--- /dev/null
+From c1c18dd841e1acb901844e73e4a419e6d5e94318 Mon Sep 17 00:00:00 2001
+From: Benjamin LaHaise <bcrl@kvack.org>
+Date: Tue, 20 Mar 2012 03:57:54 +0000
+Subject: Fix pppol2tp getsockname()
+
+
+From: Benjamin LaHaise <bcrl@kvack.org>
+
+[ Upstream commit bbdb32cb5b73597386913d052165423b9d736145 ]
+
+While testing L2TP functionality, I came across a bug in getsockname(). The
+IP address returned within the pppol2tp_addr's addr memember was not being
+set to the IP address in use. This bug is caused by using inet_sk() on the
+wrong socket (the L2TP socket rather than the underlying UDP socket), and was
+likely introduced during the addition of L2TPv3 support.
+
+Signed-off-by: Benjamin LaHaise <bcrl@kvack.org>
+Signed-off-by: James Chapman <jchapman@katalix.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/l2tp/l2tp_ppp.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/l2tp/l2tp_ppp.c
++++ b/net/l2tp/l2tp_ppp.c
+@@ -915,7 +915,7 @@ static int pppol2tp_getname(struct socke
+ goto end_put_sess;
+ }
+
+- inet = inet_sk(sk);
++ inet = inet_sk(tunnel->sock);
+ if (tunnel->version == 2) {
+ struct sockaddr_pppol2tp sp;
+ len = sizeof(sp);
--- /dev/null
+From 50f8b11db950dc674bc0ac6cc50ea2b587fabd64 Mon Sep 17 00:00:00 2001
+From: Gao feng <gaofeng@cn.fujitsu.com>
+Date: Mon, 19 Mar 2012 22:36:10 +0000
+Subject: ipv6: fix incorrent ipv6 ipsec packet fragment
+
+
+From: Gao feng <gaofeng@cn.fujitsu.com>
+
+[ Upstream commit 1f85851e17b64cabd089a8a8839dddebc627948c ]
+
+Since commit 299b0767(ipv6: Fix IPsec slowpath fragmentation problem)
+In func ip6_append_data,after call skb_put(skb, fraglen + dst_exthdrlen)
+the skb->len contains dst_exthdrlen,and we don't reduce dst_exthdrlen at last
+This will make fraggap>0 in next "while cycle",and cause the size of skb incorrent
+
+Fix this by reserve headroom for dst_exthdrlen.
+
+Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
+Acked-by: Steffen Klassert <steffen.klassert@secunet.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv6/ip6_output.c | 11 ++++++-----
+ 1 file changed, 6 insertions(+), 5 deletions(-)
+
+--- a/net/ipv6/ip6_output.c
++++ b/net/ipv6/ip6_output.c
+@@ -1411,8 +1411,9 @@ alloc_new_skb:
+ */
+ skb->ip_summed = csummode;
+ skb->csum = 0;
+- /* reserve for fragmentation */
+- skb_reserve(skb, hh_len+sizeof(struct frag_hdr));
++ /* reserve for fragmentation and ipsec header */
++ skb_reserve(skb, hh_len + sizeof(struct frag_hdr) +
++ dst_exthdrlen);
+
+ if (sk->sk_type == SOCK_DGRAM)
+ skb_shinfo(skb)->tx_flags = tx_flags;
+@@ -1420,9 +1421,9 @@ alloc_new_skb:
+ /*
+ * Find where to start putting bytes
+ */
+- data = skb_put(skb, fraglen + dst_exthdrlen);
+- skb_set_network_header(skb, exthdrlen + dst_exthdrlen);
+- data += fragheaderlen + dst_exthdrlen;
++ data = skb_put(skb, fraglen);
++ skb_set_network_header(skb, exthdrlen);
++ data += fragheaderlen;
+ skb->transport_header = (skb->network_header +
+ fragheaderlen);
+ if (fraggap) {
--- /dev/null
+From 1e9d54fb995b9fb49b723b0ebf79782fb15071f7 Mon Sep 17 00:00:00 2001
+From: Eric Dumazet <eric.dumazet@gmail.com>
+Date: Sun, 18 Mar 2012 02:40:48 +0000
+Subject: net: bpf_jit: fix BPF_S_LDX_B_MSH compilation
+
+
+From: Eric Dumazet <eric.dumazet@gmail.com>
+
+[ Upstream commit dc72d99dabb870ca5bd6d9fff674be853bb4a88d ]
+
+Matt Evans spotted that x86 bpf_jit was incorrectly handling negative
+constant offsets in BPF_S_LDX_B_MSH instruction.
