From 0cba0b9cb4c0ec4057a96d33da1ee2d7d9dbf626 Mon Sep 17 00:00:00 2001
From: Ben Hutchings <benh@debian.org>
Date: Tue, 20 Mar 2012 04:32:41 +0000
Subject: [PATCH] Add networking patches from stable queue

svn path=/dists/sid/linux-2.6/; revision=18863
---
 debian/changelog                              |   2 +
 ...-dev_hold-dev-in-ip6_mc_find_dev_rcu.patch |  34 ++++++
 .../all/tcp-fix-syncookie-regression.patch    | 107 ++++++++++++++++++
 debian/patches/series/base                    |   2 +
 4 files changed, 145 insertions(+)
 create mode 100644 debian/patches/bugfix/all/ipv6-don-t-dev_hold-dev-in-ip6_mc_find_dev_rcu.patch
 create mode 100644 debian/patches/bugfix/all/tcp-fix-syncookie-regression.patch

diff --git a/debian/changelog b/debian/changelog
index 92973259f..b6157cc30 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -24,6 +24,8 @@ linux-2.6 (3.2.12-1) UNRELEASED; urgency=low
   * CIFS: Fix a spurious error in cifs_push_posix_locks
   * [rt] bump rt patch to version 3.2.11-rt20
   * aufs: Update to aufs3.2-20120312
+  * tcp: fix syncookie regression
+  * ipv6: Don't dev_hold(dev) in ip6_mc_find_dev_rcu
 
