--- /dev/null
+From foo@baz Thu Jan 12 21:36:14 CET 2017
+From: Reiter Wolfgang <wr0112358@gmail.com>
+Date: Sat, 31 Dec 2016 21:11:57 +0100
+Subject: drop_monitor: add missing call to genlmsg_end
+
+From: Reiter Wolfgang <wr0112358@gmail.com>
+
+
+[ Upstream commit 4200462d88f47f3759bdf4705f87e207b0f5b2e4 ]
+
+Update nlmsg_len field with genlmsg_end to enable userspace processing
+using nlmsg_next helper. Also adds error handling.
+
+Signed-off-by: Reiter Wolfgang <wr0112358@gmail.com>
+Acked-by: Neil Horman <nhorman@tuxdriver.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/core/drop_monitor.c | 33 ++++++++++++++++++++++++---------
+ 1 file changed, 24 insertions(+), 9 deletions(-)
+
+--- a/net/core/drop_monitor.c
++++ b/net/core/drop_monitor.c
+@@ -80,6 +80,7 @@ static struct sk_buff *reset_per_cpu_dat
+ struct nlattr *nla;
+ struct sk_buff *skb;
+ unsigned long flags;
++ void *msg_header;
+
+ al = sizeof(struct net_dm_alert_msg);
+ al += dm_hit_limit * sizeof(struct net_dm_drop_point);
+@@ -87,17 +88,31 @@ static struct sk_buff *reset_per_cpu_dat
+
+ skb = genlmsg_new(al, GFP_KERNEL);
+
+- if (skb) {
+- genlmsg_put(skb, 0, 0, &net_drop_monitor_family,
+- 0, NET_DM_CMD_ALERT);
+- nla = nla_reserve(skb, NLA_UNSPEC,
+- sizeof(struct net_dm_alert_msg));
+- msg = nla_data(nla);
+- memset(msg, 0, al);
+- } else {
+- mod_timer(&data->send_timer, jiffies + HZ / 10);
++ if (!skb)
++ goto err;
++
++ msg_header = genlmsg_put(skb, 0, 0, &net_drop_monitor_family,
++ 0, NET_DM_CMD_ALERT);
++ if (!msg_header) {
++ nlmsg_free(skb);
++ skb = NULL;
++ goto err;
++ }
++ nla = nla_reserve(skb, NLA_UNSPEC,
++ sizeof(struct net_dm_alert_msg));
++ if (!nla) {
++ nlmsg_free(skb);
++ skb = NULL;
++ goto err;
+ }
++ msg = nla_data(nla);
++ memset(msg, 0, al);
++ genlmsg_end(skb, msg_header);
++ goto out;
+
++err:
++ mod_timer(&data->send_timer, jiffies + HZ / 10);
++out:
+ spin_lock_irqsave(&data->lock, flags);
+ swap(data->skb, skb);
+ spin_unlock_irqrestore(&data->lock, flags);
--- /dev/null
+From foo@baz Thu Jan 12 21:36:14 CET 2017
+From: Reiter Wolfgang <wr0112358@gmail.com>
+Date: Tue, 3 Jan 2017 01:39:10 +0100
+Subject: drop_monitor: consider inserted data in genlmsg_end
+
+From: Reiter Wolfgang <wr0112358@gmail.com>
+
+
+[ Upstream commit 3b48ab2248e61408910e792fe84d6ec466084c1a ]
+
+Final nlmsg_len field update must reflect inserted net_dm_drop_point
+data.
+
+This patch depends on previous patch:
+"drop_monitor: add missing call to genlmsg_end"
+
+Signed-off-by: Reiter Wolfgang <wr0112358@gmail.com>
+Acked-by: Neil Horman <nhorman@tuxdriver.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/core/drop_monitor.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+--- a/net/core/drop_monitor.c
++++ b/net/core/drop_monitor.c
+@@ -107,7 +107,6 @@ static struct sk_buff *reset_per_cpu_dat
+ }
+ msg = nla_data(nla);
+ memset(msg, 0, al);
+- genlmsg_end(skb, msg_header);
+ goto out;
+
+ err:
+@@ -117,6 +116,13 @@ out:
+ swap(data->skb, skb);
+ spin_unlock_irqrestore(&data->lock, flags);
+
++ if (skb) {
++ struct nlmsghdr *nlh = (struct nlmsghdr *)skb->data;
++ struct genlmsghdr *gnlh = (struct genlmsghdr *)nlmsg_data(nlh);
++
++ genlmsg_end(skb, genlmsg_data(gnlh));
++ }
++
+ return skb;
+ }
+
--- /dev/null
+From foo@baz Thu Jan 12 21:36:14 CET 2017
+From: Herbert Xu <herbert@gondor.apana.org.au>
+Date: Tue, 10 Jan 2017 12:24:15 -0800
+Subject: gro: Disable frag0 optimization on IPv6 ext headers
+
+From: Herbert Xu <herbert@gondor.apana.org.au>
+
+
+[ Upstream commit 57ea52a865144aedbcd619ee0081155e658b6f7d ]
+
+The GRO fast path caches the frag0 address. This address becomes
+invalid if frag0 is modified by pskb_may_pull or its variants.
+So whenever that happens we must disable the frag0 optimization.
+
+This is usually done through the combination of gro_header_hard
+and gro_header_slow, however, the IPv6 extension header path did
+the pulling directly and would continue to use the GRO fast path
+incorrectly.
+
+This patch fixes it by disabling the fast path when we enter the
+IPv6 extension header path.
