--- /dev/null
+From foo@baz Wed Feb 1 08:49:51 CET 2017
+From: WANG Cong <xiyou.wangcong@gmail.com>
+Date: Mon, 23 Jan 2017 11:17:35 -0800
+Subject: af_unix: move unix_mknod() out of bindlock
+
+From: WANG Cong <xiyou.wangcong@gmail.com>
+
+
+[ Upstream commit 0fb44559ffd67de8517098b81f675fa0210f13f0 ]
+
+Dmitry reported a deadlock scenario:
+
+unix_bind() path:
+u->bindlock ==> sb_writer
+
+do_splice() path:
+sb_writer ==> pipe->mutex ==> u->bindlock
+
+In the unix_bind() code path, unix_mknod() does not have to
+be done with u->bindlock held, since it is a pure fs operation,
+so we can just move unix_mknod() out.
+
+Reported-by: Dmitry Vyukov <dvyukov@google.com>
+Tested-by: Dmitry Vyukov <dvyukov@google.com>
+Cc: Rainer Weikusat <rweikusat@mobileactivedefense.com>
+Cc: Al Viro <viro@zeniv.linux.org.uk>
+Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/unix/af_unix.c | 27 ++++++++++++++++-----------
+ 1 file changed, 16 insertions(+), 11 deletions(-)
+
+--- a/net/unix/af_unix.c
++++ b/net/unix/af_unix.c
+@@ -994,6 +994,7 @@ static int unix_bind(struct socket *sock
+ unsigned int hash;
+ struct unix_address *addr;
+ struct hlist_head *list;
++ struct path path = { NULL, NULL };
+
+ err = -EINVAL;
+ if (sunaddr->sun_family != AF_UNIX)
+@@ -1009,9 +1010,20 @@ static int unix_bind(struct socket *sock
+ goto out;
+ addr_len = err;
+
++ if (sun_path[0]) {
++ umode_t mode = S_IFSOCK |
++ (SOCK_INODE(sock)->i_mode & ~current_umask());
++ err = unix_mknod(sun_path, mode, &path);
++ if (err) {
++ if (err == -EEXIST)
++ err = -EADDRINUSE;
++ goto out;
++ }
++ }
++
+ err = mutex_lock_interruptible(&u->bindlock);
+ if (err)
+- goto out;
++ goto out_put;
+
+ err = -EINVAL;
+ if (u->addr)
+@@ -1028,16 +1040,6 @@ static int unix_bind(struct socket *sock
+ atomic_set(&addr->refcnt, 1);
+
+ if (sun_path[0]) {
+- struct path path;
+- umode_t mode = S_IFSOCK |
+- (SOCK_INODE(sock)->i_mode & ~current_umask());
+- err = unix_mknod(sun_path, mode, &path);
+- if (err) {
+- if (err == -EEXIST)
+- err = -EADDRINUSE;
+- unix_release_addr(addr);
+- goto out_up;
+- }
+ addr->hash = UNIX_HASH_SIZE;
+ hash = d_real_inode(path.dentry)->i_ino & (UNIX_HASH_SIZE - 1);
+ spin_lock(&unix_table_lock);
+@@ -1064,6 +1066,9 @@ out_unlock:
+ spin_unlock(&unix_table_lock);
+ out_up:
+ mutex_unlock(&u->bindlock);
++out_put:
++ if (err)
++ path_put(&path);
+ out:
+ return err;
+ }
--- /dev/null
+From foo@baz Wed Feb 1 08:49:51 CET 2017
+From: Basil Gunn <basil@pacabunga.com>
+Date: Sat, 14 Jan 2017 12:18:55 -0800
+Subject: ax25: Fix segfault after sock connection timeout
+
+From: Basil Gunn <basil@pacabunga.com>
+
+
+[ Upstream commit 8a367e74c0120ef68c8c70d5a025648c96626dff ]
+
+The ax.25 socket connection timed out & the sock struct has been
+previously taken down ie. sock struct is now a NULL pointer. Checking
+the sock_flag causes the segfault. Check if the socket struct pointer
+is NULL before checking sock_flag. This segfault is seen in
+timed out netrom connections.
+
+Please submit to -stable.
+
+Signed-off-by: Basil Gunn <basil@pacabunga.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ax25/ax25_subr.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/ax25/ax25_subr.c
++++ b/net/ax25/ax25_subr.c
+@@ -264,7 +264,7 @@ void ax25_disconnect(ax25_cb *ax25, int
+ {
+ ax25_clear_queues(ax25);
+
+- if (!sock_flag(ax25->sk, SOCK_DESTROY))
++ if (!ax25->sk || !sock_flag(ax25->sk, SOCK_DESTROY))
+ ax25_stop_heartbeat(ax25);
+ ax25_stop_t1timer(ax25);
+ ax25_stop_t2timer(ax25);
--- /dev/null
+From foo@baz Wed Feb 1 08:49:51 CET 2017
+From: Ivan Vecera <cera@cera.cz>
+Date: Fri, 20 Jan 2017 18:12:17 +0100
+Subject: bridge: netlink: call br_changelink() during br_dev_newlink()
+
+From: Ivan Vecera <cera@cera.cz>
+
+
+[ Upstream commit b6677449dff674cf5b81429b11d5c7f358852ef9 ]
+
+Any bridge options specified during link creation (e.g. ip link add)
+are ignored as br_dev_newlink() does not process them.
+Use br_changelink() to do it.
+
+Fixes: 133235161721 ("bridge: implement rtnl_link_ops->changelink")
+Signed-off-by: Ivan Vecera <cera@cera.cz>
+Reviewed-by: Jiri Pirko <jiri@mellanox.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/bridge/br_netlink.c | 33 +++++++++++++++++++--------------
+ 1 file changed, 19 insertions(+), 14 deletions(-)
+
+--- a/net/bridge/br_netlink.c
++++ b/net/bridge/br_netlink.c
+@@ -773,20 +773,6 @@ static int br_validate(struct nlattr *tb
+ return 0;
+ }
+
+-static int br_dev_newlink(struct net *src_net, struct net_device *dev,
+- struct nlattr *tb[], struct nlattr *data[])
+-{
+- struct net_bridge *br = netdev_priv(dev);
+-
+- if (tb[IFLA_ADDRESS]) {
+- spin_lock_bh(&br->lock);
+- br_stp_change_bridge_id(br, nla_data(tb[IFLA_ADDRESS]));
+- spin_unlock_bh(&br->lock);
+- }
+-
+- return register_netdevice(dev);
+-}
+-
+ static int br_port_slave_changelink(struct net_device *brdev,
+ struct net_device *dev,
+ struct nlattr *tb[],
+@@ -1068,6 +1054,25 @@ static int br_changelink(struct net_devi
+ return 0;
+ }
+
++static int br_dev_newlink(struct net *src_net, struct net_device *dev,
++ struct nlattr *tb[], struct nlattr *data[])
++{
++ struct net_bridge *br = netdev_priv(dev);
++ int err;
++
++ if (tb[IFLA_ADDRESS]) {
++ spin_lock_bh(&br->lock);
++ br_stp_change_bridge_id(br, nla_data(tb[IFLA_ADDRESS]));
++ spin_unlock_bh(&br->lock);
++ }
++
++ err = br_changelink(dev, tb, data);
++ if (err)
++ return err;
++
++ return register_netdevice(dev);
++}
++
+ static size_t br_get_size(const struct net_device *brdev)
+ {
+ return nla_total_size(sizeof(u32)) + /* IFLA_BR_FORWARD_DELAY */
--- /dev/null
+From foo@baz Wed Feb 1 08:49:51 CET 2017
+From: Kefeng Wang <wangkefeng.wang@huawei.com>
+Date: Thu, 19 Jan 2017 16:26:21 +0800
+Subject: ipv6: addrconf: Avoid addrconf_disable_change() using RCU read-side lock
+
+From: Kefeng Wang <wangkefeng.wang@huawei.com>
+
+
+[ Upstream commit 03e4deff4987f79c34112c5ba4eb195d4f9382b0 ]
+
+Just like commit 4acd4945cd1e ("ipv6: addrconf: Avoid calling
+netdevice notifiers with RCU read-side lock"), it is unnecessary
+to make addrconf_disable_change() use RCU iteration over the
+netdev list, since it already holds the RTNL lock, or we may meet
+Illegal context switch in RCU read-side critical section.
