[ Upstream commit da715775 ]

When an FDB entry is configured, the address is validated to have the
length of an Ethernet address, but the device for which the address is
configured can be of any type.

The above can result in the use of uninitialized memory when the address
is later compared against existing addresses since 'dev->addr_len' is
used and it may be greater than ETH_ALEN, as with ip6tnl devices.

Fix this by making sure that FDB entries are only configured for
Ethernet devices.

BUG: KMSAN: uninit-value in memcmp+0x11d/0x180 lib/string.c:863
CPU: 1 PID: 4318 Comm: syz-executor998 Not tainted 4.19.0-rc3+ #49
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
  __dump_stack lib/dump_stack.c:77 [inline]
  dump_stack+0x14b/0x190 lib/dump_stack.c:113
  kmsan_report+0x183/0x2b0 mm/kmsan/kmsan.c:956
  __msan_warning+0x70/0xc0 mm/kmsan/kmsan_instr.c:645
  memcmp+0x11d/0x180 lib/string.c:863
  dev_uc_add_excl+0x165/0x7b0 net/core/dev_addr_lists.c:464
  ndo_dflt_fdb_add net/core/rtnetlink.c:3463 [inline]
  rtnl_fdb_add+0x1081/0x1270 net/core/rtnetlink.c:3558
  rtnetlink_rcv_msg+0xa0b/0x1530 net/core/rtnetlink.c:4715
  netlink_rcv_skb+0x36e/0x5f0 net/netlink/af_netlink.c:2454
  rtnetlink_rcv+0x50/0x60 net/core/rtnetlink.c:4733
  netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline]
  netlink_unicast+0x1638/0x1720 net/netlink/af_netlink.c:1343
  netlink_sendmsg+0x1205/0x1290 net/netlink/af_netlink.c:1908
  sock_sendmsg_nosec net/socket.c:621 [inline]
  sock_sendmsg net/socket.c:631 [inline]
  ___sys_sendmsg+0xe70/0x1290 net/socket.c:2114
  __sys_sendmsg net/socket.c:2152 [inline]
  __do_sys_sendmsg net/socket.c:2161 [inline]
  __se_sys_sendmsg+0x2a3/0x3d0 net/socket.c:2159
  __x64_sys_sendmsg+0x4a/0x70 net/socket.c:2159
  do_syscall_64+0xb8/0x100 arch/x86/entry/common.c:291
  entry_SYSCALL_64_after_hwframe+0x63/0xe7
RIP: 0033:0x440ee9
Code: e8 cc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7
48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff
ff 0f 83 bb 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fff6a93b518 EFLAGS: 00000213 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440ee9
RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00000000004002c8 R09: 00000000004002c8
R10: 00000000004002c8 R11: 0000000000000213 R12: 000000000000b4b0
R13: 0000000000401ec0 R14: 0000000000000000 R15: 0000000000000000

Uninit was created at:
  kmsan_save_stack_with_flags mm/kmsan/kmsan.c:256 [inline]
  kmsan_internal_poison_shadow+0xb8/0x1b0 mm/kmsan/kmsan.c:181
  kmsan_kmalloc+0x98/0x100 mm/kmsan/kmsan_hooks.c:91
  kmsan_slab_alloc+0x10/0x20 mm/kmsan/kmsan_hooks.c:100
  slab_post_alloc_hook mm/slab.h:446 [inline]
  slab_alloc_node mm/slub.c:2718 [inline]
  __kmalloc_node_track_caller+0x9e7/0x1160 mm/slub.c:4351
  __kmalloc_reserve net/core/skbuff.c:138 [inline]
  __alloc_skb+0x2f5/0x9e0 net/core/skbuff.c:206
  alloc_skb include/linux/skbuff.h:996 [inline]
  netlink_alloc_large_skb net/netlink/af_netlink.c:1189 [inline]
  netlink_sendmsg+0xb49/0x1290 net/netlink/af_netlink.c:1883
  sock_sendmsg_nosec net/socket.c:621 [inline]
  sock_sendmsg net/socket.c:631 [inline]
  ___sys_sendmsg+0xe70/0x1290 net/socket.c:2114
  __sys_sendmsg net/socket.c:2152 [inline]
  __do_sys_sendmsg net/socket.c:2161 [inline]
  __se_sys_sendmsg+0x2a3/0x3d0 net/socket.c:2159
  __x64_sys_sendmsg+0x4a/0x70 net/socket.c:2159
  do_syscall_64+0xb8/0x100 arch/x86/entry/common.c:291
  entry_SYSCALL_64_after_hwframe+0x63/0xe7

v2:
* Make error message more specific (David)

Fixes: 090096bf ("net: generic fdb support for drivers without ndo_fdb_<op>")
Signed-off-by: NIdo Schimmel <idosch@mellanox.com>
Reported-and-tested-by: syzbot+3a288d5f5530b901310e@syzkaller.appspotmail.com
Reported-and-tested-by: syzbot+d53ab4e92a1db04110ff@syzkaller.appspotmail.com
Cc: Vlad Yasevich <vyasevich@gmail.com>
Cc: David Ahern <dsahern@gmail.com>
Reviewed-by: NDavid Ahern <dsahern@gmail.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>
Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>

[ Upstream commit 89ab066d4229acd32e323f1569833302544a4186 ]

This reverts commit dd979b4d.

This broke tcp_poll for SMC fallback: An AF_SMC socket establishes an
internal TCP socket for the initial handshake with the remote peer.
Whenever the SMC connection can not be established this TCP socket is
used as a fallback. All socket operations on the SMC socket are then
forwarded to the TCP socket. In case of poll, the file->private_data
pointer references the SMC socket because the TCP socket has no file
assigned. This causes tcp_poll to wait on the wrong socket.
Signed-off-by: NKarsten Graul <kgraul@linux.ibm.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>
Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>

[ Upstream commit db4f1be3 ]

Current handling of CHECKSUM_COMPLETE packets by the UDP stack is
incorrect for any packet that has an incorrect checksum value.

udp4/6_csum_init() will both make a call to
__skb_checksum_validate_complete() to initialize/validate the csum
field when receiving a CHECKSUM_COMPLETE packet. When this packet
fails validation, skb->csum will be overwritten with the pseudoheader
checksum so the packet can be fully validated by software, but the
skb->ip_summed value will be left as CHECKSUM_COMPLETE so that way
the stack can later warn the user about their hardware spewing bad
checksums. Unfortunately, leaving the SKB in this state can cause
problems later on in the checksum calculation.

