--- /dev/null
+From ad06d6dfb70a018be6e1da740aff32ec97933162 Mon Sep 17 00:00:00 2001
+From: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
+Date: Sat, 9 Mar 2013 09:11:57 +0000
+Subject: 6lowpan: Fix endianness issue in is_addr_link_local().
+
+
+From: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
+
+[ Upstream commit 9026c4927254f5bea695cc3ef2e255280e6a3011 ]
+
+Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ieee802154/6lowpan.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/ieee802154/6lowpan.h
++++ b/net/ieee802154/6lowpan.h
+@@ -84,7 +84,7 @@
+ (memcmp(addr1, addr2, length >> 3) == 0)
+
+ /* local link, i.e. FE80::/10 */
+-#define is_addr_link_local(a) (((a)->s6_addr16[0]) == 0x80FE)
++#define is_addr_link_local(a) (((a)->s6_addr16[0]) == htons(0xFE80))
+
+ /*
+ * check whether we can compress the IID to 16 bits,
--- /dev/null
+From f8859b97916a135166a770ca140a878f5d09c874 Mon Sep 17 00:00:00 2001
+From: "Huang, Xiong" <xiong@qca.qualcomm.com>
+Date: Tue, 19 Feb 2013 07:23:09 +0000
+Subject: atl1c: restore buffer state
+
+
+From: "Huang, Xiong" <xiong@qca.qualcomm.com>
+
+[ Upstream commit 7cb08d7f3a5ea6131f4f243c2080530ac41cb293 ]
+
+in the previous commit : f1f220ea1dda078, the BUSY state of buffer is wrongly
+deleted. this patch just restore it.
+
+Signed-off-by: xiong <xiong@qca.qualcomm.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/atheros/atl1c/atl1c_main.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/net/ethernet/atheros/atl1c/atl1c_main.c
++++ b/drivers/net/ethernet/atheros/atl1c/atl1c_main.c
+@@ -2075,7 +2075,7 @@ static int atl1c_tx_map(struct atl1c_ada
+ if (unlikely(pci_dma_mapping_error(adapter->pdev,
+ buffer_info->dma)))
+ goto err_dma;
+-
++ ATL1C_SET_BUFFER_STATE(buffer_info, ATL1C_BUFFER_BUSY);
+ ATL1C_SET_PCIMAP_TYPE(buffer_info, ATL1C_PCIMAP_SINGLE,
+ ATL1C_PCIMAP_TODEVICE);
+ mapped_len += map_len;
--- /dev/null
+From 14db5b7fcb01ffb283dd7ac2f8401195cce0cef6 Mon Sep 17 00:00:00 2001
+From: Veaceslav Falico <vfalico@redhat.com>
+Date: Wed, 6 Mar 2013 07:10:32 +0000
+Subject: bonding: fire NETDEV_RELEASE event only on 0 slaves
+
+
+From: Veaceslav Falico <vfalico@redhat.com>
+
+[ Upstream commit 80028ea1c0afc24d4ddeb8dd2a9992fff03616ca ]
+
+Currently, if we set up netconsole over bonding and release a slave,
+netconsole will stop logging on the whole bonding device. Change the
+behavior to stop the netconsole only when the last slave is released.
+
+Signed-off-by: Veaceslav Falico <vfalico@redhat.com>
+Acked-by: Neil Horman <nhorman@tuxdriver.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/bonding/bond_main.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/drivers/net/bonding/bond_main.c
++++ b/drivers/net/bonding/bond_main.c
+@@ -1943,7 +1943,6 @@ int bond_release(struct net_device *bond
+ }
+
+ block_netpoll_tx();
+- call_netdevice_notifiers(NETDEV_RELEASE, bond_dev);
+ write_lock_bh(&bond->lock);
+
+ slave = bond_get_slave_by_dev(bond, slave_dev);
+@@ -2047,8 +2046,10 @@ int bond_release(struct net_device *bond
+ write_unlock_bh(&bond->lock);
+ unblock_netpoll_tx();
+
+- if (bond->slave_cnt == 0)
++ if (bond->slave_cnt == 0) {
+ call_netdevice_notifiers(NETDEV_CHANGEADDR, bond->dev);
++ call_netdevice_notifiers(NETDEV_RELEASE, bond->dev);
++ }
+
+ bond_compute_features(bond);
+ if (!(bond_dev->features & NETIF_F_VLAN_CHALLENGED) &&
--- /dev/null
+From 9e989b12e61b81f93750f9eb5fb5aa147afb7cd9 Mon Sep 17 00:00:00 2001
+From: Mathias Krause <minipli@googlemail.com>
+Date: Sat, 9 Mar 2013 05:52:19 +0000
+Subject: bridge: fix mdb info leaks
+
+
+From: Mathias Krause <minipli@googlemail.com>
+
+[ Upstream commit c085c49920b2f900ba716b4ca1c1a55ece9872cc ]
+
+The bridging code discloses heap and stack bytes via the RTM_GETMDB
+netlink interface and via the notify messages send to group RTNLGRP_MDB
+afer a successful add/del.
+
+Fix both cases by initializing all unset members/padding bytes with
+memset(0).
