--- /dev/null
+From foo@baz Thu 02 Apr 2020 10:21:59 PM CEST
+From: Qian Cai <cai@lca.pw>
+Date: Wed, 25 Mar 2020 18:01:00 -0400
+Subject: ipv4: fix a RCU-list lock in fib_triestat_seq_show
+
+From: Qian Cai <cai@lca.pw>
+
+[ Upstream commit fbe4e0c1b298b4665ee6915266c9d6c5b934ef4a ]
+
+fib_triestat_seq_show() calls hlist_for_each_entry_rcu(tb, head,
+tb_hlist) without rcu_read_lock() will trigger a warning,
+
+ net/ipv4/fib_trie.c:2579 RCU-list traversed in non-reader section!!
+
+ other info that might help us debug this:
+
+ rcu_scheduler_active = 2, debug_locks = 1
+ 1 lock held by proc01/115277:
+ #0: c0000014507acf00 (&p->lock){+.+.}-{3:3}, at: seq_read+0x58/0x670
+
+ Call Trace:
+ dump_stack+0xf4/0x164 (unreliable)
+ lockdep_rcu_suspicious+0x140/0x164
+ fib_triestat_seq_show+0x750/0x880
+ seq_read+0x1a0/0x670
+ proc_reg_read+0x10c/0x1b0
+ __vfs_read+0x3c/0x70
+ vfs_read+0xac/0x170
+ ksys_read+0x7c/0x140
+ system_call+0x5c/0x68
+
+Fix it by adding a pair of rcu_read_lock/unlock() and use
+cond_resched_rcu() to avoid the situation where walking of a large
+number of items may prevent scheduling for a long time.
+
+Signed-off-by: Qian Cai <cai@lca.pw>
+Reviewed-by: Eric Dumazet <edumazet@google.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv4/fib_trie.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/net/ipv4/fib_trie.c
++++ b/net/ipv4/fib_trie.c
+@@ -2577,6 +2577,7 @@ static int fib_triestat_seq_show(struct
+ " %zd bytes, size of tnode: %zd bytes.\n",
+ LEAF_SIZE, TNODE_SIZE(0));
+
++ rcu_read_lock();
+ for (h = 0; h < FIB_TABLE_HASHSZ; h++) {
+ struct hlist_head *head = &net->ipv4.fib_table_hash[h];
+ struct fib_table *tb;
+@@ -2596,7 +2597,9 @@ static int fib_triestat_seq_show(struct
+ trie_show_usage(seq, t->stats);
+ #endif
+ }
++ cond_resched_rcu();
+ }
++ rcu_read_unlock();
+
+ return 0;
+ }
--- /dev/null
+From foo@baz Thu 02 Apr 2020 10:21:59 PM CEST
+From: Codrin Ciubotariu <codrin.ciubotariu@microchip.com>
+Date: Tue, 31 Mar 2020 12:36:51 +0300
+Subject: net: dsa: ksz: Select KSZ protocol tag
+
+From: Codrin Ciubotariu <codrin.ciubotariu@microchip.com>
+
+[ Upstream commit f772148eb757b0823fbfdc2fe592d5e06c7f19b0 ]
+
+KSZ protocol tag is needed by the KSZ DSA drivers.
+
+Fixes: 0b9f9dfbfab4 ("dsa: Allow tag drivers to be built as modules")
+Tested-by: Cristian Birsan <cristian.birsan@microchip.com>
+Signed-off-by: Codrin Ciubotariu <codrin.ciubotariu@microchip.com>
+Reviewed-by: Andrew Lunn <andrew@lunn.ch>
+Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/dsa/microchip/Kconfig | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/net/dsa/microchip/Kconfig
++++ b/drivers/net/dsa/microchip/Kconfig
+@@ -1,5 +1,6 @@
+ # SPDX-License-Identifier: GPL-2.0-only
+ config NET_DSA_MICROCHIP_KSZ_COMMON
++ select NET_DSA_TAG_KSZ
+ tristate
+
+ menuconfig NET_DSA_MICROCHIP_KSZ9477
--- /dev/null
+From foo@baz Thu 02 Apr 2020 10:21:59 PM CEST
+From: Florian Westphal <fw@strlen.de>
+Date: Mon, 30 Mar 2020 18:51:29 +0200
+Subject: net: fix fraglist segmentation reference count leak
+
+From: Florian Westphal <fw@strlen.de>
+
+[ Upstream commit cf673ed0e057a2dd68d930c6d7e30d53c70c5789 ]
+
+Xin Long says:
+ On udp rx path udp_rcv_segment() may do segment where the frag skbs
+ will get the header copied from the head skb in skb_segment_list()
+ by calling __copy_skb_header(), which could overwrite the frag skbs'
+ extensions by __skb_ext_copy() and cause a leak.
