--- /dev/null
+From foo@baz Sat Nov 7 11:46:48 AM CET 2020
+From: Mark Deneen <mdeneen@saucontech.com>
+Date: Fri, 30 Oct 2020 15:58:14 +0000
+Subject: [PATCH stable 5.9 01/20] cadence: force nonlinear buffers to be cloned
+
+From: Mark Deneen <mdeneen@saucontech.com>
+
+[ Upstream commit 403dc16796f5516acf23d94a1cd9eba564d03210 ]
+
+In my test setup, I had a SAMA5D27 device configured with ip forwarding, and
+second device with usb ethernet (r8152) sending ICMP packets. If the packet
+was larger than about 220 bytes, the SAMA5 device would "oops" with the
+following trace:
+
+kernel BUG at net/core/skbuff.c:1863!
+Internal error: Oops - BUG: 0 [#1] ARM
+Modules linked in: xt_MASQUERADE ppp_async ppp_generic slhc iptable_nat xt_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 can_raw can bridge stp llc ipt_REJECT nf_reject_ipv4 sd_mod cdc_ether usbnet usb_storage r8152 scsi_mod mii o
+ption usb_wwan usbserial micrel macb at91_sama5d2_adc phylink gpio_sama5d2_piobu m_can_platform m_can industrialio_triggered_buffer kfifo_buf of_mdio can_dev fixed_phy sdhci_of_at91 sdhci_pltfm libphy sdhci mmc_core ohci_at91 ehci_atmel o
+hci_hcd iio_rescale industrialio sch_fq_codel spidev prox2_hal(O)
+CPU: 0 PID: 0 Comm: swapper Tainted: G O 5.9.1-prox2+ #1
+Hardware name: Atmel SAMA5
+PC is at skb_put+0x3c/0x50
+LR is at macb_start_xmit+0x134/0xad0 [macb]
+pc : [<c05258cc>] lr : [<bf0ea5b8>] psr: 20070113
+sp : c0d01a60 ip : c07232c0 fp : c4250000
+r10: c0d03cc8 r9 : 00000000 r8 : c0d038c0
+r7 : 00000000 r6 : 00000008 r5 : c59b66c0 r4 : 0000002a
+r3 : 8f659eff r2 : c59e9eea r1 : 00000001 r0 : c59b66c0
+Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none
+Control: 10c53c7d Table: 2640c059 DAC: 00000051
+Process swapper (pid: 0, stack limit = 0x75002d81)
+
+<snipped stack>
+
+[<c05258cc>] (skb_put) from [<bf0ea5b8>] (macb_start_xmit+0x134/0xad0 [macb])
+[<bf0ea5b8>] (macb_start_xmit [macb]) from [<c053e504>] (dev_hard_start_xmit+0x90/0x11c)
+[<c053e504>] (dev_hard_start_xmit) from [<c0571180>] (sch_direct_xmit+0x124/0x260)
+[<c0571180>] (sch_direct_xmit) from [<c053eae4>] (__dev_queue_xmit+0x4b0/0x6d0)
+[<c053eae4>] (__dev_queue_xmit) from [<c05a5650>] (ip_finish_output2+0x350/0x580)
+[<c05a5650>] (ip_finish_output2) from [<c05a7e24>] (ip_output+0xb4/0x13c)
+[<c05a7e24>] (ip_output) from [<c05a39d0>] (ip_forward+0x474/0x500)
+[<c05a39d0>] (ip_forward) from [<c05a13d8>] (ip_sublist_rcv_finish+0x3c/0x50)
+[<c05a13d8>] (ip_sublist_rcv_finish) from [<c05a19b8>] (ip_sublist_rcv+0x11c/0x188)
+[<c05a19b8>] (ip_sublist_rcv) from [<c05a2494>] (ip_list_rcv+0xf8/0x124)
+[<c05a2494>] (ip_list_rcv) from [<c05403c4>] (__netif_receive_skb_list_core+0x1a0/0x20c)
+[<c05403c4>] (__netif_receive_skb_list_core) from [<c05405c4>] (netif_receive_skb_list_internal+0x194/0x230)
+[<c05405c4>] (netif_receive_skb_list_internal) from [<c0540684>] (gro_normal_list.part.0+0x14/0x28)
