--- /dev/null
+From greearb@candelatech.com Thu Apr 5 22:52:18 2007
+From: Francois Romieu <romieu@fr.zoreil.com>
+Date: Thu, 05 Apr 2007 22:52:12 -0700
+Subject: 8139too: RTNL and flush_scheduled_work deadlock
+To: gregkh@suse.de, NetDev <netdev@vger.kernel.org>
+Message-ID: <4615E00C.9070406@candelatech.com>
+
+From: Francois Romieu <romieu@fr.zoreil.com>
+
+Your usual dont-flush_scheduled_work-with-RTNL-held stuff.
+
+It is a bit different here since the thread runs permanently
+or is only occasionally kicked for recovery depending on the
+hardware revision.
+
+Signed-off-by: Francois Romieu <romieu@fr.zoreil.com>
+Cc: Ben Greear <greearb@candelatech.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/net/8139too.c | 40 +++++++++++++++++-----------------------
+ 1 file changed, 17 insertions(+), 23 deletions(-)
+
+--- a/drivers/net/8139too.c
++++ b/drivers/net/8139too.c
+@@ -1109,6 +1109,8 @@ static void __devexit rtl8139_remove_one
+
+ assert (dev != NULL);
+
++ flush_scheduled_work();
++
+ unregister_netdev (dev);
+
+ __rtl8139_cleanup_dev (dev);
+@@ -1603,18 +1605,21 @@ static void rtl8139_thread (struct work_
+ struct net_device *dev = tp->mii.dev;
+ unsigned long thr_delay = next_tick;
+
++ rtnl_lock();
++
++ if (!netif_running(dev))
++ goto out_unlock;
++
+ if (tp->watchdog_fired) {
+ tp->watchdog_fired = 0;
+ rtl8139_tx_timeout_task(work);
+- } else if (rtnl_trylock()) {
+- rtl8139_thread_iter (dev, tp, tp->mmio_addr);
+- rtnl_unlock ();
+- } else {
+- /* unlikely race. mitigate with fast poll. */
+- thr_delay = HZ / 2;
+- }
++ } else
++ rtl8139_thread_iter(dev, tp, tp->mmio_addr);
+
+- schedule_delayed_work(&tp->thread, thr_delay);
++ if (tp->have_thread)
++ schedule_delayed_work(&tp->thread, thr_delay);
++out_unlock:
++ rtnl_unlock ();
+ }
+
+ static void rtl8139_start_thread(struct rtl8139_private *tp)
+@@ -1626,19 +1631,11 @@ static void rtl8139_start_thread(struct
+ return;
+
+ tp->have_thread = 1;
++ tp->watchdog_fired = 0;
+
+ schedule_delayed_work(&tp->thread, next_tick);
+ }
+
+-static void rtl8139_stop_thread(struct rtl8139_private *tp)
+-{
+- if (tp->have_thread) {
+- cancel_rearming_delayed_work(&tp->thread);
+- tp->have_thread = 0;
+- } else
+- flush_scheduled_work();
+-}
+-
+ static inline void rtl8139_tx_clear (struct rtl8139_private *tp)
+ {
+ tp->cur_tx = 0;
+@@ -1696,12 +1693,11 @@ static void rtl8139_tx_timeout (struct n
+ {
+ struct rtl8139_private *tp = netdev_priv(dev);
+
++ tp->watchdog_fired = 1;
+ if (!tp->have_thread) {
+- INIT_DELAYED_WORK(&tp->thread, rtl8139_tx_timeout_task);
++ INIT_DELAYED_WORK(&tp->thread, rtl8139_thread);
+ schedule_delayed_work(&tp->thread, next_tick);
+- } else
+- tp->watchdog_fired = 1;
+-
++ }
+ }
+
+ static int rtl8139_start_xmit (struct sk_buff *skb, struct net_device *dev)
+@@ -2233,8 +2229,6 @@ static int rtl8139_close (struct net_dev
+
+ netif_stop_queue (dev);
+
+- rtl8139_stop_thread(tp);
+-
+ if (netif_msg_ifdown(tp))
+ printk(KERN_DEBUG "%s: Shutting down ethercard, status was 0x%4.4x.\n",
+ dev->name, RTL_R16 (IntrStatus));
--- /dev/null
+From stable-bounces@linux.kernel.org Tue Apr 10 13:31:04 2007
+From: Patrick McHardy <kaber@trash.net>
+Date: Tue, 10 Apr 2007 13:29:44 -0700 (PDT)
+Subject: Fix IFB net driver input device crashes
+To: stable@kernel.org
+Cc: bunk@stusta.de
+Message-ID: <20070410.132944.74388435.davem@davemloft.net>
+
+From: Patrick McHardy <kaber@trash.net>
+
+[IFB]: Fix crash on input device removal
+
+The input_device pointer is not refcounted, which means the device may
+disappear while packets are queued, causing a crash when ifb passes packets
+with a stale skb->dev pointer to netif_rx().
