1 |
commit: 5224b72d03d54d71f867a8280b21db6616a390cf |
2 |
Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed May 27 15:26:45 2020 +0000 |
4 |
Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed May 27 15:26:45 2020 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=5224b72d |
7 |
|
8 |
Linux patch 4.4.225 |
9 |
|
10 |
Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org> |
11 |
|
12 |
0000_README | 4 + |
13 |
1224_linux-4.4.225.patch | 3799 ++++++++++++++++++++++++++++++++++++++++++++++ |
14 |
2 files changed, 3803 insertions(+) |
15 |
|
16 |
diff --git a/0000_README b/0000_README |
17 |
index fb38e65..6e7060b 100644 |
18 |
--- a/0000_README |
19 |
+++ b/0000_README |
20 |
@@ -939,6 +939,10 @@ Patch: 1223_linux-4.4.224.patch |
21 |
From: http://www.kernel.org |
22 |
Desc: Linux 4.4.224 |
23 |
|
24 |
+Patch: 1224_linux-4.4.225.patch |
25 |
+From: http://www.kernel.org |
26 |
+Desc: Linux 4.4.225 |
27 |
+ |
28 |
Patch: 1500_XATTR_USER_PREFIX.patch |
29 |
From: https://bugs.gentoo.org/show_bug.cgi?id=470644 |
30 |
Desc: Support for namespace user.pax.* on tmpfs. |
31 |
|
32 |
diff --git a/1224_linux-4.4.225.patch b/1224_linux-4.4.225.patch |
33 |
new file mode 100644 |
34 |
index 0000000..f1d7a75 |
35 |
--- /dev/null |
36 |
+++ b/1224_linux-4.4.225.patch |
37 |
@@ -0,0 +1,3799 @@ |
38 |
+diff --git a/Documentation/networking/l2tp.txt b/Documentation/networking/l2tp.txt |
39 |
+index 4650a00ed012..9bc271cdc9a8 100644 |
40 |
+--- a/Documentation/networking/l2tp.txt |
41 |
++++ b/Documentation/networking/l2tp.txt |
42 |
+@@ -177,10 +177,10 @@ setsockopt on the PPPoX socket to set a debug mask. |
43 |
+ |
44 |
+ The following debug mask bits are available: |
45 |
+ |
46 |
+-PPPOL2TP_MSG_DEBUG verbose debug (if compiled in) |
47 |
+-PPPOL2TP_MSG_CONTROL userspace - kernel interface |
48 |
+-PPPOL2TP_MSG_SEQ sequence numbers handling |
49 |
+-PPPOL2TP_MSG_DATA data packets |
50 |
++L2TP_MSG_DEBUG verbose debug (if compiled in) |
51 |
++L2TP_MSG_CONTROL userspace - kernel interface |
52 |
++L2TP_MSG_SEQ sequence numbers handling |
53 |
++L2TP_MSG_DATA data packets |
54 |
+ |
55 |
+ If enabled, files under a l2tp debugfs directory can be used to dump |
56 |
+ kernel state about L2TP tunnels and sessions. To access it, the |
57 |
+diff --git a/Makefile b/Makefile |
58 |
+index f381af71fa32..4e5362707405 100644 |
59 |
+--- a/Makefile |
60 |
++++ b/Makefile |
61 |
+@@ -1,6 +1,6 @@ |
62 |
+ VERSION = 4 |
63 |
+ PATCHLEVEL = 4 |
64 |
+-SUBLEVEL = 224 |
65 |
++SUBLEVEL = 225 |
66 |
+ EXTRAVERSION = |
67 |
+ NAME = Blurry Fish Butt |
68 |
+ |
69 |
+diff --git a/arch/arm/include/asm/futex.h b/arch/arm/include/asm/futex.h |
70 |
+index cc414382dab4..561b2ba6bc28 100644 |
71 |
+--- a/arch/arm/include/asm/futex.h |
72 |
++++ b/arch/arm/include/asm/futex.h |
73 |
+@@ -162,8 +162,13 @@ arch_futex_atomic_op_inuser(int op, int oparg, int *oval, u32 __user *uaddr) |
74 |
+ preempt_enable(); |
75 |
+ #endif |
76 |
+ |
77 |
+- if (!ret) |
78 |
+- *oval = oldval; |
79 |
++ /* |
80 |
++ * Store unconditionally. If ret != 0 the extra store is the least |
81 |
++ * of the worries but GCC cannot figure out that __futex_atomic_op() |
82 |
++ * is either setting ret to -EFAULT or storing the old value in |
83 |
++ * oldval which results in a uninitialized warning at the call site. |
84 |
++ */ |
85 |
++ *oval = oldval; |
86 |
+ |
87 |
+ return ret; |
88 |
+ } |
89 |
+diff --git a/drivers/hid/hid-ids.h b/drivers/hid/hid-ids.h |
90 |
+index e1807296a1a0..33d2b5948d7f 100644 |
91 |
+--- a/drivers/hid/hid-ids.h |
92 |
++++ b/drivers/hid/hid-ids.h |
93 |
+@@ -319,6 +319,7 @@ |
94 |
+ #define USB_DEVICE_ID_DWAV_EGALAX_MULTITOUCH_7349 0x7349 |
95 |
+ #define USB_DEVICE_ID_DWAV_EGALAX_MULTITOUCH_73F7 0x73f7 |
96 |
+ #define USB_DEVICE_ID_DWAV_EGALAX_MULTITOUCH_A001 0xa001 |
97 |
++#define USB_DEVICE_ID_DWAV_EGALAX_MULTITOUCH_C002 0xc002 |
98 |
+ |
99 |
+ #define USB_VENDOR_ID_ELAN 0x04f3 |
100 |
+ |
101 |
+diff --git a/drivers/hid/hid-multitouch.c b/drivers/hid/hid-multitouch.c |
102 |
+index 9de379c1b3fd..56c4a81d3ea2 100644 |
103 |
+--- a/drivers/hid/hid-multitouch.c |
104 |
++++ b/drivers/hid/hid-multitouch.c |
105 |
+@@ -1300,6 +1300,9 @@ static const struct hid_device_id mt_devices[] = { |
106 |
+ { .driver_data = MT_CLS_EGALAX_SERIAL, |
107 |
+ MT_USB_DEVICE(USB_VENDOR_ID_DWAV, |
108 |
+ USB_DEVICE_ID_DWAV_EGALAX_MULTITOUCH_A001) }, |
109 |
++ { .driver_data = MT_CLS_EGALAX, |
110 |
++ MT_USB_DEVICE(USB_VENDOR_ID_DWAV, |
111 |
++ USB_DEVICE_ID_DWAV_EGALAX_MULTITOUCH_C002) }, |
112 |
+ |
113 |
+ /* Elitegroup panel */ |
114 |
+ { .driver_data = MT_CLS_SERIAL, |
115 |
+diff --git a/drivers/i2c/i2c-dev.c b/drivers/i2c/i2c-dev.c |
116 |
+index e56b774e7cf9..7584f292e2fd 100644 |
117 |
+--- a/drivers/i2c/i2c-dev.c |
118 |
++++ b/drivers/i2c/i2c-dev.c |
119 |
+@@ -22,6 +22,7 @@ |
120 |
+ |
121 |
+ /* The I2C_RDWR ioctl code is written by Kolja Waschk <waschk@×××××.de> */ |
122 |
+ |
123 |
++#include <linux/cdev.h> |
124 |
+ #include <linux/kernel.h> |
125 |
+ #include <linux/module.h> |
126 |
+ #include <linux/device.h> |
127 |
+@@ -46,10 +47,11 @@ |
128 |
+ struct i2c_dev { |
129 |
+ struct list_head list; |
130 |
+ struct i2c_adapter *adap; |
131 |
+- struct device *dev; |
132 |
++ struct device dev; |
133 |
++ struct cdev cdev; |
134 |
+ }; |
135 |
+ |
136 |
+-#define I2C_MINORS 256 |
137 |
++#define I2C_MINORS MINORMASK |
138 |
+ static LIST_HEAD(i2c_dev_list); |
139 |
+ static DEFINE_SPINLOCK(i2c_dev_list_lock); |
140 |
+ |
141 |
+@@ -89,12 +91,14 @@ static struct i2c_dev *get_free_i2c_dev(struct i2c_adapter *adap) |
142 |
+ return i2c_dev; |
143 |
+ } |
144 |
+ |
145 |
+-static void return_i2c_dev(struct i2c_dev *i2c_dev) |
146 |
++static void put_i2c_dev(struct i2c_dev *i2c_dev, bool del_cdev) |
147 |
+ { |
148 |
+ spin_lock(&i2c_dev_list_lock); |
149 |
+ list_del(&i2c_dev->list); |
150 |
+ spin_unlock(&i2c_dev_list_lock); |
151 |
+- kfree(i2c_dev); |
152 |
++ if (del_cdev) |
153 |
++ cdev_device_del(&i2c_dev->cdev, &i2c_dev->dev); |
154 |
++ put_device(&i2c_dev->dev); |
155 |
+ } |
156 |
+ |
157 |
+ static ssize_t name_show(struct device *dev, |
158 |
+@@ -490,13 +494,8 @@ static int i2cdev_open(struct inode *inode, struct file *file) |
159 |
+ unsigned int minor = iminor(inode); |
160 |
+ struct i2c_client *client; |
161 |
+ struct i2c_adapter *adap; |
162 |
+- struct i2c_dev *i2c_dev; |
163 |
+- |
164 |
+- i2c_dev = i2c_dev_get_by_minor(minor); |
165 |
+- if (!i2c_dev) |
166 |
+- return -ENODEV; |
167 |
+ |
168 |
+- adap = i2c_get_adapter(i2c_dev->adap->nr); |
169 |
++ adap = i2c_get_adapter(minor); |
170 |
+ if (!adap) |
171 |
+ return -ENODEV; |
172 |
+ |
173 |
+@@ -545,6 +544,14 @@ static const struct file_operations i2cdev_fops = { |
174 |
+ |
175 |
+ static struct class *i2c_dev_class; |
176 |
+ |
177 |
++static void i2cdev_dev_release(struct device *dev) |
178 |
++{ |
179 |
++ struct i2c_dev *i2c_dev; |
180 |
++ |
181 |
++ i2c_dev = container_of(dev, struct i2c_dev, dev); |
182 |
++ kfree(i2c_dev); |
183 |
++} |
184 |
++ |
185 |
+ static int i2cdev_attach_adapter(struct device *dev, void *dummy) |
186 |
+ { |
187 |
+ struct i2c_adapter *adap; |
188 |
+@@ -559,21 +566,25 @@ static int i2cdev_attach_adapter(struct device *dev, void *dummy) |
189 |
+ if (IS_ERR(i2c_dev)) |
190 |
+ return PTR_ERR(i2c_dev); |
191 |
+ |
192 |
+- /* register this i2c device with the driver core */ |
193 |
+- i2c_dev->dev = device_create(i2c_dev_class, &adap->dev, |
194 |
+- MKDEV(I2C_MAJOR, adap->nr), NULL, |
195 |
+- "i2c-%d", adap->nr); |
196 |
+- if (IS_ERR(i2c_dev->dev)) { |
197 |
+- res = PTR_ERR(i2c_dev->dev); |
198 |
+- goto error; |
199 |
++ cdev_init(&i2c_dev->cdev, &i2cdev_fops); |
200 |
++ i2c_dev->cdev.owner = THIS_MODULE; |
201 |
++ |
202 |
++ device_initialize(&i2c_dev->dev); |
203 |
++ i2c_dev->dev.devt = MKDEV(I2C_MAJOR, adap->nr); |
204 |
++ i2c_dev->dev.class = i2c_dev_class; |
205 |
++ i2c_dev->dev.parent = &adap->dev; |
206 |
++ i2c_dev->dev.release = i2cdev_dev_release; |
207 |
++ dev_set_name(&i2c_dev->dev, "i2c-%d", adap->nr); |
208 |
++ |
209 |
++ res = cdev_device_add(&i2c_dev->cdev, &i2c_dev->dev); |
210 |
++ if (res) { |
211 |
++ put_i2c_dev(i2c_dev, false); |
212 |
++ return res; |
213 |
+ } |
214 |
+ |
215 |
+ pr_debug("i2c-dev: adapter [%s] registered as minor %d\n", |
216 |
+ adap->name, adap->nr); |
217 |
+ return 0; |
218 |
+-error: |
219 |
+- return_i2c_dev(i2c_dev); |
220 |
+- return res; |
221 |
+ } |
222 |
+ |
223 |
+ static int i2cdev_detach_adapter(struct device *dev, void *dummy) |
224 |
+@@ -589,8 +600,7 @@ static int i2cdev_detach_adapter(struct device *dev, void *dummy) |
225 |
+ if (!i2c_dev) /* attach_adapter must have failed */ |
226 |
+ return 0; |
227 |
+ |
228 |
+- return_i2c_dev(i2c_dev); |
229 |
+- device_destroy(i2c_dev_class, MKDEV(I2C_MAJOR, adap->nr)); |
230 |
++ put_i2c_dev(i2c_dev, true); |
231 |
+ |
232 |
+ pr_debug("i2c-dev: adapter [%s] unregistered\n", adap->name); |
233 |
+ return 0; |
234 |
+@@ -627,7 +637,7 @@ static int __init i2c_dev_init(void) |
235 |
+ |
236 |
+ printk(KERN_INFO "i2c /dev entries driver\n"); |
237 |
+ |
238 |
+- res = register_chrdev(I2C_MAJOR, "i2c", &i2cdev_fops); |
239 |
++ res = register_chrdev_region(MKDEV(I2C_MAJOR, 0), I2C_MINORS, "i2c"); |
240 |
+ if (res) |
241 |
+ goto out; |
242 |
+ |
243 |
+@@ -651,7 +661,7 @@ static int __init i2c_dev_init(void) |
244 |
+ out_unreg_class: |
245 |
+ class_destroy(i2c_dev_class); |
246 |
+ out_unreg_chrdev: |
247 |
+- unregister_chrdev(I2C_MAJOR, "i2c"); |
248 |
++ unregister_chrdev_region(MKDEV(I2C_MAJOR, 0), I2C_MINORS); |
249 |
+ out: |
250 |
+ printk(KERN_ERR "%s: Driver Initialisation failed\n", __FILE__); |
251 |
+ return res; |
252 |
+@@ -662,7 +672,7 @@ static void __exit i2c_dev_exit(void) |
253 |
+ bus_unregister_notifier(&i2c_bus_type, &i2cdev_notifier); |
254 |
+ i2c_for_each_dev(NULL, i2cdev_detach_adapter); |
255 |
+ class_destroy(i2c_dev_class); |
256 |
+- unregister_chrdev(I2C_MAJOR, "i2c"); |
257 |
++ unregister_chrdev_region(MKDEV(I2C_MAJOR, 0), I2C_MINORS); |
258 |
+ } |
259 |
+ |
260 |
+ MODULE_AUTHOR("Frodo Looijaard <frodol@×××.nl> and " |
261 |
+diff --git a/drivers/media/media-device.c b/drivers/media/media-device.c |
262 |
+index 7b39440192d6..0ca9506f4654 100644 |
263 |
+--- a/drivers/media/media-device.c |
264 |
++++ b/drivers/media/media-device.c |
265 |
+@@ -24,6 +24,7 @@ |
266 |
+ #include <linux/export.h> |
267 |
+ #include <linux/ioctl.h> |
268 |
+ #include <linux/media.h> |
269 |
++#include <linux/slab.h> |
270 |
+ #include <linux/types.h> |
271 |
+ |
272 |
+ #include <media/media-device.h> |
273 |
+@@ -234,7 +235,7 @@ static long media_device_ioctl(struct file *filp, unsigned int cmd, |
274 |
+ unsigned long arg) |
275 |
+ { |
276 |
+ struct media_devnode *devnode = media_devnode_data(filp); |
277 |
+- struct media_device *dev = to_media_device(devnode); |
278 |
++ struct media_device *dev = devnode->media_dev; |
279 |
+ long ret; |
280 |
+ |
281 |
+ switch (cmd) { |
282 |
+@@ -303,7 +304,7 @@ static long media_device_compat_ioctl(struct file *filp, unsigned int cmd, |
283 |
+ unsigned long arg) |
284 |
+ { |
285 |
+ struct media_devnode *devnode = media_devnode_data(filp); |
286 |
+- struct media_device *dev = to_media_device(devnode); |
287 |
++ struct media_device *dev = devnode->media_dev; |
288 |
+ long ret; |
289 |
+ |
290 |
+ switch (cmd) { |
291 |
+@@ -344,7 +345,8 @@ static const struct media_file_operations media_device_fops = { |
292 |
+ static ssize_t show_model(struct device *cd, |
293 |
+ struct device_attribute *attr, char *buf) |
294 |
+ { |
295 |
+- struct media_device *mdev = to_media_device(to_media_devnode(cd)); |
296 |
++ struct media_devnode *devnode = to_media_devnode(cd); |
297 |
++ struct media_device *mdev = devnode->media_dev; |
298 |
+ |
299 |
+ return sprintf(buf, "%.*s\n", (int)sizeof(mdev->model), mdev->model); |
300 |
+ } |
301 |
+@@ -372,6 +374,7 @@ static void media_device_release(struct media_devnode *mdev) |
302 |
+ int __must_check __media_device_register(struct media_device *mdev, |
303 |
+ struct module *owner) |
304 |
+ { |
305 |
++ struct media_devnode *devnode; |
306 |
+ int ret; |
307 |
+ |
308 |
+ if (WARN_ON(mdev->dev == NULL || mdev->model[0] == 0)) |
309 |
+@@ -382,17 +385,28 @@ int __must_check __media_device_register(struct media_device *mdev, |
310 |
+ spin_lock_init(&mdev->lock); |
311 |
+ mutex_init(&mdev->graph_mutex); |
312 |
+ |
313 |
++ devnode = kzalloc(sizeof(*devnode), GFP_KERNEL); |
314 |
++ if (!devnode) |
315 |
++ return -ENOMEM; |
316 |
++ |
317 |
+ /* Register the device node. */ |
318 |
+- mdev->devnode.fops = &media_device_fops; |
319 |
+- mdev->devnode.parent = mdev->dev; |
320 |
+- mdev->devnode.release = media_device_release; |
321 |
+- ret = media_devnode_register(&mdev->devnode, owner); |
322 |
+- if (ret < 0) |
323 |
++ mdev->devnode = devnode; |
324 |
++ devnode->fops = &media_device_fops; |
325 |
++ devnode->parent = mdev->dev; |
326 |
++ devnode->release = media_device_release; |
327 |
++ ret = media_devnode_register(mdev, devnode, owner); |
328 |
++ if (ret < 0) { |
329 |
++ /* devnode free is handled in media_devnode_*() */ |
330 |
++ mdev->devnode = NULL; |
331 |
+ return ret; |
332 |
++ } |
333 |
+ |
334 |
+- ret = device_create_file(&mdev->devnode.dev, &dev_attr_model); |
335 |
++ ret = device_create_file(&devnode->dev, &dev_attr_model); |
336 |
+ if (ret < 0) { |
337 |
+- media_devnode_unregister(&mdev->devnode); |
338 |
++ /* devnode free is handled in media_devnode_*() */ |
339 |
++ mdev->devnode = NULL; |
340 |
++ media_devnode_unregister_prepare(devnode); |
341 |
++ media_devnode_unregister(devnode); |
342 |
+ return ret; |
343 |
+ } |
344 |
+ |
345 |
+@@ -410,11 +424,16 @@ void media_device_unregister(struct media_device *mdev) |
346 |
+ struct media_entity *entity; |
347 |
+ struct media_entity *next; |
348 |
+ |
349 |
++ /* Clear the devnode register bit to avoid races with media dev open */ |
350 |
++ media_devnode_unregister_prepare(mdev->devnode); |
351 |
++ |
352 |
+ list_for_each_entry_safe(entity, next, &mdev->entities, list) |
353 |
+ media_device_unregister_entity(entity); |
354 |
+ |
355 |
+- device_remove_file(&mdev->devnode.dev, &dev_attr_model); |
356 |
+- media_devnode_unregister(&mdev->devnode); |
357 |
++ device_remove_file(&mdev->devnode->dev, &dev_attr_model); |
358 |
++ media_devnode_unregister(mdev->devnode); |
359 |
++ /* devnode free is handled in media_devnode_*() */ |
360 |
++ mdev->devnode = NULL; |
361 |
+ } |
362 |
+ EXPORT_SYMBOL_GPL(media_device_unregister); |
363 |
+ |
364 |
+diff --git a/drivers/media/media-devnode.c b/drivers/media/media-devnode.c |
365 |
+index ebf9626e5ae5..e887120d19aa 100644 |
366 |
+--- a/drivers/media/media-devnode.c |
367 |
++++ b/drivers/media/media-devnode.c |
368 |
+@@ -44,6 +44,7 @@ |
369 |
+ #include <linux/uaccess.h> |
370 |
+ |
371 |
+ #include <media/media-devnode.h> |
372 |
++#include <media/media-device.h> |
373 |
+ |
374 |
+ #define MEDIA_NUM_DEVICES 256 |
375 |
+ #define MEDIA_NAME "media" |
376 |
+@@ -59,21 +60,19 @@ static DECLARE_BITMAP(media_devnode_nums, MEDIA_NUM_DEVICES); |
377 |
+ /* Called when the last user of the media device exits. */ |
378 |
+ static void media_devnode_release(struct device *cd) |
379 |
+ { |
380 |
+- struct media_devnode *mdev = to_media_devnode(cd); |
381 |
++ struct media_devnode *devnode = to_media_devnode(cd); |
382 |
+ |
383 |
+ mutex_lock(&media_devnode_lock); |
384 |
+- |
385 |
+- /* Delete the cdev on this minor as well */ |
386 |
+- cdev_del(&mdev->cdev); |
387 |
+- |
388 |
+ /* Mark device node number as free */ |
389 |
+- clear_bit(mdev->minor, media_devnode_nums); |
390 |
+- |
391 |
++ clear_bit(devnode->minor, media_devnode_nums); |
392 |
+ mutex_unlock(&media_devnode_lock); |
393 |
+ |
394 |
+ /* Release media_devnode and perform other cleanups as needed. */ |
395 |
+- if (mdev->release) |
396 |
+- mdev->release(mdev); |
397 |
++ if (devnode->release) |
398 |
++ devnode->release(devnode); |
399 |
++ |
400 |
++ kfree(devnode); |
401 |
++ pr_debug("%s: Media Devnode Deallocated\n", __func__); |
402 |
+ } |
403 |
+ |
404 |
+ static struct bus_type media_bus_type = { |
405 |
+@@ -83,37 +82,37 @@ static struct bus_type media_bus_type = { |
406 |
+ static ssize_t media_read(struct file *filp, char __user *buf, |
407 |
+ size_t sz, loff_t *off) |
408 |
+ { |
409 |
+- struct media_devnode *mdev = media_devnode_data(filp); |
410 |
++ struct media_devnode *devnode = media_devnode_data(filp); |
411 |
+ |
412 |
+- if (!mdev->fops->read) |
413 |
++ if (!devnode->fops->read) |
414 |
+ return -EINVAL; |
415 |
+- if (!media_devnode_is_registered(mdev)) |
416 |
++ if (!media_devnode_is_registered(devnode)) |
417 |
+ return -EIO; |
418 |
+- return mdev->fops->read(filp, buf, sz, off); |
419 |
++ return devnode->fops->read(filp, buf, sz, off); |
420 |
+ } |
421 |
+ |
422 |
+ static ssize_t media_write(struct file *filp, const char __user *buf, |
423 |
+ size_t sz, loff_t *off) |
424 |
+ { |
425 |
+- struct media_devnode *mdev = media_devnode_data(filp); |
426 |
++ struct media_devnode *devnode = media_devnode_data(filp); |
427 |
+ |
428 |
+- if (!mdev->fops->write) |
429 |
++ if (!devnode->fops->write) |
430 |
+ return -EINVAL; |
431 |
+- if (!media_devnode_is_registered(mdev)) |
432 |
++ if (!media_devnode_is_registered(devnode)) |
433 |
+ return -EIO; |
434 |
+- return mdev->fops->write(filp, buf, sz, off); |
435 |
++ return devnode->fops->write(filp, buf, sz, off); |
436 |
+ } |
437 |
+ |
438 |
+ static unsigned int media_poll(struct file *filp, |
439 |
+ struct poll_table_struct *poll) |
440 |
+ { |
441 |
+- struct media_devnode *mdev = media_devnode_data(filp); |
442 |
++ struct media_devnode *devnode = media_devnode_data(filp); |
443 |
+ |
444 |
+- if (!media_devnode_is_registered(mdev)) |
445 |
++ if (!media_devnode_is_registered(devnode)) |
446 |
+ return POLLERR | POLLHUP; |
447 |
+- if (!mdev->fops->poll) |
448 |
++ if (!devnode->fops->poll) |
449 |
+ return DEFAULT_POLLMASK; |
450 |
+- return mdev->fops->poll(filp, poll); |
451 |
++ return devnode->fops->poll(filp, poll); |
452 |
+ } |
453 |
+ |
454 |
+ static long |
455 |
+@@ -121,12 +120,12 @@ __media_ioctl(struct file *filp, unsigned int cmd, unsigned long arg, |
456 |
+ long (*ioctl_func)(struct file *filp, unsigned int cmd, |
457 |
+ unsigned long arg)) |
458 |
+ { |
459 |
+- struct media_devnode *mdev = media_devnode_data(filp); |
460 |
++ struct media_devnode *devnode = media_devnode_data(filp); |
461 |
+ |
462 |
+ if (!ioctl_func) |
463 |
+ return -ENOTTY; |
464 |
+ |
465 |
+- if (!media_devnode_is_registered(mdev)) |
466 |
++ if (!media_devnode_is_registered(devnode)) |
467 |
+ return -EIO; |
468 |
+ |
469 |
+ return ioctl_func(filp, cmd, arg); |
470 |
+@@ -134,9 +133,9 @@ __media_ioctl(struct file *filp, unsigned int cmd, unsigned long arg, |
471 |
+ |
472 |
+ static long media_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) |
