--- /dev/null
+From 3f19fee45b6029a3170e47b95acc14576e324e7f Mon Sep 17 00:00:00 2001
+From: Neil Horman <nhorman@tuxdriver.com>
+Date: Wed, 31 Jul 2013 09:03:56 -0400
+Subject: 8139cp: Add dma_mapping_error checking
+
+From: Neil Horman <nhorman@tuxdriver.com>
+
+[ Upstream commit cf3c4c03060b688cbc389ebc5065ebcce5653e96 ]
+
+Self explanitory dma_mapping_error addition to the 8139 driver, based on this:
+https://bugzilla.redhat.com/show_bug.cgi?id=947250
+
+It showed several backtraces arising for dma_map_* usage without checking the
+return code on the mapping. Add the check and abort the rx/tx operation if its
+failed. Untested as I have no hardware and the reporter has wandered off, but
+seems pretty straightforward.
+
+Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
+CC: "David S. Miller" <davem@davemloft.net>
+CC: Francois Romieu <romieu@fr.zoreil.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/realtek/8139cp.c | 48 +++++++++++++++++++++++++++++++---
+ 1 file changed, 45 insertions(+), 3 deletions(-)
+
+--- a/drivers/net/ethernet/realtek/8139cp.c
++++ b/drivers/net/ethernet/realtek/8139cp.c
+@@ -478,7 +478,7 @@ rx_status_loop:
+
+ while (1) {
+ u32 status, len;
+- dma_addr_t mapping;
++ dma_addr_t mapping, new_mapping;
+ struct sk_buff *skb, *new_skb;
+ struct cp_desc *desc;
+ const unsigned buflen = cp->rx_buf_sz;
+@@ -520,6 +520,13 @@ rx_status_loop:
+ goto rx_next;
+ }
+
++ new_mapping = dma_map_single(&cp->pdev->dev, new_skb->data, buflen,
++ PCI_DMA_FROMDEVICE);
++ if (dma_mapping_error(&cp->pdev->dev, new_mapping)) {
++ dev->stats.rx_dropped++;
++ goto rx_next;
++ }
++
+ dma_unmap_single(&cp->pdev->dev, mapping,
+ buflen, PCI_DMA_FROMDEVICE);
+
+@@ -531,12 +538,11 @@ rx_status_loop:
+
+ skb_put(skb, len);
+
+- mapping = dma_map_single(&cp->pdev->dev, new_skb->data, buflen,
+- PCI_DMA_FROMDEVICE);
+ cp->rx_skb[rx_tail] = new_skb;
+
+ cp_rx_skb(cp, skb, desc);
+ rx++;
++ mapping = new_mapping;
+
+ rx_next:
+ cp->rx_ring[rx_tail].opts2 = 0;
+@@ -704,6 +710,22 @@ static inline u32 cp_tx_vlan_tag(struct
+ TxVlanTag | swab16(vlan_tx_tag_get(skb)) : 0x00;
+ }
+
++static void unwind_tx_frag_mapping(struct cp_private *cp, struct sk_buff *skb,
++ int first, int entry_last)
++{
++ int frag, index;
++ struct cp_desc *txd;
++ skb_frag_t *this_frag;
++ for (frag = 0; frag+first < entry_last; frag++) {
++ index = first+frag;
++ cp->tx_skb[index] = NULL;
++ txd = &cp->tx_ring[index];
++ this_frag = &skb_shinfo(skb)->frags[frag];
++ dma_unmap_single(&cp->pdev->dev, le64_to_cpu(txd->addr),
++ skb_frag_size(this_frag), PCI_DMA_TODEVICE);
++ }
++}
++
+ static netdev_tx_t cp_start_xmit (struct sk_buff *skb,
+ struct net_device *dev)
+ {
+@@ -737,6 +759,9 @@ static netdev_tx_t cp_start_xmit (struct
+
+ len = skb->len;
+ mapping = dma_map_single(&cp->pdev->dev, skb->data, len, PCI_DMA_TODEVICE);
++ if (dma_mapping_error(&cp->pdev->dev, mapping))
++ goto out_dma_error;
++
+ txd->opts2 = opts2;
+ txd->addr = cpu_to_le64(mapping);
+ wmb();
+@@ -774,6 +799,9 @@ static netdev_tx_t cp_start_xmit (struct
+ first_len = skb_headlen(skb);
+ first_mapping = dma_map_single(&cp->pdev->dev, skb->data,
+ first_len, PCI_DMA_TODEVICE);
++ if (dma_mapping_error(&cp->pdev->dev, first_mapping))
++ goto out_dma_error;
++
+ cp->tx_skb[entry] = skb;
+ entry = NEXT_TX(entry);
+
+@@ -787,6 +815,11 @@ static netdev_tx_t cp_start_xmit (struct