+
+We need to abort JIT compilation like we do in common_load so that
+filter uses the interpreter code and can call __load_pointer()
+
+Reference: http://lists.openwall.net/netdev/2011/07/19/11
+
+Thanks to Indan Zupancic to bring back this issue.
+
+Reported-by: Matt Evans <matt@ozlabs.org>
+Reported-by: Indan Zupancic <indan@nul.nu>
+Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/net/bpf_jit_comp.c | 14 +++++---------
+ 1 file changed, 5 insertions(+), 9 deletions(-)
+
+--- a/arch/x86/net/bpf_jit_comp.c
++++ b/arch/x86/net/bpf_jit_comp.c
+@@ -475,8 +475,10 @@ void bpf_jit_compile(struct sk_filter *f
+ case BPF_S_LD_W_ABS:
+ func = sk_load_word;
+ common_load: seen |= SEEN_DATAREF;
+- if ((int)K < 0)
++ if ((int)K < 0) {
++ /* Abort the JIT because __load_pointer() is needed. */
+ goto out;
++ }
+ t_offset = func - (image + addrs[i]);
+ EMIT1_off32(0xbe, K); /* mov imm32,%esi */
+ EMIT1_off32(0xe8, t_offset); /* call */
+@@ -489,14 +491,8 @@ common_load: seen |= SEEN_DATAREF;
+ goto common_load;
+ case BPF_S_LDX_B_MSH:
+ if ((int)K < 0) {
+- if (pc_ret0 > 0) {
+- /* addrs[pc_ret0 - 1] is the start address */
+- EMIT_JMP(addrs[pc_ret0 - 1] - addrs[i]);
+- break;
+- }
+- CLEAR_A();
+- EMIT_JMP(cleanup_addr - addrs[i]);
+- break;
++ /* Abort the JIT because __load_pointer() is needed. */
++ goto out;
+ }
+ seen |= SEEN_DATAREF | SEEN_XREG;
+ t_offset = sk_load_byte_msh - (image + addrs[i]);
--- /dev/null
+From ad454b8a4852f7bbb8d86ae07dbc13cc7479ad01 Mon Sep 17 00:00:00 2001
+From: Eric Dumazet <eric.dumazet@gmail.com>
+Date: Tue, 27 Mar 2012 09:53:52 +0000
+Subject: net: fix a potential rcu_read_lock() imbalance in rt6_fill_node()
+
+
+From: Eric Dumazet <eric.dumazet@gmail.com>
+
+[ Upstream commit 94f826b8076e2cb92242061e92f21b5baa3eccc2 ]
+
+Commit f2c31e32b378 (net: fix NULL dereferences in check_peer_redir() )
+added a regression in rt6_fill_node(), leading to rcu_read_lock()
+imbalance.
+
+Thats because NLA_PUT() can make a jump to nla_put_failure label.
+
+Fix this by using nla_put()
+
+Many thanks to Ben Greear for his help
+
+Reported-by: Ben Greear <greearb@candelatech.com>
+Reported-by: Dave Jones <davej@redhat.com>
+Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
+Tested-by: Ben Greear <greearb@candelatech.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv6/route.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+--- a/net/ipv6/route.c
++++ b/net/ipv6/route.c
+@@ -2446,8 +2446,12 @@ static int rt6_fill_node(struct net *net
+
+ rcu_read_lock();
+ n = dst_get_neighbour(&rt->dst);
+- if (n)
+- NLA_PUT(skb, RTA_GATEWAY, 16, &n->primary_key);
++ if (n) {
++ if (nla_put(skb, RTA_GATEWAY, 16, &n->primary_key) < 0) {
++ rcu_read_unlock();
++ goto nla_put_failure;
++ }
++ }
+ rcu_read_unlock();
+
+ if (rt->dst.dev)
--- /dev/null
+From b1e9f286f86f2c17995d0092da97998ed1a52b25 Mon Sep 17 00:00:00 2001
+From: Eric Dumazet <eric.dumazet@gmail.com>
+Date: Wed, 21 Mar 2012 06:58:03 +0000
+Subject: net: fix napi_reuse_skb() skb reserve
+
+
+From: Eric Dumazet <eric.dumazet@gmail.com>
+
+[ Upstream commit 2a2a459eeeff48640dc557548ce576d666ab06ed ]
+
+napi->skb is allocated in napi_get_frags() using
+netdev_alloc_skb_ip_align(), with a reserve of NET_SKB_PAD +
+NET_IP_ALIGN bytes.