+
+Signed-off-by: Kefeng Wang <wangkefeng.wang@huawei.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv6/addrconf.c | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+--- a/net/ipv6/addrconf.c
++++ b/net/ipv6/addrconf.c
+@@ -5244,8 +5244,7 @@ static void addrconf_disable_change(stru
+ struct net_device *dev;
+ struct inet6_dev *idev;
+
+- rcu_read_lock();
+- for_each_netdev_rcu(net, dev) {
++ for_each_netdev(net, dev) {
+ idev = __in6_dev_get(dev);
+ if (idev) {
+ int changed = (!idev->cnf.disable_ipv6) ^ (!newf);
+@@ -5254,7 +5253,6 @@ static void addrconf_disable_change(stru
+ dev_disable_change(idev);
+ }
+ }
+- rcu_read_unlock();
+ }
+
+ static int addrconf_disable_ipv6(struct ctl_table *table, int *p, int newf)
--- /dev/null
+From foo@baz Wed Feb 1 08:49:51 CET 2017
+From: Elad Raz <eladr@mellanox.com>
+Date: Thu, 12 Jan 2017 09:10:39 +0100
+Subject: mlxsw: pci: Fix EQE structure definition
+
+From: Elad Raz <eladr@mellanox.com>
+
+
+[ Upstream commit 28e46a0f2e03ab4ed0e23cace1ea89a68c8c115b ]
+
+The event_data starts from address 0x00-0x0C and not from 0x08-0x014. This
+leads to duplication with other fields in the Event Queue Element such as
+sub-type, cqn and owner.
+
+Fixes: eda6500a987a0 ("mlxsw: Add PCI bus implementation")
+Signed-off-by: Elad Raz <eladr@mellanox.com>
+Signed-off-by: Jiri Pirko <jiri@mellanox.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/mellanox/mlxsw/pci.h | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+--- a/drivers/net/ethernet/mellanox/mlxsw/pci.h
++++ b/drivers/net/ethernet/mellanox/mlxsw/pci.h
+@@ -206,21 +206,21 @@ MLXSW_ITEM32(pci, eqe, owner, 0x0C, 0, 1
+ /* pci_eqe_cmd_token
+ * Command completion event - token
+ */
+-MLXSW_ITEM32(pci, eqe, cmd_token, 0x08, 16, 16);
++MLXSW_ITEM32(pci, eqe, cmd_token, 0x00, 16, 16);
+
+ /* pci_eqe_cmd_status
+ * Command completion event - status
+ */
+-MLXSW_ITEM32(pci, eqe, cmd_status, 0x08, 0, 8);
++MLXSW_ITEM32(pci, eqe, cmd_status, 0x00, 0, 8);
+
+ /* pci_eqe_cmd_out_param_h
+ * Command completion event - output parameter - higher part
+ */
+-MLXSW_ITEM32(pci, eqe, cmd_out_param_h, 0x0C, 0, 32);
++MLXSW_ITEM32(pci, eqe, cmd_out_param_h, 0x04, 0, 32);
+
+ /* pci_eqe_cmd_out_param_l
+ * Command completion event - output parameter - lower part
+ */
+-MLXSW_ITEM32(pci, eqe, cmd_out_param_l, 0x10, 0, 32);
++MLXSW_ITEM32(pci, eqe, cmd_out_param_l, 0x08, 0, 32);
+
+ #endif
--- /dev/null
+From foo@baz Wed Feb 1 08:49:51 CET 2017
+From: Arkadi Sharshevsky <arkadis@mellanox.com>
+Date: Thu, 12 Jan 2017 09:10:37 +0100
+Subject: mlxsw: spectrum: Fix memory leak at skb reallocation
+
+From: Arkadi Sharshevsky <arkadis@mellanox.com>
+
+
+[ Upstream commit 36bf38d158d3482119b3e159c0619b3c1539b508 ]
+
+During transmission the skb is checked for headroom in order to
+add vendor specific header. In case the skb needs to be re-allocated,
+skb_realloc_headroom() is called to make a private copy of the original,
+but doesn't release it. Current code assumes that the original skb is
+released during reallocation and only releases it at the error path
+which causes a memory leak.
+
+Fix this by adding the original skb release to the main path.
+
+Fixes: 56ade8fe3fe1 ("mlxsw: spectrum: Add initial support for Spectrum ASIC")
+Signed-off-by: Arkadi Sharshevsky <arkadis@mellanox.com>
+Reviewed-by: Ido Schimmel <idosch@mellanox.com>
+Signed-off-by: Jiri Pirko <jiri@mellanox.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/mellanox/mlxsw/spectrum.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/net/ethernet/mellanox/mlxsw/spectrum.c
++++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum.c
+@@ -390,6 +390,7 @@ static netdev_tx_t mlxsw_sp_port_xmit(st
+ dev_kfree_skb_any(skb_orig);
+ return NETDEV_TX_OK;
+ }
++ dev_consume_skb_any(skb_orig);
+ }
+
+ if (eth_skb_pad(skb)) {
--- /dev/null
+From foo@baz Wed Feb 1 08:49:51 CET 2017
+From: Arkadi Sharshevsky <arkadis@mellanox.com>
+Date: Thu, 12 Jan 2017 09:10:38 +0100
+Subject: mlxsw: switchx2: Fix memory leak at skb reallocation
+
+From: Arkadi Sharshevsky <arkadis@mellanox.com>
+
+
+[ Upstream commit 400fc0106dd8c27ed84781c929c1a184785b9c79 ]
+
+During transmission the skb is checked for headroom in order to
+add vendor specific header. In case the skb needs to be re-allocated,
+skb_realloc_headroom() is called to make a private copy of the original,
+but doesn't release it. Current code assumes that the original skb is
+released during reallocation and only releases it at the error path
+which causes a memory leak.
+
+Fix this by adding the original skb release to the main path.
+
+Fixes: d003462a50de ("mlxsw: Simplify mlxsw_sx_port_xmit function")
+Signed-off-by: Arkadi Sharshevsky <arkadis@mellanox.com>
+Signed-off-by: Jiri Pirko <jiri@mellanox.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/mellanox/mlxsw/switchx2.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/net/ethernet/mellanox/mlxsw/switchx2.c
++++ b/drivers/net/ethernet/mellanox/mlxsw/switchx2.c
+@@ -313,6 +313,7 @@ static netdev_tx_t mlxsw_sx_port_xmit(st
+ dev_kfree_skb_any(skb_orig);
+ return NETDEV_TX_OK;
+ }
++ dev_consume_skb_any(skb_orig);
+ }
+ mlxsw_sx_txhdr_construct(skb, &tx_info);
+ len = skb->len;
--- /dev/null
+From foo@baz Wed Feb 1 08:49:51 CET 2017
+From: Florian Fainelli <f.fainelli@gmail.com>
+Date: Wed, 25 Jan 2017 09:10:41 -0800
+Subject: net: dsa: Bring back device detaching in dsa_slave_suspend()
+
+From: Florian Fainelli <f.fainelli@gmail.com>
+
+
+[ Upstream commit f154be241d22298d2b63c9b613f619fa1086ea75 ]
+
+Commit 448b4482c671 ("net: dsa: Add lockdep class to tx queues to avoid
+lockdep splat") removed the netif_device_detach() call done in
+dsa_slave_suspend() which is necessary, and paired with a corresponding
+netif_device_attach(), bring it back.