+
+Fix by storing the interface index instead and do a lookup where neccessary.
+
+Signed-off-by: Patrick McHardy <kaber@trash.net>
+Acked-by: Jamal Hadi Salim <hadi@cyberus.ca>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/net/ifb.c | 35 +++++++++++++----------------------
+ include/linux/skbuff.h | 5 +++--
+ include/net/pkt_cls.h | 7 +++++--
+ net/core/dev.c | 8 ++++----
+ net/core/skbuff.c | 2 +-
+ net/sched/act_mirred.c | 2 +-
+ 6 files changed, 27 insertions(+), 32 deletions(-)
+
+--- a/drivers/net/ifb.c
++++ b/drivers/net/ifb.c
+@@ -96,17 +96,24 @@ static void ri_tasklet(unsigned long dev
+ skb->tc_verd = SET_TC_NCLS(skb->tc_verd);
+ stats->tx_packets++;
+ stats->tx_bytes +=skb->len;
++
++ skb->dev = __dev_get_by_index(skb->iif);
++ if (!skb->dev) {
++ dev_kfree_skb(skb);
++ stats->tx_dropped++;
++ break;
++ }
++ skb->iif = _dev->ifindex;
++
+ if (from & AT_EGRESS) {
+ dp->st_rx_frm_egr++;
+ dev_queue_xmit(skb);
+ } else if (from & AT_INGRESS) {
+-
+ dp->st_rx_frm_ing++;
++ skb_pull(skb, skb->dev->hard_header_len);
+ netif_rx(skb);
+- } else {
+- dev_kfree_skb(skb);
+- stats->tx_dropped++;
+- }
++ } else
++ BUG();
+ }
+
+ if (netif_tx_trylock(_dev)) {
+@@ -157,26 +164,10 @@ static int ifb_xmit(struct sk_buff *skb,
+ stats->rx_packets++;
+ stats->rx_bytes+=skb->len;
+
+- if (!from || !skb->input_dev) {
+-dropped:
++ if (!(from & (AT_INGRESS|AT_EGRESS)) || !skb->iif) {
+ dev_kfree_skb(skb);
+ stats->rx_dropped++;
+ return ret;
+- } else {
+- /*
+- * note we could be going
+- * ingress -> egress or
+- * egress -> ingress
+- */
+- skb->dev = skb->input_dev;
+- skb->input_dev = dev;
+- if (from & AT_INGRESS) {
+- skb_pull(skb, skb->dev->hard_header_len);
+- } else {
+- if (!(from & AT_EGRESS)) {
+- goto dropped;
+- }
+- }
+ }
+
+ if (skb_queue_len(&dp->rq) >= dev->tx_queue_len) {
+--- a/include/linux/skbuff.h
++++ b/include/linux/skbuff.h
+@@ -188,7 +188,7 @@ enum {
+ * @sk: Socket we are owned by
+ * @tstamp: Time we arrived
+ * @dev: Device we arrived on/are leaving by
+- * @input_dev: Device we arrived on
++ * @iif: ifindex of device we arrived on
+ * @h: Transport layer header
+ * @nh: Network layer header
+ * @mac: Link layer header
+@@ -235,7 +235,8 @@ struct sk_buff {
+ struct sock *sk;
+ struct skb_timeval tstamp;
+ struct net_device *dev;
+- struct net_device *input_dev;
++ int iif;
++ /* 4 byte hole on 64 bit*/
+
+ union {
+ struct tcphdr *th;
+--- a/include/net/pkt_cls.h
++++ b/include/net/pkt_cls.h
