diff options
-rw-r--r-- | include/linux/filter.h | 2 | ||||
-rw-r--r-- | include/linux/inet.h | 2 | ||||
-rw-r--r-- | include/linux/ip.h | 10 | ||||
-rw-r--r-- | include/net/sock.h | 4 | ||||
-rw-r--r-- | net/atm/br2684.c | 2 | ||||
-rw-r--r-- | net/bridge/br_input.c | 2 | ||||
-rw-r--r-- | net/bridge/br_netfilter.c | 13 | ||||
-rw-r--r-- | net/core/filter.c | 6 | ||||
-rw-r--r-- | net/core/pktgen.c | 5 | ||||
-rw-r--r-- | net/core/utils.c | 2 | ||||
-rw-r--r-- | net/ethernet/eth.c | 2 | ||||
-rw-r--r-- | net/ipv4/ip_fragment.c | 2 | ||||
-rw-r--r-- | net/ipv4/ip_output.c | 4 | ||||
-rw-r--r-- | net/ipv4/ipvs/ip_vs_xmit.c | 2 | ||||
-rw-r--r-- | net/ipv4/netfilter/ipt_helper.c | 1 | ||||
-rw-r--r-- | net/x25/af_x25.c | 7 | ||||
-rw-r--r-- | net/xfrm/xfrm_user.c | 1 | ||||
-rw-r--r-- | security/selinux/include/av_perm_to_string.h | 3 | ||||
-rw-r--r-- | security/selinux/include/av_permissions.h | 3 | ||||
-rw-r--r-- | security/selinux/xfrm.c | 8 |
20 files changed, 37 insertions, 44 deletions
diff --git a/include/linux/filter.h b/include/linux/filter.h index 3ba843c..c6cb8f0 100644 --- a/include/linux/filter.h +++ b/include/linux/filter.h @@ -143,7 +143,7 @@ static inline unsigned int sk_filter_len(struct sk_filter *fp) struct sk_buff; struct sock; -extern int sk_run_filter(struct sk_buff *skb, struct sock_filter *filter, int flen); +extern unsigned int sk_run_filter(struct sk_buff *skb, struct sock_filter *filter, int flen); extern int sk_attach_filter(struct sock_fprog *fprog, struct sock *sk); extern int sk_chk_filter(struct sock_filter *filter, int flen); #endif /* __KERNEL__ */ diff --git a/include/linux/inet.h b/include/linux/inet.h index 3b5e9fd..6c5587a 100644 --- a/include/linux/inet.h +++ b/include/linux/inet.h @@ -45,6 +45,6 @@ #ifdef __KERNEL__ #include <linux/types.h> -extern __u32 in_aton(const char *str); +extern __be32 in_aton(const char *str); #endif #endif /* _LINUX_INET_H */ diff --git a/include/linux/ip.h b/include/linux/ip.h index 9e2eb9a..4b55cf1 100644 --- a/include/linux/ip.h +++ b/include/linux/ip.h @@ -90,14 +90,14 @@ struct iphdr { #error "Please fix <asm/byteorder.h>" #endif __u8 tos; - __u16 tot_len; - __u16 id; - __u16 frag_off; + __be16 tot_len; + __be16 id; + __be16 frag_off; __u8 ttl; __u8 protocol; __u16 check; - __u32 saddr; - __u32 daddr; + __be32 saddr; + __be32 daddr; /*The options start here. */ }; diff --git a/include/net/sock.h b/include/net/sock.h index 6961700..1806e5b 100644 --- a/include/net/sock.h +++ b/include/net/sock.h @@ -856,8 +856,8 @@ static inline int sk_filter(struct sock *sk, struct sk_buff *skb, int needlock) filter = sk->sk_filter; if (filter) { - int pkt_len = sk_run_filter(skb, filter->insns, - filter->len); + unsigned int pkt_len = sk_run_filter(skb, filter->insns, + filter->len); if (!pkt_len) err = -EPERM; else diff --git a/net/atm/br2684.c b/net/atm/br2684.c index 72f3f7b..bdb4d89 100644 --- a/net/atm/br2684.c +++ b/net/atm/br2684.c @@ -295,7 +295,7 @@ static inline __be16 br_type_trans(struct sk_buff *skb, struct net_device *dev) unsigned char *rawp; eth = eth_hdr(skb); - if (*eth->h_dest & 1) { + if (is_multicast_ether_addr(eth->h_dest)) { if (memcmp(eth->h_dest, dev->broadcast, ETH_ALEN) == 0) skb->pkt_type = PACKET_BROADCAST; else diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c index c387852..e3a73ce 100644 --- a/net/bridge/br_input.c +++ b/net/bridge/br_input.c @@ -68,7 +68,7 @@ int br_handle_frame_finish(struct sk_buff *skb) } } - if (dest[0] & 1) { + if (is_multicast_ether_addr(dest)) { br_flood_forward(br, skb, !passedup); if (!passedup) br_pass_frame_up(br, skb); diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c index 223f827..7cac3fb 100644 --- a/net/bridge/br_netfilter.c +++ b/net/bridge/br_netfilter.c @@ -394,8 +394,9 @@ inhdr_error: * target in particular. Save the original destination IP * address to be able to detect DNAT afterwards. */ static unsigned int br_nf_pre_routing(unsigned int hook, struct sk_buff **pskb, - const struct net_device *in, const struct net_device *out, - int (*okfn)(struct sk_buff *)) + const struct net_device *in, + const struct net_device *out, + int (*okfn)(struct sk_buff *)) { struct iphdr *iph; __u32 len; @@ -412,8 +413,10 @@ static unsigned int br_nf_pre_routing(unsigned int hook, struct sk_buff **pskb, goto out; if (skb->protocol == __constant_htons(ETH_P_8021Q)) { + u8 *vhdr = skb->data; skb_pull(skb, VLAN_HLEN); - (skb)->nh.raw += VLAN_HLEN; + skb_postpull_rcsum(skb, vhdr, VLAN_HLEN); + skb->nh.raw += VLAN_HLEN; } return br_nf_pre_routing_ipv6(hook, skb, in, out, okfn); } @@ -429,8 +432,10 @@ static unsigned int br_nf_pre_routing(unsigned int hook, struct sk_buff **pskb, goto out; if (skb->protocol == __constant_htons(ETH_P_8021Q)) { + u8 *vhdr = skb->data; skb_pull(skb, VLAN_HLEN); - (skb)->nh.raw += VLAN_HLEN; + skb_postpull_rcsum(skb, vhdr, VLAN_HLEN); + skb->nh.raw += VLAN_HLEN; } if (!pskb_may_pull(skb, sizeof(struct iphdr))) diff --git a/net/core/filter.c b/net/core/filter.c index 8964d34..9eb9d00 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -75,7 +75,7 @@ static inline void *load_pointer(struct sk_buff *skb, int k, * len is the number of filter blocks in the array. */ -int sk_run_filter(struct sk_buff *skb, struct sock_filter *filter, int flen) +unsigned int sk_run_filter(struct sk_buff *skb, struct sock_filter *filter, int flen) { struct sock_filter *fentry; /* We walk down these */ void *ptr; @@ -241,9 +241,9 @@ load_b: A = X; continue; case BPF_RET|BPF_K: - return ((unsigned int)fentry->k); + return fentry->k; case BPF_RET|BPF_A: - return ((unsigned int)A); + return A; case BPF_ST: mem[fentry->k] = A; continue; diff --git a/net/core/pktgen.c b/net/core/pktgen.c index 06cad2d..631056d 100644 --- a/net/core/pktgen.c +++ b/net/core/pktgen.c @@ -473,7 +473,6 @@ static char version[] __initdata = VERSION; static int pktgen_remove_device(struct pktgen_thread* t, struct pktgen_dev *i); static int pktgen_add_device(struct pktgen_thread* t, const char* ifname); -static struct pktgen_thread* pktgen_find_thread(const char* name); static struct pktgen_dev *pktgen_find_dev(struct pktgen_thread* t, const char* ifname); static int