+
+Cc: Stephen Hemminger <stephen@networkplumber.org>
+Signed-off-by: Mathias Krause <minipli@googlemail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/bridge/br_mdb.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/net/bridge/br_mdb.c
++++ b/net/bridge/br_mdb.c
+@@ -82,6 +82,7 @@ static int br_mdb_fill_info(struct sk_bu
+ port = p->port;
+ if (port) {
+ struct br_mdb_entry e;
++ memset(&e, 0, sizeof(e));
+ e.ifindex = port->dev->ifindex;
+ e.state = p->state;
+ if (p->addr.proto == htons(ETH_P_IP))
+@@ -138,6 +139,7 @@ static int br_mdb_dump(struct sk_buff *s
+ break;
+
+ bpm = nlmsg_data(nlh);
++ memset(bpm, 0, sizeof(*bpm));
+ bpm->ifindex = dev->ifindex;
+ if (br_mdb_fill_info(skb, cb, dev) < 0)
+ goto out;
+@@ -173,6 +175,7 @@ static int nlmsg_populate_mdb_fill(struc
+ return -EMSGSIZE;
+
+ bpm = nlmsg_data(nlh);
++ memset(bpm, 0, sizeof(*bpm));
+ bpm->family = AF_BRIDGE;
+ bpm->ifindex = dev->ifindex;
+ nest = nla_nest_start(skb, MDBA_MDB);
+@@ -230,6 +233,7 @@ void br_mdb_notify(struct net_device *de
+ {
+ struct br_mdb_entry entry;
+
++ memset(&entry, 0, sizeof(entry));
+ entry.ifindex = port->dev->ifindex;
+ entry.addr.proto = group->proto;
+ entry.addr.u.ip4 = group->u.ip4;
--- /dev/null
+From a371fe97a987919377e9e6d8316f0fd373e84f89 Mon Sep 17 00:00:00 2001
+From: Cristian Bercaru <B43982@freescale.com>
+Date: Fri, 8 Mar 2013 07:03:38 +0000
+Subject: bridging: fix rx_handlers return code
+
+
+From: Cristian Bercaru <B43982@freescale.com>
+
+[ Upstream commit 3bc1b1add7a8484cc4a261c3e128dbe1528ce01f ]
+
+The frames for which rx_handlers return RX_HANDLER_CONSUMED are no longer
+counted as dropped. They are counted as successfully received by
+'netif_receive_skb'.
+
+This allows network interface drivers to correctly update their RX-OK and
+RX-DRP counters based on the result of 'netif_receive_skb'.
+
+Signed-off-by: Cristian Bercaru <B43982@freescale.com>
+Signed-off-by: Eric Dumazet <edumazet@google.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/core/dev.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/net/core/dev.c
++++ b/net/core/dev.c
+@@ -3419,6 +3419,7 @@ ncls:
+ }
+ switch (rx_handler(&skb)) {
+ case RX_HANDLER_CONSUMED:
++ ret = NET_RX_SUCCESS;
+ goto unlock;
+ case RX_HANDLER_ANOTHER:
+ goto another_round;
--- /dev/null
+From d6f60f50fead5fb769f447c20aa5b80a1fd627f3 Mon Sep 17 00:00:00 2001
+From: Mathias Krause <minipli@googlemail.com>
+Date: Sat, 9 Mar 2013 05:52:21 +0000
+Subject: dcbnl: fix various netlink info leaks
+
+
+From: Mathias Krause <minipli@googlemail.com>
+
+[ Upstream commit 29cd8ae0e1a39e239a3a7b67da1986add1199fc0 ]
+
+The dcb netlink interface leaks stack memory in various places:
+* perm_addr[] buffer is only filled at max with 12 of the 32 bytes but
+ copied completely,
+* no in-kernel driver fills all fields of an IEEE 802.1Qaz subcommand,
+ so we're leaking up to 58 bytes for ieee_ets structs, up to 136 bytes
+ for ieee_pfc structs, etc.,
+* the same is true for CEE -- no in-kernel driver fills the whole
+ struct,
+
+Prevent all of the above stack info leaks by properly initializing the
+buffers/structures involved.
+
+Signed-off-by: Mathias Krause <minipli@googlemail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/dcb/dcbnl.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+--- a/net/dcb/dcbnl.c
++++ b/net/dcb/dcbnl.c
+@@ -284,6 +284,7 @@ static int dcbnl_getperm_hwaddr(struct n
+ if (!netdev->dcbnl_ops->getpermhwaddr)
+ return -EOPNOTSUPP;
+
++ memset(perm_addr, 0, sizeof(perm_addr));
+ netdev->dcbnl_ops->getpermhwaddr(netdev, perm_addr);
+
+ return nla_put(skb, DCB_ATTR_PERM_HWADDR, sizeof(perm_addr), perm_addr);
+@@ -1042,6 +1043,7 @@ static int dcbnl_ieee_fill(struct sk_buf
+
+ if (ops->ieee_getets) {
+ struct ieee_ets ets;
++ memset(&ets, 0, sizeof(ets));
+ err = ops->ieee_getets(netdev, &ets);
+ if (!err &&
+ nla_put(skb, DCB_ATTR_IEEE_ETS, sizeof(ets), &ets))
+@@ -1050,6 +1052,7 @@ static int dcbnl_ieee_fill(struct sk_buf
+
+ if (ops->ieee_getmaxrate) {
+ struct ieee_maxrate maxrate;
++ memset(&maxrate, 0, sizeof(maxrate));
+ err = ops->ieee_getmaxrate(netdev, &maxrate);
+ if (!err) {
+ err = nla_put(skb, DCB_ATTR_IEEE_MAXRATE,
+@@ -1061,6 +1064,7 @@ static int dcbnl_ieee_fill(struct sk_buf
+
+ if (ops->ieee_getpfc) {
+ struct ieee_pfc pfc;
