~hc/RK356X_SDK_RELEASE.git

..	..	@@ -1,14 +1,10 @@
	1	+// SPDX-License-Identifier: GPL-2.0-or-later
1	2	/*
2	3	* Generic address resolution entity
3	4	*
4	5	* Authors:
5	6	* Pedro Roque <roque@di.fc.ul.pt>
6	7	* Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
7		- *
8		- * This program is free software; you can redistribute it and/or
9		- * modify it under the terms of the GNU General Public License
10		- * as published by the Free Software Foundation; either version
11		- * 2 of the License, or (at your option) any later version.
12	8	*
13	9	* Fixes:
14	10	* Vitaly E. Lavrov releasing NULL neighbor in neigh_add.
..	..	@@ -42,6 +38,8 @@
42	38	#include <linux/log2.h>
43	39	#include <linux/inetdevice.h>
44	40	#include <net/addrconf.h>
	41	+
	42	+#include <trace/events/neigh.h>
45	43
46	44	#define DEBUG
47	45	#define NEIGH_DEBUG 1
..	..	@@ -100,9 +98,7 @@
100	98
101	99	static void neigh_cleanup_and_release(struct neighbour *neigh)
102	100	{
103		- if (neigh->parms->neigh_cleanup)
104		- neigh->parms->neigh_cleanup(neigh);
105		-
	101	+ trace_neigh_cleanup_and_release(neigh, 0);
106	102	__neigh_notify(neigh, RTM_DELNEIGH, 0, 0);
107	103	call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, neigh);
108	104	neigh_release(neigh);
..	..	@@ -120,21 +116,81 @@
120	116	}
121	117	EXPORT_SYMBOL(neigh_rand_reach_time);
122	118
	119	+static void neigh_mark_dead(struct neighbour *n)
	120	+{
	121	+ n->dead = 1;
	122	+ if (!list_empty(&n->gc_list)) {
	123	+ list_del_init(&n->gc_list);
	124	+ atomic_dec(&n->tbl->gc_entries);
	125	+ }
	126	+}
123	127
124		-static bool neigh_del(struct neighbour *n, __u8 state, __u8 flags,
125		- struct neighbour __rcu *np, struct neigh_table tbl)
	128	+static void neigh_update_gc_list(struct neighbour *n)
	129	+{
	130	+ bool on_gc_list, exempt_from_gc;
	131	+
	132	+ write_lock_bh(&n->tbl->lock);
	133	+ write_lock(&n->lock);
	134	+
	135	+ if (n->dead)
	136	+ goto out;
	137	+
	138	+ /* remove from the gc list if new state is permanent or if neighbor
	139	+ * is externally learned; otherwise entry should be on the gc list
	140	+ */
	141	+ exempt_from_gc = n->nud_state & NUD_PERMANENT \|\|
	142	+ n->flags & NTF_EXT_LEARNED;
	143	+ on_gc_list = !list_empty(&n->gc_list);
	144	+
	145	+ if (exempt_from_gc && on_gc_list) {
	146	+ list_del_init(&n->gc_list);
	147	+ atomic_dec(&n->tbl->gc_entries);
	148	+ } else if (!exempt_from_gc && !on_gc_list) {
	149	+ /* add entries to the tail; cleaning removes from the front */
	150	+ list_add_tail(&n->gc_list, &n->tbl->gc_list);
	151	+ atomic_inc(&n->tbl->gc_entries);
	152	+ }
	153	+
	154	+out:
	155	+ write_unlock(&n->lock);
	156	+ write_unlock_bh(&n->tbl->lock);
	157	+}
	158	+
	159	+static bool neigh_update_ext_learned(struct neighbour *neigh, u32 flags,
	160	+ int *notify)
	161	+{
	162	+ bool rc = false;
	163	+ u8 ndm_flags;
	164	+
	165	+ if (!(flags & NEIGH_UPDATE_F_ADMIN))
	166	+ return rc;
	167	+
	168	+ ndm_flags = (flags & NEIGH_UPDATE_F_EXT_LEARNED) ? NTF_EXT_LEARNED : 0;
	169	+ if ((neigh->flags ^ ndm_flags) & NTF_EXT_LEARNED) {
	170	+ if (ndm_flags & NTF_EXT_LEARNED)
	171	+ neigh->flags \|= NTF_EXT_LEARNED;
	172	+ else
	173	+ neigh->flags &= ~NTF_EXT_LEARNED;
	174	+ rc = true;
	175	+ *notify = 1;
	176	+ }
	177	+
	178	+ return rc;
	179	+}
	180	+
	181	+static bool neigh_del(struct neighbour n, struct neighbour __rcu *np,
	182	+ struct neigh_table *tbl)
126	183	{
127	184	bool retval = false;
128	185
129	186	write_lock(&n->lock);
130		- if (refcount_read(&n->refcnt) == 1 && !(n->nud_state & state) &&
131		- !(n->flags & flags)) {
	187	+ if (refcount_read(&n->refcnt) == 1) {
132	188	struct neighbour *neigh;
133	189
134	190	neigh = rcu_dereference_protected(n->next,
135	191	lockdep_is_held(&tbl->lock));
136	192	rcu_assign_pointer(*np, neigh);
137		- n->dead = 1;
	193	+ neigh_mark_dead(n);
138	194	retval = true;
139	195	}
140	196	write_unlock(&n->lock);
..	..	@@ -160,7 +216,7 @@
160	216	while ((n = rcu_dereference_protected(*np,
161	217	lockdep_is_held(&tbl->lock)))) {
162	218	if (n == ndel)
163		- return neigh_del(n, 0, 0, np, tbl);
	219	+ return neigh_del(n, np, tbl);
164	220	np = &n->next;
165	221	}
166	222	return false;
..	..	@@ -168,32 +224,32 @@
168	224
169	225	static int neigh_forced_gc(struct neigh_table *tbl)
170	226	{
	227	+ int max_clean = atomic_read(&tbl->gc_entries) - tbl->gc_thresh2;
	228	+ unsigned long tref = jiffies - 5 * HZ;
	229	+ struct neighbour n, tmp;
171	230	int shrunk = 0;
172		- int i;
173		- struct neigh_hash_table *nht;
174	231
175	232	NEIGH_CACHE_STAT_INC(tbl, forced_gc_runs);
176	233
177	234	write_lock_bh(&tbl->lock);
178		- nht = rcu_dereference_protected(tbl->nht,
179		- lockdep_is_held(&tbl->lock));
180		- for (i = 0; i < (1 << nht->hash_shift); i++) {
181		- struct neighbour *n;
182		- struct neighbour __rcu **np;
183	235
184		- np = &nht->hash_buckets[i];
185		- while ((n = rcu_dereference_protected(*np,
186		- lockdep_is_held(&tbl->lock))) != NULL) {
187		- /* Neighbour record may be discarded if:
188		- * - nobody refers to it.
189		- * - it is not permanent
190		- */
191		- if (neigh_del(n, NUD_PERMANENT, NTF_EXT_LEARNED, np,
192		- tbl)) {
193		- shrunk = 1;
194		- continue;
195		- }
196		- np = &n->next;
	236	+ list_for_each_entry_safe(n, tmp, &tbl->gc_list, gc_list) {
	237	+ if (refcount_read(&n->refcnt) == 1) {
	238	+ bool remove = false;
	239	+
	240	+ write_lock(&n->lock);
	241	+ if ((n->nud_state == NUD_FAILED) \|\|
	242	+ (n->nud_state == NUD_NOARP) \|\|
	243	+ (tbl->is_multicast &&
	244	+ tbl->is_multicast(n->primary_key)) \|\|
	245	+ time_after(tref, n->updated))
	246	+ remove = true;
	247	+ write_unlock(&n->lock);
	248	+
	249	+ if (remove && neigh_remove_one(n, tbl))
	250	+ shrunk++;
	251	+ if (shrunk >= max_clean)
	252	+ break;
197	253	}
198	254	}
199	255
..	..	@@ -224,17 +280,33 @@
224	280	return 0;
225	281	}
226	282
227		-static void pneigh_queue_purge(struct sk_buff_head *list)
	283	+static void pneigh_queue_purge(struct sk_buff_head list, struct net net)
228	284	{
	285	+ struct sk_buff_head tmp;
	286	+ unsigned long flags;
229	287	struct sk_buff *skb;
230	288
231		- while ((skb = skb_dequeue(list)) != NULL) {
	289	+ skb_queue_head_init(&tmp);
	290	+ spin_lock_irqsave(&list->lock, flags);
	291	+ skb = skb_peek(list);
	292	+ while (skb != NULL) {
	293	+ struct sk_buff *skb_next = skb_peek_next(skb, list);
	294	+ if (net == NULL \|\| net_eq(dev_net(skb->dev), net)) {
	295	+ __skb_unlink(skb, list);
	296	+ __skb_queue_tail(&tmp, skb);
	297	+ }
	298	+ skb = skb_next;
	299	+ }
	300	+ spin_unlock_irqrestore(&list->lock, flags);
	301	+
	302	+ while ((skb = __skb_dequeue(&tmp))) {
232	303	dev_put(skb->dev);
233	304	kfree_skb(skb);
234	305	}
235	306	}
236	307
237		-static void neigh_flush_dev(struct neigh_table tbl, struct net_device dev)
	308	+static void neigh_flush_dev(struct neigh_table tbl, struct net_device dev,
	309	+ bool skip_perm)
238	310	{
239	311	int i;
240	312	struct neigh_hash_table *nht;
..	..	@@ -252,13 +324,16 @@
252	324	np = &n->next;
253	325	continue;
254	326	}
	327	+ if (skip_perm && n->nud_state & NUD_PERMANENT) {
	328	+ np = &n->next;
	329	+ continue;
	330	+ }
255	331	rcu_assign_pointer(*np,
256	332	rcu_dereference_protected(n->next,
257	333	lockdep_is_held(&tbl->lock)));
258	334	write_lock(&n->lock);
259	335	neigh_del_timer(n);
260		- n->dead = 1;
261		-
	336	+ neigh_mark_dead(n);
262	337	if (refcount_read(&n->refcnt) != 1) {
263	338	/* The most unpleasant situation.