+
+However, when such skb is recycled in napi_reuse_skb(), it ends with a
+reserve of NET_IP_ALIGN which is suboptimal.
+
+Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
+Cc: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/core/dev.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/net/core/dev.c
++++ b/net/core/dev.c
+@@ -3634,7 +3634,8 @@ EXPORT_SYMBOL(napi_gro_receive);
+ static void napi_reuse_skb(struct napi_struct *napi, struct sk_buff *skb)
+ {
+ __skb_pull(skb, skb_headlen(skb));
+- skb_reserve(skb, NET_IP_ALIGN - skb_headroom(skb));
++ /* restore the reserve we had after netdev_alloc_skb_ip_align() */
++ skb_reserve(skb, NET_SKB_PAD + NET_IP_ALIGN - skb_headroom(skb));
+ skb->vlan_tci = 0;
+ skb->dev = napi->dev;
+ skb->skb_iif = 0;
--- /dev/null
+From 972312b8df4174aa1487928daaf3e0dbffa937ad Mon Sep 17 00:00:00 2001
+From: Dave Jones <davej@redhat.com>
+Date: Mon, 19 Mar 2012 13:01:07 +0000
+Subject: Remove printk from rds_sendmsg
+
+
+From: Dave Jones <davej@redhat.com>
+
+[ Upstream commit a6506e1486181975d318344143aca722b2b91621 ]
+
+no socket layer outputs a message for this error and neither should rds.
+
+Signed-off-by: Dave Jones <davej@redhat.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/rds/send.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/net/rds/send.c
++++ b/net/rds/send.c
+@@ -935,7 +935,6 @@ int rds_sendmsg(struct kiocb *iocb, stru
+ /* Mirror Linux UDP mirror of BSD error message compatibility */
+ /* XXX: Perhaps MSG_MORE someday */
+ if (msg->msg_flags & ~(MSG_DONTWAIT | MSG_CMSG_COMPAT)) {
+- printk(KERN_INFO "msg_flags 0x%08X\n", msg->msg_flags);
+ ret = -EOPNOTSUPP;
+ goto out;
+ }
module-remove-module-size-limit.patch
bluetooth-btusb-fix-binterval-for-high-super-speed-isochronous-endpoints.patch
drm-i915-suspend-fbdev-device-around-suspend-hibernate.patch
+fix-pppol2tp-getsockname.patch
+ipv6-fix-incorrent-ipv6-ipsec-packet-fragment.patch
+net-bpf_jit-fix-bpf_s_ldx_b_msh-compilation.patch
+net-fix-a-potential-rcu_read_lock-imbalance-in-rt6_fill_node.patch
+net-fix-napi_reuse_skb-skb-reserve.patch
+remove-printk-from-rds_sendmsg.patch
+sky2-override-for-pci-legacy-power-management.patch
+xfrm-access-the-replay-notify-functions-via-the-registered-callbacks.patch
--- /dev/null
+From 4e541d17f7a70db2bbd3d7800d0afd1196f772e2 Mon Sep 17 00:00:00 2001
+From: stephen hemminger <shemminger@vyatta.com>
+Date: Wed, 21 Mar 2012 05:32:05 +0000
+Subject: sky2: override for PCI legacy power management
+
+
+From: stephen hemminger <shemminger@vyatta.com>
+
+[ Upstream commit 5676cc7bfe1e388e87843f71daa229610385b41e ]
+
+Some BIOS's don't setup power management correctly (what else is
+new) and don't allow use of PCI Express power control. Add a special
+exception module parameter to allow working around this issue.