+@@ -352,10 +352,13 @@ tcf_change_indev(struct tcf_proto *tp, c
+ static inline int
+ tcf_match_indev(struct sk_buff *skb, char *indev)
+ {
++ struct net_device *dev;
++
+ if (indev[0]) {
+- if (!skb->input_dev)
++ if (!skb->iif)
+ return 0;
+- if (strcmp(indev, skb->input_dev->name))
++ dev = __dev_get_by_index(skb->iif);
++ if (!dev || strcmp(indev, dev->name))
+ return 0;
+ }
+
+--- a/net/core/dev.c
++++ b/net/core/dev.c
+@@ -1741,8 +1741,8 @@ static int ing_filter(struct sk_buff *sk
+ if (dev->qdisc_ingress) {
+ __u32 ttl = (__u32) G_TC_RTTL(skb->tc_verd);
+ if (MAX_RED_LOOP < ttl++) {
+- printk(KERN_WARNING "Redir loop detected Dropping packet (%s->%s)\n",
+- skb->input_dev->name, skb->dev->name);
++ printk(KERN_WARNING "Redir loop detected Dropping packet (%d->%d)\n",
++ skb->iif, skb->dev->ifindex);
+ return TC_ACT_SHOT;
+ }
+
+@@ -1775,8 +1775,8 @@ int netif_receive_skb(struct sk_buff *sk
+ if (!skb->tstamp.off_sec)
+ net_timestamp(skb);
+
+- if (!skb->input_dev)
+- skb->input_dev = skb->dev;
++ if (!skb->iif)
++ skb->iif = skb->dev->ifindex;
+
+ orig_dev = skb_bond(skb);
+
+--- a/net/core/skbuff.c
++++ b/net/core/skbuff.c
+@@ -497,7 +497,7 @@ struct sk_buff *skb_clone(struct sk_buff
+ n->tc_verd = SET_TC_VERD(skb->tc_verd,0);
+ n->tc_verd = CLR_TC_OK2MUNGE(n->tc_verd);
+ n->tc_verd = CLR_TC_MUNGED(n->tc_verd);
+- C(input_dev);
++ C(iif);
+ #endif
+ skb_copy_secmark(n, skb);
+ #endif
+--- a/net/sched/act_mirred.c
++++ b/net/sched/act_mirred.c
+@@ -199,7 +199,7 @@ bad_mirred:
+ skb2->tc_verd = SET_TC_FROM(skb2->tc_verd, at);
+
+ skb2->dev = dev;
+- skb2->input_dev = skb->dev;
++ skb2->iif = skb->dev->ifindex;
+ dev_queue_xmit(skb2);
+ spin_unlock(&m->tcf_lock);
+ return m->tcf_action;
--- /dev/null
+From stable-bounces@linux.kernel.org Tue Apr 10 13:38:39 2007
+From: Herbert Xu <herbert@gondor.apana.org.au>
+Date: Tue, 10 Apr 2007 13:37:24 -0700 (PDT)
+Subject: Fix IPSEC replay window handling
+To: stable@kernel.org
+Cc: bunk@stusta.de
+Message-ID: <20070410.133724.34759995.davem@davemloft.net>
+
+From: Herbert Xu <herbert@gondor.apana.org.au>
+
+[IPSEC]: Reject packets within replay window but outside the bit mask
+
+Up until this point we've accepted replay window settings greater than
+32 but our bit mask can only accomodate 32 packets. Thus any packet
+with a sequence number within the window but outside the bit mask would
+be accepted.
+
+This patch causes those packets to be rejected instead.