+ mapping = dma_map_single(&cp->pdev->dev,
+ skb_frag_address(this_frag),
+ len, PCI_DMA_TODEVICE);
++ if (dma_mapping_error(&cp->pdev->dev, mapping)) {
++ unwind_tx_frag_mapping(cp, skb, first_entry, entry);
++ goto out_dma_error;
++ }
++
+ eor = (entry == (CP_TX_RING_SIZE - 1)) ? RingEnd : 0;
+
+ ctrl = eor | len | DescOwn;
+@@ -845,11 +878,16 @@ static netdev_tx_t cp_start_xmit (struct
+ if (TX_BUFFS_AVAIL(cp) <= (MAX_SKB_FRAGS + 1))
+ netif_stop_queue(dev);
+
++out_unlock:
+ spin_unlock_irqrestore(&cp->lock, intr_flags);
+
+ cpw8(TxPoll, NormalTxPoll);
+
+ return NETDEV_TX_OK;
++out_dma_error:
++ kfree_skb(skb);
++ cp->dev->stats.tx_dropped++;
++ goto out_unlock;
+ }
+
+ /* Set or clear the multicast filter for this adaptor.
+@@ -1020,6 +1058,10 @@ static int cp_refill_rx(struct cp_privat
+
+ mapping = dma_map_single(&cp->pdev->dev, skb->data,
+ cp->rx_buf_sz, PCI_DMA_FROMDEVICE);
++ if (dma_mapping_error(&cp->pdev->dev, mapping)) {
++ kfree_skb(skb);
++ goto err_out;
++ }
+ cp->rx_skb[i] = skb;
+
+ cp->rx_ring[i].opts2 = 0;
--- /dev/null
+From 9aaadae247d2e9b40c2789df3ad9835572392430 Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Sun, 28 Jul 2013 23:04:45 +0300
+Subject: af_key: more info leaks in pfkey messages
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+[ Upstream commit ff862a4668dd6dba962b1d2d8bd344afa6375683 ]
+
+This is inspired by a5cc68f3d6 "af_key: fix info leaks in notify
+messages". There are some struct members which don't get initialized
+and could disclose small amounts of private information.
+
+Acked-by: Mathias Krause <minipli@googlemail.com>
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Acked-by: Steffen Klassert <steffen.klassert@secunet.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/key/af_key.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/net/key/af_key.c
++++ b/net/key/af_key.c
+@@ -2073,6 +2073,7 @@ static int pfkey_xfrm_policy2msg(struct
+ pol->sadb_x_policy_type = IPSEC_POLICY_NONE;
+ }
+ pol->sadb_x_policy_dir = dir+1;
++ pol->sadb_x_policy_reserved = 0;
+ pol->sadb_x_policy_id = xp->index;
+ pol->sadb_x_policy_priority = xp->priority;
+
+@@ -3108,7 +3109,9 @@ static int pfkey_send_acquire(struct xfr
+ pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
+ pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC;
+ pol->sadb_x_policy_dir = dir+1;
++ pol->sadb_x_policy_reserved = 0;
+ pol->sadb_x_policy_id = xp->index;
++ pol->sadb_x_policy_priority = xp->priority;
+
+ /* Set sadb_comb's. */
+ if (x->id.proto == IPPROTO_AH)
+@@ -3496,6 +3499,7 @@ static int pfkey_send_migrate(const stru
+ pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
+ pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC;
+ pol->sadb_x_policy_dir = dir + 1;
++ pol->sadb_x_policy_reserved = 0;
+ pol->sadb_x_policy_id = 0;
+ pol->sadb_x_policy_priority = 0;
+
--- /dev/null
+From 6cfeae5b588dc7ab14b0d9ed404fcc8ab50c9403 Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Fri, 19 Jul 2013 08:48:05 +0300
+Subject: arcnet: cleanup sizeof parameter
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+[ Upstream commit 087d273caf4f7d3f2159256f255f1f432bc84a5b ]
+
+This patch doesn't change the compiled code because ARC_HDR_SIZE is 4
+and sizeof(int) is 4, but the intent was to use the header size and not
+the sizeof the header size.