++ memset(&pfc, 0, sizeof(pfc));
+ err = ops->ieee_getpfc(netdev, &pfc);
+ if (!err &&
+ nla_put(skb, DCB_ATTR_IEEE_PFC, sizeof(pfc), &pfc))
+@@ -1094,6 +1098,7 @@ static int dcbnl_ieee_fill(struct sk_buf
+ /* get peer info if available */
+ if (ops->ieee_peer_getets) {
+ struct ieee_ets ets;
++ memset(&ets, 0, sizeof(ets));
+ err = ops->ieee_peer_getets(netdev, &ets);
+ if (!err &&
+ nla_put(skb, DCB_ATTR_IEEE_PEER_ETS, sizeof(ets), &ets))
+@@ -1102,6 +1107,7 @@ static int dcbnl_ieee_fill(struct sk_buf
+
+ if (ops->ieee_peer_getpfc) {
+ struct ieee_pfc pfc;
++ memset(&pfc, 0, sizeof(pfc));
+ err = ops->ieee_peer_getpfc(netdev, &pfc);
+ if (!err &&
+ nla_put(skb, DCB_ATTR_IEEE_PEER_PFC, sizeof(pfc), &pfc))
+@@ -1280,6 +1286,7 @@ static int dcbnl_cee_fill(struct sk_buff
+ /* peer info if available */
+ if (ops->cee_peer_getpg) {
+ struct cee_pg pg;
++ memset(&pg, 0, sizeof(pg));
+ err = ops->cee_peer_getpg(netdev, &pg);
+ if (!err &&
+ nla_put(skb, DCB_ATTR_CEE_PEER_PG, sizeof(pg), &pg))
+@@ -1288,6 +1295,7 @@ static int dcbnl_cee_fill(struct sk_buff
+
+ if (ops->cee_peer_getpfc) {
+ struct cee_pfc pfc;
++ memset(&pfc, 0, sizeof(pfc));
+ err = ops->cee_peer_getpfc(netdev, &pfc);
+ if (!err &&
+ nla_put(skb, DCB_ATTR_CEE_PEER_PFC, sizeof(pfc), &pfc))
--- /dev/null
+From 873d72b49df7f246b548bba2683ce84731f2e8f3 Mon Sep 17 00:00:00 2001
+From: Hannes Frederic Sowa <hannes@stressinduktion.org>
+Date: Fri, 8 Mar 2013 02:07:23 +0000
+Subject: ipv6: stop multicast forwarding to process interface scoped addresses
+
+
+From: Hannes Frederic Sowa <hannes@stressinduktion.org>
+
+[ Upstream commit ddf64354af4a702ee0b85d0a285ba74c7278a460 ]
+
+v2:
+a) used struct ipv6_addr_props
+
+v3:
+a) reverted changes for ipv6_addr_props
+
+v4:
+a) do not use __ipv6_addr_needs_scope_id
+
+Cc: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
+Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
+Acked-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv6/ip6_input.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/net/ipv6/ip6_input.c
++++ b/net/ipv6/ip6_input.c
+@@ -270,7 +270,8 @@ int ip6_mc_input(struct sk_buff *skb)
+ * IPv6 multicast router mode is now supported ;)
+ */
+ if (dev_net(skb->dev)->ipv6.devconf_all->mc_forwarding &&
+- !(ipv6_addr_type(&hdr->daddr) & IPV6_ADDR_LINKLOCAL) &&
++ !(ipv6_addr_type(&hdr->daddr) &
++ (IPV6_ADDR_LOOPBACK|IPV6_ADDR_LINKLOCAL)) &&
+ likely(!(IP6CB(skb)->flags & IP6SKB_FORWARDED))) {
+ /*
+ * Okay, we try to forward - split and duplicate
--- /dev/null
+From 40fa5621b5a987cbf2313e21e90f2dbbf9983f07 Mon Sep 17 00:00:00 2001
+From: Guillaume Nault <g.nault@alphalink.fr>
+Date: Fri, 1 Mar 2013 05:02:02 +0000
+Subject: l2tp: Restore socket refcount when sendmsg succeeds
+
+
+From: Guillaume Nault <g.nault@alphalink.fr>
+
+[ Upstream commit 8b82547e33e85fc24d4d172a93c796de1fefa81a ]
+
+The sendmsg() syscall handler for PPPoL2TP doesn't decrease the socket
+reference counter after successful transmissions. Any successful
+sendmsg() call from userspace will then increase the reference counter
+forever, thus preventing the kernel's session and tunnel data from
+being freed later on.
+
+The problem only happens when writing directly on L2TP sockets.
+PPP sockets attached to L2TP are unaffected as the PPP subsystem
+uses pppol2tp_xmit() which symmetrically increase/decrease reference
+counters.
+
+This patch adds the missing call to sock_put() before returning from
+pppol2tp_sendmsg().
+
+Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/l2tp/l2tp_ppp.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/net/l2tp/l2tp_ppp.c
++++ b/net/l2tp/l2tp_ppp.c
+@@ -355,6 +355,7 @@ static int pppol2tp_sendmsg(struct kiocb
+ l2tp_xmit_skb(session, skb, session->hdr_len);
+
+ sock_put(ps->tunnel_sock);
++ sock_put(sk);
+
+ return error;
+
--- /dev/null
+From 055ac17d92eee5e96bb207f2a4d7da92ac64a690 Mon Sep 17 00:00:00 2001
+From: Vlad Yasevich <vyasevic@redhat.com>
+Date: Thu, 7 Mar 2013 10:21:48 +0000
+Subject: macvlan: Set IFF_UNICAST_FLT flag to prevent unnecessary promisc mode.
+
+
+From: Vlad Yasevich <vyasevic@redhat.com>
+
+[ Upstream commit 87ab7f6f2874f1115817e394a7ed2dea1c72549e ]
+
+Macvlan already supports hw address filters. Set the IFF_UNICAST_FLT
+so that it doesn't needlesly enter PROMISC mode when macvlans are
+stacked.