Since the the packet is still marked as CHECKSUM_COMPLETE,
udp_csum_pull_header() will SUBTRACT the checksum of the UDP header
from skb->csum instead of adding it, leaving us with a garbage value
in that field. Once we try to copy the packet to userspace in the
udp4/6_recvmsg(), we'll make a call to skb_copy_and_csum_datagram_msg()
to checksum the packet data and add it in the garbage skb->csum value
to perform our final validation check.

Since the value we're validating is not the proper checksum, it's possible
that the folded value could come out to 0, causing us not to drop the
packet. Instead, we believe that the packet was checksummed incorrectly
by hardware since skb->ip_summed is still CHECKSUM_COMPLETE, and we attempt
to warn the user with netdev_rx_csum_fault(skb->dev);

Unfortunately, since this is the UDP path, skb->dev has been overwritten
by skb->dev_scratch and is no longer a valid pointer, so we end up
reading invalid memory.

This patch addresses this problem in two ways:
	1) Do not use the dev pointer when calling netdev_rx_csum_fault()
	   from skb_copy_and_csum_datagram_msg(). Since this gets called
	   from the UDP path where skb->dev has been overwritten, we have
	   no way of knowing if the pointer is still valid. Also for the
	   sake of consistency with the other uses of
	   netdev_rx_csum_fault(), don't attempt to call it if the
	   packet was checksummed by software.

	2) Add better CHECKSUM_COMPLETE handling to udp4/6_csum_init().
	   If we receive a packet that's CHECKSUM_COMPLETE that fails
	   verification (i.e. skb->csum_valid == 0), check who performed
	   the calculation. It's possible that the checksum was done in
	   software by the network stack earlier (such as Netfilter's
	   CONNTRACK module), and if that says the checksum is bad,
	   we can drop the packet immediately instead of waiting until
	   we try and copy it to userspace. Otherwise, we need to
	   mark the SKB as CHECKSUM_NONE, since the skb->csum field
	   no longer contains the full packet checksum after the
	   call to __skb_checksum_validate_complete().

Fixes: e6afc8ac ("udp: remove headers from UDP packets before queueing")
Fixes: c84d9490 ("udp: copy skb->truesize in the first cache line")
Cc: Sam Kumar <samanthakumar@google.com>
Cc: Eric Dumazet <edumazet@google.com>
Signed-off-by: NSean Tranchetti <stranche@codeaurora.org>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>
Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>

[ Upstream commit 30549aab ]

When building stmmac, it is only possible to select CONFIG_DWMAC_GENERIC,
or any of the glue drivers, when CONFIG_STMMAC_PLATFORM is set.
The only exception is CONFIG_STMMAC_PCI.

When calling of_mdiobus_register(), it will call our ->reset()
callback, which is set to stmmac_mdio_reset().

Most of the code in stmmac_mdio_reset() is protected by a
"#if defined(CONFIG_STMMAC_PLATFORM)", which will evaluate
to false when CONFIG_STMMAC_PLATFORM=m.

Because of this, the phy reset gpio will only be pulled when
stmmac is built as built-in, but not when built as modules.

Fix this by using "#if IS_ENABLED()" instead of "#if defined()".
Signed-off-by: NNiklas Cassel <niklas.cassel@linaro.org>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>
Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>

[ Upstream commit 38b4f18d ]

gred_change_table_def() takes a pointer to TCA_GRED_DPS attribute,
and expects it will be able to interpret its contents as
struct tc_gred_sopt.  Pass the correct gred attribute, instead of
TCA_OPTIONS.

This bug meant the table definition could never be changed after
Qdisc was initialized (unless whatever TCA_OPTIONS contained both
passed netlink validation and was a valid struct tc_gred_sopt...).

Old behaviour:
$ ip link add type dummy
$ tc qdisc replace dev dummy0 parent root handle 7: \
     gred setup vqs 4 default 0
$ tc qdisc replace dev dummy0 parent root handle 7: \
     gred setup vqs 4 default 0
RTNETLINK answers: Invalid argument

Now:
$ ip link add type dummy
$ tc qdisc replace dev dummy0 parent root handle 7: \
     gred setup vqs 4 default 0
$ tc qdisc replace dev dummy0 parent root handle 7: \
     gred setup vqs 4 default 0
$ tc qdisc replace dev dummy0 parent root handle 7: \
     gred setup vqs 4 default 0

Fixes: f62d6b93 ("[PKT_SCHED]: GRED: Use central VQ change procedure")
Signed-off-by: NJakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>
Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>

[ Upstream commit d48051c5 ]

As shown by Dmitris, we need to use csum_block_add() instead of csum_add()
when adding the FCS contribution to skb csum.

Before 4.18 (more exactly commit 88078d98 "net: pskb_trim_rcsum()
and CHECKSUM_COMPLETE are friends"), the whole skb csum was thrown away,
so RXFCS changes were ignored.

Then before commit d55bef50 ("net: fix pskb_trim_rcsum_slow() with
odd trim offset") both mlx5 and pskb_trim_rcsum_slow() bugs were canceling
each other.

Now we fixed pskb_trim_rcsum_slow() we need to fix mlx5.

Note that this patch also rewrites mlx5e_get_fcs() to :

- Use skb_header_pointer() instead of reinventing it.
- Use __get_unaligned_cpu32() to avoid possible non aligned accesses
  as Dmitris pointed out.

