--- /dev/null
+From foo@baz Wed Mar 19 23:28:23 Local time zone must be set--see zic manual page 2014
+From: Hans Schillstrom <hans@schillstrom.com>
+Date: Thu, 27 Feb 2014 12:57:58 +0100
+Subject: ipv6: ipv6_find_hdr restore prev functionality
+
+From: Hans Schillstrom <hans@schillstrom.com>
+
+[ Upstream commit accfe0e356327da5bd53da8852b93fc22de9b5fc ]
+
+The commit 9195bb8e381d81d5a315f911904cdf0cfcc919b8 ("ipv6: improve
+ipv6_find_hdr() to skip empty routing headers") broke ipv6_find_hdr().
+
+When a target is specified like IPPROTO_ICMPV6 ipv6_find_hdr()
+returns -ENOENT when it's found, not the header as expected.
+
+A part of IPVS is broken and possible also nft_exthdr_eval().
+When target is -1 which it is most cases, it works.
+
+This patch exits the do while loop if the specific header is found
+so the nexthdr could be returned as expected.
+
+Reported-by: Art -kwaak- van Breemen <ard@telegraafnet.nl>
+Signed-off-by: Hans Schillstrom <hans@schillstrom.com>
+CC:Ansis Atteka <aatteka@nicira.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv6/exthdrs_core.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/ipv6/exthdrs_core.c
++++ b/net/ipv6/exthdrs_core.c
+@@ -212,7 +212,7 @@ int ipv6_find_hdr(const struct sk_buff *
+ found = (nexthdr == target);
+
+ if ((!ipv6_ext_hdr(nexthdr)) || nexthdr == NEXTHDR_NONE) {
+- if (target < 0)
++ if (target < 0 || found)
+ break;
+ return -ENOENT;
+ }
--- /dev/null
+From foo@baz Wed Mar 19 23:28:23 Local time zone must be set--see zic manual page 2014
+From: Hannes Frederic Sowa <hannes@stressinduktion.org>
+Date: Fri, 21 Feb 2014 02:55:35 +0100
+Subject: ipv6: reuse ip6_frag_id from ip6_ufo_append_data
+
+From: Hannes Frederic Sowa <hannes@stressinduktion.org>
+
+[ Upstream commit 916e4cf46d0204806c062c8c6c4d1f633852c5b6 ]
+
+Currently we generate a new fragmentation id on UFO segmentation. It
+is pretty hairy to identify the correct net namespace and dst there.
+Especially tunnels use IFF_XMIT_DST_RELEASE and thus have no skb_dst
+available at all.
+
+This causes unreliable or very predictable ipv6 fragmentation id
+generation while segmentation.
+
+Luckily we already have pregenerated the ip6_frag_id in
+ip6_ufo_append_data and can use it here.
+
+Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv6/udp_offload.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/ipv6/udp_offload.c
++++ b/net/ipv6/udp_offload.c
+@@ -108,7 +108,7 @@ static struct sk_buff *udp6_ufo_fragment
+ fptr = (struct frag_hdr *)(skb_network_header(skb) + unfrag_ip6hlen);
+ fptr->nexthdr = nexthdr;
+ fptr->reserved = 0;
+- ipv6_select_ident(fptr, (struct rt6_info *)skb_dst(skb));
++ fptr->identification = skb_shinfo(skb)->ip6_frag_id;
+
+ /* Fragment the skb. ipv6 header and the remaining fields of the
+ * fragment header are updated in ipv6_gso_segment()
--- /dev/null
+From foo@baz Wed Mar 19 23:28:23 Local time zone must be set--see zic manual page 2014
+From: Duan Jiong <duanj.fnst@cn.fujitsu.com>
+Date: Thu, 27 Feb 2014 17:14:41 +0800
+Subject: neigh: recompute reachabletime before returning from neigh_periodic_work()
+
+From: Duan Jiong <duanj.fnst@cn.fujitsu.com>
+
+[ Upstream commit feff9ab2e7fa773b6a3965f77375fe89f7fd85cf ]
+
+If the neigh table's entries is less than gc_thresh1, the function
+will return directly, and the reachabletime will not be recompute,
+so the reachabletime can be guessed.