+
+Fixes: 78a478d0efd9 ("gro: Inline skb_gro_header and cache frag0 virtual address")
+Reported-by: Slava Shwartsman <slavash@mellanox.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Eric Dumazet <edumazet@google.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ include/linux/netdevice.h | 9 +++++++--
+ net/ipv6/ip6_offload.c | 1 +
+ 2 files changed, 8 insertions(+), 2 deletions(-)
+
+--- a/include/linux/netdevice.h
++++ b/include/linux/netdevice.h
+@@ -2325,14 +2325,19 @@ static inline int skb_gro_header_hard(st
+ return NAPI_GRO_CB(skb)->frag0_len < hlen;
+ }
+
++static inline void skb_gro_frag0_invalidate(struct sk_buff *skb)
++{
++ NAPI_GRO_CB(skb)->frag0 = NULL;
++ NAPI_GRO_CB(skb)->frag0_len = 0;
++}
++
+ static inline void *skb_gro_header_slow(struct sk_buff *skb, unsigned int hlen,
+ unsigned int offset)
+ {
+ if (!pskb_may_pull(skb, hlen))
+ return NULL;
+
+- NAPI_GRO_CB(skb)->frag0 = NULL;
+- NAPI_GRO_CB(skb)->frag0_len = 0;
++ skb_gro_frag0_invalidate(skb);
+ return skb->data + offset;
+ }
+
+--- a/net/ipv6/ip6_offload.c
++++ b/net/ipv6/ip6_offload.c
+@@ -196,6 +196,7 @@ static struct sk_buff **ipv6_gro_receive
+ ops = rcu_dereference(inet6_offloads[proto]);
+ if (!ops || !ops->callbacks.gro_receive) {
+ __pskb_pull(skb, skb_gro_offset(skb));
++ skb_gro_frag0_invalidate(skb);
+ proto = ipv6_gso_pull_exthdrs(skb, proto);
+ skb_gro_pull(skb, -skb_transport_offset(skb));
+ skb_reset_transport_header(skb);
--- /dev/null
+From foo@baz Thu Jan 12 21:36:14 CET 2017
+From: Herbert Xu <herbert@gondor.apana.org.au>
+Date: Tue, 10 Jan 2017 12:24:01 -0800
+Subject: gro: Enter slow-path if there is no tailroom
+
+From: Herbert Xu <herbert@gondor.apana.org.au>
+
+
+[ Upstream commit 1272ce87fa017ca4cf32920764d879656b7a005a ]
+
+The GRO path has a fast-path where we avoid calling pskb_may_pull
+and pskb_expand by directly accessing frag0. However, this should
+only be done if we have enough tailroom in the skb as otherwise
+we'll have to expand it later anyway.
+
+This patch adds the check by capping frag0_len with the skb tailroom.
+
+Fixes: cb18978cbf45 ("gro: Open-code final pskb_may_pull")
+Reported-by: Slava Shwartsman <slavash@mellanox.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Eric Dumazet <edumazet@google.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/core/dev.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/net/core/dev.c
++++ b/net/core/dev.c
+@@ -4187,7 +4187,8 @@ static void skb_gro_reset_offset(struct
+ pinfo->nr_frags &&
+ !PageHighMem(skb_frag_page(frag0))) {
+ NAPI_GRO_CB(skb)->frag0 = skb_frag_address(frag0);
+- NAPI_GRO_CB(skb)->frag0_len = skb_frag_size(frag0);
++ NAPI_GRO_CB(skb)->frag0_len = min(skb_frag_size(frag0),
++ skb->end - skb->tail);
+ }
+ }
+
--- /dev/null
+From foo@baz Thu Jan 12 21:36:14 CET 2017
+From: Eric Dumazet <edumazet@google.com>
+Date: Tue, 10 Jan 2017 19:52:43 -0800
+Subject: gro: use min_t() in skb_gro_reset_offset()
+
+From: Eric Dumazet <edumazet@google.com>
+
+
+[ Upstream commit 7cfd5fd5a9813f1430290d20c0fead9b4582a307 ]
+
+On 32bit arches, (skb->end - skb->data) is not 'unsigned int',
+so we shall use min_t() instead of min() to avoid a compiler error.
+
+Fixes: 1272ce87fa01 ("gro: Enter slow-path if there is no tailroom")
+Reported-by: kernel test robot <fengguang.wu@intel.com>
+Signed-off-by: Eric Dumazet <edumazet@google.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/core/dev.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/net/core/dev.c
++++ b/net/core/dev.c
+@@ -4187,8 +4187,9 @@ static void skb_gro_reset_offset(struct
+ pinfo->nr_frags &&
+ !PageHighMem(skb_frag_page(frag0))) {
+ NAPI_GRO_CB(skb)->frag0 = skb_frag_address(frag0);
+- NAPI_GRO_CB(skb)->frag0_len = min(skb_frag_size(frag0),
+- skb->end - skb->tail);
++ NAPI_GRO_CB(skb)->frag0_len = min_t(unsigned int,
++ skb_frag_size(frag0),
++ skb->end - skb->tail);
+ }
+ }
+
--- /dev/null
+From foo@baz Thu Jan 12 21:36:14 CET 2017
+From: Michal Tesar <mtesar@redhat.com>
+Date: Mon, 2 Jan 2017 14:38:36 +0100
+Subject: igmp: Make igmp group member RFC 3376 compliant
+
+From: Michal Tesar <mtesar@redhat.com>
+
+
+[ Upstream commit 7ababb782690e03b78657e27bd051e20163af2d6 ]
+
+5.2. Action on Reception of a Query
+
+ When a system receives a Query, it does not respond immediately.
+ Instead, it delays its response by a random amount of time, bounded
+ by the Max Resp Time value derived from the Max Resp Code in the
+ received Query message. A system may receive a variety of Queries on
+ different interfaces and of different kinds (e.g., General Queries,
+ Group-Specific Queries, and Group-and-Source-Specific Queries), each
+ of which may require its own delayed response.
+
+ Before scheduling a response to a Query, the system must first
+ consider previously scheduled pending responses and in many cases
+ schedule a combined response. Therefore, the system must be able to
+ maintain the following state:
+
+ o A timer per interface for scheduling responses to General Queries.
+
+ o A per-group and interface timer for scheduling responses to Group-
+ Specific and Group-and-Source-Specific Queries.
+
+ o A per-group and interface list of sources to be reported in the
+ response to a Group-and-Source-Specific Query.
+
+ When a new Query with the Router-Alert option arrives on an
+ interface, provided the system has state to report, a delay for a
+ response is randomly selected in the range (0, [Max Resp Time]) where
+ Max Resp Time is derived from Max Resp Code in the received Query
+ message. The following rules are then used to determine if a Report
+ needs to be scheduled and the type of Report to schedule. The rules
+ are considered in order and only the first matching rule is applied.
+
+ 1. If there is a pending response to a previous General Query
+ scheduled sooner than the selected delay, no additional response
+ needs to be scheduled.
+
+ 2. If the received Query is a General Query, the interface timer is
+ used to schedule a response to the General Query after the
+ selected delay. Any previously pending response to a General
+ Query is canceled.
+--8<--
+
+Currently the timer is rearmed with new random expiration time for
+every incoming query regardless of possibly already pending report.