Fixes: 902a5459 ("net/mlx5e: When RXFCS is set, add FCS data into checksum calculation")
Reported-by: NPaweł Staszewski <pstaszewski@itcare.pl>
Signed-off-by: NEric Dumazet <edumazet@google.com>
Cc: Eran Ben Elisha <eranbe@mellanox.com>
Cc: Saeed Mahameed <saeedm@mellanox.com>
Cc: Dimitris Michailidis <dmichail@google.com>
Cc: Cong Wang <xiyou.wangcong@gmail.com>
Cc: Paweł Staszewski <pstaszewski@itcare.pl>
Reviewed-by: NEran Ben Elisha <eranbe@mellanox.com>
Tested-By: NMaria Pasechnik <mariap@mellanox.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>
Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>

[ Upstream commit ee1abcf6 ]

Commit a61bbcf2 ("[NET]: Store skb->timestamp as offset to a base
timestamp") introduces a neighbour control buffer and zeroes it out in
ndisc_rcv(), as ndisc_recv_ns() uses it.

Commit f2776ff0 ("[IPV6]: Fix address/interface handling in UDP and
DCCP, according to the scoping architecture.") introduces the usage of the
IPv6 control buffer in protocol error handlers (e.g. inet6_iif() in
present-day __udp6_lib_err()).

Now, with commit b94f1c09 ("ipv6: Use icmpv6_notify() to propagate
redirect, instead of rt6_redirect()."), we call protocol error handlers
from ndisc_redirect_rcv(), after the control buffer is already stolen and
some parts are already zeroed out. This implies that inet6_iif() on this
path will always return zero.

This gives unexpected results on UDP socket lookup in __udp6_lib_err(), as
we might actually need to match sockets for a given interface.

Instead of always claiming the control buffer in ndisc_rcv(), do that only
when needed.

Fixes: b94f1c09 ("ipv6: Use icmpv6_notify() to propagate redirect, instead of rt6_redirect().")
Signed-off-by: NStefano Brivio <sbrivio@redhat.com>
Reviewed-by: NSabrina Dubroca <sd@queasysnail.net>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>
Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>

[ Upstream commit 5a2de63f ]

Based on RFC 4541, 2.1.1.  IGMP Forwarding Rules

  The switch supporting IGMP snooping must maintain a list of
  multicast routers and the ports on which they are attached.  This
  list can be constructed in any combination of the following ways:

  a) This list should be built by the snooping switch sending
     Multicast Router Solicitation messages as described in IGMP
     Multicast Router Discovery [MRDISC].  It may also snoop
     Multicast Router Advertisement messages sent by and to other
     nodes.

  b) The arrival port for IGMP Queries (sent by multicast routers)
     where the source address is not 0.0.0.0.

We should not add the port to router list when receives query with source
0.0.0.0.
Reported-by: NYing Xu <yinxu@redhat.com>
Signed-off-by: NHangbin Liu <liuhangbin@gmail.com>
Acked-by: NNikolay Aleksandrov <nikolay@cumulusnetworks.com>
Acked-by: NRoopa Prabhu <roopa@cumulusnetworks.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>
Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>

As I introduced these files, I'm willing to be the maintainer of them as
well.
Acked-by: NChris Mason <clm@fb.com>
Acked-by: NOlof Johansson <olof@lixom.net>
Acked-by: NSteven Rostedt (VMware) <rostedt@goodmis.org>
Acked-by: NTheodore Ts'o <tytso@mit.edu>
Acked-by: NThomas Gleixner <tglx@linutronix.de>
Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>

The contact point for the kernel's Code of Conduct should now be the
Code of Conduct Committee, not the full TAB.  Change the email address
in the file to properly reflect this.
Acked-by: NChris Mason <clm@fb.com>
Acked-by: NOlof Johansson <olof@lixom.net>
Acked-by: NTheodore Ts'o <tytso@mit.edu>
Acked-by: NThomas Gleixner <tglx@linutronix.de>
Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>

There was a blank <URL> reference for how to find the Code of Conduct
Committee.  Fix that up by pointing it to the correct kernel.org website
page location.
Acked-by: NChris Mason <clm@fb.com>
Acked-by: NOlof Johansson <olof@lixom.net>
Acked-by: NTheodore Ts'o <tytso@mit.edu>
Acked-by: NThomas Gleixner <tglx@linutronix.de>
Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>

Create a link between the Code of Conduct and the Code of Conduct
Interpretation so that people can see that they are related.
Acked-by: NChris Mason <clm@fb.com>
Acked-by: NOlof Johansson <olof@lixom.net>
Acked-by: NTheodore Ts'o <tytso@mit.edu>
Acked-by: NThomas Gleixner <tglx@linutronix.de>
Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>

We use the term "TAB" before defining it later in the document.  Fix
that up by defining it at the first location.
Reported-by: NKuninori Morimoto <kuninori.morimoto.gx@renesas.com>
Acked-by: NChris Mason <clm@fb.com>
Acked-by: NOlof Johansson <olof@lixom.net>
Acked-by: NTheodore Ts'o <tytso@mit.edu>
Acked-by: NThomas Gleixner <tglx@linutronix.de>
Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>

Code of Conduct Interpretation: Add document explaining how the Code of Conduct is to be interpreted

The Contributor Covenant Code of Conduct is a general document meant to
provide a set of rules for almost any open source community.  Every
open-source community is unique and the Linux kernel is no exception.
Because of this, this document describes how we in the Linux kernel
community will interpret it.  We also do not expect this interpretation
to be static over time, and will adjust it as needed.