+[<c0540684>] (gro_normal_list.part.0) from [<c0541280>] (napi_complete_done+0x16c/0x210)
+[<c0541280>] (napi_complete_done) from [<bf14c1c0>] (r8152_poll+0x684/0x708 [r8152])
+[<bf14c1c0>] (r8152_poll [r8152]) from [<c0541424>] (net_rx_action+0x100/0x328)
+[<c0541424>] (net_rx_action) from [<c01012ec>] (__do_softirq+0xec/0x274)
+[<c01012ec>] (__do_softirq) from [<c012d6d4>] (irq_exit+0xcc/0xd0)
+[<c012d6d4>] (irq_exit) from [<c0160960>] (__handle_domain_irq+0x58/0xa4)
+[<c0160960>] (__handle_domain_irq) from [<c0100b0c>] (__irq_svc+0x6c/0x90)
+Exception stack(0xc0d01ef0 to 0xc0d01f38)
+1ee0: 00000000 0000003d 0c31f383 c0d0fa00
+1f00: c0d2eb80 00000000 c0d2e630 4dad8c49 4da967b0 0000003d 0000003d 00000000
+1f20: fffffff5 c0d01f40 c04e0f88 c04e0f8c 30070013 ffffffff
+[<c0100b0c>] (__irq_svc) from [<c04e0f8c>] (cpuidle_enter_state+0x7c/0x378)
+[<c04e0f8c>] (cpuidle_enter_state) from [<c04e12c4>] (cpuidle_enter+0x28/0x38)
+[<c04e12c4>] (cpuidle_enter) from [<c014f710>] (do_idle+0x194/0x214)
+[<c014f710>] (do_idle) from [<c014fa50>] (cpu_startup_entry+0xc/0x14)
+[<c014fa50>] (cpu_startup_entry) from [<c0a00dc8>] (start_kernel+0x46c/0x4a0)
+Code: e580c054 8a000002 e1a00002 e8bd8070 (e7f001f2)
+---[ end trace 146c8a334115490c ]---
+
+The solution was to force nonlinear buffers to be cloned. This was previously
+reported by Klaus Doth (https://www.spinics.net/lists/netdev/msg556937.html)
+but never formally submitted as a patch.
+
+This is the third revision, hopefully the formatting is correct this time!
+
+Suggested-by: Klaus Doth <krnl@doth.eu>
+Fixes: 653e92a9175e ("net: macb: add support for padding and fcs computation")
+Signed-off-by: Mark Deneen <mdeneen@saucontech.com>
+Link: https://lore.kernel.org/r/20201030155814.622831-1-mdeneen@saucontech.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/cadence/macb_main.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/net/ethernet/cadence/macb_main.c
++++ b/drivers/net/ethernet/cadence/macb_main.c
+@@ -1718,7 +1718,8 @@ static inline int macb_clear_csum(struct
+
+ static int macb_pad_and_fcs(struct sk_buff **skb, struct net_device *ndev)
+ {
+- bool cloned = skb_cloned(*skb) || skb_header_cloned(*skb);
++ bool cloned = skb_cloned(*skb) || skb_header_cloned(*skb) ||
++ skb_is_nonlinear(*skb);
+ int padlen = ETH_ZLEN - (*skb)->len;
+ int headroom = skb_headroom(*skb);
+ int tailroom = skb_tailroom(*skb);
--- /dev/null
+From foo@baz Sat Nov 7 11:46:48 AM CET 2020
+From: Vinay Kumar Yadav <vinay.yadav@chelsio.com>
+Date: Mon, 2 Nov 2020 23:09:10 +0530
+Subject: [PATCH stable 5.9 03/20] chelsio/chtls: fix always leaking ctrl_skb
+
+From: Vinay Kumar Yadav <vinay.yadav@chelsio.com>
+
+[ Upstream commit dbfe394dad33f99cf8458be50483ec40a5d29c34 ]
+
+Correct skb refcount in alloc_ctrl_skb(), causing skb memleak
+when chtls_send_abort() called with NULL skb.
+it was always leaking the skb, correct it by incrementing skb
+refs by one.
