--- /dev/null
+From foo@baz Wed Jun 18 20:31:04 PDT 2014
+From: Dmitry Popov <ixaphire@qrator.net>
+Date: Fri, 6 Jun 2014 23:19:21 +0400
+Subject: ipip, sit: fix ipv4_{update_pmtu,redirect} calls
+
+From: Dmitry Popov <ixaphire@qrator.net>
+
+[ Upstream commit 2346829e641b804ece9ac9298136b56d9567c278 ]
+
+ipv4_{update_pmtu,redirect} were called with tunnel's ifindex (t->dev is a
+tunnel netdevice). It caused wrong route lookup and failure of pmtu update or
+redirect. We should use the same ifindex that we use in ip_route_output_* in
+*tunnel_xmit code. It is t->parms.link .
+
+Signed-off-by: Dmitry Popov <ixaphire@qrator.net>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv4/ipip.c | 4 ++--
+ net/ipv6/sit.c | 4 ++--
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+--- a/net/ipv4/ipip.c
++++ b/net/ipv4/ipip.c
+@@ -149,13 +149,13 @@ static int ipip_err(struct sk_buff *skb,
+
+ if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) {
+ ipv4_update_pmtu(skb, dev_net(skb->dev), info,
+- t->dev->ifindex, 0, IPPROTO_IPIP, 0);
++ t->parms.link, 0, IPPROTO_IPIP, 0);
+ err = 0;
+ goto out;
+ }
+
+ if (type == ICMP_REDIRECT) {
+- ipv4_redirect(skb, dev_net(skb->dev), t->dev->ifindex, 0,
++ ipv4_redirect(skb, dev_net(skb->dev), t->parms.link, 0,
+ IPPROTO_IPIP, 0);
+ err = 0;
+ goto out;
+--- a/net/ipv6/sit.c
++++ b/net/ipv6/sit.c
+@@ -560,12 +560,12 @@ static int ipip6_err(struct sk_buff *skb
+
+ if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) {
+ ipv4_update_pmtu(skb, dev_net(skb->dev), info,
+- t->dev->ifindex, 0, IPPROTO_IPV6, 0);
++ t->parms.link, 0, IPPROTO_IPV6, 0);
+ err = 0;
+ goto out;
+ }
+ if (type == ICMP_REDIRECT) {
+- ipv4_redirect(skb, dev_net(skb->dev), t->dev->ifindex, 0,
++ ipv4_redirect(skb, dev_net(skb->dev), t->parms.link, 0,
+ IPPROTO_IPV6, 0);
+ err = 0;
+ goto out;
--- /dev/null
+From foo@baz Wed Jun 18 20:31:04 PDT 2014
+From: Eric Dumazet <edumazet@google.com>
+Date: Tue, 10 Jun 2014 06:43:01 -0700
+Subject: ipv4: fix a race in ip4_datagram_release_cb()
+
+From: Eric Dumazet <edumazet@google.com>
+
+[ Upstream commit 9709674e68646cee5a24e3000b3558d25412203a ]
+
+Alexey gave a AddressSanitizer[1] report that finally gave a good hint
+at where was the origin of various problems already reported by Dormando
+in the past [2]
+
+Problem comes from the fact that UDP can have a lockless TX path, and
+concurrent threads can manipulate sk_dst_cache, while another thread,
+is holding socket lock and calls __sk_dst_set() in
+ip4_datagram_release_cb() (this was added in linux-3.8)
+
+It seems that all we need to do is to use sk_dst_check() and
+sk_dst_set() so that all the writers hold same spinlock
+(sk->sk_dst_lock) to prevent corruptions.
+
+TCP stack do not need this protection, as all sk_dst_cache writers hold
+the socket lock.
+
+[1]
+https://code.google.com/p/address-sanitizer/wiki/AddressSanitizerForKernel
+
+AddressSanitizer: heap-use-after-free in ipv4_dst_check
+Read of size 2 by thread T15453:
+ [<ffffffff817daa3a>] ipv4_dst_check+0x1a/0x90 ./net/ipv4/route.c:1116
+ [<ffffffff8175b789>] __sk_dst_check+0x89/0xe0 ./net/core/sock.c:531
+ [<ffffffff81830a36>] ip4_datagram_release_cb+0x46/0x390 ??:0
+ [<ffffffff8175eaea>] release_sock+0x17a/0x230 ./net/core/sock.c:2413
+ [<ffffffff81830882>] ip4_datagram_connect+0x462/0x5d0 ??:0
+ [<ffffffff81846d06>] inet_dgram_connect+0x76/0xd0 ./net/ipv4/af_inet.c:534
+ [<ffffffff817580ac>] SYSC_connect+0x15c/0x1c0 ./net/socket.c:1701
+ [<ffffffff817596ce>] SyS_connect+0xe/0x10 ./net/socket.c:1682
+ [<ffffffff818b0a29>] system_call_fastpath+0x16/0x1b
+./arch/x86/kernel/entry_64.S:629
+
+Freed by thread T15455:
+ [<ffffffff8178d9b8>] dst_destroy+0xa8/0x160 ./net/core/dst.c:251
+ [<ffffffff8178de25>] dst_release+0x45/0x80 ./net/core/dst.c:280
+ [<ffffffff818304c1>] ip4_datagram_connect+0xa1/0x5d0 ??:0
+ [<ffffffff81846d06>] inet_dgram_connect+0x76/0xd0 ./net/ipv4/af_inet.c:534
+ [<ffffffff817580ac>] SYSC_connect+0x15c/0x1c0 ./net/socket.c:1701
+ [<ffffffff817596ce>] SyS_connect+0xe/0x10 ./net/socket.c:1682
+ [<ffffffff818b0a29>] system_call_fastpath+0x16/0x1b
+./arch/x86/kernel/entry_64.S:629
+
+Allocated by thread T15453:
+ [<ffffffff8178d291>] dst_alloc+0x81/0x2b0 ./net/core/dst.c:171
+ [<ffffffff817db3b7>] rt_dst_alloc+0x47/0x50 ./net/ipv4/route.c:1406
+ [< inlined >] __ip_route_output_key+0x3e8/0xf70
+__mkroute_output ./net/ipv4/route.c:1939
+ [<ffffffff817dde08>] __ip_route_output_key+0x3e8/0xf70 ./net/ipv4/route.c:2161
+ [<ffffffff817deb34>] ip_route_output_flow+0x14/0x30 ./net/ipv4/route.c:2249
+ [<ffffffff81830737>] ip4_datagram_connect+0x317/0x5d0 ??:0
+ [<ffffffff81846d06>] inet_dgram_connect+0x76/0xd0 ./net/ipv4/af_inet.c:534
+ [<ffffffff817580ac>] SYSC_connect+0x15c/0x1c0 ./net/socket.c:1701
+ [<ffffffff817596ce>] SyS_connect+0xe/0x10 ./net/socket.c:1682