This document was created with the input and feedback of the TAB as well
as many current kernel maintainers.
Co-Developed-by: NThomas Gleixner <tglx@linutronix.de>
Co-Developed-by: NOlof Johansson <olof@lixom.net>
Acked-by: NAlex Deucher <alexander.deucher@amd.com>
Acked-by: NAlexei Starovoitov <ast@kernel.org>
Acked-by: NAmir Goldstein <amir73il@gmail.com>
Acked-by: NAndrew Morton <akpm@linux-foundation.org>
Acked-by: NAndy Lutomirski <luto@kernel.org>
Acked-by: NAnna-Maria Gleixner <anna-maria@linutronix.de>
Acked-by: NArd Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: NBenjamin Herrenschmidt <benh@kernel.crashing.org>
Acked-by: NBoris Brezillon <boris.brezillon@bootlin.com>
Acked-by: NBorislav Petkov <bp@kernel.org>
Acked-by: NChris Mason <clm@fb.com>
Acked-by: NChristian Lütke-Stetzkamp <christian@lkamp.de>
Acked-by: NColin Ian King <colin.king@canonical.com>
Acked-by: NDan Carpenter <dan.carpenter@oracle.com>
Acked-by: NDan Williams <dan.j.williams@intel.com>
Acked-by: NDaniel Borkmann <daniel@iogearbox.net>
Acked-by: NDaniel Vetter <daniel.vetter@ffwll.ch>
Acked-by: NDave Airlie <airlied@redhat.com>
Acked-by: NDave Hansen <dave.hansen@linux.intel.com>
Acked-by: NDavid Ahern <dsa@cumulusnetworks.com>
Acked-by: NDavid Sterba <kdave@kernel.org>
Acked-by: NDmitry Torokhov <dmitry.torokhov@gmail.com>
Acked-by: NDominik Brodowski <linux@dominikbrodowski.de>
Acked-by: NEric Dumazet <eric.dumazet@gmail.com>
Acked-by: NFelipe Balbi <balbi@kernel.org>
Acked-by: NFelix Kuehling <Felix.Kuehling@amd.com>
Acked-by: NFlorian Fainelli <f.fainelli@gmail.com>
Acked-by: NGeert Uytterhoeven <geert@linux-m68k.org>
Acked-by: NGrant Likely <grant.likely@secretlab.ca>
Acked-by: NGregory CLEMENT <gregory.clement@bootlin.com>
Acked-by: NGuenter Roeck <linux@roeck-us.net>
Acked-by: NGustavo A. R. Silva <gustavo@embeddedor.com>
Acked-by: NHans Verkuil <hverkuil@xs4all.nl>
Acked-by: NHans de Goede <j.w.r.degoede@gmail.com>
Acked-by: NHarry Wentland <harry.wentland@amd.com>
Acked-by: NHeiko Stuebner <heiko@sntech.de>
Acked-by: NIngo Molnar <mingo@kernel.org>
Acked-by: NJaegeuk Kim <jaegeuk@kernel.org>
Acked-by: NJames Smart <james.smart@broadcom.com>
Acked-by: NJames Smart <jsmart2021@gmail.com>
Acked-by: NJan Kara <jack@ucw.cz>
Acked-by: NJani Nikula <jani.nikula@intel.com>
Acked-by: NJason A. Donenfeld <Jason@zx2c4.com>
Acked-by: NJeff Kirsher <jeffrey.t.kirsher@intel.com>
Acked-by: NJens Axboe <axboe@kernel.dk>
Acked-by: NJessica Yu <jeyu@kernel.org>
Acked-by: NJia-Ju Bai <baijiaju1990@gmail.com>
Acked-by: NJiri Kosina <jikos@kernel.org>
Acked-by: NJiri Olsa <jolsa@redhat.com>
Acked-by: NJoerg Roedel <joro@8bytes.org>
Acked-by: NJohan Hovold <johan@kernel.org>
Acked-by: NJohannes Thumshirn <jth@kernel.org>
Acked-by: NJonathan Corbet <corbet@lwn.net>
Acked-by: NJulia Lawall <julia.lawall@lip6.fr>
Acked-by: NKees Cook <keescook@chromium.org>
Acked-by: NKirill Tkhai <ktkhai@virtuozzo.com>
Acked-by: NKuninori Morimoto <kuninori.morimoto.gx@renesas.com>
Acked-by: NLaurent Pinchart <laurent.pinchart@ideasonboard.com>
Acked-by: NLina Iyer <ilina@codeaurora.org>
Acked-by: NLinus Torvalds <torvalds@linux-foundation.org>
Acked-by: NLinus Walleij <linus.walleij@linaro.org>
Acked-by: NMark Brown <broonie@kernel.org>
Acked-by: NMasahiro Yamada <yamada.masahiro@socionext.com>
Acked-by: NMasami Hiramatsu <mhiramat@kernel.org>
Acked-by: NMathieu Desnoyers <mathieu.desnoyers@efficios.com>
Acked-by: NMatias Bjørling <mb@lightnvm.io>
Acked-by: NMauro Carvalho Chehab <mchehab@kernel.org>
Acked-by: NMaxime Ripard <maxime.ripard@bootlin.com>
Acked-by: NMichael Ellerman <mpe@ellerman.id.au>
Acked-by: NMike Rapoport <rppt@linux.ibm.com>
Acked-by: NMimi Zohar <zohar@linux.ibm.com>
Acked-by: NMiquel Raynal <miquel.raynal@bootlin.com>
Acked-by: NMishi Choudhary <mishi@linux.com>
Acked-by: NNikolay Borisov <n.borisov.lkml@gmail.com>
Acked-by: NOded Gabbay <oded.gabbay@gmail.com>
Acked-by: NPalmer Dabbelt <palmer@dabbelt.com>
Acked-by: NPaul E. McKenney <paulmck@linux.ibm.com>
Acked-by: NPeter Zijlstra <peterz@infradead.org>
Acked-by: NRafael J. Wysocki <rafael@kernel.org>
Acked-by: NRichard Weinberger <richard@nod.at>
Acked-by: NRik van Riel <riel@surriel.com>
Acked-by: NRob Clark <robdclark@gmail.com>
Acked-by: NRob Herring <robh@kernel.org>
Acked-by: NRodrigo Vivi <rodrigo.vivi@intel.com>
Acked-by: NSean Paul <sean@poorly.run>
Acked-by: NSebastian Andrzej Siewior <bigeasy@linutronix.de>
Acked-by: NSebastian Reichel <sre@kernel.org>
Acked-by: NSergio Paracuellos <sergio.paracuellos@gmail.com>
Acked-by: NShawn Guo <shawnguo@kernel.org>
Acked-by: NShuah Khan <shuah@kernel.org>
Acked-by: NSimon Horman <horms@verge.net.au>
Acked-by: NSrinivas Kandagatla <srinivas.kandagatla@linaro.org>
Acked-by: NStephen Hemminger <stephen@networkplumber.org>
Acked-by: NTakashi Iwai <tiwai@kernel.org>
Acked-by: NTejun Heo <tj@kernel.org>
Acked-by: NTheodore Ts'o <tytso@mit.edu>
Acked-by: NThierry Reding <thierry.reding@gmail.com>
Acked-by: NTodd Poynor <toddpoynor@google.com>
Acked-by: NViresh Kumar <viresh.kumar@linaro.org>
Acked-by: NWei Yongjun <weiyongjun1@huawei.com>
Acked-by: NYueHaibing <yuehaibing@huawei.com>
Reviewed-by: NSteven Rostedt <rostedt@goodmis.org>
Signed-off-by: NThomas Gleixner <tglx@linutronix.de>
Signed-off-by: NOlof Johansson <olof@lixom.net>
Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>