+
+Fixes: 448b4482c671 ("net: dsa: Add lockdep class to tx queues to avoid lockdep splat")
+Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
+Reviewed-by: Andrew Lunn <andrew@lunn.ch>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/dsa/slave.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/net/dsa/slave.c
++++ b/net/dsa/slave.c
+@@ -1101,6 +1101,8 @@ int dsa_slave_suspend(struct net_device
+ {
+ struct dsa_slave_priv *p = netdev_priv(slave_dev);
+
++ netif_device_detach(slave_dev);
++
+ if (p->phy) {
+ phy_stop(p->phy);
+ p->old_pause = -1;
--- /dev/null
+From foo@baz Wed Feb 1 08:49:51 CET 2017
+From: Eric Dumazet <edumazet@google.com>
+Date: Wed, 18 Jan 2017 12:12:17 -0800
+Subject: net: fix harmonize_features() vs NETIF_F_HIGHDMA
+
+From: Eric Dumazet <edumazet@google.com>
+
+
+[ Upstream commit 7be2c82cfd5d28d7adb66821a992604eb6dd112e ]
+
+Ashizuka reported a highmem oddity and sent a patch for freescale
+fec driver.
+
+But the problem root cause is that core networking stack
+must ensure no skb with highmem fragment is ever sent through
+a device that does not assert NETIF_F_HIGHDMA in its features.
+
+We need to call illegal_highdma() from harmonize_features()
+regardless of CSUM checks.
+
+Fixes: ec5f06156423 ("net: Kill link between CSUM and SG features.")
+Signed-off-by: Eric Dumazet <edumazet@google.com>
+Cc: Pravin Shelar <pshelar@ovn.org>
+Reported-by: "Ashizuka, Yuusuke" <ashiduka@jp.fujitsu.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/core/dev.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/net/core/dev.c
++++ b/net/core/dev.c
+@@ -2650,9 +2650,9 @@ static netdev_features_t harmonize_featu
+ if (skb->ip_summed != CHECKSUM_NONE &&
+ !can_checksum_protocol(features, type)) {
+ features &= ~NETIF_F_ALL_CSUM;
+- } else if (illegal_highdma(skb->dev, skb)) {
+- features &= ~NETIF_F_SG;
+ }
++ if (illegal_highdma(skb->dev, skb))
++ features &= ~NETIF_F_SG;
+
+ return features;
+ }
--- /dev/null
+From foo@baz Wed Feb 1 08:49:51 CET 2017
+From: David Ahern <dsa@cumulusnetworks.com>
+Date: Wed, 11 Jan 2017 15:42:17 -0800
+Subject: net: ipv4: fix table id in getroute response
+
+From: David Ahern <dsa@cumulusnetworks.com>
+
+
+[ Upstream commit 8a430ed50bb1b19ca14a46661f3b1b35f2fb5c39 ]
+
+rtm_table is an 8-bit field while table ids are allowed up to u32. Commit
+709772e6e065 ("net: Fix routing tables with id > 255 for legacy software")
+added the preference to set rtm_table in dumps to RT_TABLE_COMPAT if the
+table id is > 255. The table id returned on get route requests should do
+the same.
+
+Fixes: c36ba6603a11 ("net: Allow user to get table id from route lookup")
+Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv4/route.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/ipv4/route.c
++++ b/net/ipv4/route.c
+@@ -2430,7 +2430,7 @@ static int rt_fill_info(struct net *net,
+ r->rtm_dst_len = 32;
+ r->rtm_src_len = 0;
+ r->rtm_tos = fl4->flowi4_tos;
+- r->rtm_table = table_id;
++ r->rtm_table = table_id < 256 ? table_id : RT_TABLE_COMPAT;
+ if (nla_put_u32(skb, RTA_TABLE, table_id))
+ goto nla_put_failure;
+ r->rtm_type = rt->rt_type;
--- /dev/null
+From foo@baz Wed Feb 1 08:49:51 CET 2017
+From: David Ahern <dsa@cumulusnetworks.com>
+Date: Wed, 11 Jan 2017 14:29:54 -0800
+Subject: net: lwtunnel: Handle lwtunnel_fill_encap failure
+
+From: David Ahern <dsa@cumulusnetworks.com>
+
+
+[ Upstream commit ea7a80858f57d8878b1499ea0f1b8a635cc48de7 ]
+
+Handle failure in lwtunnel_fill_encap adding attributes to skb.
+
+Fixes: 571e722676fe ("ipv4: support for fib route lwtunnel encap attributes")
+Fixes: 19e42e451506 ("ipv6: support for fib route lwtunnel encap attributes")
+Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv4/fib_semantics.c | 11 +++++++----
+ net/ipv6/route.c | 3 ++-
+ 2 files changed, 9 insertions(+), 5 deletions(-)
+
+--- a/net/ipv4/fib_semantics.c
++++ b/net/ipv4/fib_semantics.c
+@@ -1277,8 +1277,9 @@ int fib_dump_info(struct sk_buff *skb, u
+ nla_put_u32(skb, RTA_FLOW, fi->fib_nh[0].nh_tclassid))
+ goto nla_put_failure;
+ #endif
+- if (fi->fib_nh->nh_lwtstate)
+- lwtunnel_fill_encap(skb, fi->fib_nh->nh_lwtstate);
++ if (fi->fib_nh->nh_lwtstate &&
++ lwtunnel_fill_encap(skb, fi->fib_nh->nh_lwtstate) < 0)
++ goto nla_put_failure;
+ }
+ #ifdef CONFIG_IP_ROUTE_MULTIPATH
+ if (fi->fib_nhs > 1) {
+@@ -1314,8 +1315,10 @@ int fib_dump_info(struct sk_buff *skb, u
+ nla_put_u32(skb, RTA_FLOW, nh->nh_tclassid))
+ goto nla_put_failure;
+ #endif
+- if (nh->nh_lwtstate)
+- lwtunnel_fill_encap(skb, nh->nh_lwtstate);
++ if (nh->nh_lwtstate &&
++ lwtunnel_fill_encap(skb, nh->nh_lwtstate) < 0)
++ goto nla_put_failure;
++
+ /* length of rtnetlink header + attributes */
+ rtnh->rtnh_len = nlmsg_get_pos(skb) - (void *) rtnh;
+ } endfor_nexthops(fi);
+--- a/net/ipv6/route.c
++++ b/net/ipv6/route.c
+@@ -3196,7 +3196,8 @@ static int rt6_fill_node(struct net *net
+ if (nla_put_u8(skb, RTA_PREF, IPV6_EXTRACT_PREF(rt->rt6i_flags)))
+ goto nla_put_failure;
+
+- lwtunnel_fill_encap(skb, rt->dst.lwtstate);
++ if (lwtunnel_fill_encap(skb, rt->dst.lwtstate) < 0)
++ goto nla_put_failure;
+
+ nlmsg_end(skb, nlh);
+ return 0;
--- /dev/null
+From foo@baz Wed Feb 1 08:49:51 CET 2017
+From: Daniel Gonzalez Cabanelas <dgcbueu@gmail.com>
+Date: Tue, 17 Jan 2017 16:26:55 -0800
+Subject: net: phy: bcm63xx: Utilize correct config_intr function
+
+From: Daniel Gonzalez Cabanelas <dgcbueu@gmail.com>
+
+
+[ Upstream commit cd33b3e0da43522ff8e8f2b2b71d3d08298512b0 ]
+
+Commit a1cba5613edf ("net: phy: Add Broadcom phy library for common
+interfaces") make the BCM63xx PHY driver utilize bcm_phy_config_intr()
+which would appear to do the right thing, except that it does not write
+to the MII_BCM63XX_IR register but to MII_BCM54XX_ECR which is
+different.
+
+This would be causing invalid link parameters and events from being
+generated by the PHY interrupt.