pktgen_device_event(struct notifier_block *, unsigned long, void *); static void pktgen_run_all_threads(void); @@ -2883,7 +2882,7 @@ static int pktgen_add_device(struct pktgen_thread *t, const char* ifname) return add_dev_to_thread(t, pkt_dev); } -static struct pktgen_thread *pktgen_find_thread(const char* name) +static struct pktgen_thread * __init pktgen_find_thread(const char* name) { struct pktgen_thread *t = NULL; @@ -2900,7 +2899,7 @@ static struct pktgen_thread *pktgen_find_thread(const char* name) return t; } -static int pktgen_create_thread(const char* name, int cpu) +static int __init pktgen_create_thread(const char* name, int cpu) { struct pktgen_thread *t = NULL; struct proc_dir_entry *pe; diff --git a/net/core/utils.c b/net/core/utils.c index 587eb77..ac1d1fc 100644 --- a/net/core/utils.c +++ b/net/core/utils.c @@ -162,7 +162,7 @@ EXPORT_SYMBOL(net_srandom); * is otherwise not dependent on the TCP/IP stack. */ -__u32 in_aton(const char *str) +__be32 in_aton(const char *str) { unsigned long l; unsigned int val; diff --git a/net/ethernet/eth.c b/net/ethernet/eth.c index 9f4dbeb..9890fd9 100644 --- a/net/ethernet/eth.c +++ b/net/ethernet/eth.c @@ -163,7 +163,7 @@ __be16 eth_type_trans(struct sk_buff *skb, struct net_device *dev) skb_pull(skb,ETH_HLEN); eth = eth_hdr(skb); - if (*eth->h_dest&1) { + if (is_multicast_ether_addr(eth->h_dest)) { if (!compare_ether_addr(eth->h_dest, dev->broadcast)) skb->pkt_type = PACKET_BROADCAST; else diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c index ce2b70c..2a8adda 100644 --- a/net/ipv4/ip_fragment.c +++ b/net/ipv4/ip_fragment.c @@ -383,7 +383,7 @@ out_nomem: */ static inline struct ipq *ip_find(struct iphdr *iph, u32 user) { - __u16 id = iph->id; + __be16 id = iph->id; __u32 saddr = iph->saddr; __u32 daddr = iph->daddr; __u8 protocol = iph->protocol; diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c index 71da318..8b1c9bd 100644 --- a/net/ipv4/ip_output.c +++ b/net/ipv4/ip_output.c @@ -418,7 +418,7 @@ int ip_fragment(struct sk_buff *skb, int (*output)(struct sk_buff*)) struct sk_buff *skb2; unsigned int mtu, hlen, left, len, ll_rs; int offset; - int not_last_frag; + __be16 not_last_frag; struct rtable *rt = (struct rtable*)skb->dst; int err = 0; @@ -1180,7 +1180,7 @@ int ip_push_pending_frames(struct sock *sk) struct ip_options *opt = NULL; struct rtable *rt = inet->cork.rt; struct iphdr *iph; - int df = 0; + __be16 df = 0; __u8 ttl; int err = 0; diff --git a/net/ipv4/ipvs/ip_vs_xmit.c b/net/ipv4/ipvs/ip_vs_xmit.c index 3b87482..52c12e9 100644 --- a/net/ipv4/ipvs/ip_vs_xmit.c +++ b/net/ipv4/ipvs/ip_vs_xmit.c @@ -322,7 +322,7 @@ ip_vs_tunnel_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, struct net_device *tdev; /* Device to other host */ struct iphdr *old_iph = skb->nh.iph; u8 tos = old_iph->tos; - u16 df = old_iph->frag_off; + __be16 df = old_iph->frag_off; struct iphdr *iph; /* Our new IP header */ int max_headroom; /* The extra header space needed */ int mtu; diff --git a/net/ipv4/netfilter/ipt_helper.c b/net/ipv4/netfilter/ipt_helper.c index bf14e1c..aef649e 