+
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/xfrm/xfrm_state.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/net/xfrm/xfrm_state.c
++++ b/net/xfrm/xfrm_state.c
+@@ -1220,7 +1220,8 @@ int xfrm_replay_check(struct xfrm_state
+ return 0;
+
+ diff = x->replay.seq - seq;
+- if (diff >= x->props.replay_window) {
++ if (diff >= min_t(unsigned int, x->props.replay_window,
++ sizeof(x->replay.bitmap) * 8)) {
+ x->stats.replay_window++;
+ return -EINVAL;
+ }
--- /dev/null
+From stable-bounces@linux.kernel.org Tue Apr 10 13:32:37 2007
+From: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
+Date: Tue, 10 Apr 2007 13:31:20 -0700 (PDT)
+Subject: Fix length validation in rawv6_sendmsg()
+To: stable@kernel.org
+Cc: bunk@stusta.de
+Message-ID: <20070410.133120.68040530.davem@davemloft.net>
+
+From: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
+
+[IPv6]: Fix incorrect length check in rawv6_sendmsg()
+
+In article <20070329.142644.70222545.davem@davemloft.net> (at Thu, 29 Mar 2007 14:26:44 -0700 (PDT)), David Miller <davem@davemloft.net> says:
+
+> From: Sridhar Samudrala <sri@us.ibm.com>
+> Date: Thu, 29 Mar 2007 14:17:28 -0700
+>
+> > The check for length in rawv6_sendmsg() is incorrect.
+> > As len is an unsigned int, (len < 0) will never be TRUE.
+> > I think checking for IPV6_MAXPLEN(65535) is better.
+> >
+> > Is it possible to send ipv6 jumbo packets using raw
+> > sockets? If so, we can remove this check.
+>
+> I don't see why such a limitation against jumbo would exist,
+> does anyone else?
+>
+> Thanks for catching this Sridhar. A good compiler should simply
+> fail to compile "if (x < 0)" when 'x' is an unsigned type, don't
+> you think :-)
+
+Dave, we use "int" for returning value,
+so we should fix this anyway, IMHO;
+we should not allow len > INT_MAX.
+
+Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
+Acked-by: Sridhar Samudrala <sri@us.ibm.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/ipv6/raw.c | 4 ++--
+ net/ipv6/udp.c | 2 +-
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+--- a/net/ipv6/raw.c
++++ b/net/ipv6/raw.c
+@@ -688,9 +688,9 @@ static int rawv6_sendmsg(struct kiocb *i
+ int err;
+
+ /* Rough check on arithmetic overflow,
+- better check is made in ip6_build_xmit
++ better check is made in ip6_append_data().
+ */
+- if (len < 0)
++ if (len > INT_MAX)
+ return -EMSGSIZE;
+
+ /* Mirror BSD error message compatibility */
+--- a/net/ipv6/udp.c
++++ b/net/ipv6/udp.c
+@@ -616,7 +616,7 @@ do_udp_sendmsg:
+ return udp_sendmsg(iocb, sk, msg, len);
+
+ /* Rough check on arithmetic overflow,
+- better check is made in ip6_build_xmit
++ better check is made in ip6_append_data().
+ */
+ if (len > INT_MAX - sizeof(struct udphdr))
+ return -EMSGSIZE;
--- /dev/null
+From stable-bounces@linux.kernel.org Tue Apr 10 13:37:04 2007
+From: David Miller <davem@davemloft.net>
+Date: Tue, 10 Apr 2007 13:35:41 -0700 (PDT)
+Subject: Fix scsi sense handling
+To: stable@kernel.org
+Cc: bunk@stusta.de
+Message-ID: <20070410.133541.55725996.davem@davemloft.net>
+
+From: David Miller <davem@davemloft.net>
+
+[SCSI]: Fix scsi_send_eh_cmnd scatterlist handling
+
+This fixes a regression caused by commit:
+
+2dc611de5a3fd955cd0298c50691d4c05046db97
+
+The sense buffer code in scsi_send_eh_cmnd was changed to use
+alloc_page() and a scatter list, but the sense data copy was not
+updated to match so what we actually get in the sense buffer is total
+grabage starting with the kernel address of the struct page we got.
+Basically the stack frame of scsi_send_eh_cmd() is what ends up
+in the sense buffer.