+
+Fixes: a1cba5613edf ("net: phy: Add Broadcom phy library for common interfaces")
+Signed-off-by: Daniel Gonzalez Cabanelas <dgcbueu@gmail.com>
+Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/phy/bcm63xx.c | 21 +++++++++++++++++++--
+ 1 file changed, 19 insertions(+), 2 deletions(-)
+
+--- a/drivers/net/phy/bcm63xx.c
++++ b/drivers/net/phy/bcm63xx.c
+@@ -21,6 +21,23 @@ MODULE_DESCRIPTION("Broadcom 63xx intern
+ MODULE_AUTHOR("Maxime Bizon <mbizon@freebox.fr>");
+ MODULE_LICENSE("GPL");
+
++static int bcm63xx_config_intr(struct phy_device *phydev)
++{
++ int reg, err;
++
++ reg = phy_read(phydev, MII_BCM63XX_IR);
++ if (reg < 0)
++ return reg;
++
++ if (phydev->interrupts == PHY_INTERRUPT_ENABLED)
++ reg &= ~MII_BCM63XX_IR_GMASK;
++ else
++ reg |= MII_BCM63XX_IR_GMASK;
++
++ err = phy_write(phydev, MII_BCM63XX_IR, reg);
++ return err;
++}
++
+ static int bcm63xx_config_init(struct phy_device *phydev)
+ {
+ int reg, err;
+@@ -55,7 +72,7 @@ static struct phy_driver bcm63xx_driver[
+ .config_aneg = genphy_config_aneg,
+ .read_status = genphy_read_status,
+ .ack_interrupt = bcm_phy_ack_intr,
+- .config_intr = bcm_phy_config_intr,
++ .config_intr = bcm63xx_config_intr,
+ .driver = { .owner = THIS_MODULE },
+ }, {
+ /* same phy as above, with just a different OUI */
+@@ -68,7 +85,7 @@ static struct phy_driver bcm63xx_driver[
+ .config_aneg = genphy_config_aneg,
+ .read_status = genphy_read_status,
+ .ack_interrupt = bcm_phy_ack_intr,
+- .config_intr = bcm_phy_config_intr,
++ .config_intr = bcm63xx_config_intr,
+ .driver = { .owner = THIS_MODULE },
+ } };
+
--- /dev/null
+From foo@baz Wed Feb 1 08:49:51 CET 2017
+From: Florian Fainelli <f.fainelli@gmail.com>
+Date: Thu, 12 Jan 2017 12:09:09 -0800
+Subject: net: systemport: Decouple flow control from __bcm_sysport_tx_reclaim
+
+From: Florian Fainelli <f.fainelli@gmail.com>
+
+
+[ Upstream commit 148d3d021cf9724fcf189ce4e525a094bbf5ce89 ]
+
+The __bcm_sysport_tx_reclaim() function is used to reclaim transmit
+resources in different places within the driver. Most of them should
+not affect the state of the transit flow control.
+
+Introduce bcm_sysport_tx_clean() which cleans the ring, but does not
+re-enable flow control towards the networking stack, and make
+bcm_sysport_tx_reclaim() do the actual transmit queue flow control.
+
+Fixes: 80105befdb4b ("net: systemport: add Broadcom SYSTEMPORT Ethernet MAC driver")
+Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/broadcom/bcmsysport.c | 25 ++++++++++++++++++-------
+ 1 file changed, 18 insertions(+), 7 deletions(-)
+
+--- a/drivers/net/ethernet/broadcom/bcmsysport.c
++++ b/drivers/net/ethernet/broadcom/bcmsysport.c
+@@ -732,11 +732,8 @@ static unsigned int __bcm_sysport_tx_rec
+ unsigned int c_index, last_c_index, last_tx_cn, num_tx_cbs;
+ unsigned int pkts_compl = 0, bytes_compl = 0;
+ struct bcm_sysport_cb *cb;
+- struct netdev_queue *txq;
+ u32 hw_ind;
+
+- txq = netdev_get_tx_queue(ndev, ring->index);
+-
+ /* Compute how many descriptors have been processed since last call */
+ hw_ind = tdma_readl(priv, TDMA_DESC_RING_PROD_CONS_INDEX(ring->index));
+ c_index = (hw_ind >> RING_CONS_INDEX_SHIFT) & RING_CONS_INDEX_MASK;
+@@ -767,9 +764,6 @@ static unsigned int __bcm_sysport_tx_rec
+
+ ring->c_index = c_index;
+
+- if (netif_tx_queue_stopped(txq) && pkts_compl)
+- netif_tx_wake_queue(txq);
+-
+ netif_dbg(priv, tx_done, ndev,
+ "ring=%d c_index=%d pkts_compl=%d, bytes_compl=%d\n",
+ ring->index, ring->c_index, pkts_compl, bytes_compl);
+@@ -781,16 +775,33 @@ static unsigned int __bcm_sysport_tx_rec
+ static unsigned int bcm_sysport_tx_reclaim(struct bcm_sysport_priv *priv,
+ struct bcm_sysport_tx_ring *ring)
+ {
++ struct netdev_queue *txq;
+ unsigned int released;
+ unsigned long flags;
+
++ txq = netdev_get_tx_queue(priv->netdev, ring->index);
++
+ spin_lock_irqsave(&ring->lock, flags);
+ released = __bcm_sysport_tx_reclaim(priv, ring);
++ if (released)
++ netif_tx_wake_queue(txq);
++
+ spin_unlock_irqrestore(&ring->lock, flags);
+
+ return released;
+ }
+
++/* Locked version of the per-ring TX reclaim, but does not wake the queue */
++static void bcm_sysport_tx_clean(struct bcm_sysport_priv *priv,
++ struct bcm_sysport_tx_ring *ring)
++{
++ unsigned long flags;
++
++ spin_lock_irqsave(&ring->lock, flags);
++ __bcm_sysport_tx_reclaim(priv, ring);
++ spin_unlock_irqrestore(&ring->lock, flags);
++}
++
+ static int bcm_sysport_tx_poll(struct napi_struct *napi, int budget)
+ {
+ struct bcm_sysport_tx_ring *ring =
+@@ -1275,7 +1286,7 @@ static void bcm_sysport_fini_tx_ring(str
+ napi_disable(&ring->napi);
+ netif_napi_del(&ring->napi);
+
+- bcm_sysport_tx_reclaim(priv, ring);
++ bcm_sysport_tx_clean(priv, ring);
+
+ kfree(ring->cbs);
+ ring->cbs = NULL;
--- /dev/null
+From foo@baz Wed Feb 1 08:49:51 CET 2017
+From: Lance Richardson <lrichard@redhat.com>
+Date: Thu, 12 Jan 2017 19:33:18 -0500
+Subject: openvswitch: maintain correct checksum state in conntrack actions
+
+From: Lance Richardson <lrichard@redhat.com>
+
+
+[ Upstream commit 75f01a4c9cc291ff5cb28ca1216adb163b7a20ee ]
+
+When executing conntrack actions on skbuffs with checksum mode
+CHECKSUM_COMPLETE, the checksum must be updated to account for
+header pushes and pulls. Otherwise we get "hw csum failure"
+logs similar to this (ICMP packet received on geneve tunnel
+via ixgbe NIC):
+
+[ 405.740065] genev_sys_6081: hw csum failure
+[ 405.740106] CPU: 3 PID: 0 Comm: swapper/3 Tainted: G I 4.10.0-rc3+ #1
+[ 405.740108] Call Trace:
+[ 405.740110] <IRQ>
+[ 405.740113] dump_stack+0x63/0x87
+[ 405.740116] netdev_rx_csum_fault+0x3a/0x40
+[ 405.740118] __skb_checksum_complete+0xcf/0xe0
+[ 405.740120] nf_ip_checksum+0xc8/0xf0
+[ 405.740124] icmp_error+0x1de/0x351 [nf_conntrack_ipv4]
+[ 405.740132] nf_conntrack_in+0xe1/0x550 [nf_conntrack]
