@ -432,7 +434,9 @@ static int pppol2tp_xmit(struct ppp_channel *chan, struct sk_buff *skb) |
1008 | skb->data[0] = ppph[0]; |
1009 | skb->data[1] = ppph[1]; |
1010 | |
1011 | + local_bh_disable(); |
1012 | l2tp_xmit_skb(session, skb, session->hdr_len); |
1013 | + local_bh_enable(); |
1014 | |
1015 | sock_put(sk_tun); |
1016 | sock_put(sk); |
1017 | diff --git a/net/sctp/output.c b/net/sctp/output.c |
1018 | index 32ba8d0e50e2..cf3e22c586a6 100644 |
1019 | --- a/net/sctp/output.c |
1020 | +++ b/net/sctp/output.c |
1021 | @@ -518,7 +518,8 @@ int sctp_packet_transmit(struct sctp_packet *packet) |
1022 | * by CRC32-C as described in <draft-ietf-tsvwg-sctpcsum-02.txt>. |
1023 | */ |
1024 | if (!sctp_checksum_disable) { |
1025 | - if (!(dst->dev->features & NETIF_F_SCTP_CSUM)) { |
1026 | + if (!(dst->dev->features & NETIF_F_SCTP_CSUM) || |
1027 | + (dst_xfrm(dst) != NULL) || packet->ipfragok) { |
1028 | __u32 crc32 = sctp_start_cksum((__u8 *)sh, cksum_buf_len); |
1029 | |
1030 | /* 3) Put the resultant value into the checksum field in the |
1031 | diff --git a/net/socket.c b/net/socket.c |
1032 | index 47ce3ea44300..acc769562707 100644 |
1033 | --- a/net/socket.c |
1034 | +++ b/net/socket.c |
1035 | @@ -1899,6 +1899,16 @@ struct used_address { |
1036 | unsigned int name_len; |
1037 | }; |
1038 | |
1039 | +static int copy_msghdr_from_user(struct msghdr *kmsg, |
1040 | + struct msghdr __user *umsg) |
1041 | +{ |
1042 | + if (copy_from_user(kmsg, umsg, sizeof(struct msghdr))) |
1043 | + return -EFAULT; |
1044 | + if (kmsg->msg_namelen > sizeof(struct sockaddr_storage)) |
1045 | + return -EINVAL; |
1046 | + return 0; |
1047 | +} |
1048 | + |
1049 | static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg, |
1050 | struct msghdr *msg_sys, unsigned flags, |
1051 | struct used_address *used_address) |
1052 | @@ -1917,8 +1927,11 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg, |
1053 | if (MSG_CMSG_COMPAT & flags) { |
1054 | if (get_compat_msghdr(msg_sys, msg_compat)) |
1055 | return -EFAULT; |
1056 | - } else if (copy_from_user(msg_sys, msg, sizeof(struct msghdr))) |
1057 | - return -EFAULT; |
1058 | + } else { |
1059 | + err = copy_msghdr_from_user(msg_sys, msg); |
1060 | + if (err) |
1061 | + return err; |
1062 | + } |
1063 | |
1064 | /* do not move before msg_sys is valid */ |
1065 | err = -EMSGSIZE; |
1066 | @@ -2129,8 +2142,11 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, |
1067 | if (MSG_CMSG_COMPAT & flags) { |
1068 | if (get_compat_msghdr(msg_sys, msg_compat)) |
1069 | return -EFAULT; |
1070 | - } else if (copy_from_user(msg_sys, msg, sizeof(struct msghdr))) |
1071 | - return -EFAULT; |
1072 | + } else { |
1073 | + err = copy_msghdr_from_user(msg_sys, msg); |
1074 | + if (err) |
1075 | + return err; |
1076 | + } |
1077 | |
1078 | err = -EMSGSIZE; |
1079 | if (msg_sys->msg_iovlen > UIO_MAXIOV) |
1080 | diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c |
1081 | index c4821fd23b79..ed005b425a7c 100644 |
1082 | --- a/net/unix/af_unix.c |
1083 | +++ b/net/unix/af_unix.c |
1084 | @@ -1247,6 +1247,15 @@ static int unix_socketpair(struct socket *socka, struct socket *sockb) |
1085 | return 0; |
1086 | } |
1087 | |
1088 | +static void unix_sock_inherit_flags(const struct socket *old, |
1089 | + struct socket *new) |
1090 | +{ |
1091 | + if (test_bit(SOCK_PASSCRED, &old->flags)) |
1092 | + set_bit(SOCK_PASSCRED, &new->flags); |
1093 | + if (test_bit(SOCK_PASSSEC, &old->flags)) |
1094 | + set_bit(SOCK_PASSSEC, &new->flags); |
1095 | +} |
1096 | + |
1097 | static int unix_accept(struct socket *sock, struct socket *newsock, int flags) |
1098 | { |
1099 | struct sock *sk = sock->sk; |
1100 | @@ -1281,6 +1290,7 @@ static int unix_accept(struct socket *sock, struct socket *newsock, int flags) |
1101 | /* attach accepted sock to socket */ |
1102 | unix_state_lock(tsk); |
1103 | newsock->state = SS_CONNECTED; |
1104 | + unix_sock_inherit_flags(sock, newsock); |
1105 | sock_graft(tsk, newsock); |
1106 | unix_state_unlock(tsk); |
1107 | return 0; |
1108 | diff --git a/net/unix/diag.c b/net/unix/diag.c |
1109 | index f0486ae9ebe6..2656840cf203 100644 |
1110 | --- a/net/unix/diag.c |
1111 | +++ b/net/unix/diag.c |
1112 | @@ -134,6 +134,7 @@ static int sk_diag_fill(struct sock *sk, struct sk_buff *skb, struct unix_diag_r |
1113 | rep->udiag_family = AF_UNIX; |
1114 | rep->udiag_type = sk->sk_type; |
1115 | rep->udiag_state = sk->sk_state; |
1116 | + rep->pad = 0; |
1117 | rep->udiag_ino = sk_ino; |
1118 | sock_diag_save_cookie(sk, rep->udiag_cookie); |
1119 | |
1120 | diff --git a/net/wireless/radiotap.c b/net/wireless/radiotap.c |
1121 | index c4ad7958af52..617a310025b1 100644 |
1122 | --- a/net/wireless/radiotap.c |
1123 | +++ b/net/wireless/radiotap.c |
1124 | @@ -95,6 +95,10 @@ int ieee80211_radiotap_iterator_init( |
1125 | struct ieee80211_radiotap_header *radiotap_header, |
1126 | int max_length, const struct ieee80211_radiotap_vendor_namespaces *vns) |
1127 | { |
1128 | + /* check the radiotap header can actually be present */ |
1129 | + if (max_length < sizeof(struct ieee80211_radiotap_header)) |
1130 | + return -EINVAL; |
1131 | + |
1132 | /* Linux only supports version 0 radiotap format */ |
1133 | if (radiotap_header->it_version) |
1134 | return -EINVAL; |
1135 | @@ -129,7 +133,8 @@ int ieee80211_radiotap_iterator_init( |
1136 | */ |
1137 | |
1138 | if ((unsigned long)iterator->_arg - |
1139 | - (unsigned long)iterator->_rtheader > |
1140 | + (unsigned long)iterator->_rtheader + |
1141 | + sizeof(uint32_t) > |
1142 | (unsigned long)iterator->_max_length) |
1143 | return -EINVAL; |
1144 | } |