+
+Depending upon how pointers look on a given platform, you can
+end up getting sr_ioctl.c errors when you mount a cdrom. If
+the CDROM gives a check condition for GPCMD_GET_CONFIGURATION issued
+by drivers/cdrom/cdrom.c:cdrom_mmc_profile(), sr_ioctl will
+spit out this error message in sr_do_ioctl() with the way pointers
+are on sparc64:
+
+ default:
+ printk(KERN_ERR "%s: CDROM (ioctl) error, command: ", cd->cdi.name);
+ __scsi_print_command(cgc->cmd);
+ scsi_print_sense_hdr("sr", &sshdr);
+ err = -EIO;
+
+This is the error Tom Callaway reported in:
+
+http://marc.info/?l=linux-sparc&m=117407453208101&w=2
+
+Anyways, fix this by using page_address(sgl.page) which is OK
+because we know this is low-mem due to GFP_ATOMIC.
+
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Acked-by: Christoph Hellwig <hch@lst.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/scsi/scsi_error.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/scsi/scsi_error.c
++++ b/drivers/scsi/scsi_error.c
+@@ -595,7 +595,7 @@ static int scsi_send_eh_cmnd(struct scsi
+ */
+ if (copy_sense) {
+ if (!SCSI_SENSE_VALID(scmd)) {
+- memcpy(scmd->sense_buffer, scmd->request_buffer,
++ memcpy(scmd->sense_buffer, page_address(sgl.page),
+ sizeof(scmd->sense_buffer));
+ }
+ __free_page(sgl.page);
--- /dev/null
+From stable-bounces@linux.kernel.org Tue Apr 10 13:39:58 2007
+From: Patrick McHardy <kaber@trash.net>
+Date: Tue, 10 Apr 2007 13:38:39 -0700 (PDT)
+Subject: Fix tcindex classifier ABI borkage...
+To: stable@kernel.org
+Cc: bunk@stusta.de
+Message-ID: <20070410.133839.02301998.davem@davemloft.net>
+
+From: Patrick McHardy <kaber@trash.net>
+
+[NET_SCHED]: cls_tcindex: fix compatibility breakage
+
+Userspace uses an integer for TCA_TCINDEX_SHIFT, the kernel was changed
+to expect and use a u16 value in 2.6.11, which broke compatibility on
+big endian machines. Change back to use int.
+
+Reported by Ole Reinartz <ole.reinartz@gmx.de>
+
+Signed-off-by: Patrick McHardy <kaber@trash.net>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/sched/cls_tcindex.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/net/sched/cls_tcindex.c
++++ b/net/sched/cls_tcindex.c
+@@ -245,9 +245,9 @@ tcindex_set_parms(struct tcf_proto *tp,
+ }
+
+ if (tb[TCA_TCINDEX_SHIFT-1]) {
+- if (RTA_PAYLOAD(tb[TCA_TCINDEX_SHIFT-1]) < sizeof(u16))
++ if (RTA_PAYLOAD(tb[TCA_TCINDEX_SHIFT-1]) < sizeof(int))
+ goto errout;
+- cp.shift = *(u16 *) RTA_DATA(tb[TCA_TCINDEX_SHIFT-1]);
++ cp.shift = *(int *) RTA_DATA(tb[TCA_TCINDEX_SHIFT-1]);
+ }
+
+ err = -EBUSY;
--- /dev/null
+From stable-bounces@linux.kernel.org Tue Apr 10 13:38:09 2007
+From: John Heffner <jheffner@psc.edu>
+Date: Tue, 10 Apr 2007 13:36:40 -0700 (PDT)
+Subject: Fix TCP receiver side SWS handling.
+To: stable@kernel.org
+Cc: bunk@stusta.de
+Message-ID: <20070410.133640.10297825.davem@davemloft.net>
+
+From: John Heffner <jheffner@psc.edu>
+
+[TCP]: Do receiver-side SWS avoidance for rcvbuf < MSS.