As it was originally worded, this paragraph requires maintainers to
enforce the code of conduct, or face potential repercussions.  It sends
the wrong message, when really we just want maintainers to be part of
the solution and not violate the code of conduct themselves.

Removing it doesn't limit our ability to enforce the code of conduct,
and we can still encourage maintainers to help maintain high standards
for the level of discourse in their subsystem.
Signed-off-by: NChris Mason <clm@fb.com>
Acked-by: NAlex Deucher <alexander.deucher@amd.com>
Acked-by: NAmir Goldstein <amir73il@gmail.com>
Acked-by: NAndrew Morton <akpm@linux-foundation.org>
Acked-by: NAnna-Maria Gleixner <anna-maria@linutronix.de>
Acked-by: NArd Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: NBenjamin Herrenschmidt <benh@kernel.crashing.org>
Acked-by: NBoris Brezillon <boris.brezillon@bootlin.com>
Acked-by: NBorislav Petkov <bp@kernel.org>
Acked-by: NChristian Lütke-Stetzkamp <christian@lkamp.de>
Acked-by: NChristoph Hellwig <hch@lst.de>
Acked-by: NColin Ian King <colin.king@canonical.com>
Acked-by: NDan Carpenter <dan.carpenter@oracle.com>
Acked-by: NDan Williams <dan.j.williams@intel.com>
Acked-by: NDaniel Borkmann <daniel@iogearbox.net>
Acked-by: NDave Airlie <airlied@redhat.com>
Acked-by: NDave Hansen <dave.hansen@linux.intel.com>
Acked-by: NDavid Ahern <dsa@cumulusnetworks.com>
Acked-by: NDavid Sterba <kdave@kernel.org>
Acked-by: NDmitry Torokhov <dmitry.torokhov@gmail.com>
Acked-by: NDominik Brodowski <linux@dominikbrodowski.de>
Acked-by: NEric Dumazet <eric.dumazet@gmail.com>
Acked-by: NFelipe Balbi <balbi@kernel.org>
Acked-by: NFelix Kuehling <Felix.Kuehling@amd.com>
Acked-by: NFlorian Fainelli <f.fainelli@gmail.com>
Acked-by: NFlorian Westphal <fw@strlen.de>
Acked-by: NGeert Uytterhoeven <geert@linux-m68k.org>
Acked-by: NGrant Likely <grant.likely@secretlab.ca>
Acked-by: NGregory CLEMENT <gregory.clement@bootlin.com>
Acked-by: NGuenter Roeck <linux@roeck-us.net>
Acked-by: NGustavo A. R. Silva <gustavo@embeddedor.com>
Acked-by: NHans Verkuil <hverkuil@xs4all.nl>
Acked-by: NHans de Goede <j.w.r.degoede@gmail.com>
Acked-by: NHarry Wentland <harry.wentland@amd.com>
Acked-by: NHeiko Stuebner <heiko@sntech.de>
Acked-by: NIngo Molnar <mingo@kernel.org>
Acked-by: NJaegeuk Kim <jaegeuk@kernel.org>
Acked-by: NJames Smart <james.smart@broadcom.com>
Acked-by: NJames Smart <jsmart2021@gmail.com>
Acked-by: NJan Kara <jack@ucw.cz>
Acked-by: NJason A. Donenfeld <Jason@zx2c4.com>
Acked-by: NJeff Kirsher <jeffrey.t.kirsher@intel.com>
Acked-by: NJens Axboe <axboe@kernel.dk>
Acked-by: NJessica Yu <jeyu@kernel.org>
Acked-by: NJia-Ju Bai <baijiaju1990@gmail.com>
Acked-by: NJiri Kosina <jikos@kernel.org>
Acked-by: NJiri Olsa <jolsa@redhat.com>
Acked-by: NJoerg Roedel <joro@8bytes.org>
Acked-by: NJohan Hovold <johan@kernel.org>
Acked-by: NJohannes Thumshirn <jth@kernel.org>
Acked-by: NJonathan Corbet <corbet@lwn.net>
Acked-by: NJulia Lawall <julia.lawall@lip6.fr>
Acked-by: NKees Cook <keescook@chromium.org>
Acked-by: NKirill Tkhai <ktkhai@virtuozzo.com>
Acked-by: NKuninori Morimoto <kuninori.morimoto.gx@renesas.com>
Acked-by: NLaurent Pinchart <laurent.pinchart@ideasonboard.com>
Acked-by: NLina Iyer <ilina@codeaurora.org>
Acked-by: NLinus Torvalds <torvalds@linux-foundation.org>
Acked-by: NLinus Walleij <linus.walleij@linaro.org>
Acked-by: NMark Brown <broonie@kernel.org>
Acked-by: NMasahiro Yamada <yamada.masahiro@socionext.com>
Acked-by: NMasami Hiramatsu <mhiramat@kernel.org>
Acked-by: NMathieu Desnoyers <mathieu.desnoyers@efficios.com>
Acked-by: NMatias Bjørling <mb@lightnvm.io>
Acked-by: NMaxime Ripard <maxime.ripard@bootlin.com>
Acked-by: NMichael Ellerman <mpe@ellerman.id.au>
Acked-by: NMike Rapoport <rppt@linux.ibm.com>
Acked-by: NMimi Zohar <zohar@linux.ibm.com>
Acked-by: NMiquel Raynal <miquel.raynal@bootlin.com>
Acked-by: NNikolay Borisov <n.borisov.lkml@gmail.com>
Acked-by: NOded Gabbay <oded.gabbay@gmail.com>
Acked-by: NOlof Johansson <olof@lixom.net>
Acked-by: NPalmer Dabbelt <palmer@dabbelt.com>
Acked-by: NPaul E. McKenney <paulmck@linux.ibm.com>
Acked-by: NPeter Zijlstra <peterz@infradead.org>
Acked-by: NRafael J. Wysocki <rafael@kernel.org>
Acked-by: NRichard Weinberger <richard@nod.at>
Acked-by: NRik van Riel <riel@surriel.com>
Acked-by: NRob Clark <robdclark@gmail.com>
Acked-by: NRob Herring <robh@kernel.org>
Acked-by: NRodrigo Vivi <rodrigo.vivi@intel.com>
Acked-by: NSebastian Andrzej Siewior <bigeasy@linutronix.de>
Acked-by: NSebastian Reichel <sre@kernel.org>
Acked-by: NSergio Paracuellos <sergio.paracuellos@gmail.com>
Acked-by: NShawn Guo <shawnguo@kernel.org>
Acked-by: NShuah Khan <shuah@kernel.org>
Acked-by: NSimon Horman <horms@verge.net.au>
Acked-by: NSrinivas Kandagatla <srinivas.kandagatla@linaro.org>
Acked-by: NStephen Hemminger <stephen@networkplumber.org>
Acked-by: NTakashi Iwai <tiwai@kernel.org>
Acked-by: NTejun Heo <tj@kernel.org>
Acked-by: NTheodore Ts'o <tytso@mit.edu>
Acked-by: NThierry Reding <thierry.reding@gmail.com>
Acked-by: NThomas Gleixner <tglx@linutronix.de>
Acked-by: NTim Bird <tim.bird@sony.com>
Acked-by: NTodd Poynor <toddpoynor@google.com>
Acked-by: NTrond Myklebust <trond.myklebust@hammerspace.com>
Acked-by: NViresh Kumar <viresh.kumar@linaro.org>
Acked-by: NWei Yongjun <weiyongjun1@huawei.com>
Acked-by: NYueHaibing <yuehaibing@huawei.com>
Reviewed-by: NMauro Carvalho Chehab <mchehab@kernel.org>
Reviewed-by: NSteven Rostedt <rostedt@goodmis.org>
Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>

