--- /dev/null
+From foo@baz Tue 02 Jul 2019 06:09:00 AM CEST
+From: Neil Horman <nhorman@tuxdriver.com>
+Date: Tue, 25 Jun 2019 17:57:49 -0400
+Subject: af_packet: Block execution of tasks waiting for transmit to complete in AF_PACKET
+
+From: Neil Horman <nhorman@tuxdriver.com>
+
+[ Upstream commit 89ed5b519004a7706f50b70f611edbd3aaacff2c ]
+
+When an application is run that:
+a) Sets its scheduler to be SCHED_FIFO
+and
+b) Opens a memory mapped AF_PACKET socket, and sends frames with the
+MSG_DONTWAIT flag cleared, its possible for the application to hang
+forever in the kernel. This occurs because when waiting, the code in
+tpacket_snd calls schedule, which under normal circumstances allows
+other tasks to run, including ksoftirqd, which in some cases is
+responsible for freeing the transmitted skb (which in AF_PACKET calls a
+destructor that flips the status bit of the transmitted frame back to
+available, allowing the transmitting task to complete).
+
+However, when the calling application is SCHED_FIFO, its priority is
+such that the schedule call immediately places the task back on the cpu,
+preventing ksoftirqd from freeing the skb, which in turn prevents the
+transmitting task from detecting that the transmission is complete.
+
+We can fix this by converting the schedule call to a completion
+mechanism. By using a completion queue, we force the calling task, when
+it detects there are no more frames to send, to schedule itself off the
+cpu until such time as the last transmitted skb is freed, allowing
+forward progress to be made.
+
+Tested by myself and the reporter, with good results
+
+Change Notes:
+
+V1->V2:
+ Enhance the sleep logic to support being interruptible and
+allowing for honoring to SK_SNDTIMEO (Willem de Bruijn)
+
+V2->V3:
+ Rearrage the point at which we wait for the completion queue, to
+avoid needing to check for ph/skb being null at the end of the loop.
+Also move the complete call to the skb destructor to avoid needing to
+modify __packet_set_status. Also gate calling complete on
+packet_read_pending returning zero to avoid multiple calls to complete.
+(Willem de Bruijn)
+
+ Move timeo computation within loop, to re-fetch the socket
+timeout since we also use the timeo variable to record the return code
+from the wait_for_complete call (Neil Horman)
+
+V3->V4:
+ Willem has requested that the control flow be restored to the
+previous state. Doing so lets us eliminate the need for the
+po->wait_on_complete flag variable, and lets us get rid of the
+packet_next_frame function, but introduces another complexity.
+Specifically, but using the packet pending count, we can, if an
+applications calls sendmsg multiple times with MSG_DONTWAIT set, each
+set of transmitted frames, when complete, will cause
+tpacket_destruct_skb to issue a complete call, for which there will
+never be a wait_on_completion call. This imbalance will lead to any
+future call to wait_for_completion here to return early, when the frames
+they sent may not have completed. To correct this, we need to re-init
+the completion queue on every call to tpacket_snd before we enter the
+loop so as to ensure we wait properly for the frames we send in this
+iteration.
+
+ Change the timeout and interrupted gotos to out_put rather than
+out_status so that we don't try to free a non-existant skb
+ Clean up some extra newlines (Willem de Bruijn)
+
+Reviewed-by: Willem de Bruijn <willemb@google.com>
+Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
+Reported-by: Matteo Croce <mcroce@redhat.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/packet/af_packet.c | 20 +++++++++++++++++---
+ net/packet/internal.h | 1 +
+ 2 files changed, 18 insertions(+), 3 deletions(-)
+
+--- a/net/packet/af_packet.c
++++ b/net/packet/af_packet.c
+@@ -2409,6 +2409,9 @@ static void tpacket_destruct_skb(struct
+
+ ts = __packet_set_timestamp(po, ph, skb);
+ __packet_set_status(po, ph, TP_STATUS_AVAILABLE | ts);
++
++ if (!packet_read_pending(&po->tx_ring))
++ complete(&po->skb_completion);
+ }
+
+ sock_wfree(skb);
+@@ -2593,7 +2596,7 @@ static int tpacket_parse_header(struct p
+
+ static int tpacket_snd(struct packet_sock *po, struct msghdr *msg)
+ {
+- struct sk_buff *skb;
++ struct sk_buff *skb = NULL;
+ struct net_device *dev;
+ struct virtio_net_hdr *vnet_hdr = NULL;
+ struct sockcm_cookie sockc;
+@@ -2608,6 +2611,7 @@ static int tpacket_snd(struct packet_soc
+ int len_sum = 0;
+ int status = TP_STATUS_AVAILABLE;
+ int hlen, tlen, copylen = 0;
++ long timeo = 0;
+
+ mutex_lock(&po->pg_vec_lock);
+
+@@ -2654,12 +2658,21 @@ static int tpacket_snd(struct packet_soc
+ if ((size_max > dev->mtu + reserve + VLAN_HLEN) && !po->has_vnet_hdr)
+ size_max = dev->mtu + reserve + VLAN_HLEN;
+
++ reinit_completion(&po->skb_completion);
++
+ do {
+ ph = packet_current_frame(po, &po->tx_ring,
+ TP_STATUS_SEND_REQUEST);
+ if (unlikely(ph == NULL)) {
+- if (need_wait && need_resched())
+- schedule();
++ if (need_wait && skb) {
++ timeo = sock_sndtimeo(&po->sk, msg->msg_flags & MSG_DONTWAIT);
++ timeo = wait_for_completion_interruptible_timeout(&po->skb_completion, timeo);
++ if (timeo <= 0) {
++ err = !timeo ? -ETIMEDOUT : -ERESTARTSYS;
++ goto out_put;
++ }
++ }
++ /* check for additional frames */
+ continue;
+ }
+
+@@ -3215,6 +3228,7 @@ static int packet_create(struct net *net
+ sock_init_data(sock, sk);
+
+ po = pkt_sk(sk);
++ init_completion(&po->skb_completion);
+ sk->sk_family = PF_PACKET;
+ po->num = proto;
+ po->xmit = dev_queue_xmit;
+--- a/net/packet/internal.h
++++ b/net/packet/internal.h
+@@ -128,6 +128,7 @@ struct packet_sock {
+ unsigned int tp_hdrlen;
+ unsigned int tp_reserve;
+ unsigned int tp_tstamp;
++ struct completion skb_completion;
+ struct net_device __rcu *cached_dev;
+ int (*xmit)(struct sk_buff *skb);
+ struct packet_type prot_hook ____cacheline_aligned_in_smp;
--- /dev/null
+From foo@baz Tue 02 Jul 2019 06:09:00 AM CEST
+From: YueHaibing <yuehaibing@huawei.com>
+Date: Wed, 26 Jun 2019 16:08:44 +0800
+Subject: bonding: Always enable vlan tx offload
+
+From: YueHaibing <yuehaibing@huawei.com>
+
+[ Upstream commit 30d8177e8ac776d89d387fad547af6a0f599210e ]
+
+We build vlan on top of bonding interface, which vlan offload
+is off, bond mode is 802.3ad (LACP) and xmit_hash_policy is
+BOND_XMIT_POLICY_ENCAP34.