+
+Signed-off-by: Duan Jiong <duanj.fnst@cn.fujitsu.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/core/neighbour.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/net/core/neighbour.c
++++ b/net/core/neighbour.c
+@@ -764,9 +764,6 @@ static void neigh_periodic_work(struct w
+ nht = rcu_dereference_protected(tbl->nht,
+ lockdep_is_held(&tbl->lock));
+
+- if (atomic_read(&tbl->entries) < tbl->gc_thresh1)
+- goto out;
+-
+ /*
+ * periodically recompute ReachableTime from random function
+ */
+@@ -779,6 +776,9 @@ static void neigh_periodic_work(struct w
+ neigh_rand_reach_time(p->base_reachable_time);
+ }
+
++ if (atomic_read(&tbl->entries) < tbl->gc_thresh1)
++ goto out;
++
+ for (i = 0 ; i < (1 << nht->hash_shift); i++) {
+ np = &nht->hash_buckets[i];
+
--- /dev/null
+From foo@baz Wed Mar 19 23:28:23 Local time zone must be set--see zic manual page 2014
+From: Daniel Borkmann <dborkman@redhat.com>
+Date: Mon, 3 Mar 2014 17:23:04 +0100
+Subject: net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH capable
+
+From: Daniel Borkmann <dborkman@redhat.com>
+
+[ Upstream commit ec0223ec48a90cb605244b45f7c62de856403729 ]
+
+RFC4895 introduced AUTH chunks for SCTP; during the SCTP
+handshake RANDOM; CHUNKS; HMAC-ALGO are negotiated (CHUNKS
+being optional though):
+
+ ---------- INIT[RANDOM; CHUNKS; HMAC-ALGO] ---------->
+ <------- INIT-ACK[RANDOM; CHUNKS; HMAC-ALGO] ---------
+ -------------------- COOKIE-ECHO -------------------->
+ <-------------------- COOKIE-ACK ---------------------
+
+A special case is when an endpoint requires COOKIE-ECHO
+chunks to be authenticated:
+
+ ---------- INIT[RANDOM; CHUNKS; HMAC-ALGO] ---------->
+ <------- INIT-ACK[RANDOM; CHUNKS; HMAC-ALGO] ---------
+ ------------------ AUTH; COOKIE-ECHO ---------------->
+ <-------------------- COOKIE-ACK ---------------------
+
+RFC4895, section 6.3. Receiving Authenticated Chunks says:
+
+ The receiver MUST use the HMAC algorithm indicated in
+ the HMAC Identifier field. If this algorithm was not
+ specified by the receiver in the HMAC-ALGO parameter in
+ the INIT or INIT-ACK chunk during association setup, the
+ AUTH chunk and all the chunks after it MUST be discarded
+ and an ERROR chunk SHOULD be sent with the error cause
+ defined in Section 4.1. [...] If no endpoint pair shared
+ key has been configured for that Shared Key Identifier,
+ all authenticated chunks MUST be silently discarded. [...]
+
+ When an endpoint requires COOKIE-ECHO chunks to be
+ authenticated, some special procedures have to be followed
+ because the reception of a COOKIE-ECHO chunk might result
+ in the creation of an SCTP association. If a packet arrives
+ containing an AUTH chunk as a first chunk, a COOKIE-ECHO
+ chunk as the second chunk, and possibly more chunks after
+ them, and the receiver does not have an STCB for that
+ packet, then authentication is based on the contents of
+ the COOKIE-ECHO chunk. In this situation, the receiver MUST
+ authenticate the chunks in the packet by using the RANDOM
+ parameters, CHUNKS parameters and HMAC_ALGO parameters
+ obtained from the COOKIE-ECHO chunk, and possibly a local
+ shared secret as inputs to the authentication procedure
+ specified in Section 6.3. If authentication fails, then
+ the packet is discarded. If the authentication is successful,
+ the COOKIE-ECHO and all the chunks after the COOKIE-ECHO
+ MUST be processed. If the receiver has an STCB, it MUST
+ process the AUTH chunk as described above using the STCB
+ from the existing association to authenticate the
+ COOKIE-ECHO chunk and all the chunks after it. [...]
