diff options
author | Greg Kroah-Hartman <gregkh@suse.de> | 2011-05-30 10:34:06 +0800 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@suse.de> | 2011-05-30 10:34:06 +0800 |
commit | 8e1ffb1b7b26990f8598f28b38db11560bbca188 (patch) | |
tree | 3a44f1842306372bb786bd56aae16fca2f2fabcc | |
parent | 3cd4ea5bf7cea44ac6caf435796f8139296194b3 (diff) | |
download | stable-queue-8e1ffb1b7b26990f8598f28b38db11560bbca188.tar.gz |
.39 patches
17 files changed, 899 insertions, 0 deletions
diff --git a/queue-2.6.39/bonding-prevent-deadlock-on-slave-store-with-alb-mode-v3.patch b/queue-2.6.39/bonding-prevent-deadlock-on-slave-store-with-alb-mode-v3.patch new file mode 100644 index 0000000000..70cc6869ea --- /dev/null +++ b/queue-2.6.39/bonding-prevent-deadlock-on-slave-store-with-alb-mode-v3.patch @@ -0,0 +1,159 @@ +From 2d17cce7a2d33f0aaf2bc6bcbc9aa9d12036223a Mon Sep 17 00:00:00 2001 +From: Neil Horman <nhorman@tuxdriver.com> +Date: Wed, 25 May 2011 08:13:01 +0000 +Subject: bonding: prevent deadlock on slave store with alb mode (v3) + + +From: Neil Horman <nhorman@tuxdriver.com> + +[ Upstream commit 9fe0617d9b6d21f700ee9e658e1c9fe3be2fb402 ] + +This soft lockup was recently reported: + +[root@dell-per715-01 ~]# echo +bond5 > /sys/class/net/bonding_masters +[root@dell-per715-01 ~]# echo +eth1 > /sys/class/net/bond5/bonding/slaves +bonding: bond5: doing slave updates when interface is down. +bonding bond5: master_dev is not up in bond_enslave +[root@dell-per715-01 ~]# echo -eth1 > /sys/class/net/bond5/bonding/slaves +bonding: bond5: doing slave updates when interface is down. + +BUG: soft lockup - CPU#12 stuck for 60s! [bash:6444] +CPU 12: +Modules linked in: bonding autofs4 hidp rfcomm l2cap bluetooth lockd sunrpc +be2d +Pid: 6444, comm: bash Not tainted 2.6.18-262.el5 #1 +RIP: 0010:[<ffffffff80064bf0>] [<ffffffff80064bf0>] +.text.lock.spinlock+0x26/00 +RSP: 0018:ffff810113167da8 EFLAGS: 00000286 +RAX: ffff810113167fd8 RBX: ffff810123a47800 RCX: 0000000000ff1025 +RDX: 0000000000000000 RSI: ffff810123a47800 RDI: ffff81021b57f6f8 +RBP: ffff81021b57f500 R08: 0000000000000000 R09: 000000000000000c +R10: 00000000ffffffff R11: ffff81011d41c000 R12: ffff81021b57f000 +R13: 0000000000000000 R14: 0000000000000282 R15: 0000000000000282 +FS: 00002b3b41ef3f50(0000) GS:ffff810123b27940(0000) knlGS:0000000000000000 +CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b +CR2: 00002b3b456dd000 CR3: 000000031fc60000 CR4: 00000000000006e0 + +Call Trace: + [<ffffffff80064af9>] _spin_lock_bh+0x9/0x14 + [<ffffffff886937d7>] :bonding:tlb_clear_slave+0x22/0xa1 + [<ffffffff8869423c>] :bonding:bond_alb_deinit_slave+0xba/0xf0 + [<ffffffff8868dda6>] :bonding:bond_release+0x1b4/0x450 + [<ffffffff8006457b>] __down_write_nested+0x12/0x92 + [<ffffffff88696ae4>] :bonding:bonding_store_slaves+0x25c/0x2f7 + [<ffffffff801106f7>] sysfs_write_file+0xb9/0xe8 + [<ffffffff80016b87>] vfs_write+0xce/0x174 + [<ffffffff80017450>] sys_write+0x45/0x6e + [<ffffffff8005d28d>] tracesys+0xd5/0xe0 + +It occurs because we are able to change the slave configuarion of a bond while +the bond interface is down. The bonding driver initializes some data structures +only after its ndo_open routine is called. Among them is the initalization of +the alb tx and rx hash locks. So if we add or remove a slave without first +opening the bond master device, we run the risk of trying to lock/unlock a +spinlock that has garbage for data in it, which results in our above softlock. + +Note that sometimes this works, because in many cases an unlocked spinlock has +the raw_lock parameter initialized to zero (meaning that the kzalloc of the +net_device private data is equivalent to calling spin_lock_init), but thats not +true in all cases, and we aren't guaranteed that condition, so we need to pass +the relevant spinlocks through the spin_lock_init function. + +Fix it by moving the spin_lock_init calls for the tx and rx hashtable locks to +the ndo_init path, so they are ready for use by the bond_store_slaves path. + +Change notes: +v2) Based on conversation with Jay and Nicolas it seems that the ability to +enslave devices while the bond master is down should be safe to do. As such +this is an outlier bug, and so instead we'll just initalize the errant spinlocks +in the init path rather than the open path, solving the problem. We'll also +remove the warnings about the bond being down during enslave operations, since +it should be safe + +v3) Fix spelling error + +Signed-off-by: Neil Horman <nhorman@tuxdriver.com> +Reported-by: jtluka@redhat.com +CC: Jay Vosburgh <fubar@us.ibm.com> +CC: Andy Gospodarek <andy@greyhouse.net> +CC: nicolas.2p.debian@gmail.com +CC: "David S. Miller" <davem@davemloft.net> +Signed-off-by: Jay Vosburgh <fubar@us.ibm.com> +Signed-off-by: David S. Miller <davem@davemloft.net> +Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> +--- + drivers/net/bonding/bond_alb.c | 4 ---- + drivers/net/bonding/bond_main.c | 16 ++++++++++------ + drivers/net/bonding/bond_sysfs.c | 6 ------ + 3 files changed, 10 insertions(+), 16 deletions(-) + +--- a/drivers/net/bonding/bond_alb.c ++++ b/drivers/net/bonding/bond_alb.c +@@ -163,8 +163,6 @@ static int tlb_initialize(struct bonding + struct tlb_client_info *new_hashtbl; + int i; + +- spin_lock_init(&(bond_info->tx_hashtbl_lock)); +- + new_hashtbl = kzalloc(size, GFP_KERNEL); + if (!new_hashtbl) { + pr_err("%s: Error: Failed to allocate TLB hash table\n", +@@ -764,8 +762,6 @@ static int rlb_initialize(struct bonding + int size = RLB_HASH_TABLE_SIZE * sizeof(struct rlb_client_info); + int i; + +- spin_lock_init(&(bond_info->rx_hashtbl_lock)); +- + new_hashtbl = kmalloc(size, GFP_KERNEL); + if (!new_hashtbl) { + pr_err("%s: Error: Failed to allocate RLB hash table\n", +--- a/drivers/net/bonding/bond_main.c ++++ b/drivers/net/bonding/bond_main.c +@@ -1535,12 +1535,6 @@ int bond_enslave(struct net_device *bond + bond_dev->name, slave_dev->name); + } + +- /* bond must be initialized by bond_open() before enslaving */ +- if (!(bond_dev->flags & IFF_UP)) { +- pr_warning("%s: master_dev is not up in bond_enslave\n", +- bond_dev->name); +- } +- + /* already enslaved */ + if (slave_dev->flags & IFF_SLAVE) { + pr_debug("Error, Device was already enslaved\n"); +@@ -4975,9 +4969,19 @@ static int bond_init(struct net_device * + { + struct bonding *bond = netdev_priv(bond_dev); + struct bond_net *bn = net_generic(dev_net(bond_dev), bond_net_id); ++ struct alb_bond_info *bond_info = &(BOND_ALB_INFO(bond)); + + pr_debug("Begin bond_init for %s\n", bond_dev->name); + ++ /* ++ * Initialize locks that may be required during ++ * en/deslave operations. All of the bond_open work ++ * (of which this is part) should really be moved to ++ * a phase prior to dev_open ++ */ ++ spin_lock_init(&(bond_info->tx_hashtbl_lock)); ++ spin_lock_init(&(bond_info->rx_hashtbl_lock)); ++ + bond->wq = create_singlethread_workqueue(bond_dev->name); + if (!bond->wq) + return -ENOMEM; +--- a/drivers/net/bonding/bond_sysfs.c ++++ b/drivers/net/bonding/bond_sysfs.c +@@ -227,12 +227,6 @@ static ssize_t bonding_store_slaves(stru + struct net_device *dev; + struct bonding *bond = to_bond(d); + +- /* Quick sanity check -- is the bond interface up? */ +- if (!(bond->dev->flags & IFF_UP)) { +- pr_warning("%s: doing slave updates when interface is down.\n", +- bond->dev->name); +- } +- + if (!rtnl_trylock()) + return restart_syscall(); + diff --git a/queue-2.6.39/bridge-initialize-fake_rtable-metrics.patch b/queue-2.6.39/bridge-initialize-fake_rtable-metrics.patch new file mode 100644 index 0000000000..0a87e96b2d --- /dev/null +++ b/queue-2.6.39/bridge-initialize-fake_rtable-metrics.patch @@ -0,0 +1,44 @@ +From ddce98be0fe80702591c637593740872a2835d48 Mon Sep 17 00:00:00 2001 +From: Eric Dumazet <eric.dumazet@gmail.com> +Date: Tue, 24 May 2011 13:32:18 -0400 +Subject: bridge: initialize fake_rtable metrics + + +From: Eric Dumazet <eric.dumazet@gmail.com> + +[ Upstream commit 33eb9873a283a2076f2b5628813d5365ca420ea9 ] + +bridge netfilter code uses a fake_rtable, and we must init its _metric +field or risk NULL dereference later. + +Ref: https://bugzilla.kernel.org/show_bug.cgi?id=35672 + +Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> +Signed-off-by: David S. Miller <davem@davemloft.net> +Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> +--- + net/bridge/br_netfilter.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +--- a/net/bridge/br_netfilter.c ++++ b/net/bridge/br_netfilter.c +@@ -117,6 +117,10 @@ static struct dst_ops fake_dst_ops = { + * ipt_REJECT needs it. Future netfilter modules might + * require us to fill additional fields. + */ ++static const u32 br_dst_default_metrics[RTAX_MAX] = { ++ [RTAX_MTU - 1] = 1500, ++}; ++ + void br_netfilter_rtable_init(struct net_bridge *br) + { + struct rtable *rt = &br->fake_rtable; +@@ -124,7 +128,7 @@ void br_netfilter_rtable_init(struct net + atomic_set(&rt->dst.