+
+Because vlan tx offload is off, vlan tci is cleared and skb push
+the vlan header in validate_xmit_vlan() while sending from vlan
+devices. Then in bond_xmit_hash, __skb_flow_dissect() fails to
+get information from protocol headers encapsulated within vlan,
+because 'nhoff' is points to IP header, so bond hashing is based
+on layer 2 info, which fails to distribute packets across slaves.
+
+This patch always enable bonding's vlan tx offload, pass the vlan
+packets to the slave devices with vlan tci, let them to handle
+vlan implementation.
+
+Fixes: 278339a42a1b ("bonding: propogate vlan_features to bonding master")
+Suggested-by: Jiri Pirko <jiri@resnulli.us>
+Signed-off-by: YueHaibing <yuehaibing@huawei.com>
+Acked-by: Jiri Pirko <jiri@mellanox.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/bonding/bond_main.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/net/bonding/bond_main.c
++++ b/drivers/net/bonding/bond_main.c
+@@ -4321,12 +4321,12 @@ void bond_setup(struct net_device *bond_
+ bond_dev->features |= NETIF_F_NETNS_LOCAL;
+
+ bond_dev->hw_features = BOND_VLAN_FEATURES |
+- NETIF_F_HW_VLAN_CTAG_TX |
+ NETIF_F_HW_VLAN_CTAG_RX |
+ NETIF_F_HW_VLAN_CTAG_FILTER;
+
+ bond_dev->hw_features |= NETIF_F_GSO_ENCAP_ALL | NETIF_F_GSO_UDP_L4;
+ bond_dev->features |= bond_dev->hw_features;
++ bond_dev->features |= NETIF_F_HW_VLAN_CTAG_TX | NETIF_F_HW_VLAN_STAG_TX;
+ }
+
+ /* Destroy a bonding device.
--- /dev/null
+From foo@baz Tue 02 Jul 2019 06:09:00 AM CEST
+From: Stephen Suryaputra <ssuryaextr@gmail.com>
+Date: Mon, 24 Jun 2019 20:14:06 -0400
+Subject: ipv4: Use return value of inet_iif() for __raw_v4_lookup in the while loop
+
+From: Stephen Suryaputra <ssuryaextr@gmail.com>
+
+[ Upstream commit 38c73529de13e1e10914de7030b659a2f8b01c3b ]
+
+In commit 19e4e768064a8 ("ipv4: Fix raw socket lookup for local
+traffic"), the dif argument to __raw_v4_lookup() is coming from the
+returned value of inet_iif() but the change was done only for the first
+lookup. Subsequent lookups in the while loop still use skb->dev->ifIndex.
+
+Fixes: 19e4e768064a8 ("ipv4: Fix raw socket lookup for local traffic")
+Signed-off-by: Stephen Suryaputra <ssuryaextr@gmail.com>
+Reviewed-by: David Ahern <dsahern@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv4/raw.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/ipv4/raw.c
++++ b/net/ipv4/raw.c
+@@ -201,7 +201,7 @@ static int raw_v4_input(struct sk_buff *
+ }
+ sk = __raw_v4_lookup(net, sk_next(sk), iph->protocol,
+ iph->saddr, iph->daddr,
+- skb->dev->ifindex, sdif);
++ dif, sdif);
+ }
+ out:
+ read_unlock(&raw_v4_hashinfo.lock);
--- /dev/null
+From foo@baz Tue 02 Jul 2019 06:09:00 AM CEST
+From: Dmitry Bogdanov <dmitry.bogdanov@aquantia.com>
+Date: Sat, 22 Jun 2019 08:46:37 +0000
+Subject: net: aquantia: fix vlans not working over bridged network
+
+From: Dmitry Bogdanov <dmitry.bogdanov@aquantia.com>
+
+[ Upstream commit 48dd73d08d4dda47ee31cc8611fb16840fc16803 ]
+
+In configuration of vlan over bridge over aquantia device
+it was found that vlan tagged traffic is dropped on chip.
+
+The reason is that bridge device enables promisc mode,
+but in atlantic chip vlan filters will still apply.
+So we have to corellate promisc settings with vlan configuration.
+
+The solution is to track in a separate state variable the
+need of vlan forced promisc. And also consider generic
+promisc configuration when doing vlan filter config.
