Merge nuts.ninka.net:/home/davem/src/BK/network-2.5

into nuts.ninka.net:/home/davem/src/BK/net-2.5

Merge nuts.ninka.net:/home/davem/src/BK/network-2.5
into nuts.ninka.net:/home/davem/src/BK/net-2.5
dfb1d7a5 · David S. Miller · 898df34c · 9fac4b2d · dfb1d7a5 · dfb1d7a5
Commit dfb1d7a5 authored Apr 09, 2003 by David S. Miller
22 changed files
--- a/net/8021q/vlan.c
+++ b/net/8021q/vlan.c
@@ -501,6 +501,15 @@ static struct net_device *register_vlan_device(const char *eth_IF_name,
 	       real_dev->ifindex);
 #endif
 	    
+	if (register_netdevice(new_dev))
+		goto out_free_newdev_priv;
+
+	/* NOTE:  We have a reference to the real device,
+	 * so hold on to the reference. May fail if we are being removed
+	 */
+	if (!try_module_get(THIS_MODULE))
+		goto out_free_unregister;
+
 	/* So, got the sucker initialized, now lets place
 	 * it into our local structure.
 	 */
@@ -514,7 +523,7 @@ static struct net_device *register_vlan_device(const char *eth_IF_name,
 	if (!grp) { /* need to add a new group */
 		grp = kmalloc(sizeof(struct vlan_group), GFP_KERNEL);
 		if (!grp)
-			goto out_free_newdev_priv;
+			goto out_free_put;
 					
 		/* printk(KERN_ALERT "VLAN REGISTER:  Allocated new group.\n"); */
 		memset(grp, 0, sizeof(struct vlan_group));
@@ -535,24 +544,18 @@ static struct net_device *register_vlan_device(const char *eth_IF_name,
 	if (real_dev->features & NETIF_F_HW_VLAN_FILTER)
 		real_dev->vlan_rx_add_vid(real_dev, VLAN_ID);

-	register_netdevice(new_dev);
-
 	rtnl_unlock();

-	/* NOTE:  We have a reference to the real device,
-	 * so hold on to the reference.
-	 */
-	if (!try_module_get(THIS_MODULE))
-		goto out_module_dying;

 #ifdef VLAN_DEBUG
 	printk(VLAN_DBG "Allocated new device successfully, returning.\n");
 #endif
 	return new_dev;
+out_free_put:
+	module_put(THIS_MODULE);

-out_module_dying:
-	rtnl_lock();
-	unregister_netdevice(new_dev);
+out_free_unregister:
+	unregister_netdev(new_dev);

 out_free_newdev_priv:
 	kfree(new_dev->priv);

--- a/net/bridge/br_forward.c
+++ b/net/bridge/br_forward.c
@@ -33,6 +33,7 @@ static inline int should_deliver(struct net_bridge_port *p, struct sk_buff *skb)
 int br_dev_queue_push_xmit(struct sk_buff *skb)
 {
 #ifdef CONFIG_NETFILTER
+	/* FIXME: skb bas not been linearized: is this valid?? --RR */
 	if (skb->nf_bridge)
 		memcpy(skb->data - 16, skb->nf_bridge->hh, 16);
 #endif

--- a/net/bridge/br_netfilter.c
+++ b/net/bridge/br_netfilter.c
@@ -467,6 +467,7 @@ static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff **pskb,
 	struct sk_buff *skb = *pskb;
 	struct nf_bridge_info *nf_bridge = (*pskb)->nf_bridge;

+	/* FIXME: skb as not been linearized.  Is this still true? --RR */
 	/* Be very paranoid.  */
 	if (skb->mac.raw < skb->head || skb->mac.raw + ETH_HLEN > skb->data) {
 		printk(KERN_CRIT "br_netfilter: Argh!! br_nf_post_routing: "

--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -175,6 +175,10 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff **pskb,
 	char *base;
 	struct ebt_table_info *private = table->private;

+	/* FIXME: Push down to extensions --RR */
+	if (skb_is_nonlinear(*pskb) && skb_linearize(*pskb, GFP_ATOMIC) != 0)
+		return NF_DROP;
+
 	read_lock_bh(&table->lock);
 	cb_base = COUNTER_BASE(private->counters, private->nentries,
 	   smp_processor_id());