+Which is not aligned with the above RFE.
+It also might happen that higher rate of incoming queries can
+postpone the report after the expiration time of the first query
+causing group membership loss.
+
+Now the per interface general query timer is rearmed only
+when there is no pending report already scheduled on that interface or
+the newly selected expiration time is before the already pending
+scheduled report.
+
+Signed-off-by: Michal Tesar <mtesar@redhat.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv4/igmp.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+--- a/net/ipv4/igmp.c
++++ b/net/ipv4/igmp.c
+@@ -225,9 +225,14 @@ static void igmp_start_timer(struct ip_m
+ static void igmp_gq_start_timer(struct in_device *in_dev)
+ {
+ int tv = prandom_u32() % in_dev->mr_maxdelay;
++ unsigned long exp = jiffies + tv + 2;
++
++ if (in_dev->mr_gq_running &&
++ time_after_eq(exp, (in_dev->mr_gq_timer).expires))
++ return;
+
+ in_dev->mr_gq_running = 1;
+- if (!mod_timer(&in_dev->mr_gq_timer, jiffies+tv+2))
++ if (!mod_timer(&in_dev->mr_gq_timer, exp))
+ in_dev_hold(in_dev);
+ }
+
--- /dev/null
+From foo@baz Thu Jan 12 21:36:14 CET 2017
+From: Alexander Duyck <alexander.h.duyck@intel.com>
+Date: Mon, 2 Jan 2017 13:32:54 -0800
+Subject: ipv4: Do not allow MAIN to be alias for new LOCAL w/ custom rules
+
+From: Alexander Duyck <alexander.h.duyck@intel.com>
+
+
+[ Upstream commit 5350d54f6cd12eaff623e890744c79b700bd3f17 ]
+
+In the case of custom rules being present we need to handle the case of the
+LOCAL table being intialized after the new rule has been added. To address
+that I am adding a new check so that we can make certain we don't use an
+alias of MAIN for LOCAL when allocating a new table.
+
+Fixes: 0ddcf43d5d4a ("ipv4: FIB Local/MAIN table collapse")
+Reported-by: Oliver Brunel <jjk@jjacky.com>
+Signed-off-by: Alexander Duyck <alexander.h.duyck@intel.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv4/fib_frontend.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/ipv4/fib_frontend.c
++++ b/net/ipv4/fib_frontend.c
+@@ -85,7 +85,7 @@ struct fib_table *fib_new_table(struct n
+ if (tb)
+ return tb;
+
+- if (id == RT_TABLE_LOCAL)
++ if (id == RT_TABLE_LOCAL && !net->ipv4.fib_has_custom_rules)
+ alias = fib_new_table(net, RT_TABLE_MAIN);
+
+ tb = fib_trie_table(id, alias);
--- /dev/null
+From foo@baz Thu Jan 12 21:36:14 CET 2017
+From: Dave Jones <davej@codemonkey.org.uk>
+Date: Thu, 22 Dec 2016 11:16:22 -0500
+Subject: ipv6: handle -EFAULT from skb_copy_bits
+
+From: Dave Jones <davej@codemonkey.org.uk>
+
+
+[ Upstream commit a98f91758995cb59611e61318dddd8a6956b52c3 ]
+
+By setting certain socket options on ipv6 raw sockets, we can confuse the
+length calculation in rawv6_push_pending_frames triggering a BUG_ON.
+
+RIP: 0010:[<ffffffff817c6390>] [<ffffffff817c6390>] rawv6_sendmsg+0xc30/0xc40
+RSP: 0018:ffff881f6c4a7c18 EFLAGS: 00010282
+RAX: 00000000fffffff2 RBX: ffff881f6c681680 RCX: 0000000000000002
+RDX: ffff881f6c4a7cf8 RSI: 0000000000000030 RDI: ffff881fed0f6a00
+RBP: ffff881f6c4a7da8 R08: 0000000000000000 R09: 0000000000000009
+R10: ffff881fed0f6a00 R11: 0000000000000009 R12: 0000000000000030
+R13: ffff881fed0f6a00 R14: ffff881fee39ba00 R15: ffff881fefa93a80
+
+Call Trace:
+ [<ffffffff8118ba23>] ? unmap_page_range+0x693/0x830
+ [<ffffffff81772697>] inet_sendmsg+0x67/0xa0
+ [<ffffffff816d93f8>] sock_sendmsg+0x38/0x50
+ [<ffffffff816d982f>] SYSC_sendto+0xef/0x170
+ [<ffffffff816da27e>] SyS_sendto+0xe/0x10
+ [<ffffffff81002910>] do_syscall_64+0x50/0xa0
+ [<ffffffff817f7cbc>] entry_SYSCALL64_slow_path+0x25/0x25
+
+Handle by jumping to the failure path if skb_copy_bits gets an EFAULT.
+
+Reproducer:
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+
+#define LEN 504
+
+int main(int argc, char* argv[])
+{
+ int fd;
+ int zero = 0;
+ char buf[LEN];
+
+ memset(buf, 0, LEN);
+
+ fd = socket(AF_INET6, SOCK_RAW, 7);
+
+ setsockopt(fd, SOL_IPV6, IPV6_CHECKSUM, &zero, 4);
+ setsockopt(fd, SOL_IPV6, IPV6_DSTOPTS, &buf, LEN);
+
+ sendto(fd, buf, 1, 0, (struct sockaddr *) buf, 110);
+}
+
+Signed-off-by: Dave Jones <davej@codemonkey.org.uk>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv6/raw.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+--- a/net/ipv6/raw.c
++++ b/net/ipv6/raw.c
+@@ -589,7 +589,11 @@ static int rawv6_push_pending_frames(str
+ }
+
+ offset += skb_transport_offset(skb);
+- BUG_ON(skb_copy_bits(skb, offset, &csum, 2));
++ err = skb_copy_bits(skb, offset, &csum, 2);
++ if (err < 0) {
++ ip6_flush_pending_frames(sk);
++ goto out;
++ }
+
+ /* in case cksum was not initialized */
+ if (unlikely(csum))
--- /dev/null
+From foo@baz Thu Jan 12 21:36:14 CET 2017
+From: David Ahern <dsa@cumulusnetworks.com>
+Date: Tue, 10 Jan 2017 14:37:35 -0800
+Subject: net: ipv4: Fix multipath selection with vrf
+
+From: David Ahern <dsa@cumulusnetworks.com>
+
+
+[ Upstream commit 7a18c5b9fb31a999afc62b0e60978aa896fc89e9 ]
+
+fib_select_path does not call fib_select_multipath if oif is set in the
+flow struct. For VRF use cases oif is always set, so multipath route
+selection is bypassed. Use the FLOWI_FLAG_SKIP_NH_OIF to skip the oif
+check similar to what is done in fib_table_lookup.