__refcnt, 1); + rt->dst.dev = br->dev; + rt->dst.path = &rt->dst; +- dst_metric_set(&rt->dst, RTAX_MTU, 1500); ++ dst_init_metrics(&rt->dst, br_dst_default_metrics, true); + rt->dst.flags = DST_NOXFRM; + rt->dst.ops = &fake_dst_ops; + } diff --git a/queue-2.6.39/dst-catch-uninitialized-metrics.patch b/queue-2.6.39/dst-catch-uninitialized-metrics.patch new file mode 100644 index 0000000000..34392e1846 --- /dev/null +++ b/queue-2.6.39/dst-catch-uninitialized-metrics.patch @@ -0,0 +1,31 @@ +From a6662b9379dca82b365b4ea61b5d202ca1ed5975 Mon Sep 17 00:00:00 2001 +From: Stephen Hemminger <shemminger@vyatta.com> +Date: Tue, 24 May 2011 13:50:52 -0400 +Subject: dst: catch uninitialized metrics + + +From: Stephen Hemminger <shemminger@vyatta.com> + +[ Upstream commit 1f37070d3ff325827c6213e51b57f21fd5ac9d05 ] + +Catch cases where dst_metric_set() and other functions are called +but _metrics is NULL. + +Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> +Signed-off-by: David S. Miller <davem@davemloft.net> +Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> +--- + include/net/dst.h | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/include/net/dst.h ++++ b/include/net/dst.h +@@ -120,6 +120,8 @@ static inline u32 *dst_metrics_write_ptr + { + unsigned long p = dst->_metrics; + ++ BUG_ON(!p); ++ + if (p & DST_METRICS_READ_ONLY) + return dst->ops->cow_metrics(dst, p); + return __DST_METRICS_PTR(p); diff --git a/queue-2.6.39/igmp-call-ip_mc_clear_src-only-when-we-have-no-users-of-ip_mc_list.patch b/queue-2.6.39/igmp-call-ip_mc_clear_src-only-when-we-have-no-users-of-ip_mc_list.patch new file mode 100644 index 0000000000..c83111c71e --- /dev/null +++ b/queue-2.6.39/igmp-call-ip_mc_clear_src-only-when-we-have-no-users-of-ip_mc_list.patch @@ -0,0 +1,71 @@ +From cd934c1d517bca86a3104c935a7cf7cc13a6845b Mon Sep 17 00:00:00 2001 +From: Veaceslav Falico <vfalico@redhat.com> +Date: Mon, 23 May 2011 23:15:05 +0000 +Subject: igmp: call ip_mc_clear_src() only when we have no users of ip_mc_list + + +From: Veaceslav Falico <vfalico@redhat.com> + +[ Upstream commit 24cf3af3fed5edcf90bc2a0ed181e6ce1513d2dc ] + +In igmp_group_dropped() we call ip_mc_clear_src(), which resets the number +of source filters per mulitcast. However, igmp_group_dropped() is also +called on NETDEV_DOWN, NETDEV_PRE_TYPE_CHANGE and NETDEV_UNREGISTER, which +means that the group might get added back on NETDEV_UP, NETDEV_REGISTER and +NETDEV_POST_TYPE_CHANGE respectively, leaving us with broken source +filters. + +To fix that, we must clear the source filters only when there are no users +in the ip_mc_list, i.e. in ip_mc_dec_group() and on device destroy. + +Acked-by: David L Stevens <dlstevens@us.ibm.com> +Signed-off-by: Veaceslav Falico <vfalico@redhat.com> +Signed-off-by: David S. Miller <davem@davemloft.net> +Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> +--- + net/ipv4/igmp.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +--- a/net/ipv4/igmp.c ++++ b/net/ipv4/igmp.c +@@ -1169,20 +1169,18 @@ static void igmp_group_dropped(struct ip + + if (!in_dev->dead) { + if (IGMP_V1_SEEN(in_dev)) +- goto done; ++ return; + if (IGMP_V2_SEEN(in_dev)) { + if (reporter) + igmp_send_report(in_dev, im, IGMP_HOST_LEAVE_MESSAGE); +- goto done; ++ return; + } + /* IGMPv3 */ + igmpv3_add_delrec(in_dev, im); + + igmp_ifc_event(in_dev); + } +-done: + #endif +- ip_mc_clear_src(im); + } + + static void igmp_group_added(struct ip_mc_list *im) +@@ -1319,6 +1317,7 @@ void ip_mc_dec_group(struct in_device *i + *ip = i->next_rcu; + in_dev->mc_count--; + igmp_group_dropped(i); ++ ip_mc_clear_src(i); + + if (!in_dev->dead) + ip_rt_multicast_event(in_dev); +@@ -1428,7 +1427,8 @@ void ip_mc_destroy_dev(struct in_device + in_dev->mc_list = i->next_rcu; + in_dev->mc_count--; + +- igmp_group_dropped(i); ++ /* We've dropped the groups in ip_mc_down already */ ++ ip_mc_clear_src(i); + ip_ma_put(i); + } + } diff --git a/queue-2.6.39/macvlan-fix-panic-if-lowerdev-in-a-bond.patch b/queue-2.6.39/macvlan-fix-panic-if-lowerdev-in-a-bond.patch new file mode 100644 index 0000000000..0ae633e761 --- /dev/null +++ b/queue-2.6.39/macvlan-fix-panic-if-lowerdev-in-a-bond.patch @@ -0,0 +1,45 @@ +From e5d37b08f230fd29fc7d22d2367af18e737c1aaa Mon Sep 17 00:00:00 2001 +From: Eric Dumazet <eric.dumazet@gmail.com> +Date: Fri, 20 May 2011 14:59:23 -0400 +Subject: macvlan: fix panic if lowerdev in a bond + + +From: Eric Dumazet <eric.dumazet@gmail.com> + +[ Upstream commit d93515611bbc70c2fe4db232e5feb448ed8e4cc9 ] + +commit a35e2c1b6d905 (macvlan: use rx_handler_data pointer to store +macvlan_port pointer V2) added a bug in macvlan_port_create() + +Steps to reproduce the bug: + +# ifenslave bond0 eth0 eth1 + +# ip link add link eth0 up name eth0#1 type macvlan +->error EBUSY + +# ip link add link eth0 up name eth0#1 type macvlan +->panic + +Fix: Dont set IFF_MACVLAN_PORT in error case. + +Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> +Signed-off-by: David S. Miller <davem@davemloft.net> +Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> +--- + drivers/net/macvlan.