+
+Signed-of-by: Vlad Yasevich <vyasevic@redhat.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/macvlan.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/net/macvlan.c
++++ b/drivers/net/macvlan.c
+@@ -628,6 +628,7 @@ void macvlan_common_setup(struct net_dev
+ ether_setup(dev);
+
+ dev->priv_flags &= ~(IFF_XMIT_DST_RELEASE | IFF_TX_SKB_SHARING);
++ dev->priv_flags |= IFF_UNICAST_FLT;
+ dev->netdev_ops = &macvlan_netdev_ops;
+ dev->destructor = free_netdev;
+ dev->header_ops = &macvlan_hard_header_ops,
--- /dev/null
+From 050003433737f47a3e2bc7e46eaf5a1269a7ac02 Mon Sep 17 00:00:00 2001
+From: Lorenzo Colitti <lorenzo@google.com>
+Date: Sun, 3 Mar 2013 20:46:46 +0000
+Subject: net: ipv6: Don't purge default router if accept_ra=2
+
+
+From: Lorenzo Colitti <lorenzo@google.com>
+
+[ Upstream commit 3e8b0ac3e41e3c882222a5522d5df7212438ab51 ]
+
+Setting net.ipv6.conf.<interface>.accept_ra=2 causes the kernel
+to accept RAs even when forwarding is enabled. However, enabling
+forwarding purges all default routes on the system, breaking
+connectivity until the next RA is received. Fix this by not
+purging default routes on interfaces that have accept_ra=2.
+
+Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
+Acked-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
+Acked-by: Eric Dumazet <edumazet@google.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv6/route.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/net/ipv6/route.c
++++ b/net/ipv6/route.c
+@@ -1990,7 +1990,8 @@ void rt6_purge_dflt_routers(struct net *
+ restart:
+ read_lock_bh(&table->tb6_lock);
+ for (rt = table->tb6_root.leaf; rt; rt = rt->dst.rt6_next) {
+- if (rt->rt6i_flags & (RTF_DEFAULT | RTF_ADDRCONF)) {
++ if (rt->rt6i_flags & (RTF_DEFAULT | RTF_ADDRCONF) &&
++ (!rt->rt6i_idev || rt->rt6i_idev->cnf.accept_ra != 2)) {
+ dst_hold(&rt->dst);
+ read_unlock_bh(&table->tb6_lock);
+ ip6_del_rt(rt);
--- /dev/null
+From e5f9811e44fcf067a0dbb8abf55bbad454a1688a Mon Sep 17 00:00:00 2001
+From: Guenter Roeck <linux@roeck-us.net>
+Date: Wed, 27 Feb 2013 10:57:31 +0000
+Subject: net/sctp: Validate parameter size for SCTP_GET_ASSOC_STATS
+
+
+From: Guenter Roeck <linux@roeck-us.net>
+
+commit 726bc6b092da4c093eb74d13c07184b18c1af0f1 upstream.
+
+Building sctp may fail with:
+
+In function ‘copy_from_user’,
+ inlined from ‘sctp_getsockopt_assoc_stats’ at
+ net/sctp/socket.c:5656:20:
+arch/x86/include/asm/uaccess_32.h:211:26: error: call to
+ ‘copy_from_user_overflow’ declared with attribute error: copy_from_user()
+ buffer size is not provably correct
+
+if built with W=1 due to a missing parameter size validation
+before the call to copy_from_user.
+
+Signed-off-by: Guenter Roeck <linux@roeck-us.net>
+Acked-by: Vlad Yasevich <vyasevich@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/sctp/socket.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/net/sctp/socket.c
++++ b/net/sctp/socket.c
+@@ -5653,6 +5653,9 @@ static int sctp_getsockopt_assoc_stats(s
+ if (len < sizeof(sctp_assoc_t))
+ return -EINVAL;
+
++ /* Allow the struct to grow and fill in as much as possible */
++ len = min_t(size_t, len, sizeof(sas));
++
+ if (copy_from_user(&sas, optval, len))
+ return -EFAULT;
+
+@@ -5686,9 +5689,6 @@ static int sctp_getsockopt_assoc_stats(s
+ /* Mark beginning of a new observation period */
+ asoc->stats.max_obs_rto = asoc->rto_min;
+
+- /* Allow the struct to grow and fill in as much as possible */
+- len = min_t(size_t, len, sizeof(sas));
+-
+ if (put_user(len, optlen))
+ return -EFAULT;
+
--- /dev/null
+From 3f980ad22fe2c1665b8c1d11adf1ae6d8a25a05c Mon Sep 17 00:00:00 2001
+From: Paul Moore <pmoore@redhat.com>
+Date: Wed, 6 Mar 2013 11:45:24 +0000
+Subject: netlabel: correctly list all the static label mappings
+
+
+From: Paul Moore <pmoore@redhat.com>
+
+[ Upstream commits 0c1233aba1e948c37f6dc7620cb7c253fcd71ce9 and
+ a6a8fe950e1b8596bb06f2c89c3a1a4bf2011ba9 ]
+
+When we have a large number of static label mappings that spill across
+the netlink message boundary we fail to properly save our state in the
+netlink_callback struct which causes us to repeat the same listings.
+This patch fixes this problem by saving the state correctly between
+calls to the NetLabel static label netlink "dumpit" routines.