+
+Commit bbd0d59809f9 introduced the possibility to receive
+and verification of AUTH chunk, including the edge case for
+authenticated COOKIE-ECHO. On reception of COOKIE-ECHO,
+the function sctp_sf_do_5_1D_ce() handles processing,
+unpacks and creates a new association if it passed sanity
+checks and also tests for authentication chunks being
+present. After a new association has been processed, it
+invokes sctp_process_init() on the new association and
+walks through the parameter list it received from the INIT
+chunk. It checks SCTP_PARAM_RANDOM, SCTP_PARAM_HMAC_ALGO
+and SCTP_PARAM_CHUNKS, and copies them into asoc->peer
+meta data (peer_random, peer_hmacs, peer_chunks) in case
+sysctl -w net.sctp.auth_enable=1 is set. If in INIT's
+SCTP_PARAM_SUPPORTED_EXT parameter SCTP_CID_AUTH is set,
+peer_random != NULL and peer_hmacs != NULL the peer is to be
+assumed asoc->peer.auth_capable=1, in any other case
+asoc->peer.auth_capable=0.
+
+Now, if in sctp_sf_do_5_1D_ce() chunk->auth_chunk is
+available, we set up a fake auth chunk and pass that on to
+sctp_sf_authenticate(), which at latest in
+sctp_auth_calculate_hmac() reliably dereferences a NULL pointer
+at position 0..0008 when setting up the crypto key in
+crypto_hash_setkey() by using asoc->asoc_shared_key that is
+NULL as condition key_id == asoc->active_key_id is true if
+the AUTH chunk was injected correctly from remote. This
+happens no matter what net.sctp.auth_enable sysctl says.
+
+The fix is to check for net->sctp.auth_enable and for
+asoc->peer.auth_capable before doing any operations like
+sctp_sf_authenticate() as no key is activated in
+sctp_auth_asoc_init_active_key() for each case.
+
+Now as RFC4895 section 6.3 states that if the used HMAC-ALGO
+passed from the INIT chunk was not used in the AUTH chunk, we
+SHOULD send an error; however in this case it would be better
+to just silently discard such a maliciously prepared handshake
+as we didn't even receive a parameter at all. Also, as our
+endpoint has no shared key configured, section 6.3 says that
+MUST silently discard, which we are doing from now onwards.
+
+Before calling sctp_sf_pdiscard(), we need not only to free
+the association, but also the chunk->auth_chunk skb, as
+commit bbd0d59809f9 created a skb clone in that case.
+
+I have tested this locally by using netfilter's nfqueue and
+re-injecting packets into the local stack after maliciously
+modifying the INIT chunk (removing RANDOM; HMAC-ALGO param)
+and the SCTP packet containing the COOKIE_ECHO (injecting
+AUTH chunk before COOKIE_ECHO). Fixed with this patch applied.
+
+Fixes: bbd0d59809f9 ("[SCTP]: Implement the receive and verification of AUTH chunk")
+Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
+Cc: Vlad Yasevich <yasevich@gmail.com>
+Cc: Neil Horman <nhorman@tuxdriver.com>
+Acked-by: Vlad Yasevich <vyasevich@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/sctp/sm_statefuns.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+--- a/net/sctp/sm_statefuns.c
++++ b/net/sctp/sm_statefuns.c
+@@ -765,6 +765,13 @@ sctp_disposition_t sctp_sf_do_5_1D_ce(st
+ struct sctp_chunk auth;
+ sctp_ierror_t ret;
+
++ /* Make sure that we and the peer are AUTH capable */
++ if (!net->sctp.auth_enable || !new_asoc->peer.auth_capable) {
++ kfree_skb(chunk->auth_chunk);
++ sctp_association_free(new_asoc);
++ return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands);
++ }
++
+ /* set-up our fake chunk so that we can process it */
+ auth.skb = chunk->auth_chunk;
+ auth.asoc = chunk->asoc;
--- /dev/null
+From foo@baz Wed Mar 19 23:28:23 Local time zone must be set--see zic manual page 2014
+From: Eric Dumazet <edumazet@google.com>
+Date: Thu, 20 Feb 2014 10:09:18 -0800
+Subject: net-tcp: fastopen: fix high order allocations
+
+From: Eric Dumazet <edumazet@google.com>
+
+[ Upstream commit f5ddcbbb40aa0ba7fbfe22355d287603dbeeaaac ]
+
+This patch fixes two bugs in fastopen :
+
+1) The tcp_sendmsg(..., @size) argument was ignored.