+[ 405.740137] ? find_bucket.isra.2+0x62/0x70 [openvswitch]
+[ 405.740143] __ovs_ct_lookup+0x95/0x980 [openvswitch]
+[ 405.740145] ? netif_rx_internal+0x44/0x110
+[ 405.740149] ovs_ct_execute+0x147/0x4b0 [openvswitch]
+[ 405.740153] do_execute_actions+0x22e/0xa70 [openvswitch]
+[ 405.740157] ovs_execute_actions+0x40/0x120 [openvswitch]
+[ 405.740161] ovs_dp_process_packet+0x84/0x120 [openvswitch]
+[ 405.740166] ovs_vport_receive+0x73/0xd0 [openvswitch]
+[ 405.740168] ? udp_rcv+0x1a/0x20
+[ 405.740170] ? ip_local_deliver_finish+0x93/0x1e0
+[ 405.740172] ? ip_local_deliver+0x6f/0xe0
+[ 405.740174] ? ip_rcv_finish+0x3a0/0x3a0
+[ 405.740176] ? ip_rcv_finish+0xdb/0x3a0
+[ 405.740177] ? ip_rcv+0x2a7/0x400
+[ 405.740180] ? __netif_receive_skb_core+0x970/0xa00
+[ 405.740185] netdev_frame_hook+0xd3/0x160 [openvswitch]
+[ 405.740187] __netif_receive_skb_core+0x1dc/0xa00
+[ 405.740194] ? ixgbe_clean_rx_irq+0x46d/0xa20 [ixgbe]
+[ 405.740197] __netif_receive_skb+0x18/0x60
+[ 405.740199] netif_receive_skb_internal+0x40/0xb0
+[ 405.740201] napi_gro_receive+0xcd/0x120
+[ 405.740204] gro_cell_poll+0x57/0x80 [geneve]
+[ 405.740206] net_rx_action+0x260/0x3c0
+[ 405.740209] __do_softirq+0xc9/0x28c
+[ 405.740211] irq_exit+0xd9/0xf0
+[ 405.740213] do_IRQ+0x51/0xd0
+[ 405.740215] common_interrupt+0x93/0x93
+
+Fixes: 7f8a436eaa2c ("openvswitch: Add conntrack action")
+Signed-off-by: Lance Richardson <lrichard@redhat.com>
+Acked-by: Pravin B Shelar <pshelar@ovn.org>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/openvswitch/conntrack.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/net/openvswitch/conntrack.c
++++ b/net/openvswitch/conntrack.c
+@@ -501,7 +501,7 @@ int ovs_ct_execute(struct net *net, stru
+
+ /* The conntrack module expects to be working at L3. */
+ nh_ofs = skb_network_offset(skb);
+- skb_pull(skb, nh_ofs);
++ skb_pull_rcsum(skb, nh_ofs);
+
+ if (key->ip.frag != OVS_FRAG_TYPE_NONE) {
+ err = handle_fragments(net, key, info->zone.id, skb);
+@@ -527,6 +527,7 @@ int ovs_ct_execute(struct net *net, stru
+ &info->labels.mask);
+ err:
+ skb_push(skb, nh_ofs);
++ skb_postpush_rcsum(skb, skb->data, nh_ofs);
+ if (err)
+ kfree_skb(skb);
+ return err;
--- /dev/null
+From foo@baz Wed Feb 1 08:49:51 CET 2017
+From: Bjørn Mork <bjorn@mork.no>
+Date: Tue, 24 Jan 2017 10:45:38 +0100
+Subject: qmi_wwan/cdc_ether: add device ID for HP lt2523 (Novatel E371) WWAN card
+
+From: Bjørn Mork <bjorn@mork.no>
+
+
+[ Upstream commit 5b9f57516337b523f7466a53939aaaea7b78141b ]
+
+Another rebranded Novatel E371. qmi_wwan should drive this device, while
+cdc_ether should ignore it. Even though the USB descriptors are plain
+CDC-ETHER that USB interface is a QMI interface. Ref commit 7fdb7846c9ca
+("qmi_wwan/cdc_ether: add device IDs for Dell 5804 (Novatel E371) WWAN
+card")
+
+Cc: Dan Williams <dcbw@redhat.com>
+Signed-off-by: Bjørn Mork <bjorn@mork.no>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/usb/cdc_ether.c | 8 ++++++++
+ drivers/net/usb/qmi_wwan.c | 7 +++++++
+ 2 files changed, 15 insertions(+)
+
+--- a/drivers/net/usb/cdc_ether.c
++++ b/drivers/net/usb/cdc_ether.c
+@@ -462,6 +462,7 @@ static const struct driver_info wwan_inf
+ #define SAMSUNG_VENDOR_ID 0x04e8
+ #define LENOVO_VENDOR_ID 0x17ef
+ #define NVIDIA_VENDOR_ID 0x0955
++#define HP_VENDOR_ID 0x03f0
+
+ static const struct usb_device_id products[] = {
+ /* BLACKLIST !!
+@@ -608,6 +609,13 @@ static const struct usb_device_id produc
+ .driver_info = 0,
+ },
+
++/* HP lt2523 (Novatel E371) - handled by qmi_wwan */
++{
++ USB_DEVICE_AND_INTERFACE_INFO(HP_VENDOR_ID, 0x421d, USB_CLASS_COMM,
++ USB_CDC_SUBCLASS_ETHERNET, USB_CDC_PROTO_NONE),
++ .driver_info = 0,
++},
++
+ /* AnyDATA ADU960S - handled by qmi_wwan */
+ {
+ USB_DEVICE_AND_INTERFACE_INFO(0x16d5, 0x650a, USB_CLASS_COMM,
+--- a/drivers/net/usb/qmi_wwan.c
++++ b/drivers/net/usb/qmi_wwan.c
+@@ -485,6 +485,13 @@ static const struct usb_device_id produc
+ USB_CDC_PROTO_NONE),
+ .driver_info = (unsigned long)&qmi_wwan_info,
+ },
++ { /* HP lt2523 (Novatel E371) */
++ USB_DEVICE_AND_INTERFACE_INFO(0x03f0, 0x421d,
++ USB_CLASS_COMM,
++ USB_CDC_SUBCLASS_ETHERNET,
++ USB_CDC_PROTO_NONE),
++ .driver_info = (unsigned long)&qmi_wwan_info,
++ },
+ { /* HP lt4112 LTE/HSPA+ Gobi 4G Module (Huawei me906e) */
+ USB_DEVICE_AND_INTERFACE_INFO(0x03f0, 0x581d, USB_CLASS_VENDOR_SPEC, 1, 7),
+ .driver_info = (unsigned long)&qmi_wwan_info,
--- /dev/null
+From foo@baz Wed Feb 1 08:49:51 CET 2017
+From: hayeswang <hayeswang@realtek.com>
+Date: Mon, 23 Jan 2017 14:18:43 +0800
+Subject: r8152: don't execute runtime suspend if the tx is not empty
+
+From: hayeswang <hayeswang@realtek.com>
+
+
+[ Upstream commit 6a0b76c04ec157c88ca943debf78a8ee58469f2d ]
+
+Runtime suspend shouldn't be executed if the tx queue is not empty,
+because the device is not idle.
+
+Signed-off-by: Hayes Wang <hayeswang@realtek.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/usb/r8152.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/net/usb/r8152.c
++++ b/drivers/net/usb/r8152.c
+@@ -3442,6 +3442,8 @@ static bool delay_autosuspend(struct r81
+ */
+ if (!sw_linking && tp->rtl_ops.in_nway(tp))
+ return true;
++ else if (!skb_queue_empty(&tp->tx_queue))
++ return true;
+ else
+ return false;
+ }
--- /dev/null
+From foo@baz Wed Feb 1 08:49:51 CET 2017
+From: hayeswang <hayeswang@realtek.com>
+Date: Wed, 11 Jan 2017 16:25:34 +0800
+Subject: r8152: fix the sw rx checksum is unavailable
+
+From: hayeswang <hayeswang@realtek.com>
+
+
+[ Upstream commit 19c0f40d4fca3a47b8f784a627f0467f0138ccc8 ]
+
+Fix the hw rx checksum is always enabled, and the user couldn't switch
+it to sw rx checksum.
+
+Note that the RTL_VER_01 only support sw rx checksum only. Besides,
+the hw rx checksum for RTL_VER_02 is disabled after
+commit b9a321b48af4 ("r8152: Fix broken RX checksums."). Re-enable it.
