!5113 fix CVE-2023-52578

 *	(unsigned long) so they can be read and written atomically.

 */

#define NET_DEV_STAT(FIELD)			\

	union {					\

		unsigned long FIELD;		\

		atomic_long_t __##FIELD;	\

	}

struct net_device_stats {

	unsigned long	rx_packets;

	unsigned long	tx_packets;

	unsigned long	rx_bytes;

	unsigned long	tx_bytes;

	unsigned long	rx_errors;

	unsigned long	tx_errors;

	unsigned long	rx_dropped;

	unsigned long	tx_dropped;

	unsigned long	multicast;

	unsigned long	collisions;

	unsigned long	rx_length_errors;

	unsigned long	rx_over_errors;

	unsigned long	rx_crc_errors;

	unsigned long	rx_frame_errors;

	unsigned long	rx_fifo_errors;

	unsigned long	rx_missed_errors;

	unsigned long	tx_aborted_errors;

	unsigned long	tx_carrier_errors;

	unsigned long	tx_fifo_errors;

	unsigned long	tx_heartbeat_errors;

	unsigned long	tx_window_errors;

	unsigned long	rx_compressed;

	unsigned long	tx_compressed;

	KABI_REPLACE(unsigned long rx_packets,

			NET_DEV_STAT(rx_packets))

	KABI_REPLACE(unsigned long tx_packets,

			NET_DEV_STAT(tx_packets))

	KABI_REPLACE(unsigned long rx_bytes,

			NET_DEV_STAT(rx_bytes))

	KABI_REPLACE(unsigned long tx_bytes,

			NET_DEV_STAT(tx_bytes))

	KABI_REPLACE(unsigned long rx_errors,

			NET_DEV_STAT(rx_errors))

	KABI_REPLACE(unsigned long tx_errors,

			NET_DEV_STAT(tx_errors))

	KABI_REPLACE(unsigned long rx_dropped,

			NET_DEV_STAT(rx_dropped))

	KABI_REPLACE(unsigned long tx_dropped,

			NET_DEV_STAT(tx_dropped))

	KABI_REPLACE(unsigned long multicast,

			NET_DEV_STAT(multicast))

	KABI_REPLACE(unsigned long collisions,

			NET_DEV_STAT(collisions))

	KABI_REPLACE(unsigned long rx_length_errors,

			NET_DEV_STAT(rx_length_errors))

	KABI_REPLACE(unsigned long rx_over_errors,

			NET_DEV_STAT(rx_over_errors))

	KABI_REPLACE(unsigned long rx_crc_errors,

			NET_DEV_STAT(rx_crc_errors))

	KABI_REPLACE(unsigned long rx_frame_errors,

			NET_DEV_STAT(rx_frame_errors))

	KABI_REPLACE(unsigned long rx_fifo_errors,

			NET_DEV_STAT(rx_fifo_errors))

	KABI_REPLACE(unsigned long rx_missed_errors,

			NET_DEV_STAT(rx_missed_errors))

	KABI_REPLACE(unsigned long tx_aborted_errors,

			NET_DEV_STAT(tx_aborted_errors))

	KABI_REPLACE(unsigned long tx_carrier_errors,

			NET_DEV_STAT(tx_carrier_errors))

	KABI_REPLACE(unsigned long tx_fifo_errors,

			NET_DEV_STAT(tx_fifo_errors))

	KABI_REPLACE(unsigned long tx_heartbeat_errors,

			NET_DEV_STAT(tx_heartbeat_errors))

	KABI_REPLACE(unsigned long tx_window_errors,

			NET_DEV_STAT(tx_window_errors))

	KABI_REPLACE(unsigned long rx_compressed,

			NET_DEV_STAT(rx_compressed))

	KABI_REPLACE(unsigned long tx_compressed,

			NET_DEV_STAT(tx_compressed))

};

#undef NET_DEV_STAT

#include <linux/cache.h>

extern struct net_device *blackhole_netdev;

/* Note: Avoid these macros in fast path, prefer per-cpu or per-queue counters. */

#define DEV_STATS_INC(DEV, FIELD) atomic_long_inc(&(DEV)->stats.__##FIELD)

#define DEV_STATS_ADD(DEV, FIELD, VAL) 	\

		atomic_long_add((VAL), &(DEV)->stats.__##FIELD)

#endif	/* _LINUX_NETDEVICE_H */

static inline void skb_tunnel_rx(struct sk_buff *skb, struct net_device *dev,

				 struct net *net)

{

	/* TODO : stats should be SMP safe */

	dev->stats.rx_packets++;

	dev->stats.rx_bytes += skb->len;

	DEV_STATS_INC(dev, rx_packets);

	DEV_STATS_ADD(dev, rx_bytes, skb->len);

	__skb_tunnel_rx(skb, dev, net);

}

	skb = skb_clone(skb, GFP_ATOMIC);

	if (!skb) {

		dev->stats.tx_dropped++;

		DEV_STATS_INC(dev, tx_dropped);

		return -ENOMEM;

	}

	skb = skb_copy(skb, GFP_ATOMIC);

	if (!skb) {

		dev->stats.tx_dropped++;

		DEV_STATS_INC(dev, tx_dropped);

		return;

	}

			if ((mdst && mdst->host_joined) ||

			    br_multicast_is_router(br)) {

				local_rcv = true;

				br->dev->stats.multicast++;

				DEV_STATS_INC(br->dev, multicast);

			}

			mcast_hit = true;

		} else {

			local_rcv = true;

			br->dev->stats.multicast++;

			DEV_STATS_INC(br->dev, multicast);

		}

		break;

	case BR_PKT_UNICAST:

void netdev_stats_to_stats64(struct rtnl_link_stats64 *stats64,

			     const struct net_device_stats *netdev_stats)

{

#if BITS_PER_LONG == 64

	BUILD_BUG_ON(sizeof(*stats64) < sizeof(*netdev_stats));

	memcpy(stats64, netdev_stats, sizeof(*netdev_stats));

	/* zero out counters that only exist in rtnl_link_stats64 */

	memset((char *)stats64 + sizeof(*netdev_stats), 0,

	       sizeof(*stats64) - sizeof(*netdev_stats));

#else

	size_t i, n = sizeof(*netdev_stats) / sizeof(unsigned long);

	const unsigned long *src = (const unsigned long *)netdev_stats;

	size_t i, n = sizeof(*netdev_stats) / sizeof(atomic_long_t);

	const atomic_long_t *src = (atomic_long_t *)netdev_stats;

	u64 *dst = (u64 *)stats64;

	BUILD_BUG_ON(n > sizeof(*stats64) / sizeof(u64));

	for (i = 0; i < n; i++)

		dst[i] = src[i];

		dst[i] = (unsigned long)atomic_long_read(&src[i]);

	/* zero out counters that only exist in rtnl_link_stats64 */

	memset((char *)stats64 + n * sizeof(u64), 0,

	       sizeof(*stats64) - n * sizeof(u64));

#endif

}

EXPORT_SYMBOL(netdev_stats_to_stats64);