lisa/android_kernel_xiaomi_sm8350
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
a0e90ad8ce
android_kernel_xiaomi_sm8350/net/ipv6/tcp_ipv6.c
Michael Bestas a8a0447e0d
Merge tag 'ASB-2023-06-05_11-5.4' of https://android.googlesource.com/kernel/common into android13-5.4-lahaina 
https://source.android.com/docs/security/bulletin/2023-06-01

* tag 'ASB-2023-06-05_11-5.4' of https://android.googlesource.com/kernel/common:
  UPSTREAM: io_uring: have io_kill_timeout() honor the request references
  UPSTREAM: io_uring: don't drop completion lock before timer is fully initialized
  UPSTREAM: io_uring: always grab lock in io_cancel_async_work()
  UPSTREAM: net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize
  UPSTREAM: cdc_ncm: Fix the build warning
  UPSTREAM: cdc_ncm: Implement the 32-bit version of NCM Transfer Block
  UPSTREAM: ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum
  UPSTREAM: ext4: fix invalid free tracking in ext4_xattr_move_to_block()
  Revert "Revert "mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse""
  FROMLIST: binder: fix UAF caused by faulty buffer cleanup
  Linux 5.4.242
  ASN.1: Fix check for strdup() success
  iio: adc: at91-sama5d2_adc: fix an error code in at91_adc_allocate_trigger()
  pwm: meson: Explicitly set .polarity in .get_state()
  xfs: fix forkoff miscalculation related to XFS_LITINO(mp)
  sctp: Call inet6_destroy_sock() via sk->sk_destruct().
  dccp: Call inet6_destroy_sock() via sk->sk_destruct().
  inet6: Remove inet6_destroy_sock() in sk->sk_prot->destroy().
  tcp/udp: Call inet6_destroy_sock() in IPv6 sk->sk_destruct().
  udp: Call inet6_destroy_sock() in setsockopt(IPV6_ADDRFORM).
  ext4: fix use-after-free in ext4_xattr_set_entry
  ext4: remove duplicate definition of ext4_xattr_ibody_inline_set()
  Revert "ext4: fix use-after-free in ext4_xattr_set_entry"
  x86/purgatory: Don't generate debug info for purgatory.ro
  MIPS: Define RUNTIME_DISCARD_EXIT in LD script
  mmc: sdhci_am654: Set HIGH_SPEED_ENA for SDR12 and SDR25
  memstick: fix memory leak if card device is never registered
  nilfs2: initialize unused bytes in segment summary blocks
  iio: light: tsl2772: fix reading proximity-diodes from device tree
  xen/netback: use same error messages for same errors
  nvme-tcp: fix a possible UAF when failing to allocate an io queue
  s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling
  net: dsa: b53: mmap: add phy ops
  scsi: core: Improve scsi_vpd_inquiry() checks
  scsi: megaraid_sas: Fix fw_crash_buffer_show()
  selftests: sigaltstack: fix -Wuninitialized
  Input: i8042 - add quirk for Fujitsu Lifebook A574/H
  f2fs: Fix f2fs_truncate_partial_nodes ftrace event
  e1000e: Disable TSO on i219-LM card to increase speed
  bpf: Fix incorrect verifier pruning due to missing register precision taints
  mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next()
  i40e: fix i40e_setup_misc_vector() error handling
  i40e: fix accessing vsi->active_filters without holding lock
  netfilter: nf_tables: fix ifdef to also consider nf_tables=m
  virtio_net: bugfix overflow inside xdp_linearize_page()
  net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg
  regulator: fan53555: Explicitly include bits header
  netfilter: br_netfilter: fix recent physdev match breakage
  arm64: dts: meson-g12-common: specify full DMC range
  ARM: dts: rockchip: fix a typo error for rk3288 spdif node
  Linux 5.4.241
  xfs: force log and push AIL to clear pinned inodes when aborting mount
  xfs: don't reuse busy extents on extent trim
  xfs: consider shutdown in bmapbt cursor delete assert
  xfs: shut down the filesystem if we screw up quota reservation
  xfs: report corruption only as a regular error
  xfs: set inode size after creating symlink
  xfs: fix up non-directory creation in SGID directories
  xfs: remove the di_version field from struct icdinode
  xfs: simplify a check in xfs_ioctl_setattr_check_cowextsize
  xfs: simplify di_flags2 inheritance in xfs_ialloc
  xfs: only check the superblock version for dinode size calculation
  xfs: add a new xfs_sb_version_has_v3inode helper
  xfs: remove the kuid/kgid conversion wrappers
  xfs: remove the icdinode di_uid/di_gid members
  xfs: ensure that the inode uid/gid match values match the icdinode ones
  xfs: merge the projid fields in struct xfs_icdinode
  xfs: show the proper user quota options
  coresight-etm4: Fix for() loop drvdata->nr_addr_cmp range bug
  watchdog: sbsa_wdog: Make sure the timeout programming is within the limits
  i2c: ocores: generate stop condition after timeout in polling mode
  ubi: Fix deadlock caused by recursively holding work_sem
  mtd: ubi: wl: Fix a couple of kernel-doc issues
  ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size
  asymmetric_keys: log on fatal failures in PE/pkcs7
  verify_pefile: relax wrapper length check
  drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Book X90F
  efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L
  i2c: imx-lpi2c: clean rx/tx buffers upon new message
  power: supply: cros_usbpd: reclassify "default case!" as debug
  net: macb: fix a memory corruption in extended buffer descriptor mode
  udp6: fix potential access to stale information
  RDMA/core: Fix GID entry ref leak when create_ah fails
  sctp: fix a potential overflow in sctp_ifwdtsn_skip
  qlcnic: check pci_reset_function result
  niu: Fix missing unwind goto in niu_alloc_channels()
  9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race condition
  mtd: rawnand: stm32_fmc2: remove unsupported EDO mode
  mtd: rawnand: meson: fix bitmask for length in command word
  mtdblock: tolerate corrected bit-flips
  btrfs: fix fast csum implementation detection
  btrfs: print checksum type and implementation at mount time
  Bluetooth: Fix race condition in hidp_session_thread
  Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp}
  ALSA: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards
  ALSA: firewire-tascam: add missing unwind goto in snd_tscm_stream_start_duplex()
  ALSA: i2c/cs8427: fix iec958 mixer control deactivation
  ALSA: hda/sigmatel: add pin overrides for Intel DP45SG motherboard
  ALSA: emu10k1: fix capture interrupt handler unlinking
  Revert "pinctrl: amd: Disable and mask interrupts on resume"
  irqdomain: Fix mapping-creation race
  irqdomain: Refactor __irq_domain_alloc_irqs()
  irqdomain: Look for existing mapping only once
  mm/swap: fix swap_info_struct race between swapoff and get_swap_pages()
  ring-buffer: Fix race while reader and writer are on the same page
  drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path
  net_sched: prevent NULL dereference if default qdisc setup failed
  tracing: Free error logs of tracing instances
  can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access
  ftrace: Mark get_lock_parent_ip() __always_inline
  perf/core: Fix the same task check in perf_event_set_output
  ALSA: hda/realtek: Add quirk for Clevo X370SNW
  nilfs2: fix sysfs interface lifetime
  nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread()
  tty: serial: fsl_lpuart: avoid checking for transfer complete when UARTCTRL_SBK is asserted in lpuart32_tx_empty
  tty: serial: sh-sci: Fix Rx on RZ/G2L SCI
  tty: serial: sh-sci: Fix transmit end interrupt handler
  iio: dac: cio-dac: Fix max DAC write value check for 12-bit
  iio: adc: ti-ads7950: Set `can_sleep` flag for GPIO chip
  USB: serial: option: add Quectel RM500U-CN modem
  USB: serial: option: add Telit FE990 compositions
  usb: typec: altmodes/displayport: Fix configure initial pin assignment
  USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs
  xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu
  NFSD: callback request does not use correct credential for AUTH_SYS
  sunrpc: only free unix grouplist after RCU settles
  gpio: davinci: Add irq chip flag to skip set wake
  ipv6: Fix an uninit variable access bug in __ip6_make_skb()
  sctp: check send stream number after wait_for_sndbuf
  net: don't let netpoll invoke NAPI if in xmit context
  icmp: guard against too small mtu
  wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta
  pwm: sprd: Explicitly set .polarity in .get_state()
  pwm: cros-ec: Explicitly set .polarity in .get_state()
  pinctrl: amd: Disable and mask interrupts on resume
  pinctrl: amd: disable and mask interrupts on probe
  pinctrl: amd: Use irqchip template
  smb3: fix problem with null cifs super block with previous patch
  treewide: Replace DECLARE_TASKLET() with DECLARE_TASKLET_OLD()
  Revert "treewide: Replace DECLARE_TASKLET() with DECLARE_TASKLET_OLD()"
  cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach()
  x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X state in D3hot
  scsi: ses: Handle enclosure with just a primary component gracefully
  Linux 5.4.240
  gfs2: Always check inode size of inline inodes
  firmware: arm_scmi: Fix device node validation for mailbox transport
  net: sched: fix race condition in qdisc_graft()
  net_sched: add __rcu annotation to netdev->qdisc
  ext4: fix kernel BUG in 'ext4_write_inline_data_end()'
  btrfs: scan device in non-exclusive mode
  s390/uaccess: add missing earlyclobber annotations to __clear_user()
  drm/etnaviv: fix reference leak when mmaping imported buffer
  ALSA: usb-audio: Fix regression on detection of Roland VS-100
  ALSA: hda/conexant: Partial revert of a quirk for Lenovo
  NFSv4: Fix hangs when recovering open state after a server reboot
  pinctrl: at91-pio4: fix domain name assignment
  xen/netback: don't do grant copy across page boundary
  Input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report DMI table
  cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL
  cifs: prevent infinite recursion in CIFSGetDFSRefer()
  Input: focaltech - use explicitly signed char type
  Input: alps - fix compatibility with -funsigned-char
  pinctrl: ocelot: Fix alt mode for ocelot
  net: mvneta: make tx buffer array agnostic
  net: dsa: mv88e6xxx: Enable IGMP snooping on user ports only
  bnxt_en: Fix typo in PCI id to device description string mapping
  i40e: fix registers dump after run ethtool adapter self test
  s390/vfio-ap: fix memory leak in vfio_ap device driver
  can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write
  net/net_failover: fix txq exceeding warning
  regulator: Handle deferred clk
  regulator: fix spelling mistake "Cant" -> "Can't"
  ptp_qoriq: fix memory leak in probe()
  scsi: megaraid_sas: Fix crash after a double completion
  mtd: rawnand: meson: invalidate cache on polling ECC bit
  mips: bmips: BCM6358: disable RAC flush for TP1
  dma-mapping: drop the dev argument to arch_sync_dma_for_*
  ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx()
  fbdev: au1200fb: Fix potential divide by zero
  fbdev: lxfb: Fix potential divide by zero
  fbdev: intelfb: Fix potential divide by zero
  fbdev: nvidia: Fix potential divide by zero
  sched_getaffinity: don't assume 'cpumask_size()' is fully initialized
  fbdev: tgafb: Fix potential divide by zero
  ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set()
  ALSA: asihpi: check pao in control_message()
  md: avoid signed overflow in slot_store()
  bus: imx-weim: fix branch condition evaluates to a garbage value
  fsverity: don't drop pagecache at end of FS_IOC_ENABLE_VERITY
  ocfs2: fix data corruption after failed write
  tun: avoid double free in tun_free_netdev
  sched/fair: Sanitize vruntime of entity being migrated
  sched/fair: sanitize vruntime of entity being placed
  dm crypt: add cond_resched() to dmcrypt_write()
  dm stats: check for and propagate alloc_percpu failure
  i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer()
  nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy()
  wifi: mac80211: fix qos on mesh interfaces
  usb: chipidea: core: fix possible concurrent when switch role
  usb: chipdea: core: fix return -EINVAL if request role is the same with current role
  usb: cdns3: Fix issue with using incorrect PCI device function
  dm thin: fix deadlock when swapping to thin device
  igb: revert rtnl_lock() that causes deadlock
  fsverity: Remove WQ_UNBOUND from fsverity read workqueue
  usb: gadget: u_audio: don't let userspace block driver unbind
  scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR
  cifs: empty interface list when server doesn't support query interfaces
  sh: sanitize the flags on sigreturn
  net: usb: qmi_wwan: add Telit 0x1080 composition
  net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990
  scsi: lpfc: Avoid usage of list iterator variable after loop
  scsi: ufs: core: Add soft dependency on governor_simpleondemand
  scsi: target: iscsi: Fix an error message in iscsi_check_key()
  selftests/bpf: check that modifier resolves after pointer
  m68k: Only force 030 bus error if PC not in exception table
  ca8210: fix mac_len negative array access
  riscv: Bump COMMAND_LINE_SIZE value to 1024
  thunderbolt: Use const qualifier for `ring_interrupt_index`
  uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2
  scsi: qla2xxx: Perform lockless command completion in abort path
  hwmon (it87): Fix voltage scaling for chips with 10.9mV ADCs
  platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl
  Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work
