From 964ff5b6d06fd4bdd6a85aa30773eed1fd8c3380 Mon Sep 17 00:00:00 2001
From: Michael Marineau <michael.marineau@coreos.com>
Date: Wed, 26 Aug 2015 12:28:33 -0700
Subject: [PATCH 1/2] coreos-kernel: bump to 4.1.6

---
 ...{coreos-kernel-4.1.5.ebuild => coreos-kernel-4.1.6.ebuild} | 0
 .../coreos-overlay/sys-kernel/coreos-sources/Manifest         | 4 +---
 ...oreos-sources-4.1.5.ebuild => coreos-sources-4.1.6.ebuild} | 0
 3 files changed, 1 insertion(+), 3 deletions(-)
 rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/{coreos-kernel-4.1.5.ebuild => coreos-kernel-4.1.6.ebuild} (100%)
 rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/{coreos-sources-4.1.5.ebuild => coreos-sources-4.1.6.ebuild} (100%)

diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.1.5.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.1.6.ebuild
similarity index 100%
rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.1.5.ebuild
rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.1.6.ebuild
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest
index 6c798b7f04..ab5e2a2475 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest
@@ -1,4 +1,2 @@
-DIST linux-4.0.tar.xz 82313052 SHA256 0f2f7d44979bc8f71c4fc5d3308c03499c26a824dd311fdf6eef4dee0d7d5991 SHA512 ce13d2c1c17908fd9a4aa42bb6348a0cb13dd22e560bd54c61b8bfdf62726d6095f130c59177a2fe4793b7dc399481bf10d3556d1d571616000f180304e5a995 WHIRLPOOL c481256e23dc82209942d4f2fc9a94aa7fc4c3c69b05eaa041a58ca4bdc5781274ec4c49d597ccf94b634d61418ec578d20a6569c6c7052b4d3cf33611c99001
 DIST linux-4.1.tar.xz 83017828 SHA256 caf51f085aac1e1cea4d00dbbf3093ead07b551fc07b31b2a989c05f8ea72d9f SHA512 168ef84a4e67619f9f53f3574e438542a5747f9b43443363cb83597fcdac9f40d201625c66e375a23226745eaada9176eb006ca023613cec089349e91751f3c0 WHIRLPOOL 85fcfdb67ea7f865272a85d3b4c3ec1f5a1267f4664bf073c562bb3875e9d96ad68486259d8866a9aced98c95de16840ec531d89745aec75b7315a64ebe650b8
-DIST patch-4.0.9.xz 226564 SHA256 842cb3abf053e809b23e615020f3d0730220660f0e71f259dce69510364965f1 SHA512 59cfaba028cf9d669ceac25f967945963330736059f38c01f584d3379e2ac243df3f89836e4815014f6799816746bba49a35915ccc4a66250bb95536d9b9e9f5 WHIRLPOOL 9e59979125dbbfef3ba972be4987606a8ba0ce24ed7cadf216c3b339036dbfc3a071f66fc12b6d0acd41d5ad53e71607d3e01d658f4fa59ebe70767d0e5cbc62
-DIST patch-4.1.4.xz 130240 SHA256 0976127a60a950acf2796f642ac647e5231573b9a0f25703a37a50b988bf3b88 SHA512 c6ac581f49e6fcbc6248a56e0e318778743e83c1936b3540b9b4aef255b5877ed3bae2fdd09fea8d3a86e6b57dbb6a413b4ebe4f994cbe0b0a0167b4dc821794 WHIRLPOOL d33a6f6dcc7ff759407d8b20fad40fbb8cb6ea44aead4876b53ed6ce66026c3bb43e478e25fd694d9bd3648ef3d01195ffd14ebf24619cd856805270b885d13d
+DIST patch-4.1.6.xz 201836 SHA256 64e4deb16a279e233b0c91463b131bd0f3de6aabdb49efded8314bcf5dbfe070 SHA512 1b725c2051d7dd9129c927fdb90d8d7a2e13149a2dd1175c5efacfc516e664af3647bca83d847197f8c19ef140bf07ea856868e27bef4a1cad9607e40b527424 WHIRLPOOL cc685876a4bf84903720a7a311854b4b469d29e8f09303b8e05e82501c6bb105fe149eed78f14084bbd748bfbd13ad55a22277ac1ab17c497b6c5e0db64af0d6
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.1.5.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.1.6.ebuild
similarity index 100%
rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.1.5.ebuild
rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.1.6.ebuild

From 3dea35ecdd4b0b2479f0445ad866a140667fdc30 Mon Sep 17 00:00:00 2001
From: Michael Marineau <michael.marineau@coreos.com>
Date: Thu, 27 Aug 2015 09:25:48 -0700
Subject: [PATCH 2/2] coreos-kernel: backport "udp: fix dst races with
 multicast early demux"