--- a/net/core/netfilter.c
+++ b/net/core/netfilter.c
@@ -477,11 +477,6 @@ int nf_hook_slow(int pf, unsigned int hook, struct sk_buff *skb,
 	unsigned int verdict;
 	int ret = 0;

-	/* This stopgap cannot be removed until all the hooks are audited. */
-	if (skb_is_nonlinear(skb) && skb_linearize(skb, GFP_ATOMIC) != 0) {
-		kfree_skb(skb);
-		return -ENOMEM;
-	}
 	if (skb->ip_summed == CHECKSUM_HW) {
 		if (outdev == NULL) {
 			skb->ip_summed = CHECKSUM_NONE;

--- a/net/ipv4/ip_gre.c
+++ b/net/ipv4/ip_gre.c
@@ -262,10 +262,11 @@ static struct ip_tunnel * ipgre_tunnel_locate(struct ip_tunnel_parm *parms, int
 	if (!create)
 		return NULL;

-	MOD_INC_USE_COUNT;
+	if (!try_module_get(THIS_MODULE))
+		return NULL;
 	dev = kmalloc(sizeof(*dev) + sizeof(*t), GFP_KERNEL);
 	if (dev == NULL) {
-		MOD_DEC_USE_COUNT;
+		module_put(THIS_MODULE);
 		return NULL;
 	}
 	memset(dev, 0, sizeof(*dev) + sizeof(*t));
@@ -297,7 +298,7 @@ static struct ip_tunnel * ipgre_tunnel_locate(struct ip_tunnel_parm *parms, int

 failed:
 	kfree(dev);
-	MOD_DEC_USE_COUNT;
+	module_put(THIS_MODULE);
 	return NULL;
 }

@@ -305,7 +306,7 @@ static void ipgre_tunnel_destructor(struct net_device *dev)
 {
 	if (dev != &ipgre_fb_tunnel_dev) {
 		kfree(dev);
-		MOD_DEC_USE_COUNT;
+		module_put(THIS_MODULE);
 	}
 }

@@ -920,7 +921,8 @@ ipgre_tunnel_ioctl (struct net_device *dev, struct ifreq *ifr, int cmd)
 	struct ip_tunnel_parm p;
 	struct ip_tunnel *t;

-	MOD_INC_USE_COUNT;
+	if (!try_module_get(THIS_MODULE))
+		return -EBUSY;

 	switch (cmd) {
 	case SIOCGETTUNNEL:
@@ -1035,7 +1037,7 @@ ipgre_tunnel_ioctl (struct net_device *dev, struct ifreq *ifr, int cmd)
 	}

 done:
-	MOD_DEC_USE_COUNT;
+	module_put(THIS_MODULE);
 	return err;
 }

@@ -1115,7 +1117,8 @@ static int ipgre_open(struct net_device *dev)
 {
 	struct ip_tunnel *t = (struct ip_tunnel*)dev->priv;

-	MOD_INC_USE_COUNT;
+	if (!try_module_get(THIS_MODULE))
+		return -EBUSY;
 	if (MULTICAST(t->parms.iph.daddr)) {
 		struct flowi fl = { .oif = t->parms.link,
 				    .nl_u = { .ip4_u =
@@ -1125,13 +1128,13 @@ static int ipgre_open(struct net_device *dev)
 				    .proto = IPPROTO_GRE };
 		struct rtable *rt;
 		if (ip_route_output_key(&rt, &fl)) {
-			MOD_DEC_USE_COUNT;
+			module_put(THIS_MODULE);
 			return -EADDRNOTAVAIL;
 		}
 		dev = rt->u.dst.dev;
 		ip_rt_put(rt);
 		if (__in_dev_get(dev) == NULL) {
-			MOD_DEC_USE_COUNT;
+			module_put(THIS_MODULE);
 			return -EADDRNOTAVAIL;
 		}
 		t->mlink = dev->ifindex;
@@ -1150,7 +1153,7 @@ static int ipgre_close(struct net_device *dev)
 			in_dev_put(in_dev);
 		}
 	}
-	MOD_DEC_USE_COUNT;
+	module_put(THIS_MODULE);
 	return 0;
 }