+
+Signed-off-by: Hayes Wang <hayeswang@realtek.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/usb/r8152.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+--- a/drivers/net/usb/r8152.c
++++ b/drivers/net/usb/r8152.c
+@@ -1645,7 +1645,7 @@ static u8 r8152_rx_csum(struct r8152 *tp
+ u8 checksum = CHECKSUM_NONE;
+ u32 opts2, opts3;
+
+- if (tp->version == RTL_VER_01)
++ if (!(tp->netdev->features & NETIF_F_RXCSUM))
+ goto return_result;
+
+ opts2 = le32_to_cpu(rx_desc->opts2);
+@@ -4221,6 +4221,11 @@ static int rtl8152_probe(struct usb_inte
+ NETIF_F_HIGHDMA | NETIF_F_FRAGLIST |
+ NETIF_F_IPV6_CSUM | NETIF_F_TSO6;
+
++ if (tp->version == RTL_VER_01) {
++ netdev->features &= ~NETIF_F_RXCSUM;
++ netdev->hw_features &= ~NETIF_F_RXCSUM;
++ }
++
+ netdev->ethtool_ops = &ops;
+ netif_set_gso_max_size(netdev, RTL_LIMITED_TSO_SIZE);
+
--- /dev/null
+From foo@baz Wed Feb 1 08:49:51 CET 2017
+From: Masaru Nagai <masaru.nagai.vx@renesas.com>
+Date: Mon, 16 Jan 2017 11:45:21 +0100
+Subject: ravb: do not use zero-length alignment DMA descriptor
+
+From: Masaru Nagai <masaru.nagai.vx@renesas.com>
+
+
+[ Upstream commit 8ec3e8a192ba6f13be4522ee81227c792c86fb1a ]
+
+Due to alignment requirements of the hardware transmissions are split into
+two DMA descriptors, a small padding descriptor of 0 - 3 bytes in length
+followed by a descriptor for rest of the packet.
+
+In the case of IP packets the first descriptor will never be zero due to
+the way that the stack aligns buffers for IP packets. However, for non-IP
+packets it may be zero.
+
+In that case it has been reported that timeouts occur, presumably because
+transmission stops at the first zero-length DMA descriptor and thus the
+packet is not transmitted. However, in my environment a BUG is triggered as
+follows:
+
+[ 20.381417] ------------[ cut here ]------------
+[ 20.386054] kernel BUG at lib/swiotlb.c:495!
+[ 20.390324] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
+[ 20.395805] Modules linked in:
+[ 20.398862] CPU: 0 PID: 2089 Comm: mz Not tainted 4.10.0-rc3-00001-gf13ad2db193f #162
+[ 20.406689] Hardware name: Renesas Salvator-X board based on r8a7796 (DT)
+[ 20.413474] task: ffff80063b1f1900 task.stack: ffff80063a71c000
+[ 20.419404] PC is at swiotlb_tbl_map_single+0x178/0x2ec
+[ 20.424625] LR is at map_single+0x4c/0x98
+[ 20.428629] pc : [<ffff00000839c4c0>] lr : [<ffff00000839c680>] pstate: 800001c5
+[ 20.436019] sp : ffff80063a71f9b0
+[ 20.439327] x29: ffff80063a71f9b0 x28: ffff80063a20d500
+[ 20.444636] x27: ffff000008ed5000 x26: 0000000000000000
+[ 20.449944] x25: 000000067abe2adc x24: 0000000000000000
+[ 20.455252] x23: 0000000000200000 x22: 0000000000000001
+[ 20.460559] x21: 0000000000175ffe x20: ffff80063b2a0010
+[ 20.465866] x19: 0000000000000000 x18: 0000ffffcae6fb20
+[ 20.471173] x17: 0000ffffa09ba018 x16: ffff0000087c8b70
+[ 20.476480] x15: 0000ffffa084f588 x14: 0000ffffa09cfa14
+[ 20.481787] x13: 0000ffffcae87ff0 x12: 000000000063abe2
+[ 20.487098] x11: ffff000008096360 x10: ffff80063abe2adc
+[ 20.492407] x9 : 0000000000000000 x8 : 0000000000000000
+[ 20.497718] x7 : 0000000000000000 x6 : ffff000008ed50d0
+[ 20.503028] x5 : 0000000000000000 x4 : 0000000000000001
+[ 20.508338] x3 : 0000000000000000 x2 : 000000067abe2adc
+[ 20.513648] x1 : 00000000bafff000 x0 : 0000000000000000
+[ 20.518958]
+[ 20.520446] Process mz (pid: 2089, stack limit = 0xffff80063a71c000)
+[ 20.526798] Stack: (0xffff80063a71f9b0 to 0xffff80063a720000)
+[ 20.532543] f9a0: ffff80063a71fa30 ffff00000839c680
+[ 20.540374] f9c0: ffff80063b2a0010 ffff80063b2a0010 0000000000000001 0000000000000000
+[ 20.548204] f9e0: 000000000000006e ffff80063b23c000 ffff80063b23c000 0000000000000000
+[ 20.556034] fa00: ffff80063b23c000 ffff80063a20d500 000000013b1f1900 0000000000000000
+[ 20.563864] fa20: ffff80063ffd18e0 ffff80063b2a0010 ffff80063a71fa60 ffff00000839cd10
+[ 20.571694] fa40: ffff80063b2a0010 0000000000000000 ffff80063ffd18e0 000000067abe2adc
+[ 20.579524] fa60: ffff80063a71fa90 ffff000008096380 ffff80063b2a0010 0000000000000000
+[ 20.587353] fa80: 0000000000000000 0000000000000001 ffff80063a71fac0 ffff00000864f770
+[ 20.595184] faa0: ffff80063b23caf0 0000000000000000 0000000000000000 0000000000000140
+[ 20.603014] fac0: ffff80063a71fb60 ffff0000087e6498 ffff80063a20d500 ffff80063b23c000
+[ 20.610843] fae0: 0000000000000000 ffff000008daeaf0 0000000000000000 ffff000008daeb00
+[ 20.618673] fb00: ffff80063a71fc0c ffff000008da7000 ffff80063b23c090 ffff80063a44f000
+[ 20.626503] fb20: 0000000000000000 ffff000008daeb00 ffff80063a71fc0c ffff000008da7000
+[ 20.634333] fb40: ffff80063b23c090 0000000000000000 ffff800600000037 ffff0000087e63d8
+[ 20.642163] fb60: ffff80063a71fbc0 ffff000008807510 ffff80063a692400 ffff80063a20d500
+[ 20.649993] fb80: ffff80063a44f000 ffff80063b23c000 ffff80063a69249c 0000000000000000
+[ 20.657823] fba0: 0000000000000000 ffff80063a087800 ffff80063b23c000 ffff80063a20d500
+[ 20.665653] fbc0: ffff80063a71fc10 ffff0000087e67dc ffff80063a20d500 ffff80063a692400
+[ 20.673483] fbe0: ffff80063b23c000 0000000000000000 ffff80063a44f000 ffff80063a69249c
+[ 20.681312] fc00: ffff80063a5f1a10 000000103a087800 ffff80063a71fc70 ffff0000087e6b24
+[ 20.689142] fc20: ffff80063a5f1a80 ffff80063a71fde8 000000000000000f 00000000000005ea
+[ 20.696972] fc40: ffff80063a5f1a10 0000000000000000 000000000000000f ffff00000887fbd0
+[ 20.704802] fc60: fffffff43a5f1a80 0000000000000000 ffff80063a71fc80 ffff000008880240
+[ 20.712632] fc80: ffff80063a71fd90 ffff0000087c7a34 ffff80063afc7180 0000000000000000
+[ 20.720462] fca0: 0000ffffcae6fe18 0000000000000014 0000000060000000 0000000000000015
+[ 20.728292] fcc0: 0000000000000123 00000000000000ce ffff0000088d2000 ffff80063b1f1900
+[ 20.736122] fce0: 0000000000008933 ffff000008e7cb80 ffff80063a71fd80 ffff0000087c50a4
+[ 20.743951] fd00: 0000000000008933 ffff000008e7cb80 ffff000008e7cb80 000000100000000e
+[ 20.751781] fd20: ffff80063a71fe4c 0000ffff00000300 0000000000000123 0000000000000000
+[ 20.759611] fd40: 0000000000000000 ffff80063b1f0000 000000000000000e 0000000000000300
+[ 20.767441] fd60: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
+[ 20.775271] fd80: 0000000000000000 0000000000000000 ffff80063a71fda0 ffff0000087c8c20
+[ 20.783100] fda0: 0000000000000000 ffff000008082f30 0000000000000000 0000800637260000
+[ 20.790930] fdc0: ffffffffffffffff 0000ffffa0903078 0000000000000000 000000001ea87232
+[ 20.798760] fde0: 000000000000000f ffff80063a71fe40 ffff800600000014 ffff000000000001
+[ 20.806590] fe00: 0000000000000000 0000000000000000 ffff80063a71fde8 0000000000000000
