--- /dev/null
+From foo@baz Sat Nov 7 11:45:25 AM CET 2020
+From: Mark Deneen <mdeneen@saucontech.com>
+Date: Fri, 30 Oct 2020 15:58:14 +0000
+Subject: [PATCH stable 5.9 01/20] cadence: force nonlinear buffers to be cloned
+
+From: Mark Deneen <mdeneen@saucontech.com>
+
+[ Upstream commit 403dc16796f5516acf23d94a1cd9eba564d03210 ]
+
+In my test setup, I had a SAMA5D27 device configured with ip forwarding, and
+second device with usb ethernet (r8152) sending ICMP packets. If the packet
+was larger than about 220 bytes, the SAMA5 device would "oops" with the
+following trace:
+
+kernel BUG at net/core/skbuff.c:1863!
+Internal error: Oops - BUG: 0 [#1] ARM
+Modules linked in: xt_MASQUERADE ppp_async ppp_generic slhc iptable_nat xt_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 can_raw can bridge stp llc ipt_REJECT nf_reject_ipv4 sd_mod cdc_ether usbnet usb_storage r8152 scsi_mod mii o
+ption usb_wwan usbserial micrel macb at91_sama5d2_adc phylink gpio_sama5d2_piobu m_can_platform m_can industrialio_triggered_buffer kfifo_buf of_mdio can_dev fixed_phy sdhci_of_at91 sdhci_pltfm libphy sdhci mmc_core ohci_at91 ehci_atmel o
+hci_hcd iio_rescale industrialio sch_fq_codel spidev prox2_hal(O)
+CPU: 0 PID: 0 Comm: swapper Tainted: G O 5.9.1-prox2+ #1
+Hardware name: Atmel SAMA5
+PC is at skb_put+0x3c/0x50
+LR is at macb_start_xmit+0x134/0xad0 [macb]
+pc : [<c05258cc>] lr : [<bf0ea5b8>] psr: 20070113
+sp : c0d01a60 ip : c07232c0 fp : c4250000
+r10: c0d03cc8 r9 : 00000000 r8 : c0d038c0
+r7 : 00000000 r6 : 00000008 r5 : c59b66c0 r4 : 0000002a
+r3 : 8f659eff r2 : c59e9eea r1 : 00000001 r0 : c59b66c0
+Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none
+Control: 10c53c7d Table: 2640c059 DAC: 00000051
+Process swapper (pid: 0, stack limit = 0x75002d81)
+
+<snipped stack>
+
+[<c05258cc>] (skb_put) from [<bf0ea5b8>] (macb_start_xmit+0x134/0xad0 [macb])
+[<bf0ea5b8>] (macb_start_xmit [macb]) from [<c053e504>] (dev_hard_start_xmit+0x90/0x11c)
+[<c053e504>] (dev_hard_start_xmit) from [<c0571180>] (sch_direct_xmit+0x124/0x260)
+[<c0571180>] (sch_direct_xmit) from [<c053eae4>] (__dev_queue_xmit+0x4b0/0x6d0)
+[<c053eae4>] (__dev_queue_xmit) from [<c05a5650>] (ip_finish_output2+0x350/0x580)
+[<c05a5650>] (ip_finish_output2) from [<c05a7e24>] (ip_output+0xb4/0x13c)
+[<c05a7e24>] (ip_output) from [<c05a39d0>] (ip_forward+0x474/0x500)
+[<c05a39d0>] (ip_forward) from [<c05a13d8>] (ip_sublist_rcv_finish+0x3c/0x50)
+[<c05a13d8>] (ip_sublist_rcv_finish) from [<c05a19b8>] (ip_sublist_rcv+0x11c/0x188)
+[<c05a19b8>] (ip_sublist_rcv) from [<c05a2494>] (ip_list_rcv+0xf8/0x124)
+[<c05a2494>] (ip_list_rcv) from [<c05403c4>] (__netif_receive_skb_list_core+0x1a0/0x20c)
+[<c05403c4>] (__netif_receive_skb_list_core) from [<c05405c4>] (netif_receive_skb_list_internal+0x194/0x230)
+[<c05405c4>] (netif_receive_skb_list_internal) from [<c0540684>] (gro_normal_list.part.0+0x14/0x28)
+[<c0540684>] (gro_normal_list.part.0) from [<c0541280>] (napi_complete_done+0x16c/0x210)
+[<c0541280>] (napi_complete_done) from [<bf14c1c0>] (r8152_poll+0x684/0x708 [r8152])
+[<bf14c1c0>] (r8152_poll [r8152]) from [<c0541424>] (net_rx_action+0x100/0x328)
+[<c0541424>] (net_rx_action) from [<c01012ec>] (__do_softirq+0xec/0x274)
+[<c01012ec>] (__do_softirq) from [<c012d6d4>] (irq_exit+0xcc/0xd0)
+[<c012d6d4>] (irq_exit) from [<c0160960>] (__handle_domain_irq+0x58/0xa4)
+[<c0160960>] (__handle_domain_irq) from [<c0100b0c>] (__irq_svc+0x6c/0x90)
+Exception stack(0xc0d01ef0 to 0xc0d01f38)
+1ee0: 00000000 0000003d 0c31f383 c0d0fa00
+1f00: c0d2eb80 00000000 c0d2e630 4dad8c49 4da967b0 0000003d 0000003d 00000000
+1f20: fffffff5 c0d01f40 c04e0f88 c04e0f8c 30070013 ffffffff
+[<c0100b0c>] (__irq_svc) from [<c04e0f8c>] (cpuidle_enter_state+0x7c/0x378)
+[<c04e0f8c>] (cpuidle_enter_state) from [<c04e12c4>] (cpuidle_enter+0x28/0x38)
+[<c04e12c4>] (cpuidle_enter) from [<c014f710>] (do_idle+0x194/0x214)
+[<c014f710>] (do_idle) from [<c014fa50>] (cpu_startup_entry+0xc/0x14)
+[<c014fa50>] (cpu_startup_entry) from [<c0a00dc8>] (start_kernel+0x46c/0x4a0)
+Code: e580c054 8a000002 e1a00002 e8bd8070 (e7f001f2)
+---[ end trace 146c8a334115490c ]---
+
+The solution was to force nonlinear buffers to be cloned. This was previously
+reported by Klaus Doth (https://www.spinics.net/lists/netdev/msg556937.html)
+but never formally submitted as a patch.
+
+This is the third revision, hopefully the formatting is correct this time!
+
+Suggested-by: Klaus Doth <krnl@doth.eu>
+Fixes: 653e92a9175e ("net: macb: add support for padding and fcs computation")
+Signed-off-by: Mark Deneen <mdeneen@saucontech.com>
+Link: https://lore.kernel.org/r/20201030155814.622831-1-mdeneen@saucontech.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/cadence/macb_main.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/net/ethernet/cadence/macb_main.c
++++ b/drivers/net/ethernet/cadence/macb_main.c
+@@ -1930,7 +1930,8 @@ static inline int macb_clear_csum(struct
+
+ static int macb_pad_and_fcs(struct sk_buff **skb, struct net_device *ndev)
+ {
+- bool cloned = skb_cloned(*skb) || skb_header_cloned(*skb);
++ bool cloned = skb_cloned(*skb) || skb_header_cloned(*skb) ||
++ skb_is_nonlinear(*skb);
+ int padlen = ETH_ZLEN - (*skb)->len;
+ int headroom = skb_headroom(*skb);
+ int tailroom = skb_tailroom(*skb);
--- /dev/null
+From foo@baz Sat Nov 7 11:45:25 AM CET 2020
+From: Vinay Kumar Yadav <vinay.yadav@chelsio.com>
+Date: Mon, 2 Nov 2020 23:09:10 +0530
+Subject: [PATCH stable 5.9 03/20] chelsio/chtls: fix always leaking ctrl_skb
+
+From: Vinay Kumar Yadav <vinay.yadav@chelsio.com>
+
+[ Upstream commit dbfe394dad33f99cf8458be50483ec40a5d29c34 ]
+
+Correct skb refcount in alloc_ctrl_skb(), causing skb memleak
+when chtls_send_abort() called with NULL skb.