100644 --- a/net/ipv4/netfilter/ipt_helper.c +++ b/net/ipv4/netfilter/ipt_helper.c @@ -13,6 +13,7 @@ #include <linux/module.h> #include <linux/skbuff.h> #include <linux/netfilter.h> +#include <linux/interrupt.h> #if defined(CONFIG_IP_NF_CONNTRACK) || defined(CONFIG_IP_NF_CONNTRACK_MODULE) #include <linux/netfilter_ipv4/ip_conntrack.h> #include <linux/netfilter_ipv4/ip_conntrack_core.h> diff --git a/net/x25/af_x25.c b/net/x25/af_x25.c index 16459c7..bfabaf9 100644 --- a/net/x25/af_x25.c +++ b/net/x25/af_x25.c @@ -540,12 +540,7 @@ static struct sock *x25_make_new(struct sock *osk) sk->sk_state = TCP_ESTABLISHED; sk->sk_sleep = osk->sk_sleep; sk->sk_backlog_rcv = osk->sk_backlog_rcv; - - if (sock_flag(osk, SOCK_ZAPPED)) - sock_set_flag(sk, SOCK_ZAPPED); - - if (sock_flag(osk, SOCK_DBG)) - sock_set_flag(sk, SOCK_DBG); + sock_copy_flags(sk, osk); ox25 = x25_sk(osk); x25->t21 = ox25->t21; diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 92e2b80..ac87a09 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -802,6 +802,7 @@ static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfr excl = nlh->nlmsg_type == XFRM_MSG_NEWPOLICY; err = xfrm_policy_insert(p->dir, xp, excl); if (err) { + security_xfrm_policy_free(xp); kfree(xp); return err; } diff --git a/security/selinux/include/av_perm_to_string.h b/security/selinux/include/av_perm_to_string.h index 71aeb12..591e98d 100644 --- a/security/selinux/include/av_perm_to_string.h +++ b/security/selinux/include/av_perm_to_string.h @@ -238,5 +238,4 @@ S_(SECCLASS_NSCD, NSCD__SHMEMHOST, "shmemhost") S_(SECCLASS_ASSOCIATION, ASSOCIATION__SENDTO, "sendto") S_(SECCLASS_ASSOCIATION, ASSOCIATION__RECVFROM, "recvfrom") - S_(SECCLASS_ASSOCIATION, ASSOCIATION__RELABELFROM, "relabelfrom") - S_(SECCLASS_ASSOCIATION, ASSOCIATION__RELABELTO, "relabelto") + S_(SECCLASS_ASSOCIATION, ASSOCIATION__SETCONTEXT, "setcontext") diff --git a/security/selinux/include/av_permissions.h b/security/selinux/include/av_permissions.h index d1d0996..d7f02ed 100644 --- a/security/selinux/include/av_permissions.h +++ b/security/selinux/include/av_permissions.h @@ -908,8 +908,7 @@ #define ASSOCIATION__SENDTO 0x00000001UL #define ASSOCIATION__RECVFROM 0x00000002UL -#define ASSOCIATION__RELABELFROM 0x00000004UL -#define ASSOCIATION__RELABELTO 0x00000008UL +#define ASSOCIATION__SETCONTEXT 0x00000004UL #define NETLINK_KOBJECT_UEVENT_SOCKET__IOCTL 0x00000001UL #define NETLINK_KOBJECT_UEVENT_SOCKET__READ 0x00000002UL diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c index c4d87d4..5b77765 100644 --- a/security/selinux/xfrm.c +++ b/security/selinux/xfrm.c @@ -137,15 +137,9 @@ static int selinux_xfrm_sec_ctx_alloc(struct xfrm_sec_ctx **ctxp, struct xfrm_us * Must be permitted to relabel from default socket type (process type) * to specified context */ - rc = avc_has_perm(tsec->sid, tsec->sid, - SECCLASS_ASSOCIATION, - ASSOCIATION__RELABELFROM, NULL); - if (rc) - goto out; - rc = avc_has_perm(tsec->sid, ctx->ctx_sid, SECCLASS_ASSOCIATION, - ASSOCIATION__RELABELTO, NULL); + ASSOCIATION__SETCONTEXT, NULL); if (rc) goto out; |