473 |
+ { |
474 |
+- struct media_devnode *mdev = media_devnode_data(filp); |
475 |
++ struct media_devnode *devnode = media_devnode_data(filp); |
476 |
+ |
477 |
+- return __media_ioctl(filp, cmd, arg, mdev->fops->ioctl); |
478 |
++ return __media_ioctl(filp, cmd, arg, devnode->fops->ioctl); |
479 |
+ } |
480 |
+ |
481 |
+ #ifdef CONFIG_COMPAT |
482 |
+@@ -144,9 +143,9 @@ static long media_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) |
483 |
+ static long media_compat_ioctl(struct file *filp, unsigned int cmd, |
484 |
+ unsigned long arg) |
485 |
+ { |
486 |
+- struct media_devnode *mdev = media_devnode_data(filp); |
487 |
++ struct media_devnode *devnode = media_devnode_data(filp); |
488 |
+ |
489 |
+- return __media_ioctl(filp, cmd, arg, mdev->fops->compat_ioctl); |
490 |
++ return __media_ioctl(filp, cmd, arg, devnode->fops->compat_ioctl); |
491 |
+ } |
492 |
+ |
493 |
+ #endif /* CONFIG_COMPAT */ |
494 |
+@@ -154,7 +153,7 @@ static long media_compat_ioctl(struct file *filp, unsigned int cmd, |
495 |
+ /* Override for the open function */ |
496 |
+ static int media_open(struct inode *inode, struct file *filp) |
497 |
+ { |
498 |
+- struct media_devnode *mdev; |
499 |
++ struct media_devnode *devnode; |
500 |
+ int ret; |
501 |
+ |
502 |
+ /* Check if the media device is available. This needs to be done with |
503 |
+@@ -164,23 +163,24 @@ static int media_open(struct inode *inode, struct file *filp) |
504 |
+ * a crash. |
505 |
+ */ |
506 |
+ mutex_lock(&media_devnode_lock); |
507 |
+- mdev = container_of(inode->i_cdev, struct media_devnode, cdev); |
508 |
++ devnode = container_of(inode->i_cdev, struct media_devnode, cdev); |
509 |
+ /* return ENXIO if the media device has been removed |
510 |
+ already or if it is not registered anymore. */ |
511 |
+- if (!media_devnode_is_registered(mdev)) { |
512 |
++ if (!media_devnode_is_registered(devnode)) { |
513 |
+ mutex_unlock(&media_devnode_lock); |
514 |
+ return -ENXIO; |
515 |
+ } |
516 |
+ /* and increase the device refcount */ |
517 |
+- get_device(&mdev->dev); |
518 |
++ get_device(&devnode->dev); |
519 |
+ mutex_unlock(&media_devnode_lock); |
520 |
+ |
521 |
+- filp->private_data = mdev; |
522 |
++ filp->private_data = devnode; |
523 |
+ |
524 |
+- if (mdev->fops->open) { |
525 |
+- ret = mdev->fops->open(filp); |
526 |
++ if (devnode->fops->open) { |
527 |
++ ret = devnode->fops->open(filp); |
528 |
+ if (ret) { |
529 |
+- put_device(&mdev->dev); |
530 |
++ put_device(&devnode->dev); |
531 |
++ filp->private_data = NULL; |
532 |
+ return ret; |
533 |
+ } |
534 |
+ } |
535 |
+@@ -191,15 +191,18 @@ static int media_open(struct inode *inode, struct file *filp) |
536 |
+ /* Override for the release function */ |
537 |
+ static int media_release(struct inode *inode, struct file *filp) |
538 |
+ { |
539 |
+- struct media_devnode *mdev = media_devnode_data(filp); |
540 |
++ struct media_devnode *devnode = media_devnode_data(filp); |
541 |
++ |
542 |
++ if (devnode->fops->release) |
543 |
++ devnode->fops->release(filp); |
544 |
+ |
545 |
+- if (mdev->fops->release) |
546 |
+- mdev->fops->release(filp); |
547 |
++ filp->private_data = NULL; |
548 |
+ |
549 |
+ /* decrease the refcount unconditionally since the release() |
550 |
+ return value is ignored. */ |
551 |
+- put_device(&mdev->dev); |
552 |
+- filp->private_data = NULL; |
553 |
++ put_device(&devnode->dev); |
554 |
++ |
555 |
++ pr_debug("%s: Media Release\n", __func__); |
556 |
+ return 0; |
557 |
+ } |
558 |
+ |
559 |
+@@ -219,7 +222,8 @@ static const struct file_operations media_devnode_fops = { |
560 |
+ |
561 |
+ /** |
562 |
+ * media_devnode_register - register a media device node |
563 |
+- * @mdev: media device node structure we want to register |
564 |
++ * @media_dev: struct media_device we want to register a device node |
565 |
++ * @devnode: media device node structure we want to register |
566 |
+ * |
567 |
+ * The registration code assigns minor numbers and registers the new device node |
568 |
+ * with the kernel. An error is returned if no free minor number can be found, |
569 |
+@@ -231,7 +235,8 @@ static const struct file_operations media_devnode_fops = { |
570 |
+ * the media_devnode structure is *not* called, so the caller is responsible for |
571 |
+ * freeing any data. |
572 |
+ */ |
573 |
+-int __must_check media_devnode_register(struct media_devnode *mdev, |
574 |
++int __must_check media_devnode_register(struct media_device *mdev, |
575 |
++ struct media_devnode *devnode, |
576 |
+ struct module *owner) |
577 |
+ { |
578 |
+ int minor; |
579 |
+@@ -243,68 +248,89 @@ int __must_check media_devnode_register(struct media_devnode *mdev, |
580 |
+ if (minor == MEDIA_NUM_DEVICES) { |
581 |
+ mutex_unlock(&media_devnode_lock); |
582 |
+ pr_err("could not get a free minor\n"); |
583 |
++ kfree(devnode); |
584 |
+ return -ENFILE; |
585 |
+ } |
586 |
+ |
587 |
+ set_bit(minor, media_devnode_nums); |
588 |
+ mutex_unlock(&media_devnode_lock); |
589 |
+ |
590 |
+- mdev->minor = minor; |
591 |
++ devnode->minor = minor; |
592 |
++ devnode->media_dev = mdev; |
593 |
++ |
594 |
++ /* Part 1: Initialize dev now to use dev.kobj for cdev.kobj.parent */ |
595 |
++ devnode->dev.bus = &media_bus_type; |
596 |
++ devnode->dev.devt = MKDEV(MAJOR(media_dev_t), devnode->minor); |
597 |
++ devnode->dev.release = media_devnode_release; |
598 |
++ if (devnode->parent) |
599 |
++ devnode->dev.parent = devnode->parent; |
600 |
++ dev_set_name(&devnode->dev, "media%d", devnode->minor); |
601 |
++ device_initialize(&devnode->dev); |
602 |
+ |
603 |
+ /* Part 2: Initialize and register the character device */ |
604 |
+- cdev_init(&mdev->cdev, &media_devnode_fops); |
605 |
+- mdev->cdev.owner = owner; |
606 |
++ cdev_init(&devnode->cdev, &media_devnode_fops); |
607 |
++ devnode->cdev.owner = owner; |
608 |
++ devnode->cdev.kobj.parent = &devnode->dev.kobj; |
609 |
+ |
610 |
+- ret = cdev_add(&mdev->cdev, MKDEV(MAJOR(media_dev_t), mdev->minor), 1); |
611 |
++ ret = cdev_add(&devnode->cdev, MKDEV(MAJOR(media_dev_t), devnode->minor), 1); |
612 |
+ if (ret < 0) { |
613 |
+ pr_err("%s: cdev_add failed\n", __func__); |
614 |
+- goto error; |
615 |
++ goto cdev_add_error; |
616 |
+ } |
617 |
+ |
618 |
+- /* Part 3: Register the media device */ |
619 |
+- mdev->dev.bus = &media_bus_type; |
620 |
+- mdev->dev.devt = MKDEV(MAJOR(media_dev_t), mdev->minor); |
621 |
+- mdev->dev.release = media_devnode_release; |
622 |
+- if (mdev->parent) |
623 |
+- mdev->dev.parent = mdev->parent; |
624 |
+- dev_set_name(&mdev->dev, "media%d", mdev->minor); |
625 |
+- ret = device_register(&mdev->dev); |
626 |
++ /* Part 3: Add the media device */ |
627 |
++ ret = device_add(&devnode->dev); |
628 |
+ if (ret < 0) { |
629 |
+- pr_err("%s: device_register failed\n", __func__); |
630 |
+- goto error; |
631 |
++ pr_err("%s: device_add failed\n", __func__); |
632 |
++ goto device_add_error; |
633 |
+ } |
634 |
+ |
635 |
+ /* Part 4: Activate this minor. The char device can now be used. */ |
636 |
+- set_bit(MEDIA_FLAG_REGISTERED, &mdev->flags); |
637 |
++ set_bit(MEDIA_FLAG_REGISTERED, &devnode->flags); |
638 |
+ |
639 |
+ return 0; |
640 |
+ |
641 |
+-error: |
642 |
+- cdev_del(&mdev->cdev); |
643 |
+- clear_bit(mdev->minor, media_devnode_nums); |
644 |
++device_add_error: |
645 |
++ cdev_del(&devnode->cdev); |
646 |
++cdev_add_error: |
647 |
++ mutex_lock(&media_devnode_lock); |
648 |
++ clear_bit(devnode->minor, media_devnode_nums); |
649 |
++ devnode->media_dev = NULL; |
650 |
++ mutex_unlock(&media_devnode_lock); |
651 |
++ |
652 |
++ put_device(&devnode->dev); |
653 |
+ return ret; |
654 |
+ } |
655 |
+ |
656 |
++void media_devnode_unregister_prepare(struct media_devnode *devnode) |
657 |
++{ |
658 |
++ /* Check if devnode was ever registered at all */ |
659 |
++ if (!media_devnode_is_registered(devnode)) |
660 |
++ return; |
661 |
++ |
662 |
++ mutex_lock(&media_devnode_lock); |
663 |
++ clear_bit(MEDIA_FLAG_REGISTERED, &devnode->flags); |
664 |
++ mutex_unlock(&media_devnode_lock); |
665 |
++} |
666 |
++ |
667 |
+ /** |
668 |
+ * media_devnode_unregister - unregister a media device node |
669 |
+- * @mdev: the device node to unregister |
670 |
++ * @devnode: the device node to unregister |
671 |
+ * |
672 |
+ * This unregisters the passed device. Future open calls will be met with |
673 |
+ * errors. |
674 |
+ * |
675 |
+- * This function can safely be called if the device node has never been |
676 |
+- * registered or has already been unregistered. |
677 |
++ * Should be called after media_devnode_unregister_prepare() |
678 |
+ */ |
679 |
+-void media_devnode_unregister(struct media_devnode *mdev) |
680 |
++void media_devnode_unregister(struct media_devnode *devnode) |
681 |
+ { |
682 |
+- /* Check if mdev was ever registered at all */ |
683 |
+- if (!media_devnode_is_registered(mdev)) |
684 |
+- return; |
685 |
+- |
686 |
+ mutex_lock(&media_devnode_lock); |
687 |
+- clear_bit(MEDIA_FLAG_REGISTERED, &mdev->flags); |
688 |
++ /* Delete the cdev on this minor as well */ |
689 |
++ cdev_del(&devnode->cdev); |
690 |
+ mutex_unlock(&media_devnode_lock); |
691 |
+- device_unregister(&mdev->dev); |
692 |
++ device_del(&devnode->dev); |
693 |
++ devnode->media_dev = NULL; |
694 |
++ put_device(&devnode->dev); |
695 |
+ } |
696 |
+ |
697 |
+ /* |
698 |
+diff --git a/drivers/media/usb/uvc/uvc_driver.c b/drivers/media/usb/uvc/uvc_driver.c |
699 |
+index 9cd0268b2767..f353ab569b8e 100644 |
700 |
+--- a/drivers/media/usb/uvc/uvc_driver.c |
701 |
++++ b/drivers/media/usb/uvc/uvc_driver.c |
702 |
+@@ -1800,7 +1800,7 @@ static void uvc_delete(struct uvc_device *dev) |
703 |
+ if (dev->vdev.dev) |
704 |
+ v4l2_device_unregister(&dev->vdev); |
705 |
+ #ifdef CONFIG_MEDIA_CONTROLLER |
706 |
+- if (media_devnode_is_registered(&dev->mdev.devnode)) |
707 |
++ if (media_devnode_is_registered(dev->mdev.devnode)) |
708 |
+ media_device_unregister(&dev->mdev); |
709 |
+ #endif |
710 |
+ |
711 |
+diff --git a/drivers/misc/mei/client.c b/drivers/misc/mei/client.c |
712 |
+index df268365e04e..c8e3995b8cb7 100644 |
713 |
+--- a/drivers/misc/mei/client.c |
714 |
++++ b/drivers/misc/mei/client.c |
715 |
+@@ -276,6 +276,7 @@ void mei_me_cl_rm_by_uuid(struct mei_device *dev, const uuid_le *uuid) |
716 |
+ down_write(&dev->me_clients_rwsem); |
717 |
+ me_cl = __mei_me_cl_by_uuid(dev, uuid); |
718 |
+ __mei_me_cl_del(dev, me_cl); |
719 |
++ mei_me_cl_put(me_cl); |
720 |
+ up_write(&dev->me_clients_rwsem); |
721 |
+ } |
722 |
+ |
723 |
+@@ -297,6 +298,7 @@ void mei_me_cl_rm_by_uuid_id(struct mei_device *dev, const uuid_le *uuid, u8 id) |
724 |
+ down_write(&dev->me_clients_rwsem); |
725 |
+ me_cl = __mei_me_cl_by_uuid_id(dev, uuid, id); |
726 |
+ __mei_me_cl_del(dev, me_cl); |
727 |
++ mei_me_cl_put(me_cl); |
728 |
+ up_write(&dev->me_clients_rwsem); |
729 |
+ } |
730 |
+ |
731 |
+diff --git a/drivers/net/ethernet/intel/igb/igb_main.c b/drivers/net/ethernet/intel/igb/igb_main.c |
732 |
+index 9404f38d9d0d..2cf5c581c7e0 100644 |
733 |
+--- a/drivers/net/ethernet/intel/igb/igb_main.c |
734 |
++++ b/drivers/net/ethernet/intel/igb/igb_main.c |
735 |
+@@ -3296,7 +3296,7 @@ void igb_configure_tx_ring(struct igb_adapter *adapter, |
736 |
+ tdba & 0x00000000ffffffffULL); |
737 |
+ wr32(E1000_TDBAH(reg_idx), tdba >> 32); |
738 |
+ |
739 |
+- ring->tail = hw->hw_addr + E1000_TDT(reg_idx); |
740 |
++ ring->tail = adapter->io_addr + E1000_TDT(reg_idx); |
741 |
+ wr32(E1000_TDH(reg_idx), 0); |
742 |
+ writel(0, ring->tail); |
743 |
+ |
744 |
+@@ -3652,7 +3652,7 @@ void igb_configure_rx_ring(struct igb_adapter *adapter, |
745 |
+ ring->count * sizeof(union e1000_adv_rx_desc)); |
746 |
+ |
747 |
+ /* initialize head and tail */ |
748 |
+- ring->tail = hw->hw_addr + E1000_RDT(reg_idx); |
749 |
++ ring->tail = adapter->io_addr + E1000_RDT(reg_idx); |
750 |
+ wr32(E1000_RDH(reg_idx), 0); |
751 |
+ writel(0, ring->tail); |
752 |
+ |
753 |
+diff --git a/drivers/nvdimm/btt.c b/drivers/nvdimm/btt.c |
754 |
+index 957234272ef7..727eaf203463 100644 |
755 |
+--- a/drivers/nvdimm/btt.c |
756 |
++++ b/drivers/nvdimm/btt.c |
757 |
+@@ -443,9 +443,9 @@ static int btt_log_init(struct arena_info *arena) |
758 |
+ |
759 |
+ static int btt_freelist_init(struct arena_info *arena) |
760 |
+ { |
761 |
+- int old, new, ret; |
762 |
++ int new, ret; |
763 |
+ u32 i, map_entry; |
764 |
+- struct log_entry log_new, log_old; |
765 |
++ struct log_entry log_new; |
766 |
+ |
767 |
+ arena->freelist = kcalloc(arena->nfree, sizeof(struct free_entry), |
768 |
+ GFP_KERNEL); |
769 |
+@@ -453,10 +453,6 @@ static int btt_freelist_init(struct arena_info *arena) |
770 |
+ return -ENOMEM; |
771 |
+ |
772 |
+ for (i = 0; i < arena->nfree; i++) { |
773 |
+- old = btt_log_read(arena, i, &log_old, LOG_OLD_ENT); |
774 |
+- if (old < 0) |
775 |
+- return old; |
776 |
+- |
777 |
+ new = btt_log_read(arena, i, &log_new, LOG_NEW_ENT); |
778 |
+ if (new < 0) |
779 |
+ return new; |
780 |
+diff --git a/drivers/platform/x86/alienware-wmi.c b/drivers/platform/x86/alienware-wmi.c |
781 |
+index f5585740a765..95121bff2d3e 100644 |
782 |
+--- a/drivers/platform/x86/alienware-wmi.c |
783 |
++++ b/drivers/platform/x86/alienware-wmi.c |
784 |
+@@ -449,23 +449,22 @@ static acpi_status alienware_hdmi_command(struct hdmi_args *in_args, |
785 |
+ |
786 |
+ input.length = (acpi_size) sizeof(*in_args); |
787 |
+ input.pointer = in_args; |
788 |
+- if (out_data != NULL) { |
789 |
++ if (out_data) { |
790 |
+ output.length = ACPI_ALLOCATE_BUFFER; |
791 |
+ output.pointer = NULL; |
792 |
+ status = wmi_evaluate_method(WMAX_CONTROL_GUID, 1, |
793 |
+ command, &input, &output); |
794 |
+- } else |
795 |
++ if (ACPI_SUCCESS(status)) { |
796 |
++ obj = (union acpi_object *)output.pointer; |
797 |
++ if (obj && obj->type == ACPI_TYPE_INTEGER) |
798 |
++ *out_data = (u32)obj->integer.value; |
799 |
++ } |
800 |
++ kfree(output.pointer); |
801 |
++ } else { |
802 |
+ status = wmi_evaluate_method(WMAX_CONTROL_GUID, 1, |
803 |
+ command, &input, NULL); |
804 |
+- |
805 |
+- if (ACPI_SUCCESS(status) && out_data != NULL) { |
806 |
+- obj = (union acpi_object *)output.pointer; |
807 |
+- if (obj && obj->type == ACPI_TYPE_INTEGER) |
808 |
+- *out_data = (u32) obj->integer.value; |
809 |
+ } |
810 |
+- kfree(output.pointer); |
811 |
+ return status; |
812 |
+- |
813 |
+ } |
814 |
+ |
815 |
+ static ssize_t show_hdmi_cable(struct device *dev, |
816 |
+diff --git a/drivers/platform/x86/asus-nb-wmi.c b/drivers/platform/x86/asus-nb-wmi.c |
817 |
+index cccf250cd1e3..ee64c9512a3a 100644 |
818 |
+--- a/drivers/platform/x86/asus-nb-wmi.c |
819 |
++++ b/drivers/platform/x86/asus-nb-wmi.c |
820 |
+@@ -551,9 +551,33 @@ static struct asus_wmi_driver asus_nb_wmi_driver = { |
821 |
+ .detect_quirks = asus_nb_wmi_quirks, |
822 |
+ }; |
823 |
+ |
824 |
++static const struct dmi_system_id asus_nb_wmi_blacklist[] __initconst = { |
825 |
++ { |
826 |
++ /* |
827 |
++ * asus-nb-wm adds no functionality. The T100TA has a detachable |
828 |
++ * USB kbd, so no hotkeys and it has no WMI rfkill; and loading |
829 |
++ * asus-nb-wm causes the camera LED to turn and _stay_ on. |
830 |
++ */ |
831 |
++ .matches = { |
832 |
++ DMI_EXACT_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."), |
833 |
++ DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "T100TA"), |
834 |
++ }, |
835 |
++ }, |
836 |
++ { |
837 |
++ /* The Asus T200TA has the same issue as the T100TA */ |
838 |
++ .matches = { |
839 |
++ DMI_EXACT_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."), |
840 |
++ DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "T200TA"), |
841 |
++ }, |
842 |
++ }, |
843 |
++ {} /* Terminating entry */ |
844 |
++}; |
845 |
+ |
846 |
+ static int __init asus_nb_wmi_init(void) |
847 |
+ { |
848 |
++ if (dmi_check_system(asus_nb_wmi_blacklist)) |
849 |
++ return -ENODEV; |
850 |
++ |
851 |
+ return asus_wmi_register_driver(&asus_nb_wmi_driver); |
852 |
+ } |
853 |
+ |
854 |
+diff --git a/drivers/staging/iio/accel/sca3000_ring.c b/drivers/staging/iio/accel/sca3000_ring.c |
855 |
+index 20b878d35ea2..fc8b6f179ec6 100644 |
856 |
+--- a/drivers/staging/iio/accel/sca3000_ring.c |
857 |
++++ b/drivers/staging/iio/accel/sca3000_ring.c |
858 |
+@@ -56,7 +56,7 @@ static int sca3000_read_data(struct sca3000_state *st, |
859 |
+ st->tx[0] = SCA3000_READ_REG(reg_address_high); |
860 |
+ ret = spi_sync_transfer(st->us, xfer, ARRAY_SIZE(xfer)); |
861 |
+ if (ret) { |
862 |
+- dev_err(get_device(&st->us->dev), "problem reading register"); |
863 |
++ dev_err(&st->us->dev, "problem reading register"); |
864 |
+ goto error_free_rx; |
865 |
+ } |
866 |
+ |
867 |
+diff --git a/drivers/staging/iio/resolver/ad2s1210.c b/drivers/staging/iio/resolver/ad2s1210.c |
868 |
+index 8eb7179da342..4a12a3ea3f25 100644 |
869 |
+--- a/drivers/staging/iio/resolver/ad2s1210.c |
870 |
++++ b/drivers/staging/iio/resolver/ad2s1210.c |
871 |
+@@ -125,17 +125,24 @@ static int ad2s1210_config_write(struct ad2s1210_state *st, u8 data) |
872 |
+ static int ad2s1210_config_read(struct ad2s1210_state *st, |
873 |
+ unsigned char address) |
874 |
+ { |
875 |
+- struct spi_transfer xfer = { |
876 |
+- .len = 2, |
877 |
+- .rx_buf = st->rx, |
878 |
+- .tx_buf = st->tx, |
879 |
++ struct spi_transfer xfers[] = { |
880 |
++ { |
881 |
++ .len = 1, |
882 |
++ .rx_buf = &st->rx[0], |
883 |
++ .tx_buf = &st->tx[0], |
884 |
++ .cs_change = 1, |
885 |
++ }, { |
886 |
++ .len = 1, |
887 |
++ .rx_buf = &st->rx[1], |
888 |
++ .tx_buf = &st->tx[1], |
889 |
++ }, |
890 |
+ }; |
891 |
+ int ret = 0; |
892 |
+ |
893 |
+ ad2s1210_set_mode(MOD_CONFIG, st); |
894 |
+ st->tx[0] = address | AD2S1210_MSB_IS_HIGH; |
895 |
+ st->tx[1] = AD2S1210_REG_FAULT; |
896 |
+- ret = spi_sync_transfer(st->sdev, &xfer, 1); |
897 |
++ ret = spi_sync_transfer(st->sdev, xfers, 2); |
898 |
+ if (ret < 0) |
899 |
+ return ret; |
900 |
+ st->old_data = true; |
901 |
+diff --git a/drivers/usb/core/message.c b/drivers/usb/core/message.c |
902 |
+index 747343c61398..f083ecfddd1b 100644 |
903 |
+--- a/drivers/usb/core/message.c |
904 |
++++ b/drivers/usb/core/message.c |
905 |
+@@ -1080,11 +1080,11 @@ void usb_disable_endpoint(struct usb_device *dev, unsigned int epaddr, |
906 |
+ |
907 |
+ if (usb_endpoint_out(epaddr)) { |
908 |
+ ep = dev->ep_out[epnum]; |
909 |
+- if (reset_hardware) |
910 |
++ if (reset_hardware && epnum != 0) |
911 |
+ dev->ep_out[epnum] = NULL; |
912 |
+ } else { |
913 |
+ ep = dev->ep_in[epnum]; |
914 |
+- if (reset_hardware) |
915 |
++ if (reset_hardware && epnum != 0) |
916 |
+ dev->ep_in[epnum] = NULL; |
917 |
+ } |
918 |
+ if (ep) { |
919 |
+diff --git a/fs/ceph/caps.c b/fs/ceph/caps.c |
920 |
+index efdf81ea3b5f..3d0497421e62 100644 |
921 |
+--- a/fs/ceph/caps.c |
922 |
++++ b/fs/ceph/caps.c |
923 |
+@@ -3293,6 +3293,7 @@ retry: |
924 |
+ WARN_ON(1); |
925 |
+ tsession = NULL; |
926 |
+ target = -1; |
927 |
++ mutex_lock(&session->s_mutex); |
928 |
+ } |
929 |
+ goto retry; |
930 |
+ |
931 |
+diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c |
932 |
+index 53679716baca..18b9213ce0bd 100644 |
933 |
+--- a/fs/ext4/xattr.c |
934 |
++++ b/fs/ext4/xattr.c |
935 |
+@@ -139,31 +139,26 @@ static __le32 ext4_xattr_block_csum(struct inode *inode, |
936 |
+ } |
937 |
+ |
938 |
+ static int ext4_xattr_block_csum_verify(struct inode *inode, |
939 |
+- sector_t block_nr, |
940 |
+- struct ext4_xattr_header *hdr) |
941 |
++ struct buffer_head *bh) |
942 |
+ { |
943 |
+- if (ext4_has_metadata_csum(inode->i_sb) && |
944 |
+- (hdr->h_checksum != ext4_xattr_block_csum(inode, block_nr, hdr))) |
945 |
+- return 0; |
946 |
+- return 1; |
947 |
+-} |
948 |
+- |
949 |
+-static void ext4_xattr_block_csum_set(struct inode *inode, |
950 |
+- sector_t block_nr, |
951 |
+- struct ext4_xattr_header *hdr) |
952 |
+-{ |
953 |
+- if (!ext4_has_metadata_csum(inode->i_sb)) |
954 |
+- return; |
955 |
++ struct ext4_xattr_header *hdr = BHDR(bh); |
956 |
++ int ret = 1; |
957 |
+ |
958 |
+- hdr->h_checksum = ext4_xattr_block_csum(inode, block_nr, hdr); |
959 |
++ if (ext4_has_metadata_csum(inode->i_sb)) { |
960 |
++ lock_buffer(bh); |
961 |
++ ret = (hdr->h_checksum == ext4_xattr_block_csum(inode, |
962 |
++ bh->b_blocknr, hdr)); |
963 |
++ unlock_buffer(bh); |
964 |
++ } |
965 |
++ return ret; |
966 |
+ } |
967 |
+ |
968 |
+-static inline int ext4_handle_dirty_xattr_block(handle_t *handle, |
969 |
+- struct inode *inode, |
970 |
+- struct buffer_head *bh) |
971 |
++static void ext4_xattr_block_csum_set(struct inode *inode, |
972 |
++ struct buffer_head *bh) |
973 |
+ { |
974 |
+- ext4_xattr_block_csum_set(inode, bh->b_blocknr, BHDR(bh)); |
975 |
+- return ext4_handle_dirty_metadata(handle, inode, bh); |
976 |
++ if (ext4_has_metadata_csum(inode->i_sb)) |
977 |
++ BHDR(bh)->h_checksum = ext4_xattr_block_csum(inode, |
978 |
++ bh->b_blocknr, BHDR(bh)); |
979 |
+ } |
980 |
+ |
981 |
+ static inline const struct xattr_handler * |
982 |
+@@ -226,7 +221,7 @@ ext4_xattr_check_block(struct inode *inode, struct buffer_head *bh) |
983 |
+ if (buffer_verified(bh)) |
984 |
+ return 0; |
985 |
+ |
986 |
+- if (!ext4_xattr_block_csum_verify(inode, bh->b_blocknr, BHDR(bh))) |
987 |
++ if (!ext4_xattr_block_csum_verify(inode, bh)) |
988 |
+ return -EFSBADCRC; |
989 |
+ error = ext4_xattr_check_names(BFIRST(bh), bh->b_data + bh->b_size, |
990 |
+ bh->b_data); |
991 |
+@@ -590,23 +585,23 @@ ext4_xattr_release_block(handle_t *handle, struct inode *inode, |
992 |
+ le32_add_cpu(&BHDR(bh)->h_refcount, -1); |
993 |
+ if (ce) |
994 |
+ mb_cache_entry_release(ce); |
995 |
++ |
996 |
++ ext4_xattr_block_csum_set(inode, bh); |
997 |
+ /* |
998 |
+ * Beware of this ugliness: Releasing of xattr block references |
999 |
+ * from different inodes can race and so we have to protect |
1000 |
+ * from a race where someone else frees the block (and releases |
1001 |
+ * its journal_head) before we are done dirtying the buffer. In |
1002 |
+ * nojournal mode this race is harmless and we actually cannot |
1003 |
+- * call ext4_handle_dirty_xattr_block() with locked buffer as |
1004 |
++ * call ext4_handle_dirty_metadata() with locked buffer as |
1005 |
+ * that function can call sync_dirty_buffer() so for that case |
1006 |
+ * we handle the dirtying after unlocking the buffer. |
1007 |
+ */ |
1008 |
+ if (ext4_handle_valid(handle)) |
1009 |
+- error = ext4_handle_dirty_xattr_block(handle, inode, |
1010 |
+- bh); |
1011 |
++ error = ext4_handle_dirty_metadata(handle, inode, bh); |
1012 |
+ unlock_buffer(bh); |
1013 |
+ if (!ext4_handle_valid(handle)) |
1014 |
+- error = ext4_handle_dirty_xattr_block(handle, inode, |
1015 |
+- bh); |
1016 |
++ error = ext4_handle_dirty_metadata(handle, inode, bh); |
1017 |
+ if (IS_SYNC(inode)) |
1018 |
+ ext4_handle_sync(handle); |
1019 |
+ dquot_free_block(inode, EXT4_C2B(EXT4_SB(inode->i_sb), 1)); |
1020 |
+@@ -837,13 +832,14 @@ ext4_xattr_block_set(handle_t *handle, struct inode *inode, |
1021 |
+ ext4_xattr_rehash(header(s->base), |
1022 |
+ s->here); |
1023 |
+ } |
1024 |
++ ext4_xattr_block_csum_set(inode, bs->bh); |
1025 |
+ unlock_buffer(bs->bh); |
1026 |
+ if (error == -EFSCORRUPTED) |
1027 |
+ goto bad_block; |
1028 |
+ if (!error) |
1029 |
+- error = ext4_handle_dirty_xattr_block(handle, |
1030 |
+- inode, |
1031 |
+- bs->bh); |
1032 |
++ error = ext4_handle_dirty_metadata(handle, |
1033 |
++ inode, |
1034 |
++ bs->bh); |
1035 |
+ if (error) |
1036 |
+ goto cleanup; |
1037 |
+ goto inserted; |
1038 |
+@@ -912,10 +908,11 @@ inserted: |
1039 |
+ le32_add_cpu(&BHDR(new_bh)->h_refcount, 1); |
1040 |
+ ea_bdebug(new_bh, "reusing; refcount now=%d", |
1041 |
+ le32_to_cpu(BHDR(new_bh)->h_refcount)); |
1042 |
++ ext4_xattr_block_csum_set(inode, new_bh); |
1043 |
+ unlock_buffer(new_bh); |
1044 |
+- error = ext4_handle_dirty_xattr_block(handle, |
1045 |
+- inode, |
1046 |
+- new_bh); |
1047 |
++ error = ext4_handle_dirty_metadata(handle, |
1048 |
++ inode, |
1049 |
++ new_bh); |
1050 |
+ if (error) |
1051 |
+ goto cleanup_dquot; |
1052 |
+ } |
1053 |
+@@ -965,11 +962,12 @@ getblk_failed: |
1054 |
+ goto getblk_failed; |
1055 |
+ } |
1056 |
+ memcpy(new_bh->b_data, s->base, new_bh->b_size); |
1057 |
++ ext4_xattr_block_csum_set(inode, new_bh); |
1058 |
+ set_buffer_uptodate(new_bh); |
1059 |
+ unlock_buffer(new_bh); |
1060 |
+ ext4_xattr_cache_insert(ext4_mb_cache, new_bh); |
1061 |
+- error = ext4_handle_dirty_xattr_block(handle, |
1062 |
+- inode, new_bh); |
1063 |
++ error = ext4_handle_dirty_metadata(handle, inode, |
1064 |
++ new_bh); |
1065 |
+ if (error) |
1066 |
+ goto cleanup; |
1067 |
+ } |
1068 |
+diff --git a/fs/file.c b/fs/file.c |
1069 |
+index 7e9eb65a2912..090015401c55 100644 |
1070 |
+--- a/fs/file.c |
1071 |
++++ b/fs/file.c |
1072 |
+@@ -88,7 +88,7 @@ static void copy_fd_bitmaps(struct fdtable *nfdt, struct fdtable *ofdt, |
1073 |
+ */ |
1074 |
+ static void copy_fdtable(struct fdtable *nfdt, struct fdtable *ofdt) |
1075 |
+ { |
1076 |
+- unsigned int cpy, set; |
1077 |
++ size_t cpy, set; |
1078 |
+ |
1079 |
+ BUG_ON(nfdt->max_fds < ofdt->max_fds); |
1080 |
+ |
1081 |
+diff --git a/fs/gfs2/glock.c b/fs/gfs2/glock.c |
1082 |
+index f80ffccb0316..1eb737c466dd 100644 |
1083 |
+--- a/fs/gfs2/glock.c |
1084 |
++++ b/fs/gfs2/glock.c |
1085 |
+@@ -541,9 +541,6 @@ __acquires(&gl->gl_lockref.lock) |
1086 |
+ goto out_unlock; |
1087 |
+ if (nonblock) |
1088 |
+ goto out_sched; |
1089 |
+- smp_mb(); |
1090 |
+- if (atomic_read(&gl->gl_revokes) != 0) |
1091 |
+- goto out_sched; |
1092 |
+ set_bit(GLF_DEMOTE_IN_PROGRESS, &gl->gl_flags); |
1093 |
+ GLOCK_BUG_ON(gl, gl->gl_demote_state == LM_ST_EXCLUSIVE); |
1094 |
+ gl->gl_target = gl->gl_demote_state; |
1095 |
+diff --git a/include/linux/cpumask.h b/include/linux/cpumask.h |
1096 |
+index bb3a4bb35183..f0a3fc723ae4 100644 |
1097 |
+--- a/include/linux/cpumask.h |
1098 |
++++ b/include/linux/cpumask.h |
1099 |
+@@ -160,6 +160,8 @@ static inline unsigned int cpumask_local_spread(unsigned int i, int node) |
1100 |
+ for ((cpu) = 0; (cpu) < 1; (cpu)++, (void)mask) |
1101 |
+ #define for_each_cpu_not(cpu, mask) \ |
1102 |
+ for ((cpu) = 0; (cpu) < 1; (cpu)++, (void)mask) |
1103 |
++#define for_each_cpu_wrap(cpu, mask, start) \ |
1104 |
++ for ((cpu) = 0; (cpu) < 1; (cpu)++, (void)mask, (void)(start)) |
1105 |
+ #define for_each_cpu_and(cpu, mask, and) \ |
1106 |
+ for ((cpu) = 0; (cpu) < 1; (cpu)++, (void)mask, (void)and) |
1107 |
+ #else |
1108 |
+@@ -232,6 +234,23 @@ unsigned int cpumask_local_spread(unsigned int i, int node); |
1109 |
+ (cpu) = cpumask_next_zero((cpu), (mask)), \ |
1110 |
+ (cpu) < nr_cpu_ids;) |
1111 |
+ |
1112 |
++extern int cpumask_next_wrap(int n, const struct cpumask *mask, int start, bool wrap); |
1113 |
++ |
1114 |
++/** |
1115 |
++ * for_each_cpu_wrap - iterate over every cpu in a mask, starting at a specified location |
1116 |
++ * @cpu: the (optionally unsigned) integer iterator |
1117 |
++ * @mask: the cpumask poiter |
1118 |
++ * @start: the start location |
1119 |
++ * |
1120 |
++ * The implementation does not assume any bit in @mask is set (including @start). |
1121 |
++ * |
1122 |
++ * After the loop, cpu is >= nr_cpu_ids. |
1123 |
++ */ |
1124 |
++#define for_each_cpu_wrap(cpu, mask, start) \ |
1125 |
++ for ((cpu) = cpumask_next_wrap((start)-1, (mask), (start), false); \ |
1126 |
++ (cpu) < nr_cpumask_bits; \ |
1127 |
++ (cpu) = cpumask_next_wrap((cpu), (mask), (start), true)) |
1128 |
++ |
1129 |
+ /** |
1130 |
+ * for_each_cpu_and - iterate over every cpu in both masks |
1131 |
+ * @cpu: the (optionally unsigned) integer iterator |
1132 |
+diff --git a/include/linux/net.h b/include/linux/net.h |
1133 |
+index c00b8d182226..6de18ead3dfe 100644 |
1134 |
+--- a/include/linux/net.h |
1135 |
++++ b/include/linux/net.h |
1136 |
+@@ -291,6 +291,9 @@ int kernel_sendpage(struct socket *sock, struct page *page, int offset, |
1137 |
+ int kernel_sock_ioctl(struct socket *sock, int cmd, unsigned long arg); |
1138 |
+ int kernel_sock_shutdown(struct socket *sock, enum sock_shutdown_cmd how); |
1139 |
+ |
1140 |
++/* Routine returns the IP overhead imposed by a (caller-protected) socket. */ |
1141 |
++u32 kernel_sock_ip_overhead(struct sock *sk); |
1142 |
++ |
1143 |
+ #define MODULE_ALIAS_NETPROTO(proto) \ |
1144 |
+ MODULE_ALIAS("net-pf-" __stringify(proto)) |
1145 |
+ |
1146 |
+diff --git a/include/linux/padata.h b/include/linux/padata.h |
1147 |
+index 438694650471..547a8d1e4a3b 100644 |
1148 |
+--- a/include/linux/padata.h |
1149 |
++++ b/include/linux/padata.h |
1150 |
+@@ -24,7 +24,6 @@ |
1151 |
+ #include <linux/workqueue.h> |
1152 |
+ #include <linux/spinlock.h> |
1153 |
+ #include <linux/list.h> |
1154 |
+-#include <linux/timer.h> |
1155 |
+ #include <linux/notifier.h> |
1156 |
+ #include <linux/kobject.h> |
1157 |
+ |
1158 |
+@@ -37,6 +36,7 @@ |
1159 |
+ * @list: List entry, to attach to the padata lists. |
1160 |
+ * @pd: Pointer to the internal control structure. |
1161 |
+ * @cb_cpu: Callback cpu for serializatioon. |
1162 |
++ * @cpu: Cpu for parallelization. |
1163 |
+ * @seq_nr: Sequence number of the parallelized data object. |
1164 |
+ * @info: Used to pass information from the parallel to the serial function. |
1165 |
+ * @parallel: Parallel execution function. |
1166 |
+@@ -46,6 +46,7 @@ struct padata_priv { |
1167 |
+ struct list_head list; |
1168 |
+ struct parallel_data *pd; |
1169 |
+ int cb_cpu; |
1170 |
++ int cpu; |
1171 |
+ int info; |
1172 |
+ void (*parallel)(struct padata_priv *padata); |
1173 |
+ void (*serial)(struct padata_priv *padata); |
1174 |
+@@ -83,7 +84,6 @@ struct padata_serial_queue { |
1175 |
+ * @serial: List to wait for serialization after reordering. |
1176 |
+ * @pwork: work struct for parallelization. |
1177 |
+ * @swork: work struct for serialization. |
1178 |
+- * @pd: Backpointer to the internal control structure. |
1179 |
+ * @work: work struct for parallelization. |
1180 |
+ * @num_obj: Number of objects that are processed by this cpu. |
1181 |
+ * @cpu_index: Index of the cpu. |
1182 |
+@@ -91,7 +91,6 @@ struct padata_serial_queue { |
1183 |
+ struct padata_parallel_queue { |
1184 |
+ struct padata_list parallel; |
1185 |
+ struct padata_list reorder; |
1186 |
+- struct parallel_data *pd; |
1187 |
+ struct work_struct work; |
1188 |
+ atomic_t num_obj; |
1189 |
+ int cpu_index; |
1190 |
+@@ -118,10 +117,10 @@ struct padata_cpumask { |
1191 |
+ * @reorder_objects: Number of objects waiting in the reorder queues. |
1192 |
+ * @refcnt: Number of objects holding a reference on this parallel_data. |
1193 |
+ * @max_seq_nr: Maximal used sequence number. |
1194 |
++ * @cpu: Next CPU to be processed. |
1195 |
+ * @cpumask: The cpumasks in use for parallel and serial workers. |
1196 |
++ * @reorder_work: work struct for reordering. |
1197 |
+ * @lock: Reorder lock. |
1198 |
+- * @processed: Number of already processed objects. |
1199 |
+- * @timer: Reorder timer. |
1200 |
+ */ |
1201 |
+ struct parallel_data { |
1202 |
+ struct padata_instance *pinst; |
1203 |
+@@ -130,10 +129,10 @@ struct parallel_data { |
1204 |
+ atomic_t reorder_objects; |
1205 |
+ atomic_t refcnt; |
1206 |
+ atomic_t seq_nr; |
1207 |
++ int cpu; |
1208 |
+ struct padata_cpumask cpumask; |
1209 |
++ struct work_struct reorder_work; |
1210 |
+ spinlock_t lock ____cacheline_aligned; |
1211 |
+- unsigned int processed; |
1212 |
+- struct timer_list timer; |
1213 |
+ }; |
1214 |
+ |
1215 |
+ /** |
1216 |
+diff --git a/include/media/media-device.h b/include/media/media-device.h |
1217 |
+index 6e6db78f1ee2..00bbd679864a 100644 |
1218 |
+--- a/include/media/media-device.h |
1219 |
++++ b/include/media/media-device.h |
1220 |
+@@ -60,7 +60,7 @@ struct device; |
1221 |
+ struct media_device { |
1222 |
+ /* dev->driver_data points to this struct. */ |
1223 |
+ struct device *dev; |
1224 |
+- struct media_devnode devnode; |
1225 |
++ struct media_devnode *devnode; |
1226 |
+ |
1227 |
+ char model[32]; |
1228 |
+ char serial[40]; |
1229 |
+@@ -84,9 +84,6 @@ struct media_device { |
1230 |
+ #define MEDIA_DEV_NOTIFY_PRE_LINK_CH 0 |
1231 |
+ #define MEDIA_DEV_NOTIFY_POST_LINK_CH 1 |
1232 |
+ |
1233 |
+-/* media_devnode to media_device */ |
1234 |
+-#define to_media_device(node) container_of(node, struct media_device, devnode) |
1235 |
+- |
1236 |
+ int __must_check __media_device_register(struct media_device *mdev, |
1237 |
+ struct module *owner); |
1238 |
+ #define media_device_register(mdev) __media_device_register(mdev, THIS_MODULE) |
1239 |
+diff --git a/include/media/media-devnode.h b/include/media/media-devnode.h |
1240 |
+index 17ddae32060d..d5ff95bf2d4b 100644 |
1241 |
+--- a/include/media/media-devnode.h |
1242 |
++++ b/include/media/media-devnode.h |
1243 |
+@@ -33,6 +33,8 @@ |
1244 |
+ #include <linux/device.h> |
1245 |
+ #include <linux/cdev.h> |
1246 |
+ |
1247 |
++struct media_device; |
1248 |
++ |
1249 |
+ /* |
1250 |
+ * Flag to mark the media_devnode struct as registered. Drivers must not touch |
1251 |
+ * this flag directly, it will be set and cleared by media_devnode_register and |
1252 |
+@@ -67,6 +69,8 @@ struct media_file_operations { |
1253 |
+ * before registering the node. |
1254 |
+ */ |
1255 |
+ struct media_devnode { |
1256 |
++ struct media_device *media_dev; |
1257 |
++ |
1258 |
+ /* device ops */ |
1259 |
+ const struct media_file_operations *fops; |
1260 |
+ |
1261 |
+@@ -80,24 +84,42 @@ struct media_devnode { |
1262 |
+ unsigned long flags; /* Use bitops to access flags */ |
1263 |
+ |
1264 |
+ /* callbacks */ |
1265 |
+- void (*release)(struct media_devnode *mdev); |
1266 |
++ void (*release)(struct media_devnode *devnode); |
1267 |
+ }; |
1268 |
+ |
1269 |
+ /* dev to media_devnode */ |
1270 |
+ #define to_media_devnode(cd) container_of(cd, struct media_devnode, dev) |
1271 |
+ |
1272 |
+-int __must_check media_devnode_register(struct media_devnode *mdev, |
1273 |
++int __must_check media_devnode_register(struct media_device *mdev, |
1274 |
++ struct media_devnode *devnode, |
1275 |
+ struct module *owner); |
1276 |
+-void media_devnode_unregister(struct media_devnode *mdev); |
1277 |
++ |
1278 |
++/** |
1279 |
++ * media_devnode_unregister_prepare - clear the media device node register bit |
1280 |
++ * @devnode: the device node to prepare for unregister |
1281 |
++ * |
1282 |
++ * This clears the passed device register bit. Future open calls will be met |
1283 |
++ * with errors. Should be called before media_devnode_unregister() to avoid |
1284 |
++ * races with unregister and device file open calls. |
1285 |
++ * |
1286 |
++ * This function can safely be called if the device node has never been |
1287 |
++ * registered or has already been unregistered. |
1288 |
++ */ |
1289 |
++void media_devnode_unregister_prepare(struct media_devnode *devnode); |
1290 |
++ |
1291 |
++void media_devnode_unregister(struct media_devnode *devnode); |
1292 |
+ |
1293 |
+ static inline struct media_devnode *media_devnode_data(struct file *filp) |
1294 |
+ { |
1295 |
+ return filp->private_data; |
1296 |
+ } |
1297 |
+ |
1298 |
+-static inline int media_devnode_is_registered(struct media_devnode *mdev) |
1299 |
++static inline int media_devnode_is_registered(struct media_devnode *devnode) |
1300 |
+ { |
1301 |
+- return test_bit(MEDIA_FLAG_REGISTERED, &mdev->flags); |
1302 |
++ if (!devnode) |
1303 |
++ return false; |
1304 |
++ |
1305 |
++ return test_bit(MEDIA_FLAG_REGISTERED, &devnode->flags); |
1306 |
+ } |
1307 |
+ |
1308 |
+ #endif /* _MEDIA_DEVNODE_H */ |
1309 |
+diff --git a/include/net/ipv6.h b/include/net/ipv6.h |
1310 |
+index 6258264a0bf7..94880f07bc06 100644 |
1311 |
+--- a/include/net/ipv6.h |
1312 |
++++ b/include/net/ipv6.h |
1313 |
+@@ -915,6 +915,8 @@ int compat_ipv6_setsockopt(struct sock *sk, int level, int optname, |
1314 |
+ int compat_ipv6_getsockopt(struct sock *sk, int level, int optname, |
1315 |
+ char __user *optval, int __user *optlen); |
1316 |
+ |
1317 |
++int __ip6_datagram_connect(struct sock *sk, struct sockaddr *addr, |
1318 |
++ int addr_len); |
1319 |
+ int ip6_datagram_connect(struct sock *sk, struct sockaddr *addr, int addr_len); |
1320 |
+ int ip6_datagram_connect_v6_only(struct sock *sk, struct sockaddr *addr, |
1321 |
+ int addr_len); |
1322 |
+diff --git a/include/uapi/linux/if_pppol2tp.h b/include/uapi/linux/if_pppol2tp.h |
1323 |
+index 163e8adac2d6..de246e9f4974 100644 |
1324 |
+--- a/include/uapi/linux/if_pppol2tp.h |
1325 |
++++ b/include/uapi/linux/if_pppol2tp.h |
1326 |
+@@ -17,6 +17,7 @@ |
1327 |
+ |
1328 |
+ #include <linux/types.h> |
1329 |
+ |
1330 |
++#include <linux/l2tp.h> |
1331 |
+ |
1332 |
+ /* Structure used to connect() the socket to a particular tunnel UDP |
1333 |
+ * socket over IPv4. |
1334 |
+@@ -89,14 +90,12 @@ enum { |
1335 |
+ PPPOL2TP_SO_REORDERTO = 5, |
1336 |
+ }; |
1337 |
+ |
1338 |
+-/* Debug message categories for the DEBUG socket option */ |
1339 |
++/* Debug message categories for the DEBUG socket option (deprecated) */ |
1340 |
+ enum { |
1341 |
+- PPPOL2TP_MSG_DEBUG = (1 << 0), /* verbose debug (if |
1342 |
+- * compiled in) */ |
1343 |
+- PPPOL2TP_MSG_CONTROL = (1 << 1), /* userspace - kernel |
1344 |
+- * interface */ |
1345 |
+- PPPOL2TP_MSG_SEQ = (1 << 2), /* sequence numbers */ |
1346 |
+- PPPOL2TP_MSG_DATA = (1 << 3), /* data packets */ |
1347 |
++ PPPOL2TP_MSG_DEBUG = L2TP_MSG_DEBUG, |
1348 |
++ PPPOL2TP_MSG_CONTROL = L2TP_MSG_CONTROL, |
1349 |
++ PPPOL2TP_MSG_SEQ = L2TP_MSG_SEQ, |
1350 |
++ PPPOL2TP_MSG_DATA = L2TP_MSG_DATA, |
1351 |
+ }; |
1352 |
+ |
1353 |
+ |
1354 |
+diff --git a/include/uapi/linux/l2tp.h b/include/uapi/linux/l2tp.h |
1355 |
+index 347ef22a964e..dedfb2b1832a 100644 |
1356 |
+--- a/include/uapi/linux/l2tp.h |
1357 |
++++ b/include/uapi/linux/l2tp.h |
1358 |
+@@ -108,7 +108,7 @@ enum { |
1359 |
+ L2TP_ATTR_VLAN_ID, /* u16 */ |
1360 |
+ L2TP_ATTR_COOKIE, /* 0, 4 or 8 bytes */ |
1361 |
+ L2TP_ATTR_PEER_COOKIE, /* 0, 4 or 8 bytes */ |
1362 |
+- L2TP_ATTR_DEBUG, /* u32 */ |
1363 |
++ L2TP_ATTR_DEBUG, /* u32, enum l2tp_debug_flags */ |
1364 |