+
+Signed-off-by: Paul Moore <pmoore@redhat.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/netlabel/netlabel_unlabeled.c | 27 +++++++++++----------------
+ 1 file changed, 11 insertions(+), 16 deletions(-)
+
+--- a/net/netlabel/netlabel_unlabeled.c
++++ b/net/netlabel/netlabel_unlabeled.c
+@@ -1189,8 +1189,6 @@ static int netlbl_unlabel_staticlist(str
+ struct netlbl_unlhsh_walk_arg cb_arg;
+ u32 skip_bkt = cb->args[0];
+ u32 skip_chain = cb->args[1];
+- u32 skip_addr4 = cb->args[2];
+- u32 skip_addr6 = cb->args[3];
+ u32 iter_bkt;
+ u32 iter_chain = 0, iter_addr4 = 0, iter_addr6 = 0;
+ struct netlbl_unlhsh_iface *iface;
+@@ -1215,7 +1213,7 @@ static int netlbl_unlabel_staticlist(str
+ continue;
+ netlbl_af4list_foreach_rcu(addr4,
+ &iface->addr4_list) {
+- if (iter_addr4++ < skip_addr4)
++ if (iter_addr4++ < cb->args[2])
+ continue;
+ if (netlbl_unlabel_staticlist_gen(
+ NLBL_UNLABEL_C_STATICLIST,
+@@ -1231,7 +1229,7 @@ static int netlbl_unlabel_staticlist(str
+ #if IS_ENABLED(CONFIG_IPV6)
+ netlbl_af6list_foreach_rcu(addr6,
+ &iface->addr6_list) {
+- if (iter_addr6++ < skip_addr6)
++ if (iter_addr6++ < cb->args[3])
+ continue;
+ if (netlbl_unlabel_staticlist_gen(
+ NLBL_UNLABEL_C_STATICLIST,
+@@ -1250,10 +1248,10 @@ static int netlbl_unlabel_staticlist(str
+
+ unlabel_staticlist_return:
+ rcu_read_unlock();
+- cb->args[0] = skip_bkt;
+- cb->args[1] = skip_chain;
+- cb->args[2] = skip_addr4;
+- cb->args[3] = skip_addr6;
++ cb->args[0] = iter_bkt;
++ cb->args[1] = iter_chain;
++ cb->args[2] = iter_addr4;
++ cb->args[3] = iter_addr6;
+ return skb->len;
+ }
+
+@@ -1273,12 +1271,9 @@ static int netlbl_unlabel_staticlistdef(
+ {
+ struct netlbl_unlhsh_walk_arg cb_arg;
+ struct netlbl_unlhsh_iface *iface;
+- u32 skip_addr4 = cb->args[0];
+- u32 skip_addr6 = cb->args[1];
+- u32 iter_addr4 = 0;
++ u32 iter_addr4 = 0, iter_addr6 = 0;
+ struct netlbl_af4list *addr4;
+ #if IS_ENABLED(CONFIG_IPV6)
+- u32 iter_addr6 = 0;
+ struct netlbl_af6list *addr6;
+ #endif
+
+@@ -1292,7 +1287,7 @@ static int netlbl_unlabel_staticlistdef(
+ goto unlabel_staticlistdef_return;
+
+ netlbl_af4list_foreach_rcu(addr4, &iface->addr4_list) {
+- if (iter_addr4++ < skip_addr4)
++ if (iter_addr4++ < cb->args[0])
+ continue;
+ if (netlbl_unlabel_staticlist_gen(NLBL_UNLABEL_C_STATICLISTDEF,
+ iface,
+@@ -1305,7 +1300,7 @@ static int netlbl_unlabel_staticlistdef(
+ }
+ #if IS_ENABLED(CONFIG_IPV6)
+ netlbl_af6list_foreach_rcu(addr6, &iface->addr6_list) {
+- if (iter_addr6++ < skip_addr6)
++ if (iter_addr6++ < cb->args[1])
+ continue;
+ if (netlbl_unlabel_staticlist_gen(NLBL_UNLABEL_C_STATICLISTDEF,
+ iface,
+@@ -1320,8 +1315,8 @@ static int netlbl_unlabel_staticlistdef(
+
+ unlabel_staticlistdef_return:
+ rcu_read_unlock();
+- cb->args[0] = skip_addr4;
+- cb->args[1] = skip_addr6;
++ cb->args[0] = iter_addr4;
++ cb->args[1] = iter_addr6;
+ return skb->len;
+ }
+
--- /dev/null
+From 55c315e31dac6ebe4b66c630d2127cab52b02cc3 Mon Sep 17 00:00:00 2001
+From: Cong Wang <amwang@redhat.com>
+Date: Sun, 3 Mar 2013 16:18:11 +0000
+Subject: rds: limit the size allocated by rds_message_alloc()
+
+
+From: Cong Wang <amwang@redhat.com>
+
+[ Upstream commit ece6b0a2b25652d684a7ced4ae680a863af041e0 ]
+
+Dave Jones reported the following bug:
+
+"When fed mangled socket data, rds will trust what userspace gives it,
+and tries to allocate enormous amounts of memory larger than what
+kmalloc can satisfy."
