Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless into for-davem

Check the return value of request_module during dccp_probe initialisation,
bail out if that call fails.
Signed-off-by: NGerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: NWang Weidong <wangweidong1@huawei.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Jeff Kirsher says:

====================
Intel Wired LAN Driver Updates

This series contains updates to net, ixgbe and e1000e.

David provides compiler fixes for e1000e.

Don provides a fix for ixgbe to resolve a compile warning.

John provides a fix to net where it is useful to be able to walk all
upper devices when bringing a device online where the RTNL lock is held.
In this case, it is safe to walk the all_adj_list because the RTNL lock is
used to protect the write side as well.  This patch adds a check to see
if the RTNL lock is held before throwing a warning in
netdev_all_upper_get_next_dev_rcu().
====================
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

This version corrects the whitespace issue.

orion_mdio_wait_ready uses wait_event_timeout to wait for the
SMI interrupt to fire.  wait_event_timeout waits for between
"timeout - 1" and "timeout" jiffies.  In this case a 1ms timeout
when HZ is 1000 results in a wait of 0 to 1 jiffies, causing
premature timeouts.

This fix ensures a minimum timeout of 2 jiffies, ensuring
wait_event_timeout will always wait at least 1 jiffie.

Issue reported by Nicolas Schichan.
Tested-by: NNicolas Schichan <nschichan@freebox.fr>
Signed-off-by: NLeigh Brown <leigh@solinno.co.uk>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

The function atl1c_reset_pcie() does not check the return from
pci_find_ext_cabability() where it is getting the postion of the
PCI_EXT_CAP_ID_ERR. It is possible for the return to be 0.
Signed-off-by: NBetty Dall <betty.dall@hp.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

ip6_rt_copy only sets dst.from if ort has flag RTF_ADDRCONF and RTF_DEFAULT.
but the prefix routes which did get installed by hand locally can have an
expiration, and no any flag combination which can ensure a potential from
does never expire, so we should always set the new created dst's from.

This also fixes the new created dst is always expired since the ort, which
is created by RA, maybe has RTF_EXPIRES and RTF_ADDRCONF, but no RTF_DEFAULT.
Suggested-by: NHannes Frederic Sowa <hannes@stressinduktion.org>
CC: Gao feng <gaofeng@cn.fujitsu.com>
Signed-off-by: NLi RongQing <roy.qing.li@gmail.com>
Acked-by: NHannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

skb_tx_timestamp(skb) should be called _before_ TX completion
has a chance to trigger, otherwise it is too late and we access
freed memory.
Signed-off-by: NEric Dumazet <edumazet@google.com>
Fixes: de5fb0a0 ("net: fec: put tx to napi poll function to fix dead lock")
Cc: Frank Li <Frank.Li@freescale.com>
Cc: Richard Cochran <richardcochran@gmail.com>
Acked-by: NRichard Cochran <richardcochran@gmail.com>
Acked-by: NFrank Li <Frank.Li@freescale.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

"valid ME register value" is not an error. It should be logged for
debugging only.
Signed-off-by: NMichal Schmidt <mschmidt@redhat.com>
Acked-by: NYuval Mintz <yuvalmin@broadcom.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

The yam_ioctl() code fails to initialise the cmd field
of the struct yamdrv_ioctl_cfg. Add an explicit memset(0)
before filling the structure to avoid the 4-byte info leak.
Signed-off-by: NSalva Peiró <speiro@ai2.upv.es>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

The local variable 'bi' comes from userspace. If userspace passed a
large number to 'bi.data.calibrate', there would be an integer overflow
in the following line:
	s->hdlctx.calibrate = bi.data.calibrate * s->par.bitrate / 16;
Signed-off-by: NWenliang Fan <fanwlexca@gmail.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

'err' is overwrited to 0 after maybe_pull_tail() call, so the error
code was not set if skb_partial_csum_set() call failed. Fix to return
error -EPROTO from those error handling case instead of 0.

Fixes: d52eb0d4 ('xen-netback: make sure skb linear area covers checksum field')
Signed-off-by: NWei Yongjun <yongjun_wei@trendmicro.com.cn>
Acked-by: NWei Liu <wei.liu2@citrix.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Jakub reported while working with nlmon netlink sniffer that parts of
the inet_diag_sockid are not initialized when r->idiag_family != AF_INET6.
That is, fields of r->id.idiag_src[1 ... 3], r->id.idiag_dst[1 ... 3].