+
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/arcnet/arcnet.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/net/arcnet/arcnet.c
++++ b/drivers/net/arcnet/arcnet.c
+@@ -1007,7 +1007,7 @@ static void arcnet_rx(struct net_device
+
+ soft = &pkt.soft.rfc1201;
+
+- lp->hw.copy_from_card(dev, bufnum, 0, &pkt, sizeof(ARC_HDR_SIZE));
++ lp->hw.copy_from_card(dev, bufnum, 0, &pkt, ARC_HDR_SIZE);
+ if (pkt.hard.offset[0]) {
+ ofs = pkt.hard.offset[0];
+ length = 256 - ofs;
--- /dev/null
+From 92c0c8831ae20201cf1019d88d3e355f38586795 Mon Sep 17 00:00:00 2001
+From: Hannes Frederic Sowa <hannes@stressinduktion.org>
+Date: Mon, 22 Jul 2013 23:45:53 +0200
+Subject: ipv6: take rtnl_lock and mark mrt6 table as freed on namespace cleanup
+
+From: Hannes Frederic Sowa <hannes@stressinduktion.org>
+
+[ Upstream commit 905a6f96a1b18e490a75f810d733ced93c39b0e5 ]
+
+Otherwise we end up dereferencing the already freed net->ipv6.mrt pointer
+which leads to a panic (from Srivatsa S. Bhat):
+
+BUG: unable to handle kernel paging request at ffff882018552020
+IP: [<ffffffffa0366b02>] ip6mr_sk_done+0x32/0xb0 [ipv6]
+PGD 290a067 PUD 207ffe0067 PMD 207ff1d067 PTE 8000002018552060
+Oops: 0000 [#1] SMP DEBUG_PAGEALLOC
+Modules linked in: ebtable_nat ebtables nfs fscache nf_conntrack_ipv4 nf_defrag_ipv4 ipt_REJECT xt_CHECKSUM iptable_mangle iptable_filter ip_tables nfsd lockd nfs_acl exportfs auth_rpcgss autofs4 sunrpc 8021q garp bridge stp llc ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 xt_state nf_conntrack ip6table_filter
++ip6_tables ipv6 vfat fat vhost_net macvtap macvlan vhost tun kvm_intel kvm uinput iTCO_wdt iTCO_vendor_support cdc_ether usbnet mii microcode i2c_i801 i2c_core lpc_ich mfd_core shpchp ioatdma dca mlx4_core be2net wmi acpi_cpufreq mperf ext4 jbd2 mbcache dm_mirror dm_region_hash dm_log dm_mod
+CPU: 0 PID: 7 Comm: kworker/u33:0 Not tainted 3.11.0-rc1-ea45e-a #4
+Hardware name: IBM -[8737R2A]-/00Y2738, BIOS -[B2E120RUS-1.20]- 11/30/2012
+Workqueue: netns cleanup_net
+task: ffff8810393641c0 ti: ffff881039366000 task.ti: ffff881039366000
+RIP: 0010:[<ffffffffa0366b02>] [<ffffffffa0366b02>] ip6mr_sk_done+0x32/0xb0 [ipv6]
+RSP: 0018:ffff881039367bd8 EFLAGS: 00010286
+RAX: ffff881039367fd8 RBX: ffff882018552000 RCX: dead000000200200
+RDX: 0000000000000000 RSI: ffff881039367b68 RDI: ffff881039367b68
+RBP: ffff881039367bf8 R08: ffff881039367b68 R09: 2222222222222222
+R10: 2222222222222222 R11: 2222222222222222 R12: ffff882015a7a040
+R13: ffff882014eb89c0 R14: ffff8820289e2800 R15: 0000000000000000
+FS: 0000000000000000(0000) GS:ffff88103fc00000(0000) knlGS:0000000000000000
+CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+CR2: ffff882018552020 CR3: 0000000001c0b000 CR4: 00000000000407f0
+Stack:
+ ffff881039367c18 ffff882014eb89c0 ffff882015e28c00 0000000000000000
+ ffff881039367c18 ffffffffa034d9d1 ffff8820289e2800 ffff882014eb89c0
+ ffff881039367c58 ffffffff815bdecb ffffffff815bddf2 ffff882014eb89c0
+Call Trace:
+ [<ffffffffa034d9d1>] rawv6_close+0x21/0x40 [ipv6]
+ [<ffffffff815bdecb>] inet_release+0xfb/0x220
+ [<ffffffff815bddf2>] ? inet_release+0x22/0x220
+ [<ffffffffa032686f>] inet6_release+0x3f/0x50 [ipv6]
+ [<ffffffff8151c1d9>] sock_release+0x29/0xa0
+ [<ffffffff81525520>] sk_release_kernel+0x30/0x70
+ [<ffffffffa034f14b>] icmpv6_sk_exit+0x3b/0x80 [ipv6]
+ [<ffffffff8152fff9>] ops_exit_list+0x39/0x60
+ [<ffffffff815306fb>] cleanup_net+0xfb/0x1a0
+ [<ffffffff81075e3a>] process_one_work+0x1da/0x610
+ [<ffffffff81075dc9>] ? process_one_work+0x169/0x610
+ [<ffffffff81076390>] worker_thread+0x120/0x3a0
+ [<ffffffff81076270>] ? process_one_work+0x610/0x610
+ [<ffffffff8107da2e>] kthread+0xee/0x100
+ [<ffffffff8107d940>] ? __init_kthread_worker+0x70/0x70
+ [<ffffffff8162a99c>] ret_from_fork+0x7c/0xb0
+ [<ffffffff8107d940>] ? __init_kthread_worker+0x70/0x70
+Code: 20 48 89 5d e8 4c 89 65 f0 4c 89 6d f8 66 66 66 66 90 4c 8b 67 30 49 89 fd e8 db 3c 1e e1 49 8b 9c 24 90 08 00 00 48 85 db 74 06 <4c> 39 6b 20 74 20 bb f3 ff ff ff e8 8e 3c 1e e1 89 d8 4c 8b 65
+RIP [<ffffffffa0366b02>] ip6mr_sk_done+0x32/0xb0 [ipv6]
+ RSP <ffff881039367bd8>
+CR2: ffff882018552020
+
+Reported-by: Srivatsa S. Bhat <srivatsa.bhat@linux.vnet.ibm.com>
+Tested-by: Srivatsa S. Bhat <srivatsa.bhat@linux.vnet.ibm.com>
+Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv6/ip6mr.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/net/ipv6/ip6mr.c
++++ b/net/ipv6/ip6mr.c
+@@ -256,10 +256,12 @@ static void __net_exit ip6mr_rules_exit(
+ {
+ struct mr6_table *mrt, *next;
+
++ rtnl_lock();
+ list_for_each_entry_safe(mrt, next, &net->ipv6.mr6_tables, list) {
+ list_del(&mrt->list);
+ ip6mr_free_table(mrt);
+ }
++ rtnl_unlock();
+ fib_rules_unregister(net->ipv6.mr6_rules_ops);
+ }
+ #else
+@@ -286,7 +288,10 @@ static int __net_init ip6mr_rules_init(s
+
+ static void __net_exit ip6mr_rules_exit(struct net *net)
+ {
++ rtnl_lock();
+ ip6mr_free_table(net->ipv6.mrt6);
++ net->ipv6.mrt6 = NULL;
++ rtnl_unlock();
+ }
+ #endif
+
--- /dev/null
+From c2d060e87513c4ceac4792df10959f93e41bf636 Mon Sep 17 00:00:00 2001
+From: "David S. Miller" <davem@davemloft.net>
+Date: Tue, 30 Jul 2013 00:16:21 -0700
+Subject: net_sched: Fix stack info leak in cbq_dump_wrr().