+[ 20.814420] fe20: 0000000000000000 0000000000000000 0000000000000000 0000000000000001
+[ 20.822249] fe40: 0000000203000011 0000000000000000 0000000000000000 ffff80063a68aa00
+[ 20.830079] fe60: ffff80063a68aa00 0000000000000003 0000000000008933 ffff0000081f1b9c
+[ 20.837909] fe80: 0000000000000000 ffff000008082f30 0000000000000000 0000800637260000
+[ 20.845739] fea0: ffffffffffffffff 0000ffffa07ca81c 0000000060000000 0000000000000015
+[ 20.853569] fec0: 0000000000000003 000000001ea87232 000000000000000f 0000000000000000
+[ 20.861399] fee0: 0000ffffcae6fe18 0000000000000014 0000000000000300 0000000000000000
+[ 20.869228] ff00: 00000000000000ce 0000000000000000 00000000ffffffff 0000000000000000
+[ 20.877059] ff20: 0000000000000002 0000ffffcae87ff0 0000ffffa09cfa14 0000ffffa084f588
+[ 20.884888] ff40: 0000000000000000 0000ffffa09ba018 0000ffffcae6fb20 000000001ea87010
+[ 20.892718] ff60: 0000ffffa09b9000 0000ffffcae6fe30 0000ffffcae6fe18 000000000000000f
+[ 20.900548] ff80: 0000000000000003 000000001ea87232 0000000000000000 0000000000000000
+[ 20.908378] ffa0: 0000000000000000 0000ffffcae6fdc0 0000ffffa09a7824 0000ffffcae6fdc0
+[ 20.916208] ffc0: 0000ffffa0903078 0000000060000000 0000000000000003 00000000000000ce
+[ 20.924038] ffe0: 0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff
+[ 20.931867] Call trace:
+[ 20.934312] Exception stack(0xffff80063a71f7e0 to 0xffff80063a71f910)
+[ 20.940750] f7e0: 0000000000000000 0001000000000000 ffff80063a71f9b0 ffff00000839c4c0
+[ 20.948580] f800: ffff80063a71f840 ffff00000888a6e4 ffff80063a24c418 ffff80063a24c448
+[ 20.956410] f820: 0000000000000000 ffff00000811cd54 ffff80063a71f860 ffff80063a24c458
+[ 20.964240] f840: ffff80063a71f870 ffff00000888b258 ffff80063a24c418 0000000000000001
+[ 20.972070] f860: ffff80063a71f910 ffff80063a7b7028 ffff80063a71f890 ffff0000088825e4
+[ 20.979899] f880: 0000000000000000 00000000bafff000 000000067abe2adc 0000000000000000
+[ 20.987729] f8a0: 0000000000000001 0000000000000000 ffff000008ed50d0 0000000000000000
+[ 20.995560] f8c0: 0000000000000000 0000000000000000 ffff80063abe2adc ffff000008096360
+[ 21.003390] f8e0: 000000000063abe2 0000ffffcae87ff0 0000ffffa09cfa14 0000ffffa084f588
+[ 21.011219] f900: ffff0000087c8b70 0000ffffa09ba018
+[ 21.016097] [<ffff00000839c4c0>] swiotlb_tbl_map_single+0x178/0x2ec
+[ 21.022362] [<ffff00000839c680>] map_single+0x4c/0x98
+[ 21.027411] [<ffff00000839cd10>] swiotlb_map_page+0xa4/0x138
+[ 21.033072] [<ffff000008096380>] __swiotlb_map_page+0x20/0x7c
+[ 21.038821] [<ffff00000864f770>] ravb_start_xmit+0x174/0x668
+[ 21.044484] [<ffff0000087e6498>] dev_hard_start_xmit+0x8c/0x120
+[ 21.050407] [<ffff000008807510>] sch_direct_xmit+0x108/0x1a0
+[ 21.056064] [<ffff0000087e67dc>] __dev_queue_xmit+0x194/0x4cc
+[ 21.061807] [<ffff0000087e6b24>] dev_queue_xmit+0x10/0x18
+[ 21.067214] [<ffff000008880240>] packet_sendmsg+0xf40/0x1220
+[ 21.072873] [<ffff0000087c7a34>] sock_sendmsg+0x18/0x2c
+[ 21.078097] [<ffff0000087c8c20>] SyS_sendto+0xb0/0xf0
+[ 21.083150] [<ffff000008082f30>] el0_svc_naked+0x24/0x28
+[ 21.088462] Code: d34bfef7 2a1803f3 1a9f86d6 35fff878 (d4210000)
+[ 21.094611] ---[ end trace 5bc544ad491f3814 ]---
+[ 21.099234] Kernel panic - not syncing: Fatal exception in interrupt
+[ 21.105587] Kernel Offset: disabled
+[ 21.109073] Memory Limit: none
+[ 21.112126] ---[ end Kernel panic - not syncing: Fatal exception in interrupt
+
+Fixes: 2f45d1902acf ("ravb: minimize TX data copying")
+Signed-off-by: Masaru Nagai <masaru.nagai.vx@renesas.com
+Signed-off-by: Simon Horman <horms+renesas@verge.net.au>
+Acked-by: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/renesas/ravb_main.c | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+--- a/drivers/net/ethernet/renesas/ravb_main.c
++++ b/drivers/net/ethernet/renesas/ravb_main.c
+@@ -1330,6 +1330,19 @@ static netdev_tx_t ravb_start_xmit(struc
+ buffer = PTR_ALIGN(priv->tx_align[q], DPTR_ALIGN) +
+ entry / NUM_TX_DESC * DPTR_ALIGN;
+ len = PTR_ALIGN(skb->data, DPTR_ALIGN) - skb->data;
++ /* Zero length DMA descriptors are problematic as they seem to
++ * terminate DMA transfers. Avoid them by simply using a length of
++ * DPTR_ALIGN (4) when skb data is aligned to DPTR_ALIGN.
++ *
++ * As skb is guaranteed to have at least ETH_ZLEN (60) bytes of
++ * data by the call to skb_put_padto() above this is safe with
++ * respect to both the length of the first DMA descriptor (len)
++ * overflowing the available data and the length of the second DMA
++ * descriptor (skb->len - len) being negative.
++ */
++ if (len == 0)
++ len = DPTR_ALIGN;
++
+ memcpy(buffer, skb->data, len);
+ dma_addr = dma_map_single(ndev->dev.parent, buffer, len, DMA_TO_DEVICE);
+ if (dma_mapping_error(ndev->dev.parent, dma_addr))
--- /dev/null
+r8152-fix-the-sw-rx-checksum-is-unavailable.patch
+mlxsw-spectrum-fix-memory-leak-at-skb-reallocation.patch
+mlxsw-switchx2-fix-memory-leak-at-skb-reallocation.patch
+mlxsw-pci-fix-eqe-structure-definition.patch
+net-lwtunnel-handle-lwtunnel_fill_encap-failure.patch
+net-ipv4-fix-table-id-in-getroute-response.patch
+net-systemport-decouple-flow-control-from-__bcm_sysport_tx_reclaim.patch
+tcp-fix-tcp_fastopen-unaligned-access-complaints-on-sparc.patch
+openvswitch-maintain-correct-checksum-state-in-conntrack-actions.patch
+ravb-do-not-use-zero-length-alignment-dma-descriptor.patch
+ax25-fix-segfault-after-sock-connection-timeout.patch
+net-fix-harmonize_features-vs-netif_f_highdma.patch
+net-phy-bcm63xx-utilize-correct-config_intr-function.patch
+ipv6-addrconf-avoid-addrconf_disable_change-using-rcu-read-side-lock.patch
+tcp-initialize-max-window-for-a-new-fastopen-socket.patch
+bridge-netlink-call-br_changelink-during-br_dev_newlink.patch
+r8152-don-t-execute-runtime-suspend-if-the-tx-is-not-empty.patch
+af_unix-move-unix_mknod-out-of-bindlock.patch
+qmi_wwan-cdc_ether-add-device-id-for-hp-lt2523-novatel-e371-wwan-card.patch
+net-dsa-bring-back-device-detaching-in-dsa_slave_suspend.patch
--- /dev/null
+From foo@baz Wed Feb 1 08:49:51 CET 2017
+From: Shannon Nelson <shannon.nelson@oracle.com>
+Date: Thu, 12 Jan 2017 14:24:58 -0800
+Subject: tcp: fix tcp_fastopen unaligned access complaints on sparc
+
+From: Shannon Nelson <shannon.nelson@oracle.com>
+
+
+[ Upstream commit 003c941057eaa868ca6fedd29a274c863167230d ]
+
+Fix up a data alignment issue on sparc by swapping the order
+of the cookie byte array field with the length field in
+struct tcp_fastopen_cookie, and making it a proper union
+to clean up the typecasting.