+
+ Code was relying on user not fooling the kernel with iovec mismatches
+
+2) When MTU is about 64KB, tcp_send_syn_data() attempts order-5
+allocations, which are likely to fail when memory gets fragmented.
+
+Fixes: 783237e8daf13 ("net-tcp: Fast Open client - sending SYN-data")
+Signed-off-by: Eric Dumazet <edumazet@google.com>
+Cc: Yuchung Cheng <ycheng@google.com>
+Acked-by: Yuchung Cheng <ycheng@google.com>
+Tested-by: Yuchung Cheng <ycheng@google.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ include/net/tcp.h | 3 ++-
+ net/ipv4/tcp.c | 8 +++++---
+ net/ipv4/tcp_output.c | 7 ++++++-
+ 3 files changed, 13 insertions(+), 5 deletions(-)
+
+--- a/include/net/tcp.h
++++ b/include/net/tcp.h
+@@ -1308,7 +1308,8 @@ struct tcp_fastopen_request {
+ /* Fast Open cookie. Size 0 means a cookie request */
+ struct tcp_fastopen_cookie cookie;
+ struct msghdr *data; /* data in MSG_FASTOPEN */
+- u16 copied; /* queued in tcp_connect() */
++ size_t size;
++ int copied; /* queued in tcp_connect() */
+ };
+ void tcp_free_fastopen_req(struct tcp_sock *tp);
+
+--- a/net/ipv4/tcp.c
++++ b/net/ipv4/tcp.c
+@@ -1001,7 +1001,8 @@ void tcp_free_fastopen_req(struct tcp_so
+ }
+ }
+
+-static int tcp_sendmsg_fastopen(struct sock *sk, struct msghdr *msg, int *size)
++static int tcp_sendmsg_fastopen(struct sock *sk, struct msghdr *msg,
++ int *copied, size_t size)
+ {
+ struct tcp_sock *tp = tcp_sk(sk);
+ int err, flags;
+@@ -1016,11 +1017,12 @@ static int tcp_sendmsg_fastopen(struct s
+ if (unlikely(tp->fastopen_req == NULL))
+ return -ENOBUFS;
+ tp->fastopen_req->data = msg;
++ tp->fastopen_req->size = size;
+
+ flags = (msg->msg_flags & MSG_DONTWAIT) ? O_NONBLOCK : 0;
+ err = __inet_stream_connect(sk->sk_socket, msg->msg_name,
+ msg->msg_namelen, flags);
+- *size = tp->fastopen_req->copied;
++ *copied = tp->fastopen_req->copied;
+ tcp_free_fastopen_req(tp);
+ return err;
+ }
+@@ -1040,7 +1042,7 @@ int tcp_sendmsg(struct kiocb *iocb, stru
+
+ flags = msg->msg_flags;
+ if (flags & MSG_FASTOPEN) {
+- err = tcp_sendmsg_fastopen(sk, msg, &copied_syn);
++ err = tcp_sendmsg_fastopen(sk, msg, &copied_syn, size);
+ if (err == -EINPROGRESS && copied_syn > 0)
+ goto out;
+ else if (err)
+--- a/net/ipv4/tcp_output.c
++++ b/net/ipv4/tcp_output.c
+@@ -2892,7 +2892,12 @@ static int tcp_send_syn_data(struct sock
+ space = __tcp_mtu_to_mss(sk, inet_csk(sk)->icsk_pmtu_cookie) -
+ MAX_TCP_OPTION_SPACE;
+
+- syn_data = skb_copy_expand(syn, skb_headroom(syn), space,
++ space = min_t(size_t, space, fo->size);
++
++ /* limit to order-0 allocations */
++ space = min_t(size_t, space, SKB_MAX_HEAD(MAX_TCP_HEADER));
++
++ syn_data = skb_copy_expand(syn, MAX_TCP_HEADER, space,
+ sk->sk_allocation);
+ if (syn_data == NULL)
+ goto fallback;
--- /dev/null
+From 04379dffdd4da820d51a1566ad2e86f3b1ad97ed Mon Sep 17 00:00:00 2001
+From: Alexandre Bounine <alexandre.bounine@idt.com>
+Date: Mon, 3 Mar 2014 15:38:36 -0800
+Subject: rapidio/tsi721: fix tasklet termination in dma channel release
+
+From: Alexandre Bounine <alexandre.bounine@idt.com>
+
+commit 04379dffdd4da820d51a1566ad2e86f3b1ad97ed upstream.