264	339	We must destroy neighbour entry,
..	..	@@ -287,30 +362,49 @@
287	362	void neigh_changeaddr(struct neigh_table tbl, struct net_device dev)
288	363	{
289	364	write_lock_bh(&tbl->lock);
290		- neigh_flush_dev(tbl, dev);
	365	+ neigh_flush_dev(tbl, dev, false);
291	366	write_unlock_bh(&tbl->lock);
292	367	}
293	368	EXPORT_SYMBOL(neigh_changeaddr);
294	369
295		-int neigh_ifdown(struct neigh_table tbl, struct net_device dev)
	370	+static int __neigh_ifdown(struct neigh_table tbl, struct net_device dev,
	371	+ bool skip_perm)
296	372	{
297	373	write_lock_bh(&tbl->lock);
298		- neigh_flush_dev(tbl, dev);
	374	+ neigh_flush_dev(tbl, dev, skip_perm);
299	375	pneigh_ifdown_and_unlock(tbl, dev);
	376	+ pneigh_queue_purge(&tbl->proxy_queue, dev ? dev_net(dev) : NULL);
	377	+ if (skb_queue_empty_lockless(&tbl->proxy_queue))
	378	+ del_timer_sync(&tbl->proxy_timer);
	379	+ return 0;
	380	+}
300	381
301		- del_timer_sync(&tbl->proxy_timer);
302		- pneigh_queue_purge(&tbl->proxy_queue);
	382	+int neigh_carrier_down(struct neigh_table tbl, struct net_device dev)
	383	+{
	384	+ __neigh_ifdown(tbl, dev, true);
	385	+ return 0;
	386	+}
	387	+EXPORT_SYMBOL(neigh_carrier_down);
	388	+
	389	+int neigh_ifdown(struct neigh_table tbl, struct net_device dev)
	390	+{
	391	+ __neigh_ifdown(tbl, dev, false);
303	392	return 0;
304	393	}
305	394	EXPORT_SYMBOL(neigh_ifdown);
306	395
307		-static struct neighbour neigh_alloc(struct neigh_table tbl, struct net_device *dev)
	396	+static struct neighbour neigh_alloc(struct neigh_table tbl,
	397	+ struct net_device *dev,
	398	+ u8 flags, bool exempt_from_gc)
308	399	{
309	400	struct neighbour *n = NULL;
310	401	unsigned long now = jiffies;
311	402	int entries;
312	403
313		- entries = atomic_inc_return(&tbl->entries) - 1;
	404	+ if (exempt_from_gc)
	405	+ goto do_alloc;
	406	+
	407	+ entries = atomic_inc_return(&tbl->gc_entries) - 1;
314	408	if (entries >= tbl->gc_thresh3 \|\|
315	409	(entries >= tbl->gc_thresh2 &&
316	410	time_after(now, tbl->last_flush + 5 * HZ))) {
..	..	@@ -323,6 +417,7 @@
323	417	}
324	418	}
325	419
	420	+do_alloc:
326	421	n = kzalloc(tbl->entry_size + dev->neigh_priv_len, GFP_ATOMIC);
327	422	if (!n)
328	423	goto out_entries;
..	..	@@ -333,6 +428,7 @@
333	428	n->updated = n->used = now;
334	429	n->nud_state = NUD_NONE;
335	430	n->output = neigh_blackhole;
	431	+ n->flags = flags;
336	432	seqlock_init(&n->hh.hh_lock);
337	433	n->parms = neigh_parms_clone(&tbl->parms);
338	434	timer_setup(&n->timer, neigh_timer_handler, 0);
..	..	@@ -341,11 +437,15 @@
341	437	n->tbl = tbl;
342	438	refcount_set(&n->refcnt, 1);
343	439	n->dead = 1;
	440	+ INIT_LIST_HEAD(&n->gc_list);
	441	+
	442	+ atomic_inc(&tbl->entries);
344	443	out:
345	444	return n;
346	445
347	446	out_entries:
348		- atomic_dec(&tbl->entries);
	447	+ if (!exempt_from_gc)
	448	+ atomic_dec(&tbl->gc_entries);
349	449	goto out;
350	450	}
351	451
..	..	@@ -492,15 +592,18 @@
492	592	}
493	593	EXPORT_SYMBOL(neigh_lookup_nodev);
494	594
495		-struct neighbour __neigh_create(struct neigh_table tbl, const void *pkey,
496		- struct net_device *dev, bool want_ref)
	595	+static struct neighbour *
	596	+___neigh_create(struct neigh_table tbl, const void pkey,
	597	+ struct net_device *dev, u8 flags,
	598	+ bool exempt_from_gc, bool want_ref)
497	599	{
498		- u32 hash_val;
499		- unsigned int key_len = tbl->key_len;
500		- int error;
501		- struct neighbour n1, rc, *n = neigh_alloc(tbl, dev);
	600	+ u32 hash_val, key_len = tbl->key_len;
	601	+ struct neighbour n1, rc, *n;
502	602	struct neigh_hash_table *nht;
	603	+ int error;
503	604
	605	+ n = neigh_alloc(tbl, dev, flags, exempt_from_gc);
	606	+ trace_neigh_create(tbl, dev, pkey, n, exempt_from_gc);
504	607	if (!n) {
505	608	rc = ERR_PTR(-ENOBUFS);
506	609	goto out;
..	..	@@ -561,6 +664,9 @@
561	664	}
562	665
563	666	n->dead = 0;
	667	+ if (!exempt_from_gc)
	668	+ list_add_tail(&n->gc_list, &n->tbl->gc_list);
	669	+
564	670	if (want_ref)
565	671	neigh_hold(n);
566	672	rcu_assign_pointer(n->next,
..	..	@@ -575,8 +681,16 @@
575	681	out_tbl_unlock:
576	682	write_unlock_bh(&tbl->lock);
577	683	out_neigh_release:
	684	+ if (!exempt_from_gc)
	685	+ atomic_dec(&tbl->gc_entries);
578	686	neigh_release(n);
579	687	goto out;
	688	+}
	689	+
	690	+struct neighbour __neigh_create(struct neigh_table tbl, const void *pkey,
	691	+ struct net_device *dev, bool want_ref)
	692	+{
	693	+ return ___neigh_create(tbl, pkey, dev, 0, false, want_ref);
580	694	}
581	695	EXPORT_SYMBOL(__neigh_create);
582	696
..	..	@@ -841,7 +955,7 @@
841	955	(state == NUD_FAILED \|\|
842	956	time_after(jiffies, n->used + NEIGH_VAR(n->parms, GC_STALETIME)))) {
843	957	*np = n->next;
844		- n->dead = 1;
	958	+ neigh_mark_dead(n);
845	959	write_unlock(&n->lock);
846	960	neigh_cleanup_and_release(n);
847	961	continue;
..	..	@@ -915,7 +1029,7 @@
915	1029	if (neigh->ops->solicit)
916	1030	neigh->ops->solicit(neigh, skb);
917	1031	atomic_inc(&neigh->probes);
918		- kfree_skb(skb);
	1032	+ consume_skb(skb);
919	1033	}
920	1034
921	1035	/* Called when a timer expires for a neighbour entry. */
..	..	@@ -972,11 +1086,12 @@
972	1086	neigh->updated = jiffies;
973	1087	atomic_set(&neigh->probes, 0);
974	1088	notify = 1;
975		- next = now + NEIGH_VAR(neigh->parms, RETRANS_TIME);
	1089	+ next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME),
	1090	+ HZ/100);
976	1091	}
977	1092	} else {
978	1093	/* NUD_PROBE\|NUD_INCOMPLETE */
979		- next = now + NEIGH_VAR(neigh->parms, RETRANS_TIME);
	1094	+ next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME), HZ/100);
980	1095	}
981	1096
982	1097	if ((neigh->nud_state & (NUD_INCOMPLETE \| NUD_PROBE)) &&
..	..	@@ -988,8 +1103,8 @@
988	1103	}
989	1104
990	1105	if (neigh->nud_state & NUD_IN_TIMER) {
991		- if (time_before(next, jiffies + HZ/2))
992		- next = jiffies + HZ/2;
	1106	+ if (time_before(next, jiffies + HZ/100))
	1107	+ next = jiffies + HZ/100;
993	1108	if (!mod_timer(&neigh->timer, next))
994	1109	neigh_hold(neigh);
995	1110	}
..	..	@@ -1002,6 +1117,8 @@
1002	1117
1003	1118	if (notify)
1004	1119	neigh_update_notify(neigh, 0);
	1120	+
	1121	+ trace_neigh_timer_handler(neigh, 0);
1005	1122
1006	1123	neigh_release(neigh);
1007	1124	}
..	..	@@ -1030,7 +1147,7 @@
1030	1147	neigh->nud_state = NUD_INCOMPLETE;
1031	1148	neigh->updated = now;
1032	1149	next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME),
1033		- HZ/2);
	1150	+ HZ/100);
1034	1151	neigh_add_timer(neigh, next);
1035	1152	immediate_probe = true;
1036	1153	} else {
..	..	@@ -1075,6 +1192,7 @@
1075	1192	else
1076	1193	write_unlock(&neigh->lock);
1077	1194	local_bh_enable();
	1195	+ trace_neigh_event_send_done(neigh, rc);
1078	1196	return rc;
1079	1197
1080	1198	out_dead:
..	..	@@ -1082,6 +1200,7 @@
1082	1200	goto out_unlock_bh;
1083	1201	write_unlock_bh(&neigh->lock);
1084	1202	kfree_skb(skb);
	1203	+ trace_neigh_event_send_dead(neigh, 1);
1085	1204	return 1;
1086	1205	}
1087	1206	EXPORT_SYMBOL(__neigh_event_send);
..	..	@@ -1117,7 +1236,7 @@
1117	1236	lladdr instead of overriding it
1118	1237	if it is different.