+it was always leaking the skb, correct it by incrementing skb
+refs by one.
+
+Fixes: cc35c88ae4db ("crypto : chtls - CPL handler definition")
+Signed-off-by: Vinay Kumar Yadav <vinay.yadav@chelsio.com>
+Link: https://lore.kernel.org/r/20201102173909.24826-1-vinay.yadav@chelsio.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/crypto/chelsio/chtls/chtls_cm.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/crypto/chelsio/chtls/chtls_cm.c
++++ b/drivers/crypto/chelsio/chtls/chtls_cm.c
+@@ -212,7 +212,7 @@ static struct sk_buff *alloc_ctrl_skb(st
+ {
+ if (likely(skb && !skb_shared(skb) && !skb_cloned(skb))) {
+ __skb_trim(skb, 0);
+- refcount_add(2, &skb->users);
++ refcount_inc(&skb->users);
+ } else {
+ skb = alloc_skb(len, GFP_KERNEL | __GFP_NOFAIL);
+ }
--- /dev/null
+From foo@baz Sat Nov 7 11:45:25 AM CET 2020
+From: Vinay Kumar Yadav <vinay.yadav@chelsio.com>
+Date: Mon, 2 Nov 2020 23:06:51 +0530
+Subject: [PATCH stable 5.9 02/20] chelsio/chtls: fix memory leaks caused by a race
+
+From: Vinay Kumar Yadav <vinay.yadav@chelsio.com>
+
+[ Upstream commit 8080b462b6aa856ae05ea010441a702599e579f2 ]
+
+race between user context and softirq causing memleak,
+consider the call sequence scenario
+
+chtls_setkey() //user context
+chtls_peer_close()
+chtls_abort_req_rss()
+chtls_setkey() //user context
+
+work request skb queued in chtls_setkey() won't be freed
+because resources are already cleaned for this connection,
+fix it by not queuing work request while socket is closing.
+
+v1->v2:
+- fix W=1 warning.
+
+v2->v3:
+- separate it out from another memleak fix.
+
+Fixes: cc35c88ae4db ("crypto : chtls - CPL handler definition")
+Signed-off-by: Vinay Kumar Yadav <vinay.yadav@chelsio.com>
+Link: https://lore.kernel.org/r/20201102173650.24754-1-vinay.yadav@chelsio.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/crypto/chelsio/chtls/chtls_hw.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/drivers/crypto/chelsio/chtls/chtls_hw.c
++++ b/drivers/crypto/chelsio/chtls/chtls_hw.c
+@@ -383,6 +383,9 @@ int chtls_setkey(struct chtls_sock *csk,
+ if (ret)
+ goto out_notcb;
+
++ if (unlikely(csk_flag(sk, CSK_ABORT_SHUTDOWN)))
++ goto out_notcb;
++
+ set_wr_txq(skb, CPL_PRIORITY_DATA, csk->tlshws.txqid);
+ csk->wr_credits -= DIV_ROUND_UP(len, 16);
+ csk->wr_unacked += DIV_ROUND_UP(len, 16);
--- /dev/null
+From foo@baz Sat Nov 7 11:45:25 AM CET 2020
+From: Camelia Groza <camelia.groza@nxp.com>
+Date: Mon, 2 Nov 2020 20:34:36 +0200
+Subject: [PATCH stable 5.9 05/20] dpaa_eth: fix the RX headroom size alignment
+
+From: Camelia Groza <camelia.groza@nxp.com>
+
+[ Upstream commit 7834e494f42627769d3f965d5d203e9c6ddb8403 ]
+
+The headroom reserved for received frames needs to be aligned to an
+RX specific value. There is currently a discrepancy between the values
+used in the Ethernet driver and the values passed to the FMan.
+Coincidentally, the resulting aligned values are identical.
+
+Fixes: 3c68b8fffb48 ("dpaa_eth: FMan erratum A050385 workaround")
+Acked-by: Willem de Bruijn <willemb@google.com>
+Signed-off-by: Camelia Groza <camelia.groza@nxp.com>
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 14 +++++++++-----
+ 1 file changed, 9 insertions(+), 5 deletions(-)
+
+--- a/drivers/net/ethernet/freescale/dpaa/dpaa_eth.c
++++ b/drivers/net/ethernet/freescale/dpaa/dpaa_eth.c
+@@ -2845,7 +2845,8 @@ out_error:
+ return err;
+ }
+
+-static inline u16 dpaa_get_headroom(struct dpaa_buffer_layout *bl)
++static u16 dpaa_get_headroom(struct dpaa_buffer_layout *bl,
++ enum port_type port)
+ {
+ u16 headroom;
+
+@@ -2859,9 +2860,12 @@ static inline u16 dpaa_get_headroom(stru
+ *
+ * Also make sure the headroom is a multiple of data_align bytes
+ */
+- headroom = (u16)(bl->priv_data_size + DPAA_HWA_SIZE);
++ headroom = (u16)(bl[port].priv_data_size + DPAA_HWA_SIZE);
+
+- return ALIGN(headroom, DPAA_FD_DATA_ALIGNMENT);
++ if (port == RX)
++ return ALIGN(headroom, DPAA_FD_RX_DATA_ALIGNMENT);
++ else
++ return ALIGN(headroom, DPAA_FD_DATA_ALIGNMENT);
+ }
+
+ static int dpaa_eth_probe(struct platform_device *pdev)
+@@ -3029,8 +3033,8 @@ static int dpaa_eth_probe(struct platfor
+ goto free_dpaa_fqs;
+ }
+
+- priv->tx_headroom = dpaa_get_headroom(&priv->buf_layout[TX]);
+- priv->rx_headroom = dpaa_get_headroom(&priv->buf_layout[RX]);
++ priv->tx_headroom = dpaa_get_headroom(priv->buf_layout, TX);
++ priv->rx_headroom = dpaa_get_headroom(priv->buf_layout, RX);
+
+ /* All real interfaces need their ports initialized */
+ err = dpaa_eth_init_ports(mac_dev, dpaa_bp, &port_fqs,
--- /dev/null
+From foo@baz Sat Nov 7 11:45:25 AM CET 2020
+From: Camelia Groza <camelia.groza@nxp.com>
+Date: Mon, 2 Nov 2020 20:34:35 +0200
+Subject: [PATCH stable 5.9 04/20] dpaa_eth: update the buffer layout for non-A050385 erratum scenarios
+
+From: Camelia Groza <camelia.groza@nxp.com>
+
+[ Upstream commit acef159a0cb2a978d62b641e2366a33ad1d5afef ]
+
+Impose a larger RX private data area only when the A050385 erratum is
+present on the hardware. A smaller buffer size is sufficient in all
+other scenarios. This enables a wider range of linear Jumbo frame
+sizes in non-erratum scenarios, instead of turning to multi
+buffer Scatter/Gather frames. The maximum linear frame size is
+increased by 128 bytes for non-erratum arm64 platforms.
+
+Cleanup the hardware annotations header defines in the process.