In fact, it seems that we can leak 6 * sizeof(u32) byte of kernel [slab]
memory through this. At least, in udp_dump_one(), we allocate a skb in ...

  rep = nlmsg_new(sizeof(struct inet_diag_msg) + ..., GFP_KERNEL);

... and then pass that to inet_sk_diag_fill() that puts the whole struct
inet_diag_msg into the skb, where we only fill out r->id.idiag_src[0],
r->id.idiag_dst[0] and leave the rest untouched:

  r->id.idiag_src[0] = inet->inet_rcv_saddr;
  r->id.idiag_dst[0] = inet->inet_daddr;

struct inet_diag_msg embeds struct inet_diag_sockid that is correctly /
fully filled out in IPv6 case, but for IPv4 not.

So just zero them out by using plain memset (for this little amount of
bytes it's probably not worth the extra check for idiag_family == AF_INET).

Similarly, fix also other places where we fill that out.
Reported-by: NJakub Zawadzki <darkjames-ws@darkjames.pl>
Signed-off-by: NDaniel Borkmann <dborkman@redhat.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

While testing my changes for TSO support in SIT devices,
I was using sit0 tunnel which appears to include nopmtudisc flag.

But using :

ip tun add sittun mode sit remote $REMOTE_IPV4 local $LOCAL_IPV4 \
   dev $IFACE

We get a tunnel which rejects too long packets because of the mtu check
which is not yet GSO aware.

erd:~# ip tunnel
sittun: ipv6/ip  remote 10.246.17.84  local 10.246.17.83  ttl inherit  6rd-prefix 2002::/16
sit0: ipv6/ip  remote any  local any  ttl 64  nopmtudisc 6rd-prefix 2002::/16

This patch is based on an excellent report from
Michal Shmidt.

In the future, we probably want to extend the MTU check to do the
right thing for GSO packets...

Fixes: ("61c1db7f ipv6: sit: add GSO/TSO support")
Reported-by: NMichal Schmidt <mschmidt@redhat.com>
Signed-off-by: NEric Dumazet <edumazet@google.com>
Tested-by: NMichal Schmidt <mschmidt@redhat.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Sockets marked with IPV6_PMTUDISC_PROBE (or later IPV6_PMTUDISC_INTERFACE)
don't respect this setting when the outgoing interface supports UFO.

We had the same problem in IPv4, which was fixed in commit
daba287b ("ipv4: fix DO and PROBE pmtu
mode regarding local fragmentation with UFO/CORK").

Also IPV6_DONTFRAG mode did not care about already corked data, thus
it may generate a fragmented frame even if this socket option was
specified. It also did not care about the length of the ipv6 header and
possible options.

In the error path allow the user to receive the pmtu notifications via
both, rxpmtu method or error queue. The user may opted in for both,
so deliver the notification to both error handlers (the handlers check
if the error needs to be enqueued).

Also report back consistent pmtu values when sending on an already
cork-appended socket.
Signed-off-by: NHannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Certain dm962x revisions contain an bug, where if a USB bulk transfer retry
(E.G. if bulk crc mismatch) happens right after a transfer with odd or
maxpacket length, the internal tx hardware fifo gets out of sync causing
the interface to stop working.

Work around it by adding up to 3 bytes of padding to ensure this situation
cannot trigger.

This workaround also means we never pass multiple-of-maxpacket size skb's
to usbnet, so the length adjustment to handle usbnet's padding of those can
be removed.

Cc: <stable@vger.kernel.org>
Reported-by: NJoseph Chang <joseph_chang@davicom.com.tw>
Signed-off-by: NPeter Korsgaard <peter@korsgaard.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

The driver nowadays also support dm9620/dm9621a based USB 2.0 ethernet
adapters, so adjust module/driver description and Kconfig help text to
match.
Signed-off-by: NPeter Korsgaard <peter@korsgaard.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

dm9620/dm9621a require room for 4 byte padding even in dm9601 (3 byte
header) mode.

Cc: <stable@vger.kernel.org>
Signed-off-by: NPeter Korsgaard <peter@korsgaard.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

dm9621a is functionally identical to dm9620, so the existing handling can
directly be used.