+
+This patch is a modification of the patch originally proposed by
+Xiaotian Feng <xtfeng@gmail.com>: https://lkml.org/lkml/2012/11/5/413
+This new version disables DMA channel interrupts and ensures that the
+tasklet wil not be scheduled again before calling tasklet_kill().
+
+Unfortunately the updated patch was not released at that time due to
+planned rework of Tsi721 mport driver to use threaded interrupts (which
+has yet to happen). Recently the issue was reported again:
+https://lkml.org/lkml/2014/2/19/762.
+
+Description from the original Xiaotian's patch:
+
+ "Some drivers use tasklet_disable in device remove/release process,
+ tasklet_disable will inc tasklet->count and return. If the tasklet is
+ not handled yet under some softirq pressure, the tasklet will be
+ placed on the tasklet_vec, never have a chance to be excuted. This
+ might lead to a heavy loaded ksoftirqd, wakeup with pending_softirq,
+ but tasklet is disabled. tasklet_kill should be used in this case."
+
+This patch is applicable to kernel versions starting from v3.5.
+
+Signed-off-by: Alexandre Bounine <alexandre.bounine@idt.com>
+Cc: Matt Porter <mporter@kernel.crashing.org>
+Cc: Xiaotian Feng <xtfeng@gmail.com>
+Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
+Cc: Mike Galbraith <bitbucket@online.de>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/rapidio/devices/tsi721.h | 1 +
+ drivers/rapidio/devices/tsi721_dma.c | 27 ++++++++++++++++++---------
+ 2 files changed, 19 insertions(+), 9 deletions(-)
+
+--- a/drivers/rapidio/devices/tsi721.h
++++ b/drivers/rapidio/devices/tsi721.h
+@@ -678,6 +678,7 @@ struct tsi721_bdma_chan {
+ struct list_head free_list;
+ dma_cookie_t completed_cookie;
+ struct tasklet_struct tasklet;
++ bool active;
+ };
+
+ #endif /* CONFIG_RAPIDIO_DMA_ENGINE */
+--- a/drivers/rapidio/devices/tsi721_dma.c
++++ b/drivers/rapidio/devices/tsi721_dma.c
+@@ -206,8 +206,8 @@ void tsi721_bdma_handler(struct tsi721_b
+ {
+ /* Disable BDMA channel interrupts */
+ iowrite32(0, bdma_chan->regs + TSI721_DMAC_INTE);
+-
+- tasklet_schedule(&bdma_chan->tasklet);
++ if (bdma_chan->active)
++ tasklet_schedule(&bdma_chan->tasklet);
+ }
+
+ #ifdef CONFIG_PCI_MSI
+@@ -562,7 +562,7 @@ static int tsi721_alloc_chan_resources(s
+ }
+ #endif /* CONFIG_PCI_MSI */
+
+- tasklet_enable(&bdma_chan->tasklet);
++ bdma_chan->active = true;
+ tsi721_bdma_interrupt_enable(bdma_chan, 1);
+
+ return bdma_chan->bd_num - 1;
+@@ -576,9 +576,7 @@ err_out:
+ static void tsi721_free_chan_resources(struct dma_chan *dchan)
+ {
+ struct tsi721_bdma_chan *bdma_chan = to_tsi721_chan(dchan);
+-#ifdef CONFIG_PCI_MSI
+ struct tsi721_device *priv = to_tsi721(dchan->device);