+
+Add saddr and proto to the flow struct for the fib lookup done by the
+VRF driver to better match hash computation for a flow.
+
+Fixes: 613d09b30f8b ("net: Use VRF device index for lookups on TX")
+Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/vrf.c | 2 ++
+ net/ipv4/fib_semantics.c | 9 +++++++--
+ 2 files changed, 9 insertions(+), 2 deletions(-)
+
+--- a/drivers/net/vrf.c
++++ b/drivers/net/vrf.c
+@@ -301,7 +301,9 @@ static netdev_tx_t vrf_process_v4_outbou
+ .flowi4_tos = RT_TOS(ip4h->tos),
+ .flowi4_flags = FLOWI_FLAG_ANYSRC | FLOWI_FLAG_L3MDEV_SRC |
+ FLOWI_FLAG_SKIP_NH_OIF,
++ .flowi4_proto = ip4h->protocol,
+ .daddr = ip4h->daddr,
++ .saddr = ip4h->saddr,
+ };
+
+ if (vrf_send_v4_prep(skb, &fl4, vrf_dev))
+--- a/net/ipv4/fib_semantics.c
++++ b/net/ipv4/fib_semantics.c
+@@ -1588,8 +1588,13 @@ void fib_select_multipath(struct fib_res
+ void fib_select_path(struct net *net, struct fib_result *res,
+ struct flowi4 *fl4, int mp_hash)
+ {
++ bool oif_check;
++
++ oif_check = (fl4->flowi4_oif == 0 ||
++ fl4->flowi4_flags & FLOWI_FLAG_SKIP_NH_OIF);
++
+ #ifdef CONFIG_IP_ROUTE_MULTIPATH
+- if (res->fi->fib_nhs > 1 && fl4->flowi4_oif == 0) {
++ if (res->fi->fib_nhs > 1 && oif_check) {
+ if (mp_hash < 0)
+ mp_hash = get_hash_from_flowi4(fl4) >> 1;
+
+@@ -1599,7 +1604,7 @@ void fib_select_path(struct net *net, st
+ #endif
+ if (!res->prefixlen &&
+ res->table->tb_num_default > 1 &&
+- res->type == RTN_UNICAST && !fl4->flowi4_oif)
++ res->type == RTN_UNICAST && oif_check)
+ fib_select_default(fl4, res);
+
+ if (!fl4->saddr)
--- /dev/null
+From foo@baz Thu Jan 12 21:36:14 CET 2017
+From: Eli Cohen <eli@mellanox.com>
+Date: Wed, 28 Dec 2016 14:58:34 +0200
+Subject: net/mlx5: Avoid shadowing numa_node
+
+From: Eli Cohen <eli@mellanox.com>
+
+
+[ Upstream commit d151d73dcc99de87c63bdefebcc4cb69de1cdc40 ]
+
+Avoid using a local variable named numa_node to avoid shadowing a public
+one.
+
+Fixes: db058a186f98 ('net/mlx5_core: Set irq affinity hints')
+Signed-off-by: Eli Cohen <eli@mellanox.com>
+Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/mellanox/mlx5/core/main.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/drivers/net/ethernet/mellanox/mlx5/core/main.c
++++ b/drivers/net/ethernet/mellanox/mlx5/core/main.c
+@@ -512,7 +512,6 @@ static int mlx5_irq_set_affinity_hint(st
+ struct mlx5_priv *priv = &mdev->priv;
+ struct msix_entry *msix = priv->msix_arr;
+ int irq = msix[i + MLX5_EQ_VEC_COMP_BASE].vector;
+- int numa_node = priv->numa_node;
+ int err;
+
+ if (!zalloc_cpumask_var(&priv->irq_info[i].mask, GFP_KERNEL)) {
+@@ -520,7 +519,7 @@ static int mlx5_irq_set_affinity_hint(st
+ return -ENOMEM;
+ }
+
+- cpumask_set_cpu(cpumask_local_spread(i, numa_node),
++ cpumask_set_cpu(cpumask_local_spread(i, priv->numa_node),
+ priv->irq_info[i].mask);
+
+ err = irq_set_affinity_hint(irq, priv->irq_info[i].mask);
--- /dev/null
+From foo@baz Thu Jan 12 21:36:14 CET 2017
+From: Noa Osherovich <noaos@mellanox.com>
+Date: Wed, 28 Dec 2016 14:58:32 +0200
+Subject: net/mlx5: Check FW limitations on log_max_qp before setting it
+
+From: Noa Osherovich <noaos@mellanox.com>
+
+
+[ Upstream commit 883371c453b937f9eb581fb4915210865982736f ]
+
+When setting HCA capabilities, set log_max_qp to be the minimum
+between the selected profile's value and the HCA limitation.
+
+Fixes: 938fe83c8dcb ('net/mlx5_core: New device capabilities...')
+Signed-off-by: Noa Osherovich <noaos@mellanox.com>
+Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/mellanox/mlx5/core/main.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+--- a/drivers/net/ethernet/mellanox/mlx5/core/main.c
++++ b/drivers/net/ethernet/mellanox/mlx5/core/main.c
+@@ -432,6 +432,13 @@ static int handle_hca_cap(struct mlx5_co
+ MLX5_SET(cmd_hca_cap, set_hca_cap, pkey_table_size,
+ to_fw_pkey_sz(128));
+
++ /* Check log_max_qp from HCA caps to set in current profile */
++ if (MLX5_CAP_GEN_MAX(dev, log_max_qp) < profile[prof_sel].log_max_qp) {
++ mlx5_core_warn(dev, "log_max_qp value in current profile is %d, changing it to HCA capability limit (%d)\n",
++ profile[prof_sel].log_max_qp,
++ MLX5_CAP_GEN_MAX(dev, log_max_qp));
++ profile[prof_sel].log_max_qp = MLX5_CAP_GEN_MAX(dev, log_max_qp);
++ }
+ if (prof->mask & MLX5_PROF_MASK_QP_SIZE)
+ MLX5_SET(cmd_hca_cap, set_hca_cap, log_max_qp,
+ prof->log_max_qp);
--- /dev/null
+From foo@baz Thu Jan 12 21:36:14 CET 2017
+From: Daniel Borkmann <daniel@iogearbox.net>
+Date: Wed, 21 Dec 2016 18:04:11 +0100
+Subject: net, sched: fix soft lockup in tc_classify
+
+From: Daniel Borkmann <daniel@iogearbox.net>
+
+
+[ Upstream commit 628185cfddf1dfb701c4efe2cfd72cf5b09f5702 ]
+
+Shahar reported a soft lockup in tc_classify(), where we run into an
+endless loop when walking the classifier chain due to tp->next == tp
+which is a state we should never run into. The issue only seems to
+trigger under load in the tc control path.