+
+Fixes: 7975d2aff5af ("net: aquantia: add support of rx-vlan-filter offload")
+Signed-off-by: Dmitry Bogdanov <dmitry.bogdanov@aquantia.com>
+Signed-off-by: Igor Russkikh <igor.russkikh@aquantia.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/aquantia/atlantic/aq_filters.c | 10 +++++--
+ drivers/net/ethernet/aquantia/atlantic/aq_nic.c | 1
+ drivers/net/ethernet/aquantia/atlantic/aq_nic.h | 1
+ drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c | 19 +++++++++-----
+ 4 files changed, 23 insertions(+), 8 deletions(-)
+
+--- a/drivers/net/ethernet/aquantia/atlantic/aq_filters.c
++++ b/drivers/net/ethernet/aquantia/atlantic/aq_filters.c
+@@ -843,9 +843,14 @@ int aq_filters_vlans_update(struct aq_ni
+ return err;
+
+ if (aq_nic->ndev->features & NETIF_F_HW_VLAN_CTAG_FILTER) {
+- if (hweight < AQ_VLAN_MAX_FILTERS)
+- err = aq_hw_ops->hw_filter_vlan_ctrl(aq_hw, true);
++ if (hweight < AQ_VLAN_MAX_FILTERS && hweight > 0) {
++ err = aq_hw_ops->hw_filter_vlan_ctrl(aq_hw,
++ !(aq_nic->packet_filter & IFF_PROMISC));
++ aq_nic->aq_nic_cfg.is_vlan_force_promisc = false;
++ } else {
+ /* otherwise left in promiscue mode */
++ aq_nic->aq_nic_cfg.is_vlan_force_promisc = true;
++ }
+ }
+
+ return err;
+@@ -866,6 +871,7 @@ int aq_filters_vlan_offload_off(struct a
+ if (unlikely(!aq_hw_ops->hw_filter_vlan_ctrl))
+ return -EOPNOTSUPP;
+
++ aq_nic->aq_nic_cfg.is_vlan_force_promisc = true;
+ err = aq_hw_ops->hw_filter_vlan_ctrl(aq_hw, false);
+ if (err)
+ return err;
+--- a/drivers/net/ethernet/aquantia/atlantic/aq_nic.c
++++ b/drivers/net/ethernet/aquantia/atlantic/aq_nic.c
+@@ -117,6 +117,7 @@ void aq_nic_cfg_start(struct aq_nic_s *s
+
+ cfg->link_speed_msk &= cfg->aq_hw_caps->link_speed_msk;
+ cfg->features = cfg->aq_hw_caps->hw_features;
++ cfg->is_vlan_force_promisc = true;
+ }
+
+ static int aq_nic_update_link_status(struct aq_nic_s *self)
+--- a/drivers/net/ethernet/aquantia/atlantic/aq_nic.h
++++ b/drivers/net/ethernet/aquantia/atlantic/aq_nic.h
+@@ -36,6 +36,7 @@ struct aq_nic_cfg_s {
+ u32 flow_control;
+ u32 link_speed_msk;
+ u32 wol;
++ bool is_vlan_force_promisc;
+ u16 is_mc_list_enabled;
+ u16 mc_list_count;
+ bool is_autoneg;
+--- a/drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c
++++ b/drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c
+@@ -771,8 +771,15 @@ static int hw_atl_b0_hw_packet_filter_se
+ unsigned int packet_filter)
+ {
+ unsigned int i = 0U;
++ struct aq_nic_cfg_s *cfg = self->aq_nic_cfg;
++
++ hw_atl_rpfl2promiscuous_mode_en_set(self,
++ IS_FILTER_ENABLED(IFF_PROMISC));
++
++ hw_atl_rpf_vlan_prom_mode_en_set(self,
++ IS_FILTER_ENABLED(IFF_PROMISC) ||
++ cfg->is_vlan_force_promisc);
+
+- hw_atl_rpfl2promiscuous_mode_en_set(self, IS_FILTER_ENABLED(IFF_PROMISC));
+ hw_atl_rpfl2multicast_flr_en_set(self,
+ IS_FILTER_ENABLED(IFF_ALLMULTI), 0);
+
+@@ -781,13 +788,13 @@ static int hw_atl_b0_hw_packet_filter_se
+
+ hw_atl_rpfl2broadcast_en_set(self, IS_FILTER_ENABLED(IFF_BROADCAST));
+
+- self->aq_nic_cfg->is_mc_list_enabled = IS_FILTER_ENABLED(IFF_MULTICAST);
++ cfg->is_mc_list_enabled = IS_FILTER_ENABLED(IFF_MULTICAST);
+
+ for (i = HW_ATL_B0_MAC_MIN; i < HW_ATL_B0_MAC_MAX; ++i)
+ hw_atl_rpfl2_uc_flr_en_set(self,
+- (self->aq_nic_cfg->is_mc_list_enabled &&
+- (i <= self->aq_nic_cfg->mc_list_count)) ?
+- 1U : 0U, i);
++ (cfg->is_mc_list_enabled &&
++ (i <= cfg->mc_list_count)) ?
++ 1U : 0U, i);
+
+ return aq_hw_err_from_flags(self);
+ }
+@@ -1079,7 +1086,7 @@ static int hw_atl_b0_hw_vlan_set(struct
+ static int hw_atl_b0_hw_vlan_ctrl(struct aq_hw_s *self, bool enable)
+ {
+ /* set promisc in case of disabing the vland filter */
+- hw_atl_rpf_vlan_prom_mode_en_set(self, !!!enable);
++ hw_atl_rpf_vlan_prom_mode_en_set(self, !enable);
+
+ return aq_hw_err_from_flags(self);
+ }
--- /dev/null
+From foo@baz Tue 02 Jul 2019 06:09:00 AM CEST
+From: Eric Dumazet <edumazet@google.com>
+Date: Mon, 24 Jun 2019 02:38:20 -0700
+Subject: net/packet: fix memory leak in packet_set_ring()
+
+From: Eric Dumazet <edumazet@google.com>
+
+[ Upstream commit 55655e3d1197fff16a7a05088fb0e5eba50eac55 ]
+
+syzbot found we can leak memory in packet_set_ring(), if user application
+provides buggy parameters.