+-#endif
+ LIST_HEAD(list);
+
+ dev_dbg(dchan->device->dev, "%s: Entry\n", __func__);
+@@ -589,14 +587,25 @@ static void tsi721_free_chan_resources(s
+ BUG_ON(!list_empty(&bdma_chan->active_list));
+ BUG_ON(!list_empty(&bdma_chan->queue));
+
+- tasklet_disable(&bdma_chan->tasklet);
++ tsi721_bdma_interrupt_enable(bdma_chan, 0);
++ bdma_chan->active = false;
++
++#ifdef CONFIG_PCI_MSI
++ if (priv->flags & TSI721_USING_MSIX) {
++ synchronize_irq(priv->msix[TSI721_VECT_DMA0_DONE +
++ bdma_chan->id].vector);
++ synchronize_irq(priv->msix[TSI721_VECT_DMA0_INT +
++ bdma_chan->id].vector);
++ } else
++#endif
++ synchronize_irq(priv->pdev->irq);
++
++ tasklet_kill(&bdma_chan->tasklet);
+
+ spin_lock_bh(&bdma_chan->lock);
+ list_splice_init(&bdma_chan->free_list, &list);
+ spin_unlock_bh(&bdma_chan->lock);
+
+- tsi721_bdma_interrupt_enable(bdma_chan, 0);
+-
+ #ifdef CONFIG_PCI_MSI
+ if (priv->flags & TSI721_USING_MSIX) {
+ free_irq(priv->msix[TSI721_VECT_DMA0_DONE +
+@@ -790,6 +799,7 @@ int tsi721_register_dma(struct tsi721_de
+ bdma_chan->dchan.cookie = 1;
+ bdma_chan->dchan.chan_id = i;
+ bdma_chan->id = i;
++ bdma_chan->active = false;
+
+ spin_lock_init(&bdma_chan->lock);
+
+@@ -799,7 +809,6 @@ int tsi721_register_dma(struct tsi721_de
+
+ tasklet_init(&bdma_chan->tasklet, tsi721_dma_tasklet,
+ (unsigned long)bdma_chan);
+- tasklet_disable(&bdma_chan->tasklet);
+ list_add_tail(&bdma_chan->dchan.device_node,
+ &mport->dma.channels);
+ }
--- /dev/null
+From 791c9e0292671a3bfa95286bb5c08129d8605618 Mon Sep 17 00:00:00 2001
+From: George McCollister <george.mccollister@gmail.com>
+Date: Tue, 18 Feb 2014 17:56:51 -0600
+Subject: sched: Fix double normalization of vruntime
+
+From: George McCollister <george.mccollister@gmail.com>
+
+commit 791c9e0292671a3bfa95286bb5c08129d8605618 upstream.
+
+dequeue_entity() is called when p->on_rq and sets se->on_rq = 0
+which appears to guarentee that the !se->on_rq condition is met.
+If the task has done set_current_state(TASK_INTERRUPTIBLE) without
+schedule() the second condition will be met and vruntime will be
+incorrectly adjusted twice.
+
+In certain cases this can result in the task's vruntime never increasing
+past the vruntime of other tasks on the CFS' run queue, starving them of
+CPU time.
+
+This patch changes switched_from_fair() to use !p->on_rq instead of
+!se->on_rq.
+
+I'm able to cause a task with a priority of 120 to starve all other
+tasks with the same priority on an ARM platform running 3.2.51-rt72
+PREEMPT RT by writing one character at time to a serial tty (16550 UART)
+in a tight loop. I'm also able to verify making this change corrects the
+problem on that platform and kernel version.