+ [<ffffffff818b0a29>] system_call_fastpath+0x16/0x1b
+./arch/x86/kernel/entry_64.S:629
+
+[2]
+<4>[196727.311203] general protection fault: 0000 [#1] SMP
+<4>[196727.311224] Modules linked in: xt_TEE xt_dscp xt_DSCP macvlan bridge coretemp crc32_pclmul ghash_clmulni_intel gpio_ich microcode ipmi_watchdog ipmi_devintf sb_edac edac_core lpc_ich mfd_core tpm_tis tpm tpm_bios ipmi_si ipmi_msghandler isci igb libsas i2c_algo_bit ixgbe ptp pps_core mdio
+<4>[196727.311333] CPU: 17 PID: 0 Comm: swapper/17 Not tainted 3.10.26 #1
+<4>[196727.311344] Hardware name: Supermicro X9DRi-LN4+/X9DR3-LN4+/X9DRi-LN4+/X9DR3-LN4+, BIOS 3.0 07/05/2013
+<4>[196727.311364] task: ffff885e6f069700 ti: ffff885e6f072000 task.ti: ffff885e6f072000
+<4>[196727.311377] RIP: 0010:[<ffffffff815f8c7f>] [<ffffffff815f8c7f>] ipv4_dst_destroy+0x4f/0x80
+<4>[196727.311399] RSP: 0018:ffff885effd23a70 EFLAGS: 00010282
+<4>[196727.311409] RAX: dead000000200200 RBX: ffff8854c398ecc0 RCX: 0000000000000040
+<4>[196727.311423] RDX: dead000000100100 RSI: dead000000100100 RDI: dead000000200200
+<4>[196727.311437] RBP: ffff885effd23a80 R08: ffffffff815fd9e0 R09: ffff885d5a590800
+<4>[196727.311451] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
+<4>[196727.311464] R13: ffffffff81c8c280 R14: 0000000000000000 R15: ffff880e85ee16ce
+<4>[196727.311510] FS: 0000000000000000(0000) GS:ffff885effd20000(0000) knlGS:0000000000000000
+<4>[196727.311554] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+<4>[196727.311581] CR2: 00007a46751eb000 CR3: 0000005e65688000 CR4: 00000000000407e0
+<4>[196727.311625] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+<4>[196727.311669] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
+<4>[196727.311713] Stack:
+<4>[196727.311733] ffff8854c398ecc0 ffff8854c398ecc0 ffff885effd23ab0 ffffffff815b7f42
+<4>[196727.311784] ffff88be6595bc00 ffff8854c398ecc0 0000000000000000 ffff8854c398ecc0
+<4>[196727.311834] ffff885effd23ad0 ffffffff815b86c6 ffff885d5a590800 ffff8816827821c0
+<4>[196727.311885] Call Trace:
+<4>[196727.311907] <IRQ>
+<4>[196727.311912] [<ffffffff815b7f42>] dst_destroy+0x32/0xe0
+<4>[196727.311959] [<ffffffff815b86c6>] dst_release+0x56/0x80
+<4>[196727.311986] [<ffffffff81620bd5>] tcp_v4_do_rcv+0x2a5/0x4a0
+<4>[196727.312013] [<ffffffff81622b5a>] tcp_v4_rcv+0x7da/0x820
+<4>[196727.312041] [<ffffffff815fd9e0>] ? ip_rcv_finish+0x360/0x360
+<4>[196727.312070] [<ffffffff815de02d>] ? nf_hook_slow+0x7d/0x150
+<4>[196727.312097] [<ffffffff815fd9e0>] ? ip_rcv_finish+0x360/0x360
+<4>[196727.312125] [<ffffffff815fda92>] ip_local_deliver_finish+0xb2/0x230
+<4>[196727.312154] [<ffffffff815fdd9a>] ip_local_deliver+0x4a/0x90
+<4>[196727.312183] [<ffffffff815fd799>] ip_rcv_finish+0x119/0x360
+<4>[196727.312212] [<ffffffff815fe00b>] ip_rcv+0x22b/0x340
+<4>[196727.312242] [<ffffffffa0339680>] ? macvlan_broadcast+0x160/0x160 [macvlan]
+<4>[196727.312275] [<ffffffff815b0c62>] __netif_receive_skb_core+0x512/0x640
+<4>[196727.312308] [<ffffffff811427fb>] ? kmem_cache_alloc+0x13b/0x150
+<4>[196727.312338] [<ffffffff815b0db1>] __netif_receive_skb+0x21/0x70
+<4>[196727.312368] [<ffffffff815b0fa1>] netif_receive_skb+0x31/0xa0
+<4>[196727.312397] [<ffffffff815b1ae8>] napi_gro_receive+0xe8/0x140
+<4>[196727.312433] [<ffffffffa00274f1>] ixgbe_poll+0x551/0x11f0 [ixgbe]
+<4>[196727.312463] [<ffffffff815fe00b>] ? ip_rcv+0x22b/0x340
+<4>[196727.312491] [<ffffffff815b1691>] net_rx_action+0x111/0x210
+<4>[196727.312521] [<ffffffff815b0db1>] ? __netif_receive_skb+0x21/0x70
+<4>[196727.312552] [<ffffffff810519d0>] __do_softirq+0xd0/0x270
+<4>[196727.312583] [<ffffffff816cef3c>] call_softirq+0x1c/0x30
+<4>[196727.312613] [<ffffffff81004205>] do_softirq+0x55/0x90
+<4>[196727.312640] [<ffffffff81051c85>] irq_exit+0x55/0x60
+<4>[196727.312668] [<ffffffff816cf5c3>] do_IRQ+0x63/0xe0
+<4>[196727.312696] [<ffffffff816c5aaa>] common_interrupt+0x6a/0x6a
+<4>[196727.312722] <EOI>
+<1>[196727.313071] RIP [<ffffffff815f8c7f>] ipv4_dst_destroy+0x4f/0x80
+<4>[196727.313100] RSP <ffff885effd23a70>
+<4>[196727.313377] ---[ end trace 64b3f14fae0f2e29 ]---
+<0>[196727.380908] Kernel panic - not syncing: Fatal exception in interrupt
+
+Reported-by: Alexey Preobrazhensky <preobr@google.com>
+Reported-by: dormando <dormando@rydia.ne>
+Signed-off-by: Eric Dumazet <edumazet@google.com>
+Fixes: 8141ed9fcedb2 ("ipv4: Add a socket release callback for datagram sockets")
+Cc: Steffen Klassert <steffen.klassert@secunet.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv4/datagram.c | 20 +++++++++++++++-----
+ 1 file changed, 15 insertions(+), 5 deletions(-)
+
+--- a/net/ipv4/datagram.c
++++ b/net/ipv4/datagram.c
+@@ -86,18 +86,26 @@ out:
+ }
+ EXPORT_SYMBOL(ip4_datagram_connect);
+
++/* Because UDP xmit path can manipulate sk_dst_cache without holding
++ * socket lock, we need to use sk_dst_set() here,
++ * even if we own the socket lock.