Thanks to Davicom for sending me a dongle.
Signed-off-by: NPeter Korsgaard <peter@korsgaard.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

ipgre_header_parse() needs to parse the tunnel's ip header and it
uses mac_header to locate the iphdr. This got broken when gre tunneling
was refactored as mac_header is no longer updated to point to iphdr.
Introduce skb_pop_mac_header() helper to do the mac_header assignment
and use it in ipgre_rcv() to fix msg_name parsing.

Bug introduced in commit c5441932 (GRE: Refactor GRE tunneling code.)

Cc: Pravin B Shelar <pshelar@nicira.com>
Signed-off-by: NTimo Teräs <timo.teras@iki.fi>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

This patch adds support for enabling In Band mode in 10 mbps speed.
RGMII supports 1 Gig and 100 mbps mode for Forced mode of operation.
For 10mbps mode it should be configured to in band mode so that link
status, duplexity and speed are determined from the RGMII input data
stream
Signed-off-by: NMugunthan V N <mugunthanvnm@ti.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Ding Tianhong says:

====================
Jay Vosburgh said that the bond_3ad_adapter_speed_changed and
bond_3ad_adapter_duplex_changed is called with RTNL only, and
the functions will modify the port's information with no further
locking, they will not mutex against bond state machine and
incoming LACPDU which do not hold RTNL, So I add port lock to
protect the port information.

But they are not critical bugs, they exist since day one, and till
now they have never been hit and reported, because change for speed
and duplex is very rare, and will not occur critical problem.

The comments in the function is very old, cleanup the comments together.
====================
Signed-off-by: NJay Vosburgh <fubar@us.ibm.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

The bond_3ad_handle_link_change is called with RTNL only,
and the function will modify the port's information with
no further locking, it will not mutex against bond state
machine and incoming LACPDU which do not hold RTNL, So I
add __get_state_machine_lock to protect the port.

But it is not a critical bug, it exist since day one, and till
now it has never been hit and reported, because changes to
speed is very rare, and will not occur critical problem.

The comments in the function is very old, cleanup it and
add a new pr_debug to debug the port message.
Signed-off-by: NDing Tianhong <dingtianhong@huawei.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Jay Vosburgh said that the bond_3ad_adapter_duplex_changed is
called with RTNL only, and the function will modify the port's
information with no further locking, it will not mutex against
bond state machine and incoming LACPDU which do not hold RTNL,
So I add __get_state_machine_lock to protect the port.

But it is not a critical bug, it exist since day one, and till
now it has never been hit and reported, because changes to
speed is very rare, and will not occur critical problem.

The comments in the function is very old, cleanup it.
Suggested-by: NJay Vosburgh <fubar@us.ibm.com>
Signed-off-by: NDing Tianhong <dingtianhong@huawei.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Jay Vosburgh said that the bond_3ad_adapter_speed_changed is
called with RTNL only, and the function will modify the port's
information with no further locking, it will not mutex against
bond state machine and incoming LACPDU which do not hold RTNL,
So I add __get_state_machine_lock to protect the port.

But it is not a critical bug, it exist since day one, and till
now it has never been hit and reported, because changes to
speed is very rare, and will not occur critical problem.

The comment in the function is very old, cleanup it.
Suggested-by: NJay Vosburgh <fubar@us.ibm.com>
Signed-off-by: NDing Tianhong <dingtianhong@huawei.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

If CONFIG_PCI_IOV isn't defined we get an "unused variable" warining so
now wrap the variable declaration like it's usage already was.
Signed-off-by: NDon Skidmore <donald.c.skidmore@intel.com>
Acked-by: NJohn Fastabend <john.r.fastabend@intel.com>
Tested-by: NPhil Schmitt <phillip.j.schmitt@intel.com>
Signed-off-by: NJeff Kirsher <jeffrey.t.kirsher@intel.com>

This patch addresses a mis-match between the declaration and usage of
the e1000_suspend and e1000_resume functions.  Previously, these
functions were declared in a CONFIG_PM_SLEEP wrapper, and then utilized
within a CONFIG_PM wrapper.  Both the declaration and usage will now be
contained within CONFIG_PM wrappers.
Signed-off-by: NDave Ertman <davidx.m.ertman@intel.com>
Tested-by: NAaron Brown <aaron.f.brown@intel.com>
Signed-off-by: NJeff Kirsher <jeffrey.t.kirsher@intel.com>