+
+Signed-off-by: John Heffner <jheffner@psc.edu>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/ipv4/tcp_output.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/net/ipv4/tcp_output.c
++++ b/net/ipv4/tcp_output.c
+@@ -1607,6 +1607,9 @@ u32 __tcp_select_window(struct sock *sk)
+ */
+ if (window <= free_space - mss || window > free_space)
+ window = (free_space/mss)*mss;
++ else if (mss == full_space &&
++ free_space > window + full_space/2)
++ window = free_space;
+ }
+
+ return window;
--- /dev/null
+From stable-bounces@linux.kernel.org Tue Apr 10 13:40:54 2007
+From: David Miller <davem@davemloft.net>
+Date: Tue, 10 Apr 2007 13:39:35 -0700 (PDT)
+Subject: Fix TCP slow_start_after_idle sysctl
+To: stable@kernel.org
+Cc: bunk@stusta.de
+Message-ID: <20070410.133935.68157585.davem@davemloft.net>
+
+From: David Miller <davem@davemloft.net>
+
+[TCP]: slow_start_after_idle should influence cwnd validation too
+
+For the cases that slow_start_after_idle are meant to deal
+with, it is almost a certainty that the congestion window
+tests will think the connection is application limited and
+we'll thus decrease the cwnd there too. This defeats the
+whole point of setting slow_start_after_idle to zero.
+
+So test it there too.
+
+We do not cancel out the entire tcp_cwnd_validate() function
+so that if the sysctl is changed we still have the validation
+state maintained.
+
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/ipv4/tcp_output.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/net/ipv4/tcp_output.c
++++ b/net/ipv4/tcp_output.c
+@@ -943,7 +943,8 @@ static void tcp_cwnd_validate(struct soc
+ if (tp->packets_out > tp->snd_cwnd_used)
+ tp->snd_cwnd_used = tp->packets_out;
+
+- if ((s32)(tcp_time_stamp - tp->snd_cwnd_stamp) >= inet_csk(sk)->icsk_rto)
++ if (sysctl_tcp_slow_start_after_idle &&
++ (s32)(tcp_time_stamp - tp->snd_cwnd_stamp) >= inet_csk(sk)->icsk_rto)
+ tcp_cwnd_application_limited(sk);
+ }
+ }
--- /dev/null
+From stable-bounces@linux.kernel.org Tue Apr 10 05:49:18 2007
+From: Patrick McHardy <kaber@trash.net>
+Date: Tue, 10 Apr 2007 14:47:21 +0200
+Subject: NETFILTER: ipt_CLUSTERIP: fix oops in checkentry function
+To: stable@kernel.org
+Cc: Netfilter Development Mailinglist <netfilter-devel@lists.netfilter.org>, "David S. Miller" <davem@davemloft.net>
+Message-ID: <461B8759.1000507@trash.net>
+
+From: Patrick McHardy <kaber@trash.net>
+
+[NETFILTER]: ipt_CLUSTERIP: fix oops in checkentry function
+
+The clusterip_config_find_get() already increases entries reference
+counter, so there is no reason to do it twice in checkentry() callback.
+
+This causes the config to be freed before it is removed from the list,
+resulting in a crash when adding the next rule.
+
+Signed-off-by: Jaroslav Kysela <perex@suse.cz>
+Signed-off-by: Patrick McHardy <kaber@trash.net>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+
+---
+ net/ipv4/netfilter/ipt_CLUSTERIP.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+--- a/net/ipv4/netfilter/ipt_CLUSTERIP.c
++++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c
+@@ -409,12 +409,10 @@ checkentry(const char *tablename,
+ "has invalid config pointer!\n");
+ return 0;
+ }
+- clusterip_config_entry_get(cipinfo->config);
+ } else {
+ /* Case B: This is a new rule referring to an existing
+ * clusterip config. */
+ cipinfo->config = config;
+- clusterip_config_entry_get(cipinfo->config);
+ }
+ } else {
+ /* Case C: This is a completely new clusterip config */
dvb-pluto2-fix-incorrect-tscr-register-setting.patch
hid-do-not-discard-truncated-input-reports.patch
fix-calculation-for-size-of-filemap_attr-array-in-md-bitmap.patch
+8139too-rtnl-and-flush_scheduled_work-deadlock.patch
+netfilter-ipt_clusterip-fix-oops-in-checkentry-function.patch
+fix-ifb-net-driver-input-device-crashes.patch
+fix-length-validation-in-rawv6_sendmsg.patch
+fix-scsi-sense-handling.patch
+fix-tcp-receiver-side-sws-handling.patch
+fix-ipsec-replay-window-handling.patch
+fix-tcindex-classifier-abi-borkage.patch
+fix-tcp-slow_start_after_idle-sysctl.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