++ */
+ void ip4_datagram_release_cb(struct sock *sk)
+ {
+ const struct inet_sock *inet = inet_sk(sk);
+ const struct ip_options_rcu *inet_opt;
+ __be32 daddr = inet->inet_daddr;
++ struct dst_entry *dst;
+ struct flowi4 fl4;
+ struct rtable *rt;
+
+- if (! __sk_dst_get(sk) || __sk_dst_check(sk, 0))
+- return;
+-
+ rcu_read_lock();
++
++ dst = __sk_dst_get(sk);
++ if (!dst || !dst->obsolete || dst->ops->check(dst, 0)) {
++ rcu_read_unlock();
++ return;
++ }
+ inet_opt = rcu_dereference(inet->inet_opt);
+ if (inet_opt && inet_opt->opt.srr)
+ daddr = inet_opt->opt.faddr;
+@@ -105,8 +113,10 @@ void ip4_datagram_release_cb(struct sock
+ inet->inet_saddr, inet->inet_dport,
+ inet->inet_sport, sk->sk_protocol,
+ RT_CONN_FLAGS(sk), sk->sk_bound_dev_if);
+- if (!IS_ERR(rt))
+- __sk_dst_set(sk, &rt->dst);
++
++ dst = !IS_ERR(rt) ? &rt->dst : NULL;
++ sk_dst_set(sk, dst);
++
+ rcu_read_unlock();
+ }
+ EXPORT_SYMBOL_GPL(ip4_datagram_release_cb);
--- /dev/null
+From foo@baz Wed Jun 18 20:31:04 PDT 2014
+From: Sven Wegener <sven.wegener@stealer.net>
+Date: Thu, 29 May 2014 20:27:05 +0000
+Subject: ipv6: Fix regression caused by efe4208 in
+ udp_v6_mcast_next()
+
+From: Sven Wegener <sven.wegener@stealer.net>
+
+[ Upstream commit 3bfdc59a6c24608ed23e903f670aaf5f58c7a6f3 ]
+
+Commit efe4208 ("ipv6: make lookups simpler and faster") introduced a
+regression in udp_v6_mcast_next(), resulting in multicast packets not
+reaching the destination sockets under certain conditions.
+
+The packet's IPv6 addresses are wrongly compared to the IPv6 addresses
+from the function's socket argument, which indicates the starting point
+for looping, instead of the loop variable. If the addresses from the
+first socket do not match the packet's addresses, no socket in the list
+will match.
+
+Signed-off-by: Sven Wegener <sven.wegener@stealer.net>
+Acked-by: Eric Dumazet <edumazet@google.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv6/udp.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+--- a/net/ipv6/udp.c
++++ b/net/ipv6/udp.c
+@@ -716,15 +716,15 @@ static struct sock *udp_v6_mcast_next(st
+ if (inet->inet_dport != rmt_port)
+ continue;
+ }
+- if (!ipv6_addr_any(&sk->sk_v6_daddr) &&
+- !ipv6_addr_equal(&sk->sk_v6_daddr, rmt_addr))
++ if (!ipv6_addr_any(&s->sk_v6_daddr) &&
++ !ipv6_addr_equal(&s->sk_v6_daddr, rmt_addr))
+ continue;
+
+ if (s->sk_bound_dev_if && s->sk_bound_dev_if != dif)
+ continue;
+
+- if (!ipv6_addr_any(&sk->sk_v6_rcv_saddr)) {
+- if (!ipv6_addr_equal(&sk->sk_v6_rcv_saddr, loc_addr))
++ if (!ipv6_addr_any(&s->sk_v6_rcv_saddr)) {
++ if (!ipv6_addr_equal(&s->sk_v6_rcv_saddr, loc_addr))
+ continue;
+ }
+ if (!inet6_mc_check(s, loc_addr, rmt_addr))
--- /dev/null
+From foo@baz Wed Jun 18 20:31:04 PDT 2014
+From: Alexei Starovoitov <ast@plumgrid.com>
+Date: Fri, 6 Jun 2014 08:35:59 -0700
+Subject: net: filter: fix sparc32 typo
+
+From: Alexei Starovoitov <ast@plumgrid.com>
+
+[ Upstream commit 588f5d629b3369aba88f52217d1c473a28fa7723 ]
+
+Fixes: 569810d1e327 ("net: filter: fix typo in sparc BPF JIT")
+Signed-off-by: Alexei Starovoitov <ast@plumgrid.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/sparc/net/bpf_jit_comp.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/sparc/net/bpf_jit_comp.c
++++ b/arch/sparc/net/bpf_jit_comp.c
+@@ -85,7 +85,7 @@ static void bpf_flush_icache(void *start
+ #ifdef CONFIG_SPARC64
+ #define BE_PTR (F2(0, 1) | CONDE | (2 << 20))
+ #else
+-#define BE_PTR BNE
++#define BE_PTR BE
+ #endif
+
+ #define SETHI(K, REG) \
--- /dev/null
+From foo@baz Wed Jun 18 20:31:04 PDT 2014
+From: Alexei Starovoitov <ast@plumgrid.com>
+Date: Thu, 5 Jun 2014 22:47:44 -0700
+Subject: net: filter: fix typo in sparc BPF JIT
+
+From: Alexei Starovoitov <ast@plumgrid.com>
+
+[ Upstream commit 569810d1e3278907264f5b115281fca3f0038d53 ]
+
+fix typo in sparc codegen for SKF_AD_IFINDEX and SKF_AD_HATYPE
+classic BPF extensions
+
+Fixes: 2809a2087cc4 ("net: filter: Just In Time compiler for sparc")
+Signed-off-by: Alexei Starovoitov <ast@plumgrid.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/sparc/net/bpf_jit_comp.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+--- a/arch/sparc/net/bpf_jit_comp.c
++++ b/arch/sparc/net/bpf_jit_comp.c
+@@ -83,9 +83,9 @@ static void bpf_flush_icache(void *start
+ #define BNE (F2(0, 2) | CONDNE)
+
+ #ifdef CONFIG_SPARC64
+-#define BNE_PTR (F2(0, 1) | CONDNE | (2 << 20))
++#define BE_PTR (F2(0, 1) | CONDE | (2 << 20))
+ #else
+-#define BNE_PTR BNE
++#define BE_PTR BNE
+ #endif
+
+ #define SETHI(K, REG) \
+@@ -600,7 +600,7 @@ void bpf_jit_compile(struct sk_filter *f
+ case BPF_S_ANC_IFINDEX:
+ emit_skb_loadptr(dev, r_A);
+ emit_cmpi(r_A, 0);
+- emit_branch(BNE_PTR, cleanup_addr + 4);
++ emit_branch(BE_PTR, cleanup_addr + 4);
+ emit_nop();
+ emit_load32(r_A, struct net_device, ifindex, r_A);
+ break;
+@@ -613,7 +613,7 @@ void bpf_jit_compile(struct sk_filter *f
+ case BPF_S_ANC_HATYPE:
+ emit_skb_loadptr(dev, r_A);
+ emit_cmpi(r_A, 0);
+- emit_branch(BNE_PTR, cleanup_addr + 4);
++ emit_branch(BE_PTR, cleanup_addr + 4);
+ emit_nop();
+ emit_load16(r_A, struct net_device, type, r_A);
+ break;
--- /dev/null
+From foo@baz Wed Jun 18 20:31:04 PDT 2014
+From: Eric Dumazet <edumazet@google.com>
+Date: Fri, 6 Jun 2014 06:44:03 -0700
+Subject: net: force a list_del() in unregister_netdevice_many()
+
+From: Eric Dumazet <edumazet@google.com>
+
+[ Upstream commit 87757a917b0b3c0787e0563c679762152be81312 ]
+
+unregister_netdevice_many() API is error prone and we had too
+many bugs because of dangling LIST_HEAD on stacks.