+
+What happens is that in tc_ctl_tfilter(), thread A allocates a new
+tp, initializes it, sets tp_created to 1, and calls into tp->ops->change()
+with it. In that classifier callback we had to unlock/lock the rtnl
+mutex and returned with -EAGAIN. One reason why we need to drop there
+is, for example, that we need to request an action module to be loaded.
+
+This happens via tcf_exts_validate() -> tcf_action_init/_1() meaning
+after we loaded and found the requested action, we need to redo the
+whole request so we don't race against others. While we had to unlock
+rtnl in that time, thread B's request was processed next on that CPU.
+Thread B added a new tp instance successfully to the classifier chain.
+When thread A returned grabbing the rtnl mutex again, propagating -EAGAIN
+and destroying its tp instance which never got linked, we goto replay
+and redo A's request.
+
+This time when walking the classifier chain in tc_ctl_tfilter() for
+checking for existing tp instances we had a priority match and found
+the tp instance that was created and linked by thread B. Now calling
+again into tp->ops->change() with that tp was successful and returned
+without error.
+
+tp_created was never cleared in the second round, thus kernel thinks
+that we need to link it into the classifier chain (once again). tp and
+*back point to the same object due to the match we had earlier on. Thus
+for thread B's already public tp, we reset tp->next to tp itself and
+link it into the chain, which eventually causes the mentioned endless
+loop in tc_classify() once a packet hits the data path.
+
+Fix is to clear tp_created at the beginning of each request, also when
+we replay it. On the paths that can cause -EAGAIN we already destroy
+the original tp instance we had and on replay we really need to start
+from scratch. It seems that this issue was first introduced in commit
+12186be7d2e1 ("net_cls: fix unconfigured struct tcf_proto keeps chaining
+and avoid kernel panic when we use cls_cgroup").
+
+Fixes: 12186be7d2e1 ("net_cls: fix unconfigured struct tcf_proto keeps chaining and avoid kernel panic when we use cls_cgroup")
+Reported-by: Shahar Klein <shahark@mellanox.com>
+Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
+Cc: Cong Wang <xiyou.wangcong@gmail.com>
+Acked-by: Eric Dumazet <edumazet@google.com>
+Tested-by: Shahar Klein <shahark@mellanox.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/sched/cls_api.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/net/sched/cls_api.c
++++ b/net/sched/cls_api.c
+@@ -137,13 +137,15 @@ static int tc_ctl_tfilter(struct sk_buff
+ unsigned long cl;
+ unsigned long fh;
+ int err;
+- int tp_created = 0;
++ int tp_created;
+
+ if ((n->nlmsg_type != RTM_GETTFILTER) &&
+ !netlink_ns_capable(skb, net->user_ns, CAP_NET_ADMIN))
+ return -EPERM;
+
+ replay:
++ tp_created = 0;
++
+ err = nlmsg_parse(n, sizeof(*t), tca, TCA_MAX, NULL);
+ if (err < 0)
+ return err;
--- /dev/null
+From foo@baz Thu Jan 12 21:36:14 CET 2017
+From: Florian Fainelli <f.fainelli@gmail.com>
+Date: Tue, 27 Dec 2016 18:23:06 -0800
+Subject: net: stmmac: Fix race between stmmac_drv_probe and stmmac_open
+
+From: Florian Fainelli <f.fainelli@gmail.com>
+
+
+[ Upstream commit 5701659004d68085182d2fd4199c79172165fa65 ]
+
+There is currently a small window during which the network device registered by
+stmmac can be made visible, yet all resources, including and clock and MDIO bus
+have not had a chance to be set up, this can lead to the following error to
+occur:
+
+[ 473.919358] stmmaceth 0000:01:00.0 (unnamed net_device) (uninitialized):
+ stmmac_dvr_probe: warning: cannot get CSR clock
+[ 473.919382] stmmaceth 0000:01:00.0: no reset control found
+[ 473.919412] stmmac - user ID: 0x10, Synopsys ID: 0x42
+[ 473.919429] stmmaceth 0000:01:00.0: DMA HW capability register supported
+[ 473.919436] stmmaceth 0000:01:00.0: RX Checksum Offload Engine supported
+[ 473.919443] stmmaceth 0000:01:00.0: TX Checksum insertion supported
+[ 473.919451] stmmaceth 0000:01:00.0 (unnamed net_device) (uninitialized):
+ Enable RX Mitigation via HW Watchdog Timer
+[ 473.921395] libphy: PHY stmmac-1:00 not found
+[ 473.921417] stmmaceth 0000:01:00.0 eth0: Could not attach to PHY
+[ 473.921427] stmmaceth 0000:01:00.0 eth0: stmmac_open: Cannot attach to
+ PHY (error: -19)
+[ 473.959710] libphy: stmmac: probed
+[ 473.959724] stmmaceth 0000:01:00.0 eth0: PHY ID 01410cc2 at 0 IRQ POLL
+ (stmmac-1:00) active
+[ 473.959728] stmmaceth 0000:01:00.0 eth0: PHY ID 01410cc2 at 1 IRQ POLL
+ (stmmac-1:01)
+[ 473.959731] stmmaceth 0000:01:00.0 eth0: PHY ID 01410cc2 at 2 IRQ POLL
+ (stmmac-1:02)
+[ 473.959734] stmmaceth 0000:01:00.0 eth0: PHY ID 01410cc2 at 3 IRQ POLL
+ (stmmac-1:03)
+
+Fix this by making sure that register_netdev() is the last thing being done,
+which guarantees that the clock and the MDIO bus are available.