+
+Fixes: 7f953ab2ba46 ("af_packet: TX_RING support for TPACKET_V3")
+Signed-off-by: Eric Dumazet <edumazet@google.com>
+Cc: Sowmini Varadhan <sowmini.varadhan@oracle.com>
+Reported-by: syzbot <syzkaller@googlegroups.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/packet/af_packet.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/net/packet/af_packet.c
++++ b/net/packet/af_packet.c
+@@ -4341,7 +4341,7 @@ static int packet_set_ring(struct sock *
+ req3->tp_sizeof_priv ||
+ req3->tp_feature_req_word) {
+ err = -EINVAL;
+- goto out;
++ goto out_free_pg_vec;
+ }
+ }
+ break;
+@@ -4405,6 +4405,7 @@ static int packet_set_ring(struct sock *
+ prb_shutdown_retire_blk_timer(po, rb_queue);
+ }
+
++out_free_pg_vec:
+ if (pg_vec)
+ free_pg_vec(pg_vec, order, req->tp_block_nr);
+ out:
--- /dev/null
+From foo@baz Tue 02 Jul 2019 06:09:00 AM CEST
+From: JingYi Hou <houjingyi647@gmail.com>
+Date: Mon, 17 Jun 2019 14:56:05 +0800
+Subject: net: remove duplicate fetch in sock_getsockopt
+
+From: JingYi Hou <houjingyi647@gmail.com>
+
+[ Upstream commit d0bae4a0e3d8c5690a885204d7eb2341a5b4884d ]
+
+In sock_getsockopt(), 'optlen' is fetched the first time from userspace.
+'len < 0' is then checked. Then in condition 'SO_MEMINFO', 'optlen' is
+fetched the second time from userspace.
+
+If change it between two fetches may cause security problems or unexpected
+behaivor, and there is no reason to fetch it a second time.
+
+To fix this, we need to remove the second fetch.
+
+Signed-off-by: JingYi Hou <houjingyi647@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/core/sock.c | 3 ---
+ 1 file changed, 3 deletions(-)
+
+--- a/net/core/sock.c
++++ b/net/core/sock.c
+@@ -1482,9 +1482,6 @@ int sock_getsockopt(struct socket *sock,
+ {
+ u32 meminfo[SK_MEMINFO_VARS];
+
+- if (get_user(len, optlen))
+- return -EFAULT;
+-
+ sk_get_meminfo(sk, meminfo);
+
+ len = min_t(unsigned int, len, sizeof(meminfo));
--- /dev/null
+From foo@baz Tue 02 Jul 2019 06:09:00 AM CEST
+From: Roland Hii <roland.king.guan.hii@intel.com>
+Date: Wed, 19 Jun 2019 22:13:48 +0800
+Subject: net: stmmac: fixed new system time seconds value calculation
+
+From: Roland Hii <roland.king.guan.hii@intel.com>
+
+[ Upstream commit a1e5388b4d5fc78688e5e9ee6641f779721d6291 ]
+
+When ADDSUB bit is set, the system time seconds field is calculated as
+the complement of the seconds part of the update value.
+
+For example, if 3.000000001 seconds need to be subtracted from the
+system time, this field is calculated as
+2^32 - 3 = 4294967296 - 3 = 0x100000000 - 3 = 0xFFFFFFFD
+
+Previously, the 0x100000000 is mistakenly written as 100000000.
+
+This is further simplified from
+ sec = (0x100000000ULL - sec);
+to
+ sec = -sec;
+
+Fixes: ba1ffd74df74 ("stmmac: fix PTP support for GMAC4")
+Signed-off-by: Roland Hii <roland.king.guan.hii@intel.com>
+Signed-off-by: Ong Boon Leong <boon.leong.ong@intel.com>
+Signed-off-by: Voon Weifeng <weifeng.voon@intel.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/stmicro/stmmac/stmmac_hwtstamp.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_hwtstamp.c
++++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_hwtstamp.c
+@@ -122,7 +122,7 @@ static int adjust_systime(void __iomem *
+ * programmed with (2^32 – <new_sec_value>)
+ */
+ if (gmac4)
+- sec = (100000000ULL - sec);
++ sec = -sec;
+
+ value = readl(ioaddr + PTP_TCR);
+ if (value & PTP_TCR_TSCTRLSSR)
--- /dev/null
+From foo@baz Tue 02 Jul 2019 06:09:00 AM CEST
+From: Roland Hii <roland.king.guan.hii@intel.com>
+Date: Wed, 19 Jun 2019 22:41:48 +0800
+Subject: net: stmmac: set IC bit when transmitting frames with HW timestamp
+
+From: Roland Hii <roland.king.guan.hii@intel.com>
+
+[ Upstream commit d0bb82fd60183868f46c8ccc595a3d61c3334a18 ]
+
+When transmitting certain PTP frames, e.g. SYNC and DELAY_REQ, the
+PTP daemon, e.g. ptp4l, is polling the driver for the frame transmit
+hardware timestamp. The polling will most likely timeout if the tx
+coalesce is enabled due to the Interrupt-on-Completion (IC) bit is
+not set in tx descriptor for those frames.
+
+This patch will ignore the tx coalesce parameter and set the IC bit
+when transmitting PTP frames which need to report out the frame
+transmit hardware timestamp to user space.