+
+See commit f87e6f47933e3e ("net: dont leave active on stack LIST_HEAD")
+
+In fact, instead of making sure no caller leaves an active list_head,
+just force a list_del() in the callee. No one seems to need to access
+the list after unregister_netdevice_many()
+
+Signed-off-by: Eric Dumazet <edumazet@google.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/macvlan.c | 1 -
+ net/core/dev.c | 5 ++++-
+ net/core/rtnetlink.c | 1 -
+ net/mac80211/iface.c | 1 -
+ 4 files changed, 4 insertions(+), 4 deletions(-)
+
+--- a/drivers/net/macvlan.c
++++ b/drivers/net/macvlan.c
+@@ -1036,7 +1036,6 @@ static int macvlan_device_event(struct n
+ list_for_each_entry_safe(vlan, next, &port->vlans, list)
+ vlan->dev->rtnl_link_ops->dellink(vlan->dev, &list_kill);
+ unregister_netdevice_many(&list_kill);
+- list_del(&list_kill);
+ break;
+ case NETDEV_PRE_TYPE_CHANGE:
+ /* Forbid underlaying device to change its type. */
+--- a/net/core/dev.c
++++ b/net/core/dev.c
+@@ -6613,6 +6613,9 @@ EXPORT_SYMBOL(unregister_netdevice_queue
+ /**
+ * unregister_netdevice_many - unregister many devices
+ * @head: list of devices
++ *
++ * Note: As most callers use a stack allocated list_head,
++ * we force a list_del() to make sure stack wont be corrupted later.
+ */
+ void unregister_netdevice_many(struct list_head *head)
+ {
+@@ -6622,6 +6625,7 @@ void unregister_netdevice_many(struct li
+ rollback_registered_many(head);
+ list_for_each_entry(dev, head, unreg_list)
+ net_set_todo(dev);
++ list_del(head);
+ }
+ }
+ EXPORT_SYMBOL(unregister_netdevice_many);
+@@ -7077,7 +7081,6 @@ static void __net_exit default_device_ex
+ }
+ }
+ unregister_netdevice_many(&dev_kill_list);
+- list_del(&dev_kill_list);
+ rtnl_unlock();
+ }
+
+--- a/net/core/rtnetlink.c
++++ b/net/core/rtnetlink.c
+@@ -1744,7 +1744,6 @@ static int rtnl_dellink(struct sk_buff *
+
+ ops->dellink(dev, &list_kill);
+ unregister_netdevice_many(&list_kill);
+- list_del(&list_kill);
+ return 0;
+ }
+
+--- a/net/mac80211/iface.c
++++ b/net/mac80211/iface.c
+@@ -1758,7 +1758,6 @@ void ieee80211_remove_interfaces(struct
+ }
+ mutex_unlock(&local->iflist_mtx);
+ unregister_netdevice_many(&unreg_list);
+- list_del(&unreg_list);
+
+ list_for_each_entry_safe(sdata, tmp, &wdev_list, list) {
+ list_del(&sdata->list);
--- /dev/null
+From foo@baz Wed Jun 18 20:31:04 PDT 2014
+From: =?UTF-8?q?Bj=C3=B8rn=20Mork?= <bjorn@mork.no>
+Date: Fri, 6 Jun 2014 17:27:59 +0200
+Subject: net: qmi_wwan: add Olivetti Olicard modems
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: =?UTF-8?q?Bj=C3=B8rn=20Mork?= <bjorn@mork.no>
+
+[ Upstream commit ba6de0f5304ccdc45ae260e7e0feb6e0ef2dd558 ]
+
+Lars writes: "I'm only 99% sure that the net interfaces are qmi
+interfaces, nothing to lose by adding them in my opinion."
+
+And I tend to agree based on the similarity with the two Olicard
+modems we already have here.
+
+Reported-by: Lars Melin <larsm17@gmail.com>
+Signed-off-by: Bjørn Mork <bjorn@mork.no>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/usb/qmi_wwan.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+--- a/drivers/net/usb/qmi_wwan.c
++++ b/drivers/net/usb/qmi_wwan.c
+@@ -763,7 +763,12 @@ static const struct usb_device_id produc
+ {QMI_FIXED_INTF(0x2357, 0x9000, 4)}, /* TP-LINK MA260 */
+ {QMI_FIXED_INTF(0x1bc7, 0x1200, 5)}, /* Telit LE920 */
+ {QMI_FIXED_INTF(0x1bc7, 0x1201, 2)}, /* Telit LE920 */
+- {QMI_FIXED_INTF(0x0b3c, 0xc005, 6)}, /* Olivetti Olicard 200 */
++ {QMI_FIXED_INTF(0x0b3c, 0xc000, 4)}, /* Olivetti Olicard 100 */
++ {QMI_FIXED_INTF(0x0b3c, 0xc001, 4)}, /* Olivetti Olicard 120 */
++ {QMI_FIXED_INTF(0x0b3c, 0xc002, 4)}, /* Olivetti Olicard 140 */
++ {QMI_FIXED_INTF(0x0b3c, 0xc004, 6)}, /* Olivetti Olicard 155 */
++ {QMI_FIXED_INTF(0x0b3c, 0xc005, 6)}, /* Olivetti Olicard 200 */
++ {QMI_FIXED_INTF(0x0b3c, 0xc00a, 6)}, /* Olivetti Olicard 160 */
+ {QMI_FIXED_INTF(0x0b3c, 0xc00b, 4)}, /* Olivetti Olicard 500 */
+ {QMI_FIXED_INTF(0x1e2d, 0x0060, 4)}, /* Cinterion PLxx */
+ {QMI_FIXED_INTF(0x1e2d, 0x0053, 4)}, /* Cinterion PHxx,PXxx */
--- /dev/null
+From foo@baz Wed Jun 18 20:31:04 PDT 2014
+From: Tom Gundersen <teg@jklm.no>
+Date: Thu, 15 May 2014 23:21:30 +0200
+Subject: net: tunnels - enable module autoloading
+
+From: Tom Gundersen <teg@jklm.no>
+
+[ Upstream commit f98f89a0104454f35a62d681683c844f6dbf4043 ]
+
+Enable the module alias hookup to allow tunnel modules to be autoloaded on demand.