Wolfram writes:
  "i2c for 4.19

   Another driver bugfix and MAINTAINERS addition from I2C."

* 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
  i2c: rcar: cleanup DMA for all kinds of failure
  MAINTAINERS: Add entry for Broadcom STB I2C controller

David writes:
  "Networking:

   A few straggler bug fixes:

   1) Fix indexing of multi-pass dumps of ipv6 addresses, from David
      Ahern.

   2) Revert RCU locking change for bonding netpoll, causes worse
      problems than it solves.

   3) pskb_trim_rcsum_slow() doesn't handle odd trim offsets, resulting
      in erroneous bad hw checksum triggers with CHECKSUM_COMPLETE
      devices.  From Dimitris Michailidis.

   4) a revert to some neighbour code changes that adjust notifications
      in a way that confuses some apps."

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net:
  Revert "neighbour: force neigh_invalidate when NUD_FAILED update is from admin"
  net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs
  net: fix pskb_trim_rcsum_slow() with odd trim offset
  Revert "bond: take rcu lock in netpoll_send_skb_on_dev"

This reverts commit 8e326289.

This patch results in unnecessary netlink notification when one
tries to delete a neigh entry already in NUD_FAILED state. Found
this with a buggy app that tries to delete a NUD_FAILED entry
repeatedly. While the notification issue can be fixed with more
checks, adding more complexity here seems unnecessary. Also,
recent tests with other changes in the neighbour code have
shown that the INCOMPLETE and PROBE checks are good enough for
the original issue.
Signed-off-by: NRoopa Prabhu <roopa@cumulusnetworks.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

The loop wants to skip previously dumped addresses, so loops until
current index >= saved index. If the message fills it wants to save
the index for the next address to dump - ie., the one that did not
fit in the current message.

Currently, it is incrementing the index counter before comparing to the
saved index, and then the saved index is off by 1 - it assumes the
current address is going to fit in the message.

Change the index handling to increment only after a succesful dump.

Fixes: 502a2ffd ("ipv6: convert idev_list to list macros")
Signed-off-by: NDavid Ahern <dsahern@gmail.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

DMA needs to be cleaned up not only on timeout, but on all errors where
it has been setup before.

Fixes: 73e8b052 ("i2c: rcar: add DMA support")
Signed-off-by: NWolfram Sang <wsa+renesas@sang-engineering.com>
Signed-off-by: NWolfram Sang <wsa@the-dreams.de>

Add an entry for the Broadcom STB I2C controller in the MAINTAINERS file.
Signed-off-by: NKamal Dasu <kdasu.kdev@gmail.com>
Acked-by: NFlorian Fainelli <f.fainelli@gmail.com>
[wsa: fixed sorting and a whitespace error]
Signed-off-by: NWolfram Sang <wsa@the-dreams.de>

Ingo writes:
  "x86 fixes:

   It's 4 misc fixes, 3 build warning fixes and 3 comment fixes.

   In hindsight I'd have left out the 3 comment fixes to make the pull
   request look less scary at such a late point in the cycle. :-/"

* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86/swiotlb: Enable swiotlb for > 4GiG RAM on 32-bit kernels
  x86/fpu: Fix i486 + no387 boot crash by only saving FPU registers on context switch if there is an FPU
  x86/fpu: Remove second definition of fpu in __fpu__restore_sig()
  x86/entry/64: Further improve paranoid_entry comments
  x86/entry/32: Clear the CS high bits
  x86/boot: Add -Wno-pointer-sign to KBUILD_CFLAGS
  x86/time: Correct the attribute on jiffies' definition
  x86/entry: Add some paranoid entry/exit CR3 handling comments
  x86/percpu: Fix this_cpu_read()
  x86/tsc: Force inlining of cyc2ns bits

Ingo writes:
  "scheduler fixes:

   Two fixes: a CFS-throttling bug fix, and an interactivity fix."