+ L2TP_ATTR_RECV_SEQ, /* u8 */ |
1365 |
+ L2TP_ATTR_SEND_SEQ, /* u8 */ |
1366 |
+ L2TP_ATTR_LNS_MODE, /* u8 */ |
1367 |
+@@ -173,6 +173,21 @@ enum l2tp_seqmode { |
1368 |
+ L2TP_SEQ_ALL = 2, |
1369 |
+ }; |
1370 |
+ |
1371 |
++/** |
1372 |
++ * enum l2tp_debug_flags - debug message categories for L2TP tunnels/sessions |
1373 |
++ * |
1374 |
++ * @L2TP_MSG_DEBUG: verbose debug (if compiled in) |
1375 |
++ * @L2TP_MSG_CONTROL: userspace - kernel interface |
1376 |
++ * @L2TP_MSG_SEQ: sequence numbers |
1377 |
++ * @L2TP_MSG_DATA: data packets |
1378 |
++ */ |
1379 |
++enum l2tp_debug_flags { |
1380 |
++ L2TP_MSG_DEBUG = (1 << 0), |
1381 |
++ L2TP_MSG_CONTROL = (1 << 1), |
1382 |
++ L2TP_MSG_SEQ = (1 << 2), |
1383 |
++ L2TP_MSG_DATA = (1 << 3), |
1384 |
++}; |
1385 |
++ |
1386 |
+ /* |
1387 |
+ * NETLINK_GENERIC related info |
1388 |
+ */ |
1389 |
+diff --git a/kernel/padata.c b/kernel/padata.c |
1390 |
+index ae036af3f012..c50975f43b34 100644 |
1391 |
+--- a/kernel/padata.c |
1392 |
++++ b/kernel/padata.c |
1393 |
+@@ -65,15 +65,11 @@ static int padata_cpu_hash(struct parallel_data *pd) |
1394 |
+ static void padata_parallel_worker(struct work_struct *parallel_work) |
1395 |
+ { |
1396 |
+ struct padata_parallel_queue *pqueue; |
1397 |
+- struct parallel_data *pd; |
1398 |
+- struct padata_instance *pinst; |
1399 |
+ LIST_HEAD(local_list); |
1400 |
+ |
1401 |
+ local_bh_disable(); |
1402 |
+ pqueue = container_of(parallel_work, |
1403 |
+ struct padata_parallel_queue, work); |
1404 |
+- pd = pqueue->pd; |
1405 |
+- pinst = pd->pinst; |
1406 |
+ |
1407 |
+ spin_lock(&pqueue->parallel.lock); |
1408 |
+ list_replace_init(&pqueue->parallel.list, &local_list); |
1409 |
+@@ -136,6 +132,7 @@ int padata_do_parallel(struct padata_instance *pinst, |
1410 |
+ padata->cb_cpu = cb_cpu; |
1411 |
+ |
1412 |
+ target_cpu = padata_cpu_hash(pd); |
1413 |
++ padata->cpu = target_cpu; |
1414 |
+ queue = per_cpu_ptr(pd->pqueue, target_cpu); |
1415 |
+ |
1416 |
+ spin_lock(&queue->parallel.lock); |
1417 |
+@@ -159,8 +156,6 @@ EXPORT_SYMBOL(padata_do_parallel); |
1418 |
+ * A pointer to the control struct of the next object that needs |
1419 |
+ * serialization, if present in one of the percpu reorder queues. |
1420 |
+ * |
1421 |
+- * NULL, if all percpu reorder queues are empty. |
1422 |
+- * |
1423 |
+ * -EINPROGRESS, if the next object that needs serialization will |
1424 |
+ * be parallel processed by another cpu and is not yet present in |
1425 |
+ * the cpu's reorder queue. |
1426 |
+@@ -170,25 +165,12 @@ EXPORT_SYMBOL(padata_do_parallel); |
1427 |
+ */ |
1428 |
+ static struct padata_priv *padata_get_next(struct parallel_data *pd) |
1429 |
+ { |
1430 |
+- int cpu, num_cpus; |
1431 |
+- unsigned int next_nr, next_index; |
1432 |
+ struct padata_parallel_queue *next_queue; |
1433 |
+ struct padata_priv *padata; |
1434 |
+ struct padata_list *reorder; |
1435 |
++ int cpu = pd->cpu; |
1436 |
+ |
1437 |
+- num_cpus = cpumask_weight(pd->cpumask.pcpu); |
1438 |
+- |
1439 |
+- /* |
1440 |
+- * Calculate the percpu reorder queue and the sequence |
1441 |
+- * number of the next object. |
1442 |
+- */ |
1443 |
+- next_nr = pd->processed; |
1444 |
+- next_index = next_nr % num_cpus; |
1445 |
+- cpu = padata_index_to_cpu(pd, next_index); |
1446 |
+ next_queue = per_cpu_ptr(pd->pqueue, cpu); |
1447 |
+- |
1448 |
+- padata = NULL; |
1449 |
+- |
1450 |
+ reorder = &next_queue->reorder; |
1451 |
+ |
1452 |
+ spin_lock(&reorder->lock); |
1453 |
+@@ -199,7 +181,8 @@ static struct padata_priv *padata_get_next(struct parallel_data *pd) |
1454 |
+ list_del_init(&padata->list); |
1455 |
+ atomic_dec(&pd->reorder_objects); |
1456 |
+ |
1457 |
+- pd->processed++; |
1458 |
++ pd->cpu = cpumask_next_wrap(cpu, pd->cpumask.pcpu, -1, |
1459 |
++ false); |
1460 |
+ |
1461 |
+ spin_unlock(&reorder->lock); |
1462 |
+ goto out; |
1463 |
+@@ -222,6 +205,7 @@ static void padata_reorder(struct parallel_data *pd) |
1464 |
+ struct padata_priv *padata; |
1465 |
+ struct padata_serial_queue *squeue; |
1466 |
+ struct padata_instance *pinst = pd->pinst; |
1467 |
++ struct padata_parallel_queue *next_queue; |
1468 |
+ |
1469 |
+ /* |
1470 |
+ * We need to ensure that only one cpu can work on dequeueing of |
1471 |
+@@ -240,12 +224,11 @@ static void padata_reorder(struct parallel_data *pd) |
1472 |
+ padata = padata_get_next(pd); |
1473 |
+ |
1474 |
+ /* |
1475 |
+- * All reorder queues are empty, or the next object that needs |
1476 |
+- * serialization is parallel processed by another cpu and is |
1477 |
+- * still on it's way to the cpu's reorder queue, nothing to |
1478 |
+- * do for now. |
1479 |
++ * If the next object that needs serialization is parallel |
1480 |
++ * processed by another cpu and is still on it's way to the |
1481 |
++ * cpu's reorder queue, nothing to do for now. |
1482 |
+ */ |
1483 |
+- if (!padata || PTR_ERR(padata) == -EINPROGRESS) |
1484 |
++ if (PTR_ERR(padata) == -EINPROGRESS) |
1485 |
+ break; |
1486 |
+ |
1487 |
+ /* |
1488 |
+@@ -254,7 +237,6 @@ static void padata_reorder(struct parallel_data *pd) |
1489 |
+ * so exit immediately. |
1490 |
+ */ |
1491 |
+ if (PTR_ERR(padata) == -ENODATA) { |
1492 |
+- del_timer(&pd->timer); |
1493 |
+ spin_unlock_bh(&pd->lock); |
1494 |
+ return; |
1495 |
+ } |
1496 |
+@@ -273,28 +255,27 @@ static void padata_reorder(struct parallel_data *pd) |
1497 |
+ |
1498 |
+ /* |
1499 |
+ * The next object that needs serialization might have arrived to |
1500 |
+- * the reorder queues in the meantime, we will be called again |
1501 |
+- * from the timer function if no one else cares for it. |
1502 |
++ * the reorder queues in the meantime. |
1503 |
+ * |
1504 |
+- * Ensure reorder_objects is read after pd->lock is dropped so we see |
1505 |
+- * an increment from another task in padata_do_serial. Pairs with |
1506 |
++ * Ensure reorder queue is read after pd->lock is dropped so we see |
1507 |
++ * new objects from another task in padata_do_serial. Pairs with |
1508 |
+ * smp_mb__after_atomic in padata_do_serial. |
1509 |
+ */ |
1510 |
+ smp_mb(); |
1511 |
+- if (atomic_read(&pd->reorder_objects) |
1512 |
+- && !(pinst->flags & PADATA_RESET)) |
1513 |
+- mod_timer(&pd->timer, jiffies + HZ); |
1514 |
+- else |
1515 |
+- del_timer(&pd->timer); |
1516 |
+ |
1517 |
+- return; |
1518 |
++ next_queue = per_cpu_ptr(pd->pqueue, pd->cpu); |
1519 |
++ if (!list_empty(&next_queue->reorder.list)) |
1520 |
++ queue_work(pinst->wq, &pd->reorder_work); |
1521 |
+ } |
1522 |
+ |
1523 |
+-static void padata_reorder_timer(unsigned long arg) |
1524 |
++static void invoke_padata_reorder(struct work_struct *work) |
1525 |
+ { |
1526 |
+- struct parallel_data *pd = (struct parallel_data *)arg; |
1527 |
++ struct parallel_data *pd; |
1528 |
+ |
1529 |
++ local_bh_disable(); |
1530 |
++ pd = container_of(work, struct parallel_data, reorder_work); |
1531 |
+ padata_reorder(pd); |
1532 |
++ local_bh_enable(); |
1533 |
+ } |
1534 |
+ |
1535 |
+ static void padata_serial_worker(struct work_struct *serial_work) |
1536 |
+@@ -341,29 +322,22 @@ static void padata_serial_worker(struct work_struct *serial_work) |
1537 |
+ */ |
1538 |
+ void padata_do_serial(struct padata_priv *padata) |
1539 |
+ { |
1540 |
+- int cpu; |
1541 |
+- struct padata_parallel_queue *pqueue; |
1542 |
+- struct parallel_data *pd; |
1543 |
+- |
1544 |
+- pd = padata->pd; |
1545 |
+- |
1546 |
+- cpu = get_cpu(); |
1547 |
+- pqueue = per_cpu_ptr(pd->pqueue, cpu); |
1548 |
++ struct parallel_data *pd = padata->pd; |
1549 |
++ struct padata_parallel_queue *pqueue = per_cpu_ptr(pd->pqueue, |
1550 |
++ padata->cpu); |
1551 |
+ |
1552 |
+ spin_lock(&pqueue->reorder.lock); |
1553 |
+- atomic_inc(&pd->reorder_objects); |
1554 |
+ list_add_tail(&padata->list, &pqueue->reorder.list); |
1555 |
++ atomic_inc(&pd->reorder_objects); |
1556 |
+ spin_unlock(&pqueue->reorder.lock); |
1557 |
+ |
1558 |
+ /* |
1559 |
+- * Ensure the atomic_inc of reorder_objects above is ordered correctly |
1560 |
++ * Ensure the addition to the reorder list is ordered correctly |
1561 |
+ * with the trylock of pd->lock in padata_reorder. Pairs with smp_mb |
1562 |
+ * in padata_reorder. |
1563 |
+ */ |
1564 |
+ smp_mb__after_atomic(); |
1565 |
+ |
1566 |
+- put_cpu(); |
1567 |
+- |
1568 |
+ padata_reorder(pd); |
1569 |
+ } |
1570 |
+ EXPORT_SYMBOL(padata_do_serial); |
1571 |
+@@ -412,9 +386,14 @@ static void padata_init_pqueues(struct parallel_data *pd) |
1572 |
+ struct padata_parallel_queue *pqueue; |
1573 |
+ |
1574 |
+ cpu_index = 0; |
1575 |
+- for_each_cpu(cpu, pd->cpumask.pcpu) { |
1576 |
++ for_each_possible_cpu(cpu) { |
1577 |
+ pqueue = per_cpu_ptr(pd->pqueue, cpu); |
1578 |
+- pqueue->pd = pd; |
1579 |
++ |
1580 |
++ if (!cpumask_test_cpu(cpu, pd->cpumask.pcpu)) { |
1581 |
++ pqueue->cpu_index = -1; |
1582 |
++ continue; |
1583 |
++ } |
1584 |
++ |
1585 |
+ pqueue->cpu_index = cpu_index; |
1586 |
+ cpu_index++; |
1587 |
+ |
1588 |
+@@ -448,12 +427,13 @@ static struct parallel_data *padata_alloc_pd(struct padata_instance *pinst, |
1589 |
+ |
1590 |
+ padata_init_pqueues(pd); |
1591 |
+ padata_init_squeues(pd); |
1592 |
+- setup_timer(&pd->timer, padata_reorder_timer, (unsigned long)pd); |
1593 |
+ atomic_set(&pd->seq_nr, -1); |
1594 |
+ atomic_set(&pd->reorder_objects, 0); |
1595 |
+ atomic_set(&pd->refcnt, 1); |
1596 |
+ pd->pinst = pinst; |
1597 |
+ spin_lock_init(&pd->lock); |
1598 |
++ pd->cpu = cpumask_first(pd->cpumask.pcpu); |
1599 |
++ INIT_WORK(&pd->reorder_work, invoke_padata_reorder); |
1600 |
+ |
1601 |
+ return pd; |
1602 |
+ |
1603 |
+diff --git a/lib/cpumask.c b/lib/cpumask.c |
1604 |
+index 5a70f6196f57..24f06e7abf92 100644 |
1605 |
+--- a/lib/cpumask.c |
1606 |
++++ b/lib/cpumask.c |
1607 |
+@@ -42,6 +42,38 @@ int cpumask_any_but(const struct cpumask *mask, unsigned int cpu) |
1608 |
+ return i; |
1609 |
+ } |
1610 |
+ |
1611 |
++/** |
1612 |
++ * cpumask_next_wrap - helper to implement for_each_cpu_wrap |
1613 |
++ * @n: the cpu prior to the place to search |
1614 |
++ * @mask: the cpumask pointer |
1615 |
++ * @start: the start point of the iteration |
1616 |
++ * @wrap: assume @n crossing @start terminates the iteration |
1617 |
++ * |
1618 |
++ * Returns >= nr_cpu_ids on completion |
1619 |
++ * |
1620 |
++ * Note: the @wrap argument is required for the start condition when |
1621 |
++ * we cannot assume @start is set in @mask. |
1622 |
++ */ |
1623 |
++int cpumask_next_wrap(int n, const struct cpumask *mask, int start, bool wrap) |
1624 |
++{ |
1625 |
++ int next; |
1626 |
++ |
1627 |
++again: |
1628 |
++ next = cpumask_next(n, mask); |
1629 |
++ |
1630 |
++ if (wrap && n < start && next >= start) { |
1631 |
++ return nr_cpumask_bits; |
1632 |
++ |
1633 |
++ } else if (next >= nr_cpumask_bits) { |
1634 |
++ wrap = true; |
1635 |
++ n = -1; |
1636 |
++ goto again; |
1637 |
++ } |
1638 |
++ |
1639 |
++ return next; |
1640 |
++} |
1641 |
++EXPORT_SYMBOL(cpumask_next_wrap); |
1642 |
++ |
1643 |
+ /* These are not inline because of header tangles. */ |
1644 |
+ #ifdef CONFIG_CPUMASK_OFFSTACK |
1645 |
+ /** |
1646 |
+diff --git a/net/ipv6/datagram.c b/net/ipv6/datagram.c |
1647 |
+index f33154365b64..389b6367a810 100644 |
1648 |
+--- a/net/ipv6/datagram.c |
1649 |
++++ b/net/ipv6/datagram.c |
1650 |
+@@ -40,7 +40,8 @@ static bool ipv6_mapped_addr_any(const struct in6_addr *a) |
1651 |
+ return ipv6_addr_v4mapped(a) && (a->s6_addr32[3] == 0); |
1652 |
+ } |
1653 |
+ |
1654 |
+-static int __ip6_datagram_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len) |
1655 |
++int __ip6_datagram_connect(struct sock *sk, struct sockaddr *uaddr, |
1656 |
++ int addr_len) |
1657 |
+ { |
1658 |
+ struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr; |
1659 |
+ struct inet_sock *inet = inet_sk(sk); |
1660 |
+@@ -213,6 +214,7 @@ out: |
1661 |
+ fl6_sock_release(flowlabel); |
1662 |
+ return err; |
1663 |
+ } |
1664 |
++EXPORT_SYMBOL_GPL(__ip6_datagram_connect); |
1665 |
+ |
1666 |
+ int ip6_datagram_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len) |
1667 |
+ { |
1668 |
+diff --git a/net/l2tp/l2tp_core.c b/net/l2tp/l2tp_core.c |
1669 |
+index 8cbccddc0b1e..0233c496fc51 100644 |
1670 |
+--- a/net/l2tp/l2tp_core.c |
1671 |
++++ b/net/l2tp/l2tp_core.c |
1672 |
+@@ -112,53 +112,19 @@ struct l2tp_net { |
1673 |
+ spinlock_t l2tp_session_hlist_lock; |
1674 |
+ }; |
1675 |
+ |
1676 |
+-static void l2tp_tunnel_free(struct l2tp_tunnel *tunnel); |
1677 |
+ |
1678 |
+ static inline struct l2tp_tunnel *l2tp_tunnel(struct sock *sk) |
1679 |
+ { |
1680 |
+ return sk->sk_user_data; |
1681 |
+ } |
1682 |
+ |
1683 |
+-static inline struct l2tp_net *l2tp_pernet(struct net *net) |
1684 |
++static inline struct l2tp_net *l2tp_pernet(const struct net *net) |
1685 |
+ { |
1686 |
+ BUG_ON(!net); |
1687 |
+ |
1688 |
+ return net_generic(net, l2tp_net_id); |
1689 |
+ } |
1690 |
+ |
1691 |
+-/* Tunnel reference counts. Incremented per session that is added to |
1692 |
+- * the tunnel. |
1693 |
+- */ |
1694 |
+-static inline void l2tp_tunnel_inc_refcount_1(struct l2tp_tunnel *tunnel) |
1695 |
+-{ |
1696 |
+- atomic_inc(&tunnel->ref_count); |
1697 |
+-} |
1698 |
+- |
1699 |
+-static inline void l2tp_tunnel_dec_refcount_1(struct l2tp_tunnel *tunnel) |
1700 |
+-{ |
1701 |
+- if (atomic_dec_and_test(&tunnel->ref_count)) |
1702 |
+- l2tp_tunnel_free(tunnel); |
1703 |
+-} |
1704 |
+-#ifdef L2TP_REFCNT_DEBUG |
1705 |
+-#define l2tp_tunnel_inc_refcount(_t) \ |
1706 |
+-do { \ |
1707 |
+- pr_debug("l2tp_tunnel_inc_refcount: %s:%d %s: cnt=%d\n", \ |
1708 |
+- __func__, __LINE__, (_t)->name, \ |
1709 |
+- atomic_read(&_t->ref_count)); \ |
1710 |
+- l2tp_tunnel_inc_refcount_1(_t); \ |
1711 |
+-} while (0) |
1712 |
+-#define l2tp_tunnel_dec_refcount(_t) \ |
1713 |
+-do { \ |
1714 |
+- pr_debug("l2tp_tunnel_dec_refcount: %s:%d %s: cnt=%d\n", \ |
1715 |
+- __func__, __LINE__, (_t)->name, \ |
1716 |
+- atomic_read(&_t->ref_count)); \ |
1717 |
+- l2tp_tunnel_dec_refcount_1(_t); \ |
1718 |
+-} while (0) |
1719 |
+-#else |
1720 |
+-#define l2tp_tunnel_inc_refcount(t) l2tp_tunnel_inc_refcount_1(t) |
1721 |
+-#define l2tp_tunnel_dec_refcount(t) l2tp_tunnel_dec_refcount_1(t) |
1722 |
+-#endif |
1723 |
+- |
1724 |
+ /* Session hash global list for L2TPv3. |
1725 |
+ * The session_id SHOULD be random according to RFC3931, but several |
1726 |
+ * L2TP implementations use incrementing session_ids. So we do a real |
1727 |
+@@ -216,27 +182,6 @@ static void l2tp_tunnel_sock_put(struct sock *sk) |
1728 |
+ sock_put(sk); |
1729 |
+ } |
1730 |
+ |
1731 |
+-/* Lookup a session by id in the global session list |
1732 |
+- */ |
1733 |
+-static struct l2tp_session *l2tp_session_find_2(struct net *net, u32 session_id) |
1734 |
+-{ |
1735 |
+- struct l2tp_net *pn = l2tp_pernet(net); |
1736 |
+- struct hlist_head *session_list = |
1737 |
+- l2tp_session_id_hash_2(pn, session_id); |
1738 |
+- struct l2tp_session *session; |
1739 |
+- |
1740 |
+- rcu_read_lock_bh(); |
1741 |
+- hlist_for_each_entry_rcu(session, session_list, global_hlist) { |
1742 |
+- if (session->session_id == session_id) { |
1743 |
+- rcu_read_unlock_bh(); |
1744 |
+- return session; |
1745 |
+- } |
1746 |
+- } |
1747 |
+- rcu_read_unlock_bh(); |
1748 |
+- |
1749 |
+- return NULL; |
1750 |
+-} |
1751 |
+- |
1752 |
+ /* Session hash list. |
1753 |
+ * The session_id SHOULD be random according to RFC2661, but several |
1754 |
+ * L2TP implementations (Cisco and Microsoft) use incrementing |
1755 |
+@@ -249,38 +194,31 @@ l2tp_session_id_hash(struct l2tp_tunnel *tunnel, u32 session_id) |
1756 |
+ return &tunnel->session_hlist[hash_32(session_id, L2TP_HASH_BITS)]; |
1757 |
+ } |
1758 |
+ |
1759 |
+-/* Lookup a session by id |
1760 |
+- */ |
1761 |
+-struct l2tp_session *l2tp_session_find(struct net *net, struct l2tp_tunnel *tunnel, u32 session_id) |
1762 |
++/* Lookup a tunnel. A new reference is held on the returned tunnel. */ |
1763 |
++struct l2tp_tunnel *l2tp_tunnel_get(const struct net *net, u32 tunnel_id) |
1764 |
+ { |
1765 |
+- struct hlist_head *session_list; |
1766 |
+- struct l2tp_session *session; |
1767 |
++ const struct l2tp_net *pn = l2tp_pernet(net); |
1768 |
++ struct l2tp_tunnel *tunnel; |
1769 |
+ |
1770 |
+- /* In L2TPv3, session_ids are unique over all tunnels and we |
1771 |
+- * sometimes need to look them up before we know the |
1772 |
+- * tunnel. |
1773 |
+- */ |
1774 |
+- if (tunnel == NULL) |
1775 |
+- return l2tp_session_find_2(net, session_id); |
1776 |
++ rcu_read_lock_bh(); |
1777 |
++ list_for_each_entry_rcu(tunnel, &pn->l2tp_tunnel_list, list) { |
1778 |
++ if (tunnel->tunnel_id == tunnel_id) { |
1779 |
++ l2tp_tunnel_inc_refcount(tunnel); |
1780 |
++ rcu_read_unlock_bh(); |
1781 |
+ |
1782 |
+- session_list = l2tp_session_id_hash(tunnel, session_id); |
1783 |
+- read_lock_bh(&tunnel->hlist_lock); |
1784 |
+- hlist_for_each_entry(session, session_list, hlist) { |
1785 |
+- if (session->session_id == session_id) { |
1786 |
+- read_unlock_bh(&tunnel->hlist_lock); |
1787 |
+- return session; |
1788 |
++ return tunnel; |
1789 |
+ } |
1790 |
+ } |
1791 |
+- read_unlock_bh(&tunnel->hlist_lock); |
1792 |
++ rcu_read_unlock_bh(); |
1793 |
+ |
1794 |
+ return NULL; |
1795 |
+ } |
1796 |
+-EXPORT_SYMBOL_GPL(l2tp_session_find); |
1797 |
++EXPORT_SYMBOL_GPL(l2tp_tunnel_get); |
1798 |
+ |
1799 |
+-/* Like l2tp_session_find() but takes a reference on the returned session. |
1800 |
++/* Lookup a session. A new reference is held on the returned session. |
1801 |
+ * Optionally calls session->ref() too if do_ref is true. |
1802 |
+ */ |
1803 |
+-struct l2tp_session *l2tp_session_get(struct net *net, |
1804 |
++struct l2tp_session *l2tp_session_get(const struct net *net, |
1805 |
+ struct l2tp_tunnel *tunnel, |
1806 |
+ u32 session_id, bool do_ref) |
1807 |
+ { |
1808 |
+@@ -355,7 +293,9 @@ EXPORT_SYMBOL_GPL(l2tp_session_get_nth); |
1809 |
+ /* Lookup a session by interface name. |
1810 |
+ * This is very inefficient but is only used by management interfaces. |
1811 |
+ */ |
1812 |
+-struct l2tp_session *l2tp_session_find_by_ifname(struct net *net, char *ifname) |
1813 |
++struct l2tp_session *l2tp_session_get_by_ifname(const struct net *net, |
1814 |
++ const char *ifname, |
1815 |
++ bool do_ref) |
1816 |
+ { |
1817 |
+ struct l2tp_net *pn = l2tp_pernet(net); |
1818 |
+ int hash; |
1819 |
+@@ -365,7 +305,11 @@ struct l2tp_session *l2tp_session_find_by_ifname(struct net *net, char *ifname) |
1820 |
+ for (hash = 0; hash < L2TP_HASH_SIZE_2; hash++) { |
1821 |
+ hlist_for_each_entry_rcu(session, &pn->l2tp_session_hlist[hash], global_hlist) { |
1822 |
+ if (!strcmp(session->ifname, ifname)) { |
1823 |
++ l2tp_session_inc_refcount(session); |
1824 |
++ if (do_ref && session->ref) |
1825 |
++ session->ref(session); |
1826 |
+ rcu_read_unlock_bh(); |
1827 |
++ |
1828 |
+ return session; |
1829 |
+ } |
1830 |
+ } |
1831 |
+@@ -375,22 +319,30 @@ struct l2tp_session *l2tp_session_find_by_ifname(struct net *net, char *ifname) |
1832 |
+ |
1833 |
+ return NULL; |
1834 |
+ } |