+
+This is in line with how most other netdev kinds work, and will allow userspace
+to create tunnels without having CAP_SYS_MODULE.
+
+Signed-off-by: Tom Gundersen <teg@jklm.no>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv4/ipip.c | 1 +
+ net/ipv6/ip6_tunnel.c | 1 +
+ net/ipv6/sit.c | 1 +
+ 3 files changed, 3 insertions(+)
+
+--- a/net/ipv4/ipip.c
++++ b/net/ipv4/ipip.c
+@@ -486,4 +486,5 @@ static void __exit ipip_fini(void)
+ module_init(ipip_init);
+ module_exit(ipip_fini);
+ MODULE_LICENSE("GPL");
++MODULE_ALIAS_RTNL_LINK("ipip");
+ MODULE_ALIAS_NETDEV("tunl0");
+--- a/net/ipv6/ip6_tunnel.c
++++ b/net/ipv6/ip6_tunnel.c
+@@ -61,6 +61,7 @@
+ MODULE_AUTHOR("Ville Nuorvala");
+ MODULE_DESCRIPTION("IPv6 tunneling device");
+ MODULE_LICENSE("GPL");
++MODULE_ALIAS_RTNL_LINK("ip6tnl");
+ MODULE_ALIAS_NETDEV("ip6tnl0");
+
+ #ifdef IP6_TNL_DEBUG
+--- a/net/ipv6/sit.c
++++ b/net/ipv6/sit.c
+@@ -1828,4 +1828,5 @@ xfrm_tunnel_failed:
+ module_init(sit_init);
+ module_exit(sit_cleanup);
+ MODULE_LICENSE("GPL");
++MODULE_ALIAS_RTNL_LINK("sit");
+ MODULE_ALIAS_NETDEV("sit0");
--- /dev/null
+From foo@baz Wed Jun 18 20:31:04 PDT 2014
+From: Michal Schmidt <mschmidt@redhat.com>
+Date: Wed, 28 May 2014 14:15:19 +0200
+Subject: rtnetlink: fix userspace API breakage for iproute2 <
+ v3.9.0
+
+From: Michal Schmidt <mschmidt@redhat.com>
+
+[ Upstream commit e5eca6d41f53db48edd8cf88a3f59d2c30227f8e ]
+
+When running RHEL6 userspace on a current upstream kernel, "ip link"
+fails to show VF information.
+
+The reason is a kernel<->userspace API change introduced by commit
+88c5b5ce5cb57 ("rtnetlink: Call nlmsg_parse() with correct header length"),
+after which the kernel does not see iproute2's IFLA_EXT_MASK attribute
+in the netlink request.
+
+iproute2 adjusted for the API change in its commit 63338dca4513
+("libnetlink: Use ifinfomsg instead of rtgenmsg in rtnl_wilddump_req_filter").
+
+The problem has been noticed before:
+http://marc.info/?l=linux-netdev&m=136692296022182&w=2
+(Subject: Re: getting VF link info seems to be broken in 3.9-rc8)
+
+We can do better than tell those with old userspace to upgrade. We can
+recognize the old iproute2 in the kernel by checking the netlink message
+length. Even when including the IFLA_EXT_MASK attribute, its netlink
+message is shorter than struct ifinfomsg.
+
+With this patch "ip link" shows VF information in both old and new
+iproute2 versions.
+
+Signed-off-by: Michal Schmidt <mschmidt@redhat.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/core/rtnetlink.c | 22 ++++++++++++++++++----
+ 1 file changed, 18 insertions(+), 4 deletions(-)
+
+--- a/net/core/rtnetlink.c
++++ b/net/core/rtnetlink.c
+@@ -1234,6 +1234,7 @@ static int rtnl_dump_ifinfo(struct sk_bu
+ struct nlattr *tb[IFLA_MAX+1];
+ u32 ext_filter_mask = 0;
+ int err;
++ int hdrlen;
+
+ s_h = cb->args[0];
+ s_idx = cb->args[1];
+@@ -1241,8 +1242,17 @@ static int rtnl_dump_ifinfo(struct sk_bu
+ rcu_read_lock();
+ cb->seq = net->dev_base_seq;
+
+- if (nlmsg_parse(cb->nlh, sizeof(struct ifinfomsg), tb, IFLA_MAX,
+- ifla_policy) >= 0) {
++ /* A hack to preserve kernel<->userspace interface.
++ * The correct header is ifinfomsg. It is consistent with rtnl_getlink.
++ * However, before Linux v3.9 the code here assumed rtgenmsg and that's
++ * what iproute2 < v3.9.0 used.
++ * We can detect the old iproute2. Even including the IFLA_EXT_MASK
++ * attribute, its netlink message is shorter than struct ifinfomsg.
++ */
++ hdrlen = nlmsg_len(cb->nlh) < sizeof(struct ifinfomsg) ?
++ sizeof(struct rtgenmsg) : sizeof(struct ifinfomsg);
++
++ if (nlmsg_parse(cb->nlh, hdrlen, tb, IFLA_MAX, ifla_policy) >= 0) {
+
+ if (tb[IFLA_EXT_MASK])
+ ext_filter_mask = nla_get_u32(tb[IFLA_EXT_MASK]);
+@@ -2094,9 +2104,13 @@ static u16 rtnl_calcit(struct sk_buff *s
+ struct nlattr *tb[IFLA_MAX+1];
+ u32 ext_filter_mask = 0;
+ u16 min_ifinfo_dump_size = 0;
++ int hdrlen;
++
++ /* Same kernel<->userspace interface hack as in rtnl_dump_ifinfo. */
++ hdrlen = nlmsg_len(nlh) < sizeof(struct ifinfomsg) ?