+
+Fixes: 3c68b8fffb48 ("dpaa_eth: FMan erratum A050385 workaround")
+Signed-off-by: Camelia Groza <camelia.groza@nxp.com>
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 16 ++++++++++------
+ 1 file changed, 10 insertions(+), 6 deletions(-)
+
+--- a/drivers/net/ethernet/freescale/dpaa/dpaa_eth.c
++++ b/drivers/net/ethernet/freescale/dpaa/dpaa_eth.c
+@@ -174,12 +174,17 @@ MODULE_PARM_DESC(tx_timeout, "The Tx tim
+ #define DPAA_PARSE_RESULTS_SIZE sizeof(struct fman_prs_result)
+ #define DPAA_TIME_STAMP_SIZE 8
+ #define DPAA_HASH_RESULTS_SIZE 8
++#define DPAA_HWA_SIZE (DPAA_PARSE_RESULTS_SIZE + DPAA_TIME_STAMP_SIZE \
++ + DPAA_HASH_RESULTS_SIZE)
++#define DPAA_RX_PRIV_DATA_DEFAULT_SIZE (DPAA_TX_PRIV_DATA_SIZE + \
++ dpaa_rx_extra_headroom)
+ #ifdef CONFIG_DPAA_ERRATUM_A050385
+-#define DPAA_RX_PRIV_DATA_SIZE (DPAA_A050385_ALIGN - (DPAA_PARSE_RESULTS_SIZE\
+- + DPAA_TIME_STAMP_SIZE + DPAA_HASH_RESULTS_SIZE))
++#define DPAA_RX_PRIV_DATA_A050385_SIZE (DPAA_A050385_ALIGN - DPAA_HWA_SIZE)
++#define DPAA_RX_PRIV_DATA_SIZE (fman_has_errata_a050385() ? \
++ DPAA_RX_PRIV_DATA_A050385_SIZE : \
++ DPAA_RX_PRIV_DATA_DEFAULT_SIZE)
+ #else
+-#define DPAA_RX_PRIV_DATA_SIZE (u16)(DPAA_TX_PRIV_DATA_SIZE + \
+- dpaa_rx_extra_headroom)
++#define DPAA_RX_PRIV_DATA_SIZE DPAA_RX_PRIV_DATA_DEFAULT_SIZE
+ #endif
+
+ #define DPAA_ETH_PCD_RXQ_NUM 128
+@@ -2854,8 +2859,7 @@ static inline u16 dpaa_get_headroom(stru
+ *
+ * Also make sure the headroom is a multiple of data_align bytes
+ */
+- headroom = (u16)(bl->priv_data_size + DPAA_PARSE_RESULTS_SIZE +
+- DPAA_TIME_STAMP_SIZE + DPAA_HASH_RESULTS_SIZE);
++ headroom = (u16)(bl->priv_data_size + DPAA_HWA_SIZE);
+
+ return ALIGN(headroom, DPAA_FD_DATA_ALIGNMENT);
+ }
--- /dev/null
+From foo@baz Sat Nov 7 11:45:25 AM CET 2020
+From: Claudiu Manoil <claudiu.manoil@nxp.com>
+Date: Tue, 20 Oct 2020 20:36:05 +0300
+Subject: [PATCH stable 5.9 07/20] gianfar: Account for Tx PTP timestamp in the skb headroom
+
+From: Claudiu Manoil <claudiu.manoil@nxp.com>
+
+[ Upstream commit d6a076d68c6b5d6a5800f3990a513facb7016dea ]
+
+When PTP timestamping is enabled on Tx, the controller
+inserts the Tx timestamp at the beginning of the frame
+buffer, between SFD and the L2 frame header. This means
+that the skb provided by the stack is required to have
+enough headroom otherwise a new skb needs to be created
+by the driver to accommodate the timestamp inserted by h/w.
+Up until now the driver was relying on the second option,
+using skb_realloc_headroom() to create a new skb to accommodate
+PTP frames. Turns out that this method is not reliable, as
+reallocation of skbs for PTP frames along with the required
+overhead (skb_set_owner_w, consume_skb) is causing random
+crashes in subsequent skb_*() calls, when multiple concurrent
+TCP streams are run at the same time on the same device
+(as seen in James' report).
+Note that these crashes don't occur with a single TCP stream,
+nor with multiple concurrent UDP streams, but only when multiple
+TCP streams are run concurrently with the PTP packet flow
+(doing skb reallocation).
+This patch enforces the first method, by requesting enough
+headroom from the stack to accommodate PTP frames, and so avoiding
+skb_realloc_headroom() & co, and the crashes no longer occur.
+There's no reason not to set needed_headroom to a large enough
+value to accommodate PTP frames, so in this regard this patch
+is a fix.
+
+Reported-by: James Jurack <james.jurack@ametek.com>
+Fixes: bee9e58c9e98 ("gianfar:don't add FCB length to hard_header_len")
+Signed-off-by: Claudiu Manoil <claudiu.manoil@nxp.com>
+Link: https://lore.kernel.org/r/20201020173605.1173-1-claudiu.manoil@nxp.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/freescale/gianfar.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/net/ethernet/freescale/gianfar.c
++++ b/drivers/net/ethernet/freescale/gianfar.c
+@@ -3372,7 +3372,7 @@ static int gfar_probe(struct platform_de
+
+ if (dev->features & NETIF_F_IP_CSUM ||
+ priv->device_flags & FSL_GIANFAR_DEV_HAS_TIMER)
+- dev->needed_headroom = GMAC_FCB_LEN;
++ dev->needed_headroom = GMAC_FCB_LEN + GMAC_TXPAL_LEN;
+
+ /* Initializing some of the rx/tx queue level parameters */
+ for (i = 0; i < priv->num_tx_queues; i++) {
--- /dev/null
+From foo@baz Sat Nov 7 11:45:25 AM CET 2020
+From: Claudiu Manoil <claudiu.manoil@nxp.com>
+Date: Thu, 29 Oct 2020 10:10:56 +0200
+Subject: [PATCH stable 5.9 06/20] gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP
+
+From: Claudiu Manoil <claudiu.manoil@nxp.com>
+
+[ Upstream commit d145c9031325fed963a887851d9fa42516efd52b ]
+
+When PTP timestamping is enabled on Tx, the controller
+inserts the Tx timestamp at the beginning of the frame
+buffer, between SFD and the L2 frame header. This means
+that the skb provided by the stack is required to have
+enough headroom otherwise a new skb needs to be created
+by the driver to accommodate the timestamp inserted by h/w.
+Up until now the driver was relying on skb_realloc_headroom()
+to create new skbs to accommodate PTP frames. Turns out that
+this method is not reliable in this context at least, as
+skb_realloc_headroom() for PTP frames can cause random crashes,
+mostly in subsequent skb_*() calls, when multiple concurrent
+TCP streams are run at the same time with the PTP flow
+on the same device (as seen in James' report). I also noticed
+that when the system is loaded by sending multiple TCP streams,
+the driver receives cloned skbs in large numbers.
+skb_cow_head() instead proves to be stable in this scenario,
+and not only handles cloned skbs too but it's also more efficient
+and widely used in other drivers.
+The commit introducing skb_realloc_headroom in the driver
+goes back to 2009, commit 93c1285c5d92
+("gianfar: reallocate skb when headroom is not enough for fcb").
+For practical purposes I'm referencing a newer commit (from 2012)
+that brings the code to its current structure (and fixes the PTP
+case).
+
+Fixes: 9c4886e5e63b ("gianfar: Fix invalid TX frames returned on error queue when time stamping")
+Reported-by: James Jurack <james.jurack@ametek.com>
+Suggested-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Claudiu Manoil <claudiu.manoil@nxp.com>
+Link: https://lore.kernel.org/r/20201029081057.8506-1-claudiu.manoil@nxp.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/freescale/gianfar.c | 12 ++----------
+ 1 file changed, 2 insertions(+), 10 deletions(-)
+
+--- a/drivers/net/ethernet/freescale/gianfar.c
++++ b/drivers/net/ethernet/freescale/gianfar.c
+@@ -1829,20 +1829,12 @@ static netdev_tx_t gfar_start_xmit(struc
+ fcb_len = GMAC_FCB_LEN + GMAC_TXPAL_LEN;
+
+ /* make space for additional header when fcb is needed */
+- if (fcb_len && unlikely(skb_headroom(skb) < fcb_len)) {
+- struct sk_buff *skb_new;
+-
+- skb_new = skb_realloc_headroom(skb, fcb_len);
+- if (!skb_new) {
++ if (fcb_len) {
++ if (unlikely(skb_cow_head(skb, fcb_len))) {
+ dev->stats.tx_errors++;
+ dev_kfree_skb_any(skb);
+ return NETDEV_TX_OK;
+ }
+-
+- if (skb->sk)
+- skb_set_owner_w(skb_new, skb->sk);
+- dev_consume_skb_any(skb);
+- skb = skb_new;
+ }
+
+ /* total number of fragments in the SKB */
--- /dev/null
+From foo@baz Sat Nov 7 11:45:25 AM CET 2020
+From: Shannon Nelson <snelson@pensando.io>
+Date: Wed, 4 Nov 2020 11:56:06 -0800
+Subject: [PATCH stable 5.9 08/20] ionic: check port ptr before use
+
+From: Shannon Nelson <snelson@pensando.io>
+
+[ Upstream commit 2bcbf42add911ef63a6d90e92001dc2bcb053e68 ]
+
+Check for corner case of port_init failure before using
+the port_info pointer.