+
+Fixes: f748be531d70 ("net: stmmac: Rework coalesce timer and fix multi-queue races")
+Signed-off-by: Roland Hii <roland.king.guan.hii@intel.com>
+Signed-off-by: Ong Boon Leong <boon.leong.ong@intel.com>
+Signed-off-by: Voon Weifeng <weifeng.voon@intel.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 22 ++++++++++++++--------
+ 1 file changed, 14 insertions(+), 8 deletions(-)
+
+--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
++++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
+@@ -2957,12 +2957,15 @@ static netdev_tx_t stmmac_tso_xmit(struc
+
+ /* Manage tx mitigation */
+ tx_q->tx_count_frames += nfrags + 1;
+- if (priv->tx_coal_frames <= tx_q->tx_count_frames) {
++ if (likely(priv->tx_coal_frames > tx_q->tx_count_frames) &&
++ !(priv->synopsys_id >= DWMAC_CORE_4_00 &&
++ (skb_shinfo(skb)->tx_flags & SKBTX_HW_TSTAMP) &&
++ priv->hwts_tx_en)) {
++ stmmac_tx_timer_arm(priv, queue);
++ } else {
++ tx_q->tx_count_frames = 0;
+ stmmac_set_tx_ic(priv, desc);
+ priv->xstats.tx_set_ic_bit++;
+- tx_q->tx_count_frames = 0;
+- } else {
+- stmmac_tx_timer_arm(priv, queue);
+ }
+
+ skb_tx_timestamp(skb);
+@@ -3176,12 +3179,15 @@ static netdev_tx_t stmmac_xmit(struct sk
+ * element in case of no SG.
+ */
+ tx_q->tx_count_frames += nfrags + 1;
+- if (priv->tx_coal_frames <= tx_q->tx_count_frames) {
++ if (likely(priv->tx_coal_frames > tx_q->tx_count_frames) &&
++ !(priv->synopsys_id >= DWMAC_CORE_4_00 &&
++ (skb_shinfo(skb)->tx_flags & SKBTX_HW_TSTAMP) &&
++ priv->hwts_tx_en)) {
++ stmmac_tx_timer_arm(priv, queue);
++ } else {
++ tx_q->tx_count_frames = 0;
+ stmmac_set_tx_ic(priv, desc);
+ priv->xstats.tx_set_ic_bit++;
+- tx_q->tx_count_frames = 0;
+- } else {
+- stmmac_tx_timer_arm(priv, queue);
+ }
+
+ skb_tx_timestamp(skb);
--- /dev/null
+From foo@baz Tue 02 Jul 2019 06:09:00 AM CEST
+From: Dirk van der Merwe <dirk.vandermerwe@netronome.com>
+Date: Sun, 23 Jun 2019 21:26:58 -0700
+Subject: net/tls: fix page double free on TX cleanup
+
+From: Dirk van der Merwe <dirk.vandermerwe@netronome.com>
+
+[ Upstream commit 9354544cbccf68da1b047f8fb7b47630e3c8a59d ]
+
+With commit 94850257cf0f ("tls: Fix tls_device handling of partial records")
+a new path was introduced to cleanup partial records during sk_proto_close.
+This path does not handle the SW KTLS tx_list cleanup.
+
+This is unnecessary though since the free_resources calls for both
+SW and offload paths will cleanup a partial record.
+
+The visible effect is the following warning, but this bug also causes
+a page double free.
+
+ WARNING: CPU: 7 PID: 4000 at net/core/stream.c:206 sk_stream_kill_queues+0x103/0x110
+ RIP: 0010:sk_stream_kill_queues+0x103/0x110
+ RSP: 0018:ffffb6df87e07bd0 EFLAGS: 00010206
+ RAX: 0000000000000000 RBX: ffff8c21db4971c0 RCX: 0000000000000007
+ RDX: ffffffffffffffa0 RSI: 000000000000001d RDI: ffff8c21db497270
+ RBP: ffff8c21db497270 R08: ffff8c29f4748600 R09: 000000010020001a
+ R10: ffffb6df87e07aa0 R11: ffffffff9a445600 R12: 0000000000000007
+ R13: 0000000000000000 R14: ffff8c21f03f2900 R15: ffff8c21f03b8df0
+ Call Trace:
+ inet_csk_destroy_sock+0x55/0x100
+ tcp_close+0x25d/0x400
+ ? tcp_check_oom+0x120/0x120
+ tls_sk_proto_close+0x127/0x1c0
+ inet_release+0x3c/0x60
+ __sock_release+0x3d/0xb0
+ sock_close+0x11/0x20
+ __fput+0xd8/0x210
+ task_work_run+0x84/0xa0
+ do_exit+0x2dc/0xb90
+ ? release_sock+0x43/0x90
+ do_group_exit+0x3a/0xa0
+ get_signal+0x295/0x720
+ do_signal+0x36/0x610
+ ? SYSC_recvfrom+0x11d/0x130
+ exit_to_usermode_loop+0x69/0xb0
+ do_syscall_64+0x173/0x180
+ entry_SYSCALL_64_after_hwframe+0x3d/0xa2
+ RIP: 0033:0x7fe9b9abc10d
+ RSP: 002b:00007fe9b19a1d48 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
+ RAX: fffffffffffffe00 RBX: 0000000000000006 RCX: 00007fe9b9abc10d
+ RDX: 0000000000000002 RSI: 0000000000000080 RDI: 00007fe948003430
+ RBP: 00007fe948003410 R08: 00007fe948003430 R09: 0000000000000000
+ R10: 0000000000000000 R11: 0000000000000246 R12: 00005603739d9080
+ R13: 00007fe9b9ab9f90 R14: 00007fe948003430 R15: 0000000000000000
+
+Fixes: 94850257cf0f ("tls: Fix tls_device handling of partial records")
+Signed-off-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com>
+Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ include/net/tls.h | 15 ---------------
+ net/tls/tls_main.c | 3 ++-
+ 2 files changed, 2 insertions(+), 16 deletions(-)
+
+--- a/include/net/tls.h
++++ b/include/net/tls.h
+@@ -347,21 +347,6 @@ static inline bool tls_is_partially_sent
+ return !!ctx->partially_sent_record;
+ }
+
+-static inline int tls_complete_pending_work(struct sock *sk,
+- struct tls_context *ctx,
+- int flags, long *timeo)
+-{
+- int rc = 0;
+-
+- if (unlikely(sk->sk_write_pending))
+- rc = wait_on_pending_writer(sk, timeo);
+-
+- if (!rc && tls_is_partially_sent_record(ctx))
+- rc = tls_push_partial_record(sk, ctx, flags);
+-
+- return rc;
+-}
+-
+ static inline bool tls_is_pending_open_record(struct tls_context *tls_ctx)
+ {
+ return tls_ctx->pending_open_record_frags;
+--- a/net/tls/tls_main.c
++++ b/net/tls/tls_main.c
+@@ -279,7 +279,8 @@ static void tls_sk_proto_close(struct so
+ goto skip_tx_cleanup;
+ }
+
+- if (!tls_complete_pending_work(sk, ctx, 0, &timeo))
++ if (unlikely(sk->sk_write_pending) &&
++ !wait_on_pending_writer(sk, &timeo))
+ tls_handle_open_record(sk, 0);
+
+ /* We need these for tls_sw_fallback handling of other packets */
--- /dev/null
+From foo@baz Tue 02 Jul 2019 06:09:00 AM CEST
+From: Xin Long <lucien.xin@gmail.com>
+Date: Tue, 25 Jun 2019 00:21:45 +0800
+Subject: sctp: change to hold sk after auth shkey is created successfully
+
+From: Xin Long <lucien.xin@gmail.com>
+
+[ Upstream commit 25bff6d5478b2a02368097015b7d8eb727c87e16 ]
+
+Now in sctp_endpoint_init(), it holds the sk then creates auth
+shkey. But when the creation fails, it doesn't release the sk,
+which causes a sk defcnf leak,
+
+Here to fix it by only holding the sk when auth shkey is created
+successfully.