+
+Fixes: cc35c88ae4db ("crypto : chtls - CPL handler definition")
+Signed-off-by: Vinay Kumar Yadav <vinay.yadav@chelsio.com>
+Link: https://lore.kernel.org/r/20201102173909.24826-1-vinay.yadav@chelsio.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/crypto/chelsio/chtls/chtls_cm.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/crypto/chelsio/chtls/chtls_cm.c
++++ b/drivers/crypto/chelsio/chtls/chtls_cm.c
+@@ -174,7 +174,7 @@ static struct sk_buff *alloc_ctrl_skb(st
+ {
+ if (likely(skb && !skb_shared(skb) && !skb_cloned(skb))) {
+ __skb_trim(skb, 0);
+- refcount_add(2, &skb->users);
++ refcount_inc(&skb->users);
+ } else {
+ skb = alloc_skb(len, GFP_KERNEL | __GFP_NOFAIL);
+ }
--- /dev/null
+From foo@baz Sat Nov 7 11:46:48 AM CET 2020
+From: Vinay Kumar Yadav <vinay.yadav@chelsio.com>
+Date: Mon, 2 Nov 2020 23:06:51 +0530
+Subject: [PATCH stable 5.9 02/20] chelsio/chtls: fix memory leaks caused by a race
+
+From: Vinay Kumar Yadav <vinay.yadav@chelsio.com>
+
+[ Upstream commit 8080b462b6aa856ae05ea010441a702599e579f2 ]
+
+race between user context and softirq causing memleak,
+consider the call sequence scenario
+
+chtls_setkey() //user context
+chtls_peer_close()
+chtls_abort_req_rss()
+chtls_setkey() //user context
+
+work request skb queued in chtls_setkey() won't be freed
+because resources are already cleaned for this connection,
+fix it by not queuing work request while socket is closing.
+
+v1->v2:
+- fix W=1 warning.
+
+v2->v3:
+- separate it out from another memleak fix.
+
+Fixes: cc35c88ae4db ("crypto : chtls - CPL handler definition")
+Signed-off-by: Vinay Kumar Yadav <vinay.yadav@chelsio.com>
+Link: https://lore.kernel.org/r/20201102173650.24754-1-vinay.yadav@chelsio.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/crypto/chelsio/chtls/chtls_hw.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/drivers/crypto/chelsio/chtls/chtls_hw.c
++++ b/drivers/crypto/chelsio/chtls/chtls_hw.c
+@@ -357,6 +357,9 @@ int chtls_setkey(struct chtls_sock *csk,
+ if (ret)
+ goto out_notcb;
+
++ if (unlikely(csk_flag(sk, CSK_ABORT_SHUTDOWN)))
++ goto out_notcb;
++
+ set_wr_txq(skb, CPL_PRIORITY_DATA, csk->tlshws.txqid);
+ csk->wr_credits -= DIV_ROUND_UP(len, 16);
+ csk->wr_unacked += DIV_ROUND_UP(len, 16);
--- /dev/null
+From foo@baz Sat Nov 7 11:46:48 AM CET 2020
+From: Claudiu Manoil <claudiu.manoil@nxp.com>
+Date: Tue, 20 Oct 2020 20:36:05 +0300
+Subject: [PATCH stable 5.9 07/20] gianfar: Account for Tx PTP timestamp in the skb headroom
+
+From: Claudiu Manoil <claudiu.manoil@nxp.com>
+
+[ Upstream commit d6a076d68c6b5d6a5800f3990a513facb7016dea ]
+
+When PTP timestamping is enabled on Tx, the controller
+inserts the Tx timestamp at the beginning of the frame
+buffer, between SFD and the L2 frame header. This means
+that the skb provided by the stack is required to have
+enough headroom otherwise a new skb needs to be created
+by the driver to accommodate the timestamp inserted by h/w.
+Up until now the driver was relying on the second option,
+using skb_realloc_headroom() to create a new skb to accommodate
+PTP frames. Turns out that this method is not reliable, as
+reallocation of skbs for PTP frames along with the required
+overhead (skb_set_owner_w, consume_skb) is causing random
+crashes in subsequent skb_*() calls, when multiple concurrent
+TCP streams are run at the same time on the same device
+(as seen in James' report).