+
+Fixes: 4d03e00a2140 ("ionic: Add initial ethtool support")
+Signed-off-by: Shannon Nelson <snelson@pensando.io>
+Link: https://lore.kernel.org/r/20201104195606.61184-1-snelson@pensando.io
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/pensando/ionic/ionic_ethtool.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/drivers/net/ethernet/pensando/ionic/ionic_ethtool.c
++++ b/drivers/net/ethernet/pensando/ionic/ionic_ethtool.c
+@@ -126,6 +126,11 @@ static int ionic_get_link_ksettings(stru
+
+ ethtool_link_ksettings_zero_link_mode(ks, supported);
+
++ if (!idev->port_info) {
++ netdev_err(netdev, "port_info not initialized\n");
++ return -EOPNOTSUPP;
++ }
++
+ /* The port_info data is found in a DMA space that the NIC keeps
+ * up-to-date, so there's no need to request the data from the
+ * NIC, we already have it in our memory space.
--- /dev/null
+From foo@baz Sat Nov 7 11:45:25 AM CET 2020
+From: Alexander Ovechkin <ovov@yandex-team.ru>
+Date: Thu, 29 Oct 2020 20:10:12 +0300
+Subject: [PATCH stable 5.9 15/20] ip6_tunnel: set inner ipproto before ip6_tnl_encap
+
+From: Alexander Ovechkin <ovov@yandex-team.ru>
+
+[ Upstream commit 9e7c5b396e98eed859d3dd1ab235912a296faab5 ]
+
+ip6_tnl_encap assigns to proto transport protocol which
+encapsulates inner packet, but we must pass to set_inner_ipproto
+protocol of that inner packet.
+
+Calling set_inner_ipproto after ip6_tnl_encap might break gso.
+For example, in case of encapsulating ipv6 packet in fou6 packet, inner_ipproto
+would be set to IPPROTO_UDP instead of IPPROTO_IPV6. This would lead to
+incorrect calling sequence of gso functions:
+ipv6_gso_segment -> udp6_ufo_fragment -> skb_udp_tunnel_segment -> udp6_ufo_fragment
+instead of:
+ipv6_gso_segment -> udp6_ufo_fragment -> skb_udp_tunnel_segment -> ip6ip6_gso_segment
+
+Fixes: 6c11fbf97e69 ("ip6_tunnel: add MPLS transmit support")
+Signed-off-by: Alexander Ovechkin <ovov@yandex-team.ru>
+Link: https://lore.kernel.org/r/20201029171012.20904-1-ovov@yandex-team.ru
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv6/ip6_tunnel.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/net/ipv6/ip6_tunnel.c
++++ b/net/ipv6/ip6_tunnel.c
+@@ -1271,6 +1271,8 @@ route_lookup:
+ if (max_headroom > dev->needed_headroom)
+ dev->needed_headroom = max_headroom;
+
++ skb_set_inner_ipproto(skb, proto);
++
+ err = ip6_tnl_encap(skb, t, &proto, fl6);
+ if (err)
+ return err;
+@@ -1280,8 +1282,6 @@ route_lookup:
+ ipv6_push_frag_opts(skb, &opt.ops, &proto);
+ }
+
+- skb_set_inner_ipproto(skb, proto);
+-
+ skb_push(skb, sizeof(struct ipv6hdr));
+ skb_reset_network_header(skb);
+ ipv6h = ipv6_hdr(skb);
--- /dev/null
+From foo@baz Sat Nov 7 11:45:25 AM CET 2020
+From: wenxu <wenxu@ucloud.cn>
+Date: Fri, 30 Oct 2020 11:32:08 +0800
+Subject: [PATCH stable 5.9 09/20] ip_tunnel: fix over-mtu packet send fail without TUNNEL_DONT_FRAGMENT flags
+
+From: wenxu <wenxu@ucloud.cn>
+
+[ Upstream commit 20149e9eb68c003eaa09e7c9a49023df40779552 ]
+
+The tunnel device such as vxlan, bareudp and geneve in the lwt mode set
+the outer df only based TUNNEL_DONT_FRAGMENT.
+And this was also the behavior for gre device before switching to use
+ip_md_tunnel_xmit in commit 962924fa2b7a ("ip_gre: Refactor collect
+metatdata mode tunnel xmit to ip_md_tunnel_xmit")
+
+When the ip_gre in lwt mode xmit with ip_md_tunnel_xmi changed the rule and
+make the discrepancy between handling of DF by different tunnels. So in the
+ip_md_tunnel_xmit should follow the same rule like other tunnels.
+
+Fixes: cfc7381b3002 ("ip_tunnel: add collect_md mode to IPIP tunnel")
+Signed-off-by: wenxu <wenxu@ucloud.cn>
+Link: https://lore.kernel.org/r/1604028728-31100-1-git-send-email-wenxu@ucloud.cn
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv4/ip_tunnel.c | 3 ---
+ 1 file changed, 3 deletions(-)
+
+--- a/net/ipv4/ip_tunnel.c
++++ b/net/ipv4/ip_tunnel.c
+@@ -614,9 +614,6 @@ void ip_md_tunnel_xmit(struct sk_buff *s
+ ttl = ip4_dst_hoplimit(&rt->dst);
+ }
+
+- if (!df && skb->protocol == htons(ETH_P_IP))
+- df = inner_iph->frag_off & htons(IP_DF);
+-
+ headroom += LL_RESERVED_SPACE(rt->dst.dev) + rt->dst.header_len;
+ if (headroom > dev->needed_headroom)
+ dev->needed_headroom = headroom;
--- /dev/null
+From foo@baz Sat Nov 7 11:45:25 AM CET 2020
+From: Davide Caratti <dcaratti@redhat.com>
+Date: Mon, 2 Nov 2020 10:09:49 +0100
+Subject: [PATCH stable 5.9 17/20] mptcp: token: fix unititialized variable
+
+From: Davide Caratti <dcaratti@redhat.com>
+
+[ Upstream commit e16b874ee87aa70cd0a7145346ff5f41349b514c ]
+
+gcc complains about use of uninitialized 'num'. Fix it by doing the first
+assignment of 'num' when the variable is declared.
+
+Fixes: 96d890daad05 ("mptcp: add msk interations helper")
+Signed-off-by: Davide Caratti <dcaratti@redhat.com>
+Acked-by: Paolo Abeni <pabeni@redhat.com>
+Link: https://lore.kernel.org/r/49e20da5d467a73414d4294a8bd35e2cb1befd49.1604308087.git.dcaratti@redhat.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/mptcp/token.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/mptcp/token.c
++++ b/net/mptcp/token.c
+@@ -291,7 +291,7 @@ struct mptcp_sock *mptcp_token_iter_next
+ {
+ struct mptcp_sock *ret = NULL;
+ struct hlist_nulls_node *pos;
+- int slot, num;
++ int slot, num = 0;
+
+ for (slot = *s_slot; slot <= token_mask; *s_num = 0, slot++) {
+ struct token_bucket *bucket = &token_hash[slot];
--- /dev/null
+From foo@baz Sat Nov 7 11:45:25 AM CET 2020
+From: Jonathan McDowell <noodles@earth.li>
+Date: Fri, 30 Oct 2020 18:33:15 +0000
+Subject: [PATCH stable 5.9 18/20] net: dsa: qca8k: Fix port MTU setting
+
+From: Jonathan McDowell <noodles@earth.li>
+
+[ Upstream commit 99cab7107d914a71c57f5a4e6d34292425fbbb61 ]
+
+The qca8k only supports a switch-wide MTU setting, and the code to take
+the max of all ports was only looking at the port currently being set.