+
+Fixes: 4bfcbd7abce2 ("stmmac: Move the mdio_register/_unregister in probe/remove")
+Reported-by: Kweh, Hock Leong <hock.leong.kweh@intel.com>
+Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 22 +++++++++++++---------
+ 1 file changed, 13 insertions(+), 9 deletions(-)
+
+--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
++++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
+@@ -2939,12 +2939,6 @@ int stmmac_dvr_probe(struct device *devi
+ spin_lock_init(&priv->lock);
+ spin_lock_init(&priv->tx_lock);
+
+- ret = register_netdev(ndev);
+- if (ret) {
+- pr_err("%s: ERROR %i registering the device\n", __func__, ret);
+- goto error_netdev_register;
+- }
+-
+ /* If a specific clk_csr value is passed from the platform
+ * this means that the CSR Clock Range selection cannot be
+ * changed at run-time and it is fixed. Viceversa the driver'll try to
+@@ -2969,11 +2963,21 @@ int stmmac_dvr_probe(struct device *devi
+ }
+ }
+
+- return 0;
++ ret = register_netdev(ndev);
++ if (ret) {
++ netdev_err(priv->dev, "%s: ERROR %i registering the device\n",
++ __func__, ret);
++ goto error_netdev_register;
++ }
++
++ return ret;
+
+-error_mdio_register:
+- unregister_netdev(ndev);
+ error_netdev_register:
++ if (priv->pcs != STMMAC_PCS_RGMII &&
++ priv->pcs != STMMAC_PCS_TBI &&
++ priv->pcs != STMMAC_PCS_RTBI)
++ stmmac_mdio_unregister(ndev);
++error_mdio_register:
+ netif_napi_del(&priv->napi);
+ error_hw_init:
+ clk_disable_unprepare(priv->pclk);
--- /dev/null
+From foo@baz Thu Jan 12 21:36:14 CET 2017
+From: David Ahern <dsa@cumulusnetworks.com>
+Date: Tue, 10 Jan 2017 15:22:25 -0800
+Subject: net: vrf: do not allow table id 0
+
+From: David Ahern <dsa@cumulusnetworks.com>
+
+
+[ Upstream commit 24c63bbc18e25d5d8439422aa5fd2d66390b88eb ]
+
+Frank reported that vrf devices can be created with a table id of 0.
+This breaks many of the run time table id checks and should not be
+allowed. Detect this condition at create time and fail with EINVAL.
+
+Fixes: 193125dbd8eb ("net: Introduce VRF device driver")
+Reported-by: Frank Kellermann <frank.kellermann@atos.net>
+Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/vrf.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/net/vrf.c
++++ b/drivers/net/vrf.c
+@@ -925,6 +925,8 @@ static int vrf_newlink(struct net *src_n
+ return -EINVAL;
+
+ vrf->tb_id = nla_get_u32(data[IFLA_VRF_TABLE]);
++ if (vrf->tb_id == RT_TABLE_UNSPEC)
++ return -EINVAL;
+
+ dev->priv_flags |= IFF_L3MDEV_MASTER;
+
--- /dev/null
+From foo@baz Thu Jan 12 21:36:14 CET 2017
+From: David Ahern <dsa@cumulusnetworks.com>
+Date: Wed, 14 Dec 2016 14:31:11 -0800
+Subject: net: vrf: Drop conntrack data after pass through VRF device on Tx
+
+From: David Ahern <dsa@cumulusnetworks.com>
+
+
+[ Upstream commit eb63ecc1706b3e094d0f57438b6c2067cfc299f2 ]
+
+Locally originated traffic in a VRF fails in the presence of a POSTROUTING
+rule. For example,
+
+ $ iptables -t nat -A POSTROUTING -s 11.1.1.0/24 -j MASQUERADE
+ $ ping -I red -c1 11.1.1.3
+ ping: Warning: source address might be selected on device other than red.
+ PING 11.1.1.3 (11.1.1.3) from 11.1.1.2 red: 56(84) bytes of data.
+ ping: sendmsg: Operation not permitted
+
+Worse, the above causes random corruption resulting in a panic in random
+places (I have not seen a consistent backtrace).
+
+Call nf_reset to drop the conntrack info following the pass through the
+VRF device. The nf_reset is needed on Tx but not Rx because of the order
+in which NF_HOOK's are hit: on Rx the VRF device is after the real ingress
+device and on Tx it is is before the real egress device. Connection
+tracking should be tied to the real egress device and not the VRF device.
+
+Fixes: 8f58336d3f78a ("net: Add ethernet header for pass through VRF device")
+Fixes: 35402e3136634 ("net: Add IPv6 support to VRF device")
+Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/vrf.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/drivers/net/vrf.c
++++ b/drivers/net/vrf.c
+@@ -410,6 +410,8 @@ static int vrf_finish_output6(struct net
+ struct in6_addr *nexthop;
+ int ret;
+
++ nf_reset(skb);
++
+ skb->protocol = htons(ETH_P_IPV6);
+ skb->dev = dev;
+
+@@ -521,6 +523,8 @@ static int vrf_finish_output(struct net
+ u32 nexthop;
+ int ret = -EINVAL;
+
++ nf_reset(skb);
++
+ /* Be paranoid, rather than too clever. */
+ if (unlikely(skb_headroom(skb) < hh_len && dev->header_ops)) {
+ struct sk_buff *skb2;
--- /dev/null
+From foo@baz Thu Jan 12 21:36:14 CET 2017
+From: stephen hemminger <stephen@networkplumber.org>
+Date: Tue, 6 Dec 2016 13:43:54 -0800
+Subject: netvsc: reduce maximum GSO size
+
+From: stephen hemminger <stephen@networkplumber.org>
+
+
+[ Upstream commit a50af86dd49ee1851d1ccf06dd0019c05b95e297 ]
+
+Hyper-V (and Azure) support using NVGRE which requires some extra space
+for encapsulation headers. Because of this the largest allowed TSO
+packet is reduced.
+
+For older releases, hard code a fixed reduced value. For next release,
+there is a better solution which uses result of host offload
+negotiation.