This patch is to fix a compiler warning of maybe-uininitialized-variable
that is generated from gcc when the -O3 flag is used.  In the function
e1000_reset_hw_80003es2lan(), the variable krmn_reg_data is first given
a value by being passed to a register read function as a
pass-by-reference parameter.  But, the return value of that read
function was never checked to see if the read failed and the variable
not given an initial value.  The compiler was smart enough to spot
this.  This patch is to check the return value for that read function
and return it, if an error occurs, without trying to utilize the value
in kmrn_reg_data.
Signed-off-by: NDavid Ertman <davidx.m.ertman@intel.com>
Tested-by: NAaron Brown <aaron.f.brown@intel.com>
Signed-off-by: NJeff Kirsher <jeffrey.t.kirsher@intel.com>

This patch is to fix a compiler warning of __bad_udelay due to a value
of >999 being passed as a parameter to udelay() in the function
e1000e_phy_has_link_generic().  This affects the gcc compiler when
it is given a flag of -O3 and the icc compiler.

This patch is also making the change from mdelay() to msleep() in the
same function, since it was determined though code inspection that this
function is never called in atomic context.
Signed-off-by: NDavid Ertman <davidx.m.ertman@intel.com>
Acked-by: NBruce Allan <bruce.w.allan@intel.com>
Tested-by: NAaron Brown <aaron.f.brown@intel.com>
Signed-off-by: NJeff Kirsher <jeffrey.t.kirsher@intel.com>

It is useful to be able to walk all upper devices when bringing
a device online where the RTNL lock is held. In this case it
is safe to walk the all_adj_list because the RTNL lock is used
to protect the write side as well.

This patch adds a check to see if the rtnl lock is held before
throwing a warning in netdev_all_upper_get_next_dev_rcu().

Also because we now have a call site for lockdep_rtnl_is_held()
outside COFIG_LOCK_PROVING an inline definition returning 1 is
needed. Similar to the rcu_read_lock_is_held().

Fixes: 2a47fa45 ("ixgbe: enable l2 forwarding acceleration for macvlans")
CC: Veaceslav Falico <vfalico@redhat.com>
Reported-by: NYuanhan Liu <yuanhan.liu@linux.intel.com>
Signed-off-by: NJohn Fastabend <john.r.fastabend@intel.com>
Tested-by: NPhil Schmitt <phillip.j.schmitt@intel.com>
Signed-off-by: NJeff Kirsher <jeffrey.t.kirsher@intel.com>

Pull drm fixes from Dave Airlie:
 "Definitely seems quieter this week,

  Radeon, intel, intel broadwell, vmwgfx, ttm, armada, and a couple of
  core fixes, one revert in radeon

  Most of these are either going to stable or fixes for things
  introduced in the merge window"

* 'drm-fixes' of git://people.freedesktop.org/~airlied/linux: (30 commits)
  drm/edid: add quirk for BPC in Samsung NP700G7A-S01PL notebook
  drm/ttm: Fix accesses through vmas with only partial coverage
  drm/nouveau: only runtime suspend by default in optimus configuration
  drm: don't double-free on driver load error
  Revert "drm/radeon: Implement radeon_pci_shutdown"
  drm/radeon: add missing display tiling setup for oland
  drm/radeon: fix typo in cik_copy_dma
  drm/radeon/cik: plug in missing blit callback
  drm/radeon/dpm: Fix hwmon crash
  drm/radeon: Fix sideport problems on certain RS690 boards
  drm/i915: don't update the dri1 breadcrumb with modesetting
  DRM: Armada: prime refcounting bug fix
  DRM: Armada: fix printing of phys_addr_t/dma_addr_t
  DRM: Armada: destroy framebuffer after helper
  DRM: Armada: implement lastclose() for fbhelper
  drm/i915: Repeat eviction search after idling the GPU
  drm/vmwgfx: Add max surface memory param
  drm/i915: Fix use-after-free in do_switch
  drm/i915: fix pm init ordering
  drm/i915: Hold mutex across i915_gem_release
  ...

Pull networking fixes from David Miller:
 "A quick batch of fixes, including the annoying bad lock stack problem
  introduced by udp_sk_rx_dst_set() locking change:

   1) Use xchg() instead of sk_dst_lock() in udp_sk_rx_dst_set(), from
      Eric Dumazet.

   2) qlcnic bug fixes from Himanshu Madhani and Manish Chopra.