1119	1238	NEIGH_UPDATE_F_ADMIN means that the change is administrative.
1120		-
	1239	+ NEIGH_UPDATE_F_USE means that the entry is user triggered.
1121	1240	NEIGH_UPDATE_F_OVERRIDE_ISROUTER allows to override existing
1122	1241	NTF_ROUTER flag.
1123	1242	NEIGH_UPDATE_F_ISROUTER indicates if the neighbour is known as
..	..	@@ -1126,14 +1245,18 @@
1126	1245	Caller MUST hold reference count on the entry.
1127	1246	*/
1128	1247
1129		-int neigh_update(struct neighbour neigh, const u8 lladdr, u8 new,
1130		- u32 flags, u32 nlmsg_pid)
	1248	+static int __neigh_update(struct neighbour neigh, const u8 lladdr,
	1249	+ u8 new, u32 flags, u32 nlmsg_pid,
	1250	+ struct netlink_ext_ack *extack)
1131	1251	{
	1252	+ bool ext_learn_change = false;
1132	1253	u8 old;
1133	1254	int err;
1134	1255	int notify = 0;
1135	1256	struct net_device *dev;
1136	1257	int update_isrouter = 0;
	1258	+
	1259	+ trace_neigh_update(neigh, lladdr, new, flags, nlmsg_pid);
1137	1260
1138	1261	write_lock_bh(&neigh->lock);
1139	1262
..	..	@@ -1141,13 +1264,22 @@
1141	1264	old = neigh->nud_state;
1142	1265	err = -EPERM;
1143	1266
	1267	+ if (neigh->dead) {
	1268	+ NL_SET_ERR_MSG(extack, "Neighbor entry is now dead");
	1269	+ new = old;
	1270	+ goto out;
	1271	+ }
1144	1272	if (!(flags & NEIGH_UPDATE_F_ADMIN) &&
1145	1273	(old & (NUD_NOARP \| NUD_PERMANENT)))
1146	1274	goto out;
1147		- if (neigh->dead)
1148		- goto out;
1149	1275
1150		- neigh_update_ext_learned(neigh, flags, &notify);
	1276	+ ext_learn_change = neigh_update_ext_learned(neigh, flags, &notify);
	1277	+ if (flags & NEIGH_UPDATE_F_USE) {
	1278	+ new = old & ~NUD_PERMANENT;
	1279	+ neigh->nud_state = new;
	1280	+ err = 0;
	1281	+ goto out;
	1282	+ }
1151	1283
1152	1284	if (!(new & NUD_VALID)) {
1153	1285	neigh_del_timer(neigh);
..	..	@@ -1182,8 +1314,10 @@
1182	1314	use it, otherwise discard the request.
1183	1315	*/
1184	1316	err = -EINVAL;
1185		- if (!(old & NUD_VALID))
	1317	+ if (!(old & NUD_VALID)) {
	1318	+ NL_SET_ERR_MSG(extack, "No link layer address given");
1186	1319	goto out;
	1320	+ }
1187	1321	lladdr = neigh->ha;
1188	1322	}
1189	1323
..	..	@@ -1287,17 +1421,25 @@
1287	1421	neigh->arp_queue_len_bytes = 0;
1288	1422	}
1289	1423	out:
1290		- if (update_isrouter) {
1291		- neigh->flags = (flags & NEIGH_UPDATE_F_ISROUTER) ?
1292		- (neigh->flags \| NTF_ROUTER) :
1293		- (neigh->flags & ~NTF_ROUTER);
1294		- }
	1424	+ if (update_isrouter)
	1425	+ neigh_update_is_router(neigh, flags, &notify);
1295	1426	write_unlock_bh(&neigh->lock);
	1427	+
	1428	+ if (((new ^ old) & NUD_PERMANENT) \|\| ext_learn_change)
	1429	+ neigh_update_gc_list(neigh);
1296	1430
1297	1431	if (notify)
1298	1432	neigh_update_notify(neigh, nlmsg_pid);
1299	1433
	1434	+ trace_neigh_update_done(neigh, err);
	1435	+
1300	1436	return err;
	1437	+}
	1438	+
	1439	+int neigh_update(struct neighbour neigh, const u8 lladdr, u8 new,
	1440	+ u32 flags, u32 nlmsg_pid)
	1441	+{
	1442	+ return __neigh_update(neigh, lladdr, new, flags, nlmsg_pid, NULL);
1301	1443	}
1302	1444	EXPORT_SYMBOL(neigh_update);
1303	1445
..	..	@@ -1314,7 +1456,8 @@
1314	1456	neigh->nud_state = NUD_INCOMPLETE;
1315	1457	atomic_set(&neigh->probes, neigh_max_probes(neigh));
1316	1458	neigh_add_timer(neigh,
1317		- jiffies + NEIGH_VAR(neigh->parms, RETRANS_TIME));
	1459	+ jiffies + max(NEIGH_VAR(neigh->parms, RETRANS_TIME),
	1460	+ HZ/100));
1318	1461	}
1319	1462	EXPORT_SYMBOL(__neigh_set_probe_once);
1320	1463
..	..	@@ -1563,6 +1706,7 @@
1563	1706	unsigned long phsize;
1564	1707
1565	1708	INIT_LIST_HEAD(&tbl->parms_list);
	1709	+ INIT_LIST_HEAD(&tbl->gc_list);
1566	1710	list_add(&tbl->parms.list, &tbl->parms_list);
1567	1711	write_pnet(&tbl->parms.net, &init_net);
1568	1712	refcount_set(&tbl->parms.refcnt, 1);
..	..	@@ -1614,7 +1758,7 @@
1614	1758	/* It is not clean... Fix it to unload IPv6 module safely */
1615	1759	cancel_delayed_work_sync(&tbl->gc_work);
1616	1760	del_timer_sync(&tbl->proxy_timer);
1617		- pneigh_queue_purge(&tbl->proxy_queue);
	1761	+ pneigh_queue_purge(&tbl->proxy_queue, NULL);
1618	1762	neigh_ifdown(tbl, NULL);
1619	1763	if (atomic_read(&tbl->entries))
1620	1764	pr_crit("neighbour leakage\n");
..	..	@@ -1654,6 +1798,22 @@
1654	1798	return tbl;
1655	1799	}
1656	1800
	1801	+const struct nla_policy nda_policy[NDA_MAX+1] = {
	1802	+ [NDA_UNSPEC] = { .strict_start_type = NDA_NH_ID },
	1803	+ [NDA_DST] = { .type = NLA_BINARY, .len = MAX_ADDR_LEN },
	1804	+ [NDA_LLADDR] = { .type = NLA_BINARY, .len = MAX_ADDR_LEN },
	1805	+ [NDA_CACHEINFO] = { .len = sizeof(struct nda_cacheinfo) },
	1806	+ [NDA_PROBES] = { .type = NLA_U32 },
	1807	+ [NDA_VLAN] = { .type = NLA_U16 },
	1808	+ [NDA_PORT] = { .type = NLA_U16 },
	1809	+ [NDA_VNI] = { .type = NLA_U32 },
	1810	+ [NDA_IFINDEX] = { .type = NLA_U32 },
	1811	+ [NDA_MASTER] = { .type = NLA_U32 },
	1812	+ [NDA_PROTOCOL] = { .type = NLA_U8 },
	1813	+ [NDA_NH_ID] = { .type = NLA_U32 },
	1814	+ [NDA_FDB_EXT_ATTRS] = { .type = NLA_NESTED },
	1815	+};
	1816	+
1657	1817	static int neigh_delete(struct sk_buff skb, struct nlmsghdr nlh,
1658	1818	struct netlink_ext_ack *extack)
1659	1819	{
..	..	@@ -1670,8 +1830,10 @@
1670	1830	goto out;
1671	1831
1672	1832	dst_attr = nlmsg_find_attr(nlh, sizeof(*ndm), NDA_DST);
1673		- if (dst_attr == NULL)
	1833	+ if (!dst_attr) {
	1834	+ NL_SET_ERR_MSG(extack, "Network address not specified");
1674	1835	goto out;
	1836	+ }
1675	1837
1676	1838	ndm = nlmsg_data(nlh);
1677	1839	if (ndm->ndm_ifindex) {
..	..	@@ -1686,8 +1848,10 @@
1686	1848	if (tbl == NULL)
1687	1849	return -EAFNOSUPPORT;
1688	1850
1689		- if (nla_len(dst_attr) < (int)tbl->key_len)