+
+ This issue was found after loading esp_offload where a sec path ext
+ is set in the skb.
+
+Fix this by discarding head state of the fraglist skb before replacing
+its contents.
+
+Fixes: 3a1296a38d0cf62 ("net: Support GRO/GSO fraglist chaining.")
+Cc: Steffen Klassert <steffen.klassert@secunet.com>
+Reported-by: Xiumei Mu <xmu@redhat.com>
+Tested-by: Xin Long <lucien.xin@gmail.com>
+Signed-off-by: Florian Westphal <fw@strlen.de>
+Acked-by: Steffen Klassert <steffen.klassert@secunet.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/core/skbuff.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/net/core/skbuff.c
++++ b/net/core/skbuff.c
+@@ -3668,6 +3668,7 @@ struct sk_buff *skb_segment_list(struct
+
+ skb_push(nskb, -skb_network_offset(nskb) + offset);
+
++ skb_release_head_state(nskb);
+ __copy_skb_header(nskb, skb);
+
+ skb_headers_offset_update(nskb, skb_headroom(nskb) - skb_headroom(skb));
--- /dev/null
+From foo@baz Thu 02 Apr 2020 10:21:59 PM CEST
+From: William Dauchy <w.dauchy@criteo.com>
+Date: Fri, 27 Mar 2020 19:56:39 +0100
+Subject: net, ip_tunnel: fix interface lookup with no key
+
+From: William Dauchy <w.dauchy@criteo.com>
+
+[ Upstream commit 25629fdaff2ff509dd0b3f5ff93d70a75e79e0a1 ]
+
+when creating a new ipip interface with no local/remote configuration,
+the lookup is done with TUNNEL_NO_KEY flag, making it impossible to
+match the new interface (only possible match being fallback or metada
+case interface); e.g: `ip link add tunl1 type ipip dev eth0`
+
+To fix this case, adding a flag check before the key comparison so we
+permit to match an interface with no local/remote config; it also avoids
+breaking possible userland tools relying on TUNNEL_NO_KEY flag and
+uninitialised key.
+
+context being on my side, I'm creating an extra ipip interface attached
+to the physical one, and moving it to a dedicated namespace.
+
+Fixes: c54419321455 ("GRE: Refactor GRE tunneling code.")
+Signed-off-by: William Dauchy <w.dauchy@criteo.com>
+Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv4/ip_tunnel.c | 6 +-----
+ 1 file changed, 1 insertion(+), 5 deletions(-)
+
+--- a/net/ipv4/ip_tunnel.c
++++ b/net/ipv4/ip_tunnel.c
+@@ -142,11 +142,8 @@ struct ip_tunnel *ip_tunnel_lookup(struc
+ cand = t;
+ }
+
+- if (flags & TUNNEL_NO_KEY)
+- goto skip_key_lookup;
+-
+ hlist_for_each_entry_rcu(t, head, hash_node) {
+- if (t->parms.i_key != key ||
++ if ((!(flags & TUNNEL_NO_KEY) && t->parms.i_key != key) ||
+ t->parms.iph.saddr != 0 ||
+ t->parms.iph.daddr != 0 ||
+ !(t->dev->flags & IFF_UP))
+@@ -158,7 +155,6 @@ struct ip_tunnel *ip_tunnel_lookup(struc
+ cand = t;
+ }
+
+-skip_key_lookup:
+ if (cand)
+ return cand;
+
--- /dev/null
+From foo@baz Thu 02 Apr 2020 10:21:59 PM CEST
+From: Codrin Ciubotariu <codrin.ciubotariu@microchip.com>
+Date: Tue, 31 Mar 2020 12:39:35 +0300
+Subject: net: macb: Fix handling of fixed-link node
+
+From: Codrin Ciubotariu <codrin.ciubotariu@microchip.com>
+
+[ Upstream commit 79540d133ed6f65a37dacb54b7a704cc8a24c52d ]
+
+fixed-link nodes are treated as PHY nodes by of_mdiobus_child_is_phy().
