From a6aacfc8c675c7c85045a88a3bc109523f2526fc Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Tue, 7 Oct 2014 09:53:04 -0700
Subject: [PATCH] 3.10-stable patches

added patches:
	drbd-fix-regression-out-of-mem-failed-to-invoke-fence-peer-helper.patch
	nl80211-clear-skb-cb-before-passing-to-netlink.patch
---
 ...m-failed-to-invoke-fence-peer-helper.patch | 41 +++++++++++++++
 ...ear-skb-cb-before-passing-to-netlink.patch | 50 +++++++++++++++++++
 queue-3.10/series                             |  2 +
 3 files changed, 93 insertions(+)
 create mode 100644 queue-3.10/drbd-fix-regression-out-of-mem-failed-to-invoke-fence-peer-helper.patch
 create mode 100644 queue-3.10/nl80211-clear-skb-cb-before-passing-to-netlink.patch

diff --git a/queue-3.10/drbd-fix-regression-out-of-mem-failed-to-invoke-fence-peer-helper.patch b/queue-3.10/drbd-fix-regression-out-of-mem-failed-to-invoke-fence-peer-helper.patch
new file mode 100644
index 00000000000..831fe33a19b
--- /dev/null
+++ b/queue-3.10/drbd-fix-regression-out-of-mem-failed-to-invoke-fence-peer-helper.patch
@@ -0,0 +1,41 @@
+From bbc1c5e8ad6dfebf9d13b8a4ccdf66c92913eac9 Mon Sep 17 00:00:00 2001
+From: Lars Ellenberg <lars.ellenberg@linbit.com>
+Date: Wed, 9 Jul 2014 21:18:32 +0200
+Subject: drbd: fix regression 'out of mem, failed to invoke fence-peer helper'
+
+From: Lars Ellenberg <lars.ellenberg@linbit.com>
+
+commit bbc1c5e8ad6dfebf9d13b8a4ccdf66c92913eac9 upstream.
+
+Since linux kernel 3.13, kthread_run() internally uses
+wait_for_completion_killable().  We sometimes may use kthread_run()
+while we still have a signal pending, which we used to kick our threads
+out of potentially blocking network functions, causing kthread_run() to
+mistake that as a new fatal signal and fail.
+
+Fix: flush_signals() before kthread_run().
+
+Signed-off-by: Philipp Reisner <philipp.reisner@linbit.com>
+Signed-off-by: Lars Ellenberg <lars.ellenberg@linbit.com>
+Signed-off-by: Jens Axboe <axboe@fb.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/block/drbd/drbd_nl.c |    6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/drivers/block/drbd/drbd_nl.c
++++ b/drivers/block/drbd/drbd_nl.c
+@@ -514,6 +514,12 @@ void conn_try_outdate_peer_async(struct
+ 	struct task_struct *opa;
+ 
+ 	kref_get(&tconn->kref);
++	/* We may just have force_sig()'ed this thread
++	 * to get it out of some blocking network function.
++	 * Clear signals; otherwise kthread_run(), which internally uses
++	 * wait_on_completion_killable(), will mistake our pending signal
++	 * for a new fatal signal and fail. */
++	flush_signals(current);
+ 	opa = kthread_run(_try_outdate_peer_async, tconn, "drbd_async_h");
+ 	if (IS_ERR(opa)) {
+ 		conn_err(tconn, "out of mem, failed to invoke fence-peer helper\n");
diff --git a/queue-3.10/nl80211-clear-skb-cb-before-passing-to-netlink.patch b/queue-3.10/nl80211-clear-skb-cb-before-passing-to-netlink.patch
new file mode 100644
index 00000000000..d26a68989fe
--- /dev/null
+++ b/queue-3.10/nl80211-clear-skb-cb-before-passing-to-netlink.patch
@@ -0,0 +1,50 @@
+From bd8c78e78d5011d8111bc2533ee73b13a3bd6c42 Mon Sep 17 00:00:00 2001
+From: Johannes Berg <johannes.berg@intel.com>
+Date: Wed, 30 Jul 2014 14:55:26 +0200
+Subject: nl80211: clear skb cb before passing to netlink
+
+From: Johannes Berg <johannes.berg@intel.com>
+
+commit bd8c78e78d5011d8111bc2533ee73b13a3bd6c42 upstream.
+
+In testmode and vendor command reply/event SKBs we use the
+skb cb data to store nl80211 parameters between allocation
+and sending. This causes the code for CONFIG_NETLINK_MMAP
+to get confused, because it takes ownership of the skb cb
+data when the SKB is handed off to netlink, and it doesn't
+explicitly clear it.
+
+Clear the skb cb explicitly when we're done and before it
+gets passed to netlink to avoid this issue.
+
+Reported-by: Assaf Azulay <assaf.azulay@intel.com>
+Reported-by: David Spinadel <david.spinadel@intel.com>
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/wireless/nl80211.c |    6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/net/wireless/nl80211.c
++++ b/net/wireless/nl80211.c
+@@ -6568,6 +6568,9 @@ int cfg80211_testmode_reply(struct sk_bu
+ 	void *hdr = ((void **)skb->cb)[1];
+ 	struct nlattr *data = ((void **)skb->cb)[2];
+ 
++	/* clear CB data for netlink core to own from now on */
++	memset(skb->cb, 0, sizeof(skb->cb));
++
+ 	if (WARN_ON(!rdev->testmode_info)) {
+ 		kfree_skb(skb);
+ 		return -EINVAL;
+@@ -6594,6 +6597,9 @@ void cfg80211_testmode_event(struct sk_b
+ 	void *hdr = ((void **)skb->cb)[1];
+ 	struct nlattr *data = ((void **)skb->cb)[2];
+ 
++	/* clear CB data for netlink core to own from now on */
++	memset(skb->cb, 0, sizeof(skb->cb));
++
+ 	nla_nest_end(skb, data);
+ 	genlmsg_end(skb, hdr);
+ 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), skb, 0,
diff --git a/queue-3.10/series b/queue-3.10/series
index 1fad7d02d91..2f3356f36ea 100644
--- a/queue-3.10/series
+++ b/queue-3.10/series
@@ -7,3 +7,5 @@ mm-numa-do-not-mark-ptes-pte_numa-when-splitting-huge-pages.patch
 media-vb2-fix-vbi-poll-regression.patch
 md-raid5-disable-discard-by-default-due-to-safety-concerns.patch
 jiffies-fix-timeval-conversion-to-jiffies.patch
+drbd-fix-regression-out-of-mem-failed-to-invoke-fence-peer-helper.patch
+nl80211-clear-skb-cb-before-passing-to-netlink.patch
-- 
2.47.3