1835 |
+-EXPORT_SYMBOL_GPL(l2tp_session_find_by_ifname); |
1836 |
++EXPORT_SYMBOL_GPL(l2tp_session_get_by_ifname); |
1837 |
+ |
1838 |
+-static int l2tp_session_add_to_tunnel(struct l2tp_tunnel *tunnel, |
1839 |
+- struct l2tp_session *session) |
1840 |
++int l2tp_session_register(struct l2tp_session *session, |
1841 |
++ struct l2tp_tunnel *tunnel) |
1842 |
+ { |
1843 |
+ struct l2tp_session *session_walk; |
1844 |
+ struct hlist_head *g_head; |
1845 |
+ struct hlist_head *head; |
1846 |
+ struct l2tp_net *pn; |
1847 |
++ int err; |
1848 |
+ |
1849 |
+ head = l2tp_session_id_hash(tunnel, session->session_id); |
1850 |
+ |
1851 |
+ write_lock_bh(&tunnel->hlist_lock); |
1852 |
++ if (!tunnel->acpt_newsess) { |
1853 |
++ err = -ENODEV; |
1854 |
++ goto err_tlock; |
1855 |
++ } |
1856 |
++ |
1857 |
+ hlist_for_each_entry(session_walk, head, hlist) |
1858 |
+- if (session_walk->session_id == session->session_id) |
1859 |
+- goto exist; |
1860 |
++ if (session_walk->session_id == session->session_id) { |
1861 |
++ err = -EEXIST; |
1862 |
++ goto err_tlock; |
1863 |
++ } |
1864 |
+ |
1865 |
+ if (tunnel->version == L2TP_HDR_VER_3) { |
1866 |
+ pn = l2tp_pernet(tunnel->l2tp_net); |
1867 |
+@@ -398,30 +350,44 @@ static int l2tp_session_add_to_tunnel(struct l2tp_tunnel *tunnel, |
1868 |
+ session->session_id); |
1869 |
+ |
1870 |
+ spin_lock_bh(&pn->l2tp_session_hlist_lock); |
1871 |
++ |
1872 |
+ hlist_for_each_entry(session_walk, g_head, global_hlist) |
1873 |
+- if (session_walk->session_id == session->session_id) |
1874 |
+- goto exist_glob; |
1875 |
++ if (session_walk->session_id == session->session_id) { |
1876 |
++ err = -EEXIST; |
1877 |
++ goto err_tlock_pnlock; |
1878 |
++ } |
1879 |
+ |
1880 |
++ l2tp_tunnel_inc_refcount(tunnel); |
1881 |
++ sock_hold(tunnel->sock); |
1882 |
+ hlist_add_head_rcu(&session->global_hlist, g_head); |
1883 |
++ |
1884 |
+ spin_unlock_bh(&pn->l2tp_session_hlist_lock); |
1885 |
++ } else { |
1886 |
++ l2tp_tunnel_inc_refcount(tunnel); |
1887 |
++ sock_hold(tunnel->sock); |
1888 |
+ } |
1889 |
+ |
1890 |
+ hlist_add_head(&session->hlist, head); |
1891 |
+ write_unlock_bh(&tunnel->hlist_lock); |
1892 |
+ |
1893 |
++ /* Ignore management session in session count value */ |
1894 |
++ if (session->session_id != 0) |
1895 |
++ atomic_inc(&l2tp_session_count); |
1896 |
++ |
1897 |
+ return 0; |
1898 |
+ |
1899 |
+-exist_glob: |
1900 |
++err_tlock_pnlock: |
1901 |
+ spin_unlock_bh(&pn->l2tp_session_hlist_lock); |
1902 |
+-exist: |
1903 |
++err_tlock: |
1904 |
+ write_unlock_bh(&tunnel->hlist_lock); |
1905 |
+ |
1906 |
+- return -EEXIST; |
1907 |
++ return err; |
1908 |
+ } |
1909 |
++EXPORT_SYMBOL_GPL(l2tp_session_register); |
1910 |
+ |
1911 |
+ /* Lookup a tunnel by id |
1912 |
+ */ |
1913 |
+-struct l2tp_tunnel *l2tp_tunnel_find(struct net *net, u32 tunnel_id) |
1914 |
++struct l2tp_tunnel *l2tp_tunnel_find(const struct net *net, u32 tunnel_id) |
1915 |
+ { |
1916 |
+ struct l2tp_tunnel *tunnel; |
1917 |
+ struct l2tp_net *pn = l2tp_pernet(net); |
1918 |
+@@ -439,7 +405,7 @@ struct l2tp_tunnel *l2tp_tunnel_find(struct net *net, u32 tunnel_id) |
1919 |
+ } |
1920 |
+ EXPORT_SYMBOL_GPL(l2tp_tunnel_find); |
1921 |
+ |
1922 |
+-struct l2tp_tunnel *l2tp_tunnel_find_nth(struct net *net, int nth) |
1923 |
++struct l2tp_tunnel *l2tp_tunnel_find_nth(const struct net *net, int nth) |
1924 |
+ { |
1925 |
+ struct l2tp_net *pn = l2tp_pernet(net); |
1926 |
+ struct l2tp_tunnel *tunnel; |
1927 |
+@@ -1307,7 +1273,6 @@ static void l2tp_tunnel_destruct(struct sock *sk) |
1928 |
+ /* Remove hooks into tunnel socket */ |
1929 |
+ sk->sk_destruct = tunnel->old_sk_destruct; |
1930 |
+ sk->sk_user_data = NULL; |
1931 |
+- tunnel->sock = NULL; |
1932 |
+ |
1933 |
+ /* Remove the tunnel struct from the tunnel list */ |
1934 |
+ pn = l2tp_pernet(tunnel->l2tp_net); |
1935 |
+@@ -1317,6 +1282,8 @@ static void l2tp_tunnel_destruct(struct sock *sk) |
1936 |
+ atomic_dec(&l2tp_tunnel_count); |
1937 |
+ |
1938 |
+ l2tp_tunnel_closeall(tunnel); |
1939 |
++ |
1940 |
++ tunnel->sock = NULL; |
1941 |
+ l2tp_tunnel_dec_refcount(tunnel); |
1942 |
+ |
1943 |
+ /* Call the original destructor */ |
1944 |
+@@ -1341,6 +1308,7 @@ void l2tp_tunnel_closeall(struct l2tp_tunnel *tunnel) |
1945 |
+ tunnel->name); |
1946 |
+ |
1947 |
+ write_lock_bh(&tunnel->hlist_lock); |
1948 |
++ tunnel->acpt_newsess = false; |
1949 |
+ for (hash = 0; hash < L2TP_HASH_SIZE; hash++) { |
1950 |
+ again: |
1951 |
+ hlist_for_each_safe(walk, tmp, &tunnel->session_hlist[hash]) { |
1952 |
+@@ -1394,17 +1362,6 @@ static void l2tp_udp_encap_destroy(struct sock *sk) |
1953 |
+ } |
1954 |
+ } |
1955 |
+ |
1956 |
+-/* Really kill the tunnel. |
1957 |
+- * Come here only when all sessions have been cleared from the tunnel. |
1958 |
+- */ |
1959 |
+-static void l2tp_tunnel_free(struct l2tp_tunnel *tunnel) |
1960 |
+-{ |
1961 |
+- BUG_ON(atomic_read(&tunnel->ref_count) != 0); |
1962 |
+- BUG_ON(tunnel->sock != NULL); |
1963 |
+- l2tp_info(tunnel, L2TP_MSG_CONTROL, "%s: free...\n", tunnel->name); |
1964 |
+- kfree_rcu(tunnel, rcu); |
1965 |
+-} |
1966 |
+- |
1967 |
+ /* Workqueue tunnel deletion function */ |
1968 |
+ static void l2tp_tunnel_del_work(struct work_struct *work) |
1969 |
+ { |
1970 |
+@@ -1655,6 +1612,7 @@ int l2tp_tunnel_create(struct net *net, int fd, int version, u32 tunnel_id, u32 |
1971 |
+ tunnel->magic = L2TP_TUNNEL_MAGIC; |
1972 |
+ sprintf(&tunnel->name[0], "tunl %u", tunnel_id); |
1973 |
+ rwlock_init(&tunnel->hlist_lock); |
1974 |
++ tunnel->acpt_newsess = true; |
1975 |
+ |
1976 |
+ /* The net we belong to */ |
1977 |
+ tunnel->l2tp_net = net; |
1978 |
+@@ -1840,7 +1798,6 @@ EXPORT_SYMBOL_GPL(l2tp_session_set_header_len); |
1979 |
+ struct l2tp_session *l2tp_session_create(int priv_size, struct l2tp_tunnel *tunnel, u32 session_id, u32 peer_session_id, struct l2tp_session_cfg *cfg) |
1980 |
+ { |
1981 |
+ struct l2tp_session *session; |
1982 |
+- int err; |
1983 |
+ |
1984 |
+ session = kzalloc(sizeof(struct l2tp_session) + priv_size, GFP_KERNEL); |
1985 |
+ if (session != NULL) { |
1986 |
+@@ -1896,25 +1853,7 @@ struct l2tp_session *l2tp_session_create(int priv_size, struct l2tp_tunnel *tunn |
1987 |
+ |
1988 |
+ l2tp_session_set_header_len(session, tunnel->version); |
1989 |
+ |
1990 |
+- err = l2tp_session_add_to_tunnel(tunnel, session); |
1991 |
+- if (err) { |
1992 |
+- kfree(session); |
1993 |
+- |
1994 |
+- return ERR_PTR(err); |
1995 |
+- } |
1996 |
+- |
1997 |
+- /* Bump the reference count. The session context is deleted |
1998 |
+- * only when this drops to zero. |
1999 |
+- */ |
2000 |
+ l2tp_session_inc_refcount(session); |
2001 |
+- l2tp_tunnel_inc_refcount(tunnel); |
2002 |
+- |
2003 |
+- /* Ensure tunnel socket isn't deleted */ |
2004 |
+- sock_hold(tunnel->sock); |
2005 |
+- |
2006 |
+- /* Ignore management session in session count value */ |
2007 |
+- if (session->session_id != 0) |
2008 |
+- atomic_inc(&l2tp_session_count); |
2009 |
+ |
2010 |
+ return session; |
2011 |
+ } |
2012 |
+diff --git a/net/l2tp/l2tp_core.h b/net/l2tp/l2tp_core.h |
2013 |
+index 06323a12d62c..57da0f1d62dd 100644 |
2014 |
+--- a/net/l2tp/l2tp_core.h |
2015 |
++++ b/net/l2tp/l2tp_core.h |
2016 |
+@@ -23,16 +23,6 @@ |
2017 |
+ #define L2TP_HASH_BITS_2 8 |
2018 |
+ #define L2TP_HASH_SIZE_2 (1 << L2TP_HASH_BITS_2) |
2019 |
+ |
2020 |
+-/* Debug message categories for the DEBUG socket option */ |
2021 |
+-enum { |
2022 |
+- L2TP_MSG_DEBUG = (1 << 0), /* verbose debug (if |
2023 |
+- * compiled in) */ |
2024 |
+- L2TP_MSG_CONTROL = (1 << 1), /* userspace - kernel |
2025 |
+- * interface */ |
2026 |
+- L2TP_MSG_SEQ = (1 << 2), /* sequence numbers */ |
2027 |
+- L2TP_MSG_DATA = (1 << 3), /* data packets */ |
2028 |
+-}; |
2029 |
+- |
2030 |
+ struct sk_buff; |
2031 |
+ |
2032 |
+ struct l2tp_stats { |
2033 |
+@@ -175,6 +165,10 @@ struct l2tp_tunnel { |
2034 |
+ |
2035 |
+ struct rcu_head rcu; |
2036 |
+ rwlock_t hlist_lock; /* protect session_hlist */ |
2037 |
++ bool acpt_newsess; /* Indicates whether this |
2038 |
++ * tunnel accepts new sessions. |
2039 |
++ * Protected by hlist_lock. |
2040 |
++ */ |
2041 |
+ struct hlist_head session_hlist[L2TP_HASH_SIZE]; |
2042 |
+ /* hashed list of sessions, |
2043 |
+ * hashed by id */ |
2044 |
+@@ -210,7 +204,9 @@ struct l2tp_tunnel { |
2045 |
+ }; |
2046 |
+ |
2047 |
+ struct l2tp_nl_cmd_ops { |
2048 |
+- int (*session_create)(struct net *net, u32 tunnel_id, u32 session_id, u32 peer_session_id, struct l2tp_session_cfg *cfg); |
2049 |
++ int (*session_create)(struct net *net, struct l2tp_tunnel *tunnel, |
2050 |
++ u32 session_id, u32 peer_session_id, |
2051 |
++ struct l2tp_session_cfg *cfg); |
2052 |
+ int (*session_delete)(struct l2tp_session *session); |
2053 |
+ }; |
2054 |
+ |
2055 |
+@@ -244,17 +240,18 @@ out: |
2056 |
+ return tunnel; |
2057 |
+ } |
2058 |
+ |
2059 |
+-struct l2tp_session *l2tp_session_get(struct net *net, |
2060 |
++struct l2tp_tunnel *l2tp_tunnel_get(const struct net *net, u32 tunnel_id); |
2061 |
++ |
2062 |
++struct l2tp_session *l2tp_session_get(const struct net *net, |
2063 |
+ struct l2tp_tunnel *tunnel, |
2064 |
+ u32 session_id, bool do_ref); |
2065 |
+-struct l2tp_session *l2tp_session_find(struct net *net, |
2066 |
+- struct l2tp_tunnel *tunnel, |
2067 |
+- u32 session_id); |
2068 |
+ struct l2tp_session *l2tp_session_get_nth(struct l2tp_tunnel *tunnel, int nth, |
2069 |
+ bool do_ref); |
2070 |
+-struct l2tp_session *l2tp_session_find_by_ifname(struct net *net, char *ifname); |
2071 |
+-struct l2tp_tunnel *l2tp_tunnel_find(struct net *net, u32 tunnel_id); |
2072 |
+-struct l2tp_tunnel *l2tp_tunnel_find_nth(struct net *net, int nth); |
2073 |
++struct l2tp_session *l2tp_session_get_by_ifname(const struct net *net, |
2074 |
++ const char *ifname, |
2075 |
++ bool do_ref); |
2076 |
++struct l2tp_tunnel *l2tp_tunnel_find(const struct net *net, u32 tunnel_id); |
2077 |
++struct l2tp_tunnel *l2tp_tunnel_find_nth(const struct net *net, int nth); |
2078 |
+ |
2079 |
+ int l2tp_tunnel_create(struct net *net, int fd, int version, u32 tunnel_id, |
2080 |
+ u32 peer_tunnel_id, struct l2tp_tunnel_cfg *cfg, |
2081 |
+@@ -265,6 +262,9 @@ struct l2tp_session *l2tp_session_create(int priv_size, |
2082 |
+ struct l2tp_tunnel *tunnel, |
2083 |
+ u32 session_id, u32 peer_session_id, |
2084 |
+ struct l2tp_session_cfg *cfg); |
2085 |
++int l2tp_session_register(struct l2tp_session *session, |
2086 |
++ struct l2tp_tunnel *tunnel); |
2087 |
++ |
2088 |
+ void __l2tp_session_unhash(struct l2tp_session *session); |
2089 |
+ int l2tp_session_delete(struct l2tp_session *session); |
2090 |
+ void l2tp_session_free(struct l2tp_session *session); |
2091 |
+@@ -283,6 +283,17 @@ int l2tp_nl_register_ops(enum l2tp_pwtype pw_type, |
2092 |
+ void l2tp_nl_unregister_ops(enum l2tp_pwtype pw_type); |
2093 |
+ int l2tp_ioctl(struct sock *sk, int cmd, unsigned long arg); |
2094 |
+ |
2095 |
++static inline void l2tp_tunnel_inc_refcount(struct l2tp_tunnel *tunnel) |
2096 |
++{ |
2097 |
++ atomic_inc(&tunnel->ref_count); |
2098 |
++} |
2099 |
++ |
2100 |
++static inline void l2tp_tunnel_dec_refcount(struct l2tp_tunnel *tunnel) |
2101 |
++{ |
2102 |
++ if (atomic_dec_and_test(&tunnel->ref_count)) |
2103 |
++ kfree_rcu(tunnel, rcu); |
2104 |
++} |
2105 |
++ |
2106 |
+ /* Session reference counts. Incremented when code obtains a reference |
2107 |
+ * to a session. |
2108 |
+ */ |
2109 |
+diff --git a/net/l2tp/l2tp_eth.c b/net/l2tp/l2tp_eth.c |
2110 |
+index c94160df71af..e0a65ee1e830 100644 |
2111 |
+--- a/net/l2tp/l2tp_eth.c |
2112 |
++++ b/net/l2tp/l2tp_eth.c |
2113 |
+@@ -30,6 +30,9 @@ |
2114 |
+ #include <net/xfrm.h> |
2115 |
+ #include <net/net_namespace.h> |
2116 |
+ #include <net/netns/generic.h> |
2117 |
++#include <linux/ip.h> |
2118 |
++#include <linux/ipv6.h> |
2119 |
++#include <linux/udp.h> |
2120 |
+ |
2121 |
+ #include "l2tp_core.h" |
2122 |
+ |
2123 |
+@@ -41,7 +44,6 @@ struct l2tp_eth { |
2124 |
+ struct net_device *dev; |
2125 |
+ struct sock *tunnel_sock; |
2126 |
+ struct l2tp_session *session; |
2127 |
+- struct list_head list; |
2128 |
+ atomic_long_t tx_bytes; |
2129 |
+ atomic_long_t tx_packets; |
2130 |
+ atomic_long_t tx_dropped; |
2131 |
+@@ -52,20 +54,9 @@ struct l2tp_eth { |
2132 |
+ |
2133 |
+ /* via l2tp_session_priv() */ |
2134 |
+ struct l2tp_eth_sess { |
2135 |
+- struct net_device *dev; |
2136 |
++ struct net_device __rcu *dev; |
2137 |
+ }; |
2138 |
+ |
2139 |
+-/* per-net private data for this module */ |
2140 |
+-static unsigned int l2tp_eth_net_id; |
2141 |
+-struct l2tp_eth_net { |
2142 |
+- struct list_head l2tp_eth_dev_list; |
2143 |
+- spinlock_t l2tp_eth_lock; |
2144 |
+-}; |
2145 |
+- |
2146 |
+-static inline struct l2tp_eth_net *l2tp_eth_pernet(struct net *net) |
2147 |
+-{ |
2148 |
+- return net_generic(net, l2tp_eth_net_id); |
2149 |
+-} |
2150 |
+ |
2151 |
+ static struct lock_class_key l2tp_eth_tx_busylock; |
2152 |
+ static int l2tp_eth_dev_init(struct net_device *dev) |
2153 |
+@@ -82,12 +73,13 @@ static int l2tp_eth_dev_init(struct net_device *dev) |
2154 |
+ static void l2tp_eth_dev_uninit(struct net_device *dev) |
2155 |
+ { |
2156 |
+ struct l2tp_eth *priv = netdev_priv(dev); |
2157 |
+- struct l2tp_eth_net *pn = l2tp_eth_pernet(dev_net(dev)); |
2158 |
++ struct l2tp_eth_sess *spriv; |
2159 |
+ |
2160 |
+- spin_lock(&pn->l2tp_eth_lock); |
2161 |
+- list_del_init(&priv->list); |
2162 |
+- spin_unlock(&pn->l2tp_eth_lock); |
2163 |
+- dev_put(dev); |
2164 |
++ spriv = l2tp_session_priv(priv->session); |
2165 |
++ RCU_INIT_POINTER(spriv->dev, NULL); |
2166 |
++ /* No need for synchronize_net() here. We're called by |
2167 |
++ * unregister_netdev*(), which does the synchronisation for us. |
2168 |
++ */ |
2169 |
+ } |
2170 |
+ |
2171 |
+ static int l2tp_eth_dev_xmit(struct sk_buff *skb, struct net_device *dev) |
2172 |
+@@ -141,8 +133,8 @@ static void l2tp_eth_dev_setup(struct net_device *dev) |
2173 |
+ static void l2tp_eth_dev_recv(struct l2tp_session *session, struct sk_buff *skb, int data_len) |
2174 |
+ { |
2175 |
+ struct l2tp_eth_sess *spriv = l2tp_session_priv(session); |
2176 |
+- struct net_device *dev = spriv->dev; |
2177 |
+- struct l2tp_eth *priv = netdev_priv(dev); |
2178 |
++ struct net_device *dev; |
2179 |
++ struct l2tp_eth *priv; |
2180 |
+ |
2181 |
+ if (session->debug & L2TP_MSG_DATA) { |
2182 |
+ unsigned int length; |
2183 |
+@@ -166,16 +158,25 @@ static void l2tp_eth_dev_recv(struct l2tp_session *session, struct sk_buff *skb, |
2184 |
+ skb_dst_drop(skb); |
2185 |
+ nf_reset(skb); |
2186 |
+ |
2187 |
++ rcu_read_lock(); |
2188 |
++ dev = rcu_dereference(spriv->dev); |
2189 |
++ if (!dev) |
2190 |
++ goto error_rcu; |
2191 |
++ |
2192 |
++ priv = netdev_priv(dev); |
2193 |
+ if (dev_forward_skb(dev, skb) == NET_RX_SUCCESS) { |
2194 |
+ atomic_long_inc(&priv->rx_packets); |
2195 |
+ atomic_long_add(data_len, &priv->rx_bytes); |
2196 |
+ } else { |
2197 |
+ atomic_long_inc(&priv->rx_errors); |
2198 |
+ } |
2199 |
++ rcu_read_unlock(); |
2200 |
++ |
2201 |
+ return; |
2202 |
+ |
2203 |
++error_rcu: |
2204 |
++ rcu_read_unlock(); |
2205 |
+ error: |
2206 |
+- atomic_long_inc(&priv->rx_errors); |
2207 |
+ kfree_skb(skb); |
2208 |
+ } |
2209 |
+ |
2210 |
+@@ -186,11 +187,15 @@ static void l2tp_eth_delete(struct l2tp_session *session) |
2211 |
+ |
2212 |
+ if (session) { |
2213 |
+ spriv = l2tp_session_priv(session); |
2214 |
+- dev = spriv->dev; |
2215 |
++ |
2216 |
++ rtnl_lock(); |
2217 |
++ dev = rtnl_dereference(spriv->dev); |
2218 |
+ if (dev) { |
2219 |
+- unregister_netdev(dev); |
2220 |
+- spriv->dev = NULL; |
2221 |
++ unregister_netdevice(dev); |
2222 |
++ rtnl_unlock(); |
2223 |
+ module_put(THIS_MODULE); |
2224 |
++ } else { |
2225 |
++ rtnl_unlock(); |
2226 |
+ } |
2227 |
+ } |
2228 |
+ } |
2229 |
+@@ -200,35 +205,89 @@ static void l2tp_eth_show(struct seq_file *m, void *arg) |
2230 |
+ { |
2231 |
+ struct l2tp_session *session = arg; |
2232 |
+ struct l2tp_eth_sess *spriv = l2tp_session_priv(session); |
2233 |
+- struct net_device *dev = spriv->dev; |
2234 |
++ struct net_device *dev; |
2235 |
++ |
2236 |
++ rcu_read_lock(); |
2237 |
++ dev = rcu_dereference(spriv->dev); |
2238 |
++ if (!dev) { |
2239 |
++ rcu_read_unlock(); |
2240 |
++ return; |
2241 |
++ } |
2242 |
++ dev_hold(dev); |
2243 |
++ rcu_read_unlock(); |
2244 |
+ |
2245 |
+ seq_printf(m, " interface %s\n", dev->name); |
2246 |
++ |
2247 |
++ dev_put(dev); |
2248 |
+ } |
2249 |
+ #endif |
2250 |
+ |
2251 |
+-static int l2tp_eth_create(struct net *net, u32 tunnel_id, u32 session_id, u32 peer_session_id, struct l2tp_session_cfg *cfg) |
2252 |
++static void l2tp_eth_adjust_mtu(struct l2tp_tunnel *tunnel, |
2253 |
++ struct l2tp_session *session, |
2254 |
++ struct net_device *dev) |
2255 |
++{ |
2256 |
++ unsigned int overhead = 0; |
2257 |
++ struct dst_entry *dst; |
2258 |
++ u32 l3_overhead = 0; |
2259 |
++ |
2260 |
++ /* if the encap is UDP, account for UDP header size */ |
2261 |
++ if (tunnel->encap == L2TP_ENCAPTYPE_UDP) { |
2262 |
++ overhead += sizeof(struct udphdr); |
2263 |
++ dev->needed_headroom += sizeof(struct udphdr); |
2264 |
++ } |
2265 |
++ if (session->mtu != 0) { |
2266 |
++ dev->mtu = session->mtu; |
2267 |
++ dev->needed_headroom += session->hdr_len; |
2268 |
++ return; |
2269 |
++ } |
2270 |
++ lock_sock(tunnel->sock); |
2271 |
++ l3_overhead = kernel_sock_ip_overhead(tunnel->sock); |
2272 |
++ release_sock(tunnel->sock); |
2273 |
++ if (l3_overhead == 0) { |
2274 |
++ /* L3 Overhead couldn't be identified, this could be |
2275 |
++ * because tunnel->sock was NULL or the socket's |
2276 |
++ * address family was not IPv4 or IPv6, |
2277 |
++ * dev mtu stays at 1500. |
2278 |
++ */ |
2279 |
++ return; |
2280 |
++ } |
2281 |
++ /* Adjust MTU, factor overhead - underlay L3, overlay L2 hdr |
2282 |
++ * UDP overhead, if any, was already factored in above. |
2283 |
++ */ |
2284 |
++ overhead += session->hdr_len + ETH_HLEN + l3_overhead; |
2285 |
++ |
2286 |
++ /* If PMTU discovery was enabled, use discovered MTU on L2TP device */ |
2287 |
++ dst = sk_dst_get(tunnel->sock); |
2288 |
++ if (dst) { |
2289 |
++ /* dst_mtu will use PMTU if found, else fallback to intf MTU */ |
2290 |
++ u32 pmtu = dst_mtu(dst); |
2291 |
++ |
2292 |
++ if (pmtu != 0) |
2293 |
++ dev->mtu = pmtu; |
2294 |
++ dst_release(dst); |
2295 |
++ } |
2296 |
++ session->mtu = dev->mtu - overhead; |
2297 |
++ dev->mtu = session->mtu; |
2298 |
++ dev->needed_headroom += session->hdr_len; |
2299 |
++} |
2300 |
++ |
2301 |
++static int l2tp_eth_create(struct net *net, struct l2tp_tunnel *tunnel, |
2302 |
++ u32 session_id, u32 peer_session_id, |
2303 |
++ struct l2tp_session_cfg *cfg) |
2304 |
+ { |
2305 |
+ struct net_device *dev; |
2306 |
+ char name[IFNAMSIZ]; |
2307 |
+- struct l2tp_tunnel *tunnel; |
2308 |
+ struct l2tp_session *session; |
2309 |
+ struct l2tp_eth *priv; |
2310 |
+ struct l2tp_eth_sess *spriv; |
2311 |
+ int rc; |
2312 |
+- struct l2tp_eth_net *pn; |
2313 |