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/net/macvlan.c ++++ b/drivers/net/macvlan.c +@@ -598,8 +598,8 @@ static int macvlan_port_create(struct ne + err = netdev_rx_handler_register(dev, macvlan_handle_frame, port); + if (err) + kfree(port); +- +- dev->priv_flags |= IFF_MACVLAN_PORT; ++ else ++ dev->priv_flags |= IFF_MACVLAN_PORT; + return err; + } + diff --git a/queue-2.6.39/net-add-skb_dst_force-in-sock_queue_err_skb.patch b/queue-2.6.39/net-add-skb_dst_force-in-sock_queue_err_skb.patch new file mode 100644 index 0000000000..e54eeaa145 --- /dev/null +++ b/queue-2.6.39/net-add-skb_dst_force-in-sock_queue_err_skb.patch @@ -0,0 +1,73 @@ +From f8f463fa0378747ca4cda029a452b4c50fcc5e95 Mon Sep 17 00:00:00 2001 +From: Eric Dumazet <eric.dumazet@gmail.com> +Date: Wed, 18 May 2011 02:21:31 -0400 +Subject: net: add skb_dst_force() in sock_queue_err_skb() + + +From: Eric Dumazet <eric.dumazet@gmail.com> + +[ Upstream commit abb57ea48fd9431fa320a5c55f73e6b5a44c2efb ] + +Commit 7fee226ad239 (add a noref bit on skb dst) forgot to use +skb_dst_force() on packets queued in sk_error_queue + +This triggers following warning, for applications using IP_CMSG_PKTINFO +receiving one error status + +------------[ cut here ]------------ +WARNING: at include/linux/skbuff.h:457 ip_cmsg_recv_pktinfo+0xa6/0xb0() +Hardware name: 2669UYD +Modules linked in: isofs vboxnetadp vboxnetflt nfsd ebtable_nat ebtables +lib80211_crypt_ccmp uinput xcbc hdaps tp_smapi thinkpad_ec radeonfb fb_ddc +radeon ttm drm_kms_helper drm ipw2200 intel_agp intel_gtt libipw i2c_algo_bit +i2c_i801 agpgart rng_core cfbfillrect cfbcopyarea cfbimgblt video raid10 raid1 +raid0 linear md_mod vboxdrv +Pid: 4697, comm: miredo Not tainted 2.6.39-rc6-00569-g5895198-dirty #22 +Call Trace: + [<c17746b6>] ? printk+0x1d/0x1f + [<c1058302>] warn_slowpath_common+0x72/0xa0 + [<c15bbca6>] ? ip_cmsg_recv_pktinfo+0xa6/0xb0 + [<c15bbca6>] ? ip_cmsg_recv_pktinfo+0xa6/0xb0 + [<c1058350>] warn_slowpath_null+0x20/0x30 + [<c15bbca6>] ip_cmsg_recv_pktinfo+0xa6/0xb0 + [<c15bbdd7>] ip_cmsg_recv+0x127/0x260 + [<c154f82d>] ? skb_dequeue+0x4d/0x70 + [<c1555523>] ? skb_copy_datagram_iovec+0x53/0x300 + [<c178e834>] ? sub_preempt_count+0x24/0x50 + [<c15bdd2d>] ip_recv_error+0x23d/0x270 + [<c15de554>] udp_recvmsg+0x264/0x2b0 + [<c15ea659>] inet_recvmsg+0xd9/0x130 + [<c1547752>] sock_recvmsg+0xf2/0x120 + [<c11179cb>] ? might_fault+0x4b/0xa0 + [<c15546bc>] ? verify_iovec+0x4c/0xc0 + [<c1547660>] ? sock_recvmsg_nosec+0x100/0x100 + [<c1548294>] __sys_recvmsg+0x114/0x1e0 + [<c1093895>] ? __lock_acquire+0x365/0x780 + [<c1148b66>] ? fget_light+0xa6/0x3e0 + [<c1148b7f>] ? fget_light+0xbf/0x3e0 + [<c1148aee>] ? fget_light+0x2e/0x3e0 + [<c1549f29>] sys_recvmsg+0x39/0x60 + +Close bug https://bugzilla.kernel.org/show_bug.cgi?id=34622 + +Reported-by: Witold Baryluk <baryluk@smp.if.uj.edu.pl> +Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> +CC: Stephen Hemminger <shemminger@vyatta.com> +Signed-off-by: David S. Miller <davem@davemloft.net> +Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> +--- + net/core/skbuff.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/net/core/skbuff.c ++++ b/net/core/skbuff.c +@@ -2993,6 +2993,9 @@ int sock_queue_err_skb(struct sock *sk, + skb->destructor = sock_rmem_free; + atomic_add(skb->truesize, &sk->sk_rmem_alloc); + ++ /* before exiting rcu section, make sure dst is refcounted */ ++ skb_dst_force(skb); ++ + skb_queue_tail(&sk->sk_error_queue, skb); + if (!sock_flag(sk, SOCK_DEAD)) + sk->sk_data_ready(sk, skb->len); diff --git a/queue-2.6.39/net-change-netdev_fix_features-messages-loglevel.patch b/queue-2.6.39/net-change-netdev_fix_features-messages-loglevel.patch new file mode 100644 index 0000000000..18f80e3fa9 --- /dev/null +++ b/queue-2.6.39/net-change-netdev_fix_features-messages-loglevel.patch @@ -0,0 +1,32 @@ +From 2dff2a5efe86b57aca6de548678edd3b0b018207 Mon Sep 17 00:00:00 2001 +From: Michael S. Tsirkin <mst@redhat.com> +Date: Mon, 16 May 2011 10:37:39 +0000 +Subject: net: Change netdev_fix_features messages loglevel + + +From: Michael S. Tsirkin <mst@redhat.com> + +[ Upstream commit 604ae14ffb6d75d6eef4757859226b758d6bf9e3 ] + +Cool, how about we make 'Features changed' debug as well? +This way userspace can't fill up the log just by tweaking tun features +with an ioctl. + +Signed-off-by: Michael S. Tsirkin <mst@redhat.com> +Signed-off-by: David S. Miller <davem@davemloft.net> +Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> +--- + net/core/dev.