	1851	+ if (nla_len(dst_attr) < (int)tbl->key_len) {
	1852	+ NL_SET_ERR_MSG(extack, "Invalid network address");
1690	1853	goto out;
	1854	+ }
1691	1855
1692	1856	if (ndm->ndm_flags & NTF_PROXY) {
1693	1857	err = pneigh_delete(tbl, net, nla_data(dst_attr), dev);
..	..	@@ -1703,10 +1867,9 @@
1703	1867	goto out;
1704	1868	}
1705	1869
1706		- err = neigh_update(neigh, NULL, NUD_FAILED,
1707		- NEIGH_UPDATE_F_OVERRIDE \|
1708		- NEIGH_UPDATE_F_ADMIN,
1709		- NETLINK_CB(skb).portid);
	1870	+ err = __neigh_update(neigh, NULL, NUD_FAILED,
	1871	+ NEIGH_UPDATE_F_OVERRIDE \| NEIGH_UPDATE_F_ADMIN,
	1872	+ NETLINK_CB(skb).portid, extack);
1710	1873	write_lock_bh(&tbl->lock);
1711	1874	neigh_release(neigh);
1712	1875	neigh_remove_one(neigh, tbl);
..	..	@@ -1719,7 +1882,8 @@
1719	1882	static int neigh_add(struct sk_buff skb, struct nlmsghdr nlh,
1720	1883	struct netlink_ext_ack *extack)
1721	1884	{
1722		- int flags = NEIGH_UPDATE_F_ADMIN \| NEIGH_UPDATE_F_OVERRIDE;
	1885	+ int flags = NEIGH_UPDATE_F_ADMIN \| NEIGH_UPDATE_F_OVERRIDE \|
	1886	+ NEIGH_UPDATE_F_OVERRIDE_ISROUTER;
1723	1887	struct net *net = sock_net(skb->sk);
1724	1888	struct ndmsg *ndm;
1725	1889	struct nlattr *tb[NDA_MAX+1];
..	..	@@ -1727,16 +1891,20 @@
1727	1891	struct net_device *dev = NULL;
1728	1892	struct neighbour *neigh;
1729	1893	void dst, lladdr;
	1894	+ u8 protocol = 0;
1730	1895	int err;
1731	1896
1732	1897	ASSERT_RTNL();
1733		- err = nlmsg_parse(nlh, sizeof(*ndm), tb, NDA_MAX, NULL, extack);
	1898	+ err = nlmsg_parse_deprecated(nlh, sizeof(*ndm), tb, NDA_MAX,
	1899	+ nda_policy, extack);
1734	1900	if (err < 0)
1735	1901	goto out;
1736	1902
1737	1903	err = -EINVAL;
1738		- if (tb[NDA_DST] == NULL)
	1904	+ if (!tb[NDA_DST]) {
	1905	+ NL_SET_ERR_MSG(extack, "Network address not specified");
1739	1906	goto out;
	1907	+ }
1740	1908
1741	1909	ndm = nlmsg_data(nlh);
1742	1910	if (ndm->ndm_ifindex) {
..	..	@@ -1746,18 +1914,26 @@
1746	1914	goto out;
1747	1915	}
1748	1916
1749		- if (tb[NDA_LLADDR] && nla_len(tb[NDA_LLADDR]) < dev->addr_len)
	1917	+ if (tb[NDA_LLADDR] && nla_len(tb[NDA_LLADDR]) < dev->addr_len) {
	1918	+ NL_SET_ERR_MSG(extack, "Invalid link address");
1750	1919	goto out;
	1920	+ }
1751	1921	}
1752	1922
1753	1923	tbl = neigh_find_table(ndm->ndm_family);
1754	1924	if (tbl == NULL)
1755	1925	return -EAFNOSUPPORT;
1756	1926
1757		- if (nla_len(tb[NDA_DST]) < (int)tbl->key_len)
	1927	+ if (nla_len(tb[NDA_DST]) < (int)tbl->key_len) {
	1928	+ NL_SET_ERR_MSG(extack, "Invalid network address");
1758	1929	goto out;
	1930	+ }
	1931	+
1759	1932	dst = nla_data(tb[NDA_DST]);
1760	1933	lladdr = tb[NDA_LLADDR] ? nla_data(tb[NDA_LLADDR]) : NULL;
	1934	+
	1935	+ if (tb[NDA_PROTOCOL])
	1936	+ protocol = nla_get_u8(tb[NDA_PROTOCOL]);
1761	1937
1762	1938	if (ndm->ndm_flags & NTF_PROXY) {
1763	1939	struct pneigh_entry *pn;
..	..	@@ -1766,22 +1942,37 @@
1766	1942	pn = pneigh_lookup(tbl, net, dst, dev, 1);
1767	1943	if (pn) {
1768	1944	pn->flags = ndm->ndm_flags;
	1945	+ if (protocol)
	1946	+ pn->protocol = protocol;
1769	1947	err = 0;
1770	1948	}
1771	1949	goto out;
1772	1950	}
1773	1951
1774		- if (dev == NULL)
	1952	+ if (!dev) {
	1953	+ NL_SET_ERR_MSG(extack, "Device not specified");
1775	1954	goto out;
	1955	+ }
	1956	+
	1957	+ if (tbl->allow_add && !tbl->allow_add(dev, extack)) {
	1958	+ err = -EINVAL;
	1959	+ goto out;
	1960	+ }
1776	1961
1777	1962	neigh = neigh_lookup(tbl, dst, dev);
1778	1963	if (neigh == NULL) {
	1964	+ bool exempt_from_gc;
	1965	+
1779	1966	if (!(nlh->nlmsg_flags & NLM_F_CREATE)) {
1780	1967	err = -ENOENT;
1781	1968	goto out;
1782	1969	}
1783	1970
1784		- neigh = __neigh_lookup_errno(tbl, dst, dev);
	1971	+ exempt_from_gc = ndm->ndm_state & NUD_PERMANENT \|\|
	1972	+ ndm->ndm_flags & NTF_EXT_LEARNED;
	1973	+ neigh = ___neigh_create(tbl, dst, dev,
	1974	+ ndm->ndm_flags & NTF_EXT_LEARNED,
	1975	+ exempt_from_gc, true);
1785	1976	if (IS_ERR(neigh)) {
1786	1977	err = PTR_ERR(neigh);
1787	1978	goto out;
..	..	@@ -1794,20 +1985,26 @@
1794	1985	}
1795	1986
1796	1987	if (!(nlh->nlmsg_flags & NLM_F_REPLACE))
1797		- flags &= ~NEIGH_UPDATE_F_OVERRIDE;
	1988	+ flags &= ~(NEIGH_UPDATE_F_OVERRIDE \|
	1989	+ NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
1798	1990	}
1799	1991
	1992	+ if (protocol)
	1993	+ neigh->protocol = protocol;
1800	1994	if (ndm->ndm_flags & NTF_EXT_LEARNED)
1801	1995	flags \|= NEIGH_UPDATE_F_EXT_LEARNED;
	1996	+ if (ndm->ndm_flags & NTF_ROUTER)
	1997	+ flags \|= NEIGH_UPDATE_F_ISROUTER;
	1998	+ if (ndm->ndm_flags & NTF_USE)
	1999	+ flags \|= NEIGH_UPDATE_F_USE;
1802	2000
1803		- if (ndm->ndm_flags & NTF_USE) {
	2001	+ err = __neigh_update(neigh, lladdr, ndm->ndm_state, flags,
	2002	+ NETLINK_CB(skb).portid, extack);
	2003	+ if (!err && ndm->ndm_flags & NTF_USE) {
1804	2004	neigh_event_send(neigh, NULL);
1805	2005	err = 0;
1806		- } else
1807		- err = neigh_update(neigh, lladdr, ndm->ndm_state, flags,
1808		- NETLINK_CB(skb).portid);
	2006	+ }
1809	2007	neigh_release(neigh);
1810		-
1811	2008	out:
1812	2009	return err;
1813	2010	}
..	..	@@ -1816,7 +2013,7 @@
1816	2013	{
1817	2014	struct nlattr *nest;
1818	2015
1819		- nest = nla_nest_start(skb, NDTA_PARMS);
	2016	+ nest = nla_nest_start_noflag(skb, NDTA_PARMS);
1820	2017	if (nest == NULL)
1821	2018	return -ENOBUFS;
1822	2019
..	..	@@ -2018,8 +2215,8 @@
2018	2215	bool found = false;
2019	2216	int err, tidx;
2020	2217
2021		- err = nlmsg_parse(nlh, sizeof(*ndtmsg), tb, NDTA_MAX,
2022		- nl_neightbl_policy, extack);
	2218	+ err = nlmsg_parse_deprecated(nlh, sizeof(*ndtmsg), tb, NDTA_MAX,
	2219	+ nl_neightbl_policy, extack);