+- |
2314 |
+- tunnel = l2tp_tunnel_find(net, tunnel_id); |
2315 |
+- if (!tunnel) { |
2316 |
+- rc = -ENODEV; |
2317 |
+- goto out; |
2318 |
+- } |
2319 |
+ |
2320 |
+ if (cfg->ifname) { |
2321 |
+ dev = dev_get_by_name(net, cfg->ifname); |
2322 |
+ if (dev) { |
2323 |
+ dev_put(dev); |
2324 |
+ rc = -EEXIST; |
2325 |
+- goto out; |
2326 |
++ goto err; |
2327 |
+ } |
2328 |
+ strlcpy(name, cfg->ifname, IFNAMSIZ); |
2329 |
+ } else |
2330 |
+@@ -238,26 +297,22 @@ static int l2tp_eth_create(struct net *net, u32 tunnel_id, u32 session_id, u32 p |
2331 |
+ peer_session_id, cfg); |
2332 |
+ if (IS_ERR(session)) { |
2333 |
+ rc = PTR_ERR(session); |
2334 |
+- goto out; |
2335 |
++ goto err; |
2336 |
+ } |
2337 |
+ |
2338 |
+ dev = alloc_netdev(sizeof(*priv), name, NET_NAME_UNKNOWN, |
2339 |
+ l2tp_eth_dev_setup); |
2340 |
+ if (!dev) { |
2341 |
+ rc = -ENOMEM; |
2342 |
+- goto out_del_session; |
2343 |
++ goto err_sess; |
2344 |
+ } |
2345 |
+ |
2346 |
+ dev_net_set(dev, net); |
2347 |
+- if (session->mtu == 0) |
2348 |
+- session->mtu = dev->mtu - session->hdr_len; |
2349 |
+- dev->mtu = session->mtu; |
2350 |
+- dev->needed_headroom += session->hdr_len; |
2351 |
++ l2tp_eth_adjust_mtu(tunnel, session, dev); |
2352 |
+ |
2353 |
+ priv = netdev_priv(dev); |
2354 |
+ priv->dev = dev; |
2355 |
+ priv->session = session; |
2356 |
+- INIT_LIST_HEAD(&priv->list); |
2357 |
+ |
2358 |
+ priv->tunnel_sock = tunnel->sock; |
2359 |
+ session->recv_skb = l2tp_eth_dev_recv; |
2360 |
+@@ -267,48 +322,50 @@ static int l2tp_eth_create(struct net *net, u32 tunnel_id, u32 session_id, u32 p |
2361 |
+ #endif |
2362 |
+ |
2363 |
+ spriv = l2tp_session_priv(session); |
2364 |
+- spriv->dev = dev; |
2365 |
+ |
2366 |
+- rc = register_netdev(dev); |
2367 |
+- if (rc < 0) |
2368 |
+- goto out_del_dev; |
2369 |
++ l2tp_session_inc_refcount(session); |
2370 |
+ |
2371 |
+- __module_get(THIS_MODULE); |
2372 |
+- /* Must be done after register_netdev() */ |
2373 |
+- strlcpy(session->ifname, dev->name, IFNAMSIZ); |
2374 |
++ rtnl_lock(); |
2375 |
+ |
2376 |
+- dev_hold(dev); |
2377 |
+- pn = l2tp_eth_pernet(dev_net(dev)); |
2378 |
+- spin_lock(&pn->l2tp_eth_lock); |
2379 |
+- list_add(&priv->list, &pn->l2tp_eth_dev_list); |
2380 |
+- spin_unlock(&pn->l2tp_eth_lock); |
2381 |
++ /* Register both device and session while holding the rtnl lock. This |
2382 |
++ * ensures that l2tp_eth_delete() will see that there's a device to |
2383 |
++ * unregister, even if it happened to run before we assign spriv->dev. |
2384 |
++ */ |
2385 |
++ rc = l2tp_session_register(session, tunnel); |
2386 |
++ if (rc < 0) { |
2387 |
++ rtnl_unlock(); |
2388 |
++ goto err_sess_dev; |
2389 |
++ } |
2390 |
+ |
2391 |
+- return 0; |
2392 |
++ rc = register_netdevice(dev); |
2393 |
++ if (rc < 0) { |
2394 |
++ rtnl_unlock(); |
2395 |
++ l2tp_session_delete(session); |
2396 |
++ l2tp_session_dec_refcount(session); |
2397 |
++ free_netdev(dev); |
2398 |
+ |
2399 |
+-out_del_dev: |
2400 |
+- free_netdev(dev); |
2401 |
+- spriv->dev = NULL; |
2402 |
+-out_del_session: |
2403 |
+- l2tp_session_delete(session); |
2404 |
+-out: |
2405 |
+- return rc; |
2406 |
+-} |
2407 |
++ return rc; |
2408 |
++ } |
2409 |
+ |
2410 |
+-static __net_init int l2tp_eth_init_net(struct net *net) |
2411 |
+-{ |
2412 |
+- struct l2tp_eth_net *pn = net_generic(net, l2tp_eth_net_id); |
2413 |
++ strlcpy(session->ifname, dev->name, IFNAMSIZ); |
2414 |
++ rcu_assign_pointer(spriv->dev, dev); |
2415 |
++ |
2416 |
++ rtnl_unlock(); |
2417 |
+ |
2418 |
+- INIT_LIST_HEAD(&pn->l2tp_eth_dev_list); |
2419 |
+- spin_lock_init(&pn->l2tp_eth_lock); |
2420 |
++ l2tp_session_dec_refcount(session); |
2421 |
++ |
2422 |
++ __module_get(THIS_MODULE); |
2423 |
+ |
2424 |
+ return 0; |
2425 |
+-} |
2426 |
+ |
2427 |
+-static struct pernet_operations l2tp_eth_net_ops = { |
2428 |
+- .init = l2tp_eth_init_net, |
2429 |
+- .id = &l2tp_eth_net_id, |
2430 |
+- .size = sizeof(struct l2tp_eth_net), |
2431 |
+-}; |
2432 |
++err_sess_dev: |
2433 |
++ l2tp_session_dec_refcount(session); |
2434 |
++ free_netdev(dev); |
2435 |
++err_sess: |
2436 |
++ kfree(session); |
2437 |
++err: |
2438 |
++ return rc; |
2439 |
++} |
2440 |
+ |
2441 |
+ |
2442 |
+ static const struct l2tp_nl_cmd_ops l2tp_eth_nl_cmd_ops = { |
2443 |
+@@ -323,25 +380,18 @@ static int __init l2tp_eth_init(void) |
2444 |
+ |
2445 |
+ err = l2tp_nl_register_ops(L2TP_PWTYPE_ETH, &l2tp_eth_nl_cmd_ops); |
2446 |
+ if (err) |
2447 |
+- goto out; |
2448 |
+- |
2449 |
+- err = register_pernet_device(&l2tp_eth_net_ops); |
2450 |
+- if (err) |
2451 |
+- goto out_unreg; |
2452 |
++ goto err; |
2453 |
+ |
2454 |
+ pr_info("L2TP ethernet pseudowire support (L2TPv3)\n"); |
2455 |
+ |
2456 |
+ return 0; |
2457 |
+ |
2458 |
+-out_unreg: |
2459 |
+- l2tp_nl_unregister_ops(L2TP_PWTYPE_ETH); |
2460 |
+-out: |
2461 |
++err: |
2462 |
+ return err; |
2463 |
+ } |
2464 |
+ |
2465 |
+ static void __exit l2tp_eth_exit(void) |
2466 |
+ { |
2467 |
+- unregister_pernet_device(&l2tp_eth_net_ops); |
2468 |
+ l2tp_nl_unregister_ops(L2TP_PWTYPE_ETH); |
2469 |
+ } |
2470 |
+ |
2471 |
+diff --git a/net/l2tp/l2tp_ip.c b/net/l2tp/l2tp_ip.c |
2472 |
+index 58f87bdd12c7..fd7363f8405a 100644 |
2473 |
+--- a/net/l2tp/l2tp_ip.c |
2474 |
++++ b/net/l2tp/l2tp_ip.c |
2475 |
+@@ -122,6 +122,7 @@ static int l2tp_ip_recv(struct sk_buff *skb) |
2476 |
+ unsigned char *ptr, *optr; |
2477 |
+ struct l2tp_session *session; |
2478 |
+ struct l2tp_tunnel *tunnel = NULL; |
2479 |
++ struct iphdr *iph; |
2480 |
+ int length; |
2481 |
+ |
2482 |
+ if (!pskb_may_pull(skb, 4)) |
2483 |
+@@ -180,23 +181,16 @@ pass_up: |
2484 |
+ goto discard; |
2485 |
+ |
2486 |
+ tunnel_id = ntohl(*(__be32 *) &skb->data[4]); |
2487 |
+- tunnel = l2tp_tunnel_find(net, tunnel_id); |
2488 |
+- if (tunnel) { |
2489 |
+- sk = tunnel->sock; |
2490 |
+- sock_hold(sk); |
2491 |
+- } else { |
2492 |
+- struct iphdr *iph = (struct iphdr *) skb_network_header(skb); |
2493 |
+- |
2494 |
+- read_lock_bh(&l2tp_ip_lock); |
2495 |
+- sk = __l2tp_ip_bind_lookup(net, iph->daddr, 0, tunnel_id); |
2496 |
+- if (!sk) { |
2497 |
+- read_unlock_bh(&l2tp_ip_lock); |
2498 |
+- goto discard; |
2499 |
+- } |
2500 |
++ iph = (struct iphdr *)skb_network_header(skb); |
2501 |
+ |
2502 |
+- sock_hold(sk); |
2503 |
++ read_lock_bh(&l2tp_ip_lock); |
2504 |
++ sk = __l2tp_ip_bind_lookup(net, iph->daddr, 0, tunnel_id); |
2505 |
++ if (!sk) { |
2506 |
+ read_unlock_bh(&l2tp_ip_lock); |
2507 |
++ goto discard; |
2508 |
+ } |
2509 |
++ sock_hold(sk); |
2510 |
++ read_unlock_bh(&l2tp_ip_lock); |
2511 |
+ |
2512 |
+ if (!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb)) |
2513 |
+ goto discard_put; |
2514 |
+@@ -269,15 +263,9 @@ static int l2tp_ip_bind(struct sock *sk, struct sockaddr *uaddr, int addr_len) |
2515 |
+ if (addr->l2tp_family != AF_INET) |
2516 |
+ return -EINVAL; |
2517 |
+ |
2518 |
+- ret = -EADDRINUSE; |
2519 |
+- read_lock_bh(&l2tp_ip_lock); |
2520 |
+- if (__l2tp_ip_bind_lookup(net, addr->l2tp_addr.s_addr, |
2521 |
+- sk->sk_bound_dev_if, addr->l2tp_conn_id)) |
2522 |
+- goto out_in_use; |
2523 |
+- |
2524 |
+- read_unlock_bh(&l2tp_ip_lock); |
2525 |
+- |
2526 |
+ lock_sock(sk); |
2527 |
++ |
2528 |
++ ret = -EINVAL; |
2529 |
+ if (!sock_flag(sk, SOCK_ZAPPED)) |
2530 |
+ goto out; |
2531 |
+ |
2532 |
+@@ -294,25 +282,28 @@ static int l2tp_ip_bind(struct sock *sk, struct sockaddr *uaddr, int addr_len) |
2533 |
+ inet->inet_rcv_saddr = inet->inet_saddr = addr->l2tp_addr.s_addr; |
2534 |
+ if (chk_addr_ret == RTN_MULTICAST || chk_addr_ret == RTN_BROADCAST) |
2535 |
+ inet->inet_saddr = 0; /* Use device */ |
2536 |
+- sk_dst_reset(sk); |
2537 |
+ |
2538 |
++ write_lock_bh(&l2tp_ip_lock); |
2539 |
++ if (__l2tp_ip_bind_lookup(net, addr->l2tp_addr.s_addr, |
2540 |
++ sk->sk_bound_dev_if, addr->l2tp_conn_id)) { |
2541 |
++ write_unlock_bh(&l2tp_ip_lock); |
2542 |
++ ret = -EADDRINUSE; |
2543 |
++ goto out; |
2544 |
++ } |
2545 |
++ |
2546 |
++ sk_dst_reset(sk); |
2547 |
+ l2tp_ip_sk(sk)->conn_id = addr->l2tp_conn_id; |
2548 |
+ |
2549 |
+- write_lock_bh(&l2tp_ip_lock); |
2550 |
+ sk_add_bind_node(sk, &l2tp_ip_bind_table); |
2551 |
+ sk_del_node_init(sk); |
2552 |
+ write_unlock_bh(&l2tp_ip_lock); |
2553 |
++ |
2554 |
+ ret = 0; |
2555 |
+ sock_reset_flag(sk, SOCK_ZAPPED); |
2556 |
+ |
2557 |
+ out: |
2558 |
+ release_sock(sk); |
2559 |
+ |
2560 |
+- return ret; |
2561 |
+- |
2562 |
+-out_in_use: |
2563 |
+- read_unlock_bh(&l2tp_ip_lock); |
2564 |
+- |
2565 |
+ return ret; |
2566 |
+ } |
2567 |
+ |
2568 |
+@@ -321,21 +312,24 @@ static int l2tp_ip_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len |
2569 |
+ struct sockaddr_l2tpip *lsa = (struct sockaddr_l2tpip *) uaddr; |
2570 |
+ int rc; |
2571 |
+ |
2572 |
+- if (sock_flag(sk, SOCK_ZAPPED)) /* Must bind first - autobinding does not work */ |
2573 |
+- return -EINVAL; |
2574 |
+- |
2575 |
+ if (addr_len < sizeof(*lsa)) |
2576 |
+ return -EINVAL; |
2577 |
+ |
2578 |
+ if (ipv4_is_multicast(lsa->l2tp_addr.s_addr)) |
2579 |
+ return -EINVAL; |
2580 |
+ |
2581 |
+- rc = ip4_datagram_connect(sk, uaddr, addr_len); |
2582 |
+- if (rc < 0) |
2583 |
+- return rc; |
2584 |
+- |
2585 |
+ lock_sock(sk); |
2586 |
+ |
2587 |
++ /* Must bind first - autobinding does not work */ |
2588 |
++ if (sock_flag(sk, SOCK_ZAPPED)) { |
2589 |
++ rc = -EINVAL; |
2590 |
++ goto out_sk; |
2591 |
++ } |
2592 |
++ |
2593 |
++ rc = __ip4_datagram_connect(sk, uaddr, addr_len); |
2594 |
++ if (rc < 0) |
2595 |
++ goto out_sk; |
2596 |
++ |
2597 |
+ l2tp_ip_sk(sk)->peer_conn_id = lsa->l2tp_conn_id; |
2598 |
+ |
2599 |
+ write_lock_bh(&l2tp_ip_lock); |
2600 |
+@@ -343,7 +337,9 @@ static int l2tp_ip_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len |
2601 |
+ sk_add_bind_node(sk, &l2tp_ip_bind_table); |
2602 |
+ write_unlock_bh(&l2tp_ip_lock); |
2603 |
+ |
2604 |
++out_sk: |
2605 |
+ release_sock(sk); |
2606 |
++ |
2607 |
+ return rc; |
2608 |
+ } |
2609 |
+ |
2610 |
+diff --git a/net/l2tp/l2tp_ip6.c b/net/l2tp/l2tp_ip6.c |
2611 |
+index 2b5230ef8536..5bb5337e74fc 100644 |
2612 |
+--- a/net/l2tp/l2tp_ip6.c |
2613 |
++++ b/net/l2tp/l2tp_ip6.c |
2614 |
+@@ -134,6 +134,7 @@ static int l2tp_ip6_recv(struct sk_buff *skb) |
2615 |
+ unsigned char *ptr, *optr; |
2616 |
+ struct l2tp_session *session; |
2617 |
+ struct l2tp_tunnel *tunnel = NULL; |
2618 |
++ struct ipv6hdr *iph; |
2619 |
+ int length; |
2620 |
+ |
2621 |
+ if (!pskb_may_pull(skb, 4)) |
2622 |
+@@ -193,24 +194,16 @@ pass_up: |
2623 |
+ goto discard; |
2624 |
+ |
2625 |
+ tunnel_id = ntohl(*(__be32 *) &skb->data[4]); |
2626 |
+- tunnel = l2tp_tunnel_find(net, tunnel_id); |
2627 |
+- if (tunnel) { |
2628 |
+- sk = tunnel->sock; |
2629 |
+- sock_hold(sk); |
2630 |
+- } else { |
2631 |
+- struct ipv6hdr *iph = ipv6_hdr(skb); |
2632 |
+- |
2633 |
+- read_lock_bh(&l2tp_ip6_lock); |
2634 |
+- sk = __l2tp_ip6_bind_lookup(net, &iph->daddr, |
2635 |
+- 0, tunnel_id); |
2636 |
+- if (!sk) { |
2637 |
+- read_unlock_bh(&l2tp_ip6_lock); |
2638 |
+- goto discard; |
2639 |
+- } |
2640 |
++ iph = ipv6_hdr(skb); |
2641 |
+ |
2642 |
+- sock_hold(sk); |
2643 |
++ read_lock_bh(&l2tp_ip6_lock); |
2644 |
++ sk = __l2tp_ip6_bind_lookup(net, &iph->daddr, 0, tunnel_id); |
2645 |
++ if (!sk) { |
2646 |
+ read_unlock_bh(&l2tp_ip6_lock); |
2647 |
++ goto discard; |
2648 |
+ } |
2649 |
++ sock_hold(sk); |
2650 |
++ read_unlock_bh(&l2tp_ip6_lock); |
2651 |
+ |
2652 |
+ if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb)) |
2653 |
+ goto discard_put; |
2654 |
+@@ -278,6 +271,7 @@ static int l2tp_ip6_bind(struct sock *sk, struct sockaddr *uaddr, int addr_len) |
2655 |
+ struct sockaddr_l2tpip6 *addr = (struct sockaddr_l2tpip6 *) uaddr; |
2656 |
+ struct net *net = sock_net(sk); |
2657 |
+ __be32 v4addr = 0; |
2658 |
++ int bound_dev_if; |
2659 |
+ int addr_type; |
2660 |
+ int err; |
2661 |
+ |
2662 |
+@@ -296,13 +290,6 @@ static int l2tp_ip6_bind(struct sock *sk, struct sockaddr *uaddr, int addr_len) |
2663 |
+ if (addr_type & IPV6_ADDR_MULTICAST) |
2664 |
+ return -EADDRNOTAVAIL; |
2665 |
+ |
2666 |
+- err = -EADDRINUSE; |
2667 |
+- read_lock_bh(&l2tp_ip6_lock); |
2668 |
+- if (__l2tp_ip6_bind_lookup(net, &addr->l2tp_addr, |
2669 |
+- sk->sk_bound_dev_if, addr->l2tp_conn_id)) |
2670 |
+- goto out_in_use; |
2671 |
+- read_unlock_bh(&l2tp_ip6_lock); |
2672 |
+- |
2673 |
+ lock_sock(sk); |
2674 |
+ |
2675 |
+ err = -EINVAL; |
2676 |
+@@ -312,28 +299,25 @@ static int l2tp_ip6_bind(struct sock *sk, struct sockaddr *uaddr, int addr_len) |
2677 |
+ if (sk->sk_state != TCP_CLOSE) |
2678 |
+ goto out_unlock; |
2679 |
+ |
2680 |
++ bound_dev_if = sk->sk_bound_dev_if; |
2681 |
++ |
2682 |
+ /* Check if the address belongs to the host. */ |
2683 |
+ rcu_read_lock(); |
2684 |
+ if (addr_type != IPV6_ADDR_ANY) { |
2685 |
+ struct net_device *dev = NULL; |
2686 |
+ |
2687 |
+ if (addr_type & IPV6_ADDR_LINKLOCAL) { |
2688 |
+- if (addr_len >= sizeof(struct sockaddr_in6) && |
2689 |
+- addr->l2tp_scope_id) { |
2690 |
+- /* Override any existing binding, if another |
2691 |
+- * one is supplied by user. |
2692 |
+- */ |
2693 |
+- sk->sk_bound_dev_if = addr->l2tp_scope_id; |
2694 |
+- } |
2695 |
++ if (addr->l2tp_scope_id) |
2696 |
++ bound_dev_if = addr->l2tp_scope_id; |
2697 |
+ |
2698 |
+ /* Binding to link-local address requires an |
2699 |
+- interface */ |
2700 |
+- if (!sk->sk_bound_dev_if) |
2701 |
++ * interface. |
2702 |
++ */ |
2703 |
++ if (!bound_dev_if) |
2704 |
+ goto out_unlock_rcu; |
2705 |
+ |
2706 |
+ err = -ENODEV; |
2707 |
+- dev = dev_get_by_index_rcu(sock_net(sk), |
2708 |
+- sk->sk_bound_dev_if); |
2709 |
++ dev = dev_get_by_index_rcu(sock_net(sk), bound_dev_if); |
2710 |
+ if (!dev) |
2711 |
+ goto out_unlock_rcu; |
2712 |
+ } |
2713 |
+@@ -348,13 +332,22 @@ static int l2tp_ip6_bind(struct sock *sk, struct sockaddr *uaddr, int addr_len) |
2714 |
+ } |
2715 |
+ rcu_read_unlock(); |
2716 |
+ |
2717 |
+- inet->inet_rcv_saddr = inet->inet_saddr = v4addr; |
2718 |
++ write_lock_bh(&l2tp_ip6_lock); |
2719 |
++ if (__l2tp_ip6_bind_lookup(net, &addr->l2tp_addr, bound_dev_if, |
2720 |
++ addr->l2tp_conn_id)) { |
2721 |
++ write_unlock_bh(&l2tp_ip6_lock); |
2722 |
++ err = -EADDRINUSE; |
2723 |
++ goto out_unlock; |
2724 |
++ } |
2725 |
++ |
2726 |
++ inet->inet_saddr = v4addr; |
2727 |
++ inet->inet_rcv_saddr = v4addr; |
2728 |
++ sk->sk_bound_dev_if = bound_dev_if; |
2729 |
+ sk->sk_v6_rcv_saddr = addr->l2tp_addr; |
2730 |
+ np->saddr = addr->l2tp_addr; |
2731 |
+ |
2732 |
+ l2tp_ip6_sk(sk)->conn_id = addr->l2tp_conn_id; |
2733 |
+ |
2734 |
+- write_lock_bh(&l2tp_ip6_lock); |
2735 |
+ sk_add_bind_node(sk, &l2tp_ip6_bind_table); |
2736 |
+ sk_del_node_init(sk); |
2737 |
+ write_unlock_bh(&l2tp_ip6_lock); |
2738 |
+@@ -367,10 +360,7 @@ out_unlock_rcu: |
2739 |
+ rcu_read_unlock(); |
2740 |
+ out_unlock: |
2741 |
+ release_sock(sk); |
2742 |
+- return err; |
2743 |
+ |
2744 |
+-out_in_use: |
2745 |
+- read_unlock_bh(&l2tp_ip6_lock); |
2746 |
+ return err; |
2747 |
+ } |
2748 |
+ |
2749 |
+@@ -383,9 +373,6 @@ static int l2tp_ip6_connect(struct sock *sk, struct sockaddr *uaddr, |
2750 |
+ int addr_type; |
2751 |
+ int rc; |
2752 |
+ |
2753 |
+- if (sock_flag(sk, SOCK_ZAPPED)) /* Must bind first - autobinding does not work */ |
2754 |
+- return -EINVAL; |
2755 |
+- |
2756 |
+ if (addr_len < sizeof(*lsa)) |
2757 |
+ return -EINVAL; |
2758 |
+ |
2759 |
+@@ -402,10 +389,18 @@ static int l2tp_ip6_connect(struct sock *sk, struct sockaddr *uaddr, |
2760 |
+ return -EINVAL; |
2761 |
+ } |
2762 |
+ |
2763 |
+- rc = ip6_datagram_connect(sk, uaddr, addr_len); |
2764 |
+- |
2765 |
+ lock_sock(sk); |
2766 |
+ |
2767 |
++ /* Must bind first - autobinding does not work */ |
2768 |
++ if (sock_flag(sk, SOCK_ZAPPED)) { |
2769 |
++ rc = -EINVAL; |
2770 |
++ goto out_sk; |
2771 |
++ } |
2772 |
++ |
2773 |
++ rc = __ip6_datagram_connect(sk, uaddr, addr_len); |
2774 |
++ if (rc < 0) |
2775 |
++ goto out_sk; |
2776 |
++ |
2777 |
+ l2tp_ip6_sk(sk)->peer_conn_id = lsa->l2tp_conn_id; |
2778 |
+ |
2779 |
+ write_lock_bh(&l2tp_ip6_lock); |
2780 |
+@@ -413,6 +408,7 @@ static int l2tp_ip6_connect(struct sock *sk, struct sockaddr *uaddr, |
2781 |
+ sk_add_bind_node(sk, &l2tp_ip6_bind_table); |
2782 |
+ write_unlock_bh(&l2tp_ip6_lock); |
2783 |
+ |
2784 |
++out_sk: |
2785 |
+ release_sock(sk); |
2786 |
+ |
2787 |
+ return rc; |
2788 |
+diff --git a/net/l2tp/l2tp_netlink.c b/net/l2tp/l2tp_netlink.c |
2789 |
+index fb3248ff8b48..d3a84a181348 100644 |
2790 |
+--- a/net/l2tp/l2tp_netlink.c |
2791 |
++++ b/net/l2tp/l2tp_netlink.c |
2792 |
+@@ -55,7 +55,8 @@ static int l2tp_nl_session_send(struct sk_buff *skb, u32 portid, u32 seq, |
2793 |
+ /* Accessed under genl lock */ |
2794 |
+ static const struct l2tp_nl_cmd_ops *l2tp_nl_cmd_ops[__L2TP_PWTYPE_MAX]; |
2795 |
+ |
2796 |
+-static struct l2tp_session *l2tp_nl_session_find(struct genl_info *info) |
2797 |
++static struct l2tp_session *l2tp_nl_session_get(struct genl_info *info, |
2798 |
++ bool do_ref) |
2799 |
+ { |
2800 |
+ u32 tunnel_id; |
2801 |
+ u32 session_id; |
2802 |
+@@ -66,14 +67,17 @@ static struct l2tp_session *l2tp_nl_session_find(struct genl_info *info) |
2803 |
+ |
2804 |
+ if (info->attrs[L2TP_ATTR_IFNAME]) { |
2805 |
+ ifname = nla_data(info->attrs[L2TP_ATTR_IFNAME]); |
2806 |
+- session = l2tp_session_find_by_ifname(net, ifname); |
2807 |
++ session = l2tp_session_get_by_ifname(net, ifname, do_ref); |
2808 |
+ } else if ((info->attrs[L2TP_ATTR_SESSION_ID]) && |
2809 |
+ (info->attrs[L2TP_ATTR_CONN_ID])) { |
2810 |
+ tunnel_id = nla_get_u32(info->attrs[L2TP_ATTR_CONN_ID]); |
2811 |
+ session_id = nla_get_u32(info->attrs[L2TP_ATTR_SESSION_ID]); |
2812 |
+- tunnel = l2tp_tunnel_find(net, tunnel_id); |
2813 |
+- if (tunnel) |
2814 |
+- session = l2tp_session_find(net, tunnel, session_id); |
2815 |
++ tunnel = l2tp_tunnel_get(net, tunnel_id); |
2816 |
++ if (tunnel) { |
2817 |
++ session = l2tp_session_get(net, tunnel, session_id, |
2818 |
++ do_ref); |
2819 |
++ l2tp_tunnel_dec_refcount(tunnel); |
2820 |
++ } |
2821 |
+ } |
2822 |
+ |
2823 |
+ return session; |
2824 |
+@@ -276,8 +280,8 @@ static int l2tp_nl_cmd_tunnel_delete(struct sk_buff *skb, struct genl_info *info |
2825 |
+ } |
2826 |
+ tunnel_id = nla_get_u32(info->attrs[L2TP_ATTR_CONN_ID]); |
2827 |
+ |
2828 |
+- tunnel = l2tp_tunnel_find(net, tunnel_id); |
2829 |
+- if (tunnel == NULL) { |
2830 |
++ tunnel = l2tp_tunnel_get(net, tunnel_id); |
2831 |
++ if (!tunnel) { |
2832 |
+ ret = -ENODEV; |
2833 |
+ goto out; |
2834 |
+ } |
2835 |
+@@ -287,6 +291,8 @@ static int l2tp_nl_cmd_tunnel_delete(struct sk_buff *skb, struct genl_info *info |
2836 |
+ |
2837 |
+ l2tp_tunnel_delete(tunnel); |
2838 |
+ |
2839 |
++ l2tp_tunnel_dec_refcount(tunnel); |
2840 |
++ |
2841 |
+ out: |
2842 |
+ return ret; |
2843 |
+ } |
2844 |
+@@ -304,8 +310,8 @@ static int l2tp_nl_cmd_tunnel_modify(struct sk_buff *skb, struct genl_info *info |
2845 |
+ } |
2846 |
+ tunnel_id = nla_get_u32(info->attrs[L2TP_ATTR_CONN_ID]); |
2847 |
+ |
2848 |