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/net/core/dev.c ++++ b/net/core/dev.c +@@ -5258,7 +5258,7 @@ void netdev_update_features(struct net_d + if (dev->features == features) + return; + +- netdev_info(dev, "Features changed: 0x%08x -> 0x%08x\n", ++ netdev_dbg(dev, "Features changed: 0x%08x -> 0x%08x\n", + dev->features, features); + + if (dev->netdev_ops->ndo_set_features) diff --git a/queue-2.6.39/net-ethtool-fix-ipv6-checksum-feature-name-string.patch b/queue-2.6.39/net-ethtool-fix-ipv6-checksum-feature-name-string.patch new file mode 100644 index 0000000000..f0c489df9f --- /dev/null +++ b/queue-2.6.39/net-ethtool-fix-ipv6-checksum-feature-name-string.patch @@ -0,0 +1,28 @@ +From 627fb90fdc01aefdbe902561b6a3fd9eecfa30dc Mon Sep 17 00:00:00 2001 +From: Michał Mirosław <mirq-linux@rere.qmqm.pl> +Date: Tue, 17 May 2011 16:50:02 -0400 +Subject: net: ethtool: fix IPV6 checksum feature name string + + +From: =?UTF-8?q?Micha=C5=82=20Miros=C5=82aw?= <mirq-linux@rere.qmqm.pl> + +[ Upstream commit 7cc31a9ae1477abc79d5992b3afe889f25c50c99 ] + +Signed-off-by: Michał Mirosław <mirq-linux@rere.qmqm.pl> +Signed-off-by: David S. Miller <davem@davemloft.net> +Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> +--- + net/core/ethtool.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/net/core/ethtool.c ++++ b/net/core/ethtool.c +@@ -330,7 +330,7 @@ static const char netdev_features_string + /* NETIF_F_IP_CSUM */ "tx-checksum-ipv4", + /* NETIF_F_NO_CSUM */ "tx-checksum-unneeded", + /* NETIF_F_HW_CSUM */ "tx-checksum-ip-generic", +- /* NETIF_F_IPV6_CSUM */ "tx_checksum-ipv6", ++ /* NETIF_F_IPV6_CSUM */ "tx-checksum-ipv6", + /* NETIF_F_HIGHDMA */ "highdma", + /* NETIF_F_FRAGLIST */ "tx-scatter-gather-fraglist", + /* NETIF_F_HW_VLAN_TX */ "tx-vlan-hw-insert", diff --git a/queue-2.6.39/net-fix-__dst_destroy_metrics_generic.patch b/queue-2.6.39/net-fix-__dst_destroy_metrics_generic.patch new file mode 100644 index 0000000000..6a30b7b543 --- /dev/null +++ b/queue-2.6.39/net-fix-__dst_destroy_metrics_generic.patch @@ -0,0 +1,30 @@ +From 8c378c2862ae68a60bc5feb778ced790b0a19242 Mon Sep 17 00:00:00 2001 +From: Eric Dumazet <eric.dumazet@gmail.com> +Date: Tue, 24 May 2011 13:29:50 -0400 +Subject: net: fix __dst_destroy_metrics_generic() + + +From: Eric Dumazet <eric.dumazet@gmail.com> + +[ Upstream commit b30c516f875004f025f4d10147bde28c5e98466b ] + +dst_default_metrics is readonly, we dont want to kfree() it later. + +Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> +Signed-off-by: David S. Miller <davem@davemloft.net> +Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> +--- + net/core/dst.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/net/core/dst.c ++++ b/net/core/dst.c +@@ -314,7 +314,7 @@ void __dst_destroy_metrics_generic(struc + { + unsigned long prev, new; + +- new = (unsigned long) dst_default_metrics; ++ new = ((unsigned long) dst_default_metrics) | DST_METRICS_READ_ONLY; + prev = cmpxchg(&dst->_metrics, old, new); + if (prev == old) + kfree(__DST_METRICS_PTR(old)); diff --git a/queue-2.6.39/net-use-hlist_del_rcu-in-dev_change_name.patch b/queue-2.6.39/net-use-hlist_del_rcu-in-dev_change_name.patch new file mode 100644 index 0000000000..e29c49d4e7 --- /dev/null +++ b/queue-2.6.39/net-use-hlist_del_rcu-in-dev_change_name.patch @@ -0,0 +1,34 @@ +From a586e48b616d1b2298e7399d66058dfe14c96eab Mon Sep 17 00:00:00 2001 +From: Eric Dumazet <eric.dumazet@gmail.com> +Date: Tue, 17 May 2011 13:56:59 -0400 +Subject: net: use hlist_del_rcu() in dev_change_name() + + +From: Eric Dumazet <eric.dumazet@gmail.com> + +[ Upstream commit 372b2312010bece1e36f577d6c99a6193ec54cbd ] + +Using plain hlist_del() in dev_change_name() is wrong since a +concurrent reader can crash trying to dereference LIST_POISON1. + +Bug introduced in commit 72c9528bab94 (net: Introduce +dev_get_by_name_rcu()) + +Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> +Signed-off-by: David S. Miller <davem@davemloft.net> +Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> +--- + net/core/dev.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/net/core/dev.c ++++ b/net/core/dev.c +@@ -1007,7 +1007,7 @@ rollback: + } + + write_lock_bh(&dev_base_lock); +- hlist_del(&dev->name_hlist); ++ hlist_del_rcu(&dev->name_hlist); + write_unlock_bh(&dev_base_lock); + + synchronize_rcu(); diff --git a/queue-2.6.39/netfilter-nf_ct_sip-fix-sdp-parsing-in-tcp-sip-messages-for-some-cisco-phones.patch b/queue-2.6.39/netfilter-nf_ct_sip-fix-sdp-parsing-in-tcp-sip-messages-for-some-cisco-phones.patch new file mode 100644 index 0000000000..7282502259 --- /dev/null +++ b/queue-2.6.39/netfilter-nf_ct_sip-fix-sdp-parsing-in-tcp-sip-messages-for-some-cisco-phones.patch @@ -0,0 +1,53 @@ +From 8fe63da58ac1dda2fafb306767799a5e8b2e73ad Mon Sep 17 00:00:00 2001 +From: Patrick McHardy <kaber@trash.net> +Date: Mon, 16 May 2011 14:45:39 +0200 +Subject: netfilter: nf_ct_sip: fix SDP parsing in TCP SIP messages for some Cisco phones + + +From: Patrick McHardy <kaber@trash.net> + +[ Upstream commit e6e4d9ed11fb1fab8b3256a3dc14d71b5e984ac4 ] + +Some Cisco phones do not place the Content-Length field at the end of the +SIP message. This is valid, due to a misunderstanding