+Note that these crashes don't occur with a single TCP stream,
+nor with multiple concurrent UDP streams, but only when multiple
+TCP streams are run concurrently with the PTP packet flow
+(doing skb reallocation).
+This patch enforces the first method, by requesting enough
+headroom from the stack to accommodate PTP frames, and so avoiding
+skb_realloc_headroom() & co, and the crashes no longer occur.
+There's no reason not to set needed_headroom to a large enough
+value to accommodate PTP frames, so in this regard this patch
+is a fix.
+
+Reported-by: James Jurack <james.jurack@ametek.com>
+Fixes: bee9e58c9e98 ("gianfar:don't add FCB length to hard_header_len")
+Signed-off-by: Claudiu Manoil <claudiu.manoil@nxp.com>
+Link: https://lore.kernel.org/r/20201020173605.1173-1-claudiu.manoil@nxp.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/freescale/gianfar.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/net/ethernet/freescale/gianfar.c
++++ b/drivers/net/ethernet/freescale/gianfar.c
+@@ -3369,7 +3369,7 @@ static int gfar_probe(struct platform_de
+
+ if (dev->features & NETIF_F_IP_CSUM ||
+ priv->device_flags & FSL_GIANFAR_DEV_HAS_TIMER)
+- dev->needed_headroom = GMAC_FCB_LEN;
++ dev->needed_headroom = GMAC_FCB_LEN + GMAC_TXPAL_LEN;
+
+ /* Initializing some of the rx/tx queue level parameters */
+ for (i = 0; i < priv->num_tx_queues; i++) {
--- /dev/null
+From foo@baz Sat Nov 7 11:46:48 AM CET 2020
+From: Claudiu Manoil <claudiu.manoil@nxp.com>
+Date: Thu, 29 Oct 2020 10:10:56 +0200
+Subject: [PATCH stable 5.9 06/20] gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP
+
+From: Claudiu Manoil <claudiu.manoil@nxp.com>
+
+[ Upstream commit d145c9031325fed963a887851d9fa42516efd52b ]
+
+When PTP timestamping is enabled on Tx, the controller
+inserts the Tx timestamp at the beginning of the frame
+buffer, between SFD and the L2 frame header. This means
+that the skb provided by the stack is required to have
+enough headroom otherwise a new skb needs to be created
+by the driver to accommodate the timestamp inserted by h/w.
+Up until now the driver was relying on skb_realloc_headroom()
+to create new skbs to accommodate PTP frames. Turns out that
+this method is not reliable in this context at least, as
+skb_realloc_headroom() for PTP frames can cause random crashes,
+mostly in subsequent skb_*() calls, when multiple concurrent
+TCP streams are run at the same time with the PTP flow
+on the same device (as seen in James' report). I also noticed
+that when the system is loaded by sending multiple TCP streams,
+the driver receives cloned skbs in large numbers.
+skb_cow_head() instead proves to be stable in this scenario,
+and not only handles cloned skbs too but it's also more efficient
+and widely used in other drivers.
+The commit introducing skb_realloc_headroom in the driver
+goes back to 2009, commit 93c1285c5d92
+("gianfar: reallocate skb when headroom is not enough for fcb").
+For practical purposes I'm referencing a newer commit (from 2012)
+that brings the code to its current structure (and fixes the PTP
+case).
