[IPV6] mcast: Fix multiple issues in MLDv2 reports.

	struct in6_addr		addr;

	int			ifindex;

	struct ipv6_mc_socklist *next;

	rwlock_t		sflock;

	unsigned int		sfmode;		/* MCAST_{INCLUDE,EXCLUDE} */

	struct ip6_sf_socklist	*sflist;

};

	mc_lst->ifindex = dev->ifindex;

	mc_lst->sfmode = MCAST_EXCLUDE;

	mc_lst->sflock = RW_LOCK_UNLOCKED;

	mc_lst->sflist = NULL;

	/*

	struct ip6_sf_socklist *psl;

	int i, j, rv;

	int leavegroup = 0;

	int pmclocked = 0;

	int err;

	if (pgsr->gsr_group.ss_family != AF_INET6 ||

		pmc->sfmode = omode;

	}

	write_lock_bh(&pmc->sflock);

	pmclocked = 1;

	psl = pmc->sflist;

	if (!add) {

		if (!psl)

	/* update the interface list */

	ip6_mc_add_src(idev, group, omode, 1, source, 1);

done:

	if (pmclocked)

		write_unlock_bh(&pmc->sflock);

	read_unlock_bh(&ipv6_sk_mc_lock);

	read_unlock_bh(&idev->lock);

	in6_dev_put(idev);

	dev = idev->dev;

	err = 0;

	read_lock_bh(&ipv6_sk_mc_lock);

	if (gsf->gf_fmode == MCAST_INCLUDE && gsf->gf_numsrc == 0) {

		leavegroup = 1;

		goto done;

		newpsl = NULL;

		(void) ip6_mc_add_src(idev, group, gsf->gf_fmode, 0, NULL, 0);

	}

	write_lock_bh(&pmc->sflock);

	psl = pmc->sflist;

	if (psl) {

		(void) ip6_mc_del_src(idev, group, pmc->sfmode,

		(void) ip6_mc_del_src(idev, group, pmc->sfmode, 0, NULL, 0);

	pmc->sflist = newpsl;

	pmc->sfmode = gsf->gf_fmode;

	write_unlock_bh(&pmc->sflock);

	err = 0;

done:

	read_unlock_bh(&ipv6_sk_mc_lock);

	read_unlock_bh(&idev->lock);

	in6_dev_put(idev);

	dev_put(dev);

	dev = idev->dev;

	err = -EADDRNOTAVAIL;

	/*

	 * changes to the ipv6_mc_list require the socket lock and

	 * a read lock on ip6_sk_mc_lock. We have the socket lock,

	 * so reading the list is safe.

	 */

	for (pmc=inet6->ipv6_mc_list; pmc; pmc=pmc->next) {

		if (pmc->ifindex != gsf->gf_interface)

	    copy_to_user(optval, gsf, GROUP_FILTER_SIZE(0))) {

		return -EFAULT;

	}

	/* changes to psl require the socket lock, a read lock on

	 * on ipv6_sk_mc_lock and a write lock on pmc->sflock. We

	 * have the socket lock, so reading here is safe.

	 */

	for (i=0; i<copycount; i++) {

		struct sockaddr_in6 *psin6;

		struct sockaddr_storage ss;

		read_unlock(&ipv6_sk_mc_lock);

		return 1;

	}

	read_lock(&mc->sflock);

	psl = mc->sflist;

	if (!psl) {

		rv = mc->sfmode == MCAST_EXCLUDE;

		if (mc->sfmode == MCAST_EXCLUDE && i < psl->sl_count)

			rv = 0;

	}

	read_unlock(&mc->sflock);

	read_unlock(&ipv6_sk_mc_lock);

	return rv;

	ma->mca_flags |= MAF_TIMER_RUNNING;

}

static void mld_marksources(struct ifmcaddr6 *pmc, int nsrcs,

/* mark EXCLUDE-mode sources */

static int mld_xmarksources(struct ifmcaddr6 *pmc, int nsrcs,

	struct in6_addr *srcs)

{

	struct ip6_sf_list *psf;

	int i, scount;

	scount = 0;

	for (psf=pmc->mca_sources; psf; psf=psf->sf_next) {

		if (scount == nsrcs)

			break;

		for (i=0; i<nsrcs; i++) {

			/* skip inactive filters */

			if (pmc->mca_sfcount[MCAST_INCLUDE] ||

			    pmc->mca_sfcount[MCAST_EXCLUDE] !=

			    psf->sf_count[MCAST_EXCLUDE])

				continue;

			if (ipv6_addr_equal(&srcs[i], &psf->sf_addr)) {

				scount++;

				break;

			}

		}

	}

	pmc->mca_flags &= ~MAF_GSQUERY;

	if (scount == nsrcs)	/* all sources excluded */

		return 0;

	return 1;

}

static int mld_marksources(struct ifmcaddr6 *pmc, int nsrcs,

	struct in6_addr *srcs)

{

	struct ip6_sf_list *psf;

	int i, scount;

	if (pmc->mca_sfmode == MCAST_EXCLUDE)

		return mld_xmarksources(pmc, nsrcs, srcs);

	/* mark INCLUDE-mode sources */

	scount = 0;

	for (psf=pmc->mca_sources; psf; psf=psf->sf_next) {

		if (scount == nsrcs)

			break;

		for (i=0; i<nsrcs; i++)

		for (i=0; i<nsrcs; i++) {

			if (ipv6_addr_equal(&srcs[i], &psf->sf_addr)) {

				psf->sf_gsresp = 1;

				scount++;

			}

		}

	}

	if (!scount) {

		pmc->mca_flags &= ~MAF_GSQUERY;

		return 0;

	}

	pmc->mca_flags |= MAF_GSQUERY;

	return 1;

}

int igmp6_event_query(struct sk_buff *skb)