+
+WARNING: at mm/page_alloc.c:2393 __alloc_pages_nodemask+0xa0d/0xbe0()
+Hardware name: GA-MA78GM-S2H
+Modules linked in: vmw_vsock_vmci_transport vmw_vmci vsock fuse bnep dlci bridge 8021q garp stp mrp binfmt_misc l2tp_ppp l2tp_core rfcomm s
+Pid: 24652, comm: trinity-child2 Not tainted 3.8.0+ #65
+Call Trace:
+ [<ffffffff81044155>] warn_slowpath_common+0x75/0xa0
+ [<ffffffff8104419a>] warn_slowpath_null+0x1a/0x20
+ [<ffffffff811444ad>] __alloc_pages_nodemask+0xa0d/0xbe0
+ [<ffffffff8100a196>] ? native_sched_clock+0x26/0x90
+ [<ffffffff810b2128>] ? trace_hardirqs_off_caller+0x28/0xc0
+ [<ffffffff810b21cd>] ? trace_hardirqs_off+0xd/0x10
+ [<ffffffff811861f8>] alloc_pages_current+0xb8/0x180
+ [<ffffffff8113eaaa>] __get_free_pages+0x2a/0x80
+ [<ffffffff811934fe>] kmalloc_order_trace+0x3e/0x1a0
+ [<ffffffff81193955>] __kmalloc+0x2f5/0x3a0
+ [<ffffffff8104df0c>] ? local_bh_enable_ip+0x7c/0xf0
+ [<ffffffffa0401ab3>] rds_message_alloc+0x23/0xb0 [rds]
+ [<ffffffffa04043a1>] rds_sendmsg+0x2b1/0x990 [rds]
+ [<ffffffff810b21cd>] ? trace_hardirqs_off+0xd/0x10
+ [<ffffffff81564620>] sock_sendmsg+0xb0/0xe0
+ [<ffffffff810b2052>] ? get_lock_stats+0x22/0x70
+ [<ffffffff810b24be>] ? put_lock_stats.isra.23+0xe/0x40
+ [<ffffffff81567f30>] sys_sendto+0x130/0x180
+ [<ffffffff810b872d>] ? trace_hardirqs_on+0xd/0x10
+ [<ffffffff816c547b>] ? _raw_spin_unlock_irq+0x3b/0x60
+ [<ffffffff816cd767>] ? sysret_check+0x1b/0x56
+ [<ffffffff810b8695>] ? trace_hardirqs_on_caller+0x115/0x1a0
+ [<ffffffff81341d8e>] ? trace_hardirqs_on_thunk+0x3a/0x3f
+ [<ffffffff816cd742>] system_call_fastpath+0x16/0x1b
+---[ end trace eed6ae990d018c8b ]---
+
+Reported-by: Dave Jones <davej@redhat.com>
+Cc: Dave Jones <davej@redhat.com>
+Cc: David S. Miller <davem@davemloft.net>
+Cc: Venkat Venkatsubra <venkat.x.venkatsubra@oracle.com>
+Signed-off-by: Cong Wang <amwang@redhat.com>
+Acked-by: Venkat Venkatsubra <venkat.x.venkatsubra@oracle.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/rds/message.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/net/rds/message.c
++++ b/net/rds/message.c
+@@ -197,6 +197,9 @@ struct rds_message *rds_message_alloc(un
+ {
+ struct rds_message *rm;
+
++ if (extra_len > KMALLOC_MAX_SIZE - sizeof(struct rds_message))
++ return NULL;
++
+ rm = kzalloc(sizeof(struct rds_message) + extra_len, gfp);
+ if (!rm)
+ goto out;
--- /dev/null
+From 322aa953dd5565d1029a18d5bda0bd25a0dbb4bb Mon Sep 17 00:00:00 2001
+From: Mathias Krause <minipli@googlemail.com>
+Date: Sat, 9 Mar 2013 05:52:20 +0000
+Subject: rtnl: fix info leak on RTM_GETLINK request for VF devices
+
+
+From: Mathias Krause <minipli@googlemail.com>
+
+[ Upstream commit 84d73cd3fb142bf1298a8c13fd4ca50fd2432372 ]
+
+Initialize the mac address buffer with 0 as the driver specific function
+will probably not fill the whole buffer. In fact, all in-kernel drivers
+fill only ETH_ALEN of the MAX_ADDR_LEN bytes, i.e. 6 of the 32 possible
+bytes. Therefore we currently leak 26 bytes of stack memory to userland
+via the netlink interface.
+
+Signed-off-by: Mathias Krause <minipli@googlemail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/core/rtnetlink.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/net/core/rtnetlink.c
++++ b/net/core/rtnetlink.c
+@@ -976,6 +976,7 @@ static int rtnl_fill_ifinfo(struct sk_bu
+ * report anything.
+ */
+ ivi.spoofchk = -1;
++ memset(ivi.mac, 0, sizeof(ivi.mac));
+ if (dev->netdev_ops->ndo_get_vf_config(dev, i, &ivi))
+ break;
+ vf_mac.vf =
block-use-i_size_write-in-bd_set_size.patch
loopdev-fix-a-deadlock.patch
loopdev-remove-an-user-triggerable-oops.patch
+net-sctp-validate-parameter-size-for-sctp_get_assoc_stats.patch
+l2tp-restore-socket-refcount-when-sendmsg-succeeds.patch
+atl1c-restore-buffer-state.patch
+rds-limit-the-size-allocated-by-rds_message_alloc.patch
+net-ipv6-don-t-purge-default-router-if-accept_ra-2.patch
+tcp-fix-double-counted-receiver-rtt-when-leaving-receiver-fast-path.patch
+tun-add-a-missing-nf_reset-in-tun_net_xmit.patch
+vxlan-fix-oops-when-delete-netns-containing-vxlan.patch
+bonding-fire-netdev_release-event-only-on-0-slaves.patch
+team-unsyc-the-devices-addresses-when-port-is-removed.patch
+macvlan-set-iff_unicast_flt-flag-to-prevent-unnecessary-promisc-mode.patch
+netlabel-correctly-list-all-the-static-label-mappings.patch
+bridging-fix-rx_handlers-return-code.patch
+ipv6-stop-multicast-forwarding-to-process-interface-scoped-addresses.patch
+bridge-fix-mdb-info-leaks.patch
+rtnl-fix-info-leak-on-rtm_getlink-request-for-vf-devices.patch
+dcbnl-fix-various-netlink-info-leaks.patch
+6lowpan-fix-endianness-issue-in-is_addr_link_local.patch
--- /dev/null
+From 2d2809452253a92adcabba4d897bf58a5c9794fb Mon Sep 17 00:00:00 2001
+From: Neal Cardwell <ncardwell@google.com>
+Date: Mon, 4 Mar 2013 06:23:05 +0000
+Subject: tcp: fix double-counted receiver RTT when leaving receiver fast path
+
+
+From: Neal Cardwell <ncardwell@google.com>
+
+[ Upstream commit aab2b4bf224ef8358d262f95b568b8ad0cecf0a0 ]
+
+We should not update ts_recent and call tcp_rcv_rtt_measure_ts() both
+before and after going to step5. That wastes CPU and double-counts the
+receiver-side RTT sample.