2023	2220	if (err < 0)
2024	2221	goto errout;
2025	2222
..	..	@@ -2056,8 +2253,9 @@
2056	2253	struct neigh_parms *p;
2057	2254	int i, ifindex = 0;
2058	2255
2059		- err = nla_parse_nested(tbp, NDTPA_MAX, tb[NDTA_PARMS],
2060		- nl_ntbl_parm_policy, extack);
	2256	+ err = nla_parse_nested_deprecated(tbp, NDTPA_MAX,
	2257	+ tb[NDTA_PARMS],
	2258	+ nl_ntbl_parm_policy, extack);
2061	2259	if (err < 0)
2062	2260	goto errout_tbl_lock;
2063	2261
..	..	@@ -2169,15 +2367,47 @@
2169	2367	return err;
2170	2368	}
2171	2369
	2370	+static int neightbl_valid_dump_info(const struct nlmsghdr *nlh,
	2371	+ struct netlink_ext_ack *extack)
	2372	+{
	2373	+ struct ndtmsg *ndtm;
	2374	+
	2375	+ if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndtm))) {
	2376	+ NL_SET_ERR_MSG(extack, "Invalid header for neighbor table dump request");
	2377	+ return -EINVAL;
	2378	+ }
	2379	+
	2380	+ ndtm = nlmsg_data(nlh);
	2381	+ if (ndtm->ndtm_pad1 \|\| ndtm->ndtm_pad2) {
	2382	+ NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor table dump request");
	2383	+ return -EINVAL;
	2384	+ }
	2385	+
	2386	+ if (nlmsg_attrlen(nlh, sizeof(*ndtm))) {
	2387	+ NL_SET_ERR_MSG(extack, "Invalid data after header in neighbor table dump request");
	2388	+ return -EINVAL;
	2389	+ }
	2390	+
	2391	+ return 0;
	2392	+}
	2393	+
2172	2394	static int neightbl_dump_info(struct sk_buff skb, struct netlink_callback cb)
2173	2395	{
	2396	+ const struct nlmsghdr *nlh = cb->nlh;
2174	2397	struct net *net = sock_net(skb->sk);
2175	2398	int family, tidx, nidx = 0;
2176	2399	int tbl_skip = cb->args[0];
2177	2400	int neigh_skip = cb->args[1];
2178	2401	struct neigh_table *tbl;
2179	2402
2180		- family = ((struct rtgenmsg *) nlmsg_data(cb->nlh))->rtgen_family;
	2403	+ if (cb->strict_check) {
	2404	+ int err = neightbl_valid_dump_info(nlh, cb->extack);
	2405	+
	2406	+ if (err < 0)
	2407	+ return err;
	2408	+ }
	2409	+
	2410	+ family = ((struct rtgenmsg *)nlmsg_data(nlh))->rtgen_family;
2181	2411
2182	2412	for (tidx = 0; tidx < NEIGH_NR_TABLES; tidx++) {
2183	2413	struct neigh_parms *p;
..	..	@@ -2190,7 +2420,7 @@
2190	2420	continue;
2191	2421
2192	2422	if (neightbl_fill_info(skb, tbl, NETLINK_CB(cb->skb).portid,
2193		- cb->nlh->nlmsg_seq, RTM_NEWNEIGHTBL,
	2423	+ nlh->nlmsg_seq, RTM_NEWNEIGHTBL,
2194	2424	NLM_F_MULTI) < 0)
2195	2425	break;
2196	2426
..	..	@@ -2205,7 +2435,7 @@
2205	2435
2206	2436	if (neightbl_fill_param_info(skb, tbl, p,
2207	2437	NETLINK_CB(cb->skb).portid,
2208		- cb->nlh->nlmsg_seq,
	2438	+ nlh->nlmsg_seq,
2209	2439	RTM_NEWNEIGHTBL,
2210	2440	NLM_F_MULTI) < 0)
2211	2441	goto out;
..	..	@@ -2267,6 +2497,9 @@
2267	2497	nla_put(skb, NDA_CACHEINFO, sizeof(ci), &ci))
2268	2498	goto nla_put_failure;
2269	2499
	2500	+ if (neigh->protocol && nla_put_u8(skb, NDA_PROTOCOL, neigh->protocol))
	2501	+ goto nla_put_failure;
	2502	+
2270	2503	nlmsg_end(skb, nlh);
2271	2504	return 0;
2272	2505
..	..	@@ -2298,6 +2531,9 @@
2298	2531	if (nla_put(skb, NDA_DST, tbl->key_len, pn->key))
2299	2532	goto nla_put_failure;
2300	2533
	2534	+ if (pn->protocol && nla_put_u8(skb, NDA_PROTOCOL, pn->protocol))
	2535	+ goto nla_put_failure;
	2536	+
2301	2537	nlmsg_end(skb, nlh);
2302	2538	return 0;
2303	2539
..	..	@@ -2319,7 +2555,7 @@
2319	2555	if (!master_idx)
2320	2556	return false;
2321	2557
2322		- master = netdev_master_upper_dev_get(dev);
	2558	+ master = dev ? netdev_master_upper_dev_get(dev) : NULL;
2323	2559	if (!master \|\| master->ifindex != master_idx)
2324	2560	return true;
2325	2561
..	..	@@ -2328,41 +2564,30 @@
2328	2564
2329	2565	static bool neigh_ifindex_filtered(struct net_device *dev, int filter_idx)
2330	2566	{
2331		- if (filter_idx && dev->ifindex != filter_idx)
	2567	+ if (filter_idx && (!dev \|\| dev->ifindex != filter_idx))
2332	2568	return true;
2333	2569
2334	2570	return false;
2335	2571	}
2336	2572
	2573	+struct neigh_dump_filter {
	2574	+ int master_idx;
	2575	+ int dev_idx;
	2576	+};
	2577	+
2337	2578	static int neigh_dump_table(struct neigh_table tbl, struct sk_buff skb,
2338		- struct netlink_callback *cb)
	2579	+ struct netlink_callback *cb,
	2580	+ struct neigh_dump_filter *filter)
2339	2581	{
2340	2582	struct net *net = sock_net(skb->sk);
2341		- const struct nlmsghdr *nlh = cb->nlh;
2342		- struct nlattr *tb[NDA_MAX + 1];
2343	2583	struct neighbour *n;
2344	2584	int rc, h, s_h = cb->args[1];
2345	2585	int idx, s_idx = idx = cb->args[2];
2346	2586	struct neigh_hash_table *nht;
2347		- int filter_master_idx = 0, filter_idx = 0;
2348	2587	unsigned int flags = NLM_F_MULTI;
2349		- int err;
2350	2588
2351		- err = nlmsg_parse(nlh, sizeof(struct ndmsg), tb, NDA_MAX, NULL, NULL);
2352		- if (!err) {
2353		- if (tb[NDA_IFINDEX]) {
2354		- if (nla_len(tb[NDA_IFINDEX]) != sizeof(u32))
2355		- return -EINVAL;
2356		- filter_idx = nla_get_u32(tb[NDA_IFINDEX]);
2357		- }
2358		- if (tb[NDA_MASTER]) {
2359		- if (nla_len(tb[NDA_MASTER]) != sizeof(u32))
2360		- return -EINVAL;
2361		- filter_master_idx = nla_get_u32(tb[NDA_MASTER]);
2362		- }
2363		- if (filter_idx \|\| filter_master_idx)
2364		- flags \|= NLM_F_DUMP_FILTERED;
2365		- }
	2589	+ if (filter->dev_idx \|\| filter->master_idx)
	2590	+ flags \|= NLM_F_DUMP_FILTERED;
2366	2591
2367	2592	rcu_read_lock_bh();
2368	2593	nht = rcu_dereference_bh(tbl->nht);
..	..	@@ -2375,8 +2600,8 @@
2375	2600	n = rcu_dereference_bh(n->next)) {
2376	2601	if (idx < s_idx \|\| !net_eq(dev_net(n->dev), net))
2377	2602	goto next;
2378		- if (neigh_ifindex_filtered(n->dev, filter_idx) \|\|
2379		- neigh_master_filtered(n->dev, filter_master_idx))
	2603	+ if (neigh_ifindex_filtered(n->dev, filter->dev_idx) \|\|
