A file descriptor opened for /dev/net/tun and a tun device are
connected with ioctl.  Though understanding the connection is
important for trouble shooting, no way is given to a user to know
the connected device for a given file descriptor at userland.

This patch adds a new fdinfo field for the device name connected to
a file descriptor opened for /dev/net/tun.

Here is an example of the field:

    # lsof | grep tun
    qemu-syst 4565         qemu   25u      CHR             10,200       0t138      12921 /dev/net/tun
    ...

    # cat /proc/4565/fdinfo/25
    pos:	138
    flags:	0104002
    iff:	vnet0

    # ip link show dev vnet0
    8: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 ...

changelog:

    v2: indent iff just like the other fdinfo fields are.
    v3: remove unused variable.
        Both are suggested by David Miller <davem@davemloft.net>.
Signed-off-by: NMasatake YAMATO <yamato@redhat.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Sergei Shtylyov says:

====================
DT: net: davinci_emac: couple more properties actually optional

   Though described as required, couple more properties in the DaVinci EMAC
binding are actually optional, as the driver will happily function without them.
The patchset is against DaveM's 'net.git' tree this time.

[1/2] DT: net: davinci_emac: "ti,davinci-rmii-en" property is actually optional
[2/2] DT: net: davinci_emac: "ti,davinci-no-bd-ram" property is actually optional
====================
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

The "ti,davinci-no-bd-ram" property for the DaVinci EMAC binding simply can't be
required one, as it's boolean (which means it's absent if false).

While at it, document the property better...
Signed-off-by: NSergei Shtylyov <sergei.shtylyov@cogentembedded.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Though described as required, the "ti,davinci-rmii-en" property for the DaVinci
EMAC binding seems actually optional, as the driver should happily work without
it; the property is not specified either  in the example device node or in the
actual EMAC device node for DA850 device tree, only AM3517 one.

While at it, document the property better...
Signed-off-by: NSergei Shtylyov <sergei.shtylyov@cogentembedded.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

When user tried to change generic options using "ethtool -s" command, while SFP
module is plugged out or during module detection, the command would have failed
with "Unsupported port type" message. The fix is to ignore the port option in
case it's same as the current port configuration.
Signed-off-by: NYaniv Rosner <yanivr@broadcom.com>
Signed-off-by: NAriel Elior <ariele@broadcom.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

This patch fixed following Warning while executing "make htmldocs".

Warning(/net/core/skbuff.c:2164): No description found for parameter 'from'
Warning(/net/core/skbuff.c:2164): Excess function parameter 'source'
description in 'skb_zerocopy'
Replace "@source" with "@from" fixed the warning.
Signed-off-by: NMasanari Iida <standby24x7@gmail.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

David Howells says:

====================
RxRPC fixes

Here are some small AF_RXRPC fixes.

 (1) Fix a place where a spinlock is taken conditionally but is released
     unconditionally.

 (2) Fix a double-free that happens when cleaning up on a checksum error.

 (3) Fix handling of CHECKSUM_PARTIAL whilst delivering messages to userspace.
====================
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Sending malformed llc packets triggers this spew, which seems excessive.

WARNING: CPU: 1 PID: 6917 at net/llc/llc_output.c:46 llc_mac_hdr_init+0x85/0x90 [llc]()
device type not supported: 0
CPU: 1 PID: 6917 Comm: trinity-c1 Not tainted 3.13.0+ #95
 0000000000000009 00000000007e257d ffff88009232fbe8 ffffffffac737325
 ffff88009232fc30 ffff88009232fc20 ffffffffac06d28d ffff88020e07f180
 ffff88009232fec0 00000000000000c8 0000000000000000 ffff88009232fe70
Call Trace:
 [<ffffffffac737325>] dump_stack+0x4e/0x7a
 [<ffffffffac06d28d>] warn_slowpath_common+0x7d/0xa0
 [<ffffffffac06d30c>] warn_slowpath_fmt+0x5c/0x80
 [<ffffffffc01736d5>] llc_mac_hdr_init+0x85/0x90 [llc]
 [<ffffffffc0173759>] llc_build_and_send_ui_pkt+0x79/0x90 [llc]
 [<ffffffffc057cdba>] llc_ui_sendmsg+0x23a/0x400 [llc2]
 [<ffffffffac605d8c>] sock_sendmsg+0x9c/0xe0
 [<ffffffffac185a37>] ? might_fault+0x47/0x50
 [<ffffffffac606321>] SYSC_sendto+0x121/0x1c0
 [<ffffffffac011847>] ? syscall_trace_enter+0x207/0x270
 [<ffffffffac6071ce>] SyS_sendto+0xe/0x10
 [<ffffffffac74aaa4>] tracesys+0xdd/0xe2

Until 2009, this was a printk, when it was changed in
bf9ae538: "llc: use dev_hard_header".

