9p: Make sure we are able to clunk the cached fid on umount

[safe/jmp/linux-2.6] / net / llc / llc_input.c

diff --git a/net/llc/llc_input.c b/net/llc/llc_input.c
index cb9f7f0..57ad974 100644 (file)
--- a/net/llc/llc_input.c
+++ b/net/llc/llc_input.c
@@ -12,6 +12,7 @@
  * See the GNU General Public License for more details.
  */
 #include <linux/netdevice.h>
+#include <net/net_namespace.h>
 #include <net/llc.h>
 #include <net/llc_pdu.h>
 #include <net/llc_sap.h>
@@ -112,12 +113,16 @@ static inline int llc_fixup_skb(struct sk_buff *skb)
        if (unlikely(!pskb_may_pull(skb, llc_len)))
                return 0;
 
-       skb->h.raw += llc_len;
+       skb->transport_header += llc_len;
        skb_pull(skb, llc_len);
        if (skb->protocol == htons(ETH_P_802_2)) {
-               u16 pdulen = eth_hdr(skb)->h_proto,
-                   data_size = ntohs(pdulen) - llc_len;
+               __be16 pdulen = eth_hdr(skb)->h_proto;
+               s32 data_size = ntohs(pdulen) - llc_len;
 
+               if (data_size < 0 ||
+                   ((skb_tail_pointer(skb) -
+                     (u8 *)pdu) - llc_len) < data_size)
+                       return 0;
                if (unlikely(pskb_trim_rcsum(skb, data_size)))
                        return 0;
        }
@@ -145,12 +150,15 @@ int llc_rcv(struct sk_buff *skb, struct net_device *dev,
        int (*rcv)(struct sk_buff *, struct net_device *,
                   struct packet_type *, struct net_device *);
 
+       if (!net_eq(dev_net(dev), &init_net))
+               goto drop;
+
        /*
         * When the interface is in promisc. mode, drop all the crap that it
         * receives, do not try to analyse it.
         */
        if (unlikely(skb->pkt_type == PACKET_OTHERHOST)) {
-               dprintk("%s: PACKET_OTHERHOST\n", __FUNCTION__);
+               dprintk("%s: PACKET_OTHERHOST\n", __func__);
                goto drop;
        }
        skb = skb_share_check(skb, GFP_ATOMIC);
@@ -163,8 +171,8 @@ int llc_rcv(struct sk_buff *skb, struct net_device *dev,
               goto handle_station;
        sap = llc_sap_find(pdu->dsap);
        if (unlikely(!sap)) {/* unknown SAP */
-               dprintk("%s: llc_sap_find(%02X) failed!\n", __FUNCTION__,
-                       pdu->dsap);
+               dprintk("%s: llc_sap_find(%02X) failed!\n", __func__,
+                       pdu->dsap);
                goto drop;
        }
        /*
@@ -173,8 +181,9 @@ int llc_rcv(struct sk_buff *skb, struct net_device *dev,
         */
        rcv = rcu_dereference(sap->rcv_func);
        if (rcv) {
-               rcv(skb, dev, pt, orig_dev);
-               goto out_put;
+               struct sk_buff *cskb = skb_clone(skb, GFP_ATOMIC);
+               if (cskb)
+                       rcv(cskb, dev, pt, orig_dev);
        }
        dest = llc_pdu_type(skb);
        if (unlikely(!dest || !llc_type_handlers[dest - 1]))