  Bluetooth: btqcomsmd: Fix command timeout after setting BD address
  net: mdio: thunder: Add missing fwnode_handle_put()
  hvc/xen: prevent concurrent accesses to the shared ring
  nvme-tcp: fix nvme_tcp_term_pdu to match spec
  net/sonic: use dma_mapping_error() for error check
  erspan: do not use skb_mac_header() in ndo_start_xmit()
  atm: idt77252: fix kmemleak when rmmod idt77252
  net/mlx5: Read the TC mapping of all priorities on ETS query
  bpf: Adjust insufficient default bpf_jit_limit
  keys: Do not cache key in task struct if key is requested from kernel thread
  net/ps3_gelic_net: Use dma_mapping_error
  net/ps3_gelic_net: Fix RX sk_buff length
  net: qcom/emac: Fix use after free bug in emac_remove due to race condition
  xirc2ps_cs: Fix use after free bug in xirc2ps_detach
  qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info
  net: usb: smsc95xx: Limit packet length to skb->len
  scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate()
  i2c: imx-lpi2c: check only for enabled interrupt flags
  igbvf: Regard vf reset nack as success
  intel/igbvf: free irq on the error path in igbvf_request_msix()
  iavf: fix non-tunneled IPv6 UDP packet type and hashing
  iavf: fix inverted Rx hash condition leading to disabled hash
  power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition
  net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf()
  Linux 5.4.239
  selftests: Fix the executable permissions for fib_tests.sh
  BACKPORT: mac80211_hwsim: notify wmediumd of used MAC addresses
  FROMGIT: mac80211_hwsim: add concurrent channels scanning support over virtio
  Revert "HID: core: Provide new max_buffer_size attribute to over-ride the default"
  Revert "HID: uhid: Over-ride the default maximum data buffer value with our own"
  Linux 5.4.238
  HID: uhid: Over-ride the default maximum data buffer value with our own
  HID: core: Provide new max_buffer_size attribute to over-ride the default
  PCI: Unify delay handling for reset and resume
  s390/ipl: add missing intersection check to ipl_report handling
  serial: 8250_em: Fix UART port type
  drm/i915: Don't use stolen memory for ring buffers with LLC
  x86/mm: Fix use of uninitialized buffer in sme_enable()
  fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks
  ftrace: Fix invalid address access in lookup_rec() when index is 0
  KVM: nVMX: add missing consistency checks for CR0 and CR4
  tracing: Make tracepoint lockdep check actually test something
  tracing: Check field value in hist_field_name()
  interconnect: fix mem leak when freeing nodes
  tty: serial: fsl_lpuart: skip waiting for transmission complete when UARTCTRL_SBK is asserted
  ext4: fix possible double unlock when moving a directory
  sh: intc: Avoid spurious sizeof-pointer-div warning
  drm/amdkfd: Fix an illegal memory access
  ext4: fix task hung in ext4_xattr_delete_inode
  ext4: fail ext4_iget if special inode unallocated
  jffs2: correct logic when creating a hole in jffs2_write_begin
  mmc: atmel-mci: fix race between stop command and start of next command
  media: m5mols: fix off-by-one loop termination error
  hwmon: (ina3221) return prober error code
  hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition
  hwmon: (adt7475) Fix masking of hysteresis registers
  hwmon: (adt7475) Display smoothing attributes in correct order
  ethernet: sun: add check for the mdesc_grab()
  net/iucv: Fix size of interrupt data
  net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull
  ipv4: Fix incorrect table ID in IOCTL path
  block: sunvdc: add check for mdesc_grab() returning NULL
  nvmet: avoid potential UAF in nvmet_req_complete()
  net: usb: smsc75xx: Limit packet length to skb->len
  nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition
  net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails
  net: tunnels: annotate lockless accesses to dev->needed_headroom
  qed/qed_dev: guard against a possible division by zero
  i40e: Fix kernel crash during reboot when adapter is in recovery mode
  ipvlan: Make skb->skb_iif track skb->dev for l3s mode
  nfc: pn533: initialize struct pn533_out_arg properly
  tcp: tcp_make_synack() can be called from process context
  scsi: core: Fix a procfs host directory removal regression
  scsi: core: Fix a comment in function scsi_host_dev_release()
  netfilter: nft_redir: correct value of inet type `.maxattrs`
  ALSA: hda: Match only Intel devices with CONTROLLER_IN_GPU()
  ALSA: hda: Add Intel DG2 PCI ID and HDMI codec vid
  ALSA: hda: Add Alderlake-S PCI ID and HDMI codec vid
  ALSA: hda - controller is in GPU on the DG1
  ALSA: hda - add Intel DG1 PCI and HDMI ids
  scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add()
  docs: Correct missing "d_" prefix for dentry_operations member d_weak_revalidate
  clk: HI655X: select REGMAP instead of depending on it
  drm/meson: fix 1px pink line on GXM when scaling video overlay
  cifs: Move the in_send statistic to __smb_send_rqst()
  drm/panfrost: Don't sync rpm suspension after mmu flushing
  xfrm: Allow transport-mode states with AF_UNSPEC selector
  ext4: fix cgroup writeback accounting with fs-layer encryption
  ANDROID: preserve CRC for __irq_domain_add()
  Revert "drm/exynos: Don't reset bridge->next"
  Revert "drm/bridge: Rename bridge helpers targeting a bridge chain"
  Revert "drm/bridge: Introduce drm_bridge_get_next_bridge()"
  Revert "drm: Initialize struct drm_crtc_state.no_vblank from device settings"
  Revert "drm/msm/mdp5: Add check for kzalloc"
  Linux 5.4.237
  s390/dasd: add missing discipline function
  UML: define RUNTIME_DISCARD_EXIT
  sh: define RUNTIME_DISCARD_EXIT
  s390: define RUNTIME_DISCARD_EXIT to fix link error with GNU ld < 2.36
  powerpc/vmlinux.lds: Don't discard .rela* for relocatable builds
  powerpc/vmlinux.lds: Define RUNTIME_DISCARD_EXIT
  arch: fix broken BuildID for arm64 and riscv
  x86, vmlinux.lds: Add RUNTIME_DISCARD_EXIT to generic DISCARDS
  drm/i915: Don't use BAR mappings for ring buffers with LLC
  ipmi:watchdog: Set panic count to proper value on a panic
  ipmi/watchdog: replace atomic_add() and atomic_sub()
  media: ov5640: Fix analogue gain control
  PCI: Add SolidRun vendor ID
  macintosh: windfarm: Use unsigned type for 1-bit bitfields
  alpha: fix R_ALPHA_LITERAL reloc for large modules
  MIPS: Fix a compilation issue
  ext4: Fix deadlock during directory rename
  riscv: Use READ_ONCE_NOCHECK in imprecise unwinding stack mode
  net/smc: fix fallback failed while sendmsg with fastopen
  scsi: megaraid_sas: Update max supported LD IDs to 240
  btf: fix resolving BTF_KIND_VAR after ARRAY, STRUCT, UNION, PTR
  netfilter: tproxy: fix deadlock due to missing BH disable
  bnxt_en: Avoid order-5 memory allocation for TPA data
  net: caif: Fix use-after-free in cfusbl_device_notify()
  net: lan78xx: fix accessing the LAN7800's internal phy specific registers from the MAC driver
  net: usb: lan78xx: Remove lots of set but unused 'ret' variables
  selftests: nft_nat: ensuring the listening side is up before starting the client
  ila: do not generate empty messages in ila_xlat_nl_cmd_get_mapping()
  nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties
  drm/msm/a5xx: fix setting of the CP_PREEMPT_ENABLE_LOCAL register
  ext4: Fix possible corruption when moving a directory
  scsi: core: Remove the /proc/scsi/${proc_name} directory earlier
  cifs: Fix uninitialized memory read in smb3_qfs_tcon()
  SMB3: Backup intent flag missing from some more ops
  iommu/vt-d: Fix PASID directory pointer coherency
  irqdomain: Fix domain registration race
  irqdomain: Change the type of 'size' in __irq_domain_add() to be consistent
  ipmi:ssif: Add a timer between request retries
  ipmi:ssif: Increase the message retry time
  ipmi:ssif: Remove rtc_us_timer
  ipmi:ssif: resend_msg() cannot fail
  ipmi:ssif: make ssif_i2c_send() void
  iommu/amd: Add a length limitation for the ivrs_acpihid command-line parameter
  iommu/amd: Fix ill-formed ivrs_ioapic, ivrs_hpet and ivrs_acpihid options
  iommu/amd: Add PCI segment support for ivrs_[ioapic/hpet/acpihid] commands
  nfc: change order inside nfc_se_io error path
  ext4: zero i_disksize when initializing the bootloader inode
  ext4: fix WARNING in ext4_update_inline_data
  ext4: move where set the MAY_INLINE_DATA flag is set
  ext4: fix another off-by-one fsmap error on 1k block filesystems
  ext4: fix RENAME_WHITEOUT handling for inline directories
  drm/connector: print max_requested_bpc in state debugfs
  x86/CPU/AMD: Disable XSAVES on AMD family 0x17
  fs: prevent out-of-bounds array speculation when closing a file descriptor
  Linux 5.4.236
  staging: rtl8192e: Remove call_usermodehelper starting RadioPower.sh
  staging: rtl8192e: Remove function ..dm_check_ac_dc_power calling a script
  wifi: cfg80211: Partial revert "wifi: cfg80211: Fix use after free for wext"
  Linux 5.4.235
  dt-bindings: rtc: sun6i-a31-rtc: Loosen the requirements on the clocks
  media: uvcvideo: Fix race condition with usb_kill_urb
  media: uvcvideo: Provide sync and async uvc_ctrl_status_event
  tcp: Fix listen() regression in 5.4.229.
  Bluetooth: hci_sock: purge socket queues in the destruct() callback
  x86/resctl: fix scheduler confusion with 'current'
  x86/resctrl: Apply READ_ONCE/WRITE_ONCE to task_struct.{rmid,closid}
  net: tls: avoid hanging tasks on the tx_lock
  phy: rockchip-typec: Fix unsigned comparison with less than zero
  PCI: Add ACS quirk for Wangxun NICs
  kernel/fail_function: fix memory leak with using debugfs_lookup()
  usb: uvc: Enumerate valid values for color matching
  USB: ene_usb6250: Allocate enough memory for full object
  usb: host: xhci: mvebu: Iterate over array indexes instead of using pointer math
  iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_config_word()
  iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_status_word()
  tools/iio/iio_utils:fix memory leak
  mei: bus-fixup:upon error print return values of send and receive
  tty: serial: fsl_lpuart: disable the CTS when send break signal
  tty: fix out-of-bounds access in tty_driver_lookup_tty()
  staging: emxx_udc: Add checks for dma_alloc_coherent()
  media: uvcvideo: Silence memcpy() run-time false positive warnings
  media: uvcvideo: Quirk for autosuspend in Logitech B910 and C910
  media: uvcvideo: Handle errors from calls to usb_string
  media: uvcvideo: Handle cameras with invalid descriptors
  mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt leak
  firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3
  tracing: Add NULL checks for buffer in ring_buffer_free_read_page()
  thermal: intel: BXT_PMIC: select REGMAP instead of depending on it
  thermal: intel: quark_dts: fix error pointer dereference
  scsi: ipr: Work around fortify-string warning
  rtc: sun6i: Always export the internal oscillator
  rtc: sun6i: Make external 32k oscillator optional
  vc_screen: modify vcs_size() handling in vcs_read()
  tcp: tcp_check_req() can be called from process context
  ARM: dts: spear320-hmi: correct STMPE GPIO compatible
  net/sched: act_sample: fix action bind logic
  nfc: fix memory leak of se_io context in nfc_genl_se_io
  net/mlx5: Geneve, Fix handling of Geneve object id as error code
  9p/rdma: unmap receive dma buffer in rdma_request()/post_recv()
  9p/xen: fix connection sequence
  9p/xen: fix version parsing
  net: fix __dev_kfree_skb_any() vs drop monitor
  sctp: add a refcnt in sctp_stream_priorities to avoid a nested loop
  ipv6: Add lwtunnel encap size of all siblings in nexthop calculation
  netfilter: ctnetlink: fix possible refcount leak in ctnetlink_create_conntrack()
  watchdog: pcwd_usb: Fix attempting to access uninitialized memory
  watchdog: Fix kmemleak in watchdog_cdev_register
  watchdog: at91sam9_wdt: use devm_request_irq to avoid missing free_irq() in error path
  x86: um: vdso: Add '%rcx' and '%r11' to the syscall clobber list
  ubi: ubi_wl_put_peb: Fix infinite loop when wear-leveling work failed
  ubi: Fix UAF wear-leveling entry in eraseblk_count_seq_show()
  ubifs: ubifs_writepage: Mark page dirty after writing inode failed
  ubifs: dirty_cow_znode: Fix memleak in error handling path
  ubifs: Re-statistic cleaned znode count if commit failed
  ubi: Fix possible null-ptr-deref in ubi_free_volume()
  ubifs: Fix memory leak in alloc_wbufs()
  ubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume()
  ubi: Fix use-after-free when volume resizing failed
  ubifs: Reserve one leb for each journal head while doing budget
  ubifs: do_rename: Fix wrong space budget when target inode's nlink > 1
  ubifs: Fix wrong dirty space budget for dirty inode
  ubifs: Rectify space budget for ubifs_xrename()
  ubifs: Rectify space budget for ubifs_symlink() if symlink is encrypted
  ubifs: Fix build errors as symbol undefined
  ubi: ensure that VID header offset + VID header size <= alloc, size
  um: vector: Fix memory leak in vector_config
  fs: f2fs: initialize fsdata in pagecache_write()
  f2fs: use memcpy_{to,from}_page() where possible
  pwm: stm32-lp: fix the check on arr and cmp registers update
  pwm: sifive: Always let the first pwm_apply_state succeed
  pwm: sifive: Reduce time the controller lock is held
  fs/jfs: fix shift exponent db_agl2size negative
  net/sched: Retire tcindex classifier
  kbuild: Port silent mode detection to future gnu make.