   3) Update IPSEC MAINTAINERS entry, from Steffen Klassert.

   4) Administrative neigh entry changes should generate netlink
      notifications the same as event generated ones.  From Bob
      Gilligan.

   5) Netfilter SYNPROXY fixes from Patrick McHardy.

   6) Netfilter nft_reject endianness fixes from Eric Leblond"

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net:
  qlcnic: Dump mailbox registers when mailbox command times out.
  qlcnic: Fix mailbox processing during diagnostic test
  qlcnic: Allow firmware dump collection when auto firmware recovery is disabled
  qlcnic: Fix memory allocation
  qlcnic: Fix TSS/RSS validation for 83xx/84xx series adapter.
  qlcnic: Fix TSS/RSS ring validation logic.
  qlcnic: Fix diagnostic test for all adapters.
  qlcnic: Fix usage of netif_tx_{wake, stop} api during link change.
  xen-netback: fix fragments error handling in checksum_setup_ip()
  neigh: Netlink notification for administrative NUD state change
  ipv4: improve documentation of ip_no_pmtu_disc
  net: unix: allow bind to fail on mutex lock
  MAINTAINERS: Update the IPsec maintainer entry
  udp: ipv4: do not use sk_dst_lock from softirq context
  netvsc: don't flush peers notifying work during setting mtu
  can: peak_usb: fix mem leak in pcan_usb_pro_init()
  can: ems_usb: fix urb leaks on failure paths
  sctp: loading sctp when load sctp_probe
  netfilter: nft_reject: fix endianness in dump function
  netfilter: SYNPROXY target: restrict to INPUT/FORWARD

Marc Kleine-Budde says:

====================
this is a pull request with two fixes for net/master, the current release
cycle.

It consists of a patch by Alexey Khoroshilov from the Linux Driver Verification
project, which fixes a memory leak in ems_usb's failure patch. And a patch by
me which fixes a memory leak in the peak usb driver.
====================
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Himanshu Madhani says:

====================
qlcnic: Bug fixes.

This series contains bug fixes for mailbox handling and multi Tx queue support
for all supported adapters.

changes from v1 -> v2
o updated patch to fix usage of netif_tx_{wake,stop} api during link change
  as per David Miller's suggestion.
o Dropped patch to use spinklock per tx queue for more work.
o Added reworked patch for memory allocation failures.
o Added patch to allow capturing of dump, when auto recovery is disabled in firmware.
o Added patches for mailbox interrupt handling and debugging data for mailbox failure.

Please apply to net.
====================
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Signed-off-by: NManish Chopra <manish.chopra@qlogic.com>
Signed-off-by: NHimanshu Madhani <himanshu.madhani@qlogic.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

o Do not enable mailbox polling in case of legacy interrupt.
  Process mailbox AEN/response from the interrupt.
Signed-off-by: NManish Chopra <manish.chopra@qlogic.com>
Signed-off-by: NHimanshu Madhani <himanshu.madhani@qlogic.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

o Allow driver to collect firmware dump, during a forced firmware dump
  operation, when auto firmware recovery is disabled. Also, during this
  operation, driver should not allow reset recovery to be performed.
Signed-off-by: NManish Chopra <manish.chopra@qlogic.com>
Signed-off-by: NHimanshu Madhani <himanshu.madhani@qlogic.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

o Use vzalloc() instead of kzalloc() for allocation of
  bootloader size memory. kzalloc() may fail to allocate
  the size of bootloader
Signed-off-by: NManish Chopra <manish.chopra@qlogic.com>
Signed-off-by: NHimanshu Madhani <himanshu.madhani@qlogic.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

o Current code was not allowing the user to configure more
  than one Tx ring using ethtool for 83xx/84xx adapter.
  This regression was introduced by commit id
  18afc102 ("qlcnic: Enable
  multiple Tx queue support for 83xx/84xx Series adapter.")
Signed-off-by: NHimanshu Madhani <himanshu.madhani@qlogic.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

o TSS/RSS ring validation does not take into account that either
  of these ring values can be 0. This patch fixes this validation
  and would fail set_channel operation if any of these ring value
  is 0. This regression was added as part of commit id
  34e8c406 ("qlcnic: refactor Tx/SDS
  ring calculation and validation in driver.")
Signed-off-by: NHimanshu Madhani <himanshu.madhani@qlogic.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>