+
+From: "David S. Miller" <davem@davemloft.net>
+
+[ Upstream commit a0db856a95a29efb1c23db55c02d9f0ff4f0db48 ]
+
+Make sure the reserved fields, and padding (if any), are
+fully initialized.
+
+Based upon a patch by Dan Carpenter and feedback from
+Joe Perches.
+
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/sched/sch_cbq.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/net/sched/sch_cbq.c
++++ b/net/sched/sch_cbq.c
+@@ -1467,6 +1467,7 @@ static int cbq_dump_wrr(struct sk_buff *
+ unsigned char *b = skb_tail_pointer(skb);
+ struct tc_cbq_wrropt opt;
+
++ memset(&opt, 0, sizeof(opt));
+ opt.flags = 0;
+ opt.allot = cl->allot;
+ opt.priority = cl->priority + 1;
--- /dev/null
+From f484091fa2c1dcac6c4923ee0892fe35bd613ab6 Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Tue, 30 Jul 2013 13:23:39 +0300
+Subject: net_sched: info leak in atm_tc_dump_class()
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+[ Upstream commit 8cb3b9c3642c0263d48f31d525bcee7170eedc20 ]
+
+The "pvc" struct has a hole after pvc.sap_family which is not cleared.
+
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Reviewed-by: Jiri Pirko <jiri@resnulli.us>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/sched/sch_atm.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/net/sched/sch_atm.c
++++ b/net/sched/sch_atm.c
+@@ -606,6 +606,7 @@ static int atm_tc_dump_class(struct Qdis
+ struct sockaddr_atmpvc pvc;
+ int state;
+
++ memset(&pvc, 0, sizeof(pvc));
+ pvc.sap_family = AF_ATMPVC;
+ pvc.sap_addr.itf = flow->vcc->dev ? flow->vcc->dev->number : -1;
+ pvc.sap_addr.vpi = flow->vcc->vpi;
--- /dev/null
+From 06f8f3ad8197d1e9e7fe80d8f2df19265eade3f9 Mon Sep 17 00:00:00 2001
+From: Neil Horman <nhorman@tuxdriver.com>
+Date: Wed, 12 Jun 2013 14:26:44 -0400
+Subject: sctp: fully initialize sctp_outq in sctp_outq_init
+
+From: Neil Horman <nhorman@tuxdriver.com>
+
+[ Upstream commit c5c7774d7eb4397891edca9ebdf750ba90977a69 ]
+
+In commit 2f94aabd9f6c925d77aecb3ff020f1cc12ed8f86
+(refactor sctp_outq_teardown to insure proper re-initalization)
+we modified sctp_outq_teardown to use sctp_outq_init to fully re-initalize the
+outq structure. Steve West recently asked me why I removed the q->error = 0
+initalization from sctp_outq_teardown. I did so because I was operating under
+the impression that sctp_outq_init would properly initalize that value for us,
+but it doesn't. sctp_outq_init operates under the assumption that the outq
+struct is all 0's (as it is when called from sctp_association_init), but using
+it in __sctp_outq_teardown violates that assumption. We should do a memset in
+sctp_outq_init to ensure that the entire structure is in a known state there
+instead.