+
+Signed-off-by: George McCollister <george.mccollister@gmail.com>
+Signed-off-by: Peter Zijlstra <peterz@infradead.org>
+Link: http://lkml.kernel.org/r/1392767811-28916-1-git-send-email-george.mccollister@gmail.com
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/sched/fair.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+--- a/kernel/sched/fair.c
++++ b/kernel/sched/fair.c
+@@ -5862,15 +5862,15 @@ static void switched_from_fair(struct rq
+ struct cfs_rq *cfs_rq = cfs_rq_of(se);
+
+ /*
+- * Ensure the task's vruntime is normalized, so that when its
++ * Ensure the task's vruntime is normalized, so that when it's
+ * switched back to the fair class the enqueue_entity(.flags=0) will
+ * do the right thing.
+ *
+- * If it was on_rq, then the dequeue_entity(.flags=0) will already
+- * have normalized the vruntime, if it was !on_rq, then only when
++ * If it's on_rq, then the dequeue_entity(.flags=0) will already
++ * have normalized the vruntime, if it's !on_rq, then only when
+ * the task is sleeping will it still have non-normalized vruntime.
+ */
+- if (!se->on_rq && p->state != TASK_RUNNING) {
++ if (!p->on_rq && p->state != TASK_RUNNING) {
+ /*
+ * Fix up our vruntime so that the current sleep doesn't
+ * cause 'unlimited' sleep bonus.
ocfs2-fix-quota-file-corruption.patch
ocfs2-syncs-the-wrong-range.patch
+sched-fix-double-normalization-of-vruntime.patch
+rapidio-tsi721-fix-tasklet-termination-in-dma-channel-release.patch
+net-tcp-fastopen-fix-high-order-allocations.patch
+neigh-recompute-reachabletime-before-returning-from-neigh_periodic_work.patch
+virtio-net-alloc-big-buffers-also-when-guest-can-receive-ufo.patch
+ipv6-reuse-ip6_frag_id-from-ip6_ufo_append_data.patch
+sfc-check-for-null-efx-ptp_data-in-efx_ptp_event.patch
+ipv6-ipv6_find_hdr-restore-prev-functionality.patch
+tg3-don-t-check-undefined-error-bits-in-rxbd.patch
+net-sctp-fix-sctp_sf_do_5_1d_ce-to-verify-if-we-peer-is-auth-capable.patch
--- /dev/null
+From foo@baz Wed Mar 19 23:28:23 Local time zone must be set--see zic manual page 2014
+From: Edward Cree <ecree@solarflare.com>
+Date: Tue, 25 Feb 2014 13:17:59 +0000
+Subject: sfc: check for NULL efx->ptp_data in efx_ptp_event
+
+From: Edward Cree <ecree@solarflare.com>
+
+[ Upstream commit 8f355e5cee63c2c0c145d8206c4245d0189f47ff ]
+
+If we receive a PTP event from the NIC when we haven't set up PTP state
+in the driver, we attempt to read through a NULL pointer efx->ptp_data,
+triggering a panic.
+
+Signed-off-by: Edward Cree <ecree@solarflare.com>
+Acked-by: Shradha Shah <sshah@solarflare.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/sfc/ptp.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+--- a/drivers/net/ethernet/sfc/ptp.c
++++ b/drivers/net/ethernet/sfc/ptp.c
+@@ -1319,6 +1319,13 @@ void efx_ptp_event(struct efx_nic *efx,
+ struct efx_ptp_data *ptp = efx->ptp_data;
+ int code = EFX_QWORD_FIELD(*ev, MCDI_EVENT_CODE);
+
++ if (!ptp) {
++ if (net_ratelimit())
++ netif_warn(efx, drv, efx->net_dev,
++ "Received PTP event but PTP not set up\n");
++ return;
++ }
++
+ if (!ptp->enabled)
+ return;
+
--- /dev/null
+From foo@baz Wed Mar 19 23:28:23 Local time zone must be set--see zic manual page 2014
+From: Michael Chan <mchan@broadcom.com>
+Date: Fri, 28 Feb 2014 15:05:10 -0800
+Subject: tg3: Don't check undefined error bits in RXBD
+
+From: Michael Chan <mchan@broadcom.com>
+
+[ Upstream commit d7b95315cc7f441418845a165ee56df723941487 ]
+
+Redefine the RXD_ERR_MASK to include only relevant error bits. This fixes
+a customer reported issue of randomly dropping packets on the 5719.