+
+Signed-off-by: Neal Cardwell <ncardwell@google.com>
+Acked-by: Eric Dumazet <edumazet@google.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv4/tcp_input.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/net/ipv4/tcp_input.c
++++ b/net/ipv4/tcp_input.c
+@@ -5498,6 +5498,9 @@ int tcp_rcv_established(struct sock *sk,
+ if (tcp_checksum_complete_user(sk, skb))
+ goto csum_error;
+
++ if ((int)skb->truesize > sk->sk_forward_alloc)
++ goto step5;
++
+ /* Predicted packet is in window by definition.
+ * seq == rcv_nxt and rcv_wup <= rcv_nxt.
+ * Hence, check seq<=rcv_wup reduces to:
+@@ -5509,9 +5512,6 @@ int tcp_rcv_established(struct sock *sk,
+
+ tcp_rcv_rtt_measure_ts(sk, skb);
+
+- if ((int)skb->truesize > sk->sk_forward_alloc)
+- goto step5;
+-
+ NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPHPHITS);
+
+ /* Bulk data transfer: receiver */
--- /dev/null
+From 716e93f23ee293e0bd2da22306f9be9647be28e9 Mon Sep 17 00:00:00 2001
+From: Vlad Yasevich <vyasevic@redhat.com>
+Date: Thu, 7 Mar 2013 07:59:25 +0000
+Subject: team: unsyc the devices addresses when port is removed
+
+
+From: Vlad Yasevich <vyasevic@redhat.com>
+
+[ Upstream commit ba81276b1a5e3cf0674cb0e6d9525e5ae0c98695 ]
+
+When a team port is removed, unsync all devices addresses that may have
+been synched to the port devices.
+
+CC: Jiri Pirko <jiri@resnulli.us>
+Signed-off-by: Vlad Yasevich <vyasevic@redhat.com>
+Acked-by: Jiri Pirko <jiri@resnulli.us>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/team/team.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/net/team/team.c
++++ b/drivers/net/team/team.c
+@@ -1139,6 +1139,8 @@ static int team_port_del(struct team *te
+ netdev_set_master(port_dev, NULL);
+ team_port_disable_netpoll(port);
+ vlan_vids_del_by_dev(port_dev, dev);
++ dev_uc_unsync(port_dev, dev);
++ dev_mc_unsync(port_dev, dev);
+ dev_close(port_dev);
+ team_port_leave(team, port);
+ team_port_set_orig_dev_addr(port);
--- /dev/null
+From bb765e4e02251f185577f65240c7882b0b1bf482 Mon Sep 17 00:00:00 2001
+From: Eric Dumazet <edumazet@google.com>
+Date: Wed, 6 Mar 2013 11:02:37 +0000
+Subject: tun: add a missing nf_reset() in tun_net_xmit()
+
+
+From: Eric Dumazet <edumazet@google.com>
+
+[ Upstream commit f8af75f3517a24838a36eb5797a1a3e60bf9e276 ]
+
+Dave reported following crash :
+
+general protection fault: 0000 [#1] SMP
+CPU 2
+Pid: 25407, comm: qemu-kvm Not tainted 3.7.9-205.fc18.x86_64 #1 Hewlett-Packard HP Z400 Workstation/0B4Ch
+RIP: 0010:[<ffffffffa0399bd5>] [<ffffffffa0399bd5>] destroy_conntrack+0x35/0x120 [nf_conntrack]
+RSP: 0018:ffff880276913d78 EFLAGS: 00010206
+RAX: 50626b6b7876376c RBX: ffff88026e530d68 RCX: ffff88028d158e00
+RDX: ffff88026d0d5470 RSI: 0000000000000011 RDI: 0000000000000002
+RBP: ffff880276913d88 R08: 0000000000000000 R09: ffff880295002900
+R10: 0000000000000000 R11: 0000000000000003 R12: ffffffff81ca3b40
+R13: ffffffff8151a8e0 R14: ffff880270875000 R15: 0000000000000002
+FS: 00007ff3bce38a00(0000) GS:ffff88029fc40000(0000) knlGS:0000000000000000
+CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
+CR2: 00007fd1430bd000 CR3: 000000027042b000 CR4: 00000000000027e0
+DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
+Process qemu-kvm (pid: 25407, threadinfo ffff880276912000, task ffff88028c369720)
+Stack:
+ ffff880156f59100 ffff880156f59100 ffff880276913d98 ffffffff815534f7
+ ffff880276913db8 ffffffff8151a74b ffff880270875000 ffff880156f59100
+ ffff880276913dd8 ffffffff8151a5a6 ffff880276913dd8 ffff88026d0d5470
+Call Trace:
+ [<ffffffff815534f7>] nf_conntrack_destroy+0x17/0x20
+ [<ffffffff8151a74b>] skb_release_head_state+0x7b/0x100
+ [<ffffffff8151a5a6>] __kfree_skb+0x16/0xa0
+ [<ffffffff8151a666>] kfree_skb+0x36/0xa0
+ [<ffffffff8151a8e0>] skb_queue_purge+0x20/0x40
+ [<ffffffffa02205f7>] __tun_detach+0x117/0x140 [tun]
+ [<ffffffffa022184c>] tun_chr_close+0x3c/0xd0 [tun]
+ [<ffffffff8119669c>] __fput+0xec/0x240
+ [<ffffffff811967fe>] ____fput+0xe/0x10
+ [<ffffffff8107eb27>] task_work_run+0xa7/0xe0
+ [<ffffffff810149e1>] do_notify_resume+0x71/0xb0
+ [<ffffffff81640152>] int_signal+0x12/0x17
+Code: 00 00 04 48 89 e5 41 54 53 48 89 fb 4c 8b a7 e8 00 00 00 0f 85 de 00 00 00 0f b6 73 3e 0f b7 7b 2a e8 10 40 00 00 48 85 c0 74 0e <48> 8b 40 28 48 85 c0 74 05 48 89 df ff d0 48 c7 c7 08 6a 3a a0