+Based on slightly different patch by Knut Petersen.
+
+Reported-by: Arkadiusz Miskiewicz <arekm@maven.pl>
+Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/marvell/sky2.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+--- a/drivers/net/ethernet/marvell/sky2.c
++++ b/drivers/net/ethernet/marvell/sky2.c
+@@ -95,6 +95,10 @@ static int disable_msi = 0;
+ module_param(disable_msi, int, 0);
+ MODULE_PARM_DESC(disable_msi, "Disable Message Signaled Interrupt (MSI)");
+
++static int legacy_pme = 0;
++module_param(legacy_pme, int, 0);
++MODULE_PARM_DESC(legacy_pme, "Legacy power management");
++
+ static DEFINE_PCI_DEVICE_TABLE(sky2_id_table) = {
+ { PCI_DEVICE(PCI_VENDOR_ID_SYSKONNECT, 0x9000) }, /* SK-9Sxx */
+ { PCI_DEVICE(PCI_VENDOR_ID_SYSKONNECT, 0x9E00) }, /* SK-9Exx */
+@@ -867,6 +871,13 @@ static void sky2_wol_init(struct sky2_po
+ /* Disable PiG firmware */
+ sky2_write16(hw, B0_CTST, Y2_HW_WOL_OFF);
+
++ /* Needed by some broken BIOSes, use PCI rather than PCI-e for WOL */
++ if (legacy_pme) {
++ u32 reg1 = sky2_pci_read32(hw, PCI_DEV_REG1);
++ reg1 |= PCI_Y2_PME_LEGACY;
++ sky2_pci_write32(hw, PCI_DEV_REG1, reg1);
++ }
++
+ /* block receiver */
+ sky2_write8(hw, SK_REG(port, RX_GMF_CTRL_T), GMF_RST_SET);
+ sky2_read32(hw, B0_CTST);
--- /dev/null
+From 3a1a2612bf6b5d17df2b63c7ca03d67fbe15a15a Mon Sep 17 00:00:00 2001
+From: Steffen Klassert <steffen.klassert@secunet.com>
+Date: Wed, 21 Mar 2012 23:36:13 +0000
+Subject: xfrm: Access the replay notify functions via the registered callbacks
+
+
+From: Steffen Klassert <steffen.klassert@secunet.com>
+
+[ Upstream commit 1265fd616782ef03b98fd19f65c2b47fcd4ea11f ]
+
+We call the wrong replay notify function when we use ESN replay
+handling. This leads to the fact that we don't send notifications
+if we use ESN. Fix this by calling the registered callbacks instead
+of xfrm_replay_notify().
+
+Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/xfrm/xfrm_replay.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/net/xfrm/xfrm_replay.c
++++ b/net/xfrm/xfrm_replay.c
+@@ -167,7 +167,7 @@ static void xfrm_replay_advance(struct x
+ }
+
+ if (xfrm_aevent_is_on(xs_net(x)))
+- xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
++ x->repl->notify(x, XFRM_REPLAY_UPDATE);
+ }
+
+ static int xfrm_replay_overflow_bmp(struct xfrm_state *x, struct sk_buff *skb)
+@@ -279,7 +279,7 @@ static void xfrm_replay_advance_bmp(stru
+ replay_esn->bmp[nr] |= (1U << bitnr);
+
+ if (xfrm_aevent_is_on(xs_net(x)))
+- xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
++ x->repl->notify(x, XFRM_REPLAY_UPDATE);
+ }
+
+ static void xfrm_replay_notify_bmp(struct xfrm_state *x, int event)
+@@ -473,7 +473,7 @@ static void xfrm_replay_advance_esn(stru
+ replay_esn->bmp[nr] |= (1U << bitnr);
+
+ if (xfrm_aevent_is_on(xs_net(x)))
+- xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
++ x->repl->notify(x, XFRM_REPLAY_UPDATE);
+ }
+
+ static struct xfrm_replay xfrm_replay_legacy = {
projects / thirdparty / kernel / stable-queue.git / commitdiff