++ sizeof(struct rtgenmsg) : sizeof(struct ifinfomsg);
+
+- if (nlmsg_parse(nlh, sizeof(struct ifinfomsg), tb, IFLA_MAX,
+- ifla_policy) >= 0) {
++ if (nlmsg_parse(nlh, hdrlen, tb, IFLA_MAX, ifla_policy) >= 0) {
+ if (tb[IFLA_EXT_MASK])
+ ext_filter_mask = nla_get_u32(tb[IFLA_EXT_MASK]);
+ }
--- /dev/null
+From foo@baz Wed Jun 18 20:31:04 PDT 2014
+From: Xufeng Zhang <xufeng.zhang@windriver.com>
+Date: Thu, 12 Jun 2014 10:53:36 +0800
+Subject: sctp: Fix sk_ack_backlog wrap-around problem
+
+From: Xufeng Zhang <xufeng.zhang@windriver.com>
+
+[ Upstream commit d3217b15a19a4779c39b212358a5c71d725822ee ]
+
+Consider the scenario:
+For a TCP-style socket, while processing the COOKIE_ECHO chunk in
+sctp_sf_do_5_1D_ce(), after it has passed a series of sanity check,
+a new association would be created in sctp_unpack_cookie(), but afterwards,
+some processing maybe failed, and sctp_association_free() will be called to
+free the previously allocated association, in sctp_association_free(),
+sk_ack_backlog value is decremented for this socket, since the initial
+value for sk_ack_backlog is 0, after the decrement, it will be 65535,
+a wrap-around problem happens, and if we want to establish new associations
+afterward in the same socket, ABORT would be triggered since sctp deem the
+accept queue as full.
+Fix this issue by only decrementing sk_ack_backlog for associations in
+the endpoint's list.
+
+Fix-suggested-by: Neil Horman <nhorman@tuxdriver.com>
+Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
+Acked-by: Daniel Borkmann <dborkman@redhat.com>
+Acked-by: Vlad Yasevich <vyasevich@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/sctp/associola.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/sctp/associola.c
++++ b/net/sctp/associola.c
+@@ -330,7 +330,7 @@ void sctp_association_free(struct sctp_a
+ /* Only real associations count against the endpoint, so
+ * don't bother for if this is a temporary association.
+ */
+- if (!asoc->temp) {
++ if (!list_empty(&asoc->asocs)) {
+ list_del(&asoc->asocs);
+
+ /* Decrement the backlog value for a TCP-style listening
ima-audit-log-files-opened-with-o_direct-flag.patch
ima-introduce-ima_kernel_read.patch
evm-prohibit-userspace-writing-security.evm-hmac-value.patch
+ipv6-fix-regression-caused-by-efe4208-in.patch
+net-tunnels-enable-module-autoloading.patch
+sh_eth-use-rnc-mode-for-packet-reception.patch
+sh_eth-fix-sh7619-771x-support.patch
+net-filter-fix-typo-in-sparc-bpf-jit.patch
+net-filter-fix-sparc32-typo.patch
+net-qmi_wwan-add-olivetti-olicard-modems.patch
+net-force-a-list_del-in-unregister_netdevice_many.patch
+ipip-sit-fix-ipv4_-update_pmtu-redirect-calls.patch
+sfc-pio-restrict-to-64bit-arch-and-use-64-bit-writes.patch
+ipv4-fix-a-race-in-ip4_datagram_release_cb.patch
+sctp-fix-sk_ack_backlog-wrap-around-problem.patch
+rtnetlink-fix-userspace-api-breakage-for-iproute2.patch
+vxlan-use-dev-needed_headroom-instead-of.patch
+udp-ipv4-do-not-waste-time-in.patch
--- /dev/null
+From foo@baz Wed Jun 18 20:31:04 PDT 2014
+From: Jon Cooper <jcooper@solarflare.com>
+Date: Wed, 11 Jun 2014 14:33:08 +0100
+Subject: sfc: PIO:Restrict to 64bit arch and use 64-bit writes.
+
+From: Jon Cooper <jcooper@solarflare.com>
+
+[ Upstream commit daf37b556e437ec1ea1a597dcfeff338068380e1 ]
+
+Fixes:ee45fd92c739
+("sfc: Use TX PIO for sufficiently small packets")
+
+The linux net driver uses memcpy_toio() in order to copy into
+the PIO buffers.
+Even on a 64bit machine this causes 32bit accesses to a write-
+combined memory region.
+There are hardware limitations that mean that only 64bit
+naturally aligned accesses are safe in all cases.
+Due to being write-combined memory region two 32bit accesses
+may be coalesced to form a 64bit non 64bit aligned access.
+Solution was to open-code the memory copy routines using pointers
+and to only enable PIO for x86_64 machines.
+
+Not tested on platforms other than x86_64 because this patch
+disables the PIO feature on other platforms.
+Compile-tested on x86 to ensure that works.
+
+The WARN_ON_ONCE() code in the previous version of this patch
+has been moved into the internal sfc debug driver as the
+assertion was unnecessary in the upstream kernel code.
+
+This bug fix applies to v3.13 and v3.14 stable branches.
+
+Signed-off-by: Shradha Shah <sshah@solarflare.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/sfc/io.h | 7 +++++++
+ drivers/net/ethernet/sfc/tx.c | 22 +++++++++++++++++-----
+ 2 files changed, 24 insertions(+), 5 deletions(-)
+
+--- a/drivers/net/ethernet/sfc/io.h
++++ b/drivers/net/ethernet/sfc/io.h
+@@ -66,10 +66,17 @@
+ #define EFX_USE_QWORD_IO 1
+ #endif
+
++/* Hardware issue requires that only 64-bit naturally aligned writes
++ * are seen by hardware. Its not strictly necessary to restrict to
++ * x86_64 arch, but done for safety since unusual write combining behaviour
++ * can break PIO.
++ */
++#ifdef CONFIG_X86_64
+ /* PIO is a win only if write-combining is possible */
+ #ifdef ARCH_HAS_IOREMAP_WC
+ #define EFX_USE_PIO 1
+ #endif
++#endif
+
+ #ifdef EFX_USE_QWORD_IO
+ static inline void _efx_writeq(struct efx_nic *efx, __le64 value,
+--- a/drivers/net/ethernet/sfc/tx.c
++++ b/drivers/net/ethernet/sfc/tx.c
+@@ -189,6 +189,18 @@ struct efx_short_copy_buffer {
+ u8 buf[L1_CACHE_BYTES];
+ };
+
++/* Copy in explicit 64-bit writes. */
++static void efx_memcpy_64(void __iomem *dest, void *src, size_t len)
++{
++ u64 *src64 = src;
++ u64 __iomem *dest64 = dest;
++ size_t l64 = len / 8;
++ size_t i;
++
++ for (i = 0; i < l64; i++)
++ writeq(src64[i], &dest64[i]);
++}
++
+ /* Copy to PIO, respecting that writes to PIO buffers must be dword aligned.
+ * Advances piobuf pointer. Leaves additional data in the copy buffer.