   [ Jonathan Nieder ]
   * [x86] Enable RTS5139 as module (Closes: #663912)
diff --git a/debian/patches/bugfix/all/ipv6-don-t-dev_hold-dev-in-ip6_mc_find_dev_rcu.patch b/debian/patches/bugfix/all/ipv6-don-t-dev_hold-dev-in-ip6_mc_find_dev_rcu.patch
new file mode 100644
index 000000000..73996c747
--- /dev/null
+++ b/debian/patches/bugfix/all/ipv6-don-t-dev_hold-dev-in-ip6_mc_find_dev_rcu.patch
@@ -0,0 +1,34 @@
+From 83a87eb0683a5166845b7ea0cb236eab039f693b Mon Sep 17 00:00:00 2001
+From: "RongQing.Li" <roy.qing.li@gmail.com>
+Date: Thu, 15 Mar 2012 22:54:14 +0000
+Subject: ipv6: Don't dev_hold(dev) in ip6_mc_find_dev_rcu.
+
+
+From: RongQing.Li <roy.qing.li@gmail.com>
+
+[ Upstream commit c577923756b7fe9071f28a76b66b83b306d1d001 ]
+
+ip6_mc_find_dev_rcu() is called with rcu_read_lock(), so don't
+need to dev_hold().
+With dev_hold(), not corresponding dev_put(), will lead to leak.
+
+[ bug introduced in 96b52e61be1 (ipv6: mcast: RCU conversions) ]
+
+Signed-off-by: RongQing.Li <roy.qing.li@gmail.com>
+Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv6/mcast.c |    1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/net/ipv6/mcast.c
++++ b/net/ipv6/mcast.c
+@@ -257,7 +257,6 @@ static struct inet6_dev *ip6_mc_find_dev
+ 
+ 		if (rt) {
+ 			dev = rt->rt6i_dev;
+-			dev_hold(dev);
+ 			dst_release(&rt->dst);
+ 		}
+ 	} else
diff --git a/debian/patches/bugfix/all/tcp-fix-syncookie-regression.patch b/debian/patches/bugfix/all/tcp-fix-syncookie-regression.patch
new file mode 100644
index 000000000..2990f18a1
--- /dev/null
+++ b/debian/patches/bugfix/all/tcp-fix-syncookie-regression.patch
@@ -0,0 +1,107 @@
+From 3e9eb20e6f5e649c43be81677248c86a8e7b3961 Mon Sep 17 00:00:00 2001
+From: Eric Dumazet <eric.dumazet@gmail.com>
+Date: Sat, 10 Mar 2012 09:20:21 +0000
+Subject: tcp: fix syncookie regression
+
+
+From: Eric Dumazet <eric.dumazet@gmail.com>
+
+[ Upstream commit dfd25ffffc132c00070eed64200e8950da5d7e9d ]
+
+commit ea4fc0d619 (ipv4: Don't use rt->rt_{src,dst} in ip_queue_xmit())
+added a serious regression on synflood handling.
+
+Simon Kirby discovered a successful connection was delayed by 20 seconds
+before being responsive.
+
+In my tests, I discovered that xmit frames were lost, and needed ~4
+retransmits and a socket dst rebuild before being really sent.
+
+In case of syncookie initiated connection, we use a different path to
+initialize the socket dst, and inet->cork.fl.u.ip4 is left cleared.
+
+As ip_queue_xmit() now depends on inet flow being setup, fix this by
+copying the temp flowi4 we use in cookie_v4_check().
+
+Reported-by: Simon Kirby <sim@netnation.com>
+Bisected-by: Simon Kirby <sim@netnation.com>
+Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
+Tested-by: Eric Dumazet <eric.dumazet@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv4/syncookies.c |   30 ++++++++++++++++--------------
+ net/ipv4/tcp_ipv4.c   |   10 +++++++---
+ 2 files changed, 23 insertions(+), 17 deletions(-)
+
+--- a/net/ipv4/syncookies.c
++++ b/net/ipv4/syncookies.c
+@@ -278,6 +278,7 @@ struct sock *cookie_v4_check(struct sock
+ 	struct rtable *rt;
+ 	__u8 rcv_wscale;
+ 	bool ecn_ok = false;
++	struct flowi4 fl4;
+ 
+ 	if (!sysctl_tcp_syncookies || !th->ack || th->rst)
+ 		goto out;
+@@ -346,20 +347,16 @@ struct sock *cookie_v4_check(struct sock
+ 	 * hasn't changed since we received the original syn, but I see
+ 	 * no easy way to do this.
+ 	 */
+-	{
+-		struct flowi4 fl4;
+-
+-		flowi4_init_output(&fl4, 0, sk->sk_mark, RT_CONN_FLAGS(sk),
+-				   RT_SCOPE_UNIVERSE, IPPROTO_TCP,
+-				   inet_sk_flowi_flags(sk),
+-				   (opt && opt->srr) ? opt->faddr : ireq->rmt_addr,
+-				   ireq->loc_addr, th->source, th->dest);
+-		security_req_classify_flow(req, flowi4_to_flowi(&fl4));
+-		rt = ip_route_output_key(sock_net(sk), &fl4);
+-		if (IS_ERR(rt)) {
+-			reqsk_free(req);
+-			goto out;
+-		}
++	flowi4_init_output(&fl4, 0, sk->sk_mark, RT_CONN_FLAGS(sk),
++			   RT_SCOPE_UNIVERSE, IPPROTO_TCP,
++			   inet_sk_flowi_flags(sk),
++			   (opt && opt->srr) ? opt->faddr : ireq->rmt_addr,
++			   ireq->loc_addr, th->source, th->dest);
++	security_req_classify_flow(req, flowi4_to_flowi(&fl4));
++	rt = ip_route_output_key(sock_net(sk), &fl4);
++	if (IS_ERR(rt)) {
++		reqsk_free(req);
++		goto out;
+ 	}
+ 
+ 	/* Try to redo what tcp_v4_send_synack did. */
+@@ -373,5 +370,10 @@ struct sock *cookie_v4_check(struct sock
+ 	ireq->rcv_wscale  = rcv_wscale;
+ 
+ 	ret = get_cookie_sock(sk, skb, req, &rt->dst);
++	/* ip_queue_xmit() depends on our flow being setup
++	 * Normal sockets get it right from inet_csk_route_child_sock()
++	 */
++	if (ret)
++		inet_sk(ret)->cork.fl.u.ip4 = fl4;
+ out:	return ret;
+ }
+--- a/net/ipv4/tcp_ipv4.c
++++ b/net/ipv4/tcp_ipv4.c
+@@ -1465,9 +1465,13 @@ struct sock *tcp_v4_syn_recv_sock(struct
+ 		inet_csk(newsk)->icsk_ext_hdr_len = inet_opt->opt.optlen;
+ 	newinet->inet_id = newtp->write_seq ^ jiffies;
+ 
+-	if (!dst && (dst = inet_csk_route_child_sock(sk, newsk, req)) == NULL)
+-		goto put_and_exit;
+-
++	if (!dst) {
++		dst = inet_csk_route_child_sock(sk, newsk, req);
++		if (!dst)
++			goto put_and_exit;
++	} else {
++		/* syncookie case : see end of cookie_v4_check() */
++	}
+ 	sk_setup_caps(newsk, dst);
+ 
+ 	tcp_mtup_init(newsk);
diff --git a/debian/patches/series/base b/debian/patches/series/base
index 3d710c62a..6c2dd444f 100644
--- a/debian/patches/series/base
+++ b/debian/patches/series/base
@@ -83,3 +83,5 @@
 + features/all/fs-hardlink-creation-restriction-cleanup.patch
 + bugfix/all/Don-t-limit-non-nested-epoll-paths.patch
 + bugfix/all/CIFS-Fix-a-spurious-error-in-cifs_push_posix_locks.patch
++ bugfix/all/tcp-fix-syncookie-regression.patch
++ bugfix/all/ipv6-don-t-dev_hold-dev-in-ip6_mc_find_dev_rcu.patch