+We must check if the interface is a fixed-link before looking up for PHY
+nodes.
+
+Fixes: 7897b071ac3b ("net: macb: convert to phylink")
+Tested-by: Cristian Birsan <cristian.birsan@microchip.com>
+Signed-off-by: Codrin Ciubotariu <codrin.ciubotariu@microchip.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/cadence/macb_main.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/drivers/net/ethernet/cadence/macb_main.c
++++ b/drivers/net/ethernet/cadence/macb_main.c
+@@ -724,6 +724,9 @@ static int macb_mdiobus_register(struct
+ {
+ struct device_node *child, *np = bp->pdev->dev.of_node;
+
++ if (of_phy_is_fixed_link(np))
++ return mdiobus_register(bp->mii_bus);
++
+ /* Only create the PHY from the device tree if at least one PHY is
+ * described. Otherwise scan the entire MDIO bus. We do this to support
+ * old device tree that did not follow the best practices and did not
--- /dev/null
+From foo@baz Thu 02 Apr 2020 10:21:59 PM CEST
+From: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
+Date: Thu, 26 Mar 2020 20:47:46 -0300
+Subject: sctp: fix possibly using a bad saddr with a given dst
+
+From: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
+
+[ Upstream commit 582eea230536a6f104097dd46205822005d5fe3a ]
+
+Under certain circumstances, depending on the order of addresses on the
+interfaces, it could be that sctp_v[46]_get_dst() would return a dst
+with a mismatched struct flowi.
+
+For example, if when walking through the bind addresses and the first
+one is not a match, it saves the dst as a fallback (added in
+410f03831c07), but not the flowi. Then if the next one is also not a
+match, the previous dst will be returned but with the flowi information
+for the 2nd address, which is wrong.
+
+The fix is to use a locally stored flowi that can be used for such
+attempts, and copy it to the parameter only in case it is a possible
+match, together with the corresponding dst entry.
+
+The patch updates IPv6 code mostly just to be in sync. Even though the issue
+is also present there, it fallback is not expected to work with IPv6.
+
+Fixes: 410f03831c07 ("sctp: add routing output fallback")
+Reported-by: Jin Meng <meng.a.jin@nokia-sbell.com>
+Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
+Tested-by: Xin Long <lucien.xin@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/sctp/ipv6.c | 20 ++++++++++++++------
+ net/sctp/protocol.c | 28 +++++++++++++++++++---------
+ 2 files changed, 33 insertions(+), 15 deletions(-)
+
+--- a/net/sctp/ipv6.c
++++ b/net/sctp/ipv6.c
+@@ -228,7 +228,8 @@ static void sctp_v6_get_dst(struct sctp_
+ {
+ struct sctp_association *asoc = t->asoc;
+ struct dst_entry *dst = NULL;
+- struct flowi6 *fl6 = &fl->u.ip6;
++ struct flowi _fl;
++ struct flowi6 *fl6 = &_fl.u.ip6;