+ */
+@@ -198,7 +210,7 @@ static void efx_memcpy_toio_aligned(stru
+ {
+ int block_len = len & ~(sizeof(copy_buf->buf) - 1);
+
+- memcpy_toio(*piobuf, data, block_len);
++ efx_memcpy_64(*piobuf, data, block_len);
+ *piobuf += block_len;
+ len -= block_len;
+
+@@ -230,7 +242,7 @@ static void efx_memcpy_toio_aligned_cb(s
+ if (copy_buf->used < sizeof(copy_buf->buf))
+ return;
+
+- memcpy_toio(*piobuf, copy_buf->buf, sizeof(copy_buf->buf));
++ efx_memcpy_64(*piobuf, copy_buf->buf, sizeof(copy_buf->buf));
+ *piobuf += sizeof(copy_buf->buf);
+ data += copy_to_buf;
+ len -= copy_to_buf;
+@@ -245,7 +257,7 @@ static void efx_flush_copy_buffer(struct
+ {
+ /* if there's anything in it, write the whole buffer, including junk */
+ if (copy_buf->used)
+- memcpy_toio(piobuf, copy_buf->buf, sizeof(copy_buf->buf));
++ efx_memcpy_64(piobuf, copy_buf->buf, sizeof(copy_buf->buf));
+ }
+
+ /* Traverse skb structure and copy fragments in to PIO buffer.
+@@ -304,8 +316,8 @@ efx_enqueue_skb_pio(struct efx_tx_queue
+ */
+ BUILD_BUG_ON(L1_CACHE_BYTES >
+ SKB_DATA_ALIGN(sizeof(struct skb_shared_info)));
+- memcpy_toio(tx_queue->piobuf, skb->data,
+- ALIGN(skb->len, L1_CACHE_BYTES));
++ efx_memcpy_64(tx_queue->piobuf, skb->data,
++ ALIGN(skb->len, L1_CACHE_BYTES));
+ }
+
+ EFX_POPULATE_QWORD_5(buffer->option,
--- /dev/null
+From foo@baz Wed Jun 18 20:31:04 PDT 2014
+From: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
+Date: Tue, 3 Jun 2014 23:42:26 +0400
+Subject: sh_eth: fix SH7619/771x support
+
+From: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
+
+[ Upstream commit d8b0426af5b67973585712c9af36b86f6ea97815 ]
+
+Commit 4a55530f38e4 (net: sh_eth: modify the definitions of register) managed
+to leave out the E-DMAC register entries in sh_eth_offset_fast_sh3_sh2[], thus
+totally breaking SH7619/771x support. Add the missing entries using the data
+from before that commit.
+
+Signed-off-by: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
+Acked-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/renesas/sh_eth.c | 21 +++++++++++++++++++++
+ 1 file changed, 21 insertions(+)
+
+--- a/drivers/net/ethernet/renesas/sh_eth.c
++++ b/drivers/net/ethernet/renesas/sh_eth.c
+@@ -307,6 +307,27 @@ static const u16 sh_eth_offset_fast_sh4[
+ };
+
+ static const u16 sh_eth_offset_fast_sh3_sh2[SH_ETH_MAX_REGISTER_OFFSET] = {
++ [EDMR] = 0x0000,
++ [EDTRR] = 0x0004,
++ [EDRRR] = 0x0008,
++ [TDLAR] = 0x000c,
++ [RDLAR] = 0x0010,
++ [EESR] = 0x0014,
++ [EESIPR] = 0x0018,
++ [TRSCER] = 0x001c,
++ [RMFCR] = 0x0020,
++ [TFTR] = 0x0024,
++ [FDR] = 0x0028,
++ [RMCR] = 0x002c,
++ [EDOCR] = 0x0030,
++ [FCFTR] = 0x0034,
++ [RPADIR] = 0x0038,
++ [TRIMD] = 0x003c,
++ [RBWAR] = 0x0040,
++ [RDFAR] = 0x0044,
++ [TBRAR] = 0x004c,
++ [TDFAR] = 0x0050,
++
+ [ECMR] = 0x0160,
+ [ECSR] = 0x0164,
+ [ECSIPR] = 0x0168,
--- /dev/null
+From foo@baz Wed Jun 18 20:31:04 PDT 2014
+From: Ben Dooks <ben.dooks@codethink.co.uk>
+Date: Tue, 3 Jun 2014 12:21:13 +0100
+Subject: sh_eth: use RNC mode for packet reception
+
+From: Ben Dooks <ben.dooks@codethink.co.uk>
+
+[ Upstream commit 530aa2d0d9d55ab2775d47621ddf4b5b15bc1110 ]
+
+The current behaviour of the sh_eth driver is not to use the RNC bit
+for the receive ring. This means that every packet recieved is not only
+generating an IRQ but it also stops the receive ring DMA as well until
+the driver re-enables it after unloading the packet.
+
+This means that a number of the following errors are generated due to
+the receive packet FIFO overflowing due to nowhere to put packets:
+
+ net eth0: Receive FIFO Overflow
+
+Since feedback from Yoshihiro Shimoda shows that every supported LSI
+for this driver should have the bit enabled it seems the best way is
+to remove the RMCR default value from the per-system data and just
+write it when initialising the RMCR value. This is discussed in
+the message (http://www.spinics.net/lists/netdev/msg284912.html).
+
+I have tested the RMCR_RNC configuration with NFS root filesystem and
+the driver has not failed yet. There are further test reports from
+Sergei Shtylov and others for both the R8A7790 and R8A7791.
+
+There is also feedback fron Cao Minh Hiep[1] which reports the
+same issue in (http://comments.gmane.org/gmane.linux.network/316285)
+showing this fixes issues with losing UDP datagrams under iperf.