Let userland figure out what -EINVAL means by itself.
Signed-off-by: NDave Jones <davej@fedoraproject.org>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Rajesh Borundia says:

====================
qlcnic: bug fixes

The patch series contains following bug fixes

o Bound checks for number of receive descriptors and number of recieve rings.
  Both of these have off-by-one errors.
o Vlan list was getting re-initialized in case of adapter reset.
o Tx queue was timing out because of missing start queue for a corresponding
  netif_tx_disable.
o Loopback test failed because driver was not setting linkup variable
  while handling link events.
====================
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Driver was returning from link event handler without
setting linkup variable
Signed-off-by: NShahed Shaikh <shahed.shaikh@qlogic.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

o __qlcnic_down call's netif_tx_disable which in turn stops
  all the TX queues, corresponding start queue was missing in
  __qlcnic_up which was leading to tx timeout.
o The commit b84caae4
  (qlcnic: Fix usage of netif_tx_{wake, stop} api during link change.)
  exposed this issue.
Signed-off-by: NRajesh Borundia <rajesh.borundia@qlogic.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

o Do not re-initialize vlan list in case of adapter reset.
Signed-off-by: NRajesh Borundia <rajesh.borundia@qlogic.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

o Bound checks should be >= instead of > for number of receive descriptors
  and number of receive rings.
Signed-off-by: NManish Chopra <manish.chopra@qlogic.com>
Signed-off-by: NJitendra Kalsaria <jitendra.kalsaria@qlogic.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

From 038a821667f62c496f2bbae27081b1b612122a97 Mon Sep 17 00:00:00 2001
From: Martin Schwenke <martin@meltin.net>
Date: Tue, 28 Jan 2014 15:16:49 +1100
Subject: [PATCH] net: Document promote_secondaries

This option was added a long time ago...

  commit 8f937c60
  Author: Harald Welte <laforge@gnumonks.org>
  Date:   Sun May 29 20:23:46 2005 -0700

    [IPV4]: Primary and secondary addresses
Signed-off-by: NMartin Schwenke <martin@meltin.net>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

When dealing with icmp messages, the skb->data points the
ip header that triggered the sending of the icmp message.

In gre_cisco_err(), the parse_gre_header() is called, and the
iptunnel_pull_header() is called to pull the skb at the end of
the parse_gre_header(), so the skb->data doesn't point the
inner ip header.

Unfortunately, the ipgre_err still needs those ip addresses in
inner ip header to look up tunnel by ip_tunnel_lookup().

So just use icmp_hdr() to get inner ip header instead of skb->data.
Signed-off-by: NDuan Jiong <duanj.fnst@cn.fujitsu.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Indentation mismatch spotted with Coverity.
Introduced in 4e3b35b0 ("i40e: add DCB and DCBNL support")
Signed-off-by: NDave Jones <davej@fedoraproject.org>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

This patch removes grant transfer releasing code from netfront, and uses
gnttab_end_foreign_access to end grant access since
gnttab_end_foreign_access_ref may fail when the grant entry is
currently used for reading or writing.

* clean up grant transfer code kept from old netfront(2.6.18) which grants
pages for access/map and transfer. But grant transfer is deprecated in current
netfront, so remove corresponding release code for transfer.

* fix resource leak, release grant access (through gnttab_end_foreign_access)
and skb for tx/rx path, use get_page to ensure page is released when grant
access is completed successfully.

Xen-blkfront/xen-tpmfront/xen-pcifront also have similar issue, but patches
for them will be created separately.

V6: Correct subject line and commit message.

V5: Remove unecessary change in xennet_end_access.

V4: Revert put_page in gnttab_end_foreign_access, and keep netfront change in
single patch.

V3: Changes as suggestion from David Vrabel, ensure pages are not freed untill
grant acess is ended.