of the specification +the parser expects the SDP body to start directly after the Content-Length +field. Fix the parser to scan for \r\n\r\n to locate the beginning of the +SDP body. + +Reported-by: Teresa Kang <teresa_kang@gemtek.com.tw> +Signed-off-by: Patrick McHardy <kaber@trash.net> +Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> +--- + net/netfilter/nf_conntrack_sip.c | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +--- a/net/netfilter/nf_conntrack_sip.c ++++ b/net/netfilter/nf_conntrack_sip.c +@@ -1419,6 +1419,7 @@ static int sip_help_tcp(struct sk_buff * + const char *dptr, *end; + s16 diff, tdiff = 0; + int ret = NF_ACCEPT; ++ bool term; + typeof(nf_nat_sip_seq_adjust_hook) nf_nat_sip_seq_adjust; + + if (ctinfo != IP_CT_ESTABLISHED && +@@ -1453,10 +1454,15 @@ static int sip_help_tcp(struct sk_buff * + if (dptr + matchoff == end) + break; + +- if (end + strlen("\r\n\r\n") > dptr + datalen) +- break; +- if (end[0] != '\r' || end[1] != '\n' || +- end[2] != '\r' || end[3] != '\n') ++ term = false; ++ for (; end + strlen("\r\n\r\n") <= dptr + datalen; end++) { ++ if (end[0] == '\r' && end[1] == '\n' && ++ end[2] == '\r' && end[3] == '\n') { ++ term = true; ++ break; ++ } ++ } ++ if (!term) + break; + end += strlen("\r\n\r\n") + clen; + diff --git a/queue-2.6.39/netfilter-nf_ct_sip-validate-content-length-in-tcp-sip-messages.patch b/queue-2.6.39/netfilter-nf_ct_sip-validate-content-length-in-tcp-sip-messages.patch new file mode 100644 index 0000000000..f46fb3cf9b --- /dev/null +++ b/queue-2.6.39/netfilter-nf_ct_sip-validate-content-length-in-tcp-sip-messages.patch @@ -0,0 +1,31 @@ +From 44e7464f931d31f74815c59520f830fc7ee79fbb Mon Sep 17 00:00:00 2001 +From: Patrick McHardy <kaber@trash.net> +Date: Mon, 16 May 2011 14:42:26 +0200 +Subject: netfilter: nf_ct_sip: validate Content-Length in TCP SIP messages + + +From: Patrick McHardy <kaber@trash.net> + +[ Upstream commit 274ea0e2a4cdf18110e5931b8ecbfef6353e5293 ] + +Verify that the message length of a single SIP message, which is calculated +based on the Content-Length field contained in the SIP message, does not +exceed the packet boundaries. + +Signed-off-by: Patrick McHardy <kaber@trash.net> +Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> +--- + net/netfilter/nf_conntrack_sip.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/net/netfilter/nf_conntrack_sip.c ++++ b/net/netfilter/nf_conntrack_sip.c +@@ -1461,6 +1461,8 @@ static int sip_help_tcp(struct sk_buff * + end += strlen("\r\n\r\n") + clen; + + msglen = origlen = end - dptr; ++ if (msglen > datalen) ++ return NF_DROP; + + ret = process_sip_msg(skb, ct, dataoff, &dptr, &msglen); + if (ret != NF_ACCEPT) diff --git a/queue-2.6.39/sch_sfq-avoid-giving-spurious-net_xmit_cn-signals.patch b/queue-2.6.39/sch_sfq-avoid-giving-spurious-net_xmit_cn-signals.patch new file mode 100644 index 0000000000..50fc843cc5 --- /dev/null +++ b/queue-2.6.39/sch_sfq-avoid-giving-spurious-net_xmit_cn-signals.patch @@ -0,0 +1,59 @@ +From 07317133d5fc38c21af6adb6c6672cab37eb3548 Mon Sep 17 00:00:00 2001 +From: Eric Dumazet <eric.dumazet@gmail.com> +Date: Mon, 23 May 2011 11:02:42 +0000 +Subject: sch_sfq: avoid giving spurious NET_XMIT_CN signals + + +From: Eric Dumazet <eric.dumazet@gmail.com> + +[ Upstream commit 8efa885406359af300d46910642b50ca82c0fe47 ] + +While chasing a possible net_sched bug, I found that IP fragments have +litle chance to pass a congestioned SFQ qdisc : + +- Say SFQ qdisc is full because one flow is non responsive. +- ip_fragment() wants to send two fragments belonging to an idle flow. +- sfq_enqueue() queues first packet, but see queue limit reached : +- sfq_enqueue() drops one packet from 'big consumer', and returns +NET_XMIT_CN. +- ip_fragment() cancel remaining fragments. + +This patch restores fairness, making sure we return NET_XMIT_CN only if +we dropped a packet from the same flow. + +Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> +CC: Patrick McHardy <kaber@trash.net> +CC: Jarek Poplawski <jarkao2@gmail.com> +CC: Jamal Hadi Salim <hadi@cyberus.ca> +CC: Stephen Hemminger <shemminger@vyatta.com> +Signed-off-by: David S. Miller <davem@davemloft.net> +Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> +--- + net/sched/sch_sfq.