+
+Tested-by: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
+Signed-off-by: Ben Dooks <ben.dooks@codethink.co.uk>
+Acked-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
+Acked-by: Simon Horman <horms+renesas@verge.net.au>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/renesas/sh_eth.c | 11 ++---------
+ drivers/net/ethernet/renesas/sh_eth.h | 2 --
+ 2 files changed, 2 insertions(+), 11 deletions(-)
+
+--- a/drivers/net/ethernet/renesas/sh_eth.c
++++ b/drivers/net/ethernet/renesas/sh_eth.c
+@@ -546,7 +546,6 @@ static struct sh_eth_cpu_data sh7757_dat
+ .register_type = SH_ETH_REG_FAST_SH4,
+
+ .eesipr_value = DMAC_M_RFRMER | DMAC_M_ECI | 0x003fffff,
+- .rmcr_value = RMCR_RNC,
+
+ .tx_check = EESR_FTC | EESR_CND | EESR_DLC | EESR_CD | EESR_RTO,
+ .eesr_err_check = EESR_TWB | EESR_TABT | EESR_RABT | EESR_RFE |
+@@ -624,7 +623,6 @@ static struct sh_eth_cpu_data sh7757_dat
+ EESR_RFE | EESR_RDE | EESR_RFRMER | EESR_TFE |
+ EESR_TDE | EESR_ECI,
+ .fdr_value = 0x0000072f,
+- .rmcr_value = RMCR_RNC,
+
+ .irq_flags = IRQF_SHARED,
+ .apr = 1,
+@@ -752,7 +750,6 @@ static struct sh_eth_cpu_data r8a7740_da
+ EESR_RFE | EESR_RDE | EESR_RFRMER | EESR_TFE |
+ EESR_TDE | EESR_ECI,
+ .fdr_value = 0x0000070f,
+- .rmcr_value = RMCR_RNC,
+
+ .apr = 1,
+ .mpr = 1,
+@@ -784,7 +781,6 @@ static struct sh_eth_cpu_data r7s72100_d
+ EESR_RFE | EESR_RDE | EESR_RFRMER | EESR_TFE |
+ EESR_TDE | EESR_ECI,
+ .fdr_value = 0x0000070f,
+- .rmcr_value = RMCR_RNC,
+
+ .no_psr = 1,
+ .apr = 1,
+@@ -833,9 +829,6 @@ static void sh_eth_set_default_cpu_data(
+ if (!cd->fdr_value)
+ cd->fdr_value = DEFAULT_FDR_INIT;
+
+- if (!cd->rmcr_value)
+- cd->rmcr_value = DEFAULT_RMCR_VALUE;
+-
+ if (!cd->tx_check)
+ cd->tx_check = DEFAULT_TX_CHECK;
+
+@@ -1287,8 +1280,8 @@ static int sh_eth_dev_init(struct net_de
+ sh_eth_write(ndev, mdp->cd->fdr_value, FDR);
+ sh_eth_write(ndev, 0, TFTR);
+
+- /* Frame recv control */
+- sh_eth_write(ndev, mdp->cd->rmcr_value, RMCR);
++ /* Frame recv control (enable multiple-packets per rx irq) */
++ sh_eth_write(ndev, RMCR_RNC, RMCR);
+
+ sh_eth_write(ndev, DESC_I_RINT8 | DESC_I_RINT5 | DESC_I_TINT2, TRSCER);
+
+--- a/drivers/net/ethernet/renesas/sh_eth.h
++++ b/drivers/net/ethernet/renesas/sh_eth.h
+@@ -319,7 +319,6 @@ enum TD_STS_BIT {
+ enum RMCR_BIT {
+ RMCR_RNC = 0x00000001,
+ };
+-#define DEFAULT_RMCR_VALUE 0x00000000
+
+ /* ECMR */
+ enum FELIC_MODE_BIT {
+@@ -466,7 +465,6 @@ struct sh_eth_cpu_data {
+ unsigned long fdr_value;
+ unsigned long fcftr_value;
+ unsigned long rpadir_value;
+- unsigned long rmcr_value;
+
+ /* interrupt checking mask */
+ unsigned long tx_check;
--- /dev/null
+From foo@baz Wed Jun 18 20:31:04 PDT 2014
+From: Eric Dumazet <edumazet@google.com>
+Date: Thu, 12 Jun 2014 16:13:06 -0700
+Subject: udp: ipv4: do not waste time in
+ __udp4_lib_mcast_demux_lookup
+
+From: Eric Dumazet <edumazet@google.com>
+
+[ Upstream commit 63c6f81cdde58c41da62a8d8a209592e42a0203e ]
+
+Its too easy to add thousand of UDP sockets on a particular bucket,
+and slow down an innocent multicast receiver.
+
+Early demux is supposed to be an optimization, we should avoid spending
+too much time in it.
+
+It is interesting to note __udp4_lib_demux_lookup() only tries to
+match first socket in the chain.
+
+10 is the threshold we already have in __udp4_lib_lookup() to switch
+to secondary hash.
+
+Fixes: 421b3885bf6d5 ("udp: ipv4: Add udp early demux")
+Signed-off-by: Eric Dumazet <edumazet@google.com>
+Reported-by: David Held <drheld@google.com>
+Cc: Shawn Bohrer <sbohrer@rgmadvisors.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv4/udp.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/net/ipv4/udp.c
++++ b/net/ipv4/udp.c
+@@ -1834,6 +1834,10 @@ static struct sock *__udp4_lib_mcast_dem
+ unsigned int count, slot = udp_hashfn(net, hnum, udp_table.mask);
+ struct udp_hslot *hslot = &udp_table.hash[slot];
+
++ /* Do not bother scanning a too big list */
++ if (hslot->count > 10)
++ return NULL;
++
+ rcu_read_lock();
+ begin:
+ count = 0;
--- /dev/null
+From foo@baz Wed Jun 18 20:31:04 PDT 2014
+From: Cong Wang <cwang@twopensource.com>
+Date: Thu, 12 Jun 2014 11:53:10 -0700
+Subject: vxlan: use dev->needed_headroom instead of
+ dev->hard_header_len
+
+From: Cong Wang <cwang@twopensource.com>
+
+[ Upstream commit 2853af6a2ea1a8ed09b09dd4fb578e7f435e8d34 ]
+
+When we mirror packets from a vxlan tunnel to other device,
+the mirror device should see the same packets (that is, without
+outer header). Because vxlan tunnel sets dev->hard_header_len,
+tcf_mirred() resets mac header back to outer mac, the mirror device
+actually sees packets with outer headers
+
+Vxlan tunnel should set dev->needed_headroom instead of
+dev->hard_header_len, like what other ip tunnels do. This fixes
+the above problem.
+
+Cc: "David S. Miller" <davem@davemloft.net>
+Cc: stephen hemminger <stephen@networkplumber.org>
+Cc: Pravin B Shelar <pshelar@nicira.com>
+Signed-off-by: Cong Wang <cwang@twopensource.com>
+Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/vxlan.c | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+--- a/drivers/net/vxlan.c
++++ b/drivers/net/vxlan.c
+@@ -2275,9 +2275,9 @@ static void vxlan_setup(struct net_devic
+ eth_hw_addr_random(dev);
+ ether_setup(dev);
+ if (vxlan->default_dst.remote_ip.sa.sa_family == AF_INET6)
+- dev->hard_header_len = ETH_HLEN + VXLAN6_HEADROOM;
++ dev->needed_headroom = ETH_HLEN + VXLAN6_HEADROOM;
+ else
+- dev->hard_header_len = ETH_HLEN + VXLAN_HEADROOM;
++ dev->needed_headroom = ETH_HLEN + VXLAN_HEADROOM;
+
+ dev->netdev_ops = &vxlan_netdev_ops;
+ dev->destructor = free_netdev;
+@@ -2660,8 +2660,7 @@ static int vxlan_newlink(struct net *net
+ if (!tb[IFLA_MTU])
+ dev->mtu = lowerdev->mtu - (use_ipv6 ? VXLAN6_HEADROOM : VXLAN_HEADROOM);
+
+- /* update header length based on lower device */
+- dev->hard_header_len = lowerdev->hard_header_len +
++ dev->needed_headroom = lowerdev->hard_header_len +
+ (use_ipv6 ? VXLAN6_HEADROOM : VXLAN_HEADROOM);
+ } else if (use_ipv6)
+ vxlan->flags |= VXLAN_F_IPV6;
projects / thirdparty / kernel / stable-queue.git / commitdiff