V2: Improve patch comments.
Signed-off-by: NAnnie Li <annie.li@oracle.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Signed-off-by: NStephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

This will allow us to use bigger receive buffer, and prevent allocation failure
due to fragmented memory.
Signed-off-by: NHaiyang Zhang <haiyangz@microsoft.com>
Reviewed-by: NK. Y. Srinivasan <kys@microsoft.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

There is race condition when call netif_napi_add() after
register_netdevice(), as ->open() can be called without napi initialized
and trigger BUG_ON() on napi_enable(), like on below messages:

[    9.699863] sky2: driver version 1.30
[    9.699960] sky2 0000:02:00.0: Yukon-2 EC Ultra chip revision 2
[    9.700020] sky2 0000:02:00.0: irq 45 for MSI/MSI-X
[    9.700498] ------------[ cut here ]------------
[    9.703391] kernel BUG at include/linux/netdevice.h:501!
[    9.703391] invalid opcode: 0000 [#1] PREEMPT SMP
<snip>
[    9.830018] Call Trace:
[    9.830018]  [<fa996169>] sky2_open+0x309/0x360 [sky2]
[    9.830018]  [<c1007210>] ? via_no_dac+0x40/0x40
[    9.830018]  [<c1007210>] ? via_no_dac+0x40/0x40
[    9.830018]  [<c135ed4b>] __dev_open+0x9b/0x120
[    9.830018]  [<c1431cbe>] ? _raw_spin_unlock_bh+0x1e/0x20
[    9.830018]  [<c135efd9>] __dev_change_flags+0x89/0x150
[    9.830018]  [<c135f148>] dev_change_flags+0x18/0x50
[    9.830018]  [<c13bb8e0>] devinet_ioctl+0x5d0/0x6e0
[    9.830018]  [<c13bcced>] inet_ioctl+0x6d/0xa0

To fix the problem patch changes the order of initialization.

Bug report:
https://bugzilla.kernel.org/show_bug.cgi?id=67151

Reported-and-tested-by: ebrahim.azarisooreh@gmail.com
Signed-off-by: NStanislaw Gruszka <stf_xl@wp.pl>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

I see a memory leak when using a transparent HTTP proxy using TPROXY
together with TCP early demux and Kernel v3.8.13.15 (Ubuntu stable):

unreferenced object 0xffff88008cba4a40 (size 1696):
  comm "softirq", pid 0, jiffies 4294944115 (age 8907.520s)
  hex dump (first 32 bytes):
    0a e0 20 6a 40 04 1b 37 92 be 32 e2 e8 b4 00 00  .. j@..7..2.....
    02 00 07 01 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff810b710a>] kmem_cache_alloc+0xad/0xb9
    [<ffffffff81270185>] sk_prot_alloc+0x29/0xc5
    [<ffffffff812702cf>] sk_clone_lock+0x14/0x283
    [<ffffffff812aaf3a>] inet_csk_clone_lock+0xf/0x7b
    [<ffffffff8129a893>] netlink_broadcast+0x14/0x16
    [<ffffffff812c1573>] tcp_create_openreq_child+0x1b/0x4c3
    [<ffffffff812c033e>] tcp_v4_syn_recv_sock+0x38/0x25d
    [<ffffffff812c13e4>] tcp_check_req+0x25c/0x3d0
    [<ffffffff812bf87a>] tcp_v4_do_rcv+0x287/0x40e
    [<ffffffff812a08a7>] ip_route_input_noref+0x843/0xa55
    [<ffffffff812bfeca>] tcp_v4_rcv+0x4c9/0x725
    [<ffffffff812a26f4>] ip_local_deliver_finish+0xe9/0x154
    [<ffffffff8127a927>] __netif_receive_skb+0x4b2/0x514
    [<ffffffff8127aa77>] process_backlog+0xee/0x1c5
    [<ffffffff8127c949>] net_rx_action+0xa7/0x200
    [<ffffffff81209d86>] add_interrupt_randomness+0x39/0x157

But there are many more, resulting in the machine going OOM after some
days.