+Fix to examine all ports.
+
+Reported-by: DENG Qingfang <dqfext@gmail.com>
+Fixes: f58d2598cf70 ("net: dsa: qca8k: implement the port MTU callbacks")
+Signed-off-by: Jonathan McDowell <noodles@earth.li>
+Reviewed-by: Andrew Lunn <andrew@lunn.ch>
+Link: https://lore.kernel.org/r/20201030183315.GA6736@earth.li
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/dsa/qca8k.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/net/dsa/qca8k.c
++++ b/drivers/net/dsa/qca8k.c
+@@ -1219,8 +1219,8 @@ qca8k_port_change_mtu(struct dsa_switch
+ priv->port_mtu[port] = new_mtu;
+
+ for (i = 0; i < QCA8K_NUM_PORTS; i++)
+- if (priv->port_mtu[port] > mtu)
+- mtu = priv->port_mtu[port];
++ if (priv->port_mtu[i] > mtu)
++ mtu = priv->port_mtu[i];
+
+ /* Include L2 header / FCS length */
+ qca8k_write(priv, QCA8K_MAX_FRAME_SIZE, mtu + ETH_HLEN + ETH_FCS_LEN);
--- /dev/null
+From foo@baz Sat Nov 7 11:45:25 AM CET 2020
+From: Grygorii Strashko <grygorii.strashko@ti.com>
+Date: Thu, 29 Oct 2020 21:09:10 +0200
+Subject: [PATCH stable 5.9 10/20] net: ethernet: ti: cpsw: disable PTPv1 hw timestamping advertisement
+
+From: Grygorii Strashko <grygorii.strashko@ti.com>
+
+[ Upstream commit 0a26ba0603d637eb6673a2ea79808cc73909ef3a ]
+
+The TI CPTS does not natively support PTPv1, only PTPv2. But, as it
+happens, the CPTS can provide HW timestamp for PTPv1 Sync messages, because
+CPTS HW parser looks for PTP messageType id in PTP message octet 0 which
+value is 0 for PTPv1. As result, CPTS HW can detect Sync messages for PTPv1
+and PTPv2 (Sync messageType = 0 for both), but it fails for any other PTPv1
+messages (Delay_req/resp) and will return PTP messageType id 0 for them.
+
+The commit e9523a5a32a1 ("net: ethernet: ti: cpsw: enable
+HWTSTAMP_FILTER_PTP_V1_L4_EVENT filter") added PTPv1 hw timestamping
+advertisement by mistake, only to make Linux Kernel "timestamping" utility
+work, and this causes issues with only PTPv1 compatible HW/SW - Sync HW
+timestamped, but Delay_req/resp are not.
+
+Hence, fix it disabling PTPv1 hw timestamping advertisement, so only PTPv1
+compatible HW/SW can properly roll back to SW timestamping.
+
+Fixes: e9523a5a32a1 ("net: ethernet: ti: cpsw: enable HWTSTAMP_FILTER_PTP_V1_L4_EVENT filter")
+Signed-off-by: Grygorii Strashko <grygorii.strashko@ti.com>
+Acked-by: Richard Cochran <richardcochran@gmail.com>
+Link: https://lore.kernel.org/r/20201029190910.30789-1-grygorii.strashko@ti.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/ti/cpsw_ethtool.c | 1 -
+ drivers/net/ethernet/ti/cpsw_priv.c | 5 +----
+ 2 files changed, 1 insertion(+), 5 deletions(-)
+
+--- a/drivers/net/ethernet/ti/cpsw_ethtool.c
++++ b/drivers/net/ethernet/ti/cpsw_ethtool.c
+@@ -727,7 +727,6 @@ int cpsw_get_ts_info(struct net_device *
+ (1 << HWTSTAMP_TX_ON);
+ info->rx_filters =
+ (1 << HWTSTAMP_FILTER_NONE) |
+- (1 << HWTSTAMP_FILTER_PTP_V1_L4_EVENT) |
+ (1 << HWTSTAMP_FILTER_PTP_V2_EVENT);
+ return 0;
+ }
+--- a/drivers/net/ethernet/ti/cpsw_priv.c
++++ b/drivers/net/ethernet/ti/cpsw_priv.c
+@@ -639,13 +639,10 @@ static int cpsw_hwtstamp_set(struct net_
+ break;
+ case HWTSTAMP_FILTER_ALL:
+ case HWTSTAMP_FILTER_NTP_ALL:
+- return -ERANGE;
+ case HWTSTAMP_FILTER_PTP_V1_L4_EVENT:
+ case HWTSTAMP_FILTER_PTP_V1_L4_SYNC:
+ case HWTSTAMP_FILTER_PTP_V1_L4_DELAY_REQ:
+- priv->rx_ts_enabled = HWTSTAMP_FILTER_PTP_V1_L4_EVENT;
+- cfg.rx_filter = HWTSTAMP_FILTER_PTP_V1_L4_EVENT;
+- break;
++ return -ERANGE;
+ case HWTSTAMP_FILTER_PTP_V2_L4_EVENT:
+ case HWTSTAMP_FILTER_PTP_V2_L4_SYNC:
+ case HWTSTAMP_FILTER_PTP_V2_L4_DELAY_REQ:
--- /dev/null
+From foo@baz Sat Nov 7 11:45:25 AM CET 2020
+From: Greg Ungerer <gerg@linux-m68k.org>
+Date: Wed, 28 Oct 2020 15:22:32 +1000
+Subject: [PATCH stable 5.9 16/20] net: fec: fix MDIO probing for some FEC hardware blocks
+
+From: Greg Ungerer <gerg@linux-m68k.org>
+
+[ Upstream commit 1e6114f51f9d4090390fcec2f5d67d8cc8dc4bfc ]
+
+Some (apparently older) versions of the FEC hardware block do not like
+the MMFR register being cleared to avoid generation of MII events at
+initialization time. The action of clearing this register results in no
+future MII events being generated at all on the problem block. This means
+the probing of the MDIO bus will find no PHYs.
+
+Create a quirk that can be checked at the FECs MII init time so that
+the right thing is done. The quirk is set as appropriate for the FEC
+hardware blocks that are known to need this.
+
+Fixes: f166f890c8f0 ("net: ethernet: fec: Replace interrupt driven MDIO with polled IO")
+Signed-off-by: Greg Ungerer <gerg@linux-m68k.org>
+Acked-by: Fugang Duan <fugand.duan@nxp.com>
+Tested-by: Andrew Lunn <andrew@lunn.ch>
+Tested-by: Clemens Gruber <clemens.gruber@pqgruber.com>
+Link: https://lore.kernel.org/r/20201028052232.1315167-1-gerg@linux-m68k.org
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/freescale/fec.h | 6 ++++++
+ drivers/net/ethernet/freescale/fec_main.c | 29 ++++++++++++++++-------------
+ 2 files changed, 22 insertions(+), 13 deletions(-)
+
+--- a/drivers/net/ethernet/freescale/fec.h
++++ b/drivers/net/ethernet/freescale/fec.h
+@@ -456,6 +456,12 @@ struct bufdesc_ex {
+ */
+ #define FEC_QUIRK_HAS_FRREG (1 << 16)
+
++/* Some FEC hardware blocks need the MMFR cleared at setup time to avoid
++ * the generation of an MII event. This must be avoided in the older
++ * FEC blocks where it will stop MII events being generated.