* 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  sched/fair: Fix the min_vruntime update logic in dequeue_entity()
  sched/fair: Fix throttle_list starvation with low CFS quota

Ingo writes:
  "perf fixes:

   Misc perf tooling fixes."

* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  perf tools: Stop fallbacking to kallsyms for vdso symbols lookup
  perf tools: Pass build flags to traceevent build
  perf report: Don't crash on invalid inline debug information
  perf cpu_map: Align cpu map synthesized events properly.
  perf tools: Fix tracing_path_mount proper path
  perf tools: Fix use of alternatives to find JDIR
  perf evsel: Store ids for events with their own cpus perf_event__synthesize_event_update_cpus
  perf vendor events intel: Fix wrong filter_band* values for uncore events
  Revert "perf tools: Fix PMU term format max value calculation"
  tools headers uapi: Sync kvm.h copy
  tools arch uapi: Sync the x86 kvm.h copy

We've been getting checksum errors involving small UDP packets, usually
59B packets with 1 extra non-zero padding byte. netdev_rx_csum_fault()
has been complaining that HW is providing bad checksums. Turns out the
problem is in pskb_trim_rcsum_slow(), introduced in commit 88078d98
("net: pskb_trim_rcsum() and CHECKSUM_COMPLETE are friends").

The source of the problem is that when the bytes we are trimming start
at an odd address, as in the case of the 1 padding byte above,
skb_checksum() returns a byte-swapped value. We cannot just combine this
with skb->csum using csum_sub(). We need to use csum_block_sub() here
that takes into account the parity of the start address and handles the
swapping.

Matches existing code in __skb_postpull_rcsum() and esp_remove_trailer().

Fixes: 88078d98 ("net: pskb_trim_rcsum() and CHECKSUM_COMPLETE are friends")
Signed-off-by: NDimitris Michailidis <dmichail@google.com>
Reviewed-by: NEric Dumazet <edumazet@google.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Dave writes:
  "drm fixes for 4.19 final (part 2)

   Looked like two stragglers snuck in, one very urgent the pageflipping
   was missing a reference that could result in a GPF on non-i915
   drivers, the other is an overflow in the sun4i dotclock calcs
   resulting in a mode not getting set."

* tag 'drm-fixes-2018-10-20-1' of git://anongit.freedesktop.org/drm/drm:
  drm/sun4i: Fix an ulong overflow in the dotclock driver
  drm: Get ref on CRTC commit object when waiting for flip_done

Steven writes:
  "tracing: A few small fixes to synthetic events

   Masami found some issues with the creation of synthetic events.  The
   first two patches fix handling of unsigned type, and handling of a
   space before an ending semi-colon.

   The third patch adds a selftest to test the processing of synthetic
   events."

* tag 'trace-v4.19-rc8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
  selftests: ftrace: Add synthetic event syntax testcase
  tracing: Fix synthetic event to allow semicolon at end
  tracing: Fix synthetic event to accept unsigned modifier

Dmitry writes:
  "Input updates for 4.19-rc8

   Just an addition to elan touchpad driver ACPI table."

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
  Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM

Second pull request for v4.19:
- Fix ulong overflow in sun4i
- Fix a serious GPF in waiting for flip_done from commit_tail().
Signed-off-by: NDave Airlie <airlied@redhat.com>

From: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/97d1ed42-1d99-fcc5-291e-cd1dc29a4252@linux.intel.com

Add a testcase to check the syntax and field types for
synthetic_events interface.

Link: http://lkml.kernel.org/r/153986838264.18251.16627517536956299922.stgit@devboxAcked-by: NShuah Khan <shuah@kernel.org>
Signed-off-by: NMasami Hiramatsu <mhiramat@kernel.org>
Signed-off-by: NSteven Rostedt (VMware) <rostedt@goodmis.org>

Fix synthetic event to allow independent semicolon at end.

The synthetic_events interface accepts a semicolon after the
last word if there is no space.

 # echo "myevent u64 var;" >> synthetic_events

But if there is a space, it returns an error.

 # echo "myevent u64 var ;" > synthetic_events
 sh: write error: Invalid argument

This behavior is difficult for users to understand. Let's
allow the last independent semicolon too.

Link: http://lkml.kernel.org/r/153986835420.18251.2191216690677025744.stgit@devbox

Cc: Shuah Khan <shuah@kernel.org>
Cc: Tom Zanussi <tom.zanussi@linux.intel.com>
Cc: stable@vger.kernel.org
Fixes: commit 4b147936 ("tracing: Add support for 'synthetic' events")
Signed-off-by: NMasami Hiramatsu <mhiramat@kernel.org>
Signed-off-by: NSteven Rostedt (VMware) <rostedt@goodmis.org>

Fix synthetic event to accept unsigned modifier for its field type
correctly.

Currently, synthetic_events interface returns error for "unsigned"
modifiers as below;

 # echo "myevent unsigned long var" >> synthetic_events
 sh: write error: Invalid argument

This is because argv_split() breaks "unsigned long" into "unsigned"
and "long", but parse_synth_field() doesn't expected it.

With this fix, synthetic_events can handle the "unsigned long"
correctly like as below;

 # echo "myevent unsigned long var" >> synthetic_events
 # cat synthetic_events
 myevent	unsigned long var

Link: http://lkml.kernel.org/r/153986832571.18251.8448135724590496531.stgit@devbox

Cc: Shuah Khan <shuah@kernel.org>
Cc: Tom Zanussi <tom.zanussi@linux.intel.com>
Cc: stable@vger.kernel.org
Fixes: commit 4b147936 ("tracing: Add support for 'synthetic' events")
Signed-off-by: NMasami Hiramatsu <mhiramat@kernel.org>
Signed-off-by: NSteven Rostedt (VMware) <rostedt@goodmis.org>

This reverts commit 6fe94878.