From looking at the TPROXY code, and with help from Florian, I see
that the memory leak is introduced in tcp_v4_early_demux():

  void tcp_v4_early_demux(struct sk_buff *skb)
  {
    /* ... */

    iph = ip_hdr(skb);
    th = tcp_hdr(skb);

    if (th->doff < sizeof(struct tcphdr) / 4)
        return;

    sk = __inet_lookup_established(dev_net(skb->dev), &tcp_hashinfo,
                       iph->saddr, th->source,
                       iph->daddr, ntohs(th->dest),
                       skb->skb_iif);
    if (sk) {
        skb->sk = sk;

where the socket is assigned unconditionally to skb->sk, also bumping
the refcnt on it.  This is problematic, because in our case the skb
has already a socket assigned in the TPROXY target.  This then results
in the leak I see.

The very same issue seems to be with IPv6, but haven't tested.
Reviewed-by: NFlorian Westphal <fw@strlen.de>
Signed-off-by: NHolger Eitzenberger <holger@eitzenberger.org>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Veaceslav Falico says:

====================
bonding: fix locking in bond_ab_arp_prob

After the latest patches, on every call of bond_ab_arp_probe() without an
active slave I see the following warning:

[    7.912314] RTNL: assertion failed at net/core/dev.c (4494)
...
[    7.922495]  [<ffffffff817acc6f>] dump_stack+0x51/0x72
[    7.923714]  [<ffffffff8168795e>] netdev_master_upper_dev_get+0x6e/0x70
[    7.924940]  [<ffffffff816a2a66>] rtnl_link_fill+0x116/0x260
[    7.926143]  [<ffffffff817acc6f>] ? dump_stack+0x51/0x72
[    7.927333]  [<ffffffff816a350c>] rtnl_fill_ifinfo+0x95c/0xb90
[    7.928529]  [<ffffffff8167af2b>] ? __kmalloc_reserve+0x3b/0xa0
[    7.929681]  [<ffffffff8167bfcf>] ? __alloc_skb+0x9f/0x1e0
[    7.930827]  [<ffffffff816a3b64>] rtmsg_ifinfo+0x84/0x100
[    7.931960]  [<ffffffffa00bca07>] bond_ab_arp_probe+0x1a7/0x370 [bonding]
[    7.933133]  [<ffffffffa00bcd78>] bond_activebackup_arp_mon+0x1a8/0x2f0 [bonding]
...

It happens because in bond_ab_arp_probe() we change the flags of a slave
without holding the RTNL lock.

To fix this - remove the useless curr_active_lock, RCUify it and lock RTNL
while changing the slave's flags. Also, remove bond_ab_arp_probe() from
under any locks in bond_ab_arp_mon().
====================
Signed-off-by: NVeaceslav Falico <vfalico@redhat.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Currently we're calling it from under RCU context, however we're using some
functions that require rtnl to be held.

Fix this by restructuring the locking - don't call it under any locks,
aquire rcu_read_lock() if we're sending _only_ (i.e. we have the active
slave present), and use rtnl locking otherwise - if we need to modify
(in)active flags of a slave.

CC: Jay Vosburgh <fubar@us.ibm.com>
CC: Andy Gospodarek <andy@greyhouse.net>
Signed-off-by: NVeaceslav Falico <vfalico@redhat.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Currently bond_ab_arp_probe() is always called under rcu_read_lock(),
however to work with curr_active_slave we're still holding the
curr_slave_lock.

To remove that curr_slave_lock - rcu_dereference the bond's
curr_active_slave and use it further - so that we're sure the slave won't
go away, and we don't care if it will change in the meanwhile.

CC: Jay Vosburgh <fubar@us.ibm.com>
CC: Andy Gospodarek <andy@greyhouse.net>
Signed-off-by: NVeaceslav Falico <vfalico@redhat.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Recently I added a new AF_PACKET fanout operation mode in commit
2d36097d, but I forgot to document it.  Add PACKET_FANOUT_QM as an available mode
in the af_packet documentation.  Applies to net-next.
Signed-off-by: NNeil Horman <nhorman@tuxdriver.com>
CC: "David S. Miller" <davem@davemloft.net>
CC: Daniel Borkmann <dborkman@redhat.com>
Acked-by: NDaniel Borkmann <dborkman@redhat.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Submission d9aee591 "bnx2x: Don't release PCI bars on shutdown" separated
the PCI remove and shutdown flows, but pci_disable_device() is still
being called on both.
As a result, a dev_WARN_ONCE will be hit during shutdown for every bnx2x
VF probed on a hypervisor (as its shutdown callback will be called and later
pci_disable_sriov() will call its remove callback).