+
+Fixes: a29a5bd4f5c3 ("[SCTP]: Implement SCTP-AUTH initializations.")
+Reported-by: syzbot+afabda3890cc2f765041@syzkaller.appspotmail.com
+Reported-by: syzbot+276ca1c77a19977c0130@syzkaller.appspotmail.com
+Signed-off-by: Xin Long <lucien.xin@gmail.com>
+Acked-by: Neil Horman <nhorman@redhat.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/sctp/endpointola.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+--- a/net/sctp/endpointola.c
++++ b/net/sctp/endpointola.c
+@@ -133,10 +133,6 @@ static struct sctp_endpoint *sctp_endpoi
+ /* Initialize the bind addr area */
+ sctp_bind_addr_init(&ep->base.bind_addr, 0);
+
+- /* Remember who we are attached to. */
+- ep->base.sk = sk;
+- sock_hold(ep->base.sk);
+-
+ /* Create the lists of associations. */
+ INIT_LIST_HEAD(&ep->asocs);
+
+@@ -169,6 +165,10 @@ static struct sctp_endpoint *sctp_endpoi
+ ep->prsctp_enable = net->sctp.prsctp_enable;
+ ep->reconf_enable = net->sctp.reconf_enable;
+
++ /* Remember who we are attached to. */
++ ep->base.sk = sk;
++ sock_hold(ep->base.sk);
++
+ return ep;
+
+ nomem_shkey:
cpu-speculation-warn-on-unsupported-mitigations-parameter.patch
sunrpc-fix-up-calculation-of-client-message-length.patch
irqchip-mips-gic-use-the-correct-local-interrupt-map-registers.patch
+af_packet-block-execution-of-tasks-waiting-for-transmit-to-complete-in-af_packet.patch
+bonding-always-enable-vlan-tx-offload.patch
+ipv4-use-return-value-of-inet_iif-for-__raw_v4_lookup-in-the-while-loop.patch
+net-packet-fix-memory-leak-in-packet_set_ring.patch
+net-remove-duplicate-fetch-in-sock_getsockopt.patch
+net-stmmac-fixed-new-system-time-seconds-value-calculation.patch
+net-stmmac-set-ic-bit-when-transmitting-frames-with-hw-timestamp.patch
+net-tls-fix-page-double-free-on-tx-cleanup.patch
+sctp-change-to-hold-sk-after-auth-shkey-is-created-successfully.patch
+team-always-enable-vlan-tx-offload.patch
+tipc-change-to-use-register_pernet_device.patch
+tipc-check-msg-req-data-len-in-tipc_nl_compat_bearer_disable.patch
+tun-wake-up-waitqueues-after-iff_up-is-set.patch
+net-aquantia-fix-vlans-not-working-over-bridged-network.patch
--- /dev/null
+From foo@baz Tue 02 Jul 2019 06:09:00 AM CEST
+From: YueHaibing <yuehaibing@huawei.com>
+Date: Thu, 27 Jun 2019 00:03:39 +0800
+Subject: team: Always enable vlan tx offload
+
+From: YueHaibing <yuehaibing@huawei.com>
+
+[ Upstream commit ee4297420d56a0033a8593e80b33fcc93fda8509 ]
+
+We should rather have vlan_tci filled all the way down
+to the transmitting netdevice and let it do the hw/sw
+vlan implementation.
