From 95ece6ebc636fc253a4996642421e22a52988e0e Mon Sep 17 00:00:00 2001
From: Ben Hutchings <ben@decadent.org.uk>
Date: Fri, 12 Feb 2016 23:34:37 +0000
Subject: [PATCH] iw_cxgb3: Fix incorrectly returning error on success
 (CVE-2015-8812)

---
 debian/changelog                              |  6 +++
 ...correctly-returning-error-on-success.patch | 38 +++++++++++++++++++
 debian/patches/series                         |  1 +
 3 files changed, 45 insertions(+)
 create mode 100644 debian/patches/bugfix/all/iw_cxgb3-Fix-incorrectly-returning-error-on-success.patch

diff --git a/debian/changelog b/debian/changelog
index af24749ae..1fbd1b883 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+linux (4.4.1-1) UNRELEASED; urgency=medium
+
+  * iw_cxgb3: Fix incorrectly returning error on success (CVE-2015-8812)
+
+ -- Ben Hutchings <ben@decadent.org.uk>  Fri, 12 Feb 2016 23:34:23 +0000
+
 linux (4.4.1-1~exp1) experimental; urgency=medium
 
   * New upstream stable update:
diff --git a/debian/patches/bugfix/all/iw_cxgb3-Fix-incorrectly-returning-error-on-success.patch b/debian/patches/bugfix/all/iw_cxgb3-Fix-incorrectly-returning-error-on-success.patch
new file mode 100644
index 000000000..002fb6052
--- /dev/null
+++ b/debian/patches/bugfix/all/iw_cxgb3-Fix-incorrectly-returning-error-on-success.patch
@@ -0,0 +1,38 @@
+From: Hariprasad S <hariprasad@chelsio.com>
+Date: Fri, 11 Dec 2015 13:59:17 +0530
+Subject: iw_cxgb3: Fix incorrectly returning error on success
+Origin: https://git.kernel.org/linus/67f1aee6f45059fd6b0f5b0ecb2c97ad0451f6b3
+
+The cxgb3_*_send() functions return NET_XMIT_ values, which are
+positive integers values. So don't treat positive return values
+as an error.
+
+Signed-off-by: Steve Wise <swise@opengridcomputing.com>
+Signed-off-by: Hariprasad Shenai <hariprasad@chelsio.com>
+Signed-off-by: Doug Ledford <dledford@redhat.com>
+---
+ drivers/infiniband/hw/cxgb3/iwch_cm.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/infiniband/hw/cxgb3/iwch_cm.c b/drivers/infiniband/hw/cxgb3/iwch_cm.c
+index cb78b1e9bcd9..f504ba73e5dc 100644
+--- a/drivers/infiniband/hw/cxgb3/iwch_cm.c
++++ b/drivers/infiniband/hw/cxgb3/iwch_cm.c
+@@ -149,7 +149,7 @@ static int iwch_l2t_send(struct t3cdev *tdev, struct sk_buff *skb, struct l2t_en
+ 	error = l2t_send(tdev, skb, l2e);
+ 	if (error < 0)
+ 		kfree_skb(skb);
+-	return error;
++	return error < 0 ? error : 0;
+ }
+ 
+ int iwch_cxgb3_ofld_send(struct t3cdev *tdev, struct sk_buff *skb)
+@@ -165,7 +165,7 @@ int iwch_cxgb3_ofld_send(struct t3cdev *tdev, struct sk_buff *skb)
+ 	error = cxgb3_ofld_send(tdev, skb);
+ 	if (error < 0)
+ 		kfree_skb(skb);
+-	return error;
++	return error < 0 ? error : 0;
+ }
+ 
+ static void release_tid(struct t3cdev *tdev, u32 hwtid, struct sk_buff *skb)
diff --git a/debian/patches/series b/debian/patches/series
index d6a5a28f4..854d9ace2 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -117,3 +117,4 @@ bugfix/all/ptrace-being-capable-wrt-a-process-requires-mapped-uids-gids.patch
 bugfix/all/usb-serial-visor-fix-crash-on-detecting-device-without-write_urbs.patch
 bugfix/all/tty-fix-unsafe-ldisc-reference-via-ioctl-tiocgetd.patch
 bugfix/all/pipe-limit-the-per-user-amount-of-pages-allocated-in.patch
+bugfix/all/iw_cxgb3-Fix-incorrectly-returning-error-on-success.patch