  wifi: ath9k: use proper statements in conditionals
  drm/radeon: Fix eDP for single-display iMac11,2
  drm/i915/quirks: Add inverted backlight quirk for HP 14-r206nv
  PCI: Avoid FLR for AMD FCH AHCI adapters
  PCI: hotplug: Allow marking devices as disconnected during bind/unbind
  PCI/PM: Observe reset delay irrespective of bridge_d3
  scsi: ses: Fix slab-out-of-bounds in ses_intf_remove()
  scsi: ses: Fix possible desc_ptr out-of-bounds accesses
  scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses
  scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process()
  scsi: ses: Don't attach if enclosure has no components
  scsi: qla2xxx: Fix erroneous link down
  scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests
  scsi: qla2xxx: Fix link failure in NPIV environment
  ktest.pl: Add RUN_TIMEOUT option with default unlimited
  ktest.pl: Fix missing "end_monitor" when machine check fails
  ktest.pl: Give back console on Ctrt^C on monitor
  mm/thp: check and bail out if page in deferred queue already
  mm: memcontrol: deprecate charge moving
  media: ipu3-cio2: Fix PM runtime usage_count in driver unbind
  mips: fix syscall_get_nr
  alpha: fix FEN fault handling
  rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails
  ARM: dts: exynos: correct TMU phandle in Odroid XU
  ARM: dts: exynos: correct TMU phandle in Exynos4
  dm flakey: don't corrupt the zero page
  dm flakey: fix logic when corrupting a bio
  thermal: intel: powerclamp: Fix cur_state for multi package system
  wifi: cfg80211: Fix use after free for wext
  wifi: rtl8xxxu: Use a longer retry limit of 48
  ext4: refuse to create ea block when umounted
  ext4: optimize ea_inode block expansion
  ALSA: hda/realtek: Add quirk for HP EliteDesk 800 G6 Tower PC
  ALSA: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls()
  irqdomain: Drop bogus fwspec-mapping error handling
  irqdomain: Fix disassociation race
  irqdomain: Fix association race
  ima: Align ima_file_mmap() parameters with mmap_file LSM hook
  Documentation/hw-vuln: Document the interaction between IBRS and STIBP
  x86/speculation: Allow enabling STIBP with legacy IBRS
  x86/microcode/AMD: Fix mixed steppings support
  x86/microcode/AMD: Add a @cpu parameter to the reloading functions
  x86/microcode/amd: Remove load_microcode_amd()'s bsp parameter
  x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe range
  x86/kprobes: Fix __recover_optprobed_insn check optimizing logic
  x86/reboot: Disable SVM, not just VMX, when stopping CPUs
  x86/reboot: Disable virtualization in an emergency if SVM is supported
  x86/crash: Disable virt in core NMI crash handler to avoid double shootdown
  x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows)
  KVM: s390: disable migration mode when dirty tracking is disabled
  KVM: Destroy target device if coalesced MMIO unregistration fails
  udf: Fix file corruption when appending just after end of preallocated extent
  udf: Detect system inodes linked into directory hierarchy
  udf: Preserve link count of system files
  udf: Do not update file length for failed writes to inline files
  udf: Do not bother merging very long extents
  udf: Truncate added extents on failed expansion
  ocfs2: fix non-auto defrag path not working issue
  ocfs2: fix defrag path triggering jbd2 ASSERT
  f2fs: fix cgroup writeback accounting with fs-layer encryption
  f2fs: fix information leak in f2fs_move_inline_dirents()
  fs: hfsplus: fix UAF issue in hfsplus_put_super
  hfs: fix missing hfs_bnode_get() in __hfs_bnode_create
  ARM: dts: exynos: correct HDMI phy compatible in Exynos4
  s390/kprobes: fix current_kprobe never cleared after kprobes reenter
  s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler
  s390: discard .interp section
  ipmi_ssif: Rename idle state and check
  rtc: pm8xxx: fix set-alarm race
  firmware: coreboot: framebuffer: Ignore reserved pixel color bits
  wifi: rtl8xxxu: fixing transmisison failure for rtl8192eu
  nfsd: zero out pointers after putting nfsd_files on COPY setup error
  dm cache: add cond_resched() to various workqueue loops
  dm thin: add cond_resched() to various workqueue loops
  drm: panel-orientation-quirks: Add quirk for Lenovo IdeaPad Duet 3 10IGL5
  pinctrl: at91: use devm_kasprintf() to avoid potential leaks
  hwmon: (coretemp) Simplify platform device handling
  regulator: s5m8767: Bounds check id indexing into arrays
  regulator: max77802: Bounds check regulator id against opmode
  ASoC: kirkwood: Iterate over array indexes instead of using pointer math
  docs/scripts/gdb: add necessary make scripts_gdb step
  drm/msm/dsi: Add missing check for alloc_ordered_workqueue
  drm/radeon: free iio for atombios when driver shutdown
  HID: Add Mapping for System Microphone Mute
  drm/omap: dsi: Fix excessive stack usage
  drm/amd/display: Fix potential null-deref in dm_resume
  uaccess: Add minimum bounds check on kernel buffer size
  coda: Avoid partial allocation of sig_inputArgs
  net/mlx5: fw_tracer: Fix debug print
  ACPI: video: Fix Lenovo Ideapad Z570 DMI match
  wifi: mt76: dma: free rx_head in mt76_dma_rx_cleanup
  m68k: Check syscall_trace_enter() return code
  net: bcmgenet: Add a check for oversized packets
  ACPI: Don't build ACPICA with '-Os'
  ice: add missing checks for PF vsi type
  inet: fix fast path in __inet_hash_connect()
  wifi: mt7601u: fix an integer underflow
  wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds
  x86/bugs: Reset speculation control settings on init
  timers: Prevent union confusion from unexpected restart_syscall()
  thermal: intel: Fix unsigned comparison with less than zero
  rcu: Suppress smp_processor_id() complaint in synchronize_rcu_expedited_wait()
  wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds()
  blk-iocost: fix divide by 0 error in calc_lcoefs()
  ARM: dts: exynos: Use Exynos5420 compatible for the MIPI video phy
  udf: Define EFSCORRUPTED error code
  rpmsg: glink: Avoid infinite loop on intent for missing channel
  media: usb: siano: Fix use after free bugs caused by do_submit_urb
  media: i2c: ov7670: 0 instead of -EINVAL was returned
  media: rc: Fix use-after-free bugs caused by ene_tx_irqsim()
  media: i2c: ov772x: Fix memleak in ov772x_probe()
  media: ov5675: Fix memleak in ov5675_init_controls()
  powerpc: Remove linker flag from KBUILD_AFLAGS
  media: platform: ti: Add missing check for devm_regulator_get
  remoteproc: qcom_q6v5_mss: Use a carveout to authenticate modem headers
  MIPS: vpe-mt: drop physical_memsize
  MIPS: SMP-CPS: fix build error when HOTPLUG_CPU not set
  powerpc/eeh: Set channel state after notifying the drivers
  powerpc/eeh: Small refactor of eeh_handle_normal_event()
  powerpc/rtas: ensure 4KB alignment for rtas_data_buf
  powerpc/rtas: make all exports GPL
  powerpc/pseries/lparcfg: add missing RTAS retry status handling
  powerpc/pseries/lpar: add missing RTAS retry status handling
  clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled()
  powerpc/powernv/ioda: Skip unallocated resources when mapping to PE
  clk: qcom: gpucc-sdm845: fix clk_dis_wait being programmed for CX GDSC
  Input: ads7846 - don't check penirq immediately for 7845
  Input: ads7846 - don't report pressure for ads7845
  clk: renesas: cpg-mssr: Remove superfluous check in resume code
  clk: renesas: cpg-mssr: Use enum clk_reg_layout instead of a boolean flag
  clk: renesas: cpg-mssr: Fix use after free if cpg_mssr_common_init() failed
  mtd: rawnand: sunxi: Fix the size of the last OOB region
  clk: qcom: gcc-qcs404: fix names of the DSI clocks used as parents
  clk: qcom: gcc-qcs404: disable gpll[04]_out_aux parents
  mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read()
  selftests/ftrace: Fix bash specific "==" operator
  sparc: allow PM configs for sparc32 COMPILE_TEST
  perf tools: Fix auto-complete on aarch64
  perf llvm: Fix inadvertent file creation
  gfs2: jdata writepage fix
  cifs: Fix warning and UAF when destroy the MR list
  cifs: Fix lost destroy smbd connection when MR allocate failed
  nfsd: fix race to check ls_layouts
  hid: bigben_probe(): validate report count
  HID: asus: Fix mute and touchpad-toggle keys on Medion Akoya E1239T
  HID: asus: Add support for multi-touch touchpad on Medion Akoya E1239T
  HID: asus: Add report_size to struct asus_touchpad_info
  HID: asus: Only set EV_REP if we are adding a mapping
  HID: bigben: use spinlock to safely schedule workers
  HID: bigben_worker() remove unneeded check on report_field
  HID: bigben: use spinlock to protect concurrent accesses
  ASoC: soc-dapm.h: fixup warning struct snd_pcm_substream not declared
  ASoC: dapm: declare missing structure prototypes
  spi: synquacer: Fix timeout handling in synquacer_spi_transfer_one()
  dm: remove flush_scheduled_work() during local_exit()
  hwmon: (mlxreg-fan) Return zero speed for broken fan
  spi: bcm63xx-hsspi: Fix multi-bit mode setting
  spi: bcm63xx-hsspi: fix pm_runtime
  scsi: aic94xx: Add missing check for dma_map_single()
  hwmon: (ltc2945) Handle error case in ltc2945_value_store
  gpio: vf610: connect GPIO label to dev name
  ASoC: soc-compress.c: fixup private_data on snd_soc_new_compress()
  drm/mediatek: Clean dangling pointer on bind error path
  drm/mediatek: Drop unbalanced obj unref
  drm/mediatek: Use NULL instead of 0 for NULL pointer
  drm/mediatek: remove cast to pointers passed to kfree
  gpu: host1x: Don't skip assigning syncpoints to channels
  drm/msm/mdp5: Add check for kzalloc
  drm: Initialize struct drm_crtc_state.no_vblank from device settings
  drm/bridge: Introduce drm_bridge_get_next_bridge()
  drm/bridge: Rename bridge helpers targeting a bridge chain
  drm/exynos: Don't reset bridge->next
  drm/msm/dpu: Add check for pstates
  drm/msm/dpu: Add check for cstate
  drm/msm: use strscpy instead of strncpy
  drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness
  ALSA: hda/ca0132: minor fix for allocation size
  ASoC: fsl_sai: initialize is_dsp_mode flag
  pinctrl: stm32: Fix refcount leak in stm32_pctrl_get_irq_domain
  drm/msm/hdmi: Add missing check for alloc_ordered_workqueue
  gpu: ipu-v3: common: Add of_node_put() for reference returned by of_graph_get_port_by_id()
  drm/vc4: dpi: Fix format mapping for RGB565
  drm/vc4: dpi: Add option for inverting pixel clock and output enable
  drm/bridge: megachips: Fix error handling in i2c_register_driver()
  drm: mxsfb: DRM_MXSFB should depend on ARCH_MXS || ARCH_MXC
  drm/fourcc: Add missing big-endian XRGB1555 and RGB565 formats
  selftest: fib_tests: Always cleanup before exit
  selftests/net: Interpret UDP_GRO cmsg data as an int value
  irqchip/irq-bcm7120-l2: Set IRQ_LEVEL for level triggered interrupts
  irqchip/irq-brcmstb-l2: Set IRQ_LEVEL for level triggered interrupts
  can: esd_usb: Move mislocated storage of SJA1000_ECC_SEG bits in case of a bus error
  thermal/drivers/hisi: Drop second sensor hi3660
  wifi: mac80211: make rate u32 in sta_set_rate_info_rx()
  crypto: crypto4xx - Call dma_unmap_page when done
  wifi: mwifiex: fix loop iterator in mwifiex_update_ampdu_txwinsize()
  wifi: iwl4965: Add missing check for create_singlethread_workqueue()
  wifi: iwl3945: Add missing check for create_singlethread_workqueue
  treewide: Replace DECLARE_TASKLET() with DECLARE_TASKLET_OLD()
  usb: gadget: udc: Avoid tasklet passing a global
  RISC-V: time: initialize hrtimer based broadcast clock event device
  m68k: /proc/hardware should depend on PROC_FS
  crypto: rsa-pkcs1pad - Use akcipher_request_complete
  rds: rds_rm_zerocopy_callback() correct order for list_add_tail()
  libbpf: Fix alen calculation in libbpf_nla_dump_errormsg()
  Bluetooth: L2CAP: Fix potential user-after-free
  OPP: fix error checking in opp_migrate_dentry()
  tap: tap_open(): correctly initialize socket uid
  tun: tun_chr_open(): correctly initialize socket uid
  net: add sock_init_data_uid()
  mptcp: add sk_stop_timer_sync helper
  irqchip/ti-sci: Fix refcount leak in ti_sci_intr_irq_domain_probe
  irqchip/irq-mvebu-gicp: Fix refcount leak in mvebu_gicp_probe
  irqchip/alpine-msi: Fix refcount leak in alpine_msix_init_domains
  net/mlx5: Enhance debug print in page allocation failure
  powercap: fix possible name leak in powercap_register_zone()
  crypto: seqiv - Handle EBUSY correctly
  crypto: essiv - Handle EBUSY correctly
  crypto: essiv - remove redundant null pointer check before kfree
  crypto: ccp - Failure on re-initialization due to duplicate sysfs filename
  ACPI: battery: Fix missing NUL-termination with large strings
  wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback()
  wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails
  ath9k: htc: clean up statistics macros
  ath9k: hif_usb: simplify if-if to if-else
  wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function
  wifi: orinoco: check return value of hermes_write_wordrec()
  ACPICA: nsrepair: handle cases without a return value correctly
  lib/mpi: Fix buffer overrun when SG is too long
  genirq: Fix the return type of kstat_cpu_irqs_sum()
  ACPICA: Drop port I/O validation for some regions
  crypto: x86/ghash - fix unaligned access in ghash_setkey()
  wifi: wl3501_cs: don't call kfree_skb() under spin_lock_irqsave()
  wifi: libertas: cmdresp: don't call kfree_skb() under spin_lock_irqsave()
  wifi: libertas: main: don't call kfree_skb() under spin_lock_irqsave()
  wifi: libertas: if_usb: don't call kfree_skb() under spin_lock_irqsave()
  wifi: libertas_tf: don't call kfree_skb() under spin_lock_irqsave()
  wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid()
  wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit()
  wifi: wilc1000: fix potential memory leak in wilc_mac_xmit()
  wilc1000: let wilc_mac_xmit() return NETDEV_TX_OK
  wifi: ipw2200: fix memory leak in ipw_wdev_init()
  wifi: ipw2x00: don't call dev_kfree_skb() under spin_lock_irqsave()
  ipw2x00: switch from 'pci_' to 'dma_' API
  wifi: rtlwifi: Fix global-out-of-bounds bug in _rtl8812ae_phy_set_txpower_limit()
  rtlwifi: fix -Wpointer-sign warning
  wifi: rtl8xxxu: don't call dev_kfree_skb() under spin_lock_irqsave()
  wifi: libertas: fix memory leak in lbs_init_adapter()
  wifi: iwlegacy: common: don't call dev_kfree_skb() under spin_lock_irqsave()
  net/wireless: Delete unnecessary checks before the macro call “dev_kfree_skb”
  wifi: rsi: Fix memory leak in rsi_coex_attach()
  block: bio-integrity: Copy flags when bio_integrity_payload is cloned
  sched/rt: pick_next_rt_entity(): check list_entry
  sched/deadline,rt: Remove unused parameter from pick_next_[rt|dl]_entity()
  s390/dasd: Fix potential memleak in dasd_eckd_init()
  s390/dasd: Prepare for additional path event handling
  blk-mq: correct stale comment of .get_budget
  blk-mq: wait on correct sbitmap_queue in blk_mq_mark_tag_wait
  blk-mq: remove stale comment for blk_mq_sched_mark_restart_hctx
  block: Limit number of items taken from the I/O scheduler in one go
  Revert "scsi: core: run queue if SCSI device queue isn't ready and queue is idle"
  arm64: dts: mediatek: mt7622: Add missing pwm-cells to pwm node
  ARM: dts: imx7s: correct iomuxc gpr mux controller cells
  arm64: dts: amlogic: meson-gxl-s905d-phicomm-n1: fix led node name
  arm64: dts: amlogic: meson-gxl: add missing unit address to eth-phy-mux node name
  arm64: dts: amlogic: meson-gx: add missing unit address to rng node name
  arm64: dts: amlogic: meson-gx: add missing SCPI sensors compatible
  arm64: dts: amlogic: meson-axg: fix SCPI clock dvfs node name
  arm64: dts: amlogic: meson-gx: fix SCPI clock dvfs node name
  ARM: imx: Call ida_simple_remove() for ida_simple_get
  ARM: dts: exynos: correct wr-active property in Exynos3250 Rinato
  ARM: OMAP1: call platform_device_put() in error case in omap1_dm_timer_init()
  arm64: dts: meson: remove CPU opps below 1GHz for G12A boards
  arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit address
  arm64: dts: meson-g12a: Fix internal Ethernet PHY unit name
  arm64: dts: meson-gx: Fix Ethernet MAC address unit name
  ARM: zynq: Fix refcount leak in zynq_early_slcr_init
  arm64: dts: qcom: qcs404: use symbol names for PCIe resets
  ARM: OMAP2+: Fix memory leak in realtime_counter_init()
  HID: asus: use spinlock to safely schedule workers
  HID: asus: use spinlock to protect concurrent accesses
  HID: asus: Remove check for same LED brightness on set
  Linux 5.4.234
  USB: core: Don't hold device lock while reading the "descriptors" sysfs file
  USB: serial: option: add support for VW/Skoda "Carstick LTE"
  dmaengine: sh: rcar-dmac: Check for error num after dma_set_max_seg_size
  vc_screen: don't clobber return value in vcs_read
  net: Remove WARN_ON_ONCE(sk->sk_forward_alloc) from sk_stream_kill_queues().