+ struct sctp_bind_addr *bp;
+ struct ipv6_pinfo *np = inet6_sk(sk);
+ struct sctp_sockaddr_entry *laddr;
+@@ -238,7 +239,7 @@ static void sctp_v6_get_dst(struct sctp_
+ enum sctp_scope scope;
+ __u8 matchlen = 0;
+
+- memset(fl6, 0, sizeof(struct flowi6));
++ memset(&_fl, 0, sizeof(_fl));
+ fl6->daddr = daddr->v6.sin6_addr;
+ fl6->fl6_dport = daddr->v6.sin6_port;
+ fl6->flowi6_proto = IPPROTO_SCTP;
+@@ -276,8 +277,11 @@ static void sctp_v6_get_dst(struct sctp_
+ rcu_read_unlock();
+
+ dst = ip6_dst_lookup_flow(sock_net(sk), sk, fl6, final_p);
+- if (!asoc || saddr)
++ if (!asoc || saddr) {
++ t->dst = dst;
++ memcpy(fl, &_fl, sizeof(_fl));
+ goto out;
++ }
+
+ bp = &asoc->base.bind_addr;
+ scope = sctp_scope(daddr);
+@@ -300,6 +304,8 @@ static void sctp_v6_get_dst(struct sctp_
+ if ((laddr->a.sa.sa_family == AF_INET6) &&
+ (sctp_v6_cmp_addr(&dst_saddr, &laddr->a))) {
+ rcu_read_unlock();
++ t->dst = dst;
++ memcpy(fl, &_fl, sizeof(_fl));
+ goto out;
+ }
+ }
+@@ -338,6 +344,8 @@ static void sctp_v6_get_dst(struct sctp_
+ if (!IS_ERR_OR_NULL(dst))
+ dst_release(dst);
+ dst = bdst;
++ t->dst = dst;
++ memcpy(fl, &_fl, sizeof(_fl));
+ break;
+ }
+
+@@ -351,6 +359,8 @@ static void sctp_v6_get_dst(struct sctp_
+ dst_release(dst);
+ dst = bdst;
+ matchlen = bmatchlen;
++ t->dst = dst;
++ memcpy(fl, &_fl, sizeof(_fl));
+ }
+ rcu_read_unlock();
+
+@@ -359,14 +369,12 @@ out:
+ struct rt6_info *rt;
+
+ rt = (struct rt6_info *)dst;
+- t->dst = dst;
+ t->dst_cookie = rt6_get_cookie(rt);
+ pr_debug("rt6_dst:%pI6/%d rt6_src:%pI6\n",
+ &rt->rt6i_dst.addr, rt->rt6i_dst.plen,
+- &fl6->saddr);
++ &fl->u.ip6.saddr);
+ } else {
+ t->dst = NULL;
+-
+ pr_debug("no route\n");
+ }
+ }
+--- a/net/sctp/protocol.c
++++ b/net/sctp/protocol.c
+@@ -409,7 +409,8 @@ static void sctp_v4_get_dst(struct sctp_
+ {
+ struct sctp_association *asoc = t->asoc;
+ struct rtable *rt;
+- struct flowi4 *fl4 = &fl->u.ip4;
++ struct flowi _fl;
++ struct flowi4 *fl4 = &_fl.u.ip4;
+ struct sctp_bind_addr *bp;
+ struct sctp_sockaddr_entry *laddr;
+ struct dst_entry *dst = NULL;
+@@ -419,7 +420,7 @@ static void sctp_v4_get_dst(struct sctp_
+
+ if (t->dscp & SCTP_DSCP_SET_MASK)
+ tos = t->dscp & SCTP_DSCP_VAL_MASK;
+- memset(fl4, 0x0, sizeof(struct flowi4));
++ memset(&_fl, 0x0, sizeof(_fl));
+ fl4->daddr = daddr->v4.sin_addr.s_addr;
+ fl4->fl4_dport = daddr->v4.sin_port;
+ fl4->flowi4_proto = IPPROTO_SCTP;
+@@ -438,8 +439,11 @@ static void sctp_v4_get_dst(struct sctp_
+ &fl4->saddr);
+
+ rt = ip_route_output_key(sock_net(sk), fl4);
+- if (!IS_ERR(rt))
++ if (!IS_ERR(rt)) {
+ dst = &rt->dst;
++ t->dst = dst;
++ memcpy(fl, &_fl, sizeof(_fl));
++ }
+
+ /* If there is no association or if a source address is passed, no
+ * more validation is required.