+
+Fixes: 9c4886e5e63b ("gianfar: Fix invalid TX frames returned on error queue when time stamping")
+Reported-by: James Jurack <james.jurack@ametek.com>
+Suggested-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Claudiu Manoil <claudiu.manoil@nxp.com>
+Link: https://lore.kernel.org/r/20201029081057.8506-1-claudiu.manoil@nxp.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/freescale/gianfar.c | 12 ++----------
+ 1 file changed, 2 insertions(+), 10 deletions(-)
+
+--- a/drivers/net/ethernet/freescale/gianfar.c
++++ b/drivers/net/ethernet/freescale/gianfar.c
+@@ -1826,20 +1826,12 @@ static netdev_tx_t gfar_start_xmit(struc
+ fcb_len = GMAC_FCB_LEN + GMAC_TXPAL_LEN;
+
+ /* make space for additional header when fcb is needed */
+- if (fcb_len && unlikely(skb_headroom(skb) < fcb_len)) {
+- struct sk_buff *skb_new;
+-
+- skb_new = skb_realloc_headroom(skb, fcb_len);
+- if (!skb_new) {
++ if (fcb_len) {
++ if (unlikely(skb_cow_head(skb, fcb_len))) {
+ dev->stats.tx_errors++;
+ dev_kfree_skb_any(skb);
+ return NETDEV_TX_OK;
+ }
+-
+- if (skb->sk)
+- skb_set_owner_w(skb_new, skb->sk);
+- dev_consume_skb_any(skb);
+- skb = skb_new;
+ }
+
+ /* total number of fragments in the SKB */
--- /dev/null
+From foo@baz Sat Nov 7 11:46:48 AM CET 2020
+From: Shannon Nelson <snelson@pensando.io>
+Date: Wed, 4 Nov 2020 11:56:06 -0800
+Subject: [PATCH stable 5.9 08/20] ionic: check port ptr before use
+
+From: Shannon Nelson <snelson@pensando.io>
+
+[ Upstream commit 2bcbf42add911ef63a6d90e92001dc2bcb053e68 ]
+
+Check for corner case of port_init failure before using
+the port_info pointer.
+
+Fixes: 4d03e00a2140 ("ionic: Add initial ethtool support")
+Signed-off-by: Shannon Nelson <snelson@pensando.io>
+Link: https://lore.kernel.org/r/20201104195606.61184-1-snelson@pensando.io
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/pensando/ionic/ionic_ethtool.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/drivers/net/ethernet/pensando/ionic/ionic_ethtool.c
++++ b/drivers/net/ethernet/pensando/ionic/ionic_ethtool.c
+@@ -125,6 +125,11 @@ static int ionic_get_link_ksettings(stru
+
+ ethtool_link_ksettings_zero_link_mode(ks, supported);
+
++ if (!idev->port_info) {
++ netdev_err(netdev, "port_info not initialized\n");
++ return -EOPNOTSUPP;
++ }
++
+ /* The port_info data is found in a DMA space that the NIC keeps
+ * up-to-date, so there's no need to request the data from the
+ * NIC, we already have it in our memory space.
--- /dev/null
+From foo@baz Sat Nov 7 11:46:48 AM CET 2020
+From: wenxu <wenxu@ucloud.cn>
+Date: Fri, 30 Oct 2020 11:32:08 +0800
+Subject: [PATCH stable 5.9 09/20] ip_tunnel: fix over-mtu packet send fail without TUNNEL_DONT_FRAGMENT flags
+
+From: wenxu <wenxu@ucloud.cn>
+
+[ Upstream commit 20149e9eb68c003eaa09e7c9a49023df40779552 ]
+
+The tunnel device such as vxlan, bareudp and geneve in the lwt mode set
+the outer df only based TUNNEL_DONT_FRAGMENT.
+And this was also the behavior for gre device before switching to use
+ip_md_tunnel_xmit in commit 962924fa2b7a ("ip_gre: Refactor collect
+metatdata mode tunnel xmit to ip_md_tunnel_xmit")
+
+When the ip_gre in lwt mode xmit with ip_md_tunnel_xmi changed the rule and
+make the discrepancy between handling of DF by different tunnels. So in the
+ip_md_tunnel_xmit should follow the same rule like other tunnels.