	2604	+ neigh_master_filtered(n->dev, filter->master_idx))
2380	2605	goto next;
2381	2606	if (neigh_fill_info(skb, n, NETLINK_CB(cb->skb).portid,
2382	2607	cb->nlh->nlmsg_seq,
..	..	@@ -2398,12 +2623,17 @@
2398	2623	}
2399	2624
2400	2625	static int pneigh_dump_table(struct neigh_table tbl, struct sk_buff skb,
2401		- struct netlink_callback *cb)
	2626	+ struct netlink_callback *cb,
	2627	+ struct neigh_dump_filter *filter)
2402	2628	{
2403	2629	struct pneigh_entry *n;
2404	2630	struct net *net = sock_net(skb->sk);
2405	2631	int rc, h, s_h = cb->args[3];
2406	2632	int idx, s_idx = idx = cb->args[4];
	2633	+ unsigned int flags = NLM_F_MULTI;
	2634	+
	2635	+ if (filter->dev_idx \|\| filter->master_idx)
	2636	+ flags \|= NLM_F_DUMP_FILTERED;
2407	2637
2408	2638	read_lock_bh(&tbl->lock);
2409	2639
..	..	@@ -2413,10 +2643,12 @@
2413	2643	for (n = tbl->phash_buckets[h], idx = 0; n; n = n->next) {
2414	2644	if (idx < s_idx \|\| pneigh_net(n) != net)
2415	2645	goto next;
	2646	+ if (neigh_ifindex_filtered(n->dev, filter->dev_idx) \|\|
	2647	+ neigh_master_filtered(n->dev, filter->master_idx))
	2648	+ goto next;
2416	2649	if (pneigh_fill_info(skb, n, NETLINK_CB(cb->skb).portid,
2417	2650	cb->nlh->nlmsg_seq,
2418		- RTM_NEWNEIGH,
2419		- NLM_F_MULTI, tbl) < 0) {
	2651	+ RTM_NEWNEIGH, flags, tbl) < 0) {
2420	2652	read_unlock_bh(&tbl->lock);
2421	2653	rc = -1;
2422	2654	goto out;
..	..	@@ -2435,21 +2667,88 @@
2435	2667
2436	2668	}
2437	2669
	2670	+static int neigh_valid_dump_req(const struct nlmsghdr *nlh,
	2671	+ bool strict_check,
	2672	+ struct neigh_dump_filter *filter,
	2673	+ struct netlink_ext_ack *extack)
	2674	+{
	2675	+ struct nlattr *tb[NDA_MAX + 1];
	2676	+ int err, i;
	2677	+
	2678	+ if (strict_check) {
	2679	+ struct ndmsg *ndm;
	2680	+
	2681	+ if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndm))) {
	2682	+ NL_SET_ERR_MSG(extack, "Invalid header for neighbor dump request");
	2683	+ return -EINVAL;
	2684	+ }
	2685	+
	2686	+ ndm = nlmsg_data(nlh);
	2687	+ if (ndm->ndm_pad1 \|\| ndm->ndm_pad2 \|\| ndm->ndm_ifindex \|\|
	2688	+ ndm->ndm_state \|\| ndm->ndm_type) {
	2689	+ NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor dump request");
	2690	+ return -EINVAL;
	2691	+ }
	2692	+
	2693	+ if (ndm->ndm_flags & ~NTF_PROXY) {
	2694	+ NL_SET_ERR_MSG(extack, "Invalid flags in header for neighbor dump request");
	2695	+ return -EINVAL;
	2696	+ }
	2697	+
	2698	+ err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct ndmsg),
	2699	+ tb, NDA_MAX, nda_policy,
	2700	+ extack);
	2701	+ } else {
	2702	+ err = nlmsg_parse_deprecated(nlh, sizeof(struct ndmsg), tb,
	2703	+ NDA_MAX, nda_policy, extack);
	2704	+ }
	2705	+ if (err < 0)
	2706	+ return err;
	2707	+
	2708	+ for (i = 0; i <= NDA_MAX; ++i) {
	2709	+ if (!tb[i])
	2710	+ continue;
	2711	+
	2712	+ /* all new attributes should require strict_check */
	2713	+ switch (i) {
	2714	+ case NDA_IFINDEX:
	2715	+ filter->dev_idx = nla_get_u32(tb[i]);
	2716	+ break;
	2717	+ case NDA_MASTER:
	2718	+ filter->master_idx = nla_get_u32(tb[i]);
	2719	+ break;
	2720	+ default:
	2721	+ if (strict_check) {
	2722	+ NL_SET_ERR_MSG(extack, "Unsupported attribute in neighbor dump request");
	2723	+ return -EINVAL;
	2724	+ }
	2725	+ }
	2726	+ }
	2727	+
	2728	+ return 0;
	2729	+}
	2730	+
2438	2731	static int neigh_dump_info(struct sk_buff skb, struct netlink_callback cb)
2439	2732	{
	2733	+ const struct nlmsghdr *nlh = cb->nlh;
	2734	+ struct neigh_dump_filter filter = {};
2440	2735	struct neigh_table *tbl;
2441	2736	int t, family, s_t;
2442	2737	int proxy = 0;
2443	2738	int err;
2444	2739
2445		- family = ((struct rtgenmsg *) nlmsg_data(cb->nlh))->rtgen_family;
	2740	+ family = ((struct rtgenmsg *)nlmsg_data(nlh))->rtgen_family;
2446	2741
2447	2742	/* check for full ndmsg structure presence, family member is
2448	2743	* the same for both structures
2449	2744	*/
2450		- if (nlmsg_len(cb->nlh) >= sizeof(struct ndmsg) &&
2451		- ((struct ndmsg *) nlmsg_data(cb->nlh))->ndm_flags == NTF_PROXY)
	2745	+ if (nlmsg_len(nlh) >= sizeof(struct ndmsg) &&
	2746	+ ((struct ndmsg *)nlmsg_data(nlh))->ndm_flags == NTF_PROXY)
2452	2747	proxy = 1;
	2748	+
	2749	+ err = neigh_valid_dump_req(nlh, cb->strict_check, &filter, cb->extack);
	2750	+ if (err < 0 && cb->strict_check)
	2751	+ return err;
2453	2752
2454	2753	s_t = cb->args[0];
2455	2754
..	..	@@ -2464,15 +2763,195 @@
2464	2763	memset(&cb->args[1], 0, sizeof(cb->args) -
2465	2764	sizeof(cb->args[0]));
2466	2765	if (proxy)
2467		- err = pneigh_dump_table(tbl, skb, cb);
	2766	+ err = pneigh_dump_table(tbl, skb, cb, &filter);
2468	2767	else
2469		- err = neigh_dump_table(tbl, skb, cb);
	2768	+ err = neigh_dump_table(tbl, skb, cb, &filter);
2470	2769	if (err < 0)
2471	2770	break;
2472	2771	}
2473	2772
2474	2773	cb->args[0] = t;
2475	2774	return skb->len;
	2775	+}
	2776	+
	2777	+static int neigh_valid_get_req(const struct nlmsghdr *nlh,
	2778	+ struct neigh_table **tbl,
	2779	+ void *dst, int dev_idx, u8 *ndm_flags,
	2780	+ struct netlink_ext_ack *extack)
	2781	+{
	2782	+ struct nlattr *tb[NDA_MAX + 1];
	2783	+ struct ndmsg *ndm;
	2784	+ int err, i;
	2785	+
	2786	+ if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ndm))) {
	2787	+ NL_SET_ERR_MSG(extack, "Invalid header for neighbor get request");
	2788	+ return -EINVAL;
	2789	+ }
	2790	+
	2791	+ ndm = nlmsg_data(nlh);
	2792	+ if (ndm->ndm_pad1 \|\| ndm->ndm_pad2 \|\| ndm->ndm_state \|\|
	2793	+ ndm->ndm_type) {
	2794	+ NL_SET_ERR_MSG(extack, "Invalid values in header for neighbor get request");
	2795	+ return -EINVAL;
	2796	+ }
	2797	+
