From 38fd5b6f5c3025413b6fa40c4cc06287ca5e40a3 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@suse.de>
Date: Mon, 1 Aug 2011 15:59:18 -0700
Subject: [PATCH] 2.6.39 patches

---
 ...y-reset-frag0-when-skb-can-be-pulled.patch | 40 +++++++++++++++++++
 queue-2.6.39/series                           |  1 +
 2 files changed, 41 insertions(+)
 create mode 100644 queue-2.6.39/gro-only-reset-frag0-when-skb-can-be-pulled.patch

diff --git a/queue-2.6.39/gro-only-reset-frag0-when-skb-can-be-pulled.patch b/queue-2.6.39/gro-only-reset-frag0-when-skb-can-be-pulled.patch
new file mode 100644
index 00000000000..87c2502be7c
--- /dev/null
+++ b/queue-2.6.39/gro-only-reset-frag0-when-skb-can-be-pulled.patch
@@ -0,0 +1,40 @@
+From 17dd759c67f21e34f2156abcf415e1f60605a188 Mon Sep 17 00:00:00 2001
+From: Herbert Xu <herbert@gondor.apana.org.au>
+Date: Wed, 27 Jul 2011 06:16:28 -0700
+Subject: gro: Only reset frag0 when skb can be pulled
+
+From: Herbert Xu <herbert@gondor.apana.org.au>
+
+commit 17dd759c67f21e34f2156abcf415e1f60605a188 upstream.
+
+Currently skb_gro_header_slow unconditionally resets frag0 and
+frag0_len.  However, when we can't pull on the skb this leaves
+the GRO fields in an inconsistent state.
+
+This patch fixes this by only resetting those fields after the
+pskb_may_pull test.
+
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ include/linux/netdevice.h |    5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+--- a/include/linux/netdevice.h
++++ b/include/linux/netdevice.h
+@@ -1680,9 +1680,12 @@ static inline int skb_gro_header_hard(st
+ static inline void *skb_gro_header_slow(struct sk_buff *skb, unsigned int hlen,
+ 					unsigned int offset)
+ {
++	if (!pskb_may_pull(skb, hlen))
++		return NULL;
++
+ 	NAPI_GRO_CB(skb)->frag0 = NULL;
+ 	NAPI_GRO_CB(skb)->frag0_len = 0;
+-	return pskb_may_pull(skb, hlen) ? skb->data + offset : NULL;
++	return skb->data + offset;
+ }
+ 
+ static inline void *skb_gro_mac_header(struct sk_buff *skb)
diff --git a/queue-2.6.39/series b/queue-2.6.39/series
index 65f1e3532a7..fc479c23d12 100644
--- a/queue-2.6.39/series
+++ b/queue-2.6.39/series
@@ -67,3 +67,4 @@ vfs-fix-race-in-rcu-lookup-of-pruned-dentry.patch
 cifs-fix-wsize-negotiation-to-respect-max-buffer-size-and.patch
 cifs-lower-default-and-max-wsize-to-what-2.6.39-can-handle.patch
 bridge-send-proper-message_age-in-config-bpdu.patch
+gro-only-reset-frag0-when-skb-can-be-pulled.patch
-- 
2.47.3