+
+Fixes: cfc7381b3002 ("ip_tunnel: add collect_md mode to IPIP tunnel")
+Signed-off-by: wenxu <wenxu@ucloud.cn>
+Link: https://lore.kernel.org/r/1604028728-31100-1-git-send-email-wenxu@ucloud.cn
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv4/ip_tunnel.c | 3 ---
+ 1 file changed, 3 deletions(-)
+
+--- a/net/ipv4/ip_tunnel.c
++++ b/net/ipv4/ip_tunnel.c
+@@ -614,9 +614,6 @@ void ip_md_tunnel_xmit(struct sk_buff *s
+ ttl = ip4_dst_hoplimit(&rt->dst);
+ }
+
+- if (!df && skb->protocol == htons(ETH_P_IP))
+- df = inner_iph->frag_off & htons(IP_DF);
+-
+ headroom += LL_RESERVED_SPACE(rt->dst.dev) + rt->dst.header_len;
+ if (headroom > dev->needed_headroom)
+ dev->needed_headroom = headroom;
--- /dev/null
+From foo@baz Sat Nov 7 11:46:48 AM CET 2020
+From: Daniele Palmas <dnlplm@gmail.com>
+Date: Mon, 2 Nov 2020 12:01:08 +0100
+Subject: [PATCH stable 5.9 11/20] net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition
+
+From: Daniele Palmas <dnlplm@gmail.com>
+
+[ Upstream commit 5fd8477ed8ca77e64b93d44a6dae4aa70c191396 ]
+
+Add support for Telit LE910Cx 0x1230 composition:
+
+0x1230: tty, adb, rmnet, audio, tty, tty, tty, tty
+
+Signed-off-by: Daniele Palmas <dnlplm@gmail.com>
+Acked-by: Bjørn Mork <bjorn@mork.no>
+Link: https://lore.kernel.org/r/20201102110108.17244-1-dnlplm@gmail.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/usb/qmi_wwan.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/net/usb/qmi_wwan.c
++++ b/drivers/net/usb/qmi_wwan.c
+@@ -1331,6 +1331,7 @@ static const struct usb_device_id produc
+ {QMI_FIXED_INTF(0x1bc7, 0x1101, 3)}, /* Telit ME910 dual modem */
+ {QMI_FIXED_INTF(0x1bc7, 0x1200, 5)}, /* Telit LE920 */
+ {QMI_QUIRK_SET_DTR(0x1bc7, 0x1201, 2)}, /* Telit LE920, LE920A4 */
++ {QMI_QUIRK_SET_DTR(0x1bc7, 0x1230, 2)}, /* Telit LE910Cx */
+ {QMI_QUIRK_SET_DTR(0x1bc7, 0x1260, 2)}, /* Telit LE910Cx */
+ {QMI_QUIRK_SET_DTR(0x1bc7, 0x1261, 2)}, /* Telit LE910Cx */
+ {QMI_QUIRK_SET_DTR(0x1bc7, 0x1900, 1)}, /* Telit LN940 series */
--- /dev/null
+From foo@baz Sat Nov 7 11:46:48 AM CET 2020
+From: Sukadev Bhattiprolu <sukadev@linux.ibm.com>
+Date: Fri, 30 Oct 2020 10:07:11 -0700
+Subject: [PATCH stable 5.9 12/20] powerpc/vnic: Extend "failover pending" window
+
+From: Sukadev Bhattiprolu <sukadev@linux.ibm.com>
+
+[ Upstream commit 1d8504937478fdc2f3ef2174a816fd3302eca882 ]
+
+Commit 5a18e1e0c193b introduced the 'failover_pending' state to track
+the "failover pending window" - where we wait for the partner to become
+ready (after a transport event) before actually attempting to failover.
+i.e window is between following two events:
+
+ a. we get a transport event due to a FAILOVER
+
+ b. later, we get CRQ_INITIALIZED indicating the partner is
+ ready at which point we schedule a FAILOVER reset.
+
+and ->failover_pending is true during this window.
+
+If during this window, we attempt to open (or close) a device, we pretend
+that the operation succeded and let the FAILOVER reset path complete the
+operation.
+
+This is fine, except if the transport event ("a" above) occurs during the
+open and after open has already checked whether a failover is pending. If
+that happens, we fail the open, which can cause the boot scripts to leave
+the interface down requiring administrator to manually bring up the device.
+
+This fix "extends" the failover pending window till we are _actually_
+ready to perform the failover reset (i.e until after we get the RTNL
+lock). Since open() holds the RTNL lock, we can be sure that we either
+finish the open or if the open() fails due to the failover pending window,
+we can again pretend that open is done and let the failover complete it.
+
+We could try and block the open until failover is completed but a) that
+could still timeout the application and b) Existing code "pretends" that
+failover occurred "just after" open succeeded, so marks the open successful
+and lets the failover complete the open. So, mark the open successful even
+if the transport event occurs before we actually start the open.