++ */
++#define FEC_QUIRK_CLEAR_SETUP_MII (1 << 17)
++
+ struct bufdesc_prop {
+ int qid;
+ /* Address of Rx and Tx buffers */
+--- a/drivers/net/ethernet/freescale/fec_main.c
++++ b/drivers/net/ethernet/freescale/fec_main.c
+@@ -100,14 +100,14 @@ static const struct fec_devinfo fec_imx2
+ static const struct fec_devinfo fec_imx28_info = {
+ .quirks = FEC_QUIRK_ENET_MAC | FEC_QUIRK_SWAP_FRAME |
+ FEC_QUIRK_SINGLE_MDIO | FEC_QUIRK_HAS_RACC |
+- FEC_QUIRK_HAS_FRREG,
++ FEC_QUIRK_HAS_FRREG | FEC_QUIRK_CLEAR_SETUP_MII,
+ };
+
+ static const struct fec_devinfo fec_imx6q_info = {
+ .quirks = FEC_QUIRK_ENET_MAC | FEC_QUIRK_HAS_GBIT |
+ FEC_QUIRK_HAS_BUFDESC_EX | FEC_QUIRK_HAS_CSUM |
+ FEC_QUIRK_HAS_VLAN | FEC_QUIRK_ERR006358 |
+- FEC_QUIRK_HAS_RACC,
++ FEC_QUIRK_HAS_RACC | FEC_QUIRK_CLEAR_SETUP_MII,
+ };
+
+ static const struct fec_devinfo fec_mvf600_info = {
+@@ -119,7 +119,8 @@ static const struct fec_devinfo fec_imx6
+ FEC_QUIRK_HAS_BUFDESC_EX | FEC_QUIRK_HAS_CSUM |
+ FEC_QUIRK_HAS_VLAN | FEC_QUIRK_HAS_AVB |
+ FEC_QUIRK_ERR007885 | FEC_QUIRK_BUG_CAPTURE |
+- FEC_QUIRK_HAS_RACC | FEC_QUIRK_HAS_COALESCE,
++ FEC_QUIRK_HAS_RACC | FEC_QUIRK_HAS_COALESCE |
++ FEC_QUIRK_CLEAR_SETUP_MII,
+ };
+
+ static const struct fec_devinfo fec_imx6ul_info = {
+@@ -127,7 +128,7 @@ static const struct fec_devinfo fec_imx6
+ FEC_QUIRK_HAS_BUFDESC_EX | FEC_QUIRK_HAS_CSUM |
+ FEC_QUIRK_HAS_VLAN | FEC_QUIRK_ERR007885 |
+ FEC_QUIRK_BUG_CAPTURE | FEC_QUIRK_HAS_RACC |
+- FEC_QUIRK_HAS_COALESCE,
++ FEC_QUIRK_HAS_COALESCE | FEC_QUIRK_CLEAR_SETUP_MII,
+ };
+
+ static struct platform_device_id fec_devtype[] = {
+@@ -2135,15 +2136,17 @@ static int fec_enet_mii_init(struct plat
+ if (suppress_preamble)
+ fep->phy_speed |= BIT(7);
+
+- /* Clear MMFR to avoid to generate MII event by writing MSCR.
+- * MII event generation condition:
+- * - writing MSCR:
+- * - mmfr[31:0]_not_zero & mscr[7:0]_is_zero &
+- * mscr_reg_data_in[7:0] != 0
+- * - writing MMFR:
+- * - mscr[7:0]_not_zero
+- */
+- writel(0, fep->hwp + FEC_MII_DATA);
++ if (fep->quirks & FEC_QUIRK_CLEAR_SETUP_MII) {
++ /* Clear MMFR to avoid to generate MII event by writing MSCR.
++ * MII event generation condition:
++ * - writing MSCR:
++ * - mmfr[31:0]_not_zero & mscr[7:0]_is_zero &
++ * mscr_reg_data_in[7:0] != 0
++ * - writing MMFR:
++ * - mscr[7:0]_not_zero
++ */
++ writel(0, fep->hwp + FEC_MII_DATA);
++ }
+
+ writel(fep->phy_speed, fep->hwp + FEC_MII_SPEED);
+
--- /dev/null
+From foo@baz Sat Nov 7 11:45:25 AM CET 2020
+From: Eelco Chaudron <echaudro@redhat.com>
+Date: Tue, 3 Nov 2020 09:25:49 +0100
+Subject: [PATCH stable 5.9 19/20] net: openvswitch: silence suspicious RCU usage warning
+
+From: Eelco Chaudron <echaudro@redhat.com>
+
+[ Upstream commit fea07a487c6dd422dc8837237c9d2bc7c33119af ]
+
+Silence suspicious RCU usage warning in ovs_flow_tbl_masks_cache_resize()
+by replacing rcu_dereference() with rcu_dereference_ovsl().
+
+In addition, when creating a new datapath, make sure it's configured under
+the ovs_lock.
+
+Fixes: 9bf24f594c6a ("net: openvswitch: make masks cache size configurable")
+Reported-by: syzbot+9a8f8bfcc56e8578016c@syzkaller.appspotmail.com
+Signed-off-by: Eelco Chaudron <echaudro@redhat.com>
+Link: https://lore.kernel.org/r/160439190002.56943.1418882726496275961.stgit@ebuild
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/openvswitch/datapath.c | 14 +++++++-------
+ net/openvswitch/flow_table.c | 2 +-
+ 2 files changed, 8 insertions(+), 8 deletions(-)
+
+--- a/net/openvswitch/datapath.c
++++ b/net/openvswitch/datapath.c
+@@ -1699,13 +1699,13 @@ static int ovs_dp_cmd_new(struct sk_buff
+ parms.port_no = OVSP_LOCAL;
+ parms.upcall_portids = a[OVS_DP_ATTR_UPCALL_PID];
+
+- err = ovs_dp_change(dp, a);
+- if (err)
+- goto err_destroy_meters;
+-
+ /* So far only local changes have been made, now need the lock. */
+ ovs_lock();
+
++ err = ovs_dp_change(dp, a);
++ if (err)
++ goto err_unlock_and_destroy_meters;
++
+ vport = new_vport(&parms);
+ if (IS_ERR(vport)) {
+ err = PTR_ERR(vport);
+@@ -1721,8 +1721,7 @@ static int ovs_dp_cmd_new(struct sk_buff
+ ovs_dp_reset_user_features(skb, info);
+ }
+
+- ovs_unlock();
+- goto err_destroy_meters;
++ goto err_unlock_and_destroy_meters;
+ }
+
+ err = ovs_dp_cmd_fill_info(dp, reply, info->snd_portid,
+@@ -1737,7 +1736,8 @@ static int ovs_dp_cmd_new(struct sk_buff
+ ovs_notify(&dp_datapath_genl_family, reply, info);
+ return 0;
+
+-err_destroy_meters:
++err_unlock_and_destroy_meters:
++ ovs_unlock();
+ ovs_meters_exit(dp);
+ err_destroy_ports:
+ kfree(dp->ports);
+--- a/net/openvswitch/flow_table.c
++++ b/net/openvswitch/flow_table.c
+@@ -387,7 +387,7 @@ static struct mask_cache *tbl_mask_cache
+ }
+ int ovs_flow_tbl_masks_cache_resize(struct flow_table *table, u32 size)
+ {
+- struct mask_cache *mc = rcu_dereference(table->mask_cache);
++ struct mask_cache *mc = rcu_dereference_ovsl(table->mask_cache);
+ struct mask_cache *new;
+
+ if (size == mc->cache_size)
--- /dev/null
+From foo@baz Sat Nov 7 11:45:25 AM CET 2020
+From: Daniele Palmas <dnlplm@gmail.com>
+Date: Mon, 2 Nov 2020 12:01:08 +0100
+Subject: [PATCH stable 5.9 11/20] net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition
+
+From: Daniele Palmas <dnlplm@gmail.com>
+
+[ Upstream commit 5fd8477ed8ca77e64b93d44a6dae4aa70c191396 ]
+
+Add support for Telit LE910Cx 0x1230 composition:
+
+0x1230: tty, adb, rmnet, audio, tty, tty, tty, tty
+
+Signed-off-by: Daniele Palmas <dnlplm@gmail.com>
+Acked-by: Bjørn Mork <bjorn@mork.no>
+Link: https://lore.kernel.org/r/20201102110108.17244-1-dnlplm@gmail.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/usb/qmi_wwan.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/net/usb/qmi_wwan.c
++++ b/drivers/net/usb/qmi_wwan.c
+@@ -1331,6 +1331,7 @@ static const struct usb_device_id produc
+ {QMI_FIXED_INTF(0x1bc7, 0x1101, 3)}, /* Telit ME910 dual modem */
+ {QMI_FIXED_INTF(0x1bc7, 0x1200, 5)}, /* Telit LE920 */
+ {QMI_QUIRK_SET_DTR(0x1bc7, 0x1201, 2)}, /* Telit LE920, LE920A4 */