+
+Signed-off-by: Stephen Hemminger <sthemmin@microsoft.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/hyperv/netvsc_drv.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/drivers/net/hyperv/netvsc_drv.c
++++ b/drivers/net/hyperv/netvsc_drv.c
+@@ -40,6 +40,8 @@
+
+ #include "hyperv_net.h"
+
++/* Restrict GSO size to account for NVGRE */
++#define NETVSC_GSO_MAX_SIZE 62768
+
+ #define RING_SIZE_MIN 64
+ static int ring_size = 128;
+@@ -852,6 +854,7 @@ static int netvsc_set_channels(struct ne
+ }
+ goto recover;
+ }
++ netif_set_gso_max_size(net, NETVSC_GSO_MAX_SIZE);
+
+ out:
+ netvsc_open(net);
--- /dev/null
+From foo@baz Thu Jan 12 21:36:14 CET 2017
+From: hayeswang <hayeswang@realtek.com>
+Date: Tue, 10 Jan 2017 17:04:07 +0800
+Subject: r8152: fix rx issue for runtime suspend
+
+From: hayeswang <hayeswang@realtek.com>
+
+
+[ Upstream commit 75dc692eda114cb234a46cb11893a9c3ea520934 ]
+
+Pause the rx and make sure the rx fifo is empty when the autosuspend
+occurs.
+
+If the rx data comes when the driver is canceling the rx urb, the host
+controller would stop getting the data from the device and continue
+it after next rx urb is submitted. That is, one continuing data is
+split into two different urb buffers. That let the driver take the
+data as a rx descriptor, and unexpected behavior happens.
+
+Signed-off-by: Hayes Wang <hayeswang@realtek.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/usb/r8152.c | 31 ++++++++++++++++++++++++++++---
+ 1 file changed, 28 insertions(+), 3 deletions(-)
+
+--- a/drivers/net/usb/r8152.c
++++ b/drivers/net/usb/r8152.c
+@@ -3452,17 +3452,42 @@ static int rtl8152_rumtime_suspend(struc
+ int ret = 0;
+
+ if (netif_running(netdev) && test_bit(WORK_ENABLE, &tp->flags)) {
++ u32 rcr = 0;
++
+ if (delay_autosuspend(tp)) {
+ ret = -EBUSY;
+ goto out1;
+ }
+
++ if (netif_carrier_ok(netdev)) {
++ u32 ocp_data;
++
++ rcr = ocp_read_dword(tp, MCU_TYPE_PLA, PLA_RCR);
++ ocp_data = rcr & ~RCR_ACPT_ALL;
++ ocp_write_dword(tp, MCU_TYPE_PLA, PLA_RCR, ocp_data);
++ rxdy_gated_en(tp, true);
++ ocp_data = ocp_read_byte(tp, MCU_TYPE_PLA,
++ PLA_OOB_CTRL);
++ if (!(ocp_data & RXFIFO_EMPTY)) {
++ rxdy_gated_en(tp, false);
++ ocp_write_dword(tp, MCU_TYPE_PLA, PLA_RCR, rcr);
++ ret = -EBUSY;
++ goto out1;
++ }
++ }
++
+ clear_bit(WORK_ENABLE, &tp->flags);
+ usb_kill_urb(tp->intr_urb);
+- napi_disable(&tp->napi);
+- rtl_stop_rx(tp);
++
+ rtl_runtime_suspend_enable(tp, true);
+- napi_enable(&tp->napi);
++
++ if (netif_carrier_ok(netdev)) {
++ napi_disable(&tp->napi);
++ rtl_stop_rx(tp);
++ rxdy_gated_en(tp, false);
++ ocp_write_dword(tp, MCU_TYPE_PLA, PLA_RCR, rcr);
++ napi_enable(&tp->napi);
++ }
+ }
+
+ set_bit(SELECTIVE_SUSPEND, &tp->flags);
--- /dev/null
+From foo@baz Thu Jan 12 21:36:14 CET 2017
+From: hayeswang <hayeswang@realtek.com>
+Date: Tue, 10 Jan 2017 17:04:06 +0800
+Subject: r8152: split rtl8152_suspend function
+
+From: hayeswang <hayeswang@realtek.com>
+
+
+[ Upstream commit 8fb280616878b81c0790a0c33acbeec59c5711f4 ]
+
+Split rtl8152_suspend() into rtl8152_system_suspend() and
+rtl8152_rumtime_suspend().
+
+Signed-off-by: Hayes Wang <hayeswang@realtek.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/usb/r8152.c | 57 +++++++++++++++++++++++++++++++++---------------
+ 1 file changed, 40 insertions(+), 17 deletions(-)
+
+--- a/drivers/net/usb/r8152.c
++++ b/drivers/net/usb/r8152.c
+@@ -3446,39 +3446,62 @@ static bool delay_autosuspend(struct r81
+ return false;
+ }
+
+-static int rtl8152_suspend(struct usb_interface *intf, pm_message_t message)
++static int rtl8152_rumtime_suspend(struct r8152 *tp)
+ {
+- struct r8152 *tp = usb_get_intfdata(intf);
+ struct net_device *netdev = tp->netdev;
+ int ret = 0;
+
+- mutex_lock(&tp->control);
+-
+- if (PMSG_IS_AUTO(message)) {
+- if (netif_running(netdev) && delay_autosuspend(tp)) {
++ if (netif_running(netdev) && test_bit(WORK_ENABLE, &tp->flags)) {
++ if (delay_autosuspend(tp)) {
+ ret = -EBUSY;
+ goto out1;
+ }
+
+- set_bit(SELECTIVE_SUSPEND, &tp->flags);
+- } else {
+- netif_device_detach(netdev);
++ clear_bit(WORK_ENABLE, &tp->flags);
++ usb_kill_urb(tp->intr_urb);
++ napi_disable(&tp->napi);
++ rtl_stop_rx(tp);
++ rtl_runtime_suspend_enable(tp, true);
++ napi_enable(&tp->napi);
+ }
+
++ set_bit(SELECTIVE_SUSPEND, &tp->flags);
++
++out1:
++ return ret;
++}
++
++static int rtl8152_system_suspend(struct r8152 *tp)
++{
++ struct net_device *netdev = tp->netdev;
++ int ret = 0;
++
++ netif_device_detach(netdev);
++
+ if (netif_running(netdev) && test_bit(WORK_ENABLE, &tp->flags)) {
+ clear_bit(WORK_ENABLE, &tp->flags);
+ usb_kill_urb(tp->intr_urb);
+ napi_disable(&tp->napi);
+- if (test_bit(SELECTIVE_SUSPEND, &tp->flags)) {
+- rtl_stop_rx(tp);
+- rtl_runtime_suspend_enable(tp, true);
+- } else {
+- cancel_delayed_work_sync(&tp->schedule);
+- tp->rtl_ops.down(tp);
+- }
++ cancel_delayed_work_sync(&tp->schedule);
++ tp->rtl_ops.down(tp);
+ napi_enable(&tp->napi);
+ }
+-out1:
++
++ return ret;
++}
++
++static int rtl8152_suspend(struct usb_interface *intf, pm_message_t message)
++{
++ struct r8152 *tp = usb_get_intfdata(intf);
++ int ret;
++
++ mutex_lock(&tp->control);
++
++ if (PMSG_IS_AUTO(message))
++ ret = rtl8152_rumtime_suspend(tp);
++ else
++ ret = rtl8152_system_suspend(tp);
++
+ mutex_unlock(&tp->control);
+
+ return ret;
--- /dev/null
+From foo@baz Thu Jan 12 21:36:14 CET 2017
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Wed, 7 Dec 2016 14:22:03 +0300
+Subject: ser_gigaset: return -ENOMEM on error instead of success
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+
+[ Upstream commit 93a97c50cbf1c007caf12db5cc23e0d5b9c8473c ]
+
+If we can't allocate the resources in gigaset_initdriver() then we
+should return -ENOMEM instead of zero.