@@ -1247,13 +1250,14 @@ static int ipgre_tunnel_init(struct net_device *dev)
 #ifdef MODULE
 static int ipgre_fb_tunnel_open(struct net_device *dev)
 {
-	MOD_INC_USE_COUNT;
+	if (!try_module_get(THIS_MODULE))
+		return -EBUSY;
 	return 0;
 }

 static int ipgre_fb_tunnel_close(struct net_device *dev)
 {
-	MOD_DEC_USE_COUNT;
+	module_put(THIS_MODULE);
 	return 0;
 }
 #endif

--- a/net/ipv4/ipip.c
+++ b/net/ipv4/ipip.c
@@ -231,10 +231,11 @@ struct ip_tunnel * ipip_tunnel_locate(struct ip_tunnel_parm *parms, int create)
 	if (!create)
 		return NULL;

-	MOD_INC_USE_COUNT;
+	if (!try_module_get(THIS_MODULE))
+		return NULL;
 	dev = kmalloc(sizeof(*dev) + sizeof(*t), GFP_KERNEL);
 	if (dev == NULL) {
-		MOD_DEC_USE_COUNT;
+		module_put(THIS_MODULE);
 		return NULL;
 	}
 	memset(dev, 0, sizeof(*dev) + sizeof(*t));
@@ -266,7 +267,7 @@ struct ip_tunnel * ipip_tunnel_locate(struct ip_tunnel_parm *parms, int create)

 failed:
 	kfree(dev);
-	MOD_DEC_USE_COUNT;
+	module_put(THIS_MODULE);
 	return NULL;
 }

@@ -274,7 +275,7 @@ static void ipip_tunnel_destructor(struct net_device *dev)
 {
 	if (dev != &ipip_fb_tunnel_dev) {
 		kfree(dev);
-		MOD_DEC_USE_COUNT;
+		module_put(THIS_MODULE);
 	}
 }

@@ -682,7 +683,8 @@ ipip_tunnel_ioctl (struct net_device *dev, struct ifreq *ifr, int cmd)
 	struct ip_tunnel_parm p;
 	struct ip_tunnel *t;

-	MOD_INC_USE_COUNT;
+	if (!try_module_get(THIS_MODULE))
+		return -EBUSY;

 	switch (cmd) {
 	case SIOCGETTUNNEL:
@@ -782,7 +784,7 @@ ipip_tunnel_ioctl (struct net_device *dev, struct ifreq *ifr, int cmd)
 	}

 done:
-	MOD_DEC_USE_COUNT;
+	module_put(THIS_MODULE);
 	return err;
 }

@@ -861,13 +863,14 @@ static int ipip_tunnel_init(struct net_device *dev)
 #ifdef MODULE
 static int ipip_fb_tunnel_open(struct net_device *dev)
 {
-	MOD_INC_USE_COUNT;
+	if (!try_module_get(THIS_MODULE))
+		return -EBUSY;
 	return 0;
 }

 static int ipip_fb_tunnel_close(struct net_device *dev)
 {
-	MOD_DEC_USE_COUNT;
+	module_put(THIS_MODULE);
 	return 0;
 }
 #endif

--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -253,6 +253,10 @@ unsigned int arpt_do_table(struct sk_buff **pskb,
 	const char *indev, *outdev;
 	void *table_base;

+	/* FIXME: Push down to extensions --RR */
+	if (skb_is_nonlinear(*pskb) && skb_linearize(*pskb, GFP_ATOMIC) != 0)
+		return NF_DROP;
+
 	indev = in ? in->name : nulldevname;
 	outdev = out ? out->name : nulldevname;


--- a/net/ipv4/netfilter/ip_conntrack_core.c
+++ b/net/ipv4/netfilter/ip_conntrack_core.c
@@ -818,6 +818,10 @@ unsigned int ip_conntrack_in(unsigned int hooknum,
 	if ((*pskb)->nfct)
 		return NF_ACCEPT;

+	/* FIXME: Push down to extensions --RR */
+	if (skb_is_nonlinear(*pskb) && skb_linearize(*pskb, GFP_ATOMIC) != 0)
+		return NF_DROP;
+
 	/* Gather fragments. */
 	if ((*pskb)->nh.iph->frag_off & htons(IP_MF|IP_OFFSET)) {
 		*pskb = ip_ct_gather_frags(*pskb);

--- a/net/ipv4/netfilter/ip_conntrack_standalone.c
+++ b/net/ipv4/netfilter/ip_conntrack_standalone.c
@@ -192,6 +192,10 @@ static unsigned int ip_refrag(unsigned int hooknum,
 {
 	struct rtable *rt = (struct rtable *)(*pskb)->dst;