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +--- a/net/sched/sch_sfq.c ++++ b/net/sched/sch_sfq.c +@@ -361,7 +361,7 @@ sfq_enqueue(struct sk_buff *skb, struct + { + struct sfq_sched_data *q = qdisc_priv(sch); + unsigned int hash; +- sfq_index x; ++ sfq_index x, qlen; + struct sfq_slot *slot; + int uninitialized_var(ret); + +@@ -405,8 +405,12 @@ sfq_enqueue(struct sk_buff *skb, struct + if (++sch->q.qlen <= q->limit) + return NET_XMIT_SUCCESS; + ++ qlen = slot->qlen; + sfq_drop(sch); +- return NET_XMIT_CN; ++ /* Return Congestion Notification only if we dropped a packet ++ * from this flow. ++ */ ++ return (qlen != slot->qlen) ? NET_XMIT_CN : NET_XMIT_SUCCESS; + } + + static struct sk_buff * diff --git a/queue-2.6.39/sch_sfq-fix-peek-implementation.patch b/queue-2.6.39/sch_sfq-fix-peek-implementation.patch new file mode 100644 index 0000000000..ba7497ca14 --- /dev/null +++ b/queue-2.6.39/sch_sfq-fix-peek-implementation.patch @@ -0,0 +1,57 @@ +From 5bfe906050eda2fdb229d552089442759b6fd18a Mon Sep 17 00:00:00 2001 +From: Eric Dumazet <eric.dumazet@gmail.com> +Date: Wed, 25 May 2011 04:40:11 +0000 +Subject: sch_sfq: fix peek() implementation + + +From: Eric Dumazet <eric.dumazet@gmail.com> + +[ Upstream commit 07bd8df5df4369487812bf85a237322ff3569b77 ] + +Since commit eeaeb068f139 (sch_sfq: allow big packets and be fair), +sfq_peek() can return a different skb that would be normally dequeued by +sfq_dequeue() [ if current slot->allot is negative ] + +Use generic qdisc_peek_dequeued() instead of custom implementation, to +get consistent result. + +Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> +CC: Jarek Poplawski <jarkao2@gmail.com> +CC: Patrick McHardy <kaber@trash.net> +CC: Jesper Dangaard Brouer <hawk@diku.dk> +Signed-off-by: David S. Miller <davem@davemloft.net> +Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> +--- + net/sched/sch_sfq.c | 14 +------------- + 1 file changed, 1 insertion(+), 13 deletions(-) + +--- a/net/sched/sch_sfq.c ++++ b/net/sched/sch_sfq.c +@@ -410,18 +410,6 @@ sfq_enqueue(struct sk_buff *skb, struct + } + + static struct sk_buff * +-sfq_peek(struct Qdisc *sch) +-{ +- struct sfq_sched_data *q = qdisc_priv(sch); +- +- /* No active slots */ +- if (q->tail == NULL) +- return NULL; +- +- return q->slots[q->tail->next].skblist_next; +-} +- +-static struct sk_buff * + sfq_dequeue(struct Qdisc *sch) + { + struct sfq_sched_data *q = qdisc_priv(sch); +@@ -702,7 +690,7 @@ static struct Qdisc_ops sfq_qdisc_ops __ + .priv_size = sizeof(struct sfq_sched_data), + .enqueue = sfq_enqueue, + .dequeue = sfq_dequeue, +- .peek = sfq_peek, ++ .peek = qdisc_peek_dequeued, + .drop = sfq_drop, + .init = sfq_init, + .reset = sfq_reset, diff --git a/queue-2.6.39/sctp-fix-memory-leak-of-the-asconf-queue-when-free-asoc.patch b/queue-2.6.39/sctp-fix-memory-leak-of-the-asconf-queue-when-free-asoc.patch new file mode 100644 index 0000000000..b844d77eb4 --- /dev/null +++ b/queue-2.6.39/sctp-fix-memory-leak-of-the-asconf-queue-when-free-asoc.patch @@ -0,0 +1,61 @@ +From c10a10f37acde34b6e8e888d4e76a1c92ef200c3 Mon Sep 17 00:00:00 2001 +From: Wei Yongjun <yjwei@cn.fujitsu.com> +Date: Tue, 24 May 2011 21:48:02 +0000 +Subject: sctp: fix memory leak of the ASCONF queue when free asoc + + +From: Wei Yongjun <yjwei@cn.fujitsu.com> + +[ Upstream commit 8b4472cc13136d04727e399c6fdadf58d2218b0a ] + +If an ASCONF chunk is outstanding, then the following ASCONF +chunk will be queued for later transmission. But when we free +the asoc, we forget to free the ASCONF queue at the same time, +this will cause memory leak. + +Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> +Signed-off-by: David S. Miller <davem@davemloft.net> +Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> +--- + net/sctp/associola.c | 16 ++++++++++++++++ + 1 file changed, 16 insertions(+) + +--- a/net/sctp/associola.c ++++ b/net/sctp/associola.c +@@ -64,6 +64,7 @@ + /* Forward declarations for internal functions. */ + static void sctp_assoc_bh_rcv(struct work_struct *work); + static void sctp_assoc_free_asconf_acks(struct sctp_association *asoc); ++static void sctp_assoc_free_asconf_queue(struct sctp_association *asoc); + + /* Keep track of the new idr low so that we don't re-use association id + * numbers too fast. It is protected by they idr spin lock is in the +@@ -446,6 +447,9 @@ void sctp_association_free(struct sctp_a + /* Free any cached ASCONF_ACK chunk. */ + sctp_assoc_free_asconf_acks(asoc); + ++ /* Free the ASCONF queue. */ ++ sctp_assoc_free_asconf_queue(asoc); ++ + /* Free any cached ASCONF chunk. */ + if (asoc->addip_last_asconf) + sctp_chunk_free(asoc->addip_last_asconf); +@@ -1578,6 +1582,18 @@ retry: + return error; + } + ++/* Free the ASCONF queue */ ++static void sctp_assoc_free_asconf_queue(struct sctp_association *asoc) ++{ ++ struct sctp_chunk *asconf; ++ struct sctp_chunk *tmp; ++ ++ list_for_each_entry_safe(asconf, tmp, &asoc->addip_chunk_list, list) { ++ list_del_init(&asconf->list); ++ sctp_chunk_free(asconf); ++ } ++} ++ + /* Free asconf_ack cache */ + static void sctp_assoc_free_asconf_acks(struct sctp_association *asoc) + { diff --git a/queue-2.6.39/sctp-fix-race-between-sctp_bind_addr_free-and-sctp_bind_addr_conflict.patch