This patch hasn't hit stable yet but may be a factor in
https://github.com/coreos/bugs/issues/435, recommended on LKML.
---
 ...6.ebuild => coreos-kernel-4.1.6-r1.ebuild} |  2 +-
 ....ebuild => coreos-sources-4.1.6-r1.ebuild} |  3 +-
 ...dst-races-with-multicast-early-demux.patch | 62 +++++++++++++++++++
 3 files changed, 65 insertions(+), 2 deletions(-)
 rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/{coreos-kernel-4.1.6.ebuild => coreos-kernel-4.1.6-r1.ebuild} (86%)
 rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/{coreos-sources-4.1.6.ebuild => coreos-sources-4.1.6-r1.ebuild} (94%)
 create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.1/udp-fix-dst-races-with-multicast-early-demux.patch

diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.1.6.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.1.6-r1.ebuild
similarity index 86%
rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.1.6.ebuild
rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.1.6-r1.ebuild
index ad6f2587f5..4cdc6203e3 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.1.6.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.1.6-r1.ebuild
@@ -2,7 +2,7 @@
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=5
-COREOS_SOURCE_REVISION=""
+COREOS_SOURCE_REVISION="-r1"
 inherit coreos-kernel
 
 DESCRIPTION="CoreOS Linux kernel"
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.1.6.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.1.6-r1.ebuild
similarity index 94%
rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.1.6.ebuild
rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.1.6-r1.ebuild
index 98b7128f47..b5e6c01d54 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.1.6.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.1.6-r1.ebuild
@@ -27,4 +27,5 @@ ${PATCH_DIR}/10-Add-option-to-automatically-enforce-module-signature.patch \
 ${PATCH_DIR}/12-efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch \
 ${PATCH_DIR}/13-efi-Add-EFI_SECURE_BOOT-bit.patch \
 ${PATCH_DIR}/14-hibernate-Disable-in-a-signed-modules-environment.patch \
-${PATCH_DIR}/15-cpuset-use-trialcs-mems_allowed-as-a-temp-variable.patch"
+${PATCH_DIR}/15-cpuset-use-trialcs-mems_allowed-as-a-temp-variable.patch \
+${PATCH_DIR}/udp-fix-dst-races-with-multicast-early-demux.patch"
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.1/udp-fix-dst-races-with-multicast-early-demux.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.1/udp-fix-dst-races-with-multicast-early-demux.patch
new file mode 100644
index 0000000000..e8a5f6c3db
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.1/udp-fix-dst-races-with-multicast-early-demux.patch
@@ -0,0 +1,62 @@
+From 10e2eb878f3ca07ac2f05fa5ca5e6c4c9174a27a Mon Sep 17 00:00:00 2001
+From: Eric Dumazet <edumazet@google.com>
+Date: Sat, 1 Aug 2015 12:14:33 +0200
+Subject: [PATCH] udp: fix dst races with multicast early demux
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Multicast dst are not cached. They carry DST_NOCACHE.
+
+As mentioned in commit f8864972126899 ("ipv4: fix dst race in
+sk_dst_get()"), these dst need special care before caching them
+into a socket.
+
+Caching them is allowed only if their refcnt was not 0, ie we
+must use atomic_inc_not_zero()
+
+Also, we must use READ_ONCE() to fetch sk->sk_rx_dst, as mentioned
+in commit d0c294c53a771 ("tcp: prevent fetching dst twice in early demux
+code")
+
+Fixes: 421b3885bf6d ("udp: ipv4: Add udp early demux")
+Tested-by: Gregory Hoggarth <Gregory.Hoggarth@alliedtelesis.co.nz>
+Signed-off-by: Eric Dumazet <edumazet@google.com>
+Reported-by: Gregory Hoggarth <Gregory.Hoggarth@alliedtelesis.co.nz>
+Reported-by: Alex Gartrell <agartrell@fb.com>
+Cc: Michal Kubeček <mkubecek@suse.cz>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+---
+ net/ipv4/udp.c | 13 ++++++++++---
+ 1 file changed, 10 insertions(+), 3 deletions(-)
+
+diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
+index 83aa604..1b8c5ba 100644
+--- a/net/ipv4/udp.c
++++ b/net/ipv4/udp.c
+@@ -1995,12 +1995,19 @@ void udp_v4_early_demux(struct sk_buff *skb)
+ 
+ 	skb->sk = sk;
+ 	skb->destructor = sock_efree;
+-	dst = sk->sk_rx_dst;
++	dst = READ_ONCE(sk->sk_rx_dst);
+ 
+ 	if (dst)
+ 		dst = dst_check(dst, 0);
+-	if (dst)
+-		skb_dst_set_noref(skb, dst);
++	if (dst) {
++		/* DST_NOCACHE can not be used without taking a reference */
++		if (dst->flags & DST_NOCACHE) {
++			if (likely(atomic_inc_not_zero(&dst->__refcnt)))
++				skb_dst_set(skb, dst);
++		} else {
++			skb_dst_set_noref(skb, dst);
++		}
++	}
+ }
+ 
+ int udp_rcv(struct sk_buff *skb)
+-- 
+2.4.6
+