+	/* FIXME: Push down to extensions --RR */
+	if (skb_is_nonlinear(*pskb) && skb_linearize(*pskb, GFP_ATOMIC) != 0)
+		return NF_DROP;
+
 	/* We've seen it coming out the other side: confirm */
 	if (ip_confirm(hooknum, pskb, in, out, okfn) != NF_ACCEPT)
 		return NF_DROP;
@@ -213,6 +217,10 @@ static unsigned int ip_conntrack_local(unsigned int hooknum,
 				       const struct net_device *out,
 				       int (*okfn)(struct sk_buff *))
 {
+	/* FIXME: Push down to extensions --RR */
+	if (skb_is_nonlinear(*pskb) && skb_linearize(*pskb, GFP_ATOMIC) != 0)
+		return NF_DROP;
+
 	/* root is playing with raw sockets. */
 	if ((*pskb)->len < sizeof(struct iphdr)
 	    || (*pskb)->nh.iph->ihl * 4 < sizeof(struct iphdr)) {

--- a/net/ipv4/netfilter/ip_fw_compat.c
+++ b/net/ipv4/netfilter/ip_fw_compat.c
@@ -75,6 +75,10 @@ fw_in(unsigned int hooknum,
 	int ret = FW_BLOCK;
 	u_int16_t redirpt;

+	/* FIXME: Push down to extensions --RR */
+	if (skb_is_nonlinear(*pskb) && skb_linearize(*pskb, GFP_ATOMIC) != 0)
+		return NF_DROP;
+
 	/* Assume worse case: any hook could change packet */
 	(*pskb)->nfcache |= NFC_UNKNOWN | NFC_ALTERED;
 	if ((*pskb)->ip_summed == CHECKSUM_HW)
@@ -189,6 +193,10 @@ static unsigned int fw_confirm(unsigned int hooknum,
 			       const struct net_device *out,
 			       int (*okfn)(struct sk_buff *))
 {
+	/* FIXME: Push down to extensions --RR */
+	if (skb_is_nonlinear(*pskb) && skb_linearize(*pskb, GFP_ATOMIC) != 0)
+		return NF_DROP;
+
 	return ip_conntrack_confirm(*pskb);
 }


--- a/net/ipv4/netfilter/ip_nat_standalone.c
+++ b/net/ipv4/netfilter/ip_nat_standalone.c
@@ -71,6 +71,10 @@ ip_nat_fn(unsigned int hooknum,
 	/* maniptype == SRC for postrouting. */
 	enum ip_nat_manip_type maniptype = HOOK2MANIP(hooknum);

+	/* FIXME: Push down to extensions --RR */
+	if (skb_is_nonlinear(*pskb) && skb_linearize(*pskb, GFP_ATOMIC) != 0)
+		return NF_DROP;
+
 	/* We never see fragments: conntrack defrags on pre-routing
 	   and local-out, and ip_nat_out protects post-routing. */
 	IP_NF_ASSERT(!((*pskb)->nh.iph->frag_off
@@ -170,6 +174,10 @@ ip_nat_out(unsigned int hooknum,
 	   const struct net_device *out,
 	   int (*okfn)(struct sk_buff *))
 {
+	/* FIXME: Push down to extensions --RR */
+	if (skb_is_nonlinear(*pskb) && skb_linearize(*pskb, GFP_ATOMIC) != 0)
+		return NF_DROP;
+
 	/* root is playing with raw sockets. */
 	if ((*pskb)->len < sizeof(struct iphdr)
 	    || (*pskb)->nh.iph->ihl * 4 < sizeof(struct iphdr))
@@ -205,6 +213,10 @@ ip_nat_local_fn(unsigned int hooknum,
 	u_int32_t saddr, daddr;
 	unsigned int ret;

+	/* FIXME: Push down to extensions --RR */
+	if (skb_is_nonlinear(*pskb) && skb_linearize(*pskb, GFP_ATOMIC) != 0)
+		return NF_DROP;
+
 	/* root is playing with raw sockets. */
 	if ((*pskb)->len < sizeof(struct iphdr)
 	    || (*pskb)->nh.iph->ihl * 4 < sizeof(struct iphdr))

--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -271,6 +271,10 @@ ipt_do_table(struct sk_buff **pskb,
 	void *table_base;
 	struct ipt_entry *e, *back;