+
+Suggested-by: Jiri Pirko <jiri@resnulli.us>
+Signed-off-by: YueHaibing <yuehaibing@huawei.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/team/team.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/net/team/team.c
++++ b/drivers/net/team/team.c
+@@ -2135,12 +2135,12 @@ static void team_setup(struct net_device
+ dev->features |= NETIF_F_NETNS_LOCAL;
+
+ dev->hw_features = TEAM_VLAN_FEATURES |
+- NETIF_F_HW_VLAN_CTAG_TX |
+ NETIF_F_HW_VLAN_CTAG_RX |
+ NETIF_F_HW_VLAN_CTAG_FILTER;
+
+ dev->hw_features |= NETIF_F_GSO_ENCAP_ALL | NETIF_F_GSO_UDP_L4;
+ dev->features |= dev->hw_features;
++ dev->features |= NETIF_F_HW_VLAN_CTAG_TX | NETIF_F_HW_VLAN_STAG_TX;
+ }
+
+ static int team_newlink(struct net *src_net, struct net_device *dev,
--- /dev/null
+From foo@baz Tue 02 Jul 2019 06:09:00 AM CEST
+From: Xin Long <lucien.xin@gmail.com>
+Date: Thu, 20 Jun 2019 18:39:28 +0800
+Subject: tipc: change to use register_pernet_device
+
+From: Xin Long <lucien.xin@gmail.com>
+
+[ Upstream commit c492d4c74dd3f87559883ffa0f94a8f1ae3fe5f5 ]
+
+This patch is to fix a dst defcnt leak, which can be reproduced by doing:
+
+ # ip net a c; ip net a s; modprobe tipc
+ # ip net e s ip l a n eth1 type veth peer n eth1 netns c
+ # ip net e c ip l s lo up; ip net e c ip l s eth1 up
+ # ip net e s ip l s lo up; ip net e s ip l s eth1 up
+ # ip net e c ip a a 1.1.1.2/8 dev eth1
+ # ip net e s ip a a 1.1.1.1/8 dev eth1
+ # ip net e c tipc b e m udp n u1 localip 1.1.1.2
+ # ip net e s tipc b e m udp n u1 localip 1.1.1.1
+ # ip net d c; ip net d s; rmmod tipc
+
+and it will get stuck and keep logging the error:
+
+ unregister_netdevice: waiting for lo to become free. Usage count = 1
+
+The cause is that a dst is held by the udp sock's sk_rx_dst set on udp rx
+path with udp_early_demux == 1, and this dst (eventually holding lo dev)
+can't be released as bearer's removal in tipc pernet .exit happens after
+lo dev's removal, default_device pernet .exit.
+
+ "There are two distinct types of pernet_operations recognized: subsys and
+ device. At creation all subsys init functions are called before device
+ init functions, and at destruction all device exit functions are called
+ before subsys exit function."
+
+So by calling register_pernet_device instead to register tipc_net_ops, the
+pernet .exit() will be invoked earlier than loopback dev's removal when a
+netns is being destroyed, as fou/gue does.
+
+Note that vxlan and geneve udp tunnels don't have this issue, as the udp
+sock is released in their device ndo_stop().
+
+This fix is also necessary for tipc dst_cache, which will hold dsts on tx
+path and I will introduce in my next patch.
+
+Reported-by: Li Shuang <shuali@redhat.com>
+Signed-off-by: Xin Long <lucien.xin@gmail.com>
+Acked-by: Jon Maloy <jon.maloy@ericsson.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/tipc/core.c | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+--- a/net/tipc/core.c
++++ b/net/tipc/core.c
+@@ -132,7 +132,7 @@ static int __init tipc_init(void)
+ if (err)
+ goto out_sysctl;
+
+- err = register_pernet_subsys(&tipc_net_ops);
++ err = register_pernet_device(&tipc_net_ops);
+ if (err)
+ goto out_pernet;
+
+@@ -140,7 +140,7 @@ static int __init tipc_init(void)
+ if (err)
+ goto out_socket;
+
+- err = register_pernet_subsys(&tipc_topsrv_net_ops);
++ err = register_pernet_device(&tipc_topsrv_net_ops);
+ if (err)
+ goto out_pernet_topsrv;
+
+@@ -151,11 +151,11 @@ static int __init tipc_init(void)
+ pr_info("Started in single node mode\n");
+ return 0;
+ out_bearer:
+- unregister_pernet_subsys(&tipc_topsrv_net_ops);
++ unregister_pernet_device(&tipc_topsrv_net_ops);
+ out_pernet_topsrv:
+ tipc_socket_stop();
+ out_socket:
+- unregister_pernet_subsys(&tipc_net_ops);
++ unregister_pernet_device(&tipc_net_ops);
+ out_pernet:
+ tipc_unregister_sysctl();
+ out_sysctl:
+@@ -170,9 +170,9 @@ out_netlink:
+ static void __exit tipc_exit(void)
+ {
+ tipc_bearer_cleanup();
+- unregister_pernet_subsys(&tipc_topsrv_net_ops);
++ unregister_pernet_device(&tipc_topsrv_net_ops);
+ tipc_socket_stop();
+- unregister_pernet_subsys(&tipc_net_ops);
++ unregister_pernet_device(&tipc_net_ops);
+ tipc_netlink_stop();
+ tipc_netlink_compat_stop();
+ tipc_unregister_sysctl();
--- /dev/null
+From foo@baz Tue 02 Jul 2019 06:09:00 AM CEST
+From: Xin Long <lucien.xin@gmail.com>
+Date: Tue, 25 Jun 2019 00:28:19 +0800
+Subject: tipc: check msg->req data len in tipc_nl_compat_bearer_disable
+
+From: Xin Long <lucien.xin@gmail.com>
+
+[ Upstream commit 4f07b80c973348a99b5d2a32476a2e7877e94a05 ]
+
+This patch is to fix an uninit-value issue, reported by syzbot:
+
+ BUG: KMSAN: uninit-value in memchr+0xce/0x110 lib/string.c:981
+ Call Trace:
+ __dump_stack lib/dump_stack.c:77 [inline]
+ dump_stack+0x191/0x1f0 lib/dump_stack.c:113
+ kmsan_report+0x130/0x2a0 mm/kmsan/kmsan.c:622
+ __msan_warning+0x75/0xe0 mm/kmsan/kmsan_instr.c:310
+ memchr+0xce/0x110 lib/string.c:981
+ string_is_valid net/tipc/netlink_compat.c:176 [inline]
+ tipc_nl_compat_bearer_disable+0x2a1/0x480 net/tipc/netlink_compat.c:449
+ __tipc_nl_compat_doit net/tipc/netlink_compat.c:327 [inline]
+ tipc_nl_compat_doit+0x3ac/0xb00 net/tipc/netlink_compat.c:360
+ tipc_nl_compat_handle net/tipc/netlink_compat.c:1178 [inline]
+ tipc_nl_compat_recv+0x1b1b/0x27b0 net/tipc/netlink_compat.c:1281
+
+TLV_GET_DATA_LEN() may return a negtive int value, which will be
+used as size_t (becoming a big unsigned long) passed into memchr,
+cause this issue.