	2798	+ if (ndm->ndm_flags & ~NTF_PROXY) {
	2799	+ NL_SET_ERR_MSG(extack, "Invalid flags in header for neighbor get request");
	2800	+ return -EINVAL;
	2801	+ }
	2802	+
	2803	+ err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct ndmsg), tb,
	2804	+ NDA_MAX, nda_policy, extack);
	2805	+ if (err < 0)
	2806	+ return err;
	2807	+
	2808	+ *ndm_flags = ndm->ndm_flags;
	2809	+ *dev_idx = ndm->ndm_ifindex;
	2810	+ *tbl = neigh_find_table(ndm->ndm_family);
	2811	+ if (*tbl == NULL) {
	2812	+ NL_SET_ERR_MSG(extack, "Unsupported family in header for neighbor get request");
	2813	+ return -EAFNOSUPPORT;
	2814	+ }
	2815	+
	2816	+ for (i = 0; i <= NDA_MAX; ++i) {
	2817	+ if (!tb[i])
	2818	+ continue;
	2819	+
	2820	+ switch (i) {
	2821	+ case NDA_DST:
	2822	+ if (nla_len(tb[i]) != (int)(*tbl)->key_len) {
	2823	+ NL_SET_ERR_MSG(extack, "Invalid network address in neighbor get request");
	2824	+ return -EINVAL;
	2825	+ }
	2826	+ *dst = nla_data(tb[i]);
	2827	+ break;
	2828	+ default:
	2829	+ NL_SET_ERR_MSG(extack, "Unsupported attribute in neighbor get request");
	2830	+ return -EINVAL;
	2831	+ }
	2832	+ }
	2833	+
	2834	+ return 0;
	2835	+}
	2836	+
	2837	+static inline size_t neigh_nlmsg_size(void)
	2838	+{
	2839	+ return NLMSG_ALIGN(sizeof(struct ndmsg))
	2840	+ + nla_total_size(MAX_ADDR_LEN) /* NDA_DST */
	2841	+ + nla_total_size(MAX_ADDR_LEN) /* NDA_LLADDR */
	2842	+ + nla_total_size(sizeof(struct nda_cacheinfo))
	2843	+ + nla_total_size(4) /* NDA_PROBES */
	2844	+ + nla_total_size(1); /* NDA_PROTOCOL */
	2845	+}
	2846	+
	2847	+static int neigh_get_reply(struct net net, struct neighbour neigh,
	2848	+ u32 pid, u32 seq)
	2849	+{
	2850	+ struct sk_buff *skb;
	2851	+ int err = 0;
	2852	+
	2853	+ skb = nlmsg_new(neigh_nlmsg_size(), GFP_KERNEL);
	2854	+ if (!skb)
	2855	+ return -ENOBUFS;
	2856	+
	2857	+ err = neigh_fill_info(skb, neigh, pid, seq, RTM_NEWNEIGH, 0);
	2858	+ if (err) {
	2859	+ kfree_skb(skb);
	2860	+ goto errout;
	2861	+ }
	2862	+
	2863	+ err = rtnl_unicast(skb, net, pid);
	2864	+errout:
	2865	+ return err;
	2866	+}
	2867	+
	2868	+static inline size_t pneigh_nlmsg_size(void)
	2869	+{
	2870	+ return NLMSG_ALIGN(sizeof(struct ndmsg))
	2871	+ + nla_total_size(MAX_ADDR_LEN) /* NDA_DST */
	2872	+ + nla_total_size(1); /* NDA_PROTOCOL */
	2873	+}
	2874	+
	2875	+static int pneigh_get_reply(struct net net, struct pneigh_entry neigh,
	2876	+ u32 pid, u32 seq, struct neigh_table *tbl)
	2877	+{
	2878	+ struct sk_buff *skb;
	2879	+ int err = 0;
	2880	+
	2881	+ skb = nlmsg_new(pneigh_nlmsg_size(), GFP_KERNEL);
	2882	+ if (!skb)
	2883	+ return -ENOBUFS;
	2884	+
	2885	+ err = pneigh_fill_info(skb, neigh, pid, seq, RTM_NEWNEIGH, 0, tbl);
	2886	+ if (err) {
	2887	+ kfree_skb(skb);
	2888	+ goto errout;
	2889	+ }
	2890	+
	2891	+ err = rtnl_unicast(skb, net, pid);
	2892	+errout:
	2893	+ return err;
	2894	+}
	2895	+
	2896	+static int neigh_get(struct sk_buff in_skb, struct nlmsghdr nlh,
	2897	+ struct netlink_ext_ack *extack)
	2898	+{
	2899	+ struct net *net = sock_net(in_skb->sk);
	2900	+ struct net_device *dev = NULL;
	2901	+ struct neigh_table *tbl = NULL;
	2902	+ struct neighbour *neigh;
	2903	+ void *dst = NULL;
	2904	+ u8 ndm_flags = 0;
	2905	+ int dev_idx = 0;
	2906	+ int err;
	2907	+
	2908	+ err = neigh_valid_get_req(nlh, &tbl, &dst, &dev_idx, &ndm_flags,
	2909	+ extack);
	2910	+ if (err < 0)
	2911	+ return err;
	2912	+
	2913	+ if (dev_idx) {
	2914	+ dev = __dev_get_by_index(net, dev_idx);
	2915	+ if (!dev) {
	2916	+ NL_SET_ERR_MSG(extack, "Unknown device ifindex");
	2917	+ return -ENODEV;
	2918	+ }
	2919	+ }
	2920	+
	2921	+ if (!dst) {
	2922	+ NL_SET_ERR_MSG(extack, "Network address not specified");
	2923	+ return -EINVAL;
	2924	+ }
	2925	+
	2926	+ if (ndm_flags & NTF_PROXY) {
	2927	+ struct pneigh_entry *pn;
	2928	+
	2929	+ pn = pneigh_lookup(tbl, net, dst, dev, 0);
	2930	+ if (!pn) {
	2931	+ NL_SET_ERR_MSG(extack, "Proxy neighbour entry not found");
	2932	+ return -ENOENT;
	2933	+ }
	2934	+ return pneigh_get_reply(net, pn, NETLINK_CB(in_skb).portid,
	2935	+ nlh->nlmsg_seq, tbl);
	2936	+ }
	2937	+
	2938	+ if (!dev) {
	2939	+ NL_SET_ERR_MSG(extack, "No device specified");
	2940	+ return -EINVAL;
	2941	+ }
	2942	+
	2943	+ neigh = neigh_lookup(tbl, dst, dev);
	2944	+ if (!neigh) {
	2945	+ NL_SET_ERR_MSG(extack, "Neighbour entry not found");
	2946	+ return -ENOENT;
	2947	+ }
	2948	+
	2949	+ err = neigh_get_reply(net, neigh, NETLINK_CB(in_skb).portid,
	2950	+ nlh->nlmsg_seq);
	2951	+
	2952	+ neigh_release(neigh);
	2953	+
	2954	+ return err;
2476	2955	}
2477	2956
2478	2957	void neigh_for_each(struct neigh_table tbl, void (cb)(struct neighbour , void ), void *cookie)
..	..	@@ -2521,7 +3000,7 @@
2521	3000	rcu_assign_pointer(*np,
2522	3001	rcu_dereference_protected(n->next,
2523	3002	lockdep_is_held(&tbl->lock)));
2524		- n->dead = 1;
	3003	+ neigh_mark_dead(n);
2525	3004	} else
2526	3005	np = &n->next;
2527	3006	write_unlock(&n->lock);
..	..	@@ -2584,7 +3063,7 @@
2584	3063	struct net *net = seq_file_net(seq);
2585	3064	struct neigh_hash_table *nht = state->nht;
2586	3065	struct neighbour *n = NULL;
2587		- int bucket = state->bucket;
	3066	+ int bucket;
2588	3067
2589	3068	state->flags &= ~NEIGH_SEQ_IS_PNEIGH;
2590	3069	for (bucket = 0; bucket < (1 << nht->hash_shift); bucket++) {
..	..	@@ -2896,15 +3375,6 @@
2896	3375	};
2897	3376	#endif /* CONFIG_PROC_FS */
2898	3377
2899		-static inline size_t neigh_nlmsg_size(void)
2900		-{
2901		- return NLMSG_ALIGN(sizeof(struct ndmsg))
2902		- + nla_total_size(MAX_ADDR_LEN) /* NDA_DST */
2903		- + nla_total_size(MAX_ADDR_LEN) /* NDA_LLADDR */