It is causing more serious regressions than the RCU warning
it is fixing.
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

I wrote:
  "USB fixes for 4.19-final

   Here are a small number of last-minute USB driver fixes

   Included here are:
     - spectre fix for usb storage gadgets
     - xhci fixes
     - cdc-acm fixes
     - usbip fixes for reported problems

   All of these have been in linux-next with no reported issues."

* tag 'usb-4.19-final' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
  usb: gadget: storage: Fix Spectre v1 vulnerability
  USB: fix the usbfs flag sanitization for control transfers
  usb: xhci: pci: Enable Intel USB role mux on Apollo Lake platforms
  usb: roles: intel_xhci: Fix Unbalanced pm_runtime_enable
  cdc-acm: correct counting of UART states in serial state notification
  cdc-acm: do not reset notification buffer index upon urb unlinking
  cdc-acm: fix race between reset and control messaging
  usb: usbip: Fix BUG: KASAN: slab-out-of-bounds in vhci_hub_control()
  selftests: usbip: add wait after attach and before checking port status

Jens writes:
  "Block fixes for 4.19-final

   Two small fixes that should go into this release."

* tag 'for-linus-20181019' of git://git.kernel.dk/linux-block:
  block: don't deal with discard limit in blkdev_issue_discard()
  nvme: remove ns sibling before clearing path

The calculated ideal rate can easily overflow an unsigned long, thus
making the best div selection buggy as soon as no ideal match is found
before the overflow occurs.

Fixes: 4731a72d ("drm/sun4i: request exact rates to our parents")
Cc: <stable@vger.kernel.org>
Signed-off-by: NBoris Brezillon <boris.brezillon@bootlin.com>
Acked-by: NMaxime Ripard <maxime.ripard@bootlin.com>
Signed-off-by: NMaxime Ripard <maxime.ripard@bootlin.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20181018100250.12565-1-boris.brezillon@bootlin.com

David writes:
  "Networking

   1) Fix gro_cells leak in xfrm layer, from Li RongQing.

   2) BPF selftests change RLIMIT_MEMLOCK blindly, don't do that.  From
      Eric Dumazet.

   3) AF_XDP calls synchronize_net() under RCU lock, fix from Björn
      Töpel.

   4) Out of bounds packet access in _decode_session6(), from Alexei
      Starovoitov.

   5) Several ethtool bugs, where we copy a struct into the kernel twice
      and our validations of the values in the first copy can be
      invalidated by the second copy due to asynchronous updates to the
      memory by the user.  From Wenwen Wang.

   6) Missing netlink attribute validation in cls_api, from Davide
      Caratti.

   7) LLC SAP sockets neet to be SOCK_RCU FREE, from Cong Wang.

   8) rxrpc operates on wrong kvec, from Yue Haibing.

   9) A regression was introduced by the disassosciation of route
      neighbour references in rt6_probe(), causing probe for
      neighbourless routes to not be properly rate limited.  Fix from
      Sabrina Dubroca.

   10) Unsafe RCU locking in tipc, from Tung Nguyen.

   11) Use after free in inet6_mc_check(), from Eric Dumazet.

   12) PMTU from icmp packets should update the SCTP transport pathmtu,
       from Xin Long.

   13) Missing peer put on error in rxrpc, from David Howells.

   14) Fix pedit in nfp driver, from Pieter Jansen van Vuuren.

   15) Fix overflowing shift statement in qla3xxx driver, from Nathan
       Chancellor.

   16) Fix Spectre v1 in ptp code, from Gustavo A. R. Silva.

   17) udp6_unicast_rcv_skb() interprets udpv6_queue_rcv_skb() return
       value in an inverted manner, fix from Paolo Abeni.

   18) Fix missed unresolved entries in ipmr dumps, from Nikolay
       Aleksandrov.

   19) Fix NAPI handling under high load, we can completely miss events
       when NAPI has to loop more than one time in a cycle.  From Heiner
       Kallweit."

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (49 commits)
  ip6_tunnel: Fix encapsulation layout
  tipc: fix info leak from kernel tipc_event
  net: socket: fix a missing-check bug
  net: sched: Fix for duplicate class dump
  r8169: fix NAPI handling under high load
  net: ipmr: fix unresolved entry dumps
  net: mscc: ocelot: Fix comment in ocelot_vlant_wait_for_completion()
  sctp: fix the data size calculation in sctp_data_size
  virtio_net: avoid using netif_tx_disable() for serializing tx routine
  udp6: fix encap return code for resubmitting
  mlxsw: core: Fix use-after-free when flashing firmware during init
  sctp: not free the new asoc when sctp_wait_for_connect returns err
  sctp: fix race on sctp_id2asoc
  r8169: re-enable MSI-X on RTL8168g
  net: bpfilter: use get_pid_task instead of pid_task
  ptp: fix Spectre v1 vulnerability
  net: qla3xxx: Remove overflowing shift statement
  geneve, vxlan: Don't set exceptions if skb->len < mtu
  geneve, vxlan: Don't check skb_dst() twice
  sctp: get pr_assoc and pr_stream all status with SCTP_PR_SCTP_ALL instead
  ...

David writes:
  "Sparc fixes:

   The main bit here is fixing how fallback system calls are handled in
   the sparc vDSO.

   Unfortunately, I fat fingered the commit and some perf debugging
   hacks slipped into the vDSO fix, which I revert in the very next
   commit."

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc:
  sparc: Revert unintended perf changes.
  sparc: vDSO: Silence an uninitialized variable warning
  sparc: Fix syscall fallback bugs in VDSO.

Dave writes:
  "drm fixes for 4.19 final

   Just a last set of misc core fixes for final.

   4 fixes, one use after free, one fb integration fix, one EDID fix,
   and one laptop panel quirk,"

* tag 'drm-fixes-2018-10-19' of git://anongit.freedesktop.org/drm/drm:
  drm/edid: VSDB yCBCr420 Deep Color mode bit definitions
  drm: fix use of freed memory in drm_mode_setcrtc
  drm: fb-helper: Reject all pixel format changing requests
  drm/edid: Add 6 bpc quirk for BOE panel in HP Pavilion 15-n233sl