  bpf: bpf_fib_lookup should not return neigh in NUD_FAILED state
  HID: core: Fix deadloop in hid_apply_multiplier.
  neigh: make sure used and confirmed times are valid
  IB/hfi1: Assign npages earlier
  btrfs: send: limit number of clones and allocated memory size
  ACPI: NFIT: fix a potential deadlock during NFIT teardown
  ARM: dts: rockchip: add power-domains property to dp node on rk3288
  arm64: dts: rockchip: drop unused LED mode property from rk3328-roc-cc

 Conflicts:
	Documentation/devicetree/bindings/rtc/allwinner,sun6i-a31-rtc.yaml
	Documentation/devicetree/bindings~HEAD
	arch/arm/mm/dma-mapping.c
	drivers/clk/qcom/gcc-qcs404.c
	drivers/iommu/dma-iommu.c
	drivers/mtd/ubi/wl.c
	kernel/dma/direct.c

Change-Id: I804ccb5552f305c49ec17b323c6c933cc99e6d39
2023-06-08 12:00:01 +03:00

2153 lines
55 KiB
C
Raw Blame History

// SPDX-License-Identifier: GPL-2.0-or-later
/*
* TCP over IPv6
* Linux INET6 implementation
*
* Authors:
* Pedro Roque <roque@di.fc.ul.pt>
*
* Based on:
* linux/net/ipv4/tcp.c
* linux/net/ipv4/tcp_input.c
* linux/net/ipv4/tcp_output.c
*
* Fixes:
* Hideaki YOSHIFUJI : sin6_scope_id support
* YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which
* Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind
* a single port at the same time.
* YOSHIFUJI Hideaki @USAGI: convert /proc/net/tcp6 to seq_file.
*/
#include <linux/bottom_half.h>
#include <linux/module.h>
#include <linux/errno.h>
#include <linux/types.h>
#include <linux/socket.h>
#include <linux/sockios.h>
#include <linux/net.h>
#include <linux/jiffies.h>
#include <linux/in.h>
#include <linux/in6.h>
#include <linux/netdevice.h>
#include <linux/init.h>
#include <linux/jhash.h>
#include <linux/ipsec.h>
#include <linux/times.h>
#include <linux/slab.h>
#include <linux/uaccess.h>
#include <linux/ipv6.h>
#include <linux/icmpv6.h>
#include <linux/random.h>
#include <linux/indirect_call_wrapper.h>
#include <net/tcp.h>
#include <net/ndisc.h>
#include <net/inet6_hashtables.h>
#include <net/inet6_connection_sock.h>
#include <net/ipv6.h>
#include <net/transp_v6.h>
#include <net/addrconf.h>
#include <net/ip6_route.h>
#include <net/ip6_checksum.h>
#include <net/inet_ecn.h>
#include <net/protocol.h>
#include <net/xfrm.h>
#include <net/snmp.h>
#include <net/dsfield.h>
#include <net/timewait_sock.h>
#include <net/inet_common.h>
#include <net/secure_seq.h>
#include <net/busy_poll.h>
#include <linux/proc_fs.h>
#include <linux/seq_file.h>
#include <crypto/hash.h>
#include <linux/scatterlist.h>
#include <trace/events/tcp.h>
static void tcp_v6_send_reset(const struct sock *sk, struct sk_buff *skb);
static void tcp_v6_reqsk_send_ack(const struct sock *sk, struct sk_buff *skb,
struct request_sock *req);
static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb);
static const struct inet_connection_sock_af_ops ipv6_mapped;
static const struct inet_connection_sock_af_ops ipv6_specific;
#ifdef CONFIG_TCP_MD5SIG
static const struct tcp_sock_af_ops tcp_sock_ipv6_specific;
static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific;
#else
static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(const struct sock *sk,
const struct in6_addr *addr)
{
return NULL;
}
#endif
/* Helper returning the inet6 address from a given tcp socket.
* It can be used in TCP stack instead of inet6_sk(sk).
* This avoids a dereference and allow compiler optimizations.
* It is a specialized version of inet6_sk_generic().
*/
static struct ipv6_pinfo *tcp_inet6_sk(const struct sock *sk)
{
unsigned int offset = sizeof(struct tcp6_sock) - sizeof(struct ipv6_pinfo);
return (struct ipv6_pinfo *)(((u8 *)sk) + offset);
}
static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb)
{
struct dst_entry *dst = skb_dst(skb);
if (dst && dst_hold_safe(dst)) {
const struct rt6_info *rt = (const struct rt6_info *)dst;
rcu_assign_pointer(sk->sk_rx_dst, dst);
inet_sk(sk)->rx_dst_ifindex = skb->skb_iif;
tcp_inet6_sk(sk)->rx_dst_cookie = rt6_get_cookie(rt);
}
}
static u32 tcp_v6_init_seq(const struct sk_buff *skb)
{
return secure_tcpv6_seq(ipv6_hdr(skb)->daddr.s6_addr32,
ipv6_hdr(skb)->saddr.s6_addr32,
tcp_hdr(skb)->dest,
tcp_hdr(skb)->source);
}
static u32 tcp_v6_init_ts_off(const struct net *net, const struct sk_buff *skb)
{
return secure_tcpv6_ts_off(net, ipv6_hdr(skb)->daddr.s6_addr32,
ipv6_hdr(skb)->saddr.s6_addr32);
}
static int tcp_v6_pre_connect(struct sock *sk, struct sockaddr *uaddr,
int addr_len)
{
/* This check is replicated from tcp_v6_connect() and intended to
* prevent BPF program called below from accessing bytes that are out
* of the bound specified by user in addr_len.
*/
if (addr_len < SIN6_LEN_RFC2133)
return -EINVAL;
sock_owned_by_me(sk);
return BPF_CGROUP_RUN_PROG_INET6_CONNECT(sk, uaddr);
}
static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
int addr_len)
{
struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr;
struct inet_sock *inet = inet_sk(sk);
struct inet_connection_sock *icsk = inet_csk(sk);
struct ipv6_pinfo *np = tcp_inet6_sk(sk);
struct tcp_sock *tp = tcp_sk(sk);
struct in6_addr *saddr = NULL, *final_p, final;
struct ipv6_txoptions *opt;
struct flowi6 fl6;
struct dst_entry *dst;
int addr_type;
int err;
struct inet_timewait_death_row *tcp_death_row = &sock_net(sk)->ipv4.tcp_death_row;
if (addr_len < SIN6_LEN_RFC2133)
return -EINVAL;
if (usin->sin6_family != AF_INET6)
return -EAFNOSUPPORT;
memset(&fl6, 0, sizeof(fl6));
if (np->sndflow) {
fl6.flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK;
IP6_ECN_flow_init(fl6.flowlabel);
if (fl6.flowlabel&IPV6_FLOWLABEL_MASK) {
struct ip6_flowlabel *flowlabel;
flowlabel = fl6_sock_lookup(sk, fl6.flowlabel);
if (IS_ERR(flowlabel))
return -EINVAL;
fl6_sock_release(flowlabel);
}
}
/*
* connect() to INADDR_ANY means loopback (BSD'ism).
*/
if (ipv6_addr_any(&usin->sin6_addr)) {
if (ipv6_addr_v4mapped(&sk->sk_v6_rcv_saddr))
ipv6_addr_set_v4mapped(htonl(INADDR_LOOPBACK),
&usin->sin6_addr);
else
usin->sin6_addr = in6addr_loopback;
}
addr_type = ipv6_addr_type(&usin->sin6_addr);
if (addr_type & IPV6_ADDR_MULTICAST)
return -ENETUNREACH;
if (addr_type&IPV6_ADDR_LINKLOCAL) {
if (addr_len >= sizeof(struct sockaddr_in6) &&
usin->sin6_scope_id) {
/* If interface is set while binding, indices
* must coincide.
*/
if (!sk_dev_equal_l3scope(sk, usin->sin6_scope_id))
return -EINVAL;
sk->sk_bound_dev_if = usin->sin6_scope_id;
}
/* Connect to link-local address requires an interface */
if (!sk->sk_bound_dev_if)
return -EINVAL;
}
if (tp->rx_opt.ts_recent_stamp &&
!ipv6_addr_equal(&sk->sk_v6_daddr, &usin->sin6_addr)) {
tp->rx_opt.ts_recent = 0;
tp->rx_opt.ts_recent_stamp = 0;
WRITE_ONCE(tp->write_seq, 0);
}
sk->sk_v6_daddr = usin->sin6_addr;
np->flow_label = fl6.flowlabel;
/*
* TCP over IPv4
*/
if (addr_type & IPV6_ADDR_MAPPED) {
u32 exthdrlen = icsk->icsk_ext_hdr_len;
struct sockaddr_in sin;
if (__ipv6_only_sock(sk))
return -ENETUNREACH;
sin.sin_family = AF_INET;
sin.sin_port = usin->sin6_port;
sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
icsk->icsk_af_ops = &ipv6_mapped;
sk->sk_backlog_rcv = tcp_v4_do_rcv;
#ifdef CONFIG_TCP_MD5SIG
tp->af_specific = &tcp_sock_ipv6_mapped_specific;
#endif
err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
if (err) {
icsk->icsk_ext_hdr_len = exthdrlen;
icsk->icsk_af_ops = &ipv6_specific;
sk->sk_backlog_rcv = tcp_v6_do_rcv;
#ifdef CONFIG_TCP_MD5SIG
tp->af_specific = &tcp_sock_ipv6_specific;
#endif
goto failure;
}
np->saddr = sk->sk_v6_rcv_saddr;
return err;
}
if (!ipv6_addr_any(&sk->sk_v6_rcv_saddr))
saddr = &sk->sk_v6_rcv_saddr;
fl6.flowi6_proto = IPPROTO_TCP;
fl6.daddr = sk->sk_v6_daddr;
fl6.saddr = saddr ? *saddr : np->saddr;
fl6.flowlabel = ip6_make_flowinfo(np->tclass, np->flow_label);
fl6.flowi6_oif = sk->sk_bound_dev_if;
fl6.flowi6_mark = sk->sk_mark;
fl6.fl6_dport = usin->sin6_port;
fl6.fl6_sport = inet->inet_sport;
fl6.flowi6_uid = sk->sk_uid;
opt = rcu_dereference_protected(np->opt, lockdep_sock_is_held(sk));
final_p = fl6_update_dst(&fl6, opt, &final);
security_sk_classify_flow(sk, flowi6_to_flowi(&fl6));
dst = ip6_dst_lookup_flow(sock_net(sk), sk, &fl6, final_p);
if (IS_ERR(dst)) {
err = PTR_ERR(dst);
goto failure;
}
if (!saddr) {
saddr = &fl6.saddr;
sk->sk_v6_rcv_saddr = *saddr;
}
/* set the source address */
np->saddr = *saddr;
inet->inet_rcv_saddr = LOOPBACK4_IPV6;
sk->sk_gso_type = SKB_GSO_TCPV6;
ip6_dst_store(sk, dst, NULL, NULL);
icsk->icsk_ext_hdr_len = 0;
if (opt)
icsk->icsk_ext_hdr_len = opt->opt_flen +
opt->opt_nflen;
tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
inet->inet_dport = usin->sin6_port;
tcp_set_state(sk, TCP_SYN_SENT);
err = inet6_hash_connect(tcp_death_row, sk);
if (err)
goto late_failure;
sk_set_txhash(sk);
if (likely(!tp->repair)) {
if (!tp->write_seq)
WRITE_ONCE(tp->write_seq,
secure_tcpv6_seq(np->saddr.s6_addr32,
sk->sk_v6_daddr.s6_addr32,
inet->inet_sport,
inet->inet_dport));
tp->tsoffset = secure_tcpv6_ts_off(sock_net(sk),
np->saddr.s6_addr32,
sk->sk_v6_daddr.s6_addr32);
}
if (tcp_fastopen_defer_connect(sk, &err))
return err;
if (err)
goto late_failure;
err = tcp_connect(sk);
if (err)
goto late_failure;
return 0;
late_failure:
tcp_set_state(sk, TCP_CLOSE);
if (!(sk->sk_userlocks & SOCK_BINDADDR_LOCK))
inet_reset_saddr(sk);
failure:
inet->inet_dport = 0;
sk->sk_route_caps = 0;
return err;
}
static void tcp_v6_mtu_reduced(struct sock *sk)
{
struct dst_entry *dst;
u32 mtu;
if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))
return;
mtu = READ_ONCE(tcp_sk(sk)->mtu_info);
/* Drop requests trying to increase our current mss.
* Check done in __ip6_rt_update_pmtu() is too late.