This calls the pci_disable_device() only on the remove flow.
Signed-off-by: NYuval Mintz <yuvalmin@broadcom.com>
Signed-off-by: NAriel Elior <ariele@broadcom.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

PTR_RET is deprecated. Use PTR_ERR_OR_ZERO instead. While at it
also include missing err.h header.
Signed-off-by: NSachin Kamat <sachin.kamat@linaro.org>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Logging the MAC address on every if-up, is not really useful, and annoying when
there is no cable inserted and NetworkManager tries the ifup every 50 seconds.

Also change the log level from warning to info, as that is what it is.
Signed-off-by: NHans de Goede <hdegoede@redhat.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Logging a PTP error on hw which simply does not support PTP is not very
useful. Moreover this message gets logged on every if-up, and if there is
no cable inserted NetworkManager will re-try the ifup every 50 seconds.
Signed-off-by: NHans de Goede <hdegoede@redhat.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

drivers/net/ethernet/8390/apne.c: In function ‘apne_probe1’:
drivers/net/ethernet/8390/apne.c:215: warning: unused variable ‘ei_local’

Introduced by commit c45f812f ("8390 :
Replace ei_debug with msg_enable/NETIF_MSG_* feature"), which added the
variable without using it.
Signed-off-by: NGeert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

This moves part of Eric Dumazets skb_gso_seglen helper from tbf sched to
skbuff core so it may be reused by upcoming ip forwarding path patch.
Signed-off-by: NFlorian Westphal <fw@strlen.de>
Acked-by: NEric Dumazet <edumazet@google.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Pull UML changes from Richard Weinberger:
 "This time only various cleanups and housekeeping patches"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/uml:
  um: hostfs: make functions static
  um: Include generic barrier.h
  um: Removed unused attributes from thread_struct

Pull MMC updates from Chris Ball:
 "MMC highlights for 3.14:

  Core:
   - Avoid get_cd() on cards marked nonremovable

  Drivers:
   - arasan: New driver for controllers found in e.g. Xilinx Zynq SoC
   - dwmmc: Support Hisilicon K3 SoC controllers
   - esdhc-imx: Support for HS200 mode, DDR modes on MX6, runtime PM
   - sdhci-pci: Support O2Micro/BayHubTech controllers used in laptops
     like Lenovo ThinkPad W540, Dell Latitude E5440, Dell Latitude E6540
   - tegra: Support Tegra124 SoCs"

* tag 'mmc-updates-for-3.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/cjb/mmc: (55 commits)
  mmc: sdhci-pci: Fix possibility of chip->fixes being null
  mmc: sdhci-pci: Fix BYT sd card getting stuck in runtime suspend
  mmc: sdhci: Allow for long command timeouts
  mmc: sdio: add a quirk for broken SDIO_CCCR_INTx polling
  mmc: sdhci: fix lockdep error in tuning routine
  mmc: dw_mmc: k3: remove clk_table
  mmc: dw_mmc: fix dw_mci_get_cd
  mmc: dw_mmc: fix sparse non static symbol warning
  mmc: sdhci-esdhc-imx: fix warning during module remove function
  mmc: sdhci-esdhc-imx: fix access hardirq-unsafe lock in atomic context
  mmc: core: sd: implement proper support for sd3.0 au sizes
  mmc: atmel-mci: add vmmc-supply support
  mmc: sdhci-pci: add broken HS200 quirk for Intel Merrifield
  mmc: sdhci: add quirk for broken HS200 support
  mmc: arasan: Add driver for Arasan SDHCI
  mmc: dw_mmc: add dw_mmc-k3 for k3 platform
  mmc: dw_mmc: use slot-gpio to handle cd pin
  mmc: sdhci-pci: add support of O2Micro/BayHubTech SD hosts
  mmc: sdhci-pci: break out definitions to header file
  mmc: tmio: fixup compile error
  ...