+
+Fixes: 5a18e1e0c193 ("ibmvnic: Fix failover case for non-redundant configuration")
+Signed-off-by: Sukadev Bhattiprolu <sukadev@linux.ibm.com>
+Acked-by: Dany Madden <drt@linux.ibm.com>
+Link: https://lore.kernel.org/r/20201030170711.1562994-1-sukadev@linux.ibm.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/ibm/ibmvnic.c | 36 ++++++++++++++++++++++++++++++++----
+ 1 file changed, 32 insertions(+), 4 deletions(-)
+
+--- a/drivers/net/ethernet/ibm/ibmvnic.c
++++ b/drivers/net/ethernet/ibm/ibmvnic.c
+@@ -1109,18 +1109,27 @@ static int ibmvnic_open(struct net_devic
+ if (adapter->state != VNIC_CLOSED) {
+ rc = ibmvnic_login(netdev);
+ if (rc)
+- return rc;
++ goto out;
+
+ rc = init_resources(adapter);
+ if (rc) {
+ netdev_err(netdev, "failed to initialize resources\n");
+ release_resources(adapter);
+- return rc;
++ goto out;
+ }
+ }
+
+ rc = __ibmvnic_open(netdev);
+
++out:
++ /*
++ * If open fails due to a pending failover, set device state and
++ * return. Device operation will be handled by reset routine.
++ */
++ if (rc && adapter->failover_pending) {
++ adapter->state = VNIC_OPEN;
++ rc = 0;
++ }
+ return rc;
+ }
+
+@@ -1842,6 +1851,13 @@ static int do_reset(struct ibmvnic_adapt
+ rwi->reset_reason);
+
+ rtnl_lock();
++ /*
++ * Now that we have the rtnl lock, clear any pending failover.
++ * This will ensure ibmvnic_open() has either completed or will
++ * block until failover is complete.
++ */
++ if (rwi->reset_reason == VNIC_RESET_FAILOVER)
++ adapter->failover_pending = false;
+
+ netif_carrier_off(netdev);
+ adapter->reset_reason = rwi->reset_reason;
+@@ -2112,6 +2128,13 @@ static void __ibmvnic_reset(struct work_
+ /* CHANGE_PARAM requestor holds rtnl_lock */
+ rc = do_change_param_reset(adapter, rwi, reset_state);
+ } else if (adapter->force_reset_recovery) {
++ /*
++ * Since we are doing a hard reset now, clear the
++ * failover_pending flag so we don't ignore any
++ * future MOBILITY or other resets.
++ */
++ adapter->failover_pending = false;
++
+ /* Transport event occurred during previous reset */
+ if (adapter->wait_for_reset) {
+ /* Previous was CHANGE_PARAM; caller locked */
+@@ -2176,9 +2199,15 @@ static int ibmvnic_reset(struct ibmvnic_
+ unsigned long flags;
+ int ret;
+
++ /*
++ * If failover is pending don't schedule any other reset.
++ * Instead let the failover complete. If there is already a
++ * a failover reset scheduled, we will detect and drop the
++ * duplicate reset when walking the ->rwi_list below.
++ */
+ if (adapter->state == VNIC_REMOVING ||
+ adapter->state == VNIC_REMOVED ||
+- adapter->failover_pending) {
++ (adapter->failover_pending && reason != VNIC_RESET_FAILOVER)) {
+ ret = EBUSY;
+ netdev_dbg(netdev, "Adapter removing or pending failover, skipping reset\n");
+ goto err;
+@@ -4532,7 +4561,6 @@ static void ibmvnic_handle_crq(union ibm
+ case IBMVNIC_CRQ_INIT:
+ dev_info(dev, "Partner initialized\n");
+ adapter->from_passive_init = true;
+- adapter->failover_pending = false;
+ if (!completion_done(&adapter->init_done)) {
+ complete(&adapter->init_done);
+ adapter->init_done_rc = -EIO;
--- /dev/null
+From foo@baz Sat Nov 7 11:46:48 AM CET 2020
+From: Petr Malat <oss@malat.biz>
+Date: Fri, 30 Oct 2020 14:26:33 +0100
+Subject: [PATCH stable 5.9 13/20] sctp: Fix COMM_LOST/CANT_STR_ASSOC err reporting on big-endian platforms
+
+From: Petr Malat <oss@malat.biz>
+
+[ Upstream commit b6df8c81412190fbd5eaa3cec7f642142d9c16cd ]
+
+Commit 978aa0474115 ("sctp: fix some type cast warnings introduced since
+very beginning")' broke err reading from sctp_arg, because it reads the
+value as 32-bit integer, although the value is stored as 16-bit integer.