+- tunnel = l2tp_tunnel_find(net, tunnel_id); |
2849 |
+- if (tunnel == NULL) { |
2850 |
++ tunnel = l2tp_tunnel_get(net, tunnel_id); |
2851 |
++ if (!tunnel) { |
2852 |
+ ret = -ENODEV; |
2853 |
+ goto out; |
2854 |
+ } |
2855 |
+@@ -316,6 +322,8 @@ static int l2tp_nl_cmd_tunnel_modify(struct sk_buff *skb, struct genl_info *info |
2856 |
+ ret = l2tp_tunnel_notify(&l2tp_nl_family, info, |
2857 |
+ tunnel, L2TP_CMD_TUNNEL_MODIFY); |
2858 |
+ |
2859 |
++ l2tp_tunnel_dec_refcount(tunnel); |
2860 |
++ |
2861 |
+ out: |
2862 |
+ return ret; |
2863 |
+ } |
2864 |
+@@ -420,34 +428,37 @@ static int l2tp_nl_cmd_tunnel_get(struct sk_buff *skb, struct genl_info *info) |
2865 |
+ |
2866 |
+ if (!info->attrs[L2TP_ATTR_CONN_ID]) { |
2867 |
+ ret = -EINVAL; |
2868 |
+- goto out; |
2869 |
++ goto err; |
2870 |
+ } |
2871 |
+ |
2872 |
+ tunnel_id = nla_get_u32(info->attrs[L2TP_ATTR_CONN_ID]); |
2873 |
+ |
2874 |
+- tunnel = l2tp_tunnel_find(net, tunnel_id); |
2875 |
+- if (tunnel == NULL) { |
2876 |
+- ret = -ENODEV; |
2877 |
+- goto out; |
2878 |
+- } |
2879 |
+- |
2880 |
+ msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); |
2881 |
+ if (!msg) { |
2882 |
+ ret = -ENOMEM; |
2883 |
+- goto out; |
2884 |
++ goto err; |
2885 |
++ } |
2886 |
++ |
2887 |
++ tunnel = l2tp_tunnel_get(net, tunnel_id); |
2888 |
++ if (!tunnel) { |
2889 |
++ ret = -ENODEV; |
2890 |
++ goto err_nlmsg; |
2891 |
+ } |
2892 |
+ |
2893 |
+ ret = l2tp_nl_tunnel_send(msg, info->snd_portid, info->snd_seq, |
2894 |
+ NLM_F_ACK, tunnel, L2TP_CMD_TUNNEL_GET); |
2895 |
+ if (ret < 0) |
2896 |
+- goto err_out; |
2897 |
++ goto err_nlmsg_tunnel; |
2898 |
++ |
2899 |
++ l2tp_tunnel_dec_refcount(tunnel); |
2900 |
+ |
2901 |
+ return genlmsg_unicast(net, msg, info->snd_portid); |
2902 |
+ |
2903 |
+-err_out: |
2904 |
++err_nlmsg_tunnel: |
2905 |
++ l2tp_tunnel_dec_refcount(tunnel); |
2906 |
++err_nlmsg: |
2907 |
+ nlmsg_free(msg); |
2908 |
+- |
2909 |
+-out: |
2910 |
++err: |
2911 |
+ return ret; |
2912 |
+ } |
2913 |
+ |
2914 |
+@@ -491,8 +502,9 @@ static int l2tp_nl_cmd_session_create(struct sk_buff *skb, struct genl_info *inf |
2915 |
+ ret = -EINVAL; |
2916 |
+ goto out; |
2917 |
+ } |
2918 |
++ |
2919 |
+ tunnel_id = nla_get_u32(info->attrs[L2TP_ATTR_CONN_ID]); |
2920 |
+- tunnel = l2tp_tunnel_find(net, tunnel_id); |
2921 |
++ tunnel = l2tp_tunnel_get(net, tunnel_id); |
2922 |
+ if (!tunnel) { |
2923 |
+ ret = -ENODEV; |
2924 |
+ goto out; |
2925 |
+@@ -500,29 +512,24 @@ static int l2tp_nl_cmd_session_create(struct sk_buff *skb, struct genl_info *inf |
2926 |
+ |
2927 |
+ if (!info->attrs[L2TP_ATTR_SESSION_ID]) { |
2928 |
+ ret = -EINVAL; |
2929 |
+- goto out; |
2930 |
++ goto out_tunnel; |
2931 |
+ } |
2932 |
+ session_id = nla_get_u32(info->attrs[L2TP_ATTR_SESSION_ID]); |
2933 |
+- session = l2tp_session_find(net, tunnel, session_id); |
2934 |
+- if (session) { |
2935 |
+- ret = -EEXIST; |
2936 |
+- goto out; |
2937 |
+- } |
2938 |
+ |
2939 |
+ if (!info->attrs[L2TP_ATTR_PEER_SESSION_ID]) { |
2940 |
+ ret = -EINVAL; |
2941 |
+- goto out; |
2942 |
++ goto out_tunnel; |
2943 |
+ } |
2944 |
+ peer_session_id = nla_get_u32(info->attrs[L2TP_ATTR_PEER_SESSION_ID]); |
2945 |
+ |
2946 |
+ if (!info->attrs[L2TP_ATTR_PW_TYPE]) { |
2947 |
+ ret = -EINVAL; |
2948 |
+- goto out; |
2949 |
++ goto out_tunnel; |
2950 |
+ } |
2951 |
+ cfg.pw_type = nla_get_u16(info->attrs[L2TP_ATTR_PW_TYPE]); |
2952 |
+ if (cfg.pw_type >= __L2TP_PWTYPE_MAX) { |
2953 |
+ ret = -EINVAL; |
2954 |
+- goto out; |
2955 |
++ goto out_tunnel; |
2956 |
+ } |
2957 |
+ |
2958 |
+ if (tunnel->version > 2) { |
2959 |
+@@ -544,7 +551,7 @@ static int l2tp_nl_cmd_session_create(struct sk_buff *skb, struct genl_info *inf |
2960 |
+ u16 len = nla_len(info->attrs[L2TP_ATTR_COOKIE]); |
2961 |
+ if (len > 8) { |
2962 |
+ ret = -EINVAL; |
2963 |
+- goto out; |
2964 |
++ goto out_tunnel; |
2965 |
+ } |
2966 |
+ cfg.cookie_len = len; |
2967 |
+ memcpy(&cfg.cookie[0], nla_data(info->attrs[L2TP_ATTR_COOKIE]), len); |
2968 |
+@@ -553,7 +560,7 @@ static int l2tp_nl_cmd_session_create(struct sk_buff *skb, struct genl_info *inf |
2969 |
+ u16 len = nla_len(info->attrs[L2TP_ATTR_PEER_COOKIE]); |
2970 |
+ if (len > 8) { |
2971 |
+ ret = -EINVAL; |
2972 |
+- goto out; |
2973 |
++ goto out_tunnel; |
2974 |
+ } |
2975 |
+ cfg.peer_cookie_len = len; |
2976 |
+ memcpy(&cfg.peer_cookie[0], nla_data(info->attrs[L2TP_ATTR_PEER_COOKIE]), len); |
2977 |
+@@ -596,7 +603,7 @@ static int l2tp_nl_cmd_session_create(struct sk_buff *skb, struct genl_info *inf |
2978 |
+ if ((l2tp_nl_cmd_ops[cfg.pw_type] == NULL) || |
2979 |
+ (l2tp_nl_cmd_ops[cfg.pw_type]->session_create == NULL)) { |
2980 |
+ ret = -EPROTONOSUPPORT; |
2981 |
+- goto out; |
2982 |
++ goto out_tunnel; |
2983 |
+ } |
2984 |
+ |
2985 |
+ /* Check that pseudowire-specific params are present */ |
2986 |
+@@ -606,7 +613,7 @@ static int l2tp_nl_cmd_session_create(struct sk_buff *skb, struct genl_info *inf |
2987 |
+ case L2TP_PWTYPE_ETH_VLAN: |
2988 |
+ if (!info->attrs[L2TP_ATTR_VLAN_ID]) { |
2989 |
+ ret = -EINVAL; |
2990 |
+- goto out; |
2991 |
++ goto out_tunnel; |
2992 |
+ } |
2993 |
+ break; |
2994 |
+ case L2TP_PWTYPE_ETH: |
2995 |
+@@ -620,18 +627,22 @@ static int l2tp_nl_cmd_session_create(struct sk_buff *skb, struct genl_info *inf |
2996 |
+ break; |
2997 |
+ } |
2998 |
+ |
2999 |
+- ret = -EPROTONOSUPPORT; |
3000 |
+- if (l2tp_nl_cmd_ops[cfg.pw_type]->session_create) |
3001 |
+- ret = (*l2tp_nl_cmd_ops[cfg.pw_type]->session_create)(net, tunnel_id, |
3002 |
+- session_id, peer_session_id, &cfg); |
3003 |
++ ret = l2tp_nl_cmd_ops[cfg.pw_type]->session_create(net, tunnel, |
3004 |
++ session_id, |
3005 |
++ peer_session_id, |
3006 |
++ &cfg); |
3007 |
+ |
3008 |
+ if (ret >= 0) { |
3009 |
+- session = l2tp_session_find(net, tunnel, session_id); |
3010 |
+- if (session) |
3011 |
++ session = l2tp_session_get(net, tunnel, session_id, false); |
3012 |
++ if (session) { |
3013 |
+ ret = l2tp_session_notify(&l2tp_nl_family, info, session, |
3014 |
+ L2TP_CMD_SESSION_CREATE); |
3015 |
++ l2tp_session_dec_refcount(session); |
3016 |
++ } |
3017 |
+ } |
3018 |
+ |
3019 |
++out_tunnel: |
3020 |
++ l2tp_tunnel_dec_refcount(tunnel); |
3021 |
+ out: |
3022 |
+ return ret; |
3023 |
+ } |
3024 |
+@@ -642,7 +653,7 @@ static int l2tp_nl_cmd_session_delete(struct sk_buff *skb, struct genl_info *inf |
3025 |
+ struct l2tp_session *session; |
3026 |
+ u16 pw_type; |
3027 |
+ |
3028 |
+- session = l2tp_nl_session_find(info); |
3029 |
++ session = l2tp_nl_session_get(info, true); |
3030 |
+ if (session == NULL) { |
3031 |
+ ret = -ENODEV; |
3032 |
+ goto out; |
3033 |
+@@ -656,6 +667,10 @@ static int l2tp_nl_cmd_session_delete(struct sk_buff *skb, struct genl_info *inf |
3034 |
+ if (l2tp_nl_cmd_ops[pw_type] && l2tp_nl_cmd_ops[pw_type]->session_delete) |
3035 |
+ ret = (*l2tp_nl_cmd_ops[pw_type]->session_delete)(session); |
3036 |
+ |
3037 |
++ if (session->deref) |
3038 |
++ session->deref(session); |
3039 |
++ l2tp_session_dec_refcount(session); |
3040 |
++ |
3041 |
+ out: |
3042 |
+ return ret; |
3043 |
+ } |
3044 |
+@@ -665,7 +680,7 @@ static int l2tp_nl_cmd_session_modify(struct sk_buff *skb, struct genl_info *inf |
3045 |
+ int ret = 0; |
3046 |
+ struct l2tp_session *session; |
3047 |
+ |
3048 |
+- session = l2tp_nl_session_find(info); |
3049 |
++ session = l2tp_nl_session_get(info, false); |
3050 |
+ if (session == NULL) { |
3051 |
+ ret = -ENODEV; |
3052 |
+ goto out; |
3053 |
+@@ -700,6 +715,8 @@ static int l2tp_nl_cmd_session_modify(struct sk_buff *skb, struct genl_info *inf |
3054 |
+ ret = l2tp_session_notify(&l2tp_nl_family, info, |
3055 |
+ session, L2TP_CMD_SESSION_MODIFY); |
3056 |
+ |
3057 |
++ l2tp_session_dec_refcount(session); |
3058 |
++ |
3059 |
+ out: |
3060 |
+ return ret; |
3061 |
+ } |
3062 |
+@@ -786,29 +803,34 @@ static int l2tp_nl_cmd_session_get(struct sk_buff *skb, struct genl_info *info) |
3063 |
+ struct sk_buff *msg; |
3064 |
+ int ret; |
3065 |
+ |
3066 |
+- session = l2tp_nl_session_find(info); |
3067 |
++ session = l2tp_nl_session_get(info, false); |
3068 |
+ if (session == NULL) { |
3069 |
+ ret = -ENODEV; |
3070 |
+- goto out; |
3071 |
++ goto err; |
3072 |
+ } |
3073 |
+ |
3074 |
+ msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); |
3075 |
+ if (!msg) { |
3076 |
+ ret = -ENOMEM; |
3077 |
+- goto out; |
3078 |
++ goto err_ref; |
3079 |
+ } |
3080 |
+ |
3081 |
+ ret = l2tp_nl_session_send(msg, info->snd_portid, info->snd_seq, |
3082 |
+ 0, session, L2TP_CMD_SESSION_GET); |
3083 |
+ if (ret < 0) |
3084 |
+- goto err_out; |
3085 |
++ goto err_ref_msg; |
3086 |
+ |
3087 |
+- return genlmsg_unicast(genl_info_net(info), msg, info->snd_portid); |
3088 |
++ ret = genlmsg_unicast(genl_info_net(info), msg, info->snd_portid); |
3089 |
+ |
3090 |
+-err_out: |
3091 |
+- nlmsg_free(msg); |
3092 |
++ l2tp_session_dec_refcount(session); |
3093 |
+ |
3094 |
+-out: |
3095 |
++ return ret; |
3096 |
++ |
3097 |
++err_ref_msg: |
3098 |
++ nlmsg_free(msg); |
3099 |
++err_ref: |
3100 |
++ l2tp_session_dec_refcount(session); |
3101 |
++err: |
3102 |
+ return ret; |
3103 |
+ } |
3104 |
+ |
3105 |
+diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c |
3106 |
+index bc5d6b8f8ede..8ff5352bb0e3 100644 |
3107 |
+--- a/net/l2tp/l2tp_ppp.c |
3108 |
++++ b/net/l2tp/l2tp_ppp.c |
3109 |
+@@ -122,8 +122,11 @@ |
3110 |
+ struct pppol2tp_session { |
3111 |
+ int owner; /* pid that opened the socket */ |
3112 |
+ |
3113 |
+- struct sock *sock; /* Pointer to the session |
3114 |
++ struct mutex sk_lock; /* Protects .sk */ |
3115 |
++ struct sock __rcu *sk; /* Pointer to the session |
3116 |
+ * PPPoX socket */ |
3117 |
++ struct sock *__sk; /* Copy of .sk, for cleanup */ |
3118 |
++ struct rcu_head rcu; /* For asynchronous release */ |
3119 |
+ struct sock *tunnel_sock; /* Pointer to the tunnel UDP |
3120 |
+ * socket */ |
3121 |
+ int flags; /* accessed by PPPIOCGFLAGS. |
3122 |
+@@ -138,6 +141,24 @@ static const struct ppp_channel_ops pppol2tp_chan_ops = { |
3123 |
+ |
3124 |
+ static const struct proto_ops pppol2tp_ops; |
3125 |
+ |
3126 |
++/* Retrieves the pppol2tp socket associated to a session. |
3127 |
++ * A reference is held on the returned socket, so this function must be paired |
3128 |
++ * with sock_put(). |
3129 |
++ */ |
3130 |
++static struct sock *pppol2tp_session_get_sock(struct l2tp_session *session) |
3131 |
++{ |
3132 |
++ struct pppol2tp_session *ps = l2tp_session_priv(session); |
3133 |
++ struct sock *sk; |
3134 |
++ |
3135 |
++ rcu_read_lock(); |
3136 |
++ sk = rcu_dereference(ps->sk); |
3137 |
++ if (sk) |
3138 |
++ sock_hold(sk); |
3139 |
++ rcu_read_unlock(); |
3140 |
++ |
3141 |
++ return sk; |
3142 |
++} |
3143 |
++ |
3144 |
+ /* Helpers to obtain tunnel/session contexts from sockets. |
3145 |
+ */ |
3146 |
+ static inline struct l2tp_session *pppol2tp_sock_to_session(struct sock *sk) |
3147 |
+@@ -224,13 +245,14 @@ static void pppol2tp_recv(struct l2tp_session *session, struct sk_buff *skb, int |
3148 |
+ /* If the socket is bound, send it in to PPP's input queue. Otherwise |
3149 |
+ * queue it on the session socket. |
3150 |
+ */ |
3151 |
+- sk = ps->sock; |
3152 |
++ rcu_read_lock(); |
3153 |
++ sk = rcu_dereference(ps->sk); |
3154 |
+ if (sk == NULL) |
3155 |
+ goto no_sock; |
3156 |
+ |
3157 |
+ if (sk->sk_state & PPPOX_BOUND) { |
3158 |
+ struct pppox_sock *po; |
3159 |
+- l2tp_dbg(session, PPPOL2TP_MSG_DATA, |
3160 |
++ l2tp_dbg(session, L2TP_MSG_DATA, |
3161 |
+ "%s: recv %d byte data frame, passing to ppp\n", |
3162 |
+ session->name, data_len); |
3163 |
+ |
3164 |
+@@ -253,7 +275,7 @@ static void pppol2tp_recv(struct l2tp_session *session, struct sk_buff *skb, int |
3165 |
+ po = pppox_sk(sk); |
3166 |
+ ppp_input(&po->chan, skb); |
3167 |
+ } else { |
3168 |
+- l2tp_dbg(session, PPPOL2TP_MSG_DATA, |
3169 |
++ l2tp_dbg(session, L2TP_MSG_DATA, |
3170 |
+ "%s: recv %d byte data frame, passing to L2TP socket\n", |
3171 |
+ session->name, data_len); |
3172 |
+ |
3173 |
+@@ -262,30 +284,16 @@ static void pppol2tp_recv(struct l2tp_session *session, struct sk_buff *skb, int |
3174 |
+ kfree_skb(skb); |
3175 |
+ } |
3176 |
+ } |
3177 |
++ rcu_read_unlock(); |
3178 |
+ |
3179 |
+ return; |
3180 |
+ |
3181 |
+ no_sock: |
3182 |
+- l2tp_info(session, PPPOL2TP_MSG_DATA, "%s: no socket\n", session->name); |
3183 |
++ rcu_read_unlock(); |
3184 |
++ l2tp_info(session, L2TP_MSG_DATA, "%s: no socket\n", session->name); |
3185 |
+ kfree_skb(skb); |
3186 |
+ } |
3187 |
+ |
3188 |
+-static void pppol2tp_session_sock_hold(struct l2tp_session *session) |
3189 |
+-{ |
3190 |
+- struct pppol2tp_session *ps = l2tp_session_priv(session); |
3191 |
+- |
3192 |
+- if (ps->sock) |
3193 |
+- sock_hold(ps->sock); |
3194 |
+-} |
3195 |
+- |
3196 |
+-static void pppol2tp_session_sock_put(struct l2tp_session *session) |
3197 |
+-{ |
3198 |
+- struct pppol2tp_session *ps = l2tp_session_priv(session); |
3199 |
+- |
3200 |
+- if (ps->sock) |
3201 |
+- sock_put(ps->sock); |
3202 |
+-} |
3203 |
+- |
3204 |
+ /************************************************************************ |
3205 |
+ * Transmit handling |
3206 |
+ ***********************************************************************/ |
3207 |
+@@ -446,17 +454,16 @@ abort: |
3208 |
+ */ |
3209 |
+ static void pppol2tp_session_close(struct l2tp_session *session) |
3210 |
+ { |
3211 |
+- struct pppol2tp_session *ps = l2tp_session_priv(session); |
3212 |
+- struct sock *sk = ps->sock; |
3213 |
+- struct socket *sock = sk->sk_socket; |
3214 |
++ struct sock *sk; |
3215 |
+ |
3216 |
+ BUG_ON(session->magic != L2TP_SESSION_MAGIC); |
3217 |
+ |
3218 |
+- if (sock) |
3219 |
+- inet_shutdown(sock, SEND_SHUTDOWN); |
3220 |
+- |
3221 |
+- /* Don't let the session go away before our socket does */ |
3222 |
+- l2tp_session_inc_refcount(session); |
3223 |
++ sk = pppol2tp_session_get_sock(session); |
3224 |
++ if (sk) { |
3225 |
++ if (sk->sk_socket) |
3226 |
++ inet_shutdown(sk->sk_socket, SEND_SHUTDOWN); |
3227 |
++ sock_put(sk); |
3228 |
++ } |
3229 |
+ } |
3230 |
+ |
3231 |
+ /* Really kill the session socket. (Called from sock_put() if |
3232 |
+@@ -476,6 +483,14 @@ static void pppol2tp_session_destruct(struct sock *sk) |
3233 |
+ } |
3234 |
+ } |
3235 |
+ |
3236 |
++static void pppol2tp_put_sk(struct rcu_head *head) |
3237 |
++{ |
3238 |
++ struct pppol2tp_session *ps; |
3239 |
++ |
3240 |
++ ps = container_of(head, typeof(*ps), rcu); |
3241 |
++ sock_put(ps->__sk); |
3242 |
++} |
3243 |
++ |
3244 |
+ /* Called when the PPPoX socket (session) is closed. |
3245 |
+ */ |
3246 |
+ static int pppol2tp_release(struct socket *sock) |
3247 |
+@@ -501,11 +516,23 @@ static int pppol2tp_release(struct socket *sock) |
3248 |
+ |
3249 |
+ session = pppol2tp_sock_to_session(sk); |
3250 |
+ |
3251 |
+- /* Purge any queued data */ |
3252 |
+ if (session != NULL) { |
3253 |
+- __l2tp_session_unhash(session); |
3254 |
+- l2tp_session_queue_purge(session); |
3255 |
+- sock_put(sk); |
3256 |
++ struct pppol2tp_session *ps; |
3257 |
++ |
3258 |
++ l2tp_session_delete(session); |
3259 |
++ |
3260 |
++ ps = l2tp_session_priv(session); |
3261 |
++ mutex_lock(&ps->sk_lock); |
3262 |
++ ps->__sk = rcu_dereference_protected(ps->sk, |
3263 |
++ lockdep_is_held(&ps->sk_lock)); |
3264 |
++ RCU_INIT_POINTER(ps->sk, NULL); |
3265 |
++ mutex_unlock(&ps->sk_lock); |
3266 |
++ call_rcu(&ps->rcu, pppol2tp_put_sk); |
3267 |
++ |
3268 |
++ /* Rely on the sock_put() call at the end of the function for |
3269 |
++ * dropping the reference held by pppol2tp_sock_to_session(). |
3270 |
++ * The last reference will be dropped by pppol2tp_put_sk(). |
3271 |
++ */ |
3272 |
+ } |
3273 |
+ release_sock(sk); |
3274 |
+ |
3275 |
+@@ -572,16 +599,47 @@ out: |
3276 |
+ static void pppol2tp_show(struct seq_file *m, void *arg) |
3277 |
+ { |
3278 |
+ struct l2tp_session *session = arg; |
3279 |
+- struct pppol2tp_session *ps = l2tp_session_priv(session); |
3280 |
++ struct sock *sk; |
3281 |
++ |
3282 |
++ sk = pppol2tp_session_get_sock(session); |
3283 |
++ if (sk) { |
3284 |
++ struct pppox_sock *po = pppox_sk(sk); |
3285 |
+ |
3286 |
+- if (ps) { |
3287 |
+- struct pppox_sock *po = pppox_sk(ps->sock); |
3288 |
+- if (po) |
3289 |
+- seq_printf(m, " interface %s\n", ppp_dev_name(&po->chan)); |
3290 |
++ seq_printf(m, " interface %s\n", ppp_dev_name(&po->chan)); |
3291 |
++ sock_put(sk); |
3292 |
+ } |
3293 |
+ } |
3294 |
+ #endif |
3295 |
+ |
3296 |
++static void pppol2tp_session_init(struct l2tp_session *session) |
3297 |
++{ |
3298 |
++ struct pppol2tp_session *ps; |
3299 |
++ struct dst_entry *dst; |
3300 |
++ |
3301 |
++ session->recv_skb = pppol2tp_recv; |
3302 |
++ session->session_close = pppol2tp_session_close; |
3303 |
++#if defined(CONFIG_L2TP_DEBUGFS) || defined(CONFIG_L2TP_DEBUGFS_MODULE) |
3304 |
++ session->show = pppol2tp_show; |
3305 |
++#endif |
3306 |
++ |
3307 |
++ ps = l2tp_session_priv(session); |
3308 |
++ mutex_init(&ps->sk_lock); |
3309 |
++ ps->tunnel_sock = session->tunnel->sock; |
3310 |
++ ps->owner = current->pid; |
3311 |
++ |
3312 |
++ /* If PMTU discovery was enabled, use the MTU that was discovered */ |
3313 |
++ dst = sk_dst_get(session->tunnel->sock); |
3314 |
++ if (dst) { |
3315 |
++ u32 pmtu = dst_mtu(dst); |
3316 |
++ |
3317 |
++ if (pmtu) { |
3318 |
++ session->mtu = pmtu - PPPOL2TP_HEADER_OVERHEAD; |
3319 |
++ session->mru = pmtu - PPPOL2TP_HEADER_OVERHEAD; |
3320 |
++ } |
3321 |
++ dst_release(dst); |
3322 |
++ } |
3323 |
++} |
3324 |
++ |
3325 |
+ /* connect() handler. Attach a PPPoX socket to a tunnel UDP socket |
3326 |
+ */ |
3327 |
+ static int pppol2tp_connect(struct socket *sock, struct sockaddr *uservaddr, |
3328 |
+@@ -593,7 +651,6 @@ static int pppol2tp_connect(struct socket *sock, struct sockaddr *uservaddr, |
3329 |
+ struct l2tp_session *session = NULL; |
3330 |
+ struct l2tp_tunnel *tunnel; |
3331 |
+ struct pppol2tp_session *ps; |
3332 |
+- struct dst_entry *dst; |
3333 |
+ struct l2tp_session_cfg cfg = { 0, }; |
3334 |
+ int error = 0; |
3335 |
+ u32 tunnel_id, peer_tunnel_id; |
3336 |
+@@ -715,13 +772,17 @@ static int pppol2tp_connect(struct socket *sock, struct sockaddr *uservaddr, |
3337 |
+ /* Using a pre-existing session is fine as long as it hasn't |
3338 |
+ * been connected yet. |
3339 |
+ */ |
3340 |
+- if (ps->sock) { |
3341 |
++ mutex_lock(&ps->sk_lock); |
3342 |
++ if (rcu_dereference_protected(ps->sk, |
3343 |
++ lockdep_is_held(&ps->sk_lock))) { |
3344 |
++ mutex_unlock(&ps->sk_lock); |
3345 |
+ error = -EEXIST; |
3346 |
+ goto end; |
3347 |
+ } |
3348 |
+ |
3349 |
+ /* consistency checks */ |
3350 |
+ if (ps->tunnel_sock != tunnel->sock) { |
3351 |
++ mutex_unlock(&ps->sk_lock); |
3352 |
+ error = -EEXIST; |
3353 |
+ goto end; |
3354 |
+ } |
3355 |
+@@ -737,35 +798,19 @@ static int pppol2tp_connect(struct socket *sock, struct sockaddr *uservaddr, |
3356 |
+ error = PTR_ERR(session); |
3357 |
+ goto end; |
3358 |
+ } |
3359 |
+- } |
3360 |
+- |
3361 |
+- /* Associate session with its PPPoL2TP socket */ |