*/
if (tcp_mtu_to_mss(sk, mtu) >= tcp_sk(sk)->mss_cache)
return;
dst = inet6_csk_update_pmtu(sk, mtu);
if (!dst)
return;
if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) {
tcp_sync_mss(sk, dst_mtu(dst));
tcp_simple_retransmit(sk);
}
}
static int tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
u8 type, u8 code, int offset, __be32 info)
{
const struct ipv6hdr *hdr = (const struct ipv6hdr *)skb->data;
const struct tcphdr *th = (struct tcphdr *)(skb->data+offset);
struct net *net = dev_net(skb->dev);
struct request_sock *fastopen;
struct ipv6_pinfo *np;
struct tcp_sock *tp;
__u32 seq, snd_una;
struct sock *sk;
bool fatal;
int err;
sk = __inet6_lookup_established(net, &tcp_hashinfo,
&hdr->daddr, th->dest,
&hdr->saddr, ntohs(th->source),
skb->dev->ifindex, inet6_sdif(skb));
if (!sk) {
__ICMP6_INC_STATS(net, __in6_dev_get(skb->dev),
ICMP6_MIB_INERRORS);
return -ENOENT;
}
if (sk->sk_state == TCP_TIME_WAIT) {
inet_twsk_put(inet_twsk(sk));
return 0;
}
seq = ntohl(th->seq);
fatal = icmpv6_err_convert(type, code, &err);
if (sk->sk_state == TCP_NEW_SYN_RECV) {
tcp_req_err(sk, seq, fatal);
return 0;
}
bh_lock_sock(sk);
if (sock_owned_by_user(sk) && type != ICMPV6_PKT_TOOBIG)
__NET_INC_STATS(net, LINUX_MIB_LOCKDROPPEDICMPS);
if (sk->sk_state == TCP_CLOSE)
goto out;
if (ipv6_hdr(skb)->hop_limit < tcp_inet6_sk(sk)->min_hopcount) {
__NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP);
goto out;
}
tp = tcp_sk(sk);
/* XXX (TFO) - tp->snd_una should be ISN (tcp_create_openreq_child() */
fastopen = rcu_dereference(tp->fastopen_rsk);
snd_una = fastopen ? tcp_rsk(fastopen)->snt_isn : tp->snd_una;
if (sk->sk_state != TCP_LISTEN &&
!between(seq, snd_una, tp->snd_nxt)) {
__NET_INC_STATS(net, LINUX_MIB_OUTOFWINDOWICMPS);
goto out;
}
np = tcp_inet6_sk(sk);
if (type == NDISC_REDIRECT) {
if (!sock_owned_by_user(sk)) {
struct dst_entry *dst = __sk_dst_check(sk, np->dst_cookie);
if (dst)
dst->ops->redirect(dst, sk, skb);
}
goto out;
}
if (type == ICMPV6_PKT_TOOBIG) {
u32 mtu = ntohl(info);
/* We are not interested in TCP_LISTEN and open_requests
* (SYN-ACKs send out by Linux are always <576bytes so
* they should go through unfragmented).
*/
if (sk->sk_state == TCP_LISTEN)
goto out;
if (!ip6_sk_accept_pmtu(sk))
goto out;
if (mtu < IPV6_MIN_MTU)
goto out;
WRITE_ONCE(tp->mtu_info, mtu);
if (!sock_owned_by_user(sk))
tcp_v6_mtu_reduced(sk);
else if (!test_and_set_bit(TCP_MTU_REDUCED_DEFERRED,
&sk->sk_tsq_flags))
sock_hold(sk);
goto out;
}
/* Might be for an request_sock */
switch (sk->sk_state) {
case TCP_SYN_SENT:
case TCP_SYN_RECV:
/* Only in fast or simultaneous open. If a fast open socket is
* is already accepted it is treated as a connected one below.
*/
if (fastopen && !fastopen->sk)
break;
if (!sock_owned_by_user(sk)) {
sk->sk_err = err;
sk->sk_error_report(sk); /* Wake people up to see the error (see connect in sock.c) */
tcp_done(sk);
} else
sk->sk_err_soft = err;
goto out;
}
if (!sock_owned_by_user(sk) && np->recverr) {
sk->sk_err = err;
sk->sk_error_report(sk);
} else
sk->sk_err_soft = err;
out:
bh_unlock_sock(sk);
sock_put(sk);
return 0;
}
static int tcp_v6_send_synack(const struct sock *sk, struct dst_entry *dst,
struct flowi *fl,
struct request_sock *req,
struct tcp_fastopen_cookie *foc,
enum tcp_synack_type synack_type)
{
struct inet_request_sock *ireq = inet_rsk(req);
struct ipv6_pinfo *np = tcp_inet6_sk(sk);
struct ipv6_txoptions *opt;
struct flowi6 *fl6 = &fl->u.ip6;
struct sk_buff *skb;
int err = -ENOMEM;
/* First, grab a route. */
if (!dst && (dst = inet6_csk_route_req(sk, fl6, req,
IPPROTO_TCP)) == NULL)
goto done;
skb = tcp_make_synack(sk, dst, req, foc, synack_type);
if (skb) {
__tcp_v6_send_check(skb, &ireq->ir_v6_loc_addr,
&ireq->ir_v6_rmt_addr);
fl6->daddr = ireq->ir_v6_rmt_addr;
if (np->repflow && ireq->pktopts)
fl6->flowlabel = ip6_flowlabel(ipv6_hdr(ireq->pktopts));
rcu_read_lock();
opt = ireq->ipv6_opt;
if (!opt)
opt = rcu_dereference(np->opt);
err = ip6_xmit(sk, skb, fl6, skb->mark ? : sk->sk_mark, opt,
np->tclass, sk->sk_priority);
rcu_read_unlock();
err = net_xmit_eval(err);
}
done:
return err;
}
static void tcp_v6_reqsk_destructor(struct request_sock *req)
{
kfree(inet_rsk(req)->ipv6_opt);
kfree_skb(inet_rsk(req)->pktopts);
}
#ifdef CONFIG_TCP_MD5SIG
static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(const struct sock *sk,
const struct in6_addr *addr)
{
return tcp_md5_do_lookup(sk, (union tcp_md5_addr *)addr, AF_INET6);
}
static struct tcp_md5sig_key *tcp_v6_md5_lookup(const struct sock *sk,
const struct sock *addr_sk)
{
return tcp_v6_md5_do_lookup(sk, &addr_sk->sk_v6_daddr);
}
static int tcp_v6_parse_md5_keys(struct sock *sk, int optname,
char __user *optval, int optlen)
{
struct tcp_md5sig cmd;
struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr;
u8 prefixlen;
if (optlen < sizeof(cmd))
return -EINVAL;
if (copy_from_user(&cmd, optval, sizeof(cmd)))
return -EFAULT;
if (sin6->sin6_family != AF_INET6)
return -EINVAL;
if (optname == TCP_MD5SIG_EXT &&
cmd.tcpm_flags & TCP_MD5SIG_FLAG_PREFIX) {
prefixlen = cmd.tcpm_prefixlen;
if (prefixlen > 128 || (ipv6_addr_v4mapped(&sin6->sin6_addr) &&
prefixlen > 32))
return -EINVAL;
} else {
prefixlen = ipv6_addr_v4mapped(&sin6->sin6_addr) ? 32 : 128;
}
if (!cmd.tcpm_keylen) {
if (ipv6_addr_v4mapped(&sin6->sin6_addr))
return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3],
AF_INET, prefixlen);
return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr,
AF_INET6, prefixlen);
}
if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
return -EINVAL;
if (ipv6_addr_v4mapped(&sin6->sin6_addr))
return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3],
AF_INET, prefixlen, cmd.tcpm_key,
cmd.tcpm_keylen, GFP_KERNEL);
return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr,
AF_INET6, prefixlen, cmd.tcpm_key,
cmd.tcpm_keylen, GFP_KERNEL);
}
static int tcp_v6_md5_hash_headers(struct tcp_md5sig_pool *hp,
const struct in6_addr *daddr,
const struct in6_addr *saddr,
const struct tcphdr *th, int nbytes)
{
struct tcp6_pseudohdr *bp;
struct scatterlist sg;
struct tcphdr *_th;
bp = hp->scratch;
/* 1. TCP pseudo-header (RFC2460) */
bp->saddr = *saddr;
bp->daddr = *daddr;
bp->protocol = cpu_to_be32(IPPROTO_TCP);
bp->len = cpu_to_be32(nbytes);
_th = (struct tcphdr *)(bp + 1);
memcpy(_th, th, sizeof(*th));
_th->check = 0;
sg_init_one(&sg, bp, sizeof(*bp) + sizeof(*th));
ahash_request_set_crypt(hp->md5_req, &sg, NULL,
sizeof(*bp) + sizeof(*th));
return crypto_ahash_update(hp->md5_req);
}
static int tcp_v6_md5_hash_hdr(char *md5_hash, const struct tcp_md5sig_key *key,
const struct in6_addr *daddr, struct in6_addr *saddr,
const struct tcphdr *th)
{
struct tcp_md5sig_pool *hp;
struct ahash_request *req;
hp = tcp_get_md5sig_pool();
if (!hp)
goto clear_hash_noput;
req = hp->md5_req;
if (crypto_ahash_init(req))
goto clear_hash;
if (tcp_v6_md5_hash_headers(hp, daddr, saddr, th, th->doff << 2))
goto clear_hash;
if (tcp_md5_hash_key(hp, key))
goto clear_hash;
ahash_request_set_crypt(req, NULL, md5_hash, 0);
if (crypto_ahash_final(req))
goto clear_hash;
tcp_put_md5sig_pool();
return 0;
clear_hash:
tcp_put_md5sig_pool();
clear_hash_noput:
memset(md5_hash, 0, 16);
return 1;
}
static int tcp_v6_md5_hash_skb(char *md5_hash,
const struct tcp_md5sig_key *key,
const struct sock *sk,
const struct sk_buff *skb)
{
const struct in6_addr *saddr, *daddr;
struct tcp_md5sig_pool *hp;
struct ahash_request *req;
const struct tcphdr *th = tcp_hdr(skb);
if (sk) { /* valid for establish/request sockets */
saddr = &sk->sk_v6_rcv_saddr;
daddr = &sk->sk_v6_daddr;
} else {
const struct ipv6hdr *ip6h = ipv6_hdr(skb);
saddr = &ip6h->saddr;
daddr = &ip6h->daddr;
}
hp = tcp_get_md5sig_pool();
if (!hp)
goto clear_hash_noput;
req = hp->md5_req;
if (crypto_ahash_init(req))
goto clear_hash;
if (tcp_v6_md5_hash_headers(hp, daddr, saddr, th, skb->len))
goto clear_hash;
if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2))
goto clear_hash;
if (tcp_md5_hash_key(hp, key))
goto clear_hash;
ahash_request_set_crypt(req, NULL, md5_hash, 0);
if (crypto_ahash_final(req))
goto clear_hash;
tcp_put_md5sig_pool();
return 0;
clear_hash:
tcp_put_md5sig_pool();
clear_hash_noput:
memset(md5_hash, 0, 16);
return 1;
}
#endif
static bool tcp_v6_inbound_md5_hash(const struct sock *sk,
const struct sk_buff *skb)
{
#ifdef CONFIG_TCP_MD5SIG
const __u8 *hash_location = NULL;
struct tcp_md5sig_key *hash_expected;
const struct ipv6hdr *ip6h = ipv6_hdr(skb);
const struct tcphdr *th = tcp_hdr(skb);
int genhash;
u8 newhash[16];
hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr);
hash_location = tcp_parse_md5sig_option(th);
/* We've parsed the options - do we have a hash? */
if (!hash_expected && !hash_location)
return false;
if (hash_expected && !hash_location) {
NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND);
return true;
}
if (!hash_expected && hash_location) {
NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED);
return true;
}
/* check the signature */
genhash = tcp_v6_md5_hash_skb(newhash,
hash_expected,
NULL, skb);
if (genhash || memcmp(hash_location, newhash, 16) != 0) {
NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5FAILURE);
net_info_ratelimited("MD5 Hash %s for [%pI6c]:%u->[%pI6c]:%u\n",
genhash ? "failed" : "mismatch",
&ip6h->saddr, ntohs(th->source),
&ip6h->daddr, ntohs(th->dest));
return true;
}
#endif
return false;
}
static void tcp_v6_init_req(struct request_sock *req,
const struct sock *sk_listener,
struct sk_buff *skb)
{
bool l3_slave = ipv6_l3mdev_skb(TCP_SKB_CB(skb)->header.h6.flags);
struct inet_request_sock *ireq = inet_rsk(req);
const struct ipv6_pinfo *np = tcp_inet6_sk(sk_listener);
ireq->ir_v6_rmt_addr = ipv6_hdr(skb)->saddr;
ireq->ir_v6_loc_addr = ipv6_hdr(skb)->daddr;
/* So that link locals have meaning */
if ((!sk_listener->sk_bound_dev_if || l3_slave) &&
ipv6_addr_type(&ireq->ir_v6_rmt_addr) & IPV6_ADDR_LINKLOCAL)
ireq->ir_iif = tcp_v6_iif(skb);
if (!TCP_SKB_CB(skb)->tcp_tw_isn &&
(ipv6_opt_accepted(sk_listener, skb, &TCP_SKB_CB(skb)->header.h6) ||
np->rxopt.bits.rxinfo ||
np->rxopt.bits.rxoinfo || np->rxopt.bits.rxhlim ||
np->rxopt.bits.rxohlim || np->repflow)) {
refcount_inc(&skb->users);
ireq->pktopts = skb;
}
}
static struct dst_entry *tcp_v6_route_req(const struct sock *sk,
struct flowi *fl,
const struct request_sock *req)
{
return inet6_csk_route_req(sk, &fl->u.ip6, req, IPPROTO_TCP);
}
struct request_sock_ops tcp6_request_sock_ops __read_mostly = {
.family = AF_INET6,
.obj_size = sizeof(struct tcp6_request_sock),
.rtx_syn_ack = tcp_rtx_synack,
.send_ack = tcp_v6_reqsk_send_ack,
.destructor = tcp_v6_reqsk_destructor,
.send_reset = tcp_v6_send_reset,
.syn_ack_timeout = tcp_syn_ack_timeout,
};
const struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = {
.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) -
sizeof(struct ipv6hdr),
#ifdef CONFIG_TCP_MD5SIG
.req_md5_lookup = tcp_v6_md5_lookup,