++ {QMI_QUIRK_SET_DTR(0x1bc7, 0x1230, 2)}, /* Telit LE910Cx */
+ {QMI_QUIRK_SET_DTR(0x1bc7, 0x1260, 2)}, /* Telit LE910Cx */
+ {QMI_QUIRK_SET_DTR(0x1bc7, 0x1261, 2)}, /* Telit LE910Cx */
+ {QMI_QUIRK_SET_DTR(0x1bc7, 0x1900, 1)}, /* Telit LN940 series */
--- /dev/null
+From foo@baz Sat Nov 7 11:45:25 AM CET 2020
+From: Sukadev Bhattiprolu <sukadev@linux.ibm.com>
+Date: Fri, 30 Oct 2020 10:07:11 -0700
+Subject: [PATCH stable 5.9 12/20] powerpc/vnic: Extend "failover pending" window
+
+From: Sukadev Bhattiprolu <sukadev@linux.ibm.com>
+
+[ Upstream commit 1d8504937478fdc2f3ef2174a816fd3302eca882 ]
+
+Commit 5a18e1e0c193b introduced the 'failover_pending' state to track
+the "failover pending window" - where we wait for the partner to become
+ready (after a transport event) before actually attempting to failover.
+i.e window is between following two events:
+
+ a. we get a transport event due to a FAILOVER
+
+ b. later, we get CRQ_INITIALIZED indicating the partner is
+ ready at which point we schedule a FAILOVER reset.
+
+and ->failover_pending is true during this window.
+
+If during this window, we attempt to open (or close) a device, we pretend
+that the operation succeded and let the FAILOVER reset path complete the
+operation.
+
+This is fine, except if the transport event ("a" above) occurs during the
+open and after open has already checked whether a failover is pending. If
+that happens, we fail the open, which can cause the boot scripts to leave
+the interface down requiring administrator to manually bring up the device.
+
+This fix "extends" the failover pending window till we are _actually_
+ready to perform the failover reset (i.e until after we get the RTNL
+lock). Since open() holds the RTNL lock, we can be sure that we either
+finish the open or if the open() fails due to the failover pending window,
+we can again pretend that open is done and let the failover complete it.
+
+We could try and block the open until failover is completed but a) that
+could still timeout the application and b) Existing code "pretends" that
+failover occurred "just after" open succeeded, so marks the open successful
+and lets the failover complete the open. So, mark the open successful even
+if the transport event occurs before we actually start the open.
+
+Fixes: 5a18e1e0c193 ("ibmvnic: Fix failover case for non-redundant configuration")
+Signed-off-by: Sukadev Bhattiprolu <sukadev@linux.ibm.com>
+Acked-by: Dany Madden <drt@linux.ibm.com>
+Link: https://lore.kernel.org/r/20201030170711.1562994-1-sukadev@linux.ibm.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/ibm/ibmvnic.c | 36 ++++++++++++++++++++++++++++++++----
+ 1 file changed, 32 insertions(+), 4 deletions(-)
+
+--- a/drivers/net/ethernet/ibm/ibmvnic.c
++++ b/drivers/net/ethernet/ibm/ibmvnic.c
+@@ -1197,18 +1197,27 @@ static int ibmvnic_open(struct net_devic
+ if (adapter->state != VNIC_CLOSED) {
+ rc = ibmvnic_login(netdev);
+ if (rc)
+- return rc;
++ goto out;
+
+ rc = init_resources(adapter);
+ if (rc) {
+ netdev_err(netdev, "failed to initialize resources\n");
+ release_resources(adapter);
+- return rc;
++ goto out;
+ }
+ }
+
+ rc = __ibmvnic_open(netdev);
+
++out:
++ /*
++ * If open fails due to a pending failover, set device state and
++ * return. Device operation will be handled by reset routine.
++ */
++ if (rc && adapter->failover_pending) {
++ adapter->state = VNIC_OPEN;
++ rc = 0;
++ }
+ return rc;
+ }
+
+@@ -1935,6 +1944,13 @@ static int do_reset(struct ibmvnic_adapt
+ rwi->reset_reason);
+
+ rtnl_lock();
++ /*
++ * Now that we have the rtnl lock, clear any pending failover.
++ * This will ensure ibmvnic_open() has either completed or will
++ * block until failover is complete.
++ */
++ if (rwi->reset_reason == VNIC_RESET_FAILOVER)
++ adapter->failover_pending = false;
+
+ netif_carrier_off(netdev);
+ adapter->reset_reason = rwi->reset_reason;
+@@ -2215,6 +2231,13 @@ static void __ibmvnic_reset(struct work_
+ /* CHANGE_PARAM requestor holds rtnl_lock */
+ rc = do_change_param_reset(adapter, rwi, reset_state);
+ } else if (adapter->force_reset_recovery) {
++ /*
++ * Since we are doing a hard reset now, clear the
++ * failover_pending flag so we don't ignore any
++ * future MOBILITY or other resets.
++ */
++ adapter->failover_pending = false;
++
+ /* Transport event occurred during previous reset */
+ if (adapter->wait_for_reset) {
+ /* Previous was CHANGE_PARAM; caller locked */
+@@ -2279,9 +2302,15 @@ static int ibmvnic_reset(struct ibmvnic_
+ unsigned long flags;
+ int ret;
+
++ /*
++ * If failover is pending don't schedule any other reset.
++ * Instead let the failover complete. If there is already a
++ * a failover reset scheduled, we will detect and drop the
++ * duplicate reset when walking the ->rwi_list below.
++ */
+ if (adapter->state == VNIC_REMOVING ||
+ adapter->state == VNIC_REMOVED ||
+- adapter->failover_pending) {
++ (adapter->failover_pending && reason != VNIC_RESET_FAILOVER)) {
+ ret = EBUSY;
+ netdev_dbg(netdev, "Adapter removing or pending failover, skipping reset\n");
+ goto err;
+@@ -4665,7 +4694,6 @@ static void ibmvnic_handle_crq(union ibm
+ case IBMVNIC_CRQ_INIT:
+ dev_info(dev, "Partner initialized\n");
+ adapter->from_passive_init = true;
+- adapter->failover_pending = false;
+ if (!completion_done(&adapter->init_done)) {
+ complete(&adapter->init_done);
+ adapter->init_done_rc = -EIO;
--- /dev/null
+From foo@baz Sat Nov 7 11:45:25 AM CET 2020
+From: Heiner Kallweit <hkallweit1@gmail.com>
+Date: Tue, 3 Nov 2020 18:52:18 +0100
+Subject: [PATCH stable 5.9 20/20] r8169: work around short packet hw bug on RTL8125
+
+From: Heiner Kallweit <hkallweit1@gmail.com>
+
+[ Upstream commit 2aaf09a0e7842b3ac7be6e0b8fb1888b3daeb3b3 ]
+
+Network problems with RTL8125B have been reported [0] and with help
+from Realtek it turned out that this chip version has a hw problem
+with short packets (similar to RTL8168evl). Having said that activate
+the same workaround as for RTL8168evl.