{

		/* mark sources to include, if group & source-specific */

		if (mlh2->nsrcs != 0) {

			if (!pskb_may_pull(skb, srcs_offset + 

				mlh2->nsrcs * sizeof(struct in6_addr))) {

			    ntohs(mlh2->nsrcs) * sizeof(struct in6_addr))) {

				in6_dev_put(idev);

				return -EINVAL;

			}

				else

					ma->mca_flags &= ~MAF_GSQUERY;

			}

			if (ma->mca_flags & MAF_GSQUERY)

				mld_marksources(ma, ntohs(mlh2->nsrcs),

					mlh2->srcs);

			if (!(ma->mca_flags & MAF_GSQUERY) ||

			   mld_marksources(ma, ntohs(mlh2->nsrcs), mlh2->srcs))

				igmp6_group_queried(ma, max_delay);

			spin_unlock_bh(&ma->mca_lock);

			if (group_type != IPV6_ADDR_ANY)

	case MLD2_MODE_IS_EXCLUDE:

		if (gdeleted || sdeleted)

			return 0;

		return !((pmc->mca_flags & MAF_GSQUERY) && !psf->sf_gsresp);

		if (!((pmc->mca_flags & MAF_GSQUERY) && !psf->sf_gsresp)) {

			if (pmc->mca_sfmode == MCAST_INCLUDE)

				return 1;

			/* don't include if this source is excluded

			 * in all filters

			 */

			if (psf->sf_count[MCAST_INCLUDE])

				return 0;

			return pmc->mca_sfcount[MCAST_EXCLUDE] ==

				psf->sf_count[MCAST_EXCLUDE];

		}

		return 0;

	case MLD2_CHANGE_TO_INCLUDE:

		if (gdeleted || sdeleted)

			return 0;

	struct mld2_report *pmr;

	struct mld2_grec *pgr = NULL;

	struct ip6_sf_list *psf, *psf_next, *psf_prev, **psf_list;

	int scount, first, isquery, truncate;

	int scount, stotal, first, isquery, truncate;

	if (pmc->mca_flags & MAF_NOREPORT)

		return skb;

	truncate = type == MLD2_MODE_IS_EXCLUDE ||

		    type == MLD2_CHANGE_TO_EXCLUDE;

	stotal = scount = 0;

	psf_list = sdeleted ? &pmc->mca_tomb : &pmc->mca_sources;

	if (!*psf_list) {

		if (type == MLD2_ALLOW_NEW_SOURCES ||

		    type == MLD2_BLOCK_OLD_SOURCES)

			return skb;

		if (pmc->mca_crcount || isquery) {

			/* make sure we have room for group header and at

			 * least one source.

			 */

			if (skb && AVAILABLE(skb) < sizeof(struct mld2_grec)+

			    sizeof(struct in6_addr)) {

				mld_sendpack(skb);

				skb = NULL; /* add_grhead will get a new one */

			}

			skb = add_grhead(skb, pmc, type, &pgr);

		}

		return skb;

	}

	if (!*psf_list)

		goto empty_source;

	pmr = skb ? (struct mld2_report *)skb->h.raw : NULL;

	/* EX and TO_EX get a fresh packet, if needed */

		}

	}

	first = 1;

	scount = 0;

	psf_prev = NULL;

	for (psf=*psf_list; psf; psf=psf_next) {

		struct in6_addr *psrc;

		}

		psrc = (struct in6_addr *)skb_put(skb, sizeof(*psrc));

		*psrc = psf->sf_addr;

		scount++;

		scount++; stotal++;

		if ((type == MLD2_ALLOW_NEW_SOURCES ||

		     type == MLD2_BLOCK_OLD_SOURCES) && psf->sf_crcount) {

			psf->sf_crcount--;

		}

		psf_prev = psf;

	}

empty_source:

	if (!stotal) {

		if (type == MLD2_ALLOW_NEW_SOURCES ||

		    type == MLD2_BLOCK_OLD_SOURCES)

			return skb;

		if (pmc->mca_crcount || isquery) {

			/* make sure we have room for group header */

			if (skb && AVAILABLE(skb) < sizeof(struct mld2_grec)) {

				mld_sendpack(skb);

				skb = NULL; /* add_grhead will get a new one */

			}

			skb = add_grhead(skb, pmc, type, &pgr);

		}

	}

	if (pgr)

		pgr->grec_nsrcs = htons(scount);

			skb = add_grec(skb, pmc, dtype, 1, 1);

		}

		if (pmc->mca_crcount) {

			pmc->mca_crcount--;

			if (pmc->mca_sfmode == MCAST_EXCLUDE) {

				type = MLD2_CHANGE_TO_INCLUDE;

				skb = add_grec(skb, pmc, type, 1, 0);

			}

			pmc->mca_crcount--;

			if (pmc->mca_crcount == 0) {

				mld_clear_zeros(&pmc->mca_tomb);

				mld_clear_zeros(&pmc->mca_sources);

		/* filter mode changes */

		if (pmc->mca_crcount) {

			pmc->mca_crcount--;

			if (pmc->mca_sfmode == MCAST_EXCLUDE)

				type = MLD2_CHANGE_TO_EXCLUDE;

			else

				type = MLD2_CHANGE_TO_INCLUDE;

			skb = add_grec(skb, pmc, type, 0, 0);

			pmc->mca_crcount--;

		}

		spin_unlock_bh(&pmc->mca_lock);

	}

{

	int err;

	/* callers have the socket lock and a write lock on ipv6_sk_mc_lock,

	 * so no other readers or writers of iml or its sflist

	 */

	if (iml->sflist == 0) {

		/* any-source empty exclude case */

		return ip6_mc_del_src(idev, &iml->addr, iml->sfmode, 0, NULL, 0);