+	/* FIXME: Push down to extensions --RR */
+	if (skb_is_nonlinear(*pskb) && skb_linearize(*pskb, GFP_ATOMIC) != 0)
+		return NF_DROP;
+
 	/* Initialization */
 	ip = (*pskb)->nh.iph;
 	protohdr = (u_int32_t *)ip + ip->ihl;

--- a/net/ipv4/netfilter/iptable_filter.c
+++ b/net/ipv4/netfilter/iptable_filter.c
@@ -107,6 +107,10 @@ ipt_local_out_hook(unsigned int hook,
 		   const struct net_device *out,
 		   int (*okfn)(struct sk_buff *))
 {
+	/* FIXME: Push down to extensions --RR */
+	if (skb_is_nonlinear(*pskb) && skb_linearize(*pskb, GFP_ATOMIC) != 0)
+		return NF_DROP;
+
 	/* root is playing with raw sockets. */
 	if ((*pskb)->len < sizeof(struct iphdr)
 	    || (*pskb)->nh.iph->ihl * 4 < sizeof(struct iphdr)) {

--- a/net/ipv4/netfilter/iptable_mangle.c
+++ b/net/ipv4/netfilter/iptable_mangle.c
@@ -145,6 +145,10 @@ ipt_local_hook(unsigned int hook,
 	u_int32_t saddr, daddr;
 	unsigned long nfmark;

+	/* FIXME: Push down to extensions --RR */
+	if (skb_is_nonlinear(*pskb) && skb_linearize(*pskb, GFP_ATOMIC) != 0)
+		return NF_DROP;
+
 	/* root is playing with raw sockets. */
 	if ((*pskb)->len < sizeof(struct iphdr)
 	    || (*pskb)->nh.iph->ihl * 4 < sizeof(struct iphdr)) {

--- a/net/ipv6/af_inet6.c
+++ b/net/ipv6/af_inet6.c
@@ -111,7 +111,7 @@ static void inet6_sock_destruct(struct sock *sk)
 #ifdef INET_REFCNT_DEBUG
 	atomic_dec(&inet6_sock_nr);
 #endif
-	MOD_DEC_USE_COUNT;
+	module_put(THIS_MODULE);
 }

 static __inline__ kmem_cache_t *inet6_sk_slab(int protocol)
@@ -242,7 +242,10 @@ static int inet6_create(struct socket *sock, int protocol)
 	atomic_inc(&inet6_sock_nr);
 	atomic_inc(&inet_sock_nr);
 #endif
-	MOD_INC_USE_COUNT;
+	if (!try_get_module(THIS_MODULE)) {
+		inet_sock_release(sk);
+		return -EBUSY;
+	}

 	if (inet->num) {
 		/* It assumes that any protocol which allows
@@ -255,7 +258,7 @@ static int inet6_create(struct socket *sock, int protocol)
 	if (sk->prot->init) {
 		int err = sk->prot->init(sk);
 		if (err != 0) {
-			MOD_DEC_USE_COUNT;
+			module_put(THIS_MODULE);
 			inet_sock_release(sk);
 			return err;
 		}

--- a/net/ipv6/ipv6_sockglue.c
+++ b/net/ipv6/ipv6_sockglue.c
@@ -196,7 +196,7 @@ int ipv6_setsockopt(struct sock *sk, int level, int optname, char *optval,
 #ifdef INET_REFCNT_DEBUG
 			atomic_dec(&inet6_sock_nr);
 #endif
-			MOD_DEC_USE_COUNT;
+			module_put(THIS_MODULE);
 			retv = 0;
 			break;
 		}

--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -343,6 +343,10 @@ ip6t_do_table(struct sk_buff **pskb,
 	void *table_base;
 	struct ip6t_entry *e, *back;

+	/* FIXME: Push down to extensions --RR */
+	if (skb_is_nonlinear(*pskb) && skb_linearize(*pskb, GFP_ATOMIC) != 0)
+		return NF_DROP;
+
 	/* Initialization */
 	ipv6 = (*pskb)->nh.ipv6h;
 	protohdr = (u_int32_t *)((char *)ipv6 + IPV6_HDR_LEN);

--- a/net/ipv6/netfilter/ip6table_mangle.c
+++ b/net/ipv6/netfilter/ip6table_mangle.c
@@ -154,6 +154,10 @@ ip6t_local_hook(unsigned int hook,
 	}
 #endif