.calc_md5_hash = tcp_v6_md5_hash_skb,
#endif
.init_req = tcp_v6_init_req,
#ifdef CONFIG_SYN_COOKIES
.cookie_init_seq = cookie_v6_init_sequence,
#endif
.route_req = tcp_v6_route_req,
.init_seq = tcp_v6_init_seq,
.init_ts_off = tcp_v6_init_ts_off,
.send_synack = tcp_v6_send_synack,
};
static void tcp_v6_send_response(const struct sock *sk, struct sk_buff *skb, u32 seq,
u32 ack, u32 win, u32 tsval, u32 tsecr,
int oif, struct tcp_md5sig_key *key, int rst,
u8 tclass, __be32 label, u32 priority)
{
const struct tcphdr *th = tcp_hdr(skb);
struct tcphdr *t1;
struct sk_buff *buff;
struct flowi6 fl6;
struct net *net = sk ? sock_net(sk) : dev_net(skb_dst(skb)->dev);
struct sock *ctl_sk = net->ipv6.tcp_sk;
unsigned int tot_len = sizeof(struct tcphdr);
struct dst_entry *dst;
__be32 *topt;
__u32 mark = 0;
if (tsecr)
tot_len += TCPOLEN_TSTAMP_ALIGNED;
#ifdef CONFIG_TCP_MD5SIG
if (key)
tot_len += TCPOLEN_MD5SIG_ALIGNED;
#endif
buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
GFP_ATOMIC);
if (!buff)
return;
skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
t1 = skb_push(buff, tot_len);
skb_reset_transport_header(buff);
/* Swap the send and the receive. */
memset(t1, 0, sizeof(*t1));
t1->dest = th->source;
t1->source = th->dest;
t1->doff = tot_len / 4;
t1->seq = htonl(seq);
t1->ack_seq = htonl(ack);
t1->ack = !rst || !th->ack;
t1->rst = rst;
t1->window = htons(win);
topt = (__be32 *)(t1 + 1);
if (tsecr) {
*topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
(TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP);
*topt++ = htonl(tsval);
*topt++ = htonl(tsecr);
}
#ifdef CONFIG_TCP_MD5SIG
if (key) {
*topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
(TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
tcp_v6_md5_hash_hdr((__u8 *)topt, key,
&ipv6_hdr(skb)->saddr,
&ipv6_hdr(skb)->daddr, t1);
}
#endif
memset(&fl6, 0, sizeof(fl6));
fl6.daddr = ipv6_hdr(skb)->saddr;
fl6.saddr = ipv6_hdr(skb)->daddr;
fl6.flowlabel = label;
buff->ip_summed = CHECKSUM_PARTIAL;
buff->csum = 0;
__tcp_v6_send_check(buff, &fl6.saddr, &fl6.daddr);
fl6.flowi6_proto = IPPROTO_TCP;
if (rt6_need_strict(&fl6.daddr) && !oif)
fl6.flowi6_oif = tcp_v6_iif(skb);
else {
if (!oif && netif_index_is_l3_master(net, skb->skb_iif))
oif = skb->skb_iif;
fl6.flowi6_oif = oif;
}
if (sk) {
if (sk->sk_state == TCP_TIME_WAIT) {
mark = inet_twsk(sk)->tw_mark;
/* autoflowlabel relies on buff->hash */
skb_set_hash(buff, inet_twsk(sk)->tw_txhash,
PKT_HASH_TYPE_L4);
} else {
mark = sk->sk_mark;
}
buff->tstamp = tcp_transmit_time(sk);
}
fl6.flowi6_mark = IP6_REPLY_MARK(net, skb->mark) ?: mark;
fl6.fl6_dport = t1->dest;
fl6.fl6_sport = t1->source;
fl6.flowi6_uid = sock_net_uid(net, sk && sk_fullsock(sk) ? sk : NULL);
security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
/* Pass a socket to ip6_dst_lookup either it is for RST
* Underlying function will use this to retrieve the network
* namespace
*/
dst = ip6_dst_lookup_flow(sock_net(ctl_sk), ctl_sk, &fl6, NULL);
if (!IS_ERR(dst)) {
skb_dst_set(buff, dst);
ip6_xmit(ctl_sk, buff, &fl6, fl6.flowi6_mark, NULL, tclass,
priority);
TCP_INC_STATS(net, TCP_MIB_OUTSEGS);
if (rst)
TCP_INC_STATS(net, TCP_MIB_OUTRSTS);
return;
}
kfree_skb(buff);
}
static void tcp_v6_send_reset(const struct sock *sk, struct sk_buff *skb)
{
const struct tcphdr *th = tcp_hdr(skb);
struct ipv6hdr *ipv6h = ipv6_hdr(skb);
u32 seq = 0, ack_seq = 0;
struct tcp_md5sig_key *key = NULL;
#ifdef CONFIG_TCP_MD5SIG
const __u8 *hash_location = NULL;
unsigned char newhash[16];
int genhash;
struct sock *sk1 = NULL;
#endif
__be32 label = 0;
u32 priority = 0;
struct net *net;
int oif = 0;
if (th->rst)
return;
/* If sk not NULL, it means we did a successful lookup and incoming
* route had to be correct. prequeue might have dropped our dst.
*/
if (!sk && !ipv6_unicast_destination(skb))
return;
net = sk ? sock_net(sk) : dev_net(skb_dst(skb)->dev);
#ifdef CONFIG_TCP_MD5SIG
rcu_read_lock();
hash_location = tcp_parse_md5sig_option(th);
if (sk && sk_fullsock(sk)) {
key = tcp_v6_md5_do_lookup(sk, &ipv6h->saddr);
} else if (hash_location) {
/*
* active side is lost. Try to find listening socket through
* source port, and then find md5 key through listening socket.
* we are not loose security here:
* Incoming packet is checked with md5 hash with finding key,
* no RST generated if md5 hash doesn't match.
*/
sk1 = inet6_lookup_listener(net,
&tcp_hashinfo, NULL, 0,
&ipv6h->saddr,
th->source, &ipv6h->daddr,
ntohs(th->source),
tcp_v6_iif_l3_slave(skb),
tcp_v6_sdif(skb));
if (!sk1)
goto out;
key = tcp_v6_md5_do_lookup(sk1, &ipv6h->saddr);
if (!key)
goto out;
genhash = tcp_v6_md5_hash_skb(newhash, key, NULL, skb);
if (genhash || memcmp(hash_location, newhash, 16) != 0)
goto out;
}
#endif
if (th->ack)
seq = ntohl(th->ack_seq);
else
ack_seq = ntohl(th->seq) + th->syn + th->fin + skb->len -
(th->doff << 2);
if (sk) {
oif = sk->sk_bound_dev_if;
if (sk_fullsock(sk)) {
const struct ipv6_pinfo *np = tcp_inet6_sk(sk);
trace_tcp_send_reset(sk, skb);
if (np->repflow)
label = ip6_flowlabel(ipv6h);
priority = sk->sk_priority;
}
if (sk->sk_state == TCP_TIME_WAIT) {
label = cpu_to_be32(inet_twsk(sk)->tw_flowlabel);
priority = inet_twsk(sk)->tw_priority;
}
} else {
if (net->ipv6.sysctl.flowlabel_reflect & FLOWLABEL_REFLECT_TCP_RESET)
label = ip6_flowlabel(ipv6h);
}
tcp_v6_send_response(sk, skb, seq, ack_seq, 0, 0, 0, oif, key, 1, 0,
label, priority);
#ifdef CONFIG_TCP_MD5SIG
out:
rcu_read_unlock();
#endif
}
static void tcp_v6_send_ack(const struct sock *sk, struct sk_buff *skb, u32 seq,
u32 ack, u32 win, u32 tsval, u32 tsecr, int oif,
struct tcp_md5sig_key *key, u8 tclass,
__be32 label, u32 priority)
{
tcp_v6_send_response(sk, skb, seq, ack, win, tsval, tsecr, oif, key, 0,
tclass, label, priority);
}
static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
{
struct inet_timewait_sock *tw = inet_twsk(sk);
struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
tcp_v6_send_ack(sk, skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
tcp_time_stamp_raw() + tcptw->tw_ts_offset,
tcptw->tw_ts_recent, tw->tw_bound_dev_if, tcp_twsk_md5_key(tcptw),
tw->tw_tclass, cpu_to_be32(tw->tw_flowlabel), tw->tw_priority);
inet_twsk_put(tw);
}
static void tcp_v6_reqsk_send_ack(const struct sock *sk, struct sk_buff *skb,
struct request_sock *req)
{
/* sk->sk_state == TCP_LISTEN -> for regular TCP_SYN_RECV
* sk->sk_state == TCP_SYN_RECV -> for Fast Open.
*/
/* RFC 7323 2.3
* The window field (SEG.WND) of every outgoing segment, with the
* exception of <SYN> segments, MUST be right-shifted by
* Rcv.Wind.Shift bits:
*/
tcp_v6_send_ack(sk, skb, (sk->sk_state == TCP_LISTEN) ?
tcp_rsk(req)->snt_isn + 1 : tcp_sk(sk)->snd_nxt,
tcp_rsk(req)->rcv_nxt,
req->rsk_rcv_wnd >> inet_rsk(req)->rcv_wscale,
tcp_time_stamp_raw() + tcp_rsk(req)->ts_off,
req->ts_recent, sk->sk_bound_dev_if,
tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->saddr),
0, 0, sk->sk_priority);
}
static struct sock *tcp_v6_cookie_check(struct sock *sk, struct sk_buff *skb)
{
#ifdef CONFIG_SYN_COOKIES
const struct tcphdr *th = tcp_hdr(skb);
if (!th->syn)
sk = cookie_v6_check(sk, skb);
#endif
return sk;
}
u16 tcp_v6_get_syncookie(struct sock *sk, struct ipv6hdr *iph,
struct tcphdr *th, u32 *cookie)
{
u16 mss = 0;
#ifdef CONFIG_SYN_COOKIES
mss = tcp_get_syncookie_mss(&tcp6_request_sock_ops,
&tcp_request_sock_ipv6_ops, sk, th);
if (mss) {
*cookie = __cookie_v6_init_sequence(iph, th, &mss);
tcp_synq_overflow(sk);
}
#endif
return mss;
}
static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
{
if (skb->protocol == htons(ETH_P_IP))
return tcp_v4_conn_request(sk, skb);
if (!ipv6_unicast_destination(skb))
goto drop;
if (ipv6_addr_v4mapped(&ipv6_hdr(skb)->saddr)) {
__IP6_INC_STATS(sock_net(sk), NULL, IPSTATS_MIB_INHDRERRORS);
return 0;
}
return tcp_conn_request(&tcp6_request_sock_ops,
&tcp_request_sock_ipv6_ops, sk, skb);
drop:
tcp_listendrop(sk);
return 0; /* don't send reset */
}
static void tcp_v6_restore_cb(struct sk_buff *skb)
{
/* We need to move header back to the beginning if xfrm6_policy_check()
* and tcp_v6_fill_cb() are going to be called again.
* ip6_datagram_recv_specific_ctl() also expects IP6CB to be there.
*/
memmove(IP6CB(skb), &TCP_SKB_CB(skb)->header.h6,
sizeof(struct inet6_skb_parm));
}
static struct sock *tcp_v6_syn_recv_sock(const struct sock *sk, struct sk_buff *skb,
struct request_sock *req,
struct dst_entry *dst,
struct request_sock *req_unhash,
bool *own_req)
{
struct inet_request_sock *ireq;
struct ipv6_pinfo *newnp;
const struct ipv6_pinfo *np = tcp_inet6_sk(sk);
struct ipv6_txoptions *opt;
struct inet_sock *newinet;
bool found_dup_sk = false;
struct tcp_sock *newtp;
struct sock *newsk;
#ifdef CONFIG_TCP_MD5SIG
struct tcp_md5sig_key *key;
#endif
struct flowi6 fl6;
if (skb->protocol == htons(ETH_P_IP)) {
/*
* v6 mapped
*/
newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst,
req_unhash, own_req);
if (!newsk)
return NULL;
inet_sk(newsk)->pinet6 = tcp_inet6_sk(newsk);
newinet = inet_sk(newsk);
newnp = tcp_inet6_sk(newsk);
newtp = tcp_sk(newsk);
memcpy(newnp, np, sizeof(struct ipv6_pinfo));
newnp->saddr = newsk->sk_v6_rcv_saddr;
inet_csk(newsk)->icsk_af_ops = &ipv6_mapped;
newsk->sk_backlog_rcv = tcp_v4_do_rcv;
#ifdef CONFIG_TCP_MD5SIG
newtp->af_specific = &tcp_sock_ipv6_mapped_specific;
#endif
newnp->ipv6_mc_list = NULL;
newnp->ipv6_ac_list = NULL;
newnp->ipv6_fl_list = NULL;
newnp->pktoptions = NULL;
newnp->opt = NULL;
newnp->mcast_oif = inet_iif(skb);
newnp->mcast_hops = ip_hdr(skb)->ttl;
newnp->rcv_flowinfo = 0;
if (np->repflow)
newnp->flow_label = 0;
/*
* No need to charge this sock to the relevant IPv6 refcnt debug socks count
* here, tcp_create_openreq_child now does this for us, see the comment in
* that function for the gory details. -acme
*/
/* It is tricky place. Until this moment IPv4 tcp
worked with IPv6 icsk.icsk_af_ops.
Sync it now.
*/
tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
return newsk;
}
ireq = inet_rsk(req);
if (sk_acceptq_is_full(sk))
goto out_overflow;
if (!dst) {
dst = inet6_csk_route_req(sk, &fl6, req, IPPROTO_TCP);
if (!dst)
goto out;
}
newsk = tcp_create_openreq_child(sk, req, skb);
if (!newsk)
goto out_nonewsk;
/*
* No need to charge this sock to the relevant IPv6 refcnt debug socks
* count here, tcp_create_openreq_child now does this for us, see the
* comment in that function for the gory details. -acme
*/
newsk->sk_gso_type = SKB_GSO_TCPV6;
ip6_dst_store(newsk, dst, NULL, NULL);
inet6_sk_rx_dst_set(newsk, skb);
inet_sk(newsk)->pinet6 = tcp_inet6_sk(newsk);
newtp = tcp_sk(newsk);
newinet = inet_sk(newsk);
newnp = tcp_inet6_sk(newsk);
memcpy(newnp, np, sizeof(struct ipv6_pinfo));
newsk->sk_v6_daddr = ireq->ir_v6_rmt_addr;
newnp->saddr = ireq->ir_v6_loc_addr;
newsk->sk_v6_rcv_saddr = ireq->ir_v6_loc_addr;
newsk->sk_bound_dev_if = ireq->ir_iif;
/* Now IPv6 options...
First: no IPv4 options.