Conflicts:
	MAINTAINERS

Pull 9p changes from Eric Van Hensbergen:
 "Included are a new cache model for support of mmap, and several
  cleanups across the filesystem and networking portions of the code"

* tag 'for-3.14-merge-window' of git://git.kernel.org/pub/scm/linux/kernel/git/ericvh/v9fs:
  9p: update documentation
  9P: introduction of a new cache=mmap model.
  net/9p: remove virtio default hack and set appropriate bits instead
  9p: remove useless 'name' variable and assignment
  9p: fix return value in case in v9fs_fid_xattr_set()
  9p: remove useless variable and assignment
  9p: remove useless assignment
  9p: remove unused 'super_block' struct pointer
  9p: remove never used return variable
  9p: remove unused 'p9_fid' struct pointer
  9p: remove unused 'p9_client' struct pointer

On input, CHECKSUM_PARTIAL should be treated the same way as
CHECKSUM_UNNECESSARY. See include/linux/skbuff.h
Signed-off-by: NTim Smith <tim@electronghost.co.uk>
Signed-off-by: NDavid Howells <dhowells@redhat.com>

skb_kill_datagram() does not dequeue the skb when MSG_PEEK is unset.
This leaves a free'd skb on the queue, resulting a double-free later.

Without this, the following oops can occur:

BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
IP: [<ffffffff8154fcf7>] skb_dequeue+0x47/0x70
PGD 0
Oops: 0002 [#1] SMP
Modules linked in: af_rxrpc ...
CPU: 0 PID: 1191 Comm: listen Not tainted 3.12.0+ #4
Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
task: ffff8801183536b0 ti: ffff880035c92000 task.ti: ffff880035c92000
RIP: 0010:[<ffffffff8154fcf7>] skb_dequeue+0x47/0x70
RSP: 0018:ffff880035c93db8  EFLAGS: 00010097
RAX: 0000000000000246 RBX: ffff8800d2754b00 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000202 RDI: ffff8800d254c084
RBP: ffff880035c93dd0 R08: ffff880035c93cf0 R09: ffff8800d968f270
R10: 0000000000000000 R11: 0000000000000293 R12: ffff8800d254c070
R13: ffff8800d254c084 R14: ffff8800cd861240 R15: ffff880119b39720
FS:  00007f37a969d740(0000) GS:ffff88011fc00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000000000008 CR3: 00000000d4413000 CR4: 00000000000006f0
Stack:
 ffff8800d254c000 ffff8800d254c070 ffff8800d254c2c0 ffff880035c93df8
 ffffffffa041a5b8 ffff8800cd844c80 ffffffffa04385a0 ffff8800cd844cb0
 ffff880035c93e18 ffffffff81546cef ffff8800d45fea00 0000000000000008
Call Trace:
 [<ffffffffa041a5b8>] rxrpc_release+0x128/0x2e0 [af_rxrpc]
 [<ffffffff81546cef>] sock_release+0x1f/0x80
 [<ffffffff81546d62>] sock_close+0x12/0x20
 [<ffffffff811aaba1>] __fput+0xe1/0x230
 [<ffffffff811aad3e>] ____fput+0xe/0x10
 [<ffffffff810862cc>] task_work_run+0xbc/0xe0
 [<ffffffff8106a3be>] do_exit+0x2be/0xa10
 [<ffffffff8116dc47>] ? do_munmap+0x297/0x3b0
 [<ffffffff8106ab8f>] do_group_exit+0x3f/0xa0
 [<ffffffff8106ac04>] SyS_exit_group+0x14/0x20
 [<ffffffff8166b069>] system_call_fastpath+0x16/0x1b
Signed-off-by: NTim Smith <tim@electronghost.co.uk>
Signed-off-by: NDavid Howells <dhowells@redhat.com>

If rx->conn is not NULL, rxrpc_connect_exclusive() does not
acquire the transport's client lock, but it still releases it.

The patch adds locking of the spinlock to this path.

Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: NAlexey Khoroshilov <khoroshilov@ispras.ru>
Signed-off-by: NDavid Howells <dhowells@redhat.com>

The hostfs_*() callback functions are all only used within
hostfs_kern.c, so make them static.
Signed-off-by: NJames Hogan <james.hogan@imgtec.com>
Cc: Jeff Dike <jdike@addtoit.com>
Cc: Richard Weinberger <richard@nod.at>
Cc: user-mode-linux-devel@lists.sourceforge.net
Signed-off-by: NRichard Weinberger <richard@nod.at>

...to get smp_store_release().
Reported-by: NRandy Dunlap <rdunlap@infradead.org>
Signed-off-by: NRichard Weinberger <richard@nod.at>

temp_stack and mm_count have no users and can be killed.
Signed-off-by: NRichard Weinberger <richard@nod.at>