b/queue-2.6.39/sctp-fix-race-between-sctp_bind_addr_free-and-sctp_bind_addr_conflict.patch new file mode 100644 index 0000000000..ad32966a87 --- /dev/null +++ b/queue-2.6.39/sctp-fix-race-between-sctp_bind_addr_free-and-sctp_bind_addr_conflict.patch @@ -0,0 +1,75 @@ +From bc161cb50ea713af8a1c67f8d0291c93169970b5 Mon Sep 17 00:00:00 2001 +From: Jacek Luczak <difrost.kernel@gmail.com> +Date: Thu, 19 May 2011 09:55:13 +0000 +Subject: SCTP: fix race between sctp_bind_addr_free() and sctp_bind_addr_conflict() + + +From: Jacek Luczak <difrost.kernel@gmail.com> + +[ Upstream commit c182f90bc1f22ce5039b8722e45621d5f96862c2 ] + +During the sctp_close() call, we do not use rcu primitives to +destroy the address list attached to the endpoint. At the same +time, we do the removal of addresses from this list before +attempting to remove the socket from the port hash + +As a result, it is possible for another process to find the socket +in the port hash that is in the process of being closed. It then +proceeds to traverse the address list to find the conflict, only +to have that address list suddenly disappear without rcu() critical +section. + +Fix issue by closing address list removal inside RCU critical +section. + +Race can result in a kernel crash with general protection fault or +kernel NULL pointer dereference: + +kernel: general protection fault: 0000 [#1] SMP +kernel: RIP: 0010:[<ffffffffa02f3dde>] [<ffffffffa02f3dde>] sctp_bind_addr_conflict+0x64/0x82 [sctp] +kernel: Call Trace: +kernel: [<ffffffffa02f415f>] ? sctp_get_port_local+0x17b/0x2a3 [sctp] +kernel: [<ffffffffa02f3d45>] ? sctp_bind_addr_match+0x33/0x68 [sctp] +kernel: [<ffffffffa02f4416>] ? sctp_do_bind+0xd3/0x141 [sctp] +kernel: [<ffffffffa02f5030>] ? sctp_bindx_add+0x4d/0x8e [sctp] +kernel: [<ffffffffa02f5183>] ? sctp_setsockopt_bindx+0x112/0x4a4 [sctp] +kernel: [<ffffffff81089e82>] ? generic_file_aio_write+0x7f/0x9b +kernel: [<ffffffffa02f763e>] ? sctp_setsockopt+0x14f/0xfee [sctp] +kernel: [<ffffffff810c11fb>] ? do_sync_write+0xab/0xeb +kernel: [<ffffffff810e82ab>] ? fsnotify+0x239/0x282 +kernel: [<ffffffff810c2462>] ? alloc_file+0x18/0xb1 +kernel: [<ffffffff8134a0b1>] ? compat_sys_setsockopt+0x1a5/0x1d9 +kernel: [<ffffffff8134aaf1>] ? compat_sys_socketcall+0x143/0x1a4 +kernel: [<ffffffff810467dc>] ? sysenter_dispatch+0x7/0x32 + +Signed-off-by: Jacek Luczak <luczak.jacek@gmail.com> +Acked-by: Vlad Yasevich <vladislav.yasevich@hp.com> +CC: Eric Dumazet <eric.dumazet@gmail.com> +Reviewed-by: Eric Dumazet <eric.dumazet@gmail.com> +Signed-off-by: David S. Miller <davem@davemloft.net> +Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> +--- + net/sctp/bind_addr.c | 10 ++++------ + 1 file changed, 4 insertions(+), 6 deletions(-) + +--- a/net/sctp/bind_addr.c ++++ b/net/sctp/bind_addr.c +@@ -140,14 +140,12 @@ void sctp_bind_addr_init(struct sctp_bin + /* Dispose of the address list. */ + static void sctp_bind_addr_clean(struct sctp_bind_addr *bp) + { +- struct sctp_sockaddr_entry *addr; +- struct list_head *pos, *temp; ++ struct sctp_sockaddr_entry *addr, *temp; + + /* Empty the bind address list. */ +- list_for_each_safe(pos, temp, &bp->address_list) { +- addr = list_entry(pos, struct sctp_sockaddr_entry, list); +- list_del(pos); +- kfree(addr); ++ list_for_each_entry_safe(addr, temp, &bp->address_list, list) { ++ list_del_rcu(&addr->list); ++ call_rcu(&addr->rcu, sctp_local_addr_free); + SCTP_DBG_OBJCNT_DEC(addr); + } + } diff --git a/queue-2.6.39/series b/queue-2.6.39/series index 715dc75007..57d9fa04d4 100644 --- a/queue-2.6.39/series +++ b/queue-2.6.39/series @@ -48,3 +48,19 @@ ext3-fix-fs-corruption-when-make_indexed_dir-fails.patch jbd-fix-forever-sleeping-process-in-do_get_write_access.patch jbd-fix-fsync-tid-wraparound-bug.patch ext4-release-page-cache-in-ext4_mb_load_buddy-error-path.patch +netfilter-nf_ct_sip-validate-content-length-in-tcp-sip-messages.patch +netfilter-nf_ct_sip-fix-sdp-parsing-in-tcp-sip-messages-for-some-cisco-phones.patch +net-use-hlist_del_rcu-in-dev_change_name.patch +net-change-netdev_fix_features-messages-loglevel.patch +net-ethtool-fix-ipv6-checksum-feature-name-string.patch +net-add-skb_dst_force-in-sock_queue_err_skb.patch +macvlan-fix-panic-if-lowerdev-in-a-bond.patch +sctp-fix-race-between-sctp_bind_addr_free-and-sctp_bind_addr_conflict.patch +igmp-call-ip_mc_clear_src-only-when-we-have-no-users-of-ip_mc_list.patch +bridge-initialize-fake_rtable-metrics.patch +sctp-fix-memory-leak-of-the-asconf-queue-when-free-asoc.patch +sch_sfq-fix-peek-implementation.patch +bonding-prevent-deadlock-on-slave-store-with-alb-mode-v3.patch +sch_sfq-avoid-giving-spurious-net_xmit_cn-signals.patch +net-fix-__dst_destroy_metrics_generic.patch +dst-catch-uninitialized-metrics.patch |