*/
newinet->inet_opt = NULL;
newnp->ipv6_mc_list = NULL;
newnp->ipv6_ac_list = NULL;
newnp->ipv6_fl_list = NULL;
/* Clone RX bits */
newnp->rxopt.all = np->rxopt.all;
newnp->pktoptions = NULL;
newnp->opt = NULL;
newnp->mcast_oif = tcp_v6_iif(skb);
newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
newnp->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(skb));
if (np->repflow)
newnp->flow_label = ip6_flowlabel(ipv6_hdr(skb));
/* Clone native IPv6 options from listening socket (if any)
Yes, keeping reference count would be much more clever,
but we make one more one thing there: reattach optmem
to newsk.
*/
opt = ireq->ipv6_opt;
if (!opt)
opt = rcu_dereference(np->opt);
if (opt) {
opt = ipv6_dup_options(newsk, opt);
RCU_INIT_POINTER(newnp->opt, opt);
}
inet_csk(newsk)->icsk_ext_hdr_len = 0;
if (opt)
inet_csk(newsk)->icsk_ext_hdr_len = opt->opt_nflen +
opt->opt_flen;
tcp_ca_openreq_child(newsk, dst);
tcp_sync_mss(newsk, dst_mtu(dst));
newtp->advmss = tcp_mss_clamp(tcp_sk(sk), dst_metric_advmss(dst));
tcp_initialize_rcv_mss(newsk);
newinet->inet_daddr = newinet->inet_saddr = LOOPBACK4_IPV6;
newinet->inet_rcv_saddr = LOOPBACK4_IPV6;
#ifdef CONFIG_TCP_MD5SIG
/* Copy over the MD5 key from the original socket */
key = tcp_v6_md5_do_lookup(sk, &newsk->sk_v6_daddr);
if (key) {
/* We're using one, so create a matching key
* on the newsk structure. If we fail to get
* memory, then we end up not copying the key
* across. Shucks.
*/
tcp_md5_do_add(newsk, (union tcp_md5_addr *)&newsk->sk_v6_daddr,
AF_INET6, 128, key->key, key->keylen,
sk_gfp_mask(sk, GFP_ATOMIC));
}
#endif
if (__inet_inherit_port(sk, newsk) < 0) {
inet_csk_prepare_forced_close(newsk);
tcp_done(newsk);
goto out;
}
*own_req = inet_ehash_nolisten(newsk, req_to_sk(req_unhash),
&found_dup_sk);
if (*own_req) {
tcp_move_syn(newtp, req);
/* Clone pktoptions received with SYN, if we own the req */
if (ireq->pktopts) {
newnp->pktoptions = skb_clone_and_charge_r(ireq->pktopts, newsk);
consume_skb(ireq->pktopts);
ireq->pktopts = NULL;
if (newnp->pktoptions)
tcp_v6_restore_cb(newnp->pktoptions);
}
} else {
if (!req_unhash && found_dup_sk) {
/* This code path should only be executed in the
* syncookie case only
*/
bh_unlock_sock(newsk);
sock_put(newsk);
newsk = NULL;
}
}
return newsk;
out_overflow:
__NET_INC_STATS(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
out_nonewsk:
dst_release(dst);
out:
tcp_listendrop(sk);
return NULL;
}
/* The socket must have it's spinlock held when we get
* here, unless it is a TCP_LISTEN socket.
*
* We have a potential double-lock case here, so even when
* doing backlog processing we use the BH locking scheme.
* This is because we cannot sleep with the original spinlock
* held.
*/
static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
{
struct ipv6_pinfo *np = tcp_inet6_sk(sk);
struct sk_buff *opt_skb = NULL;
struct tcp_sock *tp;
/* Imagine: socket is IPv6. IPv4 packet arrives,
goes to IPv4 receive handler and backlogged.
From backlog it always goes here. Kerboom...
Fortunately, tcp_rcv_established and rcv_established
handle them correctly, but it is not case with
tcp_v6_hnd_req and tcp_v6_send_reset(). --ANK
*/
if (skb->protocol == htons(ETH_P_IP))
return tcp_v4_do_rcv(sk, skb);
/*
* socket locking is here for SMP purposes as backlog rcv
* is currently called with bh processing disabled.
*/
/* Do Stevens' IPV6_PKTOPTIONS.
Yes, guys, it is the only place in our code, where we
may make it not affecting IPv4.
The rest of code is protocol independent,
and I do not like idea to uglify IPv4.
Actually, all the idea behind IPV6_PKTOPTIONS
looks not very well thought. For now we latch
options, received in the last packet, enqueued
by tcp. Feel free to propose better solution.
--ANK (980728)
*/
if (np->rxopt.all)
opt_skb = skb_clone_and_charge_r(skb, sk);
if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
struct dst_entry *dst;
dst = rcu_dereference_protected(sk->sk_rx_dst,
lockdep_sock_is_held(sk));
sock_rps_save_rxhash(sk, skb);
sk_mark_napi_id(sk, skb);
if (dst) {
if (inet_sk(sk)->rx_dst_ifindex != skb->skb_iif ||
dst->ops->check(dst, np->rx_dst_cookie) == NULL) {
RCU_INIT_POINTER(sk->sk_rx_dst, NULL);
dst_release(dst);
}
}
tcp_rcv_established(sk, skb);
if (opt_skb)
goto ipv6_pktoptions;
return 0;
}
if (tcp_checksum_complete(skb))
goto csum_err;
if (sk->sk_state == TCP_LISTEN) {
struct sock *nsk = tcp_v6_cookie_check(sk, skb);
if (!nsk)
goto discard;
if (nsk != sk) {
if (tcp_child_process(sk, nsk, skb))
goto reset;
if (opt_skb)
__kfree_skb(opt_skb);
return 0;
}
} else
sock_rps_save_rxhash(sk, skb);
if (tcp_rcv_state_process(sk, skb))
goto reset;
if (opt_skb)
goto ipv6_pktoptions;
return 0;
reset:
tcp_v6_send_reset(sk, skb);
discard:
if (opt_skb)
__kfree_skb(opt_skb);
kfree_skb(skb);
return 0;
csum_err:
TCP_INC_STATS(sock_net(sk), TCP_MIB_CSUMERRORS);
TCP_INC_STATS(sock_net(sk), TCP_MIB_INERRS);
goto discard;
ipv6_pktoptions:
/* Do you ask, what is it?
1. skb was enqueued by tcp.
2. skb is added to tail of read queue, rather than out of order.
3. socket is not in passive state.
4. Finally, it really contains options, which user wants to receive.
*/
tp = tcp_sk(sk);
if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt &&
!((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) {
if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo)
np->mcast_oif = tcp_v6_iif(opt_skb);
if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim)
np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit;
if (np->rxopt.bits.rxflow || np->rxopt.bits.rxtclass)
np->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(opt_skb));
if (np->repflow)
np->flow_label = ip6_flowlabel(ipv6_hdr(opt_skb));
if (ipv6_opt_accepted(sk, opt_skb, &TCP_SKB_CB(opt_skb)->header.h6)) {
tcp_v6_restore_cb(opt_skb);
opt_skb = xchg(&np->pktoptions, opt_skb);
} else {
__kfree_skb(opt_skb);
opt_skb = xchg(&np->pktoptions, NULL);
}
}
kfree_skb(opt_skb);
return 0;
}
static void tcp_v6_fill_cb(struct sk_buff *skb, const struct ipv6hdr *hdr,
const struct tcphdr *th)
{
/* This is tricky: we move IP6CB at its correct location into
* TCP_SKB_CB(). It must be done after xfrm6_policy_check(), because
* _decode_session6() uses IP6CB().
* barrier() makes sure compiler won't play aliasing games.
*/
memmove(&TCP_SKB_CB(skb)->header.h6, IP6CB(skb),
sizeof(struct inet6_skb_parm));
barrier();
TCP_SKB_CB(skb)->seq = ntohl(th->seq);
TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
skb->len - th->doff*4);
TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
TCP_SKB_CB(skb)->tcp_flags = tcp_flag_byte(th);
TCP_SKB_CB(skb)->tcp_tw_isn = 0;
TCP_SKB_CB(skb)->ip_dsfield = ipv6_get_dsfield(hdr);
TCP_SKB_CB(skb)->sacked = 0;
TCP_SKB_CB(skb)->has_rxtstamp =
skb->tstamp || skb_hwtstamps(skb)->hwtstamp;
}
INDIRECT_CALLABLE_SCOPE int tcp_v6_rcv(struct sk_buff *skb)
{
struct sk_buff *skb_to_free;
int sdif = inet6_sdif(skb);
const struct tcphdr *th;
const struct ipv6hdr *hdr;
bool refcounted;
struct sock *sk;
int ret;
struct net *net = dev_net(skb->dev);
if (skb->pkt_type != PACKET_HOST)
goto discard_it;
/*
* Count it even if it's bad.
*/
__TCP_INC_STATS(net, TCP_MIB_INSEGS);
if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
goto discard_it;
th = (const struct tcphdr *)skb->data;
if (unlikely(th->doff < sizeof(struct tcphdr)/4))
goto bad_packet;
if (!pskb_may_pull(skb, th->doff*4))
goto discard_it;
if (skb_checksum_init(skb, IPPROTO_TCP, ip6_compute_pseudo))
goto csum_error;
th = (const struct tcphdr *)skb->data;
hdr = ipv6_hdr(skb);
lookup:
sk = __inet6_lookup_skb(&tcp_hashinfo, skb, __tcp_hdrlen(th),
th->source, th->dest, inet6_iif(skb), sdif,
&refcounted);
if (!sk)
goto no_tcp_socket;
process:
if (sk->sk_state == TCP_TIME_WAIT)
goto do_time_wait;
if (sk->sk_state == TCP_NEW_SYN_RECV) {
struct request_sock *req = inet_reqsk(sk);
bool req_stolen = false;
struct sock *nsk;
sk = req->rsk_listener;
if (tcp_v6_inbound_md5_hash(sk, skb)) {
sk_drops_add(sk, skb);
reqsk_put(req);
goto discard_it;
}
if (tcp_checksum_complete(skb)) {
reqsk_put(req);
goto csum_error;
}
if (unlikely(sk->sk_state != TCP_LISTEN)) {
inet_csk_reqsk_queue_drop_and_put(sk, req);
goto lookup;
}
sock_hold(sk);
refcounted = true;
nsk = NULL;
if (!tcp_filter(sk, skb)) {
th = (const struct tcphdr *)skb->data;
hdr = ipv6_hdr(skb);
tcp_v6_fill_cb(skb, hdr, th);
nsk = tcp_check_req(sk, skb, req, false, &req_stolen);
}
if (!nsk) {
reqsk_put(req);
if (req_stolen) {
/* Another cpu got exclusive access to req
* and created a full blown socket.
* Try to feed this packet to this socket
* instead of discarding it.
*/
tcp_v6_restore_cb(skb);
sock_put(sk);
goto lookup;
}
goto discard_and_relse;
}
if (nsk == sk) {
reqsk_put(req);
tcp_v6_restore_cb(skb);
} else if (tcp_child_process(sk, nsk, skb)) {
tcp_v6_send_reset(nsk, skb);
goto discard_and_relse;
} else {
sock_put(sk);
return 0;
}
}
if (hdr->hop_limit < tcp_inet6_sk(sk)->min_hopcount) {
__NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP);
goto discard_and_relse;
}
if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
goto discard_and_relse;
if (tcp_v6_inbound_md5_hash(sk, skb))
goto discard_and_relse;
if (tcp_filter(sk, skb))
goto discard_and_relse;
th = (const struct tcphdr *)skb->data;
hdr = ipv6_hdr(skb);
tcp_v6_fill_cb(skb, hdr, th);
skb->dev = NULL;
if (sk->sk_state == TCP_LISTEN) {
ret = tcp_v6_do_rcv(sk, skb);
goto put_and_return;
}
sk_incoming_cpu_update(sk);
bh_lock_sock_nested(sk);
tcp_segs_in(tcp_sk(sk), skb);
ret = 0;
if (!sock_owned_by_user(sk)) {
skb_to_free = sk->sk_rx_skb_cache;
sk->sk_rx_skb_cache = NULL;
ret = tcp_v6_do_rcv(sk, skb);
} else {
if (tcp_add_backlog(sk, skb))
goto discard_and_relse;
skb_to_free = NULL;
}
bh_unlock_sock(sk);
if (skb_to_free)
__kfree_skb(skb_to_free);
put_and_return:
if (refcounted)
sock_put(sk);
return ret ? -1 : 0;
no_tcp_socket:
if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
goto discard_it;
tcp_v6_fill_cb(skb, hdr, th);
if (tcp_checksum_complete(skb)) {
csum_error:
__TCP_INC_STATS(net, TCP_MIB_CSUMERRORS);
bad_packet:
__TCP_INC_STATS(net, TCP_MIB_INERRS);
} else {
tcp_v6_send_reset(NULL, skb);
}
discard_it:
kfree_skb(skb);
return 0;
discard_and_relse:
sk_drops_add(sk, skb);
if (refcounted)
sock_put(sk);
goto discard_it;
do_time_wait:
if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
inet_twsk_put(inet_twsk(sk));
goto discard_it;
}
tcp_v6_fill_cb(skb, hdr, th);
if (tcp_checksum_complete(skb)) {
inet_twsk_put(inet_twsk(sk));
goto csum_error;
}
switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
case TCP_TW_SYN:
{
struct sock *sk2;
sk2 = inet6_lookup_listener(dev_net(skb->dev), &tcp_hashinfo,
skb, __tcp_hdrlen(th),
&ipv6_hdr(skb)->saddr, th->source,
&ipv6_hdr(skb)->daddr,
ntohs(th->dest),
tcp_v6_iif_l3_slave(skb),
sdif);
if (sk2) {
struct inet_timewait_sock *tw = inet_twsk(sk);
inet_twsk_deschedule_put(tw);
sk = sk2;
tcp_v6_restore_cb(skb);
refcounted = false;
goto process;
}
}
/* to ACK */
/* fall through */
case TCP_TW_ACK:
tcp_v6_timewait_ack(sk, skb);
break;
case TCP_TW_RST:
tcp_v6_send_reset(sk, skb);
inet_twsk_deschedule_put(inet_twsk(sk));
goto discard_it;
case TCP_TW_SUCCESS:
;
}
goto discard_it;
}
void tcp_v6_early_demux(struct sk_buff *skb)
{
const struct ipv6hdr *hdr;
const struct tcphdr *th;
struct sock *sk;
if (skb->pkt_type != PACKET_HOST)
return;
if (!pskb_may_pull(skb, skb_transport_offset(skb) + sizeof(struct tcphdr)))
return;
hdr = ipv6_hdr(skb);
th = tcp_hdr(skb);
if (th->doff < sizeof(struct tcphdr) / 4)
return;
/* Note : We use inet6_iif() here, not tcp_v6_iif() */
sk = __inet6_lookup_established(dev_net(skb->dev), &tcp_hashinfo,
&hdr->saddr, th->source,
&hdr->daddr, ntohs(th->dest),
inet6_iif(skb), inet6_sdif(skb));
if (sk) {
skb->sk = sk;
skb->destructor = sock_edemux;
if (sk_fullsock(sk)) {
struct dst_entry *dst = rcu_dereference(sk->sk_rx_dst);
if (dst)
dst = dst_check(dst, tcp_inet6_sk(sk)->rx_dst_cookie);
if (dst &&
inet_sk(sk)->rx_dst_ifindex == skb->skb_iif)
skb_dst_set_noref(skb, dst);
}
}
}
static struct timewait_sock_ops tcp6_timewait_sock_ops = {
.twsk_obj_size = sizeof(struct tcp6_timewait_sock),
.twsk_unique = tcp_twsk_unique,
.twsk_destructor = tcp_twsk_destructor,
};
static const struct inet_connection_sock_af_ops ipv6_specific = {
.queue_xmit = inet6_csk_xmit,
.send_check = tcp_v6_send_check,
.rebuild_header = inet6_sk_rebuild_header,
.sk_rx_dst_set = inet6_sk_rx_dst_set,
.conn_request = tcp_v6_conn_request,
.syn_recv_sock = tcp_v6_syn_recv_sock,
.net_header_len = sizeof(struct ipv6hdr),
.net_frag_header_len = sizeof(struct frag_hdr),
.setsockopt = ipv6_setsockopt,
.getsockopt = ipv6_getsockopt,
.addr2sockaddr = inet6_csk_addr2sockaddr,
.sockaddr_len = sizeof(struct sockaddr_in6),
#ifdef CONFIG_COMPAT
.compat_setsockopt = compat_ipv6_setsockopt,
.compat_getsockopt = compat_ipv6_getsockopt,
#endif
.mtu_reduced = tcp_v6_mtu_reduced,
};
#ifdef CONFIG_TCP_MD5SIG
static const struct tcp_sock_af_ops tcp_sock_ipv6_specific = {
.md5_lookup = tcp_v6_md5_lookup,
.calc_md5_hash = tcp_v6_md5_hash_skb,
.md5_parse = tcp_v6_parse_md5_keys,
};
#endif
/*
* TCP over IPv4 via INET6 API
*/
static const struct inet_connection_sock_af_ops ipv6_mapped = {
.queue_xmit = ip_queue_xmit,
.send_check = tcp_v4_send_check,
.rebuild_header = inet_sk_rebuild_header,
.sk_rx_dst_set = inet_sk_rx_dst_set,
.conn_request = tcp_v6_conn_request,
.syn_recv_sock = tcp_v6_syn_recv_sock,
.net_header_len = sizeof(struct iphdr),
.setsockopt = ipv6_setsockopt,
.getsockopt = ipv6_getsockopt,
.addr2sockaddr = inet6_csk_addr2sockaddr,
.sockaddr_len = sizeof(struct sockaddr_in6),
#ifdef CONFIG_COMPAT
.compat_setsockopt = compat_ipv6_setsockopt,
.compat_getsockopt = compat_ipv6_getsockopt,
#endif
.mtu_reduced = tcp_v4_mtu_reduced,
};
#ifdef CONFIG_TCP_MD5SIG
static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = {
.md5_lookup = tcp_v4_md5_lookup,
.calc_md5_hash = tcp_v4_md5_hash_skb,
.md5_parse = tcp_v6_parse_md5_keys,
};
#endif
/* NOTE: A lot of things set to zero explicitly by call to
* sk_alloc() so need not be done here.