+@@ -502,27 +506,33 @@ static void sctp_v4_get_dst(struct sctp_
+ odev = __ip_dev_find(sock_net(sk), laddr->a.v4.sin_addr.s_addr,
+ false);
+ if (!odev || odev->ifindex != fl4->flowi4_oif) {
+- if (!dst)
++ if (!dst) {
+ dst = &rt->dst;
+- else
++ t->dst = dst;
++ memcpy(fl, &_fl, sizeof(_fl));
++ } else {
+ dst_release(&rt->dst);
++ }
+ continue;
+ }
+
+ dst_release(dst);
+ dst = &rt->dst;
++ t->dst = dst;
++ memcpy(fl, &_fl, sizeof(_fl));
+ break;
+ }
+
+ out_unlock:
+ rcu_read_unlock();
+ out:
+- t->dst = dst;
+- if (dst)
++ if (dst) {
+ pr_debug("rt_dst:%pI4, rt_src:%pI4\n",
+- &fl4->daddr, &fl4->saddr);
+- else
++ &fl->u.ip4.daddr, &fl->u.ip4.saddr);
++ } else {
++ t->dst = NULL;
+ pr_debug("no route\n");
++ }
+ }
+
+ /* For v4, the source address is cached in the route entry(dst). So no need
--- /dev/null
+From foo@baz Thu 02 Apr 2020 10:21:59 PM CEST
+From: Qiujun Huang <hqjagain@gmail.com>
+Date: Fri, 27 Mar 2020 11:07:51 +0800
+Subject: sctp: fix refcount bug in sctp_wfree
+
+From: Qiujun Huang <hqjagain@gmail.com>
+
+[ Upstream commit 5c3e82fe159622e46e91458c1a6509c321a62820 ]
+
+We should iterate over the datamsgs to move
+all chunks(skbs) to newsk.
+
+The following case cause the bug:
+for the trouble SKB, it was in outq->transmitted list
+
+sctp_outq_sack
+ sctp_check_transmitted
+ SKB was moved to outq->sacked list
+ then throw away the sack queue
+ SKB was deleted from outq->sacked
+(but it was held by datamsg at sctp_datamsg_to_asoc
+So, sctp_wfree was not called here)
+
+then migrate happened
+
+ sctp_for_each_tx_datachunk(
+ sctp_clear_owner_w);
+ sctp_assoc_migrate();
+ sctp_for_each_tx_datachunk(
+ sctp_set_owner_w);
+SKB was not in the outq, and was not changed to newsk
+
+finally
+
+__sctp_outq_teardown
+ sctp_chunk_put (for another skb)
+ sctp_datamsg_put
+ __kfree_skb(msg->frag_list)
+ sctp_wfree (for SKB)
+ SKB->sk was still oldsk (skb->sk != asoc->base.sk).
+
+Reported-and-tested-by: syzbot+cea71eec5d6de256d54d@syzkaller.appspotmail.com
+Signed-off-by: Qiujun Huang <hqjagain@gmail.com>
+Acked-by: Marcelo Ricardo Leitner <mleitner@redhat.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/sctp/socket.c | 31 +++++++++++++++++++++++--------
+ 1 file changed, 23 insertions(+), 8 deletions(-)
+
+--- a/net/sctp/socket.c
++++ b/net/sctp/socket.c
+@@ -147,29 +147,44 @@ static void sctp_clear_owner_w(struct sc
+ skb_orphan(chunk->skb);
+ }
+
++#define traverse_and_process() \
++do { \
++ msg = chunk->msg; \
++ if (msg == prev_msg) \
++ continue; \
++ list_for_each_entry(c, &msg->chunks, frag_list) { \
++ if ((clear && asoc->base.sk == c->skb->sk) || \
++ (!clear && asoc->base.sk != c->skb->sk)) \
++ cb(c); \
++ } \
++ prev_msg = msg; \
++} while (0)
++
+ static void sctp_for_each_tx_datachunk(struct sctp_association *asoc,
++ bool clear,
+ void (*cb)(struct sctp_chunk *))
+
+ {
++ struct sctp_datamsg *msg, *prev_msg = NULL;
+ struct sctp_outq *q = &asoc->outqueue;
++ struct sctp_chunk *chunk, *c;
+ struct sctp_transport *t;
+- struct sctp_chunk *chunk;
+
+ list_for_each_entry(t, &asoc->peer.transport_addr_list, transports)
+ list_for_each_entry(chunk, &t->transmitted, transmitted_list)
+- cb(chunk);
++ traverse_and_process();
+
+ list_for_each_entry(chunk, &q->retransmit, transmitted_list)
+- cb(chunk);
++ traverse_and_process();
+
+ list_for_each_entry(chunk, &q->sacked, transmitted_list)
+- cb(chunk);
++ traverse_and_process();
+
+ list_for_each_entry(chunk, &q->abandoned, transmitted_list)
+- cb(chunk);
++ traverse_and_process();
+
+ list_for_each_entry(chunk, &q->out_chunk_list, list)
+- cb(chunk);
++ traverse_and_process();
+ }
+
+ static void sctp_for_each_rx_skb(struct sctp_association *asoc, struct sock *sk,
+@@ -9574,9 +9589,9 @@ static int sctp_sock_migrate(struct sock
+ * paths won't try to lock it and then oldsk.