+RIP [<ffffffffa0399bd5>] destroy_conntrack+0x35/0x120 [nf_conntrack]
+ RSP <ffff880276913d78>
+
+This is because tun_net_xmit() needs to call nf_reset()
+before queuing skb into receive_queue
+
+Reported-by: Dave Jones <davej@redhat.com>
+Signed-off-by: Eric Dumazet <edumazet@google.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/tun.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/net/tun.c
++++ b/drivers/net/tun.c
+@@ -748,6 +748,8 @@ static netdev_tx_t tun_net_xmit(struct s
+ goto drop;
+ skb_orphan(skb);
+
++ nf_reset(skb);
++
+ /* Enqueue packet */
+ skb_queue_tail(&tfile->socket.sk->sk_receive_queue, skb);
+
--- /dev/null
+From ce033850e354e2f5241251cd9cc51677caa5ef65 Mon Sep 17 00:00:00 2001
+From: Zang MingJie <zealot0630@gmail.com>
+Date: Wed, 6 Mar 2013 04:37:37 +0000
+Subject: vxlan: fix oops when delete netns containing vxlan
+
+
+From: Zang MingJie <zealot0630@gmail.com>
+
+[ Upstream commit 9cb6cb7ed11cd3b69c47bb414983603a6ff20b1d ]
+
+The following script will produce a kernel oops:
+
+ sudo ip netns add v
+ sudo ip netns exec v ip ad add 127.0.0.1/8 dev lo
+ sudo ip netns exec v ip link set lo up
+ sudo ip netns exec v ip ro add 224.0.0.0/4 dev lo
+ sudo ip netns exec v ip li add vxlan0 type vxlan id 42 group 239.1.1.1 dev lo
+ sudo ip netns exec v ip link set vxlan0 up
+ sudo ip netns del v
+
+where inspect by gdb:
+
+ Program received signal SIGSEGV, Segmentation fault.
+ [Switching to Thread 107]
+ 0xffffffffa0289e33 in ?? ()
+ (gdb) bt
+ #0 vxlan_leave_group (dev=0xffff88001bafa000) at drivers/net/vxlan.c:533
+ #1 vxlan_stop (dev=0xffff88001bafa000) at drivers/net/vxlan.c:1087
+ #2 0xffffffff812cc498 in __dev_close_many (head=head@entry=0xffff88001f2e7dc8) at net/core/dev.c:1299
+ #3 0xffffffff812cd920 in dev_close_many (head=head@entry=0xffff88001f2e7dc8) at net/core/dev.c:1335
+ #4 0xffffffff812cef31 in rollback_registered_many (head=head@entry=0xffff88001f2e7dc8) at net/core/dev.c:4851
+ #5 0xffffffff812cf040 in unregister_netdevice_many (head=head@entry=0xffff88001f2e7dc8) at net/core/dev.c:5752
+ #6 0xffffffff812cf1ba in default_device_exit_batch (net_list=0xffff88001f2e7e18) at net/core/dev.c:6170
+ #7 0xffffffff812cab27 in cleanup_net (work=<optimized out>) at net/core/net_namespace.c:302
+ #8 0xffffffff810540ef in process_one_work (worker=0xffff88001ba9ed40, work=0xffffffff8167d020) at kernel/workqueue.c:2157
+ #9 0xffffffff810549d0 in worker_thread (__worker=__worker@entry=0xffff88001ba9ed40) at kernel/workqueue.c:2276
+ #10 0xffffffff8105870c in kthread (_create=0xffff88001f2e5d68) at kernel/kthread.c:168
+ #11 <signal handler called>
+ #12 0x0000000000000000 in ?? ()
+ #13 0x0000000000000000 in ?? ()
+ (gdb) fr 0
+ #0 vxlan_leave_group (dev=0xffff88001bafa000) at drivers/net/vxlan.c:533
+ 533 struct sock *sk = vn->sock->sk;
+ (gdb) l
+ 528 static int vxlan_leave_group(struct net_device *dev)
+ 529 {
+ 530 struct vxlan_dev *vxlan = netdev_priv(dev);
+ 531 struct vxlan_net *vn = net_generic(dev_net(dev), vxlan_net_id);
+ 532 int err = 0;
+ 533 struct sock *sk = vn->sock->sk;
+ 534 struct ip_mreqn mreq = {
+ 535 .imr_multiaddr.s_addr = vxlan->gaddr,
+ 536 .imr_ifindex = vxlan->link,
+ 537 };
+ (gdb) p vn->sock
+ $4 = (struct socket *) 0x0
+
+The kernel calls `vxlan_exit_net` when deleting the netns before shutting down
+vxlan interfaces. Later the removal of all vxlan interfaces, where `vn->sock`
+is already gone causes the oops. so we should manually shutdown all interfaces
+before deleting `vn->sock` as the patch does.
+
+Signed-off-by: Zang MingJie <zealot0630@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/vxlan.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+--- a/drivers/net/vxlan.c
++++ b/drivers/net/vxlan.c
+@@ -1491,6 +1491,15 @@ static __net_init int vxlan_init_net(str
+ static __net_exit void vxlan_exit_net(struct net *net)
+ {
+ struct vxlan_net *vn = net_generic(net, vxlan_net_id);
++ struct vxlan_dev *vxlan;
++ struct hlist_node *pos;
++ unsigned h;
++
++ rtnl_lock();
++ for (h = 0; h < VNI_HASH_SIZE; ++h)
++ hlist_for_each_entry(vxlan, pos, &vn->vni_list[h], hlist)
++ dev_close(vxlan->dev);
++ rtnl_unlock();
+
+ if (vn->sock) {
+ sk_release_kernel(vn->sock->sk);
projects / thirdparty / kernel / stable-queue.git / commitdiff
