--- /dev/null
+From foo@baz Thu Jun 21 12:38:22 JST 2018
+From: Xiangning Yu <yuxiangning@gmail.com>
+Date: Thu, 7 Jun 2018 13:39:59 +0800
+Subject: bonding: re-evaluate force_primary when the primary slave name changes
+
+From: Xiangning Yu <yuxiangning@gmail.com>
+
+[ Upstream commit eb55bbf865d9979098c6a7a17cbdb41237ece951 ]
+
+There is a timing issue under active-standy mode, when bond_enslave() is
+called, bond->params.primary might not be initialized yet.
+
+Any time the primary slave string changes, bond->force_primary should be
+set to true to make sure the primary becomes the active slave.
+
+Signed-off-by: Xiangning Yu <yuxiangning@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/bonding/bond_options.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/net/bonding/bond_options.c
++++ b/drivers/net/bonding/bond_options.c
+@@ -1115,6 +1115,7 @@ static int bond_option_primary_set(struc
+ slave->dev->name);
+ rcu_assign_pointer(bond->primary_slave, slave);
+ strcpy(bond->params.primary, slave->dev->name);
++ bond->force_primary = true;
+ bond_select_active_slave(bond);
+ goto out;
+ }
--- /dev/null
+From foo@baz Thu Jun 21 12:38:22 JST 2018
+From: Zhouyang Jia <jiazhouyang09@gmail.com>
+Date: Mon, 11 Jun 2018 13:26:35 +0800
+Subject: net: dsa: add error handling for pskb_trim_rcsum
+
+From: Zhouyang Jia <jiazhouyang09@gmail.com>
+
+[ Upstream commit 349b71d6f427ff8211adf50839dbbff3f27c1805 ]
+
+When pskb_trim_rcsum fails, the lack of error-handling code may
+cause unexpected results.
+
+This patch adds error-handling code after calling pskb_trim_rcsum.
+
+Signed-off-by: Zhouyang Jia <jiazhouyang09@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/dsa/tag_trailer.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/net/dsa/tag_trailer.c
++++ b/net/dsa/tag_trailer.c
+@@ -85,7 +85,8 @@ static int trailer_rcv(struct sk_buff *s
+ if (source_port >= DSA_MAX_PORTS || ds->ports[source_port] == NULL)
+ goto out_drop;
+
+- pskb_trim_rcsum(skb, skb->len - 4);
++ if (pskb_trim_rcsum(skb, skb->len - 4))
++ return NULL;
+
+ skb->dev = ds->ports[source_port];
+ skb_push(skb, ETH_HLEN);
tcp-do-not-overshoot-window_clamp-in-tcp_rcv_space_adjust.patch
btrfs-make-raid6-rebuild-retry-more.patch
usb-musb-fix-remote-wakeup-racing-with-suspend.patch
+bonding-re-evaluate-force_primary-when-the-primary-slave-name-changes.patch
+net-dsa-add-error-handling-for-pskb_trim_rcsum.patch
+tcp-verify-the-checksum-of-the-first-data-segment-in-a-new-connection.patch
--- /dev/null
+From foo@baz Thu Jun 21 12:38:22 JST 2018
+From: Frank van der Linden <fllinden@amazon.com>
+Date: Tue, 12 Jun 2018 23:09:37 +0000
+Subject: tcp: verify the checksum of the first data segment in a new connection
+
+From: Frank van der Linden <fllinden@amazon.com>
+
+[ Upstream commit 4fd44a98ffe0d048246efef67ed640fdf2098a62 ]
+
+commit 079096f103fa ("tcp/dccp: install syn_recv requests into ehash
+table") introduced an optimization for the handling of child sockets
+created for a new TCP connection.
+
+But this optimization passes any data associated with the last ACK of the
+connection handshake up the stack without verifying its checksum, because it
+calls tcp_child_process(), which in turn calls tcp_rcv_state_process()
+directly. These lower-level processing functions do not do any checksum
+verification.
+
+Insert a tcp_checksum_complete call in the TCP_NEW_SYN_RECEIVE path to
+fix this.
+
+Fixes: 079096f103fa ("tcp/dccp: install syn_recv requests into ehash table")
+Signed-off-by: Frank van der Linden <fllinden@amazon.com>
+Signed-off-by: Eric Dumazet <edumazet@google.com>
+Tested-by: Balbir Singh <bsingharora@gmail.com>
+Reviewed-by: Balbir Singh <bsingharora@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv4/tcp_ipv4.c | 4 ++++
+ net/ipv6/tcp_ipv6.c | 4 ++++
+ 2 files changed, 8 insertions(+)
+
+--- a/net/ipv4/tcp_ipv4.c
++++ b/net/ipv4/tcp_ipv4.c
+@@ -1627,6 +1627,10 @@ process:
+ reqsk_put(req);
+ goto discard_it;
+ }
++ if (tcp_checksum_complete(skb)) {
++ reqsk_put(req);
++ goto csum_error;
++ }
+ if (unlikely(sk->sk_state != TCP_LISTEN)) {
+ inet_csk_reqsk_queue_drop_and_put(sk, req);
+ goto lookup;
+--- a/net/ipv6/tcp_ipv6.c
++++ b/net/ipv6/tcp_ipv6.c
+@@ -1415,6 +1415,10 @@ process:
+ reqsk_put(req);
+ goto discard_it;
+ }
++ if (tcp_checksum_complete(skb)) {
++ reqsk_put(req);
++ goto csum_error;
++ }
+ if (unlikely(sk->sk_state != TCP_LISTEN)) {
+ inet_csk_reqsk_queue_drop_and_put(sk, req);
+ goto lookup;
projects / thirdparty / kernel / stable-queue.git / commitdiff