+ */
+ lock_sock_nested(newsk, SINGLE_DEPTH_NESTING);
+- sctp_for_each_tx_datachunk(assoc, sctp_clear_owner_w);
++ sctp_for_each_tx_datachunk(assoc, true, sctp_clear_owner_w);
+ sctp_assoc_migrate(assoc, newsk);
+- sctp_for_each_tx_datachunk(assoc, sctp_set_owner_w);
++ sctp_for_each_tx_datachunk(assoc, false, sctp_set_owner_w);
+
+ /* If the association on the newsk is already closed before accept()
+ * is called, set RCV_SHUTDOWN flag.
--- /dev/null
+ipv4-fix-a-rcu-list-lock-in-fib_triestat_seq_show.patch
+net-dsa-ksz-select-ksz-protocol-tag.patch
+net-ip_tunnel-fix-interface-lookup-with-no-key.patch
+sctp-fix-possibly-using-a-bad-saddr-with-a-given-dst.patch
+sctp-fix-refcount-bug-in-sctp_wfree.patch
+net-macb-fix-handling-of-fixed-link-node.patch
+net-fix-fraglist-segmentation-reference-count-leak.patch
+udp-initialize-is_flist-with-0-in-udp_gro_receive.patch
--- /dev/null
+From foo@baz Thu 02 Apr 2020 10:21:59 PM CEST
+From: Xin Long <lucien.xin@gmail.com>
+Date: Mon, 30 Mar 2020 23:31:45 +0800
+Subject: udp: initialize is_flist with 0 in udp_gro_receive
+
+From: Xin Long <lucien.xin@gmail.com>
+
+[ Upstream commit bde1b56f898ca8112912d7b36e55e1543b3be0cf ]
+
+Without NAPI_GRO_CB(skb)->is_flist initialized, when the dev doesn't
+support NETIF_F_GRO_FRAGLIST, is_flist can still be set and fraglist
+will be used in udp_gro_receive().
+
+So fix it by initializing is_flist with 0 in udp_gro_receive.
+
+Fixes: 9fd1ff5d2ac7 ("udp: Support UDP fraglist GRO/GSO.")
+Signed-off-by: Xin Long <lucien.xin@gmail.com>
+Acked-by: Steffen Klassert <steffen.klassert@secunet.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv4/udp_offload.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/net/ipv4/udp_offload.c
++++ b/net/ipv4/udp_offload.c
+@@ -453,6 +453,7 @@ struct sk_buff *udp_gro_receive(struct l
+ unsigned int off = skb_gro_offset(skb);
+ int flush = 1;
+
++ NAPI_GRO_CB(skb)->is_flist = 0;
+ if (skb->dev->features & NETIF_F_GRO_FRAGLIST)
+ NAPI_GRO_CB(skb)->is_flist = sk ? !udp_sk(sk)->gro_enabled: 1;
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