2904		- + nla_total_size(sizeof(struct nda_cacheinfo))
2905		- + nla_total_size(4); /* NDA_PROBES */
2906		-}
2907		-
2908	3378	static void __neigh_notify(struct neighbour *n, int type, int flags,
2909	3379	u32 pid)
2910	3380	{
..	..	@@ -2937,17 +3407,15 @@
2937	3407	EXPORT_SYMBOL(neigh_app_ns);
2938	3408
2939	3409	#ifdef CONFIG_SYSCTL
2940		-static int zero;
2941		-static int int_max = INT_MAX;
2942	3410	static int unres_qlen_max = INT_MAX / SKB_TRUESIZE(ETH_FRAME_LEN);
2943	3411
2944	3412	static int proc_unres_qlen(struct ctl_table *ctl, int write,
2945		- void __user buffer, size_t lenp, loff_t *ppos)
	3413	+ void buffer, size_t lenp, loff_t *ppos)
2946	3414	{
2947	3415	int size, ret;
2948	3416	struct ctl_table tmp = *ctl;
2949	3417
2950		- tmp.extra1 = &zero;
	3418	+ tmp.extra1 = SYSCTL_ZERO;
2951	3419	tmp.extra2 = &unres_qlen_max;
2952	3420	tmp.data = &size;
2953	3421
..	..	@@ -3006,22 +3474,22 @@
3006	3474	}
3007	3475
3008	3476	static int neigh_proc_dointvec_zero_intmax(struct ctl_table *ctl, int write,
3009		- void __user *buffer,
3010		- size_t lenp, loff_t ppos)
	3477	+ void buffer, size_t lenp,
	3478	+ loff_t *ppos)
3011	3479	{
3012	3480	struct ctl_table tmp = *ctl;
3013	3481	int ret;
3014	3482
3015		- tmp.extra1 = &zero;
3016		- tmp.extra2 = &int_max;
	3483	+ tmp.extra1 = SYSCTL_ZERO;
	3484	+ tmp.extra2 = SYSCTL_INT_MAX;
3017	3485
3018	3486	ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
3019	3487	neigh_proc_update(ctl, write);
3020	3488	return ret;
3021	3489	}
3022	3490
3023		-int neigh_proc_dointvec(struct ctl_table *ctl, int write,
3024		- void __user buffer, size_t lenp, loff_t *ppos)
	3491	+int neigh_proc_dointvec(struct ctl_table ctl, int write, void buffer,
	3492	+ size_t lenp, loff_t ppos)
3025	3493	{
3026	3494	int ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
3027	3495
..	..	@@ -3030,8 +3498,7 @@
3030	3498	}
3031	3499	EXPORT_SYMBOL(neigh_proc_dointvec);
3032	3500
3033		-int neigh_proc_dointvec_jiffies(struct ctl_table *ctl, int write,
3034		- void __user *buffer,
	3501	+int neigh_proc_dointvec_jiffies(struct ctl_table ctl, int write, void buffer,
3035	3502	size_t lenp, loff_t ppos)
3036	3503	{
3037	3504	int ret = proc_dointvec_jiffies(ctl, write, buffer, lenp, ppos);
..	..	@@ -3042,8 +3509,8 @@
3042	3509	EXPORT_SYMBOL(neigh_proc_dointvec_jiffies);
3043	3510
3044	3511	static int neigh_proc_dointvec_userhz_jiffies(struct ctl_table *ctl, int write,
3045		- void __user *buffer,
3046		- size_t lenp, loff_t ppos)
	3512	+ void buffer, size_t lenp,
	3513	+ loff_t *ppos)
3047	3514	{
3048	3515	int ret = proc_dointvec_userhz_jiffies(ctl, write, buffer, lenp, ppos);
3049	3516
..	..	@@ -3052,8 +3519,7 @@
3052	3519	}
3053	3520
3054	3521	int neigh_proc_dointvec_ms_jiffies(struct ctl_table *ctl, int write,
3055		- void __user *buffer,
3056		- size_t lenp, loff_t ppos)
	3522	+ void buffer, size_t lenp, loff_t *ppos)
3057	3523	{
3058	3524	int ret = proc_dointvec_ms_jiffies(ctl, write, buffer, lenp, ppos);
3059	3525
..	..	@@ -3063,8 +3529,8 @@
3063	3529	EXPORT_SYMBOL(neigh_proc_dointvec_ms_jiffies);
3064	3530
3065	3531	static int neigh_proc_dointvec_unres_qlen(struct ctl_table *ctl, int write,
3066		- void __user *buffer,
3067		- size_t lenp, loff_t ppos)
	3532	+ void buffer, size_t lenp,
	3533	+ loff_t *ppos)
3068	3534	{
3069	3535	int ret = proc_unres_qlen(ctl, write, buffer, lenp, ppos);
3070	3536
..	..	@@ -3073,8 +3539,8 @@
3073	3539	}
3074	3540
3075	3541	static int neigh_proc_base_reachable_time(struct ctl_table *ctl, int write,
3076		- void __user *buffer,
3077		- size_t lenp, loff_t ppos)
	3542	+ void buffer, size_t lenp,
	3543	+ loff_t *ppos)
3078	3544	{
3079	3545	struct neigh_parms *p = ctl->extra2;
3080	3546	int ret;
..	..	@@ -3118,9 +3584,6 @@
3118	3584	#define NEIGH_SYSCTL_USERHZ_JIFFIES_ENTRY(attr, name) \
3119	3585	NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_userhz_jiffies)
3120	3586
3121		-#define NEIGH_SYSCTL_MS_JIFFIES_ENTRY(attr, name) \
3122		- NEIGH_SYSCTL_ENTRY(attr, attr, name, 0644, neigh_proc_dointvec_ms_jiffies)
3123		-
3124	3587	#define NEIGH_SYSCTL_MS_JIFFIES_REUSED_ENTRY(attr, data_attr, name) \
3125	3588	NEIGH_SYSCTL_ENTRY(attr, data_attr, name, 0644, neigh_proc_dointvec_ms_jiffies)
3126	3589
..	..	@@ -3158,24 +3621,24 @@
3158	3621	.procname = "gc_thresh1",
3159	3622	.maxlen = sizeof(int),
3160	3623	.mode = 0644,
3161		- .extra1 = &zero,
3162		- .extra2 = &int_max,
	3624	+ .extra1 = SYSCTL_ZERO,
	3625	+ .extra2 = SYSCTL_INT_MAX,
3163	3626	.proc_handler = proc_dointvec_minmax,
3164	3627	},
3165	3628	[NEIGH_VAR_GC_THRESH2] = {
3166	3629	.procname = "gc_thresh2",
3167	3630	.maxlen = sizeof(int),
3168	3631	.mode = 0644,
3169		- .extra1 = &zero,
3170		- .extra2 = &int_max,
	3632	+ .extra1 = SYSCTL_ZERO,
	3633	+ .extra2 = SYSCTL_INT_MAX,
3171	3634	.proc_handler = proc_dointvec_minmax,
3172	3635	},
3173	3636	[NEIGH_VAR_GC_THRESH3] = {
3174	3637	.procname = "gc_thresh3",
3175	3638	.maxlen = sizeof(int),
3176	3639	.mode = 0644,
3177		- .extra1 = &zero,
3178		- .extra2 = &int_max,
	3640	+ .extra1 = SYSCTL_ZERO,
	3641	+ .extra2 = SYSCTL_INT_MAX,
3179	3642	.proc_handler = proc_dointvec_minmax,
3180	3643	},
3181	3644	{},
..	..	@@ -3288,7 +3751,7 @@
3288	3751	{
3289	3752	rtnl_register(PF_UNSPEC, RTM_NEWNEIGH, neigh_add, NULL, 0);
3290	3753	rtnl_register(PF_UNSPEC, RTM_DELNEIGH, neigh_delete, NULL, 0);
3291		- rtnl_register(PF_UNSPEC, RTM_GETNEIGH, NULL, neigh_dump_info, 0);
	3754	+ rtnl_register(PF_UNSPEC, RTM_GETNEIGH, neigh_get, neigh_dump_info, 0);
3292	3755
3293	3756	rtnl_register(PF_UNSPEC, RTM_GETNEIGHTBL, NULL, neightbl_dump_info,
3294	3757	0);