+
+Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
+Reported-by: "West, Steve (NSN - US/Fort Worth)" <steve.west@nsn.com>
+CC: Vlad Yasevich <vyasevich@gmail.com>
+CC: netdev@vger.kernel.org
+CC: davem@davemloft.net
+Acked-by: Vlad Yasevich <vyasevich@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/sctp/outqueue.c | 8 ++------
+ 1 file changed, 2 insertions(+), 6 deletions(-)
+
+--- a/net/sctp/outqueue.c
++++ b/net/sctp/outqueue.c
+@@ -205,6 +205,8 @@ static inline int sctp_cacc_skip(struct
+ */
+ void sctp_outq_init(struct sctp_association *asoc, struct sctp_outq *q)
+ {
++ memset(q, 0, sizeof(struct sctp_outq));
++
+ q->asoc = asoc;
+ INIT_LIST_HEAD(&q->out_chunk_list);
+ INIT_LIST_HEAD(&q->control_chunk_list);
+@@ -212,13 +214,7 @@ void sctp_outq_init(struct sctp_associat
+ INIT_LIST_HEAD(&q->sacked);
+ INIT_LIST_HEAD(&q->abandoned);
+
+- q->fast_rtx = 0;
+- q->outstanding_bytes = 0;
+ q->empty = 1;
+- q->cork = 0;
+-
+- q->malloced = 0;
+- q->out_qlen = 0;
+ }
+
+ /* Free the outqueue structure and any related pending chunks.
x86-fpu-correct-the-asm-constraints-for-fxsave-unbreak-mxcsr.daz.patch
drm-i915-quirk-no-pch_pwm_enable-for-dell-xps13-backlight.patch
perf-use-css_tryget-to-avoid-propping-up-css-refcount.patch
+arcnet-cleanup-sizeof-parameter.patch
+sysctl-net-keep-tcp_syn_retries-inside-the-boundary.patch
+sctp-fully-initialize-sctp_outq-in-sctp_outq_init.patch
+ipv6-take-rtnl_lock-and-mark-mrt6-table-as-freed-on-namespace-cleanup.patch
+usbnet-do-not-pretend-to-support-sg-tso.patch
+net_sched-fix-stack-info-leak-in-cbq_dump_wrr.patch
+af_key-more-info-leaks-in-pfkey-messages.patch
+net_sched-info-leak-in-atm_tc_dump_class.patch
+8139cp-add-dma_mapping_error-checking.patch
--- /dev/null
+From 9867786ec64adfff23fc71dd88dc71b9299629e9 Mon Sep 17 00:00:00 2001
+From: Michal Tesar <mtesar@redhat.com>
+Date: Fri, 19 Jul 2013 14:09:01 +0200
+Subject: sysctl net: Keep tcp_syn_retries inside the boundary
+
+From: Michal Tesar <mtesar@redhat.com>
+
+[ Upstream commit 651e92716aaae60fc41b9652f54cb6803896e0da ]
+
+Limit the min/max value passed to the
+/proc/sys/net/ipv4/tcp_syn_retries.