3362 |
+- ps = l2tp_session_priv(session); |
3363 |
+- ps->owner = current->pid; |
3364 |
+- ps->sock = sk; |
3365 |
+- ps->tunnel_sock = tunnel->sock; |
3366 |
+ |
3367 |
+- session->recv_skb = pppol2tp_recv; |
3368 |
+- session->session_close = pppol2tp_session_close; |
3369 |
+-#if defined(CONFIG_L2TP_DEBUGFS) || defined(CONFIG_L2TP_DEBUGFS_MODULE) |
3370 |
+- session->show = pppol2tp_show; |
3371 |
+-#endif |
3372 |
+- |
3373 |
+- /* We need to know each time a skb is dropped from the reorder |
3374 |
+- * queue. |
3375 |
+- */ |
3376 |
+- session->ref = pppol2tp_session_sock_hold; |
3377 |
+- session->deref = pppol2tp_session_sock_put; |
3378 |
+- |
3379 |
+- /* If PMTU discovery was enabled, use the MTU that was discovered */ |
3380 |
+- dst = sk_dst_get(tunnel->sock); |
3381 |
+- if (dst != NULL) { |
3382 |
+- u32 pmtu = dst_mtu(dst); |
3383 |
++ pppol2tp_session_init(session); |
3384 |
++ ps = l2tp_session_priv(session); |
3385 |
++ l2tp_session_inc_refcount(session); |
3386 |
+ |
3387 |
+- if (pmtu != 0) |
3388 |
+- session->mtu = session->mru = pmtu - |
3389 |
+- PPPOL2TP_HEADER_OVERHEAD; |
3390 |
+- dst_release(dst); |
3391 |
++ mutex_lock(&ps->sk_lock); |
3392 |
++ error = l2tp_session_register(session, tunnel); |
3393 |
++ if (error < 0) { |
3394 |
++ mutex_unlock(&ps->sk_lock); |
3395 |
++ kfree(session); |
3396 |
++ goto end; |
3397 |
++ } |
3398 |
++ drop_refcnt = true; |
3399 |
+ } |
3400 |
+ |
3401 |
+ /* Special case: if source & dest session_id == 0x0000, this |
3402 |
+@@ -790,14 +835,25 @@ static int pppol2tp_connect(struct socket *sock, struct sockaddr *uservaddr, |
3403 |
+ po->chan.mtu = session->mtu; |
3404 |
+ |
3405 |
+ error = ppp_register_net_channel(sock_net(sk), &po->chan); |
3406 |
+- if (error) |
3407 |
++ if (error) { |
3408 |
++ mutex_unlock(&ps->sk_lock); |
3409 |
+ goto end; |
3410 |
++ } |
3411 |
+ |
3412 |
+ out_no_ppp: |
3413 |
+ /* This is how we get the session context from the socket. */ |
3414 |
+ sk->sk_user_data = session; |
3415 |
++ rcu_assign_pointer(ps->sk, sk); |
3416 |
++ mutex_unlock(&ps->sk_lock); |
3417 |
++ |
3418 |
++ /* Keep the reference we've grabbed on the session: sk doesn't expect |
3419 |
++ * the session to disappear. pppol2tp_session_destruct() is responsible |
3420 |
++ * for dropping it. |
3421 |
++ */ |
3422 |
++ drop_refcnt = false; |
3423 |
++ |
3424 |
+ sk->sk_state = PPPOX_CONNECTED; |
3425 |
+- l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: created\n", |
3426 |
++ l2tp_info(session, L2TP_MSG_CONTROL, "%s: created\n", |
3427 |
+ session->name); |
3428 |
+ |
3429 |
+ end: |
3430 |
+@@ -810,25 +866,19 @@ end: |
3431 |
+ |
3432 |
+ #ifdef CONFIG_L2TP_V3 |
3433 |
+ |
3434 |
+-/* Called when creating sessions via the netlink interface. |
3435 |
+- */ |
3436 |
+-static int pppol2tp_session_create(struct net *net, u32 tunnel_id, u32 session_id, u32 peer_session_id, struct l2tp_session_cfg *cfg) |
3437 |
++/* Called when creating sessions via the netlink interface. */ |
3438 |
++static int pppol2tp_session_create(struct net *net, struct l2tp_tunnel *tunnel, |
3439 |
++ u32 session_id, u32 peer_session_id, |
3440 |
++ struct l2tp_session_cfg *cfg) |
3441 |
+ { |
3442 |
+ int error; |
3443 |
+- struct l2tp_tunnel *tunnel; |
3444 |
+ struct l2tp_session *session; |
3445 |
+- struct pppol2tp_session *ps; |
3446 |
+- |
3447 |
+- tunnel = l2tp_tunnel_find(net, tunnel_id); |
3448 |
+- |
3449 |
+- /* Error if we can't find the tunnel */ |
3450 |
+- error = -ENOENT; |
3451 |
+- if (tunnel == NULL) |
3452 |
+- goto out; |
3453 |
+ |
3454 |
+ /* Error if tunnel socket is not prepped */ |
3455 |
+- if (tunnel->sock == NULL) |
3456 |
+- goto out; |
3457 |
++ if (!tunnel->sock) { |
3458 |
++ error = -ENOENT; |
3459 |
++ goto err; |
3460 |
++ } |
3461 |
+ |
3462 |
+ /* Default MTU values. */ |
3463 |
+ if (cfg->mtu == 0) |
3464 |
+@@ -842,18 +892,20 @@ static int pppol2tp_session_create(struct net *net, u32 tunnel_id, u32 session_i |
3465 |
+ peer_session_id, cfg); |
3466 |
+ if (IS_ERR(session)) { |
3467 |
+ error = PTR_ERR(session); |
3468 |
+- goto out; |
3469 |
++ goto err; |
3470 |
+ } |
3471 |
+ |
3472 |
+- ps = l2tp_session_priv(session); |
3473 |
+- ps->tunnel_sock = tunnel->sock; |
3474 |
++ pppol2tp_session_init(session); |
3475 |
+ |
3476 |
+- l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: created\n", |
3477 |
+- session->name); |
3478 |
++ error = l2tp_session_register(session, tunnel); |
3479 |
++ if (error < 0) |
3480 |
++ goto err_sess; |
3481 |
+ |
3482 |
+- error = 0; |
3483 |
++ return 0; |
3484 |
+ |
3485 |
+-out: |
3486 |
++err_sess: |
3487 |
++ kfree(session); |
3488 |
++err: |
3489 |
+ return error; |
3490 |
+ } |
3491 |
+ |
3492 |
+@@ -1010,16 +1062,14 @@ static int pppol2tp_session_ioctl(struct l2tp_session *session, |
3493 |
+ struct l2tp_tunnel *tunnel = session->tunnel; |
3494 |
+ struct pppol2tp_ioc_stats stats; |
3495 |
+ |
3496 |
+- l2tp_dbg(session, PPPOL2TP_MSG_CONTROL, |
3497 |
++ l2tp_dbg(session, L2TP_MSG_CONTROL, |
3498 |
+ "%s: pppol2tp_session_ioctl(cmd=%#x, arg=%#lx)\n", |
3499 |
+ session->name, cmd, arg); |
3500 |
+ |
3501 |
+- sk = ps->sock; |
3502 |
++ sk = pppol2tp_session_get_sock(session); |
3503 |
+ if (!sk) |
3504 |
+ return -EBADR; |
3505 |
+ |
3506 |
+- sock_hold(sk); |
3507 |
+- |
3508 |
+ switch (cmd) { |
3509 |
+ case SIOCGIFMTU: |
3510 |
+ err = -ENXIO; |
3511 |
+@@ -1033,7 +1083,7 @@ static int pppol2tp_session_ioctl(struct l2tp_session *session, |
3512 |
+ if (copy_to_user((void __user *) arg, &ifr, sizeof(struct ifreq))) |
3513 |
+ break; |
3514 |
+ |
3515 |
+- l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: get mtu=%d\n", |
3516 |
++ l2tp_info(session, L2TP_MSG_CONTROL, "%s: get mtu=%d\n", |
3517 |
+ session->name, session->mtu); |
3518 |
+ err = 0; |
3519 |
+ break; |
3520 |
+@@ -1049,7 +1099,7 @@ static int pppol2tp_session_ioctl(struct l2tp_session *session, |
3521 |
+ |
3522 |
+ session->mtu = ifr.ifr_mtu; |
3523 |
+ |
3524 |
+- l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: set mtu=%d\n", |
3525 |
++ l2tp_info(session, L2TP_MSG_CONTROL, "%s: set mtu=%d\n", |
3526 |
+ session->name, session->mtu); |
3527 |
+ err = 0; |
3528 |
+ break; |
3529 |
+@@ -1063,7 +1113,7 @@ static int pppol2tp_session_ioctl(struct l2tp_session *session, |
3530 |
+ if (put_user(session->mru, (int __user *) arg)) |
3531 |
+ break; |
3532 |
+ |
3533 |
+- l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: get mru=%d\n", |
3534 |
++ l2tp_info(session, L2TP_MSG_CONTROL, "%s: get mru=%d\n", |
3535 |
+ session->name, session->mru); |
3536 |
+ err = 0; |
3537 |
+ break; |
3538 |
+@@ -1078,7 +1128,7 @@ static int pppol2tp_session_ioctl(struct l2tp_session *session, |
3539 |
+ break; |
3540 |
+ |
3541 |
+ session->mru = val; |
3542 |
+- l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: set mru=%d\n", |
3543 |
++ l2tp_info(session, L2TP_MSG_CONTROL, "%s: set mru=%d\n", |
3544 |
+ session->name, session->mru); |
3545 |
+ err = 0; |
3546 |
+ break; |
3547 |
+@@ -1088,7 +1138,7 @@ static int pppol2tp_session_ioctl(struct l2tp_session *session, |
3548 |
+ if (put_user(ps->flags, (int __user *) arg)) |
3549 |
+ break; |
3550 |
+ |
3551 |
+- l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: get flags=%d\n", |
3552 |
++ l2tp_info(session, L2TP_MSG_CONTROL, "%s: get flags=%d\n", |
3553 |
+ session->name, ps->flags); |
3554 |
+ err = 0; |
3555 |
+ break; |
3556 |
+@@ -1098,7 +1148,7 @@ static int pppol2tp_session_ioctl(struct l2tp_session *session, |
3557 |
+ if (get_user(val, (int __user *) arg)) |
3558 |
+ break; |
3559 |
+ ps->flags = val; |
3560 |
+- l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: set flags=%d\n", |
3561 |
++ l2tp_info(session, L2TP_MSG_CONTROL, "%s: set flags=%d\n", |
3562 |
+ session->name, ps->flags); |
3563 |
+ err = 0; |
3564 |
+ break; |
3565 |
+@@ -1115,7 +1165,7 @@ static int pppol2tp_session_ioctl(struct l2tp_session *session, |
3566 |
+ if (copy_to_user((void __user *) arg, &stats, |
3567 |
+ sizeof(stats))) |
3568 |
+ break; |
3569 |
+- l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: get L2TP stats\n", |
3570 |
++ l2tp_info(session, L2TP_MSG_CONTROL, "%s: get L2TP stats\n", |
3571 |
+ session->name); |
3572 |
+ err = 0; |
3573 |
+ break; |
3574 |
+@@ -1143,7 +1193,7 @@ static int pppol2tp_tunnel_ioctl(struct l2tp_tunnel *tunnel, |
3575 |
+ struct sock *sk; |
3576 |
+ struct pppol2tp_ioc_stats stats; |
3577 |
+ |
3578 |
+- l2tp_dbg(tunnel, PPPOL2TP_MSG_CONTROL, |
3579 |
++ l2tp_dbg(tunnel, L2TP_MSG_CONTROL, |
3580 |
+ "%s: pppol2tp_tunnel_ioctl(cmd=%#x, arg=%#lx)\n", |
3581 |
+ tunnel->name, cmd, arg); |
3582 |
+ |
3583 |
+@@ -1186,7 +1236,7 @@ static int pppol2tp_tunnel_ioctl(struct l2tp_tunnel *tunnel, |
3584 |
+ err = -EFAULT; |
3585 |
+ break; |
3586 |
+ } |
3587 |
+- l2tp_info(tunnel, PPPOL2TP_MSG_CONTROL, "%s: get L2TP stats\n", |
3588 |
++ l2tp_info(tunnel, L2TP_MSG_CONTROL, "%s: get L2TP stats\n", |
3589 |
+ tunnel->name); |
3590 |
+ err = 0; |
3591 |
+ break; |
3592 |
+@@ -1276,7 +1326,7 @@ static int pppol2tp_tunnel_setsockopt(struct sock *sk, |
3593 |
+ switch (optname) { |
3594 |
+ case PPPOL2TP_SO_DEBUG: |
3595 |
+ tunnel->debug = val; |
3596 |
+- l2tp_info(tunnel, PPPOL2TP_MSG_CONTROL, "%s: set debug=%x\n", |
3597 |
++ l2tp_info(tunnel, L2TP_MSG_CONTROL, "%s: set debug=%x\n", |
3598 |
+ tunnel->name, tunnel->debug); |
3599 |
+ break; |
3600 |
+ |
3601 |
+@@ -1295,7 +1345,6 @@ static int pppol2tp_session_setsockopt(struct sock *sk, |
3602 |
+ int optname, int val) |
3603 |
+ { |
3604 |
+ int err = 0; |
3605 |
+- struct pppol2tp_session *ps = l2tp_session_priv(session); |
3606 |
+ |
3607 |
+ switch (optname) { |
3608 |
+ case PPPOL2TP_SO_RECVSEQ: |
3609 |
+@@ -1304,7 +1353,7 @@ static int pppol2tp_session_setsockopt(struct sock *sk, |
3610 |
+ break; |
3611 |
+ } |
3612 |
+ session->recv_seq = val ? -1 : 0; |
3613 |
+- l2tp_info(session, PPPOL2TP_MSG_CONTROL, |
3614 |
++ l2tp_info(session, L2TP_MSG_CONTROL, |
3615 |
+ "%s: set recv_seq=%d\n", |
3616 |
+ session->name, session->recv_seq); |
3617 |
+ break; |
3618 |
+@@ -1316,13 +1365,13 @@ static int pppol2tp_session_setsockopt(struct sock *sk, |
3619 |
+ } |
3620 |
+ session->send_seq = val ? -1 : 0; |
3621 |
+ { |
3622 |
+- struct sock *ssk = ps->sock; |
3623 |
+- struct pppox_sock *po = pppox_sk(ssk); |
3624 |
++ struct pppox_sock *po = pppox_sk(sk); |
3625 |
++ |
3626 |
+ po->chan.hdrlen = val ? PPPOL2TP_L2TP_HDR_SIZE_SEQ : |
3627 |
+ PPPOL2TP_L2TP_HDR_SIZE_NOSEQ; |
3628 |
+ } |
3629 |
+ l2tp_session_set_header_len(session, session->tunnel->version); |
3630 |
+- l2tp_info(session, PPPOL2TP_MSG_CONTROL, |
3631 |
++ l2tp_info(session, L2TP_MSG_CONTROL, |
3632 |
+ "%s: set send_seq=%d\n", |
3633 |
+ session->name, session->send_seq); |
3634 |
+ break; |
3635 |
+@@ -1333,20 +1382,20 @@ static int pppol2tp_session_setsockopt(struct sock *sk, |
3636 |
+ break; |
3637 |
+ } |
3638 |
+ session->lns_mode = val ? -1 : 0; |
3639 |
+- l2tp_info(session, PPPOL2TP_MSG_CONTROL, |
3640 |
++ l2tp_info(session, L2TP_MSG_CONTROL, |
3641 |
+ "%s: set lns_mode=%d\n", |
3642 |
+ session->name, session->lns_mode); |
3643 |
+ break; |
3644 |
+ |
3645 |
+ case PPPOL2TP_SO_DEBUG: |
3646 |
+ session->debug = val; |
3647 |
+- l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: set debug=%x\n", |
3648 |
++ l2tp_info(session, L2TP_MSG_CONTROL, "%s: set debug=%x\n", |
3649 |
+ session->name, session->debug); |
3650 |
+ break; |
3651 |
+ |
3652 |
+ case PPPOL2TP_SO_REORDERTO: |
3653 |
+ session->reorder_timeout = msecs_to_jiffies(val); |
3654 |
+- l2tp_info(session, PPPOL2TP_MSG_CONTROL, |
3655 |
++ l2tp_info(session, L2TP_MSG_CONTROL, |
3656 |
+ "%s: set reorder_timeout=%d\n", |
3657 |
+ session->name, session->reorder_timeout); |
3658 |
+ break; |
3659 |
+@@ -1427,7 +1476,7 @@ static int pppol2tp_tunnel_getsockopt(struct sock *sk, |
3660 |
+ switch (optname) { |
3661 |
+ case PPPOL2TP_SO_DEBUG: |
3662 |
+ *val = tunnel->debug; |
3663 |
+- l2tp_info(tunnel, PPPOL2TP_MSG_CONTROL, "%s: get debug=%x\n", |
3664 |
++ l2tp_info(tunnel, L2TP_MSG_CONTROL, "%s: get debug=%x\n", |
3665 |
+ tunnel->name, tunnel->debug); |
3666 |
+ break; |
3667 |
+ |
3668 |
+@@ -1450,31 +1499,31 @@ static int pppol2tp_session_getsockopt(struct sock *sk, |
3669 |
+ switch (optname) { |
3670 |
+ case PPPOL2TP_SO_RECVSEQ: |
3671 |
+ *val = session->recv_seq; |
3672 |
+- l2tp_info(session, PPPOL2TP_MSG_CONTROL, |
3673 |
++ l2tp_info(session, L2TP_MSG_CONTROL, |
3674 |
+ "%s: get recv_seq=%d\n", session->name, *val); |
3675 |
+ break; |
3676 |
+ |
3677 |
+ case PPPOL2TP_SO_SENDSEQ: |
3678 |
+ *val = session->send_seq; |
3679 |
+- l2tp_info(session, PPPOL2TP_MSG_CONTROL, |
3680 |
++ l2tp_info(session, L2TP_MSG_CONTROL, |
3681 |
+ "%s: get send_seq=%d\n", session->name, *val); |
3682 |
+ break; |
3683 |
+ |
3684 |
+ case PPPOL2TP_SO_LNSMODE: |
3685 |
+ *val = session->lns_mode; |
3686 |
+- l2tp_info(session, PPPOL2TP_MSG_CONTROL, |
3687 |
++ l2tp_info(session, L2TP_MSG_CONTROL, |
3688 |
+ "%s: get lns_mode=%d\n", session->name, *val); |
3689 |
+ break; |
3690 |
+ |
3691 |
+ case PPPOL2TP_SO_DEBUG: |
3692 |
+ *val = session->debug; |
3693 |
+- l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: get debug=%d\n", |
3694 |
++ l2tp_info(session, L2TP_MSG_CONTROL, "%s: get debug=%d\n", |
3695 |
+ session->name, *val); |
3696 |
+ break; |
3697 |
+ |
3698 |
+ case PPPOL2TP_SO_REORDERTO: |
3699 |
+ *val = (int) jiffies_to_msecs(session->reorder_timeout); |
3700 |
+- l2tp_info(session, PPPOL2TP_MSG_CONTROL, |
3701 |
++ l2tp_info(session, L2TP_MSG_CONTROL, |
3702 |
+ "%s: get reorder_timeout=%d\n", session->name, *val); |
3703 |
+ break; |
3704 |
+ |
3705 |
+@@ -1653,8 +1702,9 @@ static void pppol2tp_seq_session_show(struct seq_file *m, void *v) |
3706 |
+ { |
3707 |
+ struct l2tp_session *session = v; |
3708 |
+ struct l2tp_tunnel *tunnel = session->tunnel; |
3709 |
+- struct pppol2tp_session *ps = l2tp_session_priv(session); |
3710 |
+- struct pppox_sock *po = pppox_sk(ps->sock); |
3711 |
++ unsigned char state; |
3712 |
++ char user_data_ok; |
3713 |
++ struct sock *sk; |
3714 |
+ u32 ip = 0; |
3715 |
+ u16 port = 0; |
3716 |
+ |
3717 |
+@@ -1664,6 +1714,15 @@ static void pppol2tp_seq_session_show(struct seq_file *m, void *v) |
3718 |
+ port = ntohs(inet->inet_sport); |
3719 |
+ } |
3720 |
+ |
3721 |
++ sk = pppol2tp_session_get_sock(session); |
3722 |
++ if (sk) { |
3723 |
++ state = sk->sk_state; |
3724 |
++ user_data_ok = (session == sk->sk_user_data) ? 'Y' : 'N'; |
3725 |
++ } else { |
3726 |
++ state = 0; |
3727 |
++ user_data_ok = 'N'; |
3728 |
++ } |
3729 |
++ |
3730 |
+ seq_printf(m, " SESSION '%s' %08X/%d %04X/%04X -> " |
3731 |
+ "%04X/%04X %d %c\n", |
3732 |
+ session->name, ip, port, |
3733 |
+@@ -1671,9 +1730,7 @@ static void pppol2tp_seq_session_show(struct seq_file *m, void *v) |
3734 |
+ session->session_id, |
3735 |
+ tunnel->peer_tunnel_id, |
3736 |
+ session->peer_session_id, |
3737 |
+- ps->sock->sk_state, |
3738 |
+- (session == ps->sock->sk_user_data) ? |
3739 |
+- 'Y' : 'N'); |
3740 |
++ state, user_data_ok); |
3741 |
+ seq_printf(m, " %d/%d/%c/%c/%s %08x %u\n", |
3742 |
+ session->mtu, session->mru, |
3743 |
+ session->recv_seq ? 'R' : '-', |
3744 |
+@@ -1690,8 +1747,12 @@ static void pppol2tp_seq_session_show(struct seq_file *m, void *v) |
3745 |
+ atomic_long_read(&session->stats.rx_bytes), |
3746 |
+ atomic_long_read(&session->stats.rx_errors)); |
3747 |
+ |
3748 |
+- if (po) |
3749 |
++ if (sk) { |
3750 |
++ struct pppox_sock *po = pppox_sk(sk); |
3751 |
++ |
3752 |
+ seq_printf(m, " interface %s\n", ppp_dev_name(&po->chan)); |
3753 |
++ sock_put(sk); |
3754 |
++ } |
3755 |
+ } |
3756 |
+ |
3757 |
+ static int pppol2tp_seq_show(struct seq_file *m, void *v) |
3758 |
+diff --git a/net/socket.c b/net/socket.c |
3759 |
+index 15bdba4211ad..88086d18c208 100644 |
3760 |
+--- a/net/socket.c |
3761 |
++++ b/net/socket.c |
3762 |
+@@ -3304,3 +3304,49 @@ int kernel_sock_shutdown(struct socket *sock, enum sock_shutdown_cmd how) |
3763 |
+ return sock->ops->shutdown(sock, how); |
3764 |
+ } |
3765 |
+ EXPORT_SYMBOL(kernel_sock_shutdown); |
3766 |
++ |
3767 |
++/* This routine returns the IP overhead imposed by a socket i.e. |
3768 |
++ * the length of the underlying IP header, depending on whether |
3769 |
++ * this is an IPv4 or IPv6 socket and the length from IP options turned |
3770 |
++ * on at the socket. Assumes that the caller has a lock on the socket. |
3771 |
++ */ |
3772 |
++u32 kernel_sock_ip_overhead(struct sock *sk) |
3773 |
++{ |
3774 |
++ struct inet_sock *inet; |
3775 |
++ struct ip_options_rcu *opt; |
3776 |
++ u32 overhead = 0; |
3777 |
++ bool owned_by_user; |
3778 |
++#if IS_ENABLED(CONFIG_IPV6) |
3779 |
++ struct ipv6_pinfo *np; |
3780 |
++ struct ipv6_txoptions *optv6 = NULL; |
3781 |
++#endif /* IS_ENABLED(CONFIG_IPV6) */ |
3782 |
++ |
3783 |
++ if (!sk) |
3784 |
++ return overhead; |
3785 |
++ |
3786 |
++ owned_by_user = sock_owned_by_user(sk); |
3787 |
++ switch (sk->sk_family) { |
3788 |
++ case AF_INET: |
3789 |
++ inet = inet_sk(sk); |
3790 |
++ overhead += sizeof(struct iphdr); |
3791 |
++ opt = rcu_dereference_protected(inet->inet_opt, |
3792 |
++ owned_by_user); |
3793 |
++ if (opt) |
3794 |
++ overhead += opt->opt.optlen; |
3795 |
++ return overhead; |
3796 |
++#if IS_ENABLED(CONFIG_IPV6) |
3797 |
++ case AF_INET6: |
3798 |
++ np = inet6_sk(sk); |
3799 |
++ overhead += sizeof(struct ipv6hdr); |
3800 |
++ if (np) |
3801 |
++ optv6 = rcu_dereference_protected(np->opt, |
3802 |
++ owned_by_user); |
3803 |
++ if (optv6) |
3804 |
++ overhead += (optv6->opt_flen + optv6->opt_nflen); |
3805 |
++ return overhead; |
3806 |
++#endif /* IS_ENABLED(CONFIG_IPV6) */ |
3807 |
++ default: /* Returns 0 overhead if the socket is not ipv4 or ipv6 */ |
3808 |
++ return overhead; |
3809 |
++ } |
3810 |
++} |
3811 |
++EXPORT_SYMBOL(kernel_sock_ip_overhead); |
3812 |
+diff --git a/security/integrity/evm/evm_crypto.c b/security/integrity/evm/evm_crypto.c |
3813 |
+index 461f8d891579..44352b0b7510 100644 |
3814 |
+--- a/security/integrity/evm/evm_crypto.c |
3815 |
++++ b/security/integrity/evm/evm_crypto.c |
3816 |
+@@ -47,7 +47,7 @@ static struct shash_desc *init_desc(char type) |
3817 |
+ algo = evm_hash; |
3818 |
+ } |
3819 |
+ |
3820 |
+- if (*tfm == NULL) { |
3821 |
++ if (IS_ERR_OR_NULL(*tfm)) { |
3822 |
+ mutex_lock(&mutex); |
3823 |
+ if (*tfm) |
3824 |
+ goto out; |
3825 |
+diff --git a/sound/core/pcm_lib.c b/sound/core/pcm_lib.c |
3826 |
+index 950730709d28..ab8846e7e8ff 100644 |
3827 |
+--- a/sound/core/pcm_lib.c |
3828 |
++++ b/sound/core/pcm_lib.c |
3829 |
+@@ -456,6 +456,7 @@ static int snd_pcm_update_hw_ptr0(struct snd_pcm_substream *substream, |
3830 |
+ |
3831 |
+ no_delta_check: |
3832 |
+ if (runtime->status->hw_ptr == new_hw_ptr) { |
3833 |
++ runtime->hw_ptr_jiffies = curr_jiffies; |
3834 |
+ update_audio_tstamp(substream, &curr_tstamp, &audio_tstamp); |
3835 |
+ return 0; |
3836 |
+ } |