+
+Signed-off-by: Michael Chan <mchan@broadcom.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/broadcom/tg3.c | 3 +--
+ drivers/net/ethernet/broadcom/tg3.h | 6 +++++-
+ 2 files changed, 6 insertions(+), 3 deletions(-)
+
+--- a/drivers/net/ethernet/broadcom/tg3.c
++++ b/drivers/net/ethernet/broadcom/tg3.c
+@@ -6687,8 +6687,7 @@ static int tg3_rx(struct tg3_napi *tnapi
+
+ work_mask |= opaque_key;
+
+- if ((desc->err_vlan & RXD_ERR_MASK) != 0 &&
+- (desc->err_vlan != RXD_ERR_ODD_NIBBLE_RCVD_MII)) {
++ if (desc->err_vlan & RXD_ERR_MASK) {
+ drop_it:
+ tg3_recycle_rx(tnapi, tpr, opaque_key,
+ desc_idx, *post_ptr);
+--- a/drivers/net/ethernet/broadcom/tg3.h
++++ b/drivers/net/ethernet/broadcom/tg3.h
+@@ -2587,7 +2587,11 @@ struct tg3_rx_buffer_desc {
+ #define RXD_ERR_TOO_SMALL 0x00400000
+ #define RXD_ERR_NO_RESOURCES 0x00800000
+ #define RXD_ERR_HUGE_FRAME 0x01000000
+-#define RXD_ERR_MASK 0xffff0000
++
++#define RXD_ERR_MASK (RXD_ERR_BAD_CRC | RXD_ERR_COLLISION | \
++ RXD_ERR_LINK_LOST | RXD_ERR_PHY_DECODE | \
++ RXD_ERR_MAC_ABRT | RXD_ERR_TOO_SMALL | \
++ RXD_ERR_NO_RESOURCES | RXD_ERR_HUGE_FRAME)
+
+ u32 reserved;
+ u32 opaque;
--- /dev/null
+From foo@baz Wed Mar 19 23:28:23 Local time zone must be set--see zic manual page 2014
+From: Jason Wang <jasowang@redhat.com>
+Date: Fri, 21 Feb 2014 13:08:04 +0800
+Subject: virtio-net: alloc big buffers also when guest can receive UFO
+
+From: Jason Wang <jasowang@redhat.com>
+
+[ Upstream commit 0e7ede80d929ff0f830c44a543daa1acd590c749 ]
+
+We should alloc big buffers also when guest can receive UFO
+packets to let the big packets fit into guest rx buffer.
+
+Fixes 5c5167515d80f78f6bb538492c423adcae31ad65
+(virtio-net: Allow UFO feature to be set and advertised.)
+
+Cc: Rusty Russell <rusty@rustcorp.com.au>
+Cc: Michael S. Tsirkin <mst@redhat.com>
+Cc: Sridhar Samudrala <sri@us.ibm.com>
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+Acked-by: Michael S. Tsirkin <mst@redhat.com>
+Acked-by: Rusty Russell <rusty@rustcorp.com.au>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/virtio_net.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/net/virtio_net.c
++++ b/drivers/net/virtio_net.c
+@@ -1597,7 +1597,8 @@ static int virtnet_probe(struct virtio_d
+ /* If we can receive ANY GSO packets, we must allocate large ones. */
+ if (virtio_has_feature(vdev, VIRTIO_NET_F_GUEST_TSO4) ||
+ virtio_has_feature(vdev, VIRTIO_NET_F_GUEST_TSO6) ||
+- virtio_has_feature(vdev, VIRTIO_NET_F_GUEST_ECN))
++ virtio_has_feature(vdev, VIRTIO_NET_F_GUEST_ECN) ||
++ virtio_has_feature(vdev, VIRTIO_NET_F_GUEST_UFO))
+ vi->big_packets = true;
+
+ if (virtio_has_feature(vdev, VIRTIO_NET_F_MRG_RXBUF))
projects / thirdparty / kernel / stable-queue.git / commitdiff