+Later this value is passed to the userspace in 16-bit variable, thus the
+user always gets 0 on big-endian platforms. Fix it by reading the __u16
+field of sctp_arg union, as reading err field would produce a sparse
+warning.
+
+Fixes: 978aa0474115 ("sctp: fix some type cast warnings introduced since very beginning")
+Signed-off-by: Petr Malat <oss@malat.biz>
+Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
+Link: https://lore.kernel.org/r/20201030132633.7045-1-oss@malat.biz
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/sctp/sm_sideeffect.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/net/sctp/sm_sideeffect.c
++++ b/net/sctp/sm_sideeffect.c
+@@ -1600,12 +1600,12 @@ static int sctp_cmd_interpreter(enum sct
+ break;
+
+ case SCTP_CMD_INIT_FAILED:
+- sctp_cmd_init_failed(commands, asoc, cmd->obj.u32);
++ sctp_cmd_init_failed(commands, asoc, cmd->obj.u16);
+ break;
+
+ case SCTP_CMD_ASSOC_FAILED:
+ sctp_cmd_assoc_failed(commands, asoc, event_type,
+- subtype, chunk, cmd->obj.u32);
++ subtype, chunk, cmd->obj.u16);
+ break;
+
+ case SCTP_CMD_INIT_COUNTER_INC:
arm64-change-.weak-to-sym_func_start_weak_pi-for-arch-arm64-lib-mem-.s.patch
tipc-fix-use-after-free-in-tipc_bcast_get_mode.patch
ptrace-fix-task_join_group_stop-for-the-case-when-current-is-traced.patch
+cadence-force-nonlinear-buffers-to-be-cloned.patch
+chelsio-chtls-fix-memory-leaks-caused-by-a-race.patch
+chelsio-chtls-fix-always-leaking-ctrl_skb.patch
+gianfar-replace-skb_realloc_headroom-with-skb_cow_head-for-ptp.patch
+gianfar-account-for-tx-ptp-timestamp-in-the-skb-headroom.patch
+ionic-check-port-ptr-before-use.patch
+ip_tunnel-fix-over-mtu-packet-send-fail-without-tunnel_dont_fragment-flags.patch
+net-usb-qmi_wwan-add-telit-le910cx-0x1230-composition.patch
+powerpc-vnic-extend-failover-pending-window.patch
+sctp-fix-comm_lost-cant_str_assoc-err-reporting-on-big-endian-platforms.patch
+sfp-fix-error-handing-in-sfp_probe.patch
--- /dev/null
+From foo@baz Sat Nov 7 11:46:48 AM CET 2020
+From: YueHaibing <yuehaibing@huawei.com>
+Date: Sat, 31 Oct 2020 11:10:53 +0800
+Subject: [PATCH stable 5.9 14/20] sfp: Fix error handing in sfp_probe()
+
+From: YueHaibing <yuehaibing@huawei.com>
+
+[ Upstream commit 9621618130bf7e83635367c13b9a6ee53935bb37 ]
+
+gpiod_to_irq() never return 0, but returns negative in
+case of error, check it and set gpio_irq to 0.
+
+Fixes: 73970055450e ("sfp: add SFP module support")
+Signed-off-by: YueHaibing <yuehaibing@huawei.com>
+Reviewed-by: Andrew Lunn <andrew@lunn.ch>
+Link: https://lore.kernel.org/r/20201031031053.25264-1-yuehaibing@huawei.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/phy/sfp.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/net/phy/sfp.c
++++ b/drivers/net/phy/sfp.c
+@@ -1970,7 +1970,8 @@ static int sfp_probe(struct platform_dev
+ continue;
+
+ sfp->gpio_irq[i] = gpiod_to_irq(sfp->gpio[i]);
+- if (!sfp->gpio_irq[i]) {
++ if (sfp->gpio_irq[i] < 0) {
++ sfp->gpio_irq[i] = 0;
+ poll = true;
+ continue;
+ }
projects / thirdparty / kernel / stable-queue.git / commitdiff