+
+Signed-off-by: Michal Tesar <mtesar@redhat.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv4/sysctl_net_ipv4.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+--- a/net/ipv4/sysctl_net_ipv4.c
++++ b/net/ipv4/sysctl_net_ipv4.c
+@@ -34,6 +34,8 @@ static int tcp_adv_win_scale_min = -31;
+ static int tcp_adv_win_scale_max = 31;
+ static int ip_ttl_min = 1;
+ static int ip_ttl_max = 255;
++static int tcp_syn_retries_min = 1;
++static int tcp_syn_retries_max = MAX_TCP_SYNCNT;
+ static int ip_ping_group_range_min[] = { 0, 0 };
+ static int ip_ping_group_range_max[] = { GID_T_MAX, GID_T_MAX };
+
+@@ -276,7 +278,9 @@ static struct ctl_table ipv4_table[] = {
+ .data = &sysctl_tcp_syn_retries,
+ .maxlen = sizeof(int),
+ .mode = 0644,
+- .proc_handler = proc_dointvec
++ .proc_handler = proc_dointvec_minmax,
++ .extra1 = &tcp_syn_retries_min,
++ .extra2 = &tcp_syn_retries_max
+ },
+ {
+ .procname = "tcp_synack_retries",
--- /dev/null
+From 9ee50cf7b0ac02b2c615517e1bacd6b8cbdcb7ea Mon Sep 17 00:00:00 2001
+From: Eric Dumazet <edumazet@google.com>
+Date: Tue, 23 Jul 2013 17:15:54 -0700
+Subject: usbnet: do not pretend to support SG/TSO
+
+From: Eric Dumazet <edumazet@google.com>
+
+[ Upstream commit 20f0170377264e8449b6987041f0bcc4d746d3ed ]
+
+usbnet doesn't support yet SG, so drivers should not advertise SG or TSO
+capabilities, as they allow TCP stack to build large TSO packets that
+need to be linearized and might use order-5 pages.
+
+This adds an extra copy overhead and possible allocation failures.
+
+Current code ignore skb_linearize() return code so crashes are even
+possible.
+
+Best is to not pretend SG/TSO is supported, and add this again when/if
+usbnet really supports SG for devices who could get a performance gain.
+
+Based on a prior patch from Freddy Xin <freddy@asix.com.tw>
+
+Signed-off-by: Eric Dumazet <edumazet@google.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/usb/smsc75xx.c | 12 +++---------
+ 1 file changed, 3 insertions(+), 9 deletions(-)
+
+--- a/drivers/net/usb/smsc75xx.c
++++ b/drivers/net/usb/smsc75xx.c
+@@ -43,7 +43,6 @@
+ #define EEPROM_MAC_OFFSET (0x01)
+ #define DEFAULT_TX_CSUM_ENABLE (true)
+ #define DEFAULT_RX_CSUM_ENABLE (true)
+-#define DEFAULT_TSO_ENABLE (true)
+ #define SMSC75XX_INTERNAL_PHY_ID (1)
+ #define SMSC75XX_TX_OVERHEAD (8)
+ #define MAX_RX_FIFO_SIZE (20 * 1024)
+@@ -1049,17 +1048,14 @@ static int smsc75xx_bind(struct usbnet *
+
+ INIT_WORK(&pdata->set_multicast, smsc75xx_deferred_multicast_write);
+
+- if (DEFAULT_TX_CSUM_ENABLE) {
++ if (DEFAULT_TX_CSUM_ENABLE)
+ dev->net->features |= NETIF_F_IP_CSUM | NETIF_F_IPV6_CSUM;
+- if (DEFAULT_TSO_ENABLE)
+- dev->net->features |= NETIF_F_SG |
+- NETIF_F_TSO | NETIF_F_TSO6;
+- }
++
+ if (DEFAULT_RX_CSUM_ENABLE)
+ dev->net->features |= NETIF_F_RXCSUM;
+
+ dev->net->hw_features = NETIF_F_IP_CSUM | NETIF_F_IPV6_CSUM |
+- NETIF_F_SG | NETIF_F_TSO | NETIF_F_TSO6 | NETIF_F_RXCSUM;
++ NETIF_F_RXCSUM;
+
+ /* Init all registers */
+ ret = smsc75xx_reset(dev);
+@@ -1184,8 +1180,6 @@ static struct sk_buff *smsc75xx_tx_fixup
+ {
+ u32 tx_cmd_a, tx_cmd_b;
+
+- skb_linearize(skb);
+-
+ if (skb_headroom(skb) < SMSC75XX_TX_OVERHEAD) {
+ struct sk_buff *skb2 =
+ skb_copy_expand(skb, SMSC75XX_TX_OVERHEAD, 0, flags);
projects / thirdparty / kernel / stable-queue.git / commitdiff