+	/* FIXME: Push down to extensions --RR */
+	if (skb_is_nonlinear(*pskb) && skb_linearize(*pskb, GFP_ATOMIC) != 0)
+		return NF_DROP;
+
 	/* save source/dest address, nfmark, hoplimit, flowlabel, priority,  */
 	memcpy(&saddr, &(*pskb)->nh.ipv6h->saddr, sizeof(saddr));
 	memcpy(&daddr, &(*pskb)->nh.ipv6h->daddr, sizeof(daddr));

--- a/net/ipv6/sit.c
+++ b/net/ipv6/sit.c
@@ -170,10 +170,11 @@ static struct ip_tunnel * ipip6_tunnel_locate(struct ip_tunnel_parm *parms, int
 	if (!create)
 		return NULL;

-	MOD_INC_USE_COUNT;
+	if (!try_module_get(THIS_MODULE))
+		return NULL;
 	dev = kmalloc(sizeof(*dev) + sizeof(*t), GFP_KERNEL);
 	if (dev == NULL) {
-		MOD_DEC_USE_COUNT;
+		module_put(THIS_MODULE);
 		return NULL;
 	}
 	memset(dev, 0, sizeof(*dev) + sizeof(*t));
@@ -205,7 +206,7 @@ static struct ip_tunnel * ipip6_tunnel_locate(struct ip_tunnel_parm *parms, int

 failed:
 	kfree(dev);
-	MOD_DEC_USE_COUNT;
+	module_put(THIS_MODULE);
 	return NULL;
 }

@@ -213,7 +214,7 @@ static void ipip6_tunnel_destructor(struct net_device *dev)
 {
 	if (dev != &ipip6_fb_tunnel_dev) {
 		kfree(dev);
-		MOD_DEC_USE_COUNT;
+		module_put(THIS_MODULE);
 	}
 }

@@ -622,7 +623,8 @@ ipip6_tunnel_ioctl (struct net_device *dev, struct ifreq *ifr, int cmd)
 	struct ip_tunnel_parm p;
 	struct ip_tunnel *t;

-	MOD_INC_USE_COUNT;
+	if (!try_module_get(THIS_MODULE))
+		return -EBUSY;

 	switch (cmd) {
 	case SIOCGETTUNNEL:
@@ -721,7 +723,7 @@ ipip6_tunnel_ioctl (struct net_device *dev, struct ifreq *ifr, int cmd)
 	}

 done:
-	MOD_DEC_USE_COUNT;
+	module_put(THIS_MODULE);
 	return err;
 }

@@ -801,13 +803,14 @@ static int ipip6_tunnel_init(struct net_device *dev)
 #ifdef MODULE
 static int ipip6_fb_tunnel_open(struct net_device *dev)
 {
-	MOD_INC_USE_COUNT;
+	if (!try_module_get(THIS_MODULE))
+		return -EBUSY;
 	return 0;
 }

 static int ipip6_fb_tunnel_close(struct net_device *dev)
 {
-	MOD_DEC_USE_COUNT;
+	module_put(THIS_MODULE);
 	return 0;
 }
 #endif

--- a/net/sched/sch_dsmark.c
+++ b/net/sched/sch_dsmark.c
@@ -193,6 +193,7 @@ static int dsmark_enqueue(struct sk_buff *skb,struct Qdisc *sch)

 	D2PRINTK("dsmark_enqueue(skb %p,sch %p,[qdisc %p])\n",skb,sch,p);
 	if (p->set_tc_index) {
+		/* FIXME: Safe with non-linear skbs? --RR */
 		switch (skb->protocol) {
 			case __constant_htons(ETH_P_IP):
 				skb->tc_index = ipv4_get_dsfield(skb->nh.iph);

--- a/net/sched/sch_ingress.c
+++ b/net/sched/sch_ingress.c
@@ -222,6 +222,11 @@ used on the egress (might slow things for an iota)
 */

 	if (dev->qdisc_ingress) {
+		/* FIXME: Push down to ->enqueue functions --RR */
+		if (skb_is_nonlinear(*pskb)
+		    && skb_linearize(*pskb, GFP_ATOMIC) != 0)
+			return NF_DROP;
+
 		spin_lock(&dev->queue_lock);
 		if ((q = dev->qdisc_ingress) != NULL)
 			fwres = q->enqueue(skb, q);