+Realtek suggested to activate the workaround for RTL8125A too, even
+though they're not 100% sure yet which RTL8125 versions are affected.
+
+[0] https://bugzilla.kernel.org/show_bug.cgi?id=209839
+
+Fixes: 0439297be951 ("r8169: add support for RTL8125B")
+Reported-by: Maxim Plotnikov <wgh@torlan.ru>
+Tested-by: Maxim Plotnikov <wgh@torlan.ru>
+Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
+Link: https://lore.kernel.org/r/8002c31a-60b9-58f1-f0dd-8fd07239917f@gmail.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/realtek/r8169_main.c | 14 +++++++++++---
+ 1 file changed, 11 insertions(+), 3 deletions(-)
+
+--- a/drivers/net/ethernet/realtek/r8169_main.c
++++ b/drivers/net/ethernet/realtek/r8169_main.c
+@@ -4062,9 +4062,17 @@ err_out:
+ return -EIO;
+ }
+
+-static bool rtl_test_hw_pad_bug(struct rtl8169_private *tp, struct sk_buff *skb)
++static bool rtl_test_hw_pad_bug(struct rtl8169_private *tp)
+ {
+- return skb->len < ETH_ZLEN && tp->mac_version == RTL_GIGA_MAC_VER_34;
++ switch (tp->mac_version) {
++ case RTL_GIGA_MAC_VER_34:
++ case RTL_GIGA_MAC_VER_60:
++ case RTL_GIGA_MAC_VER_61:
++ case RTL_GIGA_MAC_VER_63:
++ return true;
++ default:
++ return false;
++ }
+ }
+
+ static void rtl8169_tso_csum_v1(struct sk_buff *skb, u32 *opts)
+@@ -4136,7 +4144,7 @@ static bool rtl8169_tso_csum_v2(struct r
+
+ opts[1] |= transport_offset << TCPHO_SHIFT;
+ } else {
+- if (unlikely(rtl_test_hw_pad_bug(tp, skb)))
++ if (unlikely(skb->len < ETH_ZLEN && rtl_test_hw_pad_bug(tp)))
+ return !eth_skb_pad(skb);
+ }
+
--- /dev/null
+From foo@baz Sat Nov 7 11:45:25 AM CET 2020
+From: Petr Malat <oss@malat.biz>
+Date: Fri, 30 Oct 2020 14:26:33 +0100
+Subject: [PATCH stable 5.9 13/20] sctp: Fix COMM_LOST/CANT_STR_ASSOC err reporting on big-endian platforms
+
+From: Petr Malat <oss@malat.biz>
+
+[ Upstream commit b6df8c81412190fbd5eaa3cec7f642142d9c16cd ]
+
+Commit 978aa0474115 ("sctp: fix some type cast warnings introduced since
+very beginning")' broke err reading from sctp_arg, because it reads the
+value as 32-bit integer, although the value is stored as 16-bit integer.
+Later this value is passed to the userspace in 16-bit variable, thus the
+user always gets 0 on big-endian platforms. Fix it by reading the __u16
+field of sctp_arg union, as reading err field would produce a sparse
+warning.
+
+Fixes: 978aa0474115 ("sctp: fix some type cast warnings introduced since very beginning")
+Signed-off-by: Petr Malat <oss@malat.biz>
+Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
+Link: https://lore.kernel.org/r/20201030132633.7045-1-oss@malat.biz
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/sctp/sm_sideeffect.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/net/sctp/sm_sideeffect.c
++++ b/net/sctp/sm_sideeffect.c
+@@ -1601,12 +1601,12 @@ static int sctp_cmd_interpreter(enum sct
+ break;
+
+ case SCTP_CMD_INIT_FAILED:
+- sctp_cmd_init_failed(commands, asoc, cmd->obj.u32);
++ sctp_cmd_init_failed(commands, asoc, cmd->obj.u16);
+ break;
+
+ case SCTP_CMD_ASSOC_FAILED:
+ sctp_cmd_assoc_failed(commands, asoc, event_type,
+- subtype, chunk, cmd->obj.u32);
++ subtype, chunk, cmd->obj.u16);
+ break;
+
+ case SCTP_CMD_INIT_COUNTER_INC:
drm-nouveau-kms-nv50-program-notifier-offset-before-requesting-disp-caps.patch
drm-nouveau-device-fix-changing-endianess-code-to-work-on-older-gpus.patch
ptrace-fix-task_join_group_stop-for-the-case-when-current-is-traced.patch
+cadence-force-nonlinear-buffers-to-be-cloned.patch
+chelsio-chtls-fix-memory-leaks-caused-by-a-race.patch
+chelsio-chtls-fix-always-leaking-ctrl_skb.patch
+dpaa_eth-update-the-buffer-layout-for-non-a050385-erratum-scenarios.patch
+dpaa_eth-fix-the-rx-headroom-size-alignment.patch
+gianfar-replace-skb_realloc_headroom-with-skb_cow_head-for-ptp.patch
+gianfar-account-for-tx-ptp-timestamp-in-the-skb-headroom.patch
+ionic-check-port-ptr-before-use.patch
+ip_tunnel-fix-over-mtu-packet-send-fail-without-tunnel_dont_fragment-flags.patch
+net-ethernet-ti-cpsw-disable-ptpv1-hw-timestamping-advertisement.patch
+net-usb-qmi_wwan-add-telit-le910cx-0x1230-composition.patch
+powerpc-vnic-extend-failover-pending-window.patch
+sctp-fix-comm_lost-cant_str_assoc-err-reporting-on-big-endian-platforms.patch
+sfp-fix-error-handing-in-sfp_probe.patch
+ip6_tunnel-set-inner-ipproto-before-ip6_tnl_encap.patch
+net-fec-fix-mdio-probing-for-some-fec-hardware-blocks.patch
+mptcp-token-fix-unititialized-variable.patch
+net-dsa-qca8k-fix-port-mtu-setting.patch
+net-openvswitch-silence-suspicious-rcu-usage-warning.patch
+r8169-work-around-short-packet-hw-bug-on-rtl8125.patch
--- /dev/null
+From foo@baz Sat Nov 7 11:45:25 AM CET 2020
+From: YueHaibing <yuehaibing@huawei.com>
+Date: Sat, 31 Oct 2020 11:10:53 +0800
+Subject: [PATCH stable 5.9 14/20] sfp: Fix error handing in sfp_probe()
+
+From: YueHaibing <yuehaibing@huawei.com>
+
+[ Upstream commit 9621618130bf7e83635367c13b9a6ee53935bb37 ]
+
+gpiod_to_irq() never return 0, but returns negative in
+case of error, check it and set gpio_irq to 0.
+
+Fixes: 73970055450e ("sfp: add SFP module support")
+Signed-off-by: YueHaibing <yuehaibing@huawei.com>
+Reviewed-by: Andrew Lunn <andrew@lunn.ch>
+Link: https://lore.kernel.org/r/20201031031053.25264-1-yuehaibing@huawei.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/phy/sfp.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/net/phy/sfp.c
++++ b/drivers/net/phy/sfp.c
+@@ -2389,7 +2389,8 @@ static int sfp_probe(struct platform_dev
+ continue;
+
+ sfp->gpio_irq[i] = gpiod_to_irq(sfp->gpio[i]);
+- if (!sfp->gpio_irq[i]) {
++ if (sfp->gpio_irq[i] < 0) {
++ sfp->gpio_irq[i] = 0;
+ sfp->need_poll = true;
+ continue;
+ }
projects / thirdparty / kernel / stable-queue.git / commitdiff