+
+Fixes: 2869b23e4b95 ("[PATCH] drivers/isdn/gigaset: new M101 driver (v2)")
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/isdn/gigaset/ser-gigaset.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/drivers/isdn/gigaset/ser-gigaset.c
++++ b/drivers/isdn/gigaset/ser-gigaset.c
+@@ -762,8 +762,10 @@ static int __init ser_gigaset_init(void)
+ driver = gigaset_initdriver(GIGASET_MINOR, GIGASET_MINORS,
+ GIGASET_MODULENAME, GIGASET_DEVNAME,
+ &ops, THIS_MODULE);
+- if (!driver)
++ if (!driver) {
++ rc = -ENOMEM;
+ goto error;
++ }
+
+ rc = tty_register_ldisc(N_GIGASET_M101, &gigaset_ldisc);
+ if (rc != 0) {
--- /dev/null
+netvsc-reduce-maximum-gso-size.patch
+ser_gigaset-return-enomem-on-error-instead-of-success.patch
+net-vrf-drop-conntrack-data-after-pass-through-vrf-device-on-tx.patch
+ipv6-handle-efault-from-skb_copy_bits.patch
+net-sched-fix-soft-lockup-in-tc_classify.patch
+net-stmmac-fix-race-between-stmmac_drv_probe-and-stmmac_open.patch
+net-mlx5-check-fw-limitations-on-log_max_qp-before-setting-it.patch
+net-mlx5-avoid-shadowing-numa_node.patch
+drop_monitor-add-missing-call-to-genlmsg_end.patch
+drop_monitor-consider-inserted-data-in-genlmsg_end.patch
+igmp-make-igmp-group-member-rfc-3376-compliant.patch
+ipv4-do-not-allow-main-to-be-alias-for-new-local-w-custom-rules.patch
+r8152-split-rtl8152_suspend-function.patch
+r8152-fix-rx-issue-for-runtime-suspend.patch
+gro-enter-slow-path-if-there-is-no-tailroom.patch
+gro-use-min_t-in-skb_gro_reset_offset.patch
+gro-disable-frag0-optimization-on-ipv6-ext-headers.patch
+net-ipv4-fix-multipath-selection-with-vrf.patch
+net-vrf-do-not-allow-table-id-0.patch
--- /dev/null
+net-vrf-fix-nat-within-a-vrf.patch
+net-vrf-drop-conntrack-data-after-pass-through-vrf-device-on-tx.patch
+sctp-sctp_transport_lookup_process-should-rcu_read_unlock-when-transport-is-null.patch
+inet-fix-ip-v6-_recvorigdstaddr-for-udp-sockets.patch
+ipv6-handle-efault-from-skb_copy_bits.patch
+net-sched-fix-soft-lockup-in-tc_classify.patch
+net-stmmac-fix-race-between-stmmac_drv_probe-and-stmmac_open.patch
+net-sched-cls_flower-fix-missing-addr_type-in-classify.patch
+net-mlx5-check-fw-limitations-on-log_max_qp-before-setting-it.patch
+net-mlx5-cancel-recovery-work-in-remove-flow.patch
+net-mlx5-avoid-shadowing-numa_node.patch
+net-mlx5-mask-destination-mac-value-in-ethtool-steering-rules.patch
+net-mlx5-prevent-setting-multicast-macs-for-vfs.patch
+net-mlx5e-don-t-sync-netdev-state-when-not-registered.patch
+net-mlx5e-disable-netdev-after-close.patch
+rtnl-stats-add-missing-netlink-message-size-checks.patch
+net-fix-incorrect-original-ingress-device-index-in-pktinfo.patch
+net-ipv4-dst-for-local-input-routes-should-use-l3mdev-if-relevant.patch
+drop_monitor-add-missing-call-to-genlmsg_end.patch
+drop_monitor-consider-inserted-data-in-genlmsg_end.patch
+flow_dissector-update-pptp-handling-to-avoid-null-pointer-deref.patch
+igmp-make-igmp-group-member-rfc-3376-compliant.patch
+ipv4-do-not-allow-main-to-be-alias-for-new-local-w-custom-rules.patch
+net-vrf-add-missing-rx-counters.patch
+bpf-change-back-to-orig-prog-on-too-many-passes.patch
+net-dsa-bcm_sf2-do-not-clobber-b53_switch_ops.patch
+net-dsa-bcm_sf2-utilize-nested-mdio-read-write.patch
+r8152-split-rtl8152_suspend-function.patch
+r8152-fix-rx-issue-for-runtime-suspend.patch
+net-dsa-ensure-validity-of-dst-ds.patch
+net-add-the-af_qipcrtr-entries-to-family-name-tables.patch
+gro-enter-slow-path-if-there-is-no-tailroom.patch
+gro-use-min_t-in-skb_gro_reset_offset.patch
+gro-disable-frag0-optimization-on-ipv6-ext-headers.patch
+net-mlx5e-remove-warn_once-from-adaptive-moderation-code.patch
+net-ipv4-fix-multipath-selection-with-vrf.patch
+net-vrf-do-not-allow-table-id-0.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