+
+This addresses log complaints like these:
+ log_unaligned: 113 callbacks suppressed
+ Kernel unaligned access at TPC[976490] tcp_try_fastopen+0x2d0/0x360
+ Kernel unaligned access at TPC[9764ac] tcp_try_fastopen+0x2ec/0x360
+ Kernel unaligned access at TPC[9764c8] tcp_try_fastopen+0x308/0x360
+ Kernel unaligned access at TPC[9764e4] tcp_try_fastopen+0x324/0x360
+ Kernel unaligned access at TPC[976490] tcp_try_fastopen+0x2d0/0x360
+
+Cc: Eric Dumazet <eric.dumazet@gmail.com>
+Signed-off-by: Shannon Nelson <shannon.nelson@oracle.com>
+Acked-by: Eric Dumazet <edumazet@google.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ include/linux/tcp.h | 7 ++++++-
+ net/ipv4/tcp_fastopen.c | 2 +-
+ 2 files changed, 7 insertions(+), 2 deletions(-)
+
+--- a/include/linux/tcp.h
++++ b/include/linux/tcp.h
+@@ -56,8 +56,13 @@ static inline unsigned int tcp_optlen(co
+
+ /* TCP Fast Open Cookie as stored in memory */
+ struct tcp_fastopen_cookie {
++ union {
++ u8 val[TCP_FASTOPEN_COOKIE_MAX];
++#if IS_ENABLED(CONFIG_IPV6)
++ struct in6_addr addr;
++#endif
++ };
+ s8 len;
+- u8 val[TCP_FASTOPEN_COOKIE_MAX];
+ bool exp; /* In RFC6994 experimental option format */
+ };
+
+--- a/net/ipv4/tcp_fastopen.c
++++ b/net/ipv4/tcp_fastopen.c
+@@ -112,7 +112,7 @@ static bool tcp_fastopen_cookie_gen(stru
+ struct tcp_fastopen_cookie tmp;
+
+ if (__tcp_fastopen_cookie_gen(&ip6h->saddr, &tmp)) {
+- struct in6_addr *buf = (struct in6_addr *) tmp.val;
++ struct in6_addr *buf = &tmp.addr;
+ int i;
+
+ for (i = 0; i < 4; i++)
--- /dev/null
+From foo@baz Wed Feb 1 08:49:51 CET 2017
+From: Alexey Kodanev <alexey.kodanev@oracle.com>
+Date: Thu, 19 Jan 2017 16:36:39 +0300
+Subject: tcp: initialize max window for a new fastopen socket
+
+From: Alexey Kodanev <alexey.kodanev@oracle.com>
+
+
+[ Upstream commit 0dbd7ff3ac5017a46033a9d0a87a8267d69119d9 ]
+
+Found that if we run LTP netstress test with large MSS (65K),
+the first attempt from server to send data comparable to this
+MSS on fastopen connection will be delayed by the probe timer.
+
+Here is an example:
+
+ < S seq 0:0 win 43690 options [mss 65495 wscale 7 tfo cookie] length 32
+ > S. seq 0:0 ack 1 win 43690 options [mss 65495 wscale 7] length 0
+ < . ack 1 win 342 length 0
+
+Inside tcp_sendmsg(), tcp_send_mss() returns max MSS in 'mss_now',
+as well as in 'size_goal'. This results the segment not queued for
+transmition until all the data copied from user buffer. Then, inside
+__tcp_push_pending_frames(), it breaks on send window test and
+continues with the check probe timer.
+
+Fragmentation occurs in tcp_write_wakeup()...
+
++0.2 > P. seq 1:43777 ack 1 win 342 length 43776
+ < . ack 43777, win 1365 length 0
+ > P. seq 43777:65001 ack 1 win 342 options [...] length 21224
+ ...
+
+This also contradicts with the fact that we should bound to the half
+of the window if it is large.
+
+Fix this flaw by correctly initializing max_window. Before that, it
+could have large values that affect further calculations of 'size_goal'.
+
+Fixes: 168a8f58059a ("tcp: TCP Fast Open Server - main code path")
+Signed-off-by: Alexey Kodanev <alexey.kodanev@oracle.com>
+Acked-by: Eric Dumazet <edumazet@google.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv4/tcp_fastopen.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/net/ipv4/tcp_fastopen.c
++++ b/net/ipv4/tcp_fastopen.c
+@@ -161,6 +161,7 @@ static struct sock *tcp_fastopen_create_
+ * scaled. So correct it appropriately.
+ */
+ tp->snd_wnd = ntohs(tcp_hdr(skb)->window);
++ tp->max_window = tp->snd_wnd;
+
+ /* Activate the retrans timer so that SYNACK can be retransmitted.
+ * The request socket is not added to the ehash
--- /dev/null
+r8152-fix-the-sw-rx-checksum-is-unavailable.patch
+netvsc-add-rcu_read-locking-to-netvsc-callback.patch
+mlxsw-spectrum-fix-memory-leak-at-skb-reallocation.patch
+mlxsw-switchx2-fix-memory-leak-at-skb-reallocation.patch
+mlxsw-pci-fix-eqe-structure-definition.patch
+net-lwtunnel-handle-lwtunnel_fill_encap-failure.patch
+net-ipv4-fix-table-id-in-getroute-response.patch
+net-systemport-decouple-flow-control-from-__bcm_sysport_tx_reclaim.patch
+tcp-fix-tcp_fastopen-unaligned-access-complaints-on-sparc.patch
+openvswitch-maintain-correct-checksum-state-in-conntrack-actions.patch
+mlx4-do-not-call-napi_schedule-without-care.patch
+ravb-do-not-use-zero-length-alignment-dma-descriptor.patch
+ip6_tunnel-account-for-tunnel-header-in-tunnel-mtu.patch
+ax25-fix-segfault-after-sock-connection-timeout.patch
+net-sched-actions-fix-refcnt-when-geting-of-action-after-bind.patch
+virtio-don-t-set-virtio_net_hdr_f_data_valid-on-xmit.patch
+virtio-net-restore-virtio_hdr_f_data_valid-on-receiving.patch
+vxlan-fix-byte-order-of-vxlan-gpe-port-number.patch
+net-fix-harmonize_features-vs-netif_f_highdma.patch
+net-phy-bcm63xx-utilize-correct-config_intr-function.patch
+lwtunnel-fix-autoload-of-lwt-modules.patch
+ipv6-addrconf-avoid-addrconf_disable_change-using-rcu-read-side-lock.patch
+tcp-initialize-max-window-for-a-new-fastopen-socket.patch
+net-mlx5e-do-not-recycle-pages-from-emergency-reserve.patch
+bridge-netlink-call-br_changelink-during-br_dev_newlink.patch
+net-mpls-fix-multipath-selection-for-lsr-use-case.patch
+r8152-don-t-execute-runtime-suspend-if-the-tx-is-not-empty.patch
+af_unix-move-unix_mknod-out-of-bindlock.patch
+qmi_wwan-cdc_ether-add-device-id-for-hp-lt2523-novatel-e371-wwan-card.patch
+net-specify-the-owning-module-for-lwtunnel-ops.patch
+lwtunnel-fix-oops-on-state-free-after-encap-module-unload.patch
+net-dsa-bring-back-device-detaching-in-dsa_slave_suspend.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