*/
static int tcp_v6_init_sock(struct sock *sk)
{
struct inet_connection_sock *icsk = inet_csk(sk);
tcp_init_sock(sk);
icsk->icsk_af_ops = &ipv6_specific;
#ifdef CONFIG_TCP_MD5SIG
tcp_sk(sk)->af_specific = &tcp_sock_ipv6_specific;
#endif
return 0;
}
#ifdef CONFIG_PROC_FS
/* Proc filesystem TCPv6 sock list dumping. */
static void get_openreq6(struct seq_file *seq,
const struct request_sock *req, int i)
{
long ttd = req->rsk_timer.expires - jiffies;
const struct in6_addr *src = &inet_rsk(req)->ir_v6_loc_addr;
const struct in6_addr *dest = &inet_rsk(req)->ir_v6_rmt_addr;
if (ttd < 0)
ttd = 0;
seq_printf(seq,
"%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
"%02X %08X:%08X %02X:%08lX %08X %5u %8d %d %d %pK\n",
i,
src->s6_addr32[0], src->s6_addr32[1],
src->s6_addr32[2], src->s6_addr32[3],
inet_rsk(req)->ir_num,
dest->s6_addr32[0], dest->s6_addr32[1],
dest->s6_addr32[2], dest->s6_addr32[3],
ntohs(inet_rsk(req)->ir_rmt_port),
TCP_SYN_RECV,
0, 0, /* could print option size, but that is af dependent. */
1, /* timers active (only the expire timer) */
jiffies_to_clock_t(ttd),
req->num_timeout,
from_kuid_munged(seq_user_ns(seq),
sock_i_uid(req->rsk_listener)),
0, /* non standard timer */
0, /* open_requests have no inode */
0, req);
}
static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
{
const struct in6_addr *dest, *src;
__u16 destp, srcp;
int timer_active;
unsigned long timer_expires;
const struct inet_sock *inet = inet_sk(sp);
const struct tcp_sock *tp = tcp_sk(sp);
const struct inet_connection_sock *icsk = inet_csk(sp);
const struct fastopen_queue *fastopenq = &icsk->icsk_accept_queue.fastopenq;
int rx_queue;
int state;
__u8 state_seq = sp->sk_state;
dest = &sp->sk_v6_daddr;
src = &sp->sk_v6_rcv_saddr;
destp = ntohs(inet->inet_dport);
srcp = ntohs(inet->inet_sport);
if (icsk->icsk_pending == ICSK_TIME_RETRANS ||
icsk->icsk_pending == ICSK_TIME_REO_TIMEOUT ||
icsk->icsk_pending == ICSK_TIME_LOSS_PROBE) {
timer_active = 1;
timer_expires = icsk->icsk_timeout;
} else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
timer_active = 4;
timer_expires = icsk->icsk_timeout;
} else if (timer_pending(&sp->sk_timer)) {
timer_active = 2;
timer_expires = sp->sk_timer.expires;
} else {
timer_active = 0;
timer_expires = jiffies;
}
state = inet_sk_state_load(sp);
if (state == TCP_LISTEN)
rx_queue = sp->sk_ack_backlog;
else
/* Because we don't lock the socket,
* we might find a transient negative value.
*/
rx_queue = max_t(int, READ_ONCE(tp->rcv_nxt) -
READ_ONCE(tp->copied_seq), 0);
if (inet->transparent)
state_seq |= 0x80;
seq_printf(seq,
"%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
"%02X %08X:%08X %02X:%08lX %08X %5u %8d %lu %d %pK %lu %lu %u %u %d\n",
i,
src->s6_addr32[0], src->s6_addr32[1],
src->s6_addr32[2], src->s6_addr32[3], srcp,
dest->s6_addr32[0], dest->s6_addr32[1],
dest->s6_addr32[2], dest->s6_addr32[3], destp,
state_seq,
READ_ONCE(tp->write_seq) - tp->snd_una,
rx_queue,
timer_active,
jiffies_delta_to_clock_t(timer_expires - jiffies),
icsk->icsk_retransmits,
from_kuid_munged(seq_user_ns(seq), sock_i_uid(sp)),
icsk->icsk_probes_out,
sock_i_ino(sp),
refcount_read(&sp->sk_refcnt), sp,
jiffies_to_clock_t(icsk->icsk_rto),
jiffies_to_clock_t(icsk->icsk_ack.ato),
(icsk->icsk_ack.quick << 1) | inet_csk_in_pingpong_mode(sp),
tp->snd_cwnd,
state == TCP_LISTEN ?
fastopenq->max_qlen :
(tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh)
);
}
static void get_timewait6_sock(struct seq_file *seq,
struct inet_timewait_sock *tw, int i)
{
long delta = tw->tw_timer.expires - jiffies;
const struct in6_addr *dest, *src;
__u16 destp, srcp;
dest = &tw->tw_v6_daddr;
src = &tw->tw_v6_rcv_saddr;
destp = ntohs(tw->tw_dport);
srcp = ntohs(tw->tw_sport);
seq_printf(seq,
"%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
"%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK\n",
i,
src->s6_addr32[0], src->s6_addr32[1],
src->s6_addr32[2], src->s6_addr32[3], srcp,
dest->s6_addr32[0], dest->s6_addr32[1],
dest->s6_addr32[2], dest->s6_addr32[3], destp,
tw->tw_substate, 0, 0,
3, jiffies_delta_to_clock_t(delta), 0, 0, 0, 0,
refcount_read(&tw->tw_refcnt), tw);
}
static int tcp6_seq_show(struct seq_file *seq, void *v)
{
struct tcp_iter_state *st;
struct sock *sk = v;
if (v == SEQ_START_TOKEN) {
seq_puts(seq,
" sl "
"local_address "
"remote_address "
"st tx_queue rx_queue tr tm->when retrnsmt"
" uid timeout inode\n");
goto out;
}
st = seq->private;
if (sk->sk_state == TCP_TIME_WAIT)
get_timewait6_sock(seq, v, st->num);
else if (sk->sk_state == TCP_NEW_SYN_RECV)
get_openreq6(seq, v, st->num);
else
get_tcp6_sock(seq, v, st->num);
out:
return 0;
}
static const struct seq_operations tcp6_seq_ops = {
.show = tcp6_seq_show,
.start = tcp_seq_start,
.next = tcp_seq_next,
.stop = tcp_seq_stop,
};
static struct tcp_seq_afinfo tcp6_seq_afinfo = {
.family = AF_INET6,
};
int __net_init tcp6_proc_init(struct net *net)
{
if (!proc_create_net_data("tcp6", 0444, net->proc_net, &tcp6_seq_ops,
sizeof(struct tcp_iter_state), &tcp6_seq_afinfo))
return -ENOMEM;
return 0;
}
void tcp6_proc_exit(struct net *net)
{
remove_proc_entry("tcp6", net->proc_net);
}
#endif
struct proto tcpv6_prot = {
.name = "TCPv6",
.owner = THIS_MODULE,
.close = tcp_close,
.pre_connect = tcp_v6_pre_connect,
.connect = tcp_v6_connect,
.disconnect = tcp_disconnect,
.accept = inet_csk_accept,
.ioctl = tcp_ioctl,
.init = tcp_v6_init_sock,
.destroy = tcp_v4_destroy_sock,
.shutdown = tcp_shutdown,
.setsockopt = tcp_setsockopt,
.getsockopt = tcp_getsockopt,
.keepalive = tcp_set_keepalive,
.recvmsg = tcp_recvmsg,
.sendmsg = tcp_sendmsg,
.sendpage = tcp_sendpage,
.backlog_rcv = tcp_v6_do_rcv,
.release_cb = tcp_release_cb,
.hash = inet6_hash,
.unhash = inet_unhash,
.get_port = inet_csk_get_port,
.enter_memory_pressure = tcp_enter_memory_pressure,
.leave_memory_pressure = tcp_leave_memory_pressure,
.stream_memory_free = tcp_stream_memory_free,
.sockets_allocated = &tcp_sockets_allocated,
.memory_allocated = &tcp_memory_allocated,
.memory_pressure = &tcp_memory_pressure,
.orphan_count = &tcp_orphan_count,
.sysctl_mem = sysctl_tcp_mem,
.sysctl_wmem_offset = offsetof(struct net, ipv4.sysctl_tcp_wmem),
.sysctl_rmem_offset = offsetof(struct net, ipv4.sysctl_tcp_rmem),
.max_header = MAX_TCP_HEADER,
.obj_size = sizeof(struct tcp6_sock),
.slab_flags = SLAB_TYPESAFE_BY_RCU,
.twsk_prot = &tcp6_timewait_sock_ops,
.rsk_prot = &tcp6_request_sock_ops,
.h.hashinfo = &tcp_hashinfo,
.no_autobind = true,
#ifdef CONFIG_COMPAT
.compat_setsockopt = compat_tcp_setsockopt,
.compat_getsockopt = compat_tcp_getsockopt,
#endif
.diag_destroy = tcp_abort,
};
static const struct inet6_protocol tcpv6_protocol = {
.handler = tcp_v6_rcv,
.err_handler = tcp_v6_err,
.flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
};
static struct inet_protosw tcpv6_protosw = {
.type = SOCK_STREAM,
.protocol = IPPROTO_TCP,
.prot = &tcpv6_prot,
.ops = &inet6_stream_ops,
.flags = INET_PROTOSW_PERMANENT |
INET_PROTOSW_ICSK,
};
static int __net_init tcpv6_net_init(struct net *net)
{
return inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6,
SOCK_RAW, IPPROTO_TCP, net);
}
static void __net_exit tcpv6_net_exit(struct net *net)
{
inet_ctl_sock_destroy(net->ipv6.tcp_sk);
}
static void __net_exit tcpv6_net_exit_batch(struct list_head *net_exit_list)
{
inet_twsk_purge(&tcp_hashinfo, AF_INET6);
}
static struct pernet_operations tcpv6_net_ops = {
.init = tcpv6_net_init,
.exit = tcpv6_net_exit,
.exit_batch = tcpv6_net_exit_batch,
};
int __init tcpv6_init(void)
{
int ret;
ret = inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP);
if (ret)
goto out;
/* register inet6 protocol */
ret = inet6_register_protosw(&tcpv6_protosw);
if (ret)
goto out_tcpv6_protocol;
ret = register_pernet_subsys(&tcpv6_net_ops);
if (ret)
goto out_tcpv6_protosw;
out:
return ret;
out_tcpv6_protosw:
inet6_unregister_protosw(&tcpv6_protosw);
out_tcpv6_protocol:
inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
goto out;
}
void tcpv6_exit(void)
{
unregister_pernet_subsys(&tcpv6_net_ops);
inet6_unregister_protosw(&tcpv6_protosw);
inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
}
Reference in New Issue View Git Blame Copy Permalink