+
+Similar to what it does in tipc_nl_compat_bearer_enable(), this
+fix is to return -EINVAL when TLV_GET_DATA_LEN() is negtive in
+tipc_nl_compat_bearer_disable(), as well as in
+tipc_nl_compat_link_stat_dump() and tipc_nl_compat_link_reset_stats().
+
+v1->v2:
+ - add the missing Fixes tags per Eric's request.
+
+Fixes: 0762216c0ad2 ("tipc: fix uninit-value in tipc_nl_compat_bearer_enable")
+Fixes: 8b66fee7f8ee ("tipc: fix uninit-value in tipc_nl_compat_link_reset_stats")
+Reported-by: syzbot+30eaa8bf392f7fafffaf@syzkaller.appspotmail.com
+Signed-off-by: Xin Long <lucien.xin@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/tipc/netlink_compat.c | 18 +++++++++++++++---
+ 1 file changed, 15 insertions(+), 3 deletions(-)
+
+--- a/net/tipc/netlink_compat.c
++++ b/net/tipc/netlink_compat.c
+@@ -445,7 +445,11 @@ static int tipc_nl_compat_bearer_disable
+ if (!bearer)
+ return -EMSGSIZE;
+
+- len = min_t(int, TLV_GET_DATA_LEN(msg->req), TIPC_MAX_BEARER_NAME);
++ len = TLV_GET_DATA_LEN(msg->req);
++ if (len <= 0)
++ return -EINVAL;
++
++ len = min_t(int, len, TIPC_MAX_BEARER_NAME);
+ if (!string_is_valid(name, len))
+ return -EINVAL;
+
+@@ -537,7 +541,11 @@ static int tipc_nl_compat_link_stat_dump
+
+ name = (char *)TLV_DATA(msg->req);
+
+- len = min_t(int, TLV_GET_DATA_LEN(msg->req), TIPC_MAX_LINK_NAME);
++ len = TLV_GET_DATA_LEN(msg->req);
++ if (len <= 0)
++ return -EINVAL;
++
++ len = min_t(int, len, TIPC_MAX_BEARER_NAME);
+ if (!string_is_valid(name, len))
+ return -EINVAL;
+
+@@ -815,7 +823,11 @@ static int tipc_nl_compat_link_reset_sta
+ if (!link)
+ return -EMSGSIZE;
+
+- len = min_t(int, TLV_GET_DATA_LEN(msg->req), TIPC_MAX_LINK_NAME);
++ len = TLV_GET_DATA_LEN(msg->req);
++ if (len <= 0)
++ return -EINVAL;
++
++ len = min_t(int, len, TIPC_MAX_BEARER_NAME);
+ if (!string_is_valid(name, len))
+ return -EINVAL;
+
--- /dev/null
+From foo@baz Tue 02 Jul 2019 06:09:00 AM CEST
+From: Fei Li <lifei.shirley@bytedance.com>
+Date: Mon, 17 Jun 2019 21:26:36 +0800
+Subject: tun: wake up waitqueues after IFF_UP is set
+
+From: Fei Li <lifei.shirley@bytedance.com>
+
+[ Upstream commit 72b319dc08b4924a29f5e2560ef6d966fa54c429 ]
+
+Currently after setting tap0 link up, the tun code wakes tx/rx waited
+queues up in tun_net_open() when .ndo_open() is called, however the
+IFF_UP flag has not been set yet. If there's already a wait queue, it
+would fail to transmit when checking the IFF_UP flag in tun_sendmsg().
+Then the saving vhost_poll_start() will add the wq into wqh until it
+is waken up again. Although this works when IFF_UP flag has been set
+when tun_chr_poll detects; this is not true if IFF_UP flag has not
+been set at that time. Sadly the latter case is a fatal error, as
+the wq will never be waken up in future unless later manually
+setting link up on purpose.
+
+Fix this by moving the wakeup process into the NETDEV_UP event
+notifying process, this makes sure IFF_UP has been set before all
+waited queues been waken up.
+
+Signed-off-by: Fei Li <lifei.shirley@bytedance.com>
+Acked-by: Jason Wang <jasowang@redhat.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/tun.c | 19 +++++++++----------
+ 1 file changed, 9 insertions(+), 10 deletions(-)
+
+--- a/drivers/net/tun.c
++++ b/drivers/net/tun.c
+@@ -1024,18 +1024,8 @@ static void tun_net_uninit(struct net_de
+ /* Net device open. */
+ static int tun_net_open(struct net_device *dev)
+ {
+- struct tun_struct *tun = netdev_priv(dev);
+- int i;
+-
+ netif_tx_start_all_queues(dev);
+
+- for (i = 0; i < tun->numqueues; i++) {
+- struct tun_file *tfile;
+-
+- tfile = rtnl_dereference(tun->tfiles[i]);
+- tfile->socket.sk->sk_write_space(tfile->socket.sk);
+- }
+-
+ return 0;
+ }
+
+@@ -3636,6 +3626,7 @@ static int tun_device_event(struct notif
+ {
+ struct net_device *dev = netdev_notifier_info_to_dev(ptr);
+ struct tun_struct *tun = netdev_priv(dev);
++ int i;
+
+ if (dev->rtnl_link_ops != &tun_link_ops)
+ return NOTIFY_DONE;
+@@ -3645,6 +3636,14 @@ static int tun_device_event(struct notif
+ if (tun_queue_resize(tun))
+ return NOTIFY_BAD;
+ break;
++ case NETDEV_UP:
++ for (i = 0; i < tun->numqueues; i++) {
++ struct tun_file *tfile;
++
++ tfile = rtnl_dereference(tun->tfiles[i]);
++ tfile->socket.sk->sk_write_space(tfile->socket.sk);
++ }
++ break;
+ default:
+ break;
+ }
projects